[SCM] Samba Shared Repository - branch master updated -
release-4-0-0alpha7-2263-g9b261c0
Andrew Bartlett
abartlet at samba.org
Thu Jun 11 21:46:55 GMT 2009
The branch, master has been updated
via 9b261c008a395a323e0516f4cd3f3134aa050577 (commit)
from 5cef57ff7d899773a084d23838b7f18a83f6e79d (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 9b261c008a395a323e0516f4cd3f3134aa050577
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Jun 8 19:06:16 2009 +1000
s4:heimdal: import lorikeet-heimdal-200906080040 (commit 904d0124b46eed7a8ad6e5b73e892ff34b6865ba)
Also including the supporting changes required to pass make test
A number of heimdal functions and constants have changed since we last
imported a tree (for the better, but inconvenient for us).
Andrew Bartlett
-----------------------------------------------------------------------
Summary of changes:
lib/replace/system/kerberos.h | 6 +-
source4/auth/credentials/credentials_krb5.c | 3 -
source4/auth/gensec/gensec_gssapi.c | 3 +
source4/auth/kerberos/clikrb5.c | 6 +-
source4/auth/kerberos/config.m4 | 2 +
source4/auth/kerberos/kerberos.c | 26 +-
source4/auth/kerberos/kerberos_pac.c | 2 +-
source4/dsdb/samdb/cracknames.c | 18 +-
source4/heimdal/README | 1 -
source4/heimdal/cf/make-proto.pl | 17 +-
source4/heimdal/cf/resolv.m4 | 11 +-
.../heimdal/{lib/krb5 => include}/heim_threads.h | 0
source4/heimdal/kdc/524.c | 400 -------
source4/heimdal/kdc/default_config.c | 24 +-
source4/heimdal/kdc/digest.c | 17 +-
source4/heimdal/kdc/headers.h | 6 +
source4/heimdal/kdc/kaserver.c | 4 +-
source4/heimdal/kdc/kdc.h | 16 +
source4/heimdal/kdc/kdc_locl.h | 5 +
source4/heimdal/kdc/kerberos4.c | 794 -------------
source4/heimdal/kdc/kerberos5.c | 378 ++++----
source4/heimdal/kdc/krb5tgs.c | 62 +-
source4/heimdal/kdc/kx509.c | 25 +-
source4/heimdal/kdc/pkinit.c | 809 ++++++++++----
source4/heimdal/kdc/process.c | 293 ++++-
source4/heimdal/kpasswd/kpasswd.c | 4 +-
source4/heimdal/kuser/kinit.c | 106 ++-
source4/heimdal/kuser/kuser_locl.h | 4 +-
source4/heimdal/lib/asn1/CMS.asn1 | 157 ---
source4/heimdal/lib/asn1/asn1_err.et | 2 +
source4/heimdal/lib/asn1/asn1_gen.c | 12 +-
source4/heimdal/lib/asn1/canthandle.asn1 | 2 +-
source4/heimdal/lib/asn1/cms.asn1 | 157 +++
source4/heimdal/lib/asn1/cms.opt | 1 +
source4/heimdal/lib/asn1/der.h | 2 +-
source4/heimdal/lib/asn1/der_get.c | 112 ++-
source4/heimdal/lib/asn1/der_locl.h | 4 +-
source4/heimdal/lib/asn1/der_put.c | 2 +-
source4/heimdal/lib/asn1/digest.asn1 | 2 +-
source4/heimdal/lib/asn1/extra.c | 14 +-
source4/heimdal/lib/asn1/gen.c | 44 +-
source4/heimdal/lib/asn1/gen_copy.c | 2 +-
source4/heimdal/lib/asn1/gen_decode.c | 87 +-
source4/heimdal/lib/asn1/gen_encode.c | 4 +-
source4/heimdal/lib/asn1/gen_free.c | 2 +-
source4/heimdal/lib/asn1/gen_length.c | 2 +-
source4/heimdal/lib/asn1/gen_locl.h | 10 +-
source4/heimdal/lib/asn1/k5.asn1 | 671 -----------
source4/heimdal/lib/asn1/krb5.asn1 | 750 +++++++++++++
source4/heimdal/lib/asn1/krb5.opt | 6 +
source4/heimdal/lib/asn1/kx509.asn1 | 11 +
source4/heimdal/lib/asn1/lex.l | 6 +-
source4/heimdal/lib/asn1/main.c | 72 ++-
source4/heimdal/lib/asn1/parse.y | 1015 -----------------
source4/heimdal/lib/asn1/pkcs12.asn1 | 2 +-
source4/heimdal/lib/asn1/pkcs8.asn1 | 2 +-
source4/heimdal/lib/asn1/pkinit.asn1 | 33 +-
source4/heimdal/lib/asn1/rfc2459.asn1 | 74 +-
source4/heimdal/lib/asn1/test.asn1 | 14 +-
source4/heimdal/lib/com_err/com_err.c | 5 +-
source4/heimdal/lib/com_err/compile_et.c | 2 -
source4/heimdal/lib/com_err/compile_et.h | 2 -
source4/heimdal/lib/com_err/error.c | 5 +-
source4/heimdal/lib/com_err/lex.l | 2 -
source4/heimdal/lib/com_err/parse.y | 2 -
source4/heimdal/lib/gssapi/gssapi/gssapi.h | 117 ++-
source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h | 2 +-
