Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/HEIMDAL]: src/crypto/external/bsd/heimdal/dist Import heimdal-7.8.0 (pre...
details: https://anonhg.NetBSD.org/src/rev/2e38182cb589
branches: HEIMDAL
changeset: 376475:2e38182cb589
user: christos <christos%NetBSD.org@localhost>
date: Mon Jun 19 21:37:02 2023 +0000
description:
Import heimdal-7.8.0 (previous was 7.7.0)
This release includes both the Heimdal 7.7.1 Security Vulnerability
fixes and non-Security bug fixes/improvements.
Security Vulnerabilities:
- CVE-2022-42898 PAC parse integer overflows
- CVE-2022-3437 Overflows and non-constant time leaks in DES{,3} and arcfour
- CVE-2022-41916 Fix Unicode normalization read of 1 bytes past end of array
- CVE-2021-44758 A null pointer de-reference DoS in SPNEGO acceptors
- CVE-2021-3671 A null pointer de-reference when handling missing sname
in TGS-REQ
- CVE-2022-44640 Heimdal KDC: invalid free in ASN.1 codec
Note that CVE-2022-44640 is a severe vulnerability, possibly a 10.0
on the Common Vulnerability Scoring System (CVSS) v3, as we believe
it should be possible to get an RCE on a KDC, which means that
credentials can be compromised that can be used to impersonate
anyone in a realm or forest of realms.
Heimdal's ASN.1 compiler generates code that allows specially
crafted DER encodings of CHOICEs to invoke the wrong free function
on the decoded structure upon decode error. This is known to impact
the Heimdal KDC, leading to an invalid free() of an address partly
or wholly under the control of the attacker, in turn leading to a
potential remote code execution (RCE) vulnerability.
This error affects the DER codec for all extensible CHOICE types
used in Heimdal, though not all cases will be exploitable. We have
not completed a thorough analysis of all the Heimdal components
affected, thus the Kerberos client, the X.509 library, and other
parts, may be affected as well.
This bug has been in Heimdal's ASN.1 compiler since 2005, but it may
only affect Heimdal 1.6 and up. It was first reported by Douglas
Bagnall, though it had been found independently by the Heimdal
maintainers via fuzzing a few weeks earlier.
While no zero-day exploit is known, such an exploit will likely be
available soon after public disclosure.
- CVE-2019-14870: Validate client attributes in protocol-transition
- CVE-2019-14870: Apply forwardable policy in protocol-transition
- CVE-2019-14870: Always lookup impersonate client in DB
Other changes:
- Bugs found by UBSAN (including the incorrect encoding of unconstrained
INTEGER value -1).
- Errors found by the LLVM scan-build static analyzer.
- Errors found by the valgrind memory debugger.
- Work around GCC Bug 95189 (memcmp wrongly stripped like strcmp).
- Correct ASN.1 OID typo for SHA-384
- Fix a deadlock in in the MEMORY ccache type.
- TGS: strip forwardable and proxiable flags if the server is
disallowed.
