s4:heimdal: import lorikeet-heimdal-200907162216 (commit d09910d6803aad96b52ee626327ee55b14ea0de8)

This includes in particular changes to the KDC to resolve bug 6272,
originally by Matthieu Patou <mat+Informatique.Samba@matws.net>.  We
need to sort the AuthorizationData elements to put the PAC first, or
else WinXP breaks when browsed from Win2k8.

Andrew Bartlett

6 files changed, 60 insertions, 23 deletions

diff --git a/source4/heimdal/kdc/krb5tgs.c b/source4/heimdal/kdc/krb5tgs.c
index 6b98506e81..635eb27e75 100644
--- a/source4/heimdal/kdc/krb5tgs.c
+++ b/source4/heimdal/kdc/krb5tgs.c
@@ -805,17 +805,34 @@ tgs_make_reply(krb5_context context,
     et.flags.hw_authent  = tgt->flags.hw_authent;
     et.flags.anonymous   = tgt->flags.anonymous;
     et.flags.ok_as_delegate = server->entry.flags.ok_as_delegate;
+
+    if(rspac->length) {
+	/*
+	 * No not need to filter out the any PAC from the
+	 * auth_data since it's signed by the KDC.
+	 */
+	ret = _kdc_tkt_add_if_relevant_ad(context, &et,
+					  KRB5_AUTHDATA_WIN2K_PAC, rspac);
+	if (ret)
+	    goto out;
+    }
 	
     if (auth_data) {
-	/* XXX Check enc-authorization-data */
-	et.authorization_data = calloc(1, sizeof(*et.authorization_data));
+	unsigned int i = 0;
+
+	/* XXX check authdata */
 	if (et.authorization_data == NULL) {
 	    ret = ENOMEM;
+	    krb5_set_error_message(context, ret, "malloc: out of memory");
 	    goto out;
 	}
-	ret = copy_AuthorizationData(auth_data, et.authorization_data);
-	if (ret)
-	    goto out;
+	for(i = 0; i < auth_data->len ; i++) {
+	    ret = add_AuthorizationData(et.authorization_data, &auth_data->val[i]);
+	    if (ret) {
+		krb5_set_error_message(context, ret, "malloc: out of memory");
+		goto out;
+	    }
+	}
 
 	/* Filter out type KRB5SignedPath */
 	ret = find_KRB5SignedPath(context, et.authorization_data, NULL);
@@ -832,18 +849,6 @@ tgs_make_reply(krb5_context context,
 	}
     }
 
-    if(rspac->length) {
-	/*
-	 * No not need to filter out the any PAC from the
-	 * auth_data since it's signed by the KDC.
-	 */
-	ret = _kdc_tkt_add_if_relevant_ad(context, &et,
-					  KRB5_AUTHDATA_WIN2K_PAC,
-					  rspac);
-	if (ret)
-	    goto out;
-    }
-
     ret = krb5_copy_keyblock_contents(context, sessionkey, &et.key);
     if (ret)
 	goto out;
diff --git a/source4/heimdal/lib/gssapi/gssapi/gssapi.h b/source4/heimdal/lib/gssapi/gssapi/gssapi.h
index 07c4b36325..91141808f5 100644
--- a/source4/heimdal/lib/gssapi/gssapi/gssapi.h
+++ b/source4/heimdal/lib/gssapi/gssapi/gssapi.h
@@ -54,7 +54,13 @@
 #endif
 
 #ifndef GSSAPI_DEPRECATED
+#if defined(__GNUC__) && ((__GNUC__ > 3) || ((__GNUC__ == 3) && (__GNUC_MINOR__ >= 1 )))
 #define GSSAPI_DEPRECATED __attribute__((deprecated))
+#elif defined(_MSC_VER)
+#define GSSAPI_DEPRECATED __declspec(deprecated)
+#else
+#define GSSAPI_DEPRECATED
+#endif
 #endif
 
 /*
diff --git a/source4/heimdal/lib/hcrypto/des.h b/source4/heimdal/lib/hcrypto/des.h
index 14402d4b1c..99eb76c818 100644
--- a/source4/heimdal/lib/hcrypto/des.h
+++ b/source4/heimdal/lib/hcrypto/des.h
@@ -84,12 +84,14 @@ typedef struct DES_key_schedule
  *
  */
 
