diff options
| author | Zhanna Tsitkov <tsitkova@mit.edu> | 2008-08-20 21:09:14 +0000 |
|---|---|---|
| committer | Zhanna Tsitkov <tsitkova@mit.edu> | 2008-08-20 21:09:14 +0000 |
| commit | dac88c2b08c7c4cab30b842008dc6fd0f2b4f1ff (patch) | |
| tree | 4065cf84935a72c2a79016c3083b04a3693a1102 /src/lib/gssapi/krb5 | |
| parent | 4c8485b11bb27a3763a8f0058547ee7ac84556fe (diff) | |
| download | krb5-dac88c2b08c7c4cab30b842008dc6fd0f2b4f1ff.tar.gz krb5-dac88c2b08c7c4cab30b842008dc6fd0f2b4f1ff.tar.xz krb5-dac88c2b08c7c4cab30b842008dc6fd0f2b4f1ff.zip | |
lean client changes
All changes are under LEAN_CLIENT macro. Application server functionality is disabled.
Ticket:new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20680 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/gssapi/krb5')
| -rw-r--r-- | src/lib/gssapi/krb5/accept_sec_context.c | 8 | ||||
| -rw-r--r-- | src/lib/gssapi/krb5/acquire_cred.c | 19 | ||||
| -rw-r--r-- | src/lib/gssapi/krb5/add_cred.c | 15 | ||||
| -rw-r--r-- | src/lib/gssapi/krb5/export_sec_context.c | 5 | ||||
| -rw-r--r-- | src/lib/gssapi/krb5/gssapiP_krb5.h | 10 | ||||
| -rw-r--r-- | src/lib/gssapi/krb5/krb5_gss_glue.c | 58 | ||||
| -rw-r--r-- | src/lib/gssapi/krb5/rel_cred.c | 2 |
7 files changed, 102 insertions, 15 deletions
diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c index d7f1225137..6b3e0bf0ea 100644 --- a/src/lib/gssapi/krb5/accept_sec_context.c +++ b/src/lib/gssapi/krb5/accept_sec_context.c @@ -1,5 +1,5 @@ /* - * Copyright 2000, 2004, 2007 by the Massachusetts Institute of Technology. + * Copyright 2000, 2004, 2007, 2008 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -77,12 +77,15 @@ #endif #include <assert.h> + #ifdef CFX_EXERCISE #define CFX_ACCEPTOR_SUBKEY (time(0) & 1) #else #define CFX_ACCEPTOR_SUBKEY 1 #endif +#ifndef LEAN_CLIENT + /* Decode, decrypt and store the forwarded creds in the local ccache. */ static krb5_error_code rd_and_store_for_creds(context, auth_context, inbuf, out_cred) @@ -206,6 +209,7 @@ cleanup: return retval; } + OM_uint32 krb5_gss_accept_sec_context(minor_status, context_handle, verifier_cred_handle, input_token, @@ -1001,3 +1005,5 @@ krb5_gss_accept_sec_context(minor_status, context_handle, } return (major_status); } +#endif /* LEAN_CLIENT */ + diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c index 7754e2452e..55d19fd5af 100644 --- a/src/lib/gssapi/krb5/acquire_cred.c +++ b/src/lib/gssapi/krb5/acquire_cred.c @@ -1,5 +1,5 @@ /* - * Copyright 2000, 2007 by the Massachusetts Institute of Technology. + * Copyright 2000, 2007, 2008 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -91,6 +91,7 @@ static void (*pLeash_AcquireInitialTicketsIfNeeded)(krb5_context,krb5_principal, static HANDLE hLeashDLL = INVALID_HANDLE_VALUE; #endif +#ifndef LEAN_CLIENT k5_mutex_t gssint_krb5_keytab_lock = K5_MUTEX_PARTIAL_INITIALIZER; static char *krb5_gss_keytab = NULL; @@ -204,6 +205,7 @@ acquire_accept_cred(context, minor_status, desired_name, output_princ, cred) return(GSS_S_COMPLETE); } +#endif /* LEAN_CLIENT */ /* get credentials corresponding to the default credential cache. If the default name is