Christian Wiese
14 years ago
committed by
Christian Wiese
Christian Wiese
5 changed files with 3 additions and 387 deletions
Split View
Diff Options
-
+0 -31security/heimdal/glibc-2.5-getnameinfo.patch
-
+0 -27security/heimdal/hdb-ldap-cflags.patch
-
+0 -285security/heimdal/hdb-ldap-get_values.patch
-
+0 -41security/heimdal/hdb-ldap-malloc.patch
-
+3 -3security/heimdal/heimdal.desc
@ -1,31 +0,0 @@ |
|||
# --- SDE-COPYRIGHT-NOTE-BEGIN --- |
|||
# This copyright note is auto-generated by ./scripts/Create-CopyPatch. |
|||
# |
|||
# Filename: package/.../heimdal/glibc-2.5-getnameinfo.patch |
|||
# Copyright (C) 2006 The OpenSDE Project |
|||
# |
|||
# More information can be found in the files COPYING and README. |
|||
# |
|||
# This patch file is dual-licensed. It is available under the license the |
|||
# patched project is licensed under, as long as it is an OpenSource license |
|||
# as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms |
|||
# of the GNU General Public License as published by the Free Software |
|||
# Foundation; either version 2 of the License, or (at your option) any later |
|||
# version. |
|||
# --- SDE-COPYRIGHT-NOTE-END --- |
|||
|
|||
--- heimdal-0.8-rc1/lib/roken/getnameinfo.c.orig 2006-11-07 15:09:06.000000000 +0200
|
|||
+++ heimdal-0.8-rc1/lib/roken/getnameinfo.c 2006-11-07 15:16:02.000000000 +0200
|
|||
@@ -94,6 +94,7 @@
|
|||
* |
|||
*/ |
|||
|
|||
+#ifndef HAVE_GETNAMEINFO
|
|||
int ROKEN_LIB_FUNCTION |
|||
getnameinfo(const struct sockaddr *sa, socklen_t salen, |
|||
char *host, size_t hostlen, |
|||
@@ -125,3 +126,4 @@
|
|||
return EAI_FAMILY; |
|||
} |
|||
} |
|||
+#endif
|
|||
@ -1,27 +0,0 @@ |
|||
# --- SDE-COPYRIGHT-NOTE-BEGIN --- |
|||
# This copyright note is auto-generated by ./scripts/Create-CopyPatch. |
|||
# |
|||
# Filename: package/.../heimdal/hdb-ldap-cflags.patch |
|||
# Copyright (C) 2008 The OpenSDE Project |
|||
# |
|||
# More information can be found in the files COPYING and README. |
|||
# |
|||
# This patch file is dual-licensed. It is available under the license the |
|||
# patched project is licensed under, as long as it is an OpenSource license |
|||
# as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms |
|||
# of the GNU General Public License as published by the Free Software |
|||
# Foundation; either version 2 of the License, or (at your option) any later |
|||
# version. |
|||
# --- SDE-COPYRIGHT-NOTE-END --- |
|||
|
|||
--- heimdal-1.1/lib/hdb/Makefile.in.orig 2008-03-10 19:15:31.000000000 +0200
|
|||
+++ heimdal-1.1/lib/hdb/Makefile.in 2008-03-10 19:21:34.000000000 +0200
|
|||
@@ -368,7 +368,7 @@
|
|||
AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) -I../asn1 \ |
|||
-I$(srcdir)/../asn1 $(INCLUDE_hcrypto) $(INCLUDE_openldap) |
|||
