1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

s4:heimdal: import lorikeet-heimdal-201001120029 (commit a5e675fed7c5db8a7370b77ed0bfa724196aa84d)

This commit is contained in:
Andrew Bartlett 2010-01-12 18:16:45 +11:00
parent fac8ca52ad
commit 89eaef0253
222 changed files with 4093 additions and 1941 deletions

View File

@ -253,8 +253,14 @@ $private_h_trailer = "";
foreach(sort keys %funcs){
if(/^(main)$/) { next }
if ($funcs{$_} =~ /\^/) {
$beginblock = "#ifdef __BLOCKS__\n";
$endblock = "#endif /* __BLOCKS__ */\n";
} else {
$beginblock = $endblock = "";
}
if(!defined($exported{$_}) && /$private_func_re/) {
$private_h .= $funcs{$_} . "\n\n";
$private_h .= $beginblock . $funcs{$_} . "\n" . $endblock . "\n";
if($funcs{$_} =~ /__attribute__/) {
$private_attribute_seen = 1;
}
@ -267,7 +273,7 @@ foreach(sort keys %funcs){
$public_h .= "#ifndef HAVE_$fupper\n";
}
}
$public_h .= $funcs{$_} . "\n";
$public_h .= $beginblock . $funcs{$_} . "\n" . $endblock;
if($funcs{$_} =~ /__attribute__/) {
$public_attribute_seen = 1;
}
@ -310,26 +316,33 @@ extern \"C\" {
}
if ($opt_E) {
$public_h_header .= "#ifndef $opt_E
#ifndef ${opt_E}_FUNCTION
#if defined(_WIN32)
#define ${opt_E}_FUNCTION __stdcall __declspec(dllimport)
#define ${opt_E}_FUNCTION __declspec(dllimport)
#define ${opt_E}_CALL __stdcall
#define ${opt_E}_VARIABLE __declspec(dllimport)
#else
#define ${opt_E}_FUNCTION
#define ${opt_E}_CALL
#define ${opt_E}_VARIABLE
#endif
#endif
#endif
";
$private_h_header .= "#ifndef $opt_E
#ifndef ${opt_E}_FUNCTION
#if defined(_WIN32)
#define ${opt_E}_FUNCTION __stdcall __declspec(dllimport)
#define ${opt_E}_FUNCTION __declspec(dllimport)
#define ${opt_E}_CALL __stdcall
#define ${opt_E}_VARIABLE __declspec(dllimport)
#else
#define ${opt_E}_FUNCTION
#define ${opt_E}_CALL
#define ${opt_E}_VARIABLE
#endif
#endif
#endif
";
}

View File

@ -1,9 +1,10 @@
/*
* Copyright (c) 1997-2007 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
*
* All rights reserved.
*
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@ -215,7 +216,6 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
"kdc", "kdc_warn_pwexpire", NULL);
#ifdef PKINIT
c->enable_pkinit =
krb5_config_get_bool_default(context,
NULL,
@ -223,74 +223,73 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
"kdc",
"enable-pkinit",
NULL);
if (c->enable_pkinit) {
const char *user_id, *anchors, *file;
char **pool_list, **revoke_list;
user_id =
krb5_config_get_string(context, NULL,
"kdc", "pkinit_identity", NULL);
if (user_id == NULL)
krb5_errx(context, 1, "pkinit enabled but no identity");
anchors = krb5_config_get_string(context, NULL,
"kdc", "pkinit_anchors", NULL);
if (anchors == NULL)
krb5_errx(context, 1, "pkinit enabled but no X509 anchors");
pool_list =
krb5_config_get_strings(context, NULL,
"kdc", "pkinit_pool", NULL);
revoke_list =
krb5_config_get_strings(context, NULL,
"kdc", "pkinit_revoke", NULL);
file = krb5_config_get_string(context, NULL,
"kdc", "pkinit_kdc_ocsp", NULL);
if (file) {
c->pkinit_kdc_ocsp_file = strdup(file);
if (c->pkinit_kdc_ocsp_file == NULL)
krb5_errx(context, 1, "out of memory");
}
file = krb5_config_get_string(context, NULL,
"kdc", "pkinit_kdc_friendly_name", NULL);
if (file) {
c->pkinit_kdc_friendly_name = strdup(file);
if (c->pkinit_kdc_friendly_name == NULL)
krb5_errx(context, 1, "out of memory");
}
_kdc_pk_initialize(context, c, user_id, anchors,
pool_list, revoke_list);
krb5_config_free_strings(pool_list);
krb5_config_free_strings(revoke_list);
c->pkinit_princ_in_cert =
krb5_config_get_bool_default(context, NULL,
c->pkinit_princ_in_cert,
"kdc",
"pkinit_principal_in_certificate",
NULL);
c->pkinit_require_binding =
krb5_config_get_bool_default(context, NULL,
c->pkinit_require_binding,
"kdc",
"pkinit_win2k_require_binding",
NULL);
}
c->pkinit_kdc_identity =
krb5_config_get_string(context, NULL,
"kdc", "pkinit_identity", NULL);
c->pkinit_kdc_anchors =
krb5_config_get_string(context, NULL,
"kdc", "pkinit_anchors", NULL);
c->pkinit_kdc_cert_pool =
krb5_config_get_strings(context, NULL,
"kdc", "pkinit_pool", NULL);
c->pkinit_kdc_revoke =
krb5_config_get_strings(context, NULL,
"kdc", "pkinit_revoke", NULL);
c->pkinit_kdc_ocsp_file =
krb5_config_get_string(context, NULL,
"kdc", "pkinit_kdc_ocsp", NULL);
c->pkinit_kdc_friendly_name =
krb5_config_get_string(context, NULL,
"kdc", "pkinit_kdc_friendly_name", NULL);
c->pkinit_princ_in_cert =
krb5_config_get_bool_default(context, NULL,
c->pkinit_princ_in_cert,
"kdc",
"pkinit_principal_in_certificate",
NULL);
c->pkinit_require_binding =
krb5_config_get_bool_default(context, NULL,
c->pkinit_require_binding,
"kdc",
"pkinit_win2k_require_binding",
NULL);
c->pkinit_dh_min_bits =
krb5_config_get_int_default(context, NULL,
0,
"kdc", "pkinit_dh_min_bits", NULL);
#ifdef __APPLE__
c->enable_pkinit = 1;
if (c->pkinit_kdc_identity == NULL) {
if (c->pkinit_kdc_friendly_name == NULL)
c->pkinit_kdc_friendly_name =
strdup("O=System Identity,CN=com.apple.kerberos.kdc");
c->pkinit_kdc_identity = strdup("KEYCHAIN:");
}
if (c->pkinit_kdc_anchors == NULL)
c->pkinit_kdc_anchors = strdup("KEYCHAIN:");
#endif
if (c->enable_pkinit) {
if (c->pkinit_kdc_identity == NULL)
krb5_errx(context, 1, "pkinit enabled but no identity");
if (c->pkinit_kdc_anchors == NULL)
krb5_errx(context, 1, "pkinit enabled but no X509 anchors");
krb5_kdc_pk_initialize(context, c,
c->pkinit_kdc_identity,
c->pkinit_kdc_anchors,
c->pkinit_kdc_cert_pool,
c->pkinit_kdc_revoke);
}
*config = c;
return 0;

View File

@ -38,9 +38,8 @@
#ifndef __HEADERS_H__
#define __HEADERS_H__
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <limits.h>
#include <stdio.h>
#include <stdlib.h>

View File

@ -74,8 +74,12 @@ typedef struct krb5_kdc_configuration {
krb5_boolean enable_pkinit;
krb5_boolean pkinit_princ_in_cert;
char *pkinit_kdc_ocsp_file;
char *pkinit_kdc_friendly_name;
const char *pkinit_kdc_identity;
const char *pkinit_kdc_anchors;
const char *pkinit_kdc_friendly_name;
const char *pkinit_kdc_ocsp_file;
char **pkinit_kdc_cert_pool;
char **pkinit_kdc_revoke;
int pkinit_dh_min_bits;
int pkinit_require_binding;
int pkinit_allow_proxy_certs;

View File

@ -77,4 +77,8 @@ loop(krb5_context context, krb5_kdc_configuration *config);
krb5_kdc_configuration *
configure(krb5_context context, int argc, char **argv);
#ifdef __APPLE__
void bonjour_announce(krb5_context, krb5_kdc_configuration *);
#endif
#endif /* __KDC_LOCL_H__ */

View File

@ -60,13 +60,13 @@ realloc_method_data(METHOD_DATA *md)
}
static void
set_salt_padata (METHOD_DATA *md, Salt *salt)
set_salt_padata(METHOD_DATA *md, Salt *salt)
{
if (salt) {
realloc_method_data(md);
md->val[md->len - 1].padata_type = salt->type;
der_copy_octet_string(&salt->salt,
&md->val[md->len - 1].padata_value);
realloc_method_data(md);
md->val[md->len - 1].padata_type = salt->type;
der_copy_octet_string(&salt->salt,
&md->val[md->len - 1].padata_value);
}
}
@ -127,7 +127,7 @@ is_default_salt_p(const krb5_salt *default_salt, const Key *key)
krb5_error_code
_kdc_find_etype(krb5_context context, const hdb_entry_ex *princ,
krb5_enctype *etypes, unsigned len,
Key **ret_key, krb5_enctype *ret_etype)
Key **ret_key)
{
int i;
krb5_error_code ret = KRB5KDC_ERR_ETYPE_NOSUPP;
@ -148,7 +148,6 @@ _kdc_find_etype(krb5_context context, const hdb_entry_ex *princ,
continue;
}
*ret_key = key;
*ret_etype = etypes[i];
ret = 0;
if (is_default_salt_p(&def_salt, key)) {
krb5_free_salt (context, def_salt);
@ -287,8 +286,9 @@ _kdc_encode_reply(krb5_context context,
ret = krb5_crypto_init(context, skey, etype, &crypto);
if (ret) {
const char *msg;
free(buf);
const char *msg = krb5_get_error_message(context, ret);
msg = krb5_get_error_message(context, ret);
kdc_log(context, config, 0, "krb5_crypto_init failed: %s", msg);
krb5_free_error_message(context, msg);
return ret;
@ -902,7 +902,7 @@ _kdc_as_rep(krb5_context context,
KDCOptions f = b->kdc_options;
hdb_entry_ex *client = NULL, *server = NULL;
HDB *clientdb;
krb5_enctype cetype, setype, sessionetype;
krb5_enctype setype, sessionetype;
krb5_data e_data;
EncTicketPart et;
EncKDCRepPart ek;
@ -912,15 +912,20 @@ _kdc_as_rep(krb5_context context,
const char *e_text = NULL;
krb5_crypto crypto;
Key *ckey, *skey;
EncryptionKey *reply_key;
EncryptionKey *reply_key, session_key;
int flags = 0;
#ifdef PKINIT
pk_client_params *pkp = NULL;
#endif
memset(&rep, 0, sizeof(rep));
memset(&session_key, 0, sizeof(session_key));
krb5_data_zero(&e_data);
ALLOC(rep.padata);
rep.padata->len = 0;
rep.padata->val = NULL;
if (f.canonicalize)
flags |= HDB_F_CANON;
@ -1009,18 +1014,58 @@ _kdc_as_rep(krb5_context context,
memset(&ek, 0, sizeof(ek));
/*
* Find the client key for reply encryption and pa-type salt, Pick
* the client key upfront before the other keys because that is
* going to affect what enctypes we are going to use in
* ETYPE-INFO{,2}.
* Select a session enctype from the list of the crypto systems
* supported enctype, is supported by the client and is one of the
* enctype of the enctype of the krbtgt.
*
* The later is used as a hint what enctype all KDC are supporting
* to make sure a newer version of KDC wont generate a session
* enctype that and older version of a KDC in the same realm can't
* decrypt.
*
* But if the KDC admin is paranoid and doesn't want to have "no
* the best" enctypes on the krbtgt, lets save the best pick from
* the client list and hope that that will work for any other
* KDCs.
*/
{
const krb5_enctype *p;
krb5_enctype clientbest = ETYPE_NULL;
int i, j;
ret = _kdc_find_etype(context, client, b->etype.val, b->etype.len,
&ckey, &cetype);
if (ret) {
kdc_log(context, config, 0,
"Client (%s) has no support for etypes", client_name);
goto out;
p = krb5_kerberos_enctypes(context);
sessionetype = ETYPE_NULL;
for (i = 0; p[i] != ETYPE_NULL && sessionetype == ETYPE_NULL; i++) {
if (krb5_enctype_valid(context, p[i]) != 0)
continue;
for (j = 0; j < b->etype.len && sessionetype == ETYPE_NULL; j++) {
Key *dummy;
/* check with client */
if (p[i] != b->etype.val[j])
continue;
/* save best of union of { client, crypto system } */
if (clientbest == ETYPE_NULL)
clientbest = p[i];
/* check with krbtgt */
ret = hdb_enctype2key(context, &server->entry, p[i], &dummy);
if (ret)
continue;
sessionetype = p[i];
}
}
/* if krbtgt had no shared keys with client, pick clients best */
if (clientbest != ETYPE_NULL && sessionetype == ETYPE_NULL) {
sessionetype = clientbest;
} else if (sessionetype == ETYPE_NULL) {
kdc_log(context, config, 0,
"Client (%s) from %s has no common enctypes with KDC"
"to use for the session key",
client_name, from);
goto out;
}
}
/*
@ -1230,7 +1275,11 @@ _kdc_as_rep(krb5_context context,
}
et.flags.pre_authent = 1;
ret = krb5_enctype_to_string(context,pa_key->key.keytype, &str);
set_salt_padata(rep.padata, pa_key->salt);
reply_key = &pa_key->key;
ret = krb5_enctype_to_string(context, pa_key->key.keytype, &str);
if (ret)
str = NULL;
@ -1300,7 +1349,9 @@ _kdc_as_rep(krb5_context context,
/*
* If there is a client key, send ETYPE_INFO{,2}
*/
if (ckey) {
ret = _kdc_find_etype(context, client, b->etype.val, b->etype.len,
&ckey);
if (ret == 0) {
/*
* RFC4120 requires:
@ -1371,63 +1422,6 @@ _kdc_as_rep(krb5_context context,
if(ret)
goto out;
/*
* Select a session enctype from the list of the crypto systems
* supported enctype, is supported by the client and is one of the
* enctype of the enctype of the krbtgt.
*
* The later is used as a hint what enctype all KDC are supporting
* to make sure a newer version of KDC wont generate a session
* enctype that and older version of a KDC in the same realm can't
* decrypt.
*
* But if the KDC admin is paranoid and doesn't want to have "no
* the best" enctypes on the krbtgt, lets save the best pick from
* the client list and hope that that will work for any other
* KDCs.
*/
{
const krb5_enctype *p;
krb5_enctype clientbest = ETYPE_NULL;
int i, j;
p = krb5_kerberos_enctypes(context);
sessionetype = ETYPE_NULL;
for (i = 0; p[i] != ETYPE_NULL && sessionetype == ETYPE_NULL; i++) {
if (krb5_enctype_valid(context, p[i]) != 0)
continue;
for (j = 0; j < b->etype.len && sessionetype == ETYPE_NULL; j++) {
Key *dummy;
/* check with client */
if (p[i] != b->etype.val[j])
continue;
/* save best of union of { client, crypto system } */
if (clientbest == ETYPE_NULL)
clientbest = p[i];
/* check with krbtgt */
ret = hdb_enctype2key(context, &server->entry, p[i], &dummy);
if (ret)
continue;
sessionetype = p[i];
}
}
/* if krbtgt had no shared keys with client, pick clients best */
if (clientbest != ETYPE_NULL && sessionetype == ETYPE_NULL) {
sessionetype = clientbest;
} else if (sessionetype == ETYPE_NULL) {
kdc_log(context, config, 0,
"Client (%s) from %s has no common enctypes with KDC"
"to use for the session key",
client_name, from);
goto out;
}
}
log_as_req(context, config, cetype, setype, b);
if(f.renew || f.validate || f.proxy || f.forwarded || f.enc_tkt_in_skey
|| (f.request_anonymous && !config->allow_anonymous)) {
ret = KRB5KDC_ERR_BADOPTION;
@ -1622,10 +1616,6 @@ _kdc_as_rep(krb5_context context,
copy_HostAddresses(et.caddr, ek.caddr);
}
ALLOC(rep.padata);
rep.padata->len = 0;
rep.padata->val = NULL;
#if PKINIT
if (pkp) {
e_text = "Failed to build PK-INIT reply";
@ -1642,12 +1632,13 @@ _kdc_as_rep(krb5_context context,
goto out;
} else
#endif
if (ckey) {
reply_key = &ckey->key;
{
ret = krb5_generate_random_keyblock(context, sessionetype, &et.key);
if (ret)
goto out;
} else {
}
if (reply_key == NULL) {
e_text = "Client have no reply key";
ret = KRB5KDC_ERR_CLIENT_NOTYET;
goto out;
@ -1657,9 +1648,6 @@ _kdc_as_rep(krb5_context context,
if (ret)
goto out;
if (ckey)
set_salt_padata (rep.padata, ckey->salt);
/* Add signing of alias referral */
if (f.canonicalize) {
PA_ClientCanonicalized canon;
@ -1765,6 +1753,8 @@ _kdc_as_rep(krb5_context context,
if (ret)
goto out;
log_as_req(context, config, reply_key->keytype, setype, b);
ret = _kdc_encode_reply(context, config,
&rep, &et, &ek, setype, server->entry.kvno,
&skey->key, client->entry.kvno,

