return ret;
}
- (*smb_krb5_context)->krb5_context->mem_ctx = *smb_krb5_context;
-
talloc_steal(parent_ctx, *smb_krb5_context);
talloc_free(tmp_ctx);
my $file = shift;
my $prefix = shift;
+my $dirname = shift;
my $options = join(' ', @ARGV);
my $x_file;
my @x_files = ();
my $c_file;
my @c_files = ();
-if (not defined ($prefix)) { $prefix = "asn1"; }
+my $o_file;
+my @o_files = ();
-$dirname = dirname($file);
$basename = basename($file);
if (not defined $options) {
$options = "";
print "$header: $file bin/asn1_compile\n";
print "\t\@echo \"Compiling ASN1 file $file\"\n";
-print "\t\@startdir=`pwd` && cd $dirname && " . ' $$startdir/bin/asn1_compile ' . "$options $basename $prefix\n\n";
+print "\t\@startdir=`pwd` && cd $dirname && " . ' $$startdir/bin/asn1_compile ' . " $options " . '$$startdir/' . "$file $prefix\n\n";
open(IN,$file) or die("Can't open $file: $!");
foreach(<IN>) {
- if (/^([A-Za-z0-9_-]+)[ \t]*::= /) {
+ if (/^([\w]+[\w\-]+)(\s+OBJECT IDENTIFIER)?\s*::=/) {
my $output = $1;
$output =~ s/-/_/g;
$c_file = "$dirname/asn1_$output.c";
$x_file = "$dirname/asn1_$output.x";
+ $o_file = "$dirname/asn1_$output.o";
print "$x_file: $header\n";
print "$c_file: $dirname/asn1_$output.x\n";
print "\t\@cp $x_file $c_file\n\n";
push @x_files, $x_file;
push @c_files, $c_file;
+ push @o_files, $o_file;
}
}
close(IN);
+
+print '[SUBSYSTEM::HEIMDAL_'.uc($prefix).']'."\n";
+print "CFLAGS = -Iheimdal_build -I$dirname\n";
+print "OBJ_FILES = ";
+foreach $o_file (@o_files) {
+ print "\\\n\t$o_file ";
+}
+print "\nPRIVATE_DEPENDENCIES = HEIMDAL_ASN1\n\n";
+
print "clean:: \n";
print "\t\@echo \"Deleting ASN1 output files generated from $file\"";
print "\n\t\@rm -f $header";
#define RCSID(msg)
#define KRB5
+/* This needs to be defined for roken too */
+#ifdef VOID_RETSIGTYPE
+#define SIGRETURN(x) return
+#else
+#define SIGRETURN(x) return (RETSIGTYPE)(x)
+#endif
+
#include "include/config.h"
#include "lib/replace/replace.h"
../heimdal/kdc/kaserver.o \
../heimdal/kdc/digest.o \
../heimdal/kdc/process.o \
- ../heimdal/lib/asn1/asn1_DigestREQ.o \
- ../heimdal/lib/asn1/asn1_DigestRequest.o \
- ../heimdal/lib/asn1/asn1_DigestInit.o \
- ../heimdal/lib/asn1/asn1_DigestReqInner.o \
- ../heimdal/lib/asn1/asn1_DigestREP.o \
- ../heimdal/lib/asn1/asn1_DigestRepInner.o \
- ../heimdal/lib/asn1/asn1_DigestResponse.o \
- ../heimdal/lib/asn1/asn1_DigestInitReply.o \
- ../heimdal/lib/asn1/asn1_DigestError.o \
+ ../heimdal/kdc/windc.o \
+ ../heimdal/kdc/kx509.o \
../heimdal/lib/asn1/asn1_KRB5SignedPath.o
-PRIVATE_DEPENDENCIES = HEIMDAL_ROKEN HEIMDAL_KRB5 HEIMDAL_HDB HEIMDAL_ASN1 HEIMDAL_DES
+PRIVATE_DEPENDENCIES = HEIMDAL_ROKEN HEIMDAL_KRB5 HEIMDAL_HDB HEIMDAL_ASN1 HEIMDAL_DES HEIMDAL_DIGEST_ASN1 HEIMDAL_KX509_ASN1 HEIMDAL_NTLM
# End SUBSYSTEM HEIMDAL_KDC
#######################
+[SUBSYSTEM::HEIMDAL_NTLM]
+CFLAGS = -Iheimdal_build -Iheimdal/lib/ntlm
+OBJ_FILES = \
+ ../heimdal/lib/ntlm/ntlm.o
+PRIVATE_DEPENDENCIES = HEIMDAL_ROKEN HEIMDAL_DES HEIMDAL_KRB5
+
[SUBSYSTEM::HEIMDAL_HDB_KEYS]
CFLAGS = -Iheimdal_build -Iheimdal/lib/hdb
OBJ_FILES = \
../heimdal/lib/hdb/keytab.o \
../heimdal/lib/hdb/mkey.o \
../heimdal/lib/hdb/ndbm.o \
- ../heimdal/lib/hdb/asn1_Event.o \
- ../heimdal/lib/hdb/asn1_GENERATION.o \
- ../heimdal/lib/hdb/asn1_HDBFlags.o \
- ../heimdal/lib/hdb/asn1_HDB_Ext_Aliases.o \
- ../heimdal/lib/hdb/asn1_HDB_Ext_Constrained_delegation_acl.o \
- ../heimdal/lib/hdb/asn1_HDB_Ext_Lan_Manager_OWF.o \
- ../heimdal/lib/hdb/asn1_HDB_Ext_PKINIT_acl.o \
- ../heimdal/lib/hdb/asn1_HDB_Ext_PKINIT_hash.o \
- ../heimdal/lib/hdb/asn1_HDB_Ext_Password.o \
- ../heimdal/lib/hdb/asn1_HDB_extension.o \
- ../heimdal/lib/hdb/asn1_HDB_extensions.o \
- ../heimdal/lib/hdb/asn1_hdb_entry.o \
../heimdal/lib/hdb/hdb_err.o
-PRIVATE_DEPENDENCIES = HDB_LDB HEIMDAL_HDB_KEYS HEIMDAL_ROKEN
+PRIVATE_DEPENDENCIES = HDB_LDB HEIMDAL_HDB_KEYS HEIMDAL_ROKEN HEIMDAL_HDB_ASN1
# End SUBSYSTEM HEIMDAL_HDB
#######################
../heimdal/lib/gssapi/mech/gss_inquire_context.o \
../heimdal/lib/gssapi/mech/gss_release_name.o \
