s4:heimdal: import lorikeet-heimdal-201107150856 (commit 48936803fae4a2fb362c79365d31...

author Stefan Metzmacher <metze@samba.org>

Fri, 15 Jul 2011 07:10:30 +0000 (09:10 +0200)

committer Stefan Metzmacher <metze@samba.org>

Fri, 15 Jul 2011 09:15:05 +0000 (11:15 +0200)
author Stefan Metzmacher <metze@samba.org>
Fri, 15 Jul 2011 07:10:30 +0000 (09:10 +0200)
committer Stefan Metzmacher <metze@samba.org>
Fri, 15 Jul 2011 09:15:05 +0000 (11:15 +0200)
diff --git a/source4/heimdal/base/baselocl.h b/source4/heimdal/base/baselocl.h

index b3c81b9460e8261ee161c46b49b78152d232237c..901e8606fd97a47565296a9dd32710d1160ec437 100644 (file)
--- a/source4/heimdal/base/baselocl.h
+++ b/source4/heimdal/base/baselocl.h
@@ -35,6 +35,13 @@
  
  #include "config.h"
  
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SELECT_H
+#include <sys/select.h>
+#endif
+
  #include <stdio.h>
  #include <stdlib.h>
  #include <string.h>
diff --git a/source4/heimdal/base/dict.c b/source4/heimdal/base/dict.c

index 7522c8c1c412a2499a193d80078b1a502400ed62..1f9d71a0f506c7912baac0c615905ce03fd25caa 100644 (file)
--- a/source4/heimdal/base/dict.c
+++ b/source4/heimdal/base/dict.c
@@ -77,7 +77,7 @@ struct heim_type_data dict_object = {
  static size_t
  isprime(size_t p)
  {
-    int q, i;
+    size_t q, i;
  
      for(i = 2 ; i < p; i++) {
         q = p / i;
@@ -120,7 +120,7 @@ heim_dict_create(size_t size)
         heim_release(dict);
         return NULL;
      }
-    
+
      dict->tab = calloc(dict->size, sizeof(dict->tab[0]));
      if (dict->tab == NULL) {
         dict->size = 0;
diff --git a/source4/heimdal/base/heimbase.c b/source4/heimdal/base/heimbase.c

index 01668716a300144ec5650c1fa9b6b329f180e1ff..7031af9e49806ad7a483d57d66053ce0c7de4515 100644 (file)
--- a/source4/heimdal/base/heimbase.c
+++ b/source4/heimdal/base/heimbase.c
@@ -369,7 +369,7 @@ void
  heim_abortv(const char *fmt, va_list ap)
  {
      static char str[1024];
-    
+
      vsnprintf(str, sizeof(str), fmt, ap);
      syslog(LOG_ERR, "heim_abort: %s", str);
      abort();
diff --git a/source4/heimdal/base/heimbase.h b/source4/heimdal/base/heimbase.h

index d1ca5aa89968e991438c61acea06e2a2fc4f50a1..ad1b3f0c48d33f1bf655856a2128ad94bd3994e3 100644 (file)
--- a/source4/heimdal/base/heimbase.h
+++ b/source4/heimdal/base/heimbase.h
@@ -48,6 +48,22 @@ typedef heim_object_t heim_null_t;
  #define HEIM_BASE_ONCE_INIT 0
  typedef long heim_base_once_t; /* XXX arch dependant */
  
+#if !defined(__has_extension)
+#define __has_extension(x) 0
+#endif
+
+#define HEIM_REQUIRE_GNUC(m,n,p) \
+    (((__GNUC__ * 10000) + (__GNUC_MINOR__ * 100) + __GNUC_PATCHLEVEL__) >= \
+     (((m) * 10000) + ((n) * 100) + (p)))
+
+
+#if __has_extension(__builtin_expect) || HEIM_REQUIRE_GNUC(3,0,0)
+#define heim_builtin_expect(_op,_res) __builtin_expect(_op,_res)
+#else
+#define heim_builtin_expect(_op,_res) (_op)
+#endif
+
+
  void * heim_retain(heim_object_t);
  void   heim_release(heim_object_t);
  
@@ -79,7 +95,7 @@ heim_abortv(const char *fmt, va_list ap)
      HEIMDAL_PRINTF_ATTRIBUTE((printf, 1, 0));
  
  #define heim_assert(e,t) \
-    (__builtin_expect(!(e), 0) ? heim_abort(t ":" #e) : (void)0)
+    (heim_builtin_expect(!(e), 0) ? heim_abort(t ":" #e) : (void)0)
  
  /*
   *
diff --git a/source4/heimdal/cf/make-proto.pl b/source4/heimdal/cf/make-proto.pl

index bc323b9433eb8e8c97a04d8fccf1914dd3030b5f..6894dc143e17f7b1e52bf15fd75c258475982097 100644 (file)
--- a/source4/heimdal/cf/make-proto.pl
+++ b/source4/heimdal/cf/make-proto.pl
@@ -11,6 +11,7 @@ my $line = "";
  my $debug = 0;
  my $oproto = 1;
  my $private_func_re = "^_";
+my %depfunction = ();
  
  Getopts('x:m:o:p:dqE:R:P:') || die "foo";
  
@@ -25,7 +26,7 @@ if($opt_q) {
  if($opt_R) {
      $private_func_re = $opt_R;
  }
-%flags = (
+my %flags = (
           'multiline-proto' => 1,
           'header' => 1,
           'function-blocking' => 0,
@@ -100,16 +101,21 @@ while(<>) {
         s/^\s*//;
         s/\s*$//;
         s/\s+/ /g;
-       if($_ =~ /\)$/ or $_ =~ /DEPRECATED$/){
+       if($_ =~ /\)$/){
             if(!/^static/ && !/^PRIVATE/){
                 $attr = "";
                 if(m/(.*)(__attribute__\s?\(.*\))/) {
                     $attr .= " $2";
                     $_ = $1;
                 }
-               if(m/(.*)\s(\w+DEPRECATED)/) {
+               if(m/(.*)\s(\w+DEPRECATED_FUNCTION)\s?(\(.*\))(.*)/) {
+                   $depfunction{$2} = 1;
+                   $attr .= " $2$3";
+                   $_ = "$1 $4";
+               }
+               if(m/(.*)\s(\w+DEPRECATED)(.*)/) {
                     $attr .= " $2";
-                   $_ = $1;
+                   $_ = "$1 $3";
                 }
                 # remove outer ()
                 s/\s*\(/</;
@@ -302,17 +308,44 @@ if($flags{"gnuc-attribute"}) {
  ";
      }
  }
+
+my $depstr = "";
+my $undepstr = "";
+foreach (keys %depfunction) {
+    $depstr .= "#ifndef $_
+#if defined(__GNUC__) && ((__GNUC__ > 3) || ((__GNUC__ == 3) && (__GNUC_MINOR__ >= 1 )))
+#define $_(X) __attribute__((__deprecated__))
+#else
+#define $_(X)
+#endif
+#endif
+
+
+";
+    $public_h_trailer .= "#undef $_
+
+";
+    $private_h_trailer .= "#undef $_
+#define $_(X)
+
+";
+}
+
+$public_h_header .= $depstr;
+$private_h_header .= $depstr;
+
+
  if($flags{"cxx"}) {
      $public_h_header .= "#ifdef __cplusplus
  extern \"C\" {
  #endif
  
  ";
-    $public_h_trailer .= "#ifdef __cplusplus
+    $public_h_trailer = "#ifdef __cplusplus
  }
  #endif
  
-";
+" . $public_h_trailer;
  
  }
  if ($opt_E) {
@@ -348,6 +381,9 @@ if ($opt_E) {
  ";
  }
      
+$public_h_trailer .= $undepstr;
+$private_h_trailer .= $undepstr;
+
  if ($public_h ne "" && $flags{"header"}) {
      $public_h = $public_h_header . $public_h . 
         $public_h_trailer . "#endif /* $block */\n";
diff --git a/source4/heimdal/include/heim_threads.h b/source4/heimdal/include/heim_threads.h

index c4f841fb61f08fb54337ff5a83c217e8ce65c88d..8ff677f3309c3040441480fbb6447f92dd980a06 100644 (file)
--- a/source4/heimdal/include/heim_threads.h
+++ b/source4/heimdal/include/heim_threads.h
@@ -67,13 +67,13 @@
  
  #define HEIMDAL_RWLOCK rwlock_t
  #define HEIMDAL_RWLOCK_INITIALIZER RWLOCK_INITIALIZER
-#define        HEIMDAL_RWLOCK_init(l) rwlock_init(l, NULL)     
-#define        HEIMDAL_RWLOCK_rdlock(l) rwlock_rdlock(l)       
-#define        HEIMDAL_RWLOCK_wrlock(l) rwlock_wrlock(l)       
-#define        HEIMDAL_RWLOCK_tryrdlock(l) rwlock_tryrdlock(l) 
-#define        HEIMDAL_RWLOCK_trywrlock(l) rwlock_trywrlock(l) 
-#define        HEIMDAL_RWLOCK_unlock(l) rwlock_unlock(l)       
-#define        HEIMDAL_RWLOCK_destroy(l) rwlock_destroy(l)     
+#define        HEIMDAL_RWLOCK_init(l) rwlock_init(l, NULL)
+#define        HEIMDAL_RWLOCK_rdlock(l) rwlock_rdlock(l)
+#define        HEIMDAL_RWLOCK_wrlock(l) rwlock_wrlock(l)
+#define        HEIMDAL_RWLOCK_tryrdlock(l) rwlock_tryrdlock(l)
+#define        HEIMDAL_RWLOCK_trywrlock(l) rwlock_trywrlock(l)
+#define        HEIMDAL_RWLOCK_unlock(l) rwlock_unlock(l)
+#define        HEIMDAL_RWLOCK_destroy(l) rwlock_destroy(l)
  
  #define HEIMDAL_thread_key thread_key_t
  #define HEIMDAL_key_create(k,d,r) do { r = thr_keycreate(k,d); } while(0)
@@ -94,13 +94,13 @@
  
  #define HEIMDAL_RWLOCK rwlock_t
  #define HEIMDAL_RWLOCK_INITIALIZER RWLOCK_INITIALIZER
-#define        HEIMDAL_RWLOCK_init(l) pthread_rwlock_init(l, NULL)     
-#define        HEIMDAL_RWLOCK_rdlock(l) pthread_rwlock_rdlock(l)       
-#define        HEIMDAL_RWLOCK_wrlock(l) pthread_rwlock_wrlock(l)       
-#define        HEIMDAL_RWLOCK_tryrdlock(l) pthread_rwlock_tryrdlock(l) 
-#define        HEIMDAL_RWLOCK_trywrlock(l) pthread_rwlock_trywrlock(l) 
-#define        HEIMDAL_RWLOCK_unlock(l) pthread_rwlock_unlock(l)       
-#define        HEIMDAL_RWLOCK_destroy(l) pthread_rwlock_destroy(l)     
+#define        HEIMDAL_RWLOCK_init(l) pthread_rwlock_init(l, NULL)
+#define        HEIMDAL_RWLOCK_rdlock(l) pthread_rwlock_rdlock(l)
+#define        HEIMDAL_RWLOCK_wrlock(l) pthread_rwlock_wrlock(l)
+#define        HEIMDAL_RWLOCK_tryrdlock(l) pthread_rwlock_tryrdlock(l)
+#define        HEIMDAL_RWLOCK_trywrlock(l) pthread_rwlock_trywrlock(l)
+#define        HEIMDAL_RWLOCK_unlock(l) pthread_rwlock_unlock(l)
+#define        HEIMDAL_RWLOCK_destroy(l) pthread_rwlock_destroy(l)
  
  #define HEIMDAL_thread_key pthread_key_t
  #define HEIMDAL_key_create(k,d,r) do { r = pthread_key_create(k,d); } while(0)
diff --git a/source4/heimdal/kdc/default_config.c b/source4/heimdal/kdc/default_config.c

index 1441c3161e8306abb1947df8ffab350c432c7f82..fe977ded5a24a102cccbdbb52bc42d2c2d17121d 100644 (file)
--- a/source4/heimdal/kdc/default_config.c
+++ b/source4/heimdal/kdc/default_config.c
@@ -51,14 +51,14 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
      c->require_preauth = TRUE;
      c->kdc_warn_pwexpire = 0;
      c->encode_as_rep_as_tgs_rep = FALSE;
+    c->as_use_strongest_session_key = FALSE;
+    c->preauth_use_strongest_session_key = FALSE;
+    c->tgs_use_strongest_session_key = FALSE;
+    c->use_strongest_server_key = FALSE;
      c->check_ticket_addresses = TRUE;
      c->allow_null_ticket_addresses = TRUE;
      c->allow_anonymous = FALSE;
      c->trpolicy = TRPOLICY_ALWAYS_CHECK;
-    c->enable_v4 = FALSE;
-    c->enable_kaserver = FALSE;
-    c->enable_524 = FALSE;
-    c->enable_v4_cross_realm = FALSE;
      c->enable_pkinit = FALSE;
      c->pkinit_princ_in_cert = TRUE;
      c->pkinit_require_binding = TRUE;
@@ -70,19 +70,6 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
         krb5_config_get_bool_default(context, NULL,
                                      c->require_preauth,
                                      "kdc", "require-preauth", NULL);
-    c->enable_v4 =
-       krb5_config_get_bool_default(context, NULL,
-                                    c->enable_v4,
-                                    "kdc", "enable-kerberos4", NULL);
-    c->enable_v4_cross_realm =
-       krb5_config_get_bool_default(context, NULL,
-                                    c->enable_v4_cross_realm,
-                                    "kdc",
-                                    "enable-kerberos4-cross-realm", NULL);
-    c->enable_524 =
-       krb5_config_get_bool_default(context, NULL,
-                                    c->enable_v4,
-                                    "kdc", "enable-524", NULL);
  #ifdef DIGEST
      c->enable_digest =
         krb5_config_get_bool_default(context, NULL,
@@ -133,6 +120,27 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
      }
  #endif
  
+    c->as_use_strongest_session_key =
+       krb5_config_get_bool_default(context, NULL,
+                                    c->as_use_strongest_session_key,
+                                    "kdc",
+                                    "as-use-strongest-session-key", NULL);
+    c->preauth_use_strongest_session_key =
+       krb5_config_get_bool_default(context, NULL,
+                                    c->preauth_use_strongest_session_key,
+                                    "kdc",
+                                    "preauth-use-strongest-session-key", NULL);
+    c->tgs_use_strongest_session_key =
+       krb5_config_get_bool_default(context, NULL,
+                                    c->tgs_use_strongest_session_key,
+                                    "kdc",
+                                    "tgs-use-strongest-session-key", NULL);
+    c->use_strongest_server_key =
+       krb5_config_get_bool_default(context, NULL,
+                                    c->use_strongest_server_key,
+                                    "kdc",
+                                    "use-strongest-server-key", NULL);
+
      c->check_ticket_addresses =
         krb5_config_get_bool_default(context, NULL,
                                      c->check_ticket_addresses,
@@ -180,28 +188,6 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
         }
      }
  
-    {
-       const char *p;
-       p = krb5_config_get_string (context, NULL,
-                                   "kdc",
-                                   "v4-realm",
-                                   NULL);
-       if(p != NULL) {
-           c->v4_realm = strdup(p);
-           if (c->v4_realm == NULL)
-               krb5_errx(context, 1, "out of memory");
-       } else {
-           c->v4_realm = NULL;
-       }
-    }
-
-    c->enable_kaserver =
-       krb5_config_get_bool_default(context,
-                                    NULL,
-                                    c->enable_kaserver,
-                                    "kdc", "enable-kaserver", NULL);
-
-
      c->encode_as_rep_as_tgs_rep =
         krb5_config_get_bool_default(context, NULL,
                                      c->encode_as_rep_as_tgs_rep,
@@ -223,7 +209,7 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
                                      NULL);
  
  
-    c->pkinit_kdc_identity = 
+    c->pkinit_kdc_identity =
         krb5_config_get_string(context, NULL,
                                "kdc", "pkinit_identity", NULL);
      c->pkinit_kdc_anchors =
@@ -235,7 +221,7 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
      c->pkinit_kdc_revoke =
         krb5_config_get_strings(context, NULL,
                                 "kdc", "pkinit_revoke", NULL);
-    c->pkinit_kdc_ocsp_file = 
+    c->pkinit_kdc_ocsp_file =
         krb5_config_get_string(context, NULL,
                                "kdc", "pkinit_kdc_ocsp", NULL);
      c->pkinit_kdc_friendly_name =
@@ -272,7 +258,7 @@ krb5_kdc_pkinit_config(krb5_context context, krb5_kdc_configuration *config)
  
      if (config->pkinit_kdc_identity == NULL) {
         if (config->pkinit_kdc_friendly_name == NULL)
-           config->pkinit_kdc_friendly_name = 
+           config->pkinit_kdc_friendly_name =
                 strdup("O=System Identity,CN=com.apple.kerberos.kdc");
         config->pkinit_kdc_identity = strdup("KEYCHAIN:");
      }
@@ -284,7 +270,7 @@ krb5_kdc_pkinit_config(krb5_context context, krb5_kdc_configuration *config)
      if (config->enable_pkinit) {
         if (config->pkinit_kdc_identity == NULL)
             krb5_errx(context, 1, "pkinit enabled but no identity");
- 
+
         if (config->pkinit_kdc_anchors == NULL)
             krb5_errx(context, 1, "pkinit enabled but no X509 anchors");
  
@@ -298,4 +284,4 @@ krb5_kdc_pkinit_config(krb5_context context, krb5_kdc_configuration *config)
  
      return 0;
  #endif /* PKINIT */
-}   
+}
diff --git a/source4/heimdal/kdc/digest.c b/source4/heimdal/kdc/digest.c

index 70b45c2af6fb7b7b1db4e0de075e4c055aa72454..5f0d27441a23cbf4f56f1bb111b3296586ae121b 100644 (file)
--- a/source4/heimdal/kdc/digest.c
+++ b/source4/heimdal/kdc/digest.c
@@ -257,7 +257,7 @@ _kdc_do_digest(krb5_context context,
      /* check the server principal in the ticket matches digest/R@R */
      {
         krb5_principal principal = NULL;
-       const char *p, *r;
+       const char *p, *rr;
  
         ret = krb5_ticket_get_server(context, ticket, &principal);
         if (ret)
@@ -280,12 +280,12 @@ _kdc_do_digest(krb5_context context,
             krb5_free_principal(context, principal);
             goto out;
         }
-       r = krb5_principal_get_realm(context, principal);
-       if (r == NULL) {
+       rr = krb5_principal_get_realm(context, principal);
+       if (rr == NULL) {
             krb5_free_principal(context, principal);
             goto out;
         }
-       if (strcmp(p, r) != 0) {
+       if (strcmp(p, rr) != 0) {
             krb5_free_principal(context, principal);
             goto out;
         }
@@ -356,7 +356,7 @@ _kdc_do_digest(krb5_context context,
      crypto = NULL;
      if (ret)
         goto out;
-       
+
      ret = decode_DigestReqInner(buf.data, buf.length, &ireq, NULL);
      krb5_data_free(&buf);
      if (ret) {
@@ -419,7 +419,7 @@ _kdc_do_digest(krb5_context context,
             free(r.u.initReply.nonce);
             r.u.initReply.nonce = s;
         }
-       
+
         ret = krb5_store_stringz(sp, r.u.initReply.nonce);
         if (ret) {
             krb5_clear_error_message(context);
@@ -475,7 +475,7 @@ _kdc_do_digest(krb5_context context,
         krb5_data_free(&buf);
         if (ret)
             goto out;
-       
+
         ASN1_MALLOC_ENCODE(Checksum, buf.data, buf.length, &res, &size, ret);
         free_Checksum(&res);
         if (ret) {
@@ -547,7 +547,7 @@ _kdc_do_digest(krb5_context context,
                                    "Failed to decode digest Checksum");
             goto out;
         }
-       
+
         ret = krb5_storage_to_data(sp, &buf);
         if (ret) {
             krb5_clear_error_message(context);
@@ -561,14 +561,14 @@ _kdc_do_digest(krb5_context context,
             krb5_set_error_message(context, ret, "malloc: out of memory");
             goto out;
         }
-       
+
         /*
          * CHAP does the checksum of the raw nonce, but do it for all
          * types, since we need to check the timestamp.
          */
         {
             ssize_t ssize;
-       
+
             ssize = hex_decode(ireq.u.digestRequest.serverNonce,
                                serverNonce.data, serverNonce.length);
             if (ssize <= 0) {
@@ -597,7 +597,7 @@ _kdc_do_digest(krb5_context context,
         {
             unsigned char *p = serverNonce.data;
             uint32_t t;
-       
+
             if (serverNonce.length < 4) {
                 ret = EINVAL;
                 krb5_set_error_message(context, ret, "server nonce too short");
@@ -616,7 +616,7 @@ _kdc_do_digest(krb5_context context,
             EVP_MD_CTX *ctx;
             unsigned char md[MD5_DIGEST_LENGTH];
             char *mdx;
-           char id;
+           char idx;
  
             if ((config->digests_allowed & CHAP_MD5) == 0) {
                 kdc_log(context, config, 0, "Digest CHAP MD5 not allowed");
@@ -629,13 +629,13 @@ _kdc_do_digest(krb5_context context,
                                        "from CHAP request");
                 goto out;
             }
-       
-           if (hex_decode(*ireq.u.digestRequest.identifier, &id, 1) != 1) {
+
+           if (hex_decode(*ireq.u.digestRequest.identifier, &idx, 1) != 1) {
                 ret = EINVAL;
                 krb5_set_error_message(context, ret, "failed to decode identifier");
                 goto out;
             }
-       
+
             ret = get_password_entry(context, config,
                                      ireq.u.digestRequest.username,
                                      &password);
@@ -645,7 +645,7 @@ _kdc_do_digest(krb5_context context,
             ctx = EVP_MD_CTX_create();
  
             EVP_DigestInit_ex(ctx, EVP_md5(), NULL);
-           EVP_DigestUpdate(ctx, &id, 1);
+           EVP_DigestUpdate(ctx, &idx, 1);
             EVP_DigestUpdate(ctx, password, strlen(password));
             EVP_DigestUpdate(ctx, serverNonce.data, serverNonce.length);
             EVP_DigestFinal_ex(ctx, md, NULL);
@@ -691,7 +691,7 @@ _kdc_do_digest(krb5_context context,
                 goto out;
             if (ireq.u.digestRequest.realm == NULL)
                 goto out;
-       
+
             ret = get_password_entry(context, config,
                                      ireq.u.digestRequest.username,
                                      &password);
@@ -709,7 +709,7 @@ _kdc_do_digest(krb5_context context,
             EVP_DigestUpdate(ctx, ":", 1);
             EVP_DigestUpdate(ctx, password, strlen(password));
             EVP_DigestFinal_ex(ctx, md, NULL);
-       
+
             EVP_DigestInit_ex(ctx, EVP_md5(), NULL);
             EVP_DigestUpdate(ctx, md, sizeof(md));
             EVP_DigestUpdate(ctx, ":", 1);
@@ -731,19 +731,19 @@ _kdc_do_digest(krb5_context context,
                 EVP_MD_CTX_destroy(ctx);
                 goto failed;
             }
-       
+
             EVP_DigestInit_ex(ctx, EVP_md5(), NULL);
             EVP_DigestUpdate(ctx,
                              "AUTHENTICATE:", sizeof("AUTHENTICATE:") - 1);
             EVP_DigestUpdate(ctx, *ireq.u.digestRequest.uri,
                        strlen(*ireq.u.digestRequest.uri));
-       
+
             /* conf|int */
             if (strcmp(ireq.u.digestRequest.digest, "clear") != 0) {
                 static char conf_zeros[] = ":00000000000000000000000000000000";
                 EVP_DigestUpdate(ctx, conf_zeros, sizeof(conf_zeros) - 1);
             }
-       
+
             EVP_DigestFinal_ex(ctx, md, NULL);
  
             hex_encode(md, sizeof(md), &A2);
@@ -804,7 +804,7 @@ _kdc_do_digest(krb5_context context,
             const char *username;
             struct ntlm_buf answer;
             Key *key = NULL;
-           EVP_MD_CTX *ctx;
+           EVP_MD_CTX *ctp;
  
             if ((config->digests_allowed & MS_CHAP_V2) == 0) {
                 kdc_log(context, config, 0, "MS-CHAP-V2 not allowed");
@@ -816,7 +816,7 @@ _kdc_do_digest(krb5_context context,
                 krb5_set_error_message(context, ret,
                                        "MS-CHAP-V2 clientNonce missing");
                 goto failed;
-           }   
+           }
             if (serverNonce.length != 16) {
                 ret = EINVAL;
                 krb5_set_error_message(context, ret,
@@ -831,21 +831,21 @@ _kdc_do_digest(krb5_context context,
             else
                 username++;
  
-           ctx = EVP_MD_CTX_create();
+           ctp = EVP_MD_CTX_create();
  
             /* ChallangeHash */
-           EVP_DigestInit_ex(ctx, EVP_sha1(), NULL);
+           EVP_DigestInit_ex(ctp, EVP_sha1(), NULL);
             {
                 ssize_t ssize;
                 krb5_data clientNonce;
-               
+
                 clientNonce.length = strlen(*ireq.u.digestRequest.clientNonce);
                 clientNonce.data = malloc(clientNonce.length);
                 if (clientNonce.data == NULL) {
                     ret = ENOMEM;
                     krb5_set_error_message(context, ret,
                                            "malloc: out of memory");
-                   EVP_MD_CTX_destroy(ctx);
+                   EVP_MD_CTX_destroy(ctp);
                     goto out;
                 }
  
@@ -855,24 +855,24 @@ _kdc_do_digest(krb5_context context,
                     ret = ENOMEM;
                     krb5_set_error_message(context, ret,
                                            "Failed to decode clientNonce");
-                   EVP_MD_CTX_destroy(ctx);
+                   EVP_MD_CTX_destroy(ctp);
                     goto out;
                 }
-               EVP_DigestUpdate(ctx, clientNonce.data, ssize);
+               EVP_DigestUpdate(ctp, clientNonce.data, ssize);
                 free(clientNonce.data);
             }
-           EVP_DigestUpdate(ctx, serverNonce.data, serverNonce.length);
-           EVP_DigestUpdate(ctx, username, strlen(username));
+           EVP_DigestUpdate(ctp, serverNonce.data, serverNonce.length);
+           EVP_DigestUpdate(ctp, username, strlen(username));
  
-           EVP_DigestFinal_ex(ctx, challange, NULL);
+           EVP_DigestFinal_ex(ctp, challange, NULL);
  
-           EVP_MD_CTX_destroy(ctx);
+           EVP_MD_CTX_destroy(ctp);
  
             /* NtPasswordHash */
             ret = krb5_parse_name(context, username, &clientprincipal);
             if (ret)
                 goto failed;
-       
+
             ret = _kdc_db_fetch(context, config, clientprincipal,
                                 HDB_F_GET_CLIENT, NULL, NULL, &user);
             krb5_free_principal(context, clientprincipal);
@@ -900,7 +900,7 @@ _kdc_do_digest(krb5_context context,
                 krb5_set_error_message(context, ret, "NTLM missing arcfour key");
                 goto failed;
             }
-       
+
             hex_encode(answer.data, answer.length, &mdx);
             if (mdx == NULL) {
                 free(answer.data);
@@ -923,39 +923,39 @@ _kdc_do_digest(krb5_context context,
  
             if (r.u.response.success) {
                 unsigned char hashhash[MD4_DIGEST_LENGTH];
-               EVP_MD_CTX *ctx;
+               EVP_MD_CTX *ctxp;
  
-               ctx = EVP_MD_CTX_create();
+               ctxp = EVP_MD_CTX_create();
  
                 /* hashhash */
                 {
-                   EVP_DigestInit_ex(ctx, EVP_md4(), NULL);
-                   EVP_DigestUpdate(ctx,
+                   EVP_DigestInit_ex(ctxp, EVP_md4(), NULL);
+                   EVP_DigestUpdate(ctxp,
                                      key->key.keyvalue.data,
                                      key->key.keyvalue.length);
-                   EVP_DigestFinal_ex(ctx, hashhash, NULL);
+                   EVP_DigestFinal_ex(ctxp, hashhash, NULL);
                 }
  
                 /* GenerateAuthenticatorResponse */
-               EVP_DigestInit_ex(ctx, EVP_sha1(), NULL);
-               EVP_DigestUpdate(ctx, hashhash, sizeof(hashhash));
-               EVP_DigestUpdate(ctx, answer.data, answer.length);
-               EVP_DigestUpdate(ctx, ms_chap_v2_magic1,
+               EVP_DigestInit_ex(ctxp, EVP_sha1(), NULL);
+               EVP_DigestUpdate(ctxp, hashhash, sizeof(hashhash));
+               EVP_DigestUpdate(ctxp, answer.data, answer.length);
+               EVP_DigestUpdate(ctxp, ms_chap_v2_magic1,
                                  sizeof(ms_chap_v2_magic1));
-               EVP_DigestFinal_ex(ctx, md, NULL);
+               EVP_DigestFinal_ex(ctxp, md, NULL);
  
-               EVP_DigestInit_ex(ctx, EVP_sha1(), NULL);
-               EVP_DigestUpdate(ctx, md, sizeof(md));
-               EVP_DigestUpdate(ctx, challange, 8);
-               EVP_DigestUpdate(ctx, ms_chap_v2_magic2,
+               EVP_DigestInit_ex(ctxp, EVP_sha1(), NULL);
+               EVP_DigestUpdate(ctxp, md, sizeof(md));
+               EVP_DigestUpdate(ctxp, challange, 8);
+               EVP_DigestUpdate(ctxp, ms_chap_v2_magic2,
                                  sizeof(ms_chap_v2_magic2));
-               EVP_DigestFinal_ex(ctx, md, NULL);
+               EVP_DigestFinal_ex(ctxp, md, NULL);
  
                 r.u.response.rsp = calloc(1, sizeof(*r.u.response.rsp));
                 if (r.u.response.rsp == NULL) {
                     free(answer.data);
                     krb5_clear_error_message(context);
-                   EVP_MD_CTX_destroy(ctx);
+                   EVP_MD_CTX_destroy(ctxp);
                     ret = ENOMEM;
                     goto out;
                 }
@@ -964,22 +964,22 @@ _kdc_do_digest(krb5_context context,
                 if (r.u.response.rsp == NULL) {
                     free(answer.data);
                     krb5_clear_error_message(context);
-                   EVP_MD_CTX_destroy(ctx);
+                   EVP_MD_CTX_destroy(ctxp);
                     ret = ENOMEM;
                     goto out;
                 }
  
                 /* get_master, rfc 3079 3.4 */
-               EVP_DigestInit_ex(ctx, EVP_sha1(), NULL);
-               EVP_DigestUpdate(ctx, hashhash, 16);
-               EVP_DigestUpdate(ctx, answer.data, answer.length);
-               EVP_DigestUpdate(ctx, ms_rfc3079_magic1,
+               EVP_DigestInit_ex(ctxp, EVP_sha1(), NULL);
+               EVP_DigestUpdate(ctxp, hashhash, 16);
+               EVP_DigestUpdate(ctxp, answer.data, answer.length);
+               EVP_DigestUpdate(ctxp, ms_rfc3079_magic1,
                                  sizeof(ms_rfc3079_magic1));
-               EVP_DigestFinal_ex(ctx, md, NULL);
+               EVP_DigestFinal_ex(ctxp, md, NULL);
  
                 free(answer.data);
  
-               EVP_MD_CTX_destroy(ctx);
+               EVP_MD_CTX_destroy(ctxp);
  
                 r.u.response.session_key =
                     calloc(1, sizeof(*r.u.response.session_key));
@@ -1101,7 +1101,7 @@ _kdc_do_digest(krb5_context context,
             krb5_set_error_message(context, ret, "malloc: out of memory");
             goto out;
         }
-       
+
         ret = krb5_storage_write(sp, r.u.ntlmInitReply.challange.data, 8);
         if (ret != 8) {
             ret = ENOMEM;
@@ -1143,7 +1143,7 @@ _kdc_do_digest(krb5_context context,
         uint32_t flags;
         Key *key = NULL;
         int version;
-       
+
         r.element = choice_DigestRepInner_ntlmResponse;
         r.u.ntlmResponse.success = 0;
         r.u.ntlmResponse.flags = 0;
@@ -1187,7 +1187,7 @@ _kdc_do_digest(krb5_context context,
             krb5_set_error_message(context, ret, "malloc: out of memory");
             goto out;
         }
-       
+
         ret = krb5_storage_read(sp, challange, sizeof(challange));
         if (ret != sizeof(challange)) {
             ret = ENOMEM;
@@ -1266,7 +1266,7 @@ _kdc_do_digest(krb5_context context,
             if (flags & NTLM_NEG_NTLM2_SESSION) {
                 unsigned char sessionhash[MD5_DIGEST_LENGTH];
                 EVP_MD_CTX *ctx;
-               
+
                 if ((config->digests_allowed & NTLM_V1_SESSION) == 0) {
                     kdc_log(context, config, 0, "NTLM v1-session not allowed");
                     ret = EINVAL;
@@ -1279,7 +1279,7 @@ _kdc_do_digest(krb5_context context,
                                            "for NTLM session key");
                     goto failed;
                 }
-               
+
                 ctx = EVP_MD_CTX_create();
  
                 EVP_DigestInit_ex(ctx, EVP_md5(), NULL);
@@ -1297,7 +1297,7 @@ _kdc_do_digest(krb5_context context,
                     goto failed;
                 }
             }
-       
+
             ret = heim_ntlm_calculate_ntlm1(key->key.keyvalue.data,
                                             key->key.keyvalue.length,
                                             challange, &answer);
@@ -1305,7 +1305,7 @@ _kdc_do_digest(krb5_context context,
                 krb5_set_error_message(context, ret, "NTLM missing arcfour key");
                 goto failed;
             }
-       
+
             if (ireq.u.ntlmRequest.ntlm.length != answer.length ||
                 memcmp(ireq.u.ntlmRequest.ntlm.data, answer.data, answer.length) != 0)
                 {
@@ -1335,7 +1335,7 @@ _kdc_do_digest(krb5_context context,
             unsigned char masterkey[MD4_DIGEST_LENGTH];
             EVP_CIPHER_CTX rc4;
             size_t len;
-       
+
             if ((flags & NTLM_NEG_KEYEX) == 0) {
                 ret = EINVAL;
                 krb5_set_error_message(context, ret,
@@ -1343,7 +1343,7 @@ _kdc_do_digest(krb5_context context,
                                        "exchange but still sent key");
                 goto failed;
             }
-       
+
             len = ireq.u.ntlmRequest.sessionkey->length;
             if (len != sizeof(masterkey)){
                 ret = EINVAL;
@@ -1352,7 +1352,7 @@ _kdc_do_digest(krb5_context context,
                                        (unsigned long)len);
                 goto failed;
             }
-       
+
  
             EVP_CIPHER_CTX_init(&rc4);
             EVP_CipherInit_ex(&rc4, EVP_rc4(), NULL, sessionkey, NULL, 1);
@@ -1360,7 +1360,7 @@ _kdc_do_digest(krb5_context context,
                        masterkey, ireq.u.ntlmRequest.sessionkey->data,
                        sizeof(masterkey));
             EVP_CIPHER_CTX_cleanup(&rc4);
-       
+
             r.u.ntlmResponse.sessionkey =
                 malloc(sizeof(*r.u.ntlmResponse.sessionkey));
             if (r.u.ntlmResponse.sessionkey == NULL) {
@@ -1368,7 +1368,7 @@ _kdc_do_digest(krb5_context context,
                 krb5_set_error_message(context, ret, "malloc: out of memory");
                 goto out;
             }
-       
+
             ret = krb5_data_copy(r.u.ntlmResponse.sessionkey,
                                  masterkey, sizeof(masterkey));
             if (ret) {
@@ -1415,7 +1415,7 @@ _kdc_do_digest(krb5_context context,
             krb5_clear_error_message(context);
             goto out;
         }
-       
+
         kdc_log(context, config, 0, "Digest failed with: %s", s);
  
         r.element = choice_DigestRepInner_error;
diff --git a/source4/heimdal/kdc/kdc.h b/source4/heimdal/kdc/kdc.h

index 139b5e70875f416f110ac4fabbba9fb799628a2a..9d52fd4c2ec16cbde0f695e039e4b459e3d074c4 100644 (file)
--- a/source4/heimdal/kdc/kdc.h
+++ b/source4/heimdal/kdc/kdc.h
@@ -58,21 +58,17 @@ typedef struct krb5_kdc_configuration {
      int num_db;
  
      krb5_boolean encode_as_rep_as_tgs_rep; /* bug compatibility */
-       
+
+    krb5_boolean as_use_strongest_session_key;
+    krb5_boolean preauth_use_strongest_session_key;
+    krb5_boolean tgs_use_strongest_session_key;
+    krb5_boolean use_strongest_server_key;
+
      krb5_boolean check_ticket_addresses;
      krb5_boolean allow_null_ticket_addresses;
      krb5_boolean allow_anonymous;
      enum krb5_kdc_trpolicy trpolicy;
  
-    char *v4_realm;
-    krb5_boolean enable_v4;
-    krb5_boolean enable_v4_cross_realm;
-    krb5_boolean enable_v4_per_principal;
-
-    krb5_boolean enable_kaserver;
-
-    krb5_boolean enable_524;
-
      krb5_boolean enable_pkinit;
      krb5_boolean pkinit_princ_in_cert;
      const char *pkinit_kdc_identity;
diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c

index a437b9dbd91e18d60dee1ba8d8f4be6bba8b5cec..4bc1619170b04aa6cde039cd6759f3350365ba14 100644 (file)
--- a/source4/heimdal/kdc/kerberos5.c
+++ b/source4/heimdal/kdc/kerberos5.c
@@ -74,9 +74,9 @@ _kdc_find_padata(const KDC_REQ *req, int *start, int type)
      if (req->padata == NULL)
         return NULL;
  
-    while(*start < req->padata->len){
+    while((size_t)*start < req->padata->len){
         (*start)++;
-       if(req->padata->val[*start - 1].padata_type == type)
+       if(req->padata->val[*start - 1].padata_type == (unsigned)type)
             return &req->padata->val[*start - 1];
      }
      return NULL;
@@ -123,36 +123,103 @@ is_default_salt_p(const krb5_salt *default_salt, const Key *key)
   */
  
  krb5_error_code
-_kdc_find_etype(krb5_context context, const hdb_entry_ex *princ,
+_kdc_find_etype(krb5_context context, krb5_boolean use_strongest_session_key,
+               krb5_boolean is_preauth, hdb_entry_ex *princ,
                 krb5_enctype *etypes, unsigned len,
-               Key **ret_key)
+               krb5_enctype *ret_enctype, Key **ret_key)
  {
-    int i;
-    krb5_error_code ret = KRB5KDC_ERR_ETYPE_NOSUPP;
+    krb5_error_code ret;
      krb5_salt def_salt;
+    krb5_enctype enctype = ETYPE_NULL;
+    Key *key;
+    int i;
  
-    krb5_get_pw_salt (context, princ->entry.principal, &def_salt);
+    /* We'll want to avoid keys with v4 salted keys in the pre-auth case... */
+    ret = krb5_get_pw_salt(context, princ->entry.principal, &def_salt);
+    if (ret)
+       return ret;
  
-    for(i = 0; ret != 0 && i < len ; i++) {
-       Key *key = NULL;
+    ret = KRB5KDC_ERR_ETYPE_NOSUPP;
  
-       if (krb5_enctype_valid(context, etypes[i]) != 0 &&
-           !_kdc_is_weak_exception(princ->entry.principal, etypes[i]))
-           continue;
+    if (use_strongest_session_key) {
+       const krb5_enctype *p;
+       krb5_enctype clientbest = ETYPE_NULL;
+       int j;
  
-       while (hdb_next_enctype2key(context, &princ->entry, etypes[i], &key) == 0) {
-           if (key->key.keyvalue.length == 0) {
-               ret = KRB5KDC_ERR_NULL_KEY;
+       /*
+        * Pick the strongest key that the KDC, target service, and
+        * client all support, using the local cryptosystem enctype
+        * list in strongest-to-weakest order to drive the search.
+        *
+        * This is not what RFC4120 says to do, but it encourages
+        * adoption of stronger enctypes.  This doesn't play well with
+        * clients that have multiple Kerberos client implementations
+        * available with different supported enctype lists.
+        */
+
+       /* drive the search with local supported enctypes list */
+       p = krb5_kerberos_enctypes(context);
+       for (i = 0; p[i] != ETYPE_NULL && enctype == ETYPE_NULL; i++) {
+           if (krb5_enctype_valid(context, p[i]) != 0)
                 continue;
+
+           /* check that the client supports it too */
+           for (j = 0; j < len && enctype == ETYPE_NULL; j++) {
+               if (p[i] != etypes[j])
+                   continue;
+               /* save best of union of { client, crypto system } */
+               if (clientbest == ETYPE_NULL)
+                   clientbest = p[i];
+               /* check target princ support */
+               ret = hdb_enctype2key(context, &princ->entry, p[i], &key);
+               if (ret)
+                   continue;
+               if (is_preauth && !is_default_salt_p(&def_salt, key))
+                   continue;
+               enctype = p[i];
             }
-           *ret_key   = key;
-           ret = 0;
-           if (is_default_salt_p(&def_salt, key)) {
-               krb5_free_salt (context, def_salt);
-               return ret;
+       }
+       if (clientbest != ETYPE_NULL && enctype == ETYPE_NULL)
+           enctype = clientbest;
+       else if (enctype == ETYPE_NULL)
+           ret = KRB5KDC_ERR_ETYPE_NOSUPP;
+       if (ret == 0 && ret_enctype != NULL)
+           *ret_enctype = enctype;
+       if (ret == 0 && ret_key != NULL)
+           *ret_key = key;
+    } else {
+       /*
+        * Pick the first key from the client's enctype list that is
+        * supported by the cryptosystem and by the given principal.
+        *
+        * RFC4120 says we SHOULD pick the first _strong_ key from the
+        * client's list... not the first key...  If the admin disallows
+        * weak enctypes in krb5.conf and selects this key selection
+        * algorithm, then we get exactly what RFC4120 says.
+        */
+       for(key = NULL, i = 0; ret != 0 && i < len; i++, key = NULL) {
+
+           if (krb5_enctype_valid(context, etypes[i]) != 0 &&
+               !_kdc_is_weak_exception(princ->entry.principal, etypes[i]))
+               continue;
+
+           while (hdb_next_enctype2key(context, &princ->entry, etypes[i], &key) == 0) {
+               if (key->key.keyvalue.length == 0) {
+                   ret = KRB5KDC_ERR_NULL_KEY;
+                   continue;
+               }
+               if (ret_key != NULL)
+                   *ret_key = key;
+               if (ret_enctype != NULL)
+                   *ret_enctype = etypes[i];
+               ret = 0;
+               if (is_preauth && is_default_salt_p(&def_salt, key))
+                   goto out;
             }
         }
      }
+
+out:
      krb5_free_salt (context, def_salt);
      return ret;
  }
@@ -211,8 +278,8 @@ log_patypes(krb5_context context,
  {
      struct rk_strpool *p = NULL;
      char *str;
-    int i;
-       
+    size_t i;
+
      for (i = 0; i < padata->len; i++) {
         switch(padata->val[i].padata_type) {
         case KRB5_PADATA_PK_AS_REQ:
@@ -240,7 +307,7 @@ log_patypes(krb5_context context,
      }
      if (p == NULL)
         p = rk_strpoolprintf(p, "none");
-       
+
      str = rk_strpoolcollect(p);
      kdc_log(context, config, 0, "Client sent patypes: %s", str);
      free(str);
@@ -264,7 +331,7 @@ _kdc_encode_reply(krb5_context context,
  {
      unsigned char *buf;
      size_t buf_size;
-    size_t len;
+    size_t len = 0;
      krb5_error_code ret;
      krb5_crypto crypto;
  
@@ -614,7 +681,7 @@ log_as_req(krb5_context context,
      krb5_error_code ret;
      struct rk_strpool *p;
      char *str;
-    int i;
+    size_t i;
  
      p = rk_strpoolprintf(NULL, "%s", "Client supported enctypes: ");
  
@@ -694,13 +761,13 @@ kdc_check_flags(krb5_context context,
                     "Client (%s) has invalid bit set", client_name);
             return KRB5KDC_ERR_POLICY;
         }
-       
+
         if(!client->flags.client){
             kdc_log(context, config, 0,
                     "Principal may not act as client -- %s", client_name);
             return KRB5KDC_ERR_POLICY;
         }
-       
+
         if (client->valid_start && *client->valid_start > kdc_time) {
             char starttime_str[100];
             krb5_format_time(context, *client->valid_start,
@@ -710,7 +777,7 @@ kdc_check_flags(krb5_context context,
                     starttime_str, client_name);
             return KRB5KDC_ERR_CLIENT_NOTYET;
         }
-       
+
         if (client->valid_end && *client->valid_end < kdc_time) {
             char endtime_str[100];
             krb5_format_time(context, *client->valid_end,
@@ -720,7 +787,7 @@ kdc_check_flags(krb5_context context,
                     endtime_str, client_name);
             return KRB5KDC_ERR_NAME_EXP;
         }
-       
+
         if (client->pw_end && *client->pw_end < kdc_time
             && (server_ex == NULL || !server_ex->entry.flags.change_pw)) {
             char pwend_str[100];
@@ -809,7 +876,7 @@ _kdc_check_addresses(krb5_context context,
      krb5_address addr;
      krb5_boolean result;
      krb5_boolean only_netbios = TRUE;
-    int i;
+    size_t i;
  
      if(config->check_ticket_addresses == 0)
         return TRUE;
@@ -976,7 +1043,7 @@ _kdc_as_rep(krb5_context context,
             goto out;
         }
      } else if (b->kdc_options.request_anonymous) {
-       kdc_log(context, config, 0, 
+       kdc_log(context, config, 0,
                 "Request for a anonymous ticket with non "
                 "anonymous client name: %s", client_name);
         ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
@@ -1018,59 +1085,31 @@ _kdc_as_rep(krb5_context context,
      memset(&ek, 0, sizeof(ek));
  
      /*
-     * Select a session enctype from the list of the crypto systems
-     * supported enctype, is supported by the client and is one of the
-     * enctype of the enctype of the krbtgt.
+     * Select a session enctype from the list of the crypto system
+     * supported enctypes that is supported by the client and is one of
+     * the enctype of the enctype of the service (likely krbtgt).
       *
-     * The later is used as a hint what enctype all KDC are supporting
-     * to make sure a newer version of KDC wont generate a session
-     * enctype that and older version of a KDC in the same realm can't
+     * The latter is used as a hint of what enctypes all KDC support,
+     * to make sure a newer version of KDC won't generate a session
+     * enctype that an older version of a KDC in the same realm can't
       * decrypt.
-     *
-     * But if the KDC admin is paranoid and doesn't want to have "no
+     */
+    ret = _kdc_find_etype(context, config->as_use_strongest_session_key, FALSE,
+                         client, b->etype.val, b->etype.len, &sessionetype,
+                         NULL);
+    if (ret) {
+       kdc_log(context, config, 0,
+               "Client (%s) from %s has no common enctypes with KDC "
+               "to use for the session key",
+               client_name, from);
+       goto out;
+    }
+    /*
+     * But if the KDC admin is paranoid and doesn't want to have "not
       * the best" enctypes on the krbtgt, lets save the best pick from
       * the client list and hope that that will work for any other
       * KDCs.
       */
-    {
-       const krb5_enctype *p;
-       krb5_enctype clientbest = ETYPE_NULL;
-       int i, j;
-
-       p = krb5_kerberos_enctypes(context);
-
-       sessionetype = ETYPE_NULL;
-
-       for (i = 0; p[i] != ETYPE_NULL && sessionetype == ETYPE_NULL; i++) {
-           if (krb5_enctype_valid(context, p[i]) != 0)
-               continue;
-
-           for (j = 0; j < b->etype.len && sessionetype == ETYPE_NULL; j++) {
-               Key *dummy;
-               /* check with client */
-               if (p[i] != b->etype.val[j])
-                   continue;
-               /* save best of union of { client, crypto system } */
-               if (clientbest == ETYPE_NULL)
-                   clientbest = p[i];
-               /* check with krbtgt */
-               ret = hdb_enctype2key(context, &server->entry, p[i], &dummy);
-               if (ret)
-                   continue;
-               sessionetype = p[i];
-           }
-       }
-       /* if krbtgt had no shared keys with client, pick clients best */
-       if (clientbest != ETYPE_NULL && sessionetype == ETYPE_NULL) {
-           sessionetype = clientbest;
-       } else if (sessionetype == ETYPE_NULL) {
-           kdc_log(context, config, 0,
-                   "Client (%s) from %s has no common enctypes with KDC"
-                   "to use for the session key",
-                   client_name, from);
-           goto out;
-       }
-    }
  
      /*
       * Pre-auth processing
@@ -1111,7 +1150,7 @@ _kdc_as_rep(krb5_context context,
  
             ret = _kdc_pk_check_client(context,
                                        config,
-                                      clientdb, 
+                                      clientdb,
                                        client,
                                        pkp,
                                        &client_cert);
@@ -1119,7 +1158,7 @@ _kdc_as_rep(krb5_context context,
                 e_text = "PKINIT certificate not allowed to "
                     "impersonate principal";
                 _kdc_pk_free_client_param(context, pkp);
-               
+
                 kdc_log(context, config, 0, "%s", e_text);
                 pkp = NULL;
                 goto out;
@@ -1148,9 +1187,9 @@ _kdc_as_rep(krb5_context context,
             EncryptedData enc_data;
             Key *pa_key;
             char *str;
-       
+
             found_pa = 1;
-       
+
             if (b->kdc_options.request_anonymous) {
                 ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
                 kdc_log(context, config, 0, "ENC-TS doesn't support anon");
@@ -1167,7 +1206,7 @@ _kdc_as_rep(krb5_context context,
                         client_name);
                 goto out;
             }
-       
+
             ret = hdb_enctype2key(context, &client->entry,
                                   enc_data.etype, &pa_key);
             if(ret){
@@ -1256,7 +1295,7 @@ _kdc_as_rep(krb5_context context,
             free_PA_ENC_TS_ENC(&p);
             if (abs(kdc_time - p.patimestamp) > context->max_skew) {
                 char client_time[100];
-               
+
                 krb5_format_time(context, p.patimestamp,
                                  client_time, sizeof(client_time), TRUE);
  
@@ -1353,8 +1392,9 @@ _kdc_as_rep(krb5_context context,
         /*
          * If there is a client key, send ETYPE_INFO{,2}
          */
-       ret = _kdc_find_etype(context, client, b->etype.val, b->etype.len,
-                             &ckey);
+       ret = _kdc_find_etype(context,
+                             config->preauth_use_strongest_session_key, TRUE,
+                             client, b->etype.val, b->etype.len, NULL, &ckey);
         if (ret == 0) {
  
             /*
@@ -1384,7 +1424,7 @@ _kdc_as_rep(krb5_context context,
                 goto out;
             }
         }
-       
+
         ASN1_MALLOC_ENCODE(METHOD_DATA, buf, len, &method_data, &len, ret);
         free_METHOD_DATA(&method_data);
  
@@ -1401,7 +1441,7 @@ _kdc_as_rep(krb5_context context,
      }
  
      if (clientdb->hdb_auth_status)
-       (clientdb->hdb_auth_status)(context, clientdb, client, 
+       (clientdb->hdb_auth_status)(context, clientdb, client,
                                     HDB_AUTH_SUCCESS);
  
      /*
@@ -1503,7 +1543,7 @@ _kdc_as_rep(krb5_context context,
      {
         time_t start;
         time_t t;
-       
+
         start = et.authtime = kdc_time;
  
         if(f.postdated && req->req_body.from){
@@ -1663,8 +1703,8 @@ _kdc_as_rep(krb5_context context,
         PA_ClientCanonicalized canon;
         krb5_data data;
         PA_DATA pa;
-       krb5_crypto crypto;
-       size_t len;
+       krb5_crypto cryptox;
+       size_t len = 0;
  
         memset(&canon, 0, sizeof(canon));
  
@@ -1679,21 +1719,21 @@ _kdc_as_rep(krb5_context context,
             krb5_abortx(context, "internal asn.1 error");
  
         /* sign using "returned session key" */
-       ret = krb5_crypto_init(context, &et.key, 0, &crypto);
+       ret = krb5_crypto_init(context, &et.key, 0, &cryptox);
         if (ret) {
             free(data.data);
             goto out;
         }
  
-       ret = krb5_create_checksum(context, crypto,
+       ret = krb5_create_checksum(context, cryptox,
                                    KRB5_KU_CANONICALIZED_NAMES, 0,
                                    data.data, data.length,
                                    &canon.canon_checksum);
         free(data.data);
-       krb5_crypto_destroy(context, crypto);
+       krb5_crypto_destroy(context, cryptox);
         if (ret)
             goto out;
-       
+
         ASN1_MALLOC_ENCODE(PA_ClientCanonicalized, data.data, data.length,
                            &canon, &len, ret);
         free_Checksum(&canon.canon_checksum);
@@ -1826,7 +1866,7 @@ _kdc_tkt_add_if_relevant_ad(krb5_context context,
                             const krb5_data *data)
  {
      krb5_error_code ret;
-    size_t size;
+    size_t size = 0;
  
      if (tkt->authorization_data == NULL) {
         tkt->authorization_data = calloc(1, sizeof(*tkt->authorization_data));
@@ -1835,7 +1875,7 @@ _kdc_tkt_add_if_relevant_ad(krb5_context context,
             return ENOMEM;
         }
      }
-       
+
      /* add the entry to the last element */
      {
         AuthorizationData ad = { 0, NULL };
@@ -1863,7 +1903,7 @@ _kdc_tkt_add_if_relevant_ad(krb5_context context,
         }
         if (ade.ad_data.length != size)
             krb5_abortx(context, "internal asn.1 encoder error");
-       
+
         ret = add_AuthorizationData(tkt->authorization_data, &ade);
         der_free_octet_string(&ade.ad_data);
         if (ret) {
diff --git a/source4/heimdal/kdc/krb5tgs.c b/source4/heimdal/kdc/krb5tgs.c

index 55d5d09edec0153db9bb78a76b82f107c2c09805..92cce5759f49ed2d6d0922dce51080748f9c0c46 100644 (file)
--- a/source4/heimdal/kdc/krb5tgs.c
+++ b/source4/heimdal/kdc/krb5tgs.c
@@ -64,7 +64,7 @@ find_KRB5SignedPath(krb5_context context,
      AuthorizationData child;
      krb5_error_code ret;
      int pos;
-       
+
      if (ad == NULL || ad->len == 0)
         return KRB5KDC_ERR_PADATA_TYPE_NOSUPP;
  
@@ -113,7 +113,7 @@ _kdc_add_KRB5SignedPath(krb5_context context,
      KRB5SignedPath sp;
      krb5_data data;
      krb5_crypto crypto = NULL;
-    size_t size;
+    size_t size = 0;
  
      if (server && principals) {
         ret = add_Principals(principals, server);
@@ -123,12 +123,12 @@ _kdc_add_KRB5SignedPath(krb5_context context,
  
      {
         KRB5SignedPathData spd;
-       
+
         spd.client = client;
         spd.authtime = tkt->authtime;
         spd.delegated = principals;
         spd.method_data = NULL;
-       
+
         ASN1_MALLOC_ENCODE(KRB5SignedPathData, data.data, data.length,
                            &spd, &size, ret);
         if (ret)
@@ -203,7 +203,7 @@ check_KRB5SignedPath(krb5_context context,
      if (ret == 0) {
         KRB5SignedPathData spd;
         KRB5SignedPath sp;
-       size_t size;
+       size_t size = 0;
  
         ret = decode_KRB5SignedPath(data.data, data.length, &sp, NULL);
         krb5_data_free(&data);
@@ -357,7 +357,7 @@ check_PAC(krb5_context context,
                                          server_sign_key, krbtgt_sign_key, rspac);
                 }
                 krb5_pac_free(context, pac);
-               
+
                 return ret;
             }
         }
@@ -376,7 +376,7 @@ check_tgs_flags(krb5_context context,
                 KDC_REQ_BODY *b, const EncTicketPart *tgt, EncTicketPart *et)
  {
      KDCOptions f = b->kdc_options;
-       
+
      if(f.validate){
         if(!tgt->flags.invalid || tgt->starttime == NULL){
             kdc_log(context, config, 0,
@@ -415,7 +415,7 @@ check_tgs_flags(krb5_context context,
      }
      if(tgt->flags.forwarded)
         et->flags.forwarded = 1;
-       
+
      if(f.proxiable){
         if(!tgt->flags.proxiable){
             kdc_log(context, config, 0,
@@ -485,7 +485,7 @@ check_tgs_flags(krb5_context context,
         et->endtime = *et->starttime + old_life;
         if (et->renew_till != NULL)
             et->endtime = min(*et->renew_till, et->endtime);
-    }  
+    }
  
  #if 0
      /* checks for excess flags */
@@ -512,7 +512,7 @@ check_constrained_delegation(krb5_context context,
  {
      const HDB_Ext_Constrained_delegation_acl *acl;
      krb5_error_code ret;
-    int i;
+    size_t i;
  
      /*
       * constrained_delegation (S4U2Proxy) only works within
@@ -541,7 +541,7 @@ check_constrained_delegation(krb5_context context,
             krb5_clear_error_message(context);
             return ret;
         }
-       
+
         if (acl) {
             for (i = 0; i < acl->len; i++) {
                 if (krb5_principal_compare(context, target, &acl->val[i]) == TRUE)
@@ -623,7 +623,7 @@ fix_transited_encoding(krb5_context context,
      krb5_error_code ret = 0;
      char **realms, **tmp;
      unsigned int num_realms;
-    int i;
+    size_t i;
  
      switch (tr->tr_type) {
      case DOMAIN_X500_COMPRESS:
@@ -843,7 +843,7 @@ tgs_make_reply(krb5_context context,
             renew = min(renew, *server->entry.max_renew);
         *et.renew_till = et.authtime + renew;
      }
-       
+
      if(et.renew_till){
         *et.renew_till = min(*et.renew_till, *tgt->renew_till);
         *et.starttime = min(*et.starttime, *et.renew_till);
@@ -877,7 +877,7 @@ tgs_make_reply(krb5_context context,
         if (ret)
             goto out;
      }
-       
+
      if (auth_data) {
         unsigned int i = 0;
  
@@ -919,7 +919,7 @@ tgs_make_reply(krb5_context context,
         goto out;
      et.crealm = tgt_name->realm;
      et.cname = tgt_name->name;
-       
+
      ek.key = et.key;
      /* MIT must have at least one last_req */
      ek.last_req.len = 1;
@@ -1021,7 +1021,7 @@ tgs_check_authenticator(krb5_context context,
                         krb5_keyblock *key)
  {
      krb5_authenticator auth;
-    size_t len;
+    size_t len = 0;
      unsigned char *buf;
      size_t buf_size;
      krb5_error_code ret;
@@ -1048,7 +1048,7 @@ tgs_check_authenticator(krb5_context context,
         ret =  KRB5KRB_AP_ERR_INAPP_CKSUM;
         goto out;
      }
-               
+
      /* XXX should not re-encode this */
      ASN1_MALLOC_ENCODE(KDC_REQ_BODY, buf, buf_size, b, &len, ret);
      if(ret){
@@ -1107,7 +1107,7 @@ find_rpath(krb5_context context, Realm crealm, Realm srealm)
                                                    NULL);
      return new_realm;
  }
-       
+
  
  static krb5_boolean
  need_referral(krb5_context context, krb5_kdc_configuration *config,
@@ -1148,6 +1148,7 @@ tgs_parse_request(krb5_context context,
                   krb5_keyblock **replykey,
                   int *rk_is_subkey)
  {
+    static char failed[] = "<unparse_name failed>";
      krb5_ap_req ap_req;
      krb5_error_code ret;
      krb5_principal princ;
@@ -1191,7 +1192,7 @@ tgs_parse_request(krb5_context context,
         char *p;
         ret = krb5_unparse_name(context, princ, &p);
         if (ret != 0)
-           p = "<unparse_name failed>";
+           p = failed;
         krb5_free_principal(context, princ);
         kdc_log(context, config, 5, "Ticket-granting ticket account %s does not have secrets at this KDC, need to proxy", p);
         if (ret == 0)
@@ -1203,7 +1204,7 @@ tgs_parse_request(krb5_context context,
         char *p;
         ret = krb5_unparse_name(context, princ, &p);
         if (ret != 0)
-           p = "<unparse_name failed>";
+           p = failed;
         krb5_free_principal(context, princ);
         kdc_log(context, config, 0,
                 "Ticket-granting ticket not found in database: %s", msg);
@@ -1215,13 +1216,13 @@ tgs_parse_request(krb5_context context,
      }
  
      if(ap_req.ticket.enc_part.kvno &&
-       *ap_req.ticket.enc_part.kvno != (*krbtgt)->entry.kvno){
+       (unsigned int)*ap_req.ticket.enc_part.kvno != (*krbtgt)->entry.kvno){
         char *p;
  
         ret = krb5_unparse_name (context, princ, &p);
         krb5_free_principal(context, princ);
         if (ret != 0)
-           p = "<unparse_name failed>";
+           p = failed;
         kdc_log(context, config, 0,
                 "Ticket kvno = %d, DB kvno = %d (%s)",
                 *ap_req.ticket.enc_part.kvno,
@@ -1266,7 +1267,7 @@ tgs_parse_request(krb5_context context,
                               &ap_req_options,
                               ticket,
                               KRB5_KU_TGS_REQ_AUTH);
-                       
+
      krb5_free_principal(context, princ);
      if(ret) {
         const char *msg = krb5_get_error_message(context, ret);
@@ -1396,12 +1397,12 @@ build_server_referral(krb5_context context,
                       const PrincipalName *true_principal_name,
                       const PrincipalName *requested_principal,
                       krb5_data *outdata)
-{              
+{
      PA_ServerReferralData ref;
      krb5_error_code ret;
      EncryptedData ed;
      krb5_data data;
-    size_t size;
+    size_t size = 0;
  
      memset(&ref, 0, sizeof(ref));
  
@@ -1521,7 +1522,7 @@ tgs_build_reply(krb5_context context,
         hdb_entry_ex *uu;
         krb5_principal p;
         Key *uukey;
-       
+
         if(b->additional_tickets == NULL ||
            b->additional_tickets->len == 0){
             ret = KRB5KDC_ERR_BADOPTION; /* ? */
@@ -1567,7 +1568,7 @@ tgs_build_reply(krb5_context context,
      }
  
      _krb5_principalname2krb5_principal(context, &sp, *s, r);
-    ret = krb5_unparse_name(context, sp, &spn);        
+    ret = krb5_unparse_name(context, sp, &spn);
      if (ret)
         goto out;
      _krb5_principalname2krb5_principal(context, &cp, tgt->cname, tgt->crealm);
@@ -1612,7 +1613,7 @@ server_lookup:
                     free(spn);
                     krb5_make_principal(context, &sp, r,
                                         KRB5_TGS_NAME, new_rlm, NULL);
-                   ret = krb5_unparse_name(context, sp, &spn); 
+                   ret = krb5_unparse_name(context, sp, &spn);
                     if (ret)
                         goto out;
  
@@ -1662,7 +1663,7 @@ server_lookup:
         krb5_enctype etype;
  
         if(b->kdc_options.enc_tkt_in_skey) {
-           int i;
+           size_t i;
             ekey = &adtkt.key;
             for(i = 0; i < b->etype.len; i++)
                 if (b->etype.val[i] == adtkt.key.keytype)
@@ -1678,9 +1679,11 @@ server_lookup:
             kvno = 0;
         } else {
             Key *skey;
-       
-           ret = _kdc_find_etype(context, server,
-                                 b->etype.val, b->etype.len, &skey);
+
+           ret = _kdc_find_etype(context,
+                                 config->tgs_use_strongest_session_key, FALSE,
+                                 server, b->etype.val, b->etype.len, NULL,
+                                 &skey);
             if(ret) {
                 kdc_log(context, config, 0,
                         "Server (%s) has no support for etypes", spn);
@@ -1690,7 +1693,7 @@ server_lookup:
             etype = skey->key.keytype;
             kvno = server->entry.kvno;
         }
-       
+
         ret = krb5_generate_random_keyblock(context, etype, &sessionkey);
         if (ret)
             goto out;
@@ -1717,11 +1720,11 @@ server_lookup:
      /* Now refetch the primary krbtgt, and get the current kvno (the
       * sign check may have been on an old kvno, and the server may
       * have been an incoming trust) */
-    ret = krb5_make_principal(context, &krbtgt_principal, 
+    ret = krb5_make_principal(context, &krbtgt_principal,
                               krb5_principal_get_comp_string(context,
                                                              krbtgt->entry.principal,
                                                              1),
-                             KRB5_TGS_NAME, 
+                             KRB5_TGS_NAME,
                               krb5_principal_get_comp_string(context,
                                                              krbtgt->entry.principal,
                                                              1), NULL);
@@ -2052,7 +2055,7 @@ server_lookup:
             goto out;
         }
  
-       ret = check_constrained_delegation(context, config, clientdb, 
+       ret = check_constrained_delegation(context, config, clientdb,
                                            client, server, sp);
         if (ret) {
             kdc_log(context, config, 0,
@@ -2067,17 +2070,18 @@ server_lookup:
         }
  
         krb5_data_free(&rspac);
+
         /*
-        * generate the PAC for the user and pass
-        * dp for the S4U_DELEGATION_INFO blob in the PAC.
+        * generate the PAC for the user.
+        *
+        * TODO: pass in t->sname and t->realm and build
+        * a S4U_DELEGATION_INFO blob to the PAC.
          */
         ret = check_PAC(context, config, tp, dp,
                         client, server, krbtgt,
                         &clientkey->key, &tkey_check->key,
                         ekey, &tkey_sign->key,
                         &adtkt, &rspac, &ad_signedpath);
-       if (ret == 0 && !ad_signedpath)
-           ret = KRB5KDC_ERR_BADOPTION;
         if (ret) {
             const char *msg = krb5_get_error_message(context, ret);
             kdc_log(context, config, 0,
@@ -2094,12 +2098,10 @@ server_lookup:
         ret = check_KRB5SignedPath(context,
                                    config,
                                    krbtgt,
-                                  tp,
+                                  cp,
                                    &adtkt,
                                    NULL,
                                    &ad_signedpath);
-       if (ret == 0 && !ad_signedpath)
-           ret = KRB5KDC_ERR_BADOPTION;
         if (ret) {
             const char *msg = krb5_get_error_message(context, ret);
             kdc_log(context, config, 0,
@@ -2111,6 +2113,16 @@ server_lookup:
             goto out;
         }
  
+       if (!ad_signedpath) {
+           ret = KRB5KDC_ERR_BADOPTION;
+           kdc_log(context, config, 0,
+                   "Ticket not signed with PAC nor SignedPath service %s failed "
+                   "for delegation to %s for client %s (%s)"
+                   "from %s",
+                   spn, tpn, dpn, cpn, from);
+           goto out;
+       }
+
         kdc_log(context, config, 0, "constrained delegation for %s "
                 "from %s (%s) to %s", tpn, cpn, dpn, spn);
      }
@@ -2141,7 +2153,7 @@ server_lookup:
         kdc_log(context, config, 0, "Request from wrong address");
         goto out;
      }
-       
+
      /*
       * If this is an referral, add server referral data to the
       * auth_data reply .
@@ -2203,7 +2215,7 @@ server_lookup:
                          &enc_pa_data,
                          e_text,
                          reply);
-       
+
  out:
      if (tpn != cpn)
             free(tpn);
@@ -2279,7 +2291,7 @@ _kdc_tgs_rep(krb5_context context,
  
      if(tgs_req == NULL){
         ret = KRB5KDC_ERR_PADATA_TYPE_NOSUPP;
-       
+
         kdc_log(context, config, 0,
                 "TGS-REQ from %s without PA-TGS-REQ", from);
         goto out;
diff --git a/source4/heimdal/kdc/kx509.c b/source4/heimdal/kdc/kx509.c

index f6f8f8a3bd6ee8f48c32ec8bf0dfeb00d01b78d3..8d683d50a375ddb35968f801c6b8cd7c741c6afd 100644 (file)
--- a/source4/heimdal/kdc/kx509.c
+++ b/source4/heimdal/kdc/kx509.c
@@ -259,7 +259,7 @@ build_certificate(krb5_context context,
      hx509_cert_free(cert);
      if (ret)
         goto out;
-               
+
      return 0;
  out:
      if (env)
@@ -355,7 +355,7 @@ _kdc_do_kx509(krb5_context context,
                 krb5_xfree(expected);
                 goto out;
             }
-           
+
             ret = KRB5KDC_ERR_SERVER_NOMATCH;
             krb5_set_error_message(context, ret,
                                    "User %s used wrong Kx509 service "
diff --git a/source4/heimdal/kdc/log.c b/source4/heimdal/kdc/log.c

index 6657aca5cb48eadba9ddd0c66d4b7ee51f3c8d3e..6d85729f514cb6cef898331ceec0f8612e5cbab5 100644 (file)
--- a/source4/heimdal/kdc/log.c
+++ b/source4/heimdal/kdc/log.c
@@ -50,10 +50,12 @@ kdc_openlog(krb5_context context,
             krb5_addlog_dest(context, config->logf, *p);
         krb5_config_free_strings(s);
      }else {
-       char *s;
-       asprintf(&s, "0-1/FILE:%s/%s", hdb_db_dir(context), KDC_LOG_FILE);
-       krb5_addlog_dest(context, config->logf, s);
-       free(s);
+       char *ss;
+       if (asprintf(&ss, "0-1/FILE:%s/%s", hdb_db_dir(context),
+           KDC_LOG_FILE) < 0)
+           err(1, NULL);
+       krb5_addlog_dest(context, config->logf, ss);
+       free(ss);
      }
      krb5_set_warn_dest(context, config->logf);
  }
diff --git a/source4/heimdal/kdc/misc.c b/source4/heimdal/kdc/misc.c

index 297fa3824b72e88a7bbd418e54cfbea084178615..f9b34571a32a13930a9793111f1a8571de8dc77a 100644 (file)
--- a/source4/heimdal/kdc/misc.c
+++ b/source4/heimdal/kdc/misc.c
@@ -62,7 +62,7 @@ _kdc_db_fetch(krb5_context context,
  
      for(i = 0; i < config->num_db; i++) {
         krb5_principal enterprise_principal = NULL;
-       if (!(config->db[i]->hdb_capability_flags & HDB_CAP_F_HANDLE_ENTERPRISE_PRINCIPAL) 
+       if (!(config->db[i]->hdb_capability_flags & HDB_CAP_F_HANDLE_ENTERPRISE_PRINCIPAL)
             && principal->name.name_type == KRB5_NT_ENTERPRISE_PRINCIPAL) {
             if (principal->name.name_string.len != 1) {
                 ret = KRB5_PARSE_MALFORMED;
@@ -134,24 +134,41 @@ _kdc_get_preferred_key(krb5_context context,
                        krb5_enctype *enctype,
                        Key **key)
  {
-    const krb5_enctype *p;
      krb5_error_code ret;
      int i;
  
-    p = krb5_kerberos_enctypes(context);
-
-    for (i = 0; p[i] != ETYPE_NULL; i++) {
-       if (krb5_enctype_valid(context, p[i]) != 0)
-           continue;
-       ret = hdb_enctype2key(context, &h->entry, p[i], key);
-       if (ret == 0) {
-           *enctype = p[i];
+    if (config->use_strongest_server_key) {
+       const krb5_enctype *p = krb5_kerberos_enctypes(context);
+
+       for (i = 0; p[i] != ETYPE_NULL; i++) {
+           if (krb5_enctype_valid(context, p[i]) != 0)
+               continue;
+           ret = hdb_enctype2key(context, &h->entry, p[i], key);
+           if (ret != 0)
+               continue;
+           if (enctype != NULL)
+               *enctype = p[i];
+           return 0;
+       }
+    } else {
+       *key = NULL;
+
+       for (i = 0; i < h->entry.keys.len; i++) {
+           if (krb5_enctype_valid(context, h->entry.keys.val[i].key.keytype)
+               != 0)
+               continue;
+           ret = hdb_enctype2key(context, &h->entry,
+               h->entry.keys.val[i].key.keytype, key);
+           if (ret != 0)
+               continue;
+           if (enctype != NULL)
+               *enctype = (*key)->key.keytype;
             return 0;
         }
      }
  
      krb5_set_error_message(context, EINVAL,
                            "No valid kerberos key found for %s", name);
-    return EINVAL;
+    return EINVAL; /* XXX */
  }
  
diff --git a/source4/heimdal/kdc/pkinit.c b/source4/heimdal/kdc/pkinit.c

index 9c0be23b14c3d78d44b137af97a9a5fc7db4a7cd..a02cb816ab7e1bdc3765badaf5823111bf4b5945 100644 (file)
--- a/source4/heimdal/kdc/pkinit.c
+++ b/source4/heimdal/kdc/pkinit.c
@@ -116,7 +116,7 @@ pk_check_pkauthenticator(krb5_context context,
      u_char *buf = NULL;
      size_t buf_size;
      krb5_error_code ret;
-    size_t len;
+    size_t len = 0;
      krb5_timestamp now;
      Checksum checksum;
  
@@ -148,7 +148,7 @@ pk_check_pkauthenticator(krb5_context context,
         krb5_clear_error_message(context);
         return ret;
      }
-       
+
      if (a->paChecksum == NULL) {
         krb5_clear_error_message(context);
         ret = KRB5_KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED;
@@ -222,7 +222,7 @@ generate_dh_keyblock(krb5_context context,
  
         if (!DH_generate_key(client_params->u.dh.key)) {
             ret = KRB5KRB_ERR_GENERIC;
-           krb5_set_error_message(context, ret, 
+           krb5_set_error_message(context, ret,
                                    "Can't generate Diffie-Hellman keys");
             goto out;
         }
@@ -237,7 +237,7 @@ generate_dh_keyblock(krb5_context context,
         }
  
         dh_gen_keylen = DH_compute_key(dh_gen_key,client_params->u.dh.public_key, client_params->u.dh.key);
-       if (dh_gen_keylen == -1) {
+       if (dh_gen_keylen == (size_t)-1) {
             ret = KRB5KRB_ERR_GENERIC;
             krb5_set_error_message(context, ret,
                                    "Can't compute Diffie-Hellman key");
@@ -281,14 +281,14 @@ generate_dh_keyblock(krb5_context context,
             goto out;
         }
  
-       dh_gen_keylen = ECDH_compute_key(dh_gen_key, size, 
+       dh_gen_keylen = ECDH_compute_key(dh_gen_key, size,
                                          EC_KEY_get0_public_key(client_params->u.ecdh.public_key),
                                          client_params->u.ecdh.key, NULL);
  
  #endif /* HAVE_OPENSSL */
      } else {
         ret = KRB5KRB_ERR_GENERIC;
-       krb5_set_error_message(context, ret, 
+       krb5_set_error_message(context, ret,
                                "Diffie-Hellman not selected keys");
         goto out;
      }
@@ -525,7 +525,7 @@ _kdc_pk_rd_padata(krb5_context context,
         goto out;
      }
  
-    ret = hx509_certs_merge(context->hx509ctx, trust_anchors, 
+    ret = hx509_certs_merge(context->hx509ctx, trust_anchors,
                             kdc_identity->anchors);
      if (ret) {
         hx509_certs_free(&trust_anchors);
@@ -538,7 +538,7 @@ _kdc_pk_rd_padata(krb5_context context,
      if (ret == 0 && pc != NULL) {
         hx509_cert cert;
         unsigned int i;
-       
+
         for (i = 0; i < pc->len; i++) {
             ret = hx509_cert_init_data(context->hx509ctx,
                                        pc->val[i].cert.data,
@@ -572,7 +572,7 @@ _kdc_pk_rd_padata(krb5_context context,
  
         if (req->req_body.kdc_options.request_anonymous) {
             ret = KRB5_KDC_ERR_PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED;
-           krb5_set_error_message(context, ret, 
+           krb5_set_error_message(context, ret,
                                    "Anon not supported in RSA mode");
             goto out;
         }
@@ -586,7 +586,7 @@ _kdc_pk_rd_padata(krb5_context context,
                                    "PK-AS-REQ-Win2k: %d", ret);
             goto out;
         }
-       
+
         ret = hx509_cms_unwrap_ContentInfo(&r.signed_auth_pack,
                                            &contentInfoOid,
                                            &signed_content,
@@ -612,7 +612,7 @@ _kdc_pk_rd_padata(krb5_context context,
                                    "Can't decode PK-AS-REQ: %d", ret);
             goto out;
         }
-       
+
         /* XXX look at r.kdcPkId */
         if (r.trustedCertifiers) {
             ExternalPrincipalIdentifiers *edi = r.trustedCertifiers;
@@ -624,12 +624,12 @@ _kdc_pk_rd_padata(krb5_context context,
                                    &cp->client_anchors);
             if (ret) {
                 krb5_set_error_message(context, ret,
-                                      "Can't allocate client anchors: %d", 
+                                      "Can't allocate client anchors: %d",
                                        ret);
                 goto out;
  
             }
-           /* 
+           /*
              * If the client sent more then 10 EDI, don't bother
              * looking more then 10 of performance reasons.
              */
@@ -651,7 +651,7 @@ _kdc_pk_rd_padata(krb5_context context,
                                           "Failed to allocate hx509_query");
                     goto out;
                 }
-               
+
                 ret = decode_IssuerAndSerialNumber(edi->val[i].issuerAndSerialNumber->data,
                                                    edi->val[i].issuerAndSerialNumber->length,
                                                    &iasn,
@@ -704,7 +704,7 @@ _kdc_pk_rd_padata(krb5_context context,
                                "PK-AS-REQ-Win2k invalid content type oid");
         goto out;
      }
-       
+
      if (!have_data) {
         ret = KRB5KRB_ERR_GENERIC;
         krb5_set_error_message(context, ret,
@@ -805,7 +805,7 @@ _kdc_pk_rd_padata(krb5_context context,
             ap.clientPublicValue == NULL) {
             free_AuthPack(&ap);
             ret = KRB5_KDC_ERR_PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED;
-           krb5_set_error_message(context, ret, 
+           krb5_set_error_message(context, ret,
                                    "Anon not supported in RSA mode");
             goto out;
         }
@@ -849,7 +849,7 @@ _kdc_pk_rd_padata(krb5_context context,
             free_AuthPack(&ap);
             goto out;
         }
-       
+
         if (ap.supportedCMSTypes) {
             ret = hx509_peer_info_set_cms_algs(context->hx509ctx,
                                                cp->peer,
@@ -885,7 +885,7 @@ out:
      der_free_oid(&contentInfoOid);
      if (ret) {
          _kdc_pk_free_client_param(context, cp);
-    } else 
+    } else
         *ret_params = cp;
      return ret;
  }
@@ -921,7 +921,7 @@ pk_mk_pa_reply_enckey(krb5_context context,
      const heim_oid *envelopedAlg = NULL, *sdAlg = NULL, *evAlg = NULL;
      krb5_error_code ret;
      krb5_data buf, signed_data;
-    size_t size;
+    size_t size = 0;
      int do_win2k = 0;
  
      krb5_data_zero(&buf);
@@ -954,7 +954,7 @@ pk_mk_pa_reply_enckey(krb5_context context,
         break;
      default:
         krb5_abortx(context, "internal pkinit error");
-    }  
+    }
  
      if (do_win2k) {
         ReplyKeyPack_Win2k kp;
@@ -966,7 +966,7 @@ pk_mk_pa_reply_enckey(krb5_context context,
             goto out;
         }
         kp.nonce = cp->nonce;
-       
+
         ASN1_MALLOC_ENCODE(ReplyKeyPack_Win2k,
                            buf.data, buf.length,
                            &kp, &size,ret);
@@ -995,7 +995,7 @@ pk_mk_pa_reply_enckey(krb5_context context,
             krb5_clear_error_message(context);
             goto out;
         }
-                       
+
         ret = krb5_crypto_destroy(context, ascrypto);
         if (ret) {
             krb5_clear_error_message(context);
@@ -1015,15 +1015,15 @@ pk_mk_pa_reply_enckey(krb5_context context,
      {
         hx509_query *q;
         hx509_cert cert;
-       
+
         ret = hx509_query_alloc(context->hx509ctx, &q);
         if (ret)
             goto out;
-       
+
         hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY);
         if (config->pkinit_kdc_friendly_name)
             hx509_query_match_friendly_name(q, config->pkinit_kdc_friendly_name);
-       
+
         ret = hx509_certs_find(context->hx509ctx,
                                kdc_identity->certs,
                                q,
@@ -1031,7 +1031,7 @@ pk_mk_pa_reply_enckey(krb5_context context,
         hx509_query_free(context->hx509ctx, q);
         if (ret)
             goto out;
-       
+
         ret = hx509_cms_create_signed_1(context->hx509ctx,
                                         0,
                                         sdAlg,
@@ -1078,7 +1078,7 @@ out:
          hx509_cert_free(*kdc_cert);
         *kdc_cert = NULL;
      }
-      
+
      krb5_data_free(&buf);
      krb5_data_free(&signed_data);
      return ret;
@@ -1101,7 +1101,7 @@ pk_mk_pa_reply_dh(krb5_context context,
      krb5_error_code ret;
      hx509_cert cert;
      hx509_query *q;
-    size_t size;
+    size_t size = 0;
  
      memset(&contentinfo, 0, sizeof(contentinfo));
      memset(&dh_info, 0, sizeof(dh_info));
@@ -1117,7 +1117,7 @@ pk_mk_pa_reply_dh(krb5_context context,
         ret = BN_to_integer(context, kdc_dh->pub_key, &i);
         if (ret)
             return ret;
-       
+
         ASN1_MALLOC_ENCODE(DHPublicKey, buf.data, buf.length, &i, &size, ret);
         der_free_heim_integer(&i);
         if (ret) {
@@ -1127,7 +1127,7 @@ pk_mk_pa_reply_dh(krb5_context context,
         }
         if (buf.length != size)
             krb5_abortx(context, "Internal ASN.1 encoder error");
-       
+
         dh_info.subjectPublicKey.length = buf.length * 8;
         dh_info.subjectPublicKey.data = buf.data;
         krb5_data_zero(&buf);
@@ -1154,7 +1154,7 @@ pk_mk_pa_reply_dh(krb5_context context,
      } else
         krb5_abortx(context, "no keyex selected ?");
  
-       
+
      dh_info.nonce = cp->nonce;
  
      ASN1_MALLOC_ENCODE(KDCDHKeyInfo, buf.data, buf.length, &dh_info, &size,
@@ -1175,11 +1175,11 @@ pk_mk_pa_reply_dh(krb5_context context,
      ret = hx509_query_alloc(context->hx509ctx, &q);
      if (ret)
         goto out;
-    
+
      hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY);
      if (config->pkinit_kdc_friendly_name)
         hx509_query_match_friendly_name(q, config->pkinit_kdc_friendly_name);
-    
+
      ret = hx509_certs_find(context->hx509ctx,
                            kdc_identity->certs,
                            q,
@@ -1187,7 +1187,7 @@ pk_mk_pa_reply_dh(krb5_context context,
      hx509_query_free(context->hx509ctx, q);
      if (ret)
         goto out;
-    
+
      ret = hx509_cms_create_signed_1(context->hx509ctx,
                                     0,
                                     &asn1_oid_id_pkdhkeydata,
@@ -1242,12 +1242,12 @@ _kdc_pk_mk_pa_reply(krb5_context context,
                     METHOD_DATA *md)
  {
      krb5_error_code ret;
-    void *buf;
-    size_t len, size;
+    void *buf = NULL;
+    size_t len = 0, size = 0;
      krb5_enctype enctype;
      int pa_type;
      hx509_cert kdc_cert = NULL;
-    int i;
+    size_t i;
  
      if (!config->enable_pkinit) {
         krb5_clear_error_message(context);
@@ -1263,7 +1263,7 @@ _kdc_pk_mk_pa_reply(krb5_context context,
             krb5_set_error_message(context, ret,
                                    "No valid enctype available from client");
             goto out;
-       }       
+       }
         enctype = req->req_body.etype.val[i];
      } else
         enctype = ETYPE_DES3_CBC_SHA1;
@@ -1314,7 +1314,7 @@ _kdc_pk_mk_pa_reply(krb5_context context,
             if (rep.u.encKeyPack.length != size)
                 krb5_abortx(context, "Internal ASN.1 encoder error");
  
-           ret = krb5_generate_random_keyblock(context, sessionetype, 
+           ret = krb5_generate_random_keyblock(context, sessionetype,
                                                 sessionkey);
             if (ret) {
                 free_PA_PK_AS_REP(&rep);
@@ -1368,7 +1368,7 @@ _kdc_pk_mk_pa_reply(krb5_context context,
                 krb5_abortx(context, "Internal ASN.1 encoder error");
  
             /* XXX KRB-FX-CF2 */
-           ret = krb5_generate_random_keyblock(context, sessionetype, 
+           ret = krb5_generate_random_keyblock(context, sessionetype,
                                                 sessionkey);
             if (ret) {
                 free_PA_PK_AS_REP(&rep);
@@ -1463,7 +1463,7 @@ _kdc_pk_mk_pa_reply(krb5_context context,
         if (len != size)
             krb5_abortx(context, "Internal ASN.1 encoder error");
  
-       ret = krb5_generate_random_keyblock(context, sessionetype, 
+       ret = krb5_generate_random_keyblock(context, sessionetype,
                                             sessionkey);
         if (ret) {
             free(buf);
@@ -1507,7 +1507,7 @@ _kdc_pk_mk_pa_reply(krb5_context context,
                         "PK-INIT failed to stat ocsp data %d", ret);
                 goto out_ocsp;
             }
-       
+
             ret = krb5_data_alloc(&ocsp.data, sb.st_size);
             if (ret) {
                 close(fd);
@@ -1575,7 +1575,8 @@ match_rfc_san(krb5_context context,
               krb5_const_principal match)
  {
      hx509_octet_string_list list;
-    int ret, i, found = 0;
+    int ret, found = 0;
+    size_t i;
  
      memset(&list, 0 , sizeof(list));
  
@@ -1679,12 +1680,12 @@ match_ms_upn_san(krb5_context context,
      if (clientdb->hdb_check_pkinit_ms_upn_match) {
         ret = clientdb->hdb_check_pkinit_ms_upn_match(context, clientdb, client, principal);
      } else {
-           
+
         /*
          * This is very wrong, but will do for a fallback
          */
         strupr(principal->realm);
-           
+
         if (krb5_principal_compare(context, principal, client->entry.principal) == FALSE)
             ret = KRB5_KDC_ERR_CLIENT_NAME_MISMATCH;
      }
@@ -1709,7 +1710,7 @@ _kdc_pk_check_client(krb5_context context,
      const HDB_Ext_PKINIT_cert *pc;
      krb5_error_code ret;
      hx509_name name;
-    int i;
+    size_t i;
  
      if (cp->cert == NULL) {
  
@@ -1737,12 +1738,12 @@ _kdc_pk_check_client(krb5_context context,
      ret = hdb_entry_get_pkinit_cert(&client->entry, &pc);
      if (ret == 0 && pc) {
         hx509_cert cert;
-       unsigned int i;
-       
-       for (i = 0; i < pc->len; i++) {
+       size_t j;
+
+       for (j = 0; j < pc->len; j++) {
             ret = hx509_cert_init_data(context->hx509ctx,
-                                      pc->val[i].cert.data,
-                                      pc->val[i].cert.length,
+                                      pc->val[j].cert.data,
+                                      pc->val[j].cert.length,
                                        &cert);
             if (ret)
                 continue;
@@ -1770,7 +1771,7 @@ _kdc_pk_check_client(krb5_context context,
         ret = match_ms_upn_san(context, config,
                                context->hx509ctx,
                                cp->cert,
-                              clientdb, 
+                              clientdb,
                                client);
         if (ret == 0) {
             kdc_log(context, config, 5,
@@ -1871,7 +1872,7 @@ _kdc_add_inital_verified_cas(krb5_context context,
      AD_INITIAL_VERIFIED_CAS cas;
      krb5_error_code ret;
      krb5_data data;
-    size_t size;
+    size_t size = 0;
  
      memset(&cas, 0, sizeof(cas));
  
@@ -1937,7 +1938,7 @@ load_mappings(krb5_context context, const char *fn)
  
      fclose(f);
  }
-               
+
  /*
   *
   */
@@ -1982,17 +1983,17 @@ krb5_kdc_pk_initialize(krb5_context context,
      {
         hx509_query *q;
         hx509_cert cert;
-       
+
         ret = hx509_query_alloc(context->hx509ctx, &q);
         if (ret) {
             krb5_warnx(context, "PKINIT: out of memory");
             return ENOMEM;
         }
-       
+
         hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY);
         if (config->pkinit_kdc_friendly_name)
             hx509_query_match_friendly_name(q, config->pkinit_kdc_friendly_name);
-       
+
         ret = hx509_certs_find(context->hx509ctx,
                                kdc_identity->certs,
                                q,
diff --git a/source4/heimdal/kdc/process.c b/source4/heimdal/kdc/process.c

index 42266003312e5d214d0d77b556bf46214af69cc8..6f36915800bb9ee3245828334c8514f14e915e94 100644 (file)
--- a/source4/heimdal/kdc/process.c
+++ b/source4/heimdal/kdc/process.c
@@ -47,7 +47,7 @@ krb5_kdc_update_time(struct timeval *tv)
         _kdc_now = *tv;
  }
  
-static krb5_error_code 
+static krb5_error_code
  kdc_as_req(krb5_context context,
            krb5_kdc_configuration *config,
            krb5_data *req_buffer,
@@ -74,7 +74,7 @@ kdc_as_req(krb5_context context,
  }
  
  
-static krb5_error_code 
+static krb5_error_code
  kdc_tgs_req(krb5_context context,
             krb5_kdc_configuration *config,
             krb5_data *req_buffer,
@@ -91,10 +91,10 @@ kdc_tgs_req(krb5_context context,
      ret = decode_TGS_REQ(req_buffer->data, req_buffer->length, &req, &len);
      if (ret)
         return ret;
-    
+
      *claim = 1;
  
-    ret = _kdc_tgs_rep(context, config, &req, reply, 
+    ret = _kdc_tgs_rep(context, config, &req, reply,
                        from, addr, datagram_reply);
      free_TGS_REQ(&req);
      return ret;
@@ -102,7 +102,7 @@ kdc_tgs_req(krb5_context context,
  
  #ifdef DIGEST
  
-static krb5_error_code 
+static krb5_error_code
  kdc_digest(krb5_context context,
            krb5_kdc_configuration *config,
            krb5_data *req_buffer,
@@ -132,7 +132,7 @@ kdc_digest(krb5_context context,
  
  #ifdef KX509
  
-static krb5_error_code 
+static krb5_error_code
  kdc_kx509(krb5_context context,
           krb5_kdc_configuration *config,
           krb5_data *req_buffer,
@@ -193,7 +193,7 @@ krb5_kdc_process_request(krb5_context context,
      unsigned int i;
      krb5_data req_buffer;
      int claim = 0;
-    
+
      req_buffer.data = buf;
      req_buffer.length = len;
  
@@ -232,7 +232,7 @@ krb5_kdc_process_krb5_request(krb5_context context,
      unsigned int i;
      krb5_data req_buffer;
      int claim = 0;
-    
+
      req_buffer.data = buf;
      req_buffer.length = len;
  
@@ -245,7 +245,7 @@ krb5_kdc_process_krb5_request(krb5_context context,
         if (claim)
             return ret;
      }
-                       
+
      return -1;
  }
  
diff --git a/source4/heimdal/kdc/windc.c b/source4/heimdal/kdc/windc.c

index a58cebb8b241a407270509f9316e07207eea0c76..ba87abb7cc0b93fd20535149571426a3735c1e33 100644 (file)
--- a/source4/heimdal/kdc/windc.c
+++ b/source4/heimdal/kdc/windc.c
@@ -55,7 +55,7 @@ krb5_kdc_windc_init(krb5_context context)
         windcft = _krb5_plugin_get_symbol(e);
         if (windcft->minor_version < KRB5_WINDC_PLUGIN_MINOR)
             continue;
-       
+
         (*windcft->init)(context, &windcctx);
         break;
      }
@@ -119,9 +119,9 @@ _kdc_check_access(krb5_context context,
                                    server_ex, server_name,
                                    req->msg_type == krb_as_req);
  
-    return (windcft->client_access)(windcctx, 
-                                   context, config, 
-                                   client_ex, client_name, 
-                                   server_ex, server_name, 
+    return (windcft->client_access)(windcctx,
+                                   context, config,
+                                   client_ex, client_name,
+                                   server_ex, server_name,
                                     req, e_data);
  }
diff --git a/source4/heimdal/kdc/windc_plugin.h b/source4/heimdal/kdc/windc_plugin.h

index b328e3ffb3889124ec5add8d7e4c73df5cad6e61..fa4ba434f3edbc4c2bcaed7a56e0ef313c8d47ca 100644 (file)
--- a/source4/heimdal/kdc/windc_plugin.h
+++ b/source4/heimdal/kdc/windc_plugin.h
@@ -66,10 +66,10 @@ typedef krb5_error_code
  
  typedef krb5_error_code
  (*krb5plugin_windc_client_access)(
-       void *, krb5_context, 
+       void *, krb5_context,
         krb5_kdc_configuration *config,
-       hdb_entry_ex *, const char *, 
-       hdb_entry_ex *, const char *, 
+       hdb_entry_ex *, const char *,
+       hdb_entry_ex *, const char *,
         KDC_REQ *, krb5_data *);
  
  
diff --git a/source4/heimdal/kpasswd/kpasswd.c b/source4/heimdal/kpasswd/kpasswd.c

index 0258c1ac09ac6fa07cb49d88717320085f7bcbc5..e681a359d464172e39982e4972fa12e2764b354b 100644 (file)
--- a/source4/heimdal/kpasswd/kpasswd.c
+++ b/source4/heimdal/kpasswd/kpasswd.c
@@ -40,10 +40,11 @@ static char *admin_principal_str;
  static char *cred_cache_str;
  
  static struct getargs args[] = {
-    { "admin-principal",       0,   arg_string, &admin_principal_str },
-    { "cache",                 'c', arg_string, &cred_cache_str },
-    { "version",               0,   arg_flag, &version_flag },
-    { "help",                  0,   arg_flag, &help_flag }
+    { "admin-principal",       0,   arg_string, &admin_principal_str, NULL,
+        NULL },
+    { "cache",                 'c', arg_string, &cred_cache_str, NULL, NULL },
+    { "version",               0,   arg_flag, &version_flag, NULL, NULL },
+    { "help",                  0,   arg_flag, &help_flag, NULL, NULL }
  };
  
  static void
@@ -197,9 +198,9 @@ main (int argc, char **argv)
         default:
             krb5_err(context, 1, ret, "krb5_get_init_creds");
         }
-       
+
         krb5_get_init_creds_opt_free(context, opt);
-       
+
         ret = krb5_cc_initialize(context, id, admin_principal);
         krb5_free_principal(context, admin_principal);
         if (ret)
@@ -208,7 +209,7 @@ main (int argc, char **argv)
         ret = krb5_cc_store_cred(context, id, &cred);
         if (ret)
             krb5_err(context, 1, ret, "krb5_cc_store_cred");
-       
+
         krb5_free_cred_contents (context, &cred);
      }
  
diff --git a/source4/heimdal/kuser/kinit.c b/source4/heimdal/kuser/kinit.c

index 846232a4f293c6e32c5efae790c191c9337c0ec0..e872fef9bee035ab82da930cd93c5dcab690e1fc 100644 (file)
--- a/source4/heimdal/kuser/kinit.c
+++ b/source4/heimdal/kuser/kinit.c
@@ -96,31 +96,31 @@ static struct getargs args[] = {
       * 9:
       */
      { "afslog",        0  , arg_flag, &do_afslog,
-      NP_("obtain afs tokens", "")  },
+      NP_("obtain afs tokens", ""), NULL },
  
      { "cache",                 'c', arg_string, &cred_cache,
        NP_("credentials cache", ""), "cachename" },
  
      { "forwardable",   0, arg_negative_flag, &forwardable_flag,
-      NP_("get tickets not forwardable", "")},
+      NP_("get tickets not forwardable", ""), NULL },
  
      { NULL,            'f', arg_flag, &forwardable_flag,
-      NP_("get forwardable tickets", "")},
+      NP_("get forwardable tickets", ""), NULL },
  
      { "keytab",         't', arg_string, &keytab_str,
        NP_("keytab to use", ""), "keytabname" },
  
      { "lifetime",      'l', arg_string, &lifetime,
-      NP_("lifetime of tickets", ""), "time"},
+      NP_("lifetime of tickets", ""), "time" },
  
      { "proxiable",     'p', arg_flag, &proxiable_flag,
-      NP_("get proxiable tickets", "") },
+      NP_("get proxiable tickets", ""), NULL },
  
      { "renew",          'R', arg_flag, &renew_flag,
-      NP_("renew TGT", "") },
+      NP_("renew TGT", ""), NULL },
  
