[SCM] Samba Shared Repository - branch master updated
Stefan Metzmacher
metze at samba.org
Fri Jul 15 04:27:02 MDT 2011
The branch, master has been updated
via 7acc1a7 s4:kdc: set *_strongest_*_key to true to restore the old behavior
via e0541ed s4:auth/credentials: with the build after heimdal import
via dcf197f s4:heimdal_build: define HAVE_KRB5_PDU_NONE_DECL
via 890c30c s4:heimdal: add missing files
via 255e3e1 s4:heimdal: import lorikeet-heimdal-201107150856 (commit 48936803fae4a2fb362c79365d31f420c917b85b)
from 70da278 s3: Avoid leaking http_timestring in print_registry_key
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 7acc1a7a2f56627a2f5e4eed2fbfb14a16ecd649
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Jul 14 21:02:20 2011 +0200
s4:kdc: set *_strongest_*_key to true to restore the old behavior
TODO: check why this is needed.
metze
Autobuild-User: Stefan Metzmacher <metze at samba.org>
Autobuild-Date: Fri Jul 15 12:26:25 CEST 2011 on sn-devel-104
commit e0541ed98d730622f348e3871aba02908ce477dd
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Jul 14 14:15:29 2011 +0200
s4:auth/credentials: with the build after heimdal import
metze
commit dcf197fc8c8c81bdbb477e0e8dc1b5cb35c9e90b
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Jul 14 14:51:15 2011 +0200
s4:heimdal_build: define HAVE_KRB5_PDU_NONE_DECL
metze
commit 890c30ce46e4c576e61f8ae0f52d91f0f1ebfeab
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Jul 14 14:32:16 2011 +0200
s4:heimdal: add missing files
metze
commit 255e3e18e00f717d99f3bc57c8a8895ff624f3c3
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jul 15 09:10:30 2011 +0200
s4:heimdal: import lorikeet-heimdal-201107150856 (commit 48936803fae4a2fb362c79365d31f420c917b85b)
-----------------------------------------------------------------------
Summary of changes:
source4/auth/credentials/credentials_krb5.c | 1 +
source4/heimdal/base/baselocl.h | 7 +
source4/heimdal/base/dict.c | 4 +-
source4/heimdal/base/heimbase.c | 2 +-
source4/heimdal/base/heimbase.h | 18 +-
source4/heimdal/cf/make-proto.pl | 48 +++-
source4/heimdal/include/heim_threads.h | 28 +-
source4/heimdal/kdc/default_config.c | 74 ++---
source4/heimdal/kdc/digest.c | 142 ++++----
source4/heimdal/kdc/kdc.h | 16 +-
source4/heimdal/kdc/kerberos5.c | 236 ++++++++------
source4/heimdal/kdc/krb5tgs.c | 104 ++++---
source4/heimdal/kdc/kx509.c | 4 +-
source4/heimdal/kdc/log.c | 10 +-
source4/heimdal/kdc/misc.c | 39 ++-
source4/heimdal/kdc/pkinit.c | 115 ++++----
source4/heimdal/kdc/process.c | 18 +-
source4/heimdal/kdc/windc.c | 10 +-
source4/heimdal/kdc/windc_plugin.h | 6 +-
source4/heimdal/kpasswd/kpasswd.c | 15 +-
source4/heimdal/kuser/kinit.c | 66 ++--
source4/heimdal/lib/asn1/asn1-common.h | 2 +-
source4/heimdal/lib/asn1/asn1parse.c | 4 +-
source4/heimdal/lib/asn1/asn1parse.y | 4 +-
source4/heimdal/lib/asn1/der_cmp.c | 4 +-
source4/heimdal/lib/asn1/der_format.c | 2 +-
source4/heimdal/lib/asn1/der_get.c | 4 +-
source4/heimdal/lib/asn1/der_length.c | 2 +-
source4/heimdal/lib/asn1/der_put.c | 3 +-
source4/heimdal/lib/asn1/extra.c | 4 +-
source4/heimdal/lib/asn1/gen.c | 6 +-
source4/heimdal/lib/asn1/gen_decode.c | 38 ++-
source4/heimdal/lib/asn1/gen_encode.c | 19 +-
source4/heimdal/lib/asn1/gen_free.c | 4 +-
source4/heimdal/lib/asn1/gen_template.c | 22 +-
source4/heimdal/lib/asn1/krb5.asn1 | 50 ++--
source4/heimdal/lib/asn1/lex.c | 4 +-
source4/heimdal/lib/asn1/lex.l | 4 +-
source4/heimdal/lib/asn1/main.c | 2 +-
source4/heimdal/lib/asn1/test.asn1 | 3 +
source4/heimdal/lib/asn1/timegm.c | 21 +-
source4/heimdal/lib/com_err/compile_et.c | 4 +-
source4/heimdal/lib/com_err/error.c | 2 +-
source4/heimdal/lib/com_err/parse.c | 2 +-
source4/heimdal/lib/com_err/parse.y | 2 +-
