Sam Hartman [Sun, 14 Jan 2001 03:26:06 +0000 (03:26 +0000)]
2001-01-12 Sam Hartman <hartmans@mit.edu>
* krlogin.c: Previously, we only used TIOCGLTC on systems with
termios. This is sort of silly since its a BSD 4.[23] IOCTL. We
then go out of our way not to use it on IRIX, Solaris or HPUX. I
think all this comes about because you really want to use BSD
IOCTLS on Sunos rather than termios. I propose to do that and
never use BSD IOCTLs on Sunos.
Ken Raeburn [Fri, 8 Dec 2000 04:48:24 +0000 (04:48 +0000)]
* k5seal.c (make_seal_token_v1): Use ANSI-style definition, instead of K&R plus
prototype. Don't use too-big numbers even as placeholders.
* accept_sec_context.c (rd_and_store_for_creds): After creating an auth
context, set flags to require sequence numbers.
(krb5_gss_accept_sec_context): Likewise.
* init_sec_context.c (krb5_gss_init_sec_context): Likewise.
(thanks to assar for noticing this)
Ken Raeburn [Wed, 6 Dec 2000 08:47:11 +0000 (08:47 +0000)]
Remove a bunch of macro definitions we don't use.
Run lclint on t_com_err test case; tune options; more annotations.
Use <com_err.h> instead of duplicated definitions in generated files.
Rebuild Perl versions of awk scripts for generating files.
Dump K&R C support, assume C89/C++.
Ken Raeburn [Tue, 5 Dec 2000 23:17:28 +0000 (23:17 +0000)]
* aclocal.m4 (KRB5_AC_INET6): Look for netdb.h.
(KRB5_AC_CHECK_INET6): Require <netinet/in.h>, <netdb.h>, inet_ntop,
getaddrinfo, AF_INET6, several NI_* macros, AI_ADDRCONFIG, and AI_NUMERICHOST.
This should be a reasonable test for conformance to certain parts of RFC2553,
giving us reasonable generic sockaddr/hostname processing.
* cr_auth_repl.c: Audit. Fix up copyright. Use new KRB4_PUT*
macros for encoding so output is always big-endian. Precompute
string lengths for better length-checking.
* cr_ciph.c: Audit. Fix up copyright. Use new KRB4_PUT* macros
for encoding so that output is always big-endian. Precompute
string lengths for better length-checking. Zero out the key
schedule after encrypting.
* cr_death_pkt.c: Audit. Fix up copyright. Precompute string
lengths for better length-checking.
* cr_err_repl.c: Audit. Fix up copyright. Use moving pointer to
do encoding. Precompute string lengths for better
length-checking. Use KRB4_PUT* macros so that output is always
big-endian.
* cr_tkt.c: Audit. Fix up copyright. Use KRB4_PUT* macros for
encoding so that output is always big-endian. Zero out the key
schedule after encrypting.
* decomp_tkt.c: Audit. Fix up copyright. Use krb_strnlen() for
actually detecting string length errors. Use a struct in_addr to
retrieve the IP address and assign it to paddress for return. Use
KRB4_GET* macros for decoding to avoid byteswapping problems.
Zero out session key and decrypted ticket on error.
* g_ad_tkt.c: Audit. Fix up copyright. Break out parsing of
decrypted KDC reply packet into a separate function to simplify
error handling somewhat. Precompute string lengths for better
length-checking. Use KRB4_PUT* macros for encoding so that output
is always big-endian. Use KRB4_GET* macros for decoding to avoid
byteswapping problems. Stomp on session key on error conditions.
* g_in_tkt.c: Audit. Fix up copyright. Precompute string lengths
for better length-checking. Use KRB4_PUT* macros for encoding so
output is always big-endian. Use KRB4_GET* macros for decoding to
avoid byteswapping problems. Use krb_strnlen() to actually detect
string length errors. Zero out session key and decrypted KDC
reply once they're no longer useful.
* mk_auth.c: Audit. Fix up copyright. Use moving pointer for
encoding. Use KRB4_PUT* macros for encoding to avoid alignment
issues with using memcpy(). Use KRB4_GET* macros for decoding to
avoid alignment issues with using memcpy().
* mk_err.c: Audit. Fix up copyright. Precompute string length.
Use KRB4_PUT* macros to always encode as big-endian.
* mk_preauth.c: Audit. Zero out key schedule after encryption.
