s4:heimdal: import lorikeet-heimdal-201009250123 (commit 42cabfb5b683dbcb97d583c397b897507689e382)

I based this on Matthieu's import of lorikeet-heimdal, and then updated it to this commit. Andrew Bartlett
author: Matthieu Patou <mat@matws.net> 2010-08-15 18:31:28 +0400
committer: Andrew Bartlett <abartlet@samba.org> 2010-10-03 01:15:04 +0000
commit: ab6e3fce040f9ad27cbce44e9038a24f15b601c8 (patch)
tree: ab99a431c9610927b5d0d26335d2712b509fd6dc /source4/heimdal/lib/hdb
parent: 197a1514d62494cc8b862d169c841a26e04b8925 (diff)
download: samba-ab6e3fce040f9ad27cbce44e9038a24f15b601c8.tar.gz
samba-ab6e3fce040f9ad27cbce44e9038a24f15b601c8.tar.bz2
samba-ab6e3fce040f9ad27cbce44e9038a24f15b601c8.zip
5 files changed, 30 insertions, 19 deletions
diff --git a/source4/heimdal/lib/hdb/ext.c b/source4/heimdal/lib/hdb/ext.c
index faf0b6bdf2..fb32fdb845 100644
--- a/source4/heimdal/lib/hdb/ext.c
+++ b/source4/heimdal/lib/hdb/ext.c
@@ -316,7 +316,7 @@ hdb_entry_get_password(krb5_context context, HDB *db,
 
 	str = pw.data;
 	if (str[pw.length - 1] != '\0') {
-	    krb5_set_error_message(context, EINVAL, "password malformated");
+	    krb5_set_error_message(context, EINVAL, "malformed password");
 	    return EINVAL;
 	}
 
@@ -332,7 +332,8 @@ hdb_entry_get_password(krb5_context context, HDB *db,
 
     ret = krb5_unparse_name(context, entry->principal, &str);
     if (ret == 0) {
-	krb5_set_error_message(context, ENOENT, "no password attributefor %s", str);
+	krb5_set_error_message(context, ENOENT,
+			       "no password attribute for %s", str);
 	free(str);
     } else
 	krb5_clear_error_message(context);
diff --git a/source4/heimdal/lib/hdb/hdb_err.et b/source4/heimdal/lib/hdb/hdb_err.et
index 120dbfb9fa..2cad4daba4 100644
--- a/source4/heimdal/lib/hdb/hdb_err.et
+++ b/source4/heimdal/lib/hdb/hdb_err.et
@@ -24,6 +24,7 @@ error_code EXISTS,		"Entry already exists in database"
 error_code BADVERSION,		"Wrong database version"
 error_code NO_MKEY,		"No correct master key"
 error_code MANDATORY_OPTION,	"Entry contains unknown mandatory extension"
+error_code NO_WRITE_SUPPORT,	"HDB backend doesn't contain write support"
 error_code NOT_FOUND_HERE,	"The secret for this entry is not replicated to this database"
 
 end
diff --git a/source4/heimdal/lib/hdb/keytab.c b/source4/heimdal/lib/hdb/keytab.c
index 524cea6f45..efaed7f420 100644
--- a/source4/heimdal/lib/hdb/keytab.c
+++ b/source4/heimdal/lib/hdb/keytab.c
@@ -52,7 +52,7 @@ struct hdb_cursor {
  * HDB:[HDBFORMAT:database-specific-data[:mkey=mkey-file]]
  */
 
-static krb5_error_code
+static krb5_error_code KRB5_CALLCONV
 hdb_resolve(krb5_context context, const char *name, krb5_keytab id)
 {
     struct hdb_data *d;
@@ -99,7 +99,7 @@ hdb_resolve(krb5_context context, const char *name, krb5_keytab id)
     return 0;
 }
 
-static krb5_error_code
+static krb5_error_code KRB5_CALLCONV
 hdb_close(krb5_context context, krb5_keytab id)
 {
     struct hdb_data *d = id->data;
@@ -110,7 +110,7 @@ hdb_close(krb5_context context, krb5_keytab id)
     return 0;
 }
 
-static krb5_error_code
+static krb5_error_code KRB5_CALLCONV
 hdb_get_name(krb5_context context,
 	     krb5_keytab id,
 	     char *name,
@@ -169,7 +169,7 @@ find_db (krb5_context context,
  * it in `entry'.  return 0 or an error code
  */
 
-static krb5_error_code
+static krb5_error_code KRB5_CALLCONV
 hdb_get_entry(krb5_context context,
 	      krb5_keytab id,
 	      krb5_const_principal principal,
@@ -256,7 +256,7 @@ hdb_get_entry(krb5_context context,
  * it in `entry'.  return 0 or an error code
  */
 
-static krb5_error_code
+static krb5_error_code KRB5_CALLCONV
 hdb_start_seq_get(krb5_context context,
 		  krb5_keytab id,
 		  krb5_kt_cursor *cursor)
@@ -309,7 +309,7 @@ hdb_start_seq_get(krb5_context context,
     return ret;
 }
 