- CVE-2019-14870: Validate client attributes in protocol-transition
- CVE-2019-14870: Apply forwardable policy in protocol-transition
- CVE-2019-14870: Always lookup impersonate client in DB
- Incremental HDB propagation improvements
Refactor send_diffs making it progressive
Handle partial writes on non-blocking sockets
Disable Nagle in iprop master and slave
Use async I/O
Don't send I_HAVE in response to AYT
Do not recover log in kadm5_get_principal()
Don't send diffs to slaves with not yet known version
Don't stutter in send_diffs
- Optional backwards-compatible anon-pkinit behavior
diffstat:
crypto/external/bsd/heimdal/dist/cf/roken-frag.m4 | 2 -
crypto/external/bsd/heimdal/dist/cf/version-script.m4 | 2 +-
crypto/external/bsd/heimdal/dist/configure.ac | 9 +-
crypto/external/bsd/heimdal/dist/doc/heimdal.hhp | 2 +-
crypto/external/bsd/heimdal/dist/doc/hx509.hhp | 2 +-
crypto/external/bsd/heimdal/dist/include/crypto-headers.h | 37 +-
crypto/external/bsd/heimdal/dist/include/heim_threads.h | 4 +-
crypto/external/bsd/heimdal/dist/kadmin/get.c | 2 +-
crypto/external/bsd/heimdal/dist/kadmin/kadmind.8 | 2 +-
crypto/external/bsd/heimdal/dist/kadmin/rpc.c | 2 +-
crypto/external/bsd/heimdal/dist/kadmin/util.c | 2 +-
crypto/external/bsd/heimdal/dist/kcm/cache.c | 3 +-
crypto/external/bsd/heimdal/dist/kcm/client.c | 8 +-
crypto/external/bsd/heimdal/dist/kcm/config.c | 21 +-
crypto/external/bsd/heimdal/dist/kcm/glue.c | 83 +-
crypto/external/bsd/heimdal/dist/kcm/kcm.8 | 2 +-
crypto/external/bsd/heimdal/dist/kdc/connect.c | 4 +-
crypto/external/bsd/heimdal/dist/kdc/digest.c | 29 +-
crypto/external/bsd/heimdal/dist/kdc/hprop.8 | 2 +-
crypto/external/bsd/heimdal/dist/kdc/hpropd.8 | 2 +-
crypto/external/bsd/heimdal/dist/kdc/kdc.8 | 2 +-
crypto/external/bsd/heimdal/dist/kdc/kerberos5.c | 2 +-
crypto/external/bsd/heimdal/dist/kdc/kstash.8 | 2 +-
crypto/external/bsd/heimdal/dist/kdc/kx509.c | 64 +-
crypto/external/bsd/heimdal/dist/kdc/pkinit-ec.c | 5 +-
crypto/external/bsd/heimdal/dist/kdc/pkinit.c | 36 +-
crypto/external/bsd/heimdal/dist/kdc/string2key.8 | 2 +-
crypto/external/bsd/heimdal/dist/kpasswd/kpasswdd.8 | 2 +-
crypto/external/bsd/heimdal/dist/kpasswd/kpasswdd.c | 92 +-
crypto/external/bsd/heimdal/dist/kuser/copy_cred_cache.1 | 2 +-
crypto/external/bsd/heimdal/dist/kuser/kdestroy.1 | 2 +-
crypto/external/bsd/heimdal/dist/kuser/kgetcred.1 | 2 +-
crypto/external/bsd/heimdal/dist/kuser/kimpersonate.8 | 2 +-
crypto/external/bsd/heimdal/dist/kuser/kinit.1 | 2 +-
crypto/external/bsd/heimdal/dist/kuser/kinit.c | 14 +-
crypto/external/bsd/heimdal/dist/kuser/klist.1 | 2 +-
crypto/external/bsd/heimdal/dist/kuser/klist.c | 2 +-
crypto/external/bsd/heimdal/dist/lib/asn1/gen.c | 21 +-
crypto/external/bsd/heimdal/dist/lib/asn1/gen_locl.h | 6 +-
crypto/external/bsd/heimdal/dist/lib/asn1/lex.h | 4 +-
crypto/external/bsd/heimdal/dist/lib/asn1/main.c | 4 +-