../heimdal/lib/gssapi/mech/gss_set_cred_option.o \
- ../heimdal/lib/gssapi/mech/asn1_GSSAPIContextToken.o \
+ ../heimdal/lib/gssapi/asn1_GSSAPIContextToken.o \
../heimdal/lib/gssapi/spnego/init_sec_context.o \
../heimdal/lib/gssapi/spnego/external.o \
../heimdal/lib/gssapi/spnego/compat.o \
../heimdal/lib/gssapi/spnego/context_stubs.o \
../heimdal/lib/gssapi/spnego/cred_stubs.o \
../heimdal/lib/gssapi/spnego/accept_sec_context.o \
- ../heimdal/lib/gssapi/spnego/asn1_ContextFlags.o \
- ../heimdal/lib/gssapi/spnego/asn1_MechType.o \
- ../heimdal/lib/gssapi/spnego/asn1_MechTypeList.o \
- ../heimdal/lib/gssapi/spnego/asn1_NegHints.o \
- ../heimdal/lib/gssapi/spnego/asn1_NegTokenInit.o \
- ../heimdal/lib/gssapi/spnego/asn1_NegTokenResp.o \
../heimdal/lib/gssapi/krb5/copy_ccache.o \
../heimdal/lib/gssapi/krb5/delete_sec_context.o \
../heimdal/lib/gssapi/krb5/init_sec_context.o \
../heimdal/lib/gssapi/krb5/accept_sec_context.o \
../heimdal/lib/gssapi/krb5/set_sec_context_option.o \
../heimdal/lib/gssapi/krb5/process_context_token.o
-PRIVATE_DEPENDENCIES = HEIMDAL_KRB5 HEIMDAL_ROKEN HEIMDAL_DES HEIMDAL_ASN1 HEIMDAL_GLUE
+PRIVATE_DEPENDENCIES = HEIMDAL_KRB5 HEIMDAL_ROKEN HEIMDAL_DES HEIMDAL_ASN1 HEIMDAL_GLUE HEIMDAL_SPNEGO_ASN1
# End SUBSYSTEM HEIMDAL_GSSAPI
#######################
# Start SUBSYSTEM HEIMDAL_KRB5
[SUBSYSTEM::HEIMDAL_KRB5]
CFLAGS = -Iheimdal_build -Iheimdal/lib/krb5
-PRIVATE_DEPENDENCIES = HEIMDAL_ROKEN HEIMDAL_DES HEIMDAL_GLUE
-PUBLIC_DEPENDENCIES = HEIMDAL_ASN1
+PRIVATE_DEPENDENCIES = HEIMDAL_ROKEN HEIMDAL_DES HEIMDAL_HX509 HEIMDAL_PKINIT_ASN1
+PUBLIC_DEPENDENCIES = HEIMDAL_KRB5_ASN1
OBJ_FILES = \
../heimdal/lib/krb5/acache.o \
../heimdal/lib/krb5/add_et_list.o \
../heimdal/lib/krb5/pkinit.o \
../heimdal/lib/krb5/plugin.o \
../heimdal/lib/krb5/principal.o \
+ ../heimdal/lib/krb5/pac.o \
../heimdal/lib/krb5/rd_cred.o \
../heimdal/lib/krb5/rd_error.o \
../heimdal/lib/krb5/rd_priv.o \
../heimdal/lib/asn1/der_cmp.o \
../heimdal/lib/asn1/extra.o \
../heimdal/lib/asn1/timegm.o \
- ../heimdal/lib/asn1/asn1_AD_IF_RELEVANT.o \
- ../heimdal/lib/asn1/asn1_APOptions.o \
- ../heimdal/lib/asn1/asn1_AP_REP.o \
- ../heimdal/lib/asn1/asn1_AP_REQ.o \
- ../heimdal/lib/asn1/asn1_AS_REP.o \
- ../heimdal/lib/asn1/asn1_AS_REQ.o \
- ../heimdal/lib/asn1/asn1_Authenticator.o \
- ../heimdal/lib/asn1/asn1_AuthorizationData.o \
- ../heimdal/lib/asn1/asn1_AuthorizationDataElement.o \
- ../heimdal/lib/asn1/asn1_CKSUMTYPE.o \
- ../heimdal/lib/asn1/asn1_ChangePasswdDataMS.o \
- ../heimdal/lib/asn1/asn1_Checksum.o \
- ../heimdal/lib/asn1/asn1_ENCTYPE.o \
- ../heimdal/lib/asn1/asn1_ETYPE_INFO.o \
- ../heimdal/lib/asn1/asn1_ETYPE_INFO2.o \
- ../heimdal/lib/asn1/asn1_ETYPE_INFO2_ENTRY.o \
- ../heimdal/lib/asn1/asn1_ETYPE_INFO_ENTRY.o \
- ../heimdal/lib/asn1/asn1_EncAPRepPart.o \
- ../heimdal/lib/asn1/asn1_EncASRepPart.o \
- ../heimdal/lib/asn1/asn1_EncKDCRepPart.o \
- ../heimdal/lib/asn1/asn1_EncKrbCredPart.o \
- ../heimdal/lib/asn1/asn1_EncKrbPrivPart.o \
- ../heimdal/lib/asn1/asn1_EncTGSRepPart.o \
- ../heimdal/lib/asn1/asn1_EncTicketPart.o \
- ../heimdal/lib/asn1/asn1_EncryptedData.o \
- ../heimdal/lib/asn1/asn1_EncryptionKey.o \
- ../heimdal/lib/asn1/asn1_EtypeList.o \
- ../heimdal/lib/asn1/asn1_HostAddress.o \
- ../heimdal/lib/asn1/asn1_HostAddresses.o \
- ../heimdal/lib/asn1/asn1_KDCOptions.o \
- ../heimdal/lib/asn1/asn1_KDC_REP.o \
- ../heimdal/lib/asn1/asn1_KDC_REQ.o \
- ../heimdal/lib/asn1/asn1_KDC_REQ_BODY.o \
- ../heimdal/lib/asn1/asn1_KRB_CRED.o \
- ../heimdal/lib/asn1/asn1_KRB_ERROR.o \
- ../heimdal/lib/asn1/asn1_KRB_PRIV.o \
- ../heimdal/lib/asn1/asn1_KerberosString.o \
- ../heimdal/lib/asn1/asn1_KerberosTime.o \
- ../heimdal/lib/asn1/asn1_KrbCredInfo.o \
- ../heimdal/lib/asn1/asn1_LR_TYPE.o \
- ../heimdal/lib/asn1/asn1_LastReq.o \
- ../heimdal/lib/asn1/asn1_MESSAGE_TYPE.o \
- ../heimdal/lib/asn1/asn1_METHOD_DATA.o \
- ../heimdal/lib/asn1/asn1_NAME_TYPE.o \
- ../heimdal/lib/asn1/asn1_PADATA_TYPE.o \
- ../heimdal/lib/asn1/asn1_PA_DATA.o \
- ../heimdal/lib/asn1/asn1_PA_ENC_TS_ENC.o \
