summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/heimdal/kdc/default_config.c2
-rw-r--r--source4/heimdal/kdc/digest.c25
-rw-r--r--source4/heimdal/kdc/kaserver.c17
-rw-r--r--source4/heimdal/kdc/kerberos4.c53
-rw-r--r--source4/heimdal/kdc/kerberos5.c140
-rw-r--r--source4/heimdal/kdc/kx509.c6
-rw-r--r--source4/heimdal/kuser/kinit.c10
-rw-r--r--source4/heimdal/lib/asn1/asn1_err.et5
-rw-r--r--source4/heimdal/lib/asn1/der_get.c25
-rw-r--r--source4/heimdal/lib/asn1/gen.c3
-rw-r--r--source4/heimdal/lib/asn1/gen_decode.c72
-rw-r--r--source4/heimdal/lib/asn1/gen_encode.c19
-rw-r--r--source4/heimdal/lib/asn1/gen_length.c13
-rw-r--r--source4/heimdal/lib/asn1/k5.asn16
-rw-r--r--source4/heimdal/lib/asn1/lex.c33
-rw-r--r--source4/heimdal/lib/asn1/parse.c795
-rw-r--r--source4/heimdal/lib/asn1/parse.h6
-rw-r--r--source4/heimdal/lib/asn1/rfc2459.asn123
-rw-r--r--source4/heimdal/lib/asn1/test.asn19
-rw-r--r--source4/heimdal/lib/asn1/timegm.c6
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_acquire_cred.c9
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_add_cred.c12
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_canonicalize_name.c9
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_compare_name.c9
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_duplicate_name.c6
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_init_sec_context.c8
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_mech_switch.c5
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_names.c27
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_oid_to_str.c5
-rw-r--r--source4/heimdal/lib/gssapi/mech/name.h7
-rw-r--r--source4/heimdal/lib/gssapi/spnego/accept_sec_context.c21
-rw-r--r--source4/heimdal/lib/gssapi/spnego/spnego.asn145
-rw-r--r--source4/heimdal/lib/hcrypto/hmac.c12
-rw-r--r--source4/heimdal/lib/hx509/ca.c4
-rw-r--r--source4/heimdal/lib/hx509/cert.c4
-rw-r--r--source4/heimdal/lib/hx509/hx509-private.h32
-rw-r--r--source4/heimdal/lib/hx509/ks_p11.c11
-rw-r--r--source4/heimdal/lib/hx509/peer.c6
-rw-r--r--source4/heimdal/lib/hx509/print.c48
-rw-r--r--source4/heimdal/lib/krb5/cache.c39
-rw-r--r--source4/heimdal/lib/krb5/changepw.c6
-rw-r--r--source4/heimdal/lib/krb5/get_cred.c12
-rw-r--r--source4/heimdal/lib/krb5/init_creds.c7
-rw-r--r--source4/heimdal/lib/krb5/init_creds_pw.c4
-rw-r--r--source4/heimdal/lib/krb5/krb5-private.h4
-rw-r--r--source4/heimdal/lib/krb5/krb5-protos.h8
-rw-r--r--source4/heimdal/lib/krb5/krb5-v4compat.h50
-rw-r--r--source4/heimdal/lib/krb5/krb5.h13
-rw-r--r--source4/heimdal/lib/krb5/krb5_locl.h10
-rw-r--r--source4/heimdal/lib/krb5/krb_err.et63
-rw-r--r--source4/heimdal/lib/krb5/krbhst.c6
-rwxr-xr-xsource4/heimdal/lib/krb5/pkinit.c52
-rw-r--r--source4/heimdal/lib/krb5/plugin.c16
-rw-r--r--source4/heimdal/lib/krb5/rd_priv.c16
-rw-r--r--source4/heimdal/lib/krb5/v4_glue.c64
-rw-r--r--source4/heimdal/lib/ntlm/ntlm.c4
-rw-r--r--source4/heimdal_build/config.mk8
-rw-r--r--source4/static_deps.mk1
58 files changed, 1145 insertions, 786 deletions
diff --git a/source4/heimdal/kdc/default_config.c b/source4/heimdal/kdc/default_config.c
index e06366f214..5f336e3275 100644
--- a/source4/heimdal/kdc/default_config.c
+++ b/source4/heimdal/kdc/default_config.c
@@ -36,7 +36,7 @@
#include <getarg.h>
#include <parse_bytes.h>
-RCSID("$Id: default_config.c 21296 2007-06-25 14:49:11Z lha $");
+RCSID("$Id: default_config.c 21405 2007-07-04 10:35:45Z lha $");
krb5_error_code
krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
diff --git a/source4/heimdal/kdc/digest.c b/source4/heimdal/kdc/digest.c
index 801449fe5e..358ca5ad56 100644
--- a/source4/heimdal/kdc/digest.c
+++ b/source4/heimdal/kdc/digest.c
@@ -34,7 +34,7 @@
#include "kdc_locl.h"
#include <hex.h>
-RCSID("$Id: digest.c 21241 2007-06-20 11:30:19Z lha $");
+RCSID("$Id: digest.c 21606 2007-07-17 07:03:25Z lha $");
#define MS_CHAP_V2 0x20
#define CHAP_MD5 0x10
@@ -975,7 +975,7 @@ _kdc_do_digest(krb5_context context,
}
kdc_log(context, config, 0, "Digest %s request successful %s",
- ireq.u.digestRequest.type, from);
+ ireq.u.digestRequest.type, ireq.u.digestRequest.username);
break;
}
@@ -1227,7 +1227,7 @@ _kdc_do_digest(krb5_context context,
version = 1;
if (flags & NTLM_NEG_NTLM2_SESSION) {
- char sessionhash[MD5_DIGEST_LENGTH];
+ unsigned char sessionhash[MD5_DIGEST_LENGTH];
MD5_CTX md5ctx;
if ((config->digests_allowed & NTLM_V1_SESSION) == 0) {
@@ -1331,10 +1331,24 @@ _kdc_do_digest(krb5_context context,
version, ireq.u.ntlmRequest.username);
break;
}
- default:
+ default: {
+ char *s;
+ krb5_set_error_string(context, "unknown operation to digest");
+ ret = EINVAL;
+
failed:
+
+ s = krb5_get_error_message(context, ret);
+ if (s == NULL) {
+ krb5_clear_error_string(context);
+ goto out;
+ }
+
+ kdc_log(context, config, 0, "Digest failed with: %s", s);
+
r.element = choice_DigestRepInner_error;
- r.u.error.reason = strdup("unknown/failed operation");
+ r.u.error.reason = strdup("unknown error");
+ krb5_free_error_string(context, s);
if (r.u.error.reason == NULL) {
krb5_set_error_string(context, "out of memory");
ret = ENOMEM;
@@ -1343,6 +1357,7 @@ _kdc_do_digest(krb5_context context,
r.u.error.code = EINVAL;
break;
}
+ }
ASN1_MALLOC_ENCODE(DigestRepInner, buf.data, buf.length, &r, &size, ret);
if (ret) {
diff --git a/source4/heimdal/kdc/kaserver.c b/source4/heimdal/kdc/kaserver.c
index deb32e1019..15624e8e76 100644
--- a/source4/heimdal/kdc/kaserver.c
+++ b/source4/heimdal/kdc/kaserver.c
@@ -33,7 +33,7 @@
#include "kdc_locl.h"
-RCSID("$Id: kaserver.c 17904 2006-08-23 11:45:16Z lha $");
+RCSID("$Id: kaserver.c 21661 2007-07-22 01:57:17Z lha $");
#include <krb5-v4compat.h>
#include <rx.h>
@@ -191,19 +191,28 @@ init_reply_header (struct rx_header *hdr,
reply_hdr->serviceid = hdr->serviceid;
}
+/*
+ * Create an error `reply´ using for the packet `hdr' with the error
+ * `error´ code.
+ */
static void
make_error_reply (struct rx_header *hdr,
- uint32_t ret,
+ uint32_t error,
krb5_data *reply)
{
- krb5_storage *sp;
struct rx_header reply_hdr;
+ krb5_error_code ret;
+ krb5_storage *sp;
init_reply_header (hdr, &reply_hdr, HT_ABORT, HF_LAST);
sp = krb5_storage_emem();
+ if (sp == NULL)
+ return;
ret = encode_rx_header (&reply_hdr, sp);
- krb5_store_int32(sp, ret);
+ if (ret)
+ return;
+ krb5_store_int32(sp, error);
krb5_storage_to_data (sp, reply);
krb5_storage_free (sp);
}
diff --git a/source4/heimdal/kdc/kerberos4.c b/source4/heimdal/kdc/kerberos4.c
index 3c76bb99b2..cbba64945b 100644
--- a/source4/heimdal/kdc/kerberos4.c
+++ b/source4/heimdal/kdc/kerberos4.c
@@ -35,7 +35,7 @@
#include <krb5-v4compat.h>
-RCSID("$Id: kerberos4.c 18349 2006-10-08 13:43:52Z lha $");
+RCSID("$Id: kerberos4.c 21577 2007-07-16 08:14:06Z lha $");
#ifndef swap32
static uint32_t
@@ -151,7 +151,8 @@ _kdc_do_version4(krb5_context context,
if(!config->enable_v4) {
kdc_log(context, config, 0,
"Rejected version 4 request from %s", from);
- make_err_reply(context, reply, KDC_GEN_ERR, "function not enabled");
+ make_err_reply(context, reply, KRB4ET_KDC_GEN_ERR,
+ "Function not enabled");
return 0;
}
@@ -160,7 +161,7 @@ _kdc_do_version4(krb5_context context,
if(pvno != 4){
kdc_log(context, config, 0,
"Protocol version mismatch (krb4) (%d)", pvno);
- make_err_reply(context, reply, KDC_PKT_VER, "protocol mismatch");
+ make_err_reply(context, reply, KRB4ET_KDC_PKT_VER, "protocol mismatch");
goto out;
}
RCHECK(krb5_ret_int8(sp, &msg_type), out);
@@ -196,7 +197,7 @@ _kdc_do_version4(krb5_context context,
if(ret) {
kdc_log(context, config, 0, "Client not found in database: %s: %s",
client_name, krb5_get_err_text(context, ret));
- make_err_reply(context, reply, KERB_ERR_PRINCIPAL_UNKNOWN,
+ make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN,
"principal unknown");
goto out1;
}
@@ -205,7 +206,7 @@ _kdc_do_version4(krb5_context context,
if(ret){
kdc_log(context, config, 0, "Server not found in database: %s: %s",
server_name, krb5_get_err_text(context, ret));
- make_err_reply(context, reply, KERB_ERR_PRINCIPAL_UNKNOWN,
+ make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN,
"principal unknown");
goto out1;
}
@@ -216,7 +217,7 @@ _kdc_do_version4(krb5_context context,
TRUE);
if (ret) {
/* good error code? */
- make_err_reply(context, reply, KERB_ERR_NAME_EXP,
+ make_err_reply(context, reply, KRB4ET_KDC_NAME_EXP,
"operation not allowed");
goto out1;
}
@@ -227,7 +228,7 @@ _kdc_do_version4(krb5_context context,
kdc_log(context, config, 0,
"Per principal Kerberos 4 flag not turned on for %s",
client_name);
- make_err_reply(context, reply, KERB_ERR_NULL_KEY,
+ make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY,
"allow kerberos4 flag required");
goto out1;
}
@@ -244,7 +245,7 @@ _kdc_do_version4(krb5_context context,
"Pre-authentication required for v4-request: "
"%s for %s",
client_name, server_name);
- make_err_reply(context, reply, KERB_ERR_NULL_KEY,
+ make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY,
"preauth required");
goto out1;
}
@@ -252,7 +253,7 @@ _kdc_do_version4(krb5_context context,
ret = _kdc_get_des_key(context, client, FALSE, FALSE, &ckey);
if(ret){
kdc_log(context, config, 0, "no suitable DES key for client");
- make_err_reply(context, reply, KDC_NULL_KEY,
+ make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY,
"no suitable DES key for client");
goto out1;
}
@@ -265,7 +266,7 @@ _kdc_do_version4(krb5_context context,
if(ret){
kdc_log(context, config, 0, "No version-4 salted key in database -- %s.%s@%s",
name, inst, realm);
- make_err_reply(context, reply, KDC_NULL_KEY,
+ make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY,
"No version-4 salted key in database");
goto out1;
}
@@ -274,8 +275,7 @@ _kdc_do_version4(krb5_context context,
ret = _kdc_get_des_key(context, server, TRUE, FALSE, &skey);
if(ret){
kdc_log(context, config, 0, "no suitable DES key for server");
- /* XXX */
- make_err_reply(context, reply, KDC_NULL_KEY,
+ make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY,
"no suitable DES key for server");
goto out1;
}
@@ -400,7 +400,7 @@ _kdc_do_version4(krb5_context context,
"tgs-req (krb4) with old kvno %d (current %d) for "
"krbtgt.%s@%s", kvno, tgt->entry.kvno % 256,
realm, config->v4_realm);
- make_err_reply(context, reply, KDC_AUTH_EXP,
+ make_err_reply(context, reply, KRB4ET_KDC_AUTH_EXP,
"old krbtgt kvno used");
goto out2;
}
@@ -409,8 +409,7 @@ _kdc_do_version4(krb5_context context,
if(ret){
kdc_log(context, config, 0,
"no suitable DES key for krbtgt (krb4)");
- /* XXX */
- make_err_reply(context, reply, KDC_NULL_KEY,
+ make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY,
"no suitable DES key for krbtgt");
goto out2;
}
@@ -456,7 +455,7 @@ _kdc_do_version4(krb5_context context,
if(strcmp(ad.prealm, realm)){
kdc_log(context, config, 0,
"Can't hop realms (krb4) %s -> %s", realm, ad.prealm);
- make_err_reply(context, reply, KERB_ERR_PRINCIPAL_UNKNOWN,
+ make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN,
"Can't hop realms");
goto out2;
}
@@ -465,7 +464,7 @@ _kdc_do_version4(krb5_context context,
kdc_log(context, config, 0,
"krb4 Cross-realm %s -> %s disabled",
realm, config->v4_realm);
- make_err_reply(context, reply, KERB_ERR_PRINCIPAL_UNKNOWN,
+ make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN,
"Can't hop realms");
goto out2;
}
@@ -473,7 +472,7 @@ _kdc_do_version4(krb5_context context,
if(strcmp(sname, "changepw") == 0){
kdc_log(context, config, 0,
"Bad request for changepw ticket (krb4)");
- make_err_reply(context, reply, KERB_ERR_PRINCIPAL_UNKNOWN,
+ make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN,
"Can't authorize password change based on TGT");
goto out2;
}
@@ -485,7 +484,7 @@ _kdc_do_version4(krb5_context context,
s = kdc_log_msg(context, config, 0,
"Client not found in database: (krb4) %s: %s",
client_name, krb5_get_err_text(context, ret));
- make_err_reply(context, reply, KERB_ERR_PRINCIPAL_UNKNOWN, s);
+ make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN, s);
free(s);
goto out2;
}
@@ -494,7 +493,7 @@ _kdc_do_version4(krb5_context context,
s = kdc_log_msg(context, config, 0,
"Local client not found in database: (krb4) "
"%s", client_name);
- make_err_reply(context, reply, KERB_ERR_PRINCIPAL_UNKNOWN, s);
+ make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN, s);
free(s);
goto out2;
}
@@ -506,7 +505,7 @@ _kdc_do_version4(krb5_context context,
s = kdc_log_msg(context, config, 0,
"Server not found in database (krb4): %s: %s",
server_name, krb5_get_err_text(context, ret));
- make_err_reply(context, reply, KERB_ERR_PRINCIPAL_UNKNOWN, s);
+ make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN, s);
free(s);
goto out2;
}
@@ -516,8 +515,7 @@ _kdc_do_version4(krb5_context context,
server, server_name,
FALSE);
if (ret) {
- /* good error code? */
- make_err_reply(context, reply, KERB_ERR_NAME_EXP,
+ make_err_reply(context, reply, KRB4ET_KDC_NAME_EXP,
"operation not allowed");
goto out2;
}
@@ -526,8 +524,7 @@ _kdc_do_version4(krb5_context context,
if(ret){
kdc_log(context, config, 0,
"no suitable DES key for server (krb4)");
- /* XXX */
- make_err_reply(context, reply, KDC_NULL_KEY,
+ make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY,
"no suitable DES key for server");
goto out2;
}
@@ -787,7 +784,7 @@ _kdc_get_des_key(krb5_context context,
else if(is_server && server_key)
*ret_key = server_key;
else
- return KERB_ERR_NULL_KEY;
+ return KRB4ET_KDC_NULL_KEY;
} else {
if(v4_key)
*ret_key = v4_key;
@@ -798,11 +795,11 @@ _kdc_get_des_key(krb5_context context,
else if(is_server && server_key)
*ret_key = server_key;
else
- return KERB_ERR_NULL_KEY;
+ return KRB4ET_KDC_NULL_KEY;
}
if((*ret_key)->key.keyvalue.length == 0)
- return KERB_ERR_NULL_KEY;
+ return KRB4ET_KDC_NULL_KEY;
return 0;
}
diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c
index e34938447a..40a9c9c972 100644
--- a/source4/heimdal/kdc/kerberos5.c
+++ b/source4/heimdal/kdc/kerberos5.c
@@ -33,7 +33,7 @@
#include "kdc_locl.h"
-RCSID("$Id: kerberos5.c 21040 2007-06-10 06:20:59Z lha $");
+RCSID("$Id: kerberos5.c 21529 2007-07-13 12:37:14Z lha $");
#define MAX_TIME ((time_t)((1U << 31) - 1))
@@ -85,6 +85,22 @@ _kdc_find_padata(const KDC_REQ *req, int *start, int type)
}
/*
+ * Detect if `key' is the using the the precomputed `default_salt'.
+ */
+
+static krb5_boolean
+is_default_salt_p(const krb5_salt *default_salt, const Key *key)
+{
+ if (key->salt == NULL)
+ return TRUE;
+ if (default_salt->salttype != key->salt->type)
+ return FALSE;
+ if (krb5_data_cmp(&default_salt->saltvalue, &key->salt->salt))
+ return FALSE;
+ return TRUE;
+}
+
+/*
* return the first appropriate key of `princ' in `ret_key'. Look for
* all the etypes in (`etypes', `len'), stopping as soon as we find
* one, but preferring one that has default salt
@@ -97,6 +113,9 @@ _kdc_find_etype(krb5_context context, const hdb_entry_ex *princ,
{
int i;
krb5_error_code ret = KRB5KDC_ERR_ETYPE_NOSUPP;
+ krb5_salt def_salt;
+
+ krb5_get_pw_salt (context, princ->entry.principal, &def_salt);
for(i = 0; ret != 0 && i < len ; i++) {
Key *key = NULL;
@@ -112,10 +131,13 @@ _kdc_find_etype(krb5_context context, const hdb_entry_ex *princ,
*ret_key = key;
*ret_etype = etypes[i];
ret = 0;
- if (key->salt == NULL)
+ if (is_default_salt_p(&def_salt, key)) {
+ krb5_free_salt (context, def_salt);
return ret;
+ }
}
}
+ krb5_free_salt (context, def_salt);
return ret;
}
@@ -325,6 +347,43 @@ _kdc_encode_reply(krb5_context context,
return 0;
}
+/*
+ * Return 1 if the client have only older enctypes, this is for
+ * determining if the server should send ETYPE_INFO2 or not.
+ */
+
+static int
+older_enctype(krb5_enctype enctype)
+{
+ switch (enctype) {
+ case ETYPE_DES_CBC_CRC:
+ case ETYPE_DES_CBC_MD4:
+ case ETYPE_DES_CBC_MD5:
+ case ETYPE_DES3_CBC_SHA1:
+ case ETYPE_ARCFOUR_HMAC_MD5:
+ case ETYPE_ARCFOUR_HMAC_MD5_56:
+ return 1;
+ default:
+ return 0;
+ }
+}
+
+static int
+only_older_enctype_p(const KDC_REQ *req)
+{
+ int i;
+
+ for(i = 0; i < req->req_body.etype.len; i++) {
+ if (!older_enctype(req->req_body.etype.val[i]))
+ return 0;
+ }
+ return 1;
+}
+
+/*
+ *
+ */
+
static krb5_error_code
make_etype_info_entry(krb5_context context, ETYPE_INFO_ENTRY *ent, Key *key)
{
@@ -395,14 +454,18 @@ get_pa_etype_info(krb5_context context,
return ENOMEM;
memset(pa.val, 0, pa.len * sizeof(*pa.val));
- for(j = 0; j < etypes_len; j++) {
- for (i = 0; i < n; i++)
- if (pa.val[i].etype == etypes[j])
+ for(i = 0; i < client->keys.len; i++) {
+ for (j = 0; j < n; j++)
+ if (pa.val[j].etype == client->keys.val[i].key.keytype)
goto skip1;
- for(i = 0; i < client->keys.len; i++) {
+ for(j = 0; j < etypes_len; j++) {
if(client->keys.val[i].key.keytype == etypes[j]) {
if (krb5_enctype_valid(context, etypes[j]) != 0)
continue;
+ if (!older_enctype(etypes[j]))
+ continue;
+ if (n >= pa.len)
+ krb5_abortx(context, "internal error: n >= p.len");
if((ret = make_etype_info_entry(context,
&pa.val[n++],
&client->keys.val[i])) != 0) {
@@ -420,6 +483,10 @@ get_pa_etype_info(krb5_context context,
}
if (krb5_enctype_valid(context, client->keys.val[i].key.keytype) != 0)
continue;
+ if (!older_enctype(etypes[j]))
+ continue;
+ if (n >= pa.len)
+ krb5_abortx(context, "internal error: n >= p.len");
if((ret = make_etype_info_entry(context,
&pa.val[n++],
&client->keys.val[i])) != 0) {
@@ -429,16 +496,8 @@ get_pa_etype_info(krb5_context context,
skip2:;
}
- if(n != pa.len) {
- char *name;
- ret = krb5_unparse_name(context, client->principal, &name);
- if (ret)
- name = rk_UNCONST("<unparse_name failed>");
- kdc_log(context, config, 0,
- "internal error in get_pa_etype_info(%s): %d != %d",
- name, n, pa.len);
- if (ret == 0)
- free(name);
+ if(n < pa.len) {
+ /* stripped out newer enctypes */
pa.len = n;
}
@@ -528,33 +587,9 @@ make_etype_info2_entry(ETYPE_INFO2_ENTRY *ent, Key *key)
}
/*
- * Return 1 if the client have only older enctypes, this is for
- * determining if the server should send ETYPE_INFO2 or not.
