diff --git a/src/external/heimdal-last b/src/external/heimdal-last index 8fba3a3ace..2ed5b6cb83 100644 --- a/src/external/heimdal-last +++ b/src/external/heimdal-last @@ -1 +1 @@ -988355d9d0d1953e8c17c4b5c935938573efe4ba +b118610a9c56835c4ac5dc49ce8124cae8078346 diff --git a/src/external/heimdal/hcrypto/md5.c b/src/external/heimdal/hcrypto/md5.c index b35c76e293..aa0bab4632 100644 --- a/src/external/heimdal/hcrypto/md5.c +++ b/src/external/heimdal/hcrypto/md5.c @@ -214,13 +214,13 @@ MD5_Update (struct md5 *m, const void *v, size_t len) if(offset == 64){ #if defined(WORDS_BIGENDIAN) int i; - uint32_t current[16]; + uint32_t swapped[16]; struct x32 *us = (struct x32*)m->save; for(i = 0; i < 8; i++){ - current[2*i+0] = swap_uint32_t(us[i].a); - current[2*i+1] = swap_uint32_t(us[i].b); + swapped[2*i+0] = swap_uint32_t(us[i].a); + swapped[2*i+1] = swap_uint32_t(us[i].b); } - calc(m, current); + calc(m, swapped); #else calc(m, (uint32_t*)m->save); #endif diff --git a/src/external/heimdal/krb5/config_file.c b/src/external/heimdal/krb5/config_file.c index 81f9c44e02..4ac25ae287 100644 --- a/src/external/heimdal/krb5/config_file.c +++ b/src/external/heimdal/krb5/config_file.c @@ -33,8 +33,6 @@ * SUCH DAMAGE. */ -#define KRB5_DEPRECATED - #include "krb5_locl.h" #ifdef __APPLE__ @@ -63,7 +61,7 @@ config_fgets(char *str, size_t len, struct fileptr *ptr) p = ptr->s + strcspn(ptr->s, "\n"); if(*p == '\n') p++; - l = min(len, p - ptr->s); + l = min(len, (size_t)(p - ptr->s)); if(len > 0) { memcpy(str, ptr->s, l); str[l] = '\0'; @@ -91,7 +89,7 @@ _krb5_config_get_entry(krb5_config_section **parent, const char *name, int type) for(q = parent; *q != NULL; q = &(*q)->next) if(type == krb5_config_list && - type == (*q)->type && + (unsigned)type == (*q)->type && strcmp(name, (*q)->name) == 0) return *q; *q = calloc(1, sizeof(**q)); @@ -250,7 +248,7 @@ cfstring2cstring(CFStringRef string) { CFIndex len; char *str; - + str = (char *) CFStringGetCStringPtr(string, kCFStringEncodingUTF8); if (str) return strdup(str); @@ -260,7 +258,7 @@ cfstring2cstring(CFStringRef string) str = malloc(len); if (str == NULL) return NULL; - + if (!CFStringGetCString (string, str, len, kCFStringEncodingUTF8)) { free (str); return NULL; @@ -299,7 +297,7 @@ parse_plist_config(krb5_context context, const char *path, krb5_config_section * CFReadStreamRef s; CFDictionaryRef d; CFURLRef url; - + url = CFURLCreateFromFileSystemRepresentation(kCFAllocatorDefault, (UInt8 *)path, strlen(path), FALSE); if (url == NULL) { krb5_clear_error_message(context); @@ -441,7 +439,7 @@ krb5_config_parse_file_multi (krb5_context context, home = getenv("HOME"); if (home == NULL) { - struct passwd *pw = getpwuid(getuid()); + struct passwd *pw = getpwuid(getuid()); if(pw != NULL) home = pw->pw_dir; } @@ -477,7 +475,7 @@ krb5_config_parse_file_multi (krb5_context context, return ret; } #else - krb5_set_error_message(context, ENOENT, + krb5_set_error_message(context, ENOENT, "no support for plist configuration files"); return ENOENT; #endif @@ -491,7 +489,7 @@ krb5_config_parse_file_multi (krb5_context context, free(newfname); return ret; } - + if (newfname) free(newfname); fname = newfname = exp_fname; @@ -507,7 +505,7 @@ krb5_config_parse_file_multi (krb5_context context, free(newfname); return ret; } - + ret = krb5_config_parse_debug (&f, res, &lineno, &str); fclose(f.f); if (ret) { @@ -635,7 +633,7 @@ vget_next(krb5_context context, const char *p = va_arg(args, const char *); while(b != NULL) { if(strcmp(b->name, name) == 0) { - if(b->type == type && p == NULL) { + if(b->type == (unsigned)type && p == NULL) { *pointer = b; return b->u.generic; } else if(b->type == krb5_config_list && p != NULL) { @@ -675,7 +673,7 @@ _krb5_config_vget_next (krb5_context context, /* we were called again, so just look for more entries with the same name and type */ for (b = (*pointer)->next; b != NULL; b = b->next) { - if(strcmp(b->name, (*pointer)->name) == 0 && b->type == type) { + if(strcmp(b->name, (*pointer)->name) == 0 && b->type == (unsigned)type) { *pointer = b; return b->u.generic; } @@ -770,7 +768,7 @@ krb5_config_vget_list (krb5_context context, * * @ingroup krb5_support */ - + KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_config_get_string (krb5_context context, const krb5_config_section *c, @@ -865,7 +863,7 @@ krb5_config_get_string_default (krb5_context context, } static char * -next_component_string(char * begin, char * delims, char **state) +next_component_string(char * begin, const char * delims, char **state) { char * end; @@ -1302,11 +1300,11 @@ krb5_config_get_int (krb5_context context, * @ingroup krb5_deprecated */ -KRB5_DEPRECATED KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_config_parse_string_multi(krb5_context context, const char *string, krb5_config_section **res) + KRB5_DEPRECATED_FUNCTION("Use X instead") { const char *str; unsigned lineno = 0; diff --git a/src/external/heimdal/krb5/crypto-aes.c b/src/external/heimdal/krb5/crypto-aes.c index e8facd85dd..783372b399 100644 --- a/src/external/heimdal/krb5/crypto-aes.c +++ b/src/external/heimdal/krb5/crypto-aes.c @@ -38,7 +38,7 @@ */ static struct _krb5_key_type keytype_aes128 = { - KEYTYPE_AES128, + KRB5_ENCTYPE_AES128_CTS_HMAC_SHA1_96, "aes-128", 128, 16, @@ -52,7 +52,7 @@ static struct _krb5_key_type keytype_aes128 = { }; static struct _krb5_key_type keytype_aes256 = { - KEYTYPE_AES256, + KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96, "aes-256", 256, 32, diff --git a/src/external/heimdal/krb5/crypto-evp.c b/src/external/heimdal/krb5/crypto-evp.c index 3f9cd57bbc..e8fb1caf6a 100644 --- a/src/external/heimdal/krb5/crypto-evp.c +++ b/src/external/heimdal/krb5/crypto-evp.c @@ -98,7 +98,7 @@ _krb5_evp_encrypt_cts(krb5_context context, { size_t i, blocksize; struct _krb5_evp_schedule *ctx = key->schedule->data; - char tmp[EVP_MAX_BLOCK_LENGTH], ivec2[EVP_MAX_BLOCK_LENGTH]; + unsigned char tmp[EVP_MAX_BLOCK_LENGTH], ivec2[EVP_MAX_BLOCK_LENGTH]; EVP_CIPHER_CTX *c; unsigned char *p; @@ -142,7 +142,7 @@ _krb5_evp_encrypt_cts(krb5_context context, if (ivec) memcpy(ivec, p, blocksize); } else { - char tmp2[EVP_MAX_BLOCK_LENGTH], tmp3[EVP_MAX_BLOCK_LENGTH]; + unsigned char tmp2[EVP_MAX_BLOCK_LENGTH], tmp3[EVP_MAX_BLOCK_LENGTH]; p = data; if (len > blocksize * 2) { diff --git a/src/external/heimdal/krb5/crypto.c b/src/external/heimdal/krb5/crypto.c index da6d707b14..c707efe56a 100644 --- a/src/external/heimdal/krb5/crypto.c +++ b/src/external/heimdal/krb5/crypto.c @@ -31,8 +31,6 @@ * SUCH DAMAGE. */ -#define KRB5_DEPRECATED - #include "krb5_locl.h" struct _krb5_key_usage { @@ -53,9 +51,33 @@ static void free_key_schedule(krb5_context, struct _krb5_key_data *, struct _krb5_encryption_type *); -/************************************************************ - * * - ************************************************************/ +/* + * Converts etype to a user readable string and sets as a side effect + * the