@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME |
|||
-AM_CFLAGS = $(WFLAGS)
|
|||
+AM_CFLAGS = $(WFLAGS) $(INCLUDE_openldap)
|
|||
CP = cp |
|||
buildinclude = $(top_builddir)/include |
|||
LIB_getattr = @LIB_getattr@ |
|||
@ -1,285 +0,0 @@ |
|||
# --- SDE-COPYRIGHT-NOTE-BEGIN --- |
|||
# This copyright note is auto-generated by ./scripts/Create-CopyPatch. |
|||
# |
|||
# Filename: package/.../heimdal/hdb-ldap-get_values.patch |
|||
# Copyright (C) 2008 The OpenSDE Project |
|||
# |
|||
# More information can be found in the files COPYING and README. |
|||
# |
|||
# This patch file is dual-licensed. It is available under the license the |
|||
# patched project is licensed under, as long as it is an OpenSource license |
|||
# as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms |
|||
# of the GNU General Public License as published by the Free Software |
|||
# Foundation; either version 2 of the License, or (at your option) any later |
|||
# version. |
|||
# --- SDE-COPYRIGHT-NOTE-END --- |
|||
|
|||
Index: heimdal/lib/hdb/hdb-ldap.c
|
|||
===================================================================
|
|||
--- heimdal/lib/hdb/hdb-ldap.c (revision 22586)
|
|||
+++ heimdal/lib/hdb/hdb-ldap.c (revision 22587)
|
|||
@@ -1,7 +1,7 @@
|
|||
/* |
|||
* Copyright (c) 1999-2001, 2003, PADL Software Pty Ltd. |
|||
* Copyright (c) 2004, Andrew Bartlett. |
|||
- * Copyright (c) 2003 - 2007, Kungliga Tekniska Högskolan.
|
|||
+ * Copyright (c) 2003 - 2008, Kungliga Tekniska Högskolan.
|
|||
* All rights reserved. |
|||
* |
|||
* Redistribution and use in source and binary forms, with or without |
|||
@@ -307,38 +307,40 @@
|
|||
LDAP_get_string_value(HDB * db, LDAPMessage * entry, |
|||
const char *attribute, char **ptr) |
|||
{ |
|||
- char **vals;
|
|||
- int ret;
|
|||
+ struct berval **vals;
|
|||
|
|||
- vals = ldap_get_values(HDB2LDAP(db), entry, (char *) attribute);
|
|||
- if (vals == NULL) {
|
|||
+ vals = ldap_get_values_len(HDB2LDAP(db), entry, attribute);
|
|||
+ if (vals == NULL || vals[0] == NULL) {
|
|||
*ptr = NULL; |
|||
return HDB_ERR_NOENTRY; |
|||
} |
|||
|
|||
- *ptr = strdup(vals[0]);
|
|||
- if (*ptr == NULL)
|
|||
- ret = ENOMEM;
|
|||
- else
|
|||
- ret = 0;
|
|||
+ *ptr = malloc(vals[0]->bv_len + 1);
|
|||
+ if (*ptr == NULL) {
|
|||
+ ldap_value_free_len(vals);
|
|||
+ return ENOMEM;
|
|||
+ }
|
|||
|
|||
- ldap_value_free(vals);
|
|||
+ memcpy(*ptr, vals[0]->bv_val, vals[0]->bv_len);
|
|||
+ (*ptr)[vals[0]->bv_len] = 0;
|
|||
|
|||
- return ret;
|
|||
+ ldap_value_free_len(vals);
|
|||
+
|
|||
+ return 0;
|
|||
} |
|||
|
|||
static krb5_error_code |
|||
LDAP_get_integer_value(HDB * db, LDAPMessage * entry, |
|||
const char *attribute, int *ptr) |
|||
{ |
|||
- char **vals;
|
|||
+ krb5_error_code ret;
|
|||
+ char *val;