View File

@ -1633,14 +1633,15 @@ server_lookup:
} else {
Key *skey;
ret = _kdc_find_etype(context, server, b->etype.val, b->etype.len,
&skey, &etype);
ret = _kdc_find_etype(context, server,
b->etype.val, b->etype.len, &skey);
if(ret) {
kdc_log(context, config, 0,
"Server (%s) has no support for etypes", spn);
goto out;
}
ekey = &skey->key;
etype = skey->key.keytype;
kvno = server->entry.kvno;
}

View File

@ -345,10 +345,24 @@ _kdc_do_kx509(krb5_context context,
ret = krb5_principal_compare(context, sprincipal, principal);
krb5_free_principal(context, principal);
if (ret != TRUE) {
char *expected, *used;
ret = krb5_unparse_name(context, sprincipal, &expected);
if (ret)
goto out;
ret = krb5_unparse_name(context, principal, &used);
if (ret) {
krb5_xfree(expected);
goto out;
}
ret = KRB5KDC_ERR_SERVER_NOMATCH;
krb5_set_error_message(context, ret,
"User %s used wrong Kx509 service principal",
cname);
"User %s used wrong Kx509 service "
"principal, expected: %s, used %s",
cname, expected, used);
krb5_xfree(expected);
krb5_xfree(used);
goto out;
}
}

View File

@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@ -36,13 +38,14 @@ RCSID("$Id$");
void
kdc_openlog(krb5_context context,
const char *service,
krb5_kdc_configuration *config)
{
char **s = NULL, **p;
krb5_initlog(context, "kdc", &config->logf);
s = krb5_config_get_strings(context, NULL, "kdc", "logging", NULL);
s = krb5_config_get_strings(context, NULL, service, "logging", NULL);
if(s == NULL)
s = krb5_config_get_strings(context, NULL, "logging", "kdc", NULL);
s = krb5_config_get_strings(context, NULL, "logging", service, NULL);
if(s){
for(p = s; *p; p++)
krb5_addlog_dest(context, config->logf, *p);

View File

@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@ -1379,7 +1381,22 @@ _kdc_pk_mk_pa_reply(krb5_context context,
}
ASN1_MALLOC_ENCODE(PA_PK_AS_REP, buf, len, &rep, &size, ret);
#define use_btmm_with_enckey 0
if (use_btmm_with_enckey && rep.element == choice_PA_PK_AS_REP_encKeyPack) {
PA_PK_AS_REP_BTMM btmm;
heim_any any;
any.data = rep.u.encKeyPack.data;
any.length = rep.u.encKeyPack.length;
btmm.dhSignedData = NULL;
btmm.encKeyPack = &any;
ASN1_MALLOC_ENCODE(PA_PK_AS_REP_BTMM, buf, len, &btmm, &size, ret);
} else {
ASN1_MALLOC_ENCODE(PA_PK_AS_REP, buf, len, &rep, &size, ret);
}
free_PA_PK_AS_REP(&rep);
if (ret) {
krb5_set_error_message(context, ret,
@ -1928,12 +1945,12 @@ load_mappings(krb5_context context, const char *fn)
*/
krb5_error_code
_kdc_pk_initialize(krb5_context context,
krb5_kdc_configuration *config,
const char *user_id,
const char *anchors,
char **pool,
char **revoke_list)
krb5_kdc_pk_initialize(krb5_context context,
krb5_kdc_configuration *config,
const char *user_id,
const char *anchors,
char **pool,
char **revoke_list)
{
const char *file;
char *fn = NULL;

View File

@ -117,22 +117,21 @@ main (int argc, char **argv)
krb5_error_code ret;
krb5_context context;
krb5_principal principal;
int optind = 0;
krb5_get_init_creds_opt *opt;
krb5_ccache id = NULL;
int exit_value;
int optidx = 0;
optind = krb5_program_setup(&context, argc, argv,
args, sizeof(args) / sizeof(args[0]), usage);
setprogname(argv[0]);
if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
usage(1, args, sizeof(args) / sizeof(args[0]));
if (help_flag)
usage (0, args, sizeof(args) / sizeof(args[0]));
if(version_flag){
print_version (NULL);
exit(0);
usage(0, args, sizeof(args) / sizeof(args[0]));
if (version_flag) {
print_version(NULL);
return 0;
}
argc -= optind;
argv += optind;

View File

@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@ -33,6 +35,10 @@
#include "kuser_locl.h"
#ifdef __APPLE__
#include <Security/Security.h>
#endif
#ifndef HEIMDAL_SMALLER
#include "krb5-v4compat.h"
#endif
@ -113,7 +119,7 @@ static struct getargs args[] = {
{ "cache", 'c', arg_string, &cred_cache,
NP_("credentials cache", ""), "cachename" },
{ "forwardable", 'f', arg_flag, &forwardable_flag,
{ "forwardable", 'f', arg_negative_flag, &forwardable_flag,
NP_("get forwardable tickets", "")},
{ "keytab", 't', arg_string, &keytab_str,
@ -422,7 +428,7 @@ get_new_tickets(krb5_context context,
char passwd[256];
krb5_deltat start_time = 0;
krb5_deltat renew = 0;
const char *renewstr = NULL;
char *renewstr = NULL;
krb5_enctype *enctype = NULL;
krb5_ccache tempccache;
#ifndef NO_NTLM
@ -451,6 +457,33 @@ get_new_tickets(krb5_context context,
passwd[strcspn(passwd, "\n")] = '\0';
}
#ifdef __APPLE__
if (passwd[0] == '\0') {
const char *realm;
OSStatus osret;
UInt32 length;
void *buffer;
char *name;
realm = krb5_principal_get_realm(context, principal);
ret = krb5_unparse_name_flags(context, principal,
KRB5_PRINCIPAL_UNPARSE_NO_REALM, &name);
if (ret)
goto nopassword;
osret = SecKeychainFindGenericPassword(NULL, strlen(realm), realm,
strlen(name), name,
&length, &buffer, NULL);
free(name);
if (osret == noErr && length < sizeof(passwd) - 1) {
memcpy(passwd, buffer, length);
passwd[length] = '\0';
}
nopassword:
do { } while(0);
}
#endif
memset(&cred, 0, sizeof(cred));
@ -472,7 +505,7 @@ get_new_tickets(krb5_context context,
pac_flag ? TRUE : FALSE);
if (canonicalize_flag)
krb5_get_init_creds_opt_set_canonicalize(context, opt, TRUE);
if (pk_enterprise_flag && windows_flag)
if ((pk_enterprise_flag || enterprise_flag || canonicalize_flag) && windows_flag)
krb5_get_init_creds_opt_set_win2k(context, opt, TRUE);
if (pk_user_id || ent_user_id || anonymous_flag) {
ret = krb5_get_init_creds_opt_set_pkinit(context, opt,
@ -881,8 +914,23 @@ main (int argc, char **argv)
#endif
} else {
ret = krb5_cc_cache_match(context, principal, &ccache);
if (ret)
if (ret) {
const char *type;
ret = krb5_cc_default (context, &ccache);
if (ret)
krb5_err (context, 1, ret, N_("resolving credentials cache", ""));
/*
* Check if the type support switching, and we do,
* then do that instead over overwriting the current
* default credential
*/
type = krb5_cc_get_type(context, ccache);
if (krb5_cc_support_switch(context, type)) {
krb5_cc_close(context, ccache);
ret = krb5_cc_new_unique(context, type, NULL, &ccache);
}
}
}
}
if (ret)

View File

@ -2,6 +2,7 @@
#include <stddef.h>
#include <time.h>
#include <krb5-types.h>
#ifndef __asn1_common_definitions__
#define __asn1_common_definitions__

View File

@ -24,4 +24,6 @@ error_code MAX_CONSTRAINT, "ASN.1 too many elements"
error_code EXACT_CONSTRAINT, "ASN.1 wrong number of elements"
error_code INDEF_OVERRUN, "ASN.1 BER indefinte encoding overrun"
error_code INDEF_UNDERRUN, "ASN.1 BER indefinte encoding underun"
error_code GOT_BER, "ASN.1 got BER encoded when expected DER"
error_code INDEF_EXTRA_DATA, "ASN.1 EoC tag contained data"
end

View File

@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@ -250,7 +252,7 @@ ExtensionDefault: kw_EXTENSIBILITY kw_IMPLIED
| /* empty */
;
ModuleBody : /* Exports */ Imports AssignmentList
ModuleBody : Exports Imports AssignmentList
| /* empty */
;
@ -272,11 +274,22 @@ SymbolsFromModule: referencenames kw_FROM IDENTIFIER objid_opt
for(sl = $1; sl != NULL; sl = sl->next) {
Symbol *s = addsym(sl->string);
s->stype = Stype;
gen_template_import(s);
}
add_import($3);
}
;
Exports : kw_EXPORTS referencenames ';'
{
struct string_list *sl;
for(sl = $2; sl != NULL; sl = sl->next)
add_export(sl->string);
}
| kw_EXPORTS kw_ALL
| /* empty */
;
AssignmentList : Assignment
| Assignment AssignmentList
;

View File

@ -4,7 +4,7 @@
CMS DEFINITIONS ::= BEGIN
IMPORTS CertificateSerialNumber, AlgorithmIdentifier, Name,
Attribute, Certificate, Name, SubjectKeyIdentifier FROM rfc2459
Attribute, Certificate, SubjectKeyIdentifier FROM rfc2459
heim_any, heim_any_set FROM heim;
id-pkcs7 OBJECT IDENTIFIER ::= { iso(1) member-body(2)

View File

@ -94,6 +94,8 @@ typedef struct heim_ber_time_t {
int bt_zone;
} heim_ber_time_t;
struct asn1_template;
#include <der-protos.h>
int _heim_fix_dce(size_t reallen, size_t *len);

