third_party/heimdal: Import lorikeet-heimdal-202310310018 (commit 3a433861903ff7c35f3...

author Joseph Sutton <josephsutton@catalyst.net.nz>

Tue, 31 Oct 2023 00:22:05 +0000 (13:22 +1300)

committer Andrew Bartlett <abartlet@samba.org>

Wed, 1 Nov 2023 20:10:45 +0000 (20:10 +0000)
author Joseph Sutton <josephsutton@catalyst.net.nz>
Tue, 31 Oct 2023 00:22:05 +0000 (13:22 +1300)
committer Andrew Bartlett <abartlet@samba.org>
Wed, 1 Nov 2023 20:10:45 +0000 (20:10 +0000)
diff --git a/third_party/heimdal/kdc/fast.c b/third_party/heimdal/kdc/fast.c

index b63d0b16a9d143714b9cd0dbe3185aa3f9761b57..7b96371723ea9fe56712dfdf937635a80d3c8ddc 100644 (file)
--- a/third_party/heimdal/kdc/fast.c
+++ b/third_party/heimdal/kdc/fast.c
@@ -426,12 +426,6 @@ _kdc_fast_mk_e_data(astgs_request_t r,
         }
  
         r->e_text = NULL;
-       if (r->fast.flags.requested_hidden_names) {
-           error_client = NULL;
-           error_server = NULL;
-       }
-       csec = 0;
-       cusec = 0;
  
         ret = _kdc_fast_mk_response(r->context, armor_crypto,
                                     error_method, NULL, NULL,
@@ -488,8 +482,8 @@ _kdc_fast_mk_error(astgs_request_t r,
  
      heim_assert(r != NULL, "invalid request in _kdc_fast_mk_error");
  
-    if (r->e_data != NULL) {
-       e_data = r->e_data;
+    if (r->e_data.length) {
+       e_data = &r->e_data;
      } else {
         ret = _kdc_fast_mk_e_data(r,
                                   error_method,
@@ -509,6 +503,15 @@ _kdc_fast_mk_error(astgs_request_t r,
         e_data = &_e_data;
      }
  
+    if (armor_crypto) {
+       if (r->fast.flags.requested_hidden_names) {
+           error_client = NULL;
+           error_server = NULL;
+       }
+       csec = 0;
+       cusec = 0;
+    }
+
      ret = krb5_mk_error(r->context,
                         outer_error,
                         r->e_text,
diff --git a/third_party/heimdal/kdc/kdc-plugin.c b/third_party/heimdal/kdc/kdc-plugin.c

index 50015b407dcf4659e660cacdaa637531b2985e94..3b065c698d140a755380c98173282f82f64e1801 100644 (file)
--- a/third_party/heimdal/kdc/kdc-plugin.c
+++ b/third_party/heimdal/kdc/kdc-plugin.c
@@ -530,6 +530,19 @@ kdc_request_add_pac_buffer(astgs_request_t r,
      return ret;
  }
  
+/*
+ * Override the e-data field to be returned in an error reply. The data will be
+ * owned by the KDC and eventually will be freed with krb5_data_free().
+ */
+KDC_LIB_FUNCTION krb5_error_code KDC_LIB_CALL
+kdc_request_set_e_data(astgs_request_t r, heim_octet_string e_data)
+{
+    krb5_data_free(&r->e_data);
+    r->e_data = e_data;
+
+    return 0;
+}
+
  #undef _KDC_REQUEST_GET_ACCESSOR
  #define _KDC_REQUEST_GET_ACCESSOR(R, T, f)                 \
      KDC_LIB_FUNCTION T KDC_LIB_CALL                        \
diff --git a/third_party/heimdal/kdc/kerberos5.c b/third_party/heimdal/kdc/kerberos5.c

index 8a6add4d22c38ee90ab735cc7cd62dc35fb85227..76cecd3e12fabade16357a071052fbb0645dfbf0 100644 (file)
--- a/third_party/heimdal/kdc/kerberos5.c
+++ b/third_party/heimdal/kdc/kerberos5.c
@@ -505,27 +505,6 @@ _kdc_set_e_text(astgs_request_t r, const char *fmt, ...)
      kdc_log(r->context, r->config, 4, "%s", e_text);
  }
  
-/*
- * Override the e-data field to be returned in an error reply. The data will be
- * owned by the KDC and eventually will be freed with krb5_data_free().
- */
-krb5_error_code
-kdc_set_e_data(astgs_request_t r, heim_octet_string e_data)
-{
-    if (r->e_data == NULL) {
-       ALLOC(r->e_data);
-       if (r->e_data == NULL) {
-           return ENOMEM;
-       }
-    } else {
-       krb5_data_free(r->e_data);
-    }
-
-    *r->e_data = e_data;
-
-    return 0;
-}
-
  void
  _kdc_log_timestamp(astgs_request_t r, const char *type,
                    KerberosTime authtime, KerberosTime *starttime,
diff --git a/third_party/heimdal/kdc/libkdc-exports.def b/third_party/heimdal/kdc/libkdc-exports.def

