r10386: Merge current lorikeet-heimdal into Samba4.

Andrew Bartlett (This used to be commit 4d2a9a9bc497eae269c24cbf156b43b8588e2f73)
author: Andrew Bartlett <abartlet@samba.org> 2005-09-21 12:24:41 +0000
committer: Gerald (Jerry) Carter <jerry@samba.org> 2007-10-10 13:38:38 -0500
commit: c44efdaa2242f50d75dd5b800e372dd5586c6deb (patch)
tree: 543da228fe555b91b60bcd796e723b7c9628b3f6 /source4/heimdal/lib/krb5
parent: 8f334f69b5d5fcae4a7b2b70e18b7062c46c719e (diff)
download: samba-c44efdaa2242f50d75dd5b800e372dd5586c6deb.tar.gz
samba-c44efdaa2242f50d75dd5b800e372dd5586c6deb.tar.bz2
samba-c44efdaa2242f50d75dd5b800e372dd5586c6deb.zip
6 files changed, 101 insertions, 104 deletions
diff --git a/source4/heimdal/lib/krb5/changepw.c b/source4/heimdal/lib/krb5/changepw.c
index e6ef1d9d9b..c3cd6d4db9 100644
--- a/source4/heimdal/lib/krb5/changepw.c
+++ b/source4/heimdal/lib/krb5/changepw.c
@@ -33,7 +33,7 @@
 
 #include <krb5_locl.h>
 
-RCSID("$Id: changepw.c,v 1.53 2005/05/25 05:30:42 lha Exp $");
+RCSID("$Id: changepw.c,v 1.54 2005/09/08 11:38:01 lha Exp $");
 
 static void
 str2data (krb5_data *d,
@@ -67,7 +67,7 @@ chgpw_send_request (krb5_context context,
 		    krb5_principal targprinc,
 		    int is_stream,
 		    int sock,
-		    char *passwd,
+		    const char *passwd,
 		    const char *host)
 {
     krb5_error_code ret;
@@ -98,7 +98,7 @@ chgpw_send_request (krb5_context context,
     if (ret)
 	return ret;
 
-    passwd_data.data   = passwd;
+    passwd_data.data   = rk_UNCONST(passwd);
     passwd_data.length = strlen(passwd);
 
     krb5_data_zero (&krb_priv_data);
@@ -160,7 +160,7 @@ setpw_send_request (krb5_context context,
 		    krb5_principal targprinc,
 		    int is_stream,
 		    int sock,
-		    char *passwd,
+		    const char *passwd,
 		    const char *host)
 {
     krb5_error_code ret;
@@ -186,7 +186,7 @@ setpw_send_request (krb5_context context,
 	return ret;
 
