sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-25 17:57:42 +03:00
Code

Merge new lorikeet heimdal, revision 85ed7247f515770c73b1f1ced1739f6ce19d75d2

Browse Source 
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Mon Mar 14 23:53:46 CET 2011 on sn-devel-104
This commit is contained in:
Jelmer Vernooij 2011-03-14 23:06:40 +01:00
parent 8dfa224c13
commit 431853c846
57 changed files with 7285 additions and 3100 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
source4/heimdal/base/dict.c
View File

@ -120,7 +120,7 @@ heim_dict_create(size_t size)
heim_release(dict);
return NULL;
}
dict->tab = calloc(dict->size, sizeof(dict->tab[0]));
if (dict->tab == NULL) {
dict->size = 0;

2
source4/heimdal/base/heimbase.c
View File

@ -369,7 +369,7 @@ void
heim_abortv(const char *fmt, va_list ap)
{
static char str[1024];
vsnprintf(str, sizeof(str), fmt, ap);
syslog(LOG_ERR, "heim_abort: %s", str);
abort();

6
source4/heimdal/kdc/default_config.c
View File

@ -272,7 +272,7 @@ krb5_kdc_pkinit_config(krb5_context context, krb5_kdc_configuration *config)
if (config->pkinit_kdc_identity == NULL) {
if (config->pkinit_kdc_friendly_name == NULL)
config->pkinit_kdc_friendly_name =
config->pkinit_kdc_friendly_name =
strdup("O=System Identity,CN=com.apple.kerberos.kdc");
config->pkinit_kdc_identity = strdup("KEYCHAIN:");
}
@ -284,7 +284,7 @@ krb5_kdc_pkinit_config(krb5_context context, krb5_kdc_configuration *config)
if (config->enable_pkinit) {
if (config->pkinit_kdc_identity == NULL)
krb5_errx(context, 1, "pkinit enabled but no identity");
if (config->pkinit_kdc_anchors == NULL)
krb5_errx(context, 1, "pkinit enabled but no X509 anchors");
@ -298,4 +298,4 @@ krb5_kdc_pkinit_config(krb5_context context, krb5_kdc_configuration *config)
return 0;
#endif /* PKINIT */
}
}

1
source4/heimdal/kdc/kdc.h
View File

@ -41,6 +41,7 @@
#ifndef __KDC_H__
#define __KDC_H__
#include <hdb.h>
#include <krb5.h>
enum krb5_kdc_trpolicy {

4393
source4/heimdal/lib/asn1/asn1parse.c
View File

File diff suppressed because it is too large Load Diff

329
source4/heimdal/lib/asn1/asn1parse.h
View File

@ -1,91 +1,232 @@
#define kw_ABSENT 257
#define kw_ABSTRACT_SYNTAX 258
#define kw_ALL 259
#define kw_APPLICATION 260
#define kw_AUTOMATIC 261
#define kw_BEGIN 262
#define kw_BIT 263
#define kw_BMPString 264
#define kw_BOOLEAN 265
#define kw_BY 266
#define kw_CHARACTER 267
#define kw_CHOICE 268
#define kw_CLASS 269
#define kw_COMPONENT 270
#define kw_COMPONENTS 271
#define kw_CONSTRAINED 272
#define kw_CONTAINING 273
#define kw_DEFAULT 274
#define kw_DEFINITIONS 275
#define kw_EMBEDDED 276
#define kw_ENCODED 277
#define kw_END 278
#define kw_ENUMERATED 279
#define kw_EXCEPT 280
#define kw_EXPLICIT 281
#define kw_EXPORTS 282
#define kw_EXTENSIBILITY 283
#define kw_EXTERNAL 284
#define kw_FALSE 285
#define kw_FROM 286
#define kw_GeneralString 287
#define kw_GeneralizedTime 288
#define kw_GraphicString 289
#define kw_IA5String 290
#define kw_IDENTIFIER 291
#define kw_IMPLICIT 292
#define kw_IMPLIED 293
#define kw_IMPORTS 294
#define kw_INCLUDES 295
#define kw_INSTANCE 296
#define kw_INTEGER 297
#define kw_INTERSECTION 298
#define kw_ISO646String 299
#define kw_MAX 300
#define kw_MIN 301
#define kw_MINUS_INFINITY 302
#define kw_NULL 303
#define kw_NumericString 304
#define kw_OBJECT 305
#define kw_OCTET 306
#define kw_OF 307
#define kw_OPTIONAL 308
#define kw_ObjectDescriptor 309
#define kw_PATTERN 310
#define kw_PDV 311
#define kw_PLUS_INFINITY 312
#define kw_PRESENT 313
#define kw_PRIVATE 314
#define kw_PrintableString 315
#define kw_REAL 316
#define kw_RELATIVE_OID 317
#define kw_SEQUENCE 318
#define kw_SET 319
#define kw_SIZE 320
#define kw_STRING 321
#define kw_SYNTAX 322
#define kw_T61String 323
#define kw_TAGS 324
#define kw_TRUE 325
#define kw_TYPE_IDENTIFIER 326
#define kw_TeletexString 327
#define kw_UNION 328
#define kw_UNIQUE 329
#define kw_UNIVERSAL 330
#define kw_UTCTime 331
#define kw_UTF8String 332
#define kw_UniversalString 333
#define kw_VideotexString 334
#define kw_VisibleString 335
#define kw_WITH 336
#define RANGE 337
#define EEQUAL 338
#define ELLIPSIS 339
#define IDENTIFIER 340
#define referencename 341
#define STRING 342
#define NUMBER 343
typedef union {
/* A Bison parser, made by GNU Bison 2.4.1. */
/* Skeleton interface for Bison's Yacc-like parsers in C
Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006
Free Software Foundation, Inc.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>. */
/* As a special exception, you may create a larger work that contains
part or all of the Bison parser skeleton and distribute that work
under terms of your choice, so long as that work isn't itself a
parser generator using the skeleton or a modified version thereof
as a parser skeleton. Alternatively, if you modify or redistribute
the parser skeleton itself, you may (at your option) remove this
special exception, which will cause the skeleton and the resulting
Bison output files to be licensed under the GNU General Public
License without this special exception.
This special exception was added by the Free Software Foundation in
version 2.2 of Bison. */
/* Tokens. */
#ifndef YYTOKENTYPE
# define YYTOKENTYPE
/* Put the tokens into the symbol table, so that GDB and other debuggers
know about them. */
enum yytokentype {
kw_ABSENT = 258,
kw_ABSTRACT_SYNTAX = 259,
kw_ALL = 260,
kw_APPLICATION = 261,
kw_AUTOMATIC = 262,
kw_BEGIN = 263,
kw_BIT = 264,
kw_BMPString = 265,
kw_BOOLEAN = 266,
kw_BY = 267,
kw_CHARACTER = 268,
kw_CHOICE = 269,
kw_CLASS = 270,
kw_COMPONENT = 271,
kw_COMPONENTS = 272,
kw_CONSTRAINED = 273,
kw_CONTAINING = 274,
kw_DEFAULT = 275,
kw_DEFINITIONS = 276,
kw_EMBEDDED = 277,
kw_ENCODED = 278,
kw_END = 279,
kw_ENUMERATED = 280,
kw_EXCEPT = 281,
kw_EXPLICIT = 282,
kw_EXPORTS = 283,
kw_EXTENSIBILITY = 284,
kw_EXTERNAL = 285,
kw_FALSE = 286,
kw_FROM = 287,
kw_GeneralString = 288,
kw_GeneralizedTime = 289,
kw_GraphicString = 290,
kw_IA5String = 291,
kw_IDENTIFIER = 292,
kw_IMPLICIT = 293,
kw_IMPLIED = 294,
kw_IMPORTS = 295,
kw_INCLUDES = 296,
kw_INSTANCE = 297,
kw_INTEGER = 298,
kw_INTERSECTION = 299,
kw_ISO646String = 300,
kw_MAX = 301,
kw_MIN = 302,
kw_MINUS_INFINITY = 303,
kw_NULL = 304,
kw_NumericString = 305,
kw_OBJECT = 306,
kw_OCTET = 307,
kw_OF = 308,
kw_OPTIONAL = 309,
kw_ObjectDescriptor = 310,
kw_PATTERN = 311,
kw_PDV = 312,
kw_PLUS_INFINITY = 313,
kw_PRESENT = 314,
kw_PRIVATE = 315,
kw_PrintableString = 316,
kw_REAL = 317,
kw_RELATIVE_OID = 318,
kw_SEQUENCE = 319,
kw_SET = 320,
kw_SIZE = 321,
kw_STRING = 322,
kw_SYNTAX = 323,
kw_T61String = 324,
kw_TAGS = 325,
kw_TRUE = 326,
kw_TYPE_IDENTIFIER = 327,
kw_TeletexString = 328,
kw_UNION = 329,
kw_UNIQUE = 330,
kw_UNIVERSAL = 331,
kw_UTCTime = 332,
kw_UTF8String = 333,
kw_UniversalString = 334,
kw_VideotexString = 335,
kw_VisibleString = 336,
kw_WITH = 337,
RANGE = 338,
EEQUAL = 339,
ELLIPSIS = 340,
IDENTIFIER = 341,
referencename = 342,
STRING = 343,
NUMBER = 344
};
#endif
/* Tokens. */
#define kw_ABSENT 258
#define kw_ABSTRACT_SYNTAX 259
#define kw_ALL 260
#define kw_APPLICATION 261
#define kw_AUTOMATIC 262
#define kw_BEGIN 263
#define kw_BIT 264
#define kw_BMPString 265
#define kw_BOOLEAN 266
#define kw_BY 267
#define kw_CHARACTER 268
#define kw_CHOICE 269
#define kw_CLASS 270
#define kw_COMPONENT 271
#define kw_COMPONENTS 272
#define kw_CONSTRAINED 273
#define kw_CONTAINING 274
#define kw_DEFAULT 275
#define kw_DEFINITIONS 276
#define kw_EMBEDDED 277
#define kw_ENCODED 278
#define kw_END 279
#define kw_ENUMERATED 280
#define kw_EXCEPT 281
#define kw_EXPLICIT 282
#define kw_EXPORTS 283
#define kw_EXTENSIBILITY 284
#define kw_EXTERNAL 285
#define kw_FALSE 286
#define kw_FROM 287
#define kw_GeneralString 288
#define kw_GeneralizedTime 289
#define kw_GraphicString 290
#define kw_IA5String 291
#define kw_IDENTIFIER 292
#define kw_IMPLICIT 293
#define kw_IMPLIED 294
#define kw_IMPORTS 295
#define kw_INCLUDES 296
#define kw_INSTANCE 297
#define kw_INTEGER 298
#define kw_INTERSECTION 299
#define kw_ISO646String 300
#define kw_MAX 301
#define kw_MIN 302
#define kw_MINUS_INFINITY 303
#define kw_NULL 304
#define kw_NumericString 305
#define kw_OBJECT 306
#define kw_OCTET 307
#define kw_OF 308
#define kw_OPTIONAL 309
#define kw_ObjectDescriptor 310
#define kw_PATTERN 311
#define kw_PDV 312
#define kw_PLUS_INFINITY 313
#define kw_PRESENT 314
#define kw_PRIVATE 315
#define kw_PrintableString 316
#define kw_REAL 317
#define kw_RELATIVE_OID 318
#define kw_SEQUENCE 319
#define kw_SET 320
#define kw_SIZE 321
#define kw_STRING 322
#define kw_SYNTAX 323
#define kw_T61String 324
#define kw_TAGS 325
#define kw_TRUE 326
#define kw_TYPE_IDENTIFIER 327
#define kw_TeletexString 328
#define kw_UNION 329
#define kw_UNIQUE 330
#define kw_UNIVERSAL 331
#define kw_UTCTime 332
#define kw_UTF8String 333
#define kw_UniversalString 334
#define kw_VideotexString 335
#define kw_VisibleString 336
#define kw_WITH 337
#define RANGE 338
#define EEQUAL 339
#define ELLIPSIS 340
#define IDENTIFIER 341
#define referencename 342
#define STRING 343
#define NUMBER 344
#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
typedef union YYSTYPE
{
/* Line 1676 of yacc.c */
#line 71 "asn1parse.c"
int constant;
struct value *value;
struct range *range;
@ -98,5 +239,17 @@ typedef union {
struct tagtype tag;
struct memhead *members;
struct constraint_spec *constraint_spec;
/* Line 1676 of yacc.c */
#line 247 "asn1parse.c"
} YYSTYPE;
# define YYSTYPE_IS_TRIVIAL 1
# define yystype YYSTYPE /* obsolescent; will be withdrawn */
# define YYSTYPE_IS_DECLARED 1
#endif
extern YYSTYPE yylval;

4
source4/heimdal/lib/asn1/krb5.asn1
View File

@ -172,6 +172,7 @@ PADATA-TYPE ::= INTEGER {
KRB5-PADATA-EPAK-AS-REP(146),
KRB5-PADATA-PKINIT-KX(147), -- krb-wg-anon
KRB5-PADATA-PKU2U-NAME(148), -- zhu-pku2u
KRB5-PADATA-REQ-ENC-PA-REP(149), --
KRB5-PADATA-SUPPORTED-ETYPES(165) -- MS-KILE
}
@ -318,7 +319,8 @@ TicketFlags ::= BIT STRING {
hw-authent(11),
transited-policy-checked(12),
ok-as-delegate(13),
anonymous(14)
anonymous(14),
enc-pa-rep(15)
}
KDCOptions ::= BIT STRING {

28
source4/heimdal/lib/asn1/lex.c
View File

@ -54,7 +54,6 @@ typedef int flex_int32_t;
typedef unsigned char flex_uint8_t;
typedef unsigned short int flex_uint16_t;
typedef unsigned int flex_uint32_t;
#endif /* ! C99 */
/* Limits of integral types. */
#ifndef INT8_MIN
@ -85,6 +84,8 @@ typedef unsigned int flex_uint32_t;
#define UINT32_MAX (4294967295U)
#endif
#endif /* ! C99 */
#endif /* ! FLEXINT_H */
#ifdef __cplusplus
@ -141,7 +142,15 @@ typedef unsigned int flex_uint32_t;
/* Size of default input buffer. */
#ifndef YY_BUF_SIZE
#ifdef __ia64__
/* On IA-64, the buffer size is 16k, not 8k.
* Moreover, YY_BUF_SIZE is 2*YY_READ_BUF_SIZE in the general case.
* Ditto for the __ia64__ case accordingly.
*/
#define YY_BUF_SIZE 32768
#else
#define YY_BUF_SIZE 16384
#endif /* __ia64__ */
#endif
/* The state buf must be large enough to hold one state per character in the main buffer.
@ -848,7 +857,7 @@ static unsigned lineno = 1;
static void unterminated(const char *, unsigned);
/* This is for broken old lexes (solaris 10 and hpux) */
#line 851 "lex.c"
#line 860 "lex.c"
#define INITIAL 0
@ -929,7 +938,12 @@ static int input (void );
/* Amount of stuff to slurp up with each read. */
#ifndef YY_READ_BUF_SIZE
#ifdef __ia64__
/* On IA-64, the buffer size is 16k, not 8k */
#define YY_READ_BUF_SIZE 16384
#else
#define YY_READ_BUF_SIZE 8192
#endif /* __ia64__ */
#endif
/* Copy whatever the last rule matched to the standard output. */
@ -948,7 +962,7 @@ static int input (void );
if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \
{ \
int c = '*'; \
unsigned n; \
size_t n; \
for ( n = 0; n < max_size && \
(c = getc( yyin )) != EOF && c != '\n'; ++n ) \
buf[n] = (char) c; \
@ -1032,7 +1046,7 @@ YY_DECL
#line 68 "lex.l"
#line 1035 "lex.c"
#line 1049 "lex.c"
if ( !(yy_init) )
{
@ -1701,7 +1715,7 @@ YY_RULE_SETUP
#line 274 "lex.l"
ECHO;
YY_BREAK
#line 1704 "lex.c"
#line 1718 "lex.c"
case YY_STATE_EOF(INITIAL):
yyterminate();
@ -2459,8 +2473,8 @@ YY_BUFFER_STATE yy_scan_string (yyconst char * yystr )
/** Setup the input buffer state to scan the given bytes. The next call to yylex() will
* scan from a @e copy of @a bytes.
* @param bytes the byte buffer to scan
* @param len the number of bytes in the buffer pointed to by @a bytes.
* @param yybytes the byte buffer to scan
* @param _yybytes_len the number of bytes in the buffer pointed to by @a bytes.
*
* @return the newly allocated buffer state object.
*/

