summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/heimdal/kdc/524.c14
-rw-r--r--source4/heimdal/kdc/kaserver.c46
-rw-r--r--source4/heimdal/kdc/kdc-private.h151
-rw-r--r--source4/heimdal/kdc/kdc_locl.h26
-rw-r--r--source4/heimdal/kdc/kerberos4.c58
-rw-r--r--source4/heimdal/kdc/kerberos5.c135
-rw-r--r--source4/heimdal/kdc/misc.c67
-rw-r--r--source4/heimdal/lib/asn1/gen.c4
-rw-r--r--source4/heimdal/lib/asn1/parse.c700
-rw-r--r--source4/heimdal/lib/asn1/parse.h5
-rw-r--r--source4/heimdal/lib/asn1/symbol.h17
-rw-r--r--source4/heimdal/lib/gssapi/context_time.c7
-rw-r--r--source4/heimdal/lib/gssapi/gssapi.h2
-rw-r--r--source4/heimdal/lib/hdb/db.c21
-rw-r--r--source4/heimdal/lib/hdb/hdb-private.h6
-rw-r--r--source4/heimdal/lib/hdb/hdb-protos.h23
-rw-r--r--source4/heimdal/lib/hdb/hdb.c23
-rw-r--r--source4/heimdal/lib/hdb/hdb.h66
-rw-r--r--source4/heimdal/lib/hdb/ndbm.c25
-rw-r--r--source4/heimdal/lib/krb5/cache.c14
-rw-r--r--source4/heimdal/lib/krb5/changepw.c11
-rw-r--r--source4/heimdal/lib/krb5/crypto.c13
-rw-r--r--source4/heimdal/lib/krb5/keytab_memory.c14
-rw-r--r--source4/heimdal/lib/krb5/krb5-protos.h9
-rw-r--r--source4/heimdal/lib/krb5/krb5_locl.h10
-rw-r--r--source4/heimdal/lib/krb5/principal.c2
-rw-r--r--source4/heimdal/lib/krb5/set_default_realm.c15
-rw-r--r--source4/heimdal_build/config.h3
-rw-r--r--source4/heimdal_build/config.m41
-rw-r--r--source4/kdc/hdb-ldb.c194
-rw-r--r--source4/kdc/pac-glue.c8
-rw-r--r--source4/kdc/pac-glue.h1
32 files changed, 949 insertions, 742 deletions
diff --git a/source4/heimdal/kdc/524.c b/source4/heimdal/kdc/524.c
index 497539b2e0..1642975616 100644
--- a/source4/heimdal/kdc/524.c
+++ b/source4/heimdal/kdc/524.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,7 +33,7 @@
#include "kdc_locl.h"
-RCSID("$Id: 524.c,v 1.34 2005/06/30 01:47:35 lha Exp $");
+RCSID("$Id: 524.c,v 1.35 2005/12/13 19:42:37 lha Exp $");
#include <krb5-v4compat.h>
@@ -47,7 +47,7 @@ fetch_server (krb5_context context,
krb5_kdc_configuration *config,
const Ticket *t,
char **spn,
- hdb_entry **server,
+ hdb_entry_ex **server,
const char *from)
{
krb5_error_code ret;
@@ -221,7 +221,7 @@ static krb5_error_code
encode_524_response(krb5_context context,
krb5_kdc_configuration *config,
const char *spn, const EncTicketPart et,
- const Ticket *t, hdb_entry *server,
+ const Ticket *t, hdb_entry_ex *server,
EncryptedData *ticket, int *kvno)
{
krb5_error_code ret;
@@ -274,7 +274,7 @@ encode_524_response(krb5_context context,
"Failed to encrypt v4 ticket (%s)", spn);
return ret;
}
- *kvno = server->kvno;
+ *kvno = server->entry.kvno;
}
return 0;
@@ -293,7 +293,7 @@ _kdc_do_524(krb5_context context,
{
krb5_error_code ret = 0;
krb5_crypto crypto;
- hdb_entry *server = NULL;
+ hdb_entry_ex *server = NULL;
Key *skey;
krb5_data et_data;
EncTicketPart et;
@@ -316,7 +316,7 @@ _kdc_do_524(krb5_context context,
goto out;
}
- ret = hdb_enctype2key(context, server, t->enc_part.etype, &skey);
+ ret = hdb_enctype2key(context, &server->entry, t->enc_part.etype, &skey);
if(ret){
kdc_log(context, config, 0,
"No suitable key found for server (%s) from %s", spn, from);
diff --git a/source4/heimdal/kdc/kaserver.c b/source4/heimdal/kdc/kaserver.c
index 4a9bd87cb6..069af21660 100644
--- a/source4/heimdal/kdc/kaserver.c
+++ b/source4/heimdal/kdc/kaserver.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,7 +33,7 @@
#include "kdc_locl.h"
-RCSID("$Id: kaserver.c,v 1.30 2005/06/30 01:49:39 lha Exp $");
+RCSID("$Id: kaserver.c,v 1.31 2005/12/13 19:44:27 lha Exp $");
#include <krb5-v4compat.h>
#include <rx.h>
@@ -404,8 +404,8 @@ do_authenticate (krb5_context context,
time_t end_time;
krb5_data request;
int32_t max_seq_len;
- hdb_entry *client_entry = NULL;
- hdb_entry *server_entry = NULL;
+ hdb_entry_ex *client_entry = NULL;
+ hdb_entry_ex *server_entry = NULL;
Key *ckey = NULL;
Key *skey = NULL;
krb5_storage *reply_sp;
@@ -453,8 +453,8 @@ do_authenticate (krb5_context context,
}
ret = _kdc_check_flags (context, config,
- client_entry, client_name,
- server_entry, server_name,
+ &client_entry->entry, client_name,
+ &server_entry->entry, server_name,
TRUE);
if (ret) {
make_error_reply (hdr, KAPWEXPIRED, reply);
@@ -516,17 +516,17 @@ do_authenticate (krb5_context context,
time skew between client and server. Let's make sure it is postive */
if(max_life < 1)
max_life = 1;
- if (client_entry->max_life)
- max_life = min(max_life, *client_entry->max_life);
- if (server_entry->max_life)
- max_life = min(max_life, *server_entry->max_life);
+ if (client_entry->entry.max_life)
+ max_life = min(max_life, *client_entry->entry.max_life);
+ if (server_entry->entry.max_life)
+ max_life = min(max_life, *server_entry->entry.max_life);
life = krb_time_to_life(kdc_time, kdc_time + max_life);
create_reply_ticket (context,
hdr, skey,
name, instance, config->v4_realm,
- addr, life, server_entry->kvno,
+ addr, life, server_entry->entry.kvno,
max_seq_len,
"krbtgt", config->v4_realm,
chal + 1, "tgsT",
@@ -618,9 +618,9 @@ do_getticket (krb5_context context,
char *instance = NULL;
krb5_data times;
int32_t max_seq_len;
- hdb_entry *server_entry = NULL;
- hdb_entry *client_entry = NULL;
- hdb_entry *krbtgt_entry = NULL;
+ hdb_entry_ex *server_entry = NULL;
+ hdb_entry_ex *client_entry = NULL;
+ hdb_entry_ex *krbtgt_entry = NULL;
Key *kkey = NULL;
Key *skey = NULL;
DES_cblock key;
@@ -752,8 +752,8 @@ do_getticket (krb5_context context,
}
ret = _kdc_check_flags (context, config,
- client_entry, client_name,
- server_entry, server_name,
+ &client_entry->entry, client_name,
+ &server_entry->entry, server_name,
FALSE);
if (ret) {
make_error_reply (hdr, KAPWEXPIRED, reply);
@@ -789,21 +789,21 @@ do_getticket (krb5_context context,
time skew between client and server. Let's make sure it is postive */
if(max_life < 1)
max_life = 1;
- if (krbtgt_entry->max_life)
- max_life = min(max_life, *krbtgt_entry->max_life);
- if (server_entry->max_life)
- max_life = min(max_life, *server_entry->max_life);
+ if (krbtgt_entry->entry.max_life)
+ max_life = min(max_life, *krbtgt_entry->entry.max_life);
+ if (server_entry->entry.max_life)
+ max_life = min(max_life, *server_entry->entry.max_life);
/* if this is a cross realm request, the client_entry will likely
be NULL */
- if (client_entry && client_entry->max_life)
- max_life = min(max_life, *client_entry->max_life);
+ if (client_entry && client_entry->entry.max_life)
+ max_life = min(max_life, *client_entry->entry.max_life);
life = _krb5_krb_time_to_life(kdc_time, kdc_time + max_life);
create_reply_ticket (context,
hdr, skey,
ad.pname, ad.pinst, ad.prealm,
- addr, life, server_entry->kvno,
+ addr, life, server_entry->entry.kvno,
max_seq_len,
name, instance,
0, "gtkt",
diff --git a/source4/heimdal/kdc/kdc-private.h b/source4/heimdal/kdc/kdc-private.h
new file mode 100644
index 0000000000..cfb76fd7b0
--- /dev/null
+++ b/source4/heimdal/kdc/kdc-private.h
@@ -0,0 +1,151 @@
+/* This is a generated file */
+#ifndef __kdc_private_h__
+#define __kdc_private_h__
+
+#include <stdarg.h>
+
+krb5_error_code
+_kdc_as_rep (
+ krb5_context /*context*/,
+ krb5_kdc_configuration */*config*/,
+ KDC_REQ */*req*/,
+ const krb5_data */*req_buffer*/,
+ krb5_data */*reply*/,
+ const char */*from*/,
+ struct sockaddr */*from_addr*/);
+
+krb5_error_code
+_kdc_check_flags (
+ krb5_context /*context*/,
+ krb5_kdc_configuration */*config*/,
+ hdb_entry */*client*/,
+ const char */*client_name*/,
+ hdb_entry */*server*/,
+ const char */*server_name*/,
+ krb5_boolean /*is_as_req*/);
+
+krb5_error_code
+_kdc_db_fetch (
+ krb5_context /*context*/,
+ krb5_kdc_configuration */*config*/,
+ krb5_principal /*principal*/,
+ enum hdb_ent_type,
+ hdb_entry_ex **/*h*/);
+
+krb5_error_code
+_kdc_db_fetch4 (
+ krb5_context /*context*/,
+ krb5_kdc_configuration */*config*/,
+ const char */*name*/,
+ const char */*instance*/,
+ const char */*realm*/,
+ enum hdb_ent_type /*ent_type*/,
+ hdb_entry_ex **/*ent*/);
+
+krb5_error_code
+_kdc_do_524 (
+ krb5_context /*context*/,
+ krb5_kdc_configuration */*config*/,
+ const Ticket */*t*/,
+ krb5_data */*reply*/,
+ const char */*from*/,
+ struct sockaddr */*addr*/);
+
+krb5_error_code
+_kdc_do_kaserver (
+ krb5_context /*context*/,
+ krb5_kdc_configuration */*config*/,
+ unsigned char */*buf*/,
+ size_t /*len*/,
+ krb5_data */*reply*/,
+ const char */*from*/,
+ struct sockaddr_in */*addr*/);
+
+krb5_error_code
+_kdc_do_version4 (
+ krb5_context /*context*/,
+ krb5_kdc_configuration */*config*/,
+ unsigned char */*buf*/,
+ size_t /*len*/,
+ krb5_data */*reply*/,
+ const char */*from*/,
+ struct sockaddr_in */*addr*/);
+
+krb5_error_code
+_kdc_encode_v4_ticket (
+ krb5_context /*context*/,
+ krb5_kdc_configuration */*config*/,
+ void */*buf*/,
+ size_t /*len*/,
+ const EncTicketPart */*et*/,
+ const PrincipalName */*service*/,
+ size_t */*size*/);
+
+void
+_kdc_free_ent (
+ krb5_context /*context*/,
+ hdb_entry_ex */*ent*/);
+
+krb5_error_code
+_kdc_get_des_key (
+ krb5_context /*context*/,
+ hdb_entry_ex */*principal*/,
+ krb5_boolean /*is_server*/,
+ krb5_boolean /*prefer_afs_key*/,
+ Key **/*ret_key*/);
+
+int
+_kdc_maybe_version4 (
+ unsigned char */*buf*/,
+ int /*len*/);
+
+krb5_error_code
+_kdc_pk_check_client (
+ krb5_context /*context*/,
+ krb5_kdc_configuration */*config*/,
+ krb5_principal /*client_princ*/,
+ const hdb_entry */*client*/,
+ pk_client_params */*client_params*/,
+ char **/*subject_name*/);
+
+void
+_kdc_pk_free_client_param (
+ krb5_context /*context*/,
+ pk_client_params */*client_params*/);
+
+krb5_error_code
+_kdc_pk_initialize (
+ krb5_context /*context*/,
+ krb5_kdc_configuration */*config*/,
+ const char */*user_id*/,
+ const char */*x509_anchors*/);
+
+krb5_error_code
+_kdc_pk_mk_pa_reply (
+ krb5_context /*context*/,
+ krb5_kdc_configuration */*config*/,
+ pk_client_params */*client_params*/,
+ const hdb_entry */*client*/,
+ const KDC_REQ */*req*/,
+ const krb5_data */*req_buffer*/,
+ krb5_keyblock **/*reply_key*/,
+ METHOD_DATA */*md*/);
+
+krb5_error_code
+_kdc_pk_rd_padata (
+ krb5_context /*context*/,
+ krb5_kdc_configuration */*config*/,
+ KDC_REQ */*req*/,
+ PA_DATA */*pa*/,
+ pk_client_params **/*ret_params*/);
+
+krb5_error_code
+_kdc_tgs_rep (
+ krb5_context /*context*/,
+ krb5_kdc_configuration */*config*/,
+ KDC_REQ */*req*/,
+ krb5_data */*data*/,
+ const char */*from*/,
+ struct sockaddr */*from_addr*/);
+
+#endif /* __kdc_private_h__ */
diff --git a/source4/heimdal/kdc/kdc_locl.h b/source4/heimdal/kdc/kdc_locl.h
index 8658d33b68..58cf1f4173 100644
--- a/source4/heimdal/kdc/kdc_locl.h
+++ b/source4/heimdal/kdc/kdc_locl.h
@@ -32,7 +32,7 @@
*/
/*
- * $Id: kdc_locl.h,v 1.73 2005/08/15 11:07:25 lha Exp $
+ * $Id: kdc_locl.h,v 1.74 2005/12/12 12:23:33 lha Exp $
*/
#ifndef __KDC_LOCL_H__
@@ -41,6 +41,9 @@
#include "headers.h"
#include "kdc.h"
+typedef struct pk_client_params pk_client_params;
+#include <kdc-private.h>
+
extern sig_atomic_t exit_flag;
extern size_t max_request;
extern const char *port_str;
@@ -68,20 +71,13 @@ krb5_kdc_configuration *
configure(krb5_context context, int argc, char **argv);
krb5_error_code
-_kdc_db_fetch(krb5_context, krb5_kdc_configuration *,
- krb5_principal, enum hdb_ent_type, hdb_entry **);
-
-krb5_error_code
-_kdc_db_fetch_ex(krb5_context context,
- krb5_kdc_configuration *config,
- krb5_principal principal, enum hdb_ent_type ent_type,
- hdb_entry_ex **h);
-
-void
-_kdc_free_ent(krb5_context context, hdb_entry *);
+_kdc_db_fetch(krb5_context context,
+ krb5_kdc_configuration *config,
+ krb5_principal principal, enum hdb_ent_type ent_type,
+ hdb_entry_ex **h);
void
-_kdc_free_ent_ex(krb5_context context, hdb_entry_ex *ent);
+_kdc_free_ent(krb5_context context, hdb_entry_ex *ent);
void
loop(krb5_context context, krb5_kdc_configuration *config);
@@ -99,7 +95,7 @@ _kdc_check_flags(krb5_context context,
krb5_boolean is_as_req);
krb5_error_code
-_kdc_get_des_key(krb5_context context, hdb_entry*,
+_kdc_get_des_key(krb5_context context, hdb_entry_ex*,
krb5_boolean, krb5_boolean, Key**);
krb5_error_code
@@ -145,7 +141,7 @@ void _kdc_pk_free_client_param(krb5_context, pk_client_params *);
krb5_error_code
_kdc_db_fetch4 (krb5_context context,
krb5_kdc_configuration *config,
- const char*, const char*, const char*, enum hdb_ent_type, hdb_entry**);
+ const char*, const char*, const char*, enum hdb_ent_type, hdb_entry_ex**);
krb5_error_code
_kdc_do_version4 (krb5_context context,
diff --git a/source4/heimdal/kdc/kerberos4.c b/source4/heimdal/kdc/kerberos4.c
index a81fbb7b59..72ea41d9e6 100644
--- a/source4/heimdal/kdc/kerberos4.c
+++ b/source4/heimdal/kdc/kerberos4.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -35,7 +35,7 @@
#include <krb5-v4compat.h>
-RCSID("$Id: kerberos4.c,v 1.54 2005/06/30 01:51:43 lha Exp $");
+RCSID("$Id: kerberos4.c,v 1.56 2005/12/13 19:44:01 lha Exp $");
#ifndef swap32
static u_int32_t
@@ -70,7 +70,7 @@ valid_princ(krb5_context context,
krb5_kdc_configuration *config = funcctx;
krb5_error_code ret;
char *s;
- hdb_entry *ent;
+ hdb_entry_ex *ent;
ret = krb5_unparse_name(context, princ, &s);
if (ret)
@@ -93,7 +93,7 @@ _kdc_db_fetch4(krb5_context context,
krb5_kdc_configuration *config,
const char *name, const char *instance, const char *realm,