crypto/external/bsd/heimdal/dist/lib/base/error.c | 2 +-
crypto/external/bsd/heimdal/dist/lib/com_err/com_err.3 | 2 +-
crypto/external/bsd/heimdal/dist/lib/com_err/compile_et.c | 7 +-
crypto/external/bsd/heimdal/dist/lib/gssapi/gss_acquire_cred.3 | 2 +-
crypto/external/bsd/heimdal/dist/lib/gssapi/gssapi.3 | 2 +-
crypto/external/bsd/heimdal/dist/lib/gssapi/krb5/arcfour.c | 263 +-
crypto/external/bsd/heimdal/dist/lib/gssapi/krb5/get_mic.c | 28 +-
crypto/external/bsd/heimdal/dist/lib/gssapi/krb5/init_sec_context.c | 2 +-
crypto/external/bsd/heimdal/dist/lib/gssapi/krb5/unwrap.c | 47 +-
crypto/external/bsd/heimdal/dist/lib/gssapi/krb5/verify_mic.c | 41 +-
crypto/external/bsd/heimdal/dist/lib/gssapi/krb5/wrap.c | 47 +-
crypto/external/bsd/heimdal/dist/lib/gssapi/mech/gss_pname_to_uid.c | 12 +-
crypto/external/bsd/heimdal/dist/lib/gssapi/mech/mech.5 | 2 +-
crypto/external/bsd/heimdal/dist/lib/gssapi/ntlm/creds.c | 2 +-
crypto/external/bsd/heimdal/dist/lib/gssapi/ntlm/crypto.c | 26 +-
crypto/external/bsd/heimdal/dist/lib/hcrypto/engine.c | 2 +-
crypto/external/bsd/heimdal/dist/lib/hcrypto/example_evp_cipher.c | 5 +-
crypto/external/bsd/heimdal/dist/lib/hdb/hdb.c | 2 +-
crypto/external/bsd/heimdal/dist/lib/hdb/keys.c | 2 +-
crypto/external/bsd/heimdal/dist/lib/hx509/ChangeLog | 2 +-
crypto/external/bsd/heimdal/dist/lib/hx509/cert.c | 2 +-
crypto/external/bsd/heimdal/dist/lib/hx509/crypto.c | 172 +-
crypto/external/bsd/heimdal/dist/lib/hx509/hxtool.c | 24 +-
crypto/external/bsd/heimdal/dist/lib/hx509/ks_file.c | 27 +-
crypto/external/bsd/heimdal/dist/lib/hx509/ks_p11.c | 30 +-
crypto/external/bsd/heimdal/dist/lib/hx509/revoke.c | 2 +-
crypto/external/bsd/heimdal/dist/lib/hx509/sel-gram.c | 1789 ++++-----
crypto/external/bsd/heimdal/dist/lib/hx509/sel-gram.h | 99 +-
crypto/external/bsd/heimdal/dist/lib/hx509/sel-gram.y | 15 +-
crypto/external/bsd/heimdal/dist/lib/hx509/sel-lex.c | 452 +-
crypto/external/bsd/heimdal/dist/lib/hx509/sel-lex.l | 20 +-
crypto/external/bsd/heimdal/dist/lib/hx509/sel.c | 4 +-
crypto/external/bsd/heimdal/dist/lib/hx509/sel.h | 22 +-
crypto/external/bsd/heimdal/dist/lib/hx509/softp11.c | 10 +-
crypto/external/bsd/heimdal/dist/lib/kadm5/ad.c | 4 +-
crypto/external/bsd/heimdal/dist/lib/kadm5/iprop-log.8 | 2 +-
crypto/external/bsd/heimdal/dist/lib/kadm5/iprop.8 | 2 +-
crypto/external/bsd/heimdal/dist/lib/kafs/rxkad_kdf.c | 27 +-
crypto/external/bsd/heimdal/dist/lib/krb5/auth_context.c | 2 +-
crypto/external/bsd/heimdal/dist/lib/krb5/config_file.c | 9 +-
crypto/external/bsd/heimdal/dist/lib/krb5/context.c | 4 +-
crypto/external/bsd/heimdal/dist/lib/krb5/crypto-aes-sha1.c | 28 +-
crypto/external/bsd/heimdal/dist/lib/krb5/crypto-arcfour.c | 44 +-
crypto/external/bsd/heimdal/dist/lib/krb5/crypto-des-common.c | 34 +-
crypto/external/bsd/heimdal/dist/lib/krb5/crypto-des.c | 12 +-