requested, return the name in output_princ. @@ -507,7 +509,9 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req, cred->prerfc_mech = req_old; cred->rfc_mech = req_new; +#ifndef LEAN_CLIENT cred->keytab = NULL; +#endif /* LEAN_CLIENT */ cred->ccache = NULL; code = k5_mutex_init(&cred->lock); @@ -532,7 +536,7 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req, /* if requested, acquire credentials for accepting */ /* this will fill in cred->princ if the desired_name is not specified */ - +#ifndef LEAN_CLIENT if ((cred_usage == GSS_C_ACCEPT) || (cred_usage == GSS_C_BOTH)) if ((ret = acquire_accept_cred(context, minor_status, desired_name, @@ -547,6 +551,7 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req, krb5_free_context(context); return(ret); } +#endif /* LEAN_CLIENT */ /* if requested, acquire credentials for initiation */ /* this will fill in cred->princ if it wasn't set above, and @@ -559,8 +564,10 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req, cred->princ?(gss_name_t)cred->princ:desired_name, &(cred->princ), cred)) != GSS_S_COMPLETE) { +#ifndef LEAN_CLIENT if (cred->keytab) krb5_kt_close(context, cred->keytab); +#endif /* LEAN_CLIENT */ if (cred->princ) krb5_free_principal(context, cred->princ); k5_mutex_destroy(&cred->lock); @@ -578,8 +585,10 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req, &(cred->princ)))) { if (cred->ccache) (void)krb5_cc_close(context, cred->ccache); +#ifndef LEAN_CLIENT if (cred->keytab) (void)krb5_kt_close(context, cred->keytab); +#endif /* LEAN_CLIENT */ k5_mutex_destroy(&cred->lock); xfree(cred); *minor_status = code; @@ -601,8 +610,10 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req, if ((code = krb5_timeofday(context, &now))) { if (cred->ccache) (void)krb5_cc_close(context, cred->ccache); +#ifndef LEAN_CLIENT if (cred->keytab) (void)krb5_kt_close(context, cred->keytab); +#endif /* LEAN_CLIENT */ if (cred->princ) krb5_free_principal(context, cred->princ); k5_mutex_destroy(&cred->lock); @@ -632,8 +643,10 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req, &ret_mechs)))) { if (cred->ccache) (void)krb5_cc_close(context, cred->ccache); +#ifndef LEAN_CLIENT if (cred->keytab) (void)krb5_kt_close(context, cred->keytab); +#endif /* LEAN_CLIENT */ if (cred->princ) krb5_free_principal(context, cred->princ); k5_mutex_destroy(&cred->lock); @@ -651,8 +664,10 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req, free(ret_mechs); if (cred->ccache) (void)krb5_cc_close(context, cred->ccache); +#ifndef LEAN_CLIENT if (cred->keytab) (void)krb5_kt_close(context, cred->keytab); +#endif /* LEAN_CLIENT */ if (cred->princ) krb5_free_principal(context, cred->princ); k5_mutex_destroy(&cred->lock); diff --git a/src/lib/gssapi/krb5/add_cred.c b/src/lib/gssapi/krb5/add_cred.c index 3ac32fc2e7..fdcd9c0d33 100644 --- a/src/lib/gssapi/krb5/add_cred.c +++ b/src/lib/gssapi/krb5/add_cred.c @@ -1,5 +1,5 @@ /* - * Copyright 2000, 2007 by the Massachusetts Institute of Technology. + * Copyright 2000, 2008 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -209,7 +209,7 @@ krb5_gss_add_cred(minor_status, input_cred_handle, krb5_free_context(context); return(GSS_S_FAILURE); } - +#ifndef