source4/heimdal/lib/gssapi/gssapi_mech.h | 44 +-
source4/heimdal/lib/gssapi/krb5/8003.c | 2 +-
.../heimdal/lib/gssapi/krb5/accept_sec_context.c | 25 +-
source4/heimdal/lib/gssapi/krb5/acquire_cred.c | 5 +-
source4/heimdal/lib/gssapi/krb5/add_cred.c | 6 +-
.../heimdal/lib/gssapi/krb5/address_to_krb5addr.c | 2 +-
source4/heimdal/lib/gssapi/krb5/aeap.c | 271 +++++
source4/heimdal/lib/gssapi/krb5/arcfour.c | 2 +-
.../heimdal/lib/gssapi/krb5/canonicalize_name.c | 2 +-
source4/heimdal/lib/gssapi/krb5/cfx.c | 228 ++---
source4/heimdal/lib/gssapi/krb5/compare_name.c | 2 +-
source4/heimdal/lib/gssapi/krb5/compat.c | 2 +-
source4/heimdal/lib/gssapi/krb5/context_time.c | 2 +-
source4/heimdal/lib/gssapi/krb5/copy_ccache.c | 2 +-
source4/heimdal/lib/gssapi/krb5/decapsulate.c | 2 +-
.../heimdal/lib/gssapi/krb5/delete_sec_context.c | 4 +-
source4/heimdal/lib/gssapi/krb5/display_name.c | 2 +-
source4/heimdal/lib/gssapi/krb5/display_status.c | 2 +-
source4/heimdal/lib/gssapi/krb5/duplicate_name.c | 2 +-
source4/heimdal/lib/gssapi/krb5/encapsulate.c | 2 +-
source4/heimdal/lib/gssapi/krb5/export_name.c | 2 +-
.../heimdal/lib/gssapi/krb5/export_sec_context.c | 2 +-
source4/heimdal/lib/gssapi/krb5/external.c | 7 +-
source4/heimdal/lib/gssapi/krb5/get_mic.c | 9 +-
source4/heimdal/lib/gssapi/krb5/gsskrb5_locl.h | 11 +-
source4/heimdal/lib/gssapi/krb5/import_name.c | 2 +-
.../heimdal/lib/gssapi/krb5/import_sec_context.c | 2 +-
source4/heimdal/lib/gssapi/krb5/indicate_mechs.c | 2 +-
source4/heimdal/lib/gssapi/krb5/init.c | 2 +-
source4/heimdal/lib/gssapi/krb5/init_sec_context.c | 23 +-
source4/heimdal/lib/gssapi/krb5/inquire_context.c | 2 +-
source4/heimdal/lib/gssapi/krb5/inquire_cred.c | 2 +-
.../heimdal/lib/gssapi/krb5/inquire_cred_by_mech.c | 2 +-
.../heimdal/lib/gssapi/krb5/inquire_cred_by_oid.c | 2 +-
.../lib/gssapi/krb5/inquire_mechs_for_name.c | 2 +-
.../lib/gssapi/krb5/inquire_names_for_mech.c | 2 +-
.../lib/gssapi/krb5/inquire_sec_context_by_oid.c | 7 +-
source4/heimdal/lib/gssapi/krb5/prf.c | 2 +-
.../lib/gssapi/krb5/process_context_token.c | 5 +-
source4/heimdal/lib/gssapi/krb5/release_buffer.c | 2 +-
source4/heimdal/lib/gssapi/krb5/release_cred.c | 4 +-
source4/heimdal/lib/gssapi/krb5/release_name.c | 2 +-
source4/heimdal/lib/gssapi/krb5/sequence.c | 2 +-
source4/heimdal/lib/gssapi/krb5/set_cred_option.c | 2 +-
.../lib/gssapi/krb5/set_sec_context_option.c | 2 +-
source4/heimdal/lib/gssapi/krb5/unwrap.c | 15 +-
source4/heimdal/lib/gssapi/krb5/verify_mic.c | 27 +-
source4/heimdal/lib/gssapi/krb5/wrap.c | 23 +-
source4/heimdal/lib/gssapi/mech/context.c | 2 +-
.../lib/gssapi/mech/gss_accept_sec_context.c | 3 +-
source4/heimdal/lib/gssapi/mech/gss_acquire_cred.c | 2 +-
source4/heimdal/lib/gssapi/mech/gss_aeap.c | 184 +++
.../lib/gssapi/mech/gss_canonicalize_name.c | 24 +
source4/heimdal/lib/gssapi/mech/gss_get_mic.c | 4 +-
source4/heimdal/lib/gssapi/mech/gss_import_name.c | 85 +-
source4/heimdal/lib/gssapi/mech/gss_krb5.c | 4 +-
source4/heimdal/lib/gssapi/mech/gss_mech_switch.c | 14 +-
.../heimdal/lib/gssapi/mech/gss_pseudo_random.c | 4 +-
source4/heimdal/lib/gssapi/mech/gss_verify_mic.c | 4 +-
source4/heimdal/lib/gssapi/mech/gss_wrap.c | 4 +-
.../heimdal/lib/gssapi/mech/gss_wrap_size_limit.c | 4 +-
source4/heimdal/lib/gssapi/mech/mech_locl.h | 1 +
source4/heimdal/lib/gssapi/mech/mech_switch.h | 1 +
.../heimdal/lib/gssapi/spnego/accept_sec_context.c | 6 +-
source4/heimdal/lib/gssapi/spnego/compat.c | 2 +-
source4/heimdal/lib/gssapi/spnego/context_stubs.c | 127 +--
source4/heimdal/lib/gssapi/spnego/cred_stubs.c | 2 +-
source4/heimdal/lib/gssapi/spnego/external.c | 4 +-
.../heimdal/lib/gssapi/spnego/init_sec_context.c | 73 +-
source4/heimdal/lib/gssapi/spnego/spnego_locl.h | 9 +-
source4/heimdal/lib/hcrypto/bn.c | 88 ++
source4/heimdal/lib/hcrypto/bn.h | 19 +-
