From 5a8635bca1b6d60a5b81c602eb4f0b7fd8902d7b Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Mon, 25 Jul 2011 18:51:53 +0200
Subject: s4:heimdal: import lorikeet-heimdal-201107241840 (commit
 0fdf11fa3cdb47df9f5393ebf36d9f5742243036)

---
 source4/heimdal/kdc/default_config.c |  2 +-
 source4/heimdal/kdc/kerberos5.c      |  2 +-
 source4/heimdal/kdc/krb5tgs.c        | 12 ++++++++----
 source4/heimdal/kdc/misc.c           |  2 +-
 source4/heimdal/kdc/pkinit.c         |  2 +-
 5 files changed, 12 insertions(+), 8 deletions(-)

(limited to 'source4/heimdal/kdc')

diff --git a/source4/heimdal/kdc/default_config.c b/source4/heimdal/kdc/default_config.c
index fe977ded5a..6fbf5fdae1 100644
--- a/source4/heimdal/kdc/default_config.c
+++ b/source4/heimdal/kdc/default_config.c
@@ -54,7 +54,7 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
     c->as_use_strongest_session_key = FALSE;
     c->preauth_use_strongest_session_key = FALSE;
     c->tgs_use_strongest_session_key = FALSE;
-    c->use_strongest_server_key = FALSE;
+    c->use_strongest_server_key = TRUE;
     c->check_ticket_addresses = TRUE;
     c->allow_null_ticket_addresses = TRUE;
     c->allow_anonymous = FALSE;
diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c
index 4bc1619170..c13abb7ce0 100644
--- a/source4/heimdal/kdc/kerberos5.c
+++ b/source4/heimdal/kdc/kerberos5.c
@@ -978,7 +978,7 @@ _kdc_as_rep(krb5_context context,
     krb5_crypto crypto;
     Key *ckey, *skey;
     EncryptionKey *reply_key = NULL, session_key;
-    int flags = 0;
+    int flags = HDB_F_FOR_AS_REQ;
 #ifdef PKINIT
     pk_client_params *pkp = NULL;
 #endif
diff --git a/source4/heimdal/kdc/krb5tgs.c b/source4/heimdal/kdc/krb5tgs.c
index 92cce5759f..6aad65d408 100644
--- a/source4/heimdal/kdc/krb5tgs.c
+++ b/source4/heimdal/kdc/krb5tgs.c
@@ -1216,7 +1216,7 @@ tgs_parse_request(krb5_context context,
     }
 
     if(ap_req.ticket.enc_part.kvno &&
-       (unsigned int)*ap_req.ticket.enc_part.kvno != (*krbtgt)->entry.kvno){
+       *ap_req.ticket.enc_part.kvno != (*krbtgt)->entry.kvno){
 	char *p;
 
 	ret = krb5_unparse_name (context, princ, &p);
@@ -1508,6 +1508,7 @@ tgs_build_reply(krb5_context context,
 
     Key *tkey_check;
     Key *tkey_sign;
+    int flags = HDB_F_FOR_TGS_REQ;
 
     memset(&sessionkey, 0, sizeof(sessionkey));
     memset(&adtkt, 0, sizeof(adtkt));
@@ -1517,6 +1518,9 @@ tgs_build_reply(krb5_context context,
     s = b->sname;
     r = b->realm;
 
+    if (b->kdc_options.canonicalize)
+	flags |= HDB_F_CANON;
+
     if(b->kdc_options.enc_tkt_in_skey){
 	Ticket *t;
 	hdb_entry_ex *uu;
@@ -1591,7 +1595,7 @@ tgs_build_reply(krb5_context context,
      */
 
 server_lookup:
-    ret = _kdc_db_fetch(context, config, sp, HDB_F_GET_SERVER | HDB_F_CANON,
+    ret = _kdc_db_fetch(context, config, sp, HDB_F_GET_SERVER | flags,
 			NULL, NULL, &server);
 
     if(ret == HDB_ERR_NOT_FOUND_HERE) {
@@ -1777,7 +1781,7 @@ server_lookup:
 	goto out;
     }
 
-    ret = _kdc_db_fetch(context, config, cp, HDB_F_GET_CLIENT | HDB_F_CANON,
+    ret = _kdc_db_fetch(context, config, cp, HDB_F_GET_CLIENT | flags,
 			NULL, &clientdb, &client);
     if(ret == HDB_ERR_NOT_FOUND_HERE) {
 	/* This is OK, we are just trying to find out if they have
@@ -1912,7 +1916,7 @@ server_lookup:
 	    if(rspac.data) {
 		krb5_pac p = NULL;
 		krb5_data_free(&rspac);
-		ret = _kdc_db_fetch(context, config, tp, HDB_F_GET_CLIENT | HDB_F_CANON,
+		ret = _kdc_db_fetch(context, config, tp, HDB_F_GET_CLIENT | flags,
 				    NULL, &s4u2self_impersonated_clientdb, &s4u2self_impersonated_client);
 		if (ret) {
 		    const char *msg;
diff --git a/source4/heimdal/kdc/misc.c b/source4/heimdal/kdc/misc.c
index f9b34571a3..1b2c440005 100644
--- a/source4/heimdal/kdc/misc.c
+++ b/source4/heimdal/kdc/misc.c
@@ -40,7 +40,7 @@ _kdc_db_fetch(krb5_context context,
 	      krb5_kdc_configuration *config,
 	      krb5_const_principal principal,
 	      unsigned flags,
-	      krb5int32 *kvno_ptr,
+	      krb5uint32 *kvno_ptr,
 	      HDB **db,
 	      hdb_entry_ex **h)
 {
diff --git a/source4/heimdal/kdc/pkinit.c b/source4/heimdal/kdc/pkinit.c
index a02cb816ab..d85b156500 100644
--- a/source4/heimdal/kdc/pkinit.c
+++ b/source4/heimdal/kdc/pkinit.c
@@ -1420,7 +1420,7 @@ _kdc_pk_mk_pa_reply(krb5_context context,
 	memset(&rep, 0, sizeof(rep));
 
 	pa_type = KRB5_PADATA_PK_AS_REP_19;
-	rep.element = choice_PA_PK_AS_REP_encKeyPack;
+	rep.element = choice_PA_PK_AS_REP_Win2k_encKeyPack;
 
 	ret = krb5_generate_random_keyblock(context, enctype,
 					    &cp->reply_key);
-- 
cgit