sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-08 21:18:16 +03:00
Code

third_party/heimdal: Import lorikeet-heimdal-202311030123 (commit 2346a67fe25cbf16128501665db41f6840546e15)

Browse Source 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Nov  3 03:53:08 UTC 2023 on atb-devel-224
This commit is contained in:
Joseph Sutton 2023-11-03 14:27:52 +13:00 committed by Andrew Bartlett
parent 3ef68efca2
commit cfec96d5e9
18 changed files with 108 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
third_party/heimdal/kdc/fast.c vendored
View File

@ -406,8 +406,8 @@ _kdc_fast_mk_e_data(astgs_request_t r,
NULL, NULL,
error_client, error_client,
error_server, error_server,
NULL, csec,
NULL, cusec,
e_data); e_data);
if (ret) { if (ret) {
kdc_log(r->context, r->config, 1, kdc_log(r->context, r->config, 1,
@ -508,8 +508,8 @@ _kdc_fast_mk_error(astgs_request_t r,
error_client = NULL; error_client = NULL;
error_server = NULL; error_server = NULL;
} }
csec = 0; csec = NULL;
cusec = 0; cusec = NULL;
} }
ret = krb5_mk_error(r->context, ret = krb5_mk_error(r->context,
@ -603,6 +603,9 @@ fast_unwrap_request(astgs_request_t r,
* *
*/ */
if (fxreq.u.armored_data.armor != NULL) { if (fxreq.u.armored_data.armor != NULL) {
krb5uint32 kvno;
krb5uint32 *kvno_ptr = NULL;
if (fxreq.u.armored_data.armor->armor_type != 1) { if (fxreq.u.armored_data.armor->armor_type != 1) {
kdc_log(r->context, r->config, 4, kdc_log(r->context, r->config, 4,
"Incorrect AS-REQ armor type"); "Incorrect AS-REQ armor type");
@ -628,9 +631,14 @@ fast_unwrap_request(astgs_request_t r,
goto out; goto out;
} }
if (ap_req.ticket.enc_part.kvno != NULL) {
kvno = *ap_req.ticket.enc_part.kvno;
kvno_ptr = &kvno;
}
ret = _kdc_db_fetch(r->context, r->config, armor_server_principal, ret = _kdc_db_fetch(r->context, r->config, armor_server_principal,
HDB_F_GET_KRBTGT | HDB_F_DELAY_NEW_KEYS, HDB_F_GET_KRBTGT | HDB_F_DELAY_NEW_KEYS,
(krb5uint32 *)ap_req.ticket.enc_part.kvno, kvno_ptr,
&r->armor_serverdb, &r->armor_server); &r->armor_serverdb, &r->armor_server);
if(ret == HDB_ERR_NOT_FOUND_HERE) { if(ret == HDB_ERR_NOT_FOUND_HERE) {
free_AP_REQ(&ap_req); free_AP_REQ(&ap_req);

2
third_party/heimdal/kdc/pkinit.c vendored
View File

@ -1078,9 +1078,9 @@ pk_mk_pa_reply_dh(krb5_context context,
unsigned char *p; unsigned char *p;
ret = _kdc_serialize_ecdh_key(context, cp->u.ecdh.key, &p, ret = _kdc_serialize_ecdh_key(context, cp->u.ecdh.key, &p,
&dh_info.subjectPublicKey.length); &dh_info.subjectPublicKey.length);
dh_info.subjectPublicKey.data = p;
if (ret) if (ret)
goto out; goto out;
dh_info.subjectPublicKey.data = p;
} else } else
krb5_abortx(context, "no keyex selected ?"); krb5_abortx(context, "no keyex selected ?");

4
third_party/heimdal/lib/hcrypto/bn.c vendored
View File

@ -235,7 +235,7 @@ static const unsigned char is_set[8] = { 1, 2, 4, 8, 16, 32, 64, 128 };
int int
BN_is_bit_set(const BIGNUM *bn, int bit) BN_is_bit_set(const BIGNUM *bn, int bit)
{ {
heim_integer *hi = (heim_integer *)bn; const heim_integer *hi = (const heim_integer *)bn;
unsigned char *p = hi->data; unsigned char *p = hi->data;
if ((bit / 8) >= hi->length || hi->length == 0) if ((bit / 8) >= hi->length || hi->length == 0)
@ -306,7 +306,7 @@ BN_set_word(BIGNUM *bn, unsigned long num)
unsigned long unsigned long
BN_get_word(const BIGNUM *bn) BN_get_word(const BIGNUM *bn)
{ {
heim_integer *hi = (heim_integer *)bn; const heim_integer *hi = (const heim_integer *)bn;
unsigned long num = 0; unsigned long num = 0;
int i; int i;