View File

@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@ -45,6 +47,34 @@ der_copy_general_string (const heim_general_string *from,
return 0;
}
int
der_copy_integer (const int *from, int *to)
{
*to = *from;
return 0;
}
int
der_copy_unsigned (const unsigned *from, unsigned *to)
{
*to = *from;
return 0;
}
int
der_copy_generalized_time (const time_t *from, time_t *to)
{
*to = *from;
return 0;
}
int
der_copy_utctime (const time_t *from, time_t *to)
{
*to = *from;
return 0;
}
int
der_copy_utf8string (const heim_utf8_string *from, heim_utf8_string *to)
{

View File

@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@ -42,6 +44,31 @@ der_free_general_string (heim_general_string *str)
*str = NULL;
}
void
der_free_integer (int *i)
{
*i = 0;
}
void
der_free_unsigned (unsigned *u)
{
*u = 0;
}
void
der_free_generalized_time(time_t *t)
{
*t = 0;
}
void
der_free_utctime(time_t *t)
{
*t = 0;
}
void
der_free_utf8string (heim_utf8_string *str)
{

View File

@ -305,7 +305,7 @@ der_get_octet_string_ber (const unsigned char *p, size_t len,
void *ptr;
ptr = realloc(data->data, data->length + datalen);
if (ptr == NULL && data->length + datalen != 0) {
if (ptr == NULL) {
e = ENOMEM;
goto out;
}
@ -354,23 +354,21 @@ der_get_heim_integer (const unsigned char *p, size_t len,
p++;
data->length--;
}
if (data->length) {
data->data = malloc(data->length);
if (data->data == NULL) {
data->length = 0;
if (size)
*size = 0;
return ENOMEM;
}
q = &((unsigned char*)data->data)[data->length - 1];
p += data->length - 1;
while (q >= (unsigned char*)data->data) {
*q = *p ^ 0xff;
if (carry)
carry = !++*q;
p--;
q--;
}
data->data = malloc(data->length);
if (data->data == NULL) {
data->length = 0;
if (size)
*size = 0;
return ENOMEM;
}
q = &((unsigned char*)data->data)[data->length - 1];
p += data->length - 1;
while (q >= (unsigned char*)data->data) {
*q = *p ^ 0xff;
if (carry)
carry = !++*q;
p--;
q--;
}
} else {
data->negative = 0;

View File

@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@ -112,6 +114,20 @@ der_length_len (size_t len)
}
}
size_t
der_length_tag(unsigned int tag)
{
size_t len = 0;
if(tag <= 30)
return 1;
while(tag) {
tag /= 128;
len++;
}
return len + 1;
}
size_t
der_length_integer (const int *data)
{

View File

@ -52,6 +52,8 @@
#include <asn1-common.h>
#include <asn1_err.h>
#include <der.h>
#include <der-private.h>
#include "asn1-template.h"
time_t _der_timegm (struct tm *);
size_t _heim_len_unsigned (unsigned);

View File

@ -100,6 +100,21 @@ NTLMResponse ::= SEQUENCE {
tickets [3] SEQUENCE OF OCTET STRING OPTIONAL
}
NTLMRequest2 ::= SEQUENCE {
loginUserName [0] UTF8String,
loginDomainName [1] UTF8String,
flags [2] INTEGER (0..4294967295),
lmchallenge [3] OCTET STRING SIZE (8),
ntChallengeResponce [4] OCTET STRING,
lmChallengeResponce [5] OCTET STRING
}
NTLMReply ::= SEQUENCE {
success [0] BOOLEAN,
flags [1] INTEGER (0..4294967295),
sessionkey [2] OCTET STRING OPTIONAL
}
DigestReqInner ::= CHOICE {
init [0] DigestInit,
digestRequest [1] DigestRequest,

View File

@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@ -40,13 +42,7 @@ int
encode_heim_any(unsigned char *p, size_t len,
const heim_any *data, size_t *size)
{
if (data->length > len)
return ASN1_OVERFLOW;
p -= data->length;
len -= data->length;
memcpy (p+1, data->data, data->length);
*size = data->length;
return 0;
return der_put_octet_string (p, len, data, size);
}
int
@ -91,8 +87,7 @@ decode_heim_any(const unsigned char *p, size_t len,
void
free_heim_any(heim_any *data)
{
free(data->data);
data->data = NULL;
der_free_octet_string(data);
}
size_t
@ -104,58 +99,43 @@ length_heim_any(const heim_any *data)
int
copy_heim_any(const heim_any *from, heim_any *to)
{
to->data = malloc(from->length);
if (to->data == NULL && from->length != 0)
return ENOMEM;
memcpy(to->data, from->data, from->length);
to->length = from->length;
return 0;
return der_copy_octet_string(from, to);
}
int
encode_heim_any_set(unsigned char *p, size_t len,
const heim_any_set *data, size_t *size)
{
return encode_heim_any(p, len, data, size);
return der_put_octet_string (p, len, data, size);
}
int
decode_heim_any_set(const unsigned char *p, size_t len,
heim_any_set *data, size_t *size)
{
memset(data, 0, sizeof(*data));
data->data = malloc(len);
if (data->data == NULL && len != 0)
return ENOMEM;
data->length = len;
memcpy(data->data, p, len);
if (size) *size = len;
return 0;
return der_get_octet_string(p, len, data, size);
}
void
free_heim_any_set(heim_any_set *data)
{
free_heim_any(data);
der_free_octet_string(data);
}
size_t
length_heim_any_set(const heim_any *data)
{
return length_heim_any(data);
return data->length;
}
int
copy_heim_any_set(const heim_any_set *from, heim_any_set *to)
{
return copy_heim_any(from, to);
return der_copy_octet_string(from, to);
}
int
heim_any_cmp(const heim_any_set *p, const heim_any_set *q)
{
if (p->length != q->length)
return p->length - q->length;
return memcmp(p->data, q->data, p->length);
return der_heim_octet_string_cmp(p, q);
}

View File

@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@ -35,12 +37,12 @@
RCSID("$Id$");
FILE *headerfile, *codefile, *logfile;
FILE *privheaderfile, *headerfile, *codefile, *logfile, *templatefile;
#define STEM "asn1"
static const char *orig_filename;
static char *header;
static char *privheader, *header, *template;
static const char *headerbase = STEM;
/*
@ -66,6 +68,45 @@ add_import (const char *module)
fprintf (headerfile, "#include <%s_asn1.h>\n", module);
}
/*
* List of all exported symbols
*/
struct sexport {
const char *name;
int defined;
struct sexport *next;
};
static struct sexport *exports = NULL;
void
add_export (const char *name)
{
struct sexport *tmp = emalloc (sizeof(*tmp));
tmp->name = name;
tmp->next = exports;
exports = tmp;
}
int
is_export(const char *name)
{
struct sexport *tmp;
if (exports == NULL) /* no export list, all exported */
return 1;
for (tmp = exports; tmp != NULL; tmp = tmp->next) {
if (strcmp(tmp->name, name) == 0) {
tmp->defined = 1;
return 1;
}
}
return 0;
}
const char *
get_filename (void)
{
@ -96,6 +137,23 @@ init_generate (const char *filename, const char *base)
err (1, "open %s", fn);
free(fn);
/* private header file */
asprintf(&privheader, "%s-priv.h", headerbase);
if (privheader == NULL)
errx(1, "malloc");
asprintf(&fn, "%s-priv.hx", headerbase);
if (fn == NULL)
errx(1, "malloc");
privheaderfile = fopen (fn, "w");
if (privheaderfile == NULL)
err (1, "open %s", fn);
free(fn);
/* template file */
asprintf(&template, "%s-template.c", headerbase);
if (template == NULL)
errx(1, "malloc");
fprintf (headerfile,
"/* Generated from %s */\n"
"/* Do not edit */\n\n",
@ -182,6 +240,36 @@ init_generate (const char *filename, const char *base)
logfile = fopen(fn, "w");
if (logfile == NULL)
err (1, "open %s", fn);
/* if one code file, write into the one codefile */
if (one_code_file)
return;
templatefile = fopen (template, "w");
if (templatefile == NULL)
err (1, "open %s", template);
fprintf (templatefile,
"/* Generated from %s */\n"
"/* Do not edit */\n\n"
"#include <stdio.h>\n"
"#include <stdlib.h>\n"
"#include <time.h>\n"
"#include <string.h>\n"
"#include <errno.h>\n"
"#include <limits.h>\n"
"#include <krb5-types.h>\n",
filename);
fprintf (templatefile,
"#include <%s>\n"
"#include <%s>\n"
"#include <der.h>\n"
"#include <der-private.h>\n"
"#include <asn1-template.h>\n",
header, privheader);
}
void
@ -189,9 +277,15 @@ close_generate (void)
{
fprintf (headerfile, "#endif /* __%s_h__ */\n", headerbase);
fclose (headerfile);
fprintf (logfile, "\n");
fclose (logfile);
if (headerfile)
fclose (headerfile);
if (privheaderfile)
fclose (privheaderfile);
if (templatefile)
fclose (templatefile);
if (logfile)
fprintf (logfile, "\n");
fclose (logfile);
}
void
@ -265,11 +359,14 @@ generate_header_of_codefile(const char *name)
orig_filename);
fprintf (codefile,
"#include <%s.h>\n",
headerbase);
"#include <%s>\n"
"#include <%s>\n",
header, privheader);
fprintf (codefile,
"#include <asn1_err.h>\n"
"#include <der.h>\n"
"#include <der-private.h>\n"
"#include <asn1-template.h>\n"
"#include <parse_units.h>\n\n");
}
@ -328,8 +425,6 @@ generate_constant (const Symbol *s)
}
fprintf (headerfile, "} */\n");
fprintf (headerfile, "const heim_oid *oid_%s(void);\n",
s->gen_name);
fprintf (headerfile,
"extern const heim_oid asn1_oid_%s;\n\n",
s->gen_name);
@ -346,12 +441,6 @@ generate_constant (const Symbol *s)
"{ %d, oid_%s_variable_num };\n\n",
s->gen_name, len, s->gen_name);
fprintf (codefile, "const heim_oid *oid_%s(void)\n"
"{\n"
"return &asn1_oid_%s;\n"
"}\n\n",
s->gen_name, s->gen_name);
free(list);
if (!one_code_file)
@ -364,6 +453,33 @@ generate_constant (const Symbol *s)
}
}
int
is_primitive_type(int type)
{
switch(type) {
case TInteger:
case TBoolean:
case TOctetString:
case TBitString:
case TEnumerated:
case TGeneralizedTime:
case TGeneralString:
case TTeletexString:
case TOID:
case TUTCTime:
case TUTF8String:
case TPrintableString:
case TIA5String:
case TBMPString:
case TUniversalString:
case TVisibleString:
case TNull:
return 1;
default:
return 0;
}
}
static void
space(int level)
{
@ -550,8 +666,24 @@ define_asn1 (int level, Type *t)
}
static void
define_type (int level, const char *name, Type *t, int typedefp, int preservep)
getnewbasename(char **newbasename, int typedefp, const char *basename, const char *name)
{
if (typedefp)
*newbasename = strdup(name);
else {
if (name[0] == '*')
name++;
asprintf(newbasename, "%s_%s", basename, name);
}
if (*newbasename == NULL)
err(1, "malloc");
}
static void
define_type (int level, const char *name, const char *basename, Type *t, int typedefp, int preservep)
{
char *newbasename = NULL;
switch (t->type) {
case TType:
space(level);
@ -602,16 +734,37 @@ define_type (int level, const char *name, Type *t, int typedefp, int preservep)
if(ASN1_TAILQ_EMPTY(t->members))
fprintf (headerfile, "heim_bit_string %s;\n", name);
else {
fprintf (headerfile, "struct %s {\n", typedefp ? name : "");
int pos = 0;
getnewbasename(&newbasename, typedefp, basename, name);
fprintf (headerfile, "struct %s {\n", newbasename);
ASN1_TAILQ_FOREACH(m, t->members, members) {
char *n;
/* pad unused */
while (pos < m->val) {
asprintf (&n, "_unused%d:1", pos);
define_type (level + 1, n, newbasename, &i, FALSE, FALSE);
free(n);
pos++;
}
asprintf (&n, "%s:1", m->gen_name);
if (n == NULL)
errx(1, "malloc");
define_type (level + 1, n, &i, FALSE, FALSE);
define_type (level + 1, n, newbasename, &i, FALSE, FALSE);
free (n);
pos++;
}
/* pad to 32 elements */
while (pos < 32) {
char *n;
asprintf (&n, "_unused%d:1", pos);
define_type (level + 1, n, newbasename, &i, FALSE, FALSE);
free(n);
pos++;
}
space(level);
fprintf (headerfile, "} %s;\n\n", name);
}
@ -638,8 +791,10 @@ define_type (int level, const char *name, Type *t, int typedefp, int preservep)
case TSequence: {
Member *m;
getnewbasename(&newbasename, typedefp, basename, name);
space(level);
fprintf (headerfile, "struct %s {\n", typedefp ? name : "");
fprintf (headerfile, "struct %s {\n", newbasename);
if (t->type == TSequence && preservep) {
space(level + 1);
fprintf(headerfile, "heim_octet_string _save;\n");
@ -653,10 +808,10 @@ define_type (int level, const char *name, Type *t, int typedefp, int preservep)
asprintf (&n, "*%s", m->gen_name);
if (n == NULL)
errx(1, "malloc");
define_type (level + 1, n, m->type, FALSE, FALSE);
define_type (level + 1, n, newbasename, m->type, FALSE, FALSE);
free (n);
} else
define_type (level + 1, m->gen_name, m->type, FALSE, FALSE);
define_type (level + 1, m->gen_name, newbasename, m->type, FALSE, FALSE);
}
space(level);
fprintf (headerfile, "} %s;\n", name);
@ -667,15 +822,17 @@ define_type (int level, const char *name, Type *t, int typedefp, int preservep)
Type i;
struct range range = { 0, INT_MAX };
getnewbasename(&newbasename, typedefp, basename, name);
i.type = TInteger;
i.range = &range;
i.members = NULL;
i.constraint = NULL;
space(level);
fprintf (headerfile, "struct %s {\n", typedefp ? name : "");
define_type (level + 1, "len", &i, FALSE, FALSE);
define_type (level + 1, "*val", t->subtype, FALSE, FALSE);
fprintf (headerfile, "struct %s {\n", newbasename);
define_type (level + 1, "len", newbasename, &i, FALSE, FALSE);
define_type (level + 1, "*val", newbasename, t->subtype, FALSE, FALSE);
space(level);
fprintf (headerfile, "} %s;\n", name);
break;
@ -693,14 +850,16 @@ define_type (int level, const char *name, Type *t, int typedefp, int preservep)
fprintf (headerfile, "heim_general_string %s;\n", name);
break;
case TTag:
define_type (level, name, t->subtype, typedefp, preservep);
define_type (level, name, basename, t->subtype, typedefp, preservep);
break;
case TChoice: {
int first = 1;
Member *m;
getnewbasename(&newbasename, typedefp, basename, name);
space(level);
fprintf (headerfile, "struct %s {\n", typedefp ? name : "");
fprintf (headerfile, "struct %s {\n", newbasename);
if (preservep) {
space(level + 1);
fprintf(headerfile, "heim_octet_string _save;\n");
@ -737,10 +896,10 @@ define_type (int level, const char *name, Type *t, int typedefp, int preservep)
asprintf (&n, "*%s", m->gen_name);
if (n == NULL)
errx(1, "malloc");
define_type (level + 2, n, m->type, FALSE, FALSE);
define_type (level + 2, n, newbasename, m->type, FALSE, FALSE);
free (n);
} else
define_type (level + 2, m->gen_name, m->type, FALSE, FALSE);
define_type (level + 2, m->gen_name, newbasename, m->type, FALSE, FALSE);
}
space(level + 1);
fprintf (headerfile, "} u;\n");
@ -787,6 +946,8 @@ define_type (int level, const char *name, Type *t, int typedefp, int preservep)
default:
abort ();
}
if (newbasename)
free(newbasename);
}
static void
@ -800,27 +961,61 @@ generate_type_header (const Symbol *s)
fprintf (headerfile, "\n*/\n\n");
fprintf (headerfile, "typedef ");
define_type (0, s->gen_name, s->type, TRUE, preservep);
define_type (0, s->gen_name, s->gen_name, s->type, TRUE, preservep);
fprintf (headerfile, "\n");
}
void
generate_type (const Symbol *s)
{
FILE *h;
if (!one_code_file)
generate_header_of_codefile(s->gen_name);
generate_type_header (s);
generate_type_encode (s);
generate_type_decode (s);
generate_type_free (s);
generate_type_length (s);
generate_type_copy (s);
if (template_flag)
generate_template(s);
if (template_flag == 0 || is_template_compat(s) == 0) {
generate_type_encode (s);
generate_type_decode (s);
generate_type_free (s);
generate_type_length (s);
generate_type_copy (s);
}
generate_type_seq (s);
generate_glue (s->type, s->gen_name);
fprintf(headerfile, "\n\n");
/* generate prototypes */
if (is_export(s->name))
h = headerfile;
else
h = privheaderfile;
fprintf (h,
"int "
"decode_%s(const unsigned char *, size_t, %s *, size_t *);\n",
s->gen_name, s->gen_name);
fprintf (h,
"int "
"encode_%s(unsigned char *, size_t, const %s *, size_t *);\n",
s->gen_name, s->gen_name);
fprintf (h,
"size_t length_%s(const %s *);\n",
s->gen_name, s->gen_name);
fprintf (h,
"int copy_%s (const %s *, %s *);\n",
s->gen_name, s->gen_name, s->gen_name);
fprintf (h,
"void free_%s (%s *);\n",
s->gen_name, s->gen_name);
fprintf(h, "\n\n");
if (!one_code_file) {
fprintf(codefile, "\n\n");

