samba-cvs.cvs
[Top] [All Lists]

[SCM] Samba Shared Repository - branch master updated

Subject: [SCM] Samba Shared Repository - branch master updated
From: Andrew Bartlett
Date: Fri, 13 Nov 2009 06:22:26 -0600 CST
The branch, master has been updated
       via  5b75201... util: str_list_unique() bugfix
       via  b7839b7... util: str_list_unique_2() test implementation
       via  ca12e7b... s4:heimdal Import generated files from heimdal tree
       via  4f8ba5a... s4:heimdal: import lorikeet-heimdal-200911122202 (commit 
9291fd2d101f3eecec550178634faa94ead3e9a1)
       via  5bc87c1... s4:heimdal: import lorikeet-heimdal-200909210500 (commit 
290db8d23647a27c39b97c189a0b2ef6ec21ca69)
      from  1220534... Fix large paged search

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 5b75201dbb9f2e6799fd5c3eee8da6230caee96c
Author: Kamen Mazdrashki <kamen.mazdrashki@xxxxxxxxxxxx>
Date:   Fri Nov 13 03:57:48 2009 +0200

    util: str_list_unique() bugfix
    
    j is actually the index of the last element in the list
    size of the list though is j+1 <- to make room for the
    terminating NULL element

commit b7839b73b10746c374ca2ed96eb152fa3a03e66a
Author: Kamen Mazdrashki <kamen.mazdrashki@xxxxxxxxxxxx>
Date:   Fri Nov 13 03:56:07 2009 +0200

    util: str_list_unique_2() test implementation
    
    Difference with previous test for str_list_unique() is
    that this test allows number of elements and number
    of duplicates to be supplied on command line using
    --option="list_unique:count=47"
    --option="list_unique:dups=7"

commit ca12e7bc8ff4a91f2044c0a60550fec902e97a78
Author: Andrew Bartlett <abartlet@xxxxxxxxx>
Date:   Fri Nov 13 13:50:25 2009 +1100

    s4:heimdal Import generated files from heimdal tree
    
    We should be able to rebuild these, but a cp is easier :-)

commit 4f8ba5ad6ac9b7153b0e13654e59f47e67b3f608
Author: Andrew Bartlett <abartlet@xxxxxxxxx>
Date:   Fri Nov 13 10:51:14 2009 +1100

    s4:heimdal: import lorikeet-heimdal-200911122202 (commit 
9291fd2d101f3eecec550178634faa94ead3e9a1)

commit 5bc87c14a1f5b45ed86e7ff9663f5f0aa2f70094
Author: Andrew Bartlett <abartlet@xxxxxxxxx>
Date:   Sun Sep 20 23:18:34 2009 -0700

    s4:heimdal: import lorikeet-heimdal-200909210500 (commit 
290db8d23647a27c39b97c189a0b2ef6ec21ca69)

