mirror of
https://github.com/samba-team/samba.git
synced 2025-01-26 10:04:02 +03:00
s4:heimdal: import lorikeet-heimdal-200907162216 (commit d09910d6803aad96b52ee626327ee55b14ea0de8)
This includes in particular changes to the KDC to resolve bug 6272, originally by Matthieu Patou <mat+Informatique.Samba@matws.net>. We need to sort the AuthorizationData elements to put the PAC first, or else WinXP breaks when browsed from Win2k8. Andrew Bartlett
This commit is contained in:
Andrew Bartlett
parent
19bc4ce95c
commit
6cb81f7b37
@ -805,17 +805,34 @@ tgs_make_reply(krb5_context context,
|
||||
et.flags.hw_authent = tgt->flags.hw_authent;
|
||||
et.flags.anonymous = tgt->flags.anonymous;
|
||||
et.flags.ok_as_delegate = server->entry.flags.ok_as_delegate;
|
||||
|
||||
if (auth_data) {
|
||||
/* XXX Check enc-authorization-data */
|
||||
et.authorization_data = calloc(1, sizeof(*et.authorization_data));
|
||||
if (et.authorization_data == NULL) {
|
||||
ret = ENOMEM;
|
||||
goto out;
|
||||
}
|
||||
ret = copy_AuthorizationData(auth_data, et.authorization_data);
|
||||
|
||||
if(rspac->length) {
|
||||
/*
|
||||
* No not need to filter out the any PAC from the
|
||||
* auth_data since it's signed by the KDC.
|
||||
*/
|
||||
ret = _kdc_tkt_add_if_relevant_ad(context, &et,
|
||||
KRB5_AUTHDATA_WIN2K_PAC, rspac);
|
||||
if (ret)
|
||||
goto out;
|
||||
}
|
||||
|
||||
if (auth_data) {
|
||||
unsigned int i = 0;
|
||||
|
||||
/* XXX check authdata */
|
||||
if (et.authorization_data == NULL) {
|
||||
ret = ENOMEM;
|
||||
krb5_set_error_message(context, ret, "malloc: out of memory");
|
||||
goto out;
|
||||
}
|
||||
for(i = 0; i < auth_data->len ; i++) {
|
||||
ret = add_AuthorizationData(et.authorization_data, &auth_data->val[i]);
|
||||
if (ret) {
|
||||
krb5_set_error_message(context, ret, "malloc: out of memory");
|
||||
goto out;
|
||||
}
|
||||
}
|
||||
|
||||
/* Filter out type KRB5SignedPath */
|
||||
ret = find_KRB5SignedPath(context, et.authorization_data, NULL);
|
||||
@ -832,18 +849,6 @@ tgs_make_reply(krb5_context context,
|
||||
}
|
||||
}
|
||||
|
||||
if(rspac->length) {
|
||||
/*
|
||||
* No not need to filter out the any PAC from the
|
||||
* auth_data since it's signed by the KDC.
