[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Sat Mar 27 05:10:02 MDT 2010
The branch, master has been updated
via 1f04675... s4:heimdal Use correct variable to advance past -- options in kpasswd
via f47454a... s4:heimdal_build Remove forced HAVE_STRERROR_R
via 64b8b0c... s4:heimal Update generated files (cp from Heimdal)
via df7fbf2... s4:testprogs Update test to match current Heimdal
via 533024b... s4:heimdal: import lorikeet-heimdal-201003262338 (commit f4e0dc17709829235f057e0e100d34802d3929ff)
via 6798543... s4:testprogs Fix kinit test for updated Heimdal
via 564d5cd... s4:heimdal New files and supporting logic for heimdal update
via 89eaef0... s4:heimdal: import lorikeet-heimdal-201001120029 (commit a5e675fed7c5db8a7370b77ed0bfa724196aa84d)
from fac8ca5... Fix bug #7240 - Net usershare is not case sensitive.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 1f0467562b50e29eabae070c3d0088d4fc62d3a0
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sat Mar 27 19:13:28 2010 +1100
s4:heimdal Use correct variable to advance past -- options in kpasswd
This bug was introduced when kpasswd was migrated to a local getarg()
call, in Heimdal commit 7dd146072cd9b56d660a01f4aa20f8d81be356e8
Andrew Bartlett
commit f47454a04d7656e93de7286e1105119fe80cb366
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sat Mar 27 19:12:33 2010 +1100
s4:heimdal_build Remove forced HAVE_STRERROR_R
This just causes warnings, now upstream has a more complete fix.
commit 64b8b0cdafc18dcf65dcc4210be50e6139f553d7
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sat Mar 27 12:24:00 2010 +1100
s4:heimal Update generated files (cp from Heimdal)
commit df7fbf28ee3e4d75a6bf824bb2a5681dc65d38b1
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sat Mar 27 12:23:21 2010 +1100
s4:testprogs Update test to match current Heimdal
commit 533024be44861c8d2c8ba3232738c7d2dbbe2e4f
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sat Mar 27 11:55:22 2010 +1100
s4:heimdal: import lorikeet-heimdal-201003262338 (commit f4e0dc17709829235f057e0e100d34802d3929ff)
commit 679854384252e698b8f8c09d31eb15ed043c919b
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sat Mar 27 11:48:05 2010 +1100
s4:testprogs Fix kinit test for updated Heimdal
commit 564d5cd2c48b9d9debccf03433cfee282040e2da
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Jan 12 13:24:33 2010 +1100
s4:heimdal New files and supporting logic for heimdal update
commit 89eaef025376339ef25d07cdc4748920fceaa968
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Jan 12 18:16:45 2010 +1100
s4:heimdal: import lorikeet-heimdal-201001120029 (commit a5e675fed7c5db8a7370b77ed0bfa724196aa84d)
-----------------------------------------------------------------------
Summary of changes:
.gitignore | 5 +
source4/heimdal/cf/make-proto.pl | 23 +-
source4/heimdal/kdc/default_config.c | 121 ++--
source4/heimdal/kdc/headers.h | 5 +-
source4/heimdal/kdc/kaserver.c | 6 +-
source4/heimdal/kdc/kdc.h | 8 +-
source4/heimdal/kdc/kdc_locl.h | 4 +
source4/heimdal/kdc/kerberos5.c | 176 ++--
source4/heimdal/kdc/krb5tgs.c | 7 +-
source4/heimdal/kdc/kx509.c | 18 +-
source4/heimdal/kdc/log.c | 8 +-
source4/heimdal/kdc/misc.c | 2 -
source4/heimdal/kdc/pkinit.c | 33 +-
source4/heimdal/kdc/windc.c | 2 -
source4/heimdal/kpasswd/kpasswd.c | 21 +-
source4/heimdal/kuser/kinit.c | 164 ++---
source4/heimdal/lib/asn1/asn1-common.h | 1 +
source4/heimdal/lib/asn1/asn1-template.h | 141 +++
source4/heimdal/lib/asn1/asn1_err.et | 2 +