enum hdb_ent_type ent_type,
- hdb_entry **ent)
+ hdb_entry_ex **ent)
{
krb5_principal p;
krb5_error_code ret;
@@ -126,7 +126,7 @@ _kdc_do_version4(krb5_context context,
{
krb5_storage *sp;
krb5_error_code ret;
- hdb_entry *client = NULL, *server = NULL;
+ hdb_entry_ex *client = NULL, *server = NULL;
Key *ckey, *skey;
int8_t pvno;
int8_t msg_type;
@@ -201,8 +201,8 @@ _kdc_do_version4(krb5_context context,
}
ret = _kdc_check_flags (context, config,
- client, client_name,
- server, server_name,
+ &client->entry, client_name,
+ &server->entry, server_name,
TRUE);
if (ret) {
/* good error code? */
@@ -217,8 +217,8 @@ _kdc_do_version4(krb5_context context,
*/
if (config->require_preauth
- || client->flags.require_preauth
- || server->flags.require_preauth) {
+ || client->entry.flags.require_preauth
+ || server->entry.flags.require_preauth) {
kdc_log(context, config, 0,
"Pre-authentication required for v4-request: "
"%s for %s",
@@ -240,7 +240,7 @@ _kdc_do_version4(krb5_context context,
/* this is not necessary with the new code in libkrb */
/* find a properly salted key */
while(ckey->salt == NULL || ckey->salt->salt.length != 0)
- ret = hdb_next_keytype2key(context, client, KEYTYPE_DES, &ckey);
+ ret = hdb_next_keytype2key(context, &client->entry, KEYTYPE_DES, &ckey);
if(ret){
kdc_log(context, config, 0, "No version-4 salted key in database -- %s.%s@%s",
name, inst, realm);
@@ -260,10 +260,10 @@ _kdc_do_version4(krb5_context context,
}
max_life = _krb5_krb_life_to_time(0, life);
- if(client->max_life)
- max_life = min(max_life, *client->max_life);
- if(server->max_life)
- max_life = min(max_life, *server->max_life);
+ if(client->entry.max_life)
+ max_life = min(max_life, *client->entry.max_life);
+ if(server->entry.max_life)
+ max_life = min(max_life, *server->entry.max_life);
life = krb_time_to_life(kdc_time, kdc_time + max_life);
@@ -302,7 +302,7 @@ _kdc_do_version4(krb5_context context,
sinst,
config->v4_realm,
life,
- server->kvno % 255,
+ server->entry.kvno % 255,
&ticket,
kdc_time,
&ckey->key,
@@ -321,8 +321,8 @@ _kdc_do_version4(krb5_context context,
realm,
req_time,
0,
- client->pw_end ? *client->pw_end : 0,
- client->kvno % 256,
+ client->entry.pw_end ? *client->entry.pw_end : 0,
+ client->entry.kvno % 256,
&cipher,
reply);
krb5_data_free(&cipher);
@@ -339,7 +339,7 @@ _kdc_do_version4(krb5_context context,
int32_t address;
size_t pos;
krb5_principal tgt_princ = NULL;
- hdb_entry *tgt = NULL;
+ hdb_entry_ex *tgt = NULL;
Key *tkey;
time_t max_end, actual_end, issue_time;
@@ -373,10 +373,10 @@ _kdc_do_version4(krb5_context context,
goto out2;
}
- if(tgt->kvno % 256 != kvno){
+ if(tgt->entry.kvno % 256 != kvno){
kdc_log(context, config, 0,
"tgs-req (krb4) with old kvno %d (current %d) for "
- "krbtgt.%s@%s", kvno, tgt->kvno % 256,
+ "krbtgt.%s@%s", kvno, tgt->entry.kvno % 256,
realm, config->v4_realm);
make_err_reply(context, reply, KDC_AUTH_EXP,
"old krbtgt kvno used");
@@ -489,8 +489,8 @@ _kdc_do_version4(krb5_context context,
}
ret = _kdc_check_flags (context, config,
- client, client_name,
- server, server_name,
+ &client->entry, client_name,
+ &server->entry, server_name,
FALSE);
if (ret) {
/* good error code? */
@@ -511,10 +511,10 @@ _kdc_do_version4(krb5_context context,
max_end = _krb5_krb_life_to_time(ad.time_sec, ad.life);
max_end = min(max_end, _krb5_krb_life_to_time(kdc_time, life));
- if(server->max_life)
- max_end = min(max_end, kdc_time + *server->max_life);
- if(client && client->max_life)
- max_end = min(max_end, kdc_time + *client->max_life);
+ if(server->entry.max_life)
+ max_end = min(max_end, kdc_time + *server->entry.max_life);
+ if(client && client->entry.max_life)
+ max_end = min(max_end, kdc_time + *client->entry.max_life);
life = min(life, krb_time_to_life(kdc_time, max_end));
issue_time = kdc_time;
@@ -571,7 +571,7 @@ _kdc_do_version4(krb5_context context,
sinst,
config->v4_realm,
life,
- server->kvno % 255,
+ server->entry.kvno % 255,
&ticket,
issue_time,
&ad.session,
@@ -721,7 +721,7 @@ _kdc_encode_v4_ticket(krb5_context context,
krb5_error_code
_kdc_get_des_key(krb5_context context,
- hdb_entry *principal, krb5_boolean is_server,
+ hdb_entry_ex *principal, krb5_boolean is_server,
krb5_boolean prefer_afs_key, Key **ret_key)
{
Key *v5_key = NULL, *v4_key = NULL, *afs_key = NULL, *server_key = NULL;
@@ -736,7 +736,7 @@ _kdc_get_des_key(krb5_context context,
afs_key == NULL || server_key == NULL);
++i) {
Key *key = NULL;
- while(hdb_next_enctype2key(context, principal, etypes[i], &key) == 0) {
+ while(hdb_next_enctype2key(context, &principal->entry, etypes[i], &key) == 0) {
if(key->salt == NULL) {
if(v5_key == NULL)
v5_key = key;
diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c
index 6f6203a92c..a0136ba425 100644
--- a/source4/heimdal/kdc/kerberos5.c
+++ b/source4/heimdal/kdc/kerberos5.c
@@ -33,7 +33,7 @@
#include "kdc_locl.h"
-RCSID("$Id: kerberos5.c,v 1.198 2005/11/28 20:33:57 lha Exp $");
+RCSID("$Id: kerberos5.c,v 1.201 2005/12/14 12:17:58 lha Exp $");
#define MAX_TIME ((time_t)((1U << 31) - 1))
@@ -88,7 +88,7 @@ find_padata(KDC_REQ *req, int *start, int type)
*/
static krb5_error_code
-find_etype(krb5_context context, hdb_entry *princ,
+find_etype(krb5_context context, const hdb_entry_ex *princ,
krb5_enctype *etypes, unsigned len,
Key **ret_key, krb5_enctype *ret_etype)
{
@@ -101,7 +101,7 @@ find_etype(krb5_context context, hdb_entry *princ,
if (krb5_enctype_valid(context, etypes[i]) != 0)
continue;
- while (hdb_next_enctype2key(context, princ, etypes[i], &key) == 0) {
+ while (hdb_next_enctype2key(context, &princ->entry, etypes[i], &key) == 0) {
if (key->key.keyvalue.length == 0) {
ret = KRB5KDC_ERR_NULL_KEY;
continue;
@@ -119,8 +119,8 @@ find_etype(krb5_context context, hdb_entry *princ,
static krb5_error_code
find_keys(krb5_context context,
krb5_kdc_configuration *config,
- hdb_entry *client,
- hdb_entry *server,
+ const hdb_entry_ex *client,
+ const hdb_entry_ex *server,
Key **ckey,
krb5_enctype *cetype,
Key **skey,
@@ -136,7 +136,7 @@ find_keys(krb5_context context,
/* find client key */
ret = find_etype(context, client, etypes, num_etypes, ckey, cetype);
if (ret) {
- if (krb5_unparse_name(context, client->principal, &name) != 0)
+ if (krb5_unparse_name(context, client->entry.principal, &name) != 0)
name = unparse_name;
kdc_log(context, config, 0,
"Client (%s) has no support for etypes", name);
@@ -150,7 +150,7 @@ find_keys(krb5_context context,
/* find server key */
ret = find_etype(context, server, etypes, num_etypes, skey, setype);
if (ret) {
- if (krb5_unparse_name(context, server->principal, &name) != 0)
+ if (krb5_unparse_name(context, server->entry.principal, &name) != 0)
name = unparse_name;
kdc_log(context, config, 0,
"Server (%s) has no support for etypes", name);
@@ -805,7 +805,7 @@ _kdc_as_rep(krb5_context context,
AS_REP rep;
KDCOptions f = b->kdc_options;
hdb_entry_ex *client = NULL;
- hdb_entry *server = NULL;
+ hdb_entry_ex *server = NULL;
krb5_enctype cetype, setype;
EncTicketPart et;
EncKDCRepPart ek;
@@ -851,7 +851,7 @@ _kdc_as_rep(krb5_context context,
kdc_log(context, config, 0, "AS-REQ %s from %s for %s",
client_name, from, server_name);
- ret = _kdc_db_fetch_ex(context, config, client_princ, HDB_ENT_TYPE_CLIENT, &client);
+ ret = _kdc_db_fetch(context, config, client_princ, HDB_ENT_TYPE_CLIENT, &client);
if(ret){
kdc_log(context, config, 0, "UNKNOWN -- %s: %s", client_name,
krb5_get_err_text(context, ret));
@@ -869,7 +869,7 @@ _kdc_as_rep(krb5_context context,
ret = _kdc_check_flags(context, config,
&client->entry, client_name,
- server, server_name,
+ &server->entry, server_name,
TRUE);
if(ret)
goto out;
@@ -920,7 +920,7 @@ _kdc_as_rep(krb5_context context,
ret = _kdc_pk_check_client(context,
config,
client_princ,
- &client->entry,
+ client,
pkp,
&client_cert);
if (ret) {
@@ -969,7 +969,8 @@ _kdc_as_rep(krb5_context context,
goto out;
}
- ret = hdb_enctype2key(context, &client->entry, enc_data.etype, &pa_key);
+ ret = hdb_enctype2key(context, &client->entry,
+ enc_data.etype, &pa_key);
if(ret){
char *estr;
e_text = "No key matches pa-data";
@@ -1076,7 +1077,7 @@ _kdc_as_rep(krb5_context context,
}
}else if (config->require_preauth
|| client->entry.flags.require_preauth
- || server->flags.require_preauth) {
+ || server->entry.flags.require_preauth) {
METHOD_DATA method_data;
PA_DATA *pa;
unsigned char *buf;
@@ -1110,11 +1111,12 @@ _kdc_as_rep(krb5_context context,
*/
/* XXX check ret */
if (only_older_enctype_p(req))
- ret = get_pa_etype_info(context, config, &method_data, &client->entry,
+ ret = get_pa_etype_info(context, config,
+ &method_data, &client->entry,
b->etype.val, b->etype.len);
/* XXX check ret */
- ret = get_pa_etype_info2(context, config, &method_data, &client->entry,
- b->etype.val, b->etype.len);
+ ret = get_pa_etype_info2(context, config, &method_data,
+ &client->entry, b->etype.val, b->etype.len);
ASN1_MALLOC_ENCODE(METHOD_DATA, buf, len, &method_data, &len, ret);
@@ -1141,7 +1143,7 @@ _kdc_as_rep(krb5_context context,
}
ret = find_keys(context, config,
- &client->entry, server, &ckey, &cetype, &skey, &setype,
+ client, server, &ckey, &cetype, &skey, &setype,
b->etype.val, b->etype.len);
if(ret) {
kdc_log(context, config, 0, "Server/client has no support for etypes");
@@ -1213,12 +1215,12 @@ _kdc_as_rep(krb5_context context,
_krb5_principal2principalname(&rep.cname,
client->entry.principal);
rep.ticket.tkt_vno = 5;
- copy_Realm(&server->principal->realm, &rep.ticket.realm);
+ copy_Realm(&server->entry.principal->realm, &rep.ticket.realm);
_krb5_principal2principalname(&rep.ticket.sname,
- server->principal);
+ server->entry.principal);
et.flags.initial = 1;
- if(client->entry.flags.forwardable && server->flags.forwardable)
+ if(client->entry.flags.forwardable && server->entry.flags.forwardable)
et.flags.forwardable = f.forwardable;
else if (f.forwardable) {
ret = KRB5KDC_ERR_POLICY;
@@ -1226,7 +1228,7 @@ _kdc_as_rep(krb5_context context,
"Ticket may not be forwardable -- %s", client_name);
goto out;
}
- if(client->entry.flags.proxiable && server->flags.proxiable)
+ if(client->entry.flags.proxiable && server->entry.flags.proxiable)
et.flags.proxiable = f.proxiable;
else if (f.proxiable) {
ret = KRB5KDC_ERR_POLICY;
@@ -1234,7 +1236,7 @@ _kdc_as_rep(krb5_context context,
"Ticket may not be proxiable -- %s", client_name);
goto out;
}
- if(client->entry.flags.postdate && server->flags.postdate)
+ if(client->entry.flags.postdate && server->entry.flags.postdate)
et.flags.may_postdate = f.allow_postdate;
else if (f.allow_postdate){
ret = KRB5KDC_ERR_POLICY;
@@ -1274,8 +1276,8 @@ _kdc_as_rep(krb5_context context,
if(client->entry.max_life)
t = start + min(t - start, *client->entry.max_life);
- if(server->max_life)
- t = start + min(t - start, *server->max_life);
+ if(server->entry.max_life)
+ t = start + min(t - start, *server->entry.max_life);
#if 0
t = min(t, start + realm->max_life);
#endif
@@ -1295,8 +1297,8 @@ _kdc_as_rep(krb5_context context,
t = MAX_TIME;
if(client->entry.max_renew)
t = start + min(t - start, *client->entry.max_renew);
- if(server->max_renew)
- t = start + min(t - start, *server->max_renew);
+ if(server->entry.max_renew)
+ t = start + min(t - start, *server->entry.max_renew);
#if 0
t = min(t, start + realm->max_renew);
#endif
@@ -1352,7 +1354,8 @@ _kdc_as_rep(krb5_context context,
ALLOC(ek.key_expiration);
if (client->entry.valid_end) {
if (client->entry.pw_end)
- *ek.key_expiration = min(*client->entry.valid_end, *client->entry.pw_end);
+ *ek.key_expiration = min(*client->entry.valid_end,
+ *client->entry.pw_end);
else
*ek.key_expiration = *client->entry.valid_end;
} else
@@ -1415,7 +1418,7 @@ _kdc_as_rep(krb5_context context,
et.endtime, et.renew_till);
ret = encode_reply(context, config,
- &rep, &et, &ek, setype, server->kvno, &skey->key,
+ &rep, &et, &ek, setype, server->entry.kvno, &skey->key,
client->entry.kvno, reply_key, &e_text, reply);
free_EncTicketPart(&et);
free_EncKDCRepPart(&ek);
@@ -1445,7 +1448,7 @@ _kdc_as_rep(krb5_context context,
krb5_free_principal(context, server_princ);
free(server_name);
if(client)
- _kdc_free_ent_ex(context, client);
+ _kdc_free_ent(context, client);
if(server)
_kdc_free_ent(context, server);
return ret;
@@ -1697,9 +1700,9 @@ tgs_make_reply(krb5_context context,
AuthorizationData *auth_data,
krb5_ticket *tgs_ticket,
hdb_entry_ex *server,
- hdb_entry *client,
+ hdb_entry_ex *client,
krb5_principal client_principal,
- hdb_entry *krbtgt,
+ hdb_entry_ex *krbtgt,
EncryptionKey *tgtkey,
krb5_enctype cetype,
const char **e_text,
@@ -1717,21 +1720,18 @@ tgs_make_reply(krb5_context context,
if(adtkt) {
int i;
- krb5_keytype kt;
ekey = &adtkt->key;
- for(i = 0; i < b->etype.len; i++){
- ret = krb5_enctype_to_keytype(context, b->etype.val[i], &kt);
- if(ret)
- continue;
- if(adtkt->key.keytype == kt)
+ for(i = 0; i < b->etype.len; i++)
+ if (b->etype.val[i] == adtkt->key.keytype)
break;
- }
- if(i == b->etype.len)
+ if(i == b->etype.len) {
+ krb5_clear_error_string(context);
return KRB5KDC_ERR_ETYPE_NOSUPP;
+ }
etype = b->etype.val[i];
}else{
ret = find_keys(context, config,
- NULL, &server->entry, NULL, NULL, &skey, &etype,
+ NULL, server, NULL, NULL, &skey, &etype,
b->etype.val, b->etype.len);