crypto/external/bsd/heimdal/dist/lib/krb5/crypto-des3.c | 24 +-
crypto/external/bsd/heimdal/dist/lib/krb5/crypto-evp.c | 61 +-
crypto/external/bsd/heimdal/dist/lib/krb5/crypto.h | 6 +-
crypto/external/bsd/heimdal/dist/lib/krb5/get_default_principal.c | 10 +-
crypto/external/bsd/heimdal/dist/lib/krb5/krb5.conf.5 | 2 +-
crypto/external/bsd/heimdal/dist/lib/krb5/krb524_convert_creds_kdc.3 | 2 +-
crypto/external/bsd/heimdal/dist/lib/krb5/krb5_c_make_checksum.3 | 2 +-
crypto/external/bsd/heimdal/dist/lib/krb5/krb5_get_in_cred.3 | 2 +-
crypto/external/bsd/heimdal/dist/lib/krb5/krb5_init_context.3 | 2 +-
crypto/external/bsd/heimdal/dist/lib/krb5/krb5_is_thread_safe.3 | 2 +-
crypto/external/bsd/heimdal/dist/lib/krb5/krb5_principal.3 | 2 +-
crypto/external/bsd/heimdal/dist/lib/krb5/krb5_string_to_key.3 | 2 +-
crypto/external/bsd/heimdal/dist/lib/krb5/krb5_timeofday.3 | 2 +-
crypto/external/bsd/heimdal/dist/lib/krb5/kuserok.c | 4 +-
crypto/external/bsd/heimdal/dist/lib/krb5/pac.c | 2 +-
crypto/external/bsd/heimdal/dist/lib/krb5/pkinit-ec.c | 5 +-
crypto/external/bsd/heimdal/dist/lib/krb5/pkinit.c | 48 +-
crypto/external/bsd/heimdal/dist/lib/krb5/salt.c | 2 +-
crypto/external/bsd/heimdal/dist/lib/krb5/send_to_kdc.c | 13 +-
crypto/external/bsd/heimdal/dist/lib/krb5/sp800-108-kdf.c | 32 +-
crypto/external/bsd/heimdal/dist/lib/krb5/test_pknistkdf.c | 2 +-
crypto/external/bsd/heimdal/dist/lib/krb5/ticket.c | 2 +-
crypto/external/bsd/heimdal/dist/lib/krb5/version-script.map | 9 -
crypto/external/bsd/heimdal/dist/lib/ntlm/ntlm.c | 155 +-
crypto/external/bsd/heimdal/dist/lib/roken/ChangeLog | 2 +-
crypto/external/bsd/heimdal/dist/lib/roken/get_window_size.c | 2 +-
crypto/external/bsd/heimdal/dist/lib/roken/getarg.c | 4 +-
crypto/external/bsd/heimdal/dist/lib/roken/getxxyyy.c | 76 +-
crypto/external/bsd/heimdal/dist/lib/roken/resolve.c | 2 +-
crypto/external/bsd/heimdal/dist/lib/roken/roken.h.in | 9 +-
crypto/external/bsd/heimdal/dist/lib/roken/rtbl.3 | 2 +-
crypto/external/bsd/heimdal/dist/lib/vers/print_version.c | 2 +-
crypto/external/bsd/heimdal/dist/packages/mac/Resources/English.lproj/Welcome.rtf | 2 +-
crypto/external/bsd/heimdal/dist/packages/windows/NTMakefile | 2 +-
crypto/external/bsd/heimdal/dist/packages/windows/assembly/policy.Heimdal.Kerberos.in | 2 +-
crypto/external/bsd/heimdal/dist/packages/windows/installer/heimdal-assemblies.wxs | 2 +-
crypto/external/bsd/heimdal/dist/tests/kdc/wait-kdc.sh | 2 +-
123 files changed, 1677 insertions(+), 2649 deletions(-)
diffs (truncated from 7882 to 300 lines):
diff -r b79afeea386c -r 2e38182cb589 crypto/external/bsd/heimdal/dist/cf/roken-frag.m4
--- a/crypto/external/bsd/heimdal/dist/cf/roken-frag.m4 Mon Jun 19 21:33:04 2023 +0000
+++ b/crypto/external/bsd/heimdal/dist/cf/roken-frag.m4 Mon Jun 19 21:37:02 2023 +0000
@@ -317,8 +317,6 @@ AC_FIND_IF_NOT_BROKEN(gai_strerror,,
#include <ws2tcpip.h>
#endif],[0])