source4/heimdal/lib/hcrypto/evp-aes-cts.c | 4 -
source4/heimdal/lib/hcrypto/evp.c | 16 +-
source4/heimdal/lib/hcrypto/rand-unix.c | 40 +-
source4/heimdal/lib/hcrypto/rand.c | 4 +
source4/heimdal/lib/hdb/dbinfo.c | 6 +-
source4/heimdal/lib/hdb/ext.c | 14 +
source4/heimdal/lib/hdb/hdb.asn1 | 12 +-
source4/heimdal/lib/hdb/hdb.c | 55 +-
source4/heimdal/lib/hdb/hdb.h | 157 ++-
source4/heimdal/lib/hdb/keys.c | 13 +-
source4/heimdal/lib/hdb/keytab.c | 7 +-
source4/heimdal/lib/hdb/mkey.c | 29 +-
source4/heimdal/lib/hdb/ndbm.c | 4 +-
source4/heimdal/lib/hx509/ca.c | 32 +-
source4/heimdal/lib/hx509/cert.c | 169 ++-
source4/heimdal/lib/hx509/cms.c | 478 ++++++---
source4/heimdal/lib/hx509/collector.c | 5 +-
source4/heimdal/lib/hx509/crypto.c | 995 +++++++++++++----
source4/heimdal/lib/hx509/env.c | 1 -
source4/heimdal/lib/hx509/error.c | 1 -
source4/heimdal/lib/hx509/file.c | 1 -
source4/heimdal/lib/hx509/hx509.h | 19 +-
source4/heimdal/lib/hx509/hx509_err.et | 5 +-
source4/heimdal/lib/hx509/hx_locl.h | 4 +-
source4/heimdal/lib/hx509/keyset.c | 76 ++-
source4/heimdal/lib/hx509/ks_dir.c | 3 +-
source4/heimdal/lib/hx509/ks_file.c | 100 ++-
source4/heimdal/lib/hx509/ks_keychain.c | 63 +-
source4/heimdal/lib/hx509/ks_mem.c | 1 -
source4/heimdal/lib/hx509/ks_null.c | 1 -
source4/heimdal/lib/hx509/ks_p11.c | 11 +-
source4/heimdal/lib/hx509/ks_p12.c | 45 +-
source4/heimdal/lib/hx509/lock.c | 1 -
source4/heimdal/lib/hx509/name.c | 63 +-
source4/heimdal/lib/hx509/peer.c | 34 +-
source4/heimdal/lib/hx509/print.c | 37 +-
source4/heimdal/lib/hx509/req.c | 1 -
source4/heimdal/lib/hx509/revoke.c | 8 +-
source4/heimdal/lib/hx509/sel-gram.y | 1 -
source4/heimdal/lib/hx509/test_name.c | 1 -
source4/heimdal/lib/krb5/acache.c | 25 +-
source4/heimdal/lib/krb5/add_et_list.c | 2 -
source4/heimdal/lib/krb5/addr_families.c | 12 +-
source4/heimdal/lib/krb5/appdefault.c | 2 -
source4/heimdal/lib/krb5/asn1_glue.c | 18 +-
source4/heimdal/lib/krb5/auth_context.c | 2 -
source4/heimdal/lib/krb5/build_ap_req.c | 2 -
source4/heimdal/lib/krb5/build_auth.c | 4 +-
source4/heimdal/lib/krb5/cache.c | 328 ++++--
source4/heimdal/lib/krb5/changepw.c | 28 +-
source4/heimdal/lib/krb5/codec.c | 39 +-
source4/heimdal/lib/krb5/config_file.c | 53 +-
source4/heimdal/lib/krb5/config_file_netinfo.c | 180 ---
source4/heimdal/lib/krb5/constants.c | 9 +-
source4/heimdal/lib/krb5/context.c | 135 ++-
source4/heimdal/lib/krb5/convert_creds.c | 6 +-
source4/heimdal/lib/krb5/copy_host_realm.c | 2 -
source4/heimdal/lib/krb5/crc.c | 2 -
source4/heimdal/lib/krb5/creds.c | 21 +-
source4/heimdal/lib/krb5/crypto.c | 492 +++++----
source4/heimdal/lib/krb5/data.c | 21 +-
source4/heimdal/lib/krb5/eai_to_heim_errno.c | 2 -
source4/heimdal/lib/krb5/error_string.c | 84 +--
source4/heimdal/lib/krb5/expand_hostname.c | 37 +-
source4/heimdal/lib/krb5/fcache.c | 52 +-
source4/heimdal/lib/krb5/free.c | 2 -
source4/heimdal/lib/krb5/free_host_realm.c | 11 +-
source4/heimdal/lib/krb5/generate_seq_number.c | 2 -
source4/heimdal/lib/krb5/generate_subkey.c | 2 -
source4/heimdal/lib/krb5/get_addrs.c | 11 +-
source4/heimdal/lib/krb5/get_cred.c | 25 +-
source4/heimdal/lib/krb5/get_default_principal.c | 2 -
source4/heimdal/lib/krb5/get_default_realm.c | 2 -
source4/heimdal/lib/krb5/get_for_creds.c | 2 -
source4/heimdal/lib/krb5/get_host_realm.c | 16 +-
source4/heimdal/lib/krb5/get_in_tkt.c | 539 +---------
source4/heimdal/lib/krb5/get_in_tkt_with_keytab.c | 99 --
source4/heimdal/lib/krb5/get_port.c | 2 -
source4/heimdal/lib/krb5/heim_err.et | 2 +
source4/heimdal/lib/krb5/init_creds.c | 166 ++--
source4/heimdal/lib/krb5/init_creds_pw.c | 1184 +++++++++++++-------
source4/heimdal/lib/krb5/kcm.c | 121 ++-
source4/heimdal/lib/krb5/keyblock.c | 79 ++-
source4/heimdal/lib/krb5/keytab.c | 439 ++++++--