28
source4/heimdal/lib/com_err/lex.c
View File

@ -54,7 +54,6 @@ typedef int flex_int32_t;
typedef unsigned char flex_uint8_t;
typedef unsigned short int flex_uint16_t;
typedef unsigned int flex_uint32_t;
#endif /* ! C99 */
/* Limits of integral types. */
#ifndef INT8_MIN
@ -85,6 +84,8 @@ typedef unsigned int flex_uint32_t;
#define UINT32_MAX (4294967295U)
#endif
#endif /* ! C99 */
#endif /* ! FLEXINT_H */
#ifdef __cplusplus
@ -141,7 +142,15 @@ typedef unsigned int flex_uint32_t;
/* Size of default input buffer. */
#ifndef YY_BUF_SIZE
#ifdef __ia64__
/* On IA-64, the buffer size is 16k, not 8k.
* Moreover, YY_BUF_SIZE is 2*YY_READ_BUF_SIZE in the general case.
* Ditto for the __ia64__ case accordingly.
*/
#define YY_BUF_SIZE 32768
#else
#define YY_BUF_SIZE 16384
#endif /* __ia64__ */
#endif
/* The state buf must be large enough to hold one state per character in the main buffer.
@ -527,7 +536,7 @@ static int getstring(void);
#undef ECHO
#line 530 "lex.c"
#line 539 "lex.c"
#define INITIAL 0
@ -606,7 +615,12 @@ static int input (void );
/* Amount of stuff to slurp up with each read. */
#ifndef YY_READ_BUF_SIZE
#ifdef __ia64__
/* On IA-64, the buffer size is 16k, not 8k */
#define YY_READ_BUF_SIZE 16384
#else
#define YY_READ_BUF_SIZE 8192
#endif /* __ia64__ */
#endif
/* Copy whatever the last rule matched to the standard output. */
@ -625,7 +639,7 @@ static int input (void );
if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \
{ \
int c = '*'; \
unsigned n; \
size_t n; \
for ( n = 0; n < max_size && \
(c = getc( yyin )) != EOF && c != '\n'; ++n ) \
buf[n] = (char) c; \
@ -709,7 +723,7 @@ YY_DECL
#line 58 "lex.l"
#line 712 "lex.c"
#line 726 "lex.c"
if ( !(yy_init) )
{
@ -873,7 +887,7 @@ YY_RULE_SETUP
#line 74 "lex.l"
ECHO;
YY_BREAK
#line 876 "lex.c"
#line 890 "lex.c"
case YY_STATE_EOF(INITIAL):
yyterminate();
@ -1594,8 +1608,8 @@ YY_BUFFER_STATE yy_scan_string (yyconst char * yystr )
/** Setup the input buffer state to scan the given bytes. The next call to yylex() will
* scan from a @e copy of @a bytes.
* @param bytes the byte buffer to scan
* @param len the number of bytes in the buffer pointed to by @a bytes.
* @param yybytes the byte buffer to scan
* @param _yybytes_len the number of bytes in the buffer pointed to by @a bytes.
*
* @return the newly allocated buffer state object.
*/

2171
source4/heimdal/lib/com_err/parse.c
View File

File diff suppressed because it is too large Load Diff

92
source4/heimdal/lib/com_err/parse.h
View File

@ -1,13 +1,87 @@
#define ET 257
#define INDEX 258
#define PREFIX 259
#define EC 260
#define ID 261
#define END 262
#define STRING 263
#define NUMBER 264
typedef union {
/* A Bison parser, made by GNU Bison 2.4.1. */
/* Skeleton interface for Bison's Yacc-like parsers in C
Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006
Free Software Foundation, Inc.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>. */
/* As a special exception, you may create a larger work that contains
part or all of the Bison parser skeleton and distribute that work
under terms of your choice, so long as that work isn't itself a
parser generator using the skeleton or a modified version thereof
as a parser skeleton. Alternatively, if you modify or redistribute
the parser skeleton itself, you may (at your option) remove this
special exception, which will cause the skeleton and the resulting
Bison output files to be licensed under the GNU General Public
License without this special exception.
This special exception was added by the Free Software Foundation in
version 2.2 of Bison. */
/* Tokens. */
#ifndef YYTOKENTYPE
# define YYTOKENTYPE
/* Put the tokens into the symbol table, so that GDB and other debuggers
know about them. */
enum yytokentype {
ET = 258,
INDEX = 259,
PREFIX = 260,
EC = 261,
ID = 262,
END = 263,
STRING = 264,
NUMBER = 265
};
#endif
/* Tokens. */
#define ET 258
#define INDEX 259
#define PREFIX 260
#define EC 261
#define ID 262
#define END 263
#define STRING 264
#define NUMBER 265
#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
typedef union YYSTYPE
{
/* Line 1676 of yacc.c */
#line 54 "parse.c"
char *string;
int number;
/* Line 1676 of yacc.c */
#line 79 "parse.c"
} YYSTYPE;
# define YYSTYPE_IS_TRIVIAL 1
# define yystype YYSTYPE /* obsolescent; will be withdrawn */
# define YYSTYPE_IS_DECLARED 1
#endif
extern YYSTYPE yylval;

49
source4/heimdal/lib/gssapi/gssapi/gssapi.h
View File

@ -989,6 +989,55 @@ gss_display_mech_attr(OM_uint32 * minor_status,
gss_buffer_t short_desc,
gss_buffer_t long_desc);
/*
* Naming extensions
*/
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_display_name_ext (
OM_uint32 *, /* minor_status */
gss_name_t, /* name */
gss_OID, /* display_as_name_type */
gss_buffer_t /* display_name */
);
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_inquire_name (
OM_uint32 *, /* minor_status */
gss_name_t, /* name */
int *, /* name_is_MN */
gss_OID *, /* MN_mech */
gss_buffer_set_t * /* attrs */
);
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_get_name_attribute (
OM_uint32 *, /* minor_status */
gss_name_t, /* name */
gss_buffer_t, /* attr */
int *, /* authenticated */
int *, /* complete */
gss_buffer_t, /* value */
gss_buffer_t, /* display_value */
int * /* more */
);
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_set_name_attribute (
OM_uint32 *, /* minor_status */
gss_name_t, /* name */
int, /* complete */
gss_buffer_t, /* attr */
gss_buffer_t /* value */
);
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_delete_name_attribute (
OM_uint32 *, /* minor_status */
gss_name_t, /* name */
gss_buffer_t /* attr */
);
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_export_name_composite (
OM_uint32 *, /* minor_status */
gss_name_t, /* name */
gss_buffer_t /* exp_composite_name */
);
/*
*

7
source4/heimdal/lib/gssapi/gssapi/gssapi_oid.h
View File

@ -125,6 +125,13 @@ extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_netlogon_set_sign_algorithm_x_oid_
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_netlogon_nt_netbios_dns_name_oid_desc;
#define GSS_NETLOGON_NT_NETBIOS_DNS_NAME (&__gss_netlogon_nt_netbios_dns_name_oid_desc)
/* GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X.128 */
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_inq_win2k_pac_x_oid_desc;
#define GSS_C_INQ_WIN2K_PAC_X (&__gss_c_inq_win2k_pac_x_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_inq_sspi_session_key_oid_desc;
#define GSS_C_INQ_SSPI_SESSION_KEY (&__gss_c_inq_sspi_session_key_oid_desc)
/*
* "Standard" mechs
*/

62
source4/heimdal/lib/gssapi/gssapi_mech.h
View File

@ -393,8 +393,62 @@ _gss_cred_label_get_t(OM_uint32 * /* minor_status */,
const char * /* label */,
gss_buffer_t /* value */);
typedef OM_uint32 GSSAPI_CALLCONV _gss_display_name_ext_t (
OM_uint32 *, /* minor_status */
gss_name_t, /* name */
gss_OID, /* display_as_name_type */
gss_buffer_t /* display_name */
);
typedef OM_uint32 GSSAPI_CALLCONV _gss_inquire_name_t (
OM_uint32 *, /* minor_status */
gss_name_t, /* name */
int *, /* name_is_MN */
gss_OID *, /* MN_mech */
gss_buffer_set_t * /* attrs */
);
typedef OM_uint32 GSSAPI_CALLCONV _gss_get_name_attribute_t (
OM_uint32 *, /* minor_status */
gss_name_t, /* name */
gss_buffer_t, /* attr */
int *, /* authenticated */
int *, /* complete */
gss_buffer_t, /* value */
gss_buffer_t, /* display_value */
int * /* more */
);
typedef OM_uint32 GSSAPI_CALLCONV _gss_set_name_attribute_t (
OM_uint32 *, /* minor_status */
gss_name_t, /* name */
int, /* complete */
gss_buffer_t, /* attr */
gss_buffer_t /* value */
);
typedef OM_uint32 GSSAPI_CALLCONV _gss_delete_name_attribute_t (
OM_uint32 *, /* minor_status */
gss_name_t, /* name */
gss_buffer_t /* attr */
);
typedef OM_uint32 GSSAPI_CALLCONV _gss_export_name_composite_t (
OM_uint32 *, /* minor_status */
gss_name_t, /* name */
gss_buffer_t /* exp_composite_name */
);
/*
*
*/
typedef struct gss_mo_desc_struct gss_mo_desc;
typedef OM_uint32 GSSAPI_CALLCONV
_gss_mo_init (OM_uint32 *, gss_OID, gss_mo_desc **, size_t *);
struct gss_mo_desc_struct {
gss_OID option;
OM_uint32 flags;
@ -407,7 +461,7 @@ struct gss_mo_desc_struct {
};
#define GMI_VERSION 4
#define GMI_VERSION 5
/* gm_flags */
#define GM_USE_MG_CRED 1 /* uses mech glue credentials */
@ -467,6 +521,12 @@ typedef struct gssapi_mech_interface_desc {
_gss_cred_label_set_t *gm_cred_label_set;
gss_mo_desc *gm_mo;
size_t gm_mo_num;
_gss_display_name_ext_t *gm_display_name_ext;
_gss_inquire_name_t *gm_inquire_name;
_gss_get_name_attribute_t *gm_get_name_attribute;
_gss_set_name_attribute_t *gm_set_name_attribute;
_gss_delete_name_attribute_t *gm_delete_name_attribute;
_gss_export_name_composite_t *gm_export_name_composite;
} gssapi_mech_interface_desc, *gssapi_mech_interface;
gssapi_mech_interface

1
source4/heimdal/lib/gssapi/krb5/accept_sec_context.c
View File

@ -99,6 +99,7 @@ _gsskrb5i_is_cfx(krb5_context context, gsskrb5_ctx ctx, int acceptor)
case ETYPE_DES_CBC_MD4:
case ETYPE_DES_CBC_MD5:
case ETYPE_DES3_CBC_MD5:
case ETYPE_OLD_DES3_CBC_SHA1:
case ETYPE_DES3_CBC_SHA1:
case ETYPE_ARCFOUR_HMAC_MD5:
case ETYPE_ARCFOUR_HMAC_MD5_56:

2
source4/heimdal/lib/gssapi/krb5/import_sec_context.c
View File

@ -202,6 +202,8 @@ _gsskrb5_import_sec_context (
krb5_storage_free (sp);
_gsskrb5i_is_cfx(context, ctx, (ctx->more_flags & LOCAL) == 0);
*context_handle = (gss_ctx_id_t)ctx;
return GSS_S_COMPLETE;

18
source4/heimdal/lib/gssapi/mech/gss_mech_switch.c
View File

@ -242,6 +242,8 @@ _gss_load_mech(void)
rk_cloexec_file(fp);
while (fgets(buf, sizeof(buf), fp)) {
_gss_mo_init *mi;
if (*buf == '#')
continue;
p = buf;
@ -341,6 +343,22 @@ _gss_load_mech(void)
OPTSYM(wrap_iov);
OPTSYM(unwrap_iov);
OPTSYM(wrap_iov_length);
OPTSYM(display_name_ext);
OPTSYM(inquire_name);
OPTSYM(get_name_attribute);
OPTSYM(set_name_attribute);
OPTSYM(delete_name_attribute);
OPTSYM(export_name_composite);
mi = dlsym(so, "gss_mo_init");
if (mi != NULL) {
major_status = mi(&minor_status,
&mech_oid,
&m->gm_mech.gm_mo,
&m->gm_mech.gm_mo_num);
if (GSS_ERROR(major_status))
goto bad;
}
HEIM_SLIST_INSERT_HEAD(&_gss_mechs, m, gm_link);
continue;

2
source4/heimdal/lib/gssapi/mech/gss_mo.c
View File

@ -374,7 +374,7 @@ gss_inquire_attrs_for_mech(OM_uint32 * minor_status,
return major;
add_all_mo(m, mech_attr, GSS_MO_MA);
}
}
if (known_mech_attrs) {
struct _gss_mech_switch *m;

7
source4/heimdal/lib/gssapi/mech/gss_oid.c
View File

@ -118,6 +118,12 @@ gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_set_sign_algorithm_x_oid_desc =
/* GSS_NETLOGON_NT_NETBIOS_DNS_NAME - 1.2.752.43.14.5 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_nt_netbios_dns_name_oid_desc = { 6, "\x2a\x85\x70\x2b\x0e\x05" };
/* GSS_C_INQ_WIN2K_PAC_X - 1.2.752.43.13.3.128 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_inq_win2k_pac_x_oid_desc = { 8, "\x2a\x85\x70\x2b\x0d\x03\x81\x00" };
/* GSS_C_INQ_SSPI_SESSION_KEY - 1.2.840.113554.1.2.2.5.5 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_inq_sspi_session_key_oid_desc = { 11, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x05" };
/* GSS_KRB5_MECHANISM - 1.2.840.113554.1.2.2 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_mechanism_oid_desc = { 9, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02" };
@ -251,3 +257,4 @@ struct _gss_oid_name_table _gss_ont_mech[] = {
{ GSS_NTLM_MECHANISM, "GSS_NTLM_MECHANISM", "NTLM", "Heimdal NTLM mechanism" },
{ NULL }
};

6
source4/heimdal/lib/gssapi/version-script.map
View File

@ -23,16 +23,20 @@ HEIMDAL_GSS_2.0 {
gss_create_empty_buffer_set;
gss_create_empty_oid_set;
gss_decapsulate_token;
gss_delete_name_attribute;
gss_delete_sec_context;
gss_display_name;
gss_display_name_ext;
gss_display_status;
gss_duplicate_name;
gss_duplicate_oid;
gss_encapsulate_token;
gss_export_cred;
gss_export_name;
gss_export_name_composite;
gss_export_sec_context;
gss_get_mic;
gss_get_name_attribute;
gss_import_cred;
gss_import_name;
gss_import_sec_context;
@ -43,6 +47,7 @@ HEIMDAL_GSS_2.0 {
gss_inquire_cred_by_mech;
gss_inquire_cred_by_oid;
gss_inquire_mechs_for_name;
gss_inquire_name;
gss_inquire_names_for_mech;
gss_inquire_sec_context_by_oid;
gss_inquire_sec_context_by_oid;
@ -67,6 +72,7 @@ HEIMDAL_GSS_2.0 {
gss_release_oid_set;
gss_seal;
gss_set_cred_option;
gss_set_name_attribute;
gss_set_sec_context_option;
gss_sign;
gss_test_oid_set_member;

2
source4/heimdal/lib/hcrypto/rsa.c
View File

@ -60,7 +60,7 @@
* operation performed each eteration sign, verify, encrypt, decrypt on a random bit pattern
*
* name 1024 2048 4098
* =================================
* =================================
* gmp: 0.73 6.60 44.80
* tfm: 2.45 -- --
* ltm: 3.79 20.74 105.41 (default in hcrypto)

8
source4/heimdal/lib/hx509/cert.c
View File

@ -310,7 +310,7 @@ int
_hx509_cert_assign_key(hx509_cert cert, hx509_private_key private_key)
{
if (cert->private_key)
_hx509_private_key_free(&cert->private_key);
hx509_private_key_free(&cert->private_key);
cert->private_key = _hx509_private_key_ref(private_key);
return 0;
}
@ -341,7 +341,7 @@ hx509_cert_free(hx509_cert cert)
(cert->release)(cert, cert->ctx);
if (cert->private_key)
_hx509_private_key_free(&cert->private_key);
hx509_private_key_free(&cert->private_key);
free_Certificate(cert->data);
free(cert->data);
@ -1607,7 +1607,7 @@ _hx509_cert_private_decrypt(hx509_context context,
return HX509_PRIVATE_KEY_MISSING;
}
return _hx509_private_key_private_decrypt(context,
return hx509_private_key_private_decrypt(context,
ciphertext,
encryption_oid,
p->private_key,
@ -1615,7 +1615,7 @@ _hx509_cert_private_decrypt(hx509_context context,
}
int
_hx509_cert_public_encrypt(hx509_context context,
hx509_cert_public_encrypt(hx509_context context,
const heim_octet_string *cleartext,
const hx509_cert p,
heim_oid *encryption_oid,

