summaryrefslogtreecommitdiff
path: root/source4/heimdal
diff options
context:
space:
mode:
Diffstat (limited to 'source4/heimdal')
-rw-r--r--source4/heimdal/cf/resolv.m421
-rw-r--r--source4/heimdal/kdc/kerberos5.c24
-rwxr-xr-xsource4/heimdal/kdc/pkinit.c110
-rw-r--r--source4/heimdal/lib/asn1/gen_decode.c12
-rw-r--r--source4/heimdal/lib/asn1/lex.c254
-rw-r--r--source4/heimdal/lib/asn1/lex.l230
-rw-r--r--source4/heimdal/lib/asn1/pkcs8.asn14
-rw-r--r--source4/heimdal/lib/com_err/parse.c209
-rw-r--r--source4/heimdal/lib/com_err/parse.h6
-rwxr-xr-xsource4/heimdal/lib/gssapi/cfx.c2
-rw-r--r--source4/heimdal/lib/hdb/hdb-protos.h359
-rw-r--r--source4/heimdal/lib/krb5/changepw.c20
-rw-r--r--source4/heimdal/lib/krb5/crypto.c136
-rw-r--r--source4/heimdal/lib/krb5/kcm.c9
-rw-r--r--source4/heimdal/lib/krb5/krb5-private.h8
-rw-r--r--source4/heimdal/lib/krb5/krb5-protos.h17
-rwxr-xr-xsource4/heimdal/lib/krb5/pkinit.c15
17 files changed, 570 insertions, 866 deletions
diff --git a/source4/heimdal/cf/resolv.m4 b/source4/heimdal/cf/resolv.m4
index 81a7a143f9..20e85a8400 100644
--- a/source4/heimdal/cf/resolv.m4
+++ b/source4/heimdal/cf/resolv.m4
@@ -1,10 +1,13 @@
-dnl stuff used by DNS resolv code
+dnl stuff used by DNS resolv code in roken
+dnl
+dnl $Id: resolv.m4,v 1.1 2005/09/02 10:17:38 lha Exp $
+dnl
-AC_DEFUN([rk_RESOLV], [
+AC_DEFUN([rk_RESOLV],[
- AC_CHECK_HEADERS(arpa/nameser.h)
+AC_CHECK_HEADERS([arpa/nameser.h])
- AC_CHECK_HEADERS(resolv.h, , , [AC_INCLUDES_DEFAULT
+AC_CHECK_HEADERS(resolv.h, , , [AC_INCLUDES_DEFAULT
#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
@@ -16,7 +19,7 @@ AC_DEFUN([rk_RESOLV], [
#endif
])
- AC_FIND_FUNC(res_search, resolv,
+AC_FIND_FUNC(res_search, resolv,
[
#include <stdio.h>
#ifdef HAVE_SYS_TYPES_H
@@ -34,7 +37,7 @@ AC_DEFUN([rk_RESOLV], [
],
[0,0,0,0,0])
- AC_FIND_FUNC(res_nsearch, resolv,
+AC_FIND_FUNC(res_nsearch, resolv,
[
#include <stdio.h>
#ifdef HAVE_SYS_TYPES_H
@@ -52,7 +55,7 @@ AC_DEFUN([rk_RESOLV], [
],
[0,0,0,0,0,0])
- AC_FIND_FUNC(res_ndestroy, resolv,
+AC_FIND_FUNC(res_ndestroy, resolv,
[
#include <stdio.h>
#ifdef HAVE_SYS_TYPES_H
@@ -70,7 +73,7 @@ AC_DEFUN([rk_RESOLV], [
],
[0])
- AC_FIND_FUNC(dn_expand, resolv,
+AC_FIND_FUNC(dn_expand, resolv,
[
#include <stdio.h>
#ifdef HAVE_SYS_TYPES_H
@@ -88,7 +91,7 @@ AC_DEFUN([rk_RESOLV], [
],
[0,0,0,0,0])
- rk_CHECK_VAR(_res,
+rk_CHECK_VAR(_res,
[#include <stdio.h>
#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c
index 2cbb5831d4..3191ab19b7 100644
--- a/source4/heimdal/kdc/kerberos5.c
+++ b/source4/heimdal/kdc/kerberos5.c
@@ -483,8 +483,8 @@ make_etype_info2_entry(ETYPE_INFO2_ENTRY *ent, Key *key)
ent->s2kparams = NULL;
switch (key->key.keytype) {
- case KEYTYPE_AES128:
- case KEYTYPE_AES256:
+ case ETYPE_AES128_CTS_HMAC_SHA1_96:
+ case ETYPE_AES256_CTS_HMAC_SHA1_96:
ALLOC(ent->s2kparams);
if (ent->s2kparams == NULL)
return ENOMEM;
@@ -499,6 +499,26 @@ make_etype_info2_entry(ETYPE_INFO2_ENTRY *ent, Key *key)
_krb5_AES_string_to_default_iterator,
ent->s2kparams->length);
break;
+ case ETYPE_DES_CBC_CRC:
+ case ETYPE_DES_CBC_MD4:
+ case ETYPE_DES_CBC_MD5:
+ /* Check if this was a AFS3 salted key */
+ if(key->salt && key->salt->type == hdb_afs3_salt){
+ ALLOC(ent->s2kparams);
+ if (ent->s2kparams == NULL)
+ return ENOMEM;
+ ent->s2kparams->length = 1;
+ ent->s2kparams->data = malloc(ent->s2kparams->length);
+ if (ent->s2kparams->data == NULL) {
+ free(ent->s2kparams);
+ ent->s2kparams = NULL;
+ return ENOMEM;
+ }
+ _krb5_put_int(ent->s2kparams->data,
+ 1,
+ ent->s2kparams->length);
+ }
+ break;
default:
break;
}
diff --git a/source4/heimdal/kdc/pkinit.c b/source4/heimdal/kdc/pkinit.c
index fdeaf27ac4..985c7c15e4 100755
--- a/source4/heimdal/kdc/pkinit.c
+++ b/source4/heimdal/kdc/pkinit.c
@@ -33,7 +33,7 @@
#include "kdc_locl.h"
-RCSID("$Id: pkinit.c,v 1.41 2005/08/12 09:21:40 lha Exp $");
+RCSID("$Id: pkinit.c,v 1.43 2005/09/21 00:40:32 lha Exp $");
#ifdef PKINIT
@@ -333,16 +333,11 @@ generate_dh_keyblock(krb5_context context, pk_client_params *client_params,
goto out;
}
- ret = krb5_random_to_key(context, enctype,
- dh_gen_key, dh_gen_keylen, &key);
-
- if (ret) {
- krb5_set_error_string(context,
- "pkinit - can't create key from DH key");
- ret = KRB5KRB_ERR_GENERIC;
- goto out;
- }
- ret = krb5_copy_keyblock_contents(context, &key, reply_key);
+ ret = _krb5_pk_octetstring2key(context,
+ enctype,
+ dh_gen_key, dh_gen_keylen,
+ NULL, NULL,
+ reply_key);
out:
if (dh_gen_key)
@@ -768,11 +763,10 @@ _kdc_pk_rd_padata(krb5_context context,
client_params->nonce = ap.pkAuthenticator.nonce;
if (ap.clientPublicValue) {
- ret = get_dh_param(context, ap.clientPublicValue, client_params);
- if (ret) {
- free_AuthPack_19(&ap);
- goto out;
- }
+ krb5_set_error_string(context, "PK-INIT, no support for DH");
+ ret = KRB5KDC_ERR_PADATA_TYPE_NOSUPP;
+ free_AuthPack_19(&ap);
+ goto out;
}
free_AuthPack_19(&ap);
} else if (pa->padata_type == KRB5_PADATA_PK_AS_REQ) {
@@ -800,10 +794,11 @@ _kdc_pk_rd_padata(krb5_context context,
client_params->nonce = ap.pkAuthenticator.nonce;
if (ap.clientPublicValue) {
- krb5_set_error_string(context, "PK-INIT, no support for DH");
- ret = KRB5KDC_ERR_PADATA_TYPE_NOSUPP;
- free_AuthPack(&ap);
- goto out;
+ ret = get_dh_param(context, ap.clientPublicValue, client_params);
+ if (ret) {
+ free_AuthPack(&ap);
+ goto out;
+ }
}
free_AuthPack(&ap);
} else
@@ -1139,16 +1134,18 @@ pk_mk_pa_reply_dh(krb5_context context,
ContentInfo *content_info)
{
ASN1_INTEGER *dh_pub_key = NULL;
+ ContentInfo contentinfo;
KDCDHKeyInfo dh_info;
krb5_error_code ret;
SignedData sd;
- krb5_data buf, sd_buf;
+ krb5_data buf, signed_data;
size_t size;
+ memset(&contentinfo, 0, sizeof(contentinfo));
memset(&dh_info, 0, sizeof(dh_info));
memset(&sd, 0, sizeof(sd));
krb5_data_zero(&buf);
- krb5_data_zero(&sd_buf);
+ krb5_data_zero(&signed_data);
dh_pub_key = BN_to_ASN1_INTEGER(kdc_dh->pub_key, NULL);
if (dh_pub_key == NULL) {
@@ -1190,17 +1187,21 @@ pk_mk_pa_reply_dh(krb5_context context,
ret = _krb5_pk_create_sign(context,
oid_id_pkdhkeydata(),
&buf,
- kdc_identity,
- &sd_buf);
+ kdc_identity,
+ &signed_data);
krb5_data_free(&buf);
if (ret)
goto out;
- ret = _krb5_pk_mk_ContentInfo(context, &sd_buf, oid_id_pkcs7_signedData(),
+ ret = _krb5_pk_mk_ContentInfo(context,
+ &signed_data,
+ oid_id_pkcs7_signedData(),
content_info);
- krb5_data_free(&sd_buf);
+ if (ret)
+ goto out;
out:
+ krb5_data_free(&signed_data);
free_KDCDHKeyInfo(&dh_info);
return ret;
@@ -1249,14 +1250,15 @@ _kdc_pk_mk_pa_reply(krb5_context context,
if (client_params->type == PKINIT_COMPAT_27) {
PA_PK_AS_REP rep;
- pa_type = KRB5_PADATA_PK_AS_REP;
-
memset(&rep, 0, sizeof(rep));
+ pa_type = KRB5_PADATA_PK_AS_REP;
+
if (client_params->dh == NULL) {
- rep.element = choice_PA_PK_AS_REP_encKeyPack;
ContentInfo info;
+ rep.element = choice_PA_PK_AS_REP_encKeyPack;