     chpw.newpasswd.length = strlen(passwd);
-    chpw.newpasswd.data = passwd;
+    chpw.newpasswd.data = rk_UNCONST(passwd);
     if (targprinc) {
 	chpw.targname = &targprinc->name;
 	chpw.targrealm = &targprinc->realm;
@@ -456,7 +456,7 @@ typedef krb5_error_code (*kpwd_send_request) (krb5_context,
 					      krb5_principal,
 					      int,
 					      int,
-					      char *,
+					      const char *,
 					      const char *);
 typedef krb5_error_code (*kpwd_process_reply) (krb5_context,
 					       krb5_auth_context,
@@ -509,7 +509,7 @@ static krb5_error_code
 change_password_loop (krb5_context	context,
 		      krb5_creds	*creds,
 		      krb5_principal	targprinc,
-		      char		*newpw,
+		      const char	*newpw,
 		      int		*result_code,
 		      krb5_data		*result_code_string,
 		      krb5_data		*result_string,
@@ -663,7 +663,7 @@ change_password_loop (krb5_context	context,
 krb5_error_code KRB5_LIB_FUNCTION
 krb5_change_password (krb5_context	context,
 		      krb5_creds	*creds,
-		      char		*newpw,
+		      const char	*newpw,
 		      int		*result_code,
 		      krb5_data		*result_code_string,
 		      krb5_data		*result_string)
@@ -689,7 +689,7 @@ krb5_change_password (krb5_context	context,
 krb5_error_code KRB5_LIB_FUNCTION
 krb5_set_password(krb5_context context,
 		  krb5_creds *creds,
-		  char *newpw,
+		  const char *newpw,
 		  krb5_principal targprinc,
 		  int *result_code,
 		  krb5_data *result_code_string,
@@ -732,7 +732,7 @@ krb5_set_password(krb5_context context,
 krb5_error_code KRB5_LIB_FUNCTION
 krb5_set_password_using_ccache(krb5_context context,
 			       krb5_ccache ccache,
-			       char *newpw,
+			       const char *newpw,
 			       krb5_principal targprinc,
 			       int *result_code,
 			       krb5_data *result_code_string,
diff --git a/source4/heimdal/lib/krb5/crypto.c b/source4/heimdal/lib/krb5/crypto.c
index 1c3e8d2a10..2e23306c96 100644
--- a/source4/heimdal/lib/krb5/crypto.c
+++ b/source4/heimdal/lib/krb5/crypto.c
@@ -32,7 +32,7 @@
  */
 
 #include "krb5_locl.h"
-RCSID("$Id: crypto.c,v 1.128 2005/07/20 07:22:43 lha Exp $");
+RCSID("$Id: crypto.c,v 1.129 2005/09/19 22:13:54 lha Exp $");
 
 #undef CRYPTO_DEBUG
 #ifdef CRYPTO_DEBUG
@@ -188,68 +188,6 @@ krb5_DES_schedule(krb5_context context,
     DES_set_key(key->key->keyvalue.data, key->schedule->data);
 }
 
-static void
-DES_string_to_key_int(unsigned char *data, size_t length, DES_cblock *key)
-{
-    DES_key_schedule schedule;
-    int i;
-    int reverse = 0;
-    unsigned char *p;
-
-    unsigned char swap[] = { 0x0, 0x8, 0x4, 0xc, 0x2, 0xa, 0x6, 0xe, 
-			     0x1, 0x9, 0x5, 0xd, 0x3, 0xb, 0x7, 0xf };
-    memset(key, 0, 8);
-    
-    p = (unsigned char*)key;
-    for (i = 0; i < length; i++) {
-	unsigned char tmp = data[i];
-	if (!reverse)
-	    *p++ ^= (tmp << 1);
-	else
-	    *--p ^= (swap[tmp & 0xf] << 4) | swap[(tmp & 0xf0) >> 4];
-	if((i % 8) == 7)
-	    reverse = !reverse;
-    }
-    DES_set_odd_parity(key);
-    if(DES_is_weak_key(key))
-	(*key)[7] ^= 0xF0;
-    DES_set_key(key, &schedule);
-    DES_cbc_cksum((void*)data, key, length, &schedule, key);
-    memset(&schedule, 0, sizeof(schedule));
-    DES_set_odd_parity(key);
-    if(DES_is_weak_key(key))
-	(*key)[7] ^= 0xF0;
-}
-
-static krb5_error_code
-krb5_DES_string_to_key(krb5_context context,
-		  krb5_enctype enctype,
-		  krb5_data password,
-		  krb5_salt salt,
-		  krb5_data opaque,
-		  krb5_keyblock *key)
-{
-    unsigned char *s;
-    size_t len;
-    DES_cblock tmp;
-
-    len = password.length + salt.saltvalue.length;
-    s = malloc(len);
-    if(len > 0 && s == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    memcpy(s, password.data, password.length);
-    memcpy(s + password.length, salt.saltvalue.data, salt.saltvalue.length);
-    DES_string_to_key_int(s, len, &tmp);
-    key->keytype = enctype;
-    krb5_data_copy(&key->keyvalue, tmp, sizeof(tmp));
-    memset(&tmp, 0, sizeof(tmp));
-    memset(s, 0, len);
-    free(s);
-    return 0;
-}
-
 #ifdef ENABLE_AFS_STRING_TO_KEY
 
