summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
Diffstat (limited to 'source4')
-rw-r--r--source4/heimdal/base/baselocl.h52
-rw-r--r--source4/heimdal/base/heimbase.c15
-rw-r--r--source4/heimdal/cf/make-proto.pl1
-rw-r--r--source4/heimdal/kdc/default_config.c3
-rw-r--r--source4/heimdal/kdc/kaserver.c955
-rw-r--r--source4/heimdal/kdc/misc.c21
-rw-r--r--source4/heimdal/kdc/process.c77
-rw-r--r--source4/heimdal/kuser/kinit.c14
-rw-r--r--source4/heimdal/kuser/kuser_locl.h3
-rw-r--r--source4/heimdal/lib/asn1/asn1parse.c724
-rw-r--r--source4/heimdal/lib/asn1/asn1parse.y4
-rw-r--r--source4/heimdal/lib/asn1/gen_template.c4
-rw-r--r--source4/heimdal/lib/com_err/com_err.h20
-rw-r--r--source4/heimdal/lib/com_err/com_right.h35
-rw-r--r--source4/heimdal/lib/com_err/error.c8
-rw-r--r--source4/heimdal/lib/com_err/lex.c83
-rw-r--r--source4/heimdal/lib/com_err/lex.h2
-rw-r--r--source4/heimdal/lib/com_err/lex.l5
-rw-r--r--source4/heimdal/lib/com_err/parse.c265
-rw-r--r--source4/heimdal/lib/com_err/parse.y5
-rw-r--r--source4/heimdal/lib/gssapi/gssapi/gssapi.h85
-rw-r--r--source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h73
-rw-r--r--source4/heimdal/lib/gssapi/gssapi/gssapi_oid.h231
-rw-r--r--source4/heimdal/lib/gssapi/gssapi_mech.h80
-rw-r--r--source4/heimdal/lib/gssapi/krb5/acquire_cred.c14
-rw-r--r--source4/heimdal/lib/gssapi/krb5/external.c238
-rw-r--r--source4/heimdal/lib/gssapi/krb5/set_cred_option.c9
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_mech_switch.c2
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_mo.c464
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_oid.c253
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_oid_equal.c2
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_oid_to_str.c31
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_wrap.c15
-rw-r--r--source4/heimdal/lib/gssapi/mech/mech_locl.h15
-rw-r--r--source4/heimdal/lib/gssapi/spnego/external.c49
-rw-r--r--source4/heimdal/lib/hcrypto/rsa-ltm.c3
-rw-r--r--source4/heimdal/lib/hcrypto/validate.c1
-rw-r--r--source4/heimdal/lib/hdb/db.c2
-rw-r--r--source4/heimdal/lib/hdb/hdb-keytab.c10
-rw-r--r--source4/heimdal/lib/hdb/hdb.c2
-rw-r--r--source4/heimdal/lib/hdb/hdb.h22
-rw-r--r--source4/heimdal/lib/hdb/keytab.c15
-rw-r--r--source4/heimdal/lib/hdb/ndbm.c2
-rw-r--r--source4/heimdal/lib/hx509/sel-gram.c248
-rw-r--r--source4/heimdal/lib/krb5/cache.c49
-rw-r--r--source4/heimdal/lib/krb5/changepw.c46
-rw-r--r--source4/heimdal/lib/krb5/config_file.c73
-rw-r--r--source4/heimdal/lib/krb5/constants.c17
-rw-r--r--source4/heimdal/lib/krb5/context.c70
-rw-r--r--source4/heimdal/lib/krb5/convert_creds.c134
-rw-r--r--source4/heimdal/lib/krb5/creds.c2
-rw-r--r--source4/heimdal/lib/krb5/crypto.c6
-rw-r--r--source4/heimdal/lib/krb5/error_string.c4
-rw-r--r--source4/heimdal/lib/krb5/get_cred.c3
-rw-r--r--source4/heimdal/lib/krb5/kcm.c4
-rw-r--r--source4/heimdal/lib/krb5/keyblock.c2
-rw-r--r--source4/heimdal/lib/krb5/krb5.h4
-rw-r--r--source4/heimdal/lib/krb5/krb5_locl.h6
-rw-r--r--source4/heimdal/lib/krb5/misc.c2
-rw-r--r--source4/heimdal/lib/krb5/pac.c62
-rw-r--r--source4/heimdal/lib/krb5/padata.c2
-rw-r--r--source4/heimdal/lib/krb5/pcache.c2
-rw-r--r--source4/heimdal/lib/krb5/pkinit.c16
-rw-r--r--source4/heimdal/lib/krb5/plugin.c70
-rw-r--r--source4/heimdal/lib/krb5/principal.c437
-rw-r--r--source4/heimdal/lib/krb5/ticket.c2
-rw-r--r--source4/heimdal/lib/krb5/v4_glue.c960
-rw-r--r--source4/heimdal/lib/krb5/warn.c8
-rw-r--r--source4/heimdal/lib/ntlm/ntlm.c18
-rw-r--r--source4/heimdal/lib/roken/getarg.c14
-rw-r--r--source4/heimdal/lib/roken/rand.c48
-rw-r--r--source4/heimdal/lib/roken/resolve.c8
-rw-r--r--source4/heimdal/lib/roken/roken-common.h12
-rw-r--r--source4/heimdal/lib/roken/roken.h.in43
-rw-r--r--source4/heimdal/lib/roken/setprogname.c33
-rw-r--r--source4/heimdal/lib/roken/socket.c39
-rw-r--r--source4/heimdal_build/roken.h3
-rw-r--r--source4/heimdal_build/wscript_build8
-rw-r--r--source4/kdc/hdb-samba4.c16
-rw-r--r--source4/kdc/kdc.c11
80 files changed, 2665 insertions, 3731 deletions
diff --git a/source4/heimdal/base/baselocl.h b/source4/heimdal/base/baselocl.h
index 06806d2762..5f157264c1 100644
--- a/source4/heimdal/base/baselocl.h
+++ b/source4/heimdal/base/baselocl.h
@@ -33,13 +33,17 @@
* SUCH DAMAGE.
*/
+#include "config.h"
+
#include <stdio.h>
#include <stdlib.h>
+#include <string.h>
#include <errno.h>
#include <limits.h>
-#include <unistd.h>
-#include "config.h"
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
#include "heimqueue.h"
#include "heim_threads.h"
@@ -50,14 +54,8 @@
#include <dispatch/dispatch.h>
#endif
-#if HEIM_BASE_NON_ATOMIC
-/* non-atomic varients */
-#define heim_base_atomic_inc(x) ++(*(x))
-#define heim_base_atomic_dec(x) --(*(x))
-#define heim_base_atomic_type unsigned int
-#define heim_base_atomic_max UINT_MAX
+#if defined(__GNUC__) && defined(HAVE___SYNC_ADD_AND_FETCH)
-#elif defined(__GNUC__)
#define heim_base_atomic_inc(x) __sync_add_and_fetch((x), 1)
#define heim_base_atomic_dec(x) __sync_sub_and_fetch((x), 1)
#define heim_base_atomic_type unsigned int
@@ -65,12 +63,44 @@
#define heim_base_exchange_pointer(t,v) __sync_lock_test_and_set((t), (v))
-#elif 0 /* windows */
+#elif defined(_WIN32)
+
+#define heim_base_atomic_inc(x) InterlockedIncrement(x)
+#define heim_base_atomic_dec(x) InterlockedDecrement(x)
+#define heim_base_atomic_type LONG
+#define heim_base_atomic_max MAXLONG
#define heim_base_exchange_pointer(t,v) InterlockedExchangePointer((t),(v))
#else
-#error "provide atomic integer operations for your compiler"
+
+#define HEIM_BASE_NEED_ATOMIC_MUTEX 1
+extern HEIMDAL_MUTEX _heim_base_mutex;
+
+#define heim_base_atomic_type unsigned int
+
+static inline heim_base_atomic_type
+heim_base_atomic_inc(heim_base_atomic_type *x)
+{
+ heim_base_atomic_type t;
+ HEIMDAL_MUTEX_lock(&_heim_base_mutex);
+ t = ++(*x);
+ HEIMDAL_MUTEX_unlock(&_heim_base_mutex);
+ return t;
+}
+
+static inline heim_base_atomic_type
+heim_base_atomic_dec(heim_base_atomic_type *x)
+{
+ heim_base_atomic_type t;
+ HEIMDAL_MUTEX_lock(&_heim_base_mutex);
+ t = --(*x);
+ HEIMDAL_MUTEX_unlock(&_heim_base_mutex);
+ return t;
+}
+
+#define heim_base_atomic_max UINT_MAX
+
#endif
/* tagged strings/object/XXX */
diff --git a/source4/heimdal/base/heimbase.c b/source4/heimdal/base/heimbase.c
index 137129abb2..b8d5d74a9a 100644
--- a/source4/heimdal/base/heimbase.c
+++ b/source4/heimdal/base/heimbase.c
@@ -60,6 +60,10 @@ struct heim_base_mem {
#define PTR2BASE(ptr) (((struct heim_base *)ptr) - 1)
#define BASE2PTR(ptr) ((void *)(((struct heim_base *)ptr) + 1))
+#ifdef HEIM_BASE_NEED_ATOMIC_MUTEX
+HEIMDAL_MUTEX _heim_base_mutex = HEIMDAL_MUTEX_INITIALIZER;
+#endif
+
/*
* Auto release structure
*/
@@ -334,6 +338,8 @@ heim_base_once_f(heim_base_once_t *once, void *ctx, void (*func)(void *))
} else {
HEIMDAL_MUTEX_unlock(&mutex);
while (1) {
+ struct timeval tv = { 0, 1000 };
+ select(0, NULL, NULL, NULL, &tv);
HEIMDAL_MUTEX_lock(&mutex);
if (*once == 2)
break;
@@ -364,13 +370,10 @@ heim_abort(const char *fmt, ...)
void
heim_abortv(const char *fmt, va_list ap)
{
- char *str = NULL;
- int ret;
+ static char str[1024];
- ret = vasprintf(&str, fmt, ap);
- if (ret > 0 && str) {
- syslog(LOG_ERR, "heim_abort: %s", str);
- }
+ vsnprintf(str, sizeof(str), fmt, ap);
+ syslog(LOG_ERR, "heim_abort: %s", str);
abort();
}
diff --git a/source4/heimdal/cf/make-proto.pl b/source4/heimdal/cf/make-proto.pl
index 566534f247..bc323b9433 100644
--- a/source4/heimdal/cf/make-proto.pl
+++ b/source4/heimdal/cf/make-proto.pl
@@ -180,6 +180,7 @@ sub foo {
local ($arg) = @_;
$_ = $arg;
s/.*\/([^\/]*)/$1/;
+ s/.*\\([^\\]*)/$1/;
s/[^a-zA-Z0-9]/_/g;
"__" . $_ . "__";
}
diff --git a/source4/heimdal/kdc/default_config.c b/source4/heimdal/kdc/default_config.c
index 66108f4dec..e26245323c 100644
--- a/source4/heimdal/kdc/default_config.c
+++ b/source4/heimdal/kdc/default_config.c
@@ -296,7 +296,6 @@ krb5_kdc_pkinit_config(krb5_context context, krb5_kdc_configuration *config)
}
-#endif /* PKINIT */
-
return 0;
+#endif /* PKINIT */
}
diff --git a/source4/heimdal/kdc/kaserver.c b/source4/heimdal/kdc/kaserver.c
deleted file mode 100644
index 827205a805..0000000000
--- a/source4/heimdal/kdc/kaserver.c
+++ /dev/null
@@ -1,955 +0,0 @@
-/*
- * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "kdc_locl.h"
-
-#ifdef KRB4
-
-#include <krb5-v4compat.h>
-#include <rx.h>
-
-#define KA_AUTHENTICATION_SERVICE 731
-#define KA_TICKET_GRANTING_SERVICE 732
-#define KA_MAINTENANCE_SERVICE 733
-
-#define AUTHENTICATE_OLD 1
-#define CHANGEPASSWORD 2
-#define GETTICKET_OLD 3
-#define SETPASSWORD 4
-#define SETFIELDS 5
-#define CREATEUSER 6
-#define DELETEUSER 7
-#define GETENTRY 8
-#define LISTENTRY 9
-#define GETSTATS 10
-#define DEBUG 11
-#define GETPASSWORD 12
-#define GETRANDOMKEY 13
-#define AUTHENTICATE 21
-#define AUTHENTICATE_V2 22
-#define GETTICKET 23
-
-/* XXX - Where do we get these? */
-
-#define RXGEN_OPCODE (-455)
-
-#define KADATABASEINCONSISTENT (180480L)
-#define KAEXIST (180481L)
-#define KAIO (180482L)
-#define KACREATEFAIL (180483L)
-#define KANOENT (180484L)
-#define KAEMPTY (180485L)
-#define KABADNAME (180486L)
-#define KABADINDEX (180487L)
-#define KANOAUTH (180488L)
-#define KAANSWERTOOLONG (180489L)
-#define KABADREQUEST (180490L)
-#define KAOLDINTERFACE (180491L)
-#define KABADARGUMENT (180492L)
-#define KABADCMD (180493L)
-#define KANOKEYS (180494L)
-#define KAREADPW (180495L)
-#define KABADKEY (180496L)
-#define KAUBIKINIT (180497L)
-#define KAUBIKCALL (180498L)
-#define KABADPROTOCOL (180499L)
-#define KANOCELLS (180500L)
-#define KANOCELL (180501L)
-#define KATOOMANYUBIKS (180502L)
-#define KATOOMANYKEYS (180503L)
-#define KABADTICKET (180504L)
-#define KAUNKNOWNKEY (180505L)
-#define KAKEYCACHEINVALID (180506L)
-#define KABADSERVER (180507L)
-#define KABADUSER (180508L)
-#define KABADCPW (180509L)
-#define KABADCREATE (180510L)
-#define KANOTICKET (180511L)
-#define KAASSOCUSER (180512L)
-#define KANOTSPECIAL (180513L)
-#define KACLOCKSKEW (180514L)
-#define KANORECURSE (180515L)
-#define KARXFAIL (180516L)
-#define KANULLPASSWORD (180517L)
-#define KAINTERNALERROR (180518L)
-#define KAPWEXPIRED (180519L)
-#define KAREUSED (180520L)
-#define KATOOSOON (180521L)
-#define KALOCKED (180522L)
-
-
-static krb5_error_code
-decode_rx_header (krb5_storage *sp,
- struct rx_header *h)
-{
- krb5_error_code ret;
-
- ret = krb5_ret_uint32(sp, &h->epoch);
- if (ret) return ret;
- ret = krb5_ret_uint32(sp, &h->connid);
- if (ret) return ret;
- ret = krb5_ret_uint32(sp, &h->callid);
- if (ret) return ret;
- ret = krb5_ret_uint32(sp, &h->seqno);
- if (ret) return ret;
- ret = krb5_ret_uint32(sp, &h->serialno);
- if (ret) return ret;
- ret = krb5_ret_uint8(sp, &h->type);
- if (ret) return ret;
- ret = krb5_ret_uint8(sp, &h->flags);
- if (ret) return ret;
- ret = krb5_ret_uint8(sp, &h->status);
- if (ret) return ret;
- ret = krb5_ret_uint8(sp, &h->secindex);
- if (ret) return ret;
- ret = krb5_ret_uint16(sp, &h->reserved);
- if (ret) return ret;
- ret = krb5_ret_uint16(sp, &h->serviceid);
- if (ret) return ret;
-
- return 0;
-}
-
-static krb5_error_code
-encode_rx_header (struct rx_header *h,
- krb5_storage *sp)
-{
- krb5_error_code ret;
-
- ret = krb5_store_uint32(sp, h->epoch);
- if (ret) return ret;
- ret = krb5_store_uint32(sp, h->connid);
- if (ret) return ret;
- ret = krb5_store_uint32(sp, h->callid);
- if (ret) return ret;
- ret = krb5_store_uint32(sp, h->seqno);
- if (ret) return ret;
- ret = krb5_store_uint32(sp, h->serialno);
- if (ret) return ret;
- ret = krb5_store_uint8(sp, h->type);
- if (ret) return ret;
- ret = krb5_store_uint8(sp, h->flags);
- if (ret) return ret;
- ret = krb5_store_uint8(sp, h->status);
- if (ret) return ret;
- ret = krb5_store_uint8(sp, h->secindex);
- if (ret) return ret;
- ret = krb5_store_uint16(sp, h->reserved);
- if (ret) return ret;
- ret = krb5_store_uint16(sp, h->serviceid);
- if (ret) return ret;
-
- return 0;
-}
-
-static void
-init_reply_header (struct rx_header *hdr,
- struct rx_header *reply_hdr,
- u_char type,
- u_char flags)
-{
- reply_hdr->epoch = hdr->epoch;
- reply_hdr->connid = hdr->connid;
- reply_hdr->callid = hdr->callid;
- reply_hdr->seqno = 1;
- reply_hdr->serialno = 1;
- reply_hdr->type = type;
- reply_hdr->flags = flags;
- reply_hdr->status = 0;
- reply_hdr->secindex = 0;
- reply_hdr->reserved = 0;
- reply_hdr->serviceid = hdr->serviceid;
-}
-
-/*
- * Create an error `reply´ using for the packet `hdr' with the error
- * `error´ code.
- */
-static void
-make_error_reply (struct rx_header *hdr,
- uint32_t error,
- krb5_data *reply)
-
-{
- struct rx_header reply_hdr;
- krb5_error_code ret;
- krb5_storage *sp;
-
- init_reply_header (hdr, &reply_hdr, HT_ABORT, HF_LAST);
- sp = krb5_storage_emem();
- if (sp == NULL)
- return;
- ret = encode_rx_header (&reply_hdr, sp);
- if (ret)
- return;
- krb5_store_int32(sp, error);
- krb5_storage_to_data (sp, reply);
- krb5_storage_free (sp);
-}
-
-static krb5_error_code
-krb5_ret_xdr_data(krb5_storage *sp,
- krb5_data *data)
-{
- int ret;
- int size;
- ret = krb5_ret_int32(sp, &size);
- if(ret)
- return ret;
- if(size < 0)
- return ERANGE;
- data->length = size;
- if (size) {
- u_char foo[4];
- size_t pad = (4 - size % 4) % 4;
-
- data->data = malloc(size);
- if (data->data == NULL)
- return ENOMEM;
- ret = krb5_storage_read(sp, data->data, size);
- if(ret != size)
- return (ret < 0)? errno : KRB5_CC_END;
- if (pad) {
- ret = krb5_storage_read(sp, foo, pad);
- if (ret != pad)
- return (ret < 0)? errno : KRB5_CC_END;
- }
- } else
- data->data = NULL;
- return 0;
-}
-
-static krb5_error_code
-krb5_store_xdr_data(krb5_storage *sp,
- krb5_data data)
-{
- u_char zero[4] = {0, 0, 0, 0};
- int ret;
- size_t pad;
-
- ret = krb5_store_int32(sp, data.length);
- if(ret < 0)
- return ret;
- ret = krb5_storage_write(sp, data.data, data.length);
- if(ret != data.length){
- if(ret < 0)
- return errno;
- return KRB5_CC_END;
- }
- pad = (4 - data.length % 4) % 4;
- if (pad) {
- ret = krb5_storage_write(sp, zero, pad);
- if (ret != pad) {
- if (ret < 0)
- return errno;
- return KRB5_CC_END;
- }
- }
- return 0;
-}
-
-
-static krb5_error_code
-create_reply_ticket (krb5_context context,
- struct rx_header *hdr,
- Key *skey,
- char *name, char *instance, char *realm,
- struct sockaddr_in *addr,
- int life,
- int kvno,
- int32_t max_seq_len,
- const char *sname, const char *sinstance,
- uint32_t challenge,
- const char *label,
- krb5_keyblock *key,
- krb5_data *reply)
-{
- krb5_error_code ret;
- krb5_data ticket;
- krb5_keyblock session;
- krb5_storage *sp;
- krb5_data enc_data;
- struct rx_header reply_hdr;
- char zero[8];
- size_t pad;
- unsigned fyrtiosjuelva;
-
- /* create the ticket */
-
- krb5_generate_random_keyblock(context, ETYPE_DES_PCBC_NONE, &session);
-
- _krb5_krb_create_ticket(context,
- 0,
- name,
- instance,
- realm,
- addr->sin_addr.s_addr,
- &session,
- life,
- kdc_time,
- sname,
- sinstance,
- &skey->key,
- &ticket);
-
- /* create the encrypted part of the reply */
- sp = krb5_storage_emem ();
- krb5_generate_random_block(&fyrtiosjuelva, sizeof(fyrtiosjuelva));
- fyrtiosjuelva &= 0xffffffff;
- krb5_store_int32 (sp, fyrtiosjuelva);
- krb5_store_int32 (sp, challenge);
- krb5_storage_write (sp, session.keyvalue.data, 8);
- krb5_free_keyblock_contents(context, &session);
- krb5_store_int32 (sp, kdc_time);
- krb5_store_int32 (sp, kdc_time + _krb5_krb_life_to_time (0, life));
- krb5_store_int32 (sp, kvno);
- krb5_store_int32 (sp, ticket.length);
- krb5_store_stringz (sp, name);
- krb5_store_stringz (sp, instance);
-#if 1 /* XXX - Why shouldn't the realm go here? */
- krb5_store_stringz (sp, "");
-#else
- krb5_store_stringz (sp, realm);
-#endif
- krb5_store_stringz (sp, sname);
- krb5_store_stringz (sp, sinstance);
- krb5_storage_write (sp, ticket.data, ticket.length);
- krb5_storage_write (sp, label, strlen(label));
-
- /* pad to DES block */
- memset (zero, 0, sizeof(zero));
- pad = (8 - krb5_storage_seek (sp, 0, SEEK_CUR) % 8) % 8;
- krb5_storage_write (sp, zero, pad);
-
- krb5_storage_to_data (sp, &enc_data);
- krb5_storage_free (sp);
-
- if (enc_data.length > max_seq_len) {
- krb5_data_free (&enc_data);
- make_error_reply (hdr, KAANSWERTOOLONG, reply);
- return 0;
- }
-
- /* encrypt it */
- {
- DES_key_schedule schedule;
- DES_cblock deskey;
-
- memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
- DES_set_key_unchecked (&deskey, &schedule);
- DES_pcbc_encrypt (enc_data.data,
- enc_data.data,
- enc_data.length,
- &schedule,
- &deskey,
- DES_ENCRYPT);
- memset (&schedule, 0, sizeof(schedule));
- memset (&deskey, 0, sizeof(deskey));
- }
-
- /* create the reply packet */
- init_reply_header (hdr, &reply_hdr, HT_DATA, HF_LAST);
- sp = krb5_storage_emem ();
- ret = encode_rx_header (&reply_hdr, sp);
- krb5_store_int32 (sp, max_seq_len);
- krb5_store_xdr_data (sp, enc_data);
- krb5_data_free (&enc_data);
- krb5_storage_to_data (sp, reply);
- krb5_storage_free (sp);
- return 0;
-}
-
-static krb5_error_code
-unparse_auth_args (krb5_storage *sp,
- char **name,
- char **instance,
- time_t *start_time,
- time_t *end_time,
- krb5_data *request,
- int32_t *max_seq_len)
-{
- krb5_data data;
- int32_t tmp;
-
- krb5_ret_xdr_data (sp, &data);
- *name = malloc(data.length + 1);
- if (*name == NULL)
- return ENOMEM;
- memcpy (*name, data.data, data.length);
- (*name)[data.length] = '\0';
- krb5_data_free (&data);
-
- krb5_ret_xdr_data (sp, &data);
- *instance = malloc(data.length + 1);
- if (*instance == NULL) {
- free (*name);
- return ENOMEM;
- }
- memcpy (*instance, data.data, data.length);
- (*instance)[data.length] = '\0';
- krb5_data_free (&data);
-
- krb5_ret_int32 (sp, &tmp);
- *start_time = tmp;
- krb5_ret_int32 (sp, &tmp);
- *end_time = tmp;
- krb5_ret_xdr_data (sp, request);
- krb5_ret_int32 (sp, max_seq_len);
- /* ignore the rest */
- return 0;
-}
-
-static void
-do_authenticate (krb5_context context,
- krb5_kdc_configuration *config,
- struct rx_header *hdr,
- krb5_storage *sp,
- struct sockaddr_in *addr,
- const char *from,
- krb5_data *reply)
-{
- krb5_error_code ret;
- char *name = NULL;
- char *instance = NULL;
- time_t start_time;
- time_t end_time;
- krb5_data request;
- int32_t max_seq_len;
- hdb_entry_ex *client_entry = NULL;
- hdb_entry_ex *server_entry = NULL;
- Key *ckey = NULL;
- Key *skey = NULL;
- krb5_storage *reply_sp;
- time_t max_life;
- uint8_t life;
- int32_t chal;
- char client_name[256];
- char server_name[256];
-
- krb5_data_zero (&request);
-
- ret = unparse_auth_args (sp, &name, &instance, &start_time, &end_time,
- &request, &max_seq_len);
- if (ret != 0 || request.length < 8) {
- make_error_reply (hdr, KABADREQUEST, reply);
- goto out;
- }
-
- snprintf (client_name, sizeof(client_name), "%s.%s@%s",
- name, instance, config->v4_realm);
- snprintf (server_name, sizeof(server_name), "%s.%s@%s",
- "krbtgt", config->v4_realm, config->v4_realm);
-
- kdc_log(context, config, 0, "AS-REQ (kaserver) %s from %s for %s",
- client_name, from, server_name);
-
- ret = _kdc_db_fetch4 (context, config, name, instance,
- config->v4_realm, HDB_F_GET_CLIENT,
- &client_entry);
- if (ret) {
- kdc_log(context, config, 0, "Client not found in database: %s: %s",
- client_name, krb5_get_err_text(context, ret));
- make_error_reply (hdr, KANOENT, reply);
- goto out;
- }
-
- ret = _kdc_db_fetch4 (context, config, "krbtgt",
- config->v4_realm, config->v4_realm,
- HDB_F_GET_KRBTGT, &server_entry);
- if (ret) {
- kdc_log(context, config, 0, "Server not found in database: %s: %s",
- server_name, krb5_get_err_text(context, ret));
- make_error_reply (hdr, KANOENT, reply);
- goto out;
- }
-
- ret = kdc_check_flags (context, config,
- client_entry, client_name,
- server_entry, server_name,
- TRUE);
- if (ret) {
- make_error_reply (hdr, KAPWEXPIRED, reply);
- goto out;
- }
-
- /* find a DES key */
- ret = _kdc_get_des_key(context, client_entry, FALSE, TRUE, &ckey);
- if(ret){
- kdc_log(context, config, 0, "no suitable DES key for client");
- make_error_reply (hdr, KANOKEYS, reply);
- goto out;
- }
-
- /* find a DES key */
- ret = _kdc_get_des_key(context, server_entry, TRUE, TRUE, &skey);
- if(ret){
- kdc_log(context, config, 0, "no suitable DES key for server");
- make_error_reply (hdr, KANOKEYS, reply);
- goto out;
- }
-
- {
- DES_cblock key;
- DES_key_schedule schedule;
-
- /* try to decode the `request' */
- memcpy (&key, ckey->key.keyvalue.data, sizeof(key));
- DES_set_key_unchecked (&key, &schedule);
- DES_pcbc_encrypt (request.data,
- request.data,
- request.length,
- &schedule,
- &key,
- DES_DECRYPT);
- memset (&schedule, 0, sizeof(schedule));
- memset (&key, 0, sizeof(key));
- }
-
- /* check for the magic label */
- if (memcmp ((char *)request.data + 4, "gTGS", 4) != 0) {
- kdc_log(context, config, 0, "preauth failed for %s", client_name);
- make_error_reply (hdr, KABADREQUEST, reply);
- goto out;
- }
-
- reply_sp = krb5_storage_from_mem (request.data, 4);
- krb5_ret_int32 (reply_sp, &chal);
- krb5_storage_free (reply_sp);
-
- if (abs(chal - kdc_time) > context->max_skew) {
- make_error_reply (hdr, KACLOCKSKEW, reply);
- goto out;
- }
-
- /* life */
- max_life = end_time - kdc_time;
- /* end_time - kdc_time can sometimes be non-positive due to slight
- time skew between client and server. Let's make sure it is postive */
- if(max_life < 1)
- max_life = 1;
- if (client_entry->entry.max_life)
- max_life = min(max_life, *client_entry->entry.max_life);
- if (server_entry->entry.max_life)
- max_life = min(max_life, *server_entry->entry.max_life);
-
- life = krb_time_to_life(kdc_time, kdc_time + max_life);
-
- create_reply_ticket (context,
- hdr, skey,
- name, instance, config->v4_realm,
- addr, life, server_entry->entry.kvno,
- max_seq_len,
- "krbtgt", config->v4_realm,
- chal + 1, "tgsT",
- &ckey->key, reply);
-
- out:
- if (request.length) {
- memset (request.data, 0, request.length);
- krb5_data_free (&request);
- }
- if (name)
- free (name);
- if (instance)
- free (instance);
- if (client_entry)
- _kdc_free_ent (context, client_entry);
- if (server_entry)
- _kdc_free_ent (context, server_entry);
-}
-
-static krb5_error_code
-unparse_getticket_args (krb5_storage *sp,
- int *kvno,
- char **auth_domain,
- krb5_data *ticket,
- char **name,
- char **instance,
- krb5_data *times,
- int32_t *max_seq_len)
-{
- krb5_data data;
- int32_t tmp;
-
- krb5_ret_int32 (sp, &tmp);
- *kvno = tmp;
-
- krb5_ret_xdr_data (sp, &data);
- *auth_domain = malloc(data.length + 1);
- if (*auth_domain == NULL)
- return ENOMEM;
- memcpy (*auth_domain, data.data, data.length);
- (*auth_domain)[data.length] = '\0';
- krb5_data_free (&data);
-
- krb5_ret_xdr_data (sp, ticket);
-
- krb5_ret_xdr_data (sp, &data);
- *name = malloc(data.length + 1);
- if (*name == NULL) {
- free (*auth_domain);
- return ENOMEM;
- }
- memcpy (*name, data.data, data.length);
- (*name)[data.length] = '\0';
- krb5_data_free (&data);
-
- krb5_ret_xdr_data (sp, &data);
- *instance = malloc(data.length + 1);
- if (*instance == NULL) {
- free (*auth_domain);
- free (*name);
- return ENOMEM;
- }
- memcpy (*instance, data.data, data.length);
- (*instance)[data.length] = '\0';
- krb5_data_free (&data);
-
- krb5_ret_xdr_data (sp, times);
-
- krb5_ret_int32 (sp, max_seq_len);
- /* ignore the rest */
- return 0;
-}
-
-static void
-do_getticket (krb5_context context,
- krb5_kdc_configuration *config,
- struct rx_header *hdr,
- krb5_storage *sp,
- struct sockaddr_in *addr,
- const char *from,
- krb5_data *reply)
-{
- krb5_error_code ret;
- int kvno;
- char *auth_domain = NULL;
- krb5_data aticket;
- char *name = NULL;
- char *instance = NULL;
- krb5_data times;
- int32_t max_seq_len;
- hdb_entry_ex *server_entry = NULL;
- hdb_entry_ex *client_entry = NULL;
- hdb_entry_ex *krbtgt_entry = NULL;
- Key *kkey = NULL;
- Key *skey = NULL;
- DES_cblock key;
- DES_key_schedule schedule;
- DES_cblock session;
- time_t max_life;
- int8_t life;
- time_t start_time, end_time;
- char server_name[256];
- char client_name[256];
- struct _krb5_krb_auth_data ad;
-
- krb5_data_zero (&aticket);
- krb5_data_zero (&times);
-
- memset(&ad, 0, sizeof(ad));
-
- unparse_getticket_args (sp, &kvno, &auth_domain, &aticket,
- &name, &instance, &times, &max_seq_len);
- if (times.length < 8) {
- make_error_reply (hdr, KABADREQUEST, reply);
- goto out;
-
- }
-
- snprintf (server_name, sizeof(server_name),
- "%s.%s@%s", name, instance, config->v4_realm);
-
- ret = _kdc_db_fetch4 (context, config, name, instance,
- config->v4_realm, HDB_F_GET_SERVER, &server_entry);
- if (ret) {
- kdc_log(context, config, 0, "Server not found in database: %s: %s",
- server_name, krb5_get_err_text(context, ret));
- make_error_reply (hdr, KANOENT, reply);
- goto out;
- }
-
- ret = _kdc_db_fetch4 (context, config, "krbtgt",
- config->v4_realm, config->v4_realm, HDB_F_GET_KRBTGT, &krbtgt_entry);
- if (ret) {
- kdc_log(context, config, 0,
- "Server not found in database: %s.%s@%s: %s",
- "krbtgt", config->v4_realm, config->v4_realm,
- krb5_get_err_text(context, ret));
- make_error_reply (hdr, KANOENT, reply);
- goto out;
- }
-
- /* find a DES key */
- ret = _kdc_get_des_key(context, krbtgt_entry, TRUE, TRUE, &kkey);
- if(ret){
- kdc_log(context, config, 0, "no suitable DES key for krbtgt");
- make_error_reply (hdr, KANOKEYS, reply);
- goto out;
- }
-
- /* find a DES key */
- ret = _kdc_get_des_key(context, server_entry, TRUE, TRUE, &skey);
- if(ret){
- kdc_log(context, config, 0, "no suitable DES key for server");
- make_error_reply (hdr, KANOKEYS, reply);
- goto out;
- }
-
- /* decrypt the incoming ticket */
- memcpy (&key, kkey->key.keyvalue.data, sizeof(key));
-
- /* unpack the ticket */
- {
- char *sname = NULL;
- char *sinstance = NULL;
-
- ret = _krb5_krb_decomp_ticket(context, &aticket, &kkey->key,
- config->v4_realm, &sname,
- &sinstance, &ad);
- if (ret) {
- const char *msg = krb5_get_error_message(context, ret);
- kdc_log(context, config, 0,
- "kaserver: decomp failed for %s.%s with %s %d",
- msg, sname, sinstance, ret);
- krb5_free_error_message(context, msg);
- make_error_reply (hdr, KABADTICKET, reply);
- goto out;
- }
-
- if (strcmp (sname, "krbtgt") != 0
- || strcmp (sinstance, config->v4_realm) != 0) {
- kdc_log(context, config, 0, "no TGT: %s.%s for %s.%s@%s",
- sname, sinstance,
- ad.pname, ad.pinst, ad.prealm);
- make_error_reply (hdr, KABADTICKET, reply);
- free(sname);
- free(sinstance);
- goto out;
- }
- free(sname);
- free(sinstance);
-
- if (kdc_time > _krb5_krb_life_to_time(ad.time_sec, ad.life)) {
- kdc_log(context, config, 0, "TGT expired: %s.%s@%s",
- ad.pname, ad.pinst, ad.prealm);
- make_error_reply (hdr, KABADTICKET, reply);
- goto out;
- }
- }
-
- snprintf (client_name, sizeof(client_name),
- "%s.%s@%s", ad.pname, ad.pinst, ad.prealm);
-
- kdc_log(context, config, 0, "TGS-REQ (kaserver) %s from %s for %s",
- client_name, from, server_name);
-
- ret = _kdc_db_fetch4 (context, config,
- ad.pname, ad.pinst, ad.prealm, HDB_F_GET_CLIENT,
- &client_entry);
- if(ret && ret != HDB_ERR_NOENTRY) {
- kdc_log(context, config, 0,
- "Client not found in database: (krb4) %s: %s",
- client_name, krb5_get_err_text(context, ret));
- make_error_reply (hdr, KANOENT, reply);
- goto out;
- }
- if (client_entry == NULL && strcmp(ad.prealm, config->v4_realm) == 0) {
- kdc_log(context, config, 0,
- "Local client not found in database: (krb4) "
- "%s", client_name);
- make_error_reply (hdr, KANOENT, reply);
- goto out;
- }
-
- ret = kdc_check_flags (context, config,
- client_entry, client_name,
- server_entry, server_name,
- FALSE);
- if (ret) {
- make_error_reply (hdr, KAPWEXPIRED, reply);
- goto out;
- }
-
- /* decrypt the times */
- memcpy(&session, ad.session.keyvalue.data, sizeof(session));
- DES_set_key_unchecked (&session, &schedule);
- DES_ecb_encrypt (times.data,
- times.data,
- &schedule,
- DES_DECRYPT);
- memset (&schedule, 0, sizeof(schedule));
- memset (&session, 0, sizeof(session));
-
- /* and extract them */
- {
- krb5_storage *tsp;
- int32_t tmp;
-
- tsp = krb5_storage_from_mem (times.data, times.length);
- krb5_ret_int32 (tsp, &tmp);
- start_time = tmp;
- krb5_ret_int32 (tsp, &tmp);
- end_time = tmp;
- krb5_storage_free (tsp);
- }
-
- /* life */
- max_life = end_time - kdc_time;
- /* end_time - kdc_time can sometimes be non-positive due to slight
- time skew between client and server. Let's make sure it is postive */
- if(max_life < 1)
- max_life = 1;
- if (krbtgt_entry->entry.max_life)
- max_life = min(max_life, *krbtgt_entry->entry.max_life);
- if (server_entry->entry.max_life)
- max_life = min(max_life, *server_entry->entry.max_life);
- /* if this is a cross realm request, the client_entry will likely
- be NULL */
- if (client_entry && client_entry->entry.max_life)
- max_life = min(max_life, *client_entry->entry.max_life);
-
- life = _krb5_krb_time_to_life(kdc_time, kdc_time + max_life);
-
- create_reply_ticket (context,
- hdr, skey,
- ad.pname, ad.pinst, ad.prealm,
- addr, life, server_entry->entry.kvno,
- max_seq_len,
- name, instance,
- 0, "gtkt",
- &ad.session, reply);
-
- out:
- _krb5_krb_free_auth_data(context, &ad);
- if (aticket.length) {
- memset (aticket.data, 0, aticket.length);
- krb5_data_free (&aticket);
- }
- if (times.length) {
- memset (times.data, 0, times.length);
- krb5_data_free (&times);
- }
- if (auth_domain)
- free (auth_domain);
- if (name)
- free (name);
- if (instance)
- free (instance);
- if (krbtgt_entry)
- _kdc_free_ent (context, krbtgt_entry);
- if (server_entry)
- _kdc_free_ent (context, server_entry);
-}
-
-krb5_error_code
-_kdc_do_kaserver(krb5_context context,
- krb5_kdc_configuration *config,
- unsigned char *buf,
- size_t len,
- krb5_data *reply,
- const char *from,
- struct sockaddr_in *addr)
-{
- krb5_error_code ret = 0;
- struct rx_header hdr;
- uint32_t op;
- krb5_storage *sp;
-
- if (len < RX_HEADER_SIZE)
