summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2011-07-15 09:10:30 +0200
committerStefan Metzmacher <metze@samba.org>2011-07-15 11:15:05 +0200
commit255e3e18e00f717d99f3bc57c8a8895ff624f3c3 (patch)
treea2933c88f38e8dd7fe612be8dd458d05918b1f15 /source4
parent70da27838bb3f6ed9c36add06ce0ccdf467ab1c3 (diff)
downloadsamba-255e3e18e00f717d99f3bc57c8a8895ff624f3c3.tar.gz
samba-255e3e18e00f717d99f3bc57c8a8895ff624f3c3.tar.bz2
samba-255e3e18e00f717d99f3bc57c8a8895ff624f3c3.zip
s4:heimdal: import lorikeet-heimdal-201107150856 (commit 48936803fae4a2fb362c79365d31f420c917b85b)
Diffstat (limited to 'source4')
-rw-r--r--source4/heimdal/base/baselocl.h7
-rw-r--r--source4/heimdal/base/dict.c4
-rw-r--r--source4/heimdal/base/heimbase.c2
-rw-r--r--source4/heimdal/base/heimbase.h18
-rw-r--r--source4/heimdal/cf/make-proto.pl48
-rw-r--r--source4/heimdal/include/heim_threads.h28
-rw-r--r--source4/heimdal/kdc/default_config.c74
-rw-r--r--source4/heimdal/kdc/digest.c142
-rw-r--r--source4/heimdal/kdc/kdc.h16
-rw-r--r--source4/heimdal/kdc/kerberos5.c236
-rw-r--r--source4/heimdal/kdc/krb5tgs.c104
-rw-r--r--source4/heimdal/kdc/kx509.c4
-rw-r--r--source4/heimdal/kdc/log.c10
-rw-r--r--source4/heimdal/kdc/misc.c39
-rw-r--r--source4/heimdal/kdc/pkinit.c115
-rw-r--r--source4/heimdal/kdc/process.c18
-rw-r--r--source4/heimdal/kdc/windc.c10
-rw-r--r--source4/heimdal/kdc/windc_plugin.h6
-rw-r--r--source4/heimdal/kpasswd/kpasswd.c15
-rw-r--r--source4/heimdal/kuser/kinit.c66
-rw-r--r--source4/heimdal/lib/asn1/asn1-common.h2
-rw-r--r--source4/heimdal/lib/asn1/asn1parse.c4
-rw-r--r--source4/heimdal/lib/asn1/asn1parse.y4
-rw-r--r--source4/heimdal/lib/asn1/der_cmp.c4
-rw-r--r--source4/heimdal/lib/asn1/der_format.c2
-rw-r--r--source4/heimdal/lib/asn1/der_get.c4
-rw-r--r--source4/heimdal/lib/asn1/der_length.c2
-rw-r--r--source4/heimdal/lib/asn1/der_put.c3
-rw-r--r--source4/heimdal/lib/asn1/extra.c4
-rw-r--r--source4/heimdal/lib/asn1/gen.c6
-rw-r--r--source4/heimdal/lib/asn1/gen_decode.c38
-rw-r--r--source4/heimdal/lib/asn1/gen_encode.c19
-rw-r--r--source4/heimdal/lib/asn1/gen_free.c4
-rw-r--r--source4/heimdal/lib/asn1/gen_template.c22
-rw-r--r--source4/heimdal/lib/asn1/krb5.asn150
-rw-r--r--source4/heimdal/lib/asn1/lex.c4
-rw-r--r--source4/heimdal/lib/asn1/lex.l4
-rw-r--r--source4/heimdal/lib/asn1/main.c2
-rw-r--r--source4/heimdal/lib/asn1/test.asn13
-rw-r--r--source4/heimdal/lib/asn1/timegm.c21
-rw-r--r--source4/heimdal/lib/com_err/compile_et.c4
-rw-r--r--source4/heimdal/lib/com_err/error.c2
-rw-r--r--source4/heimdal/lib/com_err/parse.c2
-rw-r--r--source4/heimdal/lib/com_err/parse.y2
-rw-r--r--source4/heimdal/lib/gssapi/gssapi/gssapi.h98
-rw-r--r--source4/heimdal/lib/gssapi/gssapi/gssapi_oid.h7
-rw-r--r--source4/heimdal/lib/gssapi/gssapi_mech.h59
-rw-r--r--source4/heimdal/lib/gssapi/krb5/8003.c2
-rw-r--r--source4/heimdal/lib/gssapi/krb5/accept_sec_context.c70
-rw-r--r--source4/heimdal/lib/gssapi/krb5/acquire_cred.c153
-rw-r--r--source4/heimdal/lib/gssapi/krb5/add_cred.c31
-rw-r--r--source4/heimdal/lib/gssapi/krb5/aeap.c10
-rw-r--r--source4/heimdal/lib/gssapi/krb5/arcfour.c14
-rwxr-xr-xsource4/heimdal/lib/gssapi/krb5/cfx.c12
-rw-r--r--source4/heimdal/lib/gssapi/krb5/compat.c2
-rw-r--r--source4/heimdal/lib/gssapi/krb5/context_time.c2
-rw-r--r--source4/heimdal/lib/gssapi/krb5/copy_ccache.c2
-rw-r--r--source4/heimdal/lib/gssapi/krb5/creds.c8
-rw-r--r--source4/heimdal/lib/gssapi/krb5/encapsulate.c4
-rw-r--r--source4/heimdal/lib/gssapi/krb5/external.c21
-rw-r--r--source4/heimdal/lib/gssapi/krb5/import_name.c4
-rw-r--r--source4/heimdal/lib/gssapi/krb5/init_sec_context.c36
-rw-r--r--source4/heimdal/lib/gssapi/krb5/inquire_cred.c4
-rw-r--r--source4/heimdal/lib/gssapi/krb5/inquire_names_for_mech.c2
-rw-r--r--source4/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c53
-rw-r--r--source4/heimdal/lib/gssapi/krb5/prf.c24
-rw-r--r--source4/heimdal/lib/gssapi/krb5/process_context_token.c3
-rw-r--r--source4/heimdal/lib/gssapi/krb5/sequence.c4
-rw-r--r--source4/heimdal/lib/gssapi/krb5/set_cred_option.c4
-rw-r--r--source4/heimdal/lib/gssapi/krb5/set_sec_context_option.c7
-rw-r--r--source4/heimdal/lib/gssapi/krb5/store_cred.c2
-rw-r--r--source4/heimdal/lib/gssapi/krb5/unwrap.c3
-rw-r--r--source4/heimdal/lib/gssapi/krb5/verify_mic.c8
-rw-r--r--source4/heimdal/lib/gssapi/krb5/wrap.c2
-rw-r--r--source4/heimdal/lib/gssapi/mech/cred.h16
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_accept_sec_context.c16
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_acquire_cred.c2
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_add_cred.c2
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_add_oid_set_member.c2
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_aeap.c6
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_buffer_set.c2
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_canonicalize_name.c2
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_cred.c4
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_decapsulate_token.c6
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_display_status.c2
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_duplicate_name.c8
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_encapsulate_token.c6
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_export_sec_context.c2
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_import_name.c18
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_import_sec_context.c2
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_indicate_mechs.c4
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_init_sec_context.c2
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_inquire_context.c8
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_inquire_cred_by_oid.c2
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_krb5.c16
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_mech_switch.c100
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_mo.c351
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_names.c2
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_oid.c150
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_oid_equal.c2
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_release_name.c2
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_set_cred_option.c6
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_test_oid_set_member.c2
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_wrap_size_limit.c2
-rw-r--r--source4/heimdal/lib/gssapi/mech/mech_locl.h1
-rw-r--r--source4/heimdal/lib/gssapi/spnego/accept_sec_context.c44
-rw-r--r--source4/heimdal/lib/gssapi/spnego/compat.c6
-rw-r--r--source4/heimdal/lib/gssapi/spnego/context_stubs.c4
-rw-r--r--source4/heimdal/lib/gssapi/spnego/cred_stubs.c2
-rw-r--r--source4/heimdal/lib/gssapi/spnego/external.c17
-rw-r--r--source4/heimdal/lib/gssapi/spnego/init_sec_context.c6
-rw-r--r--source4/heimdal/lib/gssapi/spnego/spnego_locl.h2
-rw-r--r--source4/heimdal/lib/gssapi/version-script.map12
-rw-r--r--source4/heimdal/lib/hcrypto/camellia-ntt.c4
-rw-r--r--source4/heimdal/lib/hcrypto/des.c6
-rw-r--r--source4/heimdal/lib/hcrypto/des.h2
-rw-r--r--source4/heimdal/lib/hcrypto/dh-ltm.c6
-rw-r--r--source4/heimdal/lib/hcrypto/dh.c4
-rw-r--r--source4/heimdal/lib/hcrypto/engine.c4
-rw-r--r--source4/heimdal/lib/hcrypto/evp.c6
-rw-r--r--source4/heimdal/lib/hcrypto/evp.h2
-rw-r--r--source4/heimdal/lib/hcrypto/libtommath/bn_fast_mp_invmod.c6
-rw-r--r--source4/heimdal/lib/hcrypto/libtommath/bn_fast_s_mp_mul_digs.c16
-rw-r--r--source4/heimdal/lib/hcrypto/libtommath/bn_fast_s_mp_mul_high_digs.c6
-rw-r--r--source4/heimdal/lib/hcrypto/libtommath/bn_fast_s_mp_sqr.c10
-rw-r--r--source4/heimdal/lib/hcrypto/libtommath/bn_mp_2expt.c2
-rw-r--r--source4/heimdal/lib/hcrypto/libtommath/bn_mp_abs.c2
-rw-r--r--source4/heimdal/lib/hcrypto/libtommath/bn_mp_clamp.c2
-rw-r--r--source4/heimdal/lib/hcrypto/libtommath/bn_mp_clear_multi.c2
-rw-r--r--source4/heimdal/lib/hcrypto/libtommath/bn_mp_cmp.c2
-rw-r--r--source4/heimdal/lib/hcrypto/libtommath/bn_mp_cmp_mag.c2
-rw-r--r--source4/heimdal/lib/hcrypto/libtommath/bn_mp_cnt_lsb.c2
-rw-r--r--source4/heimdal/lib/hcrypto/libtommath/bn_mp_count_bits.c2
-rw-r--r--source4/heimdal/lib/hcrypto/libtommath/bn_mp_div.c32
-rw-r--r--source4/heimdal/lib/hcrypto/libtommath/bn_mp_div_3.c6
-rw-r--r--source4/heimdal/lib/hcrypto/libtommath/bn_mp_div_d.c10
-rw-r--r--source4/heimdal/lib/hcrypto/libtommath/bn_mp_dr_setup.c2
-rw-r--r--source4/heimdal/lib/hcrypto/libtommath/bn_mp_exch.c2
-rw-r--r--source4/heimdal/lib/hcrypto/libtommath/bn_mp_exptmod.c4
-rw-r--r--source4/heimdal/lib/hcrypto/libtommath/bn_mp_exptmod_fast.c6
-rw-r--r--source4/heimdal/lib/hcrypto/libtommath/bn_mp_exteuclid.c2
-rw-r--r--source4/heimdal/lib/hcrypto/libtommath/bn_mp_find_prime.c4
-rw-r--r--source4/heimdal/lib/hcrypto/libtommath/bn_mp_fread.c12
-rw-r--r--source4/heimdal/lib/hcrypto/libtommath/bn_mp_fwrite.c8
-rw-r--r--source4/heimdal/lib/hcrypto/libtommath/bn_mp_gcd.c8
-rw-r--r--source4/heimdal/lib/hcrypto/libtommath/bn_mp_get_int.c4
-rw-r--r--source4/heimdal/lib/hcrypto/libtommath/bn_mp_init_multi.c8
-rw-r--r--source4/heimdal/lib/hcrypto/libtommath/bn_mp_init_size.c4
-rw-r--r--source4/heimdal/lib/hcrypto/libtommath/bn_mp_invmod.c4
-rw-r--r--source4/heimdal/lib/hcrypto/libtommath/bn_mp_invmod_slow.c6
-rw-r--r--source4/heimdal/lib/hcrypto/libtommath/bn_mp_is_square.c8
-rw-r--r--source4/heimdal/lib/hcrypto/libtommath/bn_mp_isprime.c4
-rw-r--r--source4/heimdal/lib/hcrypto/libtommath/bn_mp_karatsuba_mul.c34
-rw-r--r--source4/heimdal/lib/hcrypto/libtommath/bn_mp_karatsuba_sqr.c6
-rw-r--r--source4/heimdal/lib/hcrypto/libtommath/bn_mp_mul.c12
-rw-r--r--source4/heimdal/lib/hcrypto/libtommath/bn_mp_mul_2.c20
-rw-r--r--source4/heimdal/lib/hcrypto/libtommath/bn_mp_mul_2d.c2
-rw-r--r--source4/heimdal/lib/hcrypto/libtommath/bn_mp_n_root.c24
-rw-r--r--source4/heimdal/lib/hcrypto/libtommath/bn_mp_prime_fermat.c2
-rw-r--r--source4/heimdal/lib/hcrypto/libtommath/bn_mp_prime_is_divisible.c2
-rw-r--r--source4/heimdal/lib/hcrypto/libtommath/bn_mp_prime_miller_rabin.c6
-rw-r--r--source4/heimdal/lib/hcrypto/libtommath/bn_mp_prime_next_prime.c2
-rw-r--r--source4/heimdal/lib/hcrypto/libtommath/bn_mp_prime_random_ex.c10
-rw-r--r--source4/heimdal/lib/hcrypto/libtommath/bn_mp_radix_size.c2
-rw-r--r--source4/heimdal/lib/hcrypto/libtommath/bn_mp_read_radix.c12
-rw-r--r--source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce.c12
-rw-r--r--source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_2k.c16
-rw-r--r--source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_2k_l.c18
-rw-r--r--source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_2k_setup.c8
-rw-r--r--source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_2k_setup_l.c8
-rw-r--r--source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_is_2k.c4
-rw-r--r--source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_is_2k_l.c4
-rw-r--r--source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_setup.c2
-rw-r--r--source4/heimdal/lib/hcrypto/libtommath/bn_mp_rshd.c6
-rw-r--r--source4/heimdal/lib/hcrypto/libtommath/bn_mp_set_int.c2
-rw-r--r--source4/heimdal/lib/hcrypto/libtommath/bn_mp_sqr.c8
-rw-r--r--source4/heimdal/lib/hcrypto/libtommath/bn_mp_sqrt.c6
-rw-r--r--source4/heimdal/lib/hcrypto/libtommath/bn_mp_toom_mul.c70
-rw-r--r--source4/heimdal/lib/hcrypto/libtommath/bn_mp_toradix_n.c6
-rw-r--r--source4/heimdal/lib/hcrypto/libtommath/bn_s_mp_add.c4
-rw-r--r--source4/heimdal/lib/hcrypto/libtommath/bn_s_mp_exptmod.c16
-rw-r--r--source4/heimdal/lib/hcrypto/libtommath/bn_s_mp_mul_digs.c8
-rw-r--r--source4/heimdal/lib/hcrypto/libtommath/bn_s_mp_sqr.c2
-rw-r--r--source4/heimdal/lib/hcrypto/libtommath/bncore.c6
-rw-r--r--source4/heimdal/lib/hcrypto/libtommath/mtest/mpi-config.h2
-rw-r--r--source4/heimdal/lib/hcrypto/libtommath/mtest/mpi.c150
-rw-r--r--source4/heimdal/lib/hcrypto/libtommath/tommath.h18
-rw-r--r--source4/heimdal/lib/hcrypto/libtommath/tommath_superclass.h4
-rw-r--r--source4/heimdal/lib/hcrypto/pkcs12.c2
-rw-r--r--source4/heimdal/lib/hcrypto/rand-egd.c4
-rw-r--r--source4/heimdal/lib/hcrypto/rc2.c2
-rw-r--r--source4/heimdal/lib/hcrypto/rsa-ltm.c2
-rw-r--r--source4/heimdal/lib/hcrypto/rsa.c12
-rw-r--r--source4/heimdal/lib/hcrypto/sha256.c2
-rw-r--r--source4/heimdal/lib/hcrypto/sha512.c2
-rw-r--r--source4/heimdal/lib/hcrypto/ui.c6
-rw-r--r--source4/heimdal/lib/hcrypto/validate.c6
-rw-r--r--source4/heimdal/lib/hdb/dbinfo.c2
-rw-r--r--source4/heimdal/lib/hdb/ext.c20
-rw-r--r--source4/heimdal/lib/hdb/hdb-keytab.c2
-rw-r--r--source4/heimdal/lib/hdb/hdb.c12
-rw-r--r--source4/heimdal/lib/hdb/hdb.h4
-rw-r--r--source4/heimdal/lib/hdb/keys.c16
-rw-r--r--source4/heimdal/lib/hdb/keytab.c48
-rw-r--r--source4/heimdal/lib/hdb/mkey.c18
-rw-r--r--source4/heimdal/lib/hx509/ca.c10
-rw-r--r--source4/heimdal/lib/hx509/cert.c115
-rw-r--r--source4/heimdal/lib/hx509/char_map.h64
-rw-r--r--source4/heimdal/lib/hx509/cms.c48
-rw-r--r--source4/heimdal/lib/hx509/collector.c11
-rw-r--r--source4/heimdal/lib/hx509/crypto.c97
-rw-r--r--source4/heimdal/lib/hx509/file.c8
-rw-r--r--source4/heimdal/lib/hx509/keyset.c15
-rw-r--r--source4/heimdal/lib/hx509/ks_dir.c4
-rw-r--r--source4/heimdal/lib/hx509/ks_file.c26
-rw-r--r--source4/heimdal/lib/hx509/ks_keychain.c14
-rw-r--r--source4/heimdal/lib/hx509/ks_mem.c2
-rw-r--r--source4/heimdal/lib/hx509/ks_p11.c32
-rw-r--r--source4/heimdal/lib/hx509/ks_p12.c20
-rw-r--r--source4/heimdal/lib/hx509/lock.c2
-rw-r--r--source4/heimdal/lib/hx509/name.c52
-rw-r--r--source4/heimdal/lib/hx509/print.c31
-rw-r--r--source4/heimdal/lib/hx509/revoke.c56
-rw-r--r--source4/heimdal/lib/hx509/sel.c6
-rw-r--r--source4/heimdal/lib/hx509/sel.h2
-rw-r--r--source4/heimdal/lib/hx509/test_name.c2
-rw-r--r--source4/heimdal/lib/krb5/acache.c18
-rw-r--r--source4/heimdal/lib/krb5/addr_families.c159
-rw-r--r--source4/heimdal/lib/krb5/appdefault.c2
-rw-r--r--source4/heimdal/lib/krb5/auth_context.c2
-rw-r--r--source4/heimdal/lib/krb5/build_auth.c8
-rw-r--r--source4/heimdal/lib/krb5/cache.c26
-rw-r--r--source4/heimdal/lib/krb5/changepw.c18
-rw-r--r--source4/heimdal/lib/krb5/codec.c34
-rw-r--r--source4/heimdal/lib/krb5/config_file.c34
-rw-r--r--source4/heimdal/lib/krb5/context.c186
-rw-r--r--source4/heimdal/lib/krb5/convert_creds.c6
-rw-r--r--source4/heimdal/lib/krb5/creds.c2
-rw-r--r--source4/heimdal/lib/krb5/crypto-des.c4
-rw-r--r--source4/heimdal/lib/krb5/crypto-des3.c2
-rw-r--r--source4/heimdal/lib/krb5/crypto-evp.c4
-rw-r--r--source4/heimdal/lib/krb5/crypto-pk.c23
-rw-r--r--source4/heimdal/lib/krb5/crypto.c47
-rw-r--r--source4/heimdal/lib/krb5/error_string.c2
-rw-r--r--source4/heimdal/lib/krb5/expand_path.c16
-rw-r--r--source4/heimdal/lib/krb5/fcache.c70
-rw-r--r--source4/heimdal/lib/krb5/get_addrs.c42
-rw-r--r--source4/heimdal/lib/krb5/get_cred.c63
-rw-r--r--source4/heimdal/lib/krb5/get_default_principal.c2
-rw-r--r--source4/heimdal/lib/krb5/get_for_creds.c10
-rw-r--r--source4/heimdal/lib/krb5/get_host_realm.c2
-rw-r--r--source4/heimdal/lib/krb5/get_in_tkt.c31
-rw-r--r--source4/heimdal/lib/krb5/heim_err.et1
-rw-r--r--source4/heimdal/lib/krb5/init_creds.c8
-rw-r--r--source4/heimdal/lib/krb5/init_creds_pw.c55
-rw-r--r--source4/heimdal/lib/krb5/kcm.c36
-rw-r--r--source4/heimdal/lib/krb5/keyblock.c2
-rw-r--r--source4/heimdal/lib/krb5/keytab.c73
-rw-r--r--source4/heimdal/lib/krb5/keytab_file.c17
-rw-r--r--source4/heimdal/lib/krb5/keytab_keyfile.c8
-rw-r--r--source4/heimdal/lib/krb5/krb5.h91
-rw-r--r--source4/heimdal/lib/krb5/krb5_locl.h13
-rw-r--r--source4/heimdal/lib/krb5/krbhst.c8
-rw-r--r--source4/heimdal/lib/krb5/log.c2
-rw-r--r--source4/heimdal/lib/krb5/mcache.c4
-rw-r--r--source4/heimdal/lib/krb5/misc.c45
-rw-r--r--source4/heimdal/lib/krb5/mit_glue.c6
-rw-r--r--source4/heimdal/lib/krb5/mk_error.c5
-rw-r--r--source4/heimdal/lib/krb5/mk_priv.c2
-rw-r--r--source4/heimdal/lib/krb5/mk_rep.c2
-rw-r--r--source4/heimdal/lib/krb5/n-fold.c2
-rw-r--r--source4/heimdal/lib/krb5/pac.c15
-rw-r--r--source4/heimdal/lib/krb5/padata.c4
-rw-r--r--source4/heimdal/lib/krb5/pkinit.c128
-rw-r--r--source4/heimdal/lib/krb5/plugin.c24
-rw-r--r--source4/heimdal/lib/krb5/principal.c20
-rw-r--r--source4/heimdal/lib/krb5/rd_cred.c15
-rw-r--r--source4/heimdal/lib/krb5/rd_rep.c2
-rw-r--r--source4/heimdal/lib/krb5/rd_req.c32
-rw-r--r--source4/heimdal/lib/krb5/replay.c4
-rw-r--r--source4/heimdal/lib/krb5/salt-arcfour.c2
-rw-r--r--source4/heimdal/lib/krb5/salt-des.c6
-rw-r--r--source4/heimdal/lib/krb5/salt.c3
-rw-r--r--source4/heimdal/lib/krb5/send_to_kdc.c14
-rw-r--r--source4/heimdal/lib/krb5/store-int.c2
-rw-r--r--source4/heimdal/lib/krb5/store-int.h1
-rw-r--r--source4/heimdal/lib/krb5/store.c115
-rw-r--r--source4/heimdal/lib/krb5/store_emem.c13
-rw-r--r--source4/heimdal/lib/krb5/store_fd.c3
-rw-r--r--source4/heimdal/lib/krb5/store_mem.c10
-rw-r--r--source4/heimdal/lib/krb5/ticket.c10
-rw-r--r--source4/heimdal/lib/krb5/transited.c63
-rw-r--r--source4/heimdal/lib/krb5/version-script.map6
-rw-r--r--source4/heimdal/lib/krb5/warn.c4
-rw-r--r--source4/heimdal/lib/ntlm/ntlm.c16
-rw-r--r--source4/heimdal/lib/roken/dumpdata.c2
-rw-r--r--source4/heimdal/lib/roken/get_window_size.c73
-rw-r--r--source4/heimdal/lib/roken/getarg.c22
-rw-r--r--source4/heimdal/lib/roken/hex.c5
-rw-r--r--source4/heimdal/lib/roken/parse_units.c4
-rw-r--r--source4/heimdal/lib/roken/resolve.c12
-rw-r--r--source4/heimdal/lib/roken/rkpty.c6
-rw-r--r--source4/heimdal/lib/roken/roken.h.in19
-rw-r--r--source4/heimdal/lib/roken/roken_gethostby.c9
-rw-r--r--source4/heimdal/lib/roken/socket.c2
-rw-r--r--source4/heimdal/lib/roken/strsep_copy.c2
-rw-r--r--source4/heimdal/lib/roken/version-script.map4
-rw-r--r--source4/heimdal/lib/vers/print_version.c4
-rw-r--r--source4/heimdal/lib/wind/ldap.c4
-rw-r--r--source4/heimdal/lib/wind/normalize.c2
-rw-r--r--source4/heimdal/lib/wind/stringprep.c2
-rw-r--r--source4/heimdal/lib/wind/utf8.c10
312 files changed, 3559 insertions, 2505 deletions
diff --git a/source4/heimdal/base/baselocl.h b/source4/heimdal/base/baselocl.h
index b3c81b9460..901e8606fd 100644
--- a/source4/heimdal/base/baselocl.h
+++ b/source4/heimdal/base/baselocl.h
@@ -35,6 +35,13 @@
#include "config.h"
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SELECT_H
+#include <sys/select.h>
+#endif
+
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
diff --git a/source4/heimdal/base/dict.c b/source4/heimdal/base/dict.c
index 7522c8c1c4..1f9d71a0f5 100644
--- a/source4/heimdal/base/dict.c
+++ b/source4/heimdal/base/dict.c
@@ -77,7 +77,7 @@ struct heim_type_data dict_object = {
static size_t
isprime(size_t p)
{
- int q, i;
+ size_t q, i;
for(i = 2 ; i < p; i++) {
q = p / i;
@@ -120,7 +120,7 @@ heim_dict_create(size_t size)
heim_release(dict);
return NULL;
}
-
+
dict->tab = calloc(dict->size, sizeof(dict->tab[0]));
if (dict->tab == NULL) {
dict->size = 0;
diff --git a/source4/heimdal/base/heimbase.c b/source4/heimdal/base/heimbase.c
index 01668716a3..7031af9e49 100644
--- a/source4/heimdal/base/heimbase.c
+++ b/source4/heimdal/base/heimbase.c
@@ -369,7 +369,7 @@ void
heim_abortv(const char *fmt, va_list ap)
{
static char str[1024];
-
+
vsnprintf(str, sizeof(str), fmt, ap);
syslog(LOG_ERR, "heim_abort: %s", str);
abort();
diff --git a/source4/heimdal/base/heimbase.h b/source4/heimdal/base/heimbase.h
index d1ca5aa899..ad1b3f0c48 100644
--- a/source4/heimdal/base/heimbase.h
+++ b/source4/heimdal/base/heimbase.h
@@ -48,6 +48,22 @@ typedef heim_object_t heim_null_t;
#define HEIM_BASE_ONCE_INIT 0
typedef long heim_base_once_t; /* XXX arch dependant */
+#if !defined(__has_extension)
+#define __has_extension(x) 0
+#endif
+
+#define HEIM_REQUIRE_GNUC(m,n,p) \
+ (((__GNUC__ * 10000) + (__GNUC_MINOR__ * 100) + __GNUC_PATCHLEVEL__) >= \
+ (((m) * 10000) + ((n) * 100) + (p)))
+
+
+#if __has_extension(__builtin_expect) || HEIM_REQUIRE_GNUC(3,0,0)
+#define heim_builtin_expect(_op,_res) __builtin_expect(_op,_res)
+#else
+#define heim_builtin_expect(_op,_res) (_op)
+#endif
+
+
void * heim_retain(heim_object_t);
void heim_release(heim_object_t);
@@ -79,7 +95,7 @@ heim_abortv(const char *fmt, va_list ap)
HEIMDAL_PRINTF_ATTRIBUTE((printf, 1, 0));
#define heim_assert(e,t) \
- (__builtin_expect(!(e), 0) ? heim_abort(t ":" #e) : (void)0)
+ (heim_builtin_expect(!(e), 0) ? heim_abort(t ":" #e) : (void)0)
/*
*
diff --git a/source4/heimdal/cf/make-proto.pl b/source4/heimdal/cf/make-proto.pl
index bc323b9433..6894dc143e 100644
--- a/source4/heimdal/cf/make-proto.pl
+++ b/source4/heimdal/cf/make-proto.pl
@@ -11,6 +11,7 @@ my $line = "";
my $debug = 0;
my $oproto = 1;
my $private_func_re = "^_";
+my %depfunction = ();
Getopts('x:m:o:p:dqE:R:P:') || die "foo";
@@ -25,7 +26,7 @@ if($opt_q) {
if($opt_R) {
$private_func_re = $opt_R;
}
-%flags = (
+my %flags = (
'multiline-proto' => 1,
'header' => 1,
'function-blocking' => 0,
@@ -100,16 +101,21 @@ while(<>) {
s/^\s*//;
s/\s*$//;
s/\s+/ /g;
- if($_ =~ /\)$/ or $_ =~ /DEPRECATED$/){
+ if($_ =~ /\)$/){
if(!/^static/ && !/^PRIVATE/){
$attr = "";
if(m/(.*)(__attribute__\s?\(.*\))/) {
$attr .= " $2";
$_ = $1;
}
- if(m/(.*)\s(\w+DEPRECATED)/) {
+ if(m/(.*)\s(\w+DEPRECATED_FUNCTION)\s?(\(.*\))(.*)/) {
+ $depfunction{$2} = 1;
+ $attr .= " $2$3";
+ $_ = "$1 $4";
+ }
+ if(m/(.*)\s(\w+DEPRECATED)(.*)/) {
$attr .= " $2";
- $_ = $1;
+ $_ = "$1 $3";
}
# remove outer ()
s/\s*\(/</;
@@ -302,17 +308,44 @@ if($flags{"gnuc-attribute"}) {
";
}
}
+
+my $depstr = "";
+my $undepstr = "";
+foreach (keys %depfunction) {
+ $depstr .= "#ifndef $_
+#if defined(__GNUC__) && ((__GNUC__ > 3) || ((__GNUC__ == 3) && (__GNUC_MINOR__ >= 1 )))
+#define $_(X) __attribute__((__deprecated__))
+#else
+#define $_(X)
+#endif
+#endif
+
+
+";
+ $public_h_trailer .= "#undef $_
+
+";
+ $private_h_trailer .= "#undef $_
+#define $_(X)
+
+";
+}
+
+$public_h_header .= $depstr;
+$private_h_header .= $depstr;
+
+
if($flags{"cxx"}) {
$public_h_header .= "#ifdef __cplusplus
extern \"C\" {
#endif
";
- $public_h_trailer .= "#ifdef __cplusplus
+ $public_h_trailer = "#ifdef __cplusplus
}
#endif
-";
+" . $public_h_trailer;
}
if ($opt_E) {
@@ -348,6 +381,9 @@ if ($opt_E) {
";
}
+$public_h_trailer .= $undepstr;
+$private_h_trailer .= $undepstr;
+
if ($public_h ne "" && $flags{"header"}) {
$public_h = $public_h_header . $public_h .
$public_h_trailer . "#endif /* $block */\n";
diff --git a/source4/heimdal/include/heim_threads.h b/source4/heimdal/include/heim_threads.h
index c4f841fb61..8ff677f330 100644
--- a/source4/heimdal/include/heim_threads.h
+++ b/source4/heimdal/include/heim_threads.h
@@ -67,13 +67,13 @@
#define HEIMDAL_RWLOCK rwlock_t
#define HEIMDAL_RWLOCK_INITIALIZER RWLOCK_INITIALIZER
-#define HEIMDAL_RWLOCK_init(l) rwlock_init(l, NULL)
-#define HEIMDAL_RWLOCK_rdlock(l) rwlock_rdlock(l)
-#define HEIMDAL_RWLOCK_wrlock(l) rwlock_wrlock(l)
-#define HEIMDAL_RWLOCK_tryrdlock(l) rwlock_tryrdlock(l)
-#define HEIMDAL_RWLOCK_trywrlock(l) rwlock_trywrlock(l)
-#define HEIMDAL_RWLOCK_unlock(l) rwlock_unlock(l)
-#define HEIMDAL_RWLOCK_destroy(l) rwlock_destroy(l)
+#define HEIMDAL_RWLOCK_init(l) rwlock_init(l, NULL)
+#define HEIMDAL_RWLOCK_rdlock(l) rwlock_rdlock(l)
+#define HEIMDAL_RWLOCK_wrlock(l) rwlock_wrlock(l)
+#define HEIMDAL_RWLOCK_tryrdlock(l) rwlock_tryrdlock(l)
+#define HEIMDAL_RWLOCK_trywrlock(l) rwlock_trywrlock(l)
+#define HEIMDAL_RWLOCK_unlock(l) rwlock_unlock(l)
+#define HEIMDAL_RWLOCK_destroy(l) rwlock_destroy(l)
#define HEIMDAL_thread_key thread_key_t
#define HEIMDAL_key_create(k,d,r) do { r = thr_keycreate(k,d); } while(0)
@@ -94,13 +94,13 @@
#define HEIMDAL_RWLOCK rwlock_t
#define HEIMDAL_RWLOCK_INITIALIZER RWLOCK_INITIALIZER
-#define HEIMDAL_RWLOCK_init(l) pthread_rwlock_init(l, NULL)
-#define HEIMDAL_RWLOCK_rdlock(l) pthread_rwlock_rdlock(l)
-#define HEIMDAL_RWLOCK_wrlock(l) pthread_rwlock_wrlock(l)
-#define HEIMDAL_RWLOCK_tryrdlock(l) pthread_rwlock_tryrdlock(l)
-#define HEIMDAL_RWLOCK_trywrlock(l) pthread_rwlock_trywrlock(l)
-#define HEIMDAL_RWLOCK_unlock(l) pthread_rwlock_unlock(l)
-#define HEIMDAL_RWLOCK_destroy(l) pthread_rwlock_destroy(l)
+#define HEIMDAL_RWLOCK_init(l) pthread_rwlock_init(l, NULL)
+#define HEIMDAL_RWLOCK_rdlock(l) pthread_rwlock_rdlock(l)
+#define HEIMDAL_RWLOCK_wrlock(l) pthread_rwlock_wrlock(l)
+#define HEIMDAL_RWLOCK_tryrdlock(l) pthread_rwlock_tryrdlock(l)
+#define HEIMDAL_RWLOCK_trywrlock(l) pthread_rwlock_trywrlock(l)
+#define HEIMDAL_RWLOCK_unlock(l) pthread_rwlock_unlock(l)
+#define HEIMDAL_RWLOCK_destroy(l) pthread_rwlock_destroy(l)
#define HEIMDAL_thread_key pthread_key_t
#define HEIMDAL_key_create(k,d,r) do { r = pthread_key_create(k,d); } while(0)
diff --git a/source4/heimdal/kdc/default_config.c b/source4/heimdal/kdc/default_config.c
index 1441c3161e..fe977ded5a 100644
--- a/source4/heimdal/kdc/default_config.c
+++ b/source4/heimdal/kdc/default_config.c
@@ -51,14 +51,14 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
c->require_preauth = TRUE;
c->kdc_warn_pwexpire = 0;
c->encode_as_rep_as_tgs_rep = FALSE;
+ c->as_use_strongest_session_key = FALSE;
+ c->preauth_use_strongest_session_key = FALSE;
+ c->tgs_use_strongest_session_key = FALSE;
+ c->use_strongest_server_key = FALSE;
c->check_ticket_addresses = TRUE;
c->allow_null_ticket_addresses = TRUE;
c->allow_anonymous = FALSE;
c->trpolicy = TRPOLICY_ALWAYS_CHECK;
- c->enable_v4 = FALSE;
- c->enable_kaserver = FALSE;
- c->enable_524 = FALSE;
- c->enable_v4_cross_realm = FALSE;
c->enable_pkinit = FALSE;
c->pkinit_princ_in_cert = TRUE;
c->pkinit_require_binding = TRUE;
@@ -70,19 +70,6 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
krb5_config_get_bool_default(context, NULL,
c->require_preauth,
"kdc", "require-preauth", NULL);
- c->enable_v4 =
- krb5_config_get_bool_default(context, NULL,
- c->enable_v4,
- "kdc", "enable-kerberos4", NULL);
- c->enable_v4_cross_realm =
- krb5_config_get_bool_default(context, NULL,
- c->enable_v4_cross_realm,
- "kdc",
- "enable-kerberos4-cross-realm", NULL);
- c->enable_524 =
- krb5_config_get_bool_default(context, NULL,
- c->enable_v4,
- "kdc", "enable-524", NULL);
#ifdef DIGEST
c->enable_digest =
krb5_config_get_bool_default(context, NULL,
@@ -133,6 +120,27 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
}
#endif
+ c->as_use_strongest_session_key =
+ krb5_config_get_bool_default(context, NULL,
+ c->as_use_strongest_session_key,
+ "kdc",
+ "as-use-strongest-session-key", NULL);
+ c->preauth_use_strongest_session_key =
+ krb5_config_get_bool_default(context, NULL,
+ c->preauth_use_strongest_session_key,
+ "kdc",
+ "preauth-use-strongest-session-key", NULL);
+ c->tgs_use_strongest_session_key =
+ krb5_config_get_bool_default(context, NULL,
+ c->tgs_use_strongest_session_key,
+ "kdc",
+ "tgs-use-strongest-session-key", NULL);
+ c->use_strongest_server_key =
+ krb5_config_get_bool_default(context, NULL,
+ c->use_strongest_server_key,
+ "kdc",
+ "use-strongest-server-key", NULL);
+
c->check_ticket_addresses =
krb5_config_get_bool_default(context, NULL,
c->check_ticket_addresses,
@@ -180,28 +188,6 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
}
}
- {
- const char *p;
- p = krb5_config_get_string (context, NULL,
- "kdc",
- "v4-realm",
- NULL);
- if(p != NULL) {
- c->v4_realm = strdup(p);
- if (c->v4_realm == NULL)
- krb5_errx(context, 1, "out of memory");
- } else {
- c->v4_realm = NULL;
- }
- }
-
- c->enable_kaserver =
- krb5_config_get_bool_default(context,
- NULL,
- c->enable_kaserver,
- "kdc", "enable-kaserver", NULL);
-
-
c->encode_as_rep_as_tgs_rep =
krb5_config_get_bool_default(context, NULL,
c->encode_as_rep_as_tgs_rep,
@@ -223,7 +209,7 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
NULL);
- c->pkinit_kdc_identity =
+ c->pkinit_kdc_identity =
krb5_config_get_string(context, NULL,
"kdc", "pkinit_identity", NULL);
c->pkinit_kdc_anchors =
@@ -235,7 +221,7 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
c->pkinit_kdc_revoke =
krb5_config_get_strings(context, NULL,
"kdc", "pkinit_revoke", NULL);
- c->pkinit_kdc_ocsp_file =
+ c->pkinit_kdc_ocsp_file =
krb5_config_get_string(context, NULL,
"kdc", "pkinit_kdc_ocsp", NULL);
c->pkinit_kdc_friendly_name =
@@ -272,7 +258,7 @@ krb5_kdc_pkinit_config(krb5_context context, krb5_kdc_configuration *config)
if (config->pkinit_kdc_identity == NULL) {
if (config->pkinit_kdc_friendly_name == NULL)
- config->pkinit_kdc_friendly_name =
+ config->pkinit_kdc_friendly_name =
strdup("O=System Identity,CN=com.apple.kerberos.kdc");
config->pkinit_kdc_identity = strdup("KEYCHAIN:");
}
@@ -284,7 +270,7 @@ krb5_kdc_pkinit_config(krb5_context context, krb5_kdc_configuration *config)
if (config->enable_pkinit) {
if (config->pkinit_kdc_identity == NULL)
krb5_errx(context, 1, "pkinit enabled but no identity");
-
+
if (config->pkinit_kdc_anchors == NULL)
krb5_errx(context, 1, "pkinit enabled but no X509 anchors");
@@ -298,4 +284,4 @@ krb5_kdc_pkinit_config(krb5_context context, krb5_kdc_configuration *config)
return 0;
#endif /* PKINIT */
-}
+}
diff --git a/source4/heimdal/kdc/digest.c b/source4/heimdal/kdc/digest.c
index 70b45c2af6..5f0d27441a 100644
--- a/source4/heimdal/kdc/digest.c
+++ b/source4/heimdal/kdc/digest.c
@@ -257,7 +257,7 @@ _kdc_do_digest(krb5_context context,
/* check the server principal in the ticket matches digest/R@R */
{
krb5_principal principal = NULL;
- const char *p, *r;
+ const char *p, *rr;
ret = krb5_ticket_get_server(context, ticket, &principal);
if (ret)
@@ -280,12 +280,12 @@ _kdc_do_digest(krb5_context context,
krb5_free_principal(context, principal);
goto out;
}
- r = krb5_principal_get_realm(context, principal);
- if (r == NULL) {
+ rr = krb5_principal_get_realm(context, principal);
+ if (rr == NULL) {
krb5_free_principal(context, principal);
goto out;
}
- if (strcmp(p, r) != 0) {
+ if (strcmp(p, rr) != 0) {
krb5_free_principal(context, principal);
goto out;
}
@@ -356,7 +356,7 @@ _kdc_do_digest(krb5_context context,
crypto = NULL;
if (ret)
goto out;
-
+
ret = decode_DigestReqInner(buf.data, buf.length, &ireq, NULL);
krb5_data_free(&buf);
if (ret) {
@@ -419,7 +419,7 @@ _kdc_do_digest(krb5_context context,
free(r.u.initReply.nonce);
r.u.initReply.nonce = s;
}
-
+
ret = krb5_store_stringz(sp, r.u.initReply.nonce);
if (ret) {
krb5_clear_error_message(context);
@@ -475,7 +475,7 @@ _kdc_do_digest(krb5_context context,
krb5_data_free(&buf);
if (ret)
goto out;
-
+
ASN1_MALLOC_ENCODE(Checksum, buf.data, buf.length, &res, &size, ret);
free_Checksum(&res);
if (ret) {
@@ -547,7 +547,7 @@ _kdc_do_digest(krb5_context context,
"Failed to decode digest Checksum");
goto out;
}
-
+
ret = krb5_storage_to_data(sp, &buf);
if (ret) {
krb5_clear_error_message(context);
@@ -561,14 +561,14 @@ _kdc_do_digest(krb5_context context,
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out;
}
-
+
/*
* CHAP does the checksum of the raw nonce, but do it for all
* types, since we need to check the timestamp.
*/
{
ssize_t ssize;
-
+
ssize = hex_decode(ireq.u.digestRequest.serverNonce,
serverNonce.data, serverNonce.length);
if (ssize <= 0) {
@@ -597,7 +597,7 @@ _kdc_do_digest(krb5_context context,
{
unsigned char *p = serverNonce.data;
uint32_t t;
-
+
if (serverNonce.length < 4) {
ret = EINVAL;
krb5_set_error_message(context, ret, "server nonce too short");
@@ -616,7 +616,7 @@ _kdc_do_digest(krb5_context context,
EVP_MD_CTX *ctx;
unsigned char md[MD5_DIGEST_LENGTH];
char *mdx;
- char id;
+ char idx;
if ((config->digests_allowed & CHAP_MD5) == 0) {
kdc_log(context, config, 0, "Digest CHAP MD5 not allowed");
@@ -629,13 +629,13 @@ _kdc_do_digest(krb5_context context,
"from CHAP request");
goto out;
}
-
- if (hex_decode(*ireq.u.digestRequest.identifier, &id, 1) != 1) {
+
+ if (hex_decode(*ireq.u.digestRequest.identifier, &idx, 1) != 1) {
ret = EINVAL;
krb5_set_error_message(context, ret, "failed to decode identifier");
goto out;
}
-
+
ret = get_password_entry(context, config,
ireq.u.digestRequest.username,
&password);
@@ -645,7 +645,7 @@ _kdc_do_digest(krb5_context context,
ctx = EVP_MD_CTX_create();
EVP_DigestInit_ex(ctx, EVP_md5(), NULL);
- EVP_DigestUpdate(ctx, &id, 1);
+ EVP_DigestUpdate(ctx, &idx, 1);
EVP_DigestUpdate(ctx, password, strlen(password));
EVP_DigestUpdate(ctx, serverNonce.data, serverNonce.length);
EVP_DigestFinal_ex(ctx, md, NULL);
@@ -691,7 +691,7 @@ _kdc_do_digest(krb5_context context,
goto out;
if (ireq.u.digestRequest.realm == NULL)
goto out;
-
+
ret = get_password_entry(context, config,
ireq.u.digestRequest.username,
&password);
@@ -709,7 +709,7 @@ _kdc_do_digest(krb5_context context,
EVP_DigestUpdate(ctx, ":", 1);
EVP_DigestUpdate(ctx, password, strlen(password));
EVP_DigestFinal_ex(ctx, md, NULL);
-
+
EVP_DigestInit_ex(ctx, EVP_md5(), NULL);
EVP_DigestUpdate(ctx, md, sizeof(md));
EVP_DigestUpdate(ctx, ":", 1);
@@ -731,19 +731,19 @@ _kdc_do_digest(krb5_context context,
EVP_MD_CTX_destroy(ctx);
goto failed;
}
-
+
EVP_DigestInit_ex(ctx, EVP_md5(), NULL);
EVP_DigestUpdate(ctx,
"AUTHENTICATE:", sizeof("AUTHENTICATE:") - 1);
EVP_DigestUpdate(ctx, *ireq.u.digestRequest.uri,
strlen(*ireq.u.digestRequest.uri));
-
+
/* conf|int */
if (strcmp(ireq.u.digestRequest.digest, "clear") != 0) {
static char conf_zeros[] = ":00000000000000000000000000000000";
EVP_DigestUpdate(ctx, conf_zeros, sizeof(conf_zeros) - 1);
}
-
+
EVP_DigestFinal_ex(ctx, md, NULL);
hex_encode(md, sizeof(md), &A2);
@@ -804,7 +804,7 @@ _kdc_do_digest(krb5_context context,
const char *username;
struct ntlm_buf answer;
Key *key = NULL;
- EVP_MD_CTX *ctx;
+ EVP_MD_CTX *ctp;
if ((config->digests_allowed & MS_CHAP_V2) == 0) {
kdc_log(context, config, 0, "MS-CHAP-V2 not allowed");
@@ -816,7 +816,7 @@ _kdc_do_digest(krb5_context context,
krb5_set_error_message(context, ret,
"MS-CHAP-V2 clientNonce missing");
goto failed;
- }
+ }
if (serverNonce.length != 16) {
ret = EINVAL;
krb5_set_error_message(context, ret,
@@ -831,21 +831,21 @@ _kdc_do_digest(krb5_context context,
else
username++;
- ctx = EVP_MD_CTX_create();
+ ctp = EVP_MD_CTX_create();
/* ChallangeHash */
- EVP_DigestInit_ex(ctx, EVP_sha1(), NULL);
+ EVP_DigestInit_ex(ctp, EVP_sha1(), NULL);
{
ssize_t ssize;
krb5_data clientNonce;
-
+
clientNonce.length = strlen(*ireq.u.digestRequest.clientNonce);
clientNonce.data = malloc(clientNonce.length);
if (clientNonce.data == NULL) {
ret = ENOMEM;
krb5_set_error_message(context, ret,
"malloc: out of memory");
- EVP_MD_CTX_destroy(ctx);
+ EVP_MD_CTX_destroy(ctp);
goto out;
}
@@ -855,24 +855,24 @@ _kdc_do_digest(krb5_context context,
ret = ENOMEM;
krb5_set_error_message(context, ret,
"Failed to decode clientNonce");
- EVP_MD_CTX_destroy(ctx);
+ EVP_MD_CTX_destroy(ctp);
goto out;
}
- EVP_DigestUpdate(ctx, clientNonce.data, ssize);
+ EVP_DigestUpdate(ctp, clientNonce.data, ssize);
free(clientNonce.data);
}
- EVP_DigestUpdate(ctx, serverNonce.data, serverNonce.length);
- EVP_DigestUpdate(ctx, username, strlen(username));
+ EVP_DigestUpdate(ctp, serverNonce.data, serverNonce.length);
+ EVP_DigestUpdate(ctp, username, strlen(username));
- EVP_DigestFinal_ex(ctx, challange, NULL);
+ EVP_DigestFinal_ex(ctp, challange, NULL);
- EVP_MD_CTX_destroy(ctx);
+ EVP_MD_CTX_destroy(ctp);
/* NtPasswordHash */
ret = krb5_parse_name(context, username, &clientprincipal);
if (ret)
goto failed;
-
+
ret = _kdc_db_fetch(context, config, clientprincipal,
HDB_F_GET_CLIENT, NULL, NULL, &user);
krb5_free_principal(context, clientprincipal);
@@ -900,7 +900,7 @@ _kdc_do_digest(krb5_context context,
krb5_set_error_message(context, ret, "NTLM missing arcfour key");
goto failed;
}
-
+
hex_encode(answer.data, answer.length, &mdx);
if (mdx == NULL) {
free(answer.data);
@@ -923,39 +923,39 @@ _kdc_do_digest(krb5_context context,
if (r.u.response.success) {
unsigned char hashhash[MD4_DIGEST_LENGTH];
- EVP_MD_CTX *ctx;
+ EVP_MD_CTX *ctxp;
- ctx = EVP_MD_CTX_create();
+ ctxp = EVP_MD_CTX_create();
/* hashhash */
{
- EVP_DigestInit_ex(ctx, EVP_md4(), NULL);
- EVP_DigestUpdate(ctx,
+ EVP_DigestInit_ex(ctxp, EVP_md4(), NULL);
+ EVP_DigestUpdate(ctxp,
key->key.keyvalue.data,
key->key.keyvalue.length);
- EVP_DigestFinal_ex(ctx, hashhash, NULL);
+ EVP_DigestFinal_ex(ctxp, hashhash, NULL);
}
/* GenerateAuthenticatorResponse */
- EVP_DigestInit_ex(ctx, EVP_sha1(), NULL);
- EVP_DigestUpdate(ctx, hashhash, sizeof(hashhash));
- EVP_DigestUpdate(ctx, answer.data, answer.length);
- EVP_DigestUpdate(ctx, ms_chap_v2_magic1,
+ EVP_DigestInit_ex(ctxp, EVP_sha1(), NULL);
+ EVP_DigestUpdate(ctxp, hashhash, sizeof(hashhash));
+ EVP_DigestUpdate(ctxp, answer.data, answer.length);
+ EVP_DigestUpdate(ctxp, ms_chap_v2_magic1,
sizeof(ms_chap_v2_magic1));
- EVP_DigestFinal_ex(ctx, md, NULL);
+ EVP_DigestFinal_ex(ctxp, md, NULL);
- EVP_DigestInit_ex(ctx, EVP_sha1(), NULL);
- EVP_DigestUpdate(ctx, md, sizeof(md));
- EVP_DigestUpdate(ctx, challange, 8);
- EVP_DigestUpdate(ctx, ms_chap_v2_magic2,
+ EVP_DigestInit_ex(ctxp, EVP_sha1(), NULL);
+ EVP_DigestUpdate(ctxp, md, sizeof(md));
+ EVP_DigestUpdate(ctxp, challange, 8);
+ EVP_DigestUpdate(ctxp, ms_chap_v2_magic2,
sizeof(ms_chap_v2_magic2));
- EVP_DigestFinal_ex(ctx, md, NULL);
+ EVP_DigestFinal_ex(ctxp, md, NULL);
r.u.response.rsp = calloc(1, sizeof(*r.u.response.rsp));
if (r.u.response.rsp == NULL) {
free(answer.data);
krb5_clear_error_message(context);
- EVP_MD_CTX_destroy(ctx);
+ EVP_MD_CTX_destroy(ctxp);
ret = ENOMEM;
goto out;
}
@@ -964,22 +964,22 @@ _kdc_do_digest(krb5_context context,
if (r.u.response.rsp == NULL) {
free(answer.data);
krb5_clear_error_message(context);
- EVP_MD_CTX_destroy(ctx);
+ EVP_MD_CTX_destroy(ctxp);
ret = ENOMEM;
goto out;
}
/* get_master, rfc 3079 3.4 */
- EVP_DigestInit_ex(ctx, EVP_sha1(), NULL);
- EVP_DigestUpdate(ctx, hashhash, 16);
- EVP_DigestUpdate(ctx, answer.data, answer.length);
- EVP_DigestUpdate(ctx, ms_rfc3079_magic1,
+ EVP_DigestInit_ex(ctxp, EVP_sha1(), NULL);
+ EVP_DigestUpdate(ctxp, hashhash, 16);
+ EVP_DigestUpdate(ctxp, answer.data, answer.length);
+ EVP_DigestUpdate(ctxp, ms_rfc3079_magic1,
sizeof(ms_rfc3079_magic1));
- EVP_DigestFinal_ex(ctx, md, NULL);
+ EVP_DigestFinal_ex(ctxp, md, NULL);
free(answer.data);
- EVP_MD_CTX_destroy(ctx);
+ EVP_MD_CTX_destroy(ctxp);
r.u.response.session_key =
calloc(1, sizeof(*r.u.response.session_key));
@@ -1101,7 +1101,7 @@ _kdc_do_digest(krb5_context context,
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out;
}
-
+
ret = krb5_storage_write(sp, r.u.ntlmInitReply.challange.data, 8);
if (ret != 8) {
ret = ENOMEM;
@@ -1143,7 +1143,7 @@ _kdc_do_digest(krb5_context context,
uint32_t flags;
Key *key = NULL;
int version;
-
+
r.element = choice_DigestRepInner_ntlmResponse;
r.u.ntlmResponse.success = 0;
r.u.ntlmResponse.flags = 0;
@@ -1187,7 +1187,7 @@ _kdc_do_digest(krb5_context context,
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out;
}
-
+
ret = krb5_storage_read(sp, challange, sizeof(challange));
if (ret != sizeof(challange)) {
ret = ENOMEM;
@@ -1266,7 +1266,7 @@ _kdc_do_digest(krb5_context context,
if (flags & NTLM_NEG_NTLM2_SESSION) {
unsigned char sessionhash[MD5_DIGEST_LENGTH];
EVP_MD_CTX *ctx;
-
+
if ((config->digests_allowed & NTLM_V1_SESSION) == 0) {
kdc_log(context, config, 0, "NTLM v1-session not allowed");
ret = EINVAL;
@@ -1279,7 +1279,7 @@ _kdc_do_digest(krb5_context context,
"for NTLM session key");
goto failed;
}
-
+
ctx = EVP_MD_CTX_create();
EVP_DigestInit_ex(ctx, EVP_md5(), NULL);
@@ -1297,7 +1297,7 @@ _kdc_do_digest(krb5_context context,
goto failed;
}
}
-
+
ret = heim_ntlm_calculate_ntlm1(key->key.keyvalue.data,
key->key.keyvalue.length,
challange, &answer);
@@ -1305,7 +1305,7 @@ _kdc_do_digest(krb5_context context,
krb5_set_error_message(context, ret, "NTLM missing arcfour key");
goto failed;
}
-
+
if (ireq.u.ntlmRequest.ntlm.length != answer.length ||
memcmp(ireq.u.ntlmRequest.ntlm.data, answer.data, answer.length) != 0)
{
@@ -1335,7 +1335,7 @@ _kdc_do_digest(krb5_context context,
unsigned char masterkey[MD4_DIGEST_LENGTH];
EVP_CIPHER_CTX rc4;
size_t len;
-
+
if ((flags & NTLM_NEG_KEYEX) == 0) {
ret = EINVAL;
krb5_set_error_message(context, ret,
@@ -1343,7 +1343,7 @@ _kdc_do_digest(krb5_context context,
"exchange but still sent key");
goto failed;
}
-
+
len = ireq.u.ntlmRequest.sessionkey->length;
if (len != sizeof(masterkey)){
ret = EINVAL;
@@ -1352,7 +1352,7 @@ _kdc_do_digest(krb5_context context,
(unsigned long)len);
goto failed;
}
-
+
EVP_CIPHER_CTX_init(&rc4);
EVP_CipherInit_ex(&rc4, EVP_rc4(), NULL, sessionkey, NULL, 1);
@@ -1360,7 +1360,7 @@ _kdc_do_digest(krb5_context context,
masterkey, ireq.u.ntlmRequest.sessionkey->data,
sizeof(masterkey));
EVP_CIPHER_CTX_cleanup(&rc4);
-
+
r.u.ntlmResponse.sessionkey =
malloc(sizeof(*r.u.ntlmResponse.sessionkey));
if (r.u.ntlmResponse.sessionkey == NULL) {
@@ -1368,7 +1368,7 @@ _kdc_do_digest(krb5_context context,
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out;
}
-
+
ret = krb5_data_copy(r.u.ntlmResponse.sessionkey,
masterkey, sizeof(masterkey));
if (ret) {
@@ -1415,7 +1415,7 @@ _kdc_do_digest(krb5_context context,
krb5_clear_error_message(context);
goto out;
}
-
+
kdc_log(context, config, 0, "Digest failed with: %s", s);
r.element = choice_DigestRepInner_error;
diff --git a/source4/heimdal/kdc/kdc.h b/source4/heimdal/kdc/kdc.h
index 139b5e7087..9d52fd4c2e 100644
--- a/source4/heimdal/kdc/kdc.h
+++ b/source4/heimdal/kdc/kdc.h
@@ -58,21 +58,17 @@ typedef struct krb5_kdc_configuration {
int num_db;
krb5_boolean encode_as_rep_as_tgs_rep; /* bug compatibility */
-
+
+ krb5_boolean as_use_strongest_session_key;
+ krb5_boolean preauth_use_strongest_session_key;
+ krb5_boolean tgs_use_strongest_session_key;
+ krb5_boolean use_strongest_server_key;
+
krb5_boolean check_ticket_addresses;
krb5_boolean allow_null_ticket_addresses;
krb5_boolean allow_anonymous;
enum krb5_kdc_trpolicy trpolicy;
- char *v4_realm;
- krb5_boolean enable_v4;
- krb5_boolean enable_v4_cross_realm;
- krb5_boolean enable_v4_per_principal;
-
- krb5_boolean enable_kaserver;
-
- krb5_boolean enable_524;
-
krb5_boolean enable_pkinit;
krb5_boolean pkinit_princ_in_cert;
const char *pkinit_kdc_identity;
diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c
index a437b9dbd9..4bc1619170 100644
--- a/source4/heimdal/kdc/kerberos5.c
+++ b/source4/heimdal/kdc/kerberos5.c
@@ -74,9 +74,9 @@ _kdc_find_padata(const KDC_REQ *req, int *start, int type)
if (req->padata == NULL)
return NULL;
- while(*start < req->padata->len){
+ while((size_t)*start < req->padata->len){
(*start)++;
- if(req->padata->val[*start - 1].padata_type == type)
+ if(req->padata->val[*start - 1].padata_type == (unsigned)type)
return &req->padata->val[*start - 1];
}
return NULL;
@@ -123,36 +123,103 @@ is_default_salt_p(const krb5_salt *default_salt, const Key *key)
*/
krb5_error_code
-_kdc_find_etype(krb5_context context, const hdb_entry_ex *princ,
+_kdc_find_etype(krb5_context context, krb5_boolean use_strongest_session_key,
+ krb5_boolean is_preauth, hdb_entry_ex *princ,
krb5_enctype *etypes, unsigned len,
- Key **ret_key)
+ krb5_enctype *ret_enctype, Key **ret_key)
{
- int i;
- krb5_error_code ret = KRB5KDC_ERR_ETYPE_NOSUPP;
+ krb5_error_code ret;
krb5_salt def_salt;
+ krb5_enctype enctype = ETYPE_NULL;
+ Key *key;
+ int i;
- krb5_get_pw_salt (context, princ->entry.principal, &def_salt);
+ /* We'll want to avoid keys with v4 salted keys in the pre-auth case... */
+ ret = krb5_get_pw_salt(context, princ->entry.principal, &def_salt);
+ if (ret)
+ return ret;
- for(i = 0; ret != 0 && i < len ; i++) {
- Key *key = NULL;
+ ret = KRB5KDC_ERR_ETYPE_NOSUPP;
- if (krb5_enctype_valid(context, etypes[i]) != 0 &&
- !_kdc_is_weak_exception(princ->entry.principal, etypes[i]))
- continue;
+ if (use_strongest_session_key) {
+ const krb5_enctype *p;
+ krb5_enctype clientbest = ETYPE_NULL;
+ int j;
- while (hdb_next_enctype2key(context, &princ->entry, etypes[i], &key) == 0) {
- if (key->key.keyvalue.length == 0) {
- ret = KRB5KDC_ERR_NULL_KEY;
+ /*
+ * Pick the strongest key that the KDC, target service, and
+ * client all support, using the local cryptosystem enctype
+ * list in strongest-to-weakest order to drive the search.
+ *
+ * This is not what RFC4120 says to do, but it encourages
+ * adoption of stronger enctypes. This doesn't play well with
+ * clients that have multiple Kerberos client implementations
+ * available with different supported enctype lists.
+ */
+
+ /* drive the search with local supported enctypes list */
+ p = krb5_kerberos_enctypes(context);
+ for (i = 0; p[i] != ETYPE_NULL && enctype == ETYPE_NULL; i++) {
+ if (krb5_enctype_valid(context, p[i]) != 0)
continue;
+
+ /* check that the client supports it too */
+ for (j = 0; j < len && enctype == ETYPE_NULL; j++) {
+ if (p[i] != etypes[j])
+ continue;
+ /* save best of union of { client, crypto system } */
+ if (clientbest == ETYPE_NULL)
+ clientbest = p[i];
+ /* check target princ support */
+ ret = hdb_enctype2key(context, &princ->entry, p[i], &key);
+ if (ret)
+ continue;
+ if (is_preauth && !is_default_salt_p(&def_salt, key))
+ continue;
+ enctype = p[i];
}
- *ret_key = key;
- ret = 0;
- if (is_default_salt_p(&def_salt, key)) {
- krb5_free_salt (context, def_salt);
- return ret;
+ }
+ if (clientbest != ETYPE_NULL && enctype == ETYPE_NULL)
+ enctype = clientbest;
+ else if (enctype == ETYPE_NULL)
+ ret = KRB5KDC_ERR_ETYPE_NOSUPP;
+ if (ret == 0 && ret_enctype != NULL)
+ *ret_enctype = enctype;
+ if (ret == 0 && ret_key != NULL)
+ *ret_key = key;
+ } else {
+ /*
+ * Pick the first key from the client's enctype list that is
+ * supported by the cryptosystem and by the given principal.
+ *
+ * RFC4120 says we SHOULD pick the first _strong_ key from the
+ * client's list... not the first key... If the admin disallows
+ * weak enctypes in krb5.conf and selects this key selection
+ * algorithm, then we get exactly what RFC4120 says.
+ */
+ for(key = NULL, i = 0; ret != 0 && i < len; i++, key = NULL) {
+
+ if (krb5_enctype_valid(context, etypes[i]) != 0 &&
+ !_kdc_is_weak_exception(princ->entry.principal, etypes[i]))
+ continue;
+
+ while (hdb_next_enctype2key(context, &princ->entry, etypes[i], &key) == 0) {
+ if (key->key.keyvalue.length == 0) {
+ ret = KRB5KDC_ERR_NULL_KEY;
+ continue;
+ }
+ if (ret_key != NULL)
+ *ret_key = key;
+ if (ret_enctype != NULL)
+ *ret_enctype = etypes[i];
+ ret = 0;
+ if (is_preauth && is_default_salt_p(&def_salt, key))
+ goto out;
}
}
}
+
+out:
krb5_free_salt (context, def_salt);
return ret;
}
@@ -211,8 +278,8 @@ log_patypes(krb5_context context,
{
struct rk_strpool *p = NULL;
char *str;
- int i;
-
+ size_t i;
+
for (i = 0; i < padata->len; i++) {
switch(padata->val[i].padata_type) {
case KRB5_PADATA_PK_AS_REQ:
@@ -240,7 +307,7 @@ log_patypes(krb5_context context,
}
if (p == NULL)
p = rk_strpoolprintf(p, "none");
-
+
str = rk_strpoolcollect(p);
kdc_log(context, config, 0, "Client sent patypes: %s", str);
free(str);
@@ -264,7 +331,7 @@ _kdc_encode_reply(krb5_context context,
{
unsigned char *buf;
size_t buf_size;
- size_t len;
+ size_t len = 0;
krb5_error_code ret;
krb5_crypto crypto;
@@ -614,7 +681,7 @@ log_as_req(krb5_context context,
krb5_error_code ret;
struct rk_strpool *p;
char *str;
- int i;
+ size_t i;
p = rk_strpoolprintf(NULL, "%s", "Client supported enctypes: ");
@@ -694,13 +761,13 @@ kdc_check_flags(krb5_context context,
"Client (%s) has invalid bit set", client_name);
return KRB5KDC_ERR_POLICY;
}
-
+
if(!client->flags.client){
kdc_log(context, config, 0,
"Principal may not act as client -- %s", client_name);
return KRB5KDC_ERR_POLICY;
}
-
+
if (client->valid_start && *client->valid_start > kdc_time) {
char starttime_str[100];
krb5_format_time(context, *client->valid_start,
@@ -710,7 +777,7 @@ kdc_check_flags(krb5_context context,
starttime_str, client_name);
return KRB5KDC_ERR_CLIENT_NOTYET;
}
-
+
if (client->valid_end && *client->valid_end < kdc_time) {
char endtime_str[100];
krb5_format_time(context, *client->valid_end,
@@ -720,7 +787,7 @@ kdc_check_flags(krb5_context context,
endtime_str, client_name);
return KRB5KDC_ERR_NAME_EXP;
}
-
+
if (client->pw_end && *client->pw_end < kdc_time
&& (server_ex == NULL || !server_ex->entry.flags.change_pw)) {
char pwend_str[100];
@@ -809,7 +876,7 @@ _kdc_check_addresses(krb5_context context,
krb5_address addr;
krb5_boolean result;
krb5_boolean only_netbios = TRUE;
- int i;
+ size_t i;
if(config->check_ticket_addresses == 0)
return TRUE;
@@ -976,7 +1043,7 @@ _kdc_as_rep(krb5_context context,
goto out;
}
} else if (b->kdc_options.request_anonymous) {
- kdc_log(context, config, 0,
+ kdc_log(context, config, 0,
"Request for a anonymous ticket with non "
"anonymous client name: %s", client_name);
ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
@@ -1018,59 +1085,31 @@ _kdc_as_rep(krb5_context context,
memset(&ek, 0, sizeof(ek));
/*
- * Select a session enctype from the list of the crypto systems
- * supported enctype, is supported by the client and is one of the
- * enctype of the enctype of the krbtgt.
+ * Select a session enctype from the list of the crypto system
+ * supported enctypes that is supported by the client and is one of
+ * the enctype of the enctype of the service (likely krbtgt).
*
- * The later is used as a hint what enctype all KDC are supporting
- * to make sure a newer version of KDC wont generate a session
- * enctype that and older version of a KDC in the same realm can't
+ * The latter is used as a hint of what enctypes all KDC support,
+ * to make sure a newer version of KDC won't generate a session
+ * enctype that an older version of a KDC in the same realm can't
* decrypt.
- *
- * But if the KDC admin is paranoid and doesn't want to have "no
+ */
+ ret = _kdc_find_etype(context, config->as_use_strongest_session_key, FALSE,
+ client, b->etype.val, b->etype.len, &sessionetype,
+ NULL);
+ if (ret) {
+ kdc_log(context, config, 0,
+ "Client (%s) from %s has no common enctypes with KDC "
+ "to use for the session key",
+ client_name, from);
+ goto out;
+ }
+ /*
+ * But if the KDC admin is paranoid and doesn't want to have "not
* the best" enctypes on the krbtgt, lets save the best pick from
* the client list and hope that that will work for any other
* KDCs.
*/
- {
- const krb5_enctype *p;
- krb5_enctype clientbest = ETYPE_NULL;
- int i, j;
-
- p = krb5_kerberos_enctypes(context);
-
- sessionetype = ETYPE_NULL;
-
- for (i = 0; p[i] != ETYPE_NULL && sessionetype == ETYPE_NULL; i++) {
- if (krb5_enctype_valid(context, p[i]) != 0)
- continue;
-
- for (j = 0; j < b->etype.len && sessionetype == ETYPE_NULL; j++) {
- Key *dummy;
- /* check with client */
- if (p[i] != b->etype.val[j])
- continue;
- /* save best of union of { client, crypto system } */
- if (clientbest == ETYPE_NULL)
- clientbest = p[i];
- /* check with krbtgt */
- ret = hdb_enctype2key(context, &server->entry, p[i], &dummy);
- if (ret)
- continue;
- sessionetype = p[i];
- }
- }
- /* if krbtgt had no shared keys with client, pick clients best */
- if (clientbest != ETYPE_NULL && sessionetype == ETYPE_NULL) {
- sessionetype = clientbest;
- } else if (sessionetype == ETYPE_NULL) {
- kdc_log(context, config, 0,
- "Client (%s) from %s has no common enctypes with KDC"
- "to use for the session key",
- client_name, from);
- goto out;
- }
- }
/*
* Pre-auth processing
@@ -1111,7 +1150,7 @@ _kdc_as_rep(krb5_context context,
ret = _kdc_pk_check_client(context,
config,
- clientdb,
+ clientdb,
client,
pkp,
&client_cert);
@@ -1119,7 +1158,7 @@ _kdc_as_rep(krb5_context context,
e_text = "PKINIT certificate not allowed to "
"impersonate principal";
_kdc_pk_free_client_param(context, pkp);
-
+
kdc_log(context, config, 0, "%s", e_text);
pkp = NULL;
goto out;
@@ -1148,9 +1187,9 @@ _kdc_as_rep(krb5_context context,
EncryptedData enc_data;
Key *pa_key;
char *str;
-
+
found_pa = 1;
-
+
if (b->kdc_options.request_anonymous) {
ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
kdc_log(context, config, 0, "ENC-TS doesn't support anon");
@@ -1167,7 +1206,7 @@ _kdc_as_rep(krb5_context context,
client_name);
goto out;
}
-
+
ret = hdb_enctype2key(context, &client->entry,
enc_data.etype, &pa_key);
if(ret){
@@ -1256,7 +1295,7 @@ _kdc_as_rep(krb5_context context,
free_PA_ENC_TS_ENC(&p);
if (abs(kdc_time - p.patimestamp) > context->max_skew) {
char client_time[100];
-
+
krb5_format_time(context, p.patimestamp,
client_time, sizeof(client_time), TRUE);
@@ -1353,8 +1392,9 @@ _kdc_as_rep(krb5_context context,
/*
* If there is a client key, send ETYPE_INFO{,2}
*/
- ret = _kdc_find_etype(context, client, b->etype.val, b->etype.len,
- &ckey);
+ ret = _kdc_find_etype(context,
+ config->preauth_use_strongest_session_key, TRUE,
+ client, b->etype.val, b->etype.len, NULL, &ckey);
if (ret == 0) {
/*
@@ -1384,7 +1424,7 @@ _kdc_as_rep(krb5_context context,
goto out;
}
}
-
+
ASN1_MALLOC_ENCODE(METHOD_DATA, buf, len, &method_data, &len, ret);
free_METHOD_DATA(&method_data);
@@ -1401,7 +1441,7 @@ _kdc_as_rep(krb5_context context,
}
if (clientdb->hdb_auth_status)
- (clientdb->hdb_auth_status)(context, clientdb, client,
+ (clientdb->hdb_auth_status)(context, clientdb, client,
HDB_AUTH_SUCCESS);
/*
@@ -1503,7 +1543,7 @@ _kdc_as_rep(krb5_context context,
{
time_t start;
time_t t;
-
+
start = et.authtime = kdc_time;
if(f.postdated && req->req_body.from){
@@ -1663,8 +1703,8 @@ _kdc_as_rep(krb5_context context,
PA_ClientCanonicalized canon;
krb5_data data;
PA_DATA pa;
- krb5_crypto crypto;
- size_t len;
+ krb5_crypto cryptox;
+ size_t len = 0;
memset(&canon, 0, sizeof(canon));
@@ -1679,21 +1719,21 @@ _kdc_as_rep(krb5_context context,
krb5_abortx(context, "internal asn.1 error");
/* sign using "returned session key" */
- ret = krb5_crypto_init(context, &et.key, 0, &crypto);
+ ret = krb5_crypto_init(context, &et.key, 0, &cryptox);
if (ret) {
free(data.data);
goto out;
}
- ret = krb5_create_checksum(context, crypto,
+ ret = krb5_create_checksum(context, cryptox,
KRB5_KU_CANONICALIZED_NAMES, 0,
data.data, data.length,
&canon.canon_checksum);
free(data.data);
- krb5_crypto_destroy(context, crypto);
+ krb5_crypto_destroy(context, cryptox);
if (ret)
goto out;
-
+
ASN1_MALLOC_ENCODE(PA_ClientCanonicalized, data.data, data.length,
&canon, &len, ret);
free_Checksum(&canon.canon_checksum);
@@ -1826,7 +1866,7 @@ _kdc_tkt_add_if_relevant_ad(krb5_context context,
const krb5_data *data)
{
krb5_error_code ret;
- size_t size;
+ size_t size = 0;
if (tkt->authorization_data == NULL) {
tkt->authorization_data = calloc(1, sizeof(*tkt->authorization_data));
@@ -1835,7 +1875,7 @@ _kdc_tkt_add_if_relevant_ad(krb5_context context,
return ENOMEM;
}
}
-
+
/* add the entry to the last element */
{
AuthorizationData ad = { 0, NULL };
@@ -1863,7 +1903,7 @@ _kdc_tkt_add_if_relevant_ad(krb5_context context,
}
if (ade.ad_data.length != size)
krb5_abortx(context, "internal asn.1 encoder error");
-
+
ret = add_AuthorizationData(tkt->authorization_data, &ade);
der_free_octet_string(&ade.ad_data);
if (ret) {
diff --git a/source4/heimdal/kdc/krb5tgs.c b/source4/heimdal/kdc/krb5tgs.c
index 55d5d09ede..92cce5759f 100644
--- a/source4/heimdal/kdc/krb5tgs.c
+++ b/source4/heimdal/kdc/krb5tgs.c
@@ -64,7 +64,7 @@ find_KRB5SignedPath(krb5_context context,
AuthorizationData child;
krb5_error_code ret;
int pos;
-
+
if (ad == NULL || ad->len == 0)
return KRB5KDC_ERR_PADATA_TYPE_NOSUPP;
@@ -113,7 +113,7 @@ _kdc_add_KRB5SignedPath(krb5_context context,
KRB5SignedPath sp;
krb5_data data;
krb5_crypto crypto = NULL;
- size_t size;
+ size_t size = 0;
if (server && principals) {
ret = add_Principals(principals, server);
@@ -123,12 +123,12 @@ _kdc_add_KRB5SignedPath(krb5_context context,
{
KRB5SignedPathData spd;
-
+
spd.client = client;
spd.authtime = tkt->authtime;
spd.delegated = principals;
spd.method_data = NULL;
-
+
ASN1_MALLOC_ENCODE(KRB5SignedPathData, data.data, data.length,
&spd, &size, ret);
if (ret)
@@ -203,7 +203,7 @@ check_KRB5SignedPath(krb5_context context,
if (ret == 0) {
KRB5SignedPathData spd;
KRB5SignedPath sp;
- size_t size;
+ size_t size = 0;
ret = decode_KRB5SignedPath(data.data, data.length, &sp, NULL);
krb5_data_free(&data);
@@ -357,7 +357,7 @@ check_PAC(krb5_context context,
server_sign_key, krbtgt_sign_key, rspac);
}
krb5_pac_free(context, pac);
-
+
return ret;
}
}
@@ -376,7 +376,7 @@ check_tgs_flags(krb5_context context,
KDC_REQ_BODY *b, const EncTicketPart *tgt, EncTicketPart *et)
{
KDCOptions f = b->kdc_options;
-
+
if(f.validate){
if(!tgt->flags.invalid || tgt->starttime == NULL){
kdc_log(context, config, 0,
@@ -415,7 +415,7 @@ check_tgs_flags(krb5_context context,
}
if(tgt->flags.forwarded)
et->flags.forwarded = 1;
-
+
if(f.proxiable){
if(!tgt->flags.proxiable){
kdc_log(context, config, 0,
@@ -485,7 +485,7 @@ check_tgs_flags(krb5_context context,
et->endtime = *et->starttime + old_life;
if (et->renew_till != NULL)
et->endtime = min(*et->renew_till, et->endtime);
- }
+ }
#if 0
/* checks for excess flags */
@@ -512,7 +512,7 @@ check_constrained_delegation(krb5_context context,
{
const HDB_Ext_Constrained_delegation_acl *acl;
krb5_error_code ret;
- int i;
+ size_t i;
/*
* constrained_delegation (S4U2Proxy) only works within
@@ -541,7 +541,7 @@ check_constrained_delegation(krb5_context context,
krb5_clear_error_message(context);
return ret;
}
-
+
if (acl) {
for (i = 0; i < acl->len; i++) {
if (krb5_principal_compare(context, target, &acl->val[i]) == TRUE)
@@ -623,7 +623,7 @@ fix_transited_encoding(krb5_context context,
krb5_error_code ret = 0;
char **realms, **tmp;
unsigned int num_realms;
- int i;
+ size_t i;
switch (tr->tr_type) {
case DOMAIN_X500_COMPRESS:
@@ -843,7 +843,7 @@ tgs_make_reply(krb5_context context,
renew = min(renew, *server->entry.max_renew);
*et.renew_till = et.authtime + renew;
}
-
+
if(et.renew_till){
*et.renew_till = min(*et.renew_till, *tgt->renew_till);
*et.starttime = min(*et.starttime, *et.renew_till);
@@ -877,7 +877,7 @@ tgs_make_reply(krb5_context context,
if (ret)
goto out;
}
-
+
if (auth_data) {
unsigned int i = 0;
@@ -919,7 +919,7 @@ tgs_make_reply(krb5_context context,
goto out;
et.crealm = tgt_name->realm;
et.cname = tgt_name->name;
-
+
ek.key = et.key;
/* MIT must have at least one last_req */
ek.last_req.len = 1;
@@ -1021,7 +1021,7 @@ tgs_check_authenticator(krb5_context context,
krb5_keyblock *key)
{
krb5_authenticator auth;
- size_t len;
+ size_t len = 0;
unsigned char *buf;
size_t buf_size;
krb5_error_code ret;
@@ -1048,7 +1048,7 @@ tgs_check_authenticator(krb5_context context,
ret = KRB5KRB_AP_ERR_INAPP_CKSUM;
goto out;
}
-
+
/* XXX should not re-encode this */
ASN1_MALLOC_ENCODE(KDC_REQ_BODY, buf, buf_size, b, &len, ret);
if(ret){
@@ -1107,7 +1107,7 @@ find_rpath(krb5_context context, Realm crealm, Realm srealm)
NULL);
return new_realm;
}
-
+
static krb5_boolean
need_referral(krb5_context context, krb5_kdc_configuration *config,
@@ -1148,6 +1148,7 @@ tgs_parse_request(krb5_context context,
krb5_keyblock **replykey,
int *rk_is_subkey)
{
+ static char failed[] = "<unparse_name failed>";
krb5_ap_req ap_req;
krb5_error_code ret;
krb5_principal princ;
@@ -1191,7 +1192,7 @@ tgs_parse_request(krb5_context context,
char *p;
ret = krb5_unparse_name(context, princ, &p);
if (ret != 0)
- p = "<unparse_name failed>";
+ p = failed;
krb5_free_principal(context, princ);
kdc_log(context, config, 5, "Ticket-granting ticket account %s does not have secrets at this KDC, need to proxy", p);
if (ret == 0)
@@ -1203,7 +1204,7 @@ tgs_parse_request(krb5_context context,
char *p;
ret = krb5_unparse_name(context, princ, &p);
if (ret != 0)
- p = "<unparse_name failed>";
+ p = failed;
krb5_free_principal(context, princ);
kdc_log(context, config, 0,
"Ticket-granting ticket not found in database: %s", msg);
@@ -1215,13 +1216,13 @@ tgs_parse_request(krb5_context context,
}
if(ap_req.ticket.enc_part.kvno &&
- *ap_req.ticket.enc_part.kvno != (*krbtgt)->entry.kvno){
+ (unsigned int)*ap_req.ticket.enc_part.kvno != (*krbtgt)->entry.kvno){
char *p;
ret = krb5_unparse_name (context, princ, &p);
krb5_free_principal(context, princ);
if (ret != 0)
- p = "<unparse_name failed>";
+ p = failed;
kdc_log(context, config, 0,
"Ticket kvno = %d, DB kvno = %d (%s)",
*ap_req.ticket.enc_part.kvno,
@@ -1266,7 +1267,7 @@ tgs_parse_request(krb5_context context,
&ap_req_options,
ticket,
KRB5_KU_TGS_REQ_AUTH);
-
+
krb5_free_principal(context, princ);
if(ret) {
const char *msg = krb5_get_error_message(context, ret);
@@ -1396,12 +1397,12 @@ build_server_referral(krb5_context context,
const PrincipalName *true_principal_name,
const PrincipalName *requested_principal,
krb5_data *outdata)
-{
+{
PA_ServerReferralData ref;
krb5_error_code ret;
EncryptedData ed;
krb5_data data;
- size_t size;
+ size_t size = 0;
memset(&ref, 0, sizeof(ref));
@@ -1521,7 +1522,7 @@ tgs_build_reply(krb5_context context,
hdb_entry_ex *uu;
krb5_principal p;
Key *uukey;
-
+
if(b->additional_tickets == NULL ||
b->additional_tickets->len == 0){
ret = KRB5KDC_ERR_BADOPTION; /* ? */
@@ -1567,7 +1568,7 @@ tgs_build_reply(krb5_context context,
}
_krb5_principalname2krb5_principal(context, &sp, *s, r);
- ret = krb5_unparse_name(context, sp, &spn);
+ ret = krb5_unparse_name(context, sp, &spn);
if (ret)
goto out;
_krb5_principalname2krb5_principal(context, &cp, tgt->cname, tgt->crealm);
@@ -1612,7 +1613,7 @@ server_lookup:
free(spn);
krb5_make_principal(context, &sp, r,
KRB5_TGS_NAME, new_rlm, NULL);
- ret = krb5_unparse_name(context, sp, &spn);
+ ret = krb5_unparse_name(context, sp, &spn);
if (ret)
goto out;
@@ -1662,7 +1663,7 @@ server_lookup:
krb5_enctype etype;
if(b->kdc_options.enc_tkt_in_skey) {
- int i;
+ size_t i;
ekey = &adtkt.key;
for(i = 0; i < b->etype.len; i++)
if (b->etype.val[i] == adtkt.key.keytype)
@@ -1678,9 +1679,11 @@ server_lookup:
kvno = 0;
} else {
Key *skey;
-
- ret = _kdc_find_etype(context, server,
- b->etype.val, b->etype.len, &skey);
+
+ ret = _kdc_find_etype(context,
+ config->tgs_use_strongest_session_key, FALSE,
+ server, b->etype.val, b->etype.len, NULL,
+ &skey);
if(ret) {
kdc_log(context, config, 0,
"Server (%s) has no support for etypes", spn);
@@ -1690,7 +1693,7 @@ server_lookup:
etype = skey->key.keytype;
kvno = server->entry.kvno;
}
-
+
ret = krb5_generate_random_keyblock(context, etype, &sessionkey);
if (ret)
goto out;
@@ -1717,11 +1720,11 @@ server_lookup:
/* Now refetch the primary krbtgt, and get the current kvno (the
* sign check may have been on an old kvno, and the server may
* have been an incoming trust) */
- ret = krb5_make_principal(context, &krbtgt_principal,
+ ret = krb5_make_principal(context, &krbtgt_principal,
krb5_principal_get_comp_string(context,
krbtgt->entry.principal,
1),
- KRB5_TGS_NAME,
+ KRB5_TGS_NAME,
krb5_principal_get_comp_string(context,
krbtgt->entry.principal,
1), NULL);
@@ -2052,7 +2055,7 @@ server_lookup:
goto out;
}
- ret = check_constrained_delegation(context, config, clientdb,
+ ret = check_constrained_delegation(context, config, clientdb,
client, server, sp);
if (ret) {
kdc_log(context, config, 0,
@@ -2067,17 +2070,18 @@ server_lookup:
}
krb5_data_free(&rspac);
+
/*
- * generate the PAC for the user and pass
- * dp for the S4U_DELEGATION_INFO blob in the PAC.
+ * generate the PAC for the user.
+ *
+ * TODO: pass in t->sname and t->realm and build
+ * a S4U_DELEGATION_INFO blob to the PAC.
*/
ret = check_PAC(context, config, tp, dp,
client, server, krbtgt,
&clientkey->key, &tkey_check->key,
ekey, &tkey_sign->key,
&adtkt, &rspac, &ad_signedpath);
- if (ret == 0 && !ad_signedpath)
- ret = KRB5KDC_ERR_BADOPTION;
if (ret) {
const char *msg = krb5_get_error_message(context, ret);
kdc_log(context, config, 0,
@@ -2094,12 +2098,10 @@ server_lookup:
ret = check_KRB5SignedPath(context,
config,
krbtgt,
- tp,
+ cp,
&adtkt,
NULL,
&ad_signedpath);
- if (ret == 0 && !ad_signedpath)
- ret = KRB5KDC_ERR_BADOPTION;
if (ret) {
const char *msg = krb5_get_error_message(context, ret);
kdc_log(context, config, 0,
@@ -2111,6 +2113,16 @@ server_lookup:
goto out;
}
+ if (!ad_signedpath) {
+ ret = KRB5KDC_ERR_BADOPTION;
+ kdc_log(context, config, 0,
+ "Ticket not signed with PAC nor SignedPath service %s failed "
+ "for delegation to %s for client %s (%s)"
+ "from %s",
+ spn, tpn, dpn, cpn, from);
+ goto out;
+ }
+
kdc_log(context, config, 0, "constrained delegation for %s "
"from %s (%s) to %s", tpn, cpn, dpn, spn);
}
@@ -2141,7 +2153,7 @@ server_lookup:
kdc_log(context, config, 0, "Request from wrong address");
goto out;
}
-
+
/*
* If this is an referral, add server referral data to the
* auth_data reply .
