[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Fri Nov 13 05:22:26 MST 2009
The branch, master has been updated
via 5b75201... util: str_list_unique() bugfix
via b7839b7... util: str_list_unique_2() test implementation
via ca12e7b... s4:heimdal Import generated files from heimdal tree
via 4f8ba5a... s4:heimdal: import lorikeet-heimdal-200911122202 (commit 9291fd2d101f3eecec550178634faa94ead3e9a1)
via 5bc87c1... s4:heimdal: import lorikeet-heimdal-200909210500 (commit 290db8d23647a27c39b97c189a0b2ef6ec21ca69)
from 1220534... Fix large paged search
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 5b75201dbb9f2e6799fd5c3eee8da6230caee96c
Author: Kamen Mazdrashki <kamen.mazdrashki at postpath.com>
Date: Fri Nov 13 03:57:48 2009 +0200
util: str_list_unique() bugfix
j is actually the index of the last element in the list
size of the list though is j+1 <- to make room for the
terminating NULL element
commit b7839b73b10746c374ca2ed96eb152fa3a03e66a
Author: Kamen Mazdrashki <kamen.mazdrashki at postpath.com>
Date: Fri Nov 13 03:56:07 2009 +0200
util: str_list_unique_2() test implementation
Difference with previous test for str_list_unique() is
that this test allows number of elements and number
of duplicates to be supplied on command line using
--option="list_unique:count=47"
--option="list_unique:dups=7"
commit ca12e7bc8ff4a91f2044c0a60550fec902e97a78
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Nov 13 13:50:25 2009 +1100
s4:heimdal Import generated files from heimdal tree
We should be able to rebuild these, but a cp is easier :-)
commit 4f8ba5ad6ac9b7153b0e13654e59f47e67b3f608
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Nov 13 10:51:14 2009 +1100
s4:heimdal: import lorikeet-heimdal-200911122202 (commit 9291fd2d101f3eecec550178634faa94ead3e9a1)
commit 5bc87c14a1f5b45ed86e7ff9663f5f0aa2f70094
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sun Sep 20 23:18:34 2009 -0700
s4:heimdal: import lorikeet-heimdal-200909210500 (commit 290db8d23647a27c39b97c189a0b2ef6ec21ca69)
-----------------------------------------------------------------------
Summary of changes:
lib/util/tests/strlist.c | 33 +
lib/util/util_strlist.c | 2 +-
source4/heimdal/README | 8 +-
source4/heimdal/cf/check-var.m4 | 3 +-
source4/heimdal/kdc/digest.c | 214 +++--
source4/heimdal/kdc/kdc_locl.h | 3 +-
source4/heimdal/kdc/kerberos5.c | 58 +-
source4/heimdal/kdc/krb5tgs.c | 191 +++--
source4/heimdal/kdc/kx509.c | 37 +-
source4/heimdal/kdc/misc.c | 5 +-
source4/heimdal/kdc/pkinit.c | 88 +-
source4/heimdal/kdc/windc.c | 2 +-
source4/heimdal/kdc/windc_plugin.h | 1 +
source4/heimdal/kuser/kinit.c | 30 +-
source4/heimdal/lib/asn1/asn1parse.c | 1021 ++++++++++++--------
source4/heimdal/lib/asn1/asn1parse.h | 44 +-
source4/heimdal/lib/asn1/asn1parse.y | 5 +
source4/heimdal/lib/asn1/der_get.c | 34 +-
source4/heimdal/lib/asn1/gen.c | 7 +
source4/heimdal/lib/asn1/gen_copy.c | 3 +
source4/heimdal/lib/asn1/gen_decode.c | 14 +-
source4/heimdal/lib/asn1/gen_encode.c | 5 +
source4/heimdal/lib/asn1/gen_free.c | 3 +
source4/heimdal/lib/asn1/gen_length.c | 3 +
source4/heimdal/lib/asn1/krb5.asn1 | 9 +-
source4/heimdal/lib/asn1/lex.c | 49 +-
source4/heimdal/lib/asn1/rfc2459.asn1 | 4 +-
source4/heimdal/lib/asn1/symbol.h | 1 +
source4/heimdal/lib/com_err/com_right.h | 1 +
source4/heimdal/lib/com_err/error.c | 16 +-
source4/heimdal/lib/com_err/lex.c | 49 +-
source4/heimdal/lib/com_err/parse.c | 323 ++++---
source4/heimdal/lib/com_err/parse.h | 44 +-
source4/heimdal/lib/gssapi/gssapi_mech.h | 5 +
