svn commit: lorikeet r498 - in trunk/heimdal/lib: gssapi hdb krb5
abartlet at samba.org
abartlet at samba.org
Tue Nov 29 01:23:18 GMT 2005
Author: abartlet
Date: 2005-11-29 01:23:17 +0000 (Tue, 29 Nov 2005)
New Revision: 498
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=lorikeet&rev=498
Log:
A couple of updates to bring us in line with Heimdal CVS on 2005-11-29
(Love intergrated some of the fixes, including the GSSAPI credentials
forwarding fix).
Andrew Bartlett
Modified:
trunk/heimdal/lib/gssapi/copy_ccache.c
trunk/heimdal/lib/hdb/db.c
trunk/heimdal/lib/hdb/db3.c
trunk/heimdal/lib/krb5/get_for_creds.c
Changeset:
Modified: trunk/heimdal/lib/gssapi/copy_ccache.c
===================================================================
--- trunk/heimdal/lib/gssapi/copy_ccache.c 2005-11-28 23:17:18 UTC (rev 497)
+++ trunk/heimdal/lib/gssapi/copy_ccache.c 2005-11-29 01:23:17 UTC (rev 498)
@@ -33,7 +33,7 @@
#include "gssapi_locl.h"
-RCSID("$Id: copy_ccache.c,v 1.12 2005/11/26 11:00:08 lha Exp $");
+RCSID("$Id: copy_ccache.c,v 1.13 2005/11/28 23:05:44 lha Exp $");
OM_uint32
gss_krb5_copy_ccache(OM_uint32 *minor_status,
Modified: trunk/heimdal/lib/hdb/db.c
===================================================================
--- trunk/heimdal/lib/hdb/db.c 2005-11-28 23:17:18 UTC (rev 497)
+++ trunk/heimdal/lib/hdb/db.c 2005-11-29 01:23:17 UTC (rev 498)
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,7 +33,7 @@
#include "hdb_locl.h"
-RCSID("$Id: db.c,v 1.32 2005/06/23 13:34:17 lha Exp $");
+RCSID("$Id: db.c,v 1.33 2005/11/28 23:30:51 lha Exp $");
#if HAVE_DB1
@@ -270,14 +270,12 @@
hdb_db_create(krb5_context context, HDB **db,
const char *filename)
{
- *db = malloc(sizeof(**db));
+ *db = calloc(1, sizeof(**db));
if (*db == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
- memset(*db, '\0', sizeof(**db));
-
(*db)->hdb_db = NULL;
(*db)->hdb_name = strdup(filename);
if ((*db)->hdb_name == NULL) {
Modified: trunk/heimdal/lib/hdb/db3.c
===================================================================
--- trunk/heimdal/lib/hdb/db3.c 2005-11-28 23:17:18 UTC (rev 497)
+++ trunk/heimdal/lib/hdb/db3.c 2005-11-29 01:23:17 UTC (rev 498)
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,7 +33,7 @@
#include "hdb_locl.h"
-RCSID("$Id: db3.c,v 1.16 2005/08/09 09:28:39 lha Exp $");
+RCSID("$Id: db3.c,v 1.17 2005/11/28 23:33:24 lha Exp $");
#if HAVE_DB3
@@ -318,7 +318,7 @@
hdb_db_create(krb5_context context, HDB **db,
const char *filename)
{
- *db = malloc(sizeof(**db));
+ *db = calloc(1, sizeof(**db));
if (*db == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
Modified: trunk/heimdal/lib/krb5/get_for_creds.c
===================================================================
--- trunk/heimdal/lib/krb5/get_for_creds.c 2005-11-28 23:17:18 UTC (rev 497)
+++ trunk/heimdal/lib/krb5/get_for_creds.c 2005-11-29 01:23:17 UTC (rev 498)
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -385,17 +385,13 @@
cred.enc_part.cipher.data = buf;
cred.enc_part.cipher.length = buf_size;
} else {
- /*
- * RFC4120 claims we should use the session key, but Heimdal
- * before 0.8 used the remote subkey if it was send in the
- * auth_context.
- *
- * Lorikeet-Heimdal is interested in windows compatiblity
- * more than Heimdal compatability, so we must choose the
- * session key, and break forwarding credentials to older
- * Heimdal servers.
- */
-
+ /*
+ * Here older versions then 0.7.2 of Heimdal used the local or
+ * remote subkey. That is wrong, the session key should be
+ * used. Heimdal 0.7.2 and newer have code to try both in the
+ * receiving end.
+ */
+
ret = krb5_crypto_init(context, auth_context->keyblock, 0, &crypto);
if (ret) {
free(buf);
More information about the samba-cvs
mailing list