- */
-
-static int
-only_older_enctype_p(const KDC_REQ *req)
-{
- int i;
-
- for(i = 0; i < req->req_body.etype.len; i++) {
- switch (req->req_body.etype.val[i]) {
- case ETYPE_DES_CBC_CRC:
- case ETYPE_DES_CBC_MD4:
- case ETYPE_DES_CBC_MD5:
- case ETYPE_DES3_CBC_SHA1:
- case ETYPE_ARCFOUR_HMAC_MD5:
- case ETYPE_ARCFOUR_HMAC_MD5_56:
- break;
- default:
- return 0;
- }
- }
- return 1;
-}
-
-/*
- *
+ * Return an ETYPE-INFO2. Enctypes are storted the same way as in the
+ * database (client supported enctypes first, then the unsupported
+ * enctypes).
*/
static krb5_error_code
@@ -578,11 +613,11 @@ get_pa_etype_info2(krb5_context context,
return ENOMEM;
memset(pa.val, 0, pa.len * sizeof(*pa.val));
- for(j = 0; j < etypes_len; j++) {
- for (i = 0; i < n; i++)
- if (pa.val[i].etype == etypes[j])
+ for(i = 0; i < client->keys.len; i++) {
+ for (j = 0; j < n; j++)
+ if (pa.val[j].etype == client->keys.val[i].key.keytype)
goto skip1;
- for(i = 0; i < client->keys.len; i++) {
+ for(j = 0; j < etypes_len; j++) {
if(client->keys.val[i].key.keytype == etypes[j]) {
if (krb5_enctype_valid(context, etypes[j]) != 0)
continue;
@@ -595,6 +630,7 @@ get_pa_etype_info2(krb5_context context,
}
skip1:;
}
+ /* send enctypes that the cliene doesn't know about too */
for(i = 0; i < client->keys.len; i++) {
for(j = 0; j < etypes_len; j++) {
if(client->keys.val[i].key.keytype == etypes[j])
@@ -959,7 +995,9 @@ _kdc_as_rep(krb5_context context,
if (b->cname->name_type == KRB5_NT_ENTERPRISE_PRINCIPAL) {
if (b->cname->name_string.len != 1) {
kdc_log(context, config, 0,
- "AS-REQ malformed canon request from %s", from);
+ "AS-REQ malformed canon request from %s, "
+ "enterprise name with %d name components",
+ from, b->cname->name_string.len);
ret = KRB5_PARSE_MALFORMED;
goto out;
}
@@ -1395,6 +1433,12 @@ _kdc_as_rep(krb5_context context,
copy_Realm(&server->entry.principal->realm, &rep.ticket.realm);
_krb5_principal2principalname(&rep.ticket.sname,
server->entry.principal);
+ /* java 1.6 expects the name to be the same type, lets allow that
+ * uncomplicated name-types. */
+#define CNT(sp,t) (((sp)->sname->name_type) == KRB5_NT_##t)
+ if (CNT(b, UNKNOWN) || CNT(b, PRINCIPAL) || CNT(b, SRV_INST) || CNT(b, SRV_HST) || CNT(b, SRV_XHST))
+ rep.ticket.sname.name_type = b->sname->name_type;
+#undef CNT
et.flags.initial = 1;
if(client->entry.flags.forwardable && server->entry.flags.forwardable)
diff --git a/source4/heimdal/kdc/kx509.c b/source4/heimdal/kdc/kx509.c
index 8414ecb4b2..b1b861efef 100644
--- a/source4/heimdal/kdc/kx509.c
+++ b/source4/heimdal/kdc/kx509.c
@@ -36,7 +36,7 @@
#include <rfc2459_asn1.h>
#include <hx509.h>
-RCSID("$Id: kx509.c 19992 2007-01-20 09:06:18Z lha $");
+RCSID("$Id: kx509.c 21607 2007-07-17 07:04:52Z lha $");
/*
*
@@ -56,7 +56,7 @@ _kdc_try_kx509_request(void *ptr, size_t len, Kx509Request *req, size_t *size)
*
*/
-static const char version_2_0[4] = {0 , 0, 2, 0};
+static const unsigned char version_2_0[4] = {0 , 0, 2, 0};
static krb5_error_code
verify_req_hash(krb5_context context,
@@ -122,7 +122,7 @@ calculate_reply_hash(krb5_context context,
if (rep->certificate)
HMAC_Update(&ctx, rep->certificate->data, rep->certificate->length);
if (rep->e_text)
- HMAC_Update(&ctx, *rep->e_text, strlen(*rep->e_text));
+ HMAC_Update(&ctx, (unsigned char *)*rep->e_text, strlen(*rep->e_text));
HMAC_Final(&ctx, rep->hash->data, 0);
HMAC_CTX_cleanup(&ctx);
diff --git a/source4/heimdal/kuser/kinit.c b/source4/heimdal/kuser/kinit.c
index 29a9bdd5c7..23fa7a5baf 100644
--- a/source4/heimdal/kuser/kinit.c
+++ b/source4/heimdal/kuser/kinit.c
@@ -32,18 +32,10 @@
*/
#include "kuser_locl.h"
-RCSID("$Id: kinit.c 20517 2007-04-22 10:42:26Z lha $");
+RCSID("$Id: kinit.c 21483 2007-07-10 16:40:46Z lha $");
#include "krb5-v4compat.h"
-struct krb5_pk_identity;
-struct krb5_pk_cert;
-struct ContentInfo;
-struct _krb5_krb_auth_data;
-struct krb5_dh_moduli;
-struct krb5_plugin;
-enum plugin_type;
-#include "krb5-private.h"
#include "heimntlm.h"
int forwardable_flag = -1;
diff --git a/source4/heimdal/lib/asn1/asn1_err.et b/source4/heimdal/lib/asn1/asn1_err.et
index 67af1a44fc..c624e218e7 100644
--- a/source4/heimdal/lib/asn1/asn1_err.et
+++ b/source4/heimdal/lib/asn1/asn1_err.et
@@ -3,7 +3,7 @@
#
# This might look like a com_err file, but is not
#
-id "$Id: asn1_err.et 20010 2007-01-20 21:52:27Z lha $"
+id "$Id: asn1_err.et 21394 2007-07-02 10:14:43Z lha $"
error_table asn1
prefix ASN1
@@ -19,4 +19,7 @@ error_code BAD_FORMAT, "ASN.1 badly-formatted encoding"
error_code PARSE_ERROR, "ASN.1 parse error"
error_code EXTRA_DATA, "ASN.1 extra data past end of end structure"
error_code BAD_CHARACTER, "ASN.1 invalid character in string"
+error_code MIN_CONSTRAINT, "ASN.1 too few elements"
+error_code MAX_CONSTRAINT, "ASN.1 too many elements"
+error_code EXACT_CONSTRAINT, "ASN.1 wrong number of elements"
end
diff --git a/source4/heimdal/lib/asn1/der_get.c b/source4/heimdal/lib/asn1/der_get.c
index 3022435b33..f232ce9a29 100644
--- a/source4/heimdal/lib/asn1/der_get.c
+++ b/source4/heimdal/lib/asn1/der_get.c
@@ -33,7 +33,7 @@
#include "der_locl.h"
-RCSID("$Id: der_get.c 20570 2007-04-27 14:06:27Z lha $");
+RCSID("$Id: der_get.c 21369 2007-06-27 10:14:39Z lha $");
#include <version.h>
@@ -336,32 +336,25 @@ generalizedtime2time (const char *s, time_t *t)
*t = _der_timegm (&tm);
return 0;
}
-#undef timegm
static int
der_get_time (const unsigned char *p, size_t len,
time_t *data, size_t *size)
{
- heim_octet_string k;
char *times;
- size_t ret = 0;
- size_t l;
int e;
- e = der_get_octet_string (p, len, &k, &l);
- if (e) return e;
- p += l;
- len -= l;
- ret += l;
- times = realloc(k.data, k.length + 1);
- if (times == NULL){
- free(k.data);
+ if (len > len + 1 || len == 0)
+ return ASN1_BAD_LENGTH;
+
+ times = malloc(len + 1);
+ if (times == NULL)
return ENOMEM;
- }
- times[k.length] = 0;
+ memcpy(times, p, len);
+ times[len] = '\0';
e = generalizedtime2time(times, data);
free (times);
- if(size) *size = ret;
+ if(size) *size = len;
return e;
}
diff --git a/source4/heimdal/lib/asn1/gen.c b/source4/heimdal/lib/asn1/gen.c
index cc1a3056de..26890212ae 100644
--- a/source4/heimdal/lib/asn1/gen.c
+++ b/source4/heimdal/lib/asn1/gen.c
@@ -33,7 +33,7 @@
#include "gen_locl.h"
-RCSID("$Id: gen.c 20670 2007-05-11 00:39:41Z lha $");
+RCSID("$Id: gen.c 21364 2007-06-27 08:51:06Z lha $");
FILE *headerfile, *codefile, *logfile;
@@ -253,6 +253,7 @@ generate_header_of_codefile(const char *name)
"#include <time.h>\n"
"#include <string.h>\n"
"#include <errno.h>\n"
+ "#include <limits.h>\n"
"#include <krb5-types.h>\n",
orig_filename);
diff --git a/source4/heimdal/lib/asn1/gen_decode.c b/source4/heimdal/lib/asn1/gen_decode.c
index 7ebef6cdce..face9ba47a 100644
--- a/source4/heimdal/lib/asn1/gen_decode.c
+++ b/source4/heimdal/lib/asn1/gen_decode.c
@@ -34,7 +34,7 @@
#include "gen_locl.h"
#include "lex.h"
-RCSID("$Id: gen_decode.c 19572 2006-12-29 17:30:32Z lha $");
+RCSID("$Id: gen_decode.c 21503 2007-07-12 11:57:19Z lha $");
static void
decode_primitive (const char *typename, const char *name, const char *forwstr)
@@ -202,6 +202,32 @@ find_tag (const Type *t,
}
}
+static void
+range_check(const char *name,
+ const char *length,
+ const char *forwstr,
+ struct range *r)
+{
+ if (r->min == r->max + 2 || r->min < r->max)
+ fprintf (codefile,
+ "if ((%s)->%s > %d) {\n"
+ "e = ASN1_MAX_CONSTRAINT; %s;\n"
+ "}\n",
+ name, length, r->max, forwstr);
+ if (r->min - 1 == r->max || r->min < r->max)
+ fprintf (codefile,
+ "if ((%s)->%s < %d) {\n"
+ "e = ASN1_MIN_CONSTRAINT; %s;\n"
+ "}\n",
+ name, length, r->min, forwstr);
+ if (r->max == r->min)
+ fprintf (codefile,
+ "if ((%s)->%s != %d) {\n"
+ "e = ASN1_EXACT_CONSTRAINT; %s;\n"
+ "}\n",
+ name, length, r->min, forwstr);
+}
+
static int
decode_type (const char *name, const Type *t, int optional,
const char *forwstr, const char *tmpstr)
@@ -236,12 +262,14 @@ decode_type (const char *name, const Type *t, int optional,
}
case TInteger:
if(t->members) {
- char *s;
- asprintf(&s, "(int*)%s", name);
- if (s == NULL)
- errx (1, "out of memory");
- decode_primitive ("integer", s, forwstr);
- free(s);
+ fprintf(codefile,
+ "{\n"
+ "int enumint;\n");
+ decode_primitive ("integer", "&enumint", forwstr);
+ fprintf(codefile,
+ "*%s = enumint;\n"
+ "}\n",
+ name);
} else if (t->range == NULL) {
decode_primitive ("heim_integer", name, forwstr);
} else if (t->range->min == INT_MIN && t->range->max == INT_MAX) {
@@ -262,6 +290,8 @@ decode_type (const char *name, const Type *t, int optional,
break;
case TOctetString:
decode_primitive ("octet_string", name, forwstr);
+ if (t->range)
+ range_check(name, "length", forwstr, t->range);
break;
case TBitString: {
Member *m;
@@ -394,19 +424,31 @@ decode_type (const char *name, const Type *t, int optional,
"{\n"
"size_t %s_origlen = len;\n"
"size_t %s_oldret = ret;\n"
+ "size_t %s_olen = 0;\n"
"void *%s_tmp;\n"
"ret = 0;\n"
"(%s)->len = 0;\n"
- "(%s)->val = NULL;\n"
+ "(%s)->val = NULL;\n",
+ tmpstr,
+ tmpstr,
+ tmpstr,
+ tmpstr,
+ name,
+ name);
+
+ fprintf (codefile,
"while(ret < %s_origlen) {\n"
- "%s_tmp = realloc((%s)->val, "
- " sizeof(*((%s)->val)) * ((%s)->len + 1));\n"
- "if (%s_tmp == NULL) { %s; }\n"
+ "size_t %s_nlen = %s_olen + sizeof(*((%s)->val));\n"
+ "if (%s_olen > %s_nlen) { e = ASN1_OVERFLOW; %s; }\n"
+ "%s_olen = %s_nlen;\n"
+ "%s_tmp = realloc((%s)->val, %s_olen);\n"
+ "if (%s_tmp == NULL) { e = ENOMEM; %s; }\n"
"(%s)->val = %s_tmp;\n",
- tmpstr, tmpstr, tmpstr,
- name, name,
+ tmpstr,
+ tmpstr, tmpstr, name,
+ tmpstr, tmpstr, forwstr,
tmpstr, tmpstr,
- name, name, name,
+ tmpstr, name, tmpstr,
tmpstr, forwstr,
name, tmpstr);
@@ -425,6 +467,8 @@ decode_type (const char *name, const Type *t, int optional,
"}\n",
name,
tmpstr, tmpstr);
+ if (t->range)
+ range_check(name, "len", forwstr, t->range);
free (n);
free (sname);
break;
diff --git a/source4/heimdal/lib/asn1/gen_encode.c b/source4/heimdal/lib/asn1/gen_encode.c
index b5337b1c43..9544514212 100644
--- a/source4/heimdal/lib/asn1/gen_encode.c
+++ b/source4/heimdal/lib/asn1/gen_encode.c
@@ -33,7 +33,7 @@
#include "gen_locl.h"
-RCSID("$Id: gen_encode.c 19572 2006-12-29 17:30:32Z lha $");
+RCSID("$Id: gen_encode.c 21503 2007-07-12 11:57:19Z lha $");
static void
encode_primitive (const char *typename, const char *name)
@@ -121,12 +121,12 @@ encode_type (const char *name, const Type *t, const char *tmpstr)
break;
case TInteger:
if(t->members) {
- char *s;
- asprintf(&s, "(const int*)%s", name);
- if(s == NULL)
- errx(1, "out of memory");
- encode_primitive ("integer", s);
- free(s);
+ fprintf(codefile,
+ "{\n"
+ "int enumint = (int)*%s;\n",
+ name);
+ encode_primitive ("integer", "&enumint");
+ fprintf(codefile, "}\n;");
} else if (t->range == NULL) {
encode_primitive ("heim_integer", name);
} else if (t->range->min == INT_MIN && t->range->max == INT_MAX) {
@@ -293,6 +293,11 @@ encode_type (const char *name, const Type *t, const char *tmpstr)
"int eret;\n");
fprintf(codefile,
+ "if ((%s)->len > UINT_MAX/sizeof(val[0]))\n"
+ "return ERANGE;\n",
+ name);
+
+ fprintf(codefile,
"val = malloc(sizeof(val[0]) * (%s)->len);\n"
"if (val == NULL && (%s)->len != 0) return ENOMEM;\n",
name, name);
diff --git a/source4/heimdal/lib/asn1/gen_length.c b/source4/heimdal/lib/asn1/gen_length.c
index a1f7cc6644..4cb5d45089 100644
--- a/source4/heimdal/lib/asn1/gen_length.c
+++ b/source4/heimdal/lib/asn1/gen_length.c
@@ -33,7 +33,7 @@
#include "gen_locl.h"
-RCSID("$Id: gen_length.c 19539 2006-12-28 17:15:05Z lha $");
+RCSID("$Id: gen_length.c 21503 2007-07-12 11:57:19Z lha $");
static void
length_primitive (const char *typename,
@@ -72,12 +72,11 @@ length_type (const char *name, const Type *t,
break;
case TInteger:
if(t->members) {
- char *s;
- asprintf(&s, "(const int*)%s", name);
- if(s == NULL)
- errx (1, "out of memory");
- length_primitive ("integer", s, variable);
- free(s);
+ fprintf(codefile,
+ "{\n"
+ "int enumint = *%s;\n", name);
+ length_primitive ("integer", "&enumint", variable);
+ fprintf(codefile, "}\n");
} else if (t->range == NULL) {
length_primitive ("heim_integer", name, variable);
} else if (t->range->min == INT_MIN && t->range->max == INT_MAX) {
diff --git a/source4/heimdal/lib/asn1/k5.asn1 b/source4/heimdal/lib/asn1/k5.asn1
index 14e9793fdc..e3fe2b11e9 100644
--- a/source4/heimdal/lib/asn1/k5.asn1
+++ b/source4/heimdal/lib/asn1/k5.asn1
@@ -1,4 +1,4 @@
--- $Id: k5.asn1 21092 2007-06-15 19:47:46Z lha $
+-- $Id: k5.asn1 21400 2007-07-02 19:57:31Z lha $
KERBEROS5 DEFINITIONS ::=
BEGIN
@@ -332,7 +332,7 @@ ETYPE-INFO2-ENTRY ::= SEQUENCE {
s2kparams[2] OCTET STRING OPTIONAL
}
-ETYPE-INFO2 ::= SEQUENCE OF ETYPE-INFO2-ENTRY
+ETYPE-INFO2 ::= SEQUENCE SIZE (1..MAX) OF ETYPE-INFO2-ENTRY
METHOD-DATA ::= SEQUENCE OF PA-DATA
@@ -341,7 +341,7 @@ TypedData ::= SEQUENCE {
data-value[1] OCTET STRING OPTIONAL
}
-TYPED-DATA ::= SEQUENCE OF TypedData
+TYPED-DATA ::= SEQUENCE SIZE (1..MAX) OF TypedData
KDC-REQ-BODY ::= SEQUENCE {
kdc-options[0] KDCOptions,
diff --git a/source4/heimdal/lib/asn1/lex.c b/source4/heimdal/lib/asn1/lex.c
index fe488eb904..d628e4696f 100644
--- a/source4/heimdal/lib/asn1/lex.c
+++ b/source4/heimdal/lib/asn1/lex.c
@@ -1,6 +1,5 @@
-#include "config.h"
-#line 3 "lex.yy.c"
+#line 3 "lex.c"
#define YY_INT_ALIGNED short int
@@ -343,6 +342,9 @@ FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0;
typedef int yy_state_type;
extern int yylineno;
+
+int yylineno = 1;
+
extern char *yytext;
#define yytext_ptr yytext
@@ -824,7 +826,7 @@ char *yytext;
* SUCH DAMAGE.
*/
-/* $Id: lex.l,v 1.31 2006/10/21 11:57:22 lha Exp $ */
+/* $Id: lex.l 18738 2006-10-21 11:57:22Z lha $ */
#ifdef HAVE_CONFIG_H
#include <config.h>
@@ -849,7 +851,7 @@ static unsigned lineno = 1;
static void unterminated(const char *, unsigned);
/* This is for broken old lexes (solaris 10 and hpux) */
-#line 852 "lex.yy.c"
+#line 855 "lex.c"
#define INITIAL 0
@@ -1004,7 +1006,7 @@ YY_DECL
#line 68 "lex.l"
-#line 1007 "lex.yy.c"
+#line 1010 "lex.c"
if ( !(yy_init) )
{
@@ -1673,7 +1675,7 @@ YY_RULE_SETUP
#line 274 "lex.l"
ECHO;
YY_BREAK
-#line 1676 "lex.yy.c"
+#line 1679 "lex.c"
case YY_STATE_EOF(INITIAL):
yyterminate();
@@ -2483,6 +2485,15 @@ static void yy_fatal_error (yyconst char* msg )
/* Accessor methods (get/set functions) to struct members. */
+/** Get the current line number.
+ *
+ */
+int yyget_lineno (void)
+{
+
+ return yylineno;
+}
+
/** Get the input stream.
*
*/
@@ -2516,6 +2527,16 @@ char *yyget_text (void)
return yytext;
}
+/** Set the current line number.
+ * @param line_number
+ *
+ */
+void yyset_lineno (int line_number )
+{
+
+ yylineno = line_number;
+}
+
/** Set the input stream. This does not discard the current
* input buffer.