4
third_party/heimdal/lib/hcrypto/pkcs12.c vendored
View File

@ -78,7 +78,7 @@ PKCS12_key_gen(const void *key, size_t keylen,
if (salt && saltlen > 0) { if (salt && saltlen > 0) {
for (i = 0; i < vlen; i++) for (i = 0; i < vlen; i++)
I[i] = ((unsigned char*)salt)[i % saltlen]; I[i] = ((const unsigned char*)salt)[i % saltlen];
size_I += vlen; size_I += vlen;
} }
/* /*
@ -89,7 +89,7 @@ PKCS12_key_gen(const void *key, size_t keylen,
if (key) { if (key) {
for (i = 0; i < vlen / 2; i++) { for (i = 0; i < vlen / 2; i++) {
I[(i * 2) + size_I] = 0; I[(i * 2) + size_I] = 0;
I[(i * 2) + size_I + 1] = ((unsigned char*)key)[i % (keylen + 1)]; I[(i * 2) + size_I + 1] = ((const unsigned char*)key)[i % (keylen + 1)];
} }
size_I += vlen; size_I += vlen;
} }

1
third_party/heimdal/lib/hdb/common.c vendored
View File

@ -1629,7 +1629,6 @@ fetch_it(krb5_context context,
/* Extra ':'s? No virtualization for you! */ /* Extra ':'s? No virtualization for you! */
free(host); free(host);
host = NULL; host = NULL;
htmp = NULL;
} else { } else {
*htmp = '\0'; *htmp = '\0';
} }

1
third_party/heimdal/lib/hdb/hdb-ldap.c vendored
View File

@ -366,6 +366,7 @@ LDAP_get_generalized_time_value(HDB * db, LDAPMessage * entry,
if (ret) if (ret)
return ret; return ret;
memset(&tm, 0, sizeof tm);
tmp = strptime(gentime, "%Y%m%d%H%M%SZ", &tm); tmp = strptime(gentime, "%Y%m%d%H%M%SZ", &tm);
if (tmp == NULL) { if (tmp == NULL) {
free(gentime); free(gentime);

13
third_party/heimdal/lib/hx509/ca.c vendored
View File

@ -1187,8 +1187,7 @@ hx509_ca_tbs_add_san_permanentIdentifier_string(hx509_context context,
p = strchr(freeme, ':'); p = strchr(freeme, ':');
if (!p) { if (!p) {
hx509_set_error_string(context, 0, EINVAL, hx509_set_error_string(context, 0, EINVAL,
"Invalid PermanentIdentifier string (should be \"[<oid>]:[<id>]\")", "Invalid PermanentIdentifier string (should be \"[<oid>]:[<id>]\")");
oidstr);
free(freeme); free(freeme);
return EINVAL; return EINVAL;
} }
@ -1297,8 +1296,7 @@ hx509_ca_tbs_add_san_hardwareModuleName_string(hx509_context context,
if (!p) { if (!p) {
hx509_set_error_string(context, 0, EINVAL, hx509_set_error_string(context, 0, EINVAL,
"Invalid HardwareModuleName string (should be " "Invalid HardwareModuleName string (should be "
"\"<oid>:<serial>\")", "\"<oid>:<serial>\")");
oidstr);
free(freeme); free(freeme);
return EINVAL; return EINVAL;
} }
@ -1735,7 +1733,12 @@ ca_sign(hx509_context context,
hx509_set_error_string(context, 0, ret, "Out of memory"); hx509_set_error_string(context, 0, ret, "Out of memory");
goto out; goto out;
} }
RAND_bytes(tbsc->serialNumber.data, tbsc->serialNumber.length); ret = RAND_bytes(tbsc->serialNumber.data, tbsc->serialNumber.length);
if (ret != 1) {
ret = HX509_CRYPTO_INTERNAL_ERROR;
hx509_set_error_string(context, 0, ret, "Failed to generate random bytes");
goto out;
}
((unsigned char *)tbsc->serialNumber.data)[0] &= 0x7f; ((unsigned char *)tbsc->serialNumber.data)[0] &= 0x7f;
((unsigned char *)tbsc->serialNumber.data)[0] |= 0x40; ((unsigned char *)tbsc->serialNumber.data)[0] |= 0x40;
} }

