diff options
| author | Chris Provenzano <proven@mit.edu> | 1995-01-13 22:05:49 +0000 |
|---|---|---|
| committer | Chris Provenzano <proven@mit.edu> | 1995-01-13 22:05:49 +0000 |
| commit | 7a3dfafc7c240ec64248269f97f25fed1009e362 (patch) | |
| tree | b31628fd34740ee0f0bd068df615759084eaa6bb /src/clients | |
| parent | ef4a40eef2b466b34a015a9419dccee2a9fd5ee4 (diff) | |
| download | krb5-7a3dfafc7c240ec64248269f97f25fed1009e362.tar.gz krb5-7a3dfafc7c240ec64248269f97f25fed1009e362.tar.xz krb5-7a3dfafc7c240ec64248269f97f25fed1009e362.zip | |
Removed all references to DECLARG and OLDDECLARG.
Added krb5_context to all krb5_*() routines.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@4815 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/clients')
| -rw-r--r-- | src/clients/kdestroy/ChangeLog | 4 | ||||
| -rw-r--r-- | src/clients/kdestroy/kdestroy.c | 9 | ||||
| -rw-r--r-- | src/clients/kinit/ChangeLog | 4 | ||||
| -rw-r--r-- | src/clients/kinit/kinit.c | 57 | ||||
| -rw-r--r-- | src/clients/klist/ChangeLog | 4 | ||||
| -rw-r--r-- | src/clients/klist/klist.c | 52 | ||||
| -rw-r--r-- | src/clients/ksu/ChangeLog | 4 | ||||
| -rw-r--r-- | src/clients/ksu/authorization.c | 40 | ||||
| -rw-r--r-- | src/clients/ksu/ccache.c | 174 | ||||
| -rw-r--r-- | src/clients/ksu/heuristic.c | 76 | ||||
| -rw-r--r-- | src/clients/ksu/krb_auth_su.c | 192 | ||||
| -rw-r--r-- | src/clients/ksu/ksu.h | 1 | ||||
| -rw-r--r-- | src/clients/ksu/main.c | 105 |
13 files changed, 403 insertions, 319 deletions
diff --git a/src/clients/kdestroy/ChangeLog b/src/clients/kdestroy/ChangeLog index 1c4727d3f..66937e824 100644 --- a/src/clients/kdestroy/ChangeLog +++ b/src/clients/kdestroy/ChangeLog @@ -1,3 +1,7 @@ +Fri Jan 13 15:23:47 1995 Chris Provenzano (proven@mit.edu) + + * Added krb5_context to all krb5_routines + Mon Oct 3 19:14:48 1994 Theodore Y. Ts'o (tytso@dcl) * Makefile.in: Use $(srcdir) to find manual page for make install. diff --git a/src/clients/kdestroy/kdestroy.c b/src/clients/kdestroy/kdestroy.c index 9db29c698..25f335560 100644 --- a/src/clients/kdestroy/kdestroy.c +++ b/src/clients/kdestroy/kdestroy.c @@ -39,6 +39,7 @@ main(argc, argv) int argc; char **argv; { + krb5_context kcontext; int c; krb5_ccache cache = NULL; char *cache_name = NULL; @@ -46,7 +47,7 @@ main(argc, argv) int errflg=0; int quiet = 0; - krb5_init_ets(); + krb5_init_ets(kcontext); if (strrchr(argv[0], '/')) argv[0] = strrchr(argv[0], '/')+1; @@ -60,7 +61,7 @@ main(argc, argv) if (cache == NULL) { cache_name = optarg; - code = krb5_cc_resolve (cache_name, &cache); + code = krb5_cc_resolve (kcontext, cache_name, &cache); if (code != 0) { com_err (argv[0], code, "while resolving %s", cache_name); errflg++; @@ -86,13 +87,13 @@ main(argc, argv) } if (cache == NULL) { - if (code = krb5_cc_default(&cache)) { + if (code = krb5_cc_default(kcontext, &cache)) { com_err(argv[0], code, "while getting default ccache"); exit(1); } } - code = krb5_cc_destroy (cache); + code = krb5_cc_destroy (kcontext, cache); if (code != 0) { com_err (argv[0], code, "while destroying cache"); if (quiet) diff --git a/src/clients/kinit/ChangeLog b/src/clients/kinit/ChangeLog index e1f302b0a..02a935cbb 100644 --- a/src/clients/kinit/ChangeLog +++ b/src/clients/kinit/ChangeLog @@ -1,3 +1,7 @@ +Fri Jan 13 15:23:47 1995 Chris Provenzano (proven@mit.edu) + + * Added krb5_context to all krb5_routines + Mon Oct 3 19:14:30 1994 Theodore Y. Ts'o (tytso@dcl) * Makefile.in: Use $(srcdir) to find manual page for make install. diff --git a/src/clients/kinit/kinit.c b/src/clients/kinit/kinit.c index 56b7e2d8d..bf298033a 100644 --- a/src/clients/kinit/kinit.c +++ b/src/clients/kinit/kinit.c @@ -69,6 +69,7 @@ main(argc, argv) int argc; char **argv; { + krb5_context kcontext; krb5_ccache ccache = NULL; char *cache_name = NULL; /* -f option */ char *keytab_name = NULL; /* -t option */ @@ -92,7 +93,7 @@ main(argc, argv) int i; char password[255], *client_name, prompt[255]; - krb5_init_ets(); + krb5_init_ets(kcontext); if (strrchr(argv[0], '/')) argv[0] = strrchr(argv[0], '/')+1; @@ -120,7 +121,7 @@ main(argc, argv) if (keytab == NULL) { keytab_name = optarg; - code = krb5_kt_resolve(keytab_name, &keytab); + code = krb5_kt_resolve(kcontext, keytab_name, &keytab); if (code != 0) { com_err(argv[0], code, "resolving keytab %s", keytab_name); @@ -142,7 +143,7 @@ main(argc, argv) if (ccache == NULL) { cache_name = optarg; - code = krb5_cc_resolve (cache_name, &ccache); + code = krb5_cc_resolve (kcontext, cache_name, &ccache); if (code != 0) { com_err (argv[0], code, "resolving ccache %s", cache_name); @@ -166,7 +167,7 @@ main(argc, argv) } if (ccache == NULL) { - if (code = krb5_cc_default(&ccache)) { + if (code = krb5_cc_default(kcontext, &ccache)) { com_err(argv[0], code, "while getting default ccache"); exit(1); } @@ -175,7 +176,7 @@ main(argc, argv) if (optind != argc-1) { /* No principal name specified */ if (use_keytab) { /* Use the default host/service name */ - code = krb5_sname_to_principal(NULL, NULL, + code = krb5_sname_to_principal(kcontext, NULL, NULL, KRB5_NT_SRV_HST, &me); if (code) { com_err(argv[0], code, @@ -184,12 +185,12 @@ main(argc, argv) } } else { /* Get default principal from cache if one exists */ - code = krb5_cc_get_principal(ccache, &me); + code = krb5_cc_get_principal(kcontext, ccache, &me); if (code) { /* Else search passwd file for client */ pw = getpwuid((int) getuid()); if (pw) { - if (code = krb5_parse_name (pw->pw_name, &me)) { + if (code = krb5_parse_name (kcontext, pw->pw_name, &me)) { com_err (argv[0], code, "when parsing name %s", pw->pw_name); exit(1); @@ -202,17 +203,17 @@ main(argc, argv) } } } /* Use specified name */ - else if (code = krb5_parse_name (argv[optind], &me)) { + else if (code = krb5_parse_name (kcontext, argv[optind], &me)) { com_err (argv[0], code, "when parsing name %s",argv[optind]); exit(1); } - if (code = krb5_unparse_name(me, &client_name)) { + if (code = krb5_unparse_name(kcontext, me, &client_name)) { com_err (argv[0], code, "when unparsing name"); exit(1); } - code = krb5_cc_initialize (ccache, me); + code = krb5_cc_initialize (kcontext, ccache, me); if (code != 0) { com_err (argv[0], code, "when initializing cache %s", cache_name?cache_name:""); @@ -223,12 +224,12 @@ main(argc, argv) my_creds.client = me; - if (code = krb5_build_principal_ext(&server, - krb5_princ_realm(me)->length, - krb5_princ_realm(me)->data, + if (code = krb5_build_principal_ext(kcontext, &server, + krb5_princ_realm(kcontext, me)->length, + krb5_princ_realm(kcontext, me)->data, tgtname.length, tgtname.data, - krb5_princ_realm(me)->length, - krb5_princ_realm(me)->data, + krb5_princ_realm(kcontext, me)->length, + krb5_princ_realm(kcontext, me)->data, 0)) { com_err(argv[0], code, "while building server name"); exit(1); @@ -241,7 +242,7 @@ main(argc, argv) com_err (argv[0], code, "when getting my address"); exit(1); } - if (code = krb5_timeofday(&now)) { + if (code = krb5_timeofday(kcontext, &now)) { com_err(argv[0], code, "while getting time of day"); exit(1); } @@ -258,17 +259,18 @@ main(argc, argv) pwsize = sizeof(password); - code = krb5_read_password(prompt, 0, password, &pwsize); + code = krb5_read_password(kcontext, prompt, 0, password, &pwsize); if (code || pwsize == 0) { fprintf(stderr, "Error while reading password for '%s'\n", client_name); memset(password, 0, sizeof(password)); - krb5_free_addresses(my_addresses); + krb5_free_addresses(kcontext, my_addresses); exit(1); } if (preauth_type > 0) { - code = krb5_get_in_tkt_with_password(options, my_addresses, + code = krb5_get_in_tkt_with_password(kcontext, options, + my_addresses, preauth_type, ETYPE_DES_CBC_CRC, KEYTYPE_DES, @@ -277,7 +279,8 @@ main(argc, argv) &my_creds, 0); } else { for (i=0; preauth_search_list[i] >= 0; i++) { - code = krb5_get_in_tkt_with_password(options, my_addresses, + code = krb5_get_in_tkt_with_password(kcontext, options, + my_addresses, preauth_search_list[i], ETYPE_DES_CBC_CRC, KEYTYPE_DES, @@ -292,7 +295,7 @@ main(argc, argv) memset(password, 0, sizeof(password)); } else { if (keytab != NULL) { - code = krb5_kt_get_entry(keytab, my_creds.client, 0, + code = krb5_kt_get_entry(kcontext, keytab, my_creds.client, 0, &kt_ent); if (code) { com_err(argv[0], code, "reading keytab entry %s", @@ -302,14 +305,16 @@ main(argc, argv) } if (preauth_type > 0) { - code = krb5_get_in_tkt_with_skey(options, my_addresses, + code = krb5_get_in_tkt_with_skey(kcontext, options, + my_addresses, preauth_type, ETYPE_DES_CBC_CRC, keytab ? &kt_ent.key : NULL, ccache, &my_creds, 0); } else { for (i=0; preauth_search_list[i] >= 0; i++) { - code = krb5_get_in_tkt_with_skey(options, my_addresses, + code = krb5_get_in_tkt_with_skey(kcontext, options, + my_addresses, preauth_search_list[i], ETYPE_DES_CBC_CRC, keytab ? &kt_ent.key : NULL, @@ -321,11 +326,11 @@ main(argc, argv) } if (keytab != NULL) - krb5_kt_free_entry(&kt_ent); + krb5_kt_free_entry(kcontext, &kt_ent); } - krb5_free_principal(server); - krb5_free_addresses(my_addresses); + krb5_free_principal(kcontext, server); + krb5_free_addresses(kcontext, my_addresses); if (code) { if (code == KRB5KRB_AP_ERR_BAD_INTEGRITY) diff --git a/src/clients/klist/ChangeLog b/src/clients/klist/ChangeLog index fe548fae5..5ae2f43a6 100644 --- a/src/clients/klist/ChangeLog +++ b/src/clients/klist/ChangeLog @@ -1,3 +1,7 @@ +Fri Jan 13 15:23:47 1995 Chris Provenzano (proven@mit.edu) + + * Added krb5_context to all krb5_routines + Mon Oct 3 19:14:09 1994 Theodore Y. Ts'o (tytso@dcl) * Makefile.in: Use $(srcdir) to find manual page for make install. diff --git a/src/clients/klist/klist.c b/src/clients/klist/klist.c index 188c406a0..e836af8e8 100644 --- a/src/clients/klist/klist.c +++ b/src/clients/klist/klist.c @@ -39,7 +39,9 @@ char *defname; time_t now; void -show_credential PROTOTYPE((krb5_creds *)); +show_credential + PROTOTYPE((krb5_context, + krb5_creds *)); void main(argc, argv) @@ -55,8 +57,9 @@ main(argc, argv) char *cache_name; krb5_principal princ; krb5_flags flags; + krb5_context kcontext; - krb5_init_ets(); + krb5_init_ets(kcontext); time(&now); @@ -74,7 +77,7 @@ main(argc, argv) if (cache == NULL) { cache_name = optarg; - code = krb5_cc_resolve (cache_name, &cache); + code = krb5_cc_resolve (kcontext, cache_name, &cache); if (code != 0) { com_err(progname, code, "while resolving %s", cache_name); errflg++; @@ -99,50 +102,50 @@ main(argc, argv) exit(2); } if (cache == NULL) { - if (code = krb5_cc_default(&cache)) { + if (code = krb5_cc_default(kcontext, &cache)) { com_err(progname, code, "while getting default ccache"); exit(1); } } flags = 0; /* turns off OPENCLOSE mode */ - if (code = krb5_cc_set_flags(cache, flags)) { + if (code = krb5_cc_set_flags(kcontext, cache, flags)) { if (code == ENOENT) { com_err(progname, code, "(ticket cache %s)", - krb5_cc_get_name(cache)); + krb5_cc_get_name(kcontext, cache)); } else com_err(progname, code, "while setting cache flags (ticket cache %s)", - krb5_cc_get_name(cache)); + krb5_cc_get_name(kcontext, cache)); exit(1); } - if (code = krb5_cc_get_principal(cache, &princ)) { + if (code = krb5_cc_get_principal(kcontext, cache, &princ)) { com_err(progname, code, "while retrieving principal name"); exit(1); } - if (code = krb5_unparse_name(princ, &defname)) { + if (code = krb5_unparse_name(kcontext, princ, &defname)) { com_err(progname, code, "while unparsing principal name"); exit(1); } printf("Ticket cache: %s\nDefault principal: %s\n\n", - krb5_cc_get_name(cache), defname); - if (code = krb5_cc_start_seq_get(cache, &cur)) { + krb5_cc_get_name(kcontext, cache), defname); + if (code = krb5_cc_start_seq_get(kcontext, cache, &cur)) { com_err(progname, code, "while starting to retrieve tickets"); exit(1); } fputs(" Valid starting Expires Service principal\n", stdout); - while (!(code = krb5_cc_next_cred(cache, &cur, &creds))) { - show_credential(&creds); - krb5_free_cred_contents(&creds); + while (!(code = krb5_cc_next_cred(kcontext, cache, &cur, &creds))) { + show_credential(kcontext, &creds); + krb5_free_cred_contents(kcontext, &creds); } if (code == KRB5_CC_END) { - if (code = krb5_cc_end_seq_get(cache, &cur)) { + if (code = krb5_cc_end_seq_get(kcontext, cache, &cur)) { com_err(progname, code, "while finishing ticket retrieval"); exit(1); } flags = KRB5_TC_OPENCLOSE; /* turns on OPENCLOSE mode */ - if (code = krb5_cc_set_flags(cache, flags)) { + if (code = krb5_cc_set_flags(kcontext, cache, flags)) { com_err(progname, code, "while closing ccache"); exit(1); } @@ -153,8 +156,9 @@ main(argc, argv) } } -char *flags_string(cred) -register krb5_creds *cred; +char * +flags_string(cred) + register krb5_creds *cred; { static char buf[32]; int i = 0; @@ -188,7 +192,8 @@ register krb5_creds *cred; static char *Month_names[] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" }; -void printtime(tv) +void +printtime(tv) time_t tv; { struct tm *stime; @@ -204,19 +209,20 @@ void printtime(tv) } void -show_credential(cred) -register krb5_creds *cred; +show_credential(kcontext, cred) + krb5_context kcontext; + register krb5_creds *cred; { krb5_error_code retval; char *name, *sname, *flags; int first = 1; - retval = krb5_unparse_name(cred->client, &name); + retval = krb5_unparse_name(kcontext, cred->client, &name); if (retval) { com_err(progname, retval, "while unparsing client name"); return; } - retval = krb5_unparse_name(cred->server, &sname); + retval = krb5_unparse_name(kcontext, cred->server, &sname); if (retval) { com_err(progname, retval, "while unparsing server name"); free(name); diff --git a/src/clients/ksu/ChangeLog b/src/clients/ksu/ChangeLog index 49208dccb..97123c9b4 100644 --- a/src/clients/ksu/ChangeLog +++ b/src/clients/ksu/ChangeLog @@ -1,3 +1,7 @@ +Fri Jan 13 15:23:47 1995 Chris Provenzano (proven@mit.edu) + + * Added krb5_context to all krb5_routines + Mon Oct 3 19:15:28 1994 Theodore Y. Ts'o (tytso@dcl) * Makefile.in: Use $(srcdir) to find manual page for make install. diff --git a/src/clients/ksu/authorization.c b/src/clients/ksu/authorization.c index d4a5fc90c..8d0ec90a7 100644 --- a/src/clients/ksu/authorization.c +++ b/src/clients/ksu/authorization.c @@ -62,9 +62,10 @@ return(TRUE); * */ -krb5_error_code krb5_authorization(principal, luser, local_realm_name, +krb5_error_code krb5_authorization(context, principal, luser, local_realm_name, cmd, ok, out_fcmd) /* IN */ + krb5_context context; krb5_principal principal; const char *luser; char *local_realm_name; @@ -90,7 +91,7 @@ krb5_error_code krb5_authorization(principal, luser, local_realm_name, return 0; } - if (retval = krb5_unparse_name(principal, &princname)){ + if (retval = krb5_unparse_name(context, principal, &princname)){ return retval; } @@ -196,7 +197,7 @@ krb5_error_code krb5_authorization(principal, luser, local_realm_name, if (!strcmp(local_realm_name, USE_DEFAULT_REALM_NAME)){ - if (retval = krb5_get_default_realm(&realm)) { + if (retval = krb5_get_default_realm(context, &realm)) { auth_cleanup(k5users_flag,users_fp, k5login_flag,login_fp, princname); free(kuser); @@ -206,8 +207,9 @@ krb5_error_code krb5_authorization(principal, luser, local_realm_name, } else{ realm = local_realm_name; } - if((! _username_an_to_ln(principal,strlen(princname), kuser, - realm)) && (strcmp(kuser,luser) == 0)){ + if((! _username_an_to_ln(context, principal, strlen(princname), + kuser, realm)) + && (strcmp(kuser,luser) == 0)){ retbool = TRUE; } @@ -734,7 +736,8 @@ return out_ptr; * null in the DBM datum.size. ********************************************************************/ static krb5_error_code -_dbm_an_to_ln(aname, lnsize, lname) +_dbm_an_to_ln(context, aname, lnsize, lname) + krb5_context context; krb5_const_principal aname; const int lnsize; char *lname; @@ -744,7 +747,7 @@ _dbm_an_to_ln(aname, lnsize, lname) datum key, contents; char *princ_name; - if (retval = krb5_unparse_name(aname, &princ_name)) + if (retval = krb5_unparse_name(context, aname, &princ_name)) return(retval); key.dptr = princ_name; key.dsize = strlen(princ_name)+1; /* need to store the NULL for @@ -783,7 +786,8 @@ _dbm_an_to_ln(aname, lnsize, lname) ************************************************************/ static krb5_error_code -_username_an_to_ln (aname, lnsize, lname, realm) +_username_an_to_ln (context, aname, lnsize, lname, realm) + krb5_context context; krb5_const_principal aname; const int lnsize; char *lname; @@ -792,19 +796,19 @@ _username_an_to_ln (aname, lnsize, lname, realm) krb5_error_code