if(ret) {
kdc_log(context, config, 0, "Server has no support for etypes");
@@ -1786,7 +1786,7 @@ tgs_make_reply(krb5_context context,
&tgt->transited, &et,
*krb5_princ_realm(context, client_principal),
*krb5_princ_realm(context, server->entry.principal),
- *krb5_princ_realm(context, krbtgt->principal));
+ *krb5_princ_realm(context, krbtgt->entry.principal));
if(ret)
goto out;
@@ -1807,8 +1807,8 @@ tgs_make_reply(krb5_context context,
{
time_t life;
life = et.endtime - *et.starttime;
- if(client && client->max_life)
- life = min(life, *client->max_life);
+ if(client && client->entry.max_life)
+ life = min(life, *client->entry.max_life);
if(server->entry.max_life)
life = min(life, *server->entry.max_life);
et.endtime = *et.starttime + life;
@@ -1822,8 +1822,8 @@ tgs_make_reply(krb5_context context,
if(et.renew_till){
time_t renew;
renew = *et.renew_till - et.authtime;
- if(client && client->max_renew)
- renew = min(renew, *client->max_renew);
+ if(client && client->entry.max_renew)
+ renew = min(renew, *client->entry.max_renew);
if(server->entry.max_renew)
renew = min(renew, *server->entry.max_renew);
*et.renew_till = et.authtime + renew;
@@ -1902,8 +1902,8 @@ tgs_make_reply(krb5_context context,
etype list, even if we don't want a session key with
DES3? */
ret = encode_reply(context, config,
- &rep, &et, &ek, etype, adtkt ? 0 : server->entry.kvno, ekey,
- 0, &tgt->key, e_text, reply);
+ &rep, &et, &ek, etype, adtkt ? 0 : server->entry.kvno,
+ ekey, 0, &tgt->key, e_text, reply);
out:
free_TGS_REP(&rep);
free_TransitedEncoding(&et.transited);
@@ -2053,7 +2053,7 @@ tgs_rep2(krb5_context context,
const char *e_text = NULL;
krb5_crypto crypto;
- hdb_entry *krbtgt = NULL;
+ hdb_entry_ex *krbtgt = NULL;
EncTicketPart *tgt;
Key *tkey;
krb5_enctype cetype;
@@ -2101,7 +2101,7 @@ tgs_rep2(krb5_context context,
}
if(ap_req.ticket.enc_part.kvno &&
- *ap_req.ticket.enc_part.kvno != krbtgt->kvno){
+ *ap_req.ticket.enc_part.kvno != krbtgt->entry.kvno){
char *p;
ret = krb5_unparse_name (context, princ, &p);
@@ -2111,7 +2111,7 @@ tgs_rep2(krb5_context context,
kdc_log(context, config, 0,
"Ticket kvno = %d, DB kvno = %d (%s)",
*ap_req.ticket.enc_part.kvno,
- krbtgt->kvno,
+ krbtgt->entry.kvno,
p);
if (ret == 0)
free (p);
@@ -2119,13 +2119,16 @@ tgs_rep2(krb5_context context,
goto out2;
}
- ret = hdb_enctype2key(context, krbtgt, ap_req.ticket.enc_part.etype, &tkey);
+ ret = hdb_enctype2key(context, &krbtgt->entry,
+ ap_req.ticket.enc_part.etype, &tkey);
if(ret){
- char *str;
+ char *str, *p;
krb5_enctype_to_string(context, ap_req.ticket.enc_part.etype, &str);
+ krb5_unparse_name(context, princ, &p);
kdc_log(context, config, 0,
- "No server key found for %s", str);
+ "No server key with enctype %s found for %s", str, p);
free(str);
+ free(p);
ret = KRB5KRB_AP_ERR_BADKEYVER;
goto out2;
}
@@ -2252,8 +2255,7 @@ tgs_rep2(krb5_context context,
PrincipalName *s;
Realm r;
char *spn = NULL, *cpn = NULL;
- hdb_entry_ex *server = NULL;
- hdb_entry *client = NULL;
+ hdb_entry_ex *server = NULL, *client = NULL;
int nloop = 0;
EncTicketPart adtkt;
char opt_str[128];
@@ -2262,7 +2264,7 @@ tgs_rep2(krb5_context context,
r = b->realm;
if(b->kdc_options.enc_tkt_in_skey){
Ticket *t;
- hdb_entry *uu;
+ hdb_entry_ex *uu;
krb5_principal p;
Key *uukey;
@@ -2288,13 +2290,15 @@ tgs_rep2(krb5_context context,
ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
goto out;
}
- ret = hdb_enctype2key(context, uu, t->enc_part.etype, &uukey);
+ ret = hdb_enctype2key(context, &uu->entry,
+ t->enc_part.etype, &uukey);
if(ret){
+ _kdc_free_ent(context, uu);
ret = KRB5KDC_ERR_ETYPE_NOSUPP; /* XXX */
goto out;
}
ret = krb5_decrypt_ticket(context, t, &uukey->key, &adtkt, 0);
-
+ _kdc_free_ent(context, uu);
if(ret)
goto out;
s = &adtkt.cname;
@@ -2320,7 +2324,7 @@ tgs_rep2(krb5_context context,
kdc_log(context, config, 0,
"TGS-REQ %s from %s for %s", cpn, from, spn);
server_lookup:
- ret = _kdc_db_fetch_ex(context, config, sp, HDB_ENT_TYPE_SERVER, &server);
+ ret = _kdc_db_fetch(context, config, sp, HDB_ENT_TYPE_SERVER, &server);
if(ret){
const char *new_rlm;
@@ -2386,9 +2390,9 @@ tgs_rep2(krb5_context context,
#endif
if(strcmp(krb5_principal_get_realm(context, sp),
- krb5_principal_get_comp_string(context, krbtgt->principal, 1)) != 0) {
+ krb5_principal_get_comp_string(context, krbtgt->entry.principal, 1)) != 0) {
char *tpn;
- ret = krb5_unparse_name(context, krbtgt->principal, &tpn);
+ ret = krb5_unparse_name(context, krbtgt->entry.principal, &tpn);
kdc_log(context, config, 0,
"Request with wrong krbtgt: %s",
(ret == 0) ? tpn : "<unknown>");
@@ -2400,7 +2404,7 @@ tgs_rep2(krb5_context context,
}
ret = _kdc_check_flags(context, config,
- client, cpn,
+ &client->entry, cpn,
&server->entry, spn,
FALSE);
if(ret)
@@ -2408,7 +2412,7 @@ tgs_rep2(krb5_context context,
if((b->kdc_options.validate || b->kdc_options.renew) &&
!krb5_principal_compare(context,
- krbtgt->principal,
+ krbtgt->entry.principal,
server->entry.principal)){
kdc_log(context, config, 0, "Inconsistent request.");
ret = KRB5KDC_ERR_SERVER_NOMATCH;
@@ -2422,7 +2426,8 @@ tgs_rep2(krb5_context context,
goto out;
}
- ret = tgs_make_reply(context, config,
+ ret = tgs_make_reply(context,
+ config,
b,
tgt,
b->kdc_options.enc_tkt_in_skey ? &adtkt : NULL,
@@ -2442,7 +2447,7 @@ tgs_rep2(krb5_context context,
free(cpn);
if(server)
- _kdc_free_ent_ex(context, server);
+ _kdc_free_ent(context, server);
if(client)
_kdc_free_ent(context, client);
}
diff --git a/source4/heimdal/kdc/misc.c b/source4/heimdal/kdc/misc.c
index b14bb50ea5..3027d32cfc 100644
--- a/source4/heimdal/kdc/misc.c
+++ b/source4/heimdal/kdc/misc.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,7 +33,7 @@
#include "kdc_locl.h"
-RCSID("$Id: misc.c,v 1.25 2005/06/30 01:53:48 lha Exp $");
+RCSID("$Id: misc.c,v 1.26 2005/12/12 12:37:31 lha Exp $");
struct timeval _kdc_now;
@@ -41,16 +41,15 @@ krb5_error_code
_kdc_db_fetch(krb5_context context,
krb5_kdc_configuration *config,
krb5_principal principal, enum hdb_ent_type ent_type,
- hdb_entry **h)
+ hdb_entry_ex **h)
{
- hdb_entry *ent;
+ hdb_entry_ex *ent;
krb5_error_code ret = HDB_ERR_NOENTRY;
int i;
ent = malloc (sizeof (*ent));
if (ent == NULL)
return ENOMEM;
- ent->principal = principal;
for(i = 0; i < config->num_db; i++) {
ret = config->db[i]->hdb_open(context, config->db[i], O_RDONLY, 0);
@@ -76,65 +75,9 @@ _kdc_db_fetch(krb5_context context,
}
void
-_kdc_free_ent(krb5_context context, hdb_entry *ent)
+_kdc_free_ent(krb5_context context, hdb_entry_ex *ent)
{
hdb_free_entry (context, ent);
free (ent);
}
-krb5_error_code
-_kdc_db_fetch_ex(krb5_context context,
- krb5_kdc_configuration *config,
- krb5_principal principal, enum hdb_ent_type ent_type,
- hdb_entry_ex **h)
-{
- hdb_entry_ex *ent;
- krb5_error_code ret = HDB_ERR_NOENTRY;
- int i;
-
- ent = malloc (sizeof (*ent));
- if (ent == NULL)
- return ENOMEM;
- memset(ent, '\0', sizeof(*ent));
-
- ent->entry.principal = principal;
-
- for(i = 0; i < config->num_db; i++) {
- ret = config->db[i]->hdb_open(context, config->db[i], O_RDONLY, 0);
- if (ret) {
- kdc_log(context, config, 0, "Failed to open database: %s",
- krb5_get_err_text(context, ret));
- continue;
- }
- if (config->db[i]->hdb_fetch_ex) {
- ret = config->db[i]->hdb_fetch_ex(context,
- config->db[i],
- HDB_F_DECRYPT,
- principal,
- ent_type,
- ent);
- } else {
- ret = config->db[i]->hdb_fetch(context,
- config->db[i],
- HDB_F_DECRYPT,
- principal,
- ent_type,
- &ent->entry);
- }
- config->db[i]->hdb_close(context, config->db[i]);
- if(ret == 0) {
- *h = ent;
- return 0;
- }
- }
- free(ent);
- return ret;
-}
-
-void
-_kdc_free_ent_ex(krb5_context context, hdb_entry_ex *ent)
-{
- hdb_free_entry_ex (context, ent);
- free (ent);
-}
-
diff --git a/source4/heimdal/lib/asn1/gen.c b/source4/heimdal/lib/asn1/gen.c
index aee1ee5b3f..921d2ebba6 100644
--- a/source4/heimdal/lib/asn1/gen.c
+++ b/source4/heimdal/lib/asn1/gen.c
@@ -33,7 +33,7 @@
#include "gen_locl.h"
-RCSID("$Id: gen.c,v 1.63 2005/08/23 10:49:16 lha Exp $");
+RCSID("$Id: gen.c,v 1.64 2005/12/06 19:59:13 lha Exp $");
FILE *headerfile, *codefile, *logfile;
@@ -567,6 +567,7 @@ define_type (int level, const char *name, Type *t, int typedefp, int preservep)
i.type = TInteger;
i.range = &range;
i.members = NULL;
+ i.constraint = NULL;
space(level);
if(ASN1_TAILQ_EMPTY(t->members))
@@ -640,6 +641,7 @@ define_type (int level, const char *name, Type *t, int typedefp, int preservep)
i.type = TInteger;
i.range = &range;
i.members = NULL;
+ i.constraint = NULL;
space(level);
fprintf (headerfile, "struct %s {\n", typedefp ? name : "");
diff --git a/source4/heimdal/lib/asn1/parse.c b/source4/heimdal/lib/asn1/parse.c
index 858a669da1..0bf3cdafdb 100644
--- a/source4/heimdal/lib/asn1/parse.c
+++ b/source4/heimdal/lib/asn1/parse.c
@@ -247,9 +247,10 @@
#include "gen_locl.h"
#include "der.h"
-RCSID("$Id: parse.y,v 1.25 2005/08/23 10:52:31 lha Exp $");
+RCSID("$Id: parse.y,v 1.27 2005/12/14 09:44:36 lha Exp $");
static Type *new_type (Typetype t);
+static struct constraint_spec *new_constraint_spec(enum ctype);
static Type *new_tag(int tagclass, int tagvalue, int tagenv, Type *oldtype);
void yyerror (const char *);
static struct objid *new_objid(const char *label, int value);
@@ -277,7 +278,7 @@ struct string_list {
#endif
#if ! defined (YYSTYPE) && ! defined (YYSTYPE_IS_DECLARED)
-#line 64 "parse.y"
+#line 65 "parse.y"
typedef union YYSTYPE {
int constant;
struct value *value;
@@ -290,9 +291,10 @@ typedef union YYSTYPE {
struct string_list *sl;
struct tagtype tag;
struct memhead *members;
+ struct constraint_spec *constraint_spec;
} YYSTYPE;
/* Line 190 of yacc.c. */
-#line 296 "parse.c"
+#line 298 "parse.c"
# define yystype YYSTYPE /* obsolescent; will be withdrawn */
# define YYSTYPE_IS_DECLARED 1
# define YYSTYPE_IS_TRIVIAL 1
@@ -304,7 +306,7 @@ typedef union YYSTYPE {
/* Line 213 of yacc.c. */
-#line 308 "parse.c"
+#line 310 "parse.c"
#if ! defined (yyoverflow) || YYERROR_VERBOSE
@@ -406,16 +408,16 @@ union yyalloc
/* YYFINAL -- State number of the termination state. */
#define YYFINAL 4
/* YYLAST -- Last index in YYTABLE. */
-#define YYLAST 152
+#define YYLAST 168
/* YYNTOKENS -- Number of terminals. */
#define YYNTOKENS 98
/* YYNNTS -- Number of nonterminals. */
-#define YYNNTS 61
+#define YYNNTS 67
/* YYNRULES -- Number of rules. */
-#define YYNRULES 120
+#define YYNRULES 130
/* YYNRULES -- Number of states. */
-#define YYNSTATES 181
+#define YYNSTATES 201
/* YYTRANSLATE(YYLEX) -- Bison symbol number corresponding to YYLEX. */
#define YYUNDEFTOK 2
@@ -473,15 +475,16 @@ static const unsigned short int yyprhs[] =
29, 30, 34, 35, 37, 38, 40, 43, 48, 50,
53, 55, 57, 61, 63, 67, 69, 71, 73, 75,
77, 79, 81, 83, 85, 87, 89, 91, 93, 95,
- 97, 99, 101, 107, 109, 112, 117, 119, 123, 127,
- 132, 137, 139, 142, 148, 151, 154, 156, 161, 165,
- 169, 174, 178, 182, 187, 189, 191, 193, 195, 197,
- 201, 206, 207, 209, 211, 213, 214, 216, 218, 223,
- 225, 227, 229, 231, 233, 235, 237, 239, 243, 247,
- 250, 252, 255, 259, 261, 265, 270, 272, 273, 277,
- 278, 281, 286, 288, 290, 292, 294, 296, 298, 300,
- 302, 304, 306, 308, 310, 312, 314, 316, 318, 320,
- 322
+ 97, 99, 101, 103, 109, 111, 114, 119, 121, 125,
+ 129, 134, 139, 141, 144, 150, 153, 156, 158, 163,
+ 167, 171, 176, 180, 184, 189, 191, 193, 195, 197,
+ 199, 202, 206, 208, 210, 212, 215, 219, 225, 230,
+ 234, 239, 240, 242, 244, 246, 247, 249, 251, 256,
+ 258, 260, 262, 264, 266, 268, 270, 272, 276, 280,
+ 283, 285, 288, 292, 294, 298, 303, 305, 306, 310,
+ 311, 314, 319, 321, 323, 325, 327, 329, 331, 333,
+ 335, 337, 339, 341, 343, 345, 347, 349, 351, 353,
+ 355
};
/* YYRHS -- A `-1'-separated list of the rules' RHS. */
@@ -491,53 +494,57 @@ static const short int yyrhs[] =
24, -1, 27, 70, -1, 38, 70, -1, 7, 70,
-1, -1, 29, 39, -1, -1, 103, 107, -1, -1,
40, 104, 90, -1, -1, 105, -1, -1, 106, -1,
- 105, 106, -1, 109, 32, 86, 144, -1, 108, -1,
- 108, 107, -1, 110, -1, 136, -1, 86, 91, 109,
+ 105, 106, -1, 109, 32, 86, 150, -1, 108, -1,
+ 108, 107, -1, 110, -1, 142, -1, 86, 91, 109,
-1, 86, -1, 86, 84, 111, -1, 112, -1, 129,
- -1, 120, -1, 113, -1, 137, -1, 128, -1, 118,
- -1, 115, -1, 123, -1, 121, -1, 122, -1, 124,
- -1, 125, -1, 126, -1, 127, -1, 132, -1, 11,
- -1, 92, 148, 83, 148, 93, -1, 43, -1, 43,
- 114, -1, 43, 94, 116, 95, -1, 117, -1, 116,
- 91, 117, -1, 116, 91, 85, -1, 86, 92, 156,
- 93, -1, 25, 94, 119, 95, -1, 116, -1, 9,
- 67, -1, 9, 67, 94, 142, 95, -1, 51, 37,
- -1, 52, 67, -1, 49, -1, 64, 94, 139, 95,
- -1, 64, 94, 95, -1, 64, 53, 111, -1, 65,
- 94, 139, 95, -1, 65, 94, 95, -1, 65, 53,
- 111, -1, 14, 94, 139, 95, -1, 130, -1, 131,
- -1, 86, -1, 34, -1, 77, -1, 133, 135, 111,
- -1, 96, 134, 89, 97, -1, -1, 76, -1, 6,
- -1, 60, -1, -1, 27, -1, 38, -1, 86, 111,
- 84, 148, -1, 138, -1, 33, -1, 78, -1, 61,
- -1, 36, -1, 10, -1, 79, -1, 141, -1, 139,
- 91, 141, -1, 139, 91, 85, -1, 86, 111, -1,
- 140, -1, 140, 54, -1, 140, 20, 148, -1, 143,
- -1, 142, 91, 143, -1, 86, 92, 89, 93, -1,
- 145, -1, -1, 94, 146, 95, -1, -1, 147, 146,
- -1, 86, 92, 89, 93, -1, 86, -1, 89, -1,
- 149, -1, 150, -1, 154, -1, 153, -1, 155, -1,
- 158, -1, 157, -1, 151, -1, 152, -1, 86, -1,
- 88, -1, 71, -1, 31, -1, 156, -1, 89, -1,