krb5_error_message containing this string. Returns + * KRB5_PROG_ETYPE_NOSUPP in not the conversion of the etype failed in + * which case the error code of the etype convesion is returned. + */ + +static krb5_error_code +unsupported_enctype(krb5_context context, krb5_enctype etype) +{ + krb5_error_code ret; + char *name; + + ret = krb5_enctype_to_string(context, etype, &name); + if (ret) + return ret; + + krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, + N_("Encryption type %s not supported", ""), + name); + free(name); + return KRB5_PROG_ETYPE_NOSUPP; +} + +/* + * + */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_enctype_keysize(krb5_context context, @@ -64,10 +86,7 @@ krb5_enctype_keysize(krb5_context context, { struct _krb5_encryption_type *et = _krb5_find_enctype(type); if(et == NULL) { - krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, - N_("encryption type %d not supported", ""), - type); - return KRB5_PROG_ETYPE_NOSUPP; + return unsupported_enctype (context, type); } *keysize = et->keytype->size; return 0; @@ -80,10 +99,7 @@ krb5_enctype_keybits(krb5_context context, { struct _krb5_encryption_type *et = _krb5_find_enctype(type); if(et == NULL) { - krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, - "encryption type %d not supported", - type); - return KRB5_PROG_ETYPE_NOSUPP; + return unsupported_enctype (context, type); } *keybits = et->keytype->bits; return 0; @@ -97,10 +113,7 @@ krb5_generate_random_keyblock(krb5_context context, krb5_error_code ret; struct _krb5_encryption_type *et = _krb5_find_enctype(type); if(et == NULL) { - krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, - N_("encryption type %d not supported", ""), - type); - return KRB5_PROG_ETYPE_NOSUPP; + return unsupported_enctype (context, type); } ret = krb5_data_alloc(&key->keyvalue, et->keytype->size); if(ret) @@ -123,10 +136,8 @@ _key_schedule(krb5_context context, struct _krb5_key_type *kt; if (et == NULL) { - krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP, - N_("encryption type %d not supported", ""), - key->key->keytype); - return KRB5_PROG_ETYPE_NOSUPP; + return unsupported_enctype (context, + key->key->keytype); } kt = et->keytype; @@ -180,7 +191,7 @@ _krb5_internal_hmac(krb5_context context, unsigned char *ipad, *opad; unsigned char *key; size_t key_len; - int i; + size_t i; ipad = malloc(cm->blocksize + len); if (ipad == NULL) @@ -311,7 +322,7 @@ get_checksum_key(krb5_context context, if(ct->flags & F_DERIVED) ret = _get_derived_key(context, crypto, usage, key); else if(ct->flags & F_VARIANT) { - int i; + size_t i; *key = _new_derived_key(crypto, 0xff/* KRB5_KU_RFC1510_VARIANT */); if(*key == NULL) { @@ -686,33 +697,39 @@ krb5_enctype_to_keytype(krb5_context context, { struct _krb5_encryption_type *e = _krb5_find_enctype(etype); if(e == NULL) { - krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP, - N_("encryption type %d not supported", ""), - etype); - return KRB5_PROG_ETYPE_NOSUPP; + return unsupported_enctype (context, etype); } *keytype = e->keytype->type; /* XXX */ return 0; } +/** + * Check if a enctype is valid, return 0 if it is. + * + * @param context Kerberos context + * @param etype enctype to check if its valid or not + * + * @return Return an error code for an failure or 0 on success (enctype valid). + * @ingroup krb5_crypto + */ + KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_enctype_valid(krb5_context context, krb5_enctype etype) { struct _krb5_encryption_type *e = _krb5_find_enctype(etype); + if(e && (e->flags & F_DISABLED) == 0) + return 0; + if (context == NULL) + return KRB5_PROG_ETYPE_NOSUPP; if(e == NULL) { - krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP, - N_("encryption type %d not supported", ""), - etype); - return KRB5_PROG_ETYPE_NOSUPP; + return unsupported_enctype (context, etype); } - if (e->flags & F_DISABLED) { - krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP, - N_("encryption type %s is disabled", ""), - e->name); - return KRB5_PROG_ETYPE_NOSUPP; - } - return 0; + /* Must be (e->flags & F_DISABLED) */ + krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP, + N_("encryption type %s is disabled", ""), + e->name); + return KRB5_PROG_ETYPE_NOSUPP; } /** @@ -1160,9 +1177,9 @@ decrypt_internal_special(krb5_context context, } static krb5_crypto_iov * -find_iv(krb5_crypto_iov *data, int num_data, int type) +find_iv(krb5_crypto_iov *data, size_t num_data, unsigned type) { - int i; + size_t i; for (i = 0; i < num_data; i++) if (data[i].flags == type) return &data[i]; @@ -1403,11 +1420,6 @@ krb5_decrypt_iov_ivec(krb5_context context, struct _krb5_encryption_type *et = crypto->et; krb5_crypto_iov *tiv, *hiv; - if (num_data < 0) { - krb5_clear_error_message(context); - return KRB5_CRYPTO_INTERNAL; - } - if(!derived_crypto(context, crypto)) { krb5_clear_error_message(context); return KRB5_CRYPTO_INTERNAL; @@ -1545,15 +1557,10 @@ krb5_create_checksum_iov(krb5_context context, Checksum cksum; krb5_crypto_iov *civ; krb5_error_code ret; - int i; + size_t i; size_t len; char *p, *q; - if (num_data < 0) { - krb5_clear_error_message(context); - return KRB5_CRYPTO_INTERNAL; - } - if(!derived_crypto(context, crypto)) { krb5_clear_error_message(context); return KRB5_CRYPTO_INTERNAL; @@ -1629,15 +1636,10 @@ krb5_verify_checksum_iov(krb5_context context, Checksum cksum; krb5_crypto_iov *civ; krb5_error_code ret; - int i; + size_t i; size_t len; char *p, *q; - if (num_data < 0) { - krb5_clear_error_message(context); - return KRB5_CRYPTO_INTERNAL; - } - if(!derived_crypto(context, crypto)) { krb5_clear_error_message(context); return KRB5_CRYPTO_INTERNAL; @@ -1730,7 +1732,7 @@ krb5_crypto_length_iov(krb5_context context, unsigned int num_data) { krb5_error_code ret; - int i; + size_t i; for (i = 0; i < num_data; i++) { ret = krb5_crypto_length(context, crypto, @@ -1903,11 +1905,11 @@ _krb5_derive_key(krb5_context context, /* XXX keytype dependent post-processing */ switch(kt->type) { - case KEYTYPE_DES3: + case KRB5_ENCTYPE_OLD_DES3_CBC_SHA1: _krb5_DES3_random_to_key(context, key->key, k, nblocks * et->blocksize); break; - case KEYTYPE_AES128: - case KEYTYPE_AES256: + case KRB5_ENCTYPE_AES128_CTS_HMAC_SHA1_96: + case KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96: memcpy(key->key->keyvalue.data, k, key->key->keyvalue.length); break; default: @@ -1959,10 +1961,7 @@ krb5_derive_key(krb5_context context, et = _krb5_find_enctype (etype); if (et == NULL) { - krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, - N_("encryption type %d not supported", ""), - etype); - return KRB5_PROG_ETYPE_NOSUPP; + return unsupported_enctype (context, etype); } ret = krb5_copy_keyblock(context, key, &d.key); @@ -2040,10 +2039,7 @@ krb5_crypto_init(krb5_context context, if((*crypto)->et == NULL || ((*crypto)->et->flags & F_DISABLED)) { free(*crypto); *crypto = NULL; - krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP, - N_("encryption type %d not