|
|||
|
|||
- vals = ldap_get_values(HDB2LDAP(db), entry, (char *) attribute);
|
|||
- if (vals == NULL)
|
|||
- return HDB_ERR_NOENTRY;
|
|||
-
|
|||
- *ptr = atoi(vals[0]);
|
|||
- ldap_value_free(vals);
|
|||
+ ret = LDAP_get_string_value(db, entry, attribute, &val);
|
|||
+ if (ret)
|
|||
+ return ret;
|
|||
+ *ptr = atoi(val);
|
|||
+ free(val);
|
|||
return 0; |
|||
} |
|||
|
|||
@@ -369,6 +371,14 @@
|
|||
return 0; |
|||
} |
|||
|
|||
+static int
|
|||
+bervalstrcmp(struct berval *v, const char *str)
|
|||
+{
|
|||
+ size_t len = strlen(str);
|
|||
+ return (v->bv_len == len) && strncasecmp(str, (char *)v->bv_val, len) == 0;
|
|||
+}
|
|||
+
|
|||
+
|
|||
static krb5_error_code |
|||
LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry_ex * ent, |
|||
LDAPMessage * msg, LDAPMod *** pmods) |
|||
@@ -386,7 +396,7 @@
|
|||
krb5_boolean is_heimdal_entry = FALSE; |
|||
krb5_boolean is_heimdal_principal = FALSE; |
|||
|
|||
- char **values;
|
|||
+ struct berval **vals;
|
|||
|
|||
*pmods = NULL; |
|||
|
|||
@@ -398,21 +408,20 @@
|
|||
|
|||
is_new_entry = FALSE; |
|||
|
|||
- values = ldap_get_values(HDB2LDAP(db), msg, "objectClass");
|
|||
- if (values) {
|
|||
- int num_objectclasses = ldap_count_values(values);
|
|||
+ vals = ldap_get_values_len(HDB2LDAP(db), msg, "objectClass");
|
|||
+ if (vals) {
|
|||
+ int num_objectclasses = ldap_count_values_len(vals);
|
|||
for (i=0; i < num_objectclasses; i++) { |
|||
- if (strcasecmp(values[i], "sambaSamAccount") == 0) {
|
|||
+ if (bervalstrcmp(vals[i], "sambaSamAccount"))
|
|||
is_samba_account = TRUE; |
|||
- } else if (strcasecmp(values[i], structural_object) == 0) {
|
|||
+ else if (bervalstrcmp(vals[i], structural_object))
|
|||
is_account = TRUE; |
|||
- } else if (strcasecmp(values[i], "krb5Principal") == 0) {
|
|||
+ else if (bervalstrcmp(vals[i], "krb5Principal"))
|
|||
is_heimdal_principal = TRUE; |
|||
- } else if (strcasecmp(values[i], "krb5KDCEntry") == 0) {
|
|||
+ else if (bervalstrcmp(vals[i], "krb5KDCEntry"))
|
|||
is_heimdal_entry = TRUE; |
|||
- }
|
|||
} |
|||
- ldap_value_free(values);
|
|||
+ ldap_value_free_len(vals);
|
|||
} |
|||
|
|||
/* |
|||
@@ -602,9 +611,9 @@
|
|||
|
|||
/* Remove keys if they exists, and then replace keys. */ |
|||
if (!is_new_entry && orig.entry.keys.len > 0) { |
|||
- values = ldap_get_values(HDB2LDAP(db), msg, "krb5Key");
|
|||
- if (values) {
|
|||
- ldap_value_free(values);
|
|||
+ vals = ldap_get_values_len(HDB2LDAP(db), msg, "krb5Key");
|
|||
+ if (vals) {
|
|||
+ ldap_value_free_len(vals);
|
|||
|
|||
ret = LDAP_addmod(&mods, LDAP_MOD_DELETE, "krb5Key", NULL); |
|||
if (ret) |
|||
@@ -641,9 +650,9 @@
|
|||
goto out; |
|||
|
|||
/* have to kill the LM passwod if it exists */ |
|||
- values = ldap_get_values(HDB2LDAP(db), msg, "sambaLMPassword");