source4/heimdal/lib/gssapi/gssapi/gssapi.h | 98 +++++--
source4/heimdal/lib/gssapi/gssapi/gssapi_oid.h | 7 +
source4/heimdal/lib/gssapi/gssapi_mech.h | 59 +++-
source4/heimdal/lib/gssapi/krb5/8003.c | 2 +-
.../heimdal/lib/gssapi/krb5/accept_sec_context.c | 70 +++--
source4/heimdal/lib/gssapi/krb5/acquire_cred.c | 153 ++++++---
source4/heimdal/lib/gssapi/krb5/add_cred.c | 31 +--
source4/heimdal/lib/gssapi/krb5/aeap.c | 10 +-
source4/heimdal/lib/gssapi/krb5/arcfour.c | 14 +-
.../authorize_localname.c} | 54 ++--
source4/heimdal/lib/gssapi/krb5/cfx.c | 12 +-
source4/heimdal/lib/gssapi/krb5/compat.c | 2 +-
source4/heimdal/lib/gssapi/krb5/context_time.c | 2 +-
source4/heimdal/lib/gssapi/krb5/copy_ccache.c | 2 +-
source4/heimdal/lib/gssapi/krb5/creds.c | 8 +-
source4/heimdal/lib/gssapi/krb5/encapsulate.c | 4 +-
source4/heimdal/lib/gssapi/krb5/external.c | 21 +-
source4/heimdal/lib/gssapi/krb5/import_name.c | 4 +-
source4/heimdal/lib/gssapi/krb5/init_sec_context.c | 36 +-
source4/heimdal/lib/gssapi/krb5/inquire_cred.c | 4 +-
.../lib/gssapi/krb5/inquire_names_for_mech.c | 2 +-
.../lib/gssapi/krb5/inquire_sec_context_by_oid.c | 53 +++-
.../krb5/{inquire_cred_by_oid.c => pname_to_uid.c} | 74 +++--
source4/heimdal/lib/gssapi/krb5/prf.c | 24 +-
.../lib/gssapi/krb5/process_context_token.c | 3 +-
source4/heimdal/lib/gssapi/krb5/sequence.c | 4 +-
source4/heimdal/lib/gssapi/krb5/set_cred_option.c | 4 +-
.../lib/gssapi/krb5/set_sec_context_option.c | 7 +-
source4/heimdal/lib/gssapi/krb5/store_cred.c | 2 +-
source4/heimdal/lib/gssapi/krb5/unwrap.c | 3 +-
source4/heimdal/lib/gssapi/krb5/verify_mic.c | 8 +-
source4/heimdal/lib/gssapi/krb5/wrap.c | 2 +-
source4/heimdal/lib/gssapi/mech/compat.h | 94 ++++++
source4/heimdal/lib/gssapi/mech/cred.h | 16 +
.../lib/gssapi/mech/gss_accept_sec_context.c | 16 +-
source4/heimdal/lib/gssapi/mech/gss_acquire_cred.c | 2 +-
source4/heimdal/lib/gssapi/mech/gss_add_cred.c | 2 +-
.../lib/gssapi/mech/gss_add_oid_set_member.c | 2 +-
source4/heimdal/lib/gssapi/mech/gss_aeap.c | 6 +-
source4/heimdal/lib/gssapi/mech/gss_buffer_set.c | 2 +-
.../lib/gssapi/mech/gss_canonicalize_name.c | 2 +-
source4/heimdal/lib/gssapi/mech/gss_cred.c | 4 +-
.../lib/gssapi/mech/gss_decapsulate_token.c | 6 +-
.../heimdal/lib/gssapi/mech/gss_display_status.c | 2 +-
.../heimdal/lib/gssapi/mech/gss_duplicate_name.c | 8 +-
.../lib/gssapi/mech/gss_encapsulate_token.c | 6 +-
.../lib/gssapi/mech/gss_export_sec_context.c | 2 +-
source4/heimdal/lib/gssapi/mech/gss_import_name.c | 18 +-
.../lib/gssapi/mech/gss_import_sec_context.c | 2 +-
.../heimdal/lib/gssapi/mech/gss_indicate_mechs.c | 4 +-
.../heimdal/lib/gssapi/mech/gss_init_sec_context.c | 2 +-
.../heimdal/lib/gssapi/mech/gss_inquire_context.c | 8 +-
.../lib/gssapi/mech/gss_inquire_cred_by_oid.c | 2 +-
source4/heimdal/lib/gssapi/mech/gss_krb5.c | 16 +-
source4/heimdal/lib/gssapi/mech/gss_mech_switch.c | 100 +++++--
source4/heimdal/lib/gssapi/mech/gss_mo.c | 351 +++++++++++++++-----
source4/heimdal/lib/gssapi/mech/gss_names.c | 2 +-
source4/heimdal/lib/gssapi/mech/gss_oid.c | 150 +++++----
source4/heimdal/lib/gssapi/mech/gss_oid_equal.c | 2 +-
source4/heimdal/lib/gssapi/mech/gss_release_name.c | 2 +-
.../heimdal/lib/gssapi/mech/gss_set_cred_option.c | 6 +-
.../lib/gssapi/mech/gss_test_oid_set_member.c | 2 +-
.../heimdal/lib/gssapi/mech/gss_wrap_size_limit.c | 2 +-
source4/heimdal/lib/gssapi/mech/mech_locl.h | 1 +
.../heimdal/lib/gssapi/spnego/accept_sec_context.c | 44 +--
source4/heimdal/lib/gssapi/spnego/compat.c | 6 +-
source4/heimdal/lib/gssapi/spnego/context_stubs.c | 4 +-
source4/heimdal/lib/gssapi/spnego/cred_stubs.c | 2 +-
source4/heimdal/lib/gssapi/spnego/external.c | 17 +-
.../heimdal/lib/gssapi/spnego/init_sec_context.c | 6 +-
source4/heimdal/lib/gssapi/spnego/spnego_locl.h | 2 +