-----------------------------------------------------------------------

Summary of changes:
 lib/util/tests/strlist.c                           |   33 +
 lib/util/util_strlist.c                            |    2 +-
 source4/heimdal/README                             |    8 +-
 source4/heimdal/cf/check-var.m4                    |    3 +-
 source4/heimdal/kdc/digest.c                       |  214 +++--
 source4/heimdal/kdc/kdc_locl.h                     |    3 +-
 source4/heimdal/kdc/kerberos5.c                    |   58 +-
 source4/heimdal/kdc/krb5tgs.c                      |  191 +++--
 source4/heimdal/kdc/kx509.c                        |   37 +-
 source4/heimdal/kdc/misc.c                         |    5 +-
 source4/heimdal/kdc/pkinit.c                       |   88 +-
 source4/heimdal/kdc/windc.c                        |    2 +-
 source4/heimdal/kdc/windc_plugin.h                 |    1 +
 source4/heimdal/kuser/kinit.c                      |   30 +-
 source4/heimdal/lib/asn1/asn1parse.c               | 1021 ++++++++++++--------
 source4/heimdal/lib/asn1/asn1parse.h               |   44 +-
 source4/heimdal/lib/asn1/asn1parse.y               |    5 +
 source4/heimdal/lib/asn1/der_get.c                 |   34 +-
 source4/heimdal/lib/asn1/gen.c                     |    7 +
 source4/heimdal/lib/asn1/gen_copy.c                |    3 +
 source4/heimdal/lib/asn1/gen_decode.c              |   14 +-
 source4/heimdal/lib/asn1/gen_encode.c              |    5 +
 source4/heimdal/lib/asn1/gen_free.c                |    3 +
 source4/heimdal/lib/asn1/gen_length.c              |    3 +
 source4/heimdal/lib/asn1/krb5.asn1                 |    9 +-
 source4/heimdal/lib/asn1/lex.c                     |   49 +-
 source4/heimdal/lib/asn1/rfc2459.asn1              |    4 +-
 source4/heimdal/lib/asn1/symbol.h                  |    1 +
 source4/heimdal/lib/com_err/com_right.h            |    1 +
 source4/heimdal/lib/com_err/error.c                |   16 +-
 source4/heimdal/lib/com_err/lex.c                  |   49 +-
 source4/heimdal/lib/com_err/parse.c                |  323 ++++---
 source4/heimdal/lib/com_err/parse.h                |   44 +-
 source4/heimdal/lib/gssapi/gssapi_mech.h           |    5 +
 source4/heimdal/lib/gssapi/krb5/8003.c             |   40 +-
 source4/heimdal/lib/gssapi/krb5/aeap.c             |    6 +-
 source4/heimdal/lib/gssapi/krb5/arcfour.c          |   70 +-
 source4/heimdal/lib/gssapi/krb5/cfx.c              |  380 ++++++--
 source4/heimdal/lib/gssapi/krb5/creds.c            |    1 +
 source4/heimdal/lib/gssapi/krb5/decapsulate.c      |    8 +-
 source4/heimdal/lib/gssapi/krb5/external.c         |    1 +
 source4/heimdal/lib/gssapi/krb5/get_mic.c          |   27 +-
 source4/heimdal/lib/gssapi/krb5/gsskrb5_locl.h     |    5 -
 source4/heimdal/lib/gssapi/krb5/init_sec_context.c |   33 +-
 source4/heimdal/lib/gssapi/krb5/prf.c              |    1 +
 source4/heimdal/lib/gssapi/krb5/unwrap.c           |   61 +-
 source4/heimdal/lib/gssapi/krb5/verify_mic.c       |   39 +-
 source4/heimdal/lib/gssapi/krb5/wrap.c             |   45 +-
 source4/heimdal/lib/gssapi/mech/context.c          |    2 -
 .../lib/gssapi/mech/gss_accept_sec_context.c       |   16 +-
 source4/heimdal/lib/gssapi/mech/gss_acquire_cred.c |    1 -
 source4/heimdal/lib/gssapi/mech/gss_add_cred.c     |    1 -
 .../lib/gssapi/mech/gss_add_oid_set_member.c       |   19 +-
 source4/heimdal/lib/gssapi/mech/gss_buffer_set.c   |    1 -
 .../lib/gssapi/mech/gss_canonicalize_name.c        |    1 -
 source4/heimdal/lib/gssapi/mech/gss_compare_name.c |    1 -
 source4/heimdal/lib/gssapi/mech/gss_context_time.c |    1 -
 .../lib/gssapi/mech/gss_create_empty_oid_set.c     |    1 -
 .../lib/gssapi/mech/gss_decapsulate_token.c        |    1 -
 .../lib/gssapi/mech/gss_delete_sec_context.c       |    1 -
 source4/heimdal/lib/gssapi/mech/gss_display_name.c |    1 -
 .../heimdal/lib/gssapi/mech/gss_display_status.c   |    1 -
 .../heimdal/lib/gssapi/mech/gss_duplicate_name.c   |    1 -
 .../heimdal/lib/gssapi/mech/gss_duplicate_oid.c    |    1 -
 .../lib/gssapi/mech/gss_encapsulate_token.c        |    1 -
 source4/heimdal/lib/gssapi/mech/gss_export_name.c  |    1 -
 .../lib/gssapi/mech/gss_export_sec_context.c       |    1 -
 source4/heimdal/lib/gssapi/mech/gss_get_mic.c      |    1 -
 source4/heimdal/lib/gssapi/mech/gss_import_name.c  |    1 -
 .../lib/gssapi/mech/gss_import_sec_context.c       |    1 -
 .../heimdal/lib/gssapi/mech/gss_indicate_mechs.c   |    1 -
 .../heimdal/lib/gssapi/mech/gss_init_sec_context.c |    6 +-
 .../heimdal/lib/gssapi/mech/gss_inquire_context.c  |    1 -
 source4/heimdal/lib/gssapi/mech/gss_inquire_cred.c |    1 -
 .../lib/gssapi/mech/gss_inquire_cred_by_mech.c     |    1 -
 .../lib/gssapi/mech/gss_inquire_cred_by_oid.c      |    1 -
 .../lib/gssapi/mech/gss_inquire_mechs_for_name.c   |    1 -
 .../lib/gssapi/mech/gss_inquire_names_for_mech.c   |    1 -
 .../gssapi/mech/gss_inquire_sec_context_by_oid.c   |    1 -
 source4/heimdal/lib/gssapi/mech/gss_krb5.c         |    1 -
 source4/heimdal/lib/gssapi/mech/gss_mech_switch.c  |    2 +-
 source4/heimdal/lib/gssapi/mech/gss_names.c        |    1 -
 source4/heimdal/lib/gssapi/mech/gss_oid_equal.c    |    1 -
 source4/heimdal/lib/gssapi/mech/gss_oid_to_str.c   |    1 -
 .../lib/gssapi/mech/gss_process_context_token.c    |    1 -
 .../heimdal/lib/gssapi/mech/gss_pseudo_random.c    |    1 -
 .../heimdal/lib/gssapi/mech/gss_release_buffer.c   |    1 -
 source4/heimdal/lib/gssapi/mech/gss_release_cred.c |   23 +-
 source4/heimdal/lib/gssapi/mech/gss_release_name.c |    1 -
 source4/heimdal/lib/gssapi/mech/gss_release_oid.c  |    1 -
 .../heimdal/lib/gssapi/mech/gss_release_oid_set.c  |    1 -
 source4/heimdal/lib/gssapi/mech/gss_seal.c         |    1 -
 .../heimdal/lib/gssapi/mech/gss_set_cred_option.c  |    1 -
 .../lib/gssapi/mech/gss_set_sec_context_option.c   |    1 -
 source4/heimdal/lib/gssapi/mech/gss_sign.c         |    1 -
 .../lib/gssapi/mech/gss_test_oid_set_member.c      |    1 -
 source4/heimdal/lib/gssapi/mech/gss_unseal.c       |    1 -
 source4/heimdal/lib/gssapi/mech/gss_unwrap.c       |    1 -