|
|||
- if (values) {
|
|||
- ldap_value_free(values);
|
|||
+ vals = ldap_get_values_len(HDB2LDAP(db), msg, "sambaLMPassword");
|
|||
+ if (vals) {
|
|||
+ ldap_value_free_len(vals);
|
|||
ret = LDAP_addmod(&mods, LDAP_MOD_DELETE, |
|||
"sambaLMPassword", NULL); |
|||
if (ret) |
|||
@@ -676,9 +685,9 @@
|
|||
*/ |
|||
|
|||
if (!is_new_entry) { |
|||
- values = ldap_get_values(HDB2LDAP(db), msg, "krb5EncryptionType");
|
|||
- if (values) {
|
|||
- ldap_value_free(values);
|
|||
+ vals = ldap_get_values_len(HDB2LDAP(db), msg, "krb5EncryptionType");
|
|||
+ if (vals) {
|
|||
+ ldap_value_free_len(vals);
|
|||
ret = LDAP_addmod(&mods, LDAP_MOD_DELETE, "krb5EncryptionType", |
|||
NULL); |
|||
if (ret) |
|||
@@ -730,8 +739,8 @@
|
|||
krb5_error_code ret; |
|||
int rc; |
|||
const char *filter = "(objectClass=krb5Principal)"; |
|||
- char **values;
|
|||
LDAPMessage *res = NULL, *e; |
|||
+ char *p;
|
|||
|
|||
ret = LDAP_no_size_limit(context, HDB2LDAP(db)); |
|||
if (ret) |
|||
@@ -753,14 +762,14 @@
|
|||
goto out; |
|||
} |
|||
|
|||
- values = ldap_get_values(HDB2LDAP(db), e, "krb5PrincipalName");
|
|||
- if (values == NULL) {
|
|||
+ ret = LDAP_get_string_value(db, e, "krb5PrincipalName", &p);
|
|||
+ if (ret) {
|
|||
ret = HDB_ERR_NOENTRY; |
|||
goto out; |
|||
} |
|||
|
|||
- ret = krb5_parse_name(context, values[0], principal);
|
|||
- ldap_value_free(values);
|
|||
+ ret = krb5_parse_name(context, p, principal);
|
|||
+ free(p);
|
|||
|
|||
out: |
|||
if (res) |
|||
@@ -893,10 +902,9 @@
|
|||
{ |
|||
char *unparsed_name = NULL, *dn = NULL, *ntPasswordIN = NULL; |
|||
char *samba_acct_flags = NULL; |
|||
- unsigned long tmp;
|
|||
struct berval **keys; |
|||
- char **values;
|
|||
- int tmp_time, i, ret, have_arcfour = 0;
|
|||
+ struct berval **vals;
|
|||
+ int tmp, tmp_time, i, ret, have_arcfour = 0;
|
|||
|
|||
memset(ent, 0, sizeof(*ent)); |
|||
ent->entry.flags = int2HDBFlags(0); |
|||
@@ -962,8 +970,8 @@
|
|||
#endif |
|||
} |
|||
|
|||
- values = ldap_get_values(HDB2LDAP(db), msg, "krb5EncryptionType");
|
|||
- if (values != NULL) {
|
|||
+ vals = ldap_get_values_len(HDB2LDAP(db), msg, "krb5EncryptionType");
|
|||
+ if (vals != NULL) {
|
|||
int i; |
|||
|
|||
ent->entry.etypes = malloc(sizeof(*(ent->entry.etypes))); |
|||
@@ -972,17 +980,26 @@
|
|||
ret = ENOMEM; |
|||
goto out; |
|||
} |
|||
- ent->entry.etypes->len = ldap_count_values(values);
|
|||
+ ent->entry.etypes->len = ldap_count_values_len(vals);
|
|||
ent->entry.etypes->val = calloc(ent->entry.etypes->len, sizeof(int)); |
|||
if (ent->entry.etypes->val == NULL) { |
|||
krb5_set_error_string(context, "malloc: out of memory"); |
|||
+ ent->entry.etypes->len = 0;
|
|||
ret = ENOMEM; |
|||
goto out; |
|||
} |
|||