- ../heimdal/lib/asn1/asn1_PA_PAC_REQUEST.o \
- ../heimdal/lib/asn1/asn1_PA_S4U2Self.o \
- ../heimdal/lib/asn1/asn1_Principal.o \
- ../heimdal/lib/asn1/asn1_PrincipalName.o \
- ../heimdal/lib/asn1/asn1_Realm.o \
- ../heimdal/lib/asn1/asn1_TGS_REP.o \
- ../heimdal/lib/asn1/asn1_TGS_REQ.o \
- ../heimdal/lib/asn1/asn1_Ticket.o \
- ../heimdal/lib/asn1/asn1_TicketFlags.o \
- ../heimdal/lib/asn1/asn1_TransitedEncoding.o \
- ../heimdal/lib/asn1/asn1_KRB5SignedPathData.o \
- ../heimdal/lib/asn1/asn1_KRB5SignedPathPrincipals.o \
../heimdal/lib/asn1/asn1_err.o \
../heimdal/lib/asn1/asn1_krb5int32.o \
../heimdal/lib/asn1/asn1_krb5uint32.o
#######################
#######################
-# Start SUBSYSTEM HEIMDAL_DES
+# Start SUBSYSTEM HEIMDAL_DES_IMATH
+[SUBSYSTEM::HEIMDAL_DES_IMATH]
+CFLAGS = -Iheimdal_build -Iheimdal/lib/des/imath
+PRIVATE_DEPENDENCIES = HEIMDAL_ROKEN
+OBJ_FILES = \
+ ../heimdal/lib/des/imath/imath.o \
+ ../heimdal/lib/des/imath/iprime.o
+# End SUBSYSTEM HEIMDAL_DES_IMATH
+#######################
+
[SUBSYSTEM::HEIMDAL_DES]
CFLAGS = -Iheimdal_build -Iheimdal/lib/des
-PRIVATE_DEPENDENCIES = HEIMDAL_ROKEN
+PRIVATE_DEPENDENCIES = HEIMDAL_ROKEN HEIMDAL_ASN1 HEIMDAL_DES_IMATH HEIMDAL_RFC2459_ASN1
OBJ_FILES = \
../heimdal/lib/des/aes.o \
+ ../heimdal/lib/des/bn.o \
+ ../heimdal/lib/des/dh.o \
+ ../heimdal/lib/des/dh-imath.o \
../heimdal/lib/des/des.o \
+ ../heimdal/lib/des/dsa.o \
+ ../heimdal/lib/des/engine.o \
../heimdal/lib/des/md2.o \
../heimdal/lib/des/md4.o \
../heimdal/lib/des/md5.o \
+ ../heimdal/lib/des/rsa.o \
+ ../heimdal/lib/des/rsa-imath.o \
../heimdal/lib/des/rc2.o \
../heimdal/lib/des/rc4.o \
../heimdal/lib/des/rijndael-alg-fst.o \
../heimdal/lib/des/ui.o \
../heimdal/lib/des/evp.o \
../heimdal/lib/des/pkcs5.o \
+ ../heimdal/lib/des/pkcs12.o \
../heimdal/lib/des/rand.o \
../heimdal/lib/des/rand-unix.o \
../heimdal/lib/des/hmac.o
# End SUBSYSTEM HEIMDAL_DES
#######################
+#######################
+# Start SUBSYSTEM HEIMDAL_HX509
+[SUBSYSTEM::HEIMDAL_HX509]
+CFLAGS = -Iheimdal_build -Iheimdal/lib/hx509
+PRIVATE_DEPENDENCIES = HEIMDAL_ROKEN HEIMDAL_ASN1 HEIMDAL_DES HEIMDAL_CMS_ASN1 HEIMDAL_RFC2459_ASN1 HEIMDAL_OCSP_ASN1 HEIMDAL_PKCS8_ASN1 HEIMDAL_PKCS9_ASN1 HEIMDAL_PKCS12_ASN1
+OBJ_FILES = \
+ ../heimdal/lib/hx509/ca.o \
+ ../heimdal/lib/hx509/cert.o \
+ ../heimdal/lib/hx509/cms.o \
+ ../heimdal/lib/hx509/collector.o \
+ ../heimdal/lib/hx509/crypto.o \
+ ../heimdal/lib/hx509/error.o \
+ ../heimdal/lib/hx509/file.o \
+ ../heimdal/lib/hx509/keyset.o \
+ ../heimdal/lib/hx509/ks_dir.o \
+ ../heimdal/lib/hx509/ks_file.o \
+ ../heimdal/lib/hx509/ks_mem.o \
+ ../heimdal/lib/hx509/ks_null.o \
+ ../heimdal/lib/hx509/ks_p11.o \
+ ../heimdal/lib/hx509/ks_p12.o \
+ ../heimdal/lib/hx509/lock.o \
+ ../heimdal/lib/hx509/name.o \
+ ../heimdal/lib/hx509/peer.o \
+ ../heimdal/lib/hx509/print.o \
+ ../heimdal/lib/hx509/req.o \
+ ../heimdal/lib/hx509/revoke.o \
+ ../heimdal/lib/hx509/hx509_err.o
+# End SUBSYSTEM HEIMDAL_HX509
+#######################
+
#######################
# Start SUBSYSTEM HEIMDAL_ROKEN_GAI_STRERROR
[SUBSYSTEM::HEIMDAL_ROKEN_GAI_STRERROR]
../heimdal/lib/roken/base64.o \
../heimdal/lib/roken/hex.o \
../heimdal/lib/roken/bswap.o \
+ ../heimdal/lib/roken/closefrom.o \
+ ../heimdal/lib/roken/dumpdata.o \
+ ../heimdal/lib/roken/emalloc.o \
../heimdal/lib/roken/get_window_size.o \
../heimdal/lib/roken/h_errno.o \
../heimdal/lib/roken/issuid.o \
../heimdal/lib/roken/strupr.o \
../heimdal/lib/roken/strpool.o \
../heimdal/lib/roken/estrdup.o \
+ ../heimdal/lib/roken/erealloc.o \
+ ../heimdal/lib/roken/simple_exec.o \
+ ../heimdal/lib/roken/simple_exec.o \
+ ../heimdal/lib/roken/strcollect.o \
replace.o
PUBLIC_DEPENDENCIES = \
HEIMDAL_ROKEN_ADDRINFO \
# End BINARY compile_et
#######################
-include perl_path_wrapper.sh asn1_deps.pl heimdal/lib/hdb/hdb.asn1 hdb_asn1|
-include perl_path_wrapper.sh asn1_deps.pl heimdal/lib/gssapi/spnego/spnego.asn1 spnego_asn1|
-include perl_path_wrapper.sh asn1_deps.pl heimdal/lib/gssapi/mech/gssapi.asn1 gssapi_asn1|
