summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2009-07-17 08:29:03 +1000
committerAndrew Bartlett <abartlet@samba.org>2009-07-17 08:32:01 +1000
commit6cb81f7b37d541efb54bcdca46b1e0f6bc8afef9 (patch)
treecaa5d7949d048bfb7ecf5a14a3531a6891c640b6
parent19bc4ce95ca9b2a985313f5eb887275aa6fe3599 (diff)
downloadsamba-6cb81f7b37d541efb54bcdca46b1e0f6bc8afef9.tar.gz
samba-6cb81f7b37d541efb54bcdca46b1e0f6bc8afef9.tar.bz2
samba-6cb81f7b37d541efb54bcdca46b1e0f6bc8afef9.zip
s4:heimdal: import lorikeet-heimdal-200907162216 (commit d09910d6803aad96b52ee626327ee55b14ea0de8)
This includes in particular changes to the KDC to resolve bug 6272, originally by Matthieu Patou <mat+Informatique.Samba@matws.net>. We need to sort the AuthorizationData elements to put the PAC first, or else WinXP breaks when browsed from Win2k8. Andrew Bartlett
-rw-r--r--source4/heimdal/kdc/krb5tgs.c39
-rw-r--r--source4/heimdal/lib/gssapi/gssapi/gssapi.h6
-rw-r--r--source4/heimdal/lib/hcrypto/des.h10
-rw-r--r--source4/heimdal/lib/hcrypto/evp.h9
-rw-r--r--source4/heimdal/lib/krb5/krb5.h6
-rw-r--r--source4/heimdal/lib/krb5/log.c13
6 files changed, 60 insertions, 23 deletions
diff --git a/source4/heimdal/kdc/krb5tgs.c b/source4/heimdal/kdc/krb5tgs.c
index 6b98506e81..635eb27e75 100644
--- a/source4/heimdal/kdc/krb5tgs.c
+++ b/source4/heimdal/kdc/krb5tgs.c
@@ -805,17 +805,34 @@ tgs_make_reply(krb5_context context,
et.flags.hw_authent = tgt->flags.hw_authent;
et.flags.anonymous = tgt->flags.anonymous;
et.flags.ok_as_delegate = server->entry.flags.ok_as_delegate;
+
+ if(rspac->length) {
+ /*
+ * No not need to filter out the any PAC from the
+ * auth_data since it's signed by the KDC.
+ */
+ ret = _kdc_tkt_add_if_relevant_ad(context, &et,
+ KRB5_AUTHDATA_WIN2K_PAC, rspac);
+ if (ret)
+ goto out;
+ }
if (auth_data) {
- /* XXX Check enc-authorization-data */
- et.authorization_data = calloc(1, sizeof(*et.authorization_data));
+ unsigned int i = 0;
+
+ /* XXX check authdata */
if (et.authorization_data == NULL) {
ret = ENOMEM;
+ krb5_set_error_message(context, ret, "malloc: out of memory");
goto out;
}
- ret = copy_AuthorizationData(auth_data, et.authorization_data);
- if (ret)
- goto out;
+ for(i = 0; i < auth_data->len ; i++) {
+ ret = add_AuthorizationData(et.authorization_data, &auth_data->val[i]);
+ if (ret) {
+ krb5_set_error_message(context, ret, "malloc: out of memory");
+ goto out;
+ }
+ }
/* Filter out type KRB5SignedPath */
ret = find_KRB5SignedPath(context, et.authorization_data, NULL);
@@ -832,18 +849,6 @@ tgs_make_reply(krb5_context context,
}
}
- if(rspac->length) {
- /*
- * No not need to filter out the any PAC from the
- * auth_data since it's signed by the KDC.
