head 1.3; access; symbols pkgsrc-2026Q1:1.3.0.96 pkgsrc-2026Q1-base:1.3 pkgsrc-2025Q4:1.3.0.94 pkgsrc-2025Q4-base:1.3 pkgsrc-2025Q3:1.3.0.92 pkgsrc-2025Q3-base:1.3 pkgsrc-2025Q2:1.3.0.90 pkgsrc-2025Q2-base:1.3 pkgsrc-2025Q1:1.3.0.88 pkgsrc-2025Q1-base:1.3 pkgsrc-2024Q4:1.3.0.86 pkgsrc-2024Q4-base:1.3 pkgsrc-2024Q3:1.3.0.84 pkgsrc-2024Q3-base:1.3 pkgsrc-2024Q2:1.3.0.82 pkgsrc-2024Q2-base:1.3 pkgsrc-2024Q1:1.3.0.80 pkgsrc-2024Q1-base:1.3 pkgsrc-2023Q4:1.3.0.78 pkgsrc-2023Q4-base:1.3 pkgsrc-2023Q3:1.3.0.76 pkgsrc-2023Q3-base:1.3 pkgsrc-2023Q2:1.3.0.74 pkgsrc-2023Q2-base:1.3 pkgsrc-2023Q1:1.3.0.72 pkgsrc-2023Q1-base:1.3 pkgsrc-2022Q4:1.3.0.70 pkgsrc-2022Q4-base:1.3 pkgsrc-2022Q3:1.3.0.68 pkgsrc-2022Q3-base:1.3 pkgsrc-2022Q2:1.3.0.66 pkgsrc-2022Q2-base:1.3 pkgsrc-2022Q1:1.3.0.64 pkgsrc-2022Q1-base:1.3 pkgsrc-2021Q4:1.3.0.62 pkgsrc-2021Q4-base:1.3 pkgsrc-2021Q3:1.3.0.60 pkgsrc-2021Q3-base:1.3 pkgsrc-2021Q2:1.3.0.58 pkgsrc-2021Q2-base:1.3 pkgsrc-2021Q1:1.3.0.56 pkgsrc-2021Q1-base:1.3 pkgsrc-2020Q4:1.3.0.54 pkgsrc-2020Q4-base:1.3 pkgsrc-2020Q3:1.3.0.52 pkgsrc-2020Q3-base:1.3 pkgsrc-2020Q2:1.3.0.48 pkgsrc-2020Q2-base:1.3 pkgsrc-2020Q1:1.3.0.28 pkgsrc-2020Q1-base:1.3 pkgsrc-2019Q4:1.3.0.50 pkgsrc-2019Q4-base:1.3 pkgsrc-2019Q3:1.3.0.46 pkgsrc-2019Q3-base:1.3 pkgsrc-2019Q2:1.3.0.44 pkgsrc-2019Q2-base:1.3 pkgsrc-2019Q1:1.3.0.42 pkgsrc-2019Q1-base:1.3 pkgsrc-2018Q4:1.3.0.40 pkgsrc-2018Q4-base:1.3 pkgsrc-2018Q3:1.3.0.38 pkgsrc-2018Q3-base:1.3 pkgsrc-2018Q2:1.3.0.36 pkgsrc-2018Q2-base:1.3 pkgsrc-2018Q1:1.3.0.34 pkgsrc-2018Q1-base:1.3 pkgsrc-2017Q4:1.3.0.32 pkgsrc-2017Q4-base:1.3 pkgsrc-2017Q3:1.3.0.30 pkgsrc-2017Q3-base:1.3 pkgsrc-2017Q2:1.3.0.26 pkgsrc-2017Q2-base:1.3 pkgsrc-2017Q1:1.3.0.24 pkgsrc-2017Q1-base:1.3 pkgsrc-2016Q4:1.3.0.22 pkgsrc-2016Q4-base:1.3 pkgsrc-2016Q3:1.3.0.20 pkgsrc-2016Q3-base:1.3 pkgsrc-2016Q2:1.3.0.18 pkgsrc-2016Q2-base:1.3 pkgsrc-2016Q1:1.3.0.16 pkgsrc-2016Q1-base:1.3 pkgsrc-2015Q4:1.3.0.14 pkgsrc-2015Q4-base:1.3 pkgsrc-2015Q3:1.3.0.12 pkgsrc-2015Q3-base:1.3 pkgsrc-2015Q2:1.3.0.10 pkgsrc-2015Q2-base:1.3 pkgsrc-2015Q1:1.3.0.8 pkgsrc-2015Q1-base:1.3 pkgsrc-2014Q4:1.3.0.6 pkgsrc-2014Q4-base:1.3 pkgsrc-2014Q3:1.3.0.4 pkgsrc-2014Q3-base:1.3 pkgsrc-2014Q2:1.3.0.2 pkgsrc-2014Q2-base:1.3 pkgsrc-2014Q1:1.2.0.22 pkgsrc-2014Q1-base:1.2 pkgsrc-2013Q4:1.2.0.20 pkgsrc-2013Q4-base:1.2 pkgsrc-2013Q3:1.2.0.18 pkgsrc-2013Q3-base:1.2 pkgsrc-2013Q2:1.2.0.16 pkgsrc-2013Q2-base:1.2 pkgsrc-2013Q1:1.2.0.14 pkgsrc-2013Q1-base:1.2 pkgsrc-2012Q4:1.2.0.12 pkgsrc-2012Q4-base:1.2 pkgsrc-2012Q3:1.2.0.10 pkgsrc-2012Q3-base:1.2 pkgsrc-2012Q2:1.2.0.8 