View File

@ -228,10 +228,6 @@ generate_type_copy (const Symbol *s)
used_fail = 0;
fprintf (headerfile,
"int copy_%s (const %s *, %s *);\n",
s->gen_name, s->gen_name, s->gen_name);
fprintf (codefile, "int\n"
"copy_%s(const %s *from, %s *to)\n"
"{\n"

View File

@ -56,33 +56,6 @@ decode_primitive (const char *typename, const char *name, const char *forwstr)
#endif
}
static int
is_primitive_type(int type)
{
switch(type) {
case TInteger:
case TBoolean:
case TOctetString:
case TBitString:
case TEnumerated:
case TGeneralizedTime:
case TGeneralString:
case TTeletexString:
case TOID:
case TUTCTime:
case TUTF8String:
case TPrintableString:
case TIA5String:
case TBMPString:
case TUniversalString:
case TVisibleString:
case TNull:
return 1;
default:
return 0;
}
}
static void
find_tag (const Type *t,
Der_class *cl, Der_type *ty, unsigned *tag)
@ -630,7 +603,7 @@ decode_type (const char *name, const Type *t, int optional,
fprintf(codefile,
"else {\n"
"(%s)->u.%s.data = calloc(1, len);\n"
"if ((%s)->u.%s.data == NULL && len != 0) {\n"
"if ((%s)->u.%s.data == NULL) {\n"
"e = ENOMEM; %s;\n"
"}\n"
"(%s)->u.%s.length = len;\n"
@ -694,11 +667,6 @@ generate_type_decode (const Symbol *s)
{
int preserve = preserve_type(s->name) ? TRUE : FALSE;
fprintf (headerfile,
"int "
"decode_%s(const unsigned char *, size_t, %s *, size_t *);\n",
s->gen_name, s->gen_name);
fprintf (codefile, "int\n"
"decode_%s(const unsigned char *p,"
" size_t len, %s *data, size_t *size)\n"
@ -744,7 +712,7 @@ generate_type_decode (const Symbol *s)
if (preserve)
fprintf (codefile,
"data->_save.data = calloc(1, ret);\n"
"if (data->_save.data == NULL && ret != 0) { \n"
"if (data->_save.data == NULL) { \n"
"e = ENOMEM; goto fail; \n"
"}\n"
"data->_save.length = ret;\n"

View File

@ -508,11 +508,6 @@ encode_type (const char *name, const Type *t, const char *tmpstr)
void
generate_type_encode (const Symbol *s)
{
fprintf (headerfile,
"int "
"encode_%s(unsigned char *, size_t, const %s *, size_t *);\n",
s->gen_name, s->gen_name);
fprintf (codefile, "int\n"
"encode_%s(unsigned char *p, size_t len,"
" const %s *data, size_t *size)\n"

View File

@ -180,18 +180,14 @@ free_type (const char *name, const Type *t, int preserve)
void
generate_type_free (const Symbol *s)
{
int preserve = preserve_type(s->name) ? TRUE : FALSE;
fprintf (headerfile,
"void free_%s (%s *);\n",
s->gen_name, s->gen_name);
fprintf (codefile, "void\n"
"free_%s(%s *data)\n"
"{\n",
s->gen_name, s->gen_name);
free_type ("data", s->type, preserve);
fprintf (codefile, "}\n\n");
int preserve = preserve_type(s->name) ? TRUE : FALSE;
fprintf (codefile, "void\n"
"free_%s(%s *data)\n"
"{\n",
s->gen_name, s->gen_name);
free_type ("data", s->type, preserve);
fprintf (codefile, "}\n\n");
}

View File

@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@ -70,7 +72,8 @@ generate_int2 (const Type *t, const char *gen_name)
fprintf (codefile,
"%s int2%s(unsigned n)\n"
"{\n"
"\t%s flags;\n\n",
"\t%s flags;\n\n"
"\tmemset(&flags, 0, sizeof(flags));\n\n",
gen_name, gen_name, gen_name);
if(t->members) {
@ -92,9 +95,17 @@ generate_units (const Type *t, const char *gen_name)
{
Member *m;
fprintf (headerfile,
"const struct units * asn1_%s_units(void);",
gen_name);
if (template_flag) {
fprintf (headerfile,
"extern const struct units *asn1_%s_table_units;\n",
gen_name);
fprintf (headerfile, "#define asn1_%s_units() (asn1_%s_table_units)\n",
gen_name, gen_name);
} else {
fprintf (headerfile,
"const struct units * asn1_%s_units(void);",
gen_name);
}
fprintf (codefile,
"static struct units %s_units[] = {\n",
@ -111,11 +122,16 @@ generate_units (const Type *t, const char *gen_name)
"\t{NULL,\t0}\n"
"};\n\n");
fprintf (codefile,
"const struct units * asn1_%s_units(void){\n"
"return %s_units;\n"
"}\n\n",
gen_name, gen_name);
if (template_flag)
fprintf (codefile,
"const struct units * asn1_%s_table_units = %s_units;\n",
gen_name, gen_name);
else
fprintf (codefile,
"const struct units * asn1_%s_units(void){\n"
"return %s_units;\n"
"}\n\n",
gen_name, gen_name);
}

View File

@ -43,6 +43,7 @@ length_primitive (const char *typename,
fprintf (codefile, "%s += der_length_%s(%s);\n", variable, typename, name);
}
/* XXX same as der_length_tag */
static size_t
length_tag(unsigned int tag)
{
@ -269,10 +270,6 @@ length_type (const char *name, const Type *t,
void
generate_type_length (const Symbol *s)
{
fprintf (headerfile,
"size_t length_%s(const %s *);\n",
s->gen_name, s->gen_name);
fprintf (codefile,
"size_t\n"
"length_%s(const %s *data)\n"

View File

@ -52,6 +52,7 @@
#include "symbol.h"
#include "asn1-common.h"
#include "der.h"
#include "der-private.h"
void generate_type (const Symbol *);
void generate_constant (const Symbol *);
@ -74,7 +75,10 @@ void init_generate (const char *, const char *);
const char *get_filename (void);
void close_generate(void);
void add_import(const char *);
void add_export(const char *);
int is_export(const char *);
int yyparse(void);
int is_primitive_type(int);
int preserve_type(const char *);
int seq_type(const char *);
@ -82,9 +86,14 @@ int seq_type(const char *);
void generate_header_of_codefile(const char *);
void close_codefile(void);
int is_template_compat (const Symbol *);
void generate_template(const Symbol *);
void gen_template_import(const Symbol *);
extern FILE *headerfile, *codefile, *logfile;
extern FILE *privheaderfile, *headerfile, *codefile, *logfile, *templatefile;
extern int support_ber;
extern int template_flag;
extern int rfc1510_bitstring;
extern int one_code_file;

View File

@ -2,6 +2,78 @@
KERBEROS5 DEFINITIONS ::=
BEGIN
EXPORTS
AD-AND-OR,
AD-IF-RELEVANT,
AD-KDCIssued,
AD-LoginAlias,
AP-REP,
AP-REQ,
AS-REP,
AS-REQ,
AUTHDATA-TYPE,
Authenticator,
AuthorizationData,
AuthorizationDataElement,
CKSUMTYPE,
ChangePasswdDataMS,
Checksum,
ENCTYPE,
ETYPE-INFO,
ETYPE-INFO-ENTRY,
ETYPE-INFO2,
ETYPE-INFO2-ENTRY,
EncAPRepPart,
EncASRepPart,
EncKDCRepPart,
EncKrbCredPart,
EncKrbPrivPart,
EncTGSRepPart,
EncTicketPart,
EncryptedData,
EncryptionKey,
EtypeList,
HostAddress,
HostAddresses,
KDC-REQ-BODY,
KDCOptions,
KDC-REP,
KRB-CRED,
KRB-ERROR,
KRB-PRIV,
KRB-SAFE,
KRB-SAFE-BODY,
KRB5SignedPath,
KRB5SignedPathData,
KRB5SignedPathPrincipals,
KerberosString,
KerberosTime,
KrbCredInfo,
LR-TYPE,
LastReq,
METHOD-DATA,
NAME-TYPE,
PA-ClientCanonicalized,
PA-ClientCanonicalizedNames,
PA-DATA,
PA-ENC-TS-ENC,
PA-PAC-REQUEST,
PA-S4U2Self,
PA-SERVER-REFERRAL-DATA,
PA-ServerReferralData,
PA-SvrReferralData,
PADATA-TYPE,
Principal,
PrincipalName,
Principals,
Realm,
TGS-REP,
TGS-REQ,
Ticket,
TicketFlags,
TransitedEncoding,
TypedData
;
NAME-TYPE ::= INTEGER {
KRB5_NT_UNKNOWN(0), -- Name type not known
@ -256,11 +328,7 @@ KDCOptions ::= BIT STRING {
proxy(4),
allow-postdate(5),
postdated(6),
unused7(7),
renewable(8),
unused9(9),
unused10(10),
unused11(11),
request-anonymous(14),
canonicalize(15),
constrained-delegation(16), -- ms extension

View File

@ -63,12 +63,14 @@ seq_type(const char *p)
}
int support_ber;
int template_flag;
int rfc1510_bitstring;
int one_code_file;
char *option_file;
int version_flag;
int help_flag;
struct getargs args[] = {
{ "template", 0, arg_flag, &template_flag },
{ "encode-rfc1510-bit-string", 0, arg_flag, &rfc1510_bitstring },
{ "decode-dce-ber", 0, arg_flag, &support_ber },
{ "support-ber", 0, arg_flag, &support_ber },

