summaryrefslogtreecommitdiff
path: root/source4/heimdal/lib/krb5
diff options
context:
space:
mode:
Diffstat (limited to 'source4/heimdal/lib/krb5')
-rw-r--r--source4/heimdal/lib/krb5/changepw.c20
-rw-r--r--source4/heimdal/lib/krb5/crypto.c136
-rw-r--r--source4/heimdal/lib/krb5/kcm.c9
-rw-r--r--source4/heimdal/lib/krb5/krb5-private.h8
-rw-r--r--source4/heimdal/lib/krb5/krb5-protos.h17
-rwxr-xr-xsource4/heimdal/lib/krb5/pkinit.c15
6 files changed, 101 insertions, 104 deletions
diff --git a/source4/heimdal/lib/krb5/changepw.c b/source4/heimdal/lib/krb5/changepw.c
index e6ef1d9d9b..c3cd6d4db9 100644
--- a/source4/heimdal/lib/krb5/changepw.c
+++ b/source4/heimdal/lib/krb5/changepw.c
@@ -33,7 +33,7 @@
#include <krb5_locl.h>
-RCSID("$Id: changepw.c,v 1.53 2005/05/25 05:30:42 lha Exp $");
+RCSID("$Id: changepw.c,v 1.54 2005/09/08 11:38:01 lha Exp $");
static void
str2data (krb5_data *d,
@@ -67,7 +67,7 @@ chgpw_send_request (krb5_context context,
krb5_principal targprinc,
int is_stream,
int sock,
- char *passwd,
+ const char *passwd,
const char *host)
{
krb5_error_code ret;
@@ -98,7 +98,7 @@ chgpw_send_request (krb5_context context,
if (ret)
return ret;
- passwd_data.data = passwd;
+ passwd_data.data = rk_UNCONST(passwd);
passwd_data.length = strlen(passwd);
krb5_data_zero (&krb_priv_data);
@@ -160,7 +160,7 @@ setpw_send_request (krb5_context context,
krb5_principal targprinc,
int is_stream,
int sock,
- char *passwd,
+ const char *passwd,
const char *host)
{
krb5_error_code ret;
@@ -186,7 +186,7 @@ setpw_send_request (krb5_context context,
return ret;
chpw.newpasswd.length = strlen(passwd);
- chpw.newpasswd.data = passwd;
+ chpw.newpasswd.data = rk_UNCONST(passwd);
if (targprinc) {
chpw.targname = &targprinc->name;
chpw.targrealm = &targprinc->realm;
@@ -456,7 +456,7 @@ typedef krb5_error_code (*kpwd_send_request) (krb5_context,
krb5_principal,
int,
int,
- char *,
+ const char *,
const char *);
typedef krb5_error_code (*kpwd_process_reply) (krb5_context,
krb5_auth_context,
@@ -509,7 +509,7 @@ static krb5_error_code
change_password_loop (krb5_context context,
krb5_creds *creds,
krb5_principal targprinc,
- char *newpw,
+ const char *newpw,
int *result_code,
krb5_data *result_code_string,
krb5_data *result_string,
@@ -663,7 +663,7 @@ change_password_loop (krb5_context context,
krb5_error_code KRB5_LIB_FUNCTION
krb5_change_password (krb5_context context,
krb5_creds *creds,
- char *newpw,
+ const char *newpw,
int *result_code,
krb5_data *result_code_string,
krb5_data *result_string)
@@ -689,7 +689,7 @@ krb5_change_password (krb5_context context,
krb5_error_code KRB5_LIB_FUNCTION
krb5_set_password(krb5_context context,
krb5_creds *creds,
- char *newpw,
+ const char *newpw,
krb5_principal targprinc,
int *result_code,
krb5_data *result_code_string,
@@ -732,7 +732,7 @@ krb5_set_password(krb5_context context,
krb5_error_code KRB5_LIB_FUNCTION
krb5_set_password_using_ccache(krb5_context context,
krb5_ccache ccache,
- char *newpw,
+ const char *newpw,
krb5_principal targprinc,
int *result_code,
