diff options
Diffstat (limited to 'usr/src/lib')
19 files changed, 1879 insertions, 16 deletions
diff --git a/usr/src/lib/Makefile b/usr/src/lib/Makefile index 0865e0328f..a46006f5d5 100644 --- a/usr/src/lib/Makefile +++ b/usr/src/lib/Makefile @@ -137,6 +137,7 @@ SUBDIRS += \ nametoaddr \ ncad_addr \ gss_mechs/mech_krb5 .WAIT \ + libkrb5 .WAIT \ krb5 .WAIT $(CLOSED_BUILD)SUBDIRS += \ $(CLOSED)/lib/smartcard @@ -369,6 +370,7 @@ HDRSUBDIRS= libaio \ fm \ udapl \ libmapid \ + libkrb5 \ $($(MACH)_HDRSUBDIRS) $(CLOSED_BUILD)HDRSUBDIRS += \ diff --git a/usr/src/lib/gss_mechs/mech_krb5/Makefile.com b/usr/src/lib/gss_mechs/mech_krb5/Makefile.com index 2045938977..963e451194 100644 --- a/usr/src/lib/gss_mechs/mech_krb5/Makefile.com +++ b/usr/src/lib/gss_mechs/mech_krb5/Makefile.com @@ -28,7 +28,7 @@ CRYPTO = cksumtype_to_string.o \ keyed_checksum_types.o keyed_cksum.o \ make_random_key.o string_to_cksumtype.o \ string_to_enctype.o string_to_key.o valid_cksumtype.o \ - valid_enctype.o pkcs11slot.o state.o pbkdf2.o + valid_enctype.o pkcs11slot.o state.o pbkdf2.o old_api_glue.o CRYPTO_UTS= cksumtypes.o decrypt.o encrypt.o encrypt_length.o \ etypes.o nfold.o verify_checksum.o default_state.o \ @@ -115,7 +115,8 @@ K5_KRB= addr_comp.o addr_order.o addr_srch.o \ recvauth.o send_tgs.o sendauth.o srv_rcache.o str_conv.o \ tgtname.o valid_times.o walk_rtree.o appdefault.o deltat.o \ enc_helper.o gic_keytab.o gic_opt.o gic_pwd.o preauth2.o \ - vfy_increds.o vic_opt.o krb5_libinit.o + vfy_increds.o vic_opt.o krb5_libinit.o chpw.o \ + init_keyblock.o init_allocated_keyblock.o get_set_keyblock.o K5_KRB_UTS= copy_athctr.o copy_auth.o copy_cksum.o copy_key.o \ copy_princ.o init_ctx.o kfree.o parse.o ser_actx.o \ @@ -131,7 +132,7 @@ K5_OS= an_to_ln.o def_realm.o ccdefname.o free_krbhs.o free_hstrl.o \ read_msg.o read_pwd.o realm_dom.o sendto_kdc.o sn2princ.o \ unlck_file.o ustime.o write_msg.o safechown.o \ prompter.o realm_iter.o foreachaddr.o \ - dnsglue.o dnssrv.o thread_safe.o + dnsglue.o dnssrv.o thread_safe.o changepw.o K5_OS_UTS=init_os_ctx.o timeofday.o toffset.o c_ustime.o diff --git a/usr/src/lib/gss_mechs/mech_krb5/crypto/old_api_glue.c b/usr/src/lib/gss_mechs/mech_krb5/crypto/old_api_glue.c new file mode 100644 index 0000000000..aaa411544f --- /dev/null +++ b/usr/src/lib/gss_mechs/mech_krb5/crypto/old_api_glue.c @@ -0,0 +1,68 @@ +/* + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Use is subject to license terms. + */ + +#pragma ident "%Z%%M% %I% %E% SMI" + +/* + * Copyright (C) 1998 by the FundsXpress, INC. + * + * All rights reserved. + * + * Export of this software from the United States of America may require + * a specific license from the United States Government. It is the + * responsibility of any person or organization contemplating export to + * obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of FundsXpress. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. FundsXpress makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + */ + +#include "k5-int.h" + +/* + * Solaris Kerberos + * krb5_string_to_key/krb5_use_enctype are needed by Samba + */ + +krb5_error_code KRB5_CALLCONV +krb5_string_to_key(krb5_context context, const krb5_encrypt_block *eblock, + krb5_keyblock *keyblock, const krb5_data *data, + const krb5_data *salt) +{ + return(krb5_c_string_to_key(context, eblock->crypto_entry, data, salt, + keyblock)); +} + +krb5_error_code KRB5_CALLCONV +krb5_use_enctype(krb5_context context, krb5_encrypt_block *eblock, + krb5_enctype enctype) +{ + eblock->crypto_entry = enctype; + + return(0); +} + +size_t KRB5_CALLCONV +krb5_checksum_size(krb5_context context, krb5_cksumtype ctype) +{ + size_t ret; + + if (krb5_c_checksum_length(context, ctype, &ret)) + return(-1); /* XXX */ + + return(ret); +} diff --git a/usr/src/lib/gss_mechs/mech_krb5/include/com_err.h b/usr/src/lib/gss_mechs/mech_krb5/include/com_err.h index 5042f46836..e32d283aba 100644 --- a/usr/src/lib/gss_mechs/mech_krb5/include/com_err.h +++ b/usr/src/lib/gss_mechs/mech_krb5/include/com_err.h @@ -1,4 +1,9 @@ /* + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Use is subject to license terms. + */ + +/* * Header file for common error description library. * * Copyright 1988, Student Information Processing Board of the @@ -48,12 +53,16 @@ extern void KRB5_CALLCONV com_err_va extern /*@observer@*//*@dependent@*/ const char * KRB5_CALLCONV error_message (errcode_t) /*@modifies internalState@*/; -extern errcode_t KRB5_CALLCONV add_error_table - (/*@dependent@*/ const struct error_table *) - /*@modifies internalState@*/; -extern errcode_t KRB5_CALLCONV remove_error_table - (const struct error_table *) - /*@modifies internalState@*/; + +/* + * Solaris Kerberos + * {add_,remove_}error_table have been removed here as they don't exist + * in the Solaris mech. + * + * initialize_krb5_error_table is not be needed anymore but Samba still + * calls it so we make it a no-op. + */ +#define initialize_krb5_error_table() #if !defined(_WIN32) /* diff --git a/usr/src/lib/gss_mechs/mech_krb5/include/profile.h b/usr/src/lib/gss_mechs/mech_krb5/include/profile.h index 1aabcc8b8b..1882a09a11 100644 --- a/usr/src/lib/gss_mechs/mech_krb5/include/profile.h +++ b/usr/src/lib/gss_mechs/mech_krb5/include/profile.h @@ -1,5 +1,5 @@ /* - * Copyright 2005 Sun Microsystems, Inc. All rights reserved. + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -12,9 +12,6 @@ #ifndef _KRB5_PROFILE_H #define _KRB5_PROFILE_H -/* SUNW14resync */ -#include "../profile/prof_err.h" - #if defined(_WIN32) #include <win-mac.h> #endif @@ -133,3 +130,47 @@ long KRB5_CALLCONV profile_add_relation #endif /* __cplusplus */ #endif /* _KRB5_PROFILE_H */ + +/* + * ettmp22072.h: + * This file is automatically generated; please do not edit it. + */ + +#include <com_err.h> + +#define PROF_VERSION (-1429577728L) +#define PROF_MAGIC_NODE (-1429577727L) +#define PROF_NO_SECTION (-1429577726L) +#define PROF_NO_RELATION (-1429577725L) +#define PROF_ADD_NOT_SECTION (-1429577724L) +#define PROF_SECTION_WITH_VALUE (-1429577723L) +#define PROF_BAD_LINK_LIST (-1429577722L) +#define PROF_BAD_GROUP_LVL (-1429577721L) +#define PROF_BAD_PARENT_PTR (-1429577720L) +#define PROF_MAGIC_ITERATOR (-1429577719L) +#define PROF_SET_SECTION_VALUE (-1429577718L) +#define PROF_EINVAL (-1429577717L) +#define PROF_READ_ONLY (-1429577716L) +#define PROF_SECTION_NOTOP (-1429577715L) +#define PROF_SECTION_SYNTAX (-1429577714L) +#define PROF_RELATION_SYNTAX (-1429577713L) +#define PROF_EXTRA_CBRACE (-1429577712L) +#define PROF_MISSING_OBRACE (-1429577711L) +#define PROF_MAGIC_PROFILE (-1429577710L) +#define PROF_MAGIC_SECTION (-1429577709L) +#define PROF_TOPSECTION_ITER_NOSUPP (-1429577708L) +#define PROF_INVALID_SECTION (-1429577707L) +#define PROF_END_OF_SECTIONS (-1429577706L) +#define PROF_BAD_NAMESET (-1429577705L) +#define PROF_NO_PROFILE (-1429577704L) +#define PROF_MAGIC_FILE (-1429577703L) +#define PROF_FAIL_OPEN (-1429577702L) +#define PROF_EXISTS (-1429577701L) +#define PROF_BAD_BOOLEAN (-1429577700L) +#define PROF_BAD_INTEGER (-1429577699L) +#define PROF_MAGIC_FILE_DATA (-1429577698L) + +#define ERROR_TABLE_BASE_prof (-1429577728L) + +/* for compatibility with older versions... */ +#define prof_err_base ERROR_TABLE_BASE_prof diff --git a/usr/src/lib/gss_mechs/mech_krb5/krb5/krb/chpw.c b/usr/src/lib/gss_mechs/mech_krb5/krb5/krb/chpw.c new file mode 100644 index 0000000000..f964132e87 --- /dev/null +++ b/usr/src/lib/gss_mechs/mech_krb5/krb5/krb/chpw.c @@ -0,0 +1,522 @@ +/* + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Use is subject to license terms. + */ + +#pragma ident "%Z%%M% %I% %E% SMI" + +/* +** set password functions added by Paul W. Nelson, Thursby Software Systems, Inc. +*/ +#include <string.h> + +#include "k5-int.h" +/* #include "krb5_err.h" gtb */ +#include "auth_con.h" + + +krb5_error_code +krb5int_mk_chpw_req(krb5_context context, krb5_auth_context auth_context, krb5_data *ap_req, char *passwd, krb5_data *packet) +{ + krb5_error_code ret = 0; + krb5_data clearpw; + krb5_data cipherpw; + krb5_replay_data replay; + char *ptr; + + cipherpw.data = NULL; + + if ((ret = krb5_auth_con_setflags(context, auth_context, + KRB5_AUTH_CONTEXT_DO_SEQUENCE))) + goto cleanup; + + clearpw.length = strlen(passwd); + clearpw.data = passwd; + + if ((ret = krb5_mk_priv(context, auth_context, + &clearpw, &cipherpw, &replay))) + goto cleanup; + + packet->length = 6 + ap_req->length + cipherpw.length; + packet->data = (char *) malloc(packet->length); + if (packet->data == NULL) + { + ret = ENOMEM; + goto cleanup; + } + ptr = packet->data; + + /* length */ + + *ptr++ = (packet->length>>8) & 0xff; + *ptr++ = packet->length & 0xff; + + /* version == 0x0001 big-endian */ + + *ptr++ = 0; + *ptr++ = 1; + + /* ap_req length, big-endian */ + + *ptr++ = (ap_req->length>>8) & 0xff; + *ptr++ = ap_req->length & 0xff; + + /* ap-req data */ + + memcpy(ptr, ap_req->data, ap_req->length); + ptr += ap_req->length; + + /* krb-priv of password */ + + memcpy(ptr, cipherpw.data, cipherpw.length); + +cleanup: + if(cipherpw.data != NULL) /* allocated by krb5_mk_priv */ + free(cipherpw.data); + + return(ret); +} + +krb5_error_code +krb5int_rd_chpw_rep(krb5_context context, krb5_auth_context auth_context, krb5_data *packet, int *result_code, krb5_data *result_data) +{ + char *ptr; + int plen, vno; + krb5_data ap_rep; + krb5_ap_rep_enc_part *ap_rep_enc; + krb5_error_code ret; + krb5_data cipherresult; + krb5_data clearresult; + krb5_error *krberror; + krb5_replay_data replay; + krb5_keyblock *tmp; + + if (packet->length < 4) + /* either this, or the server is printing bad messages, + or the caller passed in garbage */ + return(KRB5KRB_AP_ERR_MODIFIED); + + ptr = packet->data; + + /* verify length */ + + plen = (*ptr++ & 0xff); + plen = (plen<<8) | (*ptr++ & 0xff); + + if (plen != packet->length) + return(KRB5KRB_AP_ERR_MODIFIED); + + /* verify version number */ + + vno = (*ptr++ & 0xff); + vno = (vno<<8) | (*ptr++ & 0xff); + + if (vno != 1) + return(KRB5KDC_ERR_BAD_PVNO); + + /* read, check ap-rep length */ + + ap_rep.length = (*ptr++ & 0xff); + ap_rep.length = (ap_rep.length<<8) | (*ptr++ & 0xff); + + if (ptr + ap_rep.length >= packet->data + packet->length) + return(KRB5KRB_AP_ERR_MODIFIED); + + if (ap_rep.length) { + /* verify ap_rep */ + ap_rep.data = ptr; + ptr += ap_rep.length; + + /* + * Save send_subkey to later smash recv_subkey. + */ + ret = krb5_auth_con_getsendsubkey(context, auth_context, &tmp); + if (ret) + return ret; + + ret = krb5_rd_rep(context, auth_context, &ap_rep, &ap_rep_enc); + if (ret) { + krb5_free_keyblock(context, tmp); + return(ret); + } + + krb5_free_ap_rep_enc_part(context, ap_rep_enc); + + /* extract and decrypt the result */ + + cipherresult.data = ptr; + cipherresult.length = (packet->data + packet->length) - ptr; + + /* + * Smash recv_subkey to be send_subkey, per spec. + */ + ret = krb5_auth_con_setrecvsubkey(context, auth_context, tmp); + krb5_free_keyblock(context, tmp); + if (ret) + return ret; + + ret = krb5_rd_priv(context, auth_context, &cipherresult, &clearresult, + &replay); + + if (ret) + return(ret); + } else { + cipherresult.data = ptr; + cipherresult.length = (packet->data + packet->length) - ptr; + + if ((ret = krb5_rd_error(context, &cipherresult, &krberror))) + return(ret); + + clearresult = krberror->e_data; + } + + if (clearresult.length < 2) { + ret = KRB5KRB_AP_ERR_MODIFIED; + goto cleanup; + } + + ptr = clearresult.data; + + *result_code = (*ptr++ & 0xff); + *result_code = (*result_code<<8) | (*ptr++ & 0xff); + + if ((*result_code < KRB5_KPASSWD_SUCCESS) || + (*result_code > KRB5_KPASSWD_INITIAL_FLAG_NEEDED)) { + ret = KRB5KRB_AP_ERR_MODIFIED; + goto cleanup; + } + + /* all success replies should be authenticated/encrypted */ + + if ((ap_rep.length == 0) && (*result_code == KRB5_KPASSWD_SUCCESS)) { + ret = KRB5KRB_AP_ERR_MODIFIED; + goto cleanup; + } + + result_data->length = (clearresult.data + clearresult.length) - ptr; + + if (result_data->length) { + result_data->data = (char *) malloc(result_data->length); + if (result_data->data == NULL) { + ret = ENOMEM; + goto cleanup; + } + memcpy(result_data->data, ptr, result_data->length); + } else { + result_data->data = NULL; + } + + ret = 0; + +cleanup: + if (ap_rep.length) { + krb5_xfree(clearresult.data); + } else { + krb5_free_error(context, krberror); + } + + return(ret); +} + +krb5_error_code KRB5_CALLCONV +krb5_chpw_result_code_string(krb5_context context, int result_code, char **code_string) +{ + switch (result_code) { + case KRB5_KPASSWD_MALFORMED: + *code_string = "Malformed request error"; + break; + case KRB5_KPASSWD_HARDERROR: + *code_string = "Server error"; + break; + case KRB5_KPASSWD_AUTHERROR: + *code_string = "Authentication error"; + break; + case KRB5_KPASSWD_SOFTERROR: + *code_string = "Password change rejected"; + break; + default: + *code_string = "Password change failed"; + break; + } + + return(0); +} + +krb5_error_code +krb5int_mk_setpw_req( + krb5_context context, + krb5_auth_context auth_context, + krb5_data *ap_req, + krb5_principal targprinc, + char *passwd, + krb5_data *packet ) +{ + krb5_error_code ret; + krb5_data cipherpw; + krb5_data *encoded_setpw; + + char *ptr; + + cipherpw.data = NULL; + cipherpw.length = 0; + + if ((ret = krb5_auth_con_setflags(context, auth_context, + KRB5_AUTH_CONTEXT_DO_SEQUENCE))) + return(ret); + + ret = encode_krb5_setpw_req(targprinc, passwd, &encoded_setpw); + if (ret) { + return ret; + } + + if ( (ret = krb5_mk_priv(context, auth_context, encoded_setpw, &cipherpw, NULL)) != 0) { + krb5_free_data( context, encoded_setpw); + return(ret); + } + krb5_free_data( context, encoded_setpw); + + + packet->length = 6 + ap_req->length + cipherpw.length; + packet->data = (char *) malloc(packet->length); + if (packet->data == NULL) { + ret = ENOMEM; + goto cleanup; + } + ptr = packet->data; +/* +** build the packet - +*/ +/* put in the length */ + *ptr++ = (packet->length>>8) & 0xff; + *ptr++ = packet->length & 0xff; +/* put in the version */ + *ptr++ = (char)0xff; + *ptr++ = (char)0x80; +/* the ap_req length is big endian */ + *ptr++ = (ap_req->length>>8) & 0xff; + *ptr++ = ap_req->length & 0xff; +/* put in the request data */ + memcpy(ptr, ap_req->data, ap_req->length); + ptr += ap_req->length; +/* +** put in the "private" password data - +*/ + memcpy(ptr, cipherpw.data, cipherpw.length); + ret = 0; + cleanup: + if (cipherpw.data) + krb5_free_data_contents(context, &cipherpw); + if ((ret != 0) && packet->data) { + free( packet->data); + packet->data = NULL; + } + return ret; +} + +krb5_error_code +krb5int_rd_setpw_rep( krb5_context context, krb5_auth_context auth_context, krb5_data *packet, + int *result_code, krb5_data *result_data ) +{ + char *ptr; + unsigned int message_length, version_number; + krb5_data ap_rep; + krb5_ap_rep_enc_part *ap_rep_enc; + krb5_error_code ret; + krb5_data cipherresult; + krb5_data clearresult; + krb5_keyblock *tmpkey; +/* +** validate the packet length - +*/ + if (packet->length < 4) + return(KRB5KRB_AP_ERR_MODIFIED); + + ptr = packet->data; + +/* +** see if it is an error +*/ + if (krb5_is_krb_error(packet)) { + krb5_error *krberror; + if ((ret = krb5_rd_error(context, packet, &krberror))) + return(ret); + if (krberror->e_data.data == NULL) { + ret = ERROR_TABLE_BASE_krb5 + (krb5_error_code) krberror->error; + krb5_free_error(context, krberror); + return (ret); + } + clearresult = krberror->e_data; + krberror->e_data.data = NULL; /*So we can free it later*/ + krberror->e_data.length = 0; + krb5_free_error(context, krberror); + + } else { /* Not an error*/ + +/* +** validate the message length - +** length is big endian +*/ + message_length = (((ptr[0] << 8)&0xff) | (ptr[1]&0xff)); + ptr += 2; +/* +** make sure the message length and packet length agree - +*/ + if (message_length != packet->length) + return(KRB5KRB_AP_ERR_MODIFIED); +/* +** get the version number - +*/ + version_number = (((ptr[0] << 8)&0xff) | (ptr[1]&0xff)); + ptr += 2; +/* +** make sure we support the version returned - +*/ +/* +** set password version is 0xff80, change password version is 1 +*/ + if (version_number != 0xff80 && version_number != 1) + return(KRB5KDC_ERR_BAD_PVNO); +/* +** now fill in ap_rep with the reply - +*/ +/* +** get the reply length - +*/ + ap_rep.length = (((ptr[0] << 8)&0xff) | (ptr[1]&0xff)); + ptr += 2; +/* +** validate ap_rep length agrees with the packet length - +*/ + if (ptr + ap_rep.length >= packet->data + packet->length) + return(KRB5KRB_AP_ERR_MODIFIED); +/* +** if data was returned, set the ap_rep ptr - +*/ + if( ap_rep.length ) { + ap_rep.data = ptr; + ptr += ap_rep.length; + + /* + * Save send_subkey to later smash recv_subkey. + */ + ret = krb5_auth_con_getsendsubkey(context, auth_context, &tmpkey); + if (ret) + return ret; + + ret = krb5_rd_rep(context, auth_context, &ap_rep, &ap_rep_enc); + if (ret) { + krb5_free_keyblock(context, tmpkey); + return(ret); + } + + krb5_free_ap_rep_enc_part(context, ap_rep_enc); +/* +** now decrypt the result - +*/ + cipherresult.data = ptr; + cipherresult.length = (packet->data + packet->length) - ptr; + + /* + * Smash recv_subkey to be send_subkey, per spec. + */ + ret = krb5_auth_con_setrecvsubkey(context, auth_context, tmpkey); + krb5_free_keyblock(context, tmpkey); + if (ret) + return ret; + + ret = krb5_rd_priv(context, auth_context, &cipherresult, &clearresult, + NULL); + if (ret) + return(ret); + } /*We got an ap_rep*/ + else + return (KRB5KRB_AP_ERR_MODIFIED); + } /*Response instead of error*/ + +/* +** validate the cleartext length +*/ + if (clearresult.length < 2) { + ret = KRB5KRB_AP_ERR_MODIFIED; + goto cleanup; + } +/* +** now decode the result - +*/ + ptr = clearresult.data; + + *result_code = (((ptr[0] << 8)&0xff) | (ptr[1]&0xff)); + ptr += 2; + +/* +** result code 5 is access denied +*/ + if ((*result_code < KRB5_KPASSWD_SUCCESS) || (*result_code > 5)) + { + ret = KRB5KRB_AP_ERR_MODIFIED; + goto cleanup; + } +/* +** all success replies should be authenticated/encrypted +*/ + if( (ap_rep.length == 0) && (*result_code == KRB5_KPASSWD_SUCCESS) ) + { + ret = KRB5KRB_AP_ERR_MODIFIED; + goto cleanup; + } + + if (result_data) { + result_data->length = (clearresult.data + clearresult.length) - ptr; + + if (result_data->length) + { + result_data->data = (char *) malloc(result_data->length); + if (result_data->data) + memcpy(result_data->data, ptr, result_data->length); + } + else + result_data->data = NULL; + } + ret = 0; + + cleanup: + krb5_free_data_contents(context, &clearresult); + return(ret); +} + +krb5_error_code +krb5int_setpw_result_code_string( krb5_context context, int result_code, const char **code_string ) +{ + switch (result_code) + { + case KRB5_KPASSWD_MALFORMED: + *code_string = "Malformed request error"; + break; + case KRB5_KPASSWD_HARDERROR: + *code_string = "Server error"; + break; + case KRB5_KPASSWD_AUTHERROR: + *code_string = "Authentication error"; + break; + case KRB5_KPASSWD_SOFTERROR: + *code_string = "Password change rejected"; + break; + case 5: /* access denied */ + *code_string = "Access denied"; + break; + case 6: /* bad version */ + *code_string = "Wrong protocol version"; + break; + case 7: /* initial flag is needed */ + *code_string = "Initial password required"; + break; + case 0: + *code_string = "Success"; + default: + *code_string = "Password change failed"; + break; + } + + return(0); +} + diff --git a/usr/src/lib/gss_mechs/mech_krb5/krb5/krb/get_set_keyblock.c b/usr/src/lib/gss_mechs/mech_krb5/krb5/krb/get_set_keyblock.c new file mode 100644 index 0000000000..c61b1989e5 --- /dev/null +++ b/usr/src/lib/gss_mechs/mech_krb5/krb5/krb/get_set_keyblock.c @@ -0,0 +1,66 @@ +/* + * CDDL HEADER START + * + * The contents of this file are subject to the terms of the + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. + * + * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE + * or http://www.opensolaris.org/os/licensing. + * See the License for the specific language governing permissions + * and limitations under the License. + * + * When distributing Covered Code, include this CDDL HEADER in each + * file and include the License file at usr/src/OPENSOLARIS.LICENSE. + * If applicable, add the following below this CDDL HEADER, with the + * fields enclosed by brackets "[]" replaced with your own identifying + * information: Portions Copyright [yyyy] [name of copyright owner] + * + * CDDL HEADER END + */ + +/* + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Use is subject to license terms. + */ + +#pragma ident "%Z%%M% %I% %E% SMI" + +#include "k5-int.h" + + +krb5_enctype +krb5_get_key_enctype(krb5_keyblock *kb) +{ + return (kb->enctype); +} + +unsigned int +krb5_get_key_length(krb5_keyblock *kb) +{ + return (kb->length); +} + +krb5_octet * +krb5_get_key_data(krb5_keyblock *kb) +{ + return (kb->contents); +} + +void +krb5_set_key_enctype(krb5_keyblock *kb, krb5_enctype enctype) +{ + kb->enctype = enctype; +} + +void +krb5_set_key_length(krb5_keyblock *kb, unsigned int len) +{ + kb->length = len; +} + +void +krb5_set_key_data(krb5_keyblock *kb, krb5_octet *data) +{ + kb->contents = data; +} diff --git a/usr/src/lib/gss_mechs/mech_krb5/krb5/krb/init_allocated_keyblock.c b/usr/src/lib/gss_mechs/mech_krb5/krb5/krb/init_allocated_keyblock.c new file mode 100644 index 0000000000..11d096ce6f --- /dev/null +++ b/usr/src/lib/gss_mechs/mech_krb5/krb5/krb/init_allocated_keyblock.c @@ -0,0 +1,65 @@ +/* + * CDDL HEADER START + * + * The contents of this file are subject to the terms of the + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. + * + * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE + * or http://www.opensolaris.org/os/licensing. + * See the License for the specific language governing permissions + * and limitations under the License. + * + * When distributing Covered Code, include this CDDL HEADER in each + * file and include the License file at usr/src/OPENSOLARIS.LICENSE. + * If applicable, add the following below this CDDL HEADER, with the + * fields enclosed by brackets "[]" replaced with your own identifying + * information: Portions Copyright [yyyy] [name of copyright owner] + * + * CDDL HEADER END + */ + +/* + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Use is subject to license terms. + */ + +#pragma ident "%Z%%M% %I% %E% SMI" + +#include "k5-int.h" + +krb5_error_code KRB5_CALLCONV +krb5_init_allocated_keyblock( + krb5_context context, + krb5_enctype enctype, + unsigned int length, + krb5_keyblock *kb) +{ + + if (!kb) + return (EINVAL); + + (void) memset(kb, 0, sizeof (*kb)); + kb->enctype = enctype; + kb->length = length; + + if (length) { + kb->contents = malloc(length); + if (!kb->contents) { + return (ENOMEM); + } + (void) memset(kb->contents, 0, length); + } else { + kb->contents = NULL; + } + + kb->dk_list = NULL; + +#ifdef _KERNEL + kb->kef_key = NULL; +#else + kb->hKey = CK_INVALID_HANDLE; +#endif + + return (0); +} diff --git a/usr/src/lib/gss_mechs/mech_krb5/krb5/os/changepw.c b/usr/src/lib/gss_mechs/mech_krb5/krb5/os/changepw.c new file mode 100644 index 0000000000..760f47e1e9 --- /dev/null +++ b/usr/src/lib/gss_mechs/mech_krb5/krb5/os/changepw.c @@ -0,0 +1,432 @@ +#pragma ident "%Z%%M% %I% %E% SMI" + +/* + * lib/krb5/os/changepw.c + * + * Copyright 1990,1999,2001 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + */ +/* + * krb5_set_password - Implements set password per RFC 3244 + * Added by Paul W. Nelson, Thursby Software Systems, Inc. + */ + +#define NEED_SOCKETS +#include "fake-addrinfo.h" +#include "k5-int.h" +#include "os-proto.h" + +#include <stdio.h> +#include <errno.h> + +#ifndef GETSOCKNAME_ARG3_TYPE +#define GETSOCKNAME_ARG3_TYPE int +#endif + +/* + * Wrapper function for the two backends + */ + +static krb5_error_code +krb5_locate_kpasswd(krb5_context context, const krb5_data *realm, + struct addrlist *addrlist) +{ + krb5_error_code code; + + code = krb5int_locate_server (context, realm, addrlist, 0, + "kpasswd_server", "_kpasswd", 0, + htons(DEFAULT_KPASSWD_PORT), 0, 0); + if (code == KRB5_REALM_CANT_RESOLVE || code == KRB5_REALM_UNKNOWN) { + code = krb5int_locate_server (context, realm, addrlist, 0, + "admin_server", "_kerberos-adm", 1, + DEFAULT_KPASSWD_PORT, 0, 0); + if (!code) { + /* Success with admin_server but now we need to change the + port number to use DEFAULT_KPASSWD_PORT. */ + int i; + for ( i=0;i<addrlist->naddrs;i++ ) { + struct addrinfo *a = addrlist->addrs[i]; + if (a->ai_family == AF_INET) + sa2sin (a->ai_addr)->sin_port = htons(DEFAULT_KPASSWD_PORT); + } + } + } + return (code); +} + + +/* +** The logic for setting and changing a password is mostly the same +** krb5_change_set_password handles both cases +** if set_password_for is NULL, then a password change is performed, +** otherwise, the password is set for the principal indicated in set_password_for +*/ +krb5_error_code KRB5_CALLCONV +krb5_change_set_password( + krb5_context context, krb5_creds *creds, char *newpw, krb5_principal set_password_for, + int *result_code, krb5_data *result_code_string, krb5_data *result_string) +{ + krb5_auth_context auth_context; + krb5_data ap_req, chpw_req, chpw_rep; + krb5_address local_kaddr, remote_kaddr; + char *code_string; + krb5_error_code code = 0; + int i; + GETSOCKNAME_ARG3_TYPE addrlen; + struct sockaddr_storage local_addr, remote_addr, tmp_addr; + int cc, local_result_code; + /* platforms seem to be consistant and use the same types */ + GETSOCKNAME_ARG3_TYPE tmp_len; + SOCKET s1 = INVALID_SOCKET, s2 = INVALID_SOCKET; + int tried_one = 0; + struct addrlist al = ADDRLIST_INIT; + + + /* Initialize values so that cleanup call can safely check for NULL */ + auth_context = NULL; + memset(&chpw_req, 0, sizeof(krb5_data)); + memset(&chpw_rep, 0, sizeof(krb5_data)); + memset(&ap_req, 0, sizeof(krb5_data)); + + /* initialize auth_context so that we know we have to free it */ + if ((code = krb5_auth_con_init(context, &auth_context))) + goto cleanup; + + if ((code = krb5_mk_req_extended(context, &auth_context, + AP_OPTS_USE_SUBKEY, + NULL, creds, &ap_req))) + goto cleanup; + + if ((code = krb5_locate_kpasswd(context, + krb5_princ_realm(context, creds->server), + &al))) + goto cleanup; + + /* this is really obscure. s1 is used for all communications. it + is left unconnected in case the server is multihomed and routes + are asymmetric. s2 is connected to resolve routes and get + addresses. this is the *only* way to get proper addresses for + multihomed hosts if routing is asymmetric. + + A related problem in the server, but not the client, is that + many os's have no way to disconnect a connected udp socket, so + the s2 socket needs to be closed and recreated for each + request. The s1 socket must not be closed, or else queued + requests will be lost. + + A "naive" client implementation (one socket, no connect, + hostname resolution to get the local ip addr) will work and + interoperate if the client is single-homed. */ + + if ((s1 = socket(AF_INET, SOCK_DGRAM, 0)) == INVALID_SOCKET) { + code = SOCKET_ERRNO; + goto cleanup; + } + + if ((s2 = socket(AF_INET, SOCK_DGRAM, 0)) == INVALID_SOCKET) { + code = SOCKET_ERRNO; + goto cleanup; + } + + /* + * This really should try fallback addresses in cases of timeouts. + * For now, where the MIT KDC implementation only supports one + * kpasswd server machine anyways, we'll only try the first IPv4 + * address we can connect() to. This isn't right for multi-homed + * servers; oh well. + */ + for (i=0; i<al.naddrs; i++) { + fd_set fdset; + struct timeval timeout; + + /* XXX Now the locate_ functions can return IPv6 addresses. */ + if (al.addrs[i]->ai_family != AF_INET) + continue; + + tried_one = 1; + if (connect(s2, al.addrs[i]->ai_addr, al.addrs[i]->ai_addrlen) == SOCKET_ERROR) { + if (SOCKET_ERRNO == ECONNREFUSED || SOCKET_ERRNO == EHOSTUNREACH) + continue; /* try the next addr */ + + code = SOCKET_ERRNO; + goto cleanup; + } + + addrlen = sizeof(local_addr); + + if (getsockname(s2, ss2sa(&local_addr), &addrlen) < 0) { + if (SOCKET_ERRNO == ECONNREFUSED || SOCKET_ERRNO == EHOSTUNREACH) + continue; /* try the next addr */ + + code = SOCKET_ERRNO; + goto cleanup; + } + + /* some brain-dead OS's don't return useful information from + * the getsockname call. Namely, windows and solaris. */ + + if (ss2sin(&local_addr)->sin_addr.s_addr != 0) { + local_kaddr.addrtype = ADDRTYPE_INET; + local_kaddr.length = sizeof(ss2sin(&local_addr)->sin_addr); + local_kaddr.contents = (krb5_octet *) &ss2sin(&local_addr)->sin_addr; + } else { + krb5_address **addrs; + + krb5_os_localaddr(context, &addrs); + + local_kaddr.magic = addrs[0]->magic; + local_kaddr.addrtype = addrs[0]->addrtype; + local_kaddr.length = addrs[0]->length; + local_kaddr.contents = malloc(addrs[0]->length); + memcpy(local_kaddr.contents, addrs[0]->contents, addrs[0]->length); + + krb5_free_addresses(context, addrs); + } + + addrlen = sizeof(remote_addr); + if (getpeername(s2, ss2sa(&remote_addr), &addrlen) < 0) { + if (SOCKET_ERRNO == ECONNREFUSED || SOCKET_ERRNO == EHOSTUNREACH) + continue; /* try the next addr */ + + code = SOCKET_ERRNO; + goto cleanup; + } + + remote_kaddr.addrtype = ADDRTYPE_INET; + remote_kaddr.length = sizeof(ss2sin(&remote_addr)->sin_addr); + remote_kaddr.contents = (krb5_octet *) &ss2sin(&remote_addr)->sin_addr; + + /* mk_priv requires that the local address be set. + getsockname is used for this. rd_priv requires that the + remote address be set. recvfrom is used for this. If + rd_priv is given a local address, and the message has the + recipient addr in it, this will be checked. However, there + is simply no way to know ahead of time what address the + message will be delivered *to*. Therefore, it is important + that either no recipient address is in the messages when + mk_priv is called, or that no local address is passed to + rd_priv. Both is a better idea, and I have done that. In + summary, when mk_priv is called, *only* a local address is + specified. when rd_priv is called, *only* a remote address + is specified. Are we having fun yet? */ + + if ((code = krb5_auth_con_setaddrs(context, auth_context, + &local_kaddr, NULL))) { + goto cleanup; + } + + if( set_password_for ) + code = krb5int_mk_setpw_req(context, auth_context, &ap_req, set_password_for, newpw, &chpw_req); + else + code = krb5int_mk_chpw_req(context, auth_context, &ap_req, newpw, &chpw_req); + if (code) + { + goto cleanup; + } + + if ((cc = sendto(s1, chpw_req.data, + (GETSOCKNAME_ARG3_TYPE) chpw_req.length, 0, + al.addrs[i]->ai_addr, al.addrs[i]->ai_addrlen)) != chpw_req.length) + { + if ((cc < 0) && ((SOCKET_ERRNO == ECONNREFUSED) || + (SOCKET_ERRNO == EHOSTUNREACH))) + continue; /* try the next addr */ + + code = (cc < 0) ? SOCKET_ERRNO : ECONNABORTED; + goto cleanup; + } + + chpw_rep.length = 1500; + chpw_rep.data = (char *) malloc(chpw_rep.length); + + /* XXX need a timeout/retry loop here */ + FD_ZERO (&fdset); + FD_SET (s1, &fdset); + timeout.tv_sec = 120; + timeout.tv_usec = 0; + switch (select (s1 + 1, &fdset, 0, 0, &timeout)) { + case -1: + code = SOCKET_ERRNO; + goto cleanup; + case 0: + code = ETIMEDOUT; + goto cleanup; + default: + /* fall through */ + ; + } + + /* "recv" would be good enough here... except that Windows/NT + commits the atrocity of returning -1 to indicate failure, + but leaving errno set to 0. + + "recvfrom(...,NULL,NULL)" would seem to be a good enough + alternative, and it works on NT, but it doesn't work on + SunOS 4.1.4 or Irix 5.3. Thus we must actually accept the + value and discard it. */ + tmp_len = sizeof(tmp_addr); + if ((cc = recvfrom(s1, chpw_rep.data, + (GETSOCKNAME_ARG3_TYPE) chpw_rep.length, + 0, ss2sa(&tmp_addr), &tmp_len)) < 0) + { + code = SOCKET_ERRNO; + goto cleanup; + } + + closesocket(s1); + s1 = INVALID_SOCKET; + closesocket(s2); + s2 = INVALID_SOCKET; + + chpw_rep.length = cc; + + if ((code = krb5_auth_con_setaddrs(context, auth_context, + NULL, &remote_kaddr))) + goto cleanup; + + if( set_password_for ) + code = krb5int_rd_setpw_rep(context, auth_context, &chpw_rep, &local_result_code, result_string); + else + code = krb5int_rd_chpw_rep(context, auth_context, &chpw_rep, &local_result_code, result_string); + if (code) + goto cleanup; + + if (result_code) + *result_code = local_result_code; + + if (result_code_string) { + if( set_password_for ) + code = krb5int_setpw_result_code_string(context, local_result_code, (const char **)&code_string); + else + code = krb5_chpw_result_code_string(context, local_result_code, &code_string); + if(code) + goto cleanup; + + result_code_string->length = strlen(code_string); + result_code_string->data = malloc(result_code_string->length); + if (result_code_string->data == NULL) { + code = ENOMEM; + goto cleanup; + } + strncpy(result_code_string->data, code_string, result_code_string->length); + } + + code = 0; + goto cleanup; + } + + if (tried_one) + /* Got some non-fatal errors, but didn't get any successes. */ + code = SOCKET_ERRNO; + else + /* Had some addresses, but didn't try any because they weren't + AF_INET addresses and we don't support AF_INET6 addresses + here yet. */ + code = EHOSTUNREACH; + +cleanup: + if (auth_context != NULL) + krb5_auth_con_free(context, auth_context); + + krb5int_free_addrlist (&al); + + if (s1 != INVALID_SOCKET) + closesocket(s1); + + if (s2 != INVALID_SOCKET) + closesocket(s2); + + krb5_free_data_contents(context, &chpw_req); + krb5_free_data_contents(context, &chpw_rep); + krb5_free_data_contents(context, &ap_req); + + return(code); +} + +krb5_error_code KRB5_CALLCONV +krb5_change_password(krb5_context context, krb5_creds *creds, char *newpw, int *result_code, krb5_data *result_code_string, krb5_data *result_string) +{ + return krb5_change_set_password( + context, creds, newpw, NULL, result_code, result_code_string, result_string ); +} + +/* + * krb5_set_password - Implements set password per RFC 3244 + * + */ + +krb5_error_code KRB5_CALLCONV +krb5_set_password( + krb5_context context, + krb5_creds *creds, + char *newpw, + krb5_principal change_password_for, + int *result_code, krb5_data *result_code_string, krb5_data *result_string + ) +{ + return krb5_change_set_password( + context, creds, newpw, change_password_for, result_code, result_code_string, result_string ); +} + +krb5_error_code KRB5_CALLCONV +krb5_set_password_using_ccache( + krb5_context context, + krb5_ccache ccache, + char *newpw, + krb5_principal change_password_for, + int *result_code, krb5_data *result_code_string, krb5_data *result_string + ) +{ + krb5_creds creds; + krb5_creds *credsp; + krb5_error_code code; + +/* +** get the proper creds for use with krb5_set_password - +*/ + memset( &creds, 0, sizeof(creds) ); +/* +** first get the principal for the password service - +*/ + code = krb5_cc_get_principal( context, ccache, &creds.client ); + if( !code ) + { + code = krb5_build_principal( context, &creds.server, + krb5_princ_realm(context, change_password_for)->length, + krb5_princ_realm(context, change_password_for)->data, + "kadmin", "changepw", NULL ); + if(!code) + { + code = krb5_get_credentials(context, 0, ccache, &creds, &credsp); + if( ! code ) + { + code = krb5_set_password(context, credsp, newpw, change_password_for, + result_code, result_code_string, + result_string); + krb5_free_creds(context, credsp); + } + } + krb5_free_cred_contents(context, &creds); + } + return code; +} diff --git a/usr/src/lib/gss_mechs/mech_krb5/spec/krb5_crypto.spec b/usr/src/lib/gss_mechs/mech_krb5/spec/krb5_crypto.spec index dcf926c783..5817ed05a5 100644 --- a/usr/src/lib/gss_mechs/mech_krb5/spec/krb5_crypto.spec +++ b/usr/src/lib/gss_mechs/mech_krb5/spec/krb5_crypto.spec @@ -1,5 +1,5 @@ # -# Copyright 2005 Sun Microsystems, Inc. All rights reserved. +# Copyright 2006 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # # ident "%Z%%M% %I% %E% SMI" @@ -356,4 +356,27 @@ declaration krb5_error_code krb5int_pbkdf2_hmac_sha1 ( \ version SUNWprivate_1.1 end +function krb5_string_to_key +include <k5-int.h> +declaration krb5_error_code krb5_string_to_key(krb5_context context,\ + const krb5_encrypt_block *eblock,\ + krb5_keyblock *keyblock, const krb5_data *data,\ + const krb5_data *salt) +version SUNWprivate_1.1 +end + +function krb5_use_enctype +include <k5-int.h> +declaration krb5_error_code krb5_use_enctype(krb5_context context,\ + krb5_encrypt_block *eblock,\ + krb5_enctype enctype) +version SUNWprivate_1.1 +end + +function krb5_checksum_size +include <k5-int.h> +declaration size_t krb5_checksum_size(krb5_context context, \ + krb5_cksumtype ctype) +version SUNWprivate_1.1 +end diff --git a/usr/src/lib/gss_mechs/mech_krb5/spec/krb5_krb.spec b/usr/src/lib/gss_mechs/mech_krb5/spec/krb5_krb.spec index fded6f805d..ecbf99d188 100644 --- a/usr/src/lib/gss_mechs/mech_krb5/spec/krb5_krb.spec +++ b/usr/src/lib/gss_mechs/mech_krb5/spec/krb5_krb.spec @@ -1,5 +1,5 @@ # -# Copyright 2005 Sun Microsystems, Inc. All rights reserved. +# Copyright 2006 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # # ident "%Z%%M% %I% %E% SMI" @@ -365,3 +365,58 @@ declaration krb5_error_code krb5_decode_ticket \ (const krb5_data *code, krb5_ticket **rep) version SUNWprivate_1.1 end + +function krb5_init_keyblock +include <k5-int.h> +declaration krb5_error_code krb5_init_keyblock \ + (krb5_context, krb5_enctype enctype, \ + size_t length, krb5_keyblock **out) +version SUNWprivate_1.1 +end + +function krb5_init_allocated_keyblock +include <k5-int.h> +declaration krb5_error_code krb5_init_allocated_keyblock \ + (krb5_context, krb5_enctype enctype, \ + unsigned int length) +version SUNWprivate_1.1 +end + +function krb5_get_key_enctype +include <k5-int.h> +declaration krb5_enctype krb5_get_key_enctype(krb5_keyblock *) +version SUNWprivate_1.1 +end + +function krb5_get_key_length +include <k5-int.h> +declaration unsigned int krb5_get_key_length(krb5_keyblock *) +version SUNWprivate_1.1 +end + +function krb5_get_key_data +include <k5-int.h> +declaration krb5_octet *krb5_get_key_data(krb5_keyblock *) +version SUNWprivate_1.1 +end + +function krb5_set_key_enctype +include <k5-int.h> +declaration void krb5_set_key_enctype(krb5_keyblock *, krb5_enctype) +version SUNWprivate_1.1 +end + +function krb5_set_key_data +include <k5-int.h> +declaration void krb5_set_key_data(krb5_keyblock *,\ + krb5_octet *) +version SUNWprivate_1.1 +end + +function krb5_set_key_length +include <k5-int.h> +declaration void krb5_set_key_length(krb5_keyblock *,\ + unsigned int) +version SUNWprivate_1.1 +end + diff --git a/usr/src/lib/gss_mechs/mech_krb5/spec/krb5_mech3.spec b/usr/src/lib/gss_mechs/mech_krb5/spec/krb5_mech3.spec index 21c0a1ce58..727311f11c 100644 --- a/usr/src/lib/gss_mechs/mech_krb5/spec/krb5_mech3.spec +++ b/usr/src/lib/gss_mechs/mech_krb5/spec/krb5_mech3.spec @@ -1,5 +1,5 @@ # -# Copyright 2005 Sun Microsystems, Inc. All rights reserved. +# Copyright 2006 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # # ident "%Z%%M% %I% %E% SMI" @@ -805,3 +805,26 @@ declaration int foreach_localaddr (void *, \ int (*pass2fn)(void *, struct sockaddr *)) version SUNWprivate_1.1 end + +function krb5_change_password +include <k5-int.h> +declaration krb5_error_code \ + krb5_change_password (krb5_context context, \ + krb5_creds *creds, char *newpw, \ + int *result_code, \ + krb5_data *result_code_string, \ + krb5_data *result_string) +version SUNWprivate_1.1 +end + +function krb5_set_password +include <k5-int.h> +declaration krb5_set_password (krb5_context context,\ + krb5_creds *creds,\ + char *newpw,\ + krb5_principal change_password_for,\ + int *result_code,\ + krb5_data *result_code_string,\ + krb5_data *result_string) +version SUNWprivate_1.1 +end diff --git a/usr/src/lib/libkrb5/Makefile b/usr/src/lib/libkrb5/Makefile new file mode 100755 index 0000000000..5b94b3aaef --- /dev/null +++ b/usr/src/lib/libkrb5/Makefile @@ -0,0 +1,71 @@ +# +# CDDL HEADER START +# +# The contents of this file are subject to the terms of the +# Common Development and Distribution License (the "License"). +# You may not use this file except in compliance with the License. +# +# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE +# or http://www.opensolaris.org/os/licensing. +# See the License for the specific language governing permissions +# and limitations under the License. +# +# When distributing Covered Code, include this CDDL HEADER in each +# file and include the License file at usr/src/OPENSOLARIS.LICENSE. +# If applicable, add the following below this CDDL HEADER, with the +# fields enclosed by brackets "[]" replaced with your own identifying +# information: Portions Copyright [yyyy] [name of copyright owner] +# +# CDDL HEADER END +# +# +# Copyright 2006 Sun Microsystems, Inc. All rights reserved. +# Use is subject to license terms. +# +# ident "%Z%%M% %I% %E% SMI" +# +# lib/libkrb5/Makefile + +include $(SRC)/lib/Makefile.lib + +SUBDIRS= $(MACH) $(MACH64) + +INSTALLED_HDRS= com_err.h krb5.h +COMERRH= $(SRC)/lib/gss_mechs/mech_krb5/include/com_err.h +KRB5H= $(SRC)/uts/common/gssapi/mechs/krb5/include/krb5.h + +KRB5INCDIR= $(ROOT)/usr/include/kerberosv5 + + +COMERRHINST= $(KRB5INCDIR)/com_err.h +KRB5HINST= $(KRB5INCDIR)/krb5.h + +KRB5HDRS= $(INSTALLED_HDRS:%=$(KRB5INCDIR)/%) + + +all := TARGET= all +clean := TARGET= clean +clobber := TARGET= clobber +install := TARGET= install +lint := TARGET= lint + +LIBRARY= libkrb5.a + +.KEEP_STATE: + +all clean clobber install: $(SUBDIRS) + +$(SUBDIRS): FRC + @cd $@; pwd; $(MAKE) $(TARGET) + + +install_h: $(KRB5INCDIR) $(KRB5HDRS) + +$(COMERRHINST): $(COMERRH) + install -s -m 644 -f $(KRB5INCDIR) $(COMERRH) +$(KRB5HINST): $(KRB5H) + install -s -m 644 -f $(KRB5INCDIR) $(KRB5H) + + +check FRC: + diff --git a/usr/src/lib/libkrb5/Makefile.com b/usr/src/lib/libkrb5/Makefile.com new file mode 100755 index 0000000000..341576dfae --- /dev/null +++ b/usr/src/lib/libkrb5/Makefile.com @@ -0,0 +1,71 @@ +# +# CDDL HEADER START +# +# The contents of this file are subject to the terms of the +# Common Development and Distribution License (the "License"). +# You may not use this file except in compliance with the License. +# +# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE +# or http://www.opensolaris.org/os/licensing. +# See the License for the specific language governing permissions +# and limitations under the License. +# +# When distributing Covered Code, include this CDDL HEADER in each +# file and include the License file at usr/src/OPENSOLARIS.LICENSE. +# If applicable, add the following below this CDDL HEADER, with the +# fields enclosed by brackets "[]" replaced with your own identifying +# information: Portions Copyright [yyyy] [name of copyright owner] +# +# CDDL HEADER END +# +# +# Copyright 2006 Sun Microsystems, Inc. All rights reserved. +# Use is subject to license terms. +# +# ident "%Z%%M% %I% %E% SMI" +# +# lib/libkrb5/Makefile.com +# + +# include library definitions +include $(SRC)/lib/Makefile.lib + +LIBRARY= libkrb5.a +LLIBRARY= libkrb5.so.1 +VERS= .1 +MAPFILE=../common/mapfile + + +LIBS= $(DYNLIB) + +#override liblink +INS.liblink= -$(RM) $@; $(SYMLINK) $(LIBLINKS)$(VERS) $@ + +.KEEP_STATE: + +all: $(LIBS) + + +$(LIBS): $(MAPFILE) + $(LD) $(DYNFLAGS) -o $@ -M$(MAPFILE) + + + +$(ROOTLIBDIR)/$(DYNLIB) := FILEMODE= 755 +$(ROOTLIBDIR64)/$(DYNLIB) := FILEMODE= 755 + +$(ROOTLIBDIR)/%: % + $(INS.file) +$(ROOTLIBDIR64)/%: % + $(INS.file) + +$(ROOTLIBDIR)/$(LIBLINKS): $(ROOTLIBDIR)/$(LIBLINKS)$(VERS) + $(INS.liblink) +$(ROOTLIBDIR64)/$(LIBLINKS): $(ROOTLIBDIR64)/$(LIBLINKS)$(VERS) + $(INS.liblink64) + +clobber: clean + -$(RM) $(CLOBBERTARGFILES) + +clean: + -$(RM) $(LIBS) diff --git a/usr/src/lib/libkrb5/amd64/Makefile b/usr/src/lib/libkrb5/amd64/Makefile new file mode 100644 index 0000000000..54b82e901c --- /dev/null +++ b/usr/src/lib/libkrb5/amd64/Makefile @@ -0,0 +1,35 @@ +# +# CDDL HEADER START +# +# The contents of this file are subject to the terms of the +# Common Development and Distribution License (the "License"). +# You may not use this file except in compliance with the License. +# +# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE +# or http://www.opensolaris.org/os/licensing. +# See the License for the specific language governing permissions +# and limitations under the License. +# +# When distributing Covered Code, include this CDDL HEADER in each +# file and include the License file at usr/src/OPENSOLARIS.LICENSE. +# If applicable, add the following below this CDDL HEADER, with the +# fields enclosed by brackets "[]" replaced with your own identifying +# information: Portions Copyright [yyyy] [name of copyright owner] +# +# CDDL HEADER END +# +# +# Copyright 2006 Sun Microsystems, Inc. All rights reserved. +# Use is subject to license terms. +# +# ident "%Z%%M% %I% %E% SMI" +# +# lib/libkrb5/amd64/Makefile + +MAPDIR= ../common + +include ../Makefile.com + +DYNFLAGS = -64 -G -h$(DYNLIB) -ztext -zdefs -zcombreloc -zloadfltr -R/usr/lib/64/gss + +install: all $(ROOTLIBS64) $(ROOTLINKS64) diff --git a/usr/src/lib/libkrb5/common/mapfile b/usr/src/lib/libkrb5/common/mapfile new file mode 100644 index 0000000000..932b9bdcb5 --- /dev/null +++ b/usr/src/lib/libkrb5/common/mapfile @@ -0,0 +1,273 @@ +# +# CDDL HEADER START +# +# The contents of this file are subject to the terms of the +# Common Development and Distribution License (the "License"). +# You may not use this file except in compliance with the License. +# +# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE +# or http://www.opensolaris.org/os/licensing. +# See the License for the specific language governing permissions +# and limitations under the License. +# +# When distributing Covered Code, include this CDDL HEADER in each +# file and include the License file at usr/src/OPENSOLARIS.LICENSE. +# If applicable, add the following below this CDDL HEADER, with the +# fields enclosed by brackets "[]" replaced with your own identifying +# information: Portions Copyright [yyyy] [name of copyright owner] +# +# CDDL HEADER END +# +# +# Copyright 2006 Sun Microsystems, Inc. All rights reserved. +# Use is subject to license terms. +# +# ident "%Z%%M% %I% %E% SMI" +# +# This is a mapfile that defines a filter for mech_krb5 so that +# a new public library can be made to access certain functions in +# the private library. +# +# New functions can be added as needed. +# + +{ + global: + +# com_err.h + com_err = FUNCTION FILTER mech_krb5.so.1; + com_err_va = FUNCTION FILTER mech_krb5.so.1; + error_message = FUNCTION FILTER mech_krb5.so.1; + +# krb5.h (non-private and non-deprecated) + krb5_c_encrypt = FUNCTION FILTER mech_krb5.so.1; + krb5_c_decrypt = FUNCTION FILTER mech_krb5.so.1; + krb5_c_encrypt_length = FUNCTION FILTER mech_krb5.so.1; + krb5_c_block_size = FUNCTION FILTER mech_krb5.so.1; + krb5_c_init_state = FUNCTION FILTER mech_krb5.so.1; + krb5_c_free_state = FUNCTION FILTER mech_krb5.so.1; + krb5_c_make_random_key = FUNCTION FILTER mech_krb5.so.1; + krb5_c_random_make_octets = FUNCTION FILTER mech_krb5.so.1; + krb5_c_string_to_key = FUNCTION FILTER mech_krb5.so.1; + krb5_c_string_to_key_with_params = FUNCTION FILTER mech_krb5.so.1; + krb5_c_enctype_compare = FUNCTION FILTER mech_krb5.so.1; + krb5_c_make_checksum = FUNCTION FILTER mech_krb5.so.1; + krb5_c_verify_checksum = FUNCTION FILTER mech_krb5.so.1; + krb5_c_checksum_length = FUNCTION FILTER mech_krb5.so.1; + krb5_c_keyed_checksum_types = FUNCTION FILTER mech_krb5.so.1; + krb5_c_valid_enctype = FUNCTION FILTER mech_krb5.so.1; + krb5_c_valid_cksumtype = FUNCTION FILTER mech_krb5.so.1; + krb5_c_is_coll_proof_cksum = FUNCTION FILTER mech_krb5.so.1; + krb5_c_is_keyed_cksum = FUNCTION FILTER mech_krb5.so.1; + krb5_cc_gen_new = FUNCTION FILTER mech_krb5.so.1; + krb5_cc_initialize = FUNCTION FILTER mech_krb5.so.1; + krb5_cc_destroy = FUNCTION FILTER