From fbcf0bb871b590017adb1ceea2811c1bc9c41bc9 Mon Sep 17 00:00:00 2001
From: Christian Wiese <morfoh@opensde.org>
Date: Tue, 11 Mar 2008 16:40:25 +0200
Subject: [PATCH] Fixed heimdal to not use the deprecated ldap_get_values
 function from openldap

---
 security/heimdal/hdb-ldap-get_values.patch | 285 +++++++++++++++++++++
 1 file changed, 285 insertions(+)
 create mode 100644 security/heimdal/hdb-ldap-get_values.patch

diff --git a/security/heimdal/hdb-ldap-get_values.patch b/security/heimdal/hdb-ldap-get_values.patch
new file mode 100644
index 000000000..bff3442a6
--- /dev/null
+++ b/security/heimdal/hdb-ldap-get_values.patch
@@ -0,0 +1,285 @@
+# --- SDE-COPYRIGHT-NOTE-BEGIN ---
+# This copyright note is auto-generated by ./scripts/Create-CopyPatch.
+#
+# Filename: package/.../heimdal/hdb-ldap-get_values.patch
+# Copyright (C) 2008 The OpenSDE Project
+#
+# More information can be found in the files COPYING and README.
+#
+# This patch file is dual-licensed. It is available under the license the
+# patched project is licensed under, as long as it is an OpenSource license
+# as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms
+# of the GNU General Public License as published by the Free Software
+# Foundation; either version 2 of the License, or (at your option) any later
+# version.
+# --- SDE-COPYRIGHT-NOTE-END ---
+
+Index: heimdal/lib/hdb/hdb-ldap.c
+===================================================================
+--- heimdal/lib/hdb/hdb-ldap.c	(revision 22586)
++++ heimdal/lib/hdb/hdb-ldap.c	(revision 22587)
+@@ -1,7 +1,7 @@
+ /*
+  * Copyright (c) 1999-2001, 2003, PADL Software Pty Ltd.
+  * Copyright (c) 2004, Andrew Bartlett.
+- * Copyright (c) 2003 - 2007, Kungliga Tekniska Högskolan.
++ * Copyright (c) 2003 - 2008, Kungliga Tekniska Högskolan.
+  * All rights reserved.
+  *
+  * Redistribution and use in source and binary forms, with or without
+@@ -307,38 +307,40 @@
+ LDAP_get_string_value(HDB * db, LDAPMessage * entry,
+ 		      const char *attribute, char **ptr)
+ {
+-    char **vals;
+-    int ret;
++    struct berval **vals;
+ 
+-    vals = ldap_get_values(HDB2LDAP(db), entry, (char *) attribute);
+-    if (vals == NULL) {
++    vals = ldap_get_values_len(HDB2LDAP(db), entry, attribute);
++    if (vals == NULL || vals[0] == NULL) {
+ 	*ptr = NULL;
+ 	return HDB_ERR_NOENTRY;
+     }
+ 
+-    *ptr = strdup(vals[0]);
+-    if (*ptr == NULL)
+-	ret = ENOMEM;
+-    else
+-	ret = 0;
++    *ptr = malloc(vals[0]->bv_len + 1);
++    if (*ptr == NULL) {
++	ldap_value_free_len(vals);
++	return ENOMEM;
++    }
+ 
+-    ldap_value_free(vals);
++    memcpy(*ptr, vals[0]->bv_val, vals[0]->bv_len);
++    (*ptr)[vals[0]->bv_len] = 0;
+ 
+-    return ret;
++    ldap_value_free_len(vals);
++
++    return 0;
+ }
+ 
+ static krb5_error_code
+ LDAP_get_integer_value(HDB * db, LDAPMessage * entry,
+ 		       const char *attribute, int *ptr)
+ {
+-    char **vals;
++    krb5_error_code ret;
++    char *val;
+ 
+-    vals = ldap_get_values(HDB2LDAP(db), entry, (char *) attribute);
+-    if (vals == NULL)