      { "renewable",     0,   arg_flag, &renewable_flag,
-      NP_("get renewable tickets", "") },
+      NP_("get renewable tickets", ""), NULL },
  
      { "renewable-life",        'r', arg_string, &renew_life,
        NP_("renewable lifetime of tickets", ""), "time" },
@@ -132,40 +132,40 @@ static struct getargs args[] = {
        NP_("when ticket gets valid", ""), "time" },
  
      { "use-keytab",     'k', arg_flag, &use_keytab,
-      NP_("get key from keytab", "") },
+      NP_("get key from keytab", ""), NULL },
  
      { "validate",      'v', arg_flag, &validate_flag,
-      NP_("validate TGT", "") },
+      NP_("validate TGT", ""), NULL },
  
      { "enctypes",      'e', arg_strings, &etype_str,
        NP_("encryption types to use", ""), "enctypes" },
  
      { "fcache-version", 0,   arg_integer, &fcache_version,
-      NP_("file cache version to create", "") },
+      NP_("file cache version to create", ""), NULL },
  
      { "addresses",     'A',   arg_negative_flag,       &addrs_flag,
-      NP_("request a ticket with no addresses", "") },
+      NP_("request a ticket with no addresses", ""), NULL },
  
      { "extra-addresses",'a', arg_strings,      &extra_addresses,
        NP_("include these extra addresses", ""), "addresses" },
  
      { "anonymous",     0,   arg_flag,  &anonymous_flag,
-      NP_("request an anonymous ticket", "") },
+      NP_("request an anonymous ticket", ""), NULL },
  
      { "request-pac",   0,   arg_flag,  &pac_flag,
-      NP_("request a Windows PAC", "") },
+      NP_("request a Windows PAC", ""), NULL },
  
      { "password-file", 0,   arg_string, &password_file,
-      NP_("read the password from a file", "") },
+      NP_("read the password from a file", ""), NULL },
  
      { "canonicalize",0,   arg_flag, &canonicalize_flag,
-      NP_("canonicalize client principal", "") },
+      NP_("canonicalize client principal", ""), NULL },
  
      { "enterprise",0,   arg_flag, &enterprise_flag,
-      NP_("parse principal as a KRB5-NT-ENTERPRISE name", "") },
+      NP_("parse principal as a KRB5-NT-ENTERPRISE name", ""), NULL },
  #ifdef PKINIT
      { "pk-enterprise", 0,      arg_flag,       &pk_enterprise_flag,
-      NP_("use enterprise name from certificate", "") },
+      NP_("use enterprise name from certificate", ""), NULL },
  
      { "pk-user",       'C',    arg_string,     &pk_user_id,
        NP_("principal's public/private/certificate identifier", ""), "id" },
@@ -174,7 +174,7 @@ static struct getargs args[] = {
        NP_("directory with CA certificates", ""), "directory" },
  
      { "pk-use-enckey", 0,  arg_flag, &pk_use_enckey,
-      NP_("Use RSA encrypted reply (instead of DH)", "") },
+      NP_("Use RSA encrypted reply (instead of DH)", ""), NULL },
  #endif
  #ifndef NO_NTLM
      { "ntlm-domain",   0,  arg_string, &ntlm_domain,
@@ -182,19 +182,19 @@ static struct getargs args[] = {
  #endif
  
      { "change-default",  0,  arg_negative_flag, &switch_cache_flags,
-      NP_("switch the default cache to the new credentials cache", "") },
+      NP_("switch the default cache to the new credentials cache", ""), NULL },
  
      { "ok-as-delegate",        0,  arg_flag, &ok_as_delegate_flag,
-      NP_("honor ok-as-delegate on tickets", "") },
+      NP_("honor ok-as-delegate on tickets", ""), NULL },
  
      { "use-referrals", 0,  arg_flag, &use_referrals_flag,
-      NP_("only use referrals, no dns canalisation", "") },
+      NP_("only use referrals, no dns canalisation", ""), NULL },
  
      { "windows",       0,  arg_flag, &windows_flag,
-      NP_("get windows behavior", "") },
+      NP_("get windows behavior", ""), NULL },
  
-    { "version",       0,   arg_flag, &version_flag },
-    { "help",          0,   arg_flag, &help_flag }
+    { "version",       0,   arg_flag, &version_flag, NULL, NULL },
+    { "help",          0,   arg_flag, &help_flag, NULL, NULL }
  };
  
  static void
@@ -357,7 +357,7 @@ get_new_tickets(krb5_context context,
      char passwd[256];
      krb5_deltat start_time = 0;
      krb5_deltat renew = 0;
-    char *renewstr = NULL;
+    const char *renewstr = NULL;
      krb5_enctype *enctype = NULL;
      krb5_ccache tempccache;
  #ifndef NO_NTLM
@@ -466,7 +466,7 @@ get_new_tickets(krb5_context context,
         renew = parse_time (renewstr, "s");
         if (renew < 0)
             errx (1, "unparsable time: %s", renewstr);
-       
+
         krb5_get_init_creds_opt_set_renew_life (opt, renew);
      }
  
@@ -532,11 +532,11 @@ get_new_tickets(krb5_context context,
  
         if (passwd[0] == '\0') {
             char *p, *prompt;
-       
+
             krb5_unparse_name (context, principal, &p);
             asprintf (&prompt, N_("%s's Password: ", ""), p);
             free (p);
-       
+
             if (UI_UTIL_read_pw_string(passwd, sizeof(passwd)-1, prompt, 0)){
                 memset(passwd, 0, sizeof(passwd));
                 exit(1);
@@ -544,7 +544,7 @@ get_new_tickets(krb5_context context,
             free (prompt);
         }
  
-       
+
         ret = krb5_get_init_creds_password (context,
                                             &cred,
                                             principal,
@@ -592,7 +592,7 @@ get_new_tickets(krb5_context context,
             char life[64];
             unparse_time_approx(cred.times.renew_till - cred.times.starttime,
                                 life, sizeof(life));
-           krb5_warnx(context, 
+           krb5_warnx(context,
                        N_("NOTICE: ticket renewable lifetime is %s", ""),
                        life);
         }
@@ -773,7 +773,7 @@ main (int argc, char **argv)
      } else if (anonymous_flag) {
  
         ret = krb5_make_principal(context, &principal, argv[0],
-                                 KRB5_WELLKNOWN_NAME, KRB5_ANON_NAME, 
+                                 KRB5_WELLKNOWN_NAME, KRB5_ANON_NAME,
                                   NULL);
         if (ret)
             krb5_err(context, 1, ret, "krb5_make_principal");
@@ -825,7 +825,7 @@ main (int argc, char **argv)
                 if (ret)
                     krb5_err (context, 1, ret, N_("resolving credentials cache", ""));
  
-               /* 
+               /*
                  * Check if the type support switching, and we do,
                  * then do that instead over overwriting the current
                  * default credential
@@ -904,7 +904,7 @@ main (int argc, char **argv)
             krb5_warnx(context, N_("permission denied: %s", ""), argv[1]);
         else if(ret == EX_NOTFOUND)
             krb5_warnx(context, N_("command not found: %s", ""), argv[1]);
-       
+
         krb5_cc_destroy(context, ccache);
  #ifndef NO_AFS
         if(k_hasafs())
diff --git a/source4/heimdal/lib/asn1/asn1-common.h b/source4/heimdal/lib/asn1/asn1-common.h

index 9c8793e0ccfcde9af6d75c01072165a2e51ce69e..4083ebc23dd65031911ac613dafa03fe95066e74 100644 (file)
--- a/source4/heimdal/lib/asn1/asn1-common.h
+++ b/source4/heimdal/lib/asn1/asn1-common.h
@@ -75,5 +75,5 @@ typedef struct heim_octet_string heim_any_set;
  #define ASN1EXP
  #define ASN1CALL
  #endif
-         
+
  #endif
diff --git a/source4/heimdal/lib/asn1/asn1parse.c b/source4/heimdal/lib/asn1/asn1parse.c

index 08d068b6a433f787a81392638f016479b8c2c206..8c64a35fca99734ee2afc24a9be597db87b25c03 100644 (file)
--- a/source4/heimdal/lib/asn1/asn1parse.c
+++ b/source4/heimdal/lib/asn1/asn1parse.c
@@ -1905,7 +1905,7 @@ yyreduce:
  
  /* Line 1455 of yacc.c  */
  #line 368 "asn1parse.c"
-    {  
+    {
                     if((yyvsp[(2) - (5)].value)->type != integervalue)
                         lex_error_message("Non-integer in first part of range");
                     (yyval.range) = ecalloc(1, sizeof(*(yyval.range)));
@@ -1918,7 +1918,7 @@ yyreduce:
  
  /* Line 1455 of yacc.c  */
  #line 376 "asn1parse.c"
-    {  
+    {
                     if((yyvsp[(4) - (5)].value)->type != integervalue)
                         lex_error_message("Non-integer in second part of range");
                     (yyval.range) = ecalloc(1, sizeof(*(yyval.range)));
diff --git a/source4/heimdal/lib/asn1/asn1parse.y b/source4/heimdal/lib/asn1/asn1parse.y

index a7a8f31827a653ca8d86e24a155a0e543af61b35..e3bea6ce0ac9241823606f47598c1db573799148 100644 (file)
--- a/source4/heimdal/lib/asn1/asn1parse.y
+++ b/source4/heimdal/lib/asn1/asn1parse.y
@@ -365,7 +365,7 @@ range               : '(' Value RANGE Value ')'
                     $$->max = $4->u.integervalue;
                 }
                 | '(' Value RANGE kw_MAX ')'
-               {       
+               {
                     if($2->type != integervalue)
                         lex_error_message("Non-integer in first part of range");
                     $$ = ecalloc(1, sizeof(*$$));
@@ -373,7 +373,7 @@ range               : '(' Value RANGE Value ')'
                     $$->max = $2->u.integervalue - 1;
                 }
                 | '(' kw_MIN RANGE Value ')'
-               {       
+               {
                     if($4->type != integervalue)
                         lex_error_message("Non-integer in second part of range");
                     $$ = ecalloc(1, sizeof(*$$));
diff --git a/source4/heimdal/lib/asn1/der_cmp.c b/source4/heimdal/lib/asn1/der_cmp.c

index 84aee4cce06221b629db1a6eea0d38f11f97dbd0..468ccb2d040ccc0afbc444afef88c3484a6d4013 100644 (file)
--- a/source4/heimdal/lib/asn1/der_cmp.c
+++ b/source4/heimdal/lib/asn1/der_cmp.c
@@ -53,14 +53,14 @@ der_heim_octet_string_cmp(const heim_octet_string *p,
  }
  
  int
-der_printable_string_cmp(const heim_printable_string *p, 
+der_printable_string_cmp(const heim_printable_string *p,
                          const heim_printable_string *q)
  {
      return der_heim_octet_string_cmp(p, q);
  }
  
  int
-der_ia5_string_cmp(const heim_ia5_string *p, 
+der_ia5_string_cmp(const heim_ia5_string *p,
                    const heim_ia5_string *q)
  {
      return der_heim_octet_string_cmp(p, q);
diff --git a/source4/heimdal/lib/asn1/der_format.c b/source4/heimdal/lib/asn1/der_format.c

index fc79a30b565facba2b40b033892a9efac94a538e..4f06c1b01fd996a0ebd3ee41461c28807d622075 100644 (file)
--- a/source4/heimdal/lib/asn1/der_format.c
+++ b/source4/heimdal/lib/asn1/der_format.c
@@ -108,7 +108,7 @@ int
  der_print_heim_oid (const heim_oid *oid, char delim, char **str)
  {
      struct rk_strpool *p = NULL;
-    int i;
+    size_t i;
  
      if (oid->length == 0)
         return EINVAL;
diff --git a/source4/heimdal/lib/asn1/der_get.c b/source4/heimdal/lib/asn1/der_get.c

index 3ea0d5ea1816f407a320c8e3c084b39e4910c3d3..3112da86f93b4e5169e7ae2103b81d073184eb9d 100644 (file)
--- a/source4/heimdal/lib/asn1/der_get.c
+++ b/source4/heimdal/lib/asn1/der_get.c
@@ -141,9 +141,9 @@ der_get_general_string (const unsigned char *p, size_t len,
          * an strings in the NEED_PREAUTH case that includes a
          * trailing NUL.
          */
-       while (p1 - p < len && *p1 == '\0')
+       while ((size_t)(p1 - p) < len && *p1 == '\0')
             p1++;
-       if (p1 - p != len)
+       if ((size_t)(p1 - p) != len)
             return ASN1_BAD_CHARACTER;
      }
      if (len > len + 1)
diff --git a/source4/heimdal/lib/asn1/der_length.c b/source4/heimdal/lib/asn1/der_length.c

index 7a41de9d225cac8e64c2bc994d5c46fb8dfbf9fa..db82025861ea5baa18cf6755093a357cec54eb3b 100644 (file)
--- a/source4/heimdal/lib/asn1/der_length.c
+++ b/source4/heimdal/lib/asn1/der_length.c
@@ -86,7 +86,7 @@ static size_t
  len_oid (const heim_oid *oid)
  {
      size_t ret = 1;
-    int n;
+    size_t n;
  
      for (n = 2; n < oid->length; ++n) {
         unsigned u = oid->components[n];
diff --git a/source4/heimdal/lib/asn1/der_put.c b/source4/heimdal/lib/asn1/der_put.c

index b8101458ad4be9866f3e43dd9e4c08606855a67d..0b276d1ebdcec86683b2b3e68f32a9155a054298 100644 (file)
--- a/source4/heimdal/lib/asn1/der_put.c
+++ b/source4/heimdal/lib/asn1/der_put.c
@@ -433,7 +433,8 @@ _heim_time2generalizedtime (time_t t, heim_octet_string *s, int gtimep)
       if (s->data == NULL)
          return ENOMEM;
       s->length = len;
-     _der_gmtime(t, &tm);
+     if (_der_gmtime(t, &tm) == NULL)
+        return ASN1_BAD_TIMEFORMAT;
       if (gtimep)
          snprintf (s->data, len + 1, "%04d%02d%02d%02d%02d%02dZ",
                    tm.tm_year + 1900, tm.tm_mon + 1, tm.tm_mday,
diff --git a/source4/heimdal/lib/asn1/extra.c b/source4/heimdal/lib/asn1/extra.c

index 95780a78987f26e9e132e9705b330d4e2c353a74..a18797ec259433a013cfe58eda5573e4edf2185f 100644 (file)
--- a/source4/heimdal/lib/asn1/extra.c
+++ b/source4/heimdal/lib/asn1/extra.c
@@ -71,13 +71,13 @@ decode_heim_any(const unsigned char *p, size_t len,
         if (len < length + len_len + l)
             return ASN1_OVERFLOW;
      }
-   
+
      data->data = malloc(length + len_len + l);
      if (data->data == NULL)
         return ENOMEM;
      data->length = length + len_len + l;
      memcpy(data->data, p, length + len_len + l);
-   
+
      if (size)
         *size = length + len_len + l;
  
diff --git a/source4/heimdal/lib/asn1/gen.c b/source4/heimdal/lib/asn1/gen.c

index d59f3bfa4755de9f790c231c7518dd2660e02fd8..2194b329ce1d76c993489efd4421fcfbfdbbd0a2 100644 (file)
--- a/source4/heimdal/lib/asn1/gen.c
+++ b/source4/heimdal/lib/asn1/gen.c
@@ -761,7 +761,7 @@ define_type (int level, const char *name, const char *basename, Type *t, int typ
             fprintf (headerfile, "struct %s {\n", newbasename);
             ASN1_TAILQ_FOREACH(m, t->members, members) {
                 char *n = NULL;
-       
+
                 /* pad unused */
                 while (pos < m->val) {
                     if (asprintf (&n, "_unused%d:1", pos) < 0 || n == NULL)
@@ -1021,7 +1021,7 @@ generate_type (const Symbol *s)
         h = privheaderfile;
         exp = "";
      }
-   
+
      fprintf (h,
              "%sint    ASN1CALL "
              "decode_%s(const unsigned char *, size_t, %s *, size_t *);\n",
@@ -1044,7 +1044,7 @@ generate_type (const Symbol *s)
              "%svoid   ASN1CALL free_%s  (%s *);\n",
              exp,
              s->gen_name, s->gen_name);
-   
+
      fprintf(h, "\n\n");
  
      if (!one_code_file) {
diff --git a/source4/heimdal/lib/asn1/gen_decode.c b/source4/heimdal/lib/asn1/gen_decode.c

index 002a471e96e7dc33c8e012e0cf1b144625eb6883..9d816d5400d700965136da24f4934f3ab4aaf88d 100644 (file)
--- a/source4/heimdal/lib/asn1/gen_decode.c
+++ b/source4/heimdal/lib/asn1/gen_decode.c
@@ -209,7 +209,8 @@ range_check(const char *name,
  
  static int
  decode_type (const char *name, const Type *t, int optional,
-            const char *forwstr, const char *tmpstr, const char *dertype)
+            const char *forwstr, const char *tmpstr, const char *dertype,
+            unsigned int depth)
  {
      switch (t->type) {
      case TType: {
@@ -328,7 +329,8 @@ decode_type (const char *name, const Type *t, int optional,
             if (asprintf (&s, "%s(%s)->%s", m->optional ? "" : "&",
                           name, m->gen_name) < 0 || s == NULL)
                 errx(1, "malloc");
-           decode_type (s, m->type, m->optional, forwstr, m->gen_name, NULL);
+           decode_type (s, m->type, m->optional, forwstr, m->gen_name, NULL,
+               depth + 1);
             free (s);
         }
  
@@ -369,7 +371,7 @@ decode_type (const char *name, const Type *t, int optional,
                         "%s = calloc(1, sizeof(*%s));\n"
                         "if (%s == NULL) { e = ENOMEM; %s; }\n",
                         s, s, s, forwstr);
-           decode_type (s, m->type, 0, forwstr, m->gen_name, NULL);
+           decode_type (s, m->type, 0, forwstr, m->gen_name, NULL, depth + 1);
             free (s);
  
             fprintf(codefile, "members |= (1 << %d);\n", memno);
@@ -442,7 +444,7 @@ decode_type (const char *name, const Type *t, int optional,
             errx(1, "malloc");
         if (asprintf (&sname, "%s_s_of", tmpstr) < 0 || sname == NULL)
             errx(1, "malloc");
-       decode_type (n, t->subtype, 0, forwstr, sname, NULL);
+       decode_type (n, t->subtype, 0, forwstr, sname, NULL, depth + 1);
         fprintf (codefile,
                  "(%s)->len++;\n"
                  "len = %s_origlen - ret;\n"
@@ -480,7 +482,7 @@ decode_type (const char *name, const Type *t, int optional,
                 tmpstr, tmpstr, typestring);
         if(support_ber)
             fprintf(codefile,
-                   "int is_indefinite;\n");
+                   "int is_indefinite%u;\n", depth);
  
         fprintf(codefile, "e = der_match_tag_and_length(p, len, %s, &%s, %s, "
                 "&%s_datalen, &l);\n",
@@ -516,20 +518,20 @@ decode_type (const char *name, const Type *t, int optional,
                  tmpstr);
         if(support_ber)
             fprintf (codefile,
-                    "if((is_indefinite = _heim_fix_dce(%s_datalen, &len)) < 0)\n"
+                    "if((is_indefinite%u = _heim_fix_dce(%s_datalen, &len)) < 0)\n"
                      "{ e = ASN1_BAD_FORMAT; %s; }\n"
-                    "if (is_indefinite) { if (len < 2) { e = ASN1_OVERRUN; %s; } len -= 2; }",
-                    tmpstr, forwstr, forwstr);
+                    "if (is_indefinite%u) { if (len < 2) { e = ASN1_OVERRUN; %s; } len -= 2; }",
+                    depth, tmpstr, forwstr, depth, forwstr);
         else
             fprintf(codefile,
                     "if (%s_datalen > len) { e = ASN1_OVERRUN; %s; }\n"
                     "len = %s_datalen;\n", tmpstr, forwstr, tmpstr);
         if (asprintf (&tname, "%s_Tag", tmpstr) < 0 || tname == NULL)
             errx(1, "malloc");
-       decode_type (name, t->subtype, 0, forwstr, tname, ide);
+       decode_type (name, t->subtype, 0, forwstr, tname, ide, depth + 1);
         if(support_ber)
             fprintf(codefile,
-                   "if(is_indefinite){\n"
+                   "if(is_indefinite%u){\n"
                     "len += 2;\n"
                     "e = der_match_tag_and_length(p, len, "
                     "(Der_class)0, &%s, UT_EndOfContent, "
@@ -538,6 +540,7 @@ decode_type (const char *name, const Type *t, int optional,
                     "p += l; len -= l; ret += l;\n"
                     "if (%s != (Der_type)0) { e = ASN1_BAD_ID; %s; }\n"
                     "} else \n",
+                   depth,
                     typestring,
                     tmpstr,
                     forwstr,
@@ -584,7 +587,8 @@ decode_type (const char *name, const Type *t, int optional,
             if (asprintf (&s, "%s(%s)->u.%s", m->optional ? "" : "&",
                           name, m->gen_name) < 0 || s == NULL)
                 errx(1, "malloc");
-           decode_type (s, m->type, m->optional, forwstr, m->gen_name, NULL);
+           decode_type (s, m->type, m->optional, forwstr, m->gen_name, NULL,
+               depth + 1);
             fprintf(codefile,
                     "(%s)->element = %s;\n",
                     name, m->label);
@@ -605,7 +609,7 @@ decode_type (const char *name, const Type *t, int optional,
                     "(%s)->element = %s;\n"
                     "p += len;\n"
                     "ret += len;\n"
-                   "len -= len;\n"
+                   "len = 0;\n"
                     "}\n",
                     name, have_ellipsis->gen_name,
                     name, have_ellipsis->gen_name,
@@ -662,8 +666,8 @@ generate_type_decode (const Symbol *s)
      int preserve = preserve_type(s->name) ? TRUE : FALSE;
  
      fprintf (codefile, "int ASN1CALL\n"
-            "decode_%s(const unsigned char *p,"
-            " size_t len, %s *data, size_t *size)\n"
+            "decode_%s(const unsigned char *p HEIMDAL_UNUSED_ATTRIBUTE,"
+            " size_t len HEIMDAL_UNUSED_ATTRIBUTE, %s *data, size_t *size)\n"
              "{\n",
              s->gen_name, s->gen_name);
  
@@ -694,15 +698,15 @@ generate_type_decode (const Symbol *s)
      case TChoice:
         fprintf (codefile,
                  "size_t ret = 0;\n"
-                "size_t l;\n"
-                "int e;\n");
+                "size_t l HEIMDAL_UNUSED_ATTRIBUTE;\n"
+                "int e HEIMDAL_UNUSED_ATTRIBUTE;\n");
         if (preserve)
             fprintf (codefile, "const unsigned char *begin = p;\n");
  
         fprintf (codefile, "\n");
         fprintf (codefile, "memset(data, 0, sizeof(*data));\n"); /* hack to avoid `unused variable' */
  
-       decode_type ("data", s->type, 0, "goto fail", "Top", NULL);
+       decode_type ("data", s->type, 0, "goto fail", "Top", NULL, 1);
         if (preserve)
             fprintf (codefile,
                      "data->_save.data = calloc(1, ret);\n"
diff --git a/source4/heimdal/lib/asn1/gen_encode.c b/source4/heimdal/lib/asn1/gen_encode.c

index 43f29c1fe123fa7e466b057d5b3c7424815d9b1d..1bd47484d83aa5a6b36becd87dbc7f46836dea33 100644 (file)
--- a/source4/heimdal/lib/asn1/gen_encode.c
+++ b/source4/heimdal/lib/asn1/gen_encode.c
@@ -274,7 +274,7 @@ encode_type (const char *name, const Type *t, const char *tmpstr)
             else if(m->defval)
                 gen_compare_defval(s + 1, m->defval);
             fprintf (codefile, "{\n");
-           fprintf (codefile, "size_t %s_oldret = ret;\n", tmpstr);
+           fprintf (codefile, "size_t %s_oldret HEIMDAL_UNUSED_ATTRIBUTE = ret;\n", tmpstr);
             fprintf (codefile, "ret = 0;\n");
             encode_type (s, m->type, m->gen_name);
             fprintf (codefile, "ret += %s_oldret;\n", tmpstr);
@@ -302,7 +302,7 @@ encode_type (const char *name, const Type *t, const char *tmpstr)
                 name, name);
  
         fprintf(codefile,
-               "for(i = 0; i < (%s)->len; i++) {\n",
+               "for(i = 0; i < (int)(%s)->len; i++) {\n",
                 name);
  
         fprintf(codefile,
@@ -326,7 +326,7 @@ encode_type (const char *name, const Type *t, const char *tmpstr)
  
         fprintf(codefile,
                 "if (totallen > len) {\n"
-               "for (i = 0; i < (%s)->len; i++) {\n"
+               "for (i = 0; i < (int)(%s)->len; i++) {\n"
                 "free(val[i].data);\n"
                 "}\n"
                 "free(val);\n"
@@ -339,7 +339,7 @@ encode_type (const char *name, const Type *t, const char *tmpstr)
                 name);
  
         fprintf (codefile,
-                "for(i = (%s)->len - 1; i >= 0; --i) {\n"
+                "for(i = (int)(%s)->len - 1; i >= 0; --i) {\n"
                  "p -= val[i].length;\n"
                  "ret += val[i].length;\n"
                  "memcpy(p + 1, val[i].data, val[i].length);\n"
@@ -355,7 +355,7 @@ encode_type (const char *name, const Type *t, const char *tmpstr)
         char *n = NULL;
  
         fprintf (codefile,
-                "for(i = (%s)->len - 1; i >= 0; --i) {\n"
+                "for(i = (int)(%s)->len - 1; i >= 0; --i) {\n"
                  "size_t %s_for_oldret = ret;\n"
                  "ret = 0;\n",
                  name, tmpstr);
@@ -503,7 +503,7 @@ void
  generate_type_encode (const Symbol *s)
  {
      fprintf (codefile, "int ASN1CALL\n"
-            "encode_%s(unsigned char *p, size_t len,"
+            "encode_%s(unsigned char *p HEIMDAL_UNUSED_ATTRIBUTE, size_t len HEIMDAL_UNUSED_ATTRIBUTE,"
              " const %s *data, size_t *size)\n"
              "{\n",
              s->gen_name, s->gen_name);
@@ -534,10 +534,9 @@ generate_type_encode (const Symbol *s)
      case TType:
      case TChoice:
         fprintf (codefile,
-                "size_t ret = 0;\n"
-                "size_t l;\n"
-                "int i, e;\n\n");
-       fprintf(codefile, "i = 0;\n"); /* hack to avoid `unused variable' */
+                "size_t ret HEIMDAL_UNUSED_ATTRIBUTE = 0;\n"
+                "size_t l HEIMDAL_UNUSED_ATTRIBUTE;\n"
+                "int i HEIMDAL_UNUSED_ATTRIBUTE, e HEIMDAL_UNUSED_ATTRIBUTE;\n\n");
  
         encode_type("data", s->type, "Top");
  
diff --git a/source4/heimdal/lib/asn1/gen_free.c b/source4/heimdal/lib/asn1/gen_free.c

index 7c88751c32b28388dc9196a87299d3d93401748c..b9cae7533b17a13c471266230d71956ebcfaf28d 100644 (file)
--- a/source4/heimdal/lib/asn1/gen_free.c
+++ b/source4/heimdal/lib/asn1/gen_free.c
@@ -179,12 +179,12 @@ void
  generate_type_free (const Symbol *s)
  {
      int preserve = preserve_type(s->name) ? TRUE : FALSE;
-   
+
      fprintf (codefile, "void ASN1CALL\n"
              "free_%s(%s *data)\n"
              "{\n",
              s->gen_name, s->gen_name);
-   
+
      free_type ("data", s->type, preserve);
      fprintf (codefile, "}\n\n");
  }
diff --git a/source4/heimdal/lib/asn1/gen_template.c b/source4/heimdal/lib/asn1/gen_template.c

index 791fb910f9a07454f7dd0666a93c0ea72dd2ac1a..edd68e12238009d796c30f2fa77667a507b4291b 100644 (file)
--- a/source4/heimdal/lib/asn1/gen_template.c
+++ b/source4/heimdal/lib/asn1/gen_template.c
@@ -342,7 +342,7 @@ tlist_cmp(const struct tlist *tl, const struct tlist *ql)
  
      ret = strcmp(tl->header, ql->header);
      if (ret) return ret;
-       
+
      q = ASN1_TAILQ_FIRST(&ql->template);
      ASN1_TAILQ_FOREACH(t, &tl->template, members) {
         if (q == NULL) return 1;
@@ -353,7 +353,7 @@ tlist_cmp(const struct tlist *tl, const struct tlist *ql)
         } else {
             ret = strcmp(t->tt, q->tt);
             if (ret) return ret;
-           
+
             ret = strcmp(t->offset, q->offset);
             if (ret) return ret;
  
@@ -479,12 +479,12 @@ template_members(struct templatehead *temp, const char *basetype, const char *na
                      optional ? "|A1_FLAG_OPTIONAL" : "",
                      poffset, t->symbol->gen_name);
         } else {
-           add_line_pointer(temp, t->symbol->gen_name, poffset, 
+           add_line_pointer(temp, t->symbol->gen_name, poffset,
                              "A1_OP_TYPE %s", optional ? "|A1_FLAG_OPTIONAL" : "");
         }
         break;
      case TInteger: {
-       char *itype;
+       char *itype = NULL;
  
         if (t->members)
             itype = "IMEMBER";
@@ -499,7 +499,7 @@ template_members(struct templatehead *temp, const char *basetype, const char *na
         else
             errx(1, "%s: unsupported range %d -> %d",
                  name, t->range->min, t->range->max);
-          
+
         add_line(temp, "{ A1_PARSE_T(A1T_%s), %s, NULL }", itype, poffset);
         break;
      }
@@ -557,7 +557,7 @@ template_members(struct templatehead *temp, const char *basetype, const char *na
             break;
         }
  
-       if (asprintf(&bname, "bmember_%s_%lu", name ? name : "", (unsigned long)t) < 0 || bname == NULL)
+       if (asprintf(&bname, "bmember_%s_%p", name ? name : "", t) < 0 || bname == NULL)
             errx(1, "malloc");
         output_name(bname);
  
@@ -591,7 +591,7 @@ template_members(struct templatehead *temp, const char *basetype, const char *na
  
         ASN1_TAILQ_FOREACH(m, t->members, members) {
             char *newbasename = NULL;
-           
+
             if (m->ellipsis)
                 continue;
  
@@ -620,7 +620,7 @@ template_members(struct templatehead *temp, const char *basetype, const char *na
         else
             sename = symbol_name(basetype, t->subtype);
  
-       if (asprintf(&tname, "tag_%s_%lu", name ? name : "", (unsigned long)t) < 0 || tname == NULL)
+       if (asprintf(&tname, "tag_%s_%p", name ? name : "", t) < 0 || tname == NULL)
             errx(1, "malloc");
         output_name(tname);
  
@@ -644,7 +644,7 @@ template_members(struct templatehead *temp, const char *basetype, const char *na
      }
      case TSetOf:
      case TSequenceOf: {
-       const char *type, *tname, *dupname;
+       const char *type = NULL, *tname, *dupname;
         char *sename = NULL, *elname = NULL;
         int subtype_is_struct = is_struct(t->subtype, 0);
  
@@ -670,7 +670,7 @@ template_members(struct templatehead *temp, const char *basetype, const char *na
         else if (t->type == TSequenceOf) type = "A1_OP_SEQOF";
         else abort();
  
-       if (asprintf(&elname, "%s_%s_%lu", basetype, tname, (unsigned long)t) < 0 || elname == NULL)
+       if (asprintf(&elname, "%s_%s_%p", basetype, tname, t) < 0 || elname == NULL)
             errx(1, "malloc");
  
         generate_template_type(elname, &dupname, NULL, sename, NULL, t->subtype,
@@ -699,7 +699,7 @@ template_members(struct templatehead *temp, const char *basetype, const char *na
             char *elname = NULL;
             char *newbasename = NULL;
             int subtype_is_struct;
-           
+
             if (m->ellipsis) {
                 ellipsis = 1;
                 continue;
diff --git a/source4/heimdal/lib/asn1/krb5.asn1 b/source4/heimdal/lib/asn1/krb5.asn1

index 78cb5a3b84c4a25c5367e0b9b498fb803a76b733..02fab7a3a69a919668e8c92cc7e4bb4642988ef5 100644 (file)
--- a/source4/heimdal/lib/asn1/krb5.asn1
+++ b/source4/heimdal/lib/asn1/krb5.asn1
@@ -221,32 +221,32 @@ CKSUMTYPE ::= INTEGER {
  
  --enctypes
  ENCTYPE ::= INTEGER {
-       ETYPE_NULL(0),
-       ETYPE_DES_CBC_CRC(1),
-       ETYPE_DES_CBC_MD4(2),
-       ETYPE_DES_CBC_MD5(3),
-       ETYPE_DES3_CBC_MD5(5),
-       ETYPE_OLD_DES3_CBC_SHA1(7),
-       ETYPE_SIGN_DSA_GENERATE(8),
-       ETYPE_ENCRYPT_RSA_PRIV(9),
-       ETYPE_ENCRYPT_RSA_PUB(10),
-       ETYPE_DES3_CBC_SHA1(16),        -- with key derivation
-       ETYPE_AES128_CTS_HMAC_SHA1_96(17),
-       ETYPE_AES256_CTS_HMAC_SHA1_96(18),
-       ETYPE_ARCFOUR_HMAC_MD5(23),
-       ETYPE_ARCFOUR_HMAC_MD5_56(24),
-       ETYPE_ENCTYPE_PK_CROSS(48),
+       KRB5_ENCTYPE_NULL(0),
+       KRB5_ENCTYPE_DES_CBC_CRC(1),
+       KRB5_ENCTYPE_DES_CBC_MD4(2),
+       KRB5_ENCTYPE_DES_CBC_MD5(3),
+       KRB5_ENCTYPE_DES3_CBC_MD5(5),
+       KRB5_ENCTYPE_OLD_DES3_CBC_SHA1(7),
+       KRB5_ENCTYPE_SIGN_DSA_GENERATE(8),
+       KRB5_ENCTYPE_ENCRYPT_RSA_PRIV(9),
+       KRB5_ENCTYPE_ENCRYPT_RSA_PUB(10),
+       KRB5_ENCTYPE_DES3_CBC_SHA1(16), -- with key derivation
+       KRB5_ENCTYPE_AES128_CTS_HMAC_SHA1_96(17),
+       KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96(18),
+       KRB5_ENCTYPE_ARCFOUR_HMAC_MD5(23),
+       KRB5_ENCTYPE_ARCFOUR_HMAC_MD5_56(24),
+       KRB5_ENCTYPE_ENCTYPE_PK_CROSS(48),
  -- some "old" windows types
-       ETYPE_ARCFOUR_MD4(-128),
-       ETYPE_ARCFOUR_HMAC_OLD(-133),
-       ETYPE_ARCFOUR_HMAC_OLD_EXP(-135),
+       KRB5_ENCTYPE_ARCFOUR_MD4(-128),
+       KRB5_ENCTYPE_ARCFOUR_HMAC_OLD(-133),
+       KRB5_ENCTYPE_ARCFOUR_HMAC_OLD_EXP(-135),
  -- these are for Heimdal internal use
-       ETYPE_DES_CBC_NONE(-0x1000),
-       ETYPE_DES3_CBC_NONE(-0x1001),
-       ETYPE_DES_CFB64_NONE(-0x1002),
-       ETYPE_DES_PCBC_NONE(-0x1003),
-       ETYPE_DIGEST_MD5_NONE(-0x1004),         -- private use, lukeh@padl.com
-       ETYPE_CRAM_MD5_NONE(-0x1005)            -- private use, lukeh@padl.com
+       KRB5_ENCTYPE_DES_CBC_NONE(-0x1000),
+       KRB5_ENCTYPE_DES3_CBC_NONE(-0x1001),
+       KRB5_ENCTYPE_DES_CFB64_NONE(-0x1002),
+       KRB5_ENCTYPE_DES_PCBC_NONE(-0x1003),
+       KRB5_ENCTYPE_DIGEST_MD5_NONE(-0x1004),          -- private use, lukeh@padl.com
+       KRB5_ENCTYPE_CRAM_MD5_NONE(-0x1005)             -- private use, lukeh@padl.com
  }
  
  
@@ -625,7 +625,7 @@ ChangePasswdDataMS ::= SEQUENCE {
         targrealm[2]            Realm OPTIONAL
  }
  
-EtypeList ::= SEQUENCE OF krb5int32
+EtypeList ::= SEQUENCE OF ENCTYPE
         -- the client's proposed enctype list in
         -- decreasing preference order, favorite choice first
  
diff --git a/source4/heimdal/lib/asn1/lex.c b/source4/heimdal/lib/asn1/lex.c

index 12c71b7e2eca716ccc1fdb3acda1b51165d46384..e8d9f38eaa4460e9a0123291f120b07ac7992e14 100644 (file)
--- a/source4/heimdal/lib/asn1/lex.c
+++ b/source4/heimdal/lib/asn1/lex.c
@@ -1626,7 +1626,7 @@ YY_RULE_SETUP
                             char *p = buf;
                             int f = 0;
                             int skip_ws = 0;
-               
+
                             while((c = input()) != EOF) {
                                 if(isspace(c) && skip_ws) {
                                     if(c == '\n')
@@ -1634,7 +1634,7 @@ YY_RULE_SETUP
                                     continue;
                                 }
                                 skip_ws = 0;
-                       
+
                                 if(c == '"') {
                                     if(f) {
                                         *p++ = '"';
diff --git a/source4/heimdal/lib/asn1/lex.l b/source4/heimdal/lib/asn1/lex.l

index dece0961646cc79e83e0dd03f6c9d7daca11c37c..2d32020266c8bce6b6762374f5b276de61c89be3 100644 (file)
--- a/source4/heimdal/lib/asn1/lex.l
+++ b/source4/heimdal/lib/asn1/lex.l
@@ -216,7 +216,7 @@ WITH                        { return kw_WITH; }
                             char *p = buf;
                             int f = 0;
                             int skip_ws = 0;
-               
+
                             while((c = input()) != EOF) {
                                 if(isspace(c) && skip_ws) {
                                     if(c == '\n')
@@ -224,7 +224,7 @@ WITH                        { return kw_WITH; }
                                     continue;
                                 }
                                 skip_ws = 0;
-                       
+
                                 if(c == '"') {
                                     if(f) {
                                         *p++ = '"';
diff --git a/source4/heimdal/lib/asn1/main.c b/source4/heimdal/lib/asn1/main.c

index a99e69d0f916f9a6c39ecd775e833157eea2a37e..f22dc8792c276bd2c5c74aa8c6c800e980dc7637 100644 (file)
--- a/source4/heimdal/lib/asn1/main.c
+++ b/source4/heimdal/lib/asn1/main.c
@@ -202,6 +202,6 @@ main(int argc, char **argv)
             free(arg[i]);
         free(arg);
      }
-   
+
      return 0;
  }
diff --git a/source4/heimdal/lib/asn1/test.asn1 b/source4/heimdal/lib/asn1/test.asn1

index e3c72ac76eca682a106207cfe81cd48605fb8982..89154e337c8f443b0be0cc51204b24c7fa85c40d 100644 (file)
--- a/source4/heimdal/lib/asn1/test.asn1
+++ b/source4/heimdal/lib/asn1/test.asn1
@@ -132,4 +132,7 @@ TESTBitString ::= BIT STRING {
               thirtyone(31)
  }
  
+TESTMechType::= OBJECT IDENTIFIER
+TESTMechTypeList ::= SEQUENCE OF TESTMechType
+
  END
diff --git a/source4/heimdal/lib/asn1/timegm.c b/source4/heimdal/lib/asn1/timegm.c

index b5694784138ce12b76833c5d6a069d47d1cfde6a..d9f4adbd5591a1372b78e1a22d6aee9f72484ce9 100644 (file)
--- a/source4/heimdal/lib/asn1/timegm.c
+++ b/source4/heimdal/lib/asn1/timegm.c
@@ -33,7 +33,7 @@
  
  #include "der_locl.h"
  
-RCSID("$Id$");
+#define ASN1_MAX_YEAR  2000
  
  static int
  is_leap(unsigned y)
@@ -56,13 +56,19 @@ time_t
  _der_timegm (struct tm *tm)
  {
    time_t res = 0;
-  unsigned i;
+  int i;
+
+  /*
+   * See comment in _der_gmtime
+   */
+  if (tm->tm_year > ASN1_MAX_YEAR)
+      return 0;
  
    if (tm->tm_year < 0)
        return -1;
    if (tm->tm_mon < 0 || tm->tm_mon > 11)
        return -1;
-  if (tm->tm_mday < 1 || tm->tm_mday > ndays[is_leap(tm->tm_year)][tm->tm_mon])
+  if (tm->tm_mday < 1 || tm->tm_mday > (int)ndays[is_leap(tm->tm_year)][tm->tm_mon])
        return -1;
    if (tm->tm_hour < 0 || tm->tm_hour > 23)
        return -1;
@@ -98,6 +104,15 @@ _der_gmtime(time_t t, struct tm *tm)
      tm->tm_min = (secday % 3600) / 60;
      tm->tm_hour = secday / 3600;
  
+    /*
+     * Refuse to calculate time ~ 2000 years into the future, this is
+     * not possible for systems where time_t is a int32_t, however,
+     * when time_t is a int64_t, that can happen, and this becomes a
+     * denial of sevice.
+     */
+    if (days > (ASN1_MAX_YEAR * 365))
+       return NULL;
+
      tm->tm_year = 70;
      while(1) {
         unsigned dayinyear = (is_leap(tm->tm_year) ? 366 : 365);
diff --git a/source4/heimdal/lib/com_err/compile_et.c b/source4/heimdal/lib/com_err/compile_et.c

index 11beaeba4b840e0f18365fc5bbcaf2f6cbf33d0d..c72abdecc863033f6db48a4338c1218e9dc5a62d 100644 (file)
--- a/source4/heimdal/lib/com_err/compile_et.c
+++ b/source4/heimdal/lib/com_err/compile_et.c
@@ -93,7 +93,7 @@ generate_c(void)
             fprintf(c_file, "\t/* %03d */ \"Reserved %s error (%d)\",\n",
                     n, name, n);
             n++;
-       
+
         }
         fprintf(c_file, "\t/* %03d */ N_(\"%s\"),\n",
                 ec->number, ec->string);
@@ -220,7 +220,7 @@ main(int argc, char **argv)
      yyin = fopen(filename, "r");
      if(yyin == NULL)
         err(1, "%s", filename);
-       
+
  
      p = strrchr(filename, rk_PATH_DELIM);
      if(p)
diff --git a/source4/heimdal/lib/com_err/error.c b/source4/heimdal/lib/com_err/error.c

index 0e49a94104911319ec26529370e427af4ff3944e..6864e870a41e695e749e91c1d7d6b14c34f04e43 100644 (file)
--- a/source4/heimdal/lib/com_err/error.c
+++ b/source4/heimdal/lib/com_err/error.c
@@ -101,7 +101,7 @@ initialize_error_table_r(struct et_list **list,
      et->next = NULL;
      *end = et;
  }
-                       
+
  
  KRB5_LIB_FUNCTION void KRB5_LIB_CALL
  free_error_table(struct et_list *et)
diff --git a/source4/heimdal/lib/com_err/parse.c b/source4/heimdal/lib/com_err/parse.c

index 1c104812b79f55d58df1b33a9ac9081f82b36e4f..cb770a3a6e7f47a3f40a8059a241df9577599210 100644 (file)
--- a/source4/heimdal/lib/com_err/parse.c
+++ b/source4/heimdal/lib/com_err/parse.c
@@ -1465,7 +1465,7 @@ yyreduce:
  #line 118 "parse.c"
      {
                     struct error_code *ec = malloc(sizeof(*ec));
-               
+
                     if (ec == NULL)
                         errx(1, "malloc");
  
diff --git a/source4/heimdal/lib/com_err/parse.y b/source4/heimdal/lib/com_err/parse.y

index 194965c3495f01bbf11134b6264f5cc1385d3b8a..0c2e5084b51f4a99258b2d50035fc27548f2b60f 100644 (file)
--- a/source4/heimdal/lib/com_err/parse.y
+++ b/source4/heimdal/lib/com_err/parse.y
@@ -117,7 +117,7 @@ statement   : INDEX NUMBER
                 | EC STRING ',' STRING
                 {
                     struct error_code *ec = malloc(sizeof(*ec));
-               
+
                     if (ec == NULL)
                         errx(1, "malloc");
  
diff --git a/source4/heimdal/lib/gssapi/gssapi/gssapi.h b/source4/heimdal/lib/gssapi/gssapi/gssapi.h

index caa1af8b3a681f82d1eca3f93471283f7db0e2d6..fa53a29d240966e919900068c4baf7073993ddaf 100644 (file)
--- a/source4/heimdal/lib/gssapi/gssapi/gssapi.h
+++ b/source4/heimdal/lib/gssapi/gssapi/gssapi.h
@@ -31,8 +31,6 @@
   * SUCH DAMAGE.
   */
  
-/* $Id$ */
-
  #ifndef GSSAPI_GSSAPI_H_
  #define GSSAPI_GSSAPI_H_
  
@@ -55,13 +53,11 @@
  #endif
  #endif
  
-#ifndef GSSAPI_DEPRECATED
+#ifndef GSSAPI_DEPRECATED_FUNCTION
  #if defined(__GNUC__) && ((__GNUC__ > 3) || ((__GNUC__ == 3) && (__GNUC_MINOR__ >= 1 )))
-#define GSSAPI_DEPRECATED __attribute__((deprecated))
-#elif defined(_MSC_VER)
-#define GSSAPI_DEPRECATED __declspec(deprecated)
+#define GSSAPI_DEPRECATED_FUNCTION(X) __attribute__((deprecated))
  #else
-#define GSSAPI_DEPRECATED
+#define GSSAPI_DEPRECATED_FUNCTION(X)
  #endif
  #endif
  
@@ -375,7 +371,7 @@ extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_nt_anonymous_oid_desc;
   * to that gss_OID_desc.
   */
  extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_nt_export_name_oid_desc;
-#define GSS_C_NT_EXPORT_NAME (&__gss_c_nt_export_name_oid_desc) 
+#define GSS_C_NT_EXPORT_NAME (&__gss_c_nt_export_name_oid_desc)
  
  /* Major status codes */
  
@@ -446,6 +442,11 @@ extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_nt_export_name_oid_desc;
  #define GSS_S_NAME_NOT_MN (18ul << GSS_C_ROUTINE_ERROR_OFFSET)
  #define GSS_S_BAD_MECH_ATTR (19ul << GSS_C_ROUTINE_ERROR_OFFSET)
  
+/*
+ * Apparently awating spec fix.
+ */
+#define GSS_S_CRED_UNAVAIL GSS_S_FAILURE
+
  /*
   * Supplementary info bits:
   */
@@ -459,6 +460,9 @@ extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_nt_export_name_oid_desc;
   * Finally, function prototypes for the GSS-API routines.
   */
  
+#define GSS_C_OPTION_MASK 0xffff
+#define GSS_C_CRED_NO_UI  0x10000
+
  GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_acquire_cred
             (OM_uint32 * /*minor_status*/,
              const gss_name_t /*desired_name*/,
@@ -827,7 +831,7 @@ typedef struct {
      size_t blocksize; /**< Specificed optimal size of messages, also
                          is the maximum padding size
                          (GSS_IOV_BUFFER_TYPE_PADDING) */
-} gss_context_stream_sizes; 
+} gss_context_stream_sizes;
  
  extern gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_attr_stream_sizes_oid_desc;
  #define GSS_C_ATTR_STREAM_SIZES (&__gss_c_attr_stream_sizes_oid_desc)
@@ -850,23 +854,23 @@ gss_context_query_attributes(OM_uint32 * /* minor_status */,
   * obsolete versions of these routines and their current forms.
   */
  
-GSSAPI_DEPRECATED GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_sign
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_sign
             (OM_uint32 * /*minor_status*/,
              gss_ctx_id_t /*context_handle*/,
              int /*qop_req*/,
              gss_buffer_t /*message_buffer*/,
              gss_buffer_t /*message_token*/
-           );
+           ) GSSAPI_DEPRECATED_FUNCTION("Use gss_get_mic");
  
-GSSAPI_DEPRECATED GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_verify
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_verify
             (OM_uint32 * /*minor_status*/,
              gss_ctx_id_t /*context_handle*/,
              gss_buffer_t /*message_buffer*/,
              gss_buffer_t /*token_buffer*/,
              int * /*qop_state*/
-           );
+           ) GSSAPI_DEPRECATED_FUNCTION("Use gss_verify_mic");
  
-GSSAPI_DEPRECATED GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_seal
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_seal
             (OM_uint32 * /*minor_status*/,
              gss_ctx_id_t /*context_handle*/,
              int /*conf_req_flag*/,
@@ -874,29 +878,29 @@ GSSAPI_DEPRECATED GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_seal
              gss_buffer_t /*input_message_buffer*/,
              int * /*conf_state*/,
              gss_buffer_t /*output_message_buffer*/
-           );
+           ) GSSAPI_DEPRECATED_FUNCTION("Use gss_wrap");
  
-GSSAPI_DEPRECATED GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_unseal
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_unseal
             (OM_uint32 * /*minor_status*/,
              gss_ctx_id_t /*context_handle*/,
              gss_buffer_t /*input_message_buffer*/,
              gss_buffer_t /*output_message_buffer*/,
              int * /*conf_state*/,
              int * /*qop_state*/
-           );
+           )  GSSAPI_DEPRECATED_FUNCTION("Use gss_unwrap");
  
  /**
   *
   */
  
  GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
-gss_encapsulate_token(const gss_buffer_t /* input_token */,
-                     const gss_OID /* oid */,
+gss_encapsulate_token(gss_const_buffer_t /* input_token */,
+                     gss_const_OID /* oid */,
                       gss_buffer_t /* output_token */);
  
  GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
-gss_decapsulate_token(const gss_buffer_t /* input_token */,
-                     const gss_OID /* oid */,
+gss_decapsulate_token(gss_const_buffer_t /* input_token */,
+                     gss_const_OID /* oid */,
                       gss_buffer_t /* output_token */);
  
  
@@ -989,6 +993,56 @@ gss_display_mech_attr(OM_uint32 * minor_status,
                       gss_buffer_t short_desc,
                       gss_buffer_t long_desc);
  
+/*
+ * Solaris compat
+ */
+
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_acquire_cred_with_password
+           (OM_uint32 * /*minor_status*/,
+            const gss_name_t /*desired_name*/,
+            const gss_buffer_t /*password*/,
+            OM_uint32 /*time_req*/,
+            const gss_OID_set /*desired_mechs*/,
+            gss_cred_usage_t /*cred_usage*/,
+            gss_cred_id_t * /*output_cred_handle*/,
+            gss_OID_set * /*actual_mechs*/,
+            OM_uint32 * /*time_rec*/
+           );
+
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_add_cred_with_password (
+            OM_uint32 * /*minor_status*/,
+            const gss_cred_id_t /*input_cred_handle*/,
+            const gss_name_t /*desired_name*/,
+            const gss_OID /*desired_mech*/,
+            const gss_buffer_t /*password*/,
+            gss_cred_usage_t /*cred_usage*/,
+            OM_uint32 /*initiator_time_req*/,
+            OM_uint32 /*acceptor_time_req*/,
+            gss_cred_id_t * /*output_cred_handle*/,
+            gss_OID_set * /*actual_mechs*/,
+            OM_uint32 * /*initiator_time_rec*/,
+            OM_uint32 * /*acceptor_time_rec*/
+           );
+
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
+gss_pname_to_uid(
+        OM_uint32 *minor,
+        const gss_name_t name,
+        const gss_OID mech_type,
+        uid_t *uidOut);
+
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
+gss_authorize_localname(
+        OM_uint32 *minor,
+        const gss_name_t name,
+        const gss_name_t user);
+
+GSSAPI_LIB_FUNCTION int GSSAPI_LIB_CALL
+gss_userok(const gss_name_t name,
+           const char *user);
+
+extern GSSAPI_LIB_VARIABLE gss_buffer_t GSS_C_ATTR_LOCAL_LOGIN_USER;
+
  /*
   * Naming extensions
   */
@@ -1051,4 +1105,6 @@ gss_name_to_oid(const char *name);
  
  GSSAPI_CPP_END
  
+#undef GSSAPI_DEPRECATED_FUNCTION
+
  #endif /* GSSAPI_GSSAPI_H_ */
diff --git a/source4/heimdal/lib/gssapi/gssapi/gssapi_oid.h b/source4/heimdal/lib/gssapi/gssapi/gssapi_oid.h

index e7b56dc7d43848ce8605d8adefe2cb2fb8014c77..9465efc77f44d729ebca7a86f7c75c28f7fe8089 100644 (file)
--- a/source4/heimdal/lib/gssapi/gssapi/gssapi_oid.h
+++ b/source4/heimdal/lib/gssapi/gssapi/gssapi_oid.h
@@ -109,6 +109,13 @@ extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_mech_name_oid_desc;
  extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_mech_description_oid_desc;
  #define GSS_C_MA_MECH_DESCRIPTION (&__gss_c_ma_mech_description_oid_desc)
  
+ /* credential types */
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_cred_password_oid_desc;
+#define GSS_C_CRED_PASSWORD (&__gss_c_cred_password_oid_desc)
+
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_cred_certificate_oid_desc;
+#define GSS_C_CRED_CERTIFICATE (&__gss_c_cred_certificate_oid_desc)
+
  /* Heimdal mechanisms - 1.2.752.43.14 */
  extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_sasl_digest_md5_mechanism_oid_desc;
  #define GSS_SASL_DIGEST_MD5_MECHANISM (&__gss_sasl_digest_md5_mechanism_oid_desc)
diff --git a/source4/heimdal/lib/gssapi/gssapi_mech.h b/source4/heimdal/lib/gssapi/gssapi_mech.h

index 1431dbcee6f91a332f0cfc6c41539c1152da7755..e4ccfdb0cd99fcc3c5c982a8904487f6cd618b44 100644 (file)
--- a/source4/heimdal/lib/gssapi/gssapi_mech.h
+++ b/source4/heimdal/lib/gssapi/gssapi_mech.h
@@ -355,14 +355,14 @@ _gss_import_cred_t(OM_uint32 * minor_status,
  
  
  typedef OM_uint32 GSSAPI_CALLCONV
-_gss_acquire_cred_ex_t(void * /* status */,
-                      const gss_name_t /* desired_name */,
-                      OM_uint32 /* flags */,
-                      OM_uint32 /* time_req */,
-                      gss_cred_usage_t /* cred_usage */,
-                      void * /* identity */,
-                      void * /* ctx */,
-                      void (* /*complete */)(void *, OM_uint32, void *, gss_cred_id_t, OM_uint32));
+_gss_acquire_cred_ext_t(OM_uint32 * /*minor_status */,
+                       const gss_name_t /* desired_name */,
+                       gss_const_OID /* credential_type */,
+                       const void * /* credential_data */,
+                       OM_uint32 /* time_req */,
+                       gss_const_OID /* desired_mech */,
+                       gss_cred_usage_t /* cred_usage */,
+                       gss_cred_id_t * /* output_cred_handle */);
  
  typedef void GSSAPI_CALLCONV
  _gss_iter_creds_t(OM_uint32 /* flags */,
@@ -460,13 +460,28 @@ struct gss_mo_desc_struct {
      int (*set)(gss_const_OID, gss_mo_desc *, int, gss_buffer_t);
  };
  
+typedef OM_uint32 GSSAPI_CALLCONV _gss_pname_to_uid_t (
+              OM_uint32 *,             /* minor_status */
+              const gss_name_t,        /* name */
+              const gss_OID,           /* mech_type */
+              uid_t *                  /* uidOut */
+             );
+
+typedef OM_uint32 GSSAPI_CALLCONV _gss_authorize_localname_t (
+              OM_uint32 *,             /* minor_status */
+              const gss_name_t,        /* name */
+              gss_const_buffer_t,      /* user */
+              gss_const_OID            /* user_name_type */
+             );
+
+/* mechglue internal */
+struct gss_mech_compat_desc_struct;
  
  #define GMI_VERSION 5
  
  /* gm_flags */
  #define GM_USE_MG_CRED         1       /* uses mech glue credentials */
  
-
  typedef struct gssapi_mech_interface_desc {
         unsigned                        gm_version;
         const char                      *gm_name;
@@ -512,7 +527,7 @@ typedef struct gssapi_mech_interface_desc {
         _gss_store_cred_t               *gm_store_cred;
         _gss_export_cred_t              *gm_export_cred;
         _gss_import_cred_t              *gm_import_cred;
-       _gss_acquire_cred_ex_t          *gm_acquire_cred_ex;
+       _gss_acquire_cred_ext_t         *gm_acquire_cred_ext;
         _gss_iter_creds_t               *gm_iter_creds;
         _gss_destroy_cred_t             *gm_destroy_cred;
         _gss_cred_hold_t                *gm_cred_hold;
@@ -521,12 +536,15 @@ typedef struct gssapi_mech_interface_desc {
         _gss_cred_label_set_t           *gm_cred_label_set;
          gss_mo_desc                    *gm_mo;
          size_t                          gm_mo_num;
+        _gss_pname_to_uid_t             *gm_pname_to_uid;
+        _gss_authorize_localname_t      *gm_authorize_localname;
          _gss_display_name_ext_t         *gm_display_name_ext;
          _gss_inquire_name_t             *gm_inquire_name;
          _gss_get_name_attribute_t       *gm_get_name_attribute;
          _gss_set_name_attribute_t       *gm_set_name_attribute;
          _gss_delete_name_attribute_t    *gm_delete_name_attribute;
          _gss_export_name_composite_t    *gm_export_name_composite;
+        struct gss_mech_compat_desc_struct  *gm_compat;
  } gssapi_mech_interface_desc, *gssapi_mech_interface;
  
  gssapi_mech_interface
@@ -552,4 +570,25 @@ struct _gss_oid_name_table {
  extern struct _gss_oid_name_table _gss_ont_mech[];
  extern struct _gss_oid_name_table _gss_ont_ma[];
  
+/*
+ * Extended credentials acqusition API, not to be exported until
+ * it or something equivalent has been standardised.
+ */
+extern gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_cred_password_oid_desc;
+#define GSS_C_CRED_PASSWORD (&__gss_c_cred_password_oid_desc)
+
+extern gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_cred_certificate_oid_desc;
+#define GSS_C_CRED_CERTIFICATE (&__gss_c_cred_certificate_oid_desc)
+
+OM_uint32 _gss_acquire_cred_ext
+           (OM_uint32 * /*minor_status*/,
+            const gss_name_t /*desired_name*/,
+            gss_const_OID /*credential_type*/,
+            const void * /*credential_data*/,
+            OM_uint32 /*time_req*/,
+            gss_const_OID /*desired_mech*/,
+            gss_cred_usage_t /*cred_usage*/,
+            gss_cred_id_t * /*output_cred_handle*/
+           );
+
  #endif /* GSSAPI_MECH_H */
diff --git a/source4/heimdal/lib/gssapi/krb5/8003.c b/source4/heimdal/lib/gssapi/krb5/8003.c

index 65db343cad93aad5bb5ebba0fcddd50f24c7d5f6..d4555c51042b2795feae4118c3d87f40de325c48 100644 (file)
--- a/source4/heimdal/lib/gssapi/krb5/8003.c
+++ b/source4/heimdal/lib/gssapi/krb5/8003.c
@@ -92,7 +92,7 @@ hash_input_chan_bindings (const gss_channel_bindings_t b,
    _gsskrb5_encode_om_uint32 (b->acceptor_address.length, num);
    EVP_DigestUpdate(ctx, num, sizeof(num));
    if (b->acceptor_address.length)
-      EVP_DigestUpdate(ctx, 
+      EVP_DigestUpdate(ctx,
                        b->acceptor_address.value,
                        b->acceptor_address.length);
    _gsskrb5_encode_om_uint32 (b->application_data.length, num);
diff --git a/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c b/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c

index a5e9d054c41339a3032cbe4e6a7c97ba088ed49f..5a00e124c2cf5d606ca9ce05a3ea7882bbb16a46 100644 (file)
--- a/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c
+++ b/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c
@@ -36,12 +36,32 @@
  HEIMDAL_MUTEX gssapi_keytab_mutex = HEIMDAL_MUTEX_INITIALIZER;
  krb5_keytab _gsskrb5_keytab;
  
+static krb5_error_code
+validate_keytab(krb5_context context, const char *name, krb5_keytab *id)
+{
+    krb5_error_code ret;
+
+    ret = krb5_kt_resolve(context, name, id);
+    if (ret)
+       return ret;
+
+    ret = krb5_kt_have_content(context, *id);
+    if (ret) {
+       krb5_kt_close(context, *id);
+       *id = NULL;
+    }
+
+    return ret;
+}
+
  OM_uint32
-_gsskrb5_register_acceptor_identity (const char *identity)
+_gsskrb5_register_acceptor_identity(OM_uint32 *min_stat, const char *identity)
  {
      krb5_context context;
      krb5_error_code ret;
  
+    *min_stat = 0;
+
      ret = _gsskrb5_init(&context);
      if(ret)
         return GSS_S_FAILURE;
@@ -55,19 +75,29 @@ _gsskrb5_register_acceptor_identity (const char *identity)
      if (identity == NULL) {
         ret = krb5_kt_default(context, &_gsskrb5_keytab);
      } else {
-       char *p = NULL;
-
-       ret = asprintf(&p, "FILE:%s", identity);
-       if(ret < 0 || p == NULL) {
-           HEIMDAL_MUTEX_unlock(&gssapi_keytab_mutex);
-           return GSS_S_FAILURE;
+       /*
+        * First check if we can the keytab as is and if it has content...
+        */
+       ret = validate_keytab(context, identity, &_gsskrb5_keytab);
+       /*
+        * if it doesn't, lets prepend FILE: and try again
+        */
+       if (ret) {
+           char *p = NULL;
+           ret = asprintf(&p, "FILE:%s", identity);
+           if(ret < 0 || p == NULL) {
+               HEIMDAL_MUTEX_unlock(&gssapi_keytab_mutex);
+               return GSS_S_FAILURE;
+           }
+           ret = validate_keytab(context, p, &_gsskrb5_keytab);
+           free(p);
         }
-       ret = krb5_kt_resolve(context, p, &_gsskrb5_keytab);
-       free(p);
      }
      HEIMDAL_MUTEX_unlock(&gssapi_keytab_mutex);
-    if(ret)
+    if(ret) {
+       *min_stat = ret;
         return GSS_S_FAILURE;
+    }
      return GSS_S_COMPLETE;
  }
  
@@ -93,7 +123,7 @@ _gsskrb5i_is_cfx(krb5_context context, gsskrb5_ctx ctx, int acceptor)
  
      if (key == NULL)
         return;
-       
+
      switch (key->keytype) {
      case ETYPE_DES_CBC_CRC:
      case ETYPE_DES_CBC_MD4:
@@ -171,7 +201,7 @@ gsskrb5_accept_delegated_token
  
      if (delegated_cred_handle) {
         gsskrb5_cred handle;
-       
+
         ret = _gsskrb5_krb5_import_cred(minor_status,
                                         ccache,
                                         NULL,
@@ -541,10 +571,10 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status,
      if(ctx->flags & GSS_C_MUTUAL_FLAG) {
         krb5_data outbuf;
         int use_subkey = 0;
-       
+
         _gsskrb5i_is_cfx(context, ctx, 1);
         is_cfx = (ctx->more_flags & IS_CFX);
-       
+
         if (is_cfx || (ap_options & AP_OPTS_USE_SUBKEY)) {
             use_subkey = 1;
         } else {
@@ -572,7 +602,7 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status,
                                    KRB5_AUTH_CONTEXT_USE_SUBKEY,
                                    NULL);
         }
-       
+
         kret = krb5_mk_rep(context,
                            ctx->auth_context,
                            &outbuf);
@@ -580,7 +610,7 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status,
             *minor_status = kret;
             return GSS_S_FAILURE;
         }
-       
+
         if (IS_DCE_STYLE(ctx)) {
             output_token->length = outbuf.length;
             output_token->value = outbuf.data;
@@ -659,7 +689,7 @@ acceptor_wait_for_dcestyle(OM_uint32 * minor_status,
      krb5_error_code kret;
      krb5_data inbuf;
      int32_t r_seq_number, l_seq_number;
-       
+
      /*
       * We know it's GSS_C_DCE_STYLE so we don't need to decapsulate the AP_REP
       */
@@ -706,7 +736,7 @@ acceptor_wait_for_dcestyle(OM_uint32 * minor_status,
      {
         krb5_ap_rep_enc_part *repl;
         int32_t auth_flags;
-               
+
         krb5_auth_con_removeflags(context,
                                   ctx->auth_context,
                                   KRB5_AUTH_CONTEXT_DO_TIME,
@@ -735,7 +765,7 @@ acceptor_wait_for_dcestyle(OM_uint32 * minor_status,
         if (lifetime_rec == 0) {
             return GSS_S_CONTEXT_EXPIRED;
         }
-       
+
         if (time_rec) *time_rec = lifetime_rec;
      }
  
@@ -793,7 +823,7 @@ acceptor_wait_for_dcestyle(OM_uint32 * minor_status,
      {
         kret = krb5_auth_con_setremoteseqnumber(context,
                                                 ctx->auth_context,
-                                               r_seq_number);  
+                                               r_seq_number);
         if (kret) {
             *minor_status = kret;
             return GSS_S_FAILURE;
diff --git a/source4/heimdal/lib/gssapi/krb5/acquire_cred.c b/source4/heimdal/lib/gssapi/krb5/acquire_cred.c

index d0042e874b53fcbd5752693952a32b015da0b6ca..0f1f5f81cffc0bee2cfc2b25070a96b8b966bea9 100644 (file)
--- a/source4/heimdal/lib/gssapi/krb5/acquire_cred.c
+++ b/source4/heimdal/lib/gssapi/krb5/acquire_cred.c
@@ -46,7 +46,7 @@ __gsskrb5_ccache_lifetime(OM_uint32 *minor_status,
  
      memset(&in_cred, 0, sizeof(in_cred));
      in_cred.client = principal;
-       
+
      realm = krb5_principal_get_realm(context,  principal);
      if (realm == NULL) {
         _gsskrb5_clear_status ();
@@ -81,17 +81,18 @@ __gsskrb5_ccache_lifetime(OM_uint32 *minor_status,
  static krb5_error_code
  get_keytab(krb5_context context, krb5_keytab *keytab)
  {
-    char kt_name[256];
      krb5_error_code kret;
  
      HEIMDAL_MUTEX_lock(&gssapi_keytab_mutex);
  
      if (_gsskrb5_keytab != NULL) {
-       kret = krb5_kt_get_name(context,
-                               _gsskrb5_keytab,
-                               kt_name, sizeof(kt_name));
-       if (kret == 0)
-           kret = krb5_kt_resolve(context, kt_name, keytab);
+       char *name = NULL;
+
+       kret = krb5_kt_get_full_name(context, _gsskrb5_keytab, &name);
+       if (kret == 0) {
+           kret = krb5_kt_resolve(context, name, keytab);
+           krb5_xfree(name);
+       }
      } else
         kret = krb5_kt_default(context, keytab);
  
@@ -103,13 +104,13 @@ get_keytab(krb5_context context, krb5_keytab *keytab)
  static OM_uint32 acquire_initiator_cred
                   (OM_uint32 * minor_status,
                    krb5_context context,
+                  gss_const_OID credential_type,
+                  const void *credential_data,
                    const gss_name_t desired_name,
                    OM_uint32 time_req,
-                  const gss_OID_set desired_mechs,
+                  gss_const_OID desired_mech,
                    gss_cred_usage_t cred_usage,
-                  gsskrb5_cred handle,
-                  gss_OID_set * actual_mechs,
-                  OM_uint32 * time_rec
+                  gsskrb5_cred handle
                   )
  {
      OM_uint32 ret;
@@ -132,6 +133,12 @@ static OM_uint32 acquire_initiator_cred
       * errors while searching.
       */
  
+    if (credential_type != GSS_C_NO_OID &&
+       !gss_oid_equal(credential_type, GSS_C_CRED_PASSWORD)) {
+       kret = KRB5_NOCREDS_SUPPLIED; /* XXX */
+       goto end;
+    }
+
      if (handle->principal) {
         kret = krb5_cc_cache_match (context,
                                     handle->principal,
@@ -174,14 +181,29 @@ static OM_uint32 acquire_initiator_cred
             if (kret)
                 goto end;
         }
-       kret = get_keytab(context, &keytab);
-       if (kret)
-           goto end;
         kret = krb5_get_init_creds_opt_alloc(context, &opt);
         if (kret)
             goto end;
-       kret = krb5_get_init_creds_keytab(context, &cred,
-           handle->principal, keytab, 0, NULL, opt);
+       if (credential_type != GSS_C_NO_OID &&
+           gss_oid_equal(credential_type, GSS_C_CRED_PASSWORD)) {
+           gss_buffer_t password = (gss_buffer_t)credential_data;
+
+           /* XXX are we requiring password to be NUL terminated? */
+
+           kret = krb5_get_init_creds_password(context, &cred,
+                                               handle->principal,
+                                               password->value,
+                                               NULL, NULL, 0, NULL, opt);
+       } else {
+           kret = get_keytab(context, &keytab);
+           if (kret) {
+               krb5_get_init_creds_opt_free(context, opt);
+               goto end;
+           }
+           kret = krb5_get_init_creds_keytab(context, &cred,
+                                             handle->principal, keytab,
+                                             0, NULL, opt);
+       }
         krb5_get_init_creds_opt_free(context, opt);
         if (kret)
             goto end;
@@ -233,19 +255,25 @@ end:
  static OM_uint32 acquire_acceptor_cred
                   (OM_uint32 * minor_status,
                    krb5_context context,
+                  gss_const_OID credential_type,
+                  const void *credential_data,
                    const gss_name_t desired_name,
                    OM_uint32 time_req,
-                  const gss_OID_set desired_mechs,
+                  gss_const_OID desired_mech,
                    gss_cred_usage_t cred_usage,
-                  gsskrb5_cred handle,
-                  gss_OID_set * actual_mechs,
-                  OM_uint32 * time_rec
+                  gsskrb5_cred handle
                   )
  {
      OM_uint32 ret;
      krb5_error_code kret;
  
      ret = GSS_S_FAILURE;
+
+    if (credential_type != GSS_C_NO_OID) {
+       kret = EINVAL;
+       goto end;
+    }
+
      kret = get_keytab(context, &handle->keytab);
      if (kret)
         goto end;
@@ -299,23 +327,8 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_acquire_cred
   OM_uint32 * time_rec
      )
  {
-    krb5_context context;
-    gsskrb5_cred handle;
      OM_uint32 ret;
  
-    if (cred_usage != GSS_C_ACCEPT && cred_usage != GSS_C_INITIATE && cred_usage != GSS_C_BOTH) {
-       *minor_status = GSS_KRB5_S_G_BAD_USAGE;
-       return GSS_S_FAILURE;
-    }
-
-    GSSAPI_KRB5_INIT(&context);
-
-    *output_cred_handle = NULL;
-    if (time_rec)
-       *time_rec = 0;
-    if (actual_mechs)
-       *actual_mechs = GSS_C_NO_OID_SET;
-
      if (desired_mechs) {
         int present = 0;
  
@@ -329,6 +342,54 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_acquire_cred
         }
      }
  
+    ret = _gsskrb5_acquire_cred_ext(minor_status,
+                                   desired_name,
+                                   GSS_C_NO_OID,
+                                   NULL,
+                                   time_req,
+                                   GSS_KRB5_MECHANISM,
+                                   cred_usage,
+                                   output_cred_handle);
+    if (ret)
+       return ret;
+
+
+    ret = _gsskrb5_inquire_cred(minor_status, *output_cred_handle,
+                               NULL, time_rec, NULL, actual_mechs);
+    if (ret) {
+       OM_uint32 tmp;
+       _gsskrb5_release_cred(&tmp, output_cred_handle);
+    }
+
+    return ret;
+}
+
+OM_uint32 GSSAPI_CALLCONV _gsskrb5_acquire_cred_ext
+(OM_uint32 * minor_status,
+ const gss_name_t desired_name,
+ gss_const_OID credential_type,
+ const void *credential_data,
+ OM_uint32 time_req,
+ gss_const_OID desired_mech,
+ gss_cred_usage_t cred_usage,
+ gss_cred_id_t * output_cred_handle
+    )
+{
+    krb5_context context;
+    gsskrb5_cred handle;
+    OM_uint32 ret;
+
+    cred_usage &= GSS_C_OPTION_MASK;
+
+    if (cred_usage != GSS_C_ACCEPT && cred_usage != GSS_C_INITIATE && cred_usage != GSS_C_BOTH) {
+       *minor_status = GSS_KRB5_S_G_BAD_USAGE;
+       return GSS_S_FAILURE;
+    }
+
+    GSSAPI_KRB5_INIT(&context);
+
+    *output_cred_handle = NULL;
+
      handle = calloc(1, sizeof(*handle));
      if (handle == NULL) {
         *minor_status = ENOMEM;
@@ -338,7 +399,6 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_acquire_cred
      HEIMDAL_MUTEX_init(&handle->cred_id_mutex);
  
      if (desired_name != GSS_C_NO_NAME) {
-
         ret = _gsskrb5_canon_name(minor_status, context, 1, NULL,
                                   desired_name, &handle->principal);
         if (ret) {
@@ -349,9 +409,9 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_acquire_cred
      }
      if (cred_usage == GSS_C_INITIATE || cred_usage == GSS_C_BOTH) {
         ret = acquire_initiator_cred(minor_status, context,
+                                    credential_type, credential_data,
                                      desired_name, time_req,
-                                    desired_mechs, cred_usage, handle,
-                                    actual_mechs, time_rec);
+                                    desired_mech, cred_usage, handle);
         if (ret != GSS_S_COMPLETE) {
             HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex);
             krb5_free_principal(context, handle->principal);
@@ -361,8 +421,9 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_acquire_cred
      }
      if (cred_usage == GSS_C_ACCEPT || cred_usage == GSS_C_BOTH) {
         ret = acquire_acceptor_cred(minor_status, context,
+                                   credential_type, credential_data,
                                     desired_name, time_req,
-                                   desired_mechs, cred_usage, handle, actual_mechs, time_rec);
+                                   desired_mech, cred_usage, handle);
         if (ret != GSS_S_COMPLETE) {
             HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex);
             krb5_free_principal(context, handle->principal);
@@ -374,9 +435,6 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_acquire_cred
      if (ret == GSS_S_COMPLETE)
         ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM,
                                      &handle->mechanisms);
-    if (ret == GSS_S_COMPLETE)
-       ret = _gsskrb5_inquire_cred(minor_status, (gss_cred_id_t)handle,
-                                   NULL, time_rec, NULL, actual_mechs);
      if (ret != GSS_S_COMPLETE) {
         if (handle->mechanisms != NULL)
             gss_release_oid_set(NULL, &handle->mechanisms);
@@ -385,17 +443,8 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_acquire_cred
         free(handle);
         return (ret);
      }
-    *minor_status = 0;
-    if (time_rec) {
-       ret = _gsskrb5_lifetime_left(minor_status,
-                                    context,
-                                    handle->lifetime,
-                                    time_rec);
-
-       if (ret)
-           return ret;
-    }
      handle->usage = cred_usage;
+    *minor_status = 0;
      *output_cred_handle = (gss_cred_id_t)handle;
      return (GSS_S_COMPLETE);
  }
diff --git a/source4/heimdal/lib/gssapi/krb5/add_cred.c b/source4/heimdal/lib/gssapi/krb5/add_cred.c

index a326613eddf067a9755bbc3c81d8aac750ddd8a5..00cf55f62d651314a6e1a486006e5450554d60bd 100644 (file)
--- a/source4/heimdal/lib/gssapi/krb5/add_cred.c
+++ b/source4/heimdal/lib/gssapi/krb5/add_cred.c
@@ -81,7 +81,7 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_add_cred (
             return(GSS_S_FAILURE);
         }
      }
-       
+
      /* check that we have the same name */
      if (dname != NULL &&
         krb5_principal_compare(context, dname,
@@ -110,7 +110,7 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_add_cred (
         handle->ccache = NULL;
         handle->mechanisms = NULL;
         HEIMDAL_MUTEX_init(&handle->cred_id_mutex);
-       
+
         ret = GSS_S_FAILURE;
  
         kret = krb5_copy_principal(context, cred->principal,
@@ -123,23 +123,11 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_add_cred (
         }
  
         if (cred->keytab) {
-           char name[KRB5_KT_PREFIX_MAX_LEN + MAXPATHLEN];
-           int len;
-       
-           ret = GSS_S_FAILURE;
+           char *name = NULL;
  
-           kret = krb5_kt_get_type(context, cred->keytab,
-                                   name, KRB5_KT_PREFIX_MAX_LEN);
-           if (kret) {
-               *minor_status = kret;
-               goto failure;
-           }
-           len = strlen(name);
-           name[len++] = ':';
+           ret = GSS_S_FAILURE;
  
-           kret = krb5_kt_get_name(context, cred->keytab,
-                                   name + len,
-                                   sizeof(name) - len);
+           kret = krb5_kt_get_full_name(context, cred->keytab, &name);
             if (kret) {
                 *minor_status = kret;
                 goto failure;
@@ -147,6 +135,7 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_add_cred (
  
             kret = krb5_kt_resolve(context, name,
                                    &handle->keytab);
+           krb5_xfree(name);
             if (kret){
                 *minor_status = kret;
                 goto failure;
@@ -166,7 +155,7 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_add_cred (
             }
  
             if (strcmp(type, "MEMORY") == 0) {
-               ret = krb5_cc_new_unique(context, type, 
+               ret = krb5_cc_new_unique(context, type,
                                          NULL, &handle->ccache);
                 if (ret) {
                     *minor_status = ret;
@@ -186,20 +175,20 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_add_cred (
                     *minor_status = ENOMEM;
                     goto failure;
                 }
-               
+
                 kret = asprintf(&type_name, "%s:%s", type, name);
                 if (kret < 0 || type_name == NULL) {
                     *minor_status = ENOMEM;
                     goto failure;
                 }
-               
+
                 kret = krb5_cc_resolve(context, type_name,
                                        &handle->ccache);
                 free(type_name);
                 if (kret) {
                     *minor_status = kret;
                     goto failure;
-               }       
+               }
             }
         }
         ret = gss_create_empty_oid_set(minor_status, &handle->mechanisms);
diff --git a/source4/heimdal/lib/gssapi/krb5/aeap.c b/source4/heimdal/lib/gssapi/krb5/aeap.c

index 040cd3ee7686bcd779b149ae93b6c3a469d50809..47913e4aec03244ef85004dde0792be290c49232 100644 (file)
--- a/source4/heimdal/lib/gssapi/krb5/aeap.c
+++ b/source4/heimdal/lib/gssapi/krb5/aeap.c
@@ -69,11 +69,11 @@ _gk_unwrap_iov(OM_uint32 *minor_status,
      krb5_context context;
  
      GSSAPI_KRB5_INIT (&context);
-    
+
      if (ctx->more_flags & IS_CFX)
         return _gssapi_unwrap_cfx_iov(minor_status, ctx, context,
                                       conf_state, qop_state, iov, iov_count);
-    
+
      return GSS_S_FAILURE;
  }
  
@@ -88,13 +88,13 @@ _gk_wrap_iov_length(OM_uint32 * minor_status,
  {
      const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle;
      krb5_context context;
-    
+
      GSSAPI_KRB5_INIT (&context);
-    
+
      if (ctx->more_flags & IS_CFX)
         return _gssapi_wrap_iov_length_cfx(minor_status, ctx, context,
                                            conf_req_flag, qop_req, conf_state,
                                            iov, iov_count);
-    
+
      return GSS_S_FAILURE;
  }
diff --git a/source4/heimdal/lib/gssapi/krb5/arcfour.c b/source4/heimdal/lib/gssapi/krb5/arcfour.c

index dc59e997bd6d40827386e19da6d6c91f24119955..0264207e4a8ceb467fdaf80c9079c3c88e74e7cb 100644 (file)
--- a/source4/heimdal/lib/gssapi/krb5/arcfour.c
+++ b/source4/heimdal/lib/gssapi/krb5/arcfour.c
@@ -255,7 +255,7 @@ _gssapi_verify_mic_arcfour(OM_uint32 * minor_status,
                            const gss_buffer_t token_buffer,
                            gss_qop_t * qop_state,
                            krb5_keyblock *key,
-                          char *type)
+                          const char *type)
  {
      krb5_error_code ret;
      uint32_t seq_number;
@@ -270,7 +270,7 @@ _gssapi_verify_mic_arcfour(OM_uint32 * minor_status,
      p = token_buffer->value;
      omret = _gsskrb5_verify_header (&p,
                                        token_buffer->length,
-                                      (u_char *)type,
+                                      type,
                                        GSS_KRB5_MECHANISM);
      if (omret)
         return omret;
@@ -309,7 +309,7 @@ _gssapi_verify_mic_arcfour(OM_uint32 * minor_status,
  
      {
         EVP_CIPHER_CTX rc4_key;
-       
+
         EVP_CIPHER_CTX_init(&rc4_key);
         EVP_CipherInit_ex(&rc4_key, EVP_rc4(), NULL, (void *)k6_data, NULL, 0);
         EVP_Cipher(&rc4_key, SND_SEQ, p, 8);
@@ -462,7 +462,7 @@ _gssapi_wrap_arcfour(OM_uint32 * minor_status,
  
      if(conf_req_flag) {
         EVP_CIPHER_CTX rc4_key;
-       
+
         EVP_CIPHER_CTX_init(&rc4_key);
         EVP_CipherInit_ex(&rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1);
         EVP_Cipher(&rc4_key, p0 + 24, p0 + 24, 8 + datalen);
@@ -481,7 +481,7 @@ _gssapi_wrap_arcfour(OM_uint32 * minor_status,
  
      {
         EVP_CIPHER_CTX rc4_key;
-       
+
         EVP_CIPHER_CTX_init(&rc4_key);
         EVP_CipherInit_ex(&rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1);
         EVP_Cipher(&rc4_key, p0 + 8, p0 + 8 /* SND_SEQ */, 8);
@@ -581,7 +581,7 @@ OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status,
  
      {
         EVP_CIPHER_CTX rc4_key;
-       
+
         EVP_CIPHER_CTX_init(&rc4_key);
         EVP_CipherInit_ex(&rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1);
         EVP_Cipher(&rc4_key, SND_SEQ, p0 + 8, 8);
@@ -629,7 +629,7 @@ OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status,
  
      if(conf_flag) {
         EVP_CIPHER_CTX rc4_key;
-       
+
         EVP_CIPHER_CTX_init(&rc4_key);
         EVP_CipherInit_ex(&rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1);
         EVP_Cipher(&rc4_key, Confounder, p0 + 24, 8);
diff --git a/source4/heimdal/lib/gssapi/krb5/cfx.c b/source4/heimdal/lib/gssapi/krb5/cfx.c

index 1189718adcf38b0f8156f8e9567e2e92f914fa4d..3c1536b60ea5add9b479ecc46bdfde4c8f5bcc2a 100755 (executable)
--- a/source4/heimdal/lib/gssapi/krb5/cfx.c
+++ b/source4/heimdal/lib/gssapi/krb5/cfx.c
@@ -285,7 +285,8 @@ _gssapi_wrap_cfx_iov(OM_uint32 *minor_status,
      gss_iov_buffer_desc *header, *trailer, *padding;
      size_t gsshsize, k5hsize;
      size_t gsstsize, k5tsize;
-    size_t i, rrc = 0, ec = 0;
+    size_t rrc = 0, ec = 0;
+    int i;
      gss_cfx_wrap_token token;
      krb5_error_code ret;
      int32_t seq_number;
@@ -424,6 +425,9 @@ _gssapi_wrap_cfx_iov(OM_uint32 *minor_status,
      token->Flags     = 0;
      token->Filler    = 0xFF;
  
+    if ((ctx->more_flags & LOCAL) == 0)
+       token->Flags |= CFXSentByAcceptor;
+
      if (ctx->more_flags & ACCEPTOR_SUBKEY)
         token->Flags |= CFXAcceptorSubkey;
  
@@ -565,7 +569,7 @@ _gssapi_wrap_cfx_iov(OM_uint32 *minor_status,
           plain packet:
  
           {data | "header" | gss-trailer (krb5 checksum)
-         
+
           don't do RRC != 0
  
          */
@@ -647,7 +651,7 @@ unrotate_iov(OM_uint32 *minor_status, size_t rrc, gss_iov_buffer_desc *iov, int
             GSS_IOV_BUFFER_TYPE(iov[i].type) == GSS_IOV_BUFFER_TYPE_PADDING ||
             GSS_IOV_BUFFER_TYPE(iov[i].type) == GSS_IOV_BUFFER_TYPE_TRAILER)
             len += iov[i].buffer.length;
-    
+
      p = malloc(len);
      if (p == NULL) {
         *minor_status = ENOMEM;
@@ -666,7 +670,7 @@ unrotate_iov(OM_uint32 *minor_status, size_t rrc, gss_iov_buffer_desc *iov, int
             q += iov[i].buffer.length;
         }
      }
-    assert((q - p) == len);
+    assert((size_t)(q - p) == len);
  
      /* unrotate first part */
      q = p + rrc;
diff --git a/source4/heimdal/lib/gssapi/krb5/compat.c b/source4/heimdal/lib/gssapi/krb5/compat.c

index 221d219c69fa3739ead198f9fdc38f3fe360163e..3381dffa19eed1460d9a50c54ae10b0fd333a37b 100644 (file)
--- a/source4/heimdal/lib/gssapi/krb5/compat.c
+++ b/source4/heimdal/lib/gssapi/krb5/compat.c
@@ -59,7 +59,7 @@ check_compat(OM_uint32 *minor_status,
             *compat = match_val;
             break;
         }
-       
+
         krb5_free_principal(context, match);
         match = NULL;
      }
diff --git a/source4/heimdal/lib/gssapi/krb5/context_time.c b/source4/heimdal/lib/gssapi/krb5/context_time.c

index 7b27906b5b12f6efb5ae5713b09ee540002b96e3..cb1550011cd7e41237d898d2a35359a0f89ef034 100644 (file)
--- a/source4/heimdal/lib/gssapi/krb5/context_time.c
+++ b/source4/heimdal/lib/gssapi/krb5/context_time.c
@@ -88,6 +88,6 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_context_time
  
      if (*time_rec == 0)
         return GSS_S_CONTEXT_EXPIRED;
-       
+
      return GSS_S_COMPLETE;
  }
diff --git a/source4/heimdal/lib/gssapi/krb5/copy_ccache.c b/source4/heimdal/lib/gssapi/krb5/copy_ccache.c

index 4e65fc1cf30448aae2c87475317327b69e024e80..e332d29c84aaf689b8d6ce921aa3ff18a23853c9 100644 (file)
--- a/source4/heimdal/lib/gssapi/krb5/copy_ccache.c
+++ b/source4/heimdal/lib/gssapi/krb5/copy_ccache.c
@@ -100,7 +100,7 @@ _gsskrb5_krb5_import_cred(OM_uint32 *minor_status,
             *minor_status = kret;
             return GSS_S_FAILURE;
         }
-       
+
         if (keytab_principal) {
             krb5_boolean match;
  
diff --git a/source4/heimdal/lib/gssapi/krb5/creds.c b/source4/heimdal/lib/gssapi/krb5/creds.c

index d2c253e84bbedde24bd5cc4b48ccaca88faa55a1..fa45d19b9812843dbc3dbde3aea18b394cf1ab0c 100644 (file)
--- a/source4/heimdal/lib/gssapi/krb5/creds.c
+++ b/source4/heimdal/lib/gssapi/krb5/creds.c
@@ -47,7 +47,7 @@ _gsskrb5_export_cred(OM_uint32 *minor_status,
      char *str;
  
      GSSAPI_KRB5_INIT (&context);
-    
+
      if (handle->usage != GSS_C_INITIATE && handle->usage != GSS_C_BOTH) {
         *minor_status = GSS_KRB5_S_G_BAD_USAGE;
         return GSS_S_FAILURE;
@@ -93,14 +93,14 @@ _gsskrb5_export_cred(OM_uint32 *minor_status,
             *minor_status = ret;
             return GSS_S_FAILURE;
         }
-       
+
         ret = krb5_cc_get_full_name(context, handle->ccache, &str);
         if (ret) {
             krb5_storage_free(sp);
             *minor_status = ret;
             return GSS_S_FAILURE;
         }
-       
+
         ret = krb5_store_string(sp, str);
         free(str);
         if (ret) {
@@ -222,7 +222,7 @@ _gsskrb5_import_cred(OM_uint32 * minor_status,
             *minor_status = ret;
             return GSS_S_FAILURE;
         }
-       
+
         ret = krb5_cc_resolve(context, str, &id);
         krb5_xfree(str);
         if (ret) {
diff --git a/source4/heimdal/lib/gssapi/krb5/encapsulate.c b/source4/heimdal/lib/gssapi/krb5/encapsulate.c

index 79cd9232e19dc4cc761af66e78b541d565710286..fe5dac7c60b26342039f08200c6561df978818d3 100644 (file)
--- a/source4/heimdal/lib/gssapi/krb5/encapsulate.c
+++ b/source4/heimdal/lib/gssapi/krb5/encapsulate.c
@@ -114,7 +114,7 @@ _gssapi_encapsulate(
      if (output_token->value == NULL) {
         *minor_status = ENOMEM;
         return GSS_S_FAILURE;
-    }  
+    }
  
      p = _gssapi_make_mech_header (output_token->value, len, mech);
      memcpy (p, in_data->data, in_data->length);
@@ -145,7 +145,7 @@ _gsskrb5_encapsulate(
      if (output_token->value == NULL) {
         *minor_status = ENOMEM;
         return GSS_S_FAILURE;
-    }  
+    }
  
      p = _gsskrb5_make_header (output_token->value, len, type, mech);
      memcpy (p, in_data->data, in_data->length);
diff --git a/source4/heimdal/lib/gssapi/krb5/external.c b/source4/heimdal/lib/gssapi/krb5/external.c

index d6f14a48f7c7f01a3c1e2d7dcdfc13349aa80160..26ede2487d30309cb37c80c2ca4be0c8c46f45cc 100644 (file)
--- a/source4/heimdal/lib/gssapi/krb5/external.c
+++ b/source4/heimdal/lib/gssapi/krb5/external.c
@@ -180,7 +180,7 @@ static gss_mo_desc krb5_mo[] = {
         GSS_C_MA_SASL_MECH_NAME,
         GSS_MO_MA,
         "SASL mech name",
-       "GS2-KRB5",
+       rk_UNCONST("GS2-KRB5"),
         _gss_mo_get_ctx_as_string,
         NULL
      },
@@ -188,7 +188,7 @@ static gss_mo_desc krb5_mo[] = {
         GSS_C_MA_MECH_NAME,
         GSS_MO_MA,
         "Mechanism name",
-       "KRB5",
+       rk_UNCONST("KRB5"),
         _gss_mo_get_ctx_as_string,
         NULL
      },
@@ -196,7 +196,7 @@ static gss_mo_desc krb5_mo[] = {
         GSS_C_MA_MECH_DESCRIPTION,
         GSS_MO_MA,
         "Mechanism description",
-       "Heimdal Kerberos 5 mech",
+       rk_UNCONST("Heimdal Kerberos 5 mech"),
         _gss_mo_get_ctx_as_string,
         NULL
      },
@@ -273,7 +273,7 @@ static gss_mo_desc krb5_mo[] = {
  static gssapi_mech_interface_desc krb5_mech = {
      GMI_VERSION,
      "kerberos 5",
-    {9, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02" },
+    {9, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02") },
      0,
      _gsskrb5_acquire_cred,
      _gsskrb5_release_cred,
@@ -315,7 +315,7 @@ static gssapi_mech_interface_desc krb5_mech = {
      _gsskrb5_store_cred,
      _gsskrb5_export_cred,
      _gsskrb5_import_cred,
-    NULL,
+    _gsskrb5_acquire_cred_ext,
      NULL,
      NULL,
      NULL,
@@ -323,7 +323,16 @@ static gssapi_mech_interface_desc krb5_mech = {
      NULL,
      NULL,
      krb5_mo,
-    sizeof(krb5_mo) / sizeof(krb5_mo[0])
+    sizeof(krb5_mo) / sizeof(krb5_mo[0]),
+    _gsskrb5_pname_to_uid,
+    _gsskrb5_authorize_localname,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL
  };
  
  gssapi_mech_interface
diff --git a/source4/heimdal/lib/gssapi/krb5/import_name.c b/source4/heimdal/lib/gssapi/krb5/import_name.c

index 2a071a305efc8f9c88449687e577035a47c40713..5fe512672f95867a7a0eb17ba40641d7e619e9e8 100644 (file)
--- a/source4/heimdal/lib/gssapi/krb5/import_name.c
+++ b/source4/heimdal/lib/gssapi/krb5/import_name.c
@@ -107,9 +107,9 @@ _gsskrb5_canon_name(OM_uint32 *minor_status, krb5_context context,
             return GSS_S_BAD_NAME;
         else if (p->name.name_string.len > 1)
             hostname = p->name.name_string.val[1];
-       
+
         service = p->name.name_string.val[0];
-       
+
         ret = krb5_sname_to_principal(context,
                                       hostname,
                                       service,
diff --git a/source4/heimdal/lib/gssapi/krb5/init_sec_context.c b/source4/heimdal/lib/gssapi/krb5/init_sec_context.c

index 53855ca045322993ac766573ae6e39ca3401800d..5f8b01b7270712e4bdc311f7ef7cc87e3e3a2dc1 100644 (file)
--- a/source4/heimdal/lib/gssapi/krb5/init_sec_context.c
+++ b/source4/heimdal/lib/gssapi/krb5/init_sec_context.c
@@ -41,7 +41,7 @@
  static OM_uint32
  set_addresses (krb5_context context,
                krb5_auth_context ac,
-              const gss_channel_bindings_t input_chan_bindings)        
+              const gss_channel_bindings_t input_chan_bindings)
  {
      /* Port numbers are expected to be in application_data.value,
       * initator's port first */
@@ -422,11 +422,6 @@ init_auth
         goto failure;
      }
  
-    ret = _gss_DES3_get_mic_compat(minor_status, ctx, context);
-    if (ret)
-       goto failure;
-
-
      /*
       * This is hideous glue for (NFS) clients that wants to limit the
       * available enctypes to what it can support (encryption in
@@ -458,17 +453,21 @@ init_auth
       * DNS canonicalizion.
       */
      ret = gsskrb5_get_creds(minor_status, context, ctx->ccache,
-                           ctx, name, 0, time_req, 
+                           ctx, name, 0, time_req,
                             time_rec);
      if (ret && allow_dns)
         ret = gsskrb5_get_creds(minor_status, context, ctx->ccache,
-                               ctx, name, 1, time_req, 
+                               ctx, name, 1, time_req,
                                 time_rec);
      if (ret)
         goto failure;
  
      ctx->lifetime = ctx->kcred->times.endtime;
  
+    ret = _gss_DES3_get_mic_compat(minor_status, ctx, context);
+    if (ret)
+       goto failure;
+
      ret = _gsskrb5_lifetime_left(minor_status,
                                  context,
                                  ctx->lifetime,
@@ -530,7 +529,7 @@ init_auth_restart
      Checksum cksum;
      krb5_enctype enctype;
      krb5_data fwd_data, timedata;
-    int32_t offset = 0, oldoffset;
+    int32_t offset = 0, oldoffset = 0;
      uint32_t flagmask;
  
      krb5_data_zero(&outbuf);
@@ -544,7 +543,7 @@ init_auth_restart
       */
      if (!ctx->kcred->flags.b.ok_as_delegate) {
         krb5_data data;
-       
+
         ret = krb5_cc_get_config(context, ctx->ccache, NULL,
                                  "realm-config", &data);
         if (ret == 0) {
@@ -676,7 +675,8 @@ init_auth_restart
         output_token->length = outbuf.length;
      } else {
          ret = _gsskrb5_encapsulate (minor_status, &outbuf, output_token,
-                                   (u_char *)"\x01\x00", GSS_KRB5_MECHANISM);
+                                   (u_char *)(intptr_t)"\x01\x00",
+                                   GSS_KRB5_MECHANISM);
         krb5_data_free (&outbuf);
         if (ret)
             goto failure;
@@ -848,9 +848,9 @@ repl_mutual
             *minor_status = kret;
             return GSS_S_FAILURE;
         }
-       
+
         /* reset local seq number */
-       krb5_auth_con_setlocalseqnumber(context, ctx->auth_context, local_seq); 
+       krb5_auth_con_setlocalseqnumber(context, ctx->auth_context, local_seq);
  
         output_token->length = outbuf.length;
         output_token->value  = outbuf.data;
@@ -911,20 +911,20 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_init_sec_context
         return GSS_S_BAD_MECH;
  
      if (input_token == GSS_C_NO_BUFFER || input_token->length == 0) {
-       OM_uint32 ret;
+       OM_uint32 ret1;
  
         if (*context_handle != GSS_C_NO_CONTEXT) {
             *minor_status = 0;
             return GSS_S_FAILURE | GSS_S_CALL_BAD_STRUCTURE;
         }
  
