aboutsummaryrefslogtreecommitdiffstats
path: root/lib/krb5
diff options
context:
space:
mode:
authorStanislav Sedov <stas@FreeBSD.org>2011-10-08 04:08:44 +0000
committerStanislav Sedov <stas@FreeBSD.org>2011-10-08 04:08:44 +0000
commit813b7899c1cf9c5cd1b72c0fb7c6c740aab26929 (patch)
tree353454e541452788c2b3c59d1fb19ada4daf5646 /lib/krb5
parent7c450da7b446c557e05f34a100b597800967d987 (diff)
downloadsrc-813b7899c1cf9c5cd1b72c0fb7c6c740aab26929.tar.gz
src-813b7899c1cf9c5cd1b72c0fb7c6c740aab26929.zip
- Update vendor tree of heimdal to 1.5.1.vendor/heimdal/1.5.1
Notes
Notes: svn path=/vendor-crypto/heimdal/dist/; revision=226128 svn path=/vendor-crypto/heimdal/1.5.1/; revision=226129; tag=vendor/heimdal/1.5.1
Diffstat (limited to 'lib/krb5')
-rw-r--r--lib/krb5/cache.c44
-rw-r--r--lib/krb5/crypto.c71
-rw-r--r--lib/krb5/error_string.c60
-rw-r--r--lib/krb5/keytab_keyfile.c22
-rw-r--r--lib/krb5/krb5-private.h7
5 files changed, 143 insertions, 61 deletions
diff --git a/lib/krb5/cache.c b/lib/krb5/cache.c
index 616044e67baa..88040cbc6f35 100644
--- a/lib/krb5/cache.c
+++ b/lib/krb5/cache.c
@@ -464,6 +464,9 @@ environment_changed(krb5_context context)
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_switch(krb5_context context, krb5_ccache id)
{
+#ifdef _WIN32
+ _krb5_set_default_cc_name_to_registry(context, id);
+#endif
if (id->ops->set_default == NULL)
return 0;
@@ -515,7 +518,7 @@ krb5_cc_set_default_name(krb5_context context, const char *name)
#ifdef _WIN32
if (e == NULL) {
- e = p = _krb5_get_default_cc_name_from_registry();
+ e = p = _krb5_get_default_cc_name_from_registry(context);
}
#endif
if (e == NULL) {
@@ -1702,21 +1705,22 @@ krb5_cc_get_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat *offset
#ifdef _WIN32
+#define REGPATH_MIT_KRB5 "SOFTWARE\\MIT\\Kerberos5"
char *
-_krb5_get_default_cc_name_from_registry()
+_krb5_get_default_cc_name_from_registry(krb5_context context)
{
HKEY hk_k5 = 0;
LONG code;
char * ccname = NULL;
code = RegOpenKeyEx(HKEY_CURRENT_USER,
- "Software\\MIT\\Kerberos5",
+ REGPATH_MIT_KRB5,
0, KEY_READ, &hk_k5);
if (code != ERROR_SUCCESS)
return NULL;
- ccname = _krb5_parse_reg_value_as_string(NULL, hk_k5, "ccname",
+ ccname = _krb5_parse_reg_value_as_string(context, hk_k5, "ccname",
REG_NONE, 0);
RegCloseKey(hk_k5);
@@ -1724,4 +1728,36 @@ _krb5_get_default_cc_name_from_registry()
return ccname;
}
+int
+_krb5_set_default_cc_name_to_registry(krb5_context context, krb5_ccache id)
+{
+ HKEY hk_k5 = 0;
+ LONG code;
+ int ret = -1;
+ char * ccname = NULL;
+
+ code = RegOpenKeyEx(HKEY_CURRENT_USER,
+ REGPATH_MIT_KRB5,
+ 0, KEY_READ|KEY_WRITE, &hk_k5);
+
+ if (code != ERROR_SUCCESS)
+ return -1;
+
+ ret = asprintf(&ccname, "%s:%s", krb5_cc_get_type(context, id), krb5_cc_get_name(context, id));
+ if (ret < 0)
+ goto cleanup;
+
+ ret = _krb5_store_string_to_reg_value(context, hk_k5, "ccname",
+ REG_SZ, ccname, -1, 0);
+
+ cleanup:
+
+ if (ccname)
+ free(ccname);
+
+ RegCloseKey(hk_k5);
+
+ return ret;
+}
+
#endif
diff --git a/lib/krb5/crypto.c b/lib/krb5/crypto.c
index 37eb2c5460f5..4b66035155dd 100644
--- a/lib/krb5/crypto.c
+++ b/lib/krb5/crypto.c
@@ -51,9 +51,33 @@ static void free_key_schedule(krb5_context,
struct _krb5_key_data *,
struct _krb5_encryption_type *);
-/************************************************************
- * *
- ************************************************************/
+/*
+ * Converts etype to a user readable string and sets as a side effect
+ * the krb5_error_message containing this string. Returns
+ * KRB5_PROG_ETYPE_NOSUPP in not the conversion of the etype failed in
+ * which case the error code of the etype convesion is returned.