* @param in_str A readable stream.
diff --git a/source4/heimdal/lib/asn1/parse.c b/source4/heimdal/lib/asn1/parse.c
index d9cd23b662..6a3e524e93 100644
--- a/source4/heimdal/lib/asn1/parse.c
+++ b/source4/heimdal/lib/asn1/parse.c
@@ -16,7 +16,9 @@
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
- along with this program; if not, see <http://www.gnu.org/licenses/>. */
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ Boston, MA 02110-1301, USA. */
/* As a special exception, you may create a larger work that contains
part or all of the Bison parser skeleton and distribute that work
@@ -259,7 +261,7 @@
#include "gen_locl.h"
#include "der.h"
-RCSID("$Id: parse.y 19539 2006-12-28 17:15:05Z lha $");
+RCSID("$Id: parse.y 21597 2007-07-16 18:48:58Z lha $");
static Type *new_type (Typetype t);
static struct constraint_spec *new_constraint_spec(enum ctype);
@@ -300,7 +302,7 @@ typedef union YYSTYPE
{
int constant;
struct value *value;
- struct range range;
+ struct range *range;
char *name;
Type *type;
Member *member;
@@ -538,18 +540,18 @@ union yyalloc
#endif
/* YYFINAL -- State number of the termination state. */
-#define YYFINAL 4
+#define YYFINAL 6
/* YYLAST -- Last index in YYTABLE. */
-#define YYLAST 169
+#define YYLAST 195
/* YYNTOKENS -- Number of terminals. */
#define YYNTOKENS 98
/* YYNNTS -- Number of nonterminals. */
-#define YYNNTS 67
+#define YYNNTS 68
/* YYNRULES -- Number of rules. */
-#define YYNRULES 131
+#define YYNRULES 136
/* YYNRULES -- Number of states. */
-#define YYNSTATES 202
+#define YYNSTATES 214
/* YYTRANSLATE(YYLEX) -- Bison symbol number corresponding to YYLEX. */
#define YYUNDEFTOK 2
@@ -603,80 +605,83 @@ static const yytype_uint8 yytranslate[] =
YYRHS. */
static const yytype_uint16 yyprhs[] =
{
- 0, 0, 3, 12, 15, 18, 21, 22, 25, 26,
- 29, 30, 34, 35, 37, 38, 40, 43, 48, 50,
- 53, 55, 57, 61, 63, 67, 69, 71, 73, 75,
- 77, 79, 81, 83, 85, 87, 89, 91, 93, 95,
- 97, 99, 101, 103, 109, 111, 114, 119, 121, 125,
- 129, 134, 139, 141, 144, 150, 153, 156, 158, 163,
- 167, 171, 176, 180, 184, 189, 191, 193, 195, 197,
- 199, 202, 206, 208, 210, 212, 215, 219, 225, 230,
- 234, 239, 240, 242, 244, 246, 247, 249, 251, 256,
- 258, 260, 262, 264, 266, 268, 270, 272, 274, 278,
- 282, 285, 287, 290, 294, 296, 300, 305, 307, 308,
- 312, 313, 316, 321, 323, 325, 327, 329, 331, 333,
- 335, 337, 339, 341, 343, 345, 347, 349, 351, 353,
- 355, 357
+ 0, 0, 3, 13, 16, 19, 22, 23, 26, 27,
+ 30, 31, 35, 36, 38, 39, 41, 44, 49, 51,
+ 54, 56, 58, 62, 64, 68, 70, 72, 74, 76,
+ 78, 80, 82, 84, 86, 88, 90, 92, 94, 96,
+ 98, 100, 102, 104, 110, 116, 122, 126, 128, 131,
+ 136, 138, 142, 146, 151, 156, 158, 161, 167, 170,
+ 174, 176, 177, 180, 185, 189, 194, 199, 203, 207,
+ 212, 214, 216, 218, 220, 222, 225, 229, 231, 233,
+ 235, 238, 242, 248, 253, 257, 262, 263, 265, 267,
+ 269, 270, 272, 274, 279, 281, 283, 285, 287, 289,
+ 291, 293, 295, 297, 301, 305, 308, 310, 313, 317,
+ 319, 323, 328, 330, 331, 335, 336, 339, 344, 346,
+ 348, 350, 352, 354, 356, 358, 360, 362, 364, 366,
+ 368, 370, 372, 374, 376, 378, 380
};
/* YYRHS -- A `-1'-separated list of the rules' RHS. */
static const yytype_int16 yyrhs[] =
{
- 99, 0, -1, 86, 21, 100, 101, 84, 8, 102,
- 24, -1, 27, 70, -1, 38, 70, -1, 7, 70,
- -1, -1, 29, 39, -1, -1, 103, 107, -1, -1,
- 40, 104, 90, -1, -1, 105, -1, -1, 106, -1,
- 105, 106, -1, 109, 32, 86, 150, -1, 108, -1,
- 108, 107, -1, 110, -1, 142, -1, 86, 91, 109,
- -1, 86, -1, 86, 84, 111, -1, 112, -1, 129,
- -1, 132, -1, 120, -1, 113, -1, 143, -1, 128,
- -1, 118, -1, 115, -1, 123, -1, 121, -1, 122,
- -1, 124, -1, 125, -1, 126, -1, 127, -1, 138,
- -1, 11, -1, 92, 154, 83, 154, 93, -1, 43,
- -1, 43, 114, -1, 43, 94, 116, 95, -1, 117,
- -1, 116, 91, 117, -1, 116, 91, 85, -1, 86,
- 92, 162, 93, -1, 25, 94, 119, 95, -1, 116,
- -1, 9, 67, -1, 9, 67, 94, 148, 95, -1,
- 51, 37, -1, 52, 67, -1, 49, -1, 64, 94,
- 145, 95, -1, 64, 94, 95, -1, 64, 53, 111,
- -1, 65, 94, 145, 95, -1, 65, 94, 95, -1,
- 65, 53, 111, -1, 14, 94, 145, 95, -1, 130,
- -1, 131, -1, 86, -1, 34, -1, 77, -1, 111,
- 133, -1, 92, 134, 93, -1, 135, -1, 136, -1,
- 137, -1, 19, 111, -1, 23, 12, 154, -1, 19,
- 111, 23, 12, 154, -1, 18, 12, 94, 95, -1,
- 139, 141, 111, -1, 96, 140, 89, 97, -1, -1,
- 76, -1, 6, -1, 60, -1, -1, 27, -1, 38,
- -1, 86, 111, 84, 154, -1, 144, -1, 33, -1,
- 78, -1, 61, -1, 81, -1, 36, -1, 10, -1,
- 79, -1, 147, -1, 145, 91, 147, -1, 145, 91,
- 85, -1, 86, 111, -1, 146, -1, 146, 54, -1,
- 146, 20, 154, -1, 149, -1, 148, 91, 149, -1,
- 86, 92, 89, 93, -1, 151, -1, -1, 94, 152,
- 95, -1, -1, 153, 152, -1, 86, 92, 89, 93,
- -1, 86, -1, 89, -1, 155, -1, 156, -1, 160,
- -1, 159, -1, 161, -1, 164, -1, 163, -1, 157,
- -1, 158, -1, 86, -1, 88, -1, 71, -1, 31,
- -1, 162, -1, 89, -1, 49, -1, 151, -1
+ 99, 0, -1, 86, 151, 21, 100, 101, 84, 8,
+ 102, 24, -1, 27, 70, -1, 38, 70, -1, 7,
+ 70, -1, -1, 29, 39, -1, -1, 103, 107, -1,
+ -1, 40, 104, 90, -1, -1, 105, -1, -1, 106,
+ -1, 105, 106, -1, 109, 32, 86, 151, -1, 108,
+ -1, 108, 107, -1, 110, -1, 143, -1, 86, 91,
+ 109, -1, 86, -1, 86, 84, 111, -1, 112, -1,
+ 130, -1, 133, -1, 120, -1, 113, -1, 144, -1,
+ 129, -1, 118, -1, 115, -1, 123, -1, 121, -1,
+ 122, -1, 125, -1, 126, -1, 127, -1, 128, -1,
+ 139, -1, 11, -1, 92, 155, 83, 155, 93, -1,
+ 92, 155, 83, 46, 93, -1, 92, 47, 83, 155,
+ 93, -1, 92, 155, 93, -1, 43, -1, 43, 114,
+ -1, 43, 94, 116, 95, -1, 117, -1, 116, 91,
+ 117, -1, 116, 91, 85, -1, 86, 92, 163, 93,
+ -1, 25, 94, 119, 95, -1, 116, -1, 9, 67,
+ -1, 9, 67, 94, 149, 95, -1, 51, 37, -1,
+ 52, 67, 124, -1, 49, -1, -1, 66, 114, -1,
+ 64, 94, 146, 95, -1, 64, 94, 95, -1, 64,
+ 124, 53, 111, -1, 65, 94, 146, 95, -1, 65,
+ 94, 95, -1, 65, 53, 111, -1, 14, 94, 146,
+ 95, -1, 131, -1, 132, -1, 86, -1, 34, -1,
+ 77, -1, 111, 134, -1, 92, 135, 93, -1, 136,
+ -1, 137, -1, 138, -1, 19, 111, -1, 23, 12,
+ 155, -1, 19, 111, 23, 12, 155, -1, 18, 12,
+ 94, 95, -1, 140, 142, 111, -1, 96, 141, 89,
+ 97, -1, -1, 76, -1, 6, -1, 60, -1, -1,
+ 27, -1, 38, -1, 86, 111, 84, 155, -1, 145,
+ -1, 33, -1, 78, -1, 61, -1, 81, -1, 36,
+ -1, 10, -1, 79, -1, 148, -1, 146, 91, 148,
+ -1, 146, 91, 85, -1, 86, 111, -1, 147, -1,
+ 147, 54, -1, 147, 20, 155, -1, 150, -1, 149,
+ 91, 150, -1, 86, 92, 89, 93, -1, 152, -1,
+ -1, 94, 153, 95, -1, -1, 154, 153, -1, 86,
+ 92, 89, 93, -1, 86, -1, 89, -1, 156, -1,
+ 157, -1, 161, -1, 160, -1, 162, -1, 165, -1,
+ 164, -1, 158, -1, 159, -1, 86, -1, 88, -1,
+ 71, -1, 31, -1, 163, -1, 89, -1, 49, -1,
+ 152, -1
};
/* YYRLINE[YYN] -- source line where rule number YYN was defined. */
static const yytype_uint16 yyrline[] =
{
- 0, 231, 231, 238, 239, 241, 243, 246, 248, 251,
- 252, 255, 256, 259, 260, 263, 264, 267, 278, 279,
- 282, 283, 286, 292, 300, 310, 311, 312, 315, 316,
- 317, 318, 319, 320, 321, 322, 323, 324, 325, 326,
- 327, 328, 331, 338, 348, 353, 360, 368, 374, 379,
- 383, 396, 404, 407, 414, 422, 428, 435, 442, 448,
- 456, 464, 470, 478, 486, 493, 494, 497, 508, 513,
- 520, 536, 542, 545, 546, 549, 555, 563, 573, 579,
- 592, 601, 604, 608, 612, 619, 622, 626, 633, 644,
- 647, 652, 657, 662, 667, 672, 677, 685, 691, 696,
- 707, 718, 724, 730, 738, 744, 751, 764, 765, 768,
- 775, 778, 789, 793, 804, 810, 811, 814, 815, 816,
- 817, 818, 821, 824, 827, 838, 846, 852, 860, 868,
- 871, 876
+ 0, 233, 233, 240, 241, 243, 245, 248, 250, 253,
+ 254, 257, 258, 261, 262, 265, 266, 269, 280, 281,
+ 284, 285, 288, 294, 302, 312, 313, 314, 317, 318,
+ 319, 320, 321, 322, 323, 324, 325, 326, 327, 328,
+ 329, 330, 333, 340, 350, 358, 366, 377, 382, 388,
+ 396, 402, 407, 411, 424, 432, 435, 442, 450, 456,
+ 465, 473, 474, 479, 485, 493, 502, 508, 516, 524,
+ 531, 532, 535, 546, 551, 558, 574, 580, 583, 584,
+ 587, 593, 601, 611, 617, 630, 639, 642, 646, 650,
+ 657, 660, 664, 671, 682, 685, 690, 695, 700, 705,
+ 710, 715, 723, 729, 734, 745, 756, 762, 768, 776,
+ 782, 789, 802, 803, 806, 813, 816, 827, 831, 842,
+ 848, 849, 852, 853, 854, 855, 856, 859, 862, 865,
+ 876, 884, 890, 898, 906, 909, 914
};
#endif
@@ -712,7 +717,7 @@ static const char *const yytname[] =
"TypeAssignment", "Type", "BuiltinType", "BooleanType", "range",
"IntegerType", "NamedNumberList", "NamedNumber", "EnumeratedType",
"Enumerations", "BitStringType", "ObjectIdentifierType",
- "OctetStringType", "NullType", "SequenceType", "SequenceOfType",
+ "OctetStringType", "NullType", "size", "SequenceType", "SequenceOfType",
"SetType", "SetOfType", "ChoiceType", "ReferencedType", "DefinedType",
"UsefulType", "ConstrainedType", "Constraint", "ConstraintSpec",
"GeneralConstraint", "ContentsConstraint", "UserDefinedConstraint",
@@ -751,35 +756,35 @@ static const yytype_uint8 yyr1[] =
102, 103, 103, 104, 104, 105, 105, 106, 107, 107,
108, 108, 109, 109, 110, 111, 111, 111, 112, 112,
112, 112, 112, 112, 112, 112, 112, 112, 112, 112,
- 112, 112, 113, 114, 115, 115, 115, 116, 116, 116,
- 117, 118, 119, 120, 120, 121, 122, 123, 124, 124,
- 125, 126, 126, 127, 128, 129, 129, 130, 131, 131,
- 132, 133, 134, 135, 135, 136, 136, 136, 137, 138,
- 139, 140, 140, 140, 140, 141, 141, 141, 142, 143,
- 144, 144, 144, 144, 144, 144, 144, 145, 145, 145,
- 146, 147, 147, 147, 148, 148, 149, 150, 150, 151,
- 152, 152, 153, 153, 153, 154, 154, 155, 155, 155,
- 155, 155, 156, 157, 158, 159, 160, 160, 161, 162,
- 163, 164
+ 112, 112, 113, 114, 114, 114, 114, 115, 115, 115,
+ 116, 116, 116, 117, 118, 119, 120, 120, 121, 122,
+ 123, 124, 124, 125, 125, 126, 127, 127, 128, 129,
+ 130, 130, 131, 132, 132, 133, 134, 135, 136, 136,
+ 137, 137, 137, 138, 139, 140, 141, 141, 141, 141,
+ 142, 142, 142, 143, 144, 145, 145, 145, 145, 145,
+ 145, 145, 146, 146, 146, 147, 148, 148, 148, 149,
+ 149, 150, 151, 151, 152, 153, 153, 154, 154, 154,
+ 155, 155, 156, 156, 156, 156, 156, 157, 158, 159,
+ 160, 161, 161, 162, 163, 164, 165
};
/* YYR2[YYN] -- Number of symbols composing right hand side of rule YYN. */
static const yytype_uint8 yyr2[] =
{
- 0, 2, 8, 2, 2, 2, 0, 2, 0, 2,
+ 0, 2, 9, 2, 2, 2, 0, 2, 0, 2,
0, 3, 0, 1, 0, 1, 2, 4, 1, 2,
1, 1, 3, 1, 3, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 5, 1, 2, 4, 1, 3, 3,
- 4, 4, 1, 2, 5, 2, 2, 1, 4, 3,
- 3, 4, 3, 3, 4, 1, 1, 1, 1, 1,
- 2, 3, 1, 1, 1, 2, 3, 5, 4, 3,
- 4, 0, 1, 1, 1, 0, 1, 1, 4, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 3, 3,
- 2, 1, 2, 3, 1, 3, 4, 1, 0, 3,
- 0, 2, 4, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 5, 5, 5, 3, 1, 2, 4,
+ 1, 3, 3, 4, 4, 1, 2, 5, 2, 3,
+ 1, 0, 2, 4, 3, 4, 4, 3, 3, 4,
+ 1, 1, 1, 1, 1, 2, 3, 1, 1, 1,
+ 2, 3, 5, 4, 3, 4, 0, 1, 1, 1,
+ 0, 1, 1, 4, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 3, 3, 2, 1, 2, 3, 1,
+ 3, 4, 1, 0, 3, 0, 2, 4, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1
+ 1, 1, 1, 1, 1, 1, 1
};
/* YYDEFACT[STATE-NAME] -- Default rule to reduce with in state
@@ -787,79 +792,81 @@ static const yytype_uint8 yyr2[] =
means the default is an error. */
static const yytype_uint8 yydefact[] =
{
- 0, 0, 0, 6, 1, 0, 0, 0, 8, 5,
- 3, 4, 0, 0, 7, 0, 10, 14, 0, 0,
- 23, 0, 13, 15, 0, 2, 0, 9, 18, 20,
- 21, 0, 11, 16, 0, 0, 95, 42, 0, 0,
- 90, 68, 94, 44, 57, 0, 0, 92, 0, 0,
- 69, 91, 96, 93, 0, 67, 81, 0, 25, 29,
- 33, 32, 28, 35, 36, 34, 37, 38, 39, 40,
- 31, 26, 65, 66, 27, 41, 85, 30, 89, 19,
- 22, 108, 53, 0, 0, 0, 0, 45, 55, 56,
- 0, 0, 0, 0, 24, 83, 84, 82, 0, 0,
- 0, 70, 86, 87, 0, 110, 17, 107, 0, 0,
- 0, 101, 97, 0, 52, 47, 0, 127, 130, 126,
- 124, 125, 129, 131, 0, 115, 116, 122, 123, 118,
- 117, 119, 128, 121, 120, 0, 60, 59, 0, 63,
- 62, 0, 0, 88, 0, 0, 0, 0, 72, 73,
- 74, 79, 113, 114, 0, 110, 0, 0, 104, 100,
- 0, 64, 0, 102, 0, 0, 51, 0, 46, 58,
- 61, 80, 0, 75, 0, 71, 0, 109, 111, 0,
- 0, 54, 99, 98, 103, 0, 49, 48, 0, 0,
- 0, 76, 0, 0, 105, 50, 43, 78, 0, 112,
- 106, 77
+ 0, 113, 0, 115, 0, 112, 1, 118, 119, 0,
+ 115, 6, 0, 114, 116, 0, 0, 0, 8, 0,
+ 5, 3, 4, 0, 0, 117, 7, 0, 10, 14,
+ 0, 0, 23, 0, 13, 15, 0, 2, 0, 9,
+ 18, 20, 21, 0, 11, 16, 0, 0, 100, 42,
+ 0, 0, 95, 73, 99, 47, 60, 0, 0, 97,
+ 61, 0, 74, 96, 101, 98, 0, 72, 86, 0,
+ 25, 29, 33, 32, 28, 35, 36, 34, 37, 38,
+ 39, 40, 31, 26, 70, 71, 27, 41, 90, 30,
+ 94, 19, 22, 113, 56, 0, 0, 0, 0, 48,
+ 58, 61, 0, 0, 0, 0, 0, 24, 88, 89,
+ 87, 0, 0, 0, 75, 91, 92, 0, 17, 0,
+ 0, 0, 106, 102, 0, 55, 50, 0, 132, 0,
+ 135, 131, 129, 130, 134, 136, 0, 120, 121, 127,
+ 128, 123, 122, 124, 133, 126, 125, 0, 59, 62,
+ 64, 0, 0, 68, 67, 0, 0, 93, 0, 0,
+ 0, 0, 77, 78, 79, 84, 0, 0, 109, 105,
+ 0, 69, 0, 107, 0, 0, 54, 0, 0, 46,
+ 49, 63, 65, 66, 85, 0, 80, 0, 76, 0,
+ 0, 57, 104, 103, 108, 0, 52, 51, 0, 0,
+ 0, 0, 0, 81, 0, 110, 53, 45, 44, 43,
+ 83, 0, 111, 82
};
/* YYDEFGOTO[NTERM-NUM]. */
static const yytype_int16 yydefgoto[] =
{
- -1, 2, 8, 13, 18, 19, 21, 22, 23, 27,
- 28, 24, 29, 57, 58, 59, 87, 60, 114, 115,
- 61, 116, 62, 63, 64, 65, 66, 67, 68, 69,
- 70, 71, 72, 73, 74, 101, 147, 148, 149, 150,
- 75, 76, 98, 104, 30, 77, 78, 110, 111, 112,
- 157, 158, 106, 123, 154, 155, 124, 125, 126, 127,
- 128, 129, 130, 131, 132, 133, 134
+ -1, 2, 18, 24, 30, 31, 33, 34, 35, 39,
+ 40, 36, 41, 69, 70, 71, 99, 72, 125, 126,
+ 73, 127, 74, 75, 76, 77, 104, 78, 79, 80,
+ 81, 82, 83, 84, 85, 86, 114, 161, 162, 163,
+ 164, 87, 88, 111, 117, 42, 89, 90, 121, 122,
+ 123, 167, 168, 4, 135, 9, 10, 136, 137, 138,
+ 139, 140, 141, 142, 143, 144, 145, 146
};
/* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing
STATE-NUM. */
-#define YYPACT_NINF -100
+#define YYPACT_NINF -113
static const yytype_int16 yypact[] =
{
- -65, 19, 33, 5, -100, -29, -17, 11, 53, -100,
- -100, -100, 47, 13, -100, 90, -34, 18, 81, 20,
- 16, 21, 18, -100, 76, -100, -7, -100, 20, -100,
- -100, 18, -100, -100, 23, 43, -100, -100, 24, 25,
- -100, -100, -100, -4, -100, 77, 46, -100, -48, -45,
- -100, -100, -100, -100, 51, -100, 4, -64, -100, -100,
- -100, -100, -100, -100, -100, -100, -100, -100, -100, -100,
- -100, -100, -100, -100, -100, -100, -16, -100, -100, -100,
- -100, 26, 27, 31, 36, 52, 36, -100, -100, -100,
- 51, -71, 51, -70, 32, -100, -100, -100, 37, 52,
- 12, -100, -100, -100, 51, -39, -100, -100, 39, 51,
- -78, -6, -100, 35, 40, -100, 38, -100, -100, -100,
- -100, -100, -100, -100, 56, -100, -100, -100, -100, -100,
- -100, -100, -100, -100, -100, -72, 32, -100, -57, 32,
- -100, -36, 45, -100, 122, 51, 123, 50, -100, -100,
- -100, 32, 44, -100, 49, -39, 57, -22, -100, 32,
- -19, -100, 52, -100, 59, 10, -100, 52, -100, -100,
- -100, -100, 58, -14, 52, -100, 61, -100, -100, 62,
- 39, -100, -100, -100, -100, 60, -100, -100, 63, 64,
- 133, -100, 65, 67, -100, -100, -100, -100, 52, -100,
- -100, -100
+ -74, -67, 38, -69, 23, -113, -113, -44, -113, -41,
+ -69, 4, -26, -113, -113, -3, 1, 10, 52, -10,
+ -113, -113, -113, 45, 13, -113, -113, 77, -35, 15,
+ 64, 19, 17, 20, 15, -113, 85, -113, 25, -113,