-       ret = _gsskrb5_create_ctx(minor_status,
+       ret1 = _gsskrb5_create_ctx(minor_status,
                                   context_handle,
                                   context,
                                   input_chan_bindings,
                                   INITIATOR_START);
-       if (ret)
-           return ret;
+       if (ret1)
+           return ret1;
      }
  
      if (*context_handle == GSS_C_NO_CONTEXT) {
@@ -953,7 +953,7 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_init_sec_context
                         ret_flags,
                         time_rec);
         if (ret != GSS_S_COMPLETE)
-           break;      
+           break;
         /* FALL THOUGH */
      case INITIATOR_RESTART:
         ret = init_auth_restart(minor_status,
diff --git a/source4/heimdal/lib/gssapi/krb5/inquire_cred.c b/source4/heimdal/lib/gssapi/krb5/inquire_cred.c

index d3798623ff3fceaa091515983da5a1807f1a1362..f88199692cd7ad537aa7b7545156f4d94a6c6fa1 100644 (file)
--- a/source4/heimdal/lib/gssapi/krb5/inquire_cred.c
+++ b/source4/heimdal/lib/gssapi/krb5/inquire_cred.c
@@ -95,12 +95,12 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_inquire_cred
      if (output_name != NULL) {
         if (icred && icred->principal != NULL) {
             gss_name_t name;
-       
+
             if (acred && acred->principal)
                 name = (gss_name_t)acred->principal;
             else
                 name = (gss_name_t)icred->principal;
-               
+
              ret = _gsskrb5_duplicate_name(minor_status, name, output_name);
              if (ret)
                 goto out;
diff --git a/source4/heimdal/lib/gssapi/krb5/inquire_names_for_mech.c b/source4/heimdal/lib/gssapi/krb5/inquire_names_for_mech.c

index dc02b99851a31ce8da8182b8637062f6a3343822..65bd49c971ba0b2662f16e8f2bc6674272b7afca 100644 (file)
--- a/source4/heimdal/lib/gssapi/krb5/inquire_names_for_mech.c
+++ b/source4/heimdal/lib/gssapi/krb5/inquire_names_for_mech.c
@@ -72,6 +72,6 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_inquire_names_for_mech (
  
      if (ret != GSS_S_COMPLETE)
         gss_release_oid_set(NULL, name_types);
-       
+
      return GSS_S_COMPLETE;
  }
diff --git a/source4/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c b/source4/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c

index 14816e7a056f216af969aef3340a22413a0e75c3..b57217a4e8303d24d1d8c9a11ac2147dd8a9dfbb 100644 (file)
--- a/source4/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c
+++ b/source4/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c
@@ -159,10 +159,10 @@ static OM_uint32 inquire_sec_context_get_subkey
  
      {
         gss_buffer_desc value;
-       
+
         value.length = data.length;
         value.value = data.data;
-       
+
         maj_stat = gss_add_buffer_set_member(minor_status,
                                              &value,
                                              data_set);
@@ -179,6 +179,46 @@ out:
      return maj_stat;
  }
  
+static OM_uint32 inquire_sec_context_get_sspi_session_key
+            (OM_uint32 *minor_status,
+             const gsskrb5_ctx context_handle,
+             krb5_context context,
+             gss_buffer_set_t *data_set)
+{
+    krb5_keyblock *key;
+    OM_uint32 maj_stat = GSS_S_COMPLETE;
+    krb5_error_code ret;
+    gss_buffer_desc value;
+
+    HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
+    ret = _gsskrb5i_get_token_key(context_handle, context, &key);
+    HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
+
+    if (ret)
+        goto out;
+    if (key == NULL) {
+        ret = EINVAL;
+        goto out;
+    }
+
+    value.length = key->keyvalue.length;
+    value.value = key->keyvalue.data;
+
+    maj_stat = gss_add_buffer_set_member(minor_status,
+                                         &value,
+                                         data_set);
+    krb5_free_keyblock(context, key);
+
+    /* MIT also returns the enctype encoded as an OID in data_set[1] */
+
+out:
+    if (ret) {
+        *minor_status = ret;
+        maj_stat = GSS_S_FAILURE;
+    }
+    return maj_stat;
+}
+
  static OM_uint32 inquire_sec_context_authz_data
             (OM_uint32 *minor_status,
              const gsskrb5_ctx context_handle,
@@ -464,10 +504,10 @@ get_service_keyblock
  
      {
         gss_buffer_desc value;
-       
+
         value.length = data.length;
         value.value = data.data;
-       
+
         maj_stat = gss_add_buffer_set_member(minor_status,
                                              &value,
                                              data_set);
@@ -530,6 +570,11 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_inquire_sec_context_by_oid
                                               context,
                                               ACCEPTOR_KEY,
                                               data_set);
+    } else if (gss_oid_equal(desired_object, GSS_C_INQ_SSPI_SESSION_KEY)) {
+        return inquire_sec_context_get_sspi_session_key(minor_status,
+                                                        ctx,
+                                                        context,
+                                                        data_set);
      } else if (gss_oid_equal(desired_object, GSS_KRB5_GET_AUTHTIME_X)) {
         return get_authtime(minor_status, ctx, data_set);
      } else if (oid_prefix_equal(desired_object,
diff --git a/source4/heimdal/lib/gssapi/krb5/prf.c b/source4/heimdal/lib/gssapi/krb5/prf.c

index 323b4cc722962bc24fe7e15c8294981c3af313d5..162a3097099f737dad0c29a5962f3cd6eda09502 100644 (file)
--- a/source4/heimdal/lib/gssapi/krb5/prf.c
+++ b/source4/heimdal/lib/gssapi/krb5/prf.c
@@ -47,18 +47,21 @@ _gsskrb5_pseudo_random(OM_uint32 *minor_status,
      krb5_crypto crypto;
      krb5_data input, output;
      uint32_t num;
+    OM_uint32 junk;
      unsigned char *p;
      krb5_keyblock *key = NULL;
+    size_t dol;
  
      if (ctx == NULL) {
         *minor_status = 0;
         return GSS_S_NO_CONTEXT;
      }
  
-    if (desired_output_len <= 0) {
+    if (desired_output_len <= 0 || prf_in->length + 4 < prf_in->length) {
         *minor_status = 0;
         return GSS_S_FAILURE;
      }
+    dol = desired_output_len;
  
      GSSAPI_KRB5_INIT (&context);
  
@@ -88,21 +91,20 @@ _gsskrb5_pseudo_random(OM_uint32 *minor_status,
         return GSS_S_FAILURE;
      }
  
-    prf_out->value = malloc(desired_output_len);
+    prf_out->value = malloc(dol);
      if (prf_out->value == NULL) {
         _gsskrb5_set_status(GSS_KRB5_S_KG_INPUT_TOO_LONG, "Out of memory");
         *minor_status = GSS_KRB5_S_KG_INPUT_TOO_LONG;
         krb5_crypto_destroy(context, crypto);
         return GSS_S_FAILURE;
      }
-    prf_out->length = desired_output_len;
+    prf_out->length = dol;
  
      HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
  
      input.length = prf_in->length + 4;
      input.data = malloc(prf_in->length + 4);
      if (input.data == NULL) {
-       OM_uint32 junk;
         _gsskrb5_set_status(GSS_KRB5_S_KG_INPUT_TOO_LONG, "Out of memory");
         *minor_status = GSS_KRB5_S_KG_INPUT_TOO_LONG;
         gss_release_buffer(&junk, prf_out);
@@ -110,15 +112,17 @@ _gsskrb5_pseudo_random(OM_uint32 *minor_status,
         HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
         return GSS_S_FAILURE;
      }
-    memcpy(((unsigned char *)input.data) + 4, prf_in->value, prf_in->length);
+    memcpy(((uint8_t *)input.data) + 4, prf_in->value, prf_in->length);
  
      num = 0;
      p = prf_out->value;
-    while(desired_output_len > 0) {
+    while(dol > 0) {
+       size_t tsize;
+
         _gsskrb5_encode_om_uint32(num, input.data);
+
         ret = krb5_crypto_prf(context, crypto, &input, &output);
         if (ret) {
-           OM_uint32 junk;
             *minor_status = ret;
             free(input.data);
             gss_release_buffer(&junk, prf_out);
@@ -126,9 +130,11 @@ _gsskrb5_pseudo_random(OM_uint32 *minor_status,
             HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
             return GSS_S_FAILURE;
         }
-       memcpy(p, output.data, min(desired_output_len, output.length));
+
+       tsize = min(dol, output.length);
+       memcpy(p, output.data, tsize);
         p += output.length;
-       desired_output_len -= output.length;
+       dol -= tsize;
         krb5_data_free(&output);
         num++;
      }
diff --git a/source4/heimdal/lib/gssapi/krb5/process_context_token.c b/source4/heimdal/lib/gssapi/krb5/process_context_token.c

index 4feda0de04a4892807510c854c58c9b1a63de586..0cc1c07cfbe9d7d9bea697f84daefa4a479018b3 100644 (file)
--- a/source4/heimdal/lib/gssapi/krb5/process_context_token.c
+++ b/source4/heimdal/lib/gssapi/krb5/process_context_token.c
@@ -52,7 +52,8 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_process_context_token (
                                        (gsskrb5_ctx)context_handle,
                                        context,
                                        token_buffer, &empty_buffer,
-                                      GSS_C_QOP_DEFAULT, "\x01\x02");
+                                      GSS_C_QOP_DEFAULT,
+                                      "\x01\x02");
  
      if (ret == GSS_S_COMPLETE)
         ret = _gsskrb5_delete_sec_context(minor_status,
diff --git a/source4/heimdal/lib/gssapi/krb5/sequence.c b/source4/heimdal/lib/gssapi/krb5/sequence.c

index fbbc5b6c7037ca0d5d1b859b08976db0a6e632c8..2e0e7b20f922565ca6f4a4bf2b1efff2a74d56a1 100644 (file)
--- a/source4/heimdal/lib/gssapi/krb5/sequence.c
+++ b/source4/heimdal/lib/gssapi/krb5/sequence.c
@@ -64,7 +64,7 @@ msg_order_alloc(OM_uint32 *minor_status,
      if (*o == NULL) {
         *minor_status = ENOMEM;
         return GSS_S_FAILURE;
-    }  
+    }
  
      *minor_status = 0;
      return GSS_S_COMPLETE;
@@ -141,7 +141,7 @@ OM_uint32
  _gssapi_msg_order_check(struct gss_msg_order *o, OM_uint32 seq_num)
  {
      OM_uint32 r;
-    int i;
+    size_t i;
  
      if (o == NULL)
         return GSS_S_COMPLETE;
diff --git a/source4/heimdal/lib/gssapi/krb5/set_cred_option.c b/source4/heimdal/lib/gssapi/krb5/set_cred_option.c

index 5ff6172fb92da53e1ae123ee83e2a482a1109695..bd3871675109f89da1620fd7feaffc3733e2b285 100644 (file)
--- a/source4/heimdal/lib/gssapi/krb5/set_cred_option.c
+++ b/source4/heimdal/lib/gssapi/krb5/set_cred_option.c
@@ -209,7 +209,7 @@ no_ci_flags(OM_uint32 *minor_status,
  
      cred = (gsskrb5_cred)*cred_handle;
      cred->cred_flags |= GSS_CF_NO_CI_FLAGS;
-       
+
      *minor_status = 0;
      return GSS_S_COMPLETE;
  
@@ -241,7 +241,7 @@ _gsskrb5_set_cred_option
      if (gss_oid_equal(desired_object, GSS_KRB5_CRED_NO_CI_FLAGS_X)) {
         return no_ci_flags(minor_status, context, cred_handle, value);
      }
-       
+
  
      *minor_status = EINVAL;
      return GSS_S_FAILURE;
diff --git a/source4/heimdal/lib/gssapi/krb5/set_sec_context_option.c b/source4/heimdal/lib/gssapi/krb5/set_sec_context_option.c

index 237af1a52c87e48f94f8494dffe4cb16f56f2e42..141ff722fb648ee96982daa7240149b8e0573f8c 100644 (file)
--- a/source4/heimdal/lib/gssapi/krb5/set_sec_context_option.c
+++ b/source4/heimdal/lib/gssapi/krb5/set_sec_context_option.c
@@ -154,11 +154,10 @@ _gsskrb5_set_sec_context_option
         if (maj_stat != GSS_S_COMPLETE)
             return maj_stat;
  
-       _gsskrb5_register_acceptor_identity(str);
+       maj_stat = _gsskrb5_register_acceptor_identity(minor_status, str);
         free(str);
  
-       *minor_status = 0;
-       return GSS_S_COMPLETE;
+       return maj_stat;
  
      } else if (gss_oid_equal(desired_object, GSS_KRB5_SET_DEFAULT_REALM_X)) {
         char *str;
@@ -222,7 +221,7 @@ _gsskrb5_set_sec_context_option
             return maj_stat;
  
         t = time(NULL) + offset;
-       
+
         krb5_set_real_time(context, t, 0);
  
         *minor_status = 0;
diff --git a/source4/heimdal/lib/gssapi/krb5/store_cred.c b/source4/heimdal/lib/gssapi/krb5/store_cred.c

index 21f9f6e8aba847d60aa1520b2332d0cd64953108..a3aa2fb83e7129287f011492d400d244a550d756 100644 (file)
--- a/source4/heimdal/lib/gssapi/krb5/store_cred.c
+++ b/source4/heimdal/lib/gssapi/krb5/store_cred.c
@@ -103,7 +103,7 @@ _gsskrb5_store_cred(OM_uint32         *minor_status,
         *minor_status = ret;
         return(GSS_S_FAILURE);
      }
-       
+
      if (default_cred)
         krb5_cc_switch(context, id);
  
diff --git a/source4/heimdal/lib/gssapi/krb5/unwrap.c b/source4/heimdal/lib/gssapi/krb5/unwrap.c

index 7620d691bda6f030105bea25b7fd3e65d3934967..d6bc20477787c744b6eda069c4226cb985e59e3c 100644 (file)
--- a/source4/heimdal/lib/gssapi/krb5/unwrap.c
+++ b/source4/heimdal/lib/gssapi/krb5/unwrap.c
@@ -54,7 +54,7 @@ unwrap_des
    DES_key_schedule schedule;
    DES_cblock deskey;
    DES_cblock zero;
-  int i;
+  size_t i;
    uint32_t seq_number;
    size_t padlength;
    OM_uint32 ret;
@@ -98,6 +98,7 @@ unwrap_des
    if(cstate) {
        /* decrypt data */
        memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
+      memset (&zero, 0, sizeof(zero));
  
        for (i = 0; i < sizeof(deskey); ++i)
           deskey[i] ^= 0xf0;
diff --git a/source4/heimdal/lib/gssapi/krb5/verify_mic.c b/source4/heimdal/lib/gssapi/krb5/verify_mic.c

index 9a5445698bc1eca2718e4f9ee07fb7f4ddbc8f55..3123787ff474cbc5d4f23b212e9afbdf3cce6ab6 100644 (file)
--- a/source4/heimdal/lib/gssapi/krb5/verify_mic.c
+++ b/source4/heimdal/lib/gssapi/krb5/verify_mic.c
@@ -44,7 +44,7 @@ verify_mic_des
              const gss_buffer_t token_buffer,
              gss_qop_t * qop_state,
             krb5_keyblock *key,
-           char *type
+           const char *type
             )
  {
    u_char *p;
@@ -142,7 +142,7 @@ verify_mic_des3
              const gss_buffer_t token_buffer,
              gss_qop_t * qop_state,
             krb5_keyblock *key,
-           char *type
+           const char *type
             )
  {
    u_char *p;
@@ -276,7 +276,7 @@ _gsskrb5_verify_mic_internal
              const gss_buffer_t message_buffer,
              const gss_buffer_t token_buffer,
              gss_qop_t * qop_state,
-           char * type
+           const char * type
             )
  {
      krb5_keyblock *key;
@@ -348,7 +348,7 @@ _gsskrb5_verify_mic
                                        (gsskrb5_ctx)context_handle,
                                        context,
                                        message_buffer, token_buffer,
-                                      qop_state, "\x01\x01");
+                                      qop_state, (void *)(intptr_t)"\x01\x01");
  
      return ret;
  }
diff --git a/source4/heimdal/lib/gssapi/krb5/wrap.c b/source4/heimdal/lib/gssapi/krb5/wrap.c

index 54f92df609930ffd0d662a853f0a59a7e7139b56..efd0d82c49545a0a9255a1ffb8e416f4b899bdf1 100644 (file)
--- a/source4/heimdal/lib/gssapi/krb5/wrap.c
+++ b/source4/heimdal/lib/gssapi/krb5/wrap.c
@@ -214,7 +214,7 @@ wrap_des
    EVP_CIPHER_CTX des_ctx;
    DES_cblock deskey;
    DES_cblock zero;
-  int i;
+  size_t i;
    int32_t seq_number;
    size_t len, total_len, padlength, datalen;
  
diff --git a/source4/heimdal/lib/gssapi/mech/cred.h b/source4/heimdal/lib/gssapi/mech/cred.h

index adffe6893e5af6114959d9e5a72e88337f734179..5661b5323951e25063fb790f6d116df010a643ab 100644 (file)
--- a/source4/heimdal/lib/gssapi/mech/cred.h
+++ b/source4/heimdal/lib/gssapi/mech/cred.h
@@ -39,3 +39,19 @@ struct _gss_cred {
         struct _gss_mechanism_cred_list gc_mc;
  };
  
+struct _gss_mechanism_cred *
+_gss_copy_cred(struct _gss_mechanism_cred *mc);
+
+struct _gss_mechanism_name;
+
+OM_uint32
+_gss_acquire_mech_cred(OM_uint32 *minor_status,
+                      gssapi_mech_interface m,
+                      const struct _gss_mechanism_name *mn,
+                      gss_const_OID credential_type,
+                      const void *credential_data,
+                      OM_uint32 time_req,
+                      gss_const_OID desired_mech,
+                      gss_cred_usage_t cred_usage,
+                      struct _gss_mechanism_cred **output_cred_handle);
+
diff --git a/source4/heimdal/lib/gssapi/mech/gss_accept_sec_context.c b/source4/heimdal/lib/gssapi/mech/gss_accept_sec_context.c

index 92d7e7f05d7c9fbaf48142d00df5fcdb0b9513fe..bf7ea03f72e4534a778df4899f720b9918effd93 100644 (file)
--- a/source4/heimdal/lib/gssapi/mech/gss_accept_sec_context.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_accept_sec_context.c
@@ -34,17 +34,17 @@ parse_header(const gss_buffer_t input_token, gss_OID mech_oid)
         unsigned char *p = input_token->value;
         size_t len = input_token->length;
         size_t a, b;
-       
+
         /*
          * Token must start with [APPLICATION 0] SEQUENCE.
          * But if it doesn't assume it is DCE-STYLE Kerberos!
          */
         if (len == 0)
                 return (GSS_S_DEFECTIVE_TOKEN);
-       
+
         p++;
         len--;
-               
+
         /*
          * Decode the length and make sure it agrees with the
          * token length.
@@ -71,7 +71,7 @@ parse_header(const gss_buffer_t input_token, gss_OID mech_oid)
         }
         if (a != len)
                 return (GSS_S_DEFECTIVE_TOKEN);
-               
+
         /*
          * Decode the OID for the mechanism. Simplify life by
          * assuming that the OID length is less than 128 bytes.
@@ -84,9 +84,9 @@ parse_header(const gss_buffer_t input_token, gss_OID mech_oid)
         p += 2;
         len -= 2;
         mech_oid->elements = p;
-       
+
         return GSS_S_COMPLETE;
-}              
+}
  
  static gss_OID_desc krb5_mechanism =
      {9, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02")};
@@ -221,7 +221,7 @@ gss_accept_sec_context(OM_uint32 *minor_status,
                 acceptor_mc = GSS_C_NO_CREDENTIAL;
         }
         delegated_mc = GSS_C_NO_CREDENTIAL;
-       
+
         mech_ret_flags = 0;
         major_status = m->gm_accept_sec_context(minor_status,
             &ctx->gc_ctx,
@@ -267,7 +267,7 @@ gss_accept_sec_context(OM_uint32 *minor_status,
                         mech_ret_flags &=
                             ~(GSS_C_DELEG_FLAG|GSS_C_DELEG_POLICY_FLAG);
                 } else if (gss_oid_equal(mech_ret_type, &m->gm_mech_oid) == 0) {
-                       /* 
+                       /*
                          * If the returned mech_type is not the same
                          * as the mech, assume its pseudo mech type
                          * and the returned type is already a
diff --git a/source4/heimdal/lib/gssapi/mech/gss_acquire_cred.c b/source4/heimdal/lib/gssapi/mech/gss_acquire_cred.c

index c9900148c2681e0e71f078168cf52b47d44ada49..ade65df8ec86da1c386124e28c350a331348960b 100644 (file)
--- a/source4/heimdal/lib/gssapi/mech/gss_acquire_cred.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_acquire_cred.c
@@ -46,7 +46,7 @@ gss_acquire_cred(OM_uint32 *minor_status,
         struct _gss_cred *cred;
         struct _gss_mechanism_cred *mc;
         OM_uint32 min_time, cred_time;
-       int i;
+       size_t i;
  
         *minor_status = 0;
         if (output_cred_handle == NULL)
diff --git a/source4/heimdal/lib/gssapi/mech/gss_add_cred.c b/source4/heimdal/lib/gssapi/mech/gss_add_cred.c

index 19deea5b062b9fc8b88b8325bf08211e88c63452..a998bc60ff800470dfe68487df01f41e51a9c058 100644 (file)
--- a/source4/heimdal/lib/gssapi/mech/gss_add_cred.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_add_cred.c
@@ -28,7 +28,7 @@
  
  #include "mech_locl.h"
  
-static struct _gss_mechanism_cred *
+struct _gss_mechanism_cred *
  _gss_copy_cred(struct _gss_mechanism_cred *mc)
  {
         struct _gss_mechanism_cred *new_mc;
diff --git a/source4/heimdal/lib/gssapi/mech/gss_add_oid_set_member.c b/source4/heimdal/lib/gssapi/mech/gss_add_oid_set_member.c

index 191a4a305cb930dca838f7784706877f88bd6ba3..a23270511ebe4b24e4f5b5291d25237141d596c3 100644 (file)
--- a/source4/heimdal/lib/gssapi/mech/gss_add_oid_set_member.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_add_oid_set_member.c
@@ -47,7 +47,7 @@
   *
   * @returns a gss_error code, see gss_display_status() about printing
   *          the error code.
- *       
+ *
   * @ingroup gssapi
   */
  
diff --git a/source4/heimdal/lib/gssapi/mech/gss_aeap.c b/source4/heimdal/lib/gssapi/mech/gss_aeap.c

index 141b6ae5ac1ba7a51f2e53558d42d785bf4ddf91..3008c0d34484b61e2e15d2f42e6eca33c0ddfd80 100644 (file)
--- a/source4/heimdal/lib/gssapi/mech/gss_aeap.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_aeap.c
@@ -1,6 +1,6 @@
  /*
   * AEAD support
- */ 
+ */
  
  #include "mech_locl.h"
  
@@ -90,7 +90,7 @@ gss_unwrap_iov(OM_uint32 *minor_status,
                int iov_count)
  {
         struct _gss_context *ctx = (struct _gss_context *) context_handle;
-       gssapi_mech_interface m;          
+       gssapi_mech_interface m;
  
         if (minor_status)
             *minor_status = 0;
@@ -168,7 +168,7 @@ gss_release_iov_buffer(OM_uint32 *minor_status,
                        int iov_count)
  {
      OM_uint32 junk;
-    size_t i;
+    int i;
  
      if (minor_status)
         *minor_status = 0;
diff --git a/source4/heimdal/lib/gssapi/mech/gss_buffer_set.c b/source4/heimdal/lib/gssapi/mech/gss_buffer_set.c

index 3099b163b5170d171b886e9c3d7d9c893b44f6ce..48fb720ad09b1ca5e17939a4523e491e91a5ba06 100644 (file)
--- a/source4/heimdal/lib/gssapi/mech/gss_buffer_set.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_buffer_set.c
@@ -100,7 +100,7 @@ GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
  gss_release_buffer_set(OM_uint32 * minor_status,
                        gss_buffer_set_t *buffer_set)
  {
-    int i;
+    size_t i;
      OM_uint32 minor;
  
      *minor_status = 0;
diff --git a/source4/heimdal/lib/gssapi/mech/gss_canonicalize_name.c b/source4/heimdal/lib/gssapi/mech/gss_canonicalize_name.c

index e87931dc78acf80a86831f3b978a67df7207636b..bd8ff5212071194ecd622aceef3ce009fe6b04bb 100644 (file)
--- a/source4/heimdal/lib/gssapi/mech/gss_canonicalize_name.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_canonicalize_name.c
@@ -48,7 +48,7 @@
   *
   *  @returns a gss_error code, see gss_display_status() about printing
   *         the error code.
- *       
+ *
   *  @ingroup gssapi
   */
  
diff --git a/source4/heimdal/lib/gssapi/mech/gss_cred.c b/source4/heimdal/lib/gssapi/mech/gss_cred.c

index b8fa11185a27017f039ea6970a6a454ae6d91522..99de68776e26af94987f68ebef94c2a6ae23dbda 100644 (file)
--- a/source4/heimdal/lib/gssapi/mech/gss_cred.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_cred.c
@@ -85,7 +85,7 @@ gss_export_cred(OM_uint32 * minor_status,
         }
  
         ret = krb5_storage_write(sp, buffer.value, buffer.length);
-       if (ret != buffer.length) {
+       if (ret < 0 || (size_t)ret != buffer.length) {
             gss_release_buffer(minor_status, &buffer);
             krb5_storage_free(sp);
             *minor_status = EINVAL;
@@ -183,7 +183,7 @@ gss_import_cred(OM_uint32 * minor_status,
         buffer.value = data.data;
         buffer.length = data.length;
  
-       major = m->gm_import_cred(minor_status, 
+       major = m->gm_import_cred(minor_status,
                                   &buffer, &mcred);
         krb5_data_free(&data);
         if (major) {
diff --git a/source4/heimdal/lib/gssapi/mech/gss_decapsulate_token.c b/source4/heimdal/lib/gssapi/mech/gss_decapsulate_token.c

index 0fe3b4f5a5743786999b56701ef8d554adbbb37e..3f2974e8ca5b78a65e3fa6fc9a23962e00204254 100644 (file)
--- a/source4/heimdal/lib/gssapi/mech/gss_decapsulate_token.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_decapsulate_token.c
@@ -34,8 +34,8 @@
  #include "mech_locl.h"
  
  GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
-gss_decapsulate_token(const gss_buffer_t input_token,
-                     const gss_OID oid,
+gss_decapsulate_token(gss_const_buffer_t input_token,
+                     gss_const_OID oid,
                       gss_buffer_t output_token)
  {
      GSSAPIContextToken ct;
@@ -55,7 +55,7 @@ gss_decapsulate_token(const gss_buffer_t input_token,
      if (ret) {
         der_free_oid(&o);
         return GSS_S_FAILURE;
-    }  
+    }
  
      if (der_heim_oid_cmp(&ct.thisMech, &o) == 0) {
         status = GSS_S_COMPLETE;
diff --git a/source4/heimdal/lib/gssapi/mech/gss_display_status.c b/source4/heimdal/lib/gssapi/mech/gss_display_status.c

index d6aaf98827acd79e0bbdf6b35a2d0ff46ba40cad..1e508caa9baf0f04deda925192e97e56e4ee2456 100644 (file)
--- a/source4/heimdal/lib/gssapi/mech/gss_display_status.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_display_status.c
@@ -190,7 +190,7 @@ gss_display_status(OM_uint32 *minor_status,
                     oid.value = rk_UNCONST("unknown");
                     oid.length = 7;
                 }
-               
+
                 e = asprintf (&buf, "unknown mech-code %lu for mech %.*s",
                           (unsigned long)status_value,
                           (int)oid.length, (char *)oid.value);
diff --git a/source4/heimdal/lib/gssapi/mech/gss_duplicate_name.c b/source4/heimdal/lib/gssapi/mech/gss_duplicate_name.c

index 053825bbc382f46f27feb5732fb1860003fce879..a76c87cb852aba74fb27623616c014ff5820f807 100644 (file)
--- a/source4/heimdal/lib/gssapi/mech/gss_duplicate_name.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_duplicate_name.c
@@ -52,7 +52,7 @@ gss_duplicate_name(OM_uint32 *minor_status,
                 if (major_status != GSS_S_COMPLETE)
                         return (major_status);
                 new_name = (struct _gss_name *) *dest_name;
-               
+
                 HEIM_SLIST_FOREACH(mn, &name->gn_mn, gmn_link) {
                     struct _gss_mechanism_name *mn2;
                     _gss_find_mn(minor_status, new_name,
@@ -67,10 +67,10 @@ gss_duplicate_name(OM_uint32 *minor_status,
                 memset(new_name, 0, sizeof(struct _gss_name));
                 HEIM_SLIST_INIT(&new_name->gn_mn);
                 *dest_name = (gss_name_t) new_name;
-               
+
                 HEIM_SLIST_FOREACH(mn, &name->gn_mn, gmn_link) {
                         struct _gss_mechanism_name *new_mn;
-                       
+
                         new_mn = malloc(sizeof(*new_mn));
                         if (!new_mn) {
                                 *minor_status = ENOMEM;
@@ -78,7 +78,7 @@ gss_duplicate_name(OM_uint32 *minor_status,
                         }
                         new_mn->gmn_mech = mn->gmn_mech;
                         new_mn->gmn_mech_oid = mn->gmn_mech_oid;
-                       
+
                         major_status =
                             mn->gmn_mech->gm_duplicate_name(minor_status,
                                 mn->gmn_name, &new_mn->gmn_name);
diff --git a/source4/heimdal/lib/gssapi/mech/gss_encapsulate_token.c b/source4/heimdal/lib/gssapi/mech/gss_encapsulate_token.c

index fc0ec736bbdad16beb77778aefbf458629737e57..1b1f973eaaa8aaf7519a6211bb82946f8cccd9ed 100644 (file)
--- a/source4/heimdal/lib/gssapi/mech/gss_encapsulate_token.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_encapsulate_token.c
@@ -34,8 +34,8 @@
  #include "mech_locl.h"
  
  GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
-gss_encapsulate_token(const gss_buffer_t input_token,
-                     const gss_OID oid,
+gss_encapsulate_token(gss_const_buffer_t input_token,
+                     gss_const_OID oid,
                       gss_buffer_t output_token)
  {
      GSSAPIContextToken ct;
@@ -58,7 +58,7 @@ gss_encapsulate_token(const gss_buffer_t input_token,
      if (ret) {
         _mg_buffer_zero(output_token);
         return GSS_S_FAILURE;
-    }  
+    }
      if (output_token->length != size)
         abort();
  
diff --git a/source4/heimdal/lib/gssapi/mech/gss_export_sec_context.c b/source4/heimdal/lib/gssapi/mech/gss_export_sec_context.c

index babc8ebdf48a9be99dc764bbe1e0d046621117c9..369f3a22570e902f0b4e01ccc40ad1647505632d 100644 (file)
--- a/source4/heimdal/lib/gssapi/mech/gss_export_sec_context.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_export_sec_context.c
@@ -42,7 +42,7 @@ gss_export_sec_context(OM_uint32 *minor_status,
  
         major_status = m->gm_export_sec_context(minor_status,
             &ctx->gc_ctx, &buf);
-       
+
         if (major_status == GSS_S_COMPLETE) {
                 unsigned char *p;
  
diff --git a/source4/heimdal/lib/gssapi/mech/gss_import_name.c b/source4/heimdal/lib/gssapi/mech/gss_import_name.c

index 574c058fc23f24c58b5522f7a8fd4c226df0be5c..d1b3dc95b4a4d265ad618bbafa03c22092903c0b 100644 (file)
--- a/source4/heimdal/lib/gssapi/mech/gss_import_name.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_import_name.c
@@ -41,6 +41,7 @@ _gss_import_export_name(OM_uint32 *minor_status,
         gssapi_mech_interface m;
         struct _gss_name *name;
         gss_name_t new_canonical_name;
+       int composite = 0;
  
         *minor_status = 0;
         *output_name = 0;
@@ -50,8 +51,17 @@ _gss_import_export_name(OM_uint32 *minor_status,
          */
         if (len < 2)
                 return (GSS_S_BAD_NAME);
-       if (p[0] != 4 || p[1] != 1)
+       if (p[0] != 4)
                 return (GSS_S_BAD_NAME);
+       switch (p[1]) {
+       case 1: /* non-composite name */
+               break;
+       case 2: /* composite name */
+               composite = 1;
+               break;
+       default:
+               return (GSS_S_BAD_NAME);
+       }
         p += 2;
         len -= 2;
  
@@ -106,7 +116,7 @@ _gss_import_export_name(OM_uint32 *minor_status,
         p += 4;
         len -= 4;
  
-       if (len != t)
+       if (!composite && len != t)
                 return (GSS_S_BAD_NAME);
  
         m = __gss_get_mechanism(&mech_oid);
@@ -159,7 +169,7 @@ _gss_import_export_name(OM_uint32 *minor_status,
   *
   * @returns a gss_error code, see gss_display_status() about printing
   *        the error code.
- *  
+ *
   * @ingroup gssapi
   */
  
@@ -231,7 +241,7 @@ gss_import_name(OM_uint32 *minor_status,
         HEIM_SLIST_FOREACH(m, &_gss_mechs, gm_link) {
                 int present = 0;
  
-               major_status = gss_test_oid_set_member(minor_status, 
+               major_status = gss_test_oid_set_member(minor_status,
                     name_type, m->gm_name_types, &present);
  
                 if (major_status || present == 0)
diff --git a/source4/heimdal/lib/gssapi/mech/gss_import_sec_context.c b/source4/heimdal/lib/gssapi/mech/gss_import_sec_context.c

index 2a376fefeaeacf7ac83c41e3d3f46de9ae5b707f..9865db78d419bb06d9136717a2aa909892a8788a 100644 (file)
--- a/source4/heimdal/lib/gssapi/mech/gss_import_sec_context.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_import_sec_context.c
@@ -58,7 +58,7 @@ gss_import_sec_context(OM_uint32 *minor_status,
         mech_oid.elements = p + 2;
         buf.length = len - 2 - mech_oid.length;
         buf.value = p + 2 + mech_oid.length;
-       
+
         m = __gss_get_mechanism(&mech_oid);
         if (!m)
                 return (GSS_S_DEFECTIVE_TOKEN);
diff --git a/source4/heimdal/lib/gssapi/mech/gss_indicate_mechs.c b/source4/heimdal/lib/gssapi/mech/gss_indicate_mechs.c

index 59a1dcf22bb629abf660e5502118131ba6bc3226..8fd53d956d58926b37fc72fb61f02245bcddd321 100644 (file)
--- a/source4/heimdal/lib/gssapi/mech/gss_indicate_mechs.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_indicate_mechs.c
@@ -35,14 +35,14 @@ gss_indicate_mechs(OM_uint32 *minor_status,
         struct _gss_mech_switch *m;
         OM_uint32 major_status;
         gss_OID_set set;
-       int i;
+       size_t i;
  
         _gss_load_mech();
  
         major_status = gss_create_empty_oid_set(minor_status, mech_set);
         if (major_status)
                 return (major_status);
-       
+
         HEIM_SLIST_FOREACH(m, &_gss_mechs, gm_link) {
                 if (m->gm_mech.gm_indicate_mechs) {
                         major_status = m->gm_mech.gm_indicate_mechs(
diff --git a/source4/heimdal/lib/gssapi/mech/gss_init_sec_context.c b/source4/heimdal/lib/gssapi/mech/gss_init_sec_context.c

index cf111ecbae096cb46e58404e0539e78b99a4d8bf..af0170a50a51a4cb720fa4458ceae641c52c0f0c 100644 (file)
--- a/source4/heimdal/lib/gssapi/mech/gss_init_sec_context.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_init_sec_context.c
@@ -99,7 +99,7 @@ _gss_mech_cred_find(gss_cred_id_t cred_handle, gss_OID mech_type)
   *
   * @returns a gss_error code, see gss_display_status() about printing
   *          the error code.
- *       
+ *
   * @ingroup gssapi
   */
  
diff --git a/source4/heimdal/lib/gssapi/mech/gss_inquire_context.c b/source4/heimdal/lib/gssapi/mech/gss_inquire_context.c

index 0658267b2fb6dcf5ce01038628a4d51093c4fadc..2568075988f1d09ddf10c8abbef1b0a0835f86e0 100644 (file)
--- a/source4/heimdal/lib/gssapi/mech/gss_inquire_context.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_inquire_context.c
@@ -37,7 +37,7 @@ gss_inquire_context(OM_uint32 *minor_status,
      gss_OID *mech_type,
      OM_uint32 *ctx_flags,
      int *locally_initiated,
-    int *open)
+    int *xopen)
  {
         OM_uint32 major_status;
         struct _gss_context *ctx = (struct _gss_context *) context_handle;
@@ -47,8 +47,8 @@ gss_inquire_context(OM_uint32 *minor_status,
  
         if (locally_initiated)
             *locally_initiated = 0;
-       if (open)
-           *open = 0;
+       if (xopen)
+           *xopen = 0;
         if (lifetime_rec)
             *lifetime_rec = 0;
  
@@ -68,7 +68,7 @@ gss_inquire_context(OM_uint32 *minor_status,
             mech_type,
             ctx_flags,
             locally_initiated,
-           open);
+           xopen);
  
         if (major_status != GSS_S_COMPLETE) {
                 _gss_mg_error(m, major_status, *minor_status);
diff --git a/source4/heimdal/lib/gssapi/mech/gss_inquire_cred_by_oid.c b/source4/heimdal/lib/gssapi/mech/gss_inquire_cred_by_oid.c

index 900370a5dbca96d4871a67dbf07c0aa49f981f94..e674dd48f3e4ffd6d5d8e7a0f2b420995ea01c48 100644 (file)
--- a/source4/heimdal/lib/gssapi/mech/gss_inquire_cred_by_oid.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_inquire_cred_by_oid.c
@@ -52,7 +52,7 @@ gss_inquire_cred_by_oid (OM_uint32 *minor_status,
  
         HEIM_SLIST_FOREACH(mc, &cred->gc_mc, gmc_link) {
                 gss_buffer_set_t rset = GSS_C_NO_BUFFER_SET;
-               int i;
+               size_t i;
  
                 m = mc->gmc_mech;
                 if (m == NULL) {
diff --git a/source4/heimdal/lib/gssapi/mech/gss_krb5.c b/source4/heimdal/lib/gssapi/mech/gss_krb5.c

index 594b41ef8ea734044b9730bcaef3fd02a40e77cd..fe88a384b5f1022e0239bd6bedbc9eabbadda189 100644 (file)
--- a/source4/heimdal/lib/gssapi/mech/gss_krb5.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_krb5.c
@@ -188,7 +188,7 @@ out:
  GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
  gsskrb5_register_acceptor_identity(const char *identity)
  {
-        struct _gss_mech_switch        *m;
+       gssapi_mech_interface m;
         gss_buffer_desc buffer;
         OM_uint32 junk;
  
@@ -197,14 +197,12 @@ gsskrb5_register_acceptor_identity(const char *identity)
         buffer.value = rk_UNCONST(identity);
         buffer.length = strlen(identity);
  
-       HEIM_SLIST_FOREACH(m, &_gss_mechs, gm_link) {
-               if (m->gm_mech.gm_set_sec_context_option == NULL)
-                       continue;
-               m->gm_mech.gm_set_sec_context_option(&junk, NULL,
-                   GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X, &buffer);
-       }
+       m = __gss_get_mechanism(GSS_KRB5_MECHANISM);
+       if (m == NULL || m->gm_set_sec_context_option == NULL)
+           return GSS_S_FAILURE;
  
-       return (GSS_S_COMPLETE);
+       return m->gm_set_sec_context_option(&junk, NULL,
+               GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X, &buffer);
  }
  
  GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
@@ -441,7 +439,7 @@ gss_krb5_set_allowable_enctypes(OM_uint32 *minor_status,
      gss_buffer_desc buffer;
      krb5_storage *sp;
      krb5_data data;
-    int i;
+    size_t i;
  
      sp = krb5_storage_emem();
      if (sp == NULL) {
diff --git a/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c b/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c

index f7f75c13f916c592e69a5d54825d1254c5633d9f..55e01094ff91c793ce900b16a70fc61c01930b62 100644 (file)
--- a/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c
@@ -62,7 +62,7 @@ _gss_string_to_oid(const char* s, gss_OID oid)
                 if (q) q = q + 1;
                 number_count++;
         }
-       
+
         /*
          * The first two numbers are in the first byte and each
          * subsequent number is encoded in a variable byte sequence.
@@ -126,7 +126,7 @@ _gss_string_to_oid(const char* s, gss_OID oid)
                                 while (bytes) {
                                         if (res) {
                                                 int bit = 7*(bytes-1);
-                                               
+
                                                 *res = (number >> bit) & 0x7f;
                                                 if (bytes != 1)
                                                         *res |= 0x80;
@@ -152,7 +152,8 @@ _gss_string_to_oid(const char* s, gss_OID oid)
  #define SYM(name)                                                      \
  do {                                                                   \
         m->gm_mech.gm_ ## name = dlsym(so, "gss_" #name);               \
-       if (!m->gm_mech.gm_ ## name) {                                  \
+       if (!m->gm_mech.gm_ ## name ||                                  \
+           m->gm_mech.gm_ ##name == gss_ ## name) {                    \
                 fprintf(stderr, "can't find symbol gss_" #name "\n");   \
                 goto bad;                                               \
         }                                                               \
@@ -160,7 +161,28 @@ do {                                                                       \
  
  #define OPTSYM(name)                                                   \
  do {                                                                   \
-       m->gm_mech.gm_ ## name = dlsym(so, "gss_" #name);                       \
+       m->gm_mech.gm_ ## name = dlsym(so, "gss_" #name);               \
+       if (m->gm_mech.gm_ ## name == gss_ ## name)                     \
+               m->gm_mech.gm_ ## name = NULL;                          \
+} while (0)
+
+#define OPTSPISYM(name)                                                        \
+do {                                                                   \
+       m->gm_mech.gm_ ## name = dlsym(so, "gssspi_" #name);            \
+} while (0)
+
+#define COMPATSYM(name)                                                        \
+do {                                                                   \
+       m->gm_mech.gm_compat->gmc_ ## name = dlsym(so, "gss_" #name);   \
+       if (m->gm_mech.gm_compat->gmc_ ## name == gss_ ## name)         \
+               m->gm_mech.gm_compat->gmc_ ## name = NULL;              \
+} while (0)
+
+#define COMPATSPISYM(name)                                             \
+do {                                                                   \
+       m->gm_mech.gm_compat->gmc_ ## name = dlsym(so, "gssspi_" #name);\
+       if (m->gm_mech.gm_compat->gmc_ ## name == gss_ ## name)         \
+               m->gm_mech.gm_compat->gmc_ ## name = NULL;              \
  } while (0)
  
  /*
@@ -283,28 +305,26 @@ _gss_load_mech(void)
  #endif
  
                 so = dlopen(lib, RTLD_LAZY | RTLD_LOCAL | RTLD_GROUP);
-               if (!so) {
+               if (so == NULL) {
  /*                     fprintf(stderr, "dlopen: %s\n", dlerror()); */
-                       free(mech_oid.elements);
-                       continue;
+                       goto bad;
                 }
  
-               m = malloc(sizeof(*m));
-               if (!m) {
-                       free(mech_oid.elements);
-                       break;
-               }
+               m = calloc(1, sizeof(*m));
+               if (m == NULL)
+                       goto bad;
+
                 m->gm_so = so;
                 m->gm_mech.gm_mech_oid = mech_oid;
                 m->gm_mech.gm_flags = 0;
-               
+               m->gm_mech.gm_compat = calloc(1, sizeof(struct gss_mech_compat_desc_struct));
+               if (m->gm_mech.gm_compat == NULL)
+                       goto bad;
+
                 major_status = gss_add_oid_set_member(&minor_status,
                     &m->gm_mech.gm_mech_oid, &_gss_mech_oids);
-               if (major_status) {
-                       free(m->gm_mech.gm_mech_oid.elements);
-                       free(m);
-                       continue;
-               }
+               if (GSS_ERROR(major_status))
+                       goto bad;
  
                 SYM(acquire_cred);
                 SYM(release_cred);
@@ -338,34 +358,64 @@ _gss_load_mech(void)
                 OPTSYM(inquire_cred_by_oid);
                 OPTSYM(inquire_sec_context_by_oid);
                 OPTSYM(set_sec_context_option);
-               OPTSYM(set_cred_option);
+               OPTSPISYM(set_cred_option);
                 OPTSYM(pseudo_random);
                 OPTSYM(wrap_iov);
                 OPTSYM(unwrap_iov);
                 OPTSYM(wrap_iov_length);
+               OPTSYM(store_cred);
+               OPTSYM(export_cred);
+               OPTSYM(import_cred);
+#if 0
+               OPTSYM(acquire_cred_ext);
+               OPTSYM(iter_creds);
+               OPTSYM(destroy_cred);
+               OPTSYM(cred_hold);
+               OPTSYM(cred_unhold);
+               OPTSYM(cred_label_get);
+               OPTSYM(cred_label_set);
+#endif
                 OPTSYM(display_name_ext);
                 OPTSYM(inquire_name);
                 OPTSYM(get_name_attribute);
                 OPTSYM(set_name_attribute);
                 OPTSYM(delete_name_attribute);
                 OPTSYM(export_name_composite);
+               OPTSYM(pname_to_uid);
+               OPTSPISYM(authorize_localname);
  
                 mi = dlsym(so, "gss_mo_init");
                 if (mi != NULL) {
-                       major_status = mi(&minor_status,
-                                         &mech_oid,
-                                         &m->gm_mech.gm_mo,
-                                         &m->gm_mech.gm_mo_num);
+                       major_status = mi(&minor_status, &mech_oid,
+                                         &m->gm_mech.gm_mo, &m->gm_mech.gm_mo_num);
                         if (GSS_ERROR(major_status))
                                 goto bad;
+               } else {
+                       /* API-as-SPI compatibility */
+                       COMPATSYM(inquire_saslname_for_mech);
+                       COMPATSYM(inquire_mech_for_saslname);
+                       COMPATSYM(inquire_attrs_for_mech);
+                       COMPATSPISYM(acquire_cred_with_password);
                 }
  
+               /* pick up the oid sets of names */
+
+               if (m->gm_mech.gm_inquire_names_for_mech)
+                       (*m->gm_mech.gm_inquire_names_for_mech)(&minor_status,
+                       &m->gm_mech.gm_mech_oid, &m->gm_name_types);
+
+               if (m->gm_name_types == NULL)
+                       gss_create_empty_oid_set(&minor_status, &m->gm_name_types);
+
                 HEIM_SLIST_INSERT_HEAD(&_gss_mechs, m, gm_link);
                 continue;
  
         bad:
-               free(m->gm_mech.gm_mech_oid.elements);
-               free(m);
+               if (m != NULL) {
+                       free(m->gm_mech.gm_compat);
+                       free(m->gm_mech.gm_mech_oid.elements);
+                       free(m);
+               }
                 dlclose(so);
                 continue;
         }
diff --git a/source4/heimdal/lib/gssapi/mech/gss_mo.c b/source4/heimdal/lib/gssapi/mech/gss_mo.c

index cb24b764a52937920cc8986926f01ac3fbcfb6fd..ad74d9237a2d1a4cccb8cc2f5cb1c3ac1795417c 100644 (file)
--- a/source4/heimdal/lib/gssapi/mech/gss_mo.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_mo.c
@@ -4,6 +4,7 @@
   * All rights reserved.
   *
   * Portions Copyright (c) 2010 Apple Inc. All rights reserved.
+ * Portions Copyright (c) 2010 PADL Software Pty Ltd. All rights reserved.
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
@@ -35,13 +36,14 @@
  
  #include "mech_locl.h"
  
+#include <crypto-headers.h>
+
  static int
  get_option_def(int def, gss_const_OID mech, gss_mo_desc *mo, gss_buffer_t value)
  {
      return def;
  }
  
-
  int
  _gss_mo_get_option_1(gss_const_OID mech, gss_mo_desc *mo, gss_buffer_t value)
  {
@@ -60,10 +62,10 @@ _gss_mo_get_ctx_as_string(gss_const_OID mech, gss_mo_desc *mo, gss_buffer_t valu
      if (value) {
         value->value = strdup((char *)mo->ctx);
         if (value->value == NULL)
-           return 1;
+           return GSS_S_FAILURE;
         value->length = strlen((char *)mo->ctx);
      }
-    return 0;
+    return GSS_S_COMPLETE;
  }
  
  GSSAPI_LIB_FUNCTION int GSSAPI_LIB_CALL
@@ -79,7 +81,8 @@ gss_mo_set(gss_const_OID mech, gss_const_OID option,
      for (n = 0; n < m->gm_mo_num; n++)
         if (gss_oid_equal(option, m->gm_mo[n].option) && m->gm_mo[n].set)
             return m->gm_mo[n].set(mech, &m->gm_mo[n], enable, value);
-    return 0;
+
+    return GSS_S_UNAVAILABLE;
  }
  
  GSSAPI_LIB_FUNCTION int GSSAPI_LIB_CALL
@@ -91,13 +94,13 @@ gss_mo_get(gss_const_OID mech, gss_const_OID option, gss_buffer_t value)
      _mg_buffer_zero(value);
  
      if ((m = __gss_get_mechanism(mech)) == NULL)
-       return 0;
+       return GSS_S_BAD_MECH;
  
      for (n = 0; n < m->gm_mo_num; n++)
         if (gss_oid_equal(option, m->gm_mo[n].option) && m->gm_mo[n].get)
             return m->gm_mo[n].get(mech, &m->gm_mo[n], value);
  
-    return 0;
+    return GSS_S_UNAVAILABLE;
  }
  
  static void
@@ -147,7 +150,8 @@ gss_mo_name(gss_const_OID mech, gss_const_OID option, gss_buffer_t name)
      for (n = 0; n < m->gm_mo_num; n++) {
         if (gss_oid_equal(option, m->gm_mo[n].option)) {
             /*
-            * If ther is no name, its because its a GSS_C_MA and there is already a table for that.
+            * If there is no name, its because its a GSS_C_MA and
+            * there is already a table for that.
              */
             if (m->gm_mo[n].name) {
                 name->value = strdup(m->gm_mo[n].name);
@@ -175,14 +179,86 @@ mo_value(const gss_const_OID mech, gss_const_OID option, gss_buffer_t name)
      if (name == NULL)
         return GSS_S_COMPLETE;
  
-    if (gss_mo_get(mech, option, name) != 0 && name->length == 0)
-       return GSS_S_FAILURE;
+    return gss_mo_get(mech, option, name);
+}
+
+/* code derived from draft-ietf-cat-sasl-gssapi-01 */
+static char basis_32[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567";
+
+static OM_uint32
+make_sasl_name(OM_uint32 *minor, const gss_OID mech, char sasl_name[16])
+{
+    EVP_MD_CTX *ctx;
+    char *p = sasl_name;
+    u_char hdr[2], hash[20], *h = hash;
+
+    if (mech->length > 127)
+        return GSS_S_BAD_MECH;
+
+    hdr[0] = 0x06;
+    hdr[1] = mech->length;
+
+    ctx = EVP_MD_CTX_create();
+    EVP_DigestInit_ex(ctx, EVP_sha1(), NULL);
+    EVP_DigestUpdate(ctx, hdr, 2);
+    EVP_DigestUpdate(ctx, mech->elements, mech->length);
+    EVP_DigestFinal_ex(ctx, hash, NULL);
+
+    memcpy(p, "GS2-", 4);
+    p += 4;
+
+    *p++ = basis_32[(h[0] >> 3)];
+    *p++ = basis_32[((h[0] & 7) << 2) | (h[1] >> 6)];
+    *p++ = basis_32[(h[1] & 0x3f) >> 1];
+    *p++ = basis_32[((h[1] & 1) << 4) | (h[2] >> 4)];
+    *p++ = basis_32[((h[2] & 0xf) << 1) | (h[3] >> 7)];
+    *p++ = basis_32[(h[3] & 0x7f) >> 2];
+    *p++ = basis_32[((h[3] & 3) << 3) | (h[4] >> 5)];
+    *p++ = basis_32[(h[4] & 0x1f)];
+    *p++ = basis_32[(h[5] >> 3)];
+    *p++ = basis_32[((h[5] & 7) << 2) | (h[6] >> 6)];
+    *p++ = basis_32[(h[6] & 0x3f) >> 1];
+
+    *p = '\0';
  
      return GSS_S_COMPLETE;
  }
  
+/*
+ * gss_inquire_saslname_for_mech() wrapper that uses MIT SPI
+ */
+static OM_uint32
+inquire_saslname_for_mech_compat(OM_uint32 *minor,
+                                 const gss_OID desired_mech,
+                                 gss_buffer_t sasl_mech_name,
+                                 gss_buffer_t mech_name,
+                                 gss_buffer_t mech_description)
+{
+    struct gss_mech_compat_desc_struct *gmc;
+    gssapi_mech_interface m;
+    OM_uint32 major;
+
+    m = __gss_get_mechanism(desired_mech);
+    if (m == NULL)
+        return GSS_S_BAD_MECH;
+
+    gmc = m->gm_compat;
+
+    if (gmc != NULL && gmc->gmc_inquire_saslname_for_mech != NULL) {
+        major = gmc->gmc_inquire_saslname_for_mech(minor,
+                                                   desired_mech,
+                                                   sasl_mech_name,
+                                                   mech_name,
+                                                   mech_description);
+    } else {
+        major = GSS_S_UNAVAILABLE;
+    }
+
+    return major;
+}
+
  /**
- * Returns differnt protocol names and description of the mechanism.
+ * Returns different protocol names and description of the mechanism.
   *
   * @param minor_status minor status code
   * @param desired_mech mech list query
@@ -215,15 +291,41 @@ gss_inquire_saslname_for_mech(OM_uint32 *minor_status,
         return GSS_S_BAD_MECH;
  
      major = mo_value(desired_mech, GSS_C_MA_SASL_MECH_NAME, sasl_mech_name);
-    if (major) return major;
+    if (major == GSS_S_COMPLETE) {
+        /* Native SPI */
+        major = mo_value(desired_mech, GSS_C_MA_MECH_NAME, mech_name);
+        if (GSS_ERROR(major))
+            return major;
+
+        major = mo_value(desired_mech, GSS_C_MA_MECH_DESCRIPTION, mech_description);
+        if (GSS_ERROR(major))
+            return major;
+    }
  
-    major = mo_value(desired_mech, GSS_C_MA_MECH_NAME, mech_name);
-    if (major) return major;
+    if (GSS_ERROR(major)) {
+        /* API-as-SPI compatibility */
+        major = inquire_saslname_for_mech_compat(minor_status,
+                                                 desired_mech,
+                                                 sasl_mech_name,
+                                                 mech_name,
+                                                 mech_description);
+    }
  
-    major = mo_value(desired_mech, GSS_C_MA_MECH_DESCRIPTION, mech_description);
-    if (major) return major;
+    if (GSS_ERROR(major)) {
+        /* Algorithmically dervied SASL mechanism name */
+        char buf[16];
+        gss_buffer_desc tmp = { sizeof(buf) - 1, buf };
  
-    return GSS_S_COMPLETE;
+        major = make_sasl_name(minor_status, desired_mech, buf);
+        if (GSS_ERROR(major))
+            return major;
+
+        major = _gss_copy_buffer(minor_status, &tmp, sasl_mech_name);
+        if (GSS_ERROR(major))
+            return major;
+    }
+
+    return major;
  }
  
  /**
@@ -243,29 +345,91 @@ gss_inquire_mech_for_saslname(OM_uint32 *minor_status,
  {
      struct _gss_mech_switch *m;
      gss_buffer_desc name;
-    OM_uint32 major;
+    OM_uint32 major, junk;
+    char buf[16];
  
      _gss_load_mech();
  
      *mech_type = NULL;
  
      HEIM_SLIST_FOREACH(m, &_gss_mechs, gm_link) {
-
-       major = mo_value(&m->gm_mech_oid, GSS_C_MA_SASL_MECH_NAME, &name);
-       if (major)
-           continue;
-       if (name.length == sasl_mech_name->length &&
-           memcmp(name.value, sasl_mech_name->value, name.length) == 0) {
-           gss_release_buffer(&major, &name);
-           *mech_type = &m->gm_mech_oid;
-           return 0;
+        struct gss_mech_compat_desc_struct *gmc;
+
+        /* Native SPI */
+        major = mo_value(&m->gm_mech_oid, GSS_C_MA_SASL_MECH_NAME, &name);
+        if (major == GSS_S_COMPLETE &&
+            name.length == sasl_mech_name->length &&
+            memcmp(name.value, sasl_mech_name->value, name.length) == 0) {
+                gss_release_buffer(&junk, &name);
+                *mech_type = &m->gm_mech_oid;
+                return GSS_S_COMPLETE;
         }
-       gss_release_buffer(&major, &name);
+       gss_release_buffer(&junk, &name);
+
+        if (GSS_ERROR(major)) {
+            /* API-as-SPI compatibility */
+            gmc = m->gm_mech.gm_compat;
+            if (gmc && gmc->gmc_inquire_mech_for_saslname) {
+                major = gmc->gmc_inquire_mech_for_saslname(minor_status,
+                                                           sasl_mech_name,
+                                                           mech_type);
+                if (major == GSS_S_COMPLETE)
+                    return GSS_S_COMPLETE;
+            }
+        }
+
+        if (GSS_ERROR(major)) {
+            /* Algorithmically dervied SASL mechanism name */
+            if (sasl_mech_name->length == 16 &&
+                make_sasl_name(minor_status, &m->gm_mech_oid, buf) == GSS_S_COMPLETE &&
+                memcmp(buf, sasl_mech_name->value, 16) == 0) {
+                    *mech_type = &m->gm_mech_oid;
+                    return GSS_S_COMPLETE;
+            }
+        }
      }
  
      return GSS_S_BAD_MECH;
  }
  
+/*
+ * Test mechanism against indicated attributes using both Heimdal and
+ * MIT SPIs.
+ */
+static int
+test_mech_attrs(gssapi_mech_interface mi,
+                gss_const_OID_set mech_attrs,
+                gss_const_OID_set against_attrs,
+                int except)
+{
+    size_t n, m;
+    int eq = 0;
+
+    if (against_attrs == GSS_C_NO_OID_SET)
+        return 1;
+
+    for (n = 0; n < against_attrs->count; n++) {
+        for (m = 0; m < mi->gm_mo_num; m++) {
+            eq = gss_oid_equal(mi->gm_mo[m].option,
+                               &against_attrs->elements[n]);
+            if (eq)
+                break;
+        }
+        if (mech_attrs != GSS_C_NO_OID_SET) {
+            for (m = 0; m < mech_attrs->count; m++) {
+                eq = gss_oid_equal(&mech_attrs->elements[m],
+                                   &against_attrs->elements[n]);
+                if (eq)
+                    break;
+            }
+        }
+        if (!eq ^ except)
+            return 0;
+    }
+
+    return 1;
+}
+
  /**
   * Return set of mechanism that fullfill the criteria
   *
@@ -286,57 +450,49 @@ gss_indicate_mechs_by_attrs(OM_uint32 * minor_status,
                             gss_OID_set *mechs)
  {
      struct _gss_mech_switch *ms;
+    gss_OID_set mech_attrs = GSS_C_NO_OID_SET;
+    gss_OID_set known_mech_attrs = GSS_C_NO_OID_SET;
      OM_uint32 major;
-    size_t n, m;
  
      major = gss_create_empty_oid_set(minor_status, mechs);
-    if (major)
+    if (GSS_ERROR(major))
         return major;
  
      _gss_load_mech();
  
      HEIM_SLIST_FOREACH(ms, &_gss_mechs, gm_link) {
         gssapi_mech_interface mi = &ms->gm_mech;
-
-       if (desired_mech_attrs) {
-           for (n = 0; n < desired_mech_attrs->count; n++) {
-               for (m = 0; m < mi->gm_mo_num; m++)
-                   if (gss_oid_equal(mi->gm_mo[m].option, &desired_mech_attrs->elements[n]))
-                       break;
-               if (m == mi->gm_mo_num)
-                   goto next;
-           }
-       }
-
-       if (except_mech_attrs) {
-           for (n = 0; n < desired_mech_attrs->count; n++) {
-               for (m = 0; m < mi->gm_mo_num; m++) {
-                   if (gss_oid_equal(mi->gm_mo[m].option, &desired_mech_attrs->elements[n]))
-                       goto next;
-               }
-           }
-       }
-
-       if (critical_mech_attrs) {
-           for (n = 0; n < desired_mech_attrs->count; n++) {
-               for (m = 0; m < mi->gm_mo_num; m++) {
-                   if (mi->gm_mo[m].flags & GSS_MO_MA_CRITICAL)
-                       continue;
-                   if (gss_oid_equal(mi->gm_mo[m].option, &desired_mech_attrs->elements[n]))
-                       break;
-               }
-               if (m == mi->gm_mo_num)
-                   goto next;
-           }
-       }
-
-
-    next:
-       do { } while(0);
+        struct gss_mech_compat_desc_struct *gmc = mi->gm_compat;
+        OM_uint32 tmp;
+
+        if (gmc && gmc->gmc_inquire_attrs_for_mech) {
+            major = gmc->gmc_inquire_attrs_for_mech(minor_status,
+                                                    &mi->gm_mech_oid,
+                                                    &mech_attrs,
+                                                    &known_mech_attrs);
+            if (GSS_ERROR(major))
+                continue;
+        }
+
+        /*
+         * Test mechanism supports all of desired_mech_attrs;
+         * none of except_mech_attrs;
+         * and knows of all critical_mech_attrs.
+         */
+        if (test_mech_attrs(mi, mech_attrs,       desired_mech_attrs,  0) &&
+            test_mech_attrs(mi, mech_attrs,       except_mech_attrs,   1) &&
+            test_mech_attrs(mi, known_mech_attrs, critical_mech_attrs, 0)) {
+            major = gss_add_oid_set_member(minor_status, &mi->gm_mech_oid, mechs);
+        }
+
+        gss_release_oid_set(&tmp, &mech_attrs);
+        gss_release_oid_set(&tmp, &known_mech_attrs);
+
+        if (GSS_ERROR(major))
+            break;
      }
  
-
-    return GSS_S_FAILURE;
+    return major;
  }
  
  /**
@@ -361,30 +517,45 @@ gss_inquire_attrs_for_mech(OM_uint32 * minor_status,
  {
      OM_uint32 major, junk;
  
+    if (known_mech_attrs)
+        *known_mech_attrs = GSS_C_NO_OID_SET;
+
      if (mech_attr && mech) {
         gssapi_mech_interface m;
+        struct gss_mech_compat_desc_struct *gmc;
  
         if ((m = __gss_get_mechanism(mech)) == NULL) {
             *minor_status = 0;
             return GSS_S_BAD_MECH;
         }
  
-       major = gss_create_empty_oid_set(minor_status, mech_attr);
-       if (major != GSS_S_COMPLETE)
+        gmc = m->gm_compat;
+
+        if (gmc && gmc->gmc_inquire_attrs_for_mech) {
+            major = gmc->gmc_inquire_attrs_for_mech(minor_status,
+                                                    mech,
+                                                    mech_attr,
+                                                    known_mech_attrs);
+        } else {
+           major = gss_create_empty_oid_set(minor_status, mech_attr);
+            if (major == GSS_S_COMPLETE)
+               add_all_mo(m, mech_attr, GSS_MO_MA);
+        }
+       if (GSS_ERROR(major))
             return major;
-
-       add_all_mo(m, mech_attr, GSS_MO_MA);
-    }    
+    }
  
      if (known_mech_attrs) {
         struct _gss_mech_switch *m;
  
-       major = gss_create_empty_oid_set(minor_status, known_mech_attrs);
-       if (major) {
-           if (mech_attr)
-               gss_release_oid_set(&junk, mech_attr);
-           return major;
-       }
+        if (*known_mech_attrs == GSS_C_NO_OID_SET) {
+           major = gss_create_empty_oid_set(minor_status, known_mech_attrs);
+           if (GSS_ERROR(major)) {
+               if (mech_attr)
+                   gss_release_oid_set(&junk, mech_attr);
+               return major;
+           }
+        }
  
         _gss_load_mech();
  
@@ -434,28 +605,28 @@ gss_display_mech_attr(OM_uint32 * minor_status,
         return GSS_S_BAD_MECH_ATTR;
  
      if (name) {
-       gss_buffer_desc n;
-       n.value = rk_UNCONST(ma->name);
-       n.length = strlen(ma->name);
-       major = _gss_copy_buffer(minor_status, &n, name);
+       gss_buffer_desc bd;
+       bd.value = rk_UNCONST(ma->name);
+       bd.length = strlen(ma->name);
+       major = _gss_copy_buffer(minor_status, &bd, name);
         if (major != GSS_S_COMPLETE)
             return major;
      }
  
      if (short_desc) {
-       gss_buffer_desc n;
-       n.value = rk_UNCONST(ma->short_desc);
-       n.length = strlen(ma->short_desc);
-       major = _gss_copy_buffer(minor_status, &n, short_desc);
+       gss_buffer_desc bd;
+       bd.value = rk_UNCONST(ma->short_desc);
+       bd.length = strlen(ma->short_desc);
+       major = _gss_copy_buffer(minor_status, &bd, short_desc);
         if (major != GSS_S_COMPLETE)
             return major;
      }
  
      if (long_desc) {
-       gss_buffer_desc n;
-       n.value = rk_UNCONST(ma->long_desc);
-       n.length = strlen(ma->long_desc);
-       major = _gss_copy_buffer(minor_status, &n, long_desc);
+       gss_buffer_desc bd;
+       bd.value = rk_UNCONST(ma->long_desc);
+       bd.length = strlen(ma->long_desc);
+       major = _gss_copy_buffer(minor_status, &bd, long_desc);
         if (major != GSS_S_COMPLETE)
             return major;
      }
diff --git a/source4/heimdal/lib/gssapi/mech/gss_names.c b/source4/heimdal/lib/gssapi/mech/gss_names.c

index 4b470c775f24859161fbbc812cb694de064c19eb..43e0e2a85cb2afa268000bd05754e7de089b9e6e 100644 (file)
--- a/source4/heimdal/lib/gssapi/mech/gss_names.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_names.c
@@ -58,7 +58,7 @@ _gss_find_mn(OM_uint32 *minor_status, struct _gss_name *name, gss_OID mech,
                 mn = malloc(sizeof(struct _gss_mechanism_name));
                 if (!mn)
                         return GSS_S_FAILURE;
-               
+
                 major_status = m->gm_import_name(minor_status,
                     &name->gn_value,
                     (name->gn_type.elements
diff --git a/source4/heimdal/lib/gssapi/mech/gss_oid.c b/source4/heimdal/lib/gssapi/mech/gss_oid.c

index bac97cacd0bcaf6ceb08c592d40db5b46cd31496..916d1e4dda5e8cc20b0b3331f21186dfcc2251eb 100644 (file)
--- a/source4/heimdal/lib/gssapi/mech/gss_oid.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_oid.c
@@ -2,220 +2,226 @@
  #include "mech_locl.h"
  
  /* GSS_KRB5_COPY_CCACHE_X - 1.2.752.43.13.1 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_copy_ccache_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x01" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_copy_ccache_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x01") };
  
  /* GSS_KRB5_GET_TKT_FLAGS_X - 1.2.752.43.13.2 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_tkt_flags_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x02" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_tkt_flags_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x02") };
  
  /* GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X - 1.2.752.43.13.3 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_extract_authz_data_from_sec_context_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x03" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_extract_authz_data_from_sec_context_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x03") };
  
  /* GSS_KRB5_COMPAT_DES3_MIC_X - 1.2.752.43.13.4 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_compat_des3_mic_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x04" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_compat_des3_mic_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x04") };
  
  /* GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X - 1.2.752.43.13.5 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_register_acceptor_identity_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x05" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_register_acceptor_identity_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x05") };
  
  /* GSS_KRB5_EXPORT_LUCID_CONTEXT_X - 1.2.752.43.13.6 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_export_lucid_context_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x06" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_export_lucid_context_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x06") };
  
  /* GSS_KRB5_EXPORT_LUCID_CONTEXT_V1_X - 1.2.752.43.13.6.1 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_export_lucid_context_v1_x_oid_desc = { 7, "\x2a\x85\x70\x2b\x0d\x06\x01" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_export_lucid_context_v1_x_oid_desc = { 7, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x06\x01") };
  
  /* GSS_KRB5_SET_DNS_CANONICALIZE_X - 1.2.752.43.13.7 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_dns_canonicalize_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x07" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_dns_canonicalize_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x07") };
  
  /* GSS_KRB5_GET_SUBKEY_X - 1.2.752.43.13.8 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_subkey_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x08" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_subkey_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x08") };
  
  /* GSS_KRB5_GET_INITIATOR_SUBKEY_X - 1.2.752.43.13.9 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_initiator_subkey_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x09" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_initiator_subkey_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x09") };
  
  /* GSS_KRB5_GET_ACCEPTOR_SUBKEY_X - 1.2.752.43.13.10 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_acceptor_subkey_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x0a" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_acceptor_subkey_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0a") };
  
  /* GSS_KRB5_SEND_TO_KDC_X - 1.2.752.43.13.11 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_send_to_kdc_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x0b" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_send_to_kdc_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0b") };
  
  /* GSS_KRB5_GET_AUTHTIME_X - 1.2.752.43.13.12 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_authtime_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x0c" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_authtime_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0c") };
  
  /* GSS_KRB5_GET_SERVICE_KEYBLOCK_X - 1.2.752.43.13.13 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_service_keyblock_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x0d" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_service_keyblock_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0d") };
  
  /* GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X - 1.2.752.43.13.14 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_allowable_enctypes_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x0e" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_allowable_enctypes_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0e") };
  
  /* GSS_KRB5_SET_DEFAULT_REALM_X - 1.2.752.43.13.15 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_default_realm_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x0f" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_default_realm_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0f") };
  
  /* GSS_KRB5_CCACHE_NAME_X - 1.2.752.43.13.16 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_ccache_name_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x10" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_ccache_name_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x10") };
  
  /* GSS_KRB5_SET_TIME_OFFSET_X - 1.2.752.43.13.17 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_time_offset_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x11" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_time_offset_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x11") };
  
  /* GSS_KRB5_GET_TIME_OFFSET_X - 1.2.752.43.13.18 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_time_offset_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x12" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_time_offset_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x12") };
  
  /* GSS_KRB5_PLUGIN_REGISTER_X - 1.2.752.43.13.19 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_plugin_register_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x13" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_plugin_register_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x13") };
  
  /* GSS_NTLM_GET_SESSION_KEY_X - 1.2.752.43.13.20 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_ntlm_get_session_key_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x14" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_ntlm_get_session_key_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x14") };
  
  /* GSS_C_NT_NTLM - 1.2.752.43.13.21 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_ntlm_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x15" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_ntlm_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x15") };
  
  /* GSS_C_NT_DN - 1.2.752.43.13.22 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_dn_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x16" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_dn_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x16") };
  
  /* GSS_KRB5_NT_PRINCIPAL_NAME_REFERRAL - 1.2.752.43.13.23 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_nt_principal_name_referral_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x17" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_nt_principal_name_referral_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x17") };
  
  /* GSS_C_NTLM_AVGUEST - 1.2.752.43.13.24 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_avguest_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x18" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_avguest_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x18") };
  
  /* GSS_C_NTLM_V1 - 1.2.752.43.13.25 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_v1_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x19" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_v1_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x19") };
  
  /* GSS_C_NTLM_V2 - 1.2.752.43.13.26 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_v2_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x1a" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_v2_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x1a") };
  
  /* GSS_C_NTLM_SESSION_KEY - 1.2.752.43.13.27 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_session_key_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x1b" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_session_key_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x1b") };
  
  /* GSS_C_NTLM_FORCE_V1 - 1.2.752.43.13.28 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_force_v1_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x1c" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_force_v1_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x1c") };
  
  /* GSS_KRB5_CRED_NO_CI_FLAGS_X - 1.2.752.43.13.29 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_cred_no_ci_flags_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x1d" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_cred_no_ci_flags_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x1d") };
  
  /* GSS_KRB5_IMPORT_CRED_X - 1.2.752.43.13.30 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_import_cred_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x1e" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_import_cred_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x1e") };
  
  /* GSS_C_MA_SASL_MECH_NAME - 1.2.752.43.13.100 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_sasl_mech_name_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x64" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_sasl_mech_name_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x64") };
  
  /* GSS_C_MA_MECH_NAME - 1.2.752.43.13.101 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_name_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x65" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_name_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x65") };
  
  /* GSS_C_MA_MECH_DESCRIPTION - 1.2.752.43.13.102 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_description_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x66" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_description_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x66") };
+
+/* GSS_C_CRED_PASSWORD - 1.2.752.43.13.200 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_cred_password_oid_desc = { 7, "\x2a\x85\x70\x2b\x0d\x81\x48" };
+
+/* GSS_C_CRED_CERTIFICATE - 1.2.752.43.13.201 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_cred_certificate_oid_desc = { 7, "\x2a\x85\x70\x2b\x0d\x81\x49" };
  
  /* GSS_SASL_DIGEST_MD5_MECHANISM - 1.2.752.43.14.1 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_sasl_digest_md5_mechanism_oid_desc = { 6, "\x2a\x85\x70\x2b\x0e\x01" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_sasl_digest_md5_mechanism_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0e\x01") };
  
  /* GSS_NETLOGON_MECHANISM - 1.2.752.43.14.2 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_mechanism_oid_desc = { 6, "\x2a\x85\x70\x2b\x0e\x02" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_mechanism_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0e\x02") };
  
  /* GSS_NETLOGON_SET_SESSION_KEY_X - 1.2.752.43.14.3 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_set_session_key_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0e\x03" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_set_session_key_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0e\x03") };
  
  /* GSS_NETLOGON_SET_SIGN_ALGORITHM_X - 1.2.752.43.14.4 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_set_sign_algorithm_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0e\x04" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_set_sign_algorithm_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0e\x04") };
  
  /* GSS_NETLOGON_NT_NETBIOS_DNS_NAME - 1.2.752.43.14.5 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_nt_netbios_dns_name_oid_desc = { 6, "\x2a\x85\x70\x2b\x0e\x05" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_nt_netbios_dns_name_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0e\x05") };
  
  /* GSS_C_INQ_WIN2K_PAC_X - 1.2.752.43.13.3.128 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_inq_win2k_pac_x_oid_desc = { 8, "\x2a\x85\x70\x2b\x0d\x03\x81\x00" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_inq_win2k_pac_x_oid_desc = { 8, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x03\x81\x00") };
  
  /* GSS_C_INQ_SSPI_SESSION_KEY - 1.2.840.113554.1.2.2.5.5 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_inq_sspi_session_key_oid_desc = { 11, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x05" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_inq_sspi_session_key_oid_desc = { 11, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x05") };
  
  /* GSS_KRB5_MECHANISM - 1.2.840.113554.1.2.2 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_mechanism_oid_desc = { 9, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_mechanism_oid_desc = { 9, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02") };
  
  /* GSS_NTLM_MECHANISM - 1.3.6.1.4.1.311.2.2.10 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_ntlm_mechanism_oid_desc = { 10, "\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_ntlm_mechanism_oid_desc = { 10, rk_UNCONST("\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a") };
  
  /* GSS_SPNEGO_MECHANISM - 1.3.6.1.5.5.2 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_spnego_mechanism_oid_desc = { 6, "\x2b\x06\x01\x05\x05\x02" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_spnego_mechanism_oid_desc = { 6, rk_UNCONST("\x2b\x06\x01\x05\x05\x02") };
  
  /* GSS_C_PEER_HAS_UPDATED_SPNEGO - 1.3.6.1.4.1.9513.19.5 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_peer_has_updated_spnego_oid_desc = { 9, "\x2b\x06\x01\x04\x01\xca\x29\x13\x05" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_peer_has_updated_spnego_oid_desc = { 9, rk_UNCONST("\x2b\x06\x01\x04\x01\xca\x29\x13\x05") };
  
  /* GSS_C_MA_MECH_CONCRETE - 1.3.6.1.5.5.13.1 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_concrete_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x01" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_concrete_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x01") };
  
  /* GSS_C_MA_MECH_PSEUDO - 1.3.6.1.5.5.13.2 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_pseudo_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x02" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_pseudo_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x02") };
  
  /* GSS_C_MA_MECH_COMPOSITE - 1.3.6.1.5.5.13.3 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_composite_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x03" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_composite_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x03") };
  
  /* GSS_C_MA_MECH_NEGO - 1.3.6.1.5.5.13.4 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_nego_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x04" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_nego_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x04") };
  
  /* GSS_C_MA_MECH_GLUE - 1.3.6.1.5.5.13.5 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_glue_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x05" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_glue_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x05") };
  
  /* GSS_C_MA_NOT_MECH - 1.3.6.1.5.5.13.6 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_not_mech_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x06" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_not_mech_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x06") };
  
  /* GSS_C_MA_DEPRECATED - 1.3.6.1.5.5.13.7 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_deprecated_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x07" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_deprecated_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x07") };
  
  /* GSS_C_MA_NOT_DFLT_MECH - 1.3.6.1.5.5.13.8 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_not_dflt_mech_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x08" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_not_dflt_mech_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x08") };
  
  /* GSS_C_MA_ITOK_FRAMED - 1.3.6.1.5.5.13.9 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_itok_framed_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x09" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_itok_framed_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x09") };
  
  /* GSS_C_MA_AUTH_INIT - 1.3.6.1.5.5.13.10 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_init_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x0a" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_init_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x0a") };
  
  /* GSS_C_MA_AUTH_TARG - 1.3.6.1.5.5.13.11 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_targ_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x0b" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_targ_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x0b") };
  
  /* GSS_C_MA_AUTH_INIT_INIT - 1.3.6.1.5.5.13.12 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_init_init_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x0c" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_init_init_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x0c") };
  
  /* GSS_C_MA_AUTH_TARG_INIT - 1.3.6.1.5.5.13.13 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_targ_init_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x0d" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_targ_init_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x0d") };
  
  /* GSS_C_MA_AUTH_INIT_ANON - 1.3.6.1.5.5.13.14 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_init_anon_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x0e" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_init_anon_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x0e") };
  
  /* GSS_C_MA_AUTH_TARG_ANON - 1.3.6.1.5.5.13.15 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_targ_anon_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x0f" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_targ_anon_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x0f") };
  
  /* GSS_C_MA_DELEG_CRED - 1.3.6.1.5.5.13.16 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_deleg_cred_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x10" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_deleg_cred_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x10") };
  
  /* GSS_C_MA_INTEG_PROT - 1.3.6.1.5.5.13.17 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_integ_prot_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x11" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_integ_prot_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x11") };
  
  /* GSS_C_MA_CONF_PROT - 1.3.6.1.5.5.13.18 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_conf_prot_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x12" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_conf_prot_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x12") };
  
  /* GSS_C_MA_MIC - 1.3.6.1.5.5.13.19 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mic_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x13" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mic_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x13") };
  
  /* GSS_C_MA_WRAP - 1.3.6.1.5.5.13.20 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_wrap_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x14" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_wrap_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x14") };
  
  /* GSS_C_MA_PROT_READY - 1.3.6.1.5.5.13.21 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_prot_ready_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x15" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_prot_ready_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x15") };
  
  /* GSS_C_MA_REPLAY_DET - 1.3.6.1.5.5.13.22 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_replay_det_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x16" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_replay_det_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x16") };
  
  /* GSS_C_MA_OOS_DET - 1.3.6.1.5.5.13.23 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_oos_det_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x17" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_oos_det_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x17") };
  
  /* GSS_C_MA_CBINDINGS - 1.3.6.1.5.5.13.24 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_cbindings_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x18" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_cbindings_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x18") };
  
  /* GSS_C_MA_PFS - 1.3.6.1.5.5.13.25 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_pfs_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x19" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_pfs_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x19") };
  
  /* GSS_C_MA_COMPRESS - 1.3.6.1.5.5.13.26 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_compress_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x1a" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_compress_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x1a") };
  
  /* GSS_C_MA_CTX_TRANS - 1.3.6.1.5.5.13.27 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_ctx_trans_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x1b" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_ctx_trans_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x1b") };
  
  struct _gss_oid_name_table _gss_ont_ma[] = {
    { GSS_C_MA_COMPRESS, "GSS_C_MA_COMPRESS", "compress", "" },
diff --git a/source4/heimdal/lib/gssapi/mech/gss_oid_equal.c b/source4/heimdal/lib/gssapi/mech/gss_oid_equal.c

index 7d6ded39e479744226c0beab0cb8defdd3ddf530..b125ede66fa3754120a61e542fc7e00b7d69a157 100644 (file)
--- a/source4/heimdal/lib/gssapi/mech/gss_oid_equal.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_oid_equal.c
@@ -43,7 +43,7 @@
   *
   * @return non-zero when both oid are the same OID, zero when they are
   *         not the same.
- *         
+ *
   * @ingroup gssapi
   */
  
diff --git a/source4/heimdal/lib/gssapi/mech/gss_release_name.c b/source4/heimdal/lib/gssapi/mech/gss_release_name.c

index 759eaec4c32fab88ec08087de770100c00d5ef40..fd0b5df36bed8197fc3ad20c2d95c8291e3035fd 100644 (file)
--- a/source4/heimdal/lib/gssapi/mech/gss_release_name.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_release_name.c
@@ -40,7 +40,7 @@
   *
   * @returns a gss_error code, see gss_display_status() about printing
   *        the error code.
- *  
+ *
   * @ingroup gssapi
   */
  GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
diff --git a/source4/heimdal/lib/gssapi/mech/gss_set_cred_option.c b/source4/heimdal/lib/gssapi/mech/gss_set_cred_option.c

index 62be485a0783506f8fa17a90c2ccac46d0dc4755..d33453d92feb34238229b09a3b602b6a326874c0 100644 (file)
--- a/source4/heimdal/lib/gssapi/mech/gss_set_cred_option.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_set_cred_option.c
@@ -93,13 +93,13 @@ gss_set_cred_option (OM_uint32 *minor_status,
  
                 HEIM_SLIST_FOREACH(mc, &cred->gc_mc, gmc_link) {
                         m = mc->gmc_mech;
-       
+
                         if (m == NULL)
                                 return GSS_S_BAD_MECH;
-       
+
                         if (m->gm_set_cred_option == NULL)
                                 continue;
-       
+
                         major_status = m->gm_set_cred_option(minor_status,
                             &mc->gmc_cred, object, value);
                         if (major_status == GSS_S_COMPLETE)
diff --git a/source4/heimdal/lib/gssapi/mech/gss_test_oid_set_member.c b/source4/heimdal/lib/gssapi/mech/gss_test_oid_set_member.c

index 4c4d34904583446bc4ffce02d439f27f872743d6..715d34bf0666262988cb83ffaf6a0ae82510f08c 100644 (file)
--- a/source4/heimdal/lib/gssapi/mech/gss_test_oid_set_member.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_test_oid_set_member.c
@@ -34,7 +34,7 @@ gss_test_oid_set_member(OM_uint32 *minor_status,
      const gss_OID_set set,
      int *present)
  {
-       int i;
+       size_t i;
  
         *present = 0;
         for (i = 0; i < set->count; i++)
diff --git a/source4/heimdal/lib/gssapi/mech/gss_wrap_size_limit.c b/source4/heimdal/lib/gssapi/mech/gss_wrap_size_limit.c

index e79814aea720b4c139d08ec6cb5dd39cf852809a..9bebcf6cf08e8d520033da7635bc2d1dc9eea52c 100644 (file)
--- a/source4/heimdal/lib/gssapi/mech/gss_wrap_size_limit.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_wrap_size_limit.c
@@ -38,7 +38,7 @@ gss_wrap_size_limit(OM_uint32 *minor_status,
  {
         struct _gss_context *ctx = (struct _gss_context *) context_handle;
         gssapi_mech_interface m;
-       
+
         *max_input_size = 0;
         if (ctx == NULL) {
             *minor_status = 0;
diff --git a/source4/heimdal/lib/gssapi/mech/mech_locl.h b/source4/heimdal/lib/gssapi/mech/mech_locl.h

index cb10c23c38b3ddea54cf89186501cc72270e9107..6c23ac5256b156bc9196c49f5fb86ed0e84feaa8 100644 (file)
--- a/source4/heimdal/lib/gssapi/mech/mech_locl.h
+++ b/source4/heimdal/lib/gssapi/mech/mech_locl.h
@@ -62,6 +62,7 @@
  #include "mech_switch.h"
  #include "name.h"
  #include "utils.h"
+#include "compat.h"
  
  #define _mg_buffer_zero(buffer) \
         do {                                    \
diff --git a/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c b/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c

index 35bc56fbb777d93eccb352b0c78285d5dbeaf50d..3a51dd3a0a6160e4a45cd3f8bd646e12c5191915 100644 (file)
--- a/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c
+++ b/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c
@@ -90,7 +90,7 @@ send_supported_mechs (OM_uint32 *minor_status,
                       gss_buffer_t output_token)
  {
      NegotiationTokenWin nt;
-    size_t buf_len;
+    size_t buf_len = 0;
      gss_buffer_desc data;
      OM_uint32 ret;
  
@@ -132,8 +132,10 @@ send_supported_mechs (OM_uint32 *minor_status,
         *minor_status = ret;
         return GSS_S_FAILURE;
      }
-    if (data.length != buf_len)
+    if (data.length != buf_len) {
         abort();
+        UNREACHABLE(return GSS_S_FAILURE);
+    }
  
      ret = gss_encapsulate_token(&data, GSS_SPNEGO_MECHANISM, output_token);
  
@@ -316,7 +318,7 @@ select_mech(OM_uint32 *minor_status, MechType *mechType, int verify_p,
      gss_OID_desc oid;
      gss_OID oidp;
      gss_OID_set mechs;
-    int i;
+    size_t i;
      OM_uint32 ret, junk;
  
      ret = der_put_oid ((unsigned char *)mechbuf + sizeof(mechbuf) - 1,
@@ -368,12 +370,13 @@ select_mech(OM_uint32 *minor_status, MechType *mechType, int verify_p,
  
         host = getenv("GSSAPI_SPNEGO_NAME");
         if (host == NULL || issuid()) {
+           int rv;
             if (gethostname(hostname, sizeof(hostname)) != 0) {
                 *minor_status = errno;
                 return GSS_S_FAILURE;
             }
-           i = asprintf(&str, "host@%s", hostname);
-           if (i < 0 || str == NULL) {
+           rv = asprintf(&str, "host@%s", hostname);
+           if (rv < 0 || str == NULL) {
                 *minor_status = ENOMEM;
                 return GSS_S_FAILURE;
             }
@@ -410,10 +413,6 @@ acceptor_complete(OM_uint32 * minor_status,
  {
      OM_uint32 ret;
      int require_mic, verify_mic;
-    gss_buffer_desc buf;
-
-    buf.length = 0;
-    buf.value = NULL;
  
      ret = _gss_spnego_require_mechlist_mic(minor_status, ctx, &require_mic);
      if (ret)
@@ -435,11 +434,11 @@ acceptor_complete(OM_uint32 * minor_status,
             verify_mic = 0;
             *get_mic = 1;
         }
-       
+
         if (verify_mic || *get_mic) {
             int eret;
-           size_t buf_len;
-       
+           size_t buf_len = 0;
+
             ASN1_MALLOC_ENCODE(MechTypeList,
                                mech_buf->value, mech_buf->length,
                                &ctx->initiator_mech_types, &buf_len, eret);
@@ -447,24 +446,19 @@ acceptor_complete(OM_uint32 * minor_status,
                 *minor_status = eret;
                 return GSS_S_FAILURE;
             }
-           if (buf.length != buf_len)
-               abort();
+           heim_assert(mech_buf->length == buf_len, "Internal ASN.1 error");
+           UNREACHABLE(return GSS_S_FAILURE);
         }
-       
+
         if (verify_mic) {
             ret = verify_mechlist_mic(minor_status, ctx, mech_buf, mic);
             if (ret) {
                 if (*get_mic)
                     send_reject (minor_status, output_token);
-               if (buf.value)
-                   free(buf.value);
                 return ret;
             }
             ctx->verified_mic = 1;
         }
-       if (buf.value)
-           free(buf.value);
-
      } else
         *get_mic = 0;
  
@@ -491,7 +485,6 @@ acceptor_start
      NegotiationToken nt;
      size_t nt_len;
      NegTokenInit *ni;
-    int i;
      gss_buffer_desc data;
      gss_buffer_t mech_input_token = GSS_C_NO_BUFFER;
      gss_buffer_desc mech_output_token;
@@ -507,7 +500,7 @@ acceptor_start
  
      if (input_token_buffer->length == 0)
         return send_supported_mechs (minor_status, output_token);
-       
+
      ret = _gss_spnego_alloc_sec_context(minor_status, context_handle);
      if (ret != GSS_S_COMPLETE)
         return ret;
@@ -573,7 +566,7 @@ acceptor_start
  
         if (ctx->mech_src_name != GSS_C_NO_NAME)
             gss_release_name(&junk, &ctx->mech_src_name);
-       
+
         ret = gss_accept_sec_context(minor_status,
                                      &ctx->negotiated_ctx_id,
                                      acceptor_cred_handle,
@@ -613,13 +606,14 @@ acceptor_start
       */
  
      if (!first_ok && ni->mechToken != NULL) {
+       size_t j;
  
         preferred_mech_type = GSS_C_NO_OID;
  
         /* Call glue layer to find first mech we support */
-       for (i = 1; i < ni->mechTypes.len; ++i) {
+       for (j = 1; j < ni->mechTypes.len; ++j) {
             ret = select_mech(minor_status,
-                             &ni->mechTypes.val[i],
+                             &ni->mechTypes.val[j],
                               1,
                               &preferred_mech_type);
             if (ret == 0)
diff --git a/source4/heimdal/lib/gssapi/spnego/compat.c b/source4/heimdal/lib/gssapi/spnego/compat.c

index b23658cfd1057121f278c228a0fa3af60b30e885..cf5ee30a84a982e65ce74a50e14966045d81ac1f 100644 (file)
--- a/source4/heimdal/lib/gssapi/spnego/compat.c
+++ b/source4/heimdal/lib/gssapi/spnego/compat.c
@@ -41,10 +41,10 @@
   * Kerberos mechanism.
   */
  gss_OID_desc _gss_spnego_mskrb_mechanism_oid_desc =
-       {9, (void *)"\x2a\x86\x48\x82\xf7\x12\x01\x02\x02"};
+    {9, rk_UNCONST("\x2a\x86\x48\x82\xf7\x12\x01\x02\x02")};
  
  gss_OID_desc _gss_spnego_krb5_mechanism_oid_desc =
-       {9, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02"};
+    {9, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02")};
  
  /*
   * Allocate a SPNEGO context handle
@@ -241,7 +241,7 @@ _gss_spnego_indicate_mechtypelist (OM_uint32 *minor_status,
      gss_OID_set supported_mechs = GSS_C_NO_OID_SET;
      gss_OID first_mech = GSS_C_NO_OID;
      OM_uint32 ret;
-    int i;
+    size_t i;
  
      mechtypelist->len = 0;
      mechtypelist->val = NULL;
diff --git a/source4/heimdal/lib/gssapi/spnego/context_stubs.c b/source4/heimdal/lib/gssapi/spnego/context_stubs.c

index 18c13fe29957b87afc1d23d9cdf020a3cbcbe31b..60b348ec46763979718a44dfcb1dfb5cf5b615a2 100644 (file)
--- a/source4/heimdal/lib/gssapi/spnego/context_stubs.c
+++ b/source4/heimdal/lib/gssapi/spnego/context_stubs.c
@@ -37,7 +37,7 @@ spnego_supported_mechs(OM_uint32 *minor_status, gss_OID_set *mechs)
  {
      OM_uint32 ret, junk;
      gss_OID_set m;
-    int i;
+    size_t i;
  
      ret = gss_indicate_mechs(minor_status, &m);
      if (ret != GSS_S_COMPLETE)
@@ -565,7 +565,7 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_names_for_mech (
  {
      gss_OID_set mechs, names, n;
      OM_uint32 ret, junk;
-    int i, j;
+    size_t i, j;
  
      *name_types = NULL;
  
diff --git a/source4/heimdal/lib/gssapi/spnego/cred_stubs.c b/source4/heimdal/lib/gssapi/spnego/cred_stubs.c

index 2920f3d9b57c388476bb6a706311d40944b479df..fc43d6a4a6664fdf480c49550eb444d8bf270786 100644 (file)
--- a/source4/heimdal/lib/gssapi/spnego/cred_stubs.c
+++ b/source4/heimdal/lib/gssapi/spnego/cred_stubs.c
@@ -70,7 +70,7 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_acquire_cred
      OM_uint32 ret, tmp;
      gss_OID_set_desc actual_desired_mechs;
      gss_OID_set mechs;
-    int i, j;
+    size_t i, j;
  
      *output_cred_handle = GSS_C_NO_CREDENTIAL;
  
diff --git a/source4/heimdal/lib/gssapi/spnego/external.c b/source4/heimdal/lib/gssapi/spnego/external.c

index 505475415010359c726b09ed0dff9132bb7c6e14..ca06d46e82113a1f9047c96cb04d8d9d0ffd55c6 100644 (file)
--- a/source4/heimdal/lib/gssapi/spnego/external.c
+++ b/source4/heimdal/lib/gssapi/spnego/external.c
@@ -39,13 +39,12 @@
   *  negotiation token is identified by the Object Identifier
   *  iso.org.dod.internet.security.mechanism.snego (1.3.6.1.5.5.2).
   */
-
  static gss_mo_desc spnego_mo[] = {
      {
         GSS_C_MA_SASL_MECH_NAME,
         GSS_MO_MA,
         "SASL mech name",
-       "SPNEGO",
+       rk_UNCONST("SPNEGO"),
         _gss_mo_get_ctx_as_string,
         NULL
      },
@@ -53,7 +52,7 @@ static gss_mo_desc spnego_mo[] = {
         GSS_C_MA_MECH_NAME,
         GSS_MO_MA,
         "Mechanism name",
-       "SPNEGO",
+       rk_UNCONST("SPNEGO"),
         _gss_mo_get_ctx_as_string,
         NULL
      },
@@ -61,7 +60,7 @@ static gss_mo_desc spnego_mo[] = {
         GSS_C_MA_MECH_DESCRIPTION,
         GSS_MO_MA,
         "Mechanism description",
-       "Heimdal SPNEGO Mechanism",
+       rk_UNCONST("Heimdal SPNEGO Mechanism"),
         _gss_mo_get_ctx_as_string,
         NULL
      },
@@ -78,7 +77,7 @@ static gss_mo_desc spnego_mo[] = {
  static gssapi_mech_interface_desc spnego_mech = {
      GMI_VERSION,
      "spnego",
-    {6, (void *)"\x2b\x06\x01\x05\x05\x02"},
+    {6, rk_UNCONST("\x2b\x06\x01\x05\x05\x02") },
      0,
      _gss_spnego_acquire_cred,
      _gss_spnego_release_cred,
@@ -128,7 +127,13 @@ static gssapi_mech_interface_desc spnego_mech = {
      NULL,
      NULL,
      spnego_mo,
-    sizeof(spnego_mo) / sizeof(spnego_mo[0])
+    sizeof(spnego_mo) / sizeof(spnego_mo[0]),
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
  };
  
  gssapi_mech_interface
diff --git a/source4/heimdal/lib/gssapi/spnego/init_sec_context.c b/source4/heimdal/lib/gssapi/spnego/init_sec_context.c

index c9e182129dd38e4273a167eeb5e477ddfc325279..b4b1bcefc5e53efb3de07358f66fcdf5efecb50d 100644 (file)
--- a/source4/heimdal/lib/gssapi/spnego/init_sec_context.c
+++ b/source4/heimdal/lib/gssapi/spnego/init_sec_context.c
@@ -392,7 +392,7 @@ spnego_reply
      NegotiationToken resp;
      gss_OID_desc mech;
      int require_mic;
-    size_t buf_len;
+    size_t buf_len = 0;
      gss_buffer_desc mic_buf, mech_buf;
      gss_buffer_desc mech_output_token;
      gssspnego_ctx ctx;
@@ -557,8 +557,10 @@ spnego_reply
             *minor_status = ret;
             return GSS_S_FAILURE;
         }
-       if (mech_buf.length != buf_len)
+       if (mech_buf.length != buf_len) {
             abort();
+            UNREACHABLE(return GSS_S_FAILURE);
+        }
  
         if (resp.u.negTokenResp.mechListMIC == NULL) {
             HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
diff --git a/source4/heimdal/lib/gssapi/spnego/spnego_locl.h b/source4/heimdal/lib/gssapi/spnego/spnego_locl.h

index dacaa3310e7ee53537d2561fadb24b439fd9a096..3e151c7c2a4ce6c0e53cf47ec951a4998a746e8e 100644 (file)
--- a/source4/heimdal/lib/gssapi/spnego/spnego_locl.h
+++ b/source4/heimdal/lib/gssapi/spnego/spnego_locl.h
@@ -71,6 +71,8 @@
  #include "utils.h"
  #include <der.h>
  