-static int
+static int KRB5_CALLCONV
 hdb_next_entry(krb5_context context,
 	       krb5_keytab id,
 	       krb5_keytab_entry *entry,
@@ -391,7 +391,7 @@ hdb_next_entry(krb5_context context,
 }
 
 
-static int
+static int KRB5_CALLCONV
 hdb_end_seq_get(krb5_context context,
 		krb5_keytab id,
 		krb5_kt_cursor *cursor)
diff --git a/source4/heimdal/lib/hdb/mkey.c b/source4/heimdal/lib/hdb/mkey.c
index 360bb33a3a..760eccfd43 100644
--- a/source4/heimdal/lib/hdb/mkey.c
+++ b/source4/heimdal/lib/hdb/mkey.c
@@ -146,7 +146,7 @@ read_master_keytab(krb5_context context, const char *filename,
 /* read a MIT master keyfile */
 static krb5_error_code
 read_master_mit(krb5_context context, const char *filename,
-		hdb_master_key *mkey)
+		int byteorder, hdb_master_key *mkey)
 {
     int fd;
     krb5_error_code ret;
@@ -166,20 +166,16 @@ read_master_mit(krb5_context context, const char *filename,
 	close(fd);
 	return errno;
     }
-    krb5_storage_set_flags(sp, KRB5_STORAGE_HOST_BYTEORDER);
+    krb5_storage_set_flags(sp, byteorder);
     /* could possibly use ret_keyblock here, but do it with more
        checks for now */
     {
 	ret = krb5_ret_int16(sp, &enctype);
 	if (ret)
 	    goto out;
-	if((htons(enctype) & 0xff00) == 0x3000) {
-	    ret = HEIM_ERR_BAD_MKEY;
-	    krb5_set_error_message(context, ret, "unknown keytype in %s: "
-				   "%#x, expected %#x",
-				   filename, htons(enctype), 0x3000);
-	    goto out;
-	}
+	ret = krb5_enctype_valid(context, enctype);
+	if (ret)
+	   goto out;
 	key.keytype = enctype;
 	ret = krb5_ret_data(sp, &key.keyvalue);
 	if(ret)
@@ -330,7 +326,14 @@ hdb_read_master_key(krb5_context context, const char *filename,
     } else if(buf[0] == 5 && buf[1] >= 1 && buf[1] <= 2) {
 	ret = read_master_keytab(context, filename, mkey);
     } else {
-	ret = read_master_mit(context, filename, mkey);
+      /*
+       * Check both LittleEndian and BigEndian since they key file
+       * might be moved from a machine with diffrent byte order, or
+       * its running on MacOS X that always uses BE master keys.
+       */
+      ret = read_master_mit(context, filename, KRB5_STORAGE_BYTEORDER_LE, mkey);
+      if (ret)
+          ret = read_master_mit(context, filename, KRB5_STORAGE_BYTEORDER_BE, mkey);
     }
     return ret;
 }
diff --git a/source4/heimdal/lib/hdb/ndbm.c b/source4/heimdal/lib/hdb/ndbm.c
index bad3c49742..2a57d2ac27 100644
--- a/source4/heimdal/lib/hdb/ndbm.c
+++ b/source4/heimdal/lib/hdb/ndbm.c
@@ -37,9 +37,11 @@
 
 #if defined(HAVE_GDBM_NDBM_H)
 #include <gdbm/ndbm.h>
+#define WRITE_SUPPORT 1
 #elif defined(HAVE_NDBM_H)
 #include <ndbm.h>
 #elif defined(HAVE_DBM_H)
+#define WRITE_SUPPORT 1
 #include <dbm.h>
 #endif
 
@@ -243,6 +245,7 @@ static krb5_error_code
 NDBM__put(krb5_context context, HDB *db, int replace,
 	krb5_data key, krb5_data value)
 {
+#ifdef WRITE_SUPPORT
     struct ndbm_db *d = (struct ndbm_db *)db->hdb_db;
     datum k, v;
     int code;
@@ -262,6 +265,9 @@ NDBM__put(krb5_context context, HDB *db, int replace,
     if (code < 0)
 	return code;
     return 0;
+#else
+    return HDB_ERR_NO_WRITE_SUPPORT;
+#endif
 }
 
 static krb5_error_code
author	Matthieu Patou <mat@matws.net>	2010-08-15 18:31:28 +0400
committer	Andrew Bartlett <abartlet@samba.org>	2010-10-03 01:15:04 +0000
commit	ab6e3fce040f9ad27cbce44e9038a24f15b601c8 (patch)
tree	ab99a431c9610927b5d0d26335d2712b509fd6dc /source4/heimdal/lib/hdb
parent	197a1514d62494cc8b862d169c841a26e04b8925 (diff)
download	samba-ab6e3fce040f9ad27cbce44e9038a24f15b601c8.tar.gz samba-ab6e3fce040f9ad27cbce44e9038a24f15b601c8.tar.bz2 samba-ab6e3fce040f9ad27cbce44e9038a24f15b601c8.zip