* mk_priv.c: Audit. Fix up copyright. Use KRB4_PUT* macros for
encoding so output is always big-endian.
* mk_req.c: Audit. Fix up copyright. Use moving pointer for
encoding. Precompute string lengths for better length-checking.
Use KRB4_PUT* macros for encoding so output is always big-endian.
Zero out session key after encryption.
* mk_safe.c: Audit. Fix up copyright. Use KRB4_PUT* macros for
encoding so output is always big-endian.
* rd_err.c: Audit. Fix up copyright. Use KRB4_GET* macros to
avoid alignment issues.
* rd_preauth.c: Audit. Zero key schedule after decrypting.
* rd_priv.c: Audit. Fix up copyright. Use KRB4_GET* macros to
avoid alignment issues.
* rd_req.c: Audit. Fix up copyright.
* send_to_kdc.c (send_recv): Actually set rpkt->length, since some
callers actually use it now to do length-checking.
* strnlen.c: New file; compute string length, bounded by a
maximum. If the maximum number of characters has been read
without encountering a NUL character, return -1. This makes
overflow checking of strings in buffers much easier.
Tom Yu [Wed, 8 Nov 2000 23:13:13 +0000 (23:13 +0000)]
* des.h: Change to make KRB4_32 an int if it's at least 32 bits
wide, else a long. This is a change from previously where it was
a long except on the alpha. We may want to rethink this if there
are binary compat issues that result. Also, define DES_INT32 as
KRB4_INT32.
* krb.h: Add new macros KRB4_PUT32, KRB4_PUT16 which
unconditionally encode integers by bytes as big-endian. Add new
macros KRB4_GET32BE, KRB4_GET32LE, KRB4_GET32, KRB4_GET16BE,
KRB4_GET16LE, KRB4_GET16 to retrieve integers by bytes. Add
prototype for krb_strnlen.
Ken Raeburn [Wed, 8 Nov 2000 05:46:18 +0000 (05:46 +0000)]
Test out lclint and its4 on com_err library. One lclint error left on Solaris,
due to deficiencies in lclint. Its4 chokes in parser.
* com_err.h (struct error_table): Annotate MSGS as pointing to 'shared' data.
(error_message): Returned data is 'observer' and 'dependent'; modifies internal
state.
* com_err.c (default_com_err_proc): Cast various return values to void.
(reset_com_err_hook): Use NULL, not 0.
(com_err_hook): Annotate as 'null'.
* error_table.h (_et_list): Annotate as 'null' and 'dependent'.
(struct et_list): Annotate NEXT as 'dependent' and 'null', and TABLE as
'dependent'.
(struct dynamic_et_list): Duplicate et_list definition, except NEXT is
annotated as 'only' instead of 'dependent'.
(error_table_name, error_table_name_r): Annotate for lclint.
* et_h.awk: Add lclint annotations for initialize_* functions.
* error_message.c (_et_list): Can be 'null'.
(error_message): Explicitly compare against zero. Cast strerror arg to int.
(et_list_dynamic): New variable, for dynamically allocated list elements;
_et_list is now for statically allocated elements only.
(add_error_table, remove_error_table): Check both lists.
* et_name.c (error_table_name, error_table_name_r): Annotate for lclint.
* init_et.c (et_add_error_table): Change "link" to "e" to avoid confusion with
C library function in analysis tools.
* et1.et, et2.et, t_com_err.c: New files. Exercise addition and removal of
error tables from list, using both interfaces.
* Makefile.in (LCLINT, LCLINTOPTS, ITS4, ITS4OPTS): New variables.
(do-lclint, do-its4, et1.o, et2.o, t_com_err.o, t_com_err): New targets. Not
automatically invoked at present.
(FILES): Updated.
Ezra Peisach [Wed, 1 Nov 2000 18:36:12 +0000 (18:36 +0000)]
* reconf: Rework syntax to detect version numbers of newer
autoconf versions. For autoconf > 2.19, we need to pass an
absolute path for the localdir to autoreconf.
Ezra Peisach [Wed, 1 Nov 2000 15:22:43 +0000 (15:22 +0000)]
* aclocal.m4 (V5_SET_TOPDIR): In newer versions of autoconf
(2.49), AC_LOCALDIR is not set by the reconfiguration process. If
AC_LOCALDIR is not set, try to find the top of the tree by looking
for aclocal.m4. If aclocal.m4 ever exists in a subdir, we will
need to redo this test.
