diff options
100 files changed, 2932 insertions, 2303 deletions
diff --git a/src/admin/stash/ChangeLog b/src/admin/stash/ChangeLog index 7e09d93758..a5b7ef753f 100644 --- a/src/admin/stash/ChangeLog +++ b/src/admin/stash/ChangeLog @@ -1,3 +1,7 @@ +Fri Jan 13 15:23:47 1995 Chris Provenzano (proven@mit.edu) + + * Added krb5_context to all krb5_routines + Mon Oct 3 19:11:08 1994 Theodore Y. Ts'o (tytso@dcl) * Makefile.in: Use $(srcdir) to find manual page for make install. diff --git a/src/admin/stash/kdb5_stash.c b/src/admin/stash/kdb5_stash.c index a713e281a7..a13ec0929a 100644 --- a/src/admin/stash/kdb5_stash.c +++ b/src/admin/stash/kdb5_stash.c @@ -58,7 +58,6 @@ main(argc, argv) int argc; char *argv[]; { - extern char *optarg; int optchar; krb5_error_code retval; @@ -67,6 +66,7 @@ char *argv[]; char *mkey_name = 0; char *mkey_fullname; char *keyfile = 0; + krb5_context context; int keytypedone = 0; krb5_enctype etype = 0xffff; @@ -74,7 +74,8 @@ char *argv[]; if (strrchr(argv[0], '/')) argv[0] = strrchr(argv[0], '/')+1; - krb5_init_ets(); + krb5_init_context(&context); + krb5_init_ets(context); while ((optchar = getopt(argc, argv, "d:r:k:M:e:f:")) != EOF) { switch(optchar) { @@ -122,15 +123,15 @@ char *argv[]; exit(1); } - krb5_use_cstype(&master_encblock, etype); + krb5_use_cstype(context, &master_encblock, etype); - if (retval = krb5_db_set_name(dbname)) { + if (retval = krb5_db_set_name(context, dbname)) { com_err(argv[0], retval, "while setting active database to '%s'", dbname); exit(1); } if (!realm) { - if (retval = krb5_get_default_realm(&realm)) { + if (retval = krb5_get_default_realm(context, &realm)) { com_err(argv[0], retval, "while retrieving default realm name"); exit(1); } @@ -138,39 +139,40 @@ char *argv[]; /* assemble & parse the master key name */ - if (retval = krb5_db_setup_mkey_name(mkey_name, realm, &mkey_fullname, - &master_princ)) { + if (retval = krb5_db_setup_mkey_name(context, mkey_name, realm, + &mkey_fullname, &master_princ)) { com_err(argv[0], retval, "while setting up master key name"); exit(1); } - if (retval = krb5_db_init()) { + if (retval = krb5_db_init(context)) { com_err(argv[0], retval, "while initializing the database '%s'", dbname); exit(1); } /* TRUE here means read the keyboard, but only once */ - if (retval = krb5_db_fetch_mkey(master_princ, &master_encblock, TRUE, - FALSE, 0, &master_keyblock)) { + if (retval = krb5_db_fetch_mkey(context, master_princ, &master_encblock, + TRUE, FALSE, 0, &master_keyblock)) { com_err(argv[0], retval, "while reading master key"); - (void) krb5_db_fini(); + (void) krb5_db_fini(context); exit(1); } - if (retval = krb5_db_verify_master_key(master_princ, &master_keyblock, - &master_encblock)) { + if (retval = krb5_db_verify_master_key(context, master_princ, + &master_keyblock,&master_encblock)) { com_err(argv[0], retval, "while verifying master key"); - (void) krb5_db_fini(); + (void) krb5_db_fini(context); exit(1); } - if (retval = krb5_db_store_mkey(keyfile, master_princ, &master_keyblock)) { + if (retval = krb5_db_store_mkey(context, keyfile, master_princ, + &master_keyblock)) { com_err(argv[0], errno, "while storing key"); memset((char *)master_keyblock.contents, 0, master_keyblock.length); - (void) krb5_db_fini(); + (void) krb5_db_fini(context); exit(1); } memset((char *)master_keyblock.contents, 0, master_keyblock.length); - if (retval = krb5_db_fini()) { + if (retval = krb5_db_fini(context)) { com_err(argv[0], retval, "closing database '%s'", dbname); exit(1); } diff --git a/src/appl/mailquery/ChangeLog b/src/appl/mailquery/ChangeLog index b2d2d36727..78c8694913 100644 --- a/src/appl/mailquery/ChangeLog +++ b/src/appl/mailquery/ChangeLog @@ -1,3 +1,7 @@ +Fri Jan 13 15:23:47 1995 Chris Provenzano (proven@mit.edu) + + * Added krb5_context to all krb5_routines + Mon Jan 2 14:41:14 1995 Richard Basch (probe@tardis) * mailquery.c diff --git a/src/appl/mailquery/poplib.c b/src/appl/mailquery/poplib.c index 3aeb89cac3..5c840b3908 100644 --- a/src/appl/mailquery/poplib.c +++ b/src/appl/mailquery/poplib.c @@ -75,6 +75,7 @@ int reserved; #endif #ifdef KRB5 krb5_error_code retval; + krb5_context context; krb5_ccache ccdef; krb5_principal client = NULL, server = NULL; krb5_error *err_ret = NULL; @@ -157,17 +158,18 @@ int reserved; } #endif /* KRB4 */ #ifdef KRB5 - krb5_init_ets(); + krb5_init_context(&context); + krb5_init_ets(context); routine = "krb5_cc_default"; - if (retval = krb5_cc_default(&ccdef)) { + if (retval = krb5_cc_default(context, &ccdef)) { krb5error: sprintf(Errmsg, "%s: krb5 error: %s", routine, error_message(retval)); close(s); return(NOTOK); } routine = "krb5_cc_get_principal"; - if (retval = krb5_cc_get_principal(ccdef, &client)) { + if (retval = krb5_cc_get_principal(context, ccdef, &client)) { goto krb5error; } @@ -179,13 +181,14 @@ int reserved; #endif routine = "krb5_sname_to_principal"; - if (retval = krb5_sname_to_principal(hp->h_name, "pop", + if (retval = krb5_sname_to_principal(context, hp->h_name, "pop", KRB5_NT_UNKNOWN, &server)) { goto krb5error; } - retval = krb5_sendauth((krb5_pointer) &s, "KPOPV1.0", client, server, + retval = krb5_sendauth(context, (krb5_pointer) &s, "KPOPV1.0", + client, server, AP_OPTS_MUTUAL_REQUIRED, 0, /* no checksum */ 0, /* no creds, use ccache instead */ @@ -194,14 +197,14 @@ int reserved; 0, /* don't need a subsession key */ &err_ret, 0); /* don't need reply */ - krb5_free_principal(server); + krb5_free_principal(context, server); if (retval) { if (err_ret && err_ret->text.length) { sprintf(Errmsg, "krb5 error: %s [server says '%*s'] ", error_message(retval), err_ret->text.length, err_ret->text.data); - krb5_free_error(err_ret); + krb5_free_error(context, err_ret); } else sprintf(Errmsg, "krb5_sendauth: krb5 error: %s", error_message(retval)); close(s); diff --git a/src/appl/movemail/ChangeLog b/src/appl/movemail/ChangeLog index e18af0ba79..8b8405a3b6 100644 --- a/src/appl/movemail/ChangeLog +++ b/src/appl/movemail/ChangeLog @@ -1,3 +1,7 @@ +Fri Jan 13 15:23:47 1995 Chris Provenzano (proven@mit.edu) + + * Added krb5_context to all krb5_routines + Thu Sep 29 22:52:50 1994 Theodore Y. Ts'o (tytso@dcl) * Makefile.in: Relink executables if libraries change diff --git a/src/appl/movemail/movemail.c b/src/appl/movemail/movemail.c index 3068493da0..cbd7188ebf 100644 --- a/src/appl/movemail/movemail.c +++ b/src/appl/movemail/movemail.c @@ -535,6 +535,7 @@ char *host; #ifdef KRB5 krb5_error_code retval; krb5_ccache ccdef; + krb5_context context; krb5_principal client, server; krb5_error *err_ret = NULL; char *hostname; @@ -602,24 +603,26 @@ char *host; } #endif /* KRB4 */ #ifdef KRB5 - krb5_init_ets(); + krb5_init_context(&context); + krb5_init_ets(context); - if (retval = krb5_cc_default(&ccdef)) { + if (retval = krb5_cc_default(context, &ccdef)) { krb5error: sprintf(Errmsg, "krb5 error: %s", error_message(retval)); close(s); return(NOTOK); } - if (retval = krb5_cc_get_principal(ccdef, &client)) { + if (retval = krb5_cc_get_principal(context, ccdef, &client)) { goto krb5error; } - if (retval = krb5_sname_to_principal(hostname, POP_SNAME, + if (retval = krb5_sname_to_principal(context, hostname, POP_SNAME, KRB5_NT_SRV_HST, &server)) { goto krb5error; } - retval = krb5_sendauth((krb5_pointer) &s, "KPOPV1.0", client, server, + retval = krb5_sendauth(context, (krb5_pointer) &s, "KPOPV1.0", + client, server, AP_OPTS_MUTUAL_REQUIRED, 0, /* no checksum */ 0, /* no creds, use ccache instead */ @@ -628,14 +631,14 @@ char *host; 0, /* don't need a subsession key */ &err_ret, 0); /* don't need reply */ - krb5_free_principal(server); + krb5_free_principal(context, server); if (retval) { if (err_ret && err_ret->text.length) { sprintf(Errmsg, "krb5 error: %s [server says '%*s'] ", error_message(retval), err_ret->text.length, err_ret->text.data); - krb5_free_error(err_ret); + krb5_free_error(context, err_ret); } else sprintf(Errmsg, "krb5 error: %s", error_message(retval)); close(s); diff --git a/src/appl/popper/ChangeLog b/src/appl/popper/ChangeLog index 6e61891a0d..27045dbd86 100644 --- a/src/appl/popper/ChangeLog +++ b/src/appl/popper/ChangeLog @@ -1,3 +1,7 @@ +Fri Jan 13 15:23:47 1995 Chris Provenzano (proven@mit.edu) + + * Added krb5_context to all krb5_routines + Fri Nov 18 01:15:58 1994 Mark Eichin <eichin@cygnus.com> * configure.in: use KRB5_POSIX_LOCKS (from epeisach). diff --git a/src/appl/popper/pop_init.c b/src/appl/popper/pop_init.c index 335c201d3f..821b98d149 100644 --- a/src/appl/popper/pop_init.c +++ b/src/appl/popper/pop_init.c @@ -27,6 +27,7 @@ AUTH_DAT kdata; #include <com_err.h> #include <ctype.h> krb5_principal ext_client; +krb5_context pop_context; char *client_name; #endif /* KRB5 */ #endif /* KERBEROS */ @@ -291,10 +292,11 @@ authenticate(p, addr) krb5_principal server; int sock = 0; - krb5_init_ets(); + krb5_init_context(&pop_context); + krb5_init_ets(pop_context); - if (retval = krb5_sname_to_principal(p->myhost, "pop", KRB5_NT_SRV_HST, - &server)) { + if (retval = krb5_sname_to_principal(pop_context, p->myhost, "pop", + KRB5_NT_SRV_HST, &server)) { pop_msg(p, POP_FAILURE, "server '%s' mis-configured, can't get principal--%s", p->myhost, error_message(retval)); @@ -303,7 +305,7 @@ authenticate(p, addr) exit(-1); } - if (retval = krb5_recvauth((krb5_pointer)&sock, + if (retval = krb5_recvauth(pop_context, (krb5_pointer)&sock, "KPOPV1.0", server, 0, /* ignore peer address */ @@ -320,8 +322,8 @@ authenticate(p, addr) p->client, error_message(retval)); exit(-1); } - krb5_free_principal(server); - if (retval = krb5_unparse_name(ext_client, &client_name)) { + krb5_free_principal(pop_context, server); + if (retval = krb5_unparse_name(pop_context, ext_client, &client_name)) { pop_msg(p, POP_FAILURE, "name not parsable--%s", error_message(retval)); pop_log(p, POP_DEBUG, "name not parsable (%s)", @@ -332,7 +334,8 @@ authenticate(p, addr) pop_log(p, POP_DEBUG, "%s (%s): ok", client_name, inet_ntoa(addr->sin_addr)); #endif /* DEBUG */ - if (retval= krb5_aname_to_localname(ext_client, sizeof(p->user), p->user)) { + if (retval= krb5_aname_to_localname(pop_context, ext_client, + sizeof(p->user), p->user)) { pop_msg(p, POP_FAILURE, "unable to convert aname(%s) to localname --%s", client_name, error_message(retval)); diff --git a/src/appl/popper/pop_pass.c b/src/appl/popper/pop_pass.c index c31213bbdb..f69700359d 100644 --- a/src/appl/popper/pop_pass.c +++ b/src/appl/popper/pop_pass.c @@ -33,6 +33,7 @@ extern AUTH_DAT kdata; #include <krb5/los-proto.h> #include <com_err.h> extern krb5_principal ext_client; +extern krb5_context pop_context; extern char *client_name; #endif /* KRB5 */ #endif /* KERBEROS */ @@ -92,7 +93,7 @@ POP * p; { krb5_error_code retval; - if (retval = krb5_get_default_realm(&lrealm)) { + if (retval = krb5_get_default_realm(pop_context, &lrealm)) { pop_log(p, POP_WARNING, "%s: (%s) %s", p->client, client_name, error_message(retval)); return(pop_msg(p,POP_FAILURE, @@ -100,7 +101,7 @@ POP * p; } } - tmpdata = krb5_princ_realm(ext_client); + tmpdata = krb5_princ_realm(pop_context, ext_client); if (strncmp(tmpdata->data, lrealm, tmpdata->length)) { pop_log(p, POP_WARNING, "%s: (%s) realm not accepted.", p->client, client_name); @@ -110,7 +111,7 @@ POP * p; } #endif /* only accept one-component names, i.e. realm and name only */ - if (krb5_princ_size(ext_client) > 1) { + if (krb5_princ_size(pop_context, ext_client) > 1) { pop_log(p, POP_WARNING, "%s: (%s) instance not accepted.", p->client, client_name); return(pop_msg(p,POP_FAILURE, @@ -124,7 +125,7 @@ POP * p; * but this causes too much confusion and assumes p->user will never * change. This makes me feel more comfortable. */ - tmpdata = krb5_princ_component(ext_client, 0); + tmpdata = krb5_princ_component(pop_context, ext_client, 0); if(strncmp(p->user, tmpdata->data, tmpdata->length)) { pop_log(p, POP_WARNING, "%s: auth failed: %s vs %s", diff --git a/src/appl/sample/sclient/ChangeLog b/src/appl/sample/sclient/ChangeLog index 438dd5d798..45b44540a4 100644 --- a/src/appl/sample/sclient/ChangeLog +++ b/src/appl/sample/sclient/ChangeLog @@ -1,3 +1,7 @@ +Fri Jan 13 15:23:47 1995 Chris Provenzano (proven@mit.edu) + + * Added krb5_context to all krb5_routines + Mon Oct 3 19:16:02 1994 Theodore Y. Ts'o (tytso@dcl) * Makefile.in: Use $(srcdir) to find manual page for make install. diff --git a/src/appl/sample/sclient/sclient.c b/src/appl/sample/sclient/sclient.c index 53e40fa5b2..e9629d6aa8 100644 --- a/src/appl/sample/sclient/sclient.c +++ b/src/appl/sample/sclient/sclient.c @@ -51,6 +51,7 @@ char *argv[]; struct hostent *hp; struct sockaddr_in sin, lsin; int sock, namelen; + krb5_context context; krb5_data recv_data; krb5_checksum send_cksum; krb5_error_code retval; @@ -65,7 +66,8 @@ char *argv[]; exit(1); } - krb5_init_ets(); + krb5_init_context(& context); + krb5_init_ets(context); (void) signal(SIGPIPE, SIG_IGN); if (!valid_cksumtype(CKSUMTYPE_CRC32)) { @@ -100,7 +102,7 @@ char *argv[]; exit(1); } - if (retval = krb5_sname_to_principal(argv[1], SAMPLE_SERVICE, + if (retval = krb5_sname_to_principal(context, argv[1], SAMPLE_SERVICE, KRB5_NT_SRV_HST, &server)) { com_err(argv[0], retval, "while creating server name for %s", argv[1]); @@ -137,12 +139,12 @@ char *argv[]; /* compute checksum, using CRC-32 */ if (!(send_cksum.contents = (krb5_octet *) - malloc(krb5_checksum_size(CKSUMTYPE_CRC32)))) { + malloc(krb5_checksum_size(context, CKSUMTYPE_CRC32)))) { com_err(argv[0], ENOMEM, "while allocating checksum"); exit(1); } /* choose some random stuff to compute checksum from */ - if (retval = krb5_calculate_checksum(CKSUMTYPE_CRC32, + if (retval = krb5_calculate_checksum(context, CKSUMTYPE_CRC32, argv[1], strlen(argv[1]), 0, @@ -153,16 +155,16 @@ char *argv[]; exit(1); } - if (retval = krb5_cc_default(&ccdef)) { + if (retval = krb5_cc_default(context, &ccdef)) { com_err(argv[0], retval, "while getting default ccache"); exit(1); } - if (retval = krb5_cc_get_principal(ccdef, &client)) { + if (retval = krb5_cc_get_principal(context, ccdef, &client)) { com_err(argv[0], retval, "while getting client principal name"); exit(1); } - retval = krb5_sendauth((krb5_pointer) &sock, + retval = krb5_sendauth(context, (krb5_pointer) &sock, SAMPLE_VERSION, client, server, AP_OPTS_MUTUAL_REQUIRED, &send_cksum, @@ -173,7 +175,7 @@ char *argv[]; &err_ret, &rep_ret); - krb5_free_principal(server); /* finished using it */ + krb5_free_principal(context, server); /* finished using it */ if (retval && retval != KRB5_SENDAUTH_REJECTED) { com_err(argv[0], retval, "while using sendauth"); @@ -186,7 +188,7 @@ char *argv[]; } else if (rep_ret) { /* got a reply */ printf("sendauth succeeded, reply is:\n"); - if ((retval = krb5_net_read(sock, (char *)&xmitlen, + if ((retval = krb5_net_read(context, sock, (char *)&xmitlen, sizeof(xmitlen))) <= 0) { if (retval == 0) errno = ECONNABORTED; @@ -199,7 +201,7 @@ char *argv[]; "while allocating buffer to read from server"); exit(1); } - if ((retval = krb5_net_read(sock, (char *)recv_data.data, + if ((retval = krb5_net_read(context, sock, (char *)recv_data.data, recv_data.length)) <= 0) { if (retval == 0) errno = ECONNABORTED; diff --git a/src/appl/sample/sserver/sserver.c b/src/appl/sample/sserver/sserver.c index 37d463a728..ed5e4bb8f5 100644 --- a/src/appl/sample/sserver/sserver.c +++ b/src/appl/sample/sserver/sserver.c @@ -57,6 +57,7 @@ main(argc, argv) int argc; char *argv[]; { + krb5_context context; struct sockaddr_in peername; krb5_address peeraddr; int namelen = sizeof(peername); @@ -68,13 +69,14 @@ char *argv[]; char repbuf[BUFSIZ]; char *cname; - krb5_init_ets(); - /* open a log connection */ + krb5_init_context(&context); + krb5_init_ets(context); + /* open a log connection */ openlog("sserver", 0, LOG_DAEMON); - if (retval = krb5_sname_to_principal(NULL, SAMPLE_SERVICE, KRB5_NT_SRV_HST, - &server)) { + if (retval = krb5_sname_to_principal(context, NULL, SAMPLE_SERVICE, + KRB5_NT_SRV_HST, &server)) { syslog(LOG_ERR, "while generating service name (%s): %s", SAMPLE_SERVICE, error_message(retval)); exit(1); @@ -126,7 +128,7 @@ char *argv[]; peeraddr.length = sizeof(peername.sin_addr); peeraddr.contents = (krb5_octet *)&peername.sin_addr; - if (retval = krb5_recvauth((krb5_pointer)&sock, + if (retval = krb5_recvauth(context, (krb5_pointer)&sock, SAMPLE_VERSION, server, &peeraddr, 0, 0, 0, /* no fetchfrom, keyproc or arg */ 0, /* default rc type */ @@ -140,7 +142,7 @@ char *argv[]; exit(1); } - if (retval = krb5_unparse_name(client, &cname)) { + if (retval = krb5_unparse_name(context, client, &cname)) { syslog(LOG_ERR, "unparse failed: %s", error_message(retval)); cname = "<unparse error>"; } @@ -151,12 +153,12 @@ char *argv[]; xmitlen = htons(strlen(repbuf)); recv_data.length = strlen(repbuf); recv_data.data = repbuf; - if ((retval = krb5_net_write(0, (char *)&xmitlen, + if ((retval = krb5_net_write(context, 0, (char *)&xmitlen, sizeof(xmitlen))) < 0) { syslog(LOG_ERR, "%m: while writing len to client"); exit(1); } - if ((retval = krb5_net_write(0, (char *)recv_data.data, + if ((retval = krb5_net_write(context, 0, (char *)recv_data.data, recv_data.length)) < 0) { syslog(LOG_ERR, "%m: while writing data to client"); exit(1); diff --git a/src/appl/simple/client/ChangeLog b/src/appl/simple/client/ChangeLog index 52c8b242e2..e6f09ec118 100644 --- a/src/appl/simple/client/ChangeLog +++ b/src/appl/simple/client/ChangeLog @@ -1,3 +1,7 @@ +Fri Jan 13 15:23:47 1995 Chris Provenzano (proven@mit.edu) + + * Added krb5_context to all krb5_routines + Thu Sep 29 22:45:52 1994 Theodore Y. Ts'o (tytso@dcl) * Makefile.in: Relink executable if library changes diff --git a/src/appl/simple/client/sim_client.c b/src/appl/simple/client/sim_client.c index f4569b8212..34845a0570 100644 --- a/src/appl/simple/client/sim_client.c +++ b/src/appl/simple/client/sim_client.c @@ -74,6 +74,7 @@ char *argv[]; krb5_creds creds; krb5_address local_addr, foreign_addr, *portlocal_addr; krb5_rcache rcache; + krb5_context context; extern krb5_deltat krb5_clockskew; if (argc != 2 && argc != 3) { @@ -81,7 +82,8 @@ char *argv[]; exit(1); } - krb5_init_ets(); + krb5_init_context(&context); + krb5_init_ets(context); if (!valid_cksumtype(CKSUMTYPE_CRC32)) { com_err(PROGNAME, KRB5_PROG_SUMTYPE_NOSUPP, "while using CRC-32"); @@ -136,14 +138,14 @@ char *argv[]; exit(1); } - if (retval = krb5_get_default_realm(&c_realm)) { + if (retval = krb5_get_default_realm(context, &c_realm)) { com_err(PROGNAME, retval, "while retrieving local realm"); exit(1); } printf("Local Kerberos realm is %s\n", c_realm); /* Get Kerberos realm of host */ - if (retval = krb5_get_host_realm(full_hname, &s_realms)) { + if (retval = krb5_get_host_realm(context, full_hname, &s_realms)) { com_err(PROGNAME, retval, "while getting realm for '%s'", full_hname); exit(1); } @@ -155,13 +157,13 @@ char *argv[]; /* compute checksum, using CRC-32 */ if (!(send_cksum.contents = (krb5_octet *) - malloc(krb5_checksum_size(CKSUMTYPE_CRC32)))) { + malloc(krb5_checksum_size(context, CKSUMTYPE_CRC32)))) { com_err(PROGNAME, ENOMEM, "while allocating checksum"); exit(1); } /* choose some random stuff to compute checksum from */ - if (retval = krb5_calculate_checksum(CKSUMTYPE_CRC32, + if (retval = krb5_calculate_checksum(context, CKSUMTYPE_CRC32, HOST, strlen(HOST), 0, @@ -174,7 +176,7 @@ char *argv[]; /* Get credentials for server, create krb_mk_req message */ - if (retval = krb5_cc_default(&ccdef)) { + if (retval = krb5_cc_default(context, &ccdef)) { com_err(PROGNAME, retval, "while getting default ccache"); exit(1); } @@ -184,14 +186,14 @@ char *argv[]; [2] == FULL host name (by convention) [3] == null ptr */ - if (retval = krb5_build_principal(&server, + if (retval = krb5_build_principal(context, &server, strlen(s_realms[0]), s_realms[0], SERVICE, full_hname, 0)) { com_err(PROGNAME, retval, "while setting up server principal"); exit(1); } - if (retval = krb5_mk_req(server, + if (retval = krb5_mk_req(context, server, 0, /* use default options */ &send_cksum, ccdef, @@ -228,14 +230,14 @@ char *argv[]; local_addr.length = sizeof(c_sock.sin_addr); local_addr.contents = (krb5_octet *)&c_sock.sin_addr; - if (retval = krb5_gen_portaddr(&local_addr, + if (retval = krb5_gen_portaddr(context, &local_addr, (krb5_pointer) &c_sock.sin_port, &portlocal_addr)) { com_err(PROGNAME, retval, "while generating port address"); exit(1); } - if (retval = krb5_gen_replay_name(portlocal_addr, "_sim_clt", + if (retval = krb5_gen_replay_name(context, portlocal_addr, "_sim_clt", &cp)) { com_err(PROGNAME, retval, "while generating replay cache name"); exit(1); @@ -244,33 +246,34 @@ char *argv[]; com_err(PROGNAME, ENOMEM, "while allocating replay cache"); exit(1); } - if (retval = krb5_rc_resolve_type(&rcache, krb5_rc_default_type())) { + if (retval = krb5_rc_resolve_type(context, &rcache, + krb5_rc_default_type(context))) { krb5_xfree(rcache); com_err(PROGNAME, retval, "while resolving replay cache type"); exit(1); } - if (retval = krb5_rc_resolve(rcache, cp)) { + if (retval = krb5_rc_resolve(context, rcache, cp)) { krb5_xfree(rcache); com_err(PROGNAME, retval, "while resolving replay cache type"); exit(1); } - if ((retval = krb5_rc_recover(rcache)) && - (retval = krb5_rc_initialize(rcache, krb5_clockskew))) { + if ((retval = krb5_rc_recover(context, rcache)) && + (retval = krb5_rc_initialize(context, rcache, krb5_clockskew))) { com_err(PROGNAME, retval, "while initializing replay cache '%s:%s'", rcache->ops->type, - krb5_rc_get_name(rcache)); + krb5_rc_get_name(context, rcache)); exit(1); } /* Get session key & creds */ memset((char *)&creds, 0, sizeof(creds)); creds.server = server; - if (retval = krb5_cc_get_principal(ccdef, &creds.client)) { + if (retval = krb5_cc_get_principal(context, ccdef, &creds.client)) { com_err(PROGNAME, retval, "while getting my principal name"); exit(1); } - if (retval = krb5_get_credentials(0, /* no flags */ + if (retval = krb5_get_credentials(context, 0, /* no flags */ ccdef, &creds)) { com_err(PROGNAME, retval, "while fetching credentials"); @@ -281,7 +284,7 @@ char *argv[]; inbuf.data = argc == 3 ? argv[2] : MSG; inbuf.length = strlen (inbuf.data); - if (retval = krb5_mk_safe(&inbuf, + if (retval = krb5_mk_safe(context, &inbuf, CKSUMTYPE_RSA_MD4_DES, &creds.keyblock, portlocal_addr, @@ -304,7 +307,7 @@ char *argv[]; /* Make the encrypted message */ - if (retval = krb5_mk_priv(&inbuf, + if (retval = krb5_mk_priv(context, &inbuf, ETYPE_DES_CBC_CRC, &creds.keyblock, portlocal_addr, diff --git a/src/appl/simple/server/ChangeLog b/src/appl/simple/server/ChangeLog index 67a34773b2..067ce96088 100644 --- a/src/appl/simple/server/ChangeLog +++ b/src/appl/simple/server/ChangeLog @@ -1,3 +1,7 @@ +Fri Jan 13 15:23:47 1995 Chris Provenzano (proven@mit.edu) + + * Added krb5_context to all krb5_routines + Thu Sep 29 22:46:51 1994 Theodore Y. Ts'o (tytso@dcl) * Makefile.in: relink executable when libraries change diff --git a/src/appl/simple/server/sim_server.c b/src/appl/simple/server/sim_server.c index e4b73972ef..2f18551530 100644 --- a/src/appl/simple/server/sim_server.c +++ b/src/appl/simple/server/sim_server.c @@ -70,6 +70,7 @@ char *argv[]; krb5_address foreign_addr, *portforeign_addr; krb5_rcache rcache; krb5_principal sprinc; + krb5_context context; krb5_tkt_authent *ad; if (argc != 2) { @@ -77,9 +78,10 @@ char *argv[]; exit(1); } - krb5_init_ets(); + krb5_init_context(&context); + krb5_init_ets(context); - if (retval = krb5_parse_name(SNAME, &sprinc)) { + if (retval = krb5_parse_name(context, SNAME, &sprinc)) { com_err(PROGNAME, retval, "while parsing server name %s", SNAME); exit(1); } @@ -142,13 +144,13 @@ char *argv[]; foreign_addr.contents = (krb5_octet *)&c_sock.sin_addr; /* Check authentication info */ - if (retval = krb5_rd_req_simple(&packet, sprinc, + if (retval = krb5_rd_req_simple(context, &packet, sprinc, &foreign_addr, &ad)) { com_err(PROGNAME, retval, "while reading request"); exit(1); } - if (retval = krb5_unparse_name(ad->ticket->enc_part2->client, &cp)) { + if (retval = krb5_unparse_name(context,ad->ticket->enc_part2->client,&cp)) { com_err(PROGNAME, retval, "while unparsing client name"); exit(1); } @@ -179,31 +181,32 @@ char *argv[]; foreign_addr.length = sizeof(c_sock.sin_addr); foreign_addr.contents = (krb5_octet *)&c_sock.sin_addr; - if (retval = krb5_gen_portaddr(&foreign_addr, + if (retval = krb5_gen_portaddr(context, &foreign_addr, (krb5_pointer) &c_sock.sin_port, &portforeign_addr)) { com_err(PROGNAME, retval, "while generating port address"); exit(1); } - if (retval = krb5_get_server_rcache(krb5_princ_component(sprinc, 0), + if (retval = krb5_get_server_rcache(context, + krb5_princ_component(context,sprinc,0), &rcache)) { com_err(PROGNAME, retval, "while opening replay cache"); exit(1); } - if (retval = krb5_rd_safe(&packet, ad->ticket->enc_part2->session, + if (retval = krb5_rd_safe(context, &packet, ad->ticket->enc_part2->session, portforeign_addr, 0, 0, 0, rcache, &message)) { com_err(PROGNAME, retval, "while verifying SAFE message"); - (void) krb5_rc_close(rcache); + (void) krb5_rc_close(context, rcache); exit(1); } printf("Safe message is: '%.*s'\n", message.length, message.data); krb5_xfree(message.data); - krb5_free_address(portforeign_addr); + krb5_free_address(context, portforeign_addr); /* NOW GET ENCRYPTED MESSAGE */ @@ -213,7 +216,7 @@ char *argv[]; (struct sockaddr *)&c_sock, &i); if (i < 0) { perror("receiving datagram"); - (void) krb5_rc_close(rcache); + (void) krb5_rc_close(context, rcache); exit(1); } printf("Received %d bytes\n", i); @@ -221,25 +224,25 @@ char *argv[]; packet.length = i; packet.data = (krb5_pointer) pktbuf; - if (retval = krb5_gen_portaddr(&foreign_addr, + if (retval = krb5_gen_portaddr(context, &foreign_addr, (krb5_pointer) &c_sock.sin_port, &portforeign_addr)) { com_err(PROGNAME, retval, "while generating port address"); - (void) krb5_rc_close(rcache); + (void) krb5_rc_close(context, rcache); exit(1); } - if (retval = krb5_rd_priv(&packet, ad->ticket->enc_part2->session, + if (retval = krb5_rd_priv(context, &packet, ad->ticket->enc_part2->session, portforeign_addr, 0, 0, 0, 0, rcache, &message)) { com_err(PROGNAME, retval, "while verifying PRIV message"); - (void) krb5_rc_close(rcache); + (void) krb5_rc_close(context, rcache); exit(1); } printf("Decrypted message is: '%.*s'\n", message.length, message.data); - (void) krb5_rc_close(rcache); + (void) krb5_rc_close(context, rcache); exit(0); } diff --git a/src/appl/telnet/libtelnet/forward.c b/src/appl/telnet/libtelnet/forward.c index 782e9f5e33..1e3907ca2d 100644 --- a/src/appl/telnet/libtelnet/forward.c +++ b/src/appl/telnet/libtelnet/forward.c @@ -36,7 +36,8 @@ /* Decode, decrypt and store the forwarded creds in the local ccache. */ krb5_error_code -rd_and_store_for_creds(inbuf, ticket, lusername) +rd_and_store_for_creds(context, inbuf, ticket, lusername) + krb5_context context; krb5_data *inbuf; krb5_ticket *ticket; char *lusername; @@ -47,7 +48,7 @@ rd_and_store_for_creds(inbuf, ticket, lusername) krb5_ccache ccache = NULL; struct passwd *pwd; - if (retval = krb5_rd_cred(inbuf, ticket->enc_part2->session, + if (retval = krb5_rd_cred(context, inbuf, ticket->enc_part2->session, &creds, 0, 0)) { return(retval); } @@ -58,16 +59,16 @@ rd_and_store_for_creds(inbuf, ticket, lusername) sprintf(ccname, "FILE:/tmp/krb5cc_%d", pwd->pw_uid); - if (retval = krb5_cc_resolve(ccname, &ccache)) { + if (retval = krb5_cc_resolve(context, ccname, &ccache)) { return(retval); } - if (retval = krb5_cc_initialize(ccache, + if (retval = krb5_cc_initialize(context, ccache, ticket->enc_part2->client)) { return(retval); } - if (retval = krb5_cc_store_cred(ccache, &creds)) { + if (retval = krb5_cc_store_cred(context, ccache, &creds)) { return(retval); } diff --git a/src/appl/telnet/libtelnet/kerberos5.c b/src/appl/telnet/libtelnet/kerberos5.c index 4bcab5aa1a..9e77240237 100644 --- a/src/appl/telnet/libtelnet/kerberos5.c +++ b/src/appl/telnet/libtelnet/kerberos5.c @@ -155,7 +155,8 @@ Data(ap, type, d, c) return(net_write(str_data, p - str_data)); } - int +krb5_context telnet_context; +int kerberos5_init(ap, server) Authenticator *ap; int server; @@ -167,7 +168,8 @@ kerberos5_init(ap, server) memset(&session_key, 0, sizeof(session_key)); session_key.magic = KV5M_KEYBLOCK; session_key.etype = ETYPE_UNKNOWN; - krb5_init_ets(); + krb5_init_context(&telnet_context); + krb5_init_ets(telnet_context); return(1); } @@ -199,7 +201,7 @@ kerberos5_send(ap) return(0); } - if (r = krb5_cc_default(&ccache)) { + if (r = krb5_cc_default(telnet_context, &ccache)) { if (auth_debug_mode) { printf("Kerberos V5: could not get default ccache\r\n"); } @@ -207,28 +209,29 @@ kerberos5_send(ap) } memset((char *)&creds, 0, sizeof(creds)); - if (r = krb5_sname_to_principal(RemoteHostName,"host",KRB5_NT_SRV_HST, - &creds.server)) { + if (r = krb5_sname_to_principal(telnet_context, RemoteHostName, "host", + KRB5_NT_SRV_HST, &creds.server)) { if (auth_debug_mode) printf("Kerberos V5: error while constructing service name: %s\r\n", error_message(r)); return(0); } - if (r = krb5_cc_get_principal(ccache, &creds.client)) { + if (r = krb5_cc_get_principal(telnet_context, ccache, &creds.client)) { if (auth_debug_mode) { printf("Kerberos V5: failure on principal (%s)\r\n", error_message(r)); } - krb5_free_cred_contents(&creds); + krb5_free_cred_contents(telnet_context, &creds); return(0); } - if (r = krb5_get_credentials(krb5_kdc_default_options, ccache, &creds)) { + if (r = krb5_get_credentials(telnet_context, krb5_kdc_default_options, + ccache, &creds)) { if (auth_debug_mode) { printf("Kerberos V5: failure on credentials(%s)\r\n", error_message(r)); } - krb5_free_cred_contents(&creds); + krb5_free_cred_contents(telnet_context, &creds); return(0); } @@ -237,7 +240,8 @@ kerberos5_send(ap) else ap_opts = 0; - r = krb5_mk_req_extended(ap_opts, &ksum, krb5_kdc_default_options, 0, + r = krb5_mk_req_extended(telnet_context, ap_opts, &ksum, + krb5_kdc_default_options, 0, #ifdef ENCRYPTION &newkey, #else /* ENCRYPTION */ @@ -256,16 +260,17 @@ kerberos5_send(ap) if (newkey->keytype != KEYTYPE_DES) { if (creds.keyblock.keytype == KEYTYPE_DES) /* use the session key in credentials instead */ - krb5_copy_keyblock_contents(&creds, &session_key); + krb5_copy_keyblock_contents(telnet_context, &creds, + &session_key); else /* XXX ? */; } else { - krb5_copy_keyblock_contents(newkey, &session_key); + krb5_copy_keyblock_contents(telnet_context,newkey,&session_key); } - krb5_free_keyblock(newkey); + krb5_free_keyblock(telnet_context, newkey); } #endif /* ENCRYPTION */ - krb5_free_cred_contents(&creds); + krb5_free_cred_contents(telnet_context, &creds); if (r) { if (auth_debug_mode) { printf("Kerberos V5: mk_req failed (%s)\r\n", @@ -314,16 +319,17 @@ kerberos5_is(ap, data, cnt) auth.data = (char *)data; auth.length = cnt; - r = krb5_sname_to_principal(0, "host", + r = krb5_sname_to_principal(telnet_context, 0, "host", KRB5_NT_SRV_HST, &server); if (authdat) - krb5_free_tkt_authent(authdat); + krb5_free_tkt_authent(telnet_context, authdat); if (!r) { - r = krb5_rd_req_simple(&auth, server, 0, &authdat); - krb5_free_principal(server); + r = krb5_rd_req_simple(telnet_context, &auth, server, 0, + &authdat); + krb5_free_principal(telnet_context, server); } if (r) { char errbuf[128]; @@ -345,7 +351,7 @@ kerberos5_is(ap, data, cnt) need to return one here */ reply.seq_number = 0; /* we don't do seq #'s. */ - if (r = krb5_mk_rep(&reply, + if (r = krb5_mk_rep(telnet_context, &reply, authdat->authenticator->subkey ? authdat->authenticator->subkey : authdat->ticket->enc_part2->session, @@ -354,8 +360,9 @@ kerberos5_is(ap, data, cnt) } Data(ap, KRB_RESPONSE, outbuf.data, outbuf.length); } - if (krb5_unparse_name(authdat->ticket->enc_part2 ->client, - &name)) + if (krb5_unparse_name(telnet_context, + authdat->ticket->enc_part2 ->client, + &name)) name = 0; Data(ap, KRB_ACCEPT, name, name ? -1 : 0); if (auth_debug_mode) { @@ -370,13 +377,15 @@ kerberos5_is(ap, data, cnt) authdat->authenticator->subkey->keytype == KEYTYPE_DES) { if (session_key.contents) free(session_key.contents); - krb5_copy_keyblock_contents(authdat->authenticator->subkey, - &session_key); + krb5_copy_keyblock_contents(telnet_context, + authdat->authenticator->subkey, + &session_key); } else if (authdat->ticket->enc_part2->session->keytype == KEYTYPE_DES) { if (session_key.contents) free(session_key.contents); - krb5_copy_keyblock_contents(authdat->ticket->enc_part2->session, + krb5_copy_keyblock_contents(telnet_context, + authdat->ticket->enc_part2->session, &session_key); } else break; @@ -392,7 +401,8 @@ kerberos5_is(ap, data, cnt) case KRB_FORWARD: inbuf.data = (char *)data; inbuf.length = cnt; - if (r = rd_and_store_for_creds(&inbuf, authdat->ticket, + if (r = rd_and_store_for_creds(telnet_context, &inbuf, + authdat->ticket, UserNameRequested)) { char errbuf[128]; @@ -471,7 +481,8 @@ kerberos5_reply(ap, data, cnt) return; } - if (r = krb5_rd_rep(&inbuf, &session_key, &reply)) { + if (r = krb5_rd_rep(telnet_context, &inbuf, &session_key, + &reply)) { printf("[ Mutual authentication failed: %s ]\n", error_message(r)); auth_send_retry(); @@ -483,7 +494,7 @@ kerberos5_reply(ap, data, cnt) auth_send_retry(); return; } - krb5_free_ap_rep_enc_part(reply); + krb5_free_ap_rep_enc_part(telnet_context, reply); #ifdef ENCRYPTION skey.type = SK_DES; skey.length = 8; @@ -519,7 +530,8 @@ kerberos5_status(ap, name, level) return(level); if (UserNameRequested && - krb5_kuserok(authdat->ticket->enc_part2->client, UserNameRequested)) + krb5_kuserok(telnet_context, authdat->ticket->enc_part2->client, + UserNameRequested)) { strcpy(name, UserNameRequested); return(AUTH_VALID); @@ -615,41 +627,42 @@ kerberos5_forward(ap) return; } - if (r = krb5_sname_to_principal(RemoteHostName, "host", KRB5_NT_SRV_HST, - &local_creds->server)) { + if (r = krb5_sname_to_principal(telnet_context, RemoteHostName, "host", + KRB5_NT_SRV_HST, &local_creds->server)) { if (auth_debug_mode) printf("Kerberos V5: could not build server name - %s\r\n", error_message(r)); - krb5_free_creds(local_creds); + krb5_free_creds(telnet_context, local_creds); return; } - if (r = krb5_cc_default(&ccache)) { + if (r = krb5_cc_default(telnet_context, &ccache)) { if (auth_debug_mode) printf("Kerberos V5: could not get default ccache - %s\r\n", error_message(r)); - krb5_free_creds(local_creds); + krb5_free_creds(telnet_context, local_creds); return; } - if (r = krb5_cc_get_principal(ccache, &local_creds->client)) { + if (r = krb5_cc_get_principal(telnet_context,ccache,&local_creds->client)) { if (auth_debug_mode) printf("Kerberos V5: could not get default principal - %s\r\n", error_message(r)); - krb5_free_creds(local_creds); + krb5_free_creds(telnet_context, local_creds); return; } /* Get ticket from credentials cache */ - if (r = krb5_get_credentials(KRB5_GC_CACHED, ccache, local_creds)) { + if (r = krb5_get_credentials(telnet_context, KRB5_GC_CACHED, + ccache, local_creds)) { if (auth_debug_mode) printf("Kerberos V5: could not obtain credentials - %s\r\n", error_message(r)); - krb5_free_creds(local_creds); + krb5_free_creds(telnet_context, local_creds); return; } - if (r = krb5_get_for_creds(ETYPE_DES_CBC_CRC, + if (r = krb5_get_for_creds(telnet_context, ETYPE_DES_CBC_CRC, krb5_kdc_req_sumtype, RemoteHostName, local_creds->client, @@ -659,7 +672,7 @@ kerberos5_forward(ap) if (auth_debug_mode) printf("Kerberos V5: error getting forwarded creds - %s\r\n", error_message(r)); - krb5_free_creds(local_creds); + krb5_free_creds(telnet_context, local_creds); return; } @@ -673,7 +686,7 @@ kerberos5_forward(ap) printf("Forwarded local Kerberos V5 credentials to server\r\n"); } - krb5_free_creds(local_creds); + krb5_free_creds(telnet_context, local_creds); } #endif /* FORWARD */ diff --git a/src/appl/telnet/telnet/ChangeLog b/src/appl/telnet/telnet/ChangeLog index e98124dbfc..59f49f27bd 100644 --- a/src/appl/telnet/telnet/ChangeLog +++ b/src/appl/telnet/telnet/ChangeLog @@ -1,3 +1,7 @@ +Fri Jan 13 15:23:47 1995 Chris Provenzano (proven@mit.edu) + + * Added krb5_context to all krb5_routines + Thu Dec 1 13:09:34 1994 <tytso@rsx-11.mit.edu> * externs.h: If USE_TERMIO is defined and SYSV_TERMIO isn't, diff --git a/src/appl/user_user/ChangeLog b/src/appl/user_user/ChangeLog index 787d602e5f..8707c6a382 100644 --- a/src/appl/user_user/ChangeLog +++ b/src/appl/user_user/ChangeLog @@ -1,3 +1,7 @@ +Fri Jan 13 15:23:47 1995 Chris Provenzano (proven@mit.edu) + + * Added krb5_context to all krb5_routines + Tue Oct 4 17:12:52 1994 Theodore Y. Ts'o (tytso@dcl) * client.c (tgt_keyproc): Add widen.h and narrow.h around diff --git a/src/appl/user_user/client.c b/src/appl/user_user/client.c index 56cabec479..be2aee27a6 100644 --- a/src/appl/user_user/client.c +++ b/src/appl/user_user/client.c @@ -39,19 +39,17 @@ #include <krb5/widen.h> krb5_error_code -tgt_keyproc(DECLARG(krb5_pointer, keyprocarg), - DECLARG(krb5_principal, principal), - DECLARG(krb5_kvno, vno), - DECLARG(krb5_keyblock **, key)) -OLDDECLARG(krb5_pointer, keyprocarg) -OLDDECLARG(krb5_principal, principal) -OLDDECLARG(krb5_kvno, vno) -OLDDECLARG(krb5_keyblock **, key) +tgt_keyproc(context, keyprocarg, principal, vno, key) + krb5_context context; + krb5_pointer keyprocarg; + krb5_principal principal; + krb5_kvno vno; + krb5_keyblock ** key; #include <krb5/narrow.h> { krb5_creds *creds = (krb5_creds *)keyprocarg; - return krb5_copy_keyblock(&creds->keyblock, key); + return krb5_copy_keyblock(context, &creds->keyblock, key); } int main (argc, argv) @@ -71,6 +69,7 @@ char *argv[]; krb5_creds creds; krb5_data reply, msg, princ_data; krb5_tkt_authent *authdat; + krb5_context context; unsigned short port; if (argc < 2 || argc > 4) @@ -79,7 +78,8 @@ char *argv[]; return 1; } - krb5_init_ets(); + krb5_init_context(&context); + krb5_init_ets(context); if (argc == 4) { @@ -152,36 +152,36 @@ char *argv[]; s = 1; #endif - if (retval = krb5_cc_default(&cc)) + if (retval = krb5_cc_default(context, &cc)) { com_err("uu-client", retval, "getting credentials cache"); return 6; } memset ((char*)&creds, 0, sizeof(creds)); - if (retval = krb5_cc_get_principal(cc, &creds.client)) + if (retval = krb5_cc_get_principal(context, cc, &creds.client)) { com_err("uu-client", retval, "getting principal name"); return 6; } - if (retval = krb5_unparse_name(creds.client, &princ)) + if (retval = krb5_unparse_name(context, creds.client, &princ)) com_err("uu-client", retval, "printing principal name"); else fprintf(stderr, "uu-client: client principal is \"%s\".\n", princ); - if (retval = krb5_get_host_realm(hname, &srealms)) + if (retval = krb5_get_host_realm(context, hname, &srealms)) { com_err("uu-client", retval, "getting realms for \"%s\"", hname); return 7; } - if (retval = krb5_build_principal_ext(&creds.server, - krb5_princ_realm(creds.client)->length, - krb5_princ_realm(creds.client)->data, - 6, "krbtgt", - krb5_princ_realm(creds.client)->length, - krb5_princ_realm(creds.client)->data, + if (retval = krb5_build_principal_ext(context, &creds.server, + krb5_princ_realm(context, creds.client)->length, + krb5_princ_realm(context, creds.client)->data, + 6, "krbtgt", + krb5_princ_realm(context, creds.client)->length, + krb5_princ_realm(context, creds.client)->data, 0)) { com_err("uu-client", retval, "setting up tgt server name"); @@ -189,7 +189,7 @@ char *argv[]; } /* Get TGT from credentials cache */ - if (retval = krb5_get_credentials(KRB5_GC_CACHED, cc, &creds)) + if (retval = krb5_get_credentials(context, KRB5_GC_CACHED, cc, &creds)) { com_err("uu-client", retval, "getting TGT"); return 6; @@ -201,21 +201,21 @@ char *argv[]; princ_data.data = princ; princ_data.length = i; /* include null terminator for server's convenience */ - retval = krb5_write_message((krb5_pointer) &s, &princ_data); + retval = krb5_write_message(context, (krb5_pointer) &s, &princ_data); if (retval) { com_err("uu-client", retval, "sending principal name to server"); return 8; } free(princ); - retval = krb5_write_message((krb5_pointer) &s, &creds.ticket); + retval = krb5_write_message(context, (krb5_pointer) &s, &creds.ticket); if (retval) { com_err("uu-client", retval, "sending ticket to server"); return 8; } - retval = krb5_read_message((krb5_pointer) &s, &reply); + retval = krb5_read_message(context, (krb5_pointer) &s, &reply); if (retval) { com_err("uu-client", retval, "reading reply from server"); @@ -231,7 +231,7 @@ char *argv[]; #if 1 /* read the ap_req to get the session key */ - retval = krb5_rd_req(&reply, + retval = krb5_rd_req(context, &reply, 0, /* don't know server's name... */ &serv_addr, 0, /* no fetchfrom */ @@ -242,7 +242,7 @@ char *argv[]; &authdat); free(reply.data); #else - retval = krb5_recvauth((krb5_pointer)&s, "???", + retval = krb5_recvauth(context, (krb5_pointer)&s, "???", 0, /* server */ &serv_addr, 0, tgt_keyproc, (krb5_pointer)&creds, 0, 0, @@ -252,13 +252,13 @@ char *argv[]; com_err("uu-client", retval, "reading AP_REQ from server"); return 9; } - if (retval = krb5_unparse_name(authdat->ticket->enc_part2->client, &princ)) + if (retval = krb5_unparse_name(context, authdat->ticket->enc_part2->client, &princ)) com_err("uu-client", retval, "while unparsing client name"); else { printf("server is named \"%s\"\n", princ); free(princ); } - retval = krb5_read_message((krb5_pointer) &s, &reply); + retval = krb5_read_message(context, (krb5_pointer) &s, &reply); if (retval) { com_err("uu-client", retval, "reading reply from server"); @@ -266,7 +266,7 @@ char *argv[]; } - if (retval = krb5_rd_safe(&reply, authdat->ticket->enc_part2->session, + if (retval = krb5_rd_safe(context, &reply, authdat->ticket->enc_part2->session, &serv_addr, &cli_addr, authdat->authenticator->seq_number, KRB5_SAFE_NOTIME|KRB5_SAFE_DOSEQUENCE, 0, &msg)) diff --git a/src/appl/user_user/server.c b/src/appl/user_user/server.c index 6251066e08..dfa76df87c 100644 --- a/src/appl/user_user/server.c +++ b/src/appl/user_user/server.c @@ -54,12 +54,14 @@ char *argv[]; krb5_ccache cc; krb5_data msgtext, msg; krb5_int32 seqno; + krb5_context context; #ifndef DEBUG freopen("/tmp/uu-server.log", "w", stderr); #endif - krb5_init_ets(); + krb5_init_context(&context); + krb5_init_ets(context); #ifdef DEBUG { @@ -98,23 +100,23 @@ char *argv[]; sock = 0; } #endif - if (retval = krb5_read_message((krb5_pointer) &sock, &pname_data)) { + if (retval = krb5_read_message(context, (krb5_pointer) &sock, &pname_data)) { com_err ("uu-server", retval, "reading pname"); return 2; } - if (retval = krb5_read_message((krb5_pointer) &sock, &tkt_data)) { + if (retval = krb5_read_message(context, (krb5_pointer) &sock, &tkt_data)) { com_err ("uu-server", retval, "reading ticket data"); return 2; } - if (retval = krb5_cc_default(&cc)) + if (retval = krb5_cc_default(context, &cc)) { com_err("uu-server", retval, "getting credentials cache"); return 4; } memset ((char*)&creds, 0, sizeof(creds)); - if (retval = krb5_cc_get_principal(cc, &creds.client)) + if (retval = krb5_cc_get_principal(context, cc, &creds.client)) { com_err("uu-client", retval, "getting principal name"); return 6; @@ -123,7 +125,7 @@ char *argv[]; /* client sends it already null-terminated. */ printf ("uu-server: client principal is \"%s\".\n", pname_data.data); - if (retval = krb5_parse_name(pname_data.data, &creds.server)) + if (retval = krb5_parse_name(context, pname_data.data, &creds.server)) { com_err("uu-server", retval, "parsing client name"); return 3; @@ -132,7 +134,7 @@ char *argv[]; printf ("uu-server: client ticket is %d bytes.\n", creds.second_ticket.length); - if (retval = krb5_get_credentials(KRB5_GC_USER_USER, cc, &creds)) + if (retval = krb5_get_credentials(context, KRB5_GC_USER_USER, cc, &creds)) { com_err("uu-server", retval, "getting user-user ticket"); return 5; @@ -164,12 +166,12 @@ char *argv[]; /* send a ticket/authenticator to the other side, so it can get the key we're using for the krb_safe below. */ - if (retval = krb5_generate_seq_number(&creds.keyblock, &seqno)) { + if (retval = krb5_generate_seq_number(context, &creds.keyblock, &seqno)) { com_err("uu-server", retval, "generating sequence number"); return 8; } #if 1 - if (retval = krb5_mk_req_extended(AP_OPTS_USE_SESSION_KEY, + if (retval = krb5_mk_req_extended(context, AP_OPTS_USE_SESSION_KEY, 0, /* no application checksum here */ krb5_kdc_default_options, seqno, @@ -181,9 +183,9 @@ char *argv[]; com_err("uu-server", retval, "making AP_REQ"); return 8; } - retval = krb5_write_message((krb5_pointer) &sock, &msg); + retval = krb5_write_message(context, (krb5_pointer) &sock, &msg); #else - retval = krb5_sendauth((krb5_pointer)&sock, "???", 0, 0, + retval = krb5_sendauth(context, (krb5_pointer)&sock, "???", 0, 0, AP_OPTS_MUTUAL_REQUIRED | AP_OPTS_USE_SESSION_KEY, 0, /* no checksum*/ &creds, cc, @@ -198,15 +200,15 @@ char *argv[]; msgtext.length = 32; msgtext.data = "Hello, other end of connection."; - if (retval = krb5_mk_safe(&msgtext, CKSUMTYPE_RSA_MD4_DES, &creds.keyblock, - &laddr, &faddr, seqno, + if (retval = krb5_mk_safe(context, &msgtext, CKSUMTYPE_RSA_MD4_DES, + &creds.keyblock, &laddr, &faddr, seqno, KRB5_SAFE_NOTIME|KRB5_SAFE_DOSEQUENCE, 0, &msg)) { com_err("uu-server", retval, "encoding message to client"); return 6; } - retval = krb5_write_message((krb5_pointer) &sock, &msg); + retval = krb5_write_message(context, (krb5_pointer) &sock, &msg); if (retval) { cl_short_wrt: diff --git a/src/clients/kdestroy/ChangeLog b/src/clients/kdestroy/ChangeLog index 1c4727d3f6..66937e8247 100644 --- a/src/clients/kdestroy/ChangeLog +++ b/src/clients/kdestroy/ChangeLog @@ -1,3 +1,7 @@ +Fri Jan 13 15:23:47 1995 Chris Provenzano (proven@mit.edu) + + * Added krb5_context to all krb5_routines + Mon Oct 3 19:14:48 1994 Theodore Y. Ts'o (tytso@dcl) * Makefile.in: Use $(srcdir) to find manual page for make install. diff --git a/src/clients/kdestroy/kdestroy.c b/src/clients/kdestroy/kdestroy.c index 9db29c6987..25f335560b 100644 --- a/src/clients/kdestroy/kdestroy.c +++ b/src/clients/kdestroy/kdestroy.c @@ -39,6 +39,7 @@ main(argc, argv) int argc; char **argv; { + krb5_context kcontext; int c; krb5_ccache cache = NULL; char *cache_name = NULL; @@ -46,7 +47,7 @@ main(argc, argv) int errflg=0; int quiet = 0; - krb5_init_ets(); + krb5_init_ets(kcontext); if (strrchr(argv[0], '/')) argv[0] = strrchr(argv[0], '/')+1; @@ -60,7 +61,7 @@ main(argc, argv) if (cache == NULL) { cache_name = optarg; - code = krb5_cc_resolve (cache_name, &cache); + code = krb5_cc_resolve (kcontext, cache_name, &cache); if (code != 0) { com_err (argv[0], code, "while resolving %s", cache_name); errflg++; @@ -86,13 +87,13 @@ main(argc, argv) } if (cache == NULL) { - if (code = krb5_cc_default(&cache)) { + if (code = krb5_cc_default(kcontext, &cache)) { com_err(argv[0], code, "while getting default ccache"); exit(1); } } - code = krb5_cc_destroy (cache); + code = krb5_cc_destroy (kcontext, cache); if (code != 0) { com_err (argv[0], code, "while destroying cache"); if (quiet) diff --git a/src/clients/kinit/ChangeLog b/src/clients/kinit/ChangeLog index e1f302b0af..02a935cbbc 100644 --- a/src/clients/kinit/ChangeLog +++ b/src/clients/kinit/ChangeLog @@ -1,3 +1,7 @@ +Fri Jan 13 15:23:47 1995 Chris Provenzano (proven@mit.edu) + + * Added krb5_context to all krb5_routines + Mon Oct 3 19:14:30 1994 Theodore Y. Ts'o (tytso@dcl) * Makefile.in: Use $(srcdir) to find manual page for make install. diff --git a/src/clients/kinit/kinit.c b/src/clients/kinit/kinit.c index 56b7e2d8d5..bf298033a3 100644 --- a/src/clients/kinit/kinit.c +++ b/src/clients/kinit/kinit.c @@ -69,6 +69,7 @@ main(argc, argv) int argc; char **argv; { + krb5_context kcontext; krb5_ccache ccache = NULL; char *cache_name = NULL; /* -f option */ char *keytab_name = NULL; /* -t option */ @@ -92,7 +93,7 @@ main(argc, argv) int i; char password[255], *client_name, prompt[255]; - krb5_init_ets(); + krb5_init_ets(kcontext); if (strrchr(argv[0], '/')) argv[0] = strrchr(argv[0], '/')+1; @@ -120,7 +121,7 @@ main(argc, argv) if (keytab == NULL) { keytab_name = optarg; - code = krb5_kt_resolve(keytab_name, &keytab); + code = krb5_kt_resolve(kcontext, keytab_name, &keytab); if (code != 0) { com_err(argv[0], code, "resolving keytab %s", keytab_name); @@ -142,7 +143,7 @@ main(argc, argv) if (ccache == NULL) { cache_name = optarg; - code = krb5_cc_resolve (cache_name, &ccache); + code = krb5_cc_resolve (kcontext, cache_name, &ccache); if (code != 0) { com_err (argv[0], code, "resolving ccache %s", cache_name); @@ -166,7 +167,7 @@ main(argc, argv) } if (ccache == NULL) { - if (code = krb5_cc_default(&ccache)) { + if (code = krb5_cc_default(kcontext, &ccache)) { com_err(argv[0], code, "while getting default ccache"); exit(1); } @@ -175,7 +176,7 @@ main(argc, argv) if (optind != argc-1) { /* No principal name specified */ if (use_keytab) { /* Use the default host/service name */ - code = krb5_sname_to_principal(NULL, NULL, + code = krb5_sname_to_principal(kcontext, NULL, NULL, KRB5_NT_SRV_HST, &me); if (code) { com_err(argv[0], code, @@ -184,12 +185,12 @@ main(argc, argv) } } else { /* Get default principal from cache if one exists */ - code = krb5_cc_get_principal(ccache, &me); + code = krb5_cc_get_principal(kcontext, ccache, &me); if (code) { /* Else search passwd file for client */ pw = getpwuid((int) getuid()); if (pw) { - if (code = krb5_parse_name (pw->pw_name, &me)) { + if (code = krb5_parse_name (kcontext, pw->pw_name, &me)) { com_err (argv[0], code, "when parsing name %s", pw->pw_name); exit(1); @@ -202,17 +203,17 @@ main(argc, argv) } } } /* Use specified name */ - else if (code = krb5_parse_name (argv[optind], &me)) { + else if (code = krb5_parse_name (kcontext, argv[optind], &me)) { com_err (argv[0], code, "when parsing name %s",argv[optind]); exit(1); } - if (code = krb5_unparse_name(me, &client_name)) { + if (code = krb5_unparse_name(kcontext, me, &client_name)) { com_err (argv[0], code, "when unparsing name"); exit(1); } - code = krb5_cc_initialize (ccache, me); + code = krb5_cc_initialize (kcontext, ccache, me); if (code != 0) { com_err (argv[0], code, "when initializing cache %s", cache_name?cache_name:""); @@ -223,12 +224,12 @@ main(argc, argv) my_creds.client = me; - if (code = krb5_build_principal_ext(&server, - krb5_princ_realm(me)->length, - krb5_princ_realm(me)->data, + if (code = krb5_build_principal_ext(kcontext, &server, + krb5_princ_realm(kcontext, me)->length, + krb5_princ_realm(kcontext, me)->data, tgtname.length, tgtname.data, - krb5_princ_realm(me)->length, - krb5_princ_realm(me)->data, + krb5_princ_realm(kcontext, me)->length, + krb5_princ_realm(kcontext, me)->data, 0)) { com_err(argv[0], code, "while building server name"); exit(1); @@ -241,7 +242,7 @@ main(argc, argv) com_err (argv[0], code, "when getting my address"); exit(1); } - if (code = krb5_timeofday(&now)) { + if (code = krb5_timeofday(kcontext, &now)) { com_err(argv[0], code, "while getting time of day"); exit(1); } @@ -258,17 +259,18 @@ main(argc, argv) pwsize = sizeof(password); - code = krb5_read_password(prompt, 0, password, &pwsize); + code = krb5_read_password(kcontext, prompt, 0, password, &pwsize); if (code || pwsize == 0) { fprintf(stderr, "Error while reading password for '%s'\n", client_name); memset(password, 0, sizeof(password)); - krb5_free_addresses(my_addresses); + krb5_free_addresses(kcontext, my_addresses); exit(1); } if (preauth_type > 0) { - code = krb5_get_in_tkt_with_password(options, my_addresses, + code = krb5_get_in_tkt_with_password(kcontext, options, + my_addresses, preauth_type, ETYPE_DES_CBC_CRC, KEYTYPE_DES, @@ -277,7 +279,8 @@ main(argc, argv) &my_creds, 0); } else { for (i=0; preauth_search_list[i] >= 0; i++) { - code = krb5_get_in_tkt_with_password(options, my_addresses, + code = krb5_get_in_tkt_with_password(kcontext, options, + my_addresses, preauth_search_list[i], ETYPE_DES_CBC_CRC, KEYTYPE_DES, @@ -292,7 +295,7 @@ main(argc, argv) memset(password, 0, sizeof(password)); } else { if (keytab != NULL) { - code = krb5_kt_get_entry(keytab, my_creds.client, 0, + code = krb5_kt_get_entry(kcontext, keytab, my_creds.client, 0, &kt_ent); if (code) { com_err(argv[0], code, "reading keytab entry %s", @@ -302,14 +305,16 @@ main(argc, argv) } if (preauth_type > 0) { - code = krb5_get_in_tkt_with_skey(options, my_addresses, + code = krb5_get_in_tkt_with_skey(kcontext, options, + my_addresses, preauth_type, ETYPE_DES_CBC_CRC, keytab ? &kt_ent.key : NULL, ccache, &my_creds, 0); } else { for (i=0; preauth_search_list[i] >= 0; i++) { - code = krb5_get_in_tkt_with_skey(options, my_addresses, + code = krb5_get_in_tkt_with_skey(kcontext, options, + my_addresses, preauth_search_list[i], ETYPE_DES_CBC_CRC, keytab ? &kt_ent.key : NULL, @@ -321,11 +326,11 @@ main(argc, argv) } if (keytab != NULL) - krb5_kt_free_entry(&kt_ent); + krb5_kt_free_entry(kcontext, &kt_ent); } - krb5_free_principal(server); - krb5_free_addresses(my_addresses); + krb5_free_principal(kcontext, server); + krb5_free_addresses(kcontext, my_addresses); if (code) { if (code == KRB5KRB_AP_ERR_BAD_INTEGRITY) diff --git a/src/clients/klist/ChangeLog b/src/clients/klist/ChangeLog index fe548fae51..5ae2f43a6a 100644 --- a/src/clients/klist/ChangeLog +++ b/src/clients/klist/ChangeLog @@ -1,3 +1,7 @@ +Fri Jan 13 15:23:47 1995 Chris Provenzano (proven@mit.edu) + + * Added krb5_context to all krb5_routines + Mon Oct 3 19:14:09 1994 Theodore Y. Ts'o (tytso@dcl) * Makefile.in: Use $(srcdir) to find manual page for make install. diff --git a/src/clients/klist/klist.c b/src/clients/klist/klist.c index 188c406a02..e836af8e89 100644 --- a/src/clients/klist/klist.c +++ b/src/clients/klist/klist.c @@ -39,7 +39,9 @@ char *defname; time_t now; void -show_credential PROTOTYPE((krb5_creds *)); +show_credential + PROTOTYPE((krb5_context, + krb5_creds *)); void main(argc, argv) @@ -55,8 +57,9 @@ main(argc, argv) char *cache_name; krb5_principal princ; krb5_flags flags; + krb5_context kcontext; - krb5_init_ets(); + krb5_init_ets(kcontext); time(&now); @@ -74,7 +77,7 @@ main(argc, argv) if (cache == NULL) { cache_name = optarg; - code = krb5_cc_resolve (cache_name, &cache); + code = krb5_cc_resolve (kcontext, cache_name, &cache); if (code != 0) { com_err(progname, code, "while resolving %s", cache_name); errflg++; @@ -99,50 +102,50 @@ main(argc, argv) exit(2); } if (cache == NULL) { - if (code = krb5_cc_default(&cache)) { + if (code = krb5_cc_default(kcontext, &cache)) { com_err(progname, code, "while getting default ccache"); exit(1); } } flags = 0; /* turns off OPENCLOSE mode */ - if (code = krb5_cc_set_flags(cache, flags)) { + if (code = krb5_cc_set_flags(kcontext, cache, flags)) { if (code == ENOENT) { com_err(progname, code, "(ticket cache %s)", - krb5_cc_get_name(cache)); + krb5_cc_get_name(kcontext, cache)); } else com_err(progname, code, "while setting cache flags (ticket cache %s)", - krb5_cc_get_name(cache)); + krb5_cc_get_name(kcontext, cache)); exit(1); } - if (code = krb5_cc_get_principal(cache, &princ)) { + if (code = krb5_cc_get_principal(kcontext, cache, &princ)) { com_err(progname, code, "while retrieving principal name"); exit(1); } - if (code = krb5_unparse_name(princ, &defname)) { + if (code = krb5_unparse_name(kcontext, princ, &defname)) { com_err(progname, code, "while unparsing principal name"); exit(1); } printf("Ticket cache: %s\nDefault principal: %s\n\n", - krb5_cc_get_name(cache), defname); - if (code = krb5_cc_start_seq_get(cache, &cur)) { + krb5_cc_get_name(kcontext, cache), defname); + if (code = krb5_cc_start_seq_get(kcontext, cache, &cur)) { com_err(progname, code, "while starting to retrieve tickets"); exit(1); } fputs(" Valid starting Expires Service principal\n", stdout); - while (!