-include perl_path_wrapper.sh asn1_deps.pl heimdal/lib/asn1/k5.asn1 krb5_asn1 --encode-rfc1510-bit-string --sequence=KRB5SignedPathPrincipals --sequence=AuthorizationData|
-include perl_path_wrapper.sh asn1_deps.pl heimdal/lib/asn1/digest.asn1 digest_asn1|
-
+include perl_path_wrapper.sh asn1_deps.pl heimdal/lib/hdb/hdb.asn1 hdb_asn1 heimdal/lib/hdb |
+include perl_path_wrapper.sh asn1_deps.pl heimdal/lib/gssapi/spnego/spnego.asn1 spnego_asn1 heimdal/lib/gssapi --sequence=MechTypeList |
+include perl_path_wrapper.sh asn1_deps.pl heimdal/lib/gssapi/mech/gssapi.asn1 gssapi_asn1 heimdal/lib/gssapi|
+include perl_path_wrapper.sh asn1_deps.pl heimdal/lib/asn1/k5.asn1 krb5_asn1 heimdal/lib/asn1 --encode-rfc1510-bit-string --sequence=KRB5SignedPathPrincipals --sequence=AuthorizationData|
+include perl_path_wrapper.sh asn1_deps.pl heimdal/lib/asn1/digest.asn1 digest_asn1 heimdal/lib/asn1|
+include perl_path_wrapper.sh asn1_deps.pl heimdal/lib/asn1/pkcs8.asn1 pkcs8_asn1 heimdal/lib/asn1|
+include perl_path_wrapper.sh asn1_deps.pl heimdal/lib/asn1/pkcs9.asn1 pkcs9_asn1 heimdal/lib/asn1|
+include perl_path_wrapper.sh asn1_deps.pl heimdal/lib/asn1/pkcs12.asn1 pkcs12_asn1 heimdal/lib/asn1|
+include perl_path_wrapper.sh asn1_deps.pl heimdal/lib/asn1/rfc2459.asn1 rfc2459_asn1 heimdal/lib/asn1 --preserve-binary=TBSCertificate --preserve-binary=TBSCRLCertList --preserve-binary=Name --sequence=GeneralNames --sequence=Extensions|
+include perl_path_wrapper.sh asn1_deps.pl heimdal/lib/asn1/pkinit.asn1 pkinit_asn1 heimdal/lib/asn1|
+include perl_path_wrapper.sh asn1_deps.pl heimdal/lib/asn1/CMS.asn1 cms_asn1 heimdal/lib/asn1|
+include perl_path_wrapper.sh asn1_deps.pl heimdal/lib/hx509/ocsp.asn1 ocsp_asn1 heimdal/lib/hx509 --preserve-binary=OCSPTBSRequest --preserve-binary=OCSPResponseData|
+include perl_path_wrapper.sh asn1_deps.pl heimdal/lib/asn1/kx509.asn1 kx509_asn1 heimdal/lib/asn1|
+include perl_path_wrapper.sh asn1_deps.pl heimdal/lib/hx509/pkcs10.asn1 pkcs10_asn1 heimdal/lib/hx509 --preserve-binary=CertificationRequestInfo|
include perl_path_wrapper.sh et_deps.pl heimdal/lib/asn1/asn1_err.et heimdal/lib/asn1|
include perl_path_wrapper.sh et_deps.pl heimdal/lib/hdb/hdb_err.et heimdal/lib/hdb|
include perl_path_wrapper.sh et_deps.pl heimdal/lib/krb5/heim_err.et heimdal/lib/krb5|
include perl_path_wrapper.sh et_deps.pl heimdal/lib/krb5/k524_err.et heimdal/lib/krb5|
include perl_path_wrapper.sh et_deps.pl heimdal/lib/krb5/krb5_err.et heimdal/lib/krb5|
include perl_path_wrapper.sh et_deps.pl heimdal/lib/gssapi/krb5/gkrb5_err.et heimdal/lib/gssapi|
+include perl_path_wrapper.sh et_deps.pl heimdal/lib/hx509/hx509_err.et heimdal/lib/hx509|
.SUFFIXES: .hin
.hin.h:
clean::
@-rm -f heimdal/lib/roken/vis.h heimdal/lib/roken/err.h
- @-rm -f heimdal/lib/asn1/asn1_err.{c,h}
- @-rm -f heimdal/lib/hdb/hdb_err.{c,h}
- @-rm -f heimdal/lib/krb5/heim_err.{c,h}
- @-rm -f heimdal/lib/krb5/k524_err.{c,h}
- @-rm -f heimdal/lib/krb5/krb5_err.{c,h}
@-rm -f bin/compile_et bin/asn1_compile
@-rm -f heimdal/lib/krb5/des/hcrypto
#ifndef __crypto_headers_h__
#define __crypto_headers_h__
+#ifdef KRB5
#include <krb5-types.h>
-#include <des.h>
-#include <md4.h>
-#include <md5.h>
-#include <sha.h>
-#include <rc4.h>
-#include <rc2.h>
-#include <aes.h>
-#include <ui.h>
-#include <evp.h>
-#include <rand.h>
-#include <engine.h>
-#include <pkcs12.h>
+#endif
+#include <hcrypto/evp.h>
+#include <hcrypto/des.h>
+#include <hcrypto/md2.h>
+#include <hcrypto/md4.h>
+#include <hcrypto/md5.h>
+#include <hcrypto/sha.h>
+#include <hcrypto/rc4.h>
+#include <hcrypto/rc2.h>
+#include <hcrypto/aes.h>
+#include <hcrypto/ui.h>
+#include <hcrypto/rand.h>
+#include <hcrypto/engine.h>
+#include <hcrypto/pkcs12.h>
+#include <hcrypto/hmac.h>
#endif /* __crypto_headers_h__ */
print "$header $source: $file bin/compile_et\n";
print "\t\@echo \"Compiling error table $file\"\n";
print "\t\@startdir=`pwd` && cd $dirname && " . '$$startdir/bin/compile_et $$startdir/' . "$file\n\n";
+
+print "clean:: \n";
+print "\n\t\@rm -f $header $source";