+
krb5_generate_random_keyblock(context, enctype,
&client_params->reply_key);
ret = pk_mk_pa_reply_enckey(context,
@@ -1283,8 +1285,37 @@ _kdc_pk_mk_pa_reply(krb5_context context,
krb5_abortx(context, "Internal ASN.1 encoder error");
} else {
- krb5_set_error_string(context, "DH -27 not implemented");
- ret = KRB5KRB_ERR_GENERIC;
+ ContentInfo info;
+
+ rep.element = choice_PA_PK_AS_REP_dhInfo;
+
+ ret = check_dh_params(client_params->dh);
+ if (ret)
+ return ret;
+
+ ret = generate_dh_keyblock(context, client_params, enctype,
+ &client_params->reply_key);
+ if (ret)
+ return ret;
+
+ ret = pk_mk_pa_reply_dh(context, client_params->dh,
+ client_params,
+ &client_params->reply_key,
+ &info);
+
+ ASN1_MALLOC_ENCODE(ContentInfo, rep.u.dhInfo.dhSignedData.data,
+ rep.u.dhInfo.dhSignedData.length, &info, &size,
+ ret);
+ free_ContentInfo(&info);
+ if (ret) {
+ krb5_set_error_string(context, "encoding of Key ContentInfo "
+ "failed %d", ret);
+ free_PA_PK_AS_REP(&rep);
+ goto out;
+ }
+ if (rep.u.encKeyPack.length != size)
+ krb5_abortx(context, "Internal ASN.1 encoder error");
+
}
if (ret) {
free_PA_PK_AS_REP(&rep);
@@ -1319,21 +1350,8 @@ _kdc_pk_mk_pa_reply(krb5_context context,
&client_params->reply_key,
&rep.u.encKeyPack);
} else {
- rep.element = choice_PA_PK_AS_REP_19_dhSignedData;
-
- ret = check_dh_params(client_params->dh);
- if (ret)
- return ret;
-
- ret = generate_dh_keyblock(context, client_params, enctype,
- &client_params->reply_key);
- if (ret)
- return ret;
-
- ret = pk_mk_pa_reply_dh(context, client_params->dh,
- client_params,
- &client_params->reply_key,
- &rep.u.dhSignedData);
+ krb5_set_error_string(context, "DH -19 not implemented");
+ ret = KRB5KRB_ERR_GENERIC;
}
if (ret) {
free_PA_PK_AS_REP_19(&rep);
diff --git a/source4/heimdal/lib/asn1/gen_decode.c b/source4/heimdal/lib/asn1/gen_decode.c
index 42ceb37e62..6461a0ada9 100644
--- a/source4/heimdal/lib/asn1/gen_decode.c
+++ b/source4/heimdal/lib/asn1/gen_decode.c
@@ -34,7 +34,7 @@
#include "gen_locl.h"
#include "lex.h"
-RCSID("$Id: gen_decode.c,v 1.28 2005/08/23 11:51:25 lha Exp $");
+RCSID("$Id: gen_decode.c,v 1.29 2005/09/21 00:30:37 lha Exp $");
static void
decode_primitive (const char *typename, const char *name, const char *forwstr)
@@ -396,17 +396,15 @@ decode_type (const char *name, const Type *t, int optional,
"%s_tmp = realloc((%s)->val, "
" sizeof(*((%s)->val)) * ((%s)->len + 1));\n"
"if (%s_tmp == NULL) { %s; }\n"
- "(%s)->len++;\n"
"(%s)->val = %s_tmp;\n",
tmpstr, tmpstr, tmpstr,
name, name,
tmpstr, tmpstr,
name, name, name,
- tmpstr,
- forwstr, name, name,
- tmpstr);
+ tmpstr, forwstr,
+ name, tmpstr);
- asprintf (&n, "&(%s)->val[(%s)->len-1]", name, name);
+ asprintf (&n, "&(%s)->val[(%s)->len]", name, name);
if (n == NULL)
errx(1, "malloc");
asprintf (&sname, "%s_s_of", tmpstr);
@@ -414,10 +412,12 @@ decode_type (const char *name, const Type *t, int optional,
errx(1, "malloc");
decode_type (n, t->subtype, 0, forwstr, sname);
fprintf (codefile,
+ "(%s)->len++;\n"
"len = %s_origlen - ret;\n"
"}\n"
"ret += %s_oldret;\n"
"}\n",
+ name,
tmpstr, tmpstr);
free (n);
free (sname);
diff --git a/source4/heimdal/lib/asn1/lex.c b/source4/heimdal/lib/asn1/lex.c
index 3b563038e8..8a13c392f8 100644
--- a/source4/heimdal/lib/asn1/lex.c
+++ b/source4/heimdal/lib/asn1/lex.c
@@ -736,7 +736,7 @@ char *yytext;
* SUCH DAMAGE.
*/
-/* $Id: lex.l,v 1.26 2005/07/12 06:27:33 lha Exp $ */
+/* $Id: lex.l,v 1.27 2005/09/13 18:17:16 lha Exp $ */
#ifdef HAVE_CONFIG_H
#include <config.h>
@@ -758,8 +758,8 @@ static unsigned lineno = 1;
#undef ECHO
-static void handle_comment(int type);
-static char *handle_string(void);
+static void unterminated(const char *, unsigned);
+
#line 764 "lex.c"
/* Macros after this point can all be overridden by user definitions in
@@ -1419,21 +1419,121 @@ YY_RULE_SETUP
case 85:
YY_RULE_SETUP
#line 147 "lex.l"
-{ handle_comment(0); }
+{
+ int c, start_lineno = lineno;
+ int f = 0;
+ while((c = input()) != EOF) {
+ if(f && c == '-')
+ break;
+ if(c == '-') {
+ f = 1;
+ continue;
+ }
+ if(c == '\n') {
+ lineno++;
+ break;
+ }
+ f = 0;
+ }
+ if(c == EOF)
+ unterminated("comment", start_lineno);
+ }
YY_BREAK
case 86:
YY_RULE_SETUP
-#line 148 "lex.l"
-{ handle_comment(1); }
+#line 166 "lex.l"
+{
+ int c, start_lineno = lineno;
+ int level = 1;
+ int seen_star = 0;
+ int seen_slash = 0;
+ while((c = input()) != EOF) {
+ if(c == '/') {
+ if(seen_star) {
+ if(--level == 0)
+ break;
+ seen_star = 0;
+ continue;
+ }
+ seen_slash = 1;
+ continue;
+ }
+ if(seen_star && c == '/') {
+ if(--level == 0)
+ break;
+ seen_star = 0;
+ continue;
+ }
+ if(c == '*') {
+ if(seen_slash) {
+ level++;
+ seen_star = seen_slash = 0;
+ continue;
+ }
+ seen_star = 1;
+ continue;
+ }
+ seen_star = seen_slash = 0;
+ if(c == '\n') {
+ lineno++;
+ continue;
+ }
+ }
+ if(c == EOF)
+ unterminated("comment", start_lineno);
+ }
YY_BREAK
case 87:
YY_RULE_SETUP
-#line 149 "lex.l"
-{ yylval.name = handle_string(); return STRING; }
+#line 206 "lex.l"
+{
+ int start_lineno = lineno;
+ int c;
+ char buf[1024];
+ char *p = buf;
+ int f = 0;
+ int skip_ws = 0;
+
+ while((c = input()) != EOF) {
+ if(isspace(c) && skip_ws) {
+ if(c == '\n')
+ lineno++;
+ continue;
+ }
+ skip_ws = 0;
+
+ if(c == '"') {
+ if(f) {
+ *p++ = '"';
+ f = 0;
+ } else
+ f = 1;
+ continue;
+ }
+ if(f == 1) {
+ unput(c);
+ break;
+ }
+ if(c == '\n') {
+ lineno++;
+ while(p > buf && isspace((unsigned char)p[-1]))
+ p--;
+ skip_ws = 1;
+ continue;
+ }
+ *p++ = c;
+ }
+ if(c == EOF)
+ unterminated("string", start_lineno);
+ *p++ = '\0';
+ fprintf(stderr, "string -- %s\n", buf);
+ yylval.name = estrdup(buf);
+ return STRING;
+ }
YY_BREAK
case 88:
YY_RULE_SETUP
-#line 151 "lex.l"
+#line 251 "lex.l"
{ char *e, *y = yytext;
yylval.constant = strtol((const char *)yytext,
&e, 0);
@@ -1445,7 +1545,7 @@ YY_RULE_SETUP
YY_BREAK
case 89:
YY_RULE_SETUP
-#line 159 "lex.l"
+#line 259 "lex.l"
{
yylval.name = estrdup ((const char *)yytext);
return IDENTIFIER;
@@ -1453,35 +1553,35 @@ YY_RULE_SETUP
YY_BREAK
case 90:
YY_RULE_SETUP
-#line 163 "lex.l"
+#line 263 "lex.l"
;
YY_BREAK
case 91:
YY_RULE_SETUP
-#line 164 "lex.l"
+#line 264 "lex.l"
{ ++lineno; }
YY_BREAK
case 92:
YY_RULE_SETUP
-#line 165 "lex.l"
+#line 265 "lex.l"
{ return ELLIPSIS; }
YY_BREAK
case 93:
YY_RULE_SETUP
-#line 166 "lex.l"
+#line 266 "lex.l"
{ return RANGE; }
YY_BREAK
case 94:
YY_RULE_SETUP
-#line 167 "lex.l"
+#line 267 "lex.l"
{ error_message("Ignoring char(%c)\n", *yytext); }
YY_BREAK
case 95:
YY_RULE_SETUP
-#line 168 "lex.l"
+#line 268 "lex.l"
ECHO;
YY_BREAK
-#line 1485 "lex.c"
+#line 1585 "lex.c"
case YY_STATE_EOF(INITIAL):
yyterminate();
@@ -2363,7 +2463,7 @@ int main()
return 0;
}
#endif
-#line 168 "lex.l"
+#line 268 "lex.l"
#ifndef yywrap /* XXX */
@@ -2377,119 +2477,17 @@ yywrap ()
void
error_message (const char *format, ...)