+ 19, -113, -113, 15, -113, -113, 27, 47, -113, -113,
+ 26, 29, -113, -113, -113, -30, -113, 89, 61, -113,
+ -57, -47, -113, -113, -113, -113, 82, -113, -4, -68,
+ -113, -113, -113, -113, -113, -113, -113, -113, -113, -113,
+ -113, -113, -113, -113, -113, -113, -113, -113, -17, -113,
+ -113, -113, -113, -67, 35, 33, 46, 51, 46, -113,
+ -113, 69, 44, -73, 88, 82, -72, 56, -113, -113,
+ -113, 49, 93, 7, -113, -113, -113, 82, -113, 58,
+ 82, -76, -13, -113, 57, 59, -113, 60, -113, 68,
+ -113, -113, -113, -113, -113, -113, -75, -113, -113, -113,
+ -113, -113, -113, -113, -113, -113, -113, -63, -113, -113,
+ -113, -62, 82, 56, -113, -46, 65, -113, 141, 82,
+ 142, 63, -113, -113, -113, 56, 66, -38, -113, 56,
+ -16, -113, 93, -113, 76, -7, -113, 93, 81, -113,
+ -113, -113, 56, -113, -113, 72, -19, 93, -113, 83,
+ 58, -113, -113, -113, -113, 78, -113, -113, 80, 84,
+ 87, 62, 162, -113, 90, -113, -113, -113, -113, -113,
+ -113, 93, -113, -113
};
/* YYPGOTO[NTERM-NUM]. */
static const yytype_int16 yypgoto[] =
{
- -100, -100, -100, -100, -100, -100, -100, -100, 132, 127,
- -100, 126, -100, -53, -100, -100, -100, -100, 75, -3,
- -100, -100, -100, -100, -100, -100, -100, -100, -100, -100,
- -100, -100, -100, -100, -100, -100, -100, -100, -100, -100,
- -100, -100, -100, -100, -100, -100, -100, 0, -100, 3,
- -100, -15, -100, 83, 14, -100, -99, -100, -100, -100,
- -100, -100, -100, -100, 2, -100, -100
+ -113, -113, -113, -113, -113, -113, -113, -113, 150, 136,
+ -113, 143, -113, -65, -113, -113, 86, -113, 91, 16,
+ -113, -113, -113, -113, -113, -113, 92, -113, -113, -113,
+ -113, -113, -113, -113, -113, -113, -113, -113, -113, -113,
+ -113, -113, -113, -113, -113, -113, -113, -113, -60, -113,
+ 22, -113, -5, 97, 2, 184, -113, -112, -113, -113,
+ -113, -113, -113, -113, -113, 21, -113, -113
};
/* YYTABLE[YYPACT[STATE-NUM]]. What to do in state STATE-NUM. If
@@ -869,71 +876,78 @@ static const yytype_int16 yypgoto[] =
#define YYTABLE_NINF -13
static const yytype_int16 yytable[] =
{
- 143, 94, 35, 36, 37, 90, 17, 38, 92, 190,
- 95, 102, 5, 160, 162, 109, 109, 161, 39, 165,
- 99, 1, 103, 168, 137, 140, 40, 41, 100, 42,
- 144, 145, 6, 4, 160, 146, 43, 136, 169, 139,
- 3, 9, 44, 7, 45, 46, 91, 152, 163, 93,
- 153, 151, -12, 10, 47, 160, 159, 48, 49, 170,
- 35, 36, 37, 184, 96, 38, 182, 109, 188, 180,
- 50, 51, 52, 181, 53, 191, 39, 54, 100, 55,
- 97, 11, 12, 117, 40, 41, 14, 42, 85, 56,
- 86, 138, 173, 141, 43, 186, 113, 15, 16, 201,
- 44, 118, 45, 46, 20, 25, 26, 31, 34, 81,
- 82, 32, 47, 89, 88, 48, 49, 109, 83, 84,
- 105, 108, 113, 119, 100, 156, 142, 164, 50, 51,
- 52, 165, 53, 166, 172, 174, 176, 55, 120, 167,
- 121, 122, 171, 175, 177, 198, 105, 56, 122, 179,
- 192, 193, 189, 195, 33, 79, 196, 80, 199, 197,
- 200, 135, 187, 183, 107, 194, 185, 0, 0, 178
+ 157, 107, 108, 5, 202, 29, 105, 172, 178, 102,
+ 115, 15, 1, 120, 120, 170, 112, 7, 179, 171,
+ 8, 116, 150, 154, 113, 158, 159, 3, 175, 170,
+ 160, 16, 180, 181, 47, 48, 49, 103, 6, 50,
+ 153, 173, 17, 151, 11, 170, 155, 106, 12, 183,
+ 51, -12, 165, 190, 13, 169, 109, 191, 52, 53,
+ 194, 54, 97, 19, 98, 198, 200, 20, 55, 192,
+ 120, 21, 110, 113, 56, 203, 57, 58, 196, 124,
+ 22, 23, 128, 25, 26, 28, 59, 182, 37, 60,
+ 61, 47, 48, 49, 186, 5, 50, 27, 129, 213,
+ 130, 32, 62, 63, 64, 38, 65, 51, 43, 66,
+ 44, 67, 128, 93, 94, 52, 53, 46, 54, 120,
+ 95, 68, 131, 96, 128, 55, 100, 199, 101, 119,
+ 130, 56, 124, 57, 58, 102, 97, 132, 156, 133,
+ 134, 152, 130, 59, 166, 3, 60, 61, 113, 174,
+ 175, 177, 131, 185, 187, 176, 188, 210, 189, 62,
+ 63, 64, 184, 65, 131, 134, 201, 132, 67, 133,
+ 134, 206, 204, 207, 211, 3, 91, 208, 68, 132,
+ 209, 133, 134, 212, 45, 205, 92, 3, 149, 147,
+ 118, 197, 193, 148, 14, 195
};
-static const yytype_int16 yycheck[] =
+static const yytype_uint8 yycheck[] =
{
- 99, 54, 9, 10, 11, 53, 40, 14, 53, 23,
- 6, 27, 7, 91, 20, 86, 86, 95, 25, 91,
- 84, 86, 38, 95, 95, 95, 33, 34, 92, 36,
- 18, 19, 27, 0, 91, 23, 43, 90, 95, 92,
- 21, 70, 49, 38, 51, 52, 94, 86, 54, 94,
- 89, 104, 86, 70, 61, 91, 109, 64, 65, 95,
- 9, 10, 11, 162, 60, 14, 85, 86, 167, 91,
- 77, 78, 79, 95, 81, 174, 25, 84, 92, 86,
- 76, 70, 29, 31, 33, 34, 39, 36, 92, 96,
- 94, 91, 145, 93, 43, 85, 86, 84, 8, 198,
- 49, 49, 51, 52, 86, 24, 86, 91, 32, 86,
- 67, 90, 61, 67, 37, 64, 65, 86, 94, 94,
- 94, 94, 86, 71, 92, 86, 89, 92, 77, 78,
- 79, 91, 81, 95, 12, 12, 92, 86, 86, 83,
- 88, 89, 97, 93, 95, 12, 94, 96, 89, 92,
- 89, 89, 94, 93, 22, 28, 93, 31, 93, 95,
- 93, 86, 165, 160, 81, 180, 164, -1, -1, 155
+ 112, 66, 6, 1, 23, 40, 53, 20, 83, 66,
+ 27, 7, 86, 86, 86, 91, 84, 86, 93, 95,
+ 89, 38, 95, 95, 92, 18, 19, 94, 91, 91,
+ 23, 27, 95, 95, 9, 10, 11, 94, 0, 14,
+ 105, 54, 38, 103, 21, 91, 106, 94, 92, 95,
+ 25, 86, 117, 91, 95, 120, 60, 95, 33, 34,
+ 172, 36, 92, 89, 94, 177, 178, 70, 43, 85,
+ 86, 70, 76, 92, 49, 187, 51, 52, 85, 86,
+ 70, 29, 31, 93, 39, 8, 61, 152, 24, 64,
+ 65, 9, 10, 11, 159, 93, 14, 84, 47, 211,
+ 49, 86, 77, 78, 79, 86, 81, 25, 91, 84,
+ 90, 86, 31, 86, 67, 33, 34, 32, 36, 86,
+ 94, 96, 71, 94, 31, 43, 37, 46, 67, 94,
+ 49, 49, 86, 51, 52, 66, 92, 86, 89, 88,
+ 89, 53, 49, 61, 86, 94, 64, 65, 92, 92,
+ 91, 83, 71, 12, 12, 95, 93, 95, 92, 77,
+ 78, 79, 97, 81, 71, 89, 94, 86, 86, 88,
+ 89, 93, 89, 93, 12, 94, 40, 93, 96, 86,
+ 93, 88, 89, 93, 34, 190, 43, 94, 102, 98,
+ 93, 175, 170, 101, 10, 174
};
/* YYSTOS[STATE-NUM] -- The (internal number of the) accessing
symbol of state STATE-NUM. */
static const yytype_uint8 yystos[] =
{
- 0, 86, 99, 21, 0, 7, 27, 38, 100, 70,
- 70, 70, 29, 101, 39, 84, 8, 40, 102, 103,
- 86, 104, 105, 106, 109, 24, 86, 107, 108, 110,
- 142, 91, 90, 106, 32, 9, 10, 11, 14, 25,
- 33, 34, 36, 43, 49, 51, 52, 61, 64, 65,
- 77, 78, 79, 81, 84, 86, 96, 111, 112, 113,
- 115, 118, 120, 121, 122, 123, 124, 125, 126, 127,
- 128, 129, 130, 131, 132, 138, 139, 143, 144, 107,
- 109, 86, 67, 94, 94, 92, 94, 114, 37, 67,
- 53, 94, 53, 94, 111, 6, 60, 76, 140, 84,
- 92, 133, 27, 38, 141, 94, 150, 151, 94, 86,
- 145, 146, 147, 86, 116, 117, 119, 31, 49, 71,
- 86, 88, 89, 151, 154, 155, 156, 157, 158, 159,
- 160, 161, 162, 163, 164, 116, 111, 95, 145, 111,
- 95, 145, 89, 154, 18, 19, 23, 134, 135, 136,
- 137, 111, 86, 89, 152, 153, 86, 148, 149, 111,
- 91, 95, 20, 54, 92, 91, 95, 83, 95, 95,
- 95, 97, 12, 111, 12, 93, 92, 95, 152, 92,
- 91, 95, 85, 147, 154, 162, 85, 117, 154, 94,
- 23, 154, 89, 89, 149, 93, 93, 95, 12, 93,
- 93, 154
+ 0, 86, 99, 94, 151, 152, 0, 86, 89, 153,
+ 154, 21, 92, 95, 153, 7, 27, 38, 100, 89,
+ 70, 70, 70, 29, 101, 93, 39, 84, 8, 40,
+ 102, 103, 86, 104, 105, 106, 109, 24, 86, 107,
+ 108, 110, 143, 91, 90, 106, 32, 9, 10, 11,
+ 14, 25, 33, 34, 36, 43, 49, 51, 52, 61,
+ 64, 65, 77, 78, 79, 81, 84, 86, 96, 111,
+ 112, 113, 115, 118, 120, 121, 122, 123, 125, 126,
+ 127, 128, 129, 130, 131, 132, 133, 139, 140, 144,
+ 145, 107, 109, 86, 67, 94, 94, 92, 94, 114,
+ 37, 67, 66, 94, 124, 53, 94, 111, 6, 60,
+ 76, 141, 84, 92, 134, 27, 38, 142, 151, 94,
+ 86, 146, 147, 148, 86, 116, 117, 119, 31, 47,
+ 49, 71, 86, 88, 89, 152, 155, 156, 157, 158,
+ 159, 160, 161, 162, 163, 164, 165, 116, 124, 114,
+ 95, 146, 53, 111, 95, 146, 89, 155, 18, 19,
+ 23, 135, 136, 137, 138, 111, 86, 149, 150, 111,
+ 91, 95, 20, 54, 92, 91, 95, 83, 83, 93,
+ 95, 95, 111, 95, 97, 12, 111, 12, 93, 92,
+ 91, 95, 85, 148, 155, 163, 85, 117, 155, 46,
+ 155, 94, 23, 155, 89, 150, 93, 93, 93, 93,
+ 95, 12, 93, 155
};
#define yyerrok (yyerrstatus = 0)
@@ -1748,29 +1762,29 @@ yyreduce:
switch (yyn)
{
case 2:
-#line 233 "parse.y"
+#line 235 "parse.y"
{
checkundefined();
}
break;
case 4:
-#line 240 "parse.y"
+#line 242 "parse.y"
{ error_message("implicit tagging is not supported"); }
break;
case 5:
-#line 242 "parse.y"
+#line 244 "parse.y"
{ error_message("automatic tagging is not supported"); }
break;
case 7:
-#line 247 "parse.y"
+#line 249 "parse.y"
{ error_message("no extensibility options supported"); }
break;
case 17:
-#line 268 "parse.y"
+#line 270 "parse.y"
{
struct string_list *sl;
for(sl = (yyvsp[(1) - (4)].sl); sl != NULL; sl = sl->next) {
@@ -1782,7 +1796,7 @@ yyreduce:
break;
case 22:
-#line 287 "parse.y"
+#line 289 "parse.y"
{
(yyval.sl) = emalloc(sizeof(*(yyval.sl)));
(yyval.sl)->string = (yyvsp[(1) - (3)].name);
@@ -1791,7 +1805,7 @@ yyreduce:
break;
case 23:
-#line 293 "parse.y"
+#line 295 "parse.y"
{
(yyval.sl) = emalloc(sizeof(*(yyval.sl)));
(yyval.sl)->string = (yyvsp[(1) - (1)].name);
@@ -1800,7 +1814,7 @@ yyreduce:
break;
case 24:
-#line 301 "parse.y"
+#line 303 "parse.y"
{
Symbol *s = addsym ((yyvsp[(1) - (3)].name));
s->stype = Stype;
@@ -1811,7 +1825,7 @@ yyreduce:
break;
case 42:
-#line 332 "parse.y"
+#line 334 "parse.y"
{
(yyval.type) = new_tag(ASN1_C_UNIV, UT_Boolean,
TE_EXPLICIT, new_type(TBoolean));
@@ -1819,36 +1833,70 @@ yyreduce:
break;
case 43:
-#line 339 "parse.y"
+#line 341 "parse.y"
{
- if((yyvsp[(2) - (5)].value)->type != integervalue ||
- (yyvsp[(4) - (5)].value)->type != integervalue)
- error_message("Non-integer value used in range");
- (yyval.range).min = (yyvsp[(2) - (5)].value)->u.integervalue;
- (yyval.range).max = (yyvsp[(4) - (5)].value)->u.integervalue;
+ if((yyvsp[(2) - (5)].value)->type != integervalue)
+ error_message("Non-integer used in first part of range");
+ if((yyvsp[(2) - (5)].value)->type != integervalue)
+ error_message("Non-integer in second part of range");
+ (yyval.range) = ecalloc(1, sizeof(*(yyval.range)));
+ (yyval.range)->min = (yyvsp[(2) - (5)].value)->u.integervalue;
+ (yyval.range)->max = (yyvsp[(4) - (5)].value)->u.integervalue;
}
break;
case 44:
-#line 349 "parse.y"
+#line 351 "parse.y"
+ {
+ if((yyvsp[(2) - (5)].value)->type != integervalue)
+ error_message("Non-integer in first part of range");
+ (yyval.range) = ecalloc(1, sizeof(*(yyval.range)));
+ (yyval.range)->min = (yyvsp[(2) - (5)].value)->u.integervalue;
+ (yyval.range)->max = (yyvsp[(2) - (5)].value)->u.integervalue - 1;
+ }
+ break;
+
+ case 45:
+#line 359 "parse.y"
+ {
+ if((yyvsp[(4) - (5)].value)->type != integervalue)
+ error_message("Non-integer in second part of range");
+ (yyval.range) = ecalloc(1, sizeof(*(yyval.range)));
+ (yyval.range)->min = (yyvsp[(4) - (5)].value)->u.integervalue + 2;
+ (yyval.range)->max = (yyvsp[(4) - (5)].value)->u.integervalue;
+ }
+ break;
+
+ case 46:
+#line 367 "parse.y"
+ {
+ if((yyvsp[(2) - (3)].value)->type != integervalue)
+ error_message("Non-integer used in limit");
+ (yyval.range) = ecalloc(1, sizeof(*(yyval.range)));
+ (yyval.range)->min = (yyvsp[(2) - (3)].value)->u.integervalue;
+ (yyval.range)->max = (yyvsp[(2) - (3)].value)->u.integervalue;
+ }
+ break;
+
+ case 47:
+#line 378 "parse.y"
{
(yyval.type) = new_tag(ASN1_C_UNIV, UT_Integer,
TE_EXPLICIT, new_type(TInteger));
}
break;
- case 45:
-#line 354 "parse.y"
+ case 48:
+#line 383 "parse.y"
{
(yyval.type) = new_type(TInteger);
- (yyval.type)->range = emalloc(sizeof(*(yyval.type)->range));
- *((yyval.type)->range) = (yyvsp[(2) - (2)].range);
+ (yyval.type)->range = (yyvsp[(2) - (2)].range);
(yyval.type) = new_tag(ASN1_C_UNIV, UT_Integer, TE_EXPLICIT, (yyval.type));
}
break;
- case 46:
-#line 361 "parse.y"
+ case 49:
+#line 389 "parse.y"
{
(yyval.type) = new_type(TInteger);
(yyval.type)->members = (yyvsp[(3) - (4)].members);
@@ -1856,8 +1904,8 @@ yyreduce:
}
break;
- case 47:
-#line 369 "parse.y"
+ case 50:
+#line 397 "parse.y"
{
(yyval.members) = emalloc(sizeof(*(yyval.members)));
ASN1_TAILQ_INIT((yyval.members));
@@ -1865,21 +1913,21 @@ yyreduce:
}
break;
- case 48:
-#line 375 "parse.y"
+ case 51:
+#line 403 "parse.y"
{
ASN1_TAILQ_INSERT_TAIL((yyvsp[(1) - (3)].members), (yyvsp[(3) - (3)].member), members);
(yyval.members) = (yyvsp[(1) - (3)].members);
}
break;
- case 49:
-#line 380 "parse.y"
+ case 52:
+#line 408 "parse.y"
{ (yyval.members) = (yyvsp[(1) - (3)].members); }
break;
- case 50:
-#line 384 "parse.y"
+ case 53:
+#line 412 "parse.y"
{
(yyval.member) = emalloc(sizeof(*(yyval.member)));
(yyval.member)->name = (yyvsp[(1) - (4)].name);
@@ -1892,8 +1940,8 @@ yyreduce:
}
break;
- case 51:
-#line 397 "parse.y"
+ case 54:
+#line 425 "parse.y"
{
(yyval.type) = new_type(TInteger);
(yyval.type)->members = (yyvsp[(3) - (4)].members);
@@ -1901,8 +1949,8 @@ yyreduce:
}
break;
- case 53:
-#line 408 "parse.y"
+ case 56:
+#line 436 "parse.y"
{
(yyval.type) = new_type(TBitString);
(yyval.type)->members = emalloc(sizeof(*(yyval.type)->members));
@@ -1911,8 +1959,8 @@ yyreduce:
}
break;
- case 54:
-#line 415 "parse.y"
+ case 57:
+#line 443 "parse.y"
{
(yyval.type) = new_type(TBitString);
(yyval.type)->members = (yyvsp[(4) - (5)].members);
@@ -1920,32 +1968,44 @@ yyreduce:
}
break;
- case 55:
-#line 423 "parse.y"
+ case 58:
+#line 451 "parse.y"
{
(yyval.type) = new_tag(ASN1_C_UNIV, UT_OID,
TE_EXPLICIT, new_type(TOID));
}
break;
- case 56:
-#line 429 "parse.y"
+ case 59:
+#line 457 "parse.y"
{
- (yyval.type) = new_tag(ASN1_C_UNIV, UT_OctetString,
- TE_EXPLICIT, new_type(TOctetString));
+ Type *t = new_type(TOctetString);
+ t->range = (yyvsp[(3) - (3)].range);
+ (yyval.type) = new_tag(ASN1_C_UNIV, UT_OctetString,
+ TE_EXPLICIT, t);
}
break;
- case 57:
-#line 436 "parse.y"
+ case 60:
+#line 466 "parse.y"
{
(yyval.type) = new_tag(ASN1_C_UNIV, UT_Null,
TE_EXPLICIT, new_type(TNull));
}
break;
- case 58:
-#line 443 "parse.y"
+ case 61:
+#line 473 "parse.y"
+ { (yyval.range) = NULL; }
+ break;
+
+ case 62:
+#line 475 "parse.y"
+ { (yyval.range) = (yyvsp[(2) - (2)].range); }
+ break;
+
+ case 63:
+#line 480 "parse.y"
{
(yyval.type) = new_type(TSequence);
(yyval.type)->members = (yyvsp[(3) - (4)].members);
@@ -1953,8 +2013,8 @@ yyreduce:
}
break;
- case 59:
-#line 449 "parse.y"
+ case 64:
+#line 486 "parse.y"
{
(yyval.type) = new_type(TSequence);
(yyval.type)->members = NULL;
@@ -1962,17 +2022,18 @@ yyreduce:
}
break;
- case 60:
-#line 457 "parse.y"
+ case 65:
+#line 494 "parse.y"
{
(yyval.type) = new_type(TSequenceOf);
- (yyval.type)->subtype = (yyvsp[(3) - (3)].type);
+ (yyval.type)->range = (yyvsp[(2) - (4)].range);
+ (yyval.type)->subtype = (yyvsp[(4) - (4)].type);
(yyval.type) = new_tag(ASN1_C_UNIV, UT_Sequence, TE_EXPLICIT, (yyval.type));
}
break;
- case 61:
-#line 465 "parse.y"
+ case 66:
+#line 503 "parse.y"
{
(yyval.type) = new_type(TSet);
(yyval.type)->members = (yyvsp[(3) - (4)].members);
@@ -1980,8 +2041,8 @@ yyreduce:
}
break;
- case 62:
-#line 471 "parse.y"
+ case 67:
+#line 509 "parse.y"
{
(yyval.type) = new_type(TSet);
(yyval.type)->members = NULL;
@@ -1989,8 +2050,8 @@ yyreduce:
}
break;
- case 63:
-#line 479 "parse.y"
+ case 68:
+#line 517 "parse.y"
{
(yyval.type) = new_type(TSetOf);
(yyval.type)->subtype = (yyvsp[(3) - (3)].type);
@@ -1998,16 +2059,16 @@ yyreduce:
}
break;
- case 64:
-#line 487 "parse.y"
+ case 69:
+#line 525 "parse.y"
{
