Merge branch 'master' into wip/win32-port2

2009-11-25 05:41:14 -08:00
parent 2204b852a7 b6fe5a95d3
commit 86f4c66efd
23 changed files with 108 additions and 165 deletions
--- a/lib/hdb/hdb.c
+++ b/lib/hdb/hdb.c
@@ -66,6 +66,8 @@ const int hdb_interface_version = HDB_INTERFACE_VERSION;
 static struct hdb_method methods[] = {
 #if HAVE_DB1 || HAVE_DB3
    { HDB_INTERFACE_VERSION, "db:",	hdb_db_create},
+#endif
+#if HAVE_DB1
    { HDB_INTERFACE_VERSION, "mit-db:",	hdb_mdb_create},
 #endif
 #if HAVE_NDBM
--- a/lib/hx509/cert.c
+++ b/lib/hx509/cert.c
@@ -1023,9 +1023,12 @@ certificate_is_self_signed(hx509_context context,
    ret = _hx509_name_cmp(&cert->tbsCertificate.subject,
 			  &cert->tbsCertificate.issuer, &diff);
    *self_signed = (diff == 0);
-    if (ret)
+    if (ret) {
 	hx509_set_error_string(context, 0, ret,
 			       "Failed to check if self signed");
+    } else
+	ret = _hx509_self_signed_valid(context, &cert->signatureAlgorithm);
+
    return ret;
 }

--- a/lib/hx509/crypto.c
+++ b/lib/hx509/crypto.c
@@ -87,8 +87,9 @@ struct signature_alg {
    const heim_oid *key_oid;
    const AlgorithmIdentifier *digest_alg;
    int flags;
-#define PROVIDE_CONF 1
-#define REQUIRE_SIGNER 2
+#define PROVIDE_CONF	0x1
+#define REQUIRE_SIGNER	0x2
+#define SELF_SIGNED_OK	0x4

 #define SIG_DIGEST	0x100
 #define SIG_PUBLIC_SIG	0x200
@@ -1200,7 +1201,7 @@ static const struct signature_alg ecdsa_with_sha256_alg = {
    &_hx509_signature_ecdsa_with_sha256_data,
    &asn1_oid_id_ecPublicKey,
    &_hx509_signature_sha256_data,
-    PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG,
+    PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK,
    0,
    NULL,
    ecdsa_verify_signature,
@@ -1214,7 +1215,7 @@ static const struct signature_alg ecdsa_with_sha1_alg = {
    &_hx509_signature_ecdsa_with_sha1_data,
    &asn1_oid_id_ecPublicKey,
    &_hx509_signature_sha1_data,
-    PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG,
+    PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK,
    0,
    NULL,
    ecdsa_verify_signature,
@@ -1243,7 +1244,7 @@ static const struct signature_alg pkcs1_rsa_sha1_alg = {
    &_hx509_signature_rsa_with_sha1_data,
    &asn1_oid_id_pkcs1_rsaEncryption,
    NULL,
-    PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG,
+    PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK,
    0,
    NULL,
    rsa_verify_signature,
@@ -1256,7 +1257,7 @@ static const struct signature_alg rsa_with_sha256_alg = {
    &_hx509_signature_rsa_with_sha256_data,
    &asn1_oid_id_pkcs1_rsaEncryption,
    &_hx509_signature_sha256_data,
-    PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG,
+    PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK,
    0,
    NULL,
    rsa_verify_signature,
@@ -1269,7 +1270,7 @@ static const struct signature_alg rsa_with_sha1_alg = {
    &_hx509_signature_rsa_with_sha1_data,
    &asn1_oid_id_pkcs1_rsaEncryption,
    &_hx509_signature_sha1_data,
-    PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG,
+    PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK,
    0,
    NULL,
    rsa_verify_signature,
@@ -1481,6 +1482,27 @@ _hx509_signature_best_before(hx509_context context,
    return 0;
 }