4
source4/heimdal/lib/hx509/cms.c
View File

@ -656,7 +656,7 @@ hx509_cms_envelope_1(hx509_context context,
ri->version = 2;
cmsidflag = CMS_ID_SKI;
}
ret = fill_CMSIdentifier(cert, cmsidflag, &ri->rid);
if (ret) {
hx509_set_error_string(context, 0, ret,
@ -665,7 +665,7 @@ hx509_cms_envelope_1(hx509_context context,
goto out;
}
ret = _hx509_cert_public_encrypt(context,
ret = hx509_cert_public_encrypt(context,
&key, cert,
&ri->keyEncryptionAlgorithm.algorithm,
&ri->encryptedKey);

4
source4/heimdal/lib/hx509/collector.c
View File

@ -105,7 +105,7 @@ free_private_key(struct private_key *key)
{
free_AlgorithmIdentifier(&key->alg);
if (key->private_key)
_hx509_private_key_free(&key->private_key);
hx509_private_key_free(&key->private_key);
der_free_octet_string(&key->localKeyId);
free(key);
}
@ -143,7 +143,7 @@ _hx509_collector_private_key_add(hx509_context context,
if (private_key) {
key->private_key = private_key;
} else {
ret = _hx509_parse_private_key(context, alg,
ret = hx509_parse_private_key(context, alg,
key_data->data, key_data->length,
HX509_KEY_FORMAT_DER,
&key->private_key);

20
source4/heimdal/lib/hx509/crypto.c
View File

@ -1715,7 +1715,7 @@ _hx509_public_encrypt(hx509_context context,
}
int
_hx509_private_key_private_decrypt(hx509_context context,
hx509_private_key_private_decrypt(hx509_context context,
const heim_octet_string *ciphertext,
const heim_oid *encryption_oid,
hx509_private_key p,
@ -1758,7 +1758,7 @@ _hx509_private_key_private_decrypt(hx509_context context,
int
_hx509_parse_private_key(hx509_context context,
hx509_parse_private_key(hx509_context context,
const AlgorithmIdentifier *keyai,
const void *data,
size_t len,
@ -1776,7 +1776,7 @@ _hx509_parse_private_key(hx509_context context,
return HX509_SIG_ALG_NO_SUPPORTED;
}
ret = _hx509_private_key_init(private_key, ops, NULL);
ret = hx509_private_key_init(private_key, ops, NULL);
if (ret) {
hx509_set_error_string(context, 0, ret, "out of memory");
return ret;
@ -1784,7 +1784,7 @@ _hx509_parse_private_key(hx509_context context,
ret = (*ops->import)(context, keyai, data, len, format, *private_key);
if (ret)
_hx509_private_key_free(private_key);
hx509_private_key_free(private_key);
return ret;
}
@ -1794,7 +1794,7 @@ _hx509_parse_private_key(hx509_context context,
*/
int
_hx509_private_key2SPKI(hx509_context context,
hx509_private_key2SPKI(hx509_context context,
hx509_private_key private_key,
SubjectPublicKeyInfo *spki)
{
@ -1871,7 +1871,7 @@ _hx509_generate_private_key(hx509_context context,
return HX509_SIG_ALG_NO_SUPPORTED;
}
ret = _hx509_private_key_init(private_key, ops, NULL);
ret = hx509_private_key_init(private_key, ops, NULL);
if (ret) {
hx509_set_error_string(context, 0, ret, "out of memory");
return ret;
@ -1879,7 +1879,7 @@ _hx509_generate_private_key(hx509_context context,
ret = (*ops->generate_private_key)(context, ctx, *private_key);
if (ret)
_hx509_private_key_free(private_key);
hx509_private_key_free(private_key);
return ret;
}
@ -1976,7 +1976,7 @@ const AlgorithmIdentifier * _hx509_crypto_default_secret_alg =
*/
int
_hx509_private_key_init(hx509_private_key *key,
hx509_private_key_init(hx509_private_key *key,
hx509_private_key_ops *ops,
void *keydata)
{
@ -2007,7 +2007,7 @@ _hx509_private_pem_name(hx509_private_key key)
}
int
_hx509_private_key_free(hx509_private_key *key)
hx509_private_key_free(hx509_private_key *key)
{
if (key == NULL || *key == NULL)
return 0;
@ -2033,7 +2033,7 @@ _hx509_private_key_free(hx509_private_key *key)
}
void
_hx509_private_key_assign_rsa(hx509_private_key key, void *ptr)
hx509_private_key_assign_rsa(hx509_private_key key, void *ptr)
{
if (key->private_key.rsa)
RSA_free(key->private_key.rsa);

2
source4/heimdal/lib/hx509/keyset.c
View File

@ -781,6 +781,6 @@ _hx509_certs_keys_free(hx509_context context,
{
int i;
for (i = 0; keys[i]; i++)
_hx509_private_key_free(&keys[i]);
hx509_private_key_free(&keys[i]);
free(keys);
}

4
source4/heimdal/lib/hx509/ks_keychain.c
View File

@ -259,7 +259,7 @@ set_private_key(hx509_context context,
RSA *rsa;
int ret;
ret = _hx509_private_key_init(&key, NULL, NULL);
ret = hx509_private_key_init(&key, NULL, NULL);
if (ret)
return ret;
@ -302,7 +302,7 @@ set_private_key(hx509_context context,
if (ret != 1)
_hx509_abort("RSA_set_app_data");
_hx509_private_key_assign_rsa(key, rsa);
hx509_private_key_assign_rsa(key, rsa);
_hx509_cert_assign_key(cert, key);
return 0;

4
source4/heimdal/lib/hx509/ks_mem.c
View File

@ -78,7 +78,7 @@ mem_free(hx509_certs certs, void *data)
hx509_cert_free(mem->certs.val[i]);
free(mem->certs.val);
for (i = 0; mem->keys && mem->keys[i]; i++)
_hx509_private_key_free(&mem->keys[i]);
hx509_private_key_free(&mem->keys[i]);
free(mem->keys);
free(mem->name);
free(mem);
@ -167,7 +167,7 @@ mem_getkeys(hx509_context context,
(*keys)[i] = _hx509_private_key_ref(mem->keys[i]);
if ((*keys)[i] == NULL) {
while (--i >= 0)
_hx509_private_key_free(&(*keys)[i]);
hx509_private_key_free(&(*keys)[i]);
hx509_set_error_string(context, 0, ENOMEM, "out of memory");
return ENOMEM;
}

6
source4/heimdal/lib/hx509/ks_p11.c
View File

@ -613,7 +613,7 @@ collect_private_key(hx509_context context,
localKeyId.data = query[0].pValue;
localKeyId.length = query[0].ulValueLen;
ret = _hx509_private_key_init(&key, NULL, NULL);
ret = hx509_private_key_init(&key, NULL, NULL);
if (ret)
return ret;
@ -648,7 +648,7 @@ collect_private_key(hx509_context context,
if (ret != 1)
_hx509_abort("RSA_set_app_data");
_hx509_private_key_assign_rsa(key, rsa);
hx509_private_key_assign_rsa(key, rsa);
ret = _hx509_collector_private_key_add(context,
collector,
@ -658,7 +658,7 @@ collect_private_key(hx509_context context,
&localKeyId);
if (ret) {
_hx509_private_key_free(&key);
hx509_private_key_free(&key);
return ret;
}
return 0;

129
source4/heimdal/lib/hx509/lex.yy.c
View File

@ -33,7 +33,7 @@
#if defined (__STDC_VERSION__) && __STDC_VERSION__ >= 199901L
/* C99 says to define __STDC_LIMIT_MACROS before including stdint.h,
* if you want the limit (max/min) macros for int types.
* if you want the limit (max/min) macros for int types.
*/
#ifndef __STDC_LIMIT_MACROS
#define __STDC_LIMIT_MACROS 1
@ -50,10 +50,9 @@ typedef uint32_t flex_uint32_t;
typedef signed char flex_int8_t;
typedef short int flex_int16_t;
typedef int flex_int32_t;
typedef unsigned char flex_uint8_t;
typedef unsigned char flex_uint8_t;
typedef unsigned short int flex_uint16_t;
typedef unsigned int flex_uint32_t;
#endif /* ! C99 */
/* Limits of integral types. */
#ifndef INT8_MIN
@ -84,6 +83,8 @@ typedef unsigned int flex_uint32_t;
#define UINT32_MAX (4294967295U)
#endif
#endif /* ! C99 */
#endif /* ! FLEXINT_H */
#ifdef __cplusplus
@ -140,7 +141,15 @@ typedef unsigned int flex_uint32_t;
/* Size of default input buffer. */
#ifndef YY_BUF_SIZE
#ifdef __ia64__
/* On IA-64, the buffer size is 16k, not 8k.
* Moreover, YY_BUF_SIZE is 2*YY_READ_BUF_SIZE in the general case.
* Ditto for the __ia64__ case accordingly.
*/
#define YY_BUF_SIZE 32768
#else
#define YY_BUF_SIZE 16384
#endif /* __ia64__ */
#endif
/* The state buf must be large enough to hold one state per character in the main buffer.
@ -161,7 +170,7 @@ extern FILE *yyin, *yyout;
#define EOB_ACT_LAST_MATCH 2
#define YY_LESS_LINENO(n)
/* Return all but the first "n" matched characters back to the input stream. */
#define yyless(n) \
do \
@ -223,7 +232,7 @@ struct yy_buffer_state
int yy_bs_lineno; /**< The line count. */
int yy_bs_column; /**< The column count. */
/* Whether to try to fill the input buffer when we reach the
* end of it.
*/
@ -534,7 +543,7 @@ struct hx_expr_input _hx509_expr_input;
#undef ECHO
#line 538 "lex.yy.c"
#line 547 "lex.yy.c"
#define INITIAL 0
@ -594,7 +603,7 @@ extern int yywrap (void );
#endif
static void yyunput (int c,char *buf_ptr );
#ifndef yytext_ptr
static void yy_flex_strncpy (char *,yyconst char *,int );
#endif
@ -615,7 +624,12 @@ static int input (void );
/* Amount of stuff to slurp up with each read. */
#ifndef YY_READ_BUF_SIZE
#ifdef __ia64__
/* On IA-64, the buffer size is 16k, not 8k */
#define YY_READ_BUF_SIZE 16384
#else
#define YY_READ_BUF_SIZE 8192
#endif /* __ia64__ */
#endif
/* Copy whatever the last rule matched to the standard output. */
@ -634,7 +648,7 @@ static int input (void );
if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \
{ \
int c = '*'; \
unsigned n; \
size_t n; \
for ( n = 0; n < max_size && \
(c = getc( yyin )) != EOF && c != '\n'; ++n ) \
buf[n] = (char) c; \
@ -715,11 +729,11 @@ YY_DECL
register yy_state_type yy_current_state;
register char *yy_cp, *yy_bp;
register int yy_act;
#line 68 "sel-lex.l"
#line 723 "lex.yy.c"
#line 737 "lex.yy.c"
if ( !(yy_init) )
{
@ -866,7 +880,7 @@ YY_RULE_SETUP
#line 85 "sel-lex.l"
ECHO;
YY_BREAK
#line 870 "lex.yy.c"
#line 884 "lex.yy.c"
case YY_STATE_EOF(INITIAL):
yyterminate();
@ -1008,7 +1022,7 @@ case YY_STATE_EOF(INITIAL):
*/
static int yy_get_next_buffer (void)
{
register char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf;
register char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf;
register char *source = (yytext_ptr);
register int number_to_move, i;
int ret_val;
@ -1144,7 +1158,7 @@ static int yy_get_next_buffer (void)
{
register yy_state_type yy_current_state;
register char *yy_cp;
yy_current_state = (yy_start);
for ( yy_cp = (yytext_ptr) + YY_MORE_ADJ; yy_cp < (yy_c_buf_p); ++yy_cp )
@ -1175,7 +1189,7 @@ static int yy_get_next_buffer (void)
static yy_state_type yy_try_NUL_trans (yy_state_type yy_current_state )
{
register int yy_is_jam;
register char *yy_cp = (yy_c_buf_p);
register char *yy_cp = (yy_c_buf_p);
register YY_CHAR yy_c = 1;
if ( yy_accept[yy_current_state] )
@ -1198,7 +1212,7 @@ static int yy_get_next_buffer (void)
static void yyunput (int c, register char * yy_bp )
{
register char *yy_cp;
yy_cp = (yy_c_buf_p);
/* undo effects of setting up yytext */
@ -1241,7 +1255,7 @@ static int yy_get_next_buffer (void)
{
int c;
*(yy_c_buf_p) = (yy_hold_char);
if ( *(yy_c_buf_p) == YY_END_OF_BUFFER_CHAR )
@ -1308,12 +1322,12 @@ static int yy_get_next_buffer (void)
/** Immediately switch to a different input stream.
* @param input_file A readable stream.
*
*
* @note This function does not reset the start condition to @c INITIAL .
*/
void yyrestart (FILE * input_file )
{
if ( ! YY_CURRENT_BUFFER ){
yyensure_buffer_stack ();
YY_CURRENT_BUFFER_LVALUE =
@ -1326,11 +1340,11 @@ static int yy_get_next_buffer (void)
/** Switch to a different input buffer.
* @param new_buffer The new input buffer.
*
*
*/
void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer )
{
/* TODO. We should be able to replace this entire function body
* with
* yypop_buffer_state();
@ -1361,7 +1375,7 @@ static int yy_get_next_buffer (void)
static void yy_load_buffer_state (void)
{
(yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars;
(yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars;
(yytext_ptr) = (yy_c_buf_p) = YY_CURRENT_BUFFER_LVALUE->yy_buf_pos;
yyin = YY_CURRENT_BUFFER_LVALUE->yy_input_file;
(yy_hold_char) = *(yy_c_buf_p);
@ -1370,13 +1384,13 @@ static void yy_load_buffer_state (void)
/** Allocate and initialize an input buffer state.
* @param file A readable stream.
* @param size The character buffer size in bytes. When in doubt, use @c YY_BUF_SIZE.
*
*
* @return the allocated buffer state.
*/
YY_BUFFER_STATE yy_create_buffer (FILE * file, int size )
{
YY_BUFFER_STATE b;
b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) );
if ( ! b )
YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" );
@ -1399,11 +1413,11 @@ static void yy_load_buffer_state (void)
/** Destroy the buffer.
* @param b a buffer created with yy_create_buffer()
*
*
*/
void yy_delete_buffer (YY_BUFFER_STATE b )
{
if ( ! b )
return;
@ -1419,7 +1433,7 @@ static void yy_load_buffer_state (void)
#ifndef __cplusplus
extern int isatty (int );
#endif /* __cplusplus */
/* Initializes or reinitializes a buffer.
* This function is sometimes called more than once on the same buffer,
* such as during a yyrestart() or at EOF.
@ -1428,7 +1442,7 @@ extern int isatty (int );
{
int oerrno = errno;
yy_flush_buffer(b );
b->yy_input_file = file;
@ -1444,17 +1458,17 @@ extern int isatty (int );
}
b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0;
errno = oerrno;
}
/** Discard all buffered characters. On the next scan, YY_INPUT will be called.
* @param b the buffer state to be flushed, usually @c YY_CURRENT_BUFFER.
*
*
*/
void yy_flush_buffer (YY_BUFFER_STATE b )
{
if ( ! b )
if ( ! b )
return;
b->yy_n_chars = 0;
@ -1479,11 +1493,11 @@ extern int isatty (int );
* the current state. This function will allocate the stack
* if necessary.
* @param new_buffer The new state.
*
*
*/
void yypush_buffer_state (YY_BUFFER_STATE new_buffer )
{
if (new_buffer == NULL)
if (new_buffer == NULL)
return;
yyensure_buffer_stack();
@ -1509,11 +1523,11 @@ void yypush_buffer_state (YY_BUFFER_STATE new_buffer )
/** Removes and deletes the top of the stack, if present.
* The next element becomes the new top.
*
*
*/
void yypop_buffer_state (void)
{
if (!YY_CURRENT_BUFFER)
if (!YY_CURRENT_BUFFER)
return;
yy_delete_buffer(YY_CURRENT_BUFFER );
@ -1533,7 +1547,7 @@ void yypop_buffer_state (void)
static void yyensure_buffer_stack (void)
{
int num_to_alloc;
if (!(yy_buffer_stack)) {
/* First allocation is just for 2 elements, since we don't know if this
@ -1546,9 +1560,9 @@ static void yyensure_buffer_stack (void)
);
if ( ! (yy_buffer_stack) )
YY_FATAL_ERROR( "out of dynamic memory in yyensure_buffer_stack()" );
memset((yy_buffer_stack), 0, num_to_alloc * sizeof(struct yy_buffer_state*));
(yy_buffer_stack_max) = num_to_alloc;
(yy_buffer_stack_top) = 0;
return;
@ -1576,13 +1590,13 @@ static void yyensure_buffer_stack (void)
/** Setup the input buffer state to scan directly from a user-specified character buffer.
* @param base the character buffer
* @param size the size in bytes of the character buffer
*
* @return the newly allocated buffer state object.
*
* @return the newly allocated buffer state object.
*/
YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size )
{
YY_BUFFER_STATE b;
if ( size < 2 ||
base[size-2] != YY_END_OF_BUFFER_CHAR ||
base[size-1] != YY_END_OF_BUFFER_CHAR )
@ -1611,22 +1625,22 @@ YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size )
/** Setup the input buffer state to scan a string. The next call to yylex() will
* scan from a @e copy of @a str.
* @param yystr a NUL-terminated string to scan
*
*
* @return the newly allocated buffer state object.
* @note If you want to scan bytes that may contain NUL values, then use
* yy_scan_bytes() instead.
*/
YY_BUFFER_STATE yy_scan_string (yyconst char * yystr )
{
return yy_scan_bytes(yystr,strlen(yystr) );
}
/** Setup the input buffer state to scan the given bytes. The next call to yylex() will
* scan from a @e copy of @a bytes.
* @param bytes the byte buffer to scan
* @param len the number of bytes in the buffer pointed to by @a bytes.
*
* @param yybytes the byte buffer to scan
* @param _yybytes_len the number of bytes in the buffer pointed to by @a bytes.
*
* @return the newly allocated buffer state object.
*/
YY_BUFFER_STATE yy_scan_bytes (yyconst char * yybytes, int _yybytes_len )
@ -1635,7 +1649,7 @@ YY_BUFFER_STATE yy_scan_bytes (yyconst char * yybytes, int _yybytes_len )
char *buf;
yy_size_t n;
int i;
/* Get memory for full buffer, including space for trailing EOB's. */
n = _yybytes_len + 2;
buf = (char *) yyalloc(n );
@ -1665,7 +1679,7 @@ YY_BUFFER_STATE yy_scan_bytes (yyconst char * yybytes, int _yybytes_len )
static void yy_fatal_error (yyconst char* msg )
{
(void) fprintf( stderr, "%s\n", msg );
(void) fprintf( stderr, "%s\n", msg );
exit( YY_EXIT_FAILURE );
}
@ -1689,16 +1703,16 @@ static void yy_fatal_error (yyconst char* msg )
/* Accessor methods (get/set functions) to struct members. */
/** Get the current line number.
*
*
*/
int yyget_lineno (void)
{
return yylineno;
}
/** Get the input stream.
*
*
*/
FILE *yyget_in (void)
{
@ -1706,7 +1720,7 @@ FILE *yyget_in (void)
}
/** Get the output stream.
*
*
*/
FILE *yyget_out (void)
{
@ -1714,7 +1728,7 @@ FILE *yyget_out (void)
}
/** Get the length of the current token.
*
*
*/
int yyget_leng (void)
{
@ -1722,7 +1736,7 @@ int yyget_leng (void)
}
/** Get the current token.
*
*
*/
char *yyget_text (void)
@ -1732,18 +1746,18 @@ char *yyget_text (void)
/** Set the current line number.
* @param line_number
*
*
*/
void yyset_lineno (int line_number )
{
yylineno = line_number;
}
/** Set the input stream. This does not discard the current
* input buffer.
* @param in_str A readable stream.
*
*
* @see yy_switch_to_buffer
*/
void yyset_in (FILE * in_str )
@ -1797,7 +1811,7 @@ static int yy_init_globals (void)
/* yylex_destroy is for both reentrant and non-reentrant scanners. */
int yylex_destroy (void)
{
/* Pop the buffer stack, destroying each element. */
while(YY_CURRENT_BUFFER){
yy_delete_buffer(YY_CURRENT_BUFFER );
@ -1921,3 +1935,4 @@ lex_input(char *buf, int max_size)
return n;
}

