From ab6e3fce040f9ad27cbce44e9038a24f15b601c8 Mon Sep 17 00:00:00 2001 From: Matthieu Patou Date: Sun, 15 Aug 2010 18:31:28 +0400 Subject: s4:heimdal: import lorikeet-heimdal-201009250123 (commit 42cabfb5b683dbcb97d583c397b897507689e382) I based this on Matthieu's import of lorikeet-heimdal, and then updated it to this commit. Andrew Bartlett --- source4/heimdal/lib/hdb/ext.c | 5 +++-- source4/heimdal/lib/hdb/hdb_err.et | 1 + source4/heimdal/lib/hdb/keytab.c | 14 +++++++------- source4/heimdal/lib/hdb/mkey.c | 23 +++++++++++++---------- source4/heimdal/lib/hdb/ndbm.c | 6 ++++++ 5 files changed, 30 insertions(+), 19 deletions(-) (limited to 'source4/heimdal/lib/hdb') diff --git a/source4/heimdal/lib/hdb/ext.c b/source4/heimdal/lib/hdb/ext.c index faf0b6bdf2..fb32fdb845 100644 --- a/source4/heimdal/lib/hdb/ext.c +++ b/source4/heimdal/lib/hdb/ext.c @@ -316,7 +316,7 @@ hdb_entry_get_password(krb5_context context, HDB *db, str = pw.data; if (str[pw.length - 1] != '\0') { - krb5_set_error_message(context, EINVAL, "password malformated"); + krb5_set_error_message(context, EINVAL, "malformed password"); return EINVAL; } @@ -332,7 +332,8 @@ hdb_entry_get_password(krb5_context context, HDB *db, ret = krb5_unparse_name(context, entry->principal, &str); if (ret == 0) { - krb5_set_error_message(context, ENOENT, "no password attributefor %s", str); + krb5_set_error_message(context, ENOENT, + "no password attribute for %s", str); free(str); } else krb5_clear_error_message(context); diff --git a/source4/heimdal/lib/hdb/hdb_err.et b/source4/heimdal/lib/hdb/hdb_err.et index 120dbfb9fa..2cad4daba4 100644 --- a/source4/heimdal/lib/hdb/hdb_err.et +++ b/source4/heimdal/lib/hdb/hdb_err.et @@ -24,6 +24,7 @@ error_code EXISTS, "Entry already exists in database" error_code BADVERSION, "Wrong database version" error_code NO_MKEY, "No correct master key" error_code MANDATORY_OPTION, "Entry contains unknown mandatory extension" +error_code NO_WRITE_SUPPORT, "HDB backend doesn't contain write support" error_code NOT_FOUND_HERE, "The secret for this entry is not replicated to this database" end diff --git a/source4/heimdal/lib/hdb/keytab.c b/source4/heimdal/lib/hdb/keytab.c index 524cea6f45..efaed7f420 100644 --- a/source4/heimdal/lib/hdb/keytab.c +++ b/source4/heimdal/lib/hdb/keytab.c @@ -52,7 +52,7 @@ struct hdb_cursor { * HDB:[HDBFORMAT:database-specific-data[:mkey=mkey-file]] */ -static krb5_error_code +static krb5_error_code KRB5_CALLCONV hdb_resolve(krb5_context context, const char *name, krb5_keytab id) { struct hdb_data *d; @@ -99,7 +99,7 @@ hdb_resolve(krb5_context context, const char *name, krb5_keytab id) return 0; } -static krb5_error_code +static krb5_error_code KRB5_CALLCONV hdb_close(krb5_context context, krb5_keytab id) { struct hdb_data *d = id->data; @@ -110,7 +110,7 @@ hdb_close(krb5_context context, krb5_keytab id) return 0; } -static krb5_error_code +static krb5_error_code KRB5_CALLCONV hdb_get_name(krb5_context context, krb5_keytab id, char *name, @@ -169,7 +169,7 @@ find_db (krb5_context context, * it in `entry'. return 0 or an error code */ -static krb5_error_code +static krb5_error_code KRB5_CALLCONV hdb_get_entry(krb5_context context, krb5_keytab id, krb5_const_principal