{
- va_list args;
+ va_list args;
- va_start (args, format);
- fprintf (stderr, "%s:%d: ", get_filename(), lineno);
- vfprintf (stderr, format, args);
- va_end (args);
- error_flag++;
+ va_start (args, format);
+ fprintf (stderr, "%s:%d: ", get_filename(), lineno);
+ vfprintf (stderr, format, args);
+ va_end (args);
+ error_flag++;
}
static void
-handle_comment(int type)
-{
- int c;
- int start_lineno = lineno;
- if(type == 0) {
- int f = 0;
- while((c = input()) != EOF) {
- if(f && c == '-')
- return;
- if(c == '-') {
- f = 1;
- continue;
- }
- if(c == '\n') {
- lineno++;
- return;
- }
- f = 0;
- }
- } else {
- int level = 1;
- int seen_star = 0;
- int seen_slash = 0;
- while((c = input()) != EOF) {
- if(c == '/') {
- if(seen_star) {
- if(--level == 0)
- return;
- seen_star = 0;
- continue;
- }
- seen_slash = 1;
- continue;
- }
- if(seen_star && c == '/') {
- if(--level == 0)
- return;
- seen_star = 0;
- continue;
- }
- if(c == '*') {
- if(seen_slash) {
- level++;
- seen_star = seen_slash = 0;
- continue;
- }
- seen_star = 1;
- continue;
- }
- seen_star = seen_slash = 0;
- if(c == '\n') {
- lineno++;
- continue;
- }
- }
- }
- if(c == EOF)
- error_message("unterminated comment, possibly started on line %d\n", start_lineno);
-}
-
-static char *
-handle_string(void)
+unterminated(const char *type, unsigned start_lineno)
{
- int start_lineno = lineno;
- int c;
- char buf[1024];
- char *p = buf;
- int f = 0;
- int skip_ws = 0;
-
- while((c = input()) != EOF) {
- if(isspace(c) && skip_ws) {
- if(c == '\n')
- lineno++;
- continue;
- }
- skip_ws = 0;
-
- if(c == '"') {
- if(f) {
- *p++ = '"';
- f = 0;
- } else
- f = 1;
- continue;
- }
- if(f == 1) {
- unput(c);
- break;
- }
- if(c == '\n') {
- lineno++;
- while(p > buf && isspace((unsigned char)p[-1]))
- p--;
- skip_ws = 1;
- continue;
- }
- *p++ = c;
- }
- if(c == EOF)
- error_message("unterminated string, possibly started on line %d\n", start_lineno);
- *p++ = '\0';
- fprintf(stderr, "string -- %s\n", buf);
- return estrdup(buf);
+ error_message("unterminated %s, possibly started on line %d\n", type, start_lineno);
}
-
diff --git a/source4/heimdal/lib/asn1/lex.l b/source4/heimdal/lib/asn1/lex.l
index cb6512f36f..4b2c5af062 100644
--- a/source4/heimdal/lib/asn1/lex.l
+++ b/source4/heimdal/lib/asn1/lex.l
@@ -32,7 +32,7 @@
* SUCH DAMAGE.
*/
-/* $Id: lex.l,v 1.26 2005/07/12 06:27:33 lha Exp $ */
+/* $Id: lex.l,v 1.27 2005/09/13 18:17:16 lha Exp $ */
#ifdef HAVE_CONFIG_H
#include <config.h>
@@ -54,8 +54,8 @@ static unsigned lineno = 1;
#undef ECHO
-static void handle_comment(int type);
-static char *handle_string(void);
+static void unterminated(const char *, unsigned);
+
%}
@@ -144,9 +144,109 @@ WITH { return kw_WITH; }
"[" { return *yytext; }
"]" { return *yytext; }
::= { return EEQUAL; }
--- { handle_comment(0); }
-\/\* { handle_comment(1); }
-"\"" { yylval.name = handle_string(); return STRING; }
+-- {
+ int c, start_lineno = lineno;
+ int f = 0;
+ while((c = input()) != EOF) {
+ if(f && c == '-')
+ break;
+ if(c == '-') {
+ f = 1;
+ continue;
+ }
+ if(c == '\n') {
+ lineno++;
+ break;
+ }
+ f = 0;
+ }
+ if(c == EOF)
+ unterminated("comment", start_lineno);
+ }
+\/\* {
+ int c, start_lineno = lineno;
+ int level = 1;
+ int seen_star = 0;
+ int seen_slash = 0;
+ while((c = input()) != EOF) {
+ if(c == '/') {
+ if(seen_star) {
+ if(--level == 0)
+ break;
+ seen_star = 0;
+ continue;
+ }
+ seen_slash = 1;
+ continue;
+ }
+ if(seen_star && c == '/') {
+ if(--level == 0)
+ break;
+ seen_star = 0;
+ continue;
+ }
+ if(c == '*') {
+ if(seen_slash) {
+ level++;
+ seen_star = seen_slash = 0;
+ continue;
+ }
+ seen_star = 1;
+ continue;
+ }
+ seen_star = seen_slash = 0;
+ if(c == '\n') {
+ lineno++;
+ continue;
+ }
+ }
+ if(c == EOF)
+ unterminated("comment", start_lineno);
+ }
+"\"" {
+ int start_lineno = lineno;
+ int c;
+ char buf[1024];
+ char *p = buf;
+ int f = 0;
+ int skip_ws = 0;
+
+ while((c = input()) != EOF) {
+ if(isspace(c) && skip_ws) {
+ if(c == '\n')
+ lineno++;
+ continue;
+ }
+ skip_ws = 0;
+
+ if(c == '"') {
+ if(f) {
+ *p++ = '"';
+ f = 0;
+ } else
+ f = 1;
+ continue;
+ }
+ if(f == 1) {
+ unput(c);
+ break;
+ }
+ if(c == '\n') {
+ lineno++;
+ while(p > buf && isspace((unsigned char)p[-1]))
+ p--;
+ skip_ws = 1;
+ continue;
+ }
+ *p++ = c;
+ }
+ if(c == EOF)
+ unterminated("string", start_lineno);
+ *p++ = '\0';
+ fprintf(stderr, "string -- %s\n", buf);
+ yylval.name = estrdup(buf);
+ return STRING;
+ }
-?0x[0-9A-Fa-f]+|-?[0-9]+ { char *e, *y = yytext;
yylval.constant = strtol((const char *)yytext,
@@ -178,119 +278,17 @@ yywrap ()
void
error_message (const char *format, ...)