View File

@ -34,8 +34,6 @@
#include "gen_locl.h"
#include "lex.h"
RCSID("$Id$");
static Hashtab *htab;
static int
@ -68,7 +66,7 @@ output_name(char *s)
char *p;
for (p = s; *p; ++p)
if (*p == '-')
if (*p == '-' || *p == '.')
*p = '_';
}

View File

@ -6,8 +6,11 @@ BEGIN
IMPORTS heim_any FROM heim;
TESTuint32 ::= INTEGER (0..4294967295)
TESTLargeTag ::= SEQUENCE {
foo[127] INTEGER (-2147483648..2147483647)
foo[127] INTEGER (-2147483648..2147483647),
bar[128] INTEGER (-2147483648..2147483647)
}
TESTSeq ::= SEQUENCE {
@ -57,6 +60,11 @@ TESTAlloc ::= SEQUENCE {
tagless2 heim_any OPTIONAL
}
TESTOptional ::= SEQUENCE {
zero [0] INTEGER (-2147483648..2147483647) OPTIONAL,
one [1] INTEGER (-2147483648..2147483647) OPTIONAL
}
TESTCONTAINING ::= OCTET STRING ( CONTAINING INTEGER )
TESTENCODEDBY ::= OCTET STRING ( ENCODED BY
@ -92,4 +100,36 @@ TESTSeqSizeOf4 ::= SEQUENCE SIZE (MIN..2) OF TESTInteger
TESTOSSize1 ::= OCTET STRING SIZE (1..2)
TESTSeqOfSeq ::= SEQUENCE OF SEQUENCE {
zero [0] TESTInteger
}
TESTSeqOfSeq2 ::= SEQUENCE OF SEQUENCE {
string [0] GeneralString
}
TESTSeqOfSeq3 ::= SEQUENCE OF SEQUENCE {
zero [0] TESTInteger,
string [0] GeneralString
}
TESTSeqOf2 ::= SEQUENCE {
strings SEQUENCE OF GeneralString
}
TESTSeqOf3 ::= SEQUENCE {
strings SEQUENCE OF GeneralString OPTIONAL
}
TESTPreserve ::= SEQUENCE {
zero [0] TESTInteger,
one [1] TESTInteger
}
TESTBitString ::= BIT STRING {
zero(0),
eight(8),
thirtyone(31)
}
END

View File

@ -32,6 +32,9 @@
*/
#undef ROKEN_RENAME
#include "config.h"
#include "compile_et.h"
#include <getarg.h>
@ -219,7 +222,7 @@ main(int argc, char **argv)
err(1, "%s", filename);
p = strrchr(filename, '/');
p = strrchr(filename, rk_PATH_DELIM);
if(p)
p++;
else

View File

@ -45,10 +45,12 @@
#ifndef BUILD_GSSAPI_LIB
#if defined(_WIN32)
#define GSSAPI_LIB_FUNCTION _stdcall __declspec(dllimport)
#define GSSAPI_LIB_FUNCTION __declspec(dllimport)
#define GSSAPI_LIB_CALL __stdcall
#define GSSAPI_LIB_VARIABLE __declspec(dllimport)
#else
#define GSSAPI_LIB_FUNCTION
#define GSSAPI_LIB_CALL
#define GSSAPI_LIB_VARIABLE
#endif
#endif
@ -810,7 +812,8 @@ extern gss_OID GSSAPI_LIB_VARIABLE GSS_C_ATTR_STREAM_SIZES;
OM_uint32 GSSAPI_LIB_FUNCTION
gss_context_query_attributes(OM_uint32 * /* minor_status */,
gss_OID /* attribute */,
const gss_ctx_id_t /* context_handle */,
const gss_OID /* attribute */,
void * /*data*/,
size_t /* len */);
/*

View File

@ -106,27 +106,27 @@ gss_krb5_ccache_name(OM_uint32 * /*minor_status*/,
const char ** /*out_name */);
OM_uint32 GSSAPI_LIB_FUNCTION gsskrb5_register_acceptor_identity
(const char */*identity*/);
(const char * /*identity*/);
OM_uint32 GSSAPI_LIB_FUNCTION krb5_gss_register_acceptor_identity
(const char */*identity*/);
(const char * /*identity*/);
OM_uint32 GSSAPI_LIB_FUNCTION gss_krb5_copy_ccache
(OM_uint32 */*minor*/,
(OM_uint32 * /*minor*/,
gss_cred_id_t /*cred*/,
struct krb5_ccache_data */*out*/);
struct krb5_ccache_data * /*out*/);
OM_uint32 GSSAPI_LIB_FUNCTION
gss_krb5_import_cred(OM_uint32 */*minor*/,
gss_krb5_import_cred(OM_uint32 * /*minor*/,
struct krb5_ccache_data * /*in*/,
struct Principal * /*keytab_principal*/,
struct krb5_keytab_data * /*keytab*/,
gss_cred_id_t */*out*/);
gss_cred_id_t * /*out*/);
OM_uint32 GSSAPI_LIB_FUNCTION gss_krb5_get_tkt_flags
(OM_uint32 */*minor*/,
(OM_uint32 * /*minor*/,
gss_ctx_id_t /*context_handle*/,
OM_uint32 */*tkt_flags*/);
OM_uint32 * /*tkt_flags*/);
OM_uint32 GSSAPI_LIB_FUNCTION
gsskrb5_extract_authz_data_from_sec_context

View File

@ -207,9 +207,9 @@ gsskrb5_acceptor_ready(OM_uint32 * minor_status,
int32_t seq_number;
int is_cfx = 0;
krb5_auth_getremoteseqnumber (context,
ctx->auth_context,
&seq_number);
krb5_auth_con_getremoteseqnumber (context,
ctx->auth_context,
&seq_number);
_gsskrb5i_is_cfx(context, ctx, 1);
is_cfx = (ctx->more_flags & IS_CFX);
@ -669,9 +669,9 @@ acceptor_wait_for_dcestyle(OM_uint32 * minor_status,
return GSS_S_FAILURE;
}
kret = krb5_auth_getremoteseqnumber(context,
ctx->auth_context,
&r_seq_number);
kret = krb5_auth_con_getremoteseqnumber(context,
ctx->auth_context,
&r_seq_number);
if (kret) {
*minor_status = kret;
return GSS_S_FAILURE;
@ -749,9 +749,9 @@ acceptor_wait_for_dcestyle(OM_uint32 * minor_status,
{
int32_t tmp_r_seq_number, tmp_l_seq_number;
kret = krb5_auth_getremoteseqnumber(context,
ctx->auth_context,
&tmp_r_seq_number);
kret = krb5_auth_con_getremoteseqnumber(context,
ctx->auth_context,
&tmp_r_seq_number);
if (kret) {
*minor_status = kret;
return GSS_S_FAILURE;

View File

@ -339,7 +339,7 @@ OM_uint32 _gsskrb5_acquire_cred
if (desired_name != GSS_C_NO_NAME) {
ret = _gsskrb5_canon_name(minor_status, context, 0, NULL,
ret = _gsskrb5_canon_name(minor_status, context, 1, NULL,
desired_name, &handle->principal);
if (ret) {
HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex);

View File

@ -255,7 +255,7 @@ gsskrb5_initiator_ready(
krb5_cc_close(context, ctx->ccache);
ctx->ccache = NULL;
krb5_auth_getremoteseqnumber (context, ctx->auth_context, &seq_number);
krb5_auth_con_getremoteseqnumber (context, ctx->auth_context, &seq_number);
_gsskrb5i_is_cfx(context, ctx, 0);
is_cfx = (ctx->more_flags & IS_CFX);
@ -782,7 +782,7 @@ repl_mutual
* for the gss_wrap calls.
*/
krb5_auth_getremoteseqnumber(context, ctx->auth_context, &remote_seq);
krb5_auth_con_getremoteseqnumber(context, ctx->auth_context, &remote_seq);
krb5_auth_con_getlocalseqnumber(context, ctx->auth_context, &local_seq);
krb5_auth_con_setlocalseqnumber(context, ctx->auth_context, remote_seq);

View File

@ -302,9 +302,9 @@ export_lucid_sec_context_v1(OM_uint32 *minor_status,
if (ret) goto out;
ret = krb5_store_uint32(sp, (uint32_t)number);
if (ret) goto out;
krb5_auth_getremoteseqnumber (context,
context_handle->auth_context,
&number);
krb5_auth_con_getremoteseqnumber (context,
context_handle->auth_context,
&number);
ret = krb5_store_uint32(sp, (uint32_t)0); /* store top half as zero */
if (ret) goto out;
ret = krb5_store_uint32(sp, (uint32_t)number);

View File

@ -202,7 +202,8 @@ gss_OID GSSAPI_LIB_VARIABLE GSS_C_ATTR_STREAM_SIZES =
OM_uint32 GSSAPI_LIB_FUNCTION
gss_context_query_attributes(OM_uint32 *minor_status,
gss_OID attribute,
const gss_ctx_id_t context_handle,
const gss_OID attribute,
void *data,
size_t len)
{

View File

@ -176,9 +176,9 @@ add_builtin(gssapi_mech_interface mech)
if (mech == NULL)
return 0;
m = malloc(sizeof(*m));
m = calloc(1, sizeof(*m));
if (m == NULL)
return 1;
return ENOMEM;
m->gm_so = NULL;
m->gm_mech = *mech;
m->gm_mech_oid = mech->gm_mech_oid; /* XXX */
@ -187,12 +187,12 @@ add_builtin(gssapi_mech_interface mech)
/* pick up the oid sets of names */
if (m->gm_mech.gm_inquire_names_for_mech) {
if (m->gm_mech.gm_inquire_names_for_mech)
(*m->gm_mech.gm_inquire_names_for_mech)(&minor_status,
&m->gm_mech.gm_mech_oid, &m->gm_name_types);
} else {
if (m->gm_name_types == NULL)
gss_create_empty_oid_set(&minor_status, &m->gm_name_types);
}
SLIST_INSERT_HEAD(&_gss_mechs, m, gm_link);
return 0;
@ -211,6 +211,8 @@ _gss_load_mech(void)
char *name, *oid, *lib, *kobj;
struct _gss_mech_switch *m;
void *so;
gss_OID_desc mech_oid;
int found;
HEIMDAL_MUTEX_lock(&_gss_mech_mutex);
@ -253,6 +255,23 @@ _gss_load_mech(void)
if (!name || !oid || !lib || !kobj)
continue;
if (_gss_string_to_oid(oid, &mech_oid))
continue;
/*
* Check for duplicates, already loaded mechs.
*/
found = 0;
SLIST_FOREACH(m, &_gss_mechs, gm_link) {
if (gss_oid_equal(&m->gm_mech.gm_mech_oid, &mech_oid)) {
found = 1;
free(mech_oid.elements);
break;
}
}
if (found)
continue;
#ifndef RTLD_LOCAL
#define RTLD_LOCAL 0
#endif
@ -260,17 +279,17 @@ _gss_load_mech(void)
so = dlopen(lib, RTLD_LAZY | RTLD_LOCAL);
if (!so) {
/* fprintf(stderr, "dlopen: %s\n", dlerror()); */
free(mech_oid.elements);
continue;
}
m = malloc(sizeof(*m));
if (!m)
if (!m) {
free(mech_oid.elements);
break;
m->gm_so = so;
if (_gss_string_to_oid(oid, &m->gm_mech.gm_mech_oid)) {
free(m);
continue;
}
m->gm_so = so;
m->gm_mech.gm_mech_oid = mech_oid;
m->gm_mech.gm_flags = 0;
major_status = gss_add_oid_set_member(&minor_status,

View File

@ -44,6 +44,8 @@
#include <sys/param.h>
#endif
#include <roken.h>
#ifdef HAVE_PTHREAD_H
#include <pthread.h>
#endif
@ -69,8 +71,6 @@
#include "utils.h"
#include <der.h>
#include <roken.h>
#define ALLOC(X, N) (X) = calloc((N), sizeof(*(X)))
typedef struct {

View File

@ -69,7 +69,7 @@ void AES_encrypt(const unsigned char *, unsigned char *, const AES_KEY *);
void AES_decrypt(const unsigned char *, unsigned char *, const AES_KEY *);
void AES_cbc_encrypt(const unsigned char *, unsigned char *,
const unsigned long, const AES_KEY *,
unsigned long, const AES_KEY *,
unsigned char *, int);
#ifdef __cplusplus

View File

@ -40,6 +40,7 @@
#include <limits.h>
#include <krb5-types.h>
#include <roken.h>
#include <rfc2459_asn1.h> /* XXX */
#include <der.h>

View File

@ -92,6 +92,8 @@
#include <krb5-types.h>
#include <assert.h>
#include <roken.h>
#include "des.h"
#include "ui.h"
@ -180,14 +182,13 @@ static DES_cblock weak_keys[] = {
int
DES_is_weak_key(DES_cblock *key)
{
int weak = 0;
int i;
/* Not constant time size if the key is weak, the app should not use it. */
for (i = 0; i < sizeof(weak_keys)/sizeof(weak_keys[0]); i++) {
if (memcmp(weak_keys[i], key, DES_CBLOCK_LEN) == 0)
return 1;
}
return 0;
for (i = 0; i < sizeof(weak_keys)/sizeof(weak_keys[0]); i++)
weak ^= (ct_memcmp(weak_keys[i], key, DES_CBLOCK_LEN) == 0);
return !!weak;
}
/**