}
+void *__gss_ntlm_initialize(void)
+{
+ return NULL;
+}
typedef socklen_t krb5_socklen_t;
typedef ssize_t krb5_ssize_t;
-#ifdef VOID_RETSIGTYPE
-#define SIGRETURN(x) return
-#else
-#define SIGRETURN(x) return (RETSIGTYPE)(x)
-#endif
-
#endif /* __krb5_types_h__ */
#define MaxHostNameLen (64+4)
#define MaxPathLen (1024+4)
+/* We want PKINIT */
+#define PKINIT 1
+
#define VERSIONLIST {"Lorikeet-Heimdal, Modified for Samba4 0.8pre"}
#define VERSION "Samba"
# Start SUBSYSTEM KDC
[SUBSYSTEM::HDB_LDB]
CFLAGS = -Iheimdal/kdc -Iheimdal/lib/hdb
+PUBLIC_PROTO_HEADER = pac_glue.h
OBJ_FILES = \
hdb-ldb.o \
pac-glue.o
private->realm_ref_msg = talloc_steal(private, realm_ref_msg);
private->samdb = (struct ldb_context *)db->hdb_db;
- entry_ex->check_client_access = hdb_ldb_check_client_access;
- entry_ex->authz_data_tgs_req = hdb_ldb_authz_data_tgs_req;
- entry_ex->authz_data_as_req = hdb_ldb_authz_data_as_req;
-
out:
if (ret != 0) {
/* This doesn't free ent itself, that is for the eventual caller to do */
krb5_error_code hdb_ldb_create(krb5_context context, struct HDB **db, const char *arg)
{
NTSTATUS nt_status;
- /* Disgusting, ugly hack, but it means one less private hook */
- nt_status = kdc_hdb_ldb_create(context->mem_ctx, context, db, arg);
+ /* The global kdc_mem_ctx, Disgusting, ugly hack, but it means one less private hook */
+ nt_status = kdc_hdb_ldb_create(kdc_mem_ctx, context, db, arg);
if (NT_STATUS_IS_OK(nt_status)) {
return 0;
#include "lib/stream/packet.h"
#include "librpc/gen_ndr/samr.h"
#include "lib/socket/netif.h"
+#include "heimdal/kdc/windc_plugin.h"
+#include "heimdal/lib/krb5/krb5_locl.h"
+#include "heimdal/kdc/kdc_locl.h"
+
+
+/* Disgusting hack to get a mem_ctx into the hdb plugin, when used as a keytab */
+TALLOC_CTX *kdc_mem_ctx;
/* hold all the info needed to send a reply */
struct kdc_reply {
return NT_STATUS_OK;
}
+static struct krb5plugin_windc_ftable windc_plugin_table = {
+ .minor_version = KRB5_WINDC_PLUGING_MINOR,
+ .init = samba_kdc_plugin_init,
+ .fini = samba_kdc_plugin_fini,
+ .pac_generate = samba_kdc_get_pac,
+ .pac_verify = samba_kdc_reget_pac,
+ .client_access = samba_kdc_check_client_access,
+};
+
+
/*
startup the kdc task
*/
}
krb5_kdc_default_config(kdc->config);
+ kdc->config->enable_pkinit = lp_parm_bool(-1, "kdc", "pkinit", True);
+ kdc->config->enable_pkinit_princ_in_cert = lp_parm_bool(-1, "kdc", "pkinit_princ_in_cert", True);
+
initialize_krb5_error_table();
ret = smb_krb5_init_context(kdc, &kdc->smb_krb5_context);
task_server_terminate(task, "kdc: failed to register hdb keytab");
return;
}
+
+ kdc_mem_ctx = kdc->smb_krb5_context;
+
+ /* Registar WinDC hooks */
+ ret = _krb5_plugin_register(kdc->smb_krb5_context->krb5_context,
+ PLUGIN_TYPE_DATA, "windc",
+ &windc_plugin_table);
+ if(ret) {
+ task_server_terminate(task, "kdc: failed to register hdb keytab");
+ return;
+ }
+
+ _kdc_windc_init(kdc->smb_krb5_context->krb5_context);
+
/* start listening on the configured network interfaces */
status = kdc_startup_interfaces(kdc);
if (!NT_STATUS_IS_OK(status)) {
#include "auth/kerberos/kerberos.h"
#include "heimdal/kdc/kdc.h"
#include "heimdal/lib/hdb/hdb.h"
-#include "kdc/pac-glue.h"
+#include "kdc/pac_glue.h"
struct kdc_server;
struct socket_address;
-NTSTATUS kdc_hdb_ldb_create(TALLOC_CTX *mem_ctx,
- krb5_context context, struct HDB **db, const char *arg);
+extern TALLOC_CTX *kdc_mem_ctx;
+
BOOL kpasswdd_process(struct kdc_server *kdc,
TALLOC_CTX *mem_ctx,
DATA_BLOB *input,
};
+struct hdb_ldb_private {
+ struct ldb_context *samdb;
+ struct ldb_message *msg;
+ struct ldb_message *realm_ref_msg;
+ hdb_entry_ex *entry_ex;
+};
#include "kdc/kdc.h"
#include "dsdb/common/flags.h"
#include "lib/ldb/include/ldb.h"
+#include "librpc/gen_ndr/ndr_krb5pac.h"
#include "librpc/gen_ndr/krb5pac.h"
#include "auth/auth.h"
#include "auth/auth_sam.h"
struct krb5_dh_moduli;
struct _krb5_krb_auth_data;
-#include "heimdal/lib/krb5/krb5_locl.h"
+krb5_error_code samba_kdc_plugin_init(krb5_context context, void **ptr)
+{
+ *ptr = NULL;
+ return 0;
