r14635: - Remove lex.c from SVN (it is built anyway, and having it in SVN

  confuses things)

- Update Samba4 from lorikeet-heimdal

- Remove generated symlink on make clean

Andrew Bartlett
(This used to be commit a5c2b4cc92e807d18cb8df99bebf004fa4252e1e)

6 files changed, 112 insertions, 117 deletions

diff --git a/source4/heimdal/lib/krb5/addr_families.c b/source4/heimdal/lib/krb5/addr_families.c
index ccc97f412d..cf460ba725 100644
--- a/source4/heimdal/lib/krb5/addr_families.c
+++ b/source4/heimdal/lib/krb5/addr_families.c
@@ -33,7 +33,7 @@
 
 #include "krb5_locl.h"
 
-RCSID("$Id: addr_families.c,v 1.49 2005/06/16 20:16:12 lha Exp $");
+RCSID("$Id: addr_families.c,v 1.50 2006/03/17 22:12:13 lha Exp $");
 
 struct addr_operations {
     int af;
@@ -930,11 +930,18 @@ krb5_parse_address(krb5_context context,
     int error;
     int save_errno;
 
+    addresses->len = 0;
+    addresses->val = NULL;
+
     for(i = 0; i < num_addrs; i++) {
 	if(at[i].parse_addr) {
 	    krb5_address addr;
 	    if((*at[i].parse_addr)(context, string, &addr) == 0) {
 		ALLOC_SEQ(addresses, 1);
+		if (addresses->val == NULL) {
+		    krb5_set_error_string(context, "malloc: out of memory");
+		    return ENOMEM;
+		}
 		addresses->val[0] = addr;
 		return 0;
 	    }
@@ -1047,6 +1054,8 @@ krb5_free_addresses(krb5_context context,
     for(i = 0; i < addresses->len; i++)
 	krb5_free_address(context, &addresses->val[i]);
     free(addresses->val);
+    addresses->len = 0;
+    addresses->val = NULL;
     return 0;
 }
 
diff --git a/source4/heimdal/lib/krb5/crypto.c b/source4/heimdal/lib/krb5/crypto.c
index 3cfc780eb4..039484c650 100644
--- a/source4/heimdal/lib/krb5/crypto.c
+++ b/source4/heimdal/lib/krb5/crypto.c
@@ -32,7 +32,7 @@
  */
 
 #include "krb5_locl.h"
-RCSID("$Id: crypto.c,v 1.132 2006/02/28 14:52:57 lha Exp $");
+RCSID("$Id: crypto.c,v 1.133 2006/03/07 19:34:55 lha Exp $");
 
 #undef CRYPTO_DEBUG
 #ifdef CRYPTO_DEBUG
@@ -3414,7 +3414,7 @@ decrypt_internal_derived(krb5_context context,
     l = len - et->confoundersize;
     memmove(p, p + et->confoundersize, l);
     result->data = realloc(p, l);
-    if(result->data == NULL) {
+    if(result->data == NULL && l != 0) {
 	free(p);
 	krb5_set_error_string(context, "malloc: out of memory");
 	return ENOMEM;
@@ -3479,7 +3479,7 @@ decrypt_internal(krb5_context context,
     l = len - et->confoundersize - checksum_sz;
     memmove(p, p + et->confoundersize + checksum_sz, l);
     result->data = realloc(p, l);
-    if(result->data == NULL) {
+    if(result->data == NULL && l != 0) {
 	free(p);
 	krb5_set_error_string(context, "malloc: out of memory");
 	return ENOMEM;
@@ -3523,7 +3523,7 @@ decrypt_internal_special(krb5_context context,
 
     memmove (p, p + cksum_sz + et->confoundersize, sz);
     result->data = realloc(p, sz);
-    if(result->data == NULL) {
+    if(result->data == NULL && sz != 0) {
 	free(p);
 	krb5_set_error_string(context, "malloc: out of memory");
 	return ENOMEM;
diff --git a/source4/heimdal/lib/krb5/get_for_creds.c b/source4/heimdal/lib/krb5/get_for_creds.c
index aa7c62befc..dafe668b5d 100644
--- a/source4/heimdal/lib/krb5/get_for_creds.c
+++ b/source4/heimdal/lib/krb5/get_for_creds.c
@@ -33,7 +33,7 @@
 
 #include <krb5_locl.h>
 
-RCSID("$Id: get_for_creds.c,v 1.47 2006/02/03 11:37:29 lha Exp $");
+RCSID("$Id: get_for_creds.c,v 1.48 2006/03/07 19:38:09 lha Exp $");
 
 static krb5_error_code
 add_addrs(krb5_context context,
@@ -50,7 +50,7 @@ add_addrs(krb5_context context,
 	++n;
 
     tmp = realloc(addr->val, (addr->len + n) * sizeof(*addr->val));
-    if (tmp == NULL) {
+    if (tmp == NULL && (addr->len + n) != 0) {
 	krb5_set_error_string(context, "malloc: out of memory");
 	ret = ENOMEM;
 	goto fail;
diff --git a/source4/heimdal/lib/krb5/mk_req_ext.c b/source4/heimdal/lib/krb5/mk_req_ext.c
index ab83d912ea..18b0e3552f 100644
--- a/source4/heimdal/lib/krb5/mk_req_ext.c
+++ b/source4/heimdal/lib/krb5/mk_req_ext.c
@@ -33,7 +33,7 @@
 