24
source4/heimdal/lib/hx509/req.c
View File

@ -46,7 +46,7 @@ struct hx509_request_data {
*/
int
_hx509_request_init(hx509_context context, hx509_request *req)
hx509_request_init(hx509_context context, hx509_request *req)
{
*req = calloc(1, sizeof(**req));
if (*req == NULL)
@ -56,7 +56,7 @@ _hx509_request_init(hx509_context context, hx509_request *req)
}
void
_hx509_request_free(hx509_request *req)
hx509_request_free(hx509_request *req)
{
if ((*req)->name)
hx509_name_free(&(*req)->name);
@ -69,7 +69,7 @@ _hx509_request_free(hx509_request *req)
}
int
_hx509_request_set_name(hx509_context context,
hx509_request_set_name(hx509_context context,
hx509_request req,
hx509_name name)
{
@ -84,7 +84,7 @@ _hx509_request_set_name(hx509_context context,
}
int
_hx509_request_get_name(hx509_context context,
hx509_request_get_name(hx509_context context,
hx509_request req,
hx509_name *name)
{
@ -96,7 +96,7 @@ _hx509_request_get_name(hx509_context context,
}
int
_hx509_request_set_SubjectPublicKeyInfo(hx509_context context,
hx509_request_set_SubjectPublicKeyInfo(hx509_context context,
hx509_request req,
const SubjectPublicKeyInfo *key)
{
@ -105,7 +105,7 @@ _hx509_request_set_SubjectPublicKeyInfo(hx509_context context,
}
int
_hx509_request_get_SubjectPublicKeyInfo(hx509_context context,
hx509_request_get_SubjectPublicKeyInfo(hx509_context context,
hx509_request req,
SubjectPublicKeyInfo *key)
{
@ -271,7 +271,7 @@ _hx509_request_parse(hx509_context context,
return ret;
}
ret = _hx509_request_init(context, req);
ret = hx509_request_init(context, req);
if (ret) {
free_CertificationRequest(&r);
return ret;
@ -279,25 +279,25 @@ _hx509_request_parse(hx509_context context,
rinfo = &r.certificationRequestInfo;
ret = _hx509_request_set_SubjectPublicKeyInfo(context, *req,
ret = hx509_request_set_SubjectPublicKeyInfo(context, *req,
&rinfo->subjectPKInfo);
if (ret) {
free_CertificationRequest(&r);
_hx509_request_free(req);
hx509_request_free(req);
return ret;
}
ret = _hx509_name_from_Name(&rinfo->subject, &subject);
if (ret) {
free_CertificationRequest(&r);
_hx509_request_free(req);
hx509_request_free(req);
return ret;
}
ret = _hx509_request_set_name(context, *req, subject);
ret = hx509_request_set_name(context, *req, subject);
hx509_name_free(&subject);
free_CertificationRequest(&r);
if (ret) {
_hx509_request_free(req);
hx509_request_free(req);
return ret;
}

2280
source4/heimdal/lib/hx509/sel-gram.c
View File

File diff suppressed because it is too large Load Diff

95
source4/heimdal/lib/hx509/sel-gram.h
View File

@ -1,14 +1,89 @@
#define kw_TRUE 257
#define kw_FALSE 258
#define kw_AND 259
#define kw_OR 260
#define kw_IN 261
#define kw_TAILMATCH 262
#define NUMBER 263
#define STRING 264
#define IDENTIFIER 265
typedef union {
/* A Bison parser, made by GNU Bison 2.4.1. */
/* Skeleton interface for Bison's Yacc-like parsers in C
Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006
Free Software Foundation, Inc.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>. */
/* As a special exception, you may create a larger work that contains
part or all of the Bison parser skeleton and distribute that work
under terms of your choice, so long as that work isn't itself a
parser generator using the skeleton or a modified version thereof
as a parser skeleton. Alternatively, if you modify or redistribute
the parser skeleton itself, you may (at your option) remove this
special exception, which will cause the skeleton and the resulting
Bison output files to be licensed under the GNU General Public
License without this special exception.
This special exception was added by the Free Software Foundation in
version 2.2 of Bison. */
/* Tokens. */
#ifndef YYTOKENTYPE
# define YYTOKENTYPE
/* Put the tokens into the symbol table, so that GDB and other debuggers
know about them. */
enum yytokentype {
kw_TRUE = 258,
kw_FALSE = 259,
kw_AND = 260,
kw_OR = 261,
kw_IN = 262,
kw_TAILMATCH = 263,
NUMBER = 264,
STRING = 265,
IDENTIFIER = 266
};
#endif
/* Tokens. */
#define kw_TRUE 258
#define kw_FALSE 259
#define kw_AND 260
#define kw_OR 261
#define kw_IN 262
#define kw_TAILMATCH 263
#define NUMBER 264
#define STRING 265
#define IDENTIFIER 266
#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
typedef union YYSTYPE
{
/* Line 1676 of yacc.c */
#line 45 "sel-gram.c"
char *string;
struct hx_expr *expr;
/* Line 1676 of yacc.c */
#line 81 "sel-gram.c"
} YYSTYPE;
# define YYSTYPE_IS_TRIVIAL 1
# define yystype YYSTYPE /* obsolescent; will be withdrawn */
# define YYSTYPE_IS_DECLARED 1
#endif
extern YYSTYPE yylval;

28
source4/heimdal/lib/hx509/sel-lex.c
View File

@ -54,7 +54,6 @@ typedef int flex_int32_t;
typedef unsigned char flex_uint8_t;
typedef unsigned short int flex_uint16_t;
typedef unsigned int flex_uint32_t;
#endif /* ! C99 */
/* Limits of integral types. */
#ifndef INT8_MIN
@ -85,6 +84,8 @@ typedef unsigned int flex_uint32_t;
#define UINT32_MAX (4294967295U)
#endif
#endif /* ! C99 */
#endif /* ! FLEXINT_H */
#ifdef __cplusplus
@ -141,7 +142,15 @@ typedef unsigned int flex_uint32_t;
/* Size of default input buffer. */
#ifndef YY_BUF_SIZE
#ifdef __ia64__
/* On IA-64, the buffer size is 16k, not 8k.
* Moreover, YY_BUF_SIZE is 2*YY_READ_BUF_SIZE in the general case.
* Ditto for the __ia64__ case accordingly.
*/
#define YY_BUF_SIZE 32768
#else
#define YY_BUF_SIZE 16384
#endif /* __ia64__ */
#endif
/* The state buf must be large enough to hold one state per character in the main buffer.
@ -535,7 +544,7 @@ struct hx_expr_input _hx509_expr_input;
#undef ECHO
#line 538 "sel-lex.c"
#line 547 "sel-lex.c"
#define INITIAL 0
@ -616,7 +625,12 @@ static int input (void );
/* Amount of stuff to slurp up with each read. */
#ifndef YY_READ_BUF_SIZE
#ifdef __ia64__
/* On IA-64, the buffer size is 16k, not 8k */
#define YY_READ_BUF_SIZE 16384
#else
#define YY_READ_BUF_SIZE 8192
#endif /* __ia64__ */
#endif
/* Copy whatever the last rule matched to the standard output. */
@ -635,7 +649,7 @@ static int input (void );
if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \
{ \
int c = '*'; \
unsigned n; \
size_t n; \
for ( n = 0; n < max_size && \
(c = getc( yyin )) != EOF && c != '\n'; ++n ) \
buf[n] = (char) c; \
@ -720,7 +734,7 @@ YY_DECL
#line 68 "sel-lex.l"
#line 723 "sel-lex.c"
#line 737 "sel-lex.c"
if ( !(yy_init) )
{
@ -867,7 +881,7 @@ YY_RULE_SETUP
#line 85 "sel-lex.l"
ECHO;
YY_BREAK
#line 870 "sel-lex.c"
#line 884 "sel-lex.c"
case YY_STATE_EOF(INITIAL):
yyterminate();
@ -1625,8 +1639,8 @@ YY_BUFFER_STATE yy_scan_string (yyconst char * yystr )
/** Setup the input buffer state to scan the given bytes. The next call to yylex() will
* scan from a @e copy of @a bytes.
* @param bytes the byte buffer to scan
* @param len the number of bytes in the buffer pointed to by @a bytes.
* @param yybytes the byte buffer to scan
* @param _yybytes_len the number of bytes in the buffer pointed to by @a bytes.
*
* @return the newly allocated buffer state object.
*/

26
source4/heimdal/lib/hx509/version-script.map
View File

@ -4,7 +4,6 @@ HEIMDAL_X509_1.2 {
global:
_hx509_cert_assign_key;
_hx509_cert_private_key;
_hx509_cert_public_encrypt;
_hx509_certs_keys_free;
_hx509_certs_keys_get;
_hx509_expr_eval;
@ -17,24 +16,12 @@ HEIMDAL_X509_1.2 {
_hx509_generate_private_key_is_ca;
_hx509_map_file_os;
_hx509_name_from_Name;
_hx509_parse_private_key;
_hx509_private_key_assign_rsa;
_hx509_private_key2SPKI;
_hx509_private_key_free;
_hx509_private_key_init;
_hx509_private_key_private_decrypt;
_hx509_private_key_ref;
_hx509_request_add_dns_name;
_hx509_request_add_email;
_hx509_request_free;
_hx509_request_get_SubjectPublicKeyInfo;
_hx509_request_get_name;
_hx509_request_init;
_hx509_request_parse;
_hx509_request_print;
_hx509_request_set_SubjectPublicKeyInfo;
_hx509_request_set_email;
_hx509_request_set_name;
_hx509_request_to_pkcs10;
_hx509_request_to_pkcs10;
_hx509_unmap_file_os;
@ -87,6 +74,7 @@ HEIMDAL_X509_1.2 {
hx509_cert_init;
hx509_cert_init_data;
hx509_cert_keyusage_print;
hx509_cert_public_encrypt;
hx509_cert_ref;
hx509_cert_set_friendly_name;
hx509_certs_add;
@ -180,6 +168,7 @@ HEIMDAL_X509_1.2 {
hx509_oid_print;
hx509_oid_sprint;
hx509_parse_name;
hx509_parse_private_key;
hx509_peer_info_add_cms_alg;
hx509_peer_info_alloc;
hx509_peer_info_free;
@ -192,6 +181,11 @@ HEIMDAL_X509_1.2 {
hx509_pem_write;
hx509_print_stdout;
hx509_print_cert;
hx509_private_key_assign_rsa;
hx509_private_key_free;
hx509_private_key_private_decrypt;
hx509_private_key_init;
hx509_private_key2SPKI;
hx509_prompt_hidden;
hx509_query_alloc;
hx509_query_free;
@ -203,6 +197,12 @@ HEIMDAL_X509_1.2 {
hx509_query_match_option;
hx509_query_statistic_file;
hx509_query_unparse_stats;
hx509_request_get_name;
hx509_request_get_SubjectPublicKeyInfo;
hx509_request_free;
hx509_request_init;
hx509_request_set_name;
hx509_request_set_SubjectPublicKeyInfo;
hx509_revoke_add_crl;
hx509_revoke_add_ocsp;
hx509_revoke_free;

4
source4/heimdal/lib/krb5/context.c
View File

@ -317,7 +317,7 @@ kt_ops_copy(krb5_context context, const krb5_context src_context)
return 0;
}
static const char *sysplugin_dirs[] = {
static const char *sysplugin_dirs[] = {
LIBDIR "/plugin/krb5",
#ifdef __APPLE__
"/Library/KerberosPlugins/KerberosFrameworkPlugins",
@ -332,7 +332,7 @@ init_context_once(void *ctx)
krb5_context context = ctx;
_krb5_load_plugins(context, "krb5", sysplugin_dirs);
bindtextdomain(HEIMDAL_TEXTDOMAIN, HEIMDAL_LOCALEDIR);
}