source4/heimdal/lib/gssapi/version-script.map | 12 +-
source4/heimdal/lib/hcrypto/camellia-ntt.c | 4 +-
source4/heimdal/lib/hcrypto/des.c | 6 +-
source4/heimdal/lib/hcrypto/des.h | 2 +-
source4/heimdal/lib/hcrypto/dh-ltm.c | 6 +-
source4/heimdal/lib/hcrypto/dh.c | 4 +-
source4/heimdal/lib/hcrypto/engine.c | 4 +-
source4/heimdal/lib/hcrypto/evp.c | 6 +-
source4/heimdal/lib/hcrypto/evp.h | 2 +-
.../lib/hcrypto/libtommath/bn_fast_mp_invmod.c | 6 +-
.../lib/hcrypto/libtommath/bn_fast_s_mp_mul_digs.c | 16 +-
.../libtommath/bn_fast_s_mp_mul_high_digs.c | 6 +-
.../lib/hcrypto/libtommath/bn_fast_s_mp_sqr.c | 10 +-
.../heimdal/lib/hcrypto/libtommath/bn_mp_2expt.c | 2 +-
source4/heimdal/lib/hcrypto/libtommath/bn_mp_abs.c | 2 +-
.../heimdal/lib/hcrypto/libtommath/bn_mp_clamp.c | 2 +-
.../lib/hcrypto/libtommath/bn_mp_clear_multi.c | 2 +-
source4/heimdal/lib/hcrypto/libtommath/bn_mp_cmp.c | 2 +-
.../heimdal/lib/hcrypto/libtommath/bn_mp_cmp_mag.c | 2 +-
.../heimdal/lib/hcrypto/libtommath/bn_mp_cnt_lsb.c | 2 +-
.../lib/hcrypto/libtommath/bn_mp_count_bits.c | 2 +-
source4/heimdal/lib/hcrypto/libtommath/bn_mp_div.c | 32 +-
.../heimdal/lib/hcrypto/libtommath/bn_mp_div_3.c | 6 +-
.../heimdal/lib/hcrypto/libtommath/bn_mp_div_d.c | 10 +-
.../lib/hcrypto/libtommath/bn_mp_dr_setup.c | 2 +-
.../heimdal/lib/hcrypto/libtommath/bn_mp_exch.c | 2 +-
.../heimdal/lib/hcrypto/libtommath/bn_mp_exptmod.c | 4 +-
.../lib/hcrypto/libtommath/bn_mp_exptmod_fast.c | 6 +-
.../lib/hcrypto/libtommath/bn_mp_exteuclid.c | 2 +-
.../lib/hcrypto/libtommath/bn_mp_find_prime.c | 4 +-
.../heimdal/lib/hcrypto/libtommath/bn_mp_fread.c | 12 +-
.../heimdal/lib/hcrypto/libtommath/bn_mp_fwrite.c | 8 +-
source4/heimdal/lib/hcrypto/libtommath/bn_mp_gcd.c | 8 +-
.../heimdal/lib/hcrypto/libtommath/bn_mp_get_int.c | 4 +-
.../lib/hcrypto/libtommath/bn_mp_init_multi.c | 8 +-
.../lib/hcrypto/libtommath/bn_mp_init_size.c | 4 +-
.../heimdal/lib/hcrypto/libtommath/bn_mp_invmod.c | 4 +-
.../lib/hcrypto/libtommath/bn_mp_invmod_slow.c | 6 +-
.../lib/hcrypto/libtommath/bn_mp_is_square.c | 8 +-
.../heimdal/lib/hcrypto/libtommath/bn_mp_isprime.c | 4 +-
.../lib/hcrypto/libtommath/bn_mp_karatsuba_mul.c | 34 +-
.../lib/hcrypto/libtommath/bn_mp_karatsuba_sqr.c | 6 +-
source4/heimdal/lib/hcrypto/libtommath/bn_mp_mul.c | 12 +-
.../heimdal/lib/hcrypto/libtommath/bn_mp_mul_2.c | 20 +-
.../heimdal/lib/hcrypto/libtommath/bn_mp_mul_2d.c | 2 +-
.../heimdal/lib/hcrypto/libtommath/bn_mp_n_root.c | 24 +-
.../lib/hcrypto/libtommath/bn_mp_prime_fermat.c | 2 +-
.../hcrypto/libtommath/bn_mp_prime_is_divisible.c | 2 +-
.../hcrypto/libtommath/bn_mp_prime_miller_rabin.c | 6 +-
.../hcrypto/libtommath/bn_mp_prime_next_prime.c | 2 +-
.../lib/hcrypto/libtommath/bn_mp_prime_random_ex.c | 10 +-
.../lib/hcrypto/libtommath/bn_mp_radix_size.c | 2 +-
.../lib/hcrypto/libtommath/bn_mp_read_radix.c | 12 +-
.../heimdal/lib/hcrypto/libtommath/bn_mp_reduce.c | 12 +-
.../lib/hcrypto/libtommath/bn_mp_reduce_2k.c | 16 +-
.../lib/hcrypto/libtommath/bn_mp_reduce_2k_l.c | 18 +-
.../lib/hcrypto/libtommath/bn_mp_reduce_2k_setup.c | 8 +-
.../hcrypto/libtommath/bn_mp_reduce_2k_setup_l.c | 8 +-
.../lib/hcrypto/libtommath/bn_mp_reduce_is_2k.c | 4 +-
.../lib/hcrypto/libtommath/bn_mp_reduce_is_2k_l.c | 4 +-
.../lib/hcrypto/libtommath/bn_mp_reduce_setup.c | 2 +-
.../heimdal/lib/hcrypto/libtommath/bn_mp_rshd.c | 6 +-
.../heimdal/lib/hcrypto/libtommath/bn_mp_set_int.c | 2 +-
source4/heimdal/lib/hcrypto/libtommath/bn_mp_sqr.c | 8 +-
.../heimdal/lib/hcrypto/libtommath/bn_mp_sqrt.c | 6 +-
.../lib/hcrypto/libtommath/bn_mp_toom_mul.c | 70 ++--
.../lib/hcrypto/libtommath/bn_mp_toradix_n.c | 6 +-
.../heimdal/lib/hcrypto/libtommath/bn_s_mp_add.c | 4 +-
.../lib/hcrypto/libtommath/bn_s_mp_exptmod.c | 16 +-