source4/heimdal/lib/krb5/keytab_any.c | 3 +-
source4/heimdal/lib/krb5/keytab_file.c | 40 +-
source4/heimdal/lib/krb5/keytab_keyfile.c | 5 +-
source4/heimdal/lib/krb5/keytab_memory.c | 3 +-
source4/heimdal/lib/krb5/krb5.h | 75 +-
source4/heimdal/lib/krb5/krb5_ccapi.h | 11 +-
source4/heimdal/lib/krb5/krb5_err.et | 8 +-
source4/heimdal/lib/krb5/krb5_locl.h | 9 +-
source4/heimdal/lib/krb5/krbhst.c | 22 +-
source4/heimdal/lib/krb5/locate_plugin.h | 4 +-
source4/heimdal/lib/krb5/log.c | 2 -
source4/heimdal/lib/krb5/mcache.c | 2 -
source4/heimdal/lib/krb5/misc.c | 2 -
source4/heimdal/lib/krb5/mit_glue.c | 20 +-
source4/heimdal/lib/krb5/mk_error.c | 2 -
source4/heimdal/lib/krb5/mk_priv.c | 3 -
source4/heimdal/lib/krb5/mk_rep.c | 2 -
source4/heimdal/lib/krb5/mk_req.c | 2 -
source4/heimdal/lib/krb5/mk_req_ext.c | 2 -
source4/heimdal/lib/krb5/n-fold.c | 20 +-
source4/heimdal/lib/krb5/pac.c | 3 +-
source4/heimdal/lib/krb5/padata.c | 2 -
source4/heimdal/lib/krb5/pkinit.c | 814 ++++++++++----
source4/heimdal/lib/krb5/plugin.c | 44 +-
source4/heimdal/lib/krb5/principal.c | 123 +--
source4/heimdal/lib/krb5/prog_setup.c | 2 -
source4/heimdal/lib/krb5/prompter_posix.c | 2 -
source4/heimdal/lib/krb5/rd_cred.c | 17 +-
source4/heimdal/lib/krb5/rd_error.c | 2 -
source4/heimdal/lib/krb5/rd_priv.c | 2 -
source4/heimdal/lib/krb5/rd_rep.c | 13 +-
source4/heimdal/lib/krb5/rd_req.c | 301 ++++-
source4/heimdal/lib/krb5/replay.c | 2 -
source4/heimdal/lib/krb5/send_to_kdc.c | 6 +-
source4/heimdal/lib/krb5/set_default_realm.c | 2 -
source4/heimdal/lib/krb5/store-int.h | 1 +
source4/heimdal/lib/krb5/store.c | 281 +++++-
source4/heimdal/lib/krb5/store_emem.c | 48 +-
source4/heimdal/lib/krb5/store_fd.c | 24 +-
source4/heimdal/lib/krb5/store_mem.c | 61 +-
source4/heimdal/lib/krb5/ticket.c | 484 ++++++++-
source4/heimdal/lib/krb5/time.c | 2 -
source4/heimdal/lib/krb5/transited.c | 2 -
source4/heimdal/lib/krb5/v4_glue.c | 7 +-
source4/heimdal/lib/krb5/version.c | 2 -
source4/heimdal/lib/krb5/warn.c | 137 +++-
source4/heimdal/lib/ntlm/ntlm.c | 26 +-
source4/heimdal/lib/roken/base64.c | 8 +-
source4/heimdal/lib/roken/bswap.c | 4 -
source4/heimdal/lib/roken/cloexec.c | 3 -
source4/heimdal/lib/roken/closefrom.c | 3 -
source4/heimdal/lib/roken/copyhostent.c | 3 -
source4/heimdal/lib/roken/dumpdata.c | 3 -
source4/heimdal/lib/roken/ecalloc.c | 3 -
source4/heimdal/lib/roken/emalloc.c | 3 -
source4/heimdal/lib/roken/erealloc.c | 3 -
source4/heimdal/lib/roken/estrdup.c | 3 -
source4/heimdal/lib/roken/freeaddrinfo.c | 3 -
source4/heimdal/lib/roken/freehostent.c | 3 -
source4/heimdal/lib/roken/gai_strerror.c | 3 -
source4/heimdal/lib/roken/get_window_size.c | 3 -
source4/heimdal/lib/roken/getaddrinfo.c | 3 -
source4/heimdal/lib/roken/getarg.c | 3 -
source4/heimdal/lib/roken/getdtablesize.c | 99 ++
source4/heimdal/lib/roken/getipnodebyaddr.c | 3 -
source4/heimdal/lib/roken/getipnodebyname.c | 3 -
source4/heimdal/lib/roken/getnameinfo.c | 3 -
source4/heimdal/lib/roken/getprogname.c | 3 -
source4/heimdal/lib/roken/h_errno.c | 3 -
source4/heimdal/lib/roken/hex.c | 12 +-
source4/heimdal/lib/roken/hostent_find_fqdn.c | 3 -
source4/heimdal/lib/roken/inet_aton.c | 3 -
source4/heimdal/lib/roken/inet_ntop.c | 3 -
source4/heimdal/lib/roken/inet_pton.c | 3 -
source4/heimdal/lib/roken/issuid.c | 3 -
source4/heimdal/lib/roken/net_read.c | 3 -
source4/heimdal/lib/roken/net_write.c | 3 -
source4/heimdal/lib/roken/parse_time.c | 3 -
source4/heimdal/lib/roken/parse_units.c | 3 -
source4/heimdal/lib/roken/resolve.c | 139 ++-
source4/heimdal/lib/roken/resolve.h | 135 +--
source4/heimdal/lib/roken/rkpty.c | 38 +-
source4/heimdal/lib/roken/roken-common.h | 45 +-
source4/heimdal/lib/roken/roken.h.in | 148 +++-
source4/heimdal/lib/roken/roken_gethostby.c | 3 -
source4/heimdal/lib/roken/rtbl.c | 4 +-