(yyval.type) = new_type(TChoice);
(yyval.type)->members = (yyvsp[(3) - (4)].members);
}
break;
- case 67:
-#line 498 "parse.y"
+ case 72:
+#line 536 "parse.y"
{
Symbol *s = addsym((yyvsp[(1) - (1)].name));
(yyval.type) = new_type(TType);
@@ -2018,24 +2079,24 @@ yyreduce:
}
break;
- case 68:
-#line 509 "parse.y"
+ case 73:
+#line 547 "parse.y"
{
(yyval.type) = new_tag(ASN1_C_UNIV, UT_GeneralizedTime,
TE_EXPLICIT, new_type(TGeneralizedTime));
}
break;
- case 69:
-#line 514 "parse.y"
+ case 74:
+#line 552 "parse.y"
{
(yyval.type) = new_tag(ASN1_C_UNIV, UT_UTCTime,
TE_EXPLICIT, new_type(TUTCTime));
}
break;
- case 70:
-#line 521 "parse.y"
+ case 75:
+#line 559 "parse.y"
{
/* if (Constraint.type == contentConstrant) {
assert(Constraint.u.constraint.type == octetstring|bitstring-w/o-NamedBitList); // remember to check type reference too
@@ -2050,15 +2111,15 @@ yyreduce:
}
break;
- case 71:
-#line 537 "parse.y"
+ case 76:
+#line 575 "parse.y"
{
(yyval.constraint_spec) = (yyvsp[(2) - (3)].constraint_spec);
}
break;
- case 75:
-#line 550 "parse.y"
+ case 80:
+#line 588 "parse.y"
{
(yyval.constraint_spec) = new_constraint_spec(CT_CONTENTS);
(yyval.constraint_spec)->u.content.type = (yyvsp[(2) - (2)].type);
@@ -2066,8 +2127,8 @@ yyreduce:
}
break;
- case 76:
-#line 556 "parse.y"
+ case 81:
+#line 594 "parse.y"
{
if ((yyvsp[(3) - (3)].value)->type != objectidentifiervalue)
error_message("Non-OID used in ENCODED BY constraint");
@@ -2077,8 +2138,8 @@ yyreduce:
}
break;
- case 77:
-#line 564 "parse.y"
+ case 82:
+#line 602 "parse.y"
{
if ((yyvsp[(5) - (5)].value)->type != objectidentifiervalue)
error_message("Non-OID used in ENCODED BY constraint");
@@ -2088,15 +2149,15 @@ yyreduce:
}
break;
- case 78:
-#line 574 "parse.y"
+ case 83:
+#line 612 "parse.y"
{
(yyval.constraint_spec) = new_constraint_spec(CT_USER);
}
break;
- case 79:
-#line 580 "parse.y"
+ case 84:
+#line 618 "parse.y"
{
(yyval.type) = new_type(TTag);
(yyval.type)->tag = (yyvsp[(1) - (3)].tag);
@@ -2109,8 +2170,8 @@ yyreduce:
}
break;
- case 80:
-#line 593 "parse.y"
+ case 85:
+#line 631 "parse.y"
{
(yyval.tag).tagclass = (yyvsp[(2) - (4)].constant);
(yyval.tag).tagvalue = (yyvsp[(3) - (4)].constant);
@@ -2118,57 +2179,57 @@ yyreduce:
}
break;
- case 81:
-#line 601 "parse.y"
+ case 86:
+#line 639 "parse.y"
{
(yyval.constant) = ASN1_C_CONTEXT;
}
break;
- case 82:
-#line 605 "parse.y"
+ case 87:
+#line 643 "parse.y"
{
(yyval.constant) = ASN1_C_UNIV;
}
break;
- case 83:
-#line 609 "parse.y"
+ case 88:
+#line 647 "parse.y"
{
(yyval.constant) = ASN1_C_APPL;
}
break;
- case 84:
-#line 613 "parse.y"
+ case 89:
+#line 651 "parse.y"
{
(yyval.constant) = ASN1_C_PRIVATE;
}
break;
- case 85:
-#line 619 "parse.y"
+ case 90:
+#line 657 "parse.y"
{
(yyval.constant) = TE_EXPLICIT;
}
break;
- case 86:
-#line 623 "parse.y"
+ case 91:
+#line 661 "parse.y"
{
(yyval.constant) = TE_EXPLICIT;
}
break;
- case 87:
-#line 627 "parse.y"
+ case 92:
+#line 665 "parse.y"
{
(yyval.constant) = TE_IMPLICIT;
}
break;
- case 88:
-#line 634 "parse.y"
+ case 93:
+#line 672 "parse.y"
{
Symbol *s;
s = addsym ((yyvsp[(1) - (4)].name));
@@ -2179,64 +2240,64 @@ yyreduce:
}
break;
- case 90:
-#line 648 "parse.y"
+ case 95:
+#line 686 "parse.y"
{
(yyval.type) = new_tag(ASN1_C_UNIV, UT_GeneralString,
TE_EXPLICIT, new_type(TGeneralString));
}
break;
- case 91:
-#line 653 "parse.y"
+ case 96:
+#line 691 "parse.y"
{
(yyval.type) = new_tag(ASN1_C_UNIV, UT_UTF8String,
TE_EXPLICIT, new_type(TUTF8String));
}
break;
- case 92:
-#line 658 "parse.y"
+ case 97:
+#line 696 "parse.y"
{
(yyval.type) = new_tag(ASN1_C_UNIV, UT_PrintableString,
TE_EXPLICIT, new_type(TPrintableString));
}
break;
- case 93:
-#line 663 "parse.y"
+ case 98:
+#line 701 "parse.y"
{
(yyval.type) = new_tag(ASN1_C_UNIV, UT_VisibleString,
TE_EXPLICIT, new_type(TVisibleString));
}
break;
- case 94:
-#line 668 "parse.y"
+ case 99:
+#line 706 "parse.y"
{
(yyval.type) = new_tag(ASN1_C_UNIV, UT_IA5String,
TE_EXPLICIT, new_type(TIA5String));
}
break;
- case 95:
-#line 673 "parse.y"
+ case 100:
+#line 711 "parse.y"
{
(yyval.type) = new_tag(ASN1_C_UNIV, UT_BMPString,
TE_EXPLICIT, new_type(TBMPString));
}
break;
- case 96:
-#line 678 "parse.y"
+ case 101:
+#line 716 "parse.y"
{
(yyval.type) = new_tag(ASN1_C_UNIV, UT_UniversalString,
TE_EXPLICIT, new_type(TUniversalString));
}
break;
- case 97:
-#line 686 "parse.y"
+ case 102:
+#line 724 "parse.y"
{
(yyval.members) = emalloc(sizeof(*(yyval.members)));
ASN1_TAILQ_INIT((yyval.members));
@@ -2244,16 +2305,16 @@ yyreduce:
}
break;
- case 98:
-#line 692 "parse.y"
+ case 103:
+#line 730 "parse.y"
{
ASN1_TAILQ_INSERT_TAIL((yyvsp[(1) - (3)].members), (yyvsp[(3) - (3)].member), members);
(yyval.members) = (yyvsp[(1) - (3)].members);
}
break;
- case 99:
-#line 697 "parse.y"
+ case 104:
+#line 735 "parse.y"
{
struct member *m = ecalloc(1, sizeof(*m));
m->name = estrdup("...");
@@ -2264,8 +2325,8 @@ yyreduce:
}
break;
- case 100:
-#line 708 "parse.y"
+ case 105:
+#line 746 "parse.y"
{
(yyval.member) = emalloc(sizeof(*(yyval.member)));
(yyval.member)->name = (yyvsp[(1) - (2)].name);
@@ -2276,8 +2337,8 @@ yyreduce:
}
break;
- case 101:
-#line 719 "parse.y"
+ case 106:
+#line 757 "parse.y"
{
(yyval.member) = (yyvsp[(1) - (1)].member);
(yyval.member)->optional = 0;
@@ -2285,8 +2346,8 @@ yyreduce:
}
break;
- case 102:
-#line 725 "parse.y"
+ case 107:
+#line 763 "parse.y"
{
(yyval.member) = (yyvsp[(1) - (2)].member);
(yyval.member)->optional = 1;
@@ -2294,8 +2355,8 @@ yyreduce:
}
break;
- case 103:
-#line 731 "parse.y"
+ case 108:
+#line 769 "parse.y"
{
(yyval.member) = (yyvsp[(1) - (3)].member);
(yyval.member)->optional = 0;
@@ -2303,8 +2364,8 @@ yyreduce:
}
break;
- case 104:
-#line 739 "parse.y"
+ case 109:
+#line 777 "parse.y"
{
(yyval.members) = emalloc(sizeof(*(yyval.members)));
ASN1_TAILQ_INIT((yyval.members));
@@ -2312,16 +2373,16 @@ yyreduce:
}
break;
- case 105:
-#line 745 "parse.y"
+ case 110:
+#line 783 "parse.y"
{
ASN1_TAILQ_INSERT_TAIL((yyvsp[(1) - (3)].members), (yyvsp[(3) - (3)].member), members);
(yyval.members) = (yyvsp[(1) - (3)].members);
}
break;
- case 106:
-#line 752 "parse.y"
+ case 111:
+#line 790 "parse.y"
{
(yyval.member) = emalloc(sizeof(*(yyval.member)));
(yyval.member)->name = (yyvsp[(1) - (4)].name);
@@ -2334,27 +2395,27 @@ yyreduce:
}
break;
- case 108:
-#line 765 "parse.y"
+ case 113:
+#line 803 "parse.y"
{ (yyval.objid) = NULL; }
break;
- case 109:
-#line 769 "parse.y"
+ case 114:
+#line 807 "parse.y"
{
(yyval.objid) = (yyvsp[(2) - (3)].objid);
}
break;
- case 110:
-#line 775 "parse.y"
+ case 115:
+#line 813 "parse.y"
{
(yyval.objid) = NULL;
}
break;
- case 111:
-#line 779 "parse.y"
+ case 116:
+#line 817 "parse.y"
{
if ((yyvsp[(2) - (2)].objid)) {
(yyval.objid) = (yyvsp[(2) - (2)].objid);
@@ -2365,15 +2426,15 @@ yyreduce:
}
break;
- case 112:
-#line 790 "parse.y"
+ case 117:
+#line 828 "parse.y"
{
(yyval.objid) = new_objid((yyvsp[(1) - (4)].name), (yyvsp[(3) - (4)].constant));
}
break;
- case 113:
-#line 794 "parse.y"
+ case 118:
+#line 832 "parse.y"
{
Symbol *s = addsym((yyvsp[(1) - (1)].name));
if(s->stype != SValue ||
@@ -2386,15 +2447,15 @@ yyreduce:
}
break;
- case 114:
-#line 805 "parse.y"
+ case 119:
+#line 843 "parse.y"
{
(yyval.objid) = new_objid(NULL, (yyvsp[(1) - (1)].constant));
}
break;
- case 124:
-#line 828 "parse.y"
+ case 129:
+#line 866 "parse.y"
{
Symbol *s = addsym((yyvsp[(1) - (1)].name));
if(s->stype != SValue)
@@ -2405,8 +2466,8 @@ yyreduce:
}
break;
- case 125:
-#line 839 "parse.y"
+ case 130:
+#line 877 "parse.y"
{
(yyval.value) = emalloc(sizeof(*(yyval.value)));
(yyval.value)->type = stringvalue;
@@ -2414,8 +2475,8 @@ yyreduce:
}
break;
- case 126:
-#line 847 "parse.y"
+ case 131:
+#line 885 "parse.y"
{
(yyval.value) = emalloc(sizeof(*(yyval.value)));
(yyval.value)->type = booleanvalue;
@@ -2423,8 +2484,8 @@ yyreduce:
}
break;
- case 127:
-#line 853 "parse.y"
+ case 132:
+#line 891 "parse.y"
{
(yyval.value) = emalloc(sizeof(*(yyval.value)));
(yyval.value)->type = booleanvalue;
@@ -2432,8 +2493,8 @@ yyreduce:
}
break;
- case 128:
-#line 861 "parse.y"
+ case 133:
+#line 899 "parse.y"
{
(yyval.value) = emalloc(sizeof(*(yyval.value)));
(yyval.value)->type = integervalue;
@@ -2441,14 +2502,14 @@ yyreduce:
}
break;
- case 130:
-#line 872 "parse.y"
+ case 135:
+#line 910 "parse.y"
{
}
break;
- case 131:
-#line 877 "parse.y"
+ case 136:
+#line 915 "parse.y"
{
(yyval.value) = emalloc(sizeof(*(yyval.value)));
(yyval.value)->type = objectidentifiervalue;
@@ -2458,7 +2519,7 @@ yyreduce:
/* Line 1267 of yacc.c. */
-#line 2464 "parse.c"
+#line 2523 "parse.c"
default: break;
}
YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc);
@@ -2672,7 +2733,7 @@ yyreturn:
}
-#line 884 "parse.y"
+#line 922 "parse.y"
void
diff --git a/source4/heimdal/lib/asn1/parse.h b/source4/heimdal/lib/asn1/parse.h
index a0c26d50f1..5e73094f9e 100644
--- a/source4/heimdal/lib/asn1/parse.h
+++ b/source4/heimdal/lib/asn1/parse.h
@@ -16,7 +16,9 @@
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
- along with this program; if not, see <http://www.gnu.org/licenses/>. */
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ Boston, MA 02110-1301, USA. */
/* As a special exception, you may create a larger work that contains
part or all of the Bison parser skeleton and distribute that work
@@ -224,7 +226,7 @@ typedef union YYSTYPE
{
int constant;
struct value *value;
- struct range range;
+ struct range *range;
char *name;
Type *type;
Member *member;
diff --git a/source4/heimdal/lib/asn1/rfc2459.asn1 b/source4/heimdal/lib/asn1/rfc2459.asn1
index 71f197eba7..0ec3b695eb 100644
--- a/source4/heimdal/lib/asn1/rfc2459.asn1
+++ b/source4/heimdal/lib/asn1/rfc2459.asn1
@@ -169,7 +169,7 @@ Extension ::= SEQUENCE {
extnValue OCTET STRING
}
-Extensions ::= SEQUENCE OF Extension -- SIZE (1..MAX)
+Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
TBSCertificate ::= SEQUENCE {
version [0] Version OPTIONAL, -- EXPLICIT nnn DEFAULT 1,
@@ -232,7 +232,7 @@ GeneralName ::= CHOICE {
registeredID [8] IMPLICIT OBJECT IDENTIFIER
}
-GeneralNames ::= SEQUENCE -- SIZE (1..MAX) -- OF GeneralName
+GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
id-x509-ce-keyUsage OBJECT IDENTIFIER ::= { id-x509-ce 15 }
@@ -320,7 +320,7 @@ DistributionPointReasonFlags ::= BIT STRING {
}
DistributionPointName ::= CHOICE {
- fullName [0] IMPLICIT -- GeneralNames -- SEQUENCE -- SIZE (1..MAX) -- OF GeneralName,
+ fullName [0] IMPLICIT -- GeneralNames -- SEQUENCE SIZE (1..MAX) OF GeneralName,
nameRelativeToCRLIssuer [1] RelativeDistinguishedName
}
@@ -330,7 +330,7 @@ DistributionPoint ::= SEQUENCE {
cRLIssuer [2] IMPLICIT heim_any -- GeneralNames -- OPTIONAL
}
-CRLDistributionPoints ::= SEQUENCE -- SIZE (1..MAX) -- OF DistributionPoint
+CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
-- rfc3279
@@ -449,11 +449,20 @@ id-pkix-kp-emailProtection OBJECT IDENTIFIER ::= { id-pkix-kp 4 }
id-pkix-kp-timeStamping OBJECT IDENTIFIER ::= { id-pkix-kp 8 }
id-pkix-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-pkix-kp 9 }
--- RFC 3820 Proxy Certificate Profile
-
id-pkix-pe OBJECT IDENTIFIER ::= { id-pkix 1 }
-id-pe-proxyCertInfo OBJECT IDENTIFIER ::= { id-pkix-pe 14 }
+id-pkix-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pkix-pe 1 }
+
+AccessDescription ::= SEQUENCE {
+ accessMethod OBJECT IDENTIFIER,
+ accessLocation GeneralName
+}
+
+AuthorityInfoAccessSyntax ::= SEQUENCE SIZE (1..MAX) OF AccessDescription
+
+-- RFC 3820 Proxy Certificate Profile
+
+id-pkix-pe-proxyCertInfo OBJECT IDENTIFIER ::= { id-pkix-pe 14 }
id-pkix-ppl OBJECT IDENTIFIER ::= { id-pkix 21 }
diff --git a/source4/heimdal/lib/asn1/test.asn1 b/source4/heimdal/lib/asn1/test.asn1
index 98b507a4da..b2f58a20c2 100644
--- a/source4/heimdal/lib/asn1/test.asn1
+++ b/source4/heimdal/lib/asn1/test.asn1
@@ -1,4 +1,4 @@
--- $Id: test.asn1 18013 2006-09-05 14:00:44Z lha $ --
+-- $Id: test.asn1 21455 2007-07-10 12:51:19Z lha $ --
TEST DEFINITIONS ::=
@@ -85,4 +85,11 @@ TESTUSERCONSTRAINED ::= OCTET STRING (CONSTRAINED BY { -- meh -- })
TESTSeqOf ::= SEQUENCE OF TESTInteger
+TESTSeqSizeOf1 ::= SEQUENCE SIZE (2) OF TESTInteger
+TESTSeqSizeOf2 ::= SEQUENCE SIZE (1..2) OF TESTInteger
+TESTSeqSizeOf3 ::= SEQUENCE SIZE (1..MAX) OF TESTInteger
+TESTSeqSizeOf4 ::= SEQUENCE SIZE (MIN..2) OF TESTInteger
+
+TESTOSSize1 ::= OCTET STRING SIZE (1..2)
+
END
diff --git a/source4/heimdal/lib/asn1/timegm.c b/source4/heimdal/lib/asn1/timegm.c
index a6776458cf..33b9684a5d 100644
--- a/source4/heimdal/lib/asn1/timegm.c
+++ b/source4/heimdal/lib/asn1/timegm.c
@@ -33,7 +33,7 @@
#include "der_locl.h"
-RCSID("$Id: timegm.c 18607 2006-10-19 16:19:32Z lha $");
+RCSID("$Id: timegm.c 21366 2007-06-27 10:06:22Z lha $");
static int
is_leap(unsigned y)
@@ -43,8 +43,8 @@ is_leap(unsigned y)
}
/*
- * This is a simplifed version of _der_timegm that doesn't accept out
- * of bound values that timegm(3) normally accepts but those are not
+ * This is a simplifed version of timegm(3) that doesn't accept out of
+ * bound values that timegm(3) normally accepts but those are not
* valid in asn1 encodings.
*/
diff --git a/source4/heimdal/lib/gssapi/mech/gss_acquire_cred.c b/source4/heimdal/lib/gssapi/mech/gss_acquire_cred.c
index d6e448a223..cb1b62308c 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_acquire_cred.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_acquire_cred.c
@@ -27,7 +27,7 @@
*/
#include "mech_locl.h"
-RCSID("$Id: gss_acquire_cred.c 20626 2007-05-08 13:56:49Z lha $");
+RCSID("$Id: gss_acquire_cred.c 21478 2007-07-10 16:32:01Z lha $");
OM_uint32
gss_acquire_cred(OM_uint32 *minor_status,
@@ -50,7 +50,7 @@ gss_acquire_cred(OM_uint32 *minor_status,
int i;
*minor_status = 0;
- if (actual_mechs)
+ if (output_cred_handle)
*output_cred_handle = GSS_C_NO_CREDENTIAL;
if (actual_mechs)
*actual_mechs = GSS_C_NO_OID_SET;
@@ -106,8 +106,9 @@ gss_acquire_cred(OM_uint32 *minor_status,
continue;
if (desired_name != GSS_C_NO_NAME) {
- mn = _gss_find_mn(name, &mechs->elements[i]);
- if (!mn)
+ major_status = _gss_find_mn(minor_status, name,
+ &mechs->elements[i], &mn);
+ if (major_status != GSS_S_COMPLETE)
continue;
}
diff --git a/source4/heimdal/lib/gssapi/mech/gss_add_cred.c b/source4/heimdal/lib/gssapi/mech/gss_add_cred.c
index 4947c5c30e..09b592b5da 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_add_cred.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_add_cred.c
@@ -27,7 +27,7 @@
*/
#include "mech_locl.h"
-RCSID("$Id: gss_add_cred.c 20626 2007-05-08 13:56:49Z lha $");
+RCSID("$Id: gss_add_cred.c 21474 2007-07-10 16:30:23Z lha $");
static struct _gss_mechanism_cred *
_gss_copy_cred(struct _gss_mechanism_cred *mc)
@@ -136,11 +136,13 @@ gss_add_cred(OM_uint32 *minor_status,
* Figure out a suitable mn, if any.