krb5_data *result_code_string,
diff --git a/source4/heimdal/lib/krb5/crypto.c b/source4/heimdal/lib/krb5/crypto.c
index 1c3e8d2a10..2e23306c96 100644
--- a/source4/heimdal/lib/krb5/crypto.c
+++ b/source4/heimdal/lib/krb5/crypto.c
@@ -32,7 +32,7 @@
*/
#include "krb5_locl.h"
-RCSID("$Id: crypto.c,v 1.128 2005/07/20 07:22:43 lha Exp $");
+RCSID("$Id: crypto.c,v 1.129 2005/09/19 22:13:54 lha Exp $");
#undef CRYPTO_DEBUG
#ifdef CRYPTO_DEBUG
@@ -188,68 +188,6 @@ krb5_DES_schedule(krb5_context context,
DES_set_key(key->key->keyvalue.data, key->schedule->data);
}
-static void
-DES_string_to_key_int(unsigned char *data, size_t length, DES_cblock *key)
-{
- DES_key_schedule schedule;
- int i;
- int reverse = 0;
- unsigned char *p;
-
- unsigned char swap[] = { 0x0, 0x8, 0x4, 0xc, 0x2, 0xa, 0x6, 0xe,
- 0x1, 0x9, 0x5, 0xd, 0x3, 0xb, 0x7, 0xf };
- memset(key, 0, 8);
-
- p = (unsigned char*)key;
- for (i = 0; i < length; i++) {
- unsigned char tmp = data[i];
- if (!reverse)
- *p++ ^= (tmp << 1);
- else
- *--p ^= (swap[tmp & 0xf] << 4) | swap[(tmp & 0xf0) >> 4];
- if((i % 8) == 7)
- reverse = !reverse;
- }
- DES_set_odd_parity(key);
- if(DES_is_weak_key(key))
- (*key)[7] ^= 0xF0;
- DES_set_key(key, &schedule);
- DES_cbc_cksum((void*)data, key, length, &schedule, key);
- memset(&schedule, 0, sizeof(schedule));
- DES_set_odd_parity(key);
- if(DES_is_weak_key(key))
- (*key)[7] ^= 0xF0;
-}
-
-static krb5_error_code
-krb5_DES_string_to_key(krb5_context context,
- krb5_enctype enctype,
- krb5_data password,
- krb5_salt salt,
- krb5_data opaque,
- krb5_keyblock *key)
-{
- unsigned char *s;
- size_t len;
- DES_cblock tmp;
-
- len = password.length + salt.saltvalue.length;
- s = malloc(len);
- if(len > 0 && s == NULL) {
- krb5_set_error_string(context, "malloc: out of memory");
- return ENOMEM;
- }
- memcpy(s, password.data, password.length);
- memcpy(s + password.length, salt.saltvalue.data, salt.saltvalue.length);
- DES_string_to_key_int(s, len, &tmp);
- key->keytype = enctype;
- krb5_data_copy(&key->keyvalue, tmp, sizeof(tmp));
- memset(&tmp, 0, sizeof(tmp));
- memset(s, 0, len);
- free(s);
- return 0;
-}
-
#ifdef ENABLE_AFS_STRING_TO_KEY
/* This defines the Andrew string_to_key function. It accepts a password
@@ -350,6 +288,78 @@ DES_AFS3_string_to_key(krb5_context context,
#endif /* ENABLE_AFS_STRING_TO_KEY */
static void
+DES_string_to_key_int(unsigned char *data, size_t length, DES_cblock *key)
+{
+ DES_key_schedule schedule;
+ int i;
+ int reverse = 0;
+ unsigned char *p;
+
+ unsigned char swap[] = { 0x0, 0x8, 0x4, 0xc, 0x2, 0xa, 0x6, 0xe,
+ 0x1, 0x9, 0x5, 0xd, 0x3, 0xb, 0x7, 0xf };
+ memset(key, 0, 8);
+
+ p = (unsigned char*)key;
+ for (i = 0; i < length; i++) {
+ unsigned char tmp = data[i];
+ if (!reverse)
+ *p++ ^= (tmp << 1);
+ else
+ *--p ^= (swap[tmp & 0xf] << 4) | swap[(tmp & 0xf0) >> 4];
+ if((i % 8) == 7)
+ reverse = !reverse;
+ }
+ DES_set_odd_parity(key);
+ if(DES_is_weak_key(key))
+ (*key)[7] ^= 0xF0;
+ DES_set_key(key, &schedule);
+ DES_cbc_cksum((void*)data, key, length, &schedule, key);