 /* This defines the Andrew string_to_key function.  It accepts a password
@@ -350,6 +288,78 @@ DES_AFS3_string_to_key(krb5_context context,
 #endif /* ENABLE_AFS_STRING_TO_KEY */
 
 static void
+DES_string_to_key_int(unsigned char *data, size_t length, DES_cblock *key)
+{
+    DES_key_schedule schedule;
+    int i;
+    int reverse = 0;
+    unsigned char *p;
+
+    unsigned char swap[] = { 0x0, 0x8, 0x4, 0xc, 0x2, 0xa, 0x6, 0xe, 
+			     0x1, 0x9, 0x5, 0xd, 0x3, 0xb, 0x7, 0xf };
+    memset(key, 0, 8);
+    
+    p = (unsigned char*)key;
+    for (i = 0; i < length; i++) {
+	unsigned char tmp = data[i];
+	if (!reverse)
+	    *p++ ^= (tmp << 1);
+	else
+	    *--p ^= (swap[tmp & 0xf] << 4) | swap[(tmp & 0xf0) >> 4];
+	if((i % 8) == 7)
+	    reverse = !reverse;
+    }
+    DES_set_odd_parity(key);
+    if(DES_is_weak_key(key))
+	(*key)[7] ^= 0xF0;
+    DES_set_key(key, &schedule);
+    DES_cbc_cksum((void*)data, key, length, &schedule, key);
+    memset(&schedule, 0, sizeof(schedule));
+    DES_set_odd_parity(key);
+    if(DES_is_weak_key(key))
+	(*key)[7] ^= 0xF0;
+}
+
+static krb5_error_code
+krb5_DES_string_to_key(krb5_context context,
+		  krb5_enctype enctype,
+		  krb5_data password,
+		  krb5_salt salt,
+		  krb5_data opaque,
+		  krb5_keyblock *key)
+{
+    unsigned char *s;
+    size_t len;
+    DES_cblock tmp;
+
+#ifdef ENABLE_AFS_STRING_TO_KEY
+    if (opaque.length == 1) {
+	unsigned long v;
+	_krb5_get_int(opaque.data, &v, 1);
+	if (v == 1)
+	    return DES_AFS3_string_to_key(context, enctype, password,
+					  salt, opaque, key);
+    }
+#endif
+
+    len = password.length + salt.saltvalue.length;
+    s = malloc(len);
+    if(len > 0 && s == NULL) {
+	krb5_set_error_string(context, "malloc: out of memory");
+	return ENOMEM;
+    }
+    memcpy(s, password.data, password.length);
+    memcpy(s + password.length, salt.saltvalue.data, salt.saltvalue.length);
+    DES_string_to_key_int(s, len, &tmp);
+    key->keytype = enctype;
+    krb5_data_copy(&key->keyvalue, tmp, sizeof(tmp));
+    memset(&tmp, 0, sizeof(tmp));
+    memset(s, 0, len);
+    free(s);
+    return 0;
+}
+
+static void
 krb5_DES_random_to_key(krb5_context context,
 		       krb5_keyblock *key,
 		       const void *data,
diff --git a/source4/heimdal/lib/krb5/kcm.c b/source4/heimdal/lib/krb5/kcm.c
index b7873f33d5..f4372422ac 100644
--- a/source4/heimdal/lib/krb5/kcm.c
+++ b/source4/heimdal/lib/krb5/kcm.c
@@ -43,7 +43,7 @@
 
 #include "kcm.h"
 