LEAN_CLIENT if (cred->keytab) { kttype = krb5_kt_get_type(context, cred->keytab); if ((strlen(kttype)+2) > sizeof(ktboth)) { @@ -252,16 +252,21 @@ krb5_gss_add_cred(minor_status, input_cred_handle, return(GSS_S_FAILURE); } } else { +#endif /* LEAN_CLIENT */ new_cred->keytab = NULL; +#ifndef LEAN_CLIENT } +#endif /* LEAN_CLIENT */ if (cred->rcache) { /* Open the replay cache for this principal. */ if ((code = krb5_get_server_rcache(context, krb5_princ_component(context, cred->princ, 0), &new_cred->rcache))) { +#ifndef LEAN_CLIENT if (new_cred->keytab) krb5_kt_close(context, new_cred->keytab); +#endif /* LEAN_CLIENT */ if (new_cred->princ) krb5_free_principal(context, new_cred->princ); xfree(new_cred); @@ -282,8 +287,10 @@ krb5_gss_add_cred(minor_status, input_cred_handle, if ((strlen(cctype)+strlen(ccname)+2) > sizeof(ccboth)) { if (new_cred->rcache) krb5_rc_close(context, new_cred->rcache); +#ifndef LEAN_CLIENT if (new_cred->keytab) krb5_kt_close(context, new_cred->keytab); +#endif /* LEAN_CLIENT */ if (new_cred->princ) krb5_free_principal(context, new_cred->princ); xfree(new_cred); @@ -302,8 +309,10 @@ krb5_gss_add_cred(minor_status, input_cred_handle, if (code) { if (new_cred->rcache) krb5_rc_close(context, new_cred->rcache); +#ifndef LEAN_CLIENT if (new_cred->keytab) krb5_kt_close(context, new_cred->keytab); +#endif /* LEAN_CLIENT */ if (new_cred->princ) krb5_free_principal(context, new_cred->princ); xfree(new_cred); @@ -324,8 +333,10 @@ krb5_gss_add_cred(minor_status, input_cred_handle, krb5_cc_close(context, new_cred->ccache); if (new_cred->rcache) krb5_rc_close(context, new_cred->rcache); +#ifndef LEAN_CLIENT if (new_cred->keytab) krb5_kt_close(context, new_cred->keytab); +#endif /* LEAN_CLIENT */ if (new_cred->princ) krb5_free_principal(context, new_cred->princ); xfree(new_cred); diff --git a/src/lib/gssapi/krb5/export_sec_context.c b/src/lib/gssapi/krb5/export_sec_context.c index 867d4d6f50..f20d853d05 100644 --- a/src/lib/gssapi/krb5/export_sec_context.c +++ b/src/lib/gssapi/krb5/export_sec_context.c @@ -1,7 +1,7 @@ /* * lib/gssapi/krb5/export_sec_context.c * - * Copyright 1995, 2007 by the Massachusetts Institute of Technology. + * Copyright 1995, 2008 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -29,7 +29,7 @@ * export_sec_context.c - Externalize the security context. */ #include "gssapiP_krb5.h" - +#ifndef LEAN_CLIENT OM_uint32 krb5_gss_export_sec_context(minor_status, context_handle, interprocess_token) OM_uint32 *minor_status; @@ -103,3 +103,4 @@ error_out: *minor_status = (OM_uint32) kret; return(retval); } +#endif /* LEAN_CLIENT */ diff --git a/src/lib/gssapi/krb5/gssapiP_krb5.h b/src/lib/gssapi/krb5/gssapiP_krb5.h index 57c2ed9ea6..33036fc534 100644 --- a/src/lib/gssapi/krb5/gssapiP_krb5.h +++ b/src/lib/gssapi/krb5/gssapiP_krb5.h @@ -1,5 +1,5 @@ /* - * Copyright 2000, 2007 by the Massachusetts Institute of Technology. + * Copyright 2000, 2008 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -211,7 +211,9 @@ typedef struct _krb5_gss_ctx_id_rec { extern g_set kg_vdb; +#ifndef LEAN_CLIENT extern k5_mutex_t