The branch, master has been updated via 7acc1a7 s4:kdc: set *_strongest_*_key to true to restore the old behavior via e0541ed s4:auth/credentials: with the build after heimdal import via dcf197f s4:heimdal_build: define HAVE_KRB5_PDU_NONE_DECL via 890c30c s4:heimdal: add missing files via 255e3e1 s4:heimdal: import lorikeet-heimdal-201107150856 (commit 48936803fae4a2fb362c79365d31f420c917b85b) from 70da278 s3: Avoid leaking http_timestring in print_registry_key
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 7acc1a7a2f56627a2f5e4eed2fbfb14a16ecd649 Author: Stefan Metzmacher <me...@samba.org> Date: Thu Jul 14 21:02:20 2011 +0200 s4:kdc: set *_strongest_*_key to true to restore the old behavior TODO: check why this is needed. metze Autobuild-User: Stefan Metzmacher <me...@samba.org> Autobuild-Date: Fri Jul 15 12:26:25 CEST 2011 on sn-devel-104 commit e0541ed98d730622f348e3871aba02908ce477dd Author: Stefan Metzmacher <me...@samba.org> Date: Thu Jul 14 14:15:29 2011 +0200 s4:auth/credentials: with the build after heimdal import metze commit dcf197fc8c8c81bdbb477e0e8dc1b5cb35c9e90b Author: Stefan Metzmacher <me...@samba.org> Date: Thu Jul 14 14:51:15 2011 +0200 s4:heimdal_build: define HAVE_KRB5_PDU_NONE_DECL metze commit 890c30ce46e4c576e61f8ae0f52d91f0f1ebfeab Author: Stefan Metzmacher <me...@samba.org> Date: Thu Jul 14 14:32:16 2011 +0200 s4:heimdal: add missing files metze commit 255e3e18e00f717d99f3bc57c8a8895ff624f3c3 Author: Stefan Metzmacher <me...@samba.org> Date: Fri Jul 15 09:10:30 2011 +0200 s4:heimdal: import lorikeet-heimdal-201107150856 (commit 48936803fae4a2fb362c79365d31f420c917b85b) ----------------------------------------------------------------------- Summary of changes: source4/auth/credentials/credentials_krb5.c | 1 + source4/heimdal/base/baselocl.h | 7 + source4/heimdal/base/dict.c | 4 +- source4/heimdal/base/heimbase.c | 2 +- source4/heimdal/base/heimbase.h | 18 +- source4/heimdal/cf/make-proto.pl | 48 +++- source4/heimdal/include/heim_threads.h | 28 +- source4/heimdal/kdc/default_config.c | 74 ++--- source4/heimdal/kdc/digest.c | 142 ++++---- source4/heimdal/kdc/kdc.h | 16 +- source4/heimdal/kdc/kerberos5.c | 236 ++++++++------ source4/heimdal/kdc/krb5tgs.c | 104 ++++--- source4/heimdal/kdc/kx509.c | 4 +- source4/heimdal/kdc/log.c | 10 +- source4/heimdal/kdc/misc.c | 39 ++- source4/heimdal/kdc/pkinit.c | 115 ++++---- source4/heimdal/kdc/process.c | 18 +- source4/heimdal/kdc/windc.c | 10 +- source4/heimdal/kdc/windc_plugin.h | 6 +- source4/heimdal/kpasswd/kpasswd.c | 15 +- source4/heimdal/kuser/kinit.c | 66 ++-- source4/heimdal/lib/asn1/asn1-common.h | 2 +- source4/heimdal/lib/asn1/asn1parse.c | 4 +- source4/heimdal/lib/asn1/asn1parse.y | 4 +- source4/heimdal/lib/asn1/der_cmp.c | 4 +- source4/heimdal/lib/asn1/der_format.c | 2 +- source4/heimdal/lib/asn1/der_get.c | 4 +- source4/heimdal/lib/asn1/der_length.c | 2 +- source4/heimdal/lib/asn1/der_put.c | 3 +- source4/heimdal/lib/asn1/extra.c | 4 +- source4/heimdal/lib/asn1/gen.c | 6 +- source4/heimdal/lib/asn1/gen_decode.c | 38 ++- source4/heimdal/lib/asn1/gen_encode.c | 19 +- source4/heimdal/lib/asn1/gen_free.c | 4 +- source4/heimdal/lib/asn1/gen_template.c | 22 +- source4/heimdal/lib/asn1/krb5.asn1 | 50 ++-- source4/heimdal/lib/asn1/lex.c | 4 +- source4/heimdal/lib/asn1/lex.l | 4 +- source4/heimdal/lib/asn1/main.c | 2 +- source4/heimdal/lib/asn1/test.asn1 | 3 + source4/heimdal/lib/asn1/timegm.c | 21 +- source4/heimdal/lib/com_err/compile_et.c | 4 +- source4/heimdal/lib/com_err/error.c | 2 +- source4/heimdal/lib/com_err/parse.c | 2 +- source4/heimdal/lib/com_err/parse.y | 2 +- source4/heimdal/lib/gssapi/gssapi/gssapi.h | 98 +++++-- source4/heimdal/lib/gssapi/gssapi/gssapi_oid.h | 7 + source4/heimdal/lib/gssapi/gssapi_mech.h | 59 +++- source4/heimdal/lib/gssapi/krb5/8003.c | 2 +- .../heimdal/lib/gssapi/krb5/accept_sec_context.c | 70 +++-- source4/heimdal/lib/gssapi/krb5/acquire_cred.c | 153 ++++++--- source4/heimdal/lib/gssapi/krb5/add_cred.c | 31 +-- source4/heimdal/lib/gssapi/krb5/aeap.c | 10 +- source4/heimdal/lib/gssapi/krb5/arcfour.c | 14 +- .../authorize_localname.c} | 54 ++-- source4/heimdal/lib/gssapi/krb5/cfx.c | 12 +- source4/heimdal/lib/gssapi/krb5/compat.c | 2 +- source4/heimdal/lib/gssapi/krb5/context_time.c | 2 +- source4/heimdal/lib/gssapi/krb5/copy_ccache.c | 2 +- source4/heimdal/lib/gssapi/krb5/creds.c | 8 +- source4/heimdal/lib/gssapi/krb5/encapsulate.c | 4 +- source4/heimdal/lib/gssapi/krb5/external.c | 21 +- source4/heimdal/lib/gssapi/krb5/import_name.c | 4 +- source4/heimdal/lib/gssapi/krb5/init_sec_context.c | 36 +- source4/heimdal/lib/gssapi/krb5/inquire_cred.c | 4 +- .../lib/gssapi/krb5/inquire_names_for_mech.c | 2 +- .../lib/gssapi/krb5/inquire_sec_context_by_oid.c | 53 +++- .../krb5/{inquire_cred_by_oid.c => pname_to_uid.c} | 74 +++-- source4/heimdal/lib/gssapi/krb5/prf.c | 24 +- .../lib/gssapi/krb5/process_context_token.c | 3 +- source4/heimdal/lib/gssapi/krb5/sequence.c | 4 +- source4/heimdal/lib/gssapi/krb5/set_cred_option.c | 4 +- .../lib/gssapi/krb5/set_sec_context_option.c | 7 +- source4/heimdal/lib/gssapi/krb5/store_cred.c | 2 +- source4/heimdal/lib/gssapi/krb5/unwrap.c | 3 +- source4/heimdal/lib/gssapi/krb5/verify_mic.c | 8 +- source4/heimdal/lib/gssapi/krb5/wrap.c | 2 +- source4/heimdal/lib/gssapi/mech/compat.h | 94 ++++++ source4/heimdal/lib/gssapi/mech/cred.h | 16 + .../lib/gssapi/mech/gss_accept_sec_context.c | 16 +- source4/heimdal/lib/gssapi/mech/gss_acquire_cred.c | 2 +- source4/heimdal/lib/gssapi/mech/gss_add_cred.c | 2 +- .../lib/gssapi/mech/gss_add_oid_set_member.c | 2 +- source4/heimdal/lib/gssapi/mech/gss_aeap.c | 6 +- source4/heimdal/lib/gssapi/mech/gss_buffer_set.c | 2 +- .../lib/gssapi/mech/gss_canonicalize_name.c | 2 +- source4/heimdal/lib/gssapi/mech/gss_cred.c | 4 +- .../lib/gssapi/mech/gss_decapsulate_token.c | 6 +- .../heimdal/lib/gssapi/mech/gss_display_status.c | 2 +- .../heimdal/lib/gssapi/mech/gss_duplicate_name.c | 8 +- .../lib/gssapi/mech/gss_encapsulate_token.c | 6 +- .../lib/gssapi/mech/gss_export_sec_context.c | 2 +- source4/heimdal/lib/gssapi/mech/gss_import_name.c | 18 +- .../lib/gssapi/mech/gss_import_sec_context.c | 2 +- .../heimdal/lib/gssapi/mech/gss_indicate_mechs.c | 4 +- .../heimdal/lib/gssapi/mech/gss_init_sec_context.c | 2 +- .../heimdal/lib/gssapi/mech/gss_inquire_context.c | 8 +- .../lib/gssapi/mech/gss_inquire_cred_by_oid.c | 2 +- source4/heimdal/lib/gssapi/mech/gss_krb5.c | 16 +- source4/heimdal/lib/gssapi/mech/gss_mech_switch.c | 100 +++++-- source4/heimdal/lib/gssapi/mech/gss_mo.c | 351 +++++++++++++++----- source4/heimdal/lib/gssapi/mech/gss_names.c | 2 +- source4/heimdal/lib/gssapi/mech/gss_oid.c | 150 +++++---- source4/heimdal/lib/gssapi/mech/gss_oid_equal.c | 2 +- source4/heimdal/lib/gssapi/mech/gss_release_name.c | 2 +- .../heimdal/lib/gssapi/mech/gss_set_cred_option.c | 6 +- .../lib/gssapi/mech/gss_test_oid_set_member.c | 2 +- .../heimdal/lib/gssapi/mech/gss_wrap_size_limit.c | 2 +- source4/heimdal/lib/gssapi/mech/mech_locl.h | 1 + .../heimdal/lib/gssapi/spnego/accept_sec_context.c | 44 +-- source4/heimdal/lib/gssapi/spnego/compat.c | 6 +- source4/heimdal/lib/gssapi/spnego/context_stubs.c | 4 +- source4/heimdal/lib/gssapi/spnego/cred_stubs.c | 2 +- source4/heimdal/lib/gssapi/spnego/external.c | 17 +- .../heimdal/lib/gssapi/spnego/init_sec_context.c | 6 +- source4/heimdal/lib/gssapi/spnego/spnego_locl.h | 2 + source4/heimdal/lib/gssapi/version-script.map | 12 +- source4/heimdal/lib/hcrypto/camellia-ntt.c | 4 +- source4/heimdal/lib/hcrypto/des.c | 6 +- source4/heimdal/lib/hcrypto/des.h | 2 +- source4/heimdal/lib/hcrypto/dh-ltm.c | 6 +- source4/heimdal/lib/hcrypto/dh.c | 4 +- source4/heimdal/lib/hcrypto/engine.c | 4 +- source4/heimdal/lib/hcrypto/evp.c | 6 +- source4/heimdal/lib/hcrypto/evp.h | 2 +- .../lib/hcrypto/libtommath/bn_fast_mp_invmod.c | 6 +- .../lib/hcrypto/libtommath/bn_fast_s_mp_mul_digs.c | 16 +- .../libtommath/bn_fast_s_mp_mul_high_digs.c | 6 +- .../lib/hcrypto/libtommath/bn_fast_s_mp_sqr.c | 10 +- .../heimdal/lib/hcrypto/libtommath/bn_mp_2expt.c | 2 +- source4/heimdal/lib/hcrypto/libtommath/bn_mp_abs.c | 2 +- .../heimdal/lib/hcrypto/libtommath/bn_mp_clamp.c | 2 +- .../lib/hcrypto/libtommath/bn_mp_clear_multi.c | 2 +- source4/heimdal/lib/hcrypto/libtommath/bn_mp_cmp.c | 2 +- .../heimdal/lib/hcrypto/libtommath/bn_mp_cmp_mag.c | 2 +- .../heimdal/lib/hcrypto/libtommath/bn_mp_cnt_lsb.c | 2 +- .../lib/hcrypto/libtommath/bn_mp_count_bits.c | 2 +- source4/heimdal/lib/hcrypto/libtommath/bn_mp_div.c | 32 +- .../heimdal/lib/hcrypto/libtommath/bn_mp_div_3.c | 6 +- .../heimdal/lib/hcrypto/libtommath/bn_mp_div_d.c | 10 +- .../lib/hcrypto/libtommath/bn_mp_dr_setup.c | 2 +- .../heimdal/lib/hcrypto/libtommath/bn_mp_exch.c | 2 +- .../heimdal/lib/hcrypto/libtommath/bn_mp_exptmod.c | 4 +- .../lib/hcrypto/libtommath/bn_mp_exptmod_fast.c | 6 +- .../lib/hcrypto/libtommath/bn_mp_exteuclid.c | 2 +- .../lib/hcrypto/libtommath/bn_mp_find_prime.c | 4 +- .../heimdal/lib/hcrypto/libtommath/bn_mp_fread.c | 12 +- .../heimdal/lib/hcrypto/libtommath/bn_mp_fwrite.c | 8 +- source4/heimdal/lib/hcrypto/libtommath/bn_mp_gcd.c | 8 +- .../heimdal/lib/hcrypto/libtommath/bn_mp_get_int.c | 4 +- .../lib/hcrypto/libtommath/bn_mp_init_multi.c | 8 +- .../lib/hcrypto/libtommath/bn_mp_init_size.c | 4 +- .../heimdal/lib/hcrypto/libtommath/bn_mp_invmod.c | 4 +- .../lib/hcrypto/libtommath/bn_mp_invmod_slow.c | 6 +- .../lib/hcrypto/libtommath/bn_mp_is_square.c | 8 +- .../heimdal/lib/hcrypto/libtommath/bn_mp_isprime.c | 4 +- .../lib/hcrypto/libtommath/bn_mp_karatsuba_mul.c | 34 +- .../lib/hcrypto/libtommath/bn_mp_karatsuba_sqr.c | 6 +- source4/heimdal/lib/hcrypto/libtommath/bn_mp_mul.c | 12 +- .../heimdal/lib/hcrypto/libtommath/bn_mp_mul_2.c | 20 +- .../heimdal/lib/hcrypto/libtommath/bn_mp_mul_2d.c | 2 +- .../heimdal/lib/hcrypto/libtommath/bn_mp_n_root.c | 24 +- .../lib/hcrypto/libtommath/bn_mp_prime_fermat.c | 2 +- .../hcrypto/libtommath/bn_mp_prime_is_divisible.c | 2 +- .../hcrypto/libtommath/bn_mp_prime_miller_rabin.c | 6 +- .../hcrypto/libtommath/bn_mp_prime_next_prime.c | 2 +- .../lib/hcrypto/libtommath/bn_mp_prime_random_ex.c | 10 +- .../lib/hcrypto/libtommath/bn_mp_radix_size.c | 2 +- .../lib/hcrypto/libtommath/bn_mp_read_radix.c | 12 +- .../heimdal/lib/hcrypto/libtommath/bn_mp_reduce.c | 12 +- .../lib/hcrypto/libtommath/bn_mp_reduce_2k.c | 16 +- .../lib/hcrypto/libtommath/bn_mp_reduce_2k_l.c | 18 +- .../lib/hcrypto/libtommath/bn_mp_reduce_2k_setup.c | 8 +- .../hcrypto/libtommath/bn_mp_reduce_2k_setup_l.c | 8 +- .../lib/hcrypto/libtommath/bn_mp_reduce_is_2k.c | 4 +- .../lib/hcrypto/libtommath/bn_mp_reduce_is_2k_l.c | 4 +- .../lib/hcrypto/libtommath/bn_mp_reduce_setup.c | 2 +- .../heimdal/lib/hcrypto/libtommath/bn_mp_rshd.c | 6 +- .../heimdal/lib/hcrypto/libtommath/bn_mp_set_int.c | 2 +- source4/heimdal/lib/hcrypto/libtommath/bn_mp_sqr.c | 8 +- .../heimdal/lib/hcrypto/libtommath/bn_mp_sqrt.c | 6 +- .../lib/hcrypto/libtommath/bn_mp_toom_mul.c | 70 ++-- .../lib/hcrypto/libtommath/bn_mp_toradix_n.c | 6 +- .../heimdal/lib/hcrypto/libtommath/bn_s_mp_add.c | 4 +- .../lib/hcrypto/libtommath/bn_s_mp_exptmod.c | 16 +- .../lib/hcrypto/libtommath/bn_s_mp_mul_digs.c | 8 +- .../heimdal/lib/hcrypto/libtommath/bn_s_mp_sqr.c | 2 +- source4/heimdal/lib/hcrypto/libtommath/bncore.c | 6 +- .../lib/hcrypto/libtommath/mtest/mpi-config.h | 2 +- source4/heimdal/lib/hcrypto/libtommath/mtest/mpi.c | 150 +++++----- source4/heimdal/lib/hcrypto/libtommath/tommath.h | 18 +- .../lib/hcrypto/libtommath/tommath_superclass.h | 4 +- source4/heimdal/lib/hcrypto/pkcs12.c | 2 +- source4/heimdal/lib/hcrypto/rand-egd.c | 4 +- source4/heimdal/lib/hcrypto/rc2.c | 2 +- source4/heimdal/lib/hcrypto/rsa-ltm.c | 2 +- source4/heimdal/lib/hcrypto/rsa.c | 12 +- source4/heimdal/lib/hcrypto/sha256.c | 2 +- source4/heimdal/lib/hcrypto/sha512.c | 2 +- source4/heimdal/lib/hcrypto/ui.c | 6 +- source4/heimdal/lib/hcrypto/validate.c | 6 +- source4/heimdal/lib/hdb/dbinfo.c | 2 +- source4/heimdal/lib/hdb/ext.c | 20 +- source4/heimdal/lib/hdb/hdb-keytab.c | 2 +- source4/heimdal/lib/hdb/hdb.c | 12 +- source4/heimdal/lib/hdb/hdb.h | 4 +- source4/heimdal/lib/hdb/keys.c | 16 +- source4/heimdal/lib/hdb/keytab.c | 48 ++-- source4/heimdal/lib/hdb/mkey.c | 18 +- source4/heimdal/lib/hx509/ca.c | 10 +- source4/heimdal/lib/hx509/cert.c | 115 ++++--- source4/heimdal/lib/hx509/char_map.h | 64 ++-- source4/heimdal/lib/hx509/cms.c | 48 ++- source4/heimdal/lib/hx509/collector.c | 11 +- source4/heimdal/lib/hx509/crypto.c | 97 +++--- source4/heimdal/lib/hx509/file.c | 8 +- source4/heimdal/lib/hx509/keyset.c | 15 + source4/heimdal/lib/hx509/ks_dir.c | 4 +- source4/heimdal/lib/hx509/ks_file.c | 26 +- source4/heimdal/lib/hx509/ks_keychain.c | 14 +- source4/heimdal/lib/hx509/ks_mem.c | 2 +- source4/heimdal/lib/hx509/ks_p11.c | 32 +- source4/heimdal/lib/hx509/ks_p12.c | 20 +- source4/heimdal/lib/hx509/lock.c | 2 +- source4/heimdal/lib/hx509/name.c | 52 ++-- source4/heimdal/lib/hx509/print.c | 31 +- source4/heimdal/lib/hx509/revoke.c | 56 ++-- source4/heimdal/lib/hx509/sel.c | 6 +- source4/heimdal/lib/hx509/sel.h | 2 +- source4/heimdal/lib/hx509/test_name.c | 2 +- source4/heimdal/lib/krb5/acache.c | 18 +- source4/heimdal/lib/krb5/addr_families.c | 159 +++++++--- .../{get_default_realm.c => aname_to_localname.c} | 83 +++--- source4/heimdal/lib/krb5/appdefault.c | 2 +- source4/heimdal/lib/krb5/auth_context.c | 2 + source4/heimdal/lib/krb5/build_auth.c | 8 +- source4/heimdal/lib/krb5/cache.c | 26 +- source4/heimdal/lib/krb5/changepw.c | 18 +- source4/heimdal/lib/krb5/codec.c | 34 +- source4/heimdal/lib/krb5/config_file.c | 34 +- source4/heimdal/lib/krb5/context.c | 186 ++++++----- source4/heimdal/lib/krb5/convert_creds.c | 6 +- source4/heimdal/lib/krb5/creds.c | 2 +- source4/heimdal/lib/krb5/crypto-des.c | 4 +- source4/heimdal/lib/krb5/crypto-des3.c | 2 +- source4/heimdal/lib/krb5/crypto-evp.c | 4 +- source4/heimdal/lib/krb5/crypto-pk.c | 23 +- source4/heimdal/lib/krb5/crypto.c | 47 +-- source4/heimdal/lib/krb5/error_string.c | 2 +- source4/heimdal/lib/krb5/expand_path.c | 16 +- source4/heimdal/lib/krb5/fcache.c | 70 ++++- source4/heimdal/lib/krb5/get_addrs.c | 42 +-- source4/heimdal/lib/krb5/get_cred.c | 63 ++-- source4/heimdal/lib/krb5/get_default_principal.c | 2 +- source4/heimdal/lib/krb5/get_for_creds.c | 10 +- source4/heimdal/lib/krb5/get_host_realm.c | 2 +- source4/heimdal/lib/krb5/get_in_tkt.c | 31 +- source4/heimdal/lib/krb5/heim_err.et | 1 + source4/heimdal/lib/krb5/init_creds.c | 8 +- source4/heimdal/lib/krb5/init_creds_pw.c | 55 ++-- source4/heimdal/lib/krb5/kcm.c | 36 +- source4/heimdal/lib/krb5/keyblock.c | 2 +- source4/heimdal/lib/krb5/keytab.c | 73 ++++- source4/heimdal/lib/krb5/keytab_file.c | 17 +- source4/heimdal/lib/krb5/keytab_keyfile.c | 8 +- source4/heimdal/lib/krb5/krb5.h | 91 ++++-- source4/heimdal/lib/krb5/krb5_locl.h | 13 +- source4/heimdal/lib/krb5/krbhst.c | 8 +- source4/heimdal/lib/krb5/kuserok.c | 303 +++++++++++++++++ source4/heimdal/lib/krb5/log.c | 2 +- source4/heimdal/lib/krb5/mcache.c | 4 +- source4/heimdal/lib/krb5/misc.c | 45 +++- source4/heimdal/lib/krb5/mit_glue.c | 6 +- source4/heimdal/lib/krb5/mk_error.c | 5 +- source4/heimdal/lib/krb5/mk_priv.c | 2 +- source4/heimdal/lib/krb5/mk_rep.c | 2 +- source4/heimdal/lib/krb5/n-fold.c | 2 +- source4/heimdal/lib/krb5/pac.c | 15 +- source4/heimdal/lib/krb5/padata.c | 4 +- source4/heimdal/lib/krb5/pkinit.c | 128 ++++---- source4/heimdal/lib/krb5/plugin.c | 24 +- source4/heimdal/lib/krb5/principal.c | 20 +- source4/heimdal/lib/krb5/rd_cred.c | 15 +- source4/heimdal/lib/krb5/rd_rep.c | 2 +- source4/heimdal/lib/krb5/rd_req.c | 32 +- source4/heimdal/lib/krb5/replay.c | 4 +- source4/heimdal/lib/krb5/salt-arcfour.c | 2 +- source4/heimdal/lib/krb5/salt-des.c | 6 +- source4/heimdal/lib/krb5/salt.c | 3 +- source4/heimdal/lib/krb5/send_to_kdc.c | 14 +- source4/heimdal/lib/krb5/store-int.c | 2 +- source4/heimdal/lib/krb5/store-int.h | 1 + source4/heimdal/lib/krb5/store.c | 115 +++++-- source4/heimdal/lib/krb5/store_emem.c | 13 +- source4/heimdal/lib/krb5/store_fd.c | 3 +- source4/heimdal/lib/krb5/store_mem.c | 10 +- source4/heimdal/lib/krb5/ticket.c | 10 +- source4/heimdal/lib/krb5/transited.c | 63 ++--- source4/heimdal/lib/krb5/version-script.map | 6 +- source4/heimdal/lib/krb5/warn.c | 4 +- source4/heimdal/lib/ntlm/ntlm.c | 16 +- source4/heimdal/lib/roken/dumpdata.c | 2 +- source4/heimdal/lib/roken/get_window_size.c | 73 +++-- source4/heimdal/lib/roken/getarg.c | 22 +- source4/heimdal/lib/roken/hex.c | 5 +- source4/heimdal/lib/roken/parse_units.c | 4 +- source4/heimdal/lib/roken/resolve.c | 12 +- source4/heimdal/lib/roken/rkpty.c | 6 +- source4/heimdal/lib/roken/roken.h.in | 19 +- source4/heimdal/lib/roken/roken_gethostby.c | 9 +- source4/heimdal/lib/roken/socket.c | 2 +- source4/heimdal/lib/roken/strsep_copy.c | 2 +- source4/heimdal/lib/roken/version-script.map | 4 + source4/heimdal/lib/vers/print_version.c | 4 +- source4/heimdal/lib/wind/ldap.c | 4 +- source4/heimdal/lib/wind/normalize.c | 2 +- source4/heimdal/lib/wind/stringprep.c | 2 +- source4/heimdal/lib/wind/utf8.c | 10 +- source4/heimdal_build/wscript_build | 5 +- source4/heimdal_build/wscript_configure | 1 + source4/kdc/kdc.c | 13 + 321 files changed, 4084 insertions(+), 2608 deletions(-) copy source4/heimdal/lib/gssapi/{mech/gss_set_sec_context_option.c => krb5/authorize_localname.c} (62%) copy source4/heimdal/lib/gssapi/krb5/{inquire_cred_by_oid.c => pname_to_uid.c} (60%) create mode 100644 source4/heimdal/lib/gssapi/mech/compat.h copy source4/heimdal/lib/krb5/{get_default_realm.c => aname_to_localname.c} (60%) create mode 100644 source4/heimdal/lib/krb5/kuserok.c Changeset truncated at 500 lines: diff --git a/source4/auth/credentials/credentials_krb5.c b/source4/auth/credentials/credentials_krb5.c index 1643197..7130e41 100644 --- a/source4/auth/credentials/credentials_krb5.c +++ b/source4/auth/credentials/credentials_krb5.c @@ -538,6 +538,7 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred, * of AES keys. */ min_stat = krb5_get_default_in_tkt_etypes(ccache->smb_krb5_context->krb5_context, + KRB5_PDU_NONE, &etypes); if (min_stat == 0) { OM_uint32 num_ktypes; diff --git a/source4/heimdal/base/baselocl.h b/source4/heimdal/base/baselocl.h index b3c81b9..901e860 100644 --- a/source4/heimdal/base/baselocl.h +++ b/source4/heimdal/base/baselocl.h @@ -35,6 +35,13 @@ #include "config.h" +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif +#ifdef HAVE_SYS_SELECT_H +#include <sys/select.h> +#endif + #include <stdio.h> #include <stdlib.h> #include <string.h> diff --git a/source4/heimdal/base/dict.c b/source4/heimdal/base/dict.c index 7522c8c..1f9d71a 100644 --- a/source4/heimdal/base/dict.c +++ b/source4/heimdal/base/dict.c @@ -77,7 +77,7 @@ struct heim_type_data dict_object = { static size_t isprime(size_t p) { - int q, i; + size_t q, i; for(i = 2 ; i < p; i++) { q = p / i; @@ -120,7 +120,7 @@ heim_dict_create(size_t size) heim_release(dict); return NULL; } - + dict->tab = calloc(dict->size, sizeof(dict->tab[0])); if (dict->tab == NULL) { dict->size = 0; diff --git a/source4/heimdal/base/heimbase.c b/source4/heimdal/base/heimbase.c index 0166871..7031af9 100644 --- a/source4/heimdal/base/heimbase.c +++ b/source4/heimdal/base/heimbase.c @@ -369,7 +369,7 @@ void heim_abortv(const char *fmt, va_list ap) { static char str[1024]; - + vsnprintf(str, sizeof(str), fmt, ap); syslog(LOG_ERR, "heim_abort: %s", str); abort(); diff --git a/source4/heimdal/base/heimbase.h b/source4/heimdal/base/heimbase.h index d1ca5aa..ad1b3f0 100644 --- a/source4/heimdal/base/heimbase.h +++ b/source4/heimdal/base/heimbase.h @@ -48,6 +48,22 @@ typedef heim_object_t heim_null_t; #define HEIM_BASE_ONCE_INIT 0 typedef long heim_base_once_t; /* XXX arch dependant */ +#if !defined(__has_extension) +#define __has_extension(x) 0 +#endif + +#define HEIM_REQUIRE_GNUC(m,n,p) \ + (((__GNUC__ * 10000) + (__GNUC_MINOR__ * 100) + __GNUC_PATCHLEVEL__) >= \ + (((m) * 10000) + ((n) * 100) + (p))) + + +#if __has_extension(__builtin_expect) || HEIM_REQUIRE_GNUC(3,0,0) +#define heim_builtin_expect(_op,_res) __builtin_expect(_op,_res) +#else +#define heim_builtin_expect(_op,_res) (_op) +#endif + + void * heim_retain(heim_object_t); void heim_release(heim_object_t); @@ -79,7 +95,7 @@ heim_abortv(const char *fmt, va_list ap) HEIMDAL_PRINTF_ATTRIBUTE((printf, 1, 0)); #define heim_assert(e,t) \ - (__builtin_expect(!