View File

@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@ -43,7 +45,9 @@
#include <string.h>
#include <assert.h>
#ifdef HAVE_COMMONCRYPTO_COMMONDIGEST_H
#include <CommonCrypto/CommonDigest.h>
#endif
#include <CommonCrypto/CommonCryptor.h>
#include <evp.h>
@ -420,6 +424,7 @@ EVP_cc_rc2_64_cbc(void)
const EVP_MD *
EVP_cc_md2(void)
{
#ifdef HAVE_COMMONCRYPTO_COMMONDIGEST_H
static const struct hc_evp_md md2 = {
CC_MD2_DIGEST_LENGTH,
CC_MD2_BLOCK_BYTES,
@ -430,6 +435,9 @@ EVP_cc_md2(void)
(hc_evp_md_cleanup)NULL
};
return &md2;
#else
return NULL;
#endif
}
/**
@ -441,6 +449,7 @@ EVP_cc_md2(void)
const EVP_MD *
EVP_cc_md4(void)
{
#ifdef HAVE_COMMONCRYPTO_COMMONDIGEST_H
static const struct hc_evp_md md4 = {
CC_MD4_DIGEST_LENGTH,
CC_MD4_BLOCK_BYTES,
@ -451,6 +460,9 @@ EVP_cc_md4(void)
(hc_evp_md_cleanup)NULL
};
return &md4;
#else
return NULL;
#endif
}
/**
@ -462,6 +474,7 @@ EVP_cc_md4(void)
const EVP_MD *
EVP_cc_md5(void)
{
#ifdef HAVE_COMMONCRYPTO_COMMONDIGEST_H
static const struct hc_evp_md md5 = {
CC_MD5_DIGEST_LENGTH,
CC_MD5_BLOCK_BYTES,
@ -472,6 +485,9 @@ EVP_cc_md5(void)
(hc_evp_md_cleanup)NULL
};
return &md5;
#else
return NULL;
#endif
}
/**
@ -483,6 +499,7 @@ EVP_cc_md5(void)
const EVP_MD *
EVP_cc_sha1(void)
{
#ifdef HAVE_COMMONCRYPTO_COMMONDIGEST_H
static const struct hc_evp_md sha1 = {
CC_SHA1_DIGEST_LENGTH,
CC_SHA1_BLOCK_BYTES,
@ -493,6 +510,9 @@ EVP_cc_sha1(void)
(hc_evp_md_cleanup)NULL
};
return &sha1;
#else
return NULL;
#endif
}
/**
@ -504,6 +524,7 @@ EVP_cc_sha1(void)
const EVP_MD *
EVP_cc_sha256(void)
{
#ifdef HAVE_COMMONCRYPTO_COMMONDIGEST_H
static const struct hc_evp_md sha256 = {
CC_SHA256_DIGEST_LENGTH,
CC_SHA256_BLOCK_BYTES,
@ -514,6 +535,9 @@ EVP_cc_sha256(void)
(hc_evp_md_cleanup)NULL
};
return &sha256;
#else
return NULL;
#endif
}
/**

View File

@ -41,7 +41,7 @@
#define EVP_cc_md4 hc_EVP_cc_md4
#define EVP_cc_md5 hc_EVP_cc_md5
#define EVP_cc_sha1 hc_EVP_cc_sha1
#define EVP_cc_sha256 hc_EVP__cc_sha256
#define EVP_cc_sha256 hc_EVP_cc_sha256
#define EVP_cc_des_cbc hc_EVP_cc_des_cbc
#define EVP_cc_des_ede3_cbc hc_EVP_cc_des_ede3_cbc
#define EVP_cc_aes_128_cbc hc_EVP_cc_aes_128_cbc

View File

@ -49,6 +49,7 @@
#include <evp-cc.h>
#include <krb5-types.h>
#include <roken.h>
#ifndef HCRYPTO_DEF_PROVIDER
#define HCRYPTO_DEF_PROVIDER hcrypto

View File

@ -214,24 +214,24 @@ HC_CPP_BEGIN
*/
const EVP_MD *EVP_md_null(void);
const EVP_MD *EVP_md2(void) HC_DEPRECATED_CRYPTO;
const EVP_MD *EVP_md4(void) HC_DEPRECATED_CRYPTO;
const EVP_MD *EVP_md5(void) HC_DEPRECATED_CRYPTO;
const EVP_MD *EVP_sha(void) HC_DEPRECATED;
HC_DEPRECATED_CRYPTO const EVP_MD *EVP_md2(void);
HC_DEPRECATED_CRYPTO const EVP_MD *EVP_md4(void);
HC_DEPRECATED_CRYPTO const EVP_MD *EVP_md5(void);
const EVP_MD *EVP_sha(void);
const EVP_MD *EVP_sha1(void);
const EVP_MD *EVP_sha256(void);
const EVP_CIPHER * EVP_aes_128_cbc(void);
const EVP_CIPHER * EVP_aes_192_cbc(void);
const EVP_CIPHER * EVP_aes_256_cbc(void);
const EVP_CIPHER * EVP_des_cbc(void) HC_DEPRECATED_CRYPTO;
HC_DEPRECATED_CRYPTO const EVP_CIPHER * EVP_des_cbc(void);
const EVP_CIPHER * EVP_des_ede3_cbc(void);
const EVP_CIPHER * EVP_enc_null(void);
const EVP_CIPHER * EVP_rc2_40_cbc(void) HC_DEPRECATED_CRYPTO;
const EVP_CIPHER * EVP_rc2_64_cbc(void) HC_DEPRECATED_CRYPTO;
const EVP_CIPHER * EVP_rc2_cbc(void) HC_DEPRECATED_CRYPTO;
HC_DEPRECATED_CRYPTO const EVP_CIPHER * EVP_rc2_40_cbc(void);
HC_DEPRECATED_CRYPTO const EVP_CIPHER * EVP_rc2_64_cbc(void);
HC_DEPRECATED_CRYPTO const EVP_CIPHER * EVP_rc2_cbc(void);
const EVP_CIPHER * EVP_rc4(void);
const EVP_CIPHER * EVP_rc4_40(void) HC_DEPRECATED_CRYPTO;
HC_DEPRECATED_CRYPTO const EVP_CIPHER * EVP_rc4_40(void);
const EVP_CIPHER * EVP_camellia_128_cbc(void);
const EVP_CIPHER * EVP_camellia_192_cbc(void);
const EVP_CIPHER * EVP_camellia_256_cbc(void);

View File

@ -43,6 +43,7 @@
#ifdef KRB5
#include <krb5-types.h>
#endif
#include <roken.h>
#ifndef min
#define min(a,b) (((a)>(b))?(b):(a))

View File

@ -35,6 +35,9 @@
#include <stdlib.h>
#include <rand.h>
#ifdef KRB5
#include <krb5-types.h>
#endif
#include <roken.h>
#include "randi.h"
@ -451,6 +454,7 @@ fortuna_reseed(void)
if (!init_done)
abort();
#ifndef NO_RAND_UNIX_METHOD
{
unsigned char buf[INIT_BYTES];
if ((*hc_rand_unix_method.bytes)(buf, sizeof(buf)) == 1) {
@ -459,6 +463,7 @@ fortuna_reseed(void)
memset(buf, 0, sizeof(buf));
}
}
#endif
#ifdef HAVE_ARC4RANDOM
{
uint32_t buf[INIT_BYTES / sizeof(uint32_t)];
@ -470,6 +475,7 @@ fortuna_reseed(void)
entropy_p = 1;
}
#endif
#ifndef NO_RAND_EGD_METHOD
/*
* Only to get egd entropy if /dev/random or arc4rand failed since
* it can be horribly slow to generate new bits.
@ -482,6 +488,7 @@ fortuna_reseed(void)
memset(buf, 0, sizeof(buf));
}
}
#endif
/*
* Fall back to gattering data from timer and secret files, this
* is really the last resort.
@ -521,10 +528,12 @@ fortuna_reseed(void)
gettimeofday(&tv, NULL);
add_entropy(&main_state, (void *)&tv, sizeof(tv));
}
#ifdef HAVE_GETUID
{
uid_t u = getuid();
add_entropy(&main_state, (void *)&u, sizeof(u));
}
#endif
return entropy_p;
}

View File

@ -42,9 +42,6 @@
#include "randi.h"
static int random_fd = -1;
static HEIMDAL_MUTEX random_mutex = HEIMDAL_MUTEX_INITIALIZER;
/*
* Unix /dev/random
*/
@ -93,44 +90,29 @@ static int
unix_bytes(unsigned char *outdata, int size)
{
ssize_t count;
int once = 0;
int fd;
if (size < 0)
return 0;
else if (size == 0)
return 1;
HEIMDAL_MUTEX_lock(&random_mutex);
if (random_fd == -1) {
retry:
random_fd = get_device_fd(O_RDONLY);
if (random_fd < 0) {
HEIMDAL_MUTEX_unlock(&random_mutex);
return 0;
}
}
fd = get_device_fd(O_RDONLY);
if (fd < 0)
return 0;
while (size > 0) {
HEIMDAL_MUTEX_unlock(&random_mutex);
count = read (random_fd, outdata, size);
HEIMDAL_MUTEX_lock(&random_mutex);
if (random_fd < 0) {
if (errno == EINTR)
continue;
else if (errno == EBADF && once++ == 0) {
close(random_fd);
random_fd = -1;
goto retry;
}
return 0;
} else if (count <= 0) {
HEIMDAL_MUTEX_unlock(&random_mutex);
count = read(fd, outdata, size);
if (count < 0 && errno == EINTR)
continue;
else if (count <= 0) {
close(fd);
return 0;
}
outdata += count;
size -= count;
}
HEIMDAL_MUTEX_unlock(&random_mutex);
close(fd);
return 1;
}

View File

@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@ -58,7 +60,9 @@ init_method(void)
{
if (selected_meth != NULL)
return;
#ifdef __APPLE__
#if defined(_WIN32)
selected_meth = &hc_rand_w32crypto_method;
#elif defined(__APPLE__)
selected_meth = &hc_rand_unix_method;
#else
selected_meth = &hc_rand_fortuna_method;
@ -95,6 +99,8 @@ RAND_seed(const void *indata, size_t size)
int
RAND_bytes(void *outdata, size_t size)
{
if (size == 0)
return 1;
init_method();
return (*selected_meth->bytes)(outdata, size);
}

View File

@ -62,6 +62,7 @@ typedef struct RAND_METHOD RAND_METHOD;
#define RAND_fortuna_method hc_RAND_fortuna_method
#define RAND_egd_method hc_RAND_egd_method
#define RAND_unix_method hc_RAND_unix_method
#define RAND_w32crypto_method hc_RAND_w32crypto_method
/*
*

View File

@ -42,6 +42,7 @@ extern const RAND_METHOD hc_rand_fortuna_method;
extern const RAND_METHOD hc_rand_unix_method;
extern const RAND_METHOD hc_rand_egd_method;
extern const RAND_METHOD hc_rand_timer_method;
extern const RAND_METHOD hc_rand_w32crypto_method;
const RAND_METHOD * RAND_timer_method(void);

View File

@ -31,11 +31,12 @@
#include "config.h"
#include <stdlib.h>
#ifdef KRB5
#include <krb5-types.h>
#endif
#include <rijndael-alg-fst.h>
#include "rijndael-alg-fst.h"
/* the file should not be used from outside */
typedef uint8_t u8;

View File

@ -39,11 +39,11 @@
#ifdef KRB5
#include <krb5-types.h>
#endif
#include <stdlib.h>
#include <des.h>
#include <rand.h>
#include <stdlib.h>
#undef __attribute__
#define __attribute__(X)

View File

@ -37,10 +37,15 @@
#include <stdlib.h>
#include <string.h>
#include <signal.h>
#ifdef HAVE_TERMIOS_H
#include <termios.h>
#endif
#include <roken.h>
#include <ui.h>
#ifdef HAVE_CONIO_H
#include <conio.h>
#endif
static sig_atomic_t intr_flag;
@ -50,6 +55,53 @@ intr(int sig)
intr_flag++;
}
#ifdef HAVE_CONIO_H
/*
* Windows does console slightly different then then unix case.
*/
static int
read_string(const char *preprompt, const char *prompt,
char *buf, size_t len, int echo)
{
int of = 0;
int c;
char *p;
void (*oldsigintr)(int);
_cprintf("%s%s", preprompt, prompt);
oldsigintr = signal(SIGINT, intr);
p = buf;
while(intr_flag == 0){
c = ((echo)? _getche(): _getch());
if(c == '\n')
break;
if(of == 0)
*p++ = c;
of = (p == buf + len);
}
if(of)
p--;
*p = 0;
if(echo == 0){
printf("\n");
}
signal(SIGINT, oldsigintr);
if(intr_flag)
return -2;
if(of)
return -1;
return 0;
}
#else /* !HAVE_CONIO_H */
#ifndef NSIG
#define NSIG 47
#endif
@ -135,6 +187,8 @@ read_string(const char *preprompt, const char *prompt,
return 0;
}
#endif /* HAVE_CONIO_H */
int
UI_UTIL_read_pw_string(char *buf, int length, const char *prompt, int verify)
{

View File

@ -281,6 +281,7 @@ hdb_entry_get_password(krb5_context context, HDB *db,
const hdb_entry *entry, char **p)
{
HDB_extension *ext;
char *str;
int ret;
ext = hdb_find_extension(entry, choice_HDB_extension_data_password);
@ -329,17 +330,14 @@ hdb_entry_get_password(krb5_context context, HDB *db,
return 0;
}
{
char *name;
ret = krb5_unparse_name(context, entry->principal, &name);
if (ret == 0) {
krb5_set_error_message(context, ENOENT, "no password attributefor %s", name);
free(name);
} else
krb5_clear_error_message(context);
return ENOENT;
}
ret = krb5_unparse_name(context, entry->principal, &str);
if (ret == 0) {
krb5_set_error_message(context, ENOENT, "no password attributefor %s", str);
free(str);
} else
krb5_clear_error_message(context);
return ENOENT;
}
int