source4/heimdal/lib/asn1/asn1parse.c | 818 +++++++++---------
source4/heimdal/lib/asn1/asn1parse.h | 2 +-
source4/heimdal/lib/asn1/asn1parse.y | 15 +-
source4/heimdal/lib/asn1/cms.asn1 | 2 +-
source4/heimdal/lib/asn1/der.h | 2 +
source4/heimdal/lib/asn1/der_copy.c | 30 +
source4/heimdal/lib/asn1/der_free.c | 27 +
source4/heimdal/lib/asn1/der_get.c | 34 +-
source4/heimdal/lib/asn1/der_length.c | 16 +
source4/heimdal/lib/asn1/der_locl.h | 2 +
source4/heimdal/lib/asn1/digest.asn1 | 15 +
source4/heimdal/lib/asn1/extra.c | 42 +-
source4/heimdal/lib/asn1/gen.c | 267 +++++-
source4/heimdal/lib/asn1/gen_copy.c | 4 -
source4/heimdal/lib/asn1/gen_decode.c | 36 +-
source4/heimdal/lib/asn1/gen_encode.c | 5 -
source4/heimdal/lib/asn1/gen_free.c | 22 +-
source4/heimdal/lib/asn1/gen_glue.c | 34 +-
source4/heimdal/lib/asn1/gen_length.c | 5 +-
source4/heimdal/lib/asn1/gen_locl.h | 11 +-
source4/heimdal/lib/asn1/gen_template.c | 894 ++++++++++++++++++++
source4/heimdal/lib/asn1/krb5.asn1 | 81 ++-
source4/heimdal/lib/asn1/lex.c | 28 +-
source4/heimdal/lib/asn1/main.c | 2 +
source4/heimdal/lib/asn1/symbol.c | 4 +-
source4/heimdal/lib/asn1/test.asn1 | 42 +-
source4/heimdal/lib/com_err/compile_et.c | 5 +-
source4/heimdal/lib/com_err/lex.c | 28 +-
source4/heimdal/lib/gssapi/gssapi/gssapi.h | 17 +-
source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h | 16 +-
.../heimdal/lib/gssapi/krb5/accept_sec_context.c | 18 +-
source4/heimdal/lib/gssapi/krb5/acquire_cred.c | 2 +-
source4/heimdal/lib/gssapi/krb5/init_sec_context.c | 4 +-
.../lib/gssapi/krb5/inquire_sec_context_by_oid.c | 6 +-
.../lib/gssapi/mech/gss_accept_sec_context.c | 4 +-
source4/heimdal/lib/gssapi/mech/gss_aeap.c | 3 +-
.../lib/gssapi/mech/gss_decapsulate_token.c | 4 +-
.../lib/gssapi/mech/gss_encapsulate_token.c | 4 +-
source4/heimdal/lib/gssapi/mech/gss_import_name.c | 25 +
.../heimdal/lib/gssapi/mech/gss_init_sec_context.c | 57 ++
source4/heimdal/lib/gssapi/mech/gss_mech_switch.c | 39 +-
source4/heimdal/lib/gssapi/mech/gss_release_name.c | 15 +
source4/heimdal/lib/gssapi/spnego/spnego_locl.h | 4 +-
source4/heimdal/lib/hcrypto/aes.h | 2 +-
source4/heimdal/lib/hcrypto/bn.c | 1 +
source4/heimdal/lib/hcrypto/des.c | 13 +-
source4/heimdal/lib/hcrypto/evp-cc.c | 24 +
source4/heimdal/lib/hcrypto/evp-cc.h | 2 +-
source4/heimdal/lib/hcrypto/evp.c | 1 +
source4/heimdal/lib/hcrypto/evp.h | 18 +-
source4/heimdal/lib/hcrypto/hash.h | 1 +
source4/heimdal/lib/hcrypto/hmac.c | 4 +-
source4/heimdal/lib/hcrypto/rand-fortuna.c | 9 +
source4/heimdal/lib/hcrypto/rand-unix.c | 48 +-
source4/heimdal/lib/hcrypto/rand.c | 27 +-
source4/heimdal/lib/hcrypto/rand.h | 1 +
source4/heimdal/lib/hcrypto/randi.h | 2 +
source4/heimdal/lib/hcrypto/rijndael-alg-fst.c | 3 +-
source4/heimdal/lib/hcrypto/rnd_keys.c | 4 +-
source4/heimdal/lib/hcrypto/ui.c | 54 ++
source4/heimdal/lib/hdb/ext.c | 20 +-
source4/heimdal/lib/hdb/hdb-keytab.c | 226 +++++
source4/heimdal/lib/hdb/hdb.c | 27 +
source4/heimdal/lib/hdb/hdb.h | 9 +
source4/heimdal/lib/hdb/mkey.c | 2 +-
source4/heimdal/lib/hdb/ndbm.c | 107 ++-
source4/heimdal/lib/hx509/cert.c | 7 +-
source4/heimdal/lib/hx509/cms.c | 4 +-
source4/heimdal/lib/hx509/crypto.c | 38 +-
source4/heimdal/lib/hx509/hx_locl.h | 5 +-
source4/heimdal/lib/hx509/keyset.c | 53 +-
source4/heimdal/lib/hx509/ks_dir.c | 2 +-
source4/heimdal/lib/hx509/ks_file.c | 2 +-
source4/heimdal/lib/hx509/ks_keychain.c | 1 +
source4/heimdal/lib/hx509/ks_p12.c | 2 +-
source4/heimdal/lib/hx509/peer.c | 3 +
source4/heimdal/lib/hx509/revoke.c | 10 +-