- 49, -1, 145, -1
+ -1, 132, -1, 120, -1, 113, -1, 143, -1, 128,
+ -1, 118, -1, 115, -1, 123, -1, 121, -1, 122,
+ -1, 124, -1, 125, -1, 126, -1, 127, -1, 138,
+ -1, 11, -1, 92, 154, 83, 154, 93, -1, 43,
+ -1, 43, 114, -1, 43, 94, 116, 95, -1, 117,
+ -1, 116, 91, 117, -1, 116, 91, 85, -1, 86,
+ 92, 162, 93, -1, 25, 94, 119, 95, -1, 116,
+ -1, 9, 67, -1, 9, 67, 94, 148, 95, -1,
+ 51, 37, -1, 52, 67, -1, 49, -1, 64, 94,
+ 145, 95, -1, 64, 94, 95, -1, 64, 53, 111,
+ -1, 65, 94, 145, 95, -1, 65, 94, 95, -1,
+ 65, 53, 111, -1, 14, 94, 145, 95, -1, 130,
+ -1, 131, -1, 86, -1, 34, -1, 77, -1, 111,
+ 133, -1, 92, 134, 93, -1, 135, -1, 136, -1,
+ 137, -1, 19, 111, -1, 23, 12, 154, -1, 19,
+ 111, 23, 12, 154, -1, 18, 12, 94, 95, -1,
+ 139, 141, 111, -1, 96, 140, 89, 97, -1, -1,
+ 76, -1, 6, -1, 60, -1, -1, 27, -1, 38,
+ -1, 86, 111, 84, 154, -1, 144, -1, 33, -1,
+ 78, -1, 61, -1, 36, -1, 10, -1, 79, -1,
+ 147, -1, 145, 91, 147, -1, 145, 91, 85, -1,
+ 86, 111, -1, 146, -1, 146, 54, -1, 146, 20,
+ 154, -1, 149, -1, 148, 91, 149, -1, 86, 92,
+ 89, 93, -1, 151, -1, -1, 94, 152, 95, -1,
+ -1, 153, 152, -1, 86, 92, 89, 93, -1, 86,
+ -1, 89, -1, 155, -1, 156, -1, 160, -1, 159,
+ -1, 161, -1, 164, -1, 163, -1, 157, -1, 158,
+ -1, 86, -1, 88, -1, 71, -1, 31, -1, 162,
+ -1, 89, -1, 49, -1, 151, -1
};
/* YYRLINE[YYN] -- source line where rule number YYN was defined. */
static const unsigned short int yyrline[] =
{
- 0, 222, 222, 229, 230, 232, 234, 237, 239, 242,
- 243, 246, 247, 250, 251, 254, 255, 258, 269, 270,
- 273, 274, 277, 283, 291, 301, 302, 305, 306, 307,
- 308, 309, 310, 311, 312, 313, 314, 315, 316, 317,
- 318, 321, 328, 338, 343, 350, 358, 364, 369, 373,
- 386, 394, 397, 404, 412, 418, 425, 432, 438, 446,
- 454, 460, 468, 476, 483, 484, 487, 498, 503, 510,
- 523, 532, 535, 539, 543, 550, 553, 557, 564, 575,
- 578, 583, 588, 593, 598, 603, 611, 617, 622, 633,
- 644, 650, 656, 664, 670, 677, 690, 691, 694, 701,
- 704, 715, 719, 730, 736, 737, 740, 741, 742, 743,
- 744, 747, 750, 753, 764, 772, 778, 786, 794, 797,
- 802
+ 0, 231, 231, 238, 239, 241, 243, 246, 248, 251,
+ 252, 255, 256, 259, 260, 263, 264, 267, 278, 279,
+ 282, 283, 286, 292, 300, 310, 311, 312, 315, 316,
+ 317, 318, 319, 320, 321, 322, 323, 324, 325, 326,
+ 327, 328, 331, 338, 348, 353, 360, 368, 374, 379,
+ 383, 396, 404, 407, 414, 422, 428, 435, 442, 448,
+ 456, 464, 470, 478, 486, 493, 494, 497, 508, 513,
+ 520, 536, 541, 543, 544, 547, 553, 561, 571, 577,
+ 590, 599, 602, 606, 610, 617, 620, 624, 631, 642,
+ 645, 650, 655, 660, 665, 670, 678, 684, 689, 700,
+ 711, 717, 723, 731, 737, 744, 757, 758, 761, 768,
+ 771, 782, 786, 797, 803, 804, 807, 808, 809, 810,
+ 811, 814, 817, 820, 831, 839, 845, 853, 861, 864,
+ 869
};
#endif
@@ -575,7 +582,9 @@ static const char *const yytname[] =
"Enumerations", "BitStringType", "ObjectIdentifierType",
"OctetStringType", "NullType", "SequenceType", "SequenceOfType",
"SetType", "SetOfType", "ChoiceType", "ReferencedType", "DefinedType",
- "UsefulType", "TaggedType", "Tag", "Class", "tagenv", "ValueAssignment",
+ "UsefulType", "ConstrainedType", "Constraint", "ConstraintSpec",
+ "GeneralConstraint", "ContentsConstraint", "UserDefinedConstraint",
+ "TaggedType", "Tag", "Class", "tagenv", "ValueAssignment",
"CharacterStringType", "RestrictedCharactedStringType",
"ComponentTypeList", "NamedType", "ComponentType", "NamedBitList",
"NamedBit", "objid_opt", "objid", "objid_list", "objid_element", "Value",
@@ -608,17 +617,18 @@ static const unsigned char yyr1[] =
{
0, 98, 99, 100, 100, 100, 100, 101, 101, 102,
102, 103, 103, 104, 104, 105, 105, 106, 107, 107,
- 108, 108, 109, 109, 110, 111, 111, 112, 112, 112,
+ 108, 108, 109, 109, 110, 111, 111, 111, 112, 112,
112, 112, 112, 112, 112, 112, 112, 112, 112, 112,
- 112, 113, 114, 115, 115, 115, 116, 116, 116, 117,
- 118, 119, 120, 120, 121, 122, 123, 124, 124, 125,
- 126, 126, 127, 128, 129, 129, 130, 131, 131, 132,
- 133, 134, 134, 134, 134, 135, 135, 135, 136, 137,
- 138, 138, 138, 138, 138, 138, 139, 139, 139, 140,
- 141, 141, 141, 142, 142, 143, 144, 144, 145, 146,
- 146, 147, 147, 147, 148, 148, 149, 149, 149, 149,
- 149, 150, 151, 152, 153, 154, 154, 155, 156, 157,
- 158
+ 112, 112, 113, 114, 115, 115, 115, 116, 116, 116,
+ 117, 118, 119, 120, 120, 121, 122, 123, 124, 124,
+ 125, 126, 126, 127, 128, 129, 129, 130, 131, 131,
+ 132, 133, 134, 135, 135, 136, 136, 136, 137, 138,
+ 139, 140, 140, 140, 140, 141, 141, 141, 142, 143,
+ 144, 144, 144, 144, 144, 144, 145, 145, 145, 146,
+ 147, 147, 147, 148, 148, 149, 150, 150, 151, 152,
+ 152, 153, 153, 153, 154, 154, 155, 155, 155, 155,
+ 155, 156, 157, 158, 159, 160, 160, 161, 162, 163,
+ 164
};
/* YYR2[YYN] -- Number of symbols composing right hand side of rule YYN. */
@@ -628,9 +638,10 @@ static const unsigned char yyr2[] =
0, 3, 0, 1, 0, 1, 2, 4, 1, 2,
1, 1, 3, 1, 3, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 5, 1, 2, 4, 1, 3, 3, 4,
- 4, 1, 2, 5, 2, 2, 1, 4, 3, 3,
- 4, 3, 3, 4, 1, 1, 1, 1, 1, 3,
+ 1, 1, 1, 5, 1, 2, 4, 1, 3, 3,
+ 4, 4, 1, 2, 5, 2, 2, 1, 4, 3,
+ 3, 4, 3, 3, 4, 1, 1, 1, 1, 1,
+ 2, 3, 1, 1, 1, 2, 3, 5, 4, 3,
4, 0, 1, 1, 1, 0, 1, 1, 4, 1,
1, 1, 1, 1, 1, 1, 1, 3, 3, 2,
1, 2, 3, 1, 3, 4, 1, 0, 3, 0,
@@ -647,72 +658,76 @@ static const unsigned char yydefact[] =
0, 0, 0, 6, 1, 0, 0, 0, 8, 5,
3, 4, 0, 0, 7, 0, 10, 14, 0, 0,
23, 0, 13, 15, 0, 2, 0, 9, 18, 20,
- 21, 0, 11, 16, 0, 0, 84, 41, 0, 0,
- 80, 67, 83, 43, 56, 0, 0, 82, 0, 0,
- 68, 81, 85, 0, 66, 71, 0, 25, 28, 32,
- 31, 27, 34, 35, 33, 36, 37, 38, 39, 30,
- 26, 64, 65, 40, 75, 29, 79, 19, 22, 97,
- 52, 0, 0, 0, 0, 44, 54, 55, 0, 0,
- 0, 0, 24, 73, 74, 72, 0, 0, 76, 77,
- 0, 99, 17, 96, 0, 0, 0, 90, 86, 0,
- 51, 46, 0, 116, 119, 115, 113, 114, 118, 120,
- 0, 104, 105, 111, 112, 107, 106, 108, 117, 110,
- 109, 0, 59, 58, 0, 62, 61, 0, 0, 78,
- 69, 102, 103, 0, 99, 0, 0, 93, 89, 0,
- 63, 0, 91, 0, 0, 50, 0, 45, 57, 60,
- 70, 0, 98, 100, 0, 0, 53, 88, 87, 92,
- 0, 48, 47, 0, 0, 0, 94, 49, 42, 101,
- 95
+ 21, 0, 11, 16, 0, 0, 94, 42, 0, 0,
+ 90, 68, 93, 44, 57, 0, 0, 92, 0, 0,
+ 69, 91, 95, 0, 67, 81, 0, 25, 29, 33,
+ 32, 28, 35, 36, 34, 37, 38, 39, 40, 31,
+ 26, 65, 66, 27, 41, 85, 30, 89, 19, 22,
+ 107, 53, 0, 0, 0, 0, 45, 55, 56, 0,
+ 0, 0, 0, 24, 83, 84, 82, 0, 0, 0,
+ 70, 86, 87, 0, 109, 17, 106, 0, 0, 0,
+ 100, 96, 0, 52, 47, 0, 126, 129, 125, 123,
+ 124, 128, 130, 0, 114, 115, 121, 122, 117, 116,
+ 118, 127, 120, 119, 0, 60, 59, 0, 63, 62,
+ 0, 0, 88, 0, 0, 0, 0, 72, 73, 74,
+ 79, 112, 113, 0, 109, 0, 0, 103, 99, 0,
+ 64, 0, 101, 0, 0, 51, 0, 46, 58, 61,
+ 80, 0, 75, 0, 71, 0, 108, 110, 0, 0,
+ 54, 98, 97, 102, 0, 49, 48, 0, 0, 0,
+ 76, 0, 0, 104, 50, 43, 78, 0, 111, 105,
+ 77
};
/* YYDEFGOTO[NTERM-NUM]. */
static const short int yydefgoto[] =
{
-1, 2, 8, 13, 18, 19, 21, 22, 23, 27,
- 28, 24, 29, 56, 57, 58, 85, 59, 110, 111,
- 60, 112, 61, 62, 63, 64, 65, 66, 67, 68,
- 69, 70, 71, 72, 73, 74, 96, 100, 30, 75,
- 76, 106, 107, 108, 146, 147, 102, 119, 143, 144,
- 120, 121, 122, 123, 124, 125, 126, 127, 128, 129,
- 130
+ 28, 24, 29, 56, 57, 58, 86, 59, 113, 114,
+ 60, 115, 61, 62, 63, 64, 65, 66, 67, 68,
+ 69, 70, 71, 72, 73, 100, 146, 147, 148, 149,
+ 74, 75, 97, 103, 30, 76, 77, 109, 110, 111,
+ 156, 157, 105, 122, 153, 154, 123, 124, 125, 126,
+ 127, 128, 129, 130, 131, 132, 133
};
/* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing
STATE-NUM. */
-#define YYPACT_NINF -94
-static const yysigned_char yypact[] =
+#define YYPACT_NINF -99
+static const short int yypact[] =
{
- -49, 5, 60, 3, -94, -6, 1, 10, 43, -94,
- -94, -94, 42, -2, -94, 76, -33, 0, 64, 4,
- 7, 9, 0, -94, 61, -94, -9, -94, 4, -94,
- -94, 0, -94, -94, 14, 28, -94, -94, 12, 13,
- -94, -94, -94, -56, -94, 66, 41, -94, -50, -47,
- -94, -94, -94, 40, -94, 2, 25, -94, -94, -94,
- -94, -94, -94, -94, -94, -94, -94, -94, -94, -94,
- -94, -94, -94, -94, -18, -94, -94, -94, -94, 16,
- 17, 26, 27, 8, 27, -94, -94, -94, 40, -73,
- 40, -72, -94, -94, -94, -94, 34, 8, -94, -94,
- 40, -41, -94, -94, 29, 40, -80, -8, -94, 22,
- 30, -94, 21, -94, -94, -94, -94, -94, -94, -94,
- 44, -94, -94, -94, -94, -94, -94, -94, -94, -94,
- -94, -74, -94, -94, -63, -94, -94, -62, 31, -94,
- -94, 33, -94, 35, -41, 37, -60, -94, -94, -67,
- -94, 8, -94, 45, -19, -94, 8, -94, -94, -94,
- -94, 46, -94, -94, 49, 29, -94, -94, -94, -94,
- 38, -94, -94, 47, 48, 50, -94, -94, -94, -94,
- -94
+ -46, 20, 13, 21, -99, 11, 23, 25, 54, -99,
+ -99, -99, 58, 6, -99, 90, -34, 15, 80, 19,
+ 16, 18, 15, -99, 74, -99, -7, -99, 19, -99,
+ -99, 15, -99, -99, 24, 42, -99, -99, 17, 26,
+ -99, -99, -99, -73, -99, 76, 50, -99, -45, -44,
+ -99, -99, -99, 51, -99, 4, -67, -99, -99, -99,
+ -99, -99, -99, -99, -99, -99, -99, -99, -99, -99,
+ -99, -99, -99, -99, -99, -16, -99, -99, -99, -99,
+ 27, 28, 33, 37, 47, 37, -99, -99, -99, 51,
+ -72, 51, -71, 22, -99, -99, -99, 35, 47, 12,
+ -99, -99, -99, 51, 2, -99, -99, 39, 51, -75,
+ -8, -99, 34, 36, -99, 43, -99, -99, -99, -99,
+ -99, -99, -99, 48, -99, -99, -99, -99, -99, -99,
+ -99, -99, -99, -99, -57, 22, -99, -48, 22, -99,
+ -22, 45, -99, 120, 51, 122, 46, -99, -99, -99,
+ 22, 52, -99, 53, 2, 57, -9, -99, 22, -53,
+ -99, 47, -99, 56, -19, -99, 47, -99, -99, -99,
+ -99, 49, -18, 47, -99, 61, -99, -99, 62, 39,
+ -99, -99, -99, -99, 59, -99, -99, 60, 63, 128,
+ -99, 64, 66, -99, -99, -99, -99, 47, -99, -99,
+ -99
};
/* YYPGOTO[NTERM-NUM]. */
static const yysigned_char yypgoto[] =
{
- -94, -94, -94, -94, -94, -94, -94, -94, 102, 105,
- -94, 108, -94, 32, -94, -94, -94, -94, 58, -10,
- -94, -94, -94, -94, -94, -94, -94, -94, -94, -94,
- -94, -94, -94, -94, -94, -94, -94, -94, -94, -94,
- -94, -30, -94, -4, -94, -17, -94, 67, 6, -94,
- -93, -94, -94, -94, -94, -94, -94, -94, -1, -94,
- -94
+ -99, -99, -99, -99, -99, -99, -99, -99, 124, 126,
+ -99, 125, -99, -52, -99, -99, -99, -99, 70, -4,
+ -99, -99, -99, -99, -99, -99, -99, -99, -99, -99,
+ -99, -99, -99, -99, -99, -99, -99, -99, -99, -99,
+ -99, -99, -99, -99, -99, -99, -99, -37, -99, 3,
+ -99, -15, -99, 81, 9, -99, -98, -99, -99, -99,
+ -99, -99, -99, -99, 5, -99, -99
};
/* YYTABLE[YYPACT[STATE-NUM]]. What to do in state STATE-NUM. If
@@ -722,42 +737,44 @@ static const yysigned_char yypgoto[] =
#define YYTABLE_NINF -13
static const short int yytable[] =
{
- 35, 36, 37, 88, 139, 38, 90, 17, 93, 98,
- 5, 149, 151, 105, 105, 150, 39, 154, 167, 105,
- 99, 157, 133, 136, 40, 41, 3, 42, 149, 149,
- 6, 165, 158, 159, 43, 166, 83, 1, 84, 113,
- 44, 7, 45, 46, 89, 141, 152, 91, 142, 35,
- 36, 37, 47, -12, 38, 48, 49, 114, 169, 134,
- 4, 137, 94, 173, 9, 39, 171, 109, 50, 51,
- 52, 10, 12, 40, 41, 53, 42, 54, 95, 115,
- 11, 14, 15, 43, 16, 92, 20, 55, 25, 44,
- 26, 45, 46, 34, 116, 80, 117, 118, 31, 32,
- 79, 47, 101, 86, 48, 49, 81, 82, 87, 97,
- 101, 104, 105, 109, 153, 145, 155, 50, 51, 52,
- 132, 154, 135, 138, 33, 161, 54, 156, 160, 164,
- 162, 177, 140, 77, 118, 174, 55, 148, 175, 78,
- 178, 179, 131, 180, 172, 168, 103, 0, 176, 0,
- 163, 0, 170
+ 142, 93, 35, 36, 37, 189, 17, 38, 89, 91,
+ 94, 101, 161, 4, 108, 108, 159, 98, 39, 84,
+ 160, 85, 102, 136, 139, 99, 40, 41, 5, 42,
+ 143, 144, 181, 108, 164, 145, 43, 135, 167, 138,
+ 1, 3, 44, 159, 45, 46, 162, 168, 6, 90,
+ 92, 150, -12, 137, 47, 140, 158, 48, 49, 7,
+ 35, 36, 37, 183, 95, 38, 185, 112, 187, 159,
+ 50, 51, 52, 169, 99, 190, 39, 53, 116, 54,
+ 96, 9, 179, 12, 40, 41, 180, 42, 151, 55,
+ 15, 152, 172, 10, 43, 11, 117, 14, 16, 200,
+ 44, 20, 45, 46, 25, 26, 34, 31, 32, 81,
+ 80, 82, 47, 87, 99, 48, 49, 88, 118, 108,
+ 83, 104, 107, 112, 141, 155, 163, 164, 50, 51,
+ 52, 166, 171, 119, 173, 120, 121, 54, 165, 174,
+ 197, 104, 170, 188, 175, 121, 33, 55, 176, 178,
+ 191, 192, 194, 195, 78, 134, 79, 198, 196, 199,
+ 186, 106, 182, 177, 193, 0, 0, 0, 184
};
static const short int yycheck[] =
{
- 9, 10, 11, 53, 97, 14, 53, 40, 6, 27,
- 7, 91, 20, 86, 86, 95, 25, 91, 85, 86,
- 38, 95, 95, 95, 33, 34, 21, 36, 91, 91,
- 27, 91, 95, 95, 43, 95, 92, 86, 94, 31,
- 49, 38, 51, 52, 94, 86, 54, 94, 89, 9,
- 10, 11, 61, 86, 14, 64, 65, 49, 151, 89,
- 0, 91, 60, 156, 70, 25, 85, 86, 77, 78,
- 79, 70, 29, 33, 34, 84, 36, 86, 76, 71,
- 70, 39, 84, 43, 8, 53, 86, 96, 24, 49,
- 86, 51, 52, 32, 86, 67, 88, 89, 91, 90,
- 86, 61, 94, 37, 64, 65, 94, 94, 67, 84,
- 94, 94, 86, 86, 92, 86, 95, 77, 78, 79,
- 88, 91, 90, 89, 22, 92, 86, 83, 97, 92,
- 95, 93, 100, 28, 89, 89, 96, 105, 89, 31,
- 93, 93, 84, 93, 154, 149, 79, -1, 165, -1,
- 144, -1, 153
+ 98, 53, 9, 10, 11, 23, 40, 14, 53, 53,
+ 6, 27, 20, 0, 86, 86, 91, 84, 25, 92,
+ 95, 94, 38, 95, 95, 92, 33, 34, 7, 36,
+ 18, 19, 85, 86, 91, 23, 43, 89, 95, 91,
+ 86, 21, 49, 91, 51, 52, 54, 95, 27, 94,
+ 94, 103, 86, 90, 61, 92, 108, 64, 65, 38,
+ 9, 10, 11, 161, 60, 14, 85, 86, 166, 91,
+ 77, 78, 79, 95, 92, 173, 25, 84, 31, 86,
+ 76, 70, 91, 29, 33, 34, 95, 36, 86, 96,
+ 84, 89, 144, 70, 43, 70, 49, 39, 8, 197,
+ 49, 86, 51, 52, 24, 86, 32, 91, 90, 67,
+ 86, 94, 61, 37, 92, 64, 65, 67, 71, 86,
+ 94, 94, 94, 86, 89, 86, 92, 91, 77, 78,
+ 79, 83, 12, 86, 12, 88, 89, 86, 95, 93,
+ 12, 94, 97, 94, 92, 89, 22, 96, 95, 92,
+ 89, 89, 93, 93, 28, 85, 31, 93, 95, 93,
+ 164, 80, 159, 154, 179, -1, -1, -1, 163
};
/* YYSTOS[STATE-NUM] -- The (internal number of the) accessing