(code = krb5_cc_next_cred(cache, &cur, &creds))) { - show_credential(&creds); - krb5_free_cred_contents(&creds); + while (!(code = krb5_cc_next_cred(kcontext, cache, &cur, &creds))) { + show_credential(kcontext, &creds); + krb5_free_cred_contents(kcontext, &creds); } if (code == KRB5_CC_END) { - if (code = krb5_cc_end_seq_get(cache, &cur)) { + if (code = krb5_cc_end_seq_get(kcontext, cache, &cur)) { com_err(progname, code, "while finishing ticket retrieval"); exit(1); } flags = KRB5_TC_OPENCLOSE; /* turns on OPENCLOSE mode */ - if (code = krb5_cc_set_flags(cache, flags)) { + if (code = krb5_cc_set_flags(kcontext, cache, flags)) { com_err(progname, code, "while closing ccache"); exit(1); } @@ -153,8 +156,9 @@ main(argc, argv) } } -char *flags_string(cred) -register krb5_creds *cred; +char * +flags_string(cred) + register krb5_creds *cred; { static char buf[32]; int i = 0; @@ -188,7 +192,8 @@ register krb5_creds *cred; static char *Month_names[] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" }; -void printtime(tv) +void +printtime(tv) time_t tv; { struct tm *stime; @@ -204,19 +209,20 @@ void printtime(tv) } void -show_credential(cred) -register krb5_creds *cred; +show_credential(kcontext, cred) + krb5_context kcontext; + register krb5_creds *cred; { krb5_error_code retval; char *name, *sname, *flags; int first = 1; - retval = krb5_unparse_name(cred->client, &name); + retval = krb5_unparse_name(kcontext, cred->client, &name); if (retval) { com_err(progname, retval, "while unparsing client name"); return; } - retval = krb5_unparse_name(cred->server, &sname); + retval = krb5_unparse_name(kcontext, cred->server, &sname); if (retval) { com_err(progname, retval, "while unparsing server name"); free(name); diff --git a/src/clients/ksu/ChangeLog b/src/clients/ksu/ChangeLog index 49208dccb1..97123c9b4f 100644 --- a/src/clients/ksu/ChangeLog +++ b/src/clients/ksu/ChangeLog @@ -1,3 +1,7 @@ +Fri Jan 13 15:23:47 1995 Chris Provenzano (proven@mit.edu) + + * Added krb5_context to all krb5_routines + Mon Oct 3 19:15:28 1994 Theodore Y. Ts'o (tytso@dcl) * Makefile.in: Use $(srcdir) to find manual page for make install. diff --git a/src/clients/ksu/authorization.c b/src/clients/ksu/authorization.c index d4a5fc90c5..8d0ec90a79 100644 --- a/src/clients/ksu/authorization.c +++ b/src/clients/ksu/authorization.c @@ -62,9 +62,10 @@ return(TRUE); * */ -krb5_error_code krb5_authorization(principal, luser, local_realm_name, +krb5_error_code krb5_authorization(context, principal, luser, local_realm_name, cmd, ok, out_fcmd) /* IN */ + krb5_context context; krb5_principal principal; const char *luser; char *local_realm_name; @@ -90,7 +91,7 @@ krb5_error_code krb5_authorization(principal, luser, local_realm_name, return 0; } - if (retval = krb5_unparse_name(principal, &princname)){ + if (retval = krb5_unparse_name(context, principal, &princname)){ return retval; } @@ -196,7 +197,7 @@ krb5_error_code krb5_authorization(principal, luser, local_realm_name, if (!strcmp(local_realm_name, USE_DEFAULT_REALM_NAME)){ - if (retval = krb5_get_default_realm(&realm)) { + if (retval = krb5_get_default_realm(context, &realm)) { auth_cleanup(k5users_flag,users_fp, k5login_flag,login_fp, princname); free(kuser); @@ -206,8 +207,9 @@ krb5_error_code krb5_authorization(principal, luser, local_realm_name, } else{ realm = local_realm_name; } - if((! _username_an_to_ln(principal,strlen(princname), kuser, - realm)) && (strcmp(kuser,luser) == 0)){ + if((! _username_an_to_ln(context, principal, strlen(princname), + kuser, realm)) + && (strcmp(kuser,luser) == 0)){ retbool = TRUE; } @@ -734,7 +736,8 @@ return out_ptr; * null in the DBM datum.size. ********************************************************************/ static krb5_error_code -_dbm_an_to_ln(aname, lnsize, lname) +_dbm_an_to_ln(context, aname, lnsize, lname) + krb5_context context; krb5_const_principal aname; const int lnsize; char *lname; @@ -744,7 +747,7 @@ _dbm_an_to_ln(aname, lnsize, lname) datum key, contents; char *princ_name; - if (retval = krb5_unparse_name(aname, &princ_name)) + if (retval = krb5_unparse_name(context, aname, &princ_name)) return(retval); key.dptr = princ_name; key.dsize = strlen(princ_name)+1; /* need to store the NULL for @@ -783,7 +786,8 @@ _dbm_an_to_ln(aname, lnsize, lname) ************************************************************/ static krb5_error_code -_username_an_to_ln (aname, lnsize, lname, realm) +_username_an_to_ln (context, aname, lnsize, lname, realm) + krb5_context context; krb5_const_principal aname; const int lnsize; char *lname; @@ -792,19 +796,19 @@ _username_an_to_ln (aname, lnsize, lname, realm) krb5_error_code retval; int realm_length; - realm_length = krb5_princ_realm(aname)->length; + realm_length = krb5_princ_realm(context, aname)->length; if ((realm_length != strlen(realm)) || - (memcmp(realm, krb5_princ_realm(aname)->data, realm_length))) { + (memcmp(realm, krb5_princ_realm(context, aname)->data, realm_length))) { return KRB5_LNAME_NOTRANS; } - if (krb5_princ_size(aname) != 1) { - if (krb5_princ_size(aname) == 2 ) { + if (krb5_princ_size(context, aname) != 1) { + if (krb5_princ_size(context, aname) == 2 ) { /* Check to see if 2nd component is the local realm. */ - if ( strncmp(krb5_princ_component(aname,1)->data,realm, + if ( strncmp(krb5_princ_component(context, aname,1)->data,realm, realm_length) || - realm_length != krb5_princ_component(aname,1)->length) + realm_length != krb5_princ_component(context, aname,1)->length) return KRB5_LNAME_NOTRANS; } else @@ -813,12 +817,12 @@ _username_an_to_ln (aname, lnsize, lname, realm) return KRB5_LNAME_NOTRANS; } - strncpy(lname, krb5_princ_component(aname,0)->data, - min(krb5_princ_component(aname,0)->length,lnsize)); - if (lnsize < krb5_princ_component(aname,0)->length ) { + strncpy(lname, krb5_princ_component(context, aname,0)->data, + min(krb5_princ_component(context, aname,0)->length,lnsize)); + if (lnsize < krb5_princ_component(context, aname,0)->length ) { retval = KRB5_CONFIG_NOTENUFSPACE; } else { - lname[krb5_princ_component(aname,0)->length] = '\0'; + lname[krb5_princ_component(context, aname,0)->length] = '\0'; retval = 0; } return retval; diff --git a/src/clients/ksu/ccache.c b/src/clients/ksu/ccache.c index 33362b5c20..20bcbb2417 100644 --- a/src/clients/ksu/ccache.c +++ b/src/clients/ksu/ccache.c @@ -43,9 +43,10 @@ void show_credential(); with k5 beta 3 release. */ -krb5_error_code krb5_ccache_copy (cc_def, cc_other_tag, primary_principal, - cc_out, stored) +krb5_error_code krb5_ccache_copy (context, cc_def, cc_other_tag, + primary_principal, cc_out, stored) /* IN */ + krb5_context context; krb5_ccache cc_def; char *cc_other_tag; krb5_principal primary_principal; @@ -64,34 +65,35 @@ struct stat st_temp; cc_other = (krb5_ccache *) calloc(1, sizeof (krb5_ccache)); - if( retval = krb5_cc_resolve(cc_other_tag, cc_other)){ + if( retval = krb5_cc_resolve(context, cc_other_tag, cc_other)){ com_err (prog_name, retval, "resolving ccache %s", cc_other_tag); return retval; } - cc_def_name = krb5_cc_get_name(cc_def); - cc_other_name = krb5_cc_get_name(*cc_other); + cc_def_name = krb5_cc_get_name(context, cc_def); + cc_other_name = krb5_cc_get_name(context, *cc_other); if ( ! stat(cc_def_name, &st_temp)){ - if(retval = krb5_get_nonexp_tkts( cc_def, &cc_def_creds_arr)){ + if(retval = krb5_get_nonexp_tkts(context, cc_def, &cc_def_creds_arr)){ return retval; } } - *stored = krb5_find_princ_in_cred_list(cc_def_creds_arr,primary_principal); + *stored = krb5_find_princ_in_cred_list(context, cc_def_creds_arr, + primary_principal); - if (retval = krb5_cc_initialize(*cc_other, primary_principal)){ + if (retval = krb5_cc_initialize(context, *cc_other, primary_principal)){ return retval; } - retval = krb5_store_all_creds(* cc_other, - cc_def_creds_arr, cc_other_creds_arr); + retval = krb5_store_all_creds(context, * cc_other, cc_def_creds_arr, + cc_other_creds_arr); if (cc_def_creds_arr){ while (cc_def_creds_arr[i]){ - krb5_free_creds(cc_def_creds_arr[i]); + krb5_free_creds(context, cc_def_creds_arr[i]); i++; } } @@ -100,7 +102,7 @@ struct stat st_temp; if(cc_other_creds_arr){ while (cc_other_creds_arr[i]){ - krb5_free_creds(cc_other_creds_arr[i]); + krb5_free_creds(context, cc_other_creds_arr[i]); i++; } } @@ -110,8 +112,8 @@ struct stat st_temp; } - -krb5_error_code krb5_store_all_creds(cc, creds_def, creds_other) +krb5_error_code krb5_store_all_creds(context, cc, creds_def, creds_other) + krb5_context context; krb5_ccache cc; krb5_creds **creds_def; krb5_creds **creds_other; @@ -136,7 +138,8 @@ krb5_boolean cmp; if (temp_creds){ while(temp_creds[i]){ - if (retval= krb5_cc_store_cred(cc, temp_creds[i])){ + if (retval= krb5_cc_store_cred(context, cc, + temp_creds[i])){ return retval; } i++; @@ -157,7 +160,7 @@ krb5_boolean cmp; j++; } if (cmp == FALSE){ - if (retval= krb5_cc_store_cred(cc, + if (retval= krb5_cc_store_cred(context, cc, creds_other[i])){ return retval; } @@ -167,7 +170,8 @@ krb5_boolean cmp; i=0; while(creds_def[i]){ - if (retval= krb5_cc_store_cred(cc, creds_def[i])){ + if (retval= krb5_cc_store_cred(context, cc, + creds_def[i])){ return retval; } i++; @@ -178,16 +182,17 @@ krb5_boolean cmp; return 0; } -krb5_boolean compare_creds(cred1, cred2) +krb5_boolean compare_creds(context, cred1, cred2) + krb5_context context; krb5_creds *cred1; krb5_creds *cred2; { krb5_boolean retval; - retval = krb5_principal_compare (cred1->client, cred2->client); + retval = krb5_principal_compare (context, cred1->client, cred2->client); if (retval == TRUE) - retval = krb5_principal_compare (cred1->server, cred2->server); + retval = krb5_principal_compare (context, cred1->server, cred2->server); return retval; } @@ -195,7 +200,8 @@ krb5_boolean retval; -krb5_error_code krb5_get_nonexp_tkts(cc, creds_array) +krb5_error_code krb5_get_nonexp_tkts(context, cc, creds_array) + krb5_context context; krb5_ccache cc; krb5_creds ***creds_array; { @@ -217,13 +223,13 @@ int chunk_count = 1; memset((char *) &creds, 0, sizeof(creds)); /* initialize the cursor */ - if (retval = krb5_cc_start_seq_get(cc, &cur)) { + if (retval = krb5_cc_start_seq_get(context, cc, &cur)) { return retval; } - while (!(retval = krb5_cc_next_cred(cc, &cur, &creds))){ + while (!(retval = krb5_cc_next_cred(context, cc, &cur, &creds))){ - if(retval = krb5_check_exp(creds.times)){ + if(retval = krb5_check_exp(context, creds.times)){ if (retval != KRB5KRB_AP_ERR_TKT_EXPIRED){ return retval; } @@ -236,7 +242,8 @@ int chunk_count = 1; } else { /* these credentials didn't expire */ - if (retval = krb5_copy_creds(&creds, &temp_creds[count])){ + if (retval = krb5_copy_creds(context, &creds, + &temp_creds[count])){ return retval; } count ++; @@ -256,7 +263,7 @@ int chunk_count = 1; *creds_array = temp_creds; if (retval == KRB5_CC_END) { - retval = krb5_cc_end_seq_get(cc, &cur); + retval = krb5_cc_end_seq_get(context, cc, &cur); } return retval; @@ -266,13 +273,14 @@ int chunk_count = 1; extern krb5_deltat krb5_clockskew; -krb5_error_code krb5_check_exp(tkt_time) +krb5_error_code krb5_check_exp(context, tkt_time) + krb5_context context; krb5_ticket_times tkt_time; { krb5_error_code retval =0; krb5_timestamp currenttime; - if (retval = krb5_timeofday (¤ttime)){ + if (retval = krb5_timeofday (context, ¤ttime)){ return retval; } if (auth_debug){ @@ -432,7 +440,8 @@ krb5_get_login_princ(luser, princ_list) void -show_credential(cred, cc) +show_credential(context, cred, cc) + krb5_context context; krb5_creds *cred; krb5_ccache cc; { @@ -443,23 +452,23 @@ show_credential(cred, cc) char * defname; int show_flags =1; - retval = krb5_unparse_name(cred->client, &name); + retval = krb5_unparse_name(context, cred->client, &name); if (retval) { com_err(prog_name, retval, "while unparsing client name"); return; } - retval = krb5_unparse_name(cred->server, &sname); + retval = krb5_unparse_name(context, cred->server, &sname); if (retval) { com_err(prog_name, retval, "while unparsing server name"); free(name); return; } - if (retval = krb5_cc_get_principal(cc, &princ)) { + if (retval = krb5_cc_get_principal(context, cc, &princ)) { com_err(prog_name, retval, "while retrieving principal name"); return; } - if (retval = krb5_unparse_name(princ, &defname)) { + if (retval = krb5_unparse_name(context, princ, &defname)) { com_err(prog_name, retval, "while unparsing principal name"); return; } @@ -509,7 +518,8 @@ int gen_sym(){ return i; } -krb5_error_code krb5_ccache_overwrite(ccs, cct, primary_principal) +krb5_error_code krb5_ccache_overwrite(context, ccs, cct, primary_principal) + krb5_context context; krb5_ccache ccs; krb5_ccache cct; krb5_principal primary_principal; @@ -522,33 +532,32 @@ krb5_creds ** ccs_creds_arr = NULL; int i=0; struct stat st_temp; - ccs_name = krb5_cc_get_name(ccs); - cct_name = krb5_cc_get_name(cct); + ccs_name = krb5_cc_get_name(context, ccs); + cct_name = krb5_cc_get_name(context, cct); if ( ! stat(ccs_name, &st_temp)){ - if(retval = krb5_get_nonexp_tkts( ccs, &ccs_creds_arr)){ + if(retval = krb5_get_nonexp_tkts(context, ccs, &ccs_creds_arr)){ return retval; } } if ( ! stat(cct_name, &st_temp)){ - if (retval = krb5_cc_get_principal(cct, &temp_principal)){ + if (retval = krb5_cc_get_principal(context, cct, &temp_principal)){ return retval; } }else{ temp_principal = primary_principal; } - if (retval = krb5_cc_initialize(cct, temp_principal)){ + if (retval = krb5_cc_initialize(context, cct, temp_principal)){ return retval; } - retval = krb5_store_all_creds(cct, - ccs_creds_arr, NULL); + retval = krb5_store_all_creds(context, cct, ccs_creds_arr, NULL); if (ccs_creds_arr){ while (ccs_creds_arr[i]){ - krb5_free_creds(ccs_creds_arr[i]); + krb5_free_creds(context, ccs_creds_arr[i]); i++; } } @@ -556,8 +565,9 @@ struct stat st_temp; return retval; } -krb5_error_code krb5_store_some_creds(cc, creds_def, creds_other, prst, +krb5_error_code krb5_store_some_creds(context, cc, creds_def, creds_other, prst, stored) + krb5_context context; krb5_ccache cc; krb5_creds **creds_def; krb5_creds **creds_other; @@ -583,10 +593,12 @@ krb5_boolean temp_stored = FALSE; if (temp_creds){ while(temp_creds[i]){ - if (krb5_principal_compare( temp_creds[i]->client, - prst)== TRUE){ + if (krb5_principal_compare(context, + temp_creds[i]->client, + prst)== TRUE) { - if(retval=krb5_cc_store_cred(cc,temp_creds[i])){ + if (retval = krb5_cc_store_cred(context, + cc,temp_creds[i])){ return retval; } temp_stored = TRUE; @@ -614,8 +626,9 @@ but I had to do it this way, since cc_remove function did not come with k5 beta 3 release. ************************************************************************/ -krb5_error_code krb5_ccache_copy_restricted (cc_def, cc_other_tag, prst, - cc_out, stored) +krb5_error_code krb5_ccache_copy_restricted (context, cc_def, cc_other_tag, + prst, cc_out, stored) + krb5_context context; krb5_ccache cc_def; char *cc_other_tag; krb5_principal prst; @@ -635,34 +648,34 @@ struct stat st_temp; cc_other = (krb5_ccache *) calloc(1, sizeof (krb5_ccache)); - if( retval = krb5_cc_resolve(cc_other_tag, cc_other)){ + if( retval = krb5_cc_resolve(context, cc_other_tag, cc_other)){ com_err (prog_name, retval, "resolving ccache %s", cc_other_tag); return retval; } - cc_def_name = krb5_cc_get_name(cc_def); - cc_other_name = krb5_cc_get_name(*cc_other); + cc_def_name = krb5_cc_get_name(context, cc_def); + cc_other_name = krb5_cc_get_name(context, *cc_other); if ( ! stat(cc_def_name, &st_temp)){ - if(retval = krb5_get_nonexp_tkts( cc_def, &cc_def_creds_arr)){ + if(retval = krb5_get_nonexp_tkts(context, cc_def, &cc_def_creds_arr)){ return retval; } } - if (retval = krb5_cc_initialize(*cc_other, prst)){ + if (retval = krb5_cc_initialize(context, *cc_other, prst)){ return retval; } - retval = krb5_store_some_creds(* cc_other, + retval = krb5_store_some_creds(context, * cc_other, cc_def_creds_arr, cc_other_creds_arr, prst, stored); if (cc_def_creds_arr){ while (cc_def_creds_arr[i]){ - krb5_free_creds(cc_def_creds_arr[i]); + krb5_free_creds(context, cc_def_creds_arr[i]); i++; } } @@ -671,7 +684,7 @@ struct stat st_temp; if(cc_other_creds_arr){ while (cc_other_creds_arr[i]){ - krb5_free_creds(cc_other_creds_arr[i]); + krb5_free_creds(context, cc_other_creds_arr[i]); i++; } } @@ -687,7 +700,8 @@ not available with beta3 release. ************************************************************/ -krb5_error_code krb5_ccache_refresh (cc) +krb5_error_code krb5_ccache_refresh (context, cc) + krb5_context context; krb5_ccache cc; { @@ -698,7 +712,7 @@ krb5_creds ** cc_creds_arr = NULL; char * cc_name; struct stat st_temp; - cc_name = krb5_cc_get_name(cc); + cc_name = krb5_cc_get_name(context, cc); if ( ! stat(cc_name, &st_temp)){ @@ -706,26 +720,25 @@ struct stat st_temp; fprintf(stderr,"Refreshing cache %s\n", cc_name); } - if(retval = krb5_get_nonexp_tkts( cc, &cc_creds_arr)){ + if(retval = krb5_get_nonexp_tkts(context, cc, &cc_creds_arr)){ return retval; } - if (retval = krb5_cc_get_principal(cc, &temp_principal)){ + if (retval = krb5_cc_get_principal(context, cc, &temp_principal)){ return retval; } - if (retval = krb5_cc_initialize(cc, temp_principal)){ + if (retval = krb5_cc_initialize(context, cc, temp_principal)){ return retval; } - if (retval = krb5_store_all_creds(cc, - cc_creds_arr, NULL)){ + if (retval = krb5_store_all_creds(context, cc, cc_creds_arr, NULL)){ return retval; } if (cc_creds_arr){ while (cc_creds_arr[i]){ - krb5_free_creds(cc_creds_arr[i]); + krb5_free_creds(context, cc_creds_arr[i]); i++; } } @@ -733,7 +746,8 @@ struct stat st_temp; return 0; } -krb5_error_code krb5_ccache_filter (cc, prst) +krb5_error_code krb5_ccache_filter (context, cc, prst) + krb5_context context; krb5_ccache cc; krb5_principal prst; { @@ -746,7 +760,7 @@ char * cc_name; krb5_boolean stored; struct stat st_temp; - cc_name = krb5_cc_get_name(cc); + cc_name = krb5_cc_get_name(context, cc); if ( ! stat(cc_name, &st_temp)){ @@ -754,25 +768,26 @@ struct stat st_temp; fprintf(stderr,"puting cache %s through a filter for -z option\n", cc_name); } - if(retval = krb5_get_nonexp_tkts( cc, &cc_creds_arr)){ + if(retval = krb5_get_nonexp_tkts(context, cc, &cc_creds_arr)){ return retval; } - if (retval = krb5_cc_get_principal(cc, &temp_principal)){ + if (retval = krb5_cc_get_principal(context, cc, &temp_principal)){ return retval; } - if (retval = krb5_cc_initialize(cc, temp_principal)){ + if (retval = krb5_cc_initialize(context, cc, temp_principal)){ return retval; } - if (retval = krb5_store_some_creds(cc,cc_creds_arr,NULL,prst,&stored)){ + if (retval = krb5_store_some_creds(context, cc, cc_creds_arr, + NULL, prst, &stored)){ return retval; } if (cc_creds_arr){ while (cc_creds_arr[i]){ - krb5_free_creds(cc_creds_arr[i]); + krb5_free_creds(context, cc_creds_arr[i]); i++; } } @@ -780,7 +795,8 @@ struct stat st_temp; return 0; } -krb5_boolean krb5_find_princ_in_cred_list (creds_list, princ) +krb5_boolean krb5_find_princ_in_cred_list (context, creds_list, princ) + krb5_context context; krb5_creds **creds_list; krb5_principal princ; { @@ -790,8 +806,9 @@ krb5_boolean temp_stored = FALSE; if (creds_list){ while(creds_list[i]){ - if (krb5_principal_compare( creds_list[i]->client, - princ)== TRUE){ + if (krb5_principal_compare(context, + creds_list[i]->client, + princ)== TRUE){ temp_stored = TRUE; break; } @@ -803,7 +820,8 @@ krb5_boolean temp_stored = FALSE; return temp_stored; } -krb5_error_code krb5_find_princ_in_cache (cc, princ, found) +krb5_error_code krb5_find_princ_in_cache (context, cc, princ, found) + krb5_context context; krb5_ccache cc; krb5_principal princ; krb5_boolean *found; @@ -813,14 +831,14 @@ krb5_creds ** creds_list = NULL; char * cc_name; struct stat st_temp; - cc_name = krb5_cc_get_name(cc); + cc_name = krb5_cc_get_name(context, cc); if ( ! stat(cc_name, &st_temp)){ - if(retval = krb5_get_nonexp_tkts( cc, &creds_list)){ + if(retval = krb5_get_nonexp_tkts(context, cc, &creds_list)){ return retval; } } - *found = krb5_find_princ_in_cred_list(creds_list, princ); + *found = krb5_find_princ_in_cred_list(context, creds_list, princ); return 0; } diff --git a/src/clients/ksu/heuristic.c b/src/clients/ksu/heuristic.c index 8ca5b71405..8059d50f03 100644 --- a/src/clients/ksu/heuristic.c +++ b/src/clients/ksu/heuristic.c @@ -321,7 +321,8 @@ A principal is picked that has the best chance of getting in. **********************************************************************/ -krb5_error_code get_closest_principal(plist, client, found) +krb5_error_code get_closest_principal(context, plist, client, found) + krb5_context context; char **plist; krb5_principal *client; krb5_boolean *found; @@ -335,35 +336,35 @@ krb5_boolean got_one; if (! plist ) return 0; - cnelem = krb5_princ_size(*client); + cnelem = krb5_princ_size(context, *client); while(plist[i]){ - if (retval = krb5_parse_name(plist[i], &temp_client)){ + if (retval = krb5_parse_name(context, plist[i], &temp_client)){ return retval; } - pnelem = krb5_princ_size(temp_client); + pnelem = krb5_princ_size(context, temp_client); if ( cnelem > pnelem){ i++; continue; } - if (krb5_princ_realm(*client)->length == - krb5_princ_realm(temp_client)->length - && (!memcmp (krb5_princ_realm(*client)->data, - krb5_princ_realm(temp_client)->data, - krb5_princ_realm(temp_client)->length))){ + if (krb5_princ_realm(context, *client)->length == + krb5_princ_realm(context, temp_client)->length + && (!memcmp (krb5_princ_realm(context, *client)->data, + krb5_princ_realm(context, temp_client)->data, + krb5_princ_realm(context, temp_client)->length))){ got_one = TRUE; for(j =0; j < cnelem; j ++){ krb5_data *p1 = - krb5_princ_component(*client, j); + krb5_princ_component(context, *client, j); krb5_data *p2 = - krb5_princ_component(temp_client, j); + krb5_princ_component(context, temp_client, j); if ((p1->length != p2->length) || memcmp(p1->data,p2->data,p1->length)){ @@ -373,8 +374,8 @@ krb5_boolean got_one; } if (got_one == TRUE){ if(best_client){ - if(krb5_princ_size(best_client) > - krb5_princ_size(temp_client)){ + if(krb5_princ_size(context, best_client) > + krb5_princ_size(context, temp_client)){ best_client = temp_client; } }else{ @@ -398,7 +399,8 @@ find_either_ticket checks to see whether there is a ticket for the end server or tgt, if neither is there the return FALSE, *****************************************************************/ -krb5_error_code find_either_ticket (cc, client, end_server, found) +krb5_error_code find_either_ticket (context, cc, client, end_server, found) + krb5_context context; krb5_ccache cc; krb5_principal client; krb5_principal end_server; @@ -411,7 +413,7 @@ krb5_boolean temp_found = FALSE; char * cc_source_name; struct stat st_temp; -cc_source_name = krb5_cc_get_name(cc); +cc_source_name = krb5_cc_get_name(context, cc); if ( ! stat(cc_source_name, &st_temp)){ @@ -421,8 +423,10 @@ if ( ! stat(cc_source_name, &st_temp)){ if (temp_found == FALSE){ - if (retval = krb5_tgtname( krb5_princ_realm (client), - krb5_princ_realm(client), &kdc_server)){ + if (retval = krb5_tgtname(context, + krb5_princ_realm(context, client), + krb5_princ_realm(context, client), + &kdc_server)){ return retval ; } @@ -443,7 +447,8 @@ if ( ! stat(cc_source_name, &st_temp)){ } -krb5_error_code find_ticket (cc, client, server, found) +krb5_error_code find_ticket (context, cc, client, server, found) + krb5_context context; krb5_ccache cc; krb5_principal client; krb5_principal server; @@ -458,18 +463,18 @@ krb5_error_code retval; memset((char *) &tgtq, 0, sizeof(tgtq)); memset((char *) &tgt, 0, sizeof(tgt)); - if (retval= krb5_copy_principal( client, &tgtq.client)){ + if (retval= krb5_copy_principal(context, client, &tgtq.client)){ return retval; } - if (retval= krb5_copy_principal( server, &tgtq.server)){ + if (retval= krb5_copy_principal(context, server, &tgtq.server)){ return retval ; } - retval = krb5_cc_retrieve_cred(cc, KRB5_TC_MATCH_SRV_NAMEONLY, + retval = krb5_cc_retrieve_cred(context, cc, KRB5_TC_MATCH_SRV_NAMEONLY, &tgtq, &tgt); - if (! retval) retval = krb5_check_exp(tgt.times); + if (! retval) retval = krb5_check_exp(context, tgt.times); if (retval){ if ((retval != KRB5_CC_NOTFOUND) && @@ -489,7 +494,8 @@ krb5_error_code retval; -krb5_error_code find_princ_in_list (princ, plist, found) +krb5_error_code find_princ_in_list (context, princ, plist, found) + krb5_context context; krb5_principal princ; char **plist; krb5_boolean *found; @@ -503,7 +509,7 @@ krb5_error_code retval; if (!plist) return 0; -if (retval = krb5_unparse_name(princ, &princname)){ +if (retval = krb5_unparse_name(context, princ, &princname)){ return retval; } @@ -532,10 +538,11 @@ path_out gets set to ... ***********************************************************************/ -krb5_error_code get_best_princ_for_target(source_uid, target_uid, +krb5_error_code get_best_princ_for_target(context, source_uid, target_uid, source_user, target_user, cc_source, options, cmd, hostname, client, path_out) + krb5_context context; int source_uid; int target_uid; char *source_user; @@ -570,19 +577,19 @@ if (options->princ){ return 0; } -cc_source_name = krb5_cc_get_name(cc_source); +cc_source_name = krb5_cc_get_name(context, cc_source); if ( ! stat(cc_source_name, &st_temp)){ - if (retval = krb5_cc_get_principal(cc_source, &cc_def_princ)){ + if (retval = krb5_cc_get_principal(context, cc_source, &cc_def_princ)){ return retval; } } -if (retval=krb5_parse_name(target_user, &target_client)){ +if (retval=krb5_parse_name(context, target_user, &target_client)){ return retval; } -if (retval=krb5_parse_name(source_user, &source_client)){ +if (retval=krb5_parse_name(context, source_user, &source_client)){ return retval; } @@ -651,7 +658,7 @@ if ( stat(k5login_path, &tb) && stat(k5users_path, &tb) ){ } } -if (retval = krb5_sname_to_principal(hostname, NULL, +if (retval = krb5_sname_to_principal(context, hostname, NULL, KRB5_NT_SRV_HST, &end_server)){ return retval; } @@ -705,7 +712,7 @@ for (i= 0; i < count; i ++){ i=0; while (aplist[i]){ - if (retval = krb5_parse_name(aplist[i], &temp_client)){ + if (retval = krb5_parse_name(context, aplist[i], &temp_client)){ return retval; } @@ -721,7 +728,7 @@ while (aplist[i]){ return 0; } - krb5_free_principal(temp_client); + krb5_free_principal(context, temp_client); i++; } @@ -747,7 +754,8 @@ for (i=0; i < count; i ++){ for (i=0; i < count; i ++){ if (princ_trials[i].p){ - if(retval=krb5_copy_principal(princ_trials[i].p, &temp_client)){ + if(retval=krb5_copy_principal(context, princ_trials[i].p, + &temp_client)){ return retval; } @@ -766,7 +774,7 @@ for (i=0; i < count; i ++){ } return 0; } - krb5_free_principal(temp_client); + krb5_free_principal(context, temp_client); } } diff --git a/src/clients/ksu/krb_auth_su.c b/src/clients/ksu/krb_auth_su.c index 4b32dbcc94..d7deb500ba 100644 --- a/src/clients/ksu/krb_auth_su.c +++ b/src/clients/ksu/krb_auth_su.c @@ -27,6 +27,14 @@ #include "ksu.h" +static krb5_error_code krb5_verify_tkt_def + PROTOTYPE((krb5_context, + krb5_principal, + krb5_principal, + krb5_keyblock *, + krb5_data *, + krb5_ticket **)); + void plain_dump_principal (); krb5_data tgtname = { @@ -46,8 +54,9 @@ int preauth_search_list[] = { -krb5_boolean krb5_auth_check(client_pname, hostname, options, +krb5_boolean krb5_auth_check(context, client_pname, hostname, options, target_user, cc, path_passwd) + krb5_context context; krb5_principal client_pname; char *hostname; opt_info *options; @@ -70,7 +79,7 @@ krb5_boolean zero_password; memset((char *) &cred, 0, sizeof(cred)); - if (retval= krb5_copy_principal( client_pname, &client)){ + if (retval= krb5_copy_principal(context, client_pname, &client)){ com_err(prog_name, retval,"while copying client principal"); return (FALSE) ; } @@ -78,11 +87,11 @@ krb5_boolean zero_password; if (auth_debug) { dump_principal("krb5_auth_check: Client principal name", client); } - if ( retval = krb5_sname_to_principal(hostname, NULL, + if ( retval = krb5_sname_to_principal(context, hostname, NULL, KRB5_NT_SRV_HST, &server)){ com_err(prog_name, retval, "while creating server %s principal name", hostname); - krb5_free_principal(client); + krb5_free_principal(context, client); return (FALSE) ; } @@ -94,7 +103,7 @@ krb5_boolean zero_password; /* check if ticket is already in the cache, if it is then use it. */ - if( krb5_fast_auth(client, server, target_user, cc) == TRUE){ + if( krb5_fast_auth(context, client, server, target_user, cc) == TRUE){ if (auth_debug ){ fprintf (stderr,"Athenticated via fast_auth \n"); } @@ -103,24 +112,25 @@ krb5_boolean zero_password; /* check to see if the local tgt is in the cache */ - if (retval= krb5_copy_principal( client, &tgtq.client)){ + if (retval= krb5_copy_principal(context, client, &tgtq.client)){ com_err(prog_name, retval,"while copying client principal"); return (FALSE) ; } - if (retval = krb5_tgtname( krb5_princ_realm (client), krb5_princ_realm(client), + if (retval = krb5_tgtname(context, krb5_princ_realm (context, client), + krb5_princ_realm(context, client), &tgtq.server)){ com_err(prog_name, retval, "while creating tgt for local realm"); - krb5_free_principal(client); - krb5_free_principal(server); + krb5_free_principal(context, client); + krb5_free_principal(context, server); return (FALSE) ; } if (auth_debug){ dump_principal("local tgt principal name", tgtq.server ); } - retval = krb5_cc_retrieve_cred(cc, KRB5_TC_MATCH_SRV_NAMEONLY, + retval = krb5_cc_retrieve_cred(context, cc, KRB5_TC_MATCH_SRV_NAMEONLY, &tgtq, &tgt); - if (! retval) retval = krb5_check_exp(tgt.times); + if (! retval) retval = krb5_check_exp(context, tgt.times); if (retval){ if ((retval != KRB5_CC_NOTFOUND) && @@ -141,7 +151,7 @@ krb5_boolean zero_password; fprintf(stderr," in remotely using an unsecure (non-encrypted) channel. \n"); /*get the ticket granting ticket, via passwd(promt for passwd)*/ - if (krb5_get_tkt_via_passwd (&cc, client, tgtq.server, + if (krb5_get_tkt_via_passwd (context, &cc, client, tgtq.server, options, & zero_password) == FALSE){ return FALSE; } @@ -155,17 +165,17 @@ krb5_boolean zero_password; } - if (retval= krb5_copy_principal( client, &cred.client)){ + if (retval= krb5_copy_principal(context, client, &cred.client)){ com_err(prog_name, retval,"while copying client principal"); return (FALSE) ; } - if (retval= krb5_copy_principal( server, &cred.server)){ + if (retval= krb5_copy_principal(context, server, &cred.server)){ com_err(prog_name, retval,"while copying client principal"); return (FALSE) ; } - if (retval = krb5_get_cred_from_kdc(cc, &cred, &tgts)){ + if (retval = krb5_get_cred_from_kdc(context, cc, &cred, &tgts)){ com_err(prog_name, retval, "while geting credentials from kdc"); return (FALSE); } @@ -184,23 +194,23 @@ krb5_boolean zero_password; fprintf(stderr, "krb5_auth_check: went via multiple realms"); } while (tgts[i]){ - if (retval = krb5_cc_store_cred( cc, tgts[i])){ + if (retval = krb5_cc_store_cred(context, cc, tgts[i])) { com_err(prog_name, retval, "while storing credentials from cross-realm walk"); return (FALSE); } i++; } - krb5_free_tgt_creds(tgts); + krb5_free_tgt_creds(context, tgts); } - if (retval = krb5_verify_tkt_def(client, server, &cred.keyblock, + if (retval = krb5_verify_tkt_def(context, client, server,&cred.keyblock, &cred.ticket, &target_tkt)){ com_err(prog_name, retval, "while verifing ticket for server"); return (FALSE); } - if (retval = krb5_cc_store_cred( cc, &cred)){ + if (retval = krb5_cc_store_cred(context, cc, &cred)){ com_err(prog_name, retval, "While storing credentials"); return (FALSE); @@ -212,7 +222,8 @@ krb5_boolean zero_password; /* krb5_fast_auth checks if ticket for the end server is already in the cache, if it is, we don't need a tgt */ -krb5_boolean krb5_fast_auth(client, server, target_user, cc) +krb5_boolean krb5_fast_auth(context, client, server, target_user, cc) + krb5_context context; krb5_principal client; krb5_principal server; char *target_user; @@ -226,17 +237,17 @@ krb5_error_code retval; memset((char *) &tgtq, 0, sizeof(tgtq)); memset((char *) &tgt, 0, sizeof(tgt)); - if (retval= krb5_copy_principal( client, &tgtq.client)){ + if (retval= krb5_copy_principal(context, client, &tgtq.client)){ com_err(prog_name, retval,"while copying client principal"); return (FALSE) ; } - if (retval= krb5_copy_principal( server, &tgtq.server)){ + if (retval= krb5_copy_principal(context, server, &tgtq.server)){ com_err(prog_name, retval,"while copying client principal"); return (FALSE) ; } - if (retval = krb5_cc_retrieve_cred(cc, KRB5_TC_MATCH_SRV_NAMEONLY, + if (retval = krb5_cc_retrieve_cred(context, cc, KRB5_TC_MATCH_SRV_NAMEONLY, &tgtq, &tgt)){ if (auth_debug) com_err(prog_name, retval,"While Retrieving credentials"); @@ -244,7 +255,7 @@ krb5_error_code retval; } - if (retval = krb5_verify_tkt_def(client, server, &tgt.keyblock, + if (retval = krb5_verify_tkt_def(context, client, server, &tgt.keyblock, &tgt.ticket, &target_tkt)){ com_err(prog_name, retval, "while verifing ticket for server"); return (FALSE); @@ -253,10 +264,11 @@ krb5_error_code retval; return TRUE; } - - -krb5_error_code krb5_verify_tkt_def(client, server, cred_ses_key, scr_ticket, clear_ticket) +static krb5_error_code +krb5_verify_tkt_def(context, client, server, cred_ses_key, + scr_ticket, clear_ticket) /* IN */ + krb5_context context; krb5_principal client; krb5_principal server; krb5_keyblock *cred_ses_key; @@ -275,7 +287,7 @@ krb5_keyblock * tkt_ses_key; return retval; } - if (server && !krb5_principal_compare(server, tkt->server)){ + if (server && !krb5_principal_compare(context, server, tkt->server)){ return KRB5KRB_AP_WRONG_PRINC; } @@ -286,39 +298,39 @@ krb5_keyblock * tkt_ses_key; } /* get the default keytab */ - if( retval = krb5_kt_default(&keytabid)){ - krb5_free_ticket(tkt); + if( retval = krb5_kt_default(context, &keytabid)){ + krb5_free_ticket(context, tkt); return retval; } - if (retval = krb5_kt_get_entry(keytabid, server, - tkt->enc_part.kvno, &ktentry)){ - krb5_free_ticket(tkt); + if (retval = krb5_kt_get_entry(context, keytabid, server, + tkt->enc_part.kvno, &ktentry)){ + krb5_free_ticket(context, tkt); return retval; } - krb5_kt_close(keytabid); + krb5_kt_close(context, keytabid); - if ( retval = krb5_copy_keyblock(&ktentry.key, &tkt_key)){ - krb5_free_ticket(tkt); - krb5_kt_free_entry(&ktentry); + if ( retval = krb5_copy_keyblock(context, &ktentry.key, &tkt_key)){ + krb5_free_ticket(context, tkt); + krb5_kt_free_entry(context, &ktentry); return retval; } /* decrypt the ticket */ - if (retval = krb5_decrypt_tkt_part(tkt_key, tkt)) { - krb5_free_ticket(tkt); - krb5_kt_free_entry(&ktentry); - krb5_free_keyblock(tkt_key); + if (retval = krb5_decrypt_tkt_part(context, tkt_key, tkt)) { + krb5_free_ticket(context, tkt); + krb5_kt_free_entry(context, &ktentry); + krb5_free_keyblock(context, tkt_key); return(retval); } - if (!krb5_principal_compare(client, tkt->enc_part2->client)) { - krb5_free_ticket(tkt); - krb5_kt_free_entry(&ktentry); - krb5_free_keyblock(tkt_key); + if (!krb5_principal_compare(context, client, tkt->enc_part2->client)) { + krb5_free_ticket(context, tkt); + krb5_kt_free_entry(context, &ktentry); + krb5_free_keyblock(context, tkt_key); return KRB5KRB_AP_ERR_BADMATCH; } @@ -336,9 +348,9 @@ krb5_keyblock * tkt_ses_key; memcmp((char *)cred_ses_key->contents, (char *)tkt_ses_key->contents, cred_ses_key->length)) { - krb5_free_ticket(tkt); - krb5_kt_free_entry(&ktentry); - krb5_free_keyblock(tkt_key); + krb5_free_ticket(context, tkt); + krb5_kt_free_entry(context, &ktentry); + krb5_free_keyblock(context, tkt_key); return KRB5KRB_AP_ERR_BAD_INTEGRITY; } @@ -348,15 +360,16 @@ krb5_keyblock * tkt_ses_key; } *clear_ticket = tkt; - krb5_kt_free_entry(&ktentry); - krb5_free_keyblock(tkt_key); + krb5_kt_free_entry(context, &ktentry); + krb5_free_keyblock(context, tkt_key); return 0; } -krb5_boolean krb5_get_tkt_via_passwd (ccache, client, server, +krb5_boolean krb5_get_tkt_via_passwd (context, ccache, client, server, options, zero_password) + krb5_context context; krb5_ccache *ccache; krb5_principal client; krb5_principal server; @@ -375,19 +388,19 @@ krb5_boolean krb5_get_tkt_via_passwd (ccache, client, server, *zero_password = FALSE; - if (code = krb5_unparse_name(client, &client_name)) { + if (code = krb5_unparse_name(context, client, &client_name)) { com_err (prog_name, code, "when unparsing name"); return (FALSE); } memset((char *)&my_creds, 0, sizeof(my_creds)); - if (code = krb5_copy_principal(client, &my_creds.client)){ + if (code = krb5_copy_principal(context, client, &my_creds.client)){ com_err (prog_name, code, "while copying principal"); return (FALSE); } - if (code = krb5_copy_principal(server, &my_creds.server)){ + if (code = krb5_copy_principal(context, server, &my_creds.server)){ com_err (prog_name, code, "while copying principal"); return (FALSE); } @@ -399,7 +412,7 @@ krb5_boolean krb5_get_tkt_via_passwd (ccache, client, server, return (FALSE); } - if (code = krb5_timeofday(&now)) { + if (code = krb5_timeofday(context, &now)) { com_err(prog_name, code, "while getting time of day"); return (FALSE); } @@ -418,12 +431,12 @@ krb5_boolean krb5_get_tkt_via_passwd (ccache, client, server, pwsize = sizeof(password); - code = krb5_read_password(prompt, 0, password, &pwsize); + code = krb5_read_password(context, prompt, 0, password, &pwsize); if (code ) { com_err(prog_name, code, "while reading password for '%s'\n", client_name); memset(password, 0, sizeof(password)); - krb5_free_addresses(my_addresses); + krb5_free_addresses(context, my_addresses); return (FALSE); } @@ -431,13 +444,13 @@ krb5_boolean krb5_get_tkt_via_passwd (ccache, client, server, fprintf(stderr, "No password given\n"); *zero_password = TRUE; memset(password, 0, sizeof(password)); - krb5_free_addresses(my_addresses); + krb5_free_addresses(context, my_addresses); return (FALSE); } if (preauth_type > 0) { - code = krb5_get_in_tkt_with_password(options->opt, my_addresses, - preauth_type, + code = krb5_get_in_tkt_with_password(context, options->opt, + my_addresses, preauth_type, ETYPE_DES_CBC_CRC, KEYTYPE_DES, password, @@ -445,7 +458,8 @@ krb5_boolean krb5_get_tkt_via_passwd (ccache, client, server, &my_creds, 0); } else { for (i=0; preauth_search_list[i] >= 0; i++) { - code = krb5_get_in_tkt_with_password(options->opt, my_addresses, + code = krb5_get_in_tkt_with_password(context, options->opt, + my_addresses, preauth_search_list[i], ETYPE_DES_CBC_CRC, KEYTYPE_DES, @@ -460,7 +474,7 @@ krb5_boolean krb5_get_tkt_via_passwd (ccache, client, server, memset(password, 0, sizeof(password)); - krb5_free_addresses(my_addresses); + krb5_free_addresses(context, my_addresses); if (code) { if (code == KRB5KRB_AP_ERR_BAD_INTEGRITY) @@ -473,27 +487,29 @@ krb5_boolean krb5_get_tkt_via_passwd (ccache, client, server, } -void dump_principal (str, p) +void dump_principal (context, str, p) + krb5_context context; char *str; krb5_principal p; { char * stname; krb5_error_code retval; - if (retval = krb5_unparse_name(p, &stname)){ + if (retval = krb5_unparse_name(context, p, &stname)){ fprintf(stderr," %s while unparsing name \n", error_message(retval)); } fprintf(stderr, " %s: %s\n", str, stname ); } -void plain_dump_principal (p) +void plain_dump_principal (context, p) + krb5_context context; krb5_principal p; { char * stname; krb5_error_code retval; - if (retval = krb5_unparse_name(p, &stname)){ + if (retval = krb5_unparse_name(context, p, &stname)){ fprintf(stderr," %s while unparsing name \n", error_message(retval)); } @@ -576,8 +592,9 @@ convtime(p) return (r); } -krb5_error_code get_tgt_via_login_list(server, cc, k5login_plist, +krb5_error_code get_tgt_via_login_list(context, server, cc, k5login_plist, client, got_it) + krb5_context context; krb5_principal server; krb5_ccache cc; char **k5login_plist; @@ -597,27 +614,31 @@ krb5_error_code retval =0; memset((char *) &tgt, 0, sizeof(tgt)); while(k5login_plist[i]){ - if (retval = krb5_parse_name(k5login_plist[i], + if (retval = krb5_parse_name(context, k5login_plist[i], &temp_client)){ return retval; } - if (retval= krb5_copy_principal( temp_client, &tgtq.client)){ + if (retval= krb5_copy_principal(context, temp_client, + &tgtq.client)){ return retval ; } /* check to see if the local tgt is in the cache */ - if (retval = krb5_tgtname( krb5_princ_realm (temp_client), - krb5_princ_realm(temp_client), &tgtq.server)){ + if (retval = krb5_tgtname(context, + krb5_princ_realm(context, temp_client), + krb5_princ_realm(context, temp_client), + &tgtq.server)){ return retval ; } - retval = krb5_cc_retrieve_cred(cc, KRB5_TC_MATCH_SRV_NAMEONLY, + retval = krb5_cc_retrieve_cred(context, cc, + KRB5_TC_MATCH_SRV_NAMEONLY, &tgtq, &tgt); - if (! retval) retval = krb5_check_exp(tgt.times); + if (! retval) retval = krb5_check_exp(context, tgt.times); if (retval){ if ((retval != KRB5_CC_NOTFOUND) && @@ -650,7 +671,8 @@ A principal is picked that has the best chance of getting in. **********************************************************************/ -krb5_error_code get_best_principal(plist, client) +krb5_error_code get_best_principal(context, plist, client) + krb5_context context; char **plist; krb5_principal *client; { @@ -661,26 +683,26 @@ int i = 0, nelem; if (! plist ) return 0; - nelem = krb5_princ_size(*client); + nelem = krb5_princ_size(context, *client); while(plist[i]){ - if (retval = krb5_parse_name(plist[i], &temp_client)){ + if (retval = krb5_parse_name(context, plist[i], &temp_client)){ return retval; } - if (krb5_princ_realm(*client)->length == - krb5_princ_realm(temp_client)->length - && (!memcmp (krb5_princ_realm(*client)->data, - krb5_princ_realm(temp_client)->data, - krb5_princ_realm(temp_client)->length))){ + if (krb5_princ_realm(context, *client)->length == + krb5_princ_realm(context, temp_client)->length + && (!memcmp (krb5_princ_realm(context, *client)->data, + krb5_princ_realm(context, temp_client)->data, + krb5_princ_realm(context, temp_client)->length))){ if(nelem){ krb5_data *p1 = - krb5_princ_component(*client, 0); + krb5_princ_component(context, *client, 0); krb5_data *p2 = - krb5_princ_component(temp_client, 0); + krb5_princ_component(context, temp_client, 0); if ((p1->length == p2->length) && (!memcmp(p1->data,p2->data,p1->length))){ @@ -692,8 +714,8 @@ int i = 0, nelem; } if(best_client){ - if(krb5_princ_size(best_client) > - krb5_princ_size(temp_client)){ + if(krb5_princ_size(context, best_client) > + krb5_princ_size(context, temp_client)){ best_client = temp_client; } }else{ diff --git a/src/clients/ksu/ksu.h b/src/clients/ksu/ksu.h index 76e1928a69..013230fbaf 100644 --- a/src/clients/ksu/ksu.h +++ b/src/clients/ksu/ksu.h @@ -90,7 +90,6 @@ typedef struct opt_info{ extern krb5_boolean krb5_auth_check(); extern krb5_error_code get_best_principal(); extern void dump_principal (); -extern krb5_error_code krb5_verify_tkt_def(); extern krb5_boolean krb5_fast_auth(); extern krb5_boolean krb5_get_tkt_via_passwd (); extern int gen_sym(); diff --git a/src/clients/ksu/main.c b/src/clients/ksu/main.c index b376ccd6e5..489c819415 100644 --- a/src/clients/ksu/main.c +++ b/src/clients/ksu/main.c @@ -79,6 +79,7 @@ int use_source_cache = 0; krb5_error_code retval = 0; krb5_principal client = NULL; krb5_ccache cc_target = NULL; +krb5_context ksu_context; char * cc_target_tag = NULL; char * target_user = NULL; char * source_user; @@ -121,7 +122,8 @@ char * dir_of_cc_source; params[1] = NULL; - krb5_init_ets(); /* initialize kerberos error tables */ + krb5_init_context(&ksu_context); + krb5_init_ets(ksu_context); /* initialize kerberos error tables */ #ifdef LOCAL_REALM local_realm_name = LOCAL_REALM ; @@ -170,7 +172,7 @@ char * dir_of_cc_source; switch (option) { case 'r': options.opt |= KDC_OPT_RENEWABLE; - retval = krb5_parse_lifetime(optarg, &options.rlife); + retval = krb5_parse_lifetime(ksu_context, optarg, &options.rlife); if (retval != 0 || options.rlife == 0) { fprintf(stderr, "Bad lifetime value (%s hours?)\n", optarg); errflg++; @@ -202,14 +204,14 @@ char * dir_of_cc_source; quiet =1; break; case 'l': - retval = krb5_parse_lifetime(optarg, &options.lifetime); + retval = krb5_parse_lifetime(ksu_context, optarg, &options.lifetime); if (retval != 0 || options.lifetime == 0) { fprintf(stderr, "Bad lifetime value (%s hours?)\n", optarg); errflg++; } break; case 'n': - if (retval = krb5_parse_name(optarg, &client)){ + if (retval = krb5_parse_name(ksu_context, optarg, &client)){ com_err(prog_name, retval, "when parsing name %s", optarg); errflg++; } @@ -373,12 +375,12 @@ char * dir_of_cc_source; /***********************************/ if (cc_source_tag == NULL){ - cc_source_tag = krb5_cc_default_name(); + cc_source_tag = krb5_cc_default_name(ksu_context); cc_source_tag_tmp = strchr(cc_source_tag, ':') + 1; } /* get a handle for the cache */ - if ( retval = krb5_cc_resolve(cc_source_tag, &cc_source)){ + if ( retval = krb5_cc_resolve(ksu_context, cc_source_tag, &cc_source)){ com_err(prog_name, retval,"while getting source cache"); exit(1); } @@ -395,7 +397,7 @@ char * dir_of_cc_source; } - if (retval= krb5_ccache_refresh(cc_source)){ + if (retval= krb5_ccache_refresh(ksu_context, cc_source)){ com_err(prog_name, retval, "while refreshing %s (source cache)", cc_source_tag); exit(1); @@ -404,10 +406,10 @@ char * dir_of_cc_source; } - if (retval = get_best_princ_for_target(source_uid,target_uid, source_user, - target_user, cc_source, &options, cmd, - localhostname, &client, &hp)){ - com_err(prog_name, retval, "while selecting the best principal"); + if (retval = get_best_princ_for_target(ksu_context, source_uid, + target_uid, source_user, target_user, cc_source, + &options, cmd, localhostname, &client, &hp)){ + com_err(prog_name,retval, "while selecting the best principal"); exit(1); } @@ -442,7 +444,8 @@ char * dir_of_cc_source; exit(1); } - if (retval = krb5_cc_initialize(cc_source, client)){ + if (retval = krb5_cc_initialize(ksu_context, cc_source, + client)){ com_err(prog_name, retval, "while initializing source cache"); exit(1); @@ -498,20 +501,20 @@ char * dir_of_cc_source; if ((source_uid == 0) && (target_uid != 0)) { - if (retval =krb5_ccache_copy_restricted( cc_source, + if (retval =krb5_ccache_copy_restricted(ksu_context, cc_source, cc_target_tag,client,&cc_target, &stored)){ com_err (prog_name, retval, "while copying cache %s to %s", - krb5_cc_get_name(cc_source),cc_target_tag); + krb5_cc_get_name(ksu_context, cc_source),cc_target_tag); exit(1); } } else{ - if (retval = krb5_ccache_copy(cc_source, cc_target_tag, + if (retval = krb5_ccache_copy(ksu_context, cc_source, cc_target_tag, client,&cc_target, &stored)){ com_err (prog_name, retval, "while copying cache %s to %s", - krb5_cc_get_name(cc_source), + krb5_cc_get_name(ksu_context, cc_source), cc_target_tag); exit(1); } @@ -524,7 +527,7 @@ char * dir_of_cc_source; cc_target_tag = cc_source_tag; cc_target_tag_tmp = cc_source_tag_tmp; - if(retval=krb5_find_princ_in_cache(cc_target,client, &stored)){ + if(retval=krb5_find_princ_in_cache(ksu_context, cc_target,client, &stored)){ com_err (prog_name, retval, "while searching for client in source ccache"); exit(1); @@ -534,24 +537,25 @@ char * dir_of_cc_source; if ((source_uid == 0) || (target_uid == source_uid)){ #ifdef GET_TGT_VIA_PASSWD if ((!all_rest_copy) && options.princ && (stored == FALSE)){ - if (retval = krb5_tgtname(krb5_princ_realm (client), - krb5_princ_realm(client), + if (retval = krb5_tgtname(ksu_context, + krb5_princ_realm (ksu_context, client), + krb5_princ_realm(ksu_context, client), &kdc_server)){ com_err(prog_name, retval, "while creating tgt for local realm"); - sweep_up(use_source_cache, cc_target); + sweep_up(ksu_context, use_source_cache, cc_target); exit(1); } fprintf(stderr,"WARNING: Your password may be exposed if you enter it here and are logged \n"); fprintf(stderr," in remotely using an unsecure (non-encrypted) channel.