source4/heimdal/lib/hx509/sel-lex.c | 60 +-
source4/heimdal/lib/hx509/sel-lex.l | 4 +
source4/heimdal/lib/krb5/acache.c | 61 +-
source4/heimdal/lib/krb5/add_et_list.c | 2 +-
source4/heimdal/lib/krb5/addr_families.c | 50 +-
source4/heimdal/lib/krb5/appdefault.c | 6 +-
source4/heimdal/lib/krb5/asn1_glue.c | 4 +-
source4/heimdal/lib/krb5/auth_context.c | 90 +-
source4/heimdal/lib/krb5/build_ap_req.c | 4 +-
source4/heimdal/lib/krb5/build_auth.c | 18 +-
source4/heimdal/lib/krb5/cache.c | 228 ++++--
source4/heimdal/lib/krb5/changepw.c | 18 +-
source4/heimdal/lib/krb5/codec.c | 64 +-
source4/heimdal/lib/krb5/config_file.c | 265 +++++--
source4/heimdal/lib/krb5/constants.c | 12 +-
source4/heimdal/lib/krb5/context.c | 167 +++-
source4/heimdal/lib/krb5/convert_creds.c | 11 +-
source4/heimdal/lib/krb5/copy_host_realm.c | 2 +-
source4/heimdal/lib/krb5/creds.c | 10 +-
source4/heimdal/lib/krb5/crypto.c | 187 +++--
source4/heimdal/lib/krb5/data.c | 16 +-
source4/heimdal/lib/krb5/eai_to_heim_errno.c | 8 +-
source4/heimdal/lib/krb5/error_string.c | 25 +-
source4/heimdal/lib/krb5/expand_hostname.c | 4 +-
source4/heimdal/lib/krb5/fcache.c | 123 ++-
source4/heimdal/lib/krb5/free.c | 4 +-
source4/heimdal/lib/krb5/free_host_realm.c | 2 +-
source4/heimdal/lib/krb5/generate_seq_number.c | 4 +-
source4/heimdal/lib/krb5/generate_subkey.c | 4 +-
source4/heimdal/lib/krb5/get_addrs.c | 4 +-
source4/heimdal/lib/krb5/get_cred.c | 52 +-
source4/heimdal/lib/krb5/get_default_principal.c | 55 ++-
source4/heimdal/lib/krb5/get_default_realm.c | 4 +-
source4/heimdal/lib/krb5/get_for_creds.c | 6 +-
source4/heimdal/lib/krb5/get_host_realm.c | 4 +-
source4/heimdal/lib/krb5/get_in_tkt.c | 10 +-
source4/heimdal/lib/krb5/get_port.c | 4 +-
source4/heimdal/lib/krb5/init_creds.c | 91 ++-
source4/heimdal/lib/krb5/init_creds_pw.c | 203 ++++--
source4/heimdal/lib/krb5/kcm.c | 575 +++++++++----
source4/heimdal/lib/krb5/keyblock.c | 12 +-
source4/heimdal/lib/krb5/keytab.c | 40 +-
source4/heimdal/lib/krb5/krb5-v4compat.h | 21 +-
source4/heimdal/lib/krb5/krb5.h | 17 +-
source4/heimdal/lib/krb5/krb5_locl.h | 25 +-
source4/heimdal/lib/krb5/krbhst.c | 26 +-
source4/heimdal/lib/krb5/log.c | 28 +-
source4/heimdal/lib/krb5/mcache.c | 24 +-
source4/heimdal/lib/krb5/misc.c | 2 +-
source4/heimdal/lib/krb5/mit_glue.c | 56 +-
source4/heimdal/lib/krb5/mk_error.c | 2 +-
source4/heimdal/lib/krb5/mk_priv.c | 4 +-
source4/heimdal/lib/krb5/mk_rep.c | 4 +-
source4/heimdal/lib/krb5/mk_req.c | 6 +-
source4/heimdal/lib/krb5/mk_req_ext.c | 4 +-
source4/heimdal/lib/krb5/n-fold.c | 2 +-
source4/heimdal/lib/krb5/padata.c | 2 +-
source4/heimdal/lib/krb5/pkinit.c | 114 ++-
source4/heimdal/lib/krb5/plugin.c | 2 +-
source4/heimdal/lib/krb5/principal.c | 71 +-
source4/heimdal/lib/krb5/prog_setup.c | 6 +-
source4/heimdal/lib/krb5/prompter_posix.c | 2 +-
source4/heimdal/lib/krb5/rd_cred.c | 6 +-
source4/heimdal/lib/krb5/rd_error.c | 8 +-
source4/heimdal/lib/krb5/rd_priv.c | 4 +-
source4/heimdal/lib/krb5/rd_rep.c | 6 +-
source4/heimdal/lib/krb5/rd_req.c | 41 +-
source4/heimdal/lib/krb5/replay.c | 42 +-
source4/heimdal/lib/krb5/send_to_kdc.c | 58 +-
source4/heimdal/lib/krb5/set_default_realm.c | 2 +-
source4/heimdal/lib/krb5/store.c | 103 ++--
source4/heimdal/lib/krb5/store_emem.c | 2 +-
source4/heimdal/lib/krb5/store_fd.c | 20 +-
source4/heimdal/lib/krb5/store_mem.c | 6 +-
source4/heimdal/lib/krb5/ticket.c | 27 +-
source4/heimdal/lib/krb5/time.c | 10 +-
source4/heimdal/lib/krb5/transited.c | 8 +-