-AC_CHECK_LIB(util, emalloc)
-
case "$host_os" in
darwin*)
;;
diff -r b79afeea386c -r 2e38182cb589 crypto/external/bsd/heimdal/dist/cf/version-script.m4
--- a/crypto/external/bsd/heimdal/dist/cf/version-script.m4 Mon Jun 19 21:33:04 2023 +0000
+++ b/crypto/external/bsd/heimdal/dist/cf/version-script.m4 Mon Jun 19 21:37:02 2023 +0000
@@ -36,4 +36,4 @@ AC_SUBST(VERSIONING)
AM_CONDITIONAL(versionscript,test $doversioning = yes)
AC_SUBST(LDFLAGS_VERSION_SCRIPT)
-])
+])
\ No newline at end of file
diff -r b79afeea386c -r 2e38182cb589 crypto/external/bsd/heimdal/dist/configure.ac
--- a/crypto/external/bsd/heimdal/dist/configure.ac Mon Jun 19 21:33:04 2023 +0000
+++ b/crypto/external/bsd/heimdal/dist/configure.ac Mon Jun 19 21:37:02 2023 +0000
@@ -1,5 +1,5 @@
dnl Process this file with autoconf to produce a configure script.
-AC_REVISION($Revision: 1.1.1.5 $)
+AC_REVISION(Revision)
AC_PREREQ(2.62)
test -z "$CFLAGS" && CFLAGS="-g"
AC_INIT([Heimdal],[7.8.0],[https://github.com/heimdal/heimdal/issues])
@@ -291,12 +291,6 @@ AC_SUBST(ENABLE_AFS_STRING_TO_KEY)dnl
rk_CHECK_MAN
-AC_CHECK_HEADERS([\
- readline/readline.h \
- readline.h \
- editline/readline.h \
-])
-
rk_TEST_PACKAGE(readline,
[#include <stdio.h>
#if defined(HAVE_READLINE_READLINE_H)
@@ -519,7 +513,6 @@ KRB_CAPABILITIES
rk_DLADDR
AC_CHECK_GETPWNAM_R_POSIX
-AC_CHECK_GETPWUID_R_POSIX
dnl detect doors on solaris
if test "$enable_pthread_support" != no; then
diff -r b79afeea386c -r 2e38182cb589 crypto/external/bsd/heimdal/dist/doc/heimdal.hhp
--- a/crypto/external/bsd/heimdal/dist/doc/heimdal.hhp Mon Jun 19 21:33:04 2023 +0000
+++ b/crypto/external/bsd/heimdal/dist/doc/heimdal.hhp Mon Jun 19 21:37:02 2023 +0000
@@ -5,4 +5,4 @@ Contents file=toc.hhc
Default topic=index.html
Display compile progress=No
Language=0x409 English (United States)
-Title=Heimdal
+Title=Heimdal
\ No newline at end of file
diff -r b79afeea386c -r 2e38182cb589 crypto/external/bsd/heimdal/dist/doc/hx509.hhp
--- a/crypto/external/bsd/heimdal/dist/doc/hx509.hhp Mon Jun 19 21:33:04 2023 +0000
+++ b/crypto/external/bsd/heimdal/dist/doc/hx509.hhp Mon Jun 19 21:37:02 2023 +0000
@@ -5,4 +5,4 @@ Contents file=toc.hhc
Default topic=index.html
Display compile progress=No
Language=0x409 English (United States)
-Title=HX509
+Title=HX509
\ No newline at end of file
diff -r b79afeea386c -r 2e38182cb589 crypto/external/bsd/heimdal/dist/include/crypto-headers.h
--- a/crypto/external/bsd/heimdal/dist/include/crypto-headers.h Mon Jun 19 21:33:04 2023 +0000
+++ b/crypto/external/bsd/heimdal/dist/include/crypto-headers.h Mon Jun 19 21:37:02 2023 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: crypto-headers.h,v 1.1.1.3 2023/06/19 21:33:10 christos Exp $ */
+/* $NetBSD: crypto-headers.h,v 1.1.1.4 2023/06/19 21:37:06 christos Exp $ */
#ifndef __crypto_header__
#define __crypto_header__
@@ -7,39 +7,6 @@
#error "need config.h"