18
source4/heimdal/lib/krb5/crypto-aes.c
View File

@ -37,12 +37,12 @@
* AES
*/
static struct key_type keytype_aes128 = {
static struct _krb5_key_type keytype_aes128 = {
KEYTYPE_AES128,
"aes-128",
128,
16,
sizeof(struct evp_schedule),
sizeof(struct _krb5_evp_schedule),
NULL,
_krb5_evp_schedule,
_krb5_AES_salt,
@ -51,12 +51,12 @@ static struct key_type keytype_aes128 = {
EVP_aes_128_cbc
};
static struct key_type keytype_aes256 = {
static struct _krb5_key_type keytype_aes256 = {
KEYTYPE_AES256,
"aes-256",
256,
32,
sizeof(struct evp_schedule),
sizeof(struct _krb5_evp_schedule),
NULL,
_krb5_evp_schedule,
_krb5_AES_salt,
@ -65,7 +65,7 @@ static struct key_type keytype_aes256 = {
EVP_aes_256_cbc
};
struct checksum_type _krb5_checksum_hmac_sha1_aes128 = {
struct _krb5_checksum_type _krb5_checksum_hmac_sha1_aes128 = {
CKSUMTYPE_HMAC_SHA1_96_AES_128,
"hmac-sha1-96-aes128",
64,
@ -75,7 +75,7 @@ struct checksum_type _krb5_checksum_hmac_sha1_aes128 = {
NULL
};
struct checksum_type _krb5_checksum_hmac_sha1_aes256 = {
struct _krb5_checksum_type _krb5_checksum_hmac_sha1_aes256 = {
CKSUMTYPE_HMAC_SHA1_96_AES_256,
"hmac-sha1-96-aes256",
64,
@ -91,7 +91,7 @@ AES_PRF(krb5_context context,
const krb5_data *in,
krb5_data *out)
{
struct checksum_type *ct = crypto->et->checksum;
struct _krb5_checksum_type *ct = crypto->et->checksum;
krb5_error_code ret;
Checksum result;
krb5_keyblock *derived;
@ -139,7 +139,7 @@ AES_PRF(krb5_context context,
return ret;
}
struct encryption_type _krb5_enctype_aes128_cts_hmac_sha1 = {
struct _krb5_encryption_type _krb5_enctype_aes128_cts_hmac_sha1 = {
ETYPE_AES128_CTS_HMAC_SHA1_96,
"aes128-cts-hmac-sha1-96",
16,
@ -154,7 +154,7 @@ struct encryption_type _krb5_enctype_aes128_cts_hmac_sha1 = {
AES_PRF
};
struct encryption_type _krb5_enctype_aes256_cts_hmac_sha1 = {
struct _krb5_encryption_type _krb5_enctype_aes256_cts_hmac_sha1 = {
ETYPE_AES256_CTS_HMAC_SHA1_96,
"aes256-cts-hmac-sha1-96",
16,

4
source4/heimdal/lib/krb5/crypto-algs.c
View File

@ -37,7 +37,7 @@
#define DES3_OLD_ENCTYPE 1
#endif
struct checksum_type *_krb5_checksum_types[] = {
struct _krb5_checksum_type *_krb5_checksum_types[] = {
&_krb5_checksum_none,
#ifdef HEIM_WEAK_CRYPTO
&_krb5_checksum_crc32,
@ -63,7 +63,7 @@ int _krb5_num_checksums
* these should currently be in reverse preference order.
* (only relevant for !F_PSEUDO) */
struct encryption_type *_krb5_etypes[] = {
struct _krb5_encryption_type *_krb5_etypes[] = {
&_krb5_enctype_aes256_cts_hmac_sha1,
&_krb5_enctype_aes128_cts_hmac_sha1,
&_krb5_enctype_des3_cbc_sha1,

28
source4/heimdal/lib/krb5/crypto-arcfour.c
View File

@ -37,12 +37,12 @@
#include "krb5_locl.h"
static struct key_type keytype_arcfour = {
static struct _krb5_key_type keytype_arcfour = {
KEYTYPE_ARCFOUR,
"arcfour",
128,
16,
sizeof(struct evp_schedule),
sizeof(struct _krb5_evp_schedule),
NULL,
_krb5_evp_schedule,
_krb5_arcfour_salt,
@ -57,17 +57,17 @@ static struct key_type keytype_arcfour = {
krb5_error_code
_krb5_HMAC_MD5_checksum(krb5_context context,
struct key_data *key,
struct _krb5_key_data *key,
const void *data,
size_t len,
unsigned usage,
Checksum *result)
{
EVP_MD_CTX *m;
struct checksum_type *c = _krb5_find_checksum (CKSUMTYPE_RSA_MD5);
struct _krb5_checksum_type *c = _krb5_find_checksum (CKSUMTYPE_RSA_MD5);
const char signature[] = "signaturekey";
Checksum ksign_c;
struct key_data ksign;
struct _krb5_key_data ksign;
krb5_keyblock kb;
unsigned char t[4];
unsigned char tmp[16];
@ -105,7 +105,7 @@ _krb5_HMAC_MD5_checksum(krb5_context context,
return 0;
}
struct checksum_type _krb5_checksum_hmac_md5 = {
struct _krb5_checksum_type _krb5_checksum_hmac_md5 = {
CKSUMTYPE_HMAC_MD5,
"hmac-md5",
64,
@ -123,16 +123,16 @@ struct checksum_type _krb5_checksum_hmac_md5 = {
static krb5_error_code
ARCFOUR_subencrypt(krb5_context context,
struct key_data *key,
struct _krb5_key_data *key,
void *data,
size_t len,
unsigned usage,
void *ivec)
{
EVP_CIPHER_CTX ctx;
struct checksum_type *c = _krb5_find_checksum (CKSUMTYPE_RSA_MD5);
struct _krb5_checksum_type *c = _krb5_find_checksum (CKSUMTYPE_RSA_MD5);
Checksum k1_c, k2_c, k3_c, cksum;
struct key_data ke;
struct _krb5_key_data ke;
krb5_keyblock kb;
unsigned char t[4];
unsigned char *cdata = data;
@ -190,16 +190,16 @@ ARCFOUR_subencrypt(krb5_context context,
static krb5_error_code
ARCFOUR_subdecrypt(krb5_context context,
struct key_data *key,
struct _krb5_key_data *key,
void *data,
size_t len,
unsigned usage,
void *ivec)
{
EVP_CIPHER_CTX ctx;
struct checksum_type *c = _krb5_find_checksum (CKSUMTYPE_RSA_MD5);
struct _krb5_checksum_type *c = _krb5_find_checksum (CKSUMTYPE_RSA_MD5);
Checksum k1_c, k2_c, k3_c, cksum;
struct key_data ke;
struct _krb5_key_data ke;
krb5_keyblock kb;
unsigned char t[4];
unsigned char *cdata = data;
@ -290,7 +290,7 @@ _krb5_usage2arcfour(krb5_context context, unsigned *usage)
static krb5_error_code
ARCFOUR_encrypt(krb5_context context,
struct key_data *key,
struct _krb5_key_data *key,
void *data,
size_t len,
krb5_boolean encryptp,
@ -309,7 +309,7 @@ ARCFOUR_encrypt(krb5_context context,
return ARCFOUR_subdecrypt (context, key, data, len, keyusage, ivec);
}
struct encryption_type _krb5_enctype_arcfour_hmac_md5 = {
struct _krb5_encryption_type _krb5_enctype_arcfour_hmac_md5 = {
ETYPE_ARCFOUR_HMAC_MD5,
"arcfour-hmac-md5",
1,

12
source4/heimdal/lib/krb5/crypto-des-common.c
View File

@ -57,12 +57,12 @@ _krb5_xor (DES_cblock *key, const unsigned char *b)
krb5_error_code
_krb5_des_checksum(krb5_context context,
const EVP_MD *evp_md,
struct key_data *key,
struct _krb5_key_data *key,
const void *data,
size_t len,
Checksum *cksum)
{
struct evp_schedule *ctx = key->schedule->data;
struct _krb5_evp_schedule *ctx = key->schedule->data;
EVP_MD_CTX *m;
DES_cblock ivec;
unsigned char *p = cksum->checksum.data;
@ -90,12 +90,12 @@ _krb5_des_checksum(krb5_context context,
krb5_error_code
_krb5_des_verify(krb5_context context,
const EVP_MD *evp_md,
struct key_data *key,
struct _krb5_key_data *key,
const void *data,
size_t len,
Checksum *C)
{
struct evp_schedule *ctx = key->schedule->data;
struct _krb5_evp_schedule *ctx = key->schedule->data;
EVP_MD_CTX *m;
unsigned char tmp[24];
unsigned char res[16];
@ -130,7 +130,7 @@ _krb5_des_verify(krb5_context context,
static krb5_error_code
RSA_MD5_checksum(krb5_context context,
struct key_data *key,
struct _krb5_key_data *key,
const void *data,
size_t len,
unsigned usage,
@ -141,7 +141,7 @@ RSA_MD5_checksum(krb5_context context,
return 0;
}
struct checksum_type _krb5_checksum_rsa_md5 = {
struct _krb5_checksum_type _krb5_checksum_rsa_md5 = {
CKSUMTYPE_RSA_MD5,
"rsa-md5",
64,

54
source4/heimdal/lib/krb5/crypto-des.c
View File

@ -49,8 +49,8 @@ krb5_DES_random_key(krb5_context context,
static void
krb5_DES_schedule_old(krb5_context context,
struct key_type *kt,
struct key_data *key)
struct _krb5_key_type *kt,
struct _krb5_key_data *key)
{
DES_set_key_unchecked(key->key->keyvalue.data, key->schedule->data);
}
@ -68,7 +68,7 @@ krb5_DES_random_to_key(krb5_context context,
_krb5_xor(k, (const unsigned char*)"\0\0\0\0\0\0\0\xf0");
}
static struct key_type keytype_des_old = {
static struct _krb5_key_type keytype_des_old = {
KEYTYPE_DES,
"des-old",
56,
@ -80,12 +80,12 @@ static struct key_type keytype_des_old = {
krb5_DES_random_to_key
};
static struct key_type keytype_des = {
static struct _krb5_key_type keytype_des = {
KEYTYPE_DES,
"des",
56,
8,
sizeof(struct evp_schedule),
sizeof(struct _krb5_evp_schedule),
krb5_DES_random_key,
_krb5_evp_schedule,
_krb5_des_salt,
@ -96,7 +96,7 @@ static struct key_type keytype_des = {
static krb5_error_code
CRC32_checksum(krb5_context context,
struct key_data *key,
struct _krb5_key_data *key,
const void *data,
size_t len,
unsigned usage,
@ -115,7 +115,7 @@ CRC32_checksum(krb5_context context,
static krb5_error_code
RSA_MD4_checksum(krb5_context context,
struct key_data *key,
struct _krb5_key_data *key,
const void *data,
size_t len,
unsigned usage,
@ -128,7 +128,7 @@ RSA_MD4_checksum(krb5_context context,
static krb5_error_code
RSA_MD4_DES_checksum(krb5_context context,
struct key_data *key,
struct _krb5_key_data *key,
const void *data,
size_t len,
unsigned usage,
@ -139,7 +139,7 @@ RSA_MD4_DES_checksum(krb5_context context,
static krb5_error_code
RSA_MD4_DES_verify(krb5_context context,
struct key_data *key,
struct _krb5_key_data *key,
const void *data,
size_t len,
unsigned usage,
@ -150,7 +150,7 @@ RSA_MD4_DES_verify(krb5_context context,
static krb5_error_code
RSA_MD5_DES_checksum(krb5_context context,
struct key_data *key,
struct _krb5_key_data *key,
const void *data,
size_t len,
unsigned usage,
@ -161,7 +161,7 @@ RSA_MD5_DES_checksum(krb5_context context,
static krb5_error_code
RSA_MD5_DES_verify(krb5_context context,
struct key_data *key,
struct _krb5_key_data *key,
const void *data,
size_t len,
unsigned usage,
@ -170,7 +170,7 @@ RSA_MD5_DES_verify(krb5_context context,
return _krb5_des_verify(context, EVP_md5(), key, data, len, C);
}
struct checksum_type _krb5_checksum_crc32 = {
struct _krb5_checksum_type _krb5_checksum_crc32 = {
CKSUMTYPE_CRC32,
"crc32",
1,
@ -180,7 +180,7 @@ struct checksum_type _krb5_checksum_crc32 = {
NULL
};
struct checksum_type _krb5_checksum_rsa_md4 = {
struct _krb5_checksum_type _krb5_checksum_rsa_md4 = {
CKSUMTYPE_RSA_MD4,
"rsa-md4",
64,
@ -190,7 +190,7 @@ struct checksum_type _krb5_checksum_rsa_md4 = {
NULL
};
struct checksum_type _krb5_checksum_rsa_md4_des = {
struct _krb5_checksum_type _krb5_checksum_rsa_md4_des = {
CKSUMTYPE_RSA_MD4_DES,
"rsa-md4-des",
64,
@ -200,7 +200,7 @@ struct checksum_type _krb5_checksum_rsa_md4_des = {
RSA_MD4_DES_verify
};
struct checksum_type _krb5_checksum_rsa_md5_des = {
struct _krb5_checksum_type _krb5_checksum_rsa_md5_des = {
CKSUMTYPE_RSA_MD5_DES,
"rsa-md5-des",
64,
@ -212,14 +212,14 @@ struct checksum_type _krb5_checksum_rsa_md5_des = {
static krb5_error_code
evp_des_encrypt_null_ivec(krb5_context context,
struct key_data *key,
struct _krb5_key_data *key,
void *data,
size_t len,
krb5_boolean encryptp,
int usage,
void *ignore_ivec)
{
struct evp_schedule *ctx = key->schedule->data;
struct _krb5_evp_schedule *ctx = key->schedule->data;
EVP_CIPHER_CTX *c;
DES_cblock ivec;
memset(&ivec, 0, sizeof(ivec));
@ -231,14 +231,14 @@ evp_des_encrypt_null_ivec(krb5_context context,
static krb5_error_code
evp_des_encrypt_key_ivec(krb5_context context,
struct key_data *key,
struct _krb5_key_data *key,
void *data,
size_t len,
krb5_boolean encryptp,
int usage,
void *ignore_ivec)
{
struct evp_schedule *ctx = key->schedule->data;
struct _krb5_evp_schedule *ctx = key->schedule->data;
EVP_CIPHER_CTX *c;
DES_cblock ivec;
memcpy(&ivec, key->key->keyvalue.data, sizeof(ivec));
@ -250,7 +250,7 @@ evp_des_encrypt_key_ivec(krb5_context context,
static krb5_error_code
DES_CFB64_encrypt_null_ivec(krb5_context context,
struct key_data *key,
struct _krb5_key_data *key,
void *data,
size_t len,
krb5_boolean encryptp,
@ -268,7 +268,7 @@ DES_CFB64_encrypt_null_ivec(krb5_context context,
static krb5_error_code
DES_PCBC_encrypt_key_ivec(krb5_context context,
struct key_data *key,
struct _krb5_key_data *key,
void *data,
size_t len,
krb5_boolean encryptp,
@ -283,7 +283,7 @@ DES_PCBC_encrypt_key_ivec(krb5_context context,
return 0;
}
struct encryption_type _krb5_enctype_des_cbc_crc = {
struct _krb5_encryption_type _krb5_enctype_des_cbc_crc = {
ETYPE_DES_CBC_CRC,
"des-cbc-crc",
8,
@ -298,7 +298,7 @@ struct encryption_type _krb5_enctype_des_cbc_crc = {
NULL
};
struct encryption_type _krb5_enctype_des_cbc_md4 = {
struct _krb5_encryption_type _krb5_enctype_des_cbc_md4 = {
ETYPE_DES_CBC_MD4,
"des-cbc-md4",
8,
@ -313,7 +313,7 @@ struct encryption_type _krb5_enctype_des_cbc_md4 = {
NULL
};
struct encryption_type _krb5_enctype_des_cbc_md5 = {
struct _krb5_encryption_type _krb5_enctype_des_cbc_md5 = {
ETYPE_DES_CBC_MD5,
"des-cbc-md5",
8,
@ -328,7 +328,7 @@ struct encryption_type _krb5_enctype_des_cbc_md5 = {
NULL
};
struct encryption_type _krb5_enctype_des_cbc_none = {
struct _krb5_encryption_type _krb5_enctype_des_cbc_none = {
ETYPE_DES_CBC_NONE,
"des-cbc-none",
8,
@ -343,7 +343,7 @@ struct encryption_type _krb5_enctype_des_cbc_none = {
NULL
};
struct encryption_type _krb5_enctype_des_cfb64_none = {
struct _krb5_encryption_type _krb5_enctype_des_cfb64_none = {
ETYPE_DES_CFB64_NONE,
"des-cfb64-none",
1,
@ -358,7 +358,7 @@ struct encryption_type _krb5_enctype_des_cfb64_none = {
NULL
};
struct encryption_type _krb5_enctype_des_pcbc_none = {
struct _krb5_encryption_type _krb5_enctype_des_pcbc_none = {
ETYPE_DES_PCBC_NONE,
"des-pcbc-none",
8,