- return -1;
- sp = krb5_storage_from_mem (buf, len);
-
- ret = decode_rx_header (sp, &hdr);
- if (ret)
- goto out;
- buf += RX_HEADER_SIZE;
- len -= RX_HEADER_SIZE;
-
- switch (hdr.type) {
- case HT_DATA :
- break;
- case HT_ACK :
- case HT_BUSY :
- case HT_ABORT :
- case HT_ACKALL :
- case HT_CHAL :
- case HT_RESP :
- case HT_DEBUG :
- default:
- /* drop */
- goto out;
- }
-
-
- if (hdr.serviceid != KA_AUTHENTICATION_SERVICE
- && hdr.serviceid != KA_TICKET_GRANTING_SERVICE) {
- ret = -1;
- goto out;
- }
-
- ret = krb5_ret_uint32(sp, &op);
- if (ret)
- goto out;
- switch (op) {
- case AUTHENTICATE :
- case AUTHENTICATE_V2 :
- do_authenticate (context, config, &hdr, sp, addr, from, reply);
- break;
- case GETTICKET :
- do_getticket (context, config, &hdr, sp, addr, from, reply);
- break;
- case AUTHENTICATE_OLD :
- case CHANGEPASSWORD :
- case GETTICKET_OLD :
- case SETPASSWORD :
- case SETFIELDS :
- case CREATEUSER :
- case DELETEUSER :
- case GETENTRY :
- case LISTENTRY :
- case GETSTATS :
- case DEBUG :
- case GETPASSWORD :
- case GETRANDOMKEY :
- default :
- make_error_reply (&hdr, RXGEN_OPCODE, reply);
- break;
- }
-
-out:
- krb5_storage_free (sp);
- return ret;
-}
-
-#endif /* KRB4 */
diff --git a/source4/heimdal/kdc/misc.c b/source4/heimdal/kdc/misc.c
index 2e95ad2832..297fa3824b 100644
--- a/source4/heimdal/kdc/misc.c
+++ b/source4/heimdal/kdc/misc.c
@@ -91,21 +91,12 @@ _kdc_db_fetch(krb5_context context,
continue;
}
- if (config->db[i]->hdb_fetch_kvno) {
- ret = config->db[i]->hdb_fetch_kvno(context,
- config->db[i],
- principal,
- flags | HDB_F_DECRYPT,
- kvno,
- ent);
- } else {
- flags &= ~HDB_F_KVNO_SPECIFIED;
- ret = config->db[i]->hdb_fetch(context,
- config->db[i],
- principal,
- flags | HDB_F_DECRYPT,
- ent);
- }
+ ret = config->db[i]->hdb_fetch_kvno(context,
+ config->db[i],
+ principal,
+ flags | HDB_F_DECRYPT,
+ kvno,
+ ent);
krb5_free_principal(context, enterprise_principal);
diff --git a/source4/heimdal/kdc/process.c b/source4/heimdal/kdc/process.c
index d3557ee6c9..4226600331 100644
--- a/source4/heimdal/kdc/process.c
+++ b/source4/heimdal/kdc/process.c
@@ -161,78 +161,6 @@ kdc_kx509(krb5_context context,
#endif
-#ifdef KRB4
-
-static krb5_error_code
-kdc_524(krb5_context context,
- krb5_kdc_configuration *config,
- krb5_data *req_buffer,
- krb5_data *reply,
- const char *from,
- struct sockaddr *addr,
- int datagram_reply,
- int *claim)
-{
- krb5_error_code ret;
- Ticket ticket;
- size_t len;
-
- ret = decode_Ticket(req_buffer->data, req_buffer->length, &ticket, &len);
- if (ret)
- return ret;
-
- *claim = 1;
-
- ret = _kdc_do_524(context, config, &ticket, reply, from, addr);
- free_Ticket(&ticket);
- return ret;
-}
-
-static krb5_error_code
-kdc_krb4(krb5_context context,
- krb5_kdc_configuration *config,
- krb5_data *req_buffer,
- krb5_data *reply,
- const char *from,
- struct sockaddr *addr,
- int datagram_reply,
- int *claim)
-{
- if (_kdc_maybe_version4(req_buffer->data, req_buffer->length) == 0)
- return -1;
-
- *claim = 1;
-
- return _kdc_do_version4(context, config,
- req_buffer->data, req_buffer->length,
- reply, from,
- (struct sockaddr_in*)addr);
-}
-
-static krb5_error_code
-kdc_kaserver(krb5_context context,
- krb5_kdc_configuration *config,
- krb5_data *req_buffer,
- krb5_data *reply,
- const char *from,
- struct sockaddr *addr,
- int datagram_reply,
- int *claim)
-{
- if (config->enable_kaserver == 0)
- return -1;
-
- *claim = 1;
-
- return _kdc_do_kaserver(context, config,
- req_buffer->data, req_buffer->length,
- reply, from,
- (struct sockaddr_in*)addr);
-}
-
-#endif /* KRB4 */
-
-
static struct krb5_kdc_service services[] = {
{ KS_KRB5, kdc_as_req },
{ KS_KRB5, kdc_tgs_req },
@@ -242,11 +170,6 @@ static struct krb5_kdc_service services[] = {
#ifdef KX509
{ 0, kdc_kx509 },
#endif
-#ifdef KRB4
- { 0, kdc_524 },
- { KS_NO_LENGTH, kdc_krb4 },
- { 0, kdc_kaserver },
-#endif
{ 0, NULL }
};
diff --git a/source4/heimdal/kuser/kinit.c b/source4/heimdal/kuser/kinit.c
index 11e364980d..846232a4f2 100644
--- a/source4/heimdal/kuser/kinit.c
+++ b/source4/heimdal/kuser/kinit.c
@@ -39,12 +39,6 @@
#include <Security/Security.h>
#endif
-struct krb5_dh_moduli;
-struct AlgorithmIdentifier;
-struct _krb5_krb_auth_data;
-struct hx509_certs_data;
-#include <krb5-private.h>
-
#ifndef NO_NTLM
#include "heimntlm.h"
#endif
@@ -457,7 +451,7 @@ get_new_tickets(krb5_context context,
if (ret)
krb5_err(context, 1, ret, "krb5_get_init_creds_opt_set_pkinit");
if (ent_user_id)
- _krb5_get_init_creds_opt_set_pkinit_user_certs(context, opt, ent_user_id);
+ krb5_get_init_creds_opt_set_pkinit_user_certs(context, opt, ent_user_id);
}
if (addrs_flag != -1)
@@ -768,9 +762,9 @@ main (int argc, char **argv)
parseflags |= KRB5_PRINCIPAL_PARSE_ENTERPRISE;
if (pk_enterprise_flag) {
- ret = _krb5_pk_enterprise_cert(context, pk_user_id,
- argv[0], &principal,
- &ent_user_id);
+ ret = krb5_pk_enterprise_cert(context, pk_user_id,
+ argv[0], &principal,
+ &ent_user_id);
if (ret)
krb5_err(context, 1, ret, "krb5_pk_enterprise_certs");
diff --git a/source4/heimdal/kuser/kuser_locl.h b/source4/heimdal/kuser/kuser_locl.h
index 1bf682b1d0..82e6eb2e22 100644
--- a/source4/heimdal/kuser/kuser_locl.h
+++ b/source4/heimdal/kuser/kuser_locl.h
@@ -84,6 +84,8 @@
#endif
#include "crypto-headers.h" /* for UI_UTIL_read_pw_string */
+#include <rtbl.h>
+
#ifdef HAVE_LOCALE_H
#include <locale.h>
#endif
@@ -101,5 +103,6 @@
#define textdomain(package)
#endif
+extern krb5_context kcc_context;
#endif /* __KUSER_LOCL_H__ */
diff --git a/source4/heimdal/lib/asn1/asn1parse.c b/source4/heimdal/lib/asn1/asn1parse.c
index 9e4174a153..18bbcdd39c 100644
--- a/source4/heimdal/lib/asn1/asn1parse.c
+++ b/source4/heimdal/lib/asn1/asn1parse.c
@@ -8,17 +8,29 @@ static const char yysccsid[] = "@(#)yaccpar 1.9 (Berkeley) 02/21/93";
#define YYBYACC 1
#define YYMAJOR 1
#define YYMINOR 9
-#define YYPATCH 20070509
+#define YYPATCH 20100216
-#define YYEMPTY (-1)
-#define yyclearin (yychar = YYEMPTY)
-#define yyerrok (yyerrflag = 0)
-#define YYRECOVERING (yyerrflag != 0)
+#define YYEMPTY (-1)
+#define yyclearin (yychar = YYEMPTY)
+#define yyerrok (yyerrflag = 0)
+#define YYRECOVERING() (yyerrflag != 0)
-extern int yyparse(void);
-
-static int yygrowstack(void);
#define YYPREFIX "yy"
+
+/* compatibility with bison */
+#ifdef YYPARSE_PARAM
+/* compatibility with FreeBSD */
+#ifdef YYPARSE_PARAM_TYPE
+#define YYPARSE_DECL() yyparse(YYPARSE_PARAM_TYPE YYPARSE_PARAM)
+#else
+#define YYPARSE_DECL() yyparse(void *YYPARSE_PARAM)
+#endif
+#else
+#define YYPARSE_DECL() yyparse(void)
+#endif /* YYPARSE_PARAM */
+
+extern int YYPARSE_DECL();
+
#line 39 ""
#include <config.h>
@@ -46,7 +58,11 @@ struct string_list {
struct string_list *next;
};
-#line 67 ""
+/* Declarations for Bison */
+#define YYMALLOC malloc
+#define YYFREE free
+
+#line 71 ""
typedef union {
int constant;
struct value *value;
@@ -61,7 +77,7 @@ typedef union {
struct memhead *members;
struct constraint_spec *constraint_spec;
} YYSTYPE;
-#line 65 ""
+#line 80 ""
#define kw_ABSENT 257
#define kw_ABSTRACT_SYNTAX 258
#define kw_ALL 259
@@ -150,7 +166,7 @@ typedef union {
#define STRING 342
#define NUMBER 343
#define YYERRCODE 256
-short yylhs[] = { -1,
+static const short yylhs[] = { -1,
0, 56, 56, 56, 56, 57, 57, 58, 58, 60,
60, 62, 62, 63, 63, 64, 59, 59, 59, 61,
61, 65, 65, 50, 50, 66, 14, 14, 14, 15,
@@ -166,7 +182,7 @@ short yylhs[] = { -1,
46, 46, 4, 4, 5, 5, 5, 5, 5, 12,
11, 13, 9, 7, 7, 6, 1, 10, 8,
};
-short yylen[] = { 2,
+static const short yylen[] = { 2,
9, 2, 2, 2, 0, 2, 0, 3, 0, 3,
0, 1, 0, 1, 2, 4, 3, 2, 0, 1,
2, 1, 1, 3, 1, 3, 1, 1, 1, 1,
@@ -182,7 +198,7 @@ short yylen[] = { 2,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1, 1,
};
-short yydefred[] = { 0,
+static const short yydefred[] = { 0,
0, 0, 0, 115, 0, 0, 122, 0, 0, 0,
0, 117, 119, 0, 0, 0, 0, 0, 4, 2,
3, 0, 0, 120, 6, 0, 0, 0, 0, 0,
@@ -206,7 +222,7 @@ short yydefred[] = { 0,
54, 53, 0, 0, 0, 0, 0, 83, 0, 113,
55, 47, 46, 45, 85, 0, 114, 84,
};
-short yydgoto[] = { 2,
+static const short yydgoto[] = { 2,
140, 116, 122, 141, 142, 143, 144, 145, 146, 147,
148, 149, 150, 75, 76, 77, 78, 79, 80, 81,
82, 83, 84, 85, 86, 87, 88, 89, 90, 91,
@@ -215,7 +231,7 @@ short yydgoto[] = { 2,
119, 166, 167, 168, 169, 17, 23, 29, 30, 36,
44, 40, 41, 42, 45, 46, 47,
};
-short yysindex[] = { -295,
+static const short yysindex[] = { -295,
-74, 0, -289, 0, -216, 23, 0, -61, -289, -221,
-277, 0, 0, -259, -257, -256, -214, 31, 0, 0,
0, -220, -264, 0, 0, -187, -206, -232, -201, -213,
@@ -239,7 +255,7 @@ short yysindex[] = { -295,
0, 0, 105, 106, 107, 24, -115, 0, 109, 0,
0, 0, 0, 0, 0, -4, 0, 0,
};
-short yyrindex[] = { 0,
+static const short yyrindex[] = { 0,
-123, 0, 28, 0, 0, -110, 0, 0, 28, -245,
0, 0, 0, 0, 0, 0, -183, 0, 0, 0,
0, 0, 0, 0, 0, 0, -248, 0, 0, -182,
@@ -263,7 +279,7 @@ short yyrindex[] = { 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0,
};
-short yygindex[] = { 0,
+static const short yygindex[] = { 0,
-14, 0, 0, -95, 0, 0, 0, 0, 0, 0,
0, 0, 0, -31, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
@@ -273,7 +289,7 @@ short yygindex[] = { 0,
128, 0, 0, 133, 0, 0, 0,
};
#define YYTABLESIZE 509
-short yytable[] = { 58,
+static const short yytable[] = { 58,
58, 108, 118, 58, 63, 63, 3, 184, 63, 116,
49, 111, 118, 49, 121, 70, 108, 25, 70, 155,
86, 162, 4, 86, 159, 67, 31, 102, 67, 9,
@@ -326,7 +342,7 @@ short yytable[] = { 58,
0, 0, 0, 0, 0, 92, 0, 0, 0, 92,
92, 92, 0, 92, 0, 0, 0, 0, 92,
};
-short yycheck[] = { 40,
+static const short yycheck[] = { 40,
41, 44, 40, 44, 40, 41, 123, 41, 44, 59,
41, 123, 40, 44, 125, 41, 123, 59, 44, 125,
41, 117, 1, 44, 125, 41, 259, 40, 44, 278,
@@ -385,7 +401,8 @@ short yycheck[] = { 40,
#endif
#define YYMAXTOKEN 343
#if YYDEBUG
-char *yyname[] = {
+static const char *yyname[] = {
+
"end-of-file",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
0,0,0,0,0,0,"'('","')'",0,0,"','",0,0,0,0,0,0,0,0,0,0,0,0,0,0,"';'",0,0,0,0,0,0,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,"'['",0,"']'",0,0,0,0,0,0,0,0,
@@ -411,7 +428,7 @@ char *yyname[] = {
"kw_VideotexString","kw_VisibleString","kw_WITH","RANGE","EEQUAL","ELLIPSIS",
"IDENTIFIER","referencename","STRING","NUMBER",
};
-char *yyrule[] = {
+static const char *yyrule[] = {
"$accept : ModuleDefinition",
"ModuleDefinition : IDENTIFIER objid_opt kw_DEFINITIONS TagDefault ExtensionDefault EEQUAL kw_BEGIN ModuleBody kw_END",
"TagDefault : kw_EXPLICIT kw_TAGS",
@@ -552,6 +569,7 @@ char *yyrule[] = {
"SignedNumber : NUMBER",
"NullValue : kw_NULL",
"ObjectIdentifierValue : objid",
+
};
#endif
#if YYDEBUG
@@ -575,19 +593,26 @@ char *yyrule[] = {
int yydebug;
int yynerrs;
+
+typedef struct {
+ unsigned stacksize;
+ short *s_base;
+ short *s_mark;
+ short *s_last;
+ YYSTYPE *l_base;
+ YYSTYPE *l_mark;
+} YYSTACKDATA;
+
+#define YYPURE 0
+
int yyerrflag;
int yychar;
-short *yyssp;
-YYSTYPE *yyvsp;
YYSTYPE yyval;
YYSTYPE yylval;
/* variables for the parser stack */
-static short *yyss;
-static short *yysslim;
-static YYSTYPE *yyvs;
-static int yystacksize;
-#line 941 ""
+static YYSTACKDATA yystack;
+#line 945 ""
void
yyerror (const char *s)
@@ -681,53 +706,68 @@ fix_labels(Symbol *s)
fix_labels2(s->type, p);
free(p);
}
-#line 685 ""
+#line 709 ""
/* allocate initial stack or double stack size, up to YYMAXDEPTH */
-static int yygrowstack(void)
+static int yygrowstack(YYSTACKDATA *data)
{
- int newsize, i;
+ int i;
+ unsigned newsize;
short *newss;
YYSTYPE *newvs;
- if ((newsize = yystacksize) == 0)
+ if ((newsize = data->stacksize) == 0)
newsize = YYINITSTACKSIZE;
else if (newsize >= YYMAXDEPTH)
return -1;
else if ((newsize *= 2) > YYMAXDEPTH)
newsize = YYMAXDEPTH;
- i = yyssp - yyss;
- newss = (yyss != 0)
- ? (short *)realloc(yyss, newsize * sizeof(*newss))
+ i = data->s_mark - data->s_base;
+ newss = (data->s_base != 0)
+ ? (short *)realloc(data->s_base, newsize * sizeof(*newss))
: (short *)malloc(newsize * sizeof(*newss));
if (newss == 0)
return -1;
- yyss = newss;
- yyssp = newss + i;
- newvs = (yyvs != 0)
- ? (YYSTYPE *)realloc(yyvs, newsize * sizeof(*newvs))
+ data->s_base = newss;
+ data->s_mark = newss + i;
+
+ newvs = (data->l_base != 0)
+ ? (YYSTYPE *)realloc(data->l_base, newsize * sizeof(*newvs))
: (YYSTYPE *)malloc(newsize * sizeof(*newvs));
if (newvs == 0)
return -1;
- yyvs = newvs;
- yyvsp = newvs + i;
- yystacksize = newsize;
- yysslim = yyss + newsize - 1;
+ data->l_base = newvs;
+ data->l_mark = newvs + i;
+
+ data->stacksize = newsize;
+ data->s_last = data->s_base + newsize - 1;
return 0;
}
-#define YYABORT goto yyabort
+#if YYPURE || defined(YY_NO_LEAKS)
+static void yyfreestack(YYSTACKDATA *data)
+{
+ free(data->s_base);
+ free(data->l_base);
+ memset(data, 0, sizeof(*data));
+}
+#else
+#define yyfreestack(data) /* nothing */
+#endif
+
+#define YYABORT goto yyabort
#define YYREJECT goto yyabort
#define YYACCEPT goto yyaccept
-#define YYERROR goto yyerrlab
+#define YYERROR goto yyerrlab
+
int
-yyparse(void)
+YYPARSE_DECL()
{
- register int yym, yyn, yystate;
+ int yym, yyn, yystate;
#if YYDEBUG
- register const char *yys;
+ const char *yys;
if ((yys = getenv("YYDEBUG")) != 0)
{
@@ -740,11 +780,17 @@ yyparse(void)
yynerrs = 0;
yyerrflag = 0;
yychar = YYEMPTY;
+ yystate = 0;
+
+#if YYPURE
+ memset(&yystack, 0, sizeof(yystack));
+#endif
- if (yyss == NULL && yygrowstack()) goto yyoverflow;
- yyssp = yyss;
- yyvsp = yyvs;
- *yyssp = yystate = 0;
+ if (yystack.s_base == NULL && yygrowstack(&yystack)) goto yyoverflow;
+ yystack.s_mark = yystack.s_base;
+ yystack.l_mark = yystack.l_base;
+ yystate = 0;
+ *yystack.s_mark = 0;
yyloop:
if ((yyn = yydefred[yystate]) != 0) goto yyreduce;
@@ -770,12 +816,13 @@ yyloop:
printf("%sdebug: state %d, shifting to state %d\n",
YYPREFIX, yystate, yytable[yyn]);
#endif
- if (yyssp >= yysslim && yygrowstack())
+ if (yystack.s_mark >= yystack.s_last && yygrowstack(&yystack))
{
goto yyoverflow;
}
- *++yyssp = yystate = yytable[yyn];
- *++yyvsp = yylval;
+ yystate = yytable[yyn];
+ *++yystack.s_mark = yytable[yyn];
+ *++yystack.l_mark = yylval;
yychar = YYEMPTY;
if (yyerrflag > 0) --yyerrflag;
goto yyloop;
@@ -790,9 +837,7 @@ yyloop:
yyerror("syntax error");
-#ifdef lint
goto yyerrlab;
-#endif
yyerrlab:
++yynerrs;
@@ -803,20 +848,21 @@ yyinrecovery:
yyerrflag = 3;
for (;;)
{
- if ((yyn = yysindex[*yyssp]) && (yyn += YYERRCODE) >= 0 &&
+ if ((yyn = yysindex[*yystack.s_mark]) && (yyn += YYERRCODE) >= 0 &&
yyn <= YYTABLESIZE && yycheck[yyn] == YYERRCODE)
{
#if YYDEBUG
if (yydebug)
printf("%sdebug: state %d, error recovery shifting\
- to state %d\n", YYPREFIX, *yyssp, yytable[yyn]);
+ to state %d\n", YYPREFIX, *yystack.s_mark, yytable[yyn]);
#endif
- if (yyssp >= yysslim && yygrowstack())
+ if (yystack.s_mark >= yystack.s_last && yygrowstack(&yystack))
{
goto yyoverflow;
}
- *++yyssp = yystate = yytable[yyn];
- *++yyvsp = yylval;
+ yystate = yytable[yyn];
+ *++yystack.s_mark = yytable[yyn];
+ *++yystack.l_mark = yylval;
goto yyloop;
}
else
@@ -824,11 +870,11 @@ yyinrecovery:
#if YYDEBUG
if (yydebug)
printf("%sdebug: error recovery discarding state %d\n",
- YYPREFIX, *yyssp);
+ YYPREFIX, *yystack.s_mark);
#endif
- if (yyssp <= yyss) goto yyabort;
- --yyssp;
- --yyvsp;
+ if (yystack.s_mark <= yystack.s_base) goto yyabort;
+ --yystack.s_mark;
+ --yystack.l_mark;
}
}
}
@@ -857,190 +903,190 @@ yyreduce:
#endif
yym = yylen[yyn];
if (yym)
- yyval = yyvsp[1-yym];
+ yyval = yystack.l_mark[1-yym];
else
memset(&yyval, 0, sizeof yyval);
switch (yyn)
{
case 1:
-#line 237 ""
-{
+#line 241 ""
+ {
checkundefined();
}
break;
case 3:
-#line 244 ""
-{ lex_error_message("implicit tagging is not supported"); }
+#line 248 ""
+ { lex_error_message("implicit tagging is not supported"); }
break;
case 4:
-#line 246 ""
-{ lex_error_message("automatic tagging is not supported"); }
+#line 250 ""
+ { lex_error_message("automatic tagging is not supported"); }
break;
case 6:
-#line 251 ""
-{ lex_error_message("no extensibility options supported"); }
+#line 255 ""
+ { lex_error_message("no extensibility options supported"); }
break;
case 16:
-#line 272 ""
-{
+#line 276 ""
+ {
struct string_list *sl;
- for(sl = yyvsp[-3].sl; sl != NULL; sl = sl->next) {
+ for(sl = yystack.l_mark[-3].sl; sl != NULL; sl = sl->next) {
Symbol *s = addsym(sl->string);
s->stype = Stype;
gen_template_import(s);
}
- add_import(yyvsp[-1].name);
+ add_import(yystack.l_mark[-1].name);
}
break;
case 17:
-#line 284 ""
-{
+#line 288 ""
+ {
struct string_list *sl;
- for(sl = yyvsp[-1].sl; sl != NULL; sl = sl->next)
+ for(sl = yystack.l_mark[-1].sl; sl != NULL; sl = sl->next)
add_export(sl->string);
}
break;
case 24:
-#line 302 ""
-{
+#line 306 ""
+ {
yyval.sl = emalloc(sizeof(*yyval.sl));
- yyval.sl->string = yyvsp[-2].name;
- yyval.sl->next = yyvsp[0].sl;
+ yyval.sl->string = yystack.l_mark[-2].name;
+ yyval.sl->next = yystack.l_mark[0].sl;
}
break;
case 25:
-#line 308 ""
-{
+#line 312 ""
+ {
yyval.sl = emalloc(sizeof(*yyval.sl));
- yyval.sl->string = yyvsp[0].name;
+ yyval.sl->string = yystack.l_mark[0].name;
yyval.sl->next = NULL;
}
break;
case 26:
-#line 316 ""
-{
- Symbol *s = addsym (yyvsp[-2].name);
+#line 320 ""
+ {
+ Symbol *s = addsym (yystack.l_mark[-2].name);
s->stype = Stype;
- s->type = yyvsp[0].type;
+ s->type = yystack.l_mark[0].type;
fix_labels(s);
generate_type (s);
}
break;
case 44:
-#line 347 ""
-{
+#line 351 ""
+ {
yyval.type = new_tag(ASN1_C_UNIV, UT_Boolean,
TE_EXPLICIT, new_type(TBoolean));
}
break;
case 45:
-#line 354 ""
-{
- if(yyvsp[-3].value->type != integervalue)
+#line 358 ""
+ {
+ if(yystack.l_mark[-3].value->type != integervalue)
lex_error_message("Non-integer used in first part of range");
- if(yyvsp[-3].value->type != integervalue)
+ if(yystack.l_mark[-3].value->type != integervalue)
lex_error_message("Non-integer in second part of range");
yyval.range = ecalloc(1, sizeof(*yyval.range));
- yyval.range->min = yyvsp[-3].value->u.integervalue;
- yyval.range->max = yyvsp[-1].value->u.integervalue;
+ yyval.range->min = yystack.l_mark[-3].value->u.integervalue;
+ yyval.range->max = yystack.l_mark[-1].value->u.integervalue;
}
break;
case 46:
-#line 364 ""
-{
- if(yyvsp[-3].value->type != integervalue)
+#line 368 ""
+ {
+ if(yystack.l_mark[-3].value->type != integervalue)
lex_error_message("Non-integer in first part of range");
yyval.range = ecalloc(1, sizeof(*yyval.range));
- yyval.range->min = yyvsp[-3].value->u.integervalue;
- yyval.range->max = yyvsp[-3].value->u.integervalue - 1;
+ yyval.range->min = yystack.l_mark[-3].value->u.integervalue;
+ yyval.range->max = yystack.l_mark[-3].value->u.integervalue - 1;
}
break;
case 47:
-#line 372 ""
-{
- if(yyvsp[-1].value->type != integervalue)
+#line 376 ""
+ {
+ if(yystack.l_mark[-1].value->type != integervalue)
lex_error_message("Non-integer in second part of range");
yyval.range = ecalloc(1, sizeof(*yyval.range));
- yyval.range->min = yyvsp[-1].value->u.integervalue + 2;
- yyval.range->max = yyvsp[-1].value->u.integervalue;
+ yyval.range->min = yystack.l_mark[-1].value->u.integervalue + 2;
+ yyval.range->max = yystack.l_mark[-1].value->u.integervalue;
}
break;
case 48:
-#line 380 ""
-{
- if(yyvsp[-1].value->type != integervalue)
+#line 384 ""
+ {
+ if(yystack.l_mark[-1].value->type != integervalue)
lex_error_message("Non-integer used in limit");
yyval.range = ecalloc(1, sizeof(*yyval.range));
- yyval.range->min = yyvsp[-1].value->u.integervalue;
- yyval.range->max = yyvsp[-1].value->u.integervalue;
+ yyval.range->min = yystack.l_mark[-1].value->u.integervalue;
+ yyval.range->max = yystack.l_mark[-1].value->u.integervalue;
}
break;
case 49:
-#line 391 ""
-{
+#line 395 ""
+ {
yyval.type = new_tag(ASN1_C_UNIV, UT_Integer,
TE_EXPLICIT, new_type(TInteger));
}
break;
case 50:
-#line 396 ""
-{
+#line 400 ""
+ {
yyval.type = new_type(TInteger);
- yyval.type->range = yyvsp[0].range;
+ yyval.type->range = yystack.l_mark[0].range;
yyval.type = new_tag(ASN1_C_UNIV, UT_Integer, TE_EXPLICIT, yyval.type);
}
break;
case 51:
-#line 402 ""
-{
+#line 406 ""
+ {
yyval.type = new_type(TInteger);
- yyval.type->members = yyvsp[-1].members;
+ yyval.type->members = yystack.l_mark[-1].members;
yyval.type = new_tag(ASN1_C_UNIV, UT_Integer, TE_EXPLICIT, yyval.type);
}
break;
case 52:
-#line 410 ""
-{
+#line 414 ""
+ {
yyval.members = emalloc(sizeof(*yyval.members));
ASN1_TAILQ_INIT(yyval.members);
- ASN1_TAILQ_INSERT_HEAD(yyval.members, yyvsp[0].member, members);
+ ASN1_TAILQ_INSERT_HEAD(yyval.members, yystack.l_mark[0].member, members);
}
break;
case 53:
-#line 416 ""
-{
- ASN1_TAILQ_INSERT_TAIL(yyvsp[-2].members, yyvsp[0].member, members);
- yyval.members = yyvsp[-2].members;
+#line 420 ""
+ {
+ ASN1_TAILQ_INSERT_TAIL(yystack.l_mark[-2].members, yystack.l_mark[0].member, members);
+ yyval.members = yystack.l_mark[-2].members;
}
break;
case 54:
-#line 421 ""
-{ yyval.members = yyvsp[-2].members; }
+#line 425 ""
+ { yyval.members = yystack.l_mark[-2].members; }
break;
case 55:
-#line 425 ""
-{
+#line 429 ""
+ {
yyval.member = emalloc(sizeof(*yyval.member));
- yyval.member->name = yyvsp[-3].name;
- yyval.member->gen_name = estrdup(yyvsp[-3].name);
+ yyval.member->name = yystack.l_mark[-3].name;
+ yyval.member->gen_name = estrdup(yystack.l_mark[-3].name);
output_name (yyval.member->gen_name);
- yyval.member->val = yyvsp[-1].constant;
+ yyval.member->val = yystack.l_mark[-1].constant;
yyval.member->optional = 0;
yyval.member->ellipsis = 0;
yyval.member->type = NULL;
}
break;
case 56:
-#line 438 ""
-{
+#line 442 ""
+ {
yyval.type = new_type(TInteger);
- yyval.type->members = yyvsp[-1].members;
+ yyval.type->members = yystack.l_mark[-1].members;
yyval.type = new_tag(ASN1_C_UNIV, UT_Enumerated, TE_EXPLICIT, yyval.type);
}
break;
case 58:
-#line 449 ""
-{
+#line 453 ""
+ {
yyval.type = new_type(TBitString);
yyval.type->members = emalloc(sizeof(*yyval.type->members));
ASN1_TAILQ_INIT(yyval.type->members);
@@ -1048,128 +1094,128 @@ case 58:
}
break;
case 59:
-#line 456 ""
-{
+#line 460 ""
+ {
yyval.type = new_type(TBitString);
- yyval.type->members = yyvsp[-1].members;
+ yyval.type->members = yystack.l_mark[-1].members;
yyval.type = new_tag(ASN1_C_UNIV, UT_BitString, TE_EXPLICIT, yyval.type);
}
break;
case 60:
-#line 464 ""
-{
+#line 468 ""
+ {
yyval.type = new_tag(ASN1_C_UNIV, UT_OID,
TE_EXPLICIT, new_type(TOID));
}
break;
case 61:
-#line 470 ""
-{
+#line 474 ""
+ {
Type *t = new_type(TOctetString);
- t->range = yyvsp[0].range;
+ t->range = yystack.l_mark[0].range;
yyval.type = new_tag(ASN1_C_UNIV, UT_OctetString,
TE_EXPLICIT, t);
}
break;
case 62:
-#line 479 ""
-{
+#line 483 ""
+ {
yyval.type = new_tag(ASN1_C_UNIV, UT_Null,
TE_EXPLICIT, new_type(TNull));
}
break;
case 63:
-#line 486 ""
-{ yyval.range = NULL; }
+#line 490 ""
+ { yyval.range = NULL; }
break;
case 64:
-#line 488 ""
-{ yyval.range = yyvsp[0].range; }
+#line 492 ""
+ { yyval.range = yystack.l_mark[0].range; }
break;
case 65:
-#line 493 ""
-{
+#line 497 ""
+ {
yyval.type = new_type(TSequence);
- yyval.type->members = yyvsp[-1].members;
+ yyval.type->members = yystack.l_mark[-1].members;
yyval.type = new_tag(ASN1_C_UNIV, UT_Sequence, TE_EXPLICIT, yyval.type);
}
break;
case 66:
-#line 499 ""
-{
+#line 503 ""
+ {
yyval.type = new_type(TSequence);
yyval.type->members = NULL;
yyval.type = new_tag(ASN1_C_UNIV, UT_Sequence, TE_EXPLICIT, yyval.type);
}
break;
case 67:
-#line 507 ""
-{
+#line 511 ""
+ {
yyval.type = new_type(TSequenceOf);
- yyval.type->range = yyvsp[-2].range;
- yyval.type->subtype = yyvsp[0].type;
+ yyval.type->range = yystack.l_mark[-2].range;
+ yyval.type->subtype = yystack.l_mark[0].type;
yyval.type = new_tag(ASN1_C_UNIV, UT_Sequence, TE_EXPLICIT, yyval.type);
}
break;
case 68:
-#line 516 ""
-{
+#line 520 ""
+ {
yyval.type = new_type(TSet);
- yyval.type->members = yyvsp[-1].members;
+ yyval.type->members = yystack.l_mark[-1].members;
yyval.type = new_tag(ASN1_C_UNIV, UT_Set, TE_EXPLICIT, yyval.type);
}
break;
case 69:
-#line 522 ""
-{
+#line 526 ""
+ {
yyval.type = new_type(TSet);
yyval.type->members = NULL;
yyval.type = new_tag(ASN1_C_UNIV, UT_Set, TE_EXPLICIT, yyval.type);
}
break;
case 70:
-#line 530 ""
-{
+#line 534 ""
+ {
yyval.type = new_type(TSetOf);
- yyval.type->subtype = yyvsp[0].type;
+ yyval.type->subtype = yystack.l_mark[0].type;
yyval.type = new_tag(ASN1_C_UNIV, UT_Set, TE_EXPLICIT, yyval.type);
}
break;
case 71:
-#line 538 ""
-{
+#line 542 ""
+ {
yyval.type = new_type(TChoice);
- yyval.type->members = yyvsp[-1].members;
+ yyval.type->members = yystack.l_mark[-1].members;
}
break;
case 74:
-#line 549 ""
-{
- Symbol *s = addsym(yyvsp[0].name);
+#line 553 ""
+ {
+ Symbol *s = addsym(yystack.l_mark[0].name);
yyval.type = new_type(TType);
if(s->stype != Stype && s->stype != SUndefined)
- lex_error_message ("%s is not a type\n", yyvsp[0].name);
+ lex_error_message ("%s is not a type\n", yystack.l_mark[0].name);
else
yyval.type->symbol = s;
}
break;
case 75:
-#line 560 ""
-{
+#line 564 ""
+ {
yyval.type = new_tag(ASN1_C_UNIV, UT_GeneralizedTime,
TE_EXPLICIT, new_type(TGeneralizedTime));
}
break;
case 76:
-#line 565 ""
-{
+#line 569 ""
+ {
yyval.type = new_tag(ASN1_C_UNIV, UT_UTCTime,
TE_EXPLICIT, new_type(TUTCTime));
}
break;
case 77:
-#line 572 ""
-{
+#line 576 ""
+ {
/* if (Constraint.type == contentConstrant) {
assert(Constraint.u.constraint.type == octetstring|bitstring-w/o-NamedBitList); // remember to check type reference too
if (Constraint.u.constraint.type) {
@@ -1183,301 +1229,301 @@ case 77:
}
break;
case 78:
-#line 588 ""
-{
- yyval.constraint_spec = yyvsp[-1].constraint_spec;
+#line 592 ""
+ {
+ yyval.constraint_spec = yystack.l_mark[-1].constraint_spec;
}
break;
case 82:
-#line 601 ""
-{
+#line 605 ""
+ {
yyval.constraint_spec = new_constraint_spec(CT_CONTENTS);
- yyval.constraint_spec->u.content.type = yyvsp[0].type;
+ yyval.constraint_spec->u.content.type = yystack.l_mark[0].type;
yyval.constraint_spec->u.content.encoding = NULL;
}
break;
case 83:
-#line 607 ""
-{
- if (yyvsp[0].value->type != objectidentifiervalue)
+#line 611 ""
+ {
+ if (yystack.l_mark[0].value->type != objectidentifiervalue)
lex_error_message("Non-OID used in ENCODED BY constraint");
yyval.constraint_spec = new_constraint_spec(CT_CONTENTS);
yyval.constraint_spec->u.content.type = NULL;
- yyval.constraint_spec->u.content.encoding = yyvsp[0].value;
+ yyval.constraint_spec->u.content.encoding = yystack.l_mark[0].value;
}
break;
case 84:
-#line 615 ""
-{
- if (yyvsp[0].value->type != objectidentifiervalue)
+#line 619 ""
+ {
+ if (yystack.l_mark[0].value->type != objectidentifiervalue)
lex_error_message("Non-OID used in ENCODED BY constraint");
yyval.constraint_spec = new_constraint_spec(CT_CONTENTS);
- yyval.constraint_spec->u.content.type = yyvsp[-3].type;
- yyval.constraint_spec->u.content.encoding = yyvsp[0].value;
+ yyval.constraint_spec->u.content.type = yystack.l_mark[-3].type;
+ yyval.constraint_spec->u.content.encoding = yystack.l_mark[0].value;
}
break;
case 85:
-#line 625 ""
-{
+#line 629 ""
+ {
yyval.constraint_spec = new_constraint_spec(CT_USER);
}
break;
case 86:
-#line 631 ""
-{
+#line 635 ""
+ {
yyval.type = new_type(TTag);
- yyval.type->tag = yyvsp[-2].tag;
- yyval.type->tag.tagenv = yyvsp[-1].constant;
- if(yyvsp[0].type->type == TTag && yyvsp[-1].constant == TE_IMPLICIT) {
- yyval.type->subtype = yyvsp[0].type->subtype;
- free(yyvsp[0].type);
+ yyval.type->tag = yystack.l_mark[-2].tag;
+ yyval.type->tag.tagenv = yystack.l_mark[-1].constant;
+ if(yystack.l_mark[0].type->type == TTag && yystack.l_mark[-1].constant == TE_IMPLICIT) {
+ yyval.type->subtype = yystack.l_mark[0].type->subtype;
+ free(yystack.l_mark[0].type);
} else
- yyval.type->subtype = yyvsp[0].type;
+ yyval.type->subtype = yystack.l_mark[0].type;
}
break;
case 87:
-#line 644 ""
-{
- yyval.tag.tagclass = yyvsp[-2].constant;
- yyval.tag.tagvalue = yyvsp[-1].constant;
+#line 648 ""
+ {
+ yyval.tag.tagclass = yystack.l_mark[-2].constant;
+ yyval.tag.tagvalue = yystack.l_mark[-1].constant;
yyval.tag.tagenv = TE_EXPLICIT;
}
break;
case 88:
-#line 652 ""
-{
+#line 656 ""
+ {
yyval.constant = ASN1_C_CONTEXT;
}
break;
case 89:
-#line 656 ""
-{
+#line 660 ""
+ {
yyval.constant = ASN1_C_UNIV;
}
break;
case 90:
-#line 660 ""
-{
+#line 664 ""
+ {
yyval.constant = ASN1_C_APPL;
}
break;
case 91:
-#line 664 ""
-{
+#line 668 ""
+ {
yyval.constant = ASN1_C_PRIVATE;
}
break;
case 92:
-#line 670 ""
-{
+#line 674 ""
+ {
yyval.constant = TE_EXPLICIT;
}
break;
case 93:
-#line 674 ""
-{
+#line 678 ""
+ {
yyval.constant = TE_EXPLICIT;
}
break;
case 94:
-#line 678 ""
-{
+#line 682 ""
+ {
yyval.constant = TE_IMPLICIT;
}
break;
case 95:
-#line 685 ""
-{
+#line 689 ""
+ {
Symbol *s;
- s = addsym (yyvsp[-3].name);
+ s = addsym (yystack.l_mark[-3].name);
s->stype = SValue;
- s->value = yyvsp[0].value;
+ s->value = yystack.l_mark[0].value;
generate_constant (s);
}
break;
case 97:
-#line 699 ""
-{
+#line 703 ""
+ {
yyval.type = new_tag(ASN1_C_UNIV, UT_GeneralString,
TE_EXPLICIT, new_type(TGeneralString));
}
break;
case 98:
-#line 704 ""
-{
+#line 708 ""
+ {
yyval.type = new_tag(ASN1_C_UNIV, UT_TeletexString,
TE_EXPLICIT, new_type(TTeletexString));
}
break;
case 99:
-#line 709 ""
-{
+#line 713 ""
+ {
yyval.type = new_tag(ASN1_C_UNIV, UT_UTF8String,
TE_EXPLICIT, new_type(TUTF8String));
}
break;
case 100:
-#line 714 ""
-{
+#line 718 ""
+ {
yyval.type = new_tag(ASN1_C_UNIV, UT_PrintableString,
TE_EXPLICIT, new_type(TPrintableString));
}
break;
case 101:
-#line 719 ""
-{
+#line 723 ""
+ {
yyval.type = new_tag(ASN1_C_UNIV, UT_VisibleString,
TE_EXPLICIT, new_type(TVisibleString));
}
break;
case 102:
-#line 724 ""
-{
+#line 728 ""
+ {
yyval.type = new_tag(ASN1_C_UNIV, UT_IA5String,
TE_EXPLICIT, new_type(TIA5String));
}
break;
case 103:
-#line 729 ""
-{
+#line 733 ""
+ {
yyval.type = new_tag(ASN1_C_UNIV, UT_BMPString,
TE_EXPLICIT, new_type(TBMPString));
}
break;
case 104:
-#line 734 ""
-{
+#line 738 ""