principal, @@ -256,7 +256,7 @@ hdb_get_entry(krb5_context context, * it in `entry'. return 0 or an error code */ -static krb5_error_code +static krb5_error_code KRB5_CALLCONV hdb_start_seq_get(krb5_context context, krb5_keytab id, krb5_kt_cursor *cursor) @@ -309,7 +309,7 @@ hdb_start_seq_get(krb5_context context, return ret; } -static int +static int KRB5_CALLCONV hdb_next_entry(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry, @@ -391,7 +391,7 @@ hdb_next_entry(krb5_context context, } -static int +static int KRB5_CALLCONV hdb_end_seq_get(krb5_context context, krb5_keytab id, krb5_kt_cursor *cursor) diff --git a/source4/heimdal/lib/hdb/mkey.c b/source4/heimdal/lib/hdb/mkey.c index 360bb33a3a..760eccfd43 100644 --- a/source4/heimdal/lib/hdb/mkey.c +++ b/source4/heimdal/lib/hdb/mkey.c @@ -146,7 +146,7 @@ read_master_keytab(krb5_context context, const char *filename, /* read a MIT master keyfile */ static krb5_error_code read_master_mit(krb5_context context, const char *filename, - hdb_master_key *mkey) + int byteorder, hdb_master_key *mkey) { int fd; krb5_error_code ret; @@ -166,20 +166,16 @@ read_master_mit(krb5_context context, const char *filename, close(fd); return errno; } - krb5_storage_set_flags(sp, KRB5_STORAGE_HOST_BYTEORDER); + krb5_storage_set_flags(sp, byteorder); /* could possibly use ret_keyblock here, but do it with more checks for now */ { ret = krb5_ret_int16(sp, &enctype); if (ret) goto out; - if((htons(enctype) & 0xff00) == 0x3000) { - ret = HEIM_ERR_BAD_MKEY; - krb5_set_error_message(context, ret, "unknown keytype in %s: " - "%#x, expected %#x", - filename, htons(enctype), 0x3000); - goto out; - } + ret = krb5_enctype_valid(context, enctype); + if (ret) + goto out; key.keytype = enctype; ret = krb5_ret_data(sp, &key.keyvalue); if(ret) @@ -330,7 +326,14 @@ hdb_read_master_key(krb5_context context, const char *filename, } else if(buf[0] == 5 && buf[1] >= 1 && buf[1] <= 2) { ret = read_master_keytab(context, filename, mkey); } else { - ret = read_master_mit(context, filename, mkey); + /* + * Check both LittleEndian and BigEndian since they key file + * might be moved from a machine with diffrent byte order, or + * its running on MacOS X that always uses BE master keys. + */ + ret = read_master_mit(context, filename, KRB5_STORAGE_BYTEORDER_LE, mkey); + if (ret) + ret = read_master_mit(context, filename, KRB5_STORAGE_BYTEORDER_BE, mkey); } return ret; } diff --git a/source4/heimdal/lib/hdb/ndbm.c b/source4/heimdal/lib/hdb/ndbm.c index bad3c49742..2a57d2ac27 100644 --- a/source4/heimdal/lib/hdb/ndbm.c +++ b/source4/heimdal/lib/hdb/ndbm.c @@ -37,9 +37,11 @@ #if defined(HAVE_GDBM_NDBM_H) #include +#define WRITE_SUPPORT 1 #elif defined(HAVE_NDBM_H) #include #elif defined(HAVE_DBM_H) +#define WRITE_SUPPORT 1 #include #endif @@ -243,6 +245,7 @@ static krb5_error_code NDBM__put(krb5_context context, HDB *db, int replace, krb5_data key, krb5_data value) { +#ifdef WRITE_SUPPORT struct ndbm_db *d = (struct ndbm_db *)db->hdb_db; datum k, v; int code; @@ -262,6 +265,9 @@ NDBM__put(krb5_context context, HDB *db, int replace, if (code < 0) return code; return 0; +#else + return HDB_ERR_NO_WRITE_SUPPORT; +#endif } static krb5_error_code -- cgit