retval; int realm_length; - realm_length = krb5_princ_realm(aname)->length; + realm_length = krb5_princ_realm(context, aname)->length; if ((realm_length != strlen(realm)) || - (memcmp(realm, krb5_princ_realm(aname)->data, realm_length))) { + (memcmp(realm, krb5_princ_realm(context, aname)->data, realm_length))) { return KRB5_LNAME_NOTRANS; } - if (krb5_princ_size(aname) != 1) { - if (krb5_princ_size(aname) == 2 ) { + if (krb5_princ_size(context, aname) != 1) { + if (krb5_princ_size(context, aname) == 2 ) { /* Check to see if 2nd component is the local realm. */ - if ( strncmp(krb5_princ_component(aname,1)->data,realm, + if ( strncmp(krb5_princ_component(context, aname,1)->data,realm, realm_length) || - realm_length != krb5_princ_component(aname,1)->length) + realm_length != krb5_princ_component(context, aname,1)->length) return KRB5_LNAME_NOTRANS; } else @@ -813,12 +817,12 @@ _username_an_to_ln (aname, lnsize, lname, realm) return KRB5_LNAME_NOTRANS; } - strncpy(lname, krb5_princ_component(aname,0)->data, - min(krb5_princ_component(aname,0)->length,lnsize)); - if (lnsize < krb5_princ_component(aname,0)->length ) { + strncpy(lname, krb5_princ_component(context, aname,0)->data, + min(krb5_princ_component(context, aname,0)->length,lnsize)); + if (lnsize < krb5_princ_component(context, aname,0)->length ) { retval = KRB5_CONFIG_NOTENUFSPACE; } else { - lname[krb5_princ_component(aname,0)->length] = '\0'; + lname[krb5_princ_component(context, aname,0)->length] = '\0'; retval = 0; } return retval; diff --git a/src/clients/ksu/ccache.c b/src/clients/ksu/ccache.c index 33362b5c2..20bcbb241 100644 --- a/src/clients/ksu/ccache.c +++ b/src/clients/ksu/ccache.c @@ -43,9 +43,10 @@ void show_credential(); with k5 beta 3 release. */ -krb5_error_code krb5_ccache_copy (cc_def, cc_other_tag, primary_principal, - cc_out, stored) +krb5_error_code krb5_ccache_copy (context, cc_def, cc_other_tag, + primary_principal, cc_out, stored) /* IN */ + krb5_context context; krb5_ccache cc_def; char *cc_other_tag; krb5_principal primary_principal; @@ -64,34 +65,35 @@ struct stat st_temp; cc_other = (krb5_ccache *) calloc(1, sizeof (krb5_ccache)); - if( retval = krb5_cc_resolve(cc_other_tag, cc_other)){ + if( retval = krb5_cc_resolve(context, cc_other_tag, cc_other)){ com_err (prog_name, retval, "resolving ccache %s", cc_other_tag); return retval; } - cc_def_name = krb5_cc_get_name(cc_def); - cc_other_name = krb5_cc_get_name(*cc_other); + cc_def_name = krb5_cc_get_name(context, cc_def); + cc_other_name = krb5_cc_get_name(context, *cc_other); if ( ! stat(cc_def_name, &st_temp)){ - if(retval = krb5_get_nonexp_tkts( cc_def, &cc_def_creds_arr)){ + if(retval = krb5_get_nonexp_tkts(context, cc_def, &cc_def_creds_arr)){ return retval; } } - *stored = krb5_find_princ_in_cred_list(cc_def_creds_arr,primary_principal); + *stored = krb5_find_princ_in_cred_list(context, cc_def_creds_arr, + primary_principal); - if (retval = krb5_cc_initialize(*cc_other, primary_principal)){ + if (retval = krb5_cc_initialize(context, *cc_other, primary_principal)){ return retval; } - retval = krb5_store_all_creds(* cc_other, - cc_def_creds_arr, cc_other_creds_arr); + retval = krb5_store_all_creds(context, * cc_other, cc_def_creds_arr, + cc_other_creds_arr); if (cc_def_creds_arr){ while (cc_def_creds_arr[i]){ - krb5_free_creds(cc_def_creds_arr[i]); + krb5_free_creds(context, cc_def_creds_arr[i]); i++; } } @@ -100,7 +102,7 @@ struct stat st_temp; if(cc_other_creds_arr){ while (cc_other_creds_arr[i]){ - krb5_free_creds(cc_other_creds_arr[i]); + krb5_free_creds(context, cc_other_creds_arr[i]); i++; } } @@ -110,8 +112,8 @@ struct stat st_temp; } - -krb5_error_code krb5_store_all_creds(cc, creds_def, creds_other) +krb5_error_code krb5_store_all_creds(context, cc, creds_def, creds_other) + krb5_context context; krb5_ccache cc; krb5_creds **creds_def; krb5_creds **creds_other; @@ -136,7 +138,8 @@ krb5_boolean cmp; if (temp_creds){ while(temp_creds[i]){ - if (retval= krb5_cc_store_cred(cc, temp_creds[i])){ + if (retval= krb5_cc_store_cred(context, cc, + temp_creds[i])){ return retval; } i++; @@ -157,7 +160,7 @@ krb5_boolean cmp; j++; } if (cmp == FALSE){ - if (retval= krb5_cc_store_cred(cc, + if (retval= krb5_cc_store_cred(context, cc, creds_other[i])){ return retval; } @@ -167,7 +170,8 @@ krb5_boolean cmp; i=0; while(creds_def[i]){ - if (retval= krb5_cc_store_cred(cc, creds_def[i])){ + if (retval= krb5_cc_store_cred(context, cc, + creds_def[i])){ return retval; } i++; @@ -178,16 +182,17 @@ krb5_boolean cmp; return 0; } -krb5_boolean compare_creds(cred1, cred2) +krb5_boolean compare_creds(context, cred1, cred2) + krb5_context context; krb5_creds *cred1; krb5_creds *cred2; { krb5_boolean retval; - retval = krb5_principal_compare (cred1->client, cred2->client); + retval = krb5_principal_compare (context, cred1->client, cred2->client); if (retval == TRUE) - retval = krb5_principal_compare (cred1->server, cred2->server); + retval = krb5_principal_compare (context, cred1->server, cred2->server); return retval; } @@ -195,7 +200,8 @@ krb5_boolean retval; -krb5_error_code krb5_get_nonexp_tkts(cc, creds_array) +krb5_error_code krb5_get_nonexp_tkts(context, cc, creds_array) + krb5_context context; krb5_ccache cc; krb5_creds ***creds_array; { @@ -217,13 +223,13 @@ int chunk_count = 1; memset((char *) &creds, 0, sizeof(creds)); /* initialize the cursor */ - if (retval = krb5_cc_start_seq_get(cc, &cur)) { + if (retval = krb5_cc_start_seq_get(context, cc, &cur)) { return retval; } - while (!(retval = krb5_cc_next_cred(cc, &cur, &creds))){ + while (!(retval = krb5_cc_next_cred(context, cc, &cur, &creds))){ - if(retval = krb5_check_exp(creds.times)){ + if(retval = krb5_check_exp(context, creds.times)){ if (retval != KRB5KRB_AP_ERR_TKT_EXPIRED){ return retval; } @@ -236,7 +242,8 @@ int chunk_count = 1; } else { /* these credentials didn't expire */ - if (retval = krb5_copy_creds(&creds, &temp_creds[count])){ + if (retval = krb5_copy_creds(context, &creds, + &temp_creds[count])){ return retval; } count ++; @@ -256,7 +263,7 @@ int chunk_count = 1; *creds_array = temp_creds; if (retval == KRB5_CC_END) { - retval = krb5_cc_end_seq_get(cc, &cur); + retval = krb5_cc_end_seq_get(context, cc, &cur); } return retval; @@ -266,13 +273,14 @@ int chunk_count = 1; extern krb5_deltat krb5_clockskew; -krb5_error_code krb5_check_exp(tkt_time) +krb5_error_code krb5_check_exp(context, tkt_time) + krb5_context context; krb5_ticket_times tkt_time; { krb5_error_code retval =0; krb5_timestamp currenttime; - if (retval = krb5_timeofday (¤ttime)){ + if (retval = krb5_timeofday (context, ¤ttime)){ return retval; } if (auth_debug){ @@ -432,7 +440,8 @@ krb5_get_login_princ(luser, princ_list) void -show_credential(cred, cc) +show_credential(context, cred, cc) + krb5_context context; krb5_creds *cred; krb5_ccache cc; { @@ -443,23 +452,23 @@ show_credential(cred, cc) char * defname; int show_flags =1; - retval = krb5_unparse_name(cred->client, &name); + retval = krb5_unparse_name(context, cred->client, &name); if (retval) { com_err(prog_name, retval, "while unparsing client name"); return; } - retval = krb5_unparse_name(cred->server, &sname); + retval = krb5_unparse_name(context, cred->server, &sname); if (retval) { com_err(prog_name, retval, "while unparsing server name"); free(name); return; } - if (retval = krb5_cc_get_principal(cc, &princ)) { + if (retval = krb5_cc_get_principal(context, cc, &princ)) { com_err(prog_name, retval, "while retrieving principal name"); return; } - if (retval = krb5_unparse_name(princ, &defname)) { + if (retval = krb5_unparse_name(context, princ, &defname)) { com_err(prog_name, retval, "while unparsing principal name"); return; } @@ -509,7 +518,8 @@ int gen_sym(){ return i; } -krb5_error_code krb5_ccache_overwrite(ccs, cct, primary_principal) +krb5_error_code krb5_ccache_overwrite(context, ccs, cct, primary_principal) + krb5_context context; krb5_ccache ccs; krb5_ccache cct; krb5_principal primary_principal; @@ -522,33 +532,32 @@ krb5_creds ** ccs_creds_arr = NULL; int i=0; struct stat st_temp; - ccs_name = krb5_cc_get_name(ccs); - cct_name = krb5_cc_get_name(cct); + ccs_name = krb5_cc_get_name(context, ccs); + cct_name = krb5_cc_get_name(context, cct); if ( ! stat(ccs_name, &st_temp)){ - if(retval = krb5_get_nonexp_tkts( ccs, &ccs_creds_arr)){ + if(retval = krb5_get_nonexp_tkts(context, ccs, &ccs_creds_arr)){ return retval; } } if ( ! stat(cct_name, &st_temp)){ - if (retval = krb5_cc_get_principal(cct, &temp_principal)){ + if (retval = krb5_cc_get_principal(context, cct, &temp_principal)){ return retval; } }else{ temp_principal = primary_principal; } - if (retval = krb5_cc_initialize(cct, temp_principal)){ + if (retval = krb5_cc_initialize(context, cct, temp_principal)){ return retval; } - retval = krb5_store_all_creds(cct, - ccs_creds_arr, NULL); + retval = krb5_store_all_creds(context, cct, ccs_creds_arr, NULL); if (ccs_creds_arr){ while (ccs_creds_arr[i]){ - krb5_free_creds(ccs_creds_arr[i]); + krb5_free_creds(context, ccs_creds_arr[i]); i++; } } @@ -556,8 +565,9 @@ struct stat st_temp; return retval; } -krb5_error_code krb5_store_some_creds(cc, creds_def, creds_other, prst, +krb5_error_code krb5_store_some_creds(context, cc, creds_def, creds_other, prst, stored) + krb5_context context; krb5_ccache cc; krb5_creds **creds_def; krb5_creds **creds_other; @@ -583,10 +593,12 @@ krb5_boolean temp_stored = FALSE; if (temp_creds){ while(temp_creds[i]){ - if (krb5_principal_compare( temp_creds[i]->client, - prst)== TRUE){ + if (krb5_principal_compare(context, + temp_creds[i]->client, + prst)== TRUE) { - if(retval=krb5_cc_store_cred(cc,temp_creds[i])){ + if (retval = krb5_cc_store_cred(context, + cc,temp_creds[i])){ return retval; } temp_stored = TRUE; @@ -614,8 +626,9 @@ but I had to do it this way, since cc_remove function did not come with k5 beta 3 release. ************************************************************************/ -krb5_error_code krb5_ccache_copy_restricted (cc_def, cc_other_tag, prst, - cc_out, stored) +krb5_error_code krb5_ccache_copy_restricted (context, cc_def, cc_other_tag, + prst, cc_out, stored) + krb5_context context; krb5_ccache cc_def; char *cc_other_tag; krb5_principal prst; @@ -635,34 +648,34 @@ struct stat st_temp; cc_other = (krb5_ccache *) calloc(1, sizeof (krb5_ccache)); - if( retval = krb5_cc_resolve(cc_other_tag, cc_other)){ + if( retval = krb5_cc_resolve(context, cc_other_tag, cc_other)){ com_err (prog_name, retval, "resolving ccache %s", cc_other_tag); return retval; } - cc_def_name = krb5_cc_get_name(cc_def); - cc_other_name = krb5_cc_get_name(*cc_other); + cc_def_name = krb5_cc_get_name(context, cc_def); + cc_other_name = krb5_cc_get_name(context, *cc_other); if ( ! stat(cc_def_name, &st_temp)){ - if(retval = krb5_get_nonexp_tkts( cc_def, &cc_def_creds_arr)){ + if(retval = krb5_get_nonexp_tkts(context, cc_def, &cc_def_creds_arr)){ return retval; } } - if (retval = krb5_cc_initialize(*cc_other, prst)){ + if (retval = krb5_cc_initialize(context, *cc_other, prst)){ return retval; } - retval = krb5_store_some_creds(* cc_other, + retval = krb5_store_some_creds(context, * cc_other, cc_def_creds_arr, cc_other_creds_arr, prst, stored); if (cc_def_creds_arr){ while (cc_def_creds_arr[i]){ - krb5_free_creds(cc_def_creds_arr[i]); + krb5_free_creds(context, cc_def_creds_arr[i]); i++; } } @@ -671,7 +684,7 @@ struct stat st_temp; if(cc_other_creds_arr){ while (cc_other_creds_arr[i]){ - krb5_free_creds(cc_other_creds_arr[i]); + krb5_free_creds(context, cc_other_creds_arr[i]); i++; } } @@ -687,7 +700,8 @@ not available with beta3 release. ************************************************************/ -krb5_error_code krb5_ccache_refresh (cc) +krb5_error_code krb5_ccache_refresh (context, cc) + krb5_context context; krb5_ccache cc; { @@ -698,7 +712,7 @@ krb5_creds ** cc_creds_arr = NULL; char * cc_name; struct stat st_temp; - cc_name = krb5_cc_get_name(cc); + cc_name = krb5_cc_get_name(context, cc); if ( ! stat(cc_name, &st_temp)){ @@ -706,26 +720,25 @@ struct stat st_temp; fprintf(stderr,"Refreshing cache %s\n", cc_name); } - if(retval = krb5_get_nonexp_tkts( cc, &cc_creds_arr)){ + if(retval = krb5_get_nonexp_tkts(context, cc, &cc_creds_arr)){ return retval; } - if (retval = krb5_cc_get_principal(cc, &temp_principal)){ + if (retval = krb5_cc_get_principal(context, cc, &temp_principal)){ return retval; } - if (retval = krb5_cc_initialize(cc, temp_principal)){ + if (retval = krb5_cc_initialize(context, cc, temp_principal)){ return retval; } - if (retval = krb5_store_all_creds(cc, - cc_creds_arr, NULL)){ + if (retval = krb5_store_all_creds(context, cc, cc_creds_arr, NULL)){ return retval; } if (cc_creds_arr){ while (cc_creds_arr[i]){ - krb5_free_creds(cc_creds_arr[i]); + krb5_free_creds(context, cc_creds_arr[i]); i++; } } @@ -733,7 +746,8 @@ struct stat st_temp; return 0; } -krb5_error_code krb5_ccache_filter (cc, prst) +krb5_error_code krb5_ccache_filter (context, cc, prst) + krb5_context context; krb5_ccache cc; krb5_principal prst; { @@ -746,7 +760,7 @@ char * cc_name; krb5_boolean stored; struct stat st_temp; - cc_name = krb5_cc_get_name(cc); + cc_name = krb5_cc_get_name(context, cc); if ( ! stat(cc_name, &st_temp)){ @@ -754,25 +768,26 @@ struct stat st_temp; fprintf(stderr,"puting cache %s through a filter for -z option\n", cc_name); } - if(retval = krb5_get_nonexp_tkts( cc, &cc_creds_arr)){ + if(retval = krb5_get_nonexp_tkts(context, cc, &cc_creds_arr)){ return retval; } - if (retval = krb5_cc_get_principal(cc, &temp_principal)){ + if (retval = krb5_cc_get_principal(context, cc, &temp_principal)){ return retval; } - if (retval = krb5_cc_initialize(cc, temp_principal)){ + if (retval = krb5_cc_initialize(context, cc, temp_principal)){ return retval; } - if (retval = krb5_store_some_creds(cc,cc_creds_arr,NULL,prst,&stored)){ + if (retval = krb5_store_some_creds(context, cc, cc_creds_arr, + NULL, prst, &stored)){ return retval; } if (cc_creds_arr){ while (cc_creds_arr[i]){ - krb5_free_creds(cc_creds_arr[i]); + krb5_free_creds(context, cc_creds_arr[i]); i++; } } @@ -780,7 +795,8 @@ struct stat st_temp; return 0; } -krb5_boolean krb5_find_princ_in_cred_list (creds_list, princ) +krb5_boolean krb5_find_princ_in_cred_list (context, creds_list, princ) + krb5_context context; krb5_creds **creds_list; krb5_principal princ; { @@ -790,8 +806,9 @@ krb5_boolean temp_stored = FALSE; if (creds_list){ while(creds_list[i]){ - if (krb5_principal_compare( creds_list[i]->client, - princ)== TRUE){ + if (krb5_principal_compare(context, + creds_list[i]->client, + princ)== TRUE){ temp_stored = TRUE; break; } @@ -803,7 +820,8 @@ krb5_boolean temp_stored = FALSE; return temp_stored; } -krb5_error_code krb5_find_princ_in_cache (cc, princ, found) +krb5_error_code krb5_find_princ_in_cache (context, cc, princ, found) + krb5_context context; krb5_ccache cc; krb5_principal princ; krb5_boolean *found; @@ -813,14 +831,14 @@ krb5_creds ** creds_list = NULL; char * cc_name; struct stat st_temp; - cc_name = krb5_cc_get_name(cc); + cc_name = krb5_cc_get_name(context, cc); if ( ! stat(cc_name, &st_temp)){ - if(retval = krb5_get_nonexp_tkts( cc, &creds_list)){ + if(retval = krb5_get_nonexp_tkts(context, cc, &creds_list)){ return retval; } } - *found = krb5_find_princ_in_cred_list(creds_list, princ); + *found = krb5_find_princ_in_cred_list(context, creds_list, princ); return 0; } diff --git a/src/clients/ksu/heuristic.c b/src/clients/ksu/heuristic.c index 8ca5b7140..8059d50f0 100644 --- a/src/clients/ksu/heuristic.c +++ b/src/clients/ksu/heuristic.c @@ -321,7 +321,8 @@ A principal is picked that has the best chance of getting in. **********************************************************************/ -krb5_error_code get_closest_principal(plist, client, found) +krb5_error_code get_closest_principal(context, plist, client, found) + krb5_context context; char **plist; krb5_principal *client; krb5_boolean *found; @@ -335,35 +336,35 @@ krb5_boolean got_one; if (! plist ) return 0; - cnelem = krb5_princ_size(*client); + cnelem = krb5_princ_size(context, *client); while(plist[i]){ - if (retval = krb5_parse_name(plist[i], &temp_client)){ + if (retval = krb5_parse_name(context, plist[i], &temp_client)){ return retval; } - pnelem = krb5_princ_size(temp_client); + pnelem = krb5_princ_size(context, temp_client); if ( cnelem > pnelem){ i++; continue; } - if (krb5_princ_realm(*client)->length == - krb5_princ_realm(temp_client)->length - && (!memcmp (krb5_princ_realm(*client)->data, - krb5_princ_realm(temp_client)->data, - krb5_princ_realm(temp_client)->length))){ + if (krb5_princ_realm(context, *client)->length == + krb5_princ_realm(context, temp_client)->length + && (!memcmp (krb5_princ_realm(context, *client)->data, + krb5_princ_realm(context, temp_client)->data, + krb5_princ_realm(context, temp_client)->length))){ got_one = TRUE; for(j =0; j < cnelem; j ++){ krb5_data *p1 = - krb5_princ_component(*client, j); + krb5_princ_component(context, *client, j); krb5_data *p2 = - krb5_princ_component(temp_client, j); + krb5_princ_component(context, temp_client, j); if ((p1->length != p2->length) || memcmp(p1->data,p2->data,p1->length)){ @@ -373,8 +374,8 @@ krb5_boolean got_one; } if (got_one == TRUE){ if(best_client){ - if(krb5_princ_size(best_client) > - krb5_princ_size(temp_client)){ + if(krb5_princ_size(context, best_client) > + krb5_princ_size(context, temp_client)){ best_client = temp_client; } }else{ @@ -398,7 +399,8 @@ find_either_ticket checks to see whether there is a ticket for the end server or tgt, if neither is there the return FALSE, *****************************************************************/ -krb5_error_code find_either_ticket (cc, client, end_server, found) +krb5_error_code find_either_ticket (context, cc, client, end_server, found) + krb5_context context; krb5_ccache cc; krb5_principal client; krb5_principal end_server; @@ -411,7 +413,7 @@ krb5_boolean temp_found = FALSE; char * cc_source_name; struct stat st_temp; -cc_source_name = krb5_cc_get_name(cc); +cc_source_name = krb5_cc_get_name(context, cc); if ( ! stat(cc_source_name, &st_temp)){ @@ -421,8 +423,10 @@ if ( ! stat(cc_source_name, &st_temp)){ if (temp_found == FALSE){ - if (retval = krb5_tgtname( krb5_princ_realm (client), - krb5_princ_realm(client), &kdc_server)){ + if (retval = krb5_tgtname(context, + krb5_princ_realm(context, client), + krb5_princ_realm(context, client), + &kdc_server)){ return retval ; } @@ -443,7 +447,8 @@ if ( ! stat(cc_source_name, &st_temp)){ } -krb5_error_code find_ticket (cc, client, server, found) +krb5_error_code find_ticket (context, cc, client, server, found) + krb5_context context; krb5_ccache cc; krb5_principal client; krb5_principal server; @@ -458,18 +463,18 @@ krb5_error_code retval; memset((char *) &tgtq, 0, sizeof(tgtq)); memset((char *) &tgt, 0, sizeof(tgt)); - if (retval= krb5_copy_principal( client, &tgtq.client)){ + if (retval= krb5_copy_principal(context, client, &tgtq.client)){ return retval; } - if (retval= krb5_copy_principal( server, &tgtq.server)){ + if (retval= krb5_copy_principal(context, server, &tgtq.server)){ return retval ; } - retval = krb5_cc_retrieve_cred(cc, KRB5_TC_MATCH_SRV_NAMEONLY, + retval = krb5_cc_retrieve_cred(context, cc, KRB5_TC_MATCH_SRV_NAMEONLY, &tgtq, &tgt); - if (! retval) retval = krb5_check_exp(tgt.times); + if (! retval) retval = krb5_check_exp(context, tgt.times); if (retval){ if ((retval != KRB5_CC_NOTFOUND) && @@ -489,7 +494,8 @@ krb5_error_code retval; -krb5_error_code find_princ_in_list (princ, plist, found) +krb5_error_code find_princ_in_list (context, princ, plist, found) + krb5_context context; krb5_principal princ; char **plist; krb5_boolean *found; @@ -503,7 +509,7 @@ krb5_error_code retval; if (!plist) return 0; -if (retval = krb5_unparse_name(princ, &princname)){ +if (retval = krb5_unparse_name(context, princ, &princname)){ return retval; } @@ -532,10 +538,11 @@ path_out gets set to ... ***********************************************************************/ -krb5_error_code get_best_princ_for_target(source_uid, target_uid, +krb5_error_code get_best_princ_for_target(context, source_uid, target_uid, source_user, target_user, cc_source, options, cmd, hostname, client, path_out) + krb5_context context; int source_uid; int target_uid; char *source_user; @@ -570,19 +577,19 @@ if (options->princ){ return 0; } -cc_source_name = krb5_cc_get_name(cc_source); +cc_source_name = krb5_cc_get_name(context, cc_source); if ( ! stat(cc_source_name, &st_temp)){ - if (retval = krb5_cc_get_principal(cc_source, &cc_def_princ)){ + if (retval = krb5_cc_get_principal(context, cc_source, &cc_def_princ)){ return retval; } } -if (retval=krb5_parse_name(target_user, &target_client)){ +if (retval=krb5_parse_name(context, target_user, &target_client)){ return retval; } -if (retval=krb5_parse_name(source_user, &source_client)){ +if (retval=krb5_parse_name(context, source_user, &source_client)){ return retval; } @@ -651,7 +658,7 @@ if ( stat(k5login_path, &tb) && stat(k5users_path, &tb) ){ } } -if (retval = krb5_sname_to_principal(hostname, NULL, +if (retval = krb5_sname_to_principal(context, hostname, NULL, KRB5_NT_SRV_HST, &end_server)){ return retval; } @@ -705,7 +712,7 @@ for (i= 0; i < count; i ++){ i=0; while (aplist[i]){ - if (retval = krb5_parse_name(aplist[i], &temp_client)){ + if (retval = krb5_parse_name(context, aplist[i], &temp_client)){ return retval; } @@ -721,7 +728,7 @@ while (aplist[i]){ return 0; } - krb5_free_principal(temp_client); + krb5_free_principal(context, temp_client); i++; } @@ -747,7 +754,8 @@ for (i=0; i < count; i ++){ for (i=0; i < count; i ++){ if (princ_trials[i].p){ - if(retval=krb5_copy_principal(princ_trials[i].p, &temp_client)){ + if(retval=krb5_copy_principal(context, princ_trials[i].p, + &temp_client)){ return retval; } @@ -766,7 +774,7 @@ for (i=0; i < count; i ++){ } return 0; } - krb5_free_principal(temp_client); + krb5_free_principal(context, temp_client); } } diff --git a/src/clients/ksu/krb_auth_su.c b/src/clients/ksu/krb_auth_su.c index 4b32dbcc9..d7deb500b 100644 --- a/src/clients/ksu/krb_auth_su.c +++ b/src/clients/ksu/krb_auth_su.c @@ -27,6 +27,14 @@ #include "ksu.h" +static krb5_error_code krb5_verify_tkt_def + PROTOTYPE((krb5_context, + krb5_principal, + krb5_principal, + krb5_keyblock *, + krb5_data *, + krb5_ticket **)); + void plain_dump_principal (); krb5_data tgtname = { @@ -46,8 +54,9 @@ int preauth_search_list[] = { -krb5_boolean krb5_auth_check(client_pname, hostname, options, +krb5_boolean krb5_auth_check(context, client_pname, hostname, options, target_user, cc, path_passwd) + krb5_context context; krb5_principal client_pname; char *hostname; opt_info *options; @@ -70,7 +79,7 @@ krb5_boolean zero_password; memset((char *) &cred, 0, sizeof(cred)); - if (retval= krb5_copy_principal( client_pname, &client)){ + if (retval= krb5_copy_principal(context, client_pname, &client)){ com_err(prog_name, retval,"while copying client principal"); return (FALSE) ; } @@ -78,11 +87,11 @@ krb5_boolean zero_password; if (auth_debug) { dump_principal("krb5_auth_check: Client principal name", client); } - if ( retval = krb5_sname_to_principal(hostname, NULL, + if ( retval = krb5_sname_to_principal(context, hostname, NULL, KRB5_NT_SRV_HST, &server)){ com_err(prog_name, retval, "while creating server %s principal name", hostname); - krb5_free_principal(client); + krb5_free_principal(context, client); return (FALSE) ; } @@ -94,7 +103,7 @@ krb5_boolean zero_password; /* check if ticket is already in the cache, if it is then use it. */ - if( krb5_fast_auth(client, server, target_user, cc) == TRUE){ + if( krb5_fast_auth(context, client, server, target_user, cc) == TRUE){ if (auth_debug ){ fprintf (stderr,"Athenticated via fast_auth \n"); } @@ -103,24 +112,25 @@ krb5_boolean zero_password; /* check to see if the local tgt is in the cache */ - if (retval= krb5_copy_principal( client, &tgtq.client)){ + if (retval= krb5_copy_principal(context, client, &tgtq.client)){ com_err(prog_name, retval,"while copying client principal"); return (FALSE) ; } - if (retval = krb5_tgtname( krb5_princ_realm (client), krb5_princ_realm(client), + if (retval = krb5_tgtname(context, krb5_princ_realm (context, client), + krb5_princ_realm(context, client), &tgtq.server)){ com_err(prog_name, retval, "while creating tgt for local realm"); - krb5_free_principal(client); - krb5_free_principal(server); + krb5_free_principal(context, client); + krb5_free_principal(context, server); return (FALSE) ; } if (auth_debug){ dump_principal("local tgt principal name", tgtq.server ); } - retval = krb5_cc_retrieve_cred(cc, KRB5_TC_MATCH_SRV_NAMEONLY, + retval = krb5_cc_retrieve_cred(context, cc, KRB5_TC_MATCH_SRV_NAMEONLY, &tgtq, &tgt); - if (! retval) retval = krb5_check_exp(tgt.times); + if (! retval) retval = krb5_check_exp(context, tgt.times); if (retval){ if ((retval != KRB5_CC_NOTFOUND) && @@ -141,7 +151,7 @@ krb5_boolean zero_password; fprintf(stderr," in remotely using an unsecure (non-encrypted) channel. \n"); /*get the ticket granting ticket, via passwd(promt for passwd)*/ - if (krb5_get_tkt_via_passwd (&cc, client, tgtq.server, + if (krb5_get_tkt_via_passwd (context, &cc, client, tgtq.server, options, & zero_password) == FALSE){ return FALSE; } @@ -155,17 +165,17 @@ krb5_boolean zero_password; } - if (retval= krb5_copy_principal( client, &cred.client)){ + if (retval= krb5_copy_principal(context, client, &cred.client)){ com_err(prog_name, retval,"while copying client principal"); return (FALSE) ; } - if (retval= krb5_copy_principal( server, &cred.server)){ + if (retval= krb5_copy_principal(context, server, &cred.server)){ com_err(prog_name, retval,"while copying client principal"); return (FALSE) ; } - if (retval = krb5_get_cred_from_kdc(cc, &cred, &tgts)){ + if (retval = krb5_get_cred_from_kdc(context, cc, &cred, &tgts)){ com_err(prog_name, retval, "while geting credentials from kdc"); return (FALSE); } @@ -184,23 +194,23 @@ krb5_boolean zero_password; fprintf(stderr, "krb5_auth_check: went via multiple realms"); } while (tgts[i]){ - if (retval = krb5_cc_store_cred( cc, tgts[i])){ + if (retval = krb5_cc_store_cred(context, cc, tgts[i])) { com_err(prog_name, retval, "while storing credentials from cross-realm walk"); return (FALSE); } i++; } - krb5_free_tgt_creds(tgts); + krb5_free_tgt_creds(context, tgts); } - if (retval = krb5_verify_tkt_def(client, server, &cred.keyblock, + if (retval = krb5_verify_tkt_def(context, client, server,&cred.keyblock, &cred.ticket, &target_tkt)){ com_err(prog_name, retval, "while verifing ticket for server"); return (FALSE); } - if (retval = krb5_cc_store_cred( cc, &cred)){ + if (retval = krb5_cc_store_cred(context, cc, &cred)){ com_err(prog_name, retval, "While storing credentials"); return (FALSE); @@ -212,7 +222,8 @@ krb5_boolean zero_password; /* krb5_fast_auth checks if ticket for the end server is already in the cache, if it is, we don't need a tgt */ -krb5_boolean krb5_fast_auth(client, server, target_user, cc) +krb5_boolean krb5_fast_auth(context, client, server, target_user, cc) + krb5_context context; krb5_principal client; krb5_principal server; char *target_user; @@ -226,17 +237,17 @@ krb5_error_code retval; memset((char *) &tgtq, 0, sizeof(tgtq)); memset((char *) &tgt, 0, sizeof(tgt)); - if (retval= krb5_copy_principal( client, &tgtq.client)){ + if (retval= krb5_copy_principal(context, client, &tgtq.client)){ com_err(prog_name, retval,"while copying client principal"); return (FALSE) ; } - if (retval= krb5_copy_principal( server, &tgtq.server)){ + if (retval= krb5_copy_principal(context, server, &tgtq.server)){ com_err(prog_name, retval,"while copying client principal"); return (FALSE) ; } - if (retval = krb5_cc_retrieve_cred(cc, KRB5_TC_MATCH_SRV_NAMEONLY, + if (retval = krb5_cc_retrieve_cred(context, cc, KRB5_TC_MATCH_SRV_NAMEONLY, &tgtq, &tgt)){ if (auth_debug) com_err(prog_name, retval,"While Retrieving credentials"); @@ -244,7 +255,7 @@ krb5_error_code retval; } - if (retval = krb5_verify_tkt_def(client, server, &tgt.keyblock, + if (retval = krb5_verify_tkt_def(context, client, server, &tgt.keyblock, &tgt.ticket, &target_tkt)){ com_err(prog_name, retval, "while verifing ticket for server"); return (FALSE); @@ -253,10 +264,11 @@ krb5_error_code retval; return TRUE; } - - -krb5_error_code krb5_verify_tkt_def(client, server, cred_ses_key, scr_ticket, clear_ticket) +static krb5_error_code +krb5_verify_tkt_def(context, client, server, cred_ses_key, + scr_ticket, clear_ticket) /* IN */ + krb5_context context; krb5_principal client; krb5_principal server; krb5_keyblock *cred_ses_key; @@ -275,7 +287,7 @@ krb5_keyblock * tkt_ses_key; return retval; } - if (server && !krb5_principal_compare(server, tkt->server)){ + if (server && !krb5_principal_compare(context, server, tkt->server)){ return KRB5KRB_AP_WRONG_PRINC; } @@ -286,39 +298,39 @@ krb5_keyblock * tkt_ses_key; } /* get the default keytab */ - if( retval = krb5_kt_default(&keytabid)){ - krb5_free_ticket(tkt); + if( retval = krb5_kt_default(context, &keytabid)){ + krb5_free_ticket(context, tkt); return retval; } - if (retval = krb5_kt_get_entry(keytabid, server, - tkt->enc_part.kvno, &ktentry)){ - krb5_free_ticket(tkt); + if (retval = krb5_kt_get_entry(context, keytabid, server, + tkt->enc_part.kvno, &ktentry)){ + krb5_free_ticket(context, tkt); return retval; } - krb5_kt_close(keytabid); + krb5_kt_close(context, keytabid); - if ( retval = krb5_copy_keyblock(&ktentry.key, &tkt_key)){ - krb5_free_ticket(tkt); - krb5_kt_free_entry(&ktentry); + if ( retval = krb5_copy_keyblock(context, &ktentry.key, &tkt_key)){ + krb5_free_ticket(context, tkt); + krb5_kt_free_entry(context, &ktentry); return retval; } /* decrypt the ticket */ - if (retval = krb5_decrypt_tkt_part(tkt_key, tkt)) { - krb5_free_ticket(tkt); - krb5_kt_free_entry(&ktentry); - krb5_free_keyblock(tkt_key); + if (retval = krb5_decrypt_tkt_part(context, tkt_key, tkt)) { + krb5_free_ticket(context, tkt); + krb5_kt_free_entry(context, &ktentry); + krb5_free_keyblock(context, tkt_key); return(retval); } - if (!krb5_principal_compare(client, tkt->enc_part2->client)) { - krb5_free_ticket(tkt); - krb5_kt_free_entry(&ktentry); - krb5_free_keyblock(tkt_key); + if (!krb5_principal_compare(context, client, tkt->enc_part2->client)) { + krb5_free_ticket(context, tkt); + krb5_kt_free_entry(context, &ktentry); + krb5_free_keyblock(context, tkt_key); return KRB5KRB_AP_ERR_BADMATCH; } @@ -336,9 +348,9 @@ krb5_keyblock * tkt_ses_key; memcmp((char *)cred_ses_key->contents, (char *)tkt_ses_key->contents, cred_ses_key->length)) { - krb5_free_ticket(tkt); - krb5_kt_free_entry(&ktentry); - krb5_free_keyblock(tkt_key); + krb5_free_ticket(context, tkt); + krb5_kt_free_entry(context, &ktentry); + krb5_free_keyblock(context, tkt_key); return KRB5KRB_AP_ERR_BAD_INTEGRITY; } @@ -348,15 +360,16 @@ krb5_keyblock * tkt_ses_key; } *clear_ticket = tkt; - krb5_kt_free_entry(&ktentry); - krb5_free_keyblock(tkt_key); + krb5_kt_free_entry(context, &ktentry); + krb5_free_keyblock(context, tkt_key); return 0; } -krb5_boolean krb5_get_tkt_via_passwd (ccache, client, server, +krb5_boolean krb5_get_tkt_via_passwd (context, ccache, client, server, options, zero_password) + krb5_context context; krb5_ccache *ccache; krb5_principal client; krb5_principal server; @@ -375,19 +388,19 @@ krb5_boolean krb5_get_tkt_via_passwd (ccache, client, server, *zero_password = FALSE; - if (code = krb5_unparse_name(client, &client_name)) { + if (code = krb5_unparse_name(context, client, &client_name)) { com_err (prog_name, code, "when unparsing name"); return (FALSE); } memset((char *)&my_creds, 0, sizeof(my_creds)); - if (code = krb5_copy_principal(client, &my_creds.client)){ + if (code = krb5_copy_principal(context, client, &my_creds.client)){ com_err (prog_name, code, "while copying principal"); return (FALSE); } - if (code = krb5_copy_principal(server, &my_creds.server)){ + if (code = krb5_copy_principal(context, server, &my_creds.server)){ com_err (prog_name, code, "while copying principal"); return (FALSE); } @@ -399,7 +412,7 @@ krb5_boolean krb5_get_tkt_via_passwd (ccache, client, server, return (FALSE); } - if (code = krb5_timeofday(&now)) { + if (code = krb5_timeofday(context, &now)) { com_err(prog_name, code, "while getting time of day"); return (FALSE); } @@ -418,12 +431,12 @@ krb5_boolean krb5_get_tkt_via_passwd (ccache, client, server, pwsize = sizeof(password); - code = krb5_read_password(prompt, 0, password, &pwsize); + code = krb5_read_password(context, prompt, 0, password, &pwsize); if (code ) { com_err(prog_name, code, "while reading password for '%s'\n", client_name); memset(password, 0, sizeof(password)); - krb5_free_addresses(my_addresses); + krb5_free_addresses(context, my_addresses); return (FALSE); } @@ -431,13 +444,13 @@ krb5_boolean krb5_get_tkt_via_passwd (ccache, client, server, fprintf(stderr, "No password given\n"); *zero_password = TRUE; memset(password, 0, sizeof(password)); - krb5_free_addresses(my_addresses); + krb5_free_addresses(context, my_addresses); return (FALSE); } if (preauth_type > 0) { - code = krb5_get_in_tkt_with_password(options->opt, my_addresses, - preauth_type, + code = krb5_get_in_tkt_with_password(context, options->opt, + my_addresses, preauth_type, ETYPE_DES_CBC_CRC, KEYTYPE_DES, password, @@ -445,7 +458,8 @@ krb5_boolean krb5_get_tkt_via_passwd (ccache, client, server, &my_creds, 0); } else { for (i=0; preauth_search_list[i] >= 0; i++) { - code = krb5_get_in_tkt_with_password(options->opt, my_addresses, + code = krb5_get_in_tkt_with_password(context, options->opt, + my_addresses, preauth_search_list[i], ETYPE_DES_CBC_CRC, KEYTYPE_DES, @@ -460,7 +474,7 @@ krb5_boolean krb5_get_tkt_via_passwd (ccache, client, server, memset(password, 0, sizeof(password)); - krb5_free_addresses(my_addresses); + krb5_free_addresses(context, my_addresses); if (code) { if (code == KRB5KRB_AP_ERR_BAD_INTEGRITY) @@ -473,27 +487,29 @@ krb5_boolean krb5_get_tkt_via_passwd (ccache, client, server, } -void dump_principal (str, p) +void dump_principal (context, str, p) + krb5_context context; char *str; krb5_principal p; { char * stname; krb5_error_code retval; - if (retval = krb5_unparse_name(p, &stname)){ + if (retval = krb5_unparse_name(context, p, &stname)){ fprintf(stderr," %s while unparsing name \n", error_message(retval)); } fprintf(stderr, " %s: %s\n", str, stname ); } -void plain_dump_principal (p) +void plain_dump_principal (context, p) + krb5_context context; krb5_principal p; { char * stname; krb5_error_code retval; - if (retval = krb5_unparse_name(p, &stname)){ + if (retval = krb5_unparse_name(context, p, &stname)){ fprintf(stderr," %s while unparsing name \n", error_message(retval)); } @@ -576,8 +592,9 @@ convtime(p) return (r); } -krb5_error_code get_tgt_via_login_list(server, cc, k5login_plist, +krb5_error_code get_tgt_via_login_list(context, server, cc, k5login_plist, client, got_it) + krb5_context context; krb5_principal server; krb5_ccache cc; char **k5login_plist; @@ -597,27 +614,31 @@ krb5_error_code retval =0; memset((char *) &tgt, 0, sizeof(tgt)); while(k5login_plist[i]){ - if (retval = krb5_parse_name(k5login_plist[i], + if (retval = krb5_parse_name(context, k5login_plist[i], &temp_client)){ return retval; } - if (retval= krb5_copy_principal( temp_client, &tgtq.client)){ + if (retval= krb5_copy_principal(context, temp_client, + &tgtq.client)){ return retval ; } /* check to see if the local tgt is in the cache */ - if (retval = krb5_tgtname( krb5_princ_realm (temp_client), - krb5_princ_realm(temp_client), &tgtq.server)){ + if (retval = krb5_tgtname(context, + krb5_princ_realm(context, temp_client), + krb5_princ_realm(context, temp_client), + &tgtq.server)){ return retval ; } - retval = krb5_cc_retrieve_cred(cc, KRB5_TC_MATCH_SRV_NAMEONLY, + retval = krb5_cc_retrieve_cred(context, cc, + KRB5_TC_MATCH_SRV_NAMEONLY, &tgtq, &tgt); - if (! retval) retval = krb5_check_exp(tgt.times); + if (! retval) retval = krb5_check_exp(context, tgt.times); if (retval){ if ((retval != KRB5_CC_NOTFOUND) && @@ -650,7 +671,8 @@ A principal is picked that has the best chance of getting in. **********************************************************************/ -krb5_error_code get_best_principal(plist, client) +krb5_error_code get_best_principal(context, plist, client) + krb5_context context; char **plist; krb5_principal *client; { @@ -661,26 +683,26 @@ int i = 0, nelem; if (! plist ) return 0; - nelem = krb5_princ_size(*client); + nelem = krb5_princ_size(context, *client); while(plist[i]){ - if (retval = krb5_parse_name(plist[i], &temp_client)){ + if (retval = krb5_parse_name(context, plist[i], &temp_client)){ return retval; } - if (krb5_princ_realm(*client)->length == - krb5_princ_realm(temp_client)->length - && (!memcmp (krb5_princ_realm(*client)->data, - krb5_princ_realm(temp_client)->data, - krb5_princ_realm(temp_client)->length))){ + if (krb5_princ_realm(context, *client)->length == + krb5_princ_realm(context, temp_client)->length + && (!memcmp (krb5_princ_realm(context, *client)->data, + krb5_princ_realm(context, temp_client)->data, + krb5_princ_realm(context, temp_client)->length))){ if(nelem){ krb5_data *p1 = - krb5_princ_component(*client, 0); + krb5_princ_component(context, *client, 0); krb5_data *p2 = - krb5_princ_component(temp_client, 0); + krb5_princ_component(context, temp_client, 0); if ((p1->length == p2->length) && (!memcmp(p1->data,p2->data,p1->length))){ @@ -692,8 +714,8 @@ int i = 0, nelem; } if(best_client){ - if(krb5_princ_size(best_client) > - krb5_princ_size(temp_client)){ + if(krb5_princ_size(context, best_client) > + krb5_princ_size(context, temp_client)){ best_client = temp_client; } }else{ diff --git a/src/clients/ksu/ksu.h b/src/clients/ksu/ksu.h index 76e1928a6..013230fba 100644 --- a/src/clients/ksu/ksu.h +++ b/src/clients/ksu/ksu.h @@ -90,7 +90,6 @@ typedef struct opt_info{ extern krb5_boolean krb5_auth_check(); extern krb5_error_code get_best_principal(); extern void dump_principal (); -extern krb5_error_code krb5_verify_tkt_def(); extern krb5_boolean krb5_fast_auth(); extern krb5_boolean krb5_get_tkt_via_passwd (); extern int gen_sym(); diff --git a/src/clients/ksu/main.c b/src/clients/ksu/main.c index b376ccd6e..489c81941 100644 --- a/src/clients/ksu/main.c +++ b/src/clients/ksu/main.c @@ -79,6 +79,7 @@ int use_source_cache = 0; krb5_error_code retval = 0; krb5_principal client = NULL; krb5_ccache cc_target = NULL; +krb5_context ksu_context; char * cc_target_tag = NULL; char * target_user = NULL; char * source_user; @@ -121,7 +122,8 @@ char * dir_of_cc_source; params[1] = NULL; - krb5_init_ets(); /* initialize kerberos error tables */ + krb5_init_context(&ksu_context); + krb5_init_ets(ksu_context); /* initialize kerberos error tables */ #ifdef LOCAL_REALM local_realm_name = LOCAL_REALM ; @@ -170,7 +172,7 @@ char * dir_of_cc_source; switch (option) { case 'r': options.opt |= KDC_OPT_RENEWABLE; - retval = krb5_parse_lifetime(optarg, &options.rlife); + retval = krb5_parse_lifetime(ksu_context, optarg, &options.rlife); if (retval != 0 || options.rlife == 0) { fprintf(stderr, "Bad lifetime value (%s hours?)\n", optarg); errflg++; @@ -202,14 +204,14 @@ char * dir_of_cc_source; quiet =1; break; case 'l': - retval = krb5_parse_lifetime(optarg, &options.lifetime); + retval = krb5_parse_lifetime(ksu_context, optarg, &options.lifetime); if (retval != 0 || options.lifetime == 0) { fprintf(stderr, "Bad lifetime value (%s hours?)\n", optarg); errflg++; } break; case 'n': - if (retval = krb5_parse_name(optarg, &client)){ + if (retval = krb5_parse_name(ksu_context, optarg, &client)){ com_err(prog_name, retval, "when parsing name %s", optarg); errflg++; } @@ -373,12 +375,12 @@ char * dir_of_cc_source; /***********************************/ if (cc_source_tag == NULL){ - cc_source_tag = krb5_cc_default_name(); + cc_source_tag = krb5_cc_default_name(ksu_context); cc_source_tag_tmp = strchr(cc_source_tag, ':') + 1; } /* get a handle for the cache */ - if ( retval = krb5_cc_resolve(cc_source_tag, &cc_source)){ + if ( retval = krb5_cc_resolve(ksu_context, cc_source_tag, &cc_source)){ com_err(prog_name, retval,"while getting source cache"); exit(1); } @@ -395,7 +397,7 @@ char * dir_of_cc_source; } - if (retval= krb5_ccache_refresh(cc_source)){ + if (retval= krb5_ccache_refresh(ksu_context, cc_source)){ com_err(prog_name, retval, "while refreshing %s (source cache)", cc_source_tag); exit(1); @@ -404,10 +406,10 @@ char * dir_of_cc_source; } - if (retval = get_best_princ_for_target(source_uid,target_uid, source_user, - target_user, cc_source, &options, cmd, - localhostname, &client, &hp)){ - com_err(prog_name, retval, "while selecting the best principal"); + if (retval = get_best_princ_for_target(ksu_context, source_uid, + target_uid, source_user, target_user, cc_source, + &options, cmd, localhostname, &client, &hp)){ + com_err(prog_name,retval, "while selecting the best principal"); exit(1); } @@ -442,7 +444,8 @@ char * dir_of_cc_source; exit(1); } - if (retval = krb5_cc_initialize(cc_source, client)){ + if (retval = krb5_cc_initialize(ksu_context, cc_source, + client)){ com_err(prog_name, retval, "while initializing source cache"); exit(1); @@ -498,20 +501,20 @@ char * dir_of_cc_source; if ((source_uid == 0) && (target_uid != 0)) { - if (retval =krb5_ccache_copy_restricted( cc_source, + if (retval =krb5_ccache_copy_restricted(ksu_context, cc_source, cc_target_tag,client,&cc_target, &stored)){ com_err (prog_name, retval, "while copying cache %s to %s", - krb5_cc_get_name(cc_source),cc_target_tag); + krb5_cc_get_name(ksu_context, cc_source),cc_target_tag); exit(1); } } else{ - if (retval = krb5_ccache_copy(cc_source, cc_target_tag, + if (retval = krb5_ccache_copy(ksu_context, cc_source, cc_target_tag, client,&cc_target, &stored)){ com_err (prog_name, retval, "while copying cache %s to %s", - krb5_cc_get_name(cc_source), + krb5_cc_get_name(ksu_context, cc_source), cc_target_tag); exit(1); } @@ -524,7 +527,7 @@ char * dir_of_cc_source; cc_target_tag = cc_source_tag; cc_target_tag_tmp = cc_source_tag_tmp; - if(retval=krb5_find_princ_in_cache(cc_target,client, &stored)){ + if(retval=krb5_find_princ_in_cache(ksu_context, cc_target,client, &stored)){ com_err (prog_name, retval, "while searching for client in source ccache"); exit(1); @@ -534,24 +537,25 @@ char * dir_of_cc_source; if ((source_uid == 0) || (target_uid == source_uid)){ #ifdef GET_TGT_VIA_PASSWD if ((!all_rest_copy) && options.princ && (stored == FALSE)){ - if (retval = krb5_tgtname(krb5_princ_realm (client), - krb5_princ_realm(client), + if (retval = krb5_tgtname(ksu_context, + krb5_princ_realm (ksu_context, client), + krb5_princ_realm(ksu_context, client), &kdc_server)){ com_err(prog_name, retval, "while creating tgt for local realm"); - sweep_up(use_source_cache, cc_target); + sweep_up(ksu_context, use_source_cache, cc_target); exit(1); } fprintf(stderr,"WARNING: Your password may be exposed if you enter it here and are logged \n"); fprintf(stderr," in remotely using an unsecure (non-encrypted) channel.\n"); - if (krb5_get_tkt_via_passwd (&cc_target, client, + if (krb5_get_tkt_via_passwd (ksu_context, &cc_target, client, kdc_server, &options, &zero_password) == FALSE){ if (zero_password == FALSE){ fprintf(stderr,"Goodbye\n"); - sweep_up(use_source_cache, + sweep_up(ksu_context, use_source_cache, cc_target); exit(1); } @@ -572,7 +576,7 @@ char * dir_of_cc_source; if (source_uid && (source_uid != target_uid)) { char * client_name; - auth_val = krb5_auth_check(client, localhostname, &options, + auth_val = krb5_auth_check(ksu_context, client, localhostname, &options, target_user,cc_target, &path_passwd); @@ -582,20 +586,20 @@ char * dir_of_cc_source; syslog(LOG_WARNING, "'%s %s' authentication failed for %s%s", prog_name,target_user,source_user,ontty()); - sweep_up(use_source_cache, cc_target); + sweep_up(ksu_context, use_source_cache, cc_target); exit(1); } /* cache the tickets if possible in the source cache */ if (!path_passwd && !use_source_cache){ - if (retval = krb5_ccache_overwrite(cc_target, cc_source, + if (retval = krb5_ccache_overwrite(ksu_context, cc_target, cc_source, client)){ com_err (prog_name, retval, "while copying cache %s to %s", - krb5_cc_get_name(cc_target), - krb5_cc_get_name(cc_source)); - sweep_up(use_source_cache, cc_target); + krb5_cc_get_name(ksu_context, cc_target), + krb5_cc_get_name(ksu_context, cc_source)); + sweep_up(ksu_context, use_source_cache, cc_target); exit(1); } if (chown(cc_source_tag_tmp, source_uid, source_gid)){ @@ -606,9 +610,9 @@ char * dir_of_cc_source; } } - if (retval = krb5_unparse_name(client, &client_name)) { + if (retval = krb5_unparse_name(ksu_context, client, &client_name)) { com_err (prog_name, retval, "When unparsing name"); - sweep_up(use_source_cache, cc_target); + sweep_up(ksu_context, use_source_cache, cc_target); exit(1); } @@ -617,10 +621,10 @@ char * dir_of_cc_source; prog_name,target_user,client_name, source_user,ontty()); - if(retval = krb5_authorization(client,target_user, + if(retval = krb5_authorization(ksu_context, client,target_user, local_realm_name, cmd, &authorization_val, &exec_cmd)){ com_err(prog_name,retval,"while checking authorization"); - sweep_up(use_source_cache, cc_target); + sweep_up(ksu_context, use_source_cache, cc_target); exit(1); } @@ -666,21 +670,21 @@ char * dir_of_cc_source; } - sweep_up(use_source_cache, cc_target); + sweep_up(ksu_context, use_source_cache, cc_target); exit(1); } } if( some_rest_copy){ - if (retval = krb5_ccache_filter(cc_target, client)){ + if (retval = krb5_ccache_filter(ksu_context, cc_target, client)){ com_err(prog_name,retval,"while calling cc_filter"); - sweep_up(use_source_cache, cc_target); + sweep_up(ksu_context, use_source_cache, cc_target); exit(1); } } if (all_rest_copy){ - if (retval = krb5_cc_initialize(cc_target, client)){ + if (retval = krb5_cc_initialize(ksu_context, cc_target, client)){ com_err(prog_name, retval, "while erasing target cache"); exit(1); @@ -703,7 +707,7 @@ char * dir_of_cc_source; if (!standard_shell(target_pwd->pw_shell) && source_uid) { fprintf(stderr, "ksu: permission denied (shell).\n"); - sweep_up(use_source_cache, cc_target); + sweep_up(ksu_context, use_source_cache, cc_target); exit(1); } #endif /* HAS_GETUSERSHELL */ @@ -712,20 +716,20 @@ char * dir_of_cc_source; if(set_env_var("USER", target_pwd->pw_name)){ fprintf(stderr,"ksu: couldn't set environment variable USER\n"); - sweep_up(use_source_cache, cc_target); + sweep_up(ksu_context, use_source_cache, cc_target); exit(1); } } if(set_env_var( "HOME", target_pwd->pw_dir)){ fprintf(stderr,"ksu: couldn't set environment variable USER\n"); - sweep_up(use_source_cache, cc_target); + sweep_up(ksu_context, use_source_cache, cc_target); exit(1); } if(set_env_var( "SHELL", shell)){ fprintf(stderr,"ksu: couldn't set environment variable USER\n"); - sweep_up(use_source_cache, cc_target); + sweep_up(ksu_context, use_source_cache, cc_target); exit(1); } @@ -734,7 +738,7 @@ char * dir_of_cc_source; if(set_env_var( KRB5_ENV_CCNAME, cc_target_tag)){ fprintf(stderr,"ksu: couldn't set environment variable %s \n", KRB5_ENV_CCNAME); - sweep_up(use_source_cache, cc_target); + sweep_up(ksu_context, use_source_cache, cc_target); exit(1); } @@ -746,7 +750,7 @@ char * dir_of_cc_source; if (chown(cc_target_tag_tmp, target_uid, target_gid)){ com_err(prog_name, errno, "while changing owner for %s", cc_target_tag_tmp); - sweep_up(use_source_cache, cc_target); + sweep_up(ksu_context, use_source_cache, cc_target); exit(1); } @@ -755,14 +759,14 @@ char * dir_of_cc_source; /* set permissions */ if (setgid(target_pwd->pw_gid) < 0) { perror("ksu: setgid"); - sweep_up(use_source_cache, cc_target); + sweep_up(ksu_context, use_source_cache, cc_target); exit(1); } if (initgroups(target_user, target_pwd->pw_gid)) { fprintf(stderr, "ksu: initgroups failed.\n"); - sweep_up(use_source_cache, cc_target); + sweep_up(ksu_context, use_source_cache, cc_target); exit(1); } @@ -776,7 +780,7 @@ char * dir_of_cc_source; if (setuid(target_pwd->pw_uid) < 0) { perror("ksu: setuid"); - sweep_up(use_source_cache, cc_target); + sweep_up(ksu_context, use_source_cache, cc_target); exit(1); } @@ -812,7 +816,7 @@ char * dir_of_cc_source; execv(params[0], params); com_err(prog_name, errno, "while trying to execv %s", params[0]); - sweep_up(use_source_cache, cc_target); + sweep_up(ksu_context, use_source_cache, cc_target); exit(1); }else{ if (child_pid = fork()){ @@ -825,7 +829,7 @@ char * dir_of_cc_source; com_err(prog_name, errno, "while calling waitpid"); exit(1); } - sweep_up(use_source_cache, cc_target); + sweep_up(ksu_context, use_source_cache, cc_target); if (auth_debug){ printf("The exit status of the child is %d\n", @@ -885,7 +889,8 @@ char * env_var_buf; } -void sweep_up(use_source_cache, cc) +void sweep_up(context, use_source_cache, cc) + krb5_context context; int use_source_cache; krb5_ccache cc; { @@ -894,9 +899,9 @@ char * cc_name; struct stat st_temp; if (! use_source_cache){ - cc_name = krb5_cc_get_name(cc); + cc_name = krb5_cc_get_name(context, cc); if ( ! stat(cc_name, &st_temp)){ - if (retval = krb5_cc_destroy(cc)){ + if (retval = krb5_cc_destroy(context, cc)){ com_err(prog_name, retval, "while destroying cache"); } |