 #include <krb5_locl.h>
 
-RCSID("$Id: mk_req_ext.c,v 1.30 2005/01/05 06:31:01 lukeh Exp $");
+RCSID("$Id: mk_req_ext.c,v 1.32 2006/03/19 20:33:13 lha Exp $");
 
 krb5_error_code
 _krb5_mk_req_internal(krb5_context context,
@@ -45,120 +45,103 @@ _krb5_mk_req_internal(krb5_context context,
 		      krb5_key_usage checksum_usage,
 		      krb5_key_usage encrypt_usage)
 {
-  krb5_error_code ret;
-  krb5_data authenticator;
-  Checksum c;
-  Checksum *c_opt;
-  krb5_auth_context ac;
+    krb5_error_code ret;
+    krb5_data authenticator;
+    Checksum c;
+    Checksum *c_opt;
+    krb5_auth_context ac;
 
-  if(auth_context) {
-      if(*auth_context == NULL)
-	  ret = krb5_auth_con_init(context, auth_context);
-      else
-	  ret = 0;
-      ac = *auth_context;
-  } else
-      ret = krb5_auth_con_init(context, &ac);
-  if(ret)
-      return ret;
+    if(auth_context) {
+	if(*auth_context == NULL)
+	    ret = krb5_auth_con_init(context, auth_context);
+	else
+	    ret = 0;
+	ac = *auth_context;
+    } else
+	ret = krb5_auth_con_init(context, &ac);
+    if(ret)
+	return ret;
       
-  if(ac->local_subkey == NULL && (ap_req_options & AP_OPTS_USE_SUBKEY)) {
-      ret = krb5_auth_con_generatelocalsubkey(context, ac, &in_creds->session);
-      if(ret)
-	  return ret;
-  }
+    if(ac->local_subkey == NULL && (ap_req_options & AP_OPTS_USE_SUBKEY)) {
+	ret = krb5_auth_con_generatelocalsubkey(context,
+						ac, 
+						&in_creds->session);
+	if(ret)
+	    goto out;
+    }
 
-#if 0
-  {
-      /* This is somewhat bogus since we're possibly overwriting a
-         value specified by the user, but it's the easiest way to make
-         the code use a compatible enctype */
-      Ticket ticket;
-      krb5_keytype ticket_keytype;
+    krb5_free_keyblock(context, ac->keyblock);
+    ret = krb5_copy_keyblock(context, &in_creds->session, &ac->keyblock);
+    if (ret)
+	goto out;
+  
+    /* it's unclear what type of checksum we can use.  try the best one, except:
+     * a) if it's configured differently for the current realm, or
+     * b) if the session key is des-cbc-crc
+     */
 
-      ret = decode_Ticket(in_creds->ticket.data, 
-			  in_creds->ticket.length, 
-			  &ticket, 
-			  NULL);
-      krb5_enctype_to_keytype (context,
-			       ticket.enc_part.etype,
-			       &ticket_keytype);
+    if (in_data) {
+	if(ac->keyblock->keytype == ETYPE_DES_CBC_CRC) {
+	    /* this is to make DCE secd (and older MIT kdcs?) happy */
+	    ret = krb5_create_checksum(context, 
+				       NULL,
+				       0,
+				       CKSUMTYPE_RSA_MD4,
+				       in_data->data,
+				       in_data->length,
+				       &c);
+	} else if(ac->keyblock->keytype == ETYPE_ARCFOUR_HMAC_MD5 ||
+		  ac->keyblock->keytype == ETYPE_ARCFOUR_HMAC_MD5_56) {
+	    /* this is to make MS kdc happy */ 
+	    ret = krb5_create_checksum(context, 
+				       NULL,
+				       0,
+				       CKSUMTYPE_RSA_MD5,
+				       in_data->data,
+				       in_data->length,
+				       &c);
+	} else {
+	    krb5_crypto crypto;
 
-      if (ticket_keytype == in_creds->session.keytype)
-	  krb5_auth_setenctype(context, 
-			       ac,
-			       ticket.enc_part.etype);
-      free_Ticket(&ticket);
-  }
-#endif
+	    ret = krb5_crypto_init(context, ac->keyblock, 0, &crypto);
+	    if (ret)
+		goto out;
+	    ret = krb5_create_checksum(context, 
+				       crypto,
+				       checksum_usage,
+				       0,
+				       in_data->data,
+				       in_data->length,
+				       &c);
+	    krb5_crypto_destroy(context, crypto);
+	}
+	c_opt = &c;
+    } else {
+	c_opt = NULL;
+    }
 
-  krb5_free_keyblock(context, ac->keyblock);
-  krb5_copy_keyblock(context, &in_creds->session, &ac->keyblock);
+    if (ret)
+	goto out;
   
