svn commit: lorikeet r513 - in trunk/heimdal/lib: gssapi hdb
abartlet at samba.org
abartlet at samba.org
Tue Mar 7 04:17:14 GMT 2006
Author: abartlet
Date: 2006-03-07 04:17:13 +0000 (Tue, 07 Mar 2006)
New Revision: 513
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=lorikeet&rev=513
Log:
Merge changes from Samba4's heimdal into lorikeet-heimdal. Preparing
for a merge to upstream.
Andrew Bartlett
Modified:
trunk/heimdal/lib/gssapi/init_sec_context.c
trunk/heimdal/lib/gssapi/wrap.c
trunk/heimdal/lib/hdb/hdb.c
trunk/heimdal/lib/hdb/keytab.c
Changeset:
Modified: trunk/heimdal/lib/gssapi/init_sec_context.c
===================================================================
--- trunk/heimdal/lib/gssapi/init_sec_context.c 2005-12-30 23:54:19 UTC (rev 512)
+++ trunk/heimdal/lib/gssapi/init_sec_context.c 2006-03-07 04:17:13 UTC (rev 513)
@@ -358,6 +358,7 @@
Checksum cksum;
krb5_enctype enctype;
krb5_data fwd_data;
+ int is_cfx;
krb5_data_zero(&outbuf);
krb5_data_zero(&fwd_data);
@@ -486,6 +487,16 @@
enctype = (*context_handle)->auth_context->keyblock->keytype;
+ gsskrb5_is_cfx(*context_handle, &is_cfx);
+
+ if (is_cfx != 0) {
+ kret = krb5_auth_con_addflags(gssapi_krb5_context,
+ (*context_handle)->auth_context,
+ KRB5_AUTH_CONTEXT_USE_SUBKEY,
+ NULL);
+ (*context_handle)->more_flags |= ACCEPTOR_SUBKEY;
+ }
+
/* We need to create an Authenticator */
{
kret = krb5_build_authenticator (gssapi_krb5_context,
Modified: trunk/heimdal/lib/gssapi/wrap.c
===================================================================
--- trunk/heimdal/lib/gssapi/wrap.c 2005-12-30 23:54:19 UTC (rev 512)
+++ trunk/heimdal/lib/gssapi/wrap.c 2006-03-07 04:17:13 UTC (rev 513)
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -63,7 +63,21 @@
}
}
+
+ /* If there was no subkey, perhaps try this... */
+ if(skey == NULL) {
+ krb5_auth_con_getkey(gssapi_krb5_context,
+ context_handle->auth_context,
+ &skey);
+ }
+
HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
+
+ /* ensure never to segfault */
+ if(skey == NULL) {
+ return GSS_KRB5_S_KG_NO_SUBKEY; /* XXX */
+ }
+
key->length = skey->keyvalue.length;
key->value = malloc (key->length);
if (!key->value) {
Modified: trunk/heimdal/lib/hdb/hdb.c
===================================================================
--- trunk/heimdal/lib/hdb/hdb.c 2005-12-30 23:54:19 UTC (rev 512)
+++ trunk/heimdal/lib/hdb/hdb.c 2006-03-07 04:17:13 UTC (rev 513)
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -55,6 +55,9 @@
{"ldap:", hdb_ldap_create},
{"ldapi:", hdb_ldapi_create},
#endif
+#ifdef _SAMBA_BUILD_
+ {"ldb:", hdb_ldb_create},
+#endif
{NULL, NULL}
};
@@ -395,6 +398,6 @@
h = find_dynamic_method (context, filename, &residual);
#endif
if (h == NULL)
- krb5_errx(context, 1, "No database support! (hdb_create)");
+ krb5_errx(context, 1, "No database support! (hdb_create(%s))", filename);
return (*h->create)(context, db, residual);
}
Modified: trunk/heimdal/lib/hdb/keytab.c
===================================================================
--- trunk/heimdal/lib/hdb/keytab.c 2005-12-30 23:54:19 UTC (rev 512)
+++ trunk/heimdal/lib/hdb/keytab.c 2006-03-07 04:17:13 UTC (rev 513)
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1999 - 2002 Kungliga Tekniska Högskolan
+ * Copyright (c) 1999 - 2002 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -44,7 +44,7 @@
/*
* the format for HDB keytabs is:
- * HDB:[database:mkey]
+ * HDB:[database:file:mkey]
*/
static krb5_error_code
@@ -59,7 +59,7 @@
return ENOMEM;
}
db = name;
- mkey = strchr(name, ':');
+ mkey = strrchr(name, ':');
if(mkey == NULL || mkey[1] == '\0') {
if(*name == '\0')
d->dbname = NULL;
@@ -219,17 +219,24 @@
return ret;
}
- /* Hmm, what type of entry should we return for an enum... */
- ret = (*db->hdb_fetch)(context, db, HDB_F_DECRYPT, principal, HDB_ENT_TYPE_ANY, &ent);
- (*db->hdb_close)(context, db);
- (*db->hdb_destroy)(context, db);
+ ret = (*db->hdb_fetch)(context, db, HDB_F_DECRYPT, principal, HDB_ENT_TYPE_SERVER, &ent);
- if(ret == HDB_ERR_NOENTRY)
+ /* Shutdown the hdb on error */
+ if(ret == HDB_ERR_NOENTRY) {
+ (*db->hdb_close)(context, db);
+ (*db->hdb_destroy)(context, db);
return KRB5_KT_NOTFOUND;
- else if(ret)
+ } else if (ret) {
+ (*db->hdb_close)(context, db);
+ (*db->hdb_destroy)(context, db);
return ret;
+ }
if(kvno && ent.entry.kvno != kvno) {
+ /* The order here matters, we must free these in this order
+ * due to hdb-ldb and Samba4's talloc */
hdb_free_entry(context, &ent);
+ (*db->hdb_close)(context, db);
+ (*db->hdb_destroy)(context, db);
return KRB5_KT_NOTFOUND;
}
if(enctype == 0)
@@ -247,7 +254,11 @@
break;
}
}
+ /* The order here matters, we must free these in this order
+ * due to hdb-ldb and Samba4's talloc */
hdb_free_entry(context, &ent);
+ (*db->hdb_close)(context, db);
+ (*db->hdb_destroy)(context, db);
return ret;
}
More information about the samba-cvs
mailing list