s4:heimdal: import lorikeet-heimdal-200911170333 (commit b532c294d974cead40a1183c71be...

This fixes up connections to Windows 2003, because the previous import
had a broken arcfour-hmac-md5 implementation (fixed in Heimdal
316fc6ff8ffb0cbb1ef3689685e9977c37405bc4)

Andrew Bartlett

diff --git a/source4/heimdal/lib/com_err/error.c b/source4/heimdal/lib/com_err/error.c
index d4a42ac5dea2ba0aaa60b53f2139e9ca37241afc..854a4b66cb64ffce2f9e7109147cbf95a4a8f1be 100644 (file)
--- a/source4/heimdal/lib/com_err/error.c
+++ b/source4/heimdal/lib/com_err/error.c
@@ -38,6 +38,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <com_right.h>
+#include <roken.h>
 
 #ifdef LIBINTL
 #include <libintl.h>

diff --git a/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c b/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c
index 247c25611f04bcd1fcfb4ce0782f802a83602c5d..ab8a4d1aacd19d4f732912fd9ec5944131d1cd74 100644 (file)
--- a/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c
+++ b/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c
@@ -33,8 +33,6 @@
 
 #include "spnego_locl.h"
 
-RCSID("$Id$");
-
 static OM_uint32
 send_reject (OM_uint32 *minor_status,
             gss_buffer_t output_token)

diff --git a/source4/heimdal/lib/gssapi/spnego/compat.c b/source4/heimdal/lib/gssapi/spnego/compat.c
index b2f535e58f456e781919fd73ae86e6484bbece60..673a5df66bd33902cff45b017393683be9156eab 100644 (file)
--- a/source4/heimdal/lib/gssapi/spnego/compat.c
+++ b/source4/heimdal/lib/gssapi/spnego/compat.c
@@ -32,8 +32,6 @@
 
 #include "spnego_locl.h"
 
-RCSID("$Id$");
-
 /*
  * Apparently Microsoft got the OID wrong, and used
  * 1.2.840.48018.1.2.2 instead. We need both this and

diff --git a/source4/heimdal/lib/gssapi/spnego/context_stubs.c b/source4/heimdal/lib/gssapi/spnego/context_stubs.c
index c0d47b9f6378dede153a6a6057d911388c56cf0c..98ab919459dc62f1ad0a3d4ad90f4bd171ed8737 100644 (file)
--- a/source4/heimdal/lib/gssapi/spnego/context_stubs.c
+++ b/source4/heimdal/lib/gssapi/spnego/context_stubs.c
@@ -32,8 +32,6 @@
 
 #include "spnego_locl.h"
 
-RCSID("$Id$");
-
 static OM_uint32
 spnego_supported_mechs(OM_uint32 *minor_status, gss_OID_set *mechs)
 {

diff --git a/source4/heimdal/lib/gssapi/spnego/cred_stubs.c b/source4/heimdal/lib/gssapi/spnego/cred_stubs.c
index b1eb0be6da197c17cfd33406070c198a69436f16..f15069362c9fe4e9999c4fdd545de18193910f95 100644 (file)
--- a/source4/heimdal/lib/gssapi/spnego/cred_stubs.c
+++ b/source4/heimdal/lib/gssapi/spnego/cred_stubs.c
@@ -32,8 +32,6 @@
 
 #include "spnego_locl.h"
 
-RCSID("$Id$");
-
 OM_uint32
 _gss_spnego_release_cred(OM_uint32 *minor_status, gss_cred_id_t *cred_handle)
 {

diff --git a/source4/heimdal/lib/gssapi/spnego/external.c b/source4/heimdal/lib/gssapi/spnego/external.c
index 9d50a61a7508a4b203cb585ed16f207c66a52c7d..2a6002b8ea9b772731a669f51fc1c8d995b9060b 100644 (file)
--- a/source4/heimdal/lib/gssapi/spnego/external.c
+++ b/source4/heimdal/lib/gssapi/spnego/external.c
@@ -33,8 +33,6 @@
 #include "spnego_locl.h"
 #include <gssapi_mech.h>
 
-RCSID("$Id$");
-
 /*
  * RFC2478, SPNEGO:
  *  The security mechanism of the initial

diff --git a/source4/heimdal/lib/gssapi/spnego/init_sec_context.c b/source4/heimdal/lib/gssapi/spnego/init_sec_context.c
index 6afd524a5b099bcf76d88abcd04c0b3def1cd531..75a925497ea8af165912ef27a9403ce5a53bbc12 100644 (file)
--- a/source4/heimdal/lib/gssapi/spnego/init_sec_context.c
+++ b/source4/heimdal/lib/gssapi/spnego/init_sec_context.c
@@ -33,8 +33,6 @@
 
 #include "spnego_locl.h"
 
-RCSID("$Id$");
-
 /*
  * Is target_name an sane target for `mech´.
  */

diff --git a/source4/heimdal/lib/krb5/crypto.c b/source4/heimdal/lib/krb5/crypto.c
index 68233c290d7b2d7b3e7259863415611fcbc02524..8cc7b06026ea2786cde447c3a182ae726c453be9 100644 (file)
--- a/source4/heimdal/lib/krb5/crypto.c
+++ b/source4/heimdal/lib/krb5/crypto.c
@@ -2386,7 +2386,6 @@ usage2arcfour (krb5_context context, unsigned *usage)
 {
     switch (*usage) {
     case KRB5_KU_AS_REP_ENC_PART : /* 3 */
-    case KRB5_KU_TGS_REP_ENC_PART_SUB_KEY : /* 9 */
        *usage = 8;
        return 0;
     case KRB5_KU_USAGE_SEAL :  /* 22 */

diff --git a/source4/heimdal/lib/krb5/get_cred.c b/source4/heimdal/lib/krb5/get_cred.c
index 63152bbfa6567903e4651c1b37e665965dc089b4..707213733848033f38febe14ab499f70d9664e2c 100644 (file)
--- a/source4/heimdal/lib/krb5/get_cred.c
+++ b/source4/heimdal/lib/krb5/get_cred.c
@@ -244,16 +244,12 @@ init_tgs_req (krb5_context context,
     if(ret)
        goto fail;
     
-    ret = krb5_generate_subkey_extended(context, &krbtgt->session, 
-                                       ETYPE_NULL, &key);
+    ret = krb5_auth_con_generatelocalsubkey(context, ac, &krbtgt->session);
     if (ret)
        goto fail;
     
-    ret = krb5_auth_con_setlocalsubkey(context, ac, key);
-    if (ret)
-       goto fail;
-    
-    ret = set_auth_data (context, &t->req_body, &in_creds->authdata, key);
+    ret = set_auth_data (context, &t->req_body, &in_creds->authdata,
+                        ac->local_subkey);
     if (ret)
        goto fail;
     
@@ -265,12 +261,11 @@ init_tgs_req (krb5_context context,
     if(ret)
        goto fail;
 
-    *subkey = key;
-    key = NULL;
-    
+    ret = krb5_auth_con_getlocalsubkey(context, ac, subkey);
+    if (ret)
+       goto fail;
+
 fail:
-    if (key)
-       krb5_free_keyblock (context, key);
     if (ac)
        krb5_auth_con_free(context, ac);
     if (ret) {