+int
+_hx509_self_signed_valid(hx509_context context,
+			 const AlgorithmIdentifier *alg)
+{
+    const struct signature_alg *md;
+
+    md = find_sig_alg(&alg->algorithm);
+    if (md == NULL) {
+	hx509_clear_error_string(context);
+	return HX509_SIG_ALG_NO_SUPPORTED;
+    }
+    if ((md->flags & SELF_SIGNED_OK) == 0) {
+	hx509_set_error_string(context, 0, HX509_CRYPTO_ALGORITHM_BEST_BEFORE,
+			       "Algorithm %s not trusted for self signatures",
+			       md->name);
+	return HX509_CRYPTO_ALGORITHM_BEST_BEFORE;
+    }
+    return 0;
+}
+
+
 int
 _hx509_verify_signature(hx509_context context,
 			const hx509_cert cert,
--- a/lib/krb5/config_file.c
+++ b/lib/krb5/config_file.c
@@ -473,6 +473,21 @@ krb5_config_parse_file_multi (krb5_context context,
 	return ENOENT;
 #endif
    } else {
+#ifdef KRB5_USE_PATH_TOKENS
+	char * exp_fname = NULL;
+
+	ret = _krb5_expand_path_tokens(context, fname, &exp_fname);
+	if (ret) {
+	    if (newfname)
+		free(newfname);
+	    return ret;
+	}
+	
+	if (newfname)
+	    free(newfname);
+	fname = newfname = exp_fname;
+#endif
+
 	f.f = fopen(fname, "r");
 	f.s = NULL;
 	if(f.f == NULL) {
@@ -493,46 +508,7 @@ krb5_config_parse_file_multi (krb5_context context,
 		free(newfname);
 	    return ret;
 	}
-=======
-#ifdef KRB5_USE_PATH_TOKENS
-    {
-	char * exp_fname = NULL;
-
-	ret = _krb5_expand_path_tokens(context, fname, &exp_fname);
-	if (ret) {
-	    if (newfname)
-		free(newfname);
-	    return ret;
-	}
-
-	if (newfname)
-	    free(newfname);
-	fname = newfname = exp_fname;
    }
-#endif
-
-    f.f = fopen(fname, "r");
-    f.s = NULL;
-    if(f.f == NULL) {
-	ret = errno;
-	krb5_set_error_message (context, ret, "open %s: %s",
-				fname, strerror(ret));
-	if (newfname)
-	    free(newfname);
-	return ret;
-    }
-
-    ret = krb5_config_parse_debug (&f, res, &lineno, &str);
-    fclose(f.f);
-    if (ret) {
-	krb5_set_error_message (context, ret, "%s:%u: %s", fname, lineno, str);
-	if (newfname)
-	    free(newfname);
-	return ret;
->>>>>>> Initial Windows port
-    }
-    if (newfname)
-	free(newfname);
    return 0;
 }

--- a/lib/krb5/version-script.map
+++ b/lib/krb5/version-script.map
@@ -94,6 +94,7 @@ HEIMDAL_KRB5_2.0 {
 		krb5_cc_get_config;
 		krb5_cc_get_friendly_name;
 		krb5_cc_get_full_name;
+		krb5_cc_get_kdc_offset;
 		krb5_cc_get_lifetime;
 		krb5_cc_get_name;
 		krb5_cc_get_ops;
@@ -113,8 +114,10 @@ HEIMDAL_KRB5_2.0 {
 		krb5_cc_set_config;
 		krb5_cc_set_default_name;
 		krb5_cc_set_flags;
+		krb5_cc_set_kdc_offset;
 		krb5_cc_start_seq_get;
 		krb5_cc_store_cred;
+		krb5_cc_support_switch
 		krb5_cc_switch;
 		krb5_cc_set_friendly_name;
 		krb5_change_password;
--- a/lib/roken/fnmatch.hin
+++ b/lib/roken/fnmatch.hin
@@ -36,7 +36,7 @@

 #ifndef ROKEN_LIB_FUNCTION
 #ifdef _WIN32
-#define ROKEN_LIB_FUNCTION __declspec(dllimport)
+#define ROKEN_LIB_FUNCTION
 #define ROKEN_LIB_CALL __stdcall
 #else
 #define ROKEN_LIB_FUNCTION
--- a/lib/roken/getifaddrs-test.c
+++ b/lib/roken/getifaddrs-test.c
@@ -40,11 +40,7 @@