-RCSID("$Id: kcm.c,v 1.7 2005/06/17 04:20:11 lha Exp $");
+RCSID("$Id: kcm.c,v 1.8 2005/09/19 20:23:05 lha Exp $");
 
 typedef struct krb5_kcmcache {
     char *name;
@@ -246,7 +246,8 @@ kcm_call(krb5_context context,
 	 krb5_data *response_data_p)
 {
     krb5_data response_data;
-    krb5_error_code ret, status;
+    krb5_error_code ret;
+    int32_t status;
     krb5_storage *response;
 
     if (response_p != NULL)
@@ -605,7 +606,7 @@ kcm_get_first (krb5_context context,
     krb5_kcmcache *k = KCMCACHE(id);
     krb5_storage *request, *response;
     krb5_data response_data;
-    u_int32_t tmp;
+    int32_t tmp;
 
     ret = kcm_storage_request(context, KCM_OP_GET_FIRST, &request);
     if (ret)
@@ -624,7 +625,7 @@ kcm_get_first (krb5_context context,
     }
 
     ret = krb5_ret_int32(response, &tmp);
-    if (ret)
+    if (ret || tmp < 0)
 	ret = KRB5_CC_IO;
 
     krb5_storage_free(request);
diff --git a/source4/heimdal/lib/krb5/krb5-private.h b/source4/heimdal/lib/krb5/krb5-private.h
index 8e2ebcf43e..ef47bd1e26 100644
--- a/source4/heimdal/lib/krb5/krb5-private.h
+++ b/source4/heimdal/lib/krb5/krb5-private.h
@@ -340,14 +340,6 @@ _krb5_put_int (
 	unsigned long /*value*/,
 	size_t /*size*/);
 
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_rd_rep_type (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	const krb5_data */*inbuf*/,
-	krb5_ap_rep_enc_part **/*repl*/,
-	krb5_boolean /*dce_style_response*/);
-
 int
 _krb5_send_and_recv_tcp (
 	int /*fd*/,
diff --git a/source4/heimdal/lib/krb5/krb5-protos.h b/source4/heimdal/lib/krb5/krb5-protos.h
index 97f286b83e..8db553e6e3 100644
--- a/source4/heimdal/lib/krb5/krb5-protos.h
+++ b/source4/heimdal/lib/krb5/krb5-protos.h
@@ -20,15 +20,6 @@ extern "C" {
 #endif
 #endif
 
-void
-initialize_heim_error_table_r (struct et_list **/*list*/);
-
-void
-initialize_k524_error_table_r (struct et_list **/*list*/);
-
-void
-initialize_krb5_error_table_r (struct et_list **/*list*/);
-
 krb5_error_code KRB5_LIB_FUNCTION
 krb524_convert_creds_kdc (
 	krb5_context /*context*/,
@@ -706,7 +697,7 @@ krb5_error_code KRB5_LIB_FUNCTION
 krb5_change_password (
 	krb5_context /*context*/,
 	krb5_creds */*creds*/,
-	char */*newpw*/,
+	const char */*newpw*/,
 	int */*result_code*/,
 	krb5_data */*result_code_string*/,
 	krb5_data */*result_string*/);
@@ -2629,7 +2620,7 @@ krb5_rd_req_return_keyblock (
 	krb5_keytab /*keytab*/,
 	krb5_flags */*ap_req_options*/,
 	krb5_ticket **/*ticket*/,
-	krb5_keyblock **/*keyblock*/);
+	krb5_keyblock **/*return_keyblock*/);
 