 source4/heimdal/lib/gssapi/mech/gss_utils.c        |    1 -
 source4/heimdal/lib/gssapi/mech/gss_verify.c       |    1 -
 source4/heimdal/lib/gssapi/mech/gss_verify_mic.c   |    1 -
 source4/heimdal/lib/gssapi/mech/gss_wrap.c         |    1 -
 .../heimdal/lib/gssapi/mech/gss_wrap_size_limit.c  |    1 -
 .../heimdal/lib/gssapi/spnego/accept_sec_context.c |   42 +-
 source4/heimdal/lib/gssapi/spnego/compat.c         |    7 +-
 source4/heimdal/lib/gssapi/spnego/context_stubs.c  |  104 +--
 source4/heimdal/lib/gssapi/spnego/cred_stubs.c     |  139 +---
 source4/heimdal/lib/gssapi/spnego/external.c       |    9 +-
 .../heimdal/lib/gssapi/spnego/init_sec_context.c   |   16 +-
 source4/heimdal/lib/gssapi/spnego/spnego_locl.h    |    4 -
 source4/heimdal/lib/hcrypto/des.c                  |    1 +
 source4/heimdal/lib/hcrypto/evp-aes-cts.c          |  273 ------
 source4/heimdal/lib/hcrypto/evp-cc.c               |  635 ++++++++++++
 source4/heimdal/lib/hcrypto/evp-cc.h               |   91 ++
 source4/heimdal/lib/hcrypto/evp-hcrypto.c          |  568 +++++++++++-
 source4/heimdal/lib/hcrypto/evp-hcrypto.h          |   92 ++
 source4/heimdal/lib/hcrypto/evp.c                  |  439 ++-------
 source4/heimdal/lib/hcrypto/evp.h                  |   35 +-
 source4/heimdal/lib/hcrypto/hmac.c                 |    3 +-
 source4/heimdal/lib/hcrypto/imath/imath.c          |  447 +++++-----
 source4/heimdal/lib/hcrypto/imath/imath.h          |   12 +-
 source4/heimdal/lib/hcrypto/rand-unix.c            |    4 +-
 source4/heimdal/lib/hcrypto/rc4.c                  |    2 +-
 source4/heimdal/lib/hcrypto/rc4.h                  |    2 +-
 source4/heimdal/lib/hcrypto/rsa-imath.c            |   63 +-
 source4/heimdal/lib/hcrypto/rsa.c                  |   37 +-
 source4/heimdal/lib/hcrypto/rsa.h                  |    2 +
 source4/heimdal/lib/hdb/dbinfo.c                   |    8 +-
 source4/heimdal/lib/hdb/ext.c                      |   28 +-
 source4/heimdal/lib/hdb/hdb.c                      |    2 +-
 source4/heimdal/lib/hdb/hdb.h                      |    3 +
 source4/heimdal/lib/hdb/keytab.c                   |   27 +-
 source4/heimdal/lib/hx509/ca.c                     |   16 +-
 source4/heimdal/lib/hx509/cert.c                   |  103 ++-
 source4/heimdal/lib/hx509/crypto.c                 |  277 ++----
 source4/heimdal/lib/hx509/error.c                  |    9 +-
 source4/heimdal/lib/hx509/file.c                   |   14 +-
 source4/heimdal/lib/hx509/keyset.c                 |    2 +-
 source4/heimdal/lib/hx509/ks_dir.c                 |    2 -
 source4/heimdal/lib/hx509/ks_file.c                |   80 +-
 source4/heimdal/lib/hx509/lock.c                   |   10 +-
 source4/heimdal/lib/hx509/name.c                   |   43 +-
 source4/heimdal/lib/hx509/print.c                  |    2 +-
 source4/heimdal/lib/hx509/revoke.c                 |   10 +-
 source4/heimdal/lib/hx509/sel-gram.c               |  389 +++++----
 source4/heimdal/lib/hx509/sel-gram.h               |   44 +-
 source4/heimdal/lib/hx509/sel-lex.c                |   49 +-
 source4/heimdal/lib/hx509/sel.c                    |    1 -
 source4/heimdal/lib/krb5/auth_context.c            |   11 +-
 source4/heimdal/lib/krb5/build_auth.c              |   80 +-
 source4/heimdal/lib/krb5/cache.c                   |   44 +-
 source4/heimdal/lib/krb5/config_file.c             |  357 ++++++-
 source4/heimdal/lib/krb5/context.c                 |  116 ++--
 source4/heimdal/lib/krb5/creds.c                   |   12 +
 source4/heimdal/lib/krb5/crypto.c                  |  424 ++++++---
 source4/heimdal/lib/krb5/error_string.c            |  102 ++-
 source4/heimdal/lib/krb5/fcache.c                  |   33 +-
 source4/heimdal/lib/krb5/generate_seq_number.c     |   24 +-
 source4/heimdal/lib/krb5/generate_subkey.c         |   19 +-
 source4/heimdal/lib/krb5/get_cred.c                |  154 ++--
 source4/heimdal/lib/krb5/get_for_creds.c           |   13 +-
 source4/heimdal/lib/krb5/init_creds_pw.c           |   64 ++-
 source4/heimdal/lib/krb5/keyblock.c                |    6 +-
 source4/heimdal/lib/krb5/krb5_locl.h               |   10 +-
 source4/heimdal/lib/krb5/krbhst.c                  |  104 ++-
 source4/heimdal/lib/krb5/log.c                     |   16 +
 source4/heimdal/lib/krb5/mk_error.c                |    5 +-
 source4/heimdal/lib/krb5/mk_req_ext.c              |    3 +-
 source4/heimdal/lib/krb5/pkinit.c                  |  338 ++++---
 source4/heimdal/lib/krb5/principal.c               |  245 ++++-
 source4/heimdal/lib/krb5/replay.c                  |   43 +-
 source4/heimdal/lib/krb5/send_to_kdc.c             |    7 +
 source4/heimdal/lib/krb5/store.c                   |  265 +++++-
 source4/heimdal/lib/krb5/store_mem.c               |    6 +-
 source4/heimdal/lib/krb5/ticket.c                  |   77 ++-
 source4/heimdal/lib/krb5/warn.c                    |   10 +-
 source4/heimdal/lib/ntlm/ntlm.c                    |  104 ++-
 source4/heimdal/lib/roken/base64.c                 |    1 +
 source4/heimdal/lib/roken/ct.c                     |   64 ++
 source4/heimdal/lib/roken/resolve.c                |    2 -
 source4/heimdal/lib/roken/rkpty.c                  |    6 +-
 source4/heimdal/lib/roken/roken-common.h           |    2 +
 source4/heimdal/lib/roken/roken.h.in               |   46 +-
 source4/heimdal/lib/roken/vis.c                    |    6 +-
 source4/heimdal/lib/wind/map.c                     |    2 -
 source4/heimdal/lib/wind/normalize.c               |   15 +-
 source4/heimdal/lib/wind/stringprep.c              |   10 +-
 source4/heimdal/lib/wind/utf8.c                    |    2 -
 source4/heimdal_build/internal.mk                  |    3 +-
 source4/heimdal_build/roken.h                      |    3 +
 190 files changed, 6501 insertions(+), 3648 deletions(-)
 delete mode 100644 source4/heimdal/lib/hcrypto/evp-aes-cts.c
 create mode 100644 source4/heimdal/lib/hcrypto/evp-cc.c
 create mode 100644 source4/heimdal/lib/hcrypto/evp-cc.h
 create mode 100644 source4/heimdal/lib/hcrypto/evp-hcrypto.h
 create mode 100644 source4/heimdal/lib/roken/ct.c