index a6aaf94d3fc8cd8ee11e373c48ac8232e7dc6d09..1d42b8c570c94230441a95199f844e9082337292 100644 (file)
--- a/third_party/heimdal/kdc/libkdc-exports.def
+++ b/third_party/heimdal/kdc/libkdc-exports.def
@@ -63,6 +63,7 @@ EXPORTS
         kdc_request_set_canon_client_princ
         kdc_request_set_client_princ
         kdc_request_set_cname
+       kdc_request_set_e_data
         kdc_request_set_error_code
         kdc_request_set_krbtgt_princ
         kdc_request_set_pac
@@ -71,7 +72,6 @@ EXPORTS
         kdc_request_set_reply_key
         kdc_request_set_server_princ
         kdc_request_set_sname
-       kdc_set_e_data
         kdc_audit_addkv
         kdc_audit_addkv_number
         kdc_audit_addkv_object
diff --git a/third_party/heimdal/kdc/process.c b/third_party/heimdal/kdc/process.c

index d07c9c06280ca128ec3e98b9318af6f197484cde..b53d91ffc22f2b32cf967bad06b9e3847f8bb3dc 100644 (file)
--- a/third_party/heimdal/kdc/process.c
+++ b/third_party/heimdal/kdc/process.c
@@ -429,8 +429,7 @@ process_request(krb5_context context,
                 free(r->cname);
                 free(r->sname);
                 free(r->e_text_buf);
-               if (r->e_data)
-                   krb5_free_data(context, r->e_data);
+               krb5_data_free(&r->e_data);
             }
  
              heim_release(r->reason);
diff --git a/third_party/heimdal/kdc/version-script.map b/third_party/heimdal/kdc/version-script.map

index 415526c007c608bb98521164089b5e388695ace7..c644b30c8e4ae2b2fb102f532076b17e9c1c7264 100644 (file)
--- a/third_party/heimdal/kdc/version-script.map
+++ b/third_party/heimdal/kdc/version-script.map
@@ -66,6 +66,7 @@ HEIMDAL_KDC_1.0 {
                 kdc_request_set_canon_client_princ;
                 kdc_request_set_client_princ;
                 kdc_request_set_cname;
+               kdc_request_set_e_data;
                 kdc_request_set_error_code;
                 kdc_request_set_krbtgt_princ;
                 kdc_request_set_pac;
@@ -74,7 +75,6 @@ HEIMDAL_KDC_1.0 {
                 kdc_request_set_reply_key;
                 kdc_request_set_server_princ;
                 kdc_request_set_sname;
-               kdc_set_e_data;
                 kdc_audit_addkv;
                 kdc_audit_addkv_number;
                 kdc_audit_addkv_object;
diff --git a/third_party/heimdal/lib/base/heimbase-svc.h b/third_party/heimdal/lib/base/heimbase-svc.h

index 54377632bb1c101b6df25c63c66f64fab27fbe85..6c2e02f273c653d440fc905f2f260d5417ff2032 100644 (file)
--- a/third_party/heimdal/lib/base/heimbase-svc.h
+++ b/third_party/heimdal/lib/base/heimbase-svc.h
@@ -68,7 +68,7 @@
      char *cname;                                                \
      char *sname;                                                \
      const char *e_text;                                         \
-    heim_octet_string *e_data;                                  \
+    heim_octet_string e_data;                                   \
      char *e_text_buf;                                           \
      heim_string_t reason;                                       \
      /* auditing key/value store */                              \
diff --git a/third_party/heimdal/tests/plugin/kdc_test_plugin.c b/third_party/heimdal/tests/plugin/kdc_test_plugin.c

index 6df40a2b722ed8a8b2899b3d9a8798c0744cf83f..45855d7c949038f175bea0006b4e4d04b2a2aac6 100644 (file)
--- a/third_party/heimdal/tests/plugin/kdc_test_plugin.c
+++ b/third_party/heimdal/tests/plugin/kdc_test_plugin.c
@@ -56,13 +56,13 @@ pac_generate(void *ctx,
  static krb5_error_code KRB5_CALLCONV
  pac_verify(void *ctx,
            astgs_request_t r,
-          const krb5_principal new_ticket_client,
-          const krb5_principal delegation_proxy,
+          krb5_const_principal new_ticket_client,
+          hdb_entry * delegation_proxy,
            hdb_entry * client,
            hdb_entry * server,
            hdb_entry * krbtgt,
-          krb5_pac pac,
-          krb5_boolean *is_trusted)
+          EncTicketPart *ticket,
+          krb5_pac pac)
  {
      krb5_context context = kdc_request_get_context((kdc_request_t)r);
      krb5_error_code ret;
author	Joseph Sutton <josephsutton@catalyst.net.nz>
	Tue, 31 Oct 2023 00:22:05 +0000 (13:22 +1300)
committer	Andrew Bartlett <abartlet@samba.org>
	Wed, 1 Nov 2023 20:10:45 +0000 (20:10 +0000)
third_party/heimdal/kdc/fast.c		patch \| blob \| blame \| history
third_party/heimdal/kdc/kdc-plugin.c		patch \| blob \| blame \| history
third_party/heimdal/kdc/kerberos5.c		patch \| blob \| blame \| history
third_party/heimdal/kdc/libkdc-exports.def		patch \| blob \| blame \| history
third_party/heimdal/kdc/process.c		patch \| blob \| blame \| history
third_party/heimdal/kdc/version-script.map		patch \| blob \| blame \| history
third_party/heimdal/lib/base/heimbase-svc.h		patch \| blob \| blame \| history
third_party/heimdal/tests/plugin/kdc_test_plugin.c		patch \| blob \| blame \| history