(e), 0) ? heim_abort(t ":" #e) : (void)0) + (heim_builtin_expect(!(e), 0) ? heim_abort(t ":" #e) : (void)0) /* * diff --git a/source4/heimdal/cf/make-proto.pl b/source4/heimdal/cf/make-proto.pl index bc323b9..6894dc1 100644 --- a/source4/heimdal/cf/make-proto.pl +++ b/source4/heimdal/cf/make-proto.pl @@ -11,6 +11,7 @@ my $line = ""; my $debug = 0; my $oproto = 1; my $private_func_re = "^_"; +my %depfunction = (); Getopts('x:m:o:p:dqE:R:P:') || die "foo"; @@ -25,7 +26,7 @@ if($opt_q) { if($opt_R) { $private_func_re = $opt_R; } -%flags = ( +my %flags = ( 'multiline-proto' => 1, 'header' => 1, 'function-blocking' => 0, @@ -100,16 +101,21 @@ while(<>) { s/^\s*//; s/\s*$//; s/\s+/ /g; - if($_ =~ /\)$/ or $_ =~ /DEPRECATED$/){ + if($_ =~ /\)$/){ if(!/^static/ && !/^PRIVATE/){ $attr = ""; if(m/(.*)(__attribute__\s?\(.*\))/) { $attr .= " $2"; $_ = $1; } - if(m/(.*)\s(\w+DEPRECATED)/) { + if(m/(.*)\s(\w+DEPRECATED_FUNCTION)\s?(\(.*\))(.*)/) { + $depfunction{$2} = 1; + $attr .= " $2$3"; + $_ = "$1 $4"; + } + if(m/(.*)\s(\w+DEPRECATED)(.*)/) { $attr .= " $2"; - $_ = $1; + $_ = "$1 $3"; } # remove outer () s/\s*\(/</; @@ -302,17 +308,44 @@ if($flags{"gnuc-attribute"}) { "; } } + +my $depstr = ""; +my $undepstr = ""; +foreach (keys %depfunction) { + $depstr .= "#ifndef $_ +#if defined(__GNUC__) && ((__GNUC__ > 3) || ((__GNUC__ == 3) && (__GNUC_MINOR__ >= 1 ))) +#define $_(X) __attribute__((__deprecated__)) +#else +#define $_(X) +#endif +#endif + + +"; + $public_h_trailer .= "#undef $_ + +"; + $private_h_trailer .= "#undef $_ +#define $_(X) + +"; +} + +$public_h_header .= $depstr; +$private_h_header .= $depstr; + + if($flags{"cxx"}) { $public_h_header .= "#ifdef __cplusplus extern \"C\" { #endif "; - $public_h_trailer .= "#ifdef __cplusplus + $public_h_trailer = "#ifdef __cplusplus } #endif -"; +" . $public_h_trailer; } if ($opt_E) { @@ -348,6 +381,9 @@ if ($opt_E) { "; } +$public_h_trailer .= $undepstr; +$private_h_trailer .= $undepstr; + if ($public_h ne "" && $flags{"header"}) { $public_h = $public_h_header . $public_h . $public_h_trailer . "#endif /* $block */\n"; diff --git a/source4/heimdal/include/heim_threads.h b/source4/heimdal/include/heim_threads.h index c4f841f..8ff677f 100644 --- a/source4/heimdal/include/heim_threads.h +++ b/source4/heimdal/include/heim_threads.h @@ -67,13 +67,13 @@ #define HEIMDAL_RWLOCK rwlock_t #define HEIMDAL_RWLOCK_INITIALIZER RWLOCK_INITIALIZER -#define HEIMDAL_RWLOCK_init(l) rwlock_init(l, NULL) -#define HEIMDAL_RWLOCK_rdlock(l) rwlock_rdlock(l) -#define HEIMDAL_RWLOCK_wrlock(l) rwlock_wrlock(l) -#define HEIMDAL_RWLOCK_tryrdlock(l) rwlock_tryrdlock(l) -#define HEIMDAL_RWLOCK_trywrlock(l) rwlock_trywrlock(l) -#define HEIMDAL_RWLOCK_unlock(l) rwlock_unlock(l) -#define HEIMDAL_RWLOCK_destroy(l) rwlock_destroy(l) +#define HEIMDAL_RWLOCK_init(l) rwlock_init(l, NULL) +#define HEIMDAL_RWLOCK_rdlock(l) rwlock_rdlock(l) +#define HEIMDAL_RWLOCK_wrlock(l) rwlock_wrlock(l) +#define HEIMDAL_RWLOCK_tryrdlock(l) rwlock_tryrdlock(l) +#define HEIMDAL_RWLOCK_trywrlock(l) rwlock_trywrlock(l) +#define HEIMDAL_RWLOCK_unlock(l) rwlock_unlock(l) +#define HEIMDAL_RWLOCK_destroy(l) rwlock_destroy(l) #define HEIMDAL_thread_key thread_key_t #define HEIMDAL_key_create(k,d,r) do { r = thr_keycreate(k,d); } while(0) @@ -94,13 +94,13 @@ #define HEIMDAL_RWLOCK rwlock_t #define HEIMDAL_RWLOCK_INITIALIZER RWLOCK_INITIALIZER -#define HEIMDAL_RWLOCK_init(l) pthread_rwlock_init(l, NULL) -#define HEIMDAL_RWLOCK_rdlock(l) pthread_rwlock_rdlock(l) -#define