+ memset(&schedule, 0, sizeof(schedule));
+ DES_set_odd_parity(key);
+ if(DES_is_weak_key(key))
+ (*key)[7] ^= 0xF0;
+}
+
+static krb5_error_code
+krb5_DES_string_to_key(krb5_context context,
+ krb5_enctype enctype,
+ krb5_data password,
+ krb5_salt salt,
+ krb5_data opaque,
+ krb5_keyblock *key)
+{
+ unsigned char *s;
+ size_t len;
+ DES_cblock tmp;
+
+#ifdef ENABLE_AFS_STRING_TO_KEY
+ if (opaque.length == 1) {
+ unsigned long v;
+ _krb5_get_int(opaque.data, &v, 1);
+ if (v == 1)
+ return DES_AFS3_string_to_key(context, enctype, password,
+ salt, opaque, key);
+ }
+#endif
+
+ len = password.length + salt.saltvalue.length;
+ s = malloc(len);
+ if(len > 0 && s == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ memcpy(s, password.data, password.length);
+ memcpy(s + password.length, salt.saltvalue.data, salt.saltvalue.length);
+ DES_string_to_key_int(s, len, &tmp);
+ key->keytype = enctype;
+ krb5_data_copy(&key->keyvalue, tmp, sizeof(tmp));
+ memset(&tmp, 0, sizeof(tmp));
+ memset(s, 0, len);
+ free(s);
+ return 0;
+}
+
+static void
krb5_DES_random_to_key(krb5_context context,
krb5_keyblock *key,
const void *data,
diff --git a/source4/heimdal/lib/krb5/kcm.c b/source4/heimdal/lib/krb5/kcm.c
index b7873f33d5..f4372422ac 100644
--- a/source4/heimdal/lib/krb5/kcm.c
+++ b/source4/heimdal/lib/krb5/kcm.c
@@ -43,7 +43,7 @@
#include "kcm.h"
-RCSID("$Id: kcm.c,v 1.7 2005/06/17 04:20:11 lha Exp $");
+RCSID("$Id: kcm.c,v 1.8 2005/09/19 20:23:05 lha Exp $");
typedef struct krb5_kcmcache {
char *name;
@@ -246,7 +246,8 @@ kcm_call(krb5_context context,
krb5_data *response_data_p)
{
krb5_data response_data;
- krb5_error_code ret, status;
+ krb5_error_code ret;
+ int32_t status;
krb5_storage *response;
if (response_p != NULL)
@@ -605,7 +606,7 @@ kcm_get_first (krb5_context context,
krb5_kcmcache *k = KCMCACHE(id);
krb5_storage *request, *response;
krb5_data response_data;
- u_int32_t tmp;
+ int32_t tmp;
ret = kcm_storage_request(context, KCM_OP_GET_FIRST, &request);
if (ret)
@@ -624,7 +625,7 @@ kcm_get_first (krb5_context context,
}
ret = krb5_ret_int32(response, &tmp);
- if (ret)
+ if (ret || tmp < 0)
ret = KRB5_CC_IO;
krb5_storage_free(request);
diff --git a/source4/heimdal/lib/krb5/krb5-private.h b/source4/heimdal/lib/krb5/krb5-private.h
index 8e2ebcf43e..ef47bd1e26 100644
--- a/source4/heimdal/lib/krb5/krb5-private.h
+++ b/source4/heimdal/lib/krb5/krb5-private.h
@@ -340,14 +340,6 @@ _krb5_put_int (
unsigned long /*value*/,
size_t /*size*/);
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_rd_rep_type (
- krb5_context /*context*/,
- krb5_auth_context /*auth_context*/,
- const krb5_data */*inbuf*/,
- krb5_ap_rep_enc_part **/*repl*/,
- krb5_boolean /*dce_style_response*/);
-
int
_krb5_send_and_recv_tcp (
int /*fd*/,
diff --git a/source4/heimdal/lib/krb5/krb5-protos.h b/source4/heimdal/lib/krb5/krb5-protos.h
index 97f286b83e..8db553e6e3 100644
--- a/source4/heimdal/lib/krb5/krb5-protos.h
+++ b/source4/heimdal/lib/krb5/krb5-protos.h
@@ -20,15 +20,6 @@ extern "C" {