2
third_party/heimdal/lib/hx509/cms.c vendored
View File

@ -938,7 +938,7 @@ hx509_cms_verify_signed_ext(hx509_context context,
if (signer_info->signature.length == 0) { if (signer_info->signature.length == 0) {
ret = HX509_CMS_MISSING_SIGNER_DATA; ret = HX509_CMS_MISSING_SIGNER_DATA;
hx509_set_error_string(context, 0, ret, hx509_set_error_string(context, 0, ret,
"SignerInfo %d in SignedData " "SignerInfo %zu in SignedData "
"missing sigature", i); "missing sigature", i);
continue; continue;
} }

2
third_party/heimdal/lib/hx509/hxtool.c vendored
View File

@ -2902,9 +2902,11 @@ ptime(const char *s)
char *rest; char *rest;
int at_s; int at_s;
memset(&at_tm, 0, sizeof at_tm);
if ((rest = strptime(s, "%Y-%m-%dT%H:%M:%S", &at_tm)) != NULL && if ((rest = strptime(s, "%Y-%m-%dT%H:%M:%S", &at_tm)) != NULL &&
rest[0] == '\0') rest[0] == '\0')
return mktime(&at_tm); return mktime(&at_tm);
memset(&at_tm, 0, sizeof at_tm);
if ((rest = strptime(s, "%Y%m%d%H%M%S", &at_tm)) != NULL && rest[0] == '\0') if ((rest = strptime(s, "%Y%m%d%H%M%S", &at_tm)) != NULL && rest[0] == '\0')
return mktime(&at_tm); return mktime(&at_tm);
if ((at_s = parse_time(s, "s")) != -1) if ((at_s = parse_time(s, "s")) != -1)

2
third_party/heimdal/lib/hx509/ks_file.c vendored
View File

@ -197,7 +197,7 @@ parse_pem_private_key(hx509_context context, const char *fn, int flags,
if (strcmp(enc, "4,ENCRYPTED") != 0) { if (strcmp(enc, "4,ENCRYPTED") != 0) {
hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED, hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
"Private key encrypted in unknown method %s " "Private key encrypted in unknown method %s "
"in file", "in file %s",
enc, fn); enc, fn);
hx509_clear_error_string(context); hx509_clear_error_string(context);
return HX509_PARSING_KEY_FAILED; return HX509_PARSING_KEY_FAILED;

2
third_party/heimdal/lib/krb5/acache.c vendored
View File

@ -88,7 +88,9 @@ static krb5_error_code
init_ccapi(krb5_context context) init_ccapi(krb5_context context)
{ {
const char *lib = NULL; const char *lib = NULL;
#ifdef HAVE_DLOPEN
char *explib = NULL; char *explib = NULL;
#endif
HEIMDAL_MUTEX_lock(&acc_mutex); HEIMDAL_MUTEX_lock(&acc_mutex);
if (init_func) { if (init_func) {

6
third_party/heimdal/lib/krb5/build_ap_req.c vendored
View File

@ -51,7 +51,11 @@ krb5_build_ap_req (krb5_context context,
ap.ap_options.use_session_key = (ap_options & AP_OPTS_USE_SESSION_KEY) > 0; ap.ap_options.use_session_key = (ap_options & AP_OPTS_USE_SESSION_KEY) > 0;
ap.ap_options.mutual_required = (ap_options & AP_OPTS_MUTUAL_REQUIRED) > 0; ap.ap_options.mutual_required = (ap_options & AP_OPTS_MUTUAL_REQUIRED) > 0;
decode_Ticket(cred->ticket.data, cred->ticket.length, &ap.ticket, &len); ret = decode_Ticket(cred->ticket.data, cred->ticket.length, &ap.ticket, &len);
if (ret)
return ret;
if (cred->ticket.length != len)
krb5_abortx(context, "internal error in ASN.1 encoder");
ap.authenticator.etype = enctype; ap.authenticator.etype = enctype;
ap.authenticator.kvno = NULL; ap.authenticator.kvno = NULL;
ap.authenticator.cipher = authenticator; ap.authenticator.cipher = authenticator;