+}
-/* Given the right private pointer from hdb_ldb, get a PAC from the attached ldb messages */
-static krb5_error_code samba_get_pac(krb5_context context,
- struct hdb_ldb_private *private,
- krb5_principal client,
- const krb5_keyblock *krbtgt_keyblock,
- const krb5_keyblock *server_keyblock,
- time_t tgs_authtime,
- krb5_data *pac)
+void samba_kdc_plugin_fini(void *ptr)
{
- krb5_error_code ret;
+ return;
+}
+
+static krb5_error_code make_pac(krb5_context context,
+ TALLOC_CTX *mem_ctx,
+ struct auth_serversupplied_info *server_info,
+ krb5_pac *pac)
+{
+ struct PAC_LOGON_INFO_CTR logon_info;
+ struct netr_SamInfo3 *info3;
+ krb5_data pac_data;
NTSTATUS nt_status;
- struct auth_serversupplied_info *server_info;
- DATA_BLOB tmp_blob;
- TALLOC_CTX *mem_ctx = talloc_named(private, 0, "samba_get_pac context");
+ DATA_BLOB pac_out;
+ krb5_error_code ret;
+
+ ZERO_STRUCT(logon_info);
+
+ nt_status = auth_convert_server_info_saminfo3(mem_ctx, server_info, &info3);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ DEBUG(1, ("Getting Samba info failed: %s\n", nt_errstr(nt_status)));
+ return EINVAL;
+ }
+ logon_info.info = talloc_zero(mem_ctx, struct PAC_LOGON_INFO);
if (!mem_ctx) {
return ENOMEM;
}
- nt_status = authsam_make_server_info(mem_ctx, private->samdb,
- private->msg,
- private->realm_ref_msg,
- data_blob(NULL, 0),
- data_blob(NULL, 0),
- &server_info);
+ logon_info.info->info3 = *info3;
+
+ nt_status = ndr_push_struct_blob(&pac_out, mem_ctx, &logon_info,
+ (ndr_push_flags_fn_t)ndr_push_PAC_LOGON_INFO_CTR);
if (!NT_STATUS_IS_OK(nt_status)) {
- DEBUG(0, ("Getting user info for PAC failed: %s\n",
- nt_errstr(nt_status)));
- return ENOMEM;
+ DEBUG(1, ("PAC (presig) push failed: %s\n", nt_errstr(nt_status)));
+ return EINVAL;
}
- ret = kerberos_create_pac(mem_ctx, server_info,
- context,
- krbtgt_keyblock,
- server_keyblock,
- client,
- tgs_authtime,
- &tmp_blob);
-
- if (ret) {
- DEBUG(1, ("PAC encoding failed: %s\n",
- smb_get_krb5_error_message(context, ret, mem_ctx)));
- talloc_free(mem_ctx);
+ ret = krb5_data_copy(&pac_data, pac_out.data, pac_out.length);
+ if (ret != 0) {
return ret;
}
- ret = krb5_data_copy(pac, tmp_blob.data, tmp_blob.length);
- talloc_free(mem_ctx);
- return ret;
-}
-
-/* Wrap the PAC in the right ASN.1. Will always free 'pac', on success or failure */
-static krb5_error_code wrap_pac(krb5_context context, krb5_data *pac, AuthorizationData **out)
-{
- krb5_error_code ret;
-
- unsigned char *buf;
- size_t buf_size;
- size_t len;
-
- AD_IF_RELEVANT if_relevant;
- AuthorizationData *auth_data;
-
- if_relevant.len = 1;
- if_relevant.val = malloc(sizeof(*if_relevant.val));
- if (!if_relevant.val) {
- krb5_data_free(pac);
- *out = NULL;
- return ENOMEM;
+ ret = krb5_pac_init(context, pac);
+ if (ret != 0) {
+ krb5_data_free(&pac_data);
+ return ret;
}
- if_relevant.val[0].ad_type = KRB5_AUTHDATA_WIN2K_PAC;
- if_relevant.val[0].ad_data.data = NULL;
- if_relevant.val[0].ad_data.length = 0;
-
- /* pac.data will be freed with this */
- if_relevant.val[0].ad_data.data = pac->data;
- if_relevant.val[0].ad_data.length = pac->length;
-
- ASN1_MALLOC_ENCODE(AuthorizationData, buf, buf_size, &if_relevant, &len, ret);
- free_AuthorizationData(&if_relevant);
- if (ret) {
- *out = NULL;
- return ret;
- }
-
- auth_data = malloc(sizeof(*auth_data));
- if (!auth_data) {
- free(buf);
- *out = NULL;
- return ret;
- }
- auth_data->len = 1;
- auth_data->val = malloc(sizeof(*auth_data->val));
- if (!auth_data->val) {
- free(buf);
- free(auth_data);
- *out = NULL;
+ ret = krb5_pac_add_buffer(context, *pac, PAC_TYPE_LOGON_INFO, &pac_data);
+ krb5_data_free(&pac_data);
+ if (ret != 0) {
return ret;
}
- auth_data->val[0].ad_type = KRB5_AUTHDATA_IF_RELEVANT;
- auth_data->val[0].ad_data.length = len;
- auth_data->val[0].ad_data.data = buf;
- *out = auth_data;
- return 0;
+ return ret;
}
-
-/* Given a hdb_entry, create a PAC out of the private data
-
- Don't create it if the client has the UF_NO_AUTH_DATA_REQUIRED bit
- set, or if they specificaly asked not to get it.