Changeset truncated at 500 lines:

diff --git a/lib/util/tests/strlist.c b/lib/util/tests/strlist.c
index 877b671..a974f58 100644
--- a/lib/util/tests/strlist.c
+++ b/lib/util/tests/strlist.c
@@ -22,6 +22,7 @@
 
 #include "includes.h"
 #include "torture/torture.h"
+#include "param/param.h"
 
 struct test_list_element {
        const char *list_as_string;
@@ -364,6 +365,37 @@ static bool test_list_unique(struct torture_context *tctx)
        return true;
 }
 
+static bool test_list_unique_2(struct torture_context *tctx)
+{
+       int i;
+       int count, num_dups;
+       const char **result;
+       const char **list = (const char **)str_list_make_empty(tctx);
+       const char **list_dup = (const char **)str_list_make_empty(tctx);
+
+       count = lp_parm_int(tctx->lp_ctx, NULL, "list_unique", "count", 9);
+       num_dups = lp_parm_int(tctx->lp_ctx, NULL, "list_unique", "dups", 7);
+       torture_comment(tctx, "test_list_unique_2() with %d elements and %d 
dups\n", count, num_dups);
+
+       for (i = 0; i < count; i++) {
+               list = str_list_add_const(list, (const char 
*)talloc_asprintf(tctx, "element_%03d", i));
+       }
+
+       for (i = 0; i < num_dups; i++) {
+               list_dup = str_list_append(list_dup, list);
+       }
+
+       result = (const char **)str_list_copy(tctx, list_dup);
+       /* We must copy the list, as str_list_unique does a talloc_realloc() on 
it's parameter */
+       result = str_list_unique(result);
+       torture_assert(tctx, result, "str_list_unique() must not return NULL");
+
+       torture_assert(tctx, str_list_equal(list, result),
+                      "str_list_unique() failed");
+
+       return true;
+}
+
 static bool test_list_append(struct torture_context *tctx)
 {
        char **result;
@@ -458,6 +490,7 @@ struct torture_suite *torture_local_util_strlist(TALLOC_CTX 
*mem_ctx)
        torture_suite_add_simple_test(suite, "list_check", test_list_check);
        torture_suite_add_simple_test(suite, "list_check_ci", 
test_list_check_ci);
        torture_suite_add_simple_test(suite, "list_unique", test_list_unique);
+       torture_suite_add_simple_test(suite, "list_unique_2", 
test_list_unique_2);
        torture_suite_add_simple_test(suite, "list_append", test_list_append);
        torture_suite_add_simple_test(suite, "list_append_const", 
test_list_append_const);
 
diff --git a/lib/util/util_strlist.c b/lib/util/util_strlist.c
index 1331fee..8d69eef 100644
--- a/lib/util/util_strlist.c
+++ b/lib/util/util_strlist.c
@@ -401,7 +401,7 @@ _PUBLIC_ const char **str_list_unique(const char **list)
                }
        }
        list[j] = NULL;
-       list = talloc_realloc(NULL, list, const char *, j);
+       list = talloc_realloc(NULL, list, const char *, j + 1);
        talloc_free(list2);
        return list;
 }
diff --git a/source4/heimdal/README b/source4/heimdal/README
index f130698..d2c4eba 100644
--- a/source4/heimdal/README
+++ b/source4/heimdal/README
@@ -1,12 +1,12 @@
 
 Heimdal is a Kerberos 5 implementation.
 