source4/heimdal/lib/gssapi/krb5/8003.c | 40 +-
source4/heimdal/lib/gssapi/krb5/aeap.c | 6 +-
source4/heimdal/lib/gssapi/krb5/arcfour.c | 70 +-
source4/heimdal/lib/gssapi/krb5/cfx.c | 380 ++++++--
source4/heimdal/lib/gssapi/krb5/creds.c | 1 +
source4/heimdal/lib/gssapi/krb5/decapsulate.c | 8 +-
source4/heimdal/lib/gssapi/krb5/external.c | 1 +
source4/heimdal/lib/gssapi/krb5/get_mic.c | 27 +-
source4/heimdal/lib/gssapi/krb5/gsskrb5_locl.h | 5 -
source4/heimdal/lib/gssapi/krb5/init_sec_context.c | 33 +-
source4/heimdal/lib/gssapi/krb5/prf.c | 1 +
source4/heimdal/lib/gssapi/krb5/unwrap.c | 61 +-
source4/heimdal/lib/gssapi/krb5/verify_mic.c | 39 +-
source4/heimdal/lib/gssapi/krb5/wrap.c | 45 +-
source4/heimdal/lib/gssapi/mech/context.c | 2 -
.../lib/gssapi/mech/gss_accept_sec_context.c | 16 +-
source4/heimdal/lib/gssapi/mech/gss_acquire_cred.c | 1 -
source4/heimdal/lib/gssapi/mech/gss_add_cred.c | 1 -
.../lib/gssapi/mech/gss_add_oid_set_member.c | 19 +-
source4/heimdal/lib/gssapi/mech/gss_buffer_set.c | 1 -
.../lib/gssapi/mech/gss_canonicalize_name.c | 1 -
source4/heimdal/lib/gssapi/mech/gss_compare_name.c | 1 -
source4/heimdal/lib/gssapi/mech/gss_context_time.c | 1 -
.../lib/gssapi/mech/gss_create_empty_oid_set.c | 1 -
.../lib/gssapi/mech/gss_decapsulate_token.c | 1 -
.../lib/gssapi/mech/gss_delete_sec_context.c | 1 -
source4/heimdal/lib/gssapi/mech/gss_display_name.c | 1 -
.../heimdal/lib/gssapi/mech/gss_display_status.c | 1 -
.../heimdal/lib/gssapi/mech/gss_duplicate_name.c | 1 -
.../heimdal/lib/gssapi/mech/gss_duplicate_oid.c | 1 -
.../lib/gssapi/mech/gss_encapsulate_token.c | 1 -
source4/heimdal/lib/gssapi/mech/gss_export_name.c | 1 -
.../lib/gssapi/mech/gss_export_sec_context.c | 1 -
source4/heimdal/lib/gssapi/mech/gss_get_mic.c | 1 -
source4/heimdal/lib/gssapi/mech/gss_import_name.c | 1 -
.../lib/gssapi/mech/gss_import_sec_context.c | 1 -
.../heimdal/lib/gssapi/mech/gss_indicate_mechs.c | 1 -
.../heimdal/lib/gssapi/mech/gss_init_sec_context.c | 6 +-
.../heimdal/lib/gssapi/mech/gss_inquire_context.c | 1 -
source4/heimdal/lib/gssapi/mech/gss_inquire_cred.c | 1 -
.../lib/gssapi/mech/gss_inquire_cred_by_mech.c | 1 -
.../lib/gssapi/mech/gss_inquire_cred_by_oid.c | 1 -
.../lib/gssapi/mech/gss_inquire_mechs_for_name.c | 1 -
.../lib/gssapi/mech/gss_inquire_names_for_mech.c | 1 -
.../gssapi/mech/gss_inquire_sec_context_by_oid.c | 1 -
source4/heimdal/lib/gssapi/mech/gss_krb5.c | 1 -
source4/heimdal/lib/gssapi/mech/gss_mech_switch.c | 2 +-
source4/heimdal/lib/gssapi/mech/gss_names.c | 1 -
source4/heimdal/lib/gssapi/mech/gss_oid_equal.c | 1 -
source4/heimdal/lib/gssapi/mech/gss_oid_to_str.c | 1 -
.../lib/gssapi/mech/gss_process_context_token.c | 1 -
.../heimdal/lib/gssapi/mech/gss_pseudo_random.c | 1 -
.../heimdal/lib/gssapi/mech/gss_release_buffer.c | 1 -
source4/heimdal/lib/gssapi/mech/gss_release_cred.c | 23 +-
source4/heimdal/lib/gssapi/mech/gss_release_name.c | 1 -
source4/heimdal/lib/gssapi/mech/gss_release_oid.c | 1 -
.../heimdal/lib/gssapi/mech/gss_release_oid_set.c | 1 -
source4/heimdal/lib/gssapi/mech/gss_seal.c | 1 -
.../heimdal/lib/gssapi/mech/gss_set_cred_option.c | 1 -
.../lib/gssapi/mech/gss_set_sec_context_option.c | 1 -
source4/heimdal/lib/gssapi/mech/gss_sign.c | 1 -
.../lib/gssapi/mech/gss_test_oid_set_member.c | 1 -
source4/heimdal/lib/gssapi/mech/gss_unseal.c | 1 -
source4/heimdal/lib/gssapi/mech/gss_unwrap.c | 1 -
source4/heimdal/lib/gssapi/mech/gss_utils.c | 1 -
source4/heimdal/lib/gssapi/mech/gss_verify.c | 1 -
source4/heimdal/lib/gssapi/mech/gss_verify_mic.c | 1 -