{
- va_list args;
+ va_list args;
- va_start (args, format);
- fprintf (stderr, "%s:%d: ", get_filename(), lineno);
- vfprintf (stderr, format, args);
- va_end (args);
- error_flag++;
+ va_start (args, format);
+ fprintf (stderr, "%s:%d: ", get_filename(), lineno);
+ vfprintf (stderr, format, args);
+ va_end (args);
+ error_flag++;
}
static void
-handle_comment(int type)
+unterminated(const char *type, unsigned start_lineno)
{
- int c;
- int start_lineno = lineno;
- if(type == 0) {
- int f = 0;
- while((c = input()) != EOF) {
- if(f && c == '-')
- return;
- if(c == '-') {
- f = 1;
- continue;
- }
- if(c == '\n') {
- lineno++;
- return;
- }
- f = 0;
- }
- } else {
- int level = 1;
- int seen_star = 0;
- int seen_slash = 0;
- while((c = input()) != EOF) {
- if(c == '/') {
- if(seen_star) {
- if(--level == 0)
- return;
- seen_star = 0;
- continue;
- }
- seen_slash = 1;
- continue;
- }
- if(seen_star && c == '/') {
- if(--level == 0)
- return;
- seen_star = 0;
- continue;
- }
- if(c == '*') {
- if(seen_slash) {
- level++;
- seen_star = seen_slash = 0;
- continue;
- }
- seen_star = 1;
- continue;
- }
- seen_star = seen_slash = 0;
- if(c == '\n') {
- lineno++;
- continue;
- }
- }
- }
- if(c == EOF)
- error_message("unterminated comment, possibly started on line %d\n", start_lineno);
-}
-
-static char *
-handle_string(void)
-{
- int start_lineno = lineno;
- int c;
- char buf[1024];
- char *p = buf;
- int f = 0;
- int skip_ws = 0;
-
- while((c = input()) != EOF) {
- if(isspace(c) && skip_ws) {
- if(c == '\n')
- lineno++;
- continue;
- }
- skip_ws = 0;
-
- if(c == '"') {
- if(f) {
- *p++ = '"';
- f = 0;
- } else
- f = 1;
- continue;
- }
- if(f == 1) {
- unput(c);
- break;
- }
- if(c == '\n') {
- lineno++;
- while(p > buf && isspace((unsigned char)p[-1]))
- p--;
- skip_ws = 1;
- continue;
- }
- *p++ = c;
- }
- if(c == EOF)
- error_message("unterminated string, possibly started on line %d\n", start_lineno);
- *p++ = '\0';
- fprintf(stderr, "string -- %s\n", buf);
- return estrdup(buf);
+ error_message("unterminated %s, possibly started on line %d\n", type, start_lineno);
}
-
diff --git a/source4/heimdal/lib/asn1/pkcs8.asn1 b/source4/heimdal/lib/asn1/pkcs8.asn1
index 823e56660b..dc52511bf4 100644
--- a/source4/heimdal/lib/asn1/pkcs8.asn1
+++ b/source4/heimdal/lib/asn1/pkcs8.asn1
@@ -1,4 +1,4 @@
--- $Id: pkcs8.asn1,v 1.2 2005/07/12 06:27:36 lha Exp $ --
+-- $Id: pkcs8.asn1,v 1.3 2005/09/13 19:41:29 lha Exp $ --
PKCS8 DEFINITIONS ::=
@@ -17,7 +17,7 @@ PKCS8PrivateKeyInfo ::= SEQUENCE {
version INTEGER,
privateKeyAlgorithm PKCS8PrivateKeyAlgorithmIdentifier,
privateKey PKCS8PrivateKey,
- attributes [0] IMPLICIT PKCS8Attributes OPTIONAL
+ attributes [0] IMPLICIT SET OF Attribute OPTIONAL
}
PKCS8EncryptedData ::= OCTET STRING
diff --git a/source4/heimdal/lib/com_err/parse.c b/source4/heimdal/lib/com_err/parse.c
index 42455097c9..e55dafa41e 100644
--- a/source4/heimdal/lib/com_err/parse.c
+++ b/source4/heimdal/lib/com_err/parse.c
@@ -1,7 +1,7 @@
-/* A Bison parser, made by GNU Bison 1.875c. */
+/* A Bison parser, made by GNU Bison 2.0. */
/* Skeleton parser for Yacc-like parsing with Bison,
- Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003 Free Software Foundation, Inc.
+ Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004 Free Software Foundation, Inc.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -148,7 +148,7 @@ typedef union YYSTYPE {
char *string;
int number;
} YYSTYPE;
-/* Line 191 of yacc.c. */
+/* Line 190 of yacc.c. */
#line 153 "$base.c"
# define yystype YYSTYPE /* obsolescent; will be withdrawn */
# define YYSTYPE_IS_DECLARED 1
@@ -160,7 +160,7 @@ typedef union YYSTYPE {
/* Copy the second part of user declarations. */
-/* Line 214 of yacc.c. */
+/* Line 213 of yacc.c. */
#line 165 "$base.c"
#if ! defined (yyoverflow) || YYERROR_VERBOSE
@@ -176,14 +176,10 @@ typedef union YYSTYPE {
# ifdef YYSTACK_USE_ALLOCA
# if YYSTACK_USE_ALLOCA
-# define YYSTACK_ALLOC alloca
-# endif
-# else
-# if defined (alloca) || defined (_ALLOCA_H)
-# define YYSTACK_ALLOC alloca
-# else
# ifdef __GNUC__
# define YYSTACK_ALLOC __builtin_alloca
+# else
+# define YYSTACK_ALLOC alloca
# endif
# endif
# endif
@@ -209,7 +205,7 @@ typedef union YYSTYPE {
/* A type that is properly aligned for any stack member. */
union yyalloc
{
- short yyss;
+ short int yyss;
YYSTYPE yyvs;
};
@@ -219,7 +215,7 @@ union yyalloc
/* The size of an array large to enough to hold all stacks, each with
N elements. */
# define YYSTACK_BYTES(N) \
- ((N) * (sizeof (short) + sizeof (YYSTYPE)) \
+ ((N) * (sizeof (short int) + sizeof (YYSTYPE)) \
+ YYSTACK_GAP_MAXIMUM)
/* Copy COUNT objects from FROM to TO. The source and destination do
@@ -261,7 +257,7 @@ union yyalloc
#if defined (__STDC__) || defined (__cplusplus)
typedef signed char yysigned_char;
#else
- typedef short yysigned_char;
+ typedef short int yysigned_char;
#endif
/* YYFINAL -- State number of the termination state. */
@@ -358,7 +354,7 @@ static const char *const yytname[] =
# ifdef YYPRINT
/* YYTOKNUM[YYLEX-NUM] -- Internal token number corresponding to
token YYLEX-NUM. */
-static const unsigned short yytoknum[] =
+static const unsigned short int yytoknum[] =
{
0, 256, 257, 258, 259, 260, 261, 262, 263, 264,
265, 44
@@ -490,20 +486,53 @@ do \
} \
while (0)
+
#define YYTERROR 1
#define YYERRCODE 256
-/* YYLLOC_DEFAULT -- Compute the default location (before the actions
- are run). */
+/* YYLLOC_DEFAULT -- Set CURRENT to span from RHS[1] to RHS[N].
+ If N is 0, then set CURRENT to the empty location which ends
+ the previous symbol: RHS[0] (always defined). */
+
+#define YYRHSLOC(Rhs, K) ((Rhs)[K])
#ifndef YYLLOC_DEFAULT
-# define YYLLOC_DEFAULT(Current, Rhs, N) \
- ((Current).first_line = (Rhs)[1].first_line, \
- (Current).first_column = (Rhs)[1].first_column, \
- (Current).last_line = (Rhs)[N].last_line, \
- (Current).last_column = (Rhs)[N].last_column)
+# define YYLLOC_DEFAULT(Current, Rhs, N) \
+ do \
+ if (N) \
+ { \
+ (Current).first_line = YYRHSLOC (Rhs, 1).first_line; \
+ (Current).first_column = YYRHSLOC (Rhs, 1).first_column; \
+ (Current).last_line = YYRHSLOC (Rhs, N).last_line; \
+ (Current).last_column = YYRHSLOC (Rhs, N).last_column; \
+ } \
+ else \
+ { \
+ (Current).first_line = (Current).last_line = \
+ YYRHSLOC (Rhs, 0).last_line; \
+ (Current).first_column = (Current).last_column = \
+ YYRHSLOC (Rhs, 0).last_column; \
+ } \
+ while (0)
#endif
+
+/* YY_LOCATION_PRINT -- Print the location on the stream.