\n"); - if (krb5_get_tkt_via_passwd (&cc_target, client, + if (krb5_get_tkt_via_passwd (ksu_context, &cc_target, client, kdc_server, &options, &zero_password) == FALSE){ if (zero_password == FALSE){ fprintf(stderr,"Goodbye\n"); - sweep_up(use_source_cache, + sweep_up(ksu_context, use_source_cache, cc_target); exit(1); } @@ -572,7 +576,7 @@ char * dir_of_cc_source; if (source_uid && (source_uid != target_uid)) { char * client_name; - auth_val = krb5_auth_check(client, localhostname, &options, + auth_val = krb5_auth_check(ksu_context, client, localhostname, &options, target_user,cc_target, &path_passwd); @@ -582,20 +586,20 @@ char * dir_of_cc_source; syslog(LOG_WARNING, "'%s %s' authentication failed for %s%s", prog_name,target_user,source_user,ontty()); - sweep_up(use_source_cache, cc_target); + sweep_up(ksu_context, use_source_cache, cc_target); exit(1); } /* cache the tickets if possible in the source cache */ if (!path_passwd && !use_source_cache){ - if (retval = krb5_ccache_overwrite(cc_target, cc_source, + if (retval = krb5_ccache_overwrite(ksu_context, cc_target, cc_source, client)){ com_err (prog_name, retval, "while copying cache %s to %s", - krb5_cc_get_name(cc_target), - krb5_cc_get_name(cc_source)); - sweep_up(use_source_cache, cc_target); + krb5_cc_get_name(ksu_context, cc_target), + krb5_cc_get_name(ksu_context, cc_source)); + sweep_up(ksu_context, use_source_cache, cc_target); exit(1); } if (chown(cc_source_tag_tmp, source_uid, source_gid)){ @@ -606,9 +610,9 @@ char * dir_of_cc_source; } } - if (retval = krb5_unparse_name(client, &client_name)) { + if (retval = krb5_unparse_name(ksu_context, client, &client_name)) { com_err (prog_name, retval, "When unparsing name"); - sweep_up(use_source_cache, cc_target); + sweep_up(ksu_context, use_source_cache, cc_target); exit(1); } @@ -617,10 +621,10 @@ char * dir_of_cc_source; prog_name,target_user,client_name, source_user,ontty()); - if(retval = krb5_authorization(client,target_user, + if(retval = krb5_authorization(ksu_context, client,target_user, local_realm_name, cmd, &authorization_val, &exec_cmd)){ com_err(prog_name,retval,"while checking authorization"); - sweep_up(use_source_cache, cc_target); + sweep_up(ksu_context, use_source_cache, cc_target); exit(1); } @@ -666,21 +670,21 @@ char * dir_of_cc_source; } - sweep_up(use_source_cache, cc_target); + sweep_up(ksu_context, use_source_cache, cc_target); exit(1); } } if( some_rest_copy){ - if (retval = krb5_ccache_filter(cc_target, client)){ + if (retval = krb5_ccache_filter(ksu_context, cc_target, client)){ com_err(prog_name,retval,"while calling cc_filter"); - sweep_up(use_source_cache, cc_target); + sweep_up(ksu_context, use_source_cache, cc_target); exit(1); } } if (all_rest_copy){ - if (retval = krb5_cc_initialize(cc_target, client)){ + if (retval = krb5_cc_initialize(ksu_context, cc_target, client)){ com_err(prog_name, retval, "while erasing target cache"); exit(1); @@ -703,7 +707,7 @@ char * dir_of_cc_source; if (!standard_shell(target_pwd->pw_shell) && source_uid) { fprintf(stderr, "ksu: permission denied (shell).\n"); - sweep_up(use_source_cache, cc_target); + sweep_up(ksu_context, use_source_cache, cc_target); exit(1); } #endif /* HAS_GETUSERSHELL */ @@ -712,20 +716,20 @@ char * dir_of_cc_source; if(set_env_var("USER", target_pwd->pw_name)){ fprintf(stderr,"ksu: couldn't set environment variable USER\n"); - sweep_up(use_source_cache, cc_target); + sweep_up(ksu_context, use_source_cache, cc_target); exit(1); } } if(set_env_var( "HOME", target_pwd->pw_dir)){ fprintf(stderr,"ksu: couldn't set environment variable USER\n"); - sweep_up(use_source_cache, cc_target); + sweep_up(ksu_context, use_source_cache, cc_target); exit(1); } if(set_env_var( "SHELL", shell)){ fprintf(stderr,"ksu: couldn't set environment variable USER\n"); - sweep_up(use_source_cache, cc_target); + sweep_up(ksu_context, use_source_cache, cc_target); exit(1); } @@ -734,7 +738,7 @@ char * dir_of_cc_source; if(set_env_var( KRB5_ENV_CCNAME, cc_target_tag)){ fprintf(stderr,"ksu: couldn't set environment variable %s \n", KRB5_ENV_CCNAME); - sweep_up(use_source_cache, cc_target); + sweep_up(ksu_context, use_source_cache, cc_target); exit(1); } @@ -746,7 +750,7 @@ char * dir_of_cc_source; if (chown(cc_target_tag_tmp, target_uid, target_gid)){ com_err(prog_name, errno, "while changing owner for %s", cc_target_tag_tmp); - sweep_up(use_source_cache, cc_target); + sweep_up(ksu_context, use_source_cache, cc_target); exit(1); } @@ -755,14 +759,14 @@ char * dir_of_cc_source; /* set permissions */ if (setgid(target_pwd->pw_gid) < 0) { perror("ksu: setgid"); - sweep_up(use_source_cache, cc_target); + sweep_up(ksu_context, use_source_cache, cc_target); exit(1); } if (initgroups(target_user, target_pwd->pw_gid)) { fprintf(stderr, "ksu: initgroups failed.\n"); - sweep_up(use_source_cache, cc_target); + sweep_up(ksu_context, use_source_cache, cc_target); exit(1); } @@ -776,7 +780,7 @@ char * dir_of_cc_source; if (setuid(target_pwd->pw_uid) < 0) { perror("ksu: setuid"); - sweep_up(use_source_cache, cc_target); + sweep_up(ksu_context, use_source_cache, cc_target); exit(1); } @@ -812,7 +816,7 @@ char * dir_of_cc_source; execv(params[0], params); com_err(prog_name, errno, "while trying to execv %s", params[0]); - sweep_up(use_source_cache, cc_target); + sweep_up(ksu_context, use_source_cache, cc_target); exit(1); }else{ if (child_pid = fork()){ @@ -825,7 +829,7 @@ char * dir_of_cc_source; com_err(prog_name, errno, "while calling waitpid"); exit(1); } - sweep_up(use_source_cache, cc_target); + sweep_up(ksu_context, use_source_cache, cc_target); if (auth_debug){ printf("The exit status of the child is %d\n", @@ -885,7 +889,8 @@ char * env_var_buf; } -void sweep_up(use_source_cache, cc) +void sweep_up(context, use_source_cache, cc) + krb5_context context; int use_source_cache; krb5_ccache cc; { @@ -894,9 +899,9 @@ char * cc_name; struct stat st_temp; if (! use_source_cache){ - cc_name = krb5_cc_get_name(cc); + cc_name = krb5_cc_get_name(context, cc); if ( ! stat(cc_name, &st_temp)){ - if (retval = krb5_cc_destroy(cc)){ + if (retval = krb5_cc_destroy(context, cc)){ com_err(prog_name, retval, "while destroying cache"); } diff --git a/src/include/krb5/ChangeLog b/src/include/krb5/ChangeLog index d91a4000b6..2ae4419dbb 100644 --- a/src/include/krb5/ChangeLog +++ b/src/include/krb5/ChangeLog @@ -1,3 +1,11 @@ +Fri Jan 13 15:23:47 1995 Chris Provenzano (proven@mit.edu) + + * Added krb5_context to all krb5_routines + + * Removed DECLARG and OLDDECLARG from base-defs.h (and any file that + was using it.) The next thing to do is make all narrow types + wide types and remove narrow.h and wide.h. + Thu Jan 12 01:55:54 1995 Mark Eichin <eichin@cygnus.com> * Makefile.in (install): constructed headers come from the build diff --git a/src/include/krb5/base-defs.h b/src/include/krb5/base-defs.h index f4bfa01892..12bd763094 100644 --- a/src/include/krb5/base-defs.h +++ b/src/include/krb5/base-defs.h @@ -85,18 +85,9 @@ typedef char const * krb5_const_pointer; #else #define STDARG_P(x) () #endif /* defined(__STDC__) || defined(STDARG_PROTOTYPES) */ -#ifdef NARROW_PROTOTYPES -#define DECLARG(type, val) type val -#define OLDDECLARG(type, val) -#else -#define DECLARG(type, val) val -#define OLDDECLARG(type, val) type val; -#endif /* NARROW_PROTOTYPES */ #else #define PROTOTYPE(x) () #define STDARG_P(x) () -#define DECLARG(type, val) val -#define OLDDECLARG(type, val) type val; #endif /* STDC or PROTOTYPES */ #ifdef NO_NESTED_PROTOTYPES @@ -135,13 +126,13 @@ typedef krb5_principal_data *krb5_principal; /* constant version thereof: */ typedef const krb5_principal_data *krb5_const_principal; -#define krb5_princ_realm(princ) (&(princ)->realm) -#define krb5_princ_set_realm(princ,value) ((princ)->realm = *(value)) -#define krb5_princ_set_realm_length(princ,value) (princ)->realm.length = (value) -#define krb5_princ_set_realm_data(princ,value) (princ)->realm.data = (value) -#define krb5_princ_size(princ) (princ)->length -#define krb5_princ_type(princ) (princ)->type -#define krb5_princ_name(princ) (princ)->data -#define krb5_princ_component(princ,i) ((princ)->data + i) +#define krb5_princ_realm(context, princ) (&(princ)->realm) +#define krb5_princ_set_realm(context, princ,value) ((princ)->realm = *(value)) +#define krb5_princ_set_realm_length(context, princ,value) (princ)->realm.length = (value) +#define krb5_princ_set_realm_data(context, princ,value) (princ)->realm.data = (value) +#define krb5_princ_size(context, princ) (princ)->length +#define krb5_princ_type(context, princ) (princ)->type +#define krb5_princ_name(context, princ) (princ)->data +#define krb5_princ_component(context, princ,i) ((princ)->data + i) #endif /* KRB5_BASE_DEFS__ */ diff --git a/src/include/krb5/ccache.h b/src/include/krb5/ccache.h index beeb740b66..8802758460 100644 --- a/src/include/krb5/ccache.h +++ b/src/include/krb5/ccache.h @@ -39,25 +39,31 @@ typedef struct _krb5_ccache { typedef struct _krb5_cc_ops { krb5_magic magic; char *prefix; - char *(*get_name) NPROTOTYPE((krb5_ccache)); - krb5_error_code (*resolve) NPROTOTYPE((krb5_ccache *, char *)); - krb5_error_code (*gen_new) NPROTOTYPE((krb5_ccache *)); - krb5_error_code (*init) NPROTOTYPE((krb5_ccache, krb5_principal)); - krb5_error_code (*destroy) NPROTOTYPE((krb5_ccache)); - krb5_error_code (*close) NPROTOTYPE((krb5_ccache)); - krb5_error_code (*store) NPROTOTYPE((krb5_ccache, krb5_creds *)); - krb5_error_code (*retrieve) NPROTOTYPE((krb5_ccache, krb5_flags, - krb5_creds *, krb5_creds *)); - krb5_error_code (*get_princ) NPROTOTYPE((krb5_ccache, - krb5_principal *)); - krb5_error_code (*get_first) NPROTOTYPE((krb5_ccache, - krb5_cc_cursor *)); - krb5_error_code (*get_next) NPROTOTYPE((krb5_ccache, krb5_cc_cursor *, + char *(*get_name) NPROTOTYPE((krb5_context, krb5_ccache)); + krb5_error_code (*resolve) NPROTOTYPE((krb5_context, krb5_ccache *, + char *)); + krb5_error_code (*gen_new) NPROTOTYPE((krb5_context, krb5_ccache *)); + krb5_error_code (*init) NPROTOTYPE((krb5_context, krb5_ccache, + krb5_principal)); + krb5_error_code (*destroy) NPROTOTYPE((krb5_context, krb5_ccache)); + krb5_error_code (*close) NPROTOTYPE((krb5_context, krb5_ccache)); + krb5_error_code (*store) NPROTOTYPE((krb5_context, krb5_ccache, krb5_creds *)); - krb5_error_code (*end_get) NPROTOTYPE((krb5_ccache, krb5_cc_cursor *)); - krb5_error_code (*remove_cred) NPROTOTYPE((krb5_ccache, krb5_flags, - krb5_creds *)); - krb5_error_code (*set_flags) NPROTOTYPE((krb5_ccache, krb5_flags)); + krb5_error_code (*retrieve) NPROTOTYPE((krb5_context, krb5_ccache, + krb5_flags, krb5_creds *, + krb5_creds *)); + krb5_error_code (*get_princ) NPROTOTYPE((krb5_context, krb5_ccache, + krb5_principal *)); + krb5_error_code (*get_first) NPROTOTYPE((krb5_context, krb5_ccache, + krb5_cc_cursor *)); + krb5_error_code (*get_next) NPROTOTYPE((krb5_context, krb5_ccache, + krb5_cc_cursor *, krb5_creds *)); + krb5_error_code (*end_get) NPROTOTYPE((krb5_context, krb5_ccache, + krb5_cc_cursor *)); + krb5_error_code (*remove_cred) NPROTOTYPE((krb5_context, krb5_ccache, + krb5_flags, krb5_creds *)); + krb5_error_code (*set_flags) NPROTOTYPE((krb5_context, krb5_ccache, + krb5_flags)); } krb5_cc_ops; /* for retrieve_cred */ @@ -73,19 +79,19 @@ typedef struct _krb5_cc_ops { /* for set_flags and other functions */ #define KRB5_TC_OPENCLOSE 0x00000001 -#define krb5_cc_initialize(cache, principal) (*(cache)->ops->init)(cache, principal) -#define krb5_cc_gen_new(cache) (*(cache)->ops->gen_new)(cache) -#define krb5_cc_destroy(cache) (*(cache)->ops->destroy)(cache) -#define krb5_cc_close(cache) (*(cache)->ops->close)(cache) -#define krb5_cc_store_cred(cache, creds) (*(cache)->ops->store)(cache, creds) -#define krb5_cc_retrieve_cred(cache, flags, mcreds, creds) (*(cache)->ops->retrieve)(cache, flags, mcreds, creds) -#define krb5_cc_get_principal(cache, principal) (*(cache)->ops->get_princ)(cache, principal) -#define krb5_cc_start_seq_get(cache, cursor) (*(cache)->ops->get_first)(cache, cursor) -#define krb5_cc_next_cred(cache, cursor, creds) (*(cache)->ops->get_next)(cache, cursor, creds) -#define krb5_cc_end_seq_get(cache, cursor) (*(cache)->ops->end_get)(cache, cursor) -#define krb5_cc_remove_cred(cache, flags, creds) (*(cache)->ops->remove_cred)(cache,flags, creds) -#define krb5_cc_set_flags(cache, flags) (*(cache)->ops->set_flags)(cache, flags) -#define krb5_cc_get_name(cache) (*(cache)->ops->get_name)(cache) +#define krb5_cc_initialize(context, cache, principal) (*(cache)->ops->init)(context, cache, principal) +#define krb5_cc_gen_new(context, cache) (*(cache)->ops->gen_new)(context, cache) +#define krb5_cc_destroy(context, cache) (*(cache)->ops->destroy)(context, cache) +#define krb5_cc_close(context, cache) (*(cache)->ops->close)(context, cache) +#define krb5_cc_store_cred(context, cache, creds) (*(cache)->ops->store)(context, cache, creds) +#define krb5_cc_retrieve_cred(context, cache, flags, mcreds, creds) (*(cache)->ops->retrieve)(context, cache, flags, mcreds, creds) +#define krb5_cc_get_principal(context, cache, principal) (*(cache)->ops->get_princ)(context, cache, principal) +#define krb5_cc_start_seq_get(context, cache, cursor) (*(cache)->ops->get_first)(context, cache, cursor) +#define krb5_cc_next_cred(context, cache, cursor, creds) (*(cache)->ops->get_next)(context, cache, cursor, creds) +#define krb5_cc_end_seq_get(context, cache, cursor) (*(cache)->ops->end_get)(context, cache, cursor) +#define krb5_cc_remove_cred(context, cache, flags, creds) (*(cache)->ops->remove_cred)(context, cache,flags, creds) +#define krb5_cc_set_flags(context, cache, flags) (*(cache)->ops->set_flags)(context, cache, flags) +#define krb5_cc_get_name(context, cache) (*(cache)->ops->get_name)(context, cache) extern krb5_cc_ops *krb5_cc_dfl_ops; diff --git a/src/include/krb5/encryption.h b/src/include/krb5/encryption.h index b8978d7a9f..0e538cc140 100644 --- a/src/include/krb5/encryption.h +++ b/src/include/krb5/encryption.h @@ -63,28 +63,28 @@ typedef struct _krb5_enc_data { /* could be used in a table to find an etype and initialize a block */ typedef struct _krb5_cryptosystem_entry { krb5_magic magic; - krb5_error_code (*encrypt_func) NPROTOTYPE((krb5_const_pointer /* in */, + krb5_error_code (*encrypt_func) NPROTOTYPE(( krb5_const_pointer /* in */, krb5_pointer /* out */, const size_t, krb5_encrypt_block *, krb5_pointer)); - krb5_error_code (*decrypt_func) NPROTOTYPE((krb5_const_pointer /* in */, + krb5_error_code (*decrypt_func) NPROTOTYPE(( krb5_const_pointer /* in */, krb5_pointer /* out */, const size_t, krb5_encrypt_block *, krb5_pointer)); - krb5_error_code (*process_key) NPROTOTYPE((krb5_encrypt_block *, + krb5_error_code (*process_key) NPROTOTYPE(( krb5_encrypt_block *, const krb5_keyblock *)); - krb5_error_code (*finish_key) NPROTOTYPE((krb5_encrypt_block *)); - krb5_error_code (*string_to_key) NPROTOTYPE((const krb5_encrypt_block *, + krb5_error_code (*finish_key) NPROTOTYPE(( krb5_encrypt_block *)); + krb5_error_code (*string_to_key) NPROTOTYPE(( const krb5_encrypt_block *, const krb5_keytype, krb5_keyblock *, const krb5_data *, const krb5_data *)); - krb5_error_code (*init_random_key) NPROTOTYPE((const krb5_keyblock *, + krb5_error_code (*init_random_key) NPROTOTYPE(( const krb5_keyblock *, krb5_pointer *)); - krb5_error_code (*finish_random_key) NPROTOTYPE((krb5_pointer *)); - krb5_error_code (*random_key) NPROTOTYPE((const krb5_encrypt_block *, + krb5_error_code (*finish_random_key) NPROTOTYPE(( krb5_pointer *)); + krb5_error_code (*random_key) NPROTOTYPE(( const krb5_encrypt_block *, krb5_pointer, krb5_keyblock **)); int block_length; @@ -109,7 +109,7 @@ typedef struct _krb5_cs_table_entry { /* could be used in a table to find a sumtype */ typedef struct _krb5_checksum_entry { krb5_magic magic; - krb5_error_code (*sum_func) NPROTOTYPE ((krb5_pointer /* in */, + krb5_error_code (*sum_func) NPROTOTYPE (( krb5_pointer /* in */, size_t /* in_length */, krb5_pointer /* key/seed */, size_t /* key/seed size */, @@ -180,26 +180,26 @@ extern int krb5_max_cksum; /* max entry in array */ #define is_keyed_cksum(cktype) (krb5_cksumarray[cktype]->uses_key) /* set up *eblockp to use etype */ -#define krb5_use_cstype(eblockp, etype) (eblockp)->crypto_entry = krb5_csarray[(etype)]->system +#define krb5_use_cstype(context, eblockp, etype) (eblockp)->crypto_entry = krb5_csarray[(etype)]->system /* ...or keytype */ -#define krb5_use_keytype(eblockp, keytype) (eblockp)->crypto_entry = krb5_keytype_array[(keytype)]->system +#define krb5_use_keytype(context, eblockp, keytype) (eblockp)->crypto_entry = krb5_keytype_array[(keytype)]->system -#define krb5_encrypt(inptr, outptr, size, eblock, ivec) (*(eblock)->crypto_entry->encrypt_func)(inptr, outptr, size, eblock, ivec) -#define krb5_decrypt(inptr, outptr, size, eblock, ivec) (*(eblock)->crypto_entry->decrypt_func)(inptr, outptr, size, eblock, ivec) -#define krb5_process_key(eblock, key) (*(eblock)->crypto_entry->process_key)(eblock, key) -#define krb5_finish_key(eblock) (*(eblock)->crypto_entry->finish_key)(eblock) -#define krb5_string_to_key(eblock, keytype, keyblock, data, princ) (*(eblock)->crypto_entry->string_to_key)(eblock, keytype, keyblock, data, princ) -#define krb5_init_random_key(eblock, keyblock, ptr) (*(eblock)->crypto_entry->init_random_key)(keyblock, ptr) -#define krb5_finish_random_key(eblock, ptr) (*(eblock)->crypto_entry->finish_random_key)(ptr) -#define krb5_random_key(eblock, ptr, keyblock) (*(eblock)->crypto_entry->random_key)(eblock, ptr, keyblock) +#define krb5_encrypt(context, inptr, outptr, size, eblock, ivec) (*(eblock)->crypto_entry->encrypt_func)(inptr, outptr, size, eblock, ivec) +#define krb5_decrypt(context, inptr, outptr, size, eblock, ivec) (*(eblock)->crypto_entry->decrypt_func)(inptr, outptr, size, eblock, ivec) +#define krb5_process_key(context, eblock, key) (*(eblock)->crypto_entry->process_key)(eblock, key) +#define krb5_finish_key(context, eblock) (*(eblock)->crypto_entry->finish_key)(eblock) +#define krb5_string_to_key(context, eblock, keytype, keyblock, data, princ) (*(eblock)->crypto_entry->string_to_key)(eblock, keytype, keyblock, data, princ) +#define krb5_init_random_key(context, eblock, keyblock, ptr) (*(eblock)->crypto_entry->init_random_key)(keyblock, ptr) +#define krb5_finish_random_key(context, eblock, ptr) (*(eblock)->crypto_entry->finish_random_key)(ptr) +#define krb5_random_key(context, eblock, ptr, keyblock) (*(eblock)->crypto_entry->random_key)(eblock, ptr, keyblock) -#define krb5_eblock_keytype(eblockp) ((eblockp)->crypto_entry->proto_keytype) -#define krb5_eblock_enctype(eblockp) ((eblockp)->crypto_entry->proto_enctype) +#define krb5_eblock_keytype(context, eblockp) ((eblockp)->crypto_entry->proto_keytype) +#define krb5_eblock_enctype(context, eblockp) ((eblockp)->crypto_entry->proto_enctype) /* * Here's the stuff for the checksum switch: */ -#define krb5_checksum_size(ctype) (krb5_cksumarray[ctype]->checksum_length) -#define krb5_calculate_checksum(ctype, in, in_length, seed, seed_length, outcksum) ((*krb5_cksumarray[ctype]->sum_func)(in, in_length, seed, seed_length, outcksum)) +#define krb5_checksum_size(context, ctype) (krb5_cksumarray[ctype]->checksum_length) +#define krb5_calculate_checksum(context, ctype, in, in_length, seed, seed_length, outcksum) ((*krb5_cksumarray[ctype]->sum_func)(in, in_length, seed, seed_length, outcksum)) #endif /* KRB5_ENCRYPTION__ */ diff --git a/src/include/krb5/free.h b/src/include/krb5/free.h index 637a7f4bf8..600f3cd7cc 100644 --- a/src/include/krb5/free.h +++ b/src/include/krb5/free.h @@ -31,6 +31,6 @@ /* to keep lint happy */ #define krb5_xfree(val) free((char *)(val)) -#define krb5_free_data(val) { krb5_xfree((val)->data); krb5_xfree(val);} +#define krb5_free_data(context, val) { krb5_xfree((val)->data); krb5_xfree(val);} #endif /* KRB5_FREE__ */ diff --git a/src/include/krb5/func-proto.h b/src/include/krb5/func-proto.h index f5def17a50..b4b6245e79 100644 --- a/src/include/krb5/func-proto.h +++ b/src/include/krb5/func-proto.h @@ -32,44 +32,57 @@ krb5_error_code krb5_init_context void krb5_free_context PROTOTYPE((krb5_context)); +/* This is a hack to find what needs fixing later, when we've all forgotten + which rotuines still need fixing */ +extern krb5_context global_context; + /* libkrb.spec */ krb5_error_code krb5_kdc_rep_decrypt_proc - PROTOTYPE((const krb5_keyblock *, + PROTOTYPE((krb5_context, + const krb5_keyblock *, krb5_const_pointer, krb5_kdc_rep * )); krb5_error_code krb5_encode_ticket - PROTOTYPE((const krb5_ticket *, + PROTOTYPE((krb5_context, + const krb5_ticket *, krb5_data ** )); krb5_error_code krb5_encrypt_tkt_part - PROTOTYPE((krb5_encrypt_block *, + PROTOTYPE((krb5_context, + krb5_encrypt_block *, const krb5_keyblock *, krb5_ticket * )); krb5_error_code krb5_decrypt_tkt_part - PROTOTYPE((const krb5_keyblock *, + PROTOTYPE((krb5_context, + const krb5_keyblock *, krb5_ticket * )); krb5_error_code krb5_get_cred_from_kdc - PROTOTYPE((krb5_ccache, /* not const, as reading may save + PROTOTYPE((krb5_context, + krb5_ccache, /* not const, as reading may save state */ krb5_creds *, krb5_creds *** )); void krb5_free_tgt_creds - PROTOTYPE((krb5_creds ** )); /* XXX too hard to do with const */ + PROTOTYPE((krb5_context, + krb5_creds ** )); /* XXX too hard to do with const */ #define KRB5_GC_USER_USER 1 /* want user-user ticket */ #define KRB5_GC_CACHED 2 /* want cached ticket only */ krb5_error_code krb5_get_credentials - PROTOTYPE((const krb5_flags, + PROTOTYPE((krb5_context, + const krb5_flags, krb5_ccache, krb5_creds * )); krb5_error_code krb5_mk_req - PROTOTYPE((krb5_const_principal, + PROTOTYPE((krb5_context, + krb5_const_principal, const krb5_flags, const krb5_checksum *, krb5_ccache, krb5_data * )); krb5_error_code krb5_mk_req_extended - PROTOTYPE((const krb5_flags, + PROTOTYPE((krb5_context, + const krb5_flags, const krb5_checksum *, const krb5_flags, krb5_int32, @@ -79,26 +92,32 @@ krb5_error_code krb5_mk_req_extended krb5_authenticator *, krb5_data * )); krb5_error_code krb5_rd_req_simple - PROTOTYPE((const krb5_data *, + PROTOTYPE((krb5_context, + const krb5_data *, krb5_const_principal, const krb5_address *, krb5_tkt_authent ** )); krb5_error_code krb5_mk_rep - PROTOTYPE((const krb5_ap_rep_enc_part *, + PROTOTYPE((krb5_context, + const krb5_ap_rep_enc_part *, const krb5_keyblock *, krb5_data *)); krb5_error_code krb5_rd_rep - PROTOTYPE((const krb5_data *, + PROTOTYPE((krb5_context, + const krb5_data *, const krb5_keyblock *, krb5_ap_rep_enc_part **)); krb5_error_code krb5_mk_error - PROTOTYPE((const krb5_error *, + PROTOTYPE((krb5_context, + const krb5_error *, krb5_data * )); krb5_error_code krb5_rd_error - PROTOTYPE((const krb5_data *, + PROTOTYPE((krb5_context, + const krb5_data *, krb5_error ** )); krb5_error_code krb5_rd_safe - PROTOTYPE((const krb5_data *, + PROTOTYPE((krb5_context, + const krb5_data *, const krb5_keyblock *, const krb5_address *, const krb5_address *, @@ -106,7 +125,8 @@ krb5_error_code krb5_rd_safe krb5_rcache, krb5_data * )); krb5_error_code krb5_rd_priv - PROTOTYPE((const krb5_data *, + PROTOTYPE((krb5_context, + const krb5_data *, const krb5_keyblock *, const krb5_address *, const krb5_address *, @@ -115,202 +135,270 @@ krb5_error_code krb5_rd_priv krb5_rcache, krb5_data * )); krb5_error_code krb5_parse_name - PROTOTYPE((const char *, + PROTOTYPE((krb5_context, + const char *, krb5_principal * )); krb5_error_code krb5_unparse_name - PROTOTYPE((krb5_const_principal, + PROTOTYPE((krb5_context, + krb5_const_principal, char ** )); krb5_error_code krb5_unparse_name_ext - PROTOTYPE((krb5_const_principal, + PROTOTYPE((krb5_context, + krb5_const_principal, char **, int *)); krb5_boolean krb5_address_search - PROTOTYPE((const krb5_address *, + PROTOTYPE((krb5_context, + const krb5_address *, krb5_address * const *)); krb5_boolean krb5_address_compare - PROTOTYPE((const krb5_address *, + PROTOTYPE((krb5_context, + const krb5_address *, const krb5_address *)); int krb5_address_order - PROTOTYPE((const krb5_address *, + PROTOTYPE((krb5_context, + const krb5_address *, const krb5_address *)); krb5_boolean krb5_realm_compare - PROTOTYPE((krb5_const_principal, + PROTOTYPE((krb5_context, + krb5_const_principal, krb5_const_principal)); krb5_boolean krb5_principal_compare - PROTOTYPE((krb5_const_principal, + PROTOTYPE((krb5_context, + krb5_const_principal, krb5_const_principal)); int krb5_fulladdr_order - PROTOTYPE((const krb5_fulladdr *, + PROTOTYPE((krb5_context, + const krb5_fulladdr *, const krb5_fulladdr *)); krb5_error_code krb5_copy_keyblock - PROTOTYPE((const krb5_keyblock *, + PROTOTYPE((krb5_context, + const krb5_keyblock *, krb5_keyblock **)); krb5_error_code krb5_copy_keyblock_contents - PROTOTYPE((const krb5_keyblock *, + PROTOTYPE((krb5_context, + const krb5_keyblock *, krb5_keyblock *)); krb5_error_code krb5_copy_creds - PROTOTYPE((const krb5_creds *, + PROTOTYPE((krb5_context, + const krb5_creds *, krb5_creds **)); krb5_error_code krb5_copy_data - PROTOTYPE((const krb5_data *, + PROTOTYPE((krb5_context, + const krb5_data *, krb5_data **)); krb5_error_code krb5_copy_principal - PROTOTYPE((krb5_const_principal, + PROTOTYPE((krb5_context, + krb5_const_principal, krb5_principal *)); krb5_error_code krb5_copy_addresses - PROTOTYPE((krb5_address * const *, + PROTOTYPE((krb5_context, + krb5_address * const *, krb5_address ***)); krb5_error_code krb5_copy_ticket - PROTOTYPE((const krb5_ticket *, krb5_ticket **)); + PROTOTYPE((krb5_context, + const krb5_ticket *, krb5_ticket **)); krb5_error_code krb5_copy_authdata - PROTOTYPE((krb5_authdata * const *, + PROTOTYPE((krb5_context, + krb5_authdata * const *, krb5_authdata ***)); krb5_error_code krb5_copy_authenticator - PROTOTYPE((const krb5_authenticator *, + PROTOTYPE((krb5_context, + const krb5_authenticator *, krb5_authenticator **)); krb5_error_code krb5_copy_checksum - PROTOTYPE((const krb5_checksum *, + PROTOTYPE((krb5_context, + const krb5_checksum *, krb5_checksum **)); -void krb5_init_ets PROTOTYPE((void)); +void krb5_init_ets PROTOTYPE((krb5_context)); krb5_error_code krb5_generate_subkey - PROTOTYPE((const krb5_keyblock *, krb5_keyblock **)); + PROTOTYPE((krb5_context, + const krb5_keyblock *, krb5_keyblock **)); krb5_error_code krb5_generate_seq_number - PROTOTYPE((const krb5_keyblock *, krb5_int32 *)); + PROTOTYPE((krb5_context, + const krb5_keyblock *, krb5_int32 *)); krb5_error_code krb5_get_server_rcache - PROTOTYPE((const krb5_data *, krb5_rcache *)); + PROTOTYPE((krb5_context, + const krb5_data *, krb5_rcache *)); krb5_error_code krb5_build_principal_ext - STDARG_P((krb5_principal *, int, const char *, ...)); + STDARG_P((krb5_context, krb5_principal *, int, const char *, ...)); krb5_error_code krb5_build_principal - STDARG_P((krb5_principal *, int, const char *, ...)); + STDARG_P((krb5_context, krb5_principal *, int, const char *, ...)); #ifdef va_start /* XXX depending on varargs include file defining va_start... */ krb5_error_code krb5_build_principal_va - PROTOTYPE((krb5_principal *, int, const char *, va_list)); + PROTOTYPE((krb5_context, + krb5_principal *, int, const char *, va_list)); #endif krb5_error_code krb5_425_conv_principal - PROTOTYPE((const char *name, const char *instance, const char *realm, + PROTOTYPE((krb5_context, + const char *name, const char *instance, const char *realm, krb5_principal *princ)); krb5_error_code krb5_obtain_padata - PROTOTYPE((int type, krb5_principal client, krb5_address **src_addr, + PROTOTYPE((krb5_context, + int type, krb5_principal client, krb5_address **src_addr, krb5_keyblock *encrypt_key, krb5_pa_data **data)); krb5_error_code krb5_verify_padata - PROTOTYPE((krb5_pa_data * data, krb5_principal client, + PROTOTYPE((krb5_context, + krb5_pa_data * data, krb5_principal client, krb5_address **src_addr, krb5_keyblock *decrypt_key, int *req_id, int *flags)); /* libkt.spec */ krb5_error_code krb5_kt_register - PROTOTYPE((krb5_kt_ops * )); + PROTOTYPE((krb5_context, + krb5_kt_ops * )); krb5_error_code krb5_kt_resolve - PROTOTYPE((const char *, + PROTOTYPE((krb5_context, + const char *, krb5_keytab * )); krb5_error_code krb5_kt_default_name - PROTOTYPE((char *, + PROTOTYPE((krb5_context, + char *, int )); krb5_error_code krb5_kt_default - PROTOTYPE((krb5_keytab * )); + PROTOTYPE((krb5_context, + krb5_keytab * )); krb5_error_code krb5_kt_free_entry - PROTOTYPE((krb5_keytab_entry * )); + PROTOTYPE((krb5_context, + krb5_keytab_entry * )); /* remove and add are functions, so that they can return NOWRITE if not a writable keytab */ krb5_error_code krb5_kt_remove_entry - PROTOTYPE((krb5_keytab, + PROTOTYPE((krb5_context, + krb5_keytab, krb5_keytab_entry * )); krb5_error_code krb5_kt_add_entry - PROTOTYPE((krb5_keytab, + PROTOTYPE((krb5_context, + krb5_keytab, krb5_keytab_entry * )); krb5_error_code krb5_principal2salt - PROTOTYPE((krb5_const_principal, krb5_data *)); + PROTOTYPE((krb5_context, + krb5_const_principal, krb5_data *)); krb5_error_code krb5_principal2salt_norealm - PROTOTYPE((krb5_const_principal, krb5_data *)); + PROTOTYPE((krb5_context, + krb5_const_principal, krb5_data *)); /* librc.spec--see rcache.h */ /* libcc.spec */ krb5_error_code krb5_cc_resolve - PROTOTYPE((char *, + PROTOTYPE((krb5_context, + char *, krb5_ccache * )); krb5_error_code krb5_cc_generate_new - PROTOTYPE((krb5_cc_ops *, + PROTOTYPE((krb5_context, + krb5_cc_ops *, krb5_ccache * )); char *krb5_cc_default_name - PROTOTYPE((void )); + PROTOTYPE((krb5_context)); krb5_error_code krb5_cc_default - PROTOTYPE((krb5_ccache *)); + PROTOTYPE((krb5_context, + krb5_ccache *)); /* chk_trans.c */ krb5_error_code krb5_check_transited_list - PROTOTYPE((krb5_data *trans, krb5_data *realm1, krb5_data *realm2)); + PROTOTYPE((krb5_context, + krb5_data *trans, krb5_data *realm1, krb5_data *realm2)); /* free_rtree.c */ void krb5_free_realm_tree - PROTOTYPE((krb5_principal *)); + PROTOTYPE((krb5_context, + krb5_principal *)); /* krb5_free.c */ void krb5_free_principal - PROTOTYPE((krb5_principal )); + PROTOTYPE((krb5_context, + krb5_principal )); void krb5_free_authenticator - PROTOTYPE((krb5_authenticator * )); + PROTOTYPE((krb5_context, + krb5_authenticator * )); void krb5_free_authenticator_contents - PROTOTYPE((krb5_authenticator * )); + PROTOTYPE((krb5_context, + krb5_authenticator * )); void krb5_free_addresses - PROTOTYPE((krb5_address ** )); + PROTOTYPE((krb5_context, + krb5_address ** )); void krb5_free_address - PROTOTYPE((krb5_address * )); + PROTOTYPE((krb5_context, + krb5_address * )); void krb5_free_authdata - PROTOTYPE((krb5_authdata ** )); + PROTOTYPE((krb5_context, + krb5_authdata ** )); void krb5_free_enc_tkt_part - PROTOTYPE((krb5_enc_tkt_part * )); + PROTOTYPE((krb5_context, + krb5_enc_tkt_part * )); void krb5_free_ticket - PROTOTYPE((krb5_ticket * )); + PROTOTYPE((krb5_context, + krb5_ticket * )); void krb5_free_tickets - PROTOTYPE((krb5_ticket ** )); + PROTOTYPE((krb5_context, + krb5_ticket ** )); void krb5_free_kdc_req - PROTOTYPE((krb5_kdc_req * )); + PROTOTYPE((krb5_context, + krb5_kdc_req * )); void krb5_free_kdc_rep - PROTOTYPE((krb5_kdc_rep * )); + PROTOTYPE((krb5_context, + krb5_kdc_rep * )); void krb5_free_last_req - PROTOTYPE((krb5_last_req_entry ** )); + PROTOTYPE((krb5_context, + krb5_last_req_entry ** )); void krb5_free_enc_kdc_rep_part - PROTOTYPE((krb5_enc_kdc_rep_part * )); + PROTOTYPE((krb5_context, + krb5_enc_kdc_rep_part * )); void krb5_free_error - PROTOTYPE((krb5_error * )); + PROTOTYPE((krb5_context, + krb5_error * )); void krb5_free_ap_req - PROTOTYPE((krb5_ap_req * )); + PROTOTYPE((krb5_context, + krb5_ap_req * )); void krb5_free_ap_rep - PROTOTYPE((krb5_ap_rep * )); + PROTOTYPE((krb5_context, + krb5_ap_rep * )); void krb5_free_safe - PROTOTYPE((krb5_safe * )); + PROTOTYPE((krb5_context, + krb5_safe * )); void krb5_free_priv - PROTOTYPE((krb5_priv * )); + PROTOTYPE((krb5_context, + krb5_priv * )); void krb5_free_priv_enc_part - PROTOTYPE((krb5_priv_enc_part * )); + PROTOTYPE((krb5_context, + krb5_priv_enc_part * )); void krb5_free_kdc_req - PROTOTYPE((krb5_kdc_req * )); + PROTOTYPE((krb5_context, + krb5_kdc_req * )); void krb5_free_creds - PROTOTYPE((krb5_creds *)); + PROTOTYPE((krb5_context, + krb5_creds *)); void krb5_free_cred_contents - PROTOTYPE((krb5_creds *)); + PROTOTYPE((krb5_context, + krb5_creds *)); void krb5_free_checksum - PROTOTYPE((krb5_checksum *)); + PROTOTYPE((krb5_context, + krb5_checksum *)); void krb5_free_keyblock - PROTOTYPE((krb5_keyblock *)); + PROTOTYPE((krb5_context, + krb5_keyblock *)); void krb5_free_pa_data - PROTOTYPE((krb5_pa_data **)); + PROTOTYPE((krb5_context, + krb5_pa_data **)); void krb5_free_ap_rep_enc_part - PROTOTYPE((krb5_ap_rep_enc_part *)); + PROTOTYPE((krb5_context, + krb5_ap_rep_enc_part *)); void krb5_free_tkt_authent - PROTOTYPE((krb5_tkt_authent *)); + PROTOTYPE((krb5_context, + krb5_tkt_authent *)); #include <krb5/widen.h> /* Only put things which don't have pointers to the narrow types in this section */ krb5_error_code krb5_encode_kdc_rep - PROTOTYPE((const krb5_msgtype, + PROTOTYPE((krb5_context, + const krb5_msgtype, const krb5_enc_kdc_rep_part *, krb5_encrypt_block *, const krb5_keyblock *, @@ -318,7 +406,8 @@ krb5_error_code krb5_encode_kdc_rep krb5_data ** )); krb5_error_code krb5_send_tgs - PROTOTYPE((const krb5_flags, + PROTOTYPE((krb5_context, + const krb5_flags, const krb5_ticket_times *, const krb5_enctype, const krb5_cksumtype, @@ -331,17 +420,20 @@ krb5_error_code krb5_send_tgs krb5_response * )); krb5_error_code krb5_get_in_tkt - PROTOTYPE((const krb5_flags, + PROTOTYPE((krb5_context, + const krb5_flags, krb5_address * const *, const krb5_preauthtype, const krb5_enctype, const krb5_keytype, - krb5_error_code (* )(const krb5_keytype, + krb5_error_code (* )(krb5_context, + const krb5_keytype, krb5_keyblock **, krb5_const_pointer, krb5_pa_data **), krb5_const_pointer, - krb5_error_code (* )(const krb5_keyblock *, + krb5_error_code (* )(krb5_context, + const krb5_keyblock *, krb5_const_pointer, krb5_kdc_rep * ), krb5_const_pointer, @@ -350,7 +442,8 @@ krb5_error_code krb5_get_in_tkt krb5_kdc_rep ** )); krb5_error_code krb5_get_in_tkt_with_password - PROTOTYPE((const krb5_flags, + PROTOTYPE((krb5_context, + const krb5_flags, krb5_address * const *, const krb5_preauthtype pre_auth_type, const krb5_enctype, @@ -361,7 +454,8 @@ krb5_error_code krb5_get_in_tkt_with_password krb5_kdc_rep ** )); krb5_error_code krb5_get_in_tkt_with_skey - PROTOTYPE((const krb5_flags, + PROTOTYPE((krb5_context, + const krb5_flags, krb5_address * const *, const krb5_preauthtype pre_auth_type, const krb5_enctype, @@ -371,19 +465,22 @@ krb5_error_code krb5_get_in_tkt_with_skey krb5_kdc_rep ** )); krb5_error_code krb5_decode_kdc_rep - PROTOTYPE((krb5_data *, + PROTOTYPE((krb5_context, + krb5_data *, const krb5_keyblock *, const krb5_enctype, krb5_kdc_rep ** )); -typedef krb5_error_code (*krb5_rdreq_key_proc) PROTOTYPE((krb5_pointer, +typedef krb5_error_code (*krb5_rdreq_key_proc) PROTOTYPE((krb5_context, + krb5_pointer, krb5_principal, krb5_kvno, krb5_keyblock **)); krb5_error_code krb5_rd_req - PROTOTYPE((const krb5_data *, + PROTOTYPE((krb5_context, + const krb5_data *, krb5_const_principal, const krb5_address *, const char *, @@ -393,7 +490,8 @@ krb5_error_code krb5_rd_req krb5_tkt_authent ** )); krb5_error_code krb5_rd_req_decoded - PROTOTYPE((const krb5_ap_req *, + PROTOTYPE((krb5_context, + const krb5_ap_req *, krb5_const_principal, const krb5_address *, const char *, @@ -403,12 +501,14 @@ krb5_error_code krb5_rd_req_decoded krb5_tkt_authent ** )); krb5_error_code krb5_kt_read_service_key - PROTOTYPE((krb5_pointer, + PROTOTYPE((krb5_context, + krb5_pointer, krb5_principal, krb5_kvno, krb5_keyblock **)); krb5_error_code krb5_mk_safe - PROTOTYPE((const krb5_data *, + PROTOTYPE((krb5_context, + const krb5_data *, const krb5_cksumtype , const krb5_keyblock *, const krb5_address *, @@ -417,7 +517,8 @@ krb5_error_code krb5_mk_safe krb5_rcache, krb5_data * )); krb5_error_code krb5_mk_priv - PROTOTYPE((const krb5_data *, + PROTOTYPE((krb5_context, + const krb5_data *, const krb5_enctype, const krb5_keyblock *, const krb5_address *, @@ -427,46 +528,52 @@ krb5_error_code krb5_mk_priv krb5_pointer, krb5_data * )); krb5_error_code krb5_cc_register - PROTOTYPE((krb5_cc_ops *, + PROTOTYPE((krb5_context, + krb5_cc_ops *, krb5_boolean )); -krb5_error_code krb5_sendauth PROTOTYPE((krb5_pointer, - char *, - krb5_principal, - krb5_principal, - krb5_flags, - krb5_checksum *, - krb5_creds *, - krb5_ccache, - krb5_int32 *, - krb5_keyblock **, - krb5_error **, - krb5_ap_rep_enc_part **)); +krb5_error_code krb5_sendauth + PROTOTYPE((krb5_context, + krb5_pointer, + char *, + krb5_principal, + krb5_principal, + krb5_flags, + krb5_checksum *, + krb5_creds *, + krb5_ccache, + krb5_int32 *, + krb5_keyblock **, + krb5_error **, + krb5_ap_rep_enc_part **)); -krb5_error_code krb5_recvauth PROTOTYPE((krb5_pointer, - char *, - krb5_principal, - krb5_address *, - krb5_pointer, - krb5_rdreq_key_proc, - krb5_pointer, - char *, - krb5_int32, - krb5_int32 *, - krb5_principal*, - krb5_ticket **, - krb5_authenticator **)); +krb5_error_code krb5_recvauth PROTOTYPE((krb5_context, + krb5_pointer, + char *, + krb5_principal, + krb5_address *, + krb5_pointer, + krb5_rdreq_key_proc, + krb5_pointer, + char *, + krb5_int32, + krb5_int32 *, + krb5_principal*, + krb5_ticket **, + krb5_authenticator **)); #ifdef NARROW_PROTOTYPES krb5_error_code krb5_walk_realm_tree - PROTOTYPE((const krb5_data *, + PROTOTYPE((krb5_context, + const krb5_data *, const krb5_data *, krb5_principal **, char)); #else krb5_error_code krb5_walk_realm_tree - PROTOTYPE((const krb5_data *, + PROTOTYPE((krb5_context, + const krb5_data *, const krb5_data *, krb5_principal **, int)); diff --git a/src/include/krb5/kdb.h b/src/include/krb5/kdb.h index 8bf2e9e0f3..2f954fd298 100644 --- a/src/include/krb5/kdb.h +++ b/src/include/krb5/kdb.h @@ -101,8 +101,8 @@ typedef struct _krb5_db_entry { /* XXX depends on knowledge of krb5_parse_name() formats */ #define KRB5_KDB_M_NAME "K/M" /* Kerberos/Master */ -#define KDB_CONVERT_KEY_TO_DB(in,out) krb5_kdb_encrypt_key(&master_encblock, in, out) -#define KDB_CONVERT_KEY_OUTOF_DB(in, out) krb5_kdb_decrypt_key(&master_encblock, in, out) +#define KDB_CONVERT_KEY_TO_DB(context,in,out) krb5_kdb_encrypt_key(context,&master_encblock, in, out) +#define KDB_CONVERT_KEY_OUTOF_DB(context,in, out) krb5_kdb_decrypt_key(context,&master_encblock, in, out) /* prompts used by default when reading the KDC password from the keyboard. */ #define KRB5_KDC_MKEY_1 "Enter KDC database master key:" @@ -114,71 +114,96 @@ extern char *krb5_mkey_pwd_prompt2; /* libkdb.spec */ krb5_error_code krb5_db_set_name - PROTOTYPE((char * )); + PROTOTYPE((krb5_context, + char * )); krb5_error_code krb5_db_init - PROTOTYPE((void )); + PROTOTYPE((krb5_context)); krb5_error_code krb5_db_fini - PROTOTYPE((void )); + PROTOTYPE((krb5_context)); krb5_error_code krb5_db_get_age - PROTOTYPE((char *, + PROTOTYPE((krb5_context, + char *, time_t * )); krb5_error_code krb5_db_create - PROTOTYPE((char * )); + PROTOTYPE((krb5_context, + char * )); krb5_error_code krb5_db_rename - PROTOTYPE((char *, + PROTOTYPE((krb5_context, + char *, char * )); krb5_error_code krb5_db_get_principal - PROTOTYPE((krb5_principal , + PROTOTYPE((krb5_context, + krb5_principal , krb5_db_entry *, int *, krb5_boolean * )); void krb5_db_free_principal - PROTOTYPE((krb5_db_entry *, + PROTOTYPE((krb5_context, + krb5_db_entry *, int )); krb5_error_code krb5_db_put_principal - PROTOTYPE((krb5_db_entry *, + PROTOTYPE((krb5_context, + krb5_db_entry *, int * )); krb5_error_code krb5_db_delete_principal - PROTOTYPE((krb5_principal, + PROTOTYPE((krb5_context, + krb5_principal, int * )); krb5_error_code krb5_db_iterate - PROTOTYPE((krb5_error_code (* ) PROTOTYPE((krb5_pointer, + PROTOTYPE((krb5_context, + krb5_error_code (* ) PROTOTYPE((krb5_pointer, krb5_db_entry *)), krb5_pointer )); krb5_error_code krb5_db_verify_master_key - PROTOTYPE((krb5_principal, krb5_keyblock *, krb5_encrypt_block *)); -krb5_error_code krb5_db_store_mkey PROTOTYPE((char *, - krb5_principal, - krb5_keyblock *)); + PROTOTYPE((krb5_context, + krb5_principal, + krb5_keyblock *, + krb5_encrypt_block *)); +krb5_error_code krb5_db_store_mkey + PROTOTYPE((krb5_context, + char *, + krb5_principal, + krb5_keyblock *)); krb5_error_code krb5_kdb_encrypt_key - PROTOTYPE((krb5_encrypt_block *, + PROTOTYPE((krb5_context, + krb5_encrypt_block *, const krb5_keyblock *, krb5_encrypted_keyblock *)); krb5_error_code krb5_kdb_decrypt_key - PROTOTYPE((krb5_encrypt_block *, + PROTOTYPE((krb5_context, + krb5_encrypt_block *, const krb5_encrypted_keyblock *, krb5_keyblock *)); krb5_error_code krb5_db_setup_mkey_name - PROTOTYPE((const char *, const char *, char **, krb5_principal *)); + PROTOTYPE((krb5_context, + const char *, + const char *, + char **, + krb5_principal *)); krb5_error_code krb5_db_lock - PROTOTYPE((int )); + PROTOTYPE((krb5_context, + int )); krb5_error_code krb5_db_unlock - PROTOTYPE ((void )); + PROTOTYPE((krb5_context)); /* need to play games here, since we take a pointer and the real thing, and it might be narrow. */ #ifdef NARROW_PROTOTYPES krb5_error_code krb5_db_set_nonblocking - PROTOTYPE((krb5_boolean, + PROTOTYPE((krb5_context, + krb5_boolean, krb5_boolean * )); krb5_boolean krb5_db_set_lockmode - PROTOTYPE((krb5_boolean )); + PROTOTYPE((krb5_context, + krb5_boolean )); #else krb5_error_code krb5_db_set_nonblocking - PROTOTYPE((int, /* krb5_boolean */ + PROTOTYPE((krb5_context, + int, /* krb5_boolean */ krb5_boolean * )); krb5_boolean krb5_db_set_lockmode - PROTOTYPE((int /* krb5_boolean */ )); + PROTOTYPE((krb5_context, + int /* krb5_boolean */ )); #endif /* NARROW_PROTOTYPES */ #include <krb5/widen.h> @@ -186,8 +211,13 @@ krb5_boolean krb5_db_set_lockmode section */ krb5_error_code krb5_db_fetch_mkey - PROTOTYPE((krb5_principal, krb5_encrypt_block *, krb5_boolean, - krb5_boolean, krb5_data *, krb5_keyblock * )); + PROTOTYPE((krb5_context, + krb5_principal, + krb5_encrypt_block *, + krb5_boolean, + krb5_boolean, + krb5_data *, + krb5_keyblock * )); #include <krb5/narrow.h> diff --git a/src/include/krb5/kdb_dbm.h b/src/include/krb5/kdb_dbm.h index ade24da71b..2e516d50a5 100644 --- a/src/include/krb5/kdb_dbm.h +++ b/src/include/krb5/kdb_dbm.h @@ -57,40 +57,70 @@ #define krb5_dbm_db_open_database krb5_db_open_database /* libkdb.spec */ -krb5_error_code krb5_dbm_db_set_name PROTOTYPE((char * )); -krb5_error_code krb5_dbm_db_init PROTOTYPE((void )); -krb5_error_code krb5_dbm_db_fini PROTOTYPE((void )); -krb5_error_code krb5_dbm_db_get_age PROTOTYPE((char *, time_t * )); -krb5_error_code krb5_dbm_db_create PROTOTYPE((char * )); -krb5_error_code krb5_dbm_db_destroy PROTOTYPE((char * )); -krb5_error_code krb5_dbm_db_rename PROTOTYPE((char *, char * )); -krb5_error_code krb5_dbm_db_get_principal PROTOTYPE((krb5_principal, - krb5_db_entry *, - int *, - krb5_boolean * )); -void krb5_dbm_db_free_principal PROTOTYPE((krb5_db_entry *, int )); -krb5_error_code krb5_dbm_db_put_principal PROTOTYPE((krb5_db_entry *, - int * )); +krb5_error_code krb5_dbm_db_set_name + PROTOTYPE((krb5_context, + char * )); +krb5_error_code krb5_dbm_db_init + PROTOTYPE((krb5_context)); +krb5_error_code krb5_dbm_db_fini + PROTOTYPE((krb5_context)); +krb5_error_code krb5_dbm_db_get_age + PROTOTYPE((krb5_context, + char *, + time_t * )); +krb5_error_code krb5_dbm_db_create + PROTOTYPE((krb5_context, + char * )); +krb5_error_code krb5_dbm_db_destroy + PROTOTYPE((krb5_context, + char * )); +krb5_error_code krb5_dbm_db_rename + PROTOTYPE((krb5_context, + char *, + char * )); +krb5_error_code krb5_dbm_db_get_principal + PROTOTYPE((krb5_context, + krb5_principal, + krb5_db_entry *, + int *, + krb5_boolean * )); +void krb5_dbm_db_free_principal + PROTOTYPE((krb5_context, + krb5_db_entry *, + int )); +krb5_error_code krb5_dbm_db_put_principal + PROTOTYPE((krb5_context, + krb5_db_entry *, + int * )); krb5_error_code krb5_dbm_db_iterate - PROTOTYPE((krb5_error_code (*) PROTOTYPE((krb5_pointer, - krb5_db_entry *)), - krb5_pointer )); + PROTOTYPE((krb5_context, + krb5_error_code (*) PROTOTYPE((krb5_pointer, + krb5_db_entry *)), + krb5_pointer )); /* need to play games here, since we take a pointer and the real thing, and it might be narrow. */ #ifdef NARROW_PROTOTYPES -krb5_error_code krb5_dbm_db_set_nonblocking PROTOTYPE((krb5_boolean, - krb5_boolean * )); +krb5_error_code krb5_dbm_db_set_nonblocking + PROTOTYPE((krb5_context, + krb5_boolean, + krb5_boolean * )); krb5_boolean krb5_dbm_db_set_lockmode - PROTOTYPE((krb5_boolean )); + PROTOTYPE((krb5_context, + krb5_boolean )); #else -krb5_error_code krb5_dbm_db_set_nonblocking PROTOTYPE((int, /* krb5_boolean */ - krb5_boolean * )); +krb5_error_code krb5_dbm_db_set_nonblocking + PROTOTYPE((krb5_context, + int, /* krb5_boolean */ + krb5_boolean * )); krb5_boolean krb5_dbm_db_set_lockmode - PROTOTYPE((int /* krb5_boolean */ )); + PROTOTYPE((krb5_context, + int /* krb5_boolean */ )); #endif /* NARROW_PROTOTYPES */ -krb5_error_code krb5_dbm_db_open_database PROTOTYPE ((void)); -krb5_error_code krb5_dbm_db_close_database PROTOTYPE ((void)); +krb5_error_code krb5_dbm_db_open_database + PROTOTYPE((krb5_context)); +krb5_error_code krb5_dbm_db_close_database + PROTOTYPE((krb5_context)); #endif /* KRB5_KDB5_DBM__ */ diff --git a/src/include/krb5/keytab.h b/src/include/krb5/keytab.h index fb7a85120e..f9e6ce98f5 100644 --- a/src/include/krb5/keytab.h +++ b/src/include/krb5/keytab.h @@ -57,39 +57,57 @@ typedef struct _krb5_kt_ops { krb5_magic magic; char *prefix; /* routines always present */ - krb5_error_code (*resolve) NPROTOTYPE((const char *, - krb5_keytab *)); - krb5_error_code (*get_name) NPROTOTYPE((krb5_keytab, - char *, - int)); - krb5_error_code (*close) NPROTOTYPE((krb5_keytab)); - krb5_error_code (*get) NPROTOTYPE((krb5_keytab, - krb5_principal, - krb5_kvno, - krb5_keytab_entry *)); - krb5_error_code (*start_seq_get) NPROTOTYPE((krb5_keytab, - krb5_kt_cursor *)); - krb5_error_code (*get_next) NPROTOTYPE((krb5_keytab, - krb5_keytab_entry *, - krb5_kt_cursor *)); - krb5_error_code (*end_get) NPROTOTYPE((krb5_keytab, - krb5_kt_cursor *)); + krb5_error_code (*resolve) + NPROTOTYPE((krb5_context, + const char *, + krb5_keytab *)); + krb5_error_code (*get_name) + NPROTOTYPE((krb5_context, + krb5_keytab, + char *, + int)); + krb5_error_code (*close) + NPROTOTYPE((krb5_context, + krb5_keytab)); + krb5_error_code (*get) + NPROTOTYPE((krb5_context, + krb5_keytab, + krb5_principal, + krb5_kvno, + krb5_keytab_entry *)); + krb5_error_code (*start_seq_get) + NPROTOTYPE((krb5_context, + krb5_keytab, + krb5_kt_cursor *)); + krb5_error_code (*get_next) + NPROTOTYPE((krb5_context, + krb5_keytab, + krb5_keytab_entry *, + krb5_kt_cursor *)); + krb5_error_code (*end_get) + NPROTOTYPE((krb5_context, + krb5_keytab, + krb5_kt_cursor *)); /* routines to be included on extended version (write routines) */ - krb5_error_code (*add) NPROTOTYPE((krb5_keytab, - krb5_keytab_entry *)); - krb5_error_code (*remove) NPROTOTYPE((krb5_keytab, - krb5_keytab_entry *)); + krb5_error_code (*add) + NPROTOTYPE((krb5_context, + krb5_keytab, + krb5_keytab_entry *)); + krb5_error_code (*remove) + NPROTOTYPE((krb5_context, + krb5_keytab, + krb5_keytab_entry *)); } krb5_kt_ops; /* and back to narrow */ #include <krb5/narrow.h> -#define krb5_kt_get_name(keytab, name, namelen) (*(keytab)->ops->get_name)(keytab,name,namelen) -#define krb5_kt_close(keytab) (*(keytab)->ops->close)(keytab) -#define krb5_kt_get_entry(keytab, principal, vno, entry) (*(keytab)->ops->get)(keytab, principal, vno, entry) -#define krb5_kt_start_seq_get(keytab, cursor) (*(keytab)->ops->start_seq_get)(keytab, cursor) -#define krb5_kt_next_entry(keytab, entry, cursor) (*(keytab)->ops->get_next)(keytab, entry, cursor) -#define krb5_kt_end_seq_get(keytab, cursor) (*(keytab)->ops->end_get)(keytab, cursor) +#define krb5_kt_get_name(context, keytab, name, namelen) (*(keytab)->ops->get_name)(context, keytab,name,namelen) +#define krb5_kt_close(context, keytab) (*(keytab)->ops->close)(context, keytab) +#define krb5_kt_get_entry(context, keytab, principal, vno, entry) (*(keytab)->ops->get)(context, keytab, principal, vno, entry) +#define krb5_kt_start_seq_get(context, keytab, cursor) (*(keytab)->ops->start_seq_get)(context, keytab, cursor) +#define krb5_kt_next_entry(context, keytab, entry, cursor) (*(keytab)->ops->get_next)(context, keytab, entry, cursor) +#define krb5_kt_end_seq_get(context, keytab, cursor) (*(keytab)->ops->end_get)(context, keytab, cursor) /* remove and add are functions, so that they can return NOWRITE if not a writable keytab */ diff --git a/src/include/krb5/krb5.h b/src/include/krb5/krb5.h index fccbd92133..1502819615 100644 --- a/src/include/krb5/krb5.h +++ b/src/include/krb5/krb5.h @@ -36,6 +36,12 @@ #include <krb5/base-defs.h> #include <krb5/hostaddr.h> + +typedef struct _krb5_context { + krb5_magic magic; + void *os_context; +} *krb5_context; + #include <krb5/encryption.h> #include <krb5/fieldbits.h> #include <krb5/errors.h> @@ -43,11 +49,6 @@ #include <krb5/macros.h> #include <krb5/error_def.h> -typedef struct _krb5_context { - krb5_magic magic; - void *os_context; -} *krb5_context; - /* Time set */ typedef struct _krb5_ticket_times { krb5_timestamp authtime; /* XXX ? should ktime in KDC_REP == authtime diff --git a/src/include/krb5/los-proto.h b/src/include/krb5/los-proto.h index 7f162d7030..ed2d4e4310 100644 --- a/src/include/krb5/los-proto.h +++ b/src/include/krb5/los-proto.h @@ -36,81 +36,108 @@ void krb5_free_os_context /* libos.spec */ krb5_error_code krb5_read_password - PROTOTYPE((char *, + PROTOTYPE((krb5_context, + char *, char *, char *, int * )); krb5_error_code krb5_lock_file - PROTOTYPE((FILE *, + PROTOTYPE((krb5_context, + FILE *, char *, int )); krb5_error_code krb5_unlock_file - PROTOTYPE((FILE *, + PROTOTYPE((krb5_context, + FILE *, char * )); krb5_error_code krb5_timeofday - PROTOTYPE((krb5_int32 * )); + PROTOTYPE((krb5_context, + krb5_int32 * )); krb5_error_code krb5_us_timeofday - PROTOTYPE((krb5_int32 *, + PROTOTYPE((krb5_context, + krb5_int32 *, krb5_int32 * )); int krb5_net_read - PROTOTYPE((int , + PROTOTYPE((krb5_context, + int , char *, int )); int krb5_net_write - PROTOTYPE((int , + PROTOTYPE((krb5_context, + int , const char *, int )); /* get all the addresses of this host */ krb5_error_code krb5_os_localaddr PROTOTYPE((krb5_address ***)); krb5_error_code krb5_sendto_kdc - PROTOTYPE((const krb5_data *, + PROTOTYPE((krb5_context, + const krb5_data *, const krb5_data *, krb5_data * )); krb5_error_code krb5_get_krbhst - PROTOTYPE((const krb5_data *, + PROTOTYPE((krb5_context, + const krb5_data *, char *** )); krb5_error_code krb5_free_krbhst - PROTOTYPE((char * const * )); + PROTOTYPE((krb5_context, + char * const * )); krb5_error_code krb5_aname_to_localname - PROTOTYPE((krb5_const_principal, + PROTOTYPE((krb5_context, + krb5_const_principal, const int, char * )); krb5_error_code krb5_get_default_realm - PROTOTYPE(( char ** )); + PROTOTYPE((krb5_context, + char ** )); krb5_error_code krb5_get_host_realm - PROTOTYPE((const char *, + PROTOTYPE((krb5_context, + const char *, char *** )); krb5_error_code krb5_free_host_realm - PROTOTYPE((char * const * )); + PROTOTYPE((krb5_context, + char * const * )); krb5_error_code krb5_get_realm_domain - PROTOTYPE((const char *, + PROTOTYPE((krb5_context, + const char *, char ** )); krb5_boolean krb5_kuserok - PROTOTYPE((krb5_principal, const char *)); + PROTOTYPE((krb5_context, + krb5_principal, const char *)); krb5_error_code krb5_random_confounder PROTOTYPE((int, krb5_pointer )); krb5_error_code krb5_gen_replay_name - PROTOTYPE((const krb5_address *, + PROTOTYPE((krb5_context, + const krb5_address *, const char *, char **)); krb5_error_code krb5_gen_portaddr - PROTOTYPE((const krb5_address *, + PROTOTYPE((krb5_context, + const krb5_address *, krb5_const_pointer, krb5_address **)); krb5_error_code krb5_create_secure_file - PROTOTYPE((const char * pathname)); + PROTOTYPE((krb5_context, + const char * pathname)); krb5_error_code krb5_sync_disk_file - PROTOTYPE((FILE *fp)); + PROTOTYPE((krb5_context, + FILE *fp)); -krb5_error_code krb5_read_message PROTOTYPE((krb5_pointer, krb5_data *)); -krb5_error_code krb5_write_message PROTOTYPE((krb5_pointer, krb5_data *)); +krb5_error_code krb5_read_message + PROTOTYPE((krb5_context, + krb5_pointer, + krb5_data *)); +krb5_error_code krb5_write_message + PROTOTYPE((krb5_context, + krb5_pointer, + krb5_data *)); #include <krb5/widen.h> krb5_error_code krb5_sname_to_principal - PROTOTYPE((const char *, + PROTOTYPE((krb5_context, + const char *, const char *, krb5_int32, krb5_principal *)); diff --git a/src/include/krb5/preauth.h b/src/include/krb5/preauth.h index 649bf5e4b8..cd59af748f 100644 --- a/src/include/krb5/preauth.h +++ b/src/include/krb5/preauth.h @@ -34,11 +34,11 @@ * Note: these typedefs are subject to change.... [tytso:19920903.1609EDT] */ typedef krb5_error_code (krb5_preauth_obtain_proc) - PROTOTYPE((krb5_principal client, krb5_address **src_addr, + PROTOTYPE((krb5_context, krb5_principal client, krb5_address **src_addr, krb5_pa_data *pa_data)); typedef krb5_error_code (krb5_preauth_verify_proc) - PROTOTYPE((krb5_principal client, krb5_address **src_addr, + PROTOTYPE((krb5_context, krb5_principal client, krb5_address **src_addr, krb5_data *data)); typedef struct _krb5_preauth_ops { @@ -66,18 +66,18 @@ krb5_error_code verify_random_padata #endif krb5_error_code get_unixtime_padata - PROTOTYPE((krb5_principal client, krb5_address **src_addr, - krb5_pa_data *data)); + PROTOTYPE((krb5_context, krb5_principal client, + krb5_address **src_addr, krb5_pa_data *data)); krb5_error_code verify_unixtime_padata - PROTOTYPE((krb5_principal client, krb5_address **src_addr, + PROTOTYPE((krb5_context, krb5_principal client, krb5_address **src_addr, krb5_data *data)); krb5_error_code get_securid_padata - PROTOTYPE((krb5_principal client, krb5_address **src_addr, + PROTOTYPE((krb5_context, krb5_principal client, krb5_address **src_addr, krb5_pa_data *data)); krb5_error_code verify_securid_padata - PROTOTYPE((krb5_principal client, krb5_address **src_addr, + PROTOTYPE((krb5_context, krb5_principal client, krb5_address **src_addr, krb5_data *data)); diff --git a/src/include/krb5/rcache.h b/src/include/krb5/rcache.h index 4bd531116d..cadacff5cb 100644 --- a/src/include/krb5/rcache.h +++ b/src/include/krb5/rcache.h @@ -45,36 +45,50 @@ typedef struct _krb5_donot_replay { typedef struct _krb5_rc_ops { krb5_magic magic; char *type; - krb5_error_code (*init)NPROTOTYPE((krb5_rcache,krb5_deltat)); /* create */ - krb5_error_code (*recover)NPROTOTYPE((krb5_rcache)); /* open */ - krb5_error_code (*destroy)NPROTOTYPE((krb5_rcache)); - krb5_error_code (*close)NPROTOTYPE((krb5_rcache)); - krb5_error_code (*store)NPROTOTYPE((krb5_rcache,krb5_donot_replay *)); - krb5_error_code (*expunge)NPROTOTYPE((krb5_rcache)); - krb5_error_code (*get_span)NPROTOTYPE((krb5_rcache,krb5_deltat *)); - char *(*get_name)NPROTOTYPE((krb5_rcache)); - krb5_error_code (*resolve)NPROTOTYPE((krb5_rcache, char *)); + krb5_error_code (*init)NPROTOTYPE((krb5_context, krb5_rcache,krb5_deltat)); /* create */ + krb5_error_code (*recover)NPROTOTYPE((krb5_context, krb5_rcache)); /* open */ + krb5_error_code (*destroy)NPROTOTYPE((krb5_context, krb5_rcache)); + krb5_error_code (*close)NPROTOTYPE((krb5_context, krb5_rcache)); + krb5_error_code (*store)NPROTOTYPE((krb5_context, krb5_rcache,krb5_donot_replay *)); + krb5_error_code (*expunge)NPROTOTYPE((krb5_context, krb5_rcache)); + krb5_error_code (*get_span)NPROTOTYPE((krb5_context, krb5_rcache,krb5_deltat *)); + char *(*get_name)NPROTOTYPE((krb5_context, krb5_rcache)); + krb5_error_code (*resolve)NPROTOTYPE((krb5_context, krb5_rcache, char *)); } krb5_rc_ops; -krb5_error_code krb5_rc_default PROTOTYPE((krb5_rcache *)); -krb5_error_code krb5_rc_register_type PROTOTYPE((krb5_rc_ops *)); -krb5_error_code krb5_rc_resolve_type PROTOTYPE((krb5_rcache *,char *)); -krb5_error_code krb5_rc_resolve_full PROTOTYPE((krb5_rcache *,char *)); -char *krb5_rc_get_type PROTOTYPE((krb5_rcache)); -char *krb5_rc_default_type PROTOTYPE((void)); -char *krb5_rc_default_name PROTOTYPE((void)); -krb5_error_code krb5_auth_to_rep PROTOTYPE((krb5_tkt_authent *, - krb5_donot_replay *)); +krb5_error_code krb5_rc_default + PROTOTYPE((krb5_context, + krb5_rcache *)); +krb5_error_code krb5_rc_register_type + PROTOTYPE((krb5_context, + krb5_rc_ops *)); +krb5_error_code krb5_rc_resolve_type + PROTOTYPE((krb5_context, + krb5_rcache *,char *)); +krb5_error_code krb5_rc_resolve_full + PROTOTYPE((krb5_context, + krb5_rcache *,char *)); +char *krb5_rc_get_type + PROTOTYPE((krb5_context, + krb5_rcache)); +char *krb5_rc_default_type + PROTOTYPE((krb5_context)); +char *krb5_rc_default_name + PROTOTYPE((krb5_context)); +krb5_error_code krb5_auth_to_rep + PROTOTYPE((krb5_context, + krb5_tkt_authent *, + krb5_donot_replay *)); -#define krb5_rc_initialize(id, span) (*(id)->ops->init)(id, span) -#define krb5_rc_recover(id) (*(id)->ops->recover)(id) -#define krb5_rc_destroy(id) (*(id)->ops->destroy)(id) -#define krb5_rc_close(id) (*(id)->ops->close)(id) -#define krb5_rc_store(id, dontreplay) (*(id)->ops->store)(id, dontreplay) -#define krb5_rc_expunge(id) (*(id)->ops->expunge)(id) -#define krb5_rc_get_lifespan(id, spanp) (*(id)->ops->get_span)(id, spanp) -#define krb5_rc_get_name(id) (*(id)->ops->get_name)(id) -#define krb5_rc_resolve(id, name) (*(id)->ops->resolve)(id, name) +#define krb5_rc_initialize(context, id, span) (*(id)->ops->init)(context, id, span) +#define krb5_rc_recover(context, id) (*(id)->ops->recover)(context, id) +#define krb5_rc_destroy(context, id) (*(id)->ops->destroy)(context, id) +#define krb5_rc_close(context, id) (*(id)->ops->close)(context, id) +#define krb5_rc_store(context, id, dontreplay) (*(id)->ops->store)(context, id, dontreplay) +#define krb5_rc_expunge(context, id) (*(id)->ops->expunge)(context, id) +#define krb5_rc_get_lifespan(context, id, spanp) (*(id)->ops->get_span)(context, id, spanp) +#define krb5_rc_get_name(context, id) (*(id)->ops->get_name)(context, id) +#define krb5_rc_resolve(context, id, name) (*(id)->ops->resolve)(context, id, name) extern krb5_rc_ops krb5_rc_dfl_ops; diff --git a/src/kadmin/client/ChangeLog b/src/kadmin/client/ChangeLog index 26466d09b1..c3b2e6745f 100644 --- a/src/kadmin/client/ChangeLog +++ b/src/kadmin/client/ChangeLog @@ -1,3 +1,7 @@ +Fri Jan 13 15:23:47 1995 Chris Provenzano (proven@mit.edu) + + * Added krb5_context to all krb5_routines + Mon Oct 3 19:12:43 1994 Theodore Y. Ts'o (tytso@dcl) * Makefile.in: Use $(srcdir) to find manual page for make install. diff --git a/src/kadmin/client/kadmin.c b/src/kadmin/client/kadmin.c index b2e43694d6..696e62d5ad 100644 --- a/src/kadmin/client/kadmin.c +++ b/src/kadmin/client/kadmin.c @@ -52,15 +52,19 @@ int preauth_search_list[] = { -1 }; -krb5_error_code get_first_ticket - PROTOTYPE((krb5_ccache, - krb5_principal)); +static krb5_error_code get_first_ticket + PROTOTYPE((krb5_context, + krb5_ccache, + krb5_principal)); struct sockaddr_in local_sin, remote_sin; krb5_creds my_creds; -void get_def_princ(); +static void get_def_princ + PROTOTYPE((krb5_context, + krb5_principal * )); + void decode_kadmind_reply(); int print_status_message(); @@ -90,6 +94,7 @@ main(argc,argv) kadmin_requests rd_priv_resp; + krb5_context context; krb5_checksum send_cksum; krb5_data msg_data, inbuf; krb5_int32 seqno; @@ -100,7 +105,9 @@ main(argc,argv) int option; int oper_type; - krb5_init_ets(); + krb5_init_context(&context); + krb5_init_ets(context); + client_name = (char *) malloc(755); memset((char *) client_name, 0, sizeof(client_name)); @@ -108,11 +115,11 @@ main(argc,argv) usage(); if (argc == 1) { /* No User Specified */ - get_def_princ(&client); + get_def_princ(context, &client); strcpy(client_name, client->data[0].data); strncat(client_name, "/admin@", 7); strncat(client_name, client->realm.data, client->realm.length); - if (retval = krb5_parse_name(client_name, &client)) { + if (retval = krb5_parse_name(context, client_name, &client)) { fprintf(stderr, "Unable to Parse Client Name!\n"); usage(); } @@ -123,14 +130,14 @@ main(argc,argv) case 'n': if (argc == 3) { strcpy(client_name, argv[2]); - if (retval = krb5_parse_name(client_name, &client)) { + if (retval = krb5_parse_name(context, client_name, &client)) { fprintf(stderr, "Unable to Parse Client Name!\n"); usage(); } } else { - get_def_princ(&client); - if (retval = krb5_unparse_name(client, &client_name)) { + get_def_princ(context, &client); + if (retval = krb5_unparse_name(context, client, &client_name)) { fprintf(stderr, "Unable to unparse Client Name!\n"); usage(); } @@ -153,7 +160,7 @@ main(argc,argv) fprintf(stderr, "root is not a valid Administrator!\n\n"); usage(); } - if (retval = krb5_parse_name(client_name, &client)) { + if (retval = krb5_parse_name(context, client_name, &client)) { fprintf(stderr, "Error Parsing User Specified Name Option!\n"); exit(1); } @@ -163,11 +170,11 @@ main(argc,argv) /* Create credential cache for kadmin */ (void) sprintf(cache_name, "FILE:/tmp/tkt_adm_%d", getpid()); - if ((retval = krb5_cc_resolve(cache_name, &cache))) { + if ((retval = krb5_cc_resolve(context, cache_name, &cache))) { fprintf(stderr, "Unable to Resolve Cache: %s!\n", cache_name); } - if ((retval = krb5_cc_initialize(cache, client))) { + if ((retval = krb5_cc_initialize(context, cache, client))) { fprintf(stderr, "Error initializing cache: %s!\n", cache_name); exit(1); } @@ -176,20 +183,20 @@ main(argc,argv) * Verify User by Obtaining Initial Credentials prior to Initial Link */ - if ((retval = get_first_ticket(cache, client))) { - (void) krb5_cc_destroy(cache); + if ((retval = get_first_ticket(context, cache, client))) { + (void) krb5_cc_destroy(context, cache); exit(1); } /* my_creds has the necessary credentials for further processing: Destroy credential cache for security reasons */ - (void) krb5_cc_destroy(cache); + (void) krb5_cc_destroy(context, cache); requested_realm = (krb5_data *) &client->realm; /* Initiate Link to Server */ - if ((retval = adm5_init_link(requested_realm, &local_socket))) { - (void) krb5_cc_destroy(cache); + if ((retval = adm5_init_link(context, requested_realm, &local_socket))) { + (void) krb5_cc_destroy(context, cache); exit(1); } @@ -205,10 +212,10 @@ main(argc,argv) { int msg_length = 0; - retval = krb5_net_write(local_socket, (char *) &msg_length + 2, 2); + retval = krb5_net_write(context, local_socket, (char *) &msg_length + 2, 2); if (retval < 0) { fprintf(stderr, "krb5_net_write failure!\n"); - (void) krb5_cc_destroy(cache); + (void) krb5_cc_destroy(context, cache); exit(1); } } @@ -223,14 +230,14 @@ main(argc,argv) /* compute checksum, using CRC-32 */ if (!(send_cksum.contents = (krb5_octet *) - malloc(krb5_checksum_size(CKSUMTYPE_CRC32)))) { + malloc(krb5_checksum_size(context, CKSUMTYPE_CRC32)))) { fprintf(stderr, "Insufficient Memory while Allocating Checksum!\n"); - (void) krb5_cc_destroy(cache); + (void) krb5_cc_destroy(context, cache); exit(1); } /* choose some random stuff to compute checksum from */ - if (retval = krb5_calculate_checksum(CKSUMTYPE_CRC32, + if (retval = krb5_calculate_checksum(context, CKSUMTYPE_CRC32, ADM5_ADM_VERSION, strlen(ADM5_ADM_VERSION), 0, @@ -240,7 +247,7 @@ main(argc,argv) fprintf(stderr, "Error while Computing Checksum: %s!\n", error_message(retval)); free(send_cksum.contents); - (void) krb5_cc_destroy(cache); + (void) krb5_cc_destroy(context, cache); exit(1); } @@ -248,7 +255,7 @@ main(argc,argv) pass it over the socket to the server, and obtain mutual authentication. */ - if ((retval = krb5_sendauth((krb5_pointer) &local_socket, + if ((retval = krb5_sendauth(context, (krb5_pointer) &local_socket, ADM_CPW_VERSION, my_creds.client, my_creds.server, @@ -267,7 +274,7 @@ main(argc,argv) } /* Read back what the server has to say ... */ - if (retval = krb5_read_message(&local_socket, &inbuf)){ + if (retval = krb5_read_message(context, &local_socket, &inbuf)){ fprintf(stderr, " Read Message Error: %s!\n", error_message(retval)); free(send_cksum.contents); @@ -292,7 +299,7 @@ main(argc,argv) inbuf.data[1] = 0xff; inbuf.length = 2; - if ((retval = krb5_mk_priv(&inbuf, + if ((retval = krb5_mk_priv(context, &inbuf, ETYPE_DES_CBC_CRC, &my_creds.keyblock, &local_addr, @@ -311,7 +318,7 @@ main(argc,argv) free(inbuf.data); /* write private message to server */ - if (krb5_write_message(&local_socket, &msg_data)){ + if (krb5_write_message(context, &local_socket, &msg_data)){ fprintf(stderr, "Write Error During First Message Transmission!\n"); free(send_cksum.contents); exit(1); @@ -320,14 +327,14 @@ main(argc,argv) for ( ; ; ) { /* Ok Now let's get the private message */ - if (retval = krb5_read_message(&local_socket, &inbuf)){ + if (retval = krb5_read_message(context, &local_socket, &inbuf)){ fprintf(stderr, "Read Error During First Reply: %s!\n", error_message(retval)); free(send_cksum.contents); exit(1); } - if ((retval = krb5_rd_priv(&inbuf, + if ((retval = krb5_rd_priv(context, &inbuf, &my_creds.keyblock, &foreign_addr, &local_addr, @@ -357,7 +364,7 @@ repeat: if (!strcmp(command_type, "add")) { valid++; oper_type = ADDOPER; - if (retval = kadm_add_user(&my_creds, + if (retval = kadm_add_user(context, &my_creds, rep_ret, &local_addr, &foreign_addr, @@ -369,7 +376,7 @@ repeat: if (!strcmp(command_type, "cpw")) { valid++; oper_type = CHGOPER; - if (retval = kadm_cpw_user(&my_creds, + if (retval = kadm_cpw_user(context, &my_creds, rep_ret, &local_addr, &foreign_addr, @@ -380,7 +387,7 @@ repeat: } if (!strcmp(command_type, "addrnd")) { valid++; - if (retval = kadm_add_user_rnd(&my_creds, + if (retval = kadm_add_user_rnd(context, &my_creds, rep_ret, &local_addr, &foreign_addr, @@ -390,7 +397,7 @@ repeat: } if (!strcmp(command_type, "cpwrnd")) { valid++; - if (retval = kadm_cpw_user_rnd(&my_creds, + if (retval = kadm_cpw_user_rnd(context, &my_creds, rep_ret, &local_addr, &foreign_addr, @@ -400,7 +407,7 @@ repeat: } if (!strcmp(command_type, "del")) { valid++; - if (retval = kadm_del_user(&my_creds, + if (retval = kadm_del_user(context, &my_creds, rep_ret, &local_addr, &foreign_addr, @@ -410,7 +417,7 @@ repeat: } if (!strcmp(command_type, "inq")) { valid++; - if (retval = kadm_inq_user(&my_creds, + if (retval = kadm_inq_user(context, &my_creds, rep_ret, &local_addr, &foreign_addr, @@ -420,7 +427,7 @@ repeat: } if (!strcmp(command_type, "mod")) { valid++; - if (retval = kadm_mod_user(&my_creds, + if (retval = kadm_mod_user(context, &my_creds, rep_ret, &local_addr, &foreign_addr, @@ -431,7 +438,7 @@ repeat: if (!strcmp(command_type, "addv4")) { valid++; oper_type = AD4OPER; - if (retval = kadm_add_user(&my_creds, + if (retval = kadm_add_user(context, &my_creds, rep_ret, &local_addr, &foreign_addr, @@ -443,7 +450,7 @@ repeat: if (!strcmp(command_type, "cpwv4")) { valid++; oper_type = CH4OPER; - if (retval = kadm_cpw_user(&my_creds, + if (retval = kadm_cpw_user(context, &my_creds, rep_ret, &local_addr, &foreign_addr, @@ -454,7 +461,7 @@ repeat: } if (!strcmp(command_type, "q")) { valid++; - retval = kadm_done(&my_creds, + retval = kadm_done(context, &my_creds, rep_ret, &local_addr, &foreign_addr, @@ -475,14 +482,14 @@ repeat: } /* Ok Now let's get the final private message */ - if (retval = krb5_read_message(&local_socket, &inbuf)){ + if (retval = krb5_read_message(context, &local_socket, &inbuf)){ fprintf(stderr, "Read Error During Final Reply: %s!\n", error_message(retval)); free(send_cksum.contents); exit(1); } - if ((retval = krb5_rd_priv(&inbuf, + if ((retval = krb5_rd_priv(context, &inbuf, &my_creds.keyblock, &foreign_addr, &local_addr, @@ -521,11 +528,11 @@ repeat: exit(retval); } -krb5_error_code -get_first_ticket(DECLARG(krb5_ccache, cache), - DECLARG(krb5_principal, client)) -OLDDECLARG(krb5_ccache, cache) -OLDDECLARG(krb5_principal, client) +static krb5_error_code +get_first_ticket(context, cache, client) + krb5_context context; + krb5_ccache cache; + krb5_principal client; { char prompt[255]; /* for the password prompt */ @@ -537,7 +544,7 @@ OLDDECLARG(krb5_principal, client) int pwsize; int i; - if ((retval = krb5_unparse_name(client, &client_name))) { + if ((retval = krb5_unparse_name(context, client, &client_name))) { fprintf(stderr, "Unable to Unparse Client Name!\n"); return(1); } @@ -551,7 +558,7 @@ OLDDECLARG(krb5_principal, client) my_creds.client = client; - if ((retval = krb5_build_principal_ext(&my_creds.server, + if ((retval = krb5_build_principal_ext(context, &my_creds.server, client->realm.length, client->realm.data, strlen(CPWNAME), @@ -562,7 +569,7 @@ OLDDECLARG(krb5_principal, client) 0))) { fprintf(stderr, "Error %s while building client name!\n", error_message(retval)); - krb5_free_addresses(my_addresses); + krb5_free_addresses(context, my_addresses); return(1); } @@ -574,7 +581,7 @@ OLDDECLARG(krb5_principal, client) } pwsize = 255; - if ((retval = krb5_read_password( + if ((retval = krb5_read_password(context, prompt, 0, password, @@ -582,13 +589,13 @@ OLDDECLARG(krb5_principal, client) fprintf(stderr, "Error while reading password for '%s'!\n", client_name); free(password); - krb5_free_addresses(my_addresses); + krb5_free_addresses(context, my_addresses); return(1); } /* Build Request for Initial Credentials */ for (i=0; preauth_search_list[i] >= 0; i++) { - retval = krb5_get_in_tkt_with_password( + retval = krb5_get_in_tkt_with_password(context, 0, /* options */ my_addresses, /* do random preauth */ @@ -607,7 +614,7 @@ OLDDECLARG(krb5_principal, client) /* Do NOT Forget to zap password */ memset((char *) password, 0, pwsize); free(password); - krb5_free_addresses(my_addresses); + krb5_free_addresses(context, my_addresses); if (retval) { fprintf(stderr, "\nUnable to Get Initial Credentials : %s!\n", @@ -619,10 +626,10 @@ OLDDECLARG(krb5_principal, client) } krb5_error_code -adm5_init_link( realm_of_server, local_socket) -krb5_data *realm_of_server; -int * local_socket; - +adm5_init_link(context, realm_of_server, local_socket) + krb5_context context; + krb5_data *realm_of_server; + int * local_socket; { struct servent *service_process; /* service we will talk to */ struct hostent *remote_host; /* host we will talk to */ @@ -647,7 +654,7 @@ int * local_socket; hostlist = 0; /* Identify all Hosts Associated with this Realm */ - if ((retval = krb5_get_krbhst (realm_of_server, &hostlist))) { + if ((retval = krb5_get_krbhst (context, realm_of_server, &hostlist))) { fprintf(stderr, "krb5_get_krbhst: Unable to Determine Server Name!\n"); return(retval); } @@ -670,7 +677,7 @@ int * local_socket; } } - krb5_free_krbhst(hostlist); + krb5_free_krbhst(context, hostlist); /* open a TCP socket */ *local_socket = socket(PF_INET, SOCK_STREAM, 0); @@ -699,8 +706,9 @@ int * local_socket; return 0; } -void -get_def_princ(client) +static void +get_def_princ(context, client) + krb5_context context; krb5_principal *client; { krb5_ccache cache = NULL; @@ -710,7 +718,7 @@ get_def_princ(client) krb5_flags cc_flags; /* Identify Default Credentials Cache */ - if (retval = krb5_cc_default(&cache)) { + if (retval = krb5_cc_default(context, &cache)) { fprintf(stderr, "Error while getting default ccache!\n"); exit(1); } @@ -722,7 +730,7 @@ get_def_princ(client) * retval != 0 ==> Assume ccache does NOT Exist */ cc_flags = 0; - if (retval = krb5_cc_set_flags(cache, cc_flags)) { + if (retval = krb5_cc_set_flags(context, cache, cc_flags)) { /* Search passwd file for client */ pw = getpwuid((int) getuid()); if (pw) { @@ -740,13 +748,13 @@ get_def_princ(client) } /* Use this to get default_realm and format client_name */ - if ((retval = krb5_parse_name(client_name, client))) { + if ((retval = krb5_parse_name(context, client_name, client))) { fprintf(stderr, "Unable to Parse Client Name!\n"); usage(); } } else { /* Read Client from Cache */ - if (retval = krb5_cc_get_principal(cache, client)) { + if (retval = krb5_cc_get_principal(context, cache, client)) { fprintf(stderr, "Unable to Read Principal Credentials File!\n"); exit(1); @@ -758,7 +766,7 @@ get_def_princ(client) usage(); } - (void) krb5_cc_close(cache); + (void) krb5_cc_close(context, cache); } } diff --git a/src/kadmin/client/kadmin_add.c b/src/kadmin/client/kadmin_add.c index f4e986d3f9..354814ea08 100644 --- a/src/kadmin/client/kadmin_add.c +++ b/src/kadmin/client/kadmin_add.c @@ -42,15 +42,16 @@ void decode_kadmind_reply(); int print_status_message(); krb5_error_code - kadm_add_user(my_creds, rep_ret, local_addr, foreign_addr, - local_socket, seqno, oper_type, principal) -krb5_creds *my_creds; -krb5_ap_rep_enc_part *rep_ret; -krb5_address *local_addr, *foreign_addr; -int *local_socket; -krb5_int32 *seqno; -int oper_type; -char *principal; +kadm_add_user(context, my_creds, rep_ret, local_addr, foreign_addr, + local_socket, seqno, oper_type, principal) + krb5_context context; + krb5_creds *my_creds; + krb5_ap_rep_enc_part *rep_ret; + krb5_address *local_addr, *foreign_addr; + int *local_socket; + krb5_int32 *seqno; + int oper_type; + char *principal; { krb5_data msg_data, inbuf; kadmin_requests rd_priv_resp; @@ -92,7 +93,7 @@ char *principal; (void) memcpy( inbuf.data + 3, username, strlen(username)); inbuf.length = strlen(username) + 3; - if ((retval = krb5_mk_priv(&inbuf, + if ((retval = krb5_mk_priv(context, &inbuf, ETYPE_DES_CBC_CRC, &my_creds->keyblock, local_addr, @@ -110,20 +111,20 @@ char *principal; free(inbuf.data); /* write private message to server */ - if (krb5_write_message(local_socket, &msg_data)){ + if (krb5_write_message(context, local_socket, &msg_data)){ fprintf(stderr, "Write Error During Second Message Transmission!\n"); return(1); } free(msg_data.data); - if (retval = krb5_read_message(local_socket, &inbuf)){ + if (retval = krb5_read_message(context, local_socket, &inbuf)){ fprintf(stderr, "Read Error During Second Reply: %s!\n", error_message(retval)); return(1); } - if (retval = krb5_rd_priv(&inbuf, + if (retval = krb5_rd_priv(context, &inbuf, &my_creds->keyblock, foreign_addr, local_addr, @@ -188,7 +189,7 @@ char *principal; pwsize = ADM_MAX_PW_LENGTH+1; putchar('\n'); - if (retval = krb5_read_password( + if (retval = krb5_read_password(context, DEFAULT_PWD_STRING1, DEFAULT_PWD_STRING2, password, @@ -213,7 +214,7 @@ char *principal; #endif /* MACH_PASS */ - if ((retval = krb5_mk_priv(&inbuf, + if ((retval = krb5_mk_priv(context, &inbuf, ETYPE_DES_CBC_CRC, &my_creds->keyblock, local_addr, @@ -231,20 +232,20 @@ char *principal; free(inbuf.data); /* write private message to server */ - if (krb5_write_message(local_socket, &msg_data)){ + if (krb5_write_message(context, local_socket, &msg_data)){ fprintf(stderr, "Write Error During Second Message Transmission!\n"); return(1); } free(msg_data.data); /* Ok Now let's get the final private message */ - if (retval = krb5_read_message(local_socket, &inbuf)){ + if (retval = krb5_read_message(context, local_socket, &inbuf)){ fprintf(stderr, "Read Error During Final Reply: %s!\n", error_message(retval)); retval = 1; } - if ((retval = krb5_rd_priv(&inbuf, + if ((retval = krb5_rd_priv(context, &inbuf, &my_creds->keyblock, foreign_addr, local_addr, diff --git a/src/kadmin/client/kadmin_adr.c b/src/kadmin/client/kadmin_adr.c index 21b247a123..8d5c4fcf93 100644 --- a/src/kadmin/client/kadmin_adr.c +++ b/src/kadmin/client/kadmin_adr.c @@ -42,14 +42,15 @@ void decode_kadmind_reply(); int print_status_message(); krb5_error_code - kadm_add_user_rnd(my_creds, rep_ret, local_addr, foreign_addr, - local_socket, seqno, principal) -krb5_creds *my_creds; -krb5_ap_rep_enc_part *rep_ret; -krb5_address *local_addr, *foreign_addr; -int *local_socket; -krb5_int32 *seqno; -char *principal; +kadm_add_user_rnd(context, my_creds, rep_ret, local_addr, foreign_addr, + local_socket, seqno, principal) + krb5_context context; + krb5_creds *my_creds; + krb5_ap_rep_enc_part *rep_ret; + krb5_address *local_addr, *foreign_addr; + int *local_socket; + krb5_int32 *seqno; + char *principal; { krb5_data msg_data, inbuf; kadmin_requests rd_priv_resp; @@ -90,7 +91,7 @@ char *principal; (void) memcpy( inbuf.data + 3, username, strlen(username)); inbuf.length = strlen(username) + 3; - if ((retval = krb5_mk_priv(&inbuf, + if ((retval = krb5_mk_priv(context, &inbuf, ETYPE_DES_CBC_CRC, &my_creds->keyblock, local_addr, @@ -108,7 +109,7 @@ char *principal; free(inbuf.data); /* write private message to server */ - if (krb5_write_message(local_socket, &msg_data)){ + if (krb5_write_message(context, local_socket, &msg_data)){ fprintf(stderr, "Write Error During Second Message Transmission!\n"); return(1); } @@ -116,13 +117,13 @@ char *principal; free(msg_data.data); /* Ok Now let's get the final private message */ - if (retval = krb5_read_message(local_socket, &inbuf)){ + if (retval = krb5_read_message(context, local_socket, &inbuf)){ fprintf(stderr, "Read Error During Final Reply: %s!\n", error_message(retval)); retval = 1; } - if ((retval = krb5_rd_priv(&inbuf, + if ((retval = krb5_rd_priv(context, &inbuf, &my_creds->keyblock, foreign_addr, local_addr, diff --git a/src/kadmin/client/kadmin_cpr.c b/src/kadmin/client/kadmin_cpr.c index 8bb0925008..c974aaf5f4 100644 --- a/src/kadmin/client/kadmin_cpr.c +++ b/src/kadmin/client/kadmin_cpr.c @@ -43,14 +43,15 @@ void decode_kadmind_reply(); int print_status_message(); krb5_error_code -kadm_cpw_user_rnd(my_creds, rep_ret, local_addr, foreign_addr, +kadm_cpw_user_rnd(context, my_creds, rep_ret, local_addr, foreign_addr, local_socket, seqno, principal) -krb5_creds *my_creds; -krb5_ap_rep_enc_part *rep_ret; -krb5_address *local_addr, *foreign_addr; -int *local_socket; -krb5_int32 *seqno; -char *principal; + krb5_context context; + krb5_creds *my_creds; + krb5_ap_rep_enc_part *rep_ret; + krb5_address *local_addr, *foreign_addr; + int *local_socket; + krb5_int32 *seqno; + char *principal; { krb5_data msg_data, inbuf; kadmin_requests rd_priv_resp; @@ -91,7 +92,7 @@ char *principal; inbuf.length = strlen(username) + 3; /* Transmit Principal Name */ - if ((retval = krb5_mk_priv(&inbuf, + if ((retval = krb5_mk_priv(context, &inbuf, ETYPE_DES_CBC_CRC, &my_creds->keyblock, local_addr, @@ -109,20 +110,20 @@ char *principal; free(inbuf.data); /* write private message to server */ - if (krb5_write_message(local_socket, &msg_data)){ + if (krb5_write_message(context, local_socket, &msg_data)){ fprintf(stderr, "Write Error During Second Message Transmission!\n"); return(1); } free(msg_data.data); /* Ok Now let's get the final private message */ - if (retval = krb5_read_message(local_socket, &inbuf)){ + if (retval = krb5_read_message(context, local_socket, &inbuf)){ fprintf(stderr, "Read Error During Final Reply: %s!\n", error_message(retval)); retval = 1; } - if ((retval = krb5_rd_priv(&inbuf, + if ((retval = krb5_rd_priv(context, &inbuf, &my_creds->keyblock, foreign_addr, local_addr, diff --git a/src/kadmin/client/kadmin_cpw.c b/src/kadmin/client/kadmin_cpw.c index 5d954f0358..02d1e117fc 100644 --- a/src/kadmin/client/kadmin_cpw.c +++ b/src/kadmin/client/kadmin_cpw.c @@ -43,15 +43,16 @@ void decode_kadmind_reply(); int print_status_message(); krb5_error_code -kadm_cpw_user(my_creds, rep_ret, local_addr, foreign_addr, +kadm_cpw_user(context, my_creds, rep_ret, local_addr, foreign_addr, local_socket, seqno, oper_type, principal) -krb5_creds *my_creds; -krb5_ap_rep_enc_part *rep_ret; -krb5_address *local_addr, *foreign_addr; -int *local_socket; -krb5_int32 *seqno; -int oper_type; -char *principal; + krb5_context context; + krb5_creds *my_creds; + krb5_ap_rep_enc_part *rep_ret; + krb5_address *local_addr, *foreign_addr; + int *local_socket; + krb5_int32 *seqno; + int oper_type; + char *principal; { krb5_data msg_data, inbuf; kadmin_requests rd_priv_resp; @@ -95,7 +96,7 @@ char *principal; inbuf.length = strlen(username) + 3; /* Transmit Principal Name */ - if ((retval = krb5_mk_priv(&inbuf, + if ((retval = krb5_mk_priv(context, &inbuf, ETYPE_DES_CBC_CRC, &my_creds->keyblock, local_addr, @@ -113,20 +114,20 @@ char *principal; free(inbuf.data); /* write private message to server */ - if (krb5_write_message(local_socket, &msg_data)){ + if (krb5_write_message(context, local_socket, &msg_data)){ free(msg_data.data); fprintf(stderr, "Write Error During Second Message Transmission!\n"); return(1); } free(msg_data.data); - if (retval = krb5_read_message(local_socket, &inbuf)){ + if (retval = krb5_read_message(context, local_socket, &inbuf)){ fprintf(stderr, "Read Error During Second Reply: %s!\n", error_message(retval)); return(1); } - if ((retval = krb5_rd_priv(&inbuf, + if ((retval = krb5_rd_priv(context, &inbuf, &my_creds->keyblock, foreign_addr, local_addr, @@ -198,7 +199,7 @@ char *principal; pwsize = ADM_MAX_PW_LENGTH+1; putchar('\n'); - if ((retval = krb5_read_password( + if ((retval = krb5_read_password(context, DEFAULT_PWD_STRING1, DEFAULT_PWD_STRING2, password, @@ -224,7 +225,7 @@ char *principal; #endif /* MACH_PASS */ - if ((retval = krb5_mk_priv(&inbuf, + if ((retval = krb5_mk_priv(context, &inbuf, ETYPE_DES_CBC_CRC, &my_creds->keyblock, local_addr, @@ -242,20 +243,20 @@ char *principal; free(inbuf.data); /* write private message to server */ - if (krb5_write_message(local_socket, &msg_data)){ + if (krb5_write_message(context, local_socket, &msg_data)){ fprintf(stderr, "Write Error During Second Message Transmission!\n"); return(1); } free(msg_data.data); /* Ok Now let's get the final private message */ - if (retval = krb5_read_message(local_socket, &inbuf)){ + if (retval = krb5_read_message(context, local_socket, &inbuf)){ fprintf(stderr, "Read Error During Final Reply: %s!\n", error_message(retval)); retval = 1; } - if ((retval = krb5_rd_priv(&inbuf, + if ((retval = krb5_rd_priv(context, &inbuf, &my_creds->keyblock, foreign_addr, local_addr, diff --git a/src/kadmin/client/kadmin_del.c b/src/kadmin/client/kadmin_del.c index 176d661cd3..f96db1a7f9 100644 --- a/src/kadmin/client/kadmin_del.c +++ b/src/kadmin/client/kadmin_del.c @@ -40,14 +40,15 @@ void decode_kadmind_reply(); int print_status_message(); krb5_error_code -kadm_del_user(my_creds, rep_ret, local_addr, foreign_addr, +kadm_del_user(context, my_creds, rep_ret, local_addr, foreign_addr, local_socket, seqno, principal) -krb5_creds *my_creds; -krb5_ap_rep_enc_part *rep_ret; -krb5_address *local_addr, *foreign_addr; -int *local_socket; -krb5_int32 *seqno; -char *principal; + krb5_context context; + krb5_creds *my_creds; + krb5_ap_rep_enc_part *rep_ret; + krb5_address *local_addr, *foreign_addr; + int *local_socket; + krb5_int32 *seqno; + char *principal; { krb5_data msg_data, inbuf; kadmin_requests rd_priv_resp; @@ -88,7 +89,7 @@ char *principal; (void) memcpy( inbuf.data + 3, username, strlen(username)); inbuf.length = strlen(username) + 3; - if ((retval = krb5_mk_priv(&inbuf, + if ((retval = krb5_mk_priv(context, &inbuf, ETYPE_DES_CBC_CRC, &my_creds->keyblock, local_addr, @@ -106,7 +107,7 @@ char *principal; free(inbuf.data); /* write private message to server */ - if (krb5_write_message(local_socket, &msg_data)){ + if (krb5_write_message(context, local_socket, &msg_data)){ free(msg_data.data); fprintf(stderr, "Write Error During Second Message Transmission!\n"); return(1); @@ -114,13 +115,13 @@ char *principal; free(msg_data.data); /* Ok Now let's get the final private message */ - if (retval = krb5_read_message(local_socket, &inbuf)){ + if (retval = krb5_read_message(context, local_socket, &inbuf)){ fprintf(stderr, "Read Error During Final Reply: %s!\n", error_message(retval)); return(1); } - if ((retval = krb5_rd_priv(&inbuf, + if ((retval = krb5_rd_priv(context, &inbuf, &my_creds->keyblock, foreign_addr, local_addr, diff --git a/src/kadmin/client/kadmin_done.c b/src/kadmin/client/kadmin_done.c index 0b5f9e7d0e..5e9af2b2cc 100644 --- a/src/kadmin/client/kadmin_done.c +++ b/src/kadmin/client/kadmin_done.c @@ -37,12 +37,14 @@ #include <krb5/kdb_dbm.h> krb5_error_code -kadm_done(my_creds, rep_ret, local_addr, foreign_addr, local_socket, seqno) -krb5_creds *my_creds; -krb5_ap_rep_enc_part *rep_ret; -krb5_address *local_addr, *foreign_addr; -int *local_socket; -krb5_int32 *seqno; +kadm_done(context, my_creds, rep_ret, local_addr, foreign_addr, + local_socket, seqno) + krb5_context context; + krb5_creds *my_creds; + krb5_ap_rep_enc_part *rep_ret; + krb5_address *local_addr, *foreign_addr; + int *local_socket; + krb5_int32 *seqno; { krb5_data msg_data, inbuf; krb5_error_code retval; /* return code */ @@ -57,7 +59,7 @@ krb5_int32 *seqno; (void) memset( inbuf.data + 4, 0, 4); inbuf.length = 16; - if ((retval = krb5_mk_priv(&inbuf, + if ((retval = krb5_mk_priv(context, &inbuf, ETYPE_DES_CBC_CRC, &my_creds->keyblock, local_addr, @@ -73,7 +75,7 @@ krb5_int32 *seqno; } /* write private message to server */ - if (krb5_write_message(local_socket, &msg_data)) { + if (krb5_write_message(context, local_socket, &msg_data)) { free(msg_data.data); fprintf(stderr, "Write Error During Second Message Transmission!\n"); return(1); diff --git a/src/kadmin/client/kadmin_inq.c b/src/kadmin/client/kadmin_inq.c index 4227e9b002..13f3bb6e63 100644 --- a/src/kadmin/client/kadmin_inq.c +++ b/src/kadmin/client/kadmin_inq.c @@ -41,14 +41,15 @@ void decode_kadmind_reply(); int print_status_message(); krb5_error_code -kadm_inq_user(my_creds, rep_ret, local_addr, foreign_addr, +kadm_inq_user(context, my_creds, rep_ret, local_addr, foreign_addr, local_socket, seqno, principal) -krb5_creds *my_creds; -krb5_ap_rep_enc_part *rep_ret; -krb5_address *local_addr, *foreign_addr; -int *local_socket; -krb5_int32 *seqno; -char *principal; + krb5_context context; + krb5_creds *my_creds; + krb5_ap_rep_enc_part *rep_ret; + krb5_address *local_addr, *foreign_addr; + int *local_socket; + krb5_int32 *seqno; + char *principal; { krb5_data msg_data, inbuf; kadmin_requests rd_priv_resp; @@ -90,7 +91,7 @@ char *principal; (void) memcpy( inbuf.data + 3, username, strlen(username)); inbuf.length = strlen(username) + 3; - if (retval = krb5_mk_priv(&inbuf, + if (retval = krb5_mk_priv(context, &inbuf, ETYPE_DES_CBC_CRC, &my_creds->keyblock, local_addr, @@ -108,20 +109,20 @@ char *principal; free(inbuf.data); /* write private message to server */ - if (krb5_write_message(local_socket, &msg_data)){ + if (krb5_write_message(context, local_socket, &msg_data)){ fprintf(stderr, "Write Error During Second Message Transmission!\n"); return(1); } free(msg_data.data); /* Ok Now let's get the private message */ - if ((retval = krb5_read_message(local_socket, &inbuf))){ + if ((retval = krb5_read_message(context, local_socket, &inbuf))){ fprintf(stderr, "Read Error During Second Reply: %s!\n", error_message(retval)); return(1); } - if (retval = krb5_rd_priv(&inbuf, + if (retval = krb5_rd_priv(context, &inbuf, &my_creds->keyblock, foreign_addr, local_addr, @@ -175,7 +176,7 @@ char *principal; inbuf.data[1] = KADMGOOD; inbuf.length = 2; - if (retval = krb5_mk_priv(&inbuf, + if (retval = krb5_mk_priv(context, &inbuf, ETYPE_DES_CBC_CRC, &my_creds->keyblock, local_addr, @@ -193,7 +194,7 @@ char *principal; free(inbuf.data); /* write private message to server */ - if (krb5_write_message(local_socket, &msg_data)){ + if (krb5_write_message(context, local_socket, &msg_data)){ fprintf(stderr, "Write Error During Second Message Transmission!\n"); free(msg_data.data); return(1); @@ -201,13 +202,13 @@ char *principal; free(msg_data.data); /* Ok Now let's get the final private message */ - if (retval = krb5_read_message(local_socket, &inbuf)){ + if (retval = krb5_read_message(context, local_socket, &inbuf)){ fprintf(stderr, "Read Error During Final Reply: %s!\n", error_message(retval)); retval = 1; } - if (retval = krb5_rd_priv(&inbuf, + if (retval = krb5_rd_priv(context, &inbuf, &my_creds->keyblock, foreign_addr, local_addr, diff --git a/src/kadmin/client/kadmin_mod.c b/src/kadmin/client/kadmin_mod.c index 264dc084b4..6bb9c22b94 100644 --- a/src/kadmin/client/kadmin_mod.c +++ b/src/kadmin/client/kadmin_mod.c @@ -41,14 +41,15 @@ void decode_kadmind_reply(); int print_status_message(); krb5_error_code -kadm_mod_user(my_creds, rep_ret, local_addr, foreign_addr, +kadm_mod_user(context, my_creds, rep_ret, local_addr, foreign_addr, local_socket, seqno, principal) -krb5_creds *my_creds; -krb5_ap_rep_enc_part *rep_ret; -krb5_address *local_addr, *foreign_addr; -int *local_socket; -krb5_int32 *seqno; -char *principal; + krb5_context context; + krb5_creds *my_creds; + krb5_ap_rep_enc_part *rep_ret; + krb5_address *local_addr, *foreign_addr; + int *local_socket; + krb5_int32 *seqno; + char *principal; { krb5_data msg_data, inbuf; kadmin_requests rd_priv_resp; @@ -88,7 +89,7 @@ char *principal; (void) memcpy( inbuf.data + 3, username, strlen(username)); inbuf.length = strlen(username) + 3; - if ((retval = krb5_mk_priv(&inbuf, + if ((retval = krb5_mk_priv(context, &inbuf, ETYPE_DES_CBC_CRC, &my_creds->keyblock, local_addr, @@ -106,20 +107,20 @@ char *principal; free(inbuf.data); /* write private message to server */ - if (krb5_write_message(local_socket, &msg_data)){ + if (krb5_write_message(context, local_socket, &msg_data)){ fprintf(stderr, "Write Error During Second Message Transmission!\n"); return(1); } free(msg_data.data); /* Ok Now let's get the private message */ - if (retval = krb5_read_message(local_socket, &inbuf)){ + if (retval = krb5_read_message(context, local_socket, &inbuf)){ fprintf(stderr, "Read Error During Second Reply: %s!\n", error_message(retval)); return(1); } - if ((retval = krb5_rd_priv(&inbuf, + if ((retval = krb5_rd_priv(context, &inbuf, &my_creds->keyblock, foreign_addr, local_addr, @@ -162,7 +163,7 @@ char *principal; inbuf.data[2] = SENDDATA3; inbuf.length = 3; - if ((retval = krb5_mk_priv(&inbuf, + if ((retval = krb5_mk_priv(context, &inbuf, ETYPE_DES_CBC_CRC, &my_creds->keyblock, local_addr, @@ -180,7 +181,7 @@ char *principal; free(inbuf.data); /* write private message to server */ - if (krb5_write_message(local_socket, &msg_data)){ + if (krb5_write_message(context, local_socket, &msg_data)){ fprintf(stderr, "Write Error During Second Message Transmission!\n"); free(msg_data.data); return(1); @@ -188,13 +189,13 @@ char *principal; free(msg_data.data); /* Ok Now let's get the final private message */ - if (retval = krb5_read_message(local_socket, &inbuf)){ + if (retval = krb5_read_message(context, local_socket, &inbuf)){ fprintf(stderr, "Read Error During Final Reply: %s!\n", error_message(retval)); retval = 1; } - if ((retval = krb5_rd_priv(&inbuf, + if ((retval = krb5_rd_priv(context, &inbuf, &my_creds->keyblock, foreign_addr, local_addr, diff --git a/src/kadmin/client/kadmin_msnd.c b/src/kadmin/client/kadmin_msnd.c index b6d6f3eae3..c46ad69a59 100644 --- a/src/kadmin/client/kadmin_msnd.c +++ b/src/kadmin/client/kadmin_msnd.c @@ -59,12 +59,14 @@ #endif krb5_error_code -kadm_snd_mod(my_creds, rep_ret, local_addr, foreign_addr, local_socket, seqno) -krb5_creds *my_creds; -krb5_ap_rep_enc_part *rep_ret; -krb5_address *local_addr, *foreign_addr; -int *local_socket; -krb5_int32 *seqno; +kadm_snd_mod(context, my_creds, rep_ret, local_addr, foreign_addr, + local_socket, seqno) + krb5_context context; + krb5_creds *my_creds; + krb5_ap_rep_enc_part *rep_ret; + krb5_address *local_addr, *foreign_addr; + int *local_socket; + krb5_int32 *seqno; { krb5_error_code retval; /* return code */ krb5_data msg_data, inbuf; @@ -225,7 +227,7 @@ repeat3: inbuf.data[1] = MODOPER; inbuf.data[2] = SENDDATA3; - if ((retval = krb5_mk_priv(&inbuf, + if ((retval = krb5_mk_priv(context, &inbuf, ETYPE_DES_CBC_CRC, &my_creds->keyblock, local_addr, @@ -243,20 +245,20 @@ repeat3: free(inbuf.data); /* write private message to server */ - if (krb5_write_message(local_socket, &msg_data)) { + if (krb5_write_message(context, local_socket, &msg_data)) { fprintf(stderr, "Write Error During Second Message Transmission!\n"); return(1); } free(msg_data.data); /* Ok Now let's get the private message */ - if (retval = krb5_read_message(local_socket, &inbuf)){ + if (retval = krb5_read_message(context, local_socket, &inbuf)){ fprintf(stderr, "Read Error During Second Reply: %s!\n", error_message(retval)); return(1); } - if ((retval = krb5_rd_priv(&inbuf, + if ((retval = krb5_rd_priv(context, &inbuf, &my_creds->keyblock, foreign_addr, local_addr, @@ -284,7 +286,7 @@ alldone: inbuf.data[2] = SENDDATA3; inbuf.length = 3; - if ((retval = krb5_mk_priv(&inbuf, + if ((retval = krb5_mk_priv(context, &inbuf, ETYPE_DES_CBC_CRC, &my_creds->keyblock, local_addr, @@ -302,7 +304,7 @@ alldone: free(inbuf.data); /* write private message to server */ - if (krb5_write_message(local_socket, &msg_data)) { + if (krb5_write_message(context, local_socket, &msg_data)) { fprintf(stderr, "Write Error During Second Message Transmission!\n"); return(1); } diff --git a/src/kadmin/kpasswd/ChangeLog b/src/kadmin/kpasswd/ChangeLog index 6379bb4955..4dded80ee1 100644 --- a/src/kadmin/kpasswd/ChangeLog +++ b/src/kadmin/kpasswd/ChangeLog @@ -1,3 +1,7 @@ +Fri Jan 13 15:23:47 1995 Chris Provenzano (proven@mit.edu) + + * Added krb5_context to all krb5_routines + Tue Dec 27 06:09:03 1994 Richard Basch (probe@tardis) * configure.in: diff --git a/src/kadmin/kpasswd/kpasswd.c b/src/kadmin/kpasswd/kpasswd.c index 9fb56c42ef..de57f442a2 100644 --- a/src/kadmin/kpasswd/kpasswd.c +++ b/src/kadmin/kpasswd/kpasswd.c @@ -62,9 +62,15 @@ #define MAXPATHLEN 1024 #endif -krb5_error_code get_first_ticket - PROTOTYPE((krb5_ccache, - krb5_principal)); +static krb5_error_code adm5_init_link + PROTOTYPE((krb5_context, + krb5_data *, + int *)); + +static krb5_error_code get_first_ticket + PROTOTYPE((krb5_context, + krb5_ccache, + krb5_principal)); krb5_error_code print_and_choose_password PROTOTYPE((char *, krb5_data *)); @@ -88,6 +94,7 @@ main(argc,argv) int argc; char *argv[]; { + krb5_context context; krb5_ccache cache = NULL; char cache_name[255]; krb5_flags cc_flags; @@ -172,14 +179,15 @@ main(argc,argv) goto finish; } - krb5_init_ets(); + krb5_init_context(&context); + krb5_init_ets(context); memset((char *) default_name, 0, sizeof(default_name)); switch (argc) { case 1: /* No User Specified */ /* Identify Default Credentials Cache */ - if ((retval = krb5_cc_default(&cache))) { + if ((retval = krb5_cc_default(context, &cache))) { fprintf(stderr, "Error while getting default ccache!\n"); goto finish; } @@ -191,7 +199,7 @@ main(argc,argv) * retval != 0 ==> Assume ccache does NOT Exist */ cc_flags = 0; - if ((retval = krb5_cc_set_flags(cache, cc_flags))) { + if ((retval = krb5_cc_set_flags(context, cache, cc_flags))) { /* Search passwd file for client */ pw = getpwuid((int) getuid()); if (pw) { @@ -204,12 +212,12 @@ main(argc,argv) } /* Use this to get default_realm and format client_name */ - if ((retval = krb5_parse_name(default_name, &client))) { + if ((retval = krb5_parse_name(context,default_name, &client))) { fprintf(stderr, "Unable to Parse Client Name!\n"); goto finish; } - if ((retval = krb5_unparse_name(client, &client_name))) { + if ((retval = krb5_unparse_name(context,client,&client_name))) { fprintf(stderr, "Unable to Parse Client Name!\n"); goto finish; } @@ -220,14 +228,14 @@ main(argc,argv) requested_realm.length); } else { /* Read Client from Cache */ - if ((retval = krb5_cc_get_principal(cache, + if ((retval = krb5_cc_get_principal(context, cache, (krb5_principal *) &client))) { fprintf(stderr, "Unable to Read Customer Credentials File!\n"); goto finish; } - if ((retval = krb5_unparse_name(client, &client_name))) { + if ((retval = krb5_unparse_name(context,client,&client_name))) { fprintf(stderr, "Unable to Parse Client Name!\n"); goto finish; } @@ -237,7 +245,7 @@ main(argc,argv) (char *) client->realm.data, requested_realm.length); - (void) krb5_cc_close(cache); + (void) krb5_cc_close(context, cache); } break; @@ -245,7 +253,7 @@ main(argc,argv) /* Hand Parse Entry */ strcpy(input_string, argv[1]); - if (retval = krb5_parse_name(input_string, &client)) { + if (retval = krb5_parse_name(context, input_string, &client)) { fprintf(stderr, "Error Parsing -u option contents!\n"); exit(0); } @@ -264,11 +272,11 @@ main(argc,argv) /* Create credential cache for changepw */ (void) sprintf(cache_name, "FILE:/tmp/tkt_cpw_%d", getpid()); - if ((retval = krb5_cc_resolve(cache_name, &cache))) { + if ((retval = krb5_cc_resolve(context, cache_name, &cache))) { fprintf(stderr, "Unable to Resolve Cache: %s\n", cache_name); } - if ((retval = krb5_cc_initialize(cache, client))) { + if ((retval = krb5_cc_initialize(context, cache, client))) { fprintf(stderr, "Error initializing cache: %s\n", cache_name); goto finish; } @@ -277,12 +285,12 @@ main(argc,argv) * Verify User by Obtaining Initial Credentials prior to Initial Link */ - if ((retval = get_first_ticket(cache, client))) { + if ((retval = get_first_ticket(context, cache, client))) { goto finish; } /* Initiate Link to Server */ - if ((retval = adm5_init_link(&requested_realm, &local_socket))) { + if ((retval = adm5_init_link(context, &requested_realm, &local_socket))) { goto finish; } @@ -296,7 +304,7 @@ main(argc,argv) { int msg_length = 0; - retval = krb5_net_write(local_socket, (char *) &msg_length + 2, 2); + retval = krb5_net_write(context, local_socket, (char *) &msg_length + 2, 2); if (retval < 0) { fprintf(stderr, "krb5_net_write failure!\n"); goto finish; @@ -314,13 +322,13 @@ main(argc,argv) /* compute checksum, using CRC-32 */ if (!(send_cksum.contents = (krb5_octet *) - malloc(krb5_checksum_size(CKSUMTYPE_CRC32)))) { + malloc(krb5_checksum_size(context, CKSUMTYPE_CRC32)))) { fprintf(stderr, "Insufficient Memory while Allocating Checksum!\n"); goto finish; } cksum_alloc++; /* choose some random stuff to compute checksum from */ - if (retval = krb5_calculate_checksum(CKSUMTYPE_CRC32, + if (retval = krb5_calculate_checksum(context, CKSUMTYPE_CRC32, ADM_CPW_VERSION, strlen(ADM_CPW_VERSION), 0, @@ -336,7 +344,7 @@ main(argc,argv) pass it over the socket to the server, and obtain mutual authentication. */ - if ((retval = krb5_sendauth((krb5_pointer) &local_socket, + if ((retval = krb5_sendauth(context, (krb5_pointer) &local_socket, ADM_CPW_VERSION, my_creds.client, my_creds.server, @@ -354,7 +362,7 @@ main(argc,argv) } /* Get credentials : to use for safe and private messages */ - if (retval = krb5_get_credentials(0, cache, &my_creds)){ + if (retval = krb5_get_credentials(context, 0, cache, &my_creds)){ fprintf(stderr, "Error Obtaining Credentials: %s!\n", error_message(retval)); goto finish; @@ -362,7 +370,7 @@ main(argc,argv) /* Read back what the server has to say... */ - if (retval = krb5_read_message(&local_socket, &inbuf)){ + if (retval = krb5_read_message(context, &local_socket, &inbuf)){ fprintf(stderr, " Read Message Error: %s!\n", error_message(retval)); goto finish; @@ -377,7 +385,7 @@ main(argc,argv) inbuf.data[1] = CHGOPER; inbuf.length = 2; - if ((retval = krb5_mk_priv(&inbuf, + if ((retval = krb5_mk_priv(context, &inbuf, ETYPE_DES_CBC_CRC, &my_creds.keyblock, &local_addr, @@ -394,7 +402,7 @@ main(argc,argv) free(inbuf.data); /* write private message to server */ - if (krb5_write_message(&local_socket, &msg_data)){ + if (krb5_write_message(context, &local_socket, &msg_data)){ fprintf(stderr, "Write Error During First Message Transmission!\n"); retval = 1; goto finish; @@ -403,14 +411,14 @@ main(argc,argv) #ifdef MACH_PASS /* Machine-generated Passwords */ /* Ok Now let's get the private message */ - if (retval = krb5_read_message(&local_socket, &inbuf)){ + if (retval = krb5_read_message(context, &local_socket, &inbuf)){ fprintf(stderr, "Read Error During First Reply: %s!\n", error_message(retval)); retval = 1; goto finish; } - if ((retval = krb5_rd_priv(&inbuf, + if ((retval = krb5_rd_priv(context, &inbuf, &my_creds.keyblock, &foreign_addr, &local_addr, @@ -442,7 +450,7 @@ main(argc,argv) #else new_pwsize = ADM_MAX_PW_LENGTH+1; putchar('\n'); - if ((retval = krb5_read_password( + if ((retval = krb5_read_password(context, "Enter new password: ", "Re-enter new password for verification: ", new_password, @@ -463,7 +471,7 @@ main(argc,argv) inbuf.data = new_password; inbuf.length = strlen(new_password); - if ((retval = krb5_mk_priv(&inbuf, + if ((retval = krb5_mk_priv(context, &inbuf, ETYPE_DES_CBC_CRC, &my_creds.keyblock, &local_addr, @@ -481,7 +489,7 @@ main(argc,argv) free(inbuf.data); /* write private message to server */ - if (krb5_write_message(&local_socket, &msg_data)){ + if (krb5_write_message(context, &local_socket, &msg_data)){ fprintf(stderr, "Write Error During Second Message Transmission!\n"); retval = 1; goto finish; @@ -489,14 +497,14 @@ main(argc,argv) free(msg_data.data); /* Ok Now let's get the private message */ - if (retval = krb5_read_message(&local_socket, &inbuf)){ + if (retval = krb5_read_message(context, &local_socket, &inbuf)){ fprintf(stderr, "Read Error During Second Reply: %s!