From cd1d7f4be7d31388ab79c797acaf6d7730113112 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 5 Aug 2009 11:25:50 +1000 Subject: s4:heimdal: import lorikeet-heimdal-200908050050 (commit 8714779fa7376fd9f7761587639e68b48afc8c9c) This also adds a new hdb-glue.c file, to cope with Heimdal's uncondtional enabling of SQLITE. (Very reasonable, but not required for Samba4's use). Andrew Bartlett --- source4/heimdal/kdc/kdc_locl.h | 3 +++ source4/heimdal/kdc/kerberos5.c | 14 ++++---------- source4/heimdal/kdc/misc.c | 8 ++++++-- source4/heimdal/kdc/pkinit.c | 20 ++++++++++++-------- 4 files changed, 25 insertions(+), 20 deletions(-) (limited to 'source4/heimdal/kdc') diff --git a/source4/heimdal/kdc/kdc_locl.h b/source4/heimdal/kdc/kdc_locl.h index daf155839c..024937e763 100644 --- a/source4/heimdal/kdc/kdc_locl.h +++ b/source4/heimdal/kdc/kdc_locl.h @@ -67,6 +67,9 @@ extern const struct units _kdc_digestunits[]; extern struct timeval _kdc_now; #define kdc_time (_kdc_now.tv_sec) +extern char *runas_string; +extern char *chroot_string; + void loop(krb5_context context, krb5_kdc_configuration *config); diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c index 53e9f54537..8edc07a49b 100644 --- a/source4/heimdal/kdc/kerberos5.c +++ b/source4/heimdal/kdc/kerberos5.c @@ -1208,19 +1208,13 @@ _kdc_as_rep(krb5_context context, (unsigned)abs(kdc_time - p.patimestamp), context->max_skew, client_name); -#if 1 - /* This code is from samba, needs testing */ + /* - * the following is needed to make windows clients - * to retry using the timestamp in the error message - * - * this is maybe a bug in windows to not trying when e_text - * is present... + * The following is needed to make windows clients to + * retry using the timestamp in the error message, if + * there is a e_text, they become unhappy. */ e_text = NULL; -#else - e_text = "Too large time skew"; -#endif goto out; } et.flags.pre_authent = 1; diff --git a/source4/heimdal/kdc/misc.c b/source4/heimdal/kdc/misc.c index 247cb575de..e016183615 100644 --- a/source4/heimdal/kdc/misc.c +++ b/source4/heimdal/kdc/misc.c @@ -65,12 +65,15 @@ _kdc_db_fetch(krb5_context context, "malformed request: " "enterprise name with %d name components", principal->name.name_string.len); + free(ent); return ret; } ret = krb5_parse_name(context, principal->name.name_string.val[0], &enterprise_principal); - if (ret) + if (ret) { + free(ent); return ret; + } principal = enterprise_principal; } @@ -98,7 +101,8 @@ _kdc_db_fetch(krb5_context context, } } free(ent); - krb5_set_error_message(context, HDB_ERR_NOENTRY, "no such entry found in hdb"); + krb5_set_error_message(context, HDB_ERR_NOENTRY, + "no such entry found in hdb"); return HDB_ERR_NOENTRY; } diff --git a/source4/heimdal/kdc/pkinit.c b/source4/heimdal/kdc/pkinit.c index 644eae0fe4..0d00ef2173 100644 --- a/source4/heimdal/kdc/pkinit.c +++ b/source4/heimdal/kdc/pkinit.c @@ -284,7 +284,7 @@ generate_dh_keyblock(krb5_context context, dh_gen_keylen = ECDH_compute_key(dh_gen_key, size, EC_KEY_get0_public_key(client_params->u.ecdh.public_key), client_params->u.ecdh.key, NULL); - ret = 0; + #endif /* HAVE_OPENSSL */ } else { ret = KRB5KRB_ERR_GENERIC; @@ -1450,8 +1450,10 @@ _kdc_pk_mk_pa_reply(krb5_context context, ret = krb5_generate_random_keyblock(context, sessionetype, sessionkey); - if (ret) + if (ret) { + free(buf); goto out; + } } else krb5_abortx(context, "PK-INIT internal error"); @@ -1981,12 +1983,14 @@ _kdc_pk_initialize(krb5_context context, hx509_name name; char *str; ret = hx509_cert_get_subject(cert, &name); - hx509_name_to_string(name, &str); - krb5_warnx(context, "WARNING Found KDC certificate (%s)" - "is missing the PK-INIT KDC EKU, this is bad for " - "interoperability.", str); - hx509_name_free(&name); - free(str); + if (ret == 0) { + hx509_name_to_string(name, &str); + krb5_warnx(context, "WARNING Found KDC certificate (%s)" + "is missing the PK-INIT KDC EKU, this is bad for " + "interoperability.", str); + hx509_name_free(&name); + free(str); + } } hx509_cert_free(cert); } else -- cgit