Author: abartlet Date: 2005-11-29 01:23:17 +0000 (Tue, 29 Nov 2005) New Revision: 498
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=lorikeet&rev=498 Log: A couple of updates to bring us in line with Heimdal CVS on 2005-11-29 (Love intergrated some of the fixes, including the GSSAPI credentials forwarding fix). Andrew Bartlett Modified: trunk/heimdal/lib/gssapi/copy_ccache.c trunk/heimdal/lib/hdb/db.c trunk/heimdal/lib/hdb/db3.c trunk/heimdal/lib/krb5/get_for_creds.c Changeset: Modified: trunk/heimdal/lib/gssapi/copy_ccache.c =================================================================== --- trunk/heimdal/lib/gssapi/copy_ccache.c 2005-11-28 23:17:18 UTC (rev 497) +++ trunk/heimdal/lib/gssapi/copy_ccache.c 2005-11-29 01:23:17 UTC (rev 498) @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: copy_ccache.c,v 1.12 2005/11/26 11:00:08 lha Exp $"); +RCSID("$Id: copy_ccache.c,v 1.13 2005/11/28 23:05:44 lha Exp $"); OM_uint32 gss_krb5_copy_ccache(OM_uint32 *minor_status, Modified: trunk/heimdal/lib/hdb/db.c =================================================================== --- trunk/heimdal/lib/hdb/db.c 2005-11-28 23:17:18 UTC (rev 497) +++ trunk/heimdal/lib/hdb/db.c 2005-11-29 01:23:17 UTC (rev 498) @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "hdb_locl.h" -RCSID("$Id: db.c,v 1.32 2005/06/23 13:34:17 lha Exp $"); +RCSID("$Id: db.c,v 1.33 2005/11/28 23:30:51 lha Exp $"); #if HAVE_DB1 @@ -270,14 +270,12 @@ hdb_db_create(krb5_context context, HDB **db, const char *filename) { - *db = malloc(sizeof(**db)); + *db = calloc(1, sizeof(**db)); if (*db == NULL) { krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; } - memset(*db, '\0', sizeof(**db)); - (*db)->hdb_db = NULL; (*db)->hdb_name = strdup(filename); if ((*db)->hdb_name == NULL) { Modified: trunk/heimdal/lib/hdb/db3.c =================================================================== --- trunk/heimdal/lib/hdb/db3.c 2005-11-28 23:17:18 UTC (rev 497) +++ trunk/heimdal/lib/hdb/db3.c 2005-11-29 01:23:17 UTC (rev 498) @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2005 Kungliga Tekniska H�gskolan + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "hdb_locl.h" -RCSID("$Id: db3.c,v 1.16 2005/08/09 09:28:39 lha Exp $"); +RCSID("$Id: db3.c,v 1.17 2005/11/28 23:33:24 lha Exp $"); #if HAVE_DB3 @@ -318,7 +318,7 @@ hdb_db_create(krb5_context context, HDB **db, const char *filename) { - *db = malloc(sizeof(**db)); + *db = calloc(1, sizeof(**db)); if (*db == NULL) { krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; Modified: trunk/heimdal/lib/krb5/get_for_creds.c =================================================================== --- trunk/heimdal/lib/krb5/get_for_creds.c 2005-11-28 23:17:18 UTC (rev 497) +++ trunk/heimdal/lib/krb5/get_for_creds.c 2005-11-29 01:23:17 UTC (rev 498) @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2004 Kungliga Tekniska H�gskolan + * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -385,17 +385,13 @@ cred.enc_part.cipher.data = buf; cred.enc_part.cipher.length = buf_size; } else { - /* - * RFC4120 claims we should use the session key, but Heimdal - * before 0.8 used the remote subkey if it was send in the - * auth_context. - * - * Lorikeet-Heimdal is interested in windows compatiblity - * more than Heimdal compatability, so we must choose the - * session key, and break forwarding credentials to older - * Heimdal servers. - */ - + /* + * Here older versions then 0.7.2 of Heimdal used the local or + * remote subkey. That is wrong, the session key should be + * used. Heimdal 0.7.2 and newer have code to try both in the + * receiving end. + */ + ret = krb5_crypto_init(context, auth_context->keyblock, 0, &crypto); if (ret) { free(buf);