-Please see the manual in doc, by default installed in
-/usr/heimdal/info/heimdal.info for information on how to install.
-There are also briefer man pages for most of the commands.
+For information how to install see <http://www.h5l.org/compile.html>.
+
+There are briefer man pages for most of the commands.
 
 Bug reports and bugs are appreciated, see more under Bug reports in
-the manual on how we prefer them.
+the manual on how we prefer them: <heimdal-bugs@xxxxxxx>.
 
 For more information see the web-page at
 <http://www.h5l.org/> or the mailing lists:
diff --git a/source4/heimdal/cf/check-var.m4 b/source4/heimdal/cf/check-var.m4
index f81f352..2fd7bca 100644
--- a/source4/heimdal/cf/check-var.m4
+++ b/source4/heimdal/cf/check-var.m4
@@ -9,7 +9,8 @@ m4_ifval([$2],[
        void * foo(void) { return &$1; }]],[[foo()]])],
            [ac_cv_var_$1=yes],[ac_cv_var_$1=no])])
 if test "$ac_cv_var_$1" != yes ; then
-AC_LINK_IFELSE([AC_LANG_PROGRAM([[extern int $1;
+AC_LINK_IFELSE([AC_LANG_PROGRAM([[$2
+extern int $1;
 int foo(void) { return $1; }]],[[foo()]])],
            [ac_cv_var_$1=yes],[ac_cv_var_$1=no])
 fi
diff --git a/source4/heimdal/kdc/digest.c b/source4/heimdal/kdc/digest.c
index d13507f..1a383fa 100644
--- a/source4/heimdal/kdc/digest.c
+++ b/source4/heimdal/kdc/digest.c
@@ -613,7 +613,7 @@ _kdc_do_digest(krb5_context context,
        }
 
        if (strcasecmp(ireq.u.digestRequest.type, "CHAP") == 0) {
-           MD5_CTX ctx;
+           EVP_MD_CTX *ctx;
            unsigned char md[MD5_DIGEST_LENGTH];
            char *mdx;
            char id;
@@ -642,11 +642,15 @@ _kdc_do_digest(krb5_context context,
            if (ret)
                goto out;
 
-           MD5_Init(&ctx);
-           MD5_Update(&ctx, &id, 1);
-           MD5_Update(&ctx, password, strlen(password));
-           MD5_Update(&ctx, serverNonce.data, serverNonce.length);
-           MD5_Final(md, &ctx);
+           ctx = EVP_MD_CTX_create();
+
+           EVP_DigestInit_ex(ctx, EVP_md5(), NULL);
+           EVP_DigestUpdate(ctx, &id, 1);
+           EVP_DigestUpdate(ctx, password, strlen(password));
+           EVP_DigestUpdate(ctx, serverNonce.data, serverNonce.length);
+           EVP_DigestFinal_ex(ctx, md, NULL);
+
+           EVP_MD_CTX_destroy(ctx);
 
            hex_encode(md, sizeof(md), &mdx);
            if (mdx == NULL) {
@@ -669,7 +673,7 @@ _kdc_do_digest(krb5_context context,
            }
 
        } else if (strcasecmp(ireq.u.digestRequest.type, "SASL-DIGEST-MD5") == 
0) {
-           MD5_CTX ctx;
+           EVP_MD_CTX *ctx;
            unsigned char md[MD5_DIGEST_LENGTH];
            char *mdx;
            char *A1, *A2;
@@ -694,49 +698,54 @@ _kdc_do_digest(krb5_context context,
            if (ret)
                goto failed;
 
-           MD5_Init(&ctx);
-           MD5_Update(&ctx, ireq.u.digestRequest.username,
+           ctx = EVP_MD_CTX_create();
+
+           EVP_DigestInit_ex(ctx, EVP_md5(), NULL);
+           EVP_DigestUpdate(ctx, ireq.u.digestRequest.username,
                       strlen(ireq.u.digestRequest.username));
-           MD5_Update(&ctx, ":", 1);
-           MD5_Update(&ctx, *ireq.u.digestRequest.realm,
+           EVP_DigestUpdate(ctx, ":", 1);
+           EVP_DigestUpdate(ctx, *ireq.u.digestRequest.realm,
                       strlen(*ireq.u.digestRequest.realm));
-           MD5_Update(&ctx, ":", 1);
-           MD5_Update(&ctx, password, strlen(password));
-           MD5_Final(md, &ctx);
+           EVP_DigestUpdate(ctx, ":", 1);
+           EVP_DigestUpdate(ctx, password, strlen(password));
+           EVP_DigestFinal_ex(ctx, md, NULL);
        