source4/heimdal/lib/gssapi/mech/gss_wrap.c | 1 -
.../heimdal/lib/gssapi/mech/gss_wrap_size_limit.c | 1 -
.../heimdal/lib/gssapi/spnego/accept_sec_context.c | 42 +-
source4/heimdal/lib/gssapi/spnego/compat.c | 7 +-
source4/heimdal/lib/gssapi/spnego/context_stubs.c | 104 +--
source4/heimdal/lib/gssapi/spnego/cred_stubs.c | 139 +---
source4/heimdal/lib/gssapi/spnego/external.c | 9 +-
.../heimdal/lib/gssapi/spnego/init_sec_context.c | 16 +-
source4/heimdal/lib/gssapi/spnego/spnego_locl.h | 4 -
source4/heimdal/lib/hcrypto/des.c | 1 +
source4/heimdal/lib/hcrypto/evp-aes-cts.c | 273 ------
source4/heimdal/lib/hcrypto/evp-cc.c | 635 ++++++++++++
source4/heimdal/lib/hcrypto/evp-cc.h | 91 ++
source4/heimdal/lib/hcrypto/evp-hcrypto.c | 568 +++++++++++-
source4/heimdal/lib/hcrypto/evp-hcrypto.h | 92 ++
source4/heimdal/lib/hcrypto/evp.c | 439 ++-------
source4/heimdal/lib/hcrypto/evp.h | 35 +-
source4/heimdal/lib/hcrypto/hmac.c | 3 +-
source4/heimdal/lib/hcrypto/imath/imath.c | 447 +++++-----
source4/heimdal/lib/hcrypto/imath/imath.h | 12 +-
source4/heimdal/lib/hcrypto/rand-unix.c | 4 +-
source4/heimdal/lib/hcrypto/rc4.c | 2 +-
source4/heimdal/lib/hcrypto/rc4.h | 2 +-
source4/heimdal/lib/hcrypto/rsa-imath.c | 63 +-
source4/heimdal/lib/hcrypto/rsa.c | 37 +-
source4/heimdal/lib/hcrypto/rsa.h | 2 +
source4/heimdal/lib/hdb/dbinfo.c | 8 +-
source4/heimdal/lib/hdb/ext.c | 28 +-
source4/heimdal/lib/hdb/hdb.c | 2 +-
source4/heimdal/lib/hdb/hdb.h | 3 +
source4/heimdal/lib/hdb/keytab.c | 27 +-
source4/heimdal/lib/hx509/ca.c | 16 +-
source4/heimdal/lib/hx509/cert.c | 103 ++-
source4/heimdal/lib/hx509/crypto.c | 277 ++----
source4/heimdal/lib/hx509/error.c | 9 +-
source4/heimdal/lib/hx509/file.c | 14 +-
source4/heimdal/lib/hx509/keyset.c | 2 +-
source4/heimdal/lib/hx509/ks_dir.c | 2 -
source4/heimdal/lib/hx509/ks_file.c | 80 +-
source4/heimdal/lib/hx509/lock.c | 10 +-
source4/heimdal/lib/hx509/name.c | 43 +-
source4/heimdal/lib/hx509/print.c | 2 +-
source4/heimdal/lib/hx509/revoke.c | 10 +-
source4/heimdal/lib/hx509/sel-gram.c | 389 +++++----
source4/heimdal/lib/hx509/sel-gram.h | 44 +-
source4/heimdal/lib/hx509/sel-lex.c | 49 +-
source4/heimdal/lib/hx509/sel.c | 1 -
source4/heimdal/lib/krb5/auth_context.c | 11 +-
source4/heimdal/lib/krb5/build_auth.c | 80 +-
source4/heimdal/lib/krb5/cache.c | 44 +-
source4/heimdal/lib/krb5/config_file.c | 357 ++++++-
source4/heimdal/lib/krb5/context.c | 116 ++--
source4/heimdal/lib/krb5/creds.c | 12 +
source4/heimdal/lib/krb5/crypto.c | 424 ++++++---
source4/heimdal/lib/krb5/error_string.c | 102 ++-
source4/heimdal/lib/krb5/fcache.c | 33 +-
source4/heimdal/lib/krb5/generate_seq_number.c | 24 +-
source4/heimdal/lib/krb5/generate_subkey.c | 19 +-
source4/heimdal/lib/krb5/get_cred.c | 154 ++--
source4/heimdal/lib/krb5/get_for_creds.c | 13 +-
source4/heimdal/lib/krb5/init_creds_pw.c | 64 ++-
source4/heimdal/lib/krb5/keyblock.c | 6 +-
source4/heimdal/lib/krb5/krb5_locl.h | 10 +-
source4/heimdal/lib/krb5/krbhst.c | 104 ++-
source4/heimdal/lib/krb5/log.c | 16 +
source4/heimdal/lib/krb5/mk_error.c | 5 +-
source4/heimdal/lib/krb5/mk_req_ext.c | 3 +-
source4/heimdal/lib/krb5/pkinit.c | 338 ++++---
source4/heimdal/lib/krb5/principal.c | 245 ++++-
source4/heimdal/lib/krb5/replay.c | 43 +-
source4/heimdal/lib/krb5/send_to_kdc.c | 7 +
source4/heimdal/lib/krb5/store.c | 265 +++++-
source4/heimdal/lib/krb5/store_mem.c | 6 +-
source4/heimdal/lib/krb5/ticket.c | 77 ++-
source4/heimdal/lib/krb5/warn.c | 10 +-
source4/heimdal/lib/ntlm/ntlm.c | 104 ++-
source4/heimdal/lib/roken/base64.c | 1 +
source4/heimdal/lib/roken/ct.c | 64 ++