* aclocal.m4: Upgrade to autoconf 2 naming schemes - AC_C_CONST,
AC_CHECK_HEADER, AC_PROG_LN_S, AC_MSG_ERROR instead of AC_CONST,
AC_HEADER_CHECK, AC_LN_S, AC_ERROR. Use AC_DEFUN instead of
define() for macro definitions and better quoting of macros within
macros.
Ezra Peisach [Wed, 1 Nov 2000 15:10:10 +0000 (15:10 +0000)]
* configure.in: Update to autoconf 2 macro names:
AC_FORK->AC_FUNC_VFORK, AC_CONST->AC_C_CONST, AC_HEADER_CHECK ->
AC_CHECK_HEADER. In addition, conditionally use internal
AC_PROG_ECHO_N (autoconf 2.12) or _AC_PROG_ECHO (autoconf 2.49)
depending on which is defined.
Ezra Peisach [Wed, 1 Nov 2000 15:05:53 +0000 (15:05 +0000)]
* configure.in: Use AC_CHECK_FUNCS, AC_CHECK_HEADERS, AC_C_CONST
instead of the older names AC_HAVE_FUNCS, AC_HEADER_CHECK,
AC_CONST. Consolidate use of function testing macros.
Ezra Peisach [Wed, 1 Nov 2000 14:46:57 +0000 (14:46 +0000)]
* configure.in: Quote macro use inside AC_CHECK_LIB. Change
AC_FUNC_CHECK to AC_CHECK_FUNC, AC_HAVE_FUNCS to AC_CHECK_FUNCS
and AC_HEADER_CHECK to AC_CHECK_HEADER..
Ezra Peisach [Wed, 1 Nov 2000 14:43:36 +0000 (14:43 +0000)]
* configure.in (AC_COMPILE_TYPE): Declare with AC_DEFUN() instead
of define() as newer versions of autoconf check for AC_REQUIRE use
outside of AC_DEFUN.
Ezra Peisach [Wed, 1 Nov 2000 14:39:30 +0000 (14:39 +0000)]
* configure.in: Change AC_CONST to AC_C_CONST, AC_HEADER_EGREP to
AC_EGREP_HEADER, AC_HAVE_HEADERS to AC_CHECK_HEADERS. Updates to
autoconf 2 namespace.
Ezra Peisach [Tue, 31 Oct 2000 17:37:48 +0000 (17:37 +0000)]
* aclocal.m4 (AC_LIBRARY_NET): Newer versions of autoconf are more
sensative to using macros within macros without quoting. Quote
AC_CHECK_LIB calls within AC_CHECK_LIB macro.
Tom Yu [Tue, 31 Oct 2000 00:33:00 +0000 (00:33 +0000)]
* cc_stdio.c: Add a "mode" field to krb5_scc_data to keep track of
what mode the file was opened in.
(krb5_scc_close_file): Ignore EBADF from fflush() if the file was
opened for readonly access. For some reason NetBSD's fflush()
exhibits this behavior.
(krb5_scc_open_file): Save the mode with which the file was opened
in data->mode.
Ezra Peisach [Fri, 27 Oct 2000 14:55:49 +0000 (14:55 +0000)]
* reconf: Pass "-m util/autoconf" to autoreconf only if we are
using the source trees version of autoconf.
If we trust the installed version of autoconf, we should use their macros.
Performance boost of 2x in autoconfing the tree through use of frozen
m4 files.
Tom Yu [Thu, 26 Oct 2000 23:01:49 +0000 (23:01 +0000)]
* krb5_decode_test.c (main): Add new test cases for indefinite
length ticket and as_rep. Fix up calls to decode_run() to have
the modifier be in the description parameter.
Tom Yu [Thu, 26 Oct 2000 22:58:13 +0000 (22:58 +0000)]
* asn1buf.c (asn1buf_sync): Add new arguments to include the full
complement of data about a prefetched tag, as well as to indicate
whether the prefetched tag or the surrounding sequence is of an
indefinite length.
(asn1buf_skiptail): Add new arguments to indicate whether the
prefetched tag is indefinite, as well as its length. This
facilitates proper skipping of trailing garbage.
(asn1buf_remains): Add new argument to indicate whether the
surrounding encoding is indefinite. Don't advance buf->next if an
EOC encoding is detected; the caller will do that.
* asn1buf.h: Update prototypes.