+ {
yyval.type = new_tag(ASN1_C_UNIV, UT_UniversalString,
TE_EXPLICIT, new_type(TUniversalString));
}
break;
case 105:
-#line 742 ""
-{
+#line 746 ""
+ {
yyval.members = emalloc(sizeof(*yyval.members));
ASN1_TAILQ_INIT(yyval.members);
- ASN1_TAILQ_INSERT_HEAD(yyval.members, yyvsp[0].member, members);
+ ASN1_TAILQ_INSERT_HEAD(yyval.members, yystack.l_mark[0].member, members);
}
break;
case 106:
-#line 748 ""
-{
- ASN1_TAILQ_INSERT_TAIL(yyvsp[-2].members, yyvsp[0].member, members);
- yyval.members = yyvsp[-2].members;
+#line 752 ""
+ {
+ ASN1_TAILQ_INSERT_TAIL(yystack.l_mark[-2].members, yystack.l_mark[0].member, members);
+ yyval.members = yystack.l_mark[-2].members;
}
break;
case 107:
-#line 753 ""
-{
+#line 757 ""
+ {
struct member *m = ecalloc(1, sizeof(*m));
m->name = estrdup("...");
m->gen_name = estrdup("asn1_ellipsis");
m->ellipsis = 1;
- ASN1_TAILQ_INSERT_TAIL(yyvsp[-2].members, m, members);
- yyval.members = yyvsp[-2].members;
+ ASN1_TAILQ_INSERT_TAIL(yystack.l_mark[-2].members, m, members);
+ yyval.members = yystack.l_mark[-2].members;
}
break;
case 108:
-#line 764 ""
-{
+#line 768 ""
+ {
yyval.member = emalloc(sizeof(*yyval.member));
- yyval.member->name = yyvsp[-1].name;
- yyval.member->gen_name = estrdup(yyvsp[-1].name);
+ yyval.member->name = yystack.l_mark[-1].name;
+ yyval.member->gen_name = estrdup(yystack.l_mark[-1].name);
output_name (yyval.member->gen_name);
- yyval.member->type = yyvsp[0].type;
+ yyval.member->type = yystack.l_mark[0].type;
yyval.member->ellipsis = 0;
}
break;
case 109:
-#line 775 ""
-{
- yyval.member = yyvsp[0].member;
+#line 779 ""
+ {
+ yyval.member = yystack.l_mark[0].member;
yyval.member->optional = 0;
yyval.member->defval = NULL;
}
break;
case 110:
-#line 781 ""
-{
- yyval.member = yyvsp[-1].member;
+#line 785 ""
+ {
+ yyval.member = yystack.l_mark[-1].member;
yyval.member->optional = 1;
yyval.member->defval = NULL;
}
break;
case 111:
-#line 787 ""
-{
- yyval.member = yyvsp[-2].member;
+#line 791 ""
+ {
+ yyval.member = yystack.l_mark[-2].member;
yyval.member->optional = 0;
- yyval.member->defval = yyvsp[0].value;
+ yyval.member->defval = yystack.l_mark[0].value;
}
break;
case 112:
-#line 795 ""
-{
+#line 799 ""
+ {
yyval.members = emalloc(sizeof(*yyval.members));
ASN1_TAILQ_INIT(yyval.members);
- ASN1_TAILQ_INSERT_HEAD(yyval.members, yyvsp[0].member, members);
+ ASN1_TAILQ_INSERT_HEAD(yyval.members, yystack.l_mark[0].member, members);
}
break;
case 113:
-#line 801 ""
-{
- ASN1_TAILQ_INSERT_TAIL(yyvsp[-2].members, yyvsp[0].member, members);
- yyval.members = yyvsp[-2].members;
+#line 805 ""
+ {
+ ASN1_TAILQ_INSERT_TAIL(yystack.l_mark[-2].members, yystack.l_mark[0].member, members);
+ yyval.members = yystack.l_mark[-2].members;
}
break;
case 114:
-#line 808 ""
-{
+#line 812 ""
+ {
yyval.member = emalloc(sizeof(*yyval.member));
- yyval.member->name = yyvsp[-3].name;
- yyval.member->gen_name = estrdup(yyvsp[-3].name);
+ yyval.member->name = yystack.l_mark[-3].name;
+ yyval.member->gen_name = estrdup(yystack.l_mark[-3].name);
output_name (yyval.member->gen_name);
- yyval.member->val = yyvsp[-1].constant;
+ yyval.member->val = yystack.l_mark[-1].constant;
yyval.member->optional = 0;
yyval.member->ellipsis = 0;
yyval.member->type = NULL;
}
break;
case 116:
-#line 821 ""
-{ yyval.objid = NULL; }
+#line 825 ""
+ { yyval.objid = NULL; }
break;
case 117:
-#line 825 ""
-{
- yyval.objid = yyvsp[-1].objid;
+#line 829 ""
+ {
+ yyval.objid = yystack.l_mark[-1].objid;
}
break;
case 118:
-#line 831 ""
-{
+#line 835 ""
+ {
yyval.objid = NULL;
}
break;
case 119:
-#line 835 ""
-{
- if (yyvsp[0].objid) {
- yyval.objid = yyvsp[0].objid;
- add_oid_to_tail(yyvsp[0].objid, yyvsp[-1].objid);
+#line 839 ""
+ {
+ if (yystack.l_mark[0].objid) {
+ yyval.objid = yystack.l_mark[0].objid;
+ add_oid_to_tail(yystack.l_mark[0].objid, yystack.l_mark[-1].objid);
} else {
- yyval.objid = yyvsp[-1].objid;
+ yyval.objid = yystack.l_mark[-1].objid;
}
}
break;
case 120:
-#line 846 ""
-{
- yyval.objid = new_objid(yyvsp[-3].name, yyvsp[-1].constant);
+#line 850 ""
+ {
+ yyval.objid = new_objid(yystack.l_mark[-3].name, yystack.l_mark[-1].constant);
}
break;
case 121:
-#line 850 ""
-{
- Symbol *s = addsym(yyvsp[0].name);
+#line 854 ""
+ {
+ Symbol *s = addsym(yystack.l_mark[0].name);
if(s->stype != SValue ||
s->value->type != objectidentifiervalue) {
lex_error_message("%s is not an object identifier\n",
@@ -1488,15 +1534,15 @@ case 121:
}
break;
case 122:
-#line 861 ""
-{
- yyval.objid = new_objid(NULL, yyvsp[0].constant);
+#line 865 ""
+ {
+ yyval.objid = new_objid(NULL, yystack.l_mark[0].constant);
}
break;
case 132:
-#line 884 ""
-{
- Symbol *s = addsym(yyvsp[0].name);
+#line 888 ""
+ {
+ Symbol *s = addsym(yystack.l_mark[0].name);
if(s->stype != SValue)
lex_error_message ("%s is not a value\n",
s->name);
@@ -1505,55 +1551,55 @@ case 132:
}
break;
case 133:
-#line 895 ""
-{
+#line 899 ""
+ {
yyval.value = emalloc(sizeof(*yyval.value));
yyval.value->type = stringvalue;
- yyval.value->u.stringvalue = yyvsp[0].name;
+ yyval.value->u.stringvalue = yystack.l_mark[0].name;
}
break;
case 134:
-#line 903 ""
-{
+#line 907 ""
+ {
yyval.value = emalloc(sizeof(*yyval.value));
yyval.value->type = booleanvalue;
yyval.value->u.booleanvalue = 0;
}
break;
case 135:
-#line 909 ""
-{
+#line 913 ""
+ {
yyval.value = emalloc(sizeof(*yyval.value));
yyval.value->type = booleanvalue;
yyval.value->u.booleanvalue = 0;
}
break;
case 136:
-#line 917 ""
-{
+#line 921 ""
+ {
yyval.value = emalloc(sizeof(*yyval.value));
yyval.value->type = integervalue;
- yyval.value->u.integervalue = yyvsp[0].constant;
+ yyval.value->u.integervalue = yystack.l_mark[0].constant;
}
break;
case 138:
-#line 928 ""
-{
+#line 932 ""
+ {
}
break;
case 139:
-#line 933 ""
-{
+#line 937 ""
+ {
yyval.value = emalloc(sizeof(*yyval.value));
yyval.value->type = objectidentifiervalue;
- yyval.value->u.objectidentifiervalue = yyvsp[0].objid;
+ yyval.value->u.objectidentifiervalue = yystack.l_mark[0].objid;
}
break;
-#line 1553 ""
+#line 1598 ""
}
- yyssp -= yym;
- yystate = *yyssp;
- yyvsp -= yym;
+ yystack.s_mark -= yym;
+ yystate = *yystack.s_mark;
+ yystack.l_mark -= yym;
yym = yylhs[yyn];
if (yystate == 0 && yym == 0)
{
@@ -1563,8 +1609,8 @@ break;
state %d\n", YYPREFIX, YYFINAL);
#endif
yystate = YYFINAL;
- *++yyssp = YYFINAL;
- *++yyvsp = yyval;
+ *++yystack.s_mark = YYFINAL;
+ *++yystack.l_mark = yyval;
if (yychar < 0)
{
if ((yychar = yylex()) < 0) yychar = 0;
@@ -1590,22 +1636,24 @@ break;
#if YYDEBUG
if (yydebug)
printf("%sdebug: after reduction, shifting from state %d \
-to state %d\n", YYPREFIX, *yyssp, yystate);
+to state %d\n", YYPREFIX, *yystack.s_mark, yystate);
#endif
- if (yyssp >= yysslim && yygrowstack())
+ if (yystack.s_mark >= yystack.s_last && yygrowstack(&yystack))
{
goto yyoverflow;
}
- *++yyssp = yystate;
- *++yyvsp = yyval;
+ *++yystack.s_mark = (short) yystate;
+ *++yystack.l_mark = yyval;
goto yyloop;
yyoverflow:
yyerror("yacc stack overflow");
yyabort:
+ yyfreestack(&yystack);
return (1);
yyaccept:
+ yyfreestack(&yystack);
return (0);
}
diff --git a/source4/heimdal/lib/asn1/asn1parse.y b/source4/heimdal/lib/asn1/asn1parse.y
index dad7f67a20..a7a8f31827 100644
--- a/source4/heimdal/lib/asn1/asn1parse.y
+++ b/source4/heimdal/lib/asn1/asn1parse.y
@@ -62,6 +62,10 @@ struct string_list {
struct string_list *next;
};
+/* Declarations for Bison */
+#define YYMALLOC malloc
+#define YYFREE free
+
%}
%union {
diff --git a/source4/heimdal/lib/asn1/gen_template.c b/source4/heimdal/lib/asn1/gen_template.c
index 9e09eb2d8d..791fb910f9 100644
--- a/source4/heimdal/lib/asn1/gen_template.c
+++ b/source4/heimdal/lib/asn1/gen_template.c
@@ -58,8 +58,10 @@ integer_symbol(const char *basename, const Type *t)
return "unsigned";
else if (t->range->min == 0 && t->range->max == INT_MAX)
return "unsigned";
- else
+ else {
abort();
+ UNREACHABLE(return NULL);
+ }
}
static const char *
diff --git a/source4/heimdal/lib/com_err/com_err.h b/source4/heimdal/lib/com_err/com_err.h
index 1fcfe7f7aa..5b8b7e28f7 100644
--- a/source4/heimdal/lib/com_err/com_err.h
+++ b/source4/heimdal/lib/com_err/com_err.h
@@ -45,26 +45,6 @@
#define __attribute__(X)
#endif
-#ifndef KRB5_LIB
-#ifndef KRB5_LIB_FUNCTION
-#if defined(_WIN32)
-#define KRB5_LIB_FUNCTION __declspec(dllimport)
-#define KRB5_LIB_CALL __stdcall
-#define KRB5_LIB_VARIABLE __declspec(dllimport)
-#else
-#define KRB5_LIB_FUNCTION
-#define KRB5_LIB_CALL
-#define KRB5_LIB_VARIABLE
-#endif
-#endif
-#endif
-
-#ifdef _WIN32
-#define KRB5_CALLCONV __stdcall
-#else
-#define KRB5_CALLCONV
-#endif
-
typedef void (KRB5_CALLCONV *errf) (const char *, long, const char *, va_list);
KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL
diff --git a/source4/heimdal/lib/com_err/com_right.h b/source4/heimdal/lib/com_err/com_right.h
index e13855abad..b0857d283a 100644
--- a/source4/heimdal/lib/com_err/com_right.h
+++ b/source4/heimdal/lib/com_err/com_right.h
@@ -36,6 +36,26 @@
#ifndef __COM_RIGHT_H__
#define __COM_RIGHT_H__
+#ifndef KRB5_LIB
+#ifndef KRB5_LIB_FUNCTION
+#if defined(_WIN32)
+#define KRB5_LIB_FUNCTION __declspec(dllimport)
+#define KRB5_LIB_CALL __stdcall
+#define KRB5_LIB_VARIABLE __declspec(dllimport)
+#else
+#define KRB5_LIB_FUNCTION
+#define KRB5_LIB_CALL
+#define KRB5_LIB_VARIABLE
+#endif
+#endif
+#endif
+
+#ifdef _WIN32
+#define KRB5_CALLCONV __stdcall
+#else
+#define KRB5_CALLCONV
+#endif
+
#ifdef __STDC__
#include <stdarg.h>
#endif
@@ -51,9 +71,16 @@ struct et_list {
};
extern struct et_list *_et_list;
-const char *com_right (struct et_list *list, long code);
-const char *com_right_r (struct et_list *list, long code, char *, size_t);
-void initialize_error_table_r (struct et_list **, const char **, int, long);
-void free_error_table (struct et_list *);
+KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL
+com_right (struct et_list *list, long code);
+
+KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL
+com_right_r (struct et_list *list, long code, char *, size_t);
+
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
+initialize_error_table_r (struct et_list **, const char **, int, long);
+
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
+free_error_table (struct et_list *);
#endif /* __COM_RIGHT_H__ */
diff --git a/source4/heimdal/lib/com_err/error.c b/source4/heimdal/lib/com_err/error.c
index 854a4b66cb..0e49a94104 100644
--- a/source4/heimdal/lib/com_err/error.c
+++ b/source4/heimdal/lib/com_err/error.c
@@ -46,7 +46,7 @@
#define dgettext(d,s) (s)
#endif
-const char *
+KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL
com_right(struct et_list *list, long code)
{
struct et_list *p;
@@ -56,7 +56,7 @@ com_right(struct et_list *list, long code)
return NULL;
}
-const char *
+KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL
com_right_r(struct et_list *list, long code, char *str, size_t len)
{
struct et_list *p;
@@ -79,7 +79,7 @@ struct foobar {
struct error_table et;
};
-void
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
initialize_error_table_r(struct et_list **list,
const char **messages,
int num_errors,
@@ -103,7 +103,7 @@ initialize_error_table_r(struct et_list **list,
}
-void
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
free_error_table(struct et_list *et)
{
while(et){
diff --git a/source4/heimdal/lib/com_err/lex.c b/source4/heimdal/lib/com_err/lex.c
index bf33e3ad0e..f107bba5bd 100644
--- a/source4/heimdal/lib/com_err/lex.c
+++ b/source4/heimdal/lib/com_err/lex.c
@@ -586,8 +586,6 @@ extern int yywrap (void );
#endif
#endif
- static void yyunput (int c,char *buf_ptr );
-
#ifndef yytext_ptr
static void yy_flex_strncpy (char *,yyconst char *,int );
#endif
@@ -709,9 +707,9 @@ YY_DECL
register char *yy_cp, *yy_bp;
register int yy_act;
-#line 57 "lex.l"
+#line 58 "lex.l"
-#line 714 ""
+#line 712 ""
if ( !(yy_init) )
{
@@ -796,86 +794,86 @@ do_action: /* This label is used only to access EOF actions. */
case 1:
YY_RULE_SETUP
-#line 58 "lex.l"
+#line 59 "lex.l"
{ return ET; }
YY_BREAK
case 2:
YY_RULE_SETUP
-#line 59 "lex.l"
+#line 60 "lex.l"
{ return ET; }
YY_BREAK
case 3:
YY_RULE_SETUP
-#line 60 "lex.l"
+#line 61 "lex.l"
{ return EC; }
YY_BREAK
case 4:
YY_RULE_SETUP
-#line 61 "lex.l"
+#line 62 "lex.l"
{ return EC; }
YY_BREAK
case 5:
YY_RULE_SETUP
-#line 62 "lex.l"
+#line 63 "lex.l"
{ return PREFIX; }
YY_BREAK
case 6:
YY_RULE_SETUP
-#line 63 "lex.l"
+#line 64 "lex.l"
{ return INDEX; }
YY_BREAK
case 7:
YY_RULE_SETUP
-#line 64 "lex.l"
+#line 65 "lex.l"
{ return ID; }
YY_BREAK
case 8:
YY_RULE_SETUP
-#line 65 "lex.l"
+#line 66 "lex.l"
{ return END; }
YY_BREAK
case 9:
YY_RULE_SETUP
-#line 66 "lex.l"
+#line 67 "lex.l"
{ yylval.number = atoi(yytext); return NUMBER; }
YY_BREAK
case 10:
YY_RULE_SETUP
-#line 67 "lex.l"
+#line 68 "lex.l"
;
YY_BREAK
case 11:
YY_RULE_SETUP
-#line 68 "lex.l"
+#line 69 "lex.l"
;
YY_BREAK
case 12:
/* rule 12 can match eol */
YY_RULE_SETUP
-#line 69 "lex.l"
+#line 70 "lex.l"
{ lineno++; }
YY_BREAK
case 13:
YY_RULE_SETUP
-#line 70 "lex.l"
+#line 71 "lex.l"
{ return getstring(); }
YY_BREAK
case 14:
YY_RULE_SETUP
-#line 71 "lex.l"
+#line 72 "lex.l"
{ yylval.string = strdup(yytext); return STRING; }
YY_BREAK
case 15:
YY_RULE_SETUP
-#line 72 "lex.l"
+#line 73 "lex.l"
{ return *yytext; }
YY_BREAK
case 16:
YY_RULE_SETUP
-#line 73 "lex.l"
+#line 74 "lex.l"
ECHO;
YY_BREAK
-#line 878 ""
+#line 876 ""
case YY_STATE_EOF(INITIAL):
yyterminate();
@@ -1204,43 +1202,6 @@ static int yy_get_next_buffer (void)
return yy_is_jam ? 0 : yy_current_state;
}
- static void yyunput (int c, register char * yy_bp )
-{
- register char *yy_cp;
-
- yy_cp = (yy_c_buf_p);
-
- /* undo effects of setting up yytext */
- *yy_cp = (yy_hold_char);
-
- if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 )
- { /* need to shift things up to make room */
- /* +2 for EOB chars. */
- register int number_to_move = (yy_n_chars) + 2;
- register char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[
- YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2];
- register char *source =
- &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move];
-
- while ( source > YY_CURRENT_BUFFER_LVALUE->yy_ch_buf )
- *--dest = *--source;
-
- yy_cp += (int) (dest - source);
- yy_bp += (int) (dest - source);
- YY_CURRENT_BUFFER_LVALUE->yy_n_chars =
- (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_buf_size;
-
- if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 )
- YY_FATAL_ERROR( "flex scanner push-back overflow" );
- }
-
- *--yy_cp = (char) c;
-
- (yytext_ptr) = yy_bp;
- (yy_hold_char) = *yy_cp;
- (yy_c_buf_p) = yy_cp;
-}
-
#ifndef YY_NO_INPUT
#ifdef __cplusplus
static int yyinput (void)
@@ -1873,7 +1834,7 @@ void yyfree (void * ptr )
#define YYTABLES_NAME "yytables"
-#line 73 "lex.l"
+#line 74 "lex.l"
@@ -1899,7 +1860,7 @@ getstring(void)
continue;
}
if(c == '\n'){
- error_message("unterminated string");
+ lex_error_message("unterminated string");
lineno++;
break;
}
@@ -1919,7 +1880,7 @@ getstring(void)
}
void
-error_message (const char *format, ...)
+lex_error_message (const char *format, ...)
{
va_list args;
diff --git a/source4/heimdal/lib/com_err/lex.h b/source4/heimdal/lib/com_err/lex.h
index 76f3e2b2a5..6c9be77ddf 100644
--- a/source4/heimdal/lib/com_err/lex.h
+++ b/source4/heimdal/lib/com_err/lex.h
@@ -33,7 +33,7 @@
/* $Id$ */
-void error_message (const char *, ...)
+void lex_error_message (const char *, ...)
__attribute__ ((format (printf, 1, 2)));
int yylex(void);
diff --git a/source4/heimdal/lib/com_err/lex.l b/source4/heimdal/lib/com_err/lex.l
index b68814b21c..ac660a1d8c 100644
--- a/source4/heimdal/lib/com_err/lex.l
+++ b/source4/heimdal/lib/com_err/lex.l
@@ -53,6 +53,7 @@ static int getstring(void);
%}
+%option nounput
%%
et { return ET; }
@@ -94,7 +95,7 @@ getstring(void)
continue;
}
if(c == '\n'){
- error_message("unterminated string");
+ lex_error_message("unterminated string");
lineno++;
break;
}
@@ -114,7 +115,7 @@ getstring(void)
}
void
-error_message (const char *format, ...)
+lex_error_message (const char *format, ...)
{
va_list args;
diff --git a/source4/heimdal/lib/com_err/parse.c b/source4/heimdal/lib/com_err/parse.c
index a426613303..b2b0fc1090 100644
--- a/source4/heimdal/lib/com_err/parse.c
+++ b/source4/heimdal/lib/com_err/parse.c
@@ -8,17 +8,29 @@ static const char yysccsid[] = "@(#)yaccpar 1.9 (Berkeley) 02/21/93";
#define YYBYACC 1
#define YYMAJOR 1
#define YYMINOR 9
-#define YYPATCH 20070509
+#define YYPATCH 20100216
-#define YYEMPTY (-1)
-#define yyclearin (yychar = YYEMPTY)
-#define yyerrok (yyerrflag = 0)
-#define YYRECOVERING (yyerrflag != 0)
+#define YYEMPTY (-1)
+#define yyclearin (yychar = YYEMPTY)
+#define yyerrok (yyerrflag = 0)
+#define YYRECOVERING() (yyerrflag != 0)
-extern int yyparse(void);
-
-static int yygrowstack(void);
#define YYPREFIX "yy"
+
+/* compatibility with bison */
+#ifdef YYPARSE_PARAM
+/* compatibility with FreeBSD */
+#ifdef YYPARSE_PARAM_TYPE
+#define YYPARSE_DECL() yyparse(YYPARSE_PARAM_TYPE YYPARSE_PARAM)
+#else
+#define YYPARSE_DECL() yyparse(void *YYPARSE_PARAM)
+#endif
+#else
+#define YYPARSE_DECL() yyparse(void)
+#endif /* YYPARSE_PARAM */
+
+extern int YYPARSE_DECL();
+
#line 2 ""
/*
* Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan
@@ -67,12 +79,15 @@ extern char *yytext;
#define alloca(x) malloc(x)
#endif
-#line 51 ""
+#define YYMALLOC malloc
+#define YYFREE free
+
+#line 54 ""
typedef union {
char *string;
int number;
} YYSTYPE;
-#line 76 ""
+#line 90 ""
#define ET 257
#define INDEX 258
#define PREFIX 259
@@ -82,37 +97,37 @@ typedef union {
#define STRING 263
#define NUMBER 264
#define YYERRCODE 256
-short yylhs[] = { -1,
+static const short yylhs[] = { -1,
0, 0, 1, 1, 3, 4, 4, 2, 2, 5,
5, 5, 5, 5,
};
-short yylen[] = { 2,
+static const short yylen[] = { 2,
0, 2, 2, 1, 2, 2, 3, 1, 2, 2,
2, 1, 4, 1,
};
-short yydefred[] = { 0,
+static const short yydefred[] = { 0,
0, 0, 0, 0, 0, 4, 0, 5, 0, 0,
0, 14, 0, 8, 3, 7, 10, 11, 0, 9,
0, 13,
};
-short yydgoto[] = { 3,
+static const short yydgoto[] = { 3,
4, 13, 5, 6, 14,
};
-short yysindex[] = { -247,
+static const short yysindex[] = { -247,
-263, -258, 0, -256, -245, 0, -250, 0, -249, -246,
-244, 0, -256, 0, 0, 0, 0, 0, -28, 0,
-243, 0,
};
-short yyrindex[] = { 18,
+static const short yyrindex[] = { 18,
0, 0, 0, 0, 0, 0, -251, 0, 0, 1,
0, 0, 21, 0, 0, 0, 0, 0, 0, 0,
0, 0,
};
-short yygindex[] = { 0,
+static const short yygindex[] = { 0,
0, 0, 0, 17, 10,
};
#define YYTABLESIZE 263
-short yytable[] = { 7,
+static const short yytable[] = { 7,
12, 9, 10, 11, 8, 12, 6, 6, 6, 1,
6, 1, 16, 2, 17, 21, 18, 1, 19, 22,
2, 15, 20, 0, 0, 0, 0, 0, 0, 0,
@@ -141,7 +156,7 @@ short yytable[] = { 7,
0, 0, 0, 0, 0, 0, 0, 0, 12, 12,
12, 0, 12,
};
-short yycheck[] = { 263,
+static const short yycheck[] = { 263,
0, 258, 259, 260, 263, 262, 258, 259, 260, 257,
262, 257, 263, 261, 264, 44, 263, 0, 263, 263,
0, 5, 13, -1, -1, -1, -1, -1, -1, -1,
@@ -176,7 +191,8 @@ short yycheck[] = { 263,
#endif
#define YYMAXTOKEN 264
#if YYDEBUG
-char *yyname[] = {
+static const char *yyname[] = {
+
"end-of-file",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,0,0,"','",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
@@ -186,7 +202,7 @@ char *yyname[] = {
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,"ET","INDEX","PREFIX","EC",
"ID","END","STRING","NUMBER",
};
-char *yyrule[] = {
+static const char *yyrule[] = {
"$accept : file",
"file :",
"file : header statements",
@@ -202,6 +218,7 @@ char *yyrule[] = {
"statement : PREFIX",
"statement : EC STRING ',' STRING",
"statement : END",
+
};
#endif
#if YYDEBUG
@@ -225,19 +242,26 @@ char *yyrule[] = {
int yydebug;
int yynerrs;
+
+typedef struct {
+ unsigned stacksize;
+ short *s_base;
+ short *s_mark;
+ short *s_last;
+ YYSTYPE *l_base;
+ YYSTYPE *l_mark;
+} YYSTACKDATA;
+
+#define YYPURE 0
+
int yyerrflag;
int yychar;
-short *yyssp;
-YYSTYPE *yyvsp;
YYSTYPE yyval;
YYSTYPE yylval;
/* variables for the parser stack */
-static short *yyss;
-static short *yysslim;
-static YYSTYPE *yyvs;
-static int yystacksize;
-#line 141 ""
+static YYSTACKDATA yystack;
+#line 144 ""
static long
name2number(const char *str)
@@ -267,55 +291,70 @@ name2number(const char *str)
void
yyerror (char *s)
{
- error_message ("%s\n", s);
+ lex_error_message ("%s\n", s);
}
-#line 273 ""
+#line 296 ""
/* allocate initial stack or double stack size, up to YYMAXDEPTH */
-static int yygrowstack(void)
+static int yygrowstack(YYSTACKDATA *data)
{
- int newsize, i;
+ int i;
+ unsigned newsize;
short *newss;
YYSTYPE *newvs;
- if ((newsize = yystacksize) == 0)
+ if ((newsize = data->stacksize) == 0)
newsize = YYINITSTACKSIZE;
else if (newsize >= YYMAXDEPTH)
return -1;
else if ((newsize *= 2) > YYMAXDEPTH)
newsize = YYMAXDEPTH;
- i = yyssp - yyss;
- newss = (yyss != 0)
- ? (short *)realloc(yyss, newsize * sizeof(*newss))
+ i = data->s_mark - data->s_base;
+ newss = (data->s_base != 0)
+ ? (short *)realloc(data->s_base, newsize * sizeof(*newss))
: (short *)malloc(newsize * sizeof(*newss));
if (newss == 0)
return -1;
- yyss = newss;
- yyssp = newss + i;
- newvs = (yyvs != 0)
- ? (YYSTYPE *)realloc(yyvs, newsize * sizeof(*newvs))
+ data->s_base = newss;
+ data->s_mark = newss + i;
+
+ newvs = (data->l_base != 0)
+ ? (YYSTYPE *)realloc(data->l_base, newsize * sizeof(*newvs))
: (YYSTYPE *)malloc(newsize * sizeof(*newvs));
if (newvs == 0)
return -1;
- yyvs = newvs;
- yyvsp = newvs + i;
- yystacksize = newsize;
- yysslim = yyss + newsize - 1;
+ data->l_base = newvs;
+ data->l_mark = newvs + i;
+
+ data->stacksize = newsize;
+ data->s_last = data->s_base + newsize - 1;
return 0;
}
-#define YYABORT goto yyabort
+#if YYPURE || defined(YY_NO_LEAKS)
+static void yyfreestack(YYSTACKDATA *data)
+{
+ free(data->s_base);
+ free(data->l_base);
+ memset(data, 0, sizeof(*data));
+}
+#else
+#define yyfreestack(data) /* nothing */
+#endif
+
+#define YYABORT goto yyabort
#define YYREJECT goto yyabort
#define YYACCEPT goto yyaccept
-#define YYERROR goto yyerrlab
+#define YYERROR goto yyerrlab
+
int
-yyparse(void)
+YYPARSE_DECL()
{
- register int yym, yyn, yystate;
+ int yym, yyn, yystate;
#if YYDEBUG
- register const char *yys;
+ const char *yys;
if ((yys = getenv("YYDEBUG")) != 0)
{
@@ -328,11 +367,17 @@ yyparse(void)
yynerrs = 0;
yyerrflag = 0;
yychar = YYEMPTY;
+ yystate = 0;
- if (yyss == NULL && yygrowstack()) goto yyoverflow;
- yyssp = yyss;
- yyvsp = yyvs;
- *yyssp = yystate = 0;
+#if YYPURE
+ memset(&yystack, 0, sizeof(yystack));
+#endif
+
+ if (yystack.s_base == NULL && yygrowstack(&yystack)) goto yyoverflow;
+ yystack.s_mark = yystack.s_base;
+ yystack.l_mark = yystack.l_base;
+ yystate = 0;
+ *yystack.s_mark = 0;
yyloop:
if ((yyn = yydefred[yystate]) != 0) goto yyreduce;
@@ -358,12 +403,13 @@ yyloop:
printf("%sdebug: state %d, shifting to state %d\n",
YYPREFIX, yystate, yytable[yyn]);
#endif
- if (yyssp >= yysslim && yygrowstack())
+ if (yystack.s_mark >= yystack.s_last && yygrowstack(&yystack))
{
goto yyoverflow;
}
- *++yyssp = yystate = yytable[yyn];
- *++yyvsp = yylval;
+ yystate = yytable[yyn];
+ *++yystack.s_mark = yytable[yyn];
+ *++yystack.l_mark = yylval;
yychar = YYEMPTY;
if (yyerrflag > 0) --yyerrflag;
goto yyloop;
@@ -378,9 +424,7 @@ yyloop:
yyerror("syntax error");
-#ifdef lint
goto yyerrlab;
-#endif
yyerrlab:
++yynerrs;
@@ -391,20 +435,21 @@ yyinrecovery:
yyerrflag = 3;
for (;;)
{
- if ((yyn = yysindex[*yyssp]) && (yyn += YYERRCODE) >= 0 &&
+ if ((yyn = yysindex[*yystack.s_mark]) && (yyn += YYERRCODE) >= 0 &&
yyn <= YYTABLESIZE && yycheck[yyn] == YYERRCODE)
{
#if YYDEBUG
if (yydebug)
printf("%sdebug: state %d, error recovery shifting\
- to state %d\n", YYPREFIX, *yyssp, yytable[yyn]);
+ to state %d\n", YYPREFIX, *yystack.s_mark, yytable[yyn]);
#endif
- if (yyssp >= yysslim && yygrowstack())
+ if (yystack.s_mark >= yystack.s_last && yygrowstack(&yystack))
{
goto yyoverflow;
}
- *++yyssp = yystate = yytable[yyn];
- *++yyvsp = yylval;
+ yystate = yytable[yyn];
+ *++yystack.s_mark = yytable[yyn];
+ *++yystack.l_mark = yylval;
goto yyloop;
}
else
@@ -412,11 +457,11 @@ yyinrecovery:
#if YYDEBUG
if (yydebug)
printf("%sdebug: error recovery discarding state %d\n",
- YYPREFIX, *yyssp);
+ YYPREFIX, *yystack.s_mark);
#endif
- if (yyssp <= yyss) goto yyabort;
- --yyssp;
- --yyvsp;
+ if (yystack.s_mark <= yystack.s_base) goto yyabort;
+ --yystack.s_mark;
+ --yystack.l_mark;
}
}
}
@@ -445,53 +490,53 @@ yyreduce:
#endif
yym = yylen[yyn];
if (yym)
- yyval = yyvsp[1-yym];
+ yyval = yystack.l_mark[1-yym];
else
memset(&yyval, 0, sizeof yyval);
switch (yyn)
{
case 5:
-#line 71 ""
-{
- id_str = yyvsp[0].string;
+#line 74 ""
+ {
+ id_str = yystack.l_mark[0].string;
}
break;
case 6:
-#line 77 ""
-{
- base_id = name2number(yyvsp[0].string);
- strlcpy(name, yyvsp[0].string, sizeof(name));
- free(yyvsp[0].string);
+#line 80 ""
+ {
+ base_id = name2number(yystack.l_mark[0].string);
+ strlcpy(name, yystack.l_mark[0].string, sizeof(name));
+ free(yystack.l_mark[0].string);
}
break;
case 7:
-#line 83 ""
-{
- base_id = name2number(yyvsp[-1].string);
- strlcpy(name, yyvsp[0].string, sizeof(name));
- free(yyvsp[-1].string);
- free(yyvsp[0].string);
+#line 86 ""
+ {
+ base_id = name2number(yystack.l_mark[-1].string);
+ strlcpy(name, yystack.l_mark[0].string, sizeof(name));
+ free(yystack.l_mark[-1].string);
+ free(yystack.l_mark[0].string);
}
break;
case 10:
-#line 96 ""
-{
- number = yyvsp[0].number;
+#line 99 ""
+ {
+ number = yystack.l_mark[0].number;
}
break;
case 11:
-#line 100 ""
-{
+#line 103 ""
+ {
free(prefix);
- asprintf (&prefix, "%s_", yyvsp[0].string);
+ asprintf (&prefix, "%s_", yystack.l_mark[0].string);
if (prefix == NULL)
errx(1, "malloc");
- free(yyvsp[0].string);
+ free(yystack.l_mark[0].string);
}
break;
case 12:
-#line 108 ""
-{
+#line 111 ""
+ {
prefix = realloc(prefix, 1);
if (prefix == NULL)
errx(1, "malloc");
@@ -499,8 +544,8 @@ case 12:
}
break;
case 13:
-#line 115 ""
-{
+#line 118 ""
+ {
struct error_code *ec = malloc(sizeof(*ec));
if (ec == NULL)
@@ -509,28 +554,28 @@ case 13:
ec->next = NULL;
ec->number = number;
if(prefix && *prefix != '\0') {
- asprintf (&ec->name, "%s%s", prefix, yyvsp[-2].string);
+ asprintf (&ec->name, "%s%s", prefix, yystack.l_mark[-2].string);
if (ec->name == NULL)
errx(1, "malloc");
- free(yyvsp[-2].string);
+ free(yystack.l_mark[-2].string);
} else
- ec->name = yyvsp[-2].string;
- ec->string = yyvsp[0].string;
+ ec->name = yystack.l_mark[-2].string;
+ ec->string = yystack.l_mark[0].string;
APPEND(codes, ec);
number++;
}
break;
case 14:
-#line 135 ""
-{
+#line 138 ""
+ {
YYACCEPT;
}
break;
-#line 530 ""
+#line 574 ""
}
- yyssp -= yym;
- yystate = *yyssp;
- yyvsp -= yym;
+ yystack.s_mark -= yym;
+ yystate = *yystack.s_mark;
+ yystack.l_mark -= yym;
yym = yylhs[yyn];
if (yystate == 0 && yym == 0)
{
@@ -540,8 +585,8 @@ break;
state %d\n", YYPREFIX, YYFINAL);
#endif
yystate = YYFINAL;
- *++yyssp = YYFINAL;
- *++yyvsp = yyval;
+ *++yystack.s_mark = YYFINAL;
+ *++yystack.l_mark = yyval;
if (yychar < 0)
{
if ((yychar = yylex()) < 0) yychar = 0;
@@ -567,22 +612,24 @@ break;
#if YYDEBUG
if (yydebug)
printf("%sdebug: after reduction, shifting from state %d \
-to state %d\n", YYPREFIX, *yyssp, yystate);
+to state %d\n", YYPREFIX, *yystack.s_mark, yystate);
#endif
- if (yyssp >= yysslim && yygrowstack())
+ if (yystack.s_mark >= yystack.s_last && yygrowstack(&yystack))
{
goto yyoverflow;
}
- *++yyssp = yystate;
- *++yyvsp = yyval;
+ *++yystack.s_mark = (short) yystate;
+ *++yystack.l_mark = yyval;
goto yyloop;
yyoverflow:
yyerror("yacc stack overflow");
yyabort:
+ yyfreestack(&yystack);
return (1);
yyaccept:
+ yyfreestack(&yystack);
return (0);
}
diff --git a/source4/heimdal/lib/com_err/parse.y b/source4/heimdal/lib/com_err/parse.y
index d64681d902..f628e8804f 100644
--- a/source4/heimdal/lib/com_err/parse.y
+++ b/source4/heimdal/lib/com_err/parse.y
@@ -46,6 +46,9 @@ extern char *yytext;
#define alloca(x) malloc(x)
#endif
+#define YYMALLOC malloc
+#define YYFREE free
+
%}
%union {
@@ -167,5 +170,5 @@ name2number(const char *str)
void
yyerror (char *s)
{
- error_message ("%s\n", s);
+ lex_error_message ("%s\n", s);
}
diff --git a/source4/heimdal/lib/gssapi/gssapi/gssapi.h b/source4/heimdal/lib/gssapi/gssapi/gssapi.h
index fa53a8a74c..12833ebe14 100644
--- a/source4/heimdal/lib/gssapi/gssapi/gssapi.h
+++ b/source4/heimdal/lib/gssapi/gssapi/gssapi.h
@@ -90,29 +90,35 @@ typedef uint32_t gss_uint32;
struct gss_name_t_desc_struct;
typedef struct gss_name_t_desc_struct *gss_name_t;
+typedef const struct gss_name_t_desc_struct *gss_const_name_t;
struct gss_ctx_id_t_desc_struct;
typedef struct gss_ctx_id_t_desc_struct *gss_ctx_id_t;
+typedef const struct gss_ctx_id_t_desc_struct gss_const_ctx_id_t;
typedef struct gss_OID_desc_struct {
OM_uint32 length;
void *elements;
} gss_OID_desc, *gss_OID;
+typedef const gss_OID_desc * gss_const_OID;
typedef struct gss_OID_set_desc_struct {
size_t count;
gss_OID elements;
} gss_OID_set_desc, *gss_OID_set;
+typedef const gss_OID_set_desc * gss_const_OID_set;
typedef int gss_cred_usage_t;
struct gss_cred_id_t_desc_struct;
typedef struct gss_cred_id_t_desc_struct *gss_cred_id_t;
+typedef const struct gss_cred_id_t_desc_struct *gss_const_cred_id_t;
typedef struct gss_buffer_desc_struct {
size_t length;
void *value;
} gss_buffer_desc, *gss_buffer_t;
+typedef const gss_buffer_desc * gss_const_buffer_t;
typedef struct gss_channel_bindings_struct {
OM_uint32 initiator_addrtype;
@@ -121,6 +127,7 @@ typedef struct gss_channel_bindings_struct {
gss_buffer_desc acceptor_address;
gss_buffer_desc application_data;
} *gss_channel_bindings_t;
+typedef const struct gss_channel_bindings_struct *gss_const_channel_bindings_t;
/* GGF extension data types */
typedef struct gss_buffer_set_desc_struct {
@@ -138,6 +145,8 @@ typedef struct gss_iov_buffer_desc_struct {
*/
typedef OM_uint32 gss_qop_t;
+
+
/*
* Flag bits for context-level services.