\n", error_message(retval)); retval = 1; goto finish; } - if ((retval = krb5_rd_priv(&inbuf, + if ((retval = krb5_rd_priv(context, &inbuf, &my_creds.keyblock, &foreign_addr, &local_addr, @@ -545,7 +553,7 @@ main(argc,argv) finish: - (void) krb5_cc_destroy(cache); + (void) krb5_cc_destroy(context, cache); free(client_name); free(requested_realm.data); @@ -569,11 +577,11 @@ krb5_data cpwname = { CPWNAME }; -krb5_error_code -get_first_ticket(DECLARG(krb5_ccache, cache), - DECLARG(krb5_principal, client)) -OLDDECLARG(krb5_ccache, cache) -OLDDECLARG(krb5_principal, client) +static krb5_error_code +get_first_ticket(context, cache, client) + krb5_context context; + krb5_ccache cache; + krb5_principal client; { char prompt[255]; /* for the password prompt */ char pword[ADM_MAX_PW_LENGTH+1]; /* storage for the password */ @@ -586,7 +594,7 @@ OLDDECLARG(krb5_principal, client) char *client_name; krb5_error_code retval; - if ((retval = krb5_unparse_name(client, &client_name))) { + if ((retval = krb5_unparse_name(context, client, &client_name))) { fprintf(stderr, "Unable to Unparse Client Name\n"); return(1); } @@ -602,7 +610,7 @@ OLDDECLARG(krb5_principal, client) my_creds.client = client; - if ((retval = krb5_build_principal_ext(&my_creds.server, + if ((retval = krb5_build_principal_ext(context, &my_creds.server, client->realm.length, client->realm.data, cpwname.length, /* 6 */ @@ -623,7 +631,7 @@ OLDDECLARG(krb5_principal, client) } old_pwsize = 255; - if ((retval = krb5_read_password( + if ((retval = krb5_read_password(context, prompt, 0, old_password, @@ -635,7 +643,7 @@ OLDDECLARG(krb5_principal, client) /* Build Request for Initial Credentials */ for (i=0; preauth_search_list[i] >= 0; i++) { - retval = krb5_get_in_tkt_with_password( + retval = krb5_get_in_tkt_with_password(context, 0, /* options */ my_addresses, /* do random preauth */ @@ -766,7 +774,7 @@ krb5_error_code retval; new_passwd_length = ADM_MAX_PW_LENGTH+1; /* Read New Password from Terminal (Do Not Print on Screen) */ - if ((retval = krb5_read_password(&prompt[0], 0, + if ((retval = krb5_read_password(context, &prompt[0], 0, new_password, &new_passwd_length))) { fprintf(stderr, "\nError Reading Password Input or Input Aborted\n"); @@ -800,11 +808,11 @@ krb5_error_code retval; } #endif -krb5_error_code -adm5_init_link( realm_of_server, local_socket) -krb5_data *realm_of_server; -int * local_socket; - +static krb5_error_code +adm5_init_link(context, realm_of_server, local_socket) + krb5_context context; + krb5_data *realm_of_server; + int * local_socket; { struct servent *service_process; /* service we will talk to */ struct hostent *remote_host; /* host we will talk to */ @@ -832,7 +840,7 @@ int * local_socket; hostlist = 0; /* Identify all Hosts Associated with this Realm */ - if ((retval = krb5_get_krbhst (realm_of_server, &hostlist))) { + if ((retval = krb5_get_krbhst (context, realm_of_server, &hostlist))) { fprintf(stderr, "krb5_get_krbhst: Unable to Determine Server Name\n"); return(1); } diff --git a/src/kadmin/server/ChangeLog b/src/kadmin/server/ChangeLog index 4720f005b9..4ba19147fb 100644 --- a/src/kadmin/server/ChangeLog +++ b/src/kadmin/server/ChangeLog @@ -1,3 +1,7 @@ +Fri Jan 13 15:23:47 1995 Chris Provenzano (proven@mit.edu) + + * Added krb5_context to all krb5_routines + Mon Dec 19 18:12:18 1994 Theodore Y. Ts'o (tytso@dcl) * adm_listen.c (kill_children): Use syslog instead of krb_log. diff --git a/src/kadmin/server/adm_adm_func.c b/src/kadmin/server/adm_adm_func.c index 7d05d8af7e..6c23dd80b2 100644 --- a/src/kadmin/server/adm_adm_func.c +++ b/src/kadmin/server/adm_adm_func.c @@ -52,12 +52,13 @@ extern int classification; #endif krb5_error_code - adm_build_key (newprinc, client_creds, new_passwd, oper_type, entry) -krb5_principal newprinc; -krb5_ticket *client_creds; -char *new_passwd; -int oper_type; -krb5_db_entry entry; +adm_build_key (context, newprinc, client_creds, new_passwd, oper_type, entry) + krb5_context context; + krb5_principal newprinc; + krb5_ticket *client_creds; + char *new_passwd; + int oper_type; + krb5_db_entry entry; { krb5_data outbuf; int retval; @@ -119,7 +120,7 @@ krb5_db_entry entry; #endif /* Encrypt Password and Phrase */ - if (retval = krb5_mk_priv(&outbuf, + if (retval = krb5_mk_priv(context, &outbuf, ETYPE_DES_CBC_CRC, client_creds->enc_part2->session, &client_server_info.server_addr, @@ -148,7 +149,8 @@ krb5_db_entry entry; free(outbuf.data); /* Send private message to Client */ - if (krb5_write_message(&client_server_info.client_socket, &msg_data)){ + if (krb5_write_message(context, &client_server_info.client_socket, + &msg_data)){ free(msg_data.data); com_err("adm_build_key", 0, "Error Performing Password Write"); return(5); /* Protocol Failure */ @@ -157,13 +159,13 @@ krb5_db_entry entry; free(msg_data.data); /* Read Client Response */ - if (krb5_read_message(&client_server_info.client_socket, &inbuf)){ + if (krb5_read_message(context, &client_server_info.client_socket, &inbuf)){ syslog(LOG_ERR | LOG_INFO, "Error Performing Password Read"); return(5); /* Protocol Failure */ } /* Decrypt Client Response */ - if (retval = krb5_rd_priv(&inbuf, + if (retval = krb5_rd_priv(context, &inbuf, client_creds->enc_part2->session, &client_server_info.client_addr, &client_server_info.server_addr, @@ -188,11 +190,12 @@ krb5_db_entry entry; /* kadmin change password request */ krb5_error_code - adm_change_pwd(prog, customer_name, client_creds, salttype) -char *prog; -char *customer_name; -krb5_ticket *client_creds; -int salttype; +adm_change_pwd(context, prog, customer_name, client_creds, salttype) + krb5_context context; + char *prog; + char *customer_name; + krb5_ticket *client_creds; + int salttype; { krb5_db_entry entry; int nprincs = 1; @@ -207,45 +210,42 @@ int salttype; "Remote Administrative Password Change Request for %s by %s", customer_name, client_server_info.name_of_client); - if (retval = krb5_parse_name(customer_name, &newprinc)) { + if (retval = krb5_parse_name(context, customer_name, &newprinc)) { syslog(LOG_ERR | LOG_INFO, "parse failure while parsing '%s'", customer_name); return(5); /* Protocol Failure */ } - if (!(adm_princ_exists("adm_change_pwd", newprinc, + if (!(adm_princ_exists(context, "adm_change_pwd", newprinc, &entry, &nprincs))) { com_err("adm_change_pwd", 0, "Principal does not exist!"); - krb5_free_principal(newprinc); - krb5_db_free_principal(&entry, nprincs); + krb5_free_principal(context, newprinc); + krb5_db_free_principal(context, &entry, nprincs); return(1); /* Principal Unknown */ } if ((new_passwd = (char *) calloc (1, ADM_MAX_PW_LENGTH+1)) == (char *) 0) { com_err("adm_change_pwd", ENOMEM, "while allocating new_passwd!"); - krb5_free_principal(newprinc); - krb5_db_free_principal(&entry, nprincs); + krb5_free_principal(context, newprinc); + krb5_db_free_principal(context, &entry, nprincs); return(3); /* No Memory */ } oper_type = (salttype == KRB5_KDB_SALTTYPE_NORMAL) ? CHGOPER : CH4OPER; - if (retval = adm_build_key(newprinc, - client_creds, - new_passwd, - oper_type, - entry)) { - krb5_free_principal(newprinc); - krb5_db_free_principal(&entry, nprincs); + if (retval = adm_build_key(context, newprinc, client_creds, + new_passwd, oper_type, entry)) { + krb5_free_principal(context, newprinc); + krb5_db_free_principal(context, &entry, nprincs); free(new_passwd); return(retval); } - retval = krb5_unparse_name(newprinc, &composite_name); + retval = krb5_unparse_name(context, newprinc, &composite_name); entry.salt_type = (krb5_int32) salttype; - if (retval = adm_enter_pwd_key("adm_change_pwd", + if (retval = adm_enter_pwd_key(context, "adm_change_pwd", composite_name, newprinc, newprinc, @@ -253,8 +253,8 @@ int salttype; salttype, new_passwd, &entry)) retval = 8; - krb5_free_principal(newprinc); - krb5_db_free_principal(&entry, nprincs); + krb5_free_principal(context, newprinc); + krb5_db_free_principal(context, &entry, nprincs); free(composite_name); (void) memset(new_passwd, 0, strlen(new_passwd)); @@ -264,10 +264,11 @@ int salttype; /* kadmin add new random key function */ krb5_error_code - adm_change_pwd_rnd(cmdname, customer_name, client_creds) -char *cmdname; -char *customer_name; -krb5_ticket *client_creds; +adm_change_pwd_rnd(context, cmdname, customer_name, client_creds) + krb5_context context; + char *cmdname; + char *customer_name; + krb5_ticket *client_creds; { krb5_db_entry entry; int nprincs = 1; @@ -279,46 +280,47 @@ krb5_ticket *client_creds; "Remote Administrative Random Password Change Request for %s by %s", customer_name, client_server_info.name_of_client); - if (retval = krb5_parse_name(customer_name, &newprinc)) { + if (retval = krb5_parse_name(context, customer_name, &newprinc)) { com_err("adm_change_pwd_rnd", retval, "while parsing '%s'", customer_name); return(5); /* Protocol Failure */ } #ifdef SANDIA if (!(newprinc[2])) { if (retval = check_security(newprinc, classification)) { - krb5_free_principal(newprinc); + krb5_free_principal(context, newprinc); syslog(LOG_ERR, "Principal (%s) - Incorrect Classification level", customer_name); return(6); } } #endif - if (!(adm_princ_exists("adm_change_pwd_rnd", newprinc, + if (!(adm_princ_exists(context, "adm_change_pwd_rnd", newprinc, &entry, &nprincs))) { com_err("adm_change_pwd_rnd", 0, "Principal does not exist!"); - krb5_free_principal(newprinc); - krb5_db_free_principal(&entry, nprincs); + krb5_free_principal(context, newprinc); + krb5_db_free_principal(context, &entry, nprincs); return(1); /* Principal Unknown */ } - if (retval = adm_enter_rnd_pwd_key("adm_change_pwd_rnd", + if (retval = adm_enter_rnd_pwd_key(context, "adm_change_pwd_rnd", newprinc, 1, /* change existing entry */ &entry)) retval = 8; - krb5_free_principal(newprinc); - krb5_db_free_principal(&entry, nprincs); + krb5_free_principal(context, newprinc); + krb5_db_free_principal(context, &entry, nprincs); return(retval); } /* kadmin add new key function */ krb5_error_code - adm_add_new_key(cmdname, customer_name, client_creds, salttype) -char *cmdname; -char *customer_name; -krb5_ticket *client_creds; -int salttype; +adm_add_new_key(context, cmdname, customer_name, client_creds, salttype) + krb5_context context; + char *cmdname; + char *customer_name; + krb5_ticket *client_creds; + int salttype; { krb5_db_entry entry; int nprincs = 1; @@ -331,47 +333,47 @@ int salttype; "Remote Administrative Addition Request for %s by %s", customer_name, client_server_info.name_of_client); - if (retval = krb5_parse_name(customer_name, &newprinc)) { + if (retval = krb5_parse_name(context, customer_name, &newprinc)) { com_err("adm_add_new_key", retval, "while parsing '%s'", customer_name); return(5); /* Protocol Failure */ } #ifdef SANDIA if (!(newprinc[2])) { if (retval = check_security(newprinc, classification)) { - krb5_free_principal(newprinc); + krb5_free_principal(context, newprinc); syslog(LOG_ERR, "Principal (%s) - Incorrect Classification level", customer_name); return(6); } } #endif - if (adm_princ_exists("adm_add_new_key", newprinc, &entry, &nprincs)) { + if (adm_princ_exists(context, "adm_add_new_key",newprinc,&entry,&nprincs)) { com_err("adm_add_new_key", 0, "principal '%s' already exists", customer_name); - krb5_free_principal(newprinc); - krb5_db_free_principal(&entry, nprincs); + krb5_free_principal(context, newprinc); + krb5_db_free_principal(context, &entry, nprincs); return(2); /* Principal Already Exists */ } if ((new_passwd = (char *) calloc (1, 255)) == (char *) 0) { com_err("adm_add_new_key", ENOMEM, "for new_passwd"); - krb5_free_principal(newprinc); - krb5_db_free_principal(&entry, nprincs); + krb5_free_principal(context, newprinc); + krb5_db_free_principal(context, &entry, nprincs); return(3); /* No Memory */ } - if (retval = adm_build_key(newprinc, + if (retval = adm_build_key(context, newprinc, client_creds, new_passwd, ADDOPER, entry)) { - krb5_free_principal(newprinc); - krb5_db_free_principal(&entry, nprincs); + krb5_free_principal(context, newprinc); + krb5_db_free_principal(context, &entry, nprincs); free(new_passwd); return(retval); } - if (retval = adm_enter_pwd_key( "adm_add_new_key", + if (retval = adm_enter_pwd_key(context, "adm_add_new_key", customer_name, newprinc, newprinc, @@ -382,17 +384,18 @@ int salttype; retval = 8; (void) memset(new_passwd, 0, strlen(new_passwd)); free(new_passwd); - krb5_free_principal(newprinc); - krb5_db_free_principal(&entry, nprincs); + krb5_free_principal(context, newprinc); + krb5_db_free_principal(context, &entry, nprincs); return(retval); } /* kadmin add new random key function */ krb5_error_code - adm_add_new_key_rnd(cmdname, customer_name, client_creds) -char *cmdname; -char *customer_name; -krb5_ticket *client_creds; +adm_add_new_key_rnd(context, cmdname, customer_name, client_creds) + krb5_context context; + char *cmdname; + char *customer_name; + krb5_ticket *client_creds; { krb5_db_entry entry; int nprincs = 1; @@ -404,44 +407,46 @@ krb5_ticket *client_creds; "Remote Administrative Addition Request for %s by %s", customer_name, client_server_info.name_of_client); - if (retval = krb5_parse_name(customer_name, &newprinc)) { + if (retval = krb5_parse_name(context, customer_name, &newprinc)) { com_err("adm_add_new_key_rnd", retval, "while parsing '%s'", customer_name); return(5); /* Protocol Failure */ } #ifdef SANDIA if (!(newprinc[2])) { if (retval = check_security(newprinc, classification)) { - krb5_free_principal(newprinc); + krb5_free_principal(context, newprinc); syslog(LOG_ERR, "Principal (%s) - Incorrect Classification level", customer_name); return(6); } } #endif - if (adm_princ_exists("adm_add_new_key_rnd", newprinc, &entry, &nprincs)) { + if (adm_princ_exists(context, "adm_add_new_key_rnd", newprinc, + &entry, &nprincs)) { com_err("adm_add_new_key_rnd", 0, "principal '%s' already exists", customer_name); - krb5_free_principal(newprinc); - krb5_db_free_principal(&entry, nprincs); + krb5_free_principal(context, newprinc); + krb5_db_free_principal(context, &entry, nprincs); return(2); /* Principal Already Exists */ } - if (retval = adm_enter_rnd_pwd_key("adm_add_new_key_rnd", + if (retval = adm_enter_rnd_pwd_key(context, "adm_add_new_key_rnd", newprinc, 0, /* new entry */ &entry)) retval = 8; - krb5_free_principal(newprinc); - krb5_db_free_principal(&entry, nprincs); + krb5_free_principal(context, newprinc); + krb5_db_free_principal(context, &entry, nprincs); return(retval); } /* kadmin delete old key function */ krb5_error_code - adm_del_old_key(cmdname, customer_name) -char *cmdname; -char *customer_name; +adm_del_old_key(context, cmdname, customer_name) + krb5_context context; + char *cmdname; + char *customer_name; { krb5_db_entry entry; int nprincs = 1; @@ -454,45 +459,46 @@ char *customer_name; "Remote Administrative Deletion Request for %s by %s", customer_name, client_server_info.name_of_client); - if (retval = krb5_parse_name(customer_name, &newprinc)) { + if (retval = krb5_parse_name(context, customer_name, &newprinc)) { com_err("adm_del_old_key", retval, "while parsing '%s'", customer_name); return(5); /* Protocol Failure */ } - if (!adm_princ_exists("adm_del_old_key", newprinc, + if (!adm_princ_exists(context, "adm_del_old_key", newprinc, &entry, &nprincs)) { com_err("adm_del_old_key", 0, "principal '%s' is not in the database", customer_name); - krb5_free_principal(newprinc); - krb5_db_free_principal(&entry, nprincs); + krb5_free_principal(context, newprinc); + krb5_db_free_principal(context, &entry, nprincs); return(1); } - if (retval = krb5_db_delete_principal(newprinc, &one)) { + if (retval = krb5_db_delete_principal(context, newprinc, &one)) { com_err("adm_del_old_key", retval, "while deleting '%s'", customer_name); - krb5_free_principal(newprinc); - krb5_db_free_principal(&entry, nprincs); + krb5_free_principal(context, newprinc); + krb5_db_free_principal(context, &entry, nprincs); return(8); } else if (one != 1) { com_err("adm_del_old_key", 0, "no principal deleted - unknown error"); - krb5_free_principal(newprinc); - krb5_db_free_principal(&entry, nprincs); + krb5_free_principal(context, newprinc); + krb5_db_free_principal(context, &entry, nprincs); return(8); } - krb5_free_principal(newprinc); - krb5_db_free_principal(&entry, nprincs); + krb5_free_principal(context, newprinc); + krb5_db_free_principal(context, &entry, nprincs); return(0); } /* kadmin modify existing Principal function */ krb5_error_code - adm_mod_old_key(cmdname, customer_name, client_creds) -char *cmdname; -char *customer_name; -krb5_ticket *client_creds; +adm_mod_old_key(context, cmdname, customer_name, client_creds) + krb5_context context; + char *cmdname; + char *customer_name; + krb5_ticket *client_creds; { krb5_db_entry entry; int nprincs = 1; @@ -510,27 +516,27 @@ krb5_ticket *client_creds; "Remote Administrative Modification Request for %s by %s", customer_name, client_server_info.name_of_client); - if (retval = krb5_parse_name(customer_name, &newprinc)) { + if (retval = krb5_parse_name(context, customer_name, &newprinc)) { com_err("adm_mod_old_key", retval, "while parsing '%s'", customer_name); return(5); /* Protocol Failure */ } for ( ; ; ) { - if (!adm_princ_exists("adm_mod_old_key", newprinc, + if (!adm_princ_exists(context, "adm_mod_old_key", newprinc, &entry, &nprincs)) { - krb5_db_free_principal(&entry, nprincs); + krb5_db_free_principal(context, &entry, nprincs); com_err("adm_mod_old_key", 0, "principal '%s' is not in the database", customer_name); - krb5_free_principal(newprinc); + krb5_free_principal(context, newprinc); return(1); } /* Send Acknowledgement */ if ((outbuf.data = (char *) calloc (1, 255)) == (char *) 0) { - krb5_free_principal(newprinc); - krb5_db_free_principal(&entry, nprincs); + krb5_free_principal(context, newprinc); + krb5_db_free_principal(context, &entry, nprincs); com_err("adm_mod_old_key", ENOMEM, "for outbuf.data"); return(3); /* No Memory */ } @@ -540,7 +546,7 @@ krb5_ticket *client_creds; outbuf.data[1] = MODOPER; outbuf.data[2] = SENDDATA3; - if (retval = krb5_mk_priv(&outbuf, + if (retval = krb5_mk_priv(context, &outbuf, ETYPE_DES_CBC_CRC, client_creds->enc_part2->session, &client_server_info.server_addr, @@ -550,18 +556,19 @@ krb5_ticket *client_creds; 0, 0, &msg_data)) { - krb5_free_principal(newprinc); - krb5_db_free_principal(&entry, nprincs); + krb5_free_principal(context, newprinc); + krb5_db_free_principal(context, &entry, nprincs); com_err("adm_mod_old_key", retval, "during mk_priv"); free(outbuf.data); return(5); /* Protocol Failure */ } free(outbuf.data); - if (krb5_write_message(&client_server_info.client_socket, &msg_data)){ + if (krb5_write_message(context, &client_server_info.client_socket, + &msg_data)){ free(msg_data.data); - krb5_free_principal(newprinc); - krb5_db_free_principal(&entry, nprincs); + krb5_free_principal(context, newprinc); + krb5_db_free_principal(context, &entry, nprincs); com_err("adm_mod_old_key", 0, "Error Performing Modification Write"); return(5); /* Protocol Failure */ @@ -569,16 +576,16 @@ krb5_ticket *client_creds; free(msg_data.data); /* Read Client Response */ - if (krb5_read_message(&client_server_info.client_socket, &inbuf)){ - krb5_free_principal(newprinc); - krb5_db_free_principal(&entry, nprincs); + if (krb5_read_message(context, &client_server_info.client_socket, &inbuf)){ + krb5_free_principal(context, newprinc); + krb5_db_free_principal(context, &entry, nprincs); com_err("adm_mod_old_key", errno, "Error Performing Modification Read"); return(5); /* Protocol Failure */ } /* Decrypt Client Response */ - if (retval = krb5_rd_priv(&inbuf, + if (retval = krb5_rd_priv(context, &inbuf, client_creds->enc_part2->session, &client_server_info.client_addr, &client_server_info.server_addr, @@ -590,8 +597,8 @@ krb5_ticket *client_creds; com_err("adm_mod_old_key", retval, "krb5_rd_priv error %s", error_message(retval)); free(inbuf.data); - krb5_free_principal(newprinc); - krb5_db_free_principal(&entry, nprincs); + krb5_free_principal(context, newprinc); + krb5_db_free_principal(context, &entry, nprincs); return(5); /* Protocol Failure */ } @@ -602,8 +609,8 @@ krb5_ticket *client_creds; /* Decode Message - Modify Database */ if (msg_data.data[2] != SENDDATA3) { free(msg_data.data); - krb5_free_principal(newprinc); - krb5_db_free_principal(&entry, nprincs); + krb5_free_principal(context, newprinc); + krb5_db_free_principal(context, &entry, nprincs); return(5); /* Protocol Failure */ } #ifdef SANDIA @@ -670,34 +677,34 @@ krb5_ticket *client_creds; free(msg_data.data); entry.mod_name = client_server_info.client; - if (retval = krb5_timeofday(&entry.mod_date)) { + if (retval = krb5_timeofday(context, &entry.mod_date)) { com_err("adm_mod_old_key", retval, "while fetching date"); - krb5_free_principal(newprinc); - krb5_db_free_principal(&entry, nprincs); + krb5_free_principal(context, newprinc); + krb5_db_free_principal(context, &entry, nprincs); return(5); /* Protocol Failure */ } - retval = krb5_db_put_principal(&entry, &one); + retval = krb5_db_put_principal(context, &entry, &one); if (retval) { com_err("adm_mod_old_key", retval, "while storing principal"); - krb5_free_principal(newprinc); - krb5_db_free_principal(&entry, nprincs); + krb5_free_principal(context, newprinc); + krb5_db_free_principal(context, &entry, nprincs); return(8); /* Update failed */ } one = 1; } /* for */ - krb5_db_free_principal(&entry, nprincs); - krb5_free_principal(newprinc); + krb5_db_free_principal(context, &entry, nprincs); + krb5_free_principal(context, newprinc); /* Read Client Response */ - if (krb5_read_message(&client_server_info.client_socket, &inbuf)){ + if (krb5_read_message(context, &client_server_info.client_socket, &inbuf)){ com_err("adm_mod_old_key", errno, "Error Performing Read"); return(5); /* Protocol Failure */ } /* Decrypt Client Response */ - if (retval = krb5_rd_priv(&inbuf, + if (retval = krb5_rd_priv(context, &inbuf, client_creds->enc_part2->session, &client_server_info.client_addr, &client_server_info.server_addr, @@ -720,10 +727,11 @@ krb5_ticket *client_creds; /* kadmin inquire existing Principal function */ krb5_error_code - adm_inq_old_key(cmdname, customer_name, client_creds) -char *cmdname; -char *customer_name; -krb5_ticket *client_creds; +adm_inq_old_key(context, cmdname, customer_name, client_creds) + krb5_context context; + char *cmdname; + char *customer_name; + krb5_ticket *client_creds; { krb5_db_entry entry; int nprincs = 1; @@ -737,21 +745,21 @@ krb5_ticket *client_creds; "Remote Administrative Inquiry Request for %s by %s", customer_name, client_server_info.name_of_client); - if (retval = krb5_parse_name(customer_name, &newprinc)) { + if (retval = krb5_parse_name(context, customer_name, &newprinc)) { com_err("adm_inq_old_key", retval, "while parsing '%s'", customer_name); return(5); /* Protocol Failure */ } - if (retval = krb5_unparse_name(newprinc, &fullname)) { - krb5_free_principal(newprinc); + if (retval = krb5_unparse_name(context, newprinc, &fullname)) { + krb5_free_principal(context, newprinc); com_err("adm_inq_old_key", retval, "while unparsing"); return(5); /* Protocol Failure */ } - if (!adm_princ_exists("adm_inq_old_key", newprinc, + if (!adm_princ_exists(context, "adm_inq_old_key", newprinc, &entry, &nprincs)) { - krb5_db_free_principal(&entry, nprincs); - krb5_free_principal(newprinc); + krb5_db_free_principal(context, &entry, nprincs); + krb5_free_principal(context, newprinc); free(fullname); com_err("adm_inq_old_key", 0, "principal '%s' is not in the database", customer_name); @@ -759,28 +767,28 @@ krb5_ticket *client_creds; } if ((outbuf.data = (char *) calloc (1, 2048)) == (char *) 0) { - krb5_db_free_principal(&entry, nprincs); - krb5_free_principal(newprinc); + krb5_db_free_principal(context, &entry, nprincs); + krb5_free_principal(context, newprinc); free(fullname); com_err("adm_inq_old_key", ENOMEM, "for outbuf.data"); return(3); /* No Memory */ } /* Format Inquiry Data */ - if ((retval = adm_fmt_prt(&entry, fullname, outbuf.data))) { - krb5_db_free_principal(&entry, nprincs); - krb5_free_principal(newprinc); + if ((retval = adm_fmt_prt(context, &entry, fullname, outbuf.data))) { + krb5_db_free_principal(context, &entry, nprincs); + krb5_free_principal(context, newprinc); free(fullname); com_err("adm_inq_old_key", 0, "Unable to Format Inquiry Data"); return(5); /* XXX protocol failure --- not right, but.. */ } outbuf.length = strlen(outbuf.data); - krb5_db_free_principal(&entry, nprincs); - krb5_free_principal(newprinc); + krb5_db_free_principal(context, &entry, nprincs); + krb5_free_principal(context, newprinc); free(fullname); /* Encrypt Inquiry Data */ - if (retval = krb5_mk_priv(&outbuf, + if (retval = krb5_mk_priv(context, &outbuf, ETYPE_DES_CBC_CRC, client_creds->enc_part2->session, &client_server_info.server_addr, @@ -797,7 +805,8 @@ krb5_ticket *client_creds; free(outbuf.data); /* Send Inquiry Information */ - if (krb5_write_message(&client_server_info.client_socket, &msg_data)){ + if (krb5_write_message(context, &client_server_info.client_socket, + &msg_data)){ free(msg_data.data); com_err("adm_inq_old_key", 0, "Error Performing Write"); return(5); /* Protocol Failure */ @@ -806,14 +815,14 @@ krb5_ticket *client_creds; free(msg_data.data); /* Read Client Response */ - if (krb5_read_message(&client_server_info.client_socket, &inbuf)){ + if (krb5_read_message(context, &client_server_info.client_socket, &inbuf)){ com_err("adm_inq_old_key", errno, "Error Performing Read"); syslog(LOG_ERR, "adm_inq sock %d", client_server_info.client_socket); return(5); /* Protocol Failure */ } /* Decrypt Client Response */ - if (retval = krb5_rd_priv(&inbuf, + if (retval = krb5_rd_priv(context, &inbuf, client_creds->enc_part2->session, &client_server_info.client_addr, &client_server_info.server_addr, diff --git a/src/kadmin/server/adm_check.c b/src/kadmin/server/adm_check.c index cd645c8fbd..b36c03df5f 100644 --- a/src/kadmin/server/adm_check.c +++ b/src/kadmin/server/adm_check.c @@ -49,8 +49,8 @@ krb5_error_code adm_check_acl(name_of_client, acl_type) -char *name_of_client; -char *acl_type; + char *name_of_client; + char *acl_type; { FILE *acl_file; char input_string[255]; diff --git a/src/kadmin/server/adm_extern.h b/src/kadmin/server/adm_extern.h index 7764588c20..6c7ad4f861 100644 --- a/src/kadmin/server/adm_extern.h +++ b/src/kadmin/server/adm_extern.h @@ -87,5 +87,160 @@ extern char *kadmind_kpasswd_response[]; extern char *kadmind_ksrvutil_response[]; extern char *kadmind_kadmin_response[]; +/* PROTOTYPES */ + +krb5_error_code adm_build_key + PROTOTYPE((krb5_context, + krb5_principal, + krb5_ticket *, + char *, + int, + krb5_db_entry)); + +krb5_error_code adm_change_pwd + PROTOTYPE((krb5_context, + char *, + char *, + krb5_ticket *, + int)); + +krb5_error_code adm_change_pwd_rnd + PROTOTYPE((krb5_context, + char *, + char *, + krb5_ticket *)); + +krb5_error_code adm_add_new_key + PROTOTYPE((krb5_context, + char *, + char *, + krb5_ticket *, + int)); + +krb5_error_code adm_add_new_key_rnd + PROTOTYPE((krb5_context, + char *, + char *, + krb5_ticket *)); + +krb5_error_code adm_del_old_key + PROTOTYPE((krb5_context, + char *, + char *)); + +krb5_error_code adm_mod_old_key + PROTOTYPE((krb5_context, + char *, + char *, + krb5_ticket* )); + +krb5_error_code adm_inq_old_key + PROTOTYPE((krb5_context, + char *, + char *, + krb5_ticket *)); + +krb5_error_code adm_print_exp_time + PROTOTYPE((krb5_context, + char *, + krb5_timestamp)); + +krb5_kvno adm_princ_exists + PROTOTYPE((krb5_context, + char *, + krb5_principal, + krb5_db_entry *, + int *)); + +krb5_error_code adm_enter_rnd_pwd_key + PROTOTYPE((krb5_context, + char *, + krb5_principal, + int, + krb5_db_entry *)); + +krb5_error_code adm5_kadmin + PROTOTYPE((krb5_context, + char *, + krb5_authenticator *, + krb5_ticket *, + char *, + int *)); + +krb5_error_code adm_negotiate_key + PROTOTYPE((krb5_context, + char const *, + krb5_ticket *, + char *)); + +krb5_error_code setup_network + PROTOTYPE((krb5_context, + const char *)); + +krb5_error_code cpw_keyproc + PROTOTYPE((krb5_context, + krb5_pointer, + krb5_principal, + krb5_kvno, + krb5_keyblock **)); + +krb5_error_code process_client + PROTOTYPE((krb5_context, + char *)); + +krb5_error_code cleanexit + PROTOTYPE((krb5_context, + int)); + +krb5_error_code closedown_db + PROTOTYPE((krb5_context)); + +krb5_error_code process_args + PROTOTYPE((krb5_context, + int, + char **)); + +krb5_error_code init_db + PROTOTYPE((krb5_context, + char *, + krb5_principal, + krb5_keyblock *)); + +void setup_com_err + PROTOTYPE((krb5_context)); + +krb5_error_code princ_exists + PROTOTYPE((krb5_context, + krb5_principal, + krb5_db_entry *)); + +krb5_error_code adm_enter_pwd_key + PROTOTYPE((krb5_context, + char * , + char * , + krb5_const_principal , + krb5_const_principal , + int , + int , + char * , + krb5_db_entry * )); + +krb5_error_code adm5_change + PROTOTYPE((krb5_context, + char *, + krb5_principal , + krb5_ticket *)); + +int adm5_listen_and_process + PROTOTYPE((krb5_context, + const char *)); + +krb5_error_code adm5_kpasswd + PROTOTYPE((krb5_context, + char *, + kadmin_requests *, + krb5_ticket *, + char *, + int *)); #endif /* __ADM_EXTERN__ */ diff --git a/src/kadmin/server/adm_fmt_inq.c b/src/kadmin/server/adm_fmt_inq.c index 8a106d343a..9914b6abc1 100644 --- a/src/kadmin/server/adm_fmt_inq.c +++ b/src/kadmin/server/adm_fmt_inq.c @@ -114,9 +114,10 @@ krb5_flags attribs; } krb5_error_code -adm_print_exp_time(ret_data, time_input) -char *ret_data; -krb5_timestamp *time_input; +adm_print_exp_time(context, ret_data, time_input) + krb5_context context; + char *ret_data; + krb5_timestamp *time_input; { char *my_data; struct tm *exp_time; @@ -140,10 +141,11 @@ krb5_timestamp *time_input; } krb5_error_code -adm_fmt_prt(entry, Principal_name, ret_data) -krb5_db_entry *entry; -char *Principal_name; -char *ret_data; +adm_fmt_prt(context, entry, Principal_name, ret_data) + krb5_context context; + krb5_db_entry *entry; + char *Principal_name; + char *ret_data; { struct tm *mod_time; krb5_error_code retval; @@ -168,7 +170,7 @@ char *ret_data; strcat(my_data, thisline); sprintf(thisline, "Principal Key Version (PKV) = %d\n", entry->kvno); strcat(my_data, thisline); - if (retval = adm_print_exp_time(my_data, &entry->expiration)) { + if (retval = adm_print_exp_time(context, my_data, &entry->expiration)) { free(my_data); return retval; } @@ -204,7 +206,7 @@ char *ret_data; sprintf(thisline, "Invalid Authentication Count (FCNT) = %d\n", entry->fail_auth_count); strcat(my_data, thisline); - retval = krb5_timeofday(&now); + retval = krb5_timeofday(context, &now); pwd_expire = (now - entry->last_pwd_change) / 86400; sprintf(thisline, "Password Age is %d Days\n", pwd_expire); strcat(my_data, thisline); diff --git a/src/kadmin/server/adm_funcs.c b/src/kadmin/server/adm_funcs.c index 315767d99d..1f8a3ff2aa 100644 --- a/src/kadmin/server/adm_funcs.c +++ b/src/kadmin/server/adm_funcs.c @@ -72,43 +72,34 @@ krb5_error_code adm_get_rnd_key PROTOTYPE((char *, int, krb5_db_entry *)); -krb5_error_code adm_modify_kdb PROTOTYPE((char const *, - char const *, - krb5_const_principal, - const krb5_keyblock *, - const krb5_keyblock *, - int, - struct saltblock *, - struct saltblock *, - krb5_db_entry *)); - -krb5_error_code adm_enter_pwd_key PROTOTYPE((char *, - char *, - krb5_const_principal, - krb5_const_principal, - int, - int, - char *, - krb5_db_entry *)); - -krb5_error_code adm_negotiate_key PROTOTYPE((char const *, - krb5_ticket *, - char *)); +static krb5_error_code adm_modify_kdb + PROTOTYPE((krb5_context, + char const *, + char const *, + krb5_const_principal, + const krb5_keyblock *, + const krb5_keyblock *, + int, + struct saltblock *, + struct saltblock *, + krb5_db_entry *)); #include <krb5/narrow.h> krb5_kvno -adm_princ_exists(cmdname, principal, entry, nprincs) -char *cmdname; -krb5_principal principal; -krb5_db_entry *entry; -int *nprincs; +adm_princ_exists(context, cmdname, principal, entry, nprincs) + krb5_context context; + char *cmdname; + krb5_principal principal; + krb5_db_entry *entry; + int *nprincs; { krb5_boolean more; krb5_error_code retval; - if (retval = krb5_db_get_principal(principal, entry, nprincs, &more)) { + if (retval = krb5_db_get_principal(context, principal, entry, + nprincs, &more)) { com_err("adm_princ_exists", retval, "while attempting to verify principal's existence"); return(0); @@ -119,26 +110,19 @@ int *nprincs; return(*nprincs); } -krb5_error_code -adm_modify_kdb(DECLARG(char const *, cmdname), - DECLARG(char const *, newprinc), - DECLARG(krb5_const_principal, principal), - DECLARG(const krb5_keyblock *, key), - DECLARG(const krb5_keyblock *, alt_key), - DECLARG(int, req_type), - DECLARG(struct saltblock *, salt), - DECLARG(struct saltblock *, altsalt), - DECLARG(krb5_db_entry *, entry)) -OLDDECLARG(char const *, cmdname) -OLDDECLARG(char const *, newprinc) -OLDDECLARG(krb5_const_principal, principal) -OLDDECLARG(const krb5_keyblock *, key) -OLDDECLARG(const krb5_keyblock *, alt_key) -OLDDECLARG(int, req_type) -OLDDECLARG(struct saltblock *, salt) -OLDDECLARG(struct saltblock *, altsalt) -OLDDECLARG(krb5_db_entry *, entry) - +static krb5_error_code +adm_modify_kdb(context, cmdname, newprinc, principal, key, alt_key, req_type, + salt, altsalt, entry) + krb5_context context; + char const * cmdname; + char const * newprinc; + krb5_const_principal principal; + const krb5_keyblock * key; + const krb5_keyblock * alt_key; + int req_type; + struct saltblock * salt; + struct saltblock * altsalt; + krb5_db_entry * entry; { krb5_error_code retval; int one = 1; @@ -148,7 +132,7 @@ OLDDECLARG(krb5_db_entry *, entry) if (!req_type) { /* New entry - initialize */ memset((char *) entry, 0, sizeof(krb5_db_entry)); - retval = krb5_copy_principal(principal, &entry->principal); + retval = krb5_copy_principal(context, principal, &entry->principal); if (retval) return retval; entry->kvno = KDB5_VERSION_NUM; @@ -156,9 +140,9 @@ OLDDECLARG(krb5_db_entry *, entry) entry->max_renewable_life = master_entry.max_renewable_life; entry->mkvno = master_entry.mkvno; entry->expiration = master_entry.expiration; - retval = krb5_copy_principal(master_princ, &entry->mod_name); + retval = krb5_copy_principal(context, master_princ, &entry->mod_name); if (retval) { - krb5_free_principal(entry->principal); + krb5_free_principal(context, entry->principal); entry->principal = 0; return retval; } @@ -167,13 +151,13 @@ OLDDECLARG(krb5_db_entry *, entry) #ifdef SANDIA entry->attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE; #endif - retval = krb5_copy_principal(principal, &entry->mod_name); + retval = krb5_copy_principal(context, principal, &entry->mod_name); if (retval) return retval; } if (key && key->length) { - retval = krb5_kdb_encrypt_key(&master_encblock, + retval = krb5_kdb_encrypt_key(context, &master_encblock, key, &entry->key); if (retval) { @@ -184,7 +168,7 @@ OLDDECLARG(krb5_db_entry *, entry) } if (alt_key && alt_key->length) { - retval = krb5_kdb_encrypt_key(&master_encblock, + retval = krb5_kdb_encrypt_key(context, &master_encblock, alt_key, &entry->alt_key); if (retval) { @@ -199,7 +183,7 @@ OLDDECLARG(krb5_db_entry *, entry) } } - if (retval = krb5_timeofday(&entry->mod_date)) { + if (retval = krb5_timeofday(context, &entry->mod_date)) { com_err("adm_modify_kdb", retval, "while fetching date"); if (entry->key.contents) { memset((char *) entry->key.contents, 0, entry->key.length); @@ -252,7 +236,7 @@ OLDDECLARG(krb5_db_entry *, entry) entry->alt_salt = 0; } } else { - if (retval = krb5_timeofday(&entry->last_pwd_change)) { + if (retval = krb5_timeofday(context, &entry->last_pwd_change)) { com_err("adm_modify_kdb", retval, "while fetching date"); if (entry->key.contents) { memset((char *) entry->key.contents, 0, entry->key.length); @@ -269,7 +253,7 @@ OLDDECLARG(krb5_db_entry *, entry) } } - retval = krb5_db_put_principal(entry, &one); + retval = krb5_db_put_principal(context, entry, &one); if (entry->key.contents) { memset((char *) entry->key.contents, 0, entry->key.length); @@ -295,22 +279,17 @@ OLDDECLARG(krb5_db_entry *, entry) } krb5_error_code -adm_enter_pwd_key(DECLARG(char *, cmdname), - DECLARG(char *, newprinc), - DECLARG(krb5_const_principal, princ), - DECLARG(krb5_const_principal, string_princ), - DECLARG(int, req_type), - DECLARG(int, salttype), - DECLARG(char *, new_password), - DECLARG(krb5_db_entry *, entry)) -OLDDECLARG(char *, cmdname) -OLDDECLARG(char *, newprinc) -OLDDECLARG(krb5_const_principal, princ) -OLDDECLARG(krb5_const_principal, string_princ) -OLDDECLARG(int, req_type) -OLDDECLARG(int, salttype) -OLDDECLARG(char *, new_password) -OLDDECLARG(krb5_db_entry *, entry) +adm_enter_pwd_key(context, cmdname, newprinc, princ, string_princ, req_type, + salttype, new_password, entry) + krb5_context context; + char * cmdname; + char * newprinc; + krb5_const_principal princ; + krb5_const_principal string_princ; + int req_type; + int salttype; + char * new_password; + krb5_db_entry * entry; { krb5_error_code retval; krb5_keyblock tempkey; @@ -329,7 +308,7 @@ OLDDECLARG(krb5_db_entry *, entry) switch (salttype) { case KRB5_KDB_SALTTYPE_NORMAL: - if (retval = krb5_principal2salt(string_princ, &salt.saltdata)) { + if (retval = krb5_principal2salt(context,string_princ,&salt.saltdata)) { com_err("adm_enter_pwd_key", retval, "while converting principal to salt for '%s'", newprinc); goto cleanup; @@ -343,7 +322,8 @@ OLDDECLARG(krb5_db_entry *, entry) case KRB5_KDB_SALTTYPE_V4: salt.saltdata.data = 0; salt.saltdata.length = 0; - if (retval = krb5_principal2salt(string_princ, &altsalt.saltdata)) { + if (retval = krb5_principal2salt(context, string_princ, + &altsalt.saltdata)) { com_err("adm_enter_pwd_key", retval, "while converting principal to altsalt for '%s'", newprinc); goto cleanup; @@ -353,7 +333,7 @@ OLDDECLARG(krb5_db_entry *, entry) break; case KRB5_KDB_SALTTYPE_NOREALM: - if (retval = krb5_principal2salt_norealm(string_princ, + if (retval = krb5_principal2salt_norealm(context, string_princ, &salt.saltdata)) { com_err("adm_enter_pwd_key", retval, "while converting principal to salt for '%s'", newprinc); @@ -368,7 +348,8 @@ OLDDECLARG(krb5_db_entry *, entry) case KRB5_KDB_SALTTYPE_ONLYREALM: { krb5_data *foo; - if (retval = krb5_copy_data(krb5_princ_realm(string_princ), + if (retval = krb5_copy_data(context, + krb5_princ_realm(context, string_princ), &foo)) { com_err("adm_enter_pwd_key", retval, "while converting principal to salt for '%s'", newprinc); @@ -389,7 +370,7 @@ OLDDECLARG(krb5_db_entry *, entry) goto cleanup; } - if (retval = krb5_string_to_key(&master_encblock, + if (retval = krb5_string_to_key(context, &master_encblock, master_keyblock.keytype, &tempkey, &pwd, @@ -399,7 +380,7 @@ OLDDECLARG(krb5_db_entry *, entry) goto cleanup; } - if (retval = krb5_string_to_key(&master_encblock, + if (retval = krb5_string_to_key(context, &master_encblock, master_keyblock.keytype, &alttempkey, &pwd, @@ -411,7 +392,7 @@ OLDDECLARG(krb5_db_entry *, entry) memset((char *) new_password, 0, sizeof(new_password)); /* erase it */ - retval = adm_modify_kdb("adm_enter_pwd_key", + retval = adm_modify_kdb(context, "adm_enter_pwd_key", newprinc, princ, &tempkey, @@ -439,10 +420,11 @@ cleanup: } krb5_error_code -adm5_change(prog, newprinc, client_creds) -char *prog; -krb5_principal newprinc; -krb5_ticket *client_creds; +adm5_change(context, prog, newprinc, client_creds) + krb5_context context; + char *prog; + krb5_principal newprinc; + krb5_ticket *client_creds; { krb5_db_entry entry; int nprincs = 1; @@ -451,26 +433,26 @@ krb5_ticket *client_creds; char *composite_name; char new_passwd[ADM_MAX_PW_LENGTH + 1]; - if (!(adm_princ_exists("adm5_change", newprinc, + if (!(adm_princ_exists(context, "adm5_change", newprinc, &entry, &nprincs))) { com_err("adm5_change", 0, "No principal exists!"); - krb5_free_principal(newprinc); + krb5_free_principal(context, newprinc); return(1); } memset((char *) new_passwd, 0, ADM_MAX_PW_LENGTH + 1); /* Negotiate for New Key */ - if (retval = adm_negotiate_key("adm5_change", client_creds, + if (retval = adm_negotiate_key(context, "adm5_change", client_creds, new_passwd)) { - krb5_db_free_principal(&entry, nprincs); - krb5_free_principal(newprinc); + krb5_db_free_principal(context, &entry, nprincs); + krb5_free_principal(context, newprinc); return(1); } - if (retval = krb5_unparse_name(newprinc, &composite_name)) { - krb5_free_principal(newprinc); - krb5_db_free_principal(&entry, nprincs); + if (retval = krb5_unparse_name(context, newprinc, &composite_name)) { + krb5_free_principal(context, newprinc); + krb5_db_free_principal(context, &entry, nprincs); return retval; } @@ -480,7 +462,7 @@ krb5_ticket *client_creds; com_err("adm5_change", 0, "Converting v4user to v5user"); } - retval = adm_enter_pwd_key("adm5_change", + retval = adm_enter_pwd_key(context, "adm5_change", composite_name, newprinc, newprinc, @@ -489,8 +471,8 @@ krb5_ticket *client_creds; new_passwd, &entry); (void) memset(new_passwd, 0, strlen(new_passwd)); - krb5_free_principal(newprinc); - krb5_db_free_principal(&entry, nprincs); + krb5_free_principal(context, newprinc); + krb5_db_free_principal(context, &entry, nprincs); free(composite_name); return(retval); } @@ -536,14 +518,12 @@ krb5_ticket *client_creds; #define MAXMSGSZ 255 krb5_error_code -adm_enter_rnd_pwd_key(DECLARG(char *, cmdname), - DECLARG(krb5_principal, change_princ), - DECLARG(int, req_type), - DECLARG(krb5_db_entry *, entry)) -OLDDECLARG(char *, cmdname) -OLDDECLARG(krb5_principal, change_princ) -OLDDECLARG(int, req_type) -OLDDECLARG(krb5_db_entry *, entry) +adm_enter_rnd_pwd_key(context, cmdname, change_princ, req_type, entry) + krb5_context context; + char * cmdname; + krb5_principal change_princ; + int req_type; + krb5_db_entry * entry; { krb5_error_code retval; krb5_keyblock *tempkey; @@ -555,18 +535,18 @@ OLDDECLARG(krb5_db_entry *, entry) salt.salttype = salttype; entry->salt_type = salttype; - if (retval = krb5_init_random_key(&master_encblock, + if (retval = krb5_init_random_key(context, &master_encblock, &master_keyblock, &master_random)) { com_err("adm_enter_rnd_pwd_key", 0, "Unable to Initialize Random Key"); - (void) krb5_finish_key(&master_encblock); + (void) krb5_finish_key(context, &master_encblock); memset((char *)master_keyblock.contents, 0, master_keyblock.length); krb5_xfree(master_keyblock.contents); goto finish; } /* Get Random Key */ - if (retval = krb5_random_key(&master_encblock, + if (retval = krb5_random_key(context, &master_encblock, master_random, &tempkey)) { com_err("adm_enter_rnd_pwd_key", 0, "Unable to Obtain Random Key"); @@ -574,16 +554,16 @@ OLDDECLARG(krb5_db_entry *, entry) } /* Tie the Random Key to the Principal */ - if (retval = krb5_principal2salt(change_princ, &salt.saltdata)) { + if (retval = krb5_principal2salt(context, change_princ, &salt.saltdata)) { com_err("adm_enter_rnd_pwd_key", 0, "Principal2salt Failure"); goto finish; } - if (retval = krb5_unparse_name(change_princ, &principal_name)) + if (retval = krb5_unparse_name(context, change_princ, &principal_name)) goto finish; /* Modify Database */ - retval = adm_modify_kdb("adm_enter_rnd_pwd_key", + retval = adm_modify_kdb(context, "adm_enter_rnd_pwd_key", principal_name, change_princ, tempkey, @@ -604,7 +584,7 @@ OLDDECLARG(krb5_db_entry *, entry) if (tempkey->contents) { memset((char *) tempkey->contents, 0, tempkey->length); - krb5_free_keyblock(tempkey); + krb5_free_keyblock(context, tempkey); } return(retval); diff --git a/src/kadmin/server/adm_kadmin.c b/src/kadmin/server/adm_kadmin.c index f5b62e04d4..a499e557e0 100644 --- a/src/kadmin/server/adm_kadmin.c +++ b/src/kadmin/server/adm_kadmin.c @@ -37,12 +37,13 @@ #include "adm_extern.h" krb5_error_code -adm5_kadmin(prog, client_auth_data, client_creds, retbuf, otype) -char *prog; -krb5_authenticator *client_auth_data; -krb5_ticket *client_creds; -char *retbuf; /* Allocated in Calling Routine */ -int *otype; +adm5_kadmin(context, prog, client_auth_data, client_creds, retbuf, otype) + krb5_context context; + char *prog; + krb5_authenticator *client_auth_data; + krb5_ticket *client_creds; + char *retbuf; /* Allocated in Calling Routine */ + int *otype; { krb5_error_code retval; kadmin_requests request_type; @@ -65,7 +66,7 @@ int *otype; retbuf[2] = SENDDATA2; outbuf.length = 3; - retval = krb5_mk_priv(&outbuf, + retval = krb5_mk_priv(context, &outbuf, ETYPE_DES_CBC_CRC, client_creds->enc_part2->session, &client_server_info.server_addr, @@ -82,7 +83,7 @@ int *otype; } /* Send Acknowledgement Reply to Client */ - if (retval = krb5_write_message(&client_server_info.client_socket, + if (retval = krb5_write_message(context, &client_server_info.client_socket, &msg_data)){ free(msg_data.data); syslog(LOG_ERR, @@ -93,13 +94,13 @@ int *otype; free(msg_data.data); /* Read Username */ - if (krb5_read_message(&client_server_info.client_socket, &inbuf)){ + if (krb5_read_message(context, &client_server_info.client_socket, &inbuf)){ syslog(LOG_ERR | LOG_INFO, "Error Performing Username Read"); return(5); /* Protocol Failure */ } /* Decrypt Client Response */ - if ((retval = krb5_rd_priv(&inbuf, + if ((retval = krb5_rd_priv(context, &inbuf, client_creds->enc_part2->session, &client_server_info.client_addr, &client_server_info.server_addr, @@ -168,7 +169,7 @@ int *otype; } *otype = 1; salttype = KRB5_KDB_SALTTYPE_NORMAL; - retval = adm_add_new_key("adm5_kadmin", customer_name, + retval = adm_add_new_key(context, "adm5_kadmin", customer_name, client_creds, salttype); goto process_retval; @@ -181,7 +182,7 @@ int *otype; } *otype = 2; salttype = KRB5_KDB_SALTTYPE_NORMAL; - retval = adm_change_pwd("adm5_kadmin", customer_name, + retval = adm_change_pwd(context, "adm5_kadmin", customer_name, client_creds, salttype); goto process_retval; @@ -193,8 +194,8 @@ int *otype; goto process_retval; } *otype = 3; - retval = adm_add_new_key_rnd("adm5_kadmin", customer_name, - client_creds); + retval = adm_add_new_key_rnd(context, "adm5_kadmin", + customer_name, client_creds); goto process_retval; case CHROPER: @@ -205,8 +206,8 @@ int *otype; goto process_retval; } *otype = 4; - retval = adm_change_pwd_rnd("adm5_kadmin", customer_name, - client_creds); + retval = adm_change_pwd_rnd(context, "adm5_kadmin", + customer_name, client_creds); goto process_retval; case DELOPER: @@ -217,7 +218,7 @@ int *otype; goto process_retval; } *otype = 5; - retval = adm_del_old_key("adm5_kadmin", customer_name); + retval = adm_del_old_key(context, "adm5_kadmin", customer_name); goto process_retval; case MODOPER: @@ -228,7 +229,7 @@ int *otype; goto process_retval; } *otype = 6; - retval = adm_mod_old_key("adm5_kadmin", customer_name, + retval = adm_mod_old_key(context, "adm5_kadmin", customer_name, client_creds); goto process_retval; @@ -240,7 +241,7 @@ int *otype; goto process_retval; } *otype = 7; - retval = adm_inq_old_key("adm5_kadmin", customer_name, + retval = adm_inq_old_key(context, "adm5_kadmin", customer_name, client_creds); goto process_retval; @@ -253,7 +254,7 @@ int *otype; } *otype = 8; salttype = KRB5_KDB_SALTTYPE_V4; - retval = adm_add_new_key("adm5_kadmin", customer_name, + retval = adm_add_new_key(context, "adm5_kadmin", customer_name, client_creds, salttype); goto process_retval; @@ -266,7 +267,7 @@ int *otype; } *otype = 9; salttype = KRB5_KDB_SALTTYPE_V4; - retval = adm_change_pwd("adm5_kadmin", customer_name, + retval = adm_change_pwd(context, "adm5_kadmin", customer_name, client_creds, salttype); goto process_retval; @@ -336,7 +337,7 @@ send_last: outbuf.length = strlen(retbuf) + 1; /* Send Completion Message */ - if (retval = krb5_mk_priv(&outbuf, + if (retval = krb5_mk_priv(context, &outbuf, ETYPE_DES_CBC_CRC, client_creds->enc_part2->session, &client_server_info.server_addr, @@ -351,7 +352,7 @@ send_last: } /* Send Final Reply to Client */ - if (retval = krb5_write_message(&client_server_info.client_socket, + if (retval = krb5_write_message(context, &client_server_info.client_socket, &msg_data)){ free(msg_data.data); syslog(LOG_ERR, "adm5_kadmin - Error Performing Final Write: %s", diff --git a/src/kadmin/server/adm_kpasswd.c b/src/kadmin/server/adm_kpasswd.c index 660d3efe61..ce7b308bf4 100644 --- a/src/kadmin/server/adm_kpasswd.c +++ b/src/kadmin/server/adm_kpasswd.c @@ -46,12 +46,13 @@ struct cpw_keyproc_arg { }; krb5_error_code -adm5_kpasswd(prog, request_type, client_creds, retbuf, otype) -char *prog; -kadmin_requests *request_type; -krb5_ticket *client_creds; -char *retbuf; -int *otype; +adm5_kpasswd(context, prog, request_type, client_creds, retbuf, otype) + krb5_context context; + char *prog; + kadmin_requests *request_type; + krb5_ticket *client_creds; + char *retbuf; + int *otype; { char completion_msg[520]; krb5_error_code retval; @@ -61,7 +62,7 @@ int *otype; *otype = 3; syslog(LOG_AUTH | LOG_INFO, "adm_kpasswd: kpasswd change received"); - retval = adm5_change("adm5_kpasswd", + retval = adm5_change(context, "adm5_kpasswd", client_server_info.client, client_creds); diff --git a/src/kadmin/server/adm_listen.c b/src/kadmin/server/adm_listen.c index f0b224bfa6..803a64fc29 100644 --- a/src/kadmin/server/adm_listen.c +++ b/src/kadmin/server/adm_listen.c @@ -99,11 +99,12 @@ kill_children() } #endif /* HAVE_SIGSET */ -/* -adm5_listen_and_process - listen on the admin servers port for a request -*/ -adm5_listen_and_process(prog) -const char *prog; +/* adm5_listen_and_process - listen on the admin servers port for a request */ + +int +adm5_listen_and_process(context, prog) + krb5_context context; + const char *prog; { extern int errno; int found; @@ -155,16 +156,16 @@ const char *prog; } if (adm_debug_flag) { - retval = process_client("adm5_listen_and_process"); + retval = process_client(context, "adm5_listen_and_process"); exit(retval); } /* if you want a sep daemon for each server */ - if (!(pid = fork())) { + if (!