diff options
author | Andrew Bartlett <abartlet@samba.org> | 2005-09-21 12:24:41 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:38:38 -0500 |
commit | c44efdaa2242f50d75dd5b800e372dd5586c6deb (patch) | |
tree | 543da228fe555b91b60bcd796e723b7c9628b3f6 | |
parent | 8f334f69b5d5fcae4a7b2b70e18b7062c46c719e (diff) | |
download | samba-c44efdaa2242f50d75dd5b800e372dd5586c6deb.tar.gz samba-c44efdaa2242f50d75dd5b800e372dd5586c6deb.tar.bz2 samba-c44efdaa2242f50d75dd5b800e372dd5586c6deb.zip |
r10386: Merge current lorikeet-heimdal into Samba4.
Andrew Bartlett
(This used to be commit 4d2a9a9bc497eae269c24cbf156b43b8588e2f73)
-rw-r--r-- | source4/heimdal/cf/resolv.m4 | 21 | ||||
-rw-r--r-- | source4/heimdal/kdc/kerberos5.c | 24 | ||||
-rwxr-xr-x | source4/heimdal/kdc/pkinit.c | 110 | ||||
-rw-r--r-- | source4/heimdal/lib/asn1/gen_decode.c | 12 | ||||
-rw-r--r-- | source4/heimdal/lib/asn1/lex.c | 254 | ||||
-rw-r--r-- | source4/heimdal/lib/asn1/lex.l | 230 | ||||
-rw-r--r-- | source4/heimdal/lib/asn1/pkcs8.asn1 | 4 | ||||
-rw-r--r-- | source4/heimdal/lib/com_err/parse.c | 209 | ||||
-rw-r--r-- | source4/heimdal/lib/com_err/parse.h | 6 | ||||
-rwxr-xr-x | source4/heimdal/lib/gssapi/cfx.c | 2 | ||||
-rw-r--r-- | source4/heimdal/lib/hdb/hdb-protos.h | 359 | ||||
-rw-r--r-- | source4/heimdal/lib/krb5/changepw.c | 20 | ||||
-rw-r--r-- | source4/heimdal/lib/krb5/crypto.c | 136 | ||||
-rw-r--r-- | source4/heimdal/lib/krb5/kcm.c | 9 | ||||
-rw-r--r-- | source4/heimdal/lib/krb5/krb5-private.h | 8 | ||||
-rw-r--r-- | source4/heimdal/lib/krb5/krb5-protos.h | 17 | ||||
-rwxr-xr-x | source4/heimdal/lib/krb5/pkinit.c | 15 |
17 files changed, 570 insertions, 866 deletions
diff --git a/source4/heimdal/cf/resolv.m4 b/source4/heimdal/cf/resolv.m4 index 81a7a143f9..20e85a8400 100644 --- a/source4/heimdal/cf/resolv.m4 +++ b/source4/heimdal/cf/resolv.m4 @@ -1,10 +1,13 @@ -dnl stuff used by DNS resolv code +dnl stuff used by DNS resolv code in roken +dnl +dnl $Id: resolv.m4,v 1.1 2005/09/02 10:17:38 lha Exp $ +dnl -AC_DEFUN([rk_RESOLV], [ +AC_DEFUN([rk_RESOLV],[ - AC_CHECK_HEADERS(arpa/nameser.h) +AC_CHECK_HEADERS([arpa/nameser.h]) - AC_CHECK_HEADERS(resolv.h, , , [AC_INCLUDES_DEFAULT +AC_CHECK_HEADERS(resolv.h, , , [AC_INCLUDES_DEFAULT #ifdef HAVE_SYS_TYPES_H #include <sys/types.h> #endif @@ -16,7 +19,7 @@ AC_DEFUN([rk_RESOLV], [ #endif ]) - AC_FIND_FUNC(res_search, resolv, +AC_FIND_FUNC(res_search, resolv, [ #include <stdio.h> #ifdef HAVE_SYS_TYPES_H @@ -34,7 +37,7 @@ AC_DEFUN([rk_RESOLV], [ ], [0,0,0,0,0]) - AC_FIND_FUNC(res_nsearch, resolv, +AC_FIND_FUNC(res_nsearch, resolv, [ #include <stdio.h> #ifdef HAVE_SYS_TYPES_H @@ -52,7 +55,7 @@ AC_DEFUN([rk_RESOLV], [ ], [0,0,0,0,0,0]) - AC_FIND_FUNC(res_ndestroy, resolv, +AC_FIND_FUNC(res_ndestroy, resolv, [ #include <stdio.h> #ifdef HAVE_SYS_TYPES_H @@ -70,7 +73,7 @@ AC_DEFUN([rk_RESOLV], [ ], [0]) - AC_FIND_FUNC(dn_expand, resolv, +AC_FIND_FUNC(dn_expand, resolv, [ #include <stdio.h> #ifdef HAVE_SYS_TYPES_H @@ -88,7 +91,7 @@ AC_DEFUN([rk_RESOLV], [ ], [0,0,0,0,0]) - rk_CHECK_VAR(_res, +rk_CHECK_VAR(_res, [#include <stdio.h> #ifdef HAVE_SYS_TYPES_H #include <sys/types.h> diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c index 2cbb5831d4..3191ab19b7 100644 --- a/source4/heimdal/kdc/kerberos5.c +++ b/source4/heimdal/kdc/kerberos5.c @@ -483,8 +483,8 @@ make_etype_info2_entry(ETYPE_INFO2_ENTRY *ent, Key *key) ent->s2kparams = NULL; switch (key->key.keytype) { - case KEYTYPE_AES128: - case KEYTYPE_AES256: + case ETYPE_AES128_CTS_HMAC_SHA1_96: + case ETYPE_AES256_CTS_HMAC_SHA1_96: ALLOC(ent->s2kparams); if (ent->s2kparams == NULL) return ENOMEM; @@ -499,6 +499,26 @@ make_etype_info2_entry(ETYPE_INFO2_ENTRY *ent, Key *key) _krb5_AES_string_to_default_iterator, ent->s2kparams->length); break; + case ETYPE_DES_CBC_CRC: + case ETYPE_DES_CBC_MD4: + case ETYPE_DES_CBC_MD5: + /* Check if this was a AFS3 salted key */ + if(key->salt && key->salt->type == hdb_afs3_salt){ + ALLOC(ent->s2kparams); + if (ent->s2kparams == NULL) + return ENOMEM; + ent->s2kparams->length = 1; + ent->s2kparams->data = malloc(ent->s2kparams->length); + if (ent->s2kparams->data == NULL) { + free(ent->s2kparams); + ent->s2kparams = NULL; + return ENOMEM; + } + _krb5_put_int(ent->s2kparams->data, + 1, + ent->s2kparams->length); + } + break; default: break; } diff --git a/source4/heimdal/kdc/pkinit.c b/source4/heimdal/kdc/pkinit.c index fdeaf27ac4..985c7c15e4 100755 --- a/source4/heimdal/kdc/pkinit.c +++ b/source4/heimdal/kdc/pkinit.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: pkinit.c,v 1.41 2005/08/12 09:21:40 lha Exp $"); +RCSID("$Id: pkinit.c,v 1.43 2005/09/21 00:40:32 lha Exp $"); #ifdef PKINIT @@ -333,16 +333,11 @@ generate_dh_keyblock(krb5_context context, pk_client_params *client_params, goto out; } - ret = krb5_random_to_key(context, enctype, - dh_gen_key, dh_gen_keylen, &key); - - if (ret) { - krb5_set_error_string(context, - "pkinit - can't create key from DH key"); - ret = KRB5KRB_ERR_GENERIC; - goto out; - } - ret = krb5_copy_keyblock_contents(context, &key, reply_key); + ret = _krb5_pk_octetstring2key(context, + enctype, + dh_gen_key, dh_gen_keylen, + NULL, NULL, + reply_key); out: if (dh_gen_key) @@ -768,11 +763,10 @@ _kdc_pk_rd_padata(krb5_context context, client_params->nonce = ap.pkAuthenticator.nonce; if (ap.clientPublicValue) { - ret = get_dh_param(context, ap.clientPublicValue, client_params); - if (ret) { - free_AuthPack_19(&ap); - goto out; - } + krb5_set_error_string(context, "PK-INIT, no support for DH"); + ret = KRB5KDC_ERR_PADATA_TYPE_NOSUPP; + free_AuthPack_19(&ap); + goto out; } free_AuthPack_19(&ap); } else if (pa->padata_type == KRB5_PADATA_PK_AS_REQ) { @@ -800,10 +794,11 @@ _kdc_pk_rd_padata(krb5_context context, client_params->nonce = ap.pkAuthenticator.nonce; if (ap.clientPublicValue) { - krb5_set_error_string(context, "PK-INIT, no support for DH"); - ret = KRB5KDC_ERR_PADATA_TYPE_NOSUPP; - free_AuthPack(&ap); - goto out; + ret = get_dh_param(context, ap.clientPublicValue, client_params); + if (ret) { + free_AuthPack(&ap); + goto out; + } } free_AuthPack(&ap); } else @@ -1139,16 +1134,18 @@ pk_mk_pa_reply_dh(krb5_context context, ContentInfo *content_info) { ASN1_INTEGER *dh_pub_key = NULL; + ContentInfo contentinfo; KDCDHKeyInfo dh_info; krb5_error_code ret; SignedData sd; - krb5_data buf, sd_buf; + krb5_data buf, signed_data; size_t size; + memset(&contentinfo, 0, sizeof(contentinfo)); memset(&dh_info, 0, sizeof(dh_info)); memset(&sd, 0, sizeof(sd)); krb5_data_zero(&buf); - krb5_data_zero(&sd_buf); + krb5_data_zero(&signed_data); dh_pub_key = BN_to_ASN1_INTEGER(kdc_dh->pub_key, NULL); if (dh_pub_key == NULL) { @@ -1190,17 +1187,21 @@ pk_mk_pa_reply_dh(krb5_context context, ret = _krb5_pk_create_sign(context, oid_id_pkdhkeydata(), &buf, - kdc_identity, - &sd_buf); + kdc_identity, + &signed_data); krb5_data_free(&buf); if (ret) goto out; - ret = _krb5_pk_mk_ContentInfo(context, &sd_buf, oid_id_pkcs7_signedData(), + ret = _krb5_pk_mk_ContentInfo(context, + &signed_data, + oid_id_pkcs7_signedData(), content_info); - krb5_data_free(&sd_buf); + if (ret) + goto out; out: + krb5_data_free(&signed_data); free_KDCDHKeyInfo(&dh_info); return ret; @@ -1249,14 +1250,15 @@ _kdc_pk_mk_pa_reply(krb5_context context, if (client_params->type == PKINIT_COMPAT_27) { PA_PK_AS_REP rep; - pa_type = KRB5_PADATA_PK_AS_REP; - memset(&rep, 0, sizeof(rep)); + pa_type = KRB5_PADATA_PK_AS_REP; + if (client_params->dh == NULL) { - rep.element = choice_PA_PK_AS_REP_encKeyPack; ContentInfo info; + rep.element = choice_PA_PK_AS_REP_encKeyPack; + krb5_generate_random_keyblock(context, enctype, &client_params->reply_key); ret = pk_mk_pa_reply_enckey(context, @@ -1283,8 +1285,37 @@ _kdc_pk_mk_pa_reply(krb5_context context, krb5_abortx(context, "Internal ASN.1 encoder error"); } else { - krb5_set_error_string(context, "DH -27 not implemented"); - ret = KRB5KRB_ERR_GENERIC; + ContentInfo info; + + rep.element = choice_PA_PK_AS_REP_dhInfo; + + ret = check_dh_params(client_params->dh); + if (ret) + return ret; + + ret = generate_dh_keyblock(context, client_params, enctype, + &client_params->reply_key); + if (ret) + return ret; + + ret = pk_mk_pa_reply_dh(context, client_params->dh, + client_params, + &client_params->reply_key, + &info); + + ASN1_MALLOC_ENCODE(ContentInfo, rep.u.dhInfo.dhSignedData.data, + rep.u.dhInfo.dhSignedData.length, &info, &size, + ret); + free_ContentInfo(&info); + if (ret) { + krb5_set_error_string(context, "encoding of Key ContentInfo " + "failed %d", ret); + free_PA_PK_AS_REP(&rep); + goto out; + } + if (rep.u.encKeyPack.length != size) + krb5_abortx(context, "Internal ASN.1 encoder error"); + } if (ret) { free_PA_PK_AS_REP(&rep); @@ -1319,21 +1350,8 @@ _kdc_pk_mk_pa_reply(krb5_context context, &client_params->reply_key, &rep.u.encKeyPack); } else { - rep.element = choice_PA_PK_AS_REP_19_dhSignedData; - - ret = check_dh_params(client_params->dh); - if (ret) - return ret; - - ret = generate_dh_keyblock(context, client_params, enctype, - &client_params->reply_key); - if (ret) - return ret; - - ret = pk_mk_pa_reply_dh(context, client_params->dh, - client_params, - &client_params->reply_key, - &rep.u.dhSignedData); + krb5_set_error_string(context, "DH -19 not implemented"); + ret = KRB5KRB_ERR_GENERIC; } if (ret) { free_PA_PK_AS_REP_19(&rep); diff --git a/source4/heimdal/lib/asn1/gen_decode.c b/source4/heimdal/lib/asn1/gen_decode.c index 42ceb37e62..6461a0ada9 100644 --- a/source4/heimdal/lib/asn1/gen_decode.c +++ b/source4/heimdal/lib/asn1/gen_decode.c @@ -34,7 +34,7 @@ #include "gen_locl.h" #include "lex.h" -RCSID("$Id: gen_decode.c,v 1.28 2005/08/23 11:51:25 lha Exp $"); +RCSID("$Id: gen_decode.c,v 1.29 2005/09/21 00:30:37 lha Exp $"); static void decode_primitive (const char *typename, const char *name, const char *forwstr) @@ -396,17 +396,15 @@ decode_type (const char *name, const Type *t, int optional, "%s_tmp = realloc((%s)->val, " " sizeof(*((%s)->val)) * ((%s)->len + 1));\n" "if (%s_tmp == NULL) { %s; }\n" - "(%s)->len++;\n" "(%s)->val = %s_tmp;\n", tmpstr, tmpstr, tmpstr, name, name, tmpstr, tmpstr, name, name, name, - tmpstr, - forwstr, name, name, - tmpstr); + tmpstr, forwstr, + name, tmpstr); - asprintf (&n, "&(%s)->val[(%s)->len-1]", name, name); + asprintf (&n, "&(%s)->val[(%s)->len]", name, name); if (n == NULL) errx(1, "malloc"); asprintf (&sname, "%s_s_of", tmpstr); @@ -414,10 +412,12 @@ decode_type (const char *name, const Type *t, int optional, errx(1, "malloc"); decode_type (n, t->subtype, 0, forwstr, sname); fprintf (codefile, + "(%s)->len++;\n" "len = %s_origlen - ret;\n" "}\n" "ret += %s_oldret;\n" "}\n", + name, tmpstr, tmpstr); free (n); free (sname); diff --git a/source4/heimdal/lib/asn1/lex.c b/source4/heimdal/lib/asn1/lex.c index 3b563038e8..8a13c392f8 100644 --- a/source4/heimdal/lib/asn1/lex.c +++ b/source4/heimdal/lib/asn1/lex.c @@ -736,7 +736,7 @@ char *yytext; * SUCH DAMAGE. */ -/* $Id: lex.l,v 1.26 2005/07/12 06:27:33 lha Exp $ */ +/* $Id: lex.l,v 1.27 2005/09/13 18:17:16 lha Exp $ */ #ifdef HAVE_CONFIG_H #include <config.h> @@ -758,8 +758,8 @@ static unsigned lineno = 1; #undef ECHO -static void handle_comment(int type); -static char *handle_string(void); +static void unterminated(const char *, unsigned); + #line 764 "lex.c" /* Macros after this point can all be overridden by user definitions in @@ -1419,21 +1419,121 @@ YY_RULE_SETUP case 85: YY_RULE_SETUP #line 147 "lex.l" -{ handle_comment(0); } +{ + int c, start_lineno = lineno; + int f = 0; + while((c = input()) != EOF) { + if(f && c == '-') + break; + if(c == '-') { + f = 1; + continue; + } + if(c == '\n') { + lineno++; + break; + } + f = 0; + } + if(c == EOF) + unterminated("comment", start_lineno); + } YY_BREAK case 86: YY_RULE_SETUP -#line 148 "lex.l" -{ handle_comment(1); } +#line 166 "lex.l" +{ + int c, start_lineno = lineno; + int level = 1; + int seen_star = 0; + int seen_slash = 0; + while((c = input()) != EOF) { + if(c == '/') { + if(seen_star) { + if(--level == 0) + break; + seen_star = 0; + continue; + } + seen_slash = 1; + continue; + } + if(seen_star && c == '/') { + if(--level == 0) + break; + seen_star = 0; + continue; + } + if(c == '*') { + if(seen_slash) { + level++; + seen_star = seen_slash = 0; + continue; + } + seen_star = 1; + continue; + } + seen_star = seen_slash = 0; + if(c == '\n') { + lineno++; + continue; + } + } + if(c == EOF) + unterminated("comment", start_lineno); + } YY_BREAK case 87: YY_RULE_SETUP -#line 149 "lex.l" -{ yylval.name = handle_string(); return STRING; } +#line 206 "lex.l" +{ + int start_lineno = lineno; + int c; + char buf[1024]; + char *p = buf; + int f = 0; + int skip_ws = 0; + + while((c = input()) != EOF) { + if(isspace(c) && skip_ws) { + if(c == '\n') + lineno++; + continue; + } + skip_ws = 0; + + if(c == '"') { + if(f) { + *p++ = '"'; + f = 0; + } else + f = 1; + continue; + } + if(f == 1) { + unput(c); + break; + } + if(c == '\n') { + lineno++; + while(p > buf && isspace((unsigned char)p[-1])) + p--; + skip_ws = 1; + continue; + } + *p++ = c; + } + if(c == EOF) + unterminated("string", start_lineno); + *p++ = '\0'; + fprintf(stderr, "string -- %s\n", buf); + yylval.name = estrdup(buf); + return STRING; + } YY_BREAK case 88: YY_RULE_SETUP -#line 151 "lex.l" +#line 251 "lex.l" { char *e, *y = yytext; yylval.constant = strtol((const char *)yytext, &e, 0); @@ -1445,7 +1545,7 @@ YY_RULE_SETUP YY_BREAK case 89: YY_RULE_SETUP -#line 159 "lex.l" +#line 259 "lex.l" { yylval.name = estrdup ((const char *)yytext); return IDENTIFIER; @@ -1453,35 +1553,35 @@ YY_RULE_SETUP YY_BREAK case 90: YY_RULE_SETUP -#line 163 "lex.l" +#line 263 "lex.l" ; YY_BREAK case 91: YY_RULE_SETUP -#line 164 "lex.l" +#line 264 "lex.l" { ++lineno; } YY_BREAK case 92: YY_RULE_SETUP -#line 165 "lex.l" +#line 265 "lex.l" { return ELLIPSIS; } YY_BREAK case 93: YY_RULE_SETUP -#line 166 "lex.l" +#line 266 "lex.l" { return RANGE; } YY_BREAK case 94: YY_RULE_SETUP -#line 167 "lex.l" +#line 267 "lex.l" { error_message("Ignoring char(%c)\n", *yytext); } YY_BREAK case 95: YY_RULE_SETUP -#line 168 "lex.l" +#line 268 "lex.l" ECHO; YY_BREAK -#line 1485 "lex.c" +#line 1585 "lex.c" case YY_STATE_EOF(INITIAL): yyterminate(); @@ -2363,7 +2463,7 @@ int main() return 0; } #endif -#line 168 "lex.l" +#line 268 "lex.l" #ifndef yywrap /* XXX */ @@ -2377,119 +2477,17 @@ yywrap () void error_message (const char *format, ...) { - va_list args; + va_list args; - va_start (args, format); - fprintf (stderr, "%s:%d: ", get_filename(), lineno); - vfprintf (stderr, format, args); - va_end (args); - error_flag++; + va_start (args, format); + fprintf (stderr, "%s:%d: ", get_filename(), lineno); + vfprintf (stderr, format, args); + va_end (args); + error_flag++; } static void -handle_comment(int type) -{ - int c; - int start_lineno = lineno; - if(type == 0) { - int f = 0; - while((c = input()) != EOF) { - if(f && c == '-') - return; - if(c == '-') { - f = 1; - continue; - } - if(c == '\n') { - lineno++; - return; - } - f = 0; - } - } else { - int level = 1; - int seen_star = 0; - int seen_slash = 0; - while((c = input()) != EOF) { - if(c == '/') { - if(seen_star) { - if(--level == 0) - return; - seen_star = 0; - continue; - } - seen_slash = 1; - continue; - } - if(seen_star && c == '/') { - if(--level == 0) - return; - seen_star = 0; - continue; - } - if(c == '*') { - if(seen_slash) { - level++; - seen_star = seen_slash = 0; - continue; - } - seen_star = 1; - continue; - } - seen_star = seen_slash = 0; - if(c == '\n') { - lineno++; - continue; - } - } - } - if(c == EOF) - error_message("unterminated comment, possibly started on line %d\n", start_lineno); -} - -static char * -handle_string(void) +unterminated(const char *type, unsigned start_lineno) { - int start_lineno = lineno; - int c; - char buf[1024]; - char *p = buf; - int f = 0; - int skip_ws = 0; - - while((c = input()) != EOF) { - if(isspace(c) && skip_ws) { - if(c == '\n') - lineno++; - continue; - } - skip_ws = 0; - - if(c == '"') { - if(f) { - *p++ = '"'; - f = 0; - } else - f = 1; - continue; - } - if(f == 1) { - unput(c); - break; - } - if(c == '\n') { - lineno++; - while(p > buf && isspace((unsigned char)p[-1])) - p--; - skip_ws = 1; - continue; - } - *p++ = c; - } - if(c == EOF) - error_message("unterminated string, possibly started on line %d\n", start_lineno); - *p++ = '\0'; - fprintf(stderr, "string -- %s\n", buf); - return estrdup(buf); + error_message("unterminated %s, possibly started on line %d\n", type, start_lineno); } - diff --git a/source4/heimdal/lib/asn1/lex.l b/source4/heimdal/lib/asn1/lex.l index cb6512f36f..4b2c5af062 100644 --- a/source4/heimdal/lib/asn1/lex.l +++ b/source4/heimdal/lib/asn1/lex.l @@ -32,7 +32,7 @@ * SUCH DAMAGE. */ -/* $Id: lex.l,v 1.26 2005/07/12 06:27:33 lha Exp $ */ +/* $Id: lex.l,v 1.27 2005/09/13 18:17:16 lha Exp $ */ #ifdef HAVE_CONFIG_H #include <config.h> @@ -54,8 +54,8 @@ static unsigned lineno = 1; #undef ECHO -static void handle_comment(int type); -static char *handle_string(void); +static void unterminated(const char *, unsigned); + %} @@ -144,9 +144,109 @@ WITH { return kw_WITH; } "[" { return *yytext; } "]" { return *yytext; } ::= { return EEQUAL; } --- { handle_comment(0); } -\/\* { handle_comment(1); } -"\"" { yylval.name = handle_string(); return STRING; } +-- { + int c, start_lineno = lineno; + int f = 0; + while((c = input()) != EOF) { + if(f && c == '-') + break; + if(c == '-') { + f = 1; + continue; + } + if(c == '\n') { + lineno++; + break; + } + f = 0; + } + if(c == EOF) + unterminated("comment", start_lineno); + } +\/\* { + int c, start_lineno = lineno; + int level = 1; + int seen_star = 0; + int seen_slash = 0; + while((c = input()) != EOF) { + if(c == '/') { + if(seen_star) { + if(--level == 0) + break; + seen_star = 0; + continue; + } + seen_slash = 1; + continue; + } + if(seen_star && c == '/') { + if(--level == 0) + break; + seen_star = 0; + continue; + } + if(c == '*') { + if(seen_slash) { + level++; + seen_star = seen_slash = 0; + continue; + } + seen_star = 1; + continue; + } + seen_star = seen_slash = 0; + if(c == '\n') { + lineno++; + continue; + } + } + if(c == EOF) + unterminated("comment", start_lineno); + } +"\"" { + int start_lineno = lineno; + int c; + char buf[1024]; + char *p = buf; + int f = 0; + int skip_ws = 0; + + while((c = input()) != EOF) { + if(isspace(c) && skip_ws) { + if(c == '\n') + lineno++; + continue; + } + skip_ws = 0; + + if(c == '"') { + if(f) { + *p++ = '"'; + f = 0; + } else + f = 1; + continue; + } + if(f == 1) { + unput(c); + break; + } + if(c == '\n') { + lineno++; + while(p > buf && isspace((unsigned char)p[-1])) + p--; + skip_ws = 1; + continue; + } + *p++ = c; + } + if(c == EOF) + unterminated("string", start_lineno); + *p++ = '\0'; + fprintf(stderr, "string -- %s\n", buf); + yylval.name = estrdup(buf); + return STRING; + } -?0x[0-9A-Fa-f]+|-?[0-9]+ { char *e, *y = yytext; yylval.constant = strtol((const char *)yytext, @@ -178,119 +278,17 @@ yywrap () void error_message (const char *format, ...) { - va_list args; + va_list args; - va_start (args, format); - fprintf (stderr, "%s:%d: ", get_filename(), lineno); - vfprintf (stderr, format, args); - va_end (args); - error_flag++; + va_start (args, format); + fprintf (stderr, "%s:%d: ", get_filename(), lineno); + vfprintf (stderr, format, args); + va_end (args); + error_flag++; } static void -handle_comment(int type) +unterminated(const char *type, unsigned start_lineno) { - int c; - int start_lineno = lineno; - if(type == 0) { - int f = 0; - while((c = input()) != EOF) { - if(f && c == '-') - return; - if(c == '-') { - f = 1; - continue; - } - if(c == '\n') { - lineno++; - return; - } - f = 0; - } - } else { - int level = 1; - int seen_star = 0; - int seen_slash = 0; - while((c = input()) != EOF) { - if(c == '/') { - if(seen_star) { - if(--level == 0) - return; - seen_star = 0; - continue; - } - seen_slash = 1; - continue; - } - if(seen_star && c == '/') { - if(--level == 0) - return; - seen_star = 0; - continue; - } - if(c == '*') { - if(seen_slash) { - level++; - seen_star = seen_slash = 0; - continue; - } - seen_star = 1; - continue; - } - seen_star = seen_slash = 0; - if(c == '\n') { - lineno++; - continue; - } - } - } - if(c == EOF) - error_message("unterminated comment, possibly started on line %d\n", start_lineno); -} - -static char * -handle_string(void) -{ - int start_lineno = lineno; - int c; - char buf[1024]; - char *p = buf; - int f = 0; - int skip_ws = 0; - - while((c = input()) != EOF) { - if(isspace(c) && skip_ws) { - if(c == '\n') - lineno++; - continue; - } - skip_ws = 0; - - if(c == '"') { - if(f) { - *p++ = '"'; - f = 0; - } else - f = 1; - continue; - } - if(f == 1) { - unput(c); - break; - } - if(c == '\n') { - lineno++; - while(p > buf && isspace((unsigned char)p[-1])) - p--; - skip_ws = 1; - continue; - } - *p++ = c; - } - if(c == EOF) - error_message("unterminated string, possibly started on line %d\n", start_lineno); - *p++ = '\0'; - fprintf(stderr, "string -- %s\n", buf); - return estrdup(buf); + error_message("unterminated %s, possibly started on line %d\n", type, start_lineno); } - diff --git a/source4/heimdal/lib/asn1/pkcs8.asn1 b/source4/heimdal/lib/asn1/pkcs8.asn1 index 823e56660b..dc52511bf4 100644 --- a/source4/heimdal/lib/asn1/pkcs8.asn1 +++ b/source4/heimdal/lib/asn1/pkcs8.asn1 @@ -1,4 +1,4 @@ --- $Id: pkcs8.asn1,v 1.2 2005/07/12 06:27:36 lha Exp $ -- +-- $Id: pkcs8.asn1,v 1.3 2005/09/13 19:41:29 lha Exp $ -- PKCS8 DEFINITIONS ::= @@ -17,7 +17,7 @@ PKCS8PrivateKeyInfo ::= SEQUENCE { version INTEGER, privateKeyAlgorithm PKCS8PrivateKeyAlgorithmIdentifier, privateKey PKCS8PrivateKey, - attributes [0] IMPLICIT PKCS8Attributes OPTIONAL + attributes [0] IMPLICIT SET OF Attribute OPTIONAL } PKCS8EncryptedData ::= OCTET STRING diff --git a/source4/heimdal/lib/com_err/parse.c b/source4/heimdal/lib/com_err/parse.c index 42455097c9..e55dafa41e 100644 --- a/source4/heimdal/lib/com_err/parse.c +++ b/source4/heimdal/lib/com_err/parse.c @@ -1,7 +1,7 @@ -/* A Bison parser, made by GNU Bison 1.875c. */ +/* A Bison parser, made by GNU Bison 2.0. */ /* Skeleton parser for Yacc-like parsing with Bison, - Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003 Free Software Foundation, Inc. + Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004 Free Software Foundation, Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -148,7 +148,7 @@ typedef union YYSTYPE { char *string; int number; } YYSTYPE; -/* Line 191 of yacc.c. */ +/* Line 190 of yacc.c. */ #line 153 "$base.c" # define yystype YYSTYPE /* obsolescent; will be withdrawn */ # define YYSTYPE_IS_DECLARED 1 @@ -160,7 +160,7 @@ typedef union YYSTYPE { /* Copy the second part of user declarations. */ -/* Line 214 of yacc.c. */ +/* Line 213 of yacc.c. */ #line 165 "$base.c" #if ! defined (yyoverflow) || YYERROR_VERBOSE @@ -176,14 +176,10 @@ typedef union YYSTYPE { # ifdef YYSTACK_USE_ALLOCA # if YYSTACK_USE_ALLOCA -# define YYSTACK_ALLOC alloca -# endif -# else -# if defined (alloca) || defined (_ALLOCA_H) -# define YYSTACK_ALLOC alloca -# else # ifdef __GNUC__ # define YYSTACK_ALLOC __builtin_alloca +# else +# define YYSTACK_ALLOC alloca # endif # endif # endif @@ -209,7 +205,7 @@ typedef union YYSTYPE { /* A type that is properly aligned for any stack member. */ union yyalloc { - short yyss; + short int yyss; YYSTYPE yyvs; }; @@ -219,7 +215,7 @@ union yyalloc /* The size of an array large to enough to hold all stacks, each with N elements. */ # define YYSTACK_BYTES(N) \ - ((N) * (sizeof (short) + sizeof (YYSTYPE)) \ + ((N) * (sizeof (short int) + sizeof (YYSTYPE)) \ + YYSTACK_GAP_MAXIMUM) /* Copy COUNT objects from FROM to TO. The source and destination do @@ -261,7 +257,7 @@ union yyalloc #if defined (__STDC__) || defined (__cplusplus) typedef signed char yysigned_char; #else - typedef short yysigned_char; + typedef short int yysigned_char; #endif /* YYFINAL -- State number of the termination state. */ @@ -358,7 +354,7 @@ static const char *const yytname[] = # ifdef YYPRINT /* YYTOKNUM[YYLEX-NUM] -- Internal token number corresponding to token YYLEX-NUM. */ -static const unsigned short yytoknum[] = +static const unsigned short int yytoknum[] = { 0, 256, 257, 258, 259, 260, 261, 262, 263, 264, 265, 44 @@ -490,20 +486,53 @@ do \ } \ while (0) + #define YYTERROR 1 #define YYERRCODE 256 -/* YYLLOC_DEFAULT -- Compute the default location (before the actions - are run). */ +/* YYLLOC_DEFAULT -- Set CURRENT to span from RHS[1] to RHS[N]. + If N is 0, then set CURRENT to the empty location which ends + the previous symbol: RHS[0] (always defined). */ + +#define YYRHSLOC(Rhs, K) ((Rhs)[K]) #ifndef YYLLOC_DEFAULT -# define YYLLOC_DEFAULT(Current, Rhs, N) \ - ((Current).first_line = (Rhs)[1].first_line, \ - (Current).first_column = (Rhs)[1].first_column, \ - (Current).last_line = (Rhs)[N].last_line, \ - (Current).last_column = (Rhs)[N].last_column) +# define YYLLOC_DEFAULT(Current, Rhs, N) \ + do \ + if (N) \ + { \ + (Current).first_line = YYRHSLOC (Rhs, 1).first_line; \ + (Current).first_column = YYRHSLOC (Rhs, 1).first_column; \ + (Current).last_line = YYRHSLOC (Rhs, N).last_line; \ + (Current).last_column = YYRHSLOC (Rhs, N).last_column; \ + } \ + else \ + { \ + (Current).first_line = (Current).last_line = \ + YYRHSLOC (Rhs, 0).last_line; \ + (Current).first_column = (Current).last_column = \ + YYRHSLOC (Rhs, 0).last_column; \ + } \ + while (0) #endif + +/* YY_LOCATION_PRINT -- Print the location on the stream. + This macro was not mandated originally: define only if we know + we won't break user code: when these are the locations we know. */ + +#ifndef YY_LOCATION_PRINT +# if YYLTYPE_IS_TRIVIAL +# define YY_LOCATION_PRINT(File, Loc) \ + fprintf (File, "%d.%d-%d.%d", \ + (Loc).first_line, (Loc).first_column, \ + (Loc).last_line, (Loc).last_column) +# else +# define YY_LOCATION_PRINT(File, Loc) ((void) 0) +# endif +#endif + + /* YYLEX -- calling `yylex' with the right arguments. */ #ifdef YYLEX_PARAM @@ -526,19 +555,13 @@ do { \ YYFPRINTF Args; \ } while (0) -# define YYDSYMPRINT(Args) \ -do { \ - if (yydebug) \ - yysymprint Args; \ -} while (0) - -# define YYDSYMPRINTF(Title, Token, Value, Location) \ +# define YY_SYMBOL_PRINT(Title, Type, Value, Location) \ do { \ if (yydebug) \ { \ YYFPRINTF (stderr, "%s ", Title); \ yysymprint (stderr, \ - Token, Value); \ + Type, Value); \ YYFPRINTF (stderr, "\n"); \ } \ } while (0) @@ -550,12 +573,12 @@ do { \ #if defined (__STDC__) || defined (__cplusplus) static void -yy_stack_print (short *bottom, short *top) +yy_stack_print (short int *bottom, short int *top) #else static void yy_stack_print (bottom, top) - short *bottom; - short *top; + short int *bottom; + short int *top; #endif { YYFPRINTF (stderr, "Stack now"); @@ -605,8 +628,7 @@ do { \ int yydebug; #else /* !YYDEBUG */ # define YYDPRINTF(Args) -# define YYDSYMPRINT(Args) -# define YYDSYMPRINTF(Title, Token, Value, Location) +# define YY_SYMBOL_PRINT(Title, Type, Value, Location) # define YY_STACK_PRINT(Bottom, Top) # define YY_REDUCE_PRINT(Rule) #endif /* !YYDEBUG */ @@ -624,10 +646,6 @@ int yydebug; SIZE_MAX < YYSTACK_BYTES (YYMAXDEPTH) evaluated with infinite-precision integer arithmetic. */ -#if defined (YYMAXDEPTH) && YYMAXDEPTH == 0 -# undef YYMAXDEPTH -#endif - #ifndef YYMAXDEPTH # define YYMAXDEPTH 10000 #endif @@ -709,15 +727,15 @@ yysymprint (yyoutput, yytype, yyvaluep) (void) yyvaluep; if (yytype < YYNTOKENS) - { - YYFPRINTF (yyoutput, "token %s (", yytname[yytype]); -# ifdef YYPRINT - YYPRINT (yyoutput, yytoknum[yytype], *yyvaluep); -# endif - } + YYFPRINTF (yyoutput, "token %s (", yytname[yytype]); else YYFPRINTF (yyoutput, "nterm %s (", yytname[yytype]); + +# ifdef YYPRINT + if (yytype < YYNTOKENS) + YYPRINT (yyoutput, yytoknum[yytype], *yyvaluep); +# endif switch (yytype) { default: @@ -733,10 +751,11 @@ yysymprint (yyoutput, yytype, yyvaluep) #if defined (__STDC__) || defined (__cplusplus) static void -yydestruct (int yytype, YYSTYPE *yyvaluep) +yydestruct (const char *yymsg, int yytype, YYSTYPE *yyvaluep) #else static void -yydestruct (yytype, yyvaluep) +yydestruct (yymsg, yytype, yyvaluep) + const char *yymsg; int yytype; YYSTYPE *yyvaluep; #endif @@ -744,6 +763,10 @@ yydestruct (yytype, yyvaluep) /* Pacify ``unused variable'' warnings. */ (void) yyvaluep; + if (!yymsg) + yymsg = "Deleting"; + YY_SYMBOL_PRINT (yymsg, yytype, yyvaluep, yylocationp); + switch (yytype) { @@ -771,10 +794,10 @@ int yyparse (); -/* The lookahead symbol. */ +/* The look-ahead symbol. */ int yychar; -/* The semantic value of the lookahead symbol. */ +/* The semantic value of the look-ahead symbol. */ YYSTYPE yylval; /* Number of syntax errors so far. */ @@ -810,7 +833,7 @@ yyparse () int yyresult; /* Number of tokens to shift before error messages enabled. */ int yyerrstatus; - /* Lookahead token as an internal (translated) token number. */ + /* Look-ahead token as an internal (translated) token number. */ int yytoken = 0; /* Three stacks and their tools: @@ -822,9 +845,9 @@ yyparse () to reallocate them elsewhere. */ /* The state stack. */ - short yyssa[YYINITDEPTH]; - short *yyss = yyssa; - register short *yyssp; + short int yyssa[YYINITDEPTH]; + short int *yyss = yyssa; + register short int *yyssp; /* The semantic value stack. */ YYSTYPE yyvsa[YYINITDEPTH]; @@ -861,6 +884,9 @@ yyparse () yyssp = yyss; yyvsp = yyvs; + + yyvsp[0] = yylval; + goto yysetstate; /*------------------------------------------------------------. @@ -886,7 +912,7 @@ yyparse () these so that the &'s don't force the real ones into memory. */ YYSTYPE *yyvs1 = yyvs; - short *yyss1 = yyss; + short int *yyss1 = yyss; /* Each stack pointer address is followed by the size of the @@ -914,7 +940,7 @@ yyparse () yystacksize = YYMAXDEPTH; { - short *yyss1 = yyss; + short int *yyss1 = yyss; union yyalloc *yyptr = (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize)); if (! yyptr) @@ -950,18 +976,18 @@ yyparse () yybackup: /* Do appropriate processing given the current state. */ -/* Read a lookahead token if we need one and don't already have one. */ +/* Read a look-ahead token if we need one and don't already have one. */ /* yyresume: */ - /* First try to decide what to do without reference to lookahead token. */ + /* First try to decide what to do without reference to look-ahead token. */ yyn = yypact[yystate]; if (yyn == YYPACT_NINF) goto yydefault; - /* Not known => get a lookahead token if don't already have one. */ + /* Not known => get a look-ahead token if don't already have one. */ - /* YYCHAR is either YYEMPTY or YYEOF or a valid lookahead symbol. */ + /* YYCHAR is either YYEMPTY or YYEOF or a valid look-ahead symbol. */ if (yychar == YYEMPTY) { YYDPRINTF ((stderr, "Reading a token: ")); @@ -976,7 +1002,7 @@ yybackup: else { yytoken = YYTRANSLATE (yychar); - YYDSYMPRINTF ("Next token is", yytoken, &yylval, &yylloc); + YY_SYMBOL_PRINT ("Next token is", yytoken, &yylval, &yylloc); } /* If the proper action on seeing token YYTOKEN is to reduce or to @@ -996,8 +1022,8 @@ yybackup: if (yyn == YYFINAL) YYACCEPT; - /* Shift the lookahead token. */ - YYDPRINTF ((stderr, "Shifting token %s, ", yytname[yytoken])); + /* Shift the look-ahead token. */ + YY_SYMBOL_PRINT ("Shifting", yytoken, &yylval, &yylloc); /* Discard the token being shifted unless it is eof. */ if (yychar != YYEOF) @@ -1049,33 +1075,33 @@ yyreduce: case 6: #line 73 "parse.y" { - id_str = yyvsp[0].string; + id_str = (yyvsp[0].string); } break; case 7: #line 79 "parse.y" { - base_id = name2number(yyvsp[0].string); - strlcpy(name, yyvsp[0].string, sizeof(name)); - free(yyvsp[0].string); + base_id = name2number((yyvsp[0].string)); + strlcpy(name, (yyvsp[0].string), sizeof(name)); + free((yyvsp[0].string)); } break; case 8: #line 85 "parse.y" { - base_id = name2number(yyvsp[-1].string); - strlcpy(name, yyvsp[0].string, sizeof(name)); - free(yyvsp[-1].string); - free(yyvsp[0].string); + base_id = name2number((yyvsp[-1].string)); + strlcpy(name, (yyvsp[0].string), sizeof(name)); + free((yyvsp[-1].string)); + free((yyvsp[0].string)); } break; case 11: #line 98 "parse.y" { - number = yyvsp[0].number; + number = (yyvsp[0].number); } break; @@ -1083,10 +1109,10 @@ yyreduce: #line 102 "parse.y" { free(prefix); - asprintf (&prefix, "%s_", yyvsp[0].string); + asprintf (&prefix, "%s_", (yyvsp[0].string)); if (prefix == NULL) errx(1, "malloc"); - free(yyvsp[0].string); + free((yyvsp[0].string)); } break; @@ -1111,13 +1137,13 @@ yyreduce: ec->next = NULL; ec->number = number; if(prefix && *prefix != '\0') { - asprintf (&ec->name, "%s%s", prefix, yyvsp[-2].string); + asprintf (&ec->name, "%s%s", prefix, (yyvsp[-2].string)); if (ec->name == NULL) errx(1, "malloc"); - free(yyvsp[-2].string); + free((yyvsp[-2].string)); } else - ec->name = yyvsp[-2].string; - ec->string = yyvsp[0].string; + ec->name = (yyvsp[-2].string); + ec->string = (yyvsp[0].string); APPEND(codes, ec); number++; } @@ -1133,8 +1159,8 @@ yyreduce: } -/* Line 1000 of yacc.c. */ -#line 1138 "$base.c" +/* Line 1037 of yacc.c. */ +#line 1164 "$base.c" yyvsp -= yylen; yyssp -= yylen; @@ -1234,7 +1260,7 @@ yyerrlab: if (yyerrstatus == 3) { - /* If just tried and failed to reuse lookahead token after an + /* If just tried and failed to reuse look-ahead token after an error, discard it. */ if (yychar <= YYEOF) @@ -1244,23 +1270,22 @@ yyerrlab: if (yychar == YYEOF) for (;;) { + YYPOPSTACK; if (yyssp == yyss) YYABORT; - YYDSYMPRINTF ("Error: popping", yystos[*yyssp], yyvsp, yylsp); - yydestruct (yystos[*yyssp], yyvsp); + yydestruct ("Error: popping", + yystos[*yyssp], yyvsp); } } else { - YYDSYMPRINTF ("Error: discarding", yytoken, &yylval, &yylloc); - yydestruct (yytoken, &yylval); + yydestruct ("Error: discarding", yytoken, &yylval); yychar = YYEMPTY; - } } - /* Else will try to reuse lookahead token after shifting the error + /* Else will try to reuse look-ahead token after shifting the error token. */ goto yyerrlab1; @@ -1277,7 +1302,7 @@ yyerrorlab: goto yyerrorlab; #endif - yyvsp -= yylen; +yyvsp -= yylen; yyssp -= yylen; yystate = *yyssp; goto yyerrlab1; @@ -1307,8 +1332,8 @@ yyerrlab1: if (yyssp == yyss) YYABORT; - YYDSYMPRINTF ("Error: popping", yystos[*yyssp], yyvsp, yylsp); - yydestruct (yystos[yystate], yyvsp); + + yydestruct ("Error: popping", yystos[yystate], yyvsp); YYPOPSTACK; yystate = *yyssp; YY_STACK_PRINT (yyss, yyssp); @@ -1317,11 +1342,12 @@ yyerrlab1: if (yyn == YYFINAL) YYACCEPT; - YYDPRINTF ((stderr, "Shifting error token, ")); - *++yyvsp = yylval; + /* Shift the error token. */ + YY_SYMBOL_PRINT ("Shifting", yystos[yyn], yyvsp, yylsp); + yystate = yyn; goto yynewstate; @@ -1337,6 +1363,9 @@ yyacceptlab: | yyabortlab -- YYABORT comes here. | `-----------------------------------*/ yyabortlab: + yydestruct ("Error: discarding lookahead", + yytoken, &yylval); + yychar = YYEMPTY; yyresult = 1; goto yyreturn; diff --git a/source4/heimdal/lib/com_err/parse.h b/source4/heimdal/lib/com_err/parse.h index 309c272499..ef7b9ba91e 100644 --- a/source4/heimdal/lib/com_err/parse.h +++ b/source4/heimdal/lib/com_err/parse.h @@ -1,7 +1,7 @@ -/* A Bison parser, made by GNU Bison 1.875c. */ +/* A Bison parser, made by GNU Bison 2.0. */ /* Skeleton parser for Yacc-like parsing with Bison, - Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003 Free Software Foundation, Inc. + Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004 Free Software Foundation, Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -57,7 +57,7 @@ typedef union YYSTYPE { char *string; int number; } YYSTYPE; -/* Line 1275 of yacc.c. */ +/* Line 1318 of yacc.c. */ #line 62 "parse.h" # define yystype YYSTYPE /* obsolescent; will be withdrawn */ # define YYSTYPE_IS_DECLARED 1 diff --git a/source4/heimdal/lib/gssapi/cfx.c b/source4/heimdal/lib/gssapi/cfx.c index 3e7592b3a7..1cc510d6fc 100755 --- a/source4/heimdal/lib/gssapi/cfx.c +++ b/source4/heimdal/lib/gssapi/cfx.c @@ -77,7 +77,7 @@ wrap_length_cfx(krb5_crypto crypto, if (ret) { return ret; } - if (*padsize > 1) { + if (padsize > 1) { /* XXX check this */ *padlength = *padsize - (input_length % *padsize); } diff --git a/source4/heimdal/lib/hdb/hdb-protos.h b/source4/heimdal/lib/hdb/hdb-protos.h index 56566b7fe4..799f013eba 100644 --- a/source4/heimdal/lib/hdb/hdb-protos.h +++ b/source4/heimdal/lib/hdb/hdb-protos.h @@ -8,317 +8,6 @@ extern "C" { #endif -unsigned -HDBFlags2int (HDBFlags /*f*/); - -int -copy_Event ( - const Event */*from*/, - Event */*to*/); - -int -copy_GENERATION ( - const GENERATION */*from*/, - GENERATION */*to*/); - -int -copy_HDBFlags ( - const HDBFlags */*from*/, - HDBFlags */*to*/); - -int -copy_HDB_Ext_Aliases ( - const HDB_Ext_Aliases */*from*/, - HDB_Ext_Aliases */*to*/); - -int -copy_HDB_Ext_Constrained_delegation_acl ( - const HDB_Ext_Constrained_delegation_acl */*from*/, - HDB_Ext_Constrained_delegation_acl */*to*/); - -int -copy_HDB_Ext_Lan_Manager_OWF ( - const HDB_Ext_Lan_Manager_OWF */*from*/, - HDB_Ext_Lan_Manager_OWF */*to*/); - -int -copy_HDB_Ext_PKINIT_acl ( - const HDB_Ext_PKINIT_acl */*from*/, - HDB_Ext_PKINIT_acl */*to*/); - -int -copy_HDB_Ext_PKINIT_certificate ( - const HDB_Ext_PKINIT_certificate */*from*/, - HDB_Ext_PKINIT_certificate */*to*/); - -int -copy_HDB_Ext_Password ( - const HDB_Ext_Password */*from*/, - HDB_Ext_Password */*to*/); - -int -copy_HDB_extension ( - const HDB_extension */*from*/, - HDB_extension */*to*/); - -int -copy_HDB_extensions ( - const HDB_extensions */*from*/, - HDB_extensions */*to*/); - -int -copy_Key ( - const Key */*from*/, - Key */*to*/); - -int -copy_Salt ( - const Salt */*from*/, - Salt */*to*/); - -int -copy_hdb_entry ( - const hdb_entry */*from*/, - hdb_entry */*to*/); - -int -decode_Event ( - const unsigned char */*p*/, - size_t /*len*/, - Event */*data*/, - size_t */*size*/); - -int -decode_GENERATION ( - const unsigned char */*p*/, - size_t /*len*/, - GENERATION */*data*/, - size_t */*size*/); - -int -decode_HDBFlags ( - const unsigned char */*p*/, - size_t /*len*/, - HDBFlags */*data*/, - size_t */*size*/); - -int -decode_HDB_Ext_Aliases ( - const unsigned char */*p*/, - size_t /*len*/, - HDB_Ext_Aliases */*data*/, - size_t */*size*/); - -int -decode_HDB_Ext_Constrained_delegation_acl ( - const unsigned char */*p*/, - size_t /*len*/, - HDB_Ext_Constrained_delegation_acl */*data*/, - size_t */*size*/); - -int -decode_HDB_Ext_Lan_Manager_OWF ( - const unsigned char */*p*/, - size_t /*len*/, - HDB_Ext_Lan_Manager_OWF */*data*/, - size_t */*size*/); - -int -decode_HDB_Ext_PKINIT_acl ( - const unsigned char */*p*/, - size_t /*len*/, - HDB_Ext_PKINIT_acl */*data*/, - size_t */*size*/); - -int -decode_HDB_Ext_PKINIT_certificate ( - const unsigned char */*p*/, - size_t /*len*/, - HDB_Ext_PKINIT_certificate */*data*/, - size_t */*size*/); - -int -decode_HDB_Ext_Password ( - const unsigned char */*p*/, - size_t /*len*/, - HDB_Ext_Password */*data*/, - size_t */*size*/); - -int -decode_HDB_extension ( - const unsigned char */*p*/, - size_t /*len*/, - HDB_extension */*data*/, - size_t */*size*/); - -int -decode_HDB_extensions ( - const unsigned char */*p*/, - size_t /*len*/, - HDB_extensions */*data*/, - size_t */*size*/); - -int -decode_Key ( - const unsigned char */*p*/, - size_t /*len*/, - Key */*data*/, - size_t */*size*/); - -int -decode_Salt ( - const unsigned char */*p*/, - size_t /*len*/, - Salt */*data*/, - size_t */*size*/); - -int -decode_hdb_entry ( - const unsigned char */*p*/, - size_t /*len*/, - hdb_entry */*data*/, - size_t */*size*/); - -int -encode_Event ( - unsigned char */*p*/, - size_t /*len*/, - const Event */*data*/, - size_t */*size*/); - -int -encode_GENERATION ( - unsigned char */*p*/, - size_t /*len*/, - const GENERATION */*data*/, - size_t */*size*/); - -int -encode_HDBFlags ( - unsigned char */*p*/, - size_t /*len*/, - const HDBFlags */*data*/, - size_t */*size*/); - -int -encode_HDB_Ext_Aliases ( - unsigned char */*p*/, - size_t /*len*/, - const HDB_Ext_Aliases */*data*/, - size_t */*size*/); - -int -encode_HDB_Ext_Constrained_delegation_acl ( - unsigned char */*p*/, - size_t /*len*/, - const HDB_Ext_Constrained_delegation_acl */*data*/, - size_t */*size*/); - -int -encode_HDB_Ext_Lan_Manager_OWF ( - unsigned char */*p*/, - size_t /*len*/, - const HDB_Ext_Lan_Manager_OWF */*data*/, - size_t */*size*/); - -int -encode_HDB_Ext_PKINIT_acl ( - unsigned char */*p*/, - size_t /*len*/, - const HDB_Ext_PKINIT_acl */*data*/, - size_t */*size*/); - -int -encode_HDB_Ext_PKINIT_certificate ( - unsigned char */*p*/, - size_t /*len*/, - const HDB_Ext_PKINIT_certificate */*data*/, - size_t */*size*/); - -int -encode_HDB_Ext_Password ( - unsigned char */*p*/, - size_t /*len*/, - const HDB_Ext_Password */*data*/, - size_t */*size*/); - -int -encode_HDB_extension ( - unsigned char */*p*/, - size_t /*len*/, - const HDB_extension */*data*/, - size_t */*size*/); - -int -encode_HDB_extensions ( - unsigned char */*p*/, - size_t /*len*/, - const HDB_extensions */*data*/, - size_t */*size*/); - -int -encode_Key ( - unsigned char */*p*/, - size_t /*len*/, - const Key */*data*/, - size_t */*size*/); - -int -encode_Salt ( - unsigned char */*p*/, - size_t /*len*/, - const Salt */*data*/, - size_t */*size*/); - -int -encode_hdb_entry ( - unsigned char */*p*/, - size_t /*len*/, - const hdb_entry */*data*/, - size_t */*size*/); - -void -free_Event (Event */*data*/); - -void -free_GENERATION (GENERATION */*data*/); - -void -free_HDBFlags (HDBFlags */*data*/); - -void -free_HDB_Ext_Aliases (HDB_Ext_Aliases */*data*/); - -void -free_HDB_Ext_Constrained_delegation_acl (HDB_Ext_Constrained_delegation_acl */*data*/); - -void -free_HDB_Ext_Lan_Manager_OWF (HDB_Ext_Lan_Manager_OWF */*data*/); - -void -free_HDB_Ext_PKINIT_acl (HDB_Ext_PKINIT_acl */*data*/); - -void -free_HDB_Ext_PKINIT_certificate (HDB_Ext_PKINIT_certificate */*data*/); - -void -free_HDB_Ext_Password (HDB_Ext_Password */*data*/); - -void -free_HDB_extension (HDB_extension */*data*/); - -void -free_HDB_extensions (HDB_extensions */*data*/); - -void -free_Key (Key */*data*/); - -void -free_Salt (Salt */*data*/); - -void -free_hdb_entry (hdb_entry */*data*/); - krb5_error_code hdb_add_master_key ( krb5_context /*context*/, @@ -608,54 +297,6 @@ hdb_write_master_key ( const char */*filename*/, hdb_master_key /*mkey*/); -void -initialize_hdb_error_table_r (struct et_list **/*list*/); - -HDBFlags -int2HDBFlags (unsigned /*n*/); - -size_t -length_Event (const Event */*data*/); - -size_t -length_GENERATION (const GENERATION */*data*/); - -size_t -length_HDBFlags (const HDBFlags */*data*/); - -size_t -length_HDB_Ext_Aliases (const HDB_Ext_Aliases */*data*/); - -size_t -length_HDB_Ext_Constrained_delegation_acl (const HDB_Ext_Constrained_delegation_acl */*data*/); - -size_t -length_HDB_Ext_Lan_Manager_OWF (const HDB_Ext_Lan_Manager_OWF */*data*/); - -size_t -length_HDB_Ext_PKINIT_acl (const HDB_Ext_PKINIT_acl */*data*/); - -size_t -length_HDB_Ext_PKINIT_certificate (const HDB_Ext_PKINIT_certificate */*data*/); - -size_t -length_HDB_Ext_Password (const HDB_Ext_Password */*data*/); - -size_t -length_HDB_extension (const HDB_extension */*data*/); - -size_t -length_HDB_extensions (const HDB_extensions */*data*/); - -size_t -length_Key (const Key */*data*/); - -size_t -length_Salt (const Salt */*data*/); - -size_t -length_hdb_entry (const hdb_entry */*data*/); - #ifdef __cplusplus } #endif diff --git a/source4/heimdal/lib/krb5/changepw.c b/source4/heimdal/lib/krb5/changepw.c index e6ef1d9d9b..c3cd6d4db9 100644 --- a/source4/heimdal/lib/krb5/changepw.c +++ b/source4/heimdal/lib/krb5/changepw.c @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: changepw.c,v 1.53 2005/05/25 05:30:42 lha Exp $"); +RCSID("$Id: changepw.c,v 1.54 2005/09/08 11:38:01 lha Exp $"); static void str2data (krb5_data *d, @@ -67,7 +67,7 @@ chgpw_send_request (krb5_context context, krb5_principal targprinc, int is_stream, int sock, - char *passwd, + const char *passwd, const char *host) { krb5_error_code ret; @@ -98,7 +98,7 @@ chgpw_send_request (krb5_context context, if (ret) return ret; - passwd_data.data = passwd; + passwd_data.data = rk_UNCONST(passwd); passwd_data.length = strlen(passwd); krb5_data_zero (&krb_priv_data); @@ -160,7 +160,7 @@ setpw_send_request (krb5_context context, krb5_principal targprinc, int is_stream, int sock, - char *passwd, + const char *passwd, const char *host) { krb5_error_code ret; @@ -186,7 +186,7 @@ setpw_send_request (krb5_context context, return ret; chpw.newpasswd.length = strlen(passwd); - chpw.newpasswd.data = passwd; + chpw.newpasswd.data = rk_UNCONST(passwd); if (targprinc) { chpw.targname = &targprinc->name; chpw.targrealm = &targprinc->realm; @@ -456,7 +456,7 @@ typedef krb5_error_code (*kpwd_send_request) (krb5_context, krb5_principal, int, int, - char *, + const char *, const char *); typedef krb5_error_code (*kpwd_process_reply) (krb5_context, krb5_auth_context, @@ -509,7 +509,7 @@ static krb5_error_code change_password_loop (krb5_context context, krb5_creds *creds, krb5_principal targprinc, - char *newpw, + const char *newpw, int *result_code, krb5_data *result_code_string, krb5_data *result_string, @@ -663,7 +663,7 @@ change_password_loop (krb5_context context, krb5_error_code KRB5_LIB_FUNCTION krb5_change_password (krb5_context context, krb5_creds *creds, - char *newpw, + const char *newpw, int *result_code, krb5_data *result_code_string, krb5_data *result_string) @@ -689,7 +689,7 @@ krb5_change_password (krb5_context context, krb5_error_code KRB5_LIB_FUNCTION krb5_set_password(krb5_context context, krb5_creds *creds, - char *newpw, + const char *newpw, krb5_principal targprinc, int *result_code, krb5_data *result_code_string, @@ -732,7 +732,7 @@ krb5_set_password(krb5_context context, krb5_error_code KRB5_LIB_FUNCTION krb5_set_password_using_ccache(krb5_context context, krb5_ccache ccache, - char *newpw, + const char *newpw, krb5_principal targprinc, int *result_code, krb5_data *result_code_string, diff --git a/source4/heimdal/lib/krb5/crypto.c b/source4/heimdal/lib/krb5/crypto.c index 1c3e8d2a10..2e23306c96 100644 --- a/source4/heimdal/lib/krb5/crypto.c +++ b/source4/heimdal/lib/krb5/crypto.c @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: crypto.c,v 1.128 2005/07/20 07:22:43 lha Exp $"); +RCSID("$Id: crypto.c,v 1.129 2005/09/19 22:13:54 lha Exp $"); #undef CRYPTO_DEBUG #ifdef CRYPTO_DEBUG @@ -188,68 +188,6 @@ krb5_DES_schedule(krb5_context context, DES_set_key(key->key->keyvalue.data, key->schedule->data); } -static void -DES_string_to_key_int(unsigned char *data, size_t length, DES_cblock *key) -{ - DES_key_schedule schedule; - int i; - int reverse = 0; - unsigned char *p; - - unsigned char swap[] = { 0x0, 0x8, 0x4, 0xc, 0x2, 0xa, 0x6, 0xe, - 0x1, 0x9, 0x5, 0xd, 0x3, 0xb, 0x7, 0xf }; - memset(key, 0, 8); - - p = (unsigned char*)key; - for (i = 0; i < length; i++) { - unsigned char tmp = data[i]; - if (!reverse) - *p++ ^= (tmp << 1); - else - *--p ^= (swap[tmp & 0xf] << 4) | swap[(tmp & 0xf0) >> 4]; - if((i % 8) == 7) - reverse = !reverse; - } - DES_set_odd_parity(key); - if(DES_is_weak_key(key)) - (*key)[7] ^= 0xF0; - DES_set_key(key, &schedule); - DES_cbc_cksum((void*)data, key, length, &schedule, key); - memset(&schedule, 0, sizeof(schedule)); - DES_set_odd_parity(key); - if(DES_is_weak_key(key)) - (*key)[7] ^= 0xF0; -} - -static krb5_error_code -krb5_DES_string_to_key(krb5_context context, - krb5_enctype enctype, - krb5_data password, - krb5_salt salt, - krb5_data opaque, - krb5_keyblock *key) -{ - unsigned char *s; - size_t len; - DES_cblock tmp; - - len = password.length + salt.saltvalue.length; - s = malloc(len); - if(len > 0 && s == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - memcpy(s, password.data, password.length); - memcpy(s + password.length, salt.saltvalue.data, salt.saltvalue.length); - DES_string_to_key_int(s, len, &tmp); - key->keytype = enctype; - krb5_data_copy(&key->keyvalue, tmp, sizeof(tmp)); - memset(&tmp, 0, sizeof(tmp)); - memset(s, 0, len); - free(s); - return 0; -} - #ifdef ENABLE_AFS_STRING_TO_KEY /* This defines the Andrew