*/
@@ -261,6 +270,8 @@ typedef OM_uint32 gss_qop_t;
GSSAPI_CPP_START
+#include <gssapi/gssapi_oid.h>
+
/*
* The implementation must reserve static storage for a
* gss_OID_desc object containing the value
@@ -363,14 +374,6 @@ extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_nt_anonymous_oid_desc;
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_nt_export_name_oid_desc;
#define GSS_C_NT_EXPORT_NAME (&__gss_c_nt_export_name_oid_desc)
-/*
- * Digest mechanism
- */
-
-extern gss_OID_desc GSSAPI_LIB_VARIABLE __gss_sasl_digest_md5_mechanism_oid_desc;
-#define GSS_SASL_DIGEST_MD5_MECHANISM (&__gss_sasl_digest_md5_mechanism_oid_desc)
-
-
/* Major status codes */
#define GSS_S_COMPLETE 0
@@ -438,6 +441,7 @@ extern gss_OID_desc GSSAPI_LIB_VARIABLE __gss_sasl_digest_md5_mechanism_oid_desc
#define GSS_S_UNAVAILABLE (16ul << GSS_C_ROUTINE_ERROR_OFFSET)
#define GSS_S_DUPLICATE_ELEMENT (17ul << GSS_C_ROUTINE_ERROR_OFFSET)
#define GSS_S_NAME_NOT_MN (18ul << GSS_C_ROUTINE_ERROR_OFFSET)
+#define GSS_S_BAD_MECH_ATTR (19ul << GSS_C_ROUTINE_ERROR_OFFSET)
/*
* Supplementary info bits:
@@ -756,7 +760,7 @@ gss_set_cred_option (OM_uint32 *minor_status,
const gss_buffer_t value);
GSSAPI_LIB_FUNCTION int GSSAPI_LIB_CALL
-gss_oid_equal(const gss_OID a, const gss_OID b);
+gss_oid_equal(gss_const_OID a, gss_const_OID b);
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_create_empty_buffer_set
@@ -929,6 +933,69 @@ gss_import_cred(OM_uint32 * /* minor_status */,
gss_buffer_t /* cred_token */,
gss_cred_id_t * /* cred_handle */);
+/*
+ * mech option
+ */
+
+GSSAPI_LIB_FUNCTION int GSSAPI_LIB_CALL
+gss_mo_set(gss_const_OID mech, gss_const_OID option,
+ int enable, gss_buffer_t value);
+
+GSSAPI_LIB_FUNCTION int GSSAPI_LIB_CALL
+gss_mo_get(gss_const_OID mech, gss_const_OID option, gss_buffer_t value);
+
+GSSAPI_LIB_FUNCTION void GSSAPI_LIB_CALL
+gss_mo_list(gss_const_OID mech, gss_OID_set *options);
+
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
+gss_mo_name(gss_const_OID mech, gss_const_OID options, gss_buffer_t name);
+
+/*
+ * SASL glue functions and mech inquire
+ */
+
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
+gss_inquire_saslname_for_mech(OM_uint32 *minor_status,
+ const gss_OID desired_mech,
+ gss_buffer_t sasl_mech_name,
+ gss_buffer_t mech_name,
+ gss_buffer_t mech_description);
+
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
+gss_inquire_mech_for_saslname(OM_uint32 *minor_status,
+ const gss_buffer_t sasl_mech_name,
+ gss_OID *mech_type);
+
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
+gss_indicate_mechs_by_attrs(OM_uint32 * minor_status,
+ gss_const_OID_set desired_mech_attrs,
+ gss_const_OID_set except_mech_attrs,
+ gss_const_OID_set critical_mech_attrs,
+ gss_OID_set *mechs);
+
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
+gss_inquire_attrs_for_mech(OM_uint32 * minor_status,
+ gss_const_OID mech,
+ gss_OID_set *mech_attr,
+ gss_OID_set *known_mech_attrs);
+
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
+gss_display_mech_attr(OM_uint32 * minor_status,
+ gss_const_OID mech_attr,
+ gss_buffer_t name,
+ gss_buffer_t short_desc,
+ gss_buffer_t long_desc);
+
+
+/*
+ *
+ */
+
+GSSAPI_LIB_FUNCTION const char * GSSAPI_LIB_CALL
+gss_oid_to_name(gss_const_OID oid);
+
+GSSAPI_LIB_FUNCTION gss_OID GSSAPI_LIB_CALL
+gss_name_to_oid(const char *name);
GSSAPI_CPP_END
diff --git a/source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h b/source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h
index 28f9c3777b..2f605f5ee1 100644
--- a/source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h
+++ b/source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h
@@ -68,79 +68,6 @@ extern gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_mechanism_oid_desc;
#define gss_mech_krb5 GSS_KRB5_MECHANISM
#define gss_krb5_nt_general_name GSS_KRB5_NT_PRINCIPAL_NAME
-/* Extensions set contexts options */
-extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_copy_ccache_x_oid_desc;
-#define GSS_KRB5_COPY_CCACHE_X (&__gss_krb5_copy_ccache_x_oid_desc)
-
-extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_compat_des3_mic_x_oid_desc;
-#define GSS_KRB5_COMPAT_DES3_MIC_X (&__gss_krb5_compat_des3_mic_x_oid_desc)
-
-extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_register_acceptor_identity_x_oid_desc;
-#define GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X (&__gss_krb5_register_acceptor_identity_x_oid_desc)
-
-extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_set_dns_canonicalize_x_oid_desc;
-#define GSS_KRB5_SET_DNS_CANONICALIZE_X (&__gss_krb5_set_dns_canonicalize_x_oid_desc)
-
-extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_send_to_kdc_x_oid_desc;
-#define GSS_KRB5_SEND_TO_KDC_X (&__gss_krb5_send_to_kdc_x_oid_desc)
-
-extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_set_default_realm_x_oid_desc;
-#define GSS_KRB5_SET_DEFAULT_REALM_X (&__gss_krb5_set_default_realm_x_oid_desc)
-
-extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_ccache_name_x_oid_desc;
-#define GSS_KRB5_CCACHE_NAME_X (&__gss_krb5_ccache_name_x_oid_desc)
-
-extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_set_time_offset_x_oid_desc;
-#define GSS_KRB5_SET_TIME_OFFSET_X (&__gss_krb5_set_time_offset_x_oid_desc)
-
-extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_time_offset_x_oid_desc;
-#define GSS_KRB5_GET_TIME_OFFSET_X (&__gss_krb5_get_time_offset_x_oid_desc)
-
-extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_plugin_register_x_oid_desc;
-#define GSS_KRB5_PLUGIN_REGISTER_X (&__gss_krb5_plugin_register_x_oid_desc)
-
-/* Extensions inquire context */
-extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_tkt_flags_x_oid_desc;
-#define GSS_KRB5_GET_TKT_FLAGS_X (&__gss_krb5_get_tkt_flags_x_oid_desc)
-
-extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_extract_authz_data_from_sec_context_x_oid_desc;
-#define GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X (&__gss_krb5_extract_authz_data_from_sec_context_x_oid_desc)
-
-extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_peer_has_updated_spnego_oid_desc;
-#define GSS_C_PEER_HAS_UPDATED_SPNEGO (&__gss_c_peer_has_updated_spnego_oid_desc)
-
-extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_export_lucid_context_x_oid_desc;
-#define GSS_KRB5_EXPORT_LUCID_CONTEXT_X (&__gss_krb5_export_lucid_context_x_oid_desc)
-
-extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_export_lucid_context_v1_x_oid_desc;
-#define GSS_KRB5_EXPORT_LUCID_CONTEXT_V1_X (&__gss_krb5_export_lucid_context_v1_x_oid_desc)
-
-extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_subkey_x_oid_desc;
-#define GSS_KRB5_GET_SUBKEY_X (&__gss_krb5_get_subkey_x_oid_desc)
-
-extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_initiator_subkey_x_oid_desc;
-#define GSS_KRB5_GET_INITIATOR_SUBKEY_X (&__gss_krb5_get_initiator_subkey_x_oid_desc)
-
-extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_acceptor_subkey_x_oid_desc;
-#define GSS_KRB5_GET_ACCEPTOR_SUBKEY_X (&__gss_krb5_get_acceptor_subkey_x_oid_desc)
-
-extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_authtime_x_oid_desc;
-#define GSS_KRB5_GET_AUTHTIME_X (&__gss_krb5_get_authtime_x_oid_desc)
-
-extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_service_keyblock_x_oid_desc;
-#define GSS_KRB5_GET_SERVICE_KEYBLOCK_X (&__gss_krb5_get_service_keyblock_x_oid_desc)
-
-/* Extensions creds */
-
-extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_import_cred_x_oid_desc;
-#define GSS_KRB5_IMPORT_CRED_X (&__gss_krb5_import_cred_x_oid_desc)
-
-extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_set_allowable_enctypes_x_oid_desc;
-#define GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X (&__gss_krb5_set_allowable_enctypes_x_oid_desc)
-
-extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_cred_no_ci_flags_x_oid_desc;
-#define GSS_KRB5_CRED_NO_CI_FLAGS_X (&__gss_krb5_cred_no_ci_flags_x_oid_desc)
-
/*
* kerberos mechanism specific functions
*/
diff --git a/source4/heimdal/lib/gssapi/gssapi/gssapi_oid.h b/source4/heimdal/lib/gssapi/gssapi/gssapi_oid.h
new file mode 100644
index 0000000000..af7a583344
--- /dev/null
+++ b/source4/heimdal/lib/gssapi/gssapi/gssapi_oid.h
@@ -0,0 +1,231 @@
+/* Generated file */
+#ifndef GSSAPI_GSSAPI_OID
+#define GSSAPI_GSSAPI_OID 1
+
+ /* contact Love Hörnquist Åstrand <lha@h5l.org> for new oid arcs */
+ /*
+ * 1.2.752.43.13 Heimdal GSS-API Extentions
+ */
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_copy_ccache_x_oid_desc;
+#define GSS_KRB5_COPY_CCACHE_X (&__gss_krb5_copy_ccache_x_oid_desc)
+
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_tkt_flags_x_oid_desc;
+#define GSS_KRB5_GET_TKT_FLAGS_X (&__gss_krb5_get_tkt_flags_x_oid_desc)
+
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_extract_authz_data_from_sec_context_x_oid_desc;
+#define GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X (&__gss_krb5_extract_authz_data_from_sec_context_x_oid_desc)
+
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_compat_des3_mic_x_oid_desc;
+#define GSS_KRB5_COMPAT_DES3_MIC_X (&__gss_krb5_compat_des3_mic_x_oid_desc)
+
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_register_acceptor_identity_x_oid_desc;
+#define GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X (&__gss_krb5_register_acceptor_identity_x_oid_desc)
+
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_export_lucid_context_x_oid_desc;
+#define GSS_KRB5_EXPORT_LUCID_CONTEXT_X (&__gss_krb5_export_lucid_context_x_oid_desc)
+
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_export_lucid_context_v1_x_oid_desc;
+#define GSS_KRB5_EXPORT_LUCID_CONTEXT_V1_X (&__gss_krb5_export_lucid_context_v1_x_oid_desc)
+
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_set_dns_canonicalize_x_oid_desc;
+#define GSS_KRB5_SET_DNS_CANONICALIZE_X (&__gss_krb5_set_dns_canonicalize_x_oid_desc)
+
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_subkey_x_oid_desc;
+#define GSS_KRB5_GET_SUBKEY_X (&__gss_krb5_get_subkey_x_oid_desc)
+
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_initiator_subkey_x_oid_desc;
+#define GSS_KRB5_GET_INITIATOR_SUBKEY_X (&__gss_krb5_get_initiator_subkey_x_oid_desc)
+
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_acceptor_subkey_x_oid_desc;
+#define GSS_KRB5_GET_ACCEPTOR_SUBKEY_X (&__gss_krb5_get_acceptor_subkey_x_oid_desc)
+
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_send_to_kdc_x_oid_desc;
+#define GSS_KRB5_SEND_TO_KDC_X (&__gss_krb5_send_to_kdc_x_oid_desc)
+
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_authtime_x_oid_desc;
+#define GSS_KRB5_GET_AUTHTIME_X (&__gss_krb5_get_authtime_x_oid_desc)
+
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_service_keyblock_x_oid_desc;
+#define GSS_KRB5_GET_SERVICE_KEYBLOCK_X (&__gss_krb5_get_service_keyblock_x_oid_desc)
+
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_set_allowable_enctypes_x_oid_desc;
+#define GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X (&__gss_krb5_set_allowable_enctypes_x_oid_desc)
+
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_set_default_realm_x_oid_desc;
+#define GSS_KRB5_SET_DEFAULT_REALM_X (&__gss_krb5_set_default_realm_x_oid_desc)
+
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_ccache_name_x_oid_desc;
+#define GSS_KRB5_CCACHE_NAME_X (&__gss_krb5_ccache_name_x_oid_desc)
+
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_set_time_offset_x_oid_desc;
+#define GSS_KRB5_SET_TIME_OFFSET_X (&__gss_krb5_set_time_offset_x_oid_desc)
+
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_time_offset_x_oid_desc;
+#define GSS_KRB5_GET_TIME_OFFSET_X (&__gss_krb5_get_time_offset_x_oid_desc)
+
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_plugin_register_x_oid_desc;
+#define GSS_KRB5_PLUGIN_REGISTER_X (&__gss_krb5_plugin_register_x_oid_desc)
+
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_ntlm_get_session_key_x_oid_desc;
+#define GSS_NTLM_GET_SESSION_KEY_X (&__gss_ntlm_get_session_key_x_oid_desc)
+
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_nt_ntlm_oid_desc;
+#define GSS_C_NT_NTLM (&__gss_c_nt_ntlm_oid_desc)
+
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_nt_dn_oid_desc;
+#define GSS_C_NT_DN (&__gss_c_nt_dn_oid_desc)
+
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_nt_principal_name_referral_oid_desc;
+#define GSS_KRB5_NT_PRINCIPAL_NAME_REFERRAL (&__gss_krb5_nt_principal_name_referral_oid_desc)
+
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ntlm_avguest_oid_desc;
+#define GSS_C_NTLM_AVGUEST (&__gss_c_ntlm_avguest_oid_desc)
+
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ntlm_v1_oid_desc;
+#define GSS_C_NTLM_V1 (&__gss_c_ntlm_v1_oid_desc)
+
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ntlm_v2_oid_desc;
+#define GSS_C_NTLM_V2 (&__gss_c_ntlm_v2_oid_desc)
+
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ntlm_session_key_oid_desc;
+#define GSS_C_NTLM_SESSION_KEY (&__gss_c_ntlm_session_key_oid_desc)
+
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ntlm_force_v1_oid_desc;
+#define GSS_C_NTLM_FORCE_V1 (&__gss_c_ntlm_force_v1_oid_desc)
+
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_cred_no_ci_flags_x_oid_desc;
+#define GSS_KRB5_CRED_NO_CI_FLAGS_X (&__gss_krb5_cred_no_ci_flags_x_oid_desc)
+
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_import_cred_x_oid_desc;
+#define GSS_KRB5_IMPORT_CRED_X (&__gss_krb5_import_cred_x_oid_desc)
+
+ /* glue for gss_inquire_saslname_for_mech */
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_sasl_mech_name_oid_desc;
+#define GSS_C_MA_SASL_MECH_NAME (&__gss_c_ma_sasl_mech_name_oid_desc)
+
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_mech_name_oid_desc;
+#define GSS_C_MA_MECH_NAME (&__gss_c_ma_mech_name_oid_desc)
+
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_mech_description_oid_desc;
+#define GSS_C_MA_MECH_DESCRIPTION (&__gss_c_ma_mech_description_oid_desc)
+
+/* Heimdal mechanisms - 1.2.752.43.14 */
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_sasl_digest_md5_mechanism_oid_desc;
+#define GSS_SASL_DIGEST_MD5_MECHANISM (&__gss_sasl_digest_md5_mechanism_oid_desc)
+
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_netlogon_mechanism_oid_desc;
+#define GSS_NETLOGON_MECHANISM (&__gss_netlogon_mechanism_oid_desc)
+
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_netlogon_set_session_key_x_oid_desc;
+#define GSS_NETLOGON_SET_SESSION_KEY_X (&__gss_netlogon_set_session_key_x_oid_desc)
+
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_netlogon_set_sign_algorithm_x_oid_desc;
+#define GSS_NETLOGON_SET_SIGN_ALGORITHM_X (&__gss_netlogon_set_sign_algorithm_x_oid_desc)
+
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_netlogon_nt_netbios_dns_name_oid_desc;
+#define GSS_NETLOGON_NT_NETBIOS_DNS_NAME (&__gss_netlogon_nt_netbios_dns_name_oid_desc)
+
+/*
+ * "Standard" mechs
+ */
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_mechanism_oid_desc;
+#define GSS_KRB5_MECHANISM (&__gss_krb5_mechanism_oid_desc)
+
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_ntlm_mechanism_oid_desc;
+#define GSS_NTLM_MECHANISM (&__gss_ntlm_mechanism_oid_desc)
+
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_spnego_mechanism_oid_desc;
+#define GSS_SPNEGO_MECHANISM (&__gss_spnego_mechanism_oid_desc)
+
+ /* From Luke Howard */
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_peer_has_updated_spnego_oid_desc;
+#define GSS_C_PEER_HAS_UPDATED_SPNEGO (&__gss_c_peer_has_updated_spnego_oid_desc)
+
+/*
+ * OID mappings with name and short description and and slightly longer description
+ */
+/*
+ * RFC5587
+ */
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_mech_concrete_oid_desc;
+#define GSS_C_MA_MECH_CONCRETE (&__gss_c_ma_mech_concrete_oid_desc)
+
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_mech_pseudo_oid_desc;
+#define GSS_C_MA_MECH_PSEUDO (&__gss_c_ma_mech_pseudo_oid_desc)
+
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_mech_composite_oid_desc;
+#define GSS_C_MA_MECH_COMPOSITE (&__gss_c_ma_mech_composite_oid_desc)
+
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_mech_nego_oid_desc;
+#define GSS_C_MA_MECH_NEGO (&__gss_c_ma_mech_nego_oid_desc)
+
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_mech_glue_oid_desc;
+#define GSS_C_MA_MECH_GLUE (&__gss_c_ma_mech_glue_oid_desc)
+
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_not_mech_oid_desc;
+#define GSS_C_MA_NOT_MECH (&__gss_c_ma_not_mech_oid_desc)
+
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_deprecated_oid_desc;
+#define GSS_C_MA_DEPRECATED (&__gss_c_ma_deprecated_oid_desc)
+
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_not_dflt_mech_oid_desc;
+#define GSS_C_MA_NOT_DFLT_MECH (&__gss_c_ma_not_dflt_mech_oid_desc)
+
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_itok_framed_oid_desc;
+#define GSS_C_MA_ITOK_FRAMED (&__gss_c_ma_itok_framed_oid_desc)
+
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_auth_init_oid_desc;
+#define GSS_C_MA_AUTH_INIT (&__gss_c_ma_auth_init_oid_desc)
+
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_auth_targ_oid_desc;
+#define GSS_C_MA_AUTH_TARG (&__gss_c_ma_auth_targ_oid_desc)
+
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_auth_init_init_oid_desc;
+#define GSS_C_MA_AUTH_INIT_INIT (&__gss_c_ma_auth_init_init_oid_desc)
+
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_auth_targ_init_oid_desc;
+#define GSS_C_MA_AUTH_TARG_INIT (&__gss_c_ma_auth_targ_init_oid_desc)
+
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_auth_init_anon_oid_desc;
+#define GSS_C_MA_AUTH_INIT_ANON (&__gss_c_ma_auth_init_anon_oid_desc)
+
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_auth_targ_anon_oid_desc;
+#define GSS_C_MA_AUTH_TARG_ANON (&__gss_c_ma_auth_targ_anon_oid_desc)
+
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_deleg_cred_oid_desc;
+#define GSS_C_MA_DELEG_CRED (&__gss_c_ma_deleg_cred_oid_desc)
+
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_integ_prot_oid_desc;
+#define GSS_C_MA_INTEG_PROT (&__gss_c_ma_integ_prot_oid_desc)
+
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_conf_prot_oid_desc;
+#define GSS_C_MA_CONF_PROT (&__gss_c_ma_conf_prot_oid_desc)
+
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_mic_oid_desc;
+#define GSS_C_MA_MIC (&__gss_c_ma_mic_oid_desc)
+
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_wrap_oid_desc;
+#define GSS_C_MA_WRAP (&__gss_c_ma_wrap_oid_desc)
+
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_prot_ready_oid_desc;
+#define GSS_C_MA_PROT_READY (&__gss_c_ma_prot_ready_oid_desc)
+
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_replay_det_oid_desc;
+#define GSS_C_MA_REPLAY_DET (&__gss_c_ma_replay_det_oid_desc)
+
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_oos_det_oid_desc;
+#define GSS_C_MA_OOS_DET (&__gss_c_ma_oos_det_oid_desc)
+
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_cbindings_oid_desc;
+#define GSS_C_MA_CBINDINGS (&__gss_c_ma_cbindings_oid_desc)
+
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_pfs_oid_desc;
+#define GSS_C_MA_PFS (&__gss_c_ma_pfs_oid_desc)
+
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_compress_oid_desc;
+#define GSS_C_MA_COMPRESS (&__gss_c_ma_compress_oid_desc)
+
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_ctx_trans_oid_desc;
+#define GSS_C_MA_CTX_TRANS (&__gss_c_ma_ctx_trans_oid_desc)
+
+#endif /* GSSAPI_GSSAPI_OID */
diff --git a/source4/heimdal/lib/gssapi/gssapi_mech.h b/source4/heimdal/lib/gssapi/gssapi_mech.h
index 93b7bf72d7..b06e60a82f 100644
--- a/source4/heimdal/lib/gssapi/gssapi_mech.h
+++ b/source4/heimdal/lib/gssapi/gssapi_mech.h
@@ -354,7 +354,60 @@ _gss_import_cred_t(OM_uint32 * minor_status,
gss_cred_id_t * cred_handle);
-#define GMI_VERSION 2
+typedef OM_uint32 GSSAPI_CALLCONV
+_gss_acquire_cred_ex_t(void * /* status */,
+ const gss_name_t /* desired_name */,
+ OM_uint32 /* flags */,
+ OM_uint32 /* time_req */,
+ gss_cred_usage_t /* cred_usage */,
+ void * /* identity */,
+ void * /* ctx */,
+ void (* /*complete */)(void *, OM_uint32, void *, gss_cred_id_t, OM_uint32));
+
+typedef void GSSAPI_CALLCONV
+_gss_iter_creds_t(OM_uint32 /* flags */,
+ void * /* userctx */,
+ void (* /*cred_iter */ )(void *, gss_OID, gss_cred_id_t));
+
+typedef OM_uint32 GSSAPI_CALLCONV
+_gss_destroy_cred_t(OM_uint32 * /* minor_status */,
+ gss_cred_id_t * /* cred */);
+
+typedef OM_uint32 GSSAPI_CALLCONV
+_gss_cred_hold_t(OM_uint32 * /* minor_status */,
+ gss_cred_id_t /* cred */);
+
+typedef OM_uint32 GSSAPI_CALLCONV
+_gss_cred_unhold_t(OM_uint32 * /* minor_status */,
+ gss_cred_id_t /* cred */);
+
+typedef OM_uint32 GSSAPI_CALLCONV
+_gss_cred_label_set_t(OM_uint32 * /* minor_status */,
+ gss_cred_id_t /* cred */,
+ const char * /* label */,
+ gss_buffer_t /* value */);
+
+typedef OM_uint32 GSSAPI_CALLCONV
+_gss_cred_label_get_t(OM_uint32 * /* minor_status */,
+ gss_cred_id_t /* cred */,
+ const char * /* label */,
+ gss_buffer_t /* value */);
+
+typedef struct gss_mo_desc_struct gss_mo_desc;
+
+struct gss_mo_desc_struct {
+ gss_OID option;
+ OM_uint32 flags;
+#define GSS_MO_MA 1
+#define GSS_MO_MA_CRITICAL 2
+ const char *name;
+ void *ctx;
+ int (*get)(gss_const_OID, gss_mo_desc *, gss_buffer_t);
+ int (*set)(gss_const_OID, gss_mo_desc *, int, gss_buffer_t);
+};
+
+
+#define GMI_VERSION 4
/* gm_flags */
#define GM_USE_MG_CRED 1 /* uses mech glue credentials */
@@ -405,10 +458,19 @@ typedef struct gssapi_mech_interface_desc {
_gss_store_cred_t *gm_store_cred;
_gss_export_cred_t *gm_export_cred;
_gss_import_cred_t *gm_import_cred;
+ _gss_acquire_cred_ex_t *gm_acquire_cred_ex;
+ _gss_iter_creds_t *gm_iter_creds;
+ _gss_destroy_cred_t *gm_destroy_cred;
+ _gss_cred_hold_t *gm_cred_hold;
+ _gss_cred_unhold_t *gm_cred_unhold;
+ _gss_cred_label_get_t *gm_cred_label_get;
+ _gss_cred_label_set_t *gm_cred_label_set;
+ gss_mo_desc *gm_mo;
+ size_t gm_mo_num;
} gssapi_mech_interface_desc, *gssapi_mech_interface;
gssapi_mech_interface
-__gss_get_mechanism(gss_OID /* oid */);
+__gss_get_mechanism(gss_const_OID /* oid */);
gssapi_mech_interface __gss_spnego_initialize(void);
gssapi_mech_interface __gss_krb5_initialize(void);
@@ -416,4 +478,18 @@ gssapi_mech_interface __gss_ntlm_initialize(void);
void gss_mg_collect_error(gss_OID, OM_uint32, OM_uint32);
+int _gss_mo_get_option_1(gss_const_OID, gss_mo_desc *, gss_buffer_t);
+int _gss_mo_get_option_0(gss_const_OID, gss_mo_desc *, gss_buffer_t);
+int _gss_mo_get_ctx_as_string(gss_const_OID, gss_mo_desc *, gss_buffer_t);
+
+struct _gss_oid_name_table {
+ gss_OID oid;
+ const char *name;
+ const char *short_desc;
+ const char *long_desc;
+};
+
+extern struct _gss_oid_name_table _gss_ont_mech[];
+extern struct _gss_oid_name_table _gss_ont_ma[];
+
#endif /* GSSAPI_MECH_H */
diff --git a/source4/heimdal/lib/gssapi/krb5/acquire_cred.c b/source4/heimdal/lib/gssapi/krb5/acquire_cred.c
index 584ce7711a..d0042e874b 100644
--- a/source4/heimdal/lib/gssapi/krb5/acquire_cred.c
+++ b/source4/heimdal/lib/gssapi/krb5/acquire_cred.c
@@ -40,7 +40,7 @@ __gsskrb5_ccache_lifetime(OM_uint32 *minor_status,
krb5_principal principal,
OM_uint32 *lifetime)
{
- krb5_creds in_cred, *out_cred;
+ krb5_creds in_cred, out_cred;
krb5_const_realm realm;
krb5_error_code kret;
@@ -61,16 +61,16 @@ __gsskrb5_ccache_lifetime(OM_uint32 *minor_status,
return GSS_S_FAILURE;
}
- kret = krb5_get_credentials(context, 0,
- id, &in_cred, &out_cred);
+ kret = krb5_cc_retrieve_cred(context, id, 0, &in_cred, &out_cred);
krb5_free_principal(context, in_cred.server);
if (kret) {
- *minor_status = kret;
- return GSS_S_FAILURE;
+ *minor_status = 0;
+ *lifetime = 0;
+ return GSS_S_COMPLETE;
}
- *lifetime = out_cred->times.endtime;
- krb5_free_creds(context, out_cred);
+ *lifetime = out_cred.times.endtime;
+ krb5_free_cred_contents(context, &out_cred);
return GSS_S_COMPLETE;
}
diff --git a/source4/heimdal/lib/gssapi/krb5/external.c b/source4/heimdal/lib/gssapi/krb5/external.c
index ef33c5575a..d6f14a48f7 100644
--- a/source4/heimdal/lib/gssapi/krb5/external.c
+++ b/source4/heimdal/lib/gssapi/krb5/external.c
@@ -153,47 +153,6 @@ gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_nt_principal_name_oid_desc =
{10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x01") };
/*
- * This name form shall be represented by the Object Identifier {iso(1)
- * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
- * generic(1) user_name(1)}. The recommended symbolic name for this
- * type is "GSS_KRB5_NT_USER_NAME".
- */
-
-/*
- * This name form shall be represented by the Object Identifier {iso(1)
- * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
- * generic(1) machine_uid_name(2)}. The recommended symbolic name for
- * this type is "GSS_KRB5_NT_MACHINE_UID_NAME".
- */
-
-/*
- * This name form shall be represented by the Object Identifier {iso(1)
- * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
- * generic(1) string_uid_name(3)}. The recommended symbolic name for
- * this type is "GSS_KRB5_NT_STRING_UID_NAME".
- */
-
-/*
- * To support ongoing experimentation, testing, and evolution of the
- * specification, the Kerberos V5 GSS-API mechanism as defined in this
- * and any successor memos will be identified with the following Object
- * Identifier, as defined in RFC-1510, until the specification is
- * advanced to the level of Proposed Standard RFC:
- *
- * {iso(1), org(3), dod(5), internet(1), security(5), kerberosv5(2)}
- *
- * Upon advancement to the level of Proposed Standard RFC, the Kerberos
- * V5 GSS-API mechanism will be identified by an Object Identifier
- * having the value:
- *
- * {iso(1) member-body(2) United States(840) mit(113554) infosys(1)
- * gssapi(2) krb5(2)}
- */
-
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_mechanism_oid_desc =
- {9, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02") };
-
-/*
* draft-ietf-cat-iakerb-09, IAKERB:
* The mechanism ID for IAKERB proxy GSS-API Kerberos, in accordance
* with the mechanism proposed by SPNEGO [7] for negotiating protocol
@@ -213,104 +172,100 @@ gss_OID_desc GSSAPI_LIB_VARIABLE __gss_iakerb_min_msg_mechanism_oid_desc =
{7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0a\x02") };
/*
- *
- */
-
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_peer_has_updated_spnego_oid_desc =
- {9, (void *)"\x2b\x06\x01\x04\x01\xa9\x4a\x13\x05"};
-
-/*
- * 1.2.752.43.13 Heimdal GSS-API Extentions
- */
-
-/* 1.2.752.43.13.1 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_copy_ccache_x_oid_desc =
- {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x01")};
-
-/* 1.2.752.43.13.2 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_tkt_flags_x_oid_desc =
- {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x02")};
-
-/* 1.2.752.43.13.3 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_extract_authz_data_from_sec_context_x_oid_desc =
- {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x03")};
-
-/* 1.2.752.43.13.4 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_compat_des3_mic_x_oid_desc =
- {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x04")};
-
-/* 1.2.752.43.13.5 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_register_acceptor_identity_x_oid_desc =
- {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x05")};
-
-/* 1.2.752.43.13.6 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_export_lucid_context_x_oid_desc =
- {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x06")};
-
-/* 1.2.752.43.13.6.1 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_export_lucid_context_v1_x_oid_desc =
- {7, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x06\x01")};
-
-/* 1.2.752.43.13.7 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_dns_canonicalize_x_oid_desc =
- {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x07")};
-
-/* 1.2.752.43.13.8 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_subkey_x_oid_desc =
- {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x08")};
-
-/* 1.2.752.43.13.9 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_initiator_subkey_x_oid_desc =
- {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x09")};
-
-/* 1.2.752.43.13.10 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_acceptor_subkey_x_oid_desc =
- {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0a")};
-
-/* 1.2.752.43.13.11 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_send_to_kdc_x_oid_desc =
- {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0b")};
-
-/* 1.2.752.43.13.12 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_authtime_x_oid_desc =
- {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0c")};
-
-/* 1.2.752.43.13.13 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_service_keyblock_x_oid_desc =
- {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0d")};
-
-/* 1.2.752.43.13.14 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_allowable_enctypes_x_oid_desc =
- {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0e")};
-
-/* 1.2.752.43.13.15 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_default_realm_x_oid_desc =
- {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0f")};
-
-/* 1.2.752.43.13.16 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_ccache_name_x_oid_desc =
- {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x10")};
-
-/* 1.2.752.43.13.17 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_time_offset_x_oid_desc =
- {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x11")};
-
-/* 1.2.752.43.13.18 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_time_offset_x_oid_desc =
- {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x12")};
-
-/* 1.2.752.43.13.19 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_plugin_register_x_oid_desc =
- {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x13")};
-
-/* 1.2.752.43.14.1 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_sasl_digest_md5_mechanism_oid_desc =
- {6, rk_UNCONST("\x2a\x85\x70\x2b\x0e\x01") };
-
-/*
* Context for krb5 calls.
*/
+static gss_mo_desc krb5_mo[] = {
+ {
+ GSS_C_MA_SASL_MECH_NAME,
+ GSS_MO_MA,
+ "SASL mech name",
+ "GS2-KRB5",
+ _gss_mo_get_ctx_as_string,
+ NULL
+ },
+ {
+ GSS_C_MA_MECH_NAME,
+ GSS_MO_MA,
+ "Mechanism name",
+ "KRB5",
+ _gss_mo_get_ctx_as_string,
+ NULL
+ },
+ {
+ GSS_C_MA_MECH_DESCRIPTION,
+ GSS_MO_MA,
+ "Mechanism description",
+ "Heimdal Kerberos 5 mech",
+ _gss_mo_get_ctx_as_string,
+ NULL
+ },
+ {
+ GSS_C_MA_MECH_CONCRETE,
+ GSS_MO_MA
+ },
+ {
+ GSS_C_MA_ITOK_FRAMED,
+ GSS_MO_MA
+ },
+ {
+ GSS_C_MA_AUTH_INIT,
+ GSS_MO_MA
+ },
+ {
+ GSS_C_MA_AUTH_TARG,
+ GSS_MO_MA
+ },
+ {
+ GSS_C_MA_AUTH_INIT_ANON,
+ GSS_MO_MA
+ },
+ {
+ GSS_C_MA_DELEG_CRED,
+ GSS_MO_MA
+ },
+ {
+ GSS_C_MA_INTEG_PROT,
+ GSS_MO_MA
+ },
+ {
+ GSS_C_MA_CONF_PROT,
+ GSS_MO_MA
+ },
+ {
+ GSS_C_MA_MIC,
+ GSS_MO_MA
+ },
+ {
+ GSS_C_MA_WRAP,
+ GSS_MO_MA
+ },
+ {
+ GSS_C_MA_PROT_READY,
+ GSS_MO_MA
+ },
+ {
+ GSS_C_MA_REPLAY_DET,
+ GSS_MO_MA
+ },
+ {
+ GSS_C_MA_OOS_DET,
+ GSS_MO_MA
+ },
+ {
+ GSS_C_MA_CBINDINGS,
+ GSS_MO_MA
+ },
+ {
+ GSS_C_MA_PFS,
+ GSS_MO_MA
+ },
+ {
+ GSS_C_MA_CTX_TRANS,
+ GSS_MO_MA
+ }
+};
+
/*
*
*/
@@ -359,7 +314,16 @@ static gssapi_mech_interface_desc krb5_mech = {
_gk_wrap_iov_length,
_gsskrb5_store_cred,
_gsskrb5_export_cred,
- _gsskrb5_import_cred
+ _gsskrb5_import_cred,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ krb5_mo,
+ sizeof(krb5_mo) / sizeof(krb5_mo[0])
};
gssapi_mech_interface
diff --git a/source4/heimdal/lib/gssapi/krb5/set_cred_option.c b/source4/heimdal/lib/gssapi/krb5/set_cred_option.c
index d6255bacb5..5ff6172fb9 100644
--- a/source4/heimdal/lib/gssapi/krb5/set_cred_option.c
+++ b/source4/heimdal/lib/gssapi/krb5/set_cred_option.c
@@ -32,15 +32,6 @@
#include "gsskrb5_locl.h"
-/* 1.2.752.43.13.17 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_cred_no_ci_flags_x_oid_desc =
-{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x11")};
-
-/* 1.2.752.43.13.18 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_import_cred_x_oid_desc =
-{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x12")};
-
-
static OM_uint32
import_cred(OM_uint32 *minor_status,
krb5_context context,
diff --git a/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c b/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c
index 5fc41d9954..b1368db91c 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c
@@ -353,7 +353,7 @@ _gss_load_mech(void)
}
gssapi_mech_interface
-__gss_get_mechanism(gss_OID mech)
+__gss_get_mechanism(gss_const_OID mech)
{
struct _gss_mech_switch *m;
diff --git a/source4/heimdal/lib/gssapi/mech/gss_mo.c b/source4/heimdal/lib/gssapi/mech/gss_mo.c
new file mode 100644
index 0000000000..354229f7ae
--- /dev/null
+++ b/source4/heimdal/lib/gssapi/mech/gss_mo.c
@@ -0,0 +1,464 @@
+/*
+ * Copyright (c) 2010 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Portions Copyright (c) 2010 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "mech_locl.h"
+
+static int
+get_option_def(int def, gss_const_OID mech, gss_mo_desc *mo, gss_buffer_t value)
+{
+ return def;
+}
+
+
+int
+_gss_mo_get_option_1(gss_const_OID mech, gss_mo_desc *mo, gss_buffer_t value)
+{
+ return get_option_def(1, mech, mo, value);
+}
+
+int
+_gss_mo_get_option_0(gss_const_OID mech, gss_mo_desc *mo, gss_buffer_t value)
+{
+ return get_option_def(0, mech, mo, value);
+}
+
+int
+_gss_mo_get_ctx_as_string(gss_const_OID mech, gss_mo_desc *mo, gss_buffer_t value)
+{
+ if (value) {
+ value->value = strdup((char *)mo->ctx);
+ if (value->value == NULL)
+ return 1;
+ value->length = strlen((char *)mo->ctx);
+ }
+ return 0;
+}
+
+GSSAPI_LIB_FUNCTION int GSSAPI_LIB_CALL
+gss_mo_set(gss_const_OID mech, gss_const_OID option,
+ int enable, gss_buffer_t value)
+{
+ gssapi_mech_interface m;
+ size_t n;
+
+ if ((m = __gss_get_mechanism(mech)) == NULL)
+ return GSS_S_BAD_MECH;
+
+ for (n = 0; n < m->gm_mo_num; n++)
+ if (gss_oid_equal(option, m->gm_mo[n].option) && m->gm_mo[n].set)
+ return m->gm_mo[n].set(mech, &m->gm_mo[n], enable, value);
+ return 0;
+}
+
+GSSAPI_LIB_FUNCTION int GSSAPI_LIB_CALL
+gss_mo_get(gss_const_OID mech, gss_const_OID option, gss_buffer_t value)
+{
+ gssapi_mech_interface m;
+ size_t n;
+
+ _mg_buffer_zero(value);
+
+ if ((m = __gss_get_mechanism(mech)) == NULL)
+ return 0;
+
+ for (n = 0; n < m->gm_mo_num; n++)
+ if (gss_oid_equal(option, m->gm_mo[n].option) && m->gm_mo[n].get)
+ return m->gm_mo[n].get(mech, &m->gm_mo[n], value);
+
+ return 0;
+}
+
+static void
+add_all_mo(gssapi_mech_interface m, gss_OID_set *options, OM_uint32 mask)
+{
+ OM_uint32 minor;
+ size_t n;
+
+ for (n = 0; n < m->gm_mo_num; n++)
+ if ((m->gm_mo[n].flags & mask) == mask)
+ gss_add_oid_set_member(&minor, m->gm_mo[n].option, options);
+}
+
+GSSAPI_LIB_FUNCTION void GSSAPI_LIB_CALL
+gss_mo_list(gss_const_OID mech, gss_OID_set *options)
+{
+ gssapi_mech_interface m;
+ OM_uint32 major, minor;
+
+ if (options == NULL)
+ return;
+
+ *options = GSS_C_NO_OID_SET;
+
+ if ((m = __gss_get_mechanism(mech)) == NULL)
+ return;
+
+ major = gss_create_empty_oid_set(&minor, options);
+ if (major != GSS_S_COMPLETE)
+ return;
+
+ add_all_mo(m, options, 0);
+}
+
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
+gss_mo_name(gss_const_OID mech, gss_const_OID option, gss_buffer_t name)
+{
+ gssapi_mech_interface m;
+ size_t n;
+
+ if (name == NULL)
+ return GSS_S_BAD_NAME;
+
+ if ((m = __gss_get_mechanism(mech)) == NULL)
+ return GSS_S_BAD_MECH;
+
+ for (n = 0; n < m->gm_mo_num; n++) {
+ if (gss_oid_equal(option, m->gm_mo[n].option)) {
+ /*
+ * If ther is no name, its because its a GSS_C_MA and there is already a table for that.
+ */
+ if (m->gm_mo[n].name) {
+ name->value = strdup(m->gm_mo[n].name);
+ if (name->value == NULL)
+ return GSS_S_BAD_NAME;
+ name->length = strlen(m->gm_mo[n].name);
+ return GSS_S_COMPLETE;
+ } else {
+ OM_uint32 junk;
+ return gss_display_mech_attr(&junk, option,
+ NULL, name, NULL);
+ }
+ }
+ }
+ return GSS_S_BAD_NAME;
+}
+
+/*
+ * Helper function to allow NULL name
+ */
+
+static OM_uint32
+mo_value(const gss_const_OID mech, gss_const_OID option, gss_buffer_t name)
+{
+ if (name == NULL)
+ return GSS_S_COMPLETE;
+
+ if (gss_mo_get(mech, option, name) != 0 && name->length == 0)
+ return GSS_S_FAILURE;
+
+ return GSS_S_COMPLETE;
+}
+
+/**
+ * Returns differnt protocol names and description of the mechanism.
+ *
+ * @param minor_status minor status code
+ * @param desired_mech mech list query
+ * @param sasl_mech_name SASL GS2 protocol name
+ * @param mech_name gssapi protocol name
+ * @param mech_description description of gssapi mech
+ *
+ * @return returns GSS_S_COMPLETE or a error code.
+ *
+ * @ingroup gssapi
+ */
+
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
+gss_inquire_saslname_for_mech(OM_uint32 *minor_status,
+ const gss_OID desired_mech,
+ gss_buffer_t sasl_mech_name,
+ gss_buffer_t mech_name,
+ gss_buffer_t mech_description)
+{
+ OM_uint32 major;
+
+ _mg_buffer_zero(sasl_mech_name);
+ _mg_buffer_zero(mech_name);
+ _mg_buffer_zero(mech_description);
+
+ if (minor_status)
+ *minor_status = 0;
+
+ if (desired_mech == NULL)
+ return GSS_S_BAD_MECH;
+
+ major = mo_value(desired_mech, GSS_C_MA_SASL_MECH_NAME, sasl_mech_name);
+ if (major) return major;
+
+ major = mo_value(desired_mech, GSS_C_MA_MECH_NAME, mech_name);
+ if (major) return major;
+
+ major = mo_value(desired_mech, GSS_C_MA_MECH_DESCRIPTION, mech_description);
+ if (major) return major;
+
+ return GSS_S_COMPLETE;
+}
+
+/**
+ * Find a mech for a sasl name
+ *
+ * @param minor_status minor status code
+ * @param sasl_mech_name
+ * @param mech_type
+ *
+ * @return returns GSS_S_COMPLETE or an error code.
+ */
+
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
+gss_inquire_mech_for_saslname(OM_uint32 *minor_status,
+ const gss_buffer_t sasl_mech_name,
+ gss_OID *mech_type)
+{
+ struct _gss_mech_switch *m;
+ gss_buffer_desc name;
+ OM_uint32 major;
+
+ _gss_load_mech();
+
+ *mech_type = NULL;
+
+ SLIST_FOREACH(m, &_gss_mechs, gm_link) {
+
+ major = mo_value(&m->gm_mech_oid, GSS_C_MA_SASL_MECH_NAME, &name);
+ if (major)
+ continue;
+ if (name.length == sasl_mech_name->length &&
+ memcmp(name.value, sasl_mech_name->value, name.length) == 0) {
+ gss_release_buffer(&major, &name);
+ *mech_type = &m->gm_mech_oid;
+ return 0;
+ }
+ gss_release_buffer(&major, &name);
+ }
+
+ return GSS_S_BAD_MECH;
+}
+
+/**
+ * Return set of mechanism that fullfill the criteria
+ *
+ * @param minor_status minor status code
+ * @param desired_mech_attrs
+ * @param except_mech_attrs
+ * @param critical_mech_attrs
+ * @param mechs returned mechs, free with gss_release_oid_set().
+ *
+ * @return returns GSS_S_COMPLETE or an error code.
+ */
+
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
+gss_indicate_mechs_by_attrs(OM_uint32 * minor_status,
+ gss_const_OID_set desired_mech_attrs,
+ gss_const_OID_set except_mech_attrs,
+ gss_const_OID_set critical_mech_attrs,
+ gss_OID_set *mechs)
+{
+ struct _gss_mech_switch *ms;
+ OM_uint32 major;
+ size_t n, m;
+
+ major = gss_create_empty_oid_set(minor_status, mechs);
+ if (major)
+ return major;
+
+ _gss_load_mech();
+
+ SLIST_FOREACH(ms, &_gss_mechs, gm_link) {
+ gssapi_mech_interface mi = &ms->gm_mech;
+
+ if (desired_mech_attrs) {
+ for (n = 0; n < desired_mech_attrs->count; n++) {
+ for (m = 0; m < mi->gm_mo_num; m++)
+ if (gss_oid_equal(mi->gm_mo[m].option, &desired_mech_attrs->elements[n]))
+ break;
+ if (m == mi->gm_mo_num)
+ goto next;
+ }
+ }
+
+ if (except_mech_attrs) {
+ for (n = 0; n < desired_mech_attrs->count; n++) {
+ for (m = 0; m < mi->gm_mo_num; m++) {
+ if (gss_oid_equal(mi->gm_mo[m].option, &desired_mech_attrs->elements[n]))
+ goto next;
+ }
+ }
+ }
+
+ if (critical_mech_attrs) {
+ for (n = 0; n < desired_mech_attrs->count; n++) {
+ for (m = 0; m < mi->gm_mo_num; m++) {
+ if (mi->gm_mo[m].flags & GSS_MO_MA_CRITICAL)
+ continue;
+ if (gss_oid_equal(mi->gm_mo[m].option, &desired_mech_attrs->elements[n]))
+ break;
+ }
+ if (m == mi->gm_mo_num)
+ goto next;
+ }
+ }
+
+
+ next:
+ do { } while(0);
+ }
+
+
+ return GSS_S_FAILURE;
+}
+
+/**
+ * List support attributes for a mech and/or all mechanisms.
+ *
+ * @param minor_status minor status code
+ * @param mech given together with mech_attr will return the list of
+ * attributes for mechanism, can optionally be GSS_C_NO_OID.
+ * @param mech_attr see mech parameter, can optionally be NULL,
+ * release with gss_release_oid_set().
+ * @param known_mech_attrs all attributes for mechanisms supported,
+ * release with gss_release_oid_set().