+#include <heimbase.h>
+
  #define ALLOC(X, N) (X) = calloc((N), sizeof(*(X)))
  
  typedef struct {
diff --git a/source4/heimdal/lib/gssapi/version-script.map b/source4/heimdal/lib/gssapi/version-script.map

index 7591121333ffea3c405a9c9e7d887b2d26ef1724..ebd8ee21acfaa4f6c338a7f67df2b9e14771fed6 100644 (file)
--- a/source4/heimdal/lib/gssapi/version-script.map
+++ b/source4/heimdal/lib/gssapi/version-script.map
@@ -2,7 +2,8 @@
  
  HEIMDAL_GSS_2.0 {
         global:
-               __gss_c_nt_anonymous;
+#              __gss_c_nt_anonymous;
+               __gss_c_nt_anonymous_oid_desc;
                 __gss_c_nt_export_name_oid_desc;
                 __gss_c_nt_hostbased_service_oid_desc;
                 __gss_c_nt_hostbased_service_x_oid_desc;
@@ -11,11 +12,17 @@ HEIMDAL_GSS_2.0 {
                 __gss_c_nt_user_name_oid_desc;
                 __gss_krb5_nt_principal_name_oid_desc;
                 __gss_c_attr_stream_sizes_oid_desc;
+               __gss_c_cred_password_oid_desc;
+               __gss_c_cred_certificate_oid_desc;
+               GSS_C_ATTR_LOCAL_LOGIN_USER;
                 gss_accept_sec_context;
                 gss_acquire_cred;
+               gss_acquire_cred_with_password;
                 gss_add_buffer_set_member;
                 gss_add_cred;
+               gss_add_cred_with_password;
                 gss_add_oid_set_member;
+               gss_authorize_localname;
                 gss_canonicalize_name;
                 gss_compare_name;
                 gss_context_query_attributes;
@@ -61,6 +68,7 @@ HEIMDAL_GSS_2.0 {
                 gss_mg_collect_error;
                 gss_oid_equal;
                 gss_oid_to_str;
+               gss_pname_to_uid;
                 gss_process_context_token;
                 gss_pseudo_random;
                 gss_release_buffer;
@@ -75,10 +83,12 @@ HEIMDAL_GSS_2.0 {
                 gss_set_name_attribute;
                 gss_set_sec_context_option;
                 gss_sign;
+               gss_store_cred;
                 gss_test_oid_set_member;
                 gss_unseal;
                 gss_unwrap;
                 gss_unwrap_iov;
+               gss_userok;
                 gss_verify;
                 gss_verify_mic;
                 gss_wrap;
diff --git a/source4/heimdal/lib/hcrypto/camellia-ntt.c b/source4/heimdal/lib/hcrypto/camellia-ntt.c

index 79c5a884ecd112fb18c947864f6631a77ce79c29..0ee13f3f549894751e02719ccba3cee505fc0167 100644 (file)
--- a/source4/heimdal/lib/hcrypto/camellia-ntt.c
+++ b/source4/heimdal/lib/hcrypto/camellia-ntt.c
@@ -1050,7 +1050,7 @@ static void camellia_encrypt128(const u32 *subkey, u32 *io)
      io[1] = io[3];
      io[2] = t0;
      io[3] = t1;
-       
+
      return;
  }
  
@@ -1268,7 +1268,7 @@ static void camellia_decrypt256(const u32 *subkey, u32 *io)
      /* pre whitening but absorb kw2*/
      io[0] ^= CamelliaSubkeyL(32);
      io[1] ^= CamelliaSubkeyR(32);
-       
+
      /* main iteration */
      CAMELLIA_ROUNDSM(io[0],io[1],
                      CamelliaSubkeyL(31),CamelliaSubkeyR(31),
diff --git a/source4/heimdal/lib/hcrypto/des.c b/source4/heimdal/lib/hcrypto/des.c

index 43ff8a3f502c14878ad7ddd0e0db110b3c605558..2e3192bff8ad86755ee42c716ba966da16e0e136 100644 (file)
--- a/source4/heimdal/lib/hcrypto/des.c
+++ b/source4/heimdal/lib/hcrypto/des.c
@@ -254,10 +254,10 @@ DES_set_key_unchecked(DES_cblock *key, DES_key_schedule *ks)
  
      for (i = 0; i < 16; i++) {
         uint32_t kc, kd;
-       
+
         ROTATE_LEFT28(c, shifts[i]);
         ROTATE_LEFT28(d, shifts[i]);
-       
+
         kc = pc2_c_1[(c >> 22) & 0x3f] |
             pc2_c_2[((c >> 16) & 0x30) | ((c >> 15) & 0xf)] |
             pc2_c_3[((c >> 9 ) & 0x3c) | ((c >> 8 ) & 0x3)] |
@@ -780,7 +780,7 @@ DES_cbc_cksum(const void *in, DES_cblock *output,
         u[0] ^= uiv[0]; u[1] ^= uiv[1];
         DES_encrypt(u, ks, 1);
         uiv[0] = u[0]; uiv[1] = u[1];
-       
+
         length -= DES_CBLOCK_LEN;
         input += DES_CBLOCK_LEN;
      }
diff --git a/source4/heimdal/lib/hcrypto/des.h b/source4/heimdal/lib/hcrypto/des.h

index 99eb76c818e78ea3eb8f9b1945a6e42f198874ea..0824408c47faa056796a4c89d0c6994c7b1dce05 100644 (file)
--- a/source4/heimdal/lib/hcrypto/des.h
+++ b/source4/heimdal/lib/hcrypto/des.h
@@ -87,7 +87,7 @@ typedef struct DES_key_schedule
  #ifndef HC_DEPRECATED
  #if defined(__GNUC__) && ((__GNUC__ > 3) || ((__GNUC__ == 3) && (__GNUC_MINOR__ >= 1 )))
  #define HC_DEPRECATED __attribute__((deprecated))
-#elif defined(_MSC_VER) && (_MSC_VER>1200) 
+#elif defined(_MSC_VER) && (_MSC_VER>1200)
  #define HC_DEPRECATED __declspec(deprecated)
  #else
  #define HC_DEPRECATED
diff --git a/source4/heimdal/lib/hcrypto/dh-ltm.c b/source4/heimdal/lib/hcrypto/dh-ltm.c

index f66cd5aff2e2a5e62a6c3448696c8588fe0a252d..6af43cf044ee4483a61c057e9e4751fb7b9654ed 100644 (file)
--- a/source4/heimdal/lib/hcrypto/dh-ltm.c
+++ b/source4/heimdal/lib/hcrypto/dh-ltm.c
@@ -112,11 +112,11 @@ ltm_dh_generate_key(DH *dh)
             BN_free(dh->pub_key);
  
         mp_init_multi(&pub, &priv_key, &g, &p, NULL);
-       
+
         BN2mpz(&priv_key, dh->priv_key);
         BN2mpz(&g, dh->g);
         BN2mpz(&p, dh->p);
-       
+
         res = mp_exptmod(&g, &priv_key, &p, &pub);
  
         mp_clear_multi(&priv_key, &g, &p, NULL);
@@ -127,7 +127,7 @@ ltm_dh_generate_key(DH *dh)
         mp_clear(&pub);
         if (dh->pub_key == NULL)
             return 0;
-       
+
         if (DH_check_pubkey(dh, dh->pub_key, &codes) && codes == 0)
             break;
         if (have_private_key)
diff --git a/source4/heimdal/lib/hcrypto/dh.c b/source4/heimdal/lib/hcrypto/dh.c

index 43e1d6ac1b886ab4d643ee0618bf1537f77cf12a..e1f82bfd3bba4543a4a268a30e4b2c87388e992a 100644 (file)
--- a/source4/heimdal/lib/hcrypto/dh.c
+++ b/source4/heimdal/lib/hcrypto/dh.c
@@ -539,8 +539,10 @@ i2d_DHparams(DH *dh, unsigned char **pp)
         free_DHParameter(&data);
         if (ret)
             return -1;
-       if (len != size)
+       if (len != size) {
             abort();
+            return -1;
+        }
  
         memcpy(*pp, p, size);
         free(p);
diff --git a/source4/heimdal/lib/hcrypto/engine.c b/source4/heimdal/lib/hcrypto/engine.c

index 15853420f6de5d7501533c683993c771e8ba3ffb..3b22e56201120cb3f6503b11df0e59e8618194b4 100644 (file)
--- a/source4/heimdal/lib/hcrypto/engine.c
+++ b/source4/heimdal/lib/hcrypto/engine.c
@@ -339,7 +339,7 @@ ENGINE_by_dso(const char *path, const char *id)
             dlclose(handle);
             free(engine);
             return NULL;
-       }       
+       }
      }
  
      {
@@ -357,7 +357,7 @@ ENGINE_by_dso(const char *path, const char *id)
             dlclose(handle);
             free(engine);
             return NULL;
-       }       
+       }
      }
  
      ENGINE_up_ref(engine);
diff --git a/source4/heimdal/lib/hcrypto/evp.c b/source4/heimdal/lib/hcrypto/evp.c

index 7bd066fd5dccb8e446c22e6b404aa67a5a55166a..75eefc49312e3acbf241e2eb591939280c9239bc 100644 (file)
--- a/source4/heimdal/lib/hcrypto/evp.c
+++ b/source4/heimdal/lib/hcrypto/evp.c
@@ -415,7 +415,7 @@ EVP_sha1(void)
  
  const EVP_MD *
  EVP_sha(void) HC_DEPRECATED
-    
+
  {
      hcrypto_validate();
      return EVP_sha1();
@@ -875,7 +875,7 @@ EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, void *out, int *outlen,
             ctx->buf_len += inlen;
             return 1;
         }
-       
+
         /* fill in local buffer and encrypt */
         memcpy(ctx->buf + ctx->buf_len, in, left);
         ret = (*ctx->cipher->do_cipher)(ctx, out, ctx->buf, blocksize);
@@ -893,7 +893,7 @@ EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, void *out, int *outlen,
      if (inlen) {
         ctx->buf_len = (inlen & ctx->block_mask);
         inlen &= ~ctx->block_mask;
-       
+
         ret = (*ctx->cipher->do_cipher)(ctx, out, in, inlen);
         if (ret != 1)
             return ret;
diff --git a/source4/heimdal/lib/hcrypto/evp.h b/source4/heimdal/lib/hcrypto/evp.h

index c56eedec45b29956a679e81f54e0bcc863437658..626c46329614b1510f8500085319eab256f4bb4d 100644 (file)
--- a/source4/heimdal/lib/hcrypto/evp.h
+++ b/source4/heimdal/lib/hcrypto/evp.h
@@ -195,7 +195,7 @@ struct hc_evp_md {
  #ifndef HC_DEPRECATED
  #if defined(__GNUC__) && ((__GNUC__ > 3) || ((__GNUC__ == 3) && (__GNUC_MINOR__ >= 1 )))
  #define HC_DEPRECATED __attribute__((deprecated))
-#elif defined(_MSC_VER) && (_MSC_VER>1200) 
+#elif defined(_MSC_VER) && (_MSC_VER>1200)
  #define HC_DEPRECATED __declspec(deprecated)
  #else
  #define HC_DEPRECATED
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_fast_mp_invmod.c b/source4/heimdal/lib/hcrypto/libtommath/bn_fast_mp_invmod.c

index ff03dfffe3d9769d62bbb78a64ae4242951c94fa..f4780d8e8ccde36215ee6ae1dc29968ccb85c005 100644 (file)
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_fast_mp_invmod.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_fast_mp_invmod.c
@@ -15,10 +15,10 @@
   * Tom St Denis, tomstdenis@gmail.com, http://libtom.org
   */
  
-/* computes the modular inverse via binary extended euclidean algorithm, 
- * that is c = 1/a mod b 
+/* computes the modular inverse via binary extended euclidean algorithm,
+ * that is c = 1/a mod b
   *
- * Based on slow invmod except this is optimized for the case where b is 
+ * Based on slow invmod except this is optimized for the case where b is
   * odd as per HAC Note 14.64 on pp. 610
   */
  int fast_mp_invmod (mp_int * a, mp_int * b, mp_int * c)
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_fast_s_mp_mul_digs.c b/source4/heimdal/lib/hcrypto/libtommath/bn_fast_s_mp_mul_digs.c

index 91e10d670fe1d577eb6ac9dfa88383f998b4bf8b..90f161b102318838e7de84ad6935f9eebcf16d9d 100644 (file)
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_fast_s_mp_mul_digs.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_fast_s_mp_mul_digs.c
@@ -17,15 +17,15 @@
  
  /* Fast (comba) multiplier
   *
- * This is the fast column-array [comba] multiplier.  It is 
- * designed to compute the columns of the product first 
- * then handle the carries afterwards.  This has the effect 
+ * This is the fast column-array [comba] multiplier.  It is
+ * designed to compute the columns of the product first
+ * then handle the carries afterwards.  This has the effect
   * of making the nested loops that compute the columns very
   * simple and schedulable on super-scalar processors.
   *
- * This has been modified to produce a variable number of 
- * digits of output so if say only a half-product is required 
- * you don't have to compute the upper half (a feature 
+ * This has been modified to produce a variable number of
+ * digits of output so if say only a half-product is required
+ * you don't have to compute the upper half (a feature
   * required for fast Barrett reduction).
   *
   * Based on Algorithm 14.12 on pp.595 of HAC.
@@ -49,7 +49,7 @@ int fast_s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
  
    /* clear the carry */
    _W = 0;
-  for (ix = 0; ix < pa; ix++) { 
+  for (ix = 0; ix < pa; ix++) {
        int      tx, ty;
        int      iy;
        mp_digit *tmpx, *tmpy;
@@ -62,7 +62,7 @@ int fast_s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
        tmpx = a->dp + tx;
        tmpy = b->dp + ty;
  
-      /* this is the number of times the loop will iterrate, essentially 
+      /* this is the number of times the loop will iterrate, essentially
           while (tx++ < a->used && ty-- >= 0) { ... }
         */
        iy = MIN(a->used-tx, ty+1);
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_fast_s_mp_mul_high_digs.c b/source4/heimdal/lib/hcrypto/libtommath/bn_fast_s_mp_mul_high_digs.c

index 5b114d717abec2bbfbde0d64ac90808d2d28e25f..a03b9f1324f82acab75ffe63dc143df8fc51dde1 100644 (file)
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_fast_s_mp_mul_high_digs.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_fast_s_mp_mul_high_digs.c
@@ -41,7 +41,7 @@ int fast_s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
    /* number of output digits to produce */
    pa = a->used + b->used;
    _W = 0;
-  for (ix = digs; ix < pa; ix++) { 
+  for (ix = digs; ix < pa; ix++) {
        int      tx, ty, iy;
        mp_digit *tmpx, *tmpy;
  
@@ -53,7 +53,7 @@ int fast_s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
        tmpx = a->dp + tx;
        tmpy = b->dp + ty;
  
-      /* this is the number of times the loop will iterrate, essentially its 
+      /* this is the number of times the loop will iterrate, essentially its
           while (tx++ < a->used && ty-- >= 0) { ... }
         */
        iy = MIN(a->used-tx, ty+1);
@@ -69,7 +69,7 @@ int fast_s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
        /* make next carry */
        _W = _W >> ((mp_word)DIGIT_BIT);
    }
-  
+
    /* setup dest */
    olduse  = c->used;
    c->used = pa;
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_fast_s_mp_sqr.c b/source4/heimdal/lib/hcrypto/libtommath/bn_fast_s_mp_sqr.c

index 19e92ef1807f2772ead6743256de93eab82fecba..848eaf04630f7481cfbc20158f5c98a1400f766f 100644 (file)
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_fast_s_mp_sqr.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_fast_s_mp_sqr.c
@@ -16,10 +16,10 @@
   */
  
  /* the jist of squaring...
- * you do like mult except the offset of the tmpx [one that 
- * starts closer to zero] can't equal the offset of tmpy.  
+ * you do like mult except the offset of the tmpx [one that
+ * starts closer to zero] can't equal the offset of tmpy.
   * So basically you set up iy like before then you min it with
- * (ty-tx) so that it never happens.  You double all those 
+ * (ty-tx) so that it never happens.  You double all those
   * you add in the inner loop
  
  After that loop you do the squares and add them in.
@@ -41,7 +41,7 @@ int fast_s_mp_sqr (mp_int * a, mp_int * b)
  
    /* number of output digits to produce */
    W1 = 0;
-  for (ix = 0; ix < pa; ix++) { 
+  for (ix = 0; ix < pa; ix++) {
        int      tx, ty, iy;
        mp_word  _W;
        mp_digit *tmpy;
@@ -62,7 +62,7 @@ int fast_s_mp_sqr (mp_int * a, mp_int * b)
         */
        iy = MIN(a->used-tx, ty+1);
  
-      /* now for squaring tx can never equal ty 
+      /* now for squaring tx can never equal ty
         * we halve the distance since they approach at a rate of 2x
         * and we have to round because odd cases need to be executed
         */
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_2expt.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_2expt.c

index f422ffc9946b457a9c53c5ce3ad46b5aaee10972..11a508c7fb73c71873a30ea39ee68b6495d8e115 100644 (file)
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_2expt.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_2expt.c
@@ -15,7 +15,7 @@
   * Tom St Denis, tomstdenis@gmail.com, http://libtom.org
   */
  
-/* computes a = 2**b 
+/* computes a = 2**b
   *
   * Simple algorithm which zeroes the int, grows it then just sets one bit
   * as required.
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_abs.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_abs.c

index 09dd7229eb5d69773780a57aa1257436019e41c0..d97e8db05f137d9689f5af2d1040d1c4f563015b 100644 (file)
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_abs.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_abs.c
@@ -15,7 +15,7 @@
   * Tom St Denis, tomstdenis@gmail.com, http://libtom.org
   */
  
-/* b = |a| 
+/* b = |a|
   *
   * Simple function copies the input and fixes the sign to positive
   */
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_clamp.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_clamp.c

index 359c2ff24d2a173950a3d30b94930eac18760b0c..2a565e8dbd285b2b8f7fe8c67ffcff72ee7c1c03 100644 (file)
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_clamp.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_clamp.c
@@ -15,7 +15,7 @@
   * Tom St Denis, tomstdenis@gmail.com, http://libtom.org
   */
  
-/* trim unused digits 
+/* trim unused digits
   *
   * This is used to ensure that leading zero digits are
   * trimed and the leading "used" digit will be non-zero
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_clear_multi.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_clear_multi.c

index daaea79a3bd0ec49b47fda7f2b92577ffab10020..e5e3da340aea90acc05fcc6119eaac7d6b920acf 100644 (file)
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_clear_multi.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_clear_multi.c
@@ -16,7 +16,7 @@
   */
  #include <stdarg.h>
  
-void mp_clear_multi(mp_int *mp, ...) 
+void mp_clear_multi(mp_int *mp, ...)
  {
      mp_int* next_mp = mp;
      va_list args;
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_cmp.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_cmp.c

index 533f36bf931c739ca064b952197fc86535a5748f..ccd2c8eb9b9b4f724f8c1583a60ec4415e5715e5 100644 (file)
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_cmp.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_cmp.c
@@ -27,7 +27,7 @@ mp_cmp (mp_int * a, mp_int * b)
          return MP_GT;
       }
    }
-  
+
    /* compare digits */
    if (a->sign == MP_NEG) {
       /* if negative compare opposite direction */
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_cmp_mag.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_cmp_mag.c

index 693eb7cc7294db0b0df712e149fbd236754aba09..4a505238a031db3b934abf4d94d6c9fc3cee8268 100644 (file)
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_cmp_mag.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_cmp_mag.c
@@ -25,7 +25,7 @@ int mp_cmp_mag (mp_int * a, mp_int * b)
    if (a->used > b->used) {
      return MP_GT;
    }
-  
+
    if (a->used < b->used) {
      return MP_LT;
    }
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_cnt_lsb.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_cnt_lsb.c

index 66d1a74714b577623d09fcbde06a6845de9a6296..2d4a8d4f0f201e6682bbe199fad01b0c0d9278b6 100644 (file)
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_cnt_lsb.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_cnt_lsb.c
@@ -15,7 +15,7 @@
   * Tom St Denis, tomstdenis@gmail.com, http://libtom.org
   */
  
-static const int lnz[16] = { 
+static const int lnz[16] = {
     4, 0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0
  };
  
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_count_bits.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_count_bits.c

index 8bc5657a333583d116e20c35d63d7f5ddc6b0cdb..5dfd5f375cb66d8ad661c18aa180b6c5f0472825 100644 (file)
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_count_bits.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_count_bits.c
@@ -29,7 +29,7 @@ mp_count_bits (mp_int * a)
  
    /* get number of digits and add that */
    r = (a->used - 1) * DIGIT_BIT;
-  
+
    /* take the last digit and count the bits in it */
    q = a->dp[a->used - 1];
    while (q > ((mp_digit) 0)) {
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_div.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_div.c

index aee9c94324d40fb708c2795d34edafd75a29415c..2c364b396fc02c43c5fe6b13d54940010ed9a52f 100644 (file)
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_div.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_div.c
@@ -40,7 +40,7 @@ int mp_div(mp_int * a, mp_int * b, mp_int * c, mp_int * d)
      }
      return res;
    }
-       
+
    /* init our temps */
    if ((res = mp_init_multi(&ta, &tb, &tq, &q, NULL) != MP_OKAY)) {
       return res;
@@ -50,7 +50,7 @@ int mp_div(mp_int * a, mp_int * b, mp_int * c, mp_int * d)
    mp_set(&tq, 1);
    n = mp_count_bits(a) - mp_count_bits(b);
    if (((res = mp_abs(a, &ta)) != MP_OKAY) ||
-      ((res = mp_abs(b, &tb)) != MP_OKAY) || 
+      ((res = mp_abs(b, &tb)) != MP_OKAY) ||
        ((res = mp_mul_2d(&tb, n, &tb)) != MP_OKAY) ||
        ((res = mp_mul_2d(&tq, n, &tq)) != MP_OKAY)) {
        goto LBL_ERR;
@@ -87,17 +87,17 @@ LBL_ERR:
  
  #else
  
-/* integer signed division. 
+/* integer signed division.
   * c*b + d == a [e.g. a/b, c=quotient, d=remainder]
   * HAC pp.598 Algorithm 14.20
   *
- * Note that the description in HAC is horribly 
- * incomplete.  For example, it doesn't consider 
- * the case where digits are removed from 'x' in 
- * the inner loop.  It also doesn't consider the 
+ * Note that the description in HAC is horribly
+ * incomplete.  For example, it doesn't consider
+ * the case where digits are removed from 'x' in
+ * the inner loop.  It also doesn't consider the
   * case that y has fewer than three digits, etc..
   *
- * The overall algorithm is as described as 
+ * The overall algorithm is as described as
   * 14.20 from HAC but fixed to treat these cases.
  */
  int mp_div (mp_int * a, mp_int * b, mp_int * c, mp_int * d)
@@ -187,7 +187,7 @@ int mp_div (mp_int * a, mp_int * b, mp_int * c, mp_int * d)
        continue;
      }
  
-    /* step 3.1 if xi == yt then set q{i-t-1} to b-1, 
+    /* step 3.1 if xi == yt then set q{i-t-1} to b-1,
       * otherwise set q{i-t-1} to (xi*b + x{i-1})/yt */
      if (x.dp[i] == y.dp[t]) {
        q.dp[i - t - 1] = ((((mp_digit)1) << DIGIT_BIT) - 1);
@@ -201,10 +201,10 @@ int mp_div (mp_int * a, mp_int * b, mp_int * c, mp_int * d)
        q.dp[i - t - 1] = (mp_digit) (tmp & (mp_word) (MP_MASK));
      }
  
-    /* while (q{i-t-1} * (yt * b + y{t-1})) > 
-             xi * b**2 + xi-1 * b + xi-2 
-     
-       do q{i-t-1} -= 1; 
+    /* while (q{i-t-1} * (yt * b + y{t-1})) >
+             xi * b**2 + xi-1 * b + xi-2
+
+       do q{i-t-1} -= 1;
      */
      q.dp[i - t - 1] = (q.dp[i - t - 1] + 1) & MP_MASK;
      do {
@@ -255,10 +255,10 @@ int mp_div (mp_int * a, mp_int * b, mp_int * c, mp_int * d)
      }
    }
  
-  /* now q is the quotient and x is the remainder 
-   * [which we have to normalize] 
+  /* now q is the quotient and x is the remainder
+   * [which we have to normalize]
     */
-  
+
    /* get sign before writing to c */
    x.sign = x.used == 0 ? MP_ZPOS : a->sign;
  
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_div_3.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_div_3.c

index 3c60269ecea8a7dbe5e69c6b2ee77dc01e7f67f9..78e2381b6e73ec222026dc4e88b428c8f1d90c64 100644 (file)
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_div_3.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_div_3.c
@@ -23,14 +23,14 @@ mp_div_3 (mp_int * a, mp_int *c, mp_digit * d)
    mp_word  w, t;
    mp_digit b;
    int      res, ix;
-  
+
    /* b = 2**DIGIT_BIT / 3 */
    b = (((mp_word)1) << ((mp_word)DIGIT_BIT)) / ((mp_word)3);
  
    if ((res = mp_init_size(&q, a->used)) != MP_OKAY) {
       return res;
    }
-  
+
    q.used = a->used;
    q.sign = a->sign;
    w = 0;
@@ -68,7 +68,7 @@ mp_div_3 (mp_int * a, mp_int *c, mp_digit * d)
       mp_exch(&q, c);
    }
    mp_clear(&q);
-  
+
    return res;
  }
  
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_div_d.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_div_d.c

index 6a26d4f0cf64145aab95dc326110a08430aac093..7bd372c20d3783b0e1ae4cfbdf8b3ff93662dec1 100644 (file)
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_div_d.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_div_d.c
@@ -79,13 +79,13 @@ int mp_div_d (mp_int * a, mp_digit b, mp_int * c, mp_digit * d)
    if ((res = mp_init_size(&q, a->used)) != MP_OKAY) {
       return res;
    }
-  
+
    q.used = a->used;
    q.sign = a->sign;
    w = 0;
    for (ix = a->used - 1; ix >= 0; ix--) {
       w = (w << ((mp_word)DIGIT_BIT)) | ((mp_word)a->dp[ix]);
-     
+
       if (w >= b) {
          t = (mp_digit)(w / b);
          w -= ((mp_word)t) * ((mp_word)b);
@@ -94,17 +94,17 @@ int mp_div_d (mp_int * a, mp_digit b, mp_int * c, mp_digit * d)
        }
        q.dp[ix] = (mp_digit)t;
    }
-  
+
    if (d != NULL) {
       *d = (mp_digit)w;
    }
-  
+
    if (c != NULL) {
       mp_clamp(&q);
       mp_exch(&q, c);
    }
    mp_clear(&q);
-  
+
    return res;
  }
  
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_dr_setup.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_dr_setup.c

index 1d7d856ef0a00e5f681f751feafc84550d1455f6..b7d5ed7c03e1925ae7b8d567e94a8c4c5f34f355 100644 (file)
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_dr_setup.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_dr_setup.c
@@ -21,7 +21,7 @@ void mp_dr_setup(mp_int *a, mp_digit *d)
     /* the casts are required if DIGIT_BIT is one less than
      * the number of bits in a mp_digit [e.g. DIGIT_BIT==31]
      */
-   *d = (mp_digit)((((mp_word)1) << ((mp_word)DIGIT_BIT)) - 
+   *d = (mp_digit)((((mp_word)1) << ((mp_word)DIGIT_BIT)) -
          ((mp_word)a->dp[0]));
  }
  
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_exch.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_exch.c

index 38574e0a5e90bb19d7c1e92267138a0cba806d98..ee551bc3e19607a642b3024b6748615e1afbcab2 100644 (file)
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_exch.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_exch.c
@@ -15,7 +15,7 @@
   * Tom St Denis, tomstdenis@gmail.com, http://libtom.org
   */
  
-/* swap the elements of two integers, for cases where you can't simply swap the 
+/* swap the elements of two integers, for cases where you can't simply swap the
   * mp_int pointers around
   */
  void
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_exptmod.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_exptmod.c

index 023191657ab36caa485ff43ab08d152f132dae8f..56d7c11d26e48ccb6ba5fcc31f3c3632f5cc4df6 100644 (file)
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_exptmod.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_exptmod.c
@@ -59,7 +59,7 @@ int mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y)
       err = mp_exptmod(&tmpG, &tmpX, P, Y);
       mp_clear_multi(&tmpG, &tmpX, NULL);
       return err;
-#else 
+#else
       /* no invmod */
       return MP_VAL;
  #endif
@@ -86,7 +86,7 @@ int mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y)
       dr = mp_reduce_is_2k(P) << 1;
    }
  #endif
-    
+
    /* if the modulus is odd or dr != 0 use the montgomery method */
  #ifdef BN_MP_EXPTMOD_FAST_C
    if (mp_isodd (P) == 1 || dr !=  0) {
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_exptmod_fast.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_exptmod_fast.c

index 2a3b3c9e8169e5a463998006e4af145538dc38ea..64fbe7fe21075c72abc327a4b8ac62dab87266e3 100644 (file)
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_exptmod_fast.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_exptmod_fast.c
@@ -84,7 +84,7 @@ int mp_exptmod_fast (mp_int * G, mp_int * X, mp_int * P, mp_int * Y, int redmode
  
    /* determine and setup reduction code */
    if (redmode == 0) {
-#ifdef BN_MP_MONTGOMERY_SETUP_C     
+#ifdef BN_MP_MONTGOMERY_SETUP_C
       /* now setup montgomery  */
       if ((err = mp_montgomery_setup (P, &mp)) != MP_OKAY) {
          goto LBL_M;
@@ -99,7 +99,7 @@ int mp_exptmod_fast (mp_int * G, mp_int * X, mp_int * P, mp_int * Y, int redmode
       if (((P->used * 2 + 1) < MP_WARRAY) &&
            P->used < (1 << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) {
          redux = fast_mp_montgomery_reduce;
-     } else 
+     } else
  #endif
       {
  #ifdef BN_MP_MONTGOMERY_REDUCE_C
@@ -150,7 +150,7 @@ int mp_exptmod_fast (mp_int * G, mp_int * X, mp_int * P, mp_int * Y, int redmode
       if ((err = mp_montgomery_calc_normalization (&res, P)) != MP_OKAY) {
         goto LBL_RES;
       }
-#else 
+#else
       err = MP_VAL;
       goto LBL_RES;
  #endif
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_exteuclid.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_exteuclid.c

index e6c4ce2b85394b6ed6454b0fb63855704810369f..daf0c95ea6ff1c8e8315c9129db409926ce8b109 100644 (file)
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_exteuclid.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_exteuclid.c
@@ -15,7 +15,7 @@
   * Tom St Denis, tomstdenis@gmail.com, http://libtom.org
   */
  
-/* Extended euclidean algorithm of (a, b) produces 
+/* Extended euclidean algorithm of (a, b) produces
     a*u1 + b*u2 = u3
   */
  int mp_exteuclid(mp_int *a, mp_int *b, mp_int *U1, mp_int *U2, mp_int *U3)
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_find_prime.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_find_prime.c

index 0458744fc754a018ca9ede900d0ddcf663979a71..ef7b6532c5cd081e38903358278f512080d2c977 100644 (file)
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_find_prime.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_find_prime.c
@@ -1,7 +1,7 @@
  /* TomsFastMath, a fast ISO C bignum library.
- * 
+ *
   * This project is public domain and free for all purposes.
- * 
+ *
   * Love Hornquist Astrand <lha@h5l.org>
   */
  #include <tommath.h>
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_fread.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_fread.c

index b344b6f05def18b7b67d70ad8593b750a8c50767..52f7f32f0d10e4c2377cd2f55a1950c3c12ab79a 100644 (file)
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_fread.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_fread.c
@@ -19,10 +19,10 @@
  int mp_fread(mp_int *a, int radix, FILE *stream)
  {
     int err, ch, neg, y;
-   
+
     /* clear a */
     mp_zero(a);
-   
+
     /* if first digit is - then set negative */
     ch = fgetc(stream);
     if (ch == '-') {
@@ -31,7 +31,7 @@ int mp_fread(mp_int *a, int radix, FILE *stream)
     } else {
        neg = MP_ZPOS;
     }
-   
+
     for (;;) {
        /* find y in the radix map */
        for (y = 0; y < radix; y++) {
@@ -42,7 +42,7 @@ int mp_fread(mp_int *a, int radix, FILE *stream)
        if (y == radix) {
           break;
        }
-      
+
        /* shift up and add */
        if ((err = mp_mul_d(a, radix, a)) != MP_OKAY) {
           return err;
@@ -50,13 +50,13 @@ int mp_fread(mp_int *a, int radix, FILE *stream)
        if ((err = mp_add_d(a, y, a)) != MP_OKAY) {
           return err;
        }
-      
+
        ch = fgetc(stream);
     }
     if (mp_cmp_d(a, 0) != MP_EQ) {
        a->sign = neg;
     }
-   
+
     return MP_OKAY;
  }
  
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_fwrite.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_fwrite.c

index a0b4c6b6d1c594e9125440c39e5524c3b826da14..dc4529ba229171b16e9bf9de878c369fb74d2f59 100644 (file)
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_fwrite.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_fwrite.c
@@ -19,7 +19,7 @@ int mp_fwrite(mp_int *a, int radix, FILE *stream)
  {
     char *buf;
     int err, len, x;
-   
+
     if ((err = mp_radix_size(a, radix, &len)) != MP_OKAY) {
        return err;
     }
@@ -28,19 +28,19 @@ int mp_fwrite(mp_int *a, int radix, FILE *stream)
     if (buf == NULL) {
        return MP_MEM;
     }
-   
+
     if ((err = mp_toradix(a, buf, radix)) != MP_OKAY) {
        XFREE (buf);
        return err;
     }
-   
+
     for (x = 0; x < len; x++) {
         if (fputc(buf[x], stream) == EOF) {
            XFREE (buf);
            return MP_VAL;
         }
     }
-   
+
     XFREE (buf);
     return MP_OKAY;
  }
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_gcd.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_gcd.c

index b39ba9041dbf7f1f40180cb05862a9aede941243..89795d564ed9d46115479a1f50d9ae8b0582b870 100644 (file)
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_gcd.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_gcd.c
@@ -76,17 +76,17 @@ int mp_gcd (mp_int * a, mp_int * b, mp_int * c)
          /* swap u and v to make sure v is >= u */
          mp_exch(&u, &v);
       }
-     
+
       /* subtract smallest from largest */
       if ((res = s_mp_sub(&v, &u, &v)) != MP_OKAY) {
          goto LBL_V;
       }
-     
+
       /* Divide out all factors of two */
       if ((res = mp_div_2d(&v, mp_cnt_lsb(&v), &v, NULL)) != MP_OKAY) {
          goto LBL_V;
-     } 
-  } 
+     }
+  }
  
    /* multiply by 2**k which we divided out at the beginning */
    if ((res = mp_mul_2d (&u, k, c)) != MP_OKAY) {
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_get_int.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_get_int.c

index 17162e2bf1f8383adc0b8c37d6c1f05c9f13ed2a..e8e9b1d44073e1adab02fadf68ceb865462114bc 100644 (file)
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_get_int.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_get_int.c
@@ -16,7 +16,7 @@
   */
  
  /* get the lower 32-bits of an mp_int */
-unsigned long mp_get_int(mp_int * a) 
+unsigned long mp_get_int(mp_int * a)
  {
    int i;
    unsigned long res;
@@ -30,7 +30,7 @@ unsigned long mp_get_int(mp_int * a)
  
    /* get most significant digit of result */
    res = DIGIT(a,i);
-   
+
    while (--i >= 0) {
      res = (res << DIGIT_BIT) | DIGIT(a,i);
    }
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_init_multi.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_init_multi.c

index 59dc3a9ea759fa574d92deab46edbacc8c37e492..56e8602767520c8b735458392c81c347f6eaf491 100644 (file)
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_init_multi.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_init_multi.c
@@ -16,7 +16,7 @@
   */
  #include <stdarg.h>
  
-int mp_init_multi(mp_int *mp, ...) 
+int mp_init_multi(mp_int *mp, ...)
  {
      mp_err res = MP_OKAY;      /* Assume ok until proven otherwise */
      int n = 0;                 /* Number of ok inits */
@@ -30,11 +30,11 @@ int mp_init_multi(mp_int *mp, ...)
                 succeeded in init-ing, then return error.
              */
              va_list clean_args;
-            
+
              /* end the current list */
              va_end(args);
-            
-            /* now start cleaning up */            
+
+            /* now start cleaning up */
              cur_arg = mp;
              va_start(clean_args, mp);
              while (n--) {
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_init_size.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_init_size.c

index 8e014183a3ee890851b285b81c71cfc2e1057007..9578ac754c6cb9550ec324cfaab1942bd8af9094 100644 (file)
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_init_size.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_init_size.c
@@ -21,8 +21,8 @@ int mp_init_size (mp_int * a, int size)
    int x;
  
    /* pad size so there are always extra digits */
-  size += (MP_PREC * 2) - (size % MP_PREC);    
-  
+  size += (MP_PREC * 2) - (size % MP_PREC);
+
    /* alloc mem */
    a->dp = OPT_CAST(mp_digit) XMALLOC (sizeof (mp_digit) * size);
    if (a->dp == NULL) {
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_invmod.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_invmod.c

index 154651468fb0057dfea4cf2b11617636ff24aeed..ac1a9523191cd39c8de95032dbe8b4f067d0ba63 100644 (file)
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_invmod.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_invmod.c
@@ -32,9 +32,9 @@ int mp_invmod (mp_int * a, mp_int * b, mp_int * c)
  
  #ifdef BN_MP_INVMOD_SLOW_C
    return mp_invmod_slow(a, b, c);
-#endif
-
+#else
    return MP_VAL;
+#endif
  }
  #endif
  
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_invmod_slow.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_invmod_slow.c

index eedd47dcf13d8067f647d4b693389da4c86a8d34..4ec487efae2e703d0d25c028845a9151ece3bcd9 100644 (file)
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_invmod_slow.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_invmod_slow.c
@@ -27,7 +27,7 @@ int mp_invmod_slow (mp_int * a, mp_int * b, mp_int * c)
    }
  
    /* init temps */
-  if ((res = mp_init_multi(&x, &y, &u, &v, 
+  if ((res = mp_init_multi(&x, &y, &u, &v,
                             &A, &B, &C, &D, NULL)) != MP_OKAY) {
       return res;
    }
@@ -154,14 +154,14 @@ top:
           goto LBL_ERR;
        }
    }
-  
+
    /* too big */
    while (mp_cmp_mag(&C, b) != MP_LT) {
        if ((res = mp_sub(&C, b, &C)) != MP_OKAY) {
           goto LBL_ERR;
        }
    }
-  
+
    /* C is now the inverse */
    mp_exch (&C, c);
    res = MP_OKAY;
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_is_square.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_is_square.c

index 50c524444ec19f2fec2417c48416f611141cfedc..027fcd2f5addbbe76677274689d28940df720684 100644 (file)
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_is_square.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_is_square.c
@@ -38,7 +38,7 @@ static const char rem_105[105] = {
  };
  
  /* Store non-zero to ret if arg is square, and zero if not */
-int mp_is_square(mp_int *arg,int *ret) 
+int mp_is_square(mp_int *arg,int *ret)
  {
    int           res;
    mp_digit      c;
@@ -46,7 +46,7 @@ int mp_is_square(mp_int *arg,int *ret)
    unsigned long r;
  
    /* Default to Non-square :) */
-  *ret = MP_NO; 
+  *ret = MP_NO;
  
    if (arg->sign == MP_NEG) {
      return MP_VAL;
@@ -80,8 +80,8 @@ int mp_is_square(mp_int *arg,int *ret)
    r = mp_get_int(&t);
    /* Check for other prime modules, note it's not an ERROR but we must
     * free "t" so the easiest way is to goto ERR.  We know that res
-   * is already equal to MP_OKAY from the mp_mod call 
-   */ 
+   * is already equal to MP_OKAY from the mp_mod call
+   */
    if ( (1L<<(r%11)) & 0x5C4L )             goto ERR;
    if ( (1L<<(r%13)) & 0x9E4L )             goto ERR;
    if ( (1L<<(r%17)) & 0x5CE8L )            goto ERR;
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_isprime.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_isprime.c

index 07ce86f29601952b8b7b36d60e6d62cda467508c..d3678d5dc11ab1353524ddfab85620f9e3c1e4e4 100644 (file)
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_isprime.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_isprime.c
@@ -1,10 +1,10 @@
  /* TomsFastMath, a fast ISO C bignum library.
- * 
+ *
   * This project is meant to fill in where LibTomMath
   * falls short.  That is speed ;-)
   *
   * This project is public domain and free for all purposes.
- * 
+ *
   * Tom St Denis, tomstdenis@gmail.com
   */
  #include <tommath.h>
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_karatsuba_mul.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_karatsuba_mul.c

index 8ea2c2792a9af6d4a758847cdfe2613299cc806e..72a2319c067217379b6c19ddc59c3b76494b6e24 100644 (file)
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_karatsuba_mul.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_karatsuba_mul.c
@@ -15,33 +15,33 @@
   * Tom St Denis, tomstdenis@gmail.com, http://libtom.org
   */
  
-/* c = |a| * |b| using Karatsuba Multiplication using 
+/* c = |a| * |b| using Karatsuba Multiplication using
   * three half size multiplications
   *
- * Let B represent the radix [e.g. 2**DIGIT_BIT] and 
- * let n represent half of the number of digits in 
+ * Let B represent the radix [e.g. 2**DIGIT_BIT] and
+ * let n represent half of the number of digits in
   * the min(a,b)
   *
   * a = a1 * B**n + a0
   * b = b1 * B**n + b0
   *
- * Then, a * b => 
+ * Then, a * b =>
     a1b1 * B**2n + ((a1 + a0)(b1 + b0) - (a0b0 + a1b1)) * B + a0b0
   *
- * Note that a1b1 and a0b0 are used twice and only need to be 
- * computed once.  So in total three half size (half # of 
- * digit) multiplications are performed, a0b0, a1b1 and 
+ * Note that a1b1 and a0b0 are used twice and only need to be
+ * computed once.  So in total three half size (half # of
+ * digit) multiplications are performed, a0b0, a1b1 and
   * (a1+b1)(a0+b0)
   *
   * Note that a multiplication of half the digits requires
- * 1/4th the number of single precision multiplications so in 
- * total after one call 25% of the single precision multiplications 
- * are saved.  Note also that the call to mp_mul can end up back 
- * in this function if the a0, a1, b0, or b1 are above the threshold.  
- * This is known as divide-and-conquer and leads to the famous 
- * O(N**lg(3)) or O(N**1.584) work which is asymptopically lower than 
- * the standard O(N**2) that the baseline/comba methods use.  
- * Generally though the overhead of this method doesn't pay off 
+ * 1/4th the number of single precision multiplications so in
+ * total after one call 25% of the single precision multiplications
+ * are saved.  Note also that the call to mp_mul can end up back
+ * in this function if the a0, a1, b0, or b1 are above the threshold.
+ * This is known as divide-and-conquer and leads to the famous
+ * O(N**lg(3)) or O(N**1.584) work which is asymptopically lower than
+ * the standard O(N**2) that the baseline/comba methods use.
+ * Generally though the overhead of this method doesn't pay off
   * until a certain size (N ~ 80) is reached.
   */
  int mp_karatsuba_mul (mp_int * a, mp_int * b, mp_int * c)
@@ -109,7 +109,7 @@ int mp_karatsuba_mul (mp_int * a, mp_int * b, mp_int * c)
      }
    }
  
-  /* only need to clamp the lower words since by definition the 
+  /* only need to clamp the lower words since by definition the
     * upper words x1/y1 must have a known number of digits
     */
    mp_clamp (&x0);
@@ -117,7 +117,7 @@ int mp_karatsuba_mul (mp_int * a, mp_int * b, mp_int * c)
  
    /* now calc the products x0y0 and x1y1 */
    /* after this x0 is no longer required, free temp [x0==t2]! */
-  if (mp_mul (&x0, &y0, &x0y0) != MP_OKAY)  
+  if (mp_mul (&x0, &y0, &x0y0) != MP_OKAY)
      goto X1Y1;          /* x0y0 = x0*y0 */
    if (mp_mul (&x1, &y1, &x1y1) != MP_OKAY)
      goto X1Y1;          /* x1y1 = x1*y1 */
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_karatsuba_sqr.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_karatsuba_sqr.c

index a5e198be12f9b8a969445d2ede66cca285ef78f2..56692c5ae700784e1323435988713fd39d9c9df1 100644 (file)
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_karatsuba_sqr.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_karatsuba_sqr.c
@@ -15,11 +15,11 @@
   * Tom St Denis, tomstdenis@gmail.com, http://libtom.org
   */
  
-/* Karatsuba squaring, computes b = a*a using three 
+/* Karatsuba squaring, computes b = a*a using three
   * half size squarings
   *
- * See comments of karatsuba_mul for details.  It 
- * is essentially the same algorithm but merely 
+ * See comments of karatsuba_mul for details.  It
+ * is essentially the same algorithm but merely
   * tuned to perform recursive squarings.
   */
  int mp_karatsuba_sqr (mp_int * a, mp_int * b)
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_mul.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_mul.c

index 8b1117a63ba5a6f89a43444fa27de93c48bb14e7..816e7b2f0bd79d51aaad16dec2d261f9374ec551 100644 (file)
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_mul.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_mul.c
@@ -25,29 +25,29 @@ int mp_mul (mp_int * a, mp_int * b, mp_int * c)
  #ifdef BN_MP_TOOM_MUL_C
    if (MIN (a->used, b->used) >= TOOM_MUL_CUTOFF) {
      res = mp_toom_mul(a, b, c);
-  } else 
+  } else
  #endif
  #ifdef BN_MP_KARATSUBA_MUL_C
    /* use Karatsuba? */
    if (MIN (a->used, b->used) >= KARATSUBA_MUL_CUTOFF) {
      res = mp_karatsuba_mul (a, b, c);
-  } else 
+  } else
  #endif
    {
      /* can we use the fast multiplier?
       *
-     * The fast multiplier can be used if the output will 
-     * have less than MP_WARRAY digits and the number of 
+     * The fast multiplier can be used if the output will
+     * have less than MP_WARRAY digits and the number of
       * digits won't affect carry propagation
       */
      int     digs = a->used + b->used + 1;
  
  #ifdef BN_FAST_S_MP_MUL_DIGS_C
      if ((digs < MP_WARRAY) &&
-        MIN(a->used, b->used) <= 
+        MIN(a->used, b->used) <=
          (1 << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) {
        res = fast_s_mp_mul_digs (a, b, c, digs);
-    } else 
+    } else
  #endif
  #ifdef BN_S_MP_MUL_DIGS_C
        res = s_mp_mul (a, b, c); /* uses s_mp_mul_digs */
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_mul_2.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_mul_2.c

index 02455fc35d4f8889b078730291ebb316bf140e34..f90654832bec01fc27bce489ea6dbaf91304982d 100644 (file)
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_mul_2.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_mul_2.c
@@ -35,24 +35,24 @@ int mp_mul_2(mp_int * a, mp_int * b)
  
      /* alias for source */
      tmpa = a->dp;
-    
+
      /* alias for dest */
      tmpb = b->dp;
  
      /* carry */
      r = 0;
      for (x = 0; x < a->used; x++) {
-    
-      /* get what will be the *next* carry bit from the 
-       * MSB of the current digit 
+
+      /* get what will be the *next* carry bit from the
+       * MSB of the current digit
         */
        rr = *tmpa >> ((mp_digit)(DIGIT_BIT - 1));
-      
+
        /* now shift up this digit, add in the carry [from the previous] */
        *tmpb++ = ((*tmpa++ << ((mp_digit)1)) | r) & MP_MASK;
-      
-      /* copy the carry that would be from the source 
-       * digit into the next iteration 
+
+      /* copy the carry that would be from the source
+       * digit into the next iteration
         */
        r = rr;
      }
@@ -64,8 +64,8 @@ int mp_mul_2(mp_int * a, mp_int * b)
        ++(b->used);
      }
  
-    /* now zero any excess digits on the destination 
-     * that we didn't write to 
+    /* now zero any excess digits on the destination
+     * that we didn't write to
       */
      tmpb = b->dp + b->used;
      for (x = b->used; x < oldused; x++) {
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_mul_2d.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_mul_2d.c

index efeff2e75188c698db1cca48f126b28097b80317..d023b382cc1233159861215d92e67da9ae90b016 100644 (file)
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_mul_2d.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_mul_2d.c
@@ -69,7 +69,7 @@ int mp_mul_2d (mp_int * a, int b, mp_int * c)
        /* set the carry to the carry bits of the current word */
        r = rr;
      }
-    
+
      /* set final carry */
      if (r != 0) {
         c->dp[(c->used)++] = r;
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_n_root.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_n_root.c

index 0e7bedca72c26125d6cb20e4c763ab2abc5f8358..85d335cb9ef15732b5024633e5f38011705fe3df 100644 (file)
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_n_root.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_n_root.c
@@ -15,14 +15,14 @@
   * Tom St Denis, tomstdenis@gmail.com, http://libtom.org
   */
  
-/* find the n'th root of an integer 
+/* find the n'th root of an integer
   *
- * Result found such that (c)**b <= a and (c+1)**b > a 
+ * Result found such that (c)**b <= a and (c+1)**b > a
   *
- * This algorithm uses Newton's approximation 
- * x[i+1] = x[i] - f(x[i])/f'(x[i]) 
- * which will find the root in log(N) time where 
- * each step involves a fair bit.  This is not meant to 
+ * This algorithm uses Newton's approximation
+ * x[i+1] = x[i] - f(x[i])/f'(x[i])
+ * which will find the root in log(N) time where
+ * each step involves a fair bit.  This is not meant to
   * find huge roots [square and cube, etc].
   */
  int mp_n_root (mp_int * a, mp_digit b, mp_int * c)
@@ -61,31 +61,31 @@ int mp_n_root (mp_int * a, mp_digit b, mp_int * c)
      }
  
      /* t2 = t1 - ((t1**b - a) / (b * t1**(b-1))) */
-    
+
      /* t3 = t1**(b-1) */
-    if ((res = mp_expt_d (&t1, b - 1, &t3)) != MP_OKAY) {   
+    if ((res = mp_expt_d (&t1, b - 1, &t3)) != MP_OKAY) {
        goto LBL_T3;
      }
  
      /* numerator */
      /* t2 = t1**b */
-    if ((res = mp_mul (&t3, &t1, &t2)) != MP_OKAY) {    
+    if ((res = mp_mul (&t3, &t1, &t2)) != MP_OKAY) {
        goto LBL_T3;
      }
  
      /* t2 = t1**b - a */
-    if ((res = mp_sub (&t2, a, &t2)) != MP_OKAY) {  
+    if ((res = mp_sub (&t2, a, &t2)) != MP_OKAY) {
        goto LBL_T3;
      }
  
      /* denominator */
      /* t3 = t1**(b-1) * b  */
-    if ((res = mp_mul_d (&t3, b, &t3)) != MP_OKAY) {    
+    if ((res = mp_mul_d (&t3, b, &t3)) != MP_OKAY) {
        goto LBL_T3;
      }
  
      /* t3 = (t1**b - a)/(b * t1**(b-1)) */
-    if ((res = mp_div (&t2, &t3, &t3, NULL)) != MP_OKAY) {  
+    if ((res = mp_div (&t2, &t3, &t3, NULL)) != MP_OKAY) {
        goto LBL_T3;
      }
  
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_prime_fermat.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_prime_fermat.c

index c23d77f6de75b488d02bb290982d620cde57f107..8e74a337c543d7f1cb15be4737bf1a5e4fc7b78b 100644 (file)
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_prime_fermat.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_prime_fermat.c
@@ -16,7 +16,7 @@
   */
  
  /* performs one Fermat test.
- * 
+ *
   * If "a" were prime then b**a == b (mod a) since the order of
   * the multiplicative sub-group would be phi(a) = a-1.  That means
   * it would be the same as b**(a mod (a-1)) == b**1 == b (mod a).
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_prime_is_divisible.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_prime_is_divisible.c

index 8e7871c2c65792a831a0e1d683a5da70293a8f04..766cde95a6839c44296fa5885aa82c52db8fdf49 100644 (file)
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_prime_is_divisible.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_prime_is_divisible.c
@@ -15,7 +15,7 @@
   * Tom St Denis, tomstdenis@gmail.com, http://libtom.org
   */
  
-/* determines if an integers is divisible by one 
+/* determines if an integers is divisible by one
   * of the first PRIME_SIZE primes or not
   *
   * sets result to 0 if not, 1 if yes
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_prime_miller_rabin.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_prime_miller_rabin.c

index ddf03582ac443a48167ac9a21a8bb29d1af2b6cb..60a8c48eae952ffc3bbb74befb939f32c0d910d6 100644 (file)
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_prime_miller_rabin.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_prime_miller_rabin.c
@@ -15,11 +15,11 @@
   * Tom St Denis, tomstdenis@gmail.com, http://libtom.org
   */
  
-/* Miller-Rabin test of "a" to the base of "b" as described in 
+/* Miller-Rabin test of "a" to the base of "b" as described in
   * HAC pp. 139 Algorithm 4.24
   *
   * Sets result to 0 if definitely composite or 1 if probably prime.
- * Randomly the chance of error is no more than 1/4 and often 
+ * Randomly the chance of error is no more than 1/4 and often
   * very much lower.
   */
  int mp_prime_miller_rabin (mp_int * a, mp_int * b, int *result)
@@ -33,7 +33,7 @@ int mp_prime_miller_rabin (mp_int * a, mp_int * b, int *result)
    /* ensure b > 1 */
    if (mp_cmp_d(b, 1) != MP_GT) {
       return MP_VAL;
-  }     
+  }
  
    /* get n1 = a - 1 */
    if ((err = mp_init_copy (&n1, a)) != MP_OKAY) {
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_prime_next_prime.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_prime_next_prime.c

index daf2ec7c647de4d6c1866b14771ee839d96eaf27..a2897f087846207642d8f128f53abfc6f7246d71 100644 (file)
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_prime_next_prime.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_prime_next_prime.c
@@ -22,7 +22,7 @@
   */
  int mp_prime_next_prime(mp_int *a, int t, int bbs_style)
  {
-   int      err, res, x, y;
+   int      err, res = MP_NO, x, y;
     mp_digit res_tab[PRIME_SIZE], step, kstep;
     mp_int   b;
  
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_prime_random_ex.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_prime_random_ex.c

index 07aae4b072e15355ca78263f4f749733f1237c72..7b0d15c94d7f62fa4f9fde784a31e94088fa30e5 100644 (file)
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_prime_random_ex.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_prime_random_ex.c
@@ -18,7 +18,7 @@
  /* makes a truly random prime of a given size (bits),
   *
   * Flags are as follows:
- * 
+ *
   *   LTM_PRIME_BBS      - make prime congruent to 3 mod 4
   *   LTM_PRIME_SAFE     - make sure (p-1)/2 is prime as well (implies LTM_PRIME_BBS)
   *   LTM_PRIME_2MSB_OFF - make the 2nd highest bit zero
@@ -63,7 +63,7 @@ int mp_prime_random_ex(mp_int *a, int t, int size, int flags, ltm_prime_callback
     maskOR_msb_offset = ((size & 7) == 1) ? 1 : 0;
     if (flags & LTM_PRIME_2MSB_ON) {
        maskOR_msb       |= 0x80 >> ((9 - size) & 7);
-   }  
+   }
  
     /* get the maskOR_lsb */
     maskOR_lsb         = 1;
@@ -77,7 +77,7 @@ int mp_prime_random_ex(mp_int *a, int t, int size, int flags, ltm_prime_callback
           err = MP_VAL;
           goto error;
        }
- 
+
        /* work over the MSbyte */
        tmp[0]    &= maskAND;
        tmp[0]    |= 1 << ((size - 1) & 7);
@@ -91,7 +91,7 @@ int mp_prime_random_ex(mp_int *a, int t, int size, int flags, ltm_prime_callback
  
        /* is it prime? */
        if ((err = mp_prime_is_prime(a, t, &res)) != MP_OKAY)           { goto error; }
-      if (res == MP_NO) {  
+      if (res == MP_NO) {
           continue;
        }
  
@@ -99,7 +99,7 @@ int mp_prime_random_ex(mp_int *a, int t, int size, int flags, ltm_prime_callback
           /* see if (a-1)/2 is prime */
           if ((err = mp_sub_d(a, 1, a)) != MP_OKAY)                    { goto error; }
           if ((err = mp_div_2(a, a)) != MP_OKAY)                       { goto error; }
- 
+
           /* is it prime? */
           if ((err = mp_prime_is_prime(a, t, &res)) != MP_OKAY)        { goto error; }
        }
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_radix_size.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_radix_size.c

index 1b61e3a1be99d96f947cbd3519706a00262019f3..af94be8676ab6e16f0c1c7edd0aa2e5995f654bb 100644 (file)
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_radix_size.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_radix_size.c
@@ -54,7 +54,7 @@ int mp_radix_size (mp_int * a, int radix, int *size)
    }
  
    /* force temp to positive */
-  t.sign = MP_ZPOS; 
+  t.sign = MP_ZPOS;
  
    /* fetch out all of the digits */
    while (mp_iszero (&t) == MP_NO) {
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_read_radix.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_read_radix.c

index 91c46c22f748ad35c6bd3c54604420b68108be0a..35ca886736a1c358ad0d7509b44d58e0b9c1eec8 100644 (file)
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_read_radix.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_read_radix.c
@@ -29,8 +29,8 @@ int mp_read_radix (mp_int * a, const char *str, int radix)
      return MP_VAL;
    }
  
-  /* if the leading digit is a 
-   * minus set the sign to negative. 
+  /* if the leading digit is a
+   * minus set the sign to negative.
     */
    if (*str == '-') {
      ++str;
@@ -41,7 +41,7 @@ int mp_read_radix (mp_int * a, const char *str, int radix)
  
    /* set the integer to the default of zero */
    mp_zero (a);
-  
+
    /* process each digit of the string */
    while (*str) {
      /* if the radix < 36 the conversion is case insensitive
@@ -55,9 +55,9 @@ int mp_read_radix (mp_int * a, const char *str, int radix)
        }
      }
  
-    /* if the char was found in the map 
+    /* if the char was found in the map
       * and is less than the given radix add it
-     * to the number, otherwise exit the loop. 
+     * to the number, otherwise exit the loop.
       */
      if (y < radix) {
        if ((res = mp_mul_d (a, (mp_digit) radix, a)) != MP_OKAY) {
@@ -71,7 +71,7 @@ int mp_read_radix (mp_int * a, const char *str, int radix)
      }
      ++str;
    }
-  
+
    /* set the sign only if a != 0 */
    if (mp_iszero(a) != 1) {
       a->sign = neg;
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce.c

index 21d073090586f8b09ac63930238ade7ff2f090ad..ae57a6a0033408b2a3823ab624e1cf8a0260828c 100644 (file)
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce.c
@@ -15,7 +15,7 @@
   * Tom St Denis, tomstdenis@gmail.com, http://libtom.org
   */
  
-/* reduces x mod m, assumes 0 < x < m**2, mu is 
+/* reduces x mod m, assumes 0 < x < m**2, mu is
   * precomputed via mp_reduce_setup.
   * From HAC pp.604 Algorithm 14.42
   */
@@ -30,7 +30,7 @@ int mp_reduce (mp_int * x, mp_int * m, mp_int * mu)
    }
  
    /* q1 = x / b**(k-1)  */
-  mp_rshd (&q, um - 1);         
+  mp_rshd (&q, um - 1);
  
    /* according to HAC this optimization is ok */
    if (((unsigned long) um) > (((mp_digit)1) << (DIGIT_BIT - 1))) {
@@ -46,8 +46,8 @@ int mp_reduce (mp_int * x, mp_int * m, mp_int * mu)
      if ((res = fast_s_mp_mul_high_digs (&q, mu, &q, um)) != MP_OKAY) {
        goto CLEANUP;
      }
-#else 
-    { 
+#else
+    {
        res = MP_VAL;
        goto CLEANUP;
      }
@@ -55,7 +55,7 @@ int mp_reduce (mp_int * x, mp_int * m, mp_int * mu)
    }
  
    /* q3 = q2 / b**(k+1) */
-  mp_rshd (&q, um + 1);         
+  mp_rshd (&q, um + 1);
  
    /* x = x mod b**(k+1), quick (no division) */
    if ((res = mp_mod_2d (x, DIGIT_BIT * (um + 1), x)) != MP_OKAY) {
@@ -87,7 +87,7 @@ int mp_reduce (mp_int * x, mp_int * m, mp_int * mu)
        goto CLEANUP;
      }
    }
-  
+
  CLEANUP:
    mp_clear (&q);
  
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_2k.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_2k.c

index d9620c221c279fffbd38edef866b230c9bcc87cb..1c4a751dda5a706b2854638711e5a751cae2f47b 100644 (file)
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_2k.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_2k.c
@@ -20,35 +20,35 @@ int mp_reduce_2k(mp_int *a, mp_int *n, mp_digit d)
  {
     mp_int q;
     int    p, res;
-   
+
     if ((res = mp_init(&q)) != MP_OKAY) {
        return res;
     }
-   
-   p = mp_count_bits(n);    
+
+   p = mp_count_bits(n);
  top:
     /* q = a/2**p, a = a mod 2**p */
     if ((res = mp_div_2d(a, p, &q, a)) != MP_OKAY) {
        goto ERR;
     }
-   
+
     if (d != 1) {
        /* q = q * d */
-      if ((res = mp_mul_d(&q, d, &q)) != MP_OKAY) { 
+      if ((res = mp_mul_d(&q, d, &q)) != MP_OKAY) {
           goto ERR;
        }
     }
-   
+
     /* a = a + q */
     if ((res = s_mp_add(a, &q, a)) != MP_OKAY) {
        goto ERR;
     }
-   
+
     if (mp_cmp_mag(a, n) != MP_LT) {
        s_mp_sub(a, n, a);
        goto top;
     }
-   
+
  ERR:
     mp_clear(&q);
     return res;
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_2k_l.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_2k_l.c

index f06103d6a67e85087dd373382127cc5ee9aa6fd8..71abeaebba72207254c96a2e81ebd45191833c86 100644 (file)
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_2k_l.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_2k_l.c
@@ -15,7 +15,7 @@
   * Tom St Denis, tomstdenis@gmail.com, http://libtom.org
   */
  
-/* reduces a modulo n where n is of the form 2**p - d 
+/* reduces a modulo n where n is of the form 2**p - d
     This differs from reduce_2k since "d" can be larger
     than a single digit.
  */
@@ -23,33 +23,33 @@ int mp_reduce_2k_l(mp_int *a, mp_int *n, mp_int *d)
  {
     mp_int q;
     int    p, res;
-   
+
     if ((res = mp_init(&q)) != MP_OKAY) {
        return res;
     }
-   
-   p = mp_count_bits(n);    
+
+   p = mp_count_bits(n);
  top:
     /* q = a/2**p, a = a mod 2**p */
     if ((res = mp_div_2d(a, p, &q, a)) != MP_OKAY) {
        goto ERR;
     }
-   
+
     /* q = q * d */
-   if ((res = mp_mul(&q, d, &q)) != MP_OKAY) { 
+   if ((res = mp_mul(&q, d, &q)) != MP_OKAY) {
        goto ERR;
     }
-   
+
     /* a = a + q */
     if ((res = s_mp_add(a, &q, a)) != MP_OKAY) {
        goto ERR;
     }
-   
+
     if (mp_cmp_mag(a, n) != MP_LT) {
        s_mp_sub(a, n, a);
        goto top;
     }
-   
+
  ERR:
     mp_clear(&q);
     return res;
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_2k_setup.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_2k_setup.c

index a80e7a22f2275f7219cf9c395f34122640f68c4d..dca723c815683350f8f531b08a9e2ecccf1c30a6 100644 (file)
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_2k_setup.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_2k_setup.c
@@ -20,22 +20,22 @@ int mp_reduce_2k_setup(mp_int *a, mp_digit *d)
  {
     int res, p;
     mp_int tmp;
-   
+
     if ((res = mp_init(&tmp)) != MP_OKAY) {
        return res;
     }
-   
+
     p = mp_count_bits(a);
     if ((res = mp_2expt(&tmp, p)) != MP_OKAY) {
        mp_clear(&tmp);
        return res;
     }
-   
+
     if ((res = s_mp_sub(&tmp, a, &tmp)) != MP_OKAY) {
        mp_clear(&tmp);
        return res;
     }
-   
+
     *d = tmp.dp[0];
     mp_clear(&tmp);
     return MP_OKAY;
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_2k_setup_l.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_2k_setup_l.c

index 7cf002e8885ac4b9e0d6ef8200f4860fe537c9e1..cc59a6e715850cc64b394529d7e90a8c6cee3ef7 100644 (file)
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_2k_setup_l.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_2k_setup_l.c
@@ -20,19 +20,19 @@ int mp_reduce_2k_setup_l(mp_int *a, mp_int *d)
  {
     int    res;
     mp_int tmp;
-   
+
     if ((res = mp_init(&tmp)) != MP_OKAY) {
        return res;
     }
-   
+
     if ((res = mp_2expt(&tmp, mp_count_bits(a))) != MP_OKAY) {
        goto ERR;
     }
-   
+
     if ((res = s_mp_sub(&tmp, a, d)) != MP_OKAY) {
        goto ERR;
     }
-   
+
  ERR:
     mp_clear(&tmp);
     return res;
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_is_2k.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_is_2k.c

index 7308be73e2b25b10c8a05096d8baa8a7c79a13c2..c8d25d83e226a32c321b10723ab23d2b47177e4c 100644 (file)
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_is_2k.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_is_2k.c
@@ -20,7 +20,7 @@ int mp_reduce_is_2k(mp_int *a)
  {
     int ix, iy, iw;
     mp_digit iz;
-   
+
     if (a->used == 0) {
        return MP_NO;
     } else if (a->used == 1) {
@@ -29,7 +29,7 @@ int mp_reduce_is_2k(mp_int *a)
        iy = mp_count_bits(a);
        iz = 1;
        iw = 1;
-    
+
        /* Test every bit from the second digit up, must be 1 */
        for (ix = DIGIT_BIT; ix < iy; ix++) {
            if ((a->dp[iw] & iz) == 0) {
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_is_2k_l.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_is_2k_l.c

index 14a4d218461e2146517796c35126d1f1954638b7..ad006f39c50e8e20490e20e4ef0103402559e965 100644 (file)
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_is_2k_l.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_is_2k_l.c
@@ -19,7 +19,7 @@
  int mp_reduce_is_2k_l(mp_int *a)
  {
     int ix, iy;
-   
+
     if (a->used == 0) {
        return MP_NO;
     } else if (a->used == 1) {
@@ -32,7 +32,7 @@ int mp_reduce_is_2k_l(mp_int *a)
            }
        }
        return (iy >= (a->used/2)) ? MP_YES : MP_NO;
-      
+
     }
     return MP_NO;
  }
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_setup.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_setup.c

index 370f20bb17c7b66310249bf30b43d66e7b17b76f..035419bf347263068e8810a63c820f48db4e77c1 100644 (file)
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_setup.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_setup.c
@@ -21,7 +21,7 @@
  int mp_reduce_setup (mp_int * a, mp_int * b)
  {
    int     res;
-  
+
    if ((res = mp_2expt (a, b->used * 2 * DIGIT_BIT)) != MP_OKAY) {
      return res;
    }
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_rshd.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_rshd.c

index 2a693c5a5b3c9e7cd0a35f6e1c2ead45509578b3..ed13ce59a4926835482f1fc8c4d402d342b3a18b 100644 (file)
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_rshd.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_rshd.c
@@ -42,8 +42,8 @@ void mp_rshd (mp_int * a, int b)
      /* top [offset into digits] */
      top = a->dp + b;
  
-    /* this is implemented as a sliding window where 
-     * the window is b-digits long and digits from 
+    /* this is implemented as a sliding window where
+     * the window is b-digits long and digits from
       * the top of the window are copied to the bottom
       *
       * e.g.
@@ -61,7 +61,7 @@ void mp_rshd (mp_int * a, int b)
        *bottom++ = 0;
      }
    }
-  
+
    /* remove excess digits */
    a->used -= b;
  }
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_set_int.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_set_int.c

index cf10ea1a448bd957185b9533a55768cffde3a672..3072e76e1c4394c4207e9d087ec929d3c506d3f1 100644 (file)
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_set_int.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_set_int.c
@@ -21,7 +21,7 @@ int mp_set_int (mp_int * a, unsigned long b)
    int     x, res;
  
    mp_zero (a);
-  
+
    /* set four bits at a time */
    for (x = 0; x < 8; x++) {
      /* shift the number up four bits */
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_sqr.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_sqr.c

index 868ccbbaef54b0738b5e4aa24ead4c50479883e8..90f4dd6d72732d4220b4072bc7f9a5334bc4314e 100644 (file)
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_sqr.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_sqr.c
@@ -26,18 +26,18 @@ mp_sqr (mp_int * a, mp_int * b)
    if (a->used >= TOOM_SQR_CUTOFF) {
      res = mp_toom_sqr(a, b);
    /* Karatsuba? */
-  } else 
+  } else
  #endif
  #ifdef BN_MP_KARATSUBA_SQR_C
  if (a->used >= KARATSUBA_SQR_CUTOFF) {
      res = mp_karatsuba_sqr (a, b);
-  } else 
+  } else
  #endif
    {
  #ifdef BN_FAST_S_MP_SQR_C
      /* can we use the fast comba multiplier? */
-    if ((a->used * 2 + 1) < MP_WARRAY && 
-         a->used < 
+    if ((a->used * 2 + 1) < MP_WARRAY &&
+         a->used <
           (1 << (sizeof(mp_word) * CHAR_BIT - 2*DIGIT_BIT - 1))) {
        res = fast_s_mp_sqr (a, b);
      } else
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_sqrt.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_sqrt.c

index 8fd057ceedbccdd434f3d943e80db0b5fcf681b5..8391297f7e52700b27a0562c5780db48d1caf0bf 100644 (file)
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_sqrt.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_sqrt.c
@@ -16,7 +16,7 @@
   */
  
  /* this function is less generic than mp_n_root, simpler and faster */
-int mp_sqrt(mp_int *arg, mp_int *ret) 
+int mp_sqrt(mp_int *arg, mp_int *ret)
  {
    int res;
    mp_int t1,t2;
@@ -43,7 +43,7 @@ int mp_sqrt(mp_int *arg, mp_int *ret)
    /* First approx. (not very bad for large arg) */
    mp_rshd (&t1,t1.used/2);
  
-  /* t1 > 0  */ 
+  /* t1 > 0  */
    if ((res = mp_div(arg,&t1,&t2,NULL)) != MP_OKAY) {
      goto E1;
    }
@@ -54,7 +54,7 @@ int mp_sqrt(mp_int *arg, mp_int *ret)
      goto E1;
    }
    /* And now t1 > sqrt(arg) */
-  do { 
+  do {
      if ((res = mp_div(arg,&t1,&t2,NULL)) != MP_OKAY) {
        goto E1;
      }
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_toom_mul.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_toom_mul.c

index ad5d9e9b6497233d0dd80e74418e4c534ffa1e7d..b996342466c2689f97a8f44adeb135ec719bb26a 100644 (file)
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_toom_mul.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_toom_mul.c
@@ -15,28 +15,28 @@
   * Tom St Denis, tomstdenis@gmail.com, http://libtom.org
   */
  
-/* multiplication using the Toom-Cook 3-way algorithm 
+/* multiplication using the Toom-Cook 3-way algorithm
   *
- * Much more complicated than Karatsuba but has a lower 
- * asymptotic running time of O(N**1.464).  This algorithm is 
- * only particularly useful on VERY large inputs 
+ * Much more complicated than Karatsuba but has a lower
+ * asymptotic running time of O(N**1.464).  This algorithm is
+ * only particularly useful on VERY large inputs
   * (we're talking 1000s of digits here...).
  */
  int mp_toom_mul(mp_int *a, mp_int *b, mp_int *c)
  {
      mp_int w0, w1, w2, w3, w4, tmp1, tmp2, a0, a1, a2, b0, b1, b2;
      int res, B;
-        
+
      /* init temps */
-    if ((res = mp_init_multi(&w0, &w1, &w2, &w3, &w4, 
-                             &a0, &a1, &a2, &b0, &b1, 
+    if ((res = mp_init_multi(&w0, &w1, &w2, &w3, &w4,
+                             &a0, &a1, &a2, &b0, &b1,
                               &b2, &tmp1, &tmp2, NULL)) != MP_OKAY) {
         return res;
      }
-    
+
      /* B */
      B = MIN(a->used, b->used) / 3;
-    
+
      /* a = a2 * B**2 + a1 * B + a0 */
      if ((res = mp_mod_2d(a, DIGIT_BIT * B, &a0)) != MP_OKAY) {
         goto ERR;
@@ -52,7 +52,7 @@ int mp_toom_mul(mp_int *a, mp_int *b, mp_int *c)
         goto ERR;
      }
      mp_rshd(&a2, B*2);
-    
+
      /* b = b2 * B**2 + b1 * B + b0 */
      if ((res = mp_mod_2d(b, DIGIT_BIT * B, &b0)) != MP_OKAY) {
         goto ERR;
@@ -68,17 +68,17 @@ int mp_toom_mul(mp_int *a, mp_int *b, mp_int *c)
         goto ERR;
      }
      mp_rshd(&b2, B*2);
-    
+
      /* w0 = a0*b0 */
      if ((res = mp_mul(&a0, &b0, &w0)) != MP_OKAY) {
         goto ERR;
      }
-    
+
      /* w4 = a2 * b2 */
      if ((res = mp_mul(&a2, &b2, &w4)) != MP_OKAY) {
         goto ERR;
      }
-    
+
      /* w1 = (a2 + 2(a1 + 2a0))(b2 + 2(b1 + 2b0)) */
      if ((res = mp_mul_2(&a0, &tmp1)) != MP_OKAY) {
         goto ERR;
@@ -92,7 +92,7 @@ int mp_toom_mul(mp_int *a, mp_int *b, mp_int *c)
      if ((res = mp_add(&tmp1, &a2, &tmp1)) != MP_OKAY) {
         goto ERR;
      }
-    
+
      if ((res = mp_mul_2(&b0, &tmp2)) != MP_OKAY) {
         goto ERR;
      }
@@ -105,11 +105,11 @@ int mp_toom_mul(mp_int *a, mp_int *b, mp_int *c)
      if ((res = mp_add(&tmp2, &b2, &tmp2)) != MP_OKAY) {
         goto ERR;
      }
-    
+
      if ((res = mp_mul(&tmp1, &tmp2, &w1)) != MP_OKAY) {
         goto ERR;
      }
-    
+
      /* w3 = (a0 + 2(a1 + 2a2))(b0 + 2(b1 + 2b2)) */
      if ((res = mp_mul_2(&a2, &tmp1)) != MP_OKAY) {
         goto ERR;
@@ -123,7 +123,7 @@ int mp_toom_mul(mp_int *a, mp_int *b, mp_int *c)
      if ((res = mp_add(&tmp1, &a0, &tmp1)) != MP_OKAY) {
         goto ERR;
      }
-    
+
      if ((res = mp_mul_2(&b2, &tmp2)) != MP_OKAY) {
         goto ERR;
      }
@@ -136,11 +136,11 @@ int mp_toom_mul(mp_int *a, mp_int *b, mp_int *c)
      if ((res = mp_add(&tmp2, &b0, &tmp2)) != MP_OKAY) {
         goto ERR;
      }
-    
+
      if ((res = mp_mul(&tmp1, &tmp2, &w3)) != MP_OKAY) {
         goto ERR;
      }
-    
+
  
      /* w2 = (a2 + a1 + a0)(b2 + b1 + b0) */
      if ((res = mp_add(&a2, &a1, &tmp1)) != MP_OKAY) {
@@ -158,19 +158,19 @@ int mp_toom_mul(mp_int *a, mp_int *b, mp_int *c)
      if ((res = mp_mul(&tmp1, &tmp2, &w2)) != MP_OKAY) {
         goto ERR;
      }
-    
-    /* now solve the matrix 
-    
+
+    /* now solve the matrix
+
         0  0  0  0  1
         1  2  4  8  16
         1  1  1  1  1
         16 8  4  2  1
         1  0  0  0  0
-       
-       using 12 subtractions, 4 shifts, 
-              2 small divisions and 1 small multiplication 
+
+       using 12 subtractions, 4 shifts,
+              2 small divisions and 1 small multiplication
       */
-     
+
       /* r1 - r4 */
       if ((res = mp_sub(&w1, &w4, &w1)) != MP_OKAY) {
          goto ERR;
@@ -242,7 +242,7 @@ int mp_toom_mul(mp_int *a, mp_int *b, mp_int *c)
       if ((res = mp_div_3(&w3, &w3, NULL)) != MP_OKAY) {
          goto ERR;
       }
-     
+
       /* at this point shift W[n] by B*n */
       if ((res = mp_lshd(&w1, 1*B)) != MP_OKAY) {
          goto ERR;
@@ -255,8 +255,8 @@ int mp_toom_mul(mp_int *a, mp_int *b, mp_int *c)
       }
       if ((res = mp_lshd(&w4, 4*B)) != MP_OKAY) {
          goto ERR;
-     }     
-     
+     }
+
       if ((res = mp_add(&w0, &w1, c)) != MP_OKAY) {
          goto ERR;
       }
@@ -268,15 +268,15 @@ int mp_toom_mul(mp_int *a, mp_int *b, mp_int *c)
       }
       if ((res = mp_add(&tmp1, c, c)) != MP_OKAY) {
          goto ERR;
-     }     
-     
+     }
+
  ERR:
-     mp_clear_multi(&w0, &w1, &w2, &w3, &w4, 
-                    &a0, &a1, &a2, &b0, &b1, 
+     mp_clear_multi(&w0, &w1, &w2, &w3, &w4,
+                    &a0, &a1, &a2, &b0, &b1,
                      &b2, &tmp1, &tmp2, NULL);
       return res;
-}     
-     
+}
+
  #endif
  
  /* $Source: /cvs/libtom/libtommath/bn_mp_toom_mul.c,v $ */
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_toradix_n.c b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_toradix_n.c

index 796ed55c65e52694b312ebbe6663cf26852116b3..28085124ea997dd287d9d926e436bde3e640ecc4 100644 (file)
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_mp_toradix_n.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_mp_toradix_n.c
@@ -15,9 +15,9 @@
   * Tom St Denis, tomstdenis@gmail.com, http://libtom.org
   */
  
-/* stores a bignum as a ASCII string in a given radix (2..64) 
+/* stores a bignum as a ASCII string in a given radix (2..64)
   *
- * Stores upto maxlen-1 chars and always a NULL byte 
+ * Stores upto maxlen-1 chars and always a NULL byte
   */
  int mp_toradix_n(mp_int * a, char *str, int radix, int maxlen)
  {
@@ -50,7 +50,7 @@ int mp_toradix_n(mp_int * a, char *str, int radix, int maxlen)
      /* store the flag and mark the number as positive */
      *str++ = '-';
      t.sign = MP_ZPOS;
- 
+
      /* subtract a char */
      --maxlen;
    }
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_s_mp_add.c b/source4/heimdal/lib/hcrypto/libtommath/bn_s_mp_add.c

index f034ae62aad4ea4fe248906ff068eab17a78cceb..e7f54f4cf1e444fdaaeeef538d83bfc1abf941e3 100644 (file)
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_s_mp_add.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_s_mp_add.c
@@ -74,8 +74,8 @@ s_mp_add (mp_int * a, mp_int * b, mp_int * c)
        *tmpc++ &= MP_MASK;
      }
  
-    /* now copy higher words if any, that is in A+B 
-     * if A or B has more digits add those in 
+    /* now copy higher words if any, that is in A+B
+     * if A or B has more digits add those in
       */
      if (min != max) {
        for (; i < max; i++) {
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_s_mp_exptmod.c b/source4/heimdal/lib/hcrypto/libtommath/bn_s_mp_exptmod.c

index 097d894702b0b75b09d594fb1472e20078732a1f..deb4b4ddb1611267f417785027c691602e0b63f3 100644 (file)
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_s_mp_exptmod.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_s_mp_exptmod.c
@@ -54,7 +54,7 @@ int s_mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y, int redmode)
    /* init M array */
    /* init first cell */
    if ((err = mp_init(&M[1])) != MP_OKAY) {
-     return err; 
+     return err;
    }
  
    /* now init the second half of the array */
@@ -72,7 +72,7 @@ int s_mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y, int redmode)
    if ((err = mp_init (&mu)) != MP_OKAY) {
      goto LBL_M;
    }
-  
+
    if (redmode == 0) {
       if ((err = mp_reduce_setup (&mu, P)) != MP_OKAY) {
          goto LBL_MU;
@@ -83,22 +83,22 @@ int s_mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y, int redmode)
          goto LBL_MU;
       }
       redux = mp_reduce_2k_l;
-  }    
+  }
  
    /* create M table
     *
-   * The M table contains powers of the base, 
+   * The M table contains powers of the base,
     * e.g. M[x] = G**x mod P
     *
-   * The first half of the table is not 
+   * The first half of the table is not
     * computed though accept for M[0] and M[1]
     */
    if ((err = mp_mod (G, P, &M[1])) != MP_OKAY) {
      goto LBL_MU;
    }
  
-  /* compute the value at M[1<<(winsize-1)] by squaring 
-   * M[1] (winsize-1) times 
+  /* compute the value at M[1<<(winsize-1)] by squaring
+   * M[1] (winsize-1) times
     */
    if ((err = mp_copy (&M[1], &M[1 << (winsize - 1)])) != MP_OKAY) {
      goto LBL_MU;
@@ -106,7 +106,7 @@ int s_mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y, int redmode)
  
    for (x = 0; x < (winsize - 1); x++) {
      /* square it */
-    if ((err = mp_sqr (&M[1 << (winsize - 1)], 
+    if ((err = mp_sqr (&M[1 << (winsize - 1)],
                         &M[1 << (winsize - 1)])) != MP_OKAY) {
        goto LBL_MU;
      }
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_s_mp_mul_digs.c b/source4/heimdal/lib/hcrypto/libtommath/bn_s_mp_mul_digs.c

index f5bbf39ce242afd3b17d1f2ca24013cba7b22ffd..c5892181f9f15d10ba82a011e8966e65bba3a808 100644 (file)
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_s_mp_mul_digs.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_s_mp_mul_digs.c
@@ -16,7 +16,7 @@
   */
  
  /* multiplies |a| * |b| and only computes upto digs digits of result
- * HAC pp. 595, Algorithm 14.12  Modified so you can control how 
+ * HAC pp. 595, Algorithm 14.12  Modified so you can control how
   * many digits of output are created.
   */
  int s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
@@ -29,7 +29,7 @@ int s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
  
    /* can we use the fast multiplier? */
    if (((digs) < MP_WARRAY) &&
-      MIN (a->used, b->used) < 
+      MIN (a->used, b->used) <
            (1 << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) {
      return fast_s_mp_mul_digs (a, b, c, digs);
    }
@@ -51,10 +51,10 @@ int s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
      /* setup some aliases */
      /* copy of the digit from a used within the nested loop */
      tmpx = a->dp[ix];
-    
+
      /* an alias for the destination shifted ix places */
      tmpt = t.dp + ix;
-    
+
      /* an alias for the digits of b */
      tmpy = b->dp;
  
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bn_s_mp_sqr.c b/source4/heimdal/lib/hcrypto/libtommath/bn_s_mp_sqr.c

index d2531c29255bf9849ba26771cade650af260cfd8..c1c3826db5f5e62b68e13ff686acc4b3dc5f6fc4 100644 (file)
--- a/source4/heimdal/lib/hcrypto/libtommath/bn_s_mp_sqr.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bn_s_mp_sqr.c
@@ -48,7 +48,7 @@ int s_mp_sqr (mp_int * a, mp_int * b)
  
      /* alias for where to store the results */
      tmpt        = t.dp + (2*ix + 1);
-    
+
      for (iy = ix + 1; iy < pa; iy++) {
        /* first calculate the product */
        r       = ((mp_word)tmpx) * ((mp_word)a->dp[iy]);
diff --git a/source4/heimdal/lib/hcrypto/libtommath/bncore.c b/source4/heimdal/lib/hcrypto/libtommath/bncore.c

index 8fb1824c6f542d2de5de79d9682a0ff48bd65cc0..919e3b33b02e3679d6319bac3af0f02b04408964 100644 (file)
--- a/source4/heimdal/lib/hcrypto/libtommath/bncore.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/bncore.c
@@ -21,14 +21,14 @@
  -------------------------------------------------------------
   Intel P4 Northwood     /GCC v3.4.1   /        88/       128/LTM 0.32 ;-)
   AMD Athlon64           /GCC v3.4.4   /        80/       120/LTM 0.35
- 
+
  */
  
  int     KARATSUBA_MUL_CUTOFF = 80,      /* Min. number of digits before Karatsuba multiplication is used. */
          KARATSUBA_SQR_CUTOFF = 120,     /* Min. number of digits before Karatsuba squaring is used. */
-        
+
          TOOM_MUL_CUTOFF      = 350,      /* no optimal values of these are known yet so set em high */
-        TOOM_SQR_CUTOFF      = 400; 
+        TOOM_SQR_CUTOFF      = 400;
  #endif
  
  /* $Source: /cvs/libtom/libtommath/bncore.c,v $ */
diff --git a/source4/heimdal/lib/hcrypto/libtommath/mtest/mpi-config.h b/source4/heimdal/lib/hcrypto/libtommath/mtest/mpi-config.h

index 6049c25ba73ba4a7da05d8911c5510817184ead7..f69e36d650b0c3aef6b359133daae2d3d959c846 100644 (file)
--- a/source4/heimdal/lib/hcrypto/libtommath/mtest/mpi-config.h
+++ b/source4/heimdal/lib/hcrypto/libtommath/mtest/mpi-config.h
@@ -5,7 +5,7 @@
  #define MPI_CONFIG_H_
  
  /*
-  For boolean options, 
+  For boolean options,
    0 = no
    1 = yes
  
diff --git a/source4/heimdal/lib/hcrypto/libtommath/mtest/mpi.c b/source4/heimdal/lib/hcrypto/libtommath/mtest/mpi.c

index 7c712dd62dc27566dff3ed72ce9f9d28a5448fe0..4030841e54fda04624ef44d03605ba5663de72eb 100644 (file)
--- a/source4/heimdal/lib/hcrypto/libtommath/mtest/mpi.c
+++ b/source4/heimdal/lib/hcrypto/libtommath/mtest/mpi.c
@@ -22,7 +22,7 @@
  #define DIAG(T,V)
  #endif
  
-/* 
+/*
     If MP_LOGTAB is not defined, use the math library to compute the
     logarithms on the fly.  Otherwise, use the static table below.
     Pick which works best for your system.
@@ -33,7 +33,7 @@
  
  /*
    A table of the logs of 2 for various bases (the 0 and 1 entries of
-  this table are meaningless and should not be referenced).  
+  this table are meaningless and should not be referenced).
  
    This table is used to compute output lengths for the mp_toradix()
    function.  Since a number n in radix r takes up about log_r(n)
@@ -43,7 +43,7 @@
    log_r(n) = log_2(n) * log_r(2)
  
    This table, therefore, is a table of log_r(2) for 2 <= r <= 36,
-  which are the output bases supported.  
+  which are the output bases supported.
   */
  
  #include "logtab.h"
@@ -104,7 +104,7 @@ static const char *mp_err_string[] = {
  /* Value to digit maps for radix conversion   */
  
  /* s_dmap_1 - standard digits and letters */
-static const char *s_dmap_1 = 
+static const char *s_dmap_1 =
    "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+/";
  
  #if 0
@@ -117,7 +117,7 @@ static const char *s_dmap_2 =
  
  /* {{{ Static function declarations */
  
-/* 
+/*
     If MP_MACRO is false, these will be defined as actual functions;
     otherwise, suitable macro definitions will be used.  This works
     around the fact that ANSI C89 doesn't support an 'inline' keyword
@@ -258,7 +258,7 @@ mp_err mp_init_array(mp_int mp[], int count)
    return MP_OKAY;
  
   CLEANUP:
-  while(--pos >= 0) 
+  while(--pos >= 0)
      mp_clear(&mp[pos]);
  
    return res;
@@ -355,7 +355,7 @@ mp_err mp_copy(mp_int *from, mp_int *to)
      if(ALLOC(to) >= USED(from)) {
        s_mp_setz(DIGITS(to) + USED(from), ALLOC(to) - USED(from));
        s_mp_copy(DIGITS(from), DIGITS(to), USED(from));
-      
+
      } else {
        if((tmp = s_mp_alloc(USED(from), sizeof(mp_digit))) == NULL)
         return MP_MEM;
@@ -445,7 +445,7 @@ void   mp_clear_array(mp_int mp[], int count)
  {
    ARGCHK(mp != NULL && count > 0, MP_BADARG);
  
-  while(--count >= 0) 
+  while(--count >= 0)
      mp_clear(&mp[count]);
  
  } /* end mp_clear_array() */
@@ -455,7 +455,7 @@ void   mp_clear_array(mp_int mp[], int count)
  /* {{{ mp_zero(mp) */
  
  /*
-  mp_zero(mp) 
+  mp_zero(mp)
  
    Set mp to zero.  Does not change the allocated size of the structure,
    and therefore cannot fail (except on a bad argument, which we ignore)
@@ -506,7 +506,7 @@ mp_err mp_set_int(mp_int *mp, long z)
      if((res = s_mp_mul_2d(mp, CHAR_BIT)) != MP_OKAY)
        return res;
  
-    res = s_mp_add_d(mp, 
+    res = s_mp_add_d(mp,
                      (mp_digit)((v >> (ix * CHAR_BIT)) & UCHAR_MAX));
      if(res != MP_OKAY)
        return res;
@@ -841,9 +841,9 @@ mp_err mp_neg(mp_int *a, mp_int *b)
    if((res = mp_copy(a, b)) != MP_OKAY)
      return res;
  
-  if(s_mp_cmp_d(b, 0) == MP_EQ) 
+  if(s_mp_cmp_d(b, 0) == MP_EQ)
      SIGN(b) = MP_ZPOS;
-  else 
+  else
      SIGN(b) = (SIGN(b) == MP_NEG) ? MP_ZPOS : MP_NEG;
  
    return MP_OKAY;
@@ -870,7 +870,7 @@ mp_err mp_add(mp_int *a, mp_int *b, mp_int *c)
    if(SIGN(a) == SIGN(b)) { /* same sign:  add values, keep sign */
  
      /* Commutativity of addition lets us do this in either order,
-       so we avoid having to use a temporary even if the result 
+       so we avoid having to use a temporary even if the result
         is supposed to replace the output
       */
      if(c == b) {
@@ -880,14 +880,14 @@ mp_err mp_add(mp_int *a, mp_int *b, mp_int *c)
        if(c != a && (res = mp_copy(a, c)) != MP_OKAY)
         return res;
  
-      if((res = s_mp_add(c, b)) != MP_OKAY) 
+      if((res = s_mp_add(c, b)) != MP_OKAY)
         return res;
      }
  
    } else if((cmp = s_mp_cmp(a, b)) > 0) {  /* different sign: a > b   */
  
      /* If the output is going to be clobbered, we will use a temporary
-       variable; otherwise, we'll do it without touching the memory 
+       variable; otherwise, we'll do it without touching the memory
         allocator at all, if possible
       */
      if(c == b) {
@@ -1019,7 +1019,7 @@ mp_err mp_sub(mp_int *a, mp_int *b, mp_int *c)
        mp_clear(&tmp);
  
      } else {
-      if(c != b && ((res = mp_copy(b, c)) != MP_OKAY)) 
+      if(c != b && ((res = mp_copy(b, c)) != MP_OKAY))
         return res;
  
        if((res = s_mp_sub(c, a)) != MP_OKAY)
@@ -1066,12 +1066,12 @@ mp_err mp_mul(mp_int *a, mp_int *b, mp_int *c)
      if((res = s_mp_mul(c, b)) != MP_OKAY)
        return res;
    }
-  
+
    if(sgn == MP_ZPOS || s_mp_cmp_d(c, 0) == MP_EQ)
      SIGN(c) = MP_ZPOS;
    else
      SIGN(c) = sgn;
-  
+
    return MP_OKAY;
  
  } /* end mp_mul() */
@@ -1160,7 +1160,7 @@ mp_err mp_div(mp_int *a, mp_int *b, mp_int *q, mp_int *r)
         return res;
      }
  
-    if(q) 
+    if(q)
        mp_zero(q);
  
      return MP_OKAY;
@@ -1206,10 +1206,10 @@ mp_err mp_div(mp_int *a, mp_int *b, mp_int *q, mp_int *r)
      SIGN(&rtmp) = MP_ZPOS;
  
    /* Copy output, if it is needed      */
-  if(q) 
+  if(q)
      s_mp_exch(&qtmp, q);
  
-  if(r) 
+  if(r)
      s_mp_exch(&rtmp, r);
  
  CLEANUP:
@@ -1286,12 +1286,12 @@ mp_err mp_expt(mp_int *a, mp_int *b, mp_int *c)
      /* Loop over bits of each non-maximal digit */
      for(bit = 0; bit < DIGIT_BIT; bit++) {
        if(d & 1) {
-       if((res = s_mp_mul(&s, &x)) != MP_OKAY) 
+       if((res = s_mp_mul(&s, &x)) != MP_OKAY)
           goto CLEANUP;
        }
  
        d >>= 1;
-      
+
        if((res = s_mp_sqr(&x)) != MP_OKAY)
         goto CLEANUP;
      }
@@ -1311,7 +1311,7 @@ mp_err mp_expt(mp_int *a, mp_int *b, mp_int *c)
      if((res = s_mp_sqr(&x)) != MP_OKAY)
        goto CLEANUP;
    }
-  
+
    if(mp_iseven(b))
      SIGN(&s) = SIGN(a);
  
@@ -1362,7 +1362,7 @@ mp_err mp_mod(mp_int *a, mp_int *m, mp_int *c)
  
    /*
       If |a| > m, we need to divide to get the remainder and take the
-     absolute value.  
+     absolute value.
  