24
source4/heimdal/lib/krb5/crypto-des3.c
View File

@ -54,12 +54,12 @@ DES3_random_key(krb5_context context,
#ifdef DES3_OLD_ENCTYPE
static struct key_type keytype_des3 = {
static struct _krb5_key_type keytype_des3 = {
KEYTYPE_DES3,
"des3",
168,
24,
sizeof(struct evp_schedule),
sizeof(struct _krb5_evp_schedule),
DES3_random_key,
_krb5_evp_schedule,
_krb5_des3_salt,
@ -69,12 +69,12 @@ static struct key_type keytype_des3 = {
};
#endif
static struct key_type keytype_des3_derived = {
static struct _krb5_key_type keytype_des3_derived = {
KEYTYPE_DES3,
"des3",
168,
24,
sizeof(struct evp_schedule),
sizeof(struct _krb5_evp_schedule),
DES3_random_key,
_krb5_evp_schedule,
_krb5_des3_salt_derived,
@ -86,7 +86,7 @@ static struct key_type keytype_des3_derived = {
#ifdef DES3_OLD_ENCTYPE
static krb5_error_code
RSA_MD5_DES3_checksum(krb5_context context,
struct key_data *key,
struct _krb5_key_data *key,
const void *data,
size_t len,
unsigned usage,
@ -97,7 +97,7 @@ RSA_MD5_DES3_checksum(krb5_context context,
static krb5_error_code
RSA_MD5_DES3_verify(krb5_context context,
struct key_data *key,
struct _krb5_key_data *key,
const void *data,
size_t len,
unsigned usage,
@ -106,7 +106,7 @@ RSA_MD5_DES3_verify(krb5_context context,
return _krb5_des_verify(context, EVP_md5(), key, data, len, C);
}
struct checksum_type _krb5_checksum_rsa_md5_des3 = {
struct _krb5_checksum_type _krb5_checksum_rsa_md5_des3 = {
CKSUMTYPE_RSA_MD5_DES3,
"rsa-md5-des3",
64,
@ -117,7 +117,7 @@ struct checksum_type _krb5_checksum_rsa_md5_des3 = {
};
#endif
struct checksum_type _krb5_checksum_hmac_sha1_des3 = {
struct _krb5_checksum_type _krb5_checksum_hmac_sha1_des3 = {
CKSUMTYPE_HMAC_SHA1_DES3,
"hmac-sha1-des3",
64,
@ -128,7 +128,7 @@ struct checksum_type _krb5_checksum_hmac_sha1_des3 = {
};
#ifdef DES3_OLD_ENCTYPE
struct encryption_type _krb5_enctype_des3_cbc_md5 = {
struct _krb5_encryption_type _krb5_enctype_des3_cbc_md5 = {
ETYPE_DES3_CBC_MD5,
"des3-cbc-md5",
8,
@ -144,7 +144,7 @@ struct encryption_type _krb5_enctype_des3_cbc_md5 = {
};
#endif
struct encryption_type _krb5_enctype_des3_cbc_sha1 = {
struct _krb5_encryption_type _krb5_enctype_des3_cbc_sha1 = {
ETYPE_DES3_CBC_SHA1,
"des3-cbc-sha1",
8,
@ -160,7 +160,7 @@ struct encryption_type _krb5_enctype_des3_cbc_sha1 = {
};
#ifdef DES3_OLD_ENCTYPE
struct encryption_type _krb5_enctype_old_des3_cbc_sha1 = {
struct _krb5_encryption_type _krb5_enctype_old_des3_cbc_sha1 = {
ETYPE_OLD_DES3_CBC_SHA1,
"old-des3-cbc-sha1",
8,
@ -176,7 +176,7 @@ struct encryption_type _krb5_enctype_old_des3_cbc_sha1 = {
};
#endif
struct encryption_type _krb5_enctype_des3_cbc_none = {
struct _krb5_encryption_type _krb5_enctype_des3_cbc_none = {
ETYPE_DES3_CBC_NONE,
"des3-cbc-none",
8,

18
source4/heimdal/lib/krb5/crypto-evp.c
View File

@ -35,10 +35,10 @@
void
_krb5_evp_schedule(krb5_context context,
struct key_type *kt,
struct key_data *kd)
struct _krb5_key_type *kt,
struct _krb5_key_data *kd)
{
struct evp_schedule *key = kd->schedule->data;
struct _krb5_evp_schedule *key = kd->schedule->data;
const EVP_CIPHER *c = (*kt->evp)();
EVP_CIPHER_CTX_init(&key->ectx);
@ -49,23 +49,23 @@ _krb5_evp_schedule(krb5_context context,
}
void
_krb5_evp_cleanup(krb5_context context, struct key_data *kd)
_krb5_evp_cleanup(krb5_context context, struct _krb5_key_data *kd)
{
struct evp_schedule *key = kd->schedule->data;
struct _krb5_evp_schedule *key = kd->schedule->data;
EVP_CIPHER_CTX_cleanup(&key->ectx);
EVP_CIPHER_CTX_cleanup(&key->dctx);
}
krb5_error_code
_krb5_evp_encrypt(krb5_context context,
struct key_data *key,
struct _krb5_key_data *key,
void *data,
size_t len,
krb5_boolean encryptp,
int usage,
void *ivec)
{
struct evp_schedule *ctx = key->schedule->data;
struct _krb5_evp_schedule *ctx = key->schedule->data;
EVP_CIPHER_CTX *c;
c = encryptp ? &ctx->ectx : &ctx->dctx;
if (ivec == NULL) {
@ -89,7 +89,7 @@ static const unsigned char zero_ivec[EVP_MAX_BLOCK_LENGTH] = { 0 };
krb5_error_code
_krb5_evp_encrypt_cts(krb5_context context,
struct key_data *key,
struct _krb5_key_data *key,
void *data,
size_t len,
krb5_boolean encryptp,
@ -97,7 +97,7 @@ _krb5_evp_encrypt_cts(krb5_context context,
void *ivec)
{
size_t i, blocksize;
struct evp_schedule *ctx = key->schedule->data;
struct _krb5_evp_schedule *ctx = key->schedule->data;
char tmp[EVP_MAX_BLOCK_LENGTH], ivec2[EVP_MAX_BLOCK_LENGTH];
EVP_CIPHER_CTX *c;
unsigned char *p;

10
source4/heimdal/lib/krb5/crypto-null.c
View File

@ -37,7 +37,7 @@
#define DES3_OLD_ENCTYPE 1
#endif
static struct key_type keytype_null = {
static struct _krb5_key_type keytype_null = {
KEYTYPE_NULL,
"null",
0,
@ -50,7 +50,7 @@ static struct key_type keytype_null = {
static krb5_error_code
NONE_checksum(krb5_context context,
struct key_data *key,
struct _krb5_key_data *key,
const void *data,
size_t len,
unsigned usage,
@ -59,7 +59,7 @@ NONE_checksum(krb5_context context,
return 0;
}
struct checksum_type _krb5_checksum_none = {
struct _krb5_checksum_type _krb5_checksum_none = {
CKSUMTYPE_NONE,
"none",
1,
@ -71,7 +71,7 @@ struct checksum_type _krb5_checksum_none = {
static krb5_error_code
NULL_encrypt(krb5_context context,
struct key_data *key,
struct _krb5_key_data *key,
void *data,
size_t len,
krb5_boolean encryptp,
@ -81,7 +81,7 @@ NULL_encrypt(krb5_context context,
return 0;
}
struct encryption_type _krb5_enctype_null = {
struct _krb5_encryption_type _krb5_enctype_null = {
ETYPE_NULL,
"null",
1,

4
source4/heimdal/lib/krb5/crypto-pk.c
View File

@ -44,7 +44,7 @@ _krb5_pk_octetstring2key(krb5_context context,
const heim_octet_string *k_n,
krb5_keyblock *key)
{
struct encryption_type *et = _krb5_find_enctype(type);
struct _krb5_encryption_type *et = _krb5_find_enctype(type);
krb5_error_code ret;
size_t keylen, offset;
void *keydata;
@ -205,7 +205,7 @@ _krb5_pk_kdf(krb5_context context,
const Ticket *ticket,
krb5_keyblock *key)
{
struct encryption_type *et;
struct _krb5_encryption_type *et;
krb5_error_code ret;
krb5_data other;
size_t keylen, offset;

