Vendor import of Heimdal 0.2o

8 files changed, 78 insertions, 37 deletions

diff --git a/crypto/heimdal/lib/krb5/Makefile.am b/crypto/heimdal/lib/krb5/Makefile.am
index ab2182c..a5f60c0 100644
--- a/crypto/heimdal/lib/krb5/Makefile.am
+++ b/crypto/heimdal/lib/krb5/Makefile.am
@@ -1,4 +1,4 @@
-# $Id: Makefile.am,v 1.96 2000/02/07 03:26:21 assar Exp $
+# $Id: Makefile.am,v 1.97 2000/02/13 20:35:49 assar Exp $
 
 include $(top_srcdir)/Makefile.am.common
 
@@ -119,7 +119,7 @@ libkrb5_la_SOURCES = \
 
 EXTRA_libkrb5_la_SOURCES = keytab_krb4.c
 
-libkrb5_la_LDFLAGS = -version-info 8:0:0
+libkrb5_la_LDFLAGS = -version-info 9:0:0
 
 $(libkrb5_la_OBJECTS): $(srcdir)/krb5-protos.h $(srcdir)/krb5-private.h
 
diff --git a/crypto/heimdal/lib/krb5/Makefile.in b/crypto/heimdal/lib/krb5/Makefile.in
index 33429d4..da4a0fb 100644
--- a/crypto/heimdal/lib/krb5/Makefile.in
+++ b/crypto/heimdal/lib/krb5/Makefile.in
@@ -10,7 +10,7 @@
 # even the implied warranty of MERCHANTABILITY or FITNESS FOR A
 # PARTICULAR PURPOSE.
 
-# $Id: Makefile.am,v 1.96 2000/02/07 03:26:21 assar Exp $
+# $Id: Makefile.am,v 1.97 2000/02/13 20:35:49 assar Exp $
 
 
 # $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
@@ -195,7 +195,7 @@ libkrb5_la_SOURCES =  	add_et_list.c 	addr_families.c 	address.c 	aname_to_local
 
 EXTRA_libkrb5_la_SOURCES = keytab_krb4.c
 
-libkrb5_la_LDFLAGS = -version-info 8:0:0
+libkrb5_la_LDFLAGS = -version-info 9:0:0
 
 libkrb5_la_LIBADD = ../com_err/error.lo ../com_err/com_err.lo
 
diff --git a/crypto/heimdal/lib/krb5/changepw.c b/crypto/heimdal/lib/krb5/changepw.c
index fd94440..56c89a0 100644
--- a/crypto/heimdal/lib/krb5/changepw.c
+++ b/crypto/heimdal/lib/krb5/changepw.c
@@ -33,21 +33,17 @@
 
 #include <krb5_locl.h>
 
-RCSID("$Id: changepw.c,v 1.19 1999/12/11 23:14:51 assar Exp $");
+RCSID("$Id: changepw.c,v 1.20 2000/02/07 13:40:18 joda Exp $");
 
 static krb5_error_code
 get_kdc_address (krb5_context context,
 		 krb5_realm realm,
 		 struct addrinfo **ai)
 {
-    struct addrinfo hints;
     krb5_error_code ret;
     char **hostlist;
     int port = 0;
-    char portstr[NI_MAXSERV];
     int error;
-    char *host;
-    char *dot;
 
     ret = krb5_get_krb_changepw_hst (context,
 				     &realm,
@@ -55,24 +51,9 @@ get_kdc_address (krb5_context context,
     if (ret)
 	return ret;
 
-    host = *hostlist;
+    port = ntohs(krb5_getportbyname (context, "kpasswd", "udp", KPASSWD_PORT));
+    error = roken_getaddrinfo_hostspec(*hostlist, port, ai);
 
-    dot = strchr (host, ':');
-    if (dot != NULL) {
-	char *end;
-
-	*dot++ = '\0';
-	port = strtol (dot, &end, 0);
-    }
-    if (port == 0)
-	port = krb5_getportbyname (context, "kpasswd", "udp", KPASSWD_PORT);
-    snprintf (portstr, sizeof(portstr), "%u", ntohs(port));
-
-    memset (&hints, 0, sizeof(hints));
-    hints.ai_socktype = SOCK_DGRAM;
-    hints.ai_protocol = IPPROTO_UDP;
-
-    error = getaddrinfo (host, portstr, &hints, ai);
     krb5_free_krbhst (context, hostlist);
     return error;
 }
diff --git a/crypto/heimdal/lib/krb5/context.c b/crypto/heimdal/lib/krb5/context.c
index 1a7e941..fb3fb61 100644
--- a/crypto/heimdal/lib/krb5/context.c
+++ b/crypto/heimdal/lib/krb5/context.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include "krb5_locl.h"
 