+ *
+ * @ingroup gssapi
+ */
+
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
+gss_inquire_attrs_for_mech(OM_uint32 * minor_status,
+ gss_const_OID mech,
+ gss_OID_set *mech_attr,
+ gss_OID_set *known_mech_attrs)
+{
+ OM_uint32 major, junk;
+
+ if (mech_attr && mech) {
+ gssapi_mech_interface m;
+
+ if ((m = __gss_get_mechanism(mech)) == NULL) {
+ *minor_status = 0;
+ return GSS_S_BAD_MECH;
+ }
+
+ major = gss_create_empty_oid_set(minor_status, mech_attr);
+ if (major != GSS_S_COMPLETE)
+ return major;
+
+ add_all_mo(m, mech_attr, GSS_MO_MA);
+ }
+
+ if (known_mech_attrs) {
+ struct _gss_mech_switch *m;
+
+ major = gss_create_empty_oid_set(minor_status, known_mech_attrs);
+ if (major) {
+ if (mech_attr)
+ gss_release_oid_set(&junk, mech_attr);
+ return major;
+ }
+
+ _gss_load_mech();
+
+ SLIST_FOREACH(m, &_gss_mechs, gm_link)
+ add_all_mo(&m->gm_mech, known_mech_attrs, GSS_MO_MA);
+ }
+
+
+ return GSS_S_COMPLETE;
+}
+
+/**
+ * Return names and descriptions of mech attributes
+ *
+ * @param minor_status minor status code
+ * @param mech_attr
+ * @param name
+ * @param short_desc
+ * @param long_desc
+ *
+ * @return returns GSS_S_COMPLETE or an error code.
+ */
+
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
+gss_display_mech_attr(OM_uint32 * minor_status,
+ gss_const_OID mech_attr,
+ gss_buffer_t name,
+ gss_buffer_t short_desc,
+ gss_buffer_t long_desc)
+{
+ struct _gss_oid_name_table *ma = NULL;
+ OM_uint32 major;
+ size_t n;
+
+ _mg_buffer_zero(name);
+ _mg_buffer_zero(short_desc);
+ _mg_buffer_zero(long_desc);
+
+ if (minor_status)
+ *minor_status = 0;
+
+ for (n = 0; ma == NULL && _gss_ont_ma[n].oid; n++)
+ if (gss_oid_equal(mech_attr, _gss_ont_ma[n].oid))
+ ma = &_gss_ont_ma[n];
+
+ if (ma == NULL)
+ return GSS_S_BAD_MECH_ATTR;
+
+ if (name) {
+ gss_buffer_desc n;
+ n.value = rk_UNCONST(ma->name);
+ n.length = strlen(ma->name);
+ major = _gss_copy_buffer(minor_status, &n, name);
+ if (major != GSS_S_COMPLETE)
+ return major;
+ }
+
+ if (short_desc) {
+ gss_buffer_desc n;
+ n.value = rk_UNCONST(ma->short_desc);
+ n.length = strlen(ma->short_desc);
+ major = _gss_copy_buffer(minor_status, &n, short_desc);
+ if (major != GSS_S_COMPLETE)
+ return major;
+ }
+
+ if (long_desc) {
+ gss_buffer_desc n;
+ n.value = rk_UNCONST(ma->long_desc);
+ n.length = strlen(ma->long_desc);
+ major = _gss_copy_buffer(minor_status, &n, long_desc);
+ if (major != GSS_S_COMPLETE)
+ return major;
+ }
+
+ return GSS_S_COMPLETE;
+}
diff --git a/source4/heimdal/lib/gssapi/mech/gss_oid.c b/source4/heimdal/lib/gssapi/mech/gss_oid.c
new file mode 100644
index 0000000000..0bd016cd44
--- /dev/null
+++ b/source4/heimdal/lib/gssapi/mech/gss_oid.c
@@ -0,0 +1,253 @@
+/* Generated file */
+#include "mech_locl.h"
+
+/* GSS_KRB5_COPY_CCACHE_X - 1.2.752.43.13.1 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_copy_ccache_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x01" };
+
+/* GSS_KRB5_GET_TKT_FLAGS_X - 1.2.752.43.13.2 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_tkt_flags_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x02" };
+
+/* GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X - 1.2.752.43.13.3 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_extract_authz_data_from_sec_context_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x03" };
+
+/* GSS_KRB5_COMPAT_DES3_MIC_X - 1.2.752.43.13.4 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_compat_des3_mic_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x04" };
+
+/* GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X - 1.2.752.43.13.5 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_register_acceptor_identity_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x05" };
+
+/* GSS_KRB5_EXPORT_LUCID_CONTEXT_X - 1.2.752.43.13.6 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_export_lucid_context_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x06" };
+
+/* GSS_KRB5_EXPORT_LUCID_CONTEXT_V1_X - 1.2.752.43.13.6.1 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_export_lucid_context_v1_x_oid_desc = { 7, "\x2a\x85\x70\x2b\x0d\x06\x01" };
+
+/* GSS_KRB5_SET_DNS_CANONICALIZE_X - 1.2.752.43.13.7 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_dns_canonicalize_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x07" };
+
+/* GSS_KRB5_GET_SUBKEY_X - 1.2.752.43.13.8 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_subkey_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x08" };
+
+/* GSS_KRB5_GET_INITIATOR_SUBKEY_X - 1.2.752.43.13.9 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_initiator_subkey_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x09" };
+
+/* GSS_KRB5_GET_ACCEPTOR_SUBKEY_X - 1.2.752.43.13.10 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_acceptor_subkey_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x0a" };
+
+/* GSS_KRB5_SEND_TO_KDC_X - 1.2.752.43.13.11 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_send_to_kdc_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x0b" };
+
+/* GSS_KRB5_GET_AUTHTIME_X - 1.2.752.43.13.12 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_authtime_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x0c" };
+
+/* GSS_KRB5_GET_SERVICE_KEYBLOCK_X - 1.2.752.43.13.13 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_service_keyblock_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x0d" };
+
+/* GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X - 1.2.752.43.13.14 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_allowable_enctypes_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x0e" };
+
+/* GSS_KRB5_SET_DEFAULT_REALM_X - 1.2.752.43.13.15 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_default_realm_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x0f" };
+
+/* GSS_KRB5_CCACHE_NAME_X - 1.2.752.43.13.16 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_ccache_name_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x10" };
+
+/* GSS_KRB5_SET_TIME_OFFSET_X - 1.2.752.43.13.17 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_time_offset_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x11" };
+
+/* GSS_KRB5_GET_TIME_OFFSET_X - 1.2.752.43.13.18 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_time_offset_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x12" };
+
+/* GSS_KRB5_PLUGIN_REGISTER_X - 1.2.752.43.13.19 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_plugin_register_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x13" };
+
+/* GSS_NTLM_GET_SESSION_KEY_X - 1.2.752.43.13.20 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_ntlm_get_session_key_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x14" };
+
+/* GSS_C_NT_NTLM - 1.2.752.43.13.21 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_ntlm_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x15" };
+
+/* GSS_C_NT_DN - 1.2.752.43.13.22 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_dn_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x16" };
+
+/* GSS_KRB5_NT_PRINCIPAL_NAME_REFERRAL - 1.2.752.43.13.23 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_nt_principal_name_referral_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x17" };
+
+/* GSS_C_NTLM_AVGUEST - 1.2.752.43.13.24 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_avguest_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x18" };
+
+/* GSS_C_NTLM_V1 - 1.2.752.43.13.25 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_v1_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x19" };
+
+/* GSS_C_NTLM_V2 - 1.2.752.43.13.26 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_v2_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x1a" };
+
+/* GSS_C_NTLM_SESSION_KEY - 1.2.752.43.13.27 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_session_key_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x1b" };
+
+/* GSS_C_NTLM_FORCE_V1 - 1.2.752.43.13.28 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_force_v1_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x1c" };
+
+/* GSS_KRB5_CRED_NO_CI_FLAGS_X - 1.2.752.43.13.29 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_cred_no_ci_flags_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x1d" };
+
+/* GSS_KRB5_IMPORT_CRED_X - 1.2.752.43.13.30 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_import_cred_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x1e" };
+
+/* GSS_C_MA_SASL_MECH_NAME - 1.2.752.43.13.100 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_sasl_mech_name_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x64" };
+
+/* GSS_C_MA_MECH_NAME - 1.2.752.43.13.101 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_name_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x65" };
+
+/* GSS_C_MA_MECH_DESCRIPTION - 1.2.752.43.13.102 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_description_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x66" };
+
+/* GSS_SASL_DIGEST_MD5_MECHANISM - 1.2.752.43.14.1 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_sasl_digest_md5_mechanism_oid_desc = { 6, "\x2a\x85\x70\x2b\x0e\x01" };
+
+/* GSS_NETLOGON_MECHANISM - 1.2.752.43.14.2 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_mechanism_oid_desc = { 6, "\x2a\x85\x70\x2b\x0e\x02" };
+
+/* GSS_NETLOGON_SET_SESSION_KEY_X - 1.2.752.43.14.3 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_set_session_key_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0e\x03" };
+
+/* GSS_NETLOGON_SET_SIGN_ALGORITHM_X - 1.2.752.43.14.4 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_set_sign_algorithm_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0e\x04" };
+
+/* GSS_NETLOGON_NT_NETBIOS_DNS_NAME - 1.2.752.43.14.5 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_nt_netbios_dns_name_oid_desc = { 6, "\x2a\x85\x70\x2b\x0e\x05" };
+
+/* GSS_KRB5_MECHANISM - 1.2.840.113554.1.2.2 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_mechanism_oid_desc = { 9, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02" };
+
+/* GSS_NTLM_MECHANISM - 1.3.6.1.4.1.311.2.2.10 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_ntlm_mechanism_oid_desc = { 10, "\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a" };
+
+/* GSS_SPNEGO_MECHANISM - 1.3.6.1.5.5.2 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_spnego_mechanism_oid_desc = { 6, "\x2b\x06\x01\x05\x05\x02" };
+
+/* GSS_C_PEER_HAS_UPDATED_SPNEGO - 1.3.6.1.4.1.9513.19.5 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_peer_has_updated_spnego_oid_desc = { 9, "\x2b\x06\x01\x04\x01\xca\x29\x13\x05" };
+
+/* GSS_C_MA_MECH_CONCRETE - 1.3.6.1.5.5.13.1 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_concrete_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x01" };
+
+/* GSS_C_MA_MECH_PSEUDO - 1.3.6.1.5.5.13.2 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_pseudo_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x02" };
+
+/* GSS_C_MA_MECH_COMPOSITE - 1.3.6.1.5.5.13.3 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_composite_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x03" };
+
+/* GSS_C_MA_MECH_NEGO - 1.3.6.1.5.5.13.4 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_nego_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x04" };
+
+/* GSS_C_MA_MECH_GLUE - 1.3.6.1.5.5.13.5 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_glue_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x05" };
+
+/* GSS_C_MA_NOT_MECH - 1.3.6.1.5.5.13.6 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_not_mech_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x06" };
+
+/* GSS_C_MA_DEPRECATED - 1.3.6.1.5.5.13.7 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_deprecated_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x07" };
+
+/* GSS_C_MA_NOT_DFLT_MECH - 1.3.6.1.5.5.13.8 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_not_dflt_mech_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x08" };
+
+/* GSS_C_MA_ITOK_FRAMED - 1.3.6.1.5.5.13.9 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_itok_framed_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x09" };
+
+/* GSS_C_MA_AUTH_INIT - 1.3.6.1.5.5.13.10 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_init_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x0a" };
+
+/* GSS_C_MA_AUTH_TARG - 1.3.6.1.5.5.13.11 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_targ_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x0b" };
+
+/* GSS_C_MA_AUTH_INIT_INIT - 1.3.6.1.5.5.13.12 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_init_init_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x0c" };
+
+/* GSS_C_MA_AUTH_TARG_INIT - 1.3.6.1.5.5.13.13 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_targ_init_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x0d" };
+
+/* GSS_C_MA_AUTH_INIT_ANON - 1.3.6.1.5.5.13.14 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_init_anon_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x0e" };
+
+/* GSS_C_MA_AUTH_TARG_ANON - 1.3.6.1.5.5.13.15 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_targ_anon_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x0f" };
+
+/* GSS_C_MA_DELEG_CRED - 1.3.6.1.5.5.13.16 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_deleg_cred_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x10" };
+
+/* GSS_C_MA_INTEG_PROT - 1.3.6.1.5.5.13.17 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_integ_prot_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x11" };
+
+/* GSS_C_MA_CONF_PROT - 1.3.6.1.5.5.13.18 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_conf_prot_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x12" };
+
+/* GSS_C_MA_MIC - 1.3.6.1.5.5.13.19 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mic_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x13" };
+
+/* GSS_C_MA_WRAP - 1.3.6.1.5.5.13.20 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_wrap_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x14" };
+
+/* GSS_C_MA_PROT_READY - 1.3.6.1.5.5.13.21 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_prot_ready_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x15" };
+
+/* GSS_C_MA_REPLAY_DET - 1.3.6.1.5.5.13.22 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_replay_det_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x16" };
+
+/* GSS_C_MA_OOS_DET - 1.3.6.1.5.5.13.23 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_oos_det_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x17" };
+
+/* GSS_C_MA_CBINDINGS - 1.3.6.1.5.5.13.24 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_cbindings_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x18" };
+
+/* GSS_C_MA_PFS - 1.3.6.1.5.5.13.25 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_pfs_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x19" };
+
+/* GSS_C_MA_COMPRESS - 1.3.6.1.5.5.13.26 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_compress_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x1a" };
+
+/* GSS_C_MA_CTX_TRANS - 1.3.6.1.5.5.13.27 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_ctx_trans_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x1b" };
+
+struct _gss_oid_name_table _gss_ont_ma[] = {
+ { GSS_C_MA_COMPRESS, "GSS_C_MA_COMPRESS", "compress", "" },
+ { GSS_C_MA_AUTH_TARG_INIT, "GSS_C_MA_AUTH_TARG_INIT", "auth-targ-princ-initial", "" },
+ { GSS_C_MA_CBINDINGS, "GSS_C_MA_CBINDINGS", "channel-bindings", "" },
+ { GSS_C_MA_WRAP, "GSS_C_MA_WRAP", "wrap", "" },
+ { GSS_C_MA_ITOK_FRAMED, "GSS_C_MA_ITOK_FRAMED", "initial-is-framed", "" },
+ { GSS_C_MA_MECH_NEGO, "GSS_C_MA_MECH_NEGO", "mech-negotiation-mech", "" },
+ { GSS_C_MA_MECH_COMPOSITE, "GSS_C_MA_MECH_COMPOSITE", "composite-mech", "" },
+ { GSS_C_MA_REPLAY_DET, "GSS_C_MA_REPLAY_DET", "replay-detection", "" },
+ { GSS_C_MA_AUTH_INIT_ANON, "GSS_C_MA_AUTH_INIT_ANON", "auth-init-princ-anon", "" },
+ { GSS_C_MA_PROT_READY, "GSS_C_MA_PROT_READY", "prot-ready", "" },
+ { GSS_C_MA_AUTH_INIT, "GSS_C_MA_AUTH_INIT", "auth-init-princ", "" },
+ { GSS_C_MA_PFS, "GSS_C_MA_PFS", "pfs", "" },
+ { GSS_C_MA_CONF_PROT, "GSS_C_MA_CONF_PROT", "conf-prot", "" },
+ { GSS_C_MA_MECH_PSEUDO, "GSS_C_MA_MECH_PSEUDO", "pseudo-mech", "" },
+ { GSS_C_MA_AUTH_TARG, "GSS_C_MA_AUTH_TARG", "auth-targ-princ", "" },
+ { GSS_C_MA_MECH_NAME, "GSS_C_MA_MECH_NAME", "GSS mech name", "The name of the GSS-API mechanism" },
+ { GSS_C_MA_NOT_MECH, "GSS_C_MA_NOT_MECH", "not-mech", "" },
+ { GSS_C_MA_MIC, "GSS_C_MA_MIC", "mic", "" },
+ { GSS_C_MA_DEPRECATED, "GSS_C_MA_DEPRECATED", "mech-deprecated", "" },
+ { GSS_C_MA_MECH_GLUE, "GSS_C_MA_MECH_GLUE", "mech-glue", "" },
+ { GSS_C_MA_DELEG_CRED, "GSS_C_MA_DELEG_CRED", "deleg-cred", "" },
+ { GSS_C_MA_NOT_DFLT_MECH, "GSS_C_MA_NOT_DFLT_MECH", "mech-not-default", "" },
+ { GSS_C_MA_AUTH_TARG_ANON, "GSS_C_MA_AUTH_TARG_ANON", "auth-targ-princ-anon", "" },
+ { GSS_C_MA_INTEG_PROT, "GSS_C_MA_INTEG_PROT", "integ-prot", "" },
+ { GSS_C_MA_CTX_TRANS, "GSS_C_MA_CTX_TRANS", "context-transfer", "" },
+ { GSS_C_MA_MECH_DESCRIPTION, "GSS_C_MA_MECH_DESCRIPTION", "Mech description", "The long description of the mechanism" },
+ { GSS_C_MA_OOS_DET, "GSS_C_MA_OOS_DET", "oos-detection", "" },
+ { GSS_C_MA_AUTH_INIT_INIT, "GSS_C_MA_AUTH_INIT_INIT", "auth-init-princ-initial", "" },
+ { GSS_C_MA_MECH_CONCRETE, "GSS_C_MA_MECH_CONCRETE", "concrete-mech", "Indicates that a mech is neither a pseudo-mechanism nor a composite mechanism" },
+ { GSS_C_MA_SASL_MECH_NAME, "GSS_C_MA_SASL_MECH_NAME", "SASL mechanism name", "The name of the SASL mechanism" },
+ { NULL }
+};
+
+struct _gss_oid_name_table _gss_ont_mech[] = {
+ { GSS_KRB5_MECHANISM, "GSS_KRB5_MECHANISM", "Kerberos 5", "Heimdal Kerberos 5 mechanism" },
+ { GSS_SPNEGO_MECHANISM, "GSS_SPNEGO_MECHANISM", "SPNEGO", "Heimdal SPNEGO mechanism" },
+ { GSS_NTLM_MECHANISM, "GSS_NTLM_MECHANISM", "NTLM", "Heimdal NTLM mechanism" },
+ { NULL }
+};
diff --git a/source4/heimdal/lib/gssapi/mech/gss_oid_equal.c b/source4/heimdal/lib/gssapi/mech/gss_oid_equal.c
index 3e64135089..7d6ded39e4 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_oid_equal.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_oid_equal.c
@@ -48,7 +48,7 @@
*/
GSSAPI_LIB_FUNCTION int GSSAPI_LIB_CALL
-gss_oid_equal(const gss_OID a, const gss_OID b)
+gss_oid_equal(gss_const_OID a, gss_const_OID b)
{
if (a == b && a != GSS_C_NO_OID)
return 1;
diff --git a/source4/heimdal/lib/gssapi/mech/gss_oid_to_str.c b/source4/heimdal/lib/gssapi/mech/gss_oid_to_str.c
index d8e188da08..a1d7768772 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_oid_to_str.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_oid_to_str.c
@@ -65,3 +65,34 @@ gss_oid_to_str(OM_uint32 *minor_status, gss_OID oid, gss_buffer_t oid_str)
*minor_status = 0;
return GSS_S_COMPLETE;
}
+
+GSSAPI_LIB_FUNCTION const char * GSSAPI_LIB_CALL
+gss_oid_to_name(gss_const_OID oid)
+{
+ size_t i;
+
+ for (i = 0; _gss_ont_mech[i].oid; i++) {
+ if (gss_oid_equal(oid, _gss_ont_mech[i].oid))
+ return _gss_ont_mech[i].name;
+ }
+ return NULL;
+}
+
+GSSAPI_LIB_FUNCTION gss_OID GSSAPI_LIB_CALL
+gss_name_to_oid(const char *name)
+{
+ size_t i, partial = (size_t)-1;
+
+ for (i = 0; _gss_ont_mech[i].oid; i++) {
+ if (strcasecmp(name, _gss_ont_mech[i].short_desc) == 0)
+ return _gss_ont_mech[i].oid;
+ if (strncasecmp(name, _gss_ont_mech[i].short_desc, strlen(name)) == 0) {
+ if (partial != (size_t)-1)
+ return NULL;
+ partial = i;
+ }
+ }
+ if (partial != (size_t)-1)
+ return _gss_ont_mech[partial].oid;
+ return NULL;
+}
diff --git a/source4/heimdal/lib/gssapi/mech/gss_wrap.c b/source4/heimdal/lib/gssapi/mech/gss_wrap.c
index dcbb4fcdfe..d9864b36cc 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_wrap.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_wrap.c
@@ -28,6 +28,21 @@
#include "mech_locl.h"
+/**
+ * Wrap a message using either confidentiality (encryption +
+ * signature) or sealing (signature).
+ *
+ * @param minor_status minor status code.
+ * @param context_handle context handle.
+ * @param conf_req_flag if non zero, confidentiality is requestd.
+ * @param qop_req type of protection needed, in most cases it GSS_C_QOP_DEFAULT should be passed in.
+ * @param input_message_buffer messages to wrap
+ * @param conf_state returns non zero if confidentiality was honoured.
+ * @param output_message_buffer the resulting buffer, release with gss_release_buffer().
+ *
+ * @ingroup gssapi
+ */
+
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_wrap(OM_uint32 *minor_status,
const gss_ctx_id_t context_handle,
diff --git a/source4/heimdal/lib/gssapi/mech/mech_locl.h b/source4/heimdal/lib/gssapi/mech/mech_locl.h
index 17721fd3ce..cb10c23c38 100644
--- a/source4/heimdal/lib/gssapi/mech/mech_locl.h
+++ b/source4/heimdal/lib/gssapi/mech/mech_locl.h
@@ -64,4 +64,17 @@
#include "utils.h"
#define _mg_buffer_zero(buffer) \
- do { (buffer)->value = NULL; (buffer)->length = 0; } while(0)
+ do { \
+ if (buffer) { \
+ (buffer)->value = NULL; \
+ (buffer)->length = 0; \
+ } \
+ } while(0)
+
+#define _mg_oid_set_zero(oid_set) \
+ do { \
+ if (oid_set) { \
+ (oid_set)->elements = NULL; \
+ (oid_set)->count = 0; \
+ } \
+ } while(0)
diff --git a/source4/heimdal/lib/gssapi/spnego/external.c b/source4/heimdal/lib/gssapi/spnego/external.c
index d21e4dc7fe..5054754150 100644
--- a/source4/heimdal/lib/gssapi/spnego/external.c
+++ b/source4/heimdal/lib/gssapi/spnego/external.c
@@ -40,6 +40,41 @@
* iso.org.dod.internet.security.mechanism.snego (1.3.6.1.5.5.2).
*/
+static gss_mo_desc spnego_mo[] = {
+ {
+ GSS_C_MA_SASL_MECH_NAME,
+ GSS_MO_MA,
+ "SASL mech name",
+ "SPNEGO",
+ _gss_mo_get_ctx_as_string,
+ NULL
+ },
+ {
+ GSS_C_MA_MECH_NAME,
+ GSS_MO_MA,
+ "Mechanism name",
+ "SPNEGO",
+ _gss_mo_get_ctx_as_string,
+ NULL
+ },
+ {
+ GSS_C_MA_MECH_DESCRIPTION,
+ GSS_MO_MA,
+ "Mechanism description",
+ "Heimdal SPNEGO Mechanism",
+ _gss_mo_get_ctx_as_string,
+ NULL
+ },
+ {
+ GSS_C_MA_MECH_NEGO,
+ GSS_MO_MA
+ },
+ {
+ GSS_C_MA_MECH_PSEUDO,
+ GSS_MO_MA
+ }
+};
+
static gssapi_mech_interface_desc spnego_mech = {
GMI_VERSION,
"spnego",
@@ -84,7 +119,16 @@ static gssapi_mech_interface_desc spnego_mech = {
_gss_spnego_wrap_iov_length,
NULL,
_gss_spnego_export_cred,
- _gss_spnego_import_cred
+ _gss_spnego_import_cred,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ spnego_mo,
+ sizeof(spnego_mo) / sizeof(spnego_mo[0])
};
gssapi_mech_interface
@@ -92,6 +136,3 @@ __gss_spnego_initialize(void)
{
return &spnego_mech;
}
-
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_spnego_mechanism_oid_desc =
- {6, (void *)"\x2b\x06\x01\x05\x05\x02"};
diff --git a/source4/heimdal/lib/hcrypto/rsa-ltm.c b/source4/heimdal/lib/hcrypto/rsa-ltm.c
index f4828104b6..6ef4a83c51 100644
--- a/source4/heimdal/lib/hcrypto/rsa-ltm.c
+++ b/source4/heimdal/lib/hcrypto/rsa-ltm.c
@@ -385,8 +385,7 @@ ltm_rsa_private_decrypt(int flen, const unsigned char* from,
unsigned char* to, RSA* rsa, int padding)
{
unsigned char *ptr;
- int res;
- size_t size;
+ int res, size;
mp_int in, out, n, e, b, bi;
int blinding = (rsa->flags & RSA_FLAG_NO_BLINDING) == 0;
int do_unblind = 0;
diff --git a/source4/heimdal/lib/hcrypto/validate.c b/source4/heimdal/lib/hcrypto/validate.c
index 3ed358df66..f6f8be7030 100644
--- a/source4/heimdal/lib/hcrypto/validate.c
+++ b/source4/heimdal/lib/hcrypto/validate.c
@@ -38,7 +38,6 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
-#include <getarg.h>
#include <roken.h>
#include <evp.h>
diff --git a/source4/heimdal/lib/hdb/db.c b/source4/heimdal/lib/hdb/db.c
index 9de0a04a1f..69940edf89 100644
--- a/source4/heimdal/lib/hdb/db.c
+++ b/source4/heimdal/lib/hdb/db.c
@@ -318,7 +318,7 @@ hdb_db_create(krb5_context context, HDB **db,
(*db)->hdb_capability_flags = HDB_CAP_F_HANDLE_ENTERPRISE_PRINCIPAL;
(*db)->hdb_open = DB_open;
(*db)->hdb_close = DB_close;
- (*db)->hdb_fetch = _hdb_fetch;
+ (*db)->hdb_fetch_kvno = _hdb_fetch_kvno;
(*db)->hdb_store = _hdb_store;
(*db)->hdb_remove = _hdb_remove;
(*db)->hdb_firstkey = DB_firstkey;
diff --git a/source4/heimdal/lib/hdb/hdb-keytab.c b/source4/heimdal/lib/hdb/hdb-keytab.c
index 393981e47d..c1bad86796 100644
--- a/source4/heimdal/lib/hdb/hdb-keytab.c
+++ b/source4/heimdal/lib/hdb/hdb-keytab.c
@@ -118,7 +118,7 @@ hkt_open(krb5_context context, HDB * db, int flags, mode_t mode)
static krb5_error_code
hkt_fetch_kvno(krb5_context context, HDB * db, krb5_const_principal principal,
- unsigned flags, unsigned kvno, hdb_entry_ex * entry)
+ unsigned flags, krb5_kvno kvno, hdb_entry_ex * entry)
{
hdb_keytab k = (hdb_keytab)db->hdb_db;
krb5_error_code ret;
@@ -171,13 +171,6 @@ hkt_fetch_kvno(krb5_context context, HDB * db, krb5_const_principal principal,
}
static krb5_error_code
-hkt_fetch(krb5_context context, HDB * db, krb5_const_principal principal,
- unsigned flags, hdb_entry_ex * entry)
-{
- return hkt_fetch_kvno(context, db, principal, flags & ~HDB_F_KVNO_SPECIFIED, 0, entry);
-}
-
-static krb5_error_code
hkt_store(krb5_context context, HDB * db, unsigned flags,
hdb_entry_ex * entry)
{
@@ -221,7 +214,6 @@ hdb_keytab_create(krb5_context context, HDB ** db, const char *arg)
(*db)->hdb_openp = 0;
(*db)->hdb_open = hkt_open;
(*db)->hdb_close = hkt_close;
- (*db)->hdb_fetch = hkt_fetch;
(*db)->hdb_fetch_kvno = hkt_fetch_kvno;
(*db)->hdb_store = hkt_store;
(*db)->hdb_remove = NULL;
diff --git a/source4/heimdal/lib/hdb/hdb.c b/source4/heimdal/lib/hdb/hdb.c
index 97de918933..2c1de8b3d7 100644
--- a/source4/heimdal/lib/hdb/hdb.c
+++ b/source4/heimdal/lib/hdb/hdb.c
@@ -318,7 +318,7 @@ find_dynamic_method (krb5_context context,
if (asprintf(&symbol, "hdb_%s_interface", prefix) == -1)
krb5_errx(context, 1, "out of memory");
- mso = dlsym(dl, symbol);
+ mso = (struct hdb_so_method *) dlsym(dl, symbol);
if (mso == NULL) {
krb5_warnx(context, "error finding symbol %s in %s: %s\n",
symbol, path, dlerror());
diff --git a/source4/heimdal/lib/hdb/hdb.h b/source4/heimdal/lib/hdb/hdb.h
index bcd190caa3..1b0468a481 100644
--- a/source4/heimdal/lib/hdb/hdb.h
+++ b/source4/heimdal/lib/hdb/hdb.h
@@ -71,6 +71,13 @@ enum hdb_lockop{ HDB_RLOCK, HDB_WLOCK };
typedef struct hdb_master_key_data *hdb_master_key;
+/**
+ * hdb_entry_ex is a wrapper structure around the hdb_entry structure
+ * that allows backends to keep a pointer to the backing store, ie in
+ * ->hdb_fetch_kvno(), so that we the kadmin/kpasswd backend gets around to
+ * ->hdb_store(), the backend doesn't need to lookup the entry again.
+ */
+
typedef struct hdb_entry_ex {
void *ctx;
hdb_entry entry;
@@ -121,19 +128,10 @@ typedef struct HDB{
*
* Fetch an entry from the backend, flags are what type of entry
* should be fetch: client, server, krbtgt.
- */
- krb5_error_code (*hdb_fetch)(krb5_context, struct HDB*,
- krb5_const_principal, unsigned,
- hdb_entry_ex*);
- /**
- * Fetch an entry from the backend
- *
- * Fetch an entry from the backend, flags are what type of entry
- * should be fetch: client, server, krbtgt.
* knvo (if specified and flags HDB_F_KVNO_SPECIFIED set) is the kvno to get
*/
krb5_error_code (*hdb_fetch_kvno)(krb5_context, struct HDB*,
- krb5_const_principal, unsigned, unsigned,
+ krb5_const_principal, unsigned, krb5_kvno,
hdb_entry_ex*);
/**
* Store an entry to database
@@ -222,7 +220,7 @@ typedef struct HDB{
* all other operations, increasing the kvno, and update
* modification timestamp.
*
- * The backen need to call _kadm5_set_keys() and perform password
+ * The backend needs to call _kadm5_set_keys() and perform password
* quality checks.
*/
krb5_error_code (*hdb_password)(krb5_context, struct HDB*, hdb_entry_ex*, const char *, int);
@@ -238,7 +236,7 @@ typedef struct HDB{
*/
krb5_error_code (*hdb_auth_status)(krb5_context, struct HDB *, hdb_entry_ex *, int);
/**
- * Check is delegation is allowed.
+ * Check if delegation is allowed.