@@ -2203,7 +2215,7 @@ server_lookup:
&enc_pa_data,
e_text,
reply);
-
+
out:
if (tpn != cpn)
free(tpn);
@@ -2279,7 +2291,7 @@ _kdc_tgs_rep(krb5_context context,
if(tgs_req == NULL){
ret = KRB5KDC_ERR_PADATA_TYPE_NOSUPP;
-
+
kdc_log(context, config, 0,
"TGS-REQ from %s without PA-TGS-REQ", from);
goto out;
diff --git a/source4/heimdal/kdc/kx509.c b/source4/heimdal/kdc/kx509.c
index f6f8f8a3bd..8d683d50a3 100644
--- a/source4/heimdal/kdc/kx509.c
+++ b/source4/heimdal/kdc/kx509.c
@@ -259,7 +259,7 @@ build_certificate(krb5_context context,
hx509_cert_free(cert);
if (ret)
goto out;
-
+
return 0;
out:
if (env)
@@ -355,7 +355,7 @@ _kdc_do_kx509(krb5_context context,
krb5_xfree(expected);
goto out;
}
-
+
ret = KRB5KDC_ERR_SERVER_NOMATCH;
krb5_set_error_message(context, ret,
"User %s used wrong Kx509 service "
diff --git a/source4/heimdal/kdc/log.c b/source4/heimdal/kdc/log.c
index 6657aca5cb..6d85729f51 100644
--- a/source4/heimdal/kdc/log.c
+++ b/source4/heimdal/kdc/log.c
@@ -50,10 +50,12 @@ kdc_openlog(krb5_context context,
krb5_addlog_dest(context, config->logf, *p);
krb5_config_free_strings(s);
}else {
- char *s;
- asprintf(&s, "0-1/FILE:%s/%s", hdb_db_dir(context), KDC_LOG_FILE);
- krb5_addlog_dest(context, config->logf, s);
- free(s);
+ char *ss;
+ if (asprintf(&ss, "0-1/FILE:%s/%s", hdb_db_dir(context),
+ KDC_LOG_FILE) < 0)
+ err(1, NULL);
+ krb5_addlog_dest(context, config->logf, ss);
+ free(ss);
}
krb5_set_warn_dest(context, config->logf);
}
diff --git a/source4/heimdal/kdc/misc.c b/source4/heimdal/kdc/misc.c
index 297fa3824b..f9b34571a3 100644
--- a/source4/heimdal/kdc/misc.c
+++ b/source4/heimdal/kdc/misc.c
@@ -62,7 +62,7 @@ _kdc_db_fetch(krb5_context context,
for(i = 0; i < config->num_db; i++) {
krb5_principal enterprise_principal = NULL;
- if (!(config->db[i]->hdb_capability_flags & HDB_CAP_F_HANDLE_ENTERPRISE_PRINCIPAL)
+ if (!(config->db[i]->hdb_capability_flags & HDB_CAP_F_HANDLE_ENTERPRISE_PRINCIPAL)
&& principal->name.name_type == KRB5_NT_ENTERPRISE_PRINCIPAL) {
if (principal->name.name_string.len != 1) {
ret = KRB5_PARSE_MALFORMED;
@@ -134,24 +134,41 @@ _kdc_get_preferred_key(krb5_context context,
krb5_enctype *enctype,
Key **key)
{
- const krb5_enctype *p;
krb5_error_code ret;
int i;
- p = krb5_kerberos_enctypes(context);
-
- for (i = 0; p[i] != ETYPE_NULL; i++) {
- if (krb5_enctype_valid(context, p[i]) != 0)
- continue;
- ret = hdb_enctype2key(context, &h->entry, p[i], key);
- if (ret == 0) {
- *enctype = p[i];
+ if (config->use_strongest_server_key) {
+ const krb5_enctype *p = krb5_kerberos_enctypes(context);
+
+ for (i = 0; p[i] != ETYPE_NULL; i++) {
+ if (krb5_enctype_valid(context, p[i]) != 0)
+ continue;
+ ret = hdb_enctype2key(context, &h->entry, p[i], key);
+ if (ret != 0)
+ continue;
+ if (enctype != NULL)
+ *enctype = p[i];
+ return 0;
+ }
+ } else {
+ *key = NULL;
+
+ for (i = 0; i < h->entry.keys.len; i++) {
+ if (krb5_enctype_valid(context, h->entry.keys.val[i].key.keytype)
+ != 0)
+ continue;
+ ret = hdb_enctype2key(context, &h->entry,
+ h->entry.keys.val[i].key.keytype, key);
+ if (ret != 0)
+ continue;
+ if (enctype != NULL)
+ *enctype = (*key)->key.keytype;
return 0;
}
}
krb5_set_error_message(context, EINVAL,
"No valid kerberos key found for %s", name);
- return EINVAL;
+ return EINVAL; /* XXX */
}
diff --git a/source4/heimdal/kdc/pkinit.c b/source4/heimdal/kdc/pkinit.c
index 9c0be23b14..a02cb816ab 100644
--- a/source4/heimdal/kdc/pkinit.c
+++ b/source4/heimdal/kdc/pkinit.c
@@ -116,7 +116,7 @@ pk_check_pkauthenticator(krb5_context context,
u_char *buf = NULL;
size_t buf_size;
krb5_error_code ret;
- size_t len;
+ size_t len = 0;
krb5_timestamp now;
Checksum checksum;
@@ -148,7 +148,7 @@ pk_check_pkauthenticator(krb5_context context,
krb5_clear_error_message(context);
return ret;
}
-
+
if (a->paChecksum == NULL) {
krb5_clear_error_message(context);
ret = KRB5_KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED;
@@ -222,7 +222,7 @@ generate_dh_keyblock(krb5_context context,
if (!DH_generate_key(client_params->u.dh.key)) {
ret = KRB5KRB_ERR_GENERIC;
- krb5_set_error_message(context, ret,
+ krb5_set_error_message(context, ret,
"Can't generate Diffie-Hellman keys");
goto out;
}
@@ -237,7 +237,7 @@ generate_dh_keyblock(krb5_context context,
}
dh_gen_keylen = DH_compute_key(dh_gen_key,client_params->u.dh.public_key, client_params->u.dh.key);
- if (dh_gen_keylen == -1) {
+ if (dh_gen_keylen == (size_t)-1) {
ret = KRB5KRB_ERR_GENERIC;
krb5_set_error_message(context, ret,
"Can't compute Diffie-Hellman key");
@@ -281,14 +281,14 @@ generate_dh_keyblock(krb5_context context,
goto out;
}
- dh_gen_keylen = ECDH_compute_key(dh_gen_key, size,
+ dh_gen_keylen = ECDH_compute_key(dh_gen_key, size,
EC_KEY_get0_public_key(client_params->u.ecdh.public_key),
client_params->u.ecdh.key, NULL);
#endif /* HAVE_OPENSSL */
} else {
ret = KRB5KRB_ERR_GENERIC;
- krb5_set_error_message(context, ret,
+ krb5_set_error_message(context, ret,
"Diffie-Hellman not selected keys");
goto out;
}
@@ -525,7 +525,7 @@ _kdc_pk_rd_padata(krb5_context context,
goto out;
}
- ret = hx509_certs_merge(context->hx509ctx, trust_anchors,
+ ret = hx509_certs_merge(context->hx509ctx, trust_anchors,
kdc_identity->anchors);
if (ret) {
hx509_certs_free(&trust_anchors);
@@ -538,7 +538,7 @@ _kdc_pk_rd_padata(krb5_context context,
if (ret == 0 && pc != NULL) {
hx509_cert cert;
unsigned int i;
-
+
for (i = 0; i < pc->len; i++) {
ret = hx509_cert_init_data(context->hx509ctx,
pc->val[i].cert.data,
@@ -572,7 +572,7 @@ _kdc_pk_rd_padata(krb5_context context,
if (req->req_body.kdc_options.request_anonymous) {
ret = KRB5_KDC_ERR_PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED;
- krb5_set_error_message(context, ret,
+ krb5_set_error_message(context, ret,
"Anon not supported in RSA mode");
goto out;
}
@@ -586,7 +586,7 @@ _kdc_pk_rd_padata(krb5_context context,
"PK-AS-REQ-Win2k: %d", ret);
goto out;
}
-
+
ret = hx509_cms_unwrap_ContentInfo(&r.signed_auth_pack,
&contentInfoOid,
&signed_content,
@@ -612,7 +612,7 @@ _kdc_pk_rd_padata(krb5_context context,
"Can't decode PK-AS-REQ: %d", ret);
goto out;
}
-
+
/* XXX look at r.kdcPkId */
if (r.trustedCertifiers) {
ExternalPrincipalIdentifiers *edi = r.trustedCertifiers;
@@ -624,12 +624,12 @@ _kdc_pk_rd_padata(krb5_context context,
&cp->client_anchors);
if (ret) {
krb5_set_error_message(context, ret,
- "Can't allocate client anchors: %d",
+ "Can't allocate client anchors: %d",
ret);
goto out;
}
- /*
+ /*
* If the client sent more then 10 EDI, don't bother
* looking more then 10 of performance reasons.
*/
@@ -651,7 +651,7 @@ _kdc_pk_rd_padata(krb5_context context,
"Failed to allocate hx509_query");
goto out;
}
-
+
ret = decode_IssuerAndSerialNumber(edi->val[i].issuerAndSerialNumber->data,
edi->val[i].issuerAndSerialNumber->length,
&iasn,
@@ -704,7 +704,7 @@ _kdc_pk_rd_padata(krb5_context context,
"PK-AS-REQ-Win2k invalid content type oid");
goto out;
}
-
+
if (!have_data) {
ret = KRB5KRB_ERR_GENERIC;
krb5_set_error_message(context, ret,
@@ -805,7 +805,7 @@ _kdc_pk_rd_padata(krb5_context context,
ap.clientPublicValue == NULL) {
free_AuthPack(&ap);
ret = KRB5_KDC_ERR_PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED;
- krb5_set_error_message(context, ret,
+ krb5_set_error_message(context, ret,
"Anon not supported in RSA mode");
goto out;
}
@@ -849,7 +849,7 @@ _kdc_pk_rd_padata(krb5_context context,
free_AuthPack(&ap);
goto out;
}
-
+
if (ap.supportedCMSTypes) {
ret = hx509_peer_info_set_cms_algs(context->hx509ctx,
cp->peer,
@@ -885,7 +885,7 @@ out:
der_free_oid(&contentInfoOid);
if (ret) {
_kdc_pk_free_client_param(context, cp);
- } else
+ } else
*ret_params = cp;
return ret;
}
@@ -921,7 +921,7 @@ pk_mk_pa_reply_enckey(krb5_context context,
const heim_oid *envelopedAlg = NULL, *sdAlg = NULL, *evAlg = NULL;
krb5_error_code ret;
krb5_data buf, signed_data;
- size_t size;
+ size_t size = 0;
int do_win2k = 0;
krb5_data_zero(&buf);
@@ -954,7 +954,7 @@ pk_mk_pa_reply_enckey(krb5_context context,
break;
default:
krb5_abortx(context, "internal pkinit error");
- }
+ }
if (do_win2k) {
ReplyKeyPack_Win2k kp;
@@ -966,7 +966,7 @@ pk_mk_pa_reply_enckey(krb5_context context,
goto out;
}
kp.nonce = cp->nonce;
-
+
ASN1_MALLOC_ENCODE(ReplyKeyPack_Win2k,
buf.data, buf.length,
&kp, &size,ret);
@@ -995,7 +995,7 @@ pk_mk_pa_reply_enckey(krb5_context context,
krb5_clear_error_message(context);
goto out;
}
-
+
ret = krb5_crypto_destroy(context, ascrypto);
if (ret) {
krb5_clear_error_message(context);
@@ -1015,15 +1015,15 @@ pk_mk_pa_reply_enckey(krb5_context context,
{
hx509_query *q;
hx509_cert cert;
-
+
ret = hx509_query_alloc(context->hx509ctx, &q);
if (ret)
goto out;
-
+
hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY);
if (config->pkinit_kdc_friendly_name)
hx509_query_match_friendly_name(q, config->pkinit_kdc_friendly_name);
-
+
ret = hx509_certs_find(context->hx509ctx,
kdc_identity->certs,
q,
@@ -1031,7 +1031,7 @@ pk_mk_pa_reply_enckey(krb5_context context,
hx509_query_free(context->hx509ctx, q);
if (ret)
goto out;
-
+
ret = hx509_cms_create_signed_1(context->hx509ctx,
0,
sdAlg,
@@ -1078,7 +1078,7 @@ out:
hx509_cert_free(*kdc_cert);
*kdc_cert = NULL;
}
-
+
krb5_data_free(&buf);
krb5_data_free(&signed_data);
return ret;
@@ -1101,7 +1101,7 @@ pk_mk_pa_reply_dh(krb5_context context,
krb5_error_code ret;
hx509_cert cert;
hx509_query *q;
- size_t size;
+ size_t size = 0;
memset(&contentinfo, 0, sizeof(contentinfo));
memset(&dh_info, 0, sizeof(dh_info));
@@ -1117,7 +1117,7 @@ pk_mk_pa_reply_dh(krb5_context context,
ret = BN_to_integer(context, kdc_dh->pub_key, &i);
if (ret)
return ret;
-
+
ASN1_MALLOC_ENCODE(DHPublicKey, buf.data, buf.length, &i, &size, ret);
der_free_heim_integer(&i);
if (ret) {
@@ -1127,7 +1127,7 @@ pk_mk_pa_reply_dh(krb5_context context,
}
if (buf.length != size)
krb5_abortx(context, "Internal ASN.1 encoder error");
-
+
dh_info.subjectPublicKey.length = buf.length * 8;
dh_info.subjectPublicKey.data = buf.data;
krb5_data_zero(&buf);
@@ -1154,7 +1154,7 @@ pk_mk_pa_reply_dh(krb5_context context,
} else
krb5_abortx(context, "no keyex selected ?");
-
+
dh_info.nonce = cp->nonce;
ASN1_MALLOC_ENCODE(KDCDHKeyInfo, buf.data, buf.length, &dh_info, &size,
@@ -1175,11 +1175,11 @@ pk_mk_pa_reply_dh(krb5_context context,
ret = hx509_query_alloc(context->hx509ctx, &q);
if (ret)
goto out;
-
+
hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY);
if (config->pkinit_kdc_friendly_name)
hx509_query_match_friendly_name(q, config->pkinit_kdc_friendly_name);
-
+
ret = hx509_certs_find(context->hx509ctx,
kdc_identity->certs,
q,
@@ -1187,7 +1187,7 @@ pk_mk_pa_reply_dh(krb5_context context,
hx509_query_free(context->hx509ctx, q);
if (ret)
goto out;
-
+
ret = hx509_cms_create_signed_1(context->hx509ctx,
0,
&asn1_oid_id_pkdhkeydata,
@@ -1242,12 +1242,12 @@ _kdc_pk_mk_pa_reply(krb5_context context,
METHOD_DATA *md)
{
krb5_error_code ret;
- void *buf;
- size_t len, size;
+ void *buf = NULL;
+ size_t len = 0, size = 0;
krb5_enctype enctype;
int pa_type;
hx509_cert kdc_cert = NULL;
- int i;
+ size_t i;
if (!config->enable_pkinit) {
krb5_clear_error_message(context);
@@ -1263,7 +1263,7 @@ _kdc_pk_mk_pa_reply(krb5_context context,
krb5_set_error_message(context, ret,
"No valid enctype available from client");
goto out;
- }
+ }
enctype = req->req_body.etype.val[i];
} else
enctype = ETYPE_DES3_CBC_SHA1;
@@ -1314,7 +1314,7 @@ _kdc_pk_mk_pa_reply(krb5_context context,
if (rep.u.encKeyPack.length != size)
krb5_abortx(context, "Internal ASN.1 encoder error");
- ret = krb5_generate_random_keyblock(context, sessionetype,
+ ret = krb5_generate_random_keyblock(context, sessionetype,
sessionkey);
if (ret) {
free_PA_PK_AS_REP(&rep);
@@ -1368,7 +1368,7 @@ _kdc_pk_mk_pa_reply(krb5_context context,
krb5_abortx(context, "Internal ASN.1 encoder error");
/* XXX KRB-FX-CF2 */
- ret = krb5_generate_random_keyblock(context, sessionetype,
+ ret = krb5_generate_random_keyblock(context, sessionetype,
sessionkey);
if (ret) {
free_PA_PK_AS_REP(&rep);
@@ -1463,7 +1463,7 @@ _kdc_pk_mk_pa_reply(krb5_context context,
if (len != size)
krb5_abortx(context, "Internal ASN.1 encoder error");
- ret = krb5_generate_random_keyblock(context, sessionetype,
+ ret = krb5_generate_random_keyblock(context, sessionetype,
sessionkey);
if (ret) {
free(buf);
@@ -1507,7 +1507,7 @@ _kdc_pk_mk_pa_reply(krb5_context context,
"PK-INIT failed to stat ocsp data %d", ret);
goto out_ocsp;
}
-
+
ret = krb5_data_alloc(&ocsp.data, sb.st_size);
if (ret) {
close(fd);
@@ -1575,7 +1575,8 @@ match_rfc_san(krb5_context context,
krb5_const_principal match)
{
hx509_octet_string_list list;
- int ret, i, found = 0;
+ int ret, found = 0;
+ size_t i;
memset(&list, 0 , sizeof(list));
@@ -1679,12 +1680,12 @@ match_ms_upn_san(krb5_context context,
if (clientdb->hdb_check_pkinit_ms_upn_match) {
ret = clientdb->hdb_check_pkinit_ms_upn_match(context, clientdb, client, principal);
} else {
-
+
/*
* This is very wrong, but will do for a fallback
*/
strupr(principal->realm);
-
+
if (krb5_principal_compare(context, principal, client->entry.principal) == FALSE)
ret = KRB5_KDC_ERR_CLIENT_NAME_MISMATCH;
}
@@ -1709,7 +1710,7 @@ _kdc_pk_check_client(krb5_context context,
const HDB_Ext_PKINIT_cert *pc;
krb5_error_code ret;
hx509_name name;
- int i;
+ size_t i;
if (cp->cert == NULL) {
@@ -1737,12 +1738,12 @@ _kdc_pk_check_client(krb5_context context,
ret = hdb_entry_get_pkinit_cert(&client->entry, &pc);
if (ret == 0 && pc) {
hx509_cert cert;
- unsigned int i;
-
- for (i = 0; i < pc->len; i++) {
+ size_t j;
+
+ for (j = 0; j < pc->len; j++) {
ret = hx509_cert_init_data(context->hx509ctx,
- pc->val[i].cert.data,
- pc->val[i].cert.length,
+ pc->val[j].cert.data,
+ pc->val[j].cert.length,
&cert);
if (ret)
continue;
@@ -1770,7 +1771,7 @@ _kdc_pk_check_client(krb5_context context,
ret = match_ms_upn_san(context, config,
context->hx509ctx,
cp->cert,
- clientdb,
+ clientdb,
client);
if (ret == 0) {
kdc_log(context, config, 5,
@@ -1871,7 +1872,7 @@ _kdc_add_inital_verified_cas(krb5_context context,
AD_INITIAL_VERIFIED_CAS cas;
krb5_error_code ret;
krb5_data data;
- size_t size;
+ size_t size = 0;
memset(&cas, 0, sizeof(cas));
@@ -1937,7 +1938,7 @@ load_mappings(krb5_context context, const char *fn)
fclose(f);
}
-
+
/*
*
*/
@@ -1982,17 +1983,17 @@ krb5_kdc_pk_initialize(krb5_context context,
{
hx509_query *q;
hx509_cert cert;
-
+
ret = hx509_query_alloc(context->hx509ctx, &q);
if (ret) {
krb5_warnx(context, "PKINIT: out of memory");
return ENOMEM;
}
-
+
hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY);
if (config->pkinit_kdc_friendly_name)
hx509_query_match_friendly_name(q, config->pkinit_kdc_friendly_name);
-
+
ret = hx509_certs_find(context->hx509ctx,
kdc_identity->certs,
q,
diff --git a/source4/heimdal/kdc/process.c b/source4/heimdal/kdc/process.c
index 4226600331..6f36915800 100644
--- a/source4/heimdal/kdc/process.c
+++ b/source4/heimdal/kdc/process.c
@@ -47,7 +47,7 @@ krb5_kdc_update_time(struct timeval *tv)
_kdc_now = *tv;
}
-static krb5_error_code
+static krb5_error_code
kdc_as_req(krb5_context context,
krb5_kdc_configuration *config,
krb5_data *req_buffer,
@@ -74,7 +74,7 @@ kdc_as_req(krb5_context context,
}
-static krb5_error_code
+static krb5_error_code
kdc_tgs_req(krb5_context context,
krb5_kdc_configuration *config,
krb5_data *req_buffer,
@@ -91,10 +91,10 @@ kdc_tgs_req(krb5_context context,
ret = decode_TGS_REQ(req_buffer->data, req_buffer->length, &req, &len);
if (ret)
return ret;
-
+
*claim = 1;
- ret = _kdc_tgs_rep(context, config, &req, reply,
+ ret = _kdc_tgs_rep(context, config, &req, reply,
from, addr, datagram_reply);
free_TGS_REQ(&req);
return ret;
@@ -102,7 +102,7 @@ kdc_tgs_req(krb5_context context,
#ifdef DIGEST
-static krb5_error_code
+static krb5_error_code
kdc_digest(krb5_context context,
krb5_kdc_configuration *config,
krb5_data *req_buffer,
@@ -132,7 +132,7 @@ kdc_digest(krb5_context context,
#ifdef KX509
-static krb5_error_code
+static krb5_error_code
kdc_kx509(krb5_context context,
krb5_kdc_configuration *config,
krb5_data *req_buffer,
@@ -193,7 +193,7 @@ krb5_kdc_process_request(krb5_context context,
unsigned int i;
krb5_data req_buffer;
int claim = 0;
-
+
req_buffer.data = buf;
req_buffer.length = len;
@@ -232,7 +232,7 @@ krb5_kdc_process_krb5_request(krb5_context context,
unsigned int i;
krb5_data req_buffer;
int claim = 0;
-
+
req_buffer.data = buf;
req_buffer.length = len;
@@ -245,7 +245,7 @@ krb5_kdc_process_krb5_request(krb5_context context,
if (claim)
return ret;
}
-
+
return -1;
}
diff --git a/source4/heimdal/kdc/windc.c b/source4/heimdal/kdc/windc.c
index a58cebb8b2..ba87abb7cc 100644
--- a/source4/heimdal/kdc/windc.c
+++ b/source4/heimdal/kdc/windc.c
@@ -55,7 +55,7 @@ krb5_kdc_windc_init(krb5_context context)
windcft = _krb5_plugin_get_symbol(e);
if (windcft->minor_version < KRB5_WINDC_PLUGIN_MINOR)
continue;
-
+
(*windcft->init)(context, &windcctx);
break;
}
@@ -119,9 +119,9 @@ _kdc_check_access(krb5_context context,
server_ex, server_name,
req->msg_type == krb_as_req);
- return (windcft->client_access)(windcctx,
- context, config,
- client_ex, client_name,
- server_ex, server_name,
+ return (windcft->client_access)(windcctx,
+ context, config,
+ client_ex, client_name,
+ server_ex, server_name,
req, e_data);
}
diff --git a/source4/heimdal/kdc/windc_plugin.h b/source4/heimdal/kdc/windc_plugin.h
index b328e3ffb3..fa4ba434f3 100644
--- a/source4/heimdal/kdc/windc_plugin.h
+++ b/source4/heimdal/kdc/windc_plugin.h
@@ -66,10 +66,10 @@ typedef krb5_error_code
typedef krb5_error_code
(*krb5plugin_windc_client_access)(
- void *, krb5_context,
+ void *, krb5_context,
krb5_kdc_configuration *config,
- hdb_entry_ex *, const char *,
- hdb_entry_ex *, const char *,
+ hdb_entry_ex *, const char *,
+ hdb_entry_ex *, const char *,
KDC_REQ *, krb5_data *);
diff --git a/source4/heimdal/kpasswd/kpasswd.c b/source4/heimdal/kpasswd/kpasswd.c
index 0258c1ac09..e681a359d4 100644
--- a/source4/heimdal/kpasswd/kpasswd.c
+++ b/source4/heimdal/kpasswd/kpasswd.c
@@ -40,10 +40,11 @@ static char *admin_principal_str;
static char *cred_cache_str;
static struct getargs args[] = {
- { "admin-principal", 0, arg_string, &admin_principal_str },
- { "cache", 'c', arg_string, &cred_cache_str },
- { "version", 0, arg_flag, &version_flag },
- { "help", 0, arg_flag, &help_flag }
+ { "admin-principal", 0, arg_string, &admin_principal_str, NULL,
+ NULL },
+ { "cache", 'c', arg_string, &cred_cache_str, NULL, NULL },
+ { "version", 0, arg_flag, &version_flag, NULL, NULL },
+ { "help", 0, arg_flag, &help_flag, NULL, NULL }
};
static void
@@ -197,9 +198,9 @@ main (int argc, char **argv)
default:
krb5_err(context, 1, ret, "krb5_get_init_creds");
}
-
+
krb5_get_init_creds_opt_free(context, opt);
-
+
ret = krb5_cc_initialize(context, id, admin_principal);
krb5_free_principal(context, admin_principal);
if (ret)
@@ -208,7 +209,7 @@ main (int argc, char **argv)
ret = krb5_cc_store_cred(context, id, &cred);
if (ret)
krb5_err(context, 1, ret, "krb5_cc_store_cred");
-
+
krb5_free_cred_contents (context, &cred);
}
diff --git a/source4/heimdal/kuser/kinit.c b/source4/heimdal/kuser/kinit.c
index 846232a4f2..e872fef9be 100644
--- a/source4/heimdal/kuser/kinit.c
+++ b/source4/heimdal/kuser/kinit.c
@@ -96,31 +96,31 @@ static struct getargs args[] = {
* 9:
*/
{ "afslog", 0 , arg_flag, &do_afslog,
- NP_("obtain afs tokens", "") },
+ NP_("obtain afs tokens", ""), NULL },
{ "cache", 'c', arg_string, &cred_cache,
NP_("credentials cache", ""), "cachename" },
{ "forwardable", 0, arg_negative_flag, &forwardable_flag,
- NP_("get tickets not forwardable", "")},
+ NP_("get tickets not forwardable", ""), NULL },
{ NULL, 'f', arg_flag, &forwardable_flag,
- NP_("get forwardable tickets", "")},
+ NP_("get forwardable tickets", ""), NULL },
{ "keytab", 't', arg_string, &keytab_str,
NP_("keytab to use", ""), "keytabname" },
{ "lifetime", 'l', arg_string, &lifetime,
- NP_("lifetime of tickets", ""), "time"},
+ NP_("lifetime of tickets", ""), "time" },
{ "proxiable", 'p', arg_flag, &proxiable_flag,
- NP_("get proxiable tickets", "") },
+ NP_("get proxiable tickets", ""), NULL },
{ "renew", 'R', arg_flag, &renew_flag,
- NP_("renew TGT", "") },
+ NP_("renew TGT", ""), NULL },
{ "renewable", 0, arg_flag, &renewable_flag,
- NP_("get renewable tickets", "") },
+ NP_("get renewable tickets", ""), NULL },
{ "renewable-life", 'r', arg_string, &renew_life,
NP_("renewable lifetime of tickets", ""), "time" },
@@ -132,40 +132,40 @@ static struct getargs args[] = {
NP_("when ticket gets valid", ""), "time" },
{ "use-keytab", 'k', arg_flag, &use_keytab,
- NP_("get key from keytab", "") },
+ NP_("get key from keytab", ""), NULL },
{ "validate", 'v', arg_flag, &validate_flag,
- NP_("validate TGT", "") },
+ NP_("validate TGT", ""), NULL },
{ "enctypes", 'e', arg_strings, &etype_str,
NP_("encryption types to use", ""), "enctypes" },
{ "fcache-version", 0, arg_integer, &fcache_version,
- NP_("file cache version to create", "") },
+ NP_("file cache version to create", ""), NULL },
{ "addresses", 'A', arg_negative_flag, &addrs_flag,
- NP_("request a ticket with no addresses", "") },
+ NP_("request a ticket with no addresses", ""), NULL },
{ "extra-addresses",'a', arg_strings, &extra_addresses,
NP_("include these extra addresses", ""), "addresses" },
{ "anonymous", 0, arg_flag, &anonymous_flag,
- NP_("request an anonymous ticket", "") },
+ NP_("request an anonymous ticket", ""), NULL },
{ "request-pac", 0, arg_flag, &pac_flag,
- NP_("request a Windows PAC", "") },
+ NP_("request a Windows PAC", ""), NULL },
{ "password-file", 0, arg_string, &password_file,
- NP_("read the password from a file", "") },
+ NP_("read the password from a file", ""), NULL },
{ "canonicalize",0, arg_flag, &canonicalize_flag,
- NP_("canonicalize client principal", "") },
+ NP_("canonicalize client principal", ""), NULL },
{ "enterprise",0, arg_flag, &enterprise_flag,
- NP_("parse principal as a KRB5-NT-ENTERPRISE name", "") },
+ NP_("parse principal as a KRB5-NT-ENTERPRISE name", ""), NULL },
#ifdef PKINIT
{ "pk-enterprise", 0, arg_flag, &pk_enterprise_flag,
- NP_("use enterprise name from certificate", "") },
+ NP_("use enterprise name from certificate", ""), NULL },
{ "pk-user", 'C', arg_string, &pk_user_id,
NP_("principal's public/private/certificate identifier", ""), "id" },
@@ -174,7 +174,7 @@ static struct getargs args[] = {
NP_("directory with CA certificates", ""), "directory" },
{ "pk-use-enckey", 0, arg_flag, &pk_use_enckey,
- NP_("Use RSA encrypted reply (instead of DH)", "") },
+ NP_("Use RSA encrypted reply (instead of DH)", ""), NULL },
#endif
#ifndef NO_NTLM
{ "ntlm-domain", 0, arg_string, &ntlm_domain,
@@ -182,19 +182,19 @@ static struct getargs args[] = {
#endif
{ "change-default", 0, arg_negative_flag, &switch_cache_flags,
- NP_("switch the default cache to the new credentials cache", "") },
+ NP_("switch the default cache to the new credentials cache", ""), NULL },
{ "ok-as-delegate", 0, arg_flag, &ok_as_delegate_flag,
- NP_("honor ok-as-delegate on tickets", "") },
+ NP_("honor ok-as-delegate on tickets", ""), NULL },
{ "use-referrals", 0, arg_flag, &use_referrals_flag,
- NP_("only use referrals, no dns canalisation", "") },
+ NP_("only use referrals, no dns canalisation", ""), NULL },
{ "windows", 0, arg_flag, &windows_flag,
- NP_("get windows behavior", "") },
+ NP_("get windows behavior", ""), NULL },
- { "version", 0, arg_flag, &version_flag },
- { "help", 0, arg_flag, &help_flag }
+ { "version", 0, arg_flag, &version_flag, NULL, NULL },
+ { "help", 0, arg_flag, &help_flag, NULL, NULL }
};
static void
@@ -357,7 +357,7 @@ get_new_tickets(krb5_context context,
char passwd[256];
krb5_deltat start_time = 0;
krb5_deltat renew = 0;
- char *renewstr = NULL;
+ const char *renewstr = NULL;
krb5_enctype *enctype = NULL;
krb5_ccache tempccache;
#ifndef NO_NTLM
@@ -466,7 +466,7 @@ get_new_tickets(krb5_context context,
renew = parse_time (renewstr, "s");
if (renew < 0)
errx (1, "unparsable time: %s", renewstr);
-
+
krb5_get_init_creds_opt_set_renew_life (opt, renew);
}
@@ -532,11 +532,11 @@ get_new_tickets(krb5_context context,
if (passwd[0] == '\0') {
char *p, *prompt;
-
+
krb5_unparse_name (context, principal, &p);
asprintf (&prompt, N_("%s's Password: ", ""), p);
free (p);
-
+
if (UI_UTIL_read_pw_string(passwd, sizeof(passwd)-1, prompt, 0)){
memset(passwd, 0, sizeof(passwd));
exit(1);
@@ -544,7 +544,7 @@ get_new_tickets(krb5_context context,
free (prompt);
}
-
+
ret = krb5_get_init_creds_password (context,
&cred,
principal,
@@ -592,7 +592,7 @@ get_new_tickets(krb5_context context,
char life[64];
unparse_time_approx(cred.times.renew_till - cred.times.starttime,
life, sizeof(life));
- krb5_warnx(context,
+ krb5_warnx(context,
N_("NOTICE: ticket renewable lifetime is %s", ""),
life);
}
@@ -773,7 +773,7 @@ main (int argc, char **argv)
} else if (anonymous_flag) {
ret = krb5_make_principal(context, &principal, argv[0],
- KRB5_WELLKNOWN_NAME, KRB5_ANON_NAME,
+ KRB5_WELLKNOWN_NAME, KRB5_ANON_NAME,
NULL);
if (ret)
krb5_err(context, 1, ret, "krb5_make_principal");
@@ -825,7 +825,7 @@ main (int argc, char **argv)
if (ret)
krb5_err (context, 1, ret, N_("resolving credentials cache", ""));
- /*
+ /*
* Check if the type support switching, and we do,
* then do that instead over overwriting the current
* default credential
@@ -904,7 +904,7 @@ main (int argc, char **argv)
krb5_warnx(context, N_("permission denied: %s", ""), argv[1]);
else if(ret == EX_NOTFOUND)
krb5_warnx(context, N_("command not found: %s", ""), argv[1]);
-
+
krb5_cc_destroy(context, ccache);
#ifndef NO_AFS
if(k_hasafs())
diff --git a/source4/heimdal/lib/asn1/asn1-common.h b/source4/heimdal/lib/asn1/asn1-common.h
index 9c8793e0cc..4083ebc23d 100644
--- a/source4/heimdal/lib/asn1/asn1-common.h
+++ b/source4/heimdal/lib/asn1/asn1-common.h
@@ -75,5 +75,5 @@ typedef struct heim_octet_string heim_any_set;
#define ASN1EXP
#define ASN1CALL
#endif
-
+
#endif
diff --git a/source4/heimdal/lib/asn1/asn1parse.c b/source4/heimdal/lib/asn1/asn1parse.c
index 08d068b6a4..8c64a35fca 100644
--- a/source4/heimdal/lib/asn1/asn1parse.c
+++ b/source4/heimdal/lib/asn1/asn1parse.c
@@ -1905,7 +1905,7 @@ yyreduce:
/* Line 1455 of yacc.c */
#line 368 "asn1parse.c"
- {
+ {
if((yyvsp[(2) - (5)].value)->type != integervalue)
lex_error_message("Non-integer in first part of range");
(yyval.range) = ecalloc(1, sizeof(*(yyval.range)));
@@ -1918,7 +1918,7 @@ yyreduce:
/* Line 1455 of yacc.c */
#line 376 "asn1parse.c"
- {
+ {
if((yyvsp[(4) - (5)].value)->type != integervalue)
lex_error_message("Non-integer in second part of range");
(yyval.range) = ecalloc(1, sizeof(*(yyval.range)));
diff --git a/source4/heimdal/lib/asn1/asn1parse.y b/source4/heimdal/lib/asn1/asn1parse.y
index a7a8f31827..e3bea6ce0a 100644
--- a/source4/heimdal/lib/asn1/asn1parse.y
+++ b/source4/heimdal/lib/asn1/asn1parse.y
@@ -365,7 +365,7 @@ range : '(' Value RANGE Value ')'
$$->max = $4->u.integervalue;
}
| '(' Value RANGE kw_MAX ')'
- {
+ {
if($2->type != integervalue)
lex_error_message("Non-integer in first part of range");
$$ = ecalloc(1, sizeof(*$$));
@@ -373,7 +373,7 @@ range : '(' Value RANGE Value ')'
$$->max = $2->u.integervalue - 1;
}
| '(' kw_MIN RANGE Value ')'
- {
+ {
if($4->type != integervalue)
lex_error_message("Non-integer in second part of range");
$$ = ecalloc(1, sizeof(*$$));
diff --git a/source4/heimdal/lib/asn1/der_cmp.c b/source4/heimdal/lib/asn1/der_cmp.c
index 84aee4cce0..468ccb2d04 100644
--- a/source4/heimdal/lib/asn1/der_cmp.c
+++ b/source4/heimdal/lib/asn1/der_cmp.c
@@ -53,14 +53,14 @@ der_heim_octet_string_cmp(const heim_octet_string *p,
}
int
-der_printable_string_cmp(const heim_printable_string *p,
+der_printable_string_cmp(const heim_printable_string *p,
const heim_printable_string *q)
{
return der_heim_octet_string_cmp(p, q);
}
int
-der_ia5_string_cmp(const heim_ia5_string *p,
+der_ia5_string_cmp(const heim_ia5_string *p,
const heim_ia5_string *q)
{
return der_heim_octet_string_cmp(p, q);
diff --git a/source4/heimdal/lib/asn1/der_format.c b/source4/heimdal/lib/asn1/der_format.c
index fc79a30b56..4f06c1b01f 100644
--- a/source4/heimdal/lib/asn1/der_format.c
+++ b/source4/heimdal/lib/asn1/der_format.c
@@ -108,7 +108,7 @@ int
der_print_heim_oid (const heim_oid *oid, char delim, char **str)
{
struct rk_strpool *p = NULL;
- int i;
+ size_t i;
if (oid->length == 0)
return EINVAL;
diff --git a/source4/heimdal/lib/asn1/der_get.c b/source4/heimdal/lib/asn1/der_get.c
index 3ea0d5ea18..3112da86f9 100644
--- a/source4/heimdal/lib/asn1/der_get.c
+++ b/source4/heimdal/lib/asn1/der_get.c
@@ -141,9 +141,9 @@ der_get_general_string (const unsigned char *p, size_t len,
* an strings in the NEED_PREAUTH case that includes a
* trailing NUL.
*/
- while (p1 - p < len && *p1 == '\0')
+ while ((size_t)(p1 - p) < len && *p1 == '\0')
p1++;
- if (p1 - p != len)
+ if ((size_t)(p1 - p) != len)
return ASN1_BAD_CHARACTER;
}
if (len > len + 1)
diff --git a/source4/heimdal/lib/asn1/der_length.c b/source4/heimdal/lib/asn1/der_length.c
index 7a41de9d22..db82025861 100644
--- a/source4/heimdal/lib/asn1/der_length.c
+++ b/source4/heimdal/lib/asn1/der_length.c
@@ -86,7 +86,7 @@ static size_t
len_oid (const heim_oid *oid)
{
size_t ret = 1;
- int n;
+ size_t n;
for (n = 2; n < oid->length; ++n) {
unsigned u = oid->components[n];
diff --git a/source4/heimdal/lib/asn1/der_put.c b/source4/heimdal/lib/asn1/der_put.c
index b8101458ad..0b276d1ebd 100644
--- a/source4/heimdal/lib/asn1/der_put.c
+++ b/source4/heimdal/lib/asn1/der_put.c
@@ -433,7 +433,8 @@ _heim_time2generalizedtime (time_t t, heim_octet_string *s, int gtimep)
if (s->data == NULL)
return ENOMEM;
s->length = len;
- _der_gmtime(t, &tm);
+ if (_der_gmtime(t, &tm) == NULL)
+ return ASN1_BAD_TIMEFORMAT;
if (gtimep)
snprintf (s->data, len + 1, "%04d%02d%02d%02d%02d%02dZ",
tm.tm_year + 1900, tm.tm_mon + 1, tm.tm_mday,
diff --git a/source4/heimdal/lib/asn1/extra.c b/source4/heimdal/lib/asn1/extra.c
index 95780a7898..a18797ec25 100644
--- a/source4/heimdal/lib/asn1/extra.c
+++ b/source4/heimdal/lib/asn1/extra.c
@@ -71,13 +71,13 @@ decode_heim_any(const unsigned char *p, size_t len,
if (len < length + len_len + l)
return ASN1_OVERFLOW;
}
-
+
data->data = malloc(length + len_len + l);
if (data->data == NULL)
return ENOMEM;
data->length = length + len_len + l;
memcpy(data->data, p, length + len_len + l);
-
+
if (size)
*size = length + len_len + l;
diff --git a/source4/heimdal/lib/asn1/gen.c b/source4/heimdal/lib/asn1/gen.c
index d59f3bfa47..2194b329ce 100644
--- a/source4/heimdal/lib/asn1/gen.c
+++ b/source4/heimdal/lib/asn1/gen.c
@@ -761,7 +761,7 @@ define_type (int level, const char *name, const char *basename, Type *t, int typ
fprintf (headerfile, "struct %s {\n", newbasename);
ASN1_TAILQ_FOREACH(m, t->members, members) {
char *n = NULL;
-
+
/* pad unused */
while (pos < m->val) {
if (asprintf (&n, "_unused%d:1", pos) < 0 || n == NULL)
@@ -1021,7 +1021,7 @@ generate_type (const Symbol *s)
h = privheaderfile;
exp = "";
}
-
+
fprintf (h,
"%sint ASN1CALL "
"decode_%s(const unsigned char *, size_t, %s *, size_t *);\n",
@@ -1044,7 +1044,7 @@ generate_type (const Symbol *s)
"%svoid ASN1CALL free_%s (%s *);\n",
exp,
s->gen_name, s->gen_name);
-
+
fprintf(h, "\n\n");
if (!one_code_file) {
diff --git a/source4/heimdal/lib/asn1/gen_decode.c b/source4/heimdal/lib/asn1/gen_decode.c
index 002a471e96..9d816d5400 100644
--- a/source4/heimdal/lib/asn1/gen_decode.c
+++ b/source4/heimdal/lib/asn1/gen_decode.c
@@ -209,7 +209,8 @@ range_check(const char *name,
static int
decode_type (const char *name, const Type *t, int optional,
- const char *forwstr, const char *tmpstr, const char *dertype)
+ const char *forwstr, const char *tmpstr, const char *dertype,
+ unsigned int depth)
{
switch (t->type) {
case TType: {
@@ -328,7 +329,8 @@ decode_type (const char *name, const Type *t, int optional,
if (asprintf (&s, "%s(%s)->%s", m->optional ? "" : "&",
name, m->gen_name) < 0 || s == NULL)
errx(1, "malloc");
- decode_type (s, m->type, m->optional, forwstr, m->gen_name, NULL);
+ decode_type (s, m->type, m->optional, forwstr, m->gen_name, NULL,
+ depth + 1);
free (s);
}
@@ -369,7 +371,7 @@ decode_type (const char *name, const Type *t, int optional,
"%s = calloc(1, sizeof(*%s));\n"
"if (%s == NULL) { e = ENOMEM; %s; }\n",
s, s, s, forwstr);
- decode_type (s, m->type, 0, forwstr, m->gen_name, NULL);
+ decode_type (s, m->type, 0, forwstr, m->gen_name, NULL, depth + 1);
free (s);
fprintf(codefile, "members |= (1 << %d);\n", memno);
@@ -442,7 +444,7 @@ decode_type (const char *name, const Type *t, int optional,
errx(1, "malloc");
if (asprintf (&sname, "%s_s_of", tmpstr) < 0 || sname == NULL)
errx(1, "malloc");
- decode_type (n, t->subtype, 0, forwstr, sname, NULL);
+ decode_type (n, t->subtype, 0, forwstr, sname, NULL, depth + 1);
fprintf (codefile,
"(%s)->len++;\n"
"len = %s_origlen - ret;\n"
@@ -480,7 +482,7 @@ decode_type (const char *name, const Type *t, int optional,
tmpstr, tmpstr, typestring);
if(support_ber)
fprintf(codefile,
- "int is_indefinite;\n");
+ "int is_indefinite%u;\n", depth);
fprintf(codefile, "e = der_match_tag_and_length(p, len, %s, &%s, %s, "
"&%s_datalen, &l);\n",
@@ -516,20 +518,20 @@ decode_type (const char *name, const Type *t, int optional,
tmpstr);
if(support_ber)
fprintf (codefile,
- "if((is_indefinite = _heim_fix_dce(%s_datalen, &len)) < 0)\n"
+ "if((is_indefinite%u = _heim_fix_dce(%s_datalen, &len)) < 0)\n"
"{ e = ASN1_BAD_FORMAT; %s; }\n"
- "if (is_indefinite) { if (len < 2) { e = ASN1_OVERRUN; %s; } len -= 2; }",
- tmpstr, forwstr, forwstr);
+ "if (is_indefinite%u) { if (len < 2) { e = ASN1_OVERRUN; %s; } len -= 2; }",
+ depth, tmpstr, forwstr, depth, forwstr);
else
fprintf(codefile,
"if (%s_datalen > len) { e = ASN1_OVERRUN; %s; }\n"
"len = %s_datalen;\n", tmpstr, forwstr, tmpstr);
if (asprintf (&tname, "%s_Tag", tmpstr) < 0 || tname == NULL)
errx(1, "malloc");
- decode_type (name, t->subtype, 0, forwstr, tname, ide);
+ decode_type (name, t->subtype, 0, forwstr, tname, ide, depth + 1);
if(support_ber)
fprintf(codefile,
- "if(is_indefinite){\n"
+ "if(is_indefinite%u){\n"
"len += 2;\n"
"e = der_match_tag_and_length(p, len, "
"(Der_class)0, &%s, UT_EndOfContent, "
@@ -538,6 +540,7 @@ decode_type (const char *name, const Type *t, int optional,
"p += l; len -= l; ret += l;\n"
"if (%s != (Der_type)0) { e = ASN1_BAD_ID; %s; }\n"
"} else \n",
+ depth,
typestring,
tmpstr,
forwstr,
@@ -584,7 +587,8 @@ decode_type (const char *name, const Type *t, int optional,
if (asprintf (&s, "%s(%s)->u.%s", m->optional ? "" : "&",
name, m->gen_name) < 0 || s == NULL)
errx(1, "malloc");
- decode_type (s, m->type, m->optional, forwstr, m->gen_name, NULL);
+ decode_type (s, m->type, m->optional, forwstr, m->gen_name, NULL,
+ depth + 1);
fprintf(codefile,
"(%s)->element = %s;\n",
name, m->label);
@@ -605,7 +609,7 @@ decode_type (const char *name, const Type *t, int optional,
"(%s)->element = %s;\n"
"p += len;\n"
"ret += len;\n"
- "len -= len;\n"
+ "len = 0;\n"
"}\n",
name, have_ellipsis->gen_name,
name, have_ellipsis->gen_name,
@@ -662,8 +666,8 @@ generate_type_decode (const Symbol *s)
int preserve = preserve_type(s->name) ? TRUE : FALSE;
fprintf (codefile, "int ASN1CALL\n"
- "decode_%s(const unsigned char *p,"
- " size_t len, %s *data, size_t *size)\n"
+ "decode_%s(const unsigned char *p HEIMDAL_UNUSED_ATTRIBUTE,"
+ " size_t len HEIMDAL_UNUSED_ATTRIBUTE, %s *data, size_t *size)\n"
"{\n",
s->gen_name, s->gen_name);
@@ -694,15 +698,15 @@ generate_type_decode (const Symbol *s)
case TChoice:
fprintf (codefile,
"size_t ret = 0;\n"
- "size_t l;\n"
- "int e;\n");
+ "size_t l HEIMDAL_UNUSED_ATTRIBUTE;\n"
+ "int e HEIMDAL_UNUSED_ATTRIBUTE;\n");
if (preserve)
fprintf (codefile, "const unsigned char *begin = p;\n");
fprintf (codefile, "\n");
fprintf (codefile, "memset(data, 0, sizeof(*data));\n"); /* hack to avoid `unused variable' */
- decode_type ("data", s->type, 0, "goto fail", "Top", NULL);
+ decode_type ("data", s->type, 0, "goto fail", "Top", NULL, 1);
if (preserve)
fprintf (codefile,
"data->_save.data = calloc(1, ret);\n"
diff --git a/source4/heimdal/lib/asn1/gen_encode.c b/source4/heimdal/lib/asn1/gen_encode.c
index 43f29c1fe1..1bd47484d8 100644
--- a/source4/heimdal/lib/asn1/gen_encode.c
+++ b/source4/heimdal/lib/asn1/gen_encode.c
@@ -274,7 +274,7 @@ encode_type (const char *name, const Type *t, const char *tmpstr)
else if(m->defval)
gen_compare_defval(s + 1, m->defval);
fprintf (codefile, "{\n");
- fprintf (codefile, "size_t %s_oldret = ret;\n", tmpstr);
+ fprintf (codefile, "size_t %s_oldret HEIMDAL_UNUSED_ATTRIBUTE = ret;\n", tmpstr);
fprintf (codefile, "ret = 0;\n");
encode_type (s, m->type, m->gen_name);
fprintf (codefile, "ret += %s_oldret;\n", tmpstr);
@@ -302,7 +302,7 @@ encode_type (const char *name, const Type *t, const char *tmpstr)
name, name);
fprintf(codefile,
- "for(i = 0; i < (%s)->len; i++) {\n",
+ "for(i = 0; i < (int)(%s)->len; i++) {\n",
name);
fprintf(codefile,
@@ -326,7 +326,7 @@ encode_type (const char *name, const Type *t, const char *tmpstr)
fprintf(codefile,
"if (totallen > len) {\n"
- "for (i = 0; i < (%s)->len; i++) {\n"
+ "for (i = 0; i < (int)(%s)->len; i++) {\n"
"free(val[i].data);\n"
"}\n"
"free(val);\n"
@@ -339,7 +339,7 @@ encode_type (const char *name, const Type *t, const char *tmpstr)
name);
fprintf (codefile,
- "for(i = (%s)->len - 1; i >= 0; --i) {\n"
+ "for(i = (int)(%s)->len - 1; i >= 0; --i) {\n"
"p -= val[i].length;\n"
"ret += val[i].length;\n"
"memcpy(p + 1, val[i].data, val[i].length);\n"
@@ -355,7 +355,7 @@ encode_type (const char *name, const Type *t, const char *tmpstr)
char *n = NULL;
fprintf (codefile,
- "for(i = (%s)->len - 1; i >= 0; --i) {\n"
+ "for(i = (int)(%s)->len - 1; i >= 0; --i) {\n"
"size_t %s_for_oldret = ret;\n"
"ret = 0;\n",
name, tmpstr);
@@ -503,7 +503,7 @@ void
generate_type_encode (const Symbol *s)
{
fprintf (codefile, "int ASN1CALL\n"
- "encode_%s(unsigned char *p, size_t len,"
+ "encode_%s(unsigned char *p HEIMDAL_UNUSED_ATTRIBUTE, size_t len HEIMDAL_UNUSED_ATTRIBUTE,"
" const %s *data, size_t *size)\n"
"{\n",
s->gen_name, s->gen_name);
@@ -534,10 +534,9 @@ generate_type_encode (const Symbol *s)
case TType:
case TChoice:
fprintf (codefile,
- "size_t ret = 0;\n"
- "size_t l;\n"
- "int i, e;\n\n");
- fprintf(codefile, "i = 0;\n"); /* hack to avoid `unused variable' */
+ "size_t ret HEIMDAL_UNUSED_ATTRIBUTE = 0;\n"
+ "size_t l HEIMDAL_UNUSED_ATTRIBUTE;\n"
+ "int i HEIMDAL_UNUSED_ATTRIBUTE, e HEIMDAL_UNUSED_ATTRIBUTE;\n\n");
encode_type("data", s->type, "Top");
diff --git a/source4/heimdal/lib/asn1/gen_free.c b/source4/heimdal/lib/asn1/gen_free.c
index 7c88751c32..b9cae7533b 100644
--- a/source4/heimdal/lib/asn1/gen_free.c
+++ b/source4/heimdal/lib/asn1/gen_free.c
@@ -179,12 +179,12 @@ void
generate_type_free (const Symbol *s)
{
int preserve = preserve_type(s->name) ? TRUE : FALSE;
-
+
fprintf (codefile, "void ASN1CALL\n"
"free_%s(%s *data)\n"
"{\n",
s->gen_name, s->gen_name);
-
+
free_type ("data", s->type, preserve);
fprintf (codefile, "}\n\n");
}
diff --git a/source4/heimdal/lib/asn1/gen_template.c b/source4/heimdal/lib/asn1/gen_template.c
index 791fb910f9..edd68e1223 100644
--- a/source4/heimdal/lib/asn1/gen_template.c
+++ b/source4/heimdal/lib/asn1/gen_template.c
@@ -342,7 +342,7 @@ tlist_cmp(const struct tlist *tl, const struct tlist *ql)
ret = strcmp(tl->header, ql->header);
if (ret) return ret;
-
+
q = ASN1_TAILQ_FIRST(&ql->template);
ASN1_TAILQ_FOREACH(t, &tl->template, members) {
if (q == NULL) return 1;
@@ -353,7 +353,7 @@ tlist_cmp(const struct tlist *tl, const struct tlist *ql)
} else {
ret = strcmp(t->tt, q->tt);
if (ret) return ret;
-
+
ret = strcmp(t->offset, q->offset);
if (ret) return ret;
@@ -479,12 +479,12 @@ template_members(struct templatehead *temp, const char *basetype, const char *na
optional ? "|A1_FLAG_OPTIONAL" : "",
poffset, t->symbol->gen_name);
} else {
- add_line_pointer(temp, t->symbol->gen_name, poffset,
+ add_line_pointer(temp, t->symbol->gen_name, poffset,
"A1_OP_TYPE %s", optional ? "|A1_FLAG_OPTIONAL" : "");
}
break;
case TInteger: {
- char *itype;
+ char *itype = NULL;
if (t->members)
itype = "IMEMBER";
@@ -499,7 +499,7 @@ template_members(struct templatehead *temp, const char *basetype, const char *na
else
errx(1, "%s: unsupported range %d -> %d",
name, t->range->min, t->range->max);
-
+
add_line(temp, "{ A1_PARSE_T(A1T_%s), %s, NULL }", itype, poffset);
break;
}
@@ -557,7 +557,7 @@ template_members(struct templatehead *temp, const char *basetype, const char *na
break;
}
- if (asprintf(&bname, "bmember_%s_%lu", name ? name : "", (unsigned long)t) < 0 || bname == NULL)
+ if (asprintf(&bname, "bmember_%s_%p", name ? name : "", t) < 0 || bname == NULL)
errx(1, "malloc");
output_name(bname);
@@ -591,7 +591,7 @@ template_members(struct templatehead *temp, const char *basetype, const char *na
ASN1_TAILQ_FOREACH(m, t->members, members) {
char *newbasename = NULL;
-
+
if (m->ellipsis)
continue;
@@ -620,7 +620,7 @@ template_members(struct templatehead *temp, const char *basetype, const char *na
else
sename = symbol_name(basetype, t->subtype);
- if (asprintf(&tname, "tag_%s_%lu", name ? name : "", (unsigned long)t) < 0 || tname == NULL)
+ if (asprintf(&tname, "tag_%s_%p", name ? name : "", t) < 0 || tname == NULL)
errx(1, "malloc");
output_name(tname);
@@ -644,7 +644,7 @@ template_members(struct templatehead *temp, const char *basetype, const char *na
}
case TSetOf:
case TSequenceOf: {
- const char *type, *tname, *dupname;
+ const char *type = NULL, *tname, *dupname;
char *sename = NULL, *elname = NULL;
int subtype_is_struct = is_struct(t->subtype, 0);
@@ -670,7 +670,7 @@ template_members(struct templatehead *temp, const char *basetype, const char *na
else if (t->type == TSequenceOf) type = "A1_OP_SEQOF";
else abort();
- if (asprintf(&elname, "%s_%s_%lu", basetype, tname, (unsigned long)t) < 0 || elname == NULL)
+ if (asprintf(&elname, "%s_%s_%p", basetype, tname, t) < 0 || elname == NULL)
errx(1, "malloc");
generate_template_type(elname, &dupname, NULL, sename, NULL, t->subtype,
@@ -699,7 +699,7 @@ template_members(struct templatehead *temp, const char *basetype, const char *na
char *elname = NULL;
char *newbasename = NULL;
int subtype_is_struct;
-
+
if (m->ellipsis) {
ellipsis = 1;
continue;
diff --git a/source4/heimdal/lib/asn1/krb5.asn1 b/source4/heimdal/lib/asn1/krb5.asn1
index 78cb5a3b84..02fab7a3a6 100644
--- a/source4/heimdal/lib/asn1/krb5.asn1
+++ b/source4/heimdal/lib/asn1/krb5.asn1
@@ -221,32 +221,32 @@ CKSUMTYPE ::= INTEGER {
--enctypes
ENCTYPE ::= INTEGER {
- ETYPE_NULL(0),
- ETYPE_DES_CBC_CRC(1),
- ETYPE_DES_CBC_MD4(2),
- ETYPE_DES_CBC_MD5(3),
- ETYPE_DES3_CBC_MD5(5),
- ETYPE_OLD_DES3_CBC_SHA1(7),
- ETYPE_SIGN_DSA_GENERATE(8),
- ETYPE_ENCRYPT_RSA_PRIV(9),
- ETYPE_ENCRYPT_RSA_PUB(10),
- ETYPE_DES3_CBC_SHA1(16), -- with key derivation
- ETYPE_AES128_CTS_HMAC_SHA1_96(17),
- ETYPE_AES256_CTS_HMAC_SHA1_96(18),
- ETYPE_ARCFOUR_HMAC_MD5(23),
- ETYPE_ARCFOUR_HMAC_MD5_56(24),
- ETYPE_ENCTYPE_PK_CROSS(48),
+ KRB5_ENCTYPE_NULL(0),
+ KRB5_ENCTYPE_DES_CBC_CRC(1),
+ KRB5_ENCTYPE_DES_CBC_MD4(2),
+ KRB5_ENCTYPE_DES_CBC_MD5(3),
+ KRB5_ENCTYPE_DES3_CBC_MD5(5),
+ KRB5_ENCTYPE_OLD_DES3_CBC_SHA1(7),
+ KRB5_ENCTYPE_SIGN_DSA_GENERATE(8),
+ KRB5_ENCTYPE_ENCRYPT_RSA_PRIV(9),
+ KRB5_ENCTYPE_ENCRYPT_RSA_PUB(10),
+ KRB5_ENCTYPE_DES3_CBC_SHA1(16), -- with key derivation
+ KRB5_ENCTYPE_AES128_CTS_HMAC_SHA1_96(17),
+ KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96(18),
+ KRB5_ENCTYPE_ARCFOUR_HMAC_MD5(23),
+ KRB5_ENCTYPE_ARCFOUR_HMAC_MD5_56(24),
+ KRB5_ENCTYPE_ENCTYPE_PK_CROSS(48),
-- some "old" windows types
- ETYPE_ARCFOUR_MD4(-128),
- ETYPE_ARCFOUR_HMAC_OLD(-133),
- ETYPE_ARCFOUR_HMAC_OLD_EXP(-135),
+ KRB5_ENCTYPE_ARCFOUR_MD4(-128),
+ KRB5_ENCTYPE_ARCFOUR_HMAC_OLD(-133),
+ KRB5_ENCTYPE_ARCFOUR_HMAC_OLD_EXP(-135),
-- these are for Heimdal internal use
- ETYPE_DES_CBC_NONE(-0x1000),
- ETYPE_DES3_CBC_NONE(-0x1001),
- ETYPE_DES_CFB64_NONE(-0x1002),
- ETYPE_DES_PCBC_NONE(-0x1003),
- ETYPE_DIGEST_MD5_NONE(-0x1004), -- private use, lukeh@padl.com
- ETYPE_CRAM_MD5_NONE(-0x1005) -- private use, lukeh@padl.com
+ KRB5_ENCTYPE_DES_CBC_NONE(-0x1000),
+ KRB5_ENCTYPE_DES3_CBC_NONE(-0x1001),
+ KRB5_ENCTYPE_DES_CFB64_NONE(-0x1002),
+ KRB5_ENCTYPE_DES_PCBC_NONE(-0x1003),
+ KRB5_ENCTYPE_DIGEST_MD5_NONE(-0x1004), -- private use, lukeh@padl.com
+ KRB5_ENCTYPE_CRAM_MD5_NONE(-0x1005) -- private use, lukeh@padl.com
}
@@ -625,7 +625,7 @@ ChangePasswdDataMS ::= SEQUENCE {
targrealm[2] Realm OPTIONAL
}
-EtypeList ::= SEQUENCE OF krb5int32
+EtypeList ::= SEQUENCE OF ENCTYPE
-- the client's proposed enctype list in
-- decreasing preference order, favorite choice first
diff --git a/source4/heimdal/lib/asn1/lex.c b/source4/heimdal/lib/asn1/lex.c
index 12c71b7e2e..e8d9f38eaa 100644
--- a/source4/heimdal/lib/asn1/lex.c
+++ b/source4/heimdal/lib/asn1/lex.c
@@ -1626,7 +1626,7 @@ YY_RULE_SETUP
char *p = buf;
int f = 0;
int skip_ws = 0;
-
+
while((c = input()) != EOF) {
if(isspace(c) && skip_ws) {
if(c == '\n')
@@ -1634,7 +1634,7 @@ YY_RULE_SETUP
continue;
}
skip_ws = 0;
-
+
if(c == '"') {
if(f) {
*p++ = '"';
diff --git a/source4/heimdal/lib/asn1/lex.l b/source4/heimdal/lib/asn1/lex.l
index dece096164..2d32020266 100644
--- a/source4/heimdal/lib/asn1/lex.l
+++ b/source4/heimdal/lib/asn1/lex.l
@@ -216,7 +216,7 @@ WITH { return kw_WITH; }
char *p = buf;
int f = 0;
int skip_ws = 0;
-
+
while((c = input()) != EOF) {
if(isspace(c) && skip_ws) {
if(c == '\n')
@@ -224,7 +224,7 @@ WITH { return kw_WITH; }
continue;
}
skip_ws = 0;
-
+
if(c == '"') {
if(f) {
*p++ = '"';
diff --git a/source4/heimdal/lib/asn1/main.c b/source4/heimdal/lib/asn1/main.c
index a99e69d0f9..f22dc8792c 100644
--- a/source4/heimdal/lib/asn1/main.c
+++ b/source4/heimdal/lib/asn1/main.c
@@ -202,6 +202,6 @@ main(int argc, char **argv)
free(arg[i]);
free(arg);
}
-
+
return 0;
}
diff --git a/source4/heimdal/lib/asn1/test.asn1 b/source4/heimdal/lib/asn1/test.asn1
index e3c72ac76e..89154e337c 100644
--- a/source4/heimdal/lib/asn1/test.asn1
+++ b/source4/heimdal/lib/asn1/test.asn1
@@ -132,4 +132,7 @@ TESTBitString ::= BIT STRING {
thirtyone(31)
}
+TESTMechType::= OBJECT IDENTIFIER
+TESTMechTypeList ::= SEQUENCE OF TESTMechType
+
END
diff --git a/source4/heimdal/lib/asn1/timegm.c b/source4/heimdal/lib/asn1/timegm.c
index b569478413..d9f4adbd55 100644
--- a/source4/heimdal/lib/asn1/timegm.c
+++ b/source4/heimdal/lib/asn1/timegm.c
@@ -33,7 +33,7 @@
#include "der_locl.h"
-RCSID("$Id$");
+#define ASN1_MAX_YEAR 2000
static int
is_leap(unsigned y)
@@ -56,13 +56,19 @@ time_t
_der_timegm (struct tm *tm)
{
time_t res = 0;
- unsigned i;
+ int i;
+
+ /*
+ * See comment in _der_gmtime
+ */
+ if (tm->tm_year > ASN1_MAX_YEAR)
+ return 0;
if (tm->tm_year < 0)
return -1;
if (tm->tm_mon < 0 || tm->tm_mon > 11)
return -1;
- if (tm->tm_mday < 1 || tm->tm_mday > ndays[is_leap(tm->tm_year)][tm->tm_mon])
+ if (tm->tm_mday < 1 || tm->tm_mday > (int)ndays[is_leap(tm->tm_year)][tm->tm_mon])
return -1;
if (tm->tm_hour < 0 || tm->tm_hour > 23)
return -1;
@@ -98,6 +104,15 @@ _der_gmtime(time_t t, struct tm *tm)
tm->tm_min = (secday % 3600) / 60;
tm->tm_hour = secday / 3600;
+ /*
+ * Refuse to calculate time ~ 2000 years into the future, this is
+ * not possible for systems where time_t is a int32_t, however,
+ * when time_t is a int64_t, that can happen, and this becomes a
+ * denial of sevice.
+ */
+ if (days > (ASN1_MAX_YEAR * 365))
+ return NULL;
+
tm->tm_year = 70;
while(1) {
unsigned dayinyear = (is_leap(tm->tm_year) ? 366 : 365);
diff --git a/source4/heimdal/lib/com_err/compile_et.c b/source4/heimdal/lib/com_err/compile_et.c
index 11beaeba4b..c72abdecc8 100644
--- a/source4/heimdal/lib/com_err/compile_et.c
+++ b/source4/heimdal/lib/com_err/compile_et.c
@@ -93,7 +93,7 @@ generate_c(void)
fprintf(c_file, "\t/* %03d */ \"Reserved %s error (%d)\",\n",
n, name, n);
n++;
-
+
}
fprintf(c_file, "\t/* %03d */ N_(\"%s\"),\n",
ec->number, ec->string);
@@ -220,7 +220,7 @@ main(int argc, char **argv)
yyin = fopen(filename, "r");
if(yyin == NULL)
err(1, "%s", filename);
-
+
p = strrchr(filename, rk_PATH_DELIM);
if(p)
diff --git a/source4/heimdal/lib/com_err/error.c b/source4/heimdal/lib/com_err/error.c
index 0e49a94104..6864e870a4 100644
--- a/source4/heimdal/lib/com_err/error.c
+++ b/source4/heimdal/lib/com_err/error.c
@@ -101,7 +101,7 @@ initialize_error_table_r(struct et_list **list,
et->next = NULL;
*end = et;
}
-
+
KRB5_LIB_FUNCTION void KRB5_LIB_CALL
free_error_table(struct et_list *et)
diff --git a/source4/heimdal/lib/com_err/parse.c b/source4/heimdal/lib/com_err/parse.c
index 1c104812b7..cb770a3a6e 100644
--- a/source4/heimdal/lib/com_err/parse.c
+++ b/source4/heimdal/lib/com_err/parse.c
@@ -1465,7 +1465,7 @@ yyreduce:
#line 118 "parse.c"
{
struct error_code *ec = malloc(sizeof(*ec));
-
+
if (ec == NULL)
errx(1, "malloc");
diff --git a/source4/heimdal/lib/com_err/parse.y b/source4/heimdal/lib/com_err/parse.y
index 194965c349..0c2e5084b5 100644
--- a/source4/heimdal/lib/com_err/parse.y
+++ b/source4/heimdal/lib/com_err/parse.y
@@ -117,7 +117,7 @@ statement : INDEX NUMBER
| EC STRING ',' STRING
{
struct error_code *ec = malloc(sizeof(*ec));
-
+
if (ec == NULL)
errx(1, "malloc");
diff --git a/source4/heimdal/lib/gssapi/gssapi/gssapi.h b/source4/heimdal/lib/gssapi/gssapi/gssapi.h
index caa1af8b3a..fa53a29d24 100644
--- a/source4/heimdal/lib/gssapi/gssapi/gssapi.h
+++ b/source4/heimdal/lib/gssapi/gssapi/gssapi.h
@@ -31,8 +31,6 @@
* SUCH DAMAGE.
*/
-/* $Id$ */
-
#ifndef GSSAPI_GSSAPI_H_
#define GSSAPI_GSSAPI_H_
@@ -55,13 +53,11 @@
#endif
#endif
-#ifndef GSSAPI_DEPRECATED
+#ifndef GSSAPI_DEPRECATED_FUNCTION
#if defined(__GNUC__) && ((__GNUC__ > 3) || ((__GNUC__ == 3) && (__GNUC_MINOR__ >= 1 )))
-#define GSSAPI_DEPRECATED __attribute__((deprecated))
-#elif defined(_MSC_VER)
-#define GSSAPI_DEPRECATED __declspec(deprecated)
+#define GSSAPI_DEPRECATED_FUNCTION(X) __attribute__((deprecated))
#else
-#define GSSAPI_DEPRECATED
+#define GSSAPI_DEPRECATED_FUNCTION(X)
#endif
#endif
@@ -375,7 +371,7 @@ extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_nt_anonymous_oid_desc;
* to that gss_OID_desc.
*/
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_nt_export_name_oid_desc;
-#define GSS_C_NT_EXPORT_NAME (&__gss_c_nt_export_name_oid_desc)
+#define GSS_C_NT_EXPORT_NAME (&__gss_c_nt_export_name_oid_desc)
/* Major status codes */
@@ -447,6 +443,11 @@ extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_nt_export_name_oid_desc;
#define GSS_S_BAD_MECH_ATTR (19ul << GSS_C_ROUTINE_ERROR_OFFSET)
/*
+ * Apparently awating spec fix.
+ */
+#define GSS_S_CRED_UNAVAIL GSS_S_FAILURE
+
+/*
* Supplementary info bits:
*/
#define GSS_S_CONTINUE_NEEDED (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 0))
@@ -459,6 +460,9 @@ extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_nt_export_name_oid_desc;
* Finally, function prototypes for the GSS-API routines.
*/
+#define GSS_C_OPTION_MASK 0xffff
+#define GSS_C_CRED_NO_UI 0x10000
+
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_acquire_cred
(OM_uint32 * /*minor_status*/,
const gss_name_t /*desired_name*/,
@@ -827,7 +831,7 @@ typedef struct {
size_t blocksize; /**< Specificed optimal size of messages, also
is the maximum padding size
(GSS_IOV_BUFFER_TYPE_PADDING) */
-} gss_context_stream_sizes;
+} gss_context_stream_sizes;
extern gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_attr_stream_sizes_oid_desc;
#define GSS_C_ATTR_STREAM_SIZES (&__gss_c_attr_stream_sizes_oid_desc)
@@ -850,23 +854,23 @@ gss_context_query_attributes(OM_uint32 * /* minor_status */,
* obsolete versions of these routines and their current forms.
*/
-GSSAPI_DEPRECATED GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_sign
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_sign
(OM_uint32 * /*minor_status*/,
gss_ctx_id_t /*context_handle*/,
int /*qop_req*/,
gss_buffer_t /*message_buffer*/,
gss_buffer_t /*message_token*/
- );
+ ) GSSAPI_DEPRECATED_FUNCTION("Use gss_get_mic");
-GSSAPI_DEPRECATED GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_verify
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_verify
(OM_uint32 * /*minor_status*/,
gss_ctx_id_t /*context_handle*/,
gss_buffer_t /*message_buffer*/,
gss_buffer_t /*token_buffer*/,
int * /*qop_state*/
- );
+ ) GSSAPI_DEPRECATED_FUNCTION("Use gss_verify_mic");
-GSSAPI_DEPRECATED GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_seal
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_seal
(OM_uint32 * /*minor_status*/,
gss_ctx_id_t /*context_handle*/,
int /*conf_req_flag*/,
@@ -874,29 +878,29 @@ GSSAPI_DEPRECATED GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_seal
gss_buffer_t /*input_message_buffer*/,
int * /*conf_state*/,
gss_buffer_t /*output_message_buffer*/
- );
+ ) GSSAPI_DEPRECATED_FUNCTION("Use gss_wrap");
-GSSAPI_DEPRECATED GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_unseal
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_unseal
(OM_uint32 * /*minor_status*/,
gss_ctx_id_t /*context_handle*/,
gss_buffer_t /*input_message_buffer*/,
gss_buffer_t /*output_message_buffer*/,
int * /*conf_state*/,
int * /*qop_state*/
- );
+ ) GSSAPI_DEPRECATED_FUNCTION("Use gss_unwrap");
/**
*
*/
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
-gss_encapsulate_token(const gss_buffer_t /* input_token */,
- const gss_OID /* oid */,
+gss_encapsulate_token(gss_const_buffer_t /* input_token */,
+ gss_const_OID /* oid */,
gss_buffer_t /* output_token */);
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
-gss_decapsulate_token(const gss_buffer_t /* input_token */,
- const gss_OID /* oid */,
+gss_decapsulate_token(gss_const_buffer_t /* input_token */,
+ gss_const_OID /* oid */,
gss_buffer_t /* output_token */);
@@ -990,6 +994,56 @@ gss_display_mech_attr(OM_uint32 * minor_status,
gss_buffer_t long_desc);
/*
+ * Solaris compat
+ */
+
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_acquire_cred_with_password
+ (OM_uint32 * /*minor_status*/,
+ const gss_name_t /*desired_name*/,
+ const gss_buffer_t /*password*/,
+ OM_uint32 /*time_req*/,
+ const gss_OID_set /*desired_mechs*/,
+ gss_cred_usage_t /*cred_usage*/,
+ gss_cred_id_t * /*output_cred_handle*/,
+ gss_OID_set * /*actual_mechs*/,
+ OM_uint32 * /*time_rec*/
+ );
+
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_add_cred_with_password (
+ OM_uint32 * /*minor_status*/,
+ const gss_cred_id_t /*input_cred_handle*/,
+ const gss_name_t /*desired_name*/,
+ const gss_OID /*desired_mech*/,
+ const gss_buffer_t /*password*/,
+ gss_cred_usage_t /*cred_usage*/,
+ OM_uint32 /*initiator_time_req*/,
+ OM_uint32 /*acceptor_time_req*/,
+ gss_cred_id_t * /*output_cred_handle*/,
+ gss_OID_set * /*actual_mechs*/,
+ OM_uint32 * /*initiator_time_rec*/,
+ OM_uint32 * /*acceptor_time_rec*/
+ );
+
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
+gss_pname_to_uid(
+ OM_uint32 *minor,
+ const gss_name_t name,
+ const gss_OID mech_type,
+ uid_t *uidOut);
+
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
+gss_authorize_localname(
+ OM_uint32 *minor,
+ const gss_name_t name,
+ const gss_name_t user);
+
+GSSAPI_LIB_FUNCTION int GSSAPI_LIB_CALL
+gss_userok(const gss_name_t name,
+ const char *user);
+
+extern GSSAPI_LIB_VARIABLE gss_buffer_t GSS_C_ATTR_LOCAL_LOGIN_USER;
+
+/*
* Naming extensions
*/
@@ -1051,4 +1105,6 @@ gss_name_to_oid(const char *name);
GSSAPI_CPP_END
+#undef GSSAPI_DEPRECATED_FUNCTION
+
#endif /* GSSAPI_GSSAPI_H_ */
diff --git a/source4/heimdal/lib/gssapi/gssapi/gssapi_oid.h b/source4/heimdal/lib/gssapi/gssapi/gssapi_oid.h
index e7b56dc7d4..9465efc77f 100644
--- a/source4/heimdal/lib/gssapi/gssapi/gssapi_oid.h
+++ b/source4/heimdal/lib/gssapi/gssapi/gssapi_oid.h
@@ -109,6 +109,13 @@ extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_mech_name_oid_desc;
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_mech_description_oid_desc;
#define GSS_C_MA_MECH_DESCRIPTION (&__gss_c_ma_mech_description_oid_desc)
+ /* credential types */
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_cred_password_oid_desc;
+#define GSS_C_CRED_PASSWORD (&__gss_c_cred_password_oid_desc)
+
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_cred_certificate_oid_desc;
+#define GSS_C_CRED_CERTIFICATE (&__gss_c_cred_certificate_oid_desc)
+
/* Heimdal mechanisms - 1.2.752.43.14 */
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_sasl_digest_md5_mechanism_oid_desc;
#define GSS_SASL_DIGEST_MD5_MECHANISM (&__gss_sasl_digest_md5_mechanism_oid_desc)
diff --git a/source4/heimdal/lib/gssapi/gssapi_mech.h b/source4/heimdal/lib/gssapi/gssapi_mech.h
index 1431dbcee6..e4ccfdb0cd 100644
--- a/source4/heimdal/lib/gssapi/gssapi_mech.h
+++ b/source4/heimdal/lib/gssapi/gssapi_mech.h
@@ -355,14 +355,14 @@ _gss_import_cred_t(OM_uint32 * minor_status,
typedef OM_uint32 GSSAPI_CALLCONV
-_gss_acquire_cred_ex_t(void * /* status */,
- const gss_name_t /* desired_name */,
- OM_uint32 /* flags */,
- OM_uint32 /* time_req */,
- gss_cred_usage_t /* cred_usage */,
- void * /* identity */,
- void * /* ctx */,
- void (* /*complete */)(void *, OM_uint32, void *, gss_cred_id_t, OM_uint32));
+_gss_acquire_cred_ext_t(OM_uint32 * /*minor_status */,
+ const gss_name_t /* desired_name */,
+ gss_const_OID /* credential_type */,
+ const void * /* credential_data */,
+ OM_uint32 /* time_req */,
+ gss_const_OID /* desired_mech */,
+ gss_cred_usage_t /* cred_usage */,
+ gss_cred_id_t * /* output_cred_handle */);
typedef void GSSAPI_CALLCONV
_gss_iter_creds_t(OM_uint32 /* flags */,
@@ -460,13 +460,28 @@ struct gss_mo_desc_struct {
int (*set)(gss_const_OID, gss_mo_desc *, int, gss_buffer_t);
};
+typedef OM_uint32 GSSAPI_CALLCONV _gss_pname_to_uid_t (
+ OM_uint32 *, /* minor_status */
+ const gss_name_t, /* name */
+ const gss_OID, /* mech_type */
+ uid_t * /* uidOut */
+ );
+
+typedef OM_uint32 GSSAPI_CALLCONV _gss_authorize_localname_t (
+ OM_uint32 *, /* minor_status */
+ const gss_name_t, /* name */
+ gss_const_buffer_t, /* user */
+ gss_const_OID /* user_name_type */
+ );
+
+/* mechglue internal */
+struct gss_mech_compat_desc_struct;
#define GMI_VERSION 5
/* gm_flags */
#define GM_USE_MG_CRED 1 /* uses mech glue credentials */
-
typedef struct gssapi_mech_interface_desc {
unsigned gm_version;
const char *gm_name;
@@ -512,7 +527,7 @@ typedef struct gssapi_mech_interface_desc {
_gss_store_cred_t *gm_store_cred;
_gss_export_cred_t *gm_export_cred;
_gss_import_cred_t *gm_import_cred;
- _gss_acquire_cred_ex_t *gm_acquire_cred_ex;
+ _gss_acquire_cred_ext_t *gm_acquire_cred_ext;
_gss_iter_creds_t *gm_iter_creds;
_gss_destroy_cred_t *gm_destroy_cred;
_gss_cred_hold_t *gm_cred_hold;
@@ -521,12 +536,15 @@ typedef struct gssapi_mech_interface_desc {
_gss_cred_label_set_t *gm_cred_label_set;
gss_mo_desc *gm_mo;
size_t gm_mo_num;
+ _gss_pname_to_uid_t *gm_pname_to_uid;
+ _gss_authorize_localname_t *gm_authorize_localname;
_gss_display_name_ext_t *gm_display_name_ext;
_gss_inquire_name_t *gm_inquire_name;
_gss_get_name_attribute_t *gm_get_name_attribute;
_gss_set_name_attribute_t *gm_set_name_attribute;
_gss_delete_name_attribute_t *gm_delete_name_attribute;
_gss_export_name_composite_t *gm_export_name_composite;
+ struct gss_mech_compat_desc_struct *gm_compat;
} gssapi_mech_interface_desc, *gssapi_mech_interface;
gssapi_mech_interface
@@ -552,4 +570,25 @@ struct _gss_oid_name_table {
extern struct _gss_oid_name_table _gss_ont_mech[];
extern struct _gss_oid_name_table _gss_ont_ma[];
+/*
+ * Extended credentials acqusition API, not to be exported until
+ * it or something equivalent has been standardised.
+ */
+extern gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_cred_password_oid_desc;
+#define GSS_C_CRED_PASSWORD (&__gss_c_cred_password_oid_desc)
+
+extern gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_cred_certificate_oid_desc;
+#define GSS_C_CRED_CERTIFICATE (&__gss_c_cred_certificate_oid_desc)
+
+OM_uint32 _gss_acquire_cred_ext
+ (OM_uint32 * /*minor_status*/,
+ const gss_name_t /*desired_name*/,
+ gss_const_OID /*credential_type*/,
+ const void * /*credential_data*/,
+ OM_uint32 /*time_req*/,
+ gss_const_OID /*desired_mech*/,
+ gss_cred_usage_t /*cred_usage*/,
+ gss_cred_id_t * /*output_cred_handle*/
+ );
+
#endif /* GSSAPI_MECH_H */
diff --git a/source4/heimdal/lib/gssapi/krb5/8003.c b/source4/heimdal/lib/gssapi/krb5/8003.c
index 65db343cad..d4555c5104 100644
--- a/source4/heimdal/lib/gssapi/krb5/8003.c
+++ b/source4/heimdal/lib/gssapi/krb5/8003.c
@@ -92,7 +92,7 @@ hash_input_chan_bindings (const gss_channel_bindings_t b,
_gsskrb5_encode_om_uint32 (b->acceptor_address.length, num);
EVP_DigestUpdate(ctx, num, sizeof(num));
if (b->acceptor_address.length)
- EVP_DigestUpdate(ctx,
+ EVP_DigestUpdate(ctx,
b->acceptor_address.value,
b->acceptor_address.length);
_gsskrb5_encode_om_uint32 (b->application_data.length, num);
diff --git a/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c b/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c
index a5e9d054c4..5a00e124c2 100644
--- a/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c
+++ b/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c
@@ -36,12 +36,32 @@
HEIMDAL_MUTEX gssapi_keytab_mutex = HEIMDAL_MUTEX_INITIALIZER;
krb5_keytab _gsskrb5_keytab;
+static krb5_error_code
+validate_keytab(krb5_context context, const char *name, krb5_keytab *id)
+{
+ krb5_error_code ret;
+
+ ret = krb5_kt_resolve(context, name, id);
+ if (ret)
+ return ret;
+
+ ret = krb5_kt_have_content(context, *id);
+ if (ret) {
+ krb5_kt_close(context, *id);
+ *id = NULL;
+ }
+
+ return ret;
+}
+
OM_uint32
-_gsskrb5_register_acceptor_identity (const char *identity)
+_gsskrb5_register_acceptor_identity(OM_uint32 *min_stat, const char *identity)
{
krb5_context context;
krb5_error_code ret;
+ *min_stat = 0;
+
ret = _gsskrb5_init(&context);
if(ret)
return GSS_S_FAILURE;
@@ -55,19 +75,29 @@ _gsskrb5_register_acceptor_identity (const char *identity)
if (identity == NULL) {
ret = krb5_kt_default(context, &_gsskrb5_keytab);
} else {
- char *p = NULL;
-
- ret = asprintf(&p, "FILE:%s", identity);
- if(ret < 0 || p == NULL) {
- HEIMDAL_MUTEX_unlock(&gssapi_keytab_mutex);
- return GSS_S_FAILURE;
+ /*
+ * First check if we can the keytab as is and if it has content...
+ */
+ ret = validate_keytab(context, identity, &_gsskrb5_keytab);
+ /*
+ * if it doesn't, lets prepend FILE: and try again
+ */
+ if (ret) {
+ char *p = NULL;
+ ret = asprintf(&p, "FILE:%s", identity);
+ if(ret < 0 || p == NULL) {
+ HEIMDAL_MUTEX_unlock(&gssapi_keytab_mutex);
+ return GSS_S_FAILURE;
+ }
+ ret = validate_keytab(context, p, &_gsskrb5_keytab);
+ free(p);
}
- ret = krb5_kt_resolve(context, p, &_gsskrb5_keytab);
- free(p);
}
HEIMDAL_MUTEX_unlock(&gssapi_keytab_mutex);
- if(ret)
+ if(ret) {
+ *min_stat = ret;
return GSS_S_FAILURE;
+ }
return GSS_S_COMPLETE;
}
@@ -93,7 +123,7 @@ _gsskrb5i_is_cfx(krb5_context context, gsskrb5_ctx ctx, int acceptor)
if (key == NULL)
return;
-
+
switch (key->keytype) {
case ETYPE_DES_CBC_CRC:
case ETYPE_DES_CBC_MD4:
@@ -171,7 +201,7 @@ gsskrb5_accept_delegated_token
if (delegated_cred_handle) {
gsskrb5_cred handle;
-
+
ret = _gsskrb5_krb5_import_cred(minor_status,
ccache,
NULL,
@@ -541,10 +571,10 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status,
if(ctx->flags & GSS_C_MUTUAL_FLAG) {
krb5_data outbuf;
int use_subkey = 0;
-
+
_gsskrb5i_is_cfx(context, ctx, 1);
is_cfx = (ctx->more_flags & IS_CFX);
-
+
if (is_cfx || (ap_options & AP_OPTS_USE_SUBKEY)) {
use_subkey = 1;
} else {
@@ -572,7 +602,7 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status,
KRB5_AUTH_CONTEXT_USE_SUBKEY,
NULL);
}
-
+
kret = krb5_mk_rep(context,
ctx->auth_context,
&outbuf);
@@ -580,7 +610,7 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status,
*minor_status = kret;
return GSS_S_FAILURE;
}
-
+
if (IS_DCE_STYLE(ctx)) {
output_token->length = outbuf.length;
output_token->value = outbuf.data;
@@ -659,7 +689,7 @@ acceptor_wait_for_dcestyle(OM_uint32 * minor_status,
krb5_error_code kret;
krb5_data inbuf;
int32_t r_seq_number, l_seq_number;
-
+
/*
* We know it's GSS_C_DCE_STYLE so we don't need to decapsulate the AP_REP
*/
@@ -706,7 +736,7 @@ acceptor_wait_for_dcestyle(OM_uint32 * minor_status,
{
krb5_ap_rep_enc_part *repl;
int32_t auth_flags;
-
+
krb5_auth_con_removeflags(context,
ctx->auth_context,
KRB5_AUTH_CONTEXT_DO_TIME,
@@ -735,7 +765,7 @@ acceptor_wait_for_dcestyle(OM_uint32 * minor_status,
if (lifetime_rec == 0) {
return GSS_S_CONTEXT_EXPIRED;
}
-
+
if (time_rec) *time_rec = lifetime_rec;
}
@@ -793,7 +823,7 @@ acceptor_wait_for_dcestyle(OM_uint32 * minor_status,
{
kret = krb5_auth_con_setremoteseqnumber(context,
ctx->auth_context,
- r_seq_number);
+ r_seq_number);
if (kret) {
*minor_status = kret;
return GSS_S_FAILURE;
diff --git a/source4/heimdal/lib/gssapi/krb5/acquire_cred.c b/source4/heimdal/lib/gssapi/krb5/acquire_cred.c
index d0042e874b..0f1f5f81cf 100644
--- a/source4/heimdal/lib/gssapi/krb5/acquire_cred.c
+++ b/source4/heimdal/lib/gssapi/krb5/acquire_cred.c
@@ -46,7 +46,7 @@ __gsskrb5_ccache_lifetime(OM_uint32 *minor_status,
memset(&in_cred, 0, sizeof(in_cred));
in_cred.client = principal;
-
+
realm = krb5_principal_get_realm(context, principal);
if (realm == NULL) {
_gsskrb5_clear_status ();
@@ -81,17 +81,18 @@ __gsskrb5_ccache_lifetime(OM_uint32 *minor_status,
static krb5_error_code
get_keytab(krb5_context context, krb5_keytab *keytab)
{
- char kt_name[256];
krb5_error_code kret;
HEIMDAL_MUTEX_lock(&gssapi_keytab_mutex);
if (_gsskrb5_keytab != NULL) {
- kret = krb5_kt_get_name(context,
- _gsskrb5_keytab,
- kt_name, sizeof(kt_name));
- if (kret == 0)
- kret = krb5_kt_resolve(context, kt_name, keytab);
+ char *name = NULL;
+
+ kret = krb5_kt_get_full_name(context, _gsskrb5_keytab, &name);
+ if (kret == 0) {
+ kret = krb5_kt_resolve(context, name, keytab);
+ krb5_xfree(name);
+ }
} else
kret = krb5_kt_default(context, keytab);
@@ -103,13 +104,13 @@ get_keytab(krb5_context context, krb5_keytab *keytab)
static OM_uint32 acquire_initiator_cred
(OM_uint32 * minor_status,
krb5_context context,
+ gss_const_OID credential_type,
+ const void *credential_data,
const gss_name_t desired_name,
OM_uint32 time_req,
- const gss_OID_set desired_mechs,
+ gss_const_OID desired_mech,
gss_cred_usage_t cred_usage,
- gsskrb5_cred handle,
- gss_OID_set * actual_mechs,
- OM_uint32 * time_rec
+ gsskrb5_cred handle
)
{
OM_uint32 ret;
@@ -132,6 +133,12 @@ static OM_uint32 acquire_initiator_cred
* errors while searching.