       If |a| < m, we don't need to do any division, just copy and adjust
       the sign (if a is negative).
@@ -1376,7 +1376,7 @@ mp_err mp_mod(mp_int *a, mp_int *m, mp_int *c)
    if((mag = s_mp_cmp(a, m)) > 0) {
      if((res = mp_div(a, m, NULL, c)) != MP_OKAY)
        return res;
-    
+
      if(SIGN(c) == MP_NEG) {
        if((res = mp_add(c, m, c)) != MP_OKAY)
         return res;
@@ -1391,7 +1391,7 @@ mp_err mp_mod(mp_int *a, mp_int *m, mp_int *c)
         return res;
  
      }
-    
+
    } else {
      mp_zero(c);
  
@@ -1464,9 +1464,9 @@ mp_err mp_sqrt(mp_int *a, mp_int *b)
      return MP_RANGE;
  
    /* Special cases for zero and one, trivial     */
-  if(mp_cmp_d(a, 0) == MP_EQ || mp_cmp_d(a, 1) == MP_EQ) 
+  if(mp_cmp_d(a, 0) == MP_EQ || mp_cmp_d(a, 1) == MP_EQ)
      return mp_copy(a, b);
-    
+
    /* Initialize the temporaries we'll use below  */
    if((res = mp_init_size(&t, USED(a))) != MP_OKAY)
      return res;
@@ -1508,7 +1508,7 @@ mp_add_d(&x, 1, &x);
   CLEANUP:
    mp_clear(&x);
   X:
-  mp_clear(&t); 
+  mp_clear(&t);
  
    return res;
  
@@ -1626,7 +1626,7 @@ mp_err mp_sqrmod(mp_int *a, mp_int *m, mp_int *c)
    Compute c = (a ** b) mod m.  Uses a standard square-and-multiply
    method with modular reductions at each step. (This is basically the
    same code as mp_expt(), except for the addition of the reductions)
-  
+
    The modular reductions are done using Barrett's algorithm (see
    s_mp_reduce() below for details)
   */
@@ -1655,7 +1655,7 @@ mp_err mp_exptmod(mp_int *a, mp_int *b, mp_int *m, mp_int *c)
    mp_set(&s, 1);
  
    /* mu = b^2k / m */
-  s_mp_add_d(&mu, 1); 
+  s_mp_add_d(&mu, 1);
    s_mp_lshd(&mu, 2 * USED(m));
    if((res = mp_div(&mu, m, &mu, NULL)) != MP_OKAY)
      goto CLEANUP;
@@ -1866,7 +1866,7 @@ int    mp_cmp_int(mp_int *a, long z)
    int     out;
  
    ARGCHK(a != NULL, MP_EQ);
-  
+
    mp_init(&tmp); mp_set_int(&tmp, z);
    out = mp_cmp(a, &tmp);
    mp_clear(&tmp);
@@ -1953,13 +1953,13 @@ mp_err mp_gcd(mp_int *a, mp_int *b, mp_int *c)
    if(mp_isodd(&u)) {
      if((res = mp_copy(&v, &t)) != MP_OKAY)
        goto CLEANUP;
-    
+
      /* t = -v */
      if(SIGN(&v) == MP_ZPOS)
        SIGN(&t) = MP_NEG;
      else
        SIGN(&t) = MP_ZPOS;
-    
+
    } else {
      if((res = mp_copy(&u, &t)) != MP_OKAY)
        goto CLEANUP;
@@ -2152,7 +2152,7 @@ mp_err mp_xgcd(mp_int *a, mp_int *b, mp_int *g, mp_int *x, mp_int *y)
  
        if(y)
         if((res = mp_copy(&D, y)) != MP_OKAY) goto CLEANUP;
-      
+
        if(g)
         if((res = mp_mul(&gx, &v, g)) != MP_OKAY) goto CLEANUP;
  
@@ -2255,7 +2255,7 @@ void   mp_print(mp_int *mp, FILE *ofp)
  
  /* {{{ mp_read_signed_bin(mp, str, len) */
  
-/* 
+/*
     mp_read_signed_bin(mp, str, len)
  
     Read in a raw value (base 256) into the given mp_int
@@ -2332,16 +2332,16 @@ mp_err  mp_read_unsigned_bin(mp_int *mp, unsigned char *str, int len)
      if((res = mp_add_d(mp, str[ix], mp)) != MP_OKAY)
        return res;
    }
-  
+
    return MP_OKAY;
-  
+
  } /* end mp_read_unsigned_bin() */
  
  /* }}} */
  
  /* {{{ mp_unsigned_bin_size(mp) */
  
-int     mp_unsigned_bin_size(mp_int *mp) 
+int     mp_unsigned_bin_size(mp_int *mp)
  {
    mp_digit   topdig;
    int        count;
@@ -2440,7 +2440,7 @@ int    mp_count_bits(mp_int *mp)
    }
  
    return len;
-  
+
  } /* end mp_count_bits() */
  
  /* }}} */
@@ -2462,14 +2462,14 @@ mp_err  mp_read_radix(mp_int *mp, unsigned char *str, int radix)
    mp_err  res;
    mp_sign sig = MP_ZPOS;
  
-  ARGCHK(mp != NULL && str != NULL && radix >= 2 && radix <= MAX_RADIX, 
+  ARGCHK(mp != NULL && str != NULL && radix >= 2 && radix <= MAX_RADIX,
          MP_BADARG);
  
    mp_zero(mp);
  
    /* Skip leading non-digit characters until a digit or '-' or '+' */
-  while(str[ix] && 
-       (s_mp_tovalue(str[ix], radix) < 0) && 
+  while(str[ix] &&
+       (s_mp_tovalue(str[ix], radix) < 0) &&
         str[ix] != '-' &&
         str[ix] != '+') {
      ++ix;
@@ -2525,7 +2525,7 @@ int    mp_radix_size(mp_int *mp, int radix)
  /* num = number of digits
     qty = number of bits per digit
     radix = target base
-   
+
     Return the number of digits in the specified radix that would be
     needed to express 'num' digits of 'qty' bits each.
   */
@@ -2594,7 +2594,7 @@ mp_err mp_toradix(mp_int *mp, unsigned char *str, int radix)
        ++ix;
        --pos;
      }
-    
+
      mp_clear(&tmp);
    }
  
@@ -2806,11 +2806,11 @@ void     s_mp_exch(mp_int *a, mp_int *b)
  
  /* {{{ s_mp_lshd(mp, p) */
  
-/* 
+/*
     Shift mp leftward by p digits, growing if needed, and zero-filling
     the in-shifted digits at the right end.  This is a convenient
     alternative to multiplication by powers of the radix
- */   
+ */
  
  mp_err   s_mp_lshd(mp_int *mp, mp_size p)
  {
@@ -2829,7 +2829,7 @@ mp_err   s_mp_lshd(mp_int *mp, mp_size p)
    dp = DIGITS(mp);
  
    /* Shift all the significant figures over as needed */
-  for(ix = pos - p; ix >= 0; ix--) 
+  for(ix = pos - p; ix >= 0; ix--)
      dp[ix + p] = dp[ix];
  
    /* Fill the bottom digits with zeroes */
@@ -2844,7 +2844,7 @@ mp_err   s_mp_lshd(mp_int *mp, mp_size p)
  
  /* {{{ s_mp_rshd(mp, p) */
  
-/* 
+/*
     Shift mp rightward by p digits.  Maintains the invariant that
     digits above the precision are all zero.  Digits shifted off the
     end are lost.  Cannot fail.
@@ -3054,7 +3054,7 @@ void     s_mp_div_2d(mp_int *mp, mp_digit d)
    end of the division process).
  
    We multiply by the smallest power of 2 that gives us a leading digit
-  at least half the radix.  By choosing a power of 2, we simplify the 
+  at least half the radix.  By choosing a power of 2, we simplify the
    multiplication and division steps to simple shifts.
   */
  mp_digit s_mp_norm(mp_int *a, mp_int *b)
@@ -3066,7 +3066,7 @@ mp_digit s_mp_norm(mp_int *a, mp_int *b)
      t <<= 1;
      ++d;
    }
-    
+
    if(d != 0) {
      s_mp_mul_2d(a, d);
      s_mp_mul_2d(b, d);
@@ -3188,14 +3188,14 @@ mp_err   s_mp_mul_d(mp_int *a, mp_digit d)
       test guarantees we have enough storage to do this safely.
     */
    if(k) {
-    dp[max] = k; 
+    dp[max] = k;
      USED(a) = max + 1;
    }
  
    s_mp_clamp(a);
  
    return MP_OKAY;
-  
+
  } /* end s_mp_mul_d() */
  
  /* }}} */
@@ -3289,7 +3289,7 @@ mp_err   s_mp_add(mp_int *a, mp_int *b)        /* magnitude addition      */
    }
  
    /* If we run out of 'b' digits before we're actually done, make
-     sure the carries get propagated upward...  
+     sure the carries get propagated upward...
     */
    used = USED(a);
    while(w && ix < used) {
@@ -3351,7 +3351,7 @@ mp_err   s_mp_sub(mp_int *a, mp_int *b)        /* magnitude subtract      */
    /* Clobber any leading zeroes we created    */
    s_mp_clamp(a);
  
-  /* 
+  /*
       If there was a borrow out, then |b| > |a| in violation
       of our input invariant.  We've already done the work,
       but we'll at least complain about it...
@@ -3387,7 +3387,7 @@ mp_err   s_mp_reduce(mp_int *x, mp_int *m, mp_int *mu)
    s_mp_mod_2d(&q, (mp_digit)(DIGIT_BIT * (um + 1)));
  #else
    s_mp_mul_dig(&q, m, um + 1);
-#endif  
+#endif
  
    /* x = x - q */
    if((res = mp_sub(x, &q, x)) != MP_OKAY)
@@ -3441,7 +3441,7 @@ mp_err   s_mp_mul(mp_int *a, mp_int *b)
  
    pb = DIGITS(b);
    for(ix = 0; ix < ub; ++ix, ++pb) {
-    if(*pb == 0) 
+    if(*pb == 0)
        continue;
  
      /* Inner product:  Digits of a */
@@ -3480,7 +3480,7 @@ void   s_mp_kmul(mp_digit *a, mp_digit *b, mp_digit *out, mp_size len)
    for(ix = 0; ix < len; ++ix, ++b) {
      if(*b == 0)
        continue;
-    
+
      pa = a;
      for(jx = 0; jx < len; ++jx, ++pa) {
        pt = out + ix + jx;
@@ -3547,7 +3547,7 @@ mp_err   s_mp_sqr(mp_int *a)
       */
      for(jx = ix + 1, pa2 = DIGITS(a) + jx; jx < used; ++jx, ++pa2) {
        mp_word  u = 0, v;
-      
+
        /* Store this in a temporary to avoid indirections later */
        pt = pbt + ix + jx;
  
@@ -3568,7 +3568,7 @@ mp_err   s_mp_sqr(mp_int *a)
        v = *pt + k;
  
        /* If we do not already have an overflow carry, check to see
-        if the addition will cause one, and set the carry out if so 
+        if the addition will cause one, and set the carry out if so
         */
        u |= ((MP_WORD_MAX - v) < w);
  
@@ -3592,7 +3592,7 @@ mp_err   s_mp_sqr(mp_int *a)
      /* If we are carrying out, propagate the carry to the next digit
         in the output.  This may cascade, so we have to be somewhat
         circumspect -- but we will have enough precision in the output
-       that we won't overflow 
+       that we won't overflow
       */
      kx = 1;
      while(k) {
@@ -3664,7 +3664,7 @@ mp_err   s_mp_div(mp_int *a, mp_int *b)
    while(ix >= 0) {
      /* Find a partial substring of a which is at least b */
      while(s_mp_cmp(&rem, b) < 0 && ix >= 0) {
-      if((res = s_mp_lshd(&rem, 1)) != MP_OKAY) 
+      if((res = s_mp_lshd(&rem, 1)) != MP_OKAY)
         goto CLEANUP;
  
        if((res = s_mp_lshd(&quot, 1)) != MP_OKAY)
@@ -3676,8 +3676,8 @@ mp_err   s_mp_div(mp_int *a, mp_int *b)
      }
  
      /* If we didn't find one, we're finished dividing    */
-    if(s_mp_cmp(&rem, b) < 0) 
-      break;    
+    if(s_mp_cmp(&rem, b) < 0)
+      break;
  
      /* Compute a guess for the next quotient digit       */
      q = DIGIT(&rem, USED(&rem) - 1);
@@ -3695,7 +3695,7 @@ mp_err   s_mp_div(mp_int *a, mp_int *b)
      if((res = s_mp_mul_d(&t, q)) != MP_OKAY)
        goto CLEANUP;
  
-    /* 
+    /*
         If it's too big, back it off.  We should not have to do this
         more than once, or, in rare cases, twice.  Knuth describes a
         method by which this could be reduced to a maximum of once, but
@@ -3719,7 +3719,7 @@ mp_err   s_mp_div(mp_int *a, mp_int *b)
    }
  
    /* Denormalize remainder                */
-  if(d != 0) 
+  if(d != 0)
      s_mp_div_2d(&rem, d);
  
    s_mp_clamp(&quot);
@@ -3727,7 +3727,7 @@ mp_err   s_mp_div(mp_int *a, mp_int *b)
  
    /* Copy quotient back to output         */
    s_mp_exch(&quot, a);
-  
+
    /* Copy remainder back to output        */
    s_mp_exch(&rem, b);
  
@@ -3757,7 +3757,7 @@ mp_err   s_mp_2expt(mp_int *a, mp_digit k)
    mp_zero(a);
    if((res = s_mp_pad(a, dig + 1)) != MP_OKAY)
      return res;
-  
+
    DIGIT(a, dig) |= (1 << bit);
  
    return MP_OKAY;
@@ -3815,7 +3815,7 @@ int      s_mp_cmp_d(mp_int *a, mp_digit d)
    if(ua > 1)
      return MP_GT;
  
-  if(*ap < d) 
+  if(*ap < d)
      return MP_LT;
    else if(*ap > d)
      return MP_GT;
@@ -3857,7 +3857,7 @@ int      s_mp_ispow2(mp_int *v)
      }
  
      return ((uv - 1) * DIGIT_BIT) + extra;
-  } 
+  }
  
    return -1;
  
@@ -3901,7 +3901,7 @@ int      s_mp_ispow2d(mp_digit d)
  int      s_mp_tovalue(char ch, int r)
  {
    int    val, xch;
-  
+
    if(r > 36)
      xch = ch;
    else
@@ -3917,7 +3917,7 @@ int      s_mp_tovalue(char ch, int r)
      val = 62;
    else if(xch == '/')
      val = 63;
-  else 
+  else
      return -1;
  
    if(val < 0 || val >= r)
@@ -3939,7 +3939,7 @@ int      s_mp_tovalue(char ch, int r)
    The results may be odd if you use a radix < 2 or > 64, you are
    expected to know what you're doing.
   */
-  
+
  char     s_mp_todigit(int val, int r, int low)
  {
    char   ch;
@@ -3960,7 +3960,7 @@ char     s_mp_todigit(int val, int r, int low)
  
  /* {{{ s_mp_outlen(bits, radix) */
  
-/* 
+/*
     Return an estimate for how long a string is needed to hold a radix
     r representation of a number with 'bits' significant bits.
  
diff --git a/source4/heimdal/lib/hcrypto/libtommath/tommath.h b/source4/heimdal/lib/hcrypto/libtommath/tommath.h

index 426207a298258aa6ccf85b55ebafb021f721e689..67d3b06af66d26f45df62d92a638c331e9e30efc 100644 (file)
--- a/source4/heimdal/lib/hcrypto/libtommath/tommath.h
+++ b/source4/heimdal/lib/hcrypto/libtommath/tommath.h
@@ -46,7 +46,7 @@ extern "C" {
  
  
  /* detect 64-bit mode if possible */
-#if defined(__x86_64__) 
+#if defined(__x86_64__)
     #if !(defined(MP_64BIT) && defined(MP_16BIT) && defined(MP_8BIT))
        #define MP_64BIT
     #endif
@@ -82,7 +82,7 @@ extern "C" {
  
     /* this is to make porting into LibTomCrypt easier :-) */
  #ifndef CRYPT
-   #if defined(_MSC_VER) || defined(__BORLANDC__) 
+   #if defined(_MSC_VER) || defined(__BORLANDC__)
        typedef unsigned __int64   ulong64;
        typedef signed __int64     long64;
     #else
@@ -94,20 +94,20 @@ extern "C" {
     typedef unsigned long      mp_digit;
     typedef ulong64            mp_word;
  
-#ifdef MP_31BIT   
+#ifdef MP_31BIT
     /* this is an extension that uses 31-bit digits */
     #define DIGIT_BIT          31
  #else
     /* default case is 28-bit digits, defines MP_28BIT as a handy macro to test */
     #define DIGIT_BIT          28
     #define MP_28BIT
-#endif   
+#endif
  #endif
  
  /* define heap macros */
  #ifndef CRYPT
     /* default to libc stuff */
-   #ifndef XMALLOC 
+   #ifndef XMALLOC
         #define XMALLOC  malloc
         #define XFREE    free
         #define XREALLOC realloc
@@ -169,7 +169,7 @@ extern int KARATSUBA_MUL_CUTOFF,
        #define MP_PREC                 32     /* default digits of precision */
     #else
        #define MP_PREC                 8      /* default digits of precision */
-   #endif   
+   #endif
  #endif
  
  /* size of comba arrays, should be at least 2 * 2**(BITS_PER_WORD - BITS_PER_DIGIT*2) */
@@ -473,7 +473,7 @@ int mp_prime_fermat(mp_int *a, mp_int *b, int *result);
  int mp_prime_miller_rabin(mp_int *a, mp_int *b, int *result);
  
  /* This gives [for a given bit size] the number of trials required
- * such that Miller-Rabin gives a prob of failure lower than 2^-96 
+ * such that Miller-Rabin gives a prob of failure lower than 2^-96
   */
  int mp_prime_rabin_miller_trials(int size);
  
@@ -494,7 +494,7 @@ int mp_prime_is_prime(mp_int *a, int t, int *result);
  int mp_prime_next_prime(mp_int *a, int t, int bbs_style);
  
  /* makes a truly random prime of a given size (bytes),
- * call with bbs = 1 if you want it to be congruent to 3 mod 4 
+ * call with bbs = 1 if you want it to be congruent to 3 mod 4
   *
   * You have to supply a callback which fills in a buffer with random bytes.  "dat" is a parameter you can
   * have passed to the callback (e.g. a state or something).  This function doesn't use "dat" itself
@@ -507,7 +507,7 @@ int mp_prime_next_prime(mp_int *a, int t, int bbs_style);
  /* makes a truly random prime of a given size (bits),
   *
   * Flags are as follows:
- * 
+ *
   *   LTM_PRIME_BBS      - make prime congruent to 3 mod 4
   *   LTM_PRIME_SAFE     - make sure (p-1)/2 is prime as well (implies LTM_PRIME_BBS)
   *   LTM_PRIME_2MSB_OFF - make the 2nd highest bit zero
diff --git a/source4/heimdal/lib/hcrypto/libtommath/tommath_superclass.h b/source4/heimdal/lib/hcrypto/libtommath/tommath_superclass.h

index 2fdebe6838f4e025e2d06fcbfbeb1f549d5ac95f..a96c36feb82b52b6eb3b8d16bf63ac522ad2ca3a 100644 (file)
--- a/source4/heimdal/lib/hcrypto/libtommath/tommath_superclass.h
+++ b/source4/heimdal/lib/hcrypto/libtommath/tommath_superclass.h
@@ -60,9 +60,9 @@
     #undef  BN_FAST_MP_INVMOD_C
  
     /* To safely undefine these you have to make sure your RSA key won't exceed the Comba threshold
-    * which is roughly 255 digits [7140 bits for 32-bit machines, 15300 bits for 64-bit machines] 
+    * which is roughly 255 digits [7140 bits for 32-bit machines, 15300 bits for 64-bit machines]
      * which means roughly speaking you can handle upto 2536-bit RSA keys with these defined without
-    * trouble.  
+    * trouble.
      */
     #undef  BN_S_MP_MUL_DIGS_C
     #undef  BN_S_MP_SQR_C
diff --git a/source4/heimdal/lib/hcrypto/pkcs12.c b/source4/heimdal/lib/hcrypto/pkcs12.c

index 92a40fa69abd9e4d4c4bbd17364eef06412b5f60..a890f01a3dd8bf19ba2c0ea17d41c8fd72effdb0 100644 (file)
--- a/source4/heimdal/lib/hcrypto/pkcs12.c
+++ b/source4/heimdal/lib/hcrypto/pkcs12.c
@@ -141,7 +141,7 @@ PKCS12_key_gen(const void *key, size_t keylen,
                 BN_bn2bin(bnI, I + i + vlen - j);
             }
             BN_free(bnI);
-       }       
+       }
         BN_free(bnB);
         BN_free(bnOne);
         size_I = vlen * 2;
diff --git a/source4/heimdal/lib/hcrypto/rand-egd.c b/source4/heimdal/lib/hcrypto/rand-egd.c

index 00d3286f2482716f26567c0b6c67e4ad988204a7..dd2d3e13ecd914ef5cba3377dcf0a2fd11fa0362 100644 (file)
--- a/source4/heimdal/lib/hcrypto/rand-egd.c
+++ b/source4/heimdal/lib/hcrypto/rand-egd.c
@@ -144,7 +144,7 @@ egd_seed(const void *indata, int size)
             break;
         indata = ((unsigned char *)indata) + len;
         size -= len;
-    }  
+    }
      close(fd);
  }
  
@@ -170,7 +170,7 @@ get_bytes(const char *path, unsigned char *outdata, int size)
             break;
         outdata += len;
         size -= len;
-    }  
+    }
      close(fd);
  
      return ret;
diff --git a/source4/heimdal/lib/hcrypto/rc2.c b/source4/heimdal/lib/hcrypto/rc2.c

index dcfe42d02dc5259e09bb76b9f76ad8f0311fd1e1..63bd3daa00e6a8a7f7a7fb9bf192ba8dc4c585e9 100644 (file)
--- a/source4/heimdal/lib/hcrypto/rc2.c
+++ b/source4/heimdal/lib/hcrypto/rc2.c
@@ -106,7 +106,7 @@ RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits)
         k[j] = Sbox[k[j + 1] ^ k[j + T8]];
  
      for (j = 0; j < 64; j++)
-       key->data[j] = k[(j * 2) + 0] | (k[(j * 2) + 1] << 8);  
+       key->data[j] = k[(j * 2) + 0] | (k[(j * 2) + 1] << 8);
      memset(k, 0, sizeof(k));
  }
  
diff --git a/source4/heimdal/lib/hcrypto/rsa-ltm.c b/source4/heimdal/lib/hcrypto/rsa-ltm.c

index 6ef4a83c519f6f732c7ffcf52957c7eb607e74b0..5cd3e9361eb1f417aba289cd0988d8079ade472c 100644 (file)
--- a/source4/heimdal/lib/hcrypto/rsa-ltm.c
+++ b/source4/heimdal/lib/hcrypto/rsa-ltm.c
@@ -188,7 +188,7 @@ ltm_rsa_public_encrypt(int flen, const unsigned char* from,
      memcpy(p, from, flen);
      p += flen;
      assert((p - p0) == size - 1);
-    
+
      mp_read_unsigned_bin(&dec, p0, size - 1);
      free(p0);
  
diff --git a/source4/heimdal/lib/hcrypto/rsa.c b/source4/heimdal/lib/hcrypto/rsa.c

index a3fc0cd7ae65c9be46828cc58679e84b1533b05d..c71ded1b7a8bb0f2e6f6cdb55923b243afaeeede 100644 (file)
--- a/source4/heimdal/lib/hcrypto/rsa.c
+++ b/source4/heimdal/lib/hcrypto/rsa.c
@@ -55,12 +55,12 @@
   *
   * Speed for RSA in seconds
   *   no key blinding
- *   1000 iteration, 
+ *   1000 iteration,
   *   same rsa keys (1024 and 2048)
   *   operation performed each eteration sign, verify, encrypt, decrypt on a random bit pattern
   *
   * name                1024    2048    4098
- * =================================   
+ * =================================
   * gmp:         0.73     6.60   44.80
   * tfm:         2.45       --      --
   * ltm:                 3.79    20.74  105.41  (default in hcrypto)
@@ -442,11 +442,11 @@ RSA_verify(int type, const unsigned char *from, unsigned int flen,
             free_DigestInfo(&di);
             return -1;
         }
-       
+
         ret = der_heim_oid_cmp(&digest_alg->algorithm,
                                &di.digestAlgorithm.algorithm);
         free_DigestInfo(&di);
-       
+
         if (ret != 0)
             return 0;
         return 1;
@@ -577,7 +577,7 @@ d2i_RSAPrivateKey(RSA *rsa, const unsigned char **pp, size_t len)
         RSA_free(k);
         return NULL;
      }
-       
+
      return k;
  }
  
@@ -701,6 +701,6 @@ d2i_RSAPublicKey(RSA *rsa, const unsigned char **pp, size_t len)
         RSA_free(k);
         return NULL;
      }
-       
+
      return k;
  }
diff --git a/source4/heimdal/lib/hcrypto/sha256.c b/source4/heimdal/lib/hcrypto/sha256.c

index 5e601bb358c20139b665feeafed0f81de36b7b81..108afdccc800548b962344d4f862b83c9152216e 100644 (file)
--- a/source4/heimdal/lib/hcrypto/sha256.c
+++ b/source4/heimdal/lib/hcrypto/sha256.c
@@ -116,7 +116,7 @@ calc (SHA256_CTX *m, uint32_t *in)
  
         T1 = HH + Sigma1(EE) + Ch(EE, FF, GG) + constant_256[i] + data[i];
         T2 = Sigma0(AA) + Maj(AA,BB,CC);
-                       
+
         HH = GG;
         GG = FF;
         FF = EE;
diff --git a/source4/heimdal/lib/hcrypto/sha512.c b/source4/heimdal/lib/hcrypto/sha512.c

index fb38cadb6f0a2ef439a9f413c1d9efa22d95f084..4bea21666852940bf27010c57bf5de2722f2fb43 100644 (file)
--- a/source4/heimdal/lib/hcrypto/sha512.c
+++ b/source4/heimdal/lib/hcrypto/sha512.c
@@ -140,7 +140,7 @@ calc (SHA512_CTX *m, uint64_t *in)
  
         T1 = HH + Sigma1(EE) + Ch(EE, FF, GG) + constant_512[i] + data[i];
         T2 = Sigma0(AA) + Maj(AA,BB,CC);
-                       
+
         HH = GG;
         GG = FF;
         FF = EE;
diff --git a/source4/heimdal/lib/hcrypto/ui.c b/source4/heimdal/lib/hcrypto/ui.c

index e32bb9a0bec4bf4031875556b5110021b4fddbc0..d0714fe6d5530b0271db5bdbc452d4f9d2fde468 100644 (file)
--- a/source4/heimdal/lib/hcrypto/ui.c
+++ b/source4/heimdal/lib/hcrypto/ui.c
@@ -62,7 +62,7 @@ intr(int sig)
   */
  
  static int
-read_string(const char *preprompt, const char *prompt, 
+read_string(const char *preprompt, const char *prompt,
             char *buf, size_t len, int echo)
  {
      int of = 0;
@@ -86,13 +86,13 @@ read_string(const char *preprompt, const char *prompt,
      if(of)
         p--;
      *p = 0;
-    
+
      if(echo == 0){
         printf("\n");
      }
  
      signal(SIGINT, oldsigintr);
-    
+
      if(intr_flag)
         return -2;
      if(of)
diff --git a/source4/heimdal/lib/hcrypto/validate.c b/source4/heimdal/lib/hcrypto/validate.c

index f6f8be70303e88dc141644b951c2ccb4bad33f71..48b9bfc6e352031fb2f6ae63bc77baf8bd8c1245 100644 (file)
--- a/source4/heimdal/lib/hcrypto/validate.c
+++ b/source4/heimdal/lib/hcrypto/validate.c
@@ -69,7 +69,7 @@ struct tests tests[] = {
         "\xdc\x95\xc0\x78\xa2\x40\x89\x89\xad\x48\xa2\x14\x92\x84\x20\x87"
      },
  #if 0
-    { 
+    {
         EVP_aes_128_cfb8,
         "aes-cfb8-128",
         "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
@@ -93,7 +93,7 @@ struct tests tests[] = {
         "\x55\x95\x97\x76\xa9\x6c\x66\x40\x64\xc7\xf4\x1c\x21\xb7\x14\x1b"
      },
  #if 0
-    { 
+    {
         EVP_camellia_128_cbc,
         "camellia128",
         "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
@@ -105,7 +105,7 @@ struct tests tests[] = {
         NULL
      },
  #endif
-    { 
+    {
         EVP_rc4,
         "rc4 8",
         "\x01\x23\x45\x67\x89\xAB\xCD\xEF",
diff --git a/source4/heimdal/lib/hdb/dbinfo.c b/source4/heimdal/lib/hdb/dbinfo.c

index 5019016ed563c6103f882d2655b9d840f4cbf695..52e394106eca669387873e0c0a526888a977a077 100644 (file)
--- a/source4/heimdal/lib/hdb/dbinfo.c
+++ b/source4/heimdal/lib/hdb/dbinfo.c
@@ -112,7 +112,7 @@ hdb_get_dbinfo(krb5_context context, struct hdb_dbinfo **dbp)
         if (ret == 0 && di) {
             databases = di;
             dt = &di->next;
-       }               
+       }
  
         for ( ; db_binding != NULL; db_binding = db_binding->next) {
  
diff --git a/source4/heimdal/lib/hdb/ext.c b/source4/heimdal/lib/hdb/ext.c

index fb32fdb845e644e0562e6a7bcc43dcaf6c9bc4de..d2a4373b9b3889093967b3e49ae61147d73f2cd8 100644 (file)
--- a/source4/heimdal/lib/hdb/ext.c
+++ b/source4/heimdal/lib/hdb/ext.c
@@ -37,7 +37,7 @@
  krb5_error_code
  hdb_entry_check_mandatory(krb5_context context, const hdb_entry *ent)
  {
-    int i;
+    size_t i;
  
      if (ent->extensions == NULL)
         return 0;
@@ -63,13 +63,13 @@ hdb_entry_check_mandatory(krb5_context context, const hdb_entry *ent)
  HDB_extension *
  hdb_find_extension(const hdb_entry *entry, int type)
  {
-    int i;
+    size_t i;
  
      if (entry->extensions == NULL)
         return NULL;
  
      for (i = 0; i < entry->extensions->len; i++)
-       if (entry->extensions->val[i].data.element == type)
+       if (entry->extensions->val[i].data.element == (unsigned)type)
             return &entry->extensions->val[i];
      return NULL;
  }
@@ -112,7 +112,7 @@ hdb_replace_extension(krb5_context context,
         Der_type replace_type, list_type;
         unsigned int replace_tag, list_tag;
         size_t size;
-       int i;
+       size_t i;
  
         ret = der_get_tag(ext->data.u.asn1_ellipsis.data,
                           ext->data.u.asn1_ellipsis.length,
@@ -180,13 +180,13 @@ hdb_clear_extension(krb5_context context,
                     hdb_entry *entry,
                     int type)
  {
-    int i;
+    size_t i;
  
      if (entry->extensions == NULL)
         return 0;
  
      for (i = 0; i < entry->extensions->len; i++) {
-       if (entry->extensions->val[i].data.element == type) {
+       if (entry->extensions->val[i].data.element == (unsigned)type) {
             free_HDB_extension(&entry->extensions->val[i]);
             memmove(&entry->extensions->val[i],
                     &entry->extensions->val[i + 1],
@@ -286,7 +286,7 @@ hdb_entry_get_password(krb5_context context, HDB *db,
  
      ext = hdb_find_extension(entry, choice_HDB_extension_data_password);
      if (ext) {
-       heim_utf8_string str;
+       heim_utf8_string xstr;
         heim_octet_string pw;
  
         if (db->hdb_master_key_set && ext->data.u.password.mkvno) {
@@ -314,13 +314,13 @@ hdb_entry_get_password(krb5_context context, HDB *db,
             return ret;
         }
  
-       str = pw.data;
-       if (str[pw.length - 1] != '\0') {
+       xstr = pw.data;
+       if (xstr[pw.length - 1] != '\0') {
             krb5_set_error_message(context, EINVAL, "malformed password");
             return EINVAL;
         }
  
-       *p = strdup(str);
+       *p = strdup(xstr);
  
         der_free_octet_string(&pw);
         if (*p == NULL) {
diff --git a/source4/heimdal/lib/hdb/hdb-keytab.c b/source4/heimdal/lib/hdb/hdb-keytab.c

index c1bad867960118b50aa88c74ff772c13913bb166..ab2afb5d74babc3d71433b0b0d345950060006f7 100644 (file)
--- a/source4/heimdal/lib/hdb/hdb-keytab.c
+++ b/source4/heimdal/lib/hdb/hdb-keytab.c
@@ -206,7 +206,7 @@ hdb_keytab_create(krb5_context context, HDB ** db, const char *arg)
         krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
         return ENOMEM;
      }
-       
+
  
      (*db)->hdb_db = k;
  
diff --git a/source4/heimdal/lib/hdb/hdb.c b/source4/heimdal/lib/hdb/hdb.c

index 2c1de8b3d7464e385bbf867bd14880c69ca36c0d..ca05cc4a1785c2a2896a788afbb89ab6a8588228 100644 (file)
--- a/source4/heimdal/lib/hdb/hdb.c
+++ b/source4/heimdal/lib/hdb/hdb.c
@@ -78,7 +78,9 @@ static struct hdb_method methods[] = {
      { HDB_INTERFACE_VERSION, "ldap:",  hdb_ldap_create},
      { HDB_INTERFACE_VERSION, "ldapi:", hdb_ldapi_create},
  #endif
+#ifdef HAVE_SQLITE3
      { HDB_INTERFACE_VERSION, "sqlite:", hdb_sqlite_create},
+#endif
      {0, NULL,  NULL}
  };
  
@@ -166,7 +168,7 @@ hdb_unlock(int fd)
  void
  hdb_free_entry(krb5_context context, hdb_entry_ex *ent)
  {
-    int i;
+    size_t i;
  
      if (ent->free_entry)
         (*ent->free_entry)(context, ent);
@@ -215,7 +217,7 @@ hdb_check_db_format(krb5_context context, HDB *db)
      if (ret)
         return ret;
  
-    tag.data = HDB_DB_FORMAT_ENTRY;
+    tag.data = (void *)(intptr_t)HDB_DB_FORMAT_ENTRY;
      tag.length = strlen(tag.data);
      ret = (*db->hdb__get)(context, db, tag, &version);
      ret2 = db->hdb_unlock(context, db);
@@ -248,7 +250,7 @@ hdb_init_db(krb5_context context, HDB *db)
      if (ret)
         return ret;
  
-    tag.data = HDB_DB_FORMAT_ENTRY;
+    tag.data = (void *)(intptr_t)HDB_DB_FORMAT_ENTRY;
      tag.length = strlen(tag.data);
      snprintf(ver, sizeof(ver), "%u", HDB_DB_FORMAT);
      version.data = ver;
@@ -317,7 +319,7 @@ find_dynamic_method (krb5_context context,
  
      if (asprintf(&symbol, "hdb_%s_interface", prefix) == -1)
         krb5_errx(context, 1, "out of memory");
-       
+
      mso = (struct hdb_so_method *) dlsym(dl, symbol);
      if (mso == NULL) {
         krb5_warnx(context, "error finding symbol %s in %s: %s\n",
@@ -432,7 +434,7 @@ _hdb_keytab2hdb_entry(krb5_context context,
  
      entry->entry.keys.val[0].mkvno = NULL;
      entry->entry.keys.val[0].salt = NULL;
-    
+
      return krb5_copy_keyblock_contents(context,
                                        &ktentry->keyblock,
                                        &entry->entry.keys.val[0].key);
diff --git a/source4/heimdal/lib/hdb/hdb.h b/source4/heimdal/lib/hdb/hdb.h

index fffda7aef00b4124e13f93fecce18c9530479536..469ec82ec0bd27ad726a5ba895e3d1710ea73bc2 100644 (file)
--- a/source4/heimdal/lib/hdb/hdb.h
+++ b/source4/heimdal/lib/hdb/hdb.h
@@ -153,7 +153,7 @@ typedef struct HDB{
      /**
       * As part of iteration, fetch next entry
       */
-    krb5_error_code (*hdb_nextkey)(krb5_context, struct HDB*, 
+    krb5_error_code (*hdb_nextkey)(krb5_context, struct HDB*,
                                    unsigned, hdb_entry_ex*);
      /**
       * Lock database
@@ -221,7 +221,7 @@ typedef struct HDB{
       * ->hdb_store() into the database. The backend will still perform
       * all other operations, increasing the kvno, and update
       * modification timestamp.
-     * 
+     *
       * The backend needs to call _kadm5_set_keys() and perform password
       * quality checks.
       */
diff --git a/source4/heimdal/lib/hdb/keys.c b/source4/heimdal/lib/hdb/keys.c

index 63f254d0022ae95c267a81c147713c402e3207bd..3d0b9d7c1b3168cd53e5a2c43e1aa7901f5ba255 100644 (file)
--- a/source4/heimdal/lib/hdb/keys.c
+++ b/source4/heimdal/lib/hdb/keys.c
@@ -221,10 +221,10 @@ add_enctype_to_key_set(Key **key_set, size_t *nkeyset,
             free_Key(&key);
             return ENOMEM;
         }
-       
+
         key.salt->type = salt->salttype;
         krb5_data_zero (&key.salt->salt);
-       
+
         ret = krb5_data_copy(&key.salt->salt,
                              salt->saltvalue.data,
                              salt->saltvalue.length);
@@ -256,8 +256,8 @@ hdb_generate_key_set(krb5_context context, krb5_principal principal,
      char **ktypes, **kp;
      krb5_error_code ret;
      Key *k, *key_set;
-    int i, j;
-    char *default_keytypes[] = {
+    size_t i, j;
+    static const char *default_keytypes[] = {
         "aes256-cts-hmac-sha1-96:pw-salt",
         "des3-cbc-sha1:pw-salt",
         "arcfour-hmac-md5:pw-salt",
@@ -267,7 +267,7 @@ hdb_generate_key_set(krb5_context context, krb5_principal principal,
      ktypes = krb5_config_get_strings(context, NULL, "kadmin",
                                      "default_keys", NULL);
      if (ktypes == NULL)
-       ktypes = default_keytypes;
+       ktypes = (char **)(intptr_t)default_keytypes;
  
      *ret_key_set = key_set = NULL;
      *nkeyset = 0;
@@ -290,7 +290,7 @@ hdb_generate_key_set(krb5_context context, krb5_principal principal,
             p = "des:afs3-salt";
         else if (strcmp(p, "arcfour-hmac-md5") == 0)
             p = "arcfour-hmac-md5:pw-salt";
-       
+
         memset(&salt, 0, sizeof(salt));
  
         ret = parse_key_set(context, p,
@@ -337,7 +337,7 @@ hdb_generate_key_set(krb5_context context, krb5_principal principal,
      *ret_key_set = key_set;
  
   out:
-    if (ktypes != default_keytypes)
+    if (ktypes != (char **)(intptr_t)default_keytypes)
         krb5_config_free_strings(ktypes);
  
      if (ret) {
@@ -364,7 +364,7 @@ hdb_generate_key_set_password(krb5_context context,
                               Key **keys, size_t *num_keys)
  {
      krb5_error_code ret;
-    int i;
+    size_t i;
  
      ret = hdb_generate_key_set(context, principal,
                                 keys, num_keys, 0);
diff --git a/source4/heimdal/lib/hdb/keytab.c b/source4/heimdal/lib/hdb/keytab.c

index 05b78dafc5bfc06d923f70cad7704035767eb712..c72b797dab4d7fea631186d930b32986f7ae98ee 100644 (file)
--- a/source4/heimdal/lib/hdb/keytab.c
+++ b/source4/heimdal/lib/hdb/keytab.c
@@ -37,7 +37,7 @@
  
  struct hdb_data {
      char *dbname;
-    char *mkey;   
+    char *mkey;
  };
  
  struct hdb_cursor {
@@ -184,7 +184,7 @@ hdb_get_entry(krb5_context context,
      const char *mkey   = d->mkey;
      char *fdbname = NULL, *fmkey = NULL;
      HDB *db;
-    int i;
+    size_t i;
  
      memset(&ent, 0, sizeof(ent));
  
@@ -204,13 +204,13 @@ hdb_get_entry(krb5_context context,
         (*db->hdb_destroy)(context, db);
         goto out2;
      }
-       
+
      ret = (*db->hdb_open)(context, db, O_RDONLY, 0);
      if (ret) {
         (*db->hdb_destroy)(context, db);
         goto out2;
      }
-    
+
      ret = (*db->hdb_fetch_kvno)(context, db, principal,
                                 HDB_F_DECRYPT|HDB_F_KVNO_SPECIFIED|
                                 HDB_F_GET_CLIENT|HDB_F_GET_SERVER|HDB_F_GET_KRBTGT,
@@ -222,7 +222,7 @@ hdb_get_entry(krb5_context context,
      }else if(ret)
         goto out;
  
-    if(kvno && ent.entry.kvno != kvno) {
+    if(kvno && (krb5_kvno)ent.entry.kvno != kvno) {
         hdb_free_entry(context, &ent);
         ret = KRB5_KT_NOTFOUND;
         goto out;
@@ -268,10 +268,10 @@ hdb_start_seq_get(krb5_context context,
      const char *dbname = d->dbname;
      const char *mkey   = d->mkey;
      HDB *db;
-   
+
      if (dbname == NULL) {
         /*
-        * We don't support enumerating without being told what 
+        * We don't support enumerating without being told what
          * backend to enumerate on
          */
         ret = KRB5_KT_NOTFOUND;
@@ -286,7 +286,7 @@ hdb_start_seq_get(krb5_context context,
         (*db->hdb_destroy)(context, db);
         return ret;
      }
-       
+
      ret = (*db->hdb_open)(context, db, O_RDONLY, 0);
      if (ret) {
         (*db->hdb_destroy)(context, db);
@@ -314,16 +314,16 @@ static int KRB5_CALLCONV
  hdb_next_entry(krb5_context context,
                krb5_keytab id,
                krb5_keytab_entry *entry,
-              krb5_kt_cursor *cursor) 
+              krb5_kt_cursor *cursor)
  {
      struct hdb_cursor *c = cursor->data;
      krb5_error_code ret;
-    
+
      memset(entry, 0, sizeof(*entry));
  
      if (c->first) {
         c->first = FALSE;
-       ret = (c->db->hdb_firstkey)(context, c->db, 
+       ret = (c->db->hdb_firstkey)(context, c->db,
                                     HDB_F_DECRYPT|
                                     HDB_F_GET_CLIENT|HDB_F_GET_SERVER|HDB_F_GET_KRBTGT,
                                     &c->hdb_entry);
@@ -331,15 +331,15 @@ hdb_next_entry(krb5_context context,
             return KRB5_KT_END;
         else if (ret)
             return ret;
-       
+
         if (c->hdb_entry.entry.keys.len == 0)
             hdb_free_entry(context, &c->hdb_entry);
         else
             c->next = FALSE;
-    } 
-    
+    }
+
      while (c->next) {
-       ret = (c->db->hdb_nextkey)(context, c->db, 
+       ret = (c->db->hdb_nextkey)(context, c->db,
                                    HDB_F_DECRYPT|
                                    HDB_F_GET_CLIENT|HDB_F_GET_SERVER|HDB_F_GET_KRBTGT,
                                    &c->hdb_entry);
@@ -347,21 +347,21 @@ hdb_next_entry(krb5_context context,
             return KRB5_KT_END;
         else if (ret)
             return ret;
-       
+
         /* If no keys on this entry, try again */
         if (c->hdb_entry.entry.keys.len == 0)
             hdb_free_entry(context, &c->hdb_entry);
         else
             c->next = FALSE;
      }
-    
+
      /*
       * Return next enc type (keytabs are one slot per key, while
       * hdb is one record per principal.
       */
-    
-    ret = krb5_copy_principal(context, 
-                             c->hdb_entry.entry.principal, 
+
+    ret = krb5_copy_principal(context,
+                             c->hdb_entry.entry.principal,
                               &entry->principal);
      if (ret)
         return ret;
@@ -376,13 +376,13 @@ hdb_next_entry(krb5_context context,
         return ret;
      }
      c->key_idx++;
-    
-    /* 
+
+    /*
       * Once we get to the end of the list, signal that we want the
       * next entry
       */
-    
-    if (c->key_idx == c->hdb_entry.entry.keys.len) {
+
+    if ((size_t)c->key_idx == c->hdb_entry.entry.keys.len) {
         hdb_free_entry(context, &c->hdb_entry);
         c->next = TRUE;
         c->key_idx = 0;
diff --git a/source4/heimdal/lib/hdb/mkey.c b/source4/heimdal/lib/hdb/mkey.c

index 760eccfd430733ebe93c4552bde278fb8acfc390..9a13d55a517b1c6384827f9e647d2a7415b6b107 100644 (file)
--- a/source4/heimdal/lib/hdb/mkey.c
+++ b/source4/heimdal/lib/hdb/mkey.c
@@ -153,7 +153,7 @@ read_master_mit(krb5_context context, const char *filename,
      krb5_storage *sp;
      int16_t enctype;
      krb5_keyblock key;
-       
+
      fd = open(filename, O_RDONLY | O_BINARY);
      if(fd < 0) {
         int save_errno = errno;
@@ -200,7 +200,7 @@ read_master_encryptionkey(krb5_context context, const char *filename,
      unsigned char buf[256];
      ssize_t len;
      size_t ret_len;
-       
+
      fd = open(filename, O_RDONLY | O_BINARY);
      if(fd < 0) {
         int save_errno = errno;
@@ -246,7 +246,7 @@ read_master_krb4(krb5_context context, const char *filename,
      krb5_error_code ret;
      unsigned char buf[256];
      ssize_t len;
-       
+
      fd = open(filename, O_RDONLY | O_BINARY);
      if(fd < 0) {
         int save_errno = errno;
@@ -372,7 +372,7 @@ _hdb_find_master_key(uint32_t *mkvno, hdb_master_key mkey)
         if(mkvno == NULL) {
             if(ret == NULL || mkey->keytab.vno > ret->keytab.vno)
                 ret = mkey;
-       } else if(mkey->keytab.vno == *mkvno)
+       } else if((uint32_t)mkey->keytab.vno == *mkvno)
             return mkey;
         mkey = mkey->next;
      }
@@ -406,7 +406,7 @@ _hdb_mkey_encrypt(krb5_context context, hdb_master_key key,
  krb5_error_code
  hdb_unseal_key_mkey(krb5_context context, Key *k, hdb_master_key mkey)
  {
-       
+
      krb5_error_code ret;
      krb5_data res;
      size_t keysize;
@@ -415,7 +415,7 @@ hdb_unseal_key_mkey(krb5_context context, Key *k, hdb_master_key mkey)
  
      if(k->mkvno == NULL)
         return 0;
-       
+
      key = _hdb_find_master_key(k->mkvno, mkey);
  
      if (key == NULL)
@@ -459,7 +459,7 @@ hdb_unseal_key_mkey(krb5_context context, Key *k, hdb_master_key mkey)
  krb5_error_code
  hdb_unseal_keys_mkey(krb5_context context, hdb_entry *ent, hdb_master_key mkey)
  {
-    int i;
+    size_t i;
  
      for(i = 0; i < ent->keys.len; i++){
         krb5_error_code ret;
@@ -519,14 +519,14 @@ hdb_seal_key_mkey(krb5_context context, Key *k, hdb_master_key mkey)
             return ENOMEM;
      }
      *k->mkvno = key->keytab.vno;
-       
+
      return 0;
  }
  
  krb5_error_code
  hdb_seal_keys_mkey(krb5_context context, hdb_entry *ent, hdb_master_key mkey)
  {
-    int i;
+    size_t i;
      for(i = 0; i < ent->keys.len; i++){
         krb5_error_code ret;
  
diff --git a/source4/heimdal/lib/hx509/ca.c b/source4/heimdal/lib/hx509/ca.c

index 492064d86d7d940a712e467fe4db173d6e228209..cb5a7be62cc30626a062a4c62dcc89492d3db791 100644 (file)
--- a/source4/heimdal/lib/hx509/ca.c
+++ b/source4/heimdal/lib/hx509/ca.c
@@ -266,7 +266,7 @@ hx509_ca_tbs_set_template(hx509_context context,
      }
      if (flags & HX509_CA_TEMPLATE_EKU) {
         ExtKeyUsage eku;
-       int i;
+       size_t i;
         ret = _hx509_cert_get_eku(context, cert, &eku);
         if (ret)
             return ret;
@@ -610,7 +610,7 @@ hx509_ca_tbs_add_san_pkinit(hx509_context context,
         const char *str;
         char *q;
         int n;
-       
+
         /* count number of component */
         n = 1;
         for(str = principal; *str != '\0' && *str != '@'; str++){
@@ -633,7 +633,7 @@ hx509_ca_tbs_add_san_pkinit(hx509_context context,
             goto out;
         }
         p.principalName.name_string.len = n;
-       
+
         p.principalName.name_type = KRB5_NT_PRINCIPAL;
         q = s = strdup(principal);
         if (q == NULL) {
@@ -689,7 +689,7 @@ add_utf8_san(hx509_context context,
              const heim_oid *oid,
              const char *string)
  {
-    const PKIXXmppAddr ustring = (const PKIXXmppAddr)string;
+    const PKIXXmppAddr ustring = (const PKIXXmppAddr)(intptr_t)string;
      heim_octet_string os;
      size_t size;
      int ret;
@@ -866,7 +866,7 @@ hx509_ca_tbs_set_unique(hx509_context context,
  
      der_free_bit_string(&tbs->subjectUniqueID);
      der_free_bit_string(&tbs->issuerUniqueID);
-    
+
      if (subjectUniqueID) {
         ret = der_copy_bit_string(subjectUniqueID, &tbs->subjectUniqueID);
         if (ret)
diff --git a/source4/heimdal/lib/hx509/cert.c b/source4/heimdal/lib/hx509/cert.c

index 7f95ea5560acd8f470121ab114b6ff82e91c81bd..70e575603779ed53ed0da3198a5eea1a02c40594 100644 (file)
--- a/source4/heimdal/lib/hx509/cert.c
+++ b/source4/heimdal/lib/hx509/cert.c
@@ -327,7 +327,7 @@ _hx509_cert_assign_key(hx509_cert cert, hx509_private_key private_key)
  void
  hx509_cert_free(hx509_cert cert)
  {
-    int i;
+    size_t i;
  
      if (cert == NULL)
         return;
@@ -355,7 +355,7 @@ hx509_cert_free(hx509_cert cert)
      free(cert->friendlyname);
      if (cert->basename)
         hx509_name_free(&cert->basename);
-    memset(cert, 0, sizeof(cert));
+    memset(cert, 0, sizeof(*cert));
      free(cert);
  }
  
@@ -574,7 +574,7 @@ hx509_verify_ctx_f_allow_default_trustanchors(hx509_verify_ctx ctx, int boolean)
  }
  
  void
-hx509_verify_ctx_f_allow_best_before_signature_algs(hx509_context ctx, 
+hx509_verify_ctx_f_allow_best_before_signature_algs(hx509_context ctx,
                                                     int boolean)
  {
      if (boolean)
@@ -584,7 +584,7 @@ hx509_verify_ctx_f_allow_best_before_signature_algs(hx509_context ctx,
  }
  
  static const Extension *
-find_extension(const Certificate *cert, const heim_oid *oid, int *idx)
+find_extension(const Certificate *cert, const heim_oid *oid, size_t *idx)
  {
      const TBSCertificate *c = &cert->tbsCertificate;
  
@@ -604,7 +604,7 @@ find_extension_auth_key_id(const Certificate *subject,
  {
      const Extension *e;
      size_t size;
-    int i = 0;
+    size_t i = 0;
  
      memset(ai, 0, sizeof(*ai));
  
@@ -623,7 +623,7 @@ _hx509_find_extension_subject_key_id(const Certificate *issuer,
  {
      const Extension *e;
      size_t size;
-    int i = 0;
+    size_t i = 0;
  
      memset(si, 0, sizeof(*si));
  
@@ -642,7 +642,7 @@ find_extension_name_constraints(const Certificate *subject,
  {
      const Extension *e;
      size_t size;
-    int i = 0;
+    size_t i = 0;
  
      memset(nc, 0, sizeof(*nc));
  
@@ -656,7 +656,7 @@ find_extension_name_constraints(const Certificate *subject,
  }
  
  static int
-find_extension_subject_alt_name(const Certificate *cert, int *i,
+find_extension_subject_alt_name(const Certificate *cert, size_t *i,
                                 GeneralNames *sa)
  {
      const Extension *e;
@@ -678,7 +678,7 @@ find_extension_eku(const Certificate *cert, ExtKeyUsage *eku)
  {
      const Extension *e;
      size_t size;
-    int i = 0;
+    size_t i = 0;
  
      memset(eku, 0, sizeof(*eku));
  
@@ -720,7 +720,7 @@ add_to_list(hx509_octet_string_list *list, const heim_octet_string *entry)
  void
  hx509_free_octet_string_list(hx509_octet_string_list *list)
  {
-    int i;
+    size_t i;
      for (i = 0; i < list->len; i++)
         der_free_octet_string(&list->val[i]);
      free(list->val);
@@ -752,7 +752,8 @@ hx509_cert_find_subjectAltName_otherName(hx509_context context,
                                          hx509_octet_string_list *list)
  {
      GeneralNames sa;
-    int ret, i, j;
+    int ret;
+    size_t i, j;
  
      list->val = NULL;
      list->len = 0;
@@ -796,7 +797,8 @@ check_key_usage(hx509_context context, const Certificate *cert,
      const Extension *e;
      KeyUsage ku;
      size_t size;
-    int ret, i = 0;
+    int ret;
+    size_t i = 0;
      unsigned ku_flags;
  
      if (_hx509_cert_get_version(cert) < 3)
@@ -849,12 +851,13 @@ enum certtype { PROXY_CERT, EE_CERT, CA_CERT };
  
  static int
  check_basic_constraints(hx509_context context, const Certificate *cert,
-                       enum certtype type, int depth)
+                       enum certtype type, size_t depth)
  {
      BasicConstraints bc;
      const Extension *e;
      size_t size;
-    int ret, i = 0;
+    int ret;
+    size_t i = 0;
  
      if (_hx509_cert_get_version(cert) < 3)
         return 0;
@@ -966,7 +969,7 @@ _hx509_cert_is_parent_cmp(const Certificate *subject,
             return -1;
         if (ai.authorityCertIssuer->val[0].element != choice_GeneralName_directoryName)
             return -1;
-       
+
         name.element =
             ai.authorityCertIssuer->val[0].u.directoryName.element;
         name.u.rdnSequence =
@@ -1123,7 +1126,7 @@ find_parent(hx509_context context,
             hx509_clear_error_string(context);
             return HX509_ISSUER_NOT_FOUND;
         }
-       
+
         hx509_set_error_string(context, 0, HX509_ISSUER_NOT_FOUND,
                                "Failed to find issuer for "
                                "certificate with subject: '%s'", str);
@@ -1144,7 +1147,8 @@ is_proxy_cert(hx509_context context,
      ProxyCertInfo info;
      const Extension *e;
      size_t size;
-    int ret, i = 0;
+    int ret;
+    size_t i = 0;
  
      if (rinfo)
         memset(rinfo, 0, sizeof(*rinfo));
@@ -1511,7 +1515,7 @@ hx509_cert_get_SPKI_AlgorithmIdentifier(hx509_context context,
  }
  
  static int
-get_x_unique_id(hx509_context context, const char *name, 
+get_x_unique_id(hx509_context context, const char *name,
                 const heim_bit_string *cert, heim_bit_string *subject)
  {
      int ret;
@@ -1695,7 +1699,7 @@ static int
  match_RDN(const RelativeDistinguishedName *c,
           const RelativeDistinguishedName *n)
  {
-    int i;
+    size_t i;
  
      if (c->len != n->len)
         return HX509_NAME_CONSTRAINT_ERROR;
@@ -1717,7 +1721,8 @@ match_RDN(const RelativeDistinguishedName *c,
  static int
  match_X501Name(const Name *c, const Name *n)
  {
-    int i, ret;
+    size_t i;
+    int ret;
  
      if (c->element != choice_Name_rdnSequence
         || n->element != choice_Name_rdnSequence)
@@ -1824,7 +1829,8 @@ match_alt_name(const GeneralName *n, const Certificate *c,
                int *same, int *match)
  {
      GeneralNames sa;
-    int ret, i, j;
+    int ret;
+    size_t i, j;
  
      i = 0;
      do {
@@ -1869,7 +1875,7 @@ match_tree(const GeneralSubtrees *t, const Certificate *c, int *match)
             && !subject_null_p(c))
         {
             GeneralName certname;
-       
+
             memset(&certname, 0, sizeof(certname));
             certname.element = choice_GeneralName_directoryName;
             certname.u.directoryName.element =
@@ -1898,7 +1904,7 @@ check_name_constraints(hx509_context context,
                        const Certificate *c)
  {
      int match, ret;
-    int i;
+    size_t i;
  
      for (i = 0 ; i < nc->len; i++) {
         GeneralSubtrees gs;
@@ -1941,7 +1947,7 @@ check_name_constraints(hx509_context context,
  static void
  free_name_constraints(hx509_name_constraints *nc)
  {
-    int i;
+    size_t i;
  
      for (i = 0 ; i < nc->len; i++)
         free_NameConstraints(&nc->val[i]);
@@ -1971,7 +1977,8 @@ hx509_verify_path(hx509_context context,
  {
      hx509_name_constraints nc;
      hx509_path path;
-    int ret, i, proxy_cert_depth, selfsigned_depth, diff;
+    int ret, proxy_cert_depth, selfsigned_depth, diff;
+    size_t i, k;
      enum certtype type;
      Name proxy_issuer;
      hx509_certs anchors = NULL;
@@ -1979,7 +1986,7 @@ hx509_verify_path(hx509_context context,
      memset(&proxy_issuer, 0, sizeof(proxy_issuer));
  
      ret = init_name_constraints(&nc);
-    if (ret)   
+    if (ret)
         return ret;
  
      path.val = NULL;
@@ -2031,7 +2038,7 @@ hx509_verify_path(hx509_context context,
         time_t t;
  
         c = _hx509_get_cert(path.val[i]);
-       
+
         /*
          * Lets do some basic check on issuer like
          * keyUsage.keyCertSign and basicConstraints.cA bit depending
@@ -2063,10 +2070,10 @@ hx509_verify_path(hx509_context context,
  
             break;
         case PROXY_CERT: {
-           ProxyCertInfo info; 
+           ProxyCertInfo info;
  
             if (is_proxy_cert(context, c, &info) == 0) {
-               int j;
+               size_t j;
  
                 if (info.pCPathLenConstraint != NULL &&
                     *info.pCPathLenConstraint < i)
@@ -2080,7 +2087,7 @@ hx509_verify_path(hx509_context context,
                 }
                 /* XXX MUST check info.proxyPolicy */
                 free_ProxyCertInfo(&info);
-               
+
                 j = 0;
                 if (find_extension(c, &asn1_oid_id_x509_ce_subjectAltName, &j)) {
                     ret = HX509_PROXY_CERT_INVALID;
@@ -2098,7 +2105,7 @@ hx509_verify_path(hx509_context context,
                                            "forbidden issuerAltName");
                     goto out;
                 }
-                       
+
                 /*
                  * The subject name of the proxy certificate should be
                  * CN=XXX,<proxy issuer>, prune of CN and check if its
@@ -2189,7 +2196,7 @@ hx509_verify_path(hx509_context context,
                 }
                 if (cert->basename)
                     hx509_name_free(&cert->basename);
-               
+
                 ret = _hx509_name_from_Name(&proxy_issuer, &cert->basename);
                 if (ret) {
                     hx509_clear_error_string(context);
@@ -2204,7 +2211,7 @@ hx509_verify_path(hx509_context context,
                                       i - proxy_cert_depth - selfsigned_depth);
         if (ret)
             goto out;
-       
+
         /*
          * Don't check the trust anchors expiration time since they
          * are transported out of band, from RFC3820.
@@ -2236,9 +2243,10 @@ hx509_verify_path(hx509_context context,
       * checked in the right order.
       */
  
-    for (ret = 0, i = path.len - 1; i >= 0; i--) {
+    for (ret = 0, k = path.len; k > 0; k--) {
         Certificate *c;
         int selfsigned;
+       i = k - 1;
  
         c = _hx509_get_cert(path.val[i]);
  
@@ -2287,7 +2295,7 @@ hx509_verify_path(hx509_context context,
         }
  
         for (i = 0; i < path.len - 1; i++) {
-           int parent = (i < path.len - 1) ? i + 1 : i;
+           size_t parent = (i < path.len - 1) ? i + 1 : i;
  
             ret = hx509_revoke_verify(context,
                                       ctx->revoke_ctx,
@@ -2308,9 +2316,10 @@ hx509_verify_path(hx509_context context,
       * parameter is passed up from the anchor up though the chain.
       */
  
-    for (i = path.len - 1; i >= 0; i--) {
+    for (k = path.len; k > 0; k--) {
         hx509_cert signer;
         Certificate *c;
+       i = k - 1;
  
         c = _hx509_get_cert(path.val[i]);
  
@@ -2343,7 +2352,7 @@ hx509_verify_path(hx509_context context,
                                    "Failed to verify signature of certificate");
             goto out;
         }
-       /* 
+       /*
          * Verify that the sigature algorithm "best-before" date is
          * before the creation date of the certificate, do this for
          * trust anchors too, since any trust anchor that is created
@@ -2353,7 +2362,7 @@ hx509_verify_path(hx509_context context,
          */
  
         if (i != 0 && (ctx->flags & HX509_VERIFY_CTX_F_NO_BEST_BEFORE_CHECK) == 0) {
-           time_t notBefore = 
+           time_t notBefore =
                 _hx509_Time2time_t(&c->tbsCertificate.validity.notBefore);
             ret = _hx509_signature_best_before(context,
                                                &c->signatureAlgorithm,
@@ -2450,7 +2459,8 @@ hx509_verify_hostname(hx509_context context,
  {
      GeneralNames san;
      const Name *name;
-    int ret, i, j;
+    int ret;
+    size_t i, j, k;
  
      if (sa && sa_size <= 0)
         return EINVAL;
@@ -2471,7 +2481,7 @@ hx509_verify_hostname(hx509_context context,
                 heim_printable_string hn;
                 hn.data = rk_UNCONST(hostname);
                 hn.length = strlen(hostname);
-               
+
                 if (der_printable_string_cmp(&san.val[j].u.dNSName, &hn) == 0) {
                     free_GeneralNames(&san);
                     return 0;
@@ -2488,7 +2498,8 @@ hx509_verify_hostname(hx509_context context,
      name = &cert->data->tbsCertificate.subject;
  
      /* Find first CN= in the name, and try to match the hostname on that */
-    for (ret = 0, i = name->u.rdnSequence.len - 1; ret == 0 && i >= 0; i--) {
+    for (ret = 0, k = name->u.rdnSequence.len; ret == 0 && k > 0; k--) {
+       i = k - 1;
         for (j = 0; ret == 0 && j < name->u.rdnSequence.val[i].len; j++) {
             AttributeTypeAndValue *n = &name->u.rdnSequence.val[i].val[j];
  
@@ -2579,7 +2590,7 @@ _hx509_set_cert_attribute(hx509_context context,
  hx509_cert_attribute
  hx509_cert_get_attribute(hx509_cert cert, const heim_oid *oid)
  {
-    int i;
+    size_t i;
      for (i = 0; i < cert->attrs.len; i++)
         if (der_heim_oid_cmp(oid, &cert->attrs.val[i]->oid) == 0)
             return cert->attrs.val[i];
@@ -2625,7 +2636,8 @@ hx509_cert_get_friendly_name(hx509_cert cert)
      hx509_cert_attribute a;
      PKCS9_friendlyName n;
      size_t sz;
-    int ret, i;
+    int ret;
+    size_t i;
  
      if (cert->friendlyname)
         return cert->friendlyname;
@@ -2647,7 +2659,7 @@ hx509_cert_get_friendly_name(hx509_cert cert)
      ret = decode_PKCS9_friendlyName(a->data.data, a->data.length, &n, &sz);
      if (ret)
         return NULL;
-       
+
      if (n.len != 1) {
         free_PKCS9_friendlyName(&n);
         return NULL;
@@ -3166,7 +3178,8 @@ hx509_query_unparse_stats(hx509_context context, int printtype, FILE *out)
  {
      rtbl_t t;
      FILE *f;
-    int type, mask, i, num;
+    int type, mask, num;
+    size_t i;
      unsigned long multiqueries = 0, totalqueries = 0;
      struct stat_el stats[32];
  
@@ -3254,7 +3267,8 @@ hx509_cert_check_eku(hx509_context context, hx509_cert cert,
                      const heim_oid *eku, int allow_any_eku)
  {
      ExtKeyUsage e;
-    int ret, i;
+    int ret;
+    size_t i;
  
      ret = find_extension_eku(_hx509_get_cert(cert), &e);
      if (ret) {
@@ -3289,7 +3303,8 @@ _hx509_cert_get_keyusage(hx509_context context,
      Certificate *cert;
      const Extension *e;
      size_t size;
-    int ret, i = 0;
+    int ret;
+    size_t i = 0;
  
      memset(ku, 0, sizeof(*ku));
  
@@ -3455,7 +3470,7 @@ _hx509_cert_to_env(hx509_context context, hx509_cert cert, hx509_env *env)
      else if (ret != 0)
         goto out;
      else {
-       int i;
+       size_t i;
         hx509_env enveku = NULL;
  
         for (i = 0; i < eku.len; i++) {
@@ -3509,10 +3524,10 @@ _hx509_cert_to_env(hx509_context context, hx509_cert cert, hx509_env *env)
                                    "Out of memory");
             goto out;
         }
-       
+
         ret = hx509_env_add(context, &envhash, "sha1", buf);
         free(buf);
-       if (ret) 
+       if (ret)
             goto out;
  
         ret = hx509_env_add_binding(context, &envcert, "hash", envhash);
diff --git a/source4/heimdal/lib/hx509/char_map.h b/source4/heimdal/lib/hx509/char_map.h

index d2b39d041fcfaf3ae2b0382673c18b5bed37f023..8a3026c7e635179e0814f3a1ecb8501ed1cc2efa 100644 (file)
--- a/source4/heimdal/lib/hx509/char_map.h
+++ b/source4/heimdal/lib/hx509/char_map.h
@@ -10,36 +10,36 @@
  
  
  unsigned char char_map[] = {
-       0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  
-       0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  
-       0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  
-       0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  
-       0x06 ,  0x00 ,  0x00 ,  0x10 ,  0x00 ,  0x00 ,  0x00 ,  0x00 ,  
-       0x00 ,  0x00 ,  0x00 ,  0x12 ,  0x12 ,  0x02 ,  0x02 ,  0x02 ,  
-       0x02 ,  0x02 ,  0x02 ,  0x02 ,  0x02 ,  0x02 ,  0x02 ,  0x02 ,  
-       0x02 ,  0x02 ,  0x02 ,  0x10 ,  0x10 ,  0x12 ,  0x10 ,  0x02 ,  
-       0x00 ,  0x02 ,  0x02 ,  0x02 ,  0x02 ,  0x02 ,  0x02 ,  0x02 ,  
-       0x02 ,  0x02 ,  0x02 ,  0x02 ,  0x02 ,  0x02 ,  0x02 ,  0x02 ,  
-       0x02 ,  0x02 ,  0x02 ,  0x02 ,  0x02 ,  0x02 ,  0x02 ,  0x02 ,  
-       0x02 ,  0x02 ,  0x02 ,  0x00 ,  0x00 ,  0x00 ,  0x00 ,  0x00 ,  
-       0x00 ,  0x02 ,  0x02 ,  0x02 ,  0x02 ,  0x02 ,  0x02 ,  0x02 ,  
-       0x02 ,  0x02 ,  0x02 ,  0x02 ,  0x02 ,  0x02 ,  0x02 ,  0x02 ,  
-       0x02 ,  0x02 ,  0x02 ,  0x02 ,  0x02 ,  0x02 ,  0x02 ,  0x02 ,  
-       0x02 ,  0x02 ,  0x02 ,  0x00 ,  0x00 ,  0x00 ,  0x00 ,  0x21 ,  
-       0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  
-       0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  
-       0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  
-       0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  
-       0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  
-       0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  
-       0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  
-       0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  
-       0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  
-       0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  
-       0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  
-       0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  
-       0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  
-       0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  
-       0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  
-       0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 
+       0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,
+       0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,
+       0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,
+       0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,
+       0x06 ,  0x00 ,  0x00 ,  0x10 ,  0x00 ,  0x00 ,  0x00 ,  0x00 ,
+       0x00 ,  0x00 ,  0x00 ,  0x12 ,  0x12 ,  0x02 ,  0x02 ,  0x02 ,
+       0x02 ,  0x02 ,  0x02 ,  0x02 ,  0x02 ,  0x02 ,  0x02 ,  0x02 ,
+       0x02 ,  0x02 ,  0x02 ,  0x10 ,  0x10 ,  0x12 ,  0x10 ,  0x02 ,
+       0x00 ,  0x02 ,  0x02 ,  0x02 ,  0x02 ,  0x02 ,  0x02 ,  0x02 ,
+       0x02 ,  0x02 ,  0x02 ,  0x02 ,  0x02 ,  0x02 ,  0x02 ,  0x02 ,
+       0x02 ,  0x02 ,  0x02 ,  0x02 ,  0x02 ,  0x02 ,  0x02 ,  0x02 ,
+       0x02 ,  0x02 ,  0x02 ,  0x00 ,  0x00 ,  0x00 ,  0x00 ,  0x00 ,
+       0x00 ,  0x02 ,  0x02 ,  0x02 ,  0x02 ,  0x02 ,  0x02 ,  0x02 ,
+       0x02 ,  0x02 ,  0x02 ,  0x02 ,  0x02 ,  0x02 ,  0x02 ,  0x02 ,
+       0x02 ,  0x02 ,  0x02 ,  0x02 ,  0x02 ,  0x02 ,  0x02 ,  0x02 ,
+       0x02 ,  0x02 ,  0x02 ,  0x00 ,  0x00 ,  0x00 ,  0x00 ,  0x21 ,
+       0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,
+       0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,
+       0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,
+       0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,
+       0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,
+       0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,
+       0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,
+       0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,
+       0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,
+       0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,
+       0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,
+       0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,
+       0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,
+       0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,
+       0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,
+       0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21 ,  0x21
  };
diff --git a/source4/heimdal/lib/hx509/cms.c b/source4/heimdal/lib/hx509/cms.c

index 6e4eefaa1ca8c00556ca239770a34955eef09787..4e0a2e03fcb61a4ac2fe557cacb29bb3ecf95ba3 100644 (file)
--- a/source4/heimdal/lib/hx509/cms.c
+++ b/source4/heimdal/lib/hx509/cms.c
@@ -362,7 +362,8 @@ hx509_cms_unenvelope(hx509_context context,
      heim_octet_string *params, params_data;
      heim_octet_string ivec;
      size_t size;
-    int ret, i, matched = 0, findflags = 0;
+    int ret, matched = 0, findflags = 0;
+    size_t i;
  
  
      memset(&key, 0, sizeof(key));
@@ -472,7 +473,7 @@ hx509_cms_unenvelope(hx509_context context,
         ret = hx509_crypto_init(context, NULL, &ai->algorithm, &crypto);
         if (ret)
             goto out;
-       
+
         if (flags & HX509_CMS_UE_ALLOW_WEAK)
             hx509_crypto_allow_weak(crypto);
  
@@ -492,7 +493,7 @@ hx509_cms_unenvelope(hx509_context context,
                                    "of EnvelopedData");
             goto out;
         }
-       
+
         ret = hx509_crypto_decrypt(crypto,
                                    enccontent->data,
                                    enccontent->length,
@@ -619,7 +620,7 @@ hx509_cms_envelope_1(hx509_context context,
                                    "Failed to set crypto oid "
                                    "for EnvelopedData");
             goto out;
-       }       
+       }
         ALLOC(enc_alg->parameters, 1);
         if (enc_alg->parameters == NULL) {
             ret = ENOMEM;
@@ -656,7 +657,7 @@ hx509_cms_envelope_1(hx509_context context,
         ri->version = 2;
         cmsidflag = CMS_ID_SKI;
      }
-       
+
      ret = fill_CMSIdentifier(cert, cmsidflag, &ri->rid);
      if (ret) {
         hx509_set_error_string(context, 0, ret,
@@ -718,7 +719,8 @@ out:
  static int
  any_to_certs(hx509_context context, const SignedData *sd, hx509_certs certs)
  {
-    int ret, i;
+    int ret;
+    size_t i;
  
      if (sd->certificates == NULL)
         return 0;
@@ -744,7 +746,7 @@ any_to_certs(hx509_context context, const SignedData *sd, hx509_certs certs)
  static const Attribute *
  find_attribute(const CMSAttributes *attr, const heim_oid *oid)
  {
-    int i;
+    size_t i;
      for (i = 0; i < attr->len; i++)
         if (der_heim_oid_cmp(&attr->val[i].type, oid) == 0)
             return &attr->val[i];
@@ -790,7 +792,8 @@ hx509_cms_verify_signed(hx509_context context,
      hx509_certs certs = NULL;
      SignedData sd;
      size_t size;
-    int ret, i, found_valid_sig;
+    int ret, found_valid_sig;
+    size_t i;
  
      *signer_certs = NULL;
      content->data = NULL;
@@ -889,7 +892,7 @@ hx509_cms_verify_signed(hx509_context context,
  
         if (signer_info->signedAttrs) {
             const Attribute *attr;
-       
+
             CMSAttributes sa;
             heim_octet_string os;
  
@@ -913,7 +916,7 @@ hx509_cms_verify_signed(hx509_context context,
                                        "messageDigest (signature)");
                 goto next_sigature;
             }
-       
+
             ret = decode_MessageDigest(attr->value.val[0].data,
                                        attr->value.val[0].length,
                                        &os,
@@ -1018,7 +1021,7 @@ hx509_cms_verify_signed(hx509_context context,
         if (ret)
             goto next_sigature;
  
-       /** 
+       /**
          * If HX509_CMS_VS_NO_VALIDATE flags is set, do not verify the
          * signing certificates and leave that up to the caller.
          */
@@ -1113,7 +1116,7 @@ add_one_attribute(Attribute **attr,
  
      return 0;
  }
-       
+
  /**
   * Decode SignedData and verify that the signature is correct.
   *
@@ -1212,7 +1215,7 @@ sig_process(hx509_context context, void *ctx, hx509_cert cert)
             hx509_clear_error_string(context);
      } else {
         ret = hx509_crypto_select(context, HX509_SELECT_DIGEST,
-                                 _hx509_cert_private_key(cert), 
+                                 _hx509_cert_private_key(cert),
                                   sigctx->peer, &digest);
      }
      if (ret)
@@ -1240,7 +1243,7 @@ sig_process(hx509_context context, void *ctx, hx509_cert cert)
      if (ret) {
         hx509_clear_error_string(context);
         goto out;
-    }                  
+    }
  
      signer_info->signedAttrs = NULL;
      signer_info->unsignedAttrs = NULL;
@@ -1256,7 +1259,7 @@ sig_process(hx509_context context, void *ctx, hx509_cert cert)
       */
  
      if (der_heim_oid_cmp(sigctx->eContentType, &asn1_oid_id_pkcs7_data) != 0) {
-       CMSAttributes sa;       
+       CMSAttributes sa;
         heim_octet_string sig;
  
         ALLOC(signer_info->signedAttrs, 1);
@@ -1322,7 +1325,7 @@ sig_process(hx509_context context, void *ctx, hx509_cert cert)
  
         sa.val = signer_info->signedAttrs->val;
         sa.len = signer_info->signedAttrs->len;
-       
+
         ASN1_MALLOC_ENCODE(CMSAttributes,
                            sigdata.data,
                            sigdata.length,
@@ -1409,7 +1412,7 @@ cert_process(hx509_context context, void *ctx, hx509_cert cert)
      const unsigned int i = sigctx->sd.certificates->len;
      void *ptr;
      int ret;
-    
+
      ptr = realloc(sigctx->sd.certificates->val,
                   (i + 1) * sizeof(sigctx->sd.certificates->val[0]));
      if (ptr == NULL)
@@ -1503,7 +1506,7 @@ hx509_cms_create_signed(hx509_context context,
             ret = ENOMEM;
             goto out;
         }
-       
+
         sigctx.sd.encapContentInfo.eContent->data = malloc(length);
         if (sigctx.sd.encapContentInfo.eContent->data == NULL) {
             hx509_clear_error_string(context);
@@ -1525,6 +1528,10 @@ hx509_cms_create_signed(hx509_context context,
      }
  
      if (sigctx.sd.signerInfos.len) {
+
+       /*
+        * For each signerInfo, collect all different digest types.
+        */
         for (i = 0; i < sigctx.sd.signerInfos.len; i++) {
             AlgorithmIdentifier *di =
                 &sigctx.sd.signerInfos.val[i].digestAlgorithm;
@@ -1532,7 +1539,7 @@ hx509_cms_create_signed(hx509_context context,
             for (j = 0; j < sigctx.sd.digestAlgorithms.len; j++)
                 if (cmp_AlgorithmIdentifier(di, &sigctx.sd.digestAlgorithms.val[j]) == 0)
                     break;
-           if (j < sigctx.sd.digestAlgorithms.len) {
+           if (j == sigctx.sd.digestAlgorithms.len) {
                 ret = add_DigestAlgorithmIdentifiers(&sigctx.sd.digestAlgorithms, di);
                 if (ret) {
                     hx509_clear_error_string(context);
@@ -1542,6 +1549,9 @@ hx509_cms_create_signed(hx509_context context,
         }
      }
  
+    /*
+     * Add certs we think are needed, build as part of sig_process
+     */
      if (sigctx.certs) {
         ALLOC(sigctx.sd.certificates, 1);
         if (sigctx.sd.certificates == NULL) {
diff --git a/source4/heimdal/lib/hx509/collector.c b/source4/heimdal/lib/hx509/collector.c

index 0cb186399f03237df7303cbb95671f6da6d0b188..15f8163f809300a72f9980f51e83e84d1d6f41ea 100644 (file)
--- a/source4/heimdal/lib/hx509/collector.c
+++ b/source4/heimdal/lib/hx509/collector.c
@@ -133,7 +133,7 @@ _hx509_collector_private_key_add(hx509_context context,
         return ENOMEM;
      }
      c->val.data = d;
-       
+
      ret = copy_AlgorithmIdentifier(alg, &key->alg);
      if (ret) {
         hx509_set_error_string(context, 0, ret, "Failed to copy "
@@ -192,7 +192,7 @@ match_localkeyid(hx509_context context,
  
      ret = hx509_certs_find(context, certs, &q, &cert);
      if (ret == 0) {
-       
+
         if (value->private_key)
             _hx509_cert_assign_key(cert, value->private_key);
         hx509_cert_free(cert);
@@ -253,7 +253,8 @@ _hx509_collector_collect_certs(hx509_context context,
                                hx509_certs *ret_certs)
  {
      hx509_certs certs;
-    int ret, i;
+    int ret;
+    size_t i;
  
      *ret_certs = NULL;
  
@@ -286,7 +287,7 @@ _hx509_collector_collect_private_keys(hx509_context context,
                                       struct hx509_collector *c,
                                       hx509_private_key **keys)
  {
-    int i, nkeys;
+    size_t i, nkeys;
  
      *keys = NULL;
  
@@ -315,7 +316,7 @@ _hx509_collector_collect_private_keys(hx509_context context,
  void
  _hx509_collector_free(struct hx509_collector *c)
  {
-    int i;
+    size_t i;
  
      if (c->unenvelop_certs)
         hx509_certs_free(&c->unenvelop_certs);
diff --git a/source4/heimdal/lib/hx509/crypto.c b/source4/heimdal/lib/hx509/crypto.c

index c69ddfb5d2b2966a58cf80d754e6b0f9a48238df..4559a9c49391c2cd142444a196a21b33b022421e 100644 (file)
--- a/source4/heimdal/lib/hx509/crypto.c
+++ b/source4/heimdal/lib/hx509/crypto.c
@@ -286,7 +286,7 @@ heim_oid2ecnid(heim_oid *oid)
  }
  
  static int
-parse_ECParameters(hx509_context context, 
+parse_ECParameters(hx509_context context,
                    heim_octet_string *parameters, int *nid)
  {
      ECParameters ecparam;
@@ -404,7 +404,7 @@ ecdsa_verify_signature(hx509_context context,
         ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
         return ret;
      }
-    
+
      return 0;
  }
  
@@ -552,7 +552,7 @@ rsa_verify_signature(hx509_context context,
  
      p = spi->subjectPublicKey.data;
      size = spi->subjectPublicKey.length / 8;
-    
+
      rsa = d2i_RSAPublicKey(NULL, &p, size);
      if (rsa == NULL) {
         ret = ENOMEM;
@@ -587,14 +587,14 @@ rsa_verify_signature(hx509_context context,
         if (ret) {
             goto out;
         }
-       
+
         /* Check for extra data inside the sigature */
-       if (size != retsize) {
+       if (size != (size_t)retsize) {
             ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
             hx509_set_error_string(context, 0, ret, "size from decryption mismatch");
             goto out;
         }
-       
+
         if (sig_alg->digest_alg &&
             der_heim_oid_cmp(&di.digestAlgorithm.algorithm,
                              &sig_alg->digest_alg->algorithm) != 0)
@@ -603,7 +603,7 @@ rsa_verify_signature(hx509_context context,
             hx509_set_error_string(context, 0, ret, "object identifier in RSA sig mismatch");
             goto out;
         }
-       
+
         /* verify that the parameters are NULL or the NULL-type */
         if (di.digestAlgorithm.parameters != NULL &&
             (di.digestAlgorithm.parameters->length != 2 ||
@@ -620,7 +620,7 @@ rsa_verify_signature(hx509_context context,
                                       data,
                                       &di.digest);
      } else {
-       if (retsize != data->length ||
+       if ((size_t)retsize != data->length ||
             ct_memcmp(to, data->data, retsize) != 0)
         {
             ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
@@ -739,7 +739,7 @@ rsa_create_signature(hx509_context context,
                                "RSA private encrypt failed: %d", ret);
         return ret;
      }
-    if (ret > sig->length)
+    if ((size_t)ret > sig->length)
         _hx509_abort("RSA signature prelen longer the output len");
  
      sig->length = ret;
@@ -960,11 +960,11 @@ ecdsa_private_key_import(hx509_context context,
         ret = parse_ECParameters(context, keyai->parameters, &groupnid);
         if (ret)
             return ret;
-       
+
         key = EC_KEY_new();
         if (key == NULL)
             return ENOMEM;
-       
+
         group = EC_GROUP_new_by_curve_name(groupnid);
         if (group == NULL) {
             EC_KEY_free(key);
@@ -1008,8 +1008,8 @@ ecdsa_generate_private_key(hx509_context context,
  }
  
  static BIGNUM *
-ecdsa_get_internal(hx509_context context, 
-                  hx509_private_key key, 
+ecdsa_get_internal(hx509_context context,
+                  hx509_private_key key,
                    const char *type)
  {
      return NULL;
@@ -1162,7 +1162,7 @@ evp_md_create_signature(hx509_context context,
         if (ret)
             return ret;
      }
-       
+
  
      sig->data = malloc(sigsize);
      if (sig->data == NULL) {
@@ -1256,7 +1256,8 @@ static const struct signature_alg heim_rsa_pkcs1_x509 = {
      0,
      NULL,
      rsa_verify_signature,
-    rsa_create_signature
+    rsa_create_signature,
+    0
  };
  
  static const struct signature_alg pkcs1_rsa_sha1_alg = {
@@ -1269,7 +1270,8 @@ static const struct signature_alg pkcs1_rsa_sha1_alg = {
      0,
      NULL,
      rsa_verify_signature,
-    rsa_create_signature
+    rsa_create_signature,
+    0
  };
  
  static const struct signature_alg rsa_with_sha512_alg = {
@@ -1282,7 +1284,8 @@ static const struct signature_alg rsa_with_sha512_alg = {
      0,
      NULL,
      rsa_verify_signature,
-    rsa_create_signature
+    rsa_create_signature,
+    0
  };
  
  static const struct signature_alg rsa_with_sha384_alg = {
@@ -1295,7 +1298,8 @@ static const struct signature_alg rsa_with_sha384_alg = {
      0,
      NULL,
      rsa_verify_signature,
-    rsa_create_signature
+    rsa_create_signature,
+    0
  };
  
  static const struct signature_alg rsa_with_sha256_alg = {
@@ -1308,7 +1312,8 @@ static const struct signature_alg rsa_with_sha256_alg = {
      0,
      NULL,
      rsa_verify_signature,
-    rsa_create_signature
+    rsa_create_signature,
+    0
  };
  
  static const struct signature_alg rsa_with_sha1_alg = {
@@ -1321,7 +1326,8 @@ static const struct signature_alg rsa_with_sha1_alg = {
      0,
      NULL,
      rsa_verify_signature,
-    rsa_create_signature
+    rsa_create_signature,
+    0
  };
  
  static const struct signature_alg rsa_with_sha1_alg_secsig = {
@@ -1334,7 +1340,8 @@ static const struct signature_alg rsa_with_sha1_alg_secsig = {
      0,
      NULL,
      rsa_verify_signature,
-    rsa_create_signature
+    rsa_create_signature,
+    0
  };
  
  static const struct signature_alg rsa_with_md5_alg = {
@@ -1347,7 +1354,8 @@ static const struct signature_alg rsa_with_md5_alg = {
      1230739889,
      NULL,
      rsa_verify_signature,
-    rsa_create_signature
+    rsa_create_signature,
+    0
  };
  
  static const struct signature_alg dsa_sha1_alg = {
@@ -1361,6 +1369,7 @@ static const struct signature_alg dsa_sha1_alg = {
      NULL,
      dsa_verify_signature,
      /* create_signature */ NULL,
+    0
  };
  
  static const struct signature_alg sha512_alg = {
@@ -1373,7 +1382,8 @@ static const struct signature_alg sha512_alg = {
      0,
      EVP_sha512,
      evp_md_verify_signature,
-    evp_md_create_signature
+    evp_md_create_signature,
+    0
  };
  
  static const struct signature_alg sha384_alg = {
@@ -1386,7 +1396,8 @@ static const struct signature_alg sha384_alg = {
      0,
      EVP_sha384,
      evp_md_verify_signature,
-    evp_md_create_signature
+    evp_md_create_signature,
+    0
  };
  
  static const struct signature_alg sha256_alg = {
@@ -1399,7 +1410,8 @@ static const struct signature_alg sha256_alg = {
      0,
      EVP_sha256,
      evp_md_verify_signature,
-    evp_md_create_signature
+    evp_md_create_signature,
+    0
  };
  
  static const struct signature_alg sha1_alg = {
@@ -1412,7 +1424,8 @@ static const struct signature_alg sha1_alg = {
      0,
      EVP_sha1,
      evp_md_verify_signature,
-    evp_md_create_signature
+    evp_md_create_signature,
+    0
  };
  
  static const struct signature_alg md5_alg = {
@@ -1425,7 +1438,8 @@ static const struct signature_alg md5_alg = {
      0,
      EVP_md5,
      evp_md_verify_signature,
-    NULL
+    NULL,
+    0
  };
  
  /*
@@ -1481,7 +1495,7 @@ alg_for_privatekey(const hx509_private_key pk, int type)
             continue;
         if (der_heim_oid_cmp(sig_algs[i]->key_oid, keytype) != 0)
             continue;
-       if (pk->ops->available && 
+       if (pk->ops->available &&
             pk->ops->available(pk, sig_algs[i]->sig_alg) == 0)
             continue;
         if (type == HX509_SELECT_PUBLIC_SIG)
@@ -1673,7 +1687,7 @@ _hx509_public_encrypt(hx509_context context,
  
      p = spi->subjectPublicKey.data;
      size = spi->subjectPublicKey.length / 8;
-    
+
      rsa = d2i_RSAPublicKey(NULL, &p, size);
      if (rsa == NULL) {
         hx509_set_error_string(context, 0, ENOMEM, "out of memory");
@@ -1748,7 +1762,7 @@ hx509_private_key_private_decrypt(hx509_context context,
                                "Failed to decrypt using private key: %d", ret);
         return HX509_CRYPTO_RSA_PRIVATE_DECRYPT;
      }
-    if (cleartext->length < ret)
+    if (cleartext->length < (size_t)ret)
         _hx509_abort("internal rsa decryption failure: ret > tosize");
  
      cleartext->length = ret;
@@ -2339,7 +2353,7 @@ static const struct hx509cipher ciphers[] = {
  static const struct hx509cipher *
  find_cipher_by_oid(const heim_oid *oid)
  {
-    int i;
+    size_t i;
  
      for (i = 0; i < sizeof(ciphers)/sizeof(ciphers[0]); i++)
         if (der_heim_oid_cmp(oid, ciphers[i].oid) == 0)
@@ -2351,7 +2365,7 @@ find_cipher_by_oid(const heim_oid *oid)
  static const struct hx509cipher *
  find_cipher_by_name(const char *name)
  {
-    int i;
+    size_t i;
  
      for (i = 0; i < sizeof(ciphers)/sizeof(ciphers[0]); i++)
         if (strcasecmp(name, ciphers[i].name) == 0)
@@ -2461,7 +2475,7 @@ hx509_crypto_set_padding(hx509_crypto crypto, int padding_type)
  int
  hx509_crypto_set_key_data(hx509_crypto crypto, const void *data, size_t length)
  {
-    if (EVP_CIPHER_key_length(crypto->c) > length)
+    if (EVP_CIPHER_key_length(crypto->c) > (int)length)
         return HX509_CRYPTO_INTERNAL_ERROR;
  
      if (crypto->key.data) {
@@ -2558,7 +2572,7 @@ hx509_crypto_encrypt(hx509_crypto crypto,
         (crypto->flags & ALLOW_WEAK) == 0)
         return HX509_CRYPTO_ALGORITHM_BEST_BEFORE;
  
-    assert(EVP_CIPHER_iv_length(crypto->c) == ivec->length);
+    assert(EVP_CIPHER_iv_length(crypto->c) == (int)ivec->length);
  
      EVP_CIPHER_CTX_init(&evp);
  
@@ -2595,10 +2609,10 @@ hx509_crypto_encrypt(hx509_crypto crypto,
         ret = ENOMEM;
         goto out;
      }
-       
+
      memcpy((*ciphertext)->data, data, length);
      if (padsize) {
-       int i;
+       size_t i;
         unsigned char *p = (*ciphertext)->data;
         p += length;
         for (i = 0; i < padsize; i++)
@@ -2647,7 +2661,7 @@ hx509_crypto_decrypt(hx509_crypto crypto,
         (crypto->flags & ALLOW_WEAK) == 0)
         return HX509_CRYPTO_ALGORITHM_BEST_BEFORE;
  
-    if (ivec && EVP_CIPHER_iv_length(crypto->c) < ivec->length)
+    if (ivec && EVP_CIPHER_iv_length(crypto->c) < (int)ivec->length)
         return HX509_CRYPTO_INTERNAL_ERROR;
  
      if (crypto->key.data == NULL)
@@ -2683,7 +2697,7 @@ hx509_crypto_decrypt(hx509_crypto crypto,
         unsigned char *p;
         int j, bsize = EVP_CIPHER_block_size(crypto->c);
  
-       if (clear->length < bsize) {
+       if ((int)clear->length < bsize) {
             ret = HX509_CMS_PADDING_ERROR;
             goto out;
         }
@@ -2854,7 +2868,8 @@ _hx509_pbe_decrypt(hx509_context context,
      const EVP_CIPHER *c;
      const EVP_MD *md;
      PBE_string2key_func s2k;
-    int i, ret = 0;
+    int ret = 0;
+    size_t i;
  
      memset(&key, 0, sizeof(key));
      memset(&iv, 0, sizeof(iv));
@@ -2912,7 +2927,7 @@ _hx509_pbe_decrypt(hx509_context context,
         hx509_crypto_destroy(crypto);
         if (ret == 0)
             goto out;
-                               
+
      }
  out:
      if (key.data)
@@ -3161,7 +3176,7 @@ hx509_crypto_available(hx509_context context,
             if (ptr == NULL)
                 goto out;
             *val = ptr;
-       
+
             ret = copy_AlgorithmIdentifier((ciphers[i].ai_func)(), &(*val)[len]);
             if (ret)
                 goto out;
diff --git a/source4/heimdal/lib/hx509/file.c b/source4/heimdal/lib/hx509/file.c

index 56e25766ef953232968508bf7c407e6503220df7..4f7e87f070ae9aa44c29262da09e3c1c681b7fb9 100644 (file)
--- a/source4/heimdal/lib/hx509/file.c
+++ b/source4/heimdal/lib/hx509/file.c
@@ -93,11 +93,11 @@ hx509_pem_write(hx509_context context, const char *type,
  
      while (size > 0) {
         ssize_t l;
-       
+
         length = size;
         if (length > ENCODE_LINE_LENGTH)
             length = ENCODE_LINE_LENGTH;
-       
+
         l = base64_encode(p, length, &line);
         if (l < 0) {
             hx509_set_error_string(context, 0, ENOMEM,
@@ -211,7 +211,7 @@ hx509_pem_read(hx509_context context,
             if (i > 0)
                 i--;
         }
-       
+
         switch (where) {
         case BEFORE:
             if (strncmp("-----BEGIN ", buf, 11) == 0) {
@@ -260,7 +260,7 @@ hx509_pem_read(hx509_context context,
                 free(p);
                 goto out;
             }
-       
+
             data = erealloc(data, len + i);
             memcpy(((char *)data) + len, p, i);
             free(p);
diff --git a/source4/heimdal/lib/hx509/keyset.c b/source4/heimdal/lib/hx509/keyset.c

index 77cfd42cd2b3d05647259efe5aa99ed520a744e1..c0275d949d06a5934764a2a759ea9c5d4e244974 100644 (file)
--- a/source4/heimdal/lib/hx509/keyset.c
+++ b/source4/heimdal/lib/hx509/keyset.c
@@ -390,6 +390,21 @@ certs_iter(hx509_context context, void *ctx, hx509_cert cert)
      return func(cert);
  }
  
+/**
+ * Iterate over all certificates in a keystore and call an block
+ * for each fo them.
+ *
+ * @param context a hx509 context.
+ * @param certs certificate store to iterate over.
+ * @param func block to call for each certificate. The function
+ * should return non-zero to abort the iteration, that value is passed
+ * back to the caller of hx509_certs_iter().
+ *
+ * @return Returns an hx509 error code.
+ *
+ * @ingroup hx509_keyset
+ */
+
  int
  hx509_certs_iter(hx509_context context,
                  hx509_certs certs,
diff --git a/source4/heimdal/lib/hx509/ks_dir.c b/source4/heimdal/lib/hx509/ks_dir.c

index 8c8c6e50c8df3f721578cbd6c0cba46423a2e097..264b1bf552d89d121e1a445e8cdb2f476b34a7af 100644 (file)
--- a/source4/heimdal/lib/hx509/ks_dir.c
+++ b/source4/heimdal/lib/hx509/ks_dir.c
@@ -158,10 +158,10 @@ dir_iter(hx509_context context,
         }
         if (strcmp(dir->d_name, ".") == 0 || strcmp(dir->d_name, "..") == 0)
             continue;
-       
+
         if (asprintf(&fn, "FILE:%s/%s", (char *)data, dir->d_name) == -1)
             return ENOMEM;
-       
+
         ret = hx509_certs_init(context, fn, 0, NULL, &d->certs);
         if (ret == 0) {
  
diff --git a/source4/heimdal/lib/hx509/ks_file.c b/source4/heimdal/lib/hx509/ks_file.c

index ecd3a6edaaa96a3691299d608e00455f6c92ea15..d21d889287080868a7701eb63d6ed6f93c510eb3 100644 (file)
--- a/source4/heimdal/lib/hx509/ks_file.c
+++ b/source4/heimdal/lib/hx509/ks_file.c
@@ -112,7 +112,7 @@ try_decrypt(hx509_context context,
         EVP_CipherInit_ex(&ctx, c, NULL, key, ivdata, 0);
         EVP_Cipher(&ctx, clear.data, cipher, len);
         EVP_CIPHER_CTX_cleanup(&ctx);
-    }  
+    }
  
      ret = _hx509_collector_private_key_add(context,
                                            collector,
@@ -138,7 +138,7 @@ parse_pkcs8_private_key(hx509_context context, const char *fn,
  {
      PKCS8PrivateKeyInfo ki;
      heim_octet_string keydata;
-   
+
      int ret;
  
      ret = decode_PKCS8PrivateKeyInfo(data, length, &ki, NULL);
@@ -177,7 +177,8 @@ parse_pem_private_key(hx509_context context, const char *fn,
         const EVP_CIPHER *cipher;
         const struct _hx509_password *pw;
         hx509_lock lock;
-       int i, decrypted = 0;
+       int decrypted = 0;
+       size_t i;
  
         lock = _hx509_collector_get_lock(c);
         if (lock == NULL) {
@@ -252,7 +253,7 @@ parse_pem_private_key(hx509_context context, const char *fn,
                                    "private key file");
             return HX509_PARSING_KEY_FAILED;
         }
-       
+
         pw = _hx509_lock_get_passwords(lock);
         if (pw != NULL) {
             const void *password;
@@ -261,8 +262,8 @@ parse_pem_private_key(hx509_context context, const char *fn,
             for (i = 0; i < pw->len; i++) {
                 password = pw->val[i];
                 passwordlen = strlen(password);
-               
-               ret = try_decrypt(context, c, ai, cipher, ivdata, 
+
+               ret = try_decrypt(context, c, ai, cipher, ivdata,
                                   password, passwordlen, data, len);
                 if (ret == 0) {
                     decrypted = 1;
@@ -283,7 +284,7 @@ parse_pem_private_key(hx509_context context, const char *fn,
  
             ret = hx509_lock_prompt(lock, &prompt);
             if (ret == 0)
-               ret = try_decrypt(context, c, ai, cipher, ivdata, password, 
+               ret = try_decrypt(context, c, ai, cipher, ivdata, password,
                                   strlen(password), data, len);
             /* XXX add password to lock password collection ? */
             memset(password, 0, sizeof(password));
@@ -329,7 +330,8 @@ pem_func(hx509_context context, const char *type,
          const void *data, size_t len, void *ctx)
  {
      struct pem_ctx *pem_ctx = (struct pem_ctx*)ctx;
-    int ret = 0, j;
+    int ret = 0;
+    size_t j;
  
      for (j = 0; j < sizeof(formats)/sizeof(formats[0]); j++) {
         const char *q = formats[j].name;
@@ -338,7 +340,7 @@ pem_func(hx509_context context, const char *type,
             if (formats[j].ai != NULL)
                 ai = (*formats[j].ai)();
  
