diff options
| author | Greg Hudson <ghudson@mit.edu> | 2013-03-24 01:28:13 -0400 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2013-03-24 01:28:13 -0400 |
| commit | 6c8fed1bb850b92d471b0741a452bb56354fc0e9 (patch) | |
| tree | e170a09d8457a58976562d1b0f369348d2198416 /src | |
| parent | 81fde7e475b02986c1aff88766cc48882004d5dc (diff) | |
| download | krb5-6c8fed1bb850b92d471b0741a452bb56354fc0e9.tar.gz krb5-6c8fed1bb850b92d471b0741a452bb56354fc0e9.tar.xz krb5-6c8fed1bb850b92d471b0741a452bb56354fc0e9.zip | |
Move a bunch of stuff out of k5-int.h
Move internal declarations from k5-int.h to more localized headers
(like int-proto.h) where appropriate. Rename many symbols whose
prototypes were moved to use the k5_ prefix instead of krb5int_.
Remove some unused declarations or move them to the single source file
they were needed in. Remove krb5_creds_compare since it isn't used
any more.
Diffstat (limited to 'src')
60 files changed, 455 insertions, 728 deletions
diff --git a/src/include/k5-int.h b/src/include/k5-int.h index ed9f255a7..a8c1028c2 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -570,27 +570,8 @@ krb5_error_code krb5_unlock_file(krb5_context, int); krb5_error_code krb5_sendto_kdc(krb5_context, const krb5_data *, const krb5_data *, krb5_data *, int *, int); -krb5_error_code krb5_create_secure_file(krb5_context, const char * pathname); -krb5_error_code krb5_sync_disk_file(krb5_context, FILE *fp); - krb5_error_code krb5int_init_context_kdc(krb5_context *); -krb5_error_code krb5_os_init_context(krb5_context context, profile_t profile, - krb5_flags flags); - -void krb5_os_free_context(krb5_context); - -/* This function is needed by KfM's KerberosPreferences API - * because it needs to be able to specify "secure" */ -krb5_error_code -os_get_default_config_files(profile_filespec_t **pfiles, krb5_boolean secure); - -krb5_error_code -krb5_os_hostaddr(krb5_context, const char *, krb5_address ***); - -krb5_error_code -krb5int_get_domain_realm_mapping(krb5_context , const char *, char ***); - struct derived_key { krb5_data constant; krb5_key dkey; @@ -699,22 +680,8 @@ krb5_error_code krb5int_c_copy_keyblock_contents(krb5_context context, const krb5_keyblock *from, krb5_keyblock *to); -#ifdef KRB5_OLD_CRYPTO -/* old provider api */ - -krb5_error_code krb5_crypto_os_localaddr(krb5_address ***); - krb5_error_code krb5_crypto_us_timeofday(krb5_int32 *, krb5_int32 *); -#endif /* KRB5_OLD_CRYPTO */ - -/* this helper fct is in libkrb5, but it makes sense declared here. */ - -krb5_error_code -krb5_encrypt_keyhelper(krb5_context context, krb5_key key, - krb5_keyusage keyusage, const krb5_data *plain, - krb5_enc_data *cipher); - /* * End "los-proto.h" */ @@ -727,12 +694,6 @@ typedef struct _krb5_os_context { char * default_ccname; } *krb5_os_context; -/* Get the current time of day plus a specified offset. */ -krb5_error_code k5_time_with_offset(krb5_timestamp offset, - krb5_int32 offset_usec, - krb5_timestamp *time_out, - krb5_int32 *usec_out); - /* * Flags for the os_flags field * @@ -757,23 +718,6 @@ krb5_error_code k5_time_with_offset(krb5_timestamp offset, #define KRB5_LOCKMODE_UNLOCK 0x0008 /* - * Define our view of the size of a DES key. - */ -#define KRB5_MIT_DES_KEYSIZE 8 -#define KRB5_MIT_DES3_KEYSIZE 24 -#define KRB5_MIT_DES3_KEY_BYTES 21 - -/* - * Check if des_int.h has been included before us. If so, then check to see - * that our view of the DES key size is the same as des_int.h's. - */ -#ifdef MIT_DES_KEYSIZE -#if MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE -error(MIT_DES_KEYSIZE does not equal KRB5_MIT_DES_KEYSIZE) -#endif /* MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE */ -#endif /* MIT_DES_KEYSIZE */ - -/* * Begin "preauth.h" * * (Originally written by Glen Machin at Sandia Labs.) @@ -786,20 +730,6 @@ error(MIT_DES_KEYSIZE does not equal KRB5_MIT_DES_KEYSIZE) #ifndef KRB5_PREAUTH__ #define KRB5_PREAUTH__ -#include <krb5/clpreauth_plugin.h> - -typedef struct k5_response_items_st k5_response_items; -struct krb5_responder_context_st { - k5_response_items *items; -}; - -typedef krb5_error_code -(*krb5_gic_get_as_key_fct)(krb5_context, krb5_principal, krb5_enctype, - krb5_prompter_fct, void *prompter_data, - krb5_data *salt, krb5_data *s2kparams, - krb5_keyblock *as_key, void *gak_data, - k5_response_items *ritems); - typedef struct _krb5_pa_enc_ts { krb5_timestamp patimestamp; krb5_int32 pausec; @@ -897,168 +827,23 @@ typedef struct _krb5_iakerb_finished { krb5_checksum checksum; } krb5_iakerb_finished; -typedef krb5_error_code -(*krb5_preauth_obtain_proc)(krb5_context, krb5_pa_data *, - krb5_etype_info, krb5_keyblock *, - krb5_error_code (*)(krb5_context, - const krb5_enctype, - krb5_data *, - krb5_const_pointer, - krb5_keyblock **), - krb5_const_pointer, krb5_creds *, - krb5_kdc_req *, krb5_pa_data **); - -typedef krb5_error_code -(*krb5_preauth_process_proc)(krb5_context, krb5_pa_data *, krb5_kdc_req *, - krb5_kdc_rep *, - krb5_error_code (*)(krb5_context, - const krb5_enctype, - krb5_data *, - krb5_const_pointer, - krb5_keyblock **), - krb5_const_pointer, - krb5_error_code (*)(krb5_context, - const krb5_keyblock *, - krb5_const_pointer, - krb5_kdc_rep * ), - krb5_keyblock **, krb5_creds *, krb5_int32 *, - krb5_int32 *); - -typedef struct _krb5_preauth_ops { - krb5_magic magic; - int type; - int flags; - krb5_preauth_obtain_proc obtain; - krb5_preauth_process_proc process; -} krb5_preauth_ops; - krb5_pa_data * krb5int_find_pa_data(krb5_context, krb5_pa_data *const *, krb5_preauthtype); /* Does not return a copy; original padata sequence responsible for freeing*/ void krb5_free_etype_info(krb5_context, krb5_etype_info); -/* - * Preauthentication property flags - */ -#define KRB5_PREAUTH_FLAGS_ENCRYPT 0x00000001 -#define KRB5_PREAUTH_FLAGS_HARDWARE 0x00000002 - #endif /* KRB5_PREAUTH__ */ /* * End "preauth.h" */ -/* - * Extending the krb5_get_init_creds_opt structure. The original - * krb5_get_init_creds_opt structure is defined publicly. The - * new extended version is private. The original interface - * assumed a pre-allocated structure which was passed to - * krb5_get_init_creds_init(). The new interface assumes that - * the caller will call krb5_get_init_creds_alloc() and - * krb5_get_init_creds_free(). - * - * Callers MUST NOT call krb5_get_init_creds_init() after allocating an - * opts structure using krb5_get_init_creds_alloc(). To do so will - * introduce memory leaks. Unfortunately, there is no way to enforce - * this behavior. - * - * Two private flags are added for backward compatibility. - * KRB5_GET_INIT_CREDS_OPT_EXTENDED says that the structure was allocated - * with the new krb5_get_init_creds_opt_alloc() function. - * KRB5_GET_INIT_CREDS_OPT_SHADOWED is set to indicate that the extended - * structure is a shadow copy of an original krb5_get_init_creds_opt - * structure. - * If KRB5_GET_INIT_CREDS_OPT_SHADOWED is set after a call to - * krb5int_gic_opt_to_opte(), the resulting extended structure should be - * freed (using krb5_get_init_creds_free). Otherwise, the original - * structure was already extended and there is no need to free it. - */ - -#define KRB5_GET_INIT_CREDS_OPT_EXTENDED 0x80000000 -#define KRB5_GET_INIT_CREDS_OPT_SHADOWED 0x40000000 - -#define krb5_gic_opt_is_extended(s) \ - ((s) && ((s)->flags & KRB5_GET_INIT_CREDS_OPT_EXTENDED) ? 1 : 0) -#define krb5_gic_opt_is_shadowed(s) \ - ((s) && ((s)->flags & KRB5_GET_INIT_CREDS_OPT_SHADOWED) ? 1 : 0) - - -typedef struct _krb5_gic_opt_private { - int num_preauth_data; - krb5_gic_opt_pa_data *preauth_data; - char * fast_ccache_name; - krb5_ccache in_ccache; - krb5_ccache out_ccache; - krb5_flags fast_flags; - krb5_expire_callback_func expire_cb; - void *expire_data; - krb5_responder_fn responder; - void *responder_data; -} krb5_gic_opt_private; - -/* - * On the Mac, ensure that the layout of krb5_gic_opt_ext matches that - * of krb5_get_init_creds_opt. - */ -#if TARGET_OS_MAC -# pragma pack(push,2) -#endif - -typedef struct _krb5_gic_opt_ext { - krb5_flags flags; - krb5_deltat tkt_life; - krb5_deltat renew_life; - int forwardable; - int proxiable; - krb5_enctype *etype_list; - int etype_list_length; - krb5_address **address_list; - krb5_preauthtype *preauth_list; - int preauth_list_length; - krb5_data *salt; - /* - * Do not change anything above this point in this structure. - * It is identical to the public krb5_get_init_creds_opt structure. - * New members must be added below. - */ - krb5_gic_opt_private *opt_private; -} krb5_gic_opt_ext; - -#if TARGET_OS_MAC -# pragma pack(pop) -#endif - -krb5_error_code -krb5int_gic_opt_to_opte(krb5_context context, krb5_get_init_creds_opt *opt, - krb5_gic_opt_ext **opte, unsigned int force, - const char *where); - krb5_error_code krb5int_copy_data_contents(krb5_context, const krb5_data *, krb5_data *); krb5_error_code krb5int_copy_data_contents_add0(krb5_context, const krb5_data *, krb5_data *); -krb5_error_code -krb5int_copy_creds_contents(krb5_context, const krb5_creds *, krb5_creds *); - -krb5_error_code KRB5_CALLCONV -krb5int_get_init_creds(krb5_context context, krb5_creds *creds, - krb5_principal client, krb5_prompter_fct prompter, - void *prompter_data, krb5_deltat start_time, - const char *in_tkt_service, - krb5_get_init_creds_opt *options, - krb5_gic_get_as_key_fct gak, void *gak_data, - int *master, krb5_kdc_rep **as_reply); - -krb5_error_code -krb5int_populate_gic_opt (krb5_context, krb5_get_init_creds_opt **, - krb5_flags options, krb5_address *const *addrs, - krb5_enctype *ktypes, - krb5_preauthtype *pre_auth_types, krb5_creds *creds); - - void KRB5_CALLCONV krb5_free_sam_challenge_2(krb5_context, krb5_sam_challenge_2 *); @@ -1100,9 +885,6 @@ krb5_free_pa_s4u_x509_user(krb5_context, krb5_pa_s4u_x509_user *); void KRB5_CALLCONV krb5_free_pa_pac_req(krb5_context, krb5_pa_pac_req * ); -void KRB5_CALLCONV -krb5_free_etype_list(krb5_context, krb5_etype_list * ); - void KRB5_CALLCONV krb5_free_fast_armor(krb5_context, krb5_fast_armor *); void KRB5_CALLCONV krb5_free_fast_armored_req(krb5_context, krb5_fast_armored_req *); @@ -1961,57 +1743,11 @@ krb5_ser_unpack_bytes(krb5_octet *, size_t, krb5_octet **, size_t *); krb5_error_code KRB5_CALLCONV krb5int_cc_default(krb5_context, krb5_ccache *); -krb5_error_code KRB5_CALLCONV -krb5_cc_retrieve_cred_default(krb5_context, krb5_ccache, krb5_flags, - krb5_creds *, krb5_creds *); - -krb5_error_code -krb5int_build_conf_principals(krb5_context context, krb5_ccache id, - krb5_const_principal principal, - const char *name, krb5_creds *cred); - -krb5_boolean KRB5_CALLCONV -krb5_creds_compare(krb5_context in_context, krb5_creds *in_creds, - krb5_creds *in_compare_creds); - -void -krb5int_set_prompt_types(krb5_context, krb5_prompt_type *); - -krb5_error_code -krb5int_generate_and_save_subkey(krb5_context, krb5_auth_context, - krb5_keyblock * /* Old keyblock, not new! */, - krb5_enctype); - -struct srv_dns_entry { - struct srv_dns_entry *next; - int priority; - int weight; - unsigned short port; - char *host; -}; - -#define MAX_DNS_NAMELEN (15*(MAXHOSTNAMELEN + 1)+1) - -#ifdef KRB5_DNS_LOOKUP -krb5_error_code -krb5int_make_srv_query_realm(const krb5_data *realm, - const char *service, - const char *protocol, - struct srv_dns_entry **answers); -void krb5int_free_srv_dns_data(struct srv_dns_entry *); -#endif - /* value to use when requesting a keytab entry and KVNO doesn't matter */ #define IGNORE_VNO 0 /* value to use when requesting a keytab entry and enctype doesn't matter */ #define IGNORE_ENCTYPE 0 -/* - * Convenience function for structure magic number - */ -#define KRB5_VERIFY_MAGIC(structure,magic_number) \ - if ((structure)->magic != (magic_number)) return (magic_number); - /* to keep lint happy */ #define krb5_xfree(val) free((char *)(val)) @@ -2146,82 +1882,6 @@ typedef struct _krb5int_access { krb5_error_code KRB5_CALLCONV krb5int_accessor(krb5int_access*, krb5_int32); -/* Ick -- some krb524 and krb4 support placed in the krb5 library, - because AFS (and potentially other applications?) use the krb4 - object as an opaque token, which (in some implementations) is not - in fact a krb4 ticket, so we don't want to drag in the krb4 support - just to enable this. */ - -#define KRB524_SERVICE "krb524" -#define KRB524_PORT 4444 - -/* temporary -- this should be under lib/krb5/ccache somewhere */ - -struct _krb5_ccache { - krb5_magic magic; - const struct _krb5_cc_ops *ops; - krb5_pointer data; -}; - -/* - * Per-type ccache cursor. - */ -struct krb5_cc_ptcursor_s { - const struct _krb5_cc_ops *ops; - krb5_pointer data; -}; -typedef struct krb5_cc_ptcursor_s *krb5_cc_ptcursor; - -struct _krb5_cc_ops { - krb5_magic magic; - char *prefix; - const char * (KRB5_CALLCONV *get_name)(krb5_context, krb5_ccache); - krb5_error_code (KRB5_CALLCONV *resolve)(krb5_context, krb5_ccache *, - const char *); - krb5_error_code (KRB5_CALLCONV *gen_new)(krb5_context, krb5_ccache *); - krb5_error_code (KRB5_CALLCONV *init)(krb5_context, krb5_ccache, - krb5_principal); - krb5_error_code (KRB5_CALLCONV *destroy)(krb5_context, krb5_ccache); - krb5_error_code (KRB5_CALLCONV *close)(krb5_context, krb5_ccache); - krb5_error_code (KRB5_CALLCONV *store)(krb5_context, krb5_ccache, - krb5_creds *); - krb5_error_code (KRB5_CALLCONV *retrieve)(krb5_context, krb5_ccache, - krb5_flags, krb5_creds *, - krb5_creds *); - krb5_error_code (KRB5_CALLCONV *get_princ)(krb5_context, krb5_ccache, - krb5_principal *); - krb5_error_code (KRB5_CALLCONV *get_first)(krb5_context, krb5_ccache, - krb5_cc_cursor *); - krb5_error_code (KRB5_CALLCONV *get_next)(krb5_context, krb5_ccache, - krb5_cc_cursor *, krb5_creds *); - krb5_error_code (KRB5_CALLCONV *end_get)(krb5_context, krb5_ccache, - krb5_cc_cursor *); - krb5_error_code (KRB5_CALLCONV *remove_cred)(krb5_context, krb5_ccache, - krb5_flags, krb5_creds *); - krb5_error_code (KRB5_CALLCONV *set_flags)(krb5_context, krb5_ccache, - krb5_flags); - krb5_error_code (KRB5_CALLCONV *get_flags)(krb5_context, krb5_ccache, - krb5_flags *); - krb5_error_code (KRB5_CALLCONV *ptcursor_new)(krb5_context, - krb5_cc_ptcursor *); - krb5_error_code (KRB5_CALLCONV *ptcursor_next)(krb5_context, - krb5_cc_ptcursor, - krb5_ccache *); - krb5_error_code (KRB5_CALLCONV *ptcursor_free)(krb5_context, - krb5_cc_ptcursor *); - krb5_error_code (KRB5_CALLCONV *move)(krb5_context, krb5_ccache, - krb5_ccache); - krb5_error_code (KRB5_CALLCONV *lastchange)(krb5_context, - krb5_ccache, krb5_timestamp *); - krb5_error_code (KRB5_CALLCONV *wasdefault)(krb5_context, krb5_ccache, - krb5_timestamp *); - krb5_error_code (KRB5_CALLCONV *lock)(krb5_context, krb5_ccache); - krb5_error_code (KRB5_CALLCONV *unlock)(krb5_context, krb5_ccache); - krb5_error_code (KRB5_CALLCONV *switch_to)(krb5_context, krb5_ccache); -}; - -extern const krb5_cc_ops *krb5_cc_dfl_ops; - typedef struct _krb5_donot_replay { krb5_magic magic; krb5_ui_4 hash; @@ -2310,10 +1970,6 @@ typedef struct _krb5_kt_ops { const krb5_ser_entry *serializer; } krb5_kt_ops; -extern const krb5_kt_ops krb5_kt_dfl_ops; - -extern krb5_error_code krb5int_translate_gai_error(int); - /* Not sure it's ready for exposure just yet. */ extern krb5_error_code krb5int_c_mandatory_cksumtype(krb5_context, krb5_enctype, krb5_cksumtype *); @@ -2323,10 +1979,6 @@ krb5int_c_mandatory_cksumtype(krb5_context, krb5_enctype, krb5_cksumtype *); */ #define KRB5_REFERRAL_MAXHOPS 10 -/* Common hostname-parsing code. */ -krb5_error_code -krb5int_clean_hostname(krb5_context, const char *, char *, size_t); - struct _krb5_kt { /* should move into k5-int.h */ krb5_magic magic; const struct _krb5_kt_ops *ops; @@ -2378,9 +2030,6 @@ krb5_error_code KRB5_CALLCONV krb5_kt_register(krb5_context, krb5_error_code k5_kt_get_principal(krb5_context context, krb5_keytab keytab, krb5_principal *princ_out); -krb5_error_code k5_kt_client_default_name(krb5_context context, - char **name_out); - krb5_error_code krb5_principal2salt_norealm(krb5_context, krb5_const_principal, krb5_data *); @@ -2437,10 +2086,6 @@ krb5_error_code krb5_walk_realm_tree(krb5_context, const krb5_data *, int); krb5_error_code -k5_client_realm_path(krb5_context context, const krb5_data *client, - const krb5_data *server, krb5_data **rpath_out); - -krb5_error_code krb5_auth_con_set_safe_cksumtype(krb5_context, krb5_auth_context, krb5_cksumtype); @@ -2470,15 +2115,8 @@ krb5_auth_con_set_authdata_context(krb5_context context, krb5_auth_context auth_context, krb5_authdata_context ad_context); -krb5_error_code KRB5_CALLCONV -krb5int_server_decrypt_ticket_keyblock(krb5_context context, - const krb5_keyblock *key, - krb5_ticket *ticket); - krb5_error_code krb5_read_message(krb5_context, krb5_pointer, krb5_data *); krb5_error_code krb5_write_message(krb5_context, krb5_pointer, krb5_data *); -krb5_error_code krb5int_write_messages(krb5_context, krb5_pointer, krb5_data *, - int); int krb5_net_read(krb5_context, int , char *, int); int krb5_net_write(krb5_context, int , const char *, int); @@ -2617,10 +2255,6 @@ krb5_error_code krb5int_parse_enctype_list(krb5_context context, krb5_enctype *default_list, krb5_enctype **result); -/* Utility functions for zero-terminated enctype lists. */ -size_t k5_count_etypes(const krb5_enctype *list); -krb5_error_code k5_copy_etypes(const krb5_enctype *old_list, - krb5_enctype **new_list); krb5_boolean k5_etypes_contains(const krb5_enctype *list, krb5_enctype etype); #ifdef DEBUG_ERROR_LOCATIONS @@ -2635,9 +2269,4 @@ krb5_set_error_message_fl(krb5_context ctx, krb5_error_code code, #endif ; -#ifndef DISABLE_TRACING -/* Do not use these functions directly; see k5-trace.h. */ -void krb5int_init_trace(krb5_context context); -#endif - #endif /* _KRB5_INT_H */ diff --git a/src/kdc/kdc_util.h b/src/kdc/kdc_util.h index e9d1ae317..8fff99c9c 100644 --- a/src/kdc/kdc_util.h +++ b/src/kdc/kdc_util.h @@ -371,9 +371,6 @@ kdc_handle_protected_negotiation( krb5_context context, krb5_data *req_pkt, krb5_kdc_req *request, const krb5_keyblock *reply_key, krb5_pa_data ***out_enc_padata); -krb5_error_code -krb5int_get_domain_realm_mapping(krb5_context context, - const char *host, char ***realmsp); /* Information handle for kdcpreauth callbacks. All pointers are aliases. */ struct krb5_kdcpreauth_rock_st { diff --git a/src/lib/crypto/builtin/des/des_int.h b/src/lib/crypto/builtin/des/des_int.h index 2338a9cf5..0801cb582 100644 --- a/src/lib/crypto/builtin/des/des_int.h +++ b/src/lib/crypto/builtin/des/des_int.h @@ -137,15 +137,6 @@ typedef struct mit_des_ran_key_seed { #define MIT_DES_CBC_CKSUM_LENGTH (4*sizeof(krb5_octet)) -/* - * Check if k5-int.h has been included before us. If so, then check to see - * that our view of the DES key size is the same as k5-int.h's. - */ -#ifdef KRB5_MIT_DES_KEYSIZE -#if MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE -error(MIT_DES_KEYSIZE does not equal KRB5_MIT_DES_KEYSIZE) -#endif /* MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE */ -#endif /* KRB5_MIT_DES_KEYSIZE */ #endif /* KRB5_MIT_DES__ */ /* * End "mit-des.h" diff --git a/src/lib/crypto/nss/enc_provider/des.c b/src/lib/crypto/nss/enc_provider/des.c index 3b96617a8..bb1f1c047 100644 --- a/src/lib/crypto/nss/enc_provider/des.c +++ b/src/lib/crypto/nss/enc_provider/des.c @@ -79,7 +79,7 @@ k5_des_cbc_mac(krb5_key key, const krb5_crypto_iov *data, size_t num_data, const struct krb5_enc_provider krb5int_enc_des = { 8, - 7, KRB5_MIT_DES_KEYSIZE, + 7, 8, k5_des_encrypt_iov, k5_des_decrypt_iov, k5_des_cbc_mac, diff --git a/src/lib/crypto/nss/enc_provider/des3.c b/src/lib/crypto/nss/enc_provider/des3.c index de3f3c91e..6217709c8 100644 --- a/src/lib/crypto/nss/enc_provider/des3.c +++ b/src/lib/crypto/nss/enc_provider/des3.c @@ -64,7 +64,7 @@ k5_des3_decrypt_iov(krb5_key key, const krb5_data *ivec, const struct krb5_enc_provider krb5int_enc_des3 = { 8, - 21, KRB5_MIT_DES3_KEYSIZE, + 21, 24, k5_des3_encrypt_iov, k5_des3_decrypt_iov, NULL, diff --git a/src/lib/krb5/ccache/cc-int.h b/src/lib/krb5/ccache/cc-int.h index 9c24f20cc..c29fbec2e 100644 --- a/src/lib/krb5/ccache/cc-int.h +++ b/src/lib/krb5/ccache/cc-int.h @@ -32,6 +32,16 @@ #include "k5-int.h" +struct _krb5_ccache { + krb5_magic magic; + const struct _krb5_cc_ops *ops; + krb5_pointer data; +}; + +krb5_error_code +k5_cc_retrieve_cred_default(krb5_context, krb5_ccache, krb5_flags, + krb5_creds *, krb5_creds *); + krb5_boolean krb5int_cc_creds_match_request(krb5_context, krb5_flags whichfields, krb5_creds *mcreds, krb5_creds *creds); @@ -123,4 +133,63 @@ krb5_error_code ccselect_k5identity_initvt(krb5_context context, int maj_ver, int min_ver, krb5_plugin_vtable vtable); +/* + * Per-type ccache cursor. + */ +struct krb5_cc_ptcursor_s { + const struct _krb5_cc_ops *ops; + krb5_pointer data; +}; +typedef struct krb5_cc_ptcursor_s *krb5_cc_ptcursor; + +struct _krb5_cc_ops { + krb5_magic magic; + char *prefix; + const char * (KRB5_CALLCONV *get_name)(krb5_context, krb5_ccache); + krb5_error_code (KRB5_CALLCONV *resolve)(krb5_context, krb5_ccache *, + const char *); + krb5_error_code (KRB5_CALLCONV *gen_new)(krb5_context, krb5_ccache *); + krb5_error_code (KRB5_CALLCONV *init)(krb5_context, krb5_ccache, + krb5_principal); + krb5_error_code (KRB5_CALLCONV *destroy)(krb5_context, krb5_ccache); + krb5_error_code (KRB5_CALLCONV *close)(krb5_context, krb5_ccache); + krb5_error_code (KRB5_CALLCONV *store)(krb5_context, krb5_ccache, + krb5_creds *); + krb5_error_code (KRB5_CALLCONV *retrieve)(krb5_context, krb5_ccache, + krb5_flags, krb5_creds *, + krb5_creds *); + krb5_error_code (KRB5_CALLCONV *get_princ)(krb5_context, krb5_ccache, + krb5_principal *); + krb5_error_code (KRB5_CALLCONV *get_first)(krb5_context, krb5_ccache, + krb5_cc_cursor *); + krb5_error_code (KRB5_CALLCONV *get_next)(krb5_context, krb5_ccache, + krb5_cc_cursor *, krb5_creds *); + krb5_error_code (KRB5_CALLCONV *end_get)(krb5_context, krb5_ccache, + krb5_cc_cursor *); + krb5_error_code (KRB5_CALLCONV *remove_cred)(krb5_context, krb5_ccache, + krb5_flags, krb5_creds *); + krb5_error_code (KRB5_CALLCONV *set_flags)(krb5_context, krb5_ccache, + krb5_flags); + krb5_error_code (KRB5_CALLCONV *get_flags)(krb5_context, krb5_ccache, + krb5_flags *); + krb5_error_code (KRB5_CALLCONV *ptcursor_new)(krb5_context, + krb5_cc_ptcursor *); + krb5_error_code (KRB5_CALLCONV *ptcursor_next)(krb5_context, + krb5_cc_ptcursor, + krb5_ccache *); + krb5_error_code (KRB5_CALLCONV *ptcursor_free)(krb5_context, + krb5_cc_ptcursor *); + krb5_error_code (KRB5_CALLCONV *move)(krb5_context, krb5_ccache, + krb5_ccache); + krb5_error_code (KRB5_CALLCONV *lastchange)(krb5_context, + krb5_ccache, krb5_timestamp *); + krb5_error_code (KRB5_CALLCONV *wasdefault)(krb5_context, krb5_ccache, + krb5_timestamp *); + krb5_error_code (KRB5_CALLCONV *lock)(krb5_context, krb5_ccache); + krb5_error_code (KRB5_CALLCONV *unlock)(krb5_context, krb5_ccache); + krb5_error_code (KRB5_CALLCONV *switch_to)(krb5_context, krb5_ccache); +}; + +extern const krb5_cc_ops *krb5_cc_dfl_ops; + #endif /* __KRB5_CCACHE_H__ */ diff --git a/src/lib/krb5/ccache/cc_file.c b/src/lib/krb5/ccache/cc_file.c index 36133797c..3879db556 100644 --- a/src/lib/krb5/ccache/cc_file.c +++ b/src/lib/krb5/ccache/cc_file.c @@ -2178,8 +2178,8 @@ done: static krb5_error_code KRB5_CALLCONV krb5_fcc_retrieve(krb5_context context, krb5_ccache id, krb5_flags whichfields, krb5_creds *mcreds, krb5_creds *creds) { - return krb5_cc_retrieve_cred_default (context, id, whichfields, - mcreds, creds); + return k5_cc_retrieve_cred_default(context, id, whichfields, mcreds, + creds); } diff --git a/src/lib/krb5/ccache/cc_keyring.c b/src/lib/krb5/ccache/cc_keyring.c index fd1bcec38..7f1a641d6 100644 --- a/src/lib/krb5/ccache/cc_keyring.c +++ b/src/lib/krb5/ccache/cc_keyring.c @@ -968,8 +968,8 @@ krb5_krcc_retrieve(krb5_context context, krb5_ccache id, { DEBUG_PRINT(("krb5_krcc_retrieve: entered\n")); - return krb5_cc_retrieve_cred_default(context, id, whichfields, - mcreds, creds); + return k5_cc_retrieve_cred_default(context, id, whichfields, mcreds, + creds); } /* diff --git a/src/lib/krb5/ccache/cc_memory.c b/src/lib/krb5/ccache/cc_memory.c index aa3d89d7d..b774251a1 100644 --- a/src/lib/krb5/ccache/cc_memory.c +++ b/src/lib/krb5/ccache/cc_memory.c @@ -25,6 +25,7 @@ */ #include "cc-int.h" +#include "../krb/int-proto.h" #include <errno.h> static krb5_error_code KRB5_CALLCONV krb5_mcc_close @@ -383,7 +384,7 @@ krb5_mcc_next_cred(krb5_context context, krb5_ccache id, return KRB5_CC_END; memset(creds, 0, sizeof(krb5_creds)); if (mcursor->creds) { - retval = krb5int_copy_creds_contents(context, mcursor->creds, creds); + retval = k5_copy_creds_contents(context, mcursor->creds, creds); if (retval) return retval; } @@ -607,8 +608,8 @@ krb5_error_code KRB5_CALLCONV krb5_mcc_retrieve(krb5_context context, krb5_ccache id, krb5_flags whichfields, krb5_creds *mcreds, krb5_creds *creds) { - return krb5_cc_retrieve_cred_default (context, id, whichfields, - mcreds, creds); + return k5_cc_retrieve_cred_default(context, id, whichfields, mcreds, + creds); } /* diff --git a/src/lib/krb5/ccache/cc_mslsa.c b/src/lib/krb5/ccache/cc_mslsa.c index bfaae650b..416a7a52f 100644 --- a/src/lib/krb5/ccache/cc_mslsa.c +++ b/src/lib/krb5/ccache/cc_mslsa.c @@ -2488,7 +2488,8 @@ krb5_lcc_retrieve(krb5_context context, krb5_ccache id, krb5_flags whichfields, memset(&fetchcreds, 0, sizeof(krb5_creds)); /* first try to find out if we have an existing ticket which meets the requirements */ - kret = krb5_cc_retrieve_cred_default (context, id, whichfields, mcreds, creds); + kret = k5_cc_retrieve_cred_default(context, id, whichfields, mcreds, + creds); /* This sometimes returns a zero-length ticket; work around it. */ if ( !kret && creds->ticket.length > 0 ) return KRB5_OK; @@ -2506,7 +2507,8 @@ krb5_lcc_retrieve(krb5_context context, krb5_ccache id, krb5_flags whichfields, } /* try again to find out if we have an existing ticket which meets the requirements */ - kret = krb5_cc_retrieve_cred_default (context, id, whichfields, mcreds, creds); + kret = k5_cc_retrieve_cred_default(context, id, whichfields, mcreds, + creds); /* This sometimes returns a zero-length ticket; work around it. */ if ( !kret && creds->ticket.length > 0 ) goto cleanup; @@ -2570,7 +2572,7 @@ krb5_lcc_retrieve(krb5_context context, krb5_ccache id, krb5_flags whichfields, /* check to see if this ticket matches the request using logic from - * krb5_cc_retrieve_cred_default() + * k5_cc_retrieve_cred_default() */ if ( krb5int_cc_creds_match_request(context, whichfields, mcreds, &fetchcreds) ) { *creds = fetchcreds; diff --git a/src/lib/krb5/ccache/cc_retr.c b/src/lib/krb5/ccache/cc_retr.c index 23d0361c3..960c9c925 100644 --- a/src/lib/krb5/ccache/cc_retr.c +++ b/src/lib/krb5/ccache/cc_retr.c @@ -266,8 +266,10 @@ krb5_cc_retrieve_cred_seq (krb5_context context, krb5_ccache id, return nomatch_err; } -krb5_error_code KRB5_CALLCONV -krb5_cc_retrieve_cred_default (krb5_context context, krb5_ccache id, krb5_flags flags, krb5_creds *mcreds, krb5_creds *creds) +krb5_error_code +k5_cc_retrieve_cred_default(krb5_context context, krb5_ccache id, + krb5_flags flags, krb5_creds *mcreds, + krb5_creds *creds) { krb5_enctype *ktypes; int nktypes; @@ -288,92 +290,3 @@ krb5_cc_retrieve_cred_default (krb5_context context, krb5_ccache id, krb5_flags 0, 0); } } - -/* The following function duplicates some of the functionality above and */ -/* should probably be merged with it at some point. It is used by the */ -/* CCAPI krb5_cc_remove to figure out if the opaque credentials object */ -/* returned by the CCAPI is the same creds as the caller passed in. */ -/* Unlike the code above it requires that all structures be identical. */ - -krb5_boolean KRB5_CALLCONV -krb5_creds_compare (krb5_context in_context, - krb5_creds *in_creds, - krb5_creds *in_compare_creds) -{ - /* Set to 0 when we hit the first mismatch and then fall through */ - int equal = 1; - - if (equal) { - equal = krb5_principal_compare (in_context, in_creds->client, - in_compare_creds->client); - } - - if (equal) { - equal = krb5_principal_compare (in_context, in_creds->server, - in_compare_creds->server); - } - - if (equal) { - equal = (in_creds->keyblock.enctype == in_compare_creds->keyblock.enctype && - in_creds->keyblock.length == in_compare_creds->keyblock.length && - (!in_creds->keyblock.length || - !memcmp (in_creds->keyblock.contents, in_compare_creds->keyblock.contents, - in_creds->keyblock.length))); - } - - if (equal) { - equal = (in_creds->times.authtime == in_compare_creds->times.authtime && - in_creds->times.starttime == in_compare_creds->times.starttime && - in_creds->times.endtime == in_compare_creds->times.endtime && - in_creds->times.renew_till == in_compare_creds->times.renew_till); - } - - if (equal) { - equal = (in_creds->is_skey == in_compare_creds->is_skey); - } - - if (equal) { - equal = (in_creds->ticket_flags == in_compare_creds->ticket_flags); - } - - if (equal) { - krb5_address **addresses = in_creds->addresses; - krb5_address **compare_addresses = in_compare_creds->addresses; - unsigned int i; - - if (addresses && compare_addresses) { - for (i = 0; (equal && addresses[i] && compare_addresses[i]); i++) { - equal = krb5_address_compare (in_context, addresses[i], - compare_addresses[i]); - } - if (equal) { equal = (!addresses[i] && !compare_addresses[i]); } - } else { - if (equal) { equal = (!addresses && !compare_addresses); } - } - } - - if (equal) { - equal = data_eq(in_creds->ticket, in_compare_creds->ticket); - } - - if (equal) { - equal = data_eq(in_creds->second_ticket, in_compare_creds->second_ticket); - } - - if (equal) { - krb5_authdata **authdata = in_creds->authdata; - krb5_authdata **compare_authdata = in_compare_creds->authdata; - unsigned int i; - - if (authdata && compare_authdata) { - for (i = 0; (equal && authdata[i] && compare_authdata[i]); i++) { - equal = authdata_eq(*authdata[i], *compare_authdata[i]); - } - if (equal) { equal = (!authdata[i] && !compare_authdata[i]); } - } else { - if (equal) { equal = (!authdata && !compare_authdata); } - } - } - - return equal; -} diff --git a/src/lib/krb5/ccache/ccapi/stdcc.c b/src/lib/krb5/ccache/ccapi/stdcc.c index 555a9617d..0256a0a5d 100644 --- a/src/lib/krb5/ccache/ccapi/stdcc.c +++ b/src/lib/krb5/ccache/ccapi/stdcc.c @@ -32,6 +32,7 @@ #if defined(_WIN32) || defined(USE_CCAPI) #include "k5-int.h" +#include "../cc-int.h" #include "stdcc.h" #include "stdcc_util.h" #include "string.h" @@ -620,8 +621,8 @@ krb5_stdccv3_retrieve (krb5_context context, krb5_creds *mcreds, krb5_creds *creds) { - return krb5_cc_retrieve_cred_default (context, id, whichfields, - mcreds, creds); + return k5_cc_retrieve_cred_default(context, id, whichfields, mcreds, + creds); } /* @@ -1487,8 +1488,8 @@ krb5_stdcc_retrieve(context, id, whichfields, mcreds, creds) krb5_creds *mcreds; krb5_creds *creds; { - return krb5_cc_retrieve_cred_default (context, id, whichfields, - mcreds, creds); + return k5_cc_retrieve_cred_default(context, id, whichfields, mcreds, + creds); } #endif diff --git a/src/lib/krb5/ccache/ccfns.c b/src/lib/krb5/ccache/ccfns.c index a6215604b..419150ae7 100644 --- a/src/lib/krb5/ccache/ccfns.c +++ b/src/lib/krb5/ccache/ccfns.c @@ -25,6 +25,8 @@ */ #include "k5-int.h" +#include "cc-int.h" +#include "../krb/int-proto.h" const char * KRB5_CALLCONV krb5_cc_get_name(krb5_context context, krb5_ccache cache) @@ -213,9 +215,9 @@ static const char conf_realm[] = "X-CACHECONF:"; static const char conf_name[] = "krb5_ccache_conf_data"; krb5_error_code -krb5int_build_conf_principals(krb5_context context, krb5_ccache id, - krb5_const_principal principal, - const char *name, krb5_creds *cred) +k5_build_conf_principals(krb5_context context, krb5_ccache id, + krb5_const_principal principal, + const char *name, krb5_creds *cred) { krb5_principal client; krb5_error_code ret; @@ -277,7 +279,7 @@ krb5_cc_set_config(krb5_context context, krb5_ccache id, TRACE_CC_SET_CONFIG(context, id, principal, key, data); - ret = krb5int_build_conf_principals(context, id, principal, key, &cred); + ret = k5_build_conf_principals(context, id, principal, key, &cred); if (ret) goto out; @@ -311,7 +313,7 @@ krb5_cc_get_config(krb5_context context, krb5_ccache id, memset(&cred, 0, sizeof(cred)); memset(data, 0, sizeof(*data)); - ret = krb5int_build_conf_principals(context, id, principal, key, &mcred); + ret = k5_build_conf_principals(context, id, principal, key, &mcred); if (ret) goto out; diff --git a/src/lib/krb5/ccache/ser_cc.c b/src/lib/krb5/ccache/ser_cc.c index 3821b0ece..fdfc5e4f2 100644 --- a/src/lib/krb5/ccache/ser_cc.c +++ b/src/lib/krb5/ccache/ser_cc.c @@ -25,6 +25,7 @@ */ #include "k5-int.h" +#include "cc-int.h" /* * Routines to deal with externalizing krb5_ccache. diff --git a/src/lib/krb5/ccache/t_cc.c b/src/lib/krb5/ccache/t_cc.c index e14ae7f80..1c112725e 100644 --- a/src/lib/krb5/ccache/t_cc.c +++ b/src/lib/krb5/ccache/t_cc.c @@ -25,6 +25,7 @@ */ #include "k5-int.h" +#include "cc-int.h" #include <stdio.h> #include <stdlib.h> #include "autoconf.h" diff --git a/src/lib/krb5/keytab/kt-int.h b/src/lib/krb5/keytab/kt-int.h index ebefe8090..b55118e2e 100644 --- a/src/lib/krb5/keytab/kt-int.h +++ b/src/lib/krb5/keytab/kt-int.h @@ -41,4 +41,7 @@ void krb5int_kt_finalize(void); int krb5int_mkt_initialize(void); void krb5int_mkt_finalize(void); + +extern const krb5_kt_ops krb5_kt_dfl_ops; + #endif /* __KRB5_KEYTAB_INT_H__ */ diff --git a/src/lib/krb5/keytab/kt_file.c b/src/lib/krb5/keytab/kt_file.c index d2aa88bee..d34e7480e 100644 --- a/src/lib/krb5/keytab/kt_file.c +++ b/src/lib/krb5/keytab/kt_file.c @@ -54,6 +54,7 @@ #ifndef LEAN_CLIENT #include "k5-int.h" +#include "../os/os-proto.h" #include <stdio.h> /* @@ -1045,7 +1046,7 @@ krb5_ktfileint_open(krb5_context context, krb5_keytab id, int mode) if (!KTFILEP(id)) { if ((mode == KRB5_LOCKMODE_EXCLUSIVE) && (errno == ENOENT)) { /* try making it first time around */ - krb5_create_secure_file(context, KTFILENAME(id)); + k5_create_secure_file(context, KTFILENAME(id)); errno = 0; KTFILEP(id) = fopen(KTFILENAME(id), fopen_mode_rbplus); if (!KTFILEP(id)) @@ -1185,7 +1186,7 @@ krb5_ktfileint_delete_entry(krb5_context context, krb5_keytab id, krb5_int32 del } } - return krb5_sync_disk_file(context, KTFILEP(id)); + return k5_sync_disk_file(context, KTFILEP(id)); } return 0; @@ -1530,7 +1531,7 @@ krb5_ktfileint_write_entry(krb5_context context, krb5_keytab id, krb5_keytab_ent if (fflush(KTFILEP(id))) goto abend; - retval = krb5_sync_disk_file(context, KTFILEP(id)); + retval = k5_sync_disk_file(context, KTFILEP(id)); if (retval) { return retval; @@ -1546,7 +1547,7 @@ krb5_ktfileint_write_entry(krb5_context context, krb5_keytab id, krb5_keytab_ent } if (fflush(KTFILEP(id))) goto abend; - retval = krb5_sync_disk_file(context, KTFILEP(id)); + retval = k5_sync_disk_file(context, KTFILEP(id)); return retval; } diff --git a/src/lib/krb5/keytab/ktdefault.c b/src/lib/krb5/keytab/ktdefault.c index 2b1c298ce..482d52ad6 100644 --- a/src/lib/krb5/keytab/ktdefault.c +++ b/src/lib/krb5/keytab/ktdefault.c @@ -30,6 +30,7 @@ */ #include "k5-int.h" +#include "../os/os-proto.h" #include <stdio.h> #ifndef LEAN_CLIENT diff --git a/src/lib/krb5/krb/copy_creds.c b/src/lib/krb5/krb/copy_creds.c index 42372a14f..1de56dc46 100644 --- a/src/lib/krb5/krb/copy_creds.c +++ b/src/lib/krb5/krb/copy_creds.c @@ -25,6 +25,7 @@ */ #include "k5-int.h" +#include "int-proto.h" /* * Copy credentials, allocating fresh storage where needed. @@ -39,7 +40,7 @@ krb5_copy_creds(krb5_context context, const krb5_creds *incred, krb5_creds **out if (!(tempcred = (krb5_creds *)malloc(sizeof(*tempcred)))) return ENOMEM; - retval = krb5int_copy_creds_contents(context, incred, tempcred); + retval = k5_copy_creds_contents(context, incred, tempcred); if (retval) free(tempcred); else @@ -54,8 +55,8 @@ krb5_copy_creds(krb5_context context, const krb5_creds *incred, krb5_creds **out * output structure is garbage and its contents should be ignored. */ krb5_error_code -krb5int_copy_creds_contents(krb5_context context, const krb5_creds *incred, - krb5_creds *tempcred) +k5_copy_creds_contents(krb5_context context, const krb5_creds *incred, + krb5_creds *tempcred) { krb5_error_code retval; krb5_data *scratch; diff --git a/src/lib/krb5/krb/enc_keyhelper.c b/src/lib/krb5/krb/enc_keyhelper.c index 40ac4af15..6878b252c 100644 --- a/src/lib/krb5/krb/enc_keyhelper.c +++ b/src/lib/krb5/krb/enc_keyhelper.c @@ -24,16 +24,14 @@ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. - * - * krb5_encrypt_keyhelper() - * */ #include "k5-int.h" +#include "int-proto.h" krb5_error_code -krb5_encrypt_keyhelper(krb5_context context, krb5_key key, krb5_keyusage usage, - const krb5_data *plain, krb5_enc_data *cipher) +k5_encrypt_keyhelper(krb5_context context, krb5_key key, krb5_keyusage usage, + const krb5_data *plain, krb5_enc_data *cipher) { krb5_enctype enctype; krb5_error_code ret; diff --git a/src/lib/krb5/krb/fast.c b/src/lib/krb5/krb/fast.c index 5e37b4518..4555b71be 100644 --- a/src/lib/krb5/krb/fast.c +++ b/src/lib/krb5/krb/fast.c @@ -25,6 +25,7 @@ */ #include <k5-int.h> +#include "int-proto.h" /* * It is possible to support sending a request that includes both a FAST and diff --git a/src/lib/krb5/krb/fwd_tgt.c b/src/lib/krb5/krb/fwd_tgt.c index 2e55066c7..250af3ad9 100644 --- a/src/lib/krb5/krb/fwd_tgt.c +++ b/src/lib/krb5/krb/fwd_tgt.c @@ -29,6 +29,7 @@ #include <memory.h> #endif #include "int-proto.h" +#include "os-proto.h" /* helper function: convert flags to necessary KDC options */ #define flags2options(flags) (flags & KDC_TKT_COMMON_MASK) @@ -137,7 +138,7 @@ krb5_fwd_tgt_creds(krb5_context context, krb5_auth_context auth_context, free_rhost = 1; } - retval = krb5_os_hostaddr(context, rhost, &addrs); + retval = k5_os_hostaddr(context, rhost, &addrs); if (retval) goto errout; } diff --git a/src/lib/krb5/krb/gen_save_subkey.c b/src/lib/krb5/krb/gen_save_subkey.c index 801eed43e..61f36aa36 100644 --- a/src/lib/krb5/krb/gen_save_subkey.c +++ b/src/lib/krb5/krb/gen_save_subkey.c @@ -25,13 +25,13 @@ */ #include "k5-int.h" +#include "int-proto.h" #include "auth_con.h" krb5_error_code -krb5int_generate_and_save_subkey(krb5_context context, - krb5_auth_context auth_context, - krb5_keyblock *keyblock, - krb5_enctype enctype) +k5_generate_and_save_subkey(krb5_context context, + krb5_auth_context auth_context, + krb5_keyblock *keyblock, krb5_enctype enctype) { /* Provide some more fodder for random number code. This isn't strong cryptographically; the point here is not diff --git a/src/lib/krb5/krb/get_creds.c b/src/lib/krb5/krb/get_creds.c index 9e28f4824..fc74c1617 100644 --- a/src/lib/krb5/krb/get_creds.c +++ b/src/lib/krb5/krb/get_creds.c @@ -1103,7 +1103,7 @@ krb5_tkt_creds_get_creds(krb5_context context, krb5_tkt_creds_context ctx, { if (ctx->state != STATE_COMPLETE) return KRB5_NO_TKT_SUPPLIED; - return krb5int_copy_creds_contents(context, ctx->reply_creds, creds); + return k5_copy_creds_contents(context, ctx->reply_creds, creds); } krb5_error_code KRB5_CALLCONV diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c index dfec99179..e5fd5542c 100644 --- a/src/lib/krb5/krb/get_in_tkt.c +++ b/src/lib/krb5/krb/get_in_tkt.c @@ -491,7 +491,7 @@ krb5_init_creds_free(krb5_context context, if (ctx == NULL) return; - if (ctx->opte != NULL && krb5_gic_opt_is_shadowed(ctx->opte)) { + if (ctx->opte != NULL && gic_opt_is_shadowed(ctx->opte)) { krb5_get_init_creds_opt_free(context, (krb5_get_init_creds_opt *)ctx->opte); } @@ -584,7 +584,7 @@ krb5_init_creds_get_creds(krb5_context context, if (!ctx->complete) return KRB5_NO_TKT_SUPPLIED; - return krb5int_copy_creds_contents(context, &ctx->cred, creds); + return k5_copy_creds_contents(context, &ctx->cred, creds); } krb5_error_code KRB5_CALLCONV @@ -808,8 +808,8 @@ krb5_init_creds_init(krb5_context context, options = &local_opts; } - code = krb5int_gic_opt_to_opte(context, options, - &ctx->opte, 1, "krb5_init_creds_init"); + code = k5_gic_opt_to_opte(context, options, &ctx->opte, 1, + "krb5_init_creds_init"); if (code != 0) goto cleanup; @@ -1706,18 +1706,12 @@ cleanup: } krb5_error_code KRB5_CALLCONV -krb5int_get_init_creds(krb5_context context, - krb5_creds *creds, - krb5_principal client, - krb5_prompter_fct prompter, - void *prompter_data, - krb5_deltat start_time, - const char *in_tkt_service, - krb5_get_init_creds_opt *options, - krb5_gic_get_as_key_fct gak_fct, - void *gak_data, - int *use_master, - krb5_kdc_rep **as_reply) +k5_get_init_creds(krb5_context context, krb5_creds *creds, + krb5_principal client, krb5_prompter_fct prompter, + void *prompter_data, krb5_deltat start_time, + const char *in_tkt_service, krb5_get_init_creds_opt *options, + get_as_key_fn gak_fct, void *gak_data, int *use_master, + krb5_kdc_rep **as_reply) { krb5_error_code code; krb5_init_creds_context ctx = NULL; @@ -1761,10 +1755,10 @@ cleanup: } krb5_error_code -krb5int_populate_gic_opt(krb5_context context, krb5_get_init_creds_opt **out, - krb5_flags options, krb5_address *const *addrs, - krb5_enctype *ktypes, - krb5_preauthtype *pre_auth_types, krb5_creds *creds) +k5_populate_gic_opt(krb5_context context, krb5_get_init_creds_opt **out, + krb5_flags options, krb5_address *const *addrs, + krb5_enctype *ktypes, krb5_preauthtype *pre_auth_types, + krb5_creds *creds) { int i; krb5_int32 starttime; diff --git a/src/lib/krb5/krb/gic_keytab.c b/src/lib/krb5/krb/gic_keytab.c index 9eef3750d..4c2942e3f 100644 --- a/src/lib/krb5/krb/gic_keytab.c +++ b/src/lib/krb5/krb/gic_keytab.c @@ -338,9 +338,8 @@ krb5_get_in_tkt_with_keytab(krb5_context context, krb5_flags options, krb5_principal client_princ, server_princ; int use_master = 0; - retval = krb5int_populate_gic_opt(context, &opts, - options, addrs, ktypes, - pre_auth_types, creds); + retval = k5_populate_gic_opt(context, &opts, options, addrs, ktypes, + pre_auth_types, creds); if (retval) return retval; @@ -356,11 +355,10 @@ krb5_get_in_tkt_with_keytab(krb5_context context, krb5_flags options, goto cleanup; server_princ = creds->server; client_princ = creds->client; - retval = krb5int_get_init_creds(context, creds, creds->client, - krb5_prompter_posix, NULL, - 0, server, opts, - get_as_key_keytab, (void *)keytab, - &use_master, ret_as_reply); + retval = k5_get_init_creds(context, creds, creds->client, + krb5_prompter_posix, NULL, 0, server, opts, + get_as_key_keytab, (void *)keytab, &use_master, + ret_as_reply); krb5_free_unparsed_name( context, server); if (retval) { goto cleanup; diff --git a/src/lib/krb5/krb/gic_opt.c b/src/lib/krb5/krb/gic_opt.c index dddabf7e1..40a51d7c0 100644 --- a/src/lib/krb5/krb/gic_opt.c +++ b/src/lib/krb5/krb/gic_opt.c @@ -1,6 +1,7 @@ /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ #include "k5-int.h" #include "int-proto.h" +#include <krb5/clpreauth_plugin.h> static void init_common(krb5_get_init_creds_opt *opt) @@ -100,32 +101,6 @@ krb5_get_init_creds_opt_set_change_password_prompt(krb5_get_init_creds_opt *opt, opt->flags &= ~KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT; } -/* - * Extending the krb5_get_init_creds_opt structure. The original - * krb5_get_init_creds_opt structure is defined publicly. The - * new extended version is private. The original interface - * assumed a pre-allocated structure which was passed to - * krb5_get_init_creds_init(). The new interface assumes that - * the caller will call krb5_get_init_creds_alloc() and - * krb5_get_init_creds_free(). - * - * Callers MUST NOT call krb5_get_init_creds_init() after allocating an - * opts structure using krb5_get_init_creds_alloc(). To do so will - * introduce memory leaks. Unfortunately, there is no way to enforce - * this behavior. - * - * Two private flags are added for backward compatibility. - * KRB5_GET_INIT_CREDS_OPT_EXTENDED says that the structure was allocated - * with the new krb5_get_init_creds_opt_alloc() function. - * KRB5_GET_INIT_CREDS_OPT_SHADOWED is set to indicate that the extended - * structure is a shadow copy of an original krb5_get_init_creds_opt - * structure. - * If KRB5_GET_INIT_CREDS_OPT_SHADOWED is set after a call to - * krb5int_gic_opt_to_opte(), the resulting extended structure should be - * freed (using krb5_get_init_creds_free). Otherwise, the original - * structure was already extended and there is no need to free it. - */ - /* Forward prototype */ static void free_gic_opt_ext_preauth_data(krb5_context context, @@ -134,7 +109,7 @@ free_gic_opt_ext_preauth_data(krb5_context context, static krb5_error_code gic_opte_private_alloc(krb5_context context, krb5_gic_opt_ext *opte) { - if (NULL == opte || !krb5_gic_opt_is_extended(opte)) + if (NULL == opte || !gic_opt_is_extended(opte)) return EINVAL; opte->opt_private = calloc(1, sizeof(*opte->opt_private)); @@ -150,7 +125,7 @@ gic_opte_private_alloc(krb5_context context, krb5_gic_opt_ext *opte) static krb5_error_code gic_opte_private_free(krb5_context context, krb5_gic_opt_ext *opte) { - if (NULL == opte || !krb5_gic_opt_is_extended(opte)) + if (NULL == opte || !gic_opt_is_extended(opte)) return EINVAL; /* Free up any private stuff */ @@ -172,7 +147,7 @@ gic_opte_alloc(krb5_context context) opte = calloc(1, sizeof(*opte)); if (NULL == opte) return NULL; - opte->flags = KRB5_GET_INIT_CREDS_OPT_EXTENDED; + opte->flags = GIC_OPT_EXTENDED; code = gic_opte_private_alloc(context, opte); if (code) { @@ -214,7 +189,7 @@ krb5_get_init_creds_opt_free(krb5_context context, return; /* Don't touch it if we didn't allocate it */ - if (!krb5_gic_opt_is_extended(opt)) + if (!gic_opt_is_extended(opt)) return; opte = (krb5_gic_opt_ext *)opt; @@ -257,8 +232,7 @@ gic_opte_copy(krb5_context context, * here will be freed by the library because the * application is unaware of its existence. */ - oe->flags |= ( KRB5_GET_INIT_CREDS_OPT_EXTENDED | - KRB5_GET_INIT_CREDS_OPT_SHADOWED); + oe->flags |= (GIC_OPT_EXTENDED | GIC_OPT_SHADOWED); *opte = oe; return 0; @@ -275,13 +249,11 @@ gic_opte_copy(krb5_context context, * cases where the original *should* be an extended structure. */ krb5_error_code -krb5int_gic_opt_to_opte(krb5_context context, - krb5_get_init_creds_opt *opt, - krb5_gic_opt_ext **opte, - unsigned int force, - const char *where) +k5_gic_opt_to_opte(krb5_context context, krb5_get_init_creds_opt *opt, + krb5_gic_opt_ext **opte, unsigned int force, + const char *where) { - if (!krb5_gic_opt_is_extended(opt)) { + if (!gic_opt_is_extended(opt)) { if (force) { return gic_opte_copy(context, opt, opte); } else { @@ -302,7 +274,7 @@ free_gic_opt_ext_preauth_data(krb5_context context, { int i; - if (NULL == opte || !krb5_gic_opt_is_extended(opte)) + if (NULL == opte || !gic_opt_is_extended(opte)) return; if (NULL == opte->opt_private || NULL == opte->opt_private->preauth_data) return; @@ -338,8 +310,8 @@ krb5_get_init_creds_opt_get_pa(krb5_context context, int i; size_t allocsize; - retval = krb5int_gic_opt_to_opte(context, opt, &opte, 0, - "krb5_get_init_creds_opt_get_pa"); + retval = k5_gic_opt_to_opte(context, opt, &opte, 0, + "krb5_get_init_creds_opt_get_pa"); if (retval) return retval; @@ -415,8 +387,8 @@ krb5_get_init_creds_opt_set_fast_ccache_name(krb5_context context, krb5_error_code retval = 0; krb5_gic_opt_ext *opte; - retval = krb5int_gic_opt_to_opte(context, opt, &opte, 0, - "krb5_get_init_creds_opt_set_fast_ccache_name"); + retval = k5_gic_opt_to_opte(context, opt, &opte, 0, + "krb5_get_init_creds_opt_set_fast_ccache_name"); if (retval) return retval; if (opte->opt_private->fast_ccache_name) { @@ -459,8 +431,8 @@ krb5_get_init_creds_opt_set_in_ccache(krb5_context context, krb5_error_code retval = 0; krb5_gic_opt_ext *opte; - retval = krb5int_gic_opt_to_opte(context, opt, &opte, 0, - "krb5_get_init_creds_opt_set_in_ccache"); + retval = k5_gic_opt_to_opte(context, opt, &opte, 0, + "krb5_get_init_creds_opt_set_in_ccache"); if (retval) return retval; opte->opt_private->in_ccache = ccache; @@ -475,8 +447,8 @@ krb5_get_init_creds_opt_set_out_ccache(krb5_context context, krb5_error_code retval = 0; krb5_gic_opt_ext *opte; - retval = krb5int_gic_opt_to_opte(context, opt, &opte, 0, - "krb5_get_init_creds_opt_set_out_ccache"); + retval = k5_gic_opt_to_opte(context, opt, &opte, 0, + "krb5_get_init_creds_opt_set_out_ccache"); if (retval) return retval; opte->opt_private->out_ccache = ccache; @@ -491,8 +463,8 @@ krb5_get_init_creds_opt_set_fast_flags(krb5_context context, krb5_error_code retval = 0; krb5_gic_opt_ext *opte; - retval = krb5int_gic_opt_to_opte(context, opt, &opte, 0, - "krb5_get_init_creds_opt_set_fast_flags"); + retval = k5_gic_opt_to_opte(context, opt, &opte, 0, + "krb5_get_init_creds_opt_set_fast_flags"); if (retval) return retval; opte->opt_private->fast_flags = flags; @@ -510,8 +482,8 @@ krb5_get_init_creds_opt_get_fast_flags(krb5_context context, if (out_flags == NULL) return EINVAL; *out_flags = 0; - retval = krb5int_gic_opt_to_opte(context, opt, &opte, 0, - "krb5_get_init_creds_opt_get_fast_flags"); + retval = k5_gic_opt_to_opte(context, opt, &opte, 0, + "krb5_get_init_creds_opt_get_fast_flags"); if (retval) return retval; *out_flags = opte->opt_private->fast_flags; @@ -527,9 +499,8 @@ krb5_get_init_creds_opt_set_expire_callback(krb5_context context, krb5_error_code retval = 0; krb5_gic_opt_ext *opte; - retval = krb5int_gic_opt_to_opte(context, opt, &opte, 0, - "krb5_get_init_creds_opt_set_" - "expire_callback"); + retval = k5_gic_opt_to_opte(context, opt, &opte, 0, + "krb5_get_init_creds_opt_set_expire_callback"); if (retval) return retval; opte->opt_private->expire_cb = cb; @@ -545,8 +516,8 @@ krb5_get_init_creds_opt_set_responder(krb5_context context, krb5_error_code ret; krb5_gic_opt_ext *opte; - ret = krb5int_gic_opt_to_opte(context, opt, &opte, 0, - "krb5_get_init_creds_opt_set_responder"); + ret = k5_gic_opt_to_opte(context, opt, &opte, 0, + "krb5_get_init_creds_opt_set_responder"); if (ret) return ret; opte->opt_private->responder = responder; diff --git a/src/lib/krb5/krb/gic_opt_set_pa.c b/src/lib/krb5/krb/gic_opt_set_pa.c index 1e79c4232..d44780599 100644 --- a/src/lib/krb5/krb/gic_opt_set_pa.c +++ b/src/lib/krb5/krb/gic_opt_set_pa.c @@ -79,8 +79,8 @@ krb5_get_init_creds_opt_set_pa(krb5_context context, krb5_error_code retval; krb5_gic_opt_ext *opte; - retval = krb5int_gic_opt_to_opte(context, opt, &opte, 0, - "krb5_get_init_creds_opt_set_pa"); + retval = k5_gic_opt_to_opte(context, opt, &opte, 0, + "krb5_get_init_creds_opt_set_pa"); if (retval) return retval; diff --git a/src/lib/krb5/krb/gic_pwd.c b/src/lib/krb5/krb/gic_pwd.c index 32b376f50..22db2b5b4 100644 --- a/src/lib/krb5/krb/gic_pwd.c +++ b/src/lib/krb5/krb/gic_pwd.c @@ -3,6 +3,7 @@ #include "com_err.h" #include "init_creds_ctx.h" #include "int-proto.h" +#include "os-proto.h" krb5_error_code krb5_get_as_key_password(krb5_context context, @@ -81,9 +82,9 @@ krb5_get_as_key_password(krb5_context context, prompt_type = KRB5_PROMPT_TYPE_PASSWORD; /* PROMPTER_INVOCATION */ - krb5int_set_prompt_types(context, &prompt_type); + k5_set_prompt_types(context, &prompt_type); ret = (*prompter)(context, prompter_data, NULL, NULL, 1, &prompt); - krb5int_set_prompt_types(context, 0); + k5_set_prompt_types(context, 0); if (ret) return(ret); } @@ -183,7 +184,7 @@ warn_pw_expiry(krb5_context context, krb5_get_init_creds_opt *options, get_expiry_times(as_reply->enc_part2, &pw_exp, &acct_exp, &is_last_req); - ret = krb5int_gic_opt_to_opte(context, options, &opte, 0, ""); + ret = k5_gic_opt_to_opte(context, options, &opte, 0, ""); if (ret == 0 && opte->opt_private->expire_cb != NULL) { krb5_expire_callback_func cb = opte->opt_private->expire_cb; void *cb_data = opte->opt_private->expire_data; @@ -286,10 +287,9 @@ krb5_get_init_creds_password(krb5_context context, /* first try: get the requested tkt from any kdc */ - ret = krb5int_get_init_creds(context, creds, client, prompter, data, - start_time, in_tkt_service, options, - krb5_get_as_key_password, (void *) &pw0, - &use_master, &as_reply); + ret = k5_get_init_creds(context, creds, client, prompter, data, start_time, + in_tkt_service, options, krb5_get_as_key_password, + (void *) &pw0, &use_master, &as_reply); /* check for success */ @@ -316,10 +316,10 @@ krb5_get_init_creds_password(krb5_context context, krb5_free_kdc_rep( context, as_reply); as_reply = NULL; } - ret = krb5int_get_init_creds(context, creds, client, prompter, data, - start_time, in_tkt_service, options, - krb5_get_as_key_password, (void *) &pw0, - &use_master, &as_reply); + ret = k5_get_init_creds(context, creds, client, prompter, data, + start_time, in_tkt_service, options, + krb5_get_as_key_password, (void *) &pw0, + &use_master, &as_reply); if (ret == 0) goto cleanup; @@ -363,11 +363,11 @@ krb5_get_init_creds_password(krb5_context context, krb5_get_init_creds_opt_set_forwardable(chpw_opts, 0); krb5_get_init_creds_opt_set_proxiable(chpw_opts, 0); - if ((ret = krb5int_get_init_creds(context, &chpw_creds, client, - prompter, data, - start_time, "kadmin/changepw", chpw_opts, - krb5_get_as_key_password, (void *) &pw0, - &use_master, NULL))) + ret = k5_get_init_creds(context, &chpw_creds, client, prompter, data, + start_time, "kadmin/changepw", chpw_opts, + krb5_get_as_key_password, (void *) &pw0, + &use_master, NULL); + if (ret) goto cleanup; prompt[0].prompt = _("Enter new password"); @@ -389,10 +389,10 @@ krb5_get_init_creds_password(krb5_context context, pw1.length = sizeof(pw1array); /* PROMPTER_INVOCATION */ - krb5int_set_prompt_types(context, prompt_types); + k5_set_prompt_types(context, prompt_types); ret = (*prompter)(context, data, 0, banner, sizeof(prompt)/sizeof(prompt[0]), prompt); - krb5int_set_prompt_types(context, 