svn commit: lorikeet r513 - in trunk/heimdal/lib: gssapi hdb

[abartlet at samba.org]

Author: abartlet
Date: 2006-03-07 04:17:13 +0000 (Tue, 07 Mar 2006)
New Revision: 513

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=lorikeet&rev=513

Log:
Merge changes from Samba4's heimdal into lorikeet-heimdal.  Preparing
for a merge to upstream.

Andrew Bartlett

Modified:
   trunk/heimdal/lib/gssapi/init_sec_context.c
   trunk/heimdal/lib/gssapi/wrap.c
   trunk/heimdal/lib/hdb/hdb.c
   trunk/heimdal/lib/hdb/keytab.c


Changeset:
Modified: trunk/heimdal/lib/gssapi/init_sec_context.c
===================================================================
--- trunk/heimdal/lib/gssapi/init_sec_context.c	2005-12-30 23:54:19 UTC (rev 512)
+++ trunk/heimdal/lib/gssapi/init_sec_context.c	2006-03-07 04:17:13 UTC (rev 513)
@@ -358,6 +358,7 @@
     Checksum cksum;
     krb5_enctype enctype;
     krb5_data fwd_data;
+    int is_cfx;
 
     krb5_data_zero(&outbuf);
     krb5_data_zero(&fwd_data);
@@ -486,6 +487,16 @@
 
 	enctype = (*context_handle)->auth_context->keyblock->keytype;
 
+	gsskrb5_is_cfx(*context_handle, &is_cfx);
+	
+	if (is_cfx != 0) {
+		kret = krb5_auth_con_addflags(gssapi_krb5_context,
+					      (*context_handle)->auth_context,
+					      KRB5_AUTH_CONTEXT_USE_SUBKEY,
+					      NULL);
+		(*context_handle)->more_flags |= ACCEPTOR_SUBKEY;
+	}
+	    
 	/* We need to create an Authenticator */
 	{
 		kret = krb5_build_authenticator (gssapi_krb5_context,

Modified: trunk/heimdal/lib/gssapi/wrap.c
===================================================================
--- trunk/heimdal/lib/gssapi/wrap.c	2005-12-30 23:54:19 UTC (rev 512)
+++ trunk/heimdal/lib/gssapi/wrap.c	2006-03-07 04:17:13 UTC (rev 513)
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -63,7 +63,21 @@
 	}
     
     }
+    
+    /* If there was no subkey, perhaps try this... */
+    if(skey == NULL) {
+	krb5_auth_con_getkey(gssapi_krb5_context,
+			     context_handle->auth_context, 
+			     &skey);
+    }
+
     HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
+
+    /* ensure never to segfault */
+    if(skey == NULL) {
+	return GSS_KRB5_S_KG_NO_SUBKEY; /* XXX */
+    }
+
     key->length = skey->keyvalue.length;
     key->value  = malloc (key->length);
     if (!key->value) {

Modified: trunk/heimdal/lib/hdb/hdb.c
===================================================================
--- trunk/heimdal/lib/hdb/hdb.c	2005-12-30 23:54:19 UTC (rev 512)
+++ trunk/heimdal/lib/hdb/hdb.c	2006-03-07 04:17:13 UTC (rev 513)
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -55,6 +55,9 @@
     {"ldap:",	hdb_ldap_create},
     {"ldapi:",	hdb_ldapi_create},
 #endif
+#ifdef _SAMBA_BUILD_
+    {"ldb:",	hdb_ldb_create},
+#endif
     {NULL,	NULL}
 };
 
@@ -395,6 +398,6 @@
 	h = find_dynamic_method (context, filename, &residual);
 #endif
     if (h == NULL)
-	krb5_errx(context, 1, "No database support! (hdb_create)");
+	krb5_errx(context, 1, "No database support! (hdb_create(%s))", filename);
     return (*h->create)(context, db, residual);
 }

Modified: trunk/heimdal/lib/hdb/keytab.c
===================================================================
--- trunk/heimdal/lib/hdb/keytab.c	2005-12-30 23:54:19 UTC (rev 512)
+++ trunk/heimdal/lib/hdb/keytab.c	2006-03-07 04:17:13 UTC (rev 513)
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999 - 2002 Kungliga Tekniska Högskolan
+ * Copyright (c) 1999 - 2002 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -44,7 +44,7 @@
 
 /*
  * the format for HDB keytabs is:
- * HDB:[database:mkey]
+ * HDB:[database:file:mkey]
  */
 
 static krb5_error_code
@@ -59,7 +59,7 @@
 	return ENOMEM;
     }
     db = name;
-    mkey = strchr(name, ':');
+    mkey = strrchr(name, ':');
     if(mkey == NULL || mkey[1] == '\0') {
 	if(*name == '\0')
 	    d->dbname = NULL;
@@ -219,17 +219,24 @@
 	return ret;
     }
 
-    /* Hmm, what type of entry should we return for an enum... */
-    ret = (*db->hdb_fetch)(context, db, HDB_F_DECRYPT, principal, HDB_ENT_TYPE_ANY, &ent);
-    (*db->hdb_close)(context, db);
-    (*db->hdb_destroy)(context, db);
+    ret = (*db->hdb_fetch)(context, db, HDB_F_DECRYPT, principal, HDB_ENT_TYPE_SERVER, &ent);
 
-    if(ret == HDB_ERR_NOENTRY)
+    /* Shutdown the hdb on error */
+    if(ret == HDB_ERR_NOENTRY) {
+	(*db->hdb_close)(context, db);
+	(*db->hdb_destroy)(context, db);
 	return KRB5_KT_NOTFOUND;
-    else if(ret)
+    } else if (ret) {
+	(*db->hdb_close)(context, db);
+	(*db->hdb_destroy)(context, db);
 	return ret;
+    }
     if(kvno && ent.entry.kvno != kvno) {
+	/* The order here matters, we must free these in this order
+	 * due to hdb-ldb and Samba4's talloc */
 	hdb_free_entry(context, &ent);
+	(*db->hdb_close)(context, db);
+	(*db->hdb_destroy)(context, db);
  	return KRB5_KT_NOTFOUND;
     }
     if(enctype == 0)
@@ -247,7 +254,11 @@
 	    break;
 	}
     }
+    /* The order here matters, we must free these in this order
+     * due to hdb-ldb and Samba4's talloc */
     hdb_free_entry(context, &ent);
+    (*db->hdb_close)(context, db);
+    (*db->hdb_destroy)(context, db);
     return ret;
 }