*/
+ if (credential_type != GSS_C_NO_OID &&
+ !gss_oid_equal(credential_type, GSS_C_CRED_PASSWORD)) {
+ kret = KRB5_NOCREDS_SUPPLIED; /* XXX */
+ goto end;
+ }
+
if (handle->principal) {
kret = krb5_cc_cache_match (context,
handle->principal,
@@ -174,14 +181,29 @@ static OM_uint32 acquire_initiator_cred
if (kret)
goto end;
}
- kret = get_keytab(context, &keytab);
- if (kret)
- goto end;
kret = krb5_get_init_creds_opt_alloc(context, &opt);
if (kret)
goto end;
- kret = krb5_get_init_creds_keytab(context, &cred,
- handle->principal, keytab, 0, NULL, opt);
+ if (credential_type != GSS_C_NO_OID &&
+ gss_oid_equal(credential_type, GSS_C_CRED_PASSWORD)) {
+ gss_buffer_t password = (gss_buffer_t)credential_data;
+
+ /* XXX are we requiring password to be NUL terminated? */
+
+ kret = krb5_get_init_creds_password(context, &cred,
+ handle->principal,
+ password->value,
+ NULL, NULL, 0, NULL, opt);
+ } else {
+ kret = get_keytab(context, &keytab);
+ if (kret) {
+ krb5_get_init_creds_opt_free(context, opt);
+ goto end;
+ }
+ kret = krb5_get_init_creds_keytab(context, &cred,
+ handle->principal, keytab,
+ 0, NULL, opt);
+ }
krb5_get_init_creds_opt_free(context, opt);
if (kret)
goto end;
@@ -233,19 +255,25 @@ end:
static OM_uint32 acquire_acceptor_cred
(OM_uint32 * minor_status,
krb5_context context,
+ gss_const_OID credential_type,
+ const void *credential_data,
const gss_name_t desired_name,
OM_uint32 time_req,
- const gss_OID_set desired_mechs,
+ gss_const_OID desired_mech,
gss_cred_usage_t cred_usage,
- gsskrb5_cred handle,
- gss_OID_set * actual_mechs,
- OM_uint32 * time_rec
+ gsskrb5_cred handle
)
{
OM_uint32 ret;
krb5_error_code kret;
ret = GSS_S_FAILURE;
+
+ if (credential_type != GSS_C_NO_OID) {
+ kret = EINVAL;
+ goto end;
+ }
+
kret = get_keytab(context, &handle->keytab);
if (kret)
goto end;
@@ -299,23 +327,8 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_acquire_cred
OM_uint32 * time_rec
)
{
- krb5_context context;
- gsskrb5_cred handle;
OM_uint32 ret;
- if (cred_usage != GSS_C_ACCEPT && cred_usage != GSS_C_INITIATE && cred_usage != GSS_C_BOTH) {
- *minor_status = GSS_KRB5_S_G_BAD_USAGE;
- return GSS_S_FAILURE;
- }
-
- GSSAPI_KRB5_INIT(&context);
-
- *output_cred_handle = NULL;
- if (time_rec)
- *time_rec = 0;
- if (actual_mechs)
- *actual_mechs = GSS_C_NO_OID_SET;
-
if (desired_mechs) {
int present = 0;
@@ -329,6 +342,54 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_acquire_cred
}
}
+ ret = _gsskrb5_acquire_cred_ext(minor_status,
+ desired_name,
+ GSS_C_NO_OID,
+ NULL,
+ time_req,
+ GSS_KRB5_MECHANISM,
+ cred_usage,
+ output_cred_handle);
+ if (ret)
+ return ret;
+
+
+ ret = _gsskrb5_inquire_cred(minor_status, *output_cred_handle,
+ NULL, time_rec, NULL, actual_mechs);
+ if (ret) {
+ OM_uint32 tmp;
+ _gsskrb5_release_cred(&tmp, output_cred_handle);
+ }
+
+ return ret;
+}
+
+OM_uint32 GSSAPI_CALLCONV _gsskrb5_acquire_cred_ext
+(OM_uint32 * minor_status,
+ const gss_name_t desired_name,
+ gss_const_OID credential_type,
+ const void *credential_data,
+ OM_uint32 time_req,
+ gss_const_OID desired_mech,
+ gss_cred_usage_t cred_usage,
+ gss_cred_id_t * output_cred_handle
+ )
+{
+ krb5_context context;
+ gsskrb5_cred handle;
+ OM_uint32 ret;
+
+ cred_usage &= GSS_C_OPTION_MASK;
+
+ if (cred_usage != GSS_C_ACCEPT && cred_usage != GSS_C_INITIATE && cred_usage != GSS_C_BOTH) {
+ *minor_status = GSS_KRB5_S_G_BAD_USAGE;
+ return GSS_S_FAILURE;
+ }
+
+ GSSAPI_KRB5_INIT(&context);
+
+ *output_cred_handle = NULL;
+
handle = calloc(1, sizeof(*handle));
if (handle == NULL) {
*minor_status = ENOMEM;
@@ -338,7 +399,6 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_acquire_cred
HEIMDAL_MUTEX_init(&handle->cred_id_mutex);
if (desired_name != GSS_C_NO_NAME) {
-
ret = _gsskrb5_canon_name(minor_status, context, 1, NULL,
desired_name, &handle->principal);
if (ret) {
@@ -349,9 +409,9 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_acquire_cred
}
if (cred_usage == GSS_C_INITIATE || cred_usage == GSS_C_BOTH) {
ret = acquire_initiator_cred(minor_status, context,
+ credential_type, credential_data,
desired_name, time_req,
- desired_mechs, cred_usage, handle,
- actual_mechs, time_rec);
+ desired_mech, cred_usage, handle);
if (ret != GSS_S_COMPLETE) {
HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex);
krb5_free_principal(context, handle->principal);
@@ -361,8 +421,9 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_acquire_cred
}
if (cred_usage == GSS_C_ACCEPT || cred_usage == GSS_C_BOTH) {
ret = acquire_acceptor_cred(minor_status, context,
+ credential_type, credential_data,
desired_name, time_req,
- desired_mechs, cred_usage, handle, actual_mechs, time_rec);
+ desired_mech, cred_usage, handle);
if (ret != GSS_S_COMPLETE) {
HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex);
krb5_free_principal(context, handle->principal);
@@ -374,9 +435,6 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_acquire_cred
if (ret == GSS_S_COMPLETE)
ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM,
&handle->mechanisms);
- if (ret == GSS_S_COMPLETE)
- ret = _gsskrb5_inquire_cred(minor_status, (gss_cred_id_t)handle,
- NULL, time_rec, NULL, actual_mechs);
if (ret != GSS_S_COMPLETE) {
if (handle->mechanisms != NULL)
gss_release_oid_set(NULL, &handle->mechanisms);
@@ -385,17 +443,8 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_acquire_cred
free(handle);
return (ret);
}
- *minor_status = 0;
- if (time_rec) {
- ret = _gsskrb5_lifetime_left(minor_status,
- context,
- handle->lifetime,
- time_rec);
-
- if (ret)
- return ret;
- }
handle->usage = cred_usage;
+ *minor_status = 0;
*output_cred_handle = (gss_cred_id_t)handle;
return (GSS_S_COMPLETE);
}
diff --git a/source4/heimdal/lib/gssapi/krb5/add_cred.c b/source4/heimdal/lib/gssapi/krb5/add_cred.c
index a326613edd..00cf55f62d 100644
--- a/source4/heimdal/lib/gssapi/krb5/add_cred.c
+++ b/source4/heimdal/lib/gssapi/krb5/add_cred.c
@@ -81,7 +81,7 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_add_cred (
return(GSS_S_FAILURE);
}
}
-
+
/* check that we have the same name */
if (dname != NULL &&
krb5_principal_compare(context, dname,
@@ -110,7 +110,7 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_add_cred (
handle->ccache = NULL;
handle->mechanisms = NULL;
HEIMDAL_MUTEX_init(&handle->cred_id_mutex);
-
+
ret = GSS_S_FAILURE;
kret = krb5_copy_principal(context, cred->principal,
@@ -123,23 +123,11 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_add_cred (
}
if (cred->keytab) {
- char name[KRB5_KT_PREFIX_MAX_LEN + MAXPATHLEN];
- int len;
-
- ret = GSS_S_FAILURE;
+ char *name = NULL;
- kret = krb5_kt_get_type(context, cred->keytab,
- name, KRB5_KT_PREFIX_MAX_LEN);
- if (kret) {
- *minor_status = kret;
- goto failure;
- }
- len = strlen(name);
- name[len++] = ':';
+ ret = GSS_S_FAILURE;
- kret = krb5_kt_get_name(context, cred->keytab,
- name + len,
- sizeof(name) - len);
+ kret = krb5_kt_get_full_name(context, cred->keytab, &name);
if (kret) {
*minor_status = kret;
goto failure;
@@ -147,6 +135,7 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_add_cred (
kret = krb5_kt_resolve(context, name,
&handle->keytab);
+ krb5_xfree(name);
if (kret){
*minor_status = kret;
goto failure;
@@ -166,7 +155,7 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_add_cred (
}
if (strcmp(type, "MEMORY") == 0) {
- ret = krb5_cc_new_unique(context, type,
+ ret = krb5_cc_new_unique(context, type,
NULL, &handle->ccache);
if (ret) {
*minor_status = ret;
@@ -186,20 +175,20 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_add_cred (
*minor_status = ENOMEM;
goto failure;
}
-
+
kret = asprintf(&type_name, "%s:%s", type, name);
if (kret < 0 || type_name == NULL) {
*minor_status = ENOMEM;
goto failure;
}
-
+
kret = krb5_cc_resolve(context, type_name,
&handle->ccache);
free(type_name);
if (kret) {
*minor_status = kret;
goto failure;
- }
+ }
}
}
ret = gss_create_empty_oid_set(minor_status, &handle->mechanisms);
diff --git a/source4/heimdal/lib/gssapi/krb5/aeap.c b/source4/heimdal/lib/gssapi/krb5/aeap.c
index 040cd3ee76..47913e4aec 100644
--- a/source4/heimdal/lib/gssapi/krb5/aeap.c
+++ b/source4/heimdal/lib/gssapi/krb5/aeap.c
@@ -69,11 +69,11 @@ _gk_unwrap_iov(OM_uint32 *minor_status,
krb5_context context;
GSSAPI_KRB5_INIT (&context);
-
+
if (ctx->more_flags & IS_CFX)
return _gssapi_unwrap_cfx_iov(minor_status, ctx, context,
conf_state, qop_state, iov, iov_count);
-
+
return GSS_S_FAILURE;
}
@@ -88,13 +88,13 @@ _gk_wrap_iov_length(OM_uint32 * minor_status,
{
const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle;
krb5_context context;
-
+
GSSAPI_KRB5_INIT (&context);
-
+
if (ctx->more_flags & IS_CFX)
return _gssapi_wrap_iov_length_cfx(minor_status, ctx, context,
conf_req_flag, qop_req, conf_state,
iov, iov_count);
-
+
return GSS_S_FAILURE;
}
diff --git a/source4/heimdal/lib/gssapi/krb5/arcfour.c b/source4/heimdal/lib/gssapi/krb5/arcfour.c
index dc59e997bd..0264207e4a 100644
--- a/source4/heimdal/lib/gssapi/krb5/arcfour.c
+++ b/source4/heimdal/lib/gssapi/krb5/arcfour.c
@@ -255,7 +255,7 @@ _gssapi_verify_mic_arcfour(OM_uint32 * minor_status,
const gss_buffer_t token_buffer,
gss_qop_t * qop_state,
krb5_keyblock *key,
- char *type)
+ const char *type)
{
krb5_error_code ret;
uint32_t seq_number;
@@ -270,7 +270,7 @@ _gssapi_verify_mic_arcfour(OM_uint32 * minor_status,
p = token_buffer->value;
omret = _gsskrb5_verify_header (&p,
token_buffer->length,
- (u_char *)type,
+ type,
GSS_KRB5_MECHANISM);
if (omret)
return omret;
@@ -309,7 +309,7 @@ _gssapi_verify_mic_arcfour(OM_uint32 * minor_status,
{
EVP_CIPHER_CTX rc4_key;
-
+
EVP_CIPHER_CTX_init(&rc4_key);
EVP_CipherInit_ex(&rc4_key, EVP_rc4(), NULL, (void *)k6_data, NULL, 0);
EVP_Cipher(&rc4_key, SND_SEQ, p, 8);
@@ -462,7 +462,7 @@ _gssapi_wrap_arcfour(OM_uint32 * minor_status,
if(conf_req_flag) {
EVP_CIPHER_CTX rc4_key;
-
+
EVP_CIPHER_CTX_init(&rc4_key);
EVP_CipherInit_ex(&rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1);
EVP_Cipher(&rc4_key, p0 + 24, p0 + 24, 8 + datalen);
@@ -481,7 +481,7 @@ _gssapi_wrap_arcfour(OM_uint32 * minor_status,
{
EVP_CIPHER_CTX rc4_key;
-
+
EVP_CIPHER_CTX_init(&rc4_key);
EVP_CipherInit_ex(&rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1);
EVP_Cipher(&rc4_key, p0 + 8, p0 + 8 /* SND_SEQ */, 8);
@@ -581,7 +581,7 @@ OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status,
{
EVP_CIPHER_CTX rc4_key;
-
+
EVP_CIPHER_CTX_init(&rc4_key);
EVP_CipherInit_ex(&rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1);
EVP_Cipher(&rc4_key, SND_SEQ, p0 + 8, 8);
@@ -629,7 +629,7 @@ OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status,
if(conf_flag) {
EVP_CIPHER_CTX rc4_key;
-
+
EVP_CIPHER_CTX_init(&rc4_key);
EVP_CipherInit_ex(&rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1);
EVP_Cipher(&rc4_key, Confounder, p0 + 24, 8);
diff --git a/source4/heimdal/lib/gssapi/krb5/cfx.c b/source4/heimdal/lib/gssapi/krb5/cfx.c
index 1189718adc..3c1536b60e 100755
--- a/source4/heimdal/lib/gssapi/krb5/cfx.c
+++ b/source4/heimdal/lib/gssapi/krb5/cfx.c
@@ -285,7 +285,8 @@ _gssapi_wrap_cfx_iov(OM_uint32 *minor_status,
gss_iov_buffer_desc *header, *trailer, *padding;
size_t gsshsize, k5hsize;
size_t gsstsize, k5tsize;
- size_t i, rrc = 0, ec = 0;
+ size_t rrc = 0, ec = 0;
+ int i;
gss_cfx_wrap_token token;
krb5_error_code ret;
int32_t seq_number;
@@ -424,6 +425,9 @@ _gssapi_wrap_cfx_iov(OM_uint32 *minor_status,
token->Flags = 0;
token->Filler = 0xFF;
+ if ((ctx->more_flags & LOCAL) == 0)
+ token->Flags |= CFXSentByAcceptor;
+
if (ctx->more_flags & ACCEPTOR_SUBKEY)
token->Flags |= CFXAcceptorSubkey;
@@ -565,7 +569,7 @@ _gssapi_wrap_cfx_iov(OM_uint32 *minor_status,
plain packet:
{data | "header" | gss-trailer (krb5 checksum)
-
+
don't do RRC != 0
*/
@@ -647,7 +651,7 @@ unrotate_iov(OM_uint32 *minor_status, size_t rrc, gss_iov_buffer_desc *iov, int
GSS_IOV_BUFFER_TYPE(iov[i].type) == GSS_IOV_BUFFER_TYPE_PADDING ||
GSS_IOV_BUFFER_TYPE(iov[i].type) == GSS_IOV_BUFFER_TYPE_TRAILER)
len += iov[i].buffer.length;
-
+
p = malloc(len);
if (p == NULL) {
*minor_status = ENOMEM;
@@ -666,7 +670,7 @@ unrotate_iov(OM_uint32 *minor_status, size_t rrc, gss_iov_buffer_desc *iov, int
q += iov[i].buffer.length;
}
}
- assert((q - p) == len);
+ assert((size_t)(q - p) == len);
/* unrotate first part */
q = p + rrc;
diff --git a/source4/heimdal/lib/gssapi/krb5/compat.c b/source4/heimdal/lib/gssapi/krb5/compat.c
index 221d219c69..3381dffa19 100644
--- a/source4/heimdal/lib/gssapi/krb5/compat.c
+++ b/source4/heimdal/lib/gssapi/krb5/compat.c
@@ -59,7 +59,7 @@ check_compat(OM_uint32 *minor_status,
*compat = match_val;
break;
}
-
+
krb5_free_principal(context, match);
match = NULL;
}
diff --git a/source4/heimdal/lib/gssapi/krb5/context_time.c b/source4/heimdal/lib/gssapi/krb5/context_time.c
index 7b27906b5b..cb1550011c 100644
--- a/source4/heimdal/lib/gssapi/krb5/context_time.c
+++ b/source4/heimdal/lib/gssapi/krb5/context_time.c
@@ -88,6 +88,6 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_context_time
if (*time_rec == 0)
return GSS_S_CONTEXT_EXPIRED;
-
+
return GSS_S_COMPLETE;
}
diff --git a/source4/heimdal/lib/gssapi/krb5/copy_ccache.c b/source4/heimdal/lib/gssapi/krb5/copy_ccache.c
index 4e65fc1cf3..e332d29c84 100644
--- a/source4/heimdal/lib/gssapi/krb5/copy_ccache.c
+++ b/source4/heimdal/lib/gssapi/krb5/copy_ccache.c
@@ -100,7 +100,7 @@ _gsskrb5_krb5_import_cred(OM_uint32 *minor_status,
*minor_status = kret;
return GSS_S_FAILURE;
}
-
+
if (keytab_principal) {
krb5_boolean match;
diff --git a/source4/heimdal/lib/gssapi/krb5/creds.c b/source4/heimdal/lib/gssapi/krb5/creds.c
index d2c253e84b..fa45d19b98 100644
--- a/source4/heimdal/lib/gssapi/krb5/creds.c
+++ b/source4/heimdal/lib/gssapi/krb5/creds.c
@@ -47,7 +47,7 @@ _gsskrb5_export_cred(OM_uint32 *minor_status,
char *str;
GSSAPI_KRB5_INIT (&context);
-
+
if (handle->usage != GSS_C_INITIATE && handle->usage != GSS_C_BOTH) {
*minor_status = GSS_KRB5_S_G_BAD_USAGE;
return GSS_S_FAILURE;
@@ -93,14 +93,14 @@ _gsskrb5_export_cred(OM_uint32 *minor_status,
*minor_status = ret;
return GSS_S_FAILURE;
}
-
+
ret = krb5_cc_get_full_name(context, handle->ccache, &str);
if (ret) {
krb5_storage_free(sp);
*minor_status = ret;
return GSS_S_FAILURE;
}
-
+
ret = krb5_store_string(sp, str);
free(str);
if (ret) {
@@ -222,7 +222,7 @@ _gsskrb5_import_cred(OM_uint32 * minor_status,
*minor_status = ret;
return GSS_S_FAILURE;
}
-
+
ret = krb5_cc_resolve(context, str, &id);
krb5_xfree(str);
if (ret) {
diff --git a/source4/heimdal/lib/gssapi/krb5/encapsulate.c b/source4/heimdal/lib/gssapi/krb5/encapsulate.c
index 79cd9232e1..fe5dac7c60 100644
--- a/source4/heimdal/lib/gssapi/krb5/encapsulate.c
+++ b/source4/heimdal/lib/gssapi/krb5/encapsulate.c
@@ -114,7 +114,7 @@ _gssapi_encapsulate(
if (output_token->value == NULL) {
*minor_status = ENOMEM;
return GSS_S_FAILURE;
- }
+ }
p = _gssapi_make_mech_header (output_token->value, len, mech);
memcpy (p, in_data->data, in_data->length);
@@ -145,7 +145,7 @@ _gsskrb5_encapsulate(
if (output_token->value == NULL) {
*minor_status = ENOMEM;
return GSS_S_FAILURE;
- }
+ }
p = _gsskrb5_make_header (output_token->value, len, type, mech);
memcpy (p, in_data->data, in_data->length);
diff --git a/source4/heimdal/lib/gssapi/krb5/external.c b/source4/heimdal/lib/gssapi/krb5/external.c
index d6f14a48f7..26ede2487d 100644
--- a/source4/heimdal/lib/gssapi/krb5/external.c
+++ b/source4/heimdal/lib/gssapi/krb5/external.c
@@ -180,7 +180,7 @@ static gss_mo_desc krb5_mo[] = {
GSS_C_MA_SASL_MECH_NAME,
GSS_MO_MA,
"SASL mech name",
- "GS2-KRB5",
+ rk_UNCONST("GS2-KRB5"),
_gss_mo_get_ctx_as_string,
NULL
},
@@ -188,7 +188,7 @@ static gss_mo_desc krb5_mo[] = {
GSS_C_MA_MECH_NAME,
GSS_MO_MA,
"Mechanism name",
- "KRB5",
+ rk_UNCONST("KRB5"),
_gss_mo_get_ctx_as_string,
NULL
},
@@ -196,7 +196,7 @@ static gss_mo_desc krb5_mo[] = {
GSS_C_MA_MECH_DESCRIPTION,
GSS_MO_MA,
"Mechanism description",
- "Heimdal Kerberos 5 mech",
+ rk_UNCONST("Heimdal Kerberos 5 mech"),
_gss_mo_get_ctx_as_string,
NULL
},
@@ -273,7 +273,7 @@ static gss_mo_desc krb5_mo[] = {
static gssapi_mech_interface_desc krb5_mech = {
GMI_VERSION,
"kerberos 5",
- {9, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02" },
+ {9, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02") },
0,
_gsskrb5_acquire_cred,
_gsskrb5_release_cred,
@@ -315,7 +315,7 @@ static gssapi_mech_interface_desc krb5_mech = {
_gsskrb5_store_cred,
_gsskrb5_export_cred,
_gsskrb5_import_cred,
- NULL,
+ _gsskrb5_acquire_cred_ext,
NULL,
NULL,
NULL,
@@ -323,7 +323,16 @@ static gssapi_mech_interface_desc krb5_mech = {
NULL,
NULL,
krb5_mo,
- sizeof(krb5_mo) / sizeof(krb5_mo[0])
+ sizeof(krb5_mo) / sizeof(krb5_mo[0]),
+ _gsskrb5_pname_to_uid,
+ _gsskrb5_authorize_localname,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL
};
gssapi_mech_interface
diff --git a/source4/heimdal/lib/gssapi/krb5/import_name.c b/source4/heimdal/lib/gssapi/krb5/import_name.c
index 2a071a305e..5fe512672f 100644
--- a/source4/heimdal/lib/gssapi/krb5/import_name.c
+++ b/source4/heimdal/lib/gssapi/krb5/import_name.c
@@ -107,9 +107,9 @@ _gsskrb5_canon_name(OM_uint32 *minor_status, krb5_context context,
return GSS_S_BAD_NAME;
else if (p->name.name_string.len > 1)
hostname = p->name.name_string.val[1];
-
+
service = p->name.name_string.val[0];
-
+
ret = krb5_sname_to_principal(context,
hostname,
service,
diff --git a/source4/heimdal/lib/gssapi/krb5/init_sec_context.c b/source4/heimdal/lib/gssapi/krb5/init_sec_context.c
index 53855ca045..5f8b01b727 100644
--- a/source4/heimdal/lib/gssapi/krb5/init_sec_context.c
+++ b/source4/heimdal/lib/gssapi/krb5/init_sec_context.c
@@ -41,7 +41,7 @@
static OM_uint32
set_addresses (krb5_context context,
krb5_auth_context ac,
- const gss_channel_bindings_t input_chan_bindings)
+ const gss_channel_bindings_t input_chan_bindings)
{
/* Port numbers are expected to be in application_data.value,
* initator's port first */
@@ -422,11 +422,6 @@ init_auth
goto failure;
}
- ret = _gss_DES3_get_mic_compat(minor_status, ctx, context);
- if (ret)
- goto failure;
-
-
/*
* This is hideous glue for (NFS) clients that wants to limit the
* available enctypes to what it can support (encryption in
@@ -458,17 +453,21 @@ init_auth
* DNS canonicalizion.
*/
ret = gsskrb5_get_creds(minor_status, context, ctx->ccache,
- ctx, name, 0, time_req,
+ ctx, name, 0, time_req,
time_rec);
if (ret && allow_dns)
ret = gsskrb5_get_creds(minor_status, context, ctx->ccache,
- ctx, name, 1, time_req,
+ ctx, name, 1, time_req,
time_rec);
if (ret)
goto failure;
ctx->lifetime = ctx->kcred->times.endtime;
+ ret = _gss_DES3_get_mic_compat(minor_status, ctx, context);
+ if (ret)
+ goto failure;
+
ret = _gsskrb5_lifetime_left(minor_status,
context,
ctx->lifetime,
@@ -530,7 +529,7 @@ init_auth_restart
Checksum cksum;
krb5_enctype enctype;
krb5_data fwd_data, timedata;
- int32_t offset = 0, oldoffset;
+ int32_t offset = 0, oldoffset = 0;
uint32_t flagmask;
krb5_data_zero(&outbuf);
@@ -544,7 +543,7 @@ init_auth_restart
*/
if (!ctx->kcred->flags.b.ok_as_delegate) {
krb5_data data;
-
+
ret = krb5_cc_get_config(context, ctx->ccache, NULL,
"realm-config", &data);
if (ret == 0) {
@@ -676,7 +675,8 @@ init_auth_restart
output_token->length = outbuf.length;
} else {
ret = _gsskrb5_encapsulate (minor_status, &outbuf, output_token,
- (u_char *)"\x01\x00", GSS_KRB5_MECHANISM);
+ (u_char *)(intptr_t)"\x01\x00",
+ GSS_KRB5_MECHANISM);
krb5_data_free (&outbuf);
if (ret)
goto failure;
@@ -848,9 +848,9 @@ repl_mutual
*minor_status = kret;
return GSS_S_FAILURE;
}
-
+
/* reset local seq number */
- krb5_auth_con_setlocalseqnumber(context, ctx->auth_context, local_seq);
+ krb5_auth_con_setlocalseqnumber(context, ctx->auth_context, local_seq);
output_token->length = outbuf.length;
output_token->value = outbuf.data;
@@ -911,20 +911,20 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_init_sec_context
return GSS_S_BAD_MECH;
if (input_token == GSS_C_NO_BUFFER || input_token->length == 0) {
- OM_uint32 ret;
+ OM_uint32 ret1;
if (*context_handle != GSS_C_NO_CONTEXT) {
*minor_status = 0;
return GSS_S_FAILURE | GSS_S_CALL_BAD_STRUCTURE;
}
- ret = _gsskrb5_create_ctx(minor_status,
+ ret1 = _gsskrb5_create_ctx(minor_status,
context_handle,
context,
input_chan_bindings,
INITIATOR_START);
- if (ret)
- return ret;
+ if (ret1)
+ return ret1;
}
if (*context_handle == GSS_C_NO_CONTEXT) {
@@ -953,7 +953,7 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_init_sec_context
ret_flags,
time_rec);
if (ret != GSS_S_COMPLETE)
- break;
+ break;
/* FALL THOUGH */
case INITIATOR_RESTART:
ret = init_auth_restart(minor_status,
diff --git a/source4/heimdal/lib/gssapi/krb5/inquire_cred.c b/source4/heimdal/lib/gssapi/krb5/inquire_cred.c
index d3798623ff..f88199692c 100644
--- a/source4/heimdal/lib/gssapi/krb5/inquire_cred.c
+++ b/source4/heimdal/lib/gssapi/krb5/inquire_cred.c
@@ -95,12 +95,12 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_inquire_cred
if (output_name != NULL) {
if (icred && icred->principal != NULL) {
gss_name_t name;
-
+
if (acred && acred->principal)
name = (gss_name_t)acred->principal;
else
name = (gss_name_t)icred->principal;
-
+
ret = _gsskrb5_duplicate_name(minor_status, name, output_name);
if (ret)
goto out;
diff --git a/source4/heimdal/lib/gssapi/krb5/inquire_names_for_mech.c b/source4/heimdal/lib/gssapi/krb5/inquire_names_for_mech.c
index dc02b99851..65bd49c971 100644
--- a/source4/heimdal/lib/gssapi/krb5/inquire_names_for_mech.c
+++ b/source4/heimdal/lib/gssapi/krb5/inquire_names_for_mech.c
@@ -72,6 +72,6 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_inquire_names_for_mech (
if (ret != GSS_S_COMPLETE)
gss_release_oid_set(NULL, name_types);
-
+
return GSS_S_COMPLETE;
}
diff --git a/source4/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c b/source4/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c
index 14816e7a05..b57217a4e8 100644
--- a/source4/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c
+++ b/source4/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c
@@ -159,10 +159,10 @@ static OM_uint32 inquire_sec_context_get_subkey
{
gss_buffer_desc value;
-
+
value.length = data.length;
value.value = data.data;
-
+
maj_stat = gss_add_buffer_set_member(minor_status,
&value,
data_set);
@@ -179,6 +179,46 @@ out:
return maj_stat;
}
+static OM_uint32 inquire_sec_context_get_sspi_session_key
+ (OM_uint32 *minor_status,
+ const gsskrb5_ctx context_handle,
+ krb5_context context,
+ gss_buffer_set_t *data_set)
+{
+ krb5_keyblock *key;
+ OM_uint32 maj_stat = GSS_S_COMPLETE;
+ krb5_error_code ret;
+ gss_buffer_desc value;
+
+ HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
+ ret = _gsskrb5i_get_token_key(context_handle, context, &key);
+ HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
+
+ if (ret)
+ goto out;
+ if (key == NULL) {
+ ret = EINVAL;
+ goto out;
+ }
+
+ value.length = key->keyvalue.length;
+ value.value = key->keyvalue.data;
+
+ maj_stat = gss_add_buffer_set_member(minor_status,
+ &value,
+ data_set);
+ krb5_free_keyblock(context, key);
+
+ /* MIT also returns the enctype encoded as an OID in data_set[1] */
+
+out:
+ if (ret) {
+ *minor_status = ret;
+ maj_stat = GSS_S_FAILURE;
+ }
+ return maj_stat;
+}
+
static OM_uint32 inquire_sec_context_authz_data
(OM_uint32 *minor_status,
const gsskrb5_ctx context_handle,
@@ -464,10 +504,10 @@ get_service_keyblock
{
gss_buffer_desc value;
-
+
value.length = data.length;
value.value = data.data;
-
+
maj_stat = gss_add_buffer_set_member(minor_status,
&value,
data_set);
@@ -530,6 +570,11 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_inquire_sec_context_by_oid
context,
ACCEPTOR_KEY,
data_set);
+ } else if (gss_oid_equal(desired_object, GSS_C_INQ_SSPI_SESSION_KEY)) {
+ return inquire_sec_context_get_sspi_session_key(minor_status,
+ ctx,
+ context,
+ data_set);
} else if (gss_oid_equal(desired_object, GSS_KRB5_GET_AUTHTIME_X)) {
return get_authtime(minor_status, ctx, data_set);
} else if (oid_prefix_equal(desired_object,
diff --git a/source4/heimdal/lib/gssapi/krb5/prf.c b/source4/heimdal/lib/gssapi/krb5/prf.c
index 323b4cc722..162a309709 100644
--- a/source4/heimdal/lib/gssapi/krb5/prf.c
+++ b/source4/heimdal/lib/gssapi/krb5/prf.c
@@ -47,18 +47,21 @@ _gsskrb5_pseudo_random(OM_uint32 *minor_status,
krb5_crypto crypto;
krb5_data input, output;
uint32_t num;
+ OM_uint32 junk;
unsigned char *p;
krb5_keyblock *key = NULL;
+ size_t dol;
if (ctx == NULL) {
*minor_status = 0;
return GSS_S_NO_CONTEXT;
}
- if (desired_output_len <= 0) {
+ if (desired_output_len <= 0 || prf_in->length + 4 < prf_in->length) {
*minor_status = 0;
return GSS_S_FAILURE;
}
+ dol = desired_output_len;
GSSAPI_KRB5_INIT (&context);
@@ -88,21 +91,20 @@ _gsskrb5_pseudo_random(OM_uint32 *minor_status,
return GSS_S_FAILURE;
}
- prf_out->value = malloc(desired_output_len);
+ prf_out->value = malloc(dol);
if (prf_out->value == NULL) {
_gsskrb5_set_status(GSS_KRB5_S_KG_INPUT_TOO_LONG, "Out of memory");
*minor_status = GSS_KRB5_S_KG_INPUT_TOO_LONG;
krb5_crypto_destroy(context, crypto);
return GSS_S_FAILURE;
}
- prf_out->length = desired_output_len;
+ prf_out->length = dol;
HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
input.length = prf_in->length + 4;
input.data = malloc(prf_in->length + 4);
if (input.data == NULL) {
- OM_uint32 junk;
_gsskrb5_set_status(GSS_KRB5_S_KG_INPUT_TOO_LONG, "Out of memory");
*minor_status = GSS_KRB5_S_KG_INPUT_TOO_LONG;
gss_release_buffer(&junk, prf_out);
@@ -110,15 +112,17 @@ _gsskrb5_pseudo_random(OM_uint32 *minor_status,
HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
return GSS_S_FAILURE;
}
- memcpy(((unsigned char *)input.data) + 4, prf_in->value, prf_in->length);
+ memcpy(((uint8_t *)input.data) + 4, prf_in->value, prf_in->length);
num = 0;
p = prf_out->value;
- while(desired_output_len > 0) {
+ while(dol > 0) {
+ size_t tsize;
+
_gsskrb5_encode_om_uint32(num, input.data);
+
ret = krb5_crypto_prf(context, crypto, &input, &output);
if (ret) {
- OM_uint32 junk;
*minor_status = ret;
free(input.data);
gss_release_buffer(&junk, prf_out);
@@ -126,9 +130,11 @@ _gsskrb5_pseudo_random(OM_uint32 *minor_status,
HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
return GSS_S_FAILURE;
}
- memcpy(p, output.data, min(desired_output_len, output.length));
+
+ tsize = min(dol, output.length);
+ memcpy(p, output.data, tsize);
p += output.length;
- desired_output_len -= output.length;
+ dol -= tsize;
krb5_data_free(&output);
num++;
}
diff --git a/source4/heimdal/lib/gssapi/krb5/process_context_token.c b/source4/heimdal/lib/gssapi/krb5/process_context_token.c
index 4feda0de04..0cc1c07cfb 100644
--- a/source4/heimdal/lib/gssapi/krb5/process_context_token.c
+++ b/source4/heimdal/lib/gssapi/krb5/process_context_token.c
@@ -52,7 +52,8 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_process_context_token (
(gsskrb5_ctx)context_handle,
context,
token_buffer, &empty_buffer,
- GSS_C_QOP_DEFAULT, "\x01\x02");
+ GSS_C_QOP_DEFAULT,
+ "\x01\x02");
if (ret == GSS_S_COMPLETE)
ret = _gsskrb5_delete_sec_context(minor_status,
diff --git a/source4/heimdal/lib/gssapi/krb5/sequence.c b/source4/heimdal/lib/gssapi/krb5/sequence.c
index fbbc5b6c70..2e0e7b20f9 100644
--- a/source4/heimdal/lib/gssapi/krb5/sequence.c
+++ b/source4/heimdal/lib/gssapi/krb5/sequence.c
@@ -64,7 +64,7 @@ msg_order_alloc(OM_uint32 *minor_status,
if (*o == NULL) {
*minor_status = ENOMEM;
return GSS_S_FAILURE;
- }
+ }
*minor_status = 0;
return GSS_S_COMPLETE;
@@ -141,7 +141,7 @@ OM_uint32
_gssapi_msg_order_check(struct gss_msg_order *o, OM_uint32 seq_num)
{
OM_uint32 r;
- int i;
+ size_t i;
if (o == NULL)
return GSS_S_COMPLETE;
diff --git a/source4/heimdal/lib/gssapi/krb5/set_cred_option.c b/source4/heimdal/lib/gssapi/krb5/set_cred_option.c
index 5ff6172fb9..bd38716751 100644
--- a/source4/heimdal/lib/gssapi/krb5/set_cred_option.c
+++ b/source4/heimdal/lib/gssapi/krb5/set_cred_option.c
@@ -209,7 +209,7 @@ no_ci_flags(OM_uint32 *minor_status,
cred = (gsskrb5_cred)*cred_handle;
cred->cred_flags |= GSS_CF_NO_CI_FLAGS;
-
+
*minor_status = 0;
return GSS_S_COMPLETE;
@@ -241,7 +241,7 @@ _gsskrb5_set_cred_option
if (gss_oid_equal(desired_object, GSS_KRB5_CRED_NO_CI_FLAGS_X)) {
return no_ci_flags(minor_status, context, cred_handle, value);
}
-
+
*minor_status = EINVAL;
return GSS_S_FAILURE;
diff --git a/source4/heimdal/lib/gssapi/krb5/set_sec_context_option.c b/source4/heimdal/lib/gssapi/krb5/set_sec_context_option.c
index 237af1a52c..141ff722fb 100644
--- a/source4/heimdal/lib/gssapi/krb5/set_sec_context_option.c
+++ b/source4/heimdal/lib/gssapi/krb5/set_sec_context_option.c
@@ -154,11 +154,10 @@ _gsskrb5_set_sec_context_option
if (maj_stat != GSS_S_COMPLETE)
return maj_stat;
- _gsskrb5_register_acceptor_identity(str);
+ maj_stat = _gsskrb5_register_acceptor_identity(minor_status, str);
free(str);
- *minor_status = 0;
- return GSS_S_COMPLETE;
+ return maj_stat;
} else if (gss_oid_equal(desired_object, GSS_KRB5_SET_DEFAULT_REALM_X)) {
char *str;
@@ -222,7 +221,7 @@ _gsskrb5_set_sec_context_option
return maj_stat;
t = time(NULL) + offset;
-
+
krb5_set_real_time(context, t, 0);
*minor_status = 0;
diff --git a/source4/heimdal/lib/gssapi/krb5/store_cred.c b/source4/heimdal/lib/gssapi/krb5/store_cred.c
index 21f9f6e8ab..a3aa2fb83e 100644
--- a/source4/heimdal/lib/gssapi/krb5/store_cred.c
+++ b/source4/heimdal/lib/gssapi/krb5/store_cred.c
@@ -103,7 +103,7 @@ _gsskrb5_store_cred(OM_uint32 *minor_status,
*minor_status = ret;
return(GSS_S_FAILURE);
}
-
+
if (default_cred)
krb5_cc_switch(context, id);
diff --git a/source4/heimdal/lib/gssapi/krb5/unwrap.c b/source4/heimdal/lib/gssapi/krb5/unwrap.c
index 7620d691bd..d6bc204777 100644
--- a/source4/heimdal/lib/gssapi/krb5/unwrap.c
+++ b/source4/heimdal/lib/gssapi/krb5/unwrap.c
@@ -54,7 +54,7 @@ unwrap_des
DES_key_schedule schedule;
DES_cblock deskey;
DES_cblock zero;
- int i;
+ size_t i;
uint32_t seq_number;
size_t padlength;
OM_uint32 ret;
@@ -98,6 +98,7 @@ unwrap_des
if(cstate) {
/* decrypt data */
memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
+ memset (&zero, 0, sizeof(zero));
for (i = 0; i < sizeof(deskey); ++i)
deskey[i] ^= 0xf0;
diff --git a/source4/heimdal/lib/gssapi/krb5/verify_mic.c b/source4/heimdal/lib/gssapi/krb5/verify_mic.c
index 9a5445698b..3123787ff4 100644
--- a/source4/heimdal/lib/gssapi/krb5/verify_mic.c
+++ b/source4/heimdal/lib/gssapi/krb5/verify_mic.c
@@ -44,7 +44,7 @@ verify_mic_des
const gss_buffer_t token_buffer,
gss_qop_t * qop_state,
krb5_keyblock *key,
- char *type
+ const char *type
)
{
u_char *p;
@@ -142,7 +142,7 @@ verify_mic_des3
const gss_buffer_t token_buffer,
gss_qop_t * qop_state,
krb5_keyblock *key,
- char *type
+ const char *type
)
{
u_char *p;
@@ -276,7 +276,7 @@ _gsskrb5_verify_mic_internal
const gss_buffer_t message_buffer,
const gss_buffer_t token_buffer,
gss_qop_t * qop_state,
- char * type
+ const char * type
)
{
krb5_keyblock *key;
@@ -348,7 +348,7 @@ _gsskrb5_verify_mic
(gsskrb5_ctx)context_handle,
context,
message_buffer, token_buffer,
- qop_state, "\x01\x01");
+ qop_state, (void *)(intptr_t)"\x01\x01");
return ret;
}
diff --git a/source4/heimdal/lib/gssapi/krb5/wrap.c b/source4/heimdal/lib/gssapi/krb5/wrap.c
index 54f92df609..efd0d82c49 100644
--- a/source4/heimdal/lib/gssapi/krb5/wrap.c
+++ b/source4/heimdal/lib/gssapi/krb5/wrap.c
@@ -214,7 +214,7 @@ wrap_des
EVP_CIPHER_CTX des_ctx;
DES_cblock deskey;
DES_cblock zero;
- int i;
+ size_t i;
int32_t seq_number;
size_t len, total_len, padlength, datalen;
diff --git a/source4/heimdal/lib/gssapi/mech/cred.h b/source4/heimdal/lib/gssapi/mech/cred.h
index adffe6893e..5661b53239 100644
--- a/source4/heimdal/lib/gssapi/mech/cred.h
+++ b/source4/heimdal/lib/gssapi/mech/cred.h
@@ -39,3 +39,19 @@ struct _gss_cred {
struct _gss_mechanism_cred_list gc_mc;
};
+struct _gss_mechanism_cred *
+_gss_copy_cred(struct _gss_mechanism_cred *mc);
+
+struct _gss_mechanism_name;
+
+OM_uint32
+_gss_acquire_mech_cred(OM_uint32 *minor_status,
+ gssapi_mech_interface m,
+ const struct _gss_mechanism_name *mn,
+ gss_const_OID credential_type,
+ const void *credential_data,
+ OM_uint32 time_req,
+ gss_const_OID desired_mech,
+ gss_cred_usage_t cred_usage,
+ struct _gss_mechanism_cred **output_cred_handle);
+
diff --git a/source4/heimdal/lib/gssapi/mech/gss_accept_sec_context.c b/source4/heimdal/lib/gssapi/mech/gss_accept_sec_context.c
index 92d7e7f05d..bf7ea03f72 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_accept_sec_context.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_accept_sec_context.c
@@ -34,17 +34,17 @@ parse_header(const gss_buffer_t input_token, gss_OID mech_oid)
unsigned char *p = input_token->value;
size_t len = input_token->length;
size_t a, b;
-
+
/*
* Token must start with [APPLICATION 0] SEQUENCE.
* But if it doesn't assume it is DCE-STYLE Kerberos!
*/
if (len == 0)
return (GSS_S_DEFECTIVE_TOKEN);
-
+
p++;
len--;
-
+
/*
* Decode the length and make sure it agrees with the
* token length.
@@ -71,7 +71,7 @@ parse_header(const gss_buffer_t input_token, gss_OID mech_oid)
}
if (a != len)
return (GSS_S_DEFECTIVE_TOKEN);
-
+
/*
* Decode the OID for the mechanism. Simplify life by
* assuming that the OID length is less than 128 bytes.
@@ -84,9 +84,9 @@ parse_header(const gss_buffer_t input_token, gss_OID mech_oid)
p += 2;
len -= 2;
mech_oid->elements = p;
-
+
return GSS_S_COMPLETE;
-}
+}
static gss_OID_desc krb5_mechanism =
{9, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02")};
@@ -221,7 +221,7 @@ gss_accept_sec_context(OM_uint32 *minor_status,
acceptor_mc = GSS_C_NO_CREDENTIAL;
}
delegated_mc = GSS_C_NO_CREDENTIAL;
-
+
mech_ret_flags = 0;
major_status = m->gm_accept_sec_context(minor_status,
&ctx->gc_ctx,
@@ -267,7 +267,7 @@ gss_accept_sec_context(OM_uint32 *minor_status,
mech_ret_flags &=
~(GSS_C_DELEG_FLAG|GSS_C_DELEG_POLICY_FLAG);
} else if (gss_oid_equal(mech_ret_type, &m->gm_mech_oid) == 0) {
- /*
+ /*
* If the returned mech_type is not the same
* as the mech, assume its pseudo mech type
* and the returned type is already a
diff --git a/source4/heimdal/lib/gssapi/mech/gss_acquire_cred.c b/source4/heimdal/lib/gssapi/mech/gss_acquire_cred.c
index c9900148c2..ade65df8ec 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_acquire_cred.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_acquire_cred.c
@@ -46,7 +46,7 @@ gss_acquire_cred(OM_uint32 *minor_status,
struct _gss_cred *cred;
struct _gss_mechanism_cred *mc;
OM_uint32 min_time, cred_time;
- int i;
+ size_t i;
*minor_status = 0;
if (output_cred_handle == NULL)
diff --git a/source4/heimdal/lib/gssapi/mech/gss_add_cred.c b/source4/heimdal/lib/gssapi/mech/gss_add_cred.c
index 19deea5b06..a998bc60ff 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_add_cred.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_add_cred.c
@@ -28,7 +28,7 @@
#include "mech_locl.h"
-static struct _gss_mechanism_cred *
+struct _gss_mechanism_cred *
_gss_copy_cred(struct _gss_mechanism_cred *mc)
{
struct _gss_mechanism_cred *new_mc;
diff --git a/source4/heimdal/lib/gssapi/mech/gss_add_oid_set_member.c b/source4/heimdal/lib/gssapi/mech/gss_add_oid_set_member.c
index 191a4a305c..a23270511e 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_add_oid_set_member.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_add_oid_set_member.c
@@ -47,7 +47,7 @@
*
* @returns a gss_error code, see gss_display_status() about printing
* the error code.
- *
+ *
* @ingroup gssapi
*/
diff --git a/source4/heimdal/lib/gssapi/mech/gss_aeap.c b/source4/heimdal/lib/gssapi/mech/gss_aeap.c
index 141b6ae5ac..3008c0d344 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_aeap.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_aeap.c
@@ -1,6 +1,6 @@
/*
* AEAD support
- */
+ */
#include "mech_locl.h"
@@ -90,7 +90,7 @@ gss_unwrap_iov(OM_uint32 *minor_status,
int iov_count)
{
struct _gss_context *ctx = (struct _gss_context *) context_handle;
- gssapi_mech_interface m;
+ gssapi_mech_interface m;
if (minor_status)
*minor_status = 0;
@@ -168,7 +168,7 @@ gss_release_iov_buffer(OM_uint32 *minor_status,
int iov_count)
{
OM_uint32 junk;
- size_t i;
+ int i;
if (minor_status)
*minor_status = 0;
diff --git a/source4/heimdal/lib/gssapi/mech/gss_buffer_set.c b/source4/heimdal/lib/gssapi/mech/gss_buffer_set.c
index 3099b163b5..48fb720ad0 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_buffer_set.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_buffer_set.c
@@ -100,7 +100,7 @@ GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_release_buffer_set(OM_uint32 * minor_status,
gss_buffer_set_t *buffer_set)
{
- int i;
+ size_t i;
OM_uint32 minor;
*minor_status = 0;
diff --git a/source4/heimdal/lib/gssapi/mech/gss_canonicalize_name.c b/source4/heimdal/lib/gssapi/mech/gss_canonicalize_name.c
index e87931dc78..bd8ff52120 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_canonicalize_name.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_canonicalize_name.c
@@ -48,7 +48,7 @@
*
* @returns a gss_error code, see gss_display_status() about printing
* the error code.
- *
+ *
* @ingroup gssapi
*/
diff --git a/source4/heimdal/lib/gssapi/mech/gss_cred.c b/source4/heimdal/lib/gssapi/mech/gss_cred.c
index b8fa11185a..99de68776e 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_cred.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_cred.c
@@ -85,7 +85,7 @@ gss_export_cred(OM_uint32 * minor_status,
}
ret = krb5_storage_write(sp, buffer.value, buffer.length);
- if (ret != buffer.length) {
+ if (ret < 0 || (size_t)ret != buffer.length) {
gss_release_buffer(minor_status, &buffer);
krb5_storage_free(sp);
*minor_status = EINVAL;
@@ -183,7 +183,7 @@ gss_import_cred(OM_uint32 * minor_status,
buffer.value = data.data;
buffer.length = data.length;
- major = m->gm_import_cred(minor_status,
+ major = m->gm_import_cred(minor_status,
&buffer, &mcred);
krb5_data_free(&data);
if (major) {
diff --git a/source4/heimdal/lib/gssapi/mech/gss_decapsulate_token.c b/source4/heimdal/lib/gssapi/mech/gss_decapsulate_token.c
index 0fe3b4f5a5..3f2974e8ca 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_decapsulate_token.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_decapsulate_token.c
@@ -34,8 +34,8 @@
#include "mech_locl.h"
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
-gss_decapsulate_token(const gss_buffer_t input_token,
- const gss_OID oid,
+gss_decapsulate_token(gss_const_buffer_t input_token,
+ gss_const_OID oid,
gss_buffer_t output_token)
{
GSSAPIContextToken ct;
@@ -55,7 +55,7 @@ gss_decapsulate_token(const gss_buffer_t input_token,
if (ret) {
der_free_oid(&o);
return GSS_S_FAILURE;
- }
+ }
if (der_heim_oid_cmp(&ct.thisMech, &o) == 0) {
status = GSS_S_COMPLETE;
diff --git a/source4/heimdal/lib/gssapi/mech/gss_display_status.c b/source4/heimdal/lib/gssapi/mech/gss_display_status.c
index d6aaf98827..1e508caa9b 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_display_status.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_display_status.c
@@ -190,7 +190,7 @@ gss_display_status(OM_uint32 *minor_status,
oid.value = rk_UNCONST("unknown");
oid.length = 7;
}
-
+
e = asprintf (&buf, "unknown mech-code %lu for mech %.*s",
(unsigned long)status_value,
(int)oid.length, (char *)oid.value);
diff --git a/source4/heimdal/lib/gssapi/mech/gss_duplicate_name.c b/source4/heimdal/lib/gssapi/mech/gss_duplicate_name.c
index 053825bbc3..a76c87cb85 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_duplicate_name.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_duplicate_name.c
@@ -52,7 +52,7 @@ gss_duplicate_name(OM_uint32 *minor_status,
if (major_status != GSS_S_COMPLETE)
return (major_status);
new_name = (struct _gss_name *) *dest_name;
-
+
HEIM_SLIST_FOREACH(mn, &name->gn_mn, gmn_link) {
struct _gss_mechanism_name *mn2;
_gss_find_mn(minor_status, new_name,
@@ -67,10 +67,10 @@ gss_duplicate_name(OM_uint32 *minor_status,
memset(new_name, 0, sizeof(struct _gss_name));
HEIM_SLIST_INIT(&new_name->gn_mn);
*dest_name = (gss_name_t) new_name;
-
+
HEIM_SLIST_FOREACH(mn, &name->gn_mn, gmn_link) {
struct _gss_mechanism_name *new_mn;
-
+
new_mn = malloc(sizeof(*new_mn));
if (!new_mn) {
*minor_status = ENOMEM;
@@ -78,7 +78,7 @@ gss_duplicate_name(OM_uint32 *minor_status,
}
new_mn->gmn_mech = mn->gmn_mech;
new_mn->gmn_mech_oid = mn->gmn_mech_oid;
-
+
major_status =
mn->gmn_mech->gm_duplicate_name(minor_status,
mn->gmn_name, &new_mn->gmn_name);
diff --git a/source4/heimdal/lib/gssapi/mech/gss_encapsulate_token.c b/source4/heimdal/lib/gssapi/mech/gss_encapsulate_token.c
index fc0ec736bb..1b1f973eaa 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_encapsulate_token.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_encapsulate_token.c
@@ -34,8 +34,8 @@
#include "mech_locl.h"
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
-gss_encapsulate_token(const gss_buffer_t input_token,
- const gss_OID oid,
+gss_encapsulate_token(gss_const_buffer_t input_token,
+ gss_const_OID oid,
gss_buffer_t output_token)
{
GSSAPIContextToken ct;
@@ -58,7 +58,7 @@ gss_encapsulate_token(const gss_buffer_t input_token,
if (ret) {
_mg_buffer_zero(output_token);
return GSS_S_FAILURE;
- }
+ }
if (output_token->length != size)
abort();
diff --git a/source4/heimdal/lib/gssapi/mech/gss_export_sec_context.c b/source4/heimdal/lib/gssapi/mech/gss_export_sec_context.c
index babc8ebdf4..369f3a2257 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_export_sec_context.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_export_sec_context.c
@@ -42,7 +42,7 @@ gss_export_sec_context(OM_uint32 *minor_status,
major_status = m->gm_export_sec_context(minor_status,
&ctx->gc_ctx, &buf);
-
+
if (major_status == GSS_S_COMPLETE) {
unsigned char *p;
diff --git a/source4/heimdal/lib/gssapi/mech/gss_import_name.c b/source4/heimdal/lib/gssapi/mech/gss_import_name.c
index 574c058fc2..d1b3dc95b4 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_import_name.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_import_name.c
@@ -41,6 +41,7 @@ _gss_import_export_name(OM_uint32 *minor_status,
gssapi_mech_interface m;
struct _gss_name *name;
gss_name_t new_canonical_name;
+ int composite = 0;
*minor_status = 0;
*output_name = 0;
@@ -50,8 +51,17 @@ _gss_import_export_name(OM_uint32 *minor_status,
*/
if (len < 2)
return (GSS_S_BAD_NAME);
- if (p[0] != 4 || p[1] != 1)
+ if (p[0] != 4)
return (GSS_S_BAD_NAME);
+ switch (p[1]) {
+ case 1: /* non-composite name */
+ break;
+ case 2: /* composite name */
+ composite = 1;
+ break;
+ default:
+ return (GSS_S_BAD_NAME);
+ }
p += 2;
len -= 2;
@@ -106,7 +116,7 @@ _gss_import_export_name(OM_uint32 *minor_status,
p += 4;
len -= 4;
- if (len != t)
+ if (!composite && len != t)
return (GSS_S_BAD_NAME);
m = __gss_get_mechanism(&mech_oid);
@@ -159,7 +169,7 @@ _gss_import_export_name(OM_uint32 *minor_status,
*
* @returns a gss_error code, see gss_display_status() about printing
* the error code.
- *
+ *
* @ingroup gssapi
*/
@@ -231,7 +241,7 @@ gss_import_name(OM_uint32 *minor_status,
HEIM_SLIST_FOREACH(m, &_gss_mechs, gm_link) {
int present = 0;
- major_status = gss_test_oid_set_member(minor_status,
+ major_status = gss_test_oid_set_member(minor_status,
name_type, m->gm_name_types, &present);
if (major_status || present == 0)
diff --git a/source4/heimdal/lib/gssapi/mech/gss_import_sec_context.c b/source4/heimdal/lib/gssapi/mech/gss_import_sec_context.c
index 2a376fefea..9865db78d4 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_import_sec_context.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_import_sec_context.c
@@ -58,7 +58,7 @@ gss_import_sec_context(OM_uint32 *minor_status,
mech_oid.elements = p + 2;
buf.length = len - 2 - mech_oid.length;
buf.value = p + 2 + mech_oid.length;
-
+
m = __gss_get_mechanism(&mech_oid);
if (!m)
return (GSS_S_DEFECTIVE_TOKEN);
diff --git a/source4/heimdal/lib/gssapi/mech/gss_indicate_mechs.c b/source4/heimdal/lib/gssapi/mech/gss_indicate_mechs.c
index 59a1dcf22b..8fd53d956d 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_indicate_mechs.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_indicate_mechs.c
@@ -35,14 +35,14 @@ gss_indicate_mechs(OM_uint32 *minor_status,
struct _gss_mech_switch *m;
OM_uint32 major_status;
gss_OID_set set;
- int i;
+ size_t i;
_gss_load_mech();
major_status = gss_create_empty_oid_set(minor_status, mech_set);
if (major_status)
return (major_status);
-
+
HEIM_SLIST_FOREACH(m, &_gss_mechs, gm_link) {
if (m->gm_mech.gm_indicate_mechs) {
major_status = m->gm_mech.gm_indicate_mechs(
diff --git a/source4/heimdal/lib/gssapi/mech/gss_init_sec_context.c b/source4/heimdal/lib/gssapi/mech/gss_init_sec_context.c
index cf111ecbae..af0170a50a 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_init_sec_context.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_init_sec_context.c
@@ -99,7 +99,7 @@ _gss_mech_cred_find(gss_cred_id_t cred_handle, gss_OID mech_type)
*
* @returns a gss_error code, see gss_display_status() about printing
* the error code.
- *
+ *
* @ingroup gssapi
*/
diff --git a/source4/heimdal/lib/gssapi/mech/gss_inquire_context.c b/source4/heimdal/lib/gssapi/mech/gss_inquire_context.c
index 0658267b2f..2568075988 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_inquire_context.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_inquire_context.c
@@ -37,7 +37,7 @@ gss_inquire_context(OM_uint32 *minor_status,
gss_OID *mech_type,
OM_uint32 *ctx_flags,
int *locally_initiated,
- int *open)
+ int *xopen)
{
OM_uint32 major_status;
struct _gss_context *ctx = (struct _gss_context *) context_handle;
@@ -47,8 +47,8 @@ gss_inquire_context(OM_uint32 *minor_status,
if (locally_initiated)
*locally_initiated = 0;
- if (open)
- *open = 0;
+ if (xopen)
+ *xopen = 0;
if (lifetime_rec)
*lifetime_rec = 0;
@@ -68,7 +68,7 @@ gss_inquire_context(OM_uint32 *minor_status,
mech_type,
ctx_flags,
locally_initiated,
- open);
+ xopen);
if (major_status != GSS_S_COMPLETE) {
_gss_mg_error(m, major_status, *minor_status);
diff --git a/source4/heimdal/lib/gssapi/mech/gss_inquire_cred_by_oid.c b/source4/heimdal/lib/gssapi/mech/gss_inquire_cred_by_oid.c
index 900370a5db..e674dd48f3 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_inquire_cred_by_oid.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_inquire_cred_by_oid.c
@@ -52,7 +52,7 @@ gss_inquire_cred_by_oid (OM_uint32 *minor_status,
HEIM_SLIST_FOREACH(mc, &cred->gc_mc, gmc_link) {
gss_buffer_set_t rset = GSS_C_NO_BUFFER_SET;
- int i;
+ size_t i;
m = mc->gmc_mech;
if (m == NULL) {
diff --git a/source4/heimdal/lib/gssapi/mech/gss_krb5.c b/source4/heimdal/lib/gssapi/mech/gss_krb5.c
index 594b41ef8e..fe88a384b5 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_krb5.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_krb5.c
@@ -188,7 +188,7 @@ out:
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gsskrb5_register_acceptor_identity(const char *identity)
{
- struct _gss_mech_switch *m;
+ gssapi_mech_interface m;
gss_buffer_desc buffer;
OM_uint32 junk;
@@ -197,14 +197,12 @@ gsskrb5_register_acceptor_identity(const char *identity)
buffer.value = rk_UNCONST(identity);
buffer.length = strlen(identity);
- HEIM_SLIST_FOREACH(m, &_gss_mechs, gm_link) {
- if (m->gm_mech.gm_set_sec_context_option == NULL)
- continue;
- m->gm_mech.gm_set_sec_context_option(&junk, NULL,
- GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X, &buffer);
- }
+ m = __gss_get_mechanism(GSS_KRB5_MECHANISM);
+ if (m == NULL || m->gm_set_sec_context_option == NULL)
+ return GSS_S_FAILURE;
- return (GSS_S_COMPLETE);
+ return m->gm_set_sec_context_option(&junk, NULL,
+ GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X, &buffer);
}
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
@@ -441,7 +439,7 @@ gss_krb5_set_allowable_enctypes(OM_uint32 *minor_status,
gss_buffer_desc buffer;
krb5_storage *sp;
krb5_data data;
- int i;
+ size_t i;
sp = krb5_storage_emem();
if (sp == NULL) {
diff --git a/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c b/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c
index f7f75c13f9..55e01094ff 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c
@@ -62,7 +62,7 @@ _gss_string_to_oid(const char* s, gss_OID oid)
if (q) q = q + 1;
number_count++;
}
-
+
/*
* The first two numbers are in the first byte and each
* subsequent number is encoded in a variable byte sequence.
@@ -126,7 +126,7 @@ _gss_string_to_oid(const char* s, gss_OID oid)
while (bytes) {
if (res) {
int bit = 7*(bytes-1);
-
+
*res = (number >> bit) & 0x7f;
if (bytes != 1)
*res |= 0x80;
@@ -152,7 +152,8 @@ _gss_string_to_oid(const char* s, gss_OID oid)
#define SYM(name) \
do { \
m->gm_mech.gm_ ## name = dlsym(so, "gss_" #name); \
- if (!m->gm_mech.gm_ ## name) { \
+ if (!m->gm_mech.gm_ ## name || \
+ m->gm_mech.gm_ ##name == gss_ ## name) { \
fprintf(stderr, "can't find symbol gss_" #name "\n"); \
goto bad; \
} \
@@ -160,7 +161,28 @@ do { \
#define OPTSYM(name) \
do { \
- m->gm_mech.gm_ ## name = dlsym(so, "gss_" #name); \
+ m->gm_mech.gm_ ## name = dlsym(so, "gss_" #name); \
+ if (m->gm_mech.gm_ ## name == gss_ ## name) \
+ m->gm_mech.gm_ ## name = NULL; \
+} while (0)
+
+#define OPTSPISYM(name) \
+do { \
+ m->gm_mech.gm_ ## name = dlsym(so, "gssspi_" #name); \
+} while (0)
+
+#define COMPATSYM(name) \
+do { \
+ m->gm_mech.gm_compat->gmc_ ## name = dlsym(so, "gss_" #name); \
+ if (m->gm_mech.gm_compat->gmc_ ## name == gss_ ## name) \
+ m->gm_mech.gm_compat->gmc_ ## name = NULL; \
+} while (0)
+
+#define COMPATSPISYM(name) \
+do { \
+ m->gm_mech.gm_compat->gmc_ ## name = dlsym(so, "gssspi_" #name);\
+ if (m->gm_mech.gm_compat->gmc_ ## name == gss_ ## name) \
+ m->gm_mech.gm_compat->gmc_ ## name = NULL; \
} while (0)
/*
@@ -283,28 +305,26 @@ _gss_load_mech(void)
#endif
so = dlopen(lib, RTLD_LAZY | RTLD_LOCAL | RTLD_GROUP);
- if (!so) {
+ if (so == NULL) {
/* fprintf(stderr, "dlopen: %s\n", dlerror()); */
- free(mech_oid.elements);
- continue;
+ goto bad;
}
- m = malloc(sizeof(*m));
- if (!m) {
- free(mech_oid.elements);
- break;
- }
+ m = calloc(1, sizeof(*m));
+ if (m == NULL)
+ goto bad;
+
m->gm_so = so;
m->gm_mech.gm_mech_oid = mech_oid;
m->gm_mech.gm_flags = 0;
-
+ m->gm_mech.gm_compat = calloc(1, sizeof(struct gss_mech_compat_desc_struct));
+ if (m->gm_mech.gm_compat == NULL)
+ goto bad;
+
major_status = gss_add_oid_set_member(&minor_status,
&m->gm_mech.gm_mech_oid, &_gss_mech_oids);
- if (major_status) {
- free(m->gm_mech.gm_mech_oid.elements);
- free(m);
- continue;
- }
+ if (GSS_ERROR(major_status))
+ goto bad;
SYM(acquire_cred);
SYM(release_cred);
@@ -338,34 +358,64 @@ _gss_load_mech(void)
OPTSYM(inquire_cred_by_oid);
OPTSYM(inquire_sec_context_by_oid);
OPTSYM(set_sec_context_option);
- OPTSYM(set_cred_option);
+ OPTSPISYM(set_cred_option);
OPTSYM(pseudo_random);
OPTSYM(wrap_iov);
OPTSYM(unwrap_iov);
OPTSYM(wrap_iov_length);
+ OPTSYM(store_cred);
+ OPTSYM(export_cred);
+ OPTSYM(import_cred);
+#if 0
+ OPTSYM(acquire_cred_ext);
+ OPTSYM(iter_creds);
+ OPTSYM(destroy_cred);
+ OPTSYM(cred_hold);
+ OPTSYM(cred_unhold);
+ OPTSYM(cred_label_get);
+ OPTSYM(cred_label_set);
+#endif
OPTSYM(display_name_ext);
OPTSYM(inquire_name);
OPTSYM(get_name_attribute);
OPTSYM(set_name_attribute);
OPTSYM(delete_name_attribute);
OPTSYM(export_name_composite);
+ OPTSYM(pname_to_uid);
+ OPTSPISYM(authorize_localname);
mi = dlsym(so, "gss_mo_init");
if (mi != NULL) {
- major_status = mi(&minor_status,
- &mech_oid,
- &m->gm_mech.gm_mo,
- &m->gm_mech.gm_mo_num);
+ major_status = mi(&minor_status, &mech_oid,
+ &m->gm_mech.gm_mo, &m->gm_mech.gm_mo_num);
if (GSS_ERROR(major_status))
goto bad;
+ } else {
+ /* API-as-SPI compatibility */
+ COMPATSYM(inquire_saslname_for_mech);
+ COMPATSYM(inquire_mech_for_saslname);
+ COMPATSYM(inquire_attrs_for_mech);
+ COMPATSPISYM(acquire_cred_with_password);
}
+ /* pick up the oid sets of names */
+
+ if (m->gm_mech.gm_inquire_names_for_mech)
+ (*m->gm_mech.gm_inquire_names_for_mech)(&minor_status,
+ &m->gm_mech.gm_mech_oid, &m->gm_name_types);
+
+ if (m->gm_name_types == NULL)
+ gss_create_empty_oid_set(&minor_status, &m->gm_name_types);
+
HEIM_SLIST_INSERT_HEAD(&_gss_mechs, m, gm_link);
continue;
bad:
- free(m->gm_mech.gm_mech_oid.elements);
- free(m);
+ if (m != NULL) {
+ free(m->gm_mech.gm_compat);
+ free(m->gm_mech.gm_mech_oid.elements);
+ free(m);
+ }
dlclose(so);
continue;
}
diff --git a/source4/heimdal/lib/gssapi/mech/gss_mo.c b/source4/heimdal/lib/gssapi/mech/gss_mo.c
index cb24b764a5..ad74d9237a 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_mo.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_mo.c
@@ -4,6 +4,7 @@
* All rights reserved.
*
* Portions Copyright (c) 2010 Apple Inc. All rights reserved.
+ * Portions Copyright (c) 2010 PADL Software Pty Ltd. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -35,13 +36,14 @@
#include "mech_locl.h"
+#include <crypto-headers.h>
+
static int
get_option_def(int def, gss_const_OID mech, gss_mo_desc *mo, gss_buffer_t value)
{
return def;
}
-
int
_gss_mo_get_option_1(gss_const_OID mech, gss_mo_desc *mo, gss_buffer_t value)
{
@@ -60,10 +62,10 @@ _gss_mo_get_ctx_as_string(gss_const_OID mech, gss_mo_desc *mo, gss_buffer_t valu
if (value) {
value->value = strdup((char *)mo->ctx);
if (value->value == NULL)
- return 1;
+ return GSS_S_FAILURE;
value->length = strlen((char *)mo->ctx);
}
- return 0;
+ return GSS_S_COMPLETE;
}
GSSAPI_LIB_FUNCTION int GSSAPI_LIB_CALL
@@ -79,7 +81,8 @@ gss_mo_set(gss_const_OID mech, gss_const_OID option,
for (n = 0; n < m->gm_mo_num; n++)
if (gss_oid_equal(option, m->gm_mo[n].option) && m->gm_mo[n].set)
return m->gm_mo[n].set(mech, &m->gm_mo[n], enable, value);
- return 0;
+
+ return GSS_S_UNAVAILABLE;
}
GSSAPI_LIB_FUNCTION int GSSAPI_LIB_CALL
@@ -91,13 +94,13 @@ gss_mo_get(gss_const_OID mech, gss_const_OID option, gss_buffer_t value)
_mg_buffer_zero(value);
if ((m = __gss_get_mechanism(mech)) == NULL)
- return 0;
+ return GSS_S_BAD_MECH;
for (n = 0; n < m->gm_mo_num; n++)
if (gss_oid_equal(option, m->gm_mo[n].option) && m->gm_mo[n].get)
return m->gm_mo[n].get(mech, &m->gm_mo[n], value);
- return 0;
+ return GSS_S_UNAVAILABLE;
}
static void
@@ -147,7 +150,8 @@ gss_mo_name(gss_const_OID mech, gss_const_OID option, gss_buffer_t name)
for (n = 0; n < m->gm_mo_num; n++) {
if (gss_oid_equal(option, m->gm_mo[n].option)) {
/*
- * If ther is no name, its because its a GSS_C_MA and there is already a table for that.
+ * If there is no name, its because its a GSS_C_MA and
+ * there is already a table for that.
*/
if (m->gm_mo[n].name) {
name->value = strdup(m->gm_mo[n].name);
@@ -175,14 +179,86 @@ mo_value(const gss_const_OID mech, gss_const_OID option, gss_buffer_t name)
if (name == NULL)
return GSS_S_COMPLETE;
- if (gss_mo_get(mech, option, name) != 0 && name->length == 0)
- return GSS_S_FAILURE;
+ return gss_mo_get(mech, option, name);
+}
+
+/* code derived from draft-ietf-cat-sasl-gssapi-01 */
+static char basis_32[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567";
+
+static OM_uint32
+make_sasl_name(OM_uint32 *minor, const gss_OID mech, char sasl_name[16])
+{
+ EVP_MD_CTX *ctx;
+ char *p = sasl_name;
+ u_char hdr[2], hash[20], *h = hash;
+
+ if (mech->length > 127)
+ return GSS_S_BAD_MECH;
+
+ hdr[0] = 0x06;
+ hdr[1] = mech->length;
+
+ ctx = EVP_MD_CTX_create();
+ EVP_DigestInit_ex(ctx, EVP_sha1(), NULL);
+ EVP_DigestUpdate(ctx, hdr, 2);
+ EVP_DigestUpdate(ctx, mech->elements, mech->length);
+ EVP_DigestFinal_ex(ctx, hash, NULL);
+
+ memcpy(p, "GS2-", 4);
+ p += 4;
+
+ *p++ = basis_32[(h[0] >> 3)];
+ *p++ = basis_32[((h[0] & 7) << 2) | (h[1] >> 6)];
+ *p++ = basis_32[(h[1] & 0x3f) >> 1];
+ *p++ = basis_32[((h[1] & 1) << 4) | (h[2] >> 4)];
+ *p++ = basis_32[((h[2] & 0xf) << 1) | (h[3] >> 7)];
+ *p++ = basis_32[(h[3] & 0x7f) >> 2];
+ *p++ = basis_32[((h[3] & 3) << 3) | (h[4] >> 5)];
+ *p++ = basis_32[(h[4] & 0x1f)];
+ *p++ = basis_32[(h[5] >> 3)];
+ *p++ = basis_32[((h[5] & 7) << 2) | (h[6] >> 6)];
+ *p++ = basis_32[(h[6] & 0x3f) >> 1];
+
+ *p = '\0';
return GSS_S_COMPLETE;
}
+/*
+ * gss_inquire_saslname_for_mech() wrapper that uses MIT SPI
+ */
+static OM_uint32
+inquire_saslname_for_mech_compat(OM_uint32 *minor,
+ const gss_OID desired_mech,
+ gss_buffer_t sasl_mech_name,
+ gss_buffer_t mech_name,
+ gss_buffer_t mech_description)
+{
+ struct gss_mech_compat_desc_struct *gmc;
+ gssapi_mech_interface m;
+ OM_uint32 major;
+
+ m = __gss_get_mechanism(desired_mech);
+ if (m == NULL)
+ return GSS_S_BAD_MECH;
+
+ gmc = m->gm_compat;
+
+ if (gmc != NULL && gmc->gmc_inquire_saslname_for_mech != NULL) {
+ major = gmc->gmc_inquire_saslname_for_mech(minor,
+ desired_mech,
+ sasl_mech_name,
+ mech_name,
+ mech_description);
+ } else {
+ major = GSS_S_UNAVAILABLE;
+ }
+
+ return major;
+}
+
/**
- * Returns differnt protocol names and description of the mechanism.
+ * Returns different protocol names and description of the mechanism.
*
* @param minor_status minor status code
* @param desired_mech mech list query
@@ -215,15 +291,41 @@ gss_inquire_saslname_for_mech(OM_uint32 *minor_status,
return GSS_S_BAD_MECH;
major = mo_value(desired_mech, GSS_C_MA_SASL_MECH_NAME, sasl_mech_name);
- if (major) return major;
+ if (major == GSS_S_COMPLETE) {
+ /* Native SPI */
+ major = mo_value(desired_mech, GSS_C_MA_MECH_NAME, mech_name);
+ if (GSS_ERROR(major))
+ return major;
+
+ major = mo_value(desired_mech, GSS_C_MA_MECH_DESCRIPTION, mech_description);
+ if (GSS_ERROR(major))
+ return major;
+ }
- major = mo_value(desired_mech, GSS_C_MA_MECH_NAME, mech_name);
- if (major) return major;
+ if (GSS_ERROR(major)) {
+ /* API-as-SPI compatibility */
+ major = inquire_saslname_for_mech_compat(minor_status,
+ desired_mech,
+ sasl_mech_name,
+ mech_name,
+ mech_description);
+ }
- major = mo_value(desired_mech, GSS_C_MA_MECH_DESCRIPTION, mech_description);
- if (major) return major;
+ if (GSS_ERROR(major)) {
+ /* Algorithmically dervied SASL mechanism name */
+ char buf[16];
+ gss_buffer_desc tmp = { sizeof(buf) - 1, buf };
- return GSS_S_COMPLETE;
+ major = make_sasl_name(minor_status, desired_mech, buf);
+ if (GSS_ERROR(major))
+ return major;
+
+ major = _gss_copy_buffer(minor_status, &tmp, sasl_mech_name);
+ if (GSS_ERROR(major))
+ return major;
+ }
+
+ return major;
}
/**
@@ -243,29 +345,91 @@ gss_inquire_mech_for_saslname(OM_uint32 *minor_status,
{
struct _gss_mech_switch *m;
gss_buffer_desc name;
- OM_uint32 major;
+ OM_uint32 major, junk;
+ char buf[16];
_gss_load_mech();
*mech_type = NULL;
HEIM_SLIST_FOREACH(m, &_gss_mechs, gm_link) {
-
- major = mo_value(&m->gm_mech_oid, GSS_C_MA_SASL_MECH_NAME, &name);
- if (major)
- continue;
- if (name.length == sasl_mech_name->length &&
- memcmp(name.value, sasl_mech_name->value, name.length) == 0) {
- gss_release_buffer(&major, &name);
- *mech_type = &m->gm_mech_oid;
- return 0;
+ struct gss_mech_compat_desc_struct *gmc;
+
+ /* Native SPI */
+ major = mo_value(&m->gm_mech_oid, GSS_C_MA_SASL_MECH_NAME, &name);
+ if (major == GSS_S_COMPLETE &&
+ name.length == sasl_mech_name->length &&
+ memcmp(name.value, sasl_mech_name->value, name.length) == 0) {
+ gss_release_buffer(&junk, &name);
+ *mech_type = &m->gm_mech_oid;
+ return GSS_S_COMPLETE;
}
- gss_release_buffer(&major, &name);
+ gss_release_buffer(&junk, &name);
+
+ if (GSS_ERROR(major)) {
+ /* API-as-SPI compatibility */
+ gmc = m->gm_mech.gm_compat;
+ if (gmc && gmc->gmc_inquire_mech_for_saslname) {
+ major = gmc->gmc_inquire_mech_for_saslname(minor_status,
+ sasl_mech_name,
+ mech_type);
+ if (major == GSS_S_COMPLETE)
+ return GSS_S_COMPLETE;
+ }
+ }
+
+ if (GSS_ERROR(major)) {
+ /* Algorithmically dervied SASL mechanism name */
+ if (sasl_mech_name->length == 16 &&
+ make_sasl_name(minor_status, &m->gm_mech_oid, buf) == GSS_S_COMPLETE &&
+ memcmp(buf, sasl_mech_name->value, 16) == 0) {
+ *mech_type = &m->gm_mech_oid;
+ return GSS_S_COMPLETE;
+ }
+ }
}
return GSS_S_BAD_MECH;
}
+/*
+ * Test mechanism against indicated attributes using both Heimdal and
+ * MIT SPIs.
+ */
+static int
+test_mech_attrs(gssapi_mech_interface mi,
+ gss_const_OID_set mech_attrs,
+ gss_const_OID_set against_attrs,
+ int except)
+{
+ size_t n, m;
+ int eq = 0;
+
+ if (against_attrs == GSS_C_NO_OID_SET)
+ return 1;
+
+ for (n = 0; n < against_attrs->count; n++) {
+ for (m = 0; m < mi->gm_mo_num; m++) {
+ eq = gss_oid_equal(mi->gm_mo[m].option,
+ &against_attrs->elements[n]);
+ if (eq)
+ break;
+ }
+ if (mech_attrs != GSS_C_NO_OID_SET) {
+ for (m = 0; m < mech_attrs->count; m++) {
+ eq = gss_oid_equal(&mech_attrs->elements[m],
+ &against_attrs->elements[n]);
+ if (eq)
+ break;
+ }
+ }
+ if (!eq ^ except)
+ return 0;
+ }
+
+ return 1;
+}
+
/**
* Return set of mechanism that fullfill the criteria
*
@@ -286,57 +450,49 @@ gss_indicate_mechs_by_attrs(OM_uint32 * minor_status,
gss_OID_set *mechs)
{
struct _gss_mech_switch *ms;
+ gss_OID_set mech_attrs = GSS_C_NO_OID_SET;
+ gss_OID_set known_mech_attrs = GSS_C_NO_OID_SET;
OM_uint32 major;
- size_t n, m;
major = gss_create_empty_oid_set(minor_status, mechs);
- if (major)
+ if (GSS_ERROR(major))
return major;
_gss_load_mech();
HEIM_SLIST_FOREACH(ms, &_gss_mechs, gm_link) {
gssapi_mech_interface mi = &ms->gm_mech;
-
- if (desired_mech_attrs) {
- for (n = 0; n < desired_mech_attrs->count; n++) {
- for (m = 0; m < mi->gm_mo_num; m++)
- if (gss_oid_equal(mi->gm_mo[m].option, &desired_mech_attrs->elements[n]))
- break;
- if (m == mi->gm_mo_num)
- goto next;
- }
- }
-
- if (except_mech_attrs) {
- for (n = 0; n < desired_mech_attrs->count; n++) {
- for (m = 0; m < mi->gm_mo_num; m++) {
- if (gss_oid_equal(mi->gm_mo[m].option, &desired_mech_attrs->elements[n]))
- goto next;
- }
- }
- }
-
- if (critical_mech_attrs) {
- for (n = 0; n < desired_mech_attrs->count; n++) {
- for (m = 0; m < mi->gm_mo_num; m++) {
- if (mi->gm_mo[m].flags & GSS_MO_MA_CRITICAL)
- continue;
- if (gss_oid_equal(mi->gm_mo[m].option, &desired_mech_attrs->elements[n]))
- break;
- }
- if (m == mi->gm_mo_num)
- goto next;
- }
- }
-
-
- next:
- do { } while(0);
+ struct gss_mech_compat_desc_struct *gmc = mi->gm_compat;
+ OM_uint32 tmp;
+
+ if (gmc && gmc->gmc_inquire_attrs_for_mech) {
+ major = gmc->gmc_inquire_attrs_for_mech(minor_status,
+ &mi->gm_mech_oid,
+ &mech_attrs,
+ &known_mech_attrs);
+ if (GSS_ERROR(major))
+ continue;
+ }
+
+ /*
+ * Test mechanism supports all of desired_mech_attrs;
+ * none of except_mech_attrs;
+ * and knows of all critical_mech_attrs.