supported", ""), - etype); - return KRB5_PROG_ETYPE_NOSUPP; + return unsupported_enctype(context, etype); } if((*crypto)->et->keytype->size != key->keyvalue.length) { free(*crypto); @@ -2593,12 +2589,12 @@ krb5_crypto_fx_cf2(krb5_context context, * @ingroup krb5_deprecated */ -KRB5_DEPRECATED KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_keytype_to_enctypes (krb5_context context, krb5_keytype keytype, unsigned *len, krb5_enctype **val) + KRB5_DEPRECATED_FUNCTION("Use X instead") { int i; unsigned n = 0; @@ -2640,11 +2636,11 @@ krb5_keytype_to_enctypes (krb5_context context, */ /* if two enctypes have compatible keys */ -KRB5_DEPRECATED KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_enctypes_compatible_keys(krb5_context context, krb5_enctype etype1, krb5_enctype etype2) + KRB5_DEPRECATED_FUNCTION("Use X instead") { struct _krb5_encryption_type *e1 = _krb5_find_enctype(etype1); struct _krb5_encryption_type *e2 = _krb5_find_enctype(etype2); diff --git a/src/external/heimdal/krb5/crypto.h b/src/external/heimdal/krb5/crypto.h index bf945875b9..9b95b8f0cb 100644 --- a/src/external/heimdal/krb5/crypto.h +++ b/src/external/heimdal/krb5/crypto.h @@ -69,7 +69,7 @@ struct salt_type { }; struct _krb5_key_type { - krb5_keytype type; /* XXX */ + krb5_enctype type; const char *name; size_t bits; size_t size; diff --git a/src/external/heimdal/krb5/keyblock.c b/src/external/heimdal/krb5/keyblock.c index 9ba9c4b290..6e781aca78 100644 --- a/src/external/heimdal/krb5/keyblock.c +++ b/src/external/heimdal/krb5/keyblock.c @@ -65,7 +65,7 @@ krb5_free_keyblock_contents(krb5_context context, if (keyblock->keyvalue.data != NULL) memset(keyblock->keyvalue.data, 0, keyblock->keyvalue.length); krb5_data_free (&keyblock->keyvalue); - keyblock->keytype = ENCTYPE_NULL; + keyblock->keytype = KRB5_ENCTYPE_NULL; } } diff --git a/src/external/heimdal/krb5/store-int.c b/src/external/heimdal/krb5/store-int.c index 0a18d0dddf..d577629718 100644 --- a/src/external/heimdal/krb5/store-int.c +++ b/src/external/heimdal/krb5/store-int.c @@ -50,7 +50,7 @@ _krb5_get_int(void *buffer, unsigned long *value, size_t size) { unsigned char *p = buffer; unsigned long v = 0; - int i; + size_t i; for (i = 0; i < size; i++) v = (v << 8) + p[i]; *value = v; diff --git a/src/external/heimdal/roken/hex.c b/src/external/heimdal/roken/hex.c index 7b1263c960..c66b324f79 100644 --- a/src/external/heimdal/roken/hex.c +++ b/src/external/heimdal/roken/hex.c @@ -37,7 +37,7 @@ #include #include "hex.h" -const static char hexchar[] = "0123456789ABCDEF"; +static const char hexchar[16] = "0123456789ABCDEF"; static int pos(char c) @@ -93,7 +93,6 @@ hex_decode(const char *str, void *data, size_t len) if ((l/2) + (l&1) > len) return -1; - i = 0; if (l & 1) { p[0] = pos(str[0]); str++; diff --git a/src/external/heimdal/roken/roken.h.in b/src/external/heimdal/roken/roken.h.in index e2da87194f..e5b8616d93 100644 --- a/src/external/heimdal/roken/roken.h.in +++ b/src/external/heimdal/roken/roken.h.in @@ -105,6 +105,10 @@ typedef int rk_socket_t; #endif +#ifndef IN_LOOPBACKNET +#define IN_LOOPBACKNET 127 +#endif + #ifdef _MSC_VER /* Declarations for Microsoft Visual C runtime on Windows */ @@ -759,7 +763,7 @@ struct winsize { }; #endif -ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL get_window_size(int fd, struct winsize *); +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL get_window_size(int fd, int *, int *); #ifndef HAVE_VSYSLOG #define vsyslog rk_vsyslog