svn commit: lorikeet r498 - in trunk/heimdal/lib: gssapi hdb krb5

Tue Nov 29 01:23:18 GMT 2005

Author: abartlet
Date: 2005-11-29 01:23:17 +0000 (Tue, 29 Nov 2005)
New Revision: 498

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=lorikeet&rev=498

Log:
A couple of updates to bring us in line with Heimdal CVS on 2005-11-29
(Love intergrated some of the fixes, including the GSSAPI credentials
forwarding fix).

Andrew Bartlett

Modified:
   trunk/heimdal/lib/gssapi/copy_ccache.c
   trunk/heimdal/lib/hdb/db.c
   trunk/heimdal/lib/hdb/db3.c
   trunk/heimdal/lib/krb5/get_for_creds.c


Changeset:
Modified: trunk/heimdal/lib/gssapi/copy_ccache.c
===================================================================

--- trunk/heimdal/lib/gssapi/copy_ccache.c	2005-11-28 23:17:18 UTC (rev 497)
+++ trunk/heimdal/lib/gssapi/copy_ccache.c	2005-11-29 01:23:17 UTC (rev 498)
@@ -33,7 +33,7 @@
 
 #include "gssapi_locl.h"
 
-RCSID("$Id: copy_ccache.c,v 1.12 2005/11/26 11:00:08 lha Exp $");
+RCSID("$Id: copy_ccache.c,v 1.13 2005/11/28 23:05:44 lha Exp $");
 
 OM_uint32
 gss_krb5_copy_ccache(OM_uint32 *minor_status,

Modified: trunk/heimdal/lib/hdb/db.c
===================================================================
--- trunk/heimdal/lib/hdb/db.c	2005-11-28 23:17:18 UTC (rev 497)
+++ trunk/heimdal/lib/hdb/db.c	2005-11-29 01:23:17 UTC (rev 498)
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska HÃ¶gskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include "hdb_locl.h"
 
-RCSID("$Id: db.c,v 1.32 2005/06/23 13:34:17 lha Exp $");
+RCSID("$Id: db.c,v 1.33 2005/11/28 23:30:51 lha Exp $");
 
 #if HAVE_DB1
 
@@ -270,14 +270,12 @@
 hdb_db_create(krb5_context context, HDB **db, 
 	      const char *filename)
 {
-    *db = malloc(sizeof(**db));
+    *db = calloc(1, sizeof(**db));
     if (*db == NULL) {
 	krb5_set_error_string(context, "malloc: out of memory");
 	return ENOMEM;
     }
 
-    memset(*db, '\0', sizeof(**db));
-
     (*db)->hdb_db = NULL;
     (*db)->hdb_name = strdup(filename);
     if ((*db)->hdb_name == NULL) {

Modified: trunk/heimdal/lib/hdb/db3.c
===================================================================
--- trunk/heimdal/lib/hdb/db3.c	2005-11-28 23:17:18 UTC (rev 497)
+++ trunk/heimdal/lib/hdb/db3.c	2005-11-29 01:23:17 UTC (rev 498)
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2005 Kungliga Tekniska HÃ¶gskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include "hdb_locl.h"
 
-RCSID("$Id: db3.c,v 1.16 2005/08/09 09:28:39 lha Exp $");
+RCSID("$Id: db3.c,v 1.17 2005/11/28 23:33:24 lha Exp $");
 
 #if HAVE_DB3
 
@@ -318,7 +318,7 @@
 hdb_db_create(krb5_context context, HDB **db, 
 	      const char *filename)
 {
-    *db = malloc(sizeof(**db));
+    *db = calloc(1, sizeof(**db));
     if (*db == NULL) {
 	krb5_set_error_string(context, "malloc: out of memory");
 	return ENOMEM;

Modified: trunk/heimdal/lib/krb5/get_for_creds.c
===================================================================
--- trunk/heimdal/lib/krb5/get_for_creds.c	2005-11-28 23:17:18 UTC (rev 497)
+++ trunk/heimdal/lib/krb5/get_for_creds.c	2005-11-29 01:23:17 UTC (rev 498)
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2004 Kungliga Tekniska HÃ¶gskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -385,17 +385,13 @@
 	cred.enc_part.cipher.data = buf;
 	cred.enc_part.cipher.length = buf_size;
     } else {
-	    /* 
-	     * RFC4120 claims we should use the session key, but Heimdal
-	     * before 0.8 used the remote subkey if it was send in the
-	     * auth_context.  
-	     *
-	     * Lorikeet-Heimdal is interested in windows compatiblity
-	     * more than Heimdal compatability, so we must choose the
-	     * session key, and break forwarding credentials to older
-	     * Heimdal servers. 
-	     */
-
+	/* 
+	 * Here older versions then 0.7.2 of Heimdal used the local or
+	 * remote subkey. That is wrong, the session key should be
+	 * used. Heimdal 0.7.2 and newer have code to try both in the
+	 * receiving end.
+	 */
+	
 	ret = krb5_crypto_init(context, auth_context->keyblock, 0, &crypto);
 	if (ret) {
 	    free(buf);