+ */
+ if (test_mech_attrs(mi, mech_attrs, desired_mech_attrs, 0) &&
+ test_mech_attrs(mi, mech_attrs, except_mech_attrs, 1) &&
+ test_mech_attrs(mi, known_mech_attrs, critical_mech_attrs, 0)) {
+ major = gss_add_oid_set_member(minor_status, &mi->gm_mech_oid, mechs);
+ }
+
+ gss_release_oid_set(&tmp, &mech_attrs);
+ gss_release_oid_set(&tmp, &known_mech_attrs);
+
+ if (GSS_ERROR(major))
+ break;
}
-
- return GSS_S_FAILURE;
+ return major;
}
/**
@@ -361,30 +517,45 @@ gss_inquire_attrs_for_mech(OM_uint32 * minor_status,
{
OM_uint32 major, junk;
+ if (known_mech_attrs)
+ *known_mech_attrs = GSS_C_NO_OID_SET;
+
if (mech_attr && mech) {
gssapi_mech_interface m;
+ struct gss_mech_compat_desc_struct *gmc;
if ((m = __gss_get_mechanism(mech)) == NULL) {
*minor_status = 0;
return GSS_S_BAD_MECH;
}
- major = gss_create_empty_oid_set(minor_status, mech_attr);
- if (major != GSS_S_COMPLETE)
+ gmc = m->gm_compat;
+
+ if (gmc && gmc->gmc_inquire_attrs_for_mech) {
+ major = gmc->gmc_inquire_attrs_for_mech(minor_status,
+ mech,
+ mech_attr,
+ known_mech_attrs);
+ } else {
+ major = gss_create_empty_oid_set(minor_status, mech_attr);
+ if (major == GSS_S_COMPLETE)
+ add_all_mo(m, mech_attr, GSS_MO_MA);
+ }
+ if (GSS_ERROR(major))
return major;
-
- add_all_mo(m, mech_attr, GSS_MO_MA);
- }
+ }
if (known_mech_attrs) {
struct _gss_mech_switch *m;
- major = gss_create_empty_oid_set(minor_status, known_mech_attrs);
- if (major) {
- if (mech_attr)
- gss_release_oid_set(&junk, mech_attr);
- return major;
- }
+ if (*known_mech_attrs == GSS_C_NO_OID_SET) {
+ major = gss_create_empty_oid_set(minor_status, known_mech_attrs);
+ if (GSS_ERROR(major)) {
+ if (mech_attr)
+ gss_release_oid_set(&junk, mech_attr);
+ return major;
+ }
+ }
_gss_load_mech();
@@ -434,28 +605,28 @@ gss_display_mech_attr(OM_uint32 * minor_status,
return GSS_S_BAD_MECH_ATTR;
if (name) {
- gss_buffer_desc n;
- n.value = rk_UNCONST(ma->name);
- n.length = strlen(ma->name);
- major = _gss_copy_buffer(minor_status, &n, name);
+ gss_buffer_desc bd;
+ bd.value = rk_UNCONST(ma->name);
+ bd.length = strlen(ma->name);
+ major = _gss_copy_buffer(minor_status, &bd, name);
if (major != GSS_S_COMPLETE)
return major;
}
if (short_desc) {
- gss_buffer_desc n;
- n.value = rk_UNCONST(ma->short_desc);
- n.length = strlen(ma->short_desc);
- major = _gss_copy_buffer(minor_status, &n, short_desc);
+ gss_buffer_desc bd;
+ bd.value = rk_UNCONST(ma->short_desc);
+ bd.length = strlen(ma->short_desc);
+ major = _gss_copy_buffer(minor_status, &bd, short_desc);
if (major != GSS_S_COMPLETE)
return major;
}
if (long_desc) {
- gss_buffer_desc n;
- n.value = rk_UNCONST(ma->long_desc);
- n.length = strlen(ma->long_desc);
- major = _gss_copy_buffer(minor_status, &n, long_desc);
+ gss_buffer_desc bd;
+ bd.value = rk_UNCONST(ma->long_desc);
+ bd.length = strlen(ma->long_desc);
+ major = _gss_copy_buffer(minor_status, &bd, long_desc);
if (major != GSS_S_COMPLETE)
return major;
}
diff --git a/source4/heimdal/lib/gssapi/mech/gss_names.c b/source4/heimdal/lib/gssapi/mech/gss_names.c
index 4b470c775f..43e0e2a85c 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_names.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_names.c
@@ -58,7 +58,7 @@ _gss_find_mn(OM_uint32 *minor_status, struct _gss_name *name, gss_OID mech,
mn = malloc(sizeof(struct _gss_mechanism_name));
if (!mn)
return GSS_S_FAILURE;
-
+
major_status = m->gm_import_name(minor_status,
&name->gn_value,
(name->gn_type.elements
diff --git a/source4/heimdal/lib/gssapi/mech/gss_oid.c b/source4/heimdal/lib/gssapi/mech/gss_oid.c
index bac97cacd0..916d1e4dda 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_oid.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_oid.c
@@ -2,220 +2,226 @@
#include "mech_locl.h"
/* GSS_KRB5_COPY_CCACHE_X - 1.2.752.43.13.1 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_copy_ccache_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x01" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_copy_ccache_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x01") };
/* GSS_KRB5_GET_TKT_FLAGS_X - 1.2.752.43.13.2 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_tkt_flags_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x02" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_tkt_flags_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x02") };
/* GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X - 1.2.752.43.13.3 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_extract_authz_data_from_sec_context_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x03" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_extract_authz_data_from_sec_context_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x03") };
/* GSS_KRB5_COMPAT_DES3_MIC_X - 1.2.752.43.13.4 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_compat_des3_mic_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x04" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_compat_des3_mic_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x04") };
/* GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X - 1.2.752.43.13.5 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_register_acceptor_identity_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x05" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_register_acceptor_identity_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x05") };
/* GSS_KRB5_EXPORT_LUCID_CONTEXT_X - 1.2.752.43.13.6 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_export_lucid_context_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x06" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_export_lucid_context_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x06") };
/* GSS_KRB5_EXPORT_LUCID_CONTEXT_V1_X - 1.2.752.43.13.6.1 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_export_lucid_context_v1_x_oid_desc = { 7, "\x2a\x85\x70\x2b\x0d\x06\x01" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_export_lucid_context_v1_x_oid_desc = { 7, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x06\x01") };
/* GSS_KRB5_SET_DNS_CANONICALIZE_X - 1.2.752.43.13.7 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_dns_canonicalize_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x07" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_dns_canonicalize_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x07") };
/* GSS_KRB5_GET_SUBKEY_X - 1.2.752.43.13.8 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_subkey_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x08" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_subkey_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x08") };
/* GSS_KRB5_GET_INITIATOR_SUBKEY_X - 1.2.752.43.13.9 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_initiator_subkey_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x09" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_initiator_subkey_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x09") };
/* GSS_KRB5_GET_ACCEPTOR_SUBKEY_X - 1.2.752.43.13.10 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_acceptor_subkey_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x0a" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_acceptor_subkey_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0a") };
/* GSS_KRB5_SEND_TO_KDC_X - 1.2.752.43.13.11 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_send_to_kdc_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x0b" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_send_to_kdc_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0b") };
/* GSS_KRB5_GET_AUTHTIME_X - 1.2.752.43.13.12 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_authtime_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x0c" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_authtime_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0c") };
/* GSS_KRB5_GET_SERVICE_KEYBLOCK_X - 1.2.752.43.13.13 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_service_keyblock_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x0d" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_service_keyblock_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0d") };
/* GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X - 1.2.752.43.13.14 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_allowable_enctypes_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x0e" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_allowable_enctypes_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0e") };
/* GSS_KRB5_SET_DEFAULT_REALM_X - 1.2.752.43.13.15 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_default_realm_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x0f" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_default_realm_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0f") };
/* GSS_KRB5_CCACHE_NAME_X - 1.2.752.43.13.16 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_ccache_name_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x10" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_ccache_name_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x10") };
/* GSS_KRB5_SET_TIME_OFFSET_X - 1.2.752.43.13.17 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_time_offset_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x11" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_time_offset_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x11") };
/* GSS_KRB5_GET_TIME_OFFSET_X - 1.2.752.43.13.18 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_time_offset_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x12" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_time_offset_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x12") };
/* GSS_KRB5_PLUGIN_REGISTER_X - 1.2.752.43.13.19 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_plugin_register_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x13" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_plugin_register_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x13") };
/* GSS_NTLM_GET_SESSION_KEY_X - 1.2.752.43.13.20 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_ntlm_get_session_key_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x14" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_ntlm_get_session_key_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x14") };
/* GSS_C_NT_NTLM - 1.2.752.43.13.21 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_ntlm_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x15" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_ntlm_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x15") };
/* GSS_C_NT_DN - 1.2.752.43.13.22 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_dn_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x16" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_dn_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x16") };
/* GSS_KRB5_NT_PRINCIPAL_NAME_REFERRAL - 1.2.752.43.13.23 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_nt_principal_name_referral_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x17" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_nt_principal_name_referral_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x17") };
/* GSS_C_NTLM_AVGUEST - 1.2.752.43.13.24 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_avguest_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x18" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_avguest_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x18") };
/* GSS_C_NTLM_V1 - 1.2.752.43.13.25 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_v1_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x19" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_v1_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x19") };
/* GSS_C_NTLM_V2 - 1.2.752.43.13.26 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_v2_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x1a" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_v2_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x1a") };
/* GSS_C_NTLM_SESSION_KEY - 1.2.752.43.13.27 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_session_key_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x1b" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_session_key_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x1b") };
/* GSS_C_NTLM_FORCE_V1 - 1.2.752.43.13.28 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_force_v1_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x1c" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_force_v1_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x1c") };
/* GSS_KRB5_CRED_NO_CI_FLAGS_X - 1.2.752.43.13.29 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_cred_no_ci_flags_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x1d" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_cred_no_ci_flags_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x1d") };
/* GSS_KRB5_IMPORT_CRED_X - 1.2.752.43.13.30 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_import_cred_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x1e" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_import_cred_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x1e") };
/* GSS_C_MA_SASL_MECH_NAME - 1.2.752.43.13.100 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_sasl_mech_name_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x64" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_sasl_mech_name_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x64") };
/* GSS_C_MA_MECH_NAME - 1.2.752.43.13.101 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_name_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x65" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_name_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x65") };
/* GSS_C_MA_MECH_DESCRIPTION - 1.2.752.43.13.102 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_description_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x66" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_description_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x66") };
+
+/* GSS_C_CRED_PASSWORD - 1.2.752.43.13.200 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_cred_password_oid_desc = { 7, "\x2a\x85\x70\x2b\x0d\x81\x48" };
+
+/* GSS_C_CRED_CERTIFICATE - 1.2.752.43.13.201 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_cred_certificate_oid_desc = { 7, "\x2a\x85\x70\x2b\x0d\x81\x49" };
/* GSS_SASL_DIGEST_MD5_MECHANISM - 1.2.752.43.14.1 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_sasl_digest_md5_mechanism_oid_desc = { 6, "\x2a\x85\x70\x2b\x0e\x01" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_sasl_digest_md5_mechanism_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0e\x01") };
/* GSS_NETLOGON_MECHANISM - 1.2.752.43.14.2 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_mechanism_oid_desc = { 6, "\x2a\x85\x70\x2b\x0e\x02" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_mechanism_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0e\x02") };
/* GSS_NETLOGON_SET_SESSION_KEY_X - 1.2.752.43.14.3 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_set_session_key_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0e\x03" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_set_session_key_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0e\x03") };
/* GSS_NETLOGON_SET_SIGN_ALGORITHM_X - 1.2.752.43.14.4 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_set_sign_algorithm_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0e\x04" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_set_sign_algorithm_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0e\x04") };
/* GSS_NETLOGON_NT_NETBIOS_DNS_NAME - 1.2.752.43.14.5 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_nt_netbios_dns_name_oid_desc = { 6, "\x2a\x85\x70\x2b\x0e\x05" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_nt_netbios_dns_name_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0e\x05") };
/* GSS_C_INQ_WIN2K_PAC_X - 1.2.752.43.13.3.128 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_inq_win2k_pac_x_oid_desc = { 8, "\x2a\x85\x70\x2b\x0d\x03\x81\x00" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_inq_win2k_pac_x_oid_desc = { 8, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x03\x81\x00") };
/* GSS_C_INQ_SSPI_SESSION_KEY - 1.2.840.113554.1.2.2.5.5 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_inq_sspi_session_key_oid_desc = { 11, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x05" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_inq_sspi_session_key_oid_desc = { 11, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x05") };
/* GSS_KRB5_MECHANISM - 1.2.840.113554.1.2.2 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_mechanism_oid_desc = { 9, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_mechanism_oid_desc = { 9, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02") };
/* GSS_NTLM_MECHANISM - 1.3.6.1.4.1.311.2.2.10 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_ntlm_mechanism_oid_desc = { 10, "\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_ntlm_mechanism_oid_desc = { 10, rk_UNCONST("\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a") };
/* GSS_SPNEGO_MECHANISM - 1.3.6.1.5.5.2 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_spnego_mechanism_oid_desc = { 6, "\x2b\x06\x01\x05\x05\x02" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_spnego_mechanism_oid_desc = { 6, rk_UNCONST("\x2b\x06\x01\x05\x05\x02") };
/* GSS_C_PEER_HAS_UPDATED_SPNEGO - 1.3.6.1.4.1.9513.19.5 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_peer_has_updated_spnego_oid_desc = { 9, "\x2b\x06\x01\x04\x01\xca\x29\x13\x05" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_peer_has_updated_spnego_oid_desc = { 9, rk_UNCONST("\x2b\x06\x01\x04\x01\xca\x29\x13\x05") };
/* GSS_C_MA_MECH_CONCRETE - 1.3.6.1.5.5.13.1 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_concrete_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x01" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_concrete_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x01") };
/* GSS_C_MA_MECH_PSEUDO - 1.3.6.1.5.5.13.2 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_pseudo_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x02" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_pseudo_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x02") };
/* GSS_C_MA_MECH_COMPOSITE - 1.3.6.1.5.5.13.3 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_composite_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x03" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_composite_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x03") };
/* GSS_C_MA_MECH_NEGO - 1.3.6.1.5.5.13.4 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_nego_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x04" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_nego_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x04") };
/* GSS_C_MA_MECH_GLUE - 1.3.6.1.5.5.13.5 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_glue_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x05" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_glue_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x05") };
/* GSS_C_MA_NOT_MECH - 1.3.6.1.5.5.13.6 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_not_mech_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x06" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_not_mech_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x06") };
/* GSS_C_MA_DEPRECATED - 1.3.6.1.5.5.13.7 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_deprecated_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x07" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_deprecated_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x07") };
/* GSS_C_MA_NOT_DFLT_MECH - 1.3.6.1.5.5.13.8 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_not_dflt_mech_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x08" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_not_dflt_mech_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x08") };
/* GSS_C_MA_ITOK_FRAMED - 1.3.6.1.5.5.13.9 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_itok_framed_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x09" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_itok_framed_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x09") };
/* GSS_C_MA_AUTH_INIT - 1.3.6.1.5.5.13.10 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_init_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x0a" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_init_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x0a") };
/* GSS_C_MA_AUTH_TARG - 1.3.6.1.5.5.13.11 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_targ_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x0b" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_targ_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x0b") };
/* GSS_C_MA_AUTH_INIT_INIT - 1.3.6.1.5.5.13.12 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_init_init_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x0c" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_init_init_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x0c") };
/* GSS_C_MA_AUTH_TARG_INIT - 1.3.6.1.5.5.13.13 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_targ_init_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x0d" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_targ_init_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x0d") };
/* GSS_C_MA_AUTH_INIT_ANON - 1.3.6.1.5.5.13.14 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_init_anon_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x0e" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_init_anon_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x0e") };
/* GSS_C_MA_AUTH_TARG_ANON - 1.3.6.1.5.5.13.15 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_targ_anon_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x0f" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_targ_anon_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x0f") };
/* GSS_C_MA_DELEG_CRED - 1.3.6.1.5.5.13.16 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_deleg_cred_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x10" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_deleg_cred_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x10") };
/* GSS_C_MA_INTEG_PROT - 1.3.6.1.5.5.13.17 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_integ_prot_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x11" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_integ_prot_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x11") };
/* GSS_C_MA_CONF_PROT - 1.3.6.1.5.5.13.18 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_conf_prot_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x12" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_conf_prot_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x12") };
/* GSS_C_MA_MIC - 1.3.6.1.5.5.13.19 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mic_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x13" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mic_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x13") };
/* GSS_C_MA_WRAP - 1.3.6.1.5.5.13.20 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_wrap_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x14" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_wrap_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x14") };
/* GSS_C_MA_PROT_READY - 1.3.6.1.5.5.13.21 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_prot_ready_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x15" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_prot_ready_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x15") };
/* GSS_C_MA_REPLAY_DET - 1.3.6.1.5.5.13.22 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_replay_det_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x16" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_replay_det_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x16") };
/* GSS_C_MA_OOS_DET - 1.3.6.1.5.5.13.23 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_oos_det_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x17" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_oos_det_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x17") };
/* GSS_C_MA_CBINDINGS - 1.3.6.1.5.5.13.24 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_cbindings_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x18" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_cbindings_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x18") };
/* GSS_C_MA_PFS - 1.3.6.1.5.5.13.25 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_pfs_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x19" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_pfs_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x19") };
/* GSS_C_MA_COMPRESS - 1.3.6.1.5.5.13.26 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_compress_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x1a" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_compress_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x1a") };
/* GSS_C_MA_CTX_TRANS - 1.3.6.1.5.5.13.27 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_ctx_trans_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x1b" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_ctx_trans_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x1b") };
struct _gss_oid_name_table _gss_ont_ma[] = {
{ GSS_C_MA_COMPRESS, "GSS_C_MA_COMPRESS", "compress", "" },
diff --git a/source4/heimdal/lib/gssapi/mech/gss_oid_equal.c b/source4/heimdal/lib/gssapi/mech/gss_oid_equal.c
index 7d6ded39e4..b125ede66f 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_oid_equal.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_oid_equal.c
@@ -43,7 +43,7 @@
*
* @return non-zero when both oid are the same OID, zero when they are
* not the same.
- *
+ *
* @ingroup gssapi
*/
diff --git a/source4/heimdal/lib/gssapi/mech/gss_release_name.c b/source4/heimdal/lib/gssapi/mech/gss_release_name.c
index 759eaec4c3..fd0b5df36b 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_release_name.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_release_name.c
@@ -40,7 +40,7 @@
*
* @returns a gss_error code, see gss_display_status() about printing
* the error code.
- *
+ *
* @ingroup gssapi
*/
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
diff --git a/source4/heimdal/lib/gssapi/mech/gss_set_cred_option.c b/source4/heimdal/lib/gssapi/mech/gss_set_cred_option.c
index 62be485a07..d33453d92f 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_set_cred_option.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_set_cred_option.c
@@ -93,13 +93,13 @@ gss_set_cred_option (OM_uint32 *minor_status,
HEIM_SLIST_FOREACH(mc, &cred->gc_mc, gmc_link) {
m = mc->gmc_mech;
-
+
if (m == NULL)
return GSS_S_BAD_MECH;
-
+
if (m->gm_set_cred_option == NULL)
continue;
-
+
major_status = m->gm_set_cred_option(minor_status,
&mc->gmc_cred, object, value);
if (major_status == GSS_S_COMPLETE)
diff --git a/source4/heimdal/lib/gssapi/mech/gss_test_oid_set_member.c b/source4/heimdal/lib/gssapi/mech/gss_test_oid_set_member.c
index 4c4d349045..715d34bf06 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_test_oid_set_member.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_test_oid_set_member.c
@@ -34,7 +34,7 @@ gss_test_oid_set_member(OM_uint32 *minor_status,
const gss_OID_set set,
int *present)
{
- int i;
+ size_t i;
*present = 0;
for (i = 0; i < set->count; i++)
diff --git a/source4/heimdal/lib/gssapi/mech/gss_wrap_size_limit.c b/source4/heimdal/lib/gssapi/mech/gss_wrap_size_limit.c
index e79814aea7..9bebcf6cf0 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_wrap_size_limit.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_wrap_size_limit.c
@@ -38,7 +38,7 @@ gss_wrap_size_limit(OM_uint32 *minor_status,
{
struct _gss_context *ctx = (struct _gss_context *) context_handle;
gssapi_mech_interface m;
-
+
*max_input_size = 0;
if (ctx == NULL) {
*minor_status = 0;
diff --git a/source4/heimdal/lib/gssapi/mech/mech_locl.h b/source4/heimdal/lib/gssapi/mech/mech_locl.h
index cb10c23c38..6c23ac5256 100644
--- a/source4/heimdal/lib/gssapi/mech/mech_locl.h
+++ b/source4/heimdal/lib/gssapi/mech/mech_locl.h
@@ -62,6 +62,7 @@
#include "mech_switch.h"
#include "name.h"
#include "utils.h"
+#include "compat.h"
#define _mg_buffer_zero(buffer) \
do { \
diff --git a/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c b/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c
index 35bc56fbb7..3a51dd3a0a 100644
--- a/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c
+++ b/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c
@@ -90,7 +90,7 @@ send_supported_mechs (OM_uint32 *minor_status,
gss_buffer_t output_token)
{
NegotiationTokenWin nt;
- size_t buf_len;
+ size_t buf_len = 0;
gss_buffer_desc data;
OM_uint32 ret;
@@ -132,8 +132,10 @@ send_supported_mechs (OM_uint32 *minor_status,
*minor_status = ret;
return GSS_S_FAILURE;
}
- if (data.length != buf_len)
+ if (data.length != buf_len) {
abort();
+ UNREACHABLE(return GSS_S_FAILURE);
+ }
ret = gss_encapsulate_token(&data, GSS_SPNEGO_MECHANISM, output_token);
@@ -316,7 +318,7 @@ select_mech(OM_uint32 *minor_status, MechType *mechType, int verify_p,
gss_OID_desc oid;
gss_OID oidp;
gss_OID_set mechs;
- int i;
+ size_t i;
OM_uint32 ret, junk;
ret = der_put_oid ((unsigned char *)mechbuf + sizeof(mechbuf) - 1,
@@ -368,12 +370,13 @@ select_mech(OM_uint32 *minor_status, MechType *mechType, int verify_p,
host = getenv("GSSAPI_SPNEGO_NAME");
if (host == NULL || issuid()) {
+ int rv;
if (gethostname(hostname, sizeof(hostname)) != 0) {
*minor_status = errno;
return GSS_S_FAILURE;
}
- i = asprintf(&str, "host@%s", hostname);
- if (i < 0 || str == NULL) {
+ rv = asprintf(&str, "host@%s", hostname);
+ if (rv < 0 || str == NULL) {
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
@@ -410,10 +413,6 @@ acceptor_complete(OM_uint32 * minor_status,
{
OM_uint32 ret;
int require_mic, verify_mic;
- gss_buffer_desc buf;
-
- buf.length = 0;
- buf.value = NULL;
ret = _gss_spnego_require_mechlist_mic(minor_status, ctx, &require_mic);
if (ret)
@@ -435,11 +434,11 @@ acceptor_complete(OM_uint32 * minor_status,
verify_mic = 0;
*get_mic = 1;
}
-
+
if (verify_mic || *get_mic) {
int eret;
- size_t buf_len;
-
+ size_t buf_len = 0;
+
ASN1_MALLOC_ENCODE(MechTypeList,
mech_buf->value, mech_buf->length,
&ctx->initiator_mech_types, &buf_len, eret);
@@ -447,24 +446,19 @@ acceptor_complete(OM_uint32 * minor_status,
*minor_status = eret;
return GSS_S_FAILURE;
}
- if (buf.length != buf_len)
- abort();
+ heim_assert(mech_buf->length == buf_len, "Internal ASN.1 error");
+ UNREACHABLE(return GSS_S_FAILURE);
}
-
+
if (verify_mic) {
ret = verify_mechlist_mic(minor_status, ctx, mech_buf, mic);
if (ret) {
if (*get_mic)
send_reject (minor_status, output_token);
- if (buf.value)
- free(buf.value);
return ret;
}
ctx->verified_mic = 1;
}
- if (buf.value)
- free(buf.value);
-
} else
*get_mic = 0;
@@ -491,7 +485,6 @@ acceptor_start
NegotiationToken nt;
size_t nt_len;
NegTokenInit *ni;
- int i;
gss_buffer_desc data;
gss_buffer_t mech_input_token = GSS_C_NO_BUFFER;
gss_buffer_desc mech_output_token;
@@ -507,7 +500,7 @@ acceptor_start
if (input_token_buffer->length == 0)
return send_supported_mechs (minor_status, output_token);
-
+
ret = _gss_spnego_alloc_sec_context(minor_status, context_handle);
if (ret != GSS_S_COMPLETE)
return ret;
@@ -573,7 +566,7 @@ acceptor_start
if (ctx->mech_src_name != GSS_C_NO_NAME)
gss_release_name(&junk, &ctx->mech_src_name);
-
+
ret = gss_accept_sec_context(minor_status,
&ctx->negotiated_ctx_id,
acceptor_cred_handle,
@@ -613,13 +606,14 @@ acceptor_start
*/
if (!first_ok && ni->mechToken != NULL) {
+ size_t j;
preferred_mech_type = GSS_C_NO_OID;
/* Call glue layer to find first mech we support */
- for (i = 1; i < ni->mechTypes.len; ++i) {
+ for (j = 1; j < ni->mechTypes.len; ++j) {
ret = select_mech(minor_status,
- &ni->mechTypes.val[i],
+ &ni->mechTypes.val[j],
1,
&preferred_mech_type);
if (ret == 0)
diff --git a/source4/heimdal/lib/gssapi/spnego/compat.c b/source4/heimdal/lib/gssapi/spnego/compat.c
index b23658cfd1..cf5ee30a84 100644
--- a/source4/heimdal/lib/gssapi/spnego/compat.c
+++ b/source4/heimdal/lib/gssapi/spnego/compat.c
@@ -41,10 +41,10 @@
* Kerberos mechanism.
*/
gss_OID_desc _gss_spnego_mskrb_mechanism_oid_desc =
- {9, (void *)"\x2a\x86\x48\x82\xf7\x12\x01\x02\x02"};
+ {9, rk_UNCONST("\x2a\x86\x48\x82\xf7\x12\x01\x02\x02")};
gss_OID_desc _gss_spnego_krb5_mechanism_oid_desc =
- {9, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02"};
+ {9, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02")};
/*
* Allocate a SPNEGO context handle
@@ -241,7 +241,7 @@ _gss_spnego_indicate_mechtypelist (OM_uint32 *minor_status,
gss_OID_set supported_mechs = GSS_C_NO_OID_SET;
gss_OID first_mech = GSS_C_NO_OID;
OM_uint32 ret;
- int i;
+ size_t i;
mechtypelist->len = 0;
mechtypelist->val = NULL;
diff --git a/source4/heimdal/lib/gssapi/spnego/context_stubs.c b/source4/heimdal/lib/gssapi/spnego/context_stubs.c
index 18c13fe299..60b348ec46 100644
--- a/source4/heimdal/lib/gssapi/spnego/context_stubs.c
+++ b/source4/heimdal/lib/gssapi/spnego/context_stubs.c
@@ -37,7 +37,7 @@ spnego_supported_mechs(OM_uint32 *minor_status, gss_OID_set *mechs)
{
OM_uint32 ret, junk;
gss_OID_set m;
- int i;
+ size_t i;
ret = gss_indicate_mechs(minor_status, &m);
if (ret != GSS_S_COMPLETE)
@@ -565,7 +565,7 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_names_for_mech (
{
gss_OID_set mechs, names, n;
OM_uint32 ret, junk;
- int i, j;
+ size_t i, j;
*name_types = NULL;
diff --git a/source4/heimdal/lib/gssapi/spnego/cred_stubs.c b/source4/heimdal/lib/gssapi/spnego/cred_stubs.c
index 2920f3d9b5..fc43d6a4a6 100644
--- a/source4/heimdal/lib/gssapi/spnego/cred_stubs.c
+++ b/source4/heimdal/lib/gssapi/spnego/cred_stubs.c
@@ -70,7 +70,7 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_acquire_cred
OM_uint32 ret, tmp;
gss_OID_set_desc actual_desired_mechs;
gss_OID_set mechs;
- int i, j;
+ size_t i, j;
*output_cred_handle = GSS_C_NO_CREDENTIAL;
diff --git a/source4/heimdal/lib/gssapi/spnego/external.c b/source4/heimdal/lib/gssapi/spnego/external.c
index 5054754150..ca06d46e82 100644
--- a/source4/heimdal/lib/gssapi/spnego/external.c
+++ b/source4/heimdal/lib/gssapi/spnego/external.c
@@ -39,13 +39,12 @@
* negotiation token is identified by the Object Identifier
* iso.org.dod.internet.security.mechanism.snego (1.3.6.1.5.5.2).
*/
-
static gss_mo_desc spnego_mo[] = {
{
GSS_C_MA_SASL_MECH_NAME,
GSS_MO_MA,
"SASL mech name",
- "SPNEGO",
+ rk_UNCONST("SPNEGO"),
_gss_mo_get_ctx_as_string,
NULL
},
@@ -53,7 +52,7 @@ static gss_mo_desc spnego_mo[] = {
GSS_C_MA_MECH_NAME,
GSS_MO_MA,
"Mechanism name",
- "SPNEGO",
+ rk_UNCONST("SPNEGO"),
_gss_mo_get_ctx_as_string,
NULL
},
@@ -61,7 +60,7 @@ static gss_mo_desc spnego_mo[] = {
GSS_C_MA_MECH_DESCRIPTION,
GSS_MO_MA,
"Mechanism description",
- "Heimdal SPNEGO Mechanism",
+ rk_UNCONST("Heimdal SPNEGO Mechanism"),
_gss_mo_get_ctx_as_string,
NULL
},
@@ -78,7 +77,7 @@ static gss_mo_desc spnego_mo[] = {
static gssapi_mech_interface_desc spnego_mech = {
GMI_VERSION,
"spnego",
- {6, (void *)"\x2b\x06\x01\x05\x05\x02"},
+ {6, rk_UNCONST("\x2b\x06\x01\x05\x05\x02") },
0,
_gss_spnego_acquire_cred,
_gss_spnego_release_cred,
@@ -128,7 +127,13 @@ static gssapi_mech_interface_desc spnego_mech = {
NULL,
NULL,
spnego_mo,
- sizeof(spnego_mo) / sizeof(spnego_mo[0])
+ sizeof(spnego_mo) / sizeof(spnego_mo[0]),
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
};
gssapi_mech_interface
diff --git a/source4/heimdal/lib/gssapi/spnego/init_sec_context.c b/source4/heimdal/lib/gssapi/spnego/init_sec_context.c
index c9e182129d..b4b1bcefc5 100644
--- a/source4/heimdal/lib/gssapi/spnego/init_sec_context.c
+++ b/source4/heimdal/lib/gssapi/spnego/init_sec_context.c
@@ -392,7 +392,7 @@ spnego_reply
NegotiationToken resp;
gss_OID_desc mech;
int require_mic;
- size_t buf_len;
+ size_t buf_len = 0;
gss_buffer_desc mic_buf, mech_buf;
gss_buffer_desc mech_output_token;
gssspnego_ctx ctx;
@@ -557,8 +557,10 @@ spnego_reply
*minor_status = ret;
return GSS_S_FAILURE;
}
- if (mech_buf.length != buf_len)
+ if (mech_buf.length != buf_len) {
abort();
+ UNREACHABLE(return GSS_S_FAILURE);
+ }
if (resp.u.negTokenResp.mechListMIC == NULL) {
HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
diff --git a/source4/heimdal/lib/gssapi/spnego/spnego_locl.h b/source4/heimdal/lib/gssapi/spnego/spnego_locl.h
index dacaa3310e..3e151c7c2a 100644
--- a/source4/heimdal/lib/gssapi/spnego/spnego_locl.h
+++ b/source4/heimdal/lib/gssapi/spnego/spnego_locl.h
@@ -71,6 +71,8 @@
#include "utils.h"
#include <der.h>
+#include <heimbase.h>
+
#define ALLOC(X, N) (X) = calloc((N), sizeof(*(X)))
typedef struct {
diff --git a/source4/heimdal/lib/gssapi/version-script.map b/source4/heimdal/lib/gssapi/version-script.map
index 7591121333..ebd8ee21ac 100644
--- a/source4/heimdal/lib/gssapi/version-script.map
+++ b/source4/heimdal/lib/gssapi/version-script.map
@@ -2,7 +2,8 @@
HEIMDAL_GSS_2.0 {
global:
- __gss_c_nt_anonymous;
+# __gss_c_nt_anonymous;
+ __gss_c_nt_anonymous_oid_desc;
__gss_c_nt_export_name_oid_desc;
__gss_c_nt_hostbased_service_oid_desc;
__gss_c_nt_hostbased_service_x_oid_desc;
@@ -11,11 +12,17 @@ HEIMDAL_GSS_2.0 {
__gss_c_nt_user_name_oid_desc;
__gss_krb5_nt_principal_name_oid_desc;
__gss_c_attr_stream_sizes_oid_desc;
+ __gss_c_cred_password_oid_desc;
+ __gss_c_cred_certificate_oid_desc;
+ GSS_C_ATTR_LOCAL_LOGIN_USER;
gss_accept_sec_context;
gss_acquire_cred;
+ gss_acquire_cred_with_password;
gss_add_buffer_set_member;
gss_add_cred;
+ gss_add_cred_with_password;
gss_add_oid_set_member;
+ gss_authorize_localname;
gss_canonicalize_name;
gss_compare_name;
gss_context_query_attributes;
@@ -61,6 +68,7 @@ HEIMDAL_GSS_2.0 {
gss_mg_collect_error;
gss_oid_equal;
gss_oid_to_str;
+ gss_pname_to_uid;
gss_process_context_token;
gss_pseudo_random;
gss_release_buffer;
@@ -75,10 +83,12 @@ HEIMDAL_GSS_2.0 {
gss_set_name_attribute;
gss_set_sec_context_option;
gss_sign;
+ gss_store_cred;
gss_test_oid_set_member;
gss_unseal;
gss_unwrap;
gss_unwrap_iov;
+ gss_userok;
gss_verify;
gss_verify_mic;
gss_wrap;
diff --git a/source4/heimdal/lib/hcrypto/camellia-ntt.c b/source4/heimdal/lib/hcrypto/camellia-ntt.c
index 79c5a884ec..0ee13f3f54 100644
--- a/source4/heimdal/lib/hcrypto/camellia-ntt.c
+++ b/source4/heimdal/lib/hcrypto/camellia-ntt.c
@@ -1050,7 +1050,7 @@ static void camellia_encrypt128(const u32 *subkey, u32 *io)
io[1] = io[3];
io[2] = t0;
io[3] = t1;
-
+
return;
}
@@ -1268,7 +1268,7 @@ static void camellia_decrypt256(const u32 *subkey, u32 *io)
/* pre whitening but absorb kw2*/
io[0] ^= CamelliaSubkeyL(32);
io[1] ^= CamelliaSubkeyR(32);
-
+
/* main iteration */
CAMELLIA_ROUNDSM(io[0],io[1],
CamelliaSubkeyL(31),CamelliaSubkeyR(31),
diff --git a/source4/heimdal/lib/hcrypto/des.c b/source4/heimdal/lib/hcrypto/des.c
index 43ff8a3f50..2e3192bff8 100644
--- a/source4/heimdal/lib/hcrypto/des.c
+++ b/source4/heimdal/lib/hcrypto/des.c
@@ -254,10 +254,10 @@ DES_set_key_unchecked(DES_cblock *key, DES_key_schedule *ks)
for (i = 0; i < 16; i++) {
uint32_t kc, kd;
-
+
ROTATE_LEFT28(c, shifts[i]);
ROTATE_LEFT28(d, shifts[i]);
-
+
kc = pc2_c_1[(c >> 22) & 0x3f] |
pc2_c_2[((c >> 16) & 0x30) | ((c >> 15) & 0xf)] |
pc2_c_3[((c >> 9 ) & 0x3c) | ((c >> 8 ) & 0x3)] |
@@ -780,7 +780,7 @@ DES_cbc_cksum(const void *in, DES_cblock *output,
u[0] ^= uiv[0]; u[1] ^= uiv[1];
DES_encrypt(u, ks, 1);
uiv[0] = u[0]; uiv[1] = u[1];
-
+
length -= DES_CBLOCK_LEN;
input += DES_CBLOCK_LEN;
}
diff --git a/source4/heimdal/lib/hcrypto/des.h b/source4/heimdal/lib/hcrypto/des.h
index 99eb76c818..0824408c47 100644
--- a/source4/heimdal/lib/hcrypto/des.h
+++ b/source4/heimdal/lib/hcrypto/des.h
@@ -87,7 +87,7 @@ typedef struct DES_key_schedule
#ifndef HC_DEPRECATED
#if defined(__GNUC__) && ((__GNUC__ > 3) || ((__GNUC__ == 3) && (__GNUC_MINOR__ >= 1 )))
#define HC_DEPRECATED __attribute__((deprecated))
-#elif defined(_MSC_VER) && (_MSC_VER>1200)
+#elif defined(_MSC_VER) && (_MSC_VER>1200)
#define HC_DEPRECATED __declspec(deprecated)
#else
#define HC_DEPRECATED
diff --git a/source4/heimdal/lib/hcrypto/dh-ltm.c b/source4/heimdal/lib/hcrypto/dh-ltm.c
index f66cd5aff2..6af43cf044 100644
--- a/source4/heimdal/lib/hcrypto/dh-ltm.c
+++ b/source4/heimdal/lib/hcrypto/dh-ltm.c
@@ -112,11 +112,11 @@ ltm_dh_generate_key(DH *dh)
BN_free(dh->pub_key);
mp_init_multi(&pub, &priv_key, &g, &p, NULL);
-
+
BN2mpz(&priv_key, dh->priv_key);
BN2mpz(&g, dh->g);
BN2mpz(&p, dh->p);
-
+
res = mp_exptmod(&g, &priv_key, &p, &pub);
mp_clear_multi(&priv_key, &g, &p, NULL);
@@ -127,7 +127,7 @@ ltm_dh_generate_key(DH *dh)
mp_clear(&pub);
if (dh->pub_key == NULL)
return 0;
-
+
if (DH_check_pubkey(dh, dh->pub_key, &codes) && codes == 0)
break;
if (have_private_key)
diff --git a/source4/heimdal/lib/hcrypto/dh.c b/source4/heimdal/lib/hcrypto/dh.c
index 43e1d6ac1b..e1f82bfd3b 100644
--- a/source4/heimdal/lib/hcrypto/dh.c
+++ b/source4/heimdal/lib/hcrypto/dh.c
@@ -539,8 +539,10 @@ i2d_DHparams(DH *dh, unsigned char **pp)
free_DHParameter(&data);
if (ret)
return -1;
- if (len != size)
+ if (len != size) {
abort();
+ return -1;
+ }
memcpy(*pp, p, size);
free(p);
diff --git a/source4/heimdal/lib/hcrypto/engine.c b/source4/heimdal/lib/hcrypto/engine.c
index 15853420f6..3b22e56201 100644
--- a/source4/heimdal/lib/hcrypto/engine.c
+++ b/source4/heimdal/lib/hcrypto/engine.c
@@ -339,7 +339,7 @@ ENGINE_by_dso(const char *path, const char *id)
dlclose(handle);
free(engine);
return NULL;
- }
+ }
}
{
@@ -357,7 +357,7 @@ ENGINE_by_dso(const char *path, const char *id)
dlclose(handle);
free(engine);
return NULL;
- }
+ }
}
ENGINE_up_ref(engine);
diff --git a/source4/heimdal/lib/hcrypto/evp.c b/source4/heimdal/lib/hcrypto/evp.c
index 7bd066fd5d..75eefc4931 100644
--- a/source4/heimdal/lib/hcrypto/evp.c
+++ b/source4/heimdal/lib/hcrypto/evp.c
@@ -415,7 +415,7 @@ EVP_sha1(void)
const EVP_MD *
EVP_sha(void) HC_DEPRECATED
-
+
{
hcrypto_validate();
return EVP_sha1();
@@ -875,7 +875,7 @@ EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, void *out, int *outlen,
ctx->buf_len += inlen;
return 1;
}
-
+
/* fill in local buffer and encrypt */
memcpy(ctx->buf + ctx->buf_len, in, left);
ret = (*ctx->cipher->do_cipher)(ctx, out, ctx->buf, blocksize);
@@ -893,7 +893,7 @@ EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, void *out, int *outlen,
if (inlen) {
ctx->buf_len = (inlen & ctx->block_mask);
inlen &= ~ctx->block_mask;
-
+
ret = (*ctx->cipher->do_cipher)(ctx, out, in, inlen);
if (ret != 1)
return ret;
diff --git a/source4/heimdal/lib/hcrypto/evp.h b/source4/heimdal/lib/hcrypto/evp.h
index c56eedec45..626c463296 100644
--- a/source4/heimdal/lib/hcrypto/evp.h
+++ b/source4/heimdal/lib/hcrypto/evp.h
@@ -195,7 +195,7 @@ struct hc_evp_md {
#ifndef HC_DEPRECATED
#if defined(__GNUC__) && ((__GNUC__ > 3) || ((__GNUC__ == 3) && (__GNUC_MINOR__ >= 1 )))
#define HC_DEPRECATED __attribute__((deprecated))
-#elif defined(_MSC_VER) && (_MSC_VER>1200)
+#elif defined(_MSC_VER) && (_MSC_VER>1200)
#define HC_DEPRECATED __declspec(deprecated)
#else
#define HC_DEPRECATED
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_fast_mp_invmod.c b/source4/heimdal/lib/hcrypto/libtommath/bn_fast_mp_invmod.c
index ff03dfffe3..f4780d8e8c 100644
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_fast_mp_invmod.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_fast_mp_invmod.c
@@ -15,10 +15,10 @@
* Tom St Denis, tomstdenis@gmail.com, http://libtom.org
*/
-/* computes the modular inverse via binary extended euclidean algorithm,
- * that is c = 1/a mod b
+/* computes the modular inverse via binary extended euclidean algorithm,
+ * that is c = 1/a mod b
*
- * Based on slow invmod except this is optimized for the case where b is
+ * Based on slow invmod except this is optimized for the case where b is
* odd as per HAC Note 14.64 on pp. 610
*/
int fast_mp_invmod (mp_int * a, mp_int * b, mp_int * c)
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_fast_s_mp_mul_digs.c b/source4/heimdal/lib/hcrypto/libtommath/bn_fast_s_mp_mul_digs.c
index 91e10d670f..90f161b102 100644
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_fast_s_mp_mul_digs.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_fast_s_mp_mul_digs.c
@@ -17,15 +17,15 @@
/* Fast (comba) multiplier
*
- * This is the fast column-array [comba] multiplier. It is
- * designed to compute the columns of the product first
- * then handle the carries afterwards. This has the effect
+ * This is the fast column-array [comba] multiplier. It is
+ * designed to compute the columns of the product first
+ * then handle the carries afterwards. This has the effect
* of making the nested loops that compute the columns very
* simple and schedulable on super-scalar processors.
*
- * This has been modified to produce a variable number of
- * digits of output so if say only a half-product is required
- * you don't have to compute the upper half (a feature
+ * This has been modified to produce a variable number of
+ * digits of output so if say only a half-product is required
+ * you don't have to compute the upper half (a feature
* required for fast Barrett reduction).
*
* Based on Algorithm 14.12 on pp.595 of HAC.
@@ -49,7 +49,7 @@ int fast_s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
/* clear the carry */
_W = 0;
- for (ix = 0; ix < pa; ix++) {
+ for (ix = 0; ix < pa; ix++) {
int tx, ty;
int iy;
mp_digit *tmpx, *tmpy;
@@ -62,7 +62,7 @@ int fast_s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
tmpx = a->dp + tx;
tmpy = b->dp + ty;
- /* this is the number of times the loop will iterrate, essentially
+ /* this is the number of times the loop will iterrate, essentially
while (tx++ < a->used && ty-- >= 0) { ... }
*/
iy = MIN(a->used-tx, ty+1);
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_fast_s_mp_mul_high_digs.c b/source4/heimdal/lib/hcrypto/libtommath/bn_fast_s_mp_mul_high_digs.c
index 5b114d717a..a03b9f1324 100644
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_fast_s_mp_mul_high_digs.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_fast_s_mp_mul_high_digs.c
@@ -41,7 +41,7 @@ int fast_s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
/* number of output digits to produce */
pa = a->used + b->used;
_W = 0;
- for (ix = digs; ix < pa; ix++) {
+ for (ix = digs; ix < pa; ix++) {
int tx, ty, iy;
mp_digit *tmpx, *tmpy;
@@ -53,7 +53,7 @@ int fast_s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
tmpx = a->dp + tx;
tmpy = b->dp + ty;
- /* this is the number of times the loop will iterrate, essentially its
+ /* this is the number of times the loop will iterrate, essentially its
while (tx++ < a->used && ty-- >= 0) { ... }
*/
iy = MIN(a->used-tx, ty+1);
@@ -69,7 +69,7 @@ int fast_s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
/* make next carry */
_W = _W >> ((mp_word)DIGIT_BIT);
}
-
+
/* setup dest */
olduse = c->used;
c->used = pa;
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_fast_s_mp_sqr.c b/source4/heimdal/lib/hcrypto/libtommath/bn_fast_s_mp_sqr.c
index 19e92ef180..848eaf0463 100644
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_fast_s_mp_sqr.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_fast_s_mp_sqr.c
@@ -16,10 +16,10 @@
*/
/* the jist of squaring...
- * you do like mult except the offset of the tmpx [one that
- * starts closer to zero] can't equal the offset of tmpy.
+ * you do like mult except the offset of the tmpx [one that
+ * starts closer to zero] can't equal the offset of tmpy.
* So basically you set up iy like before then you min it with
- * (ty-tx) so that it never happens. You double all those
+ * (ty-tx) so that it never happens. You double all those
* you add in the inner loop
After that loop you do the squares and add them in.
@@ -41,7 +41,7 @@ int fast_s_mp_sqr (mp_int * a, mp_int * b)
/* number of output digits to produce */
W1 = 0;
- for (ix = 0; ix < pa; ix++) {
+ for (ix = 0; ix < pa; ix++) {
int tx, ty, iy;
mp_word _W;
mp_digit *tmpy;
@@ -62,7 +62,7 @@ int fast_s_mp_sqr (mp_int * a, mp_int * b)
*/
iy = MIN(a->used-tx, ty+1);
- /* now for squaring tx can never equal ty
+ /* now for squaring tx can never equal ty
* we halve the distance since they approach at a rate of 2x
* and we have to round because odd cases need to be executed
*/
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_2expt.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_2expt.c
index f422ffc994..11a508c7fb 100644
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_2expt.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_2expt.c
@@ -15,7 +15,7 @@
* Tom St Denis, tomstdenis@gmail.com, http://libtom.org
*/
-/* computes a = 2**b
+/* computes a = 2**b
*
* Simple algorithm which zeroes the int, grows it then just sets one bit
* as required.
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_abs.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_abs.c
index 09dd7229eb..d97e8db05f 100644
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_abs.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_abs.c
@@ -15,7 +15,7 @@
* Tom St Denis, tomstdenis@gmail.com, http://libtom.org
*/
-/* b = |a|
+/* b = |a|
*
* Simple function copies the input and fixes the sign to positive
*/
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_clamp.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_clamp.c
index 359c2ff24d..2a565e8dbd 100644
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_clamp.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_clamp.c
@@ -15,7 +15,7 @@
* Tom St Denis, tomstdenis@gmail.com, http://libtom.org
*/
-/* trim unused digits
+/* trim unused digits
*
* This is used to ensure that leading zero digits are
* trimed and the leading "used" digit will be non-zero
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_clear_multi.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_clear_multi.c
index daaea79a3b..e5e3da340a 100644
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_clear_multi.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_clear_multi.c
@@ -16,7 +16,7 @@
*/
#include <stdarg.h>
-void mp_clear_multi(mp_int *mp, ...)
+void mp_clear_multi(mp_int *mp, ...)
{
mp_int* next_mp = mp;
va_list args;
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_cmp.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_cmp.c
index 533f36bf93..ccd2c8eb9b 100644
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_cmp.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_cmp.c
@@ -27,7 +27,7 @@ mp_cmp (mp_int * a, mp_int * b)
return MP_GT;
}
}
-
+
/* compare digits */
if (a->sign == MP_NEG) {
/* if negative compare opposite direction */
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_cmp_mag.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_cmp_mag.c
index 693eb7cc72..4a505238a0 100644
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_cmp_mag.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_cmp_mag.c
@@ -25,7 +25,7 @@ int mp_cmp_mag (mp_int * a, mp_int * b)
if (a->used > b->used) {
return MP_GT;
}
-
+
if (a->used < b->used) {
return MP_LT;
}
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_cnt_lsb.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_cnt_lsb.c
index 66d1a74714..2d4a8d4f0f 100644
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_cnt_lsb.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_cnt_lsb.c
@@ -15,7 +15,7 @@
* Tom St Denis, tomstdenis@gmail.com, http://libtom.org
*/
-static const int lnz[16] = {
+static const int lnz[16] = {
4, 0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0
};
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_count_bits.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_count_bits.c
index 8bc5657a33..5dfd5f375c 100644
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_count_bits.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_count_bits.c
@@ -29,7 +29,7 @@ mp_count_bits (mp_int * a)
/* get number of digits and add that */
r = (a->used - 1) * DIGIT_BIT;
-
+
/* take the last digit and count the bits in it */
q = a->dp[a->used - 1];
while (q > ((mp_digit) 0)) {
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_div.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_div.c
index aee9c94324..2c364b396f 100644
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_div.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_div.c
@@ -40,7 +40,7 @@ int mp_div(mp_int * a, mp_int * b, mp_int * c, mp_int * d)
}
return res;
}
-
+
/* init our temps */
if ((res = mp_init_multi(&ta, &tb, &tq, &q, NULL) != MP_OKAY)) {
return res;
@@ -50,7 +50,7 @@ int mp_div(mp_int * a, mp_int * b, mp_int * c, mp_int * d)
mp_set(&tq, 1);
n = mp_count_bits(a) - mp_count_bits(b);
if (((res = mp_abs(a, &ta)) != MP_OKAY) ||
- ((res = mp_abs(b, &tb)) != MP_OKAY) ||
+ ((res = mp_abs(b, &tb)) != MP_OKAY) ||
((res = mp_mul_2d(&tb, n, &tb)) != MP_OKAY) ||
((res = mp_mul_2d(&tq, n, &tq)) != MP_OKAY)) {
goto LBL_ERR;
@@ -87,17 +87,17 @@ LBL_ERR:
#else
-/* integer signed division.
+/* integer signed division.
* c*b + d == a [e.g. a/b, c=quotient, d=remainder]
* HAC pp.598 Algorithm 14.20
*
- * Note that the description in HAC is horribly
- * incomplete. For example, it doesn't consider
- * the case where digits are removed from 'x' in
- * the inner loop. It also doesn't consider the
+ * Note that the description in HAC is horribly
+ * incomplete. For example, it doesn't consider
+ * the case where digits are removed from 'x' in
+ * the inner loop. It also doesn't consider the
* case that y has fewer than three digits, etc..
*
- * The overall algorithm is as described as
+ * The overall algorithm is as described as
* 14.20 from HAC but fixed to treat these cases.
*/
int mp_div (mp_int * a, mp_int * b, mp_int * c, mp_int * d)
@@ -187,7 +187,7 @@ int mp_div (mp_int * a, mp_int * b, mp_int * c, mp_int * d)
continue;
}
- /* step 3.1 if xi == yt then set q{i-t-1} to b-1,
+ /* step 3.1 if xi == yt then set q{i-t-1} to b-1,
* otherwise set q{i-t-1} to (xi*b + x{i-1})/yt */
if (x.dp[i] == y.dp[t]) {
q.dp[i - t - 1] = ((((mp_digit)1) << DIGIT_BIT) - 1);
@@ -201,10 +201,10 @@ int mp_div (mp_int * a, mp_int * b, mp_int * c, mp_int * d)
q.dp[i - t - 1] = (mp_digit) (tmp & (mp_word) (MP_MASK));
}
- /* while (q{i-t-1} * (yt * b + y{t-1})) >
- xi * b**2 + xi-1 * b + xi-2
-
- do q{i-t-1} -= 1;
+ /* while (q{i-t-1} * (yt * b + y{t-1})) >
+ xi * b**2 + xi-1 * b + xi-2
+
+ do q{i-t-1} -= 1;
*/
q.dp[i - t - 1] = (q.dp[i - t - 1] + 1) & MP_MASK;
do {
@@ -255,10 +255,10 @@ int mp_div (mp_int * a, mp_int * b, mp_int * c, mp_int * d)
}
}
- /* now q is the quotient and x is the remainder
- * [which we have to normalize]
+ /* now q is the quotient and x is the remainder
+ * [which we have to normalize]
*/
-
+
/* get sign before writing to c */
x.sign = x.used == 0 ? MP_ZPOS : a->sign;
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_div_3.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_div_3.c
index 3c60269ece..78e2381b6e 100644
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_div_3.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_div_3.c
@@ -23,14 +23,14 @@ mp_div_3 (mp_int * a, mp_int *c, mp_digit * d)
mp_word w, t;
mp_digit b;
int res, ix;
-
+
/* b = 2**DIGIT_BIT / 3 */
b = (((mp_word)1) << ((mp_word)DIGIT_BIT)) / ((mp_word)3);
if ((res = mp_init_size(&q, a->used)) != MP_OKAY) {
return res;
}
-
+
q.used = a->used;
q.sign = a->sign;
w = 0;
@@ -68,7 +68,7 @@ mp_div_3 (mp_int * a, mp_int *c, mp_digit * d)
mp_exch(&q, c);
}
mp_clear(&q);
-
+
return res;
}
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_div_d.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_div_d.c
index 6a26d4f0cf..7bd372c20d 100644
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_div_d.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_div_d.c
@@ -79,13 +79,13 @@ int mp_div_d (mp_int * a, mp_digit b, mp_int * c, mp_digit * d)
if ((res = mp_init_size(&q, a->used)) != MP_OKAY) {
return res;
}
-
+
q.used = a->used;
q.sign = a->sign;
w = 0;
for (ix = a->used - 1; ix >= 0; ix--) {
w = (w << ((mp_word)DIGIT_BIT)) | ((mp_word)a->dp[ix]);
-
+
if (w >= b) {
t = (mp_digit)(w / b);
w -= ((mp_word)t) * ((mp_word)b);
@@ -94,17 +94,17 @@ int mp_div_d (mp_int * a, mp_digit b, mp_int * c, mp_digit * d)
}
q.dp[ix] = (mp_digit)t;
}
-
+
if (d != NULL) {
*d = (mp_digit)w;
}
-
+
if (c != NULL) {
mp_clamp(&q);
mp_exch(&q, c);
}
mp_clear(&q);
-
+
return res;
}
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_dr_setup.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_dr_setup.c
index 1d7d856ef0..b7d5ed7c03 100644
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_dr_setup.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_dr_setup.c
@@ -21,7 +21,7 @@ void mp_dr_setup(mp_int *a, mp_digit *d)
/* the casts are required if DIGIT_BIT is one less than
* the number of bits in a mp_digit [e.g. DIGIT_BIT==31]
*/
- *d = (mp_digit)((((mp_word)1) << ((mp_word)DIGIT_BIT)) -
+ *d = (mp_digit)((((mp_word)1) << ((mp_word)DIGIT_BIT)) -
((mp_word)a->dp[0]));
}
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_exch.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_exch.c
index 38574e0a5e..ee551bc3e1 100644
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_exch.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_exch.c
@@ -15,7 +15,7 @@
* Tom St Denis, tomstdenis@gmail.com, http://libtom.org
*/
-/* swap the elements of two integers, for cases where you can't simply swap the
+/* swap the elements of two integers, for cases where you can't simply swap the
* mp_int pointers around
*/
void
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_exptmod.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_exptmod.c
index 023191657a..56d7c11d26 100644
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_exptmod.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_exptmod.c
@@ -59,7 +59,7 @@ int mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y)
err = mp_exptmod(&tmpG, &tmpX, P, Y);
mp_clear_multi(&tmpG, &tmpX, NULL);
return err;
-#else
+#else
/* no invmod */
return MP_VAL;
#endif
@@ -86,7 +86,7 @@ int mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y)
dr = mp_reduce_is_2k(P) << 1;
}
#endif
-
+
/* if the modulus is odd or dr != 0 use the montgomery method */
#ifdef BN_MP_EXPTMOD_FAST_C
if (mp_isodd (P) == 1 || dr != 0) {
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_exptmod_fast.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_exptmod_fast.c
index 2a3b3c9e81..64fbe7fe21 100644
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_exptmod_fast.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_exptmod_fast.c
@@ -84,7 +84,7 @@ int mp_exptmod_fast (mp_int * G, mp_int * X, mp_int * P, mp_int * Y, int redmode
/* determine and setup reduction code */
if (redmode == 0) {
-#ifdef BN_MP_MONTGOMERY_SETUP_C
+#ifdef BN_MP_MONTGOMERY_SETUP_C
/* now setup montgomery */
if ((err = mp_montgomery_setup (P, &mp)) != MP_OKAY) {
goto LBL_M;
@@ -99,7 +99,7 @@ int mp_exptmod_fast (mp_int * G, mp_int * X, mp_int * P, mp_int * Y, int redmode
if (((P->used * 2 + 1) < MP_WARRAY) &&
P->used < (1 << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) {
redux = fast_mp_montgomery_reduce;
- } else
+ } else
#endif
{
#ifdef BN_MP_MONTGOMERY_REDUCE_C
@@ -150,7 +150,7 @@ int mp_exptmod_fast (mp_int * G, mp_int * X, mp_int * P, mp_int * Y, int redmode
if ((err = mp_montgomery_calc_normalization (&res, P)) != MP_OKAY) {
goto LBL_RES;
}
-#else
+#else
err = MP_VAL;
goto LBL_RES;
#endif
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_exteuclid.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_exteuclid.c
index e6c4ce2b85..daf0c95ea6 100644
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_exteuclid.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_exteuclid.c
@@ -15,7 +15,7 @@
* Tom St Denis, tomstdenis@gmail.com, http://libtom.org
*/
-/* Extended euclidean algorithm of (a, b) produces
+/* Extended euclidean algorithm of (a, b) produces
a*u1 + b*u2 = u3
*/
int mp_exteuclid(mp_int *a, mp_int *b, mp_int *U1, mp_int *U2, mp_int *U3)
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_find_prime.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_find_prime.c
index 0458744fc7..ef7b6532c5 100644
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_find_prime.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_find_prime.c
@@ -1,7 +1,7 @@
/* TomsFastMath, a fast ISO C bignum library.
- *
+ *
* This project is public domain and free for all purposes.
- *
+ *
* Love Hornquist Astrand <lha@h5l.org>
*/
#include <tommath.h>
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_fread.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_fread.c
index b344b6f05d..52f7f32f0d 100644
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_fread.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_fread.c
@@ -19,10 +19,10 @@
int mp_fread(mp_int *a, int radix, FILE *stream)
{
int err, ch, neg, y;
-
+
/* clear a */
mp_zero(a);
-
+
/* if first digit is - then set negative */
ch = fgetc(stream);
if (ch == '-') {
@@ -31,7 +31,7 @@ int mp_fread(mp_int *a, int radix, FILE *stream)
} else {
neg = MP_ZPOS;
}
-
+
for (;;) {
/* find y in the radix map */
for (y = 0; y < radix; y++) {
@@ -42,7 +42,7 @@ int mp_fread(mp_int *a, int radix, FILE *stream)
if (y == radix) {
break;
}
-
+
/* shift up and add */
if ((err = mp_mul_d(a, radix, a)) != MP_OKAY) {
return err;
@@ -50,13 +50,13 @@ int mp_fread(mp_int *a, int radix, FILE *stream)
if ((err = mp_add_d(a, y, a)) != MP_OKAY) {
return err;
}
-
+
ch = fgetc(stream);
}
if (mp_cmp_d(a, 0) != MP_EQ) {
a->sign = neg;
}
-
+
return MP_OKAY;
}
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_fwrite.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_fwrite.c
index a0b4c6b6d1..dc4529ba22 100644
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_fwrite.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_fwrite.c
@@ -19,7 +19,7 @@ int mp_fwrite(mp_int *a, int radix, FILE *stream)
{
char *buf;
int err, len, x;
-
+
if ((err = mp_radix_size(a, radix, &len)) != MP_OKAY) {
return err;
}
@@ -28,19 +28,19 @@ int mp_fwrite(mp_int *a, int radix, FILE *stream)
if (buf == NULL) {
return MP_MEM;
}
-
+
if ((err = mp_toradix(a, buf, radix)) != MP_OKAY) {
XFREE (buf);
return err;
}
-
+
for (x = 0; x < len; x++) {
if (fputc(buf[x], stream) == EOF) {
XFREE (buf);
return MP_VAL;
}
}
-
+
XFREE (buf);
return MP_OKAY;
}
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_gcd.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_gcd.c
index b39ba9041d..89795d564e 100644
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_gcd.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_gcd.c
@@ -76,17 +76,17 @@ int mp_gcd (mp_int * a, mp_int * b, mp_int * c)
/* swap u and v to make sure v is >= u */
mp_exch(&u, &v);
}
-
+
/* subtract smallest from largest */
if ((res = s_mp_sub(&v, &u, &v)) != MP_OKAY) {
goto LBL_V;
}
-
+
/* Divide out all factors of two */
if ((res = mp_div_2d(&v, mp_cnt_lsb(&v), &v, NULL)) != MP_OKAY) {
goto LBL_V;
- }
- }
+ }
+ }
/* multiply by 2**k which we divided out at the beginning */
if ((res = mp_mul_2d (&u, k, c)) != MP_OKAY) {
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_get_int.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_get_int.c
index 17162e2bf1..e8e9b1d440 100644
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_get_int.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_get_int.c
@@ -16,7 +16,7 @@
*/
/* get the lower 32-bits of an mp_int */
-unsigned long mp_get_int(mp_int * a)
+unsigned long mp_get_int(mp_int * a)
{
int i;
unsigned long res;
@@ -30,7 +30,7 @@ unsigned long mp_get_int(mp_int * a)
/* get most significant digit of result */
res = DIGIT(a,i);
-
+
while (--i >= 0) {
res = (res << DIGIT_BIT) | DIGIT(a,i);
}
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_init_multi.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_init_multi.c
index 59dc3a9ea7..56e8602767 100644
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_init_multi.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_init_multi.c
@@ -16,7 +16,7 @@
*/
#include <stdarg.h>
-int mp_init_multi(mp_int *mp, ...)
+int mp_init_multi(mp_int *mp, ...)
{
mp_err res = MP_OKAY; /* Assume ok until proven otherwise */
int n = 0; /* Number of ok inits */
@@ -30,11 +30,11 @@ int mp_init_multi(mp_int *mp, ...)
succeeded in init-ing, then return error.
*/
va_list clean_args;
-
+
/* end the current list */
va_end(args);
-
- /* now start cleaning up */
+
+ /* now start cleaning up */
cur_arg = mp;
va_start(clean_args, mp);
while (n--) {
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_init_size.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_init_size.c
index 8e014183a3..9578ac754c 100644
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_init_size.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_init_size.c
@@ -21,8 +21,8 @@ int mp_init_size (mp_int * a, int size)
int x;
/* pad size so there are always extra digits */
- size += (MP_PREC * 2) - (size % MP_PREC);
-
+ size += (MP_PREC * 2) - (size % MP_PREC);
+
/* alloc mem */
a->dp = OPT_CAST(mp_digit) XMALLOC (sizeof (mp_digit) * size);
if (a->dp == NULL) {
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_invmod.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_invmod.c
index 154651468f..ac1a952319 100644
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_invmod.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_invmod.c
@@ -32,9 +32,9 @@ int mp_invmod (mp_int * a, mp_int * b, mp_int * c)
#ifdef BN_MP_INVMOD_SLOW_C
return mp_invmod_slow(a, b, c);
-#endif
-
+#else
return MP_VAL;
+#endif
}
#endif
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_invmod_slow.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_invmod_slow.c
index eedd47dcf1..4ec487efae 100644
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_invmod_slow.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_invmod_slow.c
@@ -27,7 +27,7 @@ int mp_invmod_slow (mp_int * a, mp_int * b, mp_int * c)
}
/* init temps */
- if ((res = mp_init_multi(&x, &y, &u, &v,
+ if ((res = mp_init_multi(&x, &y, &u, &v,
&A, &B, &C, &D, NULL)) != MP_OKAY) {
return res;
}
@@ -154,14 +154,14 @@ top:
goto LBL_ERR;
}
}
-
+
/* too big */
while (mp_cmp_mag(&C, b) != MP_LT) {
if ((res = mp_sub(&C, b, &C)) != MP_OKAY) {
goto LBL_ERR;
}
}
-
+
/* C is now the inverse */
mp_exch (&C, c);
res = MP_OKAY;
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_is_square.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_is_square.c
index 50c524444e..027fcd2f5a 100644
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_is_square.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_is_square.c
@@ -38,7 +38,7 @@ static const char rem_105[105] = {
};
/* Store non-zero to ret if arg is square, and zero if not */
-int mp_is_square(mp_int *arg,int *ret)
+int mp_is_square(mp_int *arg,int *ret)
{
int res;
mp_digit c;
@@ -46,7 +46,7 @@ int mp_is_square(mp_int *arg,int *ret)
unsigned long r;
/* Default to Non-square :) */
- *ret = MP_NO;
+ *ret = MP_NO;
if (arg->sign == MP_NEG) {
return MP_VAL;
@@ -80,8 +80,8 @@ int mp_is_square(mp_int *arg,int *ret)
r = mp_get_int(&t);
/* Check for other prime modules, note it's not an ERROR but we must
* free "t" so the easiest way is to goto ERR. We know that res
- * is already equal to MP_OKAY from the mp_mod call
- */
+ * is already equal to MP_OKAY from the mp_mod call
+ */
if ( (1L<<(r%11)) & 0x5C4L ) goto ERR;
if ( (1L<<(r%13)) & 0x9E4L ) goto ERR;
if ( (1L<<(r%17)) & 0x5CE8L ) goto ERR;
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_isprime.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_isprime.c
index 07ce86f296..d3678d5dc1 100644
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_isprime.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_isprime.c
@@ -1,10 +1,10 @@
/* TomsFastMath, a fast ISO C bignum library.
- *
+ *
* This project is meant to fill in where LibTomMath
* falls short. That is speed ;-)
*
* This project is public domain and free for all purposes.
- *
+ *
* Tom St Denis, tomstdenis@gmail.com
*/
#include <tommath.h>
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_karatsuba_mul.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_karatsuba_mul.c
index 8ea2c2792a..72a2319c06 100644
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_karatsuba_mul.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_karatsuba_mul.c
@@ -15,33 +15,33 @@
* Tom St Denis, tomstdenis@gmail.com, http://libtom.org
*/
-/* c = |a| * |b| using Karatsuba Multiplication using
+/* c = |a| * |b| using Karatsuba Multiplication using
* three half size multiplications
*
- * Let B represent the radix [e.g. 2**DIGIT_BIT] and
- * let n represent half of the number of digits in
+ * Let B represent the radix [e.g. 2**DIGIT_BIT] and
+ * let n represent half of the number of digits in
* the min(a,b)
*
* a = a1 * B**n + a0
* b = b1 * B**n + b0
*
- * Then, a * b =>
+ * Then, a * b =>
a1b1 * B**2n + ((a1 + a0)(b1 + b0) - (a0b0 + a1b1)) * B + a0b0
*
- * Note that a1b1 and a0b0 are used twice and only need to be
- * computed once. So in total three half size (half # of
- * digit) multiplications are performed, a0b0, a1b1 and
+ * Note that a1b1 and a0b0 are used twice and only need to be
+ * computed once. So in total three half size (half # of
+ * digit) multiplications are performed, a0b0, a1b1 and
* (a1+b1)(a0+b0)
*
* Note that a multiplication of half the digits requires
- * 1/4th the number of single precision multiplications so in
- * total after one call 25% of the single precision multiplications
- * are saved. Note also that the call to mp_mul can end up back
- * in this function if the a0, a1, b0, or b1 are above the threshold.
- * This is known as divide-and-conquer and leads to the famous
- * O(N**lg(3)) or O(N**1.584) work which is asymptopically lower than
- * the standard O(N**2) that the baseline/comba methods use.
- * Generally though the overhead of this method doesn't pay off
+ * 1/4th the number of single precision multiplications so in
+ * total after one call 25% of the single precision multiplications
+ * are saved. Note also that the call to mp_mul can end up back
+ * in this function if the a0, a1, b0, or b1 are above the threshold.
+ * This is known as divide-and-conquer and leads to the famous
+ * O(N**lg(3)) or O(N**1.584) work which is asymptopically lower than
+ * the standard O(N**2) that the baseline/comba methods use.
+ * Generally though the overhead of this method doesn't pay off
* until a certain size (N ~ 80) is reached.
*/
int mp_karatsuba_mul (mp_int * a, mp_int * b, mp_int * c)
@@ -109,7 +109,7 @@ int mp_karatsuba_mul (mp_int * a, mp_int * b, mp_int * c)
}
}
- /* only need to clamp the lower words since by definition the
+ /* only need to clamp the lower words since by definition the
* upper words x1/y1 must have a known number of digits
*/
mp_clamp (&x0);
@@ -117,7 +117,7 @@ int mp_karatsuba_mul (mp_int * a, mp_int * b, mp_int * c)
/* now calc the products x0y0 and x1y1 */
/* after this x0 is no longer required, free temp [x0==t2]! */
- if (mp_mul (&x0, &y0, &x0y0) != MP_OKAY)
+ if (mp_mul (&x0, &y0, &x0y0) != MP_OKAY)
goto X1Y1; /* x0y0 = x0*y0 */
if (mp_mul (&x1, &y1, &x1y1) != MP_OKAY)
goto X1Y1; /* x1y1 = x1*y1 */
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_karatsuba_sqr.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_karatsuba_sqr.c
index a5e198be12..56692c5ae7 100644
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_karatsuba_sqr.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_karatsuba_sqr.c
@@ -15,11 +15,11 @@
* Tom St Denis, tomstdenis@gmail.com, http://libtom.org
*/
-/* Karatsuba squaring, computes b = a*a using three
+/* Karatsuba squaring, computes b = a*a using three
* half size squarings
*
- * See comments of karatsuba_mul for details. It
- * is essentially the same algorithm but merely
+ * See comments of karatsuba_mul for details. It
+ * is essentially the same algorithm but merely
* tuned to perform recursive squarings.
*/
int mp_karatsuba_sqr (mp_int * a, mp_int * b)
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_mul.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_mul.c
index 8b1117a63b..816e7b2f0b 100644
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_mul.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_mul.c
@@ -25,29 +25,29 @@ int mp_mul (mp_int * a, mp_int * b, mp_int * c)
#ifdef BN_MP_TOOM_MUL_C
if (MIN (a->used, b->used) >= TOOM_MUL_CUTOFF) {
res = mp_toom_mul(a, b, c);
- } else
+ } else
#endif
#ifdef BN_MP_KARATSUBA_MUL_C
/* use Karatsuba? */
if (MIN (a->used, b->used) >= KARATSUBA_MUL_CUTOFF) {
res = mp_karatsuba_mul (a, b, c);
- } else
+ } else
#endif
{
/* can we use the fast multiplier?
*
- * The fast multiplier can be used if the output will
- * have less than MP_WARRAY digits and the number of
+ * The fast multiplier can be used if the output will
+ * have less than MP_WARRAY digits and the number of
* digits won't affect carry propagation
*/
int digs = a->used + b->used + 1;
#ifdef BN_FAST_S_MP_MUL_DIGS_C
if ((digs < MP_WARRAY) &&
- MIN(a->used, b->used) <=
+ MIN(a->used, b->used) <=
(1 << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) {
res = fast_s_mp_mul_digs (a, b, c, digs);
- } else
+ } else
#endif
#ifdef BN_S_MP_MUL_DIGS_C
res = s_mp_mul (a, b, c); /* uses s_mp_mul_digs */
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_mul_2.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_mul_2.c
index 02455fc35d..f90654832b 100644
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_mul_2.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_mul_2.c
@@ -35,24 +35,24 @@ int mp_mul_2(mp_int * a, mp_int * b)
/* alias for source */
tmpa = a->dp;
-
+
/* alias for dest */
tmpb = b->dp;
/* carry */
r = 0;
for (x = 0; x < a->used; x++) {
-
- /* get what will be the *next* carry bit from the
- * MSB of the current digit
+
+ /* get what will be the *next* carry bit from the
+ * MSB of the current digit
*/
rr = *tmpa >> ((mp_digit)(DIGIT_BIT - 1));
-
+
/* now shift up this digit, add in the carry [from the previous] */
*tmpb++ = ((*tmpa++ << ((mp_digit)1)) | r) & MP_MASK;
-
- /* copy the carry that would be from the source
- * digit into the next iteration
+
+ /* copy the carry that would be from the source
+ * digit into the next iteration
*/
r = rr;
}
@@ -64,8 +64,8 @@ int mp_mul_2(mp_int * a, mp_int * b)
++(b->used);
}
- /* now zero any excess digits on the destination
- * that we didn't write to
+ /* now zero any excess digits on the destination
+ * that we didn't write to
*/
tmpb = b->dp + b->used;
for (x = b->used; x < oldused; x++) {
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_mul_2d.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_mul_2d.c
index efeff2e751..d023b382cc 100644
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_mul_2d.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_mul_2d.c
@@ -69,7 +69,7 @@ int mp_mul_2d (mp_int * a, int b, mp_int * c)
/* set the carry to the carry bits of the current word */
r = rr;
}
-
+
/* set final carry */
if (r != 0) {
c->dp[(c->used)++] = r;
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_n_root.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_n_root.c
index 0e7bedca72..85d335cb9e 100644
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_n_root.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_n_root.c
@@ -15,14 +15,14 @@
* Tom St Denis, tomstdenis@gmail.com, http://libtom.org
*/
-/* find the n'th root of an integer
+/* find the n'th root of an integer
*
- * Result found such that (c)**b <= a and (c+1)**b > a
+ * Result found such that (c)**b <= a and (c+1)**b > a
*
- * This algorithm uses Newton's approximation
- * x[i+1] = x[i] - f(x[i])/f'(x[i])
- * which will find the root in log(N) time where
- * each step involves a fair bit. This is not meant to
+ * This algorithm uses Newton's approximation
+ * x[i+1] = x[i] - f(x[i])/f'(x[i])
+ * which will find the root in log(N) time where
+ * each step involves a fair bit. This is not meant to
* find huge roots [square and cube, etc].
*/
int mp_n_root (mp_int * a, mp_digit b, mp_int * c)
@@ -61,31 +61,31 @@ int mp_n_root (mp_int * a, mp_digit b, mp_int * c)
}
/* t2 = t1 - ((t1**b - a) / (b * t1**(b-1))) */
-
+
/* t3 = t1**(b-1) */
- if ((res = mp_expt_d (&t1, b - 1, &t3)) != MP_OKAY) {
+ if ((res = mp_expt_d (&t1, b - 1, &t3)) != MP_OKAY) {
goto LBL_T3;
}
/* numerator */
/* t2 = t1**b */
- if ((res = mp_mul (&t3, &t1, &t2)) != MP_OKAY) {
+ if ((res = mp_mul (&t3, &t1, &t2)) != MP_OKAY) {
goto LBL_T3;
}
/* t2 = t1**b - a */
- if ((res = mp_sub (&t2, a, &t2)) != MP_OKAY) {
+ if ((res = mp_sub (&t2, a, &t2)) != MP_OKAY) {
goto LBL_T3;
}
/* denominator */
/* t3 = t1**(b-1) * b */
- if ((res = mp_mul_d (&t3, b, &t3)) != MP_OKAY) {
+ if ((res = mp_mul_d (&t3, b, &t3)) != MP_OKAY) {
goto LBL_T3;
}
/* t3 = (t1**b - a)/(b * t1**(b-1)) */
- if ((res = mp_div (&t2, &t3, &t3, NULL)) != MP_OKAY) {
+ if ((res = mp_div (&t2, &t3, &t3, NULL)) != MP_OKAY) {
goto LBL_T3;
}
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_prime_fermat.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_prime_fermat.c
index c23d77f6de..8e74a337c5 100644
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_prime_fermat.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_prime_fermat.c
@@ -16,7 +16,7 @@
*/
/* performs one Fermat test.
- *
+ *
* If "a" were prime then b**a == b (mod a) since the order of
* the multiplicative sub-group would be phi(a) = a-1. That means
* it would be the same as b**(a mod (a-1)) == b**1 == b (mod a).
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_prime_is_divisible.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_prime_is_divisible.c
index 8e7871c2c6..766cde95a6 100644
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_prime_is_divisible.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_prime_is_divisible.c
@@ -15,7 +15,7 @@
* Tom St Denis, tomstdenis@gmail.com, http://libtom.org
*/
-/* determines if an integers is divisible by one
+/* determines if an integers is divisible by one
* of the first PRIME_SIZE primes or not
*
* sets result to 0 if not, 1 if yes
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_prime_miller_rabin.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_prime_miller_rabin.c
index ddf03582ac..60a8c48eae 100644
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_prime_miller_rabin.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_prime_miller_rabin.c
@@ -15,11 +15,11 @@
* Tom St Denis, tomstdenis@gmail.com, http://libtom.org
*/
-/* Miller-Rabin test of "a" to the base of "b" as described in
+/* Miller-Rabin test of "a" to the base of "b" as described in
* HAC pp. 139 Algorithm 4.24
*
* Sets result to 0 if definitely composite or 1 if probably prime.
- * Randomly the chance of error is no more than 1/4 and often
+ * Randomly the chance of error is no more than 1/4 and often
* very much lower.
*/
int mp_prime_miller_rabin (mp_int * a, mp_int * b, int *result)
@@ -33,7 +33,7 @@ int mp_prime_miller_rabin (mp_int * a, mp_int * b, int *result)
/* ensure b > 1 */
if (mp_cmp_d(b, 1) != MP_GT) {
return MP_VAL;
- }
+ }
/* get n1 = a - 1 */
if ((err = mp_init_copy (&n1, a)) != MP_OKAY) {
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_prime_next_prime.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_prime_next_prime.c
index daf2ec7c64..a2897f0878 100644
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_prime_next_prime.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_prime_next_prime.c
@@ -22,7 +22,7 @@
*/
int mp_prime_next_prime(mp_int *a, int t, int bbs_style)
{
- int err, res, x, y;
+ int err, res = MP_NO, x, y;
mp_digit res_tab[PRIME_SIZE], step, kstep;
mp_int b;
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_prime_random_ex.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_prime_random_ex.c
index 07aae4b072..7b0d15c94d 100644
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_prime_random_ex.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_prime_random_ex.c
@@ -18,7 +18,7 @@
/* makes a truly random prime of a given size (bits),
*
* Flags are as follows:
- *
+ *
* LTM_PRIME_BBS - make prime congruent to 3 mod 4
* LTM_PRIME_SAFE - make sure (p-1)/2 is prime as well (implies LTM_PRIME_BBS)
* LTM_PRIME_2MSB_OFF - make the 2nd highest bit zero
@@ -63,7 +63,7 @@ int mp_prime_random_ex(mp_int *a, int t, int size, int flags, ltm_prime_callback
maskOR_msb_offset = ((size & 7) == 1) ? 1 : 0;
if (flags & LTM_PRIME_2MSB_ON) {
maskOR_msb |= 0x80 >> ((9 - size) & 7);
- }
+ }
/* get the maskOR_lsb */
maskOR_lsb = 1;
@@ -77,7 +77,7 @@ int mp_prime_random_ex(mp_int *a, int t, int size, int flags, ltm_prime_callback
err = MP_VAL;
goto error;
}
-
+
/* work over the MSbyte */
tmp[0] &= maskAND;
tmp[0] |= 1 << ((size - 1) & 7);
@@ -91,7 +91,7 @@ int mp_prime_random_ex(mp_int *a, int t, int size, int flags, ltm_prime_callback
/* is it prime? */
if ((err = mp_prime_is_prime(a, t, &res)) != MP_OKAY) { goto error; }
- if (res == MP_NO) {
+ if (res == MP_NO) {
continue;
}
@@ -99,7 +99,7 @@ int mp_prime_random_ex(mp_int *a, int t, int size, int flags, ltm_prime_callback
/* see if (a-1)/2 is prime */
if ((err = mp_sub_d(a, 1, a)) != MP_OKAY) { goto error; }
if ((err = mp_div_2(a, a)) != MP_OKAY) { goto error; }
-
+
/* is it prime? */
if ((err = mp_prime_is_prime(a, t, &res)) != MP_OKAY) { goto error; }
}
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_radix_size.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_radix_size.c
index 1b61e3a1be..af94be8676 100644
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_radix_size.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_radix_size.c
@@ -54,7 +54,7 @@ int mp_radix_size (mp_int * a, int radix, int *size)
}
/* force temp to positive */
- t.sign = MP_ZPOS;
+ t.sign = MP_ZPOS;
/* fetch out all of the digits */
while (mp_iszero (&t) == MP_NO) {
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_read_radix.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_read_radix.c
index 91c46c22f7..35ca886736 100644
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_read_radix.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_read_radix.c
@@ -29,8 +29,8 @@ int mp_read_radix (mp_int * a, const char *str, int radix)
return MP_VAL;
}
- /* if the leading digit is a
- * minus set the sign to negative.
+ /* if the leading digit is a
+ * minus set the sign to negative.
*/
if (*str == '-') {
++str;
@@ -41,7 +41,7 @@ int mp_read_radix (mp_int * a, const char *str, int radix)
/* set the integer to the default of zero */
mp_zero (a);
-
+
/* process each digit of the string */
while (*str) {
/* if the radix < 36 the conversion is case insensitive
@@ -55,9 +55,9 @@ int mp_read_radix (mp_int * a, const char *str, int radix)
}
}
- /* if the char was found in the map
+ /* if the char was found in the map
* and is less than the given radix add it
- * to the number, otherwise exit the loop.
+ * to the number, otherwise exit the loop.
*/
if (y < radix) {
if ((res = mp_mul_d (a, (mp_digit) radix, a)) != MP_OKAY) {
@@ -71,7 +71,7 @@ int mp_read_radix (mp_int * a, const char *str, int radix)
}
++str;
}
-
+
/* set the sign only if a != 0 */
if (mp_iszero(a) != 1) {
a->sign = neg;
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce.c
index 21d0730905..ae57a6a003 100644
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce.c
@@ -15,7 +15,7 @@
* Tom St Denis, tomstdenis@gmail.com, http://libtom.org
*/
-/* reduces x mod m, assumes 0 < x < m**2, mu is
+/* reduces x mod m, assumes 0 < x < m**2, mu is
* precomputed via mp_reduce_setup.
* From HAC pp.604 Algorithm 14.42
*/
@@ -30,7 +30,7 @@ int mp_reduce (mp_int * x, mp_int * m, mp_int * mu)
}
/* q1 = x / b**(k-1) */
- mp_rshd (&q, um - 1);
+ mp_rshd (&q, um - 1);
/* according to HAC this optimization is ok */
if (((unsigned long) um) > (((mp_digit)1) << (DIGIT_BIT - 1))) {
@@ -46,8 +46,8 @@ int mp_reduce (mp_int * x, mp_int * m, mp_int * mu)
if ((res = fast_s_mp_mul_high_digs (&q, mu, &q, um)) != MP_OKAY) {
goto CLEANUP;
}
-#else
- {
+#else
+ {
res = MP_VAL;
goto CLEANUP;
}
@@ -55,7 +55,7 @@ int mp_reduce (mp_int * x, mp_int * m, mp_int * mu)
}
/* q3 = q2 / b**(k+1) */
- mp_rshd (&q, um + 1);
+ mp_rshd (&q, um + 1);
/* x = x mod b**(k+1), quick (no division) */
if ((res = mp_mod_2d (x, DIGIT_BIT * (um + 1), x)) != MP_OKAY) {
@@ -87,7 +87,7 @@ int mp_reduce (mp_int * x, mp_int * m, mp_int * mu)
goto CLEANUP;
}
}
-
+
CLEANUP:
mp_clear (&q);
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_2k.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_2k.c
index d9620c221c..1c4a751dda 100644
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_2k.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_2k.c
@@ -20,35 +20,35 @@ int mp_reduce_2k(mp_int *a, mp_int *n, mp_digit d)
{
mp_int q;
int p, res;
-
+
if ((res = mp_init(&q)) != MP_OKAY) {
return res;
}
-
- p = mp_count_bits(n);
+
+ p = mp_count_bits(n);
top:
/* q = a/2**p, a = a mod 2**p */
if ((res = mp_div_2d(a, p, &q, a)) != MP_OKAY) {
goto ERR;
}
-
+
if (d != 1) {
/* q = q * d */
- if ((res = mp_mul_d(&q, d, &q)) != MP_OKAY) {
+ if ((res = mp_mul_d(&q, d, &q)) != MP_OKAY) {
goto ERR;
}
}
-
+
/* a = a + q */
if ((res = s_mp_add(a, &q, a)) != MP_OKAY) {
goto ERR;
}
-
+
if (mp_cmp_mag(a, n) != MP_LT) {
s_mp_sub(a, n, a);
goto top;
}
-
+
ERR:
mp_clear(&q);
return res;
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_2k_l.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_2k_l.c
index f06103d6a6..71abeaebba 100644
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_2k_l.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_2k_l.c
@@ -15,7 +15,7 @@
* Tom St Denis, tomstdenis@gmail.com, http://libtom.org
*/
-/* reduces a modulo n where n is of the form 2**p - d
+/* reduces a modulo n where n is of the form 2**p - d
This differs from reduce_2k since "d" can be larger
than a single digit.
*/
@@ -23,33 +23,33 @@ int mp_reduce_2k_l(mp_int *a, mp_int *n, mp_int *d)
{
mp_int q;
int p, res;
-
+
if ((res = mp_init(&q)) != MP_OKAY) {
return res;
}
-
- p = mp_count_bits(n);
+
+ p = mp_count_bits(n);
top:
/* q = a/2**p, a = a mod 2**p */
if ((res = mp_div_2d(a, p, &q, a)) != MP_OKAY) {
goto ERR;
}
-
+
/* q = q * d */
- if ((res = mp_mul(&q, d, &q)) != MP_OKAY) {
+ if ((res = mp_mul(&q, d, &q)) != MP_OKAY) {
goto ERR;
}
-
+
/* a = a + q */
if ((res = s_mp_add(a, &q, a)) != MP_OKAY) {
goto ERR;
}
-
+
if (mp_cmp_mag(a, n) != MP_LT) {
s_mp_sub(a, n, a);
goto top;
}
-
+
ERR:
mp_clear(&q);
return res;
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_2k_setup.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_2k_setup.c
index a80e7a22f2..dca723c815 100644
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_2k_setup.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_2k_setup.c
@@ -20,22 +20,22 @@ int mp_reduce_2k_setup(mp_int *a, mp_digit *d)
{
int res, p;
mp_int tmp;
-
+
if ((res = mp_init(&tmp)) != MP_OKAY) {
return res;
}
-
+
p = mp_count_bits(a);
if ((res = mp_2expt(&tmp, p)) != MP_OKAY) {
mp_clear(&tmp);
return res;
}
-
+
if ((res = s_mp_sub(&tmp, a, &tmp)) != MP_OKAY) {
mp_clear(&tmp);
return res;
}
-
+
*d = tmp.dp[0];
mp_clear(&tmp);
return MP_OKAY;
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_2k_setup_l.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_2k_setup_l.c
index 7cf002e888..cc59a6e715 100644
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_2k_setup_l.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_2k_setup_l.c
@@ -20,19 +20,19 @@ int mp_reduce_2k_setup_l(mp_int *a, mp_int *d)
{
int res;
mp_int tmp;
-
+
if ((res = mp_init(&tmp)) != MP_OKAY) {
return res;
}
-
+
if ((res = mp_2expt(&tmp, mp_count_bits(a))) != MP_OKAY) {
goto ERR;
}
-
+
if ((res = s_mp_sub(&tmp, a, d)) != MP_OKAY) {
goto ERR;
}
-
+
ERR:
mp_clear(&tmp);
return res;
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_is_2k.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_is_2k.c
index 7308be73e2..c8d25d83e2 100644
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_is_2k.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_is_2k.c
@@ -20,7 +20,7 @@ int mp_reduce_is_2k(mp_int *a)
{
int ix, iy, iw;
mp_digit iz;
-
+
if (a->used == 0) {
return MP_NO;
} else if (a->used == 1) {
@@ -29,7 +29,7 @@ int mp_reduce_is_2k(mp_int *a)
iy = mp_count_bits(a);
iz = 1;
iw = 1;
-
+
/* Test every bit from the second digit up, must be 1 */
for (ix = DIGIT_BIT; ix < iy; ix++) {
if ((a->dp[iw] & iz) == 0) {
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_is_2k_l.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_is_2k_l.c
index 14a4d21846..ad006f39c5 100644
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_is_2k_l.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_is_2k_l.c
@@ -19,7 +19,7 @@
int mp_reduce_is_2k_l(mp_int *a)
{
int ix, iy;
-
+
if (a->used == 0) {
return MP_NO;
} else if (a->used == 1) {
@@ -32,7 +32,7 @@ int mp_reduce_is_2k_l(mp_int *a)
}
}
return (iy >= (a->used/2)) ? MP_YES : MP_NO;
-
+
}
return MP_NO;
}
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_setup.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_setup.c
index 370f20bb17..035419bf34 100644
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_setup.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_setup.c
@@ -21,7 +21,7 @@
int mp_reduce_setup (mp_int * a, mp_int * b)
{
int res;
-
+
if ((res = mp_2expt (a, b->used * 2 * DIGIT_BIT)) != MP_OKAY) {
return res;
}
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_rshd.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_rshd.c
index 2a693c5a5b..ed13ce59a4 100644
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_rshd.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_rshd.c
@@ -42,8 +42,8 @@ void mp_rshd (mp_int * a, int b)
/* top [offset into digits] */
top = a->dp + b;
- /* this is implemented as a sliding window where
- * the window is b-digits long and digits from
+ /* this is implemented as a sliding window where
+ * the window is b-digits long and digits from
* the top of the window are copied to the bottom
*
* e.g.
@@ -61,7 +61,7 @@ void mp_rshd (mp_int * a, int b)
*bottom++ = 0;
}
}
-
+
/* remove excess digits */
a->used -= b;
}
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_set_int.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_set_int.c
index cf10ea1a44..3072e76e1c 100644
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_set_int.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_set_int.c
@@ -21,7 +21,7 @@ int mp_set_int (mp_int * a, unsigned long b)
int x, res;
mp_zero (a);
-
+
/* set four bits at a time */
for (x = 0; x < 8; x++) {
/* shift the number up four bits */
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_sqr.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_sqr.c
index 868ccbbaef..90f4dd6d72 100644
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_sqr.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_sqr.c
@@ -26,18 +26,18 @@ mp_sqr (mp_int * a, mp_int * b)
if (a->used >= TOOM_SQR_CUTOFF) {
res = mp_toom_sqr(a, b);
/* Karatsuba? */
- } else
+ } else
#endif
#ifdef BN_MP_KARATSUBA_SQR_C
if (a->used >= KARATSUBA_SQR_CUTOFF) {
res = mp_karatsuba_sqr (a, b);
- } else
+ } else
#endif
{
#ifdef BN_FAST_S_MP_SQR_C
/* can we use the fast comba multiplier? */
- if ((a->used * 2 + 1) < MP_WARRAY &&
- a->used <
+ if ((a->used * 2 + 1) < MP_WARRAY &&
+ a->used <
(1 << (sizeof(mp_word) * CHAR_BIT - 2*DIGIT_BIT - 1))) {
res = fast_s_mp_sqr (a, b);
} else
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_sqrt.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_sqrt.c
index 8fd057ceed..8391297f7e 100644
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_sqrt.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_sqrt.c
@@ -16,7 +16,7 @@
*/
/* this function is less generic than mp_n_root, simpler and faster */
-int mp_sqrt(mp_int *arg, mp_int *ret)
+int mp_sqrt(mp_int *arg, mp_int *ret)
{
int res;
mp_int t1,t2;
@@ -43,7 +43,7 @@ int mp_sqrt(mp_int *arg, mp_int *ret)
/* First approx. (not very bad for large arg) */
mp_rshd (&t1,t1.used/2);
- /* t1 > 0 */
+ /* t1 > 0 */
if ((res = mp_div(arg,&t1,&t2,NULL)) != MP_OKAY) {
goto E1;
}
@@ -54,7 +54,7 @@ int mp_sqrt(mp_int *arg, mp_int *ret)
goto E1;
}
/* And now t1 > sqrt(arg) */
- do {
+ do {
if ((res = mp_div(arg,&t1,&t2,NULL)) != MP_OKAY) {
goto E1;
}
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_toom_mul.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_toom_mul.c
index ad5d9e9b64..b996342466 100644
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_toom_mul.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_toom_mul.c
@@ -15,28 +15,28 @@
* Tom St Denis, tomstdenis@gmail.com, http://libtom.org
*/
-/* multiplication using the Toom-Cook 3-way algorithm
+/* multiplication using the Toom-Cook 3-way algorithm
*
- * Much more complicated than Karatsuba but has a lower
- * asymptotic running time of O(N**1.464). This algorithm is
- * only particularly useful on VERY large inputs
+ * Much more complicated than Karatsuba but has a lower
+ * asymptotic running time of O(N**1.464). This algorithm is
+ * only particularly useful on VERY large inputs
* (we're talking 1000s of digits here...).