*/
krb5_error_code (*hdb_check_constrained_delegation)(krb5_context, struct HDB *, hdb_entry_ex *, krb5_const_principal);
diff --git a/source4/heimdal/lib/hdb/keytab.c b/source4/heimdal/lib/hdb/keytab.c
index b8cc0d47ee..05b78dafc5 100644
--- a/source4/heimdal/lib/hdb/keytab.c
+++ b/source4/heimdal/lib/hdb/keytab.c
@@ -211,17 +211,10 @@ hdb_get_entry(krb5_context context,
goto out2;
}
- if (*db->hdb_fetch_kvno) {
- ret = (*db->hdb_fetch_kvno)(context, db, principal,
- HDB_F_DECRYPT|HDB_F_KVNO_SPECIFIED|
- HDB_F_GET_CLIENT|HDB_F_GET_SERVER|HDB_F_GET_KRBTGT,
- kvno, &ent);
- } else {
- ret = (*db->hdb_fetch)(context, db, principal,
- HDB_F_DECRYPT|
- HDB_F_GET_CLIENT|HDB_F_GET_SERVER|HDB_F_GET_KRBTGT,
- &ent);
- }
+ ret = (*db->hdb_fetch_kvno)(context, db, principal,
+ HDB_F_DECRYPT|HDB_F_KVNO_SPECIFIED|
+ HDB_F_GET_CLIENT|HDB_F_GET_SERVER|HDB_F_GET_KRBTGT,
+ kvno, &ent);
if(ret == HDB_ERR_NOENTRY) {
ret = KRB5_KT_NOTFOUND;
diff --git a/source4/heimdal/lib/hdb/ndbm.c b/source4/heimdal/lib/hdb/ndbm.c
index 2a57d2ac27..5b2c07e5f6 100644
--- a/source4/heimdal/lib/hdb/ndbm.c
+++ b/source4/heimdal/lib/hdb/ndbm.c
@@ -370,7 +370,7 @@ hdb_ndbm_create(krb5_context context, HDB **db,
(*db)->hdb_capability_flags = HDB_CAP_F_HANDLE_ENTERPRISE_PRINCIPAL;
(*db)->hdb_open = NDBM_open;
(*db)->hdb_close = NDBM_close;
- (*db)->hdb_fetch = _hdb_fetch;
+ (*db)->hdb_fetch_kvno = _hdb_fetch_kvno;
(*db)->hdb_store = _hdb_store;
(*db)->hdb_remove = _hdb_remove;
(*db)->hdb_firstkey = NDBM_firstkey;
diff --git a/source4/heimdal/lib/hx509/sel-gram.c b/source4/heimdal/lib/hx509/sel-gram.c
index 8612b172da..5e705f19fd 100644
--- a/source4/heimdal/lib/hx509/sel-gram.c
+++ b/source4/heimdal/lib/hx509/sel-gram.c
@@ -8,17 +8,29 @@ static const char yysccsid[] = "@(#)yaccpar 1.9 (Berkeley) 02/21/93";
#define YYBYACC 1
#define YYMAJOR 1
#define YYMINOR 9
-#define YYPATCH 20070509
+#define YYPATCH 20100216
-#define YYEMPTY (-1)
-#define yyclearin (yychar = YYEMPTY)
-#define yyerrok (yyerrflag = 0)
-#define YYRECOVERING (yyerrflag != 0)
+#define YYEMPTY (-1)
+#define yyclearin (yychar = YYEMPTY)
+#define yyerrok (yyerrflag = 0)
+#define YYRECOVERING() (yyerrflag != 0)
-extern int yyparse(void);
-
-static int yygrowstack(void);
#define YYPREFIX "yy"
+
+/* compatibility with bison */
+#ifdef YYPARSE_PARAM
+/* compatibility with FreeBSD */
+#ifdef YYPARSE_PARAM_TYPE
+#define YYPARSE_DECL() yyparse(YYPARSE_PARAM_TYPE YYPARSE_PARAM)
+#else
+#define YYPARSE_DECL() yyparse(void *YYPARSE_PARAM)
+#endif
+#else
+#define YYPARSE_DECL() yyparse(void)
+#endif /* YYPARSE_PARAM */
+
+extern int YYPARSE_DECL();
+
#line 35 ""
#ifdef HAVE_CONFIG_H
#include <config.h>
@@ -33,7 +45,7 @@ typedef union {
char *string;
struct hx_expr *expr;
} YYSTYPE;
-#line 37 ""
+#line 48 ""
#define kw_TRUE 257
#define kw_FALSE 258
#define kw_AND 259
@@ -44,45 +56,45 @@ typedef union {
#define STRING 264
#define IDENTIFIER 265
#define YYERRCODE 256
-short yylhs[] = { -1,
+static const short yylhs[] = { -1,
0, 1, 1, 1, 1, 1, 1, 1, 4, 4,
2, 2, 2, 2, 2, 3, 3, 3, 3, 5,
6, 7, 8, 9, 9,
};
-short yylen[] = { 2,
+static const short yylen[] = { 2,
1, 1, 1, 2, 3, 3, 3, 1, 1, 3,
4, 4, 3, 5, 3, 1, 1, 1, 1, 1,
1, 4, 4, 3, 1,
};
-short yydefred[] = { 0,
+static const short yydefred[] = { 0,
2, 3, 20, 21, 0, 0, 0, 0, 0, 0,
8, 0, 16, 17, 18, 19, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 7, 0,
0, 0, 0, 0, 15, 13, 0, 0, 0, 22,
0, 23, 0, 12, 11, 10, 24, 14,
};
-short yydgoto[] = { 9,
+static const short yydgoto[] = { 9,
10, 11, 12, 28, 13, 14, 15, 16, 31,
};
-short yysindex[] = { -33,
+static const short yysindex[] = { -33,
0, 0, 0, 0, -23, -33, -33, -105, 0, -247,
0, -28, 0, 0, 0, 0, -36, -247, -39, -244,
-33, -33, -26, -36, -38, -37, -22, -16, 0, -19,
-97, -247, -247, -36, 0, 0, -36, -36, -36, 0,
-244, 0, -9, 0, 0, 0, 0, 0,
};
-short yyrindex[] = { 0,
+static const short yyrindex[] = { 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 36,
0, 0, 0, 0, 0, 0, 0, 3, 0, 0,
0, 0, 0, 0, 0, 0, -4, 0, 0, -87,
0, 6, 8, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0,
};
-short yygindex[] = { 0,
+static const short yygindex[] = { 0,
13, 0, -8, -24, 0, 0, 0, 16, -1,
};
#define YYTABLESIZE 234
-short yytable[] = { 6,
+static const short yytable[] = { 6,
8, 29, 4, 8, 25, 5, 7, 6, 27, 43,
8, 21, 22, 34, 46, 36, 17, 20, 18, 19,
30, 39, 37, 38, 40, 27, 41, 42, 44, 45,
@@ -108,7 +120,7 @@ short yytable[] = { 6,
22, 0, 0, 1, 2, 0, 3, 4, 5, 3,
4, 5, 23, 24,
};
-short yycheck[] = { 33,
+static const short yycheck[] = { 33,
37, 41, 0, 37, 33, 0, 40, 0, 17, 34,
37, 259, 260, 40, 39, 24, 40, 123, 6, 7,
265, 44, 61, 61, 41, 34, 46, 125, 37, 38,
@@ -140,7 +152,8 @@ short yycheck[] = { 33,
#endif
#define YYMAXTOKEN 265
#if YYDEBUG
-char *yyname[] = {
+static const char *yyname[] = {
+
"end-of-file",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
"'!'",0,0,0,"'%'",0,0,"'('","')'",0,0,"','",0,"'.'",0,0,0,0,0,0,0,0,0,0,0,0,0,0,
"'='",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
@@ -151,7 +164,7 @@ char *yyname[] = {
0,0,"kw_TRUE","kw_FALSE","kw_AND","kw_OR","kw_IN","kw_TAILMATCH","NUMBER",
"STRING","IDENTIFIER",
};
-char *yyrule[] = {
+static const char *yyrule[] = {
"$accept : start",
"start : expr",
"expr : kw_TRUE",
@@ -178,6 +191,7 @@ char *yyrule[] = {
"variable : '%' '{' variables '}'",
"variables : IDENTIFIER '.' variables",
"variables : IDENTIFIER",
+
};
#endif
#if YYDEBUG
@@ -201,64 +215,86 @@ char *yyrule[] = {
int yydebug;
int yynerrs;
+
+typedef struct {
+ unsigned stacksize;
+ short *s_base;
+ short *s_mark;
+ short *s_last;
+ YYSTYPE *l_base;
+ YYSTYPE *l_mark;
+} YYSTACKDATA;
+
+#define YYPURE 0
+
int yyerrflag;
int yychar;
-short *yyssp;
-YYSTYPE *yyvsp;
YYSTYPE yyval;
YYSTYPE yylval;
/* variables for the parser stack */
-static short *yyss;
-static short *yysslim;
-static YYSTYPE *yyvs;
-static int yystacksize;
+static YYSTACKDATA yystack;
/* allocate initial stack or double stack size, up to YYMAXDEPTH */
-static int yygrowstack(void)
+static int yygrowstack(YYSTACKDATA *data)
{
- int newsize, i;
+ int i;
+ unsigned newsize;
short *newss;
YYSTYPE *newvs;
- if ((newsize = yystacksize) == 0)
+ if ((newsize = data->stacksize) == 0)
newsize = YYINITSTACKSIZE;
else if (newsize >= YYMAXDEPTH)
return -1;
else if ((newsize *= 2) > YYMAXDEPTH)
newsize = YYMAXDEPTH;
- i = yyssp - yyss;
- newss = (yyss != 0)
- ? (short *)realloc(yyss, newsize * sizeof(*newss))
+ i = data->s_mark - data->s_base;
+ newss = (data->s_base != 0)
+ ? (short *)realloc(data->s_base, newsize * sizeof(*newss))
: (short *)malloc(newsize * sizeof(*newss));
if (newss == 0)
return -1;
- yyss = newss;
- yyssp = newss + i;
- newvs = (yyvs != 0)
- ? (YYSTYPE *)realloc(yyvs, newsize * sizeof(*newvs))
+ data->s_base = newss;
+ data->s_mark = newss + i;
+
+ newvs = (data->l_base != 0)
+ ? (YYSTYPE *)realloc(data->l_base, newsize * sizeof(*newvs))
: (YYSTYPE *)malloc(newsize * sizeof(*newvs));
if (newvs == 0)
return -1;
- yyvs = newvs;
- yyvsp = newvs + i;
- yystacksize = newsize;
- yysslim = yyss + newsize - 1;
+ data->l_base = newvs;
+ data->l_mark = newvs + i;
+
+ data->stacksize = newsize;
+ data->s_last = data->s_base + newsize - 1;
return 0;
}
-#define YYABORT goto yyabort
+#if YYPURE || defined(YY_NO_LEAKS)
+static void yyfreestack(YYSTACKDATA *data)
+{
+ free(data->s_base);
+ free(data->l_base);
+ memset(data, 0, sizeof(*data));
+}
+#else
+#define yyfreestack(data) /* nothing */
+#endif
+
+#define YYABORT goto yyabort
#define YYREJECT goto yyabort
#define YYACCEPT goto yyaccept
-#define YYERROR goto yyerrlab
+#define YYERROR goto yyerrlab
+
int
-yyparse(void)
+YYPARSE_DECL()
{
- register int yym, yyn, yystate;
+ int yym, yyn, yystate;
#if YYDEBUG
- register const char *yys;
+ const char *yys;
if ((yys = getenv("YYDEBUG")) != 0)
{
@@ -271,11 +307,17 @@ yyparse(void)
yynerrs = 0;
yyerrflag = 0;
yychar = YYEMPTY;
+ yystate = 0;
- if (yyss == NULL && yygrowstack()) goto yyoverflow;
- yyssp = yyss;
- yyvsp = yyvs;
- *yyssp = yystate = 0;
+#if YYPURE
+ memset(&yystack, 0, sizeof(yystack));
+#endif
+
+ if (yystack.s_base == NULL && yygrowstack(&yystack)) goto yyoverflow;
+ yystack.s_mark = yystack.s_base;
+ yystack.l_mark = yystack.l_base;
+ yystate = 0;
+ *yystack.s_mark = 0;
yyloop:
if ((yyn = yydefred[yystate]) != 0) goto yyreduce;
@@ -301,12 +343,13 @@ yyloop:
printf("%sdebug: state %d, shifting to state %d\n",
YYPREFIX, yystate, yytable[yyn]);
#endif
- if (yyssp >= yysslim && yygrowstack())
+ if (yystack.s_mark >= yystack.s_last && yygrowstack(&yystack))
{
goto yyoverflow;
}
- *++yyssp = yystate = yytable[yyn];
- *++yyvsp = yylval;
+ yystate = yytable[yyn];
+ *++yystack.s_mark = yytable[yyn];
+ *++yystack.l_mark = yylval;
yychar = YYEMPTY;
if (yyerrflag > 0) --yyerrflag;
goto yyloop;
@@ -321,9 +364,7 @@ yyloop:
yyerror("syntax error");
-#ifdef lint
goto yyerrlab;
-#endif
yyerrlab:
++yynerrs;
@@ -334,20 +375,21 @@ yyinrecovery:
yyerrflag = 3;
for (;;)
{
- if ((yyn = yysindex[*yyssp]) && (yyn += YYERRCODE) >= 0 &&
+ if ((yyn = yysindex[*yystack.s_mark]) && (yyn += YYERRCODE) >= 0 &&
yyn <= YYTABLESIZE && yycheck[yyn] == YYERRCODE)
{
#if YYDEBUG
if (yydebug)
printf("%sdebug: state %d, error recovery shifting\
- to state %d\n", YYPREFIX, *yyssp, yytable[yyn]);
+ to state %d\n", YYPREFIX, *yystack.s_mark, yytable[yyn]);
#endif
- if (yyssp >= yysslim && yygrowstack())
+ if (yystack.s_mark >= yystack.s_last && yygrowstack(&yystack))
{
goto yyoverflow;
}
- *++yyssp = yystate = yytable[yyn];
- *++yyvsp = yylval;
+ yystate = yytable[yyn];
+ *++yystack.s_mark = yytable[yyn];
+ *++yystack.l_mark = yylval;
goto yyloop;
}
else
@@ -355,11 +397,11 @@ yyinrecovery:
#if YYDEBUG
if (yydebug)
printf("%sdebug: error recovery discarding state %d\n",
- YYPREFIX, *yyssp);
+ YYPREFIX, *yystack.s_mark);
#endif
- if (yyssp <= yyss) goto yyabort;
- --yyssp;
- --yyvsp;
+ if (yystack.s_mark <= yystack.s_base) goto yyabort;
+ --yystack.s_mark;
+ --yystack.l_mark;
}
}
}
@@ -388,119 +430,119 @@ yyreduce:
#endif
yym = yylen[yyn];
if (yym)
- yyval = yyvsp[1-yym];
+ yyval = yystack.l_mark[1-yym];
else
memset(&yyval, 0, sizeof yyval);
switch (yyn)
{
case 1:
#line 73 ""
-{ _hx509_expr_input.expr = yyvsp[0].expr; }
+ { _hx509_expr_input.expr = yystack.l_mark[0].expr; }
break;
case 2:
#line 75 ""
-{ yyval.expr = _hx509_make_expr(op_TRUE, NULL, NULL); }
+ { yyval.expr = _hx509_make_expr(op_TRUE, NULL, NULL); }
break;
case 3:
#line 76 ""
-{ yyval.expr = _hx509_make_expr(op_FALSE, NULL, NULL); }
+ { yyval.expr = _hx509_make_expr(op_FALSE, NULL, NULL); }
break;
case 4:
#line 77 ""
-{ yyval.expr = _hx509_make_expr(op_NOT, yyvsp[0].expr, NULL); }
+ { yyval.expr = _hx509_make_expr(op_NOT, yystack.l_mark[0].expr, NULL); }
break;
case 5:
#line 78 ""
-{ yyval.expr = _hx509_make_expr(op_AND, yyvsp[-2].expr, yyvsp[0].expr); }
+ { yyval.expr = _hx509_make_expr(op_AND, yystack.l_mark[-2].expr, yystack.l_mark[0].expr); }
break;
case 6:
#line 79 ""
-{ yyval.expr = _hx509_make_expr(op_OR, yyvsp[-2].expr, yyvsp[0].expr); }
+ { yyval.expr = _hx509_make_expr(op_OR, yystack.l_mark[-2].expr, yystack.l_mark[0].expr); }
break;
case 7:
#line 80 ""
-{ yyval.expr = yyvsp[-1].expr; }
+ { yyval.expr = yystack.l_mark[-1].expr; }
break;
case 8:
#line 81 ""
-{ yyval.expr = _hx509_make_expr(op_COMP, yyvsp[0].expr, NULL); }
+ { yyval.expr = _hx509_make_expr(op_COMP, yystack.l_mark[0].expr, NULL); }
break;
case 9:
#line 84 ""
-{ yyval.expr = _hx509_make_expr(expr_WORDS, yyvsp[0].expr, NULL); }
+ { yyval.expr = _hx509_make_expr(expr_WORDS, yystack.l_mark[0].expr, NULL); }
break;
case 10:
#line 85 ""
-{ yyval.expr = _hx509_make_expr(expr_WORDS, yyvsp[-2].expr, yyvsp[0].expr); }
+ { yyval.expr = _hx509_make_expr(expr_WORDS, yystack.l_mark[-2].expr, yystack.l_mark[0].expr); }
break;
case 11:
#line 88 ""
-{ yyval.expr = _hx509_make_expr(comp_EQ, yyvsp[-3].expr, yyvsp[0].expr); }
+ { yyval.expr = _hx509_make_expr(comp_EQ, yystack.l_mark[-3].expr, yystack.l_mark[0].expr); }
break;
case 12:
#line 89 ""
-{ yyval.expr = _hx509_make_expr(comp_NE, yyvsp[-3].expr, yyvsp[0].expr); }
+ { yyval.expr = _hx509_make_expr(comp_NE, yystack.l_mark[-3].expr, yystack.l_mark[0].expr); }
break;
case 13:
#line 90 ""
-{ yyval.expr = _hx509_make_expr(comp_TAILEQ, yyvsp[-2].expr, yyvsp[0].expr); }
+ { yyval.expr = _hx509_make_expr(comp_TAILEQ, yystack.l_mark[-2].expr, yystack.l_mark[0].expr); }
break;
case 14:
#line 91 ""
-{ yyval.expr = _hx509_make_expr(comp_IN, yyvsp[-4].expr, yyvsp[-1].expr); }
+ { yyval.expr = _hx509_make_expr(comp_IN, yystack.l_mark[-4].expr, yystack.l_mark[-1].expr); }
break;
case 15:
#line 92 ""
-{ yyval.expr = _hx509_make_expr(comp_IN, yyvsp[-2].expr, yyvsp[0].expr); }
+ { yyval.expr = _hx509_make_expr(comp_IN, yystack.l_mark[-2].expr, yystack.l_mark[0].expr); }
break;
case 16:
#line 95 ""
-{ yyval.expr = yyvsp[0].expr; }
+ { yyval.expr = yystack.l_mark[0].expr; }
break;
case 17:
#line 96 ""
-{ yyval.expr = yyvsp[0].expr; }
+ { yyval.expr = yystack.l_mark[0].expr; }
break;
case 18:
#line 97 ""
-{ yyval.expr = yyvsp[0].expr; }
+ { yyval.expr = yystack.l_mark[0].expr; }
break;
case 19:
#line 98 ""
-{ yyval.expr = yyvsp[0].expr; }
+ { yyval.expr = yystack.l_mark[0].expr; }
break;
case 20:
#line 101 ""
-{ yyval.expr = _hx509_make_expr(expr_NUMBER, yyvsp[0].string, NULL); }
+ { yyval.expr = _hx509_make_expr(expr_NUMBER, yystack.l_mark[0].string, NULL); }
break;
case 21:
#line 102 ""
-{ yyval.expr = _hx509_make_expr(expr_STRING, yyvsp[0].string, NULL); }
+ { yyval.expr = _hx509_make_expr(expr_STRING, yystack.l_mark[0].string, NULL); }
break;
case 22:
#line 104 ""
-{
- yyval.expr = _hx509_make_expr(expr_FUNCTION, yyvsp[-3].string, yyvsp[-1].expr); }
+ {
+ yyval.expr = _hx509_make_expr(expr_FUNCTION, yystack.l_mark[-3].string, yystack.l_mark[-1].expr); }
break;
case 23:
#line 107 ""
-{ yyval.expr = yyvsp[-1].expr; }
+ { yyval.expr = yystack.l_mark[-1].expr; }
break;
case 24:
#line 110 ""
-{
- yyval.expr = _hx509_make_expr(expr_VAR, yyvsp[-2].string, yyvsp[0].expr); }
+ {
+ yyval.expr = _hx509_make_expr(expr_VAR, yystack.l_mark[-2].string, yystack.l_mark[0].expr); }
break;
case 25:
#line 112 ""
-{
- yyval.expr = _hx509_make_expr(expr_VAR, yyvsp[0].string, NULL); }
+ {
+ yyval.expr = _hx509_make_expr(expr_VAR, yystack.l_mark[0].string, NULL); }
break;
-#line 500 ""
+#line 541 ""
}
- yyssp -= yym;
- yystate = *yyssp;
- yyvsp -= yym;
+ yystack.s_mark -= yym;
+ yystate = *yystack.s_mark;
+ yystack.l_mark -= yym;
yym = yylhs[yyn];
if (yystate == 0 && yym == 0)
{
@@ -510,8 +552,8 @@ break;
state %d\n", YYPREFIX, YYFINAL);
#endif
yystate = YYFINAL;
- *++yyssp = YYFINAL;
- *++yyvsp = yyval;
+ *++yystack.s_mark = YYFINAL;
+ *++yystack.l_mark = yyval;
if (yychar < 0)
{
if ((yychar = yylex()) < 0) yychar = 0;
@@ -537,22 +579,24 @@ break;
#if YYDEBUG
if (yydebug)
printf("%sdebug: after reduction, shifting from state %d \
-to state %d\n", YYPREFIX, *yyssp, yystate);
+to state %d\n", YYPREFIX, *yystack.s_mark, yystate);
#endif
- if (yyssp >= yysslim && yygrowstack())
+ if (yystack.s_mark >= yystack.s_last && yygrowstack(&yystack))
{
goto yyoverflow;
}
- *++yyssp = yystate;
- *++yyvsp = yyval;
+ *++yystack.s_mark = (short) yystate;
+ *++yystack.l_mark = yyval;
goto yyloop;
yyoverflow:
yyerror("yacc stack overflow");
yyabort:
+ yyfreestack(&yystack);
return (1);
yyaccept:
+ yyfreestack(&yystack);
return (0);
}
diff --git a/source4/heimdal/lib/krb5/cache.c b/source4/heimdal/lib/krb5/cache.c
index 32a131b07c..211642e568 100644
--- a/source4/heimdal/lib/krb5/cache.c
+++ b/source4/heimdal/lib/krb5/cache.c
@@ -134,7 +134,7 @@ krb5_cc_register(krb5_context context,
}
}
if(i == context->num_cc_ops) {
- const krb5_cc_ops **o = realloc(context->cc_ops,
+ const krb5_cc_ops **o = realloc(rk_UNCONST(context->cc_ops),
(context->num_cc_ops + 1) *
sizeof(context->cc_ops[0]));
if(o == NULL) {
@@ -397,7 +397,7 @@ krb5_cc_get_full_name(krb5_context context,
*/
-const krb5_cc_ops *
+KRB5_LIB_FUNCTION const krb5_cc_ops * KRB5_LIB_CALL
krb5_cc_get_ops(krb5_context context, krb5_ccache id)
{
return id->ops;
@@ -461,7 +461,7 @@ environment_changed(krb5_context context)
* @ingroup krb5_ccache
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_switch(krb5_context context, krb5_ccache id)
{
@@ -477,7 +477,7 @@ krb5_cc_switch(krb5_context context, krb5_ccache id)
* @ingroup krb5_ccache
*/
-krb5_boolean KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_cc_support_switch(krb5_context context, const char *type)
{
const krb5_cc_ops *ops;
@@ -512,6 +512,12 @@ krb5_cc_set_default_name(krb5_context context, const char *name)
context->default_cc_name_env = strdup(e);
}
}
+
+#ifdef _WIN32
+ if (e == NULL) {
+ e = p = _krb5_get_default_cc_name_from_registry();
+ }
+#endif
if (e == NULL) {
e = krb5_config_get_string(context, NULL, "libdefaults",
"default_cc_name", NULL);
@@ -967,7 +973,7 @@ krb5_cc_clear_mcred(krb5_creds *mcred)
*/
-const krb5_cc_ops *
+KRB5_LIB_FUNCTION const krb5_cc_ops * KRB5_LIB_CALL
krb5_cc_get_prefix_ops(krb5_context context, const char *prefix)
{
char *p, *p1;
@@ -1183,7 +1189,7 @@ krb5_cc_cache_match (krb5_context context,
* @ingroup krb5_ccache
*/
-krb5_error_code
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_move(krb5_context context, krb5_ccache from, krb5_ccache to)
{
krb5_error_code ret;
@@ -1658,7 +1664,7 @@ krb5_cc_get_lifetime(krb5_context context, krb5_ccache id, time_t *t)
* @ingroup krb5_ccache
*/
-krb5_error_code
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_set_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat offset)
{
if (id->ops->set_kdc_offset == NULL) {
@@ -1683,7 +1689,7 @@ krb5_cc_set_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat offset)
* @ingroup krb5_ccache
*/
-krb5_error_code
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_get_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat *offset)
{
if (id->ops->get_kdc_offset == NULL) {
@@ -1692,3 +1698,30 @@ krb5_cc_get_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat *offset
}
return (*id->ops->get_kdc_offset)(context, id, offset);
}
+
+
+#ifdef _WIN32
+
+char *
+_krb5_get_default_cc_name_from_registry()
+{
+ HKEY hk_k5 = 0;
+ LONG code;
+ char * ccname = NULL;
+
+ code = RegOpenKeyEx(HKEY_CURRENT_USER,
+ "Software\\MIT\\Kerberos5",
+ 0, KEY_READ, &hk_k5);
+
+ if (code != ERROR_SUCCESS)
+ return NULL;
+
+ ccname = _krb5_parse_reg_value_as_string(NULL, hk_k5, "ccname",
+ REG_NONE, 0);
+
+ RegCloseKey(hk_k5);
+
+ return ccname;
+}
+
+#endif
diff --git a/source4/heimdal/lib/krb5/changepw.c b/source4/heimdal/lib/krb5/changepw.c
index a962f06f5f..22a7c87ef3 100644
--- a/source4/heimdal/lib/krb5/changepw.c
+++ b/source4/heimdal/lib/krb5/changepw.c
@@ -72,7 +72,7 @@ chgpw_send_request (krb5_context context,
krb5_creds *creds,
krb5_principal targprinc,
int is_stream,
- int sock,
+ rk_socket_t sock,
const char *passwd,
const char *host)
{
@@ -141,8 +141,8 @@ chgpw_send_request (krb5_context context,
iov[2].iov_base = krb_priv_data.data;
iov[2].iov_len = krb_priv_data.length;
- if (sendmsg (sock, &msghdr, 0) < 0) {
- ret = errno;
+ if (rk_IS_SOCKET_ERROR( sendmsg (sock, &msghdr, 0) )) {
+ ret = rk_SOCK_ERRNO;
krb5_set_error_message(context, ret, "sendmsg %s: %s",
host, strerror(ret));
}
@@ -164,7 +164,7 @@ setpw_send_request (krb5_context context,
krb5_creds *creds,
krb5_principal targprinc,
int is_stream,
- int sock,
+ rk_socket_t sock,
const char *passwd,
const char *host)
{
@@ -251,8 +251,8 @@ setpw_send_request (krb5_context context,
iov[2].iov_base = krb_priv_data.data;
iov[2].iov_len = krb_priv_data.length;
- if (sendmsg (sock, &msghdr, 0) < 0) {
- ret = errno;
+ if (rk_IS_SOCKET_ERROR( sendmsg (sock, &msghdr, 0) )) {
+ ret = rk_SOCK_ERRNO;
krb5_set_error_message(context, ret, "sendmsg %s: %s",
host, strerror(ret));
}
@@ -268,7 +268,7 @@ static krb5_error_code
process_reply (krb5_context context,
krb5_auth_context auth_context,
int is_stream,
- int sock,
+ rk_socket_t sock,
int *result_code,
krb5_data *result_code_string,
krb5_data *result_string,
@@ -288,8 +288,8 @@ process_reply (krb5_context context,
ret = recvfrom (sock, reply + len, sizeof(reply) - len,
0, NULL, NULL);
- if (ret < 0) {
- save_errno = errno;
+ if (rk_IS_SOCKET_ERROR(ret)) {
+ save_errno = rk_SOCK_ERRNO;
krb5_set_error_message(context, save_errno,
"recvfrom %s: %s",
host, strerror(save_errno));
@@ -316,8 +316,8 @@ process_reply (krb5_context context,
}
} else {
ret = recvfrom (sock, reply, sizeof(reply), 0, NULL, NULL);
- if (ret < 0) {
- save_errno = errno;
+ if (rk_IS_SOCKET_ERROR(ret)) {
+ save_errno = rk_SOCK_ERRNO;
krb5_set_error_message(context, save_errno,
"recvfrom %s: %s",
host, strerror(save_errno));
@@ -464,13 +464,13 @@ typedef krb5_error_code (*kpwd_send_request) (krb5_context,
krb5_creds *,
krb5_principal,
int,
- int,
+ rk_socket_t,
const char *,
const char *);
typedef krb5_error_code (*kpwd_process_reply) (krb5_context,
krb5_auth_context,
int,
- int,
+ rk_socket_t,
int *,
krb5_data *,
krb5_data *,
@@ -517,7 +517,7 @@ change_password_loop (krb5_context context,
krb5_auth_context auth_context = NULL;
krb5_krbhst_handle handle = NULL;
krb5_krbhst_info *hi;
- int sock;
+ rk_socket_t sock;
unsigned int i;
int done = 0;
krb5_realm realm;
@@ -565,20 +565,20 @@ change_password_loop (krb5_context context,
int replied = 0;
sock = socket (a->ai_family, a->ai_socktype | SOCK_CLOEXEC, a->ai_protocol);
- if (sock < 0)
+ if (rk_IS_BAD_SOCKET(sock))
continue;
rk_cloexec(sock);
ret = connect(sock, a->ai_addr, a->ai_addrlen);
- if (ret < 0) {
- close (sock);
+ if (rk_IS_SOCKET_ERROR(ret)) {
+ rk_closesocket (sock);
goto out;
}
ret = krb5_auth_con_genaddrs (context, auth_context, sock,
KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR);
if (ret) {
- close (sock);
+ rk_closesocket (sock);
goto out;
}
@@ -598,7 +598,7 @@ change_password_loop (krb5_context context,
newpw,
hi->hostname);
if (ret) {
- close(sock);
+ rk_closesocket(sock);
goto out;
}
}
@@ -608,7 +608,7 @@ change_password_loop (krb5_context context,
ret = ERANGE;
krb5_set_error_message(context, ret,
"fd %d too large", sock);
- close (sock);
+ rk_closesocket (sock);
goto out;
}
#endif
@@ -619,8 +619,8 @@ change_password_loop (krb5_context context,
tv.tv_sec = 1 + (1 << i);
ret = select (sock + 1, &fdset, NULL, NULL, &tv);
- if (ret < 0 && errno != EINTR) {
- close(sock);
+ if (rk_IS_SOCKET_ERROR(ret) && rk_SOCK_ERRNO != EINTR) {
+ rk_closesocket(sock);
goto out;
}
if (ret == 1) {
@@ -640,7 +640,7 @@ change_password_loop (krb5_context context,
ret = KRB5_KDC_UNREACH;
}
}
- close (sock);
+ rk_closesocket (sock);
}
}
diff --git a/source4/heimdal/lib/krb5/config_file.c b/source4/heimdal/lib/krb5/config_file.c
index 5840b8d9bd..d08c5b5851 100644
--- a/source4/heimdal/lib/krb5/config_file.c
+++ b/source4/heimdal/lib/krb5/config_file.c
@@ -84,8 +84,8 @@ static krb5_error_code parse_list(struct fileptr *f, unsigned *lineno,
krb5_config_binding **parent,
const char **err_message);
-static krb5_config_section *
-get_entry(krb5_config_section **parent, const char *name, int type)
+krb5_config_section *
+_krb5_config_get_entry(krb5_config_section **parent, const char *name, int type)
{
krb5_config_section **q;
@@ -135,7 +135,7 @@ parse_section(char *p, krb5_config_section **s, krb5_config_section **parent,
return KRB5_CONFIG_BADFORMAT;
}
*p1 = '\0';
- tmp = get_entry(parent, p + 1, krb5_config_list);
+ tmp = _krb5_config_get_entry(parent, p + 1, krb5_config_list);
if(tmp == NULL) {
*err_message = "out of memory";
return KRB5_CONFIG_BADFORMAT;
@@ -154,7 +154,7 @@ static krb5_error_code
parse_list(struct fileptr *f, unsigned *lineno, krb5_config_binding **parent,
const char **err_message)
{
- char buf[BUFSIZ];
+ char buf[KRB5_BUFSIZ];
krb5_error_code ret;
krb5_config_binding *b = NULL;
unsigned beg_lineno = *lineno;
@@ -216,14 +216,14 @@ parse_binding(struct fileptr *f, unsigned *lineno, char *p,
++p;
*p2 = '\0';
if (*p == '{') {
- tmp = get_entry(parent, p1, krb5_config_list);
+ tmp = _krb5_config_get_entry(parent, p1, krb5_config_list);
if (tmp == NULL) {
*err_message = "out of memory";
return KRB5_CONFIG_BADFORMAT;
}
ret = parse_list (f, lineno, &tmp->u.list, err_message);
} else {
- tmp = get_entry(parent, p1, krb5_config_string);
+ tmp = _krb5_config_get_entry(parent, p1, krb5_config_string);
if (tmp == NULL) {
*err_message = "out of memory";
return KRB5_CONFIG_BADFORMAT;
@@ -282,10 +282,10 @@ convert_content(const void *key, const void *value, void *context)
return;
if (CFGetTypeID(value) == CFStringGetTypeID()) {
- tmp = get_entry(parent, k, krb5_config_string);
+ tmp = _krb5_config_get_entry(parent, k, krb5_config_string);
tmp->u.string = cfstring2cstring(value);
} else if (CFGetTypeID(value) == CFDictionaryGetTypeID()) {
- tmp = get_entry(parent, k, krb5_config_list);
+ tmp = _krb5_config_get_entry(parent, k, krb5_config_list);
CFDictionaryApplyFunction(value, convert_content, &tmp->u.list);
} else {
/* log */
@@ -352,7 +352,7 @@ krb5_config_parse_debug (struct fileptr *f,
{
krb5_config_section *s = NULL;
krb5_config_binding *b = NULL;
- char buf[BUFSIZ];
+ char buf[KRB5_BUFSIZ];
krb5_error_code ret;
while (config_fgets(buf, sizeof(buf), f) != NULL) {
@@ -864,6 +864,55 @@ krb5_config_get_string_default (krb5_context context,
return ret;
}
+static char *
+next_component_string(char * begin, char * delims, char **state)
+{
+ char * end;
+
+ if (begin == NULL)
+ begin = *state;
+
+ if (*begin == '\0')
+ return NULL;
+
+ end = begin;
+ while (*end == '"') {
+ char * t;
+ while ((t = strchr(end + 1, '"')) != NULL && *(t - 1) == '\\') {
+ --t;
+ memmove(t, t + 1, strlen(t));
+ end = t;
+ }
+
+ if (t)
+ end = ++t;
+ else
+ end += strlen(end);
+ }
+
+ if (*end != '\0') {
+ size_t pos;
+
+ pos = strcspn(end, delims);
+ end = end + pos;
+ }
+
+ if (*end != '\0') {
+ *end = '\0';
+ *state = end + 1;
+ if (*begin == '"' && *(end - 1) == '"' && begin + 1 < end) {
+ begin++; *(end - 1) = '\0';
+ }
+ return begin;
+ }
+
+ *state = end;
+ if (*begin == '"' && *(end - 1) == '"' && begin + 1 < end) {
+ begin++; *(end - 1) = '\0';
+ }
+ return begin;
+}
+
/**
* Get a list of configuration strings, free the result with
* krb5_config_free_strings().
@@ -894,7 +943,7 @@ krb5_config_vget_strings(krb5_context context,
char *s;
if(tmp == NULL)
goto cleanup;
- s = strtok_r(tmp, " \t", &pos);
+ s = next_component_string(tmp, " \t", &pos);
while(s){
char **tmp2 = realloc(strings, (nstr + 1) * sizeof(*strings));
if(tmp2 == NULL)
@@ -904,7 +953,7 @@ krb5_config_vget_strings(krb5_context context,
nstr++;
if(strings[nstr-1] == NULL)
goto cleanup;
- s = strtok_r(NULL, " \t", &pos);
+ s = next_component_string(NULL, " \t", &pos);
}
free(tmp);
}
@@ -1259,7 +1308,7 @@ krb5_config_get_int (krb5_context context,
*/
KRB5_DEPRECATED
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_config_parse_string_multi(krb5_context context,
const char *string,
krb5_config_section **res)
diff --git a/source4/heimdal/lib/krb5/constants.c b/source4/heimdal/lib/krb5/constants.c
index 6223fb5d6b..bbb4832657 100644
--- a/source4/heimdal/lib/krb5/constants.c
+++ b/source4/heimdal/lib/krb5/constants.c
@@ -37,15 +37,18 @@
KRB5_LIB_VARIABLE const char *krb5_config_file =
#ifdef __APPLE__
-"~/Library/Preferences/com.apple.Kerberos.plist:"
-"/Library/Preferences/com.apple.Kerberos.plist:"
-"~/Library/Preferences/edu.mit.Kerberos:"
-"/Library/Preferences/edu.mit.Kerberos:"
+"~/Library/Preferences/com.apple.Kerberos.plist" PATH_SEP
+"/Library/Preferences/com.apple.Kerberos.plist" PATH_SEP
+"~/Library/Preferences/edu.mit.Kerberos" PATH_SEP
+"/Library/Preferences/edu.mit.Kerberos" PATH_SEP
#endif /* __APPLE__ */
-"~/.krb5/config:"
+"~/.krb5/config" PATH_SEP
SYSCONFDIR "/krb5.conf"
-#ifndef _WIN32
-":/etc/krb5.conf"
+#ifdef _WIN32
+PATH_SEP "%{COMMON_APPDATA}/Kerberos/krb5.conf"
+PATH_SEP "%{WINDOWS}/krb5.ini"
+#else
+PATH_SEP "/etc/krb5.conf"
#endif
;
diff --git a/source4/heimdal/lib/krb5/context.c b/source4/heimdal/lib/krb5/context.c
index 100eb1237d..d4e48d26c7 100644
--- a/source4/heimdal/lib/krb5/context.c
+++ b/source4/heimdal/lib/krb5/context.c
@@ -269,7 +269,7 @@ cc_ops_copy(krb5_context context, const krb5_context src_context)
return KRB5_CC_NOMEM;
}
- memcpy(cc_ops, src_context->cc_ops,
+ memcpy(rk_UNCONST(cc_ops), src_context->cc_ops,
sizeof(cc_ops[0]) * src_context->num_cc_ops);
context->cc_ops = cc_ops;
context->num_cc_ops = src_context->num_cc_ops;
@@ -559,7 +559,7 @@ krb5_free_context(krb5_context context)
krb5_free_host_realm (context, context->default_realms);
krb5_config_file_free (context, context->cf);
free_error_table (context->et_list);
- free(context->cc_ops);
+ free(rk_UNCONST(context->cc_ops));
free(context->kt_types);
krb5_clear_error_message(context);
if(context->warn_dest != NULL)
@@ -616,6 +616,11 @@ krb5_set_config_files(krb5_context context, char **filenames)
if(tmp == NULL)
return ENXIO;
#endif
+
+#ifdef _WIN32
+ _krb5_load_config_from_registry(context, &tmp);
+#endif
+
krb5_config_file_free(context, context->cf);
context->cf = tmp;
ret = init_context_from_config_file(context);
@@ -668,7 +673,7 @@ krb5_prepend_config_files(const char *filelist, char **pq, char ***ret_pp)
while(1) {
ssize_t l;
q = p;
- l = strsep_copy(&q, ":", NULL, 0);
+ l = strsep_copy(&q, PATH_SEP, NULL, 0);
if(l == -1)
break;
fn = malloc(l + 1);
@@ -676,7 +681,7 @@ krb5_prepend_config_files(const char *filelist, char **pq, char ***ret_pp)
krb5_free_config_files(pp);
return ENOMEM;
}
- (void)strsep_copy(&p, ":", fn, l + 1);
+ (void)strsep_copy(&p, PATH_SEP, fn, l + 1);
ret = add_file(&pp, &len, fn);
if (ret) {
krb5_free_config_files(pp);
@@ -736,6 +741,45 @@ krb5_prepend_config_files_default(const char *filelist, char ***pfilenames)
return 0;
}
+#ifdef _WIN32
+
+/**
+ * Checks the registry for configuration file location
+ *
+ * Kerberos for Windows and other legacy Kerberos applications expect
+ * to find the configuration file location in the
+ * SOFTWARE\MIT\Kerberos registry key under the value "config".
+ */
+char *
+_krb5_get_default_config_config_files_from_registry()
+{
+ static const char * KeyName = "Software\\MIT\\Kerberos";
+ char *config_file = NULL;
+ LONG rcode;
+ HKEY key;
+
+ rcode = RegOpenKeyEx(HKEY_CURRENT_USER, KeyName, 0, KEY_READ, &key);
+ if (rcode == ERROR_SUCCESS) {
+ config_file = _krb5_parse_reg_value_as_multi_string(NULL, key, "config",
+ REG_NONE, 0, PATH_SEP);
+ RegCloseKey(key);
+ }
+
+ if (config_file)
+ return config_file;
+
+ rcode = RegOpenKeyEx(HKEY_LOCAL_MACHINE, KeyName, 0, KEY_READ, &key);
+ if (rcode == ERROR_SUCCESS) {
+ config_file = _krb5_parse_reg_value_as_multi_string(NULL, key, "config",
+ REG_NONE, 0, PATH_SEP);
+ RegCloseKey(key);
+ }
+
+ return config_file;
+}
+
+#endif
+
/**
* Get the global configuration list.
*
@@ -756,6 +800,22 @@ krb5_get_default_config_files(char ***pfilenames)
return EINVAL;
if(!issuid())
files = getenv("KRB5_CONFIG");
+
+#ifdef _WIN32
+ if (files == NULL) {
+ char * reg_files;
+ reg_files = _krb5_get_default_config_config_files_from_registry();
+ if (reg_files != NULL) {
+ krb5_error_code code;
+
+ code = krb5_prepend_config_files(reg_files, NULL, pfilenames);
+ free(reg_files);
+
+ return code;
+ }
+ }
+#endif
+
if (files == NULL)
files = krb5_config_file;
@@ -1425,7 +1485,7 @@ _krb5_homedir_access(krb5_context context)
* @ingroup krb5
*/
-krb5_boolean
+KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_set_home_dir_access(krb5_context context, krb5_boolean allow)
{
krb5_boolean old;
diff --git a/source4/heimdal/lib/krb5/convert_creds.c b/source4/heimdal/lib/krb5/convert_creds.c
index aff843e785..e700425ffe 100644
--- a/source4/heimdal/lib/krb5/convert_creds.c
+++ b/source4/heimdal/lib/krb5/convert_creds.c
@@ -31,17 +31,13 @@
* SUCH DAMAGE.
*/
+#define KRB5_DEPRECATED
+
#include "krb5_locl.h"
#include "krb5-v4compat.h"
#ifndef HEIMDAL_SMALLER
-static krb5_error_code
-check_ticket_flags(TicketFlags f)
-{
- return 0; /* maybe add some more tests here? */
-}
-
/**
* Convert the v5 credentials in in_cred to v4-dito in v4creds. This
* is done by sending them to the 524 function in the KDC. If
@@ -58,91 +54,16 @@ check_ticket_flags(TicketFlags f)
* @ingroup krb5_v4compat
*/
+KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb524_convert_creds_kdc(krb5_context context,
krb5_creds *in_cred,
struct credentials *v4creds)
{
- krb5_error_code ret;
- krb5_data reply;
- krb5_storage *sp;
- int32_t tmp;
- krb5_data ticket;
- char realm[REALM_SZ];
- krb5_creds *v5_creds = in_cred;
-
- ret = check_ticket_flags(v5_creds->flags.b);
- if(ret)
- goto out2;
-
- {
- krb5_krbhst_handle handle;
-
- ret = krb5_krbhst_init(context,
- krb5_principal_get_realm(context,
- v5_creds->server),
- KRB5_KRBHST_KRB524,
- &handle);
- if (ret)
- goto out2;
-
- ret = krb5_sendto (context,
- &v5_creds->ticket,
- handle,
- &reply);
- krb5_krbhst_free(context, handle);
- if (ret)
- goto out2;
- }
- sp = krb5_storage_from_mem(reply.data, reply.length);
- if(sp == NULL) {
- ret = ENOMEM;
- krb5_set_error_message (context, ENOMEM, N_("malloc: out of memory", ""));
- goto out2;
- }
- krb5_ret_int32(sp, &tmp);
- ret = tmp;
- if(ret == 0) {
- memset(v4creds, 0, sizeof(*v4creds));
- ret = krb5_ret_int32(sp, &tmp);
- if(ret)
- goto out;
- v4creds->kvno = tmp;
- ret = krb5_ret_data(sp, &ticket);
- if(ret)
- goto out;
- v4creds->ticket_st.length = ticket.length;
- memcpy(v4creds->ticket_st.dat, ticket.data, ticket.length);
- krb5_data_free(&ticket);
- ret = krb5_524_conv_principal(context,
- v5_creds->server,
- v4creds->service,
- v4creds->instance,
- v4creds->realm);
- if(ret)
- goto out;
- v4creds->issue_date = v5_creds->times.starttime;
- v4creds->lifetime = _krb5_krb_time_to_life(v4creds->issue_date,
- v5_creds->times.endtime);
- ret = krb5_524_conv_principal(context, v5_creds->client,
- v4creds->pname,
- v4creds->pinst,
- realm);
- if(ret)
- goto out;
- memcpy(v4creds->session, v5_creds->session.keyvalue.data, 8);
- } else {
- krb5_prepend_error_message(context, ret,
- N_("converting credentials",
- "already localized"));
- }
-out:
- krb5_storage_free(sp);
- krb5_data_free(&reply);
-out2:
- if (v5_creds != in_cred)
- krb5_free_creds (context, v5_creds);
- return ret;
+ memset(v4creds, 0, sizeof(*v4creds));
+ krb5_set_error_message(context, EINVAL,
+ N_("krb524_convert_creds_kdc not supported", ""));
+ return EINVAL;
}
/**
@@ -160,48 +81,17 @@ out2:
* @ingroup krb5_v4compat
*/
+KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb524_convert_creds_kdc_ccache(krb5_context context,
krb5_ccache ccache,
krb5_creds *in_cred,
struct credentials *v4creds)
{
- krb5_error_code ret;
- krb5_creds *v5_creds = in_cred;
- krb5_keytype keytype;
-
- keytype = v5_creds->session.keytype;
-
- if (keytype != ENCTYPE_DES_CBC_CRC) {
- /* MIT krb524d doesn't like nothing but des-cbc-crc tickets,
- so go get one */
- krb5_creds template;
-
- memset (&template, 0, sizeof(template));
- template.session.keytype = ENCTYPE_DES_CBC_CRC;
- ret = krb5_copy_principal (context, in_cred->client, &template.client);
- if (ret) {
- krb5_free_cred_contents (context, &template);
- return ret;
- }
- ret = krb5_copy_principal (context, in_cred->server, &template.server);
- if (ret) {
- krb5_free_cred_contents (context, &template);
- return ret;
- }
-
- ret = krb5_get_credentials (context, 0, ccache,
- &template, &v5_creds);
- krb5_free_cred_contents (context, &template);
- if (ret)
- return ret;
- }
-
- ret = krb524_convert_creds_kdc(context, v5_creds, v4creds);
-
- if (v5_creds != in_cred)
- krb5_free_creds (context, v5_creds);
- return ret;
+ memset(v4creds, 0, sizeof(*v4creds));
+ krb5_set_error_message(context, EINVAL,
+ N_("krb524_convert_creds_kdc_ccache not supported", ""));
+ return EINVAL;
}
#endif
diff --git a/source4/heimdal/lib/krb5/creds.c b/source4/heimdal/lib/krb5/creds.c
index fd277148d5..69aacdc032 100644
--- a/source4/heimdal/lib/krb5/creds.c
+++ b/source4/heimdal/lib/krb5/creds.c
@@ -278,7 +278,7 @@ krb5_compare_creds(krb5_context context, krb5_flags whichfields,
* @ingroup krb5
*/
-unsigned long
+KRB5_LIB_FUNCTION unsigned long KRB5_LIB_CALL
krb5_creds_get_ticket_flags(krb5_creds *creds)
{
return TicketFlags2int(creds->flags.b);
diff --git a/source4/heimdal/lib/krb5/crypto.c b/source4/heimdal/lib/krb5/crypto.c
index f0b0692bc0..aa417e15eb 100644
--- a/source4/heimdal/lib/krb5/crypto.c
+++ b/source4/heimdal/lib/krb5/crypto.c
@@ -476,7 +476,7 @@ verify_checksum(krb5_context context,
krb5_set_error_message(context, ret,
N_("Decrypt integrity check failed for checksum "
"type %s, key type %s", ""),
- ct->name, crypto->et->name);
+ ct->name, (crypto != NULL)? crypto->et->name : "(none)");
return ret;
}
@@ -2315,7 +2315,7 @@ wrapped_length_dervied (krb5_context context,
* Return the size of an encrypted packet of length `data_len'
*/
-size_t
+KRB5_LIB_FUNCTION size_t KRB5_LIB_CALL
krb5_get_wrapped_length (krb5_context context,
krb5_crypto crypto,
size_t data_len)
@@ -2361,7 +2361,7 @@ crypto_overhead_dervied (krb5_context context,
return res;
}
-size_t
+KRB5_LIB_FUNCTION size_t KRB5_LIB_CALL
krb5_crypto_overhead (krb5_context context, krb5_crypto crypto)
{
if (derived_crypto (context, crypto))
diff --git a/source4/heimdal/lib/krb5/error_string.c b/source4/heimdal/lib/krb5/error_string.c
index 237d346f4d..dc2d4586a0 100644
--- a/source4/heimdal/lib/krb5/error_string.c
+++ b/source4/heimdal/lib/krb5/error_string.c
@@ -122,7 +122,7 @@ krb5_vset_error_message (krb5_context context, krb5_error_code ret,
* @ingroup krb5_error
*/
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_prepend_error_message(krb5_context context, krb5_error_code ret,
const char *fmt, ...)