@@ -767,22 +784,24 @@ static const unsigned char yystos[] =
0, 86, 99, 21, 0, 7, 27, 38, 100, 70,
70, 70, 29, 101, 39, 84, 8, 40, 102, 103,
86, 104, 105, 106, 109, 24, 86, 107, 108, 110,
- 136, 91, 90, 106, 32, 9, 10, 11, 14, 25,
+ 142, 91, 90, 106, 32, 9, 10, 11, 14, 25,
33, 34, 36, 43, 49, 51, 52, 61, 64, 65,
77, 78, 79, 84, 86, 96, 111, 112, 113, 115,
118, 120, 121, 122, 123, 124, 125, 126, 127, 128,
- 129, 130, 131, 132, 133, 137, 138, 107, 109, 86,
- 67, 94, 94, 92, 94, 114, 37, 67, 53, 94,
- 53, 94, 111, 6, 60, 76, 134, 84, 27, 38,
- 135, 94, 144, 145, 94, 86, 139, 140, 141, 86,
- 116, 117, 119, 31, 49, 71, 86, 88, 89, 145,
- 148, 149, 150, 151, 152, 153, 154, 155, 156, 157,
- 158, 116, 111, 95, 139, 111, 95, 139, 89, 148,
- 111, 86, 89, 146, 147, 86, 142, 143, 111, 91,
+ 129, 130, 131, 132, 138, 139, 143, 144, 107, 109,
+ 86, 67, 94, 94, 92, 94, 114, 37, 67, 53,
+ 94, 53, 94, 111, 6, 60, 76, 140, 84, 92,
+ 133, 27, 38, 141, 94, 150, 151, 94, 86, 145,
+ 146, 147, 86, 116, 117, 119, 31, 49, 71, 86,
+ 88, 89, 151, 154, 155, 156, 157, 158, 159, 160,
+ 161, 162, 163, 164, 116, 111, 95, 145, 111, 95,
+ 145, 89, 154, 18, 19, 23, 134, 135, 136, 137,
+ 111, 86, 89, 152, 153, 86, 148, 149, 111, 91,
95, 20, 54, 92, 91, 95, 83, 95, 95, 95,
- 97, 92, 95, 146, 92, 91, 95, 85, 141, 148,
- 156, 85, 117, 148, 89, 89, 143, 93, 93, 93,
- 93
+ 97, 12, 111, 12, 93, 92, 95, 152, 92, 91,
+ 95, 85, 147, 154, 162, 85, 117, 154, 94, 23,
+ 154, 89, 89, 149, 93, 93, 95, 12, 93, 93,
+ 154
};
#if ! defined (YYSIZE_T) && defined (__SIZE_TYPE__)
@@ -1423,29 +1442,29 @@ yyreduce:
switch (yyn)
{
case 2:
-#line 224 "parse.y"
+#line 233 "parse.y"
{
checkundefined();
}
break;
case 4:
-#line 231 "parse.y"
+#line 240 "parse.y"
{ error_message("implicit tagging is not supported"); }
break;
case 5:
-#line 233 "parse.y"
+#line 242 "parse.y"
{ error_message("automatic tagging is not supported"); }
break;
case 7:
-#line 238 "parse.y"
+#line 247 "parse.y"
{ error_message("no extensibility options supported"); }
break;
case 17:
-#line 259 "parse.y"
+#line 268 "parse.y"
{
struct string_list *sl;
for(sl = (yyvsp[-3].sl); sl != NULL; sl = sl->next) {
@@ -1457,7 +1476,7 @@ yyreduce:
break;
case 22:
-#line 278 "parse.y"
+#line 287 "parse.y"
{
(yyval.sl) = emalloc(sizeof(*(yyval.sl)));
(yyval.sl)->string = (yyvsp[-2].name);
@@ -1466,7 +1485,7 @@ yyreduce:
break;
case 23:
-#line 284 "parse.y"
+#line 293 "parse.y"
{
(yyval.sl) = emalloc(sizeof(*(yyval.sl)));
(yyval.sl)->string = (yyvsp[0].name);
@@ -1475,7 +1494,7 @@ yyreduce:
break;
case 24:
-#line 292 "parse.y"
+#line 301 "parse.y"
{
Symbol *s = addsym ((yyvsp[-2].name));
s->stype = Stype;
@@ -1485,16 +1504,16 @@ yyreduce:
}
break;
- case 41:
-#line 322 "parse.y"
+ case 42:
+#line 332 "parse.y"
{
(yyval.type) = new_tag(ASN1_C_UNIV, UT_Boolean,
TE_EXPLICIT, new_type(TBoolean));
}
break;
- case 42:
-#line 329 "parse.y"
+ case 43:
+#line 339 "parse.y"
{
if((yyvsp[-3].value)->type != integervalue ||
(yyvsp[-1].value)->type != integervalue)
@@ -1504,16 +1523,16 @@ yyreduce:
}
break;
- case 43:
-#line 339 "parse.y"
+ case 44:
+#line 349 "parse.y"
{
(yyval.type) = new_tag(ASN1_C_UNIV, UT_Integer,
TE_EXPLICIT, new_type(TInteger));
}
break;
- case 44:
-#line 344 "parse.y"
+ case 45:
+#line 354 "parse.y"
{
(yyval.type) = new_type(TInteger);
(yyval.type)->range = emalloc(sizeof(*(yyval.type)->range));
@@ -1522,8 +1541,8 @@ yyreduce:
}
break;
- case 45:
-#line 351 "parse.y"
+ case 46:
+#line 361 "parse.y"
{
(yyval.type) = new_type(TInteger);
(yyval.type)->members = (yyvsp[-1].members);
@@ -1531,8 +1550,8 @@ yyreduce:
}
break;
- case 46:
-#line 359 "parse.y"
+ case 47:
+#line 369 "parse.y"
{
(yyval.members) = emalloc(sizeof(*(yyval.members)));
ASN1_TAILQ_INIT((yyval.members));
@@ -1540,21 +1559,21 @@ yyreduce:
}
break;
- case 47:
-#line 365 "parse.y"
+ case 48:
+#line 375 "parse.y"
{
ASN1_TAILQ_INSERT_TAIL((yyvsp[-2].members), (yyvsp[0].member), members);
(yyval.members) = (yyvsp[-2].members);
}
break;
- case 48:
-#line 370 "parse.y"
+ case 49:
+#line 380 "parse.y"
{ (yyval.members) = (yyvsp[-2].members); }
break;
- case 49:
-#line 374 "parse.y"
+ case 50:
+#line 384 "parse.y"
{
(yyval.member) = emalloc(sizeof(*(yyval.member)));
(yyval.member)->name = (yyvsp[-3].name);
@@ -1567,8 +1586,8 @@ yyreduce:
}
break;
- case 50:
-#line 387 "parse.y"
+ case 51:
+#line 397 "parse.y"
{
(yyval.type) = new_type(TInteger);
(yyval.type)->members = (yyvsp[-1].members);
@@ -1576,8 +1595,8 @@ yyreduce:
}
break;
- case 52:
-#line 398 "parse.y"
+ case 53:
+#line 408 "parse.y"
{
(yyval.type) = new_type(TBitString);
(yyval.type)->members = emalloc(sizeof(*(yyval.type)->members));
@@ -1586,8 +1605,8 @@ yyreduce:
}
break;
- case 53:
-#line 405 "parse.y"
+ case 54:
+#line 415 "parse.y"
{
(yyval.type) = new_type(TBitString);
(yyval.type)->members = (yyvsp[-1].members);
@@ -1595,32 +1614,32 @@ yyreduce:
}
break;
- case 54:
-#line 413 "parse.y"
+ case 55:
+#line 423 "parse.y"
{
(yyval.type) = new_tag(ASN1_C_UNIV, UT_OID,
TE_EXPLICIT, new_type(TOID));
}
break;
- case 55:
-#line 419 "parse.y"
+ case 56:
+#line 429 "parse.y"
{
(yyval.type) = new_tag(ASN1_C_UNIV, UT_OctetString,
TE_EXPLICIT, new_type(TOctetString));
}
break;
- case 56:
-#line 426 "parse.y"
+ case 57:
+#line 436 "parse.y"
{
(yyval.type) = new_tag(ASN1_C_UNIV, UT_Null,
TE_EXPLICIT, new_type(TNull));
}
break;
- case 57:
-#line 433 "parse.y"
+ case 58:
+#line 443 "parse.y"
{
(yyval.type) = new_type(TSequence);
(yyval.type)->members = (yyvsp[-1].members);
@@ -1628,8 +1647,8 @@ yyreduce:
}
break;
- case 58:
-#line 439 "parse.y"
+ case 59:
+#line 449 "parse.y"
{
(yyval.type) = new_type(TSequence);
(yyval.type)->members = NULL;
@@ -1637,8 +1656,8 @@ yyreduce:
}
break;
- case 59:
-#line 447 "parse.y"
+ case 60:
+#line 457 "parse.y"
{
(yyval.type) = new_type(TSequenceOf);
(yyval.type)->subtype = (yyvsp[0].type);
@@ -1646,8 +1665,8 @@ yyreduce:
}
break;
- case 60:
-#line 455 "parse.y"
+ case 61:
+#line 465 "parse.y"
{
(yyval.type) = new_type(TSet);
(yyval.type)->members = (yyvsp[-1].members);
@@ -1655,8 +1674,8 @@ yyreduce:
}
break;
- case 61:
-#line 461 "parse.y"
+ case 62:
+#line 471 "parse.y"
{
(yyval.type) = new_type(TSet);
(yyval.type)->members = NULL;
@@ -1664,8 +1683,8 @@ yyreduce:
}
break;
- case 62:
-#line 469 "parse.y"
+ case 63:
+#line 479 "parse.y"
{
(yyval.type) = new_type(TSetOf);
(yyval.type)->subtype = (yyvsp[0].type);
@@ -1673,16 +1692,16 @@ yyreduce:
}
break;
- case 63:
-#line 477 "parse.y"
+ case 64:
+#line 487 "parse.y"
{
(yyval.type) = new_type(TChoice);
(yyval.type)->members = (yyvsp[-1].members);
}
break;
- case 66:
-#line 488 "parse.y"
+ case 67:
+#line 498 "parse.y"
{
Symbol *s = addsym((yyvsp[0].name));
(yyval.type) = new_type(TType);
@@ -1693,24 +1712,85 @@ yyreduce:
}
break;
- case 67:
-#line 499 "parse.y"
+ case 68:
+#line 509 "parse.y"
{
(yyval.type) = new_tag(ASN1_C_UNIV, UT_GeneralizedTime,
TE_EXPLICIT, new_type(TGeneralizedTime));
}
break;
- case 68:
-#line 504 "parse.y"
+ case 69:
+#line 514 "parse.y"
{
(yyval.type) = new_tag(ASN1_C_UNIV, UT_UTCTime,
TE_EXPLICIT, new_type(TUTCTime));
}
break;
- case 69:
-#line 511 "parse.y"
+ case 70:
+#line 521 "parse.y"
+ {
+ /* if (Constraint.type == contentConstrant) {
+ assert(Constraint.u.constraint.type == octetstring|bitstring-w/o-NamedBitList); // remember to check type reference too
+ if (Constraint.u.constraint.type) {
+ assert((Constraint.u.constraint.type.length % 8) == 0);
+ }
+ }
+ if (Constraint.u.constraint.encoding) {
+ type == der-oid|ber-oid
+ }
+ */
+ }
+ break;
+
+ case 71:
+#line 537 "parse.y"
+ {
+ (yyval.constraint_spec) = (yyvsp[-1].constraint_spec);
+ }
+ break;
+
+ case 75:
+#line 548 "parse.y"
+ {
+ (yyval.constraint_spec) = new_constraint_spec(CT_CONTENTS);
+ (yyval.constraint_spec)->u.content.type = (yyvsp[0].type);
+ (yyval.constraint_spec)->u.content.encoding = NULL;
+ }
+ break;
+
+ case 76:
+#line 554 "parse.y"
+ {
+ if ((yyvsp[0].value)->type != objectidentifiervalue)
+ error_message("Non-OID used in ENCODED BY constraint");
+ (yyval.constraint_spec) = new_constraint_spec(CT_CONTENTS);
+ (yyval.constraint_spec)->u.content.type = NULL;
+ (yyval.constraint_spec)->u.content.encoding = (yyvsp[0].value);
+ }
+ break;
+
+ case 77:
+#line 562 "parse.y"
+ {
+ if ((yyvsp[0].value)->type != objectidentifiervalue)
+ error_message("Non-OID used in ENCODED BY constraint");
+ (yyval.constraint_spec) = new_constraint_spec(CT_CONTENTS);
+ (yyval.constraint_spec)->u.content.type = (yyvsp[-3].type);
+ (yyval.constraint_spec)->u.content.encoding = (yyvsp[0].value);
+ }
+ break;
+
+ case 78:
+#line 572 "parse.y"
+ {
+ (yyval.constraint_spec) = new_constraint_spec(CT_USER);
+ }
+ break;
+
+ case 79:
+#line 578 "parse.y"
{
(yyval.type) = new_type(TTag);
(yyval.type)->tag = (yyvsp[-2].tag);
@@ -1723,8 +1803,8 @@ yyreduce:
}
break;
- case 70:
-#line 524 "parse.y"
+ case 80:
+#line 591 "parse.y"
{
(yyval.tag).tagclass = (yyvsp[-2].constant);
(yyval.tag).tagvalue = (yyvsp[-1].constant);
@@ -1732,57 +1812,57 @@ yyreduce:
}
break;
- case 71:
-#line 532 "parse.y"
+ case 81:
+#line 599 "parse.y"
{
(yyval.constant) = ASN1_C_CONTEXT;
}
break;
- case 72:
-#line 536 "parse.y"
+ case 82:
+#line 603 "parse.y"
{
(yyval.constant) = ASN1_C_UNIV;
}
break;
- case 73:
-#line 540 "parse.y"
+ case 83:
+#line 607 "parse.y"
{
(yyval.constant) = ASN1_C_APPL;
}
break;
- case 74:
-#line 544 "parse.y"
+ case 84:
+#line 611 "parse.y"
{
(yyval.constant) = ASN1_C_PRIVATE;
}
break;
- case 75:
-#line 550 "parse.y"
+ case 85:
+#line 617 "parse.y"
{
(yyval.constant) = TE_EXPLICIT;
}
break;
- case 76:
-#line 554 "parse.y"
+ case 86:
+#line 621 "parse.y"
{
(yyval.constant) = TE_EXPLICIT;
}
break;
- case 77:
-#line 558 "parse.y"
+ case 87:
+#line 625 "parse.y"
{
(yyval.constant) = TE_IMPLICIT;
}
break;
- case 78:
-#line 565 "parse.y"
+ case 88:
+#line 632 "parse.y"
{
Symbol *s;
s = addsym ((yyvsp[-3].name));
@@ -1793,56 +1873,56 @@ yyreduce:
}
break;
- case 80:
-#line 579 "parse.y"
+ case 90:
+#line 646 "parse.y"
{
(yyval.type) = new_tag(ASN1_C_UNIV, UT_GeneralString,
TE_EXPLICIT, new_type(TGeneralString));
}
break;
- case 81:
-#line 584 "parse.y"
+ case 91:
+#line 651 "parse.y"
{
(yyval.type) = new_tag(ASN1_C_UNIV, UT_UTF8String,
TE_EXPLICIT, new_type(TUTF8String));
}
break;
- case 82:
-#line 589 "parse.y"
+ case 92:
+#line 656 "parse.y"
{
(yyval.type) = new_tag(ASN1_C_UNIV, UT_PrintableString,
TE_EXPLICIT, new_type(TPrintableString));
}
break;
- case 83:
-#line 594 "parse.y"
+ case 93:
+#line 661 "parse.y"
{
(yyval.type) = new_tag(ASN1_C_UNIV, UT_IA5String,
TE_EXPLICIT, new_type(TIA5String));
}
break;
- case 84:
-#line 599 "parse.y"
+ case 94:
+#line 666 "parse.y"
{
(yyval.type) = new_tag(ASN1_C_UNIV, UT_BMPString,
TE_EXPLICIT, new_type(TBMPString));
}
break;
- case 85:
-#line 604 "parse.y"
+ case 95:
+#line 671 "parse.y"
{
(yyval.type) = new_tag(ASN1_C_UNIV, UT_UniversalString,
TE_EXPLICIT, new_type(TUniversalString));
}
break;
- case 86:
-#line 612 "parse.y"
+ case 96:
+#line 679 "parse.y"
{
(yyval.members) = emalloc(sizeof(*(yyval.members)));
ASN1_TAILQ_INIT((yyval.members));
@@ -1850,16 +1930,16 @@ yyreduce:
}
break;
- case 87:
-#line 618 "parse.y"
+ case 97:
+#line 685 "parse.y"
{
ASN1_TAILQ_INSERT_TAIL((yyvsp[-2].members), (yyvsp[0].member), members);
(yyval.members) = (yyvsp[-2].members);
}
break;
- case 88:
-#line 623 "parse.y"
+ case 98:
+#line 690 "parse.y"
{
struct member *m = ecalloc(1, sizeof(*m));
m->name = estrdup("...");
@@ -1870,8 +1950,8 @@ yyreduce:
}
break;
- case 89:
-#line 634 "parse.y"
+ case 99:
+#line 701 "parse.y"
{
(yyval.member) = emalloc(sizeof(*(yyval.member)));
(yyval.member)->name = (yyvsp[-1].name);
@@ -1882,8 +1962,8 @@ yyreduce:
}
break;
- case 90:
-#line 645 "parse.y"
+ case 100:
+#line 712 "parse.y"
{
(yyval.member) = (yyvsp[0].member);
(yyval.member)->optional = 0;
@@ -1891,8 +1971,8 @@ yyreduce:
}
break;
- case 91:
-#line 651 "parse.y"
+ case 101:
+#line 718 "parse.y"
{
(yyval.member) = (yyvsp[-1].member);
(yyval.member)->optional = 1;
@@ -1900,8 +1980,8 @@ yyreduce:
}
break;
- case 92:
-#line 657 "parse.y"
+ case 102:
+#line 724 "parse.y"
{
(yyval.member) = (yyvsp[-2].member);
(yyval.member)->optional = 0;
@@ -1909,8 +1989,8 @@ yyreduce:
}
break;
- case 93:
-#line 665 "parse.y"
+ case 103:
+#line 732 "parse.y"
{
(yyval.members) = emalloc(sizeof(*(yyval.members)));
ASN1_TAILQ_INIT((yyval.members));
@@ -1918,16 +1998,16 @@ yyreduce:
}
break;
- case 94:
-#line 671 "parse.y"
+ case 104:
+#line 738 "parse.y"
{
ASN1_TAILQ_INSERT_TAIL((yyvsp[-2].members), (yyvsp[0].member), members);
(yyval.members) = (yyvsp[-2].members);
}
break;
- case 95:
-#line 678 "parse.y"
+ case 105:
+#line 745 "parse.y"
{
(yyval.member) = emalloc(sizeof(*(yyval.member)));
(yyval.member)->name = (yyvsp[-3].name);
@@ -1940,27 +2020,27 @@ yyreduce:
}
break;
- case 97:
-#line 691 "parse.y"
+ case 107:
+#line 758 "parse.y"
{ (yyval.objid) = NULL; }
break;
- case 98:
-#line 695 "parse.y"
+ case 108:
+#line 762 "parse.y"
{
(yyval.objid) = (yyvsp[-1].objid);
}
break;
- case 99:
-#line 701 "parse.y"
+ case 109:
+#line 768 "parse.y"
{
(yyval.objid) = NULL;
}
break;
- case 100:
-#line 705 "parse.y"
+ case 110:
+#line 772 "parse.y"
{