source4/heimdal/lib/roken/resolve.c | 2 -
source4/heimdal/lib/roken/rkpty.c | 6 +-
source4/heimdal/lib/roken/roken-common.h | 2 +
source4/heimdal/lib/roken/roken.h.in | 46 +-
source4/heimdal/lib/roken/vis.c | 6 +-
source4/heimdal/lib/wind/map.c | 2 -
source4/heimdal/lib/wind/normalize.c | 15 +-
source4/heimdal/lib/wind/stringprep.c | 10 +-
source4/heimdal/lib/wind/utf8.c | 2 -
source4/heimdal_build/internal.mk | 3 +-
source4/heimdal_build/roken.h | 3 +
190 files changed, 6501 insertions(+), 3648 deletions(-)
delete mode 100644 source4/heimdal/lib/hcrypto/evp-aes-cts.c
create mode 100644 source4/heimdal/lib/hcrypto/evp-cc.c
create mode 100644 source4/heimdal/lib/hcrypto/evp-cc.h
create mode 100644 source4/heimdal/lib/hcrypto/evp-hcrypto.h
create mode 100644 source4/heimdal/lib/roken/ct.c
Changeset truncated at 500 lines:
diff --git a/lib/util/tests/strlist.c b/lib/util/tests/strlist.c
index 877b671..a974f58 100644
--- a/lib/util/tests/strlist.c
+++ b/lib/util/tests/strlist.c
@@ -22,6 +22,7 @@
#include "includes.h"
#include "torture/torture.h"
+#include "param/param.h"
struct test_list_element {
const char *list_as_string;
@@ -364,6 +365,37 @@ static bool test_list_unique(struct torture_context *tctx)
return true;
}
+static bool test_list_unique_2(struct torture_context *tctx)
+{
+ int i;
+ int count, num_dups;
+ const char **result;
+ const char **list = (const char **)str_list_make_empty(tctx);
+ const char **list_dup = (const char **)str_list_make_empty(tctx);
+
+ count = lp_parm_int(tctx->lp_ctx, NULL, "list_unique", "count", 9);
+ num_dups = lp_parm_int(tctx->lp_ctx, NULL, "list_unique", "dups", 7);
+ torture_comment(tctx, "test_list_unique_2() with %d elements and %d dups\n", count, num_dups);
+
+ for (i = 0; i < count; i++) {
+ list = str_list_add_const(list, (const char *)talloc_asprintf(tctx, "element_%03d", i));
+ }
+
+ for (i = 0; i < num_dups; i++) {
+ list_dup = str_list_append(list_dup, list);
+ }
+
+ result = (const char **)str_list_copy(tctx, list_dup);
+ /* We must copy the list, as str_list_unique does a talloc_realloc() on it's parameter */
+ result = str_list_unique(result);
+ torture_assert(tctx, result, "str_list_unique() must not return NULL");
+
+ torture_assert(tctx, str_list_equal(list, result),
+ "str_list_unique() failed");
+
+ return true;
+}
+
static bool test_list_append(struct torture_context *tctx)
{
char **result;
@@ -458,6 +490,7 @@ struct torture_suite *torture_local_util_strlist(TALLOC_CTX *mem_ctx)
torture_suite_add_simple_test(suite, "list_check", test_list_check);
torture_suite_add_simple_test(suite, "list_check_ci", test_list_check_ci);
torture_suite_add_simple_test(suite, "list_unique", test_list_unique);
+ torture_suite_add_simple_test(suite, "list_unique_2", test_list_unique_2);
torture_suite_add_simple_test(suite, "list_append", test_list_append);
torture_suite_add_simple_test(suite, "list_append_const", test_list_append_const);
diff --git a/lib/util/util_strlist.c b/lib/util/util_strlist.c
index 1331fee..8d69eef 100644
--- a/lib/util/util_strlist.c
+++ b/lib/util/util_strlist.c
@@ -401,7 +401,7 @@ _PUBLIC_ const char **str_list_unique(const char **list)
}
}
list[j] = NULL;
- list = talloc_realloc(NULL, list, const char *, j);
+ list = talloc_realloc(NULL, list, const char *, j + 1);
talloc_free(list2);
return list;
}
diff --git a/source4/heimdal/README b/source4/heimdal/README
index f130698..d2c4eba 100644
--- a/source4/heimdal/README
+++ b/source4/heimdal/README
@@ -1,12 +1,12 @@
Heimdal is a Kerberos 5 implementation.