-           ret = (*formats[j].func)(context, NULL, pem_ctx->c, 
+           ret = (*formats[j].func)(context, NULL, pem_ctx->c,
                                      header, data, len, ai);
             if (ret && (pem_ctx->flags & HX509_CERTS_UNPROTECT_ALL)) {
                 hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
@@ -418,7 +420,7 @@ file_init_common(hx509_context context,
         pnext = strchr(p, ',');
         if (pnext)
             *pnext++ = '\0';
-       
+
  
         if ((f = fopen(p, "r")) == NULL) {
             ret = ENOENT;
@@ -430,13 +432,13 @@ file_init_common(hx509_context context,
         rk_cloexec_file(f);
  
         ret = hx509_pem_read(context, f, pem_func, &pem_ctx);
-       fclose(f);              
+       fclose(f);
         if (ret != 0 && ret != HX509_PARSING_KEY_FAILED)
             goto out;
         else if (ret == HX509_PARSING_KEY_FAILED) {
             size_t length;
             void *ptr;
-           int i;
+           size_t i;
  
             ret = rk_undumpdata(p, &ptr, &length);
             if (ret) {
diff --git a/source4/heimdal/lib/hx509/ks_keychain.c b/source4/heimdal/lib/hx509/ks_keychain.c

index e64d83c84dc56cdc3d179fc0d9bb2e7ebe6e77e1..0552d8f7e97a615e70fd04223b9737a243a5312c 100644 (file)
--- a/source4/heimdal/lib/hx509/ks_keychain.c
+++ b/source4/heimdal/lib/hx509/ks_keychain.c
@@ -50,7 +50,7 @@ OSStatus SecKeyGetCredentials(SecKeyRef, CSSM_ACL_AUTHORIZATION_TAG,
  static int
  getAttribute(SecKeychainItemRef itemRef, SecItemAttr item,
              SecKeychainAttributeList **attrs)
-{      
+{
      SecKeychainAttributeInfo attrInfo;
      UInt32 attrFormat = 0;
      OSStatus ret;
@@ -138,10 +138,10 @@ kc_rsa_private_encrypt(int flen,
  
      in.Data = (uint8 *)from;
      in.Length = flen;
-       
+
      sig.Data = (uint8 *)to;
      sig.Length = kc->keysize;
-       
+
      cret = CSSM_SignData(sigHandle, &in, 1, CSSM_ALGID_NONE, &sig);
      if(cret) {
         /* cssmErrorString(cret); */
@@ -197,10 +197,10 @@ kc_rsa_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
  
      in.Data = (uint8 *)from;
      in.Length = flen;
-       
+
      out.Data = (uint8 *)to;
      out.Length = kc->keysize;
-       
+
      rem.Data = (uint8 *)remdata;
      rem.Length = sizeof(remdata);
  
@@ -485,7 +485,7 @@ keychain_iter(hx509_context context,
         return 0;
      else if (ret != 0)
         return EINVAL;
-       
+
      /*
       * Pick out certificate and matching "keyid"
       */
@@ -517,7 +517,7 @@ keychain_iter(hx509_context context,
         attrKeyid.tag = kSecKeyLabel;
         attrKeyid.length = attrs->attr[0].length;
         attrKeyid.data = attrs->attr[0].data;
-       
+
         attrList.count = 1;
         attrList.attr = &attrKeyid;
  
diff --git a/source4/heimdal/lib/hx509/ks_mem.c b/source4/heimdal/lib/hx509/ks_mem.c

index 9d3c66b29413cf7111b1433a683bb19f74c97b82..684acb0adf35187286623864b63754e1dcf03e49 100644 (file)
--- a/source4/heimdal/lib/hx509/ks_mem.c
+++ b/source4/heimdal/lib/hx509/ks_mem.c
@@ -171,7 +171,7 @@ mem_getkeys(hx509_context context,
             hx509_set_error_string(context, 0, ENOMEM, "out of memory");
             return ENOMEM;
         }
-    }  
+    }
      (*keys)[i] = NULL;
      return 0;
  }
diff --git a/source4/heimdal/lib/hx509/ks_p11.c b/source4/heimdal/lib/hx509/ks_p11.c

index 30f5343b0e093f4ac1a47f80749948987774d5ca..120bf43ef4378c73b43695efd842cae9748e7f6b 100644 (file)
--- a/source4/heimdal/lib/hx509/ks_p11.c
+++ b/source4/heimdal/lib/hx509/ks_p11.c
@@ -152,7 +152,7 @@ p11_rsa_private_encrypt(int flen,
      }
  
      ret = P11FUNC(p11rsa->p, Sign,
-                 (session, (CK_BYTE *)from, flen, to, &ck_sigsize));
+                 (session, (CK_BYTE *)(intptr_t)from, flen, to, &ck_sigsize));
      p11_put_session(p11rsa->p, p11rsa->slot, session);
      if (ret != CKR_OK)
         return -1;
@@ -190,7 +190,7 @@ p11_rsa_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
      }
  
      ret = P11FUNC(p11rsa->p, Decrypt,
-                 (session, (CK_BYTE *)from, flen, to, &ck_sigsize));
+                 (session, (CK_BYTE *)(intptr_t)from, flen, to, &ck_sigsize));
      p11_put_session(p11rsa->p, p11rsa->slot, session);
      if (ret != CKR_OK)
         return -1;
@@ -427,7 +427,7 @@ p11_get_session(hx509_context context,
             prompt.type = HX509_PROMPT_TYPE_PASSWORD;
             prompt.reply.data = pin;
             prompt.reply.length = sizeof(pin);
-       
+
             ret = hx509_lock_prompt(lock, &prompt);
             if (ret) {
                 free(str);
@@ -513,7 +513,7 @@ iterate_entries(hx509_context context,
         }
         if (object_count == 0)
             break;
-       
+
         for (i = 0; i < num_query; i++)
             query[i].pValue = NULL;
  
@@ -535,7 +535,7 @@ iterate_entries(hx509_context context,
             ret = -1;
             goto out;
         }
-       
+
         ret = (*func)(context, p, slot, session, object, ptr, query, num_query);
         if (ret)
             goto out;
@@ -561,7 +561,7 @@ iterate_entries(hx509_context context,
  
      return ret;
  }
-               
+
  static BIGNUM *
  getattr_bn(struct p11_module *p,
            struct p11_slot *slot,
@@ -704,10 +704,10 @@ collect_cert(hx509_context context,
  
      {
         heim_octet_string data;
-       
+
         data.data = query[0].pValue;
         data.length = query[0].ulValueLen;
-       
+
         _hx509_set_cert_attribute(context,
                                   cert,
                                   &asn1_oid_id_pkcs_9_at_localKeyId,
@@ -878,7 +878,8 @@ p11_init(hx509_context context,
  
      {
         CK_SLOT_ID_PTR slot_ids;
-       int i, num_tokens = 0;
+       int num_tokens = 0;
+       size_t i;
  
         slot_ids = malloc(p->num_slots * sizeof(*slot_ids));
         if (slot_ids == NULL) {
@@ -905,7 +906,7 @@ p11_init(hx509_context context,
             ret = ENOMEM;
             goto out;
         }
-                       
+
         for (i = 0; i < p->num_slots; i++) {
             ret = p11_init_slot(context, p, lock, slot_ids[i], i, &p->slot[i]);
             if (ret)
@@ -933,7 +934,7 @@ p11_init(hx509_context context,
  static void
  p11_release_module(struct p11_module *p)
  {
-    int i;
+    size_t i;
  
      if (p->ref == 0)
         _hx509_abort("pkcs11 ref to low");
@@ -957,7 +958,7 @@ p11_release_module(struct p11_module *p)
             free(p->slot[i].mechs.list);
  
             if (p->slot[i].mechs.infos) {
-               int j;
+               size_t j;
  
                 for (j = 0 ; j < p->slot[i].mechs.num ; j++)
                     free(p->slot[i].mechs.infos[j]);
@@ -981,7 +982,7 @@ static int
  p11_free(hx509_certs certs, void *data)
  {
      struct p11_module *p = data;
-    int i;
+    size_t i;
  
      for (i = 0; i < p->num_slots; i++) {
         if (p->slot[i].certs)
@@ -1002,7 +1003,8 @@ p11_iter_start(hx509_context context,
  {
      struct p11_module *p = data;
      struct p11_cursor *c;
-    int ret, i;
+    int ret;
+    size_t i;
  
      c = malloc(sizeof(*c));
      if (c == NULL) {
@@ -1103,7 +1105,7 @@ p11_printinfo(hx509_context context,
               void *ctx)
  {
      struct p11_module *p = data;
-    int i, j;
+    size_t i, j;
  
      _hx509_pi_printf(func, ctx, "pkcs11 driver with %d slot%s",
                      p->num_slots, p->num_slots > 1 ? "s" : "");
diff --git a/source4/heimdal/lib/hx509/ks_p12.c b/source4/heimdal/lib/hx509/ks_p12.c

index 704cf071d7d04e9854013290477d1cc3a45505af..0ca13de1eb3480db4405e3c2560f653443eeee3a 100644 (file)
--- a/source4/heimdal/lib/hx509/ks_p12.c
+++ b/source4/heimdal/lib/hx509/ks_p12.c
@@ -56,7 +56,7 @@ parse_pkcs12_type(hx509_context, struct hx509_collector *, const heim_oid *,
  static const PKCS12_Attribute *
  find_attribute(const PKCS12_Attributes *attrs, const heim_oid *oid)
  {
-    int i;
+    size_t i;
      if (attrs == NULL)
         return NULL;
      for (i = 0; i < attrs->len; i++)
@@ -168,7 +168,7 @@ certBag_parser(hx509_context context,
         const heim_oid *oids[] = {
             &asn1_oid_id_pkcs_9_at_localKeyId, &asn1_oid_id_pkcs_9_at_friendlyName
         };
-       int i;
+       size_t i;
  
         for  (i = 0; i < sizeof(oids)/sizeof(oids[0]); i++) {
             const heim_oid *oid = oids[i];
@@ -176,7 +176,7 @@ certBag_parser(hx509_context context,
             if (attr)
                 _hx509_set_cert_attribute(context, cert, oid,
                                           &attr->attrValues);
-       }       
+       }
      }
  
      hx509_cert_free(cert);
@@ -190,7 +190,8 @@ parse_safe_content(hx509_context context,
                    const unsigned char *p, size_t len)
  {
      PKCS12_SafeContents sc;
-    int ret, i;
+    int ret;
+    size_t i;
  
      memset(&sc, 0, sizeof(sc));
  
@@ -236,7 +237,7 @@ encryptedData_parser(hx509_context context,
      heim_octet_string content;
      heim_oid contentType;
      int ret;
-               
+
      memset(&contentType, 0, sizeof(contentType));
  
      ret = hx509_cms_decrypt_encrypted(context,
@@ -265,7 +266,7 @@ envelopedData_parser(hx509_context context,
      heim_oid contentType;
      hx509_lock lock;
      int ret;
-               
+
      memset(&contentType, 0, sizeof(contentType));
  
      lock = _hx509_collector_get_lock(c);
@@ -310,7 +311,7 @@ parse_pkcs12_type(hx509_context context,
                   const void *data, size_t length,
                   const PKCS12_Attributes *attrs)
  {
-    int i;
+    size_t i;
  
      for (i = 0; i < sizeof(bagtypes)/sizeof(bagtypes[0]); i++)
         if (der_heim_oid_cmp(bagtypes[i].oid, oid) == 0)
@@ -327,7 +328,8 @@ p12_init(hx509_context context,
      void *buf;
      PKCS12_PFX pfx;
      PKCS12_AuthenticatedSafe as;
-    int ret, i;
+    int ret;
+    size_t i;
      struct hx509_collector *c;
  
      *data = NULL;
@@ -581,7 +583,7 @@ p12_store(hx509_context context,
      free_PKCS12_AuthenticatedSafe(&as);
      if (ret)
         return ret;
-               
+
      ret = der_parse_hex_heim_integer("03", &pfx.version);
      if (ret) {
         free(asdata.data);
diff --git a/source4/heimdal/lib/hx509/lock.c b/source4/heimdal/lib/hx509/lock.c

index 07e9d36125587f0e7501159563a9f05ddb8155f7..b72d45962b62c50702af65059a54d2892e949c24 100644 (file)
--- a/source4/heimdal/lib/hx509/lock.c
+++ b/source4/heimdal/lib/hx509/lock.c
@@ -121,7 +121,7 @@ _hx509_lock_unlock_certs(hx509_lock lock)
  void
  hx509_lock_reset_passwords(hx509_lock lock)
  {
-    int i;
+    size_t i;
      for (i = 0; i < lock->password.len; i++)
         free(lock->password.val[i]);
      free(lock->password.val);
diff --git a/source4/heimdal/lib/hx509/name.c b/source4/heimdal/lib/hx509/name.c

index 83b8f86d4120b7cf524ece62ea0b8238e08f917f..efd7b703422f517cfe0fbb9d4735cf29946f091a 100644 (file)
--- a/source4/heimdal/lib/hx509/name.c
+++ b/source4/heimdal/lib/hx509/name.c
@@ -66,17 +66,17 @@ static const struct {
      const heim_oid *o;
      wind_profile_flags flags;
  } no[] = {
-    { "C", &asn1_oid_id_at_countryName },
-    { "CN", &asn1_oid_id_at_commonName },
-    { "DC", &asn1_oid_id_domainComponent },
-    { "L", &asn1_oid_id_at_localityName },
-    { "O", &asn1_oid_id_at_organizationName },
-    { "OU", &asn1_oid_id_at_organizationalUnitName },
-    { "S", &asn1_oid_id_at_stateOrProvinceName },
-    { "STREET", &asn1_oid_id_at_streetAddress },
-    { "UID", &asn1_oid_id_Userid },
-    { "emailAddress", &asn1_oid_id_pkcs9_emailAddress },
-    { "serialNumber", &asn1_oid_id_at_serialNumber }
+    { "C", &asn1_oid_id_at_countryName, 0 },
+    { "CN", &asn1_oid_id_at_commonName, 0 },
+    { "DC", &asn1_oid_id_domainComponent, 0 },
+    { "L", &asn1_oid_id_at_localityName, 0 },
+    { "O", &asn1_oid_id_at_organizationName, 0 },
+    { "OU", &asn1_oid_id_at_organizationalUnitName, 0 },
+    { "S", &asn1_oid_id_at_stateOrProvinceName, 0 },
+    { "STREET", &asn1_oid_id_at_streetAddress, 0 },
+    { "UID", &asn1_oid_id_Userid, 0 },
+    { "emailAddress", &asn1_oid_id_pkcs9_emailAddress, 0 },
+    { "serialNumber", &asn1_oid_id_at_serialNumber, 0 }
  };
  
  static char *
@@ -159,7 +159,8 @@ oidtostring(const heim_oid *type)
  static int
  stringtooid(const char *name, size_t len, heim_oid *oid)
  {
-    int i, ret;
+    int ret;
+    size_t i;
      char *s;
  
      memset(oid, 0, sizeof(*oid));
@@ -200,20 +201,22 @@ int
  _hx509_Name_to_string(const Name *n, char **str)
  {
      size_t total_len = 0;
-    int i, j, ret;
+    size_t i, j, m;
+    int ret;
  
      *str = strdup("");
      if (*str == NULL)
         return ENOMEM;
  
-    for (i = n->u.rdnSequence.len - 1 ; i >= 0 ; i--) {
+    for (m = n->u.rdnSequence.len; m > 0; m--) {
         size_t len;
+       i = m - 1;
  
         for (j = 0; j < n->u.rdnSequence.val[i].len; j++) {
             DirectoryString *ds = &n->u.rdnSequence.val[i].val[j].value;
             char *oidname;
             char *ss;
-       
+
             oidname = oidtostring(&n->u.rdnSequence.val[i].val[j].type);
  
             switch(ds->element) {
@@ -237,7 +240,7 @@ _hx509_Name_to_string(const Name *n, char **str)
                 ret = wind_ucs2utf8_length(bmp, bmplen, &k);
                 if (ret)
                     return ret;
-               
+
                 ss = malloc(k + 1);
                 if (ss == NULL)
                     _hx509_abort("allocation failure"); /* XXX */
@@ -438,7 +441,8 @@ _hx509_name_ds_cmp(const DirectoryString *ds1,
  int
  _hx509_name_cmp(const Name *n1, const Name *n2, int *c)
  {
-    int ret, i, j;
+    int ret;
+    size_t i, j;
  
      *c = n1->u.rdnSequence.len - n2->u.rdnSequence.len;
      if (*c)
@@ -454,7 +458,7 @@ _hx509_name_cmp(const Name *n1, const Name *n2, int *c)
                                   &n1->u.rdnSequence.val[i].val[j].type);
             if (*c)
                 return 0;
-                       
+
             ret = _hx509_name_ds_cmp(&n1->u.rdnSequence.val[i].val[j].value,
                                      &n2->u.rdnSequence.val[i].val[j].value,
                                      c);
@@ -533,7 +537,7 @@ _hx509_name_modify(hx509_context context,
                 &name->u.rdnSequence.val[0],
                 name->u.rdnSequence.len *
                 sizeof(name->u.rdnSequence.val[0]));
-       
+
         rdn = &name->u.rdnSequence.val[0];
      }
      rdn->val = malloc(sizeof(rdn->val[0]));
@@ -609,8 +613,8 @@ hx509_parse_name(hx509_context context, const char *str, hx509_name *name)
                                    "missing name before = in %s", p);
             goto out;
         }
-       
-       if ((q - p) > len) {
+
+       if ((size_t)(q - p) > len) {
             ret = HX509_PARSING_NAME_FAILED;
             hx509_set_error_string(context, 0, ret, " = after , in %s", p);
             goto out;
@@ -623,12 +627,12 @@ hx509_parse_name(hx509_context context, const char *str, hx509_name *name)
                                    "unknown type: %.*s", (int)(q - p), p);
             goto out;
         }
-       
+
         {
             size_t pstr_len = len - (q - p) - 1;
             const char *pstr = p + (q - p) + 1;
             char *r;
-       
+
             r = malloc(pstr_len + 1);
             if (r == NULL) {
                 der_free_oid(&oid);
@@ -727,7 +731,7 @@ hx509_name_expand(hx509_context context,
                   hx509_env env)
  {
      Name *n = &name->der_name;
-    int i, j;
+    size_t i, j;
  
      if (env == NULL)
         return 0;
diff --git a/source4/heimdal/lib/hx509/print.c b/source4/heimdal/lib/hx509/print.c

index 56e4f72115e9c1209ab8d63662c6054e6c72a642..1e8bcabfa7e9985fcc93db3643ab011514e88fa7 100644 (file)
--- a/source4/heimdal/lib/hx509/print.c
+++ b/source4/heimdal/lib/hx509/print.c
@@ -163,7 +163,7 @@ void
  hx509_bitstring_print(const heim_bit_string *b,
                       hx509_vprint_func func, void *ctx)
  {
-    int i;
+    size_t i;
      print_func(func, ctx, "\tlength: %d\n\t", b->length);
      for (i = 0; i < (b->length + 7) / 8; i++)
         print_func(func, ctx, "%02x%s%s",
@@ -481,7 +481,8 @@ check_CRLDistributionPoints(hx509_validate_ctx ctx,
  {
      CRLDistributionPoints dp;
      size_t size;
-    int ret, i;
+    int ret;
+    size_t i;
  
      check_Null(ctx, status, cf, e);
  
@@ -499,8 +500,8 @@ check_CRLDistributionPoints(hx509_validate_ctx ctx,
         if (dp.val[i].distributionPoint) {
             DistributionPointName dpname;
             heim_any *data = dp.val[i].distributionPoint;
-           int j;
-       
+           size_t j;
+
             ret = decode_DistributionPointName(data->data, data->length,
                                                &dpname, NULL);
             if (ret) {
@@ -512,7 +513,7 @@ check_CRLDistributionPoints(hx509_validate_ctx ctx,
             switch (dpname.element) {
             case choice_DistributionPointName_fullName:
                 validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "Fullname:\n");
-               
+
                 for (j = 0 ; j < dpname.u.fullName.len; j++) {
                     char *s;
                     GeneralName *name = &dpname.u.fullName.val[j];
@@ -565,7 +566,8 @@ check_altName(hx509_validate_ctx ctx,
  {
      GeneralNames gn;
      size_t size;
-    int ret, i;
+    int ret;
+    size_t i;
  
      check_Null(ctx, status, cf, e);
  
@@ -600,7 +602,7 @@ check_altName(hx509_validate_ctx ctx,
                 if (der_heim_oid_cmp(altname_types[j].oid,
                                      &gn.val[i].u.otherName.type_id) != 0)
                     continue;
-               
+
                 validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "%s: ",
                                altname_types[j].name);
                 (*altname_types[j].func)(ctx, &gn.val[i].u.otherName.value);
@@ -717,7 +719,8 @@ check_authorityInfoAccess(hx509_validate_ctx ctx,
  {
      AuthorityInfoAccessSyntax aia;
      size_t size;
-    int ret, i;
+    int ret;
+    size_t i;
  
      check_Null(ctx, status, cf, e);
  
@@ -773,7 +776,7 @@ struct {
      { ext(certificateIssuer, Null), M_C },
      { ext(nameConstraints, Null), M_C },
      { ext(cRLDistributionPoints, CRLDistributionPoints), S_N_C },
-    { ext(certificatePolicies, Null) },
+    { ext(certificatePolicies, Null), 0 },
      { ext(policyMappings, Null), M_N_C },
      { ext(authorityKeyIdentifier, authorityKeyIdentifier), M_N_C },
      { ext(policyConstraints, Null), D_C },
@@ -789,7 +792,7 @@ struct {
        check_Null, D_C },
      { "Netscape cert comment", &asn1_oid_id_netscape_cert_comment,
        check_Null, D_C },
-    { NULL }
+    { NULL, NULL, NULL, 0 }
  };
  
  /**
@@ -900,7 +903,7 @@ hx509_validate_cert(hx509_context context,
      if ((t->version == NULL || *t->version < 2) && t->extensions)
         validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
                        "Not version 3 certificate with extensions\n");
-       
+
      if (_hx509_cert_get_version(c) >= 3 && t->extensions == NULL)
         validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
                        "Version 3 certificate without extensions\n");
@@ -936,7 +939,7 @@ hx509_validate_cert(hx509_context context,
      free(str);
  
      if (t->extensions) {
-       int i, j;
+       size_t i, j;
  
         if (t->extensions->len == 0) {
             validate_print(ctx,
@@ -975,7 +978,7 @@ hx509_validate_cert(hx509_context context,
         }
      } else
         validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "no extentions\n");
-       
+
      if (status.isca) {
         if (!status.haveSKI)
             validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
@@ -987,7 +990,7 @@ hx509_validate_cert(hx509_context context,
                            "Is not CA and doesn't have "
                            "AuthorityKeyIdentifier\n");
      }
-       
+
  
      if (!status.haveSKI)
         validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
diff --git a/source4/heimdal/lib/hx509/revoke.c b/source4/heimdal/lib/hx509/revoke.c

index 6d2cac4afbc6b44469f794b5178b40a92cd85d99..29322807487c309b0f77bc2fc2cdaec608ce51b3 100644 (file)
--- a/source4/heimdal/lib/hx509/revoke.c
+++ b/source4/heimdal/lib/hx509/revoke.c
@@ -176,9 +176,9 @@ verify_ocsp(hx509_context context,
      hx509_cert signer = NULL;
      hx509_query q;
      int ret;
-       
+
      _hx509_query_clear(&q);
-       
+
      /*
       * Need to match on issuer too in case there are two CA that have
       * issued the same name to a certificate. One example of this is
@@ -198,7 +198,7 @@ verify_ocsp(hx509_context context,
         q.keyhash_sha1 = &ocsp->ocsp.tbsResponseData.responderID.u.byKey;
         break;
      }
-       
+
      ret = hx509_certs_find(context, certs, &q, &signer);
      if (ret && ocsp->certs)
         ret = hx509_certs_find(context, ocsp->certs, &q, &signer);
@@ -349,7 +349,7 @@ load_ocsp(hx509_context context, struct revoke_ocsp *ocsp)
      }
  
      if (basic.certs) {
-       int i;
+       size_t i;
  
         ret = hx509_certs_init(context, "MEMORY:ocsp-certs", 0,
                                NULL, &certs);
@@ -360,11 +360,11 @@ load_ocsp(hx509_context context, struct revoke_ocsp *ocsp)
  
         for (i = 0; i < basic.certs->len; i++) {
             hx509_cert c;
-       
+
             ret = hx509_cert_init(context, &basic.certs->val[i], &c);
             if (ret)
                 continue;
-       
+
             ret = hx509_certs_add(context, certs, c);
             hx509_cert_free(c);
             if (ret)
@@ -463,7 +463,7 @@ verify_crl(hx509_context context,
      hx509_query q;
      time_t t;
      int ret;
-       
+
      t = _hx509_Time2time_t(&crl->tbsCertList.thisUpdate);
      if (t > time_now) {
         hx509_set_error_string(context, 0, HX509_CRL_USED_BEFORE_TIME,
@@ -485,7 +485,7 @@ verify_crl(hx509_context context,
      }
  
      _hx509_query_clear(&q);
-       
+
      /*
       * If it's the signer have CRLSIGN bit set, use that as the signer
       * cert for the certificate, otherwise, search for a certificate.
@@ -496,7 +496,7 @@ verify_crl(hx509_context context,
         q.match = HX509_QUERY_MATCH_SUBJECT_NAME;
         q.match |= HX509_QUERY_KU_CRLSIGN;
         q.subject_name = &crl->tbsCertList.issuer;
-       
+
         ret = hx509_certs_find(context, certs, &q, &signer);
         if (ret) {
             hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
@@ -526,11 +526,11 @@ verify_crl(hx509_context context,
         hx509_cert crl_parent;
  
         _hx509_query_clear(&q);
-       
+
         q.match = HX509_QUERY_MATCH_SUBJECT_NAME;
         q.match |= HX509_QUERY_KU_CRLSIGN;
         q.subject_name = &_hx509_get_cert(signer)->tbsCertificate.issuer;
-       
+
         ret = hx509_certs_find(context, certs, &q, &crl_parent);
         if (ret) {
             hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
@@ -718,7 +718,7 @@ hx509_revoke_verify(hx509_context context,
                                    &c->tbsCertificate.serialNumber);
             if (ret != 0)
                 continue;
-       
+
             /* verify issuer hashes hash */
             ret = _hx509_verify_signature(context,
                                           NULL,
@@ -760,8 +760,7 @@ hx509_revoke_verify(hx509_context context,
             if (ocsp->ocsp.tbsResponseData.responses.val[j].nextUpdate) {
                 if (*ocsp->ocsp.tbsResponseData.responses.val[j].nextUpdate < now)
                     continue;
-           } else
-               /* Should force a refetch, but can we ? */;
+           } /* else should force a refetch, but can we ? */
  
             return 0;
         }
@@ -829,12 +828,12 @@ hx509_revoke_verify(hx509_context context,
             t = _hx509_Time2time_t(&crl->crl.tbsCertList.revokedCertificates->val[j].revocationDate);
             if (t > now)
                 continue;
-       
+
             if (crl->crl.tbsCertList.revokedCertificates->val[j].crlEntryExtensions)
                 for (k = 0; k < crl->crl.tbsCertList.revokedCertificates->val[j].crlEntryExtensions->len; k++)
                     if (crl->crl.tbsCertList.revokedCertificates->val[j].crlEntryExtensions->val[k].critical)
                         return HX509_CRL_UNKNOWN_EXTENSION;
-       
+
             hx509_set_error_string(context, 0,
                                    HX509_CERT_REVOKED,
                                    "Certificate revoked by issuer in CRL");
@@ -1003,7 +1002,7 @@ hx509_ocsp_request(hx509_context context,
         }
  
         es = req.tbsRequest.requestExtensions;
-       
+
         es->val = calloc(es->len, sizeof(es->val[0]));
         if (es->val == NULL) {
             ret = ENOMEM;
@@ -1022,7 +1021,7 @@ hx509_ocsp_request(hx509_context context,
             goto out;
         }
         es->val[0].extnValue.length = 10;
-       
+
         ret = RAND_bytes(es->val[0].extnValue.data,
                          es->val[0].extnValue.length);
         if (ret != 1) {
@@ -1055,8 +1054,13 @@ static char *
  printable_time(time_t t)
  {
      static char s[128];
-    strlcpy(s, ctime(&t)+ 4, sizeof(s));
-    s[20] = 0;
+    char *p;
+    if ((p = ctime(&t)) == NULL)
+       strlcpy(s, "?", sizeof(s));
+    else {
+       strlcpy(s, p + 4, sizeof(s));
+       s[20] = 0;
+    }
      return s;
  }
  
@@ -1076,7 +1080,8 @@ int
  hx509_revoke_ocsp_print(hx509_context context, const char *path, FILE *out)
  {
      struct revoke_ocsp ocsp;
-    int ret, i;
+    int ret;
+    size_t i;
  
      if (out == NULL)
         out = stdout;
@@ -1141,7 +1146,7 @@ hx509_revoke_ocsp_print(hx509_context context, const char *path, FILE *out)
             status = "element unknown";
         }
  
-       fprintf(out, "\t%d. status: %s\n", i, status);
+       fprintf(out, "\t%zu. status: %s\n", i, status);
  
         fprintf(out, "\tthisUpdate: %s\n",
                 printable_time(ocsp.ocsp.tbsResponseData.responses.val[i].thisUpdate));
@@ -1188,7 +1193,8 @@ hx509_ocsp_verify(hx509_context context,
  {
      const Certificate *c = _hx509_get_cert(cert);
      OCSPBasicOCSPResponse basic;
-    int ret, i;
+    int ret;
+    size_t i;
  
      if (now == 0)
         now = time(NULL);
@@ -1208,7 +1214,7 @@ hx509_ocsp_verify(hx509_context context,
                                &c->tbsCertificate.serialNumber);
         if (ret != 0)
             continue;
-       
+
         /* verify issuer hashes hash */
         ret = _hx509_verify_signature(context,
                                       NULL,
@@ -1248,7 +1254,7 @@ hx509_ocsp_verify(hx509_context context,
      {
         hx509_name name;
         char *subject;
-       
+
         ret = hx509_cert_get_subject(cert, &name);
         if (ret) {
             hx509_clear_error_string(context);
diff --git a/source4/heimdal/lib/hx509/sel.c b/source4/heimdal/lib/hx509/sel.c

index 561818c9f1f963078e3085187946c121026b5c06..6930b50f7cda778fc8d6ef79170e033487303ad8 100644 (file)
--- a/source4/heimdal/lib/hx509/sel.c
+++ b/source4/heimdal/lib/hx509/sel.c
@@ -101,7 +101,7 @@ eval_comp(hx509_context context, hx509_env env, struct hx_expr *expr)
         if (expr->op == comp_TAILEQ) {
             size_t len1 = strlen(s1);
             size_t len2 = strlen(s2);
-       
+
             if (len1 < len2)
                 return 0;
             ret = strcmp(s1 + (len1 - len2), s2) == 0;
@@ -133,7 +133,7 @@ eval_comp(hx509_context context, hx509_env env, struct hx_expr *expr)
             subenv = find_variable(context, env, subexpr);
             if (subenv == NULL)
                 return FALSE;
-       
+
             while (subenv) {
                 if (subenv->type != env_string)
                     continue;
@@ -223,7 +223,7 @@ _hx509_expr_parse(const char *buf)
  }
  
  void
-_hx509_sel_yyerror (char *s)
+_hx509_sel_yyerror (const char *s)
  {
       if (_hx509_expr_input.error)
           free(_hx509_expr_input.error);
diff --git a/source4/heimdal/lib/hx509/sel.h b/source4/heimdal/lib/hx509/sel.h

index 1dfc41818cb7e7fec64348dba7842c1b9c4220be..177ec0a65b276d329a9fcf2307e8446d93a1c25e 100644 (file)
--- a/source4/heimdal/lib/hx509/sel.h
+++ b/source4/heimdal/lib/hx509/sel.h
@@ -78,5 +78,5 @@ extern struct hx_expr_input _hx509_expr_input;
  
  int  _hx509_sel_yyparse(void);
  int  _hx509_sel_yylex(void);
-void _hx509_sel_yyerror(char *);
+void _hx509_sel_yyerror(const char *);
  
diff --git a/source4/heimdal/lib/hx509/test_name.c b/source4/heimdal/lib/hx509/test_name.c

index 2cdcdf85f63f3d761a390f913a41b602d6d12568..d932221ddf0491084b80fb933fb9cca4a82e7eb1 100644 (file)
--- a/source4/heimdal/lib/hx509/test_name.c
+++ b/source4/heimdal/lib/hx509/test_name.c
@@ -336,7 +336,7 @@ test_compare(hx509_context context)
      if (ret) return 1;
      ret = compare_subject(c2, c3, &l3);
      if (ret) return 1;
-    
+
      if (l0 != 0) return 1;
      if (l2 < l1) return 1;
      if (l3 < l2) return 1;
diff --git a/source4/heimdal/lib/krb5/acache.c b/source4/heimdal/lib/krb5/acache.c

index 6f20cdcf6ca42c6f0a94241fbb24c283e4d43d63..19eeecda429bb0b74320b854a83466d9d3a3c3e0 100644 (file)
--- a/source4/heimdal/lib/krb5/acache.c
+++ b/source4/heimdal/lib/krb5/acache.c
@@ -78,7 +78,7 @@ static const struct {
  static krb5_error_code
  translate_cc_error(krb5_context context, cc_int32 error)
  {
-    int i;
+    size_t i;
      krb5_clear_error_message(context);
      for(i = 0; i < sizeof(cc_errors)/sizeof(cc_errors[0]); i++)
         if (cc_errors[i].error == error)
@@ -259,7 +259,7 @@ make_cred_from_ccred(krb5_context context,
         if (cred->addresses.val == NULL)
             goto nomem;
         cred->addresses.len = i;
-       
+
         for (i = 0; i < cred->addresses.len; i++) {
             cred->addresses.val[i].addr_type = incred->addresses[i]->type;
             ret = krb5_data_copy(&cred->addresses.val[i].address,
@@ -337,7 +337,7 @@ make_ccred_from_cred(krb5_context context,
                      cc_credentials_v5_t *cred)
  {
      krb5_error_code ret;
-    int i;
+    size_t i;
  
      memset(cred, 0, sizeof(*cred));
  
@@ -546,7 +546,7 @@ acc_resolve(krb5_context context, krb5_ccache *id, const char *res)
         error = (*a->ccache->func->get_kdc_time_offset)(a->ccache,
                                                         cc_credentials_v5,
                                                         &offset);
-       if (error == 0) 
+       if (error == 0)
             context->kdc_sec_offset = offset;
  
      } else if (error == ccErrCCacheNotFound) {
@@ -887,7 +887,7 @@ acc_get_version(krb5_context context,
  {
      return 0;
  }
-               
+
  struct cache_iter {
      cc_context_t context;
      cc_ccache_iterator_t iter;
@@ -961,7 +961,7 @@ acc_get_cache_next(krb5_context context, krb5_cc_cursor cursor, krb5_ccache *id)
         acc_close(context, *id);
         *id = NULL;
         return translate_cc_error(context, error);
-    }  
+    }
      return 0;
  }
  
@@ -1031,7 +1031,7 @@ acc_get_default_name(krb5_context context, char **str)
         (*cc->func->release)(cc);
         return translate_cc_error(context, error);
      }
-       
+
      error = asprintf(str, "API:%s", name->data);
      (*name->func->release)(name);
      (*cc->func->release)(cc);
@@ -1114,7 +1114,9 @@ KRB5_LIB_VARIABLE const krb5_cc_ops krb5_acc_ops = {
      acc_move,
      acc_get_default_name,
      acc_set_default,
-    acc_lastchange
+    acc_lastchange,
+    NULL,
+    NULL,
  };
  
  #endif
diff --git a/source4/heimdal/lib/krb5/addr_families.c b/source4/heimdal/lib/krb5/addr_families.c

index cccf1cbc9acaf8c9482a30368f593ebbb7775946..5d321a7e917d2975f32a968296e05637a67b7c88 100644 (file)
--- a/source4/heimdal/lib/krb5/addr_families.c
+++ b/source4/heimdal/lib/krb5/addr_families.c
@@ -44,6 +44,7 @@ struct addr_operations {
      void (*h_addr2sockaddr)(const char *, struct sockaddr *, krb5_socklen_t *, int);
      krb5_error_code (*h_addr2addr)(const char *, krb5_address *);
      krb5_boolean (*uninteresting)(const struct sockaddr *);
+    krb5_boolean (*is_loopback)(const struct sockaddr *);
      void (*anyaddr)(struct sockaddr *, krb5_socklen_t *, int);
      int (*print_addr)(const krb5_address *, char *, size_t);
      int (*parse_addr)(krb5_context, const char*, krb5_address *);
@@ -136,6 +137,17 @@ ipv4_uninteresting (const struct sockaddr *sa)
      return FALSE;
  }
  
+static krb5_boolean
+ipv4_is_loopback (const struct sockaddr *sa)
+{
+    const struct sockaddr_in *sin4 = (const struct sockaddr_in *)sa;
+
+    if ((ntohl(sin4->sin_addr.s_addr) >> 24) == IN_LOOPBACKNET)
+       return TRUE;
+
+    return FALSE;
+}
+
  static void
  ipv4_anyaddr (struct sockaddr *sa, krb5_socklen_t *sa_size, int port)
  {
@@ -310,11 +322,19 @@ ipv6_uninteresting (const struct sockaddr *sa)
      const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *)sa;
      const struct in6_addr *in6 = (const struct in6_addr *)&sin6->sin6_addr;
  
-    return
-       IN6_IS_ADDR_LINKLOCAL(in6)
+    return IN6_IS_ADDR_LINKLOCAL(in6)
         || IN6_IS_ADDR_V4COMPAT(in6);
  }
  
+static krb5_boolean
+ipv6_is_loopback (const struct sockaddr *sa)
+{
+    const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *)sa;
+    const struct in6_addr *in6 = (const struct in6_addr *)&sin6->sin6_addr;
+
+    return (IN6_IS_ADDR_LOOPBACK(in6));
+}
+
  static void
  ipv6_anyaddr (struct sockaddr *sa, krb5_socklen_t *sa_size, int port)
  {
@@ -334,7 +354,7 @@ ipv6_print_addr (const krb5_address *addr, char *str, size_t len)
      if(inet_ntop(AF_INET6, addr->address.data, buf, sizeof(buf)) == NULL)
         {
             /* XXX this is pretty ugly, but better than abort() */
-           int i;
+           size_t i;
             unsigned char *p = addr->address.data;
             buf[0] = '\0';
             for(i = 0; i < addr->address.length; i++) {
@@ -401,7 +421,7 @@ ipv6_mask_boundary(krb5_context context, const krb5_address *inaddr,
         sub_len = min(8, len);
  
         m = 0xff << (8 - sub_len);
-       
+
         laddr.s6_addr[i] = addr.s6_addr[i] & m;
         haddr.s6_addr[i] = (addr.s6_addr[i] & m) | ~m;
  
@@ -471,7 +491,7 @@ arange_parse_addr (krb5_context context,
             krb5_free_addresses(context, &addrmask);
             return -1;
         }
-       
+
         address += p - address + 1;
  
         num = strtol(address, &q, 10);
@@ -488,7 +508,7 @@ arange_parse_addr (krb5_context context,
  
      } else {
         krb5_addresses low, high;
-       
+
         strsep_copy(&address, "-", buf, sizeof(buf));
         ret = krb5_parse_address(context, buf, &low);
         if(ret)
@@ -497,14 +517,14 @@ arange_parse_addr (krb5_context context,
             krb5_free_addresses(context, &low);
             return -1;
         }
-       
+
         strsep_copy(&address, "-", buf, sizeof(buf));
         ret = krb5_parse_address(context, buf, &high);
         if(ret) {
             krb5_free_addresses(context, &low);
             return ret;
         }
-       
+
         if(high.len != 1 && high.val[0].addr_type != low.val[0].addr_type) {
             krb5_free_addresses(context, &low);
             krb5_free_addresses(context, &high);
@@ -590,7 +610,7 @@ arange_print_addr (const krb5_address *addr, char *str, size_t len)
      if (l > len)
         l = len;
      size = l;
-       
+
      ret = krb5_print_address (&a->low, str + size, len - size, &l);
      if (ret)
         return ret;
@@ -632,9 +652,11 @@ arange_order_addr(krb5_context context,
         a = addr2->address.data;
         a2 = addr1;
         sign = -1;
-    } else
+    } else {
         abort();
-       
+        UNREACHABLE(return 0);
+    }
+
      if(a2->addr_type == KRB5_ADDRESS_ARANGE) {
         struct arange *b = a2->address.data;
         tmp1 = krb5_address_order(context, &a->low, &b->low);
@@ -707,34 +729,78 @@ addrport_print_addr (const krb5_address *addr, char *str, size_t len)
  }
  
  static struct addr_operations at[] = {
-    {AF_INET,  KRB5_ADDRESS_INET, sizeof(struct sockaddr_in),
-     ipv4_sockaddr2addr,
-     ipv4_sockaddr2port,
-     ipv4_addr2sockaddr,
-     ipv4_h_addr2sockaddr,
-     ipv4_h_addr2addr,
-     ipv4_uninteresting, ipv4_anyaddr, ipv4_print_addr, ipv4_parse_addr,
-     NULL, NULL, NULL, ipv4_mask_boundary },
+    {
+       AF_INET,        KRB5_ADDRESS_INET, sizeof(struct sockaddr_in),
+       ipv4_sockaddr2addr,
+       ipv4_sockaddr2port,
+       ipv4_addr2sockaddr,
+       ipv4_h_addr2sockaddr,
+       ipv4_h_addr2addr,
+       ipv4_uninteresting,
+       ipv4_is_loopback,
+       ipv4_anyaddr,
+       ipv4_print_addr,
+       ipv4_parse_addr,
+       NULL,
+       NULL,
+       NULL,
+     ipv4_mask_boundary
+    },
  #ifdef HAVE_IPV6
-    {AF_INET6, KRB5_ADDRESS_INET6, sizeof(struct sockaddr_in6),
-     ipv6_sockaddr2addr,
-     ipv6_sockaddr2port,
-     ipv6_addr2sockaddr,
-     ipv6_h_addr2sockaddr,
-     ipv6_h_addr2addr,
-     ipv6_uninteresting, ipv6_anyaddr, ipv6_print_addr, ipv6_parse_addr,
-     NULL, NULL, NULL, ipv6_mask_boundary } ,
+    {
+       AF_INET6,       KRB5_ADDRESS_INET6, sizeof(struct sockaddr_in6),
+       ipv6_sockaddr2addr,
+       ipv6_sockaddr2port,
+       ipv6_addr2sockaddr,
+       ipv6_h_addr2sockaddr,
+       ipv6_h_addr2addr,
+       ipv6_uninteresting,
+       ipv6_is_loopback,
+       ipv6_anyaddr,
+       ipv6_print_addr,
+       ipv6_parse_addr,
+       NULL,
+       NULL,
+       NULL,
+       ipv6_mask_boundary
+    } ,
  #endif
  #ifndef HEIMDAL_SMALLER
      /* fake address type */
-    {KRB5_ADDRESS_ARANGE, KRB5_ADDRESS_ARANGE, sizeof(struct arange),
-     NULL, NULL, NULL, NULL, NULL, NULL, NULL,
-     arange_print_addr, arange_parse_addr,
-     arange_order_addr, arange_free, arange_copy },
+    {
+       KRB5_ADDRESS_ARANGE, KRB5_ADDRESS_ARANGE, sizeof(struct arange),
+       NULL,
+       NULL,
+       NULL,
+       NULL,
+       NULL,
+       NULL,
+       NULL,
+       NULL,
+       arange_print_addr,
+       arange_parse_addr,
+       arange_order_addr,
+       arange_free,
+       arange_copy,
+       NULL
+    },
  #endif
-    {KRB5_ADDRESS_ADDRPORT, KRB5_ADDRESS_ADDRPORT, 0,
-     NULL, NULL, NULL, NULL, NULL,
-     NULL, NULL, addrport_print_addr, NULL, NULL, NULL, NULL }
+    {
+       KRB5_ADDRESS_ADDRPORT, KRB5_ADDRESS_ADDRPORT, 0,
+       NULL,
+       NULL,
+       NULL,
+       NULL,
+       NULL,
+       NULL,
+       NULL,
+       NULL,
+       addrport_print_addr,
+       NULL,
+       NULL,
+       NULL,
+       NULL
+    }
  };
  
  static int num_addrs = sizeof(at) / sizeof(at[0]);
@@ -757,7 +823,7 @@ find_af(int af)
  }
  
  static struct addr_operations *
-find_atype(int atype)
+find_atype(krb5_address_type atype)
  {
      struct addr_operations *a;
  
@@ -912,6 +978,15 @@ krb5_sockaddr_uninteresting(const struct sockaddr *sa)
      return (*a->uninteresting)(sa);
  }
  
+KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
+krb5_sockaddr_is_loopback(const struct sockaddr *sa)
+{
+    struct addr_operations *a = find_af(sa->sa_family);
+    if (a == NULL || a->is_loopback == NULL)
+       return TRUE;
+    return (*a->is_loopback)(sa);
+}
+
  /**
   * krb5_h_addr2sockaddr initializes a "struct sockaddr sa" from af and
   * the "struct hostent" (see gethostbyname(3) ) h_addr_list
@@ -1038,17 +1113,17 @@ krb5_print_address (const krb5_address *addr,
      if (a == NULL || a->print_addr == NULL) {
         char *s;
         int l;
-       int i;
+       size_t i;
  
         s = str;
         l = snprintf(s, len, "TYPE_%d:", addr->addr_type);
-       if (l < 0 || l >= len)
+       if (l < 0 || (size_t)l >= len)
             return EINVAL;
         s += l;
         len -= l;
         for(i = 0; i < addr->address.length; i++) {
             l = snprintf(s, len, "%02x", ((char*)addr->address.data)[i]);
-           if (l < 0 || l >= len)
+           if (l < 0 || (size_t)l >= len)
                 return EINVAL;
             len -= l;
             s += l;
@@ -1234,7 +1309,7 @@ krb5_address_search(krb5_context context,
                     const krb5_address *addr,
                     const krb5_addresses *addrlist)
  {
-    int i;
+    size_t i;
  
      for (i = 0; i < addrlist->len; ++i)
         if (krb5_address_compare (context, addr, &addrlist->val[i]))
@@ -1282,7 +1357,7 @@ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
  krb5_free_addresses(krb5_context context,
                     krb5_addresses *addresses)
  {
-    int i;
+    size_t i;
      for(i = 0; i < addresses->len; i++)
         krb5_free_address(context, &addresses->val[i]);
      free(addresses->val);
@@ -1333,7 +1408,7 @@ krb5_copy_addresses(krb5_context context,
                     const krb5_addresses *inaddr,
                     krb5_addresses *outaddr)
  {
-    int i;
+    size_t i;
      ALLOC_SEQ(outaddr, inaddr->len);
      if(inaddr->len > 0 && outaddr->val == NULL)
         return ENOMEM;
@@ -1362,7 +1437,7 @@ krb5_append_addresses(krb5_context context,
  {
      krb5_address *tmp;
      krb5_error_code ret;
-    int i;
+    size_t i;
      if(source->len > 0) {
         tmp = realloc(dest->val, (dest->len + source->len) * sizeof(*tmp));
         if(tmp == NULL) {
diff --git a/source4/heimdal/lib/krb5/appdefault.c b/source4/heimdal/lib/krb5/appdefault.c

index d4dc758faa776fe2ab6df5d89cb69f7dbad74027..d4e963d74ab177ea540e7100d198c548947cf444 100644 (file)
--- a/source4/heimdal/lib/krb5/appdefault.c
+++ b/source4/heimdal/lib/krb5/appdefault.c
@@ -47,7 +47,7 @@ krb5_appdefault_boolean(krb5_context context, const char *appname,
      if(realm != NULL)
         def_val = krb5_config_get_bool_default(context, NULL, def_val,
                                                "realms", realm, option, NULL);
-       
+
      def_val = krb5_config_get_bool_default(context, NULL, def_val,
                                            "appdefaults",
                                            option,
diff --git a/source4/heimdal/lib/krb5/auth_context.c b/source4/heimdal/lib/krb5/auth_context.c

index ea59c73931a50e0f4e2e5f8aefdb1b2d2f3522a0..518e19359c1577537e94c5a8df022fb824dd3b2c 100644 (file)
--- a/source4/heimdal/lib/krb5/auth_context.c
+++ b/source4/heimdal/lib/krb5/auth_context.c
@@ -262,6 +262,7 @@ krb5_auth_con_getaddrs(krb5_context context,
      return 0;
  }
  
+/* coverity[+alloc : arg-*2] */
  static krb5_error_code
  copy_key(krb5_context context,
          krb5_keyblock *in,
@@ -289,6 +290,7 @@ krb5_auth_con_getlocalsubkey(krb5_context context,
      return copy_key(context, auth_context->local_subkey, keyblock);
  }
  
+/* coverity[+alloc : arg-*2] */
  KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
  krb5_auth_con_getremotesubkey(krb5_context context,
                               krb5_auth_context auth_context,
diff --git a/source4/heimdal/lib/krb5/build_auth.c b/source4/heimdal/lib/krb5/build_auth.c

index 85d64525de8c4dc0abb1cd672eee64657d442059..01145a28c604920de7ddc07483a669b9b061b6c2 100644 (file)
--- a/source4/heimdal/lib/krb5/build_auth.c
+++ b/source4/heimdal/lib/krb5/build_auth.c
@@ -41,10 +41,12 @@ make_etypelist(krb5_context context,
      krb5_error_code ret;
      krb5_authdata ad;
      u_char *buf;
-    size_t len;
+    size_t len = 0;
      size_t buf_size;
  
-    ret = krb5_init_etype(context, &etypes.len, &etypes.val, NULL);
+    ret = _krb5_init_etype(context, KRB5_PDU_NONE,
+                          &etypes.len, &etypes.val,
+                          NULL);
      if (ret)
         return ret;
  
@@ -111,7 +113,7 @@ _krb5_build_authenticator (krb5_context context,
      Authenticator auth;
      u_char *buf = NULL;
      size_t buf_size;
-    size_t len;
+    size_t len = 0;
      krb5_error_code ret;
      krb5_crypto crypto;
  
diff --git a/source4/heimdal/lib/krb5/cache.c b/source4/heimdal/lib/krb5/cache.c

index 211642e5682c4302b655d68d9c631c84066519cc..616044e67baad8f0af23a40c2aa1c733520ccefa 100644 (file)
--- a/source4/heimdal/lib/krb5/cache.c
+++ b/source4/heimdal/lib/krb5/cache.c
@@ -38,7 +38,7 @@
  /**
   * @page krb5_ccache_intro The credential cache functions
   * @section section_krb5_ccache Kerberos credential caches
- * 
+ *
   * krb5_ccache structure holds a Kerberos credential cache.
   *
   * Heimdal support the follow types of credential caches:
@@ -837,7 +837,7 @@ krb5_cc_set_flags(krb5_context context,
  {
      return (*id->ops->set_flags)(context, id, flags);
  }
-               
+
  /**
   * Get the flags of `id', store them in `flags'.
   *
@@ -1144,7 +1144,7 @@ krb5_cc_cache_match (krb5_context context,
         ret = krb5_cc_get_principal(context, cache, &principal);
         if (ret == 0) {
             krb5_boolean match;
-       
+
             match = krb5_principal_compare(context, principal, client);
             krb5_free_principal(context, principal);
             if (match)
@@ -1245,7 +1245,7 @@ build_conf_principals(krb5_context context, krb5_ccache id,
      krb5_free_principal(context, client);
      return ret;
  }
-               
+
  /**
   * Return TRUE (non zero) if the principal is a configuration
   * principal (generated part of krb5_cc_set_config()). Returns FALSE
@@ -1267,7 +1267,7 @@ krb5_is_config_principal(krb5_context context,
      if (principal->name.name_string.len == 0 ||
         strcmp(principal->name.name_string.val[0], KRB5_CONF_NAME) != 0)
         return FALSE;
-       
+
      return TRUE;
  }
  
@@ -1306,11 +1306,11 @@ krb5_cc_set_config(krb5_context context, krb5_ccache id,
         /* not that anyone care when this expire */
         cred.times.authtime = time(NULL);
         cred.times.endtime = cred.times.authtime + 3600 * 24 * 30;
-       
+
         ret = krb5_data_copy(&cred.ticket, data->data, data->length);
         if (ret)
             goto out;
-       
+
         ret = krb5_cc_store_cred(context, id, &cred);
      }
  
@@ -1396,7 +1396,7 @@ krb5_cccol_cursor_new(krb5_context context, krb5_cccol_cursor *cursor)
  }
  
  /**
- * Get next credential cache from the iteration. 
+ * Get next credential cache from the iteration.
   *
   * @param context A Kerberos 5 context
   * @param cursor the iteration cursor
@@ -1418,13 +1418,13 @@ krb5_cccol_cursor_next(krb5_context context, krb5_cccol_cursor cursor,
                        krb5_ccache *cache)
  {
      krb5_error_code ret;
-    
+
      *cache = NULL;
  
      while (cursor->idx < context->num_cc_ops) {
  
         if (cursor->cursor == NULL) {
-           ret = krb5_cc_cache_get_first (context, 
+           ret = krb5_cc_cache_get_first (context,
                                            context->cc_ops[cursor->idx]->prefix,
                                            &cursor->cursor);
             if (ret) {
@@ -1493,7 +1493,7 @@ krb5_cccol_cursor_free(krb5_context context, krb5_cccol_cursor *cursor)
  
  KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
  krb5_cc_last_change_time(krb5_context context,
-                        krb5_ccache id, 
+                        krb5_ccache id,
                          krb5_timestamp *mtime)
  {
      *mtime = 0;
@@ -1630,7 +1630,7 @@ krb5_cc_get_lifetime(krb5_context context, krb5_ccache id, time_t *t)
  
      *t = 0;
      now = time(NULL);
-    
+
      ret = krb5_cc_start_seq_get(context, id, &cursor);
      if (ret)
         return ret;
@@ -1644,7 +1644,7 @@ krb5_cc_get_lifetime(krb5_context context, krb5_ccache id, time_t *t)
         }
         krb5_free_cred_contents(context, &cred);
      }
-    
+
      krb5_cc_end_seq_get(context, id, &cursor);
  
      return ret;
diff --git a/source4/heimdal/lib/krb5/changepw.c b/source4/heimdal/lib/krb5/changepw.c

index 22a7c87ef3e78f2390904afdf085de3db09c720d..1e7cd0d464f0891fdbd96dc0f98ccb16da2a8f7a 100644 (file)
--- a/source4/heimdal/lib/krb5/changepw.c
+++ b/source4/heimdal/lib/krb5/changepw.c
@@ -31,8 +31,6 @@
   * SUCH DAMAGE.
   */
  
-#define KRB5_DEPRECATED
-
  #include "krb5_locl.h"
  
  #undef __attribute__
@@ -173,7 +171,7 @@ setpw_send_request (krb5_context context,
      krb5_data krb_priv_data;
      krb5_data pwd_data;
      ChangePasswdDataMS chpw;
-    size_t len;
+    size_t len = 0;
      u_char header[4 + 6];
      u_char *p;
      struct iovec iov[3];
@@ -199,7 +197,7 @@ setpw_send_request (krb5_context context,
         chpw.targname = NULL;
         chpw.targrealm = NULL;
      }
-       
+
      ASN1_MALLOC_ENCODE(ChangePasswdDataMS, pwd_data.data, pwd_data.length,
                        &chpw, &len, ret);
      if (ret) {
@@ -276,7 +274,7 @@ process_reply (krb5_context context,
  {
      krb5_error_code ret;
      u_char reply[1024 * 3];
-    ssize_t len;
+    size_t len;
      uint16_t pkt_len, pkt_ver;
      krb5_data ap_rep_data;
      int save_errno;
@@ -304,7 +302,7 @@ process_reply (krb5_context context,
             _krb5_get_int(reply, &size, 4);
             if (size + 4 < len)
                 continue;
-           memmove(reply, reply + 4, size);            
+           memmove(reply, reply + 4, size);
             len = size;
             break;
         }
@@ -328,7 +326,7 @@ process_reply (krb5_context context,
  
      if (len < 6) {
         str2data (result_string, "server %s sent to too short message "
-                 "(%ld bytes)", host, (long)len);
+                 "(%zu bytes)", host, len);
         *result_code = KRB5_KPASSWD_MALFORMED;
         return 0;
      }
@@ -496,7 +494,7 @@ static struct kpwd_proc {
         chgpw_send_request,
         process_reply
      },
-    { NULL }
+    { NULL, 0, NULL, NULL }
  };
  
  /*
@@ -588,7 +586,7 @@ change_password_loop (krb5_context  context,
  
                 if (!replied) {
                     replied = 0;
-               
+
                     ret = (*proc->send_req) (context,
                                              &auth_context,
                                              creds,
@@ -686,7 +684,6 @@ find_chpw_proto(const char *name)
   * @ingroup @krb5_deprecated
   */
  
-KRB5_DEPRECATED
  KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
  krb5_change_password (krb5_context     context,
                       krb5_creds        *creds,
@@ -694,6 +691,7 @@ krb5_change_password (krb5_context  context,
                       int               *result_code,
                       krb5_data         *result_code_string,
                       krb5_data         *result_string)
+    KRB5_DEPRECATED_FUNCTION("Use X instead")
  {
      struct kpwd_proc *p = find_chpw_proto("change password");
  
diff --git a/source4/heimdal/lib/krb5/codec.c b/source4/heimdal/lib/krb5/codec.c

index d73a71910049f2babdd2a80193eb9a4aaefe0658..5e754c60cba7d002d75bb04f10e804c984d432be 100644 (file)
--- a/source4/heimdal/lib/krb5/codec.c
+++ b/source4/heimdal/lib/krb5/codec.c
@@ -31,184 +31,182 @@
   * SUCH DAMAGE.
   */
  
-#define KRB5_DEPRECATED
-
  #include "krb5_locl.h"
  
  #ifndef HEIMDAL_SMALLER
  
-KRB5_DEPRECATED
  KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
  krb5_decode_EncTicketPart (krb5_context context,
                            const void *data,
                            size_t length,
                            EncTicketPart *t,
                            size_t *len)
+    KRB5_DEPRECATED_FUNCTION("Use X instead")
  {
      return decode_EncTicketPart(data, length, t, len);
  }
  
-KRB5_DEPRECATED
  KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
  krb5_encode_EncTicketPart (krb5_context context,
                            void *data,
                            size_t length,
                            EncTicketPart *t,
                            size_t *len)
+    KRB5_DEPRECATED_FUNCTION("Use X instead")
  {
      return encode_EncTicketPart(data, length, t, len);
  }
  
-KRB5_DEPRECATED
  KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
  krb5_decode_EncASRepPart (krb5_context context,
                           const void *data,
                           size_t length,
                           EncASRepPart *t,
                           size_t *len)
+    KRB5_DEPRECATED_FUNCTION("Use X instead")
  {
      return decode_EncASRepPart(data, length, t, len);
  }
  
-KRB5_DEPRECATED
  KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
  krb5_encode_EncASRepPart (krb5_context context,
                           void *data,
                           size_t length,
                           EncASRepPart *t,
                           size_t *len)
+    KRB5_DEPRECATED_FUNCTION("Use X instead")
  {
      return encode_EncASRepPart(data, length, t, len);
  }
  
-KRB5_DEPRECATED
  KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
  krb5_decode_EncTGSRepPart (krb5_context context,
                            const void *data,
                            size_t length,
                            EncTGSRepPart *t,
                            size_t *len)
+    KRB5_DEPRECATED_FUNCTION("Use X instead")
  {
      return decode_EncTGSRepPart(data, length, t, len);
  }
  
-KRB5_DEPRECATED
  KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
  krb5_encode_EncTGSRepPart (krb5_context context,
                            void *data,
                            size_t length,
                            EncTGSRepPart *t,
                            size_t *len)
+    KRB5_DEPRECATED_FUNCTION("Use X instead")
  {
      return encode_EncTGSRepPart(data, length, t, len);
  }
  
-KRB5_DEPRECATED
  KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
  krb5_decode_EncAPRepPart (krb5_context context,
                           const void *data,
                           size_t length,
                           EncAPRepPart *t,
                           size_t *len)
+    KRB5_DEPRECATED_FUNCTION("Use X instead")
  {
      return decode_EncAPRepPart(data, length, t, len);
  }
  
-KRB5_DEPRECATED
  KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
  krb5_encode_EncAPRepPart (krb5_context context,
                           void *data,
                           size_t length,
                           EncAPRepPart *t,
                           size_t *len)
+    KRB5_DEPRECATED_FUNCTION("Use X instead")
  {
      return encode_EncAPRepPart(data, length, t, len);
  }
  
-KRB5_DEPRECATED
  KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
  krb5_decode_Authenticator (krb5_context context,
                            const void *data,
                            size_t length,
                            Authenticator *t,
                            size_t *len)
+    KRB5_DEPRECATED_FUNCTION("Use X instead")
  {
      return decode_Authenticator(data, length, t, len);
  }
  
-KRB5_DEPRECATED
  KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
  krb5_encode_Authenticator (krb5_context context,
                            void *data,
                            size_t length,
                            Authenticator *t,
                            size_t *len)
+    KRB5_DEPRECATED_FUNCTION("Use X instead")
  {
      return encode_Authenticator(data, length, t, len);
  }
  
-KRB5_DEPRECATED
  KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
  krb5_decode_EncKrbCredPart (krb5_context context,
                             const void *data,
                             size_t length,
                             EncKrbCredPart *t,
                             size_t *len)
+    KRB5_DEPRECATED_FUNCTION("Use X instead")
  {
      return decode_EncKrbCredPart(data, length, t, len);
  }
  
-KRB5_DEPRECATED
  KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
  krb5_encode_EncKrbCredPart (krb5_context context,
                             void *data,
                             size_t length,
                             EncKrbCredPart *t,
                             size_t *len)
+    KRB5_DEPRECATED_FUNCTION("Use X instead")
  {
      return encode_EncKrbCredPart (data, length, t, len);
  }
  
-KRB5_DEPRECATED
  KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
  krb5_decode_ETYPE_INFO (krb5_context context,
                         const void *data,
                         size_t length,
                         ETYPE_INFO *t,
                         size_t *len)
+    KRB5_DEPRECATED_FUNCTION("Use X instead")
  {
      return decode_ETYPE_INFO(data, length, t, len);
  }
  
-KRB5_DEPRECATED
  KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
  krb5_encode_ETYPE_INFO (krb5_context context,
                         void *data,
                         size_t length,
                         ETYPE_INFO *t,
                         size_t *len)
+    KRB5_DEPRECATED_FUNCTION("Use X instead")
  {
      return encode_ETYPE_INFO (data, length, t, len);
  }
  
-KRB5_DEPRECATED
  KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
  krb5_decode_ETYPE_INFO2 (krb5_context context,
                         const void *data,
                         size_t length,
                         ETYPE_INFO2 *t,
                         size_t *len)
+    KRB5_DEPRECATED_FUNCTION("Use X instead")
  {
      return decode_ETYPE_INFO2(data, length, t, len);
  }
  
-KRB5_DEPRECATED
  KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
  krb5_encode_ETYPE_INFO2 (krb5_context context,
                          void *data,
                          size_t length,
                          ETYPE_INFO2 *t,
                          size_t *len)
+    KRB5_DEPRECATED_FUNCTION("Use X instead")
  {
      return encode_ETYPE_INFO2 (data, length, t, len);
  }
diff --git a/source4/heimdal/lib/krb5/config_file.c b/source4/heimdal/lib/krb5/config_file.c

index 89f778823d3c00ba45bc73f6f3c5ca01a238e0ee..4ac25ae28703bb47696fd26f473ffd96550ca64c 100644 (file)
--- a/source4/heimdal/lib/krb5/config_file.c
+++ b/source4/heimdal/lib/krb5/config_file.c
@@ -33,8 +33,6 @@
   * SUCH DAMAGE.
   */
  
-#define KRB5_DEPRECATED
-
  #include "krb5_locl.h"
  
  #ifdef __APPLE__
@@ -63,7 +61,7 @@ config_fgets(char *str, size_t len, struct fileptr *ptr)
         p = ptr->s + strcspn(ptr->s, "\n");
         if(*p == '\n')
             p++;
-       l = min(len, p - ptr->s);
+       l = min(len, (size_t)(p - ptr->s));
         if(len > 0) {
             memcpy(str, ptr->s, l);
             str[l] = '\0';
@@ -91,7 +89,7 @@ _krb5_config_get_entry(krb5_config_section **parent, const char *name, int type)
  
      for(q = parent; *q != NULL; q = &(*q)->next)
         if(type == krb5_config_list &&
-          type == (*q)->type &&
+          (unsigned)type == (*q)->type &&
            strcmp(name, (*q)->name) == 0)
             return *q;
      *q = calloc(1, sizeof(**q));
@@ -250,7 +248,7 @@ cfstring2cstring(CFStringRef string)
  {
      CFIndex len;
      char *str;
-    
+
      str = (char *) CFStringGetCStringPtr(string, kCFStringEncodingUTF8);
      if (str)
         return strdup(str);
@@ -260,7 +258,7 @@ cfstring2cstring(CFStringRef string)
      str = malloc(len);
      if (str == NULL)
         return NULL;
-       
+
      if (!CFStringGetCString (string, str, len, kCFStringEncodingUTF8)) {
         free (str);
         return NULL;
@@ -299,7 +297,7 @@ parse_plist_config(krb5_context context, const char *path, krb5_config_section *
      CFReadStreamRef s;
      CFDictionaryRef d;
      CFURLRef url;
-    
+
      url = CFURLCreateFromFileSystemRepresentation(kCFAllocatorDefault, (UInt8 *)path, strlen(path), FALSE);
      if (url == NULL) {
         krb5_clear_error_message(context);
@@ -321,7 +319,7 @@ parse_plist_config(krb5_context context, const char *path, krb5_config_section *
  
  #ifdef HAVE_CFPROPERTYLISTCREATEWITHSTREAM
      d = (CFDictionaryRef)CFPropertyListCreateWithStream(NULL, s, 0, kCFPropertyListImmutable, NULL, NULL);
-#else 
+#else
      d = (CFDictionaryRef)CFPropertyListCreateFromStream(NULL, s, 0, kCFPropertyListImmutable, NULL, NULL);
  #endif
      CFRelease(s);
@@ -441,7 +439,7 @@ krb5_config_parse_file_multi (krb5_context context,
             home = getenv("HOME");
  
         if (home == NULL) {
-           struct passwd *pw = getpwuid(getuid());     
+           struct passwd *pw = getpwuid(getuid());
             if(pw != NULL)
                 home = pw->pw_dir;
         }
@@ -455,7 +453,7 @@ krb5_config_parse_file_multi (krb5_context context,
             fname = newfname;
         }
  #else  /* KRB5_USE_PATH_TOKENS */
-       if (asprintf(&newfname, "%%{USERCONFIG}%s", &fname[1]) < 0 || 
+       if (asprintf(&newfname, "%%{USERCONFIG}%s", &fname[1]) < 0 ||
             newfname == NULL)
         {
             krb5_set_error_message(context, ENOMEM,
@@ -477,7 +475,7 @@ krb5_config_parse_file_multi (krb5_context context,
             return ret;
         }
  #else
-       krb5_set_error_message(context, ENOENT, 
+       krb5_set_error_message(context, ENOENT,
                                "no support for plist configuration files");
         return ENOENT;
  #endif
@@ -491,7 +489,7 @@ krb5_config_parse_file_multi (krb5_context context,
                 free(newfname);
             return ret;
         }
-       
+
         if (newfname)
             free(newfname);
         fname = newfname = exp_fname;
@@ -507,7 +505,7 @@ krb5_config_parse_file_multi (krb5_context context,
                 free(newfname);
             return ret;
         }
-       
+
         ret = krb5_config_parse_debug (&f, res, &lineno, &str);
         fclose(f.f);
         if (ret) {
@@ -635,7 +633,7 @@ vget_next(krb5_context context,
      const char *p = va_arg(args, const char *);
      while(b != NULL) {
         if(strcmp(b->name, name) == 0) {
-           if(b->type == type && p == NULL) {
+           if(b->type == (unsigned)type && p == NULL) {
                 *pointer = b;
                 return b->u.generic;
             } else if(b->type == krb5_config_list && p != NULL) {
@@ -675,7 +673,7 @@ _krb5_config_vget_next (krb5_context context,
      /* we were called again, so just look for more entries with the
         same name and type */
      for (b = (*pointer)->next; b != NULL; b = b->next) {
-       if(strcmp(b->name, (*pointer)->name) == 0 && b->type == type) {
+       if(strcmp(b->name, (*pointer)->name) == 0 && b->type == (unsigned)type) {
             *pointer = b;
             return b->u.generic;
         }
@@ -770,7 +768,7 @@ krb5_config_vget_list (krb5_context context,
   *
   * @ingroup krb5_support
   */
- 
+
  KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
  krb5_config_get_string (krb5_context context,
                         const krb5_config_section *c,
@@ -865,7 +863,7 @@ krb5_config_get_string_default (krb5_context context,
  }
  
  static char *
-next_component_string(char * begin, char * delims, char **state)
+next_component_string(char * begin, const char * delims, char **state)
  {
      char * end;
  
@@ -1302,11 +1300,11 @@ krb5_config_get_int (krb5_context context,
   * @ingroup krb5_deprecated
   */
  
-KRB5_DEPRECATED
  KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
  krb5_config_parse_string_multi(krb5_context context,
                                const char *string,
                                krb5_config_section **res)
+    KRB5_DEPRECATED_FUNCTION("Use X instead")
  {
      const char *str;
      unsigned lineno = 0;
diff --git a/source4/heimdal/lib/krb5/context.c b/source4/heimdal/lib/krb5/context.c

index b6c6870938465990535241d0ee5643c1c3ffabeb..99bf1b419b0a7c5d5fd3f5f46af7366e719a952c 100644 (file)
--- a/source4/heimdal/lib/krb5/context.c
+++ b/source4/heimdal/lib/krb5/context.c
@@ -34,6 +34,7 @@
   */
  
  #include "krb5_locl.h"
+#include <assert.h>
  #include <com_err.h>
  
  #define INIT_FIELD(C, T, E, D, F)                                      \
@@ -128,6 +129,24 @@ init_context_from_config_file(krb5_context context)
      free(context->etypes_des);
      context->etypes_des = tmptypes;
  
+    ret = set_etypes (context, "default_as_etypes", &tmptypes);
+    if(ret)
+       return ret;
+    free(context->as_etypes);
+    context->as_etypes = tmptypes;
+
+    ret = set_etypes (context, "default_tgs_etypes", &tmptypes);
+    if(ret)
+       return ret;
+    free(context->tgs_etypes);
+    context->tgs_etypes = tmptypes;
+
+    ret = set_etypes (context, "permitted_enctypes", &tmptypes);
+    if(ret)
+       return ret;
+    free(context->permitted_enctypes);
+    context->permitted_enctypes = tmptypes;
+
      /* default keytab name */
      tmp = NULL;
      if(!issuid())
@@ -317,7 +336,7 @@ kt_ops_copy(krb5_context context, const krb5_context src_context)
      return 0;
  }
  
-static const char *sysplugin_dirs[] =  { 
+static const char *sysplugin_dirs[] =  {
      LIBDIR "/plugin/krb5",
  #ifdef __APPLE__
      "/Library/KerberosPlugins/KerberosFrameworkPlugins",
@@ -332,7 +351,7 @@ init_context_once(void *ctx)
      krb5_context context = ctx;
  
      _krb5_load_plugins(context, "krb5", sysplugin_dirs);
-    
+
      bindtextdomain(HEIMDAL_TEXTDOMAIN, HEIMDAL_LOCALEDIR);
  }
  
@@ -392,7 +411,7 @@ krb5_init_context(krb5_context *context)
      ret = hx509_context_init(&p->hx509ctx);
      if (ret)
         goto out;
-#endif 
+#endif
      if (rk_SOCK_INIT())
         p->flags |= KRB5_CTX_F_SOCKETS_INITIALIZED;
  
@@ -413,7 +432,7 @@ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
  krb5_get_permitted_enctypes(krb5_context context,
                             krb5_enctype **etypes)
  {
-    return krb5_get_default_in_tkt_etypes(context, etypes);
+    return krb5_get_default_in_tkt_etypes(context, KRB5_PDU_NONE, etypes);
  }
  
  /*
@@ -433,7 +452,7 @@ copy_etypes (krb5_context context,
  
      *ret_enctypes = malloc(sizeof(ret_enctypes[0]) * i);
      if (*ret_enctypes == NULL) {
-       krb5_set_error_message(context, ENOMEM, 
+       krb5_set_error_message(context, ENOMEM,
                                N_("malloc: out of memory", ""));
         return ENOMEM;
      }
@@ -481,7 +500,7 @@ krb5_copy_context(krb5_context context, krb5_context *out)
         p->default_cc_name = strdup(context->default_cc_name);
      if (context->default_cc_name_env)
         p->default_cc_name_env = strdup(context->default_cc_name_env);
-    
+
      if (context->etypes) {
         ret = copy_etypes(context, context->etypes, &p->etypes);
         if (ret)
@@ -494,7 +513,7 @@ krb5_copy_context(krb5_context context, krb5_context *out)
      }
  
      if (context->default_realms) {
-       ret = krb5_copy_host_realm(context, 
+       ret = krb5_copy_host_realm(context,
                                    context->default_realms, &p->default_realms);
         if (ret)
             goto out;
@@ -736,7 +755,7 @@ krb5_prepend_config_files_default(const char *filelist, char ***pfilenames)
      krb5_free_config_files(defpp);
      if (ret) {
         return ret;
-    }  
+    }
      *pfilenames = pp;
      return 0;
  }
@@ -874,36 +893,51 @@ krb5_kerberos_enctypes(krb5_context context)
  }
  
  /*
- * set `etype' to a malloced list of the default enctypes
+ *
   */
  
  static krb5_error_code
-default_etypes(krb5_context context, krb5_enctype **etype)
+copy_enctypes(krb5_context context,
+             const krb5_enctype *in,
+             krb5_enctype **out)
  {
-    const krb5_enctype *p;
-    krb5_enctype *e = NULL, *ep;
-    int i, n = 0;
-
-    p = krb5_kerberos_enctypes(context);
+    krb5_enctype *p = NULL;
+    size_t m, n;
  
-    for (i = 0; p[i] != ETYPE_NULL; i++) {
-       if (krb5_enctype_valid(context, p[i]) != 0)
+    for (n = 0; in[n]; n++)
+       ;
+    n++;
+    ALLOC(p, n);
+    if(p == NULL)
+       return krb5_enomem(context);
+    for (n = 0, m = 0; in[n]; n++) {
+       if (krb5_enctype_valid(context, in[n]) != 0)
             continue;
-       ep = realloc(e, (n + 2) * sizeof(*e));
-       if (ep == NULL) {
-           free(e);
-           krb5_set_error_message (context, ENOMEM, N_("malloc: out of memory", ""));
-           return ENOMEM;
-       }
-       e = ep;
-       e[n] = p[i];
-       e[n + 1] = ETYPE_NULL;
-       n++;
+       p[m++] = in[n];
+    }
+    p[m] = KRB5_ENCTYPE_NULL;
+    if (m == 0) {
+       free(p);
+       krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP,
+                               N_("no valid enctype set", ""));
+       return KRB5_PROG_ETYPE_NOSUPP;
      }
-    *etype = e;
+    *out = p;
      return 0;
  }
  
+
+/*
+ * set `etype' to a malloced list of the default enctypes
+ */
+
+static krb5_error_code
+default_etypes(krb5_context context, krb5_enctype **etype)
+{
+    const krb5_enctype *p = krb5_kerberos_enctypes(context);
+    return copy_enctypes(context, p, etype);
+}
+
  /**
   * Set the default encryption types that will be use in communcation
   * with the KDC, clients and servers.
@@ -923,31 +957,11 @@ krb5_set_default_in_tkt_etypes(krb5_context context,
  {
      krb5_error_code ret;
      krb5_enctype *p = NULL;
-    unsigned int n, m;
  
      if(etypes) {
-       for (n = 0; etypes[n]; n++)
-           ;
-       n++;
-       ALLOC(p, n);
-       if(!p) {
-           krb5_set_error_message (context, ENOMEM,
-                                   N_("malloc: out of memory", ""));
-           return ENOMEM;
-       }
-       for (n = 0, m = 0; etypes[n]; n++) {
-           ret = krb5_enctype_valid(context, etypes[n]);
-           if (ret)
-               continue;
-           p[m++] = etypes[n];
-       }
-       p[m] = ETYPE_NULL;
-       if (m == 0) {
-           free(p);
-           krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP,
-                                   N_("no valid enctype set", ""));
-           return KRB5_PROG_ETYPE_NOSUPP;
-       }
+       ret = copy_enctypes(context, etypes, &p);
+       if (ret)
+           return ret;
      }
      if(context->etypes)
         free(context->etypes);
@@ -971,21 +985,28 @@ krb5_set_default_in_tkt_etypes(krb5_context context,
  
  KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
  krb5_get_default_in_tkt_etypes(krb5_context context,
+                              krb5_pdu pdu_type,
                                krb5_enctype **etypes)
  {
-    krb5_enctype *p;
-    int i;
+    krb5_enctype *enctypes = NULL;
      krb5_error_code ret;
+    krb5_enctype *p;
  
-    if(context->etypes) {
-       for(i = 0; context->etypes[i]; i++);
-       ++i;
-       ALLOC(p, i);
-       if(!p) {
-           krb5_set_error_message (context, ENOMEM, N_("malloc: out of memory", ""));
-           return ENOMEM;
-       }
-       memmove(p, context->etypes, i * sizeof(krb5_enctype));
+    heim_assert(pdu_type == KRB5_PDU_AS_REQUEST || 
+               pdu_type == KRB5_PDU_TGS_REQUEST ||
+               pdu_type == KRB5_PDU_NONE, "pdu contant not as expected");
+
+    if (pdu_type == KRB5_PDU_AS_REQUEST && context->as_etypes != NULL)
+       enctypes = context->as_etypes;
+    else if (pdu_type == KRB5_PDU_TGS_REQUEST && context->tgs_etypes != NULL)
+       enctypes = context->tgs_etypes;
+    else if (context->etypes != NULL)
+       enctypes = context->etypes;
+
+    if (enctypes != NULL) {
+       ret = copy_enctypes(context, enctypes, &p);
+       if (ret)
+           return ret;
      } else {
         ret = default_etypes(context, &p);
         if (ret)
@@ -1390,10 +1411,11 @@ krb5_set_max_time_skew (krb5_context context, time_t t)
      context->max_skew = t;
  }
  
-/**
+/*
   * Init encryption types in len, val with etypes.
   *
   * @param context Kerberos 5 context.
+ * @param pdu_type type of pdu
   * @param len output length of val.
   * @param val output array of enctypes.
   * @param etypes etypes to set val and len to, if NULL, use default enctypes.
@@ -1405,39 +1427,27 @@ krb5_set_max_time_skew (krb5_context context, time_t t)
   */
  
  KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
-krb5_init_etype (krb5_context context,
+_krb5_init_etype(krb5_context context,
+                krb5_pdu pdu_type,
                  unsigned *len,
                  krb5_enctype **val,
                  const krb5_enctype *etypes)
  {
-    unsigned int i;
      krb5_error_code ret;
-    krb5_enctype *tmp = NULL;
  
-    ret = 0;
-    if (etypes == NULL) {
-       ret = krb5_get_default_in_tkt_etypes(context, &tmp);
-       if (ret)
-           return ret;
-       etypes = tmp;
-    }
+    if (etypes == NULL)
+       ret = krb5_get_default_in_tkt_etypes(context, pdu_type, val);
+    else
+       ret = copy_enctypes(context, etypes, val);
+    if (ret)
+       return ret;
  
-    for (i = 0; etypes[i]; ++i)
-       ;
-    *len = i;
-    *val = malloc(i * sizeof(**val));
-    if (i != 0 && *val == NULL) {
-       ret = ENOMEM;
-       krb5_set_error_message(context, ret, N_("malloc: out of memory", ""));
-       goto cleanup;
+    if (len) {
+       *len = 0;
+       while ((*val)[*len] != KRB5_ENCTYPE_NULL)
+           (*len)++;
      }
-    memmove (*val,
-            etypes,
-            i * sizeof(*tmp));
-cleanup:
-    if (tmp != NULL)
-       free (tmp);
-    return ret;
+    return 0;
  }
  
  /*
diff --git a/source4/heimdal/lib/krb5/convert_creds.c b/source4/heimdal/lib/krb5/convert_creds.c

index e700425ffe8ae19adf6408b6b822ab3f99120718..fc371c637764cbfe6a6187868ef190b6c3adb1ae 100644 (file)
--- a/source4/heimdal/lib/krb5/convert_creds.c
+++ b/source4/heimdal/lib/krb5/convert_creds.c
@@ -31,8 +31,6 @@
   * SUCH DAMAGE.
   */
  
-#define KRB5_DEPRECATED
-
  #include "krb5_locl.h"
  #include "krb5-v4compat.h"
  
@@ -54,11 +52,11 @@
   * @ingroup krb5_v4compat
   */
  
-KRB5_DEPRECATED
  KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
  krb524_convert_creds_kdc(krb5_context context,
                          krb5_creds *in_cred,
                          struct credentials *v4creds)
+    KRB5_DEPRECATED_FUNCTION("Use X instead")
  {
      memset(v4creds, 0, sizeof(*v4creds));
      krb5_set_error_message(context, EINVAL,
@@ -81,12 +79,12 @@ krb524_convert_creds_kdc(krb5_context context,
   * @ingroup krb5_v4compat
   */
  
-KRB5_DEPRECATED
  KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
  krb524_convert_creds_kdc_ccache(krb5_context context,
                                 krb5_ccache ccache,
                                 krb5_creds *in_cred,
                                 struct credentials *v4creds)
+    KRB5_DEPRECATED_FUNCTION("Use X instead")
  {
      memset(v4creds, 0, sizeof(*v4creds));
      krb5_set_error_message(context, EINVAL,
diff --git a/source4/heimdal/lib/krb5/creds.c b/source4/heimdal/lib/krb5/creds.c

index 69aacdc032f364c833a65e16c996baa7904473cf..7ef8eb96095fe7c4a3fcb003d9d2df3ba0b8db21 100644 (file)
--- a/source4/heimdal/lib/krb5/creds.c
+++ b/source4/heimdal/lib/krb5/creds.c
@@ -228,7 +228,7 @@ krb5_compare_creds(krb5_context context, krb5_flags whichfields,
             match = krb5_principal_compare (context, mcreds->client,
                                             creds->client);
      }
-       
+
      if (match && (whichfields & KRB5_TC_MATCH_KEYTYPE))
          match = mcreds->session.keytype == creds->session.keytype;
  
diff --git a/source4/heimdal/lib/krb5/crypto-des.c b/source4/heimdal/lib/krb5/crypto-des.c

index 1c062b5e612d5c3f77e88e6ce33be68664d6a59a..63ce901d92582ff5442841d1f6a37b1022172f4b 100644 (file)
--- a/source4/heimdal/lib/krb5/crypto-des.c
+++ b/source4/heimdal/lib/krb5/crypto-des.c
@@ -77,7 +77,9 @@ static struct _krb5_key_type keytype_des_old = {
      krb5_DES_random_key,
      krb5_DES_schedule_old,
      _krb5_des_salt,
-    krb5_DES_random_to_key
+    krb5_DES_random_to_key,
+    NULL,
+    NULL
  };
  
  static struct _krb5_key_type keytype_des = {
diff --git a/source4/heimdal/lib/krb5/crypto-des3.c b/source4/heimdal/lib/krb5/crypto-des3.c

index b61948895a97010d6cbd6390e46391e428d51530..d50c5cebe2e33d0de84d8c528dba9844a704de56 100644 (file)
--- a/source4/heimdal/lib/krb5/crypto-des3.c
+++ b/source4/heimdal/lib/krb5/crypto-des3.c
@@ -202,7 +202,7 @@ _krb5_DES3_random_to_key(krb5_context context,
      DES_cblock *k;
      int i, j;
  
-    memset(x, 0, sizeof(x));
+    memset(key->keyvalue.data, 0, key->keyvalue.length);
      for (i = 0; i < 3; ++i) {
         unsigned char foo;
         for (j = 0; j < 7; ++j) {
diff --git a/source4/heimdal/lib/krb5/crypto-evp.c b/source4/heimdal/lib/krb5/crypto-evp.c

index 3f9cd57bbcfab3bea13107b1cb2b17b11dce5150..e8fb1caf6ae8ad89663af1f1a5fcb51ec36b03d9 100644 (file)
--- a/source4/heimdal/lib/krb5/crypto-evp.c
+++ b/source4/heimdal/lib/krb5/crypto-evp.c
@@ -98,7 +98,7 @@ _krb5_evp_encrypt_cts(krb5_context context,
  {
      size_t i, blocksize;
      struct _krb5_evp_schedule *ctx = key->schedule->data;
-    char tmp[EVP_MAX_BLOCK_LENGTH], ivec2[EVP_MAX_BLOCK_LENGTH];
+    unsigned char tmp[EVP_MAX_BLOCK_LENGTH], ivec2[EVP_MAX_BLOCK_LENGTH];
      EVP_CIPHER_CTX *c;
      unsigned char *p;
  
@@ -142,7 +142,7 @@ _krb5_evp_encrypt_cts(krb5_context context,
         if (ivec)
             memcpy(ivec, p, blocksize);
      } else {
-       char tmp2[EVP_MAX_BLOCK_LENGTH], tmp3[EVP_MAX_BLOCK_LENGTH];
+       unsigned char tmp2[EVP_MAX_BLOCK_LENGTH], tmp3[EVP_MAX_BLOCK_LENGTH];
  
         p = data;
         if (len > blocksize * 2) {
diff --git a/source4/heimdal/lib/krb5/crypto-pk.c b/source4/heimdal/lib/krb5/crypto-pk.c

index eb783c8998b3aebfba103e442f917c33ba6802eb..7fedb65c9eded4e37b61abe51c22496fe1617414 100644 (file)
--- a/source4/heimdal/lib/krb5/crypto-pk.c
+++ b/source4/heimdal/lib/krb5/crypto-pk.c
@@ -110,7 +110,7 @@ encode_uvinfo(krb5_context context, krb5_const_principal p, krb5_data *data)
  {
      KRB5PrincipalName pn;
      krb5_error_code ret;
-    size_t size;
+    size_t size = 0;
  
      pn.principalName = p->name;
      pn.realm = p->realm;
@@ -143,7 +143,7 @@ encode_otherinfo(krb5_context context,
      PkinitSuppPubInfo pubinfo;
      krb5_error_code ret;
      krb5_data pub;
-    size_t size;
+    size_t size = 0;
  
      krb5_data_zero(other);
      memset(&otherinfo, 0, sizeof(otherinfo));
@@ -192,6 +192,8 @@ encode_otherinfo(krb5_context context,
      return 0;
  }
  
+
+
  krb5_error_code
  _krb5_pk_kdf(krb5_context context,
              const struct AlgorithmIdentifier *ai,
@@ -211,10 +213,17 @@ _krb5_pk_kdf(krb5_context context,
      size_t keylen, offset;
      uint32_t counter;
      unsigned char *keydata;
-    unsigned char shaoutput[SHA_DIGEST_LENGTH];
+    unsigned char shaoutput[SHA512_DIGEST_LENGTH];
+    const EVP_MD *md;
      EVP_MD_CTX *m;
  
-    if (der_heim_oid_cmp(&asn1_oid_id_pkinit_kdf_ah_sha1, &ai->algorithm) != 0) {
+    if (der_heim_oid_cmp(&asn1_oid_id_pkinit_kdf_ah_sha1, &ai->algorithm) == 0) {
+        md = EVP_sha1();
+    } else if (der_heim_oid_cmp(&asn1_oid_id_pkinit_kdf_ah_sha256, &ai->algorithm) == 0) {
+        md = EVP_sha256();
+    } else if (der_heim_oid_cmp(&asn1_oid_id_pkinit_kdf_ah_sha512, &ai->algorithm) == 0) {
+        md = EVP_sha512();
+    } else {
         krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
                                N_("KDF not supported", ""));
         return KRB5_PROG_ETYPE_NOSUPP;
@@ -264,7 +273,7 @@ _krb5_pk_kdf(krb5_context context,
      do {
         unsigned char cdata[4];
  
-       EVP_DigestInit_ex(m, EVP_sha1(), NULL);
+       EVP_DigestInit_ex(m, md, NULL);
         _krb5_put_int(cdata, counter, 4);
         EVP_DigestUpdate(m, cdata, 4);
         EVP_DigestUpdate(m, dhdata, dhsize);
@@ -274,9 +283,9 @@ _krb5_pk_kdf(krb5_context context,
  
         memcpy((unsigned char *)keydata + offset,
                shaoutput,
-              min(keylen - offset, sizeof(shaoutput)));
+              min(keylen - offset, EVP_MD_CTX_size(m)));
  
-       offset += sizeof(shaoutput);
+       offset += EVP_MD_CTX_size(m);
         counter++;
      } while(offset < keylen);
      memset(shaoutput, 0, sizeof(shaoutput));
diff --git a/source4/heimdal/lib/krb5/crypto.c b/source4/heimdal/lib/krb5/crypto.c

index 5d274e9af7a28d5f4ea638f8899b76717786b0a6..63aedc45684e243d0e24def7a7a9f7cfaea6c659 100644 (file)
--- a/source4/heimdal/lib/krb5/crypto.c
+++ b/source4/heimdal/lib/krb5/crypto.c
@@ -31,8 +31,6 @@
   * SUCH DAMAGE.
   */
  
-#define KRB5_DEPRECATED
-
  #include "krb5_locl.h"
  
  struct _krb5_key_usage {
@@ -180,7 +178,7 @@ _krb5_internal_hmac(krb5_context context,
      unsigned char *ipad, *opad;
      unsigned char *key;
      size_t key_len;
-    int i;
+    size_t i;
  
      ipad = malloc(cm->blocksize + len);
      if (ipad == NULL)
@@ -311,7 +309,7 @@ get_checksum_key(krb5_context context,
      if(ct->flags & F_DERIVED)
         ret = _get_derived_key(context, crypto, usage, key);
      else if(ct->flags & F_VARIANT) {
-       int i;
+       size_t i;
  
         *key = _new_derived_key(crypto, 0xff/* KRB5_KU_RFC1510_VARIANT */);
         if(*key == NULL) {
@@ -479,7 +477,7 @@ verify_checksum(krb5_context context,
      if(ct->verify) {
         ret = (*ct->verify)(context, dkey, data, len, usage, cksum);
         if (ret)
-           krb5_set_error_message(context, ret, 
+           krb5_set_error_message(context, ret,
                                    N_("Decrypt integrity check failed for checksum "
                                       "type %s, key type %s", ""),
                                    ct->name, (crypto != NULL)? crypto->et->name : "(none)");
@@ -1160,9 +1158,9 @@ decrypt_internal_special(krb5_context context,
  }
  
  static krb5_crypto_iov *
-find_iv(krb5_crypto_iov *data, int num_data, int type)
+find_iv(krb5_crypto_iov *data, size_t num_data, unsigned type)
  {
-    int i;
+    size_t i;
      for (i = 0; i < num_data; i++)
         if (data[i].flags == type)
             return &data[i];
@@ -1403,11 +1401,6 @@ krb5_decrypt_iov_ivec(krb5_context context,
      struct _krb5_encryption_type *et = crypto->et;
      krb5_crypto_iov *tiv, *hiv;
  
-    if (num_data < 0) {
-        krb5_clear_error_message(context);
-       return KRB5_CRYPTO_INTERNAL;
-    }
-
      if(!derived_crypto(context, crypto)) {
         krb5_clear_error_message(context);
         return KRB5_CRYPTO_INTERNAL;
@@ -1545,15 +1538,10 @@ krb5_create_checksum_iov(krb5_context context,
      Checksum cksum;
      krb5_crypto_iov *civ;
      krb5_error_code ret;
-    int i;
+    size_t i;
      size_t len;
      char *p, *q;
  
-    if (num_data < 0) {
-        krb5_clear_error_message(context);
-       return KRB5_CRYPTO_INTERNAL;
-    }
-
      if(!derived_crypto(context, crypto)) {
         krb5_clear_error_message(context);
         return KRB5_CRYPTO_INTERNAL;
@@ -1629,15 +1617,10 @@ krb5_verify_checksum_iov(krb5_context context,
      Checksum cksum;
      krb5_crypto_iov *civ;
      krb5_error_code ret;
-    int i;
+    size_t i;
      size_t len;
      char *p, *q;
  
-    if (num_data < 0) {
-        krb5_clear_error_message(context);
-       return KRB5_CRYPTO_INTERNAL;
-    }
-
      if(!derived_crypto(context, crypto)) {
         krb5_clear_error_message(context);
         return KRB5_CRYPTO_INTERNAL;
@@ -1689,7 +1672,7 @@ krb5_crypto_length(krb5_context context,
         krb5_set_error_message(context, EINVAL, "not a derived crypto");
         return EINVAL;
      }
-       
+
      switch(type) {
      case KRB5_CRYPTO_TYPE_EMPTY:
         *len = 0;
@@ -1730,7 +1713,7 @@ krb5_crypto_length_iov(krb5_context context,
                        unsigned int num_data)
  {
      krb5_error_code ret;
-    int i;
+    size_t i;
  
      for (i = 0; i < num_data; i++) {
         ret = krb5_crypto_length(context, crypto,
@@ -2120,7 +2103,7 @@ krb5_crypto_destroy(krb5_context context,
  
  /**
   * Return the blocksize used algorithm referenced by the crypto context
- * 
+ *
   * @param context Kerberos context
   * @param crypto crypto context to query
   * @param blocksize the resulting blocksize
@@ -2141,7 +2124,7 @@ krb5_crypto_getblocksize(krb5_context context,
  
  /**
   * Return the encryption type used by the crypto context
- * 
+ *
   * @param context Kerberos context
   * @param crypto crypto context to query
   * @param enctype the resulting encryption type
@@ -2162,7 +2145,7 @@ krb5_crypto_getenctype(krb5_context context,
  
  /**
   * Return the padding size used by the crypto context
- * 
+ *
   * @param context Kerberos context
   * @param crypto crypto context to query
   * @param padsize the return padding size
@@ -2183,7 +2166,7 @@ krb5_crypto_getpadsize(krb5_context context,
  
  /**
   * Return the confounder size used by the crypto context
- * 
+ *
   * @param context Kerberos context
   * @param crypto crypto context to query
   * @param confoundersize the returned confounder size
@@ -2593,12 +2576,12 @@ krb5_crypto_fx_cf2(krb5_context context,
   * @ingroup krb5_deprecated
   */
  
-KRB5_DEPRECATED
  KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
  krb5_keytype_to_enctypes (krb5_context context,
                           krb5_keytype keytype,
                           unsigned *len,
                           krb5_enctype **val)
+    KRB5_DEPRECATED_FUNCTION("Use X instead")
  {
      int i;
      unsigned n = 0;
@@ -2640,11 +2623,11 @@ krb5_keytype_to_enctypes (krb5_context context,
   */
  
  /* if two enctypes have compatible keys */
-KRB5_DEPRECATED
  KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
  krb5_enctypes_compatible_keys(krb5_context context,
                               krb5_enctype etype1,
                               krb5_enctype etype2)
+    KRB5_DEPRECATED_FUNCTION("Use X instead")
  {
      struct _krb5_encryption_type *e1 = _krb5_find_enctype(etype1);
      struct _krb5_encryption_type *e2 = _krb5_find_enctype(etype2);
diff --git a/source4/heimdal/lib/krb5/error_string.c b/source4/heimdal/lib/krb5/error_string.c

index dc2d4586a06ff9df0c4b2054a8a3c84a6ffb18c9..7a7b989b69e863e647550d6434239a9ca36e92c9 100644 (file)
--- a/source4/heimdal/lib/krb5/error_string.c
+++ b/source4/heimdal/lib/krb5/error_string.c
@@ -288,9 +288,9 @@ krb5_free_error_message(krb5_context context, const char *msg)
   * @ingroup krb5
   */
  
-KRB5_DEPRECATED
  KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
  krb5_get_err_text(krb5_context context, krb5_error_code code)
+    KRB5_DEPRECATED_FUNCTION("Use X instead")
  {
      const char *p = NULL;
      if(context != NULL)
diff --git a/source4/heimdal/lib/krb5/expand_path.c b/source4/heimdal/lib/krb5/expand_path.c

index 70096e1c7aa9a6078132328ad740a10a568fb8fb..4c4898a79ea11bad40d8d8da21cae01acbb08cbd 100644 (file)
--- a/source4/heimdal/lib/krb5/expand_path.c
+++ b/source4/heimdal/lib/krb5/expand_path.c
@@ -2,19 +2,19 @@
  /***********************************************************************
   * Copyright (c) 2009, Secure Endpoints Inc.
   * All rights reserved.
- * 
+ *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
   * are met:
- * 
+ *
   * - Redistributions of source code must retain the above copyright
   *   notice, this list of conditions and the following disclaimer.
- * 
+ *
   * - Redistributions in binary form must reproduce the above copyright
   *   notice, this list of conditions and the following disclaimer in
   *   the documentation and/or other materials provided with the
   *   distribution.
- * 
+ *
   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
   * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
   * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
@@ -27,7 +27,7 @@
   * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
   * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
   * OF THE POSSIBILITY OF SUCH DAMAGE.
- * 
+ *
   **********************************************************************/
  