if ((yyvsp[0].objid)) {
(yyval.objid) = (yyvsp[0].objid);
@@ -1971,15 +2051,15 @@ yyreduce:
}
break;
- case 101:
-#line 716 "parse.y"
+ case 111:
+#line 783 "parse.y"
{
(yyval.objid) = new_objid((yyvsp[-3].name), (yyvsp[-1].constant));
}
break;
- case 102:
-#line 720 "parse.y"
+ case 112:
+#line 787 "parse.y"
{
Symbol *s = addsym((yyvsp[0].name));
if(s->stype != SValue ||
@@ -1992,15 +2072,15 @@ yyreduce:
}
break;
- case 103:
-#line 731 "parse.y"
+ case 113:
+#line 798 "parse.y"
{
(yyval.objid) = new_objid(NULL, (yyvsp[0].constant));
}
break;
- case 113:
-#line 754 "parse.y"
+ case 123:
+#line 821 "parse.y"
{
Symbol *s = addsym((yyvsp[0].name));
if(s->stype != SValue)
@@ -2011,8 +2091,8 @@ yyreduce:
}
break;
- case 114:
-#line 765 "parse.y"
+ case 124:
+#line 832 "parse.y"
{
(yyval.value) = emalloc(sizeof(*(yyval.value)));
(yyval.value)->type = stringvalue;
@@ -2020,8 +2100,8 @@ yyreduce:
}
break;
- case 115:
-#line 773 "parse.y"
+ case 125:
+#line 840 "parse.y"
{
(yyval.value) = emalloc(sizeof(*(yyval.value)));
(yyval.value)->type = booleanvalue;
@@ -2029,8 +2109,8 @@ yyreduce:
}
break;
- case 116:
-#line 779 "parse.y"
+ case 126:
+#line 846 "parse.y"
{
(yyval.value) = emalloc(sizeof(*(yyval.value)));
(yyval.value)->type = booleanvalue;
@@ -2038,8 +2118,8 @@ yyreduce:
}
break;
- case 117:
-#line 787 "parse.y"
+ case 127:
+#line 854 "parse.y"
{
(yyval.value) = emalloc(sizeof(*(yyval.value)));
(yyval.value)->type = integervalue;
@@ -2047,14 +2127,14 @@ yyreduce:
}
break;
- case 119:
-#line 798 "parse.y"
+ case 129:
+#line 865 "parse.y"
{
}
break;
- case 120:
-#line 803 "parse.y"
+ case 130:
+#line 870 "parse.y"
{
(yyval.value) = emalloc(sizeof(*(yyval.value)));
(yyval.value)->type = objectidentifiervalue;
@@ -2066,7 +2146,7 @@ yyreduce:
}
/* Line 1037 of yacc.c. */
-#line 2070 "parse.c"
+#line 2150 "parse.c"
yyvsp -= yylen;
yyssp -= yylen;
@@ -2294,7 +2374,7 @@ yyreturn:
}
-#line 810 "parse.y"
+#line 877 "parse.y"
void
@@ -2349,6 +2429,14 @@ new_type (Typetype tt)
return t;
}
+static struct constraint_spec *
+new_constraint_spec(enum ctype ct)
+{
+ struct constraint_spec *c = ecalloc(1, sizeof(*c));
+ c->ctype = ct;
+ return c;
+}
+
static void fix_labels2(Type *t, const char *prefix);
static void fix_labels1(struct memhead *members, const char *prefix)
{
diff --git a/source4/heimdal/lib/asn1/parse.h b/source4/heimdal/lib/asn1/parse.h
index 76ff8755c9..5cc1342618 100644
--- a/source4/heimdal/lib/asn1/parse.h
+++ b/source4/heimdal/lib/asn1/parse.h
@@ -210,7 +210,7 @@
#if ! defined (YYSTYPE) && ! defined (YYSTYPE_IS_DECLARED)
-#line 64 "parse.y"
+#line 65 "parse.y"
typedef union YYSTYPE {
int constant;
struct value *value;
@@ -223,9 +223,10 @@ typedef union YYSTYPE {
struct string_list *sl;
struct tagtype tag;
struct memhead *members;
+ struct constraint_spec *constraint_spec;
} YYSTYPE;
/* Line 1318 of yacc.c. */
-#line 229 "parse.h"
+#line 230 "parse.h"
# define yystype YYSTYPE /* obsolescent; will be withdrawn */
# define YYSTYPE_IS_DECLARED 1
# define YYSTYPE_IS_TRIVIAL 1
diff --git a/source4/heimdal/lib/asn1/symbol.h b/source4/heimdal/lib/asn1/symbol.h
index 83df57b77f..93a6e019bd 100644
--- a/source4/heimdal/lib/asn1/symbol.h
+++ b/source4/heimdal/lib/asn1/symbol.h
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
-/* $Id: symbol.h,v 1.12 2005/07/12 06:27:40 lha Exp $ */
+/* $Id: symbol.h,v 1.13 2005/12/06 19:59:52 lha Exp $ */
#ifndef _SYMBOL_H
#define _SYMBOL_H
@@ -111,6 +111,10 @@ struct range {
int max;
};
+enum ctype { CT_CONTENTS, CT_USER } ;
+
+struct constraint_spec;
+
struct type {
Typetype type;
struct memhead *members;
@@ -118,10 +122,21 @@ struct type {
struct type *subtype;
struct tagtype tag;
struct range *range;
+ struct constraint_spec *constraint;
};
typedef struct type Type;
+struct constraint_spec {
+ enum ctype ctype;
+ union {
+ struct {
+ Type *type;
+ struct value *encoding;
+ } content;
+ } u;
+};
+
struct objid {
const char *label;
int value;
diff --git a/source4/heimdal/lib/gssapi/context_time.c b/source4/heimdal/lib/gssapi/context_time.c
index e13480c85e..ee1dc6fe93 100644
--- a/source4/heimdal/lib/gssapi/context_time.c
+++ b/source4/heimdal/lib/gssapi/context_time.c
@@ -33,7 +33,7 @@
#include "gssapi_locl.h"
-RCSID("$Id: context_time.c,v 1.10 2003/06/03 15:08:00 lha Exp $");
+RCSID("$Id: context_time.c,v 1.11 2005/12/05 09:19:52 lha Exp $");
OM_uint32
gssapi_lifetime_left(OM_uint32 *minor_status,
@@ -43,6 +43,11 @@ gssapi_lifetime_left(OM_uint32 *minor_status,
krb5_timestamp timeret;
krb5_error_code kret;
+ if (lifetime == 0) {
+ *lifetime_rec = GSS_C_INDEFINITE;
+ return GSS_S_COMPLETE;
+ }
+
kret = krb5_timeofday(gssapi_krb5_context, &timeret);
if (kret) {
*minor_status = kret;
diff --git a/source4/heimdal/lib/gssapi/gssapi.h b/source4/heimdal/lib/gssapi/gssapi.h
index 20700dc826..b93ad4e481 100644
--- a/source4/heimdal/lib/gssapi/gssapi.h
+++ b/source4/heimdal/lib/gssapi/gssapi.h
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
-/* $Id: gssapi.h,v 1.38 2005/10/26 11:22:13 lha Exp $ */
+/* $Id: gssapi.h,v 1.39 2005/12/05 11:52:45 lha Exp $ */
#ifndef GSSAPI_H_
#define GSSAPI_H_
diff --git a/source4/heimdal/lib/hdb/db.c b/source4/heimdal/lib/hdb/db.c
index 4cc0218a5c..4b4e6e673d 100644
--- a/source4/heimdal/lib/hdb/db.c
+++ b/source4/heimdal/lib/hdb/db.c
@@ -33,7 +33,7 @@
#include "hdb_locl.h"
-RCSID("$Id: db.c,v 1.33 2005/11/28 23:30:51 lha Exp $");
+RCSID("$Id: db.c,v 1.35 2005/12/13 11:52:55 lha Exp $");
#if HAVE_DB1
@@ -85,7 +85,7 @@ DB_unlock(krb5_context context, HDB *db)
static krb5_error_code
DB_seq(krb5_context context, HDB *db,
- unsigned flags, hdb_entry *entry, int flag)
+ unsigned flags, hdb_entry_ex *entry, int flag)
{
DB *d = (DB*)db->hdb_db;
DBT key, value;
@@ -106,21 +106,22 @@ DB_seq(krb5_context context, HDB *db,
key_data.length = key.size;
data.data = value.data;
data.length = value.size;
- if (hdb_value2entry(context, &data, entry))
+ memset(entry, 0, sizeof(*entry));
+ if (hdb_value2entry(context, &data, &entry->entry))
return DB_seq(context, db, flags, entry, R_NEXT);
if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) {
- code = hdb_unseal_keys (context, db, entry);
+ code = hdb_unseal_keys (context, db, &entry->entry);
if (code)
hdb_free_entry (context, entry);
}
- if (code == 0 && entry->principal == NULL) {
- entry->principal = malloc(sizeof(*entry->principal));
- if (entry->principal == NULL) {
+ if (code == 0 && entry->entry.principal == NULL) {
+ entry->entry.principal = malloc(sizeof(*entry->entry.principal));
+ if (entry->entry.principal == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
code = ENOMEM;
hdb_free_entry (context, entry);
} else {
- hdb_key2principal(context, &key_data, entry->principal);
+ hdb_key2principal(context, &key_data, entry->entry.principal);
}
}
return code;
@@ -128,14 +129,14 @@ DB_seq(krb5_context context, HDB *db,
static krb5_error_code
-DB_firstkey(krb5_context context, HDB *db, unsigned flags, hdb_entry *entry)
+DB_firstkey(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry)
{
return DB_seq(context, db, flags, entry, R_FIRST);
}
static krb5_error_code
-DB_nextkey(krb5_context context, HDB *db, unsigned flags, hdb_entry *entry)
+DB_nextkey(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry)
{
return DB_seq(context, db, flags, entry, R_NEXT);
}
diff --git a/source4/heimdal/lib/hdb/hdb-private.h b/source4/heimdal/lib/hdb/hdb-private.h
index 7baa944053..e602f01373 100644
--- a/source4/heimdal/lib/hdb/hdb-private.h
+++ b/source4/heimdal/lib/hdb/hdb-private.h
@@ -11,7 +11,7 @@ _hdb_fetch (
unsigned /*flags*/,
krb5_const_principal /*principal*/,
enum hdb_ent_type /*ent_type*/,
- hdb_entry */*entry*/);
+ hdb_entry_ex */*entry*/);
hdb_master_key
_hdb_find_master_key (
@@ -43,13 +43,13 @@ krb5_error_code
_hdb_remove (
krb5_context /*context*/,
HDB */*db*/,
- hdb_entry */*entry*/);
+ hdb_entry_ex */*entry*/);
krb5_error_code
_hdb_store (
krb5_context /*context*/,
HDB */*db*/,
unsigned /*flags*/,
- hdb_entry */*entry*/);
+ hdb_entry_ex */*entry*/);
#endif /* __hdb_private_h__ */
diff --git a/source4/heimdal/lib/hdb/hdb-protos.h b/source4/heimdal/lib/hdb/hdb-protos.h
index 4b5b4d3ede..c221175e41 100644
--- a/source4/heimdal/lib/hdb/hdb-protos.h
+++ b/source4/heimdal/lib/hdb/hdb-protos.h
@@ -428,11 +428,6 @@ hdb_foreach (
void
hdb_free_entry (
krb5_context /*context*/,
- hdb_entry */*ent*/);
-
-void
-hdb_free_entry_ex (
- krb5_context /*context*/,
hdb_entry_ex */*ent*/);
void
@@ -477,12 +472,25 @@ hdb_key2principal (
krb5_principal /*p*/);
krb5_error_code
+hdb_ldap_common (
+ krb5_context /*context*/,
+ HDB ** /*db*/,
+ const char */*search_base*/,
+ const char */*url*/);
+
+krb5_error_code
hdb_ldap_create (
krb5_context /*context*/,
HDB ** /*db*/,
const char */*arg*/);
krb5_error_code
+hdb_ldapi_create (
+ krb5_context /*context*/,
+ HDB ** /*db*/,
+ const char */*arg*/);
+
+krb5_error_code
hdb_list_builtin (
krb5_context /*context*/,
char **/*list*/);
@@ -515,7 +523,7 @@ krb5_error_code
hdb_print_entry (
krb5_context /*context*/,
HDB */*db*/,
- hdb_entry */*entry*/,
+ hdb_entry_ex */*entry*/,
void */*data*/);
krb5_error_code
@@ -614,9 +622,6 @@ hdb_write_master_key (
hdb_master_key /*mkey*/);
void
-initialize_hdb_error_table (void);
-
-void
initialize_hdb_error_table_r (struct et_list **/*list*/);
HDBFlags
diff --git a/source4/heimdal/lib/hdb/hdb.c b/source4/heimdal/lib/hdb/hdb.c
index df342ffadf..5631d05332 100644
--- a/source4/heimdal/lib/hdb/hdb.c
+++ b/source4/heimdal/lib/hdb/hdb.c
@@ -33,7 +33,7 @@
#include "hdb_locl.h"
-RCSID("$Id: hdb.c,v 1.59 2005/11/30 12:22:09 lha Exp $");
+RCSID("$Id: hdb.c,v 1.60 2005/12/12 12:35:36 lha Exp $");
#ifdef HAVE_DLFCN_H
#include <dlfcn.h>
@@ -133,25 +133,18 @@ hdb_unlock(int fd)
}
void
-hdb_free_entry(krb5_context context, hdb_entry *ent)
+hdb_free_entry(krb5_context context, hdb_entry_ex *ent)
{
int i;
- for(i = 0; i < ent->keys.len; ++i) {
- Key *k = &ent->keys.val[i];
+ if (ent->free_entry)
+ (*ent->free_entry)(context, ent);
- memset (k->key.keyvalue.data, 0, k->key.keyvalue.length);
- }
- free_hdb_entry(ent);
-}
+ for(i = 0; i < ent->entry.keys.len; ++i) {
+ Key *k = &ent->entry.keys.val[i];
-void
-hdb_free_entry_ex(krb5_context context, hdb_entry_ex *ent)
-{
- if (ent->free_private) {
- ent->free_private(context, ent);
+ memset (k->key.keyvalue.data, 0, k->key.keyvalue.length);
}
-
free_hdb_entry(&ent->entry);
}
@@ -163,7 +156,7 @@ hdb_foreach(krb5_context context,
void *data)
{
krb5_error_code ret;
- hdb_entry entry;
+ hdb_entry_ex entry;
ret = db->hdb_firstkey(context, db, flags, &entry);
while(ret == 0){
ret = (*func)(context, db, &entry, data);
diff --git a/source4/heimdal/lib/hdb/hdb.h b/source4/heimdal/lib/hdb/hdb.h
index 45ea5a9f30..463cbf71f2 100644
--- a/source4/heimdal/lib/hdb/hdb.h
+++ b/source4/heimdal/lib/hdb/hdb.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
-/* $Id: hdb.h,v 1.35 2005/08/11 13:16:44 lha Exp $ */
+/* $Id: hdb.h,v 1.36 2005/12/12 12:35:36 lha Exp $ */
#ifndef __HDB_H__
#define __HDB_H__
@@ -55,27 +55,30 @@ enum hdb_ent_type{ HDB_ENT_TYPE_CLIENT, HDB_ENT_TYPE_SERVER, HDB_ENT_TYPE_ANY };
typedef struct hdb_master_key_data *hdb_master_key;
typedef struct hdb_entry_ex {
- struct hdb_entry entry;
- void *private;
-
- krb5_error_code (*free_private)(krb5_context, struct hdb_entry_ex *);
- krb5_error_code (*check_client_access)(krb5_context, struct hdb_entry_ex *, HostAddresses *);
- krb5_error_code (*authz_data_as_req)(krb5_context, struct hdb_entry_ex *,
- METHOD_DATA* pa_data_seq,
- time_t authtime,
- EncryptionKey *tgtkey,
- EncryptionKey *sessionkey,
- AuthorizationData **out);
- krb5_error_code (*authz_data_tgs_req)(krb5_context, struct hdb_entry_ex *,
- krb5_principal client,
- AuthorizationData *in,
- time_t authtime,
- EncryptionKey *tgtkey,
- EncryptionKey *servicekey,
- EncryptionKey *sessionkey,
- AuthorizationData **out);
+ void *ctx;
+ hdb_entry entry;
+ void (*free_entry)(krb5_context, struct hdb_entry_ex *);
+ krb5_error_code (*check_client_access)(krb5_context, struct hdb_entry_ex *,
+ HostAddresses *);
+ krb5_error_code (*authz_data_as_req)(krb5_context,
+ struct hdb_entry_ex *,
+ METHOD_DATA* pa_data_seq,
+ time_t authtime,
+ EncryptionKey *tgtkey,
+ EncryptionKey *sessionkey,
+ AuthorizationData **out);
+ krb5_error_code (*authz_data_tgs_req)(krb5_context,
+ struct hdb_entry_ex *,
+ krb5_principal client,
+ AuthorizationData *in,
+ time_t authtime,
+ EncryptionKey *tgtkey,
+ EncryptionKey *servicekey,
+ EncryptionKey *sessionkey,
+ AuthorizationData **out);
} hdb_entry_ex;
+
typedef struct HDB{
void *hdb_db;
void *hdb_dbc;
@@ -86,16 +89,17 @@ typedef struct HDB{
krb5_error_code (*hdb_open)(krb5_context, struct HDB*, int, mode_t);
krb5_error_code (*hdb_close)(krb5_context, struct HDB*);
- krb5_error_code (*hdb_fetch)(krb5_context,struct HDB*,unsigned hdb_flags, krb5_const_principal principal,
- enum hdb_ent_type ent_type, hdb_entry*);
- krb5_error_code (*hdb_fetch_ex)(krb5_context,struct HDB*,unsigned hdb_flags, krb5_const_principal principal,
+ void (*hdb_free)(krb5_context,struct HDB*,hdb_entry_ex*);
+ krb5_error_code (*hdb_fetch)(krb5_context,struct HDB*,unsigned hdb_flags,
+ krb5_const_principal principal,
