diff options
Diffstat (limited to 'source4/heimdal/lib/krb5')
-rw-r--r-- | source4/heimdal/lib/krb5/changepw.c | 20 | ||||
-rw-r--r-- | source4/heimdal/lib/krb5/crypto.c | 136 | ||||
-rw-r--r-- | source4/heimdal/lib/krb5/kcm.c | 9 | ||||
-rw-r--r-- | source4/heimdal/lib/krb5/krb5-private.h | 8 | ||||
-rw-r--r-- | source4/heimdal/lib/krb5/krb5-protos.h | 17 | ||||
-rwxr-xr-x | source4/heimdal/lib/krb5/pkinit.c | 15 |
6 files changed, 101 insertions, 104 deletions
diff --git a/source4/heimdal/lib/krb5/changepw.c b/source4/heimdal/lib/krb5/changepw.c index e6ef1d9d9b..c3cd6d4db9 100644 --- a/source4/heimdal/lib/krb5/changepw.c +++ b/source4/heimdal/lib/krb5/changepw.c @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: changepw.c,v 1.53 2005/05/25 05:30:42 lha Exp $"); +RCSID("$Id: changepw.c,v 1.54 2005/09/08 11:38:01 lha Exp $"); static void str2data (krb5_data *d, @@ -67,7 +67,7 @@ chgpw_send_request (krb5_context context, krb5_principal targprinc, int is_stream, int sock, - char *passwd, + const char *passwd, const char *host) { krb5_error_code ret; @@ -98,7 +98,7 @@ chgpw_send_request (krb5_context context, if (ret) return ret; - passwd_data.data = passwd; + passwd_data.data = rk_UNCONST(passwd); passwd_data.length = strlen(passwd); krb5_data_zero (&krb_priv_data); @@ -160,7 +160,7 @@ setpw_send_request (krb5_context context, krb5_principal targprinc, int is_stream, int sock, - char *passwd, + const char *passwd, const char *host) { krb5_error_code ret; @@ -186,7 +186,7 @@ setpw_send_request (krb5_context context, return ret; chpw.newpasswd.length = strlen(passwd); - chpw.newpasswd.data = passwd; + chpw.newpasswd.data = rk_UNCONST(passwd); if (targprinc) { chpw.targname = &targprinc->name; chpw.targrealm = &targprinc->realm; @@ -456,7 +456,7 @@ typedef krb5_error_code (*kpwd_send_request) (krb5_context, krb5_principal, int, int, - char *, + const char *, const char *); typedef krb5_error_code (*kpwd_process_reply) (krb5_context, krb5_auth_context, @@ -509,7 +509,7 @@ static krb5_error_code change_password_loop (krb5_context context, krb5_creds *creds, krb5_principal targprinc, - char *newpw, + const char *newpw, int *result_code, krb5_data *result_code_string, krb5_data *result_string, @@ -663,7 +663,7 @@ change_password_loop (krb5_context context, krb5_error_code KRB5_LIB_FUNCTION krb5_change_password (krb5_context context, krb5_creds *creds, - char *newpw, + const char *newpw, int *result_code, krb5_data *result_code_string, krb5_data *result_string) @@ -689,7 +689,7 @@ krb5_change_password (krb5_context context, krb5_error_code KRB5_LIB_FUNCTION krb5_set_password(krb5_context context, krb5_creds *creds, - char *newpw, + const char *newpw, krb5_principal targprinc, int *result_code, krb5_data *result_code_string, @@ -732,7 +732,7 @@ krb5_set_password(krb5_context context, krb5_error_code KRB5_LIB_FUNCTION krb5_set_password_using_ccache(krb5_context context, krb5_ccache ccache, - char *newpw, + const char *newpw, krb5_principal targprinc, int *result_code, krb5_data *result_code_string, diff --git a/source4/heimdal/lib/krb5/crypto.c b/source4/heimdal/lib/krb5/crypto.c index 1c3e8d2a10..2e23306c96 100644 --- a/source4/heimdal/lib/krb5/crypto.c +++ b/source4/heimdal/lib/krb5/crypto.c @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: crypto.c,v 1.128 2005/07/20 07:22:43 lha Exp $"); +RCSID("$Id: crypto.c,v 1.129 2005/09/19 22:13:54 lha Exp $"); #undef CRYPTO_DEBUG #ifdef CRYPTO_DEBUG @@ -188,68 +188,6 @@ krb5_DES_schedule(krb5_context context, DES_set_key(key->key->keyvalue.data, key->schedule->data); } -static void -DES_string_to_key_int(unsigned char *data, size_t length, DES_cblock *key) -{ - DES_key_schedule schedule; - int i; - int reverse = 0; - unsigned char *p; - - unsigned char swap[] = { 0x0, 0x8, 0x4, 0xc, 0x2, 0xa, 0x6, 0xe, - 0x1, 0x9, 0x5, 0xd, 0x3, 0xb, 0x7, 0xf }; - memset(key, 0, 8); - - p = (unsigned char*)key; - for (i = 0; i < length; i++) { - unsigned char tmp = data[i]; - if (!reverse) - *p++ ^= (tmp << 1); - else - *--p ^= (swap[tmp & 0xf] << 4) | swap[(tmp & 0xf0) >> 4]; - if((i % 8) == 7) - reverse = !reverse; - } - DES_set_odd_parity(key); - if(DES_is_weak_key(key)) - (*key)[7] ^= 0xF0; - DES_set_key(key, &schedule); - DES_cbc_cksum((void*)data, key, length, &schedule, key); - memset(&schedule, 0, sizeof(schedule)); - DES_set_odd_parity(key); - if(DES_is_weak_key(key)) - (*key)[7] ^= 0xF0; -} - -static krb5_error_code -krb5_DES_string_to_key(krb5_context context, - krb5_enctype enctype, - krb5_data password, - krb5_salt salt, - krb5_data opaque, - krb5_keyblock *key) -{ - unsigned char *s; - size_t len; - DES_cblock tmp; - - len = password.length + salt.saltvalue.length; - s = malloc(len); - if(len > 0 && s == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - memcpy(s, password.data, password.length); - memcpy(s + password.length, salt.saltvalue.data, salt.saltvalue.length); - DES_string_to_key_int(s, len, &tmp); - key->keytype = enctype; - krb5_data_copy(&key->keyvalue, tmp, sizeof(tmp)); - memset(&tmp, 0, sizeof(tmp)); - memset(s, 0, len); - free(s); - return 0; -} - #ifdef ENABLE_AFS_STRING_TO_KEY /* This defines the Andrew string_to_key function. It accepts a password @@ -350,6 +288,78 @@ DES_AFS3_string_to_key(krb5_context context, #endif /* ENABLE_AFS_STRING_TO_KEY */ static void +DES_string_to_key_int(unsigned char *data, size_t length, DES_cblock *key) +{ + DES_key_schedule schedule; + int i; + int reverse = 0; + unsigned char *p; + + unsigned char swap[] = { 0x0, 0x8, 0x4, 0xc, 0x2, 0xa, 0x6, 0xe, + 0x1, 0x9, 0x5, 0xd, 0x3, 0xb, 0x7, 0xf }; + memset(key, 0, 8); + + p = (unsigned char*)key; + for (i = 0; i < length; i++) { + unsigned char tmp = data[i]; + if (!reverse) + *p++ ^= (tmp << 1); + else + *--p ^= (swap[tmp & 0xf] << 4) | swap[(tmp & 0xf0) >> 4]; + if((i % 8) == 7) + reverse = !reverse; + } + DES_set_odd_parity(key); + if(DES_is_weak_key(key)) + (*key)[7] ^= 0xF0; + DES_set_key(key, &schedule); + DES_cbc_cksum((void*)data, key, length, &schedule, key); + memset(&schedule, 