source4/heimdal/lib/krb5/v4_glue.c | 28 +-
source4/heimdal/lib/krb5/version.c | 2 -
source4/heimdal/lib/krb5/warn.c | 28 +-
source4/heimdal/lib/ntlm/heimntlm.h | 32 +-
source4/heimdal/lib/ntlm/ntlm.c | 14 +-
source4/heimdal/lib/roken/base64.c | 4 +-
source4/heimdal/lib/roken/base64.h | 8 +-
source4/heimdal/lib/roken/bswap.c | 4 +-
source4/heimdal/lib/roken/cloexec.c | 15 +-
source4/heimdal/lib/roken/closefrom.c | 2 +-
source4/heimdal/lib/roken/copyhostent.c | 2 +-
source4/heimdal/lib/roken/dumpdata.c | 6 +-
source4/heimdal/lib/roken/ecalloc.c | 2 +-
source4/heimdal/lib/roken/emalloc.c | 2 +-
source4/heimdal/lib/roken/erealloc.c | 2 +-
source4/heimdal/lib/roken/err.hin | 20 +-
source4/heimdal/lib/roken/estrdup.c | 2 +-
source4/heimdal/lib/roken/freeaddrinfo.c | 2 +-
source4/heimdal/lib/roken/freehostent.c | 2 +-
source4/heimdal/lib/roken/gai_strerror.c | 2 +-
source4/heimdal/lib/roken/get_window_size.c | 16 +-
source4/heimdal/lib/roken/getaddrinfo.c | 2 +-
source4/heimdal/lib/roken/getarg.c | 16 +-
source4/heimdal/lib/roken/getarg.h | 12 +-
source4/heimdal/lib/roken/getdtablesize.c | 2 +-
source4/heimdal/lib/roken/getipnodebyaddr.c | 2 +-
source4/heimdal/lib/roken/getipnodebyname.c | 2 +-
source4/heimdal/lib/roken/getnameinfo.c | 2 +-
source4/heimdal/lib/roken/getprogname.c | 2 +-
source4/heimdal/lib/roken/hex.c | 4 +-
source4/heimdal/lib/roken/hex.h | 8 +-
source4/heimdal/lib/roken/hostent_find_fqdn.c | 2 +-
source4/heimdal/lib/roken/inet_aton.c | 2 +-
source4/heimdal/lib/roken/inet_ntop.c | 2 +-
source4/heimdal/lib/roken/inet_pton.c | 61 ++-
source4/heimdal/lib/roken/issuid.c | 2 +-
source4/heimdal/lib/roken/net_read.c | 47 +-
source4/heimdal/lib/roken/net_write.c | 39 +-
source4/heimdal/lib/roken/parse_bytes.h | 10 +-
source4/heimdal/lib/roken/parse_time.c | 8 +-
source4/heimdal/lib/roken/parse_time.h | 12 +-
source4/heimdal/lib/roken/parse_units.c | 20 +-
source4/heimdal/lib/roken/parse_units.h | 18 +-
source4/heimdal/lib/roken/resolve.c | 52 +-
source4/heimdal/lib/roken/resolve.h | 14 +-
source4/heimdal/lib/roken/rkpty.c | 2 +
source4/heimdal/lib/roken/roken-common.h | 142 ++--
source4/heimdal/lib/roken/roken.h.in | 436 ++++++++---
source4/heimdal/lib/roken/roken_gethostby.c | 6 +-
source4/heimdal/lib/roken/rtbl.c | 44 +-
source4/heimdal/lib/roken/rtbl.h | 36 +-
source4/heimdal/lib/roken/setprogname.c | 2 +-
source4/heimdal/lib/roken/signal.c | 2 +-
source4/heimdal/lib/roken/simple_exec.c | 44 +-
source4/heimdal/lib/roken/socket.c | 81 ++-
source4/heimdal/lib/roken/strcollect.c | 4 +-
source4/heimdal/lib/roken/strerror_r.c | 84 ++
source4/heimdal/lib/roken/strlwr.c | 2 +-
source4/heimdal/lib/roken/strpool.c | 6 +-
source4/heimdal/lib/roken/strsep.c | 2 +-
source4/heimdal/lib/roken/strsep_copy.c | 2 +-
source4/heimdal/lib/roken/strupr.c | 2 +-
source4/heimdal/lib/roken/vis.c | 25 +-
source4/heimdal/lib/roken/vis.hin | 23 +-
source4/heimdal/lib/roken/xfree.c | 2 -
source4/heimdal/lib/vers/print_version.c | 4 +-
source4/heimdal/lib/wind/gen-bidi.py | 1 +
source4/heimdal/lib/wind/gen-combining.py | 1 +
source4/heimdal/lib/wind/gen-errorlist.py | 1 +
source4/heimdal/lib/wind/gen-normalize.py | 1 +
source4/heimdal/lib/wind/windlocl.h | 1 +
source4/heimdal_build/asn1_deps.pl | 6 +-
source4/heimdal_build/internal.mk | 13 +
source4/heimdal_build/krb5-types.h | 1 +
source4/heimdal_build/roken.h | 8 +-
testprogs/blackbox/test_kinit.sh | 6 +-
249 files changed, 6305 insertions(+), 2665 deletions(-)
create mode 100644 source4/heimdal/lib/asn1/asn1-template.h