enum hdb_ent_type ent_type, hdb_entry_ex*);
- krb5_error_code (*hdb_store)(krb5_context,struct HDB*,unsigned,hdb_entry*);
- krb5_error_code (*hdb_remove)(krb5_context, struct HDB*, hdb_entry*);
- krb5_error_code (*hdb_firstkey)(krb5_context, struct HDB*,
- unsigned, hdb_entry*);
- krb5_error_code (*hdb_nextkey)(krb5_context, struct HDB*,
- unsigned, hdb_entry*);
+ krb5_error_code (*hdb_store)(krb5_context,struct HDB*,
+ unsigned,hdb_entry_ex*);
+ krb5_error_code (*hdb_remove)(krb5_context, struct HDB*, hdb_entry_ex*);
+ krb5_error_code (*hdb_firstkey)(krb5_context, struct HDB*,
+ unsigned, hdb_entry_ex*);
+ krb5_error_code (*hdb_nextkey)(krb5_context, struct HDB*,
+ unsigned, hdb_entry_ex*);
krb5_error_code (*hdb_lock)(krb5_context, struct HDB*, int operation);
krb5_error_code (*hdb_unlock)(krb5_context, struct HDB*);
krb5_error_code (*hdb_rename)(krb5_context, struct HDB*, const char*);
@@ -119,7 +123,7 @@ struct hdb_so_method {
#define HDB_DB_FORMAT_ENTRY "hdb/db-format"
typedef krb5_error_code (*hdb_foreach_func_t)(krb5_context, HDB*,
- hdb_entry*, void*);
+ hdb_entry_ex*, void*);
extern krb5_kt_ops hdb_kt_ops;
#include <hdb-protos.h>
diff --git a/source4/heimdal/lib/hdb/ndbm.c b/source4/heimdal/lib/hdb/ndbm.c
index 793d03829d..f4c2497abc 100644
--- a/source4/heimdal/lib/hdb/ndbm.c
+++ b/source4/heimdal/lib/hdb/ndbm.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,7 +33,7 @@
#include "hdb_locl.h"
-RCSID("$Id: ndbm.c,v 1.36 2005/11/28 23:31:36 lha Exp $");
+RCSID("$Id: ndbm.c,v 1.38 2005/12/13 11:54:10 lha Exp $");
#if HAVE_NDBM
@@ -77,7 +77,7 @@ NDBM_unlock(krb5_context context, HDB *db)
static krb5_error_code
NDBM_seq(krb5_context context, HDB *db,
- unsigned flags, hdb_entry *entry, int first)
+ unsigned flags, hdb_entry_ex *entry, int first)
{
struct ndbm_db *d = (struct ndbm_db *)db->hdb_db;
@@ -99,21 +99,22 @@ NDBM_seq(krb5_context context, HDB *db,
db->hdb_unlock(context, db);
data.data = value.dptr;
data.length = value.dsize;
- if(hdb_value2entry(context, &data, entry))
+ memset(entry, 0, sizeof(*entry));
+ if(hdb_value2entry(context, &data, &entry->entry))
return NDBM_seq(context, db, flags, entry, 0);
if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) {
- ret = hdb_unseal_keys (context, db, entry);
+ ret = hdb_unseal_keys (context, db, &entry->entry);
if (ret)
hdb_free_entry (context, entry);
}
- if (entry->principal == NULL) {
- entry->principal = malloc (sizeof(*entry->principal));
- if (entry->principal == NULL) {
+ if (ret == 0 && entry->entry.principal == NULL) {
+ entry->entry.principal = malloc (sizeof(*entry->entry.principal));
+ if (entry->entry.principal == NULL) {
ret = ENOMEM;
hdb_free_entry (context, entry);
krb5_set_error_string(context, "malloc: out of memory");
} else {
- hdb_key2principal (context, &key_data, entry->principal);
+ hdb_key2principal (context, &key_data, entry->entry.principal);
}
}
return ret;
@@ -121,14 +122,14 @@ NDBM_seq(krb5_context context, HDB *db,
static krb5_error_code
-NDBM_firstkey(krb5_context context, HDB *db, unsigned flags, hdb_entry *entry)
+NDBM_firstkey(krb5_context context, HDB *db,unsigned flags,hdb_entry_ex *entry)
{
return NDBM_seq(context, db, flags, entry, 1);
}
static krb5_error_code
-NDBM_nextkey(krb5_context context, HDB *db, unsigned flags, hdb_entry *entry)
+NDBM_nextkey(krb5_context context, HDB *db, unsigned flags,hdb_entry_ex *entry)
{
return NDBM_seq(context, db, flags, entry, 0);
}
@@ -339,8 +340,6 @@ hdb_ndbm_create(krb5_context context, HDB **db,
return ENOMEM;
}
- memset(*db, '\0', sizeof(**db));
-
(*db)->hdb_db = NULL;
(*db)->hdb_name = strdup(filename);
if ((*db)->hdb_name == NULL) {
diff --git a/source4/heimdal/lib/krb5/cache.c b/source4/heimdal/lib/krb5/cache.c
index 0c821cb11d..efb2ad1374 100644
--- a/source4/heimdal/lib/krb5/cache.c
+++ b/source4/heimdal/lib/krb5/cache.c
@@ -33,7 +33,7 @@
#include "krb5_locl.h"
-RCSID("$Id: cache.c,v 1.76 2005/11/29 09:10:47 lha Exp $");
+RCSID("$Id: cache.c,v 1.77 2005/12/13 15:42:36 lha Exp $");
/*
* Add a new ccache type with operations `ops', overwriting any
@@ -358,14 +358,12 @@ krb5_cc_set_default_name(krb5_context context, const char *name)
if (e == NULL) {
e = krb5_config_get_string(context, NULL, "libdefaults",
"default_cc_name", NULL);
- if (e) {
- ret = _krb5_expand_default_cc_name(context, e, &p);
- if (ret)
- return ret;
- }
+ if (e == NULL)
+ e = KRB5_DEFAULT_CCNAME;
+ ret = _krb5_expand_default_cc_name(context, e, &p);
+ if (ret)
+ return ret;
}
- if (e == NULL)
- asprintf(&p,"FILE:/tmp/krb5cc_%u", (unsigned)getuid());
} else
p = strdup(name);
diff --git a/source4/heimdal/lib/krb5/changepw.c b/source4/heimdal/lib/krb5/changepw.c
index c3cd6d4db9..7907e1ad9c 100644
--- a/source4/heimdal/lib/krb5/changepw.c
+++ b/source4/heimdal/lib/krb5/changepw.c
@@ -33,7 +33,7 @@
#include <krb5_locl.h>
-RCSID("$Id: changepw.c,v 1.54 2005/09/08 11:38:01 lha Exp $");
+RCSID("$Id: changepw.c,v 1.55 2005/12/12 12:48:57 lha Exp $");
static void
str2data (krb5_data *d,
@@ -522,7 +522,12 @@ change_password_loop (krb5_context context,
int sock;
int i;
int done = 0;
- krb5_realm realm = creds->client->realm;
+ krb5_realm realm;
+
+ if (targprinc)
+ realm = targprinc->realm;
+ else
+ realm = creds->client->realm;
ret = krb5_auth_con_init (context, &auth_context);
if (ret)
@@ -712,7 +717,7 @@ krb5_set_password(krb5_context context,
for (i = 0; procs[i].name != NULL; i++) {
*result_code = 0;
- ret = change_password_loop(context, creds, targprinc, newpw,
+ ret = change_password_loop(context, creds, principal, newpw,
result_code, result_code_string,
result_string,
&procs[i]);
diff --git a/source4/heimdal/lib/krb5/crypto.c b/source4/heimdal/lib/krb5/crypto.c
index 2e23306c96..de40b059b8 100644
--- a/source4/heimdal/lib/krb5/crypto.c
+++ b/source4/heimdal/lib/krb5/crypto.c
@@ -32,7 +32,7 @@
*/
#include "krb5_locl.h"
-RCSID("$Id: crypto.c,v 1.129 2005/09/19 22:13:54 lha Exp $");
+RCSID("$Id: crypto.c,v 1.130 2005/12/02 14:47:44 lha Exp $");
#undef CRYPTO_DEBUG
#ifdef CRYPTO_DEBUG
@@ -3942,6 +3942,8 @@ krb5_derive_key(krb5_context context,
struct encryption_type *et;
struct key_data d;
+ *derived_key = NULL;
+
et = _find_enctype (etype);
if (et == NULL) {
krb5_set_error_string(context, "encryption type %d not supported",
@@ -3949,16 +3951,15 @@ krb5_derive_key(krb5_context context,
return KRB5_PROG_ETYPE_NOSUPP;
}
- ret = krb5_copy_keyblock(context, key, derived_key);
+ ret = krb5_copy_keyblock(context, key, &d.key);
if (ret)
return ret;
- d.key = *derived_key;
d.schedule = NULL;
ret = derive_key(context, et, &d, constant, constant_len);
- if (ret)
- return ret;
- ret = krb5_copy_keyblock(context, d.key, derived_key);
+ if (ret == 0)
+ ret = krb5_copy_keyblock(context, d.key, derived_key);
+ free_key_data(context, &d);
return ret;
}
diff --git a/source4/heimdal/lib/krb5/keytab_memory.c b/source4/heimdal/lib/krb5/keytab_memory.c
index 1039847de9..fa54ff43ce 100644
--- a/source4/heimdal/lib/krb5/keytab_memory.c
+++ b/source4/heimdal/lib/krb5/keytab_memory.c
@@ -33,7 +33,7 @@
#include "krb5_locl.h"
-RCSID("$Id: keytab_memory.c,v 1.7 2005/12/01 12:40:22 lha Exp $");
+RCSID("$Id: keytab_memory.c,v 1.8 2005/12/05 18:39:46 lha Exp $");
/* memory operations -------------------------------------------- */
@@ -214,15 +214,9 @@ mkt_remove_entry(krb5_context context,
krb5_clear_error_string (context);
return KRB5_KT_NOTFOUND;
}
- if (d->num_entries == 0) {
- free(d->entries);
- d->entries = NULL;
- } else {
- e = realloc(d->entries, d->num_entries * sizeof(*d->entries));
- if(e != NULL)
- d->entries = e;
- }
-
+ e = realloc(d->entries, d->num_entries * sizeof(*d->entries));
+ if(e != NULL || d->num_entries == 0)
+ d->entries = e;
return 0;
}
diff --git a/source4/heimdal/lib/krb5/krb5-protos.h b/source4/heimdal/lib/krb5/krb5-protos.h
index 301b8853e4..c08d8058a4 100644
--- a/source4/heimdal/lib/krb5/krb5-protos.h
+++ b/source4/heimdal/lib/krb5/krb5-protos.h
@@ -21,21 +21,12 @@ extern "C" {
#endif
void
-initialize_heim_error_table (void);
-
-void
initialize_heim_error_table_r (struct et_list **/*list*/);
void
-initialize_k524_error_table (void);
-
-void
initialize_k524_error_table_r (struct et_list **/*list*/);
void
-initialize_krb5_error_table (void);
-
-void
initialize_krb5_error_table_r (struct et_list **/*list*/);
krb5_error_code KRB5_LIB_FUNCTION
diff --git a/source4/heimdal/lib/krb5/krb5_locl.h b/source4/heimdal/lib/krb5/krb5_locl.h
index 4a02677239..60d72c8f80 100644
--- a/source4/heimdal/lib/krb5/krb5_locl.h
+++ b/source4/heimdal/lib/krb5/krb5_locl.h
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
-/* $Id: krb5_locl.h,v 1.83 2005/10/07 12:08:02 lha Exp $ */
+/* $Id: krb5_locl.h,v 1.84 2005/12/13 15:40:50 lha Exp $ */
#ifndef __KRB5_LOCL_H__
#define __KRB5_LOCL_H__
@@ -170,6 +170,14 @@ struct _krb5_krb_auth_data;
#define KRB5_BUFSIZ 1024
+#ifndef KRB5_DEFAULT_CCNAME
+#ifdef __APPLE__
+#define KRB5_DEFAULT_CCNAME "API:"
+#else
+#define KRB5_DEFAULT_CCNAME "FILE:/tmp/krb5cc_%{uid}"
+#endif
+#endif
+
typedef enum {
KRB5_PA_PAC_DONT_CARE = 0,
KRB5_PA_PAC_REQ_TRUE,
diff --git a/source4/heimdal/lib/krb5/principal.c b/source4/heimdal/lib/krb5/principal.c
index ae5c8c1de8..6cc49945cc 100644
--- a/source4/heimdal/lib/krb5/principal.c
+++ b/source4/heimdal/lib/krb5/principal.c
@@ -41,7 +41,7 @@
#include <fnmatch.h>
#include "resolve.h"
-RCSID("$Id: principal.c,v 1.91 2005/08/23 08:34:40 lha Exp $");
+RCSID("$Id: principal.c,v 1.92 2005/12/11 17:48:13 lha Exp $");
#define princ_num_comp(P) ((P)->name.name_string.len)
#define princ_type(P) ((P)->name.name_type)
diff --git a/source4/heimdal/lib/krb5/set_default_realm.c b/source4/heimdal/lib/krb5/set_default_realm.c
index 965883309c..fd57b6fe67 100644
--- a/source4/heimdal/lib/krb5/set_default_realm.c
+++ b/source4/heimdal/lib/krb5/set_default_realm.c
@@ -77,8 +77,19 @@ krb5_set_default_realm(krb5_context context,
"libdefaults",
"default_realm",
NULL);
- if (realms == NULL)
- ret = krb5_get_host_realm(context, NULL, &realms);
+ if (realms == NULL) {
+ char hostname[MAXHOSTNAMELEN];
+ if (gethostname (hostname, sizeof(hostname))) {
+ return errno;
+ }
+
+ if (strchr(hostname, '.') == NULL) {
+ /* There is no way we can get this mapping, as we can't do DNS */
+ return KRB5_CONFIG_NODEFREALM;
+ }
+ ret = krb5_get_host_realm(context, hostname,
+ &realms);
+ }
} else {
ret = string_to_list (context, realm, &realms);
}
diff --git a/source4/heimdal_build/config.h b/source4/heimdal_build/config.h
index 660739c73f..d2a72cacfb 100644
--- a/source4/heimdal_build/config.h
+++ b/source4/heimdal_build/config.h
@@ -62,6 +62,9 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "\100(#)" msg }
#ifndef HAVE_STRNDUP
#define HAVE_STRNDUP
#endif
+#ifndef HAVE_SOCKLEN_T
+#define HAVE_SOCKLEN_T
+#endif
#ifndef HAVE_SSIZE_T
#define HAVE_SSIZE_T
diff --git a/source4/heimdal_build/config.m4 b/source4/heimdal_build/config.m4
index fb4f27387f..92e38e42c2 100644
--- a/source4/heimdal_build/config.m4
+++ b/source4/heimdal_build/config.m4
@@ -139,6 +139,7 @@ AC_HAVE_TYPE([struct sockaddr], [#include <sys/socket.h>])
AC_HAVE_TYPE([struct sockaddr_storage], [#include <sys/socket.h>])
AC_HAVE_TYPE([struct addrinfo], [#include <netdb.h>])
AC_HAVE_TYPE([struct ifaddrs], [#include <ifaddrs.h>])
+AC_HAVE_TYPE([socklen_t],[#include <sys/socket.h>])
AC_DEFUN([AC_KRB_STRUCT_WINSIZE], [
diff --git a/source4/kdc/hdb-ldb.c b/source4/kdc/hdb-ldb.c
index 9b1d673764..3862ec7f99 100644
--- a/source4/kdc/hdb-ldb.c
+++ b/source4/kdc/hdb-ldb.c
@@ -198,10 +198,17 @@ static HDBFlags uf2HDBFlags(krb5_context context, int userAccountControl, enum h
return flags;
}
-static krb5_error_code hdb_ldb_free_private(krb5_context context, hdb_entry_ex *entry_ex)
+static int hdb_ldb_destrutor(void *ptr)
{
- talloc_free(entry_ex->private);
- return 0;
+ struct hdb_ldb_private *private = ptr;
+ hdb_entry_ex *entry_ex = private->entry_ex;
+ free_hdb_entry(&entry_ex->entry);
+ return 0;
+}
+
+static void hdb_ldb_free_entry(krb5_context context, hdb_entry_ex *entry_ex)
+{
+ talloc_free(entry_ex->ctx);
}
/*
@@ -223,10 +230,9 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db,
struct ldb_dn *domain_dn = samdb_result_dn(mem_ctx, realm_ref_msg, "nCName", ldb_dn_new(mem_ctx));
struct hdb_ldb_private *private;
- hdb_entry *ent = &entry_ex->entry;
NTTIME acct_expiry;
- memset(ent, 0, sizeof(*ent));
+ memset(entry_ex, 0, sizeof(*entry_ex));
krb5_warnx(context, "LDB_message2entry:\n");
@@ -236,9 +242,22 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db,
goto out;
}
+ private = talloc(mem_ctx, struct hdb_ldb_private);
+ if (!private) {
+ ret = ENOMEM;
+ goto out;
+ }
+
+ private->entry_ex = entry_ex;
+
+ talloc_set_destructor(private, hdb_ldb_destrutor);
+
+ entry_ex->ctx = private;
+ entry_ex->free_entry = hdb_ldb_free_entry;
+
userAccountControl = ldb_msg_find_uint(msg, "userAccountControl", 0);
- ent->principal = malloc(sizeof(*(ent->principal)));
+ entry_ex->entry.principal = malloc(sizeof(*(entry_ex->entry.principal)));
if (ent_type == HDB_LDB_ENT_TYPE_ANY && principal == NULL) {
const char *samAccountName = ldb_msg_find_string(msg, "samAccountName", NULL);
if (!samAccountName) {
@@ -247,10 +266,10 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db,