*/
int mp_toom_mul(mp_int *a, mp_int *b, mp_int *c)
{
mp_int w0, w1, w2, w3, w4, tmp1, tmp2, a0, a1, a2, b0, b1, b2;
int res, B;
-
+
/* init temps */
- if ((res = mp_init_multi(&w0, &w1, &w2, &w3, &w4,
- &a0, &a1, &a2, &b0, &b1,
+ if ((res = mp_init_multi(&w0, &w1, &w2, &w3, &w4,
+ &a0, &a1, &a2, &b0, &b1,
&b2, &tmp1, &tmp2, NULL)) != MP_OKAY) {
return res;
}
-
+
/* B */
B = MIN(a->used, b->used) / 3;
-
+
/* a = a2 * B**2 + a1 * B + a0 */
if ((res = mp_mod_2d(a, DIGIT_BIT * B, &a0)) != MP_OKAY) {
goto ERR;
@@ -52,7 +52,7 @@ int mp_toom_mul(mp_int *a, mp_int *b, mp_int *c)
goto ERR;
}
mp_rshd(&a2, B*2);
-
+
/* b = b2 * B**2 + b1 * B + b0 */
if ((res = mp_mod_2d(b, DIGIT_BIT * B, &b0)) != MP_OKAY) {
goto ERR;
@@ -68,17 +68,17 @@ int mp_toom_mul(mp_int *a, mp_int *b, mp_int *c)
goto ERR;
}
mp_rshd(&b2, B*2);
-
+
/* w0 = a0*b0 */
if ((res = mp_mul(&a0, &b0, &w0)) != MP_OKAY) {
goto ERR;
}
-
+
/* w4 = a2 * b2 */
if ((res = mp_mul(&a2, &b2, &w4)) != MP_OKAY) {
goto ERR;
}
-
+
/* w1 = (a2 + 2(a1 + 2a0))(b2 + 2(b1 + 2b0)) */
if ((res = mp_mul_2(&a0, &tmp1)) != MP_OKAY) {
goto ERR;
@@ -92,7 +92,7 @@ int mp_toom_mul(mp_int *a, mp_int *b, mp_int *c)
if ((res = mp_add(&tmp1, &a2, &tmp1)) != MP_OKAY) {
goto ERR;
}
-
+
if ((res = mp_mul_2(&b0, &tmp2)) != MP_OKAY) {
goto ERR;
}
@@ -105,11 +105,11 @@ int mp_toom_mul(mp_int *a, mp_int *b, mp_int *c)
if ((res = mp_add(&tmp2, &b2, &tmp2)) != MP_OKAY) {
goto ERR;
}
-
+
if ((res = mp_mul(&tmp1, &tmp2, &w1)) != MP_OKAY) {
goto ERR;
}
-
+
/* w3 = (a0 + 2(a1 + 2a2))(b0 + 2(b1 + 2b2)) */
if ((res = mp_mul_2(&a2, &tmp1)) != MP_OKAY) {
goto ERR;
@@ -123,7 +123,7 @@ int mp_toom_mul(mp_int *a, mp_int *b, mp_int *c)
if ((res = mp_add(&tmp1, &a0, &tmp1)) != MP_OKAY) {
goto ERR;
}
-
+
if ((res = mp_mul_2(&b2, &tmp2)) != MP_OKAY) {
goto ERR;
}
@@ -136,11 +136,11 @@ int mp_toom_mul(mp_int *a, mp_int *b, mp_int *c)
if ((res = mp_add(&tmp2, &b0, &tmp2)) != MP_OKAY) {
goto ERR;
}
-
+
if ((res = mp_mul(&tmp1, &tmp2, &w3)) != MP_OKAY) {
goto ERR;
}
-
+
/* w2 = (a2 + a1 + a0)(b2 + b1 + b0) */
if ((res = mp_add(&a2, &a1, &tmp1)) != MP_OKAY) {
@@ -158,19 +158,19 @@ int mp_toom_mul(mp_int *a, mp_int *b, mp_int *c)
if ((res = mp_mul(&tmp1, &tmp2, &w2)) != MP_OKAY) {
goto ERR;
}
-
- /* now solve the matrix
-
+
+ /* now solve the matrix
+
0 0 0 0 1
1 2 4 8 16
1 1 1 1 1
16 8 4 2 1
1 0 0 0 0
-
- using 12 subtractions, 4 shifts,
- 2 small divisions and 1 small multiplication
+
+ using 12 subtractions, 4 shifts,
+ 2 small divisions and 1 small multiplication
*/
-
+
/* r1 - r4 */
if ((res = mp_sub(&w1, &w4, &w1)) != MP_OKAY) {
goto ERR;
@@ -242,7 +242,7 @@ int mp_toom_mul(mp_int *a, mp_int *b, mp_int *c)
if ((res = mp_div_3(&w3, &w3, NULL)) != MP_OKAY) {
goto ERR;
}
-
+
/* at this point shift W[n] by B*n */
if ((res = mp_lshd(&w1, 1*B)) != MP_OKAY) {
goto ERR;
@@ -255,8 +255,8 @@ int mp_toom_mul(mp_int *a, mp_int *b, mp_int *c)
}
if ((res = mp_lshd(&w4, 4*B)) != MP_OKAY) {
goto ERR;
- }
-
+ }
+
if ((res = mp_add(&w0, &w1, c)) != MP_OKAY) {
goto ERR;
}
@@ -268,15 +268,15 @@ int mp_toom_mul(mp_int *a, mp_int *b, mp_int *c)
}
if ((res = mp_add(&tmp1, c, c)) != MP_OKAY) {
goto ERR;
- }
-
+ }
+
ERR:
- mp_clear_multi(&w0, &w1, &w2, &w3, &w4,
- &a0, &a1, &a2, &b0, &b1,
+ mp_clear_multi(&w0, &w1, &w2, &w3, &w4,
+ &a0, &a1, &a2, &b0, &b1,
&b2, &tmp1, &tmp2, NULL);
return res;
-}
-
+}
+
#endif
/* $Source: /cvs/libtom/libtommath/bn_mp_toom_mul.c,v $ */
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_toradix_n.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_toradix_n.c
index 796ed55c65..28085124ea 100644
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_toradix_n.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_toradix_n.c
@@ -15,9 +15,9 @@
* Tom St Denis, tomstdenis@gmail.com, http://libtom.org
*/
-/* stores a bignum as a ASCII string in a given radix (2..64)
+/* stores a bignum as a ASCII string in a given radix (2..64)
*
- * Stores upto maxlen-1 chars and always a NULL byte
+ * Stores upto maxlen-1 chars and always a NULL byte
*/
int mp_toradix_n(mp_int * a, char *str, int radix, int maxlen)
{
@@ -50,7 +50,7 @@ int mp_toradix_n(mp_int * a, char *str, int radix, int maxlen)
/* store the flag and mark the number as positive */
*str++ = '-';
t.sign = MP_ZPOS;
-
+
/* subtract a char */
--maxlen;
}
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_s_mp_add.c b/source4/heimdal/lib/hcrypto/libtommath/bn_s_mp_add.c
index f034ae62aa..e7f54f4cf1 100644
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_s_mp_add.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_s_mp_add.c
@@ -74,8 +74,8 @@ s_mp_add (mp_int * a, mp_int * b, mp_int * c)
*tmpc++ &= MP_MASK;
}
- /* now copy higher words if any, that is in A+B
- * if A or B has more digits add those in
+ /* now copy higher words if any, that is in A+B
+ * if A or B has more digits add those in
*/
if (min != max) {
for (; i < max; i++) {
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_s_mp_exptmod.c b/source4/heimdal/lib/hcrypto/libtommath/bn_s_mp_exptmod.c
index 097d894702..deb4b4ddb1 100644
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_s_mp_exptmod.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_s_mp_exptmod.c
@@ -54,7 +54,7 @@ int s_mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y, int redmode)
/* init M array */
/* init first cell */
if ((err = mp_init(&M[1])) != MP_OKAY) {
- return err;
+ return err;
}
/* now init the second half of the array */
@@ -72,7 +72,7 @@ int s_mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y, int redmode)
if ((err = mp_init (&mu)) != MP_OKAY) {
goto LBL_M;
}
-
+
if (redmode == 0) {
if ((err = mp_reduce_setup (&mu, P)) != MP_OKAY) {
goto LBL_MU;
@@ -83,22 +83,22 @@ int s_mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y, int redmode)
goto LBL_MU;
}
redux = mp_reduce_2k_l;
- }
+ }
/* create M table
*
- * The M table contains powers of the base,
+ * The M table contains powers of the base,
* e.g. M[x] = G**x mod P
*
- * The first half of the table is not
+ * The first half of the table is not
* computed though accept for M[0] and M[1]
*/
if ((err = mp_mod (G, P, &M[1])) != MP_OKAY) {
goto LBL_MU;
}
- /* compute the value at M[1<<(winsize-1)] by squaring
- * M[1] (winsize-1) times
+ /* compute the value at M[1<<(winsize-1)] by squaring
+ * M[1] (winsize-1) times
*/
if ((err = mp_copy (&M[1], &M[1 << (winsize - 1)])) != MP_OKAY) {
goto LBL_MU;
@@ -106,7 +106,7 @@ int s_mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y, int redmode)
for (x = 0; x < (winsize - 1); x++) {
/* square it */
- if ((err = mp_sqr (&M[1 << (winsize - 1)],
+ if ((err = mp_sqr (&M[1 << (winsize - 1)],
&M[1 << (winsize - 1)])) != MP_OKAY) {
goto LBL_MU;
}
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_s_mp_mul_digs.c b/source4/heimdal/lib/hcrypto/libtommath/bn_s_mp_mul_digs.c
index f5bbf39ce2..c5892181f9 100644
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_s_mp_mul_digs.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_s_mp_mul_digs.c
@@ -16,7 +16,7 @@
*/
/* multiplies |a| * |b| and only computes upto digs digits of result
- * HAC pp. 595, Algorithm 14.12 Modified so you can control how
+ * HAC pp. 595, Algorithm 14.12 Modified so you can control how
* many digits of output are created.
*/
int s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
@@ -29,7 +29,7 @@ int s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
/* can we use the fast multiplier? */
if (((digs) < MP_WARRAY) &&
- MIN (a->used, b->used) <
+ MIN (a->used, b->used) <
(1 << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) {
return fast_s_mp_mul_digs (a, b, c, digs);
}
@@ -51,10 +51,10 @@ int s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
/* setup some aliases */
/* copy of the digit from a used within the nested loop */
tmpx = a->dp[ix];
-
+
/* an alias for the destination shifted ix places */
tmpt = t.dp + ix;
-
+
/* an alias for the digits of b */
tmpy = b->dp;
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_s_mp_sqr.c b/source4/heimdal/lib/hcrypto/libtommath/bn_s_mp_sqr.c
index d2531c2925..c1c3826db5 100644
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_s_mp_sqr.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_s_mp_sqr.c
@@ -48,7 +48,7 @@ int s_mp_sqr (mp_int * a, mp_int * b)
/* alias for where to store the results */
tmpt = t.dp + (2*ix + 1);
-
+
for (iy = ix + 1; iy < pa; iy++) {
/* first calculate the product */
r = ((mp_word)tmpx) * ((mp_word)a->dp[iy]);
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bncore.c b/source4/heimdal/lib/hcrypto/libtommath/bncore.c
index 8fb1824c6f..919e3b33b0 100644
--- a/source4/heimdal/lib/hcrypto/libtommath/bncore.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bncore.c
@@ -21,14 +21,14 @@
-------------------------------------------------------------
Intel P4 Northwood /GCC v3.4.1 / 88/ 128/LTM 0.32 ;-)
AMD Athlon64 /GCC v3.4.4 / 80/ 120/LTM 0.35
-
+
*/
int KARATSUBA_MUL_CUTOFF = 80, /* Min. number of digits before Karatsuba multiplication is used. */
KARATSUBA_SQR_CUTOFF = 120, /* Min. number of digits before Karatsuba squaring is used. */
-
+
TOOM_MUL_CUTOFF = 350, /* no optimal values of these are known yet so set em high */
- TOOM_SQR_CUTOFF = 400;
+ TOOM_SQR_CUTOFF = 400;
#endif
/* $Source: /cvs/libtom/libtommath/bncore.c,v $ */
diff --git a/source4/heimdal/lib/hcrypto/libtommath/mtest/mpi-config.h b/source4/heimdal/lib/hcrypto/libtommath/mtest/mpi-config.h
index 6049c25ba7..f69e36d650 100644
--- a/source4/heimdal/lib/hcrypto/libtommath/mtest/mpi-config.h
+++ b/source4/heimdal/lib/hcrypto/libtommath/mtest/mpi-config.h
@@ -5,7 +5,7 @@
#define MPI_CONFIG_H_
/*
- For boolean options,
+ For boolean options,
0 = no
1 = yes
diff --git a/source4/heimdal/lib/hcrypto/libtommath/mtest/mpi.c b/source4/heimdal/lib/hcrypto/libtommath/mtest/mpi.c
index 7c712dd62d..4030841e54 100644
--- a/source4/heimdal/lib/hcrypto/libtommath/mtest/mpi.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/mtest/mpi.c
@@ -22,7 +22,7 @@
#define DIAG(T,V)
#endif
-/*
+/*
If MP_LOGTAB is not defined, use the math library to compute the
logarithms on the fly. Otherwise, use the static table below.
Pick which works best for your system.
@@ -33,7 +33,7 @@
/*
A table of the logs of 2 for various bases (the 0 and 1 entries of
- this table are meaningless and should not be referenced).
+ this table are meaningless and should not be referenced).
This table is used to compute output lengths for the mp_toradix()
function. Since a number n in radix r takes up about log_r(n)
@@ -43,7 +43,7 @@
log_r(n) = log_2(n) * log_r(2)
This table, therefore, is a table of log_r(2) for 2 <= r <= 36,
- which are the output bases supported.
+ which are the output bases supported.
*/
#include "logtab.h"
@@ -104,7 +104,7 @@ static const char *mp_err_string[] = {
/* Value to digit maps for radix conversion */
/* s_dmap_1 - standard digits and letters */
-static const char *s_dmap_1 =
+static const char *s_dmap_1 =
"0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+/";
#if 0
@@ -117,7 +117,7 @@ static const char *s_dmap_2 =
/* {{{ Static function declarations */
-/*
+/*
If MP_MACRO is false, these will be defined as actual functions;
otherwise, suitable macro definitions will be used. This works
around the fact that ANSI C89 doesn't support an 'inline' keyword
@@ -258,7 +258,7 @@ mp_err mp_init_array(mp_int mp[], int count)
return MP_OKAY;
CLEANUP:
- while(--pos >= 0)
+ while(--pos >= 0)
mp_clear(&mp[pos]);
return res;
@@ -355,7 +355,7 @@ mp_err mp_copy(mp_int *from, mp_int *to)
if(ALLOC(to) >= USED(from)) {
s_mp_setz(DIGITS(to) + USED(from), ALLOC(to) - USED(from));
s_mp_copy(DIGITS(from), DIGITS(to), USED(from));
-
+
} else {
if((tmp = s_mp_alloc(USED(from), sizeof(mp_digit))) == NULL)
return MP_MEM;
@@ -445,7 +445,7 @@ void mp_clear_array(mp_int mp[], int count)
{
ARGCHK(mp != NULL && count > 0, MP_BADARG);
- while(--count >= 0)
+ while(--count >= 0)
mp_clear(&mp[count]);
} /* end mp_clear_array() */
@@ -455,7 +455,7 @@ void mp_clear_array(mp_int mp[], int count)
/* {{{ mp_zero(mp) */
/*
- mp_zero(mp)
+ mp_zero(mp)
Set mp to zero. Does not change the allocated size of the structure,
and therefore cannot fail (except on a bad argument, which we ignore)
@@ -506,7 +506,7 @@ mp_err mp_set_int(mp_int *mp, long z)
if((res = s_mp_mul_2d(mp, CHAR_BIT)) != MP_OKAY)
return res;
- res = s_mp_add_d(mp,
+ res = s_mp_add_d(mp,
(mp_digit)((v >> (ix * CHAR_BIT)) & UCHAR_MAX));
if(res != MP_OKAY)
return res;
@@ -841,9 +841,9 @@ mp_err mp_neg(mp_int *a, mp_int *b)
if((res = mp_copy(a, b)) != MP_OKAY)
return res;
- if(s_mp_cmp_d(b, 0) == MP_EQ)
+ if(s_mp_cmp_d(b, 0) == MP_EQ)
SIGN(b) = MP_ZPOS;
- else
+ else
SIGN(b) = (SIGN(b) == MP_NEG) ? MP_ZPOS : MP_NEG;
return MP_OKAY;
@@ -870,7 +870,7 @@ mp_err mp_add(mp_int *a, mp_int *b, mp_int *c)
if(SIGN(a) == SIGN(b)) { /* same sign: add values, keep sign */
/* Commutativity of addition lets us do this in either order,
- so we avoid having to use a temporary even if the result
+ so we avoid having to use a temporary even if the result
is supposed to replace the output
*/
if(c == b) {
@@ -880,14 +880,14 @@ mp_err mp_add(mp_int *a, mp_int *b, mp_int *c)
if(c != a && (res = mp_copy(a, c)) != MP_OKAY)
return res;
- if((res = s_mp_add(c, b)) != MP_OKAY)
+ if((res = s_mp_add(c, b)) != MP_OKAY)
return res;
}
} else if((cmp = s_mp_cmp(a, b)) > 0) { /* different sign: a > b */
/* If the output is going to be clobbered, we will use a temporary
- variable; otherwise, we'll do it without touching the memory
+ variable; otherwise, we'll do it without touching the memory
allocator at all, if possible
*/
if(c == b) {
@@ -1019,7 +1019,7 @@ mp_err mp_sub(mp_int *a, mp_int *b, mp_int *c)
mp_clear(&tmp);
} else {
- if(c != b && ((res = mp_copy(b, c)) != MP_OKAY))
+ if(c != b && ((res = mp_copy(b, c)) != MP_OKAY))
return res;
if((res = s_mp_sub(c, a)) != MP_OKAY)
@@ -1066,12 +1066,12 @@ mp_err mp_mul(mp_int *a, mp_int *b, mp_int *c)
if((res = s_mp_mul(c, b)) != MP_OKAY)
return res;
}
-
+
if(sgn == MP_ZPOS || s_mp_cmp_d(c, 0) == MP_EQ)
SIGN(c) = MP_ZPOS;
else
SIGN(c) = sgn;
-
+
return MP_OKAY;
} /* end mp_mul() */
@@ -1160,7 +1160,7 @@ mp_err mp_div(mp_int *a, mp_int *b, mp_int *q, mp_int *r)
return res;
}
- if(q)
+ if(q)
mp_zero(q);
return MP_OKAY;
@@ -1206,10 +1206,10 @@ mp_err mp_div(mp_int *a, mp_int *b, mp_int *q, mp_int *r)
SIGN(&rtmp) = MP_ZPOS;
/* Copy output, if it is needed */
- if(q)
+ if(q)
s_mp_exch(&qtmp, q);
- if(r)
+ if(r)
s_mp_exch(&rtmp, r);
CLEANUP:
@@ -1286,12 +1286,12 @@ mp_err mp_expt(mp_int *a, mp_int *b, mp_int *c)
/* Loop over bits of each non-maximal digit */
for(bit = 0; bit < DIGIT_BIT; bit++) {
if(d & 1) {
- if((res = s_mp_mul(&s, &x)) != MP_OKAY)
+ if((res = s_mp_mul(&s, &x)) != MP_OKAY)
goto CLEANUP;
}
d >>= 1;
-
+
if((res = s_mp_sqr(&x)) != MP_OKAY)
goto CLEANUP;
}
@@ -1311,7 +1311,7 @@ mp_err mp_expt(mp_int *a, mp_int *b, mp_int *c)
if((res = s_mp_sqr(&x)) != MP_OKAY)
goto CLEANUP;
}
-
+
if(mp_iseven(b))
SIGN(&s) = SIGN(a);
@@ -1362,7 +1362,7 @@ mp_err mp_mod(mp_int *a, mp_int *m, mp_int *c)
/*
If |a| > m, we need to divide to get the remainder and take the
- absolute value.
+ absolute value.
If |a| < m, we don't need to do any division, just copy and adjust
the sign (if a is negative).
@@ -1376,7 +1376,7 @@ mp_err mp_mod(mp_int *a, mp_int *m, mp_int *c)
if((mag = s_mp_cmp(a, m)) > 0) {
if((res = mp_div(a, m, NULL, c)) != MP_OKAY)
return res;
-
+
if(SIGN(c) == MP_NEG) {
if((res = mp_add(c, m, c)) != MP_OKAY)
return res;
@@ -1391,7 +1391,7 @@ mp_err mp_mod(mp_int *a, mp_int *m, mp_int *c)
return res;
}
-
+
} else {
mp_zero(c);
@@ -1464,9 +1464,9 @@ mp_err mp_sqrt(mp_int *a, mp_int *b)
return MP_RANGE;
/* Special cases for zero and one, trivial */
- if(mp_cmp_d(a, 0) == MP_EQ || mp_cmp_d(a, 1) == MP_EQ)
+ if(mp_cmp_d(a, 0) == MP_EQ || mp_cmp_d(a, 1) == MP_EQ)
return mp_copy(a, b);
-
+
/* Initialize the temporaries we'll use below */
if((res = mp_init_size(&t, USED(a))) != MP_OKAY)
return res;
@@ -1508,7 +1508,7 @@ mp_add_d(&x, 1, &x);
CLEANUP:
mp_clear(&x);
X:
- mp_clear(&t);
+ mp_clear(&t);
return res;
@@ -1626,7 +1626,7 @@ mp_err mp_sqrmod(mp_int *a, mp_int *m, mp_int *c)
Compute c = (a ** b) mod m. Uses a standard square-and-multiply
method with modular reductions at each step. (This is basically the
same code as mp_expt(), except for the addition of the reductions)
-
+
The modular reductions are done using Barrett's algorithm (see
s_mp_reduce() below for details)
*/
@@ -1655,7 +1655,7 @@ mp_err mp_exptmod(mp_int *a, mp_int *b, mp_int *m, mp_int *c)
mp_set(&s, 1);
/* mu = b^2k / m */
- s_mp_add_d(&mu, 1);
+ s_mp_add_d(&mu, 1);
s_mp_lshd(&mu, 2 * USED(m));
if((res = mp_div(&mu, m, &mu, NULL)) != MP_OKAY)
goto CLEANUP;
@@ -1866,7 +1866,7 @@ int mp_cmp_int(mp_int *a, long z)
int out;
ARGCHK(a != NULL, MP_EQ);
-
+
mp_init(&tmp); mp_set_int(&tmp, z);
out = mp_cmp(a, &tmp);
mp_clear(&tmp);
@@ -1953,13 +1953,13 @@ mp_err mp_gcd(mp_int *a, mp_int *b, mp_int *c)
if(mp_isodd(&u)) {
if((res = mp_copy(&v, &t)) != MP_OKAY)
goto CLEANUP;
-
+
/* t = -v */
if(SIGN(&v) == MP_ZPOS)
SIGN(&t) = MP_NEG;
else
SIGN(&t) = MP_ZPOS;
-
+
} else {
if((res = mp_copy(&u, &t)) != MP_OKAY)
goto CLEANUP;
@@ -2152,7 +2152,7 @@ mp_err mp_xgcd(mp_int *a, mp_int *b, mp_int *g, mp_int *x, mp_int *y)
if(y)
if((res = mp_copy(&D, y)) != MP_OKAY) goto CLEANUP;
-
+
if(g)
if((res = mp_mul(&gx, &v, g)) != MP_OKAY) goto CLEANUP;
@@ -2255,7 +2255,7 @@ void mp_print(mp_int *mp, FILE *ofp)
/* {{{ mp_read_signed_bin(mp, str, len) */
-/*
+/*
mp_read_signed_bin(mp, str, len)
Read in a raw value (base 256) into the given mp_int
@@ -2332,16 +2332,16 @@ mp_err mp_read_unsigned_bin(mp_int *mp, unsigned char *str, int len)
if((res = mp_add_d(mp, str[ix], mp)) != MP_OKAY)
return res;
}
-
+
return MP_OKAY;
-
+
} /* end mp_read_unsigned_bin() */
/* }}} */
/* {{{ mp_unsigned_bin_size(mp) */
-int mp_unsigned_bin_size(mp_int *mp)
+int mp_unsigned_bin_size(mp_int *mp)
{
mp_digit topdig;
int count;
@@ -2440,7 +2440,7 @@ int mp_count_bits(mp_int *mp)
}
return len;
-
+
} /* end mp_count_bits() */
/* }}} */
@@ -2462,14 +2462,14 @@ mp_err mp_read_radix(mp_int *mp, unsigned char *str, int radix)
mp_err res;
mp_sign sig = MP_ZPOS;
- ARGCHK(mp != NULL && str != NULL && radix >= 2 && radix <= MAX_RADIX,
+ ARGCHK(mp != NULL && str != NULL && radix >= 2 && radix <= MAX_RADIX,
MP_BADARG);
mp_zero(mp);
/* Skip leading non-digit characters until a digit or '-' or '+' */
- while(str[ix] &&
- (s_mp_tovalue(str[ix], radix) < 0) &&
+ while(str[ix] &&
+ (s_mp_tovalue(str[ix], radix) < 0) &&
str[ix] != '-' &&
str[ix] != '+') {
++ix;
@@ -2525,7 +2525,7 @@ int mp_radix_size(mp_int *mp, int radix)
/* num = number of digits
qty = number of bits per digit
radix = target base
-
+
Return the number of digits in the specified radix that would be
needed to express 'num' digits of 'qty' bits each.
*/
@@ -2594,7 +2594,7 @@ mp_err mp_toradix(mp_int *mp, unsigned char *str, int radix)
++ix;
--pos;
}
-
+
mp_clear(&tmp);
}
@@ -2806,11 +2806,11 @@ void s_mp_exch(mp_int *a, mp_int *b)
/* {{{ s_mp_lshd(mp, p) */
-/*
+/*
Shift mp leftward by p digits, growing if needed, and zero-filling
the in-shifted digits at the right end. This is a convenient
alternative to multiplication by powers of the radix
- */
+ */
mp_err s_mp_lshd(mp_int *mp, mp_size p)
{
@@ -2829,7 +2829,7 @@ mp_err s_mp_lshd(mp_int *mp, mp_size p)
dp = DIGITS(mp);
/* Shift all the significant figures over as needed */
- for(ix = pos - p; ix >= 0; ix--)
+ for(ix = pos - p; ix >= 0; ix--)
dp[ix + p] = dp[ix];
/* Fill the bottom digits with zeroes */
@@ -2844,7 +2844,7 @@ mp_err s_mp_lshd(mp_int *mp, mp_size p)
/* {{{ s_mp_rshd(mp, p) */
-/*
+/*
Shift mp rightward by p digits. Maintains the invariant that
digits above the precision are all zero. Digits shifted off the
end are lost. Cannot fail.
@@ -3054,7 +3054,7 @@ void s_mp_div_2d(mp_int *mp, mp_digit d)
end of the division process).
We multiply by the smallest power of 2 that gives us a leading digit
- at least half the radix. By choosing a power of 2, we simplify the
+ at least half the radix. By choosing a power of 2, we simplify the
multiplication and division steps to simple shifts.
*/
mp_digit s_mp_norm(mp_int *a, mp_int *b)
@@ -3066,7 +3066,7 @@ mp_digit s_mp_norm(mp_int *a, mp_int *b)
t <<= 1;
++d;
}
-
+
if(d != 0) {
s_mp_mul_2d(a, d);
s_mp_mul_2d(b, d);
@@ -3188,14 +3188,14 @@ mp_err s_mp_mul_d(mp_int *a, mp_digit d)
test guarantees we have enough storage to do this safely.
*/
if(k) {
- dp[max] = k;
+ dp[max] = k;
USED(a) = max + 1;
}
s_mp_clamp(a);
return MP_OKAY;
-
+
} /* end s_mp_mul_d() */
/* }}} */
@@ -3289,7 +3289,7 @@ mp_err s_mp_add(mp_int *a, mp_int *b) /* magnitude addition */
}
/* If we run out of 'b' digits before we're actually done, make
- sure the carries get propagated upward...
+ sure the carries get propagated upward...
*/
used = USED(a);
while(w && ix < used) {
@@ -3351,7 +3351,7 @@ mp_err s_mp_sub(mp_int *a, mp_int *b) /* magnitude subtract */
/* Clobber any leading zeroes we created */
s_mp_clamp(a);
- /*
+ /*
If there was a borrow out, then |b| > |a| in violation
of our input invariant. We've already done the work,
but we'll at least complain about it...
@@ -3387,7 +3387,7 @@ mp_err s_mp_reduce(mp_int *x, mp_int *m, mp_int *mu)
s_mp_mod_2d(&q, (mp_digit)(DIGIT_BIT * (um + 1)));
#else
s_mp_mul_dig(&q, m, um + 1);
-#endif
+#endif
/* x = x - q */
if((res = mp_sub(x, &q, x)) != MP_OKAY)
@@ -3441,7 +3441,7 @@ mp_err s_mp_mul(mp_int *a, mp_int *b)
pb = DIGITS(b);
for(ix = 0; ix < ub; ++ix, ++pb) {
- if(*pb == 0)
+ if(*pb == 0)
continue;
/* Inner product: Digits of a */
@@ -3480,7 +3480,7 @@ void s_mp_kmul(mp_digit *a, mp_digit *b, mp_digit *out, mp_size len)
for(ix = 0; ix < len; ++ix, ++b) {
if(*b == 0)
continue;
-
+
pa = a;
for(jx = 0; jx < len; ++jx, ++pa) {
pt = out + ix + jx;
@@ -3547,7 +3547,7 @@ mp_err s_mp_sqr(mp_int *a)
*/
for(jx = ix + 1, pa2 = DIGITS(a) + jx; jx < used; ++jx, ++pa2) {
mp_word u = 0, v;
-
+
/* Store this in a temporary to avoid indirections later */
pt = pbt + ix + jx;
@@ -3568,7 +3568,7 @@ mp_err s_mp_sqr(mp_int *a)
v = *pt + k;
/* If we do not already have an overflow carry, check to see
- if the addition will cause one, and set the carry out if so
+ if the addition will cause one, and set the carry out if so
*/
u |= ((MP_WORD_MAX - v) < w);
@@ -3592,7 +3592,7 @@ mp_err s_mp_sqr(mp_int *a)
/* If we are carrying out, propagate the carry to the next digit
in the output. This may cascade, so we have to be somewhat
circumspect -- but we will have enough precision in the output
- that we won't overflow
+ that we won't overflow
*/
kx = 1;
while(k) {
@@ -3664,7 +3664,7 @@ mp_err s_mp_div(mp_int *a, mp_int *b)
while(ix >= 0) {
/* Find a partial substring of a which is at least b */
while(s_mp_cmp(&rem, b) < 0 && ix >= 0) {
- if((res = s_mp_lshd(&rem, 1)) != MP_OKAY)
+ if((res = s_mp_lshd(&rem, 1)) != MP_OKAY)
goto CLEANUP;
if((res = s_mp_lshd(&quot, 1)) != MP_OKAY)
@@ -3676,8 +3676,8 @@ mp_err s_mp_div(mp_int *a, mp_int *b)
}
/* If we didn't find one, we're finished dividing */
- if(s_mp_cmp(&rem, b) < 0)
- break;
+ if(s_mp_cmp(&rem, b) < 0)
+ break;
/* Compute a guess for the next quotient digit */
q = DIGIT(&rem, USED(&rem) - 1);
@@ -3695,7 +3695,7 @@ mp_err s_mp_div(mp_int *a, mp_int *b)
if((res = s_mp_mul_d(&t, q)) != MP_OKAY)
goto CLEANUP;
- /*
+ /*
If it's too big, back it off. We should not have to do this
more than once, or, in rare cases, twice. Knuth describes a
method by which this could be reduced to a maximum of once, but
@@ -3719,7 +3719,7 @@ mp_err s_mp_div(mp_int *a, mp_int *b)
}
/* Denormalize remainder */
- if(d != 0)
+ if(d != 0)
s_mp_div_2d(&rem, d);
s_mp_clamp(&quot);
@@ -3727,7 +3727,7 @@ mp_err s_mp_div(mp_int *a, mp_int *b)
/* Copy quotient back to output */
s_mp_exch(&quot, a);
-
+
/* Copy remainder back to output */
s_mp_exch(&rem, b);
@@ -3757,7 +3757,7 @@ mp_err s_mp_2expt(mp_int *a, mp_digit k)
mp_zero(a);
if((res = s_mp_pad(a, dig + 1)) != MP_OKAY)
return res;
-
+
DIGIT(a, dig) |= (1 << bit);
return MP_OKAY;
@@ -3815,7 +3815,7 @@ int s_mp_cmp_d(mp_int *a, mp_digit d)
if(ua > 1)
return MP_GT;
- if(*ap < d)
+ if(*ap < d)
return MP_LT;
else if(*ap > d)
return MP_GT;
@@ -3857,7 +3857,7 @@ int s_mp_ispow2(mp_int *v)
}
return ((uv - 1) * DIGIT_BIT) + extra;
- }
+ }
return -1;
@@ -3901,7 +3901,7 @@ int s_mp_ispow2d(mp_digit d)
int s_mp_tovalue(char ch, int r)
{
int val, xch;
-
+
if(r > 36)
xch = ch;
else
@@ -3917,7 +3917,7 @@ int s_mp_tovalue(char ch, int r)
val = 62;
else if(xch == '/')
val = 63;
- else
+ else
return -1;
if(val < 0 || val >= r)
@@ -3939,7 +3939,7 @@ int s_mp_tovalue(char ch, int r)
The results may be odd if you use a radix < 2 or > 64, you are
expected to know what you're doing.
*/
-
+
char s_mp_todigit(int val, int r, int low)
{
char ch;
@@ -3960,7 +3960,7 @@ char s_mp_todigit(int val, int r, int low)
/* {{{ s_mp_outlen(bits, radix) */
-/*
+/*
Return an estimate for how long a string is needed to hold a radix
r representation of a number with 'bits' significant bits.
diff --git a/source4/heimdal/lib/hcrypto/libtommath/tommath.h b/source4/heimdal/lib/hcrypto/libtommath/tommath.h
index 426207a298..67d3b06af6 100644
--- a/source4/heimdal/lib/hcrypto/libtommath/tommath.h
+++ b/source4/heimdal/lib/hcrypto/libtommath/tommath.h
@@ -46,7 +46,7 @@ extern "C" {
/* detect 64-bit mode if possible */
-#if defined(__x86_64__)
+#if defined(__x86_64__)
#if !(defined(MP_64BIT) && defined(MP_16BIT) && defined(MP_8BIT))
#define MP_64BIT
#endif
@@ -82,7 +82,7 @@ extern "C" {
/* this is to make porting into LibTomCrypt easier :-) */
#ifndef CRYPT
- #if defined(_MSC_VER) || defined(__BORLANDC__)
+ #if defined(_MSC_VER) || defined(__BORLANDC__)
typedef unsigned __int64 ulong64;
typedef signed __int64 long64;
#else
@@ -94,20 +94,20 @@ extern "C" {
typedef unsigned long mp_digit;
typedef ulong64 mp_word;
-#ifdef MP_31BIT
+#ifdef MP_31BIT
/* this is an extension that uses 31-bit digits */
#define DIGIT_BIT 31
#else
/* default case is 28-bit digits, defines MP_28BIT as a handy macro to test */
#define DIGIT_BIT 28
#define MP_28BIT
-#endif
+#endif
#endif
/* define heap macros */
#ifndef CRYPT
/* default to libc stuff */
- #ifndef XMALLOC
+ #ifndef XMALLOC
#define XMALLOC malloc
#define XFREE free
#define XREALLOC realloc
@@ -169,7 +169,7 @@ extern int KARATSUBA_MUL_CUTOFF,
#define MP_PREC 32 /* default digits of precision */
#else
#define MP_PREC 8 /* default digits of precision */
- #endif
+ #endif
#endif
/* size of comba arrays, should be at least 2 * 2**(BITS_PER_WORD - BITS_PER_DIGIT*2) */
@@ -473,7 +473,7 @@ int mp_prime_fermat(mp_int *a, mp_int *b, int *result);
int mp_prime_miller_rabin(mp_int *a, mp_int *b, int *result);
/* This gives [for a given bit size] the number of trials required
- * such that Miller-Rabin gives a prob of failure lower than 2^-96
+ * such that Miller-Rabin gives a prob of failure lower than 2^-96
*/
int mp_prime_rabin_miller_trials(int size);
@@ -494,7 +494,7 @@ int mp_prime_is_prime(mp_int *a, int t, int *result);
int mp_prime_next_prime(mp_int *a, int t, int bbs_style);
/* makes a truly random prime of a given size (bytes),
- * call with bbs = 1 if you want it to be congruent to 3 mod 4
+ * call with bbs = 1 if you want it to be congruent to 3 mod 4
*
* You have to supply a callback which fills in a buffer with random bytes. "dat" is a parameter you can
* have passed to the callback (e.g. a state or something). This function doesn't use "dat" itself
@@ -507,7 +507,7 @@ int mp_prime_next_prime(mp_int *a, int t, int bbs_style);
/* makes a truly random prime of a given size (bits),
*
* Flags are as follows:
- *
+ *
* LTM_PRIME_BBS - make prime congruent to 3 mod 4
* LTM_PRIME_SAFE - make sure (p-1)/2 is prime as well (implies LTM_PRIME_BBS)
* LTM_PRIME_2MSB_OFF - make the 2nd highest bit zero
diff --git a/source4/heimdal/lib/hcrypto/libtommath/tommath_superclass.h b/source4/heimdal/lib/hcrypto/libtommath/tommath_superclass.h
index 2fdebe6838..a96c36feb8 100644
--- a/source4/heimdal/lib/hcrypto/libtommath/tommath_superclass.h
+++ b/source4/heimdal/lib/hcrypto/libtommath/tommath_superclass.h
@@ -60,9 +60,9 @@
#undef BN_FAST_MP_INVMOD_C
/* To safely undefine these you have to make sure your RSA key won't exceed the Comba threshold
- * which is roughly 255 digits [7140 bits for 32-bit machines, 15300 bits for 64-bit machines]
+ * which is roughly 255 digits [7140 bits for 32-bit machines, 15300 bits for 64-bit machines]
* which means roughly speaking you can handle upto 2536-bit RSA keys with these defined without
- * trouble.
+ * trouble.
*/
#undef BN_S_MP_MUL_DIGS_C
#undef BN_S_MP_SQR_C
diff --git a/source4/heimdal/lib/hcrypto/pkcs12.c b/source4/heimdal/lib/hcrypto/pkcs12.c
index 92a40fa69a..a890f01a3d 100644
--- a/source4/heimdal/lib/hcrypto/pkcs12.c
+++ b/source4/heimdal/lib/hcrypto/pkcs12.c
@@ -141,7 +141,7 @@ PKCS12_key_gen(const void *key, size_t keylen,
BN_bn2bin(bnI, I + i + vlen - j);
}
BN_free(bnI);
- }
+ }
BN_free(bnB);
BN_free(bnOne);
size_I = vlen * 2;
diff --git a/source4/heimdal/lib/hcrypto/rand-egd.c b/source4/heimdal/lib/hcrypto/rand-egd.c
index 00d3286f24..dd2d3e13ec 100644
--- a/source4/heimdal/lib/hcrypto/rand-egd.c
+++ b/source4/heimdal/lib/hcrypto/rand-egd.c
@@ -144,7 +144,7 @@ egd_seed(const void *indata, int size)
break;
indata = ((unsigned char *)indata) + len;
size -= len;
- }
+ }
close(fd);
}
@@ -170,7 +170,7 @@ get_bytes(const char *path, unsigned char *outdata, int size)
break;
outdata += len;
size -= len;
- }
+ }
close(fd);
return ret;
diff --git a/source4/heimdal/lib/hcrypto/rc2.c b/source4/heimdal/lib/hcrypto/rc2.c
index dcfe42d02d..63bd3daa00 100644
--- a/source4/heimdal/lib/hcrypto/rc2.c
+++ b/source4/heimdal/lib/hcrypto/rc2.c
@@ -106,7 +106,7 @@ RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits)
k[j] = Sbox[k[j + 1] ^ k[j + T8]];
for (j = 0; j < 64; j++)
- key->data[j] = k[(j * 2) + 0] | (k[(j * 2) + 1] << 8);
+ key->data[j] = k[(j * 2) + 0] | (k[(j * 2) + 1] << 8);
memset(k, 0, sizeof(k));
}
diff --git a/source4/heimdal/lib/hcrypto/rsa-ltm.c b/source4/heimdal/lib/hcrypto/rsa-ltm.c
index 6ef4a83c51..5cd3e9361e 100644
--- a/source4/heimdal/lib/hcrypto/rsa-ltm.c
+++ b/source4/heimdal/lib/hcrypto/rsa-ltm.c
@@ -188,7 +188,7 @@ ltm_rsa_public_encrypt(int flen, const unsigned char* from,
memcpy(p, from, flen);
p += flen;
assert((p - p0) == size - 1);
-
+
mp_read_unsigned_bin(&dec, p0, size - 1);
free(p0);
diff --git a/source4/heimdal/lib/hcrypto/rsa.c b/source4/heimdal/lib/hcrypto/rsa.c
index a3fc0cd7ae..c71ded1b7a 100644
--- a/source4/heimdal/lib/hcrypto/rsa.c
+++ b/source4/heimdal/lib/hcrypto/rsa.c
@@ -55,12 +55,12 @@
*
* Speed for RSA in seconds
* no key blinding
- * 1000 iteration,
+ * 1000 iteration,
* same rsa keys (1024 and 2048)
* operation performed each eteration sign, verify, encrypt, decrypt on a random bit pattern
*
* name 1024 2048 4098
- * =================================
+ * =================================
* gmp: 0.73 6.60 44.80
* tfm: 2.45 -- --
* ltm: 3.79 20.74 105.41 (default in hcrypto)
@@ -442,11 +442,11 @@ RSA_verify(int type, const unsigned char *from, unsigned int flen,
free_DigestInfo(&di);
return -1;
}
-
+
ret = der_heim_oid_cmp(&digest_alg->algorithm,
&di.digestAlgorithm.algorithm);
free_DigestInfo(&di);
-
+
if (ret != 0)
return 0;
return 1;
@@ -577,7 +577,7 @@ d2i_RSAPrivateKey(RSA *rsa, const unsigned char **pp, size_t len)
RSA_free(k);
return NULL;
}
-
+
return k;
}
@@ -701,6 +701,6 @@ d2i_RSAPublicKey(RSA *rsa, const unsigned char **pp, size_t len)
RSA_free(k);
return NULL;
}
-
+
return k;
}
diff --git a/source4/heimdal/lib/hcrypto/sha256.c b/source4/heimdal/lib/hcrypto/sha256.c
index 5e601bb358..108afdccc8 100644
--- a/source4/heimdal/lib/hcrypto/sha256.c
+++ b/source4/heimdal/lib/hcrypto/sha256.c
@@ -116,7 +116,7 @@ calc (SHA256_CTX *m, uint32_t *in)
T1 = HH + Sigma1(EE) + Ch(EE, FF, GG) + constant_256[i] + data[i];
T2 = Sigma0(AA) + Maj(AA,BB,CC);
-
+
HH = GG;
GG = FF;
FF = EE;
diff --git a/source4/heimdal/lib/hcrypto/sha512.c b/source4/heimdal/lib/hcrypto/sha512.c
index fb38cadb6f..4bea216668 100644
--- a/source4/heimdal/lib/hcrypto/sha512.c
+++ b/source4/heimdal/lib/hcrypto/sha512.c
@@ -140,7 +140,7 @@ calc (SHA512_CTX *m, uint64_t *in)
T1 = HH + Sigma1(EE) + Ch(EE, FF, GG) + constant_512[i] + data[i];
T2 = Sigma0(AA) + Maj(AA,BB,CC);
-
+
HH = GG;
GG = FF;
FF = EE;
diff --git a/source4/heimdal/lib/hcrypto/ui.c b/source4/heimdal/lib/hcrypto/ui.c
index e32bb9a0be..d0714fe6d5 100644
--- a/source4/heimdal/lib/hcrypto/ui.c
+++ b/source4/heimdal/lib/hcrypto/ui.c
@@ -62,7 +62,7 @@ intr(int sig)
*/
static int
-read_string(const char *preprompt, const char *prompt,
+read_string(const char *preprompt, const char *prompt,
char *buf, size_t len, int echo)
{
int of = 0;
@@ -86,13 +86,13 @@ read_string(const char *preprompt, const char *prompt,
if(of)
p--;
*p = 0;
-
+
if(echo == 0){
printf("\n");
}
signal(SIGINT, oldsigintr);
-
+
if(intr_flag)
return -2;
if(of)
diff --git a/source4/heimdal/lib/hcrypto/validate.c b/source4/heimdal/lib/hcrypto/validate.c
index f6f8be7030..48b9bfc6e3 100644
--- a/source4/heimdal/lib/hcrypto/validate.c
+++ b/source4/heimdal/lib/hcrypto/validate.c
@@ -69,7 +69,7 @@ struct tests tests[] = {
"\xdc\x95\xc0\x78\xa2\x40\x89\x89\xad\x48\xa2\x14\x92\x84\x20\x87"
},
#if 0
- {
+ {
EVP_aes_128_cfb8,
"aes-cfb8-128",
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
@@ -93,7 +93,7 @@ struct tests tests[] = {
"\x55\x95\x97\x76\xa9\x6c\x66\x40\x64\xc7\xf4\x1c\x21\xb7\x14\x1b"
},
#if 0
- {
+ {
EVP_camellia_128_cbc,
"camellia128",
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
@@ -105,7 +105,7 @@ struct tests tests[] = {
NULL
},
#endif
- {
+ {
EVP_rc4,
"rc4 8",
"\x01\x23\x45\x67\x89\xAB\xCD\xEF",
diff --git a/source4/heimdal/lib/hdb/dbinfo.c b/source4/heimdal/lib/hdb/dbinfo.c
index 5019016ed5..52e394106e 100644
--- a/source4/heimdal/lib/hdb/dbinfo.c
+++ b/source4/heimdal/lib/hdb/dbinfo.c
@@ -112,7 +112,7 @@ hdb_get_dbinfo(krb5_context context, struct hdb_dbinfo **dbp)
if (ret == 0 && di) {
databases = di;
dt = &di->next;
- }
+ }
for ( ; db_binding != NULL; db_binding = db_binding->next) {
diff --git a/source4/heimdal/lib/hdb/ext.c b/source4/heimdal/lib/hdb/ext.c
index fb32fdb845..d2a4373b9b 100644
--- a/source4/heimdal/lib/hdb/ext.c
+++ b/source4/heimdal/lib/hdb/ext.c
@@ -37,7 +37,7 @@
krb5_error_code
hdb_entry_check_mandatory(krb5_context context, const hdb_entry *ent)
{
- int i;
+ size_t i;
if (ent->extensions == NULL)
return 0;
@@ -63,13 +63,13 @@ hdb_entry_check_mandatory(krb5_context context, const hdb_entry *ent)
HDB_extension *
hdb_find_extension(const hdb_entry *entry, int type)
{
- int i;
+ size_t i;
if (entry->extensions == NULL)
return NULL;
for (i = 0; i < entry->extensions->len; i++)
- if (entry->extensions->val[i].data.element == type)
+ if (entry->extensions->val[i].data.element == (unsigned)type)
return &entry->extensions->val[i];
return NULL;
}
@@ -112,7 +112,7 @@ hdb_replace_extension(krb5_context context,
Der_type replace_type, list_type;
unsigned int replace_tag, list_tag;
size_t size;
- int i;
+ size_t i;
ret = der_get_tag(ext->data.u.asn1_ellipsis.data,
ext->data.u.asn1_ellipsis.length,
@@ -180,13 +180,13 @@ hdb_clear_extension(krb5_context context,
hdb_entry *entry,
int type)
{
- int i;
+ size_t i;
if (entry->extensions == NULL)
return 0;
for (i = 0; i < entry->extensions->len; i++) {
- if (entry->extensions->val[i].data.element == type) {
+ if (entry->extensions->val[i].data.element == (unsigned)type) {
free_HDB_extension(&entry->extensions->val[i]);
memmove(&entry->extensions->val[i],
&entry->extensions->val[i + 1],
@@ -286,7 +286,7 @@ hdb_entry_get_password(krb5_context context, HDB *db,
ext = hdb_find_extension(entry, choice_HDB_extension_data_password);
if (ext) {
- heim_utf8_string str;
+ heim_utf8_string xstr;
heim_octet_string pw;
if (db->hdb_master_key_set && ext->data.u.password.mkvno) {
@@ -314,13 +314,13 @@ hdb_entry_get_password(krb5_context context, HDB *db,
return ret;
}
- str = pw.data;
- if (str[pw.length - 1] != '\0') {
+ xstr = pw.data;
+ if (xstr[pw.length - 1] != '\0') {
krb5_set_error_message(context, EINVAL, "malformed password");
return EINVAL;
}
- *p = strdup(str);
+ *p = strdup(xstr);
der_free_octet_string(&pw);
if (*p == NULL) {
diff --git a/source4/heimdal/lib/hdb/hdb-keytab.c b/source4/heimdal/lib/hdb/hdb-keytab.c
index c1bad86796..ab2afb5d74 100644
--- a/source4/heimdal/lib/hdb/hdb-keytab.c
+++ b/source4/heimdal/lib/hdb/hdb-keytab.c
@@ -206,7 +206,7 @@ hdb_keytab_create(krb5_context context, HDB ** db, const char *arg)
krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM;
}
-
+
(*db)->hdb_db = k;
diff --git a/source4/heimdal/lib/hdb/hdb.c b/source4/heimdal/lib/hdb/hdb.c
index 2c1de8b3d7..ca05cc4a17 100644
--- a/source4/heimdal/lib/hdb/hdb.c
+++ b/source4/heimdal/lib/hdb/hdb.c
@@ -78,7 +78,9 @@ static struct hdb_method methods[] = {
{ HDB_INTERFACE_VERSION, "ldap:", hdb_ldap_create},
{ HDB_INTERFACE_VERSION, "ldapi:", hdb_ldapi_create},
#endif
+#ifdef HAVE_SQLITE3
{ HDB_INTERFACE_VERSION, "sqlite:", hdb_sqlite_create},
+#endif
{0, NULL, NULL}
};
@@ -166,7 +168,7 @@ hdb_unlock(int fd)
void
hdb_free_entry(krb5_context context, hdb_entry_ex *ent)
{
- int i;
+ size_t i;
if (ent->free_entry)
(*ent->free_entry)(context, ent);
@@ -215,7 +217,7 @@ hdb_check_db_format(krb5_context context, HDB *db)
if (ret)
return ret;
- tag.data = HDB_DB_FORMAT_ENTRY;
+ tag.data = (void *)(intptr_t)HDB_DB_FORMAT_ENTRY;
tag.length = strlen(tag.data);
ret = (*db->hdb__get)(context, db, tag, &version);
ret2 = db->hdb_unlock(context, db);
@@ -248,7 +250,7 @@ hdb_init_db(krb5_context context, HDB *db)
if (ret)
return ret;
- tag.data = HDB_DB_FORMAT_ENTRY;
+ tag.data = (void *)(intptr_t)HDB_DB_FORMAT_ENTRY;
tag.length = strlen(tag.data);
snprintf(ver, sizeof(ver), "%u", HDB_DB_FORMAT);
version.data = ver;
@@ -317,7 +319,7 @@ find_dynamic_method (krb5_context context,
if (asprintf(&symbol, "hdb_%s_interface", prefix) == -1)
krb5_errx(context, 1, "out of memory");
-
+
mso = (struct hdb_so_method *) dlsym(dl, symbol);
if (mso == NULL) {
krb5_warnx(context, "error finding symbol %s in %s: %s\n",
@@ -432,7 +434,7 @@ _hdb_keytab2hdb_entry(krb5_context context,
entry->entry.keys.val[0].mkvno = NULL;
entry->entry.keys.val[0].salt = NULL;
-
+
return krb5_copy_keyblock_contents(context,
&ktentry->keyblock,
&entry->entry.keys.val[0].key);
diff --git a/source4/heimdal/lib/hdb/hdb.h b/source4/heimdal/lib/hdb/hdb.h
index fffda7aef0..469ec82ec0 100644
--- a/source4/heimdal/lib/hdb/hdb.h
+++ b/source4/heimdal/lib/hdb/hdb.h
@@ -153,7 +153,7 @@ typedef struct HDB{
/**
* As part of iteration, fetch next entry
*/
- krb5_error_code (*hdb_nextkey)(krb5_context, struct HDB*,
+ krb5_error_code (*hdb_nextkey)(krb5_context, struct HDB*,
unsigned, hdb_entry_ex*);
/**
* Lock database
@@ -221,7 +221,7 @@ typedef struct HDB{
* ->hdb_store() into the database. The backend will still perform
* all other operations, increasing the kvno, and update
* modification timestamp.
- *
+ *
* The backend needs to call _kadm5_set_keys() and perform password
* quality checks.
*/
diff --git a/source4/heimdal/lib/hdb/keys.c b/source4/heimdal/lib/hdb/keys.c
index 63f254d002..3d0b9d7c1b 100644
--- a/source4/heimdal/lib/hdb/keys.c
+++ b/source4/heimdal/lib/hdb/keys.c
@@ -221,10 +221,10 @@ add_enctype_to_key_set(Key **key_set, size_t *nkeyset,
free_Key(&key);
return ENOMEM;
}
-
+
key.salt->type = salt->salttype;
krb5_data_zero (&key.salt->salt);
-
+
ret = krb5_data_copy(&key.salt->salt,
salt->saltvalue.data,
salt->saltvalue.length);
@@ -256,8 +256,8 @@ hdb_generate_key_set(krb5_context context, krb5_principal principal,
char **ktypes, **kp;
krb5_error_code ret;
Key *k, *key_set;
- int i, j;
- char *default_keytypes[] = {
+ size_t i, j;
+ static const char *default_keytypes[] = {
"aes256-cts-hmac-sha1-96:pw-salt",
"des3-cbc-sha1:pw-salt",
"arcfour-hmac-md5:pw-salt",
@@ -267,7 +267,7 @@ hdb_generate_key_set(krb5_context context, krb5_principal principal,
ktypes = krb5_config_get_strings(context, NULL, "kadmin",
"default_keys", NULL);
if (ktypes == NULL)
- ktypes = default_keytypes;
+ ktypes = (char **)(intptr_t)default_keytypes;
*ret_key_set = key_set = NULL;
*nkeyset = 0;
@@ -290,7 +290,7 @@ hdb_generate_key_set(krb5_context context, krb5_principal principal,
p = "des:afs3-salt";
else if (strcmp(p, "arcfour-hmac-md5") == 0)
p = "arcfour-hmac-md5:pw-salt";
-
+
memset(&salt, 0, sizeof(salt));
ret = parse_key_set(context, p,
@@ -337,7 +337,7 @@ hdb_generate_key_set(krb5_context context, krb5_principal principal,
*ret_key_set = key_set;
out:
- if (ktypes != default_keytypes)
+ if (ktypes != (char **)(intptr_t)default_keytypes)
krb5_config_free_strings(ktypes);
if (ret) {
@@ -364,7 +364,7 @@ hdb_generate_key_set_password(krb5_context context,
Key **keys, size_t *num_keys)
{
krb5_error_code ret;
- int i;
+ size_t i;
ret = hdb_generate_key_set(context, principal,
keys, num_keys, 0);
diff --git a/source4/heimdal/lib/hdb/keytab.c b/source4/heimdal/lib/hdb/keytab.c
index 05b78dafc5..c72b797dab 100644
--- a/source4/heimdal/lib/hdb/keytab.c
+++ b/source4/heimdal/lib/hdb/keytab.c
@@ -37,7 +37,7 @@
struct hdb_data {
char *dbname;
- char *mkey;
+ char *mkey;
};
struct hdb_cursor {
@@ -184,7 +184,7 @@ hdb_get_entry(krb5_context context,
const char *mkey = d->mkey;
char *fdbname = NULL, *fmkey = NULL;
HDB *db;
- int i;
+ size_t i;
memset(&ent, 0, sizeof(ent));
@@ -204,13 +204,13 @@ hdb_get_entry(krb5_context context,
(*db->hdb_destroy)(context, db);
goto out2;
}
-
+
ret = (*db->hdb_open)(context, db, O_RDONLY, 0);
if (ret) {
(*db->hdb_destroy)(context, db);
goto out2;
}
-
+
ret = (*db->hdb_fetch_kvno)(context, db, principal,
HDB_F_DECRYPT|HDB_F_KVNO_SPECIFIED|
HDB_F_GET_CLIENT|HDB_F_GET_SERVER|HDB_F_GET_KRBTGT,
@@ -222,7 +222,7 @@ hdb_get_entry(krb5_context context,
}else if(ret)
goto out;
- if(kvno && ent.entry.kvno != kvno) {
+ if(kvno && (krb5_kvno)ent.entry.kvno != kvno) {
hdb_free_entry(context, &ent);
ret = KRB5_KT_NOTFOUND;
goto out;
@@ -268,10 +268,10 @@ hdb_start_seq_get(krb5_context context,
const char *dbname = d->dbname;
const char *mkey = d->mkey;
HDB *db;
-
+
if (dbname == NULL) {
/*
- * We don't support enumerating without being told what
+ * We don't support enumerating without being told what
* backend to enumerate on
*/
ret = KRB5_KT_NOTFOUND;
@@ -286,7 +286,7 @@ hdb_start_seq_get(krb5_context context,
(*db->hdb_destroy)(context, db);
return ret;
}
-
+
ret = (*db->hdb_open)(context, db, O_RDONLY, 0);
if (ret) {
(*db->hdb_destroy)(context, db);
@@ -314,16 +314,16 @@ static int KRB5_CALLCONV
hdb_next_entry(krb5_context context,
krb5_keytab id,
krb5_keytab_entry *entry,
- krb5_kt_cursor *cursor)
+ krb5_kt_cursor *cursor)
{
struct hdb_cursor *c = cursor->data;
krb5_error_code ret;
-
+
memset(entry, 0, sizeof(*entry));
if (c->first) {
c->first = FALSE;
- ret = (c->db->hdb_firstkey)(context, c->db,
+ ret = (c->db->hdb_firstkey)(context, c->db,
HDB_F_DECRYPT|
HDB_F_GET_CLIENT|HDB_F_GET_SERVER|HDB_F_GET_KRBTGT,
&c->hdb_entry);
@@ -331,15 +331,15 @@ hdb_next_entry(krb5_context context,
return KRB5_KT_END;
else if (ret)
return ret;
-
+
if (c->hdb_entry.entry.keys.len == 0)
hdb_free_entry(context, &c->hdb_entry);
else
c->next = FALSE;
- }
-
+ }
+
while (c->next) {
- ret = (c->db->hdb_nextkey)(context, c->db,
+ ret = (c->db->hdb_nextkey)(context, c->db,
HDB_F_DECRYPT|
HDB_F_GET_CLIENT|HDB_F_GET_SERVER|HDB_F_GET_KRBTGT,
&c->hdb_entry);
@@ -347,21 +347,21 @@ hdb_next_entry(krb5_context context,
return KRB5_KT_END;
else if (ret)
return ret;
-
+
/* If no keys on this entry, try again */
if (c->hdb_entry.entry.keys.len == 0)
hdb_free_entry(context, &c->hdb_entry);
else
c->next = FALSE;
}
-
+
/*
* Return next enc type (keytabs are one slot per key, while
* hdb is one record per principal.
*/
-
- ret = krb5_copy_principal(context,
- c->hdb_entry.entry.principal,
+
+ ret = krb5_copy_principal(context,
+ c->hdb_entry.entry.principal,
&entry->principal);
if (ret)
return ret;
@@ -376,13 +376,13 @@ hdb_next_entry(krb5_context context,
return ret;
}
c->key_idx++;
-
- /*
+
+ /*
* Once we get to the end of the list, signal that we want the
* next entry
*/
-
- if (c->key_idx == c->hdb_entry.entry.keys.len) {
+
+ if ((size_t)c->key_idx == c->hdb_entry.entry.keys.len) {
hdb_free_entry(context, &c->hdb_entry);
c->next = TRUE;
c->key_idx = 0;
diff --git a/source4/heimdal/lib/hdb/mkey.c b/source4/heimdal/lib/hdb/mkey.c
index 760eccfd43..9a13d55a51 100644
--- a/source4/heimdal/lib/hdb/mkey.c
+++ b/source4/heimdal/lib/hdb/mkey.c
@@ -153,7 +153,7 @@ read_master_mit(krb5_context context, const char *filename,
krb5_storage *sp;
int16_t enctype;
krb5_keyblock key;
-
+
fd = open(filename, O_RDONLY | O_BINARY);
if(fd < 0) {
int save_errno = errno;
@@ -200,7 +200,7 @@ read_master_encryptionkey(krb5_context context, const char *filename,
unsigned char buf[256];
ssize_t len;
size_t ret_len;
-
+
fd = open(filename, O_RDONLY | O_BINARY);
if(fd < 0) {
int save_errno = errno;
@@ -246,7 +246,7 @@ read_master_krb4(krb5_context context, const char *filename,
krb5_error_code ret;
unsigned char buf[256];
ssize_t len;
-
+
fd = open(filename, O_RDONLY | O_BINARY);
if(fd < 0) {
int save_errno = errno;
@@ -372,7 +372,7 @@ _hdb_find_master_key(uint32_t *mkvno, hdb_master_key mkey)
if(mkvno == NULL) {
if(ret == NULL || mkey->keytab.vno > ret->keytab.vno)
ret = mkey;
- } else if(mkey->keytab.vno == *mkvno)
+ } else if((uint32_t)mkey->keytab.vno == *mkvno)
return mkey;
mkey = mkey->next;
}
@@ -406,7 +406,7 @@ _hdb_mkey_encrypt(krb5_context context, hdb_master_key key,
krb5_error_code
hdb_unseal_key_mkey(krb5_context context, Key *k, hdb_master_key mkey)
{
-
+
krb5_error_code ret;
krb5_data res;
size_t keysize;
@@ -415,7 +415,7 @@ hdb_unseal_key_mkey(krb5_context context, Key *k, hdb_master_key mkey)
if(k->mkvno == NULL)
return 0;
-
+
key = _hdb_find_master_key(k->mkvno, mkey);
if (key == NULL)
@@ -459,7 +459,7 @@ hdb_unseal_key_mkey(krb5_context context, Key *k, hdb_master_key mkey)
krb5_error_code
hdb_unseal_keys_mkey(krb5_context context, hdb_entry *ent, hdb_master_key mkey)
{
- int i;
+ size_t i;
for(i = 0; i < ent->keys.len; i++){
krb5_error_code ret;
@@ -519,14 +519,14 @@ hdb_seal_key_mkey(krb5_context context, Key *k, hdb_master_key mkey)
return ENOMEM;
}
*k->mkvno = key->keytab.vno;
-
+
return 0;
}
krb5_error_code
hdb_seal_keys_mkey(krb5_context context, hdb_entry *ent, hdb_master_key mkey)
{
- int i;
+ size_t i;
for(i = 0; i < ent->keys.len; i++){
krb5_error_code ret;
diff --git a/source4/heimdal/lib/hx509/ca.c b/source4/heimdal/lib/hx509/ca.c
index 492064d86d..cb5a7be62c 100644
--- a/source4/heimdal/lib/hx509/ca.c
+++ b/source4/heimdal/lib/hx509/ca.c
@@ -266,7 +266,7 @@ hx509_ca_tbs_set_template(hx509_context context,
}
if (flags & HX509_CA_TEMPLATE_EKU) {
ExtKeyUsage eku;
- int i;
+ size_t i;
ret = _hx509_cert_get_eku(context, cert, &eku);
if (ret)
return ret;
@@ -610,7 +610,7 @@ hx509_ca_tbs_add_san_pkinit(hx509_context context,
const char *str;
char *q;
int n;
-
+
/* count number of component */
n = 1;
for(str = principal; *str != '\0' && *str != '@'; str++){
@@ -633,7 +633,7 @@ hx509_ca_tbs_add_san_pkinit(hx509_context context,
goto out;
}
p.principalName.name_string.len = n;
-
+
p.principalName.name_type = KRB5_NT_PRINCIPAL;
q = s = strdup(principal);
if (q == NULL) {
@@ -689,7 +689,7 @@ add_utf8_san(hx509_context context,
const heim_oid *oid,
const char *string)
{
- const PKIXXmppAddr ustring = (const PKIXXmppAddr)string;
+ const PKIXXmppAddr ustring = (const PKIXXmppAddr)(intptr_t)string;
heim_octet_string os;
size_t size;
int ret;
@@ -866,7 +866,7 @@ hx509_ca_tbs_set_unique(hx509_context context,
der_free_bit_string(&tbs->subjectUniqueID);
der_free_bit_string(&tbs->issuerUniqueID);
-
+
if (subjectUniqueID) {
ret = der_copy_bit_string(subjectUniqueID, &tbs->subjectUniqueID);
if (ret)
diff --git a/source4/heimdal/lib/hx509/cert.c b/source4/heimdal/lib/hx509/cert.c
index 7f95ea5560..70e5756037 100644
--- a/source4/heimdal/lib/hx509/cert.c
+++ b/source4/heimdal/lib/hx509/cert.c
@@ -327,7 +327,7 @@ _hx509_cert_assign_key(hx509_cert cert, hx509_private_key private_key)
void
hx509_cert_free(hx509_cert cert)
{
- int i;
+ size_t i;
if (cert == NULL)
return;
@@ -355,7 +355,7 @@ hx509_cert_free(hx509_cert cert)
free(cert->friendlyname);
if (cert->basename)
hx509_name_free(&cert->basename);
- memset(cert, 0, sizeof(cert));
+ memset(cert, 0, sizeof(*cert));
free(cert);
}
@@ -574,7 +574,7 @@ hx509_verify_ctx_f_allow_default_trustanchors(hx509_verify_ctx ctx, int boolean)
}
void
-hx509_verify_ctx_f_allow_best_before_signature_algs(hx509_context ctx,
+hx509_verify_ctx_f_allow_best_before_signature_algs(hx509_context ctx,
int boolean)
{
if (boolean)
@@ -584,7 +584,7 @@ hx509_verify_ctx_f_allow_best_before_signature_algs(hx509_context ctx,
}
static const Extension *
-find_extension(const Certificate *cert, const heim_oid *oid, int *idx)
+find_extension(const Certificate *cert, const heim_oid *oid, size_t *idx)
{
const TBSCertificate *c = &cert->tbsCertificate;
@@ -604,7 +604,7 @@ find_extension_auth_key_id(const Certificate *subject,
{
const Extension *e;
size_t size;
- int i = 0;
+ size_t i = 0;
memset(ai, 0, sizeof(*ai));
@@ -623,7 +623,7 @@ _hx509_find_extension_subject_key_id(const Certificate *issuer,
{
const Extension *e;
size_t size;
- int i = 0;
+ size_t i = 0;
memset(si, 0, sizeof(*si));
@@ -642,7 +642,7 @@ find_extension_name_constraints(const Certificate *subject,
{
const Extension *e;
size_t size;
- int i = 0;
+ size_t i = 0;
memset(nc, 0, sizeof(*nc));
@@ -656,7 +656,7 @@ find_extension_name_constraints(const Certificate *subject,
}
static int
-find_extension_subject_alt_name(const Certificate *cert, int *i,
+find_extension_subject_alt_name(const Certificate *cert, size_t *i,
GeneralNames *sa)
{
const Extension *e;
@@ -678,7 +678,7 @@ find_extension_eku(const Certificate *cert, ExtKeyUsage *eku)
{
const Extension *e;
size_t size;
- int i = 0;
+ size_t i = 0;
memset(eku, 0, sizeof(*eku));
@@ -720,7 +720,7 @@ add_to_list(hx509_octet_string_list *list, const heim_octet_string *entry)
void
hx509_free_octet_string_list(hx509_octet_string_list *list)
{
- int i;
+ size_t i;
for (i = 0; i < list->len; i++)
der_free_octet_string(&list->val[i]);
free(list->val);
@@ -752,7 +752,8 @@ hx509_cert_find_subjectAltName_otherName(hx509_context context,
hx509_octet_string_list *list)
{
GeneralNames sa;
- int ret, i, j;
+ int ret;
+ size_t i, j;
list->val = NULL;
list->len = 0;
@@ -796,7 +797,8 @@ check_key_usage(hx509_context context, const Certificate *cert,
const Extension *e;
KeyUsage ku;
size_t size;
- int ret, i = 0;
+ int ret;
+ size_t i = 0;
unsigned ku_flags;
if (_hx509_cert_get_version(cert) < 3)
@@ -849,12 +851,13 @@ enum certtype { PROXY_CERT, EE_CERT, CA_CERT };
static int
check_basic_constraints(hx509_context context, const Certificate *cert,
- enum certtype type, int depth)
+ enum certtype type, size_t depth)
{
BasicConstraints bc;
const Extension *e;
size_t size;
- int ret, i = 0;
+ int ret;
+ size_t i = 0;
if (_hx509_cert_get_version(cert) < 3)
return 0;
@@ -966,7 +969,7 @@ _hx509_cert_is_parent_cmp(const Certificate *subject,
return -1;
if (ai.authorityCertIssuer->val[0].element != choice_GeneralName_directoryName)
return -1;
-
+
name.element =
ai.authorityCertIssuer->val[0].u.directoryName.element;
name.u.rdnSequence =
@@ -1123,7 +1126,7 @@ find_parent(hx509_context context,
hx509_clear_error_string(context);
return HX509_ISSUER_NOT_FOUND;
}
-
+
hx509_set_error_string(context, 0, HX509_ISSUER_NOT_FOUND,
"Failed to find issuer for "
"certificate with subject: '%s'", str);
@@ -1144,7 +1147,8 @@ is_proxy_cert(hx509_context context,
ProxyCertInfo info;
const Extension *e;
size_t size;
- int ret, i = 0;
+ int ret;
+ size_t i = 0;
if (rinfo)
memset(rinfo, 0, sizeof(*rinfo));
@@ -1511,7 +1515,7 @@ hx509_cert_get_SPKI_AlgorithmIdentifier(hx509_context context,
}
static int
-get_x_unique_id(hx509_context context, const char *name,
+get_x_unique_id(hx509_context context, const char *name,
const heim_bit_string *cert, heim_bit_string *subject)
{
int ret;
@@ -1695,7 +1699,7 @@ static int
match_RDN(const RelativeDistinguishedName *c,
const RelativeDistinguishedName *n)
{
- int i;
+ size_t i;
if (c->len != n->len)
return HX509_NAME_CONSTRAINT_ERROR;
@@ -1717,7 +1721,8 @@ match_RDN(const RelativeDistinguishedName *c,
static int
match_X501Name(const Name *c, const Name *n)
{
- int i, ret;
+ size_t i;
+ int ret;
if (c->element != choice_Name_rdnSequence
|| n->element != choice_Name_rdnSequence)
@@ -1824,7 +1829,8 @@ match_alt_name(const GeneralName *n, const Certificate *c,
int *same, int *match)
{
GeneralNames sa;
- int ret, i, j;
+ int ret;
+ size_t i, j;
i = 0;
do {
@@ -1869,7 +1875,7 @@ match_tree(const GeneralSubtrees *t, const Certificate *c, int *match)
&& !subject_null_p(c))
{
GeneralName certname;
-
+
memset(&certname, 0, sizeof(certname));
certname.element = choice_GeneralName_directoryName;
certname.u.directoryName.element =
@@ -1898,7 +1904,7 @@ check_name_constraints(hx509_context context,
const Certificate *c)
{
int match, ret;
- int i;
+ size_t i;
for (i = 0 ; i < nc->len; i++) {
GeneralSubtrees gs;
@@ -1941,7 +1947,7 @@ check_name_constraints(hx509_context context,
static void
free_name_constraints(hx509_name_constraints *nc)
{
- int i;
+ size_t i;
for (i = 0 ; i < nc->len; i++)
free_NameConstraints(&nc->val[i]);
@@ -1971,7 +1977,8 @@ hx509_verify_path(hx509_context context,
{
hx509_name_constraints nc;
hx509_path path;
- int ret, i, proxy_cert_depth, selfsigned_depth, diff;
+ int ret, proxy_cert_depth, selfsigned_depth, diff;
+ size_t i, k;
enum certtype type;
Name proxy_issuer;
hx509_certs anchors = NULL;
@@ -1979,7 +1986,7 @@ hx509_verify_path(hx509_context context,
memset(&proxy_issuer, 0, sizeof(proxy_issuer));
ret = init_name_constraints(&nc);
- if (ret)
+ if (ret)
return ret;
path.val = NULL;
@@ -2031,7 +2038,7 @@ hx509_verify_path(hx509_context context,
time_t t;
c = _hx509_get_cert(path.val[i]);
-
+
/*
* Lets do some basic check on issuer like
* keyUsage.keyCertSign and basicConstraints.cA bit depending
@@ -2063,10 +2070,10 @@ hx509_verify_path(hx509_context context,
break;
case PROXY_CERT: {
- ProxyCertInfo info;
+ ProxyCertInfo info;
if (is_proxy_cert(context, c, &info) == 0) {
- int j;
+ size_t j;
if (info.pCPathLenConstraint != NULL &&
*info.pCPathLenConstraint < i)
@@ -2080,7 +2087,7 @@ hx509_verify_path(hx509_context context,
}
/* XXX MUST check info.proxyPolicy */
free_ProxyCertInfo(&info);
-
+
j = 0;
if (find_extension(c, &asn1_oid_id_x509_ce_subjectAltName, &j)) {
ret = HX509_PROXY_CERT_INVALID;
@@ -2098,7 +2105,7 @@ hx509_verify_path(hx509_context context,
"forbidden issuerAltName");
goto out;
}
-
+
/*
* The subject name of the proxy certificate should be
* CN=XXX,<proxy issuer>, prune of CN and check if its
@@ -2189,7 +2196,7 @@ hx509_verify_path(hx509_context context,
}
if (cert->basename)
hx509_name_free(&cert->basename);
-
+
ret = _hx509_name_from_Name(&proxy_issuer, &cert->basename);
if (ret) {
hx509_clear_error_string(context);
@@ -2204,7 +2211,7 @@ hx509_verify_path(hx509_context context,
i - proxy_cert_depth - selfsigned_depth);
if (ret)
goto out;
-
+
/*
* Don't check the trust anchors expiration time since they
* are transported out of band, from RFC3820.
@@ -2236,9 +2243,10 @@ hx509_verify_path(hx509_context context,
* checked in the right order.
*/
- for (ret = 0, i = path.len - 1; i >= 0; i--) {
+ for (ret = 0, k = path.len; k > 0; k--) {
Certificate *c;
int selfsigned;
+ i = k - 1;
c = _hx509_get_cert(path.val[i]);
@@ -2287,7 +2295,7 @@ hx509_verify_path(hx509_context context,
}
for (i = 0; i < path.len - 1; i++) {
- int parent = (i < path.len - 1) ? i + 1 : i;
+ size_t parent = (i < path.len - 1) ? i + 1 : i;
ret = hx509_revoke_verify(context,
ctx->revoke_ctx,
@@ -2308,9 +2316,10 @@ hx509_verify_path(hx509_context context,
* parameter is passed up from the anchor up though the chain.
*/
- for (i = path.len - 1; i >= 0; i--) {
+ for (k = path.len; k > 0; k--) {
hx509_cert signer;
Certificate *c;
+ i = k - 1;
c = _hx509_get_cert(path.val[i]);
@@ -2343,7 +2352,7 @@ hx509_verify_path(hx509_context context,
"Failed to verify signature of certificate");
goto out;
}
- /*
+ /*
* Verify that the sigature algorithm "best-before" date is
* before the creation date of the certificate, do this for
* trust anchors too, since any trust anchor that is created
@@ -2353,7 +2362,7 @@ hx509_verify_path(hx509_context context,
*/
if (i != 0 && (ctx->flags & HX509_VERIFY_CTX_F_NO_BEST_BEFORE_CHECK) == 0) {
- time_t notBefore =
+ time_t notBefore =
_hx509_Time2time_t(&c->tbsCertificate.validity.notBefore);
ret = _hx509_signature_best_before(context,
&c->signatureAlgorithm,
@@ -2450,7 +2459,8 @@ hx509_verify_hostname(hx509_context context,
{
GeneralNames san;
const Name *name;
- int ret, i, j;
+ int ret;
+ size_t i, j, k;
if (sa && sa_size <= 0)
return EINVAL;
@@ -2471,7 +2481,7 @@ hx509_verify_hostname(hx509_context context,
heim_printable_string hn;
hn.data = rk_UNCONST(hostname);
hn.length = strlen(hostname);
-
+
if (der_printable_string_cmp(&san.val[j].u.dNSName, &hn) == 0) {
free_GeneralNames(&san);
return 0;
@@ -2488,7 +2498,8 @@ hx509_verify_hostname(hx509_context context,
name = &cert->data->tbsCertificate.subject;
/* Find first CN= in the name, and try to match the hostname on that */
- for (ret = 0, i = name->u.rdnSequence.len - 1; ret == 0 && i >= 0; i--) {
+ for (ret = 0, k = name->u.rdnSequence.len; ret == 0 && k > 0; k--) {
+ i = k - 1;
for (j = 0; ret == 0 && j < name->u.rdnSequence.val[i].len; j++) {
AttributeTypeAndValue *n = &name->u.rdnSequence.val[i].val[j];
@@ -2579,7 +2590,7 @@ _hx509_set_cert_attribute(hx509_context context,
hx509_cert_attribute
hx509_cert_get_attribute(hx509_cert cert, const heim_oid *oid)
{
- int i;
+ size_t i;
for (i = 0; i < cert->attrs.len; i++)
if (der_heim_oid_cmp(oid, &cert->attrs.val[i]->oid) == 0)
return cert->attrs.val[i];
@@ -2625,7 +2636,8 @@ hx509_cert_get_friendly_name(hx509_cert cert)
hx509_cert_attribute a;
PKCS9_friendlyName n;
size_t sz;
- int ret, i;
+ int ret;
+ size_t i;
if (cert->friendlyname)
return cert->friendlyname;
@@ -2647,7 +2659,7 @@ hx509_cert_get_friendly_name(hx509_cert cert)
ret = decode_PKCS9_friendlyName(a->data.data, a->data.length, &n, &sz);
if (ret)
return NULL;
-
+
if (n.len != 1) {
free_PKCS9_friendlyName(&n);
return NULL;
@@ -3166,7 +3178,8 @@ hx509_query_unparse_stats(hx509_context context, int printtype, FILE *out)
{
rtbl_t t;
FILE *f;
- int type, mask, i, num;
+ int type, mask, num;
+ size_t i;
unsigned long multiqueries = 0, totalqueries = 0;
struct stat_el stats[32];
@@ -3254,7 +3267,8 @@ hx509_cert_check_eku(hx509_context context, hx509_cert cert,
const heim_oid *eku, int allow_any_eku)
{
ExtKeyUsage e;
- int ret, i;
+ int ret;
+ size_t i;
ret = find_extension_eku(_hx509_get_cert(cert), &e);
if (ret) {
@@ -3289,7 +3303,8 @@ _hx509_cert_get_keyusage(hx509_context context,
Certificate *cert;
const Extension *e;
size_t size;
- int ret, i = 0;
+ int ret;
+ size_t i = 0;
memset(ku, 0, sizeof(*ku));
@@ -3455,7 +3470,7 @@ _hx509_cert_to_env(hx509_context context, hx509_cert cert, hx509_env *env)
else if (ret != 0)
goto out;
else {
- int i;
+ size_t i;
hx509_env enveku = NULL;
for (i = 0; i < eku.len; i++) {
@@ -3509,10 +3524,10 @@ _hx509_cert_to_env(hx509_context context, hx509_cert cert, hx509_env *env)
"Out of memory");
goto out;
}
-
+
ret = hx509_env_add(context, &envhash, "sha1", buf);
free(buf);
- if (ret)
+ if (ret)
goto out;
ret = hx509_env_add_binding(context, &envcert, "hash", envhash);
diff --git a/source4/heimdal/lib/hx509/char_map.h b/source4/heimdal/lib/hx509/char_map.h
index d2b39d041f..8a3026c7e6 100644
--- a/source4/heimdal/lib/hx509/char_map.h
+++ b/source4/heimdal/lib/hx509/char_map.h
@@ -10,36 +10,36 @@
unsigned char char_map[] = {
- 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 ,
- 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 ,
- 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 ,
- 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 ,
- 0x06 , 0x00 , 0x00 , 0x10 , 0x00 , 0x00 , 0x00 , 0x00 ,
- 0x00 , 0x00 , 0x00 , 0x12 , 0x12 , 0x02 , 0x02 , 0x02 ,
- 0x02 , 0x02 , 0x02 , 0x02 , 0x02 , 0x02 , 0x02 , 0x02 ,
- 0x02 , 0x02 , 0x02 , 0x10 , 0x10 , 0x12 , 0x10 , 0x02 ,
- 0x00 , 0x02 , 0x02 , 0x02 , 0x02 , 0x02 , 0x02 , 0x02 ,
- 0x02 , 0x02 , 0x02 , 0x02 , 0x02 , 0x02 , 0x02 , 0x02 ,
- 0x02 , 0x02 , 0x02 , 0x02 , 0x02 , 0x02 , 0x02 , 0x02 ,
- 0x02 , 0x02 , 0x02 , 0x00 , 0x00 , 0x00 , 0x00 , 0x00 ,
- 0x00 , 0x02 , 0x02 , 0x02 , 0x02 , 0x02 , 0x02 , 0x02 ,
- 0x02 , 0x02 , 0x02 , 0x02 , 0x02 , 0x02 , 0x02 , 0x02 ,
- 0x02 , 0x02 , 0x02 , 0x02 , 0x02 , 0x02 , 0x02 , 0x02 ,
- 0x02 , 0x02 , 0x02 , 0x00 , 0x00 , 0x00 , 0x00 , 0x21 ,
- 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 ,
- 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 ,
- 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 ,
- 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 ,
- 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 ,
- 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 ,
- 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 ,
- 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 ,
- 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 ,
- 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 ,
- 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 ,
- 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 ,
- 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 ,
- 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 ,
- 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 ,
- 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21
+ 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 ,
+ 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 ,
+ 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 ,
+ 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 ,
+ 0x06 , 0x00 , 0x00 , 0x10 , 0x00 , 0x00 , 0x00 , 0x00 ,
+ 0x00 , 0x00 , 0x00 , 0x12 , 0x12 , 0x02 , 0x02 , 0x02 ,
+ 0x02 , 0x02 , 0x02 , 0x02 , 0x02 , 0x02 , 0x02 , 0x02 ,
+ 0x02 , 0x02 , 0x02 , 0x10 , 0x10 , 0x12 , 0x10 , 0x02 ,
+ 0x00 , 0x02 , 0x02 , 0x02 , 0x02 , 0x02 , 0x02 , 0x02 ,
+ 0x02 , 0x02 , 0x02 , 0x02 , 0x02 , 0x02 , 0x02 , 0x02 ,
+ 0x02 , 0x02 , 0x02 , 0x02 , 0x02 , 0x02 , 0x02 , 0x02 ,
+ 0x02 , 0x02 , 0x02 , 0x00 , 0x00 , 0x00 , 0x00 , 0x00 ,
+ 0x00 , 0x02 , 0x02 , 0x02 , 0x02 , 0x02 , 0x02 , 0x02 ,
+ 0x02 , 0x02 , 0x02 , 0x02 , 0x02 , 0x02 , 0x02 , 0x02 ,
+ 0x02 , 0x02 , 0x02 , 0x02 , 0x02 , 0x02 , 0x02 , 0x02 ,
+ 0x02 , 0x02 , 0x02 , 0x00 , 0x00 , 0x00 , 0x00 , 0x21 ,
+ 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 ,
+ 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 ,
+ 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 ,
+ 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 ,
+ 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 ,
+ 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 ,
+ 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 ,
+ 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 ,
+ 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 ,
+ 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 ,
+ 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 ,
+ 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 ,
+ 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 ,
+ 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 ,
+ 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 ,
+ 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21
};
diff --git a/source4/heimdal/lib/hx509/cms.c b/source4/heimdal/lib/hx509/cms.c
index 6e4eefaa1c..4e0a2e03fc 100644
--- a/source4/heimdal/lib/hx509/cms.c
+++ b/source4/heimdal/lib/hx509/cms.c
@@ -362,7 +362,8 @@ hx509_cms_unenvelope(hx509_context context,
heim_octet_string *params, params_data;
heim_octet_string ivec;
size_t size;
- int ret, i, matched = 0, findflags = 0;
+ int ret, matched = 0, findflags = 0;
+ size_t i;
memset(&key, 0, sizeof(key));
@@ -472,7 +473,7 @@ hx509_cms_unenvelope(hx509_context context,
ret = hx509_crypto_init(context, NULL, &ai->algorithm, &crypto);
if (ret)
goto out;
-
+
if (flags & HX509_CMS_UE_ALLOW_WEAK)
hx509_crypto_allow_weak(crypto);
@@ -492,7 +493,7 @@ hx509_cms_unenvelope(hx509_context context,
"of EnvelopedData");
goto out;
}
-
+
ret = hx509_crypto_decrypt(crypto,
enccontent->data,
enccontent->length,
@@ -619,7 +620,7 @@ hx509_cms_envelope_1(hx509_context context,
"Failed to set crypto oid "
"for EnvelopedData");
goto out;
- }
+ }
ALLOC(enc_alg->parameters, 1);
if (enc_alg->parameters == NULL) {
ret = ENOMEM;
@@ -656,7 +657,7 @@ hx509_cms_envelope_1(hx509_context context,
ri->version = 2;
cmsidflag = CMS_ID_SKI;
}
-
+
ret = fill_CMSIdentifier(cert, cmsidflag, &ri->rid);
if (ret) {
hx509_set_error_string(context, 0, ret,
@@ -718,7 +719,8 @@ out:
static int
any_to_certs(hx509_context context, const SignedData *sd, hx509_certs certs)
{
- int ret, i;
+ int ret;
+ size_t i;
if (sd->certificates == NULL)
return 0;
@@ -744,7 +746,7 @@ any_to_certs(hx509_context context, const SignedData *sd, hx509_certs certs)
static const Attribute *
find_attribute(const CMSAttributes *attr, const heim_oid *oid)
{
- int i;
+ size_t i;
for (i = 0; i < attr->len; i++)
if (der_heim_oid_cmp(&attr->val[i].type, oid) == 0)
return &attr->val[i];
@@ -790,7 +792,8 @@ hx509_cms_verify_signed(hx509_context context,
hx509_certs certs = NULL;
SignedData sd;
size_t size;
- int ret, i, found_valid_sig;
+ int ret, found_valid_sig;
+ size_t i;
*signer_certs = NULL;
content->data = NULL;
@@ -889,7 +892,7 @@ hx509_cms_verify_signed(hx509_context context,
if (signer_info->signedAttrs) {
const Attribute *attr;
-
+
CMSAttributes sa;
heim_octet_string os;
@@ -913,7 +916,7 @@ hx509_cms_verify_signed(hx509_context context,
"messageDigest (signature)");
goto next_sigature;
}
-
+
ret = decode_MessageDigest(attr->value.val[0].data,
attr->value.val[0].length,
&os,
@@ -1018,7 +1021,7 @@ hx509_cms_verify_signed(hx509_context context,
if (ret)
goto next_sigature;
- /**
+ /**
* If HX509_CMS_VS_NO_VALIDATE flags is set, do not verify the
* signing certificates and leave that up to the caller.
*/
@@ -1113,7 +1116,7 @@ add_one_attribute(Attribute **attr,
return 0;
}
-
+
/**
* Decode SignedData and verify that the signature is correct.
*
@@ -1212,7 +1215,7 @@ sig_process(hx509_context context, void *ctx, hx509_cert cert)
hx509_clear_error_string(context);
} else {
ret = hx509_crypto_select(context, HX509_SELECT_DIGEST,
- _hx509_cert_private_key(cert),
+ _hx509_cert_private_key(cert),
sigctx->peer, &digest);
}
if (ret)
@@ -1240,7 +1243,7 @@ sig_process(hx509_context context, void *ctx, hx509_cert cert)
if (ret) {
hx509_clear_error_string(context);
goto out;
- }
+ }
signer_info->signedAttrs = NULL;
signer_info->unsignedAttrs = NULL;
@@ -1256,7 +1259,7 @@ sig_process(hx509_context context, void *ctx, hx509_cert cert)
*/
if (der_heim_oid_cmp(sigctx->eContentType, &asn1_oid_id_pkcs7_data) != 0) {
- CMSAttributes sa;
+ CMSAttributes sa;
heim_octet_string sig;
ALLOC(signer_info->signedAttrs, 1);
@@ -1322,7 +1325,7 @@ sig_process(hx509_context context, void *ctx, hx509_cert cert)
sa.val = signer_info->signedAttrs->val;
sa.len = signer_info->signedAttrs->len;
-
+
ASN1_MALLOC_ENCODE(CMSAttributes,
sigdata.data,
sigdata.length,
@@ -1409,7 +1412,7 @@ cert_process(hx509_context context, void *ctx, hx509_cert cert)
const unsigned int i = sigctx->sd.certificates->len;
void *ptr;
int ret;
-
+
ptr = realloc(sigctx->sd.certificates->val,
(i + 1) * sizeof(sigctx->sd.certificates->val[0]));
if (ptr == NULL)
@@ -1503,7 +1506,7 @@ hx509_cms_create_signed(hx509_context context,
ret = ENOMEM;
goto out;
}
-
+
sigctx.sd.encapContentInfo.eContent->data = malloc(length);
if (sigctx.sd.encapContentInfo.eContent->data == NULL) {
hx509_clear_error_string(context);
@@ -1525,6 +1528,10 @@ hx509_cms_create_signed(hx509_context context,
}
if (sigctx.sd.signerInfos.len) {
+
+ /*
+ * For each signerInfo, collect all different digest types.