.../lib/hcrypto/libtommath/bn_s_mp_mul_digs.c | 8 +-
.../heimdal/lib/hcrypto/libtommath/bn_s_mp_sqr.c | 2 +-
source4/heimdal/lib/hcrypto/libtommath/bncore.c | 6 +-
.../lib/hcrypto/libtommath/mtest/mpi-config.h | 2 +-
source4/heimdal/lib/hcrypto/libtommath/mtest/mpi.c | 150 +++++-----
source4/heimdal/lib/hcrypto/libtommath/tommath.h | 18 +-
.../lib/hcrypto/libtommath/tommath_superclass.h | 4 +-
source4/heimdal/lib/hcrypto/pkcs12.c | 2 +-
source4/heimdal/lib/hcrypto/rand-egd.c | 4 +-
source4/heimdal/lib/hcrypto/rc2.c | 2 +-
source4/heimdal/lib/hcrypto/rsa-ltm.c | 2 +-
source4/heimdal/lib/hcrypto/rsa.c | 12 +-
source4/heimdal/lib/hcrypto/sha256.c | 2 +-
source4/heimdal/lib/hcrypto/sha512.c | 2 +-
source4/heimdal/lib/hcrypto/ui.c | 6 +-
source4/heimdal/lib/hcrypto/validate.c | 6 +-
source4/heimdal/lib/hdb/dbinfo.c | 2 +-
source4/heimdal/lib/hdb/ext.c | 20 +-
source4/heimdal/lib/hdb/hdb-keytab.c | 2 +-
source4/heimdal/lib/hdb/hdb.c | 12 +-
source4/heimdal/lib/hdb/hdb.h | 4 +-
source4/heimdal/lib/hdb/keys.c | 16 +-
source4/heimdal/lib/hdb/keytab.c | 48 ++--
source4/heimdal/lib/hdb/mkey.c | 18 +-
source4/heimdal/lib/hx509/ca.c | 10 +-
source4/heimdal/lib/hx509/cert.c | 115 ++++---
source4/heimdal/lib/hx509/char_map.h | 64 ++--
source4/heimdal/lib/hx509/cms.c | 48 ++-
source4/heimdal/lib/hx509/collector.c | 11 +-
source4/heimdal/lib/hx509/crypto.c | 97 +++---
source4/heimdal/lib/hx509/file.c | 8 +-
source4/heimdal/lib/hx509/keyset.c | 15 +
source4/heimdal/lib/hx509/ks_dir.c | 4 +-
source4/heimdal/lib/hx509/ks_file.c | 26 +-
source4/heimdal/lib/hx509/ks_keychain.c | 14 +-
source4/heimdal/lib/hx509/ks_mem.c | 2 +-
source4/heimdal/lib/hx509/ks_p11.c | 32 +-
source4/heimdal/lib/hx509/ks_p12.c | 20 +-
source4/heimdal/lib/hx509/lock.c | 2 +-
source4/heimdal/lib/hx509/name.c | 52 ++--
source4/heimdal/lib/hx509/print.c | 31 +-
source4/heimdal/lib/hx509/revoke.c | 56 ++--
source4/heimdal/lib/hx509/sel.c | 6 +-
source4/heimdal/lib/hx509/sel.h | 2 +-
source4/heimdal/lib/hx509/test_name.c | 2 +-
source4/heimdal/lib/krb5/acache.c | 18 +-
source4/heimdal/lib/krb5/addr_families.c | 159 +++++++---
.../{get_default_realm.c => aname_to_localname.c} | 83 +++---
source4/heimdal/lib/krb5/appdefault.c | 2 +-
source4/heimdal/lib/krb5/auth_context.c | 2 +
source4/heimdal/lib/krb5/build_auth.c | 8 +-
source4/heimdal/lib/krb5/cache.c | 26 +-
source4/heimdal/lib/krb5/changepw.c | 18 +-
source4/heimdal/lib/krb5/codec.c | 34 +-
source4/heimdal/lib/krb5/config_file.c | 34 +-
source4/heimdal/lib/krb5/context.c | 186 ++++++-----
source4/heimdal/lib/krb5/convert_creds.c | 6 +-
source4/heimdal/lib/krb5/creds.c | 2 +-
source4/heimdal/lib/krb5/crypto-des.c | 4 +-
source4/heimdal/lib/krb5/crypto-des3.c | 2 +-
source4/heimdal/lib/krb5/crypto-evp.c | 4 +-
source4/heimdal/lib/krb5/crypto-pk.c | 23 +-
source4/heimdal/lib/krb5/crypto.c | 47 +--
source4/heimdal/lib/krb5/error_string.c | 2 +-
source4/heimdal/lib/krb5/expand_path.c | 16 +-
source4/heimdal/lib/krb5/fcache.c | 70 ++++-
source4/heimdal/lib/krb5/get_addrs.c | 42 +--
source4/heimdal/lib/krb5/get_cred.c | 63 ++--
source4/heimdal/lib/krb5/get_default_principal.c | 2 +-
source4/heimdal/lib/krb5/get_for_creds.c | 10 +-
source4/heimdal/lib/krb5/get_host_realm.c | 2 +-
source4/heimdal/lib/krb5/get_in_tkt.c | 31 +-
source4/heimdal/lib/krb5/heim_err.et | 1 +
source4/heimdal/lib/krb5/init_creds.c | 8 +-
source4/heimdal/lib/krb5/init_creds_pw.c | 55 ++--
source4/heimdal/lib/krb5/kcm.c | 36 +-
source4/heimdal/lib/krb5/keyblock.c | 2 +-
source4/heimdal/lib/krb5/keytab.c | 73 ++++-
source4/heimdal/lib/krb5/keytab_file.c | 17 +-
source4/heimdal/lib/krb5/keytab_keyfile.c | 8 +-
source4/heimdal/lib/krb5/krb5.h | 91 ++++--
source4/heimdal/lib/krb5/krb5_locl.h | 13 +-
source4/heimdal/lib/krb5/krbhst.c | 8 +-