goto out;
}
samAccountName = ldb_msg_find_string(msg, "samAccountName", NULL);
- krb5_make_principal(context, &ent->principal, realm, samAccountName, NULL);
+ krb5_make_principal(context, &entry_ex->entry.principal, realm, samAccountName, NULL);
} else {
char *strdup_realm;
- ret = copy_Principal(principal, ent->principal);
+ ret = copy_Principal(principal, entry_ex->entry.principal);
if (ret) {
krb5_clear_error_string(context);
goto out;
@@ -263,7 +282,7 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db,
* we determine from our records */
/* don't leak */
- free(*krb5_princ_realm(context, ent->principal));
+ free(*krb5_princ_realm(context, entry_ex->entry.principal));
/* this has to be with malloc() */
strdup_realm = strdup(realm);
@@ -272,56 +291,56 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db,
krb5_clear_error_string(context);
goto out;
}
- krb5_princ_set_realm(context, ent->principal, &strdup_realm);
+ krb5_princ_set_realm(context, entry_ex->entry.principal, &strdup_realm);
}
- ent->kvno = ldb_msg_find_int(msg, "msDS-KeyVersionNumber", 0);
+ entry_ex->entry.kvno = ldb_msg_find_int(msg, "msDS-KeyVersionNumber", 0);
- ent->flags = uf2HDBFlags(context, userAccountControl, ent_type);
+ entry_ex->entry.flags = uf2HDBFlags(context, userAccountControl, ent_type);
if (ent_type == HDB_LDB_ENT_TYPE_KRBTGT) {
- ent->flags.invalid = 0;
- ent->flags.server = 1;
- ent->flags.forwardable = 1;
- ent->flags.ok_as_delegate = 1;
+ entry_ex->entry.flags.invalid = 0;
+ entry_ex->entry.flags.server = 1;
+ entry_ex->entry.flags.forwardable = 1;
+ entry_ex->entry.flags.ok_as_delegate = 1;
}
if (lp_parm_bool(-1, "kdc", "require spn for service", True)) {
if (!ldb_msg_find_string(msg, "servicePrincipalName", NULL)) {
- ent->flags.server = 0;
+ entry_ex->entry.flags.server = 0;
}
}
/* use 'whenCreated' */
- ent->created_by.time = ldb_msg_find_krb5time_ldap_time(msg, "whenCreated", 0);
+ entry_ex->entry.created_by.time = ldb_msg_find_krb5time_ldap_time(msg, "whenCreated", 0);
/* use '???' */
- ent->created_by.principal = NULL;
+ entry_ex->entry.created_by.principal = NULL;
- ent->modified_by = (Event *) malloc(sizeof(Event));
- if (ent->modified_by == NULL) {
+ entry_ex->entry.modified_by = (Event *) malloc(sizeof(Event));
+ if (entry_ex->entry.modified_by == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM;
goto out;
}
/* use 'whenChanged' */
- ent->modified_by->time = ldb_msg_find_krb5time_ldap_time(msg, "whenChanged", 0);
+ entry_ex->entry.modified_by->time = ldb_msg_find_krb5time_ldap_time(msg, "whenChanged", 0);
/* use '???' */
- ent->modified_by->principal = NULL;
+ entry_ex->entry.modified_by->principal = NULL;
- ent->valid_start = NULL;
+ entry_ex->entry.valid_start = NULL;
acct_expiry = samdb_result_nttime(msg, "accountExpires", (NTTIME)-1);
if ((acct_expiry == (NTTIME)-1) ||
(acct_expiry == 0x7FFFFFFFFFFFFFFFULL)) {
- ent->valid_end = NULL;
+ entry_ex->entry.valid_end = NULL;
} else {
- ent->valid_end = malloc(sizeof(*ent->valid_end));
- if (ent->valid_end == NULL) {
+ entry_ex->entry.valid_end = malloc(sizeof(*entry_ex->entry.valid_end));
+ if (entry_ex->entry.valid_end == NULL) {
ret = ENOMEM;
goto out;
}
- *ent->valid_end = nt_time_to_unix(acct_expiry);
+ *entry_ex->entry.valid_end = nt_time_to_unix(acct_expiry);
}
if ((ent_type != HDB_LDB_ENT_TYPE_KRBTGT) && (!(userAccountControl & UF_DONT_EXPIRE_PASSWD))) {
@@ -330,24 +349,24 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db,
domain_dn, msg,
"pwdLastSet");
if (must_change_time != 0) {
- ent->pw_end = malloc(sizeof(*ent->pw_end));
- if (ent->pw_end == NULL) {
+ entry_ex->entry.pw_end = malloc(sizeof(*entry_ex->entry.pw_end));
+ if (entry_ex->entry.pw_end == NULL) {
ret = ENOMEM;
goto out;
}
- *ent->pw_end = nt_time_to_unix(must_change_time);
+ *entry_ex->entry.pw_end = nt_time_to_unix(must_change_time);
} else {
- ent->pw_end = NULL;
+ entry_ex->entry.pw_end = NULL;
}
} else {
- ent->pw_end = NULL;
+ entry_ex->entry.pw_end = NULL;
}
- ent->max_life = NULL;
+ entry_ex->entry.max_life = NULL;
- ent->max_renew = NULL;
+ entry_ex->entry.max_renew = NULL;
- ent->generation = NULL;
+ entry_ex->entry.generation = NULL;
/* create the keys and enctypes */
unicodePwd = ldb_msg_find_string(msg, "unicodePwd", NULL);
@@ -399,21 +418,21 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db,
}
if (ret == 0) {
- size_t num_keys = ent->keys.len;
+ size_t num_keys = entry_ex->entry.keys.len;
/*
* create keys from unicodePwd
*/
ret = hdb_generate_key_set_password(context, salt_principal,
unicodePwd,
- &ent->keys.val, &num_keys);
- ent->keys.len = num_keys;
+ &entry_ex->entry.keys.val, &num_keys);
+ entry_ex->entry.keys.len = num_keys;
krb5_free_principal(context, salt_principal);
}
if (ret != 0) {
krb5_warnx(context, "could not generate keys from unicodePwd\n");
- ent->keys.val = NULL;
- ent->keys.len = 0;
+ entry_ex->entry.keys.val = NULL;
+ entry_ex->entry.keys.len = 0;
goto out;
}
} else {
@@ -423,11 +442,11 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db,
val = ldb_msg_find_ldb_val(msg, "ntPwdHash");
if (!val) {
krb5_warnx(context, "neither type of key available for this account\n");
- ent->keys.val = NULL;
- ent->keys.len = 0;
+ entry_ex->entry.keys.val = NULL;
+ entry_ex->entry.keys.len = 0;
} else if (val->length < 16) {
- ent->keys.val = NULL;
- ent->keys.len = 0;
+ entry_ex->entry.keys.val = NULL;
+ entry_ex->entry.keys.len = 0;
krb5_warnx(context, "ntPwdHash has invalid length: %d\n",
(int)val->length);
} else {
@@ -440,53 +459,45 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db,
memcpy(keyvalue.data, val->data, 16);
- ent->keys.val = malloc(sizeof(ent->keys.val[0]));
- if (ent->keys.val == NULL) {
+ entry_ex->entry.keys.val = malloc(sizeof(entry_ex->entry.keys.val[0]));
+ if (entry_ex->entry.keys.val == NULL) {
krb5_data_free(&keyvalue);
krb5_clear_error_string(context);
ret = ENOMEM;
goto out;
}
- memset(&ent->keys.val[0], 0, sizeof(Key));
- ent->keys.val[0].key.keytype = ETYPE_ARCFOUR_HMAC_MD5;
- ent->keys.val[0].key.keyvalue = keyvalue;
+ memset(&entry_ex->entry.keys.val[0], 0, sizeof(Key));
+ entry_ex->entry.keys.val[0].key.keytype = ETYPE_ARCFOUR_HMAC_MD5;
+ entry_ex->entry.keys.val[0].key.keyvalue = keyvalue;
- ent->keys.len = 1;
+ entry_ex->entry.keys.len = 1;
}
}
- ent->etypes = malloc(sizeof(*(ent->etypes)));
- if (ent->etypes == NULL) {
+ entry_ex->entry.etypes = malloc(sizeof(*(entry_ex->entry.etypes)));
+ if (entry_ex->entry.etypes == NULL) {
krb5_clear_error_string(context);
ret = ENOMEM;
goto out;
}
- ent->etypes->len = ent->keys.len;
- ent->etypes->val = calloc(ent->etypes->len, sizeof(int));
- if (ent->etypes->val == NULL) {
+ entry_ex->entry.etypes->len = entry_ex->entry.keys.len;
+ entry_ex->entry.etypes->val = calloc(entry_ex->entry.etypes->len, sizeof(int));
+ if (entry_ex->entry.etypes->val == NULL) {
krb5_clear_error_string(context);
ret = ENOMEM;
goto out;
}
- for (i=0; i < ent->etypes->len; i++) {
- ent->etypes->val[i] = ent->keys.val[i].key.keytype;
+ for (i=0; i < entry_ex->entry.etypes->len; i++) {
+ entry_ex->entry.etypes->val[i] = entry_ex->entry.keys.val[i].key.keytype;
}
- private = talloc(db, struct hdb_ldb_private);
- if (!private) {
- ret = ENOMEM;
- goto out;
- }
-
private->msg = talloc_steal(private, msg);
private->realm_ref_msg = talloc_steal(private, realm_ref_msg);
private->samdb = (struct ldb_context *)db->hdb_db;
- entry_ex->private = private;
- entry_ex->free_private = hdb_ldb_free_private;
entry_ex->check_client_access = hdb_ldb_check_client_access;
entry_ex->authz_data_tgs_req = hdb_ldb_authz_data_tgs_req;
entry_ex->authz_data_as_req = hdb_ldb_authz_data_as_req;
@@ -494,7 +505,9 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db,
out:
if (ret != 0) {
/* This doesn't free ent itself, that is for the eventual caller to do */
- hdb_free_entry(context, &entry_ex->entry);
+ hdb_free_entry(context, entry_ex);
+ } else {
+ talloc_steal(db, entry_ex->ctx);
}
return ret;
@@ -669,10 +682,10 @@ static krb5_error_code LDB_rename(krb5_context context, HDB *db, const char *new
return HDB_ERR_DB_INUSE;
}
-static krb5_error_code LDB_fetch_ex(krb5_context context, HDB *db, unsigned flags,
- krb5_const_principal principal,
- enum hdb_ent_type ent_type,
- hdb_entry_ex *entry_ex)
+static krb5_error_code LDB_fetch(krb5_context context, HDB *db, unsigned flags,
+ krb5_const_principal principal,
+ enum hdb_ent_type ent_type,
+ hdb_entry_ex *entry_ex)
{
struct ldb_message **msg = NULL;
struct ldb_message **realm_ref_msg = NULL;
@@ -860,32 +873,12 @@ static krb5_error_code LDB_fetch_ex(krb5_context context, HDB *db, unsigned flag
return ret;
}
-static krb5_error_code LDB_fetch(krb5_context context, HDB *db, unsigned flags,
- krb5_const_principal principal,
- enum hdb_ent_type ent_type,
- hdb_entry *entry)
-{
- struct hdb_entry_ex entry_ex;
- krb5_error_code ret;
-
- memset(&entry_ex, '\0', sizeof(entry_ex));
- ret = LDB_fetch_ex(context, db, flags, principal, ent_type, &entry_ex);
-
- if (ret == 0) {
- if (entry_ex.free_private) {
- entry_ex.free_private(context, &entry_ex);
- }
- *entry = entry_ex.entry;
- }
- return ret;
-}
-
-static krb5_error_code LDB_store(krb5_context context, HDB *db, unsigned flags, hdb_entry *entry)
+static krb5_error_code LDB_store(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry)
{
return HDB_ERR_DB_INUSE;
}
-static krb5_error_code LDB_remove(krb5_context context, HDB *db, hdb_entry *entry)
+static krb5_error_code LDB_remove(krb5_context context, HDB *db, hdb_entry_ex *entry)
{
return HDB_ERR_DB_INUSE;
}
@@ -898,7 +891,7 @@ struct hdb_ldb_seq {
struct ldb_message **realm_ref_msgs;
};
-static krb5_error_code LDB_seq(krb5_context context, HDB *db, unsigned flags, hdb_entry *entry)
+static krb5_error_code LDB_seq(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry)
{
krb5_error_code ret;
struct hdb_ldb_seq *priv = (struct hdb_ldb_seq *)db->hdb_openp;
@@ -921,13 +914,7 @@ static krb5_error_code LDB_seq(krb5_context context, HDB *db, unsigned flags, hd
ret = LDB_message2entry(context, db, mem_ctx,
NULL, HDB_LDB_ENT_TYPE_ANY,
priv->msgs[priv->index++],
- priv->realm_ref_msgs[0], &entry_ex);
- if (ret == 0) {
- if (entry_ex.free_private) {
- entry_ex.free_private(context, &entry_ex);
- }
- *entry = entry_ex.entry;
- }
+ priv->realm_ref_msgs[0], entry);
} else {
ret = HDB_ERR_NOENTRY;
}
@@ -943,7 +930,7 @@ static krb5_error_code LDB_seq(krb5_context context, HDB *db, unsigned flags, hd
}
static krb5_error_code LDB_firstkey(krb5_context context, HDB *db, unsigned flags,
- hdb_entry *entry)
+ hdb_entry_ex *entry)
{
struct ldb_context *ldb_ctx = (struct ldb_context *)db->hdb_db;
struct hdb_ldb_seq *priv = (struct hdb_ldb_seq *)db->hdb_openp;
@@ -1028,7 +1015,7 @@ static krb5_error_code LDB_firstkey(krb5_context context, HDB *db, unsigned flag
}
static krb5_error_code LDB_nextkey(krb5_context context, HDB *db, unsigned flags,
- hdb_entry *entry)
+ hdb_entry_ex *entry)
{
return LDB_seq(context, db, flags, entry);
}
@@ -1083,7 +1070,6 @@ NTSTATUS hdb_ldb_create(TALLOC_CTX *mem_ctx,
(*db)->hdb_open = LDB_open;
(*db)->hdb_close = LDB_close;
(*db)->hdb_fetch = LDB_fetch;
- (*db)->hdb_fetch_ex = LDB_fetch_ex;
(*db)->hdb_store = LDB_store;
(*db)->hdb_remove = LDB_remove;
(*db)->hdb_firstkey = LDB_firstkey;
diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c
index 79e7b3c5a7..a3dec8c46d 100644
--- a/source4/kdc/pac-glue.c
+++ b/source4/kdc/pac-glue.c
@@ -157,7 +157,7 @@ krb5_error_code hdb_ldb_authz_data_as_req(krb5_context context, struct hdb_entry
krb5_boolean pac_wanted = TRUE;
unsigned int userAccountControl;
struct PA_PAC_REQUEST pac_request;
- struct hdb_ldb_private *private = talloc_get_type(entry_ex->private, struct hdb_ldb_private);
+ struct hdb_ldb_private *private = talloc_get_type(entry_ex->ctx, struct hdb_ldb_private);
/* The user account may be set not to want the PAC */
userAccountControl = ldb_msg_find_uint(private->msg, "userAccountControl", 0);
@@ -218,7 +218,7 @@ krb5_error_code hdb_ldb_authz_data_tgs_req(krb5_context context, struct hdb_entr
unsigned int userAccountControl;
- struct hdb_ldb_private *private = talloc_get_type(entry_ex->private, struct hdb_ldb_private);
+ struct hdb_ldb_private *private = talloc_get_type(entry_ex->ctx, struct hdb_ldb_private);
krb5_data k5pac_in, k5pac_out;
DATA_BLOB pac_in, pac_out;
@@ -321,8 +321,8 @@ krb5_error_code hdb_ldb_check_client_access(krb5_context context, hdb_entry_ex *
{
krb5_error_code ret;
NTSTATUS nt_status;
- TALLOC_CTX *tmp_ctx = talloc_new(entry_ex->private);
- struct hdb_ldb_private *private = talloc_get_type(entry_ex->private, struct hdb_ldb_private);
+ TALLOC_CTX *tmp_ctx = talloc_new(entry_ex->ctx);
+ struct hdb_ldb_private *private = talloc_get_type(entry_ex->ctx, struct hdb_ldb_private);
char *name, *workstation = NULL;
int i;
diff --git a/source4/kdc/pac-glue.h b/source4/kdc/pac-glue.h
index 953ddae815..e5b1960209 100644
--- a/source4/kdc/pac-glue.h
+++ b/source4/kdc/pac-glue.h
@@ -25,6 +25,7 @@
struct ldb_context *samdb;
struct ldb_message *msg;
struct ldb_message *realm_ref_msg;
+ hdb_entry_ex *entry_ex;
};
krb5_error_code hdb_ldb_authz_data_as_req(krb5_context context, struct hdb_entry_ex *entry_ex,