source4/heimdal/lib/roken/setprogname.c | 3 -
source4/heimdal/lib/roken/signal.c | 3 -
source4/heimdal/lib/roken/simple_exec.c | 24 -
source4/heimdal/lib/roken/socket.c | 13 +-
source4/heimdal/lib/roken/strcollect.c | 3 -
source4/heimdal/lib/roken/strlwr.c | 3 -
source4/heimdal/lib/roken/strpool.c | 3 -
source4/heimdal/lib/roken/strsep.c | 3 -
source4/heimdal/lib/roken/strsep_copy.c | 3 -
source4/heimdal/lib/roken/strupr.c | 3 -
source4/heimdal/lib/roken/vis.c | 3 -
source4/heimdal/lib/roken/xfree.c | 3 -
source4/heimdal/lib/vers/print_version.c | 11 +-
source4/heimdal/lib/wind/normalize.c | 4 +-
source4/heimdal/lib/wind/stringprep.c | 2 +-
source4/heimdal/lib/wind/utf8.c | 2 -
source4/heimdal/lib/wind/wind_err.et | 4 +-
source4/heimdal_build/asn1_deps.pl | 5 +-
source4/heimdal_build/internal.mk | 15 +-
source4/kdc/hdb-samba4.c | 111 +-
source4/kdc/kdc.c | 6 +-
source4/libcli/resolve/dns_ex.c | 32 +-
331 files changed, 10339 insertions(+), 7966 deletions(-)
rename source4/heimdal/{lib/krb5 => include}/heim_threads.h (100%)
delete mode 100644 source4/heimdal/kdc/524.c
delete mode 100644 source4/heimdal/kdc/kerberos4.c
delete mode 100644 source4/heimdal/lib/asn1/CMS.asn1
create mode 100644 source4/heimdal/lib/asn1/cms.asn1
create mode 100644 source4/heimdal/lib/asn1/cms.opt
delete mode 100644 source4/heimdal/lib/asn1/k5.asn1
create mode 100644 source4/heimdal/lib/asn1/krb5.asn1
create mode 100644 source4/heimdal/lib/asn1/krb5.opt
delete mode 100644 source4/heimdal/lib/asn1/parse.y
create mode 100644 source4/heimdal/lib/gssapi/krb5/aeap.c
create mode 100644 source4/heimdal/lib/gssapi/mech/gss_aeap.c
delete mode 100644 source4/heimdal/lib/krb5/config_file_netinfo.c
delete mode 100644 source4/heimdal/lib/krb5/get_in_tkt_with_keytab.c
create mode 100644 source4/heimdal/lib/roken/getdtablesize.c
Changeset truncated at 500 lines:
diff --git a/lib/replace/system/kerberos.h b/lib/replace/system/kerberos.h
index 2981024..a1685ad 100644
--- a/lib/replace/system/kerberos.h
+++ b/lib/replace/system/kerberos.h
@@ -59,7 +59,9 @@
/* Define to 1 if you have the `krb5_free_data_contents' function. */
#define HAVE_KRB5_FREE_DATA_CONTENTS 1
/* Define to 1 if you have the `krb5_free_error_string' function. */
-#define HAVE_KRB5_FREE_ERROR_STRING 1
+/* #undef HAVE_KRB5_FREE_ERROR_STRING */
+/* Define to 1 if you have the `krb5_free_error_message' function. */
+#define HAVE_KRB5_FREE_ERROR_MESSAGE 1
/* Define to 1 if you have the `krb5_free_keytab_entry_contents' function. */
/* #undef HAVE_KRB5_FREE_KEYTAB_ENTRY_CONTENTS */
/* Define to 1 if you have the `krb5_free_ktypes' function. */
@@ -70,6 +72,8 @@
#define HAVE_KRB5_GET_DEFAULT_IN_TKT_ETYPES 1
/* Define to 1 if you have the `krb5_get_error_string' function. */
#define HAVE_KRB5_GET_ERROR_STRING 1
+/* Define to 1 if you have the `krb5_get_error_message' function. */
+#define HAVE_KRB5_GET_ERROR_MESSAGE 1
/* Define to 1 if you have the `krb5_get_permitted_enctypes' function. */
/* #undef HAVE_KRB5_GET_PERMITTED_ENCTYPES */
/* Define to 1 if you have the `krb5_get_pw_salt' function. */
diff --git a/source4/auth/credentials/credentials_krb5.c b/source4/auth/credentials/credentials_krb5.c
index bc3d05f..efcca3e 100644
--- a/source4/auth/credentials/credentials_krb5.c
+++ b/source4/auth/credentials/credentials_krb5.c
@@ -71,7 +71,6 @@ static int cli_credentials_set_from_ccache(struct cli_credentials *cred,
krb5_principal princ;
krb5_error_code ret;
char *name;
- char **realm;
if (cred->ccache_obtained > obtained) {
return 0;
@@ -98,8 +97,6 @@ static int cli_credentials_set_from_ccache(struct cli_credentials *cred,
return ret;
}
- realm = krb5_princ_realm(ccache->smb_krb5_context->krb5_context, princ);
-
cli_credentials_set_principal(cred, name, obtained);
free(name);
diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c