*/
if (desired_name) {
- mn = _gss_find_mn((struct _gss_name *) desired_name,
- desired_mech);
- if (!mn) {
+ major_status = _gss_find_mn(minor_status,
+ (struct _gss_name *) desired_name,
+ desired_mech,
+ &mn);
+ if (major_status != GSS_S_COMPLETE) {
free(new_cred);
- return (GSS_S_BAD_NAME);
+ return major_status;
}
} else {
mn = 0;
diff --git a/source4/heimdal/lib/gssapi/mech/gss_canonicalize_name.c b/source4/heimdal/lib/gssapi/mech/gss_canonicalize_name.c
index 1437a9bc7b..c950c03166 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_canonicalize_name.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_canonicalize_name.c
@@ -27,7 +27,7 @@
*/
#include "mech_locl.h"
-RCSID("$Id: gss_canonicalize_name.c 19928 2007-01-16 10:37:54Z lha $");
+RCSID("$Id: gss_canonicalize_name.c 21476 2007-07-10 16:31:27Z lha $");
OM_uint32
gss_canonicalize_name(OM_uint32 *minor_status,
@@ -44,10 +44,9 @@ gss_canonicalize_name(OM_uint32 *minor_status,
*minor_status = 0;
*output_name = 0;
- mn = _gss_find_mn(name, mech_type);
- if (!mn) {
- return (GSS_S_BAD_MECH);
- }
+ major_status = _gss_find_mn(minor_status, name, mech_type, &mn);
+ if (major_status)
+ return major_status;
m = mn->gmn_mech;
major_status = m->gm_canonicalize_name(minor_status,
diff --git a/source4/heimdal/lib/gssapi/mech/gss_compare_name.c b/source4/heimdal/lib/gssapi/mech/gss_compare_name.c
index 147ad60c94..617ff13d98 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_compare_name.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_compare_name.c
@@ -27,7 +27,7 @@
*/
#include "mech_locl.h"
-RCSID("$Id: gss_compare_name.c 17700 2006-06-28 09:00:26Z lha $");
+RCSID("$Id: gss_compare_name.c 21475 2007-07-10 16:31:03Z lha $");
OM_uint32
gss_compare_name(OM_uint32 *minor_status,
@@ -57,8 +57,11 @@ gss_compare_name(OM_uint32 *minor_status,
struct _gss_mechanism_name *mn2;
SLIST_FOREACH(mn1, &name1->gn_mn, gmn_link) {
- mn2 = _gss_find_mn(name2, mn1->gmn_mech_oid);
- if (mn2) {
+ OM_uint32 major_status;
+
+ major_status = _gss_find_mn(minor_status, name2,
+ mn1->gmn_mech_oid, &mn2);
+ if (major_status == GSS_S_COMPLETE) {
return (mn1->gmn_mech->gm_compare_name(
minor_status,
mn1->gmn_name,
diff --git a/source4/heimdal/lib/gssapi/mech/gss_duplicate_name.c b/source4/heimdal/lib/gssapi/mech/gss_duplicate_name.c
index 4ff81fdf2d..f38c840b31 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_duplicate_name.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_duplicate_name.c
@@ -27,7 +27,7 @@
*/
#include "mech_locl.h"
-RCSID("$Id: gss_duplicate_name.c 21219 2007-06-20 08:27:11Z lha $");
+RCSID("$Id: gss_duplicate_name.c 21480 2007-07-10 16:32:32Z lha $");
OM_uint32 gss_duplicate_name(OM_uint32 *minor_status,
const gss_name_t src_name,
@@ -54,7 +54,9 @@ OM_uint32 gss_duplicate_name(OM_uint32 *minor_status,
new_name = (struct _gss_name *) *dest_name;
SLIST_FOREACH(mn, &name->gn_mn, gmn_link) {
- _gss_find_mn(new_name, mn->gmn_mech_oid);
+ struct _gss_mechanism_name *mn2;
+ _gss_find_mn(minor_status, new_name,
+ mn->gmn_mech_oid, &mn2);
}
} else {
new_name = malloc(sizeof(struct _gss_name));
diff --git a/source4/heimdal/lib/gssapi/mech/gss_init_sec_context.c b/source4/heimdal/lib/gssapi/mech/gss_init_sec_context.c
index c1c058d146..b9a1680dcb 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_init_sec_context.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_init_sec_context.c
@@ -27,7 +27,7 @@
*/
#include "mech_locl.h"
-RCSID("$Id: gss_init_sec_context.c 19957 2007-01-17 13:48:11Z lha $");
+RCSID("$Id: gss_init_sec_context.c 21479 2007-07-10 16:32:19Z lha $");
static gss_cred_id_t
_gss_mech_cred_find(gss_cred_id_t cred_handle, gss_OID mech_type)
@@ -109,11 +109,11 @@ gss_init_sec_context(OM_uint32 * minor_status,
/*
* Find the MN for this mechanism.
*/
- mn = _gss_find_mn(name, mech_type);
- if (mn == NULL) {
+ major_status = _gss_find_mn(minor_status, name, mech_type, &mn);
+ if (major_status != GSS_S_COMPLETE) {
if (allocated_ctx)
free(ctx);
- return GSS_S_BAD_NAME;
+ return major_status;
}
/*
diff --git a/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c b/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c
index 604027490e..f1a18afb13 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c
@@ -28,7 +28,7 @@
#include "mech_locl.h"
#include <heim_threads.h>
-RCSID("$Id: gss_mech_switch.c 20625 2007-05-08 13:55:03Z lha $");
+RCSID("$Id: gss_mech_switch.c 21700 2007-07-26 19:08:34Z lha $");
#ifndef _PATH_GSS_MECH
#define _PATH_GSS_MECH "/etc/gss/mech"
@@ -223,9 +223,9 @@ _gss_load_mech(void)
add_builtin(__gss_spnego_initialize());
add_builtin(__gss_ntlm_initialize());
+#ifdef HAVE_DLOPEN
fp = fopen(_PATH_GSS_MECH, "r");
if (!fp) {
-/* perror(_PATH_GSS_MECH); */
HEIMDAL_MUTEX_unlock(&_gss_mech_mutex);
return;
}
@@ -316,6 +316,7 @@ _gss_load_mech(void)
continue;
}
fclose(fp);
+#endif
HEIMDAL_MUTEX_unlock(&_gss_mech_mutex);
}
diff --git a/source4/heimdal/lib/gssapi/mech/gss_names.c b/source4/heimdal/lib/gssapi/mech/gss_names.c
index 3ab609c192..f78672d837 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_names.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_names.c
@@ -27,15 +27,18 @@
*/
#include "mech_locl.h"
-RCSID("$Id: gss_names.c 19928 2007-01-16 10:37:54Z lha $");
+RCSID("$Id: gss_names.c 21473 2007-07-10 16:29:53Z lha $");
-struct _gss_mechanism_name *
-_gss_find_mn(struct _gss_name *name, gss_OID mech)
+OM_uint32
+_gss_find_mn(OM_uint32 *minor_status, struct _gss_name *name, gss_OID mech,
+ struct _gss_mechanism_name **output_mn)
{
- OM_uint32 major_status, minor_status;
+ OM_uint32 major_status;
gssapi_mech_interface m;
struct _gss_mechanism_name *mn;
+ *output_mn = NULL;
+
SLIST_FOREACH(mn, &name->gn_mn, gmn_link) {
if (gss_oid_equal(mech, mn->gmn_mech_oid))
break;
@@ -47,34 +50,36 @@ _gss_find_mn(struct _gss_name *name, gss_OID mech)
* MN but it is from a different mech), give up now.
*/
if (!name->gn_value.value)
- return (0);
+ return GSS_S_BAD_NAME;
m = __gss_get_mechanism(mech);
if (!m)
- return (0);
+ return (GSS_S_BAD_MECH);
mn = malloc(sizeof(struct _gss_mechanism_name));
if (!mn)
- return (0);
+ return GSS_S_FAILURE;
- major_status = m->gm_import_name(&minor_status,
+ major_status = m->gm_import_name(minor_status,
&name->gn_value,
(name->gn_type.elements
? &name->gn_type : GSS_C_NO_OID),
&mn->gmn_name);
if (major_status != GSS_S_COMPLETE) {
- _gss_mg_error(m, major_status, minor_status);
+ _gss_mg_error(m, major_status, *minor_status);
free(mn);
- return (0);
+ return major_status;
}
mn->gmn_mech = m;
mn->gmn_mech_oid = &m->gm_mech_oid;
SLIST_INSERT_HEAD(&name->gn_mn, mn, gmn_link);
}
- return (mn);
+ *output_mn = mn;
+ return 0;
}
+
/*
* Make a name from an MN.
*/
diff --git a/source4/heimdal/lib/gssapi/mech/gss_oid_to_str.c b/source4/heimdal/lib/gssapi/mech/gss_oid_to_str.c
index 3195370b77..e2cecaf6b4 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_oid_to_str.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_oid_to_str.c
@@ -32,7 +32,7 @@
*/
#include "mech_locl.h"
-RCSID("$Id: gss_oid_to_str.c 19963 2007-01-17 16:01:22Z lha $");
+RCSID("$Id: gss_oid_to_str.c 21409 2007-07-04 14:19:11Z lha $");
OM_uint32
gss_oid_to_str(OM_uint32 *minor_status, gss_OID oid, gss_buffer_t oid_str)
@@ -44,6 +44,9 @@ gss_oid_to_str(OM_uint32 *minor_status, gss_OID oid, gss_buffer_t oid_str)
_mg_buffer_zero(oid_str);
+ if (oid == GSS_C_NULL_OID)
+ return GSS_S_FAILURE;
+
ret = der_get_oid (oid->elements, oid->length, &o, &size);
if (ret) {
*minor_status = ret;
diff --git a/source4/heimdal/lib/gssapi/mech/name.h b/source4/heimdal/lib/gssapi/mech/name.h
index 2252150a06..7c9ba33d85 100644
--- a/source4/heimdal/lib/gssapi/mech/name.h
+++ b/source4/heimdal/lib/gssapi/mech/name.h
@@ -24,7 +24,7 @@
* SUCH DAMAGE.
*
* $FreeBSD: src/lib/libgssapi/name.h,v 1.1 2005/12/29 14:40:20 dfr Exp $
- * $Id: name.h 18246 2006-10-05 18:36:07Z lha $
+ * $Id: name.h 21477 2007-07-10 16:31:44Z lha $
*/
struct _gss_mechanism_name {
@@ -41,7 +41,8 @@ struct _gss_name {
struct _gss_mechanism_name_list gn_mn; /* list of MNs */
};
-struct _gss_mechanism_name *
- _gss_find_mn(struct _gss_name *name, gss_OID mech);
+OM_uint32
+ _gss_find_mn(OM_uint32 *, struct _gss_name *, gss_OID,
+ struct _gss_mechanism_name **);
struct _gss_name *
_gss_make_name(gssapi_mech_interface m, gss_name_t new_mn);
diff --git a/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c b/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c
index d20c913bf0..1afe26f1e3 100644
--- a/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c
+++ b/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c
@@ -33,7 +33,7 @@
#include "spnego/spnego_locl.h"
-RCSID("$Id: accept_sec_context.c 21243 2007-06-20 15:16:22Z lha $");
+RCSID("$Id: accept_sec_context.c 21461 2007-07-10 14:01:13Z lha $");
static OM_uint32
send_reject (OM_uint32 *minor_status,
@@ -555,23 +555,16 @@ acceptor_start
int get_mic = 0;
int first_ok = 0;
- if (src_name)
- *src_name = GSS_C_NO_NAME;
-
mech_output_token.value = NULL;
mech_output_token.length = 0;
mech_buf.value = NULL;
- if (*context_handle == GSS_C_NO_CONTEXT) {
- ret = _gss_spnego_alloc_sec_context(minor_status,
- context_handle);
- if (ret != GSS_S_COMPLETE)
- return ret;
-
- if (input_token_buffer->length == 0) {
- return send_supported_mechs (minor_status, output_token);
- }
- }
+ if (input_token_buffer->length == 0)
+ return send_supported_mechs (minor_status, output_token);
+
+ ret = _gss_spnego_alloc_sec_context(minor_status, context_handle);
+ if (ret != GSS_S_COMPLETE)
+ return ret;
ctx = (gssspnego_ctx)*context_handle;
diff --git a/source4/heimdal/lib/gssapi/spnego/spnego.asn1 b/source4/heimdal/lib/gssapi/spnego/spnego.asn1
index aed67dc4ae..058f10ba3a 100644
--- a/source4/heimdal/lib/gssapi/spnego/spnego.asn1
+++ b/source4/heimdal/lib/gssapi/spnego/spnego.asn1
@@ -1,4 +1,4 @@
--- $Id: spnego.asn1 19420 2006-12-18 18:28:49Z lha $
+-- $Id: spnego.asn1 21403 2007-07-04 08:13:12Z lha $
SPNEGO DEFINITIONS ::=
BEGIN
@@ -8,34 +8,34 @@ MechType::= OBJECT IDENTIFIER
MechTypeList ::= SEQUENCE OF MechType
ContextFlags ::= BIT STRING {
- delegFlag (0),
- mutualFlag (1),
- replayFlag (2),
- sequenceFlag (3),
- anonFlag (4),
- confFlag (5),
- integFlag (6)
+ delegFlag (0),
+ mutualFlag (1),
+ replayFlag (2),
+ sequenceFlag (3),
+ anonFlag (4),
+ confFlag (5),
+ integFlag (6)
}
NegHints ::= SEQUENCE {
- hintName [0] GeneralString OPTIONAL,
- hintAddress [1] OCTET STRING OPTIONAL
+ hintName [0] GeneralString OPTIONAL,
+ hintAddress [1] OCTET STRING OPTIONAL
}
NegTokenInitWin ::= SEQUENCE {
- mechTypes [0] MechTypeList,
- reqFlags [1] ContextFlags OPTIONAL,
- mechToken [2] OCTET STRING OPTIONAL,
- negHints [3] NegHints OPTIONAL
- }
+ mechTypes [0] MechTypeList,
+ reqFlags [1] ContextFlags OPTIONAL,
+ mechToken [2] OCTET STRING OPTIONAL,
+ negHints [3] NegHints OPTIONAL
+}
NegTokenInit ::= SEQUENCE {
- mechTypes [0] MechTypeList,
- reqFlags [1] ContextFlags OPTIONAL,
- mechToken [2] OCTET STRING OPTIONAL,
- mechListMIC [3] OCTET STRING OPTIONAL
- }
-
+ mechTypes [0] MechTypeList,
+ reqFlags [1] ContextFlags OPTIONAL,
+ mechToken [2] OCTET STRING OPTIONAL,
+ mechListMIC [3] OCTET STRING OPTIONAL,
+ ...
+}
-- NB: negResult is not OPTIONAL in the new SPNEGO spec but
-- Windows clients do not always send it
@@ -47,7 +47,8 @@ NegTokenResp ::= SEQUENCE {
request-mic (3) } OPTIONAL,
supportedMech [1] MechType OPTIONAL,
responseToken [2] OCTET STRING OPTIONAL,
- mechListMIC [3] OCTET STRING OPTIONAL
+ mechListMIC [3] OCTET STRING OPTIONAL,
+ ...
}
NegotiationToken ::= CHOICE {
diff --git a/source4/heimdal/lib/hcrypto/hmac.c b/source4/heimdal/lib/hcrypto/hmac.c
index 848b987a90..b8156e38d4 100644
--- a/source4/heimdal/lib/hcrypto/hmac.c
+++ b/source4/heimdal/lib/hcrypto/hmac.c
@@ -52,8 +52,10 @@ HMAC_Init_ex(HMAC_CTX *ctx,
if (ctx->md != md) {
ctx->md = md;
- if (ctx->buf)
+ if (ctx->buf) {
+ memset(ctx->buf, 0, ctx->key_length);
free (ctx->buf);
+ }
ctx->key_length = EVP_MD_size(ctx->md);
ctx->buf = malloc(ctx->key_length);
}
@@ -67,10 +69,14 @@ HMAC_Init_ex(HMAC_CTX *ctx,
keylen = EVP_MD_size(ctx->md);
}
- if (ctx->opad)
+ if (ctx->opad) {
+ memset(ctx->opad, 0, ctx->key_length);
free(ctx->opad);
- if (ctx->ipad)
+ }
+ if (ctx->ipad) {
+ memset(ctx->ipad, 0, ctx->key_length);
free(ctx->ipad);
+ }
ctx->opad = malloc(EVP_MD_block_size(ctx->md));
ctx->ipad = malloc(EVP_MD_block_size(ctx->md));
diff --git a/source4/heimdal/lib/hx509/ca.c b/source4/heimdal/lib/hx509/ca.c
index 0e48269aa4..bf8fe1be1a 100644
--- a/source4/heimdal/lib/hx509/ca.c
+++ b/source4/heimdal/lib/hx509/ca.c
@@ -33,7 +33,7 @@
#include "hx_locl.h"
#include <pkinit_asn1.h>
-RCSID("$Id: ca.c 20904 2007-06-05 01:58:45Z lha $");
+RCSID("$Id: ca.c 21379 2007-06-28 07:38:17Z lha $");
struct hx509_ca_tbs {
hx509_name subject;
@@ -1002,7 +1002,7 @@ ca_sign(hx509_context context,
if (size != data.length)
_hx509_abort("internal ASN.1 encoder error");
ret = add_extension(context, tbsc, 0,
- oid_id_pe_proxyCertInfo(),
+ oid_id_pkix_pe_proxyCertInfo(),
&data);
free(data.data);
if (ret)
diff --git a/source4/heimdal/lib/hx509/cert.c b/source4/heimdal/lib/hx509/cert.c
index caf163f8e4..b7f19d152a 100644
--- a/source4/heimdal/lib/hx509/cert.c
+++ b/source4/heimdal/lib/hx509/cert.c
@@ -32,7 +32,7 @@
*/
#include "hx_locl.h"
-RCSID("$Id: cert.c 21294 2007-06-25 14:37:15Z lha $");
+RCSID("$Id: cert.c 21380 2007-06-28 07:38:38Z lha $");
#include "crypto-headers.h"
#include <rtbl.h>
@@ -898,7 +898,7 @@ is_proxy_cert(hx509_context context,
if (rinfo)
memset(rinfo, 0, sizeof(*rinfo));
- e = find_extension(cert, oid_id_pe_proxyCertInfo(), &i);
+ e = find_extension(cert, oid_id_pkix_pe_proxyCertInfo(), &i);
if (e == NULL) {
hx509_clear_error_string(context);
return HX509_EXTENSION_NOT_FOUND;
diff --git a/source4/heimdal/lib/hx509/hx509-private.h b/source4/heimdal/lib/hx509/hx509-private.h
index 451c3c89f2..acbc3218c6 100644
--- a/source4/heimdal/lib/hx509/hx509-private.h
+++ b/source4/heimdal/lib/hx509/hx509-private.h
@@ -314,14 +314,6 @@ _hx509_pbe_decrypt (
const heim_octet_string */*econtent*/,
heim_octet_string */*content*/);
-int
-_hx509_pbe_encrypt (
- hx509_context /*context*/,
- hx509_lock /*lock*/,
- const AlgorithmIdentifier */*ai*/,
- const heim_octet_string */*content*/,
- heim_octet_string */*econtent*/);
-
void
_hx509_pi_printf (
int (*/*func*/)(void *, const char *),
@@ -423,35 +415,11 @@ void
_hx509_request_free (hx509_request */*req*/);
int
-_hx509_request_get_SubjectPublicKeyInfo (
- hx509_context /*context*/,
- hx509_request /*req*/,
- SubjectPublicKeyInfo */*key*/);
-
-int
-_hx509_request_get_name (
- hx509_context /*context*/,
- hx509_request /*req*/,
- hx509_name */*name*/);
-
-int
_hx509_request_init (
hx509_context /*context*/,
hx509_request */*req*/);
int
-_hx509_request_parse (
- hx509_context /*context*/,
- const char */*path*/,
- hx509_request */*req*/);
-
-int
-_hx509_request_print (
- hx509_context /*context*/,
- hx509_request /*req*/,
- FILE */*f*/);
-
-int
_hx509_request_set_SubjectPublicKeyInfo (
hx509_context /*context*/,
hx509_request /*req*/,
diff --git a/source4/heimdal/lib/hx509/ks_p11.c b/source4/heimdal/lib/hx509/ks_p11.c
index b899005b33..e3066bbcfa 100644
--- a/source4/heimdal/lib/hx509/ks_p11.c
+++ b/source4/heimdal/lib/hx509/ks_p11.c
@@ -32,7 +32,7 @@
*/
#include "hx_locl.h"
-RCSID("$Id: ks_p11.c 21085 2007-06-13 06:39:53Z lha $");
+RCSID("$Id: ks_p11.c 21387 2007-06-28 08:53:45Z lha $");
#ifdef HAVE_DLFCN_H
#include <dlfcn.h>
#endif
@@ -1129,8 +1129,17 @@ p11_printinfo(hx509_context context,
MECHNAME(CKM_RSA_X_509, "rsa-x-509");
MECHNAME(CKM_MD5_RSA_PKCS, "md5-rsa-pkcs");
MECHNAME(CKM_SHA1_RSA_PKCS, "sha1-rsa-pkcs");
+ MECHNAME(CKM_SHA256_RSA_PKCS, "sha256-rsa-pkcs");
+ MECHNAME(CKM_SHA384_RSA_PKCS, "sha384-rsa-pkcs");
+ MECHNAME(CKM_SHA512_RSA_PKCS, "sha512-rsa-pkcs");
MECHNAME(CKM_RIPEMD160_RSA_PKCS, "ripemd160-rsa-pkcs");
MECHNAME(CKM_RSA_PKCS_OAEP, "rsa-pkcs-oaep");
+ MECHNAME(CKM_SHA512_HMAC, "sha512-hmac");
+ MECHNAME(CKM_SHA512, "sha512");
+ MECHNAME(CKM_SHA384_HMAC, "sha384-hmac");
+ MECHNAME(CKM_SHA384, "sha384");
+ MECHNAME(CKM_SHA256_HMAC, "sha256-hmac");
+ MECHNAME(CKM_SHA256, "sha256");
MECHNAME(CKM_SHA_1, "sha1");
MECHNAME(CKM_MD5, "md5");
MECHNAME(CKM_MD2, "md2");
diff --git a/source4/heimdal/lib/hx509/peer.c b/source4/heimdal/lib/hx509/peer.c
index eccedf1043..e90f8f34b0 100644
--- a/source4/heimdal/lib/hx509/peer.c
+++ b/source4/heimdal/lib/hx509/peer.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2006 Kungliga Tekniska Högskolan
+ * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -32,7 +32,7 @@
*/
#include "hx_locl.h"
-RCSID("$Id: peer.c 20938 2007-06-06 20:51:34Z lha $");
+RCSID("$Id: peer.c 21481 2007-07-10 16:33:23Z lha $");
int
hx509_peer_info_alloc(hx509_context context, hx509_peer_info *peer)
@@ -143,7 +143,7 @@ hx509_peer_info_parse(hx509_peer_info peer,
int
hx509_peer_info_unparse(hx509_peer_info peer,
- heim_octet_string *data)
+ heim_octet_string *data)
{
return 0;
}
diff --git a/source4/heimdal/lib/hx509/print.c b/source4/heimdal/lib/hx509/print.c
index dc9d4cfa58..e6f71ea2ce 100644
--- a/source4/heimdal/lib/hx509/print.c
+++ b/source4/heimdal/lib/hx509/print.c
@@ -32,7 +32,7 @@
*/
#include "hx_locl.h"
-RCSID("$Id: print.c 20908 2007-06-05 02:59:33Z lha $");
+RCSID("$Id: print.c 21381 2007-06-28 08:29:22Z lha $");
struct hx509_validate_ctx_data {
@@ -591,11 +591,50 @@ check_proxyCertInfo(hx509_validate_ctx ctx,
enum critical_flag cf,
const Extension *e)
{
+ check_Null(ctx, status, cf, e);
status->isproxy = 1;
+ return 0;
+}
+
+static int
+check_authorityInfoAccess(hx509_validate_ctx ctx,
+ struct cert_status *status,
+ enum critical_flag cf,
+ const Extension *e)
+{
+ AuthorityInfoAccessSyntax aia;
+ size_t size;
+ int ret, i;
+
+ check_Null(ctx, status, cf, e);
+
+ ret = decode_AuthorityInfoAccessSyntax(e->extnValue.data,
+ e->extnValue.length,
+ &aia, &size);
+ if (ret) {
+ printf("\tret = %d while decoding AuthorityInfoAccessSyntax\n", ret);
+ return 0;
+ }
+
+ for (i = 0; i < aia.len; i++) {
+ char *str;
+ validate_print(ctx, HX509_VALIDATE_F_VERBOSE,
+ "\ttype: ");
+ hx509_oid_print(&aia.val[i].accessMethod, validate_vprint, ctx);
+ hx509_general_name_unparse(&aia.val[i].accessLocation, &str);
+ validate_print(ctx, HX509_VALIDATE_F_VERBOSE,
+ "\n\tdirname: %s\n", str);
+ free(str);
+ }
+ free_AuthorityInfoAccessSyntax(&aia);
return 0;
}
+/*
+ *
+ */
+
struct {
const char *name;
const heim_oid *(*oid)(void);
@@ -628,8 +667,11 @@ struct {
{ ext(extKeyUsage, Null), D_C },
{ ext(freshestCRL, Null), M_N_C },
{ ext(inhibitAnyPolicy, Null), M_C },
- { "proxyCertInfo", oid_id_pe_proxyCertInfo,
- check_proxyCertInfo, M_C },
+#undef ext
+#define ext(name, checkname) #name, &oid_id_pkix_pe_##name, check_##checkname
+ { ext(proxyCertInfo, proxyCertInfo), M_C },
+ { ext(authorityInfoAccess, authorityInfoAccess), M_C },
+#undef ext
{ "US Fed PKI - PIV Interim", oid_id_uspkicommon_piv_interim,
check_Null, D_C },
{ "Netscape cert comment", oid_id_netscape_cert_comment,
diff --git a/source4/heimdal/lib/krb5/cache.c b/source4/heimdal/lib/krb5/cache.c
index 5be3935f2b..59aae40d28 100644
--- a/source4/heimdal/lib/krb5/cache.c
+++ b/source4/heimdal/lib/krb5/cache.c
@@ -33,7 +33,7 @@
#include "krb5_locl.h"
-RCSID("$Id: cache.c 20503 2007-04-21 22:03:56Z lha $");
+RCSID("$Id: cache.c 21498 2007-07-11 09:41:43Z lha $");
/*
* Add a new ccache type with operations `ops', overwriting any
@@ -339,6 +339,35 @@ _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res)
}
/*
+ * Return non-zero if envirnoment that will determine default krb5cc
+ * name has changed.