-*/
-
-krb5_error_code hdb_ldb_authz_data_as_req(krb5_context context, struct hdb_entry_ex *entry_ex,
- METHOD_DATA* pa_data_seq,
- time_t authtime,
- const EncryptionKey *tgtkey,
- const EncryptionKey *sessionkey,
- AuthorizationData **out)
+/* Given the right private pointer from hdb_ldb, get a PAC from the attached ldb messages */
+krb5_error_code samba_kdc_get_pac(void *priv,
+ krb5_context context,
+ struct hdb_entry_ex *client,
+ krb5_pac *pac)
{
krb5_error_code ret;
- int i;
- krb5_data pac;
- krb5_boolean pac_wanted = TRUE;
+ NTSTATUS nt_status;
+ struct auth_serversupplied_info *server_info;
+ struct hdb_ldb_private *private = talloc_get_type(client->ctx, struct hdb_ldb_private);
+ TALLOC_CTX *mem_ctx = talloc_named(private, 0, "samba_get_pac context");
unsigned int userAccountControl;
- struct PA_PAC_REQUEST pac_request;
- struct hdb_ldb_private *private = talloc_get_type(entry_ex->ctx, struct hdb_ldb_private);
-
+
+ if (!mem_ctx) {
+ return ENOMEM;
+ }
+
/* The user account may be set not to want the PAC */
userAccountControl = ldb_msg_find_attr_as_uint(private->msg, "userAccountControl", 0);
if (userAccountControl & UF_NO_AUTH_DATA_REQUIRED) {
- *out = NULL;
+ *pac = NULL;
return 0;
}
- /* The user may not want a PAC */
- for (i=0; i<pa_data_seq->len; i++) {
- if (pa_data_seq->val[i].padata_type == KRB5_PADATA_PA_PAC_REQUEST) {
- ret = decode_PA_PAC_REQUEST(pa_data_seq->val[i].padata_value.data,
- pa_data_seq->val[i].padata_value.length,
- &pac_request, NULL);
- if (ret == 0) {
- pac_wanted = !!pac_request.include_pac;
- }
- free_PA_PAC_REQUEST(&pac_request);
- break;
- }
+ nt_status = authsam_make_server_info(mem_ctx, private->samdb,
+ private->msg,
+ private->realm_ref_msg,
+ data_blob(NULL, 0),
+ data_blob(NULL, 0),
+ &server_info);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ DEBUG(0, ("Getting user info for PAC failed: %s\n",
+ nt_errstr(nt_status)));
+ return ENOMEM;
}
- if (!pac_wanted) {
- *out = NULL;
- return 0;
- }
-
- /* Get PAC from Samba */
- ret = samba_get_pac(context,
- private,
- entry_ex->entry.principal,
- tgtkey,
- tgtkey,
- authtime,
- &pac);
-
- if (ret) {
- *out = NULL;
- return ret;
- }
-
- return wrap_pac(context, &pac, out);
+ ret = make_pac(context, mem_ctx, server_info, pac);
+
+ talloc_free(mem_ctx);
+ return ret;
}
/* Resign (and reform, including possibly new groups) a PAC */
-krb5_error_code hdb_ldb_authz_data_tgs_req(krb5_context context, struct hdb_entry_ex *entry_ex,
- krb5_principal client,
- AuthorizationData *in,
- time_t authtime,
- const EncryptionKey *tgtkey,
- const EncryptionKey *servicekey,
- const EncryptionKey *sessionkey,
- AuthorizationData **out)
+krb5_error_code samba_kdc_reget_pac(void *priv, krb5_context context,
+ const krb5_principal client_principal,
+ struct hdb_entry_ex *client,
+ struct hdb_entry_ex *server, krb5_pac *pac)
{
NTSTATUS nt_status;
krb5_error_code ret;
unsigned int userAccountControl;
- struct hdb_ldb_private *private = talloc_get_type(entry_ex->ctx, struct hdb_ldb_private);
- krb5_data k5pac_in, k5pac_out;
- DATA_BLOB pac_in, pac_out;
+ struct hdb_ldb_private *private = talloc_get_type(server->ctx, struct hdb_ldb_private);
+ krb5_data k5pac_in;
+ DATA_BLOB pac_in;
- struct PAC_LOGON_INFO *logon_info;
+ struct PAC_LOGON_INFO_CTR logon_info;
union netr_Validation validation;
struct auth_serversupplied_info *server_info_out;
- krb5_boolean found = FALSE;
- TALLOC_CTX *mem_ctx;
+ TALLOC_CTX *mem_ctx = talloc_named(private, 0, "samba_get_pac context");
+ if (!mem_ctx) {
+ return ENOMEM;
+ }
+
/* The service account may be set not to want the PAC */
userAccountControl = ldb_msg_find_attr_as_uint(private->msg, "userAccountControl", 0);
if (userAccountControl & UF_NO_AUTH_DATA_REQUIRED) {
- *out = NULL;
- return 0;
- }
-
- ret = _krb5_find_type_in_ad(context, KRB5_AUTHDATA_WIN2K_PAC,
- &k5pac_in, &found, sessionkey, in);
- if (ret || !found) {
- *out = NULL;
+ *pac = NULL;
return 0;
}
- mem_ctx = talloc_new(private);
- if (!mem_ctx) {
- krb5_data_free(&k5pac_in);
- *out = NULL;
- return ENOMEM;
+ ret = krb5_pac_get_buffer(context, *pac, PAC_TYPE_LOGON_INFO, &k5pac_in);
+ if (ret != 0) {
+ return ret;
}
pac_in = data_blob_talloc(mem_ctx, k5pac_in.data, k5pac_in.length);
krb5_data_free(&k5pac_in);
if (!pac_in.data) {
talloc_free(mem_ctx);
- *out = NULL;
return ENOMEM;
}
- /* Parse the PAC again, for the logon info */