-Please see the manual in doc, by default installed in
-/usr/heimdal/info/heimdal.info for information on how to install.
-There are also briefer man pages for most of the commands.
+For information how to install see <http://www.h5l.org/compile.html>.
+
+There are briefer man pages for most of the commands.
Bug reports and bugs are appreciated, see more under Bug reports in
-the manual on how we prefer them.
+the manual on how we prefer them: <heimdal-bugs at h5l.org>.
For more information see the web-page at
<http://www.h5l.org/> or the mailing lists:
diff --git a/source4/heimdal/cf/check-var.m4 b/source4/heimdal/cf/check-var.m4
index f81f352..2fd7bca 100644
--- a/source4/heimdal/cf/check-var.m4
+++ b/source4/heimdal/cf/check-var.m4
@@ -9,7 +9,8 @@ m4_ifval([$2],[
void * foo(void) { return &$1; }]],[[foo()]])],
[ac_cv_var_$1=yes],[ac_cv_var_$1=no])])
if test "$ac_cv_var_$1" != yes ; then
-AC_LINK_IFELSE([AC_LANG_PROGRAM([[extern int $1;
+AC_LINK_IFELSE([AC_LANG_PROGRAM([[$2
+extern int $1;
int foo(void) { return $1; }]],[[foo()]])],
[ac_cv_var_$1=yes],[ac_cv_var_$1=no])
fi
diff --git a/source4/heimdal/kdc/digest.c b/source4/heimdal/kdc/digest.c
index d13507f..1a383fa 100644
--- a/source4/heimdal/kdc/digest.c
+++ b/source4/heimdal/kdc/digest.c
@@ -613,7 +613,7 @@ _kdc_do_digest(krb5_context context,
}
if (strcasecmp(ireq.u.digestRequest.type, "CHAP") == 0) {
- MD5_CTX ctx;
+ EVP_MD_CTX *ctx;
unsigned char md[MD5_DIGEST_LENGTH];
char *mdx;
char id;
@@ -642,11 +642,15 @@ _kdc_do_digest(krb5_context context,
if (ret)
goto out;
- MD5_Init(&ctx);
- MD5_Update(&ctx, &id, 1);
- MD5_Update(&ctx, password, strlen(password));
- MD5_Update(&ctx, serverNonce.data, serverNonce.length);
- MD5_Final(md, &ctx);
+ ctx = EVP_MD_CTX_create();
+
+ EVP_DigestInit_ex(ctx, EVP_md5(), NULL);
+ EVP_DigestUpdate(ctx, &id, 1);
+ EVP_DigestUpdate(ctx, password, strlen(password));
+ EVP_DigestUpdate(ctx, serverNonce.data, serverNonce.length);
+ EVP_DigestFinal_ex(ctx, md, NULL);
+
+ EVP_MD_CTX_destroy(ctx);
hex_encode(md, sizeof(md), &mdx);
if (mdx == NULL) {
@@ -669,7 +673,7 @@ _kdc_do_digest(krb5_context context,
}
} else if (strcasecmp(ireq.u.digestRequest.type, "SASL-DIGEST-MD5") == 0) {
- MD5_CTX ctx;
+ EVP_MD_CTX *ctx;
unsigned char md[MD5_DIGEST_LENGTH];
char *mdx;
char *A1, *A2;
@@ -694,49 +698,54 @@ _kdc_do_digest(krb5_context context,
if (ret)
goto failed;
- MD5_Init(&ctx);
- MD5_Update(&ctx, ireq.u.digestRequest.username,
+ ctx = EVP_MD_CTX_create();
+
+ EVP_DigestInit_ex(ctx, EVP_md5(), NULL);
+ EVP_DigestUpdate(ctx, ireq.u.digestRequest.username,
strlen(ireq.u.digestRequest.username));
- MD5_Update(&ctx, ":", 1);
- MD5_Update(&ctx, *ireq.u.digestRequest.realm,
+ EVP_DigestUpdate(ctx, ":", 1);
+ EVP_DigestUpdate(ctx, *ireq.u.digestRequest.realm,
strlen(*ireq.u.digestRequest.realm));
- MD5_Update(&ctx, ":", 1);
- MD5_Update(&ctx, password, strlen(password));
- MD5_Final(md, &ctx);
+ EVP_DigestUpdate(ctx, ":", 1);
+ EVP_DigestUpdate(ctx, password, strlen(password));
+ EVP_DigestFinal_ex(ctx, md, NULL);
- MD5_Init(&ctx);
- MD5_Update(&ctx, md, sizeof(md));
- MD5_Update(&ctx, ":", 1);
- MD5_Update(&ctx, ireq.u.digestRequest.serverNonce,