#endif
#endif
-void
-initialize_heim_error_table_r (struct et_list **/*list*/);
-
-void
-initialize_k524_error_table_r (struct et_list **/*list*/);
-
-void
-initialize_krb5_error_table_r (struct et_list **/*list*/);
-
krb5_error_code KRB5_LIB_FUNCTION
krb524_convert_creds_kdc (
krb5_context /*context*/,
@@ -706,7 +697,7 @@ krb5_error_code KRB5_LIB_FUNCTION
krb5_change_password (
krb5_context /*context*/,
krb5_creds */*creds*/,
- char */*newpw*/,
+ const char */*newpw*/,
int */*result_code*/,
krb5_data */*result_code_string*/,
krb5_data */*result_string*/);
@@ -2629,7 +2620,7 @@ krb5_rd_req_return_keyblock (
krb5_keytab /*keytab*/,
krb5_flags */*ap_req_options*/,
krb5_ticket **/*ticket*/,
- krb5_keyblock **/*keyblock*/);
+ krb5_keyblock **/*return_keyblock*/);
krb5_error_code KRB5_LIB_FUNCTION
krb5_rd_req_with_keyblock (
@@ -2854,7 +2845,7 @@ krb5_error_code KRB5_LIB_FUNCTION
krb5_set_password (
krb5_context /*context*/,
krb5_creds */*creds*/,
- char */*newpw*/,
+ const char */*newpw*/,
krb5_principal /*targprinc*/,
int */*result_code*/,
krb5_data */*result_code_string*/,
@@ -2864,7 +2855,7 @@ krb5_error_code KRB5_LIB_FUNCTION
krb5_set_password_using_ccache (
krb5_context /*context*/,
krb5_ccache /*ccache*/,
- char */*newpw*/,
+ const char */*newpw*/,
krb5_principal /*targprinc*/,
int */*result_code*/,
krb5_data */*result_code_string*/,
diff --git a/source4/heimdal/lib/krb5/pkinit.c b/source4/heimdal/lib/krb5/pkinit.c
index 69f72d7b88..7ac1436f6e 100755
--- a/source4/heimdal/lib/krb5/pkinit.c
+++ b/source4/heimdal/lib/krb5/pkinit.c
@@ -33,7 +33,7 @@
#include "krb5_locl.h"
-RCSID("$Id: pkinit.c,v 1.59 2005/08/12 08:53:00 lha Exp $");
+RCSID("$Id: pkinit.c,v 1.62 2005/09/20 23:21:36 lha Exp $");
#ifdef PKINIT
@@ -867,10 +867,11 @@ _krb5_pk_mk_padata(krb5_context context,
if (ret)
goto out;
} else {
+#if 0
ret = pk_mk_padata(context, COMPAT_19, ctx, req_body, nonce, md);
if (ret)
goto out;
-
+#endif
ret = pk_mk_padata(context, COMPAT_27, ctx, req_body, nonce, md);
if (ret)
goto out;
@@ -1143,7 +1144,7 @@ _krb5_pk_verify_sign(krb5_context context,
EVP_PKEY *public_key;
krb5_error_code ret;
EVP_MD_CTX md;
- X509 *cert;
+ X509 *cert = NULL;
SignedData sd;
size_t size;
@@ -1187,7 +1188,6 @@ _krb5_pk_verify_sign(krb5_context context,
set.len = sd.certificates->len;
ret = cert_to_X509(context, &set, &certificates);
- free_CertificateSet(&set);
}
if (ret) {
krb5_set_error_string(context,
@@ -1860,10 +1860,13 @@ _krb5_pk_rd_pa_reply(krb5_context context,
return ret;
default:
free_PA_PK_AS_REP(&rep);
- krb5_set_error_string(context, "PKINIT: -25 reply "
+ krb5_set_error_string(context, "PKINIT: -27 reply "
"invalid content type");
+ ret = EINVAL;
break;
}
+ if (ret == 0)
+ return ret;
}
/* Check for PK-INIT -19 */
@@ -1911,7 +1914,7 @@ _krb5_pk_rd_pa_reply(krb5_context context,
&w2krep,
&size);
if (ret) {
- krb5_set_error_string(context, "PKINIT: Failed decoding windows"
+ krb5_set_error_string(context, "PKINIT: Failed decoding windows "
"pkinit reply %d", ret);
return ret;
}