gssint_krb5_keytab_lock; +#endif /* LEAN_CLIENT */ /* helper macros */ @@ -363,6 +365,7 @@ OM_uint32 krb5_gss_init_sec_context OM_uint32* /* time_rec */ ); +#ifndef LEAN_CLIENT OM_uint32 krb5_gss_accept_sec_context (OM_uint32*, /* minor_status */ gss_ctx_id_t*, /* context_handle */ @@ -377,6 +380,7 @@ OM_uint32 krb5_gss_accept_sec_context OM_uint32*, /* time_rec */ gss_cred_id_t* /* delegated_cred_handle */ ); +#endif /* LEAN_CLIENT */ OM_uint32 krb5_gss_process_context_token (OM_uint32*, /* minor_status */ @@ -459,6 +463,7 @@ OM_uint32 krb5_gss_display_name gss_OID* /* output_name_type */ ); + OM_uint32 krb5_gss_import_name (OM_uint32*, /* minor_status */ gss_buffer_t, /* input_name_buffer */ @@ -574,7 +579,7 @@ OM_uint32 krb5_gss_inquire_cred_by_mech OM_uint32 *, /* acceptor_lifetime */ gss_cred_usage_t * /* cred_usage */ ); - +#ifndef LEAN_CLIENT OM_uint32 krb5_gss_export_sec_context (OM_uint32 *, /* minor_status */ gss_ctx_id_t *, /* context_handle */ @@ -586,6 +591,7 @@ OM_uint32 krb5_gss_import_sec_context gss_buffer_t, /* interprocess_token */ gss_ctx_id_t * /* context_handle */ ); +#endif /* LEAN_CLIENT */ krb5_error_code krb5_gss_ser_init(krb5_context); diff --git a/src/lib/gssapi/krb5/krb5_gss_glue.c b/src/lib/gssapi/krb5/krb5_gss_glue.c index 77cf0da5ee..3b2054bd6b 100644 --- a/src/lib/gssapi/krb5/krb5_gss_glue.c +++ b/src/lib/gssapi/krb5/krb5_gss_glue.c @@ -27,6 +27,7 @@ #include "gssapiP_krb5.h" #include "mglueP.h" + /** mechglue wrappers **/ static OM_uint32 k5glue_acquire_cred @@ -61,7 +62,8 @@ static OM_uint32 k5glue_init_sec_context OM_uint32*, /* ret_flags */ OM_uint32* /* time_rec */ ); - + +#ifndef LEAN_CLIENT static OM_uint32 k5glue_accept_sec_context (void *, OM_uint32*, /* minor_status */ gss_ctx_id_t*, /* context_handle */ @@ -76,6 +78,7 @@ static OM_uint32 k5glue_accept_sec_context OM_uint32*, /* time_rec */ gss_cred_id_t* /* delegated_cred_handle */ ); +#endif /* LEAN_CLIENT */ static OM_uint32 k5glue_process_context_token (void *, OM_uint32*, /* minor_status */ @@ -94,7 +97,7 @@ static OM_uint32 k5glue_context_time gss_ctx_id_t, /* context_handle */ OM_uint32* /* time_rec */ ); - + static OM_uint32 k5glue_sign (void *, OM_uint32*, /* minor_status */ gss_ctx_id_t, /* context_handle */ @@ -156,7 +159,7 @@ static OM_uint32 k5glue_display_name gss_name_t, /* input_name */ gss_buffer_t, /* output_name_buffer */ gss_OID* /* output_name_type */ - ); + ); static OM_uint32 k5glue_import_name (void *, OM_uint32*, /* minor_status */ @@ -278,6 +281,7 @@ static OM_uint32 k5glue_inquire_cred_by_mech gss_cred_usage_t * /* cred_usage */ ); +#ifndef LEAN_CLIENT static OM_uint32 k5glue_export_sec_context (void *, OM_uint32 *, /* minor_status */ gss_ctx_id_t *, /* context_handle */ @@ -289,6 +293,7 @@ static OM_uint32 k5glue_import_sec_context gss_buffer_t, /* interprocess_token */ gss_ctx_id_t * /* context_handle */ ); +#endif /* LEAN_CLIENT */ krb5_error_code k5glue_ser_init(krb5_context); @@ -338,13 +343,14 @@ static OM_uint32 k5glue_validate_cred * ensure that both dispatch tables contain identical function * pointers. */ +#ifndef LEAN_CLIENT #define KRB5_GSS_CONFIG_INIT \ NULL, \ k5glue_acquire_cred, \ k5glue_release_cred, \ k5glue_init_sec_context, \ k5glue_accept_sec_context, \ - k5glue_process_context_token, \ + k5glue_process_context_token, \ k5glue_delete_sec_context, \ k5glue_context_time, \ k5glue_sign, \ @@ -369,6 +375,42 @@ static OM_uint32 k5glue_validate_cred k5glue_export_name, \ NULL /* store_cred */ +#else /* LEAN_CLIENT */ + +#define KRB5_GSS_CONFIG_INIT \ + NULL, \ + k5glue_acquire_cred, \ + k5glue_release_cred, \ + k5glue_init_sec_context, \ + NULL, \ + k5glue_process_context_token, \ + k5glue_delete_sec_context, \ + k5glue_context_time, \ + k5glue_sign, \ + k5glue_verify, \ + k5glue_seal, \ + k5glue_unseal, \ + k5glue_display_status, \ + k5glue_indicate_mechs, \ + k5glue_compare_name, \ + k5glue_display_name, \ + k5glue_import_name, \ + k5glue_release_name, \ + k5glue_inquire_cred, \ + k5glue_add_cred, \ + NULL, \ + NULL, \ + k5glue_inquire_cred_by_mech, \ + k5glue_inquire_names_for_mech, \ + k5glue_inquire_context, \ + k5glue_internal_release_oid, \ + k5glue_wrap_size_limit, \ + k5glue_export_name, \ + NULL /* store_cred */ + +#endif /* LEAN_CLIENT */ + + static struct gss_config krb5_mechanism = { 100, "kerberos_v5", { GSS_MECH_KRB5_OID_LENGTH, GSS_MECH_KRB5_OID }, @@ -414,6 +456,7 @@ gssint_get_mech_configs(void) return krb5_mech_configs; } +#ifndef LEAN_CLIENT static OM_uint32 k5glue_accept_sec_context(ctx, minor_status, context_handle, verifier_cred_handle, input_token, input_chan_bindings, src_name, mech_type, @@ -443,6 +486,7 @@ k5glue_accept_sec_context(ctx, minor_status, context_handle, verifier_cred_handl time_rec, delegated_cred_handle)); } +#endif /* LEAN_CLIENT */ static OM_uint32 k5glue_acquire_cred(ctx, minor_status, desired_name, time_req, desired_mechs, @@ -579,7 +623,7 @@ k5glue_display_status(ctx, minor_status, status_value, status_type, status_type, mech_type, message_context, status_string)); } - +#ifndef LEAN_CLIENT /* V2 */ static OM_uint32 k5glue_export_sec_context(ctx, minor_status, context_handle, interprocess_token) @@ -592,7 +636,7 @@ k5glue_export_sec_context(ctx, minor_status, context_handle, interprocess_token) context_handle, interprocess_token)); } - +#endif /* LEAN_CLIENT */ #if 0 /* V2 */ static OM_uint32 @@ -630,6 +674,7 @@ k5glue_import_name(ctx, minor_status, input_name_buffer, input_name_type, output input_name_type, output_name)); } +#ifndef LEAN_CLIENT /* V2 */ static OM_uint32 k5glue_import_sec_context(ctx, minor_status, interprocess_token, context_handle) @@ -642,6 +687,7 @@ k5glue_import_sec_context(ctx, minor_status, interprocess_token, context_handle) interprocess_token, context_handle)); } +#endif /* LEAN_CLIENT */ static OM_uint32 k5glue_indicate_mechs(ctx, minor_status, mech_set) diff --git a/src/lib/gssapi/krb5/rel_cred.c b/src/lib/gssapi/krb5/rel_cred.c index efd9a4f4dc..1b4a6ce55c 100644 --- a/src/lib/gssapi/krb5/rel_cred.c +++ b/src/lib/gssapi/krb5/rel_cred.c @@ -59,9 +59,11 @@ krb5_gss_release_cred(minor_status, cred_handle) else code1 = 0; +#ifndef LEAN_CLIENT if (cred->keytab) code2 = krb5_kt_close(context, cred->keytab); else +#endif /* LEAN_CLIENT */ code2 = 0; if (cred->rcache) |