162
source4/heimdal/lib/krb5/crypto.c
View File

@ -35,17 +35,23 @@
#include "krb5_locl.h"
struct _krb5_key_usage {
unsigned usage;
struct _krb5_key_data key;
};
#ifndef HEIMDAL_SMALLER
#define DES3_OLD_ENCTYPE 1
#endif
static krb5_error_code _get_derived_key(krb5_context, krb5_crypto,
unsigned, struct key_data**);
static struct key_data *_new_derived_key(krb5_crypto crypto, unsigned usage);
unsigned, struct _krb5_key_data**);
static struct _krb5_key_data *_new_derived_key(krb5_crypto crypto, unsigned usage);
static void free_key_schedule(krb5_context,
struct key_data *,
struct encryption_type *);
struct _krb5_key_data *,
struct _krb5_encryption_type *);
/************************************************************
* *
@ -56,7 +62,7 @@ krb5_enctype_keysize(krb5_context context,
krb5_enctype type,
size_t *keysize)
{
struct encryption_type *et = _krb5_find_enctype(type);
struct _krb5_encryption_type *et = _krb5_find_enctype(type);
if(et == NULL) {
krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
N_("encryption type %d not supported", ""),
@ -72,7 +78,7 @@ krb5_enctype_keybits(krb5_context context,
krb5_enctype type,
size_t *keybits)
{
struct encryption_type *et = _krb5_find_enctype(type);
struct _krb5_encryption_type *et = _krb5_find_enctype(type);
if(et == NULL) {
krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
"encryption type %d not supported",
@ -89,7 +95,7 @@ krb5_generate_random_keyblock(krb5_context context,
krb5_keyblock *key)
{
krb5_error_code ret;
struct encryption_type *et = _krb5_find_enctype(type);
struct _krb5_encryption_type *et = _krb5_find_enctype(type);
if(et == NULL) {
krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
N_("encryption type %d not supported", ""),
@ -110,11 +116,11 @@ krb5_generate_random_keyblock(krb5_context context,
static krb5_error_code
_key_schedule(krb5_context context,
struct key_data *key)
struct _krb5_key_data *key)
{
krb5_error_code ret;
struct encryption_type *et = _krb5_find_enctype(key->key->keytype);
struct key_type *kt;
struct _krb5_encryption_type *et = _krb5_find_enctype(key->key->keytype);
struct _krb5_key_type *kt;
if (et == NULL) {
krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP,
@ -150,7 +156,7 @@ _key_schedule(krb5_context context,
static krb5_error_code
SHA1_checksum(krb5_context context,
struct key_data *key,
struct _krb5_key_data *key,
const void *data,
size_t len,
unsigned usage,
@ -164,11 +170,11 @@ SHA1_checksum(krb5_context context,
/* HMAC according to RFC2104 */
krb5_error_code
_krb5_internal_hmac(krb5_context context,
struct checksum_type *cm,
struct _krb5_checksum_type *cm,
const void *data,
size_t len,
unsigned usage,
struct key_data *keyblock,
struct _krb5_key_data *keyblock,
Checksum *result)
{
unsigned char *ipad, *opad;
@ -228,8 +234,8 @@ krb5_hmac(krb5_context context,
krb5_keyblock *key,
Checksum *result)
{
struct checksum_type *c = _krb5_find_checksum(cktype);
struct key_data kd;
struct _krb5_checksum_type *c = _krb5_find_checksum(cktype);
struct _krb5_key_data kd;
krb5_error_code ret;
if (c == NULL) {
@ -252,13 +258,13 @@ krb5_hmac(krb5_context context,
krb5_error_code
_krb5_SP_HMAC_SHA1_checksum(krb5_context context,
struct key_data *key,
struct _krb5_key_data *key,
const void *data,
size_t len,
unsigned usage,
Checksum *result)
{
struct checksum_type *c = _krb5_find_checksum(CKSUMTYPE_SHA1);
struct _krb5_checksum_type *c = _krb5_find_checksum(CKSUMTYPE_SHA1);
Checksum res;
char sha1_data[20];
krb5_error_code ret;
@ -273,7 +279,7 @@ _krb5_SP_HMAC_SHA1_checksum(krb5_context context,
return 0;
}
struct checksum_type _krb5_checksum_sha1 = {
struct _krb5_checksum_type _krb5_checksum_sha1 = {
CKSUMTYPE_SHA1,
"sha1",
64,
@ -283,7 +289,7 @@ struct checksum_type _krb5_checksum_sha1 = {
NULL
};
struct checksum_type *
struct _krb5_checksum_type *
_krb5_find_checksum(krb5_cksumtype type)
{
int i;
@ -297,8 +303,8 @@ static krb5_error_code
get_checksum_key(krb5_context context,
krb5_crypto crypto,
unsigned usage, /* not krb5_key_usage */
struct checksum_type *ct,
struct key_data **key)
struct _krb5_checksum_type *ct,
struct _krb5_key_data **key)
{
krb5_error_code ret = 0;
@ -327,7 +333,7 @@ get_checksum_key(krb5_context context,
static krb5_error_code
create_checksum (krb5_context context,
struct checksum_type *ct,
struct _krb5_checksum_type *ct,
krb5_crypto crypto,
unsigned usage,
void *data,
@ -335,7 +341,7 @@ create_checksum (krb5_context context,
Checksum *result)
{
krb5_error_code ret;
struct key_data *dkey;
struct _krb5_key_data *dkey;
int keyed_checksum;
if (ct->flags & F_DISABLED) {
@ -364,7 +370,7 @@ create_checksum (krb5_context context,
}
static int
arcfour_checksum_p(struct checksum_type *ct, krb5_crypto crypto)
arcfour_checksum_p(struct _krb5_checksum_type *ct, krb5_crypto crypto)
{
return (ct->type == CKSUMTYPE_HMAC_MD5) &&
(crypto->key.key->keytype == KEYTYPE_ARCFOUR);
@ -379,7 +385,7 @@ krb5_create_checksum(krb5_context context,
size_t len,
Checksum *result)
{
struct checksum_type *ct = NULL;
struct _krb5_checksum_type *ct = NULL;
unsigned keyusage;
/* type 0 -> pick from crypto */
@ -417,10 +423,10 @@ verify_checksum(krb5_context context,
Checksum *cksum)
{
krb5_error_code ret;
struct key_data *dkey;
struct _krb5_key_data *dkey;
int keyed_checksum;
Checksum c;
struct checksum_type *ct;
struct _krb5_checksum_type *ct;
ct = _krb5_find_checksum(cksum->cksumtype);
if (ct == NULL || (ct->flags & F_DISABLED)) {
@ -441,7 +447,7 @@ verify_checksum(krb5_context context,
}
keyed_checksum = (ct->flags & F_KEYED) != 0;
if(keyed_checksum) {
struct checksum_type *kct;
struct _krb5_checksum_type *kct;
if (crypto == NULL) {
krb5_set_error_message(context, KRB5_PROG_SUMTYPE_NOSUPP,
N_("Checksum type %s is keyed but no "
@ -511,7 +517,7 @@ krb5_verify_checksum(krb5_context context,
size_t len,
Checksum *cksum)
{
struct checksum_type *ct;
struct _krb5_checksum_type *ct;
unsigned keyusage;
ct = _krb5_find_checksum(cksum->cksumtype);
@ -537,7 +543,7 @@ krb5_crypto_get_checksum_type(krb5_context context,
krb5_crypto crypto,
krb5_cksumtype *type)
{
struct checksum_type *ct = NULL;
struct _krb5_checksum_type *ct = NULL;
if (crypto != NULL) {
ct = crypto->et->keyed_checksum;
@ -562,7 +568,7 @@ krb5_checksumsize(krb5_context context,
krb5_cksumtype type,
size_t *size)
{
struct checksum_type *ct = _krb5_find_checksum(type);
struct _krb5_checksum_type *ct = _krb5_find_checksum(type);
if(ct == NULL) {
krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP,
N_("checksum type %d not supported", ""),
@ -577,7 +583,7 @@ KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_checksum_is_keyed(krb5_context context,
krb5_cksumtype type)
{
struct checksum_type *ct = _krb5_find_checksum(type);
struct _krb5_checksum_type *ct = _krb5_find_checksum(type);
if(ct == NULL) {
if (context)
krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP,
@ -592,7 +598,7 @@ KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_checksum_is_collision_proof(krb5_context context,
krb5_cksumtype type)
{
struct checksum_type *ct = _krb5_find_checksum(type);
struct _krb5_checksum_type *ct = _krb5_find_checksum(type);
if(ct == NULL) {
if (context)
krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP,
@ -607,7 +613,7 @@ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_checksum_disable(krb5_context context,
krb5_cksumtype type)
{
struct checksum_type *ct = _krb5_find_checksum(type);
struct _krb5_checksum_type *ct = _krb5_find_checksum(type);
if(ct == NULL) {
if (context)
krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP,
@ -623,7 +629,7 @@ krb5_checksum_disable(krb5_context context,
* *
************************************************************/
struct encryption_type *
struct _krb5_encryption_type *
_krb5_find_enctype(krb5_enctype type)
{
int i;
@ -639,7 +645,7 @@ krb5_enctype_to_string(krb5_context context,
krb5_enctype etype,
char **string)
{
struct encryption_type *e;
struct _krb5_encryption_type *e;
e = _krb5_find_enctype(etype);
if(e == NULL) {
krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP,
@ -678,7 +684,7 @@ krb5_enctype_to_keytype(krb5_context context,
krb5_enctype etype,
krb5_keytype *keytype)
{
struct encryption_type *e = _krb5_find_enctype(etype);
struct _krb5_encryption_type *e = _krb5_find_enctype(etype);
if(e == NULL) {
krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP,
N_("encryption type %d not supported", ""),
@ -693,7 +699,7 @@ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_enctype_valid(krb5_context context,
krb5_enctype etype)
{
struct encryption_type *e = _krb5_find_enctype(etype);
struct _krb5_encryption_type *e = _krb5_find_enctype(etype);
if(e == NULL) {
krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP,
N_("encryption type %d not supported", ""),
@ -751,7 +757,7 @@ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cksumtype_valid(krb5_context context,
krb5_cksumtype ctype)
{
struct checksum_type *c = _krb5_find_checksum(ctype);
struct _krb5_checksum_type *c = _krb5_find_checksum(ctype);
if (c == NULL) {
krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP,
N_("checksum type %d not supported", ""),
@ -798,8 +804,8 @@ encrypt_internal_derived(krb5_context context,
Checksum cksum;
unsigned char *p, *q;
krb5_error_code ret;
struct key_data *dkey;
const struct encryption_type *et = crypto->et;
struct _krb5_key_data *dkey;
const struct _krb5_encryption_type *et = crypto->et;
checksum_sz = CHECKSUMSIZE(et->keyed_checksum);
@ -864,7 +870,7 @@ encrypt_internal(krb5_context context,
Checksum cksum;
unsigned char *p, *q;
krb5_error_code ret;
const struct encryption_type *et = crypto->et;
const struct _krb5_encryption_type *et = crypto->et;
checksum_sz = CHECKSUMSIZE(et->checksum);
@ -926,7 +932,7 @@ encrypt_internal_special(krb5_context context,
krb5_data *result,
void *ivec)
{
struct encryption_type *et = crypto->et;
struct _krb5_encryption_type *et = crypto->et;
size_t cksum_sz = CHECKSUMSIZE(et->checksum);
size_t sz = len + cksum_sz + et->confoundersize;
char *tmp, *p;
@ -967,8 +973,8 @@ decrypt_internal_derived(krb5_context context,
Checksum cksum;
unsigned char *p;
krb5_error_code ret;
struct key_data *dkey;
struct encryption_type *et = crypto->et;
struct _krb5_key_data *dkey;
struct _krb5_encryption_type *et = crypto->et;
unsigned long l;
checksum_sz = CHECKSUMSIZE(et->keyed_checksum);
@ -1047,7 +1053,7 @@ decrypt_internal(krb5_context context,
unsigned char *p;
Checksum cksum;
size_t checksum_sz, l;
struct encryption_type *et = crypto->et;
struct _krb5_encryption_type *et = crypto->et;
if ((len % et->padsize) != 0) {
krb5_clear_error_message(context);
@ -1112,7 +1118,7 @@ decrypt_internal_special(krb5_context context,
krb5_data *result,
void *ivec)
{
struct encryption_type *et = crypto->et;
struct _krb5_encryption_type *et = crypto->et;
size_t cksum_sz = CHECKSUMSIZE(et->checksum);
size_t sz = len - cksum_sz - et->confoundersize;
unsigned char *p;
@ -1201,8 +1207,8 @@ krb5_encrypt_iov_ivec(krb5_context context,
Checksum cksum;
unsigned char *p, *q;
krb5_error_code ret;
struct key_data *dkey;
const struct encryption_type *et = crypto->et;
struct _krb5_key_data *dkey;
const struct _krb5_encryption_type *et = crypto->et;
krb5_crypto_iov *tiv, *piv, *hiv;
if (num_data < 0) {
@ -1393,8 +1399,8 @@ krb5_decrypt_iov_ivec(krb5_context context,
Checksum cksum;
unsigned char *p, *q;
krb5_error_code ret;
struct key_data *dkey;
struct encryption_type *et = crypto->et;
struct _krb5_key_data *dkey;
struct _krb5_encryption_type *et = crypto->et;
krb5_crypto_iov *tiv, *hiv;
if (num_data < 0) {
@ -1619,7 +1625,7 @@ krb5_verify_checksum_iov(krb5_context context,
unsigned int num_data,
krb5_cksumtype *type)
{
struct encryption_type *et = crypto->et;
struct _krb5_encryption_type *et = crypto->et;
Checksum cksum;
krb5_crypto_iov *civ;
krb5_error_code ret;
@ -1833,15 +1839,15 @@ krb5_decrypt_EncryptedData(krb5_context context,
krb5_error_code
_krb5_derive_key(krb5_context context,
struct encryption_type *et,
struct key_data *key,
struct _krb5_encryption_type *et,
struct _krb5_key_data *key,
const void *constant,
size_t len)
{
unsigned char *k = NULL;
unsigned int nblocks = 0, i;
krb5_error_code ret = 0;
struct key_type *kt = et->keytype;
struct _krb5_key_type *kt = et->keytype;
ret = _key_schedule(context, key);
if(ret)
@ -1923,10 +1929,10 @@ _krb5_derive_key(krb5_context context,
return ret;
}
static struct key_data *
static struct _krb5_key_data *
_new_derived_key(krb5_crypto crypto, unsigned usage)
{
struct key_usage *d = crypto->key_usage;
struct _krb5_key_usage *d = crypto->key_usage;
d = realloc(d, (crypto->num_key_usage + 1) * sizeof(*d));
if(d == NULL)
return NULL;
@ -1946,8 +1952,8 @@ krb5_derive_key(krb5_context context,
krb5_keyblock **derived_key)
{
krb5_error_code ret;
struct encryption_type *et;
struct key_data d;
struct _krb5_encryption_type *et;
struct _krb5_key_data d;
*derived_key = NULL;
@ -1975,10 +1981,10 @@ static krb5_error_code
_get_derived_key(krb5_context context,
krb5_crypto crypto,
unsigned usage,
struct key_data **key)
struct _krb5_key_data **key)
{
int i;
struct key_data *d;
struct _krb5_key_data *d;
unsigned char constant[5];
for(i = 0; i < crypto->num_key_usage; i++)
@ -2060,8 +2066,8 @@ krb5_crypto_init(krb5_context context,
static void
free_key_schedule(krb5_context context,
struct key_data *key,
struct encryption_type *et)
struct _krb5_key_data *key,
struct _krb5_encryption_type *et)
{
if (et->keytype->cleanup)
(*et->keytype->cleanup)(context, key);
@ -2070,8 +2076,8 @@ free_key_schedule(krb5_context context,
}
void
_krb5_free_key_data(krb5_context context, struct key_data *key,
struct encryption_type *et)
_krb5_free_key_data(krb5_context context, struct _krb5_key_data *key,
struct _krb5_encryption_type *et)
{
krb5_free_keyblock(context, key->key);
if(key->schedule) {
@ -2081,8 +2087,8 @@ _krb5_free_key_data(krb5_context context, struct key_data *key,
}
static void
free_key_usage(krb5_context context, struct key_usage *ku,
struct encryption_type *et)
free_key_usage(krb5_context context, struct _krb5_key_usage *ku,
struct _krb5_encryption_type *et)
{
_krb5_free_key_data(context, &ku->key, et);
}
@ -2212,7 +2218,7 @@ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_enctype_disable(krb5_context context,
krb5_enctype enctype)
{
struct encryption_type *et = _krb5_find_enctype(enctype);
struct _krb5_encryption_type *et = _krb5_find_enctype(enctype);
if(et == NULL) {
if (context)
krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP,
@ -2239,7 +2245,7 @@ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_enctype_enable(krb5_context context,
krb5_enctype enctype)
{
struct encryption_type *et = _krb5_find_enctype(enctype);
struct _krb5_encryption_type *et = _krb5_find_enctype(enctype);
if(et == NULL) {
if (context)
krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP,
@ -2283,7 +2289,7 @@ wrapped_length (krb5_context context,
krb5_crypto crypto,
size_t data_len)
{
struct encryption_type *et = crypto->et;
struct _krb5_encryption_type *et = crypto->et;
size_t padsize = et->padsize;
size_t checksumsize = CHECKSUMSIZE(et->checksum);
size_t res;
@ -2298,7 +2304,7 @@ wrapped_length_dervied (krb5_context context,
krb5_crypto crypto,
size_t data_len)
{
struct encryption_type *et = crypto->et;
struct _krb5_encryption_type *et = crypto->et;
size_t padsize = et->padsize;
size_t res;
@ -2334,7 +2340,7 @@ static size_t
crypto_overhead (krb5_context context,
krb5_crypto crypto)
{
struct encryption_type *et = crypto->et;
struct _krb5_encryption_type *et = crypto->et;
size_t res;
res = CHECKSUMSIZE(et->checksum);
@ -2348,7 +2354,7 @@ static size_t
crypto_overhead_dervied (krb5_context context,
krb5_crypto crypto)
{
struct encryption_type *et = crypto->et;
struct _krb5_encryption_type *et = crypto->et;
size_t res;
if (et->keyed_checksum)
@ -2395,7 +2401,7 @@ krb5_random_to_key(krb5_context context,
krb5_keyblock *key)
{
krb5_error_code ret;
struct encryption_type *et = _krb5_find_enctype(type);
struct _krb5_encryption_type *et = _krb5_find_enctype(type);
if(et == NULL) {
krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
N_("encryption type %d not supported", ""),
@ -2429,7 +2435,7 @@ krb5_crypto_prf_length(krb5_context context,
krb5_enctype type,
size_t *length)
{
struct encryption_type *et = _krb5_find_enctype(type);
struct _krb5_encryption_type *et = _krb5_find_enctype(type);
if(et == NULL || et->prf_length == 0) {
krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
@ -2448,7 +2454,7 @@ krb5_crypto_prf(krb5_context context,
const krb5_data *input,
krb5_data *output)
{
struct encryption_type *et = crypto->et;
struct _krb5_encryption_type *et = crypto->et;
krb5_data_zero(output);
@ -2640,8 +2646,8 @@ krb5_enctypes_compatible_keys(krb5_context context,
krb5_enctype etype1,
krb5_enctype etype2)
{
struct encryption_type *e1 = _krb5_find_enctype(etype1);
struct encryption_type *e2 = _krb5_find_enctype(etype2);
struct _krb5_encryption_type *e1 = _krb5_find_enctype(etype1);
struct _krb5_encryption_type *e2 = _krb5_find_enctype(etype2);
return e1 != NULL && e2 != NULL && e1->keytype == e2->keytype;
}

95
source4/heimdal/lib/krb5/crypto.h
View File

@ -35,21 +35,18 @@
#define DES3_OLD_ENCTYPE 1
#endif
struct key_data {
struct _krb5_key_data {
krb5_keyblock *key;
krb5_data *schedule;
};
struct key_usage {
unsigned usage;
struct key_data key;
};
struct _krb5_key_usage;
struct krb5_crypto_data {
struct encryption_type *et;
struct key_data key;
struct _krb5_encryption_type *et;
struct _krb5_key_data key;
int num_key_usage;
struct key_usage *key_usage;
struct _krb5_key_usage *key_usage;
};
#define CRYPTO_ETYPE(C) ((C)->et->type)
@ -71,50 +68,50 @@ struct salt_type {
krb5_salt, krb5_data, krb5_keyblock*);
};
struct key_type {
struct _krb5_key_type {
krb5_keytype type; /* XXX */
const char *name;
size_t bits;
size_t size;
size_t schedule_size;
void (*random_key)(krb5_context, krb5_keyblock*);
void (*schedule)(krb5_context, struct key_type *, struct key_data *);
void (*schedule)(krb5_context, struct _krb5_key_type *, struct _krb5_key_data *);
struct salt_type *string_to_key;
void (*random_to_key)(krb5_context, krb5_keyblock*, const void*, size_t);
void (*cleanup)(krb5_context, struct key_data *);
void (*cleanup)(krb5_context, struct _krb5_key_data *);
const EVP_CIPHER *(*evp)(void);
};
struct checksum_type {
struct _krb5_checksum_type {
krb5_cksumtype type;
const char *name;
size_t blocksize;
size_t checksumsize;
unsigned flags;
krb5_error_code (*checksum)(krb5_context context,
struct key_data *key,
struct _krb5_key_data *key,
const void *buf, size_t len,
unsigned usage,
Checksum *csum);
krb5_error_code (*verify)(krb5_context context,
struct key_data *key,
struct _krb5_key_data *key,
const void *buf, size_t len,
unsigned usage,
Checksum *csum);
};
struct encryption_type {
struct _krb5_encryption_type {
krb5_enctype type;
const char *name;
size_t blocksize;
size_t padsize;
size_t confoundersize;
struct key_type *keytype;
struct checksum_type *checksum;
struct checksum_type *keyed_checksum;
struct _krb5_key_type *keytype;
struct _krb5_checksum_type *checksum;
struct _krb5_checksum_type *keyed_checksum;
unsigned flags;
krb5_error_code (*encrypt)(krb5_context context,
struct key_data *key,
struct _krb5_key_data *key,
void *data, size_t len,
krb5_boolean encryptp,
int usage,
@ -130,20 +127,20 @@ struct encryption_type {
/* Checksums */
extern struct checksum_type _krb5_checksum_none;
extern struct checksum_type _krb5_checksum_crc32;
extern struct checksum_type _krb5_checksum_rsa_md4;
extern struct checksum_type _krb5_checksum_rsa_md4_des;
extern struct checksum_type _krb5_checksum_rsa_md5_des;
extern struct checksum_type _krb5_checksum_rsa_md5_des3;
extern struct checksum_type _krb5_checksum_rsa_md5;
extern struct checksum_type _krb5_checksum_hmac_sha1_des3;
extern struct checksum_type _krb5_checksum_hmac_sha1_aes128;
extern struct checksum_type _krb5_checksum_hmac_sha1_aes256;
extern struct checksum_type _krb5_checksum_hmac_md5;
extern struct checksum_type _krb5_checksum_sha1;
extern struct _krb5_checksum_type _krb5_checksum_none;
extern struct _krb5_checksum_type _krb5_checksum_crc32;
extern struct _krb5_checksum_type _krb5_checksum_rsa_md4;
extern struct _krb5_checksum_type _krb5_checksum_rsa_md4_des;
extern struct _krb5_checksum_type _krb5_checksum_rsa_md5_des;
extern struct _krb5_checksum_type _krb5_checksum_rsa_md5_des3;
extern struct _krb5_checksum_type _krb5_checksum_rsa_md5;
extern struct _krb5_checksum_type _krb5_checksum_hmac_sha1_des3;
extern struct _krb5_checksum_type _krb5_checksum_hmac_sha1_aes128;
extern struct _krb5_checksum_type _krb5_checksum_hmac_sha1_aes256;
extern struct _krb5_checksum_type _krb5_checksum_hmac_md5;
extern struct _krb5_checksum_type _krb5_checksum_sha1;
extern struct checksum_type *_krb5_checksum_types[];
extern struct _krb5_checksum_type *_krb5_checksum_types[];
extern int _krb5_num_checksums;
/* Salts */
@ -156,27 +153,27 @@ extern struct salt_type _krb5_des3_salt_derived[];
/* Encryption types */
extern struct encryption_type _krb5_enctype_aes256_cts_hmac_sha1;
extern struct encryption_type _krb5_enctype_aes128_cts_hmac_sha1;
extern struct encryption_type _krb5_enctype_des3_cbc_sha1;
extern struct encryption_type _krb5_enctype_des3_cbc_md5;
extern struct encryption_type _krb5_enctype_des3_cbc_none;
extern struct encryption_type _krb5_enctype_arcfour_hmac_md5;
extern struct encryption_type _krb5_enctype_des_cbc_md5;
extern struct encryption_type _krb5_enctype_old_des3_cbc_sha1;
extern struct encryption_type _krb5_enctype_des_cbc_crc;
extern struct encryption_type _krb5_enctype_des_cbc_md4;
extern struct encryption_type _krb5_enctype_des_cbc_md5;
extern struct encryption_type _krb5_enctype_des_cbc_none;
extern struct encryption_type _krb5_enctype_des_cfb64_none;
extern struct encryption_type _krb5_enctype_des_pcbc_none;
extern struct encryption_type _krb5_enctype_null;
extern struct _krb5_encryption_type _krb5_enctype_aes256_cts_hmac_sha1;
extern struct _krb5_encryption_type _krb5_enctype_aes128_cts_hmac_sha1;
extern struct _krb5_encryption_type _krb5_enctype_des3_cbc_sha1;
extern struct _krb5_encryption_type _krb5_enctype_des3_cbc_md5;
extern struct _krb5_encryption_type _krb5_enctype_des3_cbc_none;
extern struct _krb5_encryption_type _krb5_enctype_arcfour_hmac_md5;
extern struct _krb5_encryption_type _krb5_enctype_des_cbc_md5;
extern struct _krb5_encryption_type _krb5_enctype_old_des3_cbc_sha1;
extern struct _krb5_encryption_type _krb5_enctype_des_cbc_crc;
extern struct _krb5_encryption_type _krb5_enctype_des_cbc_md4;
extern struct _krb5_encryption_type _krb5_enctype_des_cbc_md5;
extern struct _krb5_encryption_type _krb5_enctype_des_cbc_none;
extern struct _krb5_encryption_type _krb5_enctype_des_cfb64_none;
extern struct _krb5_encryption_type _krb5_enctype_des_pcbc_none;
extern struct _krb5_encryption_type _krb5_enctype_null;
extern struct encryption_type *_krb5_etypes[];
extern struct _krb5_encryption_type *_krb5_etypes[];
extern int _krb5_num_etypes;
/* Interface to the EVP crypto layer provided by hcrypto */
struct evp_schedule {
struct _krb5_evp_schedule {
EVP_CIPHER_CTX ectx;
EVP_CIPHER_CTX dctx;
};