for (i = 0; i < ent->entry.etypes->len; i++) { |
|||
- ent->entry.etypes->val[i] = atoi(values[i]);
|
|||
+ char buf[100];
|
|||
+ if (vals[i]->bv_len > sizeof(buf) - 1) {
|
|||
+ krb5_set_error_string(context, "malloc: out of memory");
|
|||
+ ret = ENOMEM;
|
|||
+ goto out;
|
|||
+ }
|
|||
+ memcpy(buf, vals[i]->bv_val, vals[i]->bv_len);
|
|||
+ buf[vals[i]->bv_len] = '\0';
|
|||
+ ent->entry.etypes->val[i] = atoi(buf);
|
|||
} |
|||
- ldap_value_free(values);
|
|||
+ ldap_value_free_len(vals);
|
|||
} |
|||
|
|||
for (i = 0; i < ent->entry.keys.len; i++) { |
|||
@@ -1193,18 +1210,9 @@
|
|||
*ent->entry.max_renew = max_renew; |
|||
} |
|||
|
|||
- values = ldap_get_values(HDB2LDAP(db), msg, "krb5KDCFlags");
|
|||
- if (values != NULL) {
|
|||
- errno = 0;
|
|||
- tmp = strtoul(values[0], (char **) NULL, 10);
|
|||
- if (tmp == ULONG_MAX && errno == ERANGE) {
|
|||
- krb5_set_error_string(context, "strtoul: could not convert flag");
|
|||
- ret = ERANGE;
|
|||
- goto out;
|
|||
- }
|
|||
- } else {
|
|||
+ ret = LDAP_get_integer_value(db, msg, "krb5KDCFlags", &tmp);
|
|||
+ if (ret)
|
|||
tmp = 0; |
|||
- }
|
|||
|
|||
ent->entry.flags = int2HDBFlags(tmp); |
|||
|
|||
@ -1,41 +0,0 @@ |
|||
# --- SDE-COPYRIGHT-NOTE-BEGIN --- |
|||
# This copyright note is auto-generated by ./scripts/Create-CopyPatch. |
|||
# |
|||
# Filename: package/.../heimdal/hdb-ldap-malloc.patch |
|||
# Copyright (C) 2008 The OpenSDE Project |
|||
# |
|||
# More information can be found in the files COPYING and README. |
|||
# |
|||
# This patch file is dual-licensed. It is available under the license the |
|||
# patched project is licensed under, as long as it is an OpenSource license |
|||
# as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms |
|||
# of the GNU General Public License as published by the Free Software |
|||
# Foundation; either version 2 of the License, or (at your option) any later |
|||
# version. |
|||
# --- SDE-COPYRIGHT-NOTE-END --- |
|||
|
|||
Index: heimdal/lib/hdb/hdb-ldap.c
|
|||
===================================================================
|
|||
--- heimdal/lib/hdb/hdb-ldap.c (revision 22587)
|
|||
+++ heimdal/lib/hdb/hdb-ldap.c (revision 22588)
|
|||
@@ -989,8 +989,10 @@
|
|||
goto out; |
|||
} |
|||
for (i = 0; i < ent->entry.etypes->len; i++) { |
|||
- char buf[100];
|
|||
- if (vals[i]->bv_len > sizeof(buf) - 1) {
|
|||
+ char *buf;
|
|||
+
|
|||
+ buf = malloc(vals[i]->bv_len + 1);
|
|||
+ if (buf == NULL) {
|
|||
krb5_set_error_string(context, "malloc: out of memory"); |
|||
ret = ENOMEM; |
|||
goto out; |
|||
@@ -998,6 +1000,7 @@
|
|||
memcpy(buf, vals[i]->bv_val, vals[i]->bv_len); |
|||
buf[vals[i]->bv_len] = '\0'; |
|||
ent->entry.etypes->val[i] = atoi(buf); |
|||
+ free(buf);
|
|||
} |
|||
ldap_value_free_len(vals); |
|||
} |
|||