+ EVP_DigestInit_ex(ctx, EVP_md5(), NULL);
+ EVP_DigestUpdate(ctx, md, sizeof(md));
+ EVP_DigestUpdate(ctx, ":", 1);
+ EVP_DigestUpdate(ctx, ireq.u.digestRequest.serverNonce,
strlen(ireq.u.digestRequest.serverNonce));
- MD5_Update(&ctx, ":", 1);
- MD5_Update(&ctx, *ireq.u.digestRequest.nonceCount,
+ EVP_DigestUpdate(ctx, ":", 1);
+ EVP_DigestUpdate(ctx, *ireq.u.digestRequest.nonceCount,
strlen(*ireq.u.digestRequest.nonceCount));
if (ireq.u.digestRequest.authid) {
- MD5_Update(&ctx, ":", 1);
- MD5_Update(&ctx, *ireq.u.digestRequest.authid,
+ EVP_DigestUpdate(ctx, ":", 1);
+ EVP_DigestUpdate(ctx, *ireq.u.digestRequest.authid,
strlen(*ireq.u.digestRequest.authid));
}
- MD5_Final(md, &ctx);
+ EVP_DigestFinal_ex(ctx, md, NULL);
hex_encode(md, sizeof(md), &A1);
if (A1 == NULL) {
ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
+ EVP_MD_CTX_destroy(ctx);
goto failed;
}
- MD5_Init(&ctx);
- MD5_Update(&ctx, "AUTHENTICATE:", sizeof("AUTHENTICATE:") - 1);
- MD5_Update(&ctx, *ireq.u.digestRequest.uri,
+ EVP_DigestInit_ex(ctx, EVP_md5(), NULL);
+ EVP_DigestUpdate(ctx,
+ "AUTHENTICATE:", sizeof("AUTHENTICATE:") - 1);
+ EVP_DigestUpdate(ctx, *ireq.u.digestRequest.uri,
strlen(*ireq.u.digestRequest.uri));
/* conf|int */
if (strcmp(ireq.u.digestRequest.digest, "clear") != 0) {
static char conf_zeros[] = ":00000000000000000000000000000000";
- MD5_Update(&ctx, conf_zeros, sizeof(conf_zeros) - 1);
+ EVP_DigestUpdate(ctx, conf_zeros, sizeof(conf_zeros) - 1);
}
- MD5_Final(md, &ctx);
+ EVP_DigestFinal_ex(ctx, md, NULL);
+
hex_encode(md, sizeof(md), &A2);
if (A2 == NULL) {
ret = ENOMEM;
@@ -745,24 +754,26 @@ _kdc_do_digest(krb5_context context,
goto failed;
}
- MD5_Init(&ctx);
- MD5_Update(&ctx, A1, strlen(A2));
- MD5_Update(&ctx, ":", 1);
- MD5_Update(&ctx, ireq.u.digestRequest.serverNonce,
+ EVP_DigestInit_ex(ctx, EVP_md5(), NULL);
+ EVP_DigestUpdate(ctx, A1, strlen(A2));
+ EVP_DigestUpdate(ctx, ":", 1);
+ EVP_DigestUpdate(ctx, ireq.u.digestRequest.serverNonce,
strlen(ireq.u.digestRequest.serverNonce));
- MD5_Update(&ctx, ":", 1);
- MD5_Update(&ctx, *ireq.u.digestRequest.nonceCount,
+ EVP_DigestUpdate(ctx, ":", 1);
+ EVP_DigestUpdate(ctx, *ireq.u.digestRequest.nonceCount,
strlen(*ireq.u.digestRequest.nonceCount));
- MD5_Update(&ctx, ":", 1);
- MD5_Update(&ctx, *ireq.u.digestRequest.clientNonce,
+ EVP_DigestUpdate(ctx, ":", 1);
+ EVP_DigestUpdate(ctx, *ireq.u.digestRequest.clientNonce,
strlen(*ireq.u.digestRequest.clientNonce));
- MD5_Update(&ctx, ":", 1);
- MD5_Update(&ctx, *ireq.u.digestRequest.qop,
+ EVP_DigestUpdate(ctx, ":", 1);
+ EVP_DigestUpdate(ctx, *ireq.u.digestRequest.qop,
strlen(*ireq.u.digestRequest.qop));
- MD5_Update(&ctx, ":", 1);
- MD5_Update(&ctx, A2, strlen(A2));
+ EVP_DigestUpdate(ctx, ":", 1);
+ EVP_DigestUpdate(ctx, A2, strlen(A2));
+
+ EVP_DigestFinal_ex(ctx, md, NULL);
- MD5_Final(md, &ctx);
+ EVP_MD_CTX_destroy(ctx);
free(A1);
free(A2);
@@ -793,7 +804,7 @@ _kdc_do_digest(krb5_context context,
const char *username;
struct ntlm_buf answer;
Key *key = NULL;
- SHA_CTX ctx;
+ EVP_MD_CTX *ctx;
if ((config->digests_allowed & MS_CHAP_V2) == 0) {
kdc_log(context, config, 0, "MS-CHAP-V2 not allowed");