-RCSID("$Id: context.c,v 1.52 2000/02/04 17:10:26 joda Exp $");
+RCSID("$Id: context.c,v 1.53 2000/02/11 17:43:43 assar Exp $");
 
 #define INIT_FIELD(C, T, E, D, F)					\
     (C)->E = krb5_config_get_ ## T ## _default ((C), NULL, (D), 	\
@@ -318,7 +318,7 @@ krb5_add_extra_addresses(krb5_context context, krb5_addresses *addresses)
 }
 
 krb5_error_code
-krb5_set_extra_addresses(krb5_context context, krb5_addresses *addresses)
+krb5_set_extra_addresses(krb5_context context, const krb5_addresses *addresses)
 {
     if(context->extra_addresses) {
 	krb5_free_addresses(context, context->extra_addresses);
@@ -329,7 +329,7 @@ krb5_set_extra_addresses(krb5_context context, krb5_addresses *addresses)
 	if(context->extra_addresses == NULL)
 	    return ENOMEM;
     }
-    return copy_HostAddresses(addresses, context->extra_addresses);
+    return krb5_copy_addresses(context, addresses, context->extra_addresses);
 }
 
 krb5_error_code
diff --git a/crypto/heimdal/lib/krb5/krb5-protos.h b/crypto/heimdal/lib/krb5/krb5-protos.h
index 1b0abdb..59402a7 100644
--- a/crypto/heimdal/lib/krb5/krb5-protos.h
+++ b/crypto/heimdal/lib/krb5/krb5-protos.h
@@ -449,6 +449,13 @@ krb5_change_password __P((
 	krb5_data *result_code_string,
 	krb5_data *result_string));
 
+krb5_error_code
+krb5_check_transited_realms __P((
+	krb5_context context,
+	const char *const *realms,
+	int num_realms,
+	int *bad_realm));
+
 krb5_boolean
 krb5_checksum_is_collision_proof __P((
 	krb5_context context,
@@ -1948,7 +1955,7 @@ krb5_set_default_realm __P((
 krb5_error_code
 krb5_set_extra_addresses __P((
 	krb5_context context,
-	krb5_addresses *addresses));
+	const krb5_addresses *addresses));
 
 krb5_error_code
 krb5_set_fcache_version __P((
diff --git a/crypto/heimdal/lib/krb5/krb5_err.et b/crypto/heimdal/lib/krb5/krb5_err.et
index e8779df..895ae66 100644
--- a/crypto/heimdal/lib/krb5/krb5_err.et
+++ b/crypto/heimdal/lib/krb5/krb5_err.et
@@ -3,7 +3,7 @@
 #
 # This might look like a com_err file, but is not
 #
-id "$Id: krb5_err.et,v 1.7 1999/02/11 21:03:40 joda Exp $"
+id "$Id: krb5_err.et,v 1.8 2000/02/07 12:54:17 joda Exp $"
 
 error_table krb5
 
@@ -51,7 +51,7 @@ error_code ERR_BADVERSION,	"Protocol version mismatch"
 error_code ERR_MSG_TYPE,	"Invalid message type"
 error_code ERR_MODIFIED,	"Message stream modified"
 error_code ERR_BADORDER,	"Message out of order"
-error_code ERR_ILL_CR_TKT,	"Illegal cross-realm ticket"
+error_code ERR_ILL_CR_TKT,	"Invalid cross-realm ticket"
 error_code ERR_BADKEYVER,	"Key version is not available"
 error_code ERR_NOKEY,		"Service key not available"
 error_code ERR_MUT_FAIL,	"Mutual authentication failed"
@@ -71,14 +71,14 @@ error_code FIELD_TOOLONG,	"Field is too long for this implementation"
 # 62-127 are reserved
 index 128
 prefix
-error_code KRB5_ERR_RCSID,	"$Id: krb5_err.et,v 1.7 1999/02/11 21:03:40 joda Exp $"
+error_code KRB5_ERR_RCSID,	"$Id: krb5_err.et,v 1.8 2000/02/07 12:54:17 joda Exp $"
 
 error_code KRB5_LIBOS_BADLOCKFLAG,	"Invalid flag for file lock mode"
 error_code KRB5_LIBOS_CANTREADPWD,	"Cannot read password"
 error_code KRB5_LIBOS_BADPWDMATCH,	"Password mismatch"
 error_code KRB5_LIBOS_PWDINTR,		"Password read interrupted"
 
