summaryrefslogtreecommitdiff
path: root/source4/heimdal/kdc
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2009-08-05 11:25:50 +1000
committerAndrew Bartlett <abartlet@samba.org>2009-08-05 12:18:17 +1000
commitcd1d7f4be7d31388ab79c797acaf6d7730113112 (patch)
tree3d25e28089d1cffa5d7dadca529e29b936681607 /source4/heimdal/kdc
parent8bba340e65e84ee09a7da4d97bc7838d3eefbb15 (diff)
downloadsamba-cd1d7f4be7d31388ab79c797acaf6d7730113112.tar.gz
samba-cd1d7f4be7d31388ab79c797acaf6d7730113112.tar.bz2
samba-cd1d7f4be7d31388ab79c797acaf6d7730113112.zip
s4:heimdal: import lorikeet-heimdal-200908050050 (commit 8714779fa7376fd9f7761587639e68b48afc8c9c)
This also adds a new hdb-glue.c file, to cope with Heimdal's uncondtional enabling of SQLITE. (Very reasonable, but not required for Samba4's use). Andrew Bartlett
Diffstat (limited to 'source4/heimdal/kdc')
-rw-r--r--source4/heimdal/kdc/kdc_locl.h3
-rw-r--r--source4/heimdal/kdc/kerberos5.c14
-rw-r--r--source4/heimdal/kdc/misc.c8
-rw-r--r--source4/heimdal/kdc/pkinit.c20
4 files changed, 25 insertions, 20 deletions
diff --git a/source4/heimdal/kdc/kdc_locl.h b/source4/heimdal/kdc/kdc_locl.h
index daf155839c..024937e763 100644
--- a/source4/heimdal/kdc/kdc_locl.h
+++ b/source4/heimdal/kdc/kdc_locl.h
@@ -67,6 +67,9 @@ extern const struct units _kdc_digestunits[];
extern struct timeval _kdc_now;
#define kdc_time (_kdc_now.tv_sec)
+extern char *runas_string;
+extern char *chroot_string;
+
void
loop(krb5_context context, krb5_kdc_configuration *config);
diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c
index 53e9f54537..8edc07a49b 100644
--- a/source4/heimdal/kdc/kerberos5.c
+++ b/source4/heimdal/kdc/kerberos5.c
@@ -1208,19 +1208,13 @@ _kdc_as_rep(krb5_context context,
(unsigned)abs(kdc_time - p.patimestamp),
context->max_skew,
client_name);
-#if 1
- /* This code is from samba, needs testing */
+
/*
- * the following is needed to make windows clients
- * to retry using the timestamp in the error message
- *
- * this is maybe a bug in windows to not trying when e_text
- * is present...
+ * The following is needed to make windows clients to
+ * retry using the timestamp in the error message, if
+ * there is a e_text, they become unhappy.
*/
e_text = NULL;
-#else
- e_text = "Too large time skew";
-#endif
goto out;
}
et.flags.pre_authent = 1;
diff --git a/source4/heimdal/kdc/misc.c b/source4/heimdal/kdc/misc.c
index 247cb575de..e016183615 100644
--- a/source4/heimdal/kdc/misc.c
+++ b/source4/heimdal/kdc/misc.c
@@ -65,12 +65,15 @@ _kdc_db_fetch(krb5_context context,
"malformed request: "
"enterprise name with %d name components",
principal->name.name_string.len);
+ free(ent);
return ret;
}
ret = krb5_parse_name(context, principal->name.name_string.val[0],
&enterprise_principal);
- if (ret)
+ if (ret) {
+ free(ent);
return ret;
+ }
principal = enterprise_principal;
}
@@ -98,7 +101,8 @@ _kdc_db_fetch(krb5_context context,
}
}
free(ent);
- krb5_set_error_message(context, HDB_ERR_NOENTRY, "no such entry found in hdb");
+ krb5_set_error_message(context, HDB_ERR_NOENTRY,
+ "no such entry found in hdb");
return HDB_ERR_NOENTRY;
}
diff --git a/source4/heimdal/kdc/pkinit.c b/source4/heimdal/kdc/pkinit.c
index 644eae0fe4..0d00ef2173 100644
--- a/source4/heimdal/kdc/pkinit.c
+++ b/source4/heimdal/kdc/pkinit.c
@@ -284,7 +284,7 @@ generate_dh_keyblock(krb5_context context,
dh_gen_keylen = ECDH_compute_key(dh_gen_key, size,
EC_KEY_get0_public_key(client_params->u.ecdh.public_key),
client_params->u.ecdh.key, NULL);
- ret = 0;
+
#endif /* HAVE_OPENSSL */
} else {
ret = KRB5KRB_ERR_GENERIC;
@@ -1450,8 +1450,10 @@ _kdc_pk_mk_pa_reply(krb5_context context,
ret = krb5_generate_random_keyblock(context, sessionetype,
sessionkey);
- if (ret)
+ if (ret) {
+ free(buf);
goto out;
+ }
} else
krb5_abortx(context, "PK-INIT internal error");
@@ -1981,12 +1983,14 @@ _kdc_pk_initialize(krb5_context context,
hx509_name name;
char *str;
ret = hx509_cert_get_subject(cert, &name);
- hx509_name_to_string(name, &str);
- krb5_warnx(context, "WARNING Found KDC certificate (%s)"
- "is missing the PK-INIT KDC EKU, this is bad for "
- "interoperability.", str);
- hx509_name_free(&name);
- free(str);
+ if (ret == 0) {
+ hx509_name_to_string(name, &str);
+ krb5_warnx(context, "WARNING Found KDC certificate (%s)"
+ "is missing the PK-INIT KDC EKU, this is bad for "
+ "interoperability.", str);
+ hx509_name_free(&name);
+ free(str);
+ }
}
hx509_cert_free(cert);
} else