 krb5_error_code KRB5_LIB_FUNCTION
 krb5_rd_req_with_keyblock (
@@ -2854,7 +2845,7 @@ krb5_error_code KRB5_LIB_FUNCTION
 krb5_set_password (
 	krb5_context /*context*/,
 	krb5_creds */*creds*/,
-	char */*newpw*/,
+	const char */*newpw*/,
 	krb5_principal /*targprinc*/,
 	int */*result_code*/,
 	krb5_data */*result_code_string*/,
@@ -2864,7 +2855,7 @@ krb5_error_code KRB5_LIB_FUNCTION
 krb5_set_password_using_ccache (
 	krb5_context /*context*/,
 	krb5_ccache /*ccache*/,
-	char */*newpw*/,
+	const char */*newpw*/,
 	krb5_principal /*targprinc*/,
 	int */*result_code*/,
 	krb5_data */*result_code_string*/,
diff --git a/source4/heimdal/lib/krb5/pkinit.c b/source4/heimdal/lib/krb5/pkinit.c
index 69f72d7b88..7ac1436f6e 100755
--- a/source4/heimdal/lib/krb5/pkinit.c
+++ b/source4/heimdal/lib/krb5/pkinit.c
@@ -33,7 +33,7 @@
 
 #include "krb5_locl.h"
 
-RCSID("$Id: pkinit.c,v 1.59 2005/08/12 08:53:00 lha Exp $");
+RCSID("$Id: pkinit.c,v 1.62 2005/09/20 23:21:36 lha Exp $");
 
 #ifdef PKINIT
 
@@ -867,10 +867,11 @@ _krb5_pk_mk_padata(krb5_context context,
 	if (ret)
 	    goto out;
     } else {
+#if 0
 	ret = pk_mk_padata(context, COMPAT_19, ctx, req_body, nonce, md);
 	if (ret)
 	    goto out;
-
+#endif
 	ret = pk_mk_padata(context, COMPAT_27, ctx, req_body, nonce, md);
 	if (ret)
 	    goto out;
@@ -1143,7 +1144,7 @@ _krb5_pk_verify_sign(krb5_context context,
     EVP_PKEY *public_key;
     krb5_error_code ret;
     EVP_MD_CTX md;
-    X509 *cert;
+    X509 *cert = NULL;
     SignedData sd;
     size_t size;
     
@@ -1187,7 +1188,6 @@ _krb5_pk_verify_sign(krb5_context context,
 	set.len = sd.certificates->len;
 
 	ret = cert_to_X509(context, &set, &certificates);
-	free_CertificateSet(&set);
     }
     if (ret) {
 	krb5_set_error_string(context,
@@ -1860,10 +1860,13 @@ _krb5_pk_rd_pa_reply(krb5_context context,
 	    return ret;
 	default:
 	    free_PA_PK_AS_REP(&rep);
-	    krb5_set_error_string(context, "PKINIT: -25 reply "
+	    krb5_set_error_string(context, "PKINIT: -27 reply "
 				  "invalid content type");
+	    ret = EINVAL;
 	    break;
 	}
+	if (ret == 0)
+	    return ret;
     }
 
     /* Check for PK-INIT -19 */
@@ -1911,7 +1914,7 @@ _krb5_pk_rd_pa_reply(krb5_context context,
 					&w2krep,
 					&size);
 	if (ret) {
-	    krb5_set_error_string(context, "PKINIT: Failed decoding windows"
+	    krb5_set_error_string(context, "PKINIT: Failed decoding windows "
 				  "pkinit reply %d", ret);
 	    return ret;
 	}
author	Andrew Bartlett <abartlet@samba.org>	2005-09-21 12:24:41 +0000
committer	Gerald (Jerry) Carter <jerry@samba.org>	2007-10-10 13:38:38 -0500
commit	c44efdaa2242f50d75dd5b800e372dd5586c6deb (patch)
tree	543da228fe555b91b60bcd796e723b7c9628b3f6 /source4/heimdal/lib/krb5
parent	8f334f69b5d5fcae4a7b2b70e18b7062c46c719e (diff)
download	samba-c44efdaa2242f50d75dd5b800e372dd5586c6deb.tar.gz samba-c44efdaa2242f50d75dd5b800e372dd5586c6deb.tar.bz2 samba-c44efdaa2242f50d75dd5b800e372dd5586c6deb.zip