source4/heimdal/lib/krb5/kuserok.c | 303 +++++++++++++++++
source4/heimdal/lib/krb5/log.c | 2 +-
source4/heimdal/lib/krb5/mcache.c | 4 +-
source4/heimdal/lib/krb5/misc.c | 45 +++-
source4/heimdal/lib/krb5/mit_glue.c | 6 +-
source4/heimdal/lib/krb5/mk_error.c | 5 +-
source4/heimdal/lib/krb5/mk_priv.c | 2 +-
source4/heimdal/lib/krb5/mk_rep.c | 2 +-
source4/heimdal/lib/krb5/n-fold.c | 2 +-
source4/heimdal/lib/krb5/pac.c | 15 +-
source4/heimdal/lib/krb5/padata.c | 4 +-
source4/heimdal/lib/krb5/pkinit.c | 128 ++++----
source4/heimdal/lib/krb5/plugin.c | 24 +-
source4/heimdal/lib/krb5/principal.c | 20 +-
source4/heimdal/lib/krb5/rd_cred.c | 15 +-
source4/heimdal/lib/krb5/rd_rep.c | 2 +-
source4/heimdal/lib/krb5/rd_req.c | 32 +-
source4/heimdal/lib/krb5/replay.c | 4 +-
source4/heimdal/lib/krb5/salt-arcfour.c | 2 +-
source4/heimdal/lib/krb5/salt-des.c | 6 +-
source4/heimdal/lib/krb5/salt.c | 3 +-
source4/heimdal/lib/krb5/send_to_kdc.c | 14 +-
source4/heimdal/lib/krb5/store-int.c | 2 +-
source4/heimdal/lib/krb5/store-int.h | 1 +
source4/heimdal/lib/krb5/store.c | 115 +++++--
source4/heimdal/lib/krb5/store_emem.c | 13 +-
source4/heimdal/lib/krb5/store_fd.c | 3 +-
source4/heimdal/lib/krb5/store_mem.c | 10 +-
source4/heimdal/lib/krb5/ticket.c | 10 +-
source4/heimdal/lib/krb5/transited.c | 63 ++---
source4/heimdal/lib/krb5/version-script.map | 6 +-
source4/heimdal/lib/krb5/warn.c | 4 +-
source4/heimdal/lib/ntlm/ntlm.c | 16 +-
source4/heimdal/lib/roken/dumpdata.c | 2 +-
source4/heimdal/lib/roken/get_window_size.c | 73 +++--
source4/heimdal/lib/roken/getarg.c | 22 +-
source4/heimdal/lib/roken/hex.c | 5 +-
source4/heimdal/lib/roken/parse_units.c | 4 +-
source4/heimdal/lib/roken/resolve.c | 12 +-
source4/heimdal/lib/roken/rkpty.c | 6 +-
source4/heimdal/lib/roken/roken.h.in | 19 +-
source4/heimdal/lib/roken/roken_gethostby.c | 9 +-
source4/heimdal/lib/roken/socket.c | 2 +-
source4/heimdal/lib/roken/strsep_copy.c | 2 +-
source4/heimdal/lib/roken/version-script.map | 4 +
source4/heimdal/lib/vers/print_version.c | 4 +-
source4/heimdal/lib/wind/ldap.c | 4 +-
source4/heimdal/lib/wind/normalize.c | 2 +-
source4/heimdal/lib/wind/stringprep.c | 2 +-
source4/heimdal/lib/wind/utf8.c | 10 +-
source4/heimdal_build/wscript_build | 5 +-
source4/heimdal_build/wscript_configure | 1 +
source4/kdc/kdc.c | 13 +
321 files changed, 4084 insertions(+), 2608 deletions(-)
copy source4/heimdal/lib/gssapi/{mech/gss_set_sec_context_option.c => krb5/authorize_localname.c} (62%)
copy source4/heimdal/lib/gssapi/krb5/{inquire_cred_by_oid.c => pname_to_uid.c} (60%)
create mode 100644 source4/heimdal/lib/gssapi/mech/compat.h
copy source4/heimdal/lib/krb5/{get_default_realm.c => aname_to_localname.c} (60%)
create mode 100644 source4/heimdal/lib/krb5/kuserok.c
Changeset truncated at 500 lines:
diff --git a/source4/auth/credentials/credentials_krb5.c b/source4/auth/credentials/credentials_krb5.c
index 1643197..7130e41 100644
--- a/source4/auth/credentials/credentials_krb5.c
+++ b/source4/auth/credentials/credentials_krb5.c
@@ -538,6 +538,7 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred,
* of AES keys.
*/
min_stat = krb5_get_default_in_tkt_etypes(ccache->smb_krb5_context->krb5_context,
+ KRB5_PDU_NONE,
&etypes);
if (min_stat == 0) {
OM_uint32 num_ktypes;
diff --git a/source4/heimdal/base/baselocl.h b/source4/heimdal/base/baselocl.h
index b3c81b9..901e860 100644
--- a/source4/heimdal/base/baselocl.h
+++ b/source4/heimdal/base/baselocl.h
@@ -35,6 +35,13 @@
#include "config.h"
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SELECT_H
+#include <sys/select.h>
+#endif
+
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
diff --git a/source4/heimdal/base/dict.c b/source4/heimdal/base/dict.c
index 7522c8c..1f9d71a 100644
--- a/source4/heimdal/base/dict.c
