diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2010-11-04 19:29:01 +0100 |
---|---|---|
committer | Simo Sorce <ssorce@redhat.com> | 2010-11-22 16:01:35 -0500 |
commit | 3b7a86024b53fd0ac1a98e92bd93a170a1979aec (patch) | |
tree | c3fb64a3896c46f6822ac63d786320c0f7ec2e9b | |
parent | ce75d1c6d6595bcb26dbacf7393098a8f9accb3f (diff) | |
download | freeipa-3b7a86024b53fd0ac1a98e92bd93a170a1979aec.tar.gz freeipa-3b7a86024b53fd0ac1a98e92bd93a170a1979aec.tar.xz freeipa-3b7a86024b53fd0ac1a98e92bd93a170a1979aec.zip |
Use internal implementation of internal Kerberos functions
Don't use KRB5_PRIVATE.
The patch implements and uses the following krb5 functions that are
otherwise private in recent MIT Kerberos releases:
* krb5_principal2salt_norealm
* krb5_free_ktypes
Signed-off-by: Simo Sorce <ssorce@redhat.com>
-rw-r--r-- | daemons/ipa-slapi-plugins/ipa-pwd-extop/Makefile.am | 4 | ||||
-rw-r--r-- | daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h | 1 | ||||
-rw-r--r-- | daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_encoding.c | 3 | ||||
-rw-r--r-- | ipa-client/Makefile.am | 5 | ||||
-rw-r--r-- | ipa-client/ipa-getkeytab.c | 10 | ||||
-rw-r--r-- | util/ipa_krb5.c | 44 | ||||
-rw-r--r-- | util/ipa_krb5.h | 12 |
7 files changed, 73 insertions, 6 deletions
diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/Makefile.am b/daemons/ipa-slapi-plugins/ipa-pwd-extop/Makefile.am index 6f6092d20..41d9f2378 100644 --- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/Makefile.am +++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/Makefile.am @@ -1,11 +1,14 @@ NULL = PLUGIN_COMMON_DIR=../common +KRB5_UTIL_DIR= ../../../util +KRB5_UTIL_SRCS=$(KRB5_UTIL_DIR)/ipa_krb5.c INCLUDES = \ -I. \ -I$(srcdir) \ -I$(PLUGIN_COMMON_DIR) \ + -I$(KRB5_UTIL_DIR) \ -DPREFIX=\""$(prefix)"\" \ -DBINDIR=\""$(bindir)"\" \ -DLIBDIR=\""$(libdir)"\" \ @@ -28,6 +31,7 @@ libipa_pwd_extop_la_SOURCES = \ ipapwd_encoding.c \ ipapwd_prepost.c \ ipa_pwd_extop.c \ + $(KRB5_UTIL_SRCS) \ $(NULL) libipa_pwd_extop_la_LDFLAGS = -avoid-version diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h index 523934ccd..bc521071e 100644 --- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h +++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h @@ -52,7 +52,6 @@ #include <prio.h> #include <ssl.h> #include <dirsrv/slapi-plugin.h> -#define KRB5_PRIVATE 1 #include <krb5.h> #include <lber.h> #include <time.h> diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_encoding.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_encoding.c index 451350163..bba636773 100644 --- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_encoding.c +++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_encoding.c @@ -54,6 +54,7 @@ #include "ipapwd.h" #include "util.h" +#include "ipa_krb5.h" /* krbTicketFlags */ #define KTF_DISALLOW_POSTDATED 0x00000001 @@ -341,7 +342,7 @@ static Slapi_Value **encrypt_encode_key(struct ipapwd_krbcfg *krbcfg, case KRB5_KDB_SALTTYPE_NOREALM: - krberr = krb5_principal2salt_norealm(krbctx, princ, &salt); + krberr = ipa_krb5_principal2salt_norealm(krbctx, princ, &salt); if (krberr) { LOG_FATAL("krb5_principal2salt failed [%s]\n", krb5_get_error_message(krbctx, krberr)); diff --git a/ipa-client/Makefile.am b/ipa-client/Makefile.am index 655a68664..ebb9a8392 100644 --- a/ipa-client/Makefile.am +++ b/ipa-client/Makefile.am @@ -12,9 +12,13 @@ if HAVE_GCC endif export AM_CFLAGS +KRB5_UTIL_DIR=../util +KRB5_UTIL_SRCS=$(KRB5_UTIL_DIR)/ipa_krb5.c + INCLUDES = \ -I. \ -I$(srcdir) \ + -I$(KRB5_UTIL_DIR) \ -DPREFIX=\""$(prefix)"\" \ -DBINDIR=\""$(bindir)"\" \ -DLIBDIR=\""$(libdir)"\" \ @@ -38,6 +42,7 @@ sbin_PROGRAMS = \ ipa_getkeytab_SOURCES = \ ipa-getkeytab.c \ + $(KRB5_UTIL_SRCS) \ $(NULL) ipa_getkeytab_LDADD = \ diff --git a/ipa-client/ipa-getkeytab.c b/ipa-client/ipa-getkeytab.c index a54c57c7e..858865269 100644 --- a/ipa-client/ipa-getkeytab.c +++ b/ipa-client/ipa-getkeytab.c @@ -27,10 +27,10 @@ #include <stdio.h> #include <stdarg.h> #include <stdlib.h> +#include <stdint.h> #include <string.h> #include <errno.h> #include <time.h> -#define KRB5_PRIVATE 1 #include <krb5.h> #ifdef WITH_MOZLDAP #include <mozldap/ldap.h> @@ -44,6 +44,8 @@ #include <libintl.h> #define _(STRING) gettext(STRING) +#include "ipa_krb5.h" + /* Salt types */ #define NO_SALT -1 #define KRB5_KDB_SALTTYPE_NORMAL 0 @@ -152,7 +154,7 @@ static int prep_ksdata(krb5_context krbctx, const char *str, ksdata[i].salttype = KRB5_KDB_SALTTYPE_NORMAL; } - krb5_free_ktypes(krbctx, ktypes); + ipa_krb5_free_ktypes(krbctx, ktypes); nkeys = i; @@ -322,7 +324,7 @@ static int create_keys(krb5_context krbctx, break; case KRB5_KDB_SALTTYPE_NOREALM: - krberr = krb5_principal2salt_norealm(krbctx, princ, &ksdata[i].salt); + krberr = ipa_krb5_principal2salt_norealm(krbctx, princ, &ksdata[i].salt); if (krberr) { fprintf(stderr, _("Failed to create key!\n")); return 0; @@ -848,7 +850,7 @@ int main(int argc, char *argv[]) } fprintf(stdout, "%s\n", enc); } - krb5_free_ktypes(krbctx, ktypes); + ipa_krb5_free_ktypes(krbctx, ktypes); exit (0); } diff --git a/util/ipa_krb5.c b/util/ipa_krb5.c new file mode 100644 index 000000000..5765087c9 --- /dev/null +++ b/util/ipa_krb5.c @@ -0,0 +1,44 @@ +#include <string.h> +#include <stdlib.h> +#include <errno.h> + +#include "ipa_krb5.h" + +void +ipa_krb5_free_ktypes(krb5_context context, krb5_enctype *val) +{ + free(val); +} + +/* + * Convert a krb5_principal into the default salt for that principal. + */ +krb5_error_code +ipa_krb5_principal2salt_norealm(krb5_context context, krb5_const_principal pr, krb5_data *ret) +{ + unsigned int size = 0, offset=0; + krb5_int32 nelem; + register int i; + + if (pr == NULL) { + ret->length = 0; + ret->data = NULL; + return 0; + } + + nelem = krb5_princ_size(context, pr); + + for (i = 0; i < (int) nelem; i++) + size += krb5_princ_component(context, pr, i)->length; + + ret->length = size; + if (!(ret->data = malloc (size))) + return ENOMEM; + + for (i = 0; i < (int) nelem; i++) { + memcpy(&ret->data[offset], krb5_princ_component(context, pr, i)->data, + krb5_princ_component(context, pr, i)->length); + offset += krb5_princ_component(context, pr, i)->length; + } + return 0; +} diff --git a/util/ipa_krb5.h b/util/ipa_krb5.h new file mode 100644 index 000000000..09f492ea1 --- /dev/null +++ b/util/ipa_krb5.h @@ -0,0 +1,12 @@ +#ifndef __IPA_KRB5_H_ +#define __IPA_KRB5_H_ + +#include <krb5.h> + +void +ipa_krb5_free_ktypes(krb5_context context, krb5_enctype *val); + +krb5_error_code +ipa_krb5_principal2salt_norealm(krb5_context context, krb5_const_principal pr, krb5_data *ret); + +#endif /* __IPA_KRB5_H_ */ |