72
third_party/heimdal/lib/krb5/context.c vendored
View File

@ -284,29 +284,47 @@ init_context_from_config_file(krb5_context context)
static krb5_error_code static krb5_error_code
cc_ops_register(krb5_context context) cc_ops_register(krb5_context context)
{ {
krb5_error_code ret;
context->cc_ops = NULL; context->cc_ops = NULL;
context->num_cc_ops = 0; context->num_cc_ops = 0;
#ifndef KCM_IS_API_CACHE #ifndef KCM_IS_API_CACHE
krb5_cc_register(context, &krb5_acc_ops, TRUE); ret = krb5_cc_register(context, &krb5_acc_ops, TRUE);
if (ret)
return ret;
#endif #endif
krb5_cc_register(context, &krb5_fcc_ops, TRUE); ret = krb5_cc_register(context, &krb5_fcc_ops, TRUE);
krb5_cc_register(context, &krb5_dcc_ops, TRUE); if (ret)
krb5_cc_register(context, &krb5_mcc_ops, TRUE); return ret;
ret = krb5_cc_register(context, &krb5_dcc_ops, TRUE);
if (ret)
return ret;
ret = krb5_cc_register(context, &krb5_mcc_ops, TRUE);
if (ret)
return ret;
#ifdef HAVE_SCC #ifdef HAVE_SCC
krb5_cc_register(context, &krb5_scc_ops, TRUE); ret = krb5_cc_register(context, &krb5_scc_ops, TRUE);
if (ret)
return ret;
#endif #endif
#ifdef HAVE_KCM #ifdef HAVE_KCM
#ifdef KCM_IS_API_CACHE #ifdef KCM_IS_API_CACHE
krb5_cc_register(context, &krb5_akcm_ops, TRUE); ret = krb5_cc_register(context, &krb5_akcm_ops, TRUE);
if (ret)
return ret;
#endif #endif
krb5_cc_register(context, &krb5_kcm_ops, TRUE); ret = krb5_cc_register(context, &krb5_kcm_ops, TRUE);
if (ret)
return ret;
#endif #endif
#if defined(HAVE_KEYUTILS_H) #if defined(HAVE_KEYUTILS_H)
krb5_cc_register(context, &krb5_krcc_ops, TRUE); ret = krb5_cc_register(context, &krb5_krcc_ops, TRUE);
if (ret)
return ret;
#endif #endif
_krb5_load_ccache_plugins(context); ret = _krb5_load_ccache_plugins(context);
return 0; return ret;
} }
static krb5_error_code static krb5_error_code
@ -338,18 +356,30 @@ cc_ops_copy(krb5_context context, const krb5_context src_context)
static krb5_error_code static krb5_error_code
kt_ops_register(krb5_context context) kt_ops_register(krb5_context context)
{ {
krb5_error_code ret;
context->num_kt_types = 0; context->num_kt_types = 0;
context->kt_types = NULL; context->kt_types = NULL;
krb5_kt_register (context, &krb5_fkt_ops); ret = krb5_kt_register (context, &krb5_fkt_ops);
krb5_kt_register (context, &krb5_wrfkt_ops); if (ret)
krb5_kt_register (context, &krb5_javakt_ops); return ret;
krb5_kt_register (context, &krb5_mkt_ops); ret = krb5_kt_register (context, &krb5_wrfkt_ops);
if (ret)
return ret;
ret = krb5_kt_register (context, &krb5_javakt_ops);
if (ret)
return ret;
ret = krb5_kt_register (context, &krb5_mkt_ops);
if (ret)
return ret;
#ifndef HEIMDAL_SMALLER #ifndef HEIMDAL_SMALLER
krb5_kt_register (context, &krb5_akf_ops); ret = krb5_kt_register (context, &krb5_akf_ops);
if (ret)
return ret;
#endif #endif
krb5_kt_register (context, &krb5_any_ops); ret = krb5_kt_register (context, &krb5_any_ops);
return 0; return ret;
} }
static krb5_error_code static krb5_error_code
@ -476,8 +506,12 @@ krb5_init_context(krb5_context *context)
/* init error tables */ /* init error tables */
_krb5_init_ets(p); _krb5_init_ets(p);
cc_ops_register(p); ret = cc_ops_register(p);
kt_ops_register(p); if (ret)
goto out;
ret = kt_ops_register(p);
if (ret)
goto out;
#ifdef PKINIT #ifdef PKINIT
ret = hx509_context_init(&p->hx509ctx); ret = hx509_context_init(&p->hx509ctx);

2
third_party/heimdal/lib/krb5/kx509.c vendored
View File

@ -1033,7 +1033,7 @@ rd_kx509_resp(krb5_context context,
code = 0; /* No error */ code = 0; /* No error */
} else if (r.error_code < 0) { } else if (r.error_code < 0) {
code = KRB5KRB_ERR_GENERIC; /* ??? */ code = KRB5KRB_ERR_GENERIC; /* ??? */
} else if (r.error_code <= KX509_ERR_SRV_OVERLOADED) { } else if (r.error_code <= KX509_ERR_SRV_OVERLOADED - ERROR_TABLE_BASE_kx59) {
/* /*
* RFC6717 (kx509) error code. These are actually not used on the * RFC6717 (kx509) error code. These are actually not used on the
* wire in any existing implementations that we are aware of. Just * wire in any existing implementations that we are aware of. Just