-#if !defined(__GNUC__) && !defined(__attribute__)
-#define __attribute__(x)
-#endif
-
 #ifndef HC_DEPRECATED
+#if defined(__GNUC__) && ((__GNUC__ > 3) || ((__GNUC__ == 3) && (__GNUC_MINOR__ >= 1 )))
 #define HC_DEPRECATED __attribute__((deprecated))
+#elif defined(_MSC_VER) && (_MSC_VER>1200) 
+#define HC_DEPRECATED __declspec(deprecated)
+#else
+#define HC_DEPRECATED
+#endif
 #endif
 
 #ifdef __cplusplus
diff --git a/source4/heimdal/lib/hcrypto/evp.h b/source4/heimdal/lib/hcrypto/evp.h
index a7c8fac900..0086a06960 100644
--- a/source4/heimdal/lib/hcrypto/evp.h
+++ b/source4/heimdal/lib/hcrypto/evp.h
@@ -190,10 +190,17 @@ struct hc_evp_md {
 #endif
 
 #ifndef HC_DEPRECATED
+#if defined(__GNUC__) && ((__GNUC__ > 3) || ((__GNUC__ == 3) && (__GNUC_MINOR__ >= 1 )))
 #define HC_DEPRECATED __attribute__((deprecated))
+#elif defined(_MSC_VER) && (_MSC_VER>1200) 
+#define HC_DEPRECATED __declspec(deprecated)
+#else
+#define HC_DEPRECATED
 #endif
+#endif
+
 #ifndef HC_DEPRECATED_CRYPTO
-#define HC_DEPRECATED_CRYPTO __attribute__((deprecated))
+#define HC_DEPRECATED_CRYPTO HC_DEPRECATED
 #endif
 
 
diff --git a/source4/heimdal/lib/krb5/krb5.h b/source4/heimdal/lib/krb5/krb5.h
index 13dafacf21..1f2e769728 100644
--- a/source4/heimdal/lib/krb5/krb5.h
+++ b/source4/heimdal/lib/krb5/krb5.h
@@ -52,7 +52,13 @@
 #endif
 
 #ifndef KRB5_DEPRECATED
+#if defined(__GNUC__) && ((__GNUC__ > 3) || ((__GNUC__ == 3) && (__GNUC_MINOR__ >= 1 )))
 #define KRB5_DEPRECATED __attribute__((deprecated))
+#elif defined(_MSC_VER) && (_MSC_VER>1200) 
+#define KRB5_DEPRECATED __declspec(deprecated)
+#else
+#define KRB5_DEPRECATED
+#endif
 #endif
 
 /* simple constants */
diff --git a/source4/heimdal/lib/krb5/log.c b/source4/heimdal/lib/krb5/log.c
index 31d267320f..ee5c1159b1 100644
--- a/source4/heimdal/lib/krb5/log.c
+++ b/source4/heimdal/lib/krb5/log.c
@@ -32,6 +32,7 @@
  */
 
 #include "krb5_locl.h"
+#include <vis.h>
 
 struct facility {
     int min;
@@ -218,11 +219,21 @@ log_file(const char *timestr,
 	 void *data)
 {
     struct file_data *f = data;
+    char *msgclean;
+    size_t len = strlen(msg) + 1;
     if(f->keep_open == 0)
 	f->fd = fopen(f->filename, f->mode);
     if(f->fd == NULL)
 	return;
-    fprintf(f->fd, "%s %s\n", timestr, msg);
+    /* make sure the log doesn't contain special chars */
+    len *= 4;
+    msgclean = malloc(len);
+    if (msgclean == NULL)
+	goto out;
+    strvisx(rk_UNCONST(msg), msgclean, len, VIS_OCTAL);
+    fprintf(f->fd, "%s %s\n", timestr, msgclean);
+    free(msgclean);
+ out:
     if(f->keep_open == 0) {
 	fclose(f->fd);
 	f->fd = NULL;