index aae04df..7129db7 100644
--- a/source4/auth/gensec/gensec_gssapi.c
+++ b/source4/auth/gensec/gensec_gssapi.c
@@ -170,6 +170,9 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security)
gensec_gssapi_state->input_chan_bindings = GSS_C_NO_CHANNEL_BINDINGS;
gensec_gssapi_state->want_flags = 0;
+ if (gensec_setting_bool(gensec_security->settings, "gensec_gssapi", "delegation_by_kdc_policy", true)) {
+ gensec_gssapi_state->want_flags |= GSS_C_DELEG_POLICY_FLAG;
+ }
if (gensec_setting_bool(gensec_security->settings, "gensec_gssapi", "mutual", true)) {
gensec_gssapi_state->want_flags |= GSS_C_MUTUAL_FLAG;
}
diff --git a/source4/auth/kerberos/clikrb5.c b/source4/auth/kerberos/clikrb5.c
index 68e7eb9..3314cbc 100644
--- a/source4/auth/kerberos/clikrb5.c
+++ b/source4/auth/kerberos/clikrb5.c
@@ -94,11 +94,11 @@
{
char *ret;
-#if defined(HAVE_KRB5_GET_ERROR_STRING) && defined(HAVE_KRB5_FREE_ERROR_STRING)
- char *context_error = krb5_get_error_string(context);
+#if defined(HAVE_KRB5_GET_ERROR_MESSAGE) && defined(HAVE_KRB5_FREE_ERROR_MESSAGE)
+ const char *context_error = krb5_get_error_message(context, code);
if (context_error) {
ret = talloc_asprintf(mem_ctx, "%s: %s", error_message(code), context_error);
- krb5_free_error_string(context, context_error);
+ krb5_free_error_message(context, context_error);
return ret;
}
#endif
diff --git a/source4/auth/kerberos/config.m4 b/source4/auth/kerberos/config.m4
index bf14ca0..a8d55a1 100644
--- a/source4/auth/kerberos/config.m4
+++ b/source4/auth/kerberos/config.m4
@@ -258,6 +258,8 @@ if test x"$with_krb5_support" != x"no"; then
AC_CHECK_FUNC_EXT(krb5_enctypes_compatible_keys, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(krb5_get_error_string, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(krb5_free_error_string, $KRB5_LIBS)
+ AC_CHECK_FUNC_EXT(krb5_get_error_message, $KRB5_LIBS)
+ AC_CHECK_FUNC_EXT(krb5_free_error_message, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(krb5_initlog, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(krb5_addlog_func, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(krb5_set_warn_dest, $KRB5_LIBS)
diff --git a/source4/auth/kerberos/kerberos.c b/source4/auth/kerberos/kerberos.c
index 1889dca..a0b21c8 100644
--- a/source4/auth/kerberos/kerberos.c
+++ b/source4/auth/kerberos/kerberos.c
@@ -40,23 +40,27 @@
{
krb5_error_code code = 0;
krb5_creds my_creds;
- krb5_get_init_creds_opt options;
+ krb5_get_init_creds_opt *options;
- krb5_get_init_creds_opt_init(&options);
+ if ((code = krb5_get_init_creds_opt_alloc(ctx, &options))) {
+ return code;
+ }
- krb5_get_init_creds_opt_set_default_flags(ctx, NULL, NULL, &options);
+ krb5_get_init_creds_opt_set_default_flags(ctx, NULL, NULL, options);
if ((code = krb5_get_init_creds_keyblock(ctx, &my_creds, principal, keyblock,
- 0, NULL, &options))) {
+ 0, NULL, options))) {
return code;
}
if ((code = krb5_cc_initialize(ctx, cc, principal))) {
+ krb5_get_init_creds_opt_free(ctx, options);
krb5_free_cred_contents(ctx, &my_creds);
return code;
}
if ((code = krb5_cc_store_cred(ctx, cc, &my_creds))) {
+ krb5_get_init_creds_opt_free(ctx, options);
krb5_free_cred_contents(ctx, &my_creds);
return code;
}
@@ -69,6 +73,7 @@
*kdc_time = (time_t) my_creds.times.starttime;
}
+ krb5_get_init_creds_opt_free(ctx, options);
krb5_free_cred_contents(ctx, &my_creds);
return 0;
@@ -84,24 +89,28 @@
{
krb5_error_code code = 0;
krb5_creds my_creds;
- krb5_get_init_creds_opt options;
+ krb5_get_init_creds_opt *options;
- krb5_get_init_creds_opt_init(&options);
+ if ((code = krb5_get_init_creds_opt_alloc(ctx, &options))) {
+ return code;
+ }
- krb5_get_init_creds_opt_set_default_flags(ctx, NULL, NULL, &options);
+ krb5_get_init_creds_opt_set_default_flags(ctx, NULL, NULL, options);