-  /* it's unclear what type of checksum we can use.  try the best one, except:
-   * a) if it's configured differently for the current realm, or
-   * b) if the session key is des-cbc-crc
-   */
-
-  if (in_data) {
-      if(ac->keyblock->keytype == ETYPE_DES_CBC_CRC) {
-	  /* this is to make DCE secd (and older MIT kdcs?) happy */
-	  ret = krb5_create_checksum(context, 
-				     NULL,
-				     0,
-				     CKSUMTYPE_RSA_MD4,
-				     in_data->data,
-				     in_data->length,
-				     &c);
-      } else if(ac->keyblock->keytype == ETYPE_ARCFOUR_HMAC_MD5 ||
-		ac->keyblock->keytype == ETYPE_ARCFOUR_HMAC_MD5_56) {
-	  /* this is to make MS kdc happy */ 
-	  ret = krb5_create_checksum(context, 
-				     NULL,
-				     0,
-				     CKSUMTYPE_RSA_MD5,
-				     in_data->data,
-				     in_data->length,
-				     &c);
-      } else {
-	  krb5_crypto crypto;
+    ret = krb5_build_authenticator (context,
+				    ac,
+				    ac->keyblock->keytype,
+				    in_creds,
+				    c_opt,
+				    NULL,
+				    &authenticator,
+				    encrypt_usage);
+    if (c_opt)
+	free_Checksum (c_opt);
+    if (ret)
+	goto out;
 
-	  ret = krb5_crypto_init(context, ac->keyblock, 0, &crypto);
-	  if (ret)
-	      return ret;
-	  ret = krb5_create_checksum(context, 
-				     crypto,
-				     checksum_usage,
-				     0,
-				     in_data->data,
-				     in_data->length,
-				     &c);
-      
-	  krb5_crypto_destroy(context, crypto);
-      }
-      c_opt = &c;
-  } else {
-      c_opt = NULL;
-  }
-  
-  ret = krb5_build_authenticator (context,
-				  ac,
-				  ac->keyblock->keytype,
-				  in_creds,
-				  c_opt,
-				  NULL,
-				  &authenticator,
-				  encrypt_usage);
-  if (c_opt)
-      free_Checksum (c_opt);
-  if (ret)
+    ret = krb5_build_ap_req (context, ac->keyblock->keytype, 
+			     in_creds, ap_req_options, authenticator, outbuf);
+out:
+    if(auth_context == NULL)
+	krb5_auth_con_free(context, ac);
     return ret;
-
-  ret = krb5_build_ap_req (context, ac->keyblock->keytype, 
-			   in_creds, ap_req_options, authenticator, outbuf);
-  if(auth_context == NULL)
-      krb5_auth_con_free(context, ac);
-  return ret;
 }
 
 krb5_error_code KRB5_LIB_FUNCTION
diff --git a/source4/heimdal/lib/krb5/rd_priv.c b/source4/heimdal/lib/krb5/rd_priv.c
index bafd23e995..bf82ad556e 100644
--- a/source4/heimdal/lib/krb5/rd_priv.c
+++ b/source4/heimdal/lib/krb5/rd_priv.c
@@ -33,7 +33,7 @@
 
 #include <krb5_locl.h>
 
-RCSID("$Id: rd_priv.c,v 1.31 2004/05/25 21:39:13 lha Exp $");
+RCSID("$Id: rd_priv.c,v 1.32 2006/03/18 22:15:57 lha Exp $");
 
 krb5_error_code KRB5_LIB_FUNCTION
 krb5_rd_priv(krb5_context context,
@@ -50,6 +50,9 @@ krb5_rd_priv(krb5_context context,
     krb5_keyblock *key;
     krb5_crypto crypto;
 
+    if (outdata)
+	krb5_data_zero(outdata);
+
     if ((auth_context->flags & 
 	 (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
 	outdata == NULL)
@@ -158,7 +161,7 @@ krb5_rd_priv(krb5_context context,
 	 (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE))) {
 	/* if these fields are not present in the priv-part, silently
            return zero */
-	memset(outdata, 0, sizeof(*outdata));
+	krb5_data_zero(outdata);
 	if(part.timestamp)
 	    outdata->timestamp = *part.timestamp;
 	if(part.usec)
diff --git a/source4/heimdal/lib/krb5/send_to_kdc.c b/source4/heimdal/lib/krb5/send_to_kdc.c
index 7bb4adabbd..d3d21aea3f 100644
--- a/source4/heimdal/lib/krb5/send_to_kdc.c
+++ b/source4/heimdal/lib/krb5/send_to_kdc.c
@@ -33,7 +33,7 @@
 
 #include "krb5_locl.h"
 
-RCSID("$Id: send_to_kdc.c,v 1.56 2005/06/17 04:33:11 lha Exp $");
+RCSID("$Id: send_to_kdc.c,v 1.57 2006/03/07 19:39:59 lha Exp $");
 
 struct send_and_recv {
 	krb5_send_and_recv_func_t func;
@@ -102,7 +102,7 @@ recv_loop (int fd,
 		 krb5_data_free (rep);
 		 return -1;
 	     }
-	     if(nbytes == 0)
+	     if(nbytes <= 0)
 		 return 0;
 
 	     if (limit)