  #include "krb5_locl.h"
@@ -168,7 +168,7 @@ _expand_userid(krb5_context context, PTYPE param, const char *postfix, char **re
  
         if (le != 0) {
             if (context)
-               krb5_set_error_message(context, rv, 
+               krb5_set_error_message(context, rv,
                                        "Can't open thread token (GLE=%d)", le);
             goto _exit;
         }
@@ -247,7 +247,7 @@ _expand_csidl(krb5_context context, PTYPE folder, const char *postfix, char **re
         if (context)
             krb5_set_error_message(context, EINVAL, "Unable to determine folder path");
         return EINVAL;
-    } 
+    }
  
      len = strlen(path);
  
@@ -464,7 +464,7 @@ _krb5_expand_path_tokens(krb5_context context,
             return ENOMEM;
  
         }
-       
+
         {
             size_t append_len = strlen(append);
             char * new_str = realloc(*ppath_out, len + append_len + 1);
diff --git a/source4/heimdal/lib/krb5/fcache.c b/source4/heimdal/lib/krb5/fcache.c

index 218bd2cdbfed27fdd3017df49c087c170fa7086b..731f2934146b215af029824939e93517d151b2e2 100644 (file)
--- a/source4/heimdal/lib/krb5/fcache.c
+++ b/source4/heimdal/lib/krb5/fcache.c
@@ -62,6 +62,9 @@ static const char* KRB5_CALLCONV
  fcc_get_name(krb5_context context,
              krb5_ccache id)
  {
+    if (FCACHE(id) == NULL)
+        return NULL;
+
      return FILENAME(id);
  }
  
@@ -155,7 +158,7 @@ write_storage(krb5_context context, krb5_storage *sp, int fd)
         return ret;
      }
      sret = write(fd, data.data, data.length);
-    ret = (sret != data.length);
+    ret = (sret != (ssize_t)data.length);
      krb5_data_free(&data);
      if (ret) {
         ret = errno;
@@ -220,7 +223,7 @@ scrub_file (int fd)
          return errno;
      memset(buf, 0, sizeof(buf));
      while(pos > 0) {
-        ssize_t tmp = write(fd, buf, min(sizeof(buf), pos));
+        ssize_t tmp = write(fd, buf, min((off_t)sizeof(buf), pos));
  
         if (tmp < 0)
             return errno;
@@ -334,11 +337,11 @@ fcc_gen_new(krb5_context context, krb5_ccache *id)
  
      fd = mkstemp(exp_file);
      if(fd < 0) {
-       int ret = errno;
-       krb5_set_error_message(context, ret, N_("mkstemp %s failed", ""), exp_file);
+       int xret = errno;
+       krb5_set_error_message(context, xret, N_("mkstemp %s failed", ""), exp_file);
         free(f);
         free(exp_file);
-       return ret;
+       return xret;
      }
      close(fd);
      f->filename = exp_file;
@@ -383,8 +386,14 @@ fcc_open(krb5_context context,
      krb5_boolean exclusive = ((flags | O_WRONLY) == flags ||
                               (flags | O_RDWR) == flags);
      krb5_error_code ret;
-    const char *filename = FILENAME(id);
+    const char *filename;
      int fd;
+
+    if (FCACHE(id) == NULL)
+        return krb5_einval(context, 2);
+
+    filename = FILENAME(id);
+
      fd = open(filename, flags, mode);
      if(fd < 0) {
         char buf[128];
@@ -412,9 +421,11 @@ fcc_initialize(krb5_context context,
      krb5_fcache *f = FCACHE(id);
      int ret = 0;
      int fd;
-    char *filename = f->filename;
  
-    unlink (filename);
+    if (f == NULL)
+        return krb5_einval(context, 2);
+
+    unlink (f->filename);
  
      ret = fcc_open(context, id, &fd, O_RDWR | O_CREAT | O_EXCL | O_BINARY | O_CLOEXEC, 0600);
      if(ret)
@@ -443,7 +454,7 @@ fcc_initialize(krb5_context context,
             }
         }
         ret |= krb5_store_principal(sp, primary_principal);
-       
+
         ret |= write_storage(context, sp, fd);
  
         krb5_storage_free(sp);
@@ -464,6 +475,9 @@ static krb5_error_code KRB5_CALLCONV
  fcc_close(krb5_context context,
           krb5_ccache id)
  {
+    if (FCACHE(id) == NULL)
+        return krb5_einval(context, 2);
+
      free (FILENAME(id));
      krb5_data_free(&id->data);
      return 0;
@@ -473,6 +487,9 @@ static krb5_error_code KRB5_CALLCONV
  fcc_destroy(krb5_context context,
             krb5_ccache id)
  {
+    if (FCACHE(id) == NULL)
+        return krb5_einval(context, 2);
+
      _krb5_erase_file(context, FILENAME(id));
      return 0;
  }
@@ -701,6 +718,9 @@ fcc_get_first (krb5_context context,
      krb5_error_code ret;
      krb5_principal principal;
  
+    if (FCACHE(id) == NULL)
+        return krb5_einval(context, 2);
+
      *cursor = malloc(sizeof(struct fcc_cursor));
      if (*cursor == NULL) {
          krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
@@ -733,6 +753,13 @@ fcc_get_next (krb5_context context,
               krb5_creds *creds)
  {
      krb5_error_code ret;
+
+    if (FCACHE(id) == NULL)
+        return krb5_einval(context, 2);
+
+    if (FCC_CURSOR(*cursor) == NULL)
+        return krb5_einval(context, 3);
+
      if((ret = fcc_lock(context, id, FCC_CURSOR(*cursor)->fd, FALSE)) != 0)
         return ret;
  
@@ -749,6 +776,13 @@ fcc_end_get (krb5_context context,
              krb5_ccache id,
              krb5_cc_cursor *cursor)
  {
+
+    if (FCACHE(id) == NULL)
+        return krb5_einval(context, 2);
+
+    if (FCC_CURSOR(*cursor) == NULL)
+        return krb5_einval(context, 3);
+
      krb5_storage_free(FCC_CURSOR(*cursor)->sp);
      close (FCC_CURSOR(*cursor)->fd);
      free(*cursor);
@@ -767,6 +801,9 @@ fcc_remove_cred(krb5_context context,
      char *newname = NULL;
      int fd;
  
+    if (FCACHE(id) == NULL)
+        return krb5_einval(context, 2);
+
      ret = krb5_cc_new_unique(context, krb5_cc_type_memory, NULL, &copy);
      if (ret)
         return ret;
@@ -827,6 +864,9 @@ fcc_set_flags(krb5_context context,
               krb5_ccache id,
               krb5_flags flags)
  {
+    if (FCACHE(id) == NULL)
+        return krb5_einval(context, 2);
+
      return 0; /* XXX */
  }
  
@@ -834,9 +874,12 @@ static int KRB5_CALLCONV
  fcc_get_version(krb5_context context,
                 krb5_ccache id)
  {
+    if (FCACHE(id) == NULL)
+        return -1;
+
      return FCACHE(id)->version;
  }
-               
+
  struct fcache_iter {
      int first;
  };
@@ -864,6 +907,9 @@ fcc_get_cache_next(krb5_context context, krb5_cc_cursor cursor, krb5_ccache *id)
      const char *fn;
      char *expandedfn = NULL;
  
+    if (iter == NULL)
+        return krb5_einval(context, 2);
+
      if (!iter->first) {
         krb5_clear_error_message(context);
         return KRB5_CC_END;
@@ -900,6 +946,10 @@ static krb5_error_code KRB5_CALLCONV
  fcc_end_cache_get(krb5_context context, krb5_cc_cursor cursor)
  {
      struct fcache_iter *iter = cursor;
+
+    if (iter == NULL)
+        return krb5_einval(context, 2);
+
      free(iter);
      return 0;
  }
diff --git a/source4/heimdal/lib/krb5/get_addrs.c b/source4/heimdal/lib/krb5/get_addrs.c

index 829b2acc17c8b4b81975a18796342d8cc1edbfaa..0e2bfcf66f946fa9cfae1d62a9781461d9dc98ab 100644 (file)
--- a/source4/heimdal/lib/krb5/get_addrs.c
+++ b/source4/heimdal/lib/krb5/get_addrs.c
@@ -82,8 +82,8 @@ gethostname_fallback (krb5_context context, krb5_addresses *res)
  }
  
  enum {
-    LOOP            = 1,       /* do include loopback interfaces */
-    LOOP_IF_NONE    = 2,       /* include loopback if no other if's */
+    LOOP            = 1,       /* do include loopback addrs */
+    LOOP_IF_NONE    = 2,       /* include loopback addrs if no others */
      EXTRA_ADDRESSES = 4,       /* include extra addresses */
      SCAN_INTERFACES = 8                /* scan interfaces for addresses */
  };
@@ -146,11 +146,9 @@ find_all_addresses (krb5_context context, krb5_addresses *res, int flags)
             continue;
         if (krb5_sockaddr_uninteresting(ifa->ifa_addr))
             continue;
-       if ((ifa->ifa_flags & IFF_LOOPBACK) != 0) {
+       if (krb5_sockaddr_is_loopback(ifa->ifa_addr) && (flags & LOOP) == 0)
             /* We'll deal with the LOOP_IF_NONE case later. */
-           if ((flags & LOOP) == 0)
-               continue;
-       }
+           continue;
  
         ret = krb5_sockaddr2address(context, ifa->ifa_addr, &res->val[idx]);
         if (ret) {
@@ -189,24 +187,22 @@ find_all_addresses (krb5_context context, krb5_addresses *res, int flags)
                 continue;
             if (krb5_sockaddr_uninteresting(ifa->ifa_addr))
                 continue;
-
-           if ((ifa->ifa_flags & IFF_LOOPBACK) != 0) {
-               ret = krb5_sockaddr2address(context,
-                                           ifa->ifa_addr, &res->val[idx]);
-               if (ret) {
-                   /*
-                    * See comment above.
-                    */
-                   continue;
-               }
-               if((flags & EXTRA_ADDRESSES) &&
-                  krb5_address_search(context, &res->val[idx],
-                                      &ignore_addresses)) {
-                   krb5_free_address(context, &res->val[idx]);
-                   continue;
-               }
-               idx++;
+           if (!krb5_sockaddr_is_loopback(ifa->ifa_addr))
+               continue;
+           if ((ifa->ifa_flags & IFF_LOOPBACK) == 0)
+               /* Presumably loopback addrs are only used on loopback ifs! */
+               continue;
+           ret = krb5_sockaddr2address(context,
+                                       ifa->ifa_addr, &res->val[idx]);
+           if (ret)
+               continue; /* We don't consider this failure fatal */
+           if((flags & EXTRA_ADDRESSES) &&
+              krb5_address_search(context, &res->val[idx],
+                                  &ignore_addresses)) {
+               krb5_free_address(context, &res->val[idx]);
+               continue;
             }
+           idx++;
         }
      }
  
diff --git a/source4/heimdal/lib/krb5/get_cred.c b/source4/heimdal/lib/krb5/get_cred.c

index 7f2b57247d73264ce6cf7764aaf1b78d52434403..e3bb23a2e9d72b9ef9bdea46f5ecd4cc05f4bfec 100644 (file)
--- a/source4/heimdal/lib/krb5/get_cred.c
+++ b/source4/heimdal/lib/krb5/get_cred.c
@@ -55,7 +55,7 @@ make_pa_tgs_req(krb5_context context,
  {
      u_char *buf;
      size_t buf_size;
-    size_t len;
+    size_t len = 0;
      krb5_data in_data;
      krb5_error_code ret;
  
@@ -90,7 +90,7 @@ set_auth_data (krb5_context context,
                krb5_keyblock *subkey)
  {
      if(authdata->len) {
-       size_t len, buf_size;
+       size_t len = 0, buf_size;
         unsigned char *buf;
         krb5_crypto crypto;
         krb5_error_code ret;
@@ -166,10 +166,11 @@ init_tgs_req (krb5_context context,
         }
         t->req_body.etype.val[0] = in_creds->session.keytype;
      } else {
-       ret = krb5_init_etype(context,
-                             &t->req_body.etype.len,
-                             &t->req_body.etype.val,
-                             NULL);
+       ret = _krb5_init_etype(context,
+                              KRB5_PDU_TGS_REQUEST,
+                              &t->req_body.etype.len,
+                              &t->req_body.etype.val,
+                              NULL);
      }
      if (ret)
         goto fail;
@@ -235,7 +236,7 @@ init_tgs_req (krb5_context context,
         goto fail;
      }
      {
-       int i;
+       size_t i;
         for (i = 0; i < padata->len; i++) {
             ret = copy_PA_DATA(&padata->val[i], &t->padata->val[i + 1]);
             if (ret) {
@@ -249,16 +250,16 @@ init_tgs_req (krb5_context context,
      ret = krb5_auth_con_init(context, &ac);
      if(ret)
         goto fail;
-    
+
      ret = krb5_auth_con_generatelocalsubkey(context, ac, &krbtgt->session);
      if (ret)
         goto fail;
-    
+
      ret = set_auth_data (context, &t->req_body, &in_creds->authdata,
                          ac->local_subkey);
      if (ret)
         goto fail;
-    
+
      ret = make_pa_tgs_req(context,
                           ac,
                           &t->req_body,
@@ -334,6 +335,8 @@ decrypt_tkt_with_subkey (krb5_context context,
  
      assert(usage == 0);
  
+    krb5_data_zero(&data);
+
      /*
       * start out with trying with subkey if we have one
       */
@@ -383,7 +386,7 @@ decrypt_tkt_with_subkey (krb5_context context,
                                    &dec_rep->enc_part,
                                    &size);
      if (ret)
-      krb5_set_error_message(context, ret, 
+      krb5_set_error_message(context, ret,
                              N_("Failed to decode encpart in ticket", ""));
      krb5_data_free (&data);
      return ret;
@@ -408,7 +411,7 @@ get_cred_kdc(krb5_context context,
      krb5_error_code ret;
      unsigned nonce;
      krb5_keyblock *subkey = NULL;
-    size_t len;
+    size_t len = 0;
      Ticket second_ticket_data;
      METHOD_DATA padata;
  
@@ -435,12 +438,12 @@ get_cred_kdc(krb5_context context,
         PA_S4U2Self self;
         krb5_data data;
         void *buf;
-       size_t size;
+       size_t size = 0;
  
         self.name = impersonate_principal->name;
         self.realm = impersonate_principal->realm;
         self.auth = estrdup("Kerberos");
-       
+
         ret = _krb5_s4u2self_to_checksumdata(context, &self, &data);
         if (ret) {
             free(self.auth);
@@ -475,7 +478,7 @@ get_cred_kdc(krb5_context context,
             goto out;
         if (len != size)
             krb5_abortx(context, "internal asn1 error");
-       
+
         ret = krb5_padata_add(context, &padata, KRB5_PADATA_FOR_USER, buf, len);
         if (ret)
             goto out;
@@ -609,7 +612,7 @@ get_cred_kdc_address(krb5_context context,
  
         krb5_appdefault_boolean(context, NULL, krbtgt->server->realm,
                                 "no-addresses", FALSE, &noaddr);
-       
+
         if (!noaddr) {
             krb5_get_all_client_addrs(context, &addresses);
             /* XXX this sucks. */
@@ -734,7 +737,7 @@ get_cred_kdc_capath_worker(krb5_context context,
                             krb5_creds *in_creds,
                             krb5_const_realm try_realm,
                             krb5_principal impersonate_principal,
-                           Ticket *second_ticket,                      
+                           Ticket *second_ticket,
                             krb5_creds **out_creds,
                             krb5_creds ***ret_tgts)
  {
@@ -809,7 +812,7 @@ get_cred_kdc_capath_worker(krb5_context context,
             krb5_free_principal(context, tmp_creds.client);
             return ret;
         }
-       /* 
+       /*
          * if either of the chain or the ok_as_delegate was stripped
          * by the kdc, make sure we strip it too.
          */
@@ -842,7 +845,7 @@ get_cred_kdc_capath_worker(krb5_context context,
             return ret;
         }
      }
-       
+
      krb5_free_principal(context, tmp_creds.server);
      krb5_free_principal(context, tmp_creds.client);
      *out_creds = calloc(1, sizeof(**out_creds));
@@ -860,7 +863,7 @@ get_cred_kdc_capath_worker(krb5_context context,
      }
      krb5_free_creds(context, tgt);
      return ret;
-}                           
+}
  
  /*
  get_cred(server)
@@ -883,7 +886,7 @@ get_cred_kdc_capath(krb5_context context,
                     krb5_ccache ccache,
                     krb5_creds *in_creds,
                     krb5_principal impersonate_principal,
-                   Ticket *second_ticket,                      
+                   Ticket *second_ticket,
                     krb5_creds **out_creds,
                     krb5_creds ***ret_tgts)
  {
@@ -918,7 +921,7 @@ get_cred_kdc_referral(krb5_context context,
                       krb5_ccache ccache,
                       krb5_creds *in_creds,
                       krb5_principal impersonate_principal,
-                     Ticket *second_ticket,                    
+                     Ticket *second_ticket,
                       krb5_creds **out_creds,
                       krb5_creds ***ret_tgts)
  {
@@ -946,7 +949,7 @@ get_cred_kdc_referral(krb5_context context,
      /* find tgt for the clients base realm */
      {
         krb5_principal tgtname;
-       
+
         ret = krb5_make_principal(context, &tgtname,
                                   client_realm,
                                   KRB5_TGS_NAME,
@@ -954,7 +957,7 @@ get_cred_kdc_referral(krb5_context context,
                                   NULL);
         if(ret)
             return ret;
-       
+
         ret = find_cred(context, ccache, tgtname, *ret_tgts, &tgt);
         krb5_free_principal(context, tgtname);
         if (ret)
@@ -1032,9 +1035,9 @@ get_cred_kdc_referral(krb5_context context,
                  goto out;
             }
             tickets++;
-       }       
+       }
  
-       /* 
+       /*
          * if either of the chain or the ok_as_delegate was stripped
          * by the kdc, make sure we strip it too.
          */
@@ -1080,7 +1083,7 @@ _krb5_get_cred_kdc_any(krb5_context context,
                        krb5_ccache ccache,
                        krb5_creds *in_creds,
                        krb5_principal impersonate_principal,
-                      Ticket *second_ticket,                   
+                      Ticket *second_ticket,
                        krb5_creds **out_creds,
                        krb5_creds ***ret_tgts)
  {
@@ -1165,7 +1168,7 @@ krb5_get_credentials_with_flags(krb5_context context,
              *out_creds = res_creds;
              return 0;
          }
-       
+
         krb5_timeofday(context, &timeret);
         if(res_creds->times.endtime > timeret) {
             *out_creds = res_creds;
@@ -1382,7 +1385,7 @@ krb5_get_creds(krb5_context context,
             krb5_free_principal(context, in_creds.client);
              goto out;
          }
-       
+
         krb5_timeofday(context, &timeret);
         if(res_creds->times.endtime > timeret) {
             *out_creds = res_creds;
@@ -1467,7 +1470,7 @@ krb5_get_renewed_creds(krb5_context context,
         }
      } else {
         const char *realm = krb5_principal_get_realm(context, client);
-       
+
         ret = krb5_make_principal(context, &in.server, realm, KRB5_TGS_NAME,
                                   realm, NULL);
         if (ret) {
diff --git a/source4/heimdal/lib/krb5/get_default_principal.c b/source4/heimdal/lib/krb5/get_default_principal.c

index ba4301ce297a0304bbbd5f96b5207eb3ef4b8fb1..44baa6d1c2cdfb51ca855a2f9392b692cae54489 100644 (file)
--- a/source4/heimdal/lib/krb5/get_default_principal.c
+++ b/source4/heimdal/lib/krb5/get_default_principal.c
@@ -76,7 +76,7 @@ _krb5_get_default_principal_local (krb5_context context,
         else
             ret = krb5_make_principal(context, princ, NULL, "root", NULL);
      } else {
-       struct passwd *pw = getpwuid(uid);      
+       struct passwd *pw = getpwuid(uid);
         if(pw != NULL)
             user = pw->pw_name;
         else {
diff --git a/source4/heimdal/lib/krb5/get_for_creds.c b/source4/heimdal/lib/krb5/get_for_creds.c

index a109c713268732b63d0e33ed87275d060d8c2387..979fc9b0ae99368f54e9a92e5d840ca092b64f0e 100644 (file)
--- a/source4/heimdal/lib/krb5/get_for_creds.c
+++ b/source4/heimdal/lib/krb5/get_for_creds.c
@@ -225,7 +225,7 @@ krb5_get_forwarded_creds (krb5_context          context,
         if (!noaddr)
             paddrs = &addrs;
      }
-       
+
      /*
       * If tickets have addresses, get the address of the remote host.
       */
@@ -241,7 +241,7 @@ krb5_get_forwarded_creds (krb5_context          context,
                                   hostname, gai_strerror(ret));
             return ret2;
         }
-       
+
         ret = add_addrs (context, &addrs, ai);
         freeaddrinfo (ai);
         if (ret)
@@ -287,9 +287,9 @@ krb5_get_forwarded_creds (krb5_context          context,
      if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) {
         krb5_timestamp sec;
         int32_t usec;
-       
+
         krb5_us_timeofday (context, &sec, &usec);
-       
+
         ALLOC(enc_krb_cred_part.timestamp, 1);
         if (enc_krb_cred_part.timestamp == NULL) {
             ret = ENOMEM;
@@ -418,7 +418,7 @@ krb5_get_forwarded_creds (krb5_context          context,
          * used. Heimdal 0.7.2 and newer have code to try both in the
          * receiving end.
          */
-       
+
         ret = krb5_crypto_init(context, auth_context->keyblock, 0, &crypto);
         if (ret) {
             free(buf);
diff --git a/source4/heimdal/lib/krb5/get_host_realm.c b/source4/heimdal/lib/krb5/get_host_realm.c

index 7aee02734bff7bf3fe9dbc4dd1206ea291145531..ed7f54b3d6984c35784984445d9e14986f49eca8 100644 (file)
--- a/source4/heimdal/lib/krb5/get_host_realm.c
+++ b/source4/heimdal/lib/krb5/get_host_realm.c
@@ -109,7 +109,7 @@ dns_find_realm(krb5_context context,
         domain++;
      for (i = 0; labels[i] != NULL; i++) {
         ret = snprintf(dom, sizeof(dom), "%s.%s.", labels[i], domain);
-       if(ret < 0 || ret >= sizeof(dom)) {
+       if(ret < 0 || (size_t)ret >= sizeof(dom)) {
             if (config_labels)
                 krb5_config_free_strings(config_labels);
             return -1;
diff --git a/source4/heimdal/lib/krb5/get_in_tkt.c b/source4/heimdal/lib/krb5/get_in_tkt.c

index 15cbfba89d03f7b3f14b4811bcb6c480b26ee58a..27f4964e61e77bb6f85708deb3d0c9aaf51503d4 100644 (file)
--- a/source4/heimdal/lib/krb5/get_in_tkt.c
+++ b/source4/heimdal/lib/krb5/get_in_tkt.c
@@ -31,8 +31,6 @@
   * SUCH DAMAGE.
   */
  
-#define KRB5_DEPRECATED
-
  #include "krb5_locl.h"
  
  #ifndef HEIMDAL_SMALLER
@@ -44,7 +42,7 @@ make_pa_enc_timestamp(krb5_context context, PA_DATA *pa,
      PA_ENC_TS_ENC p;
      unsigned char *buf;
      size_t buf_size;
-    size_t len;
+    size_t len = 0;
      EncryptedData encdata;
      krb5_error_code ret;
      int32_t usec;
@@ -76,7 +74,7 @@ make_pa_enc_timestamp(krb5_context context, PA_DATA *pa,
      krb5_crypto_destroy(context, crypto);
      if (ret)
         return ret;
-               
+
      ASN1_MALLOC_ENCODE(EncryptedData, buf, buf_size, &encdata, &len, ret);
      free_EncryptedData(&encdata);
      if (ret)
@@ -103,7 +101,7 @@ add_padata(krb5_context context,
      PA_DATA *pa2;
      krb5_salt salt2;
      krb5_enctype *ep;
-    int i;
+    size_t i;
  
      if(salt == NULL) {
         /* default to standard salt */
@@ -209,7 +207,8 @@ init_as_req (krb5_context context,
         *a->req_body.rtime = creds->times.renew_till;
      }
      a->req_body.nonce = nonce;
-    ret = krb5_init_etype (context,
+    ret = _krb5_init_etype(context,
+                          KRB5_PDU_AS_REQUEST,
                            &a->req_body.etype.len,
                            &a->req_body.etype.val,
                            etypes);
@@ -247,7 +246,7 @@ init_as_req (krb5_context context,
      a->req_body.additional_tickets = NULL;
  
      if(preauth != NULL) {
-       int i;
+       size_t i;
         ALLOC(a->padata, 1);
         if(a->padata == NULL) {
             ret = ENOMEM;
@@ -258,7 +257,7 @@ init_as_req (krb5_context context,
         a->padata->len = 0;
         for(i = 0; i < preauth->len; i++) {
             if(preauth->val[i].type == KRB5_PADATA_ENC_TIMESTAMP){
-               int j;
+               size_t j;
  
                 for(j = 0; j < preauth->val[i].info.len; j++) {
                     krb5_salt *sp = &salt;
@@ -300,7 +299,7 @@ init_as_req (krb5_context context,
         add_padata(context, a->padata, creds->client,
                    key_proc, keyseed, a->req_body.etype.val,
                    a->req_body.etype.len, NULL);
-       
+
         /* make a v4 salted pa-data */
         salt.salttype = KRB5_PW_SALT;
         krb5_data_zero(&salt.saltvalue);
@@ -331,7 +330,7 @@ set_ptypes(krb5_context context,
  
      if(error->e_data) {
         METHOD_DATA md;
-       int i;
+       size_t i;
         decode_METHOD_DATA(error->e_data->data,
                            error->e_data->length,
                            &md,
@@ -361,7 +360,6 @@ set_ptypes(krb5_context context,
      return(1);
  }
  
-KRB5_DEPRECATED
  KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
  krb5_get_in_cred(krb5_context context,
                  krb5_flags options,
@@ -375,12 +373,13 @@ krb5_get_in_cred(krb5_context context,
                  krb5_const_pointer decryptarg,
                  krb5_creds *creds,
                  krb5_kdc_rep *ret_as_reply)
+    KRB5_DEPRECATED_FUNCTION("Use X instead")
  {
      krb5_error_code ret;
      AS_REQ a;
      krb5_kdc_rep rep;
      krb5_data req, resp;
-    size_t len;
+    size_t len = 0;
      krb5_salt salt;
      krb5_keyblock *key;
      size_t size;
@@ -483,12 +482,12 @@ krb5_get_in_cred(krb5_context context,
      if(pa) {
         salt.salttype = pa->padata_type;
         salt.saltvalue = pa->padata_value;
-       
+
         ret = (*key_proc)(context, etype, salt, keyseed, &key);
      } else {
         /* make a v5 salted pa-data */
         ret = krb5_get_pw_salt (context, creds->client, &salt);
-       
+
         if (ret)
             goto out;
         ret = (*key_proc)(context, etype, salt, keyseed, &key);
@@ -496,7 +495,7 @@ krb5_get_in_cred(krb5_context context,
      }
      if (ret)
         goto out;
-       
+
      {
         unsigned flags = EXTRACT_TICKET_TIMESYNC;
         if (opts.request_anonymous)
@@ -526,7 +525,6 @@ out:
      return ret;
  }
  
-KRB5_DEPRECATED
  KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
  krb5_get_in_tkt(krb5_context context,
                 krb5_flags options,
@@ -540,6 +538,7 @@ krb5_get_in_tkt(krb5_context context,
                 krb5_creds *creds,
                 krb5_ccache ccache,
                 krb5_kdc_rep *ret_as_reply)
+    KRB5_DEPRECATED_FUNCTION("Use X instead")
  {
      krb5_error_code ret;
  
diff --git a/source4/heimdal/lib/krb5/heim_err.et b/source4/heimdal/lib/krb5/heim_err.et

index 2e8a0d18d85f37ada44eb3653eef6f8f0b2f5789..c47f77092f13006dedad7fc99210d898e661dcca 100644 (file)
--- a/source4/heimdal/lib/krb5/heim_err.et
+++ b/source4/heimdal/lib/krb5/heim_err.et
@@ -19,6 +19,7 @@ error_code BAD_MKEY,          "Failed to get the master key"
  error_code SERVICE_NOMATCH,    "Unacceptable service used"
  error_code NOT_SEEKABLE,       "File descriptor not seekable"
  error_code TOO_BIG,            "Offset too large"
+error_code BAD_HDBENT_ENCODING,        "Invalid HDB entry encoding"
  
  index 64
  prefix HEIM_PKINIT
diff --git a/source4/heimdal/lib/krb5/init_creds.c b/source4/heimdal/lib/krb5/init_creds.c

index f555c724ed0ea17957b4d703dc57aa5e37dc11d4..25bef0f34045d96c9878d0d2385e462d1b221a09 100644 (file)
--- a/source4/heimdal/lib/krb5/init_creds.c
+++ b/source4/heimdal/lib/krb5/init_creds.c
@@ -61,14 +61,14 @@ krb5_get_init_creds_opt_alloc(krb5_context context,
      *opt = NULL;
      o = calloc(1, sizeof(*o));
      if (o == NULL) {
-       krb5_set_error_message(context, ENOMEM, 
+       krb5_set_error_message(context, ENOMEM,
                                N_("malloc: out of memory", ""));
         return ENOMEM;
      }
  
      o->opt_private = calloc(1, sizeof(*o->opt_private));
      if (o->opt_private == NULL) {
-       krb5_set_error_message(context, ENOMEM, 
+       krb5_set_error_message(context, ENOMEM,
                                N_("malloc: out of memory", ""));
         free(o);
         return ENOMEM;
@@ -402,9 +402,9 @@ krb5_get_init_creds_opt_set_process_last_req(krb5_context context,
   * @ingroup krb5_deprecated
   */
  
-KRB5_DEPRECATED
  KRB5_LIB_FUNCTION void KRB5_LIB_CALL
  krb5_get_init_creds_opt_init(krb5_get_init_creds_opt *opt)
+    KRB5_DEPRECATED_FUNCTION("Use X instead")
  {
      memset (opt, 0, sizeof(*opt));
  }
@@ -416,11 +416,11 @@ krb5_get_init_creds_opt_init(krb5_get_init_creds_opt *opt)
   * @ingroup krb5_deprecated
   */
  
-KRB5_DEPRECATED
  KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
  krb5_get_init_creds_opt_get_error(krb5_context context,
                                   krb5_get_init_creds_opt *opt,
                                   KRB_ERROR **error)
+    KRB5_DEPRECATED_FUNCTION("Use X instead")
  {
      *error = calloc(1, sizeof(**error));
      if (*error == NULL) {
diff --git a/source4/heimdal/lib/krb5/init_creds_pw.c b/source4/heimdal/lib/krb5/init_creds_pw.c

index 29b882d053117c878022ab4af49669a5915c3778..f2185628e5c4bfea7f2d2aa2a57cee901d75e7b5 100644 (file)
--- a/source4/heimdal/lib/krb5/init_creds_pw.c
+++ b/source4/heimdal/lib/krb5/init_creds_pw.c
@@ -71,7 +71,7 @@ typedef struct krb5_get_init_creds_ctx {
      KRB_ERROR error;
      AS_REP as_rep;
      EncKDCRepPart enc_part;
-    
+
      krb5_prompter_fct prompter;
      void *prompter_data;
  
@@ -313,14 +313,14 @@ process_last_request(krb5_context context,
         if (lr->val[i].lr_value <= t) {
             switch (abs(lr->val[i].lr_type)) {
             case LR_PW_EXPTIME :
-               report_expiration(context, ctx->prompter, 
+               report_expiration(context, ctx->prompter,
                                   ctx->prompter_data,
                                   "Your password will expire at ",
                                   lr->val[i].lr_value);
                 reported = TRUE;
                 break;
             case LR_ACCT_EXPTIME :
-               report_expiration(context, ctx->prompter, 
+               report_expiration(context, ctx->prompter,
                                   ctx->prompter_data,
                                   "Your account will expire at ",
                                   lr->val[i].lr_value);
@@ -333,7 +333,7 @@ process_last_request(krb5_context context,
      if (!reported
         && ctx->enc_part.key_expiration
         && *ctx->enc_part.key_expiration <= t) {
-        report_expiration(context, ctx->prompter, 
+        report_expiration(context, ctx->prompter,
                           ctx->prompter_data,
                           "Your password/account will expire at ",
                           *ctx->enc_part.key_expiration);
@@ -367,7 +367,7 @@ get_init_creds_common(krb5_context context,
  
      if (options->opt_private) {
         if (options->opt_private->password) {
-           ret = krb5_init_creds_set_password(context, ctx, 
+           ret = krb5_init_creds_set_password(context, ctx,
                                                options->opt_private->password);
             if (ret)
                 goto out;
@@ -384,7 +384,7 @@ get_init_creds_common(krb5_context context,
         ctx->keyproc = default_s2k_func;
  
      /* Enterprise name implicitly turns on canonicalize */
-    if ((ctx->ic_flags & KRB5_INIT_CREDS_CANONICALIZE) || 
+    if ((ctx->ic_flags & KRB5_INIT_CREDS_CANONICALIZE) ||
         krb5_principal_get_type(context, client) == KRB5_NT_ENTERPRISE_PRINCIPAL)
         ctx->flags.canonicalize = 1;
  
@@ -671,7 +671,8 @@ init_as_req (krb5_context context,
         *a->req_body.rtime = creds->times.renew_till;
      }
      a->req_body.nonce = 0;
-    ret = krb5_init_etype (context,
+    ret = _krb5_init_etype(context,
+                          KRB5_PDU_AS_REQUEST,
                            &a->req_body.etype.len,
                            &a->req_body.etype.val,
                            etypes);
@@ -759,7 +760,7 @@ pa_etype_info2(krb5_context context,
      krb5_error_code ret;
      ETYPE_INFO2 e;
      size_t sz;
-    int i, j;
+    size_t i, j;
  
      memset(&e, 0, sizeof(e));
      ret = decode_ETYPE_INFO2(data->data, data->length, &e, &sz);
@@ -808,7 +809,7 @@ pa_etype_info(krb5_context context,
      krb5_error_code ret;
      ETYPE_INFO e;
      size_t sz;
-    int i, j;
+    size_t i, j;
  
      memset(&e, 0, sizeof(e));
      ret = decode_ETYPE_INFO(data->data, data->length, &e, &sz);
@@ -889,9 +890,9 @@ static struct pa_info pa_prefs[] = {
  };
  
  static PA_DATA *
-find_pa_data(const METHOD_DATA *md, int type)
+find_pa_data(const METHOD_DATA *md, unsigned type)
  {
-    int i;
+    size_t i;
      if (md == NULL)
         return NULL;
      for (i = 0; i < md->len; i++)
@@ -908,7 +909,7 @@ process_pa_info(krb5_context context,
                 METHOD_DATA *md)
  {
      struct pa_info_data *p = NULL;
-    int i;
+    size_t i;
  
      for (i = 0; p == NULL && i < sizeof(pa_prefs)/sizeof(pa_prefs[0]); i++) {
         PA_DATA *pa = find_pa_data(md, pa_prefs[i].type);
@@ -928,7 +929,7 @@ make_pa_enc_timestamp(krb5_context context, METHOD_DATA *md,
      PA_ENC_TS_ENC p;
      unsigned char *buf;
      size_t buf_size;
-    size_t len;
+    size_t len = 0;
      EncryptedData encdata;
      krb5_error_code ret;
      int32_t usec;
@@ -989,7 +990,7 @@ add_enc_ts_padata(krb5_context context,
      krb5_error_code ret;
      krb5_salt salt2;
      krb5_enctype *ep;
-    int i;
+    size_t i;
  
      if(salt == NULL) {
         /* default to standard salt */
@@ -1109,7 +1110,7 @@ pa_data_add_pac_request(krb5_context context,
                         krb5_get_init_creds_ctx *ctx,
                         METHOD_DATA *md)
  {
-    size_t len, length;
+    size_t len = 0, length;
      krb5_error_code ret;
      PA_PAC_REQUEST req;
      void *buf;
@@ -1179,14 +1180,14 @@ process_pa_data_to_md(krb5_context context,
         _krb5_debug(context, 5, "krb5_get_init_creds: "
                     "prepareing PKINIT padata (%s)",
                     (ctx->used_pa_types & USED_PKINIT_W2K) ? "win2k" : "ietf");
-       
+
         if (ctx->used_pa_types & USED_PKINIT_W2K) {
             krb5_set_error_message(context, KRB5_GET_IN_TKT_LOOP,
                                    "Already tried pkinit, looping");
             return KRB5_GET_IN_TKT_LOOP;
         }
  
-       ret = pa_data_to_md_pkinit(context, a, creds->client, 
+       ret = pa_data_to_md_pkinit(context, a, creds->client,
                                    (ctx->used_pa_types & USED_PKINIT),
                                    ctx, *out_md);
         if (ret)
@@ -1526,14 +1527,14 @@ krb5_init_creds_set_keytab(krb5_context context,
      krb5_error_code ret;
      size_t netypes = 0;
      int kvno = 0;
-    
+
      a = malloc(sizeof(*a));
      if (a == NULL) {
         krb5_set_error_message(context, ENOMEM,
                                N_("malloc: out of memory", ""));
         return ENOMEM;
      }
-       
+
      a->principal = ctx->cred.client;
      a->keytab    = keytab;
  
@@ -1568,7 +1569,7 @@ krb5_init_creds_set_keytab(krb5_context context,
             kvno = entry.vno;
         } else if (entry.vno != kvno)
             goto next;
-               
+
         /* check if enctype is supported */
         if (krb5_enctype_valid(context, entry.keyblock.keytype) != 0)
             goto next;
@@ -1619,7 +1620,7 @@ krb5_init_creds_set_keyblock(krb5_context context,
  
  /**
   * The core loop if krb5_get_init_creds() function family. Create the
- * packets and have the caller send them off to the KDC. 
+ * packets and have the caller send them off to the KDC.
   *
   * If the caller want all work been done for them, use
   * krb5_init_creds_get() instead.
@@ -1647,7 +1648,7 @@ krb5_init_creds_step(krb5_context context,
                      unsigned int *flags)
  {
      krb5_error_code ret;
-    size_t len;
+    size_t len = 0;
      size_t size;
  
      krb5_data_zero(out);
@@ -1768,13 +1769,13 @@ krb5_init_creds_step(krb5_context context,
                                               "options send by KDC", ""));
                 }
             } else if (ret == KRB5KRB_AP_ERR_SKEW && context->kdc_sec_offset == 0) {
-               /* 
+               /*
                  * Try adapt to timeskrew when we are using pre-auth, and
                  * if there was a time skew, try again.
                  */
                 krb5_set_real_time(context, ctx->error.stime, -1);
                 if (context->kdc_sec_offset)
-                   ret = 0; 
+                   ret = 0;
  
                 _krb5_debug(context, 10, "init_creds: err skew updateing kdc offset to %d",
                             context->kdc_sec_offset);
@@ -1793,7 +1794,7 @@ krb5_init_creds_step(krb5_context context,
                             "krb5_get_init_creds: got referal to realm %s",
                             *ctx->error.crealm);
  
-               ret = krb5_principal_set_realm(context, 
+               ret = krb5_principal_set_realm(context,
                                                ctx->cred.client,
                                                *ctx->error.crealm);
  
@@ -1934,7 +1935,7 @@ krb5_init_creds_get(krb5_context context, krb5_init_creds_context ctx)
         if ((flags & 1) == 0)
             break;
  
-       ret = krb5_sendto_context (context, stctx, &out, 
+       ret = krb5_sendto_context (context, stctx, &out,
                                    ctx->cred.client->realm, &in);
         if (ret)
             goto out;
@@ -2013,7 +2014,7 @@ krb5_get_init_creds_password(krb5_context context,
      }
  
      ret = krb5_init_creds_get(context, ctx);
-    
+
      if (ret == 0)
         process_last_request(context, options, ctx);
  
diff --git a/source4/heimdal/lib/krb5/kcm.c b/source4/heimdal/lib/krb5/kcm.c

index 1fe15d806413c4bd4095262acbe742e9365ec5ac..5a28b5138b5ff1174644645dd7d8674289280daf 100644 (file)
--- a/source4/heimdal/lib/krb5/kcm.c
+++ b/source4/heimdal/lib/krb5/kcm.c
@@ -157,7 +157,7 @@ kcm_alloc(krb5_context context, const char *name, krb5_ccache *id)
         }
      } else
         k->name = NULL;
-    
+
      (*id)->data.data = k;
      (*id)->data.length = sizeof(*k);
  
@@ -554,7 +554,7 @@ kcm_get_first (krb5_context context,
      c = calloc(1, sizeof(*c));
      if (c == NULL) {
         ret = ENOMEM;
-       krb5_set_error_message(context, ret, 
+       krb5_set_error_message(context, ret,
                                N_("malloc: out of memory", ""));
         return ret;
      }
@@ -577,7 +577,7 @@ kcm_get_first (krb5_context context,
         if (ptr == NULL) {
             free(c->uuids);
             free(c);
-           krb5_set_error_message(context, ENOMEM, 
+           krb5_set_error_message(context, ENOMEM,
                                    N_("malloc: out of memory", ""));
             return ENOMEM;
         }
@@ -637,7 +637,7 @@ kcm_get_next (krb5_context context,
         return ret;
      }
  
-    sret = krb5_storage_write(request, 
+    sret = krb5_storage_write(request,
                               &c->uuids[c->offset],
                               sizeof(c->uuids[c->offset]));
      c->offset++;
@@ -789,7 +789,7 @@ kcm_get_cache_first(krb5_context context, krb5_cc_cursor *cursor)
      c = calloc(1, sizeof(*c));
      if (c == NULL) {
         ret = ENOMEM;
-       krb5_set_error_message(context, ret, 
+       krb5_set_error_message(context, ret,
                                N_("malloc: out of memory", ""));
         goto out;
      }
@@ -820,7 +820,7 @@ kcm_get_cache_first(krb5_context context, krb5_cc_cursor *cursor)
         ptr = realloc(c->uuids, sizeof(c->uuids[0]) * (c->length + 1));
         if (ptr == NULL) {
             ret = ENOMEM;
-           krb5_set_error_message(context, ret, 
+           krb5_set_error_message(context, ret,
                                    N_("malloc: out of memory", ""));
             goto out;
         }
@@ -837,7 +837,7 @@ kcm_get_cache_first(krb5_context context, krb5_cc_cursor *cursor)
      if (ret && c) {
          free(c->uuids);
          free(c);
-    } else 
+    } else
         *cursor = c;
  
      return ret;
@@ -869,7 +869,7 @@ kcm_get_cache_next(krb5_context context, krb5_cc_cursor cursor, const krb5_cc_op
      if (ret)
         return ret;
  
-    sret = krb5_storage_write(request, 
+    sret = krb5_storage_write(request,
                               &c->uuids[c->offset],
                               sizeof(c->uuids[c->offset]));
      c->offset++;
@@ -956,14 +956,14 @@ kcm_move(krb5_context context, krb5_ccache from, krb5_ccache to)
  }
  
  static krb5_error_code
-kcm_get_default_name(krb5_context context, const krb5_cc_ops *ops, 
+kcm_get_default_name(krb5_context context, const krb5_cc_ops *ops,
                      const char *defstr, char **str)
  {
      krb5_error_code ret;
      krb5_storage *request, *response;
      krb5_data response_data;
      char *name;
-    
+
      *str = NULL;
  
      ret = krb5_kcm_storage_request(context, KCM_OP_GET_DEFAULT_CACHE, &request);
@@ -1039,7 +1039,7 @@ kcm_set_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat kdc_offset)
      krb5_kcmcache *k = KCMCACHE(id);
      krb5_error_code ret;
      krb5_storage *request;
-    
+
      ret = krb5_kcm_storage_request(context, KCM_OP_SET_KDC_OFFSET, &request);
      if (ret)
         return ret;
@@ -1069,7 +1069,7 @@ kcm_get_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat *kdc_offset
      krb5_storage *request, *response;
      krb5_data response_data;
      int32_t offset;
-    
+
      ret = krb5_kcm_storage_request(context, KCM_OP_GET_KDC_OFFSET, &request);
      if (ret)
         return ret;
@@ -1155,11 +1155,13 @@ KRB5_LIB_VARIABLE const krb5_cc_ops krb5_akcm_ops = {
      kcm_move,
      kcm_get_default_name_api,
      kcm_set_default,
-    kcm_lastchange
+    kcm_lastchange,
+    NULL,
+    NULL
  };
  
  
-krb5_boolean
+KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
  _krb5_kcm_is_running(krb5_context context)
  {
      krb5_error_code ret;
@@ -1184,7 +1186,7 @@ _krb5_kcm_is_running(krb5_context context)
   * Response:
   *
   */
-krb5_error_code
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
  _krb5_kcm_noop(krb5_context context,
                krb5_ccache id)
  {
@@ -1212,7 +1214,7 @@ _krb5_kcm_noop(krb5_context context,
   * Repsonse:
   *
   */
-krb5_error_code
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
  _krb5_kcm_get_initial_ticket(krb5_context context,
                              krb5_ccache id,
                              krb5_principal server,
@@ -1269,7 +1271,7 @@ _krb5_kcm_get_initial_ticket(krb5_context context,
   * Repsonse:
   *
   */
-krb5_error_code
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
  _krb5_kcm_get_ticket(krb5_context context,
                      krb5_ccache id,
                      krb5_kdc_flags flags,
diff --git a/source4/heimdal/lib/krb5/keyblock.c b/source4/heimdal/lib/krb5/keyblock.c

index f34a5c4f90cd2a48e8c7ac6429668d19869d6f28..9ba9c4b290daa54e230428ce98c4f464c399b594 100644 (file)
--- a/source4/heimdal/lib/krb5/keyblock.c
+++ b/source4/heimdal/lib/krb5/keyblock.c
@@ -131,7 +131,7 @@ krb5_copy_keyblock (krb5_context context,
  {
      krb5_error_code ret;
      krb5_keyblock *k;
-    
+
      *to = NULL;
  
      k = calloc (1, sizeof(*k));
diff --git a/source4/heimdal/lib/krb5/keytab.c b/source4/heimdal/lib/krb5/keytab.c

index 96c0bce2738fd1e41a2e1f1c9ea6400ec2c44431..8ca515f2133d18400b3691c64767b5c451c694ae 100644 (file)
--- a/source4/heimdal/lib/krb5/keytab.c
+++ b/source4/heimdal/lib/krb5/keytab.c
@@ -50,7 +50,7 @@
   *
   * A keytab name is on the form type:residual. The residual part is
   * specific to each keytab-type.
- * 
+ *
   * When a keytab-name is resolved, the type is matched with an internal
   * list of keytab types. If there is no matching keytab type,
   * the default keytab is used. The current default type is FILE.
@@ -60,7 +60,7 @@
   * [defaults]default_keytab_name.
   *
   * The keytab types that are implemented in Heimdal are:
- * - file 
+ * - file
   *   store the keytab in a file, the type's name is FILE .  The
   *   residual part is a filename. For compatibility with other
   *   Kerberos implemtation WRFILE and JAVA14 is also accepted.  WRFILE
@@ -166,29 +166,27 @@ krb5_kt_register(krb5_context context,
  }
  
  static const char *
-keytab_name(const char * name, const char ** ptype, size_t * ptype_len)
+keytab_name(const char *name, const char **type, size_t *type_len)
  {
-    const char * residual;
+    const char *residual;
  
      residual = strchr(name, ':');
  
-    if (residual == NULL
-
+    if (residual == NULL ||
+       name[0] == '/'
  #ifdef _WIN32
-
          /* Avoid treating <drive>:<path> as a keytab type
           * specification */
-
          || name + 1 == residual
  #endif
          ) {
  
-        *ptype = "FILE";
-        *ptype_len = strlen(*ptype);
+        *type = "FILE";
+        *type_len = strlen(*type);
          residual = name;
      } else {
-        *ptype = name;
-        *ptype_len = residual - name;
+        *type = name;
+        *type_len = residual - name;
          residual++;
      }
  
@@ -439,7 +437,7 @@ krb5_kt_get_full_name(krb5_context context,
      char type[KRB5_KT_PREFIX_MAX_LEN];
      char name[MAXPATHLEN];
      krb5_error_code ret;
-       
+
      *str = NULL;
  
      ret = krb5_kt_get_type(context, keytab, type, sizeof(type));
@@ -568,16 +566,16 @@ _krb5_kt_principal_not_found(krb5_context context,
  {
      char princ[256], kvno_str[25], *kt_name;
      char *enctype_str = NULL;
-    
+
      krb5_unparse_name_fixed (context, principal, princ, sizeof(princ));
      krb5_kt_get_full_name (context, id, &kt_name);
      krb5_enctype_to_string(context, enctype, &enctype_str);
-    
+
      if (kvno)
         snprintf(kvno_str, sizeof(kvno_str), "(kvno %d)", kvno);
      else
         kvno_str[0] = '\0';
-    
+
      krb5_set_error_message (context, ret,
                             N_("Failed to find %s%s in keytab %s (%s)",
                                "principal, kvno, keytab file, enctype"),
@@ -850,3 +848,46 @@ krb5_kt_remove_entry(krb5_context context,
      }
      return (*id->remove)(context, id, entry);
  }
+
+/**
+ * Return true if the keytab exists and have entries
+ *
+ * @param context a Keberos context.
+ * @param id a keytab.
+ *
+ * @return Return an error code or 0, see krb5_get_error_message().
+ *
+ * @ingroup krb5_keytab
+ */
+
+KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
+krb5_kt_have_content(krb5_context context,
+                    krb5_keytab id)
+{
+    krb5_keytab_entry entry;
+    krb5_kt_cursor cursor;
+    krb5_error_code ret;
+    char *name;
+
+    ret = krb5_kt_start_seq_get(context, id, &cursor);
+    if (ret)
+       goto notfound;
+
+    ret = krb5_kt_next_entry(context, id, &entry, &cursor);
+    krb5_kt_end_seq_get(context, id, &cursor);
+    if (ret)
+       goto notfound;
+
+    krb5_kt_free_entry(context, &entry);
+
+    return 0;
+
+ notfound:
+    ret = krb5_kt_get_full_name(context, id, &name);
+    if (ret == 0) {
+       krb5_set_error_message(context, KRB5_KT_NOTFOUND,
+                              N_("No entry in keytab: %s", ""), name);
+       free(name);
+    }
+    return KRB5_KT_NOTFOUND;
+}
diff --git a/source4/heimdal/lib/krb5/keytab_file.c b/source4/heimdal/lib/krb5/keytab_file.c

index 2b9ea7f11de8b03f4147272bf3f850a7026c12a3..ccaf62fcb4c2ab62733c701d48db8ff5c69964a5 100644 (file)
--- a/source4/heimdal/lib/krb5/keytab_file.c
+++ b/source4/heimdal/lib/krb5/keytab_file.c
@@ -101,7 +101,7 @@ krb5_kt_store_data(krb5_context context,
      if(ret < 0)
         return ret;
      ret = krb5_storage_write(sp, data.data, data.length);
-    if(ret != data.length){
+    if(ret != (int)data.length){
         if(ret < 0)
             return errno;
         return KRB5_KT_END;
@@ -119,7 +119,7 @@ krb5_kt_store_string(krb5_storage *sp,
      if(ret < 0)
         return ret;
      ret = krb5_storage_write(sp, data, len);
-    if(ret != len){
+    if(ret != (int)len){
         if(ret < 0)
             return errno;
         return KRB5_KT_END;
@@ -182,7 +182,7 @@ krb5_kt_ret_principal(krb5_context context,
                       krb5_storage *sp,
                       krb5_principal *princ)
  {
-    int i;
+    size_t i;
      int ret;
      krb5_principal p;
      int16_t len;
@@ -262,7 +262,7 @@ krb5_kt_store_principal(krb5_context context,
                         krb5_storage *sp,
                         krb5_principal p)
  {
-    int i;
+    size_t i;
      int ret;
  
      if(krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS))
@@ -536,7 +536,7 @@ fkt_setup_keytab(krb5_context context,
         id->version = KRB5_KT_VNO;
      return krb5_store_int8 (sp, id->version);
  }
-               
+
  static krb5_error_code KRB5_CALLCONV
  fkt_add_entry(krb5_context context,
               krb5_keytab id,
@@ -699,7 +699,7 @@ fkt_add_entry(krb5_context context,
         }
         if(len < 0) {
             len = -len;
-           if(len >= keytab.length) {
+           if(len >= (int)keytab.length) {
                 krb5_storage_seek(sp, -4, SEEK_CUR);
                 break;
             }
@@ -749,8 +749,9 @@ fkt_remove_entry(krb5_context context,
             krb5_store_int32(cursor.sp, -len);
             memset(buf, 0, sizeof(buf));
             while(len > 0) {
-               krb5_storage_write(cursor.sp, buf, min(len, sizeof(buf)));
-               len -= min(len, sizeof(buf));
+               krb5_storage_write(cursor.sp, buf,
+                   min((size_t)len, sizeof(buf)));
+               len -= min((size_t)len, sizeof(buf));
             }
         }
         krb5_kt_free_entry(context, &e);
diff --git a/source4/heimdal/lib/krb5/keytab_keyfile.c b/source4/heimdal/lib/krb5/keytab_keyfile.c

index 28bbaeee8c364418c53bd5abdcf6378a4eff49b6..ea74c32780f80fd982859d78b2875d0bf1dd1975 100644 (file)
--- a/source4/heimdal/lib/krb5/keytab_keyfile.c
+++ b/source4/heimdal/lib/krb5/keytab_keyfile.c
@@ -348,7 +348,7 @@ akf_add_entry(krb5_context context,
                                    strerror(ret));
             return ret;
         }
-       
+
         ret = krb5_ret_int32(sp, &len);
         if(ret) {
             krb5_storage_free(sp);
@@ -387,7 +387,7 @@ akf_add_entry(krb5_context context,
      }
  
      len++;
-       
+
      if(krb5_storage_seek(sp, 0, SEEK_SET) < 0) {
         ret = errno;
         krb5_set_error_message (context, ret,
@@ -395,7 +395,7 @@ akf_add_entry(krb5_context context,
                                 strerror(ret));
         goto out;
      }
-       
+
      ret = krb5_store_int32(sp, len);
      if(ret) {
         ret = errno;
@@ -410,7 +410,7 @@ akf_add_entry(krb5_context context,
                                 N_("seek to end: %s", ""), strerror(ret));
         goto out;
      }
-       
+
      ret = krb5_store_int32(sp, entry->vno);
      if(ret) {
         krb5_set_error_message(context, ret,
diff --git a/source4/heimdal/lib/krb5/krb5.h b/source4/heimdal/lib/krb5/krb5.h

index 8d671e3d36c43acb69c577cdc6496b4ca875c3b2..2224b92e95b57def6947c8b9f605dec29bdf342f 100644 (file)
--- a/source4/heimdal/lib/krb5/krb5.h
+++ b/source4/heimdal/lib/krb5/krb5.h
@@ -53,16 +53,6 @@
  #define KRB5KDC_ERR_KEY_EXP KRB5KDC_ERR_KEY_EXPIRED
  #endif
  
-#ifndef KRB5_DEPRECATED
-#if defined(__GNUC__) && ((__GNUC__ > 3) || ((__GNUC__ == 3) && (__GNUC_MINOR__ >= 1 )))
-#define KRB5_DEPRECATED __attribute__((deprecated))
-#elif defined(_MSC_VER) && (_MSC_VER>1200) 
-#define KRB5_DEPRECATED __declspec(deprecated)
-#else
-#define KRB5_DEPRECATED
-#endif
-#endif
-
  #ifdef _WIN32
  #define KRB5_CALLCONV __stdcall
  #else
@@ -128,28 +118,69 @@ typedef struct krb5_enc_data {
  
  /* alternative names */
  enum {
-    ENCTYPE_NULL               = ETYPE_NULL,
-    ENCTYPE_DES_CBC_CRC                = ETYPE_DES_CBC_CRC,
-    ENCTYPE_DES_CBC_MD4                = ETYPE_DES_CBC_MD4,
-    ENCTYPE_DES_CBC_MD5                = ETYPE_DES_CBC_MD5,
-    ENCTYPE_DES3_CBC_MD5       = ETYPE_DES3_CBC_MD5,
-    ENCTYPE_OLD_DES3_CBC_SHA1  = ETYPE_OLD_DES3_CBC_SHA1,
-    ENCTYPE_SIGN_DSA_GENERATE  = ETYPE_SIGN_DSA_GENERATE,
-    ENCTYPE_ENCRYPT_RSA_PRIV   = ETYPE_ENCRYPT_RSA_PRIV,
-    ENCTYPE_ENCRYPT_RSA_PUB    = ETYPE_ENCRYPT_RSA_PUB,
-    ENCTYPE_DES3_CBC_SHA1      = ETYPE_DES3_CBC_SHA1,
-    ENCTYPE_AES128_CTS_HMAC_SHA1_96 = ETYPE_AES128_CTS_HMAC_SHA1_96,
-    ENCTYPE_AES256_CTS_HMAC_SHA1_96 = ETYPE_AES256_CTS_HMAC_SHA1_96,
-    ENCTYPE_ARCFOUR_HMAC       = ETYPE_ARCFOUR_HMAC_MD5,
-    ENCTYPE_ARCFOUR_HMAC_MD5   = ETYPE_ARCFOUR_HMAC_MD5,
-    ENCTYPE_ARCFOUR_HMAC_MD5_56        = ETYPE_ARCFOUR_HMAC_MD5_56,
-    ENCTYPE_ENCTYPE_PK_CROSS   = ETYPE_ENCTYPE_PK_CROSS,
-    ENCTYPE_DES_CBC_NONE       = ETYPE_DES_CBC_NONE,
-    ENCTYPE_DES3_CBC_NONE      = ETYPE_DES3_CBC_NONE,
-    ENCTYPE_DES_CFB64_NONE     = ETYPE_DES_CFB64_NONE,
-    ENCTYPE_DES_PCBC_NONE      = ETYPE_DES_PCBC_NONE
+    ENCTYPE_NULL               = KRB5_ENCTYPE_NULL,
+    ENCTYPE_DES_CBC_CRC                = KRB5_ENCTYPE_DES_CBC_CRC,
+    ENCTYPE_DES_CBC_MD4                = KRB5_ENCTYPE_DES_CBC_MD4,
+    ENCTYPE_DES_CBC_MD5                = KRB5_ENCTYPE_DES_CBC_MD5,
+    ENCTYPE_DES3_CBC_MD5       = KRB5_ENCTYPE_DES3_CBC_MD5,
+    ENCTYPE_OLD_DES3_CBC_SHA1  = KRB5_ENCTYPE_OLD_DES3_CBC_SHA1,
+    ENCTYPE_SIGN_DSA_GENERATE  = KRB5_ENCTYPE_SIGN_DSA_GENERATE,
+    ENCTYPE_ENCRYPT_RSA_PRIV   = KRB5_ENCTYPE_ENCRYPT_RSA_PRIV,
+    ENCTYPE_ENCRYPT_RSA_PUB    = KRB5_ENCTYPE_ENCRYPT_RSA_PUB,
+    ENCTYPE_DES3_CBC_SHA1      = KRB5_ENCTYPE_DES3_CBC_SHA1,
+    ENCTYPE_AES128_CTS_HMAC_SHA1_96 = KRB5_ENCTYPE_AES128_CTS_HMAC_SHA1_96,
+    ENCTYPE_AES256_CTS_HMAC_SHA1_96 = KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+    ENCTYPE_ARCFOUR_HMAC       = KRB5_ENCTYPE_ARCFOUR_HMAC_MD5,
+    ENCTYPE_ARCFOUR_HMAC_MD5   = KRB5_ENCTYPE_ARCFOUR_HMAC_MD5,
+    ENCTYPE_ARCFOUR_HMAC_MD5_56        = KRB5_ENCTYPE_ARCFOUR_HMAC_MD5_56,
+    ENCTYPE_ENCTYPE_PK_CROSS   = KRB5_ENCTYPE_ENCTYPE_PK_CROSS,
+    ENCTYPE_DES_CBC_NONE       = KRB5_ENCTYPE_DES_CBC_NONE,
+    ENCTYPE_DES3_CBC_NONE      = KRB5_ENCTYPE_DES3_CBC_NONE,
+    ENCTYPE_DES_CFB64_NONE     = KRB5_ENCTYPE_DES_CFB64_NONE,
+    ENCTYPE_DES_PCBC_NONE      = KRB5_ENCTYPE_DES_PCBC_NONE,
+    ETYPE_NULL                 = KRB5_ENCTYPE_NULL,
+    ETYPE_DES_CBC_CRC          = KRB5_ENCTYPE_DES_CBC_CRC,
+    ETYPE_DES_CBC_MD4          = KRB5_ENCTYPE_DES_CBC_MD4,
+    ETYPE_DES_CBC_MD5          = KRB5_ENCTYPE_DES_CBC_MD5,
+    ETYPE_DES3_CBC_MD5         = KRB5_ENCTYPE_DES3_CBC_MD5,
+    ETYPE_OLD_DES3_CBC_SHA1    = KRB5_ENCTYPE_OLD_DES3_CBC_SHA1,
+    ETYPE_SIGN_DSA_GENERATE    = KRB5_ENCTYPE_SIGN_DSA_GENERATE,
+    ETYPE_ENCRYPT_RSA_PRIV     = KRB5_ENCTYPE_ENCRYPT_RSA_PRIV,
+    ETYPE_ENCRYPT_RSA_PUB      = KRB5_ENCTYPE_ENCRYPT_RSA_PUB,
+    ETYPE_DES3_CBC_SHA1                = KRB5_ENCTYPE_DES3_CBC_SHA1,
+    ETYPE_AES128_CTS_HMAC_SHA1_96      = KRB5_ENCTYPE_AES128_CTS_HMAC_SHA1_96,
+    ETYPE_AES256_CTS_HMAC_SHA1_96      = KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+    ETYPE_ARCFOUR_HMAC_MD5     = KRB5_ENCTYPE_ARCFOUR_HMAC_MD5,
+    ETYPE_ARCFOUR_HMAC_MD5_56  = KRB5_ENCTYPE_ARCFOUR_HMAC_MD5_56,
+    ETYPE_ENCTYPE_PK_CROSS     = KRB5_ENCTYPE_ENCTYPE_PK_CROSS,
+    ETYPE_ARCFOUR_MD4          = KRB5_ENCTYPE_ARCFOUR_MD4,
+    ETYPE_ARCFOUR_HMAC_OLD     = KRB5_ENCTYPE_ARCFOUR_HMAC_OLD,
+    ETYPE_ARCFOUR_HMAC_OLD_EXP = KRB5_ENCTYPE_ARCFOUR_HMAC_OLD_EXP,
+    ETYPE_DES_CBC_NONE         = KRB5_ENCTYPE_DES_CBC_NONE,
+    ETYPE_DES3_CBC_NONE                = KRB5_ENCTYPE_DES3_CBC_NONE,
+    ETYPE_DES_CFB64_NONE       = KRB5_ENCTYPE_DES_CFB64_NONE,
+    ETYPE_DES_PCBC_NONE                = KRB5_ENCTYPE_DES_PCBC_NONE,
+    ETYPE_DIGEST_MD5_NONE      = KRB5_ENCTYPE_DIGEST_MD5_NONE,
+    ETYPE_CRAM_MD5_NONE                = KRB5_ENCTYPE_CRAM_MD5_NONE
+
  };
  
+/* PDU types */
+typedef enum krb5_pdu {
+    KRB5_PDU_ERROR = 0,
+    KRB5_PDU_TICKET = 1,
+    KRB5_PDU_AS_REQUEST = 2,
+    KRB5_PDU_AS_REPLY = 3,
+    KRB5_PDU_TGS_REQUEST = 4,
+    KRB5_PDU_TGS_REPLY = 5,
+    KRB5_PDU_AP_REQUEST = 6,
+    KRB5_PDU_AP_REPLY = 7,
+    KRB5_PDU_KRB_SAFE = 8,
+    KRB5_PDU_KRB_PRIV = 9,
+    KRB5_PDU_KRB_CRED = 10,
+    KRB5_PDU_NONE = 11 /* See krb5_get_permitted_enctypes() */
+} krb5_pdu;
+
  typedef PADATA_TYPE krb5_preauthtype;
  
  typedef enum krb5_key_usage {
diff --git a/source4/heimdal/lib/krb5/krb5_locl.h b/source4/heimdal/lib/krb5/krb5_locl.h

index bdd725e9ea4a8f161a8691b12c57661b82f1ebc3..d0c68927ffbd358b84f28d60c3fc752d4dceb6e5 100644 (file)
--- a/source4/heimdal/lib/krb5/krb5_locl.h
+++ b/source4/heimdal/lib/krb5/krb5_locl.h
@@ -188,6 +188,12 @@ struct _krb5_krb_auth_data;
  #define ALLOC(X, N) (X) = calloc((N), sizeof(*(X)))
  #define ALLOC_SEQ(X, N) do { (X)->len = (N); ALLOC((X)->val, (N)); } while(0)
  
+#ifndef __func__
+#define __func__ "unknown-function"
+#endif
+
+#define krb5_einval(context, argnum) _krb5_einval((context), __func__, (argnum))
+
  #ifndef PATH_SEP
  #define PATH_SEP ":"
  #endif
@@ -240,9 +246,14 @@ struct _krb5_get_init_creds_opt_private {
      } lr;
  };
  
+typedef uint32_t krb5_enctype_set;
+
  typedef struct krb5_context_data {
      krb5_enctype *etypes;
-    krb5_enctype *etypes_des;
+    krb5_enctype *etypes_des;/* deprecated */
+    krb5_enctype *as_etypes;
+    krb5_enctype *tgs_etypes;
+    krb5_enctype *permitted_enctypes;
      char **default_realms;
      time_t max_skew;
      time_t kdc_timeout;
diff --git a/source4/heimdal/lib/krb5/krbhst.c b/source4/heimdal/lib/krb5/krbhst.c

index 7d111578481b10a6cc50a05fc82748b6a2684542..3242cdb9995601194439147f95172aa1d7928040 100644 (file)
--- a/source4/heimdal/lib/krb5/krbhst.c
+++ b/source4/heimdal/lib/krb5/krbhst.c
@@ -123,7 +123,7 @@ srv_find_realm(krb5_context context, krb5_krbhst_info ***res, int *count,
             (*res)[num_srv++] = hi;
  
             hi->proto = proto_num;
-       
+
             hi->def_port = def_port;
             if (port != 0)
                 hi->port = port;
@@ -134,7 +134,7 @@ srv_find_realm(krb5_context context, krb5_krbhst_info ***res, int *count,
         }
  
      *count = num_srv;
-       
+
      rk_dns_free_data(r);
      return 0;
  }
@@ -508,7 +508,7 @@ fallback_get_hosts(krb5_context context, struct krb5_krbhst_data *kd,
         ret = asprintf(&host, "%s.%s.", serv_string, kd->realm);
      else
         ret = asprintf(&host, "%s-%d.%s.",
-                      serv_string, kd->fallback_count, kd->realm);     
+                      serv_string, kd->fallback_count, kd->realm);
  
      if (ret < 0 || host == NULL)
         return ENOMEM;
@@ -605,7 +605,7 @@ plugin_get_hosts(krb5_context context,
         service = _krb5_plugin_get_symbol(e);
         if (service->minor_version != 0)
             continue;
-       
+
         (*service->init)(context, &ctx);
         ret = (*service->lookup)(ctx, type, kd->realm, 0, 0, add_locate, kd);
         (*service->fini)(ctx);
diff --git a/source4/heimdal/lib/krb5/log.c b/source4/heimdal/lib/krb5/log.c

index ca0756fdb9a3df65f9461a1837a93c52c515d882..4b289afd807df7597a4cb8d1632ef178e1c25a86 100644 (file)
--- a/source4/heimdal/lib/krb5/log.c
+++ b/source4/heimdal/lib/krb5/log.c
@@ -501,7 +501,7 @@ _krb5_debug(krb5_context context,
  
      if (context == NULL || context->debug_dest == NULL)
         return;
-       
+
      va_start(ap, fmt);
      krb5_vlog(context, context->debug_dest, level, fmt, ap);
      va_end(ap);
diff --git a/source4/heimdal/lib/krb5/mcache.c b/source4/heimdal/lib/krb5/mcache.c

index 19e6b2345ee73770c12a18964b8e25a6c280e7e6..e4b90c17e7b2cdc920604ad7166784ed85e8a8f7 100644 (file)
--- a/source4/heimdal/lib/krb5/mcache.c
+++ b/source4/heimdal/lib/krb5/mcache.c
@@ -220,7 +220,7 @@ mcc_destroy(krb5_context context,
         l = m->creds;
         while (l != NULL) {
             struct link *old;
-       
+
             krb5_free_cred_contents (context, &l->cred);
             old = l;
             l = l->next;
@@ -347,7 +347,7 @@ mcc_set_flags(krb5_context context,
  {
      return 0; /* XXX */
  }
-               
+
  struct mcache_iter {
      krb5_mcache *cache;
  };
diff --git a/source4/heimdal/lib/krb5/misc.c b/source4/heimdal/lib/krb5/misc.c

index f90624cfca0bf6d460a496ff264855f1f4260352..ac6720c4e992155025ced914d8c00f069e5f1cca 100644 (file)
--- a/source4/heimdal/lib/krb5/misc.c
+++ b/source4/heimdal/lib/krb5/misc.c
@@ -32,6 +32,9 @@
   */
  
  #include "krb5_locl.h"
+#ifdef HAVE_EXECINFO_H
+#include <execinfo.h>
+#endif
  
  KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
  _krb5_s4u2self_to_checksumdata(krb5_context context,
@@ -42,7 +45,7 @@ _krb5_s4u2self_to_checksumdata(krb5_context context,
      krb5_ssize_t ssize;
      krb5_storage *sp;
      size_t size;
-    int i;
+    size_t i;
  
      sp = krb5_storage_emem();
      if (sp == NULL) {
@@ -56,20 +59,20 @@ _krb5_s4u2self_to_checksumdata(krb5_context context,
      for (i = 0; i < self->name.name_string.len; i++) {
         size = strlen(self->name.name_string.val[i]);
         ssize = krb5_storage_write(sp, self->name.name_string.val[i], size);
-       if (ssize != size) {
+       if (ssize != (krb5_ssize_t)size) {
             ret = ENOMEM;
             goto out;
         }
      }
      size = strlen(self->realm);
      ssize = krb5_storage_write(sp, self->realm, size);
-    if (ssize != size) {
+    if (ssize != (krb5_ssize_t)size) {
         ret = ENOMEM;
         goto out;
      }
      size = strlen(self->auth);
      ssize = krb5_storage_write(sp, self->auth, size);
-    if (ssize != size) {
+    if (ssize != (krb5_ssize_t)size) {
         ret = ENOMEM;
         goto out;
      }
@@ -89,3 +92,37 @@ krb5_enomem(krb5_context context)
      krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
      return ENOMEM;
  }
+
+void
+_krb5_debug_backtrace(krb5_context context)
+{
+#if defined(HAVE_BACKTRACE) && !defined(HEIMDAL_SMALLER)
+    void *stack[128];
+    char **strs = NULL;
+    int i, frames = backtrace(stack, sizeof(stack) / sizeof(stack[0]));
+    if (frames > 0)
+       strs = backtrace_symbols(stack, frames);
+    if (strs) {
+       for (i = 0; i < frames; i++)
+           _krb5_debug(context, 10, "frame %d: %s", i, strs[i]);
+       free(strs);
+    }
+#endif
+}
+
+krb5_error_code
+_krb5_einval(krb5_context context, const char *func, unsigned long argn)
+{
+#ifndef HEIMDAL_SMALLER
+    krb5_set_error_message(context, EINVAL,
+                          N_("programmer error: invalid argument to %s argument %lu",
+                             "function:line"),
+                          func, argn);
+    if (_krb5_have_debug(context, 10)) {
+       _krb5_debug(context, 10, "invalid argument to function %s argument %lu",
+                   func, argn);
+       _krb5_debug_backtrace(context);
+    }
+#endif
+    return EINVAL;
+}
diff --git a/source4/heimdal/lib/krb5/mit_glue.c b/source4/heimdal/lib/krb5/mit_glue.c

index 93489b607b3b71cde906c900b39bbd112bbe5d9b..803a5bf289484629af8fe1c405f2f899ef44edb3 100644 (file)
--- a/source4/heimdal/lib/krb5/mit_glue.c
+++ b/source4/heimdal/lib/krb5/mit_glue.c
@@ -31,8 +31,6 @@
   * SUCH DAMAGE.
   */
  
-#define KRB5_DEPRECATED
-
  #include "krb5_locl.h"
  
  #ifndef HEIMDAL_SMALLER
@@ -226,7 +224,7 @@ krb5_c_decrypt(krb5_context context,
         krb5_crypto_destroy(context, crypto);
         return ret;
         }
-       
+
         if (blocksize > ivec->length) {
             krb5_crypto_destroy(context, crypto);
             return KRB5_BAD_MSIZE;
@@ -316,12 +314,12 @@ krb5_c_encrypt_length(krb5_context context,
   * @ingroup krb5_deprecated
   */
  
-KRB5_DEPRECATED
  KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
  krb5_c_enctype_compare(krb5_context context,
                        krb5_enctype e1,
                        krb5_enctype e2,
                        krb5_boolean *similar)
+    KRB5_DEPRECATED_FUNCTION("Use X instead")
  {
      *similar = (e1 == e2);
      return 0;
diff --git a/source4/heimdal/lib/krb5/mk_error.c b/source4/heimdal/lib/krb5/mk_error.c

index a837b5e290df53695379a0d898f252a3cbbd63e0..5fee1d6bed6374496bd8e816be7d1f4178a4d085 100644 (file)
--- a/source4/heimdal/lib/krb5/mk_error.c
+++ b/source4/heimdal/lib/krb5/mk_error.c
@@ -48,7 +48,7 @@ krb5_mk_error(krb5_context context,
      KRB_ERROR msg;
      krb5_timestamp sec;
      int32_t usec;
-    size_t len;
+    size_t len = 0;
      krb5_error_code ret = 0;
  
      krb5_us_timeofday (context, &sec, &usec);
@@ -75,7 +75,8 @@ krb5_mk_error(krb5_context context,
         msg.realm = server->realm;
         msg.sname = server->name;
      }else{
-       msg.realm = "<unspecified realm>";
+       static char unspec[] = "<unspecified realm>";
+       msg.realm = unspec;
      }
      if(client){
         msg.crealm = &client->realm;
diff --git a/source4/heimdal/lib/krb5/mk_priv.c b/source4/heimdal/lib/krb5/mk_priv.c

index 833821341daeea2a46e211342832f11119285054..dede6d2fa4dc16fe9660b426f6ac9f28a11097b0 100644 (file)
--- a/source4/heimdal/lib/krb5/mk_priv.c
+++ b/source4/heimdal/lib/krb5/mk_priv.c
@@ -45,7 +45,7 @@ krb5_mk_priv(krb5_context context,
      EncKrbPrivPart part;
      u_char *buf = NULL;
      size_t buf_size;
-    size_t len;
+    size_t len = 0;
      krb5_crypto crypto;
      krb5_keyblock *key;
      krb5_replay_data rdata;
diff --git a/source4/heimdal/lib/krb5/mk_rep.c b/source4/heimdal/lib/krb5/mk_rep.c

index 2b9c3fbdbbbc8e0789ac2dc023d21b1e8eb5b5a9..84c315291c1a12c8cdd28e249fff693d3f73fe81 100644 (file)
--- a/source4/heimdal/lib/krb5/mk_rep.c
+++ b/source4/heimdal/lib/krb5/mk_rep.c
@@ -43,7 +43,7 @@ krb5_mk_rep(krb5_context context,
      EncAPRepPart body;
      u_char *buf = NULL;
      size_t buf_size;
-    size_t len;
+    size_t len = 0;
      krb5_crypto crypto;
  
      ap.pvno = 5;
diff --git a/source4/heimdal/lib/krb5/n-fold.c b/source4/heimdal/lib/krb5/n-fold.c

index f94a1ea12524ceffe9258b695169a2745a1bdd17..2e6092c5ca80bb1e9c99f44fe7f53585421a4a8e 100644 (file)
--- a/source4/heimdal/lib/krb5/n-fold.c
+++ b/source4/heimdal/lib/krb5/n-fold.c
@@ -64,7 +64,7 @@ rr13(unsigned char *buf, size_t len)
             /* byte offset and shift count */
             b1 = bb / 8;
             s1 = bb % 8;
-       
+
             if(bb + 8 > bytes * 8)
                 /* watch for wraparound */
                 s2 = (len + 8 - s1) % 8;
diff --git a/source4/heimdal/lib/krb5/pac.c b/source4/heimdal/lib/krb5/pac.c

index 046a89cc6a544c1347547c14c181cc5d5836f92c..f4caaddc264b9d147268a6c5b8a1944b05789f64 100644 (file)
--- a/source4/heimdal/lib/krb5/pac.c
+++ b/source4/heimdal/lib/krb5/pac.c
@@ -106,7 +106,7 @@ HMAC_MD5_any_checksum(krb5_context context,
      ret = _krb5_HMAC_MD5_checksum(context, &local_key, data, len, usage, result);
      if (ret)
         krb5_data_free(&result->checksum);
-    
+
      krb5_free_keyblock(context, local_key.key);
      return ret;
  }
@@ -464,7 +464,7 @@ verify_checksum(krb5_context context,
         goto out;
      }
      ret = krb5_storage_read(sp, cksum.checksum.data, cksum.checksum.length);
-    if (ret != cksum.checksum.length) {
+    if (ret != (int)cksum.checksum.length) {
         ret = EINVAL;
         krb5_set_error_message(context, ret, "PAC checksum missing checksum");
         goto out;
@@ -546,7 +546,7 @@ create_checksum(krb5_context context,
       * http://blogs.msdn.com/b/openspecification/archive/2010/01/01/verifying-the-server-signature-in-kerberos-privilege-account-certificate.aspx
       * for Microsoft's explaination */
  
-    if (cksumtype == CKSUMTYPE_HMAC_MD5) {
+    if (cksumtype == (uint32_t)CKSUMTYPE_HMAC_MD5) {
         ret = HMAC_MD5_any_checksum(context, key, data, datalen,
                                     KRB5_KU_OTHER_CKSUM, &cksum);
      } else {
@@ -748,7 +748,7 @@ build_logon_name(krb5_context context,
  
      ret = krb5_storage_write(sp, s2, len * 2);
      free(s2);
-    if (ret != len * 2) {
+    if (ret != (int)(len * 2)) {
         ret = krb5_enomem(context);
         goto out;
      }
@@ -932,7 +932,8 @@ _krb5_pac_sign(krb5_context context,
      size_t server_size, priv_size;
      uint32_t server_offset = 0, priv_offset = 0;
      uint32_t server_cksumtype = 0, priv_cksumtype = 0;
-    int i, num = 0;
+    int num = 0;
+    size_t i;
      krb5_data logon, d;
  
      krb5_data_zero(&logon);
@@ -1049,7 +1050,7 @@ _krb5_pac_sign(krb5_context context,
  
             end += len;
             e = ((end + PAC_ALIGNMENT - 1) / PAC_ALIGNMENT) * PAC_ALIGNMENT;
-           if (end != e) {
+           if ((int32_t)end != e) {
                 CHECK(ret, fill_zeros(context, spdata, e - end), out);
             }
             end = e;
@@ -1066,7 +1067,7 @@ _krb5_pac_sign(krb5_context context,
         goto out;
      }
      ret = krb5_storage_write(sp, d.data, d.length);
-    if (ret != d.length) {
+    if (ret != (int)d.length) {
         krb5_data_free(&d);
         ret = krb5_enomem(context);
         goto out;
diff --git a/source4/heimdal/lib/krb5/padata.c b/source4/heimdal/lib/krb5/padata.c

index 98420a733200ac36811bc2f30b2caa724d4c0778..babe22cb387613772274905e3743222936560530 100644 (file)
--- a/source4/heimdal/lib/krb5/padata.c
+++ b/source4/heimdal/lib/krb5/padata.c
@@ -36,8 +36,8 @@
  KRB5_LIB_FUNCTION PA_DATA * KRB5_LIB_CALL
  krb5_find_padata(PA_DATA *val, unsigned len, int type, int *idx)
  {
-    for(; *idx < len; (*idx)++)
-       if(val[*idx].padata_type == type)
+    for(; *idx < (int)len; (*idx)++)
+       if(val[*idx].padata_type == (unsigned)type)
             return val + *idx;
      return NULL;
  }
diff --git a/source4/heimdal/lib/krb5/pkinit.c b/source4/heimdal/lib/krb5/pkinit.c

index 7a8502727e30615c25f444bd1c72ed2f235f3bbd..1103a17807be9e1240339580775c203073669244 100644 (file)
--- a/source4/heimdal/lib/krb5/pkinit.c
+++ b/source4/heimdal/lib/krb5/pkinit.c
@@ -188,7 +188,8 @@ find_cert(krb5_context context, struct krb5_pk_identity *id,
         { "MS EKU" },
         { "any (or no)" }
      };
-    int i, ret, start = 1;
+    int ret = HX509_CERT_NOT_FOUND;
+    size_t i, start = 1;
      unsigned oids[] = { 1, 2, 840, 113635, 100, 3, 2, 1 };
      const heim_oid mobileMe = { sizeof(oids)/sizeof(oids[0]), oids };
  
@@ -298,8 +299,8 @@ cert2epi(hx509_context context, void *ctx, hx509_cert c)
      {
         IssuerAndSerialNumber iasn;
         hx509_name issuer;
-       size_t size;
-       
+       size_t size = 0;
+
         memset(&iasn, 0, sizeof(iasn));
  
         ret = hx509_cert_get_issuer(c, &issuer);
@@ -314,7 +315,7 @@ cert2epi(hx509_context context, void *ctx, hx509_cert c)
             free_ExternalPrincipalIdentifier(&id);
             return ret;
         }
-       
+
         ret = hx509_cert_get_serialnumber(c, &iasn.serialNumber);
         if (ret) {
             free_IssuerAndSerialNumber(&iasn);
@@ -364,7 +365,7 @@ build_auth_pack(krb5_context context,
                 const KDC_REQ_BODY *body,
                 AuthPack *a)
  {
-    size_t buf_size, len;
+    size_t buf_size, len = 0;
      krb5_error_code ret;
      void *buf;
      krb5_timestamp sec;
@@ -413,7 +414,7 @@ build_auth_pack(krb5_context context,
         const char *moduli_file;
         unsigned long dh_min_bits;
         krb5_data dhbuf;
-       size_t size;
+       size_t size = 0;
  
         krb5_data_zero(&dhbuf);
  
@@ -433,7 +434,7 @@ build_auth_pack(krb5_context context,
         ret = _krb5_parse_moduli(context, moduli_file, &ctx->m);
         if (ret)
             return ret;
-       
+
         ctx->u.dh = DH_new();
         if (ctx->u.dh == NULL) {
             krb5_set_error_message(context, ENOMEM,
@@ -483,9 +484,9 @@ build_auth_pack(krb5_context context,
                                &a->clientPublicValue->algorithm.algorithm);
             if (ret)
                 return ret;
-           
+
             memset(&dp, 0, sizeof(dp));
-           
+
             ret = BN_to_integer(context, dh->p, &dp.p);
             if (ret) {
                 free_DomainParameters(&dp);
@@ -503,14 +504,14 @@ build_auth_pack(krb5_context context,
             }
             dp.j = NULL;
             dp.validationParms = NULL;
-           
+
             a->clientPublicValue->algorithm.parameters =
                 malloc(sizeof(*a->clientPublicValue->algorithm.parameters));
             if (a->clientPublicValue->algorithm.parameters == NULL) {
                 free_DomainParameters(&dp);
                 return ret;
             }
-           
+
             ASN1_MALLOC_ENCODE(DomainParameters,
                                a->clientPublicValue->algorithm.parameters->data,
                                a->clientPublicValue->algorithm.parameters->length,
@@ -520,11 +521,11 @@ build_auth_pack(krb5_context context,
                 return ret;
             if (size != a->clientPublicValue->algorithm.parameters->length)
                 krb5_abortx(context, "Internal ASN1 encoder error");
-           
+
             ret = BN_to_integer(context, dh->pub_key, &dh_pub_key);
             if (ret)
                 return ret;
-           
+
             ASN1_MALLOC_ENCODE(DHPublicKey, dhbuf.data, dhbuf.length,
                                &dh_pub_key, &size, ret);
             der_free_heim_integer(&dh_pub_key);
@@ -536,7 +537,7 @@ build_auth_pack(krb5_context context,
  #ifdef HAVE_OPENSSL
             ECParameters ecp;
             unsigned char *p;
-           int len;
+           int xlen;
  
             /* copy in public key, XXX find the best curve that the server support or use the clients curve if possible */
  
@@ -551,13 +552,13 @@ build_auth_pack(krb5_context context,
                 free_ECParameters(&ecp);
                 return ENOMEM;
             }
-           ASN1_MALLOC_ENCODE(ECParameters, p, len, &ecp, &size, ret);
+           ASN1_MALLOC_ENCODE(ECParameters, p, xlen, &ecp, &size, ret);
             free_ECParameters(&ecp);
             if (ret)
                 return ret;
-           if (size != len)
+           if ((int)size != xlen)
                 krb5_abortx(context, "asn1 internal error");
-           
+
             a->clientPublicValue->algorithm.parameters->data = p;
             a->clientPublicValue->algorithm.parameters->length = size;
  
@@ -578,18 +579,18 @@ build_auth_pack(krb5_context context,
  
             /* encode onto dhkey */
  
-           len = i2o_ECPublicKey(ctx->u.eckey, NULL);
-           if (len <= 0)
+           xlen = i2o_ECPublicKey(ctx->u.eckey, NULL);
+           if (xlen <= 0)
                 abort();
  
-           dhbuf.data = malloc(len);
+           dhbuf.data = malloc(xlen);
             if (dhbuf.data == NULL)
                 abort();
-           dhbuf.length = len;
+           dhbuf.length = xlen;
             p = dhbuf.data;
  
-           len = i2o_ECPublicKey(ctx->u.eckey, &p);
-           if (len <= 0)
+           xlen = i2o_ECPublicKey(ctx->u.eckey, &p);
+           if (xlen <= 0)
                 abort();
  
             /* XXX verify that this is right with RFC3279 */
@@ -601,13 +602,14 @@ build_auth_pack(krb5_context context,
         a->clientPublicValue->subjectPublicKey.length = dhbuf.length * 8;
         a->clientPublicValue->subjectPublicKey.data = dhbuf.data;
      }
-    
+
      {
         a->supportedCMSTypes = calloc(1, sizeof(*a->supportedCMSTypes));
         if (a->supportedCMSTypes == NULL)
             return ENOMEM;
  
-       ret = hx509_crypto_available(context->hx509ctx, HX509_SELECT_ALL, NULL,
+       ret = hx509_crypto_available(context->hx509ctx, HX509_SELECT_ALL,
+                                    ctx->id->cert,
                                      &a->supportedCMSTypes->val,
                                      &a->supportedCMSTypes->len);
         if (ret)
@@ -648,10 +650,10 @@ pk_mk_padata(krb5_context context,
  {
      struct ContentInfo content_info;
      krb5_error_code ret;
-    const heim_oid *oid;
-    size_t size;
+    const heim_oid *oid = NULL;
+    size_t size = 0;
      krb5_data buf, sd_buf;
-    int pa_type;
+    int pa_type = -1;
  
      krb5_data_zero(&buf);
      krb5_data_zero(&sd_buf);
@@ -698,7 +700,7 @@ pk_mk_padata(krb5_context context,
         oid = &asn1_oid_id_pkcs7_data;
      } else if (ctx->type == PKINIT_27) {
         AuthPack ap;
-       
+
         memset(&ap, 0, sizeof(ap));
  
         ret = build_auth_pack(context, nonce, ctx, req_body, &ap);
@@ -755,7 +757,7 @@ pk_mk_padata(krb5_context context,
         pa_type = KRB5_PADATA_PK_AS_REQ;
  
         memset(&req, 0, sizeof(req));
-       req.signedAuthPack = buf;       
+       req.signedAuthPack = buf;
  
         if (ctx->trustedCertifiers) {
  
@@ -926,7 +928,7 @@ pk_verify_sign(krb5_context context,
         ret = ENOMEM;
         goto out;
      }
-       
+
      ret = hx509_get_one_cert(context->hx509ctx, signer_certs, &(*signer)->cert);
      if (ret) {
         pk_copy_error(context, context->hx509ctx, ret,
@@ -968,7 +970,7 @@ get_reply_key_win(krb5_context context,
         return ret;
      }
  
-    if (key_pack.nonce != nonce) {
+    if ((unsigned)key_pack.nonce != nonce) {
         krb5_set_error_message(context, ret,
                                N_("PKINIT enckey nonce is wrong", ""));
         free_ReplyKeyPack_Win2k(&key_pack);
@@ -1081,7 +1083,7 @@ pk_verify_host(krb5_context context,
      }
      if (ctx->require_krbtgt_otherName) {
         hx509_octet_string_list list;
-       int i;
+       size_t i;
  
         ret = hx509_cert_find_subjectAltName_otherName(context->hx509ctx,
                                                        host->cert,
@@ -1203,9 +1205,9 @@ pk_rd_pa_reply_enckey(krb5_context context,
             size_t ph = 1 + der_length_len(content.length);
             unsigned char *ptr = malloc(content.length + ph);
             size_t l;
-           
+
             memcpy(ptr + ph, content.data, content.length);
-           
+
             ret = der_put_length_and_tag (ptr + ph - 1, ph, content.length,
                                           ASN1_C_UNIV, CONS, UT_Sequence, &l);
             if (ret)
@@ -1424,7 +1426,7 @@ pk_rd_pa_reply_dh(krb5_context context,
             krb5_set_error_message(context, ret, N_("malloc: out of memory", ""));
             goto out;
         }
-       
+
         dh_gen_keylen = DH_compute_key(dh_gen_key, kdc_dh_pubkey, ctx->u.dh);
         if (dh_gen_keylen == -1) {
             ret = KRB5KRB_ERR_GENERIC;
@@ -1433,7 +1435,7 @@ pk_rd_pa_reply_dh(krb5_context context,
                                    N_("PKINIT: Can't compute Diffie-Hellman key", ""));
             goto out;
         }
-       if (dh_gen_keylen < size) {
+       if (dh_gen_keylen < (int)size) {
             size -= dh_gen_keylen;
             memmove(dh_gen_key + size, dh_gen_key, dh_gen_keylen);
             memset(dh_gen_key, 0, size);
@@ -1488,7 +1490,7 @@ pk_rd_pa_reply_dh(krb5_context context,
         ret = EINVAL;
  #endif
      }
-       
+
      if (dh_gen_keylen <= 0) {
         ret = EINVAL;
         krb5_set_error_message(context, ret,
@@ -1555,7 +1557,7 @@ _krb5_pk_rd_pa_reply(krb5_context context,
         PA_PK_AS_REP rep;
         heim_octet_string os, data;
         heim_oid oid;
-       
+
         if (pa->padata_type != KRB5_PADATA_PK_AS_REP) {
             krb5_set_error_message(context, EINVAL,
                                    N_("PKINIT: wrong padata recv", ""));
@@ -1585,7 +1587,7 @@ _krb5_pk_rd_pa_reply(krb5_context context,
             PA_PK_AS_REP_BTMM btmm;
             free_PA_PK_AS_REP(&rep);
             memset(&rep, 0, sizeof(rep));
-           
+
             _krb5_debug(context, 5, "krb5_get_init_creds: using BTMM kinit enc reply key");
  
             ret = decode_PA_PK_AS_REP_BTMM(pa->padata_value.data,
@@ -1661,7 +1663,7 @@ _krb5_pk_rd_pa_reply(krb5_context context,
  #endif
  
         memset(&w2krep, 0, sizeof(w2krep));
-       
+
         ret = decode_PA_PK_AS_REP_Win2k(pa->padata_value.data,
                                         pa->padata_value.length,
                                         &w2krep,
@@ -1674,12 +1676,12 @@ _krb5_pk_rd_pa_reply(krb5_context context,
         }
  
         krb5_clear_error_message(context);
-       
+
         switch (w2krep.element) {
         case choice_PA_PK_AS_REP_Win2k_encKeyPack: {
             heim_octet_string data;
             heim_oid oid;
-       
+
             ret = hx509_cms_unwrap_ContentInfo(&w2krep.u.encKeyPack,
                                                &oid, &data, NULL);
             free_PA_PK_AS_REP_Win2k(&w2krep);
@@ -1744,7 +1746,7 @@ hx_pass_prompter(void *data, const hx509_prompt *prompter)
      default:
         prompt.type   = KRB5_PROMPT_TYPE_PASSWORD;
         break;
-    }  
+    }
  
      ret = (*p->prompter)(p->context, p->prompter_data, NULL, NULL, 1, &prompt);
      if (ret) {
@@ -1780,10 +1782,10 @@ _krb5_pk_set_user_id(krb5_context context,
                       "Allocate query to find signing certificate");
         return ret;
      }
-       
+
      hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY);
      hx509_query_match_option(q, HX509_QUERY_OPTION_KU_DIGITALSIGNATURE);
-       
+
      if (principal && strncmp("LKDC:SHA1.", krb5_principal_get_realm(context, principal), 9) == 0) {
         ctx->id->flags |= PKINIT_BTMM;
      }
@@ -1799,7 +1801,7 @@ _krb5_pk_set_user_id(krb5_context context,
         ret = hx509_cert_get_subject(ctx->id->cert, &name);
         if (ret)
             goto out;
-    
+
         ret = hx509_name_to_string(name, &str);
         hx509_name_free(&name);
         if (ret)
@@ -1857,7 +1859,7 @@ _krb5_pk_load_id(krb5_context context,
         krb5_set_error_message(context, ENOMEM,
                                N_("malloc: out of memory", ""));
         return ENOMEM;
-    }  
+    }
  
      if (user_id) {
         hx509_lock lock;
@@ -1867,15 +1869,15 @@ _krb5_pk_load_id(krb5_context context,
             pk_copy_error(context, context->hx509ctx, ret, "Failed init lock");
             goto out;
         }
-       
+
         if (password && password[0])
             hx509_lock_add_password(lock, password);
-       
+
         if (prompter) {
             p.context = context;
             p.prompter = prompter;
             p.prompter_data = prompter_data;
-           
+
             ret = hx509_lock_set_prompter(lock, hx_pass_prompter, &p);
             if (ret) {
                 hx509_lock_free(lock);
@@ -2083,7 +2085,7 @@ _krb5_parse_moduli_line(krb5_context context,
                                   "bits on line %d", ""), file, lineno);
         goto out;
      }
-       
+
      ret = parse_integer(context, &p, file, lineno, "p", &m1->p);
      if (ret)
         goto out;
@@ -2249,7 +2251,7 @@ _krb5_parse_moduli(krb5_context context, const char *file,
             return ENOMEM;
         }
         m = m2;
-       
+
         m[n] = NULL;
  
         ret = _krb5_parse_moduli_line(context, file, lineno, buf,  &element);
@@ -2321,7 +2323,7 @@ _krb5_get_init_creds_opt_free_pkinit(krb5_get_init_creds_opt *opt)
         break;
      case USE_RSA:
         break;
-    case USE_ECDH: 
+    case USE_ECDH:
  #ifdef HAVE_OPENSSL
         if (ctx->u.eckey)
             EC_KEY_free(ctx->u.eckey);
@@ -2457,7 +2459,7 @@ krb5_get_init_creds_opt_set_pkinit(krb5_context context,
             krb5_set_error_message(context, EINVAL,
                                    N_("No anonymous pkinit support in RSA mode", ""));
             return EINVAL;
-       }           
+       }
      }
  
      return 0;
@@ -2484,7 +2486,7 @@ krb5_get_init_creds_opt_set_pkinit_user_certs(krb5_context context,
                                N_("PKINIT: on pkinit context", ""));
         return EINVAL;
      }
-    
+
      _krb5_pk_set_user_id(context, NULL, opt->opt_private->pk_init_ctx, certs);
  
      return 0;
@@ -2517,7 +2519,7 @@ get_ms_san(hx509_context context, hx509_cert cert, char **upn)
                                 upn, NULL);
      else
         ret = 1;
-    hx509_free_octet_string_list(&list);          
+    hx509_free_octet_string_list(&list);
  
      return ret;
  }
@@ -2552,14 +2554,14 @@ krb5_pk_enterprise_cert(krb5_context context,
  #ifdef PKINIT
      krb5_error_code ret;
      hx509_certs certs, result;
-    hx509_cert cert;
+    hx509_cert cert = NULL;
      hx509_query *q;
      char *name;
  