pkgsrc-2012Q2-base:1.2 pkgsrc-2012Q1:1.2.0.6 pkgsrc-2012Q1-base:1.2 pkgsrc-2011Q4:1.2.0.4 pkgsrc-2011Q4-base:1.2 pkgsrc-2011Q3:1.2.0.2 pkgsrc-2011Q3-base:1.2 pkgsrc-2011Q2:1.1.0.36 pkgsrc-2011Q2-base:1.1 pkgsrc-2011Q1:1.1.0.34 pkgsrc-2011Q1-base:1.1 pkgsrc-2010Q4:1.1.0.32 pkgsrc-2010Q4-base:1.1 pkgsrc-2010Q3:1.1.0.30 pkgsrc-2010Q3-base:1.1 pkgsrc-2010Q2:1.1.0.28 pkgsrc-2010Q2-base:1.1 pkgsrc-2010Q1:1.1.0.26 pkgsrc-2010Q1-base:1.1 pkgsrc-2009Q4:1.1.0.24 pkgsrc-2009Q4-base:1.1 pkgsrc-2009Q3:1.1.0.22 pkgsrc-2009Q3-base:1.1 pkgsrc-2009Q2:1.1.0.20 pkgsrc-2009Q2-base:1.1 pkgsrc-2009Q1:1.1.0.18 pkgsrc-2009Q1-base:1.1 pkgsrc-2008Q4:1.1.0.16 pkgsrc-2008Q4-base:1.1 pkgsrc-2008Q3:1.1.0.14 pkgsrc-2008Q3-base:1.1 cube-native-xorg:1.1.0.12 cube-native-xorg-base:1.1 pkgsrc-2008Q2:1.1.0.10 pkgsrc-2008Q2-base:1.1 cwrapper:1.1.0.8 pkgsrc-2008Q1:1.1.0.6 pkgsrc-2008Q1-base:1.1 pkgsrc-2007Q4:1.1.0.4 pkgsrc-2007Q4-base:1.1 pkgsrc-2007Q3:1.1.0.2 pkgsrc-2007Q3-base:1.1; locks; strict; comment @# @; 1.3 date 2014.06.23.22.24.24; author christos; state Exp; branches; next 1.2; commitid FWB5eQMocvgqiHFx; 1.2 date 2011.08.25.14.54.06; author hans; state Exp; branches; next 1.1; 1.1 date 2007.08.08.19.48.04; author joerg; state Exp; branches; next ; desc @@ 1.3 log @Add patches to fix the crypto build (we still don't build with crypto but now we could). @ text @$NetBSD: patch-al,v 1.2 2011/08/25 14:54:06 hans Exp $ --- ckuath.c.orig 2011-06-13 13:26:54.000000000 -0400 +++ ckuath.c 2014-06-23 18:20:26.000000000 -0400 @@@@ -117,19 +117,6 @@@@ #include #include #include -#ifndef malloc -#ifndef VMS -#ifndef FREEBSD4 -#ifndef OpenBSD -#ifdef MACOSX -#include -#else /* MACOSX */ -#include -#endif /* MACOSX */ -#endif /* OpenBSD */ -#endif /* FREEBSD4 */ -#endif /* VMS */ -#endif /* malloc */ #ifdef OS2 #include #endif /* OS2 */ @@@@ -149,7 +136,9 @@@@ #endif /* saveprintf */ #else /* HEIMDAL */ #include "krb5.h" +#ifdef BETATEST #include "profile.h" +#endif #include "com_err.h" #ifdef KRB5_GET_INIT_CREDS_OPT_TKT_LIFE #define KRB5_HAVE_GET_INIT_CREDS @@@@ -417,7 +406,6 @@@@ char des_outpkt[2*RLOG_BUFSIZ+4]; /* needs to be > largest write size */ #ifdef KRB5 krb5_data desinbuf,desoutbuf; -krb5_encrypt_block eblock; /* eblock for encrypt/decrypt */ static krb5_data encivec_i[2], encivec_o[2]; enum krb5_kcmd_proto { @@@@ -3145,8 +3133,13 @@@@ data.data = k4_session_key; data.length = 8; - code = krb5_c_decrypt(k5_context, &k4_krbkey, 0, 0, - &encdata, &data); + code = krb5_c_decrypt(k5_context, +#ifdef HEIMDAL + k4_krbkey, +#else + &k4_krbkey, +#endif + 0, 