+ */
for (i = 0; i < sigctx.sd.signerInfos.len; i++) {
AlgorithmIdentifier *di =
&sigctx.sd.signerInfos.val[i].digestAlgorithm;
@@ -1532,7 +1539,7 @@ hx509_cms_create_signed(hx509_context context,
for (j = 0; j < sigctx.sd.digestAlgorithms.len; j++)
if (cmp_AlgorithmIdentifier(di, &sigctx.sd.digestAlgorithms.val[j]) == 0)
break;
- if (j < sigctx.sd.digestAlgorithms.len) {
+ if (j == sigctx.sd.digestAlgorithms.len) {
ret = add_DigestAlgorithmIdentifiers(&sigctx.sd.digestAlgorithms, di);
if (ret) {
hx509_clear_error_string(context);
@@ -1542,6 +1549,9 @@ hx509_cms_create_signed(hx509_context context,
}
}
+ /*
+ * Add certs we think are needed, build as part of sig_process
+ */
if (sigctx.certs) {
ALLOC(sigctx.sd.certificates, 1);
if (sigctx.sd.certificates == NULL) {
diff --git a/source4/heimdal/lib/hx509/collector.c b/source4/heimdal/lib/hx509/collector.c
index 0cb186399f..15f8163f80 100644
--- a/source4/heimdal/lib/hx509/collector.c
+++ b/source4/heimdal/lib/hx509/collector.c
@@ -133,7 +133,7 @@ _hx509_collector_private_key_add(hx509_context context,
return ENOMEM;
}
c->val.data = d;
-
+
ret = copy_AlgorithmIdentifier(alg, &key->alg);
if (ret) {
hx509_set_error_string(context, 0, ret, "Failed to copy "
@@ -192,7 +192,7 @@ match_localkeyid(hx509_context context,
ret = hx509_certs_find(context, certs, &q, &cert);
if (ret == 0) {
-
+
if (value->private_key)
_hx509_cert_assign_key(cert, value->private_key);
hx509_cert_free(cert);
@@ -253,7 +253,8 @@ _hx509_collector_collect_certs(hx509_context context,
hx509_certs *ret_certs)
{
hx509_certs certs;
- int ret, i;
+ int ret;
+ size_t i;
*ret_certs = NULL;
@@ -286,7 +287,7 @@ _hx509_collector_collect_private_keys(hx509_context context,
struct hx509_collector *c,
hx509_private_key **keys)
{
- int i, nkeys;
+ size_t i, nkeys;
*keys = NULL;
@@ -315,7 +316,7 @@ _hx509_collector_collect_private_keys(hx509_context context,
void
_hx509_collector_free(struct hx509_collector *c)
{
- int i;
+ size_t i;
if (c->unenvelop_certs)
hx509_certs_free(&c->unenvelop_certs);
diff --git a/source4/heimdal/lib/hx509/crypto.c b/source4/heimdal/lib/hx509/crypto.c
index c69ddfb5d2..4559a9c493 100644
--- a/source4/heimdal/lib/hx509/crypto.c
+++ b/source4/heimdal/lib/hx509/crypto.c
@@ -286,7 +286,7 @@ heim_oid2ecnid(heim_oid *oid)
}
static int
-parse_ECParameters(hx509_context context,
+parse_ECParameters(hx509_context context,
heim_octet_string *parameters, int *nid)
{
ECParameters ecparam;
@@ -404,7 +404,7 @@ ecdsa_verify_signature(hx509_context context,
ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
return ret;
}
-
+
return 0;
}
@@ -552,7 +552,7 @@ rsa_verify_signature(hx509_context context,
p = spi->subjectPublicKey.data;
size = spi->subjectPublicKey.length / 8;
-
+
rsa = d2i_RSAPublicKey(NULL, &p, size);
if (rsa == NULL) {
ret = ENOMEM;
@@ -587,14 +587,14 @@ rsa_verify_signature(hx509_context context,
if (ret) {
goto out;
}
-
+
/* Check for extra data inside the sigature */
- if (size != retsize) {
+ if (size != (size_t)retsize) {
ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
hx509_set_error_string(context, 0, ret, "size from decryption mismatch");
goto out;
}
-
+
if (sig_alg->digest_alg &&
der_heim_oid_cmp(&di.digestAlgorithm.algorithm,
&sig_alg->digest_alg->algorithm) != 0)
@@ -603,7 +603,7 @@ rsa_verify_signature(hx509_context context,
hx509_set_error_string(context, 0, ret, "object identifier in RSA sig mismatch");
goto out;
}
-
+
/* verify that the parameters are NULL or the NULL-type */
if (di.digestAlgorithm.parameters != NULL &&
(di.digestAlgorithm.parameters->length != 2 ||
@@ -620,7 +620,7 @@ rsa_verify_signature(hx509_context context,
data,
&di.digest);
} else {
- if (retsize != data->length ||
+ if ((size_t)retsize != data->length ||
ct_memcmp(to, data->data, retsize) != 0)
{
ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
@@ -739,7 +739,7 @@ rsa_create_signature(hx509_context context,
"RSA private encrypt failed: %d", ret);
return ret;
}
- if (ret > sig->length)
+ if ((size_t)ret > sig->length)
_hx509_abort("RSA signature prelen longer the output len");
sig->length = ret;
@@ -960,11 +960,11 @@ ecdsa_private_key_import(hx509_context context,
ret = parse_ECParameters(context, keyai->parameters, &groupnid);
if (ret)
return ret;
-
+
key = EC_KEY_new();
if (key == NULL)
return ENOMEM;
-
+
group = EC_GROUP_new_by_curve_name(groupnid);
if (group == NULL) {
EC_KEY_free(key);
@@ -1008,8 +1008,8 @@ ecdsa_generate_private_key(hx509_context context,
}
static BIGNUM *
-ecdsa_get_internal(hx509_context context,
- hx509_private_key key,
+ecdsa_get_internal(hx509_context context,
+ hx509_private_key key,
const char *type)
{
return NULL;
@@ -1162,7 +1162,7 @@ evp_md_create_signature(hx509_context context,
if (ret)
return ret;
}
-
+
sig->data = malloc(sigsize);
if (sig->data == NULL) {
@@ -1256,7 +1256,8 @@ static const struct signature_alg heim_rsa_pkcs1_x509 = {
0,
NULL,
rsa_verify_signature,
- rsa_create_signature
+ rsa_create_signature,
+ 0
};
static const struct signature_alg pkcs1_rsa_sha1_alg = {
@@ -1269,7 +1270,8 @@ static const struct signature_alg pkcs1_rsa_sha1_alg = {
0,
NULL,
rsa_verify_signature,
- rsa_create_signature
+ rsa_create_signature,
+ 0
};
static const struct signature_alg rsa_with_sha512_alg = {
@@ -1282,7 +1284,8 @@ static const struct signature_alg rsa_with_sha512_alg = {
0,
NULL,
rsa_verify_signature,
- rsa_create_signature
+ rsa_create_signature,
+ 0
};
static const struct signature_alg rsa_with_sha384_alg = {
@@ -1295,7 +1298,8 @@ static const struct signature_alg rsa_with_sha384_alg = {
0,
NULL,
rsa_verify_signature,
- rsa_create_signature
+ rsa_create_signature,
+ 0
};
static const struct signature_alg rsa_with_sha256_alg = {
@@ -1308,7 +1312,8 @@ static const struct signature_alg rsa_with_sha256_alg = {
0,
NULL,
rsa_verify_signature,
- rsa_create_signature
+ rsa_create_signature,
+ 0
};
static const struct signature_alg rsa_with_sha1_alg = {
@@ -1321,7 +1326,8 @@ static const struct signature_alg rsa_with_sha1_alg = {
0,
NULL,
rsa_verify_signature,
- rsa_create_signature
+ rsa_create_signature,
+ 0
};
static const struct signature_alg rsa_with_sha1_alg_secsig = {
@@ -1334,7 +1340,8 @@ static const struct signature_alg rsa_with_sha1_alg_secsig = {
0,
NULL,
rsa_verify_signature,
- rsa_create_signature
+ rsa_create_signature,
+ 0
};
static const struct signature_alg rsa_with_md5_alg = {
@@ -1347,7 +1354,8 @@ static const struct signature_alg rsa_with_md5_alg = {
1230739889,
NULL,
rsa_verify_signature,
- rsa_create_signature
+ rsa_create_signature,
+ 0
};
static const struct signature_alg dsa_sha1_alg = {
@@ -1361,6 +1369,7 @@ static const struct signature_alg dsa_sha1_alg = {
NULL,
dsa_verify_signature,
/* create_signature */ NULL,
+ 0
};
static const struct signature_alg sha512_alg = {
@@ -1373,7 +1382,8 @@ static const struct signature_alg sha512_alg = {
0,
EVP_sha512,
evp_md_verify_signature,
- evp_md_create_signature
+ evp_md_create_signature,
+ 0
};
static const struct signature_alg sha384_alg = {
@@ -1386,7 +1396,8 @@ static const struct signature_alg sha384_alg = {
0,
EVP_sha384,
evp_md_verify_signature,
- evp_md_create_signature
+ evp_md_create_signature,
+ 0
};
static const struct signature_alg sha256_alg = {
@@ -1399,7 +1410,8 @@ static const struct signature_alg sha256_alg = {
0,
EVP_sha256,
evp_md_verify_signature,
- evp_md_create_signature
+ evp_md_create_signature,
+ 0
};
static const struct signature_alg sha1_alg = {
@@ -1412,7 +1424,8 @@ static const struct signature_alg sha1_alg = {
0,
EVP_sha1,
evp_md_verify_signature,
- evp_md_create_signature
+ evp_md_create_signature,
+ 0
};
static const struct signature_alg md5_alg = {
@@ -1425,7 +1438,8 @@ static const struct signature_alg md5_alg = {
0,
EVP_md5,
evp_md_verify_signature,
- NULL
+ NULL,
+ 0
};
/*
@@ -1481,7 +1495,7 @@ alg_for_privatekey(const hx509_private_key pk, int type)
continue;
if (der_heim_oid_cmp(sig_algs[i]->key_oid, keytype) != 0)
continue;
- if (pk->ops->available &&
+ if (pk->ops->available &&
pk->ops->available(pk, sig_algs[i]->sig_alg) == 0)
continue;
if (type == HX509_SELECT_PUBLIC_SIG)
@@ -1673,7 +1687,7 @@ _hx509_public_encrypt(hx509_context context,
p = spi->subjectPublicKey.data;
size = spi->subjectPublicKey.length / 8;
-
+
rsa = d2i_RSAPublicKey(NULL, &p, size);
if (rsa == NULL) {
hx509_set_error_string(context, 0, ENOMEM, "out of memory");
@@ -1748,7 +1762,7 @@ hx509_private_key_private_decrypt(hx509_context context,
"Failed to decrypt using private key: %d", ret);
return HX509_CRYPTO_RSA_PRIVATE_DECRYPT;
}
- if (cleartext->length < ret)
+ if (cleartext->length < (size_t)ret)
_hx509_abort("internal rsa decryption failure: ret > tosize");
cleartext->length = ret;
@@ -2339,7 +2353,7 @@ static const struct hx509cipher ciphers[] = {
static const struct hx509cipher *
find_cipher_by_oid(const heim_oid *oid)
{
- int i;
+ size_t i;
for (i = 0; i < sizeof(ciphers)/sizeof(ciphers[0]); i++)
if (der_heim_oid_cmp(oid, ciphers[i].oid) == 0)
@@ -2351,7 +2365,7 @@ find_cipher_by_oid(const heim_oid *oid)
static const struct hx509cipher *
find_cipher_by_name(const char *name)
{
- int i;
+ size_t i;
for (i = 0; i < sizeof(ciphers)/sizeof(ciphers[0]); i++)
if (strcasecmp(name, ciphers[i].name) == 0)
@@ -2461,7 +2475,7 @@ hx509_crypto_set_padding(hx509_crypto crypto, int padding_type)
int
hx509_crypto_set_key_data(hx509_crypto crypto, const void *data, size_t length)
{
- if (EVP_CIPHER_key_length(crypto->c) > length)
+ if (EVP_CIPHER_key_length(crypto->c) > (int)length)
return HX509_CRYPTO_INTERNAL_ERROR;
if (crypto->key.data) {
@@ -2558,7 +2572,7 @@ hx509_crypto_encrypt(hx509_crypto crypto,
(crypto->flags & ALLOW_WEAK) == 0)
return HX509_CRYPTO_ALGORITHM_BEST_BEFORE;
- assert(EVP_CIPHER_iv_length(crypto->c) == ivec->length);
+ assert(EVP_CIPHER_iv_length(crypto->c) == (int)ivec->length);
EVP_CIPHER_CTX_init(&evp);
@@ -2595,10 +2609,10 @@ hx509_crypto_encrypt(hx509_crypto crypto,
ret = ENOMEM;
goto out;
}
-
+
memcpy((*ciphertext)->data, data, length);
if (padsize) {
- int i;
+ size_t i;
unsigned char *p = (*ciphertext)->data;
p += length;
for (i = 0; i < padsize; i++)
@@ -2647,7 +2661,7 @@ hx509_crypto_decrypt(hx509_crypto crypto,
(crypto->flags & ALLOW_WEAK) == 0)
return HX509_CRYPTO_ALGORITHM_BEST_BEFORE;
- if (ivec && EVP_CIPHER_iv_length(crypto->c) < ivec->length)
+ if (ivec && EVP_CIPHER_iv_length(crypto->c) < (int)ivec->length)
return HX509_CRYPTO_INTERNAL_ERROR;
if (crypto->key.data == NULL)
@@ -2683,7 +2697,7 @@ hx509_crypto_decrypt(hx509_crypto crypto,
unsigned char *p;
int j, bsize = EVP_CIPHER_block_size(crypto->c);
- if (clear->length < bsize) {
+ if ((int)clear->length < bsize) {
ret = HX509_CMS_PADDING_ERROR;
goto out;
}
@@ -2854,7 +2868,8 @@ _hx509_pbe_decrypt(hx509_context context,
const EVP_CIPHER *c;
const EVP_MD *md;
PBE_string2key_func s2k;
- int i, ret = 0;
+ int ret = 0;
+ size_t i;
memset(&key, 0, sizeof(key));
memset(&iv, 0, sizeof(iv));
@@ -2912,7 +2927,7 @@ _hx509_pbe_decrypt(hx509_context context,
hx509_crypto_destroy(crypto);
if (ret == 0)
goto out;
-
+
}
out:
if (key.data)
@@ -3161,7 +3176,7 @@ hx509_crypto_available(hx509_context context,
if (ptr == NULL)
goto out;
*val = ptr;
-
+
ret = copy_AlgorithmIdentifier((ciphers[i].ai_func)(), &(*val)[len]);
if (ret)
goto out;
diff --git a/source4/heimdal/lib/hx509/file.c b/source4/heimdal/lib/hx509/file.c
index 56e25766ef..4f7e87f070 100644
--- a/source4/heimdal/lib/hx509/file.c
+++ b/source4/heimdal/lib/hx509/file.c
@@ -93,11 +93,11 @@ hx509_pem_write(hx509_context context, const char *type,
while (size > 0) {
ssize_t l;
-
+
length = size;
if (length > ENCODE_LINE_LENGTH)
length = ENCODE_LINE_LENGTH;
-
+
l = base64_encode(p, length, &line);
if (l < 0) {
hx509_set_error_string(context, 0, ENOMEM,
@@ -211,7 +211,7 @@ hx509_pem_read(hx509_context context,
if (i > 0)
i--;
}
-
+
switch (where) {
case BEFORE:
if (strncmp("-----BEGIN ", buf, 11) == 0) {
@@ -260,7 +260,7 @@ hx509_pem_read(hx509_context context,
free(p);
goto out;
}
-
+
data = erealloc(data, len + i);
memcpy(((char *)data) + len, p, i);
free(p);
diff --git a/source4/heimdal/lib/hx509/keyset.c b/source4/heimdal/lib/hx509/keyset.c
index 77cfd42cd2..c0275d949d 100644
--- a/source4/heimdal/lib/hx509/keyset.c
+++ b/source4/heimdal/lib/hx509/keyset.c
@@ -390,6 +390,21 @@ certs_iter(hx509_context context, void *ctx, hx509_cert cert)
return func(cert);
}
+/**
+ * Iterate over all certificates in a keystore and call an block
+ * for each fo them.
+ *
+ * @param context a hx509 context.
+ * @param certs certificate store to iterate over.
+ * @param func block to call for each certificate. The function
+ * should return non-zero to abort the iteration, that value is passed
+ * back to the caller of hx509_certs_iter().
+ *
+ * @return Returns an hx509 error code.
+ *
+ * @ingroup hx509_keyset
+ */
+
int
hx509_certs_iter(hx509_context context,
hx509_certs certs,
diff --git a/source4/heimdal/lib/hx509/ks_dir.c b/source4/heimdal/lib/hx509/ks_dir.c
index 8c8c6e50c8..264b1bf552 100644
--- a/source4/heimdal/lib/hx509/ks_dir.c
+++ b/source4/heimdal/lib/hx509/ks_dir.c
@@ -158,10 +158,10 @@ dir_iter(hx509_context context,
}
if (strcmp(dir->d_name, ".") == 0 || strcmp(dir->d_name, "..") == 0)
continue;
-
+
if (asprintf(&fn, "FILE:%s/%s", (char *)data, dir->d_name) == -1)
return ENOMEM;
-
+
ret = hx509_certs_init(context, fn, 0, NULL, &d->certs);
if (ret == 0) {
diff --git a/source4/heimdal/lib/hx509/ks_file.c b/source4/heimdal/lib/hx509/ks_file.c
index ecd3a6edaa..d21d889287 100644
--- a/source4/heimdal/lib/hx509/ks_file.c
+++ b/source4/heimdal/lib/hx509/ks_file.c
@@ -112,7 +112,7 @@ try_decrypt(hx509_context context,
EVP_CipherInit_ex(&ctx, c, NULL, key, ivdata, 0);
EVP_Cipher(&ctx, clear.data, cipher, len);
EVP_CIPHER_CTX_cleanup(&ctx);
- }
+ }
ret = _hx509_collector_private_key_add(context,
collector,
@@ -138,7 +138,7 @@ parse_pkcs8_private_key(hx509_context context, const char *fn,
{
PKCS8PrivateKeyInfo ki;
heim_octet_string keydata;
-
+
int ret;
ret = decode_PKCS8PrivateKeyInfo(data, length, &ki, NULL);
@@ -177,7 +177,8 @@ parse_pem_private_key(hx509_context context, const char *fn,
const EVP_CIPHER *cipher;
const struct _hx509_password *pw;
hx509_lock lock;
- int i, decrypted = 0;
+ int decrypted = 0;
+ size_t i;
lock = _hx509_collector_get_lock(c);
if (lock == NULL) {
@@ -252,7 +253,7 @@ parse_pem_private_key(hx509_context context, const char *fn,
"private key file");
return HX509_PARSING_KEY_FAILED;
}
-
+
pw = _hx509_lock_get_passwords(lock);
if (pw != NULL) {
const void *password;
@@ -261,8 +262,8 @@ parse_pem_private_key(hx509_context context, const char *fn,
for (i = 0; i < pw->len; i++) {
password = pw->val[i];
passwordlen = strlen(password);
-
- ret = try_decrypt(context, c, ai, cipher, ivdata,
+
+ ret = try_decrypt(context, c, ai, cipher, ivdata,
password, passwordlen, data, len);
if (ret == 0) {
decrypted = 1;
@@ -283,7 +284,7 @@ parse_pem_private_key(hx509_context context, const char *fn,
ret = hx509_lock_prompt(lock, &prompt);
if (ret == 0)
- ret = try_decrypt(context, c, ai, cipher, ivdata, password,
+ ret = try_decrypt(context, c, ai, cipher, ivdata, password,
strlen(password), data, len);
/* XXX add password to lock password collection ? */
memset(password, 0, sizeof(password));
@@ -329,7 +330,8 @@ pem_func(hx509_context context, const char *type,
const void *data, size_t len, void *ctx)
{
struct pem_ctx *pem_ctx = (struct pem_ctx*)ctx;
- int ret = 0, j;
+ int ret = 0;
+ size_t j;
for (j = 0; j < sizeof(formats)/sizeof(formats[0]); j++) {
const char *q = formats[j].name;
@@ -338,7 +340,7 @@ pem_func(hx509_context context, const char *type,
if (formats[j].ai != NULL)
ai = (*formats[j].ai)();
- ret = (*formats[j].func)(context, NULL, pem_ctx->c,
+ ret = (*formats[j].func)(context, NULL, pem_ctx->c,
header, data, len, ai);
if (ret && (pem_ctx->flags & HX509_CERTS_UNPROTECT_ALL)) {
hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
@@ -418,7 +420,7 @@ file_init_common(hx509_context context,
pnext = strchr(p, ',');
if (pnext)
*pnext++ = '\0';
-
+
if ((f = fopen(p, "r")) == NULL) {
ret = ENOENT;
@@ -430,13 +432,13 @@ file_init_common(hx509_context context,
rk_cloexec_file(f);
ret = hx509_pem_read(context, f, pem_func, &pem_ctx);
- fclose(f);
+ fclose(f);
if (ret != 0 && ret != HX509_PARSING_KEY_FAILED)
goto out;
else if (ret == HX509_PARSING_KEY_FAILED) {
size_t length;
void *ptr;
- int i;
+ size_t i;
ret = rk_undumpdata(p, &ptr, &length);
if (ret) {
diff --git a/source4/heimdal/lib/hx509/ks_keychain.c b/source4/heimdal/lib/hx509/ks_keychain.c
index e64d83c84d..0552d8f7e9 100644
--- a/source4/heimdal/lib/hx509/ks_keychain.c
+++ b/source4/heimdal/lib/hx509/ks_keychain.c
@@ -50,7 +50,7 @@ OSStatus SecKeyGetCredentials(SecKeyRef, CSSM_ACL_AUTHORIZATION_TAG,
static int
getAttribute(SecKeychainItemRef itemRef, SecItemAttr item,
SecKeychainAttributeList **attrs)
-{
+{
SecKeychainAttributeInfo attrInfo;
UInt32 attrFormat = 0;
OSStatus ret;
@@ -138,10 +138,10 @@ kc_rsa_private_encrypt(int flen,
in.Data = (uint8 *)from;
in.Length = flen;
-
+
sig.Data = (uint8 *)to;
sig.Length = kc->keysize;
-
+
cret = CSSM_SignData(sigHandle, &in, 1, CSSM_ALGID_NONE, &sig);
if(cret) {
/* cssmErrorString(cret); */
@@ -197,10 +197,10 @@ kc_rsa_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
in.Data = (uint8 *)from;
in.Length = flen;
-
+
out.Data = (uint8 *)to;
out.Length = kc->keysize;
-
+
rem.Data = (uint8 *)remdata;
rem.Length = sizeof(remdata);
@@ -485,7 +485,7 @@ keychain_iter(hx509_context context,
return 0;
else if (ret != 0)
return EINVAL;
-
+
/*
* Pick out certificate and matching "keyid"
*/
@@ -517,7 +517,7 @@ keychain_iter(hx509_context context,
attrKeyid.tag = kSecKeyLabel;
attrKeyid.length = attrs->attr[0].length;
attrKeyid.data = attrs->attr[0].data;
-
+
attrList.count = 1;
attrList.attr = &attrKeyid;
diff --git a/source4/heimdal/lib/hx509/ks_mem.c b/source4/heimdal/lib/hx509/ks_mem.c
index 9d3c66b294..684acb0adf 100644
--- a/source4/heimdal/lib/hx509/ks_mem.c
+++ b/source4/heimdal/lib/hx509/ks_mem.c
@@ -171,7 +171,7 @@ mem_getkeys(hx509_context context,
hx509_set_error_string(context, 0, ENOMEM, "out of memory");
return ENOMEM;
}
- }
+ }
(*keys)[i] = NULL;
return 0;
}
diff --git a/source4/heimdal/lib/hx509/ks_p11.c b/source4/heimdal/lib/hx509/ks_p11.c
index 30f5343b0e..120bf43ef4 100644
--- a/source4/heimdal/lib/hx509/ks_p11.c
+++ b/source4/heimdal/lib/hx509/ks_p11.c
@@ -152,7 +152,7 @@ p11_rsa_private_encrypt(int flen,
}
ret = P11FUNC(p11rsa->p, Sign,
- (session, (CK_BYTE *)from, flen, to, &ck_sigsize));
+ (session, (CK_BYTE *)(intptr_t)from, flen, to, &ck_sigsize));
p11_put_session(p11rsa->p, p11rsa->slot, session);
if (ret != CKR_OK)
return -1;
@@ -190,7 +190,7 @@ p11_rsa_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
}
ret = P11FUNC(p11rsa->p, Decrypt,
- (session, (CK_BYTE *)from, flen, to, &ck_sigsize));
+ (session, (CK_BYTE *)(intptr_t)from, flen, to, &ck_sigsize));
p11_put_session(p11rsa->p, p11rsa->slot, session);
if (ret != CKR_OK)
return -1;
@@ -427,7 +427,7 @@ p11_get_session(hx509_context context,
prompt.type = HX509_PROMPT_TYPE_PASSWORD;
prompt.reply.data = pin;
prompt.reply.length = sizeof(pin);
-
+
ret = hx509_lock_prompt(lock, &prompt);
if (ret) {
free(str);
@@ -513,7 +513,7 @@ iterate_entries(hx509_context context,
}
if (object_count == 0)
break;
-
+
for (i = 0; i < num_query; i++)
query[i].pValue = NULL;
@@ -535,7 +535,7 @@ iterate_entries(hx509_context context,
ret = -1;
goto out;
}
-
+
ret = (*func)(context, p, slot, session, object, ptr, query, num_query);
if (ret)
goto out;
@@ -561,7 +561,7 @@ iterate_entries(hx509_context context,
return ret;
}
-
+
static BIGNUM *
getattr_bn(struct p11_module *p,
struct p11_slot *slot,
@@ -704,10 +704,10 @@ collect_cert(hx509_context context,
{
heim_octet_string data;
-
+
data.data = query[0].pValue;
data.length = query[0].ulValueLen;
-
+
_hx509_set_cert_attribute(context,
cert,
&asn1_oid_id_pkcs_9_at_localKeyId,
@@ -878,7 +878,8 @@ p11_init(hx509_context context,
{
CK_SLOT_ID_PTR slot_ids;
- int i, num_tokens = 0;
+ int num_tokens = 0;
+ size_t i;
slot_ids = malloc(p->num_slots * sizeof(*slot_ids));
if (slot_ids == NULL) {
@@ -905,7 +906,7 @@ p11_init(hx509_context context,
ret = ENOMEM;
goto out;
}
-
+
for (i = 0; i < p->num_slots; i++) {
ret = p11_init_slot(context, p, lock, slot_ids[i], i, &p->slot[i]);
if (ret)
@@ -933,7 +934,7 @@ p11_init(hx509_context context,
static void
p11_release_module(struct p11_module *p)
{
- int i;
+ size_t i;
if (p->ref == 0)
_hx509_abort("pkcs11 ref to low");
@@ -957,7 +958,7 @@ p11_release_module(struct p11_module *p)
free(p->slot[i].mechs.list);
if (p->slot[i].mechs.infos) {
- int j;
+ size_t j;
for (j = 0 ; j < p->slot[i].mechs.num ; j++)
free(p->slot[i].mechs.infos[j]);
@@ -981,7 +982,7 @@ static int
p11_free(hx509_certs certs, void *data)
{
struct p11_module *p = data;
- int i;
+ size_t i;
for (i = 0; i < p->num_slots; i++) {
if (p->slot[i].certs)
@@ -1002,7 +1003,8 @@ p11_iter_start(hx509_context context,
{
struct p11_module *p = data;
struct p11_cursor *c;
- int ret, i;
+ int ret;
+ size_t i;
c = malloc(sizeof(*c));
if (c == NULL) {
@@ -1103,7 +1105,7 @@ p11_printinfo(hx509_context context,
void *ctx)
{
struct p11_module *p = data;
- int i, j;
+ size_t i, j;
_hx509_pi_printf(func, ctx, "pkcs11 driver with %d slot%s",
p->num_slots, p->num_slots > 1 ? "s" : "");
diff --git a/source4/heimdal/lib/hx509/ks_p12.c b/source4/heimdal/lib/hx509/ks_p12.c
index 704cf071d7..0ca13de1eb 100644
--- a/source4/heimdal/lib/hx509/ks_p12.c
+++ b/source4/heimdal/lib/hx509/ks_p12.c
@@ -56,7 +56,7 @@ parse_pkcs12_type(hx509_context, struct hx509_collector *, const heim_oid *,
static const PKCS12_Attribute *
find_attribute(const PKCS12_Attributes *attrs, const heim_oid *oid)
{
- int i;
+ size_t i;
if (attrs == NULL)
return NULL;
for (i = 0; i < attrs->len; i++)
@@ -168,7 +168,7 @@ certBag_parser(hx509_context context,
const heim_oid *oids[] = {
&asn1_oid_id_pkcs_9_at_localKeyId, &asn1_oid_id_pkcs_9_at_friendlyName
};
- int i;
+ size_t i;
for (i = 0; i < sizeof(oids)/sizeof(oids[0]); i++) {
const heim_oid *oid = oids[i];
@@ -176,7 +176,7 @@ certBag_parser(hx509_context context,
if (attr)
_hx509_set_cert_attribute(context, cert, oid,
&attr->attrValues);
- }
+ }
}
hx509_cert_free(cert);
@@ -190,7 +190,8 @@ parse_safe_content(hx509_context context,
const unsigned char *p, size_t len)
{
PKCS12_SafeContents sc;
- int ret, i;
+ int ret;
+ size_t i;
memset(&sc, 0, sizeof(sc));
@@ -236,7 +237,7 @@ encryptedData_parser(hx509_context context,
heim_octet_string content;
heim_oid contentType;
int ret;
-
+
memset(&contentType, 0, sizeof(contentType));
ret = hx509_cms_decrypt_encrypted(context,
@@ -265,7 +266,7 @@ envelopedData_parser(hx509_context context,
heim_oid contentType;
hx509_lock lock;
int ret;
-
+
memset(&contentType, 0, sizeof(contentType));
lock = _hx509_collector_get_lock(c);
@@ -310,7 +311,7 @@ parse_pkcs12_type(hx509_context context,
const void *data, size_t length,
const PKCS12_Attributes *attrs)
{
- int i;
+ size_t i;
for (i = 0; i < sizeof(bagtypes)/sizeof(bagtypes[0]); i++)
if (der_heim_oid_cmp(bagtypes[i].oid, oid) == 0)
@@ -327,7 +328,8 @@ p12_init(hx509_context context,
void *buf;
PKCS12_PFX pfx;
PKCS12_AuthenticatedSafe as;
- int ret, i;
+ int ret;
+ size_t i;
struct hx509_collector *c;
*data = NULL;
@@ -581,7 +583,7 @@ p12_store(hx509_context context,
free_PKCS12_AuthenticatedSafe(&as);
if (ret)
return ret;
-
+
ret = der_parse_hex_heim_integer("03", &pfx.version);
if (ret) {
free(asdata.data);
diff --git a/source4/heimdal/lib/hx509/lock.c b/source4/heimdal/lib/hx509/lock.c
index 07e9d36125..b72d45962b 100644
--- a/source4/heimdal/lib/hx509/lock.c
+++ b/source4/heimdal/lib/hx509/lock.c
@@ -121,7 +121,7 @@ _hx509_lock_unlock_certs(hx509_lock lock)
void
hx509_lock_reset_passwords(hx509_lock lock)
{
- int i;
+ size_t i;
for (i = 0; i < lock->password.len; i++)
free(lock->password.val[i]);
free(lock->password.val);
diff --git a/source4/heimdal/lib/hx509/name.c b/source4/heimdal/lib/hx509/name.c
index 83b8f86d41..efd7b70342 100644
--- a/source4/heimdal/lib/hx509/name.c
+++ b/source4/heimdal/lib/hx509/name.c
@@ -66,17 +66,17 @@ static const struct {
const heim_oid *o;
wind_profile_flags flags;
} no[] = {
- { "C", &asn1_oid_id_at_countryName },
- { "CN", &asn1_oid_id_at_commonName },
- { "DC", &asn1_oid_id_domainComponent },
- { "L", &asn1_oid_id_at_localityName },
- { "O", &asn1_oid_id_at_organizationName },
- { "OU", &asn1_oid_id_at_organizationalUnitName },
- { "S", &asn1_oid_id_at_stateOrProvinceName },
- { "STREET", &asn1_oid_id_at_streetAddress },
- { "UID", &asn1_oid_id_Userid },
- { "emailAddress", &asn1_oid_id_pkcs9_emailAddress },
- { "serialNumber", &asn1_oid_id_at_serialNumber }
+ { "C", &asn1_oid_id_at_countryName, 0 },
+ { "CN", &asn1_oid_id_at_commonName, 0 },
+ { "DC", &asn1_oid_id_domainComponent, 0 },
+ { "L", &asn1_oid_id_at_localityName, 0 },
+ { "O", &asn1_oid_id_at_organizationName, 0 },
+ { "OU", &asn1_oid_id_at_organizationalUnitName, 0 },
+ { "S", &asn1_oid_id_at_stateOrProvinceName, 0 },
+ { "STREET", &asn1_oid_id_at_streetAddress, 0 },
+ { "UID", &asn1_oid_id_Userid, 0 },
+ { "emailAddress", &asn1_oid_id_pkcs9_emailAddress, 0 },
+ { "serialNumber", &asn1_oid_id_at_serialNumber, 0 }
};
static char *
@@ -159,7 +159,8 @@ oidtostring(const heim_oid *type)
static int
stringtooid(const char *name, size_t len, heim_oid *oid)
{
- int i, ret;
+ int ret;
+ size_t i;
char *s;
memset(oid, 0, sizeof(*oid));
@@ -200,20 +201,22 @@ int
_hx509_Name_to_string(const Name *n, char **str)
{
size_t total_len = 0;
- int i, j, ret;
+ size_t i, j, m;
+ int ret;
*str = strdup("");
if (*str == NULL)
return ENOMEM;
- for (i = n->u.rdnSequence.len - 1 ; i >= 0 ; i--) {
+ for (m = n->u.rdnSequence.len; m > 0; m--) {
size_t len;
+ i = m - 1;
for (j = 0; j < n->u.rdnSequence.val[i].len; j++) {
DirectoryString *ds = &n->u.rdnSequence.val[i].val[j].value;
char *oidname;
char *ss;
-
+
oidname = oidtostring(&n->u.rdnSequence.val[i].val[j].type);
switch(ds->element) {
@@ -237,7 +240,7 @@ _hx509_Name_to_string(const Name *n, char **str)
ret = wind_ucs2utf8_length(bmp, bmplen, &k);
if (ret)
return ret;
-
+
ss = malloc(k + 1);
if (ss == NULL)
_hx509_abort("allocation failure"); /* XXX */
@@ -438,7 +441,8 @@ _hx509_name_ds_cmp(const DirectoryString *ds1,
int
_hx509_name_cmp(const Name *n1, const Name *n2, int *c)
{
- int ret, i, j;
+ int ret;
+ size_t i, j;
*c = n1->u.rdnSequence.len - n2->u.rdnSequence.len;
if (*c)
@@ -454,7 +458,7 @@ _hx509_name_cmp(const Name *n1, const Name *n2, int *c)
&n1->u.rdnSequence.val[i].val[j].type);
if (*c)
return 0;
-
+
ret = _hx509_name_ds_cmp(&n1->u.rdnSequence.val[i].val[j].value,
&n2->u.rdnSequence.val[i].val[j].value,
c);
@@ -533,7 +537,7 @@ _hx509_name_modify(hx509_context context,
&name->u.rdnSequence.val[0],
name->u.rdnSequence.len *
sizeof(name->u.rdnSequence.val[0]));
-
+
rdn = &name->u.rdnSequence.val[0];
}
rdn->val = malloc(sizeof(rdn->val[0]));
@@ -609,8 +613,8 @@ hx509_parse_name(hx509_context context, const char *str, hx509_name *name)
"missing name before = in %s", p);
goto out;
}
-
- if ((q - p) > len) {
+
+ if ((size_t)(q - p) > len) {
ret = HX509_PARSING_NAME_FAILED;
hx509_set_error_string(context, 0, ret, " = after , in %s", p);
goto out;
@@ -623,12 +627,12 @@ hx509_parse_name(hx509_context context, const char *str, hx509_name *name)
"unknown type: %.*s", (int)(q - p), p);
goto out;
}
-
+
{
size_t pstr_len = len - (q - p) - 1;
const char *pstr = p + (q - p) + 1;
char *r;
-
+
r = malloc(pstr_len + 1);
if (r == NULL) {
der_free_oid(&oid);
@@ -727,7 +731,7 @@ hx509_name_expand(hx509_context context,
hx509_env env)
{
Name *n = &name->der_name;
- int i, j;
+ size_t i, j;
if (env == NULL)
return 0;
diff --git a/source4/heimdal/lib/hx509/print.c b/source4/heimdal/lib/hx509/print.c
index 56e4f72115..1e8bcabfa7 100644
--- a/source4/heimdal/lib/hx509/print.c
+++ b/source4/heimdal/lib/hx509/print.c
@@ -163,7 +163,7 @@ void
hx509_bitstring_print(const heim_bit_string *b,
hx509_vprint_func func, void *ctx)
{
- int i;
+ size_t i;
print_func(func, ctx, "\tlength: %d\n\t", b->length);
for (i = 0; i < (b->length + 7) / 8; i++)
print_func(func, ctx, "%02x%s%s",
@@ -481,7 +481,8 @@ check_CRLDistributionPoints(hx509_validate_ctx ctx,
{
CRLDistributionPoints dp;
size_t size;
- int ret, i;
+ int ret;
+ size_t i;
check_Null(ctx, status, cf, e);
@@ -499,8 +500,8 @@ check_CRLDistributionPoints(hx509_validate_ctx ctx,
if (dp.val[i].distributionPoint) {
DistributionPointName dpname;
heim_any *data = dp.val[i].distributionPoint;
- int j;
-
+ size_t j;
+
ret = decode_DistributionPointName(data->data, data->length,
&dpname, NULL);
if (ret) {
@@ -512,7 +513,7 @@ check_CRLDistributionPoints(hx509_validate_ctx ctx,
switch (dpname.element) {
case choice_DistributionPointName_fullName:
validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "Fullname:\n");
-
+
for (j = 0 ; j < dpname.u.fullName.len; j++) {
char *s;
GeneralName *name = &dpname.u.fullName.val[j];
@@ -565,7 +566,8 @@ check_altName(hx509_validate_ctx ctx,
{
GeneralNames gn;
size_t size;
- int ret, i;
+ int ret;
+ size_t i;
check_Null(ctx, status, cf, e);
@@ -600,7 +602,7 @@ check_altName(hx509_validate_ctx ctx,
if (der_heim_oid_cmp(altname_types[j].oid,
&gn.val[i].u.otherName.type_id) != 0)
continue;
-
+
validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "%s: ",
altname_types[j].name);
(*altname_types[j].func)(ctx, &gn.val[i].u.otherName.value);
@@ -717,7 +719,8 @@ check_authorityInfoAccess(hx509_validate_ctx ctx,
{
AuthorityInfoAccessSyntax aia;
size_t size;
- int ret, i;
+ int ret;
+ size_t i;
check_Null(ctx, status, cf, e);
@@ -773,7 +776,7 @@ struct {
{ ext(certificateIssuer, Null), M_C },
{ ext(nameConstraints, Null), M_C },
{ ext(cRLDistributionPoints, CRLDistributionPoints), S_N_C },
- { ext(certificatePolicies, Null) },
+ { ext(certificatePolicies, Null), 0 },
{ ext(policyMappings, Null), M_N_C },
{ ext(authorityKeyIdentifier, authorityKeyIdentifier), M_N_C },
{ ext(policyConstraints, Null), D_C },
@@ -789,7 +792,7 @@ struct {
check_Null, D_C },
{ "Netscape cert comment", &asn1_oid_id_netscape_cert_comment,
check_Null, D_C },
- { NULL }
+ { NULL, NULL, NULL, 0 }
};
/**
@@ -900,7 +903,7 @@ hx509_validate_cert(hx509_context context,
if ((t->version == NULL || *t->version < 2) && t->extensions)
validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
"Not version 3 certificate with extensions\n");
-
+
if (_hx509_cert_get_version(c) >= 3 && t->extensions == NULL)
validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
"Version 3 certificate without extensions\n");
@@ -936,7 +939,7 @@ hx509_validate_cert(hx509_context context,
free(str);
if (t->extensions) {
- int i, j;
+ size_t i, j;
if (t->extensions->len == 0) {
validate_print(ctx,
@@ -975,7 +978,7 @@ hx509_validate_cert(hx509_context context,
}
} else
validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "no extentions\n");
-
+
if (status.isca) {
if (!status.haveSKI)
validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
@@ -987,7 +990,7 @@ hx509_validate_cert(hx509_context context,
"Is not CA and doesn't have "
"AuthorityKeyIdentifier\n");
}
-
+
if (!status.haveSKI)
validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
diff --git a/source4/heimdal/lib/hx509/revoke.c b/source4/heimdal/lib/hx509/revoke.c
index 6d2cac4afb..2932280748 100644
--- a/source4/heimdal/lib/hx509/revoke.c
+++ b/source4/heimdal/lib/hx509/revoke.c
@@ -176,9 +176,9 @@ verify_ocsp(hx509_context context,
hx509_cert signer = NULL;
hx509_query q;
int ret;
-
+
_hx509_query_clear(&q);
-
+
/*
* Need to match on issuer too in case there are two CA that have
* issued the same name to a certificate. One example of this is
@@ -198,7 +198,7 @@ verify_ocsp(hx509_context context,
q.keyhash_sha1 = &ocsp->ocsp.tbsResponseData.responderID.u.byKey;
break;
}
-
+
ret = hx509_certs_find(context, certs, &q, &signer);
if (ret && ocsp->certs)
ret = hx509_certs_find(context, ocsp->certs, &q, &signer);
@@ -349,7 +349,7 @@ load_ocsp(hx509_context context, struct revoke_ocsp *ocsp)
}
if (basic.certs) {
- int i;
+ size_t i;
ret = hx509_certs_init(context, "MEMORY:ocsp-certs", 0,
NULL, &certs);
@@ -360,11 +360,11 @@ load_ocsp(hx509_context context, struct revoke_ocsp *ocsp)
for (i = 0; i < basic.certs->len; i++) {
hx509_cert c;
-
+
ret = hx509_cert_init(context, &basic.certs->val[i], &c);
if (ret)
continue;
-
+
ret = hx509_certs_add(context, certs, c);
hx509_cert_free(c);
if (ret)
@@ -463,7 +463,7 @@ verify_crl(hx509_context context,
hx509_query q;
time_t t;
int ret;
-
+
t = _hx509_Time2time_t(&crl->tbsCertList.thisUpdate);
if (t > time_now) {
hx509_set_error_string(context, 0, HX509_CRL_USED_BEFORE_TIME,
@@ -485,7 +485,7 @@ verify_crl(hx509_context context,
}
_hx509_query_clear(&q);
-
+
/*
* If it's the signer have CRLSIGN bit set, use that as the signer
* cert for the certificate, otherwise, search for a certificate.
@@ -496,7 +496,7 @@ verify_crl(hx509_context context,
q.match = HX509_QUERY_MATCH_SUBJECT_NAME;
q.match |= HX509_QUERY_KU_CRLSIGN;
q.subject_name = &crl->tbsCertList.issuer;
-
+
ret = hx509_certs_find(context, certs, &q, &signer);
if (ret) {
hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
@@ -526,11 +526,11 @@ verify_crl(hx509_context context,
hx509_cert crl_parent;
_hx509_query_clear(&q);
-
+
q.match = HX509_QUERY_MATCH_SUBJECT_NAME;
q.match |= HX509_QUERY_KU_CRLSIGN;
q.subject_name = &_hx509_get_cert(signer)->tbsCertificate.issuer;
-
+
ret = hx509_certs_find(context, certs, &q, &crl_parent);
if (ret) {
hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
@@ -718,7 +718,7 @@ hx509_revoke_verify(hx509_context context,
&c->tbsCertificate.serialNumber);
if (ret != 0)
continue;
-
+
/* verify issuer hashes hash */
ret = _hx509_verify_signature(context,
NULL,
@@ -760,8 +760,7 @@ hx509_revoke_verify(hx509_context context,
if (ocsp->ocsp.tbsResponseData.responses.val[j].nextUpdate) {
if (*ocsp->ocsp.tbsResponseData.responses.val[j].nextUpdate < now)
continue;
- } else
- /* Should force a refetch, but can we ? */;
+ } /* else should force a refetch, but can we ? */
return 0;
}
@@ -829,12 +828,12 @@ hx509_revoke_verify(hx509_context context,
t = _hx509_Time2time_t(&crl->crl.tbsCertList.revokedCertificates->val[j].revocationDate);
if (t > now)
continue;
-
+
if (crl->crl.tbsCertList.revokedCertificates->val[j].crlEntryExtensions)
for (k = 0; k < crl->crl.tbsCertList.revokedCertificates->val[j].crlEntryExtensions->len; k++)
if (crl->crl.tbsCertList.revokedCertificates->val[j].crlEntryExtensions->val[k].critical)
return HX509_CRL_UNKNOWN_EXTENSION;
-
+
hx509_set_error_string(context, 0,
HX509_CERT_REVOKED,
"Certificate revoked by issuer in CRL");
@@ -1003,7 +1002,7 @@ hx509_ocsp_request(hx509_context context,
}
es = req.tbsRequest.requestExtensions;
-
+
es->val = calloc(es->len, sizeof(es->val[0]));
if (es->val == NULL) {
ret = ENOMEM;
@@ -1022,7 +1021,7 @@ hx509_ocsp_request(hx509_context context,
goto out;
}
es->val[0].extnValue.length = 10;
-
+
ret = RAND_bytes(es->val[0].extnValue.data,
es->val[0].extnValue.length);
if (ret != 1) {
@@ -1055,8 +1054,13 @@ static char *
printable_time(time_t t)
{
static char s[128];
- strlcpy(s, ctime(&t)+ 4, sizeof(s));
- s[20] = 0;
+ char *p;
+ if ((p = ctime(&t)) == NULL)
+ strlcpy(s, "?", sizeof(s));
+ else {
+ strlcpy(s, p + 4, sizeof(s));
+ s[20] = 0;
+ }
return s;
}
@@ -1076,7 +1080,8 @@ int
hx509_revoke_ocsp_print(hx509_context context, const char *path, FILE *out)
{
struct revoke_ocsp ocsp;
- int ret, i;
+ int ret;
+ size_t i;
if (out == NULL)
out = stdout;
@@ -1141,7 +1146,7 @@ hx509_revoke_ocsp_print(hx509_context context, const char *path, FILE *out)
status = "element unknown";
}
- fprintf(out, "\t%d. status: %s\n", i, status);
+ fprintf(out, "\t%zu. status: %s\n", i, status);
fprintf(out, "\tthisUpdate: %s\n",
printable_time(ocsp.ocsp.tbsResponseData.responses.val[i].thisUpdate));
@@ -1188,7 +1193,8 @@ hx509_ocsp_verify(hx509_context context,
{
const Certificate *c = _hx509_get_cert(cert);
OCSPBasicOCSPResponse basic;
- int ret, i;
+ int ret;
+ size_t i;
if (now == 0)
now = time(NULL);
@@ -1208,7 +1214,7 @@ hx509_ocsp_verify(hx509_context context,
&c->tbsCertificate.serialNumber);
if (ret != 0)
continue;
-
+
/* verify issuer hashes hash */
ret = _hx509_verify_signature(context,
NULL,
@@ -1248,7 +1254,7 @@ hx509_ocsp_verify(hx509_context context,
{
hx509_name name;
char *subject;
-
+
ret = hx509_cert_get_subject(cert, &name);
if (ret) {
hx509_clear_error_string(context);
diff --git a/source4/heimdal/lib/hx509/sel.c b/source4/heimdal/lib/hx509/sel.c
index 561818c9f1..6930b50f7c 100644
--- a/source4/heimdal/lib/hx509/sel.c
+++ b/source4/heimdal/lib/hx509/sel.c
@@ -101,7 +101,7 @@ eval_comp(hx509_context context, hx509_env env, struct hx_expr *expr)
if (expr->op == comp_TAILEQ) {
size_t len1 = strlen(s1);
size_t len2 = strlen(s2);
-
+
if (len1 < len2)
return 0;
ret = strcmp(s1 + (len1 - len2), s2) == 0;
@@ -133,7 +133,7 @@ eval_comp(hx509_context context, hx509_env env, struct hx_expr *expr)
subenv = find_variable(context, env, subexpr);
if (subenv == NULL)
return FALSE;
-
+
while (subenv) {
if (subenv->type != env_string)
continue;
@@ -223,7 +223,7 @@ _hx509_expr_parse(const char *buf)
}
void
-_hx509_sel_yyerror (char *s)
+_hx509_sel_yyerror (const char *s)
{
if (_hx509_expr_input.error)
free(_hx509_expr_input.error);
diff --git a/source4/heimdal/lib/hx509/sel.h b/source4/heimdal/lib/hx509/sel.h
index 1dfc41818c..177ec0a65b 100644
--- a/source4/heimdal/lib/hx509/sel.h
+++ b/source4/heimdal/lib/hx509/sel.h
@@ -78,5 +78,5 @@ extern struct hx_expr_input _hx509_expr_input;
int _hx509_sel_yyparse(void);
int _hx509_sel_yylex(void);
-void _hx509_sel_yyerror(char *);
+void _hx509_sel_yyerror(const char *);
diff --git a/source4/heimdal/lib/hx509/test_name.c b/source4/heimdal/lib/hx509/test_name.c
index 2cdcdf85f6..d932221ddf 100644
--- a/source4/heimdal/lib/hx509/test_name.c
+++ b/source4/heimdal/lib/hx509/test_name.c
@@ -336,7 +336,7 @@ test_compare(hx509_context context)
if (ret) return 1;
ret = compare_subject(c2, c3, &l3);
if (ret) return 1;
-
+
if (l0 != 0) return 1;
if (l2 < l1) return 1;
if (l3 < l2) return 1;
diff --git a/source4/heimdal/lib/krb5/acache.c b/source4/heimdal/lib/krb5/acache.c
index 6f20cdcf6c..19eeecda42 100644
--- a/source4/heimdal/lib/krb5/acache.c
+++ b/source4/heimdal/lib/krb5/acache.c
@@ -78,7 +78,7 @@ static const struct {
static krb5_error_code
translate_cc_error(krb5_context context, cc_int32 error)
{
- int i;
+ size_t i;
krb5_clear_error_message(context);
for(i = 0; i < sizeof(cc_errors)/sizeof(cc_errors[0]); i++)
if (cc_errors[i].error == error)
@@ -259,7 +259,7 @@ make_cred_from_ccred(krb5_context context,
if (cred->addresses.val == NULL)
goto nomem;
cred->addresses.len = i;
-
+
for (i = 0; i < cred->addresses.len; i++) {
cred->addresses.val[i].addr_type = incred->addresses[i]->type;
ret = krb5_data_copy(&cred->addresses.val[i].address,
@@ -337,7 +337,7 @@ make_ccred_from_cred(krb5_context context,
cc_credentials_v5_t *cred)
{
krb5_error_code ret;
- int i;
+ size_t i;
memset(cred, 0, sizeof(*cred));
@@ -546,7 +546,7 @@ acc_resolve(krb5_context context, krb5_ccache *id, const char *res)
error = (*a->ccache->func->get_kdc_time_offset)(a->ccache,
cc_credentials_v5,
&offset);
- if (error == 0)
+ if (error == 0)
context->kdc_sec_offset = offset;
} else if (error == ccErrCCacheNotFound) {
@@ -887,7 +887,7 @@ acc_get_version(krb5_context context,
{
return 0;
}
-
+
struct cache_iter {
cc_context_t context;
cc_ccache_iterator_t iter;
@@ -961,7 +961,7 @@ acc_get_cache_next(krb5_context context, krb5_cc_cursor cursor, krb5_ccache *id)
acc_close(context, *id);
*id = NULL;
return translate_cc_error(context, error);
- }
+ }
return 0;
}
@@ -1031,7 +1031,7 @@ acc_get_default_name(krb5_context context, char **str)
(*cc->func->release)(cc);
return translate_cc_error(context, error);
}
-
+
error = asprintf(str, "API:%s", name->data);
(*name->func->release)(name);
(*cc->func->release)(cc);
@@ -1114,7 +1114,9 @@ KRB5_LIB_VARIABLE const krb5_cc_ops krb5_acc_ops = {
acc_move,
acc_get_default_name,
acc_set_default,
- acc_lastchange
+ acc_lastchange,
+ NULL,
+ NULL,
};
#endif
diff --git a/source4/heimdal/lib/krb5/addr_families.c b/source4/heimdal/lib/krb5/addr_families.c
index cccf1cbc9a..5d321a7e91 100644
--- a/source4/heimdal/lib/krb5/addr_families.c
+++ b/source4/heimdal/lib/krb5/addr_families.c
@@ -44,6 +44,7 @@ struct addr_operations {
void (*h_addr2sockaddr)(const char *, struct sockaddr *, krb5_socklen_t *, int);
krb5_error_code (*h_addr2addr)(const char *, krb5_address *);
krb5_boolean (*uninteresting)(const struct sockaddr *);
+ krb5_boolean (*is_loopback)(const struct sockaddr *);
void (*anyaddr)(struct sockaddr *, krb5_socklen_t *, int);
int (*print_addr)(const krb5_address *, char *, size_t);
int (*parse_addr)(krb5_context, const char*, krb5_address *);
@@ -136,6 +137,17 @@ ipv4_uninteresting (const struct sockaddr *sa)
return FALSE;
}
+static krb5_boolean
+ipv4_is_loopback (const struct sockaddr *sa)
+{
+ const struct sockaddr_in *sin4 = (const struct sockaddr_in *)sa;
+
+ if ((ntohl(sin4->sin_addr.s_addr) >> 24) == IN_LOOPBACKNET)
+ return TRUE;
+
+ return FALSE;
+}
+
static void
ipv4_anyaddr (struct sockaddr *sa, krb5_socklen_t *sa_size, int port)
{
@@ -310,11 +322,19 @@ ipv6_uninteresting (const struct sockaddr *sa)
const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *)sa;
const struct in6_addr *in6 = (const struct in6_addr *)&sin6->sin6_addr;
- return
- IN6_IS_ADDR_LINKLOCAL(in6)
+ return IN6_IS_ADDR_LINKLOCAL(in6)
|| IN6_IS_ADDR_V4COMPAT(in6);
}
+static krb5_boolean
+ipv6_is_loopback (const struct sockaddr *sa)
+{
+ const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *)sa;
+ const struct in6_addr *in6 = (const struct in6_addr *)&sin6->sin6_addr;
+
+ return (IN6_IS_ADDR_LOOPBACK(in6));
+}
+
static void
ipv6_anyaddr (struct sockaddr *sa, krb5_socklen_t *sa_size, int port)
{
@@ -334,7 +354,7 @@ ipv6_print_addr (const krb5_address *addr, char *str, size_t len)
if(inet_ntop(AF_INET6, addr->address.data, buf, sizeof(buf)) == NULL)
{
/* XXX this is pretty ugly, but better than abort() */
- int i;
+ size_t i;
unsigned char *p = addr->address.data;
buf[0] = '\0';
for(i = 0; i < addr->address.length; i++) {
@@ -401,7 +421,7 @@ ipv6_mask_boundary(krb5_context context, const krb5_address *inaddr,
sub_len = min(8, len);
m = 0xff << (8 - sub_len);
-
+
laddr.s6_addr[i] = addr.s6_addr[i] & m;
haddr.s6_addr[i] = (addr.s6_addr[i] & m) | ~m;
@@ -471,7 +491,7 @@ arange_parse_addr (krb5_context context,
krb5_free_addresses(context, &addrmask);
return -1;
}
-
+
address += p - address + 1;
num = strtol(address, &q, 10);
@@ -488,7 +508,7 @@ arange_parse_addr (krb5_context context,
} else {
krb5_addresses low, high;
-
+
strsep_copy(&address, "-", buf, sizeof(buf));
ret = krb5_parse_address(context, buf, &low);
if(ret)
@@ -497,14 +517,14 @@ arange_parse_addr (krb5_context context,
krb5_free_addresses(context, &low);
return -1;
}
-
+
strsep_copy(&address, "-", buf, sizeof(buf));
ret = krb5_parse_address(context, buf, &high);
if(ret) {
krb5_free_addresses(context, &low);
return ret;
}
-
+
if(high.len != 1 && high.val[0].addr_type != low.val[0].addr_type) {
krb5_free_addresses(context, &low);
krb5_free_addresses(context, &high);
@@ -590,7 +610,7 @@ arange_print_addr (const krb5_address *addr, char *str, size_t len)
if (l > len)
l = len;
size = l;
-
+
ret = krb5_print_address (&a->low, str + size, len - size, &l);
if (ret)
return ret;
@@ -632,9 +652,11 @@ arange_order_addr(krb5_context context,
a = addr2->address.data;
a2 = addr1;
sign = -1;
- } else
+ } else {
abort();
-
+ UNREACHABLE(return 0);
+ }
+
if(a2->addr_type == KRB5_ADDRESS_ARANGE) {
struct arange *b = a2->address.data;
tmp1 = krb5_address_order(context, &a->low, &b->low);
@@ -707,34 +729,78 @@ addrport_print_addr (const krb5_address *addr, char *str, size_t len)
}
static struct addr_operations at[] = {
- {AF_INET, KRB5_ADDRESS_INET, sizeof(struct sockaddr_in),
- ipv4_sockaddr2addr,
- ipv4_sockaddr2port,
- ipv4_addr2sockaddr,
- ipv4_h_addr2sockaddr,
- ipv4_h_addr2addr,
- ipv4_uninteresting, ipv4_anyaddr, ipv4_print_addr, ipv4_parse_addr,
- NULL, NULL, NULL, ipv4_mask_boundary },
+ {
+ AF_INET, KRB5_ADDRESS_INET, sizeof(struct sockaddr_in),
+ ipv4_sockaddr2addr,
+ ipv4_sockaddr2port,
+ ipv4_addr2sockaddr,
+ ipv4_h_addr2sockaddr,
+ ipv4_h_addr2addr,
+ ipv4_uninteresting,
+ ipv4_is_loopback,
+ ipv4_anyaddr,
+ ipv4_print_addr,
+ ipv4_parse_addr,
+ NULL,
+ NULL,
+ NULL,
+ ipv4_mask_boundary
+ },
#ifdef HAVE_IPV6
- {AF_INET6, KRB5_ADDRESS_INET6, sizeof(struct sockaddr_in6),
- ipv6_sockaddr2addr,
- ipv6_sockaddr2port,
- ipv6_addr2sockaddr,
- ipv6_h_addr2sockaddr,
- ipv6_h_addr2addr,
- ipv6_uninteresting, ipv6_anyaddr, ipv6_print_addr, ipv6_parse_addr,
- NULL, NULL, NULL, ipv6_mask_boundary } ,
+ {
+ AF_INET6, KRB5_ADDRESS_INET6, sizeof(struct sockaddr_in6),
+ ipv6_sockaddr2addr,
+ ipv6_sockaddr2port,
+ ipv6_addr2sockaddr,
+ ipv6_h_addr2sockaddr,
+ ipv6_h_addr2addr,
+ ipv6_uninteresting,
+ ipv6_is_loopback,
+ ipv6_anyaddr,
+ ipv6_print_addr,
+ ipv6_parse_addr,
+ NULL,
+ NULL,
+ NULL,
+ ipv6_mask_boundary
+ } ,
#endif
#ifndef HEIMDAL_SMALLER
/* fake address type */
- {KRB5_ADDRESS_ARANGE, KRB5_ADDRESS_ARANGE, sizeof(struct arange),
- NULL, NULL, NULL, NULL, NULL, NULL, NULL,
- arange_print_addr, arange_parse_addr,
- arange_order_addr, arange_free, arange_copy },
+ {
+ KRB5_ADDRESS_ARANGE, KRB5_ADDRESS_ARANGE, sizeof(struct arange),
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ arange_print_addr,
+ arange_parse_addr,
+ arange_order_addr,
+ arange_free,
+ arange_copy,
+ NULL
+ },
#endif
- {KRB5_ADDRESS_ADDRPORT, KRB5_ADDRESS_ADDRPORT, 0,
- NULL, NULL, NULL, NULL, NULL,
- NULL, NULL, addrport_print_addr, NULL, NULL, NULL, NULL }
+ {
+ KRB5_ADDRESS_ADDRPORT, KRB5_ADDRESS_ADDRPORT, 0,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ addrport_print_addr,
+ NULL,
+ NULL,
+ NULL,
+ NULL
+ }
};
static int num_addrs = sizeof(at) / sizeof(at[0]);
@@ -757,7 +823,7 @@ find_af(int af)
}
static struct addr_operations *
-find_atype(int atype)
+find_atype(krb5_address_type atype)
{
struct addr_operations *a;
@@ -912,6 +978,15 @@ krb5_sockaddr_uninteresting(const struct sockaddr *sa)
return (*a->uninteresting)(sa);
}
+KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
+krb5_sockaddr_is_loopback(const struct sockaddr *sa)
+{
+ struct addr_operations *a = find_af(sa->sa_family);
+ if (a == NULL || a->is_loopback == NULL)
+ return TRUE;
+ return (*a->is_loopback)(sa);
+}
+
/**
* krb5_h_addr2sockaddr initializes a "struct sockaddr sa" from af and
* the "struct hostent" (see gethostbyname(3) ) h_addr_list
@@ -1038,17 +1113,17 @@ krb5_print_address (const krb5_address *addr,
if (a == NULL || a->print_addr == NULL) {
char *s;
int l;
- int i;
+ size_t i;
s = str;
l = snprintf(s, len, "TYPE_%d:", addr->addr_type);
- if (l < 0 || l >= len)
+ if (l < 0 || (size_t)l >= len)
return EINVAL;
s += l;
len -= l;
for(i = 0; i < addr->address.length; i++) {
l = snprintf(s, len, "%02x", ((char*)addr->address.data)[i]);
- if (l < 0 || l >= len)
+ if (l < 0 || (size_t)l >= len)
return EINVAL;
len -= l;
s += l;
@@ -1234,7 +1309,7 @@ krb5_address_search(krb5_context context,
const krb5_address *addr,
const krb5_addresses *addrlist)
{
- int i;
+ size_t i;
for (i = 0; i < addrlist->len; ++i)
if (krb5_address_compare (context, addr, &addrlist->val[i]))
@@ -1282,7 +1357,7 @@ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_free_addresses(krb5_context context,
krb5_addresses *addresses)
{
- int i;
+ size_t i;
for(i = 0; i < addresses->len; i++)
krb5_free_address(context, &addresses->val[i]);
free(addresses->val);
@@ -1333,7 +1408,7 @@ krb5_copy_addresses(krb5_context context,
const krb5_addresses *inaddr,
krb5_addresses *outaddr)
{
- int i;
+ size_t i;
ALLOC_SEQ(outaddr, inaddr->len);
if(inaddr->len > 0 && outaddr->val == NULL)
return ENOMEM;
@@ -1362,7 +1437,7 @@ krb5_append_addresses(krb5_context context,
{
krb5_address *tmp;
krb5_error_code ret;
- int i;
+ size_t i;
if(source->len > 0) {
tmp = realloc(dest->val, (dest->len + source->len) * sizeof(*tmp));
if(tmp == NULL) {
diff --git a/source4/heimdal/lib/krb5/appdefault.c b/source4/heimdal/lib/krb5/appdefault.c
index d4dc758faa..d4e963d74a 100644
--- a/source4/heimdal/lib/krb5/appdefault.c
+++ b/source4/heimdal/lib/krb5/appdefault.c
@@ -47,7 +47,7 @@ krb5_appdefault_boolean(krb5_context context, const char *appname,
if(realm != NULL)
def_val = krb5_config_get_bool_default(context, NULL, def_val,
"realms", realm, option, NULL);
-
+
def_val = krb5_config_get_bool_default(context, NULL, def_val,
"appdefaults",
option,
diff --git a/source4/heimdal/lib/krb5/auth_context.c b/source4/heimdal/lib/krb5/auth_context.c
index ea59c73931..518e19359c 100644
--- a/source4/heimdal/lib/krb5/auth_context.c
+++ b/source4/heimdal/lib/krb5/auth_context.c
@@ -262,6 +262,7 @@ krb5_auth_con_getaddrs(krb5_context context,
return 0;
}
+/* coverity[+alloc : arg-*2] */
static krb5_error_code
copy_key(krb5_context context,
krb5_keyblock *in,
@@ -289,6 +290,7 @@ krb5_auth_con_getlocalsubkey(krb5_context context,
return copy_key(context, auth_context->local_subkey, keyblock);
}
+/* coverity[+alloc : arg-*2] */
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_getremotesubkey(krb5_context context,
krb5_auth_context auth_context,
diff --git a/source4/heimdal/lib/krb5/build_auth.c b/source4/heimdal/lib/krb5/build_auth.c
index 85d64525de..01145a28c6 100644
--- a/source4/heimdal/lib/krb5/build_auth.c
+++ b/source4/heimdal/lib/krb5/build_auth.c
@@ -41,10 +41,12 @@ make_etypelist(krb5_context context,
krb5_error_code ret;
krb5_authdata ad;
u_char *buf;
- size_t len;
+ size_t len = 0;
size_t buf_size;
- ret = krb5_init_etype(context, &etypes.len, &etypes.val, NULL);
+ ret = _krb5_init_etype(context, KRB5_PDU_NONE,
+ &etypes.len, &etypes.val,
+ NULL);
if (ret)
return ret;
@@ -111,7 +113,7 @@ _krb5_build_authenticator (krb5_context context,
Authenticator auth;
u_char *buf = NULL;
size_t buf_size;
- size_t len;
+ size_t len = 0;
krb5_error_code ret;
krb5_crypto crypto;
diff --git a/source4/heimdal/lib/krb5/cache.c b/source4/heimdal/lib/krb5/cache.c
index 211642e568..616044e67b 100644
--- a/source4/heimdal/lib/krb5/cache.c
+++ b/source4/heimdal/lib/krb5/cache.c
@@ -38,7 +38,7 @@
/**
* @page krb5_ccache_intro The credential cache functions
* @section section_krb5_ccache Kerberos credential caches
- *
+ *
* krb5_ccache structure holds a Kerberos credential cache.
*
* Heimdal support the follow types of credential caches:
@@ -837,7 +837,7 @@ krb5_cc_set_flags(krb5_context context,
{
return (*id->ops->set_flags)(context, id, flags);
}
-
+
/**
* Get the flags of `id', store them in `flags'.
*
@@ -1144,7 +1144,7 @@ krb5_cc_cache_match (krb5_context context,
ret = krb5_cc_get_principal(context, cache, &principal);
if (ret == 0) {
krb5_boolean match;
-
+
match = krb5_principal_compare(context, principal, client);
krb5_free_principal(context, principal);
if (match)
@@ -1245,7 +1245,7 @@ build_conf_principals(krb5_context context, krb5_ccache id,
krb5_free_principal(context, client);
return ret;
}
-
+
/**
* Return TRUE (non zero) if the principal is a configuration
* principal (generated part of krb5_cc_set_config()). Returns FALSE
@@ -1267,7 +1267,7 @@ krb5_is_config_principal(krb5_context context,
if (principal->name.name_string.len == 0 ||
strcmp(principal->name.name_string.val[0], KRB5_CONF_NAME) != 0)
return FALSE;
-
+
return TRUE;
}
@@ -1306,11 +1306,11 @@ krb5_cc_set_config(krb5_context context, krb5_ccache id,
/* not that anyone care when this expire */
cred.times.authtime = time(NULL);
cred.times.endtime = cred.times.authtime + 3600 * 24 * 30;
-
+
ret = krb5_data_copy(&cred.ticket, data->data, data->length);
if (ret)
goto out;
-
+
ret = krb5_cc_store_cred(context, id, &cred);
}
@@ -1396,7 +1396,7 @@ krb5_cccol_cursor_new(krb5_context context, krb5_cccol_cursor *cursor)
}
/**
- * Get next credential cache from the iteration.
+ * Get next credential cache from the iteration.
*
* @param context A Kerberos 5 context
* @param cursor the iteration cursor
@@ -1418,13 +1418,13 @@ krb5_cccol_cursor_next(krb5_context context, krb5_cccol_cursor cursor,
krb5_ccache *cache)
{
krb5_error_code ret;
-
+
*cache = NULL;
while (cursor->idx < context->num_cc_ops) {
if (cursor->cursor == NULL) {
- ret = krb5_cc_cache_get_first (context,
+ ret = krb5_cc_cache_get_first (context,
context->cc_ops[cursor->idx]->prefix,
&cursor->cursor);
if (ret) {
@@ -1493,7 +1493,7 @@ krb5_cccol_cursor_free(krb5_context context, krb5_cccol_cursor *cursor)
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_last_change_time(krb5_context context,
- krb5_ccache id,
+ krb5_ccache id,
krb5_timestamp *mtime)
{
*mtime = 0;
@@ -1630,7 +1630,7 @@ krb5_cc_get_lifetime(krb5_context context, krb5_ccache id, time_t *t)
*t = 0;
now = time(NULL);
-
+
ret = krb5_cc_start_seq_get(context, id, &cursor);
if (ret)
return ret;
@@ -1644,7 +1644,7 @@ krb5_cc_get_lifetime(krb5_context context, krb5_ccache id, time_t *t)
}
krb5_free_cred_contents(context, &cred);
}
-
+
krb5_cc_end_seq_get(context, id, &cursor);
return ret;
diff --git a/source4/heimdal/lib/krb5/changepw.c b/source4/heimdal/lib/krb5/changepw.c
index 22a7c87ef3..1e7cd0d464 100644
--- a/source4/heimdal/lib/krb5/changepw.c
+++ b/source4/heimdal/lib/krb5/changepw.c
@@ -31,8 +31,6 @@
* SUCH DAMAGE.
*/
-#define KRB5_DEPRECATED
-
#include "krb5_locl.h"
#undef __attribute__
@@ -173,7 +171,7 @@ setpw_send_request (krb5_context context,
krb5_data krb_priv_data;
krb5_data pwd_data;
ChangePasswdDataMS chpw;
- size_t len;
+ size_t len = 0;
u_char header[4 + 6];
u_char *p;
struct iovec iov[3];
@@ -199,7 +197,7 @@ setpw_send_request (krb5_context context,
chpw.targname = NULL;
chpw.targrealm = NULL;
}
-
+
ASN1_MALLOC_ENCODE(ChangePasswdDataMS, pwd_data.data, pwd_data.length,
&chpw, &len, ret);
if (ret) {
@@ -276,7 +274,7 @@ process_reply (krb5_context context,
{
krb5_error_code ret;
u_char reply[1024 * 3];
- ssize_t len;
+ size_t len;
uint16_t pkt_len, pkt_ver;
krb5_data ap_rep_data;
int save_errno;
@@ -304,7 +302,7 @@ process_reply (krb5_context context,
_krb5_get_int(reply, &size, 4);
if (size + 4 < len)
continue;
- memmove(reply, reply + 4, size);
+ memmove(reply, reply + 4, size);
len = size;
break;
}
@@ -328,7 +326,7 @@ process_reply (krb5_context context,
if (len < 6) {
str2data (result_string, "server %s sent to too short message "
- "(%ld bytes)", host, (long)len);
+ "(%zu bytes)", host, len);
*result_code = KRB5_KPASSWD_MALFORMED;
return 0;
}
@@ -496,7 +494,7 @@ static struct kpwd_proc {
chgpw_send_request,
process_reply
},
- { NULL }
+ { NULL, 0, NULL, NULL }
};
/*
@@ -588,7 +586,7 @@ change_password_loop (krb5_context context,
if (!replied) {
replied = 0;
-
+
ret = (*proc->send_req) (context,
&auth_context,
creds,
@@ -686,7 +684,6 @@ find_chpw_proto(const char *name)
* @ingroup @krb5_deprecated
*/
-KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_change_password (krb5_context context,
krb5_creds *creds,
@@ -694,6 +691,7 @@ krb5_change_password (krb5_context context,
int *result_code,
krb5_data *result_code_string,
krb5_data *result_string)
+ KRB5_DEPRECATED_FUNCTION("Use X instead")
{
struct kpwd_proc *p = find_chpw_proto("change password");
diff --git a/source4/heimdal/lib/krb5/codec.c b/source4/heimdal/lib/krb5/codec.c
index d73a719100..5e754c60cb 100644
--- a/source4/heimdal/lib/krb5/codec.c
+++ b/source4/heimdal/lib/krb5/codec.c
@@ -31,184 +31,182 @@
* SUCH DAMAGE.
*/
-#define KRB5_DEPRECATED
-
#include "krb5_locl.h"
#ifndef HEIMDAL_SMALLER
-KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_decode_EncTicketPart (krb5_context context,
const void *data,
size_t length,
EncTicketPart *t,
size_t *len)
+ KRB5_DEPRECATED_FUNCTION("Use X instead")
{
return decode_EncTicketPart(data, length, t, len);
}
-KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_encode_EncTicketPart (krb5_context context,
void *data,
size_t length,
EncTicketPart *t,
size_t *len)
+ KRB5_DEPRECATED_FUNCTION("Use X instead")
{
return encode_EncTicketPart(data, length, t, len);
}
-KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_decode_EncASRepPart (krb5_context context,
const void *data,
size_t length,
EncASRepPart *t,
size_t *len)
+ KRB5_DEPRECATED_FUNCTION("Use X instead")
{
return decode_EncASRepPart(data, length, t, len);
}
-KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_encode_EncASRepPart (krb5_context context,
void *data,
size_t length,
EncASRepPart *t,
size_t *len)
+ KRB5_DEPRECATED_FUNCTION("Use X instead")
{
return encode_EncASRepPart(data, length, t, len);
}
-KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_decode_EncTGSRepPart (krb5_context context,
const void *data,
size_t length,
EncTGSRepPart *t,
size_t *len)
+ KRB5_DEPRECATED_FUNCTION("Use X instead")
{
return decode_EncTGSRepPart(data, length, t, len);
}
-KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_encode_EncTGSRepPart (krb5_context context,
void *data,
size_t length,
EncTGSRepPart *t,
size_t *len)
+ KRB5_DEPRECATED_FUNCTION("Use X instead")
{
return encode_EncTGSRepPart(data, length, t, len);
}
-KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_decode_EncAPRepPart (krb5_context context,
const void *data,
size_t length,
EncAPRepPart *t,
size_t *len)
+ KRB5_DEPRECATED_FUNCTION("Use X instead")
{
return decode_EncAPRepPart(data, length, t, len);
}
-KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_encode_EncAPRepPart (krb5_context context,
void *data,
size_t length,
EncAPRepPart *t,
size_t *len)
+ KRB5_DEPRECATED_FUNCTION("Use X instead")
{
return encode_EncAPRepPart(data, length, t, len);
}
-KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_decode_Authenticator (krb5_context context,
const void *data,
size_t length,
Authenticator *t,
size_t *len)
+ KRB5_DEPRECATED_FUNCTION("Use X instead")
{
return decode_Authenticator(data, length, t, len);
}
-KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_encode_Authenticator (krb5_context context,
void *data,
size_t length,
Authenticator *t,
size_t *len)
+ KRB5_DEPRECATED_FUNCTION("Use X instead")
{
return encode_Authenticator(data, length, t, len);
}
-KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_decode_EncKrbCredPart (krb5_context context,
const void *data,
size_t length,
EncKrbCredPart *t,
size_t *len)
+ KRB5_DEPRECATED_FUNCTION("Use X instead")
{
return decode_EncKrbCredPart(data, length, t, len);
}
-KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_encode_EncKrbCredPart (krb5_context context,
void *data,
size_t length,
EncKrbCredPart *t,
size_t *len)
+ KRB5_DEPRECATED_FUNCTION("Use X instead")
{
return encode_EncKrbCredPart (data, length, t, len);
}
-KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_decode_ETYPE_INFO (krb5_context context,
const void *data,
size_t length,
ETYPE_INFO *t,
size_t *len)
+ KRB5_DEPRECATED_FUNCTION("Use X instead")
{
return decode_ETYPE_INFO(data, length, t, len);
}
-KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_encode_ETYPE_INFO (krb5_context context,
void *data,
size_t length,
ETYPE_INFO *t,
size_t *len)
+ KRB5_DEPRECATED_FUNCTION("Use X instead")
{
return encode_ETYPE_INFO (data, length, t, len);
}
-KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_decode_ETYPE_INFO2 (krb5_context context,
const void *data,
size_t length,
ETYPE_INFO2 *t,
size_t *len)
+ KRB5_DEPRECATED_FUNCTION("Use X instead")
{
return decode_ETYPE_INFO2(data, length, t, len);
}
-KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_encode_ETYPE_INFO2 (krb5_context context,
void *data,
size_t length,
ETYPE_INFO2 *t,
size_t *len)
+ KRB5_DEPRECATED_FUNCTION("Use X instead")
{
return encode_ETYPE_INFO2 (data, length, t, len);
}
diff --git a/source4/heimdal/lib/krb5/config_file.c b/source4/heimdal/lib/krb5/config_file.c
index 89f778823d..4ac25ae287 100644
--- a/source4/heimdal/lib/krb5/config_file.c
+++ b/source4/heimdal/lib/krb5/config_file.c
@@ -33,8 +33,6 @@
* SUCH DAMAGE.
*/
-#define KRB5_DEPRECATED
-
#include "krb5_locl.h"
#ifdef __APPLE__
@@ -63,7 +61,7 @@ config_fgets(char *str, size_t len, struct fileptr *ptr)
p = ptr->s + strcspn(ptr->s, "\n");
if(*p == '\n')
p++;
- l = min(len, p - ptr->s);
+ l = min(len, (size_t)(p - ptr->s));
if(len > 0) {
memcpy(str, ptr->s, l);
str[l] = '\0';
@@ -91,7 +89,7 @@ _krb5_config_get_entry(krb5_config_section **parent, const char *name, int type)
for(q = parent; *q != NULL; q = &(*q)->next)
if(type == krb5_config_list &&
- type == (*q)->type &&
+ (unsigned)type == (*q)->type &&
strcmp(name, (*q)->name) == 0)
return *q;
*q = calloc(1, sizeof(**q));
@@ -250,7 +248,7 @@ cfstring2cstring(CFStringRef string)
{
CFIndex len;
char *str;
-
+
str = (char *) CFStringGetCStringPtr(string, kCFStringEncodingUTF8);
if (str)
return strdup(str);
@@ -260,7 +258,7 @@ cfstring2cstring(CFStringRef string)
str = malloc(len);
if (str == NULL)
return NULL;
-
+
if (!CFStringGetCString (string, str, len, kCFStringEncodingUTF8)) {
free (str);
return NULL;
@@ -299,7 +297,7 @@ parse_plist_config(krb5_context context, const char *path, krb5_config_section *
CFReadStreamRef s;
CFDictionaryRef d;
CFURLRef url;
-
+
url = CFURLCreateFromFileSystemRepresentation(kCFAllocatorDefault, (UInt8 *)path, strlen(path), FALSE);
if (url == NULL) {
krb5_clear_error_message(context);
@@ -321,7 +319,7 @@ parse_plist_config(krb5_context context, const char *path, krb5_config_section *
#ifdef HAVE_CFPROPERTYLISTCREATEWITHSTREAM
d = (CFDictionaryRef)CFPropertyListCreateWithStream(NULL, s, 0, kCFPropertyListImmutable, NULL, NULL);
-#else
+#else
d = (CFDictionaryRef)CFPropertyListCreateFromStream(NULL, s, 0, kCFPropertyListImmutable, NULL, NULL);
#endif
CFRelease(s);
@@ -441,7 +439,7 @@ krb5_config_parse_file_multi (krb5_context context,
home = getenv("HOME");
if (home == NULL) {
- struct passwd *pw = getpwuid(getuid());
+ struct passwd *pw = getpwuid(getuid());
if(pw != NULL)
home = pw->pw_dir;
}
@@ -455,7 +453,7 @@ krb5_config_parse_file_multi (krb5_context context,
fname = newfname;
}
#else /* KRB5_USE_PATH_TOKENS */
- if (asprintf(&newfname, "%%{USERCONFIG}%s", &fname[1]) < 0 ||
+ if (asprintf(&newfname, "%%{USERCONFIG}%s", &fname[1]) < 0 ||
newfname == NULL)
{
krb5_set_error_message(context, ENOMEM,
@@ -477,7 +475,7 @@ krb5_config_parse_file_multi (krb5_context context,
return ret;
}
#else
- krb5_set_error_message(context, ENOENT,
+ krb5_set_error_message(context, ENOENT,
"no support for plist configuration files");
return ENOENT;
#endif
@@ -491,7 +489,7 @@ krb5_config_parse_file_multi (krb5_context context,
free(newfname);
return ret;
}
-
+
if (newfname)
free(newfname);
fname = newfname = exp_fname;
@@ -507,7 +505,7 @@ krb5_config_parse_file_multi (krb5_context context,
free(newfname);
return ret;
}
-
+
ret = krb5_config_parse_debug (&f, res, &lineno, &str);
fclose(f.f);
if (ret) {
@@ -635,7 +633,7 @@ vget_next(krb5_context context,
const char *p = va_arg(args, const char *);
while(b != NULL) {
if(strcmp(b->name, name) == 0) {
- if(b->type == type && p == NULL) {
+ if(b->type == (unsigned)type && p == NULL) {
*pointer = b;
return b->u.generic;
} else if(b->type == krb5_config_list && p != NULL) {
@@ -675,7 +673,7 @@ _krb5_config_vget_next (krb5_context context,
/* we were called again, so just look for more entries with the
same name and type */
for (b = (*pointer)->next; b != NULL; b = b->next) {
- if(strcmp(b->name, (*pointer)->name) == 0 && b->type == type) {
+ if(strcmp(b->name, (*pointer)->name) == 0 && b->type == (unsigned)type) {
*pointer = b;
return b->u.generic;
}
@@ -770,7 +768,7 @@ krb5_config_vget_list (krb5_context context,
*
* @ingroup krb5_support
*/
-
+
KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
krb5_config_get_string (krb5_context context,
const krb5_config_section *c,
@@ -865,7 +863,7 @@ krb5_config_get_string_default (krb5_context context,
}
static char *
-next_component_string(char * begin, char * delims, char **state)
+next_component_string(char * begin, const char * delims, char **state)
{
char * end;
@@ -1302,11 +1300,11 @@ krb5_config_get_int (krb5_context context,
* @ingroup krb5_deprecated
*/
-KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_config_parse_string_multi(krb5_context context,
const char *string,
krb5_config_section **res)
+ KRB5_DEPRECATED_FUNCTION("Use X instead")
{
const char *str;
unsigned lineno = 0;
diff --git a/source4/heimdal/lib/krb5/context.c b/source4/heimdal/lib/krb5/context.c
index b6c6870938..99bf1b419b 100644
--- a/source4/heimdal/lib/krb5/context.c
+++ b/source4/heimdal/lib/krb5/context.c
@@ -34,6 +34,7 @@
*/
#include "krb5_locl.h"
+#include <assert.h>
#include <com_err.h>
#define INIT_FIELD(C, T, E, D, F) \
@@ -128,6 +129,24 @@ init_context_from_config_file(krb5_context context)
free(context->etypes_des);
context->etypes_des = tmptypes;
+ ret = set_etypes (context, "default_as_etypes", &tmptypes);
+ if(ret)
+ return ret;
+ free(context->as_etypes);
+ context->as_etypes = tmptypes;
+
+ ret = set_etypes (context, "default_tgs_etypes", &tmptypes);
+ if(ret)
+ return ret;
+ free(context->tgs_etypes);
+ context->tgs_etypes = tmptypes;
+
+ ret = set_etypes (context, "permitted_enctypes", &tmptypes);
+ if(ret)
+ return ret;
+ free(context->permitted_enctypes);
+ context->permitted_enctypes = tmptypes;
+
/* default keytab name */
tmp = NULL;
if(!issuid())
@@ -317,7 +336,7 @@ kt_ops_copy(krb5_context context, const krb5_context src_context)
return 0;
}
-static const char *sysplugin_dirs[] = {
+static const char *sysplugin_dirs[] = {
LIBDIR "/plugin/krb5",
#ifdef __APPLE__
"/Library/KerberosPlugins/KerberosFrameworkPlugins",
@@ -332,7 +351,7 @@ init_context_once(void *ctx)
krb5_context context = ctx;
_krb5_load_plugins(context, "krb5", sysplugin_dirs);
-
+
bindtextdomain(HEIMDAL_TEXTDOMAIN, HEIMDAL_LOCALEDIR);
}
@@ -392,7 +411,7 @@ krb5_init_context(krb5_context *context)
ret = hx509_context_init(&p->hx509ctx);
if (ret)
goto out;
-#endif
+#endif
if (rk_SOCK_INIT())
p->flags |= KRB5_CTX_F_SOCKETS_INITIALIZED;
@@ -413,7 +432,7 @@ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_permitted_enctypes(krb5_context context,
krb5_enctype **etypes)
{
- return krb5_get_default_in_tkt_etypes(context, etypes);
+ return krb5_get_default_in_tkt_etypes(context, KRB5_PDU_NONE, etypes);
}
/*
@@ -433,7 +452,7 @@ copy_etypes (krb5_context context,
*ret_enctypes = malloc(sizeof(ret_enctypes[0]) * i);
if (*ret_enctypes == NULL) {
- krb5_set_error_message(context, ENOMEM,
+ krb5_set_error_message(context, ENOMEM,
N_("malloc: out of memory", ""));
return ENOMEM;
}
@@ -481,7 +500,7 @@ krb5_copy_context(krb5_context context, krb5_context *out)
p->default_cc_name = strdup(context->default_cc_name);
if (context->default_cc_name_env)
p->default_cc_name_env = strdup(context->default_cc_name_env);
-
+
if (context->etypes) {
ret = copy_etypes(context, context->etypes, &p->etypes);
if (ret)
@@ -494,7 +513,7 @@ krb5_copy_context(krb5_context context, krb5_context *out)
}
if (context->default_realms) {
- ret = krb5_copy_host_realm(context,
+ ret = krb5_copy_host_realm(context,
context->default_realms, &p->default_realms);
if (ret)
goto out;
@@ -736,7 +755,7 @@ krb5_prepend_config_files_default(const char *filelist, char ***pfilenames)
krb5_free_config_files(defpp);
if (ret) {
return ret;
- }
+ }
*pfilenames = pp;
return 0;
}
@@ -874,36 +893,51 @@ krb5_kerberos_enctypes(krb5_context context)
}
/*
- * set `etype' to a malloced list of the default enctypes
+ *
*/
static krb5_error_code
-default_etypes(krb5_context context, krb5_enctype **etype)
+copy_enctypes(krb5_context context,
+ const krb5_enctype *in,
+ krb5_enctype **out)
{
- const krb5_enctype *p;
- krb5_enctype *e = NULL, *ep;
- int i, n = 0;
-
- p = krb5_kerberos_enctypes(context);
+ krb5_enctype *p = NULL;
+ size_t m, n;
- for (i = 0; p[i] != ETYPE_NULL; i++) {
- if (krb5_enctype_valid(context, p[i]) != 0)
+ for (n = 0; in[n]; n++)
+ ;
+ n++;
+ ALLOC(p, n);
+ if(p == NULL)
+ return krb5_enomem(context);
+ for (n = 0, m = 0; in[n]; n++) {
+ if (krb5_enctype_valid(context, in[n]) != 0)
continue;
- ep = realloc(e, (n + 2) * sizeof(*e));
- if (ep == NULL) {
- free(e);
- krb5_set_error_message (context, ENOMEM, N_("malloc: out of memory", ""));
- return ENOMEM;
- }
- e = ep;
- e[n] = p[i];
- e[n + 1] = ETYPE_NULL;
- n++;
+ p[m++] = in[n];
+ }
+ p[m] = KRB5_ENCTYPE_NULL;
+ if (m == 0) {
+ free(p);
+ krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP,
+ N_("no valid enctype set", ""));
+ return KRB5_PROG_ETYPE_NOSUPP;
}
- *etype = e;
+ *out = p;
return 0;
}
+
+/*
+ * set `etype' to a malloced list of the default enctypes
+ */
+
+static krb5_error_code
+default_etypes(krb5_context context, krb5_enctype **etype)
+{
+ const krb5_enctype *p = krb5_kerberos_enctypes(context);
+ return copy_enctypes(context, p, etype);
+}
+
/**
* Set the default encryption types that will be use in communcation
* with the KDC, clients and servers.