|
||||
*/
|
||||
ret = _kdc_tkt_add_if_relevant_ad(context, &et,
|
||||
KRB5_AUTHDATA_WIN2K_PAC,
|
||||
rspac);
|
||||
if (ret)
|
||||
goto out;
|
||||
}
|
||||
|
||||
ret = krb5_copy_keyblock_contents(context, sessionkey, &et.key);
|
||||
if (ret)
|
||||
goto out;
|
||||
|
||||
@ -54,7 +54,13 @@
|
||||
#endif
|
||||
|
||||
#ifndef GSSAPI_DEPRECATED
|
||||
#if defined(__GNUC__) && ((__GNUC__ > 3) || ((__GNUC__ == 3) && (__GNUC_MINOR__ >= 1 )))
|
||||
#define GSSAPI_DEPRECATED __attribute__((deprecated))
|
||||
#elif defined(_MSC_VER)
|
||||
#define GSSAPI_DEPRECATED __declspec(deprecated)
|
||||
#else
|
||||
#define GSSAPI_DEPRECATED
|
||||
#endif
|
||||
#endif
|
||||
|
||||
/*
|
||||
|
||||
@ -84,12 +84,14 @@ typedef struct DES_key_schedule
|
||||
*
|
||||
*/
|
||||
|
||||
#if !defined(__GNUC__) && !defined(__attribute__)
|
||||
#define __attribute__(x)
|
||||
#endif
|
||||
|
||||
#ifndef HC_DEPRECATED
|
||||
#if defined(__GNUC__) && ((__GNUC__ > 3) || ((__GNUC__ == 3) && (__GNUC_MINOR__ >= 1 )))
|
||||
#define HC_DEPRECATED __attribute__((deprecated))
|
||||
#elif defined(_MSC_VER) && (_MSC_VER>1200)
|
||||
#define HC_DEPRECATED __declspec(deprecated)
|
||||
#else
|
||||
#define HC_DEPRECATED
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#ifdef __cplusplus
|
||||
|
||||
@ -190,10 +190,17 @@ struct hc_evp_md {
|
||||
#endif
|
||||
|
||||
#ifndef HC_DEPRECATED
|
||||
#if defined(__GNUC__) && ((__GNUC__ > 3) || ((__GNUC__ == 3) && (__GNUC_MINOR__ >= 1 )))
|
||||
#define HC_DEPRECATED __attribute__((deprecated))
|
||||
#elif defined(_MSC_VER) && (_MSC_VER>1200)
|
||||
#define HC_DEPRECATED __declspec(deprecated)
|
||||
#else
|
||||
#define HC_DEPRECATED
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#ifndef HC_DEPRECATED_CRYPTO
|
||||
#define HC_DEPRECATED_CRYPTO __attribute__((deprecated))
|
||||
#define HC_DEPRECATED_CRYPTO HC_DEPRECATED
|
||||
#endif
|
||||
|
||||
|
||||
|
||||
@ -52,7 +52,13 @@
|
||||
#endif
|
||||
|
||||
#ifndef KRB5_DEPRECATED
|
||||
#if defined(__GNUC__) && ((__GNUC__ > 3) || ((__GNUC__ == 3) && (__GNUC_MINOR__ >= 1 )))
|
||||
#define KRB5_DEPRECATED __attribute__((deprecated))
|
||||
#elif defined(_MSC_VER) && (_MSC_VER>1200)
|
||||
#define KRB5_DEPRECATED __declspec(deprecated)
|
||||
#else
|
||||
#define KRB5_DEPRECATED
|
||||
#endif
|
||||
#endif
|
||||
|
||||
/* simple constants */
|
||||
|
||||
@ -32,6 +32,7 @@
|
||||
*/
|
||||
|
||||
#include "krb5_locl.h"
|
||||
#include <vis.h>
|
||||
|
||||
struct facility {
|
||||
int min;
|
||||
@ -218,11 +219,21 @@ log_file(const char *timestr,
|
||||
void *data)
|
||||
{
|
||||
struct file_data *f = data;
|
||||
char *msgclean;
|
||||
size_t len = strlen(msg) + 1;
|
||||
if(f->keep_open == 0)
|
||||
f->fd = fopen(f->filename, f->mode);
|
||||
if(f->fd == NULL)
|
||||
return;
|
||||
fprintf(f->fd, "%s %s\n", timestr, msg);
|
||||
/* make sure the log doesn't contain special chars */
|
||||
len *= 4;
|
||||
msgclean = malloc(len);
|
||||
if (msgclean == NULL)
|
||||
goto out;
|
||||
strvisx(rk_UNCONST(msg), msgclean, len, VIS_OCTAL);
|
||||
fprintf(f->fd, "%s %s\n", timestr, msgclean);
|
||||
free(msgclean);
|
||||
out:
|
||||
if(f->keep_open == 0) {
|
||||
fclose(f->fd);
|
||||
f->fd = NULL;
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user