-           MD5_Init(&ctx);
-           MD5_Update(&ctx, md, sizeof(md));
-           MD5_Update(&ctx, ":", 1);
-           MD5_Update(&ctx, ireq.u.digestRequest.serverNonce,
+           EVP_DigestInit_ex(ctx, EVP_md5(), NULL);
+           EVP_DigestUpdate(ctx, md, sizeof(md));
+           EVP_DigestUpdate(ctx, ":", 1);
+           EVP_DigestUpdate(ctx, ireq.u.digestRequest.serverNonce,
                       strlen(ireq.u.digestRequest.serverNonce));
-           MD5_Update(&ctx, ":", 1);
-           MD5_Update(&ctx, *ireq.u.digestRequest.nonceCount,
+           EVP_DigestUpdate(ctx, ":", 1);
+           EVP_DigestUpdate(ctx, *ireq.u.digestRequest.nonceCount,
                       strlen(*ireq.u.digestRequest.nonceCount));
            if (ireq.u.digestRequest.authid) {
-               MD5_Update(&ctx, ":", 1);
-               MD5_Update(&ctx, *ireq.u.digestRequest.authid,
+               EVP_DigestUpdate(ctx, ":", 1);
+               EVP_DigestUpdate(ctx, *ireq.u.digestRequest.authid,
                           strlen(*ireq.u.digestRequest.authid));
            }
-           MD5_Final(md, &ctx);
+           EVP_DigestFinal_ex(ctx, md, NULL);
            hex_encode(md, sizeof(md), &A1);
            if (A1 == NULL) {
                ret = ENOMEM;
                krb5_set_error_message(context, ret, "malloc: out of memory");
+               EVP_MD_CTX_destroy(ctx);
                goto failed;
            }
        
-           MD5_Init(&ctx);
-           MD5_Update(&ctx, "AUTHENTICATE:", sizeof("AUTHENTICATE:") - 1);
-           MD5_Update(&ctx, *ireq.u.digestRequest.uri,
+           EVP_DigestInit_ex(ctx, EVP_md5(), NULL);
+           EVP_DigestUpdate(ctx,
+                            "AUTHENTICATE:", sizeof("AUTHENTICATE:") - 1);
+           EVP_DigestUpdate(ctx, *ireq.u.digestRequest.uri,
                       strlen(*ireq.u.digestRequest.uri));
        
            /* conf|int */
            if (strcmp(ireq.u.digestRequest.digest, "clear") != 0) {
                static char conf_zeros[] = ":00000000000000000000000000000000";
-               MD5_Update(&ctx, conf_zeros, sizeof(conf_zeros) - 1);
+               EVP_DigestUpdate(ctx, conf_zeros, sizeof(conf_zeros) - 1);
            }
        
-           MD5_Final(md, &ctx);
+           EVP_DigestFinal_ex(ctx, md, NULL);
+
            hex_encode(md, sizeof(md), &A2);
            if (A2 == NULL) {
                ret = ENOMEM;
@@ -745,24 +754,26 @@ _kdc_do_digest(krb5_context context,
                goto failed;
            }
 
-           MD5_Init(&ctx);
-           MD5_Update(&ctx, A1, strlen(A2));
-           MD5_Update(&ctx, ":", 1);
-           MD5_Update(&ctx, ireq.u.digestRequest.serverNonce,
+           EVP_DigestInit_ex(ctx, EVP_md5(), NULL);
+           EVP_DigestUpdate(ctx, A1, strlen(A2));
+           EVP_DigestUpdate(ctx, ":", 1);
+           EVP_DigestUpdate(ctx, ireq.u.digestRequest.serverNonce,
                       strlen(ireq.u.digestRequest.serverNonce));
-           MD5_Update(&ctx, ":", 1);
-           MD5_Update(&ctx, *ireq.u.digestRequest.nonceCount,
+           EVP_DigestUpdate(ctx, ":", 1);
+           EVP_DigestUpdate(ctx, *ireq.u.digestRequest.nonceCount,
                       strlen(*ireq.u.digestRequest.nonceCount));
-           MD5_Update(&ctx, ":", 1);
-           MD5_Update(&ctx, *ireq.u.digestRequest.clientNonce,
+           EVP_DigestUpdate(ctx, ":", 1);
+           EVP_DigestUpdate(ctx, *ireq.u.digestRequest.clientNonce,
                       strlen(*ireq.u.digestRequest.clientNonce));
-           MD5_Update(&ctx, ":", 1);
-           MD5_Update(&ctx, *ireq.u.digestRequest.qop,
+           EVP_DigestUpdate(ctx, ":", 1);
+           EVP_DigestUpdate(ctx, *ireq.u.digestRequest.qop,
                       strlen(*ireq.u.digestRequest.qop));
-           MD5_Update(&ctx, ":", 1);
-           MD5_Update(&ctx, A2, strlen(A2));
+           EVP_DigestUpdate(ctx, ":", 1);
+           EVP_DigestUpdate(ctx, A2, strlen(A2));
+
+           EVP_DigestFinal_ex(ctx, md, NULL);
 