4
third_party/heimdal/lib/krb5/pkinit.c vendored
View File

@ -448,7 +448,9 @@ build_auth_pack(krb5_context context,
krb5_clear_error_message(context); krb5_clear_error_message(context);
return ret; return ret;
} }
RAND_bytes(a->clientDHNonce->data, a->clientDHNonce->length); ret = RAND_bytes(a->clientDHNonce->data, a->clientDHNonce->length);
if (ret != 1)
return KRB5_CRYPTO_INTERNAL;
ret = krb5_copy_data(context, a->clientDHNonce, ret = krb5_copy_data(context, a->clientDHNonce,
&ctx->clientDHNonce); &ctx->clientDHNonce);
if (ret) if (ret)

2
third_party/heimdal/lib/krb5/store.c vendored
View File

@ -968,7 +968,7 @@ krb5_ret_data(krb5_storage *sp,
bytes = sp->fetch(sp, data->data, size); bytes = sp->fetch(sp, data->data, size);
if (bytes < 0 || bytes != size) { if (bytes < 0 || bytes != size) {
krb5_data_free(data); krb5_data_free(data);
return (ret < 0)? errno : sp->eof_code; return (bytes < 0)? errno : sp->eof_code;
} }
} }
return 0; return 0;

16
third_party/heimdal/lib/roken/base32.c vendored
View File

@ -91,14 +91,14 @@ rk_base32_encode(const void *data, int size, char **str, enum rk_base32_flags fl
if (i < size) if (i < size)
c += q[i]; c += q[i];
i++; i++;
p[0] = chars[(c & 0x00000000f800000000ULL) >> 35]; p[0] = chars[(c & 0x000000f800000000ULL) >> 35];
p[1] = chars[(c & 0x0000000007c0000000ULL) >> 30]; p[1] = chars[(c & 0x00000007c0000000ULL) >> 30];
p[2] = chars[(c & 0x00000000003e000000ULL) >> 25]; p[2] = chars[(c & 0x000000003e000000ULL) >> 25];
p[3] = chars[(c & 0x000000000001f00000ULL) >> 20]; p[3] = chars[(c & 0x0000000001f00000ULL) >> 20];
p[4] = chars[(c & 0x0000000000000f8000ULL) >> 15]; p[4] = chars[(c & 0x00000000000f8000ULL) >> 15];
p[5] = chars[(c & 0x000000000000007c00ULL) >> 10]; p[5] = chars[(c & 0x0000000000007c00ULL) >> 10];
p[6] = chars[(c & 0x0000000000000003e0ULL) >> 5]; p[6] = chars[(c & 0x00000000000003e0ULL) >> 5];
p[7] = chars[(c & 0x00000000000000001fULL) >> 0]; p[7] = chars[(c & 0x000000000000001fULL) >> 0];
switch (i - size) { switch (i - size) {
case 4: p[2] = p[3] = '='; HEIM_FALLTHROUGH; case 4: p[2] = p[3] = '='; HEIM_FALLTHROUGH;
case 3: p[4] = '='; HEIM_FALLTHROUGH; case 3: p[4] = '='; HEIM_FALLTHROUGH;

8
third_party/heimdal/lib/wind/gen-punycode-examples.py vendored
View File

@ -61,10 +61,10 @@ while True:
l2 = re.sub('^ *', '', l2) l2 = re.sub('^ *', '', l2)
l = l[:-2] + l2 l = l[:-2] + l2
if start: if start:
if re.match('7\.2', l): if re.match(r'7\.2', l):
start = False start = False
else: else:
m = re.search('^ *\([A-Z]\) *(.*)$', l); m = re.search(r'^ *\([A-Z]\) *(.*)$', l);
if m: if m:
desc = m.group(1) desc = m.group(1)
codes = [] codes = []
@ -77,7 +77,7 @@ while True:
if m: if m:
cases.append([codes, m.group(1), desc]) cases.append([codes, m.group(1), desc])
else: else:
if re.match('^7\.1', l): if re.match(r'^7\.1', l):
start = True start = True
cases = [] cases = []
@ -114,7 +114,7 @@ for x in cases:
examples_c.file.write( examples_c.file.write(
" {%u, {%s}, \"%s\", \"%s\"},\n" % " {%u, {%s}, \"%s\", \"%s\"},\n" %
(len(cp), (len(cp),
",".join([re.sub('[uU]\+', '0x', x) for x in cp]), ",".join([re.sub(r'[uU]\+', '0x', x) for x in cp]),
pc, pc,
desc)) desc))