+ */
+
+static krb5_error_code
+unsupported_enctype(krb5_context context, krb5_enctype etype)
+{
+ krb5_error_code ret;
+ char *name;
+
+ ret = krb5_enctype_to_string(context, etype, &name);
+ if (ret)
+ return ret;
+
+ krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
+ N_("Encryption type %s not supported", ""),
+ name);
+ free(name);
+ return KRB5_PROG_ETYPE_NOSUPP;
+}
+
+/*
+ *
+ */
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_enctype_keysize(krb5_context context,
@@ -62,10 +86,7 @@ krb5_enctype_keysize(krb5_context context,
{
struct _krb5_encryption_type *et = _krb5_find_enctype(type);
if(et == NULL) {
- krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
- N_("encryption type %d not supported", ""),
- type);
- return KRB5_PROG_ETYPE_NOSUPP;
+ return unsupported_enctype (context, type);
}
*keysize = et->keytype->size;
return 0;
@@ -78,10 +99,7 @@ krb5_enctype_keybits(krb5_context context,
{
struct _krb5_encryption_type *et = _krb5_find_enctype(type);
if(et == NULL) {
- krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
- "encryption type %d not supported",
- type);
- return KRB5_PROG_ETYPE_NOSUPP;
+ return unsupported_enctype (context, type);
}
*keybits = et->keytype->bits;
return 0;
@@ -95,10 +113,7 @@ krb5_generate_random_keyblock(krb5_context context,
krb5_error_code ret;
struct _krb5_encryption_type *et = _krb5_find_enctype(type);
if(et == NULL) {
- krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
- N_("encryption type %d not supported", ""),
- type);
- return KRB5_PROG_ETYPE_NOSUPP;
+ return unsupported_enctype (context, type);
}
ret = krb5_data_alloc(&key->keyvalue, et->keytype->size);
if(ret)
@@ -121,10 +136,8 @@ _key_schedule(krb5_context context,
struct _krb5_key_type *kt;
if (et == NULL) {
- krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP,
- N_("encryption type %d not supported", ""),
- key->key->keytype);
- return KRB5_PROG_ETYPE_NOSUPP;
+ return unsupported_enctype (context,
+ key->key->keytype);
}
kt = et->keytype;
@@ -684,10 +697,7 @@ krb5_enctype_to_keytype(krb5_context context,
{
struct _krb5_encryption_type *e = _krb5_find_enctype(etype);
if(e == NULL) {
- krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP,
- N_("encryption type %d not supported", ""),
- etype);
- return KRB5_PROG_ETYPE_NOSUPP;
+ return unsupported_enctype (context, etype);
}
*keytype = e->keytype->type; /* XXX */
return 0;
@@ -713,10 +723,7 @@ krb5_enctype_valid(krb5_context context,
if (context == NULL)
return KRB5_PROG_ETYPE_NOSUPP;
if(e == NULL) {
- krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP,
- N_("encryption type %d not supported", ""),
- etype);
- return KRB5_PROG_ETYPE_NOSUPP;
+ return unsupported_enctype (context, etype);
}
/* Must be (e->flags & F_DISABLED) */
krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP,
@@ -1954,10 +1961,7 @@ krb5_derive_key(krb5_context context,
et = _krb5_find_enctype (etype);
if (et == NULL) {
- krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
- N_("encryption type %d not supported", ""),
- etype);
- return KRB5_PROG_ETYPE_NOSUPP;
+ return unsupported_enctype (context, etype);
}
ret = krb5_copy_keyblock(context, key, &d.key);
@@ -2035,10 +2039,7 @@ krb5_crypto_init(krb5_context context,
if((*crypto)->et == NULL || ((*crypto)->et->flags & F_DISABLED)) {
free(*crypto);
*crypto = NULL;
- krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP,
- N_("encryption type %d not supported", ""),
- etype);
- return KRB5_PROG_ETYPE_NOSUPP;
+ return unsupported_enctype(context, etype);
}
if((*crypto)->et->keytype->size != key->keyvalue.length) {
free(*crypto);
diff --git a/lib/krb5/error_string.c b/lib/krb5/error_string.c
index bebd4c490ee1..1bfbad0bfb05 100644
--- a/lib/krb5/error_string.c
+++ b/lib/krb5/error_string.c
@@ -241,29 +241,53 @@ krb5_have_error_string(krb5_context context)
KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL
krb5_get_error_message(krb5_context context, krb5_error_code code)
{
- char *str;
-
- HEIMDAL_MUTEX_lock(context->mutex);
- if (context->error_string &&
- (code == context->error_code || context->error_code == 0))
- {
- str = strdup(context->error_string);
- if (str) {
- HEIMDAL_MUTEX_unlock(context->mutex);
- return str;
- }
- }
- HEIMDAL_MUTEX_unlock(context->mutex);
+ char *str = NULL;
+ const char *cstr = NULL;
+ char buf[128];
+ int free_context = 0;
if (code == 0)
return strdup("Success");
+
+ /*
+ * The MIT version of this function ignores the krb5_context
+ * and several widely deployed applications call krb5_get_error_message()
+ * with a NULL context in order to translate an error code as a
+ * replacement for error_message(). Another reason a NULL context
+ * might be provided is if the krb5_init_context() call itself
+ * failed.