#endif
-#ifdef HAVE_HCRYPTO_W_OPENSSL
-
-
-#define OPENSSL_DES_LIBDES_COMPATIBILITY
-
-#include <openssl/evp.h>
-#include <openssl/des.h>
-#include <openssl/rc4.h>
-#include <openssl/rc2.h>
-#include <openssl/md4.h>
-#include <openssl/md5.h>
-#include <openssl/sha.h>
-#include <openssl/ui.h>
-#include <openssl/rand.h>
-#include <openssl/engine.h>
-#include <openssl/pkcs12.h>
-#include <openssl/pem.h>
-#include <openssl/hmac.h>
-#include <openssl/ec.h>
-#include <openssl/ecdsa.h>
-#include <openssl/ecdh.h>
-#if OPENSSL_VERSION_NUMBER < 0x10100000UL
-# ifndef BN_is_negative
-# define BN_set_negative(bn, flag) ((bn)->neg=(flag)?1:0)
-# define BN_is_negative(bn) ((bn)->neg != 0)
-# endif
-#if OPENSSL_VERSION_NUMBER >= 0x30000000UL
-# define EVP_rc4() EVP_CIPHER_fetch(NULL, "rc4", "provider=legacy")
-#endif
-#endif
-
-#else /* !HAVE_HCRYPTO_W_OPENSSL */
-
#ifdef KRB5
#include <krb5/krb5-types.h>
#endif
@@ -57,6 +24,4 @@
#include <hcrypto/pkcs12.h>
#include <hcrypto/hmac.h>
-#endif
-
#endif /* __crypto_header__ */
diff -r b79afeea386c -r 2e38182cb589 crypto/external/bsd/heimdal/dist/include/heim_threads.h
--- a/crypto/external/bsd/heimdal/dist/include/heim_threads.h Mon Jun 19 21:33:04 2023 +0000
+++ b/crypto/external/bsd/heimdal/dist/include/heim_threads.h Mon Jun 19 21:37:02 2023 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: heim_threads.h,v 1.1.1.6 2023/06/19 21:33:10 christos Exp $ */
+/* $NetBSD: heim_threads.h,v 1.1.1.7 2023/06/19 21:37:06 christos Exp $ */
/*
* Copyright (c) 2003-2016 Kungliga Tekniska Högskolan
@@ -54,7 +54,7 @@
#else
-#if defined(__clang__) || defined(__GNUC__) || defined(__SUNPRO_C) || defined(__lint__)
+#if defined(__clang__) || defined(__GNUC__) || defined(__SUNPRO_C)
#define HEIMDAL_THREAD_LOCAL __thread
#else
#error "thread-local attribute not defined for your compiler"
diff -r b79afeea386c -r 2e38182cb589 crypto/external/bsd/heimdal/dist/kadmin/get.c
--- a/crypto/external/bsd/heimdal/dist/kadmin/get.c Mon Jun 19 21:33:04 2023 +0000
+++ b/crypto/external/bsd/heimdal/dist/kadmin/get.c Mon Jun 19 21:37:02 2023 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: get.c,v 1.1.1.4 2023/06/19 21:33:10 christos Exp $ */
+/* $NetBSD: get.c,v 1.1.1.5 2023/06/19 21:37:06 christos Exp $ */
/*
* Copyright (c) 1997-2006 Kungliga Tekniska Högskolan
diff -r b79afeea386c -r 2e38182cb589 crypto/external/bsd/heimdal/dist/kadmin/kadmind.8
--- a/crypto/external/bsd/heimdal/dist/kadmin/kadmind.8 Mon Jun 19 21:33:04 2023 +0000
+++ b/crypto/external/bsd/heimdal/dist/kadmin/kadmind.8 Mon Jun 19 21:37:02 2023 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: kadmind.8,v 1.1.1.6 2023/06/19 21:33:10 christos Exp $
+.\" $NetBSD: kadmind.8,v 1.1.1.7 2023/06/19 21:37:06 christos Exp $
.\"
.\" Copyright (c) 2002 - 2004 Kungliga Tekniska Högskolan
.\" (Royal Institute of Technology, Stockholm, Sweden).