if ((code = krb5_get_init_creds_password(ctx, &my_creds, principal, password,
NULL,
- NULL, 0, NULL, &options))) {
+ NULL, 0, NULL, options))) {
return code;
}
if ((code = krb5_cc_initialize(ctx, cc, principal))) {
+ krb5_get_init_creds_opt_free(ctx, options);
krb5_free_cred_contents(ctx, &my_creds);
return code;
}
if ((code = krb5_cc_store_cred(ctx, cc, &my_creds))) {
+ krb5_get_init_creds_opt_free(ctx, options);
krb5_free_cred_contents(ctx, &my_creds);
return code;
}
@@ -114,6 +123,7 @@
*kdc_time = (time_t) my_creds.times.starttime;
}
+ krb5_get_init_creds_opt_free(ctx, options);
krb5_free_cred_contents(ctx, &my_creds);
return 0;
diff --git a/source4/auth/kerberos/kerberos_pac.c b/source4/auth/kerberos/kerberos_pac.c
index 7a36c9d..7a6d008 100644
--- a/source4/auth/kerberos/kerberos_pac.c
+++ b/source4/auth/kerberos/kerberos_pac.c
@@ -96,7 +96,7 @@ krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx,
krb5_principal client_principal_pac;
int i;
- krb5_clear_error_string(context);
+ krb5_clear_error_message(context);
if (k5ret) {
*k5ret = KRB5_PARSE_MALFORMED;
diff --git a/source4/dsdb/samdb/cracknames.c b/source4/dsdb/samdb/cracknames.c
index 9bcb007..d31311b 100644
--- a/source4/dsdb/samdb/cracknames.c
+++ b/source4/dsdb/samdb/cracknames.c
@@ -55,18 +55,18 @@ static WERROR dns_domain_from_principal(TALLOC_CTX *mem_ctx, struct smb_krb5_con
krb5_error_code ret;
krb5_principal principal;
/* perhaps it's a principal with a realm, so return the right 'domain only' response */
- char **realm;
+ char *realm;
ret = krb5_parse_name_flags(smb_krb5_context->krb5_context, name,
- KRB5_PRINCIPAL_PARSE_MUST_REALM, &principal);
+ KRB5_PRINCIPAL_PARSE_REQUIRE_REALM, &principal);
if (ret) {
info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
return WERR_OK;
}
/* This isn't an allocation assignemnt, so it is free'ed with the krb5_free_principal */
- realm = krb5_princ_realm(smb_krb5_context->krb5_context, principal);
+ realm = krb5_principal_get_realm(smb_krb5_context->krb5_context, principal);
- info1->dns_domain_name = talloc_strdup(mem_ctx, *realm);
+ info1->dns_domain_name = talloc_strdup(mem_ctx, realm);
krb5_free_principal(smb_krb5_context->krb5_context, principal);
W_ERROR_HAVE_NO_MEMORY(info1->dns_domain_name);
@@ -271,7 +271,7 @@ static WERROR DsCrackNameUPN(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx,
const char *result_filter = NULL;
krb5_error_code ret;
krb5_principal principal;
- char **realm;
+ char *realm;
char *unparsed_name_short;
const char *domain_attrs[] = { NULL };
struct ldb_result *domain_res = NULL;
@@ -283,21 +283,21 @@ static WERROR DsCrackNameUPN(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx,
}
ret = krb5_parse_name_flags(smb_krb5_context->krb5_context, name,
- KRB5_PRINCIPAL_PARSE_MUST_REALM, &principal);
+ KRB5_PRINCIPAL_PARSE_REQUIRE_REALM, &principal);
if (ret) {
info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
return WERR_OK;
}
- realm = krb5_princ_realm(smb_krb5_context->krb5_context, principal);
+ realm = krb5_principal_get_realm(smb_krb5_context->krb5_context, principal);
ldb_ret = ldb_search(sam_ctx, mem_ctx, &domain_res,
samdb_partitions_dn(sam_ctx, mem_ctx),
LDB_SCOPE_ONELEVEL,
domain_attrs,
"(&(&(|(&(dnsRoot=%s)(nETBIOSName=*))(nETBIOSName=%s))(objectclass=crossRef))(ncName=*))",
- ldb_binary_encode_string(mem_ctx, *realm),
- ldb_binary_encode_string(mem_ctx, *realm));
+ ldb_binary_encode_string(mem_ctx, realm),
+ ldb_binary_encode_string(mem_ctx, realm));
if (ldb_ret != LDB_SUCCESS) {
DEBUG(2, ("DsCrackNameUPN domain ref search failed: %s", ldb_errstring(sam_ctx)));
diff --git a/source4/heimdal/README b/source4/heimdal/README
index 3b93824..f130698 100644
--- a/source4/heimdal/README
+++ b/source4/heimdal/README
@@ -1,4 +1,3 @@
-$Id$
Heimdal is a Kerberos 5 implementation.