-           MD5_Final(md, &ctx);
+           EVP_MD_CTX_destroy(ctx);
 
            free(A1);
            free(A2);
@@ -793,7 +804,7 @@ _kdc_do_digest(krb5_context context,
            const char *username;
            struct ntlm_buf answer;
            Key *key = NULL;
-           SHA_CTX ctx;
+           EVP_MD_CTX *ctx;
 
            if ((config->digests_allowed & MS_CHAP_V2) == 0) {
                kdc_log(context, config, 0, "MS-CHAP-V2 not allowed");
@@ -820,8 +831,10 @@ _kdc_do_digest(krb5_context context,
            else
                username++;
 
+           ctx = EVP_MD_CTX_create();
+
            /* ChallangeHash */
-           SHA1_Init(&ctx);
+           EVP_DigestInit_ex(ctx, EVP_sha1(), NULL);
            {
                ssize_t ssize;
                krb5_data clientNonce;
@@ -830,7 +843,9 @@ _kdc_do_digest(krb5_context context,
                clientNonce.data = malloc(clientNonce.length);
                if (clientNonce.data == NULL) {
                    ret = ENOMEM;
-                   krb5_set_error_message(context, ret, "malloc: out of 
memory");
+                   krb5_set_error_message(context, ret,
+                                          "malloc: out of memory");
+                   EVP_MD_CTX_destroy(ctx);
                    goto out;
                }
 
@@ -840,14 +855,18 @@ _kdc_do_digest(krb5_context context,
                    ret = ENOMEM;
                    krb5_set_error_message(context, ret,
                                           "Failed to decode clientNonce");
+                   EVP_MD_CTX_destroy(ctx);
                    goto out;
                }
-               SHA1_Update(&ctx, clientNonce.data, ssize);
+               EVP_DigestUpdate(ctx, clientNonce.data, ssize);
                free(clientNonce.data);
            }
-           SHA1_Update(&ctx, serverNonce.data, serverNonce.length);
-           SHA1_Update(&ctx, username, strlen(username));
-           SHA1_Final(challange, &ctx);
+           EVP_DigestUpdate(ctx, serverNonce.data, serverNonce.length);
+           EVP_DigestUpdate(ctx, username, strlen(username));
+
+           EVP_DigestFinal_ex(ctx, challange, NULL);
+
+           EVP_MD_CTX_destroy(ctx);
 
            /* NtPasswordHash */
            ret = krb5_parse_name(context, username, &clientprincipal);
@@ -904,34 +923,39 @@ _kdc_do_digest(krb5_context context,
 
            if (r.u.response.success) {
                unsigned char hashhash[MD4_DIGEST_LENGTH];
+               EVP_MD_CTX *ctx;
+
+               ctx = EVP_MD_CTX_create();
 
                /* hashhash */
                {
-                   MD4_CTX hctx;
-
-                   MD4_Init(&hctx);
-                   MD4_Update(&hctx, key->key.keyvalue.data,
-                              key->key.keyvalue.length);
-                   MD4_Final(hashhash, &hctx);
+                   EVP_DigestInit_ex(ctx, EVP_md4(), NULL);
+                   EVP_DigestUpdate(ctx,
+                                    key->key.keyvalue.data,
+                                    key->key.keyvalue.length);
+                   EVP_DigestFinal_ex(ctx, hashhash, NULL);
                }
 
                /* GenerateAuthenticatorResponse */
-               SHA1_Init(&ctx);
-               SHA1_Update(&ctx, hashhash, sizeof(hashhash));
-               SHA1_Update(&ctx, answer.data, answer.length);
-               SHA1_Update(&ctx, ms_chap_v2_magic1,sizeof(ms_chap_v2_magic1));
-               SHA1_Final(md, &ctx);
-
-               SHA1_Init(&ctx);
-               SHA1_Update(&ctx, md, sizeof(md));
-               SHA1_Update(&ctx, challange, 8);
-               SHA1_Update(&ctx, ms_chap_v2_magic2, sizeof(ms_chap_v2_magic2));
-               SHA1_Final(md, &ctx);
+               EVP_DigestInit_ex(ctx, EVP_sha1(), NULL);
+               EVP_DigestUpdate(ctx, hashhash, sizeof(hashhash));
+               EVP_DigestUpdate(ctx, answer.data, answer.length);
+               EVP_DigestUpdate(ctx, ms_chap_v2_magic1,
+                                sizeof(ms_chap_v2_magic1));
+               EVP_DigestFinal_ex(ctx, md, NULL);
+
+               EVP_DigestInit_ex(ctx, EVP_sha1(), NULL);
+               EVP_DigestUpdate(ctx, md, sizeof(md));
+               EVP_DigestUpdate(ctx, challange, 8);
+               EVP_DigestUpdate(ctx, ms_chap_v2_magic2,
+                                sizeof(ms_chap_v2_magic2));
+               EVP_DigestFinal_ex(ctx, md, NULL);
 
                r.u.response.rsp = calloc(1, sizeof(*r.u.response.rsp));
                if (r.u.response.rsp == NULL) {
                    free(answer.data);
                    krb5_clear_error_message(context);
+                   EVP_MD_CTX_destroy(ctx);
                    ret = ENOMEM;
                    goto out;
                }
@@ -940,19 +964,23 @@ _kdc_do_digest(krb5_context context,
                if (r.u.response.rsp == NULL) {
                    free(answer.data);
                    krb5_clear_error_message(context);
+                   EVP_MD_CTX_destroy(ctx);
                    ret = ENOMEM;
                    goto out;
                }
 