0, sizeof(schedule)); + DES_set_odd_parity(key); + if(DES_is_weak_key(key)) + (*key)[7] ^= 0xF0; +} + +static krb5_error_code +krb5_DES_string_to_key(krb5_context context, + krb5_enctype enctype, + krb5_data password, + krb5_salt salt, + krb5_data opaque, + krb5_keyblock *key) +{ + unsigned char *s; + size_t len; + DES_cblock tmp; + +#ifdef ENABLE_AFS_STRING_TO_KEY + if (opaque.length == 1) { + unsigned long v; + _krb5_get_int(opaque.data, &v, 1); + if (v == 1) + return DES_AFS3_string_to_key(context, enctype, password, + salt, opaque, key); + } +#endif + + len = password.length + salt.saltvalue.length; + s = malloc(len); + if(len > 0 && s == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + memcpy(s, password.data, password.length); + memcpy(s + password.length, salt.saltvalue.data, salt.saltvalue.length); + DES_string_to_key_int(s, len, &tmp); + key->keytype = enctype; + krb5_data_copy(&key->keyvalue, tmp, sizeof(tmp)); + memset(&tmp, 0, sizeof(tmp)); + memset(s, 0, len); + free(s); + return 0; +} + +static void krb5_DES_random_to_key(krb5_context context, krb5_keyblock *key, const void *data, diff --git a/source4/heimdal/lib/krb5/kcm.c b/source4/heimdal/lib/krb5/kcm.c index b7873f33d5..f4372422ac 100644 --- a/source4/heimdal/lib/krb5/kcm.c +++ b/source4/heimdal/lib/krb5/kcm.c @@ -43,7 +43,7 @@ #include "kcm.h" -RCSID("$Id: kcm.c,v 1.7 2005/06/17 04:20:11 lha Exp $"); +RCSID("$Id: kcm.c,v 1.8 2005/09/19 20:23:05 lha Exp $"); typedef struct krb5_kcmcache { char *name; @@ -246,7 +246,8 @@ kcm_call(krb5_context context, krb5_data *response_data_p) { krb5_data response_data; - krb5_error_code ret, status; + krb5_error_code ret; + int32_t status; krb5_storage *response; if (response_p != NULL) @@ -605,7 +606,7 @@ kcm_get_first (krb5_context context, krb5_kcmcache *k = KCMCACHE(id); krb5_storage *request, *response; krb5_data response_data; - u_int32_t tmp; + int32_t tmp; ret = kcm_storage_request(context, KCM_OP_GET_FIRST, &request); if (ret) @@ -624,7 +625,7 @@ kcm_get_first (krb5_context context, } ret = krb5_ret_int32(response, &tmp); - if (ret) + if (ret || tmp < 0) ret = KRB5_CC_IO; krb5_storage_free(request); diff --git a/source4/heimdal/lib/krb5/krb5-private.h b/source4/heimdal/lib/krb5/krb5-private.h index 8e2ebcf43e..ef47bd1e26 100644 --- a/source4/heimdal/lib/krb5/krb5-private.h +++ b/source4/heimdal/lib/krb5/krb5-private.h @@ -340,14 +340,6 @@ _krb5_put_int ( unsigned long /*value*/, size_t /*size*/); -krb5_error_code KRB5_LIB_FUNCTION -_krb5_rd_rep_type ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - const krb5_data */*inbuf*/, - krb5_ap_rep_enc_part **/*repl*/, - krb5_boolean /*dce_style_response*/); - int _krb5_send_and_recv_tcp ( int /*fd*/, diff --git a/source4/heimdal/lib/krb5/krb5-protos.h b/source4/heimdal/lib/krb5/krb5-protos.h index 97f286b83e..8db553e6e3 100644 --- a/source4/heimdal/lib/krb5/krb5-protos.h +++ b/source4/heimdal/lib/krb5/krb5-protos.h @@ -20,15 +20,6 @@ extern "C" { #endif #endif -void -initialize_heim_error_table_r (struct et_list **/*list*/); - -void -initialize_k524_error_table_r (struct et_list **/*list*/); - -void -initialize_krb5_error_table_r (struct et_list **/*list*/); - krb5_error_code KRB5_LIB_FUNCTION krb524_convert_creds_kdc ( krb5_context /*context*/, @@ -706,7 +697,7 @@ krb5_error_code KRB5_LIB_FUNCTION krb5_change_password ( krb5_context /*context*/, krb5_creds */*creds*/, - char */*newpw*/, + const char */*newpw*/, int */*result_code*/, krb5_data */*result_code_string*/, krb5_data */*result_string*/); @@ -2629,7 +2620,7 @@ krb5_rd_req_return_keyblock ( krb5_keytab /*keytab*/, krb5_flags */*ap_req_options*/, krb5_ticket **/*ticket*/, - krb5_keyblock **/*keyblock*/); + krb5_keyblock **/*return_keyblock*/); krb5_error_code KRB5_LIB_FUNCTION krb5_rd_req_with_keyblock ( @@ -2854,7 +2845,7 @@ krb5_error_code KRB5_LIB_FUNCTION krb5_set_password ( krb5_context /*context*/, krb5_creds */*creds*/, - char */*newpw*/, + const char */*newpw*/, krb5_principal /*targprinc*/, int */*result_code*/, krb5_data */*result_code_string*/, @@ -2864,7 +2855,7 @@ krb5_error_code KRB5_LIB_FUNCTION krb5_set_password_using_ccache ( krb5_context /*context*/, krb5_ccache /*ccache*/, - char */*newpw*/, + const char */*newpw*/, krb5_principal /*targprinc*/, int */*result_code*/, krb5_data */*result_code_string*/, diff --git a/source4/heimdal/lib/krb5/pkinit.c b/source4/heimdal/lib/krb5/pkinit.c index 69f72d7b88..7ac1436f6e 100755 --- a/source4/heimdal/lib/krb5/pkinit.c +++ b/source4/heimdal/lib/krb5/pkinit.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: pkinit.c,v 1.59 2005/08/12 08:53:00 lha Exp $"); +RCSID("$Id: pkinit.c,v 1.62 2005/09/20 23:21:36 lha Exp $"); #ifdef PKINIT @@ -867,10 +867,11 @@ _krb5_pk_mk_padata(krb5_context context, if (ret) goto out; } else { +#if 0 ret = pk_mk_padata(context, COMPAT_19, ctx, req_body, nonce, md); if (ret) goto out; - +#endif ret = pk_mk_padata(context, COMPAT_27, ctx, req_body, nonce, md); if (ret) goto out; @@ -1143,7 +1144,7 @@ _krb5_pk_verify_sign(krb5_context context, EVP_PKEY *public_key; krb5_error_code ret; EVP_MD_CTX md; - X509 *cert; + X509 *cert = NULL; SignedData sd; size_t size; @@ -1187,7 +1188,6 @@ _krb5_pk_verify_sign(krb5_context context, set.len = sd.certificates->len; ret = cert_to_X509(context, &set, &certificates); - free_CertificateSet(&set); } if (ret) { krb5_set_error_string(context, @@ -1860,10 +1860,13 @@ _krb5_pk_rd_pa_reply(krb5_context context, return ret; default: free_PA_PK_AS_REP(&rep); - krb5_set_error_string(context, "PKINIT: -25 reply " + krb5_set_error_string(context, "PKINIT: -27 reply " "invalid content type"); + ret = EINVAL; break; } + if (ret == 0) + return ret; } /* Check for PK-INIT -19 */ @@ -1911,7 +1914,7 @@ _krb5_pk_rd_pa_reply(krb5_context context, &w2krep, &size); if (ret) { - krb5_set_error_string(context, "PKINIT: Failed decoding windows" + krb5_set_error_string(context, "PKINIT: Failed decoding windows " "pkinit reply %d", ret); return ret; } |