create mode 100644 source4/heimdal/lib/asn1/gen_template.c
create mode 100644 source4/heimdal/lib/hdb/hdb-keytab.c
create mode 100644 source4/heimdal/lib/roken/strerror_r.c
Changeset truncated at 500 lines:
diff --git a/.gitignore b/.gitignore
index 7f1a9be..e847035 100644
--- a/.gitignore
+++ b/.gitignore
@@ -155,11 +155,14 @@ source4/gentest_seeds.dat
source4/heimdal/kdc/kdc-private.h
source4/heimdal/kdc/kdc-protos.h
source4/heimdal/lib/asn1/asn1_*
+source4/heimdal/lib/asn1/*_asn1-priv.h*
source4/heimdal/lib/asn1/der-protos.h
source4/heimdal/lib/asn1/krb5_asn1_files
source4/heimdal/lib/asn1/krb5_asn1.h
source4/heimdal/lib/des/hcrypto
source4/heimdal/lib/gssapi/asn1_*.c
+source4/heimdal/lib/gssapi/gssapi_asn1-priv.h
+source4/heimdal/lib/gssapi/spnego_asn1-priv.h
source4/heimdal/lib/gssapi/krb5/gsskrb5-private.h
source4/heimdal/lib/gssapi/spnego_asn1_files
source4/heimdal/lib/gssapi/spnego_asn1.h
@@ -167,10 +170,12 @@ source4/heimdal/lib/gssapi/spnego/spnego-private.h
source4/heimdal/lib/hdb/asn1_*.c
source4/heimdal/lib/hdb/hdb_asn1_files
source4/heimdal/lib/hdb/hdb_asn1.h
+source4/heimdal/lib/hdb/hdb_asn1-priv.h
source4/heimdal/lib/hdb/hdb_err.?
source4/heimdal/lib/hdb/hdb-private.h
source4/heimdal/lib/hdb/hdb-protos.h
source4/heimdal/lib/hx509/asn1_*.c
+source4/heimdal/lib/hx509/*asn1-priv.h
source4/heimdal/lib/hx509/hx509-private.h
source4/heimdal/lib/hx509/hx509-protos.h
source4/heimdal/lib/krb5/heim_err.?
diff --git a/source4/heimdal/cf/make-proto.pl b/source4/heimdal/cf/make-proto.pl
index 04733e1..12c6d07 100644
--- a/source4/heimdal/cf/make-proto.pl
+++ b/source4/heimdal/cf/make-proto.pl
@@ -253,8 +253,14 @@ $private_h_trailer = "";
foreach(sort keys %funcs){
if(/^(main)$/) { next }
+ if ($funcs{$_} =~ /\^/) {
+ $beginblock = "#ifdef __BLOCKS__\n";
+ $endblock = "#endif /* __BLOCKS__ */\n";
+ } else {
+ $beginblock = $endblock = "";
+ }
if(!defined($exported{$_}) && /$private_func_re/) {
- $private_h .= $funcs{$_} . "\n\n";
+ $private_h .= $beginblock . $funcs{$_} . "\n" . $endblock . "\n";
if($funcs{$_} =~ /__attribute__/) {
$private_attribute_seen = 1;
}
@@ -267,7 +273,7 @@ foreach(sort keys %funcs){
$public_h .= "#ifndef HAVE_$fupper\n";
}
}
- $public_h .= $funcs{$_} . "\n";
+ $public_h .= $beginblock . $funcs{$_} . "\n" . $endblock;
if($funcs{$_} =~ /__attribute__/) {
$public_attribute_seen = 1;
}
@@ -310,26 +316,33 @@ extern \"C\" {
}
if ($opt_E) {
$public_h_header .= "#ifndef $opt_E
+#ifndef ${opt_E}_FUNCTION
#if defined(_WIN32)
-#define ${opt_E}_FUNCTION __stdcall __declspec(dllimport)
+#define ${opt_E}_FUNCTION __declspec(dllimport)
+#define ${opt_E}_CALL __stdcall
#define ${opt_E}_VARIABLE __declspec(dllimport)
#else
#define ${opt_E}_FUNCTION
+#define ${opt_E}_CALL
#define ${opt_E}_VARIABLE
#endif
#endif
-
+#endif
";
$private_h_header .= "#ifndef $opt_E
+#ifndef ${opt_E}_FUNCTION
#if defined(_WIN32)
-#define ${opt_E}_FUNCTION __stdcall __declspec(dllimport)
+#define ${opt_E}_FUNCTION __declspec(dllimport)
+#define ${opt_E}_CALL __stdcall
#define ${opt_E}_VARIABLE __declspec(dllimport)
#else
#define ${opt_E}_FUNCTION
+#define ${opt_E}_CALL
#define ${opt_E}_VARIABLE
#endif
#endif
+#endif
";
}
diff --git a/source4/heimdal/kdc/default_config.c b/source4/heimdal/kdc/default_config.c
index bf65af3..f5df4e0 100644
--- a/source4/heimdal/kdc/default_config.c
+++ b/source4/heimdal/kdc/default_config.c
@@ -1,9 +1,10 @@
/*
* Copyright (c) 1997-2007 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
- *
* All rights reserved.