0); + k5_set_prompt_types(context, 0); if (ret) goto cleanup; @@ -460,10 +460,10 @@ krb5_get_init_creds_password(krb5_context context, is final. */ TRACE_GIC_PWD_CHANGED(context); - ret = krb5int_get_init_creds(context, creds, client, prompter, data, - start_time, in_tkt_service, options, - krb5_get_as_key_password, (void *) &pw0, - &use_master, &as_reply); + ret = k5_get_init_creds(context, creds, client, prompter, data, + start_time, in_tkt_service, options, + krb5_get_as_key_password, (void *) &pw0, + &use_master, &as_reply); if (ret) goto cleanup; @@ -528,9 +528,8 @@ krb5_get_in_tkt_with_password(krb5_context context, krb5_flags options, pw0.data[0] = '\0'; pw0.length = sizeof(pw0array); } - retval = krb5int_populate_gic_opt(context, &opts, - options, addrs, ktypes, - pre_auth_types, creds); + retval = k5_populate_gic_opt(context, &opts, options, addrs, ktypes, + pre_auth_types, creds); if (retval) return (retval); retval = krb5_unparse_name( context, creds->server, &server); @@ -540,11 +539,10 @@ krb5_get_in_tkt_with_password(krb5_context context, krb5_flags options, } server_princ = creds->server; client_princ = creds->client; - retval = krb5int_get_init_creds(context, creds, creds->client, - krb5_prompter_posix, NULL, - 0, server, opts, - krb5_get_as_key_password, &pw0, - &use_master, ret_as_reply); + retval = k5_get_init_creds(context, creds, creds->client, + krb5_prompter_posix, NULL, 0, server, opts, + krb5_get_as_key_password, &pw0, &use_master, + ret_as_reply); krb5_free_unparsed_name( context, server); krb5_get_init_creds_opt_free(context, opts); if (retval) { diff --git a/src/lib/krb5/krb/in_tkt_sky.c b/src/lib/krb5/krb/in_tkt_sky.c index d1b69c647..b11e694dd 100644 --- a/src/lib/krb5/krb/in_tkt_sky.c +++ b/src/lib/krb5/krb/in_tkt_sky.c @@ -25,9 +25,9 @@ */ #include "k5-int.h" +#include "int-proto.h" -/* A krb5_gic_get_as_key_fct shim for copying a caller-provided keyblock into - * the AS keyblock. */ +/* Copy the caller-provided keyblock into the AS keyblock. */ static krb5_error_code get_as_key_skey(krb5_context context, krb5_principal client, krb5_enctype etype, krb5_prompter_fct prompter, @@ -86,8 +86,8 @@ krb5_get_in_tkt_with_skey(krb5_context context, krb5_flags options, } #endif /* LEAN_CLIENT */ - retval = krb5int_populate_gic_opt(context, &opts, options, addrs, ktypes, - pre_auth_types, creds); + retval = k5_populate_gic_opt(context, &opts, options, addrs, ktypes, + pre_auth_types, creds); if (retval) return retval; retval = krb5_unparse_name(context, creds->server, &server); @@ -97,10 +97,10 @@ krb5_get_in_tkt_with_skey(krb5_context context, krb5_flags options, } server_princ = creds->server; client_princ = creds->client; - retval = krb5int_get_init_creds(context, creds, creds->client, - krb5_prompter_posix, NULL, 0, server, opts, - get_as_key_skey, (void *) key, &use_master, - ret_as_reply); + retval = k5_get_init_creds(context, creds, creds->client, + krb5_prompter_posix, NULL, 0, server, opts, + get_as_key_skey, (void *)key, &use_master, + ret_as_reply); krb5_free_unparsed_name(context, server); krb5_get_init_creds_opt_free(context, opts); if (retval) diff --git a/src/lib/krb5/krb/init_creds_ctx.h b/src/lib/krb5/krb/init_creds_ctx.h index 1bc90a528..d886c7ae9 100644 --- a/src/lib/krb5/krb/init_creds_ctx.h +++ b/src/lib/krb5/krb/init_creds_ctx.h @@ -4,13 +4,18 @@ #define KRB5_INIT_CREDS_CONTEXT 1 #include "k5-json.h" +#include "int-proto.h" + +struct krb5_responder_context_st { + k5_response_items *items; +}; struct _krb5_init_creds_context { krb5_gic_opt_ext *opte; char *in_tkt_service; krb5_prompter_fct prompter; void *prompter_data; - krb5_gic_get_as_key_fct gak_fct; + get_as_key_fn gak_fct; void *gak_data; krb5_timestamp request_time; krb5_deltat start_time; diff --git a/src/lib/krb5/krb/init_ctx.c b/src/lib/krb5/krb/init_ctx.c index 33330e7b6..58eb01ad5 100644 --- a/src/lib/krb5/krb/init_ctx.c +++ b/src/lib/krb5/krb/init_ctx.c @@ -51,6 +51,7 @@ #include "k5-int.h" #include "int-proto.h" +#include "os-proto.h" #include <ctype.h> #include "brand.c" #include "../krb5_libinit.h" @@ -189,13 +190,14 @@ krb5_init_context_profile(profile_t profile, krb5_flags flags, ctx->profile_secure = (flags & KRB5_INIT_CONTEXT_SECURE) != 0; - if ((retval = krb5_os_init_context(ctx, profile, flags)) != 0) + retval = k5_os_init_context(ctx, profile, flags); + if (retval) goto cleanup; ctx->trace_callback = NULL; #ifndef DISABLE_TRACING if (!ctx->profile_secure) - krb5int_init_trace(ctx); + k5_init_trace(ctx); #endif retval = get_boolean(ctx, KRB5_CONF_ALLOW_WEAK_CRYPTO, 0, &tmp); @@ -287,7 +289,7 @@ krb5_free_context(krb5_context ctx) { if (ctx == NULL) return; - krb5_os_free_context(ctx); + k5_os_free_context(ctx); free(ctx->in_tkt_etypes); ctx->in_tkt_etypes = NULL; diff --git a/src/lib/krb5/krb/int-proto.h b/src/lib/krb5/krb/int-proto.h index 6d7939e04..04535f6cc 100644 --- a/src/lib/krb5/krb/int-proto.h +++ b/src/lib/krb5/krb/int-proto.h @@ -29,6 +29,92 @@ struct krb5int_fast_request_state; +typedef struct k5_response_items_st k5_response_items; + +typedef krb5_error_code +(*get_as_key_fn)(krb5_context, krb5_principal, krb5_enctype, krb5_prompter_fct, + void *prompter_data, krb5_data *salt, krb5_data *s2kparams, + krb5_keyblock *as_key, void *gak_data, + k5_response_items *ritems); + +/* + * Extending the krb5_get_init_creds_opt structure. The original + * krb5_get_init_creds_opt structure is defined publicly. The new extended + * version is private. The original interface assumed a pre-allocated + * structure which was passed to krb5_get_init_creds_init(). The new interface + * assumes that the caller will call krb5_get_init_creds_alloc() and + * krb5_get_init_creds_free(). + * + * Callers MUST NOT call krb5_get_init_creds_init() after allocating an opts + * structure using krb5_get_init_creds_alloc(). To do so will introduce memory + * leaks. Unfortunately, there is no way to enforce this behavior. + * + * Two private flags are added for backward compatibility. GIC_OPT_EXTENDED + * says that the structure was allocated with the new + * krb5_get_init_creds_opt_alloc() function. GIC_OPT_SHADOWED is set to + * indicate that the extended structure is a shadow copy of an original + * krb5_get_init_creds_opt structure. If GIC_OPT_SHADOWED is set after a call + * to k5_gic_opt_to_opte(), the resulting extended structure should be freed + * (using krb5_get_init_creds_free). Otherwise, the original structure was + * already extended and there is no need to free it. + */ + +#define GIC_OPT_EXTENDED 0x80000000 +#define GIC_OPT_SHADOWED 0x40000000 + +#define gic_opt_is_extended(s) ((s) != NULL && ((s)->flags & GIC_OPT_EXTENDED)) +#define gic_opt_is_shadowed(s) ((s) != NULL && ((s)->flags & GIC_OPT_SHADOWED)) + +typedef struct gic_opt_private_st { + int num_preauth_data; + krb5_gic_opt_pa_data *preauth_data; + char * fast_ccache_name; + krb5_ccache in_ccache; + krb5_ccache out_ccache; + krb5_flags fast_flags; + krb5_expire_callback_func expire_cb; + void *expire_data; + krb5_responder_fn responder; + void *responder_data; +} gic_opt_private; + +/* + * On the Mac, ensure that the layout of krb5_gic_opt_ext matches that + * of krb5_get_init_creds_opt. + */ +#if TARGET_OS_MAC +# pragma pack(push,2) +#endif + +typedef struct _krb5_gic_opt_ext { + krb5_flags flags; + krb5_deltat tkt_life; + krb5_deltat renew_life; + int forwardable; + int proxiable; + krb5_enctype *etype_list; + int etype_list_length; + krb5_address **address_list; + krb5_preauthtype *preauth_list; + int preauth_list_length; + krb5_data *salt; + /* + * Do not change anything above this point in this structure. + * It is identical to the public krb5_get_init_creds_opt structure. + * New members must be added below. + */ + gic_opt_private *opt_private; +} krb5_gic_opt_ext; + +#if TARGET_OS_MAC +# pragma pack(pop) +#endif + +krb5_error_code +k5_gic_opt_to_opte(krb5_context context, krb5_get_init_creds_opt *opt, + krb5_gic_opt_ext **opte, unsigned int force, + const char *where); + krb5_error_code krb5int_tgtname(krb5_context context, const krb5_data *, const krb5_data *, krb5_principal *); @@ -236,4 +322,46 @@ k5_save_ctx_error(krb5_context ctx, krb5_error_code code, struct errinfo *out); krb5_error_code k5_restore_ctx_error(krb5_context ctx, struct errinfo *in); +krb5_error_code +k5_encrypt_keyhelper(krb5_context context, krb5_key key, + krb5_keyusage keyusage, const krb5_data *plain, + krb5_enc_data *cipher); + +krb5_error_code KRB5_CALLCONV +k5_get_init_creds(krb5_context context, krb5_creds *creds, + krb5_principal client, krb5_prompter_fct prompter, + void *prompter_data, krb5_deltat start_time, + const char *in_tkt_service, krb5_get_init_creds_opt *options, + get_as_key_fn gak, void *gak_data, int *master, + krb5_kdc_rep **as_reply); + +krb5_error_code +k5_populate_gic_opt(krb5_context context, krb5_get_init_creds_opt **opt, + krb5_flags options, krb5_address *const *addrs, + krb5_enctype *ktypes, krb5_preauthtype *pre_auth_types, + krb5_creds *creds); + +krb5_error_code +k5_copy_creds_contents(krb5_context, const krb5_creds *, krb5_creds *); + +krb5_error_code +k5_build_conf_principals(krb5_context context, krb5_ccache id, + krb5_const_principal principal, const char *name, + krb5_creds *cred); + +krb5_error_code +k5_generate_and_save_subkey(krb5_context context, + krb5_auth_context auth_context, + krb5_keyblock *keyblock, krb5_enctype enctype); + +krb5_error_code +k5_client_realm_path(krb5_context context, const krb5_data *client, + const krb5_data *server, krb5_data **rpath_out); + +size_t +k5_count_etypes(const krb5_enctype *list); + +krb5_error_code +k5_copy_etypes(const krb5_enctype *old_list, krb5_enctype **new_list); + #endif /* KRB5_INT_FUNC_PROTO__ */ diff --git a/src/lib/krb5/krb/kfree.c b/src/lib/krb5/krb/kfree.c index 9629ae663..466861f73 100644 --- a/src/lib/krb5/krb/kfree.c +++ b/src/lib/krb5/krb/kfree.c @@ -641,15 +641,6 @@ krb5_free_pa_pac_req(krb5_context context, } void KRB5_CALLCONV -krb5_free_etype_list(krb5_context context, - krb5_etype_list *etypes) -{ - if (etypes != NULL) { - free(etypes->etypes); - free(etypes); - } -} -void KRB5_CALLCONV krb5_free_fast_req(krb5_context context, krb5_fast_req *val) { if (val == NULL) diff --git a/src/lib/krb5/krb/mk_cred.c b/src/lib/krb5/krb/mk_cred.c index 566d13816..a31d85cac 100644 --- a/src/lib/krb5/krb/mk_cred.c +++ b/src/lib/krb5/krb/mk_cred.c @@ -9,6 +9,7 @@ * */ #include "k5-int.h" +#include "int-proto.h" #include "cleanup.h" #include "auth_con.h" @@ -44,9 +45,9 @@ encrypt_credencpart(krb5_context context, krb5_cred_enc_part *pcredpart, } /* call the encryption routine */ - retval = krb5_encrypt_keyhelper(context, pkey, - KRB5_KEYUSAGE_KRB_CRED_ENCPART, - scratch, pencdata); + retval = k5_encrypt_keyhelper(context, pkey, + KRB5_KEYUSAGE_KRB_CRED_ENCPART, scratch, + pencdata); if (retval) { memset(pencdata->ciphertext.data, 0, pencdata->ciphertext.length); diff --git a/src/lib/krb5/krb/mk_rep.c b/src/lib/krb5/krb/mk_rep.c index 0681a224f..dd7a7d91c 100644 --- a/src/lib/krb5/krb/mk_rep.c +++ b/src/lib/krb5/krb/mk_rep.c @@ -52,6 +52,7 @@ */ #include "k5-int.h" +#include "int-proto.h" #include "auth_con.h" /* @@ -95,9 +96,9 @@ k5_mk_rep(krb5_context context, krb5_auth_context auth_context, else if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_USE_SUBKEY) { assert(auth_context->negotiated_etype != ENCTYPE_NULL); - retval = krb5int_generate_and_save_subkey (context, auth_context, - &auth_context->key->keyblock, - auth_context->negotiated_etype); + retval = k5_generate_and_save_subkey(context, auth_context, + &auth_context->key->keyblock, + auth_context->negotiated_etype); if (retval) return retval; repl.subkey = &auth_context->send_subkey->keyblock; @@ -116,9 +117,9 @@ k5_mk_rep(krb5_context context, krb5_auth_context auth_context, if ((retval = encode_krb5_ap_rep_enc_part(&repl, &scratch))) return retval; - if ((retval = krb5_encrypt_keyhelper(context, auth_context->key, - KRB5_KEYUSAGE_AP_REP_ENCPART, - scratch, &reply.enc_part))) + if ((retval = k5_encrypt_keyhelper(context, auth_context->key, + KRB5_KEYUSAGE_AP_REP_ENCPART, scratch, + &reply.enc_part))) goto cleanup_scratch; if (!