View File

@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@ -65,9 +67,13 @@ static struct hdb_method methods[] = {
#if HAVE_DB1 || HAVE_DB3
{ HDB_INTERFACE_VERSION, "db:", hdb_db_create},
#endif
#if HAVE_DB1
{ HDB_INTERFACE_VERSION, "mit-db:", hdb_mdb_create},
#endif
#if HAVE_NDBM
{ HDB_INTERFACE_VERSION, "ndbm:", hdb_ndbm_create},
#endif
{ HDB_INTERFACE_VERSION, "keytab:", hdb_keytab_create},
#if defined(OPENLDAP) && !defined(OPENLDAP_MODULE)
{ HDB_INTERFACE_VERSION, "ldap:", hdb_ldap_create},
{ HDB_INTERFACE_VERSION, "ldapi:", hdb_ldapi_create},
@ -411,6 +417,27 @@ hdb_list_builtin(krb5_context context, char **list)
return 0;
}
krb5_error_code
_hdb_keytab2hdb_entry(krb5_context context,
const krb5_keytab_entry *ktentry,
hdb_entry_ex *entry)
{
entry->entry.kvno = ktentry->vno;
entry->entry.created_by.time = ktentry->timestamp;
entry->entry.keys.val = calloc(1, sizeof(entry->entry.keys.val[0]));
if (entry->entry.keys.val == NULL)
return ENOMEM;
entry->entry.keys.len = 1;
entry->entry.keys.val[0].mkvno = NULL;
entry->entry.keys.val[0].salt = NULL;
return krb5_copy_keyblock_contents(context,
&ktentry->keyblock,
&entry->entry.keys.val[0].key);
}
/**
* Create a handle for a Kerberos database
*

View File

@ -193,6 +193,13 @@ typedef struct HDB{
* point for the module.
*/
krb5_error_code (*hdb_destroy)(krb5_context, struct HDB*);
/**
* Get the list of realms this backend handles.
* This call is optional to support. The returned realms are used
* for announcing the realms over bonjour. Free returned array
* with krb5_free_host_realm().
*/
krb5_error_code (*hdb_get_realms)(krb5_context, struct HDB *, krb5_realm **);
/**
* Change password.
*

View File

@ -185,7 +185,7 @@ read_master_mit(krb5_context context, const char *filename,
if(ret)
goto out;
}
ret = hdb_process_master_key(context, 0, &key, 0, mkey);
ret = hdb_process_master_key(context, 1, &key, 0, mkey);
krb5_free_keyblock_contents(context, &key);
out:
krb5_storage_free(sp);

View File

@ -1023,9 +1023,12 @@ certificate_is_self_signed(hx509_context context,
ret = _hx509_name_cmp(&cert->tbsCertificate.subject,
&cert->tbsCertificate.issuer, &diff);
*self_signed = (diff == 0);
if (ret)
if (ret) {
hx509_set_error_string(context, 0, ret,
"Failed to check if self signed");
} else
ret = _hx509_self_signed_valid(context, &cert->signatureAlgorithm);
return ret;
}
@ -3251,7 +3254,7 @@ _hx509_cert_get_eku(hx509_context context,
* @param context A hx509 context.
* @param c the certificate to encode.
* @param os the encode certificate, set to NULL, 0 on case of
* error. Free the returned structure with hx509_xfree().
* error. Free the os->data with hx509_xfree().
*
* @return An hx509 error code, see hx509_get_error_string().
*

View File

@ -1491,7 +1491,7 @@ hx509_cms_create_signed(hx509_context context,
* signatures).
*/
if ((flags & HX509_CMS_SIGNATURE_NO_SIGNER) == 0) {
ret = hx509_certs_iter(context, certs, sig_process, &sigctx);
ret = hx509_certs_iter_f(context, certs, sig_process, &sigctx);
if (ret)
goto out;
}
@ -1525,7 +1525,7 @@ hx509_cms_create_signed(hx509_context context,
goto out;
}
ret = hx509_certs_iter(context, sigctx.certs, cert_process, &sigctx);
ret = hx509_certs_iter_f(context, sigctx.certs, cert_process, &sigctx);
if (ret)
goto out;
}

View File

@ -87,8 +87,9 @@ struct signature_alg {
const heim_oid *key_oid;
const AlgorithmIdentifier *digest_alg;
int flags;
#define PROVIDE_CONF 1
#define REQUIRE_SIGNER 2
#define PROVIDE_CONF 0x1
#define REQUIRE_SIGNER 0x2
#define SELF_SIGNED_OK 0x4
#define SIG_DIGEST 0x100
#define SIG_PUBLIC_SIG 0x200
@ -1200,7 +1201,7 @@ static const struct signature_alg ecdsa_with_sha256_alg = {
&_hx509_signature_ecdsa_with_sha256_data,
&asn1_oid_id_ecPublicKey,
&_hx509_signature_sha256_data,
PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG,
PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK,
0,
NULL,
ecdsa_verify_signature,
@ -1214,7 +1215,7 @@ static const struct signature_alg ecdsa_with_sha1_alg = {
&_hx509_signature_ecdsa_with_sha1_data,
&asn1_oid_id_ecPublicKey,
&_hx509_signature_sha1_data,
PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG,
PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK,
0,
NULL,
ecdsa_verify_signature,
@ -1243,7 +1244,7 @@ static const struct signature_alg pkcs1_rsa_sha1_alg = {
&_hx509_signature_rsa_with_sha1_data,
&asn1_oid_id_pkcs1_rsaEncryption,
NULL,
PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG,
PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK,
0,
NULL,
rsa_verify_signature,
@ -1256,7 +1257,7 @@ static const struct signature_alg rsa_with_sha256_alg = {
&_hx509_signature_rsa_with_sha256_data,
&asn1_oid_id_pkcs1_rsaEncryption,
&_hx509_signature_sha256_data,
PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG,
PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK,
0,
NULL,
rsa_verify_signature,
@ -1269,7 +1270,7 @@ static const struct signature_alg rsa_with_sha1_alg = {
&_hx509_signature_rsa_with_sha1_data,
&asn1_oid_id_pkcs1_rsaEncryption,
&_hx509_signature_sha1_data,
PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG,
PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK,
0,
NULL,
rsa_verify_signature,
@ -1481,6 +1482,27 @@ _hx509_signature_best_before(hx509_context context,
return 0;
}
int
_hx509_self_signed_valid(hx509_context context,
const AlgorithmIdentifier *alg)
{
const struct signature_alg *md;
md = find_sig_alg(&alg->algorithm);
if (md == NULL) {
hx509_clear_error_string(context);
return HX509_SIG_ALG_NO_SUPPORTED;
}
if ((md->flags & SELF_SIGNED_OK) == 0) {
hx509_set_error_string(context, 0, HX509_CRYPTO_ALGORITHM_BEST_BEFORE,
"Algorithm %s not trusted for self signatures",
md->name);
return HX509_CRYPTO_ALGORITHM_BEST_BEFORE;
}
return 0;
}
int
_hx509_verify_signature(hx509_context context,
const hx509_cert cert,

View File

@ -39,16 +39,19 @@
#include <stdlib.h>
#include <ctype.h>
#include <errno.h>
#ifdef HAVE_STRINGS_H
#include <strings.h>
#endif
#include <assert.h>
#include <stdarg.h>
#include <err.h>
#include <limits.h>
#include <roken.h>
#include <getarg.h>
#include <base64.h>
#include <hex.h>
#include <roken.h>
#include <com_err.h>
#include <parse_units.h>
#include <parse_bytes.h>

View File

@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@ -323,7 +325,7 @@ hx509_certs_end_seq(hx509_context context,
* @param certs certificate store to iterate over.
* @param func function to call for each certificate. The function
* should return non-zero to abort the iteration, that value is passed
* back to te caller of hx509_certs_iter().
* back to the caller of hx509_certs_iter_f().
* @param ctx context variable that will passed to the function.
*
* @return Returns an hx509 error code.
@ -332,10 +334,10 @@ hx509_certs_end_seq(hx509_context context,
*/
int
hx509_certs_iter(hx509_context context,
hx509_certs certs,
int (*func)(hx509_context, void *, hx509_cert),
void *ctx)
hx509_certs_iter_f(hx509_context context,
hx509_certs certs,
int (*func)(hx509_context, void *, hx509_cert),
void *ctx)
{
hx509_cursor cursor;
hx509_cert c;
@ -364,13 +366,46 @@ hx509_certs_iter(hx509_context context,
return ret;
}
/**
* Function to use to hx509_certs_iter() as a function argument, the
* ctx variable to hx509_certs_iter() should be a FILE file descriptor.
* Iterate over all certificates in a keystore and call an function
* for each fo them.
*
* @param context a hx509 context.
* @param ctx used by hx509_certs_iter().
* @param certs certificate store to iterate over.
* @param func function to call for each certificate. The function
* should return non-zero to abort the iteration, that value is passed
* back to the caller of hx509_certs_iter().
*
* @return Returns an hx509 error code.
*
* @ingroup hx509_keyset
*/
#ifdef __BLOCKS__
static int
certs_iter(hx509_context context, void *ctx, hx509_cert cert)
{
int (^func)(hx509_cert) = ctx;
return func(cert);
}
int
hx509_certs_iter(hx509_context context,
hx509_certs certs,
int (^func)(hx509_cert))
{
return hx509_certs_iter_f(context, certs, certs_iter, func);
}
#endif
/**
* Function to use to hx509_certs_iter_f() as a function argument, the
* ctx variable to hx509_certs_iter_f() should be a FILE file descriptor.
*
* @param context a hx509 context.
* @param ctx used by hx509_certs_iter_f().
* @param c a certificate
*
* @return Returns an hx509 error code.
@ -587,7 +622,7 @@ hx509_certs_merge(hx509_context context, hx509_certs to, hx509_certs from)
{
if (from == NULL)
return 0;
return hx509_certs_iter(context, from, certs_merge_func, to);
return hx509_certs_iter_f(context, from, certs_merge_func, to);
}
/**

View File

@ -113,7 +113,7 @@ dir_iter_start(hx509_context context,
free(d);
return errno;
}
rk_cloexec(dirfd(d->dir));
rk_cloexec_dir(d->dir);
d->certs = NULL;
d->iter = NULL;

View File

@ -571,7 +571,7 @@ file_store(hx509_context context,
rk_cloexec_file(sc.f);
sc.format = ksf->format;
ret = hx509_certs_iter(context, ksf->certs, store_func, &sc);
ret = hx509_certs_iter_f(context, ksf->certs, store_func, &sc);
fclose(sc.f);
return ret;
}

View File

@ -43,6 +43,7 @@ OSStatus SecKeyGetCSPHandle(SecKeyRef, CSSM_CSP_HANDLE *);
OSStatus SecKeyGetCredentials(SecKeyRef, CSSM_ACL_AUTHORIZATION_TAG,
int, const CSSM_ACCESS_CREDENTIALS **);
#define kSecCredentialTypeDefault 0
#define CSSM_SIZE uint32_t
#endif

View File

@ -571,7 +571,7 @@ p12_store(hx509_context context,
memset(&as, 0, sizeof(as));
memset(&pfx, 0, sizeof(pfx));
ret = hx509_certs_iter(context, p12->certs, store_func, &as);
ret = hx509_certs_iter_f(context, p12->certs, store_func, &as);
if (ret)
goto out;

View File

@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@ -144,6 +146,7 @@ hx509_peer_info_add_cms_alg(hx509_context context,
hx509_set_error_string(context, 0, ENOMEM, "out of memory");
return ENOMEM;
}
peer->val = ptr;
ret = copy_AlgorithmIdentifier(val, &peer->val[peer->len]);
if (ret == 0)
peer->len += 1;

View File

@ -989,7 +989,7 @@ hx509_ocsp_request(hx509_context context,
ctx.digest = digest;
ctx.parent = NULL;
ret = hx509_certs_iter(context, reqcerts, add_to_req, &ctx);
ret = hx509_certs_iter_f(context, reqcerts, add_to_req, &ctx);
hx509_cert_free(ctx.parent);
if (ret)
goto out;
@ -1004,17 +1004,17 @@ hx509_ocsp_request(hx509_context context,
es = req.tbsRequest.requestExtensions;
es->val = calloc(1, sizeof(es->val[0]));
es->val = calloc(es->len, sizeof(es->val[0]));
if (es->val == NULL) {
ret = ENOMEM;
goto out;
}
es->len = 1;
ret = der_copy_oid(&asn1_oid_id_pkix_ocsp_nonce, &es->val[0].extnID);
if (ret) {
free_OCSPRequest(&req);
return ret;
}
es->len = 1;
es->val[0].extnValue.data = malloc(10);
if (es->val[0].extnValue.data == NULL) {
@ -1153,7 +1153,7 @@ hx509_revoke_ocsp_print(hx509_context context, const char *path, FILE *out)
fprintf(out, "appended certs:\n");
if (ocsp.certs)
ret = hx509_certs_iter(context, ocsp.certs, hx509_ci_print_names, out);
ret = hx509_certs_iter_f(context, ocsp.certs, hx509_ci_print_names, out);
free_ocsp(&ocsp);
return ret;
@ -1486,7 +1486,7 @@ hx509_crl_sign(hx509_context context,
}
c.tbsCertList.crlExtensions = NULL;
ret = hx509_certs_iter(context, crl->revoked, add_revoked, &c.tbsCertList);
ret = hx509_certs_iter_f(context, crl->revoked, add_revoked, &c.tbsCertList);
if (ret)
goto out;