*
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -36,8 +37,6 @@
#include <getarg.h>
#include <parse_bytes.h>
-RCSID("$Id$");
-
krb5_error_code
krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
{
@@ -215,7 +214,6 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
"kdc", "kdc_warn_pwexpire", NULL);
-#ifdef PKINIT
c->enable_pkinit =
krb5_config_get_bool_default(context,
NULL,
@@ -223,74 +221,73 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
"kdc",
"enable-pkinit",
NULL);
- if (c->enable_pkinit) {
- const char *user_id, *anchors, *file;
- char **pool_list, **revoke_list;
-
- user_id =
- krb5_config_get_string(context, NULL,
- "kdc", "pkinit_identity", NULL);
- if (user_id == NULL)
- krb5_errx(context, 1, "pkinit enabled but no identity");
- anchors = krb5_config_get_string(context, NULL,
- "kdc", "pkinit_anchors", NULL);
- if (anchors == NULL)
- krb5_errx(context, 1, "pkinit enabled but no X509 anchors");
- pool_list =
- krb5_config_get_strings(context, NULL,
- "kdc", "pkinit_pool", NULL);
-
- revoke_list =
- krb5_config_get_strings(context, NULL,
- "kdc", "pkinit_revoke", NULL);
+ c->pkinit_kdc_identity =
+ krb5_config_get_string(context, NULL,
+ "kdc", "pkinit_identity", NULL);
+ c->pkinit_kdc_anchors =
+ krb5_config_get_string(context, NULL,
+ "kdc", "pkinit_anchors", NULL);
+ c->pkinit_kdc_cert_pool =
+ krb5_config_get_strings(context, NULL,
+ "kdc", "pkinit_pool", NULL);
+ c->pkinit_kdc_revoke =
+ krb5_config_get_strings(context, NULL,
+ "kdc", "pkinit_revoke", NULL);
+ c->pkinit_kdc_ocsp_file =
+ krb5_config_get_string(context, NULL,
+ "kdc", "pkinit_kdc_ocsp", NULL);
+ c->pkinit_kdc_friendly_name =
+ krb5_config_get_string(context, NULL,
+ "kdc", "pkinit_kdc_friendly_name", NULL);
+ c->pkinit_princ_in_cert =
+ krb5_config_get_bool_default(context, NULL,
+ c->pkinit_princ_in_cert,
+ "kdc",
+ "pkinit_principal_in_certificate",
+ NULL);
+ c->pkinit_require_binding =
+ krb5_config_get_bool_default(context, NULL,
+ c->pkinit_require_binding,
+ "kdc",
+ "pkinit_win2k_require_binding",
+ NULL);
+ c->pkinit_dh_min_bits =
+ krb5_config_get_int_default(context, NULL,
+ 0,
+ "kdc", "pkinit_dh_min_bits", NULL);
- file = krb5_config_get_string(context, NULL,
- "kdc", "pkinit_kdc_ocsp", NULL);
- if (file) {
- c->pkinit_kdc_ocsp_file = strdup(file);
- if (c->pkinit_kdc_ocsp_file == NULL)
- krb5_errx(context, 1, "out of memory");
- }
- file = krb5_config_get_string(context, NULL,
- "kdc", "pkinit_kdc_friendly_name", NULL);
- if (file) {
- c->pkinit_kdc_friendly_name = strdup(file);
- if (c->pkinit_kdc_friendly_name == NULL)
- krb5_errx(context, 1, "out of memory");
- }
+#ifdef __APPLE__
+ c->enable_pkinit = 1;
+ if (c->pkinit_kdc_identity == NULL) {
+ if (c->pkinit_kdc_friendly_name == NULL)
+ c->pkinit_kdc_friendly_name =
+ strdup("O=System Identity,CN=com.apple.kerberos.kdc");
+ c->pkinit_kdc_identity = strdup("KEYCHAIN:");
+ }
+ if (c->pkinit_kdc_anchors == NULL)
+ c->pkinit_kdc_anchors = strdup("KEYCHAIN:");
- _kdc_pk_initialize(context, c, user_id, anchors,
- pool_list, revoke_list);
+#endif
- krb5_config_free_strings(pool_list);
- krb5_config_free_strings(revoke_list);
+ if (c->enable_pkinit) {
+ if (c->pkinit_kdc_identity == NULL)
+ krb5_errx(context, 1, "pkinit enabled but no identity");
+
+ if (c->pkinit_kdc_anchors == NULL)
+ krb5_errx(context, 1, "pkinit enabled but no X509 anchors");
- c->pkinit_princ_in_cert =
- krb5_config_get_bool_default(context, NULL,
- c->pkinit_princ_in_cert,
- "kdc",
- "pkinit_principal_in_certificate",
- NULL);
+ krb5_kdc_pk_initialize(context, c,
+ c->pkinit_kdc_identity,
+ c->pkinit_kdc_anchors,
+ c->pkinit_kdc_cert_pool,
+ c->pkinit_kdc_revoke);
- c->pkinit_require_binding =