+-	return HDB_ERR_NOENTRY;
+-
+-    *ptr = atoi(vals[0]);
+-    ldap_value_free(vals);
++    ret = LDAP_get_string_value(db, entry, attribute, &val);
++    if (ret)
++	return ret;
++    *ptr = atoi(val);
++    free(val);
+     return 0;
+ }
+ 
+@@ -369,6 +371,14 @@
+     return 0;
+ }
+ 
++static int
++bervalstrcmp(struct berval *v, const char *str)
++{
++    size_t len = strlen(str);
++    return (v->bv_len == len) && strncasecmp(str, (char *)v->bv_val, len) == 0;
++}
++
++
+ static krb5_error_code
+ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry_ex * ent,
+ 		LDAPMessage * msg, LDAPMod *** pmods)
+@@ -386,7 +396,7 @@
+     krb5_boolean is_heimdal_entry = FALSE;
+     krb5_boolean is_heimdal_principal = FALSE;
+ 
+-    char **values;
++    struct berval **vals;
+ 
+     *pmods = NULL;
+ 
+@@ -398,21 +408,20 @@
+ 
+ 	is_new_entry = FALSE;
+ 	    
+-	values = ldap_get_values(HDB2LDAP(db), msg, "objectClass");
+-	if (values) {
+-	    int num_objectclasses = ldap_count_values(values);
++	vals = ldap_get_values_len(HDB2LDAP(db), msg, "objectClass");
++	if (vals) {
++	    int num_objectclasses = ldap_count_values_len(vals);
+ 	    for (i=0; i < num_objectclasses; i++) {
+-		if (strcasecmp(values[i], "sambaSamAccount") == 0) {
++		if (bervalstrcmp(vals[i], "sambaSamAccount"))
+ 		    is_samba_account = TRUE;
+-		} else if (strcasecmp(values[i], structural_object) == 0) {
++		else if (bervalstrcmp(vals[i], structural_object))
+ 		    is_account = TRUE;
+-		} else if (strcasecmp(values[i], "krb5Principal") == 0) {
++		else if (bervalstrcmp(vals[i], "krb5Principal"))
+ 		    is_heimdal_principal = TRUE;
+-		} else if (strcasecmp(values[i], "krb5KDCEntry") == 0) {
++		else if (bervalstrcmp(vals[i], "krb5KDCEntry"))
+ 		    is_heimdal_entry = TRUE;
+-		}
+ 	    }
+-	    ldap_value_free(values);
++	    ldap_value_free_len(vals);
+ 	}
+ 
+ 	/*
+@@ -602,9 +611,9 @@
+ 
+     /* Remove keys if they exists, and then replace keys. */
+     if (!is_new_entry && orig.entry.keys.len > 0) {
+-	values = ldap_get_values(HDB2LDAP(db), msg, "krb5Key");
+-	if (values) {
+-	    ldap_value_free(values);
++	vals = ldap_get_values_len(HDB2LDAP(db), msg, "krb5Key");
++	if (vals) {
++	    ldap_value_free_len(vals);
+ 
+ 	    ret = LDAP_addmod(&mods, LDAP_MOD_DELETE, "krb5Key", NULL);
+ 	    if (ret)
+@@ -641,9 +650,9 @@
+ 		goto out;
+ 		    
+ 	    /* have to kill the LM passwod if it exists */
+-	    values = ldap_get_values(HDB2LDAP(db), msg, "sambaLMPassword");
+-	    if (values) {
+-		ldap_value_free(values);
++	    vals = ldap_get_values_len(HDB2LDAP(db), msg, "sambaLMPassword");
++	    if (vals) {
++		ldap_value_free_len(vals);
+ 		ret = LDAP_addmod(&mods, LDAP_MOD_DELETE,
+ 				  "sambaLMPassword", NULL);
+ 		if (ret)
+@@ -676,9 +685,9 @@
+ 	 */
+ 
+ 	if (!is_new_entry) {
+-	    values = ldap_get_values(HDB2LDAP(db), msg, "krb5EncryptionType");
+-	    if (values) {
+-		ldap_value_free(values);
++	    vals = ldap_get_values_len(HDB2LDAP(db), msg, "krb5EncryptionType");
++	    if (vals) {
++		ldap_value_free_len(vals);