+++ b/source4/heimdal/base/dict.c
@@ -77,7 +77,7 @@ struct heim_type_data dict_object = {
static size_t
isprime(size_t p)
{
- int q, i;
+ size_t q, i;
for(i = 2 ; i < p; i++) {
q = p / i;
@@ -120,7 +120,7 @@ heim_dict_create(size_t size)
heim_release(dict);
return NULL;
}
-
+
dict->tab = calloc(dict->size, sizeof(dict->tab[0]));
if (dict->tab == NULL) {
dict->size = 0;
diff --git a/source4/heimdal/base/heimbase.c b/source4/heimdal/base/heimbase.c
index 0166871..7031af9 100644
--- a/source4/heimdal/base/heimbase.c
+++ b/source4/heimdal/base/heimbase.c
@@ -369,7 +369,7 @@ void
heim_abortv(const char *fmt, va_list ap)
{
static char str[1024];
-
+
vsnprintf(str, sizeof(str), fmt, ap);
syslog(LOG_ERR, "heim_abort: %s", str);
abort();
diff --git a/source4/heimdal/base/heimbase.h b/source4/heimdal/base/heimbase.h
index d1ca5aa..ad1b3f0 100644
--- a/source4/heimdal/base/heimbase.h
+++ b/source4/heimdal/base/heimbase.h
@@ -48,6 +48,22 @@ typedef heim_object_t heim_null_t;
#define HEIM_BASE_ONCE_INIT 0
typedef long heim_base_once_t; /* XXX arch dependant */
+#if !defined(__has_extension)
+#define __has_extension(x) 0
+#endif
+
+#define HEIM_REQUIRE_GNUC(m,n,p) \
+ (((__GNUC__ * 10000) + (__GNUC_MINOR__ * 100) + __GNUC_PATCHLEVEL__) >= \
+ (((m) * 10000) + ((n) * 100) + (p)))
+
+
+#if __has_extension(__builtin_expect) || HEIM_REQUIRE_GNUC(3,0,0)
+#define heim_builtin_expect(_op,_res) __builtin_expect(_op,_res)
+#else
+#define heim_builtin_expect(_op,_res) (_op)
+#endif
+
+
void * heim_retain(heim_object_t);
void heim_release(heim_object_t);
@@ -79,7 +95,7 @@ heim_abortv(const char *fmt, va_list ap)
HEIMDAL_PRINTF_ATTRIBUTE((printf, 1, 0));
#define heim_assert(e,t) \
- (__builtin_expect(!(e), 0) ? heim_abort(t ":" #e) : (void)0)
+ (heim_builtin_expect(!(e), 0) ? heim_abort(t ":" #e) : (void)0)
/*
*
diff --git a/source4/heimdal/cf/make-proto.pl b/source4/heimdal/cf/make-proto.pl
index bc323b9..6894dc1 100644
--- a/source4/heimdal/cf/make-proto.pl
+++ b/source4/heimdal/cf/make-proto.pl
@@ -11,6 +11,7 @@ my $line = "";
my $debug = 0;
my $oproto = 1;
my $private_func_re = "^_";
+my %depfunction = ();
Getopts('x:m:o:p:dqE:R:P:') || die "foo";
@@ -25,7 +26,7 @@ if($opt_q) {
if($opt_R) {
$private_func_re = $opt_R;
}
-%flags = (
+my %flags = (
'multiline-proto' => 1,
'header' => 1,
'function-blocking' => 0,
@@ -100,16 +101,21 @@ while(<>) {
s/^\s*//;
s/\s*$//;
s/\s+/ /g;
- if($_ =~ /\)$/ or $_ =~ /DEPRECATED$/){
+ if($_ =~ /\)$/){
if(!/^static/ && !/^PRIVATE/){
$attr = "";
if(m/(.*)(__attribute__\s?\(.*\))/) {
$attr .= " $2";
$_ = $1;
}
- if(m/(.*)\s(\w+DEPRECATED)/) {
+ if(m/(.*)\s(\w+DEPRECATED_FUNCTION)\s?(\(.*\))(.*)/) {
+ $depfunction{$2} = 1;
+ $attr .= " $2$3";
+ $_ = "$1 $4";
+ }
+ if(m/(.*)\s(\w+DEPRECATED)(.*)/) {
$attr .= " $2";
- $_ = $1;
+ $_ = "$1 $3";
}
# remove outer ()
s/\s*\(/</;
@@ -302,17 +308,44 @@ if($flags{"gnuc-attribute"}) {
";
}
}
+
+my $depstr = "";
+my $undepstr = "";
+foreach (keys %depfunction) {
+ $depstr .= "#ifndef $_
+#if defined(__GNUC__) && ((__GNUC__ > 3) || ((__GNUC__ == 3) && (__GNUC_MINOR__ >= 1 )))
+#define $_(X) __attribute__((__deprecated__))
+#else
+#define $_(X)
+#endif
+#endif
+
+
+";
+ $public_h_trailer .= "#undef $_
+
+";
+ $private_h_trailer .= "#undef $_
+#define $_(X)
+
+";
+}
+
+$public_h_header .= $depstr;
+$private_h_header .= $depstr;
+
+
if($flags{"cxx"}) {
$public_h_header .= "#ifdef __cplusplus
extern \"C\" {
#endif
";
- $public_h_trailer .= "#ifdef __cplusplus
+ $public_h_trailer = "#ifdef __cplusplus
}
#endif
-";
+" . $public_h_trailer;
}
if ($opt_E) {
@@ -348,6 +381,9 @@ if ($opt_E) {
";
}
+$public_h_trailer .= $undepstr;
+$private_h_trailer .= $undepstr;
+
if ($public_h ne "" && $flags{"header"}) {
$public_h = $public_h_header . $public_h .