+ This macro was not mandated originally: define only if we know
+ we won't break user code: when these are the locations we know. */
+
+#ifndef YY_LOCATION_PRINT
+# if YYLTYPE_IS_TRIVIAL
+# define YY_LOCATION_PRINT(File, Loc) \
+ fprintf (File, "%d.%d-%d.%d", \
+ (Loc).first_line, (Loc).first_column, \
+ (Loc).last_line, (Loc).last_column)
+# else
+# define YY_LOCATION_PRINT(File, Loc) ((void) 0)
+# endif
+#endif
+
+
/* YYLEX -- calling `yylex' with the right arguments. */
#ifdef YYLEX_PARAM
@@ -526,19 +555,13 @@ do { \
YYFPRINTF Args; \
} while (0)
-# define YYDSYMPRINT(Args) \
-do { \
- if (yydebug) \
- yysymprint Args; \
-} while (0)
-
-# define YYDSYMPRINTF(Title, Token, Value, Location) \
+# define YY_SYMBOL_PRINT(Title, Type, Value, Location) \
do { \
if (yydebug) \
{ \
YYFPRINTF (stderr, "%s ", Title); \
yysymprint (stderr, \
- Token, Value); \
+ Type, Value); \
YYFPRINTF (stderr, "\n"); \
} \
} while (0)
@@ -550,12 +573,12 @@ do { \
#if defined (__STDC__) || defined (__cplusplus)
static void
-yy_stack_print (short *bottom, short *top)
+yy_stack_print (short int *bottom, short int *top)
#else
static void
yy_stack_print (bottom, top)
- short *bottom;
- short *top;
+ short int *bottom;
+ short int *top;
#endif
{
YYFPRINTF (stderr, "Stack now");
@@ -605,8 +628,7 @@ do { \
int yydebug;
#else /* !YYDEBUG */
# define YYDPRINTF(Args)
-# define YYDSYMPRINT(Args)
-# define YYDSYMPRINTF(Title, Token, Value, Location)
+# define YY_SYMBOL_PRINT(Title, Type, Value, Location)
# define YY_STACK_PRINT(Bottom, Top)
# define YY_REDUCE_PRINT(Rule)
#endif /* !YYDEBUG */
@@ -624,10 +646,6 @@ int yydebug;
SIZE_MAX < YYSTACK_BYTES (YYMAXDEPTH)
evaluated with infinite-precision integer arithmetic. */
-#if defined (YYMAXDEPTH) && YYMAXDEPTH == 0
-# undef YYMAXDEPTH
-#endif
-
#ifndef YYMAXDEPTH
# define YYMAXDEPTH 10000
#endif
@@ -709,15 +727,15 @@ yysymprint (yyoutput, yytype, yyvaluep)
(void) yyvaluep;
if (yytype < YYNTOKENS)
- {
- YYFPRINTF (yyoutput, "token %s (", yytname[yytype]);
-# ifdef YYPRINT
- YYPRINT (yyoutput, yytoknum[yytype], *yyvaluep);
-# endif
- }
+ YYFPRINTF (yyoutput, "token %s (", yytname[yytype]);
else
YYFPRINTF (yyoutput, "nterm %s (", yytname[yytype]);
+
+# ifdef YYPRINT
+ if (yytype < YYNTOKENS)
+ YYPRINT (yyoutput, yytoknum[yytype], *yyvaluep);
+# endif
switch (yytype)
{
default:
@@ -733,10 +751,11 @@ yysymprint (yyoutput, yytype, yyvaluep)
#if defined (__STDC__) || defined (__cplusplus)
static void
-yydestruct (int yytype, YYSTYPE *yyvaluep)
+yydestruct (const char *yymsg, int yytype, YYSTYPE *yyvaluep)
#else
static void
-yydestruct (yytype, yyvaluep)
+yydestruct (yymsg, yytype, yyvaluep)
+ const char *yymsg;
int yytype;
YYSTYPE *yyvaluep;
#endif
@@ -744,6 +763,10 @@ yydestruct (yytype, yyvaluep)
/* Pacify ``unused variable'' warnings. */
(void) yyvaluep;
+ if (!yymsg)
+ yymsg = "Deleting";
+ YY_SYMBOL_PRINT (yymsg, yytype, yyvaluep, yylocationp);
+
switch (yytype)
{
@@ -771,10 +794,10 @@ int yyparse ();
-/* The lookahead symbol. */
+/* The look-ahead symbol. */
int yychar;
-/* The semantic value of the lookahead symbol. */
+/* The semantic value of the look-ahead symbol. */
YYSTYPE yylval;
/* Number of syntax errors so far. */
@@ -810,7 +833,7 @@ yyparse ()
int yyresult;
/* Number of tokens to shift before error messages enabled. */
int yyerrstatus;
- /* Lookahead token as an internal (translated) token number. */
+ /* Look-ahead token as an internal (translated) token number. */
int yytoken = 0;
/* Three stacks and their tools:
@@ -822,9 +845,9 @@ yyparse ()
to reallocate them elsewhere. */
/* The state stack. */
- short yyssa[YYINITDEPTH];
- short *yyss = yyssa;
- register short *yyssp;
+ short int yyssa[YYINITDEPTH];
+ short int *yyss = yyssa;
+ register short int *yyssp;
/* The semantic value stack. */
YYSTYPE yyvsa[YYINITDEPTH];
@@ -861,6 +884,9 @@ yyparse ()
yyssp = yyss;
yyvsp = yyvs;
+
+ yyvsp[0] = yylval;
+
goto yysetstate;
/*------------------------------------------------------------.
@@ -886,7 +912,7 @@ yyparse ()
these so that the &'s don't force the real ones into
memory. */
YYSTYPE *yyvs1 = yyvs;
- short *yyss1 = yyss;
+ short int *yyss1 = yyss;
/* Each stack pointer address is followed by the size of the
@@ -914,7 +940,7 @@ yyparse ()
yystacksize = YYMAXDEPTH;
{
- short *yyss1 = yyss;
+ short int *yyss1 = yyss;
union yyalloc *yyptr =
(union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize));
if (! yyptr)
@@ -950,18 +976,18 @@ yyparse ()
yybackup:
/* Do appropriate processing given the current state. */
-/* Read a lookahead token if we need one and don't already have one. */
+/* Read a look-ahead token if we need one and don't already have one. */
/* yyresume: */
- /* First try to decide what to do without reference to lookahead token. */
+ /* First try to decide what to do without reference to look-ahead token. */
yyn = yypact[yystate];
if (yyn == YYPACT_NINF)
goto yydefault;
- /* Not known => get a lookahead token if don't already have one. */
+ /* Not known => get a look-ahead token if don't already have one. */
- /* YYCHAR is either YYEMPTY or YYEOF or a valid lookahead symbol. */
+ /* YYCHAR is either YYEMPTY or YYEOF or a valid look-ahead symbol. */
if (yychar == YYEMPTY)
{
YYDPRINTF ((stderr, "Reading a token: "));
@@ -976,7 +1002,7 @@ yybackup:
else
{
yytoken = YYTRANSLATE (yychar);
- YYDSYMPRINTF ("Next token is", yytoken, &yylval, &yylloc);
+ YY_SYMBOL_PRINT ("Next token is", yytoken, &yylval, &yylloc);
}
/* If the proper action on seeing token YYTOKEN is to reduce or to
@@ -996,8 +1022,8 @@ yybackup:
if (yyn == YYFINAL)
YYACCEPT;
- /* Shift the lookahead token. */
- YYDPRINTF ((stderr, "Shifting token %s, ", yytname[yytoken]));
+ /* Shift the look-ahead token. */
+ YY_SYMBOL_PRINT ("Shifting", yytoken, &yylval, &yylloc);
/* Discard the token being shifted unless it is eof. */
if (yychar != YYEOF)
@@ -1049,33 +1075,33 @@ yyreduce:
case 6:
#line 73 "parse.y"
{
- id_str = yyvsp[0].string;
+ id_str = (yyvsp[0].string);
}
break;
case 7:
#line 79 "parse.y"
{
- base_id = name2number(yyvsp[0].string);
- strlcpy(name, yyvsp[0].string, sizeof(name));
- free(yyvsp[0].string);
+ base_id = name2number((yyvsp[0].string));
+ strlcpy(name, (yyvsp[0].string), sizeof(name));
+ free((yyvsp[0].string));
}
break;
case 8:
#line 85 "parse.y"
{
- base_id = name2number(yyvsp[-1].string);
- strlcpy(name, yyvsp[0].string, sizeof(name));
- free(yyvsp[-1].string);
- free(yyvsp[0].string);
+ base_id = name2number((yyvsp[-1].string));
+ strlcpy(name, (yyvsp[0].string), sizeof(name));
+ free((yyvsp[-1].string));
+ free((yyvsp[0].string));
}
break;
case 11:
#line 98 "parse.y"
{
- number = yyvsp[0].number;
+ number = (yyvsp[0].number);
}
break;
@@ -1083,10 +1109,10 @@ yyreduce:
#line 102 "parse.y"
{
free(prefix);
- asprintf (&prefix, "%s_", yyvsp[0].string);
+ asprintf (&prefix, "%s_", (yyvsp[0].string));
if (prefix == NULL)
errx(1, "malloc");
- free(yyvsp[0].string);
+ free((yyvsp[0].string));
}
break;
@@ -1111,13 +1137,13 @@ yyreduce:
ec->next = NULL;
ec->number = number;
if(prefix && *prefix != '\0') {
- asprintf (&ec->name, "%s%s", prefix, yyvsp[-2].string);
+ asprintf (&ec->name, "%s%s", prefix, (yyvsp[-2].string));
if (ec->name == NULL)
errx(1, "malloc");
- free(yyvsp[-2].string);
+ free((yyvsp[-2].string));
} else
- ec->name = yyvsp[-2].string;
- ec->string = yyvsp[0].string;
+ ec->name = (yyvsp[-2].string);
+ ec->string = (yyvsp[0].string);
APPEND(codes, ec);
number++;
}
@@ -1133,8 +1159,8 @@ yyreduce:
}
-/* Line 1000 of yacc.c. */
-#line 1138 "$base.c"
+/* Line 1037 of yacc.c. */
+#line 1164 "$base.c"
yyvsp -= yylen;
yyssp -= yylen;
@@ -1234,7 +1260,7 @@ yyerrlab:
if (yyerrstatus == 3)
{
- /* If just tried and failed to reuse lookahead token after an
+ /* If just tried and failed to reuse look-ahead token after an
error, discard it. */
if (yychar <= YYEOF)
@@ -1244,23 +1270,22 @@ yyerrlab:
if (yychar == YYEOF)
for (;;)
{
+
YYPOPSTACK;
if (yyssp == yyss)
YYABORT;
- YYDSYMPRINTF ("Error: popping", yystos[*yyssp], yyvsp, yylsp);
- yydestruct (yystos[*yyssp], yyvsp);
+ yydestruct ("Error: popping",
+ yystos[*yyssp], yyvsp);
}
}
else
{
- YYDSYMPRINTF ("Error: discarding", yytoken, &yylval, &yylloc);
- yydestruct (yytoken, &yylval);
+ yydestruct ("Error: discarding", yytoken, &yylval);
yychar = YYEMPTY;
-
}
}
- /* Else will try to reuse lookahead token after shifting the error
+ /* Else will try to reuse look-ahead token after shifting the error
token. */
goto yyerrlab1;
@@ -1277,7 +1302,7 @@ yyerrorlab:
goto yyerrorlab;
#endif
- yyvsp -= yylen;
+yyvsp -= yylen;
yyssp -= yylen;
yystate = *yyssp;
goto yyerrlab1;
@@ -1307,8 +1332,8 @@ yyerrlab1:
if (yyssp == yyss)
YYABORT;
- YYDSYMPRINTF ("Error: popping", yystos[*yyssp], yyvsp, yylsp);
- yydestruct (yystos[yystate], yyvsp);
+
+ yydestruct ("Error: popping", yystos[yystate], yyvsp);
YYPOPSTACK;
yystate = *yyssp;
YY_STACK_PRINT (yyss, yyssp);
@@ -1317,11 +1342,12 @@ yyerrlab1:
if (yyn == YYFINAL)
YYACCEPT;
- YYDPRINTF ((stderr, "Shifting error token, "));
-
*++yyvsp = yylval;
+ /* Shift the error token. */
+ YY_SYMBOL_PRINT ("Shifting", yystos[yyn], yyvsp, yylsp);
+
yystate = yyn;
goto yynewstate;
@@ -1337,6 +1363,9 @@ yyacceptlab:
| yyabortlab -- YYABORT comes here. |
`-----------------------------------*/
yyabortlab:
+ yydestruct ("Error: discarding lookahead",
+ yytoken, &yylval);
+ yychar = YYEMPTY;
yyresult = 1;
goto yyreturn;
diff --git a/source4/heimdal/lib/com_err/parse.h b/source4/heimdal/lib/com_err/parse.h
index 309c272499..ef7b9ba91e 100644
--- a/source4/heimdal/lib/com_err/parse.h
+++ b/source4/heimdal/lib/com_err/parse.h
@@ -1,7 +1,7 @@
-/* A Bison parser, made by GNU Bison 1.875c. */
+/* A Bison parser, made by GNU Bison 2.0. */
/* Skeleton parser for Yacc-like parsing with Bison,
- Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003 Free Software Foundation, Inc.
+ Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004 Free Software Foundation, Inc.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -57,7 +57,7 @@ typedef union YYSTYPE {
char *string;
int number;
} YYSTYPE;
-/* Line 1275 of yacc.c. */
+/* Line 1318 of yacc.c. */
#line 62 "parse.h"
# define yystype YYSTYPE /* obsolescent; will be withdrawn */
# define YYSTYPE_IS_DECLARED 1
diff --git a/source4/heimdal/lib/gssapi/cfx.c b/source4/heimdal/lib/gssapi/cfx.c
index 3e7592b3a7..1cc510d6fc 100755
--- a/source4/heimdal/lib/gssapi/cfx.c
+++ b/source4/heimdal/lib/gssapi/cfx.c
@@ -77,7 +77,7 @@ wrap_length_cfx(krb5_crypto crypto,
if (ret) {
return ret;
}
- if (*padsize > 1) {
+ if (padsize > 1) {
/* XXX check this */
*padlength = *padsize - (input_length % *padsize);
}
diff --git a/source4/heimdal/lib/hdb/hdb-protos.h b/source4/heimdal/lib/hdb/hdb-protos.h
index 56566b7fe4..799f013eba 100644
--- a/source4/heimdal/lib/hdb/hdb-protos.h
+++ b/source4/heimdal/lib/hdb/hdb-protos.h
@@ -8,317 +8,6 @@
extern "C" {
#endif
-unsigned
-HDBFlags2int (HDBFlags /*f*/);
-
-int
-copy_Event (
- const Event */*from*/,
- Event */*to*/);
-
-int
-copy_GENERATION (
- const GENERATION */*from*/,
- GENERATION */*to*/);
-
-int
-copy_HDBFlags (
- const HDBFlags */*from*/,
- HDBFlags */*to*/);
-
-int
-copy_HDB_Ext_Aliases (
- const HDB_Ext_Aliases */*from*/,
- HDB_Ext_Aliases */*to*/);
-
-int
-copy_HDB_Ext_Constrained_delegation_acl (
- const HDB_Ext_Constrained_delegation_acl */*from*/,
- HDB_Ext_Constrained_delegation_acl */*to*/);
-
-int
-copy_HDB_Ext_Lan_Manager_OWF (
- const HDB_Ext_Lan_Manager_OWF */*from*/,
- HDB_Ext_Lan_Manager_OWF */*to*/);
-
-int
-copy_HDB_Ext_PKINIT_acl (
- const HDB_Ext_PKINIT_acl */*from*/,
- HDB_Ext_PKINIT_acl */*to*/);
-
-int
-copy_HDB_Ext_PKINIT_certificate (
- const HDB_Ext_PKINIT_certificate */*from*/,
- HDB_Ext_PKINIT_certificate */*to*/);
-
-int
-copy_HDB_Ext_Password (
- const HDB_Ext_Password */*from*/,
- HDB_Ext_Password */*to*/);
-
-int
-copy_HDB_extension (
- const HDB_extension */*from*/,
- HDB_extension */*to*/);
-
-int
-copy_HDB_extensions (
- const HDB_extensions */*from*/,
- HDB_extensions */*to*/);
-
-int
-copy_Key (
- const Key */*from*/,
- Key */*to*/);
-
-int
-copy_Salt (
- const Salt */*from*/,
- Salt */*to*/);
-
-int
-copy_hdb_entry (
- const hdb_entry */*from*/,
- hdb_entry */*to*/);
-
-int
-decode_Event (
- const unsigned char */*p*/,
- size_t /*len*/,
- Event */*data*/,
- size_t */*size*/);
-
-int
-decode_GENERATION (
- const unsigned char */*p*/,
- size_t /*len*/,
- GENERATION */*data*/,
- size_t */*size*/);
-
-int
-decode_HDBFlags (
- const unsigned char */*p*/,
- size_t /*len*/,
- HDBFlags */*data*/,
- size_t */*size*/);
-
-int
-decode_HDB_Ext_Aliases (
- const unsigned char */*p*/,
- size_t /*len*/,
- HDB_Ext_Aliases */*data*/,
- size_t */*size*/);
-
-int
-decode_HDB_Ext_Constrained_delegation_acl (
- const unsigned char */*p*/,
- size_t /*len*/,
- HDB_Ext_Constrained_delegation_acl */*data*/,
- size_t */*size*/);
-
-int
-decode_HDB_Ext_Lan_Manager_OWF (
- const unsigned char */*p*/,
- size_t /*len*/,
- HDB_Ext_Lan_Manager_OWF */*data*/,
- size_t */*size*/);
-
-int
-decode_HDB_Ext_PKINIT_acl (
- const unsigned char */*p*/,
- size_t /*len*/,
- HDB_Ext_PKINIT_acl */*data*/,
- size_t */*size*/);
-
-int
-decode_HDB_Ext_PKINIT_certificate (
- const unsigned char */*p*/,
- size_t /*len*/,
- HDB_Ext_PKINIT_certificate */*data*/,
- size_t */*size*/);
-
-int
-decode_HDB_Ext_Password (
- const unsigned char */*p*/,
- size_t /*len*/,
- HDB_Ext_Password */*data*/,
- size_t */*size*/);
-
-int
-decode_HDB_extension (
- const unsigned char */*p*/,
- size_t /*len*/,
- HDB_extension */*data*/,
- size_t */*size*/);
-
-int
-decode_HDB_extensions (
- const unsigned char */*p*/,
- size_t /*len*/,
- HDB_extensions */*data*/,
- size_t */*size*/);
-
-int
-decode_Key (
- const unsigned char */*p*/,
- size_t /*len*/,
- Key */*data*/,
- size_t */*size*/);
-
-int
-decode_Salt (
- const unsigned char */*p*/,
- size_t /*len*/,
- Salt */*data*/,
- size_t */*size*/);
-
-int
-decode_hdb_entry (
- const unsigned char */*p*/,
- size_t /*len*/,
- hdb_entry */*data*/,
- size_t */*size*/);
-
-int
-encode_Event (
- unsigned char */*p*/,
- size_t /*len*/,
- const Event */*data*/,
- size_t */*size*/);
-
-int
-encode_GENERATION (
- unsigned char */*p*/,
- size_t /*len*/,
- const GENERATION */*data*/,
- size_t */*size*/);
-
-int
-encode_HDBFlags (
- unsigned char */*p*/,
- size_t /*len*/,
- const HDBFlags */*data*/,
- size_t */*size*/);
-
-int
-encode_HDB_Ext_Aliases (
- unsigned char */*p*/,
- size_t /*len*/,
- const HDB_Ext_Aliases */*data*/,
- size_t */*size*/);
-
-int
-encode_HDB_Ext_Constrained_delegation_acl (
- unsigned char */*p*/,
- size_t /*len*/,
- const HDB_Ext_Constrained_delegation_acl */*data*/,
- size_t */*size*/);
-
-int
-encode_HDB_Ext_Lan_Manager_OWF (
- unsigned char */*p*/,
- size_t /*len*/,
- const HDB_Ext_Lan_Manager_OWF */*data*/,
- size_t */*size*/);
-
-int
-encode_HDB_Ext_PKINIT_acl (
- unsigned char */*p*/,
- size_t /*len*/,
- const HDB_Ext_PKINIT_acl */*data*/,
- size_t */*size*/);
-
-int
-encode_HDB_Ext_PKINIT_certificate (
- unsigned char */*p*/,
- size_t /*len*/,
- const HDB_Ext_PKINIT_certificate */*data*/,
- size_t */*size*/);
-
-int
-encode_HDB_Ext_Password (
- unsigned char */*p*/,
- size_t /*len*/,
- const HDB_Ext_Password */*data*/,
- size_t */*size*/);
-
-int
-encode_HDB_extension (
- unsigned char */*p*/,
- size_t /*len*/,
- const HDB_extension */*data*/,
- size_t */*size*/);
-
-int
-encode_HDB_extensions (
- unsigned char */*p*/,
- size_t /*len*/,
- const HDB_extensions */*data*/,
- size_t */*size*/);
-
-int
-encode_Key (
- unsigned char */*p*/,
- size_t /*len*/,
- const Key */*data*/,
- size_t */*size*/);
-
-int
-encode_Salt (
- unsigned char */*p*/,
- size_t /*len*/,
- const Salt */*data*/,
- size_t */*size*/);
-
-int
-encode_hdb_entry (
- unsigned char */*p*/,
- size_t /*len*/,
- const hdb_entry */*data*/,
- size_t */*size*/);
-
-void
-free_Event (Event */*data*/);
-
-void
-free_GENERATION (GENERATION */*data*/);
-
-void
-free_HDBFlags (HDBFlags */*data*/);
-
-void
-free_HDB_Ext_Aliases (HDB_Ext_Aliases */*data*/);
-
-void
-free_HDB_Ext_Constrained_delegation_acl (HDB_Ext_Constrained_delegation_acl */*data*/);
-
-void
-free_HDB_Ext_Lan_Manager_OWF (HDB_Ext_Lan_Manager_OWF */*data*/);
-
-void
-free_HDB_Ext_PKINIT_acl (HDB_Ext_PKINIT_acl */*data*/);
-
-void
-free_HDB_Ext_PKINIT_certificate (HDB_Ext_PKINIT_certificate */*data*/);
-
-void
-free_HDB_Ext_Password (HDB_Ext_Password */*data*/);
-