(pid = fork())) { /* child */ (void) close(client_server_info.server_socket); - retval = process_client("adm5_listen_and_process"); + retval = process_client(context, "adm5_listen_and_process"); exit(retval); } else { /* parent */ diff --git a/src/kadmin/server/adm_nego.c b/src/kadmin/server/adm_nego.c index e763cec6cc..a6edff3f28 100644 --- a/src/kadmin/server/adm_nego.c +++ b/src/kadmin/server/adm_nego.c @@ -49,13 +49,11 @@ #include "adm_extern.h" krb5_error_code -adm_negotiate_key(DECLARG(char const *, prog), - DECLARG(krb5_ticket *, client_creds), - DECLARG(char *, new_passwd)) -OLDDECLARG(char const *, prog) -OLDDECLARG(krb5_ticket *, client_creds) -OLDDECLARG(char *, new_passwd) - +adm_negotiate_key(context, prog, client_creds, new_passwd) + krb5_context context; + char const * prog; + krb5_ticket * client_creds; + char * new_passwd; { krb5_data msg_data, inbuf; krb5_error_code retval; @@ -229,7 +227,7 @@ OLDDECLARG(char *, new_passwd) free_phrases(); /* Encrypt Password/Phrases Encoding */ - retval = krb5_mk_priv(encoded_pw_string, + retval = krb5_mk_priv(context, encoded_pw_string, ETYPE_DES_CBC_CRC, client_creds->enc_part2->session, &client_server_info.server_addr, @@ -249,7 +247,7 @@ OLDDECLARG(char *, new_passwd) } /* Send Encrypted/Encoded Passwords and Phrases to Client */ - if (krb5_write_message(&client_server_info.client_socket, &msg_data)){ + if (krb5_write_message(context, &client_server_info.client_socket, &msg_data)){ free(msg_data.data); free_passwds(); free_pwd_and_phrase_structures(); @@ -262,7 +260,7 @@ OLDDECLARG(char *, new_passwd) #endif /* MACH_PASS - Machine-gen. passwords */ /* Read Client Response */ - if (krb5_read_message(&client_server_info.client_socket, &inbuf)){ + if (krb5_read_message(context, &client_server_info.client_socket, &inbuf)){ #if defined(MACH_PASS) || defined(SANDIA) free_passwds(); free_pwd_and_phrase_structures(); @@ -274,7 +272,7 @@ OLDDECLARG(char *, new_passwd) } /* Decrypt Client Response */ - if ((retval = krb5_rd_priv(&inbuf, + if ((retval = krb5_rd_priv(context, &inbuf, client_creds->enc_part2->session, &client_server_info.client_addr, &client_server_info.server_addr, diff --git a/src/kadmin/server/adm_network.c b/src/kadmin/server/adm_network.c index 0deec9f7eb..6d31f8b09a 100644 --- a/src/kadmin/server/adm_network.c +++ b/src/kadmin/server/adm_network.c @@ -124,8 +124,9 @@ do_child() } krb5_error_code -setup_network(prog) -const char *prog; +setup_network(context, prog) + krb5_context context; + const char *prog; { krb5_error_code retval; char server_host_name[MAXHOSTNAMELEN]; @@ -150,7 +151,7 @@ const char *prog; } - if (retval = krb5_get_default_realm(&lrealm)) { + if (retval = krb5_get_default_realm(context, &lrealm)) { free(client_server_info.name_of_service); com_err( "setup_network", 0, "adm_network: Unable to get Default Realm"); @@ -166,7 +167,7 @@ const char *prog; client_server_info.name_of_service); #endif /* DEBUG */ - if ((retval = krb5_parse_name(client_server_info.name_of_service, + if ((retval = krb5_parse_name(context, client_server_info.name_of_service, &client_server_info.server))) { free(client_server_info.name_of_service); com_err( "setup_network", retval, @@ -176,7 +177,7 @@ const char *prog; if (gethostname(server_host_name, sizeof(server_host_name))) { retval = errno; - krb5_free_principal(client_server_info.server); + krb5_free_principal(context, client_server_info.server); free(client_server_info.name_of_service); com_err( "setup_network", retval, "adm_network: Unable to Identify Who I am"); @@ -214,7 +215,7 @@ const char *prog; service_servent = getservbyname(adm5_tcp_portname, "tcp"); if (!service_servent) { - krb5_free_principal(client_server_info.server); + krb5_free_principal(context, client_server_info.server); free(client_server_info.name_of_service); com_err("setup_network", 0, "adm_network: %s/tcp service unknown", adm5_tcp_portname); @@ -230,7 +231,7 @@ const char *prog; if ((client_server_info.server_socket = socket(AF_INET, SOCK_STREAM, 0)) < 0) { retval = errno; - krb5_free_principal(client_server_info.server); + krb5_free_principal(context, client_server_info.server); free(client_server_info.name_of_service); com_err("setup_network", retval, "adm_network: Cannot create server socket."); @@ -252,7 +253,7 @@ const char *prog; &client_server_info.server_name, sizeof(client_server_info.server_name)) < 0) { retval = errno; - krb5_free_principal(client_server_info.server); + krb5_free_principal(context, client_server_info.server); free(client_server_info.name_of_service); com_err("setup_network", retval, "adm_network: Cannot bind server socket."); diff --git a/src/kadmin/server/adm_process.c b/src/kadmin/server/adm_process.c index 7f0c8e4a63..f92cbc6d9b 100644 --- a/src/kadmin/server/adm_process.c +++ b/src/kadmin/server/adm_process.c @@ -45,17 +45,13 @@ struct cpw_keyproc_arg { krb5_keyblock *key; }; -#include <krb5/widen.h> -static krb5_error_code -cpw_keyproc(DECLARG(krb5_pointer, keyprocarg), - DECLARG(krb5_principal, server), - DECLARG(krb5_kvno, key_vno), - DECLARG(krb5_keyblock **, key)) -OLDDECLARG(krb5_pointer, keyprocarg) -OLDDECLARG(krb5_principal, server) -OLDDECLARG(krb5_kvno, key_vno) -OLDDECLARG(krb5_keyblock **, key) -#include <krb5/narrow.h> +krb5_error_code +cpw_keyproc(context, keyprocarg, server, key_vno, key) + krb5_context context; + krb5_pointer keyprocarg; + krb5_principal server; + krb5_kvno key_vno; + krb5_keyblock ** key; { krb5_error_code retval; krb5_db_entry cpw_entry; @@ -71,11 +67,11 @@ OLDDECLARG(krb5_keyblock **, key) arg = ( struct cpw_keyproc_arg *) keyprocarg; if (arg->key) { - retval = krb5_copy_keyblock(arg->key, key); + retval = krb5_copy_keyblock(context, arg->key, key); if (retval) return retval; } else { - if (retval = krb5_parse_name(client_server_info.name_of_service, + if (retval = krb5_parse_name(context, client_server_info.name_of_service, &cpw_krb)) { syslog(LOG_ERR, "cpw_keyproc %d while attempting to parse \"%s\"", @@ -83,7 +79,7 @@ OLDDECLARG(krb5_keyblock **, key) return(retval); } - if (retval = krb5_db_get_principal(cpw_krb, &cpw_entry, + if (retval = krb5_db_get_principal(context, cpw_krb, &cpw_entry, &nprincs, &more)) { syslog(LOG_ERR, "cpw_keyproc %d while extracting %s entry", @@ -95,18 +91,18 @@ OLDDECLARG(krb5_keyblock **, key) if ((realkey = (krb5_keyblock *) calloc (1, sizeof(krb5_keyblock))) == (krb5_keyblock * ) 0) { - krb5_db_free_principal(&cpw_entry, nprincs); + krb5_db_free_principal(context, &cpw_entry, nprincs); syslog(LOG_ERR, "cpw_keyproc: No Memory for server key"); close(client_server_info.client_socket); return(ENOMEM); } /* Extract the real kadmin/<realm> keyblock */ - if (retval = krb5_kdb_decrypt_key( + if (retval = krb5_kdb_decrypt_key(context, &master_encblock, &cpw_entry.key, realkey)) { - krb5_db_free_principal(&cpw_entry, nprincs); + krb5_db_free_principal(context, &cpw_entry, nprincs); free(realkey); syslog(LOG_ERR, "cpw_keyproc: Cannot extract %s from master key", @@ -121,8 +117,9 @@ OLDDECLARG(krb5_keyblock **, key) } krb5_error_code -process_client(prog) -char *prog; +process_client(context, prog) + krb5_context context; + char *prog; { krb5_error_code retval; @@ -161,7 +158,7 @@ char *prog; /* V4 kpasswd Protocol Hack */ /* Read Length of Data */ - retval = krb5_net_read(client_server_info.client_socket, + retval = krb5_net_read(context, client_server_info.client_socket, (char *) &data_len, 2); if (retval < 0) { syslog(LOG_ERR, "kadmind error: net_read Length Failure"); @@ -169,7 +166,7 @@ char *prog; exit(0); } - if (retval = krb5_db_init()) { /* Open as client */ + if (retval = krb5_db_init(context)) { /* Open as client */ syslog(LOG_ERR, "adm_process: Can't Open Database"); close(client_server_info.client_socket); exit(0); @@ -179,7 +176,7 @@ char *prog; * Messages Note: Here client is the kadmin/<realm> server */ number_of_entries = 1; - if ((retval = krb5_db_get_principal(client_server_info.server, + if ((retval = krb5_db_get_principal(context, client_server_info.server, &server_entry, &number_of_entries, &more))) { @@ -190,13 +187,13 @@ char *prog; } if (more) { - krb5_db_free_principal(&server_entry, number_of_entries); + krb5_db_free_principal(context, &server_entry, number_of_entries); syslog(LOG_ERR, "kadmind error: kadmin/<realm> service not unique"); exit(1); } if (number_of_entries != 1) { - krb5_db_free_principal(&server_entry, number_of_entries); + krb5_db_free_principal(context, &server_entry, number_of_entries); syslog(LOG_ERR, "kadmind error: kadmin/<realm> service UNKNOWN"); close(client_server_info.client_socket); exit(0); @@ -204,7 +201,7 @@ char *prog; if ((cpw_key.key = (krb5_keyblock *) calloc (1, sizeof(krb5_keyblock))) == (krb5_keyblock *) 0) { - krb5_db_free_principal(&server_entry, number_of_entries); + krb5_db_free_principal(context, &server_entry, number_of_entries); syslog(LOG_ERR, "kadmind error: No Memory for server key"); close(client_server_info.client_socket); @@ -212,11 +209,11 @@ char *prog; } /* Extract the real kadmin/<realm> keyblock */ - if (retval = krb5_kdb_decrypt_key( + if (retval = krb5_kdb_decrypt_key(context, &master_encblock, &server_entry.key, (krb5_keyblock *) cpw_key.key)) { - krb5_db_free_principal(&server_entry, number_of_entries); + krb5_db_free_principal(context, &server_entry, number_of_entries); free(cpw_key.key); syslog(LOG_ERR, "kadmind error: Cannot extract kadmin/<realm> from master key"); @@ -251,13 +248,13 @@ char *prog; client_server_info.server_addr.contents = (krb5_octet *) &client_server_info.server_name.sin_addr; - krb5_init_ets(); + krb5_init_ets(context); syslog(LOG_AUTH | LOG_INFO, "Request for Administrative Service Received from %s - Authenticating.", inet_ntoa( client_server_info.client_name.sin_addr )); - if ((retval = krb5_recvauth( + if ((retval = krb5_recvauth(context, (krb5_pointer) &client_server_info.client_socket, ADM5_CPW_VERSION, client_server_info.server, @@ -276,10 +273,10 @@ char *prog; error_message(retval)); (void) sprintf(retbuf, "kadmind error during recvauth: %s\n", error_message(retval)); - krb5_free_keyblock(cpw_key.key); + krb5_free_keyblock(context, cpw_key.key); goto finish; } - krb5_free_keyblock(cpw_key.key); + krb5_free_keyblock(context, cpw_key.key); /* Check if ticket was issued using password (and not tgt) * within the last 5 minutes @@ -291,7 +288,7 @@ char *prog; exit(0); } - if (retval = krb5_timeofday(&adm_time)) { + if (retval = krb5_timeofday(context, &adm_time)) { syslog(LOG_ERR, "Can't get time of day"); close(client_server_info.client_socket); exit(0); @@ -312,7 +309,7 @@ char *prog; exit(0); } - if ((retval = krb5_unparse_name(client_server_info.client, + if ((retval = krb5_unparse_name(context, client_server_info.client, &client_server_info.name_of_client))) { syslog(LOG_ERR, "kadmind error: unparse failed.", error_message(retval)); @@ -330,7 +327,7 @@ char *prog; outbuf.length = 2; /* write back the response */ - if ((retval = krb5_write_message(&client_server_info.client_socket, + if ((retval = krb5_write_message(context, &client_server_info.client_socket, &outbuf))){ syslog(LOG_ERR, "kadmind error: Write Message Failure: %s", error_message(retval)); @@ -339,7 +336,7 @@ char *prog; } /* Ok Now let's get the first private message and respond */ - if (retval = krb5_read_message(&client_server_info.client_socket, + if (retval = krb5_read_message(context, &client_server_info.client_socket, &inbuf)){ syslog(LOG_ERR, "kadmind error: read First Message Failure: %s", error_message(retval)); @@ -347,7 +344,7 @@ char *prog; goto finish; } - if ((retval = krb5_rd_priv(&inbuf, + if ((retval = krb5_rd_priv(context, &inbuf, client_creds->enc_part2->session, &client_server_info.client_addr, &client_server_info.server_addr, @@ -370,7 +367,7 @@ char *prog; switch (request_type.appl_code) { case KPASSWD: req_type = "kpasswd"; - if (retval = adm5_kpasswd("process_client", &request_type, + if (retval = adm5_kpasswd(context, "process_client", &request_type, client_creds, retbuf, &otype)) { goto finish; } @@ -378,8 +375,9 @@ char *prog; case KADMIN: req_type = "kadmin"; - if (retval = adm5_kadmin("process_client", client_auth_data, - client_creds, retbuf, &otype)) { + if (retval = adm5_kadmin(context, "process_client", + client_auth_data, client_creds, + retbuf, &otype)) { goto finish; } retbuf[0] = KADMIN; @@ -410,7 +408,7 @@ char *prog; final_msg.length = strlen(retbuf) + 1; /* Send Completion Message */ - if (retval = krb5_mk_priv(&final_msg, + if (retval = krb5_mk_priv(context, &final_msg, ETYPE_DES_CBC_CRC, client_creds->enc_part2->session, &client_server_info.server_addr, @@ -425,7 +423,7 @@ char *prog; } /* Send Final Reply to Client */ - if (retval = krb5_write_message(&client_server_info.client_socket, + if (retval = krb5_write_message(context, &client_server_info.client_socket, &msg_data)){ free(msg_data.data); syslog(LOG_ERR, "Error Performing Final Write: %s", diff --git a/src/kadmin/server/adm_server.c b/src/kadmin/server/adm_server.c index a5a140f64f..1757a0b747 100644 --- a/src/kadmin/server/adm_server.c +++ b/src/kadmin/server/adm_server.c @@ -77,30 +77,32 @@ krb5_db_entry master_entry; krb5_flags NEW_ATTRIBUTES; -cleanexit(val) +cleanexit(context, val) + krb5_context context; int val; { - (void) krb5_db_fini(); + (void) krb5_db_fini(context); exit(val); } krb5_error_code -closedown_db() +closedown_db(context) + krb5_context context; { krb5_error_code retval; /* clean up master key stuff */ - retval = krb5_finish_key(&master_encblock); + retval = krb5_finish_key(context, &master_encblock); memset((char *)&master_encblock, 0, sizeof(master_encblock)); memset((char *)tgs_key.contents, 0, tgs_key.length); /* close database */ if (retval) { - (void) krb5_db_fini(); + (void) krb5_db_fini(context); return(retval); } else - return(krb5_db_fini()); + return(krb5_db_fini(context)); } void @@ -114,9 +116,10 @@ char *name; } krb5_error_code -process_args(argc, argv) -int argc; -char **argv; +process_args(context, argc, argv) + krb5_context context; + int argc; + char **argv; { krb5_error_code retval; int c; @@ -162,7 +165,7 @@ char **argv; case 'd': /* put code to deal with alt database place */ dbm_db_name = optarg; - if (retval = krb5_dbm_db_set_name(dbm_db_name)) { + if (retval = krb5_dbm_db_set_name(context, dbm_db_name)) { fprintf(stderr, "opening database %s: %s", dbm_db_name, error_message(retval)); exit(1); @@ -204,7 +207,7 @@ char **argv; if (!db_realm) { /* no realm specified, use default realm */ - if (retval = krb5_get_default_realm(&local_realm)) { + if (retval = krb5_get_default_realm(context, &local_realm)) { com_err(argv[0], retval, "while attempting to retrieve default realm"); exit(1); @@ -221,7 +224,7 @@ char **argv; } /* assemble & parse the master key name */ - if (retval = krb5_db_setup_mkey_name(mkey_name, + if (retval = krb5_db_setup_mkey_name(context, mkey_name, db_realm, (char **) 0, &master_princ)) { @@ -234,9 +237,9 @@ char **argv; "while setting up etype %d", kdc_etype); exit(1); } - krb5_use_cstype(&master_encblock, kdc_etype); + krb5_use_cstype(context, &master_encblock, kdc_etype); - if (retval = krb5_db_fetch_mkey( + if (retval = krb5_db_fetch_mkey(context, master_princ, &master_encblock, manual, @@ -265,11 +268,11 @@ char **argv; } krb5_error_code -init_db(dbname, masterkeyname, masterkeyblock) -char *dbname; -krb5_principal masterkeyname; -krb5_keyblock *masterkeyblock; - +init_db(context, dbname, masterkeyname, masterkeyblock) + krb5_context context; + char *dbname; + krb5_principal masterkeyname; + krb5_keyblock *masterkeyblock; { krb5_error_code retval; @@ -279,14 +282,14 @@ krb5_keyblock *masterkeyblock; char tgs_name[255]; /* set db name if appropriate */ - if (dbname && (retval = krb5_db_set_name(dbname))) + if (dbname && (retval = krb5_db_set_name(context, dbname))) return(retval); /* initialize database */ - if (retval = krb5_db_init()) + if (retval = krb5_db_init(context)) return(retval); - if (retval = krb5_db_verify_master_key(masterkeyname, + if (retval = krb5_db_verify_master_key(context, masterkeyname, masterkeyblock, &master_encblock)) { master_encblock.crypto_entry = 0; @@ -294,9 +297,9 @@ krb5_keyblock *masterkeyblock; } /* do any necessary key pre-processing */ - if (retval = krb5_process_key(&master_encblock, masterkeyblock)) { + if (retval = krb5_process_key(context, &master_encblock, masterkeyblock)) { master_encblock.crypto_entry = 0; - (void) krb5_db_fini(); + (void) krb5_db_fini(context); return(retval); } @@ -304,16 +307,16 @@ krb5_keyblock *masterkeyblock; * fetch the master database entry, and hold on to it. */ number_of_entries = 1; - if (retval = krb5_db_get_principal(masterkeyname, &master_entry, + if (retval = krb5_db_get_principal(context, masterkeyname, &master_entry, &number_of_entries, &more)) { return(retval); } if (number_of_entries != 1) { if (number_of_entries) - krb5_db_free_principal(&master_entry, number_of_entries); + krb5_db_free_principal(context, &master_entry, number_of_entries); return(KRB5_KDB_NOMASTERKEY); } else if (more) { - krb5_db_free_principal(&master_entry, number_of_entries); + krb5_db_free_principal(context, &master_entry, number_of_entries); return(KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE); } @@ -327,12 +330,12 @@ krb5_keyblock *masterkeyblock; strcat(tgs_name, masterkeyname->realm.data); strcat(tgs_name, "@"); strcat(tgs_name, masterkeyname->realm.data); - krb5_parse_name(tgs_name, &tgs_server); + krb5_parse_name(context, tgs_name, &tgs_server); tgs_server->type = KRB5_NT_SRV_INST; number_of_entries = 1; - if (retval = krb5_db_get_principal( + if (retval = krb5_db_get_principal(context, tgs_server, &server_entry, &number_of_entries, @@ -341,16 +344,16 @@ krb5_keyblock *masterkeyblock; } if (more) { - krb5_db_free_principal(&server_entry, number_of_entries); - (void) krb5_finish_key(&master_encblock); + krb5_db_free_principal(context, &server_entry, number_of_entries); + (void) krb5_finish_key(context, &master_encblock); memset((char *)&master_encblock, 0, sizeof(master_encblock)); - (void) krb5_db_fini(); + (void) krb5_db_fini(context); return(KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE); } else if (number_of_entries != 1) { - krb5_db_free_principal(&server_entry, number_of_entries); - (void) krb5_finish_key(&master_encblock); + krb5_db_free_principal(context, &server_entry, number_of_entries); + (void) krb5_finish_key(context, &master_encblock); memset((char *)&master_encblock, 0, sizeof(master_encblock)); - (void) krb5_db_fini(); + (void) krb5_db_fini(context); return(KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN); } @@ -358,16 +361,16 @@ krb5_keyblock *masterkeyblock; convert server.key into a real key (it may be encrypted in the database) */ - if (retval = KDB_CONVERT_KEY_OUTOF_DB(&server_entry.key, &tgs_key)) { - krb5_db_free_principal(&server_entry, number_of_entries); - (void) krb5_finish_key(&master_encblock); + if (retval = KDB_CONVERT_KEY_OUTOF_DB(context,&server_entry.key,&tgs_key)) { + krb5_db_free_principal(context, &server_entry, number_of_entries); + (void) krb5_finish_key(context, &master_encblock); memset((char *)&master_encblock, 0, sizeof(master_encblock)); - (void) krb5_db_fini(); + (void) krb5_db_fini(context); return(retval); } tgs_kvno = server_entry.kvno; - krb5_db_free_principal(&server_entry, number_of_entries); + krb5_db_free_principal(context, &server_entry, number_of_entries); return(0); } @@ -441,9 +444,10 @@ kdc_com_err_proc(whoami, code, format, pvar) } void -setup_com_err() +setup_com_err(context) + krb5_context context; { - krb5_init_ets(); + krb5_init_ets(context); (void) set_com_err_hook(kdc_com_err_proc); return; @@ -457,6 +461,7 @@ main(argc, argv) /* adm_server main routine */ int argc; char **argv; { + krb5_context context; krb5_error_code retval; int errout = 0; @@ -466,7 +471,8 @@ char **argv; if (strrchr(argv[0], '/')) argv[0] = (char *)strrchr(argv[0], '/') + 1; - setup_com_err(); + krb5_init_context(&context); + setup_com_err(context); /* Use Syslog for Messages */ #ifndef LOG_AUTH /* 4.2 syslog */ @@ -476,38 +482,36 @@ char **argv; openlog(argv[0], LOG_AUTH|LOG_CONS|LOG_NDELAY|LOG_PID, LOG_LOCAL6); #endif /* LOG_AUTH */ - process_args(argc, argv); /* includes reading master key */ + process_args(context, argc, argv); /* includes reading master key */ setup_signal_handlers(); - if (retval = init_db(dbm_db_name, - master_princ, - &master_keyblock)) { + if (retval = init_db(context, dbm_db_name, master_princ,&master_keyblock)) { com_err(argv[0], retval, "while initializing database"); exit(1); } - if (retval = setup_network(argv[0])) { + if (retval = setup_network(context, argv[0])) { exit(1); } syslog(LOG_AUTH | LOG_INFO, "Admin Server Commencing Operation"); - if (retval = adm5_listen_and_process(argv[0])){ - krb5_free_principal(client_server_info.server); + if (retval = adm5_listen_and_process(context, argv[0])){ + krb5_free_principal(context, client_server_info.server); com_err(argv[0], retval, "while processing network requests"); errout++; } free(client_server_info.name_of_service); - krb5_free_principal(client_server_info.server); + krb5_free_principal(context, client_server_info.server); if (errout = closedown_network(argv[0])) { com_err(argv[0], retval, "while shutting down network"); retval = retval + errout; } - if (errout = closedown_db()) { + if (errout = closedown_db(context)) { com_err(argv[0], retval, "while closing database"); retval = retval + errout; } diff --git a/src/kadmin/server/adm_v4_pwd.c b/src/kadmin/server/adm_v4_pwd.c index 65ccefe5c9..09fb66cffb 100644 --- a/src/kadmin/server/adm_v4_pwd.c +++ b/src/kadmin/server/adm_v4_pwd.c @@ -249,13 +249,13 @@ struct cpw_keyproc_arg *cpw_key; dlen = htons(dlen); - if (krb5_net_write(client_server_info.client_socket, + if (krb5_net_write(context, client_server_info.client_socket, (char *) &dlen, 2) < 0) { syslog(LOG_ERR, "process_v4_kpasswd: Error writing dlen to client"); (void) close(client_server_info.client_socket); } - if (krb5_net_write(client_server_info.client_socket, + if (krb5_net_write(context, client_server_info.client_socket, (char *) *dat, *dat_len) < 0) { syslog(LOG_ERR, "writing to client: %s",error_message(errno)); (void) close(client_server_info.client_socket); @@ -268,9 +268,10 @@ struct cpw_keyproc_arg *cpw_key; } krb5_kvno -princ_exists(principal, entry) -krb5_principal principal; -krb5_db_entry *entry; +princ_exists(context, principal, entry) + krb5_context context; + krb5_principal principal; + krb5_db_entry *entry; { int nprincs = 1; krb5_boolean more; @@ -278,7 +279,8 @@ krb5_db_entry *entry; krb5_kvno vno; nprincs = 1; - if (retval = krb5_db_get_principal(principal, entry, &nprincs, &more)) { + if (retval = krb5_db_get_principal(context, principal, entry, + &nprincs, &more)) { return 0; } @@ -343,7 +345,7 @@ int *outlen; /* Zero Next Output Entry */ memset((char *) &entry, 0, sizeof(entry)); - if (retval = krb5_parse_name(v5_principal, &entry.principal)) { + if (retval = krb5_parse_name(context, v5_principal, &entry.principal)) { syslog(LOG_ERR, "adm_v4_cpw - Error parsing %s", v5_principal); return(1); @@ -374,7 +376,7 @@ int *outlen; memcpy(v5_keyblock->contents, v4_clear_key, 8); - if (retval = krb5_kdb_encrypt_key(&master_encblock, + if (retval = krb5_kdb_encrypt_key(context, &master_encblock, v5_keyblock, &entry.key)) { syslog(LOG_ERR, @@ -389,7 +391,7 @@ int *outlen; #ifdef SANDIA entry.attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE; #endif - if (retval = krb5_timeofday(&entry.mod_date)) { + if (retval = krb5_timeofday(context, &entry.mod_date)) { syslog(LOG_ERR, "adm_v4_cpw - Error while fetching date"); return(1); } @@ -399,7 +401,7 @@ int *outlen; entry.mod_name = entry.principal; /* Should be Person who did Action */ /* Write the Modified Principal to the V5 Database */ - if (retval = krb5_db_put_principal(&entry, &one)) { + if (retval = krb5_db_put_principal(context, &entry, &one)) { syslog(LOG_ERR, "adm_v4_cpw - Error %d while Entering Principal for '%s'", retval, v5_principal); diff --git a/src/kdc/ChangeLog b/src/kdc/ChangeLog index 6e359e3c91..f793d22264 100644 --- a/src/kdc/ChangeLog +++ b/src/kdc/ChangeLog @@ -1,3 +1,7 @@ +Fri Jan 13 15:23:47 1995 Chris Provenzano (proven@mit.edu) + + * Added krb5_context to all krb5_routines + Thu Dec 8 00:33:05 1994 <tytso@rsx-11.mit.edu> * do_tgs_req.c (prepare_error_tgs): Don't free the passed in diff --git a/src/kdc/dispatch.c b/src/kdc/dispatch.c index 7eb27eecf8..8e29a7633a 100644 --- a/src/kdc/dispatch.c +++ b/src/kdc/dispatch.c @@ -30,6 +30,7 @@ #include <krb5/kdb.h> #include <syslog.h> #include "kdc_util.h" +#include "extern.h" krb5_error_code dispatch(pkt, from, is_secondary, response) @@ -57,7 +58,7 @@ dispatch(pkt, from, is_secondary, response) } else if (krb5_is_as_req(pkt)) { if (!(retval = decode_krb5_as_req(pkt, &as_req))) { retval = process_as_req(as_req, from, is_secondary, response); - krb5_free_kdc_req(as_req); + krb5_free_kdc_req(kdc_context, as_req); } } #ifdef KRB4 diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c index 8bc3f07e3b..15cf259a41 100644 --- a/src/kdc/do_as_req.c +++ b/src/kdc/do_as_req.c @@ -77,14 +77,14 @@ check_padata (client, src_addr, padata, pa_id, flags) enckey = &(client->key); /* Extract client key/alt_key from master key */ - retval = KDB_CONVERT_KEY_OUTOF_DB(enckey,&tmpkey); + retval = KDB_CONVERT_KEY_OUTOF_DB(kdc_context,enckey,&tmpkey); if (retval) { syslog( LOG_ERR, "AS_REQ: Unable to extract client key: %s", error_message(retval)); return retval; } - retval = krb5_verify_padata(*padata,client->principal,src_addr, - &tmpkey, pa_id, flags); + retval = krb5_verify_padata(kdc_context, *padata,client->principal, + src_addr, &tmpkey, pa_id, flags); memset((char *)tmpkey.contents, 0, tmpkey.length); krb5_xfree(tmpkey.contents); if (retval && client->alt_key.length) { @@ -93,13 +93,13 @@ check_padata (client, src_addr, padata, pa_id, flags) */ enckey = &(client->alt_key); /* Extract client key/alt_key from master key */ - if (retval = KDB_CONVERT_KEY_OUTOF_DB(enckey,&tmpkey)) { + if (retval = KDB_CONVERT_KEY_OUTOF_DB(kdc_context,enckey,&tmpkey)) { syslog( LOG_ERR, "AS_REQ: Unable to extract client alt_key: %s", error_message(retval)); return retval; } - retval = krb5_verify_padata(*padata,client->principal,src_addr, - &tmpkey, pa_id, flags); + retval = krb5_verify_padata(kdc_context, *padata,client->principal, + src_addr, &tmpkey, pa_id, flags); memset((char *)tmpkey.contents, 0, tmpkey.length); krb5_xfree(tmpkey.contents); } @@ -147,13 +147,13 @@ krb5_data **response; /* filled in with a response packet */ if (!request->client) return(prepare_error_as(request, KDC_ERR_C_PRINCIPAL_UNKNOWN, response)); - if (retval = krb5_unparse_name(request->client, &cname)) { + if (retval = krb5_unparse_name(kdc_context, request->client, &cname)) { syslog(LOG_INFO, "AS_REQ: %s while unparsing client name", error_message(retval)); return(prepare_error_as(request, KDC_ERR_C_PRINCIPAL_UNKNOWN, response)); } - if (retval = krb5_unparse_name(request->server, &sname)) { + if (retval = krb5_unparse_name(kdc_context, request->server, &sname)) { free(cname); syslog(LOG_INFO, "AS_REQ: %s while unparsing server name", error_message(retval)); @@ -176,19 +176,19 @@ krb5_data **response; /* filled in with a response packet */ */ pwreq = 0; if (!cpw) { - retval = krb5_parse_name("changepw/kerberos", &cpw); + retval = krb5_parse_name(kdc_context, "changepw/kerberos", &cpw); if (retval) goto errout; - free(krb5_princ_realm(cpw)->data); - krb5_princ_realm(cpw)->data = 0; + free(krb5_princ_realm(kdc_context, cpw)->data); + krb5_princ_realm(kdc_context, cpw)->data = 0; } - krb5_princ_realm(cpw)->data = krb5_princ_realm(request->server)->data; - if (krb5_principal_compare(request->server, cpw)) + krb5_princ_realm(kdc_context, cpw)->data = krb5_princ_realm(kdc_context, request->server)->data; + if (krb5_principal_compare(kdc_context, request->server, cpw)) pwreq++; c_nprincs = 1; - if (retval = krb5_db_get_principal(request->client, &client, &c_nprincs, - &more)) { + if (retval = krb5_db_get_principal(kdc_context, request->client, &client, + &c_nprincs, &more)) { c_nprincs = 0; goto errout; } @@ -207,8 +207,8 @@ krb5_data **response; /* filled in with a response packet */ } s_nprincs = 1; - if (retval = krb5_db_get_principal(request->server, &server, &s_nprincs, - &more)) { + if (retval = krb5_db_get_principal(kdc_context, request->server, &server, + &s_nprincs, &more)) { s_nprincs = 0; goto errout; } @@ -222,7 +222,7 @@ krb5_data **response; /* filled in with a response packet */ goto errout; } - if (retval = krb5_timeofday(&kdc_time)) { + if (retval = krb5_timeofday(kdc_context, &kdc_time)) { syslog(LOG_INFO, "AS_REQ: TIME_OF_DAY: host %s, %s for %s", fromstring, cname, sname); goto errout; @@ -263,9 +263,9 @@ krb5_data **response; /* filled in with a response packet */ goto errout; } useetype = request->etype[i]; - krb5_use_cstype(&eblock, useetype); + krb5_use_cstype(kdc_context, &eblock, useetype); - if (retval = krb5_random_key(&eblock, + if (retval = krb5_random_key(kdc_context, &eblock, krb5_csarray[useetype]->random_sequence, &session_key)) { /* random key failed */ @@ -366,7 +366,7 @@ krb5_data **response; /* filled in with a response packet */ client.attributes |= KRB5_KDB_DISALLOW_ALL_TIX; } } - krb5_db_put_principal(&client, &one); + krb5_db_put_principal(kdc_context, &client, &one); #endif syslog(LOG_INFO, "AS_REQ: PREAUTH FAILED: host %s, %s for %s (%s)", fromstring, cname, sname, error_message(retval)); @@ -414,9 +414,9 @@ krb5_data **response; /* filled in with a response packet */ /* convert server.key into a real key (it may be encrypted in the database) */ - if (retval = KDB_CONVERT_KEY_OUTOF_DB(&server.key, &encrypting_key)) + if (retval = KDB_CONVERT_KEY_OUTOF_DB(kdc_context, &server.key, &encrypting_key)) goto errout; - retval = krb5_encrypt_tkt_part(&eblock, &encrypting_key, &ticket_reply); + retval = krb5_encrypt_tkt_part(kdc_context, &eblock, &encrypting_key, &ticket_reply); memset((char *)encrypting_key.contents, 0, encrypting_key.length); krb5_xfree(encrypting_key.contents); if (retval) @@ -444,14 +444,15 @@ krb5_data **response; /* filled in with a response packet */ padat_tmp[0]->length = 0; break; case KRB5_KDB_SALTTYPE_NOREALM: - if (retval = krb5_principal2salt_norealm(request->client, + if (retval = krb5_principal2salt_norealm(kdc_context, + request->client, &salt_data)) goto errout; padat_tmp[0]->length = salt_data.length; padat_tmp[0]->contents = (krb5_octet *)salt_data.data; break; case KRB5_KDB_SALTTYPE_ONLYREALM: - data_foo = krb5_princ_realm(request->client); + data_foo = krb5_princ_realm(kdc_context, request->client); padat_tmp[0]->length = data_foo->length; padat_tmp[0]->contents = (krb5_octet *)data_foo->data; break; @@ -487,12 +488,12 @@ krb5_data **response; /* filled in with a response packet */ /* convert client.key into a real key (it may be encrypted in the database) */ - if (retval = KDB_CONVERT_KEY_OUTOF_DB(&client.key, &encrypting_key)) + if (retval = KDB_CONVERT_KEY_OUTOF_DB(kdc_context, &client.key, &encrypting_key)) goto errout; reply.enc_part.etype = useetype; reply.enc_part.kvno = client.kvno; - retval = krb5_encode_kdc_rep(KRB5_AS_REP, &reply_encpart, &eblock, - &encrypting_key, &reply, response); + retval = krb5_encode_kdc_rep(kdc_context, KRB5_AS_REP, &reply_encpart, + &eblock, &encrypting_key, &reply, response); memset((char *)encrypting_key.contents, 0, encrypting_key.length); krb5_xfree(encrypting_key.contents); @@ -521,11 +522,11 @@ errout: if (sname) free(sname); if (c_nprincs) - krb5_db_free_principal(&client, c_nprincs); + krb5_db_free_principal(kdc_context, &client, c_nprincs); if (s_nprincs) - krb5_db_free_principal(&server, s_nprincs); + krb5_db_free_principal(kdc_context, &server, s_nprincs); if (session_key) - krb5_free_keyblock(session_key); + krb5_free_keyblock(kdc_context, session_key); if (ticket_reply.enc_part.ciphertext.data) { memset(ticket_reply.enc_part.ciphertext.data , 0, ticket_reply.enc_part.ciphertext.length); @@ -548,10 +549,10 @@ krb5_data **response; krb5_data *scratch; char *cname = 0, *sname = 0; - if (retval = krb5_unparse_name(request->client, &cname)) + if (retval = krb5_unparse_name(kdc_context, request->client, &cname)) syslog(LOG_INFO, "AS_REQ: %s while unparsing client name for error", error_message(retval)); - if (retval = krb5_unparse_name(request->server, &sname)) + if (retval = krb5_unparse_name(kdc_context, request->server, &sname)) syslog(LOG_INFO, "AS_REQ: %s while unparsing server name for error", error_message(retval)); @@ -567,7 +568,7 @@ krb5_data **response; errpkt.ctime = request->nonce; errpkt.cusec = 0; - if (retval = krb5_us_timeofday(&errpkt.stime, &errpkt.susec)) + if (retval = krb5_us_timeofday(kdc_context, &errpkt.stime, &errpkt.susec)) return(retval); errpkt.error = error; errpkt.server = request->server; @@ -584,7 +585,7 @@ krb5_data **response; errpkt.e_data.length = 0; errpkt.e_data.data = 0; - retval = krb5_mk_error(&errpkt, scratch); + retval = krb5_mk_error(kdc_context, &errpkt, scratch); free(errpkt.text.data); *response = scratch; return retval; diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c index ede57588e5..54e6c368eb 100644 --- a/src/kdc/do_tgs_req.c +++ b/src/kdc/do_tgs_req.c @@ -112,7 +112,7 @@ krb5_data **response; /* filled in with a response packet */ if (!fromstring) fromstring = "<unknown>"; - if (errcode = krb5_unparse_name(request->server, &sname)) { + if (errcode = krb5_unparse_name(kdc_context, request->server, &sname)) { status = "UNPARSING SERVER"; goto cleanup; } @@ -122,7 +122,7 @@ krb5_data **response; /* filled in with a response packet */ header_ticket = req_authdat->ticket; if (header_ticket && header_ticket->enc_part2 && - (errcode2 = krb5_unparse_name(header_ticket->enc_part2->client, + (errcode2 = krb5_unparse_name(kdc_context, header_ticket->enc_part2->client, &cname))) { status = "UNPARSING CLIENT"; errcode = errcode2; @@ -151,8 +151,8 @@ krb5_data **response; /* filled in with a response packet */ header? */ nprincs = 1; - if (retval = krb5_db_get_principal(request->server, &server, &nprincs, - &more)) { + if (retval = krb5_db_get_principal(kdc_context, request->server, &server, + &nprincs, &more)) { syslog(LOG_INFO, "TGS_REQ: GET_PRINCIPAL: authtime %d, host %s, %s for %s (%s)", authtime, fromstring, cname, sname, error_message(retval)); @@ -169,25 +169,25 @@ tgt_again: * might be a request for a TGT for some other realm; we * should do our best to find such a TGS in this db */ - if (firstpass && krb5_princ_size(request->server) == 2) { - krb5_data *server_1 = krb5_princ_component(request->server, 1); - krb5_data *tgs_1 = krb5_princ_component(tgs_server, 1); + if (firstpass && krb5_princ_size(kdc_context, request->server) == 2) { + krb5_data *server_1 = krb5_princ_component(kdc_context, request->server, 1); + krb5_data *tgs_1 = krb5_princ_component(kdc_context, tgs_server, 1); if (server_1->length != tgs_1->length || memcmp(server_1->data, tgs_1->data, tgs_1->length)) { - krb5_db_free_principal(&server, nprincs); + krb5_db_free_principal(kdc_context, &server, nprincs); find_alternate_tgs(request, &server, &more, &nprincs); firstpass = 0; goto tgt_again; } } - krb5_db_free_principal(&server, nprincs); + krb5_db_free_principal(kdc_context, &server, nprincs); status = "UNKNOWN_SERVER"; errcode = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN; goto cleanup; } - if (retval = krb5_timeofday(&kdc_time)) { + if (retval = krb5_timeofday(kdc_context, &kdc_time)) { status = "TIME_OF_DAY"; goto cleanup; } @@ -238,9 +238,9 @@ tgt_again: goto cleanup; } useetype = request->etype[i]; - krb5_use_keytype(&eblock, useetype); + krb5_use_keytype(kdc_context, &eblock, useetype); - retval = krb5_random_key(&eblock, krb5_csarray[useetype]->random_sequence, + retval = krb5_random_key(kdc_context, &eblock, krb5_csarray[useetype]->random_sequence, &session_key); if (retval) { /* random key failed */ @@ -395,7 +395,7 @@ tgt_again: } /* put together an eblock for this encryption */ - krb5_use_cstype(&eblock, request->authorization_data.etype); + krb5_use_cstype(kdc_context, &eblock, request->authorization_data.etype); scratch.length = request->authorization_data.ciphertext.length; if (!(scratch.data = @@ -404,7 +404,7 @@ tgt_again: goto cleanup; } /* do any necessary key pre-processing */ - if (retval = krb5_process_key(&eblock, + if (retval = krb5_process_key(kdc_context, &eblock, header_ticket->enc_part2->session)) { status = "AUTH_PROCESS_KEY"; free(scratch.data); @@ -412,15 +412,15 @@ tgt_again: } /* call the encryption routine */ - if (retval = krb5_decrypt((krb5_pointer) request->authorization_data.ciphertext.data, + if (retval = krb5_decrypt(kdc_context, (krb5_pointer) request->authorization_data.ciphertext.data, (krb5_pointer) scratch.data, scratch.length, &eblock, 0)) { status = "AUTH_ENCRYPT_FAIL"; - (void) krb5_finish_key(&eblock); + (void) krb5_finish_key(kdc_context, &eblock); free(scratch.data); goto cleanup; } - if (retval = krb5_finish_key(&eblock)) { + if (retval = krb5_finish_key(kdc_context, &eblock)) { status = "AUTH_FINISH_KEY"; free(scratch.data); goto cleanup; @@ -511,9 +511,9 @@ tgt_again: } /* decrypt the ticket */ - retval = krb5_decrypt_tkt_part(st_sealing_key, + retval = krb5_decrypt_tkt_part(kdc_context, st_sealing_key, request->second_ticket[st_idx]); - krb5_free_keyblock(st_sealing_key); + krb5_free_keyblock(kdc_context, st_sealing_key); if (retval) { status = "2ND_TKT_DECRYPT"; goto cleanup; @@ -523,9 +523,9 @@ tgt_again: * Make sure the client for the second ticket matches * requested server. */ - if (!krb5_principal_compare(request->server, + if (!krb5_principal_compare(kdc_context, request->server, request->second_ticket[st_idx]->enc_part2->client)) { - if (retval = krb5_unparse_name(request->second_ticket[st_idx]->enc_part2->client, &tmp)) + if (retval = krb5_unparse_name(kdc_context, request->second_ticket[st_idx]->enc_part2->client, &tmp)) tmp = 0; syslog(LOG_INFO, "TGS_REQ: 2ND_TKT_MISMATCH: authtime %d, host %s, %s for %s, 2nd tkt client %s", authtime, fromstring, cname, sname, @@ -536,8 +536,8 @@ tgt_again: ticket_reply.enc_part.kvno = 0; ticket_reply.enc_part.etype = request->second_ticket[st_idx]->enc_part2->session->etype; - krb5_use_cstype(&eblock, ticket_reply.enc_part.etype); - if (retval = krb5_encrypt_tkt_part(&eblock, + krb5_use_cstype(kdc_context, &eblock, ticket_reply.enc_part.etype); + if (retval = krb5_encrypt_tkt_part(kdc_context, &eblock, request->second_ticket[st_idx]->enc_part2->session, &ticket_reply)) { status = "2ND_TKT_ENCRYPT"; @@ -547,15 +547,15 @@ tgt_again: } else { /* convert server.key into a real key (it may be encrypted in the database) */ - if (retval = KDB_CONVERT_KEY_OUTOF_DB(&server.key, &encrypting_key)) { + if (retval = KDB_CONVERT_KEY_OUTOF_DB(kdc_context, &server.key, &encrypting_key)) { status = "CONV_KEY"; goto cleanup; } ticket_reply.enc_part.kvno = server.kvno; ticket_reply.enc_part.etype = useetype; - krb5_use_cstype(&eblock, ticket_reply.enc_part.etype); - retval = krb5_encrypt_tkt_part(&eblock, &encrypting_key, &ticket_reply); + krb5_use_cstype(kdc_context, &eblock, ticket_reply.enc_part.etype); + retval = krb5_encrypt_tkt_part(kdc_context, &eblock, &encrypting_key, &ticket_reply); memset((char *)encrypting_key.contents, 0, encrypting_key.length); krb5_xfree(encrypting_key.contents); @@ -601,9 +601,9 @@ tgt_again: reply.enc_part.etype = req_authdat->authenticator->subkey ? req_authdat->authenticator->subkey->etype : header_ticket->enc_part2->session->etype; - krb5_use_cstype(&eblock, reply.enc_part.etype); + krb5_use_cstype(kdc_context, &eblock, reply.enc_part.etype); - retval = krb5_encode_kdc_rep(KRB5_TGS_REP, &reply_encpart, &eblock, + retval = krb5_encode_kdc_rep(kdc_context, KRB5_TGS_REP, &reply_encpart, &eblock, req_authdat->authenticator->subkey ? req_authdat->authenticator->subkey : header_ticket->enc_part2->session, @@ -641,17 +641,17 @@ cleanup: } if (request) - krb5_free_kdc_req(request); + krb5_free_kdc_req(kdc_context, request); if (req_authdat) - krb5_free_tkt_authent(req_authdat); + krb5_free_tkt_authent(kdc_context, req_authdat); if (cname) free(cname); if (sname) free(sname); if (nprincs) - krb5_db_free_principal(&server, 1); + krb5_db_free_principal(kdc_context, &server, 1); if (session_key) - krb5_free_keyblock(session_key); + krb5_free_keyblock(kdc_context, session_key); if (newtransited) free(enc_tkt_reply.transited.tr_contents.data); @@ -673,7 +673,7 @@ krb5_data **response; errpkt.ctime = request->nonce; errpkt.cusec = 0; - if (retval = krb5_us_timeofday(&errpkt.stime, &errpkt.susec)) + if (retval = krb5_us_timeofday(kdc_context, &errpkt.stime, &errpkt.susec)) return(retval); errpkt.error = error; errpkt.server = request->server; @@ -693,7 +693,7 @@ krb5_data **response; errpkt.e_data.length = 0; errpkt.e_data.data = 0; - retval = krb5_mk_error(&errpkt, scratch); + retval = krb5_mk_error(kdc_context, &errpkt, scratch); free(errpkt.text.data); *response = scratch; return retval; @@ -718,8 +718,9 @@ int *nprincs; *nprincs = 0; *more = FALSE; - if (retval = krb5_walk_realm_tree(krb5_princ_realm(request->server), - krb5_princ_component(request->server, 1), + if (retval = krb5_walk_realm_tree(kdc_context, + krb5_princ_realm(kdc_context, request->server), + krb5_princ_component(kdc_context, request->server, 1), &plist, KRB5_REALM_BRANCH_CHAR)) return; @@ -730,36 +731,38 @@ int *nprincs; ignore it */ while (--pl2 > plist) { *nprincs = 1; - tmp = *krb5_princ_realm(*pl2); - krb5_princ_set_realm(*pl2, krb5_princ_realm(tgs_server)); - retval = krb5_db_get_principal(*pl2, server, nprincs, more); - krb5_princ_set_realm(*pl2, &tmp); + tmp = *krb5_princ_realm(kdc_context, *pl2); + krb5_princ_set_realm(kdc_context, *pl2, + krb5_princ_realm(kdc_context, tgs_server)); + retval = krb5_db_get_principal(kdc_context, *pl2, server, nprincs, more); + krb5_princ_set_realm(kdc_context, *pl2, &tmp); if (retval) { *nprincs = 0; *more = FALSE; - krb5_free_realm_tree(plist); + krb5_free_realm_tree(kdc_context, plist); return; } if (*more) { - krb5_db_free_principal(server, *nprincs); + krb5_db_free_principal(kdc_context, server, *nprincs); continue; } else if (*nprincs == 1) { /* Found it! */ krb5_principal tmpprinc; char *sname; - tmp = *krb5_princ_realm(*pl2); - krb5_princ_set_realm(*pl2, krb5_princ_realm(tgs_server)); - if (retval = krb5_copy_principal(*pl2, &tmpprinc)) { - krb5_db_free_principal(server, *nprincs); - krb5_princ_set_realm(*pl2, &tmp); + tmp = *krb5_princ_realm(kdc_context, *pl2); + krb5_princ_set_realm(kdc_context, *pl2, + krb5_princ_realm(kdc_context, tgs_server)); + if (retval = krb5_copy_principal(kdc_context, *pl2, &tmpprinc)) { + krb5_db_free_principal(kdc_context, server, *nprincs); + krb5_princ_set_realm(kdc_context, *pl2, &tmp); continue; } - krb5_princ_set_realm(*pl2, &tmp); + krb5_princ_set_realm(kdc_context, *pl2, &tmp); - krb5_free_principal(request->server); + krb5_free_principal(kdc_context, request->server); request->server = tmpprinc; - if (krb5_unparse_name(request->server, &sname)) { + if (krb5_unparse_name(kdc_context, request->server, &sname)) { syslog(LOG_INFO, "TGS_REQ: issuing alternate <un-unparseable> TGT"); } else { @@ -769,13 +772,13 @@ int *nprincs; } return; } - krb5_db_free_principal(server, *nprincs); + krb5_db_free_principal(kdc_context, server, *nprincs); continue; } *nprincs = 0; *more = FALSE; - krb5_free_realm_tree(plist); + krb5_free_realm_tree(kdc_context, plist); return; } diff --git a/src/kdc/extern.h b/src/kdc/extern.h index 3eb7701ac3..cb294aca7f 100644 --- a/src/kdc/extern.h +++ b/src/kdc/extern.h @@ -29,10 +29,11 @@ #define __KRB5_KDC_EXTERN__ /* various externs for KDC */ -extern krb5_rcache kdc_rcache; /* KDC's replay cache */ +extern krb5_context kdc_context; /* New context for API changes */ +extern krb5_rcache kdc_rcache; /* KDC's replay cache */ -extern krb5_data empty_string; /* an empty string */ -extern krb5_timestamp kdc_infinity; /* greater than all other timestamps */ +extern krb5_data empty_string; /* an empty string */ +extern krb5_timestamp kdc_infinity; /* greater than all other timestamps */ extern krb5_deltat max_life_for_realm; /* XXX should be a parameter? */ extern krb5_deltat max_renewable_life_for_realm; /* XXX should be a parameter? */ diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c index e76bb4967d..bc09ee96d5 100644 --- a/src/kdc/kdc_util.c +++ b/src/kdc/kdc_util.c @@ -68,7 +68,7 @@ krb5_authdata ***output; /* now walk & copy */ retdata[i] = (krb5_authdata *)malloc(sizeof(*retdata[i])); if (!retdata[i]) { - krb5_free_authdata(retdata); + krb5_free_authdata(kdc_context, retdata); return ENOMEM; } *retdata[i] = **ptr; @@ -76,7 +76,7 @@ krb5_authdata ***output; (krb5_octet *)malloc(retdata[i]->length))) { krb5_xfree(retdata[i]); retdata[i] = 0; - krb5_free_authdata(retdata); + krb5_free_authdata(kdc_context, retdata); return ENOMEM; } memcpy((char *) retdata[i]->contents, @@ -91,13 +91,12 @@ krb5_authdata ***output; } krb5_boolean -realm_compare(DECLARG(krb5_principal, princ1), - DECLARG(krb5_principal, princ2)) -OLDDECLARG(krb5_principal, princ1) -OLDDECLARG(krb5_principal, princ2) +realm_compare(princ1, princ2) + krb5_principal princ1; + krb5_principal princ2; { - krb5_data *realm1 = krb5_princ_realm(princ1); - krb5_data *realm2 = krb5_princ_realm(princ2); + krb5_data *realm1 = krb5_princ_realm(kdc_context, princ1); + krb5_data *realm2 = krb5_princ_realm(kdc_context, princ2); return((realm1->length == realm2->length) && !memcmp(realm1->data, realm2->data, realm1->length)); @@ -116,21 +115,19 @@ struct kparg { #include <krb5/widen.h> static krb5_error_code -kdc_rdreq_keyproc(DECLARG(krb5_pointer, keyprocarg), - DECLARG(krb5_principal, principal), - DECLARG(krb5_kvno, vno), - DECLARG(krb5_keyblock **, key)) -OLDDECLARG(krb5_pointer, keyprocarg) -OLDDECLARG(krb5_principal, principal) -OLDDECLARG(krb5_kvno, vno) -OLDDECLARG(krb5_keyblock **, key) +kdc_rdreq_keyproc(context, keyprocarg, principal, vno, key) + krb5_context context; + krb5_pointer keyprocarg; + krb5_principal principal; + krb5_kvno vno; + krb5_keyblock ** key; #include <krb5/narrow.h> { register struct kparg *whoisit = (struct kparg *)keyprocarg; char *sname; if (vno != whoisit->kvno) { - if (!krb5_unparse_name(principal, &sname)) { + if (!krb5_unparse_name(context, principal, &sname)) { syslog(LOG_ERR, "TGS_REQ: BAD KEY VNO: server='%s', expecting %d, got %d", sname, vno, whoisit->kvno); @@ -138,7 +135,7 @@ OLDDECLARG(krb5_keyblock **, key) } return KRB5KRB_AP_ERR_BADKEYVER; } - return(krb5_copy_keyblock(whoisit->key, key)); + return(krb5_copy_keyblock(context, whoisit->key, key)); } /* @@ -148,9 +145,9 @@ OLDDECLARG(krb5_keyblock **, key) krb5_boolean krb5_is_tgs_principal(principal) krb5_principal principal; { - if ((krb5_princ_component(principal, 0)->length == + if ((krb5_princ_component(kdc_context, principal, 0)->length == KRB5_TGS_NAME_SIZE) && - (!memcmp(krb5_princ_component(principal, 0)->data, + (!memcmp(krb5_princ_component(kdc_context, principal, 0)->data, KRB5_TGS_NAME, KRB5_TGS_NAME_SIZE))) return TRUE; return FALSE; @@ -171,7 +168,7 @@ krb5_checksum *dest; krb5_error_code retval; /* first compute checksum */ - if (retval = krb5_calculate_checksum(type, + if (retval = krb5_calculate_checksum(kdc_context, type, source->data, source->length, authdat->ticket->enc_part2->session->contents, /* seed */ @@ -254,21 +251,21 @@ krb5_tkt_authent **ret_authdat; we set a flag here for checking below. */ - if ((krb5_princ_realm(apreq->ticket->server)->length != - krb5_princ_realm(tgs_server)->length) || - memcmp(krb5_princ_realm(apreq->ticket->server)->data, - krb5_princ_realm(tgs_server)->data, - krb5_princ_realm(tgs_server)->length)) + if ((krb5_princ_realm(kdc_context, apreq->ticket->server)->length != + krb5_princ_realm(kdc_context, tgs_server)->length) || + memcmp(krb5_princ_realm(kdc_context, apreq->ticket->server)->data, + krb5_princ_realm(kdc_context, tgs_server)->data, + krb5_princ_realm(kdc_context, tgs_server)->length)) foreign_server = TRUE; - retval = krb5_rd_req_decoded(apreq, apreq->ticket->server, + retval = krb5_rd_req_decoded(kdc_context, apreq, apreq->ticket->server, from->address, 0, /* no fetchfrom */ kdc_rdreq_keyproc, (krb5_pointer)&who, kdc_rcache, &nauthdat); - krb5_free_keyblock(who.key); + krb5_free_keyblock(kdc_context, who.key); if (retval) { apreq->ticket = 0; /* Caller will free the ticket */ @@ -289,8 +286,8 @@ krb5_tkt_authent **ret_authdat; /* make sure the client is of proper lineage (see above) */ if (foreign_server) { - krb5_data *tkt_realm = krb5_princ_realm(ticket_enc->client); - krb5_data *tgs_realm = krb5_princ_realm(tgs_server); + krb5_data *tkt_realm = krb5_princ_realm(kdc_context, ticket_enc->client); + krb5_data *tgs_realm = krb5_princ_realm(kdc_context, tgs_server); if (tkt_realm->length == tgs_realm->length && !memcmp(tkt_realm->data, tgs_realm->data, tgs_realm->length)) { /* someone in a foreign realm claiming to be local */ @@ -315,7 +312,7 @@ krb5_tkt_authent **ret_authdat; } if (!(our_cksum.contents = (krb5_octet *) - malloc(krb5_checksum_size(our_cksum.checksum_type)))) { + malloc(krb5_checksum_size(kdc_context, our_cksum.checksum_type)))) { retval = ENOMEM; goto cleanup; } @@ -344,9 +341,9 @@ krb5_tkt_authent **ret_authdat; cleanup: if (apreq) - krb5_free_ap_req(apreq); + krb5_free_ap_req(kdc_context, apreq); if (scratch) - krb5_free_data(scratch); + krb5_free_data(kdc_context, scratch); return retval; } @@ -361,25 +358,25 @@ krb5_kvno *kvno; krb5_db_entry server; krb5_boolean more; - if (krb5_principal_compare(tgs_server, ticket->server)) { + if (krb5_principal_compare(kdc_context, tgs_server, ticket->server)) { *kvno = tgs_kvno; - return krb5_copy_keyblock(&tgs_key, key); + return krb5_copy_keyblock(kdc_context, &tgs_key, key); } else { nprincs = 1; - if (retval = krb5_db_get_principal(ticket->server, + if (retval = krb5_db_get_principal(kdc_context, ticket->server, &server, &nprincs, &more)) { return(retval); } if (more) { - krb5_db_free_principal(&server, nprincs); + krb5_db_free_principal(kdc_context, &server, nprincs); return(KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE); } else if (nprincs != 1) { char *sname; - krb5_db_free_principal(&server, nprincs); - if (!krb5_unparse_name(ticket->server, &sname)) { + krb5_db_free_principal(kdc_context, &server, nprincs); + if (!krb5_unparse_name(kdc_context, ticket->server, &sname)) { syslog(LOG_ERR, "TGS_REQ: UNKNOWN SERVER: server='%s'", sname); free(sname); @@ -389,11 +386,11 @@ krb5_kvno *kvno; /* convert server.key into a real key (it may be encrypted in the database) */ if (*key = (krb5_keyblock *)malloc(sizeof **key)) { - retval = KDB_CONVERT_KEY_OUTOF_DB(&server.key, *key); + retval = KDB_CONVERT_KEY_OUTOF_DB(kdc_context, &server.key, *key); } else retval = ENOMEM; *kvno = server.kvno; - krb5_db_free_principal(&server, nprincs); + krb5_db_free_principal(kdc_context, &server, nprincs); return retval; } } @@ -521,16 +518,12 @@ char *r2; */ krb5_error_code -add_to_transited(DECLARG(krb5_data *, tgt_trans), - DECLARG(krb5_data *, new_trans), - DECLARG(krb5_principal, tgs), - DECLARG(krb5_principal, client), - DECLARG(krb5_principal, server)) -OLDDECLARG(krb5_data *, tgt_trans) -OLDDECLARG(krb5_data *, new_trans) -OLDDECLARG(krb5_principal, tgs) -OLDDECLARG(krb5_principal, client) -OLDDECLARG(krb5_principal, server) +add_to_transited(tgt_trans, new_trans, tgs, client, server) + krb5_data * tgt_trans; + krb5_data * new_trans; + krb5_principal tgs; + krb5_principal client; + krb5_principal server; { char *realm; char *trans; @@ -547,11 +540,12 @@ OLDDECLARG(krb5_principal, server) int pl, pl1; /* prefix length */ int added; /* TRUE = new realm has been added */ - if (!(realm = (char *) malloc(krb5_princ_realm(tgs)->length+1))) { + if (!(realm = (char *) malloc(krb5_princ_realm(kdc_context, tgs)->length+1))) { return(ENOMEM); } - memcpy(realm, krb5_princ_realm(tgs)->data, krb5_princ_realm(tgs)->length); - realm[krb5_princ_realm(tgs)->length] = '\0'; + memcpy(realm, krb5_princ_realm(kdc_context, tgs)->data, + krb5_princ_realm(kdc_context, tgs)->length); + realm[krb5_princ_realm(kdc_context, tgs)->length] = '\0'; if (!