@@ -923,31 +957,11 @@ krb5_set_default_in_tkt_etypes(krb5_context context,
{
krb5_error_code ret;
krb5_enctype *p = NULL;
- unsigned int n, m;
if(etypes) {
- for (n = 0; etypes[n]; n++)
- ;
- n++;
- ALLOC(p, n);
- if(!p) {
- krb5_set_error_message (context, ENOMEM,
- N_("malloc: out of memory", ""));
- return ENOMEM;
- }
- for (n = 0, m = 0; etypes[n]; n++) {
- ret = krb5_enctype_valid(context, etypes[n]);
- if (ret)
- continue;
- p[m++] = etypes[n];
- }
- p[m] = ETYPE_NULL;
- if (m == 0) {
- free(p);
- krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP,
- N_("no valid enctype set", ""));
- return KRB5_PROG_ETYPE_NOSUPP;
- }
+ ret = copy_enctypes(context, etypes, &p);
+ if (ret)
+ return ret;
}
if(context->etypes)
free(context->etypes);
@@ -971,21 +985,28 @@ krb5_set_default_in_tkt_etypes(krb5_context context,
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_default_in_tkt_etypes(krb5_context context,
+ krb5_pdu pdu_type,
krb5_enctype **etypes)
{
- krb5_enctype *p;
- int i;
+ krb5_enctype *enctypes = NULL;
krb5_error_code ret;
+ krb5_enctype *p;
- if(context->etypes) {
- for(i = 0; context->etypes[i]; i++);
- ++i;
- ALLOC(p, i);
- if(!p) {
- krb5_set_error_message (context, ENOMEM, N_("malloc: out of memory", ""));
- return ENOMEM;
- }
- memmove(p, context->etypes, i * sizeof(krb5_enctype));
+ heim_assert(pdu_type == KRB5_PDU_AS_REQUEST ||
+ pdu_type == KRB5_PDU_TGS_REQUEST ||
+ pdu_type == KRB5_PDU_NONE, "pdu contant not as expected");
+
+ if (pdu_type == KRB5_PDU_AS_REQUEST && context->as_etypes != NULL)
+ enctypes = context->as_etypes;
+ else if (pdu_type == KRB5_PDU_TGS_REQUEST && context->tgs_etypes != NULL)
+ enctypes = context->tgs_etypes;
+ else if (context->etypes != NULL)
+ enctypes = context->etypes;
+
+ if (enctypes != NULL) {
+ ret = copy_enctypes(context, enctypes, &p);
+ if (ret)
+ return ret;
} else {
ret = default_etypes(context, &p);
if (ret)
@@ -1390,10 +1411,11 @@ krb5_set_max_time_skew (krb5_context context, time_t t)
context->max_skew = t;
}
-/**
+/*
* Init encryption types in len, val with etypes.
*
* @param context Kerberos 5 context.
+ * @param pdu_type type of pdu
* @param len output length of val.
* @param val output array of enctypes.
* @param etypes etypes to set val and len to, if NULL, use default enctypes.
@@ -1405,39 +1427,27 @@ krb5_set_max_time_skew (krb5_context context, time_t t)
*/
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
-krb5_init_etype (krb5_context context,
+_krb5_init_etype(krb5_context context,
+ krb5_pdu pdu_type,
unsigned *len,
krb5_enctype **val,
const krb5_enctype *etypes)
{
- unsigned int i;
krb5_error_code ret;
- krb5_enctype *tmp = NULL;
- ret = 0;
- if (etypes == NULL) {
- ret = krb5_get_default_in_tkt_etypes(context, &tmp);
- if (ret)
- return ret;
- etypes = tmp;
- }
+ if (etypes == NULL)
+ ret = krb5_get_default_in_tkt_etypes(context, pdu_type, val);
+ else
+ ret = copy_enctypes(context, etypes, val);
+ if (ret)
+ return ret;
- for (i = 0; etypes[i]; ++i)
- ;
- *len = i;
- *val = malloc(i * sizeof(**val));
- if (i != 0 && *val == NULL) {
- ret = ENOMEM;
- krb5_set_error_message(context, ret, N_("malloc: out of memory", ""));
- goto cleanup;
+ if (len) {
+ *len = 0;
+ while ((*val)[*len] != KRB5_ENCTYPE_NULL)
+ (*len)++;
}
- memmove (*val,
- etypes,
- i * sizeof(*tmp));
-cleanup:
- if (tmp != NULL)
- free (tmp);
- return ret;
+ return 0;
}
/*
diff --git a/source4/heimdal/lib/krb5/convert_creds.c b/source4/heimdal/lib/krb5/convert_creds.c
index e700425ffe..fc371c6377 100644
--- a/source4/heimdal/lib/krb5/convert_creds.c
+++ b/source4/heimdal/lib/krb5/convert_creds.c
@@ -31,8 +31,6 @@
* SUCH DAMAGE.
*/
-#define KRB5_DEPRECATED
-
#include "krb5_locl.h"
#include "krb5-v4compat.h"
@@ -54,11 +52,11 @@
* @ingroup krb5_v4compat
*/
-KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb524_convert_creds_kdc(krb5_context context,
krb5_creds *in_cred,
struct credentials *v4creds)
+ KRB5_DEPRECATED_FUNCTION("Use X instead")
{
memset(v4creds, 0, sizeof(*v4creds));
krb5_set_error_message(context, EINVAL,
@@ -81,12 +79,12 @@ krb524_convert_creds_kdc(krb5_context context,
* @ingroup krb5_v4compat
*/
-KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb524_convert_creds_kdc_ccache(krb5_context context,
krb5_ccache ccache,
krb5_creds *in_cred,
struct credentials *v4creds)
+ KRB5_DEPRECATED_FUNCTION("Use X instead")
{
memset(v4creds, 0, sizeof(*v4creds));
krb5_set_error_message(context, EINVAL,
diff --git a/source4/heimdal/lib/krb5/creds.c b/source4/heimdal/lib/krb5/creds.c
index 69aacdc032..7ef8eb9609 100644
--- a/source4/heimdal/lib/krb5/creds.c
+++ b/source4/heimdal/lib/krb5/creds.c
@@ -228,7 +228,7 @@ krb5_compare_creds(krb5_context context, krb5_flags whichfields,
match = krb5_principal_compare (context, mcreds->client,
creds->client);
}
-
+
if (match && (whichfields & KRB5_TC_MATCH_KEYTYPE))
match = mcreds->session.keytype == creds->session.keytype;
diff --git a/source4/heimdal/lib/krb5/crypto-des.c b/source4/heimdal/lib/krb5/crypto-des.c
index 1c062b5e61..63ce901d92 100644
--- a/source4/heimdal/lib/krb5/crypto-des.c
+++ b/source4/heimdal/lib/krb5/crypto-des.c
@@ -77,7 +77,9 @@ static struct _krb5_key_type keytype_des_old = {
krb5_DES_random_key,
krb5_DES_schedule_old,
_krb5_des_salt,
- krb5_DES_random_to_key
+ krb5_DES_random_to_key,
+ NULL,
+ NULL
};
static struct _krb5_key_type keytype_des = {
diff --git a/source4/heimdal/lib/krb5/crypto-des3.c b/source4/heimdal/lib/krb5/crypto-des3.c
index b61948895a..d50c5cebe2 100644
--- a/source4/heimdal/lib/krb5/crypto-des3.c
+++ b/source4/heimdal/lib/krb5/crypto-des3.c
@@ -202,7 +202,7 @@ _krb5_DES3_random_to_key(krb5_context context,
DES_cblock *k;
int i, j;
- memset(x, 0, sizeof(x));
+ memset(key->keyvalue.data, 0, key->keyvalue.length);
for (i = 0; i < 3; ++i) {
unsigned char foo;
for (j = 0; j < 7; ++j) {
diff --git a/source4/heimdal/lib/krb5/crypto-evp.c b/source4/heimdal/lib/krb5/crypto-evp.c
index 3f9cd57bbc..e8fb1caf6a 100644
--- a/source4/heimdal/lib/krb5/crypto-evp.c
+++ b/source4/heimdal/lib/krb5/crypto-evp.c
@@ -98,7 +98,7 @@ _krb5_evp_encrypt_cts(krb5_context context,
{
size_t i, blocksize;
struct _krb5_evp_schedule *ctx = key->schedule->data;
- char tmp[EVP_MAX_BLOCK_LENGTH], ivec2[EVP_MAX_BLOCK_LENGTH];
+ unsigned char tmp[EVP_MAX_BLOCK_LENGTH], ivec2[EVP_MAX_BLOCK_LENGTH];
EVP_CIPHER_CTX *c;
unsigned char *p;
@@ -142,7 +142,7 @@ _krb5_evp_encrypt_cts(krb5_context context,
if (ivec)
memcpy(ivec, p, blocksize);
} else {
- char tmp2[EVP_MAX_BLOCK_LENGTH], tmp3[EVP_MAX_BLOCK_LENGTH];
+ unsigned char tmp2[EVP_MAX_BLOCK_LENGTH], tmp3[EVP_MAX_BLOCK_LENGTH];
p = data;
if (len > blocksize * 2) {
diff --git a/source4/heimdal/lib/krb5/crypto-pk.c b/source4/heimdal/lib/krb5/crypto-pk.c
index eb783c8998..7fedb65c9e 100644
--- a/source4/heimdal/lib/krb5/crypto-pk.c
+++ b/source4/heimdal/lib/krb5/crypto-pk.c
@@ -110,7 +110,7 @@ encode_uvinfo(krb5_context context, krb5_const_principal p, krb5_data *data)
{
KRB5PrincipalName pn;
krb5_error_code ret;
- size_t size;
+ size_t size = 0;
pn.principalName = p->name;
pn.realm = p->realm;
@@ -143,7 +143,7 @@ encode_otherinfo(krb5_context context,
PkinitSuppPubInfo pubinfo;
krb5_error_code ret;
krb5_data pub;
- size_t size;
+ size_t size = 0;
krb5_data_zero(other);
memset(&otherinfo, 0, sizeof(otherinfo));
@@ -192,6 +192,8 @@ encode_otherinfo(krb5_context context,
return 0;
}
+
+
krb5_error_code
_krb5_pk_kdf(krb5_context context,
const struct AlgorithmIdentifier *ai,
@@ -211,10 +213,17 @@ _krb5_pk_kdf(krb5_context context,
size_t keylen, offset;
uint32_t counter;
unsigned char *keydata;
- unsigned char shaoutput[SHA_DIGEST_LENGTH];
+ unsigned char shaoutput[SHA512_DIGEST_LENGTH];
+ const EVP_MD *md;
EVP_MD_CTX *m;
- if (der_heim_oid_cmp(&asn1_oid_id_pkinit_kdf_ah_sha1, &ai->algorithm) != 0) {
+ if (der_heim_oid_cmp(&asn1_oid_id_pkinit_kdf_ah_sha1, &ai->algorithm) == 0) {
+ md = EVP_sha1();
+ } else if (der_heim_oid_cmp(&asn1_oid_id_pkinit_kdf_ah_sha256, &ai->algorithm) == 0) {
+ md = EVP_sha256();
+ } else if (der_heim_oid_cmp(&asn1_oid_id_pkinit_kdf_ah_sha512, &ai->algorithm) == 0) {
+ md = EVP_sha512();
+ } else {
krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
N_("KDF not supported", ""));
return KRB5_PROG_ETYPE_NOSUPP;
@@ -264,7 +273,7 @@ _krb5_pk_kdf(krb5_context context,
do {
unsigned char cdata[4];
- EVP_DigestInit_ex(m, EVP_sha1(), NULL);
+ EVP_DigestInit_ex(m, md, NULL);
_krb5_put_int(cdata, counter, 4);
EVP_DigestUpdate(m, cdata, 4);
EVP_DigestUpdate(m, dhdata, dhsize);
@@ -274,9 +283,9 @@ _krb5_pk_kdf(krb5_context context,
memcpy((unsigned char *)keydata + offset,
shaoutput,
- min(keylen - offset, sizeof(shaoutput)));
+ min(keylen - offset, EVP_MD_CTX_size(m)));
- offset += sizeof(shaoutput);
+ offset += EVP_MD_CTX_size(m);
counter++;
} while(offset < keylen);
memset(shaoutput, 0, sizeof(shaoutput));
diff --git a/source4/heimdal/lib/krb5/crypto.c b/source4/heimdal/lib/krb5/crypto.c
index 5d274e9af7..63aedc4568 100644
--- a/source4/heimdal/lib/krb5/crypto.c
+++ b/source4/heimdal/lib/krb5/crypto.c
@@ -31,8 +31,6 @@
* SUCH DAMAGE.
*/
-#define KRB5_DEPRECATED
-
#include "krb5_locl.h"
struct _krb5_key_usage {
@@ -180,7 +178,7 @@ _krb5_internal_hmac(krb5_context context,
unsigned char *ipad, *opad;
unsigned char *key;
size_t key_len;
- int i;
+ size_t i;
ipad = malloc(cm->blocksize + len);
if (ipad == NULL)
@@ -311,7 +309,7 @@ get_checksum_key(krb5_context context,
if(ct->flags & F_DERIVED)
ret = _get_derived_key(context, crypto, usage, key);
else if(ct->flags & F_VARIANT) {
- int i;
+ size_t i;
*key = _new_derived_key(crypto, 0xff/* KRB5_KU_RFC1510_VARIANT */);
if(*key == NULL) {
@@ -479,7 +477,7 @@ verify_checksum(krb5_context context,
if(ct->verify) {
ret = (*ct->verify)(context, dkey, data, len, usage, cksum);
if (ret)
- krb5_set_error_message(context, ret,
+ krb5_set_error_message(context, ret,
N_("Decrypt integrity check failed for checksum "
"type %s, key type %s", ""),
ct->name, (crypto != NULL)? crypto->et->name : "(none)");
@@ -1160,9 +1158,9 @@ decrypt_internal_special(krb5_context context,
}
static krb5_crypto_iov *
-find_iv(krb5_crypto_iov *data, int num_data, int type)
+find_iv(krb5_crypto_iov *data, size_t num_data, unsigned type)
{
- int i;
+ size_t i;
for (i = 0; i < num_data; i++)
if (data[i].flags == type)
return &data[i];
@@ -1403,11 +1401,6 @@ krb5_decrypt_iov_ivec(krb5_context context,
struct _krb5_encryption_type *et = crypto->et;
krb5_crypto_iov *tiv, *hiv;
- if (num_data < 0) {
- krb5_clear_error_message(context);
- return KRB5_CRYPTO_INTERNAL;
- }
-
if(!derived_crypto(context, crypto)) {
krb5_clear_error_message(context);
return KRB5_CRYPTO_INTERNAL;
@@ -1545,15 +1538,10 @@ krb5_create_checksum_iov(krb5_context context,
Checksum cksum;
krb5_crypto_iov *civ;
krb5_error_code ret;
- int i;
+ size_t i;
size_t len;
char *p, *q;
- if (num_data < 0) {
- krb5_clear_error_message(context);
- return KRB5_CRYPTO_INTERNAL;
- }
-
if(!derived_crypto(context, crypto)) {
krb5_clear_error_message(context);
return KRB5_CRYPTO_INTERNAL;
@@ -1629,15 +1617,10 @@ krb5_verify_checksum_iov(krb5_context context,
Checksum cksum;
krb5_crypto_iov *civ;
krb5_error_code ret;
- int i;
+ size_t i;
size_t len;
char *p, *q;
- if (num_data < 0) {
- krb5_clear_error_message(context);
- return KRB5_CRYPTO_INTERNAL;
- }
-
if(!derived_crypto(context, crypto)) {
krb5_clear_error_message(context);
return KRB5_CRYPTO_INTERNAL;
@@ -1689,7 +1672,7 @@ krb5_crypto_length(krb5_context context,
krb5_set_error_message(context, EINVAL, "not a derived crypto");
return EINVAL;
}
-
+
switch(type) {
case KRB5_CRYPTO_TYPE_EMPTY:
*len = 0;
@@ -1730,7 +1713,7 @@ krb5_crypto_length_iov(krb5_context context,
unsigned int num_data)
{
krb5_error_code ret;
- int i;
+ size_t i;
for (i = 0; i < num_data; i++) {
ret = krb5_crypto_length(context, crypto,
@@ -2120,7 +2103,7 @@ krb5_crypto_destroy(krb5_context context,
/**
* Return the blocksize used algorithm referenced by the crypto context
- *
+ *
* @param context Kerberos context
* @param crypto crypto context to query
* @param blocksize the resulting blocksize
@@ -2141,7 +2124,7 @@ krb5_crypto_getblocksize(krb5_context context,
/**
* Return the encryption type used by the crypto context
- *
+ *
* @param context Kerberos context
* @param crypto crypto context to query
* @param enctype the resulting encryption type
@@ -2162,7 +2145,7 @@ krb5_crypto_getenctype(krb5_context context,
/**
* Return the padding size used by the crypto context
- *
+ *
* @param context Kerberos context
* @param crypto crypto context to query
* @param padsize the return padding size
@@ -2183,7 +2166,7 @@ krb5_crypto_getpadsize(krb5_context context,
/**
* Return the confounder size used by the crypto context
- *
+ *
* @param context Kerberos context
* @param crypto crypto context to query
* @param confoundersize the returned confounder size
@@ -2593,12 +2576,12 @@ krb5_crypto_fx_cf2(krb5_context context,
* @ingroup krb5_deprecated
*/
-KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_keytype_to_enctypes (krb5_context context,
krb5_keytype keytype,
unsigned *len,
krb5_enctype **val)
+ KRB5_DEPRECATED_FUNCTION("Use X instead")
{
int i;
unsigned n = 0;
@@ -2640,11 +2623,11 @@ krb5_keytype_to_enctypes (krb5_context context,
*/
/* if two enctypes have compatible keys */
-KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_enctypes_compatible_keys(krb5_context context,
krb5_enctype etype1,
krb5_enctype etype2)
+ KRB5_DEPRECATED_FUNCTION("Use X instead")
{
struct _krb5_encryption_type *e1 = _krb5_find_enctype(etype1);
struct _krb5_encryption_type *e2 = _krb5_find_enctype(etype2);
diff --git a/source4/heimdal/lib/krb5/error_string.c b/source4/heimdal/lib/krb5/error_string.c
index dc2d4586a0..7a7b989b69 100644
--- a/source4/heimdal/lib/krb5/error_string.c
+++ b/source4/heimdal/lib/krb5/error_string.c
@@ -288,9 +288,9 @@ krb5_free_error_message(krb5_context context, const char *msg)
* @ingroup krb5
*/
-KRB5_DEPRECATED
KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
krb5_get_err_text(krb5_context context, krb5_error_code code)
+ KRB5_DEPRECATED_FUNCTION("Use X instead")
{
const char *p = NULL;
if(context != NULL)
diff --git a/source4/heimdal/lib/krb5/expand_path.c b/source4/heimdal/lib/krb5/expand_path.c
index 70096e1c7a..4c4898a79e 100644
--- a/source4/heimdal/lib/krb5/expand_path.c
+++ b/source4/heimdal/lib/krb5/expand_path.c
@@ -2,19 +2,19 @@
/***********************************************************************
* Copyright (c) 2009, Secure Endpoints Inc.
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
- *
+ *
* - Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
- *
+ *
* - Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
- *
+ *
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
@@ -27,7 +27,7 @@
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
- *
+ *
**********************************************************************/
#include "krb5_locl.h"
@@ -168,7 +168,7 @@ _expand_userid(krb5_context context, PTYPE param, const char *postfix, char **re
if (le != 0) {
if (context)
- krb5_set_error_message(context, rv,
+ krb5_set_error_message(context, rv,
"Can't open thread token (GLE=%d)", le);
goto _exit;
}
@@ -247,7 +247,7 @@ _expand_csidl(krb5_context context, PTYPE folder, const char *postfix, char **re
if (context)
krb5_set_error_message(context, EINVAL, "Unable to determine folder path");
return EINVAL;
- }
+ }
len = strlen(path);
@@ -464,7 +464,7 @@ _krb5_expand_path_tokens(krb5_context context,
return ENOMEM;
}
-
+
{
size_t append_len = strlen(append);
char * new_str = realloc(*ppath_out, len + append_len + 1);
diff --git a/source4/heimdal/lib/krb5/fcache.c b/source4/heimdal/lib/krb5/fcache.c
index 218bd2cdbf..731f293414 100644
--- a/source4/heimdal/lib/krb5/fcache.c
+++ b/source4/heimdal/lib/krb5/fcache.c
@@ -62,6 +62,9 @@ static const char* KRB5_CALLCONV
fcc_get_name(krb5_context context,
krb5_ccache id)
{
+ if (FCACHE(id) == NULL)
+ return NULL;
+
return FILENAME(id);
}
@@ -155,7 +158,7 @@ write_storage(krb5_context context, krb5_storage *sp, int fd)
return ret;
}
sret = write(fd, data.data, data.length);
- ret = (sret != data.length);
+ ret = (sret != (ssize_t)data.length);
krb5_data_free(&data);
if (ret) {
ret = errno;
@@ -220,7 +223,7 @@ scrub_file (int fd)
return errno;
memset(buf, 0, sizeof(buf));
while(pos > 0) {
- ssize_t tmp = write(fd, buf, min(sizeof(buf), pos));
+ ssize_t tmp = write(fd, buf, min((off_t)sizeof(buf), pos));
if (tmp < 0)
return errno;
@@ -334,11 +337,11 @@ fcc_gen_new(krb5_context context, krb5_ccache *id)
fd = mkstemp(exp_file);
if(fd < 0) {
- int ret = errno;
- krb5_set_error_message(context, ret, N_("mkstemp %s failed", ""), exp_file);
+ int xret = errno;
+ krb5_set_error_message(context, xret, N_("mkstemp %s failed", ""), exp_file);
free(f);
free(exp_file);
- return ret;
+ return xret;
}
close(fd);
f->filename = exp_file;
@@ -383,8 +386,14 @@ fcc_open(krb5_context context,
krb5_boolean exclusive = ((flags | O_WRONLY) == flags ||
(flags | O_RDWR) == flags);
krb5_error_code ret;
- const char *filename = FILENAME(id);
+ const char *filename;
int fd;
+
+ if (FCACHE(id) == NULL)
+ return krb5_einval(context, 2);
+
+ filename = FILENAME(id);
+
fd = open(filename, flags, mode);
if(fd < 0) {
char buf[128];
@@ -412,9 +421,11 @@ fcc_initialize(krb5_context context,
krb5_fcache *f = FCACHE(id);
int ret = 0;
int fd;
- char *filename = f->filename;
- unlink (filename);
+ if (f == NULL)
+ return krb5_einval(context, 2);
+
+ unlink (f->filename);
ret = fcc_open(context, id, &fd, O_RDWR | O_CREAT | O_EXCL | O_BINARY | O_CLOEXEC, 0600);
if(ret)
@@ -443,7 +454,7 @@ fcc_initialize(krb5_context context,
}
}
ret |= krb5_store_principal(sp, primary_principal);
-
+
ret |= write_storage(context, sp, fd);
krb5_storage_free(sp);
@@ -464,6 +475,9 @@ static krb5_error_code KRB5_CALLCONV
fcc_close(krb5_context context,
krb5_ccache id)
{
+ if (FCACHE(id) == NULL)
+ return krb5_einval(context, 2);
+
free (FILENAME(id));
krb5_data_free(&id->data);
return 0;
@@ -473,6 +487,9 @@ static krb5_error_code KRB5_CALLCONV
fcc_destroy(krb5_context context,
krb5_ccache id)
{
+ if (FCACHE(id) == NULL)
+ return krb5_einval(context, 2);
+
_krb5_erase_file(context, FILENAME(id));
return 0;
}
@@ -701,6 +718,9 @@ fcc_get_first (krb5_context context,
krb5_error_code ret;
krb5_principal principal;
+ if (FCACHE(id) == NULL)
+ return krb5_einval(context, 2);
+
*cursor = malloc(sizeof(struct fcc_cursor));
if (*cursor == NULL) {
krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
@@ -733,6 +753,13 @@ fcc_get_next (krb5_context context,
krb5_creds *creds)
{
krb5_error_code ret;
+
+ if (FCACHE(id) == NULL)
+ return krb5_einval(context, 2);
+
+ if (FCC_CURSOR(*cursor) == NULL)
+ return krb5_einval(context, 3);
+
if((ret = fcc_lock(context, id, FCC_CURSOR(*cursor)->fd, FALSE)) != 0)
return ret;
@@ -749,6 +776,13 @@ fcc_end_get (krb5_context context,
krb5_ccache id,
krb5_cc_cursor *cursor)
{
+
+ if (FCACHE(id) == NULL)
+ return krb5_einval(context, 2);
+
+ if (FCC_CURSOR(*cursor) == NULL)
+ return krb5_einval(context, 3);
+
krb5_storage_free(FCC_CURSOR(*cursor)->sp);
close (FCC_CURSOR(*cursor)->fd);
free(*cursor);
@@ -767,6 +801,9 @@ fcc_remove_cred(krb5_context context,
char *newname = NULL;
int fd;
+ if (FCACHE(id) == NULL)
+ return krb5_einval(context, 2);
+
ret = krb5_cc_new_unique(context, krb5_cc_type_memory, NULL, &copy);
if (ret)
return ret;
@@ -827,6 +864,9 @@ fcc_set_flags(krb5_context context,
krb5_ccache id,
krb5_flags flags)
{
+ if (FCACHE(id) == NULL)
+ return krb5_einval(context, 2);
+
return 0; /* XXX */
}
@@ -834,9 +874,12 @@ static int KRB5_CALLCONV
fcc_get_version(krb5_context context,
krb5_ccache id)
{
+ if (FCACHE(id) == NULL)
+ return -1;
+
return FCACHE(id)->version;
}
-
+
struct fcache_iter {
int first;
};
@@ -864,6 +907,9 @@ fcc_get_cache_next(krb5_context context, krb5_cc_cursor cursor, krb5_ccache *id)
const char *fn;
char *expandedfn = NULL;
+ if (iter == NULL)
+ return krb5_einval(context, 2);
+
if (!iter->first) {
krb5_clear_error_message(context);
return KRB5_CC_END;
@@ -900,6 +946,10 @@ static krb5_error_code KRB5_CALLCONV
fcc_end_cache_get(krb5_context context, krb5_cc_cursor cursor)
{
struct fcache_iter *iter = cursor;
+
+ if (iter == NULL)
+ return krb5_einval(context, 2);
+
free(iter);
return 0;
}
diff --git a/source4/heimdal/lib/krb5/get_addrs.c b/source4/heimdal/lib/krb5/get_addrs.c
index 829b2acc17..0e2bfcf66f 100644
--- a/source4/heimdal/lib/krb5/get_addrs.c
+++ b/source4/heimdal/lib/krb5/get_addrs.c
@@ -82,8 +82,8 @@ gethostname_fallback (krb5_context context, krb5_addresses *res)
}
enum {
- LOOP = 1, /* do include loopback interfaces */
- LOOP_IF_NONE = 2, /* include loopback if no other if's */
+ LOOP = 1, /* do include loopback addrs */
+ LOOP_IF_NONE = 2, /* include loopback addrs if no others */
EXTRA_ADDRESSES = 4, /* include extra addresses */
SCAN_INTERFACES = 8 /* scan interfaces for addresses */
};
@@ -146,11 +146,9 @@ find_all_addresses (krb5_context context, krb5_addresses *res, int flags)
continue;
if (krb5_sockaddr_uninteresting(ifa->ifa_addr))
continue;
- if ((ifa->ifa_flags & IFF_LOOPBACK) != 0) {
+ if (krb5_sockaddr_is_loopback(ifa->ifa_addr) && (flags & LOOP) == 0)
/* We'll deal with the LOOP_IF_NONE case later. */
- if ((flags & LOOP) == 0)
- continue;
- }
+ continue;
ret = krb5_sockaddr2address(context, ifa->ifa_addr, &res->val[idx]);
if (ret) {
@@ -189,24 +187,22 @@ find_all_addresses (krb5_context context, krb5_addresses *res, int flags)
continue;
if (krb5_sockaddr_uninteresting(ifa->ifa_addr))
continue;
-
- if ((ifa->ifa_flags & IFF_LOOPBACK) != 0) {
- ret = krb5_sockaddr2address(context,
- ifa->ifa_addr, &res->val[idx]);
- if (ret) {
- /*
- * See comment above.
- */
- continue;
- }
- if((flags & EXTRA_ADDRESSES) &&
- krb5_address_search(context, &res->val[idx],
- &ignore_addresses)) {
- krb5_free_address(context, &res->val[idx]);
- continue;
- }
- idx++;
+ if (!krb5_sockaddr_is_loopback(ifa->ifa_addr))
+ continue;
+ if ((ifa->ifa_flags & IFF_LOOPBACK) == 0)
+ /* Presumably loopback addrs are only used on loopback ifs! */
+ continue;
+ ret = krb5_sockaddr2address(context,
+ ifa->ifa_addr, &res->val[idx]);
+ if (ret)
+ continue; /* We don't consider this failure fatal */
+ if((flags & EXTRA_ADDRESSES) &&
+ krb5_address_search(context, &res->val[idx],
+ &ignore_addresses)) {
+ krb5_free_address(context, &res->val[idx]);
+ continue;
}
+ idx++;
}
}
diff --git a/source4/heimdal/lib/krb5/get_cred.c b/source4/heimdal/lib/krb5/get_cred.c
index 7f2b57247d..e3bb23a2e9 100644
--- a/source4/heimdal/lib/krb5/get_cred.c
+++ b/source4/heimdal/lib/krb5/get_cred.c
@@ -55,7 +55,7 @@ make_pa_tgs_req(krb5_context context,
{
u_char *buf;
size_t buf_size;
- size_t len;
+ size_t len = 0;
krb5_data in_data;
krb5_error_code ret;
@@ -90,7 +90,7 @@ set_auth_data (krb5_context context,
krb5_keyblock *subkey)
{
if(authdata->len) {
- size_t len, buf_size;
+ size_t len = 0, buf_size;
unsigned char *buf;
krb5_crypto crypto;
krb5_error_code ret;
@@ -166,10 +166,11 @@ init_tgs_req (krb5_context context,
}
t->req_body.etype.val[0] = in_creds->session.keytype;
} else {
- ret = krb5_init_etype(context,
- &t->req_body.etype.len,
- &t->req_body.etype.val,
- NULL);
+ ret = _krb5_init_etype(context,
+ KRB5_PDU_TGS_REQUEST,
+ &t->req_body.etype.len,
+ &t->req_body.etype.val,
+ NULL);
}
if (ret)
goto fail;
@@ -235,7 +236,7 @@ init_tgs_req (krb5_context context,
goto fail;
}
{
- int i;
+ size_t i;
for (i = 0; i < padata->len; i++) {
ret = copy_PA_DATA(&padata->val[i], &t->padata->val[i + 1]);
if (ret) {
@@ -249,16 +250,16 @@ init_tgs_req (krb5_context context,
ret = krb5_auth_con_init(context, &ac);
if(ret)
goto fail;
-
+
ret = krb5_auth_con_generatelocalsubkey(context, ac, &krbtgt->session);
if (ret)
goto fail;
-
+
ret = set_auth_data (context, &t->req_body, &in_creds->authdata,
ac->local_subkey);
if (ret)
goto fail;
-
+
ret = make_pa_tgs_req(context,
ac,
&t->req_body,
@@ -334,6 +335,8 @@ decrypt_tkt_with_subkey (krb5_context context,
assert(usage == 0);
+ krb5_data_zero(&data);
+
/*
* start out with trying with subkey if we have one
*/
@@ -383,7 +386,7 @@ decrypt_tkt_with_subkey (krb5_context context,
&dec_rep->enc_part,
&size);
if (ret)
- krb5_set_error_message(context, ret,
+ krb5_set_error_message(context, ret,
N_("Failed to decode encpart in ticket", ""));
krb5_data_free (&data);
return ret;
@@ -408,7 +411,7 @@ get_cred_kdc(krb5_context context,
krb5_error_code ret;
unsigned nonce;
krb5_keyblock *subkey = NULL;
- size_t len;
+ size_t len = 0;
Ticket second_ticket_data;
METHOD_DATA padata;
@@ -435,12 +438,12 @@ get_cred_kdc(krb5_context context,
PA_S4U2Self self;
krb5_data data;
void *buf;
- size_t size;
+ size_t size = 0;
self.name = impersonate_principal->name;
self.realm = impersonate_principal->realm;
self.auth = estrdup("Kerberos");
-
+
ret = _krb5_s4u2self_to_checksumdata(context, &self, &data);
if (ret) {
free(self.auth);
@@ -475,7 +478,7 @@ get_cred_kdc(krb5_context context,
goto out;
if (len != size)
krb5_abortx(context, "internal asn1 error");
-
+
ret = krb5_padata_add(context, &padata, KRB5_PADATA_FOR_USER, buf, len);
if (ret)
goto out;
@@ -609,7 +612,7 @@ get_cred_kdc_address(krb5_context context,
krb5_appdefault_boolean(context, NULL, krbtgt->server->realm,
"no-addresses", FALSE, &noaddr);
-
+
if (!noaddr) {
krb5_get_all_client_addrs(context, &addresses);
/* XXX this sucks. */
@@ -734,7 +737,7 @@ get_cred_kdc_capath_worker(krb5_context context,
krb5_creds *in_creds,
krb5_const_realm try_realm,
krb5_principal impersonate_principal,
- Ticket *second_ticket,
+ Ticket *second_ticket,
krb5_creds **out_creds,
krb5_creds ***ret_tgts)
{
@@ -809,7 +812,7 @@ get_cred_kdc_capath_worker(krb5_context context,
krb5_free_principal(context, tmp_creds.client);
return ret;
}
- /*
+ /*
* if either of the chain or the ok_as_delegate was stripped
* by the kdc, make sure we strip it too.
*/
@@ -842,7 +845,7 @@ get_cred_kdc_capath_worker(krb5_context context,
return ret;
}
}
-
+
krb5_free_principal(context, tmp_creds.server);
krb5_free_principal(context, tmp_creds.client);
*out_creds = calloc(1, sizeof(**out_creds));
@@ -860,7 +863,7 @@ get_cred_kdc_capath_worker(krb5_context context,
}
krb5_free_creds(context, tgt);
return ret;
-}
+}
/*
get_cred(server)
@@ -883,7 +886,7 @@ get_cred_kdc_capath(krb5_context context,
krb5_ccache ccache,
krb5_creds *in_creds,
krb5_principal impersonate_principal,
- Ticket *second_ticket,
+ Ticket *second_ticket,
krb5_creds **out_creds,
krb5_creds ***ret_tgts)
{
@@ -918,7 +921,7 @@ get_cred_kdc_referral(krb5_context context,
krb5_ccache ccache,
krb5_creds *in_creds,
krb5_principal impersonate_principal,
- Ticket *second_ticket,
+ Ticket *second_ticket,
krb5_creds **out_creds,
krb5_creds ***ret_tgts)
{
@@ -946,7 +949,7 @@ get_cred_kdc_referral(krb5_context context,
/* find tgt for the clients base realm */
{
krb5_principal tgtname;
-
+
ret = krb5_make_principal(context, &tgtname,
client_realm,
KRB5_TGS_NAME,
@@ -954,7 +957,7 @@ get_cred_kdc_referral(krb5_context context,
NULL);
if(ret)
return ret;
-
+
ret = find_cred(context, ccache, tgtname, *ret_tgts, &tgt);
krb5_free_principal(context, tgtname);
if (ret)
@@ -1032,9 +1035,9 @@ get_cred_kdc_referral(krb5_context context,
goto out;
}
tickets++;
- }
+ }
- /*
+ /*
* if either of the chain or the ok_as_delegate was stripped
* by the kdc, make sure we strip it too.
*/
@@ -1080,7 +1083,7 @@ _krb5_get_cred_kdc_any(krb5_context context,
krb5_ccache ccache,
krb5_creds *in_creds,
krb5_principal impersonate_principal,
- Ticket *second_ticket,
+ Ticket *second_ticket,
krb5_creds **out_creds,
krb5_creds ***ret_tgts)
{
@@ -1165,7 +1168,7 @@ krb5_get_credentials_with_flags(krb5_context context,
*out_creds = res_creds;
return 0;
}
-
+
krb5_timeofday(context, &timeret);
if(res_creds->times.endtime > timeret) {
*out_creds = res_creds;
@@ -1382,7 +1385,7 @@ krb5_get_creds(krb5_context context,
krb5_free_principal(context, in_creds.client);
goto out;
}
-
+
krb5_timeofday(context, &timeret);
if(res_creds->times.endtime > timeret) {
*out_creds = res_creds;
@@ -1467,7 +1470,7 @@ krb5_get_renewed_creds(krb5_context context,
}
} else {
const char *realm = krb5_principal_get_realm(context, client);
-
+
ret = krb5_make_principal(context, &in.server, realm, KRB5_TGS_NAME,
realm, NULL);
if (ret) {
diff --git a/source4/heimdal/lib/krb5/get_default_principal.c b/source4/heimdal/lib/krb5/get_default_principal.c
index ba4301ce29..44baa6d1c2 100644
--- a/source4/heimdal/lib/krb5/get_default_principal.c
+++ b/source4/heimdal/lib/krb5/get_default_principal.c
@@ -76,7 +76,7 @@ _krb5_get_default_principal_local (krb5_context context,
else
ret = krb5_make_principal(context, princ, NULL, "root", NULL);
} else {
- struct passwd *pw = getpwuid(uid);
+ struct passwd *pw = getpwuid(uid);
if(pw != NULL)
user = pw->pw_name;
else {
diff --git a/source4/heimdal/lib/krb5/get_for_creds.c b/source4/heimdal/lib/krb5/get_for_creds.c
index a109c71326..979fc9b0ae 100644
--- a/source4/heimdal/lib/krb5/get_for_creds.c
+++ b/source4/heimdal/lib/krb5/get_for_creds.c
@@ -225,7 +225,7 @@ krb5_get_forwarded_creds (krb5_context context,
if (!noaddr)
paddrs = &addrs;
}
-
+
/*
* If tickets have addresses, get the address of the remote host.
*/
@@ -241,7 +241,7 @@ krb5_get_forwarded_creds (krb5_context context,
hostname, gai_strerror(ret));
return ret2;
}
-
+
ret = add_addrs (context, &addrs, ai);
freeaddrinfo (ai);
if (ret)
@@ -287,9 +287,9 @@ krb5_get_forwarded_creds (krb5_context context,
if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) {
krb5_timestamp sec;
int32_t usec;
-
+
krb5_us_timeofday (context, &sec, &usec);
-
+
ALLOC(enc_krb_cred_part.timestamp, 1);
if (enc_krb_cred_part.timestamp == NULL) {
ret = ENOMEM;
@@ -418,7 +418,7 @@ krb5_get_forwarded_creds (krb5_context context,
* used. Heimdal 0.7.2 and newer have code to try both in the
* receiving end.
*/
-
+
ret = krb5_crypto_init(context, auth_context->keyblock, 0, &crypto);
if (ret) {
free(buf);
diff --git a/source4/heimdal/lib/krb5/get_host_realm.c b/source4/heimdal/lib/krb5/get_host_realm.c
index 7aee02734b..ed7f54b3d6 100644
--- a/source4/heimdal/lib/krb5/get_host_realm.c
+++ b/source4/heimdal/lib/krb5/get_host_realm.c
@@ -109,7 +109,7 @@ dns_find_realm(krb5_context context,
domain++;
for (i = 0; labels[i] != NULL; i++) {
ret = snprintf(dom, sizeof(dom), "%s.%s.", labels[i], domain);
- if(ret < 0 || ret >= sizeof(dom)) {
+ if(ret < 0 || (size_t)ret >= sizeof(dom)) {
if (config_labels)
krb5_config_free_strings(config_labels);
return -1;
diff --git a/source4/heimdal/lib/krb5/get_in_tkt.c b/source4/heimdal/lib/krb5/get_in_tkt.c
index 15cbfba89d..27f4964e61 100644
--- a/source4/heimdal/lib/krb5/get_in_tkt.c
+++ b/source4/heimdal/lib/krb5/get_in_tkt.c
@@ -31,8 +31,6 @@
* SUCH DAMAGE.
*/
-#define KRB5_DEPRECATED
-
#include "krb5_locl.h"
#ifndef HEIMDAL_SMALLER
@@ -44,7 +42,7 @@ make_pa_enc_timestamp(krb5_context context, PA_DATA *pa,
PA_ENC_TS_ENC p;
unsigned char *buf;
size_t buf_size;
- size_t len;
+ size_t len = 0;
EncryptedData encdata;
krb5_error_code ret;
int32_t usec;
@@ -76,7 +74,7 @@ make_pa_enc_timestamp(krb5_context context, PA_DATA *pa,
krb5_crypto_destroy(context, crypto);
if (ret)
return ret;
-
+
ASN1_MALLOC_ENCODE(EncryptedData, buf, buf_size, &encdata, &len, ret);
free_EncryptedData(&encdata);
if (ret)
@@ -103,7 +101,7 @@ add_padata(krb5_context context,
PA_DATA *pa2;
krb5_salt salt2;
krb5_enctype *ep;
- int i;
+ size_t i;
if(salt == NULL) {
/* default to standard salt */
@@ -209,7 +207,8 @@ init_as_req (krb5_context context,
*a->req_body.rtime = creds->times.renew_till;
}
a->req_body.nonce = nonce;
- ret = krb5_init_etype (context,
+ ret = _krb5_init_etype(context,
+ KRB5_PDU_AS_REQUEST,
&a->req_body.etype.len,
&a->req_body.etype.val,
etypes);
@@ -247,7 +246,7 @@ init_as_req (krb5_context context,
a->req_body.additional_tickets = NULL;
if(preauth != NULL) {
- int i;
+ size_t i;
ALLOC(a->padata, 1);
if(a->padata == NULL) {
ret = ENOMEM;
@@ -258,7 +257,7 @@ init_as_req (krb5_context context,
a->padata->len = 0;
for(i = 0; i < preauth->len; i++) {
if(preauth->val[i].type == KRB5_PADATA_ENC_TIMESTAMP){
- int j;
+ size_t j;
for(j = 0; j < preauth->val[i].info.len; j++) {
krb5_salt *sp = &salt;
@@ -300,7 +299,7 @@ init_as_req (krb5_context context,
add_padata(context, a->padata, creds->client,
key_proc, keyseed, a->req_body.etype.val,
a->req_body.etype.len, NULL);
-
+
/* make a v4 salted pa-data */
salt.salttype = KRB5_PW_SALT;
krb5_data_zero(&salt.saltvalue);
@@ -331,7 +330,7 @@ set_ptypes(krb5_context context,
if(error->e_data) {
METHOD_DATA md;
- int i;
+ size_t i;
decode_METHOD_DATA(error->e_data->data,
error->e_data->length,
&md,
@@ -361,7 +360,6 @@ set_ptypes(krb5_context context,
return(1);
}
-KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_in_cred(krb5_context context,
krb5_flags options,
@@ -375,12 +373,13 @@ krb5_get_in_cred(krb5_context context,
krb5_const_pointer decryptarg,
krb5_creds *creds,
krb5_kdc_rep *ret_as_reply)
+ KRB5_DEPRECATED_FUNCTION("Use X instead")
{
krb5_error_code ret;
AS_REQ a;
krb5_kdc_rep rep;
krb5_data req, resp;
- size_t len;
+ size_t len = 0;
krb5_salt salt;
krb5_keyblock *key;
size_t size;
@@ -483,12 +482,12 @@ krb5_get_in_cred(krb5_context context,
if(pa) {
salt.salttype = pa->padata_type;
salt.saltvalue = pa->padata_value;
-
+
ret = (*key_proc)(context, etype, salt, keyseed, &key);
} else {
/* make a v5 salted pa-data */
ret = krb5_get_pw_salt (context, creds->client, &salt);
-
+
if (ret)
goto out;
ret = (*key_proc)(context, etype, salt, keyseed, &key);
@@ -496,7 +495,7 @@ krb5_get_in_cred(krb5_context context,
}
if (ret)
goto out;
-
+
{
unsigned flags = EXTRACT_TICKET_TIMESYNC;
if (opts.request_anonymous)
@@ -526,7 +525,6 @@ out:
return ret;
}
-KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_in_tkt(krb5_context context,
krb5_flags options,
@@ -540,6 +538,7 @@ krb5_get_in_tkt(krb5_context context,
krb5_creds *creds,
krb5_ccache ccache,
krb5_kdc_rep *ret_as_reply)
+ KRB5_DEPRECATED_FUNCTION("Use X instead")
{
krb5_error_code ret;
diff --git a/source4/heimdal/lib/krb5/heim_err.et b/source4/heimdal/lib/krb5/heim_err.et
index 2e8a0d18d8..c47f77092f 100644
--- a/source4/heimdal/lib/krb5/heim_err.et
+++ b/source4/heimdal/lib/krb5/heim_err.et
@@ -19,6 +19,7 @@ error_code BAD_MKEY, "Failed to get the master key"
error_code SERVICE_NOMATCH, "Unacceptable service used"
error_code NOT_SEEKABLE, "File descriptor not seekable"
error_code TOO_BIG, "Offset too large"
+error_code BAD_HDBENT_ENCODING, "Invalid HDB entry encoding"
index 64
prefix HEIM_PKINIT
diff --git a/source4/heimdal/lib/krb5/init_creds.c b/source4/heimdal/lib/krb5/init_creds.c
index f555c724ed..25bef0f340 100644
--- a/source4/heimdal/lib/krb5/init_creds.c
+++ b/source4/heimdal/lib/krb5/init_creds.c
@@ -61,14 +61,14 @@ krb5_get_init_creds_opt_alloc(krb5_context context,
*opt = NULL;
o = calloc(1, sizeof(*o));
if (o == NULL) {
- krb5_set_error_message(context, ENOMEM,
+ krb5_set_error_message(context, ENOMEM,
N_("malloc: out of memory", ""));
return ENOMEM;
}
o->opt_private = calloc(1, sizeof(*o->opt_private));
if (o->opt_private == NULL) {
- krb5_set_error_message(context, ENOMEM,
+ krb5_set_error_message(context, ENOMEM,
N_("malloc: out of memory", ""));
free(o);
return ENOMEM;
@@ -402,9 +402,9 @@ krb5_get_init_creds_opt_set_process_last_req(krb5_context context,
* @ingroup krb5_deprecated
*/
-KRB5_DEPRECATED
KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_get_init_creds_opt_init(krb5_get_init_creds_opt *opt)
+ KRB5_DEPRECATED_FUNCTION("Use X instead")
{
memset (opt, 0, sizeof(*opt));
}
@@ -416,11 +416,11 @@ krb5_get_init_creds_opt_init(krb5_get_init_creds_opt *opt)
* @ingroup krb5_deprecated
*/
-KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_init_creds_opt_get_error(krb5_context context,
krb5_get_init_creds_opt *opt,
KRB_ERROR **error)
+ KRB5_DEPRECATED_FUNCTION("Use X instead")
{
*error = calloc(1, sizeof(**error));
if (*error == NULL) {
diff --git a/source4/heimdal/lib/krb5/init_creds_pw.c b/source4/heimdal/lib/krb5/init_creds_pw.c
index 29b882d053..f2185628e5 100644
--- a/source4/heimdal/lib/krb5/init_creds_pw.c
+++ b/source4/heimdal/lib/krb5/init_creds_pw.c
@@ -71,7 +71,7 @@ typedef struct krb5_get_init_creds_ctx {
KRB_ERROR error;
AS_REP as_rep;
EncKDCRepPart enc_part;
-
+
krb5_prompter_fct prompter;
void *prompter_data;
@@ -313,14 +313,14 @@ process_last_request(krb5_context context,
if (lr->val[i].lr_value <= t) {
switch (abs(lr->val[i].lr_type)) {
case LR_PW_EXPTIME :
- report_expiration(context, ctx->prompter,
+ report_expiration(context, ctx->prompter,
ctx->prompter_data,
"Your password will expire at ",
lr->val[i].lr_value);
reported = TRUE;
break;
case LR_ACCT_EXPTIME :
- report_expiration(context, ctx->prompter,
+ report_expiration(context, ctx->prompter,
ctx->prompter_data,
"Your account will expire at ",
lr->val[i].lr_value);
@@ -333,7 +333,7 @@ process_last_request(krb5_context context,
if (!reported
&& ctx->enc_part.key_expiration
&& *ctx->enc_part.key_expiration <= t) {
- report_expiration(context, ctx->prompter,
+ report_expiration(context, ctx->prompter,
ctx->prompter_data,
"Your password/account will expire at ",
*ctx->enc_part.key_expiration);
@@ -367,7 +367,7 @@ get_init_creds_common(krb5_context context,
if (options->opt_private) {
if (options->opt_private->password) {
- ret = krb5_init_creds_set_password(context, ctx,
+ ret = krb5_init_creds_set_password(context, ctx,
options->opt_private->password);
if (ret)
goto out;
@@ -384,7 +384,7 @@ get_init_creds_common(krb5_context context,
ctx->keyproc = default_s2k_func;
/* Enterprise name implicitly turns on canonicalize */
- if ((ctx->ic_flags & KRB5_INIT_CREDS_CANONICALIZE) ||
+ if ((ctx->ic_flags & KRB5_INIT_CREDS_CANONICALIZE) ||
krb5_principal_get_type(context, client) == KRB5_NT_ENTERPRISE_PRINCIPAL)
ctx->flags.canonicalize = 1;
@@ -671,7 +671,8 @@ init_as_req (krb5_context context,
*a->req_body.rtime = creds->times.renew_till;
}
a->req_body.nonce = 0;
- ret = krb5_init_etype (context,
+ ret = _krb5_init_etype(context,
+ KRB5_PDU_AS_REQUEST,
&a->req_body.etype.len,
&a->req_body.etype.val,
etypes);
@@ -759,7 +760,7 @@ pa_etype_info2(krb5_context context,
krb5_error_code ret;
ETYPE_INFO2 e;
size_t sz;
- int i, j;
+ size_t i, j;
memset(&e, 0, sizeof(e));
ret = decode_ETYPE_INFO2(data->data, data->length, &e, &sz);
@@ -808,7 +809,7 @@ pa_etype_info(krb5_context context,
krb5_error_code ret;
ETYPE_INFO e;
size_t sz;
- int i, j;
+ size_t i, j;
memset(&e, 0, sizeof(e));
ret = decode_ETYPE_INFO(data->data, data->length, &e, &sz);
@@ -889,9 +890,9 @@ static struct pa_info pa_prefs[] = {
};
static PA_DATA *
-find_pa_data(const METHOD_DATA *md, int type)
+find_pa_data(const METHOD_DATA *md, unsigned type)
{
- int i;
+ size_t i;
if (md == NULL)
return NULL;
for (i = 0; i < md->len; i++)
@@ -908,7 +909,7 @@ process_pa_info(krb5_context context,
METHOD_DATA *md)
{
struct pa_info_data *p = NULL;
- int i;
+ size_t i;
for (i = 0; p == NULL && i < sizeof(pa_prefs)/sizeof(pa_prefs[0]); i++) {
PA_DATA *pa = find_pa_data(md, pa_prefs[i].type);
@@ -928,7 +929,7 @@ make_pa_enc_timestamp(krb5_context context, METHOD_DATA *md,
PA_ENC_TS_ENC p;
unsigned char *buf;
size_t buf_size;
- size_t len;
+ size_t len = 0;
EncryptedData encdata;
krb5_error_code ret;
int32_t usec;
@@ -989,7 +990,7 @@ add_enc_ts_padata(krb5_context context,
krb5_error_code ret;
krb5_salt salt2;
krb5_enctype *ep;
- int i;
+ size_t i;
if(salt == NULL) {
/* default to standard salt */
@@ -1109,7 +1110,7 @@ pa_data_add_pac_request(krb5_context context,
krb5_get_init_creds_ctx *ctx,
METHOD_DATA *md)
{
- size_t len, length;
+ size_t len = 0, length;
krb5_error_code ret;
PA_PAC_REQUEST req;
void *buf;
@@ -1179,14 +1180,14 @@ process_pa_data_to_md(krb5_context context,
_krb5_debug(context, 5, "krb5_get_init_creds: "
"prepareing PKINIT padata (%s)",
(ctx->used_pa_types & USED_PKINIT_W2K) ? "win2k" : "ietf");
-
+
if (ctx->used_pa_types & USED_PKINIT_W2K) {
krb5_set_error_message(context, KRB5_GET_IN_TKT_LOOP,
"Already tried pkinit, looping");
return KRB5_GET_IN_TKT_LOOP;
}
- ret = pa_data_to_md_pkinit(context, a, creds->client,
+ ret = pa_data_to_md_pkinit(context, a, creds->client,
(ctx->used_pa_types & USED_PKINIT),
ctx, *out_md);
if (ret)
@@ -1526,14 +1527,14 @@ krb5_init_creds_set_keytab(krb5_context context,
krb5_error_code ret;
size_t netypes = 0;
int kvno = 0;
-
+
a = malloc(sizeof(*a));
if (a == NULL) {
krb5_set_error_message(context, ENOMEM,
N_("malloc: out of memory", ""));
return ENOMEM;
}
-
+
a->principal = ctx->cred.client;
a->keytab = keytab;
@@ -1568,7 +1569,7 @@ krb5_init_creds_set_keytab(krb5_context context,
kvno = entry.vno;
} else if (entry.vno != kvno)
goto next;
-
+
/* check if enctype is supported */
if (krb5_enctype_valid(context, entry.keyblock.keytype) != 0)
goto next;
@@ -1619,7 +1620,7 @@ krb5_init_creds_set_keyblock(krb5_context context,
/**
* The core loop if krb5_get_init_creds() function family. Create the
- * packets and have the caller send them off to the KDC.
+ * packets and have the caller send them off to the KDC.
*
* If the caller want all work been done for them, use
* krb5_init_creds_get() instead.
@@ -1647,7 +1648,7 @@ krb5_init_creds_step(krb5_context context,
unsigned int *flags)
{
krb5_error_code ret;
- size_t len;
+ size_t len = 0;
size_t size;
krb5_data_zero(out);
@@ -1768,13 +1769,13 @@ krb5_init_creds_step(krb5_context context,
"options send by KDC", ""));
}
} else if (ret == KRB5KRB_AP_ERR_SKEW && context->kdc_sec_offset == 0) {
- /*
+ /*
* Try adapt to timeskrew when we are using pre-auth, and
* if there was a time skew, try again.
*/
krb5_set_real_time(context, ctx->error.stime, -1);
if (context->kdc_sec_offset)
- ret = 0;
+ ret = 0;
_krb5_debug(context, 10, "init_creds: err skew updateing kdc offset to %d",
context->kdc_sec_offset);
@@ -1793,7 +1794,7 @@ krb5_init_creds_step(krb5_context context,
"krb5_get_init_creds: got referal to realm %s",
*ctx->error.crealm);
- ret = krb5_principal_set_realm(context,
+ ret = krb5_principal_set_realm(context,
ctx->cred.client,
*ctx->error.crealm);
@@ -1934,7 +1935,7 @@ krb5_init_creds_get(krb5_context context, krb5_init_creds_context ctx)
if ((flags & 1) == 0)
break;
- ret = krb5_sendto_context (context, stctx, &out,
+ ret = krb5_sendto_context (context, stctx, &out,
ctx->cred.client->realm, &in);
if (ret)
goto out;
@@ -2013,7 +2014,7 @@ krb5_get_init_creds_password(krb5_context context,
}
ret = krb5_init_creds_get(context, ctx);
-
+
if (ret == 0)
process_last_request(context, options, ctx);
diff --git a/source4/heimdal/lib/krb5/kcm.c b/source4/heimdal/lib/krb5/kcm.c
index 1fe15d8064..5a28b5138b 100644
--- a/source4/heimdal/lib/krb5/kcm.c
+++ b/source4/heimdal/lib/krb5/kcm.c
@@ -157,7 +157,7 @@ kcm_alloc(krb5_context context, const char *name, krb5_ccache *id)
}
} else
k->name = NULL;
-
+
(*id)->data.data = k;
(*id)->data.length = sizeof(*k);
@@ -554,7 +554,7 @@ kcm_get_first (krb5_context context,
c = calloc(1, sizeof(*c));
if (c == NULL) {
ret = ENOMEM;
- krb5_set_error_message(context, ret,
+ krb5_set_error_message(context, ret,
N_("malloc: out of memory", ""));
return ret;
}
@@ -577,7 +577,7 @@ kcm_get_first (krb5_context context,
if (ptr == NULL) {
free(c->uuids);
free(c);
- krb5_set_error_message(context, ENOMEM,
+ krb5_set_error_message(context, ENOMEM,
N_("malloc: out of memory", ""));
return ENOMEM;
}
@@ -637,7 +637,7 @@ kcm_get_next (krb5_context context,
return ret;
}
- sret = krb5_storage_write(request,
+ sret = krb5_storage_write(request,
&c->uuids[c->offset],
sizeof(c->uuids[c->offset]));
c->offset++;
@@ -789,7 +789,7 @@ kcm_get_cache_first(krb5_context context, krb5_cc_cursor *cursor)
c = calloc(1, sizeof(*c));
if (c == NULL) {
ret = ENOMEM;
- krb5_set_error_message(context, ret,
+ krb5_set_error_message(context, ret,
N_("malloc: out of memory", ""));
goto out;
}
@@ -820,7 +820,7 @@ kcm_get_cache_first(krb5_context context, krb5_cc_cursor *cursor)
ptr = realloc(c->uuids, sizeof(c->uuids[0]) * (c->length + 1));
if (ptr == NULL) {
ret = ENOMEM;
- krb5_set_error_message(context, ret,
+ krb5_set_error_message(context, ret,
N_("malloc: out of memory", ""));
goto out;
}
@@ -837,7 +837,7 @@ kcm_get_cache_first(krb5_context context, krb5_cc_cursor *cursor)
if (ret && c) {
free(c->uuids);
free(c);
- } else
+ } else
*cursor = c;
return ret;
@@ -869,7 +869,7 @@ kcm_get_cache_next(krb5_context context, krb5_cc_cursor cursor, const krb5_cc_op
if (ret)
return ret;
- sret = krb5_storage_write(request,
+ sret = krb5_storage_write(request,
&c->uuids[c->offset],
sizeof(c->uuids[c->offset]));
c->offset++;
@@ -956,14 +956,14 @@ kcm_move(krb5_context context, krb5_ccache from, krb5_ccache to)
}
static krb5_error_code
-kcm_get_default_name(krb5_context context, const krb5_cc_ops *ops,
+kcm_get_default_name(krb5_context context, const krb5_cc_ops *ops,
const char *defstr, char **str)
{
krb5_error_code ret;
krb5_storage *request, *response;
krb5_data response_data;
char *name;
-
+
*str = NULL;
ret = krb5_kcm_storage_request(context, KCM_OP_GET_DEFAULT_CACHE, &request);
@@ -1039,7 +1039,7 @@ kcm_set_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat kdc_offset)
krb5_kcmcache *k = KCMCACHE(id);
krb5_error_code ret;
krb5_storage *request;
-
+
ret = krb5_kcm_storage_request(context, KCM_OP_SET_KDC_OFFSET, &request);
if (ret)
return ret;
@@ -1069,7 +1069,7 @@ kcm_get_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat *kdc_offset
krb5_storage *request, *response;
krb5_data response_data;
int32_t offset;
-
+
ret = krb5_kcm_storage_request(context, KCM_OP_GET_KDC_OFFSET, &request);
if (ret)
return ret;
@@ -1155,11 +1155,13 @@ KRB5_LIB_VARIABLE const krb5_cc_ops krb5_akcm_ops = {
kcm_move,
kcm_get_default_name_api,
kcm_set_default,
- kcm_lastchange
+ kcm_lastchange,
+ NULL,
+ NULL
};
-krb5_boolean
+KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
_krb5_kcm_is_running(krb5_context context)
{
krb5_error_code ret;
@@ -1184,7 +1186,7 @@ _krb5_kcm_is_running(krb5_context context)
* Response:
*
*/
-krb5_error_code
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_kcm_noop(krb5_context context,
krb5_ccache id)
{
@@ -1212,7 +1214,7 @@ _krb5_kcm_noop(krb5_context context,
* Repsonse:
*
*/
-krb5_error_code
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_kcm_get_initial_ticket(krb5_context context,
krb5_ccache id,
krb5_principal server,
@@ -1269,7 +1271,7 @@ _krb5_kcm_get_initial_ticket(krb5_context context,
* Repsonse:
*
*/
-krb5_error_code
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_kcm_get_ticket(krb5_context context,
krb5_ccache id,
krb5_kdc_flags flags,
diff --git a/source4/heimdal/lib/krb5/keyblock.c b/source4/heimdal/lib/krb5/keyblock.c
index f34a5c4f90..9ba9c4b290 100644
--- a/source4/heimdal/lib/krb5/keyblock.c
+++ b/source4/heimdal/lib/krb5/keyblock.c
@@ -131,7 +131,7 @@ krb5_copy_keyblock (krb5_context context,
{
krb5_error_code ret;
krb5_keyblock *k;
-
+
*to = NULL;
k = calloc (1, sizeof(*k));
diff --git a/source4/heimdal/lib/krb5/keytab.c b/source4/heimdal/lib/krb5/keytab.c
index 96c0bce273..8ca515f213 100644
--- a/source4/heimdal/lib/krb5/keytab.c
+++ b/source4/heimdal/lib/krb5/keytab.c
@@ -50,7 +50,7 @@
*
* A keytab name is on the form type:residual. The residual part is
* specific to each keytab-type.
- *
+ *
* When a keytab-name is resolved, the type is matched with an internal
* list of keytab types. If there is no matching keytab type,
* the default keytab is used. The current default type is FILE.
@@ -60,7 +60,7 @@
* [defaults]default_keytab_name.
*
* The keytab types that are implemented in Heimdal are:
- * - file
+ * - file
* store the keytab in a file, the type's name is FILE . The
* residual part is a filename. For compatibility with other
* Kerberos implemtation WRFILE and JAVA14 is also accepted. WRFILE
@@ -166,29 +166,27 @@ krb5_kt_register(krb5_context context,
}
static const char *
-keytab_name(const char * name, const char ** ptype, size_t * ptype_len)
+keytab_name(const char *name, const char **type, size_t *type_len)
{
- const char * residual;
+ const char *residual;
residual = strchr(name, ':');
- if (residual == NULL
-
+ if (residual == NULL ||
+ name[0] == '/'
#ifdef _WIN32
-
/* Avoid treating <drive>:<path> as a keytab type
* specification */
-
|| name + 1 == residual
#endif
) {
- *ptype = "FILE";
- *ptype_len = strlen(*ptype);
+ *type = "FILE";
+ *type_len = strlen(*type);
residual = name;
} else {
- *ptype = name;
- *ptype_len = residual - name;
+ *type = name;
+ *type_len = residual - name;
residual++;
}
@@ -439,7 +437,7 @@ krb5_kt_get_full_name(krb5_context context,
char type[KRB5_KT_PREFIX_MAX_LEN];
char name[MAXPATHLEN];
krb5_error_code ret;
-
+
*str = NULL;
ret = krb5_kt_get_type(context, keytab, type, sizeof(type));
@@ -568,16 +566,16 @@ _krb5_kt_principal_not_found(krb5_context context,
{
char princ[256], kvno_str[25], *kt_name;
char *enctype_str = NULL;
-
+
krb5_unparse_name_fixed (context, principal, princ, sizeof(princ));
krb5_kt_get_full_name (context, id, &kt_name);
krb5_enctype_to_string(context, enctype, &enctype_str);
-
+
if (kvno)
snprintf(kvno_str, sizeof(kvno_str), "(kvno %d)", kvno);
else
kvno_str[0] = '\0';
-
+
krb5_set_error_message (context, ret,
N_("Failed to find %s%s in keytab %s (%s)",
"principal, kvno, keytab file, enctype"),
@@ -850,3 +848,46 @@ krb5_kt_remove_entry(krb5_context context,
}
return (*id->remove)(context, id, entry);
}
+
+/**
+ * Return true if the keytab exists and have entries
+ *
+ * @param context a Keberos context.
+ * @param id a keytab.
+ *
+ * @return Return an error code or 0, see krb5_get_error_message().
+ *
+ * @ingroup krb5_keytab
+ */
+
+KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
+krb5_kt_have_content(krb5_context context,
+ krb5_keytab id)
+{
+ krb5_keytab_entry entry;
+ krb5_kt_cursor cursor;
+ krb5_error_code ret;
+ char *name;
+
+ ret = krb5_kt_start_seq_get(context, id, &cursor);
+ if (ret)
+ goto notfound;
+
+ ret = krb5_kt_next_entry(context, id, &entry, &cursor);
+ krb5_kt_end_seq_get(context, id, &cursor);
+ if (ret)
+ goto notfound;
+
+ krb5_kt_free_entry(context, &entry);
+
+ return 0;
+
+ notfound:
+ ret = krb5_kt_get_full_name(context, id, &name);
+ if (ret == 0) {
+ krb5_set_error_message(context, KRB5_KT_NOTFOUND,
+ N_("No entry in keytab: %s", ""), name);
+ free(name);
+ }
+ return KRB5_KT_NOTFOUND;
+}
diff --git a/source4/heimdal/lib/krb5/keytab_file.c b/source4/heimdal/lib/krb5/keytab_file.c
index 2b9ea7f11d..ccaf62fcb4 100644
--- a/source4/heimdal/lib/krb5/keytab_file.c
+++ b/source4/heimdal/lib/krb5/keytab_file.c
@@ -101,7 +101,7 @@ krb5_kt_store_data(krb5_context context,
if(ret < 0)
return ret;
ret = krb5_storage_write(sp, data.data, data.length);
- if(ret != data.length){
+ if(ret != (int)data.length){
if(ret < 0)
return errno;
return KRB5_KT_END;
@@ -119,7 +119,7 @@ krb5_kt_store_string(krb5_storage *sp,
if(ret < 0)
return ret;
ret = krb5_storage_write(sp, data, len);
- if(ret != len){
+ if(ret != (int)len){
if(ret < 0)
return errno;
return KRB5_KT_END;
@@ -182,7 +182,7 @@ krb5_kt_ret_principal(krb5_context context,
krb5_storage *sp,
krb5_principal *princ)
{
- int i;
+ size_t i;
int ret;
krb5_principal p;
int16_t len;
@@ -262,7 +262,7 @@ krb5_kt_store_principal(krb5_context context,
krb5_storage *sp,
krb5_principal p)
{
- int i;
+ size_t i;
int ret;
if(krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS))
@@ -536,7 +536,7 @@ fkt_setup_keytab(krb5_context context,
id->version = KRB5_KT_VNO;
return krb5_store_int8 (sp, id->version);
}
-
+
static krb5_error_code KRB5_CALLCONV
fkt_add_entry(krb5_context context,
krb5_keytab id,
@@ -699,7 +699,7 @@ fkt_add_entry(krb5_context context,
}
if(len < 0) {
len = -len;
- if(len >= keytab.length) {
+ if(len >= (int)keytab.length) {
krb5_storage_seek(sp, -4, SEEK_CUR);
break;
}
@@ -749,8 +749,9 @@ fkt_remove_entry(krb5_context context,
krb5_store_int32(cursor.sp, -len);
memset(buf, 0, sizeof(buf));
while(len > 0) {
- krb5_storage_write(cursor.sp, buf, min(len, sizeof(buf)));
- len -= min(len, sizeof(buf));
+ krb5_storage_write(cursor.sp, buf,
+ min((size_t)len, sizeof(buf)));
+ len -= min((size_t)len, sizeof(buf));
}
}
krb5_kt_free_entry(context, &e);
diff --git a/source4/heimdal/lib/krb5/keytab_keyfile.c b/source4/heimdal/lib/krb5/keytab_keyfile.c
index 28bbaeee8c..ea74c32780 100644
--- a/source4/heimdal/lib/krb5/keytab_keyfile.c
+++ b/source4/heimdal/lib/krb5/keytab_keyfile.c
@@ -348,7 +348,7 @@ akf_add_entry(krb5_context context,
strerror(ret));
return ret;
}
-
+
ret = krb5_ret_int32(sp, &len);
if(ret) {
krb5_storage_free(sp);
@@ -387,7 +387,7 @@ akf_add_entry(krb5_context context,
}
len++;
-
+
if(krb5_storage_seek(sp, 0, SEEK_SET) < 0) {
ret = errno;
krb5_set_error_message (context, ret,
@@ -395,7 +395,7 @@ akf_add_entry(krb5_context context,
strerror(ret));
goto out;
}
-
+
ret = krb5_store_int32(sp, len);
if(ret) {
ret = errno;
@@ -410,7 +410,7 @@ akf_add_entry(krb5_context context,
N_("seek to end: %s", ""), strerror(ret));
goto out;
}
-
+
ret = krb5_store_int32(sp, entry->vno);
if(ret) {
krb5_set_error_message(context, ret,
diff --git a/source4/heimdal/lib/krb5/krb5.h b/source4/heimdal/lib/krb5/krb5.h
index 8d671e3d36..2224b92e95 100644
--- a/source4/heimdal/lib/krb5/krb5.h
+++ b/source4/heimdal/lib/krb5/krb5.h
@@ -53,16 +53,6 @@
#define KRB5KDC_ERR_KEY_EXP KRB5KDC_ERR_KEY_EXPIRED
#endif
-#ifndef KRB5_DEPRECATED
-#if defined(__GNUC__) && ((__GNUC__ > 3) || ((__GNUC__ == 3) && (__GNUC_MINOR__ >= 1 )))
-#define KRB5_DEPRECATED __attribute__((deprecated))
-#elif defined(_MSC_VER) && (_MSC_VER>1200)
-#define KRB5_DEPRECATED __declspec(deprecated)
-#else
-#define KRB5_DEPRECATED
-#endif
-#endif
-
#ifdef _WIN32
#define KRB5_CALLCONV __stdcall
#else
@@ -128,28 +118,69 @@ typedef struct krb5_enc_data {
/* alternative names */
enum {
- ENCTYPE_NULL = ETYPE_NULL,
- ENCTYPE_DES_CBC_CRC = ETYPE_DES_CBC_CRC,
- ENCTYPE_DES_CBC_MD4 = ETYPE_DES_CBC_MD4,
- ENCTYPE_DES_CBC_MD5 = ETYPE_DES_CBC_MD5,
- ENCTYPE_DES3_CBC_MD5 = ETYPE_DES3_CBC_MD5,
- ENCTYPE_OLD_DES3_CBC_SHA1 = ETYPE_OLD_DES3_CBC_SHA1,
- ENCTYPE_SIGN_DSA_GENERATE = ETYPE_SIGN_DSA_GENERATE,
- ENCTYPE_ENCRYPT_RSA_PRIV = ETYPE_ENCRYPT_RSA_PRIV,
- ENCTYPE_ENCRYPT_RSA_PUB = ETYPE_ENCRYPT_RSA_PUB,
- ENCTYPE_DES3_CBC_SHA1 = ETYPE_DES3_CBC_SHA1,
- ENCTYPE_AES128_CTS_HMAC_SHA1_96 = ETYPE_AES128_CTS_HMAC_SHA1_96,
- ENCTYPE_AES256_CTS_HMAC_SHA1_96 = ETYPE_AES256_CTS_HMAC_SHA1_96,
- ENCTYPE_ARCFOUR_HMAC = ETYPE_ARCFOUR_HMAC_MD5,
- ENCTYPE_ARCFOUR_HMAC_MD5 = ETYPE_ARCFOUR_HMAC_MD5,
- ENCTYPE_ARCFOUR_HMAC_MD5_56 = ETYPE_ARCFOUR_HMAC_MD5_56,
- ENCTYPE_ENCTYPE_PK_CROSS = ETYPE_ENCTYPE_PK_CROSS,
- ENCTYPE_DES_CBC_NONE = ETYPE_DES_CBC_NONE,
- ENCTYPE_DES3_CBC_NONE = ETYPE_DES3_CBC_NONE,
- ENCTYPE_DES_CFB64_NONE = ETYPE_DES_CFB64_NONE,
- ENCTYPE_DES_PCBC_NONE = ETYPE_DES_PCBC_NONE
+ ENCTYPE_NULL = KRB5_ENCTYPE_NULL,
+ ENCTYPE_DES_CBC_CRC = KRB5_ENCTYPE_DES_CBC_CRC,
+ ENCTYPE_DES_CBC_MD4 = KRB5_ENCTYPE_DES_CBC_MD4,
+ ENCTYPE_DES_CBC_MD5 = KRB5_ENCTYPE_DES_CBC_MD5,
+ ENCTYPE_DES3_CBC_MD5 = KRB5_ENCTYPE_DES3_CBC_MD5,
+ ENCTYPE_OLD_DES3_CBC_SHA1 = KRB5_ENCTYPE_OLD_DES3_CBC_SHA1,
+ ENCTYPE_SIGN_DSA_GENERATE = KRB5_ENCTYPE_SIGN_DSA_GENERATE,
+ ENCTYPE_ENCRYPT_RSA_PRIV = KRB5_ENCTYPE_ENCRYPT_RSA_PRIV,
+ ENCTYPE_ENCRYPT_RSA_PUB = KRB5_ENCTYPE_ENCRYPT_RSA_PUB,
+ ENCTYPE_DES3_CBC_SHA1 = KRB5_ENCTYPE_DES3_CBC_SHA1,
+ ENCTYPE_AES128_CTS_HMAC_SHA1_96 = KRB5_ENCTYPE_AES128_CTS_HMAC_SHA1_96,
+ ENCTYPE_AES256_CTS_HMAC_SHA1_96 = KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+ ENCTYPE_ARCFOUR_HMAC = KRB5_ENCTYPE_ARCFOUR_HMAC_MD5,
+ ENCTYPE_ARCFOUR_HMAC_MD5 = KRB5_ENCTYPE_ARCFOUR_HMAC_MD5,
+ ENCTYPE_ARCFOUR_HMAC_MD5_56 = KRB5_ENCTYPE_ARCFOUR_HMAC_MD5_56,
+ ENCTYPE_ENCTYPE_PK_CROSS = KRB5_ENCTYPE_ENCTYPE_PK_CROSS,
+ ENCTYPE_DES_CBC_NONE = KRB5_ENCTYPE_DES_CBC_NONE,
+ ENCTYPE_DES3_CBC_NONE = KRB5_ENCTYPE_DES3_CBC_NONE,
+ ENCTYPE_DES_CFB64_NONE = KRB5_ENCTYPE_DES_CFB64_NONE,
+ ENCTYPE_DES_PCBC_NONE = KRB5_ENCTYPE_DES_PCBC_NONE,
+ ETYPE_NULL = KRB5_ENCTYPE_NULL,
+ ETYPE_DES_CBC_CRC = KRB5_ENCTYPE_DES_CBC_CRC,
+ ETYPE_DES_CBC_MD4 = KRB5_ENCTYPE_DES_CBC_MD4,
+ ETYPE_DES_CBC_MD5 = KRB5_ENCTYPE_DES_CBC_MD5,
+ ETYPE_DES3_CBC_MD5 = KRB5_ENCTYPE_DES3_CBC_MD5,
+ ETYPE_OLD_DES3_CBC_SHA1 = KRB5_ENCTYPE_OLD_DES3_CBC_SHA1,
+ ETYPE_SIGN_DSA_GENERATE = KRB5_ENCTYPE_SIGN_DSA_GENERATE,
+ ETYPE_ENCRYPT_RSA_PRIV = KRB5_ENCTYPE_ENCRYPT_RSA_PRIV,
+ ETYPE_ENCRYPT_RSA_PUB = KRB5_ENCTYPE_ENCRYPT_RSA_PUB,
+ ETYPE_DES3_CBC_SHA1 = KRB5_ENCTYPE_DES3_CBC_SHA1,
+ ETYPE_AES128_CTS_HMAC_SHA1_96 = KRB5_ENCTYPE_AES128_CTS_HMAC_SHA1_96,
+ ETYPE_AES256_CTS_HMAC_SHA1_96 = KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+ ETYPE_ARCFOUR_HMAC_MD5 = KRB5_ENCTYPE_ARCFOUR_HMAC_MD5,
+ ETYPE_ARCFOUR_HMAC_MD5_56 = KRB5_ENCTYPE_ARCFOUR_HMAC_MD5_56,
+ ETYPE_ENCTYPE_PK_CROSS = KRB5_ENCTYPE_ENCTYPE_PK_CROSS,
+ ETYPE_ARCFOUR_MD4 = KRB5_ENCTYPE_ARCFOUR_MD4,
+ ETYPE_ARCFOUR_HMAC_OLD = KRB5_ENCTYPE_ARCFOUR_HMAC_OLD,
+ ETYPE_ARCFOUR_HMAC_OLD_EXP = KRB5_ENCTYPE_ARCFOUR_HMAC_OLD_EXP,
+ ETYPE_DES_CBC_NONE = KRB5_ENCTYPE_DES_CBC_NONE,
+ ETYPE_DES3_CBC_NONE = KRB5_ENCTYPE_DES3_CBC_NONE,
+ ETYPE_DES_CFB64_NONE = KRB5_ENCTYPE_DES_CFB64_NONE,
+ ETYPE_DES_PCBC_NONE = KRB5_ENCTYPE_DES_PCBC_NONE,
+ ETYPE_DIGEST_MD5_NONE = KRB5_ENCTYPE_DIGEST_MD5_NONE,
+ ETYPE_CRAM_MD5_NONE = KRB5_ENCTYPE_CRAM_MD5_NONE
+
};
+/* PDU types */
+typedef enum krb5_pdu {
+ KRB5_PDU_ERROR = 0,
+ KRB5_PDU_TICKET = 1,
+ KRB5_PDU_AS_REQUEST = 2,
+ KRB5_PDU_AS_REPLY = 3,
+ KRB5_PDU_TGS_REQUEST = 4,
+ KRB5_PDU_TGS_REPLY = 5,
+ KRB5_PDU_AP_REQUEST = 6,
+ KRB5_PDU_AP_REPLY = 7,
+ KRB5_PDU_KRB_SAFE = 8,
+ KRB5_PDU_KRB_PRIV = 9,
+ KRB5_PDU_KRB_CRED = 10,
+ KRB5_PDU_NONE = 11 /* See krb5_get_permitted_enctypes() */
+} krb5_pdu;
+
typedef PADATA_TYPE krb5_preauthtype;
typedef enum krb5_key_usage {
diff --git a/source4/heimdal/lib/krb5/krb5_locl.h b/source4/heimdal/lib/krb5/krb5_locl.h
index bdd725e9ea..d0c68927ff 100644
--- a/source4/heimdal/lib/krb5/krb5_locl.h
+++ b/source4/heimdal/lib/krb5/krb5_locl.h
@@ -188,6 +188,12 @@ struct _krb5_krb_auth_data;
#define ALLOC(X, N) (X) = calloc((N), sizeof(*(X)))
#define ALLOC_SEQ(X, N) do { (X)->len = (N); ALLOC((X)->val, (N)); } while(0)
+#ifndef __func__
+#define __func__ "unknown-function"
+#endif
+
+#define krb5_einval(context, argnum) _krb5_einval((context), __func__, (argnum))
+
#ifndef PATH_SEP
#define PATH_SEP ":"
#endif
@@ -240,9 +246,14 @@ struct _krb5_get_init_creds_opt_private {
} lr;
};
+typedef uint32_t krb5_enctype_set;
+
typedef struct krb5_context_data {
krb5_enctype *etypes;
- krb5_enctype *etypes_des;
+ krb5_enctype *etypes_des;/* deprecated */
+ krb5_enctype *as_etypes;
+ krb5_enctype *tgs_etypes;
+ krb5_enctype *permitted_enctypes;
char **default_realms;
time_t max_skew;
time_t kdc_timeout;
diff --git a/source4/heimdal/lib/krb5/krbhst.c b/source4/heimdal/lib/krb5/krbhst.c
index 7d11157848..3242cdb999 100644
--- a/source4/heimdal/lib/krb5/krbhst.c
+++ b/source4/heimdal/lib/krb5/krbhst.c
@@ -123,7 +123,7 @@ srv_find_realm(krb5_context context, krb5_krbhst_info ***res, int *count,
(*res)[num_srv++] = hi;
hi->proto = proto_num;
-
+
hi->def_port = def_port;
if (port != 0)
hi->port = port;
@@ -134,7 +134,7 @@ srv_find_realm(krb5_context context, krb5_krbhst_info ***res, int *count,
}
*count = num_srv;
-
+
rk_dns_free_data(r);
return 0;
}
@@ -508,7 +508,7 @@ fallback_get_hosts(krb5_context context, struct krb5_krbhst_data *kd,
ret = asprintf(&host, "%s.%s.", serv_string, kd->realm);
else
ret = asprintf(&host, "%s-%d.%s.",
- serv_string, kd->fallback_count, kd->realm);
+ serv_string, kd->fallback_count, kd->realm);
if (ret < 0 || host == NULL)
return ENOMEM;
@@ -605,7 +605,7 @@ plugin_get_hosts(krb5_context context,
service = _krb5_plugin_get_symbol(e);
if (service->minor_version != 0)
continue;
-
+
(*service->init)(context, &ctx);
ret = (*service->lookup)(ctx, type, kd->realm, 0, 0, add_locate, kd);
(*service->fini)(ctx);
diff --git a/source4/heimdal/lib/krb5/log.c b/source4/heimdal/lib/krb5/log.c
index ca0756fdb9..4b289afd80 100644
--- a/source4/heimdal/lib/krb5/log.c
+++ b/source4/heimdal/lib/krb5/log.c
@@ -501,7 +501,7 @@ _krb5_debug(krb5_context context,
if (context == NULL || context->debug_dest == NULL)
return;
-
+
va_start(ap, fmt);
krb5_vlog(context, context->debug_dest, level, fmt, ap);
va_end(ap);
diff --git a/source4/heimdal/lib/krb5/mcache.c b/source4/heimdal/lib/krb5/mcache.c
index 19e6b2345e..e4b90c17e7 100644
--- a/source4/heimdal/lib/krb5/mcache.c
+++ b/source4/heimdal/lib/krb5/mcache.c
@@ -220,7 +220,7 @@ mcc_destroy(krb5_context context,
l = m->creds;
while (l != NULL) {
struct link *old;
-
+
krb5_free_cred_contents (context, &l->cred);
old = l;
l = l->next;
@@ -347,7 +347,7 @@ mcc_set_flags(krb5_context context,
{
return 0; /* XXX */
}
-
+
struct mcache_iter {
krb5_mcache *cache;
};
diff --git a/source4/heimdal/lib/krb5/misc.c b/source4/heimdal/lib/krb5/misc.c
index f90624cfca..ac6720c4e9 100644
--- a/source4/heimdal/lib/krb5/misc.c
+++ b/source4/heimdal/lib/krb5/misc.c
@@ -32,6 +32,9 @@
*/
#include "krb5_locl.h"
+#ifdef HAVE_EXECINFO_H
+#include <execinfo.h>
+#endif
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_s4u2self_to_checksumdata(krb5_context context,
@@ -42,7 +45,7 @@ _krb5_s4u2self_to_checksumdata(krb5_context context,
krb5_ssize_t ssize;
krb5_storage *sp;
size_t size;
- int i;
+ size_t i;
sp = krb5_storage_emem();
if (sp == NULL) {
@@ -56,20 +59,20 @@ _krb5_s4u2self_to_checksumdata(krb5_context context,
for (i = 0; i < self->name.name_string.len; i++) {
size = strlen(self->name.name_string.val[i]);
ssize = krb5_storage_write(sp, self->name.name_string.val[i], size);
- if (ssize != size) {
+ if (ssize != (krb5_ssize_t)size) {
ret = ENOMEM;
goto out;
}
}
size = strlen(self->realm);
ssize = krb5_storage_write(sp, self->realm, size);
- if (ssize != size) {
+ if (ssize != (krb5_ssize_t)size) {
ret = ENOMEM;
goto out;
}
size = strlen(self->auth);
ssize = krb5_storage_write(sp, self->auth, size);
- if (ssize != size) {
+ if (ssize != (krb5_ssize_t)size) {
ret = ENOMEM;
goto out;
}
@@ -89,3 +92,37 @@ krb5_enomem(krb5_context context)
krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
return ENOMEM;
}
+
+void
+_krb5_debug_backtrace(krb5_context context)
+{
+#if defined(HAVE_BACKTRACE) && !defined(HEIMDAL_SMALLER)
+ void *stack[128];
+ char **strs = NULL;
+ int i, frames = backtrace(stack, sizeof(stack) / sizeof(stack[0]));
+ if (frames > 0)
+ strs = backtrace_symbols(stack, frames);
+ if (strs) {
+ for (i = 0; i < frames; i++)
+ _krb5_debug(context, 10, "frame %d: %s", i, strs[i]);
+ free(strs);
+ }
+#endif
+}
+
+krb5_error_code
+_krb5_einval(krb5_context context, const char *func, unsigned long argn)
+{
+#ifndef HEIMDAL_SMALLER
+ krb5_set_error_message(context, EINVAL,
+ N_("programmer error: invalid argument to %s argument %lu",
+ "function:line"),
+ func, argn);
+ if (_krb5_have_debug(context, 10)) {
+ _krb5_debug(context, 10, "invalid argument to function %s argument %lu",
+ func, argn);
+ _krb5_debug_backtrace(context);
+ }
+#endif
+ return EINVAL;
+}
diff --git a/source4/heimdal/lib/krb5/mit_glue.c b/source4/heimdal/lib/krb5/mit_glue.c
index 93489b607b..803a5bf289 100644
--- a/source4/heimdal/lib/krb5/mit_glue.c
+++ b/source4/heimdal/lib/krb5/mit_glue.c
@@ -31,8 +31,6 @@
* SUCH DAMAGE.
