s4:heimdal: import lorikeet-heimdal-200908050050 (commit 8714779fa7376fd9f7761587639e68b48afc8c9c)

This also adds a new hdb-glue.c file, to cope with Heimdal's
uncondtional enabling of SQLITE.

(Very reasonable, but not required for Samba4's use).

Andrew Bartlett

1 files changed, 12 insertions, 8 deletions

diff --git a/source4/heimdal/kdc/pkinit.c b/source4/heimdal/kdc/pkinit.c
index 644eae0fe4..0d00ef2173 100644
--- a/source4/heimdal/kdc/pkinit.c
+++ b/source4/heimdal/kdc/pkinit.c
@@ -284,7 +284,7 @@ generate_dh_keyblock(krb5_context context,
 	dh_gen_keylen = ECDH_compute_key(dh_gen_key, size, 
 					 EC_KEY_get0_public_key(client_params->u.ecdh.public_key),
 					 client_params->u.ecdh.key, NULL);
-	ret = 0;
+
 #endif /* HAVE_OPENSSL */
     } else {
 	ret = KRB5KRB_ERR_GENERIC;
@@ -1450,8 +1450,10 @@ _kdc_pk_mk_pa_reply(krb5_context context,
 
 	ret = krb5_generate_random_keyblock(context, sessionetype, 
 					    sessionkey);
-	if (ret)
+	if (ret) {
+	    free(buf);
 	    goto out;
+	}
 
     } else
 	krb5_abortx(context, "PK-INIT internal error");
@@ -1981,12 +1983,14 @@ _kdc_pk_initialize(krb5_context context,
 		hx509_name name;
 		char *str;
 		ret = hx509_cert_get_subject(cert, &name);
-		hx509_name_to_string(name, &str);
-		krb5_warnx(context, "WARNING Found KDC certificate (%s)"
-			   "is missing the PK-INIT KDC EKU, this is bad for "
-			   "interoperability.", str);
-		hx509_name_free(&name);
-		free(str);
+		if (ret == 0) {
+		    hx509_name_to_string(name, &str);
+		    krb5_warnx(context, "WARNING Found KDC certificate (%s)"
+			       "is missing the PK-INIT KDC EKU, this is bad for "
+			       "interoperability.", str);
+		    hx509_name_free(&name);
+		    free(str);
+		}
 	    }
 	    hx509_cert_free(cert);
 	} else