-void
-free_HDB_extension (HDB_extension */*data*/);
-
-void
-free_HDB_extensions (HDB_extensions */*data*/);
-
-void
-free_Key (Key */*data*/);
-
-void
-free_Salt (Salt */*data*/);
-
-void
-free_hdb_entry (hdb_entry */*data*/);
-
krb5_error_code
hdb_add_master_key (
krb5_context /*context*/,
@@ -608,54 +297,6 @@ hdb_write_master_key (
const char */*filename*/,
hdb_master_key /*mkey*/);
-void
-initialize_hdb_error_table_r (struct et_list **/*list*/);
-
-HDBFlags
-int2HDBFlags (unsigned /*n*/);
-
-size_t
-length_Event (const Event */*data*/);
-
-size_t
-length_GENERATION (const GENERATION */*data*/);
-
-size_t
-length_HDBFlags (const HDBFlags */*data*/);
-
-size_t
-length_HDB_Ext_Aliases (const HDB_Ext_Aliases */*data*/);
-
-size_t
-length_HDB_Ext_Constrained_delegation_acl (const HDB_Ext_Constrained_delegation_acl */*data*/);
-
-size_t
-length_HDB_Ext_Lan_Manager_OWF (const HDB_Ext_Lan_Manager_OWF */*data*/);
-
-size_t
-length_HDB_Ext_PKINIT_acl (const HDB_Ext_PKINIT_acl */*data*/);
-
-size_t
-length_HDB_Ext_PKINIT_certificate (const HDB_Ext_PKINIT_certificate */*data*/);
-
-size_t
-length_HDB_Ext_Password (const HDB_Ext_Password */*data*/);
-
-size_t
-length_HDB_extension (const HDB_extension */*data*/);
-
-size_t
-length_HDB_extensions (const HDB_extensions */*data*/);
-
-size_t
-length_Key (const Key */*data*/);
-
-size_t
-length_Salt (const Salt */*data*/);
-
-size_t
-length_hdb_entry (const hdb_entry */*data*/);
-
#ifdef __cplusplus
}
#endif
diff --git a/source4/heimdal/lib/krb5/changepw.c b/source4/heimdal/lib/krb5/changepw.c
index e6ef1d9d9b..c3cd6d4db9 100644
--- a/source4/heimdal/lib/krb5/changepw.c
+++ b/source4/heimdal/lib/krb5/changepw.c
@@ -33,7 +33,7 @@
#include <krb5_locl.h>
-RCSID("$Id: changepw.c,v 1.53 2005/05/25 05:30:42 lha Exp $");
+RCSID("$Id: changepw.c,v 1.54 2005/09/08 11:38:01 lha Exp $");
static void
str2data (krb5_data *d,
@@ -67,7 +67,7 @@ chgpw_send_request (krb5_context context,
krb5_principal targprinc,
int is_stream,
int sock,
- char *passwd,
+ const char *passwd,
const char *host)
{
krb5_error_code ret;
@@ -98,7 +98,7 @@ chgpw_send_request (krb5_context context,
if (ret)
return ret;
- passwd_data.data = passwd;
+ passwd_data.data = rk_UNCONST(passwd);
passwd_data.length = strlen(passwd);
krb5_data_zero (&krb_priv_data);
@@ -160,7 +160,7 @@ setpw_send_request (krb5_context context,
krb5_principal targprinc,
int is_stream,
int sock,
- char *passwd,
+ const char *passwd,
const char *host)
{
krb5_error_code ret;
@@ -186,7 +186,7 @@ setpw_send_request (krb5_context context,
return ret;
chpw.newpasswd.length = strlen(passwd);
- chpw.newpasswd.data = passwd;
+ chpw.newpasswd.data = rk_UNCONST(passwd);
if (targprinc) {
chpw.targname = &targprinc->name;
chpw.targrealm = &targprinc->realm;
@@ -456,7 +456,7 @@ typedef krb5_error_code (*kpwd_send_request) (krb5_context,
krb5_principal,
int,
int,
- char *,
+ const char *,
const char *);
typedef krb5_error_code (*kpwd_process_reply) (krb5_context,
krb5_auth_context,
@@ -509,7 +509,7 @@ static krb5_error_code
change_password_loop (krb5_context context,
krb5_creds *creds,
krb5_principal targprinc,
- char *newpw,
+ const char *newpw,
int *result_code,
krb5_data *result_code_string,
krb5_data *result_string,
@@ -663,7 +663,7 @@ change_password_loop (krb5_context context,
krb5_error_code KRB5_LIB_FUNCTION
krb5_change_password (krb5_context context,
krb5_creds *creds,
- char *newpw,
+ const char *newpw,
int *result_code,
krb5_data *result_code_string,
krb5_data *result_string)
@@ -689,7 +689,7 @@ krb5_change_password (krb5_context context,
krb5_error_code KRB5_LIB_FUNCTION
krb5_set_password(krb5_context context,
krb5_creds *creds,
- char *newpw,
+ const char *newpw,
krb5_principal targprinc,
int *result_code,
krb5_data *result_code_string,
@@ -732,7 +732,7 @@ krb5_set_password(krb5_context context,
krb5_error_code KRB5_LIB_FUNCTION
krb5_set_password_using_ccache(krb5_context context,
krb5_ccache ccache,
- char *newpw,
+ const char *newpw,
krb5_principal targprinc,
int *result_code,
krb5_data *result_code_string,
diff --git a/source4/heimdal/lib/krb5/crypto.c b/source4/heimdal/lib/krb5/crypto.c
index 1c3e8d2a10..2e23306c96 100644
--- a/source4/heimdal/lib/krb5/crypto.c
+++ b/source4/heimdal/lib/krb5/crypto.c
@@ -32,7 +32,7 @@
*/
#include "krb5_locl.h"
-RCSID("$Id: crypto.c,v 1.128 2005/07/20 07:22:43 lha Exp $");
+RCSID("$Id: crypto.c,v 1.129 2005/09/19 22:13:54 lha Exp $");
#undef CRYPTO_DEBUG
#ifdef CRYPTO_DEBUG
@@ -188,68 +188,6 @@ krb5_DES_schedule(krb5_context context,
DES_set_key(key->key->keyvalue.data, key->schedule->data);
}
-static void
-DES_string_to_key_int(unsigned char *data, size_t length, DES_cblock *key)
-{
- DES_key_schedule schedule;
- int i;
- int reverse = 0;
- unsigned char *p;
-
- unsigned char swap[] = { 0x0, 0x8, 0x4, 0xc, 0x2, 0xa, 0x6, 0xe,
- 0x1, 0x9, 0x5, 0xd, 0x3, 0xb, 0x7, 0xf };
- memset(key, 0, 8);
-
- p = (unsigned char*)key;
- for (i = 0; i < length; i++) {
- unsigned char tmp = data[i];
- if (!reverse)
- *p++ ^= (tmp << 1);
- else
- *--p ^= (swap[tmp & 0xf] << 4) | swap[(tmp & 0xf0) >> 4];
- if((i % 8) == 7)
- reverse = !reverse;
- }
- DES_set_odd_parity(key);
- if(DES_is_weak_key(key))
- (*key)[7] ^= 0xF0;
- DES_set_key(key, &schedule);
- DES_cbc_cksum((void*)data, key, length, &schedule, key);
- memset(&schedule, 0, sizeof(schedule));
- DES_set_odd_parity(key);
- if(DES_is_weak_key(key))
- (*key)[7] ^= 0xF0;
-}
-
-static krb5_error_code
-krb5_DES_string_to_key(krb5_context context,
- krb5_enctype enctype,
- krb5_data password,
- krb5_salt salt,
- krb5_data opaque,
- krb5_keyblock *key)
-{
- unsigned char *s;
- size_t len;
- DES_cblock tmp;
-
- len = password.length + salt.saltvalue.length;
- s = malloc(len);
- if(len > 0 && s == NULL) {
- krb5_set_error_string(context, "malloc: out of memory");
- return ENOMEM;
- }
- memcpy(s, password.data, password.length);
- memcpy(s + password.length, salt.saltvalue.data, salt.saltvalue.length);
- DES_string_to_key_int(s, len, &tmp);
- key->keytype = enctype;
- krb5_data_copy(&key->keyvalue, tmp, sizeof(tmp));
- memset(&tmp, 0, sizeof(tmp));
- memset(s, 0, len);
- free(s);
- return 0;
-}
-
#ifdef ENABLE_AFS_STRING_TO_KEY
/* This defines the Andrew string_to_key function. It accepts a password
@@ -350,6 +288,78 @@ DES_AFS3_string_to_key(krb5_context context,
#endif /* ENABLE_AFS_STRING_TO_KEY */
static void
+DES_string_to_key_int(unsigned char *data, size_t length, DES_cblock *key)
+{
+ DES_key_schedule schedule;
+ int i;
+ int reverse = 0;
+ unsigned char *p;
+