mech_krb5.so.1; + krb5_cc_close = FUNCTION FILTER mech_krb5.so.1; + krb5_cc_store_cred = FUNCTION FILTER mech_krb5.so.1; + krb5_cc_retrieve_cred = FUNCTION FILTER mech_krb5.so.1; + krb5_cc_get_name = FUNCTION FILTER mech_krb5.so.1; + krb5_cc_get_principal = FUNCTION FILTER mech_krb5.so.1; + krb5_cc_start_seq_get = FUNCTION FILTER mech_krb5.so.1; + krb5_cc_next_cred = FUNCTION FILTER mech_krb5.so.1; + krb5_cc_end_seq_get = FUNCTION FILTER mech_krb5.so.1; + krb5_cc_remove_cred = FUNCTION FILTER mech_krb5.so.1; + krb5_cc_set_flags = FUNCTION FILTER mech_krb5.so.1; + krb5_cc_get_type = FUNCTION FILTER mech_krb5.so.1; + krb5_kt_get_type = FUNCTION FILTER mech_krb5.so.1; + krb5_kt_get_name = FUNCTION FILTER mech_krb5.so.1; + krb5_kt_close = FUNCTION FILTER mech_krb5.so.1; + krb5_kt_get_entry = FUNCTION FILTER mech_krb5.so.1; + krb5_kt_start_seq_get = FUNCTION FILTER mech_krb5.so.1; + krb5_kt_next_entry = FUNCTION FILTER mech_krb5.so.1; + krb5_kt_end_seq_get = FUNCTION FILTER mech_krb5.so.1; + krb5_init_context = FUNCTION FILTER mech_krb5.so.1; + krb5_init_secure_context = FUNCTION FILTER mech_krb5.so.1; + krb5_free_context = FUNCTION FILTER mech_krb5.so.1; + krb5_set_default_tgs_enctypes = FUNCTION FILTER mech_krb5.so.1; + krb5_get_permitted_enctypes = FUNCTION FILTER mech_krb5.so.1; + krb5_is_thread_safe = FUNCTION FILTER mech_krb5.so.1; + krb5_free_tgt_creds = FUNCTION FILTER mech_krb5.so.1; + krb5_get_credentials = FUNCTION FILTER mech_krb5.so.1; + krb5_get_credentials_validate = FUNCTION FILTER mech_krb5.so.1; + krb5_get_credentials_renew = FUNCTION FILTER mech_krb5.so.1; + krb5_mk_req = FUNCTION FILTER mech_krb5.so.1; + krb5_mk_req_extended = FUNCTION FILTER mech_krb5.so.1; + krb5_mk_rep = FUNCTION FILTER mech_krb5.so.1; + krb5_rd_rep = FUNCTION FILTER mech_krb5.so.1; + krb5_mk_error = FUNCTION FILTER mech_krb5.so.1; + krb5_rd_error = FUNCTION FILTER mech_krb5.so.1; + krb5_rd_safe = FUNCTION FILTER mech_krb5.so.1; + krb5_rd_priv = FUNCTION FILTER mech_krb5.so.1; + krb5_parse_name = FUNCTION FILTER mech_krb5.so.1; + krb5_unparse_name = FUNCTION FILTER mech_krb5.so.1; + krb5_unparse_name_ext = FUNCTION FILTER mech_krb5.so.1; + krb5_set_principal_realm = FUNCTION FILTER mech_krb5.so.1; + krb5_address_search = FUNCTION FILTER mech_krb5.so.1; + krb5_address_compare = FUNCTION FILTER mech_krb5.so.1; + krb5_address_order = FUNCTION FILTER mech_krb5.so.1; + krb5_realm_compare = FUNCTION FILTER mech_krb5.so.1; + krb5_principal_compare = FUNCTION FILTER mech_krb5.so.1; + krb5_init_keyblock = FUNCTION FILTER mech_krb5.so.1; + krb5_copy_keyblock = FUNCTION FILTER mech_krb5.so.1; + krb5_copy_keyblock_contents = FUNCTION FILTER mech_krb5.so.1; + krb5_copy_creds = FUNCTION FILTER mech_krb5.so.1; + krb5_copy_data = FUNCTION FILTER mech_krb5.so.1; + krb5_copy_principal = FUNCTION FILTER mech_krb5.so.1; + krb5_copy_addresses = FUNCTION FILTER mech_krb5.so.1; + krb5_copy_ticket = FUNCTION FILTER mech_krb5.so.1; + krb5_copy_authdata = FUNCTION FILTER mech_krb5.so.1; + krb5_copy_authenticator = FUNCTION FILTER mech_krb5.so.1; + krb5_copy_checksum = FUNCTION FILTER mech_krb5.so.1; + krb5_get_server_rcache = FUNCTION FILTER mech_krb5.so.1; + krb5_build_principal_ext = FUNCTION FILTER mech_krb5.so.1; + krb5_build_principal = FUNCTION FILTER mech_krb5.so.1; + krb5_kt_resolve = FUNCTION FILTER mech_krb5.so.1; + krb5_kt_default_name = FUNCTION FILTER mech_krb5.so.1; + krb5_kt_default = FUNCTION FILTER mech_krb5.so.1; + krb5_free_keytab_entry_contents = FUNCTION FILTER mech_krb5.so.1; + krb5_kt_remove_entry = FUNCTION FILTER mech_krb5.so.1; + krb5_kt_add_entry = FUNCTION FILTER mech_krb5.so.1; + krb5_principal2salt = FUNCTION FILTER mech_krb5.so.1; + krb5_cc_resolve = FUNCTION FILTER mech_krb5.so.1; + krb5_cc_default_name = FUNCTION FILTER mech_krb5.so.1; + krb5_cc_set_default_name = FUNCTION FILTER mech_krb5.so.1; + krb5_cc_default = FUNCTION FILTER mech_krb5.so.1; + krb5_cc_copy_creds = FUNCTION FILTER mech_krb5.so.1; + krb5_free_principal = FUNCTION FILTER mech_krb5.so.1; + krb5_free_authenticator = FUNCTION FILTER mech_krb5.so.1; + krb5_free_addresses = FUNCTION FILTER mech_krb5.so.1; + krb5_free_authdata = FUNCTION FILTER mech_krb5.so.1; + krb5_free_ticket = FUNCTION FILTER mech_krb5.so.1; + krb5_free_error = FUNCTION FILTER mech_krb5.so.1; + krb5_free_creds = FUNCTION FILTER mech_krb5.so.1; + krb5_free_cred_contents = FUNCTION FILTER mech_krb5.so.1; + krb5_free_checksum = FUNCTION FILTER mech_krb5.so.1; + krb5_free_checksum_contents = FUNCTION FILTER mech_krb5.so.1; + krb5_free_keyblock = FUNCTION FILTER mech_krb5.so.1; + krb5_free_keyblock_contents = FUNCTION FILTER mech_krb5.so.1; + krb5_free_ap_rep_enc_part = FUNCTION FILTER mech_krb5.so.1; + krb5_free_data = FUNCTION FILTER mech_krb5.so.1; + krb5_free_data_contents = FUNCTION FILTER mech_krb5.so.1; + krb5_free_unparsed_name = FUNCTION FILTER mech_krb5.so.1; + krb5_free_cksumtypes = FUNCTION FILTER mech_krb5.so.1; + krb5_us_timeofday = FUNCTION FILTER mech_krb5.so.1; + krb5_timeofday = FUNCTION FILTER mech_krb5.so.1; + krb5_os_localaddr = FUNCTION FILTER mech_krb5.so.1; + krb5_get_default_realm = FUNCTION FILTER mech_krb5.so.1; + krb5_set_default_realm = FUNCTION FILTER mech_krb5.so.1; + krb5_free_default_realm = FUNCTION FILTER mech_krb5.so.1; + krb5_sname_to_principal = FUNCTION FILTER mech_krb5.so.1; + krb5_change_password = FUNCTION FILTER mech_krb5.so.1; + krb5_set_password = FUNCTION FILTER mech_krb5.so.1; + krb5_set_password_using_ccache = FUNCTION FILTER mech_krb5.so.1; + krb5_get_profile = FUNCTION FILTER mech_krb5.so.1; + krb5_rd_req = FUNCTION FILTER mech_krb5.so.1; + krb5_kt_read_service_key = FUNCTION FILTER mech_krb5.so.1; + krb5_mk_safe = FUNCTION FILTER mech_krb5.so.1; + krb5_mk_priv = FUNCTION FILTER mech_krb5.so.1; + krb5_sendauth = FUNCTION FILTER mech_krb5.so.1; + krb5_recvauth = FUNCTION FILTER mech_krb5.so.1; + krb5_recvauth_version = FUNCTION FILTER mech_krb5.so.1; + krb5_mk_ncred = FUNCTION FILTER mech_krb5.so.1; + krb5_mk_1cred = FUNCTION FILTER mech_krb5.so.1; + krb5_rd_cred = FUNCTION FILTER mech_krb5.so.1; + krb5_fwd_tgt_creds = FUNCTION FILTER mech_krb5.so.1; + krb5_auth_con_init = FUNCTION FILTER mech_krb5.so.1; + krb5_auth_con_free = FUNCTION FILTER mech_krb5.so.1; + krb5_auth_con_setflags = FUNCTION FILTER mech_krb5.so.1; + krb5_auth_con_getflags = FUNCTION FILTER mech_krb5.so.1; + krb5_auth_con_set_checksum_func = FUNCTION FILTER mech_krb5.so.1; + krb5_auth_con_get_checksum_func = FUNCTION FILTER mech_krb5.so.1; + krb5_auth_con_setaddrs = FUNCTION FILTER mech_krb5.so.1; + krb5_auth_con_getaddrs = FUNCTION FILTER mech_krb5.so.1; + krb5_auth_con_setports = FUNCTION FILTER mech_krb5.so.1; + krb5_auth_con_setuseruserkey = FUNCTION FILTER mech_krb5.so.1; + krb5_auth_con_getkey = FUNCTION FILTER mech_krb5.so.1; + krb5_auth_con_getsendsubkey = FUNCTION FILTER mech_krb5.so.1; + krb5_auth_con_getrecvsubkey = FUNCTION FILTER mech_krb5.so.1; + krb5_auth_con_setsendsubkey = FUNCTION FILTER mech_krb5.so.1; + krb5_auth_con_setrecvsubkey = FUNCTION FILTER mech_krb5.so.1; + krb5_auth_con_getlocalseqnumber = FUNCTION FILTER mech_krb5.so.1; + krb5_auth_con_getremoteseqnumber = FUNCTION FILTER mech_krb5.so.1; + krb5_auth_con_setrcache = FUNCTION FILTER mech_krb5.so.1; + krb5_auth_con_getrcache = FUNCTION FILTER mech_krb5.so.1; + krb5_auth_con_getauthenticator = FUNCTION FILTER mech_krb5.so.1; + krb5_read_password = FUNCTION FILTER mech_krb5.so.1; + krb5_aname_to_localname = FUNCTION FILTER mech_krb5.so.1; + krb5_get_host_realm = FUNCTION FILTER mech_krb5.so.1; + krb5_free_host_realm = FUNCTION FILTER mech_krb5.so.1; + krb5_kuserok = FUNCTION FILTER mech_krb5.so.1; + krb5_auth_con_genaddrs = FUNCTION FILTER mech_krb5.so.1; + krb5_set_real_time = FUNCTION FILTER mech_krb5.so.1; + krb5_string_to_enctype = FUNCTION FILTER mech_krb5.so.1; + krb5_string_to_salttype = FUNCTION FILTER mech_krb5.so.1; + krb5_string_to_cksumtype = FUNCTION FILTER mech_krb5.so.1; + krb5_string_to_timestamp = FUNCTION FILTER mech_krb5.so.1; + krb5_string_to_deltat = FUNCTION FILTER mech_krb5.so.1; + krb5_enctype_to_string = FUNCTION FILTER mech_krb5.so.1; + krb5_salttype_to_string = FUNCTION FILTER mech_krb5.so.1; + krb5_cksumtype_to_string = FUNCTION FILTER mech_krb5.so.1; + krb5_timestamp_to_string = FUNCTION FILTER mech_krb5.so.1; + krb5_timestamp_to_sfstring = FUNCTION FILTER mech_krb5.so.1; + krb5_deltat_to_string = FUNCTION FILTER mech_krb5.so.1; + krb5_xfree_wrap = FUNCTION FILTER mech_krb5.so.1; + krb5_xfree = FUNCTION FILTER mech_krb5.so.1; + krb5_prompter_posix = FUNCTION FILTER mech_krb5.so.1; + krb5_get_init_creds_opt_init = FUNCTION FILTER mech_krb5.so.1; + krb5_get_init_creds_opt_set_tkt_life = FUNCTION FILTER mech_krb5.so.1; + krb5_get_init_creds_opt_set_renew_life = FUNCTION FILTER mech_krb5.so.1; + krb5_get_init_creds_opt_set_forwardable = FUNCTION FILTER mech_krb5.so.1; + krb5_get_init_creds_opt_set_proxiable = FUNCTION FILTER mech_krb5.so.1; + krb5_get_init_creds_opt_set_etype_list = FUNCTION FILTER mech_krb5.so.1; + krb5_get_init_creds_opt_set_address_list = FUNCTION FILTER mech_krb5.so.1; + krb5_get_init_creds_opt_set_preauth_list = FUNCTION FILTER mech_krb5.so.1; + krb5_get_init_creds_opt_set_salt = FUNCTION FILTER mech_krb5.so.1; + krb5_get_init_creds_password = FUNCTION FILTER mech_krb5.so.1; + krb5_get_init_creds_keytab = FUNCTION FILTER mech_krb5.so.1; + krb5_verify_init_creds_opt_init = FUNCTION FILTER mech_krb5.so.1; + krb5_verify_init_creds_opt_set_ap_req_nofail = FUNCTION FILTER mech_krb5.so.1; + krb5_verify_init_creds = FUNCTION FILTER mech_krb5.so.1; + krb5_get_validated_creds = FUNCTION FILTER mech_krb5.so.1; + krb5_get_renewed_creds = FUNCTION FILTER mech_krb5.so.1; + krb5_decode_ticket = FUNCTION FILTER mech_krb5.so.1; + krb5_appdefault_string = FUNCTION FILTER mech_krb5.so.1; + krb5_appdefault_boolean = FUNCTION FILTER mech_krb5.so.1; + krb5_realm_iterator_create = FUNCTION FILTER mech_krb5.so.1; + krb5_realm_iterator = FUNCTION FILTER mech_krb5.so.1; + krb5_realm_iterator_free = FUNCTION FILTER mech_krb5.so.1; + krb5_free_realm_string = FUNCTION FILTER mech_krb5.so.1; + krb5_get_prompt_types = FUNCTION FILTER mech_krb5.so.1; + krb5_string_to_key = FUNCTION FILTER mech_krb5.so.1; + krb5_use_enctype = FUNCTION FILTER mech_krb5.so.1; + krb5_init_allocated_keyblock = FUNCTION FILTER mech_krb5.so.1; + krb5_get_key_enctype = FUNCTION FILTER mech_krb5.so.1; + krb5_get_key_length = FUNCTION FILTER mech_krb5.so.1; + krb5_get_key_data = FUNCTION FILTER mech_krb5.so.1; + krb5_set_key_enctype = FUNCTION FILTER mech_krb5.so.1; + krb5_set_key_data = FUNCTION FILTER mech_krb5.so.1; + krb5_set_key_length = FUNCTION FILTER mech_krb5.so.1; + +# krb5.h - priv/deprecated + krb5_string_to_key = FUNCTION FILTER mech_krb5.so.1; + krb5_use_enctype = FUNCTION FILTER mech_krb5.so.1; + krb5_checksum_size = FUNCTION FILTER mech_krb5.so.1; + krb5_kt_free_entry = FUNCTION FILTER mech_krb5.so.1; + krb5_auth_con_getlocalsubkey = FUNCTION FILTER mech_krb5.so.1; + krb5_auth_con_getremotesubkey = FUNCTION FILTER mech_krb5.so.1; + krb5_set_default_tgs_ktypes = FUNCTION FILTER mech_krb5.so.1; + krb5_free_ktypes = FUNCTION FILTER mech_krb5.so.1; + krb5_free_ap_req = FUNCTION FILTER mech_krb5.so.1; + krb5_free_ap_rep = FUNCTION FILTER mech_krb5.so.1; + krb5_free_cred = FUNCTION FILTER mech_krb5.so.1; + krb5_decrypt_tkt_part = FUNCTION FILTER mech_krb5.so.1; + valid_cksumtype = FUNCTION FILTER mech_krb5.so.1; + +# k5-int.h (needed by Samba, openssl, etc) + decode_krb5_ap_req = FUNCTION FILTER mech_krb5.so.1; + encode_krb5_ap_req = FUNCTION FILTER mech_krb5.so.1; + krb5_rc_get_lifespan = FUNCTION FILTER mech_krb5.so.1; + krb5_rc_initialize = FUNCTION FILTER mech_krb5.so.1; + krb5_rc_default = FUNCTION FILTER mech_krb5.so.1; + krb5_rc_destroy = FUNCTION FILTER mech_krb5.so.1; + +}; diff --git a/usr/src/lib/libkrb5/i386/Makefile b/usr/src/lib/libkrb5/i386/Makefile new file mode 100755 index 0000000000..8673c75014 --- /dev/null +++ b/usr/src/lib/libkrb5/i386/Makefile @@ -0,0 +1,36 @@ +# +# CDDL HEADER START +# +# The contents of this file are subject to the terms of the +# Common Development and Distribution License (the "License"). +# You may not use this file except in compliance with the License. +# +# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE +# or http://www.opensolaris.org/os/licensing. +# See the License for the specific language governing permissions +# and limitations under the License. +# +# When distributing Covered Code, include this CDDL HEADER in each +# file and include the License file at usr/src/OPENSOLARIS.LICENSE. +# If applicable, add the following below this CDDL HEADER, with the +# fields enclosed by brackets "[]" replaced with your own identifying +# information: Portions Copyright [yyyy] [name of copyright owner] +# +# CDDL HEADER END +# +# +# Copyright 2006 Sun Microsystems, Inc. All rights reserved. +# Use is subject to license terms. +# +# ident "%Z%%M% %I% %E% SMI" +# +# lib/libkrb5/i386/Makefile + +MAPDIR= ../common + +include ../Makefile.com + +DYNFLAGS = -G -h$(DYNLIB) -ztext -zdefs -zcombreloc -zloadfltr \ + -R/usr/lib/gss -M$(NX_MAP) + +install: all $(ROOTLIBDIR) $(ROOTLIBS) $(ROOTLINKS) diff --git a/usr/src/lib/libkrb5/sparc/Makefile b/usr/src/lib/libkrb5/sparc/Makefile new file mode 100755 index 0000000000..9187a100f5 --- /dev/null +++ b/usr/src/lib/libkrb5/sparc/Makefile @@ -0,0 +1,35 @@ +# +# CDDL HEADER START +# +# The contents of this file are subject to the terms of the +# Common Development and Distribution License (the "License"). +# You may not use this file except in compliance with the License. +# +# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE +# or http://www.opensolaris.org/os/licensing. +# See the License for the specific language governing permissions +# and limitations under the License. +# +# When distributing Covered Code, include this CDDL HEADER in each +# file and include the License file at usr/src/OPENSOLARIS.LICENSE. +# If applicable, add the following below this CDDL HEADER, with the +# fields enclosed by brackets "[]" replaced with your own identifying +# information: Portions Copyright [yyyy] [name of copyright owner] +# +# CDDL HEADER END +# +# +# Copyright 2006 Sun Microsystems, Inc. All rights reserved. +# Use is subject to license terms. +# +# ident "%Z%%M% %I% %E% SMI" +# +# lib/libkrb5/sparc/Makefile + +MAPDIR= ../common + +include ../Makefile.com + +DYNFLAGS = -G -h$(DYNLIB) -ztext -zdefs -zcombreloc -zloadfltr -R/usr/lib/gss + +install: all $(ROOTLIBDIR) $(ROOTLIBS) $(ROOTLINKS) diff --git a/usr/src/lib/libkrb5/sparcv9/Makefile b/usr/src/lib/libkrb5/sparcv9/Makefile new file mode 100755 index 0000000000..c8105dab90 --- /dev/null +++ b/usr/src/lib/libkrb5/sparcv9/Makefile @@ -0,0 +1,35 @@ +# +# CDDL HEADER START +# +# The contents of this file are subject to the terms of the +# Common Development and Distribution License (the "License"). +# You may not use this file except in compliance with the License. +# +# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE +# or http://www.opensolaris.org/os/licensing. +# See the License for the specific language governing permissions +# and limitations under the License. +# +# When distributing Covered Code, include this CDDL HEADER in each +# file and include the License file at usr/src/OPENSOLARIS.LICENSE. +# If applicable, add the following below this CDDL HEADER, with the +# fields enclosed by brackets "[]" replaced with your own identifying +# information: Portions Copyright [yyyy] [name of copyright owner] +# +# CDDL HEADER END +# +# +# Copyright 2006 Sun Microsystems, Inc. All rights reserved. +# Use is subject to license terms. +# +# ident "%Z%%M% %I% %E% SMI" +# +# lib/libkrb5/sparcv9/Makefile + +MAPDIR= ../common + +include ../Makefile.com + +DYNFLAGS = -64 -G -h$(DYNLIB) -ztext -zdefs -zcombreloc -zloadfltr -R/usr/lib/64/gss + +install: all $(ROOTLIBS64) $(ROOTLINKS64) |