$public_h_trailer . "#endif /* $block */\n";
diff --git a/source4/heimdal/include/heim_threads.h b/source4/heimdal/include/heim_threads.h
index c4f841f..8ff677f 100644
--- a/source4/heimdal/include/heim_threads.h
+++ b/source4/heimdal/include/heim_threads.h
@@ -67,13 +67,13 @@
#define HEIMDAL_RWLOCK rwlock_t
#define HEIMDAL_RWLOCK_INITIALIZER RWLOCK_INITIALIZER
-#define HEIMDAL_RWLOCK_init(l) rwlock_init(l, NULL)
-#define HEIMDAL_RWLOCK_rdlock(l) rwlock_rdlock(l)
-#define HEIMDAL_RWLOCK_wrlock(l) rwlock_wrlock(l)
-#define HEIMDAL_RWLOCK_tryrdlock(l) rwlock_tryrdlock(l)
-#define HEIMDAL_RWLOCK_trywrlock(l) rwlock_trywrlock(l)
-#define HEIMDAL_RWLOCK_unlock(l) rwlock_unlock(l)
-#define HEIMDAL_RWLOCK_destroy(l) rwlock_destroy(l)
+#define HEIMDAL_RWLOCK_init(l) rwlock_init(l, NULL)
+#define HEIMDAL_RWLOCK_rdlock(l) rwlock_rdlock(l)
+#define HEIMDAL_RWLOCK_wrlock(l) rwlock_wrlock(l)
+#define HEIMDAL_RWLOCK_tryrdlock(l) rwlock_tryrdlock(l)
+#define HEIMDAL_RWLOCK_trywrlock(l) rwlock_trywrlock(l)
+#define HEIMDAL_RWLOCK_unlock(l) rwlock_unlock(l)
+#define HEIMDAL_RWLOCK_destroy(l) rwlock_destroy(l)
#define HEIMDAL_thread_key thread_key_t
#define HEIMDAL_key_create(k,d,r) do { r = thr_keycreate(k,d); } while(0)
@@ -94,13 +94,13 @@
#define HEIMDAL_RWLOCK rwlock_t
#define HEIMDAL_RWLOCK_INITIALIZER RWLOCK_INITIALIZER
-#define HEIMDAL_RWLOCK_init(l) pthread_rwlock_init(l, NULL)
-#define HEIMDAL_RWLOCK_rdlock(l) pthread_rwlock_rdlock(l)
-#define HEIMDAL_RWLOCK_wrlock(l) pthread_rwlock_wrlock(l)
-#define HEIMDAL_RWLOCK_tryrdlock(l) pthread_rwlock_tryrdlock(l)
-#define HEIMDAL_RWLOCK_trywrlock(l) pthread_rwlock_trywrlock(l)
-#define HEIMDAL_RWLOCK_unlock(l) pthread_rwlock_unlock(l)
-#define HEIMDAL_RWLOCK_destroy(l) pthread_rwlock_destroy(l)
+#define HEIMDAL_RWLOCK_init(l) pthread_rwlock_init(l, NULL)
+#define HEIMDAL_RWLOCK_rdlock(l) pthread_rwlock_rdlock(l)
+#define HEIMDAL_RWLOCK_wrlock(l) pthread_rwlock_wrlock(l)
+#define HEIMDAL_RWLOCK_tryrdlock(l) pthread_rwlock_tryrdlock(l)
+#define HEIMDAL_RWLOCK_trywrlock(l) pthread_rwlock_trywrlock(l)
+#define HEIMDAL_RWLOCK_unlock(l) pthread_rwlock_unlock(l)
+#define HEIMDAL_RWLOCK_destroy(l) pthread_rwlock_destroy(l)
#define HEIMDAL_thread_key pthread_key_t
#define HEIMDAL_key_create(k,d,r) do { r = pthread_key_create(k,d); } while(0)
diff --git a/source4/heimdal/kdc/default_config.c b/source4/heimdal/kdc/default_config.c
index 1441c31..fe977de 100644
--- a/source4/heimdal/kdc/default_config.c
+++ b/source4/heimdal/kdc/default_config.c
@@ -51,14 +51,14 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
c->require_preauth = TRUE;
c->kdc_warn_pwexpire = 0;
c->encode_as_rep_as_tgs_rep = FALSE;
+ c->as_use_strongest_session_key = FALSE;
+ c->preauth_use_strongest_session_key = FALSE;
+ c->tgs_use_strongest_session_key = FALSE;
+ c->use_strongest_server_key = FALSE;
c->check_ticket_addresses = TRUE;
c->allow_null_ticket_addresses = TRUE;
c->allow_anonymous = FALSE;
c->trpolicy = TRPOLICY_ALWAYS_CHECK;
- c->enable_v4 = FALSE;
- c->enable_kaserver = FALSE;
- c->enable_524 = FALSE;
- c->enable_v4_cross_realm = FALSE;
c->enable_pkinit = FALSE;
c->pkinit_princ_in_cert = TRUE;
c->pkinit_require_binding = TRUE;
@@ -70,19 +70,6 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
krb5_config_get_bool_default(context, NULL,
c->require_preauth,
"kdc", "require-preauth", NULL);
- c->enable_v4 =
- krb5_config_get_bool_default(context, NULL,
- c->enable_v4,
- "kdc", "enable-kerberos4", NULL);
- c->enable_v4_cross_realm =
- krb5_config_get_bool_default(context, NULL,
- c->enable_v4_cross_realm,
- "kdc",
- "enable-kerberos4-cross-realm", NULL);
- c->enable_524 =
- krb5_config_get_bool_default(context, NULL,
- c->enable_v4,
- "kdc", "enable-524", NULL);
#ifdef DIGEST
c->enable_digest =
krb5_config_get_bool_default(context, NULL,
@@ -133,6 +120,27 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
}
#endif
+ c->as_use_strongest_session_key =
+ krb5_config_get_bool_default(context, NULL,
+ c->as_use_strongest_session_key,
+ "kdc",
+ "as-use-strongest-session-key", NULL);
+ c->preauth_use_strongest_session_key =
+ krb5_config_get_bool_default(context, NULL,
+ c->preauth_use_strongest_session_key,
+ "kdc",
+ "preauth-use-strongest-session-key", NULL);
+ c->tgs_use_strongest_session_key =
+ krb5_config_get_bool_default(context, NULL,
+ c->tgs_use_strongest_session_key,
+ "kdc",
+ "tgs-use-strongest-session-key", NULL);
+ c->use_strongest_server_key =
+ krb5_config_get_bool_default(context, NULL,
+ c->use_strongest_server_key,
+ "kdc",
+ "use-strongest-server-key", NULL);
+
c->check_ticket_addresses =
krb5_config_get_bool_default(context, NULL,
c->check_ticket_addresses,
@@ -180,28 +188,6 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