+ unsigned char swap[] = { 0x0, 0x8, 0x4, 0xc, 0x2, 0xa, 0x6, 0xe,
+ 0x1, 0x9, 0x5, 0xd, 0x3, 0xb, 0x7, 0xf };
+ memset(key, 0, 8);
+
+ p = (unsigned char*)key;
+ for (i = 0; i < length; i++) {
+ unsigned char tmp = data[i];
+ if (!reverse)
+ *p++ ^= (tmp << 1);
+ else
+ *--p ^= (swap[tmp & 0xf] << 4) | swap[(tmp & 0xf0) >> 4];
+ if((i % 8) == 7)
+ reverse = !reverse;
+ }
+ DES_set_odd_parity(key);
+ if(DES_is_weak_key(key))
+ (*key)[7] ^= 0xF0;
+ DES_set_key(key, &schedule);
+ DES_cbc_cksum((void*)data, key, length, &schedule, key);
+ memset(&schedule, 0, sizeof(schedule));
+ DES_set_odd_parity(key);
+ if(DES_is_weak_key(key))
+ (*key)[7] ^= 0xF0;
+}
+
+static krb5_error_code
+krb5_DES_string_to_key(krb5_context context,
+ krb5_enctype enctype,
+ krb5_data password,
+ krb5_salt salt,
+ krb5_data opaque,
+ krb5_keyblock *key)
+{
+ unsigned char *s;
+ size_t len;
+ DES_cblock tmp;
+
+#ifdef ENABLE_AFS_STRING_TO_KEY
+ if (opaque.length == 1) {
+ unsigned long v;
+ _krb5_get_int(opaque.data, &v, 1);
+ if (v == 1)
+ return DES_AFS3_string_to_key(context, enctype, password,
+ salt, opaque, key);
+ }
+#endif
+
+ len = password.length + salt.saltvalue.length;
+ s = malloc(len);
+ if(len > 0 && s == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ memcpy(s, password.data, password.length);
+ memcpy(s + password.length, salt.saltvalue.data, salt.saltvalue.length);
+ DES_string_to_key_int(s, len, &tmp);
+ key->keytype = enctype;
+ krb5_data_copy(&key->keyvalue, tmp, sizeof(tmp));
+ memset(&tmp, 0, sizeof(tmp));
+ memset(s, 0, len);
+ free(s);
+ return 0;
+}
+
+static void
krb5_DES_random_to_key(krb5_context context,
krb5_keyblock *key,
const void *data,
diff --git a/source4/heimdal/lib/krb5/kcm.c b/source4/heimdal/lib/krb5/kcm.c
index b7873f33d5..f4372422ac 100644
--- a/source4/heimdal/lib/krb5/kcm.c
+++ b/source4/heimdal/lib/krb5/kcm.c
@@ -43,7 +43,7 @@
#include "kcm.h"
-RCSID("$Id: kcm.c,v 1.7 2005/06/17 04:20:11 lha Exp $");
+RCSID("$Id: kcm.c,v 1.8 2005/09/19 20:23:05 lha Exp $");
typedef struct krb5_kcmcache {
char *name;
@@ -246,7 +246,8 @@ kcm_call(krb5_context context,
krb5_data *response_data_p)
{
krb5_data response_data;
- krb5_error_code ret, status;
+ krb5_error_code ret;
+ int32_t status;
krb5_storage *response;
if (response_p != NULL)
@@ -605,7 +606,7 @@ kcm_get_first (krb5_context context,
krb5_kcmcache *k = KCMCACHE(id);
krb5_storage *request, *response;
krb5_data response_data;
- u_int32_t tmp;
+ int32_t tmp;
ret = kcm_storage_request(context, KCM_OP_GET_FIRST, &request);
if (ret)
@@ -624,7 +625,7 @@ kcm_get_first (krb5_context context,
}
ret = krb5_ret_int32(response, &tmp);
- if (ret)
+ if (ret || tmp < 0)
ret = KRB5_CC_IO;
krb5_storage_free(request);
diff --git a/source4/heimdal/lib/krb5/krb5-private.h b/source4/heimdal/lib/krb5/krb5-private.h
index 8e2ebcf43e..ef47bd1e26 100644
--- a/source4/heimdal/lib/krb5/krb5-private.h
+++ b/source4/heimdal/lib/krb5/krb5-private.h
@@ -340,14 +340,6 @@ _krb5_put_int (
unsigned long /*value*/,
size_t /*size*/);
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_rd_rep_type (
- krb5_context /*context*/,
- krb5_auth_context /*auth_context*/,
- const krb5_data */*inbuf*/,
- krb5_ap_rep_enc_part **/*repl*/,
- krb5_boolean /*dce_style_response*/);
-
int
_krb5_send_and_recv_tcp (
int /*fd*/,
diff --git a/source4/heimdal/lib/krb5/krb5-protos.h b/source4/heimdal/lib/krb5/krb5-protos.h
index 97f286b83e..8db553e6e3 100644
--- a/source4/heimdal/lib/krb5/krb5-protos.h
+++ b/source4/heimdal/lib/krb5/krb5-protos.h
@@ -20,15 +20,6 @@ extern "C" {
#endif
#endif
-void
-initialize_heim_error_table_r (struct et_list **/*list*/);
-
-void
-initialize_k524_error_table_r (struct et_list **/*list*/);
-
-void
-initialize_krb5_error_table_r (struct et_list **/*list*/);
-
krb5_error_code KRB5_LIB_FUNCTION
krb524_convert_creds_kdc (
krb5_context /*context*/,
@@ -706,7 +697,7 @@ krb5_error_code KRB5_LIB_FUNCTION
krb5_change_password (
krb5_context /*context*/,
krb5_creds */*creds*/,
- char */*newpw*/,
+ const char */*newpw*/,
int */*result_code*/,
krb5_data */*result_code_string*/,
krb5_data */*result_string*/);
@@ -2629,7 +2620,7 @@ krb5_rd_req_return_keyblock (
krb5_keytab /*keytab*/,
krb5_flags */*ap_req_options*/,
krb5_ticket **/*ticket*/,
- krb5_keyblock **/*keyblock*/);
+ krb5_keyblock **/*return_keyblock*/);
krb5_error_code KRB5_LIB_FUNCTION
krb5_rd_req_with_keyblock (
@@ -2854,7 +2845,7 @@ krb5_error_code KRB5_LIB_FUNCTION
krb5_set_password (
krb5_context /*context*/,
krb5_creds */*creds*/,
- char */*newpw*/,
+ const char */*newpw*/,
krb5_principal /*targprinc*/,
int */*result_code*/,
krb5_data */*result_code_string*/,
@@ -2864,7 +2855,7 @@ krb5_error_code KRB5_LIB_FUNCTION
krb5_set_password_using_ccache (
krb5_context /*context*/,
krb5_ccache /*ccache*/,
- char */*newpw*/,
+ const char */*newpw*/,
krb5_principal /*targprinc*/,
int */*result_code*/,
krb5_data */*result_code_string*/,
diff --git a/source4/heimdal/lib/krb5/pkinit.c b/source4/heimdal/lib/krb5/pkinit.c
index 69f72d7b88..7ac1436f6e 100755
--- a/source4/heimdal/lib/krb5/pkinit.c
+++ b/source4/heimdal/lib/krb5/pkinit.c
@@ -33,7 +33,7 @@
#include "krb5_locl.h"
-RCSID("$Id: pkinit.c,v 1.59 2005/08/12 08:53:00 lha Exp $");
+RCSID("$Id: pkinit.c,v 1.62 2005/09/20 23:21:36 lha Exp $");
#ifdef PKINIT
@@ -867,10 +867,11 @@ _krb5_pk_mk_padata(krb5_context context,
if (ret)
goto out;
} else {
+#if 0
ret = pk_mk_padata(context, COMPAT_19, ctx, req_body, nonce, md);
if (ret)
goto out;
-
+#endif
ret = pk_mk_padata(context, COMPAT_27, ctx, req_body, nonce, md);
if (ret)
goto out;
@@ -1143,7 +1144,7 @@ _krb5_pk_verify_sign(krb5_context context,
EVP_PKEY *public_key;
krb5_error_code ret;
EVP_MD_CTX md;
- X509 *cert;
+ X509 *cert = NULL;
SignedData sd;
size_t size;
@@ -1187,7 +1188,6 @@ _krb5_pk_verify_sign(krb5_context context,
set.len = sd.certificates->len;
ret = cert_to_X509(context, &set, &certificates);
- free_CertificateSet(&set);
}
if (ret) {
krb5_set_error_string(context,
@@ -1860,10 +1860,13 @@ _krb5_pk_rd_pa_reply(krb5_context context,
return ret;
default:
free_PA_PK_AS_REP(&rep);
- krb5_set_error_string(context, "PKINIT: -25 reply "
+ krb5_set_error_string(context, "PKINIT: -27 reply "
"invalid content type");
+ ret = EINVAL;
break;
}
+ if (ret == 0)
+ return ret;
}
/* Check for PK-INIT -19 */
@@ -1911,7 +1914,7 @@ _krb5_pk_rd_pa_reply(krb5_context context,
&w2krep,
&size);
if (ret) {
- krb5_set_error_string(context, "PKINIT: Failed decoding windows"
+ krb5_set_error_string(context, "PKINIT: Failed decoding windows "
"pkinit reply %d", ret);
return ret;
}