__attribute__ ((format (printf, 3, 4)))
@@ -145,7 +145,7 @@ krb5_prepend_error_message(krb5_context context, krb5_error_code ret,
* @ingroup krb5_error
*/
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_vprepend_error_message(krb5_context context, krb5_error_code ret,
const char *fmt, va_list args)
__attribute__ ((format (printf, 3, 0)))
diff --git a/source4/heimdal/lib/krb5/get_cred.c b/source4/heimdal/lib/krb5/get_cred.c
index 901182192d..e06d4a12be 100644
--- a/source4/heimdal/lib/krb5/get_cred.c
+++ b/source4/heimdal/lib/krb5/get_cred.c
@@ -768,7 +768,8 @@ get_cred_kdc_capath_worker(krb5_context context,
ret = find_cred(context, ccache, tmp_creds.server,
*ret_tgts, &tgts);
if(ret == 0){
- if (strcmp(try_realm, client_realm) != 0)
+ /* only allow implicit ok_as_delegate if the realm is the clients realm */
+ if (strcmp(try_realm, client_realm) != 0 || strcmp(try_realm, server_realm) != 0)
ok_as_delegate = tgts.flags.b.ok_as_delegate;
*out_creds = calloc(1, sizeof(**out_creds));
diff --git a/source4/heimdal/lib/krb5/kcm.c b/source4/heimdal/lib/krb5/kcm.c
index 80a72ecbf7..1fe15d8064 100644
--- a/source4/heimdal/lib/krb5/kcm.c
+++ b/source4/heimdal/lib/krb5/kcm.c
@@ -97,7 +97,7 @@ kcm_send_request(krb5_context context,
return ret;
}
-krb5_error_code
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_kcm_storage_request(krb5_context context,
uint16_t opcode,
krb5_storage **storage_p)
@@ -164,7 +164,7 @@ kcm_alloc(krb5_context context, const char *name, krb5_ccache *id)
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_kcm_call(krb5_context context,
krb5_storage *request,
krb5_storage **response_p,
diff --git a/source4/heimdal/lib/krb5/keyblock.c b/source4/heimdal/lib/krb5/keyblock.c
index 2d57e301d5..f34a5c4f90 100644
--- a/source4/heimdal/lib/krb5/keyblock.c
+++ b/source4/heimdal/lib/krb5/keyblock.c
@@ -155,7 +155,7 @@ krb5_copy_keyblock (krb5_context context,
* @ingroup krb5_crypto
*/
-krb5_enctype
+KRB5_LIB_FUNCTION krb5_enctype KRB5_LIB_CALL
krb5_keyblock_get_enctype(const krb5_keyblock *block)
{
return block->keytype;
diff --git a/source4/heimdal/lib/krb5/krb5.h b/source4/heimdal/lib/krb5/krb5.h
index 8f4210e19b..dd579f973b 100644
--- a/source4/heimdal/lib/krb5/krb5.h
+++ b/source4/heimdal/lib/krb5/krb5.h
@@ -80,7 +80,7 @@ typedef int krb5_boolean;
typedef int32_t krb5_error_code;
-typedef int krb5_kvno;
+typedef int32_t krb5_kvno;
typedef uint32_t krb5_flags;
@@ -847,6 +847,8 @@ typedef krb5_error_code
*
*/
+struct hx509_certs_data;
+
#include <krb5-protos.h>
/* variables */
diff --git a/source4/heimdal/lib/krb5/krb5_locl.h b/source4/heimdal/lib/krb5/krb5_locl.h
index d8d038e7bb..bdd725e9ea 100644
--- a/source4/heimdal/lib/krb5/krb5_locl.h
+++ b/source4/heimdal/lib/krb5/krb5_locl.h
@@ -188,6 +188,10 @@ struct _krb5_krb_auth_data;
#define ALLOC(X, N) (X) = calloc((N), sizeof(*(X)))
#define ALLOC_SEQ(X, N) do { (X)->len = (N); ALLOC((X)->val, (N)); } while(0)
+#ifndef PATH_SEP
+#define PATH_SEP ":"
+#endif
+
/* should this be public? */
#define KEYTAB_DEFAULT "FILE:" SYSCONFDIR "/krb5.keytab"
#define KEYTAB_DEFAULT_MODIFY "FILE:" SYSCONFDIR "/krb5.keytab"
@@ -208,7 +212,7 @@ struct _krb5_krb_auth_data;
#endif
-#define KRB5_BUFSIZ 1024
+#define KRB5_BUFSIZ 2048
typedef enum {
KRB5_INIT_CREDS_TRISTATE_UNSET = 0,
diff --git a/source4/heimdal/lib/krb5/misc.c b/source4/heimdal/lib/krb5/misc.c
index 733d20f174..f90624cfca 100644
--- a/source4/heimdal/lib/krb5/misc.c
+++ b/source4/heimdal/lib/krb5/misc.c
@@ -84,7 +84,7 @@ out:
}
krb5_error_code
-_krb5_enomem(krb5_context context)
+krb5_enomem(krb5_context context)
{
krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
return ENOMEM;
diff --git a/source4/heimdal/lib/krb5/pac.c b/source4/heimdal/lib/krb5/pac.c
index d50052c8bc..db2428f95b 100644
--- a/source4/heimdal/lib/krb5/pac.c
+++ b/source4/heimdal/lib/krb5/pac.c
@@ -116,7 +116,7 @@ HMAC_MD5_any_checksum(krb5_context context,
*
*/
-krb5_error_code
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_pac_parse(krb5_context context, const void *ptr, size_t len,
krb5_pac *pac)
{
@@ -127,13 +127,13 @@ krb5_pac_parse(krb5_context context, const void *ptr, size_t len,
p = calloc(1, sizeof(*p));
if (p == NULL) {
- ret = _krb5_enomem(context);
+ ret = krb5_enomem(context);
goto out;
}
sp = krb5_storage_from_readonly_mem(ptr, len);
if (sp == NULL) {
- ret = _krb5_enomem(context);
+ ret = krb5_enomem(context);
goto out;
}
krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
@@ -156,7 +156,7 @@ krb5_pac_parse(krb5_context context, const void *ptr, size_t len,
p->pac = calloc(1,
sizeof(*p->pac) + (sizeof(p->pac->buffers[0]) * (tmp - 1)));
if (p->pac == NULL) {
- ret = _krb5_enomem(context);
+ ret = krb5_enomem(context);
goto out;
}
@@ -258,7 +258,7 @@ out:
return ret;
}
-krb5_error_code
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_pac_init(krb5_context context, krb5_pac *pac)
{
krb5_error_code ret;
@@ -266,27 +266,27 @@ krb5_pac_init(krb5_context context, krb5_pac *pac)
p = calloc(1, sizeof(*p));
if (p == NULL) {
- return _krb5_enomem(context);
+ return krb5_enomem(context);
}
p->pac = calloc(1, sizeof(*p->pac));
if (p->pac == NULL) {
free(p);
- return _krb5_enomem(context);
+ return krb5_enomem(context);
}
ret = krb5_data_alloc(&p->data, PACTYPE_SIZE);
if (ret) {
free (p->pac);
free(p);
- return _krb5_enomem(context);
+ return krb5_enomem(context);
}
*pac = p;
return 0;
}
-krb5_error_code
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_pac_add_buffer(krb5_context context, krb5_pac p,
uint32_t type, const krb5_data *data)
{
@@ -300,7 +300,7 @@ krb5_pac_add_buffer(krb5_context context, krb5_pac p,
ptr = realloc(p->pac,
sizeof(*p->pac) + (sizeof(p->pac->buffers[0]) * len));
if (ptr == NULL)
- return _krb5_enomem(context);
+ return krb5_enomem(context);
p->pac = ptr;
@@ -367,7 +367,7 @@ krb5_pac_add_buffer(krb5_context context, krb5_pac p,
* @ingroup krb5_pac
*/
-krb5_error_code
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_pac_get_buffer(krb5_context context, krb5_pac p,
uint32_t type, krb5_data *data)
{
@@ -397,7 +397,7 @@ krb5_pac_get_buffer(krb5_context context, krb5_pac p,
*
*/
-krb5_error_code
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_pac_get_types(krb5_context context,
krb5_pac p,
size_t *len,
@@ -408,7 +408,7 @@ krb5_pac_get_types(krb5_context context,
*types = calloc(p->pac->numbuffers, sizeof(*types));
if (*types == NULL) {
*len = 0;
- return _krb5_enomem(context);
+ return krb5_enomem(context);
}
for (i = 0; i < p->pac->numbuffers; i++)
(*types)[i] = p->pac->buffers[i].type;
@@ -421,7 +421,7 @@ krb5_pac_get_types(krb5_context context,
*
*/
-void
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_pac_free(krb5_context context, krb5_pac pac)
{
krb5_data_free(&pac->data);
@@ -450,7 +450,7 @@ verify_checksum(krb5_context context,
sp = krb5_storage_from_mem((char *)data->data + sig->offset_lo,
sig->buffersize);
if (sp == NULL)
- return _krb5_enomem(context);
+ return krb5_enomem(context);
krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
@@ -460,7 +460,7 @@ verify_checksum(krb5_context context,
sig->buffersize - krb5_storage_seek(sp, 0, SEEK_CUR);
cksum.checksum.data = malloc(cksum.checksum.length);
if (cksum.checksum.data == NULL) {
- ret = _krb5_enomem(context);
+ ret = krb5_enomem(context);
goto out;
}
ret = krb5_storage_read(sp, cksum.checksum.data, cksum.checksum.length);
@@ -604,7 +604,7 @@ verify_logonname(krb5_context context,
sp = krb5_storage_from_readonly_mem((const char *)data->data + logon_name->offset_lo,
logon_name->buffersize);
if (sp == NULL)
- return _krb5_enomem(context);
+ return krb5_enomem(context);
krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
@@ -631,7 +631,7 @@ verify_logonname(krb5_context context,
s = malloc(len);
if (s == NULL) {
krb5_storage_free(sp);
- return _krb5_enomem(context);
+ return krb5_enomem(context);
}
ret = krb5_storage_read(sp, s, len);
if (ret != len) {
@@ -648,7 +648,7 @@ verify_logonname(krb5_context context,
ucs2 = malloc(sizeof(ucs2[0]) * ucs2len);
if (ucs2 == NULL)
- return _krb5_enomem(context);
+ return krb5_enomem(context);
ret = wind_ucs2read(s, len, &flags, ucs2, &ucs2len);
free(s);
@@ -667,7 +667,7 @@ verify_logonname(krb5_context context,
s = malloc(u8len);
if (s == NULL) {
free(ucs2);
- return _krb5_enomem(context);
+ return krb5_enomem(context);
}
ret = wind_ucs2utf8(ucs2, ucs2len, s, &u8len);
free(ucs2);
@@ -714,7 +714,7 @@ build_logon_name(krb5_context context,
sp = krb5_storage_emem();
if (sp == NULL)
- return _krb5_enomem(context);
+ return krb5_enomem(context);
krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
@@ -733,7 +733,7 @@ build_logon_name(krb5_context context,
#if 1 /* cheat for now */
s2 = malloc(len * 2);
if (s2 == NULL) {
- ret = _krb5_enomem(context);
+ ret = krb5_enomem(context);
free(s);
goto out;
}
@@ -749,7 +749,7 @@ build_logon_name(krb5_context context,
ret = krb5_storage_write(sp, s2, len * 2);
free(s2);
if (ret != len * 2) {
- ret = _krb5_enomem(context);
+ ret = krb5_enomem(context);
goto out;
}
ret = krb5_storage_to_data(sp, logon);
@@ -780,7 +780,7 @@ out:
* @ingroup krb5_pac
*/
-krb5_error_code
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_pac_verify(krb5_context context,
const krb5_pac pac,
time_t authtime,
@@ -877,7 +877,7 @@ fill_zeros(krb5_context context, krb5_storage *sp, size_t len)
l = sizeof(zeros);
sret = krb5_storage_write(sp, zeros, l);
if (sret <= 0)
- return _krb5_enomem(context);
+ return krb5_enomem(context);
len -= sret;
}
@@ -949,7 +949,7 @@ _krb5_pac_sign(krb5_context context,
ptr = realloc(p->pac, sizeof(*p->pac) + (sizeof(p->pac->buffers[0]) * (p->pac->numbuffers + num - 1)));
if (ptr == NULL)
- return _krb5_enomem(context);
+ return krb5_enomem(context);
p->pac = ptr;
@@ -986,14 +986,14 @@ _krb5_pac_sign(krb5_context context,
/* Encode PAC */
sp = krb5_storage_emem();
if (sp == NULL)
- return _krb5_enomem(context);
+ return krb5_enomem(context);
krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
spdata = krb5_storage_emem();
if (spdata == NULL) {
krb5_storage_free(sp);
- return _krb5_enomem(context);
+ return krb5_enomem(context);
}
krb5_storage_set_flags(spdata, KRB5_STORAGE_BYTEORDER_LE);
@@ -1031,7 +1031,7 @@ _krb5_pac_sign(krb5_context context,
sret = krb5_storage_write(spdata, ptr, len);
if (sret != len) {
- ret = _krb5_enomem(context);
+ ret = krb5_enomem(context);
goto out;
}
/* XXX if not aligned, fill_zeros */
@@ -1068,14 +1068,14 @@ _krb5_pac_sign(krb5_context context,
ret = krb5_storage_write(sp, d.data, d.length);
if (ret != d.length) {
krb5_data_free(&d);
- ret = _krb5_enomem(context);
+ ret = krb5_enomem(context);
goto out;
}
krb5_data_free(&d);
ret = krb5_storage_to_data(sp, &d);
if (ret) {
- ret = _krb5_enomem(context);
+ ret = krb5_enomem(context);
goto out;
}
diff --git a/source4/heimdal/lib/krb5/padata.c b/source4/heimdal/lib/krb5/padata.c
index 283a857df5..98420a7332 100644
--- a/source4/heimdal/lib/krb5/padata.c
+++ b/source4/heimdal/lib/krb5/padata.c
@@ -33,7 +33,7 @@
#include "krb5_locl.h"
-PA_DATA *
+KRB5_LIB_FUNCTION PA_DATA * KRB5_LIB_CALL
krb5_find_padata(PA_DATA *val, unsigned len, int type, int *idx)
{
for(; *idx < len; (*idx)++)
diff --git a/source4/heimdal/lib/krb5/pcache.c b/source4/heimdal/lib/krb5/pcache.c
index e7f7a61ec4..23d5389a60 100644
--- a/source4/heimdal/lib/krb5/pcache.c
+++ b/source4/heimdal/lib/krb5/pcache.c
@@ -54,7 +54,7 @@ _krb5_load_ccache_plugins(krb5_context context)
ccops = _krb5_plugin_get_symbol(p);
if (ccops != NULL && ccops->version == KRB5_CC_OPS_VERSION) {
- c_load = krb5_cc_register(context, ccops, FALSE);
+ c_load = krb5_cc_register(context, ccops, TRUE);
if (c_load != 0)
code = c_load;
}
diff --git a/source4/heimdal/lib/krb5/pkinit.c b/source4/heimdal/lib/krb5/pkinit.c
index 92c1200f06..1bf922baf6 100644
--- a/source4/heimdal/lib/krb5/pkinit.c
+++ b/source4/heimdal/lib/krb5/pkinit.c
@@ -2455,9 +2455,9 @@ krb5_get_init_creds_opt_set_pkinit(krb5_context context,
}
krb5_error_code KRB5_LIB_FUNCTION
-_krb5_get_init_creds_opt_set_pkinit_user_certs(krb5_context context,
- krb5_get_init_creds_opt *opt,
- struct hx509_certs_data *certs)
+krb5_get_init_creds_opt_set_pkinit_user_certs(krb5_context context,
+ krb5_get_init_creds_opt *opt,
+ struct hx509_certs_data *certs)
{
#ifdef PKINIT
if (opt->opt_private == NULL) {
@@ -2529,11 +2529,11 @@ find_ms_san(hx509_context context, hx509_cert cert, void *ctx)
*/
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
-_krb5_pk_enterprise_cert(krb5_context context,
- const char *user_id,
- krb5_const_realm realm,
- krb5_principal *principal,
- struct hx509_certs_data **res)
+krb5_pk_enterprise_cert(krb5_context context,
+ const char *user_id,
+ krb5_const_realm realm,
+ krb5_principal *principal,
+ struct hx509_certs_data **res)
{
#ifdef PKINIT
krb5_error_code ret;
diff --git a/source4/heimdal/lib/krb5/plugin.c b/source4/heimdal/lib/krb5/plugin.c
index 89be46c1ae..8aff72ec85 100644
--- a/source4/heimdal/lib/krb5/plugin.c
+++ b/source4/heimdal/lib/krb5/plugin.c
@@ -135,7 +135,7 @@ loadlib(krb5_context context, char *path)
* @ingroup krb5_support
*/
-krb5_error_code
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_plugin_register(krb5_context context,
enum krb5_plugin_type type,
const char *name,
@@ -179,6 +179,43 @@ krb5_plugin_register(krb5_context context,
return 0;
}
+static int
+is_valid_plugin_filename(const char * n)
+{
+ if (n[0] == '.' && (n[1] == '\0' || (n[1] == '.' && n[2] == '\0')))
+ return 0;
+
+#ifdef _WIN32
+ /* On Windows, we only attempt to load .dll files as plug-ins. */
+ {
+ const char * ext;
+
+ ext = strrchr(n, '.');
+ if (ext == NULL)
+ return 0;
+
+ return !stricmp(ext, ".dll");
+ }
+#endif
+
+ return 1;
+}
+
+static void
+trim_trailing_slash(char * path)
+{
+ size_t l;
+
+ l = strlen(path);
+ while (l > 0 && (path[l - 1] == '/'
+#ifdef BACKSLASH_PATH_DELIM
+ || path[l - 1] == '\\'
+#endif
+ )) {
+ path[--l] = '\0';
+ }
+}
+
static krb5_error_code
load_plugins(krb5_context context)
{
@@ -201,28 +238,27 @@ load_plugins(krb5_context context)
dirs = rk_UNCONST(sysplugin_dirs);
for (di = dirs; *di != NULL; di++) {
+ char * dir = *di;
+
#ifdef KRB5_USE_PATH_TOKENS
- {
- char * dir = NULL;
+ if (_krb5_expand_path_tokens(context, *di, &dir))
+ goto next_dir;
+#endif
- if (_krb5_expand_path_tokens(context, *di, &dir))
- continue;
- d = opendir(dir);
+ trim_trailing_slash(dir);
+
+ d = opendir(dir);
- free(dir);
- }
-#else
- d = opendir(*di);
-#endif
if (d == NULL)
- continue;
+ goto next_dir;
+
rk_cloexec_dir(d);
while ((entry = readdir(d)) != NULL) {
char *n = entry->d_name;
/* skip . and .. */
- if (n[0] == '.' && (n[1] == '\0' || (n[1] == '.' && n[2] == '\0')))
+ if (!is_valid_plugin_filename(n))
continue;
path = NULL;
@@ -231,11 +267,11 @@ load_plugins(krb5_context context)
{ /* support loading bundles on MacOS */
size_t len = strlen(n);
if (len > 7 && strcmp(&n[len - 7], ".bundle") == 0)
- ret = asprintf(&path, "%s/%s/Contents/MacOS/%.*s", *di, n, (int)(len - 7), n);
+ ret = asprintf(&path, "%s/%s/Contents/MacOS/%.*s", dir, n, (int)(len - 7), n);
}
#endif
if (ret < 0 || path == NULL)
- ret = asprintf(&path, "%s/%s", *di, n);
+ ret = asprintf(&path, "%s/%s", dir, n);
if (ret < 0 || path == NULL) {
ret = ENOMEM;
@@ -254,6 +290,10 @@ load_plugins(krb5_context context)
}
}
closedir(d);
+
+ next_dir:
+ if (dir != *di)
+ free(dir);
}
if (dirs != rk_UNCONST(sysplugin_dirs))
krb5_config_free_strings(dirs);
diff --git a/source4/heimdal/lib/krb5/principal.c b/source4/heimdal/lib/krb5/principal.c
index 8e6341fd62..42169fc2f9 100644
--- a/source4/heimdal/lib/krb5/principal.c
+++ b/source4/heimdal/lib/krb5/principal.c
@@ -721,7 +721,7 @@ krb5_build_principal(krb5_context context,
* @ingroup krb5_principal
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_make_principal(krb5_context context,
krb5_principal *principal,
krb5_const_realm realm,
@@ -1013,437 +1013,6 @@ krb5_principal_match(krb5_context context,
return TRUE;
}
-#if defined(KRB4) || !defined(HEIMDAL_SMALLER)
-
-static struct v4_name_convert {
- const char *from;
- const char *to;
-} default_v4_name_convert[] = {
- { "ftp", "ftp" },
- { "hprop", "hprop" },
- { "pop", "pop" },
- { "imap", "imap" },
- { "rcmd", "host" },
- { "smtp", "smtp" },
- { NULL, NULL }
-};
-
-#endif
-
-#ifdef KRB4
-
-/*
- * return the converted instance name of `name' in `realm'.
- * look in the configuration file and then in the default set above.
- * return NULL if no conversion is appropriate.
- */
-
-static const char*
-get_name_conversion(krb5_context context, const char *realm, const char *name)
-{
- struct v4_name_convert *q;
- const char *p;
-
- p = krb5_config_get_string(context, NULL, "realms", realm,
- "v4_name_convert", "host", name, NULL);
- if(p == NULL)
- p = krb5_config_get_string(context, NULL, "libdefaults",
- "v4_name_convert", "host", name, NULL);
- if(p)
- return p;
-
- /* XXX should be possible to override default list */
- p = krb5_config_get_string(context, NULL,
- "realms",
- realm,
- "v4_name_convert",
- "plain",
- name,
- NULL);
- if(p)
- return NULL;
- p = krb5_config_get_string(context, NULL,
- "libdefaults",
- "v4_name_convert",
- "plain",
- name,
- NULL);
- if(p)
- return NULL;
- for(q = default_v4_name_convert; q->from; q++)
- if(strcmp(q->from, name) == 0)
- return q->to;
- return NULL;
-}
-
-/*
- * convert the v4 principal `name.instance@realm' to a v5 principal in `princ'.
- * if `resolve', use DNS.
- * if `func', use that function for validating the conversion
- */
-
-KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
-krb5_425_conv_principal_ext2(krb5_context context,
- const char *name,
- const char *instance,
- const char *realm,
- krb5_boolean (*func)(krb5_context,
- void *, krb5_principal),
- void *funcctx,
- krb5_boolean resolve,
- krb5_principal *princ)
-{
- const char *p;
- krb5_error_code ret;
- krb5_principal pr;
- char host[MAXHOSTNAMELEN];
- char local_hostname[MAXHOSTNAMELEN];
-
- /* do the following: if the name is found in the
- `v4_name_convert:host' part, is assumed to be a `host' type
- principal, and the instance is looked up in the
- `v4_instance_convert' part. if not found there the name is
- (optionally) looked up as a hostname, and if that doesn't yield
- anything, the `default_domain' is appended to the instance
- */
-
- if(instance == NULL)
- goto no_host;
- if(instance[0] == 0){
- instance = NULL;
- goto no_host;
- }
- p = get_name_conversion(context, realm, name);
- if(p == NULL)
- goto no_host;
- name = p;
- p = krb5_config_get_string(context, NULL, "realms", realm,
- "v4_instance_convert", instance, NULL);
- if(p){
- instance = p;
- ret = krb5_make_principal(context, &pr, realm, name, instance, NULL);
- if (ret)
- return ret;
- if(func == NULL || (*func)(context, funcctx, pr)){
- *princ = pr;
- return 0;
- }
- krb5_free_principal(context, pr);
- *princ = NULL;
- krb5_clear_error_message (context);
- return HEIM_ERR_V4_PRINC_NO_CONV;
- }
- if(resolve){
- krb5_boolean passed = FALSE;
- char *inst = NULL;
-#ifdef USE_RESOLVER
- struct rk_dns_reply *r;
-
- r = rk_dns_lookup(instance, "aaaa");
- if (r) {
- if (r->head && r->head->type == rk_ns_t_aaaa) {
- inst = strdup(r->head->domain);
- passed = TRUE;
- }
- rk_dns_free_data(r);
- } else {
- r = rk_dns_lookup(instance, "a");
- if (r) {
- if(r->head && r->head->type == rk_ns_t_a) {
- inst = strdup(r->head->domain);
- passed = TRUE;
- }
- rk_dns_free_data(r);
- }
- }
-#else
- struct addrinfo hints, *ai;
-
- memset (&hints, 0, sizeof(hints));
- hints.ai_flags = AI_CANONNAME;
- ret = getaddrinfo(instance, NULL, &hints, &ai);
- if (ret == 0) {
- const struct addrinfo *a;
- for (a = ai; a != NULL; a = a->ai_next) {
- if (a->ai_canonname != NULL) {
- inst = strdup (a->ai_canonname);
- passed = TRUE;
- break;
- }
- }
- freeaddrinfo (ai);
- }
-#endif
- if (passed) {
- if (inst == NULL) {
- krb5_set_error_message(context, ENOMEM,
- N_("malloc: out of memory", ""));
- return ENOMEM;
- }
- strlwr(inst);
- ret = krb5_make_principal(context, &pr, realm, name, inst,
- NULL);
- free (inst);
- if(ret == 0) {
- if(func == NULL || (*func)(context, funcctx, pr)){
- *princ = pr;
- return 0;
- }
- krb5_free_principal(context, pr);
- }
- }
- }
- if(func != NULL) {
- snprintf(host, sizeof(host), "%s.%s", instance, realm);
- strlwr(host);
- ret = krb5_make_principal(context, &pr, realm, name, host, NULL);
- if (ret)
- return ret;
- if((*func)(context, funcctx, pr)){
- *princ = pr;
- return 0;
- }
- krb5_free_principal(context, pr);
- }
-
- /*
- * if the instance is the first component of the local hostname,
- * the converted host should be the long hostname.
- */
-
- if (func == NULL &&
- gethostname (local_hostname, sizeof(local_hostname)) == 0 &&
- strncmp(instance, local_hostname, strlen(instance)) == 0 &&
- local_hostname[strlen(instance)] == '.') {
- strlcpy(host, local_hostname, sizeof(host));
- goto local_host;
- }
-
- {
- char **domains, **d;
- domains = krb5_config_get_strings(context, NULL, "realms", realm,
- "v4_domains", NULL);
- for(d = domains; d && *d; d++){
- snprintf(host, sizeof(host), "%s.%s", instance, *d);
- ret = krb5_make_principal(context, &pr, realm, name, host, NULL);
- if (ret) {
- krb5_config_free_strings(domains);
- return ret;
- }
- if(func == NULL || (*func)(context, funcctx, pr)){
- *princ = pr;
- krb5_config_free_strings(domains);
- return 0;
- }
- krb5_free_principal(context, pr);
- }
- krb5_config_free_strings(domains);
- }
-
-
- p = krb5_config_get_string(context, NULL, "realms", realm,
- "default_domain", NULL);
- if(p == NULL){
- /* this should be an error, just faking a name is not good */
- krb5_clear_error_message (context);
- return HEIM_ERR_V4_PRINC_NO_CONV;
- }
-
- if (*p == '.')
- ++p;
- snprintf(host, sizeof(host), "%s.%s", instance, p);
-local_host:
- ret = krb5_make_principal(context, &pr, realm, name, host, NULL);
- if (ret)
- return ret;
- if(func == NULL || (*func)(context, funcctx, pr)){
- *princ = pr;
- return 0;
- }
- krb5_free_principal(context, pr);
- krb5_clear_error_message (context);
- return HEIM_ERR_V4_PRINC_NO_CONV;
-no_host:
- p = krb5_config_get_string(context, NULL,
- "realms",
- realm,
- "v4_name_convert",
- "plain",
- name,
- NULL);
- if(p == NULL)
- p = krb5_config_get_string(context, NULL,
- "libdefaults",
- "v4_name_convert",
- "plain",
- name,
- NULL);
- if(p)
- name = p;
-
- ret = krb5_make_principal(context, &pr, realm, name, instance, NULL);
- if (ret)
- return ret;
- if(func == NULL || (*func)(context, funcctx, pr)){
- *princ = pr;
- return 0;
- }
- krb5_free_principal(context, pr);
- krb5_clear_error_message (context);
- return HEIM_ERR_V4_PRINC_NO_CONV;
-}
-
-#endif /* KRB4 */
-
-#ifndef HEIMDAL_SMALLER
-
-static int
-check_list(const krb5_config_binding *l, const char *name, const char **out)
-{
- while(l){
- if (l->type != krb5_config_string)
- continue;
- if(strcmp(name, l->u.string) == 0) {
- *out = l->name;
- return 1;
- }
- l = l->next;
- }
- return 0;
-}
-
-static int
-name_convert(krb5_context context, const char *name, const char *realm,
- const char **out)
-{
- const krb5_config_binding *l;
- l = krb5_config_get_list (context,
- NULL,
- "realms",
- realm,
- "v4_name_convert",
- "host",
- NULL);
- if(l && check_list(l, name, out))
- return KRB5_NT_SRV_HST;
- l = krb5_config_get_list (context,
- NULL,
- "libdefaults",
- "v4_name_convert",
- "host",
- NULL);
- if(l && check_list(l, name, out))
- return KRB5_NT_SRV_HST;
- l = krb5_config_get_list (context,
- NULL,
- "realms",
- realm,
- "v4_name_convert",
- "plain",
- NULL);
- if(l && check_list(l, name, out))
- return KRB5_NT_UNKNOWN;
- l = krb5_config_get_list (context,
- NULL,
- "libdefaults",
- "v4_name_convert",
- "host",
- NULL);
- if(l && check_list(l, name, out))
- return KRB5_NT_UNKNOWN;
-
- /* didn't find it in config file, try built-in list */
-#ifdef KRB4
- {
- struct v4_name_convert *q;
- for(q = default_v4_name_convert; q->from; q++) {
- if(strcmp(name, q->to) == 0) {
- *out = q->from;
- return KRB5_NT_SRV_HST;
- }
- }
- }
-#endif
- return -1;
-}
-
-/*
- * convert the v5 principal in `principal' into a v4 corresponding one
- * in `name, instance, realm'
- * this is limited interface since there's no length given for these
- * three parameters. They have to be 40 bytes each (ANAME_SZ).
- */
-
-KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
-krb5_524_conv_principal(krb5_context context,
- const krb5_principal principal,
- char *name,
- char *instance,
- char *realm)
-{
- const char *n, *i, *r;
- char tmpinst[40];
- int type = princ_type(principal);
- const int aname_sz = 40;
-
- r = principal->realm;
-
- switch(principal->name.name_string.len){
- case 1:
- n = principal->name.name_string.val[0];
- i = "";
- break;
- case 2:
- n = principal->name.name_string.val[0];
- i = principal->name.name_string.val[1];
- break;
- default:
- krb5_set_error_message(context, KRB5_PARSE_MALFORMED,
- N_("cannot convert a %d "
- "component principal", ""),
- principal->name.name_string.len);
- return KRB5_PARSE_MALFORMED;
- }
-
- {
- const char *tmp;
- int t = name_convert(context, n, r, &tmp);
- if(t >= 0) {
- type = t;
- n = tmp;
- }
- }
-
- if(type == KRB5_NT_SRV_HST){
- char *p;
-
- strlcpy (tmpinst, i, sizeof(tmpinst));
- p = strchr(tmpinst, '.');
- if(p)
- *p = 0;
- i = tmpinst;
- }
-
- if (strlcpy (name, n, aname_sz) >= aname_sz) {
- krb5_set_error_message(context, KRB5_PARSE_MALFORMED,
- N_("too long name component to convert", ""));
- return KRB5_PARSE_MALFORMED;
- }
- if (strlcpy (instance, i, aname_sz) >= aname_sz) {
- krb5_set_error_message(context, KRB5_PARSE_MALFORMED,
- N_("too long instance component to convert", ""));
- return KRB5_PARSE_MALFORMED;
- }
- if (strlcpy (realm, r, aname_sz) >= aname_sz) {
- krb5_set_error_message(context, KRB5_PARSE_MALFORMED,
- N_("too long realm component to convert", ""));
- return KRB5_PARSE_MALFORMED;
- }
- return 0;
-}
-
-#endif /* !HEIMDAL_SMALLER */
-
/**
* Create a principal for the service running on hostname. If
* KRB5_NT_SRV_HST is used, the hostname is canonization using DNS (or
@@ -1536,7 +1105,7 @@ static const struct {
* @ingroup krb5_principal
*/
-krb5_error_code
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_parse_nametype(krb5_context context, const char *str, int32_t *nametype)
{
size_t i;
@@ -1558,7 +1127,7 @@ krb5_parse_nametype(krb5_context context, const char *str, int32_t *nametype)
* @ingroup krb5_principal
*/
-krb5_boolean
+KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_principal_is_krbtgt(krb5_context context, krb5_const_principal p)
{
return p->name.name_string.len == 2 &&
diff --git a/source4/heimdal/lib/krb5/ticket.c b/source4/heimdal/lib/krb5/ticket.c
index 45c97284bf..d816242f09 100644
--- a/source4/heimdal/lib/krb5/ticket.c
+++ b/source4/heimdal/lib/krb5/ticket.c
@@ -177,7 +177,7 @@ krb5_ticket_get_endtime(krb5_context context,
*
* @ingroup krb5_ticket
*/
-unsigned long
+KRB5_LIB_FUNCTION unsigned long KRB5_LIB_CALL
krb5_ticket_get_flags(krb5_context context,
const krb5_ticket *ticket)
{
diff --git a/source4/heimdal/lib/krb5/v4_glue.c b/source4/heimdal/lib/krb5/v4_glue.c
deleted file mode 100644
index d47a1288ed..0000000000
--- a/source4/heimdal/lib/krb5/v4_glue.c
+++ /dev/null
@@ -1,960 +0,0 @@
-/*
- * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "krb5_locl.h"
-
-#include "krb5-v4compat.h"
-
-#ifndef HEIMDAL_SMALLER
-
-/*
- *
- */
-
-#define RCHECK(r,func,label) \
- do { (r) = func ; if (r) goto label; } while(0);
-
-
-/* include this here, to avoid dependencies on libkrb */
-
-static const int _tkt_lifetimes[TKTLIFENUMFIXED] = {
- 38400, 41055, 43894, 46929, 50174, 53643, 57352, 61318,
- 65558, 70091, 74937, 80119, 85658, 91581, 97914, 104684,
- 111922, 119661, 127935, 136781, 146239, 156350, 167161, 178720,
- 191077, 204289, 218415, 233517, 249664, 266926, 285383, 305116,
- 326213, 348769, 372885, 398668, 426234, 455705, 487215, 520904,
- 556921, 595430, 636601, 680618, 727680, 777995, 831789, 889303,
- 950794, 1016537, 1086825, 1161973, 1242318, 1328218, 1420057, 1518247,
- 1623226, 1735464, 1855462, 1983758, 2120925, 2267576, 2424367, 2592000
-};
-
-KRB5_LIB_FUNCTION int KRB5_LIB_CALL
-_krb5_krb_time_to_life(time_t start, time_t end)
-{
- int i;
- time_t life = end - start;
-
- if (life > MAXTKTLIFETIME || life <= 0)
- return 0;
-#if 0
- if (krb_no_long_lifetimes)
- return (life + 5*60 - 1)/(5*60);
-#endif
-
- if (end >= NEVERDATE)
- return TKTLIFENOEXPIRE;
- if (life < _tkt_lifetimes[0])
- return (life + 5*60 - 1)/(5*60);
- for (i=0; i<TKTLIFENUMFIXED; i++)
- if (life <= _tkt_lifetimes[i])
- return i + TKTLIFEMINFIXED;
- return 0;
-
-}
-
-KRB5_LIB_FUNCTION time_t KRB5_LIB_CALL
-_krb5_krb_life_to_time(int start, int life_)
-{
- unsigned char life = (unsigned char) life_;
-
-#if 0
- if (krb_no_long_lifetimes)
- return start + life*5*60;
-#endif
-
- if (life == TKTLIFENOEXPIRE)
- return NEVERDATE;
- if (life < TKTLIFEMINFIXED)
- return start + life*5*60;
- if (life > TKTLIFEMAXFIXED)
- return start + MAXTKTLIFETIME;
- return start + _tkt_lifetimes[life - TKTLIFEMINFIXED];
-}
-
-/*
- * Get the name of the krb4 credentials cache, will use `tkfile' as
- * the name if that is passed in. `cc' must be free()ed by caller,
- */
-
-static krb5_error_code
-get_krb4_cc_name(const char *tkfile, char **cc)
-{
-
- *cc = NULL;
- if(tkfile == NULL) {
- char *path;
- if(!issuid()) {
- path = getenv("KRBTKFILE");
- if (path)
- *cc = strdup(path);
- }
-#ifdef HAVE_GETUID
- if(*cc == NULL)
- if (asprintf(cc, "%s%u", TKT_ROOT, (unsigned)getuid()) < 0 || *cc == NULL)
- return errno;
-#elif defined(KRB5_USE_PATH_TOKENS)
- if(*cc == NULL)
- if (_krb5_expand_path_tokens(NULL, TKT_ROOT "%{uid}", cc))
- return ENOMEM;
-#endif
- } else {
- *cc = strdup(tkfile);
- if (*cc == NULL)
- return ENOMEM;
- }
- return 0;
-}
-
-/*
- * Write a Kerberos 4 ticket file
- */
-
-#define KRB5_TF_LCK_RETRY_COUNT 50
-#define KRB5_TF_LCK_RETRY 1
-
-static krb5_error_code
-write_v4_cc(krb5_context context, const char *tkfile,
- krb5_storage *sp, int append)
-{
- krb5_error_code ret;
- struct stat sb;
- krb5_data data;
- char *path;
- int fd, i;
-
- ret = get_krb4_cc_name(tkfile, &path);
- if (ret) {
- krb5_set_error_message(context, ret,
- N_("Failed getting the krb4 credentials "
- "cache name", ""));
- return ret;
- }
-
- fd = open(path, O_WRONLY|O_CREAT, 0600);
- if (fd < 0) {
- ret = errno;
- krb5_set_error_message(context, ret,
- N_("Failed opening krb4 credential cache "
- "%s: %s", "path, error"),
- path, strerror(ret));
- free(path);
- return ret;
- }
- rk_cloexec(fd);
-
- if (fstat(fd, &sb) != 0 || !S_ISREG(sb.st_mode)) {
- krb5_set_error_message(context, ret,
- N_("krb4 credential cache %s is not a file", ""),
- path);
- free(path);
- close(fd);
- return KRB5_FCC_PERM;
- }
-
- for (i = 0; i < KRB5_TF_LCK_RETRY_COUNT; i++) {
- if (flock(fd, LOCK_EX | LOCK_NB) < 0) {
- sleep(KRB5_TF_LCK_RETRY);
- } else
- break;
- }
- if (i == KRB5_TF_LCK_RETRY_COUNT) {
- krb5_set_error_message(context, KRB5_FCC_PERM,
- N_("Failed to lock credentail cache %s", ""),
- path);
- free(path);
- close(fd);
- return KRB5_FCC_PERM;
- }
-
- if (!append) {
- ret = ftruncate(fd, 0);
- if (ret < 0) {
- flock(fd, LOCK_UN);
- krb5_set_error_message(context, KRB5_FCC_PERM,
- N_("Failed to truncate krb4 cc %s", ""),
- path);
- free(path);
- close(fd);
- return KRB5_FCC_PERM;
- }
- }
- ret = lseek(fd, 0L, SEEK_END);
- if (ret < 0) {
- ret = errno;
- flock(fd, LOCK_UN);
- free(path);
- close(fd);
- return ret;
- }
-
- krb5_storage_to_data(sp, &data);
-
- ret = write(fd, data.data, data.length);
- if (ret != data.length)
- ret = KRB5_CC_IO;
- else
- ret = 0;
-
- krb5_data_free(&data);
-
- flock(fd, LOCK_UN);
- free(path);
- close(fd);
-
- return ret;
-}
-
-/*
- *
- */
-
-KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
-_krb5_krb_tf_setup(krb5_context context,
- struct credentials *v4creds,
- const char *tkfile,
- int append)
-{
- krb5_error_code ret;
- krb5_storage *sp;
-
- sp = krb5_storage_emem();
- if (sp == NULL)
- return ENOMEM;
-
- krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_HOST);
- krb5_storage_set_eof_code(sp, KRB5_CC_IO);
-
- krb5_clear_error_message(context);
-
- if (!append) {
- RCHECK(ret, krb5_store_stringz(sp, v4creds->pname), error);
- RCHECK(ret, krb5_store_stringz(sp, v4creds->pinst), error);
- }
-
- /* cred */
- RCHECK(ret, krb5_store_stringz(sp, v4creds->service), error);
- RCHECK(ret, krb5_store_stringz(sp, v4creds->instance), error);
- RCHECK(ret, krb5_store_stringz(sp, v4creds->realm), error);
- ret = krb5_storage_write(sp, v4creds->session, 8);
- if (ret != 8) {
- ret = KRB5_CC_IO;
- goto error;
- }
- RCHECK(ret, krb5_store_int32(sp, v4creds->lifetime), error);
- RCHECK(ret, krb5_store_int32(sp, v4creds->kvno), error);
- RCHECK(ret, krb5_store_int32(sp, v4creds->ticket_st.length), error);
-
- ret = krb5_storage_write(sp, v4creds->ticket_st.dat,
- v4creds->ticket_st.length);
- if (ret != v4creds->ticket_st.length) {
- ret = KRB5_CC_IO;
- goto error;
- }
- RCHECK(ret, krb5_store_int32(sp, v4creds->issue_date), error);
-
- ret = write_v4_cc(context, tkfile, sp, append);
-
- error:
- krb5_storage_free(sp);
-
- return ret;
-}
-
-/*
- *
- */
-
-KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
-_krb5_krb_dest_tkt(krb5_context context, const char *tkfile)
-{
- krb5_error_code ret;
- char *path;
-
- ret = get_krb4_cc_name(tkfile, &path);
- if (ret) {
- krb5_set_error_message(context, ret,
- N_("Failed getting the krb4 credentials "
- "cache name", ""));
- return ret;
- }
-
- if (unlink(path) < 0) {
- ret = errno;