-error_code KRB5_PARSE_ILLCHAR,		"Illegal character in component name"
+error_code KRB5_PARSE_ILLCHAR,		"Invalid character in component name"
 error_code KRB5_PARSE_MALFORMED,	"Malformed representation of principal"
 
 error_code KRB5_CONFIG_CANTOPEN,	"Can't open/find configuration file"
diff --git a/crypto/heimdal/lib/krb5/rd_req.c b/crypto/heimdal/lib/krb5/rd_req.c
index 236ecb4..bcf4ecf 100644
--- a/crypto/heimdal/lib/krb5/rd_req.c
+++ b/crypto/heimdal/lib/krb5/rd_req.c
@@ -33,7 +33,7 @@
 
 #include <krb5_locl.h>
 
-RCSID("$Id: rd_req.c,v 1.40 2000/02/06 05:20:31 assar Exp $");
+RCSID("$Id: rd_req.c,v 1.41 2000/02/07 13:31:55 joda Exp $");
 
 static krb5_error_code
 decrypt_tkt_enc_part (krb5_context context,
@@ -188,6 +188,30 @@ out:
     return ret;
 }
 
+#if 0
+static krb5_error_code
+check_transited(krb5_context context,
+		krb5_ticket *ticket)
+{
+    char **realms;
+    int num_realms;
+    krb5_error_code ret;
+
+    if(ticket->ticket.transited.tr_type != DOMAIN_X500_COMPRESS)
+	return KRB5KDC_ERR_TRTYPE_NOSUPP;
+
+    ret = krb5_domain_x500_decode(ticket->ticket.transited.contents, 
+				  &realms, &num_realms, 
+				  ticket->client->realm,
+				  ticket->server->realm);
+    if(ret)
+	return ret;
+    ret = krb5_check_transited_realms(context, realms, num_realms, NULL);
+    free(realms);
+    return ret;
+}
+#endif
+
 krb5_error_code
 krb5_verify_ap_req(krb5_context context,
 		   krb5_auth_context *auth_context,
diff --git a/crypto/heimdal/lib/krb5/transited.c b/crypto/heimdal/lib/krb5/transited.c
index 2295551..1faf378 100644
--- a/crypto/heimdal/lib/krb5/transited.c
+++ b/crypto/heimdal/lib/krb5/transited.c
@@ -33,7 +33,7 @@
 
 #include "krb5_locl.h"
 
-RCSID("$Id: transited.c,v 1.6 2000/02/07 03:19:43 assar Exp $");
+RCSID("$Id: transited.c,v 1.7 2000/02/07 13:30:41 joda Exp $");
 
 /* this is an attempt at one of the most horrible `compression'
    schemes that has ever been invented; it's so amazingly brain-dead
@@ -363,6 +363,35 @@ krb5_domain_x500_encode(char **realms, int num_realms, krb5_data *encoding)
     return 0;
 }
 
+krb5_error_code
+krb5_check_transited_realms(krb5_context context,
+			    const char *const *realms, 
+			    int num_realms, 
+			    int *bad_realm)
+{
+    int i;
+    int ret = 0;
+    char **bad_realms = krb5_config_get_strings(context, NULL, 
+						"libdefaults", 
+						"transited_realms_reject", 
+						NULL);
+    if(bad_realms == NULL)
+	return 0;
+
+    for(i = 0; i < num_realms; i++) {
+	char **p;
+	for(p = bad_realms; *p; p++)
+	    if(strcmp(*p, realms[i]) == 0) {
+		ret = KRB5KRB_AP_ERR_ILL_CR_TKT;
+		if(bad_realm)
+		    *bad_realm = i;
+		break;
+	    }
+    }
+    krb5_config_free_strings(bad_realms);
+    return ret;
+}
+
 #if 0
 int
 main(int argc, char **argv)