diff -r b79afeea386c -r 2e38182cb589 crypto/external/bsd/heimdal/dist/kadmin/rpc.c
--- a/crypto/external/bsd/heimdal/dist/kadmin/rpc.c Mon Jun 19 21:33:04 2023 +0000
+++ b/crypto/external/bsd/heimdal/dist/kadmin/rpc.c Mon Jun 19 21:37:02 2023 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: rpc.c,v 1.1.1.4 2023/06/19 21:33:10 christos Exp $ */
+/* $NetBSD: rpc.c,v 1.1.1.5 2023/06/19 21:37:06 christos Exp $ */
/*
* Copyright (c) 2008 Kungliga Tekniska Högskolan
diff -r b79afeea386c -r 2e38182cb589 crypto/external/bsd/heimdal/dist/kadmin/util.c
--- a/crypto/external/bsd/heimdal/dist/kadmin/util.c Mon Jun 19 21:33:04 2023 +0000
+++ b/crypto/external/bsd/heimdal/dist/kadmin/util.c Mon Jun 19 21:37:02 2023 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: util.c,v 1.1.1.4 2023/06/19 21:33:10 christos Exp $ */
+/* $NetBSD: util.c,v 1.1.1.5 2023/06/19 21:37:06 christos Exp $ */
/*
* Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan
diff -r b79afeea386c -r 2e38182cb589 crypto/external/bsd/heimdal/dist/kcm/cache.c
--- a/crypto/external/bsd/heimdal/dist/kcm/cache.c Mon Jun 19 21:33:04 2023 +0000
+++ b/crypto/external/bsd/heimdal/dist/kcm/cache.c Mon Jun 19 21:37:02 2023 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: cache.c,v 1.1.1.5 2023/06/19 21:33:10 christos Exp $ */
+/* $NetBSD: cache.c,v 1.1.1.6 2023/06/19 21:37:07 christos Exp $ */
/*
* Copyright (c) 2005, PADL Software Pty Ltd.
@@ -324,7 +324,6 @@ kcm_ccache_alloc(krb5_context context,
slot->key.keytab = NULL;
slot->tkt_life = 0;
slot->renew_life = 0;
- slot->kdc_offset = 0;
if (new_slot)
ccache_head = slot;
diff -r b79afeea386c -r 2e38182cb589 crypto/external/bsd/heimdal/dist/kcm/client.c
--- a/crypto/external/bsd/heimdal/dist/kcm/client.c Mon Jun 19 21:33:04 2023 +0000
+++ b/crypto/external/bsd/heimdal/dist/kcm/client.c Mon Jun 19 21:37:02 2023 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: client.c,v 1.1.1.4 2023/06/19 21:33:10 christos Exp $ */
+/* $NetBSD: client.c,v 1.1.1.5 2023/06/19 21:37:07 christos Exp $ */
/*
* Copyright (c) 2005, PADL Software Pty Ltd.