 #include <ifaddrs.h>

-<<<<<<< HEAD
-void
-=======
 static void
->>>>>>> master
 print_addr(const char *s, struct sockaddr *sa)
 {
    int i;
@@ -59,11 +55,7 @@ print_addr(const char *s, struct sockaddr *sa)
    printf("\n");
 }

-<<<<<<< HEAD
-void 
-=======
 static void
->>>>>>> master
 print_ifaddrs(struct ifaddrs *x)
 {
    struct ifaddrs *p;
@@ -87,11 +79,7 @@ main(int argc, char **argv)
    struct ifaddrs *addrs = NULL;
    int ret;

-<<<<<<< HEAD
-    if (SOCK_INIT)
-=======
    if (rk_SOCK_INIT())
->>>>>>> master
 	errx(1, "Couldn't initialize sockets. Err=%d\n", rk_SOCK_ERRNO);

    ret = getifaddrs(&addrs);
--- a/lib/roken/glob.hin
+++ b/lib/roken/glob.hin
@@ -37,9 +37,11 @@

 #ifndef ROKEN_LIB_FUNCTION
 #ifdef _WIN32
-#define ROKEN_LIB_FUNCTION _stdcall
+#define ROKEN_LIB_FUNCTION
+#define ROKEN_LIB_CALL _stdcall
 #else
 #define ROKEN_LIB_FUNCTION
+#define ROKEN_LIB_CALL
 #endif
 #endif

--- a/lib/roken/ifaddrs.hin
+++ b/lib/roken/ifaddrs.hin
@@ -38,9 +38,11 @@

 #ifndef ROKEN_LIB_FUNCTION
 #ifdef _WIN32
-#define ROKEN_LIB_FUNCTION _stdcall
+#define ROKEN_LIB_FUNCTION
+#define ROKEN_LIB_CALL _stdcall
 #else
 #define ROKEN_LIB_FUNCTION
+#define ROKEN_LIB_CALL
 #endif
 #endif

--- a/lib/roken/mini_inetd.c
+++ b/lib/roken/mini_inetd.c
@@ -114,25 +114,17 @@ mini_inetd_addrinfo (struct addrinfo *ai, rk_socket_t *ret_socket)
 	socket_set_ipv6only(fds[i], 1);
 	if (rk_IS_SOCKET_ERROR(bind (fds[i], a->ai_addr, a->ai_addrlen))) {
 	    warn ("bind af = %d", a->ai_family);
-<<<<<<< HEAD
-	    closesocket(fds[i]);
-=======
 	    rk_closesocket(fds[i]);
->>>>>>> master
 	    fds[i] = rk_INVALID_SOCKET;
 	    continue;
 	}
 	if (rk_IS_SOCKET_ERROR(listen (fds[i], SOMAXCONN))) {
 	    warn ("listen af = %d", a->ai_family);
-<<<<<<< HEAD
-	    closesocket(fds[i]);
-=======
 	    rk_closesocket(fds[i]);
->>>>>>> master
 	    fds[i] = rk_INVALID_SOCKET;
 	    continue;
 	}
-#ifndef NO_LIMIT_FD_SETSIZE
+#ifdef FD_SETSIZE
 	if (fds[i] >= FD_SETSIZE)
 	    errx (1, "fd too large");
 #endif
@@ -156,11 +148,7 @@ mini_inetd_addrinfo (struct addrinfo *ai, rk_socket_t *ret_socket)
 	if (FD_ISSET (fds[i], &read_set)) {
 	    accept_it (fds[i], ret_socket);
 	    for (i = 0; i < n; ++i)
-<<<<<<< HEAD
-	      closesocket(fds[i]);
-=======
 	      rk_closesocket(fds[i]);
->>>>>>> master
 	    free(fds);
 	    return;
 	}
@@ -185,11 +173,7 @@ mini_inetd_addrinfo (struct addrinfo *ai, rk_socket_t *ret_socket)
 * @see mini_inetd_addrinfo()
 */
 ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
-<<<<<<< HEAD
-mini_inetd (int port, rk_socket_t * ret_socket)
-=======
 mini_inetd(int port, rk_socket_t * ret_socket)
->>>>>>> master
 {
    int error;
    struct addrinfo *ai, hints;
--- a/lib/roken/roken.h.in
+++ b/lib/roken/roken.h.in
@@ -72,8 +72,8 @@ typedef SOCKET rk_socket_t;
 #define EWOULDBLOCK             WSAEWOULDBLOCK
 #define ENOTSOCK		WSAENOTSOCK