+ */
+ if (context)
{
- const char *msg;
- char buf[128];
- msg = com_right_r(context->et_list, code, buf, sizeof(buf));
- if (msg)
- return strdup(msg);
+ HEIMDAL_MUTEX_lock(context->mutex);
+ if (context->error_string &&
+ (code == context->error_code || context->error_code == 0))
+ {
+ str = strdup(context->error_string);
+ }
+ HEIMDAL_MUTEX_unlock(context->mutex);
+
+ if (str)
+ return str;
}
+ else
+ {
+ if (krb5_init_context(&context) == 0)
+ free_context = 1;
+ }
+
+ if (context)
+ cstr = com_right_r(context->et_list, code, buf, sizeof(buf));
+
+ if (free_context)
+ krb5_free_context(context);
+
+ if (cstr)
+ return strdup(cstr);
+
+ cstr = error_message(code);
+ if (cstr)
+ return strdup(cstr);
if (asprintf(&str, "<unknown error: %d>", (int)code) == -1 || str == NULL)
return NULL;
diff --git a/lib/krb5/keytab_keyfile.c b/lib/krb5/keytab_keyfile.c
index ea74c32780f8..120083215542 100644
--- a/lib/krb5/keytab_keyfile.c
+++ b/lib/krb5/keytab_keyfile.c
@@ -212,9 +212,17 @@ akf_start_seq_get(krb5_context context,
return ret;
}
+ c->data = NULL;
c->sp = krb5_storage_from_fd(c->fd);
+ if (c->sp == NULL) {
+ close(c->fd);
+ krb5_clear_error_message (context);
+ return KRB5_KT_NOTFOUND;
+ }
+ krb5_storage_set_eof_code(c->sp, KRB5_KT_END);
+
ret = krb5_ret_uint32(c->sp, &d->num_entries);
- if(ret) {
+ if(ret || d->num_entries > INT_MAX / 8) {
krb5_storage_free(c->sp);
close(c->fd);
krb5_clear_error_message (context);
@@ -255,7 +263,10 @@ akf_next_entry(krb5_context context,
entry->vno = kvno;
- entry->keyblock.keytype = ETYPE_DES_CBC_MD5;
+ if (cursor->data)
+ entry->keyblock.keytype = ETYPE_DES_CBC_MD5;
+ else
+ entry->keyblock.keytype = ETYPE_DES_CBC_CRC;
entry->keyblock.keyvalue.length = 8;
entry->keyblock.keyvalue.data = malloc (8);
if (entry->keyblock.keyvalue.data == NULL) {
@@ -277,7 +288,11 @@ akf_next_entry(krb5_context context,
entry->aliases = NULL;
out:
- krb5_storage_seek(cursor->sp, pos + 4 + 8, SEEK_SET);
+ if (cursor->data) {
+ krb5_storage_seek(cursor->sp, pos + 4 + 8, SEEK_SET);
+ cursor->data = NULL;
+ } else
+ cursor->data = cursor;
return ret;
}
@@ -288,6 +303,7 @@ akf_end_seq_get(krb5_context context,
{
krb5_storage_free(cursor->sp);
close(cursor->fd);
+ cursor->data = NULL;
return 0;
}
diff --git a/lib/krb5/krb5-private.h b/lib/krb5/krb5-private.h
index a6500f38e3b5..956e00e4aaf0 100644
--- a/lib/krb5/krb5-private.h
+++ b/lib/krb5/krb5-private.h
@@ -265,7 +265,7 @@ _krb5_get_cred_kdc_any (
krb5_creds ***/*ret_tgts*/);
char *
-_krb5_get_default_cc_name_from_registry (void);
+_krb5_get_default_cc_name_from_registry (krb5_context /*context*/);
char *
_krb5_get_default_config_config_files_from_registry (void);
@@ -555,6 +555,11 @@ _krb5_send_and_recv_tcp (
const krb5_data */*req*/,
krb5_data */*rep*/);
+int
+_krb5_set_default_cc_name_to_registry (
+ krb5_context /*context*/,
+ krb5_ccache /*id*/);
+
void
_krb5_unload_plugins (
krb5_context /*context*/,