6
source4/heimdal/lib/krb5/get_cred.c
View File

@ -734,7 +734,7 @@ get_cred_kdc_capath_worker(krb5_context context,
krb5_creds *in_creds,
krb5_const_realm try_realm,
krb5_principal impersonate_principal,
Ticket *second_ticket,
Ticket *second_ticket,
krb5_creds **out_creds,
krb5_creds ***ret_tgts)
{
@ -860,7 +860,7 @@ get_cred_kdc_capath_worker(krb5_context context,
}
krb5_free_creds(context, tgt);
return ret;
}
}
/*
get_cred(server)
@ -883,7 +883,7 @@ get_cred_kdc_capath(krb5_context context,
krb5_ccache ccache,
krb5_creds *in_creds,
krb5_principal impersonate_principal,
Ticket *second_ticket,
Ticket *second_ticket,
krb5_creds **out_creds,
krb5_creds ***ret_tgts)
{

5
source4/heimdal/lib/krb5/keytab.c
View File

@ -78,8 +78,9 @@
* and/or temporary data not to be stored on disk. The type's name
* is MEMORY. Each MEMORY keytab is referenced counted by and
* opened by the residual name, so two handles can point to the
* same memory area. When the last user closes the entry, it
* disappears.
* same memory area. When the last user closes using krb5_kt_close()
* the keytab, the keys in they keytab is memset() to zero and freed
* and can no longer be looked up by name.
*
*
* @subsection krb5_keytab_example Keytab example

2
source4/heimdal/lib/krb5/krb5.h
View File

@ -241,6 +241,8 @@ typedef enum krb5_key_usage {
/* Encryption of the SAM-NONCE-OR-SAD field */
KRB5_KU_PA_PKINIT_KX = 44,
/* Encryption type of the kdc session contribution in pk-init */
KRB5_KU_AS_REQ = 56,
/* Checksum of over the AS-REQ send by the KDC in PA-REQ-ENC-PA-REP */
KRB5_KU_DIGEST_ENCRYPT = -18,
/* Encryption key usage used in the digest encryption field */
KRB5_KU_DIGEST_OPAQUE = -19,

4
source4/heimdal/lib/krb5/pac.c
View File

@ -87,7 +87,7 @@ HMAC_MD5_any_checksum(krb5_context context,
unsigned usage,
Checksum *result)
{
struct key_data local_key;
struct _krb5_key_data local_key;
krb5_error_code ret;
memset(&local_key, 0, sizeof(local_key));
@ -106,7 +106,7 @@ HMAC_MD5_any_checksum(krb5_context context,
ret = _krb5_HMAC_MD5_checksum(context, &local_key, data, len, usage, result);
if (ret)
krb5_data_free(&result->checksum);
krb5_free_keyblock(context, local_key.key);
return ret;
}

14
source4/heimdal/lib/krb5/plugin.c
View File

@ -379,7 +379,7 @@ _krb5_plugin_free(struct krb5_plugin *list)
/*
* module - dict of {
* ModuleName = [
* plugin = object{
* plugin = object{
* array = { ptr, ctx }
* }
* ]
@ -556,7 +556,7 @@ search_modules(void *ctx, heim_object_t key, heim_object_t value)
return;
pl = heim_alloc(sizeof(*pl), "struct-plug", plug_free);
cpm = pl->dataptr = dlsym(p->dsohandle, s->name);
if (cpm) {
int ret;
@ -569,10 +569,10 @@ search_modules(void *ctx, heim_object_t key, heim_object_t value)
} else {
cpm = pl->dataptr;
}
if (cpm && cpm->version >= s->min_version)
heim_array_append_value(s->result, pl);
heim_release(pl);
}
@ -619,11 +619,11 @@ _krb5_plugin_run_f(krb5_context context,
s.userctx = userctx;
heim_dict_iterate_f(dict, search_modules, &s);
heim_release(dict);
HEIMDAL_MUTEX_unlock(&plugin_mutex);
s.ret = KRB5_PLUGIN_NO_HANDLE;
heim_array_iterate_f(s.result, eval_results, &s);

4
source4/heimdal/lib/krb5/salt-aes.c
View File

@ -45,8 +45,8 @@ AES_string_to_key(krb5_context context,
{
krb5_error_code ret;
uint32_t iter;
struct encryption_type *et;
struct key_data kd;
struct _krb5_encryption_type *et;
struct _krb5_key_data kd;
if (opaque.length == 0)
iter = _krb5_AES_string_to_default_iterator;

10
source4/heimdal/lib/krb5/salt.c
View File

@ -39,7 +39,7 @@ krb5_salttype_to_string (krb5_context context,
krb5_salttype stype,
char **string)
{
struct encryption_type *e;
struct _krb5_encryption_type *e;
struct salt_type *st;
e = _krb5_find_enctype (etype);
@ -71,7 +71,7 @@ krb5_string_to_salttype (krb5_context context,
const char *string,
krb5_salttype *salttype)
{
struct encryption_type *e;
struct _krb5_encryption_type *e;
struct salt_type *st;
e = _krb5_find_enctype (etype);
@ -187,7 +187,7 @@ krb5_string_to_key_data_salt_opaque (krb5_context context,
krb5_data opaque,
krb5_keyblock *key)
{
struct encryption_type *et =_krb5_find_enctype(enctype);
struct _krb5_encryption_type *et =_krb5_find_enctype(enctype);
struct salt_type *st;
if(et == NULL) {
krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
@ -247,9 +247,9 @@ krb5_string_to_key_derived(krb5_context context,
krb5_enctype etype,
krb5_keyblock *key)
{
struct encryption_type *et = _krb5_find_enctype(etype);
struct _krb5_encryption_type *et = _krb5_find_enctype(etype);
krb5_error_code ret;
struct key_data kd;
struct _krb5_key_data kd;
size_t keylen;
u_char *tmp;

5
source4/heimdal/lib/ntlm/ntlm.c
View File

@ -289,7 +289,7 @@ ret_sec_string(krb5_storage *sp, int ucs2, struct sec_buffer *desc, char **s)
CHECK(krb5_storage_seek(sp, desc->offset, SEEK_SET), desc->offset);
CHECK(ret_string(sp, ucs2, desc->length, s), 0);
out:
return ret;
return ret;
}
static krb5_error_code
@ -1129,7 +1129,7 @@ heim_ntlm_v1_base_session(void *key, size_t len,
session->length = 0;
return ENOMEM;
}
m = EVP_MD_CTX_create();
if (m == NULL) {
heim_ntlm_free_buf(session);
@ -1796,3 +1796,4 @@ heim_ntlm_derive_ntlm2_sess(const unsigned char sessionkey[16],
HMAC_Final(&c, derivedkey, &hmaclen);
HMAC_CTX_cleanup(&c);
}

54
source4/rpc_server/backupkey/dcesrv_backupkey.c
View File

@ -305,7 +305,7 @@ static NTSTATUS get_pk_from_raw_keypair_params(TALLOC_CTX *ctx,
return NT_STATUS_INTERNAL_ERROR;
}
if (_hx509_private_key_init(pk, ops, NULL) != 0) {
if (hx509_private_key_init(pk, ops, NULL) != 0) {
hx509_context_free(&hctx);
return NT_STATUS_NO_MEMORY;
}
@ -365,7 +365,7 @@ static NTSTATUS get_pk_from_raw_keypair_params(TALLOC_CTX *ctx,
return NT_STATUS_INVALID_PARAMETER;
}
_hx509_private_key_assign_rsa(*pk, rsa);
hx509_private_key_assign_rsa(*pk, rsa);
hx509_context_free(&hctx);
return NT_STATUS_OK;
@ -617,7 +617,7 @@ static WERROR bkrp_do_uncrypt_client_wrap_key(struct dcesrv_call_state *dce_call
reversed_secret.data = talloc_array(mem_ctx, uint8_t,
uncrypt_request.encrypted_secret_len);
if (reversed_secret.data == NULL) {
_hx509_private_key_free(&pk);
hx509_private_key_free(&pk);
return WERR_NOMEM;
}
@ -634,11 +634,11 @@ static WERROR bkrp_do_uncrypt_client_wrap_key(struct dcesrv_call_state *dce_call
* we have the private key ...
*/
hx509_context_init(&hctx);
res = _hx509_private_key_private_decrypt(hctx, &reversed_secret,
res = hx509_private_key_private_decrypt(hctx, &reversed_secret,
&alg.algorithm, pk,
&uncrypted_secret);
hx509_context_free(&hctx);
_hx509_private_key_free(&pk);
hx509_private_key_free(&pk);
if (res != 0) {
/* We are not able to decrypt the secret, looks like something is wrong */
return WERR_INVALID_DATA;
@ -803,7 +803,7 @@ static WERROR create_heimdal_rsa_key(TALLOC_CTX *ctx, hx509_context *hctx,
* To dump the key we can use :
* rk_dumpdata("h5lkey", p0, len);
*/
ret = _hx509_parse_private_key(*hctx, &_hx509_signature_rsa_with_var_num ,
ret = hx509_parse_private_key(*hctx, &_hx509_signature_rsa_with_var_num ,
p0, len, HX509_KEY_FORMAT_DER, pk);
memset(p0, 0, len);
talloc_free(p0);
@ -835,12 +835,12 @@ static WERROR self_sign_cert(TALLOC_CTX *ctx, hx509_context *hctx, hx509_request
memset(&spki, 0, sizeof(spki));
ret = _hx509_request_get_name(*hctx, *req, &subject);
ret = hx509_request_get_name(*hctx, *req, &subject);
if (ret !=0) {
talloc_free(uniqueid.data);
return WERR_INTERNAL_ERROR;
}
ret = _hx509_request_get_SubjectPublicKeyInfo(*hctx, *req, &spki);
ret = hx509_request_get_SubjectPublicKeyInfo(*hctx, *req, &spki);
if (ret !=0) {
talloc_free(uniqueid.data);
hx509_name_free(&subject);
@ -923,39 +923,39 @@ static WERROR create_req(TALLOC_CTX *ctx, hx509_context *hctx, hx509_request *re
return w_err;
}
_hx509_request_init(*hctx, req);
hx509_request_init(*hctx, req);
ret = hx509_parse_name(*hctx, dn, &name);
if (ret != 0) {
RSA_free(*rsa);
_hx509_private_key_free(signer);
_hx509_request_free(req);
hx509_private_key_free(signer);
hx509_request_free(req);
hx509_name_free(&name);
return WERR_INTERNAL_ERROR;
}
ret = _hx509_request_set_name(*hctx, *req, name);
ret = hx509_request_set_name(*hctx, *req, name);
if (ret != 0) {
RSA_free(*rsa);
_hx509_private_key_free(signer);
_hx509_request_free(req);
hx509_private_key_free(signer);
hx509_request_free(req);
hx509_name_free(&name);
return WERR_INTERNAL_ERROR;
}
hx509_name_free(&name);
ret = _hx509_private_key2SPKI(*hctx, *signer, &key);
ret = hx509_private_key2SPKI(*hctx, *signer, &key);
if (ret != 0) {
RSA_free(*rsa);
_hx509_private_key_free(signer);
_hx509_request_free(req);
hx509_private_key_free(signer);
hx509_request_free(req);
return WERR_INTERNAL_ERROR;
}
ret = _hx509_request_set_SubjectPublicKeyInfo(*hctx, *req, &key);
ret = hx509_request_set_SubjectPublicKeyInfo(*hctx, *req, &key);
if (ret != 0) {
RSA_free(*rsa);
_hx509_private_key_free(signer);
hx509_private_key_free(signer);
free_SubjectPublicKeyInfo(&key);
_hx509_request_free(req);
hx509_request_free(req);
return WERR_INTERNAL_ERROR;
}
@ -998,14 +998,14 @@ static WERROR generate_bkrp_cert(TALLOC_CTX *ctx, struct dcesrv_call_state *dce_
status = GUID_to_ndr_blob(&guid, ctx, &blob);
if (!NT_STATUS_IS_OK(status)) {
hx509_context_free(&hctx);
_hx509_private_key_free(&pk);
hx509_private_key_free(&pk);
RSA_free(rsa);
return WERR_INVALID_DATA;
}
w_err = self_sign_cert(ctx, &hctx, &req, nb_days_validity, &pk, &cert, &blob);
if (!W_ERROR_IS_OK(w_err)) {
_hx509_private_key_free(&pk);
hx509_private_key_free(&pk);
hx509_context_free(&hctx);
return WERR_INVALID_DATA;
}
@ -1013,7 +1013,7 @@ static WERROR generate_bkrp_cert(TALLOC_CTX *ctx, struct dcesrv_call_state *dce_
ret = hx509_cert_binary(hctx, cert, &data);
if (ret !=0) {
hx509_cert_free(cert);
_hx509_private_key_free(&pk);
hx509_private_key_free(&pk);
hx509_context_free(&hctx);
return WERR_INVALID_DATA;
}
@ -1101,7 +1101,7 @@ static WERROR generate_bkrp_cert(TALLOC_CTX *ctx, struct dcesrv_call_state *dce_
if (ok == false) {
der_free_octet_string(&data);
hx509_cert_free(cert);
_hx509_private_key_free(&pk);
hx509_private_key_free(&pk);
hx509_context_free(&hctx);
RSA_free(rsa);
return WERR_INVALID_DATA;
@ -1111,7 +1111,7 @@ static WERROR generate_bkrp_cert(TALLOC_CTX *ctx, struct dcesrv_call_state *dce_
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
der_free_octet_string(&data);
hx509_cert_free(cert);
_hx509_private_key_free(&pk);
hx509_private_key_free(&pk);
hx509_context_free(&hctx);
RSA_free(rsa);
return WERR_INVALID_DATA;
@ -1121,7 +1121,7 @@ static WERROR generate_bkrp_cert(TALLOC_CTX *ctx, struct dcesrv_call_state *dce_
if (secret_name == NULL) {
der_free_octet_string(&data);
hx509_cert_free(cert);
_hx509_private_key_free(&pk);
hx509_private_key_free(&pk);
hx509_context_free(&hctx);
RSA_free(rsa);
return WERR_OUTOFMEMORY;
@ -1141,7 +1141,7 @@ static WERROR generate_bkrp_cert(TALLOC_CTX *ctx, struct dcesrv_call_state *dce_
der_free_octet_string(&data);
hx509_cert_free(cert);
_hx509_private_key_free(&pk);
hx509_private_key_free(&pk);
hx509_context_free(&hctx);
RSA_free(rsa);
return WERR_OK;

2
source4/torture/rpc/backupkey.c
View File

@ -457,7 +457,7 @@ static DATA_BLOB *encrypt_blob_pk(struct torture_context *tctx,
secretdata.data = to_encrypt->data;
secretdata.length = to_encrypt->length;
hret = _hx509_cert_public_encrypt(hctx, &secretdata,
hret = hx509_cert_public_encrypt(hctx, &secretdata,
cert, &encryption_oid,
&encrypted);
hx509_cert_free(cert);