      *principal = NULL;
      if (res)
         *res = NULL;
-    
+
      if (user_id == NULL) {
         krb5_set_error_message(context, ENOENT, "no user id");
         return ENOENT;
@@ -2592,7 +2594,7 @@ krb5_pk_enterprise_cert(krb5_context context,
                       "Failed to find PKINIT certificate");
         return ret;
      }
-    
+
      ret = hx509_get_one_cert(context->hx509ctx, result, &cert);
      hx509_certs_free(&result);
      if (ret) {
@@ -2617,11 +2619,9 @@ krb5_pk_enterprise_cert(krb5_context context,
  
      if (res) {
         ret = hx509_certs_init(context->hx509ctx, "MEMORY:", 0, NULL, res);
-       if (ret) {
-           hx509_cert_free(cert);
+       if (ret)
             goto out;
-       }
-       
+
         ret = hx509_certs_add(context->hx509ctx, *res, cert);
         if (ret) {
             hx509_certs_free(res);
diff --git a/source4/heimdal/lib/krb5/plugin.c b/source4/heimdal/lib/krb5/plugin.c

index ea47e13a7b99084aee83191b9f78d9d87093ce83..9303b6c615b7f51715060284f5aa96ce930bf97d 100644 (file)
--- a/source4/heimdal/lib/krb5/plugin.c
+++ b/source4/heimdal/lib/krb5/plugin.c
@@ -63,7 +63,7 @@ static HEIMDAL_MUTEX plugin_mutex = HEIMDAL_MUTEX_INITIALIZER;
  static struct plugin *registered = NULL;
  static int plugins_needs_scan = 1;
  
-static const char *sysplugin_dirs[] =  { 
+static const char *sysplugin_dirs[] =  {
      LIBDIR "/plugin/krb5",
  #ifdef __APPLE__
      "/System/Library/KerberosPlugins/KerberosFrameworkPlugins",
@@ -196,9 +196,9 @@ is_valid_plugin_filename(const char * n)
  
          return !stricmp(ext, ".dll");
      }
-#endif
-
+#else
      return 1;
+#endif
  }
  
  static void
@@ -305,7 +305,7 @@ static krb5_error_code
  add_symbol(krb5_context context, struct krb5_plugin **list, void *symbol)
  {
      struct krb5_plugin *e;
-    
+
      e = calloc(1, sizeof(*e));
      if (e == NULL) {
         krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
@@ -329,7 +329,7 @@ _krb5_plugin_find(krb5_context context,
      *list = NULL;
  
      HEIMDAL_MUTEX_lock(&plugin_mutex);
-    
+
      load_plugins(context);
  
      for (ret = 0, e = registered; e != NULL; e = e->next) {
@@ -379,7 +379,7 @@ _krb5_plugin_free(struct krb5_plugin *list)
  /*
   * module - dict of {
   *      ModuleName = [
- *          plugin = object{ 
+ *          plugin = object{
   *              array = { ptr, ctx }
   *          }
   *      ]
@@ -556,7 +556,7 @@ search_modules(void *ctx, heim_object_t key, heim_object_t value)
             return;
  
         pl = heim_alloc(sizeof(*pl), "struct-plug", plug_free);
-               
+
         cpm = pl->dataptr = dlsym(p->dsohandle, s->name);
         if (cpm) {
             int ret;
@@ -569,10 +569,10 @@ search_modules(void *ctx, heim_object_t key, heim_object_t value)
      } else {
         cpm = pl->dataptr;
      }
-           
+
      if (cpm && cpm->version >= s->min_version)
         heim_array_append_value(s->result, pl);
-    
+
      heim_release(pl);
  }
  
@@ -619,11 +619,11 @@ _krb5_plugin_run_f(krb5_context context,
      s.userctx = userctx;
  
      heim_dict_iterate_f(dict, search_modules, &s);
-    
+
      heim_release(dict);
-    
+
      HEIMDAL_MUTEX_unlock(&plugin_mutex);
-    
+
      s.ret = KRB5_PLUGIN_NO_HANDLE;
  
      heim_array_iterate_f(s.result, eval_results, &s);
diff --git a/source4/heimdal/lib/krb5/principal.c b/source4/heimdal/lib/krb5/principal.c

index 42169fc2f92e17c6e6c863cf14cfffe786901f2b..a10d2d0798035843a4182ff1f6b44981482c206d 100644 (file)
--- a/source4/heimdal/lib/krb5/principal.c
+++ b/source4/heimdal/lib/krb5/principal.c
@@ -140,7 +140,7 @@ krb5_principal_get_realm(krb5_context context,
                          krb5_const_principal principal)
  {
      return princ_realm(principal);
-}                      
+}
  
  KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
  krb5_principal_get_comp_string(krb5_context context,
@@ -426,7 +426,7 @@ unparse_name_fixed(krb5_context context,
                    int flags)
  {
      size_t idx = 0;
-    int i;
+    size_t i;
      int short_form = (flags & KRB5_PRINCIPAL_UNPARSE_SHORT) != 0;
      int no_realm = (flags & KRB5_PRINCIPAL_UNPARSE_NO_REALM) != 0;
      int display = (flags & KRB5_PRINCIPAL_UNPARSE_DISPLAY) != 0;
@@ -549,7 +549,7 @@ unparse_name(krb5_context context,
              int flags)
  {
      size_t len = 0, plen;
-    int i;
+    size_t i;
      krb5_error_code ret;
      /* count length */
      if (princ_realm(principal)) {
@@ -917,7 +917,7 @@ krb5_principal_compare_any_realm(krb5_context context,
                                  krb5_const_principal princ1,
                                  krb5_const_principal princ2)
  {
-    int i;
+    size_t i;
      if(princ_num_comp(princ1) != princ_num_comp(princ2))
         return FALSE;
      for(i = 0; i < princ_num_comp(princ1); i++){
@@ -932,7 +932,7 @@ _krb5_principal_compare_PrincipalName(krb5_context context,
                                       krb5_const_principal princ1,
                                       PrincipalName *princ2)
  {
-    int i;
+    size_t i;
      if (princ_num_comp(princ1) != princ2->name_string.len)
         return FALSE;
      for(i = 0; i < princ_num_comp(princ1); i++){
@@ -1001,7 +1001,7 @@ krb5_principal_match(krb5_context context,
                      krb5_const_principal princ,
                      krb5_const_principal pattern)
  {
-    int i;
+    size_t i;
      if(princ_num_comp(princ) != princ_num_comp(pattern))
         return FALSE;
      if(fnmatch(princ_realm(pattern), princ_realm(princ), 0) != 0)
@@ -1028,7 +1028,7 @@ krb5_principal_match(krb5_context context,
   *
   * @ingroup krb5_principal
   */
-                       
+
  KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
  krb5_sname_to_principal (krb5_context context,
                          const char *hostname,
@@ -1039,7 +1039,7 @@ krb5_sname_to_principal (krb5_context context,
      krb5_error_code ret;
      char localhost[MAXHOSTNAMELEN];
      char **realms, *host = NULL;
-       
+
      if(type != KRB5_NT_SRV_HST && type != KRB5_NT_UNKNOWN) {
         krb5_set_error_message(context, KRB5_SNAME_UNSUPP_NAMETYPE,
                                N_("unsupported name type %d", ""),
@@ -1053,7 +1053,7 @@ krb5_sname_to_principal (krb5_context context,
             krb5_set_error_message(context, ret,
                                    N_("Failed to get local hostname", ""));
             return ret;
-       }       
+       }
         localhost[sizeof(localhost) - 1] = '\0';
         hostname = localhost;
      }
@@ -1096,7 +1096,7 @@ static const struct {
      { "ENT_PRINCIPAL_AND_ID", KRB5_NT_ENT_PRINCIPAL_AND_ID },
      { "MS_PRINCIPAL", KRB5_NT_MS_PRINCIPAL },
      { "MS_PRINCIPAL_AND_ID", KRB5_NT_MS_PRINCIPAL_AND_ID },
-    { NULL }
+    { NULL, 0 }
  };
  
  /**
diff --git a/source4/heimdal/lib/krb5/rd_cred.c b/source4/heimdal/lib/krb5/rd_cred.c

index 094f748b9f0754180b00fb7cdd1db019c3121881..c08547112b27fe5be9299e7c35652f7400777da1 100644 (file)
--- a/source4/heimdal/lib/krb5/rd_cred.c
+++ b/source4/heimdal/lib/krb5/rd_cred.c
@@ -65,9 +65,10 @@ krb5_rd_cred(krb5_context context,
      EncKrbCredPart enc_krb_cred_part;
      krb5_data enc_krb_cred_part_data;
      krb5_crypto crypto;
-    int i;
+    size_t i;
  
      memset(&enc_krb_cred_part, 0, sizeof(enc_krb_cred_part));
+    krb5_data_zero(&enc_krb_cred_part_data);
  
      if ((auth_context->flags &
          (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
@@ -118,7 +119,7 @@ krb5_rd_cred(krb5_context context,
                                              KRB5_KU_KRB_CRED,
                                              &cred.enc_part,
                                              &enc_krb_cred_part_data);
-       
+
             krb5_crypto_destroy(context, crypto);
         }
  
@@ -134,13 +135,13 @@ krb5_rd_cred(krb5_context context,
  
             if (ret)
                 goto out;
-       
+
             ret = krb5_decrypt_EncryptedData(context,
                                              crypto,
                                              KRB5_KU_KRB_CRED,
                                              &cred.enc_part,
                                              &enc_krb_cred_part_data);
-       
+
             krb5_crypto_destroy(context, crypto);
         }
         if (ret)
@@ -195,7 +196,7 @@ krb5_rd_cred(krb5_context context,
                                       auth_context->local_port);
             if (ret)
                 goto out;
-       
+
             ret = compare_addrs(context, a, enc_krb_cred_part.r_address,
                                 N_("receiver address is wrong "
                                    "in received creds", ""));
@@ -299,9 +300,9 @@ krb5_rd_cred(krb5_context context,
             krb5_copy_addresses (context,
                                  kci->caddr,
                                  &creds->addresses);
-       
+
         (*ret_creds)[i] = creds;
-       
+
      }
      (*ret_creds)[i] = NULL;
  
diff --git a/source4/heimdal/lib/krb5/rd_rep.c b/source4/heimdal/lib/krb5/rd_rep.c

index f8963a53b2572cb926e3a9cef8d779054ce08785..391d81c191b8f986620454d2ad875d0598655f36 100644 (file)
--- a/source4/heimdal/lib/krb5/rd_rep.c
+++ b/source4/heimdal/lib/krb5/rd_rep.c
@@ -65,7 +65,7 @@ krb5_rd_rep(krb5_context context,
      if (ret)
         goto out;
      ret = krb5_decrypt_EncryptedData (context,
-                                     crypto,   
+                                     crypto,
                                       KRB5_KU_AP_REQ_ENC_PART,
                                       &ap_rep.enc_part,
                                       &data);
diff --git a/source4/heimdal/lib/krb5/rd_req.c b/source4/heimdal/lib/krb5/rd_req.c

index 25aa8674c72bf149a88c12d783bd28b61b9edf90..21daeb596b55dbc924266a08ad21cda65f12bff9 100644 (file)
--- a/source4/heimdal/lib/krb5/rd_req.c
+++ b/source4/heimdal/lib/krb5/rd_req.c
@@ -59,7 +59,7 @@ decrypt_tkt_enc_part (krb5_context context,
  
      ret = decode_EncTicketPart(plain.data, plain.length, decr_part, &len);
      if (ret)
-        krb5_set_error_message(context, ret, 
+        krb5_set_error_message(context, ret,
                                N_("Failed to decode encrypted "
                                   "ticket part", ""));
      krb5_data_free (&plain);
@@ -135,9 +135,9 @@ static krb5_error_code
  check_transited(krb5_context context, Ticket *ticket, EncTicketPart *enc)
  {
      char **realms;
-    unsigned int num_realms;
+    unsigned int num_realms, n;
      krb5_error_code ret;
-       
+
      /*
       * Windows 2000 and 2003 uses this inside their TGT so it's normaly
       * not seen by others, however, samba4 joined with a Windows AD as
@@ -161,6 +161,8 @@ check_transited(krb5_context context, Ticket *ticket, EncTicketPart *enc)
      ret = krb5_check_transited(context, enc->crealm,
                                ticket->realm,
                                realms, num_realms, NULL);
+    for (n = 0; n < num_realms; n++)
+       free(realms[n]);
      free(realms);
      return ret;
  }
@@ -175,7 +177,7 @@ find_etypelist(krb5_context context,
      krb5_authdata adIfRelevant;
      unsigned i;
  
-    adIfRelevant.len = 0;
+    memset(&adIfRelevant, 0, sizeof(adIfRelevant));
  
      etypes->len = 0;
      etypes->val = NULL;
@@ -250,7 +252,7 @@ krb5_decrypt_ticket(krb5_context context,
             krb5_clear_error_message (context);
             return KRB5KRB_AP_ERR_TKT_EXPIRED;
         }
-       
+
         if(!t.flags.transited_policy_checked) {
             ret = check_transited(context, ticket, &t);
             if(ret) {
@@ -402,7 +404,7 @@ krb5_verify_ap_req2(krb5_context context,
      {
         krb5_principal p1, p2;
         krb5_boolean res;
-       
+
         _krb5_principalname2krb5_principal(context,
                                            &p1,
                                            ac->authenticator->cname,
@@ -466,7 +468,7 @@ krb5_verify_ap_req2(krb5_context context,
      ac->keytype = ETYPE_NULL;
  
      if (etypes.val) {
-       int i;
+       size_t i;
  
         for (i = 0; i < etypes.len; i++) {
             if (krb5_enctype_valid(context, etypes.val[i]) == 0) {
@@ -508,7 +510,7 @@ krb5_verify_ap_req2(krb5_context context,
         krb5_auth_con_free (context, ac);
      return ret;
  }
-               
+
  /*
   *
   */
@@ -949,7 +951,7 @@ krb5_rd_req_ctx(krb5_context context,
                                   &o->ap_req_options,
                                   &o->ticket,
                                   KRB5_KU_AP_REQ_AUTH);
-       
+
         if (ret)
             goto out;
  
@@ -972,7 +974,7 @@ krb5_rd_req_ctx(krb5_context context,
             goto out;
  
         done = 0;
-       while (!done) { 
+       while (!done) {
             krb5_principal p;
  
             ret = krb5_kt_next_entry(context, id, &entry, &cursor);
@@ -1007,14 +1009,14 @@ krb5_rd_req_ctx(krb5_context context,
              * and update the service principal in the ticket to match
              * whatever is in the keytab.
              */
-           
-           ret = krb5_copy_keyblock(context, 
+
+           ret = krb5_copy_keyblock(context,
                                      &entry.keyblock,
                                      &o->keyblock);
             if (ret) {
                 krb5_kt_free_entry (context, &entry);
                 goto out;
-           }       
+           }
  
             ret = krb5_copy_principal(context, entry.principal, &p);
             if (ret) {
@@ -1023,7 +1025,7 @@ krb5_rd_req_ctx(krb5_context context,
             }
             krb5_free_principal(context, o->ticket->server);
             o->ticket->server = p;
-           
+
             krb5_kt_free_entry (context, &entry);
  
             done = 1;
@@ -1045,7 +1047,7 @@ krb5_rd_req_ctx(krb5_context context,
             krb5_data_free(&data);
             if (ret)
                 goto out;
-       
+
             ret = krb5_pac_verify(context,
                                   pac,
                                   o->ticket->ticket.authtime,
diff --git a/source4/heimdal/lib/krb5/replay.c b/source4/heimdal/lib/krb5/replay.c

index 375a4aaba6b27ac1130cf5629295de3d7bcd8efb..965dd44437d9456253705ebd172aee70368b46bd 100644 (file)
--- a/source4/heimdal/lib/krb5/replay.c
+++ b/source4/heimdal/lib/krb5/replay.c
@@ -282,14 +282,14 @@ krb5_rc_get_name(krb5_context context,
  {
      return id->name;
  }
-               
+
  KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
  krb5_rc_get_type(krb5_context context,
                  krb5_rcache id)
  {
      return "FILE";
  }
-               
+
  KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
  krb5_get_server_rcache(krb5_context context,
                        const krb5_data *piece,
diff --git a/source4/heimdal/lib/krb5/salt-arcfour.c b/source4/heimdal/lib/krb5/salt-arcfour.c

index b222b47e16c77672aa20cb754568741053fa2ea2..ab5e51270c8ef736428e0be7311dc79cd191b29d 100644 (file)
--- a/source4/heimdal/lib/krb5/salt-arcfour.c
+++ b/source4/heimdal/lib/krb5/salt-arcfour.c
@@ -43,7 +43,7 @@ ARCFOUR_string_to_key(krb5_context context,
  {
      krb5_error_code ret;
      uint16_t *s = NULL;
-    size_t len, i;
+    size_t len = 0, i;
      EVP_MD_CTX *m;
  
      m = EVP_MD_CTX_create();
diff --git a/source4/heimdal/lib/krb5/salt-des.c b/source4/heimdal/lib/krb5/salt-des.c

index 6939b6b50be22619989e194c14d2f9f5bbe628cf..56b285f72ed05a3600fa08d055505bb34d50b351 100644 (file)
--- a/source4/heimdal/lib/krb5/salt-des.c
+++ b/source4/heimdal/lib/krb5/salt-des.c
@@ -52,7 +52,7 @@ krb5_DES_AFS3_CMU_string_to_key (krb5_data pw,
                                  DES_cblock *key)
  {
      char  password[8+1];       /* crypt is limited to 8 chars anyway */
-    int   i;
+    size_t   i;
  
      for(i = 0; i < 8; i++) {
         char c = ((i < pw.length) ? ((char*)pw.data)[i] : 0) ^
@@ -89,7 +89,7 @@ krb5_DES_AFS3_Transarc_string_to_key (krb5_data pw,
      memcpy(password, pw.data, min(pw.length, sizeof(password)));
      if(pw.length < sizeof(password)) {
         int len = min(cell.length, sizeof(password) - pw.length);
-       int i;
+       size_t i;
  
         memcpy(password + pw.length, cell.data, len);
         for (i = pw.length; i < pw.length + len; ++i)
@@ -138,7 +138,7 @@ static void
  DES_string_to_key_int(unsigned char *data, size_t length, DES_cblock *key)
  {
      DES_key_schedule schedule;
-    int i;
+    size_t i;
      int reverse = 0;
      unsigned char *p;
  
diff --git a/source4/heimdal/lib/krb5/salt.c b/source4/heimdal/lib/krb5/salt.c

index 6f183087436242f27519c0bc782fd87f909cadb2..5e4c8a1c85724ae2e78ef6341fcc27b3f94d0b2a 100644 (file)
--- a/source4/heimdal/lib/krb5/salt.c
+++ b/source4/heimdal/lib/krb5/salt.c
@@ -33,6 +33,7 @@
  
  #include "krb5_locl.h"
  
+/* coverity[+alloc : arg-*3] */
  KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
  krb5_salttype_to_string (krb5_context context,
                          krb5_enctype etype,
@@ -98,7 +99,7 @@ krb5_get_pw_salt(krb5_context context,
                  krb5_salt *salt)
  {
      size_t len;
-    int i;
+    size_t i;
      krb5_error_code ret;
      char *p;
  
diff --git a/source4/heimdal/lib/krb5/send_to_kdc.c b/source4/heimdal/lib/krb5/send_to_kdc.c

index 2ae8153c8d7b1dd78c1997409d96488b87f4cde7..edf1d33c9d1c17bd405633a426c6c881690f49f2 100644 (file)
--- a/source4/heimdal/lib/krb5/send_to_kdc.c
+++ b/source4/heimdal/lib/krb5/send_to_kdc.c
@@ -88,7 +88,7 @@ recv_loop (krb5_socket_t fd,
                  return 0;
  
              if (limit)
-                nbytes = min(nbytes, limit - rep->length);
+                nbytes = min((size_t)nbytes, limit - rep->length);
  
              tmp = realloc (rep->data, rep->length + nbytes);
              if (tmp == NULL) {
@@ -268,7 +268,7 @@ send_via_proxy (krb5_context context,
      int ret;
      krb5_socket_t s = rk_INVALID_SOCKET;
      char portstr[NI_MAXSERV];
-               
+
      if (proxy == NULL)
         return ENOMEM;
      if (strncmp (proxy, "http://", 7) == 0)
@@ -339,7 +339,7 @@ send_via_plugin(krb5_context context,
         service = _krb5_plugin_get_symbol(e);
         if (service->minor_version != 0)
             continue;
-       
+
         (*service->init)(context, &ctx);
         ret = (*service->send_to_kdc)(context, ctx, hi,
                                       timeout, send_data, receive);
@@ -366,12 +366,12 @@ send_via_plugin(krb5_context context,
  KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
  krb5_sendto (krb5_context context,
              const krb5_data *send_data,
-            krb5_krbhst_handle handle, 
+            krb5_krbhst_handle handle,
              krb5_data *receive)
  {
       krb5_error_code ret;
       krb5_socket_t fd;
-     int i;
+     size_t i;
  
       krb5_data_zero(receive);
  
@@ -511,7 +511,7 @@ _krb5_copy_send_to_kdc_func(krb5_context context, krb5_context to)
  {
      if (context->send_to_kdc)
         return krb5_set_send_to_kdc_func(to,
-                                        context->send_to_kdc->func, 
+                                        context->send_to_kdc->func,
                                          context->send_to_kdc->data);
      else
         return krb5_set_send_to_kdc_func(to, NULL, NULL);
@@ -602,7 +602,7 @@ krb5_sendto_context(krb5_context context,
             type = KRB5_KRBHST_KDC;
      }
  
-    if (send_data->length > context->large_msg_size)
+    if ((int)send_data->length > context->large_msg_size)
         ctx->flags |= KRB5_KRBHST_FLAGS_LARGE_MSG;
  
      /* loop until we get back a appropriate response */
diff --git a/source4/heimdal/lib/krb5/store-int.c b/source4/heimdal/lib/krb5/store-int.c

index 0a18d0dddfe1c9168a1a0fe4ba368822823adec4..d577629718169d4e9c77678ffbf6368007ab5c44 100644 (file)
--- a/source4/heimdal/lib/krb5/store-int.c
+++ b/source4/heimdal/lib/krb5/store-int.c
@@ -50,7 +50,7 @@ _krb5_get_int(void *buffer, unsigned long *value, size_t size)
  {
      unsigned char *p = buffer;
      unsigned long v = 0;
-    int i;
+    size_t i;
      for (i = 0; i < size; i++)
         v = (v << 8) + p[i];
      *value = v;
diff --git a/source4/heimdal/lib/krb5/store-int.h b/source4/heimdal/lib/krb5/store-int.h

index 0b7accb860fff9f0abb46326c938e156eece2ff9..877ccc008dc9b6c00e8fcadeed54449eca42f40e 100644 (file)
--- a/source4/heimdal/lib/krb5/store-int.h
+++ b/source4/heimdal/lib/krb5/store-int.h
@@ -43,6 +43,7 @@ struct krb5_storage_data {
      void (*free)(struct krb5_storage_data*);
      krb5_flags flags;
      int eof_code;
+    size_t max_alloc;
  };
  
  #endif /* __store_int_h__ */
diff --git a/source4/heimdal/lib/krb5/store.c b/source4/heimdal/lib/krb5/store.c

index 0dedba3d72bf49d569c025f305084893e06fe178..3aeb8d6281443e6253ebd276a6f7752a74f9de43 100644 (file)
--- a/source4/heimdal/lib/krb5/store.c
+++ b/source4/heimdal/lib/krb5/store.c
@@ -119,6 +119,41 @@ krb5_storage_get_byteorder(krb5_storage *sp)
      return sp->flags & KRB5_STORAGE_BYTEORDER_MASK;
  }
  
+/**
+ * Set the max alloc value
+ *
+ * @param sp the storage buffer set the max allow for
+ * @param size maximum size to allocate, use 0 to remove limit
+ *
+ * @ingroup krb5_storage
+ */
+
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
+krb5_storage_set_max_alloc(krb5_storage *sp, size_t size)
+{
+    sp->max_alloc = size;
+}
+
+/* don't allocate unresonable amount of memory */
+static krb5_error_code
+size_too_large(krb5_storage *sp, size_t size)
+{
+    if (sp->max_alloc && sp->max_alloc < size)
+       return HEIM_ERR_TOO_BIG;
+    return 0;
+}
+
+static krb5_error_code
+size_too_large_num(krb5_storage *sp, size_t count, size_t size)
+{
+    if (sp->max_alloc == 0 || size == 0)
+       return 0;
+    size = sp->max_alloc / size;
+    if (size < count)
+       return HEIM_ERR_TOO_BIG;
+    return 0;
+}
+
  /**
   * Seek to a new offset.
   *
@@ -262,10 +297,11 @@ krb5_storage_to_data(krb5_storage *sp, krb5_data *data)
      pos = sp->seek(sp, 0, SEEK_CUR);
      if (pos < 0)
         return HEIM_ERR_NOT_SEEKABLE;
-    size = (size_t)sp->seek(sp, 0, SEEK_END);
-    if (size > (size_t)-1)
-       return HEIM_ERR_TOO_BIG;
-    ret = krb5_data_alloc (data, size);
+    size = sp->seek(sp, 0, SEEK_END);
+    ret = size_too_large(sp, size);
+    if (ret)
+       return ret;
+    ret = krb5_data_alloc(data, size);
      if (ret) {
         sp->seek(sp, pos, SEEK_SET);
         return ret;
@@ -290,8 +326,10 @@ krb5_store_int(krb5_storage *sp,
         return EINVAL;
      _krb5_put_int(v, value, len);
      ret = sp->store(sp, v, len);
-    if (ret != len)
-       return (ret<0)?errno:sp->eof_code;
+    if (ret < 0)
+       return errno;
+    if ((size_t)ret != len)
+       return sp->eof_code;
      return 0;
  }
  
@@ -346,8 +384,10 @@ krb5_ret_int(krb5_storage *sp,
      unsigned char v[4];
      unsigned long w;
      ret = sp->fetch(sp, v, len);
-    if(ret != len)
-       return (ret<0)?errno:sp->eof_code;
+    if (ret < 0)
+       return errno;
+    if ((size_t)ret != len)
+       return sp->eof_code;
      _krb5_get_int(v, &w, len);
      *value = w;
      return 0;
@@ -612,11 +652,10 @@ krb5_store_data(krb5_storage *sp,
      if(ret < 0)
         return ret;
      ret = sp->store(sp, data.data, data.length);
-    if(ret != data.length){
-       if(ret < 0)
-           return errno;
+    if(ret < 0)
+       return errno;
+    if((size_t)ret != data.length)
         return sp->eof_code;
-    }
      return 0;
  }
  
@@ -641,6 +680,9 @@ krb5_ret_data(krb5_storage *sp,
      ret = krb5_ret_int32(sp, &size);
      if(ret)
         return ret;
+    ret = size_too_large(sp, size);
+    if (ret)
+       return ret;
      ret = krb5_data_alloc (data, size);
      if (ret)
         return ret;
@@ -722,12 +764,10 @@ krb5_store_stringz(krb5_storage *sp, const char *s)
      ssize_t ret;
  
      ret = sp->store(sp, s, len);
-    if(ret != len) {
-       if(ret < 0)
-           return ret;
-       else
-           return sp->eof_code;
-    }
+    if(ret < 0)
+       return ret;
+    if((size_t)ret != len)
+       return sp->eof_code;
      return 0;
  }
  
@@ -755,6 +795,9 @@ krb5_ret_stringz(krb5_storage *sp,
         char *tmp;
  
         len++;
+       ret = size_too_large(sp, len);
+       if (ret)
+           break;
         tmp = realloc (s, len);
         if (tmp == NULL) {
             free (s);
@@ -782,12 +825,10 @@ krb5_store_stringnl(krb5_storage *sp, const char *s)
      ssize_t ret;
  
      ret = sp->store(sp, s, len);
-    if(ret != len) {
-       if(ret < 0)
-           return ret;
-       else
-           return sp->eof_code;
-    }
+    if(ret < 0)
+       return ret;
+    if((size_t)ret != len)
+       return sp->eof_code;
      ret = sp->store(sp, "\n", 1);
      if(ret != 1) {
         if(ret < 0)
@@ -823,6 +864,9 @@ krb5_ret_stringnl(krb5_storage *sp,
         }
  
         len++;
+       ret = size_too_large(sp, len);
+       if (ret)
+           break;
         tmp = realloc (s, len);
         if (tmp == NULL) {
             free (s);
@@ -860,7 +904,7 @@ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
  krb5_store_principal(krb5_storage *sp,
                      krb5_const_principal p)
  {
-    int i;
+    size_t i;
      int ret;
  
      if(!krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE)) {
@@ -923,6 +967,11 @@ krb5_ret_principal(krb5_storage *sp,
         free(p);
         return EINVAL;
      }
+    ret = size_too_large_num(sp, ncomp, sizeof(p->name.name_string.val[0]));
+    if (ret) {
+       free(p);
+       return ret;
+    }
      p->name.name_type = type;
      p->name.name_string.len = ncomp;
      ret = krb5_ret_string(sp, &p->realm);
@@ -930,7 +979,7 @@ krb5_ret_principal(krb5_storage *sp,
         free(p);
         return ret;
      }
-    p->name.name_string.val = calloc(ncomp, sizeof(*p->name.name_string.val));
+    p->name.name_string.val = calloc(ncomp, sizeof(p->name.name_string.val[0]));
      if(p->name.name_string.val == NULL && ncomp != 0){
         free(p->realm);
         free(p);
@@ -1122,7 +1171,7 @@ krb5_ret_address(krb5_storage *sp, krb5_address *adr)
  KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
  krb5_store_addrs(krb5_storage *sp, krb5_addresses p)
  {
-    int i;
+    size_t i;
      int ret;
      ret = krb5_store_int32(sp, p.len);
      if(ret) return ret;
@@ -1147,12 +1196,14 @@ krb5_store_addrs(krb5_storage *sp, krb5_addresses p)
  KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
  krb5_ret_addrs(krb5_storage *sp, krb5_addresses *adr)
  {
-    int i;
+    size_t i;
      int ret;
      int32_t tmp;
  
      ret = krb5_ret_int32(sp, &tmp);
      if(ret) return ret;
+    ret = size_too_large_num(sp, tmp, sizeof(adr->val[0]));
+    if (ret) return ret;
      adr->len = tmp;
      ALLOC(adr->val, adr->len);
      if (adr->val == NULL && adr->len != 0)
@@ -1179,7 +1230,7 @@ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
  krb5_store_authdata(krb5_storage *sp, krb5_authdata auth)
  {
      krb5_error_code ret;
-    int i;
+    size_t i;
      ret = krb5_store_int32(sp, auth.len);
      if(ret) return ret;
      for(i = 0; i < auth.len; i++){
@@ -1211,6 +1262,8 @@ krb5_ret_authdata(krb5_storage *sp, krb5_authdata *auth)
      int i;
      ret = krb5_ret_int32(sp, &tmp);
      if(ret) return ret;
+    ret = size_too_large_num(sp, tmp, sizeof(auth->val[0]));
+    if (ret) return ret;
      ALLOC_SEQ(auth, tmp);
      if (auth->val == NULL && tmp != 0)
         return ENOMEM;
@@ -1345,7 +1398,7 @@ krb5_ret_creds(krb5_storage *sp, krb5_creds *creds)
      ret = krb5_ret_data (sp,  &creds->second_ticket);
  cleanup:
      if(ret) {
-#if 0  
+#if 0
         krb5_free_cred_contents(context, creds); /* XXX */
  #endif
      }
@@ -1530,7 +1583,7 @@ krb5_ret_creds_tag(krb5_storage *sp,
  
  cleanup:
      if(ret) {
-#if 0  
+#if 0
         krb5_free_cred_contents(context, creds); /* XXX */
  #endif
      }
diff --git a/source4/heimdal/lib/krb5/store_emem.c b/source4/heimdal/lib/krb5/store_emem.c

index ccda751afb2c1bc2e3fdb77c743c16563dba457a..7f91b0848627a9567dd989549dad356bb48e4d19 100644 (file)
--- a/source4/heimdal/lib/krb5/store_emem.c
+++ b/source4/heimdal/lib/krb5/store_emem.c
@@ -45,7 +45,7 @@ static ssize_t
  emem_fetch(krb5_storage *sp, void *data, size_t size)
  {
      emem_storage *s = (emem_storage*)sp->data;
-    if(s->base + s->len - s->ptr < size)
+    if((size_t)(s->base + s->len - s->ptr) < size)
         size = s->base + s->len - s->ptr;
      memmove(data, s->ptr, size);
      sp->seek(sp, size, SEEK_CUR);
@@ -56,7 +56,7 @@ static ssize_t
  emem_store(krb5_storage *sp, const void *data, size_t size)
  {
      emem_storage *s = (emem_storage*)sp->data;
-    if(size > s->base + s->size - s->ptr){
+    if(size > (size_t)(s->base + s->size - s->ptr)){
         void *base;
         size_t sz, off;
         off = s->ptr - s->base;
@@ -81,12 +81,12 @@ emem_seek(krb5_storage *sp, off_t offset, int whence)
      emem_storage *s = (emem_storage*)sp->data;
      switch(whence){
      case SEEK_SET:
-       if(offset > s->size)
+       if((size_t)offset > s->size)
             offset = s->size;
         if(offset < 0)
             offset = 0;
         s->ptr = s->base + offset;
-       if(offset > s->len)
+       if((size_t)offset > s->len)
             s->len = offset;
         break;
      case SEEK_CUR:
@@ -115,14 +115,14 @@ emem_trunc(krb5_storage *sp, off_t offset)
         s->size = 0;
         s->base = NULL;
         s->ptr = NULL;
-    } else if (offset > s->size || (s->size / 2) > offset) {
+    } else if ((size_t)offset > s->size || (s->size / 2) > (size_t)offset) {
         void *base;
         size_t off;
         off = s->ptr - s->base;
         base = realloc(s->base, offset);
         if(base == NULL)
             return ENOMEM;
-       if (offset > s->size)
+       if ((size_t)offset > s->size)
             memset((char *)base + s->size, 0, offset - s->size);
         s->size = offset;
         s->base = base;
@@ -190,5 +190,6 @@ krb5_storage_emem(void)
      sp->seek = emem_seek;
      sp->trunc = emem_trunc;
      sp->free = emem_free;
+    sp->max_alloc = UINT_MAX/8;
      return sp;
  }
diff --git a/source4/heimdal/lib/krb5/store_fd.c b/source4/heimdal/lib/krb5/store_fd.c

index bd357dbe3bc6b387af056097dc2cb840fbe3332c..2b72dea3a3fcd7866c16f76e3a73aeb66be65ee1 100644 (file)
--- a/source4/heimdal/lib/krb5/store_fd.c
+++ b/source4/heimdal/lib/krb5/store_fd.c
@@ -73,7 +73,7 @@ fd_free(krb5_storage * sp)
  }
  
  /**
- * 
+ *
   *
   * @return A krb5_storage on success, or NULL on out of memory error.
   *
@@ -128,5 +128,6 @@ krb5_storage_from_fd(krb5_socket_t fd_in)
      sp->seek = fd_seek;
      sp->trunc = fd_trunc;
      sp->free = fd_free;
+    sp->max_alloc = UINT_MAX/8;
      return sp;
  }
diff --git a/source4/heimdal/lib/krb5/store_mem.c b/source4/heimdal/lib/krb5/store_mem.c

index b79bc19155ad23070e8d456eab2fbfc048391bb4..e674a95dbad09eca22ab83664f16c68d4cff5390 100644 (file)
--- a/source4/heimdal/lib/krb5/store_mem.c
+++ b/source4/heimdal/lib/krb5/store_mem.c
@@ -44,7 +44,7 @@ static ssize_t
  mem_fetch(krb5_storage *sp, void *data, size_t size)
  {
      mem_storage *s = (mem_storage*)sp->data;
-    if(size > s->base + s->size - s->ptr)
+    if(size > (size_t)(s->base + s->size - s->ptr))
         size = s->base + s->size - s->ptr;
      memmove(data, s->ptr, size);
      sp->seek(sp, size, SEEK_CUR);
@@ -55,7 +55,7 @@ static ssize_t
  mem_store(krb5_storage *sp, const void *data, size_t size)
  {
      mem_storage *s = (mem_storage*)sp->data;
-    if(size > s->base + s->size - s->ptr)
+    if(size > (size_t)(s->base + s->size - s->ptr))
         size = s->base + s->size - s->ptr;
      memmove(s->ptr, data, size);
      sp->seek(sp, size, SEEK_CUR);
@@ -74,7 +74,7 @@ mem_seek(krb5_storage *sp, off_t offset, int whence)
      mem_storage *s = (mem_storage*)sp->data;
      switch(whence){
      case SEEK_SET:
-       if(offset > s->size)
+       if((size_t)offset > s->size)
             offset = s->size;
         if(offset < 0)
             offset = 0;
@@ -95,7 +95,7 @@ static int
  mem_trunc(krb5_storage *sp, off_t offset)
  {
      mem_storage *s = (mem_storage*)sp->data;
-    if(offset > s->size)
+    if((size_t)offset > s->size)
         return ERANGE;
      s->size = offset;
      if ((s->ptr - s->base) > offset)
@@ -145,6 +145,7 @@ krb5_storage_from_mem(void *buf, size_t len)
      sp->seek = mem_seek;
      sp->trunc = mem_trunc;
      sp->free = NULL;
+    sp->max_alloc = UINT_MAX/8;
      return sp;
  }
  
@@ -203,5 +204,6 @@ krb5_storage_from_readonly_mem(const void *buf, size_t len)
      sp->seek = mem_seek;
      sp->trunc = mem_no_trunc;
      sp->free = NULL;
+    sp->max_alloc = UINT_MAX/8;
      return sp;
  }
diff --git a/source4/heimdal/lib/krb5/ticket.c b/source4/heimdal/lib/krb5/ticket.c

index d816242f094765121a0d7e10e227e9bc6d4030db..09bff30fe92209527e5a6aeefeb65cce739ebe3f 100644 (file)
--- a/source4/heimdal/lib/krb5/ticket.c
+++ b/source4/heimdal/lib/krb5/ticket.c
@@ -195,7 +195,7 @@ find_type_in_ad(krb5_context context,
                 int level)
  {
      krb5_error_code ret = 0;
-    int i;
+    size_t i;
  
      if (level > 9) {
         ret = ENOENT; /* XXX */
@@ -639,7 +639,7 @@ decrypt_tkt (krb5_context context,
                                    &size);
      krb5_data_free (&data);
      if (ret) {
-        krb5_set_error_message(context, ret, 
+        krb5_set_error_message(context, ret,
                                N_("Failed to decode encpart in ticket", ""));
         return ret;
      }
@@ -661,7 +661,7 @@ _krb5_extract_ticket(krb5_context context,
  {
      krb5_error_code ret;
      krb5_principal tmp_principal;
-    size_t len;
+    size_t len = 0;
      time_t tmp_time;
      krb5_timestamp sec_now;
  
@@ -757,7 +757,7 @@ _krb5_extract_ticket(krb5_context context,
  
      /* compare nonces */
  
-    if (nonce != rep->enc_part.nonce) {
+    if (nonce != (unsigned)rep->enc_part.nonce) {
         ret = KRB5KRB_AP_ERR_MODIFIED;
         krb5_set_error_message(context, ret, N_("malloc: out of memory", ""));
         goto out;
@@ -837,7 +837,7 @@ _krb5_extract_ticket(krb5_context context,
         creds->addresses.val = NULL;
      }
      creds->flags.b = rep->enc_part.flags;
-       
+
      creds->authdata.len = 0;
      creds->authdata.val = NULL;
  
diff --git a/source4/heimdal/lib/krb5/transited.c b/source4/heimdal/lib/krb5/transited.c

index a72adc0351f3b59df71abe9784f522ac2f1bf4e9..5e21987bca917c77ed6f3c5a82b111eb704ca125 100644 (file)
--- a/source4/heimdal/lib/krb5/transited.c
+++ b/source4/heimdal/lib/krb5/transited.c
@@ -55,7 +55,7 @@ free_realms(struct tr_realm *r)
         r = r->next;
         free(p->realm);
         free(p);
-    }  
+    }
  }
  
  static int
@@ -71,7 +71,7 @@ make_path(krb5_context context, struct tr_realm *r,
         from = to;
         to = str;
      }
-       
+
      if(strcmp(from + strlen(from) - strlen(to), to) == 0){
         p = from;
         while(1){
@@ -84,20 +84,15 @@ make_path(krb5_context context, struct tr_realm *r,
             if(strcmp(p, to) == 0)
                 break;
             tmp = calloc(1, sizeof(*tmp));
-           if(tmp == NULL){
-               krb5_set_error_message(context, ENOMEM,
-                                      N_("malloc: out of memory", ""));
-               return ENOMEM;
-           }
+           if(tmp == NULL)
+               return krb5_enomem(context);
             tmp->next = r->next;
             r->next = tmp;
             tmp->realm = strdup(p);
             if(tmp->realm == NULL){
                 r->next = tmp->next;
                 free(tmp);
-               krb5_set_error_message(context, ENOMEM,
-                                      N_("malloc: out of memory", ""));
-               return ENOMEM;;
+               return krb5_enomem(context);
             }
         }
      }else if(strncmp(from, to, strlen(to)) == 0){
@@ -110,20 +105,15 @@ make_path(krb5_context context, struct tr_realm *r,
             if(strncmp(to, from, p - from) == 0)
                 break;
             tmp = calloc(1, sizeof(*tmp));
-           if(tmp == NULL){
-               krb5_set_error_message(context, ENOMEM,
-                                      N_("malloc: out of memory", ""));
-               return ENOMEM;
-           }
+           if(tmp == NULL)
+               return krb5_enomem(context);
             tmp->next = r->next;
             r->next = tmp;
             tmp->realm = malloc(p - from + 1);
             if(tmp->realm == NULL){
                 r->next = tmp->next;
                 free(tmp);
-               krb5_set_error_message(context, ENOMEM,
-                                      N_("malloc: out of memory", ""));
-               return ENOMEM;
+               return krb5_enomem(context);
             }
             memcpy(tmp->realm, from, p - from);
             tmp->realm[p - from] = '\0';
@@ -187,9 +177,7 @@ expand_realms(krb5_context context,
             tmp = realloc(r->realm, len);
             if(tmp == NULL){
                 free_realms(realms);
-               krb5_set_error_message(context, ENOMEM,
-                                      N_("malloc: out of memory", ""));
-               return ENOMEM;
+               return krb5_enomem(context);
             }
             r->realm = tmp;
             strlcat(r->realm, prev_realm, len);
@@ -202,9 +190,7 @@ expand_realms(krb5_context context,
             tmp = malloc(len);
             if(tmp == NULL){
                 free_realms(realms);
-               krb5_set_error_message(context, ENOMEM,
-                                      N_("malloc: out of memory", ""));
-               return ENOMEM;
+               return krb5_enomem(context);
             }
             strlcpy(tmp, prev_realm, len);
             strlcat(tmp, r->realm, len);
@@ -288,19 +274,14 @@ decode_realms(krb5_context context,
         }
         if(tr[i] == ','){
             tmp = malloc(tr + i - start + 1);
-           if(tmp == NULL){
-               krb5_set_error_message(context, ENOMEM,
-                                      N_("malloc: out of memory", ""));
-               return ENOMEM;
-           }
+           if(tmp == NULL)
+               return krb5_enomem(context);
             memcpy(tmp, start, tr + i - start);
             tmp[tr + i - start] = '\0';
             r = make_realm(tmp);
             if(r == NULL){
                 free_realms(*realms);
-               krb5_set_error_message(context, ENOMEM,
-                                      N_("malloc: out of memory", ""));
-               return ENOMEM;
+               return krb5_enomem(context);
             }
             *realms = append_realm(*realms, r);
             start = tr + i + 1;
@@ -309,18 +290,14 @@ decode_realms(krb5_context context,
      tmp = malloc(tr + i - start + 1);
      if(tmp == NULL){
         free(*realms);
-       krb5_set_error_message(context, ENOMEM,
-                              N_("malloc: out of memory", ""));
-       return ENOMEM;
+       return krb5_enomem(context);
      }
      memcpy(tmp, start, tr + i - start);
      tmp[tr + i - start] = '\0';
      r = make_realm(tmp);
      if(r == NULL){
         free_realms(*realms);
-       krb5_set_error_message(context, ENOMEM,
-                              N_("malloc: out of memory", ""));
-       return ENOMEM;
+       return krb5_enomem(context);
      }
      *realms = append_realm(*realms, r);
  
@@ -370,14 +347,14 @@ krb5_domain_x500_decode(krb5_context context,
             (*num_realms)++;
         }
      }
-    if (*num_realms < 0 || *num_realms + 1 > UINT_MAX/sizeof(**realms))
+    if (*num_realms + 1 > UINT_MAX/sizeof(**realms))
         return ERANGE;
  
      {
         char **R;
         R = malloc((*num_realms + 1) * sizeof(*R));
         if (R == NULL)
-           return ENOMEM;
+           return krb5_enomem(context);
         *realms = R;
         while(r){
             *R++ = r->realm;
@@ -410,7 +387,7 @@ krb5_domain_x500_encode(char **realms, unsigned int num_realms,
         return ENOMEM;
      *s = '\0';
      for(i = 0; i < num_realms; i++){
-       if(i && i < num_realms - 1)
+       if(i)
             strlcat(s, ",", len + 1);
         if(realms[i][0] == '/')
             strlcat(s, " ", len + 1);
@@ -431,7 +408,7 @@ krb5_check_transited(krb5_context context,
  {
      char **tr_realms;
      char **p;
-    int i;
+    size_t i;
  
      if(num_realms == 0)
         return 0;
@@ -467,7 +444,7 @@ krb5_check_transited_realms(krb5_context context,
                             unsigned int num_realms,
                             int *bad_realm)
  {
-    int i;
+    size_t i;
      int ret = 0;
      char **bad_realms = krb5_config_get_strings(context, NULL,
                                                 "libdefaults",
diff --git a/source4/heimdal/lib/krb5/version-script.map b/source4/heimdal/lib/krb5/version-script.map

index c32a094f6d8ba3a7ca33e85634802ef770912b2b..fad84ebb5ba6b8432b74ec4bdea0b4b50c7bcf9d 100644 (file)
--- a/source4/heimdal/lib/krb5/version-script.map
+++ b/source4/heimdal/lib/krb5/version-script.map
@@ -167,6 +167,7 @@ HEIMDAL_KRB5_2.0 {
                 krb5_copy_checksum;
                 krb5_copy_creds;
                 krb5_copy_creds_contents;
+               krb5_copy_context;
                 krb5_copy_data;
                 krb5_copy_host_realm;
                 krb5_copy_keyblock;
@@ -383,10 +384,11 @@ HEIMDAL_KRB5_2.0 {
                 krb5_hmac;
                 krb5_init_context;
                 krb5_init_ets;
-               krb5_init_etype;
                 krb5_initlog;
                 krb5_is_config_principal;
                 krb5_is_thread_safe;
+               krb5_kcm_call;
+               krb5_kcm_storage_request;
                 krb5_kerberos_enctypes;
                 krb5_keyblock_get_enctype;
                 krb5_keyblock_init;
@@ -418,6 +420,7 @@ HEIMDAL_KRB5_2.0 {
                 krb5_kt_get_full_name;
                 krb5_kt_get_name;
                 krb5_kt_get_type;
+               krb5_kt_have_content;
                 krb5_kt_next_entry;
                 krb5_kt_read_service_key;
                 krb5_kt_register;
@@ -602,6 +605,7 @@ HEIMDAL_KRB5_2.0 {
                 krb5_storage_set_byteorder;
                 krb5_storage_set_eof_code;
                 krb5_storage_set_flags;
+               krb5_storage_set_max_alloc;
                 krb5_storage_to_data;
                 krb5_storage_truncate;
                 krb5_storage_write;
diff --git a/source4/heimdal/lib/krb5/warn.c b/source4/heimdal/lib/krb5/warn.c

index f7581d1f90b53a54afd7e89cecc2bcb3fd27e74c..cb3be76fccff5a2118a2be034a17feb112f341b8 100644 (file)
--- a/source4/heimdal/lib/krb5/warn.c
+++ b/source4/heimdal/lib/krb5/warn.c
@@ -37,7 +37,7 @@
  static krb5_error_code _warnerr(krb5_context context, int do_errtext,
          krb5_error_code code, int level, const char *fmt, va_list ap)
         __attribute__((__format__(__printf__, 5, 0)));
-       
+
  static krb5_error_code
  _warnerr(krb5_context context, int do_errtext,
          krb5_error_code code, int level, const char *fmt, va_list ap)
@@ -69,7 +69,7 @@ _warnerr(krb5_context context, int do_errtext,
             *arg= "<unknown error>";
         }
      }
-       
+
      if(context && context->warn_dest)
         krb5_log(context, context->warn_dest, level, xfmt, args[0], args[1]);
      else
diff --git a/source4/heimdal/lib/ntlm/ntlm.c b/source4/heimdal/lib/ntlm/ntlm.c

index 6dad519d4a9161e18c8580a3145523f8dff0733c..7aafc8c0aa7a28cd7d2ae5ced4de6461746751f5 100644 (file)
--- a/source4/heimdal/lib/ntlm/ntlm.c
+++ b/source4/heimdal/lib/ntlm/ntlm.c
@@ -109,8 +109,12 @@ static const unsigned char ntlmsigature[8] = "NTLMSSP\x00";
  
  #define CHECK(f, e)                                                    \
      do {                                                               \
-       ret = f ; if (ret != (e)) { ret = HNTLM_ERR_DECODE; goto out; } } \
-    while(0)
+       ret = f;                                                        \
+       if (ret != (ssize_t)(e)) {                                      \
+           ret = HNTLM_ERR_DECODE;                                     \
+           goto out;                                                   \
+       }                                                               \
+    } while(/*CONSTCOND*/0)
  
  static struct units ntlm_flag_units[] = {
  #define ntlm_flag(x) { #x, NTLM_##x }
@@ -289,7 +293,7 @@ ret_sec_string(krb5_storage *sp, int ucs2, struct sec_buffer *desc, char **s)
      CHECK(krb5_storage_seek(sp, desc->offset, SEEK_SET), desc->offset);
      CHECK(ret_string(sp, ucs2, desc->length, s), 0);
   out:
-    return ret; 
+    return ret;
  }
  
  static krb5_error_code
@@ -1025,7 +1029,7 @@ splitandenc(unsigned char *hash,
      key[7] = (hash[6] << 1);
  
      EVP_CIPHER_CTX_init(&ctx);
-    
+
      EVP_CipherInit_ex(&ctx, EVP_des_cbc(), NULL, key, NULL, 1);
      EVP_Cipher(&ctx, answer, challenge, 8);
      EVP_CIPHER_CTX_cleanup(&ctx);
@@ -1129,7 +1133,7 @@ heim_ntlm_v1_base_session(void *key, size_t len,
         session->length = 0;
         return ENOMEM;
      }
-    
+
      m = EVP_MD_CTX_create();
      if (m == NULL) {
         heim_ntlm_free_buf(session);
@@ -1399,7 +1403,7 @@ static time_t
  nt2unixtime(uint64_t t)
  {
      t = ((t - (uint64_t)NTTIME_EPOCH) / (uint64_t)10000000);
-    if (t > (((time_t)(~(uint64_t)0)) >> 1))
+    if (t > (((uint64_t)(time_t)(~(uint64_t)0)) >> 1))
         return 0;
      return (time_t)t;
  }
diff --git a/source4/heimdal/lib/roken/dumpdata.c b/source4/heimdal/lib/roken/dumpdata.c

index f30f0e54ccac970b9de7d3211bc170422d567de3..844360187f87e47671e9d2a4679b91fa1fed7b68 100644 (file)
--- a/source4/heimdal/lib/roken/dumpdata.c
+++ b/source4/heimdal/lib/roken/dumpdata.c
@@ -81,7 +81,7 @@ rk_undumpdata(const char *filename, void **buf, size_t *size)
      sret = net_read(fd, *buf, *size);
      if (sret < 0)
         ret = errno;
-    else if (sret != *size) {
+    else if (sret != (ssize_t)*size) {
         ret = EINVAL;
         free(*buf);
         *buf = NULL;
diff --git a/source4/heimdal/lib/roken/get_window_size.c b/source4/heimdal/lib/roken/get_window_size.c

index 13e7ebf15748e9ef9cebb52076642de46cce67f4..5a4a1753fef5ffece379ce096b126978924e567d 100644 (file)
--- a/source4/heimdal/lib/roken/get_window_size.c
+++ b/source4/heimdal/lib/roken/get_window_size.c
@@ -58,32 +58,46 @@
  #include "roken.h"
  
  ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
-get_window_size(int fd, struct winsize *wp)
+get_window_size(int fd, int *lines, int *columns)
  {
-    int ret = -1;
-
-    memset(wp, 0, sizeof(*wp));
+    char *s;
  
  #if defined(TIOCGWINSZ)
-    ret = ioctl(fd, TIOCGWINSZ, wp);
+    {
+       struct winsize ws;
+        int ret;
+       ret = ioctl(fd, TIOCGWINSZ, &ws);
+       if (ret != -1) {
+           if (lines)
+               *lines = ws.ws_row;
+           if (columns)
+               *columns = ws.ws_col;
+           return 0;
+       }
+    }
  #elif defined(TIOCGSIZE)
      {
         struct ttysize ts;
-       
+        int ret;
         ret = ioctl(fd, TIOCGSIZE, &ts);
-       if(ret == 0) {
-           wp->ws_row = ts.ts_lines;
-           wp->ws_col = ts.ts_cols;
-       }
+       if (ret != -1) {
+           if (lines)
+               *lines = ts.ws_lines;
+           if (columns)
+               *columns = ts.ts_cols;
+           return 0;
+       }
      }
  #elif defined(HAVE__SCRSIZE)
      {
         int dst[2];
-       
-       _scrsize(dst);
-       wp->ws_row = dst[1];
-       wp->ws_col = dst[0];
-       ret = 0;
+
+       _scrsize(dst);
+       if (lines)
+           *lines = dst[1];
+       if (columns)
+           *columns = dst[0];
+       return 0;
      }
  #elif defined(_WIN32)
      {
@@ -93,21 +107,26 @@ get_window_size(int fd, struct winsize *wp)
          fh = _get_osfhandle(fd);
          if (fh != (intptr_t) INVALID_HANDLE_VALUE &&
              GetConsoleScreenBufferInfo((HANDLE) fh, &sb_info)) {
-            wp->ws_row = 1 + sb_info.srWindow.Bottom - sb_info.srWindow.Top;
-            wp->ws_col = 1 + sb_info.srWindow.Right - sb_info.srWindow.Left;
+            if (lines)
+                *lines = 1 + sb_info.srWindow.Bottom - sb_info.srWindow.Top;
+            if (columns)
+                *columns = 1 + sb_info.srWindow.Right - sb_info.srWindow.Left;
  
-            ret = 0;
+            return 0;
          }
      }
  #endif
-    if (ret != 0) {
-        char *s;
-        if((s = getenv("COLUMNS")))
-           wp->ws_col = atoi(s);
-       if((s = getenv("LINES")))
-           wp->ws_row = atoi(s);
-       if(wp->ws_col > 0 && wp->ws_row > 0)
-           ret = 0;
+    if (columns) {
+       if ((s = getenv("COLUMNS")))
+           *columns = atoi(s);
+       else
+           return -1;
+    }
+    if (lines) {
+       if ((s = getenv("LINES")))
+           *lines = atoi(s);
+       else
+           return -1;
      }
-    return ret;
+    return 0;
  }
diff --git a/source4/heimdal/lib/roken/getarg.c b/source4/heimdal/lib/roken/getarg.c

index a96e5c85bf2b5385f363e2a2b59d6e976c677883..d6a5048689598bde5dab4f7cb2f2aa2a6ad611a9 100644 (file)
--- a/source4/heimdal/lib/roken/getarg.c
+++ b/source4/heimdal/lib/roken/getarg.c
@@ -114,8 +114,7 @@ mandoc_template(struct getargs *args,
      printf(".Os OPERATING_SYSTEM\n");
      printf(".Sh NAME\n");
      printf(".Nm %s\n", p);
-    printf(".Nd\n");
-    printf("in search of a description\n");
+    printf(".Nd in search of a description\n");
      printf(".Sh SYNOPSIS\n");
      printf(".Nm\n");
      for(i = 0; i < num_args; i++){
@@ -133,7 +132,7 @@ mandoc_template(struct getargs *args,
             }
             if(args[i].long_name) {
                 print_arg(buf, sizeof(buf), 1, 1, args + i, i18n);
-               printf("Fl -%s%s%s",
+               printf("Fl Fl %s%s%s",
                        args[i].type == arg_negative_flag ? "no-" : "",
                        args[i].long_name, buf);
             }
@@ -142,7 +141,7 @@ mandoc_template(struct getargs *args,
             print_arg(buf, sizeof(buf), 1, 0, args + i, i18n);
             printf(".Oo Fl %c%s \\*(Ba Xo\n", args[i].short_name, buf);
             print_arg(buf, sizeof(buf), 1, 1, args + i, i18n);
-           printf(".Fl -%s%s\n.Xc\n.Oc\n", args[i].long_name, buf);
+           printf(".Fl Fl %s%s\n.Xc\n.Oc\n", args[i].long_name, buf);
         }
      /*
             if(args[i].type == arg_strings)
@@ -165,7 +164,7 @@ mandoc_template(struct getargs *args,
             printf("\n");
         }
         if(args[i].long_name){
-           printf(".Fl -%s%s",
+           printf(".Fl Fl %s%s",
                    args[i].type == arg_negative_flag ? "no-" : "",
                    args[i].long_name);
             print_arg(buf, sizeof(buf), 1, 1, args + i, i18n);
@@ -228,7 +227,6 @@ arg_printusage_i18n (struct getargs *args,
      size_t i, max_len = 0;
      char buf[128];
      int col = 0, columns;
-    struct winsize ws;
  
      if (progname == NULL)
         progname = getprogname();
@@ -240,9 +238,7 @@ arg_printusage_i18n (struct getargs *args,
         mandoc_template(args, num_args, progname, extra_string, i18n);
         return;
      }
-    if(get_window_size(2, &ws) == 0)
-       columns = ws.ws_col;
-    else
+    if(get_window_size(2, NULL, &columns) == -1)
         columns = 80;
      col = 0;
      col += fprintf (stderr, "%s: %s", usage, progname);
@@ -352,7 +348,7 @@ static int
  arg_match_long(struct getargs *args, size_t num_args,
                char *argv, int argc, char **rargv, int *goptind)
  {
-    int i;
+    size_t i;
      char *goptarg = NULL;
      int negate = 0;
      int partial_match = 0;
@@ -477,7 +473,7 @@ static int
  arg_match_short (struct getargs *args, size_t num_args,
                  char *argv, int argc, char **rargv, int *goptind)
  {
-    int j, k;
+    size_t j, k;
  
      for(j = 1; j > 0 && j < strlen(rargv[*goptind]); j++) {
         for(k = 0; k < num_args; k++) {
@@ -500,9 +496,11 @@ arg_match_short (struct getargs *args, size_t num_args,
                 }
                 if(args[k].type == arg_collect) {
                     struct getarg_collect_info *c = args[k].value;
+                   int a = (int)j;
  
-                   if((*c->func)(TRUE, argc, rargv, goptind, &j, c->data))
+                   if((*c->func)(TRUE, argc, rargv, goptind, &a, c->data))
                         return ARG_ERR_BAD_ARG;
+                   j = a;
                     break;
                 }
  
diff --git a/source4/heimdal/lib/roken/hex.c b/source4/heimdal/lib/roken/hex.c

index 91590dd49d55a644586a8138b2f56cb940200158..c66b324f7900f0d5329b49218ddf3a03d33048ce 100644 (file)
--- a/source4/heimdal/lib/roken/hex.c
+++ b/source4/heimdal/lib/roken/hex.c
@@ -37,7 +37,7 @@
  #include <ctype.h>
  #include "hex.h"
  
-const static char hexchar[] = "0123456789ABCDEF";
+static const char hexchar[16] = "0123456789ABCDEF";
  
  static int
  pos(char c)
@@ -86,14 +86,13 @@ hex_decode(const char *str, void *data, size_t len)
      size_t l;
      unsigned char *p = data;
      size_t i;
-       
+
      l = strlen(str);
  
      /* check for overflow, same as (l+1)/2 but overflow safe */
      if ((l/2) + (l&1) > len)
         return -1;
  
-    i = 0;
      if (l & 1) {
         p[0] = pos(str[0]);
         str++;
diff --git a/source4/heimdal/lib/roken/parse_units.c b/source4/heimdal/lib/roken/parse_units.c

index d2857cfa07ecc1bc92b3e159098074e20617450e..8b3cdf40e59e5b44a56f62e45e8a6282af9361ec 100644 (file)
--- a/source4/heimdal/lib/roken/parse_units.c
+++ b/source4/heimdal/lib/roken/parse_units.c
@@ -267,7 +267,7 @@ ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
  print_units_table (const struct units *units, FILE *f)
  {
      const struct units *u, *u2;
-    int max_sz = 0;
+    size_t max_sz = 0;
  
      for (u = units; u->name; ++u) {
         max_sz = max(max_sz, strlen(u->name));
@@ -288,7 +288,7 @@ print_units_table (const struct units *units, FILE *f)
             if (u2->name == NULL)
                 --u2;
             unparse_units (u->mult, u2, buf, sizeof(buf));
-           fprintf (f, "1 %*s = %s\n", max_sz, u->name, buf);
+           fprintf (f, "1 %*s = %s\n", (int)max_sz, u->name, buf);
         } else {
             fprintf (f, "1 %s\n", u->name);
         }
diff --git a/source4/heimdal/lib/roken/resolve.c b/source4/heimdal/lib/roken/resolve.c

index 03715e5ffd71da2df94a78964eac7dda7e9d0b06..b27f37a6d6d1ca34042d0c5fdd23ce47e9cc8393 100644 (file)
--- a/source4/heimdal/lib/roken/resolve.c
+++ b/source4/heimdal/lib/roken/resolve.c
@@ -194,7 +194,7 @@ parse_record(const unsigned char *data, const unsigned char *end_data,
             dns_free_rr(rr);
             return -1;
         }
-       if (status + 2 > size) {
+       if ((size_t)status + 2 > size) {
             dns_free_rr(rr);
             return -1;
         }
@@ -217,7 +217,7 @@ parse_record(const unsigned char *data, const unsigned char *end_data,
             dns_free_rr(rr);
             return -1;
         }
-       if (status + 6 > size) {
+       if ((size_t)status + 6 > size) {
             dns_free_rr(rr);
             return -1;
         }
@@ -237,7 +237,7 @@ parse_record(const unsigned char *data, const unsigned char *end_data,
         break;
      }
      case rk_ns_t_txt:{
-       if(size == 0 || size < *p + 1) {
+       if(size == 0 || size < (unsigned)(*p + 1)) {
             dns_free_rr(rr);
             return -1;
         }
@@ -284,7 +284,7 @@ parse_record(const unsigned char *data, const unsigned char *end_data,
             dns_free_rr(rr);
             return -1;
         }
-       if (status + 18 > size) {
+       if ((size_t)status + 18 > size) {
             dns_free_rr(rr);
             return -1;
         }
@@ -409,7 +409,7 @@ parse_reply(const unsigned char *data, size_t len)
  {
      const unsigned char *p;
      int status;
-    int i;
+    size_t i;
      char host[MAXDNAME];
      const unsigned char *end_data = data + len;
      struct rk_dns_reply *r;
@@ -528,7 +528,7 @@ dns_lookup_int(const char *domain, int rr_class, int rr_type)
      struct sockaddr_storage from;
      uint32_t fromsize = sizeof(from);
      dns_handle_t handle;
-    
+
      handle = dns_open(NULL);
      if (handle == NULL)
         return NULL;
diff --git a/source4/heimdal/lib/roken/rkpty.c b/source4/heimdal/lib/roken/rkpty.c

index 0faf66861593f31590a8633c643b4bdda4ae1fce..f2c62f23f39c046eb7c8521f73acefdb37d2e25c 100644 (file)
--- a/source4/heimdal/lib/roken/rkpty.c
+++ b/source4/heimdal/lib/roken/rkpty.c
@@ -107,9 +107,9 @@ open_pty(void)
      {
         char *clone[] = {
             "/dev/ptc",
-           "/dev/ptmx", 
+           "/dev/ptmx",
             "/dev/ptm",
-           "/dev/ptym/clone", 
+           "/dev/ptym/clone",
             NULL
         };
         char **q;
@@ -372,7 +372,7 @@ main(int argc, char **argv)
             sa.sa_handler = caught_signal;
             sa.sa_flags = 0;
             sigemptyset (&sa.sa_mask);
-       
+
             sigaction(SIGALRM, &sa, NULL);
         }
  
diff --git a/source4/heimdal/lib/roken/roken.h.in b/source4/heimdal/lib/roken/roken.h.in

index 1ca3c10dc91e18bd6d836e82c0ae5758ba61fd2e..a6299aee8e551fcc6cd44148918a4a53909bc173 100644 (file)
--- a/source4/heimdal/lib/roken/roken.h.in
+++ b/source4/heimdal/lib/roken/roken.h.in
@@ -105,6 +105,10 @@ typedef int rk_socket_t;
  
  #endif
  
+#ifndef IN_LOOPBACKNET
+#define IN_LOOPBACKNET 127
+#endif
+
  #ifdef _MSC_VER
  /* Declarations for Microsoft Visual C runtime on Windows */
  
@@ -759,7 +763,7 @@ struct winsize {
  };
  #endif
  
-ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL get_window_size(int fd, struct winsize *);
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL get_window_size(int fd, int *, int *);
  
  #ifndef HAVE_VSYSLOG
  #define vsyslog rk_vsyslog
@@ -932,6 +936,7 @@ strptime (const char *, const char *, struct tm *);
  #endif
  
  #ifndef HAVE_GETTIMEOFDAY
+#define gettimeofday rk_gettimeofday
  ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
  gettimeofday (struct timeval *, void *);
  #endif
@@ -1098,6 +1103,18 @@ rk_qsort(void *, size_t, size_t, int (*)(const void *, const void *));
  #define rk_random() rand()
  #endif
  
+#ifndef HAVE_TDELETE
+#define tdelete(a,b,c) rk_tdelete(a,b,c)
+#endif
+#ifndef HAVE_TFIND
+#define tfind(a,b,c) rk_tfind(a,b,c)
+#endif
+#ifndef HAVE_TSEARCH
+#define tsearch(a,b,c) rk_tsearch(a,b,c)
+#endif
+#ifndef HAVE_TWALK
+#define twalk(a,b) rk_twalk(a,b)
+#endif
  
  #if defined(__linux__) && defined(SOCK_CLOEXEC) && !defined(SOCKET_WRAPPER_REPLACE) && !defined(__SOCKET_WRAPPER_H__)
  #undef socket
diff --git a/source4/heimdal/lib/roken/roken_gethostby.c b/source4/heimdal/lib/roken/roken_gethostby.c

index 1d6c8ffe8af10de876058451a42741853f5072e5..1bb560d3baf4ed20a91cafdd5c09d1ed831df774 100644 (file)
--- a/source4/heimdal/lib/roken/roken_gethostby.c
+++ b/source4/heimdal/lib/roken/roken_gethostby.c
@@ -142,6 +142,7 @@ roken_gethostby(const char *hostname)
      int offset = 0;
      int n;
      char *p, *foo;
+    size_t len;
  
      if(dns_addr.sin_family == 0)
         return NULL; /* no configured host */
@@ -160,7 +161,9 @@ roken_gethostby(const char *hostname)
         free(request);
         return NULL;
      }
-    if(write(s, request, strlen(request)) != strlen(request)) {
+
+    len = strlen(request);
+    if(write(s, request, len) != (ssize_t)len) {
         close(s);
         free(request);
         return NULL;
@@ -188,12 +191,12 @@ roken_gethostby(const char *hostname)
         static char addrs[4 * MAX_ADDRS];
         static char *addr_list[MAX_ADDRS + 1];
         int num_addrs = 0;
-       
+
         he.h_name = p;
         he.h_aliases = NULL;
         he.h_addrtype = AF_INET;
         he.h_length = 4;
-       
+
         while((p = strtok_r(NULL, " \t\r\n", &foo)) && num_addrs < MAX_ADDRS) {
             struct in_addr ip;
             inet_aton(p, &ip);
diff --git a/source4/heimdal/lib/roken/socket.c b/source4/heimdal/lib/roken/socket.c

index 8797f957723ce2a832f5f2c8dd7ec1eebaa2c557..017d6252ea16e02593fa2f4a0b90b15d97bdd312 100644 (file)
--- a/source4/heimdal/lib/roken/socket.c
+++ b/source4/heimdal/lib/roken/socket.c
@@ -233,7 +233,7 @@ socket_set_portrange (rk_socket_t sock, int restr, int af)
         }
  #endif
  }
-       
+
  /*
   * Enable debug on `sock'.
   */
diff --git a/source4/heimdal/lib/roken/strsep_copy.c b/source4/heimdal/lib/roken/strsep_copy.c

index 9624b5a46f3091819f91315830c47c6247862530..1228f1a4504813f0f41368f6f7c0b2e1387aa5b5 100644 (file)
--- a/source4/heimdal/lib/roken/strsep_copy.c
+++ b/source4/heimdal/lib/roken/strsep_copy.c
@@ -49,7 +49,7 @@ strsep_copy(const char **stringp, const char *delim, char *buf, size_t len)
      if(save == NULL)
         return -1;
      *stringp = *stringp + strcspn(*stringp, delim);
-    l = min(len, *stringp - save);
+    l = min(len, (size_t)(*stringp - save));
      if(len > 0) {
         memcpy(buf, save, l);
         buf[l] = '\0';
diff --git a/source4/heimdal/lib/roken/version-script.map b/source4/heimdal/lib/roken/version-script.map

index 1baa4b182a2ac1bdbbc610cab88b3a48fb5a97fa..9229a373cd7dc1f8b2686ce65424bdfbc24a1ee7 100644 (file)
--- a/source4/heimdal/lib/roken/version-script.map
+++ b/source4/heimdal/lib/roken/version-script.map
@@ -139,6 +139,10 @@ HEIMDAL_ROKEN_1.0 {
                 rk_timevaladd;
                 rk_timevalfix;
                 rk_timevalsub;
+               rk_tdelete;
+               rk_tfind;
+               rk_tsearch;
+               rk_twalk;
                 rk_undumpdata;
                 rk_unvis;
                 rk_vasnprintf;
diff --git a/source4/heimdal/lib/vers/print_version.c b/source4/heimdal/lib/vers/print_version.c

index c702ae0fceeb94ae3873ed801626c72641650629..23cd25e0c67ec99a1ab639261fde33358ad1bc3a 100644 (file)
--- a/source4/heimdal/lib/vers/print_version.c
+++ b/source4/heimdal/lib/vers/print_version.c
@@ -51,6 +51,8 @@ print_version(const char *progname)
      if(*package_list == '\0')
         package_list = "no version information";
      fprintf(stderr, "%s (%s)\n", progname, package_list);
-    fprintf(stderr, "Copyright 1995-2010 Kungliga Tekniska Högskolan\n");
+    fprintf(stderr, "Copyright 1995-2011 Kungliga Tekniska Högskolan\n");
+#ifdef PACKAGE_BUGREPORT
      fprintf(stderr, "Send bug-reports to %s\n", PACKAGE_BUGREPORT);
+#endif
  }
diff --git a/source4/heimdal/lib/wind/ldap.c b/source4/heimdal/lib/wind/ldap.c

index 503ec75a9f5501e28fdaa4b911e9aecbd9662a1a..e7cab8eef32213d76840e1d997dc9ad917ddd29b 100644 (file)
--- a/source4/heimdal/lib/wind/ldap.c
+++ b/source4/heimdal/lib/wind/ldap.c
@@ -61,7 +61,7 @@ _wind_ldap_case_exact_attribute(const uint32_t *tmp,
         return WIND_ERR_OVERRUN;
      while(i < olen && tmp[i] == 0x20) /* skip initial spaces */
         i++;
-       
+
      while (i < olen) {
         if (tmp[i] == 0x20) {
             if (put_char(out, &o, 0x20, *out_len) ||
@@ -72,7 +72,7 @@ _wind_ldap_case_exact_attribute(const uint32_t *tmp,
         } else {
             if (put_char(out, &o, tmp[i++], *out_len))
                 return WIND_ERR_OVERRUN;
-       }       
+       }
      }
      assert(o > 0);
  
diff --git a/source4/heimdal/lib/wind/normalize.c b/source4/heimdal/lib/wind/normalize.c

index 3c68ea866007a174d4eb2e93d48f271c84f30e1d..15274f6855e1c3f7516a5c9b9b6a6d5c75bbda7e 100644 (file)
--- a/source4/heimdal/lib/wind/normalize.c
+++ b/source4/heimdal/lib/wind/normalize.c
@@ -130,7 +130,7 @@ compat_decomp(const uint32_t *in, size_t in_len,
         struct translation ts = {in[i]};
         size_t sub_len = *out_len - o;
         int ret;
-       
+
         ret = hangul_decomp(in + i, in_len - i,
                             out + o, &sub_len);
         if (ret) {
diff --git a/source4/heimdal/lib/wind/stringprep.c b/source4/heimdal/lib/wind/stringprep.c

index ec4657665e501bca7a3bd47a71c810d81af85535..002bc72595d18973173797ab7028e378c1e5f5c4 100644 (file)
--- a/source4/heimdal/lib/wind/stringprep.c
+++ b/source4/heimdal/lib/wind/stringprep.c
@@ -111,7 +111,7 @@ wind_stringprep(const uint32_t *in, size_t in_len,
      return ret;
  }
  
-const static struct {
+static const struct {
      const char *name;
      wind_profile_flags flags;
  } profiles[] = {
diff --git a/source4/heimdal/lib/wind/utf8.c b/source4/heimdal/lib/wind/utf8.c

index d16683645ceb51abd16901cfc454ede4cb1b90b4..6907b3c9d3ab7bcd6994252520dd41cfb5e724b5 100644 (file)
--- a/source4/heimdal/lib/wind/utf8.c
+++ b/source4/heimdal/lib/wind/utf8.c
@@ -183,7 +183,7 @@ wind_ucs4utf8(const uint32_t *in, size_t in_len, char *out, size_t *out_len)
  
      for (o = 0, i = 0; i < in_len; i++) {
         ch = in[i];
-       
+
         if (ch < 0x80) {
             len = 1;
         } else if (ch < 0x800) {
@@ -194,7 +194,7 @@ wind_ucs4utf8(const uint32_t *in, size_t in_len, char *out, size_t *out_len)
             len = 4;
         } else
             return WIND_ERR_INVALID_UTF32;
-       
+
         o += len;
  
         if (out) {
@@ -341,7 +341,7 @@ wind_ucs2write(const uint16_t *in, size_t in_len, unsigned int *flags,
       * first to the output data */
      if ((*flags) & WIND_RW_BOM) {
         uint16_t bom = 0xfffe;
-       
+
         if (len < 2)
             return WIND_ERR_OVERRUN;
  
@@ -462,14 +462,14 @@ wind_ucs2utf8(const uint16_t *in, size_t in_len, char *out, size_t *out_len)
  
      for (o = 0, i = 0; i < in_len; i++) {
         ch = in[i];
-       
+
         if (ch < 0x80) {
             len = 1;
         } else if (ch < 0x800) {
             len = 2;
         } else
             len = 3;
-       
+
         o += len;
  
         if (out) {
author	Stefan Metzmacher <metze@samba.org>
	Fri, 15 Jul 2011 07:10:30 +0000 (09:10 +0200)
committer	Stefan Metzmacher <metze@samba.org>
	Fri, 15 Jul 2011 09:15:05 +0000 (11:15 +0200)
source4/heimdal/base/baselocl.h		patch \| blob \| history
source4/heimdal/base/dict.c		patch \| blob \| history
source4/heimdal/base/heimbase.c		patch \| blob \| history
source4/heimdal/base/heimbase.h		patch \| blob \| history
source4/heimdal/cf/make-proto.pl		patch \| blob \| history
source4/heimdal/include/heim_threads.h		patch \| blob \| history
source4/heimdal/kdc/default_config.c		patch \| blob \| history
source4/heimdal/kdc/digest.c		patch \| blob \| history
source4/heimdal/kdc/kdc.h		patch \| blob \| history
source4/heimdal/kdc/kerberos5.c		patch \| blob \| history
source4/heimdal/kdc/krb5tgs.c		patch \| blob \| history
source4/heimdal/kdc/kx509.c		patch \| blob \| history
source4/heimdal/kdc/log.c		patch \| blob \| history
source4/heimdal/kdc/misc.c		patch \| blob \| history
source4/heimdal/kdc/pkinit.c		patch \| blob \| history
source4/heimdal/kdc/process.c		patch \| blob \| history
source4/heimdal/kdc/windc.c		patch \| blob \| history
source4/heimdal/kdc/windc_plugin.h		patch \| blob \| history
source4/heimdal/kpasswd/kpasswd.c		patch \| blob \| history
source4/heimdal/kuser/kinit.c		patch \| blob \| history
source4/heimdal/lib/asn1/asn1-common.h		patch \| blob \| history
source4/heimdal/lib/asn1/asn1parse.c		patch \| blob \| history
source4/heimdal/lib/asn1/asn1parse.y		patch \| blob \| history
source4/heimdal/lib/asn1/der_cmp.c		patch \| blob \| history
source4/heimdal/lib/asn1/der_format.c		patch \| blob \| history
source4/heimdal/lib/asn1/der_get.c		patch \| blob \| history
source4/heimdal/lib/asn1/der_length.c		patch \| blob \| history
source4/heimdal/lib/asn1/der_put.c		patch \| blob \| history
source4/heimdal/lib/asn1/extra.c		patch \| blob \| history
source4/heimdal/lib/asn1/gen.c		patch \| blob \| history
source4/heimdal/lib/asn1/gen_decode.c		patch \| blob \| history
source4/heimdal/lib/asn1/gen_encode.c		patch \| blob \| history
source4/heimdal/lib/asn1/gen_free.c		patch \| blob \| history
source4/heimdal/lib/asn1/gen_template.c		patch \| blob \| history
source4/heimdal/lib/asn1/krb5.asn1		patch \| blob \| history
source4/heimdal/lib/asn1/lex.c		patch \| blob \| history
source4/heimdal/lib/asn1/lex.l		patch \| blob \| history
source4/heimdal/lib/asn1/main.c		patch \| blob \| history
source4/heimdal/lib/asn1/test.asn1		patch \| blob \| history
source4/heimdal/lib/asn1/timegm.c		patch \| blob \| history
source4/heimdal/lib/com_err/compile_et.c		patch \| blob \| history
source4/heimdal/lib/com_err/error.c		patch \| blob \| history
source4/heimdal/lib/com_err/parse.c		patch \| blob \| history
source4/heimdal/lib/com_err/parse.y		patch \| blob \| history
source4/heimdal/lib/gssapi/gssapi/gssapi.h		patch \| blob \| history
source4/heimdal/lib/gssapi/gssapi/gssapi_oid.h		patch \| blob \| history
source4/heimdal/lib/gssapi/gssapi_mech.h		patch \| blob \| history
source4/heimdal/lib/gssapi/krb5/8003.c		patch \| blob \| history
source4/heimdal/lib/gssapi/krb5/accept_sec_context.c		patch \| blob \| history
source4/heimdal/lib/gssapi/krb5/acquire_cred.c		patch \| blob \| history
source4/heimdal/lib/gssapi/krb5/add_cred.c		patch \| blob \| history
source4/heimdal/lib/gssapi/krb5/aeap.c		patch \| blob \| history
source4/heimdal/lib/gssapi/krb5/arcfour.c		patch \| blob \| history
source4/heimdal/lib/gssapi/krb5/cfx.c		patch \| blob \| history
source4/heimdal/lib/gssapi/krb5/compat.c		patch \| blob \| history
source4/heimdal/lib/gssapi/krb5/context_time.c		patch \| blob \| history
source4/heimdal/lib/gssapi/krb5/copy_ccache.c		patch \| blob \| history
source4/heimdal/lib/gssapi/krb5/creds.c		patch \| blob \| history
source4/heimdal/lib/gssapi/krb5/encapsulate.c		patch \| blob \| history
source4/heimdal/lib/gssapi/krb5/external.c		patch \| blob \| history
source4/heimdal/lib/gssapi/krb5/import_name.c		patch \| blob \| history
source4/heimdal/lib/gssapi/krb5/init_sec_context.c		patch \| blob \| history
source4/heimdal/lib/gssapi/krb5/inquire_cred.c		patch \| blob \| history
source4/heimdal/lib/gssapi/krb5/inquire_names_for_mech.c		patch \| blob \| history
source4/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c		patch \| blob \| history
source4/heimdal/lib/gssapi/krb5/prf.c		patch \| blob \| history
source4/heimdal/lib/gssapi/krb5/process_context_token.c		patch \| blob \| history
source4/heimdal/lib/gssapi/krb5/sequence.c		patch \| blob \| history
source4/heimdal/lib/gssapi/krb5/set_cred_option.c		patch \| blob \| history
source4/heimdal/lib/gssapi/krb5/set_sec_context_option.c		patch \| blob \| history
source4/heimdal/lib/gssapi/krb5/store_cred.c		patch \| blob \| history
source4/heimdal/lib/gssapi/krb5/unwrap.c		patch \| blob \| history
source4/heimdal/lib/gssapi/krb5/verify_mic.c		patch \| blob \| history
source4/heimdal/lib/gssapi/krb5/wrap.c		patch \| blob \| history
source4/heimdal/lib/gssapi/mech/cred.h		patch \| blob \| history
source4/heimdal/lib/gssapi/mech/gss_accept_sec_context.c		patch \| blob \| history
source4/heimdal/lib/gssapi/mech/gss_acquire_cred.c		patch \| blob \| history
source4/heimdal/lib/gssapi/mech/gss_add_cred.c		patch \| blob \| history
source4/heimdal/lib/gssapi/mech/gss_add_oid_set_member.c		patch \| blob \| history
source4/heimdal/lib/gssapi/mech/gss_aeap.c		patch \| blob \| history
source4/heimdal/lib/gssapi/mech/gss_buffer_set.c		patch \| blob \| history
source4/heimdal/lib/gssapi/mech/gss_canonicalize_name.c		patch \| blob \| history
source4/heimdal/lib/gssapi/mech/gss_cred.c		patch \| blob \| history
source4/heimdal/lib/gssapi/mech/gss_decapsulate_token.c		patch \| blob \| history
source4/heimdal/lib/gssapi/mech/gss_display_status.c		patch \| blob \| history
source4/heimdal/lib/gssapi/mech/gss_duplicate_name.c		patch \| blob \| history
source4/heimdal/lib/gssapi/mech/gss_encapsulate_token.c		patch \| blob \| history
source4/heimdal/lib/gssapi/mech/gss_export_sec_context.c		patch \| blob \| history
source4/heimdal/lib/gssapi/mech/gss_import_name.c		patch \| blob \| history
source4/heimdal/lib/gssapi/mech/gss_import_sec_context.c		patch \| blob \| history
source4/heimdal/lib/gssapi/mech/gss_indicate_mechs.c		patch \| blob \| history
source4/heimdal/lib/gssapi/mech/gss_init_sec_context.c		patch \| blob \| history
source4/heimdal/lib/gssapi/mech/gss_inquire_context.c		patch \| blob \| history
source4/heimdal/lib/gssapi/mech/gss_inquire_cred_by_oid.c		patch \| blob \| history
source4/heimdal/lib/gssapi/mech/gss_krb5.c		patch \| blob \| history
source4/heimdal/lib/gssapi/mech/gss_mech_switch.c		patch \| blob \| history
source4/heimdal/lib/gssapi/mech/gss_mo.c		patch \| blob \| history
source4/heimdal/lib/gssapi/mech/gss_names.c		patch \| blob \| history
source4/heimdal/lib/gssapi/mech/gss_oid.c		patch \| blob \| history
source4/heimdal/lib/gssapi/mech/gss_oid_equal.c		patch \| blob \| history
source4/heimdal/lib/gssapi/mech/gss_release_name.c		patch \| blob \| history
source4/heimdal/lib/gssapi/mech/gss_set_cred_option.c		patch \| blob \| history
source4/heimdal/lib/gssapi/mech/gss_test_oid_set_member.c		patch \| blob \| history
source4/heimdal/lib/gssapi/mech/gss_wrap_size_limit.c		patch \| blob \| history
source4/heimdal/lib/gssapi/mech/mech_locl.h		patch \| blob \| history
source4/heimdal/lib/gssapi/spnego/accept_sec_context.c		patch \| blob \| history
source4/heimdal/lib/gssapi/spnego/compat.c		patch \| blob \| history
source4/heimdal/lib/gssapi/spnego/context_stubs.c		patch \| blob \| history
source4/heimdal/lib/gssapi/spnego/cred_stubs.c		patch \| blob \| history
source4/heimdal/lib/gssapi/spnego/external.c		patch \| blob \| history
source4/heimdal/lib/gssapi/spnego/init_sec_context.c		patch \| blob \| history
source4/heimdal/lib/gssapi/spnego/spnego_locl.h		patch \| blob \| history
source4/heimdal/lib/gssapi/version-script.map		patch \| blob \| history
source4/heimdal/lib/hcrypto/camellia-ntt.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/des.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/des.h		patch \| blob \| history
source4/heimdal/lib/hcrypto/dh-ltm.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/dh.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/engine.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/evp.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/evp.h		patch \| blob \| history
source4/heimdal/lib/hcrypto/libtommath/bn_fast_mp_invmod.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/libtommath/bn_fast_s_mp_mul_digs.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/libtommath/bn_fast_s_mp_mul_high_digs.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/libtommath/bn_fast_s_mp_sqr.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/libtommath/bn_mp_2expt.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/libtommath/bn_mp_abs.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/libtommath/bn_mp_clamp.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/libtommath/bn_mp_clear_multi.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/libtommath/bn_mp_cmp.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/libtommath/bn_mp_cmp_mag.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/libtommath/bn_mp_cnt_lsb.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/libtommath/bn_mp_count_bits.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/libtommath/bn_mp_div.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/libtommath/bn_mp_div_3.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/libtommath/bn_mp_div_d.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/libtommath/bn_mp_dr_setup.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/libtommath/bn_mp_exch.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/libtommath/bn_mp_exptmod.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/libtommath/bn_mp_exptmod_fast.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/libtommath/bn_mp_exteuclid.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/libtommath/bn_mp_find_prime.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/libtommath/bn_mp_fread.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/libtommath/bn_mp_fwrite.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/libtommath/bn_mp_gcd.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/libtommath/bn_mp_get_int.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/libtommath/bn_mp_init_multi.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/libtommath/bn_mp_init_size.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/libtommath/bn_mp_invmod.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/libtommath/bn_mp_invmod_slow.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/libtommath/bn_mp_is_square.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/libtommath/bn_mp_isprime.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/libtommath/bn_mp_karatsuba_mul.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/libtommath/bn_mp_karatsuba_sqr.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/libtommath/bn_mp_mul.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/libtommath/bn_mp_mul_2.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/libtommath/bn_mp_mul_2d.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/libtommath/bn_mp_n_root.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/libtommath/bn_mp_prime_fermat.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/libtommath/bn_mp_prime_is_divisible.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/libtommath/bn_mp_prime_miller_rabin.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/libtommath/bn_mp_prime_next_prime.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/libtommath/bn_mp_prime_random_ex.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/libtommath/bn_mp_radix_size.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/libtommath/bn_mp_read_radix.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_2k.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_2k_l.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_2k_setup.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_2k_setup_l.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_is_2k.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_is_2k_l.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/libtommath/bn_mp_reduce_setup.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/libtommath/bn_mp_rshd.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/libtommath/bn_mp_set_int.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/libtommath/bn_mp_sqr.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/libtommath/bn_mp_sqrt.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/libtommath/bn_mp_toom_mul.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/libtommath/bn_mp_toradix_n.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/libtommath/bn_s_mp_add.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/libtommath/bn_s_mp_exptmod.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/libtommath/bn_s_mp_mul_digs.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/libtommath/bn_s_mp_sqr.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/libtommath/bncore.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/libtommath/mtest/mpi-config.h		patch \| blob \| history
source4/heimdal/lib/hcrypto/libtommath/mtest/mpi.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/libtommath/tommath.h		patch \| blob \| history
source4/heimdal/lib/hcrypto/libtommath/tommath_superclass.h		patch \| blob \| history
source4/heimdal/lib/hcrypto/pkcs12.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/rand-egd.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/rc2.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/rsa-ltm.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/rsa.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/sha256.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/sha512.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/ui.c		patch \| blob \| history
source4/heimdal/lib/hcrypto/validate.c		patch \| blob \| history
source4/heimdal/lib/hdb/dbinfo.c		patch \| blob \| history
source4/heimdal/lib/hdb/ext.c		patch \| blob \| history
source4/heimdal/lib/hdb/hdb-keytab.c		patch \| blob \| history
source4/heimdal/lib/hdb/hdb.c		patch \| blob \| history
source4/heimdal/lib/hdb/hdb.h		patch \| blob \| history
source4/heimdal/lib/hdb/keys.c		patch \| blob \| history
source4/heimdal/lib/hdb/keytab.c		patch \| blob \| history
source4/heimdal/lib/hdb/mkey.c		patch \| blob \| history
source4/heimdal/lib/hx509/ca.c		patch \| blob \| history
source4/heimdal/lib/hx509/cert.c		patch \| blob \| history
source4/heimdal/lib/hx509/char_map.h		patch \| blob \| history
source4/heimdal/lib/hx509/cms.c		patch \| blob \| history
source4/heimdal/lib/hx509/collector.c		patch \| blob \| history
source4/heimdal/lib/hx509/crypto.c		patch \| blob \| history
source4/heimdal/lib/hx509/file.c		patch \| blob \| history
source4/heimdal/lib/hx509/keyset.c		patch \| blob \| history
source4/heimdal/lib/hx509/ks_dir.c		patch \| blob \| history
source4/heimdal/lib/hx509/ks_file.c		patch \| blob \| history
source4/heimdal/lib/hx509/ks_keychain.c		patch \| blob \| history
source4/heimdal/lib/hx509/ks_mem.c		patch \| blob \| history
source4/heimdal/lib/hx509/ks_p11.c		patch \| blob \| history
source4/heimdal/lib/hx509/ks_p12.c		patch \| blob \| history
source4/heimdal/lib/hx509/lock.c		patch \| blob \| history
source4/heimdal/lib/hx509/name.c		patch \| blob \| history
source4/heimdal/lib/hx509/print.c		patch \| blob \| history
source4/heimdal/lib/hx509/revoke.c		patch \| blob \| history
source4/heimdal/lib/hx509/sel.c		patch \| blob \| history
source4/heimdal/lib/hx509/sel.h		patch \| blob \| history
source4/heimdal/lib/hx509/test_name.c		patch \| blob \| history
source4/heimdal/lib/krb5/acache.c		patch \| blob \| history
source4/heimdal/lib/krb5/addr_families.c		patch \| blob \| history
source4/heimdal/lib/krb5/appdefault.c		patch \| blob \| history
source4/heimdal/lib/krb5/auth_context.c		patch \| blob \| history
source4/heimdal/lib/krb5/build_auth.c		patch \| blob \| history
source4/heimdal/lib/krb5/cache.c		patch \| blob \| history
source4/heimdal/lib/krb5/changepw.c		patch \| blob \| history
source4/heimdal/lib/krb5/codec.c		patch \| blob \| history
source4/heimdal/lib/krb5/config_file.c		patch \| blob \| history
source4/heimdal/lib/krb5/context.c		patch \| blob \| history
source4/heimdal/lib/krb5/convert_creds.c		patch \| blob \| history
source4/heimdal/lib/krb5/creds.c		patch \| blob \| history
source4/heimdal/lib/krb5/crypto-des.c		patch \| blob \| history
source4/heimdal/lib/krb5/crypto-des3.c		patch \| blob \| history
source4/heimdal/lib/krb5/crypto-evp.c		patch \| blob \| history
source4/heimdal/lib/krb5/crypto-pk.c		patch \| blob \| history
source4/heimdal/lib/krb5/crypto.c		patch \| blob \| history
source4/heimdal/lib/krb5/error_string.c		patch \| blob \| history
source4/heimdal/lib/krb5/expand_path.c		patch \| blob \| history
source4/heimdal/lib/krb5/fcache.c		patch \| blob \| history
source4/heimdal/lib/krb5/get_addrs.c		patch \| blob \| history
source4/heimdal/lib/krb5/get_cred.c		patch \| blob \| history
source4/heimdal/lib/krb5/get_default_principal.c		patch \| blob \| history
source4/heimdal/lib/krb5/get_for_creds.c		patch \| blob \| history
source4/heimdal/lib/krb5/get_host_realm.c		patch \| blob \| history
source4/heimdal/lib/krb5/get_in_tkt.c		patch \| blob \| history
source4/heimdal/lib/krb5/heim_err.et		patch \| blob \| history
source4/heimdal/lib/krb5/init_creds.c		patch \| blob \| history
source4/heimdal/lib/krb5/init_creds_pw.c		patch \| blob \| history
source4/heimdal/lib/krb5/kcm.c		patch \| blob \| history
source4/heimdal/lib/krb5/keyblock.c		patch \| blob \| history
source4/heimdal/lib/krb5/keytab.c		patch \| blob \| history
source4/heimdal/lib/krb5/keytab_file.c		patch \| blob \| history
source4/heimdal/lib/krb5/keytab_keyfile.c		patch \| blob \| history
source4/heimdal/lib/krb5/krb5.h		patch \| blob \| history
source4/heimdal/lib/krb5/krb5_locl.h		patch \| blob \| history
source4/heimdal/lib/krb5/krbhst.c		patch \| blob \| history
source4/heimdal/lib/krb5/log.c		patch \| blob \| history
source4/heimdal/lib/krb5/mcache.c		patch \| blob \| history
source4/heimdal/lib/krb5/misc.c		patch \| blob \| history
source4/heimdal/lib/krb5/mit_glue.c		patch \| blob \| history
source4/heimdal/lib/krb5/mk_error.c		patch \| blob \| history
source4/heimdal/lib/krb5/mk_priv.c		patch \| blob \| history
source4/heimdal/lib/krb5/mk_rep.c		patch \| blob \| history
source4/heimdal/lib/krb5/n-fold.c		patch \| blob \| history
source4/heimdal/lib/krb5/pac.c		patch \| blob \| history
source4/heimdal/lib/krb5/padata.c		patch \| blob \| history
source4/heimdal/lib/krb5/pkinit.c		patch \| blob \| history
source4/heimdal/lib/krb5/plugin.c		patch \| blob \| history
source4/heimdal/lib/krb5/principal.c		patch \| blob \| history
source4/heimdal/lib/krb5/rd_cred.c		patch \| blob \| history
source4/heimdal/lib/krb5/rd_rep.c		patch \| blob \| history
source4/heimdal/lib/krb5/rd_req.c		patch \| blob \| history
source4/heimdal/lib/krb5/replay.c		patch \| blob \| history
source4/heimdal/lib/krb5/salt-arcfour.c		patch \| blob \| history
source4/heimdal/lib/krb5/salt-des.c		patch \| blob \| history
source4/heimdal/lib/krb5/salt.c		patch \| blob \| history
source4/heimdal/lib/krb5/send_to_kdc.c		patch \| blob \| history
source4/heimdal/lib/krb5/store-int.c		patch \| blob \| history
source4/heimdal/lib/krb5/store-int.h		patch \| blob \| history
source4/heimdal/lib/krb5/store.c		patch \| blob \| history
source4/heimdal/lib/krb5/store_emem.c		patch \| blob \| history
source4/heimdal/lib/krb5/store_fd.c		patch \| blob \| history
source4/heimdal/lib/krb5/store_mem.c		patch \| blob \| history
source4/heimdal/lib/krb5/ticket.c		patch \| blob \| history
source4/heimdal/lib/krb5/transited.c		patch \| blob \| history
source4/heimdal/lib/krb5/version-script.map		patch \| blob \| history
source4/heimdal/lib/krb5/warn.c		patch \| blob \| history
source4/heimdal/lib/ntlm/ntlm.c		patch \| blob \| history
source4/heimdal/lib/roken/dumpdata.c		patch \| blob \| history
source4/heimdal/lib/roken/get_window_size.c		patch \| blob \| history
source4/heimdal/lib/roken/getarg.c		patch \| blob \| history
source4/heimdal/lib/roken/hex.c		patch \| blob \| history
source4/heimdal/lib/roken/parse_units.c		patch \| blob \| history
source4/heimdal/lib/roken/resolve.c		patch \| blob \| history
source4/heimdal/lib/roken/rkpty.c		patch \| blob \| history
source4/heimdal/lib/roken/roken.h.in		patch \| blob \| history
source4/heimdal/lib/roken/roken_gethostby.c		patch \| blob \| history
source4/heimdal/lib/roken/socket.c		patch \| blob \| history
source4/heimdal/lib/roken/strsep_copy.c		patch \| blob \| history
source4/heimdal/lib/roken/version-script.map		patch \| blob \| history
source4/heimdal/lib/vers/print_version.c		patch \| blob \| history
source4/heimdal/lib/wind/ldap.c		patch \| blob \| history
source4/heimdal/lib/wind/normalize.c		patch \| blob \| history
source4/heimdal/lib/wind/stringprep.c		patch \| blob \| history
source4/heimdal/lib/wind/utf8.c		patch \| blob \| history