(otrans = (char *) malloc(tgt_trans->length+1))) { return(ENOMEM); @@ -583,10 +577,10 @@ OLDDECLARG(krb5_principal, server) if (otrans[0] == ',') otrans++; - added = (krb5_princ_realm(client)->length == strlen(realm) && - !strncmp(krb5_princ_realm(client)->data, realm, strlen(realm))) || - (krb5_princ_realm(server)->length == strlen(realm) && - !strncmp(krb5_princ_realm(server)->data, realm, strlen(realm))); + added = (krb5_princ_realm(kdc_context, client)->length == strlen(realm) && + !strncmp(krb5_princ_realm(kdc_context, client)->data, realm, strlen(realm))) || + (krb5_princ_realm(kdc_context, server)->length == strlen(realm) && + !strncmp(krb5_princ_realm(kdc_context, server)->data, realm, strlen(realm))); while (current[0]) { @@ -1034,7 +1028,7 @@ char **status; * originally requested) */ if (request->kdc_options & NO_TGT_OPTION) { - if (!krb5_principal_compare(ticket->server, request->server)) { + if (!krb5_principal_compare(kdc_context, ticket->server, request->server)) { *status = "SERVER DIDN'T MATCH TICKET FOR RENEW/FORWARD/ETC"; return(KDC_ERR_SERVER_NOMATCH); } @@ -1054,7 +1048,7 @@ char **status; */ /* Make sure there are two components... */ - if (krb5_princ_size(ticket->server) != 2) { + if (krb5_princ_size(kdc_context, ticket->server) != 2) { *status = "BAD TGS SERVER LENGTH"; return KRB_AP_ERR_NOT_US; } @@ -1064,11 +1058,11 @@ char **status; return KRB_AP_ERR_NOT_US; } /* ...and that the second component matches the server realm... */ - if ((krb5_princ_component(ticket->server, 1)->length != - krb5_princ_realm(request->server)->length) || - memcmp(krb5_princ_component(ticket->server, 1)->data, - krb5_princ_realm(request->server)->data, - krb5_princ_realm(request->server)->length)) { + if ((krb5_princ_component(kdc_context, ticket->server, 1)->length != + krb5_princ_realm(kdc_context, request->server)->length) || + memcmp(krb5_princ_component(kdc_context, ticket->server, 1)->data, + krb5_princ_realm(kdc_context, request->server)->data, + krb5_princ_realm(kdc_context, request->server)->length)) { *status = "BAD TGS SERVER INSTANCE"; return KRB_AP_ERR_NOT_US; } @@ -1216,7 +1210,7 @@ char **status; *status = "NO_2ND_TKT"; return(KDC_ERR_BADOPTION); } - if (!krb5_principal_compare(request->second_ticket[st_idx]->server, + if (!krb5_principal_compare(kdc_context, request->second_ticket[st_idx]->server, tgs_server)) { *status = "2ND_TKT_NOT_TGS"; return(KDC_ERR_POLICY); diff --git a/src/kdc/kerberos_v4.c b/src/kdc/kerberos_v4.c index 82aca95ffc..d9217522a5 100644 --- a/src/kdc/kerberos_v4.c +++ b/src/kdc/kerberos_v4.c @@ -414,7 +414,7 @@ krb5_data **resp; KTEXT_ST v4_pkt; char *lrealm; - if (retval = krb5_timeofday((krb5_timestamp *) &kerb_time.tv_sec)) + if (retval = krb5_timeofday(kdc_context, (krb5_timestamp *) &kerb_time.tv_sec)) return(retval); if (!*local_realm) { /* local-realm name already set up */ @@ -511,7 +511,7 @@ int to_len; return ENOMEM; } if ( !(response->data = (char *) malloc( len))) { - krb5_free_data( response); + krb5_free_data(kdc_context, response); return ENOMEM; } response->length = len; @@ -554,7 +554,7 @@ compat_decrypt_key (in5, out4) int retval = -1; out5.contents = NULL; - if ( krb5_kdb_decrypt_key( &master_encblock, in5, &out5)) { + if ( krb5_kdb_decrypt_key(kdc_context, &master_encblock, in5, &out5)) { lt = klog(L_DEATH_REQ, "KDC can't decrypt principal's key."); } if ( ! out5.contents) return( retval); @@ -614,13 +614,13 @@ kerb_get_principal(name, inst, principal, maxn, more) */ - retval = krb5_425_conv_principal(name, inst, local_realm, &search); + retval = krb5_425_conv_principal(kdc_context, name, inst, local_realm, &search); if (retval) { *more = 0; return(0); } - retval = krb5_db_get_principal(search, &entries, &nprinc, &more5); - krb5_free_principal(search); + retval = krb5_db_get_principal(kdc_context, search, &entries, &nprinc, &more5); + krb5_free_principal(kdc_context, search); if (retval) { *more = 0; return(0); @@ -679,7 +679,7 @@ cleanup: * which was allocated by krb5_db_get_principal(). * this routine clears the keyblock's contents for us. */ - krb5_db_free_principal( &entries, nprinc); + krb5_db_free_principal(kdc_context, &entries, nprinc); *more = (int) more5 || (nprinc > maxn); return( nprinc); diff --git a/src/kdc/main.c b/src/kdc/main.c index 5f01081fc2..5de4b4aa5e 100644 --- a/src/kdc/main.c +++ b/src/kdc/main.c @@ -101,7 +101,7 @@ kdc_com_err_proc(whoami, code, format, pvar) void setup_com_err() { - krb5_init_ets(); + krb5_init_ets(kdc_context); initialize_kdc5_error_table(); (void) set_com_err_hook(kdc_com_err_proc); return; @@ -188,7 +188,7 @@ char **argv; } if (!db_realm) { /* no realm specified, use default realm */ - if (retval = krb5_get_default_realm(&lrealm)) { + if (retval = krb5_get_default_realm(kdc_context, &lrealm)) { com_err(argv[0], retval, "while attempting to retrieve default realm"); exit(1); @@ -204,32 +204,32 @@ char **argv; if (!rcname) rcname = KDCRCACHE; - if (retval = krb5_rc_resolve_full(&kdc_rcache, rcname)) { + if (retval = krb5_rc_resolve_full(kdc_context, &kdc_rcache, rcname)) { com_err(argv[0], retval, "while resolving replay cache '%s'", rcname); exit(1); } - if ((retval = krb5_rc_recover(kdc_rcache)) && - (retval2 = krb5_rc_initialize(kdc_rcache, krb5_clockskew))) { + if ((retval = krb5_rc_recover(kdc_context, kdc_rcache)) && + (retval2 = krb5_rc_initialize(kdc_context, kdc_rcache, krb5_clockskew))) { com_err(argv[0], retval, "while recovering replay cache '%s:%s'", kdc_rcache->ops->type, - krb5_rc_get_name(kdc_rcache)); + krb5_rc_get_name(kdc_context, kdc_rcache)); com_err(argv[0], retval2, "while initializing replay cache '%s:%s'", kdc_rcache->ops->type, - krb5_rc_get_name(kdc_rcache)); + krb5_rc_get_name(kdc_context, kdc_rcache)); exit(1); } - if ((retval = krb5_rc_expunge(kdc_rcache))) { + if ((retval = krb5_rc_expunge(kdc_context, kdc_rcache))) { com_err(argv[0], retval, "while expunging replay cache '%s:%s'", kdc_rcache->ops->type, - krb5_rc_get_name(kdc_rcache)); + krb5_rc_get_name(kdc_context, kdc_rcache)); exit(1); } /* assemble & parse the master key name */ - if (retval = krb5_db_setup_mkey_name(mkey_name, db_realm, (char **) 0, + if (retval = krb5_db_setup_mkey_name(kdc_context, mkey_name, db_realm, (char **) 0, &master_princ)) { com_err(argv[0], retval, "while setting up master key name"); - (void) krb5_rc_close(kdc_rcache); + (void) krb5_rc_close(kdc_context, kdc_rcache); exit(1); } @@ -238,13 +238,13 @@ char **argv; "while setting up etype %d", kdc_etype); exit(1); } - krb5_use_cstype(&master_encblock, kdc_etype); + krb5_use_cstype(kdc_context, &master_encblock, kdc_etype); - if (retval = krb5_db_fetch_mkey(master_princ, &master_encblock, manual, + if (retval = krb5_db_fetch_mkey(kdc_context, master_princ, &master_encblock, manual, FALSE, /* only read it once, if at all */ 0, &master_keyblock)) { com_err(argv[0], retval, "while fetching master key"); - (void) krb5_rc_close(kdc_rcache); + (void) krb5_rc_close(kdc_context, kdc_rcache); exit(1); } /* initialize random key generators */ @@ -274,8 +274,8 @@ char *prog; rtype = strdup(kdc_rcache->ops->type); else rtype = strdup("Unknown_rcache_type"); - rname = strdup(krb5_rc_get_name(kdc_rcache)); - if (retval = krb5_rc_close(kdc_rcache)) { + rname = strdup(krb5_rc_get_name(kdc_context, kdc_rcache)); + if (retval = krb5_rc_close(kdc_context, kdc_rcache)) { com_err(prog, retval, "while closing replay cache '%s:%s'", rtype, rname); } @@ -301,15 +301,15 @@ krb5_keyblock *masterkeyblock; #endif /* set db name if appropriate */ - if (dbname && (retval = krb5_db_set_name(dbname))) + if (dbname && (retval = krb5_db_set_name(kdc_context, dbname))) return(retval); /* initialize database */ - if (retval = krb5_db_init()) + if (retval = krb5_db_init(kdc_context)) return(retval); - if (retval = krb5_db_verify_master_key(masterkeyname, masterkeyblock, - &master_encblock)) { + if (retval = krb5_db_verify_master_key(kdc_context, masterkeyname, + masterkeyblock, &master_encblock)) { master_encblock.crypto_entry = 0; return(retval); } @@ -317,27 +317,27 @@ krb5_keyblock *masterkeyblock; #ifdef KRB4 /* get the master key, to extract the master key version number */ nprincs = 1; - if (retval = krb5_db_get_principal(masterkeyname, + if (retval = krb5_db_get_principal(kdc_context, masterkeyname, &server, &nprincs, &more)) { return(retval); } if (nprincs != 1) { if (nprincs) - krb5_db_free_principal(&server, nprincs); + krb5_db_free_principal(kdc_context, &server, nprincs); return(KRB5_KDB_NOMASTERKEY); } else if (more) { - krb5_db_free_principal(&server, nprincs); + krb5_db_free_principal(kdc_context, &server, nprincs); return(KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE); } master_key_version = server.kvno; - krb5_db_free_principal(&server, nprincs); + krb5_db_free_principal(kdc_context, &server, nprincs); #endif /* do any necessary key pre-processing */ - if (retval = krb5_process_key(&master_encblock, masterkeyblock)) { + if (retval = krb5_process_key(kdc_context, &master_encblock, masterkeyblock)) { master_encblock.crypto_entry = 0; - (void) krb5_db_fini(); + (void) krb5_db_fini(kdc_context); return(retval); } @@ -346,40 +346,42 @@ krb5_keyblock *masterkeyblock; /* the master key name here is from the master_princ global, so we can safely share its substructure */ - krb5_princ_set_realm(tgs_server, krb5_princ_realm(masterkeyname)); + krb5_princ_set_realm(kdc_context, tgs_server, + krb5_princ_realm(kdc_context, masterkeyname)); /* tgs_server[0] is init data */ - *krb5_princ_component(tgs_server, 1) = *krb5_princ_realm(masterkeyname); + *krb5_princ_component(kdc_context, tgs_server, 1) = + *krb5_princ_realm(kdc_context, masterkeyname); nprincs = 1; - if (retval = krb5_db_get_principal(tgs_server, + if (retval = krb5_db_get_principal(kdc_context, tgs_server, &server, &nprincs, &more)) { return(retval); } if (more) { - krb5_db_free_principal(&server, nprincs); - (void) krb5_finish_key(&master_encblock); + krb5_db_free_principal(kdc_context, &server, nprincs); + (void) krb5_finish_key(kdc_context, &master_encblock); memset((char *)&master_encblock, 0, sizeof(master_encblock)); - (void) krb5_db_fini(); + (void) krb5_db_fini(kdc_context ); return(KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE); } else if (nprincs != 1) { - krb5_db_free_principal(&server, nprincs); - (void) krb5_finish_key(&master_encblock); + krb5_db_free_principal(kdc_context, &server, nprincs); + (void) krb5_finish_key(kdc_context, &master_encblock); memset((char *)&master_encblock, 0, sizeof(master_encblock)); - (void) krb5_db_fini(); + (void) krb5_db_fini(kdc_context ); return(KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN); } /* convert server.key into a real key (it may be encrypted in the database) */ - if (retval = KDB_CONVERT_KEY_OUTOF_DB(&server.key, &tgs_key)) { - krb5_db_free_principal(&server, nprincs); - (void) krb5_finish_key(&master_encblock); + if (retval = KDB_CONVERT_KEY_OUTOF_DB(kdc_context, &server.key, &tgs_key)) { + krb5_db_free_principal(kdc_context, &server, nprincs); + (void) krb5_finish_key(kdc_context, &master_encblock); memset((char *)&master_encblock, 0, sizeof(master_encblock)); - (void) krb5_db_fini(); + (void) krb5_db_fini(kdc_context ); return retval; } tgs_kvno = server.kvno; - krb5_db_free_principal(&server, nprincs); + krb5_db_free_principal(kdc_context, &server, nprincs); return 0; } @@ -389,7 +391,7 @@ closedown_db() krb5_error_code retval; /* clean up master key stuff */ - retval = krb5_finish_key(&master_encblock); + retval = krb5_finish_key(kdc_context, &master_encblock); memset((char *)&master_encblock, 0, sizeof(master_encblock)); @@ -397,10 +399,10 @@ closedown_db() /* close database */ if (retval) { - (void) krb5_db_fini(); + (void) krb5_db_fini(kdc_context ); return retval; } else - return (krb5_db_fini()); + return (krb5_db_fini(kdc_context)); } /* @@ -429,6 +431,8 @@ closedown_db() exit */ +krb5_context kdc_context; + main(argc, argv) int argc; char *argv[]; diff --git a/src/kdc/network.c b/src/kdc/network.c index 8354fa0c93..ed5f2820f8 100644 --- a/src/kdc/network.c +++ b/src/kdc/network.c @@ -160,18 +160,18 @@ void process_packet(port_fd, prog, is_secondary) cc = sendto(port_fd, response->data, response->length, 0, (struct sockaddr *)&saddr, saddr_len); if (cc == -1) { - krb5_free_data(response); + krb5_free_data(kdc_context, response); com_err(prog, errno, "while sending reply to %s/%d", inet_ntoa(saddr.sin_addr), ntohs(saddr.sin_port)); return; } if (cc != response->length) { - krb5_free_data(response); + krb5_free_data(kdc_context, response); com_err(prog, 0, "short reply write %d vs %d\n", response->length, cc); return; } - krb5_free_data(response); + krb5_free_data(kdc_context, response); return; } diff --git a/src/kdc/replay.c b/src/kdc/replay.c index b8a22ebcb9..922ff61203 100644 --- a/src/kdc/replay.c +++ b/src/kdc/replay.c @@ -31,6 +31,7 @@ #include <krb5/los-proto.h> #include <krb5/kdb.h> #include "kdc_util.h" +#include "extern.h" typedef struct _krb5_kdc_replay_ent { struct _krb5_kdc_replay_ent *next; @@ -68,7 +69,7 @@ register krb5_data **outpkt; krb5_int32 timenow; register krb5_kdc_replay_ent *eptr, *last, *hold; - if (krb5_timeofday(&timenow)) + if (krb5_timeofday(kdc_context, &timenow)) return FALSE; calls++; @@ -84,7 +85,7 @@ register krb5_data **outpkt; eptr->num_hits++; hits++; - if (krb5_copy_data(eptr->reply_packet, outpkt)) + if (krb5_copy_data(kdc_context, eptr->reply_packet, outpkt)) return FALSE; else return TRUE; @@ -94,8 +95,8 @@ register krb5_data **outpkt; if (STALE(eptr)) { /* flush it and collect stats */ max_hits_per_entry = max(max_hits_per_entry, eptr->num_hits); - krb5_free_data(eptr->req_packet); - krb5_free_data(eptr->reply_packet); + krb5_free_data(kdc_context, eptr->req_packet); + krb5_free_data(kdc_context, eptr->reply_packet); hold = eptr; last->next = eptr->next; eptr = last; @@ -120,7 +121,7 @@ register krb5_data *outpkt; register krb5_kdc_replay_ent *eptr; krb5_int32 timenow; - if (krb5_timeofday(&timenow)) + if (krb5_timeofday(kdc_context, &timenow)) return; /* this is a new entry */ @@ -128,12 +129,12 @@ register krb5_data *outpkt; if (!eptr) return; eptr->timein = timenow; - if (krb5_copy_data(inpkt, &eptr->req_packet)) { + if (krb5_copy_data(kdc_context, inpkt, &eptr->req_packet)) { krb5_xfree(eptr); return; } - if (krb5_copy_data(outpkt, &eptr->reply_packet)) { - krb5_free_data(eptr->req_packet); + if (krb5_copy_data(kdc_context, outpkt, &eptr->reply_packet)) { + krb5_free_data(kdc_context, eptr->req_packet); krb5_xfree(eptr); return; } diff --git a/src/slave/ChangeLog b/src/slave/ChangeLog index ab93b48827..7805dd7858 100644 --- a/src/slave/ChangeLog +++ b/src/slave/ChangeLog @@ -1,3 +1,7 @@ +Fri Jan 13 15:23:47 1995 Chris Provenzano (proven@mit.edu) + + * Added krb5_context to all krb5_routines + Thu Nov 17 18:31:18 1994 Mark Eichin (eichin@cygnus.com) * kprop.c: Use NPROTOTYPE for declarations. diff --git a/src/slave/kprop.c b/src/slave/kprop.c index 0a17b7d3a0..7b1bcbfaac 100644 --- a/src/slave/kprop.c +++ b/src/slave/kprop.c @@ -72,16 +72,26 @@ krb5_int32 his_seq_num; /* Remote sequence number */ krb5_address sender_addr; krb5_address receiver_addr; -void PRS(); -void get_tickets(); -static void usage NPROTOTYPE((void)); -krb5_error_code open_connection NPROTOTYPE((char *, int *, char *)); -void kerberos_authenticate NPROTOTYPE((int, krb5_principal)); -int open_database NPROTOTYPE((char *, int *)); -void close_database NPROTOTYPE((int)); -void xmit_database NPROTOTYPE((int, int, int)); -void send_error NPROTOTYPE((int, char *, krb5_error_code)); -void update_last_prop_file NPROTOTYPE((char *, char *)); +void PRS + PROTOTYPE((krb5_context, char **)); +void get_tickets + PROTOTYPE((krb5_context)); +static void usage + PROTOTYPE((void)); +krb5_error_code open_connection + PROTOTYPE((char *, int *, char *)); +void kerberos_authenticate + PROTOTYPE((krb5_context, int, krb5_principal)); +int open_database + PROTOTYPE((krb5_context, char *, int *)); +void close_database + PROTOTYPE((krb5_context, int)); +void xmit_database + PROTOTYPE((krb5_context, int, int, int)); +void send_error + PROTOTYPE((krb5_context, int, char *, krb5_error_code)); +void update_last_prop_file + PROTOTYPE((char *, char *)); static void usage() { @@ -97,12 +107,13 @@ main(argc, argv) { int fd, database_fd, database_size; krb5_error_code retval; + krb5_context context; char Errmsg[256]; - PRS(argv); - get_tickets(); + PRS(context, argv); + get_tickets(context); - database_fd = open_database(file, &database_size); + database_fd = open_database(context, file, &database_size); if (retval = open_connection(slave_host, &fd, Errmsg)) { com_err(progname, retval, "%s while opening connection to %s", Errmsg, slave_host); @@ -113,24 +124,26 @@ main(argc, argv) progname, Errmsg, slave_host); exit(1); } - kerberos_authenticate(fd, my_principal); + kerberos_authenticate(context, fd, my_principal); if (debug) { printf("My sequence number: %d\n", my_seq_num); printf("His sequence number: %d\n", his_seq_num); } - xmit_database(fd, database_fd, database_size); + xmit_database(context, fd, database_fd, database_size); update_last_prop_file(slave_host, file); printf("Database propagation to %s: SUCCEEDED\n", slave_host); - close_database(database_fd); + close_database(context, database_fd); exit(0); } -void PRS(argv) +void PRS(context, argv) + krb5_context context; char **argv; { register char *word, ch; - krb5_init_ets(); + krb5_init_context(&context); + krb5_init_ets(context); progname = *argv++; while (word = *argv++) { if (*word == '-') { @@ -174,7 +187,8 @@ void PRS(argv) usage(); } -void get_tickets() +void get_tickets(context) + krb5_context context; { char my_host_name[MAXHOSTNAMELEN]; char buf[BUFSIZ]; @@ -203,7 +217,7 @@ void get_tickets() sprintf(buf, "host/%s@%s", hp->h_name, realm); else sprintf(buf, "host/%s", hp->h_name); - if (retval = krb5_parse_name(buf, &my_principal)) { + if (retval = krb5_parse_name(context, buf, &my_principal)) { com_err (progname, retval, "when parsing name %s",buf); exit(1); } @@ -213,12 +227,12 @@ void get_tickets() */ (void) mktemp(tkstring); sprintf(buf, "FILE:%s", tkstring); - if (retval = krb5_cc_resolve(buf, &ccache)) { + if (retval = krb5_cc_resolve(context, buf, &ccache)) { com_err(progname, retval, "while opening crednetials cache %s", buf); exit(1); } - if (retval = krb5_cc_initialize(ccache, my_principal)) { + if (retval = krb5_cc_initialize(context, ccache, my_principal)) { com_err (progname, retval, "when initializing cache %s", buf); exit(1); @@ -249,7 +263,7 @@ void get_tickets() realm); else sprintf(buf, "%s/%s", KPROP_SERVICE_NAME, hp->h_name); - if (retval = krb5_parse_name(buf, &my_creds.server)) { + if (retval = krb5_parse_name(context, buf, &my_creds.server)) { com_err(progname, retval, "while parsing slave principal name"); exit(1); @@ -257,7 +271,7 @@ void get_tickets() /* * Now fill in the client.... */ - if (retval = krb5_copy_principal(my_principal, &my_creds.client)) { + if (retval = krb5_copy_principal(context, my_principal, &my_creds.client)) { com_err(progname, retval, "While copying client principal"); exit(1); } @@ -270,7 +284,7 @@ void get_tickets() "when getting my address"); exit(1); } - retval = krb5_get_in_tkt_with_skey(0, my_addresses, + retval = krb5_get_in_tkt_with_skey(context, 0, my_addresses, 0, ETYPE_DES_CBC_CRC, 0, ccache, &my_creds, 0); @@ -282,7 +296,7 @@ void get_tickets() * Now destroy the cache right away --- the credentials we * need will be in my_creds. */ - if (retval = krb5_cc_destroy(ccache)) { + if (retval = krb5_cc_destroy(context, ccache)) { com_err(progname, retval, "while destroying ticket cache"); exit(1); } @@ -358,15 +372,16 @@ open_connection(host, fd, Errmsg) } -void kerberos_authenticate(fd, me) - int fd; - krb5_principal me; +void kerberos_authenticate(context, fd, me) + krb5_context context; + int fd; + krb5_principal me; { krb5_error_code retval; krb5_error *error = NULL; krb5_ap_rep_enc_part *rep_result; - if (retval = krb5_sendauth((void *)&fd, kprop_version, me, + if (retval = krb5_sendauth(context, (void *)&fd, kprop_version, me, my_creds.server, AP_OPTS_MUTUAL_REQUIRED, NULL, &my_creds, NULL, &my_seq_num, NULL, &error, &rep_result)) { @@ -386,12 +401,12 @@ void kerberos_authenticate(fd, me) "Error text from server: %s\n", error->text.data); } - krb5_free_error(error); + krb5_free_error(context, error); } exit(1); } his_seq_num = rep_result->seq_number; - krb5_free_ap_rep_enc_part(rep_result); + krb5_free_ap_rep_enc_part(context, rep_result); } FILE * dbfp; @@ -405,9 +420,10 @@ char * dbpathname; * in the size of the database file. */ int -open_database(data_fn, size) - char *data_fn; - int *size; +open_database(context, data_fn, size) + krb5_context context; + char *data_fn; + int *size; { int fd; int err; @@ -427,7 +443,7 @@ open_database(data_fn, size) exit(1); } - err = krb5_lock_file(dbfp, dbpathname, + err = krb5_lock_file(context, dbfp, dbpathname, KRB5_LOCKMODE_SHARED|KRB5_LOCKMODE_DONTBLOCK); if (err == EAGAIN || err == EWOULDBLOCK || errno == EACCES) { com_err(progname, 0, "database locked"); @@ -465,7 +481,8 @@ open_database(data_fn, size) } void -close_database(fd) +close_database(context, fd) + krb5_context context; int fd; { int err; @@ -473,7 +490,7 @@ close_database(fd) com_err(progname, 0, "bad fd passed to close_database"); exit(1); } - err = krb5_lock_file(dbfp, dbpathname, KRB5_LOCKMODE_UNLOCK); + err = krb5_lock_file(context, dbfp, dbpathname, KRB5_LOCKMODE_UNLOCK); if (err) com_err(progname, err, "while unlocking database '%s'", dbpathname); free(dbpathname); @@ -491,10 +508,11 @@ close_database(fd) * will abort the entire operation. */ void -xmit_database(fd, database_fd, database_size) - int fd; - int database_fd; - int database_size; +xmit_database(context, fd, database_fd, database_size) + krb5_context context; + int fd; + int database_fd; + int database_size; { int send_size, sent_size, n, eblock_size; krb5_data inbuf, outbuf; @@ -509,7 +527,7 @@ xmit_database(fd, database_fd, database_size) send_size = htonl(database_size); inbuf.data = (char *) &send_size; inbuf.length = sizeof(send_size); /* must be 4, really */ - if (retval = krb5_mk_safe(&inbuf, KPROP_CKSUMTYPE, + if (retval = krb5_mk_safe(context, &inbuf, KPROP_CKSUMTYPE, &my_creds.keyblock, &sender_addr, &receiver_addr, my_seq_num++, @@ -517,10 +535,10 @@ xmit_database(fd, database_fd, database_size) 0, /* no rcache when NOTIME */ &outbuf)) { com_err(progname, retval, "while encoding database size"); - send_error(fd, "while encoding database size", retval); + send_error(context, fd, "while encoding database size", retval); exit(1); } - if (retval = krb5_write_message((void *) &fd, &outbuf)) { + if (retval = krb5_write_message(context, (void *) &fd, &outbuf)) { krb5_xfree(outbuf.data); com_err(progname, retval, "while sending database size"); exit(1); @@ -533,8 +551,8 @@ xmit_database(fd, database_fd, database_size) system->block_length; if (!(i_vector=malloc(eblock_size))) { com_err(progname, ENOMEM, "while allocating i_vector"); - send_error(fd, "malloc failed while allocating i_vector", - ENOMEM); + send_error(context, fd, + "malloc failed while allocating i_vector", ENOMEM); exit(1); } memset(i_vector, 0, eblock_size); @@ -545,7 +563,7 @@ xmit_database(fd, database_fd, database_size) sent_size = 0; while (n = read(database_fd, buf, sizeof(buf))) { inbuf.length = n; - if (retval = krb5_mk_priv(&inbuf, ETYPE_DES_CBC_CRC, + if (retval = krb5_mk_priv(context, &inbuf, ETYPE_DES_CBC_CRC, &my_creds.keyblock, &sender_addr, &receiver_addr, @@ -558,10 +576,10 @@ xmit_database(fd, database_fd, database_size) "while encoding database block starting at %d", sent_size); com_err(progname, retval, buf); - send_error(fd, buf, retval); + send_error(context, fd, buf, retval); exit(1); } - if (retval = krb5_write_message((void *) &fd, &outbuf)) { + if (retval = krb5_write_message(context, (void *)&fd,&outbuf)) { krb5_xfree(outbuf.data); com_err(progname, retval, "while sending database block starting at %d", @@ -575,7 +593,7 @@ xmit_database(fd, database_fd, database_size) } if (sent_size != database_size) { com_err(progname, 0, "Premature EOF found for database file!"); - send_error(fd, "Premature EOF found for database file!", + send_error(context, fd,"Premature EOF found for database file!", KRB5KRB_ERR_GENERIC); exit(1); } @@ -583,7 +601,7 @@ xmit_database(fd, database_fd, database_size) * OK, we've sent the database; now let's wait for a success * indication from the remote end. */ - if (retval = krb5_read_message((void *) &fd, &inbuf)) { + if (retval = krb5_read_message(context, (void *) &fd, &inbuf)) { com_err(progname, retval, "while reading response from server"); exit(1); @@ -593,7 +611,7 @@ xmit_database(fd, database_fd, database_size) * the error message */ if (krb5_is_krb_error(&inbuf)) { - if (retval = krb5_rd_error(&inbuf, &error)) { + if (retval = krb5_rd_error(context, &inbuf, &error)) { com_err(progname, retval, "while decoding error response from server"); exit(1); @@ -611,11 +629,11 @@ xmit_database(fd, database_fd, database_size) "Error text from server: %s\n", error->text.data); } - krb5_free_error(error); + krb5_free_error(context, error); exit(1); } - if (retval = krb5_rd_safe(&inbuf, &my_creds.keyblock, &receiver_addr, - &sender_addr, his_seq_num++, + if (retval = krb5_rd_safe(context, &inbuf, &my_creds.keyblock, + &receiver_addr, &sender_addr, his_seq_num++, KRB5_SAFE_DOSEQUENCE|KRB5_SAFE_NOTIME, 0, &outbuf)) { com_err(progname, retval, @@ -635,17 +653,18 @@ xmit_database(fd, database_fd, database_size) } void -send_error(fd, err_text, err_code) - int fd; - char *err_text; - krb5_error_code err_code; +send_error(context, fd, err_text, err_code) + krb5_context context; + int fd; + char *err_text; + krb5_error_code err_code; { krb5_error error; const char *text; krb5_data outbuf; memset((char *)&error, 0, sizeof(error)); - krb5_us_timeofday(&error.ctime, &error.cusec); + krb5_us_timeofday(context, &error.ctime, &error.cusec); error.server = my_creds.server; error.client = my_principal; error.error = err_code - ERROR_TABLE_BASE_krb5; @@ -658,8 +677,8 @@ send_error(fd, err_text, err_code) error.text.length = strlen(text) + 1; if (error.text.data = malloc(error.text.length)) { strcpy(error.text.data, text); - if (!krb5_mk_error(&error, &outbuf)) { - (void) krb5_write_message((void *) &fd, &outbuf); + if (!krb5_mk_error(context, &error, &outbuf)) { + (void) krb5_write_message(context, (void *)&fd,&outbuf); krb5_xfree(outbuf.data); } free(error.text.data); diff --git a/src/slave/kpropd.c b/src/slave/kpropd.c index d9b23285cf..646b65e090 100644 --- a/src/slave/kpropd.c +++ b/src/slave/kpropd.c @@ -77,6 +77,7 @@ krb5_principal client; /* This is who we're talking to */ krb5_keyblock *session_key; /* Here is the session key */ krb5_address **server_addrs; krb5_pointer kerb_keytab = 0; /* Use default */ +krb5_context kpropd_context; char *realm = NULL; /* Our realm */ char *file = KPROPD_DEFAULT_FILE; char *temp_file_name; @@ -89,15 +90,36 @@ krb5_int32 his_seq_num; /* The remote's sequence number */ krb5_address sender_addr; krb5_address receiver_addr; -void PRS(); -void do_standalone(); -void doit(); -void kerberos_authenticate(); -krb5_boolean authorized_principal(); -void recv_database(); -void load_database(); -void send_error(); -void recv_error(); +void PRS + PROTOTYPE((char**)); +void do_standalone + PROTOTYPE((void)); +void doit + PROTOTYPE((int)); +void kerberos_authenticate + PROTOTYPE((krb5_context, + int, + krb5_principal *, + struct sockaddr_in)); +krb5_boolean authorized_principal + PROTOTYPE((krb5_context, + krb5_principal)); +void recv_database + PROTOTYPE((krb5_context, + int, + int)); +void load_database + PROTOTYPE((krb5_context, + char *, + char *)); +void send_error + PROTOTYPE((krb5_context, + int, + krb5_error_code, + char *)); +void recv_error + PROTOTYPE((krb5_context, + krb5_data *)); static void usage() { @@ -221,11 +243,11 @@ void doit(fd) /* * Now do the authentication */ - kerberos_authenticate(fd, &client, from); - if (!authorized_principal(client)) { + kerberos_authenticate(kpropd_context, fd, &client, from); + if (!authorized_principal(kpropd_context, client)) { char *name; - if (retval = krb5_unparse_name(client, &name)) { + if (retval = krb5_unparse_name(kpropd_context, client, &name)) { com_err(progname, retval, "While unparsing client name"); exit(1); @@ -243,7 +265,7 @@ void doit(fd) omask = umask(077); lock_fp = fopen(temp_file_name, "a"); (void) umask(omask); - retval = krb5_lock_file(lock_fp, temp_file_name, + retval = krb5_lock_file(kpropd_context, lock_fp, temp_file_name, KRB5_LOCKMODE_EXCLUSIVE|KRB5_LOCKMODE_DONTBLOCK); if (retval) { com_err(progname, retval, "while trying to lock '%s'", @@ -257,7 +279,7 @@ void doit(fd) temp_file_name); exit(1); } - recv_database(fd, database_fd); + recv_database(kpropd_context, fd, database_fd); if (close(fd) < 0) { com_err(progname, errno, "while trying to close database file"); @@ -268,8 +290,9 @@ void doit(fd) temp_file_name, file); exit(1); } - load_database(kdb5_edit, file); - retval = krb5_lock_file(lock_fp, temp_file_name, KRB5_LOCKMODE_UNLOCK); + load_database(kpropd_context, kdb5_edit, file); + retval = krb5_lock_file(kpropd_context, lock_fp, temp_file_name, + KRB5_LOCKMODE_UNLOCK); if (retval) { com_err(progname, retval, "while unlocking '%s'", temp_file_name); exit(1); @@ -304,7 +327,8 @@ void PRS(argv) krb5_error_code retval; static const char tmp[] = ".temp"; - krb5_init_ets(); + krb5_init_context(&kpropd_context); + krb5_init_ets(kpropd_context); progname = *argv++; while (word = *argv++) { @@ -398,7 +422,7 @@ void PRS(argv) realm); else sprintf(buf, "%s/%s", KPROP_SERVICE_NAME, hp->h_name); - if (retval = krb5_parse_name(buf, &server)) { + if (retval = krb5_parse_name(kpropd_context, buf, &server)) { com_err(progname, retval, "While trying to parse %s for service name"); exit(1); @@ -425,10 +449,11 @@ void PRS(argv) * Figure out who's calling on the other end of the connection.... */ void -kerberos_authenticate(fd, clientp, sin) - int fd; - krb5_principal *clientp; - struct sockaddr_in sin; +kerberos_authenticate(context, fd, clientp, sin) + krb5_context context; + int fd; + krb5_principal *clientp; + struct sockaddr_in sin; { krb5_error_code retval; krb5_ticket *ticket; @@ -459,7 +484,7 @@ kerberos_authenticate(fd, clientp, sin) if (debug) { char *name; - if (retval = krb5_unparse_name(server, &name)) { + if (retval = krb5_unparse_name(context, server, &name)) { com_err(progname, retval, "While unparsing client name"); exit(1); @@ -469,7 +494,7 @@ kerberos_authenticate(fd, clientp, sin) free(name); } - if (retval = krb5_recvauth((void *) &fd, kprop_version, server, + if (retval = krb5_recvauth(context, (void *) &fd, kprop_version, server, &sender_addr, kerb_keytab, NULL, NULL, "dfl", 0, &my_seq_num, clientp, &ticket, &authent)) { @@ -480,7 +505,7 @@ kerberos_authenticate(fd, clientp, sin) if (debug) { char *name; - if (retval = krb5_unparse_name(*clientp, &name)) { + if (retval = krb5_unparse_name(context, *clientp, &name)) { com_err(progname, retval, "While unparsing client name"); exit(1); @@ -489,14 +514,15 @@ kerberos_authenticate(fd, clientp, sin) free(name); } his_seq_num = authent->seq_number; - krb5_copy_keyblock(ticket->enc_part2->session, &session_key); - krb5_free_ticket(ticket); - krb5_free_authenticator(authent); + krb5_copy_keyblock(context, ticket->enc_part2->session, &session_key); + krb5_free_ticket(context, ticket); + krb5_free_authenticator(context, authent); } krb5_boolean -authorized_principal(p) - krb5_principal p; +authorized_principal(context, p) + krb5_context context; + krb5_principal p; { char *name; char buf[1024]; @@ -504,7 +530,7 @@ authorized_principal(p) FILE *acl_file; int end; - retval = krb5_unparse_name(p, &name); + retval = krb5_unparse_name(context, p, &name); if (retval) return FALSE; @@ -530,9 +556,10 @@ authorized_principal(p) } void -recv_database(fd, database_fd) - int fd; - int database_fd; +recv_database(context, fd, database_fd) + krb5_context context; + int fd; + int database_fd; { int database_size; int received_size, n; @@ -545,19 +572,19 @@ recv_database(fd, database_fd) /* * Receive and decode size from client */ - if (retval = krb5_read_message((void *) &fd, &inbuf)) { - send_error(fd, retval, "while reading database size"); + if (retval = krb5_read_message(context, (void *) &fd, &inbuf)) { + send_error(context, fd, retval, "while reading database size"); com_err(progname, retval, "while reading size of database from client"); exit(1); } if (krb5_is_krb_error(&inbuf)) - recv_error(&inbuf); - if (retval = krb5_rd_safe(&inbuf, session_key, &sender_addr, + recv_error(context, &inbuf); + if (retval = krb5_rd_safe(context, &inbuf, session_key, &sender_addr, &receiver_addr, his_seq_num++, KRB5_SAFE_DOSEQUENCE|KRB5_SAFE_NOTIME, 0, &outbuf)) { - send_error(fd, retval, "while decoding database size"); + send_error(context, fd, retval, "while decoding database size"); krb5_xfree(inbuf.data); com_err(progname, retval, "while decoding database size from client"); @@ -574,7 +601,7 @@ recv_database(fd, database_fd) system->block_length; if (!(i_vector=malloc(eblock_size))) { com_err(progname, ENOMEM, "while allocating i_vector"); - send_error(fd, ENOMEM, + send_error(context, fd, ENOMEM, "malloc failed while allocating i_vector"); exit(1); } @@ -584,17 +611,17 @@ recv_database(fd, database_fd) */ received_size = 0; while (received_size < database_size) { - if (retval = krb5_read_message((void *) &fd, &inbuf)) { + if (retval = krb5_read_message(context, (void *) &fd, &inbuf)) { sprintf(buf, "while reading database block starting at offset %d", received_size); com_err(progname, retval, buf); - send_error(fd, retval, buf); + send_error(context, fd, retval, buf); exit(1); } if (krb5_is_krb_error(&inbuf)) - recv_error(&inbuf); - if (retval = krb5_rd_priv(&inbuf, session_key, + recv_error(context, &inbuf); + if (retval = krb5_rd_priv(context, &inbuf, session_key, &sender_addr, &receiver_addr, his_seq_num++, KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME, @@ -603,7 +630,7 @@ recv_database(fd, database_fd) "while decoding database block starting at offset %d", received_size); com_err(progname, retval, buf); - send_error(fd, retval, buf); + send_error(context, fd, retval, buf); krb5_xfree(inbuf.data); exit(1); } @@ -614,12 +641,12 @@ recv_database(fd, database_fd) sprintf(buf, "while writing database block starting at offset %d", received_size); - send_error(fd, errno, buf); + send_error(context, fd, errno, buf); } else if (n != outbuf.length) { sprintf(buf, "incomplete write while writing database block starting at \noffset %d (%d written, %d expected)", received_size, n, outbuf.length); - send_error(fd, KRB5KRB_ERR_GENERIC, buf); + send_error(context, fd, KRB5KRB_ERR_GENERIC, buf); } received_size += outbuf.length; } @@ -630,7 +657,7 @@ recv_database(fd, database_fd) sprintf(buf, "Received %d bytes, expected %d bytes for database file", received_size, database_size); - send_error(fd, KRB5KRB_ERR_GENERIC, buf); + send_error(context, fd, KRB5KRB_ERR_GENERIC, buf); } /* * Send over acknowledgement of number of bytes receieved. @@ -638,7 +665,7 @@ recv_database(fd, database_fd) database_size = htonl(database_size); inbuf.data = (char *) &database_size; inbuf.length = sizeof(database_size); - if (retval = krb5_mk_safe(&inbuf, KPROP_CKSUMTYPE, + if (retval = krb5_mk_safe(context, &inbuf, KPROP_CKSUMTYPE, session_key, /* Note these are reversed because */ /* we are sending, not receiving! */ @@ -649,11 +676,11 @@ recv_database(fd, database_fd) &outbuf)) { com_err(progname, retval, "while encoding # of receieved bytes"); - send_error(fd, retval, + send_error(context, fd, retval, "while encoding # of received bytes"); exit(1); } - if (retval = krb5_write_message((void *) &fd, &outbuf)) { + if (retval = krb5_write_message(context, (void *) &fd, &outbuf)) { krb5_xfree(outbuf.data); com_err(progname, retval, "while sending # of receeived bytes"); @@ -664,10 +691,11 @@ recv_database(fd, database_fd) void -send_error(fd, err_code, err_text) - int fd; - char *err_text; - krb5_error_code err_code; +send_error(context, fd, err_code, err_text) + krb5_context context; + int fd; + krb5_error_code err_code; + char *err_text; { krb5_error error; const char *text; @@ -675,7 +703,7 @@ send_error(fd, err_code, err_text) char buf[1024]; memset((char *)&error, 0, sizeof(error)); - krb5_us_timeofday(&error.stime, &error.susec); + krb5_us_timeofday(context, &error.stime, &error.susec); error.server = server; error.client = client; @@ -696,8 +724,8 @@ send_error(fd, err_code, err_text) error.text.length = strlen(text) + 1; if (error.text.data = malloc(error.text.length)) { strcpy(error.text.data, text); - if (!krb5_mk_error(&error, &outbuf)) { - (void) krb5_write_message((void *) &fd, &outbuf); + if (!krb5_mk_error(context, &error, &outbuf)) { + (void) krb5_write_message(context, (void *)&fd,&outbuf); krb5_xfree(outbuf.data); } free(error.text.data); @@ -705,13 +733,14 @@ send_error(fd, err_code, err_text) } void -recv_error(inbuf) - krb5_data *inbuf; +recv_error(context, inbuf) + krb5_context context; + krb5_data *inbuf; { krb5_error *error; krb5_error_code retval; - if (retval = krb5_rd_error(inbuf, &error)) { + if (retval = krb5_rd_error(context, inbuf, &error)) { com_err(progname, retval, "while decoding error packet from client"); exit(1); @@ -729,14 +758,15 @@ recv_error(inbuf) "Error text from client: %s\n", error->text.data); } - krb5_free_error(error); + krb5_free_error(context, error); exit(1); } void -load_database(kdb5_edit, database_file_name) - char *kdb5_edit; - char *database_file_name; +load_database(context, kdb5_edit, database_file_name) + krb5_context context; + char *kdb5_edit; + char *database_file_name; { static char *edit_av[4]; int error_ret, save_stderr; diff --git a/src/tests/asn.1/ChangeLog b/src/tests/asn.1/ChangeLog index f6d0099155..de99565492 100644 --- a/src/tests/asn.1/ChangeLog +++ b/src/tests/asn.1/ChangeLog @@ -1,3 +1,7 @@ +Fri Jan 13 15:23:47 1995 Chris Provenzano (proven@mit.edu) + + * Added krb5_context to all krb5_routines + Fri Nov 18 16:29:01 1994 Theodore Y. Ts'o (tytso@dcl) * ktest.c (ktest_make_sample_keybloc): Add magic numbers for diff --git a/src/tests/asn.1/krb5_decode_test.c b/src/tests/asn.1/krb5_decode_test.c index 8383f11abc..c56dc8e7bb 100644 --- a/src/tests/asn.1/krb5_decode_test.c +++ b/src/tests/asn.1/krb5_decode_test.c @@ -8,6 +8,7 @@ #include "debug.h" #include <string.h> +krb5_context test_context; int error_count = 0; void main() @@ -15,7 +16,8 @@ void main() krb5_data code; krb5_error_code retval; - krb5_init_ets(); + krb5_init_context(&test_context); + krb5_init_ets(test_context); #define setup(type,typestring,constructor)\ type ref, *var;\ diff --git a/src/tests/asn.1/krb5_encode_test.c b/src/tests/asn.1/krb5_encode_test.c index 1dc9bea3c0..c821aa338a 100644 --- a/src/tests/asn.1/krb5_encode_test.c +++ b/src/tests/asn.1/krb5_encode_test.c @@ -9,6 +9,7 @@ #include "debug.h" +krb5_context test_context; int error_count = 0; int do_trval = 0; @@ -85,7 +86,8 @@ void main(argc, argv) PRS(argc, argv); - krb5_init_ets(); + krb5_init_context(&test_context); + krb5_init_ets(test_context); #define setup(value,type,typestring,constructor)\ retval = constructor(&(value));\ diff --git a/src/tests/asn.1/ktest.c b/src/tests/asn.1/ktest.c index b4e9dac098..b3a1c53632 100644 --- a/src/tests/asn.1/ktest.c +++ b/src/tests/asn.1/ktest.c @@ -2,8 +2,8 @@ #include "utility.h" #include <stdlib.h> -krb5_error_code ktest_make_sample_authenticator(DECLARG(krb5_authenticator *, a)) - OLDDECLARG(krb5_authenticator *, a) +krb5_error_code ktest_make_sample_authenticator(a) + krb5_authenticator * a; { krb5_error_code retval; @@ -26,8 +26,8 @@ krb5_error_code ktest_make_sample_authenticator(DECLARG(krb5_authenticator *, a) return 0; } -krb5_error_code ktest_make_sample_principal(DECLARG(krb5_principal *, p)) - OLDDECLARG(krb5_principal *, p) +krb5_error_code ktest_make_sample_principal(p) + krb5_principal * p; { krb5_error_code retval; @@ -49,8 +49,8 @@ krb5_error_code ktest_make_sample_principal(DECLARG(krb5_principal *, p)) return 0; } -krb5_error_code ktest_make_sample_checksum(DECLARG(krb5_checksum *, cs)) - OLDDECLARG(krb5_checksum *, cs) +krb5_error_code ktest_make_sample_checksum(cs) + krb5_checksum * cs; { cs->checksum_type = 1; cs->length = 4; @@ -61,8 +61,8 @@ krb5_error_code ktest_make_sample_checksum(DECLARG(krb5_checksum *, cs)) return 0; } -krb5_error_code ktest_make_sample_keyblock(DECLARG(krb5_keyblock *, kb)) - OLDDECLARG(krb5_keyblock *, kb) +krb5_error_code ktest_make_sample_keyblock(kb) + krb5_keyblock * kb; { kb->magic = KV5M_KEYBLOCK; kb->etype = ETYPE_UNKNOWN; @@ -75,8 +75,8 @@ krb5_error_code ktest_make_sample_keyblock(DECLARG(krb5_keyblock *, kb)) return 0; } -krb5_error_code ktest_make_sample_ticket(DECLARG(krb5_ticket *, tkt)) - OLDDECLARG(krb5_ticket *, tkt) +krb5_error_code ktest_make_sample_ticket(tkt) + krb5_ticket * tkt; { krb5_error_code retval; @@ -88,8 +88,8 @@ krb5_error_code ktest_make_sample_ticket(DECLARG(krb5_ticket *, tkt)) return 0; } -krb5_error_code ktest_make_sample_enc_data(DECLARG(krb5_enc_data *, ed)) - OLDDECLARG(krb5_enc_data *, ed) +krb5_error_code ktest_make_sample_enc_data(ed) + krb5_enc_data * ed; { krb5_error_code retval; @@ -101,8 +101,8 @@ krb5_error_code ktest_make_sample_enc_data(DECLARG(krb5_enc_data *, ed)) return 0; } -krb5_error_code ktest_make_sample_enc_tkt_part(DECLARG(krb5_enc_tkt_part *, etp)) - OLDDECLARG(krb5_enc_tkt_part *, etp) +krb5_error_code ktest_make_sample_enc_tkt_part(etp) + krb5_enc_tkt_part * etp; { krb5_error_code retval; @@ -124,8 +124,8 @@ krb5_error_code ktest_make_sample_enc_tkt_part(DECLARG(krb5_enc_tkt_part *, etp) return 0; } -krb5_error_code ktest_make_sample_addresses(DECLARG(krb5_address ***, caddrs)) - OLDDECLARG(krb5_address ***, caddrs) +krb5_error_code ktest_make_sample_addresses(caddrs) + krb5_address *** caddrs; { asn1_error_code retval; int i; @@ -142,8 +142,8 @@ krb5_error_code ktest_make_sample_addresses(DECLARG(krb5_address ***, caddrs)) return 0; } -krb5_error_code ktest_make_sample_authorization_data(DECLARG(krb5_authdata ***, ad)) - OLDDECLARG(krb5_authdata ***, ad) +krb5_error_code ktest_make_sample_authorization_data(ad) + krb5_authdata *** ad; { krb5_error_code retval; int i; @@ -162,16 +162,16 @@ krb5_error_code ktest_make_sample_authorization_data(DECLARG(krb5_authdata ***, return 0; } -krb5_error_code ktest_make_sample_transited(DECLARG(krb5_transited *, t)) - OLDDECLARG(krb5_transited *, t) +krb5_error_code ktest_make_sample_transited(t) + krb5_transited * t; { t->tr_type = 1; return krb5_data_parse(&(t->tr_contents), "EDU,MIT.,ATHENA.,WASHINGTON.EDU,CS."); } -krb5_error_code ktest_make_sample_ticket_times(DECLARG(krb5_ticket_times *, tt)) - OLDDECLARG(krb5_ticket_times *, tt) +krb5_error_code ktest_make_sample_ticket_times(tt) + krb5_ticket_times * tt; { tt->authtime = SAMPLE_TIME; tt->starttime = SAMPLE_TIME; @@ -180,8 +180,8 @@ krb5_error_code ktest_make_sample_ticket_times(DECLARG(krb5_ticket_times *, tt)) return 0; } -krb5_error_code ktest_make_sample_address(DECLARG(krb5_address *, a)) - OLDDECLARG(krb5_address *, a) +krb5_error_code ktest_make_sample_address(a) + krb5_address * a; { a->addrtype = ADDRTYPE_INET; a->length = 4; @@ -195,8 +195,8 @@ krb5_error_code ktest_make_sample_address(DECLARG(krb5_address *, a)) return 0; } -krb5_error_code ktest_make_sample_authdata(DECLARG(krb5_authdata *, ad)) - OLDDECLARG(krb5_authdata *, ad) +krb5_error_code ktest_make_sample_authdata(ad) + krb5_authdata * ad; { ad->ad_type = 1; ad->length = 6; @@ -206,8 +206,8 @@ krb5_error_code ktest_make_sample_authdata(DECLARG(krb5_authdata *, ad)) return 0; } -krb5_error_code ktest_make_sample_enc_kdc_rep_part(DECLARG(krb5_enc_kdc_rep_part *, ekr)) - OLDDECLARG(krb5_enc_kdc_rep_part *, ekr) +krb5_error_code ktest_make_sample_enc_kdc_rep_part(ekr) + krb5_enc_kdc_rep_part * ekr; { krb5_error_code retval; @@ -232,8 +232,8 @@ krb5_error_code ktest_make_sample_enc_kdc_rep_part(DECLARG(krb5_enc_kdc_rep_part return 0; } -krb5_error_code ktest_make_sample_last_req(DECLARG(krb5_last_req_entry ***, lr)) - OLDDECLARG(krb5_last_req_entry ***, lr) +krb5_error_code ktest_make_sample_last_req(lr) + krb5_last_req_entry *** lr; { krb5_error_code retval; int i; @@ -250,8 +250,8 @@ krb5_error_code ktest_make_sample_last_req(DECLARG(krb5_last_req_entry ***, lr)) return 0; } -krb5_error_code ktest_make_sample_last_req_entry(DECLARG(krb5_last_req_entry **, lre)) - OLDDECLARG(krb5_last_req_entry **, lre) +krb5_error_code ktest_make_sample_last_req_entry(lre) + krb5_last_req_entry ** lre; { *lre = (krb5_last_req_entry*)calloc(1,sizeof(krb5_last_req_entry)); if(*lre == NULL) return ENOMEM; @@ -260,8 +260,8 @@ krb5_error_code ktest_make_sample_last_req_entry(DECLARG(krb5_last_req_entry **, return 0; } -krb5_error_code ktest_make_sample_kdc_rep(DECLARG(krb5_kdc_rep *, kdcr)) - OLDDECLARG(krb5_kdc_rep *, kdcr) +krb5_error_code ktest_make_sample_kdc_rep(kdcr) + krb5_kdc_rep * kdcr; { krb5_error_code retval; @@ -280,8 +280,8 @@ krb5_error_code ktest_make_sample_kdc_rep(DECLARG(krb5_kdc_rep *, kdcr)) return 0; } -krb5_error_code ktest_make_sample_pa_data_array(DECLARG(krb5_pa_data ***, pad)) - OLDDECLARG(krb5_pa_data ***, pad) +krb5_error_code ktest_make_sample_pa_data_array(pad) + krb5_pa_data *** pad; { krb5_error_code retval; int i; @@ -300,8 +300,8 @@ krb5_error_code ktest_make_sample_pa_data_array(DECLARG(krb5_pa_data ***, pad)) return 0; } -krb5_error_code ktest_make_sample_pa_data(DECLARG(krb5_pa_data *, pad)) - OLDDECLARG(krb5_pa_data *, pad) +krb5_error_code ktest_make_sample_pa_data(pad) + krb5_pa_data * pad; { pad->pa_type = 13; pad->length = 7; @@ -311,8 +311,8 @@ krb5_error_code ktest_make_sample_pa_data(DECLARG(krb5_pa_data *, pad)) return 0; } -krb5_error_code ktest_make_sample_ap_req(DECLARG(krb5_ap_req *, ar)) - OLDDECLARG(krb5_ap_req *, ar) +krb5_error_code ktest_make_sample_ap_req(ar) + krb5_ap_req * ar; { krb5_error_code retval; ar->ap_options = SAMPLE_FLAGS; @@ -325,14 +325,14 @@ krb5_error_code ktest_make_sample_ap_req(DECLARG(krb5_ap_req *, ar)) return 0; } -krb5_error_code ktest_make_sample_ap_rep(DECLARG(krb5_ap_rep *, ar)) - OLDDECLARG(krb5_ap_rep *, ar) +krb5_error_code ktest_make_sample_ap_rep(ar) + krb5_ap_rep * ar; { return ktest_make_sample_enc_data(&(ar->enc_part)); } -krb5_error_code ktest_make_sample_ap_rep_enc_part(DECLARG(krb5_ap_rep_enc_part *, arep)) - OLDDECLARG(krb5_ap_rep_enc_part *, arep) +krb5_error_code ktest_make_sample_ap_rep_enc_part(arep) + krb5_ap_rep_enc_part * arep; { krb5_error_code retval; @@ -347,8 +347,8 @@ krb5_error_code ktest_make_sample_ap_rep_enc_part(DECLARG(krb5_ap_rep_enc_part * return 0; } -krb5_error_code ktest_make_sample_kdc_req(DECLARG(krb5_kdc_req *, kr)) - OLDDECLARG(krb5_kdc_req *, kr) +krb5_error_code ktest_make_sample_kdc_req(kr) + krb5_kdc_req * kr; { krb5_error_code retval; @@ -379,8 +379,8 @@ krb5_error_code ktest_make_sample_kdc_req(DECLARG(krb5_kdc_req *, kr)) return 0; } -krb5_error_code ktest_make_sample_kdc_req_body(DECLARG(krb5_kdc_req *, krb)) - OLDDECLARG(krb5_kdc_req *, krb) +krb5_error_code ktest_make_sample_kdc_req_body(krb) + krb5_kdc_req * krb; { krb5_error_code retval; @@ -408,8 +408,8 @@ krb5_error_code ktest_make_sample_kdc_req_body(DECLARG(krb5_kdc_req *, krb)) return 0; } -krb5_error_code ktest_make_sample_safe(DECLARG(krb5_safe *, s)) - OLDDECLARG(krb5_safe *, s) +krb5_error_code ktest_make_sample_safe(s) + krb5_safe * s; { krb5_error_code retval; @@ -434,14 +434,14 @@ krb5_error_code ktest_make_sample_safe(DECLARG(krb5_safe *, s)) return 0; } -krb5_error_code ktest_make_sample_priv(DECLARG(krb5_priv *, p)) - OLDDECLARG(krb5_priv *, p) +krb5_error_code ktest_make_sample_priv(p) + krb5_priv * p; { return ktest_make_sample_enc_data(&(p->enc_part)); } -krb5_error_code ktest_make_sample_priv_enc_part(DECLARG(krb5_priv_enc_part *, pep)) - OLDDECLARG(krb5_priv_enc_part *, pep) +krb5_error_code ktest_make_sample_priv_enc_part(pep) + krb5_priv_enc_part * pep; { krb5_error_code retval; retval = ktest_make_sample_data(&(pep->user_data)); @@ -460,8 +460,8 @@ krb5_error_code ktest_make_sample_priv_enc_part(DECLARG(krb5_priv_enc_part *, pe return 0; } -krb5_error_code ktest_make_sample_cred(DECLARG(krb5_cred *, c)) - OLDDECLARG(krb5_cred *, c) +krb5_error_code ktest_make_sample_cred(c) + krb5_cred * c; { krb5_error_code retval; retval = ktest_make_sample_sequence_of_ticket(&(c->tickets)); @@ -471,8 +471,8 @@ krb5_error_code ktest_make_sample_cred(DECLARG(krb5_cred *, c)) return 0; } -krb5_error_code ktest_make_sample_sequence_of_ticket(DECLARG(krb5_ticket ***, sot)) - OLDDECLARG(krb5_ticket ***, sot) +krb5_error_code ktest_make_sample_sequence_of_ticket(sot) + krb5_ticket *** sot; { krb5_error_code retval; int i; @@ -490,8 +490,8 @@ krb5_error_code ktest_make_sample_sequence_of_ticket(DECLARG(krb5_ticket ***, so return 0; } -krb5_error_code ktest_make_sample_cred_enc_part(DECLARG(krb5_cred_enc_part *, cep)) - OLDDECLARG(krb5_cred_enc_part *, cep) +krb5_error_code ktest_make_sample_cred_enc_part(cep) + krb5_cred_enc_part * cep; { krb5_error_code retval; @@ -512,8 +512,8 @@ krb5_error_code ktest_make_sample_cred_enc_part(DECLARG(krb5_cred_enc_part *, ce return 0; } -krb5_error_code ktest_make_sequence_of_cred_info(DECLARG(krb5_cred_info ***, soci)) - OLDDECLARG(krb5_cred_info ***, soci) +krb5_error_code ktest_make_sequence_of_cred_info(soci) + krb5_cred_info *** soci; { krb5_error_code retval; int i; @@ -531,8 +531,8 @@ krb5_error_code ktest_make_sequence_of_cred_info(DECLARG(krb5_cred_info ***, soc return 0; } -krb5_error_code ktest_make_sample_cred_info(DECLARG(krb5_cred_info *, ci)) - OLDDECLARG(krb5_cred_info *, ci) +krb5_error_code ktest_make_sample_cred_info(ci) + krb5_cred_info * ci; { krb5_error_code retval; @@ -555,8 +555,8 @@ krb5_error_code ktest_make_sample_cred_info(DECLARG(krb5_cred_info *, ci)) return 0; } -krb5_error_code ktest_make_sample_error(DECLARG(krb5_error *, kerr)) - OLDDECLARG(krb5_error *, kerr) +krb5_error_code ktest_make_sample_error(kerr) + krb5_error * kerr; { krb5_error_code retval; @@ -577,8 +577,8 @@ krb5_error_code ktest_make_sample_error(DECLARG(krb5_error *, kerr)) return 0; } -krb5_error_code ktest_make_sample_data(DECLARG(krb5_data *, d)) - OLDDECLARG(krb5_data *, d) +krb5_error_code ktest_make_sample_data(d) + krb5_data * d; { d->data = (char*)calloc(8,sizeof(char)); if(d->data == NULL) return ENOMEM; @@ -588,8 +588,8 @@ krb5_error_code ktest_make_sample_data(DECLARG(krb5_data *, d)) return 0; } -krb5_error_code ktest_make_sample_passwd_phrase_element(DECLARG(passwd_phrase_element *, ppe)) - OLDDECLARG(passwd_phrase_element *, ppe) +krb5_error_code ktest_make_sample_passwd_phrase_element(ppe) + passwd_phrase_element * ppe; { krb5_error_code retval; @@ -604,8 +604,8 @@ krb5_error_code ktest_make_sample_passwd_phrase_element(DECLARG(passwd_phrase_el return 0; } -krb5_error_code ktest_make_sample_krb5_pwd_data(DECLARG(krb5_pwd_data *, pd)) - OLDDECLARG(krb5_pwd_data *, pd) +krb5_error_code ktest_make_sample_krb5_pwd_data(pd) + krb5_pwd_data * pd; { krb5_error_code retval; int i; @@ -630,8 +630,8 @@ krb5_error_code ktest_make_sample_krb5_pwd_data(DECLARG(krb5_pwd_data *, pd)) /****************************************************************/ /* destructors */ -void ktest_destroy_data(DECLARG(krb5_data **, d)) - OLDDECLARG(krb5_data **, d) +void ktest_destroy_data(d) + krb5_data ** d; { if(*d != NULL){ if((*d)->data != NULL) free((*d)->data); @@ -640,8 +640,8 @@ void ktest_destroy_data(DECLARG(krb5_data **, d)) } } -void ktest_empty_data(DECLARG(krb5_data *, d)) - OLDDECLARG(krb5_data *, d) +void ktest_empty_data(d) + krb5_data * d; { if(d->data != NULL){ free(d->data); @@ -650,8 +650,8 @@ void ktest_empty_data(DECLARG(krb5_data *, d)) } } -void ktest_destroy_checksum(DECLARG(krb5_checksum **, cs)) - OLDDECLARG(krb5_checksum **, cs) +void ktest_destroy_checksum(cs) + krb5_checksum ** cs; { if(*cs != NULL){ if((*cs)->contents != NULL) free((*cs)->contents); @@ -660,8 +660,8 @@ void ktest_destroy_checksum(DECLARG(krb5_checksum **, cs)) } } -void ktest_destroy_keyblock(DECLARG(krb5_keyblock **, kb)) - OLDDECLARG(krb5_keyblock **, kb) +void ktest_destroy_keyblock(kb) + krb5_keyblock ** kb; { if(*kb != NULL){ if((*kb)->contents != NULL) free((*kb)->contents); @@ -670,8 +670,8 @@ void ktest_destroy_keyblock(DECLARG(krb5_keyblock **, kb)) } } -void ktest_empty_authorization_data(DECLARG(krb5_authdata **, ad)) - OLDDECLARG(krb5_authdata **, ad) +void ktest_empty_authorization_data(ad) + krb5_authdata ** ad; { int i; @@ -679,16 +679,16 @@ void ktest_empty_authorization_data(DECLARG(krb5_authdata **, ad)) ktest_destroy_authdata(&(ad[i])); } -void ktest_destroy_authorization_data(DECLARG(krb5_authdata ***, ad)) - OLDDECLARG(krb5_authdata ***, ad) +void ktest_destroy_authorization_data(ad) + krb5_authdata *** ad; { ktest_empty_authorization_data(*ad); free(*ad); *ad = NULL; } -void ktest_destroy_authdata(DECLARG(krb5_authdata **, ad)) - OLDDECLARG(krb5_authdata **, ad) +void ktest_destroy_authdata(ad) + krb5_authdata ** ad; { if(*ad != NULL){ if((*ad)->contents != NULL) free((*ad)->contents); @@ -697,8 +697,8 @@ void ktest_destroy_authdata(DECLARG(krb5_authdata **, ad)) } } -void ktest_empty_pa_data_array(DECLARG(krb5_pa_data **, pad)) - OLDDECLARG(krb5_pa_data **, pad) +void ktest_empty_pa_data_array(pad) + krb5_pa_data ** pad; { int i; @@ -706,16 +706,16 @@ void ktest_empty_pa_data_array(DECLARG(krb5_pa_data **, pad)) ktest_destroy_pa_data(&(pad[i])); } -void ktest_destroy_pa_data_array(DECLARG(krb5_pa_data ***, pad)) - OLDDECLARG(krb5_pa_data ***, pad) +void ktest_destroy_pa_data_array(pad) + krb5_pa_data *** pad; { ktest_empty_pa_data_array(*pad); free(*pad); *pad = NULL; } -void ktest_destroy_pa_data(DECLARG(krb5_pa_data **, pad)) - OLDDECLARG(krb5_pa_data **, pad) +void ktest_destroy_pa_data(pad) + krb5_pa_data ** pad; { if(*pad != NULL){ if((*pad)->contents != NULL) free((*pad)->contents); @@ -725,8 +725,8 @@ void ktest_destroy_pa_data(DECLARG(krb5_pa_data **, pad)) } -void ktest_destroy_address(DECLARG(krb5_address **, a)) - OLDDECLARG(krb5_address **, a) +void ktest_destroy_address(a) + krb5_address ** a; { if(*a != NULL){ if((*a)->contents != NULL) free((*a)->contents); @@ -735,8 +735,8 @@ void ktest_destroy_address(DECLARG(krb5_address **, a)) } } -void ktest_empty_addresses(DECLARG(krb5_address **, a)) - OLDDECLARG(krb5_address **, a) +void ktest_empty_addresses(a) + krb5_address ** a; { int i; @@ -744,16 +744,16 @@ void ktest_empty_addresses(DECLARG(krb5_address **, a)) ktest_destroy_address(&(a[i])); } -void ktest_destroy_addresses(DECLARG(krb5_address ***, a)) - OLDDECLARG(krb5_address ***, a) +void ktest_destroy_addresses(a) + krb5_address *** a; { ktest_empty_addresses(*a); free(*a); *a = NULL; } -void ktest_destroy_principal(DECLARG(krb5_principal *, p)) - OLDDECLARG(krb5_principal *, p) +void ktest_destroy_principal(p) + krb5_principal * p; { int i; @@ -763,22 +763,22 @@ void ktest_destroy_principal(DECLARG(krb5_principal *, p)) *p = NULL; } -void ktest_destroy_sequence_of_integer(DECLARG(long **, soi)) - OLDDECLARG(long **, soi) +void ktest_destroy_sequence_of_integer(soi) + long ** soi; { free(*soi); *soi = NULL; } -void ktest_destroy_sequence_of_enctype(DECLARG(krb5_enctype **, soi)) - OLDDECLARG(krb5_enctype **, soi) +void ktest_destroy_sequence_of_enctype(soi) + krb5_enctype ** soi; { free(*soi); *soi = NULL; } -void ktest_destroy_sequence_of_ticket(DECLARG(krb5_ticket ***, sot)) - OLDDECLARG(krb5_ticket ***, sot) +void ktest_destroy_sequence_of_ticket(sot) + krb5_ticket *** sot; { int i; @@ -788,8 +788,8 @@ void ktest_destroy_sequence_of_ticket(DECLARG(krb5_ticket ***, sot)) *sot = NULL; } -void ktest_destroy_ticket(DECLARG(krb5_ticket **, tkt)) - OLDDECLARG(krb5_ticket **, tkt) +void ktest_destroy_ticket(tkt) + krb5_ticket ** tkt; { ktest_destroy_principal(&((*tkt)->server)); ktest_destroy_enc_data(&((*tkt)->enc_part)); @@ -797,8 +797,8 @@ void ktest_destroy_ticket(DECLARG(krb5_ticket **, tkt)) *tkt = NULL; } -void ktest_destroy_enc_data(DECLARG(krb5_enc_data *, ed)) - OLDDECLARG(krb5_enc_data *, ed) +void ktest_destroy_enc_data(ed) + krb5_enc_data * ed; { ktest_empty_data(&(ed->ciphertext)); ed->kvno = 0; diff --git a/src/tests/asn.1/ktest_equal.c b/src/tests/asn.1/ktest_equal.c index 10a076440c..cfa6eb07d1 100644 --- a/src/tests/asn.1/ktest_equal.c +++ b/src/tests/asn.1/ktest_equal.c @@ -18,10 +18,9 @@ comparator(ref->field,var->field) ((ref->length == var->length) && \ comparator(ref->length,ref->field,var->field)) -int ktest_equal_authenticator(DECLARG(krb5_authenticator *, ref), - DECLARG(krb5_authenticator *, var)) - OLDDECLARG(krb5_authenticator *, ref) - OLDDECLARG(krb5_authenticator *, var) +int ktest_equal_authenticator(ref, var) + krb5_authenticator * ref; + krb5_authenticator * var; { int p=TRUE; if(ref==var) return TRUE; @@ -36,10 +35,9 @@ int ktest_equal_authenticator(DECLARG(krb5_authenticator *, ref), return p; } -int ktest_equal_principal_data(DECLARG(krb5_principal_data *, ref), - DECLARG(krb5_principal_data *, var)) - OLDDECLARG(krb5_principal_data *, ref) - OLDDECLARG(krb5_principal_data *, var) +int ktest_equal_principal_data(ref, var) + krb5_principal_data * ref; + krb5_principal_data * var; { if(ref==var) return TRUE; else if(ref == NULL || var == NULL) return FALSE; @@ -48,10 +46,9 @@ int ktest_equal_principal_data(DECLARG(krb5_principal_data *, ref), scalar_equal(type)); } -int ktest_equal_authdata(DECLARG(krb5_authdata *, ref), - DECLARG(krb5_authdata *, var)) - OLDDECLARG(krb5_authdata *, ref) - OLDDECLARG(krb5_authdata *, var) +int ktest_equal_authdata(ref, var) + krb5_authdata * ref; + krb5_authdata * var; { if(ref==var) return TRUE; else if(ref == NULL || var == NULL) return FALSE; @@ -59,40 +56,36 @@ int ktest_equal_authdata(DECLARG(krb5_authdata *, ref), len_equal(length,contents,ktest_equal_array_of_octet)); } -int ktest_equal_checksum(DECLARG(krb5_checksum *, ref), - DECLARG(krb5_checksum *, var)) - OLDDECLARG(krb5_checksum *, ref) - OLDDECLARG(krb5_checksum *, var) +int ktest_equal_checksum(ref, var) + krb5_checksum * ref; + krb5_checksum * var; { if(ref==var) return TRUE; else if(ref == NULL || var == NULL) return FALSE; return(scalar_equal(checksum_type) && len_equal(length,contents,ktest_equal_array_of_octet)); } -int ktest_equal_keyblock(DECLARG(krb5_keyblock *, ref), - DECLARG(krb5_keyblock *, var)) - OLDDECLARG(krb5_keyblock *, ref) - OLDDECLARG(krb5_keyblock *, var) +int ktest_equal_keyblock(ref, var) + krb5_keyblock * ref; + krb5_keyblock * var; { if(ref==var) return TRUE; else if(ref == NULL || var == NULL) return FALSE; return(scalar_equal(keytype) && len_equal(length,contents,ktest_equal_array_of_octet)); } -int ktest_equal_data(DECLARG(krb5_data *, ref), - DECLARG(krb5_data *, var)) - OLDDECLARG(krb5_data *, ref) - OLDDECLARG(krb5_data *, var) +int ktest_equal_data(ref, var) + krb5_data * ref; + krb5_data * var; { if(ref==var) return TRUE; else if(ref == NULL || var == NULL) return FALSE; return(len_equal(length,data,ktest_equal_array_of_char)); } -int ktest_equal_ticket(DECLARG(krb5_ticket *, ref), - DECLARG(krb5_ticket *, var)) - OLDDECLARG(krb5_ticket *, ref) - OLDDECLARG(krb5_ticket *, var) +int ktest_equal_ticket(ref, var) + krb5_ticket * ref; + krb5_ticket * var; { int p=TRUE; if(ref==var) return TRUE; @@ -103,10 +96,9 @@ int ktest_equal_ticket(DECLARG(krb5_ticket *, ref), return p; } -int ktest_equal_enc_data(DECLARG(krb5_enc_data *, ref), - DECLARG(krb5_enc_data *, var)) - OLDDECLARG(krb5_enc_data *, ref) - OLDDECLARG(krb5_enc_data *, var) +int ktest_equal_enc_data(ref, var) + krb5_enc_data * ref; + krb5_enc_data * var; { int p=TRUE; if(ref==var) return TRUE; @@ -117,10 +109,9 @@ int ktest_equal_enc_data(DECLARG(krb5_enc_data *, ref), return p; } -int ktest_equal_encryption_key(DECLARG(krb5_keyblock *, ref), - DECLARG(krb5_keyblock *, var)) - OLDDECLARG(krb5_keyblock *, ref) - OLDDECLARG(krb5_keyblock *, var) +int ktest_equal_encryption_key(ref, var) + krb5_keyblock * ref; + krb5_keyblock * var; { int p=TRUE; if(ref==var) return TRUE; @@ -130,10 +121,9 @@ int ktest_equal_encryption_key(DECLARG(krb5_keyblock *, ref), return p; } -int ktest_equal_enc_tkt_part(DECLARG(krb5_enc_tkt_part *, ref), - DECLARG(krb5_enc_tkt_part *, var)) - OLDDECLARG(krb5_enc_tkt_part *, ref) - OLDDECLARG(krb5_enc_tkt_part *, var) +int ktest_equal_enc_tkt_part(ref, var) + krb5_enc_tkt_part * ref; + krb5_enc_tkt_part * var; { int p=TRUE; if(ref==var) return TRUE; @@ -148,10 +138,9 @@ int ktest_equal_enc_tkt_part(DECLARG(krb5_enc_tkt_part *, ref), return p; } -int ktest_equal_transited(DECLARG(krb5_transited *, ref), - DECLARG(krb5_transited *, var)) - OLDDECLARG(krb5_transited *, ref) - OLDDECLARG(krb5_transited *, var) +int ktest_equal_transited(ref, var) + krb5_transited * ref; + krb5_transited * var; { int p=TRUE; if(ref==var) return TRUE; @@ -161,10 +150,9 @@ int ktest_equal_transited(DECLARG(krb5_transited *, ref), return p; } -int ktest_equal_ticket_times(DECLARG(krb5_ticket_times *, ref), - DECLARG(krb5_ticket_times *, var)) - OLDDECLARG(krb5_ticket_times *, ref) - OLDDECLARG(krb5_ticket_times *, var) +int ktest_equal_ticket_times(ref, var) + krb5_ticket_times * ref; + krb5_ticket_times * var; { int p=TRUE; if(ref==var) return TRUE; @@ -176,10 +164,9 @@ int ktest_equal_ticket_times(DECLARG(krb5_ticket_times *, ref), return p; } -int ktest_equal_address(DECLARG(krb5_address *, ref), - DECLARG(krb5_address *, var)) - OLDDECLARG(krb5_address *, ref) - OLDDECLARG(krb5_address *, var) +int ktest_equal_address(ref, var) + krb5_address * ref; + krb5_address * var; { int p=TRUE; if(ref==var) return TRUE; @@ -189,10 +176,9 @@ int ktest_equal_address(DECLARG(krb5_address *, ref), return p; } -int ktest_equal_enc_kdc_rep_part(DECLARG(krb5_enc_kdc_rep_part *, ref), - DECLARG(krb5_enc_kdc_rep_part *, var)) - OLDDECLARG(krb5_enc_kdc_rep_part *, ref) - OLDDECLARG(krb5_enc_kdc_rep_part *, var) +int ktest_equal_enc_kdc_rep_part(ref, var) + krb5_enc_kdc_rep_part * ref; + krb5_enc_kdc_rep_part * var; { int p=TRUE; if(ref==var) return TRUE; @@ -208,10 +194,9 @@ int ktest_equal_enc_kdc_rep_part(DECLARG(krb5_enc_kdc_rep_part *, ref), return p; } -int ktest_equal_priv(DECLARG(krb5_priv *, ref), - DECLARG(krb5_priv *, var)) - OLDDECLARG(krb5_priv *, ref) - OLDDECLARG(krb5_priv *, var) +int ktest_equal_priv(ref, var) + krb5_priv * ref; + krb5_priv * var; { int p=TRUE; if(ref==var) return TRUE; @@ -220,10 +205,9 @@ int ktest_equal_priv(DECLARG(krb5_priv *, ref), return p; } -int ktest_equal_cred(DECLARG(krb5_cred *, ref), - DECLARG(krb5_cred *, var)) - OLDDECLARG(krb5_cred *, ref) - OLDDECLARG(krb5_cred *, var) +int ktest_equal_cred(ref, var) + krb5_cred * ref; + krb5_cred * var; { int p=TRUE; if(ref==var) return TRUE; @@ -233,10 +217,9 @@ int ktest_equal_cred(DECLARG(krb5_cred *, ref), return p; } -int ktest_equal_error(DECLARG(krb5_error *, ref), - DECLARG(krb5_error *, var)) - OLDDECLARG(krb5_error *, ref) - OLDDECLARG(krb5_error *, var) +int ktest_equal_error(ref, var) + krb5_error * ref; + krb5_error * var; { int p=TRUE; if(ref==var) return TRUE; @@ -253,10 +236,9 @@ int ktest_equal_error(DECLARG(krb5_error *, ref), return p; } -int ktest_equal_ap_req(DECLARG(krb5_ap_req *, ref), - DECLARG(krb5_ap_req *, var)) - OLDDECLARG(krb5_ap_req *, ref) - OLDDECLARG(krb5_ap_req *, var) +int ktest_equal_ap_req(ref, var) + krb5_ap_req * ref; + krb5_ap_req * var; { int p=TRUE; if(ref==var) return TRUE; @@ -267,10 +249,9 @@ int ktest_equal_ap_req(DECLARG(krb5_ap_req *, ref), return p; } -int ktest_equal_ap_rep(DECLARG(krb5_ap_rep *, ref), - DECLARG(krb5_ap_rep *, var)) - OLDDECLARG(krb5_ap_rep *, ref) - OLDDECLARG(krb5_ap_rep *, var) +int ktest_equal_ap_rep(ref, var) + krb5_ap_rep * ref; + krb5_ap_rep * var; { int p=TRUE; if(ref==var) return TRUE; @@ -279,10 +260,9 @@ int ktest_equal_ap_rep(DECLARG(krb5_ap_rep *, ref), return p; } -int ktest_equal_ap_rep_enc_part(DECLARG(krb5_ap_rep_enc_part *, ref), - DECLARG(krb5_ap_rep_enc_part *, var)) - OLDDECLARG(krb5_ap_rep_enc_part *, ref) - OLDDECLARG(krb5_ap_rep_enc_part *, var) +int ktest_equal_ap_rep_enc_part(ref, var) + krb5_ap_rep_enc_part * ref; + krb5_ap_rep_enc_part * var; { int p=TRUE; if(ref==var) return TRUE; @@ -294,10 +274,9 @@ int ktest_equal_ap_rep_enc_part(DECLARG(krb5_ap_rep_enc_part *, ref), return p; } -int ktest_equal_safe(DECLARG(krb5_safe *, ref), - DECLARG(krb5_safe *, var)) - OLDDECLARG(krb5_safe *, ref) - OLDDECLARG(krb5_safe *, var) +int ktest_equal_safe(ref, var) + krb5_safe * ref; + krb5_safe * var; { int p=TRUE; if(ref==var) return TRUE; @@ -313,10 +292,9 @@ int ktest_equal_safe(DECLARG(krb5_safe *, ref), } -int ktest_equal_enc_cred_part(DECLARG(krb5_cred_enc_part *, ref), - DECLARG(krb5_cred_enc_part *, var)) - OLDDECLARG(krb5_cred_enc_part *, ref) - OLDDECLARG(krb5_cred_enc_part *, var) +int ktest_equal_enc_cred_part(ref, var) + krb5_cred_enc_part * ref; + krb5_cred_enc_part * var; { int p=TRUE; if(ref==var) return TRUE; @@ -330,10 +308,9 @@ int ktest_equal_enc_cred_part(DECLARG(krb5_cred_enc_part *, ref), return p; } -int ktest_equal_enc_priv_part(DECLARG(krb5_priv_enc_part *, ref), - DECLARG(krb5_priv_enc_part *, var)) - OLDDECLARG(krb5_priv_enc_part *, ref) - OLDDECLARG(krb5_priv_enc_part *, var) +int ktest_equal_enc_priv_part(ref, var) + krb5_priv_enc_part * ref; + krb5_priv_enc_part * var; { int p=TRUE; if(ref==var) return TRUE; @@ -347,10 +324,9 @@ int ktest_equal_enc_priv_part(DECLARG(krb5_priv_enc_part *, ref), return p; } -int ktest_equal_as_rep(DECLARG(krb5_kdc_rep *, ref), - DECLARG(krb5_kdc_rep *, var)) - OLDDECLARG(krb5_kdc_rep *, ref) - OLDDECLARG(krb5_kdc_rep *, var) +int ktest_equal_as_rep(ref, var) + krb5_kdc_rep * ref; + krb5_kdc_rep * var; { int p=TRUE; if(ref==var) return TRUE; @@ -364,18 +340,16 @@ int ktest_equal_as_rep(DECLARG(krb5_kdc_rep *, ref), return p; } -int ktest_equal_tgs_rep(DECLARG(krb5_kdc_rep *, ref), - DECLARG(krb5_kdc_rep *, var)) - OLDDECLARG(krb5_kdc_rep *, ref) - OLDDECLARG(krb5_kdc_rep *, var) +int ktest_equal_tgs_rep(ref, var) + krb5_kdc_rep * ref; + krb5_kdc_rep * var; { return ktest_equal_as_rep(ref,var); } -int ktest_equal_as_req(DECLARG(krb5_kdc_req *, ref), - DECLARG(krb5_kdc_req *, var)) - OLDDECLARG(krb5_kdc_req *, ref) - OLDDECLARG(krb5_kdc_req *, var) +int ktest_equal_as_req(ref, var) + krb5_kdc_req * ref; + krb5_kdc_req * var; { int p=TRUE; if(ref==var) return TRUE; @@ -397,18 +371,16 @@ int ktest_equal_as_req(DECLARG(krb5_kdc_req *, ref), return p; } -int ktest_equal_tgs_req(DECLARG(krb5_kdc_req *, ref), - DECLARG(krb5_kdc_req *, var)) - OLDDECLARG(krb5_kdc_req *, ref) - OLDDECLARG(krb5_kdc_req *, var) +int ktest_equal_tgs_req(ref, var) + krb5_kdc_req * ref; + krb5_kdc_req * var; { return ktest_equal_as_req(ref,var); } -int ktest_equal_kdc_req_body(DECLARG(krb5_kdc_req *, ref), - DECLARG(krb5_kdc_req *, var)) - OLDDECLARG(krb5_kdc_req *, ref) - OLDDECLARG(krb5_kdc_req *, var) +int ktest_equal_kdc_req_body(ref, var) + krb5_kdc_req * ref; + krb5_kdc_req * var; { int p=TRUE; if(ref==var) return TRUE; @@ -428,10 +400,9 @@ int ktest_equal_kdc_req_body(DECLARG(krb5_kdc_req *, ref), return p; } -int ktest_equal_last_req_entry(DECLARG(krb5_last_req_entry *, ref), - DECLARG(krb5_last_req_entry *, var)) - OLDDECLARG(krb5_last_req_entry *, ref) - OLDDECLARG(krb5_last_req_entry *, var) +int ktest_equal_last_req_entry(ref, var) + krb5_last_req_entry * ref; + krb5_last_req_entry * var; { int p=TRUE; if(ref==var) return TRUE; @@ -441,10 +412,9 @@ int ktest_equal_last_req_entry(DECLARG(krb5_last_req_entry *, ref), return p; } -int ktest_equal_pa_data(DECLARG(krb5_pa_data *, ref), - DECLARG(krb5_pa_data *, var)) - OLDDECLARG(krb5_pa_data *, ref) - OLDDECLARG(krb5_pa_data *, var) +int ktest_equal_pa_data(ref, var) + krb5_pa_data * ref; + krb5_pa_data * var; { int p=TRUE; if(ref==var) return TRUE; @@ -454,10 +424,9 @@ int ktest_equal_pa_data(DECLARG(krb5_pa_data *, ref), return p; } -int ktest_equal_cred_info(DECLARG(krb5_cred_info *, ref), - DECLARG(krb5_cred_info *, var)) - OLDDECLARG(krb5_cred_info *, ref) - OLDDECLARG(krb5_cred_info *, var) +int ktest_equal_cred_info(ref, var) + krb5_cred_info * ref; + krb5_cred_info * var; { int p=TRUE; if(ref==var) return TRUE; @@ -472,10 +441,9 @@ int ktest_equal_cred_info(DECLARG(krb5_cred_info *, ref), return p; } -int ktest_equal_passwd_phrase_element(DECLARG(passwd_phrase_element *, ref), - DECLARG(passwd_phrase_element *, var)) - OLDDECLARG(passwd_phrase_element *, ref) - OLDDECLARG(passwd_phrase_element *, var) +int ktest_equal_passwd_phrase_element(ref, var) + passwd_phrase_element * ref; + passwd_phrase_element * var; { int p=TRUE; if(ref==var) return TRUE; @@ -485,10 +453,9 @@ int ktest_equal_passwd_phrase_element(DECLARG(passwd_phrase_element *, ref), return p; } -int ktest_equal_krb5_pwd_data(DECLARG(krb5_pwd_data *, ref), - DECLARG(krb5_pwd_data *, var)) - OLDDECLARG(krb5_pwd_data *, ref) - OLDDECLARG(krb5_pwd_data *, var) +int ktest_equal_krb5_pwd_data(ref, var) + krb5_pwd_data * ref; + krb5_pwd_data * var; { int p=TRUE; if(ref==var) return TRUE; @@ -500,12 +467,10 @@ int ktest_equal_krb5_pwd_data(DECLARG(krb5_pwd_data *, ref), /**** arrays ****************************************************************/ -int ktest_equal_array_of_data(DECLARG(const int , length), - DECLARG(krb5_data *, ref), - DECLARG(krb5_data *, var)) - OLDDECLARG(const int , length) - OLDDECLARG(krb5_data *, ref) - OLDDECLARG(krb5_data *, var) +int ktest_equal_array_of_data(length, ref, var) + const int length; + krb5_data * ref; + krb5_data * var; { int i,p=TRUE; @@ -517,12 +482,10 @@ int ktest_equal_array_of_data(DECLARG(const int , length), return p; } -int ktest_equal_array_of_octet(DECLARG(const int , length), - DECLARG(krb5_octet *, ref), - DECLARG(krb5_octet *, var)) - OLDDECLARG(const int , length) - OLDDECLARG(krb5_octet *, ref) - OLDDECLARG(krb5_octet *, var) +int ktest_equal_array_of_octet(length, ref, var) + const int length; + krb5_octet * ref; + krb5_octet * var; { int i, p=TRUE; @@ -533,12 +496,10 @@ int ktest_equal_array_of_octet(DECLARG(const int , length), return p; } -int ktest_equal_array_of_char(DECLARG(const int , length), - DECLARG(char *, ref), - DECLARG(char *, var)) - OLDDECLARG(const int , length) - OLDDECLARG(char *, ref) - OLDDECLARG(char *, var) +int ktest_equal_array_of_char(length, ref, var) + const int length; + char * ref; + char * var; { int i, p=TRUE; @@ -549,12 +510,10 @@ int ktest_equal_array_of_char(DECLARG(const int , length), return p; } -int ktest_equal_array_of_enctype(DECLARG(const int , length), - DECLARG(krb5_enctype *, ref), - DECLARG(krb5_enctype *, var)) - OLDDECLARG(const int , length) - OLDDECLARG(krb5_enctype *, ref) - OLDDECLARG(krb5_enctype *, var) +int ktest_equal_array_of_enctype(length, ref, var) + const int length; + krb5_enctype * ref; + krb5_enctype * var; { int i, p=TRUE; @@ -576,58 +535,51 @@ for(i=0; ref[i] != NULL && var[i] != NULL; i++)\ if(ref[i] == NULL && var[i] == NULL) return p;\ else return FALSE -int ktest_equal_authorization_data(DECLARG(krb5_authdata **, ref), - DECLARG(krb5_authdata **, var)) - OLDDECLARG(krb5_authdata **, ref) - OLDDECLARG(krb5_authdata **, var) +int ktest_equal_authorization_data(ref, var) + krb5_authdata ** ref; + krb5_authdata ** var; { array_compare(ktest_equal_authdata); } -int ktest_equal_addresses(DECLARG(krb5_address **, ref), - DECLARG(krb5_address **, var)) - OLDDECLARG(krb5_address **, ref) - OLDDECLARG(krb5_address **, var) +int ktest_equal_addresses(ref, var) + krb5_address ** ref; + krb5_address ** var; { array_compare(ktest_equal_address); } -int ktest_equal_last_req(DECLARG(krb5_last_req_entry **, ref), - DECLARG(krb5_last_req_entry **, var)) - OLDDECLARG(krb5_last_req_entry **, ref) - OLDDECLARG(krb5_last_req_entry **, var) +int ktest_equal_last_req(ref, var) + krb5_last_req_entry ** ref; + krb5_last_req_entry ** var; { array_compare(ktest_equal_last_req_entry); } -int ktest_equal_sequence_of_ticket(DECLARG(krb5_ticket **, ref), - DECLARG(krb5_ticket **, var)) - OLDDECLARG(krb5_ticket **, ref) - OLDDECLARG(krb5_ticket **, var) +int ktest_equal_sequence_of_ticket(ref, var) + krb5_ticket ** ref; + krb5_ticket ** var; { array_compare(ktest_equal_ticket); } -int ktest_equal_sequence_of_pa_data(DECLARG(krb5_pa_data **, ref), - DECLARG(krb5_pa_data **, var)) - OLDDECLARG(krb5_pa_data **, ref) - OLDDECLARG(krb5_pa_data **, var) +int ktest_equal_sequence_of_pa_data(ref, var) + krb5_pa_data ** ref; + krb5_pa_data ** var; { array_compare(ktest_equal_pa_data); } -int ktest_equal_sequence_of_cred_info(DECLARG(krb5_cred_info **, ref), - DECLARG(krb5_cred_info **, var)) - OLDDECLARG(krb5_cred_info **, ref) - OLDDECLARG(krb5_cred_info **, var) +int ktest_equal_sequence_of_cred_info(ref, var) + krb5_cred_info ** ref; + krb5_cred_info ** var; { array_compare(ktest_equal_cred_info); } -int ktest_equal_array_of_passwd_phrase_element(DECLARG(passwd_phrase_element **, ref), - DECLARG(passwd_phrase_element **, var)) - OLDDECLARG(passwd_phrase_element **, ref) - OLDDECLARG(passwd_phrase_element **, var) +int ktest_equal_array_of_passwd_phrase_element(ref, var) + passwd_phrase_element ** ref; + passwd_phrase_element ** var; { array_compare(ktest_equal_passwd_phrase_element); } diff --git a/src/tests/asn.1/utility.c b/src/tests/asn.1/utility.c index b8b3af4fe2..6f911e370b 100644 --- a/src/tests/asn.1/utility.c +++ b/src/tests/asn.1/utility.c @@ -5,10 +5,9 @@ char hexchar PROTOTYPE((const unsigned int digit)); -asn1_error_code asn1_krb5_data_unparse(DECLARG(const krb5_data *, code), - DECLARG(char **, s)) - OLDDECLARG(const krb5_data *, code) - OLDDECLARG(char **, s) +asn1_error_code asn1_krb5_data_unparse(code, s) + const krb5_data * code; + char ** s; { if(*s != NULL) free(*s); @@ -35,8 +34,8 @@ asn1_error_code asn1_krb5_data_unparse(DECLARG(const krb5_data *, code), return 0; } -char hexchar(DECLARG(const unsigned int , digit)) - OLDDECLARG(const unsigned int , digit) +char hexchar(digit) + const unsigned int digit; { if(digit<=9) return '0'+digit; @@ -46,10 +45,9 @@ char hexchar(DECLARG(const unsigned int , digit)) return 'X'; } -krb5_error_code krb5_data_parse(DECLARG(krb5_data *, d), - DECLARG(const char *, s)) - OLDDECLARG(krb5_data *, d) - OLDDECLARG(const char *, s) +krb5_error_code krb5_data_parse(d, s) + krb5_data * d; + const char * s; { /*if(d->data != NULL){ free(d->data); @@ -62,10 +60,9 @@ krb5_error_code krb5_data_parse(DECLARG(krb5_data *, d), return 0; } -krb5_error_code krb5_data_hex_parse(DECLARG(krb5_data *, d), - DECLARG(const char *, s)) - OLDDECLARG(krb5_data *, d) - OLDDECLARG(const char *, s) +krb5_error_code krb5_data_hex_parse(d, s) + krb5_data * d; + const char * s; { int i, digit; char *pos; @@ -87,8 +84,8 @@ krb5_error_code krb5_data_hex_parse(DECLARG(krb5_data *, d), } #if 0 -void asn1buf_print(DECLARG(const asn1buf *, buf)) - OLDDECLARG(const asn1buf *, buf) +void asn1buf_print(buf) + const asn1buf * buf; { asn1buf bufcopy; char *s=NULL; diff --git a/src/tests/create/ChangeLog b/src/tests/create/ChangeLog index 179840f24f..6b4908f26d 100644 --- a/src/tests/create/ChangeLog +++ b/src/tests/create/ChangeLog @@ -1,3 +1,7 @@ +Fri Jan 13 15:23:47 1995 Chris Provenzano (proven@mit.edu) + + * Added krb5_context to all krb5_routines + Sun Oct 23 00:50:07 1994 (tytso@rsx-11) * kdb5_mkdums.c (add_princ): Create principals with correct realm diff --git a/src/tests/create/kdb5_mkdums.c b/src/tests/create/kdb5_mkdums.c index f4fea5110d..db0b19ac70 100644 --- a/src/tests/create/kdb5_mkdums.c +++ b/src/tests/create/kdb5_mkdums.c @@ -76,6 +76,7 @@ krb5_principal master_princ; krb5_db_entry master_entry; krb5_encrypt_block master_encblock; krb5_pointer master_random; +krb5_context test_context; static char *progname; static char *cur_realm = 0; @@ -87,7 +88,7 @@ static krb5_boolean dbactive = FALSE; void quit() { - krb5_error_code retval = krb5_db_fini(); + krb5_error_code retval = krb5_db_fini(test_context); memset((char *)master_keyblock.contents, 0, master_keyblock.length); if (retval) { com_err(progname, retval, "while closing database"); @@ -96,7 +97,7 @@ quit() exit(0); } -void add_princ PROTOTYPE((char *)); +void add_princ PROTOTYPE((krb5_context, char *)); void main(argc, argv) @@ -118,7 +119,8 @@ char *argv[]; char *suffix = 0; int depth; - krb5_init_ets(); + krb5_init_context(&test_context); + krb5_init_ets(test_context); if (strrchr(argv[0], '/')) argv[0] = strrchr(argv[0], '/')+1; @@ -173,7 +175,7 @@ char *argv[]; if (!(num_to_create && suffix)) usage(progname, 1); - if (retval = krb5_kt_register(&krb5_ktf_writable_ops)) { + if (retval = krb5_kt_register(test_context, &krb5_ktf_writable_ops)) { com_err(progname, retval, "while registering writable key table functions"); exit(1); @@ -196,14 +198,14 @@ char *argv[]; "while setting up etype %d", etype); exit(1); } - krb5_use_cstype(&master_encblock, etype); + krb5_use_cstype(test_context, &master_encblock, etype); csentry = master_encblock.crypto_entry; if (!dbname) dbname = DEFAULT_KDB_FILE; /* XXX? */ if (!cur_realm) { - if (retval = krb5_get_default_realm(&cur_realm)) { + if (retval = krb5_get_default_realm(test_context, &cur_realm)) { com_err(progname, retval, "while retrieving default realm name"); exit(1); } @@ -218,20 +220,20 @@ char *argv[]; (void) sprintf(suffix, "%d", n); (void) sprintf(tmp, "%s-DEPTH-1", principal_string); str_newprinc = tmp; - add_princ(str_newprinc); + add_princ(test_context, str_newprinc); for (i = 2; i <= depth; i++) { tmp2[0] = '\0'; (void) sprintf(tmp2, "/%s-DEPTH-%d", principal_string, i); strcat(tmp, tmp2); str_newprinc = tmp; - add_princ(str_newprinc); + add_princ(test_context, str_newprinc); } } (void) (*csentry->finish_key)(&master_encblock); (void) (*csentry->finish_random_key)(&master_random); - retval = krb5_db_fini(); + retval = krb5_db_fini(test_context); memset((char *)master_keyblock.contents, 0, master_keyblock.length); if (retval && retval != KRB5_KDB_DBNOTINITED) { com_err(progname, retval, "while closing database"); @@ -241,8 +243,9 @@ char *argv[]; } void -add_princ(DECLARG(char *, str_newprinc)) -OLDDECLARG(char *, str_newprinc) +add_princ(context, str_newprinc) + krb5_context context; + char * str_newprinc; { krb5_error_code retval; krb5_db_entry newentry; @@ -254,7 +257,7 @@ OLDDECLARG(char *, str_newprinc) sprintf(princ_name, "%s@%s", str_newprinc, cur_realm); - if (retval = krb5_parse_name(princ_name, &newprinc)) { + if (retval = krb5_parse_name(context, princ_name, &newprinc)) { com_err(progname, retval, "while parsing '%s'", princ_name); return; } @@ -262,22 +265,19 @@ OLDDECLARG(char *, str_newprinc) pwd.data = princ_name; /* must be able to regenerate */ pwd.length = strlen(princ_name); - if (retval = krb5_principal2salt(newprinc, &salt)) { + if (retval = krb5_principal2salt(context, newprinc, &salt)) { com_err(progname, retval, "while converting principal to salt for '%s'", princ_name); return; } - retval = krb5_string_to_key(&master_encblock, master_keyblock.keytype, - &key, - &pwd, - &salt); + retval = krb5_string_to_key(context, &master_encblock, + master_keyblock.keytype, &key, &pwd, &salt); if (retval) { com_err(progname, retval, "while converting password to key for '%s'", princ_name); return; } - retval = krb5_kdb_encrypt_key(&master_encblock, - &key, + retval = krb5_kdb_encrypt_key(context, &master_encblock, &key, &newentry.key); if (retval) { com_err(progname, retval, "while encrypting key for '%s'", princ_name); @@ -294,7 +294,7 @@ OLDDECLARG(char *, str_newprinc) newentry.expiration = mblock.expiration; newentry.pw_expiration = mblock.expiration; newentry.mod_name = master_princ; - if (retval = krb5_timeofday(&newentry.mod_date)) { + if (retval = krb5_timeofday(context, &newentry.mod_date)) { com_err(progname, retval, "while fetching date"); memset((char *)newentry.key.contents, 0, newentry.key.length); free((char *)newentry.key.contents); @@ -309,7 +309,7 @@ OLDDECLARG(char *, str_newprinc) newentry.alt_salt_length = 0; newentry.alt_salt = 0; - retval = krb5_db_put_principal(&newentry, &one); + retval = krb5_db_put_principal(context, &newentry, &one); if (retval) { com_err(progname, retval, "while storing principal date"); free((char *)newentry.key.contents); @@ -339,14 +339,14 @@ char *dbname; csentry = master_encblock.crypto_entry; - if (retval = krb5_db_set_name(dbname)) { + if (retval = krb5_db_set_name(test_context, dbname)) { com_err(pname, retval, "while setting active database to '%s'", dbname); return(1); } /* assemble & parse the master key name */ - if (retval = krb5_db_setup_mkey_name(mkey_name, cur_realm, 0, + if (retval = krb5_db_setup_mkey_name(test_context, mkey_name, cur_realm, 0, &master_princ)) { com_err(pname, retval, "while setting up master key name"); return(1); @@ -354,12 +354,12 @@ char *dbname; if (mkey_password) { pwd.data = mkey_password; pwd.length = strlen(mkey_password); - retval = krb5_principal2salt(master_princ, &scratch); + retval = krb5_principal2salt(test_context, master_princ, &scratch); if (retval) { com_err(pname, retval, "while calculated master key salt"); return(1); } - retval = krb5_string_to_key(&master_encblock, master_keyblock.keytype, + retval = krb5_string_to_key(test_context, &master_encblock, master_keyblock.keytype, &master_keyblock, &pwd, &scratch); if (retval) { com_err(pname, retval, @@ -368,51 +368,51 @@ char *dbname; } free(scratch.data); } else { - if (retval = krb5_db_fetch_mkey(master_princ, &master_encblock, + if (retval = krb5_db_fetch_mkey(test_context, master_princ, &master_encblock, manual_mkey, FALSE, 0, &master_keyblock)) { com_err(pname, retval, "while reading master key"); return(1); } } - if (retval = krb5_db_init()) { + if (retval = krb5_db_init(test_context)) { com_err(pname, retval, "while initializing database"); return(1); } - if (retval = krb5_db_verify_master_key(master_princ, &master_keyblock, + if (retval = krb5_db_verify_master_key(test_context, master_princ, &master_keyblock, &master_encblock)) { com_err(pname, retval, "while verifying master key"); - (void) krb5_db_fini(); + (void) krb5_db_fini(test_context); return(1); } nentries = 1; - if (retval = krb5_db_get_principal(master_princ, &master_entry, &nentries, - &more)) { + if (retval = krb5_db_get_principal(test_context, master_princ, + &master_entry, &nentries, &more)) { com_err(pname, retval, "while retrieving master entry"); - (void) krb5_db_fini(); + (void) krb5_db_fini(test_context); return(1); } else if (more) { com_err(pname, KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE, "while retrieving master entry"); - (void) krb5_db_fini(); + (void) krb5_db_fini(test_context); return(1); } else if (!nentries) { com_err(pname, KRB5_KDB_NOENTRY, "while retrieving master entry"); - (void) krb5_db_fini(); + (void) krb5_db_fini(test_context); return(1); } if (retval = (*csentry->process_key)(&master_encblock, &master_keyblock)) { com_err(pname, retval, "while processing master key"); - (void) krb5_db_fini(); + (void) krb5_db_fini(test_context); return(1); } if (retval = (*csentry->init_random_key)(&master_keyblock, &master_random)) { com_err(pname, retval, "while initializing random key generator"); (void) (*csentry->finish_key)(&master_encblock); - (void) krb5_db_fini(); + (void) krb5_db_fini(test_context); return(1); } mblock.max_life = master_entry.max_life; @@ -421,7 +421,7 @@ char *dbname; /* don't set flags, master has some extra restrictions */ mblock.mkvno = master_entry.kvno; - krb5_db_free_principal(&master_entry, nentries); + krb5_db_free_principal(test_context, &master_entry, nentries); dbactive = TRUE; return 0; } diff --git a/src/tests/hammer/ChangeLog b/src/tests/hammer/ChangeLog index be5d863b1e..eb780f9db6 100644 --- a/src/tests/hammer/ChangeLog +++ b/src/tests/hammer/ChangeLog @@ -1,3 +1,7 @@ +Fri Jan 13 15:23:47 1995 Chris Provenzano (proven@mit.edu) + + * Added krb5_context to all krb5_routines + Tue Nov 8 17:53:40 1994 Theodore Y. Ts'o (tytso@dcl) * kdc5_hammer.c (get_server_key): Use the published interface to diff --git a/src/tests/hammer/kdc5_hammer.c b/src/tests/hammer/kdc5_hammer.c index 0fcf4d0991..d7b0239a17 100644 --- a/src/tests/hammer/kdc5_hammer.c +++ b/src/tests/hammer/kdc5_hammer.c @@ -60,14 +60,19 @@ krb5_data tgtname = { KRB5_TGS_NAME }; -int verify_cs_pair PROTOTYPE((char *, - krb5_principal, - char *, - int, int, int, - krb5_ccache)); -int get_tgt PROTOTYPE((char *, - krb5_principal *, - krb5_ccache)); +int verify_cs_pair + PROTOTYPE((krb5_context, + char *, + krb5_principal, + char *, + int, int, int, + krb5_ccache)); + +int get_tgt + PROTOTYPE((krb5_context, + char *, + krb5_principal *, + krb5_ccache)); static void usage(who, status) @@ -85,6 +90,7 @@ int status; static krb5_enctype etype = 0xffff; static krb5_preauthtype patype = KRB5_PADATA_NONE; +static krb5_context test_context; static krb5_keytype keytype; void @@ -105,7 +111,8 @@ main(argc, argv) krb5_principal client_princ; krb5_error_code retval; - krb5_init_ets(); + krb5_init_context(&test_context); + krb5_init_ets(test_context); if (strrchr(argv[0], '/')) prog = strrchr(argv[0], '/')+1; @@ -157,7 +164,7 @@ main(argc, argv) if (ccache == NULL) { cache_name = optarg; - code = krb5_cc_resolve (cache_name, &ccache); + code = krb5_cc_resolve (test_context, cache_name, &ccache); if (code != 0) { com_err (prog, code, "resolving %s", cache_name); errflg++; @@ -180,7 +187,7 @@ main(argc, argv) keytype = DEFAULT_KDC_KEYTYPE; if (!cur_realm) { - if (retval = krb5_get_default_realm(&cur_realm)) { + if (retval = krb5_get_default_realm(test_context, &cur_realm)) { com_err(prog, retval, "while retrieving default realm name"); exit(1); } @@ -202,7 +209,7 @@ main(argc, argv) } if (ccache == NULL) { - if (code = krb5_cc_default(&ccache)) { + if (code = krb5_cc_default(test_context, &ccache)) { com_err(prog, code, "while getting default ccache"); exit(1); } @@ -226,7 +233,7 @@ main(argc, argv) strcat(ctmp, ctmp2); sprintf(client, "%s@%s", ctmp, cur_realm); - if (get_tgt (client, &client_princ, ccache)) { + if (get_tgt (test_context, client, &client_princ, ccache)) { errors++; n_tried++; continue; @@ -240,11 +247,12 @@ main(argc, argv) prefix, n, j); strcat(stmp, stmp2); sprintf(server, "%s@%s", stmp, cur_realm); - if (verify_cs_pair(client, client_princ, server, n, i, j, ccache)) + if (verify_cs_pair(test_context, client, client_princ, + server, n, i, j, ccache)) errors++; n_tried++; } - krb5_free_principal(client_princ); + krb5_free_principal(test_context, client_princ); } } } @@ -253,14 +261,12 @@ main(argc, argv) #include <krb5/widen.h> -krb5_error_code get_server_key(DECLARG(krb5_pointer,keyprocarg), - DECLARG(krb5_principal,princ), - DECLARG(krb5_kvno,vno), - DECLARG(krb5_keyblock **,key)) -OLDDECLARG(krb5_pointer,keyprocarg) -OLDDECLARG(krb5_principal,princ) -OLDDECLARG(krb5_kvno,vno) -OLDDECLARG(krb5_keyblock **,key) +krb5_error_code get_server_key(context, keyprocarg, princ, vno, key) + krb5_context context; + krb5_pointer keyprocarg; + krb5_principal princ; + krb5_kvno vno; + krb5_keyblock ** key; #include <krb5/narrow.h> { krb5_encrypt_block eblock; @@ -270,7 +276,7 @@ OLDDECLARG(krb5_keyblock **,key) /* Jon Rochlis asks: Does this belong here or in libos or something? */ /* John Kohl replies: not really; it's not a generally useful function */ - code = krb5_unparse_name(princ, &princ_str); + code = krb5_unparse_name(context, princ, &princ_str); if (code) { com_err (prog, code, "while unparsing server name"); return(code); @@ -284,7 +290,7 @@ OLDDECLARG(krb5_keyblock **,key) pwd.data = princ_str; pwd.length = strlen(princ_str); - if (code = krb5_principal2salt(princ, &salt)) { + if (code = krb5_principal2salt(context, princ, &salt)) { com_err(prog, code, "while converting principal to salt for '%s'", princ_str); goto errout; } @@ -295,8 +301,8 @@ OLDDECLARG(krb5_keyblock **,key) com_err(prog, code, "while allocating key for server %s", princ_str); goto errout; } - krb5_use_keytype(&eblock, keytype); - code = krb5_string_to_key(&eblock, keytype, *key, &pwd, &salt); + krb5_use_keytype(context, &eblock, keytype); + code = krb5_string_to_key(context, &eblock, keytype, *key, &pwd, &salt); if (code) goto errout; @@ -311,13 +317,14 @@ out: } -int verify_cs_pair(p_client_str, p_client, p_server_str, p_num, +int verify_cs_pair(context, p_client_str, p_client, p_server_str, p_num, c_depth, s_depth, ccache) - char *p_client_str; - krb5_principal p_client; - char *p_server_str; - int p_num, c_depth, s_depth; - krb5_ccache ccache; + krb5_context context; + char *p_client_str; + krb5_principal p_client; + char *p_server_str; + int p_num, c_depth, s_depth; + krb5_ccache ccache; { krb5_error_code code; krb5_principal server; @@ -332,46 +339,49 @@ int verify_cs_pair(p_client_str, p_client, p_server_str, p_num, fprintf(stderr, "\tclient %s for server %s\n", p_client_str, p_server_str); - if (code = krb5_parse_name (p_server_str, &server)) { + if (code = krb5_parse_name (context, p_server_str, &server)) { com_err (prog, code, "when parsing name %s", p_server_str); return(-1); } /* test the checksum stuff? */ - if (code = krb5_mk_req(server, 0, 0, ccache, &request_data)) { + if (code = krb5_mk_req(context, server, 0, 0, ccache, &request_data)) { com_err(prog, code, "while preparing AP_REQ for %s", p_server_str); return(-1); } - if (code = krb5_rd_req(&request_data, server, 0, 0, get_server_key, 0, 0, - &authdat)) { + if (code = krb5_rd_req(context, &request_data, server, 0, 0, + get_server_key, 0, 0, &authdat)) { com_err(prog, code, "while decoding AP_REQ for %s", p_server_str); return(-1); } - if (!krb5_principal_compare(authdat->authenticator->client, p_client)) { - code = krb5_unparse_name(authdat->authenticator->client, &returned_client); + if (!krb5_principal_compare(context, authdat->authenticator->client, + p_client)) { + code = krb5_unparse_name(context, authdat->authenticator->client, + &returned_client); if (code) com_err (prog, code, "Client not as expected, but cannot unparse client name"); else com_err (prog, 0, "Client not as expected (%s).", returned_client); - krb5_free_tkt_authent(authdat); + krb5_free_tkt_authent(context, authdat); free(returned_client); return(-1); } - krb5_free_tkt_authent(authdat); - krb5_free_principal(server); + krb5_free_tkt_authent(context, authdat); + krb5_free_principal(context, server); if (request_data.data) krb5_xfree(request_data.data); return(0); } -int get_tgt (p_client_str, p_client, ccache) - char *p_client_str; - krb5_principal *p_client; - krb5_ccache ccache; +int get_tgt (context, p_client_str, p_client, ccache) + krb5_context context; + char *p_client_str; + krb5_principal *p_client; + krb5_ccache ccache; { char *cache_name = NULL; /* -f option */ long lifetime = KRB5_DEFAULT_LIFE; /* -l option */ @@ -385,27 +395,27 @@ int get_tgt (p_client_str, p_client, ccache) if (!brief) fprintf(stderr, "\tgetting TGT for %s\n", p_client_str); - if (code = krb5_timeofday(&start)) { + if (code = krb5_timeofday(context, &start)) { com_err(prog, code, "while getting time of day"); return(-1); } memset((char *)&my_creds, 0, sizeof(my_creds)); - if (code = krb5_parse_name (p_client_str, p_client)) { + if (code = krb5_parse_name (context, p_client_str, p_client)) { com_err (prog, code, "when parsing name %s", p_client_str); return(-1); } - if (code = krb5_build_principal_ext(&tgt_server, - krb5_princ_realm(*p_client)->length, - krb5_princ_realm(*p_client)->data, - tgtname.length, - tgtname.data, - krb5_princ_realm(*p_client)->length, - krb5_princ_realm(*p_client)->data, - 0)) { + if (code = krb5_build_principal_ext(context, &tgt_server, + krb5_princ_realm(context, *p_client)->length, + krb5_princ_realm(context, *p_client)->data, + tgtname.length, + tgtname.data, + krb5_princ_realm(context, *p_client)->length, + krb5_princ_realm(context, *p_client)->data, + 0)) { com_err(prog, code, "when setting up tgt principal"); return(-1); } @@ -419,9 +429,10 @@ int get_tgt (p_client_str, p_client, ccache) my_creds.client = *p_client; my_creds.server = tgt_server; - krb5_cc_destroy(ccache); /* ugh, I'd much rather just delete the credential */ + /* ugh, I'd much rather just delete the credential */ + krb5_cc_destroy(context, ccache); - code = krb5_cc_initialize (ccache, *p_client); + code = krb5_cc_initialize (context, ccache, *p_client); if (code != 0) { com_err (prog, code, "when initializing cache %s", cache_name?cache_name:""); @@ -433,7 +444,7 @@ int get_tgt (p_client_str, p_client, ccache) my_creds.times.endtime = start + lifetime; my_creds.times.renew_till = 0; - code = krb5_get_in_tkt_with_password(options, my_addresses, + code = krb5_get_in_tkt_with_password(context, options, my_addresses, patype, etype, keytype, @@ -441,9 +452,9 @@ int get_tgt (p_client_str, p_client, ccache) ccache, &my_creds, 0); my_creds.server = my_creds.client = 0; - krb5_free_principal(tgt_server); - krb5_free_addresses(my_addresses); - krb5_free_cred_contents(&my_creds); + krb5_free_principal(context, tgt_server); + krb5_free_addresses(context, my_addresses); + krb5_free_cred_contents(context, &my_creds); if (code != 0) { com_err (prog, code, "while getting initial credentials"); return(-1); diff --git a/src/tests/verify/ChangeLog b/src/tests/verify/ChangeLog index e809cc837a..914490a789 100644 --- a/src/tests/verify/ChangeLog +++ b/src/tests/verify/ChangeLog @@ -1,3 +1,7 @@ +Fri Jan 13 15:23:47 1995 Chris Provenzano (proven@mit.edu) + + * Added krb5_context to all krb5_routines + Sun Oct 23 00:50:42 1994 (tytso@rsx-11) * kdb5_verify.c (check_princ): Check principals with the correct diff --git a/src/tests/verify/kdb5_verify.c b/src/tests/verify/kdb5_verify.c index 6c5d37a7c6..d66c3cb280 100644 --- a/src/tests/verify/kdb5_verify.c +++ b/src/tests/verify/kdb5_verify.c @@ -56,7 +56,7 @@ struct mblock { 0 }; -int set_dbname_help PROTOTYPE((char *, char *)); +int set_dbname_help PROTOTYPE((krb5_context, char *, char *)); static void usage(who, status) @@ -86,9 +86,10 @@ static krb5_boolean manual_mkey = FALSE; static krb5_boolean dbactive = FALSE; void -quit() +quit(context) + krb5_context context; { - krb5_error_code retval = krb5_db_fini(); + krb5_error_code retval = krb5_db_fini(context); memset((char *)master_keyblock.contents, 0, master_keyblock.length); if (retval) { com_err(progname, retval, "while closing database"); @@ -97,7 +98,7 @@ quit() exit(0); } -int check_princ PROTOTYPE((char *)); +int check_princ PROTOTYPE((krb5_context, char *)); void main(argc, argv) @@ -108,6 +109,7 @@ char *argv[]; int optchar, i, n; char tmp[4096], tmp2[BUFSIZ], *str_princ; + krb5_context context; krb5_error_code retval; char *dbname = 0; int keytypedone = 0; @@ -118,7 +120,8 @@ char *argv[]; char *suffix = 0; int depth, errors; - krb5_init_ets(); + krb5_init_context(&context); + krb5_init_ets(context); if (strrchr(argv[0], '/')) argv[0] = strrchr(argv[0], '/')+1; @@ -189,19 +192,19 @@ char *argv[]; "while setting up etype %d", etype); exit(1); } - krb5_use_cstype(&master_encblock, etype); + krb5_use_cstype(context, &master_encblock, etype); csentry = master_encblock.crypto_entry; if (!dbname) dbname = DEFAULT_KDB_FILE; /* XXX? */ if (!cur_realm) { - if (retval = krb5_get_default_realm(&cur_realm)) { + if (retval = krb5_get_default_realm(context, &cur_realm)) { com_err(progname, retval, "while retrieving default realm name"); exit(1); } } - if (retval = set_dbname_help(progname, dbname)) + if (retval = set_dbname_help(context, progname, dbname)) exit(retval); errors = 0; @@ -215,14 +218,14 @@ char *argv[]; (void) sprintf(suffix, "%d", n); (void) sprintf(tmp, "%s-DEPTH-1", principal_string); str_princ = tmp; - if (check_princ(str_princ)) errors++; + if (check_princ(context, str_princ)) errors++; for (i = 2; i <= depth; i++) { tmp2[0] = '\0'; (void) sprintf(tmp2, "/%s-DEPTH-%d", principal_string, i); strcat(tmp, tmp2); str_princ = tmp; - if (check_princ(str_princ)) errors++; + if (check_princ(context, str_princ)) errors++; } } @@ -233,7 +236,7 @@ char *argv[]; (void) (*csentry->finish_key)(&master_encblock); (void) (*csentry->finish_random_key)(&master_random); - retval = krb5_db_fini(); + retval = krb5_db_fini(context); memset((char *)master_keyblock.contents, 0, master_keyblock.length); if (retval && retval != KRB5_KDB_DBNOTINITED) { com_err(progname, retval, "while closing database"); @@ -243,8 +246,9 @@ char *argv[]; } int -check_princ(DECLARG(char *, str_princ)) -OLDDECLARG(char *, str_princ) +check_princ(context, str_princ) + krb5_context context; + char * str_princ; { krb5_error_code retval; krb5_db_entry kdbe; @@ -260,7 +264,7 @@ OLDDECLARG(char *, str_princ) fprintf(stderr, "\t%s ...\n", princ_name); - if (retval = krb5_parse_name(princ_name, &princ)) { + if (retval = krb5_parse_name(context, princ_name, &princ)) { com_err(progname, retval, "while parsing '%s'", princ_name); goto out; } @@ -268,12 +272,12 @@ OLDDECLARG(char *, str_princ) pwd.data = princ_name; /* must be able to regenerate */ pwd.length = strlen(princ_name); - if (retval = krb5_principal2salt(princ, &salt)) { + if (retval = krb5_principal2salt(context, princ, &salt)) { com_err(progname, retval, "while converting principal to salt for '%s'", princ_name); goto out; } - retval = krb5_string_to_key(&master_encblock, master_keyblock.keytype, + retval = krb5_string_to_key(context, &master_encblock, master_keyblock.keytype, &pwd_key, &pwd, &salt); @@ -282,7 +286,7 @@ OLDDECLARG(char *, str_princ) goto out; } - if (retval = krb5_db_get_principal(princ, &kdbe, &nprincs, &more)) { + if (retval = krb5_db_get_principal(context,princ, &kdbe, &nprincs, &more)) { com_err(progname, retval, "while attempting to verify principal's existence"); goto out; } @@ -293,7 +297,7 @@ OLDDECLARG(char *, str_princ) goto errout; } - retval = krb5_kdb_decrypt_key(&master_encblock, + retval = krb5_kdb_decrypt_key(context, &master_encblock, &kdbe.key, &db_key); if (retval) { @@ -306,7 +310,7 @@ OLDDECLARG(char *, str_princ) fprintf (stderr, "\tKey types do not agree (%d expected, %d from db)\n", pwd_key.keytype, db_key.keytype); errout: - krb5_db_free_principal(&kdbe, nprincs); + krb5_db_free_principal(context, &kdbe, nprincs); return(-1); } else { @@ -350,7 +354,7 @@ errout: goto errout; } - if (retval = krb5_unparse_name(kdbe.mod_name, &str_mod_name)) + if (retval = krb5_unparse_name(context, kdbe.mod_name, &str_mod_name)) com_err(progname, retval, "while unparsing mode name"); else { if (strcmp(str_mod_name, str_master_princ) != 0) { @@ -369,15 +373,16 @@ errout: } out: - krb5_db_free_principal(&kdbe, nprincs); + krb5_db_free_principal(context, &kdbe, nprincs); return(0); } int -set_dbname_help(pname, dbname) -char *pname; -char *dbname; +set_dbname_help(context, pname, dbname) + krb5_context context; + char *pname; + char *dbname; { krb5_error_code retval; int nentries; @@ -387,14 +392,14 @@ char *dbname; csentry = master_encblock.crypto_entry; - if (retval = krb5_db_set_name(dbname)) { + if (retval = krb5_db_set_name(context, dbname)) { com_err(pname, retval, "while setting active database to '%s'", dbname); return(1); } /* assemble & parse the master key name */ - if (retval = krb5_db_setup_mkey_name(mkey_name, cur_realm, 0, + if (retval = krb5_db_setup_mkey_name(context, mkey_name, cur_realm, 0, &master_princ)) { com_err(pname, retval, "while setting up master key name"); return(1); @@ -402,13 +407,14 @@ char *dbname; if (mkey_password) { pwd.data = mkey_password; pwd.length = strlen(mkey_password); - retval = krb5_principal2salt(master_princ, &scratch); + retval = krb5_principal2salt(context, master_princ, &scratch); if (retval) { com_err(pname, retval, "while calculated master key salt"); return(1); } - retval = krb5_string_to_key(&master_encblock, master_keyblock.keytype, - &master_keyblock, &pwd, &scratch); + retval = krb5_string_to_key(context, &master_encblock, + master_keyblock.keytype, &master_keyblock, + &pwd, &scratch); if (retval) { com_err(pname, retval, "while transforming master key from password"); @@ -416,57 +422,57 @@ char *dbname; } free(scratch.data); } else { - if (retval = krb5_db_fetch_mkey(master_princ, &master_encblock, + if (retval = krb5_db_fetch_mkey(context, master_princ, &master_encblock, manual_mkey, FALSE, 0, &master_keyblock)) { com_err(pname, retval, "while reading master key"); return(1); } } - if (retval = krb5_db_init()) { + if (retval = krb5_db_init(context )) { com_err(pname, retval, "while initializing database"); return(1); } - if (retval = krb5_db_verify_master_key(master_princ, &master_keyblock, - &master_encblock)) { + if (retval = krb5_db_verify_master_key(context, master_princ, + &master_keyblock,&master_encblock)) { com_err(pname, retval, "while verifying master key"); - (void) krb5_db_fini(); + (void) krb5_db_fini(context); return(1); } nentries = 1; - if (retval = krb5_db_get_principal(master_princ, &master_entry, &nentries, - &more)) { + if (retval = krb5_db_get_principal(context, master_princ, &master_entry, + &nentries, &more)) { com_err(pname, retval, "while retrieving master entry"); - (void) krb5_db_fini(); + (void) krb5_db_fini(context); return(1); } else if (more) { com_err(pname, KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE, "while retrieving master entry"); - (void) krb5_db_fini(); + (void) krb5_db_fini(context); return(1); } else if (!nentries) { com_err(pname, KRB5_KDB_NOENTRY, "while retrieving master entry"); - (void) krb5_db_fini(); + (void) krb5_db_fini(context); return(1); } - if (retval = krb5_unparse_name(master_princ, &str_master_princ)) { + if (retval = krb5_unparse_name(context, master_princ, &str_master_princ)) { com_err(pname, retval, "while unparsing master principal"); - krb5_db_fini(); + krb5_db_fini(context); return(1); } if (retval = (*csentry->process_key)(&master_encblock, &master_keyblock)) { com_err(pname, retval, "while processing master key"); - (void) krb5_db_fini(); + (void) krb5_db_fini(context); return(1); } if (retval = (*csentry->init_random_key)(&master_keyblock, &master_random)) { com_err(pname, retval, "while initializing random key generator"); (void) (*csentry->finish_key)(&master_encblock); - (void) krb5_db_fini(); + (void) krb5_db_fini(context); return(1); } mblock.max_life = master_entry.max_life; @@ -475,7 +481,7 @@ char *dbname; /* don't set flags, master has some extra restrictions */ mblock.mkvno = master_entry.kvno; - krb5_db_free_principal(&master_entry, nentries); + krb5_db_free_principal(context, &master_entry, nentries); dbactive = TRUE; return 0; } |