HEIMDAL_RWLOCK_wrlock(l) pthread_rwlock_wrlock(l) -#define HEIMDAL_RWLOCK_tryrdlock(l) pthread_rwlock_tryrdlock(l) -#define HEIMDAL_RWLOCK_trywrlock(l) pthread_rwlock_trywrlock(l) -#define HEIMDAL_RWLOCK_unlock(l) pthread_rwlock_unlock(l) -#define HEIMDAL_RWLOCK_destroy(l) pthread_rwlock_destroy(l) +#define HEIMDAL_RWLOCK_init(l) pthread_rwlock_init(l, NULL) +#define HEIMDAL_RWLOCK_rdlock(l) pthread_rwlock_rdlock(l) +#define HEIMDAL_RWLOCK_wrlock(l) pthread_rwlock_wrlock(l) +#define HEIMDAL_RWLOCK_tryrdlock(l) pthread_rwlock_tryrdlock(l) +#define HEIMDAL_RWLOCK_trywrlock(l) pthread_rwlock_trywrlock(l) +#define HEIMDAL_RWLOCK_unlock(l) pthread_rwlock_unlock(l) +#define HEIMDAL_RWLOCK_destroy(l) pthread_rwlock_destroy(l) #define HEIMDAL_thread_key pthread_key_t #define HEIMDAL_key_create(k,d,r) do { r = pthread_key_create(k,d); } while(0) diff --git a/source4/heimdal/kdc/default_config.c b/source4/heimdal/kdc/default_config.c index 1441c31..fe977de 100644 --- a/source4/heimdal/kdc/default_config.c +++ b/source4/heimdal/kdc/default_config.c @@ -51,14 +51,14 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config) c->require_preauth = TRUE; c->kdc_warn_pwexpire = 0; c->encode_as_rep_as_tgs_rep = FALSE; + c->as_use_strongest_session_key = FALSE; + c->preauth_use_strongest_session_key = FALSE; + c->tgs_use_strongest_session_key = FALSE; + c->use_strongest_server_key = FALSE; c->check_ticket_addresses = TRUE; c->allow_null_ticket_addresses = TRUE; c->allow_anonymous = FALSE; c->trpolicy = TRPOLICY_ALWAYS_CHECK; - c->enable_v4 = FALSE; - c->enable_kaserver = FALSE; - c->enable_524 = FALSE; - c->enable_v4_cross_realm = FALSE; c->enable_pkinit = FALSE; c->pkinit_princ_in_cert = TRUE; c->pkinit_require_binding = TRUE; @@ -70,19 +70,6 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config) krb5_config_get_bool_default(context, NULL, c->require_preauth, "kdc", "require-preauth", NULL); - c->enable_v4 = - krb5_config_get_bool_default(context, NULL, - c->enable_v4, - "kdc", "enable-kerberos4", NULL); - c->enable_v4_cross_realm = - krb5_config_get_bool_default(context, NULL, - c->enable_v4_cross_realm, - "kdc", - "enable-kerberos4-cross-realm", NULL); - c->enable_524 = - krb5_config_get_bool_default(context, NULL, - c->enable_v4, - "kdc", "enable-524", NULL); #ifdef DIGEST c->enable_digest = krb5_config_get_bool_default(context, NULL, @@ -133,6 +120,27 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config) } #endif + c->as_use_strongest_session_key = + krb5_config_get_bool_default(context, NULL, + c->as_use_strongest_session_key, + "kdc", + "as-use-strongest-session-key", NULL); + c->preauth_use_strongest_session_key = + krb5_config_get_bool_default(context, NULL, + c->preauth_use_strongest_session_key, + "kdc", + "preauth-use-strongest-session-key", NULL); + c->tgs_use_strongest_session_key = + krb5_config_get_bool_default(context, NULL, + c->tgs_use_strongest_session_key, + "kdc", + "tgs-use-strongest-session-key", NULL); + c->use_strongest_server_key = + krb5_config_get_bool_default(context, NULL, + c->use_strongest_server_key, + "kdc", + "use-strongest-server-key", NULL); + c->check_ticket_addresses = krb5_config_get_bool_default(context, NULL, c->check_ticket_addresses, @@ -180,28 +188,6 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config) } } - { - const char *p; - p = krb5_config_get_string (context, NULL, - "kdc", - "v4-realm", - NULL); - if(p != NULL) { - c->v4_realm = strdup(p); - if (c->v4_realm == NULL) - krb5_errx(context, 1, "out of memory"); - } else { - c->v4_realm = NULL; - } - } - - c->enable_kaserver = - krb5_config_get_bool_default(context, - NULL, - c->enable_kaserver, - "kdc", "enable-kaserver", NULL); - - c->encode_as_rep_as_tgs_rep = krb5_config_get_bool_default(context, NULL, c->encode_as_rep_as_tgs_rep, @@ -223,7 +209,7 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config) NULL); - c->pkinit_kdc_identity = + c->pkinit_kdc_identity = krb5_config_get_string(context, NULL, "kdc", "pkinit_identity", NULL); c->pkinit_kdc_anchors = @@ -235,7 +221,7 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config) c->pkinit_kdc_revoke = krb5_config_get_strings(context, NULL, "kdc", "pkinit_revoke", NULL); - c->pkinit_kdc_ocsp_file = + c->pkinit_kdc_ocsp_file = krb5_config_get_string(context, NULL, "kdc", "pkinit_kdc_ocsp", NULL); c->pkinit_kdc_friendly_name = @@ -272,7 +258,7 @@ krb5_kdc_pkinit_config(krb5_context context, krb5_kdc_configuration *config) if (config->pkinit_kdc_identity == NULL) { if (config->pkinit_kdc_friendly_name == NULL) - config->pkinit_kdc_friendly_name = + config->pkinit_kdc_friendly_name = strdup("O=System Identity,CN=com.apple.kerberos.kdc"); config->pkinit_kdc_identity = strdup("KEYCHAIN:"); } @@ -284,7 +270,7 @@ krb5_kdc_pkinit_config(krb5_context context, krb5_kdc_configuration *config) if (config->enable_pkinit) { if (config->pkinit_kdc_identity == NULL) krb5_errx(context, 1, "pkinit enabled but no identity"); - + if (config->pkinit_kdc_anchors == NULL) krb5_errx(context, 1, "pkinit enabled but no X509 anchors"); @@ -298,4 +284,4 @@ krb5_kdc_pkinit_config(krb5_context context, krb5_kdc_configuration *config) return 0; #endif /* PKINIT */ -} +} diff --git a/source4/heimdal/kdc/digest.c b/source4/heimdal/kdc/digest.c index 70b45c2..5f0d274 100644 --- a/source4/heimdal/kdc/digest.c +++ b/source4/heimdal/kdc/digest.c @@ -257,7 +257,7 @@ _kdc_do_digest(krb5_context context, /* check the server principal in the ticket matches digest/R@R */ { krb5_principal principal = NULL; - const char *p, *r; + const char *p, *rr; ret = krb5_ticket_get_server(context, ticket, &principal); if (ret) @@ -280,12 +280,12 @@ _kdc_do_digest(krb5_context context, krb5_free_principal(context, principal); goto out; } - r = krb5_principal_get_realm(context, principal); - if (r == NULL) { + rr = krb5_principal_get_realm(context, principal); + if (rr == NULL) { krb5_free_principal(context, principal); goto out; } - if (strcmp(p, r) != 0) { + if (strcmp(p, rr) != 0) { krb5_free_principal(context, principal); goto out; } @@ -356,7 +356,7 @@ _kdc_do_digest(krb5_context context, crypto = NULL; if (ret) goto out; - + ret = decode_DigestReqInner(buf.data, buf.length, &ireq, NULL); krb5_data_free(&buf); if (ret) { @@ -419,7 +419,7 @@ _kdc_do_digest(krb5_context context, free(r.u.initReply.nonce); r.u.initReply.nonce = s; } - + ret = krb5_store_stringz(sp, r.u.initReply.nonce); if (ret) { krb5_clear_error_message(context); @@ -475,7 +475,7 @@ _kdc_do_digest(krb5_context context, krb5_data_free(&buf); if (ret) goto out; - + ASN1_MALLOC_ENCODE(Checksum, buf.data, buf.length, &res, &size, ret); free_Checksum(&res); if (ret) { @@ -547,7 +547,7 @@ _kdc_do_digest(krb5_context context, "Failed to decode digest Checksum"); goto out; } - + ret = krb5_storage_to_data(sp, &buf); if (ret) { krb5_clear_error_message(context); @@ -561,14 +561,14 @@ _kdc_do_digest(krb5_context context, krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } - + /* * CHAP does the checksum of the raw nonce, but do it for all * types, since we need to check the timestamp. */ { ssize_t ssize; - + ssize = hex_decode(ireq.u.digestRequest.serverNonce, serverNonce.data, serverNonce.length); if (ssize <= 0) { @@ -597,7 +597,7 @@ _kdc_do_digest(krb5_context context, { unsigned char *p = serverNonce.data; uint32_t t; - + if (serverNonce.length < 4) { ret = EINVAL; krb5_set_error_message(context, ret, "server nonce too short"); @@ -616,7 +616,7 @@ _kdc_do_digest(krb5_context context, EVP_MD_CTX *ctx; unsigned char md[MD5_DIGEST_LENGTH]; char *mdx; - char id; + char idx; if ((config->digests_allowed & CHAP_MD5) == 0) { kdc_log(context, config, 0, "Digest CHAP MD5 not allowed"); @@ -629,13 +629,13 @@ _kdc_do_digest(krb5_context context, "from CHAP request"); goto out; } - - if (hex_decode(*ireq.u.digestRequest.identifier, &id, 1) != 1) { + + if (hex_decode(*ireq.u.digestRequest.identifier, &idx, 1) != 1) { -- Samba Shared Repository