(retval = encode_krb5_ap_rep(&reply, &toutbuf))) { diff --git a/src/lib/krb5/krb/mk_req_ext.c b/src/lib/krb5/krb/mk_req_ext.c index 1938cbe9f..dce092781 100644 --- a/src/lib/krb5/krb/mk_req_ext.c +++ b/src/lib/krb5/krb/mk_req_ext.c @@ -174,9 +174,9 @@ krb5_mk_req_extended(krb5_context context, krb5_auth_context *auth_context, /* generate subkey if needed */ if ((ap_req_options & AP_OPTS_USE_SUBKEY)&&(!(*auth_context)->send_subkey)) { - retval = krb5int_generate_and_save_subkey (context, *auth_context, - &in_creds->keyblock, - in_creds->keyblock.enctype); + retval = k5_generate_and_save_subkey(context, *auth_context, + &in_creds->keyblock, + in_creds->keyblock.enctype); if (retval) goto cleanup; } diff --git a/src/lib/krb5/krb/preauth2.c b/src/lib/krb5/krb/preauth2.c index 7252048cb..747611ef2 100644 --- a/src/lib/krb5/krb/preauth2.c +++ b/src/lib/krb5/krb/preauth2.c @@ -35,6 +35,7 @@ #include "osconf.h" #include <krb5/clpreauth_plugin.h> #include "int-proto.h" +#include "os-proto.h" #include "fast.h" #include "init_creds_ctx.h" diff --git a/src/lib/krb5/krb/preauth_sam2.c b/src/lib/krb5/krb/preauth_sam2.c index e6e2c68d5..6888e941e 100644 --- a/src/lib/krb5/krb/preauth_sam2.c +++ b/src/lib/krb5/krb/preauth_sam2.c @@ -28,6 +28,7 @@ #include <k5-int.h> #include <krb5/clpreauth_plugin.h> #include "int-proto.h" +#include "os-proto.h" #include "init_creds_ctx.h" /* this macro expands to the int,ptr necessary for "%.*s" in an sprintf */ @@ -182,17 +183,17 @@ sam2_process(krb5_context context, krb5_clpreauth_moddata moddata, kprompt.reply = &response_data; prompt_type = KRB5_PROMPT_TYPE_PREAUTH; - krb5int_set_prompt_types(context, &prompt_type); + k5_set_prompt_types(context, &prompt_type); if ((retval = ((*prompter)(context, prompter_data, name, banner, 1, &kprompt)))) { krb5_free_sam_challenge_2(context, sc2); krb5_free_sam_challenge_2_body(context, sc2b); - krb5int_set_prompt_types(context, 0); + k5_set_prompt_types(context, NULL); return(retval); } - krb5int_set_prompt_types(context, (krb5_prompt_type *)NULL); + k5_set_prompt_types(context, NULL); /* Generate salt used by string_to_key() */ if (ctx->default_salt) { diff --git a/src/lib/krb5/krb/s4u_creds.c b/src/lib/krb5/krb/s4u_creds.c index b3c536cc2..8d5f130a5 100644 --- a/src/lib/krb5/krb/s4u_creds.c +++ b/src/lib/krb5/krb/s4u_creds.c @@ -115,10 +115,9 @@ s4u_identify_user(krb5_context context, client = &client_data; } - code = krb5int_get_init_creds(context, &creds, client, - NULL, NULL, 0, NULL, opts, - krb5_get_as_key_noop, &userid, - &use_master, NULL); + code = k5_get_init_creds(context, &creds, client, NULL, NULL, 0, NULL, + opts, krb5_get_as_key_noop, &userid, &use_master, + NULL); if (code == 0 || code == KRB5_PREAUTH_FAILED) { *canon_user = userid.user; userid.user = NULL; @@ -517,7 +516,7 @@ krb5_get_self_cred_from_kdc(krb5_context context, tgtptr = tgt; - code = krb5int_copy_creds_contents(context, in_creds, &s4u_creds); + code = k5_copy_creds_contents(context, in_creds, &s4u_creds); if (code != 0) goto cleanup; diff --git a/src/lib/krb5/krb/sendauth.c b/src/lib/krb5/krb/sendauth.c index dc0c6e863..b1dde3c75 100644 --- a/src/lib/krb5/krb/sendauth.c +++ b/src/lib/krb5/krb/sendauth.c @@ -25,6 +25,7 @@ */ #include "k5-int.h" +#include "os-proto.h" #include "com_err.h" #include "auth_con.h" #include <errno.h> @@ -63,7 +64,7 @@ krb5_sendauth(krb5_context context, krb5_auth_context *auth_context, outbuf[0].data = (char *) sendauth_version; outbuf[1].length = strlen(appl_version) + 1; outbuf[1].data = appl_version; - if ((retval = krb5int_write_messages(context, fd, outbuf, 2))) + if ((retval = k5_write_messages(context, fd, outbuf, 2))) return(retval); /* * Now, read back a byte: 0 means no error, 1 means bad sendauth diff --git a/src/lib/krb5/krb/ser_ctx.c b/src/lib/krb5/krb/ser_ctx.c index 0452ebf1d..b52a04d0f 100644 --- a/src/lib/krb5/krb/ser_ctx.c +++ b/src/lib/krb5/krb/ser_ctx.c @@ -189,7 +189,8 @@ krb5_context_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet **b context = (krb5_context) arg; if (!context) return (EINVAL); - KRB5_VERIFY_MAGIC(context, KV5M_CONTEXT); + if (context->magic != KV5M_CONTEXT) + return (KV5M_CONTEXT); if ((kret = krb5_context_size(kcontext, arg, &required))) return (kret); diff --git a/src/lib/krb5/krb/srv_dec_tkt.c b/src/lib/krb5/krb/srv_dec_tkt.c index 094758ce2..708a25fb2 100644 --- a/src/lib/krb5/krb/srv_dec_tkt.c +++ b/src/lib/krb5/krb/srv_dec_tkt.c @@ -40,10 +40,9 @@ #include <k5-int.h> #ifndef LEAN_CLIENT -krb5_error_code KRB5_CALLCONV -krb5int_server_decrypt_ticket_keyblock(krb5_context context, - const krb5_keyblock *key, - krb5_ticket *ticket) +static krb5_error_code +decrypt_ticket_keyblock(krb5_context context, const krb5_keyblock *key, + krb5_ticket *ticket) { krb5_error_code retval; krb5_data *realm; @@ -85,7 +84,7 @@ krb5_server_decrypt_ticket_keytab(krb5_context context, ticket->enc_part.kvno, ticket->enc_part.enctype, &ktent); if (retval == 0) { - retval = krb5int_server_decrypt_ticket_keyblock(context, &ktent.key, ticket); + retval = decrypt_ticket_keyblock(context, &ktent.key, ticket); (void) krb5_free_keytab_entry_contents(context, &ktent); } @@ -103,7 +102,7 @@ krb5_server_decrypt_ticket_keytab(krb5_context context, if (ktent.key.enctype != ticket->enc_part.enctype) continue; - retval = krb5int_server_decrypt_ticket_keyblock(context, &ktent.key, ticket); + retval = decrypt_ticket_keyblock(context, &ktent.key, ticket); if (retval == 0) { krb5_principal tmp; diff --git a/src/lib/krb5/krb/t_cc_config.c b/src/lib/krb5/krb/t_cc_config.c index 04e7283d2..156a5b5d9 100644 --- a/src/lib/krb5/krb/t_cc_config.c +++ b/src/lib/krb5/krb/t_cc_config.c @@ -36,6 +36,7 @@ */ #include <k5-int.h> +#include "int-proto.h" #include <getopt.h> static void @@ -70,8 +71,8 @@ unset_config(krb5_context context, krb5_ccache ccache, memset(&mcreds, 0, sizeof(mcreds)); memset(&creds, 0, sizeof(creds)); bail_on_err(context, "Error while deriving configuration principal names", - krb5int_build_conf_principals(context, ccache, server, key, - &mcreds)); + k5_build_conf_principals(context, ccache, server, key, + &mcreds)); bail_on_err(context, "Error resolving first in-memory ccache", krb5_cc_resolve(context, "MEMORY:tmp1", &tmp1)); bail_on_err(context, "Error initializing first in-memory ccache", diff --git a/src/lib/krb5/libkrb5.exports b/src/lib/krb5/libkrb5.exports index de4195915..b0547d52a 100644 --- a/src/lib/krb5/libkrb5.exports +++ b/src/lib/krb5/libkrb5.exports @@ -105,9 +105,8 @@ initialize_krb5_error_table initialize_k5e1_error_table initialize_kv5m_error_table initialize_prof_error_table +k5_build_conf_principals k5_ccselect_free_context -k5_copy_etypes -k5_count_etypes k5_etypes_contains k5_expand_path_tokens k5_expand_path_tokens_extra @@ -116,8 +115,11 @@ k5_free_otp_tokeninfo k5_free_pa_otp_challenge k5_free_pa_otp_req k5_free_serverlist +k5_init_trace k5_kt_get_principal k5_locate_kdc +k5_os_free_context +k5_os_init_context k5_plugin_free_modules k5_plugin_load k5_plugin_load_all @@ -215,7 +217,6 @@ krb5_cc_register krb5_cc_remove_cred krb5_cc_resolve krb5_cc_retrieve_cred -krb5_cc_retrieve_cred_default krb5_cc_select krb5_cc_set_config krb5_cc_set_default_name @@ -248,7 +249,6 @@ krb5_copy_keyblock krb5_copy_keyblock_contents krb5_copy_principal krb5_copy_ticket -krb5_create_secure_file krb5_crypto_us_timeofday krb5_decode_authdata_container krb5_decode_ticket @@ -444,9 +444,6 @@ krb5_mk_req_extended krb5_mk_safe krb5_net_read krb5_net_write -krb5_os_free_context -krb5_os_hostaddr -krb5_os_init_context krb5_os_localaddr krb5_overridekeyname krb5_pac_add_buffer @@ -569,7 +566,6 @@ krb5_sname_to_principal krb5_string_to_deltat krb5_string_to_salttype krb5_string_to_timestamp -krb5_sync_disk_file krb5int_tgtname krb5_tkt_creds_free krb5_tkt_creds_get @@ -597,10 +593,8 @@ krb5_vset_error_message krb5_walk_realm_tree krb5_write_message krb5int_accessor -krb5int_build_conf_principals krb5int_cc_default krb5int_cleanup_library -krb5int_clean_hostname krb5int_cm_call_select krb5int_copy_data_contents krb5int_copy_data_contents_add0 @@ -609,7 +603,6 @@ krb5int_foreach_localaddr krb5int_free_data_list krb5int_get_authdata_containee_types krb5int_init_context_kdc -krb5int_init_trace krb5int_initialize_library krb5int_parse_enctype_list krb5int_sendtokdc_debug_handler diff --git a/src/lib/krb5/os/accessor.c b/src/lib/krb5/os/accessor.c index 2e31e83a9..df63b14fa 100644 --- a/src/lib/krb5/os/accessor.c +++ b/src/lib/krb5/os/accessor.c @@ -26,6 +26,7 @@ #include "k5-int.h" #include "os-proto.h" +#include "../krb/int-proto.h" /* If this trick gets used elsewhere, move it to k5-platform.h. */ #ifndef DESIGNATED_INITIALIZERS @@ -52,7 +53,7 @@ krb5int_accessor(krb5int_access *internals, krb5_int32 version) #endif S (auth_con_get_subkey_enctype, krb5_auth_con_get_subkey_enctype), - S (clean_hostname, krb5int_clean_hostname), + S (clean_hostname, k5_clean_hostname), #ifndef LEAN_CLIENT #define SC(FIELD, VAL) S(FIELD, VAL) @@ -101,7 +102,7 @@ krb5int_accessor(krb5int_access *internals, krb5_int32 version) SC (decode_krb5_td_dh_parameters, decode_krb5_td_dh_parameters), SC (encode_krb5_kdc_req_body, encode_krb5_kdc_req_body), SC (free_kdc_req, krb5_free_kdc_req), - SC (set_prompt_types, krb5int_set_prompt_types), + SC (set_prompt_types, k5_set_prompt_types), #undef SC #if DESIGNATED_INITIALIZERS diff --git a/src/lib/krb5/os/def_realm.c b/src/lib/krb5/os/def_realm.c index f47e170a5..0ebe9db69 100644 --- a/src/lib/krb5/os/def_realm.c +++ b/src/lib/krb5/os/def_realm.c @@ -51,6 +51,8 @@ #define MAXHOSTNAMELEN 64 #endif +#define MAX_DNS_NAMELEN (15*(MAXHOSTNAMELEN + 1)+1) + #endif /* KRB5_DNS_LOOKUP */ /* diff --git a/src/lib/krb5/os/dnsglue.h b/src/lib/krb5/os/dnsglue.h index e66de6ad8..2f9192faf 100644 --- a/src/lib/krb5/os/dnsglue.h +++ b/src/lib/krb5/os/dnsglue.h @@ -155,5 +155,19 @@ int krb5int_dns_expand(struct krb5int_dns_state *, const unsigned char *, char *, int); void krb5int_dns_fini(struct krb5int_dns_state *); +struct srv_dns_entry { + struct srv_dns_entry *next; + int priority; + int weight; + unsigned short port; + char *host; +}; + +krb5_error_code krb5int_make_srv_query_realm(const krb5_data *realm, + const char *service, + const char *protocol, + struct srv_dns_entry **answers); +void krb5int_free_srv_dns_data(struct srv_dns_entry *); + #endif /* KRB5_DNS_LOOKUP */ #endif /* !defined(KRB5_DNSGLUE_H) */ diff --git a/src/lib/krb5/os/hostaddr.c b/src/lib/krb5/os/hostaddr.c index a38fad5d9..22f6ad6d4 100644 --- a/src/lib/krb5/os/hostaddr.c +++ b/src/lib/krb5/os/hostaddr.c @@ -25,12 +25,13 @@ */ #include "k5-int.h" +#include "os-proto.h" #include "fake-addrinfo.h" krb5_error_code -krb5_os_hostaddr(krb5_context context, const char *name, - krb5_address ***ret_addrs) +k5_os_hostaddr(krb5_context context, const char *name, + krb5_address ***ret_addrs) { krb5_error_code retval; krb5_address **addrs; diff --git a/src/lib/krb5/os/hst_realm.c b/src/lib/krb5/os/hst_realm.c index 599823ef4..7160873a3 100644 --- a/src/lib/krb5/os/hst_realm.c +++ b/src/lib/krb5/os/hst_realm.c @@ -31,7 +31,7 @@ /* * krb5_get_host_realm() * krb5_get_fallback_host_realm() - * krb5int_clean_hostname() + * k5_clean_hostname() * krb5_free_host_realm() */ @@ -98,7 +98,7 @@ domain_heuristic(krb5_context context, const char *domain, #endif /* MAXDNAME */ #endif /* KRB5_DNS_LOOKUP */ -krb5_error_code krb5int_translate_gai_error (int); +static krb5_error_code krb5int_translate_gai_error(int); static krb5_error_code get_fq_hostname(char *buf, size_t bufsize, const char *name) @@ -144,7 +144,7 @@ krb5_get_host_realm(krb5_context context, const char *host, char ***realmsp) TRACE_GET_HOST_REALM(context, host); - retval = krb5int_clean_hostname(context, host, local_host, sizeof local_host); + retval = k5_clean_hostname(context, host, local_host, sizeof local_host); if (retval) return retval; @@ -216,7 +216,7 @@ krb5_get_host_realm(krb5_context context, const char *host, char ***realmsp) # endif #endif -krb5_error_code +static krb5_error_code krb5int_translate_gai_error (int num) { switch (num) { @@ -279,7 +279,7 @@ krb5_get_fallback_host_realm(krb5_context context, TRACE_GET_FALLBACK_HOST_REALM(context, host); - retval = krb5int_clean_hostname(context, host, local_host, sizeof local_host); + retval = k5_clean_hostname(context, host, local_host, sizeof local_host); if (retval) return retval; @@ -367,8 +367,8 @@ krb5_get_fallback_host_realm(krb5_context context, * to do basic sanity checks on supplied hostname. */ krb5_error_code -krb5int_clean_hostname(krb5_context context, - const char *host, char *local_host, size_t lhsize) +k5_clean_hostname(krb5_context context, const char *host, char *local_host, + size_t lhsize) { char *cp; krb5_error_code retval; diff --git a/src/lib/krb5/os/init_os_ctx.c b/src/lib/krb5/os/init_os_ctx.c index 56b8d92f7..2afe2e127 100644 --- a/src/lib/krb5/os/init_os_ctx.c +++ b/src/lib/krb5/os/init_os_ctx.c @@ -234,7 +234,7 @@ free_filespecs(profile_filespec_t *files) /* This function is needed by KfM's KerberosPreferences API * because it needs to be able to specify "secure" */ -krb5_error_code +static krb5_error_code os_get_default_config_files(profile_filespec_t **pfiles, krb5_boolean secure) { profile_filespec_t* files; @@ -421,7 +421,7 @@ os_init_paths(krb5_context ctx, krb5_boolean kdc) } krb5_error_code -krb5_os_init_context(krb5_context ctx, profile_t profile, krb5_flags flags) +k5_os_init_context(krb5_context ctx, profile_t profile, krb5_flags flags) { krb5_os_context os_ctx; krb5_error_code retval = 0; @@ -499,7 +499,7 @@ krb5_free_config_files(char **filenames) } void -krb5_os_free_context(krb5_context ctx) +k5_os_free_context(krb5_context ctx) { krb5_os_context os_ctx; diff --git a/src/lib/krb5/os/krbfileio.c b/src/lib/krb5/os/krbfileio.c index 6dce8ca9a..41cd40fcf 100644 --- a/src/lib/krb5/os/krbfileio.c +++ b/src/lib/krb5/os/krbfileio.c @@ -26,10 +26,6 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * - * - * krb5_create_secure_file - * krb5_sync_disk_file */ #ifdef MODULE_VERSION_ID @@ -38,6 +34,7 @@ static char *VersionID = "@(#)krbfileio.c 2 - 08/22/91"; #include "k5-int.h" +#include "os-proto.h" #ifdef HAVE_SYS_FILE_H #include <sys/file.h> #endif @@ -52,7 +49,7 @@ static char *VersionID = "@(#)krbfileio.c 2 - 08/22/91"; #endif krb5_error_code -krb5_create_secure_file(krb5_context context, const char *pathname) +k5_create_secure_file(krb5_context context, const char *pathname) { int fd; @@ -89,7 +86,7 @@ krb5_create_secure_file(krb5_context context, const char *pathname) } krb5_error_code -krb5_sync_disk_file(krb5_context context, FILE *fp) +k5_sync_disk_file(krb5_context context, FILE *fp) { fflush(fp); #if !defined(MSDOS_FILESYSTEM) diff --git a/src/lib/krb5/os/localaddr.c b/src/lib/krb5/os/localaddr.c index faa214a4a..f894d05a3 100644 --- a/src/lib/krb5/os/localaddr.c +++ b/src/lib/krb5/os/localaddr.c @@ -34,6 +34,7 @@ */ #include "k5-int.h" +#include "os-proto.h" #if !defined(_WIN32) @@ -1291,7 +1292,7 @@ krb5_os_localaddr_profile (krb5_context context, struct localaddr_data *datap) fprintf (stderr, " processing '%s'\n", current); #endif newaddrs = 0; - err = krb5_os_hostaddr (context, current, &newaddrs); + err = k5_os_hostaddr (context, current, &newaddrs); if (err) continue; for (i = 0; newaddrs[i]; i++) { diff --git a/src/lib/krb5/os/locate_kdc.c b/src/lib/krb5/os/locate_kdc.c index 5bf77761a..283f36c3e 100644 --- a/src/lib/krb5/os/locate_kdc.c +++ b/src/lib/krb5/os/locate_kdc.c @@ -38,14 +38,7 @@ #include <resolv.h> #include <netdb.h> #endif /* WSHELPER */ -#ifndef T_SRV -#define T_SRV 33 -#endif /* T_SRV */ - -/* for old Unixes and friends ... */ -#ifndef MAXHOSTNAMELEN -#define MAXHOSTNAMELEN 64 -#endif +#include "dnsglue.h" #if KRB5_DNS_LOOKUP_KDC #define DEFAULT_LOOKUP_KDC 1 @@ -488,8 +481,8 @@ prof_locate_server(krb5_context context, const krb5_data *realm, break; case locate_service_krb524: profname = KRB5_CONF_KRB524_SERVER; - serv = getservbyname(KRB524_SERVICE, "udp"); - dflport1 = serv ? serv->s_port : htons (KRB524_PORT); + serv = getservbyname("krb524", "udp"); + dflport1 = serv ? serv->s_port : htons(4444); break; case locate_service_kpasswd: profname = KRB5_CONF_KPASSWD_SERVER; diff --git a/src/lib/krb5/os/os-proto.h b/src/lib/krb5/os/os-proto.h index e50a0d456..83c9d65f9 100644 --- a/src/lib/krb5/os/os-proto.h +++ b/src/lib/krb5/os/os-proto.h @@ -110,6 +110,24 @@ krb5_error_code k5_expand_path_tokens_extra(krb5_context context, const char *path_in, char **path_out, ...); +krb5_error_code k5_create_secure_file(krb5_context, const char * pathname); +krb5_error_code k5_sync_disk_file(krb5_context, FILE *fp); +krb5_error_code k5_os_init_context(krb5_context context, profile_t profile, + krb5_flags flags); +void k5_os_free_context(krb5_context); +krb5_error_code k5_os_hostaddr(krb5_context, const char *, krb5_address ***); +krb5_error_code k5_time_with_offset(krb5_timestamp offset, + krb5_int32 offset_usec, + krb5_timestamp *time_out, + krb5_int32 *usec_out); +void k5_set_prompt_types(krb5_context, krb5_prompt_type *); +krb5_error_code k5_clean_hostname(krb5_context, const char *, char *, size_t); +krb5_error_code k5_kt_client_default_name(krb5_context context, + char **name_out); +krb5_error_code k5_write_messages(krb5_context, krb5_pointer, krb5_data *, + int); +void k5_init_trace(krb5_context context); + #include "k5-thread.h" extern k5_mutex_t krb5int_us_time_mutex; diff --git a/src/lib/krb5/os/prompter.c b/src/lib/krb5/os/prompter.c index aa7399c77..26cdebc37 100644 --- a/src/lib/krb5/os/prompter.c +++ b/src/lib/krb5/os/prompter.c @@ -1,5 +1,6 @@ /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ #include "k5-int.h" +#include "os-proto.h" #if !defined(_WIN32) || (defined(_WIN32) && defined(__CYGWIN32__)) #include <stdio.h> #include <errno.h> @@ -317,7 +318,7 @@ krb5_prompter_posix(krb5_context context, #endif /* Windows or Mac */ void -krb5int_set_prompt_types(krb5_context context, krb5_prompt_type *types) +k5_set_prompt_types(krb5_context context, krb5_prompt_type *types) { context->prompt_types = types; } diff --git a/src/lib/krb5/os/trace.c b/src/lib/krb5/os/trace.c index 21fe1052c..97e1c0660 100644 --- a/src/lib/krb5/os/trace.c +++ b/src/lib/krb5/os/trace.c @@ -38,6 +38,7 @@ */ #include "k5-int.h" +#include "os-proto.h" #include "cm.h" #ifndef DISABLE_TRACING @@ -328,7 +329,7 @@ subfmt(krb5_context context, struct k5buf *buf, const char *fmt, ...) } void -krb5int_init_trace(krb5_context context) +k5_init_trace(krb5_context context) { const char *filename; diff --git a/src/lib/krb5/os/ustime.c b/src/lib/krb5/os/ustime.c index 90fa4a6e2..056357683 100644 --- a/src/lib/krb5/os/ustime.c +++ b/src/lib/krb5/os/ustime.c @@ -34,6 +34,7 @@ */ #include "k5-int.h" +#include "os-proto.h" krb5_error_code k5_time_with_offset(krb5_timestamp offset, krb5_int32 offset_usec, diff --git a/src/lib/krb5/os/write_msg.c b/src/lib/krb5/os/write_msg.c index b745f3fad..a9d6050b1 100644 --- a/src/lib/krb5/os/write_msg.c +++ b/src/lib/krb5/os/write_msg.c @@ -36,8 +36,8 @@ * efficiently. */ krb5_error_code -krb5int_write_messages(krb5_context context, krb5_pointer fdp, - krb5_data *outbuf, int nbufs) +k5_write_messages(krb5_context context, krb5_pointer fdp, krb5_data *outbuf, + int nbufs) { int fd = *( (int *) fdp); @@ -72,5 +72,5 @@ krb5int_write_messages(krb5_context context, krb5_pointer fdp, krb5_error_code krb5_write_message(krb5_context context, krb5_pointer fdp, krb5_data *outbuf) { - return krb5int_write_messages(context, fdp, outbuf, 1); + return k5_write_messages(context, fdp, outbuf, 1); } diff --git a/src/lib/krb5_32.def b/src/lib/krb5_32.def index d093d1f7b..57604ade4 100644 --- a/src/lib/krb5_32.def +++ b/src/lib/krb5_32.def @@ -443,7 +443,6 @@ EXPORTS krb5_responder_otp_challenge_free @415 krb5_cc_move @416 krb5_get_init_creds_opt_set_in_ccache @417 - krb5int_build_conf_principals @418 ; PRIVATE ; new in 1.12 krb5_free_enctypes @419 |