diff --git a/source4/heimdal/cf/make-proto.pl b/source4/heimdal/cf/make-proto.pl
index b89ef79..04733e1 100644
--- a/source4/heimdal/cf/make-proto.pl
+++ b/source4/heimdal/cf/make-proto.pl
@@ -100,13 +100,16 @@ while(<>) {
s/^\s*//;
s/\s*$//;
s/\s+/ /g;
- if($_ =~ /\)$/){
+ if($_ =~ /\)$/ or $_ =~ /DEPRECATED$/){
if(!/^static/ && !/^PRIVATE/){
- if(/(.*)(__attribute__\s?\(.*\))/) {
- $attr = $2;
+ $attr = "";
+ if(m/(.*)(__attribute__\s?\(.*\))/) {
+ $attr .= " $2";
+ $_ = $1;
+ }
+ if(m/(.*)\s(\w+DEPRECATED)/) {
+ $attr .= " $2";
$_ = $1;
- } else {
- $attr = "";
}
# remove outer ()
s/\s*\(/</;
@@ -308,7 +311,7 @@ extern \"C\" {
if ($opt_E) {
$public_h_header .= "#ifndef $opt_E
#if defined(_WIN32)
-#define ${opt_E}_FUNCTION _stdcall __declspec(dllimport)
+#define ${opt_E}_FUNCTION __stdcall __declspec(dllimport)
#define ${opt_E}_VARIABLE __declspec(dllimport)
#else
#define ${opt_E}_FUNCTION
@@ -320,7 +323,7 @@ if ($opt_E) {
$private_h_header .= "#ifndef $opt_E
#if defined(_WIN32)
-#define ${opt_E}_FUNCTION _stdcall __declspec(dllimport)
+#define ${opt_E}_FUNCTION __stdcall __declspec(dllimport)
#define ${opt_E}_VARIABLE __declspec(dllimport)
#else
#define ${opt_E}_FUNCTION
diff --git a/source4/heimdal/cf/resolv.m4 b/source4/heimdal/cf/resolv.m4
index b404509..49c868a 100644
--- a/source4/heimdal/cf/resolv.m4
+++ b/source4/heimdal/cf/resolv.m4
@@ -5,7 +5,7 @@ dnl
AC_DEFUN([rk_RESOLV],[
-AC_CHECK_HEADERS([arpa/nameser.h])
+AC_CHECK_HEADERS([arpa/nameser.h dns.h])
AC_CHECK_HEADERS(resolv.h, , , [AC_INCLUDES_DEFAULT
#ifdef HAVE_SYS_TYPES_H
@@ -73,6 +73,15 @@ AC_FIND_FUNC(res_ndestroy, resolv,
],
[0])
+AC_FIND_FUNC_NO_LIBS(dns_search,,
+[
+#ifdef HAVE_DNS_H
+#include <dns.h>
+#endif
+],
+[0,0,0,0,0,0,0,0])
+
+
AC_FIND_FUNC(dn_expand, resolv,
[
#include <stdio.h>
diff --git a/source4/heimdal/lib/krb5/heim_threads.h b/source4/heimdal/include/heim_threads.h
similarity index 100%
rename from source4/heimdal/lib/krb5/heim_threads.h
rename to source4/heimdal/include/heim_threads.h
diff --git a/source4/heimdal/kdc/524.c b/source4/heimdal/kdc/524.c
deleted file mode 100644
index d153103..0000000
--- a/source4/heimdal/kdc/524.c
+++ /dev/null
@@ -1,400 +0,0 @@
-/*
- * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "kdc_locl.h"
-
-RCSID("$Id$");
-
-#include <krb5-v4compat.h>
-
-/*
- * fetch the server from `t', returning the name in malloced memory in
- * `spn' and the entry itself in `server'
- */
-
-static krb5_error_code
-fetch_server (krb5_context context,
- krb5_kdc_configuration *config,
- const Ticket *t,
- char **spn,
- hdb_entry_ex **server,
- const char *from)
-{
- krb5_error_code ret;
- krb5_principal sprinc;
-
- ret = _krb5_principalname2krb5_principal(context, &sprinc,
- t->sname, t->realm);
- if (ret) {
- kdc_log(context, config, 0, "_krb5_principalname2krb5_principal: %s",
- krb5_get_err_text(context, ret));
- return ret;
- }
- ret = krb5_unparse_name(context, sprinc, spn);
- if (ret) {
- krb5_free_principal(context, sprinc);
- kdc_log(context, config, 0, "krb5_unparse_name: %s",
- krb5_get_err_text(context, ret));
- return ret;
- }
- ret = _kdc_db_fetch(context, config, sprinc, HDB_F_GET_SERVER,
- NULL, server);
- krb5_free_principal(context, sprinc);
- if (ret) {
- kdc_log(context, config, 0,
- "Request to convert ticket from %s for unknown principal %s: %s",
- from, *spn, krb5_get_err_text(context, ret));
- if (ret == HDB_ERR_NOENTRY)
- ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
- return ret;
- }
- return 0;
-}
-
-static krb5_error_code
-log_524 (krb5_context context,
- krb5_kdc_configuration *config,
- const EncTicketPart *et,
- const char *from,
- const char *spn)
-{
- krb5_principal client;
- char *cpn;
- krb5_error_code ret;
-
- ret = _krb5_principalname2krb5_principal(context, &client,
- et->cname, et->crealm);
- if (ret) {
- kdc_log(context, config, 0, "_krb5_principalname2krb5_principal: %s",
- krb5_get_err_text (context, ret));
- return ret;
- }
- ret = krb5_unparse_name(context, client, &cpn);
- if (ret) {
- krb5_free_principal(context, client);
- kdc_log(context, config, 0, "krb5_unparse_name: %s",
- krb5_get_err_text (context, ret));
- return ret;
- }
- kdc_log(context, config, 1, "524-REQ %s from %s for %s", cpn, from, spn);
- free(cpn);
- krb5_free_principal(context, client);
- return 0;
-}
-
-static krb5_error_code
-verify_flags (krb5_context context,
- krb5_kdc_configuration *config,
- const EncTicketPart *et,
- const char *spn)
-{
- if(et->endtime < kdc_time){
- kdc_log(context, config, 0, "Ticket expired (%s)", spn);
- return KRB5KRB_AP_ERR_TKT_EXPIRED;
- }
- if(et->flags.invalid){
- kdc_log(context, config, 0, "Ticket not valid (%s)", spn);
- return KRB5KRB_AP_ERR_TKT_NYV;
- }
- return 0;
-}
-
-/*
- * set the `et->caddr' to the most appropriate address to use, where
- * `addr' is the address the request was received from.
- */
-
-static krb5_error_code
-set_address (krb5_context context,
- krb5_kdc_configuration *config,
- EncTicketPart *et,
- struct sockaddr *addr,
- const char *from)
-{
- krb5_error_code ret;
- krb5_address *v4_addr;
-
- v4_addr = malloc (sizeof(*v4_addr));
- if (v4_addr == NULL)
- return ENOMEM;
-
- ret = krb5_sockaddr2address(context, addr, v4_addr);
- if(ret) {
- free (v4_addr);
- kdc_log(context, config, 0, "Failed to convert address (%s)", from);
- return ret;
- }
-
--
Samba Shared Repository
More information about the samba-cvs
mailing list