- krb5_config_get_bool_default(context, NULL,
- c->pkinit_require_binding,
- "kdc",
- "pkinit_win2k_require_binding",
- NULL);
}
-
- c->pkinit_dh_min_bits =
- krb5_config_get_int_default(context, NULL,
- 0,
- "kdc", "pkinit_dh_min_bits", NULL);
-
-#endif
-
+
*config = c;
return 0;
diff --git a/source4/heimdal/kdc/headers.h b/source4/heimdal/kdc/headers.h
index b9a8288..aced5ce 100644
--- a/source4/heimdal/kdc/headers.h
+++ b/source4/heimdal/kdc/headers.h
@@ -38,9 +38,8 @@
#ifndef __HEADERS_H__
#define __HEADERS_H__
-#ifdef HAVE_CONFIG_H
#include <config.h>
-#endif
+
#include <limits.h>
#include <stdio.h>
#include <stdlib.h>
@@ -108,7 +107,7 @@
#include <windc_plugin.h>
#undef ALLOC
-#define ALLOC(X) ((X) = malloc(sizeof(*(X))))
+#define ALLOC(X) ((X) = calloc(1, sizeof(*(X))))
#undef ALLOC_SEQ
#define ALLOC_SEQ(X, N) do { (X)->len = (N); \
(X)->val = calloc((X)->len, sizeof(*(X)->val)); } while(0)
diff --git a/source4/heimdal/kdc/kaserver.c b/source4/heimdal/kdc/kaserver.c
index 69b5bb1..827205a 100644
--- a/source4/heimdal/kdc/kaserver.c
+++ b/source4/heimdal/kdc/kaserver.c
@@ -738,9 +738,11 @@ do_getticket (krb5_context context,
config->v4_realm, &sname,
&sinstance, &ad);
if (ret) {
+ const char *msg = krb5_get_error_message(context, ret);
kdc_log(context, config, 0,
- "kaserver: decomp failed for %s.%s with %d",
- sname, sinstance, ret);
+ "kaserver: decomp failed for %s.%s with %s %d",
+ msg, sname, sinstance, ret);
+ krb5_free_error_message(context, msg);
make_error_reply (hdr, KABADTICKET, reply);
goto out;
}
diff --git a/source4/heimdal/kdc/kdc.h b/source4/heimdal/kdc/kdc.h
index 285a33a..c353ca1 100644
--- a/source4/heimdal/kdc/kdc.h
+++ b/source4/heimdal/kdc/kdc.h
@@ -74,8 +74,12 @@ typedef struct krb5_kdc_configuration {
krb5_boolean enable_pkinit;
krb5_boolean pkinit_princ_in_cert;
- char *pkinit_kdc_ocsp_file;
- char *pkinit_kdc_friendly_name;
+ const char *pkinit_kdc_identity;
+ const char *pkinit_kdc_anchors;
+ const char *pkinit_kdc_friendly_name;
+ const char *pkinit_kdc_ocsp_file;
+ char **pkinit_kdc_cert_pool;
+ char **pkinit_kdc_revoke;
int pkinit_dh_min_bits;
int pkinit_require_binding;
int pkinit_allow_proxy_certs;
diff --git a/source4/heimdal/kdc/kdc_locl.h b/source4/heimdal/kdc/kdc_locl.h
index f2da03b..36d694d 100644
--- a/source4/heimdal/kdc/kdc_locl.h
+++ b/source4/heimdal/kdc/kdc_locl.h
@@ -77,4 +77,8 @@ loop(krb5_context context, krb5_kdc_configuration *config);
krb5_kdc_configuration *
configure(krb5_context context, int argc, char **argv);
+#ifdef __APPLE__
+void bonjour_announce(krb5_context, krb5_kdc_configuration *);
+#endif
+
#endif /* __KDC_LOCL_H__ */
diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c
index fb88aa9..c3e9475 100644
--- a/source4/heimdal/kdc/kerberos5.c
+++ b/source4/heimdal/kdc/kerberos5.c
@@ -33,8 +33,6 @@
#include "kdc_locl.h"
-RCSID("$Id$");
-
#define MAX_TIME ((time_t)((1U << 31) - 1))
void
@@ -60,13 +58,13 @@ realloc_method_data(METHOD_DATA *md)
}
static void
-set_salt_padata (METHOD_DATA *md, Salt *salt)
+set_salt_padata(METHOD_DATA *md, Salt *salt)
{
if (salt) {
- realloc_method_data(md);
- md->val[md->len - 1].padata_type = salt->type;
- der_copy_octet_string(&salt->salt,
- &md->val[md->len - 1].padata_value);
+ realloc_method_data(md);
+ md->val[md->len - 1].padata_type = salt->type;
+ der_copy_octet_string(&salt->salt,
+ &md->val[md->len - 1].padata_value);
}
}
@@ -127,7 +125,7 @@ is_default_salt_p(const krb5_salt *default_salt, const Key *key)
krb5_error_code
_kdc_find_etype(krb5_context context, const hdb_entry_ex *princ,
krb5_enctype *etypes, unsigned len,
- Key **ret_key, krb5_enctype *ret_etype)
+ Key **ret_key)
{
int i;
krb5_error_code ret = KRB5KDC_ERR_ETYPE_NOSUPP;