- nt_status = kerberos_pac_logon_info(mem_ctx, &logon_info,
- pac_in,
- context,
- tgtkey,
- tgtkey,
- client, authtime,
- &ret);
-
- if (!NT_STATUS_IS_OK(nt_status)) {
- DEBUG(1, ("Failed to parse PAC in TGT: %s/%s\n",
- nt_errstr(nt_status), error_message(ret)));
+ nt_status = ndr_pull_struct_blob(&pac_in, mem_ctx, &logon_info,
+ (ndr_pull_flags_fn_t)ndr_pull_PAC_LOGON_INFO_CTR);
+ if (!NT_STATUS_IS_OK(nt_status) || !logon_info.info) {
talloc_free(mem_ctx);
- *out = NULL;
- return ret;
+ DEBUG(0,("can't parse the PAC LOGON_INFO\n"));
+ return EINVAL;
}
/* Pull this right into the normal auth sysstem structures */
- validation.sam3 = &logon_info->info3;
+ validation.sam3 = &logon_info.info->info3;
nt_status = make_server_info_netlogon_validation(mem_ctx,
"",
3, &validation,
&server_info_out);
if (!NT_STATUS_IS_OK(nt_status)) {
talloc_free(mem_ctx);
- *out = NULL;
return ENOMEM;
}
- /* And make a new PAC, possibly containing new groups */
- ret = kerberos_create_pac(mem_ctx,
- server_info_out,
- context,
- tgtkey,
- servicekey,
- client,
- authtime,
- &pac_out);
+ /* We will compleatly regenerate this pac */
+ krb5_pac_free(context, *pac);
- if (ret != 0) {
- talloc_free(mem_ctx);
- *out = NULL;
- return ret;
- }
+ ret = make_pac(context, mem_ctx, server_info_out, pac);
- ret = krb5_data_copy(&k5pac_out, pac_out.data, pac_out.length);
- if (ret != 0) {
- talloc_free(mem_ctx);
- *out = NULL;
- return ret;
- }
-
- return wrap_pac(context, &k5pac_out, out);
+ talloc_free(mem_ctx);
+ return ret;
}
/* Given an hdb entry (and in particular it's private member), consult
* the account_ok routine in auth/auth_sam.c for consistancy */
-krb5_error_code hdb_ldb_check_client_access(krb5_context context, hdb_entry_ex *entry_ex,
- HostAddresses *addresses)
+
+krb5_error_code samba_kdc_check_client_access(void *priv,
+ krb5_context context, hdb_entry_ex *entry_ex,
+ KDC_REQ *req)
{
krb5_error_code ret;
NTSTATUS nt_status;
TALLOC_CTX *tmp_ctx = talloc_new(entry_ex->ctx);
struct hdb_ldb_private *private = talloc_get_type(entry_ex->ctx, struct hdb_ldb_private);
char *name, *workstation = NULL;
+ HostAddresses *addresses = req->req_body.addresses;
int i;
if (!tmp_ctx) {
+++ /dev/null
-/*
- Unix SMB/CIFS implementation.
-
- PAC Glue between Samba and the KDC
-
- Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
- struct hdb_ldb_private {
- struct ldb_context *samdb;
- struct ldb_message *msg;
- struct ldb_message *realm_ref_msg;
- hdb_entry_ex *entry_ex;
- };
-
- krb5_error_code hdb_ldb_authz_data_as_req(krb5_context context, struct hdb_entry_ex *entry_ex,
- METHOD_DATA* pa_data_seq,
- time_t authtime,
- const EncryptionKey *tgtkey,
- const EncryptionKey *sessionkey,
- AuthorizationData **out);
-
- krb5_error_code hdb_ldb_authz_data_tgs_req(krb5_context context, struct hdb_entry_ex *entry_ex,
- krb5_principal client,
- AuthorizationData *in,
- time_t authtime,
- const EncryptionKey *tgtkey,
- const EncryptionKey *servicekey,
- const EncryptionKey *sessionkey,
- AuthorizationData **out);
- krb5_error_code hdb_ldb_check_client_access(krb5_context context, hdb_entry_ex *entry_ex,
- HostAddresses *addresses);
samr_RidWithAttributeArray res_groups;
} PAC_LOGON_INFO;
- typedef struct {
+ typedef [public] struct {
[value(0x00081001)] uint32 unknown1;
[value(0xCCCCCCCC)] uint32 unknown2;
[value(NDR_ROUND(ndr_size_PAC_LOGON_INFO(info, ndr->flags)+4,8))] uint32 _ndr_size;
heimdal/lib/roken/vis.h \
heimdal/lib/roken/err.h \
heimdal/lib/hdb/hdb_asn1.h \
- heimdal/lib/gssapi/spnego/spnego_asn1.h \
- heimdal/lib/gssapi/mech/gssapi_asn1.h \
+ heimdal/lib/gssapi/spnego_asn1.h \
+ heimdal/lib/gssapi/gssapi_asn1.h \
heimdal/lib/asn1/krb5_asn1.h \
heimdal/lib/asn1/asn1_err.h \
heimdal/lib/asn1/digest_asn1.h \
+ heimdal/lib/asn1/pkcs8_asn1.h \
+ heimdal/lib/asn1/pkcs9_asn1.h \
+ heimdal/lib/asn1/pkcs12_asn1.h \
+ heimdal/lib/asn1/cms_asn1.h \
+ heimdal/lib/asn1/rfc2459_asn1.h \
+ heimdal/lib/asn1/pkinit_asn1.h \
+ heimdal/lib/asn1/kx509_asn1.h \
+ heimdal/lib/hx509/ocsp_asn1.h \
+ heimdal/lib/hx509/pkcs10_asn1.h \
heimdal/lib/hdb/hdb_err.h \
heimdal/lib/krb5/heim_err.h \
heimdal/lib/krb5/k524_err.h \
heimdal/lib/krb5/krb5_err.h \
heimdal/lib/gssapi/gkrb5_err.h \
+ heimdal/lib/hx509/hx509_err.h \
heimdal/lib/des/hcrypto
proto: basics
git.samba.org / bbaumbach / samba-autobuild / .git / commitdiff