- krb5_set_error_message(context, ret,
- N_("Failed removing the cache %s "
- "with error %s", "path, error"),
- path, strerror(ret));
- }
- free(path);
-
- return ret;
-}
-
-/*
- *
- */
-
-static krb5_error_code
-decrypt_etext(krb5_context context, const krb5_keyblock *key,
- const krb5_data *cdata, krb5_data *data)
-{
- krb5_error_code ret;
- krb5_crypto crypto;
-
- ret = krb5_crypto_init(context, key, ETYPE_DES_PCBC_NONE, &crypto);
- if (ret)
- return ret;
-
- ret = krb5_decrypt(context, crypto, 0, cdata->data, cdata->length, data);
- krb5_crypto_destroy(context, crypto);
-
- return ret;
-}
-
-
-/*
- *
- */
-
-static const char eightzeros[8] = "\x00\x00\x00\x00\x00\x00\x00\x00";
-
-static krb5_error_code
-storage_to_etext(krb5_context context,
- krb5_storage *sp,
- const krb5_keyblock *key,
- krb5_data *enc_data)
-{
- krb5_error_code ret;
- krb5_crypto crypto;
- krb5_ssize_t size;
- krb5_data data;
-
- /* multiple of eight bytes, don't round up */
-
- size = krb5_storage_seek(sp, 0, SEEK_END);
- if (size < 0)
- return KRB4ET_RD_AP_UNDEC;
- size = ((size+7) & ~7) - size;
-
- ret = krb5_storage_write(sp, eightzeros, size);
- if (ret != size)
- return KRB4ET_RD_AP_UNDEC;
-
- ret = krb5_storage_to_data(sp, &data);
- if (ret)
- return ret;
-
- ret = krb5_crypto_init(context, key, ETYPE_DES_PCBC_NONE, &crypto);
- if (ret) {
- krb5_data_free(&data);
- return ret;
- }
-
- ret = krb5_encrypt(context, crypto, 0, data.data, data.length, enc_data);
-
- krb5_data_free(&data);
- krb5_crypto_destroy(context, crypto);
-
- return ret;
-}
-
-/*
- *
- */
-
-static krb5_error_code
-put_nir(krb5_storage *sp, const char *name,
- const char *instance, const char *realm)
-{
- krb5_error_code ret;
-
- RCHECK(ret, krb5_store_stringz(sp, name), error);
- RCHECK(ret, krb5_store_stringz(sp, instance), error);
- if (realm) {
- RCHECK(ret, krb5_store_stringz(sp, realm), error);
- }
- error:
- return ret;
-}
-
-/*
- *
- */
-
-KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
-_krb5_krb_create_ticket(krb5_context context,
- unsigned char flags,
- const char *pname,
- const char *pinstance,
- const char *prealm,
- int32_t paddress,
- const krb5_keyblock *session,
- int16_t life,
- int32_t life_sec,
- const char *sname,
- const char *sinstance,
- const krb5_keyblock *key,
- krb5_data *enc_data)
-{
- krb5_error_code ret;
- krb5_storage *sp;
-
- krb5_data_zero(enc_data);
-
- sp = krb5_storage_emem();
- if (sp == NULL) {
- krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
- return ENOMEM;
- }
- krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE);
-
- RCHECK(ret, krb5_store_int8(sp, flags), error);
- RCHECK(ret, put_nir(sp, pname, pinstance, prealm), error);
- RCHECK(ret, krb5_store_int32(sp, ntohl(paddress)), error);
-
- /* session key */
- ret = krb5_storage_write(sp,
- session->keyvalue.data,
- session->keyvalue.length);
- if (ret != session->keyvalue.length) {
- ret = KRB4ET_INTK_PROT;
- goto error;
- }
-
- RCHECK(ret, krb5_store_int8(sp, life), error);
- RCHECK(ret, krb5_store_int32(sp, life_sec), error);
- RCHECK(ret, put_nir(sp, sname, sinstance, NULL), error);
-
- ret = storage_to_etext(context, sp, key, enc_data);
-
- error:
- krb5_storage_free(sp);
- if (ret)
- krb5_set_error_message(context, ret,
- N_("Failed to encode kerberos 4 ticket", ""));
-
- return ret;
-}
-
-/*
- *
- */
-
-KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
-_krb5_krb_create_ciph(krb5_context context,
- const krb5_keyblock *session,
- const char *service,
- const char *instance,
- const char *realm,
- uint32_t life,
- unsigned char kvno,
- const krb5_data *ticket,
- uint32_t kdc_time,
- const krb5_keyblock *key,
- krb5_data *enc_data)
-{
- krb5_error_code ret;
- krb5_storage *sp;
-
- krb5_data_zero(enc_data);
-
- sp = krb5_storage_emem();
- if (sp == NULL) {
- krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
- return ENOMEM;
- }
- krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE);
-
- /* session key */
- ret = krb5_storage_write(sp,
- session->keyvalue.data,
- session->keyvalue.length);
- if (ret != session->keyvalue.length) {
- ret = KRB4ET_INTK_PROT;
- goto error;
- }
-
- RCHECK(ret, put_nir(sp, service, instance, realm), error);
- RCHECK(ret, krb5_store_int8(sp, life), error);
- RCHECK(ret, krb5_store_int8(sp, kvno), error);
- RCHECK(ret, krb5_store_int8(sp, ticket->length), error);
- ret = krb5_storage_write(sp, ticket->data, ticket->length);
- if (ret != ticket->length) {
- ret = KRB4ET_INTK_PROT;
- goto error;
- }
- RCHECK(ret, krb5_store_int32(sp, kdc_time), error);
-
- ret = storage_to_etext(context, sp, key, enc_data);
-
- error:
- krb5_storage_free(sp);
- if (ret)
- krb5_set_error_message(context, ret,
- N_("Failed to encode kerberos 4 ticket", ""));
-
- return ret;
-}
-
-/*
- *
- */
-
-KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
-_krb5_krb_create_auth_reply(krb5_context context,
- const char *pname,
- const char *pinst,
- const char *prealm,
- int32_t time_ws,
- int n,
- uint32_t x_date,
- unsigned char kvno,
- const krb5_data *cipher,
- krb5_data *data)
-{
- krb5_error_code ret;
- krb5_storage *sp;
-
- krb5_data_zero(data);
-
- sp = krb5_storage_emem();
- if (sp == NULL) {
- krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
- return ENOMEM;
- }
- krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE);
-
- RCHECK(ret, krb5_store_int8(sp, KRB_PROT_VERSION), error);
- RCHECK(ret, krb5_store_int8(sp, AUTH_MSG_KDC_REPLY), error);
- RCHECK(ret, put_nir(sp, pname, pinst, prealm), error);
- RCHECK(ret, krb5_store_int32(sp, time_ws), error);
- RCHECK(ret, krb5_store_int8(sp, n), error);
- RCHECK(ret, krb5_store_int32(sp, x_date), error);
- RCHECK(ret, krb5_store_int8(sp, kvno), error);
- RCHECK(ret, krb5_store_int16(sp, cipher->length), error);
- ret = krb5_storage_write(sp, cipher->data, cipher->length);
- if (ret != cipher->length) {
- ret = KRB4ET_INTK_PROT;
- goto error;
- }
-
- ret = krb5_storage_to_data(sp, data);
-
- error:
- krb5_storage_free(sp);
- if (ret)
- krb5_set_error_message(context, ret,
- N_("Failed to encode kerberos 4 ticket", ""));
-
- return ret;
-}
-
-/*
- *
- */
-
-KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
-_krb5_krb_cr_err_reply(krb5_context context,
- const char *name,
- const char *inst,
- const char *realm,
- uint32_t time_ws,
- uint32_t e,
- const char *e_string,
- krb5_data *data)
-{
- krb5_error_code ret;
- krb5_storage *sp;
-
- krb5_data_zero(data);
-
- if (name == NULL) name = "";
- if (inst == NULL) inst = "";
- if (realm == NULL) realm = "";
- if (e_string == NULL) e_string = "";
-
- sp = krb5_storage_emem();
- if (sp == NULL) {
- krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
- return ENOMEM;
- }
- krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE);
-
- RCHECK(ret, krb5_store_int8(sp, KRB_PROT_VERSION), error);
- RCHECK(ret, krb5_store_int8(sp, AUTH_MSG_ERR_REPLY), error);
- RCHECK(ret, put_nir(sp, name, inst, realm), error);
- RCHECK(ret, krb5_store_int32(sp, time_ws), error);
- /* If it is a Kerberos 4 error-code, remove the et BASE */
- if (e >= ERROR_TABLE_BASE_krb && e <= ERROR_TABLE_BASE_krb + 255)
- e -= ERROR_TABLE_BASE_krb;
- RCHECK(ret, krb5_store_int32(sp, e), error);
- RCHECK(ret, krb5_store_stringz(sp, e_string), error);
-
- ret = krb5_storage_to_data(sp, data);
-
- error:
- krb5_storage_free(sp);
- if (ret)
- krb5_set_error_message(context, ret, "Failed to encode kerberos 4 error");
-
- return 0;
-}
-
-static krb5_error_code
-get_v4_stringz(krb5_storage *sp, char **str, size_t max_len)
-{
- krb5_error_code ret;
-
- ret = krb5_ret_stringz(sp, str);
- if (ret)
- return ret;
- if (strlen(*str) > max_len) {
- free(*str);
- *str = NULL;
- return KRB4ET_INTK_PROT;
- }
- return 0;
-}
-
-/*
- *
- */
-
-KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
-_krb5_krb_decomp_ticket(krb5_context context,
- const krb5_data *enc_ticket,
- const krb5_keyblock *key,
- const char *local_realm,
- char **sname,
- char **sinstance,
- struct _krb5_krb_auth_data *ad)
-{
- krb5_error_code ret;
- krb5_ssize_t size;
- krb5_storage *sp = NULL;
- krb5_data ticket;
- unsigned char des_key[8];
-
- memset(ad, 0, sizeof(*ad));
- krb5_data_zero(&ticket);
-
- *sname = NULL;
- *sinstance = NULL;
-
- RCHECK(ret, decrypt_etext(context, key, enc_ticket, &ticket), error);
-
- sp = krb5_storage_from_data(&ticket);
- if (sp == NULL) {
- krb5_data_free(&ticket);
- krb5_set_error_message(context, ENOMEM, "alloc: out of memory");
- return ENOMEM;
- }
-
- krb5_storage_set_eof_code(sp, KRB4ET_INTK_PROT);
-
- RCHECK(ret, krb5_ret_int8(sp, &ad->k_flags), error);
- RCHECK(ret, get_v4_stringz(sp, &ad->pname, ANAME_SZ), error);
- RCHECK(ret, get_v4_stringz(sp, &ad->pinst, INST_SZ), error);
- RCHECK(ret, get_v4_stringz(sp, &ad->prealm, REALM_SZ), error);
- RCHECK(ret, krb5_ret_uint32(sp, &ad->address), error);
-
- size = krb5_storage_read(sp, des_key, sizeof(des_key));
- if (size != sizeof(des_key)) {
- ret = KRB4ET_INTK_PROT;
- goto error;
- }
-
- RCHECK(ret, krb5_ret_uint8(sp, &ad->life), error);
-
- if (ad->k_flags & 1)
- krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_LE);
- else
- krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE);
-
- RCHECK(ret, krb5_ret_uint32(sp, &ad->time_sec), error);
-
- RCHECK(ret, get_v4_stringz(sp, sname, ANAME_SZ), error);
- RCHECK(ret, get_v4_stringz(sp, sinstance, INST_SZ), error);
-
- ret = krb5_keyblock_init(context, ETYPE_DES_PCBC_NONE,
- des_key, sizeof(des_key), &ad->session);
- if (ret)
- goto error;
-
- if (strlen(ad->prealm) == 0) {
- free(ad->prealm);
- ad->prealm = strdup(local_realm);
- if (ad->prealm == NULL) {
- ret = ENOMEM;
- goto error;
- }
- }
-
- error:
- memset(des_key, 0, sizeof(des_key));
- if (sp)
- krb5_storage_free(sp);
- krb5_data_free(&ticket);
- if (ret) {
- if (*sname) {
- free(*sname);
- *sname = NULL;
- }
- if (*sinstance) {
- free(*sinstance);
- *sinstance = NULL;
- }
- _krb5_krb_free_auth_data(context, ad);
- krb5_set_error_message(context, ret, "Failed to decode v4 ticket");
- }
- return ret;
-}
-
-/*
- *
- */
-
-KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
-_krb5_krb_rd_req(krb5_context context,
- krb5_data *authent,
- const char *service,
- const char *instance,
- const char *local_realm,
- int32_t from_addr,
- const krb5_keyblock *key,
- struct _krb5_krb_auth_data *ad)
-{
- krb5_error_code ret;
- krb5_storage *sp;
- krb5_data ticket, eaut, aut;
- krb5_ssize_t size;
- int little_endian;
- int8_t pvno;
- int8_t type;
- int8_t s_kvno;
- uint8_t ticket_length;
- uint8_t eaut_length;
- uint8_t time_5ms;
- char *realm = NULL;
- char *sname = NULL;
- char *sinstance = NULL;
- char *r_realm = NULL;
- char *r_name = NULL;
- char *r_instance = NULL;
-
- uint32_t r_time_sec; /* Coarse time from authenticator */
- unsigned long delta_t; /* Time in authenticator - local time */
- long tkt_age; /* Age of ticket */
-
- struct timeval tv;
-
- krb5_data_zero(&ticket);
- krb5_data_zero(&eaut);
- krb5_data_zero(&aut);
-
- sp = krb5_storage_from_data(authent);
- if (sp == NULL) {
- krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
- return ENOMEM;
- }
-
- krb5_storage_set_eof_code(sp, KRB4ET_INTK_PROT);
-
- ret = krb5_ret_int8(sp, &pvno);
- if (ret) {
- krb5_set_error_message(context, ret, N_("Failed reading v4 pvno", ""));
- goto error;
- }
-
- if (pvno != KRB_PROT_VERSION) {
- ret = KRB4ET_RD_AP_VERSION;
- krb5_set_error_message(context, ret, N_("Failed v4 pvno not 4", ""));
- goto error;
- }
-
- ret = krb5_ret_int8(sp, &type);
- if (ret) {
- krb5_set_error_message(context, ret, N_("Failed readin v4 type", ""));
- goto error;
- }
-
- little_endian = type & 1;
- type &= ~1;
-
- if(type != AUTH_MSG_APPL_REQUEST && type != AUTH_MSG_APPL_REQUEST_MUTUAL) {
- ret = KRB4ET_RD_AP_MSG_TYPE;
- krb5_set_error_message(context, ret,
- N_("Not a valid v4 request type", ""));
- goto error;
- }
-
- RCHECK(ret, krb5_ret_int8(sp, &s_kvno), error);
- RCHECK(ret, get_v4_stringz(sp, &realm, REALM_SZ), error);
- RCHECK(ret, krb5_ret_uint8(sp, &ticket_length), error);
- RCHECK(ret, krb5_ret_uint8(sp, &eaut_length), error);
- RCHECK(ret, krb5_data_alloc(&ticket, ticket_length), error);
-
- size = krb5_storage_read(sp, ticket.data, ticket.length);
- if (size != ticket.length) {
- ret = KRB4ET_INTK_PROT;
- krb5_set_error_message(context, ret, N_("Failed reading v4 ticket", ""));
- goto error;
- }
-
- /* Decrypt and take apart ticket */
- ret = _krb5_krb_decomp_ticket(context, &ticket, key, local_realm,
- &sname, &sinstance, ad);
- if (ret)
- goto error;
-
- RCHECK(ret, krb5_data_alloc(&eaut, eaut_length), error);
-
- size = krb5_storage_read(sp, eaut.data, eaut.length);
- if (size != eaut.length) {
- ret = KRB4ET_INTK_PROT;
- krb5_set_error_message(context, ret,
- N_("Failed reading v4 authenticator", ""));
- goto error;
- }
-
- krb5_storage_free(sp);
- sp = NULL;
-
- ret = decrypt_etext(context, &ad->session, &eaut, &aut);
- if (ret)
- goto error;
-
- sp = krb5_storage_from_data(&aut);
- if (sp == NULL) {
- ret = ENOMEM;
- krb5_set_error_message(context, ret, N_("malloc: out of memory", ""));
- goto error;
- }
-
- if (little_endian)
- krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_LE);
- else
- krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE);
-
- RCHECK(ret, get_v4_stringz(sp, &r_name, ANAME_SZ), error);
- RCHECK(ret, get_v4_stringz(sp, &r_instance, INST_SZ), error);
- RCHECK(ret, get_v4_stringz(sp, &r_realm, REALM_SZ), error);
-
- RCHECK(ret, krb5_ret_uint32(sp, &ad->checksum), error);
- RCHECK(ret, krb5_ret_uint8(sp, &time_5ms), error);
- RCHECK(ret, krb5_ret_uint32(sp, &r_time_sec), error);
-
- if (strcmp(ad->pname, r_name) != 0 ||
- strcmp(ad->pinst, r_instance) != 0 ||
- strcmp(ad->prealm, r_realm) != 0) {
- ret = KRB4ET_RD_AP_INCON;
- krb5_set_error_message(context, ret, N_("v4 principal mismatch", ""));
- goto error;
- }
-
- if (from_addr && ad->address && from_addr != ad->address) {
- ret = KRB4ET_RD_AP_BADD;
- krb5_set_error_message(context, ret,
- N_("v4 bad address in ticket", ""));
- goto error;
- }
-
- gettimeofday(&tv, NULL);
- delta_t = abs((int)(tv.tv_sec - r_time_sec));
- if (delta_t > CLOCK_SKEW) {
- ret = KRB4ET_RD_AP_TIME;
- krb5_set_error_message(context, ret, N_("v4 clock skew", ""));
- goto error;
- }
-
- /* Now check for expiration of ticket */
-
- tkt_age = tv.tv_sec - ad->time_sec;
-
- if ((tkt_age < 0) && (-tkt_age > CLOCK_SKEW)) {
- ret = KRB4ET_RD_AP_NYV;
- krb5_set_error_message(context, ret,
- N_("v4 clock skew for expiration", ""));
- goto error;
- }
-
- if (tv.tv_sec > _krb5_krb_life_to_time(ad->time_sec, ad->life)) {
- ret = KRB4ET_RD_AP_EXP;
- krb5_set_error_message(context, ret, N_("v4 ticket expired", ""));
- goto error;
- }
-
- ret = 0;
- error:
- krb5_data_free(&ticket);
- krb5_data_free(&eaut);
- krb5_data_free(&aut);
- if (realm)
- free(realm);
- if (sname)
- free(sname);
- if (sinstance)
- free(sinstance);
- if (r_name)
- free(r_name);
- if (r_instance)
- free(r_instance);
- if (r_realm)
- free(r_realm);
- if (sp)
- krb5_storage_free(sp);
-
- if (ret)
- krb5_clear_error_message(context);
-
- return ret;
-}
-
-/*
- *
- */
-
-KRB5_LIB_FUNCTION void KRB5_LIB_CALL
-_krb5_krb_free_auth_data(krb5_context context, struct _krb5_krb_auth_data *ad)
-{
- if (ad->pname)
- free(ad->pname);
- if (ad->pinst)
- free(ad->pinst);
- if (ad->prealm)
- free(ad->prealm);
- krb5_free_keyblock_contents(context, &ad->session);
- memset(ad, 0, sizeof(*ad));
-}
-
-#endif /* HEIMDAL_SMALLER */
diff --git a/source4/heimdal/lib/krb5/warn.c b/source4/heimdal/lib/krb5/warn.c
index 63994dfca7..f7581d1f90 100644
--- a/source4/heimdal/lib/krb5/warn.c
+++ b/source4/heimdal/lib/krb5/warn.c
@@ -182,6 +182,7 @@ krb5_verr(krb5_context context, int eval, krb5_error_code code,
{
_warnerr(context, 1, code, 0, fmt, ap);
exit(eval);
+ UNREACHABLE(return 0);
}
/**
@@ -203,6 +204,7 @@ krb5_err(krb5_context context, int eval, krb5_error_code code,
{
FUNC(1, code, 0);
exit(eval);
+ UNREACHABLE(return 0);
}
/**
@@ -222,6 +224,7 @@ krb5_verrx(krb5_context context, int eval, const char *fmt, va_list ap)
{
_warnerr(context, 0, 0, 0, fmt, ap);
exit(eval);
+ UNREACHABLE(return 0);
}
/**
@@ -240,6 +243,7 @@ krb5_errx(krb5_context context, int eval, const char *fmt, ...)
{
FUNC(0, 0, 0);
exit(eval);
+ UNREACHABLE(return 0);
}
/**
@@ -261,6 +265,7 @@ krb5_vabort(krb5_context context, krb5_error_code code,
{
_warnerr(context, 1, code, 0, fmt, ap);
abort();
+ UNREACHABLE(return 0);
}
/**
@@ -280,6 +285,7 @@ krb5_abort(krb5_context context, krb5_error_code code, const char *fmt, ...)
{
FUNC(1, code, 0);
abort();
+ UNREACHABLE(return 0);
}
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
@@ -288,6 +294,7 @@ krb5_vabortx(krb5_context context, const char *fmt, va_list ap)
{
_warnerr(context, 0, 0, 0, fmt, ap);
abort();
+ UNREACHABLE(return 0);
}
/**
@@ -306,6 +313,7 @@ krb5_abortx(krb5_context context, const char *fmt, ...)
{
FUNC(0, 0, 0);
abort();
+ UNREACHABLE(return 0);
}
/**
diff --git a/source4/heimdal/lib/ntlm/ntlm.c b/source4/heimdal/lib/ntlm/ntlm.c
index 1cc5c06445..e401319ae0 100644
--- a/source4/heimdal/lib/ntlm/ntlm.c
+++ b/source4/heimdal/lib/ntlm/ntlm.c
@@ -455,7 +455,7 @@ heim_ntlm_decode_targetinfo(const struct ntlm_buf *data,
{
uint16_t type, len;
krb5_storage *in;
- int ret, done = 0;
+ int ret = 0, done = 0;
memset(ti, 0, sizeof(*ti));
@@ -855,23 +855,23 @@ heim_ntlm_decode_type3(const struct ntlm_buf *buf,
CHECK(type, 3);
CHECK(ret_sec_buffer(in, &lm), 0);
if (lm.allocated)
- min_offset = MIN(min_offset, lm.offset);
+ min_offset = min(min_offset, lm.offset);
CHECK(ret_sec_buffer(in, &ntlm), 0);
if (ntlm.allocated)
- min_offset = MIN(min_offset, ntlm.offset);
+ min_offset = min(min_offset, ntlm.offset);
CHECK(ret_sec_buffer(in, &target), 0);
if (target.allocated)
- min_offset = MIN(min_offset, target.offset);
+ min_offset = min(min_offset, target.offset);
CHECK(ret_sec_buffer(in, &username), 0);
if (username.allocated)
- min_offset = MIN(min_offset, username.offset);
+ min_offset = min(min_offset, username.offset);
CHECK(ret_sec_buffer(in, &ws), 0);
if (ws.allocated)
- min_offset = MIN(min_offset, ws.offset);
+ min_offset = min(min_offset, ws.offset);
if (min_offset > 52) {
CHECK(ret_sec_buffer(in, &sessionkey), 0);
- min_offset = MAX(min_offset, sessionkey.offset);
+ min_offset = max(min_offset, sessionkey.offset);
CHECK(krb5_ret_uint32(in, &type3->flags), 0);
}
if (min_offset > 52 + 8 + 4 + 8) {
@@ -1290,8 +1290,7 @@ heim_ntlm_build_ntlm2_master(void *key, size_t len,
/**
* Given a key and encrypted session, unwrap the session key
*
- * @param key the sessionBaseKey
- * @param len length of key
+ * @param baseKey the sessionBaseKey
* @param encryptedSession encrypted session, type3.session field.
* @param session generated session nonce, should be freed with heim_ntlm_free_buf().
*
@@ -1413,7 +1412,6 @@ nt2unixtime(uint64_t t)
* @param username name of the user, as sent in the message, assumed to be in UTF8.
* @param target the name of the target, assumed to be in UTF8.
* @param serverchallenge challenge as sent by the server in the type2 message.
- * @param infotarget infotarget as sent by the server in the type2 message.
* @param ntlmv2 calculated session key
* @param answer ntlm response answer, should be freed with heim_ntlm_free_buf().
*
diff --git a/source4/heimdal/lib/roken/getarg.c b/source4/heimdal/lib/roken/getarg.c
index e7dc74b7bc..a96e5c85bf 100644
--- a/source4/heimdal/lib/roken/getarg.c
+++ b/source4/heimdal/lib/roken/getarg.c
@@ -435,11 +435,7 @@ arg_match_long(struct getargs *args, size_t num_args,
*flag = !negate;
return 0;
} else if (*goptarg && strcmp(goptarg + 1, "maybe") == 0) {
-#ifdef HAVE_RANDOM
- *flag = random() & 1;
-#else
- *flag = rand() & 1;
-#endif
+ *flag = rk_random() & 1;
} else {
*flag = negate;
return 0;
@@ -554,13 +550,7 @@ getarg(struct getargs *args, size_t num_args,
int i;
int ret = 0;
-#if defined(HAVE_SRANDOMDEV)
- srandomdev();
-#elif defined(HAVE_RANDOM)
- srandom(time(NULL));
-#else
- srand ((int) time(NULL));
-#endif
+ rk_random_init();
(*goptind)++;
for(i = *goptind; i < argc; i++) {
if(argv[i][0] != '-')
diff --git a/source4/heimdal/lib/roken/rand.c b/source4/heimdal/lib/roken/rand.c
new file mode 100644
index 0000000000..ef92c2052b
--- /dev/null
+++ b/source4/heimdal/lib/roken/rand.c
@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "roken.h"
+
+void ROKEN_LIB_FUNCTION
+rk_random_init(void)
+{
+#if defined(HAVE_ARC4RANDOM)
+ arc4random_stir();
+#elif defined(HAVE_SRANDOMDEV)
+ srandomdev();
+#elif defined(HAVE_RANDOM)
+ srandom(time(NULL));
+#else
+ srand (time(NULL));
+#endif
+}
diff --git a/source4/heimdal/lib/roken/resolve.c b/source4/heimdal/lib/roken/resolve.c
index 97edda471b..03715e5ffd 100644
--- a/source4/heimdal/lib/roken/resolve.c
+++ b/source4/heimdal/lib/roken/resolve.c
@@ -619,10 +619,6 @@ compare_srv(const void *a, const void *b)
return ((*aa)->u.srv->priority - (*bb)->u.srv->priority);
}
-#ifndef HAVE_RANDOM
-#define random() rand()
-#endif
-
/* try to rearrange the srv-records by the algorithm in RFC2782 */
ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
rk_dns_srv_order(struct rk_dns_reply *r)
@@ -636,6 +632,8 @@ rk_dns_srv_order(struct rk_dns_reply *r)
char *oldstate;
#endif
+ rk_random_init();
+
for(rr = r->head; rr; rr = rr->next)
if(rr->type == rk_ns_t_srv)
num_srv++;
@@ -682,7 +680,7 @@ rk_dns_srv_order(struct rk_dns_reply *r)
/* ss is now the first record of this priority and ee is the
first of the next */
while(ss < ee) {
- rnd = random() % (sum + 1);
+ rnd = rk_random() % (sum + 1);
for(count = 0, tt = ss; ; tt++) {
if(*tt == NULL)
continue;
diff --git a/source4/heimdal/lib/roken/roken-common.h b/source4/heimdal/lib/roken/roken-common.h
index a437d8a346..d9369a3e15 100644
--- a/source4/heimdal/lib/roken/roken-common.h
+++ b/source4/heimdal/lib/roken/roken-common.h
@@ -150,6 +150,11 @@
#endif /* !_WIN32 */
+/* Minimize conflict with WinNT.h */
+#ifdef SLIST_ENTRY
+#undef SLIST_ENTRY
+#endif
+
#ifndef PATH_MAX
#define PATH_MAX MAX_PATH
#endif
@@ -221,6 +226,10 @@
#define AI_NUMERICHOST 0x04
#endif
+#ifndef AI_NUMERICSERV
+#define AI_NUMERICSERV 0x08
+#endif
+
/* flags for getnameinfo() */
#ifndef NI_DGRAM
@@ -486,6 +495,9 @@ rk_cloexec_dir(DIR *);
ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
ct_memcmp(const void *, const void *, size_t);
+void ROKEN_LIB_FUNCTION
+rk_random_init(void);
+
ROKEN_CPP_END
#endif /* __ROKEN_COMMON_H__ */
diff --git a/source4/heimdal/lib/roken/roken.h.in b/source4/heimdal/lib/roken/roken.h.in
index 0c0dd20035..e7cb1598fb 100644
--- a/source4/heimdal/lib/roken/roken.h.in
+++ b/source4/heimdal/lib/roken/roken.h.in
@@ -43,18 +43,26 @@
#ifndef ROKEN_LIB_FUNCTION
#ifdef _WIN32
-#define ROKEN_LIB_FUNCTION
-#define ROKEN_LIB_CALL __cdecl
+# define ROKEN_LIB_CALL __cdecl
+# ifdef ROKEN_LIB_DYNAMIC
+# define ROKEN_LIB_FUNCTION __declspec(dllimport)
+# define ROKEN_LIB_VARIABLE __declspec(dllimport)
+# else
+# define ROKEN_LIB_FUNCTION
+# define ROKEN_LIB_VARIABLE
+# endif
#else
#define ROKEN_LIB_FUNCTION
#define ROKEN_LIB_CALL
+#define ROKEN_LIB_VARIABLE
#endif
#endif
#ifdef HAVE_WINSOCK
/* Declarations for Microsoft Windows */
-#include<ws2tcpip.h>
+#include <winsock2.h>
+#include <ws2tcpip.h>
/*
* error codes for inet_ntop/inet_pton
@@ -241,10 +249,6 @@ struct sockaddr_dl;
#include <time.h>
#endif
-#ifdef HAVE_WS2TCPIP_H
-#include <ws2tcpip.h>
-#endif
-
#ifdef HAVE_PATHS_H
#include <paths.h>
#endif
@@ -536,7 +540,6 @@ int ROKEN_LIB_FUNCTION rk_strerror_r(int, char *, size_t);
#endif
/* This causes a fatal error under Psoriasis */
#ifndef SunOS
-const char * ROKEN_LIB_FUNCTION hstrerror(int);
ROKEN_LIB_FUNCTION const char * ROKEN_LIB_CALL hstrerror(int);
#endif
#endif
@@ -757,14 +760,23 @@ ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL get_window_size(int fd, struct winsize *);
ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL vsyslog(int, const char *, va_list);
#endif
+#ifndef HAVE_GETOPT
+#define getopt rk_getopt
+#define optarg rk_optarg
+#define optind rk_optind
+#define opterr rk_opterr
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
+getopt(int nargc, char * const *nargv, const char *ostr);
+#endif
+
#if !HAVE_DECL_OPTARG
-extern char *optarg;
+ROKEN_LIB_VARIABLE extern char *optarg;
#endif
#if !HAVE_DECL_OPTIND
-extern int optind;
+ROKEN_LIB_VARIABLE extern int optind;
#endif
#if !HAVE_DECL_OPTERR
-extern int opterr;
+ROKEN_LIB_VARIABLE extern int opterr;
#endif
#ifndef HAVE_GETIPNODEBYNAME
@@ -1072,6 +1084,15 @@ void
rk_qsort(void *, size_t, size_t, int (*)(const void *, const void *));
#endif
+#if defined(HAVE_ARC4RANDOM)
+#define rk_random() arc4random()
+#elif defined(HAVE_RANDOM)
+#define rk_random() random()
+#else
+#define rk_random() rand()
+#endif
+
+
#if defined(__linux__) && defined(SOCK_CLOEXEC) && !defined(SOCKET_WRAPPER_REPLACE) && !defined(__SOCKET_WRAPPER_H__)
#undef socket
#define socket(_fam,_type,_prot) rk_socket(_fam,_type,_prot)
diff --git a/source4/heimdal/lib/roken/setprogname.c b/source4/heimdal/lib/roken/setprogname.c
index 115af77b88..88a5f9bb44 100644
--- a/source4/heimdal/lib/roken/setprogname.c
+++ b/source4/heimdal/lib/roken/setprogname.c
@@ -40,19 +40,52 @@ extern const char *__progname;
#endif
#ifndef HAVE_SETPROGNAME
+
ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
setprogname(const char *argv0)
{
+
#ifndef HAVE___PROGNAME
+
const char *p;
if(argv0 == NULL)
return;
p = strrchr(argv0, '/');
+
+#ifdef BACKSLASH_PATH_DELIM
+ {
+ const char * pb;
+
+ pb = strrchr((p != NULL)? p : argv0, '\\');
+ if (pb != NULL)
+ p = pb;
+ }
+#endif
+
if(p == NULL)
p = argv0;
else
p++;
+
+#ifdef _WIN32
+ {
+ char * fn = strdup(p);
+ char * ext;
+
+ strlwr(fn);
+ ext = strrchr(fn, '.');
+ if (ext != NULL && !strcmp(ext, ".exe"))
+ *ext = '\0';
+
+ __progname = fn;
+ }
+#else
+
__progname = p;
+
#endif
+
+#endif /* HAVE___PROGNAME */
}
+
#endif /* HAVE_SETPROGNAME */
diff --git a/source4/heimdal/lib/roken/socket.c b/source4/heimdal/lib/roken/socket.c
index ef594ffd0d..8797f95772 100644
--- a/source4/heimdal/lib/roken/socket.c
+++ b/source4/heimdal/lib/roken/socket.c
@@ -119,8 +119,7 @@ socket_addr_size (const struct sockaddr *sa)
return sizeof(struct in6_addr);
#endif
default :
- errx (1, "unknown address family %d", sa->sa_family);
- UNREACHABLE(return 0);
+ return 0;
}
}
@@ -138,9 +137,8 @@ socket_sockaddr_size (const struct sockaddr *sa)
case AF_INET6 :
return sizeof(struct sockaddr_in6);
#endif
- default :
- errx (1, "unknown address family %d", sa->sa_family);
- UNREACHABLE(return 0);
+ default:
+ return 0;
}
}
@@ -162,9 +160,8 @@ socket_get_address (const struct sockaddr *sa)
return rk_UNCONST(&sin6->sin6_addr);
}
#endif
- default :
- errx (1, "unknown address family %d", sa->sa_family);
- UNREACHABLE(return NULL);
+ default:
+ return NULL;
}
}
@@ -187,8 +184,7 @@ socket_get_port (const struct sockaddr *sa)
}
#endif
default :
- errx (1, "unknown address family %d", sa->sa_family);
- UNREACHABLE(return 0);
+ return 0;
}
}
@@ -227,18 +223,13 @@ socket_set_portrange (rk_socket_t sock, int restr, int af)
#if defined(IP_PORTRANGE)
if (af == AF_INET) {
int on = restr ? IP_PORTRANGE_HIGH : IP_PORTRANGE_DEFAULT;
- if (setsockopt (sock, IPPROTO_IP, IP_PORTRANGE, &on,
- sizeof(on)) < 0)
- warn ("setsockopt IP_PORTRANGE (ignored)");
+ setsockopt (sock, IPPROTO_IP, IP_PORTRANGE, &on, sizeof(on));
}
#endif
#if defined(IPV6_PORTRANGE)
if (af == AF_INET6) {
- int on = restr ? IPV6_PORTRANGE_HIGH :
- IPV6_PORTRANGE_DEFAULT;
- if (setsockopt (sock, IPPROTO_IPV6, IPV6_PORTRANGE, &on,
- sizeof(on)) < 0)
- warn ("setsockopt IPV6_PORTRANGE (ignored)");
+ int on = restr ? IPV6_PORTRANGE_HIGH : IPV6_PORTRANGE_DEFAULT;
+ setsockopt (sock, IPPROTO_IPV6, IPV6_PORTRANGE, &on, sizeof(on));
}
#endif
}
@@ -252,9 +243,7 @@ socket_set_debug (rk_socket_t sock)
{
#if defined(SO_DEBUG) && defined(HAVE_SETSOCKOPT)
int on = 1;
-
- if (setsockopt (sock, SOL_SOCKET, SO_DEBUG, (void *) &on, sizeof (on)) < 0)
- warn ("setsockopt SO_DEBUG (ignored)");
+ setsockopt (sock, SOL_SOCKET, SO_DEBUG, (void *) &on, sizeof (on));
#endif
}
@@ -266,9 +255,7 @@ ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
socket_set_tos (rk_socket_t sock, int tos)
{
#if defined(IP_TOS) && defined(HAVE_SETSOCKOPT)
- if (setsockopt (sock, IPPROTO_IP, IP_TOS, (void *) &tos, sizeof (int)) < 0)
- if (errno != EINVAL)
- warn ("setsockopt TOS (ignored)");
+ setsockopt (sock, IPPROTO_IP, IP_TOS, (void *) &tos, sizeof(int));
#endif
}
@@ -280,9 +267,7 @@ ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
socket_set_reuseaddr (rk_socket_t sock, int val)
{
#if defined(SO_REUSEADDR) && defined(HAVE_SETSOCKOPT)
- if(setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *)&val,
- sizeof(val)) < 0)
- err (1, "setsockopt SO_REUSEADDR");
+ setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *)&val, sizeof(val));
#endif
}
diff --git a/source4/heimdal_build/roken.h b/source4/heimdal_build/roken.h
index 10d085cbd9..b762545535 100644
--- a/source4/heimdal_build/roken.h
+++ b/source4/heimdal_build/roken.h
@@ -4,6 +4,8 @@
#ifndef _ROKEN_H_
#define _ROKEN_H_
+#include "config.h"
+
/* Support 'weak' keys for now, it can't be worse than NTLM and we don't want to hard-code the behaviour at this point */
#define HEIM_WEAK_CRYPTO 1
@@ -23,6 +25,7 @@
#define ROKEN_LIB_FUNCTION
#define ROKEN_LIB_CALL
+#define ROKEN_LIB_VARIABLE
#define GETHOSTBYADDR_PROTO_COMPATIBLE
#define GETSERVBYNAME_PROTO_COMPATIBLE
#define OPENLOG_PROTO_COMPATIBLE
diff --git a/source4/heimdal_build/wscript_build b/source4/heimdal_build/wscript_build
index 421ead4ea4..3e792d3c7e 100644
--- a/source4/heimdal_build/wscript_build
+++ b/source4/heimdal_build/wscript_build
@@ -448,6 +448,7 @@ if not bld.CONFIG_SET('USING_SYSTEM_ROKEN'):
lib/roken/simple_exec.c
lib/roken/strcollect.c
lib/roken/rtbl.c
+ lib/roken/rand.c
lib/roken/cloexec.c
lib/roken/xfree.c
../heimdal_build/replace.c
@@ -492,7 +493,7 @@ if not bld.CONFIG_SET('USING_SYSTEM_ROKEN'):
install=False
)
-KDC_SOURCE='kdc/default_config.c kdc/kerberos5.c kdc/krb5tgs.c kdc/pkinit.c kdc/log.c kdc/misc.c kdc/kaserver.c kdc/digest.c kdc/process.c kdc/windc.c kdc/kx509.c'
+KDC_SOURCE='kdc/default_config.c kdc/kerberos5.c kdc/krb5tgs.c kdc/pkinit.c kdc/log.c kdc/misc.c kdc/digest.c kdc/process.c kdc/windc.c kdc/kx509.c'
HEIMDAL_LIBRARY('kdc', source=KDC_SOURCE,
includes='../heimdal/kdc',
@@ -571,7 +572,8 @@ lib/gssapi/mech/gss_set_sec_context_option.c lib/gssapi/mech/gss_export_name.c l
lib/gssapi/mech/gss_acquire_cred.c lib/gssapi/mech/gss_unseal.c lib/gssapi/mech/gss_verify_mic.c
lib/gssapi/mech/gss_accept_sec_context.c lib/gssapi/mech/gss_inquire_cred_by_mech.c lib/gssapi/mech/gss_indicate_mechs.c
lib/gssapi/mech/gss_delete_sec_context.c lib/gssapi/mech/gss_sign.c lib/gssapi/mech/gss_utils.c
-lib/gssapi/mech/gss_init_sec_context.c lib/gssapi/mech/gss_oid_equal.c lib/gssapi/mech/gss_oid_to_str.c
+lib/gssapi/mech/gss_init_sec_context.c lib/gssapi/mech/gss_oid_equal.c lib/gssapi/mech/gss_oid.c
+lib/gssapi/mech/gss_oid_to_str.c lib/gssapi/mech/gss_mo.c
lib/gssapi/mech/gss_context_time.c lib/gssapi/mech/gss_encapsulate_token.c lib/gssapi/mech/gss_get_mic.c
lib/gssapi/mech/gss_import_sec_context.c lib/gssapi/mech/gss_inquire_cred.c lib/gssapi/mech/gss_wrap.c
lib/gssapi/mech/gss_import_name.c lib/gssapi/mech/gss_duplicate_name.c lib/gssapi/mech/gss_unwrap.c
@@ -624,7 +626,7 @@ KRB5_SOURCE = [os.path.join('lib/krb5/', x) for x in to_list(
send_to_kdc.c set_default_realm.c
store.c store-int.c store_emem.c store_fd.c
store_mem.c ticket.c time.c transited.c
- v4_glue.c version.c warn.c krb5_err.c
+ version.c warn.c krb5_err.c
heim_err.c k524_err.c krb_err.c''')] + ["../heimdal_build/krb5-glue.c"]
HEIMDAL_LIBRARY('krb5', KRB5_SOURCE,
diff --git a/source4/kdc/hdb-samba4.c b/source4/kdc/hdb-samba4.c
index 596e73e023..771b2edd5e 100644
--- a/source4/kdc/hdb-samba4.c
+++ b/source4/kdc/hdb-samba4.c
@@ -96,21 +96,6 @@ static krb5_error_code hdb_samba4_fetch_kvno(krb5_context context, HDB *db,
return samba_kdc_fetch(context, kdc_db_ctx, principal, flags, kvno, entry_ex);
}
-static krb5_error_code hdb_samba4_fetch(krb5_context context, HDB *db,
- krb5_const_principal principal,
- unsigned flags,
- hdb_entry_ex *entry_ex)
-{
- struct samba_kdc_db_context *kdc_db_ctx;
-
- flags &= ~HDB_F_KVNO_SPECIFIED;
-
- kdc_db_ctx = talloc_get_type_abort(db->hdb_db,
- struct samba_kdc_db_context);
-
- return samba_kdc_fetch(context, kdc_db_ctx, principal, flags, 0, entry_ex);
-}
-
static krb5_error_code hdb_samba4_firstkey(krb5_context context, HDB *db, unsigned flags,
hdb_entry_ex *entry)
{
@@ -200,7 +185,6 @@ NTSTATUS hdb_samba4_create_kdc(struct samba_kdc_base_context *base_ctx,
(*db)->hdb_dbc = NULL;
(*db)->hdb_open = hdb_samba4_open;
(*db)->hdb_close = hdb_samba4_close;
- (*db)->hdb_fetch = hdb_samba4_fetch;
(*db)->hdb_fetch_kvno = hdb_samba4_fetch_kvno;
(*db)->hdb_store = hdb_samba4_store;
(*db)->hdb_remove = hdb_samba4_remove;
diff --git a/source4/kdc/kdc.c b/source4/kdc/kdc.c
index d39e616e7e..99b0711592 100644
--- a/source4/kdc/kdc.c
+++ b/source4/kdc/kdc.c
@@ -631,11 +631,12 @@ static NTSTATUS kdc_check_generic_kerberos(struct irpc_message *msg,
return NT_STATUS_NO_MEMORY;
}
- ret = kdc->config->db[0]->hdb_fetch(kdc->smb_krb5_context->krb5_context,
- kdc->config->db[0],
- principal,
- HDB_F_GET_KRBTGT | HDB_F_DECRYPT,
- &ent);
+ ret = kdc->config->db[0]->hdb_fetch_kvno(kdc->smb_krb5_context->krb5_context,
+ kdc->config->db[0],
+ principal,
+ HDB_F_GET_KRBTGT | HDB_F_DECRYPT,
+ 0,
+ &ent);
if (ret != 0) {
hdb_free_entry(kdc->smb_krb5_context->krb5_context, &ent);