0, &encdata, &data); krb5_free_keyblock_contents(k5_context, &random_key); @@@@ -3162,8 +3155,13 @@@@ data.data = k4_challenge; data.length = 8; - code = krb5_c_decrypt(k5_context, &k4_krbkey, 0, 0, - &encdata, &data); + code = krb5_c_decrypt(k5_context, +#ifdef HEIMDAL + k4_krbkey, +#else + &k4_krbkey, +#endif + 0, 0, &encdata, &data); #else /* MIT_CURRENT */ memset(k4_sched,0,sizeof(Schedule)); ckhexdump("auth_send",cred.session,8); @@@@ -3295,7 +3293,7 @@@@ case AUTHTYPE_KERBEROS_V5: debug(F111,"auth_send KRB5","k5_auth.length",k5_auth.length); for ( i=0 ; icontents; #endif /* HEIMDAL */ } else { -#ifdef HEIMDAL switch ( k5_session_key->keytype ) { case ETYPE_DES_CBC_CRC: case ETYPE_DES_CBC_MD5: @@@@ -4934,24 +4938,17 @@@@ break; default: skey.type = SK_GENERIC; +#ifdef HEIMDAL + skey.length = k5_session_key->keyvalue.length; +#else /* HEIMDAL */ skey.length = k5_session_key->length; +#endif /* HEIMDAL */ encrypt_dont_support(ENCTYPE_DES_CFB64); encrypt_dont_support(ENCTYPE_DES_OFB64); } +#ifdef HEIMDAL skey.data = k5_session_key->keyvalue.data; #else /* HEIMDAL */ - switch ( k5_session_key->enctype ) { - case ENCTYPE_DES_CBC_CRC: - case ENCTYPE_DES_CBC_MD5: - case ENCTYPE_DES_CBC_MD4: - skey.type = SK_DES; - skey.length = 8; - default: - skey.type = SK_GENERIC; - skey.length = k5_session_key->length; - encrypt_dont_support(ENCTYPE_DES_CFB64); - encrypt_dont_support(ENCTYPE_DES_OFB64); - } skey.data = k5_session_key->contents; #endif /* HEIMDAL */ } @@@@ -5038,7 +5035,6 @@@@ skey.data = k5_session_key->contents; #endif /* HEIMDAL */ } else { -#ifdef HEIMDAL switch ( k5_session_key->keytype ) { case ETYPE_DES_CBC_CRC: case ETYPE_DES_CBC_MD5: @@@@ -5047,21 +5043,15 @@@@ skey.length = 8; default: skey.type = SK_GENERIC; +#ifdef HEIMDAL + skey.length = k5_session_key->keyvalue.length; +#else /* HEIMDAL */ skey.length = k5_session_key->length; +#endif /* HEIMDAL */ } +#ifdef HEIMDAL skey.data = k5_session_key->keyvalue.data; #else /* HEIMDAL */ - switch ( k5_session_key->enctype ) { - case ENCTYPE_DES_CBC_CRC: - case ENCTYPE_DES_CBC_MD5: - case ENCTYPE_DES_CBC_MD4: - skey.type = SK_DES; - skey.length = 8; - break; - default: - skey.type = SK_GENERIC; - skey.length = k5_session_key->length; - } skey.data = k5_session_key->contents; #endif /* HEIMDAL */ } @@@@ -5138,7 +5128,11 @@@@ } if ( msg.length == 24 && !memcmp(msg.data,tls_verify,24) ) krb5_tls_verified = 1; +#ifdef HEIMDAL + krb5_data_free(&msg); +#else /* HEIMDAL */ krb5_free_data_contents(k5_context,&msg); +#endif /* HEIMDAL */ if (krb5_tls_verified) return(AUTH_SUCCESS); } @@@@ -5166,7 +5160,7 @@@@ krb5_context context; krb5_auth_context auth_context; krb5_data *inbuf; - krb5_const_principal client; + krb5_principal client; { krb5_creds ** creds=NULL; krb5_error_code retval; @@@@ -5197,7 +5191,7 @@@@ if ((retval = krb5_cc_initialize(context, ccache, client))) return(retval); - if ((retval = krb5_rd_cred(context, auth_context, ccache, inbuf))) + if ((retval = krb5_rd_cred2(context, auth_context, ccache, inbuf))) return(retval); #else /* HEIMDAL */ if ((retval = krb5_rd_cred(context, auth_context, inbuf, &creds, NULL))) @@@@ -5472,17 +5466,17 @@@@ goto errout; } SendK5AuthSB(KRB5_TLS_VERIFY, msg.data, msg.length); +#ifdef HEIMDAL + krb5_data_free(&msg); +#else krb5_free_data_contents(k5_context,&msg); +#endif } #endif /* CK_SSL */ if ((how & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) { /* do ap_rep stuff here */ if ((r = krb5_mk_rep(k5_context, -#ifdef HEIMDAL - &auth_context, -#else /* HEIMDAL */ auth_context, -#endif /* HEIMDAL */ &outbuf))) { debug(F111,"k5_auth_is","krb5_mk_rep",r); (void) ckstrncpy(errbuf, "Make reply failed: ",sizeof(errbuf)); @@@@ -5503,7 +5497,7 @@@@ { szUserNameAuthenticated[0] = '\0'; } else { - ckstrncpy(szUserNameAuthenticated,UIDBUFLEN,name); + ckstrncpy(szUserNameAuthenticated,name,UIDBUFLEN); free(name); } } @@@@ -9687,6 +9681,7 @@@@ return(-1); } +int #ifdef CK_ANSIC ck_krb4_destroy(struct krb_op_data * op) #else @@@@ -11228,7 +11223,12 @@@@ use_ivecs = 1; - if (status = krb5_c_block_size(k5_context, k5_session_key->enctype, + if (status = krb5_c_block_size(k5_context, +#ifdef HEIMDAL + k5_session_key->keytype, +#else + k5_session_key->enctype, +#endif &blocksize)) { /* XXX what do I do? */ printf("fatal kerberos 5 crypto library error\n"); @@@@ -11309,8 +11309,7 @@@@ krb5_ap_rep_enc_part *rep_ret = NULL; krb5_data outbuf; int rc; - krb5_int32 seqno=0; - krb5_int32 server_seqno=0; + int server_seqno=0; char ** realmlist=NULL; int buflen; char tgt[256]; @@@@ -11388,7 +11387,11 @@@@ } if (krb5_rlog_ver == KCMD_OLD_PROTOCOL) +#ifdef HEIMDAL + get_cred->session.keytype=ETYPE_DES_CBC_CRC; +#else get_cred->keyblock.enctype=ENCTYPE_DES_CBC_CRC; +#endif /* Get ticket from credentials cache or kdc */ status = krb5_get_credentials(k5_context, @@@@ -11429,10 +11432,11 @@@@ krb5_boolean is_des; if (status = krb5_c_enctype_compare( k5_context, - ENCTYPE_DES_CBC_CRC, #ifdef HEIMDAL + ETYPE_DES_CBC_CRC, ret_cred->session.keytype, #else /* HEIMDAL */ + ENCTYPE_DES_CBC_CRC, ret_cred->keyblock.enctype, #endif /* HEIMDAL */ &is_des)) { @@@@ -11482,7 +11486,11 @@@@ &rep_ret, NULL ); +#ifdef HEIMDAL + krb5_data_free(&cksumdat); +#else krb5_free_data_contents(k5_context,&cksumdat); +#endif if (status) { if ( !quiet ) @@@@ -11490,12 +11498,17 @@@@ error_message(status)); if (error) { if ( !quiet ) { - printf("Server returned error code %d (%s)\r\n", - error->error, - error_message(ERROR_TABLE_BASE_krb5 + error->error)); - if (error->text.length) { - printf("Error text sent from server: %s\r\n", - error->text.data); +#ifdef HEIMDAL + int xerror = error->error_code; + char *xtext = *error->e_text; +#else + int xerror = error->error; + char *xtext = error->text.length ? error->text.data : NULL; +#endif + printf("Server returned error code %d (%s)\r\n", xerror, + error_message(ERROR_TABLE_BASE_krb5 + xerror)); + if (xtext) { + printf("Error text sent from server: %s\r\n", xtext); } } krb5_free_error(k5_context, error); @@@@ -11505,7 +11518,11 @@@@ } if (rep_ret) { +#ifdef HEIMDAL + server_seqno = *rep_ret->seq_number; +#else server_seqno = rep_ret->seq_number; +#endif krb5_free_ap_rep_enc_part(k5_context, rep_ret); } @@@@ -11834,7 +11851,11 @@@@ rd_len = (rd_len << 8) | c; if (status = krb5_c_encrypt_length(k5_context, +#ifdef HEIMDAL + k5_session_key->keytype, +#else k5_session_key->enctype, +#endif use_ivecs ? rd_len + 4 : rd_len, (size_t *)&net_len)) { errno = status; @@@@ -11865,9 +11886,15 @@@@ plain.length = sizeof(storage); plain.data = storage; - if ( status = krb5_c_decrypt(k5_context, k5_session_key, KCMD_KEYUSAGE, + if ( status = krb5_c_decrypt(k5_context, +#ifdef HEIMDAL + *k5_session_key, +#else + k5_session_key, +#endif + KCMD_KEYUSAGE, use_ivecs ? encivec_i + secondary : 0, - &cipher,&plain) ) { + &cipher,&plain) ) { /* probably out of sync */ printf("Cannot decrypt data from network: %s\r\n", error_message(status)); @@@@ -12759,8 +12786,8 @@@@ static int binaryEqual (a, b, len) -register char *a, *b; -register int len; +char *a, *b; +int len; { while (len--) if (*a++ != *b++) @ 1.2 log @Update to 9.0.302, see http://www.columbia.edu/kermit/ck90.html for more information. Tested on NetBSD-current and OpenIndiana. Support for ssl and kerberos is now available through the options framework. @ text @d1 1 a1 1 $NetBSD: patch-al,v 1.1 2007/08/08 19:48:04 joerg Exp $ d3 3 a5 3 --- ckuath.c.orig 2011-06-13 19:26:54.000000000 +0200 +++ ckuath.c 2011-08-23 10:36:18.019522988 +0200 @@@@ -117,19 +117,6 @@@@ int accept_complete = 0; d25 367 @ 1.1 log @Don't use malloc.h @ text @d1 1 a1 1 $NetBSD$ d3 3 a5 3 --- ckuath.c.orig 2007-08-08 19:27:44.000000000 +0000 +++ ckuath.c @@@@ -117,15 +117,6 @@@@ int accept_complete = 0; d13 3 d17 1 @