@@ -174,10 +174,8 @@ kcm_ccache_new_client(krb5_context conte
if (matches == 0)
matches = sscanf(name,"%ld",&uid);
if (matches == 1) {
- struct passwd pw, *pwd = NULL;
- char pwbuf[2048];
-
- if (rk_getpwuid_r(getuid(), &pw, pwbuf, sizeof(pwbuf), &pwd) == 0) {
+ struct passwd *pwd = getpwuid(uid);
+ if (pwd != NULL) {
gid_t gid = pwd->pw_gid;
kcm_chown(context, client, ccache, uid, gid);
}
diff -r b79afeea386c -r 2e38182cb589 crypto/external/bsd/heimdal/dist/kcm/config.c
--- a/crypto/external/bsd/heimdal/dist/kcm/config.c Mon Jun 19 21:33:04 2023 +0000
+++ b/crypto/external/bsd/heimdal/dist/kcm/config.c Mon Jun 19 21:37:02 2023 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: config.c,v 1.1.1.4 2023/06/19 21:33:10 christos Exp $ */
+/* $NetBSD: config.c,v 1.1.1.5 2023/06/19 21:37:07 christos Exp $ */
/*
* Copyright (c) 2005, PADL Software Pty Ltd.
@@ -159,33 +159,28 @@ static int parse_owners(kcm_ccache ccach
{
uid_t uid = 0;
gid_t gid = 0;
+ struct passwd *pw;
struct group *gr;
int uid_p = 0;
int gid_p = 0;
- struct passwd pw, *pwd = NULL;
- char pwbuf[2048];
if (system_user != NULL) {
if (isdigit((unsigned char)system_user[0])) {
- if (rk_getpwuid_r(atoi(system_user), &pw, pwbuf, sizeof(pwbuf),
- &pwd) != 0)
- pwd = NULL;
+ pw = getpwuid(atoi(system_user));
} else {
- if (rk_getpwnam_r(system_user, &pw, pwbuf, sizeof(pwbuf),
- &pwd) != 0)
- pwd = NULL;
+ pw = getpwnam(system_user);
}
- if (pwd == NULL) {
+ if (pw == NULL) {
return errno;
}
- system_user = strdup(pwd->pw_name);
+ system_user = strdup(pw->pw_name);
if (system_user == NULL) {
return ENOMEM;
}
- uid = pwd->pw_uid; uid_p = 1;
- gid = pwd->pw_gid; gid_p = 1;
+ uid = pw->pw_uid; uid_p = 1;
+ gid = pw->pw_gid; gid_p = 1;
}
if (system_group != NULL) {
diff -r b79afeea386c -r 2e38182cb589 crypto/external/bsd/heimdal/dist/kcm/glue.c
--- a/crypto/external/bsd/heimdal/dist/kcm/glue.c Mon Jun 19 21:33:04 2023 +0000
+++ b/crypto/external/bsd/heimdal/dist/kcm/glue.c Mon Jun 19 21:37:02 2023 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: glue.c,v 1.1.1.4 2023/06/19 21:33:10 christos Exp $ */
+/* $NetBSD: glue.c,v 1.1.1.5 2023/06/19 21:37:07 christos Exp $ */
/*
* Copyright (c) 2005, PADL Software Pty Ltd.
@@ -34,7 +34,7 @@
#include "kcm_locl.h"
-__RCSID("$NetBSD: glue.c,v 1.1.1.4 2023/06/19 21:33:10 christos Exp $");
+__RCSID("$NetBSD: glue.c,v 1.1.1.5 2023/06/19 21:37:07 christos Exp $");
/*
* Server-side loopback glue for credentials cache operations; this
@@ -248,60 +248,33 @@ kcmss_get_version(krb5_context context,
return 0;
}
-static krb5_error_code
-kcmss_get_kdc_sec_offset(krb5_context context,
- krb5_ccache id,
- krb5_deltat *t)
-{
- kcm_ccache c = KCMCACHE(id);
Home |
Main Index |
Thread Index |
Old Index