@@ -820,8 +831,10 @@ _kdc_do_digest(krb5_context context,
else
username++;
+ ctx = EVP_MD_CTX_create();
+
/* ChallangeHash */
- SHA1_Init(&ctx);
+ EVP_DigestInit_ex(ctx, EVP_sha1(), NULL);
{
ssize_t ssize;
krb5_data clientNonce;
@@ -830,7 +843,9 @@ _kdc_do_digest(krb5_context context,
clientNonce.data = malloc(clientNonce.length);
if (clientNonce.data == NULL) {
ret = ENOMEM;
- krb5_set_error_message(context, ret, "malloc: out of memory");
+ krb5_set_error_message(context, ret,
+ "malloc: out of memory");
+ EVP_MD_CTX_destroy(ctx);
goto out;
}
@@ -840,14 +855,18 @@ _kdc_do_digest(krb5_context context,
ret = ENOMEM;
krb5_set_error_message(context, ret,
"Failed to decode clientNonce");
+ EVP_MD_CTX_destroy(ctx);
goto out;
}
- SHA1_Update(&ctx, clientNonce.data, ssize);
+ EVP_DigestUpdate(ctx, clientNonce.data, ssize);
free(clientNonce.data);
}
- SHA1_Update(&ctx, serverNonce.data, serverNonce.length);
- SHA1_Update(&ctx, username, strlen(username));
- SHA1_Final(challange, &ctx);
+ EVP_DigestUpdate(ctx, serverNonce.data, serverNonce.length);
+ EVP_DigestUpdate(ctx, username, strlen(username));
+
+ EVP_DigestFinal_ex(ctx, challange, NULL);
+
+ EVP_MD_CTX_destroy(ctx);
/* NtPasswordHash */
ret = krb5_parse_name(context, username, &clientprincipal);
@@ -904,34 +923,39 @@ _kdc_do_digest(krb5_context context,
if (r.u.response.success) {
unsigned char hashhash[MD4_DIGEST_LENGTH];
+ EVP_MD_CTX *ctx;
+
+ ctx = EVP_MD_CTX_create();
/* hashhash */
{
- MD4_CTX hctx;
-
- MD4_Init(&hctx);
- MD4_Update(&hctx, key->key.keyvalue.data,
- key->key.keyvalue.length);
- MD4_Final(hashhash, &hctx);
+ EVP_DigestInit_ex(ctx, EVP_md4(), NULL);
+ EVP_DigestUpdate(ctx,
+ key->key.keyvalue.data,
+ key->key.keyvalue.length);
+ EVP_DigestFinal_ex(ctx, hashhash, NULL);
}
/* GenerateAuthenticatorResponse */
- SHA1_Init(&ctx);
- SHA1_Update(&ctx, hashhash, sizeof(hashhash));
- SHA1_Update(&ctx, answer.data, answer.length);
- SHA1_Update(&ctx, ms_chap_v2_magic1,sizeof(ms_chap_v2_magic1));
- SHA1_Final(md, &ctx);
-
- SHA1_Init(&ctx);
- SHA1_Update(&ctx, md, sizeof(md));
- SHA1_Update(&ctx, challange, 8);
- SHA1_Update(&ctx, ms_chap_v2_magic2, sizeof(ms_chap_v2_magic2));
- SHA1_Final(md, &ctx);
+ EVP_DigestInit_ex(ctx, EVP_sha1(), NULL);
+ EVP_DigestUpdate(ctx, hashhash, sizeof(hashhash));
+ EVP_DigestUpdate(ctx, answer.data, answer.length);
+ EVP_DigestUpdate(ctx, ms_chap_v2_magic1,
+ sizeof(ms_chap_v2_magic1));
+ EVP_DigestFinal_ex(ctx, md, NULL);
+
+ EVP_DigestInit_ex(ctx, EVP_sha1(), NULL);
+ EVP_DigestUpdate(ctx, md, sizeof(md));
+ EVP_DigestUpdate(ctx, challange, 8);
+ EVP_DigestUpdate(ctx, ms_chap_v2_magic2,
+ sizeof(ms_chap_v2_magic2));
+ EVP_DigestFinal_ex(ctx, md, NULL);
r.u.response.rsp = calloc(1, sizeof(*r.u.response.rsp));
if (r.u.response.rsp == NULL) {
free(answer.data);
krb5_clear_error_message(context);
+ EVP_MD_CTX_destroy(ctx);
ret = ENOMEM;
goto out;
}
@@ -940,19 +964,23 @@ _kdc_do_digest(krb5_context context,
if (r.u.response.rsp == NULL) {
free(answer.data);
krb5_clear_error_message(context);
+ EVP_MD_CTX_destroy(ctx);
ret = ENOMEM;
goto out;
}
/* get_master, rfc 3079 3.4 */
- SHA1_Init(&ctx);
- SHA1_Update(&ctx, hashhash, 16); /* md4(hash) */