*/
-#define KRB5_DEPRECATED
-
#include "krb5_locl.h"
#ifndef HEIMDAL_SMALLER
@@ -226,7 +224,7 @@ krb5_c_decrypt(krb5_context context,
krb5_crypto_destroy(context, crypto);
return ret;
}
-
+
if (blocksize > ivec->length) {
krb5_crypto_destroy(context, crypto);
return KRB5_BAD_MSIZE;
@@ -316,12 +314,12 @@ krb5_c_encrypt_length(krb5_context context,
* @ingroup krb5_deprecated
*/
-KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_c_enctype_compare(krb5_context context,
krb5_enctype e1,
krb5_enctype e2,
krb5_boolean *similar)
+ KRB5_DEPRECATED_FUNCTION("Use X instead")
{
*similar = (e1 == e2);
return 0;
diff --git a/source4/heimdal/lib/krb5/mk_error.c b/source4/heimdal/lib/krb5/mk_error.c
index a837b5e290..5fee1d6bed 100644
--- a/source4/heimdal/lib/krb5/mk_error.c
+++ b/source4/heimdal/lib/krb5/mk_error.c
@@ -48,7 +48,7 @@ krb5_mk_error(krb5_context context,
KRB_ERROR msg;
krb5_timestamp sec;
int32_t usec;
- size_t len;
+ size_t len = 0;
krb5_error_code ret = 0;
krb5_us_timeofday (context, &sec, &usec);
@@ -75,7 +75,8 @@ krb5_mk_error(krb5_context context,
msg.realm = server->realm;
msg.sname = server->name;
}else{
- msg.realm = "<unspecified realm>";
+ static char unspec[] = "<unspecified realm>";
+ msg.realm = unspec;
}
if(client){
msg.crealm = &client->realm;
diff --git a/source4/heimdal/lib/krb5/mk_priv.c b/source4/heimdal/lib/krb5/mk_priv.c
index 833821341d..dede6d2fa4 100644
--- a/source4/heimdal/lib/krb5/mk_priv.c
+++ b/source4/heimdal/lib/krb5/mk_priv.c
@@ -45,7 +45,7 @@ krb5_mk_priv(krb5_context context,
EncKrbPrivPart part;
u_char *buf = NULL;
size_t buf_size;
- size_t len;
+ size_t len = 0;
krb5_crypto crypto;
krb5_keyblock *key;
krb5_replay_data rdata;
diff --git a/source4/heimdal/lib/krb5/mk_rep.c b/source4/heimdal/lib/krb5/mk_rep.c
index 2b9c3fbdbb..84c315291c 100644
--- a/source4/heimdal/lib/krb5/mk_rep.c
+++ b/source4/heimdal/lib/krb5/mk_rep.c
@@ -43,7 +43,7 @@ krb5_mk_rep(krb5_context context,
EncAPRepPart body;
u_char *buf = NULL;
size_t buf_size;
- size_t len;
+ size_t len = 0;
krb5_crypto crypto;
ap.pvno = 5;
diff --git a/source4/heimdal/lib/krb5/n-fold.c b/source4/heimdal/lib/krb5/n-fold.c
index f94a1ea125..2e6092c5ca 100644
--- a/source4/heimdal/lib/krb5/n-fold.c
+++ b/source4/heimdal/lib/krb5/n-fold.c
@@ -64,7 +64,7 @@ rr13(unsigned char *buf, size_t len)
/* byte offset and shift count */
b1 = bb / 8;
s1 = bb % 8;
-
+
if(bb + 8 > bytes * 8)
/* watch for wraparound */
s2 = (len + 8 - s1) % 8;
diff --git a/source4/heimdal/lib/krb5/pac.c b/source4/heimdal/lib/krb5/pac.c
index 046a89cc6a..f4caaddc26 100644
--- a/source4/heimdal/lib/krb5/pac.c
+++ b/source4/heimdal/lib/krb5/pac.c
@@ -106,7 +106,7 @@ HMAC_MD5_any_checksum(krb5_context context,
ret = _krb5_HMAC_MD5_checksum(context, &local_key, data, len, usage, result);
if (ret)
krb5_data_free(&result->checksum);
-
+
krb5_free_keyblock(context, local_key.key);
return ret;
}
@@ -464,7 +464,7 @@ verify_checksum(krb5_context context,
goto out;
}
ret = krb5_storage_read(sp, cksum.checksum.data, cksum.checksum.length);
- if (ret != cksum.checksum.length) {
+ if (ret != (int)cksum.checksum.length) {
ret = EINVAL;
krb5_set_error_message(context, ret, "PAC checksum missing checksum");
goto out;
@@ -546,7 +546,7 @@ create_checksum(krb5_context context,
* http://blogs.msdn.com/b/openspecification/archive/2010/01/01/verifying-the-server-signature-in-kerberos-privilege-account-certificate.aspx
* for Microsoft's explaination */
- if (cksumtype == CKSUMTYPE_HMAC_MD5) {
+ if (cksumtype == (uint32_t)CKSUMTYPE_HMAC_MD5) {
ret = HMAC_MD5_any_checksum(context, key, data, datalen,
KRB5_KU_OTHER_CKSUM, &cksum);
} else {
@@ -748,7 +748,7 @@ build_logon_name(krb5_context context,
ret = krb5_storage_write(sp, s2, len * 2);
free(s2);
- if (ret != len * 2) {
+ if (ret != (int)(len * 2)) {
ret = krb5_enomem(context);
goto out;
}
@@ -932,7 +932,8 @@ _krb5_pac_sign(krb5_context context,
size_t server_size, priv_size;
uint32_t server_offset = 0, priv_offset = 0;
uint32_t server_cksumtype = 0, priv_cksumtype = 0;
- int i, num = 0;
+ int num = 0;
+ size_t i;
krb5_data logon, d;
krb5_data_zero(&logon);
@@ -1049,7 +1050,7 @@ _krb5_pac_sign(krb5_context context,
end += len;
e = ((end + PAC_ALIGNMENT - 1) / PAC_ALIGNMENT) * PAC_ALIGNMENT;
- if (end != e) {
+ if ((int32_t)end != e) {
CHECK(ret, fill_zeros(context, spdata, e - end), out);
}
end = e;
@@ -1066,7 +1067,7 @@ _krb5_pac_sign(krb5_context context,
goto out;
}
ret = krb5_storage_write(sp, d.data, d.length);
- if (ret != d.length) {
+ if (ret != (int)d.length) {
krb5_data_free(&d);
ret = krb5_enomem(context);
goto out;
diff --git a/source4/heimdal/lib/krb5/padata.c b/source4/heimdal/lib/krb5/padata.c
index 98420a7332..babe22cb38 100644
--- a/source4/heimdal/lib/krb5/padata.c
+++ b/source4/heimdal/lib/krb5/padata.c
@@ -36,8 +36,8 @@
KRB5_LIB_FUNCTION PA_DATA * KRB5_LIB_CALL
krb5_find_padata(PA_DATA *val, unsigned len, int type, int *idx)
{
- for(; *idx < len; (*idx)++)
- if(val[*idx].padata_type == type)
+ for(; *idx < (int)len; (*idx)++)
+ if(val[*idx].padata_type == (unsigned)type)
return val + *idx;
return NULL;
}
diff --git a/source4/heimdal/lib/krb5/pkinit.c b/source4/heimdal/lib/krb5/pkinit.c
index 7a8502727e..1103a17807 100644
--- a/source4/heimdal/lib/krb5/pkinit.c
+++ b/source4/heimdal/lib/krb5/pkinit.c
@@ -188,7 +188,8 @@ find_cert(krb5_context context, struct krb5_pk_identity *id,
{ "MS EKU" },
{ "any (or no)" }
};
- int i, ret, start = 1;
+ int ret = HX509_CERT_NOT_FOUND;
+ size_t i, start = 1;
unsigned oids[] = { 1, 2, 840, 113635, 100, 3, 2, 1 };
const heim_oid mobileMe = { sizeof(oids)/sizeof(oids[0]), oids };
@@ -298,8 +299,8 @@ cert2epi(hx509_context context, void *ctx, hx509_cert c)
{
IssuerAndSerialNumber iasn;
hx509_name issuer;
- size_t size;
-
+ size_t size = 0;
+
memset(&iasn, 0, sizeof(iasn));
ret = hx509_cert_get_issuer(c, &issuer);
@@ -314,7 +315,7 @@ cert2epi(hx509_context context, void *ctx, hx509_cert c)
free_ExternalPrincipalIdentifier(&id);
return ret;
}
-
+
ret = hx509_cert_get_serialnumber(c, &iasn.serialNumber);
if (ret) {
free_IssuerAndSerialNumber(&iasn);
@@ -364,7 +365,7 @@ build_auth_pack(krb5_context context,
const KDC_REQ_BODY *body,
AuthPack *a)
{
- size_t buf_size, len;
+ size_t buf_size, len = 0;
krb5_error_code ret;
void *buf;
krb5_timestamp sec;
@@ -413,7 +414,7 @@ build_auth_pack(krb5_context context,
const char *moduli_file;
unsigned long dh_min_bits;
krb5_data dhbuf;
- size_t size;
+ size_t size = 0;
krb5_data_zero(&dhbuf);
@@ -433,7 +434,7 @@ build_auth_pack(krb5_context context,
ret = _krb5_parse_moduli(context, moduli_file, &ctx->m);
if (ret)
return ret;
-
+
ctx->u.dh = DH_new();
if (ctx->u.dh == NULL) {
krb5_set_error_message(context, ENOMEM,
@@ -483,9 +484,9 @@ build_auth_pack(krb5_context context,
&a->clientPublicValue->algorithm.algorithm);
if (ret)
return ret;
-
+
memset(&dp, 0, sizeof(dp));
-
+
ret = BN_to_integer(context, dh->p, &dp.p);
if (ret) {
free_DomainParameters(&dp);
@@ -503,14 +504,14 @@ build_auth_pack(krb5_context context,
}
dp.j = NULL;
dp.validationParms = NULL;
-
+
a->clientPublicValue->algorithm.parameters =
malloc(sizeof(*a->clientPublicValue->algorithm.parameters));
if (a->clientPublicValue->algorithm.parameters == NULL) {
free_DomainParameters(&dp);
return ret;
}
-
+
ASN1_MALLOC_ENCODE(DomainParameters,
a->clientPublicValue->algorithm.parameters->data,
a->clientPublicValue->algorithm.parameters->length,
@@ -520,11 +521,11 @@ build_auth_pack(krb5_context context,
return ret;
if (size != a->clientPublicValue->algorithm.parameters->length)
krb5_abortx(context, "Internal ASN1 encoder error");
-
+
ret = BN_to_integer(context, dh->pub_key, &dh_pub_key);
if (ret)
return ret;
-
+
ASN1_MALLOC_ENCODE(DHPublicKey, dhbuf.data, dhbuf.length,
&dh_pub_key, &size, ret);
der_free_heim_integer(&dh_pub_key);
@@ -536,7 +537,7 @@ build_auth_pack(krb5_context context,
#ifdef HAVE_OPENSSL
ECParameters ecp;
unsigned char *p;
- int len;
+ int xlen;
/* copy in public key, XXX find the best curve that the server support or use the clients curve if possible */
@@ -551,13 +552,13 @@ build_auth_pack(krb5_context context,
free_ECParameters(&ecp);
return ENOMEM;
}
- ASN1_MALLOC_ENCODE(ECParameters, p, len, &ecp, &size, ret);
+ ASN1_MALLOC_ENCODE(ECParameters, p, xlen, &ecp, &size, ret);
free_ECParameters(&ecp);
if (ret)
return ret;
- if (size != len)
+ if ((int)size != xlen)
krb5_abortx(context, "asn1 internal error");
-
+
a->clientPublicValue->algorithm.parameters->data = p;
a->clientPublicValue->algorithm.parameters->length = size;
@@ -578,18 +579,18 @@ build_auth_pack(krb5_context context,
/* encode onto dhkey */
- len = i2o_ECPublicKey(ctx->u.eckey, NULL);
- if (len <= 0)
+ xlen = i2o_ECPublicKey(ctx->u.eckey, NULL);
+ if (xlen <= 0)
abort();
- dhbuf.data = malloc(len);
+ dhbuf.data = malloc(xlen);
if (dhbuf.data == NULL)
abort();
- dhbuf.length = len;
+ dhbuf.length = xlen;
p = dhbuf.data;
- len = i2o_ECPublicKey(ctx->u.eckey, &p);
- if (len <= 0)
+ xlen = i2o_ECPublicKey(ctx->u.eckey, &p);
+ if (xlen <= 0)
abort();
/* XXX verify that this is right with RFC3279 */
@@ -601,13 +602,14 @@ build_auth_pack(krb5_context context,
a->clientPublicValue->subjectPublicKey.length = dhbuf.length * 8;
a->clientPublicValue->subjectPublicKey.data = dhbuf.data;
}
-
+
{
a->supportedCMSTypes = calloc(1, sizeof(*a->supportedCMSTypes));
if (a->supportedCMSTypes == NULL)
return ENOMEM;
- ret = hx509_crypto_available(context->hx509ctx, HX509_SELECT_ALL, NULL,
+ ret = hx509_crypto_available(context->hx509ctx, HX509_SELECT_ALL,
+ ctx->id->cert,
&a->supportedCMSTypes->val,
&a->supportedCMSTypes->len);
if (ret)
@@ -648,10 +650,10 @@ pk_mk_padata(krb5_context context,
{
struct ContentInfo content_info;
krb5_error_code ret;
- const heim_oid *oid;
- size_t size;
+ const heim_oid *oid = NULL;
+ size_t size = 0;
krb5_data buf, sd_buf;
- int pa_type;
+ int pa_type = -1;
krb5_data_zero(&buf);
krb5_data_zero(&sd_buf);
@@ -698,7 +700,7 @@ pk_mk_padata(krb5_context context,
oid = &asn1_oid_id_pkcs7_data;
} else if (ctx->type == PKINIT_27) {
AuthPack ap;
-
+
memset(&ap, 0, sizeof(ap));
ret = build_auth_pack(context, nonce, ctx, req_body, &ap);
@@ -755,7 +757,7 @@ pk_mk_padata(krb5_context context,
pa_type = KRB5_PADATA_PK_AS_REQ;
memset(&req, 0, sizeof(req));
- req.signedAuthPack = buf;
+ req.signedAuthPack = buf;
if (ctx->trustedCertifiers) {
@@ -926,7 +928,7 @@ pk_verify_sign(krb5_context context,
ret = ENOMEM;
goto out;
}
-
+
ret = hx509_get_one_cert(context->hx509ctx, signer_certs, &(*signer)->cert);
if (ret) {
pk_copy_error(context, context->hx509ctx, ret,
@@ -968,7 +970,7 @@ get_reply_key_win(krb5_context context,
return ret;
}
- if (key_pack.nonce != nonce) {
+ if ((unsigned)key_pack.nonce != nonce) {
krb5_set_error_message(context, ret,
N_("PKINIT enckey nonce is wrong", ""));
free_ReplyKeyPack_Win2k(&key_pack);
@@ -1081,7 +1083,7 @@ pk_verify_host(krb5_context context,
}
if (ctx->require_krbtgt_otherName) {
hx509_octet_string_list list;
- int i;
+ size_t i;
ret = hx509_cert_find_subjectAltName_otherName(context->hx509ctx,
host->cert,
@@ -1203,9 +1205,9 @@ pk_rd_pa_reply_enckey(krb5_context context,
size_t ph = 1 + der_length_len(content.length);
unsigned char *ptr = malloc(content.length + ph);
size_t l;
-
+
memcpy(ptr + ph, content.data, content.length);
-
+
ret = der_put_length_and_tag (ptr + ph - 1, ph, content.length,
ASN1_C_UNIV, CONS, UT_Sequence, &l);
if (ret)
@@ -1424,7 +1426,7 @@ pk_rd_pa_reply_dh(krb5_context context,
krb5_set_error_message(context, ret, N_("malloc: out of memory", ""));
goto out;
}
-
+
dh_gen_keylen = DH_compute_key(dh_gen_key, kdc_dh_pubkey, ctx->u.dh);
if (dh_gen_keylen == -1) {
ret = KRB5KRB_ERR_GENERIC;
@@ -1433,7 +1435,7 @@ pk_rd_pa_reply_dh(krb5_context context,
N_("PKINIT: Can't compute Diffie-Hellman key", ""));
goto out;
}
- if (dh_gen_keylen < size) {
+ if (dh_gen_keylen < (int)size) {
size -= dh_gen_keylen;
memmove(dh_gen_key + size, dh_gen_key, dh_gen_keylen);
memset(dh_gen_key, 0, size);
@@ -1488,7 +1490,7 @@ pk_rd_pa_reply_dh(krb5_context context,
ret = EINVAL;
#endif
}
-
+
if (dh_gen_keylen <= 0) {
ret = EINVAL;
krb5_set_error_message(context, ret,
@@ -1555,7 +1557,7 @@ _krb5_pk_rd_pa_reply(krb5_context context,
PA_PK_AS_REP rep;
heim_octet_string os, data;
heim_oid oid;
-
+
if (pa->padata_type != KRB5_PADATA_PK_AS_REP) {
krb5_set_error_message(context, EINVAL,
N_("PKINIT: wrong padata recv", ""));
@@ -1585,7 +1587,7 @@ _krb5_pk_rd_pa_reply(krb5_context context,
PA_PK_AS_REP_BTMM btmm;
free_PA_PK_AS_REP(&rep);
memset(&rep, 0, sizeof(rep));
-
+
_krb5_debug(context, 5, "krb5_get_init_creds: using BTMM kinit enc reply key");
ret = decode_PA_PK_AS_REP_BTMM(pa->padata_value.data,
@@ -1661,7 +1663,7 @@ _krb5_pk_rd_pa_reply(krb5_context context,
#endif
memset(&w2krep, 0, sizeof(w2krep));
-
+
ret = decode_PA_PK_AS_REP_Win2k(pa->padata_value.data,
pa->padata_value.length,
&w2krep,
@@ -1674,12 +1676,12 @@ _krb5_pk_rd_pa_reply(krb5_context context,
}
krb5_clear_error_message(context);
-
+
switch (w2krep.element) {
case choice_PA_PK_AS_REP_Win2k_encKeyPack: {
heim_octet_string data;
heim_oid oid;
-
+
ret = hx509_cms_unwrap_ContentInfo(&w2krep.u.encKeyPack,
&oid, &data, NULL);
free_PA_PK_AS_REP_Win2k(&w2krep);
@@ -1744,7 +1746,7 @@ hx_pass_prompter(void *data, const hx509_prompt *prompter)
default:
prompt.type = KRB5_PROMPT_TYPE_PASSWORD;
break;
- }
+ }
ret = (*p->prompter)(p->context, p->prompter_data, NULL, NULL, 1, &prompt);
if (ret) {
@@ -1780,10 +1782,10 @@ _krb5_pk_set_user_id(krb5_context context,
"Allocate query to find signing certificate");
return ret;
}
-
+
hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY);
hx509_query_match_option(q, HX509_QUERY_OPTION_KU_DIGITALSIGNATURE);
-
+
if (principal && strncmp("LKDC:SHA1.", krb5_principal_get_realm(context, principal), 9) == 0) {
ctx->id->flags |= PKINIT_BTMM;
}
@@ -1799,7 +1801,7 @@ _krb5_pk_set_user_id(krb5_context context,
ret = hx509_cert_get_subject(ctx->id->cert, &name);
if (ret)
goto out;
-
+
ret = hx509_name_to_string(name, &str);
hx509_name_free(&name);
if (ret)
@@ -1857,7 +1859,7 @@ _krb5_pk_load_id(krb5_context context,
krb5_set_error_message(context, ENOMEM,
N_("malloc: out of memory", ""));
return ENOMEM;
- }
+ }
if (user_id) {
hx509_lock lock;
@@ -1867,15 +1869,15 @@ _krb5_pk_load_id(krb5_context context,
pk_copy_error(context, context->hx509ctx, ret, "Failed init lock");
goto out;
}
-
+
if (password && password[0])
hx509_lock_add_password(lock, password);
-
+
if (prompter) {
p.context = context;
p.prompter = prompter;
p.prompter_data = prompter_data;
-
+
ret = hx509_lock_set_prompter(lock, hx_pass_prompter, &p);
if (ret) {
hx509_lock_free(lock);
@@ -2083,7 +2085,7 @@ _krb5_parse_moduli_line(krb5_context context,
"bits on line %d", ""), file, lineno);
goto out;
}
-
+
ret = parse_integer(context, &p, file, lineno, "p", &m1->p);
if (ret)
goto out;
@@ -2249,7 +2251,7 @@ _krb5_parse_moduli(krb5_context context, const char *file,
return ENOMEM;
}
m = m2;
-
+
m[n] = NULL;
ret = _krb5_parse_moduli_line(context, file, lineno, buf, &element);
@@ -2321,7 +2323,7 @@ _krb5_get_init_creds_opt_free_pkinit(krb5_get_init_creds_opt *opt)
break;
case USE_RSA:
break;
- case USE_ECDH:
+ case USE_ECDH:
#ifdef HAVE_OPENSSL
if (ctx->u.eckey)
EC_KEY_free(ctx->u.eckey);
@@ -2457,7 +2459,7 @@ krb5_get_init_creds_opt_set_pkinit(krb5_context context,
krb5_set_error_message(context, EINVAL,
N_("No anonymous pkinit support in RSA mode", ""));
return EINVAL;
- }
+ }
}
return 0;
@@ -2484,7 +2486,7 @@ krb5_get_init_creds_opt_set_pkinit_user_certs(krb5_context context,
N_("PKINIT: on pkinit context", ""));
return EINVAL;
}
-
+
_krb5_pk_set_user_id(context, NULL, opt->opt_private->pk_init_ctx, certs);
return 0;
@@ -2517,7 +2519,7 @@ get_ms_san(hx509_context context, hx509_cert cert, char **upn)
upn, NULL);
else
ret = 1;
- hx509_free_octet_string_list(&list);
+ hx509_free_octet_string_list(&list);
return ret;
}
@@ -2552,14 +2554,14 @@ krb5_pk_enterprise_cert(krb5_context context,
#ifdef PKINIT
krb5_error_code ret;
hx509_certs certs, result;
- hx509_cert cert;
+ hx509_cert cert = NULL;
hx509_query *q;
char *name;
*principal = NULL;
if (res)
*res = NULL;
-
+
if (user_id == NULL) {
krb5_set_error_message(context, ENOENT, "no user id");
return ENOENT;
@@ -2592,7 +2594,7 @@ krb5_pk_enterprise_cert(krb5_context context,
"Failed to find PKINIT certificate");
return ret;
}
-
+
ret = hx509_get_one_cert(context->hx509ctx, result, &cert);
hx509_certs_free(&result);
if (ret) {
@@ -2617,11 +2619,9 @@ krb5_pk_enterprise_cert(krb5_context context,
if (res) {
ret = hx509_certs_init(context->hx509ctx, "MEMORY:", 0, NULL, res);
- if (ret) {
- hx509_cert_free(cert);
+ if (ret)
goto out;
- }
-
+
ret = hx509_certs_add(context->hx509ctx, *res, cert);
if (ret) {
hx509_certs_free(res);
diff --git a/source4/heimdal/lib/krb5/plugin.c b/source4/heimdal/lib/krb5/plugin.c
index ea47e13a7b..9303b6c615 100644
--- a/source4/heimdal/lib/krb5/plugin.c
+++ b/source4/heimdal/lib/krb5/plugin.c
@@ -63,7 +63,7 @@ static HEIMDAL_MUTEX plugin_mutex = HEIMDAL_MUTEX_INITIALIZER;
static struct plugin *registered = NULL;
static int plugins_needs_scan = 1;
-static const char *sysplugin_dirs[] = {
+static const char *sysplugin_dirs[] = {
LIBDIR "/plugin/krb5",
#ifdef __APPLE__
"/System/Library/KerberosPlugins/KerberosFrameworkPlugins",
@@ -196,9 +196,9 @@ is_valid_plugin_filename(const char * n)
return !stricmp(ext, ".dll");
}
-#endif
-
+#else
return 1;
+#endif
}
static void
@@ -305,7 +305,7 @@ static krb5_error_code
add_symbol(krb5_context context, struct krb5_plugin **list, void *symbol)
{
struct krb5_plugin *e;
-
+
e = calloc(1, sizeof(*e));
if (e == NULL) {
krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
@@ -329,7 +329,7 @@ _krb5_plugin_find(krb5_context context,
*list = NULL;
HEIMDAL_MUTEX_lock(&plugin_mutex);
-
+
load_plugins(context);
for (ret = 0, e = registered; e != NULL; e = e->next) {
@@ -379,7 +379,7 @@ _krb5_plugin_free(struct krb5_plugin *list)
/*
* module - dict of {
* ModuleName = [
- * plugin = object{
+ * plugin = object{
* array = { ptr, ctx }
* }
* ]
@@ -556,7 +556,7 @@ search_modules(void *ctx, heim_object_t key, heim_object_t value)
return;
pl = heim_alloc(sizeof(*pl), "struct-plug", plug_free);
-
+
cpm = pl->dataptr = dlsym(p->dsohandle, s->name);
if (cpm) {
int ret;
@@ -569,10 +569,10 @@ search_modules(void *ctx, heim_object_t key, heim_object_t value)
} else {
cpm = pl->dataptr;
}
-
+
if (cpm && cpm->version >= s->min_version)
heim_array_append_value(s->result, pl);
-
+
heim_release(pl);
}
@@ -619,11 +619,11 @@ _krb5_plugin_run_f(krb5_context context,
s.userctx = userctx;
heim_dict_iterate_f(dict, search_modules, &s);
-
+
heim_release(dict);
-
+
HEIMDAL_MUTEX_unlock(&plugin_mutex);
-
+
s.ret = KRB5_PLUGIN_NO_HANDLE;
heim_array_iterate_f(s.result, eval_results, &s);
diff --git a/source4/heimdal/lib/krb5/principal.c b/source4/heimdal/lib/krb5/principal.c
index 42169fc2f9..a10d2d0798 100644
--- a/source4/heimdal/lib/krb5/principal.c
+++ b/source4/heimdal/lib/krb5/principal.c
@@ -140,7 +140,7 @@ krb5_principal_get_realm(krb5_context context,
krb5_const_principal principal)
{
return princ_realm(principal);
-}
+}
KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
krb5_principal_get_comp_string(krb5_context context,
@@ -426,7 +426,7 @@ unparse_name_fixed(krb5_context context,
int flags)
{
size_t idx = 0;
- int i;
+ size_t i;
int short_form = (flags & KRB5_PRINCIPAL_UNPARSE_SHORT) != 0;
int no_realm = (flags & KRB5_PRINCIPAL_UNPARSE_NO_REALM) != 0;
int display = (flags & KRB5_PRINCIPAL_UNPARSE_DISPLAY) != 0;
@@ -549,7 +549,7 @@ unparse_name(krb5_context context,
int flags)
{
size_t len = 0, plen;
- int i;
+ size_t i;
krb5_error_code ret;
/* count length */
if (princ_realm(principal)) {
@@ -917,7 +917,7 @@ krb5_principal_compare_any_realm(krb5_context context,
krb5_const_principal princ1,
krb5_const_principal princ2)
{
- int i;
+ size_t i;
if(princ_num_comp(princ1) != princ_num_comp(princ2))
return FALSE;
for(i = 0; i < princ_num_comp(princ1); i++){
@@ -932,7 +932,7 @@ _krb5_principal_compare_PrincipalName(krb5_context context,
krb5_const_principal princ1,
PrincipalName *princ2)
{
- int i;
+ size_t i;
if (princ_num_comp(princ1) != princ2->name_string.len)
return FALSE;
for(i = 0; i < princ_num_comp(princ1); i++){
@@ -1001,7 +1001,7 @@ krb5_principal_match(krb5_context context,
krb5_const_principal princ,
krb5_const_principal pattern)
{
- int i;
+ size_t i;
if(princ_num_comp(princ) != princ_num_comp(pattern))
return FALSE;
if(fnmatch(princ_realm(pattern), princ_realm(princ), 0) != 0)
@@ -1028,7 +1028,7 @@ krb5_principal_match(krb5_context context,
*
* @ingroup krb5_principal
*/
-
+
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_sname_to_principal (krb5_context context,
const char *hostname,
@@ -1039,7 +1039,7 @@ krb5_sname_to_principal (krb5_context context,
krb5_error_code ret;
char localhost[MAXHOSTNAMELEN];
char **realms, *host = NULL;
-
+
if(type != KRB5_NT_SRV_HST && type != KRB5_NT_UNKNOWN) {
krb5_set_error_message(context, KRB5_SNAME_UNSUPP_NAMETYPE,
N_("unsupported name type %d", ""),
@@ -1053,7 +1053,7 @@ krb5_sname_to_principal (krb5_context context,
krb5_set_error_message(context, ret,
N_("Failed to get local hostname", ""));
return ret;
- }
+ }
localhost[sizeof(localhost) - 1] = '\0';
hostname = localhost;
}
@@ -1096,7 +1096,7 @@ static const struct {
{ "ENT_PRINCIPAL_AND_ID", KRB5_NT_ENT_PRINCIPAL_AND_ID },
{ "MS_PRINCIPAL", KRB5_NT_MS_PRINCIPAL },
{ "MS_PRINCIPAL_AND_ID", KRB5_NT_MS_PRINCIPAL_AND_ID },
- { NULL }
+ { NULL, 0 }
};
/**
diff --git a/source4/heimdal/lib/krb5/rd_cred.c b/source4/heimdal/lib/krb5/rd_cred.c
index 094f748b9f..c08547112b 100644
--- a/source4/heimdal/lib/krb5/rd_cred.c
+++ b/source4/heimdal/lib/krb5/rd_cred.c
@@ -65,9 +65,10 @@ krb5_rd_cred(krb5_context context,
EncKrbCredPart enc_krb_cred_part;
krb5_data enc_krb_cred_part_data;
krb5_crypto crypto;
- int i;
+ size_t i;
memset(&enc_krb_cred_part, 0, sizeof(enc_krb_cred_part));
+ krb5_data_zero(&enc_krb_cred_part_data);
if ((auth_context->flags &
(KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
@@ -118,7 +119,7 @@ krb5_rd_cred(krb5_context context,
KRB5_KU_KRB_CRED,
&cred.enc_part,
&enc_krb_cred_part_data);
-
+
krb5_crypto_destroy(context, crypto);
}
@@ -134,13 +135,13 @@ krb5_rd_cred(krb5_context context,
if (ret)
goto out;
-
+
ret = krb5_decrypt_EncryptedData(context,
crypto,
KRB5_KU_KRB_CRED,
&cred.enc_part,
&enc_krb_cred_part_data);
-
+
krb5_crypto_destroy(context, crypto);
}
if (ret)
@@ -195,7 +196,7 @@ krb5_rd_cred(krb5_context context,
auth_context->local_port);
if (ret)
goto out;
-
+
ret = compare_addrs(context, a, enc_krb_cred_part.r_address,
N_("receiver address is wrong "
"in received creds", ""));
@@ -299,9 +300,9 @@ krb5_rd_cred(krb5_context context,
krb5_copy_addresses (context,
kci->caddr,
&creds->addresses);
-
+
(*ret_creds)[i] = creds;
-
+
}
(*ret_creds)[i] = NULL;
diff --git a/source4/heimdal/lib/krb5/rd_rep.c b/source4/heimdal/lib/krb5/rd_rep.c
index f8963a53b2..391d81c191 100644
--- a/source4/heimdal/lib/krb5/rd_rep.c
+++ b/source4/heimdal/lib/krb5/rd_rep.c
@@ -65,7 +65,7 @@ krb5_rd_rep(krb5_context context,
if (ret)
goto out;
ret = krb5_decrypt_EncryptedData (context,
- crypto,
+ crypto,
KRB5_KU_AP_REQ_ENC_PART,
&ap_rep.enc_part,
&data);
diff --git a/source4/heimdal/lib/krb5/rd_req.c b/source4/heimdal/lib/krb5/rd_req.c
index 25aa8674c7..21daeb596b 100644
--- a/source4/heimdal/lib/krb5/rd_req.c
+++ b/source4/heimdal/lib/krb5/rd_req.c
@@ -59,7 +59,7 @@ decrypt_tkt_enc_part (krb5_context context,
ret = decode_EncTicketPart(plain.data, plain.length, decr_part, &len);
if (ret)
- krb5_set_error_message(context, ret,
+ krb5_set_error_message(context, ret,
N_("Failed to decode encrypted "
"ticket part", ""));
krb5_data_free (&plain);
@@ -135,9 +135,9 @@ static krb5_error_code
check_transited(krb5_context context, Ticket *ticket, EncTicketPart *enc)
{
char **realms;
- unsigned int num_realms;
+ unsigned int num_realms, n;
krb5_error_code ret;
-
+
/*
* Windows 2000 and 2003 uses this inside their TGT so it's normaly
* not seen by others, however, samba4 joined with a Windows AD as
@@ -161,6 +161,8 @@ check_transited(krb5_context context, Ticket *ticket, EncTicketPart *enc)
ret = krb5_check_transited(context, enc->crealm,
ticket->realm,
realms, num_realms, NULL);
+ for (n = 0; n < num_realms; n++)
+ free(realms[n]);
free(realms);
return ret;
}
@@ -175,7 +177,7 @@ find_etypelist(krb5_context context,
krb5_authdata adIfRelevant;
unsigned i;
- adIfRelevant.len = 0;
+ memset(&adIfRelevant, 0, sizeof(adIfRelevant));
etypes->len = 0;
etypes->val = NULL;
@@ -250,7 +252,7 @@ krb5_decrypt_ticket(krb5_context context,
krb5_clear_error_message (context);
return KRB5KRB_AP_ERR_TKT_EXPIRED;
}
-
+
if(!t.flags.transited_policy_checked) {
ret = check_transited(context, ticket, &t);
if(ret) {
@@ -402,7 +404,7 @@ krb5_verify_ap_req2(krb5_context context,
{
krb5_principal p1, p2;
krb5_boolean res;
-
+
_krb5_principalname2krb5_principal(context,
&p1,
ac->authenticator->cname,
@@ -466,7 +468,7 @@ krb5_verify_ap_req2(krb5_context context,
ac->keytype = ETYPE_NULL;
if (etypes.val) {
- int i;
+ size_t i;
for (i = 0; i < etypes.len; i++) {
if (krb5_enctype_valid(context, etypes.val[i]) == 0) {
@@ -508,7 +510,7 @@ krb5_verify_ap_req2(krb5_context context,
krb5_auth_con_free (context, ac);
return ret;
}
-
+
/*
*
*/
@@ -949,7 +951,7 @@ krb5_rd_req_ctx(krb5_context context,
&o->ap_req_options,
&o->ticket,
KRB5_KU_AP_REQ_AUTH);
-
+
if (ret)
goto out;
@@ -972,7 +974,7 @@ krb5_rd_req_ctx(krb5_context context,
goto out;
done = 0;
- while (!done) {
+ while (!done) {
krb5_principal p;
ret = krb5_kt_next_entry(context, id, &entry, &cursor);
@@ -1007,14 +1009,14 @@ krb5_rd_req_ctx(krb5_context context,
* and update the service principal in the ticket to match
* whatever is in the keytab.
*/
-
- ret = krb5_copy_keyblock(context,
+
+ ret = krb5_copy_keyblock(context,
&entry.keyblock,
&o->keyblock);
if (ret) {
krb5_kt_free_entry (context, &entry);
goto out;
- }
+ }
ret = krb5_copy_principal(context, entry.principal, &p);
if (ret) {
@@ -1023,7 +1025,7 @@ krb5_rd_req_ctx(krb5_context context,
}
krb5_free_principal(context, o->ticket->server);
o->ticket->server = p;
-
+
krb5_kt_free_entry (context, &entry);
done = 1;
@@ -1045,7 +1047,7 @@ krb5_rd_req_ctx(krb5_context context,
krb5_data_free(&data);
if (ret)
goto out;
-
+
ret = krb5_pac_verify(context,
pac,
o->ticket->ticket.authtime,
diff --git a/source4/heimdal/lib/krb5/replay.c b/source4/heimdal/lib/krb5/replay.c
index 375a4aaba6..965dd44437 100644
--- a/source4/heimdal/lib/krb5/replay.c
+++ b/source4/heimdal/lib/krb5/replay.c
@@ -282,14 +282,14 @@ krb5_rc_get_name(krb5_context context,
{
return id->name;
}
-
+
KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
krb5_rc_get_type(krb5_context context,
krb5_rcache id)
{
return "FILE";
}
-
+
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_server_rcache(krb5_context context,
const krb5_data *piece,
diff --git a/source4/heimdal/lib/krb5/salt-arcfour.c b/source4/heimdal/lib/krb5/salt-arcfour.c
index b222b47e16..ab5e51270c 100644
--- a/source4/heimdal/lib/krb5/salt-arcfour.c
+++ b/source4/heimdal/lib/krb5/salt-arcfour.c
@@ -43,7 +43,7 @@ ARCFOUR_string_to_key(krb5_context context,
{
krb5_error_code ret;
uint16_t *s = NULL;
- size_t len, i;
+ size_t len = 0, i;
EVP_MD_CTX *m;
m = EVP_MD_CTX_create();
diff --git a/source4/heimdal/lib/krb5/salt-des.c b/source4/heimdal/lib/krb5/salt-des.c
index 6939b6b50b..56b285f72e 100644
--- a/source4/heimdal/lib/krb5/salt-des.c
+++ b/source4/heimdal/lib/krb5/salt-des.c
@@ -52,7 +52,7 @@ krb5_DES_AFS3_CMU_string_to_key (krb5_data pw,
DES_cblock *key)
{
char password[8+1]; /* crypt is limited to 8 chars anyway */
- int i;
+ size_t i;
for(i = 0; i < 8; i++) {
char c = ((i < pw.length) ? ((char*)pw.data)[i] : 0) ^
@@ -89,7 +89,7 @@ krb5_DES_AFS3_Transarc_string_to_key (krb5_data pw,
memcpy(password, pw.data, min(pw.length, sizeof(password)));
if(pw.length < sizeof(password)) {
int len = min(cell.length, sizeof(password) - pw.length);
- int i;
+ size_t i;
memcpy(password + pw.length, cell.data, len);
for (i = pw.length; i < pw.length + len; ++i)
@@ -138,7 +138,7 @@ static void
DES_string_to_key_int(unsigned char *data, size_t length, DES_cblock *key)
{
DES_key_schedule schedule;
- int i;
+ size_t i;
int reverse = 0;
unsigned char *p;
diff --git a/source4/heimdal/lib/krb5/salt.c b/source4/heimdal/lib/krb5/salt.c
index 6f18308743..5e4c8a1c85 100644
--- a/source4/heimdal/lib/krb5/salt.c
+++ b/source4/heimdal/lib/krb5/salt.c
@@ -33,6 +33,7 @@
#include "krb5_locl.h"
+/* coverity[+alloc : arg-*3] */
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_salttype_to_string (krb5_context context,
krb5_enctype etype,
@@ -98,7 +99,7 @@ krb5_get_pw_salt(krb5_context context,
krb5_salt *salt)
{
size_t len;
- int i;
+ size_t i;
krb5_error_code ret;
char *p;
diff --git a/source4/heimdal/lib/krb5/send_to_kdc.c b/source4/heimdal/lib/krb5/send_to_kdc.c
index 2ae8153c8d..edf1d33c9d 100644
--- a/source4/heimdal/lib/krb5/send_to_kdc.c
+++ b/source4/heimdal/lib/krb5/send_to_kdc.c
@@ -88,7 +88,7 @@ recv_loop (krb5_socket_t fd,
return 0;
if (limit)
- nbytes = min(nbytes, limit - rep->length);
+ nbytes = min((size_t)nbytes, limit - rep->length);
tmp = realloc (rep->data, rep->length + nbytes);
if (tmp == NULL) {
@@ -268,7 +268,7 @@ send_via_proxy (krb5_context context,
int ret;
krb5_socket_t s = rk_INVALID_SOCKET;
char portstr[NI_MAXSERV];
-
+
if (proxy == NULL)
return ENOMEM;
if (strncmp (proxy, "http://", 7) == 0)
@@ -339,7 +339,7 @@ send_via_plugin(krb5_context context,
service = _krb5_plugin_get_symbol(e);
if (service->minor_version != 0)
continue;
-
+
(*service->init)(context, &ctx);
ret = (*service->send_to_kdc)(context, ctx, hi,
timeout, send_data, receive);
@@ -366,12 +366,12 @@ send_via_plugin(krb5_context context,
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_sendto (krb5_context context,
const krb5_data *send_data,
- krb5_krbhst_handle handle,
+ krb5_krbhst_handle handle,
krb5_data *receive)
{
krb5_error_code ret;
krb5_socket_t fd;
- int i;
+ size_t i;
krb5_data_zero(receive);
@@ -511,7 +511,7 @@ _krb5_copy_send_to_kdc_func(krb5_context context, krb5_context to)
{
if (context->send_to_kdc)
return krb5_set_send_to_kdc_func(to,
- context->send_to_kdc->func,
+ context->send_to_kdc->func,
context->send_to_kdc->data);
else
return krb5_set_send_to_kdc_func(to, NULL, NULL);
@@ -602,7 +602,7 @@ krb5_sendto_context(krb5_context context,
type = KRB5_KRBHST_KDC;
}
- if (send_data->length > context->large_msg_size)
+ if ((int)send_data->length > context->large_msg_size)
ctx->flags |= KRB5_KRBHST_FLAGS_LARGE_MSG;
/* loop until we get back a appropriate response */
diff --git a/source4/heimdal/lib/krb5/store-int.c b/source4/heimdal/lib/krb5/store-int.c
index 0a18d0dddf..d577629718 100644
--- a/source4/heimdal/lib/krb5/store-int.c
+++ b/source4/heimdal/lib/krb5/store-int.c
@@ -50,7 +50,7 @@ _krb5_get_int(void *buffer, unsigned long *value, size_t size)
{
unsigned char *p = buffer;
unsigned long v = 0;
- int i;
+ size_t i;
for (i = 0; i < size; i++)
v = (v << 8) + p[i];
*value = v;
diff --git a/source4/heimdal/lib/krb5/store-int.h b/source4/heimdal/lib/krb5/store-int.h
index 0b7accb860..877ccc008d 100644
--- a/source4/heimdal/lib/krb5/store-int.h
+++ b/source4/heimdal/lib/krb5/store-int.h
@@ -43,6 +43,7 @@ struct krb5_storage_data {
void (*free)(struct krb5_storage_data*);
krb5_flags flags;
int eof_code;
+ size_t max_alloc;
};
#endif /* __store_int_h__ */
diff --git a/source4/heimdal/lib/krb5/store.c b/source4/heimdal/lib/krb5/store.c
index 0dedba3d72..3aeb8d6281 100644
--- a/source4/heimdal/lib/krb5/store.c
+++ b/source4/heimdal/lib/krb5/store.c
@@ -120,6 +120,41 @@ krb5_storage_get_byteorder(krb5_storage *sp)
}
/**
+ * Set the max alloc value
+ *
+ * @param sp the storage buffer set the max allow for
+ * @param size maximum size to allocate, use 0 to remove limit
+ *
+ * @ingroup krb5_storage
+ */
+
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
+krb5_storage_set_max_alloc(krb5_storage *sp, size_t size)
+{
+ sp->max_alloc = size;
+}
+
+/* don't allocate unresonable amount of memory */
+static krb5_error_code
+size_too_large(krb5_storage *sp, size_t size)
+{
+ if (sp->max_alloc && sp->max_alloc < size)
+ return HEIM_ERR_TOO_BIG;
+ return 0;
+}
+
+static krb5_error_code
+size_too_large_num(krb5_storage *sp, size_t count, size_t size)
+{
+ if (sp->max_alloc == 0 || size == 0)
+ return 0;
+ size = sp->max_alloc / size;
+ if (size < count)
+ return HEIM_ERR_TOO_BIG;
+ return 0;
+}
+
+/**
* Seek to a new offset.
*
* @param sp the storage buffer to seek in.
@@ -262,10 +297,11 @@ krb5_storage_to_data(krb5_storage *sp, krb5_data *data)
pos = sp->seek(sp, 0, SEEK_CUR);
if (pos < 0)
return HEIM_ERR_NOT_SEEKABLE;
- size = (size_t)sp->seek(sp, 0, SEEK_END);
- if (size > (size_t)-1)
- return HEIM_ERR_TOO_BIG;
- ret = krb5_data_alloc (data, size);
+ size = sp->seek(sp, 0, SEEK_END);
+ ret = size_too_large(sp, size);
+ if (ret)
+ return ret;
+ ret = krb5_data_alloc(data, size);
if (ret) {
sp->seek(sp, pos, SEEK_SET);
return ret;
@@ -290,8 +326,10 @@ krb5_store_int(krb5_storage *sp,
return EINVAL;
_krb5_put_int(v, value, len);
ret = sp->store(sp, v, len);
- if (ret != len)
- return (ret<0)?errno:sp->eof_code;
+ if (ret < 0)
+ return errno;
+ if ((size_t)ret != len)
+ return sp->eof_code;
return 0;
}
@@ -346,8 +384,10 @@ krb5_ret_int(krb5_storage *sp,
unsigned char v[4];
unsigned long w;
ret = sp->fetch(sp, v, len);
- if(ret != len)
- return (ret<0)?errno:sp->eof_code;
+ if (ret < 0)
+ return errno;
+ if ((size_t)ret != len)
+ return sp->eof_code;
_krb5_get_int(v, &w, len);
*value = w;
return 0;
@@ -612,11 +652,10 @@ krb5_store_data(krb5_storage *sp,
if(ret < 0)
return ret;
ret = sp->store(sp, data.data, data.length);
- if(ret != data.length){
- if(ret < 0)
- return errno;
+ if(ret < 0)
+ return errno;
+ if((size_t)ret != data.length)
return sp->eof_code;
- }
return 0;
}
@@ -641,6 +680,9 @@ krb5_ret_data(krb5_storage *sp,
ret = krb5_ret_int32(sp, &size);
if(ret)
return ret;
+ ret = size_too_large(sp, size);
+ if (ret)
+ return ret;
ret = krb5_data_alloc (data, size);
if (ret)
return ret;
@@ -722,12 +764,10 @@ krb5_store_stringz(krb5_storage *sp, const char *s)
ssize_t ret;
ret = sp->store(sp, s, len);
- if(ret != len) {
- if(ret < 0)
- return ret;
- else
- return sp->eof_code;
- }
+ if(ret < 0)
+ return ret;
+ if((size_t)ret != len)
+ return sp->eof_code;
return 0;
}
@@ -755,6 +795,9 @@ krb5_ret_stringz(krb5_storage *sp,
char *tmp;
len++;
+ ret = size_too_large(sp, len);
+ if (ret)
+ break;
tmp = realloc (s, len);
if (tmp == NULL) {
free (s);
@@ -782,12 +825,10 @@ krb5_store_stringnl(krb5_storage *sp, const char *s)
ssize_t ret;
ret = sp->store(sp, s, len);
- if(ret != len) {
- if(ret < 0)
- return ret;
- else
- return sp->eof_code;
- }
+ if(ret < 0)
+ return ret;
+ if((size_t)ret != len)
+ return sp->eof_code;
ret = sp->store(sp, "\n", 1);
if(ret != 1) {
if(ret < 0)
@@ -823,6 +864,9 @@ krb5_ret_stringnl(krb5_storage *sp,
}
len++;
+ ret = size_too_large(sp, len);
+ if (ret)
+ break;
tmp = realloc (s, len);
if (tmp == NULL) {
free (s);
@@ -860,7 +904,7 @@ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_store_principal(krb5_storage *sp,
krb5_const_principal p)
{
- int i;
+ size_t i;
int ret;
if(!krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE)) {
@@ -923,6 +967,11 @@ krb5_ret_principal(krb5_storage *sp,
free(p);
return EINVAL;
}
+ ret = size_too_large_num(sp, ncomp, sizeof(p->name.name_string.val[0]));
+ if (ret) {
+ free(p);
+ return ret;
+ }
p->name.name_type = type;
p->name.name_string.len = ncomp;
ret = krb5_ret_string(sp, &p->realm);
@@ -930,7 +979,7 @@ krb5_ret_principal(krb5_storage *sp,
free(p);
return ret;
}
- p->name.name_string.val = calloc(ncomp, sizeof(*p->name.name_string.val));
+ p->name.name_string.val = calloc(ncomp, sizeof(p->name.name_string.val[0]));
if(p->name.name_string.val == NULL && ncomp != 0){
free(p->realm);
free(p);
@@ -1122,7 +1171,7 @@ krb5_ret_address(krb5_storage *sp, krb5_address *adr)
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_store_addrs(krb5_storage *sp, krb5_addresses p)
{
- int i;
+ size_t i;
int ret;
ret = krb5_store_int32(sp, p.len);
if(ret) return ret;
@@ -1147,12 +1196,14 @@ krb5_store_addrs(krb5_storage *sp, krb5_addresses p)
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_ret_addrs(krb5_storage *sp, krb5_addresses *adr)
{
- int i;
+ size_t i;
int ret;
int32_t tmp;
ret = krb5_ret_int32(sp, &tmp);
if(ret) return ret;
+ ret = size_too_large_num(sp, tmp, sizeof(adr->val[0]));
+ if (ret) return ret;
adr->len = tmp;
ALLOC(adr->val, adr->len);
if (adr->val == NULL && adr->len != 0)
@@ -1179,7 +1230,7 @@ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_store_authdata(krb5_storage *sp, krb5_authdata auth)
{
krb5_error_code ret;
- int i;
+ size_t i;
ret = krb5_store_int32(sp, auth.len);
if(ret) return ret;
for(i = 0; i < auth.len; i++){
@@ -1211,6 +1262,8 @@ krb5_ret_authdata(krb5_storage *sp, krb5_authdata *auth)
int i;
ret = krb5_ret_int32(sp, &tmp);
if(ret) return ret;
+ ret = size_too_large_num(sp, tmp, sizeof(auth->val[0]));
+ if (ret) return ret;
ALLOC_SEQ(auth, tmp);
if (auth->val == NULL && tmp != 0)
return ENOMEM;
@@ -1345,7 +1398,7 @@ krb5_ret_creds(krb5_storage *sp, krb5_creds *creds)
ret = krb5_ret_data (sp, &creds->second_ticket);
cleanup:
if(ret) {
-#if 0
+#if 0
krb5_free_cred_contents(context, creds); /* XXX */
#endif
}
@@ -1530,7 +1583,7 @@ krb5_ret_creds_tag(krb5_storage *sp,
cleanup:
if(ret) {
-#if 0
+#if 0
krb5_free_cred_contents(context, creds); /* XXX */
#endif
}
diff --git a/source4/heimdal/lib/krb5/store_emem.c b/source4/heimdal/lib/krb5/store_emem.c
index ccda751afb..7f91b08486 100644
--- a/source4/heimdal/lib/krb5/store_emem.c
+++ b/source4/heimdal/lib/krb5/store_emem.c
@@ -45,7 +45,7 @@ static ssize_t
emem_fetch(krb5_storage *sp, void *data, size_t size)
{
emem_storage *s = (emem_storage*)sp->data;
- if(s->base + s->len - s->ptr < size)
+ if((size_t)(s->base + s->len - s->ptr) < size)
size = s->base + s->len - s->ptr;
memmove(data, s->ptr, size);
sp->seek(sp, size, SEEK_CUR);
@@ -56,7 +56,7 @@ static ssize_t
emem_store(krb5_storage *sp, const void *data, size_t size)
{
emem_storage *s = (emem_storage*)sp->data;
- if(size > s->base + s->size - s->ptr){
+ if(size > (size_t)(s->base + s->size - s->ptr)){
void *base;
size_t sz, off;
off = s->ptr - s->base;
@@ -81,12 +81,12 @@ emem_seek(krb5_storage *sp, off_t offset, int whence)
emem_storage *s = (emem_storage*)sp->data;
switch(whence){
case SEEK_SET:
- if(offset > s->size)
+ if((size_t)offset > s->size)
offset = s->size;
if(offset < 0)
offset = 0;
s->ptr = s->base + offset;
- if(offset > s->len)
+ if((size_t)offset > s->len)
s->len = offset;
break;
case SEEK_CUR:
@@ -115,14 +115,14 @@ emem_trunc(krb5_storage *sp, off_t offset)
s->size = 0;
s->base = NULL;
s->ptr = NULL;
- } else if (offset > s->size || (s->size / 2) > offset) {
+ } else if ((size_t)offset > s->size || (s->size / 2) > (size_t)offset) {
void *base;
size_t off;
off = s->ptr - s->base;
base = realloc(s->base, offset);
if(base == NULL)
return ENOMEM;
- if (offset > s->size)
+ if ((size_t)offset > s->size)
memset((char *)base + s->size, 0, offset - s->size);
s->size = offset;
s->base = base;
@@ -190,5 +190,6 @@ krb5_storage_emem(void)
sp->seek = emem_seek;
sp->trunc = emem_trunc;
sp->free = emem_free;
+ sp->max_alloc = UINT_MAX/8;
return sp;
}
diff --git a/source4/heimdal/lib/krb5/store_fd.c b/source4/heimdal/lib/krb5/store_fd.c
index bd357dbe3b..2b72dea3a3 100644
--- a/source4/heimdal/lib/krb5/store_fd.c
+++ b/source4/heimdal/lib/krb5/store_fd.c
@@ -73,7 +73,7 @@ fd_free(krb5_storage * sp)
}
/**
- *
+ *
*
* @return A krb5_storage on success, or NULL on out of memory error.
*
@@ -128,5 +128,6 @@ krb5_storage_from_fd(krb5_socket_t fd_in)
sp->seek = fd_seek;
sp->trunc = fd_trunc;
sp->free = fd_free;
+ sp->max_alloc = UINT_MAX/8;
return sp;
}
diff --git a/source4/heimdal/lib/krb5/store_mem.c b/source4/heimdal/lib/krb5/store_mem.c
index b79bc19155..e674a95dba 100644
--- a/source4/heimdal/lib/krb5/store_mem.c
+++ b/source4/heimdal/lib/krb5/store_mem.c
@@ -44,7 +44,7 @@ static ssize_t
mem_fetch(krb5_storage *sp, void *data, size_t size)
{
mem_storage *s = (mem_storage*)sp->data;
- if(size > s->base + s->size - s->ptr)
+ if(size > (size_t)(s->base + s->size - s->ptr))
size = s->base + s->size - s->ptr;
memmove(data, s->ptr, size);
sp->seek(sp, size, SEEK_CUR);
@@ -55,7 +55,7 @@ static ssize_t
mem_store(krb5_storage *sp, const void *data, size_t size)
{
mem_storage *s = (mem_storage*)sp->data;
- if(size > s->base + s->size - s->ptr)
+ if(size > (size_t)(s->base + s->size - s->ptr))
size = s->base + s->size - s->ptr;
memmove(s->ptr, data, size);
sp->seek(sp, size, SEEK_CUR);
@@ -74,7 +74,7 @@ mem_seek(krb5_storage *sp, off_t offset, int whence)
mem_storage *s = (mem_storage*)sp->data;
switch(whence){
case SEEK_SET:
- if(offset > s->size)
+ if((size_t)offset > s->size)
offset = s->size;
if(offset < 0)
offset = 0;
@@ -95,7 +95,7 @@ static int
mem_trunc(krb5_storage *sp, off_t offset)
{
mem_storage *s = (mem_storage*)sp->data;
- if(offset > s->size)
+ if((size_t)offset > s->size)
return ERANGE;
s->size = offset;
if ((s->ptr - s->base) > offset)
@@ -145,6 +145,7 @@ krb5_storage_from_mem(void *buf, size_t len)
sp->seek = mem_seek;
sp->trunc = mem_trunc;
sp->free = NULL;
+ sp->max_alloc = UINT_MAX/8;
return sp;
}
@@ -203,5 +204,6 @@ krb5_storage_from_readonly_mem(const void *buf, size_t len)
sp->seek = mem_seek;
sp->trunc = mem_no_trunc;
sp->free = NULL;
+ sp->max_alloc = UINT_MAX/8;
return sp;
}
diff --git a/source4/heimdal/lib/krb5/ticket.c b/source4/heimdal/lib/krb5/ticket.c
index d816242f09..09bff30fe9 100644
--- a/source4/heimdal/lib/krb5/ticket.c
+++ b/source4/heimdal/lib/krb5/ticket.c
@@ -195,7 +195,7 @@ find_type_in_ad(krb5_context context,
int level)
{
krb5_error_code ret = 0;
- int i;
+ size_t i;
if (level > 9) {
ret = ENOENT; /* XXX */
@@ -639,7 +639,7 @@ decrypt_tkt (krb5_context context,
&size);
krb5_data_free (&data);
if (ret) {
- krb5_set_error_message(context, ret,
+ krb5_set_error_message(context, ret,
N_("Failed to decode encpart in ticket", ""));
return ret;
}
@@ -661,7 +661,7 @@ _krb5_extract_ticket(krb5_context context,
{
krb5_error_code ret;
krb5_principal tmp_principal;
- size_t len;
+ size_t len = 0;
time_t tmp_time;
krb5_timestamp sec_now;
@@ -757,7 +757,7 @@ _krb5_extract_ticket(krb5_context context,
/* compare nonces */
- if (nonce != rep->enc_part.nonce) {
+ if (nonce != (unsigned)rep->enc_part.nonce) {
ret = KRB5KRB_AP_ERR_MODIFIED;
krb5_set_error_message(context, ret, N_("malloc: out of memory", ""));
goto out;
@@ -837,7 +837,7 @@ _krb5_extract_ticket(krb5_context context,
creds->addresses.val = NULL;
}
creds->flags.b = rep->enc_part.flags;
-
+
creds->authdata.len = 0;
creds->authdata.val = NULL;
diff --git a/source4/heimdal/lib/krb5/transited.c b/source4/heimdal/lib/krb5/transited.c
index a72adc0351..5e21987bca 100644
--- a/source4/heimdal/lib/krb5/transited.c
+++ b/source4/heimdal/lib/krb5/transited.c
@@ -55,7 +55,7 @@ free_realms(struct tr_realm *r)
r = r->next;
free(p->realm);
free(p);
- }
+ }
}
static int
@@ -71,7 +71,7 @@ make_path(krb5_context context, struct tr_realm *r,
from = to;
to = str;
}
-
+
if(strcmp(from + strlen(from) - strlen(to), to) == 0){
p = from;
while(1){
@@ -84,20 +84,15 @@ make_path(krb5_context context, struct tr_realm *r,
if(strcmp(p, to) == 0)
break;
tmp = calloc(1, sizeof(*tmp));
- if(tmp == NULL){
- krb5_set_error_message(context, ENOMEM,
- N_("malloc: out of memory", ""));
- return ENOMEM;
- }
+ if(tmp == NULL)
+ return krb5_enomem(context);
tmp->next = r->next;
r->next = tmp;
tmp->realm = strdup(p);
if(tmp->realm == NULL){
r->next = tmp->next;
free(tmp);
- krb5_set_error_message(context, ENOMEM,
- N_("malloc: out of memory", ""));
- return ENOMEM;;
+ return krb5_enomem(context);
}
}
}else if(strncmp(from, to, strlen(to)) == 0){
@@ -110,20 +105,15 @@ make_path(krb5_context context, struct tr_realm *r,
if(strncmp(to, from, p - from) == 0)
break;
tmp = calloc(1, sizeof(*tmp));
- if(tmp == NULL){
- krb5_set_error_message(context, ENOMEM,
- N_("malloc: out of memory", ""));
- return ENOMEM;
- }
+ if(tmp == NULL)
+ return krb5_enomem(context);
tmp->next = r->next;
r->next = tmp;
tmp->realm = malloc(p - from + 1);
if(tmp->realm == NULL){
r->next = tmp->next;
free(tmp);
- krb5_set_error_message(context, ENOMEM,
- N_("malloc: out of memory", ""));
- return ENOMEM;
+ return krb5_enomem(context);
}
memcpy(tmp->realm, from, p - from);
tmp->realm[p - from] = '\0';
@@ -187,9 +177,7 @@ expand_realms(krb5_context context,
tmp = realloc(r->realm, len);
if(tmp == NULL){
free_realms(realms);
- krb5_set_error_message(context, ENOMEM,
- N_("malloc: out of memory", ""));
- return ENOMEM;
+ return krb5_enomem(context);
}
r->realm = tmp;
strlcat(r->realm, prev_realm, len);
@@ -202,9 +190,7 @@ expand_realms(krb5_context context,
tmp = malloc(len);
if(tmp == NULL){
free_realms(realms);
- krb5_set_error_message(context, ENOMEM,
- N_("malloc: out of memory", ""));
- return ENOMEM;
+ return krb5_enomem(context);
}
strlcpy(tmp, prev_realm, len);
strlcat(tmp, r->realm, len);
@@ -288,19 +274,14 @@ decode_realms(krb5_context context,
}
if(tr[i] == ','){
tmp = malloc(tr + i - start + 1);
- if(tmp == NULL){
- krb5_set_error_message(context, ENOMEM,
- N_("malloc: out of memory", ""));
- return ENOMEM;
- }
+ if(tmp == NULL)
+ return krb5_enomem(context);
memcpy(tmp, start, tr + i - start);
tmp[tr + i - start] = '\0';
r = make_realm(tmp);
if(r == NULL){
free_realms(*realms);
- krb5_set_error_message(context, ENOMEM,
- N_("malloc: out of memory", ""));
- return ENOMEM;
+ return krb5_enomem(context);
}
*realms = append_realm(*realms, r);
start = tr + i + 1;
@@ -309,18 +290,14 @@ decode_realms(krb5_context context,
tmp = malloc(tr + i - start + 1);
if(tmp == NULL){
free(*realms);
- krb5_set_error_message(context, ENOMEM,
- N_("malloc: out of memory", ""));
- return ENOMEM;
+ return krb5_enomem(context);
}
memcpy(tmp, start, tr + i - start);
tmp[tr + i - start] = '\0';
r = make_realm(tmp);
if(r == NULL){
free_realms(*realms);
- krb5_set_error_message(context, ENOMEM,
- N_("malloc: out of memory", ""));
- return ENOMEM;
+ return krb5_enomem(context);
}
*realms = append_realm(*realms, r);
@@ -370,14 +347,14 @@ krb5_domain_x500_decode(krb5_context context,
(*num_realms)++;
}
}
- if (*num_realms < 0 || *num_realms + 1 > UINT_MAX/sizeof(**realms))
+ if (*num_realms + 1 > UINT_MAX/sizeof(**realms))
return ERANGE;
{
char **R;
R = malloc((*num_realms + 1) * sizeof(*R));
if (R == NULL)
- return ENOMEM;
+ return krb5_enomem(context);
*realms = R;
while(r){
*R++ = r->realm;
@@ -410,7 +387,7 @@ krb5_domain_x500_encode(char **realms, unsigned int num_realms,
return ENOMEM;
*s = '\0';
for(i = 0; i < num_realms; i++){
- if(i && i < num_realms - 1)
+ if(i)
strlcat(s, ",", len + 1);
if(realms[i][0] == '/')
strlcat(s, " ", len + 1);
@@ -431,7 +408,7 @@ krb5_check_transited(krb5_context context,
{
char **tr_realms;
char **p;
- int i;
+ size_t i;
if(num_realms == 0)
return 0;
@@ -467,7 +444,7 @@ krb5_check_transited_realms(krb5_context context,
unsigned int num_realms,
int *bad_realm)
{
- int i;
+ size_t i;
int ret = 0;
char **bad_realms = krb5_config_get_strings(context, NULL,
"libdefaults",
diff --git a/source4/heimdal/lib/krb5/version-script.map b/source4/heimdal/lib/krb5/version-script.map
index c32a094f6d..fad84ebb5b 100644
--- a/source4/heimdal/lib/krb5/version-script.map
+++ b/source4/heimdal/lib/krb5/version-script.map
@@ -167,6 +167,7 @@ HEIMDAL_KRB5_2.0 {
krb5_copy_checksum;
krb5_copy_creds;
krb5_copy_creds_contents;
+ krb5_copy_context;
krb5_copy_data;
krb5_copy_host_realm;
krb5_copy_keyblock;
@@ -383,10 +384,11 @@ HEIMDAL_KRB5_2.0 {
krb5_hmac;
krb5_init_context;
krb5_init_ets;
- krb5_init_etype;
krb5_initlog;
krb5_is_config_principal;
krb5_is_thread_safe;
+ krb5_kcm_call;
+ krb5_kcm_storage_request;
krb5_kerberos_enctypes;
krb5_keyblock_get_enctype;
krb5_keyblock_init;
@@ -418,6 +420,7 @@ HEIMDAL_KRB5_2.0 {
krb5_kt_get_full_name;
krb5_kt_get_name;
krb5_kt_get_type;
+ krb5_kt_have_content;
krb5_kt_next_entry;
krb5_kt_read_service_key;
krb5_kt_register;
@@ -602,6 +605,7 @@ HEIMDAL_KRB5_2.0 {
krb5_storage_set_byteorder;
krb5_storage_set_eof_code;
krb5_storage_set_flags;
+ krb5_storage_set_max_alloc;
krb5_storage_to_data;
krb5_storage_truncate;
krb5_storage_write;
diff --git a/source4/heimdal/lib/krb5/warn.c b/source4/heimdal/lib/krb5/warn.c
index f7581d1f90..cb3be76fcc 100644
--- a/source4/heimdal/lib/krb5/warn.c
+++ b/source4/heimdal/lib/krb5/warn.c
@@ -37,7 +37,7 @@
static krb5_error_code _warnerr(krb5_context context, int do_errtext,
krb5_error_code code, int level, const char *fmt, va_list ap)
__attribute__((__format__(__printf__, 5, 0)));
-
+
static krb5_error_code
_warnerr(krb5_context context, int do_errtext,
krb5_error_code code, int level, const char *fmt, va_list ap)
@@ -69,7 +69,7 @@ _warnerr(krb5_context context, int do_errtext,
*arg= "<unknown error>";
}
}
-
+
if(context && context->warn_dest)
krb5_log(context, context->warn_dest, level, xfmt, args[0], args[1]);
else
diff --git a/source4/heimdal/lib/ntlm/ntlm.c b/source4/heimdal/lib/ntlm/ntlm.c
index 6dad519d4a..7aafc8c0aa 100644
--- a/source4/heimdal/lib/ntlm/ntlm.c
+++ b/source4/heimdal/lib/ntlm/ntlm.c
@@ -109,8 +109,12 @@ static const unsigned char ntlmsigature[8] = "NTLMSSP\x00";
#define CHECK(f, e) \
do { \
- ret = f ; if (ret != (e)) { ret = HNTLM_ERR_DECODE; goto out; } } \
- while(0)
+ ret = f; \
+ if (ret != (ssize_t)(e)) { \
+ ret = HNTLM_ERR_DECODE; \
+ goto out; \
+ } \
+ } while(/*CONSTCOND*/0)
static struct units ntlm_flag_units[] = {
#define ntlm_flag(x) { #x, NTLM_##x }
@@ -289,7 +293,7 @@ ret_sec_string(krb5_storage *sp, int ucs2, struct sec_buffer *desc, char **s)
CHECK(krb5_storage_seek(sp, desc->offset, SEEK_SET), desc->offset);
CHECK(ret_string(sp, ucs2, desc->length, s), 0);
out:
- return ret;
+ return ret;
}
static krb5_error_code
@@ -1025,7 +1029,7 @@ splitandenc(unsigned char *hash,
key[7] = (hash[6] << 1);
EVP_CIPHER_CTX_init(&ctx);
-
+
EVP_CipherInit_ex(&ctx, EVP_des_cbc(), NULL, key, NULL, 1);
EVP_Cipher(&ctx, answer, challenge, 8);
EVP_CIPHER_CTX_cleanup(&ctx);
@@ -1129,7 +1133,7 @@ heim_ntlm_v1_base_session(void *key, size_t len,
session->length = 0;
return ENOMEM;
}
-
+
m = EVP_MD_CTX_create();
if (m == NULL) {
heim_ntlm_free_buf(session);
@@ -1399,7 +1403,7 @@ static time_t
nt2unixtime(uint64_t t)
{
t = ((t - (uint64_t)NTTIME_EPOCH) / (uint64_t)10000000);
- if (t > (((time_t)(~(uint64_t)0)) >> 1))
+ if (t > (((uint64_t)(time_t)(~(uint64_t)0)) >> 1))
return 0;
return (time_t)t;
}
diff --git a/source4/heimdal/lib/roken/dumpdata.c b/source4/heimdal/lib/roken/dumpdata.c
index f30f0e54cc..844360187f 100644
--- a/source4/heimdal/lib/roken/dumpdata.c
+++ b/source4/heimdal/lib/roken/dumpdata.c
@@ -81,7 +81,7 @@ rk_undumpdata(const char *filename, void **buf, size_t *size)
sret = net_read(fd, *buf, *size);
if (sret < 0)
ret = errno;
- else if (sret != *size) {
+ else if (sret != (ssize_t)*size) {
ret = EINVAL;
free(*buf);
*buf = NULL;
diff --git a/source4/heimdal/lib/roken/get_window_size.c b/source4/heimdal/lib/roken/get_window_size.c
index 13e7ebf157..5a4a1753fe 100644
--- a/source4/heimdal/lib/roken/get_window_size.c
+++ b/source4/heimdal/lib/roken/get_window_size.c
@@ -58,32 +58,46 @@
#include "roken.h"
ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
-get_window_size(int fd, struct winsize *wp)
+get_window_size(int fd, int *lines, int *columns)
{
- int ret = -1;
-
- memset(wp, 0, sizeof(*wp));
+ char *s;
#if defined(TIOCGWINSZ)
- ret = ioctl(fd, TIOCGWINSZ, wp);
+ {
+ struct winsize ws;
+ int ret;
+ ret = ioctl(fd, TIOCGWINSZ, &ws);
+ if (ret != -1) {
+ if (lines)
+ *lines = ws.ws_row;
+ if (columns)
+ *columns = ws.ws_col;
+ return 0;
+ }
+ }
#elif defined(TIOCGSIZE)
{
struct ttysize ts;
-
+ int ret;
ret = ioctl(fd, TIOCGSIZE, &ts);
- if(ret == 0) {
- wp->ws_row = ts.ts_lines;
- wp->ws_col = ts.ts_cols;
- }
+ if (ret != -1) {
+ if (lines)
+ *lines = ts.ws_lines;
+ if (columns)
+ *columns = ts.ts_cols;
+ return 0;
+ }
}
#elif defined(HAVE__SCRSIZE)
{
int dst[2];
-
- _scrsize(dst);
- wp->ws_row = dst[1];
- wp->ws_col = dst[0];
- ret = 0;
+
+ _scrsize(dst);
+ if (lines)
+ *lines = dst[1];
+ if (columns)
+ *columns = dst[0];
+ return 0;
}
#elif defined(_WIN32)
{
@@ -93,21 +107,26 @@ get_window_size(int fd, struct winsize *wp)
fh = _get_osfhandle(fd);
if (fh != (intptr_t) INVALID_HANDLE_VALUE &&
GetConsoleScreenBufferInfo((HANDLE) fh, &sb_info)) {
- wp->ws_row = 1 + sb_info.srWindow.Bottom - sb_info.srWindow.Top;
- wp->ws_col = 1 + sb_info.srWindow.Right - sb_info.srWindow.Left;
+ if (lines)
+ *lines = 1 + sb_info.srWindow.Bottom - sb_info.srWindow.Top;
+ if (columns)
+ *columns = 1 + sb_info.srWindow.Right - sb_info.srWindow.Left;
- ret = 0;
+ return 0;
}
}
#endif
- if (ret != 0) {
- char *s;
- if((s = getenv("COLUMNS")))
- wp->ws_col = atoi(s);
- if((s = getenv("LINES")))
- wp->ws_row = atoi(s);
- if(wp->ws_col > 0 && wp->ws_row > 0)
- ret = 0;
+ if (columns) {
+ if ((s = getenv("COLUMNS")))
+ *columns = atoi(s);
+ else
+ return -1;
+ }
+ if (lines) {
+ if ((s = getenv("LINES")))
+ *lines = atoi(s);
+ else
+ return -1;
}
- return ret;
+ return 0;
}
diff --git a/source4/heimdal/lib/roken/getarg.c b/source4/heimdal/lib/roken/getarg.c
index a96e5c85bf..d6a5048689 100644
--- a/source4/heimdal/lib/roken/getarg.c
+++ b/source4/heimdal/lib/roken/getarg.c
@@ -114,8 +114,7 @@ mandoc_template(struct getargs *args,
printf(".Os OPERATING_SYSTEM\n");
printf(".Sh NAME\n");
printf(".Nm %s\n", p);
- printf(".Nd\n");
- printf("in search of a description\n");
+ printf(".Nd in search of a description\n");
printf(".Sh SYNOPSIS\n");
printf(".Nm\n");
for(i = 0; i < num_args; i++){
@@ -133,7 +132,7 @@ mandoc_template(struct getargs *args,
}
if(args[i].long_name) {
print_arg(buf, sizeof(buf), 1, 1, args + i, i18n);
- printf("Fl -%s%s%s",
+ printf("Fl Fl %s%s%s",
args[i].type == arg_negative_flag ? "no-" : "",
args[i].long_name, buf);
}
@@ -142,7 +141,7 @@ mandoc_template(struct getargs *args,
print_arg(buf, sizeof(buf), 1, 0, args + i, i18n);
printf(".Oo Fl %c%s \\*(Ba Xo\n", args[i].short_name, buf);
print_arg(buf, sizeof(buf), 1, 1, args + i, i18n);
- printf(".Fl -%s%s\n.Xc\n.Oc\n", args[i].long_name, buf);
+ printf(".Fl Fl %s%s\n.Xc\n.Oc\n", args[i].long_name, buf);
}
/*
if(args[i].type == arg_strings)
@@ -165,7 +164,7 @@ mandoc_template(struct getargs *args,
printf("\n");
}
if(args[i].long_name){
- printf(".Fl -%s%s",
+ printf(".Fl Fl %s%s",
args[i].type == arg_negative_flag ? "no-" : "",
args[i].long_name);
print_arg(buf, sizeof(buf), 1, 1, args + i, i18n);
@@ -228,7 +227,6 @@ arg_printusage_i18n (struct getargs *args,
size_t i, max_len = 0;
char buf[128];
int col = 0, columns;
- struct winsize ws;
if (progname == NULL)
progname = getprogname();
@@ -240,9 +238,7 @@ arg_printusage_i18n (struct getargs *args,
mandoc_template(args, num_args, progname, extra_string, i18n);
return;
}
- if(get_window_size(2, &ws) == 0)
- columns = ws.ws_col;
- else
+ if(get_window_size(2, NULL, &columns) == -1)
columns = 80;
col = 0;
col += fprintf (stderr, "%s: %s", usage, progname);
@@ -352,7 +348,7 @@ static int
arg_match_long(struct getargs *args, size_t num_args,
char *argv, int argc, char **rargv, int *goptind)
{
- int i;
+ size_t i;
char *goptarg = NULL;
int negate = 0;
int partial_match = 0;
@@ -477,7 +473,7 @@ static int
arg_match_short (struct getargs *args, size_t num_args,
char *argv, int argc, char **rargv, int *goptind)
{
- int j, k;
+ size_t j, k;
for(j = 1; j > 0 && j < strlen(rargv[*goptind]); j++) {
for(k = 0; k < num_args; k++) {
@@ -500,9 +496,11 @@ arg_match_short (struct getargs *args, size_t num_args,
}
if(args[k].type == arg_collect) {
struct getarg_collect_info *c = args[k].value;
+ int a = (int)j;
- if((*c->func)(TRUE, argc, rargv, goptind, &j, c->data))
+ if((*c->func)(TRUE, argc, rargv, goptind, &a, c->data))
return ARG_ERR_BAD_ARG;
+ j = a;
break;
}
diff --git a/source4/heimdal/lib/roken/hex.c b/source4/heimdal/lib/roken/hex.c
index 91590dd49d..c66b324f79 100644
--- a/source4/heimdal/lib/roken/hex.c
+++ b/source4/heimdal/lib/roken/hex.c
@@ -37,7 +37,7 @@
#include <ctype.h>
#include "hex.h"
-const static char hexchar[] = "0123456789ABCDEF";
+static const char hexchar[16] = "0123456789ABCDEF";
static int
pos(char c)
@@ -86,14 +86,13 @@ hex_decode(const char *str, void *data, size_t len)
size_t l;
unsigned char *p = data;
size_t i;
-
+
l = strlen(str);
/* check for overflow, same as (l+1)/2 but overflow safe */
if ((l/2) + (l&1) > len)
return -1;
- i = 0;
if (l & 1) {
p[0] = pos(str[0]);
str++;
diff --git a/source4/heimdal/lib/roken/parse_units.c b/source4/heimdal/lib/roken/parse_units.c
index d2857cfa07..8b3cdf40e5 100644
--- a/source4/heimdal/lib/roken/parse_units.c
+++ b/source4/heimdal/lib/roken/parse_units.c
@@ -267,7 +267,7 @@ ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
print_units_table (const struct units *units, FILE *f)
{
const struct units *u, *u2;
- int max_sz = 0;
+ size_t max_sz = 0;
for (u = units; u->name; ++u) {
max_sz = max(max_sz, strlen(u->name));
@@ -288,7 +288,7 @@ print_units_table (const struct units *units, FILE *f)
if (u2->name == NULL)
--u2;
unparse_units (u->mult, u2, buf, sizeof(buf));
- fprintf (f, "1 %*s = %s\n", max_sz, u->name, buf);
+ fprintf (f, "1 %*s = %s\n", (int)max_sz, u->name, buf);
} else {
fprintf (f, "1 %s\n", u->name);
}
diff --git a/source4/heimdal/lib/roken/resolve.c b/source4/heimdal/lib/roken/resolve.c
index 03715e5ffd..b27f37a6d6 100644
--- a/source4/heimdal/lib/roken/resolve.c
+++ b/source4/heimdal/lib/roken/resolve.c
@@ -194,7 +194,7 @@ parse_record(const unsigned char *data, const unsigned char *end_data,
dns_free_rr(rr);
return -1;
}
- if (status + 2 > size) {
+ if ((size_t)status + 2 > size) {
dns_free_rr(rr);
return -1;
}
@@ -217,7 +217,7 @@ parse_record(const unsigned char *data, const unsigned char *end_data,
dns_free_rr(rr);
return -1;
}
- if (status + 6 > size) {
+ if ((size_t)status + 6 > size) {
dns_free_rr(rr);
return -1;
}
@@ -237,7 +237,7 @@ parse_record(const unsigned char *data, const unsigned char *end_data,
break;
}
case rk_ns_t_txt:{
- if(size == 0 || size < *p + 1) {
+ if(size == 0 || size < (unsigned)(*p + 1)) {
dns_free_rr(rr);
return -1;
}
@@ -284,7 +284,7 @@ parse_record(const unsigned char *data, const unsigned char *end_data,
dns_free_rr(rr);
return -1;
}
- if (status + 18 > size) {
+ if ((size_t)status + 18 > size) {
dns_free_rr(rr);
return -1;
}
@@ -409,7 +409,7 @@ parse_reply(const unsigned char *data, size_t len)
{
const unsigned char *p;
int status;
- int i;
+ size_t i;
char host[MAXDNAME];
const unsigned char *end_data = data + len;
struct rk_dns_reply *r;
@@ -528,7 +528,7 @@ dns_lookup_int(const char *domain, int rr_class, int rr_type)
struct sockaddr_storage from;
uint32_t fromsize = sizeof(from);
dns_handle_t handle;
-
+
handle = dns_open(NULL);
if (handle == NULL)
return NULL;
diff --git a/source4/heimdal/lib/roken/rkpty.c b/source4/heimdal/lib/roken/rkpty.c
index 0faf668615..f2c62f23f3 100644
--- a/source4/heimdal/lib/roken/rkpty.c
+++ b/source4/heimdal/lib/roken/rkpty.c
@@ -107,9 +107,9 @@ open_pty(void)
{
char *clone[] = {
"/dev/ptc",
- "/dev/ptmx",
+ "/dev/ptmx",
"/dev/ptm",
- "/dev/ptym/clone",
+ "/dev/ptym/clone",
NULL
};
char **q;
@@ -372,7 +372,7 @@ main(int argc, char **argv)
sa.sa_handler = caught_signal;
sa.sa_flags = 0;
sigemptyset (&sa.sa_mask);
-
+
sigaction(SIGALRM, &sa, NULL);
}
diff --git a/source4/heimdal/lib/roken/roken.h.in b/source4/heimdal/lib/roken/roken.h.in
index 1ca3c10dc9..a6299aee8e 100644
--- a/source4/heimdal/lib/roken/roken.h.in
+++ b/source4/heimdal/lib/roken/roken.h.in
@@ -105,6 +105,10 @@ typedef int rk_socket_t;
#endif
+#ifndef IN_LOOPBACKNET
+#define IN_LOOPBACKNET 127
+#endif
+
#ifdef _MSC_VER
/* Declarations for Microsoft Visual C runtime on Windows */
@@ -759,7 +763,7 @@ struct winsize {
};
#endif
-ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL get_window_size(int fd, struct winsize *);
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL get_window_size(int fd, int *, int *);
#ifndef HAVE_VSYSLOG
#define vsyslog rk_vsyslog
@@ -932,6 +936,7 @@ strptime (const char *, const char *, struct tm *);
#endif
#ifndef HAVE_GETTIMEOFDAY
+#define gettimeofday rk_gettimeofday
ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
gettimeofday (struct timeval *, void *);
#endif
@@ -1098,6 +1103,18 @@ rk_qsort(void *, size_t, size_t, int (*)(const void *, const void *));
#define rk_random() rand()
#endif
+#ifndef HAVE_TDELETE
+#define tdelete(a,b,c) rk_tdelete(a,b,c)
+#endif
+#ifndef HAVE_TFIND
+#define tfind(a,b,c) rk_tfind(a,b,c)
+#endif
+#ifndef HAVE_TSEARCH
+#define tsearch(a,b,c) rk_tsearch(a,b,c)
+#endif
+#ifndef HAVE_TWALK
+#define twalk(a,b) rk_twalk(a,b)
+#endif
#if defined(__linux__) && defined(SOCK_CLOEXEC) && !defined(SOCKET_WRAPPER_REPLACE) && !defined(__SOCKET_WRAPPER_H__)
#undef socket
diff --git a/source4/heimdal/lib/roken/roken_gethostby.c b/source4/heimdal/lib/roken/roken_gethostby.c
index 1d6c8ffe8a..1bb560d3ba 100644
--- a/source4/heimdal/lib/roken/roken_gethostby.c
+++ b/source4/heimdal/lib/roken/roken_gethostby.c
@@ -142,6 +142,7 @@ roken_gethostby(const char *hostname)
int offset = 0;
int n;
char *p, *foo;
+ size_t len;
if(dns_addr.sin_family == 0)
return NULL; /* no configured host */
@@ -160,7 +161,9 @@ roken_gethostby(const char *hostname)
free(request);
return NULL;
}
- if(write(s, request, strlen(request)) != strlen(request)) {
+
+ len = strlen(request);
+ if(write(s, request, len) != (ssize_t)len) {
close(s);
free(request);
return NULL;
@@ -188,12 +191,12 @@ roken_gethostby(const char *hostname)
static char addrs[4 * MAX_ADDRS];
static char *addr_list[MAX_ADDRS + 1];
int num_addrs = 0;
-
+
he.h_name = p;
he.h_aliases = NULL;
he.h_addrtype = AF_INET;
he.h_length = 4;
-
+
while((p = strtok_r(NULL, " \t\r\n", &foo)) && num_addrs < MAX_ADDRS) {
struct in_addr ip;
inet_aton(p, &ip);
diff --git a/source4/heimdal/lib/roken/socket.c b/source4/heimdal/lib/roken/socket.c
index 8797f95772..017d6252ea 100644
--- a/source4/heimdal/lib/roken/socket.c
+++ b/source4/heimdal/lib/roken/socket.c
@@ -233,7 +233,7 @@ socket_set_portrange (rk_socket_t sock, int restr, int af)
}
#endif
}
-
+
/*
* Enable debug on `sock'.
*/
diff --git a/source4/heimdal/lib/roken/strsep_copy.c b/source4/heimdal/lib/roken/strsep_copy.c
index 9624b5a46f..1228f1a450 100644
--- a/source4/heimdal/lib/roken/strsep_copy.c
+++ b/source4/heimdal/lib/roken/strsep_copy.c
@@ -49,7 +49,7 @@ strsep_copy(const char **stringp, const char *delim, char *buf, size_t len)
if(save == NULL)
return -1;
*stringp = *stringp + strcspn(*stringp, delim);
- l = min(len, *stringp - save);
+ l = min(len, (size_t)(*stringp - save));
if(len > 0) {
memcpy(buf, save, l);
buf[l] = '\0';
diff --git a/source4/heimdal/lib/roken/version-script.map b/source4/heimdal/lib/roken/version-script.map
index 1baa4b182a..9229a373cd 100644
--- a/source4/heimdal/lib/roken/version-script.map
+++ b/source4/heimdal/lib/roken/version-script.map
@@ -139,6 +139,10 @@ HEIMDAL_ROKEN_1.0 {
rk_timevaladd;
rk_timevalfix;
rk_timevalsub;
+ rk_tdelete;
+ rk_tfind;
+ rk_tsearch;
+ rk_twalk;
rk_undumpdata;
rk_unvis;
rk_vasnprintf;
diff --git a/source4/heimdal/lib/vers/print_version.c b/source4/heimdal/lib/vers/print_version.c
index c702ae0fce..23cd25e0c6 100644
--- a/source4/heimdal/lib/vers/print_version.c
+++ b/source4/heimdal/lib/vers/print_version.c
@@ -51,6 +51,8 @@ print_version(const char *progname)
if(*package_list == '\0')
package_list = "no version information";
fprintf(stderr, "%s (%s)\n", progname, package_list);
- fprintf(stderr, "Copyright 1995-2010 Kungliga Tekniska Högskolan\n");
+ fprintf(stderr, "Copyright 1995-2011 Kungliga Tekniska Högskolan\n");
+#ifdef PACKAGE_BUGREPORT
fprintf(stderr, "Send bug-reports to %s\n", PACKAGE_BUGREPORT);
+#endif
}
diff --git a/source4/heimdal/lib/wind/ldap.c b/source4/heimdal/lib/wind/ldap.c
index 503ec75a9f..e7cab8eef3 100644
--- a/source4/heimdal/lib/wind/ldap.c
+++ b/source4/heimdal/lib/wind/ldap.c
@@ -61,7 +61,7 @@ _wind_ldap_case_exact_attribute(const uint32_t *tmp,
return WIND_ERR_OVERRUN;
while(i < olen && tmp[i] == 0x20) /* skip initial spaces */
i++;
-
+
while (i < olen) {
if (tmp[i] == 0x20) {
if (put_char(out, &o, 0x20, *out_len) ||
@@ -72,7 +72,7 @@ _wind_ldap_case_exact_attribute(const uint32_t *tmp,
} else {
if (put_char(out, &o, tmp[i++], *out_len))
return WIND_ERR_OVERRUN;
- }
+ }
}
assert(o > 0);
diff --git a/source4/heimdal/lib/wind/normalize.c b/source4/heimdal/lib/wind/normalize.c
index 3c68ea8660..15274f6855 100644
--- a/source4/heimdal/lib/wind/normalize.c
+++ b/source4/heimdal/lib/wind/normalize.c
@@ -130,7 +130,7 @@ compat_decomp(const uint32_t *in, size_t in_len,
struct translation ts = {in[i]};
size_t sub_len = *out_len - o;
int ret;
-
+
ret = hangul_decomp(in + i, in_len - i,
out + o, &sub_len);
if (ret) {
diff --git a/source4/heimdal/lib/wind/stringprep.c b/source4/heimdal/lib/wind/stringprep.c
index ec4657665e..002bc72595 100644
--- a/source4/heimdal/lib/wind/stringprep.c
+++ b/source4/heimdal/lib/wind/stringprep.c
@@ -111,7 +111,7 @@ wind_stringprep(const uint32_t *in, size_t in_len,
return ret;
}
-const static struct {
+static const struct {
const char *name;
wind_profile_flags flags;
} profiles[] = {
diff --git a/source4/heimdal/lib/wind/utf8.c b/source4/heimdal/lib/wind/utf8.c
index d16683645c..6907b3c9d3 100644
--- a/source4/heimdal/lib/wind/utf8.c
+++ b/source4/heimdal/lib/wind/utf8.c
@@ -183,7 +183,7 @@ wind_ucs4utf8(const uint32_t *in, size_t in_len, char *out, size_t *out_len)
for (o = 0, i = 0; i < in_len; i++) {
ch = in[i];
-
+
if (ch < 0x80) {
len = 1;
} else if (ch < 0x800) {
@@ -194,7 +194,7 @@ wind_ucs4utf8(const uint32_t *in, size_t in_len, char *out, size_t *out_len)
len = 4;
} else
return WIND_ERR_INVALID_UTF32;
-
+
o += len;
if (out) {
@@ -341,7 +341,7 @@ wind_ucs2write(const uint16_t *in, size_t in_len, unsigned int *flags,
* first to the output data */
if ((*flags) & WIND_RW_BOM) {
uint16_t bom = 0xfffe;
-
+
if (len < 2)
return WIND_ERR_OVERRUN;
@@ -462,14 +462,14 @@ wind_ucs2utf8(const uint16_t *in, size_t in_len, char *out, size_t *out_len)
for (o = 0, i = 0; i < in_len; i++) {
ch = in[i];
-
+
if (ch < 0x80) {
len = 1;
} else if (ch < 0x800) {
len = 2;
} else
len = 3;
-
+
o += len;
if (out) {