+ */
+
+static int
+environment_changed(krb5_context context)
+{
+ const char *e;
+
+ if(issuid())
+ return 0;
+
+ e = getenv("KRB5CCNAME");
+ if (e == NULL) {
+ if (context->default_cc_name_env) {
+ free(context->default_cc_name_env);
+ context->default_cc_name_env = NULL;
+ return 1;
+ }
+ } else {
+ if (context->default_cc_name_env == NULL)
+ return 1;
+ if (strcmp(e, context->default_cc_name_env) != 0)
+ return 1;
+ }
+ return 0;
+}
+
+/*
* Set the default cc name for `context' to `name'.
*/
@@ -353,8 +382,12 @@ krb5_cc_set_default_name(krb5_context context, const char *name)
if(!issuid()) {
e = getenv("KRB5CCNAME");
- if (e)
+ if (e) {
p = strdup(e);
+ if (context->default_cc_name_env)
+ free(context->default_cc_name_env);
+ context->default_cc_name_env = strdup(e);
+ }
}
if (e == NULL) {
e = krb5_config_get_string(context, NULL, "libdefaults",
@@ -389,7 +422,7 @@ krb5_cc_set_default_name(krb5_context context, const char *name)
const char* KRB5_LIB_FUNCTION
krb5_cc_default_name(krb5_context context)
{
- if (context->default_cc_name == NULL)
+ if (context->default_cc_name == NULL || environment_changed(context))
krb5_cc_set_default_name(context, NULL);
return context->default_cc_name;
diff --git a/source4/heimdal/lib/krb5/changepw.c b/source4/heimdal/lib/krb5/changepw.c
index 3ceb6df89c..703cf43eb6 100644
--- a/source4/heimdal/lib/krb5/changepw.c
+++ b/source4/heimdal/lib/krb5/changepw.c
@@ -33,7 +33,7 @@
#include <krb5_locl.h>
-RCSID("$Id: changepw.c 17442 2006-05-05 09:31:15Z lha $");
+RCSID("$Id: changepw.c 21505 2007-07-12 12:28:38Z lha $");
static void
str2data (krb5_data *d,
@@ -46,10 +46,12 @@ str2data (krb5_data *d,
...)
{
va_list args;
+ char *str;
va_start(args, fmt);
- d->length = vasprintf ((char **)&d->data, fmt, args);
+ d->length = vasprintf (&str, fmt, args);
va_end(args);
+ d->data = str;
}
/*
diff --git a/source4/heimdal/lib/krb5/get_cred.c b/source4/heimdal/lib/krb5/get_cred.c
index 8a0af23e40..7c3f128ae5 100644
--- a/source4/heimdal/lib/krb5/get_cred.c
+++ b/source4/heimdal/lib/krb5/get_cred.c
@@ -33,7 +33,7 @@
#include <krb5_locl.h>
-RCSID("$Id: get_cred.c 21327 2007-06-26 10:54:15Z lha $");
+RCSID("$Id: get_cred.c 21669 2007-07-22 11:29:13Z lha $");
/*
* Take the `body' and encode it into `padata' using the credentials
@@ -1224,9 +1224,10 @@ krb5_get_renewed_creds(krb5_context context,
{
krb5_error_code ret;
krb5_kdc_flags flags;
- krb5_creds in, *template;
+ krb5_creds in, *template, *out = NULL;
memset(&in, 0, sizeof(in));
+ memset(creds, 0, sizeof(*creds));
ret = krb5_copy_principal(context, client, &in.client);
if (ret)
@@ -1263,9 +1264,14 @@ krb5_get_renewed_creds(krb5_context context,
krb5_free_creds (context, template);
}
- ret = krb5_get_kdc_cred(context, ccache, flags, NULL, NULL, &in, &creds);
+ ret = krb5_get_kdc_cred(context, ccache, flags, NULL, NULL, &in, &out);
krb5_free_principal(context, in.client);
krb5_free_principal(context, in.server);
+ if (ret)
+ return ret;
+
+ ret = krb5_copy_creds_contents(context, out, creds);
+ krb5_free_creds(context, out);
return ret;
}
diff --git a/source4/heimdal/lib/krb5/init_creds.c b/source4/heimdal/lib/krb5/init_creds.c
index 5bdf23d97f..bd250cef2b 100644
--- a/source4/heimdal/lib/krb5/init_creds.c
+++ b/source4/heimdal/lib/krb5/init_creds.c
@@ -33,7 +33,7 @@
#include "krb5_locl.h"
-RCSID("$Id: init_creds.c 20541 2007-04-23 12:19:14Z lha $");
+RCSID("$Id: init_creds.c 21712 2007-07-27 14:23:41Z lha $");
void KRB5_LIB_FUNCTION
krb5_get_init_creds_opt_init(krb5_get_init_creds_opt *opt)
@@ -225,9 +225,8 @@ krb5_get_init_creds_opt_set_default_flags(krb5_context context,
krb5_get_init_creds_opt_set_renew_life(opt, t);
krb5_appdefault_boolean(context, appname, realm, "no-addresses",
- FALSE, &b);
- if (b)
- krb5_get_init_creds_opt_set_addressless (context, opt, TRUE);
+ KRB5_ADDRESSLESS_DEFAULT, &b);
+ krb5_get_init_creds_opt_set_addressless (context, opt, b);
#if 0
krb5_appdefault_boolean(context, appname, realm, "anonymous", FALSE, &b);
diff --git a/source4/heimdal/lib/krb5/init_creds_pw.c b/source4/heimdal/lib/krb5/init_creds_pw.c
index 1676da3bd6..0043b5ef3c 100644
--- a/source4/heimdal/lib/krb5/init_creds_pw.c
+++ b/source4/heimdal/lib/krb5/init_creds_pw.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,7 +33,7 @@
#include "krb5_locl.h"
-RCSID("$Id: init_creds_pw.c 21061 2007-06-12 17:56:30Z lha $");
+RCSID("$Id: init_creds_pw.c 21428 2007-07-10 12:31:58Z lha $");
typedef struct krb5_get_init_creds_ctx {
KDCOptions flags;
diff --git a/source4/heimdal/lib/krb5/krb5-private.h b/source4/heimdal/lib/krb5/krb5-private.h
index a551c42ecd..9a84dde61a 100644
--- a/source4/heimdal/lib/krb5/krb5-private.h
+++ b/source4/heimdal/lib/krb5/krb5-private.h
@@ -383,7 +383,7 @@ _krb5_pk_verify_sign (
krb5_error_code
_krb5_plugin_find (
krb5_context /*context*/,
- enum plugin_type /*type*/,
+ enum krb5_plugin_type /*type*/,
const char */*name*/,
struct krb5_plugin **/*list*/);
@@ -399,7 +399,7 @@ _krb5_plugin_get_symbol (struct krb5_plugin */*p*/);
krb5_error_code
_krb5_plugin_register (
krb5_context /*context*/,
- enum plugin_type /*type*/,
+ enum krb5_plugin_type /*type*/,
const char */*name*/,
void */*symbol*/);
diff --git a/source4/heimdal/lib/krb5/krb5-protos.h b/source4/heimdal/lib/krb5/krb5-protos.h
index 058496434e..740b394be8 100644
--- a/source4/heimdal/lib/krb5/krb5-protos.h
+++ b/source4/heimdal/lib/krb5/krb5-protos.h
@@ -2244,14 +2244,6 @@ krb5_get_pw_salt (
krb5_salt */*salt*/);
krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_renewed_creds (
- krb5_context /*context*/,
- krb5_creds */*creds*/,
- krb5_const_principal /*client*/,
- krb5_ccache /*ccache*/,
- const char */*in_tkt_service*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
krb5_get_server_rcache (
krb5_context /*context*/,
const krb5_data */*piece*/,
diff --git a/source4/heimdal/lib/krb5/krb5-v4compat.h b/source4/heimdal/lib/krb5/krb5-v4compat.h
index 2ea534cfe3..dfd7e94460 100644
--- a/source4/heimdal/lib/krb5/krb5-v4compat.h
+++ b/source4/heimdal/lib/krb5/krb5-v4compat.h
@@ -31,11 +31,13 @@
* SUCH DAMAGE.
*/
-/* $Id: krb5-v4compat.h 17442 2006-05-05 09:31:15Z lha $ */
+/* $Id: krb5-v4compat.h 21575 2007-07-16 07:44:54Z lha $ */
#ifndef __KRB5_V4COMPAT_H__
#define __KRB5_V4COMPAT_H__
+#include "krb_err.h"
+
/*
* This file must only be included with v4 compat glue stuff in
* heimdal sources.
@@ -57,56 +59,10 @@
#define AUTH_MSG_KDC_RENEW (10<<1)
#define AUTH_MSG_DIE (63<<1)
-/* values for kerb error codes */
-
-#define KERB_ERR_OK 0
-#define KERB_ERR_NAME_EXP 1
-#define KERB_ERR_SERVICE_EXP 2
-#define KERB_ERR_AUTH_EXP 3
-#define KERB_ERR_PKT_VER 4
-#define KERB_ERR_NAME_MAST_KEY_VER 5
-#define KERB_ERR_SERV_MAST_KEY_VER 6
-#define KERB_ERR_BYTE_ORDER 7
-#define KERB_ERR_PRINCIPAL_UNKNOWN 8
-#define KERB_ERR_PRINCIPAL_NOT_UNIQUE 9
-#define KERB_ERR_NULL_KEY 10
-#define KERB_ERR_TIMEOUT 11
-
-
-/* Error codes returned from the KDC */
-#define KDC_OK 0 /* Request OK */
-#define KDC_NAME_EXP 1 /* Principal expired */
-#define KDC_SERVICE_EXP 2 /* Service expired */
-#define KDC_AUTH_EXP 3 /* Auth expired */
-#define KDC_PKT_VER 4 /* Protocol version unknown */
-#define KDC_P_MKEY_VER 5 /* Wrong master key version */
-#define KDC_S_MKEY_VER 6 /* Wrong master key version */
-#define KDC_BYTE_ORDER 7 /* Byte order unknown */
-#define KDC_PR_UNKNOWN 8 /* Principal unknown */
-#define KDC_PR_N_UNIQUE 9 /* Principal not unique */
-#define KDC_NULL_KEY 10 /* Principal has null key */
-#define KDC_GEN_ERR 20 /* Generic error from KDC */
-
/* General definitions */
#define KSUCCESS 0
#define KFAILURE 255
-/* Values returned by rd_ap_req */
-#define RD_AP_OK 0 /* Request authentic */
-#define RD_AP_UNDEC 31 /* Can't decode authenticator */
-#define RD_AP_EXP 32 /* Ticket expired */
-#define RD_AP_NYV 33 /* Ticket not yet valid */
-#define RD_AP_REPEAT 34 /* Repeated request */
-#define RD_AP_NOT_US 35 /* The ticket isn't for us */
-#define RD_AP_INCON 36 /* Request is inconsistent */
-#define RD_AP_TIME 37 /* delta_t too big */
-#define RD_AP_BADD 38 /* Incorrect net address */
-#define RD_AP_VERSION 39 /* protocol version mismatch */
-#define RD_AP_MSG_TYPE 40 /* invalid msg type */
-#define RD_AP_MODIFIED 41 /* message stream modified */
-#define RD_AP_ORDER 42 /* message out of order */
-#define RD_AP_UNAUTHOR 43 /* unauthorized request */
-
/* */
#define MAX_KTXT_LEN 1250
diff --git a/source4/heimdal/lib/krb5/krb5.h b/source4/heimdal/lib/krb5/krb5.h
index 345fe70764..4f9a63bf05 100644
--- a/source4/heimdal/lib/krb5/krb5.h
+++ b/source4/heimdal/lib/krb5/krb5.h
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
-/* $Id: krb5.h 21252 2007-06-21 04:18:28Z lha $ */
+/* $Id: krb5.h 21551 2007-07-15 09:03:39Z lha $ */
#ifndef __KRB5_H__
#define __KRB5_H__
@@ -436,11 +436,6 @@ typedef struct krb5_config_binding krb5_config_binding;
typedef krb5_config_binding krb5_config_section;
-enum {
- KRB5_PKINIT_WIN2K = 1, /* wire compatible with Windows 2k */
- KRB5_PKINIT_PACKET_CABLE = 2 /* use packet cable standard */
-};
-
typedef struct krb5_ticket {
EncTicketPart ticket;
krb5_principal client;
@@ -766,6 +761,12 @@ typedef struct krb5_sendto_ctx *krb5_sendto_ctx;
typedef krb5_error_code (*krb5_sendto_ctx_func)(krb5_context, krb5_sendto_ctx, void *, const krb5_data *, int *);
+struct krb5_plugin;
+enum krb5_plugin_type {
+ PLUGIN_TYPE_DATA = 1,
+ PLUGIN_TYPE_FUNC
+};
+
struct credentials; /* this is to keep the compiler happy */
struct getargs;
struct sockaddr;
diff --git a/source4/heimdal/lib/krb5/krb5_locl.h b/source4/heimdal/lib/krb5/krb5_locl.h
index 87169fc430..b41e6e1182 100644
--- a/source4/heimdal/lib/krb5/krb5_locl.h
+++ b/source4/heimdal/lib/krb5/krb5_locl.h
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
-/* $Id: krb5_locl.h 20261 2007-02-18 00:32:22Z lha $ */
+/* $Id: krb5_locl.h 21552 2007-07-15 09:04:00Z lha $ */
#ifndef __KRB5_LOCL_H__
#define __KRB5_LOCL_H__
@@ -148,12 +148,6 @@ struct krb5_dh_moduli;
/* v4 glue */
struct _krb5_krb_auth_data;
-struct krb5_plugin;
-enum plugin_type {
- PLUGIN_TYPE_DATA = 1,
- PLUGIN_TYPE_FUNC
-};
-
#include <der.h>
#include <krb5.h>
@@ -236,7 +230,7 @@ typedef struct krb5_context_data {
char error_buf[256];
krb5_addresses *ignore_addresses;
char *default_cc_name;
- int pkinit_flags;
+ char *default_cc_name_env;
void *mutex; /* protects error_string/error_buf */
int large_msg_size;
int dns_canonicalize_hostname;
diff --git a/source4/heimdal/lib/krb5/krb_err.et b/source4/heimdal/lib/krb5/krb_err.et
new file mode 100644
index 0000000000..f7dbb6ce7a
--- /dev/null
+++ b/source4/heimdal/lib/krb5/krb_err.et
@@ -0,0 +1,63 @@
+#
+# Error messages for the krb4 library
+#
+# This might look like a com_err file, but is not
+#
+id "$Id: krb_err.et,v 1.7 1998/03/29 14:19:52 bg Exp $"
+
+error_table krb
+
+prefix KRB4ET
+ec KSUCCESS, "Kerberos 4 successful"
+ec KDC_NAME_EXP, "Kerberos 4 principal expired"
+ec KDC_SERVICE_EXP, "Kerberos 4 service expired"
+ec KDC_AUTH_EXP, "Kerberos 4 auth expired"
+ec KDC_PKT_VER, "Incorrect Kerberos 4 master key version"
+ec KDC_P_MKEY_VER, "Incorrect Kerberos 4 master key version"
+ec KDC_S_MKEY_VER, "Incorrect Kerberos 4 master key version"
+ec KDC_BYTE_ORDER, "Kerberos 4 byte order unknown"
+ec KDC_PR_UNKNOWN, "Kerberos 4 principal unknown"
+ec KDC_PR_N_UNIQUE, "Kerberos 4 principal not unique"
+ec KDC_NULL_KEY, "Kerberos 4 principal has null key"
+index 20
+ec KDC_GEN_ERR, "Generic error from KDC (Kerberos 4)"
+ec GC_TKFIL, "Can't read Kerberos 4 ticket file"
+ec GC_NOTKT, "Can't find Kerberos 4 ticket or TGT"
+index 26
+ec MK_AP_TGTEXP, "Kerberos 4 TGT Expired"
+index 31
+ec RD_AP_UNDEC, "Kerberos 4: Can't decode authenticator"
+ec RD_AP_EXP, "Kerberos 4 ticket expired"
+ec RD_AP_NYV, "Kerberos 4 ticket not yet valid"
+ec RD_AP_REPEAT, "Kerberos 4: Repeated request"
+ec RD_AP_NOT_US, "The Kerberos 4 ticket isn't for us"
+ec RD_AP_INCON, "Kerberos 4 request inconsistent"
+ec RD_AP_TIME, "Kerberos 4: delta_t too big"
+ec RD_AP_BADD, "Kerberos 4: incorrect net address"
+ec RD_AP_VERSION, "Kerberos protocol not version 4"
+ec RD_AP_MSG_TYPE, "Kerberos 4: invalid msg type"
+ec RD_AP_MODIFIED, "Kerberos 4: message stream modified"
+ec RD_AP_ORDER, "Kerberos 4: message out of order"
+ec RD_AP_UNAUTHOR, "Kerberos 4: unauthorized request"
+index 51
+ec GT_PW_NULL, "Kerberos 4: current PW is null"
+ec GT_PW_BADPW, "Kerberos 4: Incorrect current password"
+ec GT_PW_PROT, "Kerberos 4 protocol error"
+ec GT_PW_KDCERR, "Error returned by KDC (Kerberos 4)"
+ec GT_PW_NULLTKT, "Null Kerberos 4 ticket returned by KDC"
+ec SKDC_RETRY, "Kerberos 4: Retry count exceeded"
+ec SKDC_CANT, "Kerberos 4: Can't send request"
+index 61
+ec INTK_W_NOTALL, "Kerberos 4: not all tickets returned"
+ec INTK_BADPW, "Kerberos 4: incorrect password"
+ec INTK_PROT, "Kerberos 4: Protocol Error"
+index 70
+ec INTK_ERR, "Other error in Kerberos 4"
+ec AD_NOTGT, "Don't have Kerberos 4 ticket-granting ticket"
+index 76
+ec NO_TKT_FIL, "No Kerberos 4 ticket file found"
+ec TKT_FIL_ACC, "Couldn't access Kerberos 4 ticket file"
+ec TKT_FIL_LCK, "Couldn't lock Kerberos 4 ticket file"
+ec TKT_FIL_FMT, "Bad Kerberos 4 ticket file format"
+ec TKT_FIL_INI, "Kerberos 4: tf_init not called first"
+ec KNAME_FMT, "Bad Kerberos 4 name format"
diff --git a/source4/heimdal/lib/krb5/krbhst.c b/source4/heimdal/lib/krb5/krbhst.c
index 69b52dd808..094fd4f9c6 100644
--- a/source4/heimdal/lib/krb5/krbhst.c
+++ b/source4/heimdal/lib/krb5/krbhst.c
@@ -35,7 +35,7 @@
#include <resolve.h>
#include "locate_plugin.h"
-RCSID("$Id: krbhst.c 21131 2007-06-18 20:48:09Z lha $");
+RCSID("$Id: krbhst.c 21457 2007-07-10 12:53:25Z lha $");
static int
string_to_proto(const char *string)
@@ -919,8 +919,10 @@ gethostlist(krb5_context context, const char *realm,
while(krb5_krbhst_next(context, handle, &hostinfo) == 0)
nhost++;
- if(nhost == 0)
+ if(nhost == 0) {
+ krb5_set_error_string(context, "No KDC found for realm %s", realm);
return KRB5_KDC_UNREACH;
+ }
*hostlist = calloc(nhost + 1, sizeof(**hostlist));
if(*hostlist == NULL) {
krb5_krbhst_free(context, handle);
diff --git a/source4/heimdal/lib/krb5/pkinit.c b/source4/heimdal/lib/krb5/pkinit.c
index 105cab554d..c8587770f4 100755
--- a/source4/heimdal/lib/krb5/pkinit.c
+++ b/source4/heimdal/lib/krb5/pkinit.c
@@ -33,7 +33,7 @@
#include "krb5_locl.h"
-RCSID("$Id: pkinit.c 21321 2007-06-26 05:21:56Z lha $");
+RCSID("$Id: pkinit.c 21684 2007-07-23 23:09:10Z lha $");
struct krb5_dh_moduli {
char *name;
@@ -645,8 +645,6 @@ _krb5_pk_mk_padata(krb5_context context,
req_body->realm,
"pkinit_win2k",
NULL);
- if (context->pkinit_flags & KRB5_PKINIT_WIN2K)
- win2k_compat = 1;
if (win2k_compat) {
ctx->require_binding =