- SHA1_Update(&ctx, answer.data, answer.length);
- SHA1_Update(&ctx, ms_rfc3079_magic1, sizeof(ms_rfc3079_magic1));
- SHA1_Final(md, &ctx);
+ EVP_DigestInit_ex(ctx, EVP_sha1(), NULL);
+ EVP_DigestUpdate(ctx, hashhash, 16);
+ EVP_DigestUpdate(ctx, answer.data, answer.length);
+ EVP_DigestUpdate(ctx, ms_rfc3079_magic1,
+ sizeof(ms_rfc3079_magic1));
+ EVP_DigestFinal_ex(ctx, md, NULL);
free(answer.data);
+ EVP_MD_CTX_destroy(ctx);
+
r.u.response.session_key =
calloc(1, sizeof(*r.u.response.session_key));
if (r.u.response.session_key == NULL) {
@@ -1237,7 +1265,7 @@ _kdc_do_digest(krb5_context context,
if (flags & NTLM_NEG_NTLM2_SESSION) {
unsigned char sessionhash[MD5_DIGEST_LENGTH];
- MD5_CTX md5ctx;
+ EVP_MD_CTX *ctx;
if ((config->digests_allowed & NTLM_V1_SESSION) == 0) {
kdc_log(context, config, 0, "NTLM v1-session not allowed");
@@ -1252,11 +1280,17 @@ _kdc_do_digest(krb5_context context,
goto failed;
}
- MD5_Init(&md5ctx);
- MD5_Update(&md5ctx, challange, sizeof(challange));
- MD5_Update(&md5ctx, ireq.u.ntlmRequest.lm.data, 8);
- MD5_Final(sessionhash, &md5ctx);
+ ctx = EVP_MD_CTX_create();
+
+ EVP_DigestInit_ex(ctx, EVP_md5(), NULL);
+
+ EVP_DigestUpdate(ctx, challange, sizeof(challange));
+ EVP_DigestUpdate(ctx, ireq.u.ntlmRequest.lm.data, 8);
+ EVP_DigestFinal_ex(ctx, sessionhash, NULL);
memcpy(challange, sessionhash, sizeof(challange));
+
+ EVP_MD_CTX_destroy(ctx);
+
} else {
if ((config->digests_allowed & NTLM_V1) == 0) {
kdc_log(context, config, 0, "NTLM v1 not allowed");
@@ -1283,18 +1317,23 @@ _kdc_do_digest(krb5_context context,
free(answer.data);
{
- MD4_CTX ctx;
+ EVP_MD_CTX *ctx;
+
+ ctx = EVP_MD_CTX_create();
+
+ EVP_DigestInit_ex(ctx, EVP_md4(), NULL);
+ EVP_DigestUpdate(ctx,
+ key->key.keyvalue.data,
+ key->key.keyvalue.length);
+ EVP_DigestFinal_ex(ctx, sessionkey, NULL);
- MD4_Init(&ctx);
- MD4_Update(&ctx,
- key->key.keyvalue.data, key->key.keyvalue.length);
- MD4_Final(sessionkey, &ctx);
+ EVP_MD_CTX_destroy(ctx);
}
}
if (ireq.u.ntlmRequest.sessionkey) {
unsigned char masterkey[MD4_DIGEST_LENGTH];
- RC4_KEY rc4;
+ EVP_CIPHER_CTX rc4;
size_t len;
if ((flags & NTLM_NEG_KEYEX) == 0) {
@@ -1314,12 +1353,13 @@ _kdc_do_digest(krb5_context context,
goto failed;
}
- RC4_set_key(&rc4, sizeof(sessionkey), sessionkey);
-
- RC4(&rc4, sizeof(masterkey),
- ireq.u.ntlmRequest.sessionkey->data,
- masterkey);
- memset(&rc4, 0, sizeof(rc4));
+
+ EVP_CIPHER_CTX_init(&rc4);
+ EVP_CipherInit_ex(&rc4, EVP_rc4(), NULL, sessionkey, NULL, 1);
+ EVP_Cipher(&rc4,
+ masterkey, ireq.u.ntlmRequest.sessionkey->data,
+ sizeof(masterkey));
+ EVP_CIPHER_CTX_cleanup(&rc4);
r.u.ntlmResponse.sessionkey =
malloc(sizeof(*r.u.ntlmResponse.sessionkey));
diff --git a/source4/heimdal/kdc/kdc_locl.h b/source4/heimdal/kdc/kdc_locl.h
index 024937e..f2da03b 100644
--- a/source4/heimdal/kdc/kdc_locl.h
+++ b/source4/heimdal/kdc/kdc_locl.h
@@ -46,7 +46,8 @@ struct Kx509Request;
#include <kdc-private.h>
extern sig_atomic_t exit_flag;
-extern size_t max_request;
+extern size_t max_request_udp;
+extern size_t max_request_tcp;
extern const char *request_log;
extern const char *port_str;
--
Samba Shared Repository
More information about the samba-cvs
mailing list