}
}
- {
- const char *p;
- p = krb5_config_get_string (context, NULL,
- "kdc",
- "v4-realm",
- NULL);
- if(p != NULL) {
- c->v4_realm = strdup(p);
- if (c->v4_realm == NULL)
- krb5_errx(context, 1, "out of memory");
- } else {
- c->v4_realm = NULL;
- }
- }
-
- c->enable_kaserver =
- krb5_config_get_bool_default(context,
- NULL,
- c->enable_kaserver,
- "kdc", "enable-kaserver", NULL);
-
-
c->encode_as_rep_as_tgs_rep =
krb5_config_get_bool_default(context, NULL,
c->encode_as_rep_as_tgs_rep,
@@ -223,7 +209,7 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
NULL);
- c->pkinit_kdc_identity =
+ c->pkinit_kdc_identity =
krb5_config_get_string(context, NULL,
"kdc", "pkinit_identity", NULL);
c->pkinit_kdc_anchors =
@@ -235,7 +221,7 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
c->pkinit_kdc_revoke =
krb5_config_get_strings(context, NULL,
"kdc", "pkinit_revoke", NULL);
- c->pkinit_kdc_ocsp_file =
+ c->pkinit_kdc_ocsp_file =
krb5_config_get_string(context, NULL,
"kdc", "pkinit_kdc_ocsp", NULL);
c->pkinit_kdc_friendly_name =
@@ -272,7 +258,7 @@ krb5_kdc_pkinit_config(krb5_context context, krb5_kdc_configuration *config)
if (config->pkinit_kdc_identity == NULL) {
if (config->pkinit_kdc_friendly_name == NULL)
- config->pkinit_kdc_friendly_name =
+ config->pkinit_kdc_friendly_name =
strdup("O=System Identity,CN=com.apple.kerberos.kdc");
config->pkinit_kdc_identity = strdup("KEYCHAIN:");
}
@@ -284,7 +270,7 @@ krb5_kdc_pkinit_config(krb5_context context, krb5_kdc_configuration *config)
if (config->enable_pkinit) {
if (config->pkinit_kdc_identity == NULL)
krb5_errx(context, 1, "pkinit enabled but no identity");
-
+
if (config->pkinit_kdc_anchors == NULL)
krb5_errx(context, 1, "pkinit enabled but no X509 anchors");
@@ -298,4 +284,4 @@ krb5_kdc_pkinit_config(krb5_context context, krb5_kdc_configuration *config)
return 0;
#endif /* PKINIT */
-}
+}
diff --git a/source4/heimdal/kdc/digest.c b/source4/heimdal/kdc/digest.c
index 70b45c2..5f0d274 100644
--- a/source4/heimdal/kdc/digest.c
+++ b/source4/heimdal/kdc/digest.c
@@ -257,7 +257,7 @@ _kdc_do_digest(krb5_context context,
/* check the server principal in the ticket matches digest/R at R */
{
krb5_principal principal = NULL;
- const char *p, *r;
+ const char *p, *rr;
ret = krb5_ticket_get_server(context, ticket, &principal);
if (ret)
@@ -280,12 +280,12 @@ _kdc_do_digest(krb5_context context,
krb5_free_principal(context, principal);
goto out;
}
- r = krb5_principal_get_realm(context, principal);
- if (r == NULL) {
+ rr = krb5_principal_get_realm(context, principal);
+ if (rr == NULL) {
krb5_free_principal(context, principal);
goto out;
}
- if (strcmp(p, r) != 0) {
+ if (strcmp(p, rr) != 0) {
krb5_free_principal(context, principal);
goto out;
}
@@ -356,7 +356,7 @@ _kdc_do_digest(krb5_context context,
crypto = NULL;
if (ret)
goto out;
-
+
ret = decode_DigestReqInner(buf.data, buf.length, &ireq, NULL);
krb5_data_free(&buf);
if (ret) {
@@ -419,7 +419,7 @@ _kdc_do_digest(krb5_context context,
free(r.u.initReply.nonce);
r.u.initReply.nonce = s;
}
-
+
ret = krb5_store_stringz(sp, r.u.initReply.nonce);
if (ret) {
krb5_clear_error_message(context);
@@ -475,7 +475,7 @@ _kdc_do_digest(krb5_context context,
krb5_data_free(&buf);
if (ret)
goto out;
-
+
ASN1_MALLOC_ENCODE(Checksum, buf.data, buf.length, &res, &size, ret);
free_Checksum(&res);
if (ret) {
@@ -547,7 +547,7 @@ _kdc_do_digest(krb5_context context,
"Failed to decode digest Checksum");
goto out;
}
-
+
ret = krb5_storage_to_data(sp, &buf);
if (ret) {
krb5_clear_error_message(context);
@@ -561,14 +561,14 @@ _kdc_do_digest(krb5_context context,
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out;
}
-
+
/*
* CHAP does the checksum of the raw nonce, but do it for all
* types, since we need to check the timestamp.
*/
{
ssize_t ssize;
-
+
ssize = hex_decode(ireq.u.digestRequest.serverNonce,
serverNonce.data, serverNonce.length);
if (ssize <= 0) {
@@ -597,7 +597,7 @@ _kdc_do_digest(krb5_context context,
{
unsigned char *p = serverNonce.data;
uint32_t t;
-
+
if (serverNonce.length < 4) {
ret = EINVAL;
krb5_set_error_message(context, ret, "server nonce too short");
@@ -616,7 +616,7 @@ _kdc_do_digest(krb5_context context,
EVP_MD_CTX *ctx;
unsigned char md[MD5_DIGEST_LENGTH];
char *mdx;
- char id;
+ char idx;
if ((config->digests_allowed & CHAP_MD5) == 0) {
kdc_log(context, config, 0, "Digest CHAP MD5 not allowed");
@@ -629,13 +629,13 @@ _kdc_do_digest(krb5_context context,
"from CHAP request");
goto out;
}
-
- if (hex_decode(*ireq.u.digestRequest.identifier, &id, 1) != 1) {
+
+ if (hex_decode(*ireq.u.digestRequest.identifier, &idx, 1) != 1) {
--
Samba Shared Repository
More information about the samba-cvs
mailing list