-#define rk_SOCK_INIT rk_WSAStartup()
-#define rk_SOCK_EXIT rk_WSACleanup()
+#define rk_SOCK_INIT() rk_WSAStartup()
+#define rk_SOCK_EXIT() rk_WSACleanup()

 ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rk_WSAStartup(void);
 ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rk_WSACleanup(void);
@@ -89,13 +89,8 @@ typedef int rk_socket_t;
 #define rk_SOCK_ERRNO errno
 #define rk_INVALID_SOCKET (-1)

-<<<<<<< HEAD
-#define rk_SOCK_INIT 0
-#define rk_SOCK_EXIT 0
-=======
 #define rk_SOCK_INIT() 0
 #define rk_SOCK_EXIT() 0
->>>>>>> master

 #endif

@@ -933,11 +928,7 @@ extern const char *__progname;
 #endif

 ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
-<<<<<<< HEAD
-mini_inetd_addrinfo (struct addrinfo*, rk_socket *);
-=======
 mini_inetd_addrinfo (struct addrinfo*, rk_socket_t *);
->>>>>>> master

 ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
 mini_inetd (int, rk_socket_t *);
--- a/lib/roken/test-mini_inetd.c
+++ b/lib/roken/test-mini_inetd.c
@@ -87,11 +87,7 @@ get_connected_socket(rk_socket_t * s_ret)

 done:
    if (!rk_IS_BAD_SOCKET(s))
-<<<<<<< HEAD
-	closesocket(s);
-=======
 	rk_closesocket(s);
->>>>>>> master

    if (ai)
 	freeaddrinfo(ai);
@@ -129,11 +125,7 @@ test_simple_echo_client(void)
 	if (rk_IS_SOCKET_ERROR(rv)) {
 	    fprintf(stderr, "[%s] send() failure (%s)\n", 
 		    getprogname(), strerror(rk_SOCK_ERRNO));
-<<<<<<< HEAD
-	    closesocket(s);
-=======
 	    rk_closesocket(s);
->>>>>>> master
 	    return 1;
 	}

@@ -141,41 +133,25 @@ test_simple_echo_client(void)
 	if (rk_IS_SOCKET_ERROR(rv)) {
 	    fprintf (stderr, "[%s] recv() failure (%s)\n",
 		     getprogname(), strerror(rk_SOCK_ERRNO));
-<<<<<<< HEAD
-	    closesocket(s);
-=======
 	    rk_closesocket(s);
->>>>>>> master
 	    return 1;
 	}

 	if (rv == 0) {
 	    fprintf (stderr, "[%s] No data received\n", prog);
-<<<<<<< HEAD
-	    closesocket(s);
-=======
 	    rk_closesocket(s);
->>>>>>> master
 	    return 1;
 	}

 	if (rv != strlen(test_strings[i])) {
 	    fprintf (stderr, "[%s] Data length mismatch %d != %d\n", prog, rv, strlen(test_strings[i]));
-<<<<<<< HEAD
-	    closesocket(s);
-=======
 	    rk_closesocket(s);
->>>>>>> master
 	    return 1;
 	}
    }

    fprintf (stderr, "[%s] Done\n", prog);
-<<<<<<< HEAD
-    closesocket(s);
-=======
    rk_closesocket(s);
->>>>>>> master
    return 0;
 }

@@ -222,11 +198,7 @@ test_simple_echo_socket(void)
 		if (!strcmp(buf, "exit")) {
 		    fprintf(stderr, "[%s] Exiting...\n", prog);
 		    shutdown(s, SD_SEND);
-<<<<<<< HEAD
-		    closesocket(s);
-=======
 		    rk_closesocket(s);
->>>>>>> master
 		    return 0;
 		}
 	    }
@@ -236,11 +208,7 @@ test_simple_echo_socket(void)
 		    strerror(rk_SOCK_ERRNO));
 	}

-<<<<<<< HEAD
-	closesocket(s);
-=======
 	rk_closesocket(s);
->>>>>>> master
    }

    return 1;