                /* get_master, rfc 3079 3.4 */
-               SHA1_Init(&ctx);
-               SHA1_Update(&ctx, hashhash, 16); /* md4(hash) */
-               SHA1_Update(&ctx, answer.data, answer.length);
-               SHA1_Update(&ctx, ms_rfc3079_magic1, sizeof(ms_rfc3079_magic1));
-               SHA1_Final(md, &ctx);
+               EVP_DigestInit_ex(ctx, EVP_sha1(), NULL);
+               EVP_DigestUpdate(ctx, hashhash, 16);
+               EVP_DigestUpdate(ctx, answer.data, answer.length);
+               EVP_DigestUpdate(ctx, ms_rfc3079_magic1,
+                                sizeof(ms_rfc3079_magic1));
+               EVP_DigestFinal_ex(ctx, md, NULL);
 
                free(answer.data);
 
+               EVP_MD_CTX_destroy(ctx);
+
                r.u.response.session_key =
                    calloc(1, sizeof(*r.u.response.session_key));
                if (r.u.response.session_key == NULL) {
@@ -1237,7 +1265,7 @@ _kdc_do_digest(krb5_context context,
 
            if (flags & NTLM_NEG_NTLM2_SESSION) {
                unsigned char sessionhash[MD5_DIGEST_LENGTH];
-               MD5_CTX md5ctx;
+               EVP_MD_CTX *ctx;
                
                if ((config->digests_allowed & NTLM_V1_SESSION) == 0) {
                    kdc_log(context, config, 0, "NTLM v1-session not allowed");
@@ -1252,11 +1280,17 @@ _kdc_do_digest(krb5_context context,
                    goto failed;
                }
                
-               MD5_Init(&md5ctx);
-               MD5_Update(&md5ctx, challange, sizeof(challange));
-               MD5_Update(&md5ctx, ireq.u.ntlmRequest.lm.data, 8);
-               MD5_Final(sessionhash, &md5ctx);
+               ctx = EVP_MD_CTX_create();
+
+               EVP_DigestInit_ex(ctx, EVP_md5(), NULL);
+
+               EVP_DigestUpdate(ctx, challange, sizeof(challange));
+               EVP_DigestUpdate(ctx, ireq.u.ntlmRequest.lm.data, 8);
+               EVP_DigestFinal_ex(ctx, sessionhash, NULL);
                memcpy(challange, sessionhash, sizeof(challange));
+
+               EVP_MD_CTX_destroy(ctx);
+
            } else {
                if ((config->digests_allowed & NTLM_V1) == 0) {
                    kdc_log(context, config, 0, "NTLM v1 not allowed");
@@ -1283,18 +1317,23 @@ _kdc_do_digest(krb5_context context,
            free(answer.data);
 
            {
-               MD4_CTX ctx;
+               EVP_MD_CTX *ctx;
+
+               ctx = EVP_MD_CTX_create();
+
+               EVP_DigestInit_ex(ctx, EVP_md4(), NULL);
+               EVP_DigestUpdate(ctx,
+                                key->key.keyvalue.data,
+                                key->key.keyvalue.length);
+               EVP_DigestFinal_ex(ctx, sessionkey, NULL);
 
-               MD4_Init(&ctx);
-               MD4_Update(&ctx,
-                          key->key.keyvalue.data, key->key.keyvalue.length);
-               MD4_Final(sessionkey, &ctx);
+               EVP_MD_CTX_destroy(ctx);
            }
        }
 
        if (ireq.u.ntlmRequest.sessionkey) {
            unsigned char masterkey[MD4_DIGEST_LENGTH];
-           RC4_KEY rc4;
+           EVP_CIPHER_CTX rc4;
            size_t len;
        
            if ((flags & NTLM_NEG_KEYEX) == 0) {
@@ -1314,12 +1353,13 @@ _kdc_do_digest(krb5_context context,
                goto failed;
            }
        
-           RC4_set_key(&rc4, sizeof(sessionkey), sessionkey);
-       
-           RC4(&rc4, sizeof(masterkey),
-               ireq.u.ntlmRequest.sessionkey->data,
-               masterkey);
-           memset(&rc4, 0, sizeof(rc4));
+
+           EVP_CIPHER_CTX_init(&rc4);
+           EVP_CipherInit_ex(&rc4, EVP_rc4(), NULL, sessionkey, NULL, 1);
+           EVP_Cipher(&rc4,
+                      masterkey, ireq.u.ntlmRequest.sessionkey->data,
+                      sizeof(masterkey));
+           EVP_CIPHER_CTX_cleanup(&rc4);
        
            r.u.ntlmResponse.sessionkey =
                malloc(sizeof(*r.u.ntlmResponse.sessionkey));
diff --git a/source4/heimdal/kdc/kdc_locl.h b/source4/heimdal/kdc/kdc_locl.h
index 024937e..f2da03b 100644
--- a/source4/heimdal/kdc/kdc_locl.h
+++ b/source4/heimdal/kdc/kdc_locl.h
@@ -46,7 +46,8 @@ struct Kx509Request;
 #include <kdc-private.h>
 
 extern sig_atomic_t exit_flag;
-extern size_t max_request;
+extern size_t max_request_udp;
+extern size_t max_request_tcp;
 extern const char *request_log;
 extern const char *port_str;


-- 
Samba Shared Repository

<Prev in Thread] Current Thread [Next in Thread>