- */
- ret = _kdc_tkt_add_if_relevant_ad(context, &et,
- KRB5_AUTHDATA_WIN2K_PAC,
- rspac);
- if (ret)
- goto out;
- }
-
ret = krb5_copy_keyblock_contents(context, sessionkey, &et.key);
if (ret)
goto out;
diff --git a/source4/heimdal/lib/gssapi/gssapi/gssapi.h b/source4/heimdal/lib/gssapi/gssapi/gssapi.h
index 07c4b36325..91141808f5 100644
--- a/source4/heimdal/lib/gssapi/gssapi/gssapi.h
+++ b/source4/heimdal/lib/gssapi/gssapi/gssapi.h
@@ -54,7 +54,13 @@
#endif
#ifndef GSSAPI_DEPRECATED
+#if defined(__GNUC__) && ((__GNUC__ > 3) || ((__GNUC__ == 3) && (__GNUC_MINOR__ >= 1 )))
#define GSSAPI_DEPRECATED __attribute__((deprecated))
+#elif defined(_MSC_VER)
+#define GSSAPI_DEPRECATED __declspec(deprecated)
+#else
+#define GSSAPI_DEPRECATED
+#endif
#endif
/*
diff --git a/source4/heimdal/lib/hcrypto/des.h b/source4/heimdal/lib/hcrypto/des.h
index 14402d4b1c..99eb76c818 100644
--- a/source4/heimdal/lib/hcrypto/des.h
+++ b/source4/heimdal/lib/hcrypto/des.h
@@ -84,12 +84,14 @@ typedef struct DES_key_schedule
*
*/
-#if !defined(__GNUC__) && !defined(__attribute__)
-#define __attribute__(x)
-#endif
-
#ifndef HC_DEPRECATED
+#if defined(__GNUC__) && ((__GNUC__ > 3) || ((__GNUC__ == 3) && (__GNUC_MINOR__ >= 1 )))
#define HC_DEPRECATED __attribute__((deprecated))
+#elif defined(_MSC_VER) && (_MSC_VER>1200)
+#define HC_DEPRECATED __declspec(deprecated)
+#else
+#define HC_DEPRECATED
+#endif
#endif
#ifdef __cplusplus
diff --git a/source4/heimdal/lib/hcrypto/evp.h b/source4/heimdal/lib/hcrypto/evp.h
index a7c8fac900..0086a06960 100644
--- a/source4/heimdal/lib/hcrypto/evp.h
+++ b/source4/heimdal/lib/hcrypto/evp.h
@@ -190,10 +190,17 @@ struct hc_evp_md {
#endif
#ifndef HC_DEPRECATED
+#if defined(__GNUC__) && ((__GNUC__ > 3) || ((__GNUC__ == 3) && (__GNUC_MINOR__ >= 1 )))
#define HC_DEPRECATED __attribute__((deprecated))
+#elif defined(_MSC_VER) && (_MSC_VER>1200)
+#define HC_DEPRECATED __declspec(deprecated)
+#else
+#define HC_DEPRECATED
#endif
+#endif
+
#ifndef HC_DEPRECATED_CRYPTO
-#define HC_DEPRECATED_CRYPTO __attribute__((deprecated))
+#define HC_DEPRECATED_CRYPTO HC_DEPRECATED
#endif
diff --git a/source4/heimdal/lib/krb5/krb5.h b/source4/heimdal/lib/krb5/krb5.h
index 13dafacf21..1f2e769728 100644
--- a/source4/heimdal/lib/krb5/krb5.h
+++ b/source4/heimdal/lib/krb5/krb5.h
@@ -52,7 +52,13 @@
#endif
#ifndef KRB5_DEPRECATED
+#if defined(__GNUC__) && ((__GNUC__ > 3) || ((__GNUC__ == 3) && (__GNUC_MINOR__ >= 1 )))
#define KRB5_DEPRECATED __attribute__((deprecated))
+#elif defined(_MSC_VER) && (_MSC_VER>1200)
+#define KRB5_DEPRECATED __declspec(deprecated)
+#else
+#define KRB5_DEPRECATED
+#endif
#endif
/* simple constants */
diff --git a/source4/heimdal/lib/krb5/log.c b/source4/heimdal/lib/krb5/log.c
index 31d267320f..ee5c1159b1 100644
--- a/source4/heimdal/lib/krb5/log.c
+++ b/source4/heimdal/lib/krb5/log.c
@@ -32,6 +32,7 @@
*/
#include "krb5_locl.h"
+#include <vis.h>
struct facility {
int min;
@@ -218,11 +219,21 @@ log_file(const char *timestr,
void *data)
{
struct file_data *f = data;
+ char *msgclean;
+ size_t len = strlen(msg) + 1;
if(f->keep_open == 0)
f->fd = fopen(f->filename, f->mode);
if(f->fd == NULL)
return;
- fprintf(f->fd, "%s %s\n", timestr, msg);
+ /* make sure the log doesn't contain special chars */
+ len *= 4;
+ msgclean = malloc(len);
+ if (msgclean == NULL)
+ goto out;
+ strvisx(rk_UNCONST(msg), msgclean, len, VIS_OCTAL);
+ fprintf(f->fd, "%s %s\n", timestr, msgclean);
+ free(msgclean);
+ out:
if(f->keep_open == 0) {
fclose(f->fd);
f->fd = NULL;