* asn1_get.c (asn1_get_tag_indef): Don't treat EOC encoding as
special anymore, since previous behavior was overloading the
tag number in a bad way. Also, report a MISMATCH_INDEF error if
the tag encoding is for the forbidden primitive constructed
encoding.
* asn1_k_decode.c (next_tag): Call get_tag_indef() in order to get
information about whether the length is indefinite. Don't check
the tag class and construction explicitly.
(get_eoc): New macro to get a tag and check if it is an EOC
encoding.
(get_field, opt_field): Move the check for the tag class and
construction to here.
(get_field_body, get_lenfield_body): Call get_eoc() instead of
next_tag() if we are decoding a constructed indefinite encoding.
(begin_structure): Use a different variable to indicate whether
the sequence is indefinite as opposed to whether an individual
field is indefinite.
(end_structure): Update to new calling convention of
asn1buf_sync().
(sequence_of): Rewrite significantly.
(sequence_of_common): Move the bulk of previous sequence_of()
macro to here. Does not declare some variables that sequence_of()
declares.
(sequence_of_no_tagvars): Similar to sequence_of() macro but
declares different variables for the purpose of prefetching the
final tag.
(end_sequence_of_no_tagvars): Similar to end_sequence_of() macro
but uses variables declared by the sequence_of_no_tagvars() macro
to prefetch the final tag.
(asn1_decode_principal_name): Update for new asn1buf_remains()
calling convention. Call sequence_of_no_tagvars(), etc. instead
of sequence_of(), etc. in order to not declare shadowing
block-local variables.
(decode_array_body): Update for new asn1buf_remains() calling
convention.
(asn1_decode_sequence_of_enctype): Update for new
asn1buf_remains() calling convention.
* krb5_decode.c (next_tag): Call get_tag_indef() in order to get
information about whether the length is indefinite. Don't check
the tag class and construction explicitly.
(get_eoc): New macro to get a tag and check if it is an EOC
encoding.
(get_field, opt_field): Move the check for the tag class and
construction to here.
(get_field_body, get_lenfield_body): Call get_eoc() instead of
next_tag() if we are decoding a constructed indefinite encoding.
(begin_structure): Use a different variable to indicate whether
the sequence is indefinite as opposed to whether an individual
field is indefinite.
(end_structure): Update to new calling convention of
asn1buf_sync().
* ser_adata.c, ser_addr.c, ser_auth.c, ser_cksum.c, ser_key.c,
ser_princ.c: Include int-proto.h for prototypes.
By moving the prototypes to int-proto.h, it ndles the gcc warning
on missing prototypes. These functions are intenal and all used by
krb5_ser_auth_context_init()
Ezra Peisach [Wed, 18 Oct 2000 13:58:17 +0000 (13:58 +0000)]
* library.tex: Update to latex2e. Include krb5idx.sty
* Makefile (lib1.stamp): Use makeindex to generate index instead
of an antiquated texindex program - which is not the same texindex
as in the texinfo package.
* krb5idx.sty: Style for generating indexes. Provides definitions
for use with krb5.ist.
Ezra Peisach [Tue, 17 Oct 2000 23:05:24 +0000 (23:05 +0000)]
* ktest.c (ktest_make_sample_etype_info): Use KRB5_ETYPE_NO_SALT
instead of -1.
* ktest_equal.c (ktest_equal_krb5_etype_info_entry): Test for
KRB5_ETYPE_NO_SALT. ktest_equal_array_of_octet() and
ktest_equal_array_of_char take unsigned int lengths.
* ktest_equal.h: Add len_unsigned_array macro for a prototype of a
function taking an unsigned int
count. ktest_equal_array_of_octet() is one of
these. ktest_equal_array_of_char() takes an unsigned int as
length.
* trval.c (trval): Unsigned/signed int fix.
* utility.c (asn1_krb5_data_unparse): Better test for krb5_data
length being less than zero.
Ezra Peisach [Tue, 17 Oct 2000 23:03:59 +0000 (23:03 +0000)]
* kdc_preauth.c (get_etype_info): Initialize length of
etype_info_entry to KRB5_ETYPE_NO_SALT. Before copying salt into
etype_info_entry, test that salt length (from get_salt_from_key())
is not SALT_TYPE_NO_LENGTH.
* kdc_util.c (get_salt_from_key): Initialize salt type to
SALT_TYPE_NO_LENGTH (instead of -1).
* network.c (process_packet): Cast length in sendto() call to int.