@@ -1721,7 +1719,7 @@ _krb5_free_moduli(struct krb5_dh_moduli **moduli)
free(moduli);
}
-static const char *default_moduli =
+static const char *default_moduli_RFC2412_MODP_group2 =
/* name */
"RFC2412-MODP-group2 "
/* bits */
@@ -1743,6 +1741,37 @@ static const char *default_moduli =
"F71C35FD" "AD44CFD2" "D74F9208" "BE258FF3" "24943328" "F67329C0"
"FFFFFFFF" "FFFFFFFF";
+static const char *default_moduli_rfc3526_MODP_group14 =
+ /* name */
+ "rfc3526-MODP-group14 "
+ /* bits */
+ "1760 "
+ /* p */
+ "FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1"
+ "29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD"
+ "EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245"
+ "E485B576" "625E7EC6" "F44C42E9" "A637ED6B" "0BFF5CB6" "F406B7ED"
+ "EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" "49286651" "ECE45B3D"
+ "C2007CB8" "A163BF05" "98DA4836" "1C55D39A" "69163FA8" "FD24CF5F"
+ "83655D23" "DCA3AD96" "1C62F356" "208552BB" "9ED52907" "7096966D"
+ "670C354E" "4ABC9804" "F1746C08" "CA18217C" "32905E46" "2E36CE3B"
+ "E39E772C" "180E8603" "9B2783A2" "EC07A28F" "B5C55DF0" "6F4C52C9"
+ "DE2BCBF6" "95581718" "3995497C" "EA956AE5" "15D22618" "98FA0510"
+ "15728E5A" "8AACAA68" "FFFFFFFF" "FFFFFFFF "
+ /* g */
+ "02 "
+ /* q */
+ "7FFFFFFF" "FFFFFFFF" "E487ED51" "10B4611A" "62633145" "C06E0E68"
+ "94812704" "4533E63A" "0105DF53" "1D89CD91" "28A5043C" "C71A026E"
+ "F7CA8CD9" "E69D218D" "98158536" "F92F8A1B" "A7F09AB6" "B6A8E122"
+ "F242DABB" "312F3F63" "7A262174" "D31BF6B5" "85FFAE5B" "7A035BF6"
+ "F71C35FD" "AD44CFD2" "D74F9208" "BE258FF3" "24943328" "F6722D9E"
+ "E1003E5C" "50B1DF82" "CC6D241B" "0E2AE9CD" "348B1FD4" "7E9267AF"
+ "C1B2AE91" "EE51D6CB" "0E3179AB" "1042A95D" "CF6A9483" "B84B4B36"
+ "B3861AA7" "255E4C02" "78BA3604" "650C10BE" "19482F23" "171B671D"
+ "F1CF3B96" "0C074301" "CD93C1D1" "7603D147" "DAE2AEF8" "37A62964"
+ "EF15E5FB" "4AAC0B8C" "1CCAA4BE" "754AB572" "8AE9130C" "4C7D0288"
+ "0AB9472D" "45565534" "7FFFFFFF" "FFFFFFFF";
krb5_error_code
_krb5_parse_moduli(krb5_context context, const char *file,
@@ -1757,19 +1786,28 @@ _krb5_parse_moduli(krb5_context context, const char *file,
*moduli = NULL;
- m = calloc(1, sizeof(m[0]) * 2);
+ m = calloc(1, sizeof(m[0]) * 3);
if (m == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
- strlcpy(buf, default_moduli, sizeof(buf));
+ strlcpy(buf, default_moduli_rfc3526_MODP_group14, sizeof(buf));
ret = _krb5_parse_moduli_line(context, "builtin", 1, buf, &m[0]);
if (ret) {
_krb5_free_moduli(m);
return ret;
}
- n = 1;
+ n++;
+
+ strlcpy(buf, default_moduli_RFC2412_MODP_group2, sizeof(buf));
+ ret = _krb5_parse_moduli_line(context, "builtin", 1, buf, &m[1]);
+ if (ret) {
+ _krb5_free_moduli(m);
+ return ret;
+ }
+ n++;
+
if (file == NULL)
file = MODULI_FILE;
diff --git a/source4/heimdal/lib/krb5/plugin.c b/source4/heimdal/lib/krb5/plugin.c
index 68317a12c0..43fa3f5b45 100644
--- a/source4/heimdal/lib/krb5/plugin.c
+++ b/source4/heimdal/lib/krb5/plugin.c
@@ -32,7 +32,7 @@
*/
#include "krb5_locl.h"
-RCSID("$Id: plugin.c 21134 2007-06-18 21:02:23Z lha $");
+RCSID("$Id: plugin.c 21702 2007-07-26 19:13:53Z lha $");
#ifdef HAVE_DLFCN_H
#include <dlfcn.h>
#endif
@@ -45,7 +45,7 @@ struct krb5_plugin {
};
struct plugin {
- enum plugin_type type;
+ enum krb5_plugin_type type;
void *name;
void *symbol;
struct plugin *next;
@@ -76,9 +76,11 @@ _krb5_plugin_get_next(struct krb5_plugin *p)
*
*/
+#ifdef HAVE_DLOPEN
+
static krb5_error_code
loadlib(krb5_context context,
- enum plugin_type type,
+ enum krb5_plugin_type type,
const char *name,
const char *lib,
struct krb5_plugin **e)
@@ -113,10 +115,11 @@ loadlib(krb5_context context,
return 0;
}
+#endif /* HAVE_DLOPEN */
krb5_error_code
_krb5_plugin_register(krb5_context context,
- enum plugin_type type,
+ enum krb5_plugin_type type,
const char *name,
void *symbol)
{
@@ -146,7 +149,7 @@ _krb5_plugin_register(krb5_context context,
krb5_error_code
_krb5_plugin_find(krb5_context context,
- enum plugin_type type,
+ enum krb5_plugin_type type,
const char *name,
struct krb5_plugin **list)
{
@@ -181,6 +184,8 @@ _krb5_plugin_find(krb5_context context,
}
HEIMDAL_MUTEX_unlock(&plugin_mutex);
+#ifdef HAVE_DLOPEN
+
dirs = krb5_config_get_strings(context, NULL, "libdefaults",
"plugin_dir", NULL);
if (dirs == NULL) {
@@ -213,6 +218,7 @@ _krb5_plugin_find(krb5_context context,
}
if (dirs != sysdirs)
krb5_config_free_strings(dirs);
+#endif /* HAVE_DLOPEN */
if (*list == NULL) {
krb5_set_error_string(context, "Did not find a plugin for %s", name);
diff --git a/source4/heimdal/lib/krb5/rd_priv.c b/source4/heimdal/lib/krb5/rd_priv.c
index d3920dd941..47b5df85b2 100644
--- a/source4/heimdal/lib/krb5/rd_priv.c
+++ b/source4/heimdal/lib/krb5/rd_priv.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997-2003 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997-2007 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,7 +33,7 @@
#include <krb5_locl.h>
-RCSID("$Id: rd_priv.c 17056 2006-04-12 16:18:10Z lha $");
+RCSID("$Id: rd_priv.c 21770 2007-08-01 04:04:33Z lha $");
krb5_error_code KRB5_LIB_FUNCTION
krb5_rd_priv(krb5_context context,
@@ -55,13 +55,17 @@ krb5_rd_priv(krb5_context context,
if ((auth_context->flags &
(KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
- outdata == NULL)
+ outdata == NULL) {
+ krb5_clear_error_string (context);
return KRB5_RC_REQUIRED; /* XXX better error, MIT returns this */
+ }
memset(&priv, 0, sizeof(priv));
ret = decode_KRB_PRIV (inbuf->data, inbuf->length, &priv, &len);
- if (ret)
+ if (ret) {
+ krb5_clear_error_string (context);
goto failure;
+ }
if (priv.pvno != 5) {
krb5_clear_error_string (context);
ret = KRB5KRB_AP_ERR_BADVERSION;
@@ -94,8 +98,10 @@ krb5_rd_priv(krb5_context context,
ret = decode_EncKrbPrivPart (plain.data, plain.length, &part, &len);
krb5_data_free (&plain);
- if (ret)
+ if (ret) {
+ krb5_clear_error_string (context);
goto failure;
+ }
/* check sender address */
diff --git a/source4/heimdal/lib/krb5/v4_glue.c b/source4/heimdal/lib/krb5/v4_glue.c
index d42fbec3a5..3f99df6391 100644
--- a/source4/heimdal/lib/krb5/v4_glue.c
+++ b/source4/heimdal/lib/krb5/v4_glue.c
@@ -32,7 +32,7 @@
*/
#include "krb5_locl.h"
-RCSID("$Id: v4_glue.c 17442 2006-05-05 09:31:15Z lha $");
+RCSID("$Id: v4_glue.c 21572 2007-07-16 05:13:08Z lha $");
#include "krb5-v4compat.h"
@@ -351,12 +351,12 @@ storage_to_etext(krb5_context context,
size = krb5_storage_seek(sp, 0, SEEK_END);
if (size < 0)
- return EINVAL;
+ return KRB4ET_RD_AP_UNDEC;
size = 8 - (size & 7);
ret = krb5_storage_write(sp, eightzeros, size);
if (ret != size)
- return EINVAL;
+ return KRB4ET_RD_AP_UNDEC;
ret = krb5_storage_to_data(sp, &data);
if (ret)
@@ -435,7 +435,7 @@ _krb5_krb_create_ticket(krb5_context context,
session->keyvalue.data,
session->keyvalue.length);
if (ret != session->keyvalue.length) {
- ret = EINVAL;
+ ret = KRB4ET_INTK_PROT;
goto error;
}
@@ -487,7 +487,7 @@ _krb5_krb_create_ciph(krb5_context context,
session->keyvalue.data,
session->keyvalue.length);
if (ret != session->keyvalue.length) {
- ret = EINVAL;
+ ret = KRB4ET_INTK_PROT;
goto error;
}
@@ -497,7 +497,7 @@ _krb5_krb_create_ciph(krb5_context context,
RCHECK(ret, krb5_store_int8(sp, ticket->length), error);
ret = krb5_storage_write(sp, ticket->data, ticket->length);
if (ret != ticket->length) {
- ret = EINVAL;
+ ret = KRB4ET_INTK_PROT;
goto error;
}
RCHECK(ret, krb5_store_int32(sp, kdc_time), error);
@@ -550,7 +550,7 @@ _krb5_krb_create_auth_reply(krb5_context context,
RCHECK(ret, krb5_store_int16(sp, cipher->length), error);
ret = krb5_storage_write(sp, cipher->data, cipher->length);
if (ret != cipher->length) {
- ret = EINVAL;
+ ret = KRB4ET_INTK_PROT;
goto error;
}
@@ -599,6 +599,9 @@ _krb5_krb_cr_err_reply(krb5_context context,
RCHECK(ret, krb5_store_int8(sp, AUTH_MSG_ERR_REPLY), error);
RCHECK(ret, put_nir(sp, name, inst, realm), error);
RCHECK(ret, krb5_store_int32(sp, time_ws), error);
+ /* If its a Kerberos 4 error-code, remove the et BASE */
+ if (e >= ERROR_TABLE_BASE_krb && e <= ERROR_TABLE_BASE_krb + 255)
+ e -= ERROR_TABLE_BASE_krb;
RCHECK(ret, krb5_store_int32(sp, e), error);
RCHECK(ret, krb5_store_stringz(sp, e_string), error);
@@ -623,7 +626,7 @@ get_v4_stringz(krb5_storage *sp, char **str, size_t max_len)
if (strlen(*str) > max_len) {
free(*str);
*str = NULL;
- return EINVAL;
+ return KRB4ET_INTK_PROT;
}
return 0;
}
@@ -662,7 +665,7 @@ _krb5_krb_decomp_ticket(krb5_context context,
return ENOMEM;
}
- krb5_storage_set_eof_code(sp, EINVAL); /* XXX */
+ krb5_storage_set_eof_code(sp, KRB4ET_INTK_PROT);
RCHECK(ret, krb5_ret_int8(sp, &ad->k_flags), error);
RCHECK(ret, get_v4_stringz(sp, &ad->pname, ANAME_SZ), error);
@@ -672,7 +675,7 @@ _krb5_krb_decomp_ticket(krb5_context context,
size = krb5_storage_read(sp, des_key, sizeof(des_key));
if (size != sizeof(des_key)) {
- ret = EINVAL; /* XXX */
+ ret = KRB4ET_INTK_PROT;
goto error;
}
@@ -770,26 +773,32 @@ _krb5_krb_rd_req(krb5_context context,
return ENOMEM;
}
- krb5_storage_set_eof_code(sp, EINVAL); /* XXX */
+ krb5_storage_set_eof_code(sp, KRB4ET_INTK_PROT);
ret = krb5_ret_int8(sp, &pvno);
- if (ret)
+ if (ret) {
+ krb5_set_error_string(context, "Failed reading v4 pvno");
goto error;
+ }
if (pvno != KRB_PROT_VERSION) {
- ret = EINVAL; /* XXX */
+ ret = KRB4ET_RD_AP_VERSION;
+ krb5_set_error_string(context, "Failed v4 pvno not 4");
goto error;
}
ret = krb5_ret_int8(sp, &type);
- if (ret)
+ if (ret) {
+ krb5_set_error_string(context, "Failed readin v4 type");
goto error;
+ }
little_endian = type & 1;
type &= ~1;
if(type != AUTH_MSG_APPL_REQUEST && type != AUTH_MSG_APPL_REQUEST_MUTUAL) {
- ret = EINVAL; /* RD_AP_MSG_TYPE */
+ ret = KRB4ET_RD_AP_MSG_TYPE;
+ krb5_set_error_string(context, "Not a valid v4 request type");
goto error;
}
@@ -801,7 +810,8 @@ _krb5_krb_rd_req(krb5_context context,
size = krb5_storage_read(sp, ticket.data, ticket.length);
if (size != ticket.length) {
- ret = EINVAL;
+ ret = KRB4ET_INTK_PROT;
+ krb5_set_error_string(context, "Failed reading v4 ticket");
goto error;
}
@@ -815,7 +825,8 @@ _krb5_krb_rd_req(krb5_context context,
size = krb5_storage_read(sp, eaut.data, eaut.length);
if (size != eaut.length) {
- ret = EINVAL;
+ ret = KRB4ET_INTK_PROT;
+ krb5_set_error_string(context, "Failed reading v4 authenticator");
goto error;
}
@@ -828,8 +839,8 @@ _krb5_krb_rd_req(krb5_context context,
sp = krb5_storage_from_data(&aut);
if (sp == NULL) {
- krb5_set_error_string(context, "alloc: out of memory");
ret = ENOMEM;
+ krb5_set_error_string(context, "alloc: out of memory");
goto error;
}
@@ -849,19 +860,22 @@ _krb5_krb_rd_req(krb5_context context,
if (strcmp(ad->pname, r_name) != 0 ||
strcmp(ad->pinst, r_instance) != 0 ||
strcmp(ad->prealm, r_realm) != 0) {
- ret = EINVAL; /* RD_AP_INCON */
+ krb5_set_error_string(context, "v4 principal mismatch");
+ ret = KRB4ET_RD_AP_INCON;
goto error;
}
- if (from_addr && from_addr != ad->address) {
- ret = EINVAL; /* RD_AP_BADD */
+ if (from_addr && ad->address && from_addr != ad->address) {
+ krb5_set_error_string(context, "v4 bad address in ticket");
+ ret = KRB4ET_RD_AP_BADD;
goto error;
}
gettimeofday(&tv, NULL);
delta_t = abs((int)(tv.tv_sec - r_time_sec));
if (delta_t > CLOCK_SKEW) {
- ret = EINVAL; /* RD_AP_TIME */
+ ret = KRB4ET_RD_AP_TIME;
+ krb5_set_error_string(context, "v4 clock skew");
goto error;
}
@@ -870,12 +884,14 @@ _krb5_krb_rd_req(krb5_context context,
tkt_age = tv.tv_sec - ad->time_sec;
if ((tkt_age < 0) && (-tkt_age > CLOCK_SKEW)) {
- ret = EINVAL; /* RD_AP_NYV */
+ ret = KRB4ET_RD_AP_NYV;
+ krb5_set_error_string(context, "v4 clock skew for expiration");
goto error;
}
if (tv.tv_sec > _krb5_krb_life_to_time(ad->time_sec, ad->life)) {
- ret = EINVAL; /* RD_AP_EXP */
+ ret = KRB4ET_RD_AP_EXP;
+ krb5_set_error_string(context, "v4 ticket expired");
goto error;
}
diff --git a/source4/heimdal/lib/ntlm/ntlm.c b/source4/heimdal/lib/ntlm/ntlm.c
index 1961c7fa22..671bf329e8 100644
--- a/source4/heimdal/lib/ntlm/ntlm.c
+++ b/source4/heimdal/lib/ntlm/ntlm.c
@@ -33,7 +33,7 @@
#include <config.h>
-RCSID("$Id: ntlm.c 21317 2007-06-25 19:22:02Z lha $");
+RCSID("$Id: ntlm.c 21604 2007-07-17 06:48:55Z lha $");
#include <stdio.h>
#include <stdlib.h>
@@ -1105,7 +1105,7 @@ heim_ntlm_verify_ntlm2(const void *key, size_t len,
HMAC_CTX_init(&c);
HMAC_Init_ex(&c, ntlmv2, 16, EVP_md5(), NULL);
HMAC_Update(&c, serverchallange, 8);
- HMAC_Update(&c, ((char *)answer->data) + 16, answer->length - 16);
+ HMAC_Update(&c, ((unsigned char *)answer->data) + 16, answer->length - 16);
HMAC_Final(&c, serveranswer, &hmaclen);
HMAC_CTX_cleanup(&c);
diff --git a/source4/heimdal_build/config.mk b/source4/heimdal_build/config.mk
index 73187c31dc..940d9cdb9c 100644
--- a/source4/heimdal_build/config.mk
+++ b/source4/heimdal_build/config.mk
@@ -259,7 +259,8 @@ OBJ_FILES = \
../heimdal/lib/krb5/warn.o \
../heimdal/lib/krb5/krb5_err.o \
../heimdal/lib/krb5/heim_err.o \
- ../heimdal/lib/krb5/k524_err.o
+ ../heimdal/lib/krb5/k524_err.o \
+ ../heimdal/lib/krb5/krb_err.o
# End SUBSYSTEM HEIMDAL_KRB5
#######################
@@ -568,10 +569,15 @@ include perl_path_wrapper.sh asn1_deps.pl heimdal/lib/asn1/CMS.asn1 cms_asn1 hei
include perl_path_wrapper.sh asn1_deps.pl heimdal/lib/hx509/ocsp.asn1 ocsp_asn1 heimdal/lib/hx509 --preserve-binary=OCSPTBSRequest --preserve-binary=OCSPResponseData|
include perl_path_wrapper.sh asn1_deps.pl heimdal/lib/asn1/kx509.asn1 kx509_asn1 heimdal/lib/asn1|
include perl_path_wrapper.sh asn1_deps.pl heimdal/lib/hx509/pkcs10.asn1 pkcs10_asn1 heimdal/lib/hx509 --preserve-binary=CertificationRequestInfo|
+
+#
+# Ensure to update ../static_deps.mk when you add a new entry here!
+#
include perl_path_wrapper.sh et_deps.pl heimdal/lib/asn1/asn1_err.et heimdal/lib/asn1|
include perl_path_wrapper.sh et_deps.pl heimdal/lib/hdb/hdb_err.et heimdal/lib/hdb|
include perl_path_wrapper.sh et_deps.pl heimdal/lib/krb5/heim_err.et heimdal/lib/krb5|
include perl_path_wrapper.sh et_deps.pl heimdal/lib/krb5/k524_err.et heimdal/lib/krb5|
+include perl_path_wrapper.sh et_deps.pl heimdal/lib/krb5/krb_err.et heimdal/lib/krb5|
include perl_path_wrapper.sh et_deps.pl heimdal/lib/krb5/krb5_err.et heimdal/lib/krb5|
include perl_path_wrapper.sh et_deps.pl heimdal/lib/gssapi/krb5/gkrb5_err.et heimdal/lib/gssapi|
include perl_path_wrapper.sh et_deps.pl heimdal/lib/hx509/hx509_err.et heimdal/lib/hx509|
diff --git a/source4/static_deps.mk b/source4/static_deps.mk
index 34bb1263c1..1c9173b32c 100644
--- a/source4/static_deps.mk
+++ b/source4/static_deps.mk
@@ -35,6 +35,7 @@ heimdal_basics: \
heimdal/lib/hdb/hdb_err.h \
heimdal/lib/krb5/heim_err.h \
heimdal/lib/krb5/k524_err.h \
+ heimdal/lib/krb5/krb_err.h \
heimdal/lib/krb5/krb5_err.h \
heimdal/lib/gssapi/gkrb5_err.h \
heimdal/lib/hx509/hx509_err.h