+ 		ret = LDAP_addmod(&mods, LDAP_MOD_DELETE, "krb5EncryptionType",
+ 				  NULL);
+ 		if (ret)
+@@ -730,8 +739,8 @@
+     krb5_error_code ret;
+     int rc;
+     const char *filter = "(objectClass=krb5Principal)";
+-    char **values;
+     LDAPMessage *res = NULL, *e;
++    char *p;
+ 
+     ret = LDAP_no_size_limit(context, HDB2LDAP(db));
+     if (ret)
+@@ -753,14 +762,14 @@
+ 	goto out;
+     }
+ 
+-    values = ldap_get_values(HDB2LDAP(db), e, "krb5PrincipalName");
+-    if (values == NULL) {
++    ret = LDAP_get_string_value(db, e, "krb5PrincipalName", &p);
++    if (ret) {
+ 	ret = HDB_ERR_NOENTRY;
+ 	goto out;
+     }
+ 
+-    ret = krb5_parse_name(context, values[0], principal);
+-    ldap_value_free(values);
++    ret = krb5_parse_name(context, p, principal);
++    free(p);
+ 
+   out:
+     if (res)
+@@ -893,10 +902,9 @@
+ {
+     char *unparsed_name = NULL, *dn = NULL, *ntPasswordIN = NULL;
+     char *samba_acct_flags = NULL;
+-    unsigned long tmp;
+     struct berval **keys;
+-    char **values;
+-    int tmp_time, i, ret, have_arcfour = 0;
++    struct berval **vals;
++    int tmp, tmp_time, i, ret, have_arcfour = 0;
+ 
+     memset(ent, 0, sizeof(*ent));
+     ent->entry.flags = int2HDBFlags(0);
+@@ -962,8 +970,8 @@
+ #endif
+     }
+ 
+-    values = ldap_get_values(HDB2LDAP(db), msg, "krb5EncryptionType");
+-    if (values != NULL) {
++    vals = ldap_get_values_len(HDB2LDAP(db), msg, "krb5EncryptionType");
++    if (vals != NULL) {
+ 	int i;
+ 
+ 	ent->entry.etypes = malloc(sizeof(*(ent->entry.etypes)));
+@@ -972,17 +980,26 @@
+ 	    ret = ENOMEM;
+ 	    goto out;
+ 	}
+-	ent->entry.etypes->len = ldap_count_values(values);
++	ent->entry.etypes->len = ldap_count_values_len(vals);
+ 	ent->entry.etypes->val = calloc(ent->entry.etypes->len, sizeof(int));
+ 	if (ent->entry.etypes->val == NULL) {
+ 	    krb5_set_error_string(context, "malloc: out of memory");
++	    ent->entry.etypes->len = 0;
+ 	    ret = ENOMEM;
+ 	    goto out;
+ 	}
+ 	for (i = 0; i < ent->entry.etypes->len; i++) {
+-	    ent->entry.etypes->val[i] = atoi(values[i]);
++	    char buf[100];
++	    if (vals[i]->bv_len > sizeof(buf) - 1) {
++		krb5_set_error_string(context, "malloc: out of memory");
++		ret = ENOMEM;
++		goto out;
++	    }
++	    memcpy(buf, vals[i]->bv_val, vals[i]->bv_len);
++	    buf[vals[i]->bv_len] = '\0';
++	    ent->entry.etypes->val[i] = atoi(buf);
+ 	}
+-	ldap_value_free(values);
++	ldap_value_free_len(vals);
+     }
+ 
+     for (i = 0; i < ent->entry.keys.len; i++) {
+@@ -1193,18 +1210,9 @@
+ 	    *ent->entry.max_renew = max_renew;
+     }
+ 
+-    values = ldap_get_values(HDB2LDAP(db), msg, "krb5KDCFlags");
+-    if (values != NULL) {
+-	errno = 0;
+-	tmp = strtoul(values[0], (char **) NULL, 10);
+-	if (tmp == ULONG_MAX && errno == ERANGE) {
+-	    krb5_set_error_string(context, "strtoul: could not convert flag");
+-	    ret = ERANGE;
+-	    goto out;
+-	}
+-    } else {
++    ret = LDAP_get_integer_value(db, msg, "krb5KDCFlags", &tmp);
++    if (ret)
+ 	tmp = 0;
+-    }
+ 
+     ent->entry.flags = int2HDBFlags(tmp);
+