string_to_key function. It accepts a password @@ -350,6 +288,78 @@ DES_AFS3_string_to_key(krb5_context context, #endif /* ENABLE_AFS_STRING_TO_KEY */ static void +DES_string_to_key_int(unsigned char *data, size_t length, DES_cblock *key) +{ + DES_key_schedule schedule; + int i; + int reverse = 0; + unsigned char *p; + + unsigned char swap[] = { 0x0, 0x8, 0x4, 0xc, 0x2, 0xa, 0x6, 0xe, + 0x1, 0x9, 0x5, 0xd, 0x3, 0xb, 0x7, 0xf }; + memset(key, 0, 8); + + p = (unsigned char*)key; + for (i = 0; i < length; i++) { + unsigned char tmp = data[i]; + if (!reverse) + *p++ ^= (tmp << 1); + else + *--p ^= (swap[tmp & 0xf] << 4) | swap[(tmp & 0xf0) >> 4]; + if((i % 8) == 7) + reverse = !reverse; + } + DES_set_odd_parity(key); + if(DES_is_weak_key(key)) + (*key)[7] ^= 0xF0; + DES_set_key(key, &schedule); + DES_cbc_cksum((void*)data, key, length, &schedule, key); + memset(&schedule, 0, sizeof(schedule)); + DES_set_odd_parity(key); + if(DES_is_weak_key(key)) + (*key)[7] ^= 0xF0; +} + +static krb5_error_code +krb5_DES_string_to_key(krb5_context context, + krb5_enctype enctype, + krb5_data password, + krb5_salt salt, + krb5_data opaque, + krb5_keyblock *key) +{ + unsigned char *s; + size_t len; + DES_cblock tmp; + +#ifdef ENABLE_AFS_STRING_TO_KEY + if (opaque.length == 1) { + unsigned long v; + _krb5_get_int(opaque.data, &v, 1); + if (v == 1) + return DES_AFS3_string_to_key(context, enctype, password, + salt, opaque, key); + } +#endif + + len = password.length + salt.saltvalue.length; + s = malloc(len); + if(len > 0 && s == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + memcpy(s, password.data, password.length); + memcpy(s + password.length, salt.saltvalue.data, salt.saltvalue.length); + DES_string_to_key_int(s, len, &tmp); + key->keytype = enctype; + krb5_data_copy(&key->keyvalue, tmp, sizeof(tmp)); + memset(&tmp, 0, sizeof(tmp)); + memset(s, 0, len); + free(s); + return 0; +} + +static void krb5_DES_random_to_key(krb5_context context, krb5_keyblock *key, const void *data, diff --git a/source4/heimdal/lib/krb5/kcm.c b/source4/heimdal/lib/krb5/kcm.c index b7873f33d5..f4372422ac 100644 --- a/source4/heimdal/lib/krb5/kcm.c +++ b/source4/heimdal/lib/krb5/kcm.c @@ -43,7 +43,7 @@ #include "kcm.h" -RCSID("$Id: kcm.c,v 1.7 2005/06/17 04:20:11 lha Exp $"); +RCSID("$Id: kcm.c,v 1.8 2005/09/19 20:23:05 lha Exp $"); typedef struct krb5_kcmcache { char *name; @@ -246,7 +246,8 @@ kcm_call(krb5_context context, krb5_data *response_data_p) { krb5_data response_data; - krb5_error_code ret, status; + krb5_error_code ret; + int32_t status; krb5_storage *response; if (response_p != NULL) @@ -605,7 +606,7 @@ kcm_get_first (krb5_context context, krb5_kcmcache *k = KCMCACHE(id); krb5_storage *request, *response; krb5_data response_data; - u_int32_t tmp; + int32_t tmp; ret = kcm_storage_request(context, KCM_OP_GET_FIRST, &request); if (ret) @@ -624,7 +625,7 @@ kcm_get_first (krb5_context context, } ret = krb5_ret_int32(response, &tmp); - if (ret) + if (ret || tmp < 0) ret = KRB5_CC_IO; krb5_storage_free(request); diff --git a/source4/heimdal/lib/krb5/krb5-private.h b/source4/heimdal/lib/krb5/krb5-private.h index 8e2ebcf43e..ef47bd1e26 100644 --- a/source4/heimdal/lib/krb5/krb5-private.h +++ b/source4/heimdal/lib/krb5/krb5-private.h @@ -340,14 +340,6 @@ _krb5_put_int ( unsigned long /*value*/, size_t /*size*/); -krb5_error_code KRB5_LIB_FUNCTION -_krb5_rd_rep_type ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - const krb5_data */*inbuf*/, - krb5_ap_rep_enc_part **/*repl*/, - krb5_boolean /*dce_style_response*/); - int _krb5_send_and_recv_tcp ( int /*fd*/, diff --git a/source4/heimdal/lib/krb5/krb5-protos.h b/source4/heimdal/lib/krb5/krb5-protos.h index 97f286b83e..8db553e6e3 100644 --- a/source4/heimdal/lib/krb5/krb5-protos.h +++ b/source4/heimdal/lib/krb5/krb5-protos.h @@ -20,15 +20,6 @@ extern "C" { #endif #endif -void -initialize_heim_error_table_r (struct et_list **/*list*/); - -void -initialize_k524_error_table_r (struct et_list **/*list*/); - -void -initialize_krb5_error_table_r (struct et_list **/*list*/); - krb5_error_code KRB5_LIB_FUNCTION krb524_convert_creds_kdc ( krb5_context /*context*/, @@ -706,7 +697,7 @@ krb5_error_code KRB5_LIB_FUNCTION krb5_change_password ( krb5_context /*context*/, krb5_creds */*creds*/, - char */*newpw*/, + const char */*newpw*/, int */*result_code*/, krb5_data */*result_code_string*/, krb5_data */*result_string*/); @@ -2629,7 +2620,7 @@ krb5_rd_req_return_keyblock ( krb5_keytab /*keytab*/, krb5_flags */*ap_req_options*/, krb5_ticket **/*ticket*/, - krb5_keyblock **/*keyblock*/); + krb5_keyblock **/*return_keyblock*/); krb5_error_code KRB5_LIB_FUNCTION krb5_rd_req_with_keyblock ( @@ -2854,7 +2845,7 @@ krb5_error_code KRB5_LIB_FUNCTION krb5_set_password ( krb5_context /*context*/, krb5_creds */*creds*/, - char */*newpw*/, + const char */*newpw*/, krb5_principal /*targprinc*/, int */*result_code*/, krb5_data */*result_code_string*/, @@ -2864,7 +2855,7 @@ krb5_error_code KRB5_LIB_FUNCTION krb5_set_password_using_ccache ( krb5_context /*context*/, krb5_ccache /*ccache*/, - char */*newpw*/, + const char */*newpw*/, krb5_principal /*targprinc*/, int */*result_code*/, krb5_data */*result_code_string*/, diff --git a/source4/heimdal/lib/krb5/pkinit.c b/source4/heimdal/lib/krb5/pkinit.c index 69f72d7b88..7ac1436f6e 100755 --- a/source4/heimdal/lib/krb5/pkinit.c +++ b/source4/heimdal/lib/krb5/pkinit.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: pkinit.c,v 1.59 2005/08/12 08:53:00 lha Exp $"); +RCSID("$Id: pkinit.c,v 1.62 2005/09/20 23:21:36 lha Exp $"); #ifdef PKINIT @@ -867,10 +867,11 @@ _krb5_pk_mk_padata(krb5_context context, if (ret) goto out; } else { +#if 0 ret = pk_mk_padata(context, COMPAT_19, ctx, req_body, nonce, md); if (ret) goto out; - +#endif ret = pk_mk_padata(context, COMPAT_27, ctx, req_body, nonce, md); if (ret) goto out; @@ -1143,7 +1144,7 @@ _krb5_pk_verify_sign(krb5_context context, EVP_PKEY *public_key; krb5_error_code ret; EVP_MD_CTX md; - X509 *cert; + X509 *cert = NULL; SignedData sd; size_t size; @@ -1187,7 +1188,6 @@ _krb5_pk_verify_sign(krb5_context context, set.len = sd.certificates->len; ret = cert_to_X509(context, &set, &certificates); - free_CertificateSet(&set); } if (ret) { krb5_set_error_string(context, @@ -1860,10 +1860,13 @@ _krb5_pk_rd_pa_reply(krb5_context context, return ret; default: free_PA_PK_AS_REP(&rep); - krb5_set_error_string(context, "PKINIT: -25 reply " + krb5_set_error_string(context, "PKINIT: -27 reply " "invalid content type"); + ret = EINVAL; break; } + if (ret == 0) + return ret; } /* Check for PK-INIT -19 */ @@ -1911,7 +1914,7 @@ _krb5_pk_rd_pa_reply(krb5_context context, &w2krep, &size); if (ret) { - krb5_set_error_string(context, "PKINIT: Failed decoding windows" + krb5_set_error_string(context, "PKINIT: Failed decoding windows " "pkinit reply %d", ret); return ret; } |