@@ -148,7 +146,6 @@ _kdc_find_etype(krb5_context context, const hdb_entry_ex *princ,
continue;
}
*ret_key = key;
- *ret_etype = etypes[i];
ret = 0;
if (is_default_salt_p(&def_salt, key)) {
krb5_free_salt (context, def_salt);
@@ -287,8 +284,9 @@ _kdc_encode_reply(krb5_context context,
ret = krb5_crypto_init(context, skey, etype, &crypto);
if (ret) {
+ const char *msg;
free(buf);
- const char *msg = krb5_get_error_message(context, ret);
+ msg = krb5_get_error_message(context, ret);
kdc_log(context, config, 0, "krb5_crypto_init failed: %s", msg);
krb5_free_error_message(context, msg);
return ret;
@@ -902,7 +900,7 @@ _kdc_as_rep(krb5_context context,
KDCOptions f = b->kdc_options;
hdb_entry_ex *client = NULL, *server = NULL;
HDB *clientdb;
- krb5_enctype cetype, setype, sessionetype;
+ krb5_enctype setype, sessionetype;
krb5_data e_data;
EncTicketPart et;
EncKDCRepPart ek;
@@ -912,15 +910,20 @@ _kdc_as_rep(krb5_context context,
const char *e_text = NULL;
krb5_crypto crypto;
Key *ckey, *skey;
- EncryptionKey *reply_key;
+ EncryptionKey *reply_key, session_key;
int flags = 0;
#ifdef PKINIT
pk_client_params *pkp = NULL;
#endif
memset(&rep, 0, sizeof(rep));
+ memset(&session_key, 0, sizeof(session_key));
krb5_data_zero(&e_data);
+ ALLOC(rep.padata);
+ rep.padata->len = 0;
+ rep.padata->val = NULL;
+
if (f.canonicalize)
flags |= HDB_F_CANON;
@@ -1009,18 +1012,58 @@ _kdc_as_rep(krb5_context context,
memset(&ek, 0, sizeof(ek));
/*
- * Find the client key for reply encryption and pa-type salt, Pick
- * the client key upfront before the other keys because that is
- * going to affect what enctypes we are going to use in
- * ETYPE-INFO{,2}.
+ * Select a session enctype from the list of the crypto systems
+ * supported enctype, is supported by the client and is one of the
+ * enctype of the enctype of the krbtgt.
+ *
+ * The later is used as a hint what enctype all KDC are supporting
+ * to make sure a newer version of KDC wont generate a session
+ * enctype that and older version of a KDC in the same realm can't
+ * decrypt.
+ *
+ * But if the KDC admin is paranoid and doesn't want to have "no
+ * the best" enctypes on the krbtgt, lets save the best pick from
+ * the client list and hope that that will work for any other
+ * KDCs.
*/
+ {
+ const krb5_enctype *p;
+ krb5_enctype clientbest = ETYPE_NULL;
+ int i, j;
- ret = _kdc_find_etype(context, client, b->etype.val, b->etype.len,
- &ckey, &cetype);
- if (ret) {
- kdc_log(context, config, 0,
- "Client (%s) has no support for etypes", client_name);
- goto out;
+ p = krb5_kerberos_enctypes(context);
+
+ sessionetype = ETYPE_NULL;
+
+ for (i = 0; p[i] != ETYPE_NULL && sessionetype == ETYPE_NULL; i++) {
+ if (krb5_enctype_valid(context, p[i]) != 0)
+ continue;
+
+ for (j = 0; j < b->etype.len && sessionetype == ETYPE_NULL; j++) {
+ Key *dummy;
+ /* check with client */
+ if (p[i] != b->etype.val[j])
+ continue;
+ /* save best of union of { client, crypto system } */
+ if (clientbest == ETYPE_NULL)
+ clientbest = p[i];
+ /* check with krbtgt */
+ ret = hdb_enctype2key(context, &server->entry, p[i], &dummy);
+ if (ret)
+ continue;
+ sessionetype = p[i];
+ }
+ }
+ /* if krbtgt had no shared keys with client, pick clients best */
+ if (clientbest != ETYPE_NULL && sessionetype == ETYPE_NULL) {
+ sessionetype = clientbest;
+ } else if (sessionetype == ETYPE_NULL) {
+ kdc_log(context, config, 0,
+ "Client (%s) from %s has no common enctypes with KDC"
+ "to use for the session key",
+ client_name, from);
+ goto out;
+ }
}
/*
@@ -1230,7 +1273,11 @@ _kdc_as_rep(krb5_context context,
}
et.flags.pre_authent = 1;
--
Samba Shared Repository
More information about the samba-cvs
mailing list