View File

@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@ -37,8 +39,13 @@
#include <dlfcn.h>
#endif
#ifndef KCM_IS_API_CACHE
static HEIMDAL_MUTEX acc_mutex = HEIMDAL_MUTEX_INITIALIZER;
static cc_initialize_func init_func;
static void (*set_target_uid)(uid_t);
static void (*clear_target)(void);
#ifdef HAVE_DLOPEN
static void *cc_handle;
#endif
@ -82,18 +89,20 @@ translate_cc_error(krb5_context context, cc_int32 error)
static krb5_error_code
init_ccapi(krb5_context context)
{
const char *lib;
const char *lib = NULL;
HEIMDAL_MUTEX_lock(&acc_mutex);
if (init_func) {
HEIMDAL_MUTEX_unlock(&acc_mutex);
krb5_clear_error_message(context);
if (context)
krb5_clear_error_message(context);
return 0;
}
lib = krb5_config_get_string(context, NULL,
"libdefaults", "ccapi_library",
NULL);
if (context)
lib = krb5_config_get_string(context, NULL,
"libdefaults", "ccapi_library",
NULL);
if (lib == NULL) {
#ifdef __APPLE__
lib = "/System/Library/Frameworks/Kerberos.framework/Kerberos";
@ -106,23 +115,30 @@ init_ccapi(krb5_context context)
#ifndef RTLD_LAZY
#define RTLD_LAZY 0
#endif
#ifndef RTLD_LOCAL
#define RTLD_LOCAL 0
#endif
cc_handle = dlopen(lib, RTLD_LAZY);
cc_handle = dlopen(lib, RTLD_LAZY|RTLD_LOCAL);
if (cc_handle == NULL) {
HEIMDAL_MUTEX_unlock(&acc_mutex);
krb5_set_error_message(context, KRB5_CC_NOSUPP,
N_("Failed to load API cache module %s", "file"),
lib);
if (context)
krb5_set_error_message(context, KRB5_CC_NOSUPP,
N_("Failed to load API cache module %s", "file"),
lib);
return KRB5_CC_NOSUPP;
}
init_func = (cc_initialize_func)dlsym(cc_handle, "cc_initialize");
set_target_uid = dlsym(cc_handle, "krb5_ipc_client_set_target_uid");
clear_target = dlsym(cc_handle, "krb5_ipc_client_clear_target");
HEIMDAL_MUTEX_unlock(&acc_mutex);
if (init_func == NULL) {
krb5_set_error_message(context, KRB5_CC_NOSUPP,
N_("Failed to find cc_initialize"
"in %s: %s", "file, error"), lib, dlerror());
if (context)
krb5_set_error_message(context, KRB5_CC_NOSUPP,
N_("Failed to find cc_initialize"
"in %s: %s", "file, error"), lib, dlerror());
dlclose(cc_handle);
return KRB5_CC_NOSUPP;
}
@ -130,12 +146,27 @@ init_ccapi(krb5_context context)
return 0;
#else
HEIMDAL_MUTEX_unlock(&acc_mutex);
krb5_set_error_message(context, KRB5_CC_NOSUPP,
N_("no support for shared object", ""));
if (context)
krb5_set_error_message(context, KRB5_CC_NOSUPP,
N_("no support for shared object", ""));
return KRB5_CC_NOSUPP;
#endif
}
void
_heim_krb5_ipc_client_set_target_uid(uid_t uid)
{
init_ccapi(NULL);
(*set_target_uid)(uid);
}
void
_heim_krb5_ipc_client_clear_target(void)
{
init_ccapi(NULL);
(*clear_target)();
}
static krb5_error_code
make_cred_from_ccred(krb5_context context,
const cc_credentials_v5_t *incred,
@ -1068,3 +1099,5 @@ KRB5_LIB_VARIABLE const krb5_cc_ops krb5_acc_ops = {
acc_set_default,
acc_lastchange
};
#endif

View File

@ -47,7 +47,7 @@
* @ingroup krb5
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_add_et_list (krb5_context context,
void (*func)(struct et_list **))
{

View File

@ -175,16 +175,8 @@ ipv4_parse_addr (krb5_context context, const char *address, krb5_address *addr)
return -1;
} else
p = address;
#ifdef HAVE_INET_ATON
if(inet_aton(p, &a) == 0)
return -1;
#elif defined(HAVE_INET_ADDR)
a.s_addr = inet_addr(p);
if(a.s_addr == INADDR_NONE)
return -1;
#else
return -1;
#endif
addr->addr_type = KRB5_ADDRESS_INET;
if(krb5_data_alloc(&addr->address, 4) != 0)
return -1;
@ -339,9 +331,7 @@ static int
ipv6_print_addr (const krb5_address *addr, char *str, size_t len)
{
char buf[128], buf2[3];
#ifdef HAVE_INET_NTOP
if(inet_ntop(AF_INET6, addr->address.data, buf, sizeof(buf)) == NULL)
#endif
{
/* XXX this is pretty ugly, but better than abort() */
int i;
@ -790,7 +780,7 @@ find_atype(int atype)
* @ingroup krb5_address
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_sockaddr2address (krb5_context context,
const struct sockaddr *sa, krb5_address *addr)
{
@ -818,7 +808,7 @@ krb5_sockaddr2address (krb5_context context,
* @ingroup krb5_address
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_sockaddr2port (krb5_context context,
const struct sockaddr *sa, int16_t *port)
{
@ -853,7 +843,7 @@ krb5_sockaddr2port (krb5_context context,
* @ingroup krb5_address
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_addr2sockaddr (krb5_context context,
const krb5_address *addr,
struct sockaddr *sa,
@ -889,7 +879,7 @@ krb5_addr2sockaddr (krb5_context context,
* @ingroup krb5_address
*/
size_t KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION size_t KRB5_LIB_CALL
krb5_max_sockaddr_size (void)
{
if (max_sockaddr_size == 0) {
@ -913,7 +903,7 @@ krb5_max_sockaddr_size (void)
* @ingroup krb5_address
*/
krb5_boolean KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_sockaddr_uninteresting(const struct sockaddr *sa)
{
struct addr_operations *a = find_af(sa->sa_family);
@ -941,7 +931,7 @@ krb5_sockaddr_uninteresting(const struct sockaddr *sa)
* @ingroup krb5_address
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_h_addr2sockaddr (krb5_context context,
int af,
const char *addr, struct sockaddr *sa,
@ -972,7 +962,7 @@ krb5_h_addr2sockaddr (krb5_context context,
* @ingroup krb5_address
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_h_addr2addr (krb5_context context,
int af,
const char *haddr, krb5_address *addr)
@ -1003,7 +993,7 @@ krb5_h_addr2addr (krb5_context context,
* @ingroup krb5_address
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_anyaddr (krb5_context context,
int af,
struct sockaddr *sa,
@ -1038,7 +1028,7 @@ krb5_anyaddr (krb5_context context,
* @ingroup krb5_address
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_print_address (const krb5_address *addr,
char *str, size_t len, size_t *ret_len)
{
@ -1088,7 +1078,7 @@ krb5_print_address (const krb5_address *addr,
* @ingroup krb5_address
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_parse_address(krb5_context context,
const char *string,
krb5_addresses *addresses)
@ -1169,7 +1159,7 @@ krb5_parse_address(krb5_context context,
* @ingroup krb5_address
*/
int KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION int KRB5_LIB_CALL
krb5_address_order(krb5_context context,
const krb5_address *addr1,
const krb5_address *addr2)
@ -1218,7 +1208,7 @@ krb5_address_order(krb5_context context,
* @ingroup krb5_address
*/
krb5_boolean KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_address_compare(krb5_context context,
const krb5_address *addr1,
const krb5_address *addr2)
@ -1239,7 +1229,7 @@ krb5_address_compare(krb5_context context,
* @ingroup krb5_address
*/
krb5_boolean KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_address_search(krb5_context context,
const krb5_address *addr,
const krb5_addresses *addrlist)
@ -1264,7 +1254,7 @@ krb5_address_search(krb5_context context,
* @ingroup krb5_address
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_free_address(krb5_context context,
krb5_address *address)
{
@ -1288,7 +1278,7 @@ krb5_free_address(krb5_context context,
* @ingroup krb5_address
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_free_addresses(krb5_context context,
krb5_addresses *addresses)
{
@ -1314,7 +1304,7 @@ krb5_free_addresses(krb5_context context,
* @ingroup krb5_address
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_copy_address(krb5_context context,
const krb5_address *inaddr,
krb5_address *outaddr)
@ -1338,7 +1328,7 @@ krb5_copy_address(krb5_context context,
* @ingroup krb5_address
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_copy_addresses(krb5_context context,
const krb5_addresses *inaddr,
krb5_addresses *outaddr)
@ -1365,7 +1355,7 @@ krb5_copy_addresses(krb5_context context,
* @ingroup krb5_address
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_append_addresses(krb5_context context,
krb5_addresses *dest,
const krb5_addresses *source)
@ -1409,7 +1399,7 @@ krb5_append_addresses(krb5_context context,
* @ingroup krb5_address
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_make_addrport (krb5_context context,
krb5_address **res, const krb5_address *addr, int16_t port)
{
@ -1476,7 +1466,7 @@ krb5_make_addrport (krb5_context context,
* @ingroup krb5_address
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_address_prefixlen_boundary(krb5_context context,
const krb5_address *inaddr,
unsigned long prefixlen,

View File

@ -33,7 +33,7 @@
#include "krb5_locl.h"
void KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_appdefault_boolean(krb5_context context, const char *appname,
krb5_const_realm realm, const char *option,
krb5_boolean def_val, krb5_boolean *ret_val)
@ -75,7 +75,7 @@ krb5_appdefault_boolean(krb5_context context, const char *appname,
*ret_val = def_val;
}
void KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_appdefault_string(krb5_context context, const char *appname,
krb5_const_realm realm, const char *option,
const char *def_val, char **ret_val)
@ -119,7 +119,7 @@ krb5_appdefault_string(krb5_context context, const char *appname,
*ret_val = NULL;
}
void KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_appdefault_time(krb5_context context, const char *appname,
krb5_const_realm realm, const char *option,
time_t def_val, time_t *ret_val)

View File

@ -37,14 +37,14 @@
#include "krb5_locl.h"
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_principal2principalname (PrincipalName *p,
const krb5_principal from)
{
return copy_PrincipalName(&from->name, p);
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_principalname2krb5_principal (krb5_context context,
krb5_principal *principal,
const PrincipalName from,

View File

@ -33,7 +33,7 @@
#include "krb5_locl.h"
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_init(krb5_context context,
krb5_auth_context *auth_context)
{
@ -64,7 +64,7 @@ krb5_auth_con_init(krb5_context context,
return 0;
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_free(krb5_context context,
krb5_auth_context auth_context)
{
@ -86,7 +86,7 @@ krb5_auth_con_free(krb5_context context,
return 0;
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_setflags(krb5_context context,
krb5_auth_context auth_context,
int32_t flags)
@ -96,7 +96,7 @@ krb5_auth_con_setflags(krb5_context context,
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_getflags(krb5_context context,
krb5_auth_context auth_context,
int32_t *flags)
@ -105,7 +105,7 @@ krb5_auth_con_getflags(krb5_context context,
return 0;
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_addflags(krb5_context context,
krb5_auth_context auth_context,
int32_t addflags,
@ -117,7 +117,7 @@ krb5_auth_con_addflags(krb5_context context,
return 0;
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_removeflags(krb5_context context,
krb5_auth_context auth_context,
int32_t removeflags,
@ -129,7 +129,7 @@ krb5_auth_con_removeflags(krb5_context context,
return 0;
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_setaddrs(krb5_context context,
krb5_auth_context auth_context,
krb5_address *local_addr,
@ -154,10 +154,10 @@ krb5_auth_con_setaddrs(krb5_context context,
return 0;
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_genaddrs(krb5_context context,
krb5_auth_context auth_context,
int fd, int flags)
krb5_socket_t fd, int flags)
{
krb5_error_code ret;
krb5_address local_k_address, remote_k_address;
@ -170,10 +170,10 @@ krb5_auth_con_genaddrs(krb5_context context,
if(flags & KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR) {
if (auth_context->local_address == NULL) {
len = sizeof(ss_local);
if(getsockname(fd, local, &len) < 0) {
if(rk_IS_SOCKET_ERROR(getsockname(fd, local, &len))) {
char buf[128];
ret = errno;
strerror_r(ret, buf, sizeof(buf));
ret = rk_SOCK_ERRNO;
rk_strerror_r(ret, buf, sizeof(buf));
krb5_set_error_message(context, ret, "getsockname: %s", buf);
goto out;
}
@ -188,10 +188,10 @@ krb5_auth_con_genaddrs(krb5_context context,
}
if(flags & KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR) {
len = sizeof(ss_remote);
if(getpeername(fd, remote, &len) < 0) {
if(rk_IS_SOCKET_ERROR(getpeername(fd, remote, &len))) {
char buf[128];
ret = errno;
strerror_r(ret, buf, sizeof(buf));
ret = rk_SOCK_ERRNO;
rk_strerror_r(ret, buf, sizeof(buf));
krb5_set_error_message(context, ret, "getpeername: %s", buf);
goto out;
}
@ -216,12 +216,12 @@ krb5_auth_con_genaddrs(krb5_context context,
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_setaddrs_from_fd (krb5_context context,
krb5_auth_context auth_context,
void *p_fd)
{
int fd = *(int*)p_fd;
krb5_socket_t fd = *(krb5_socket_t *)p_fd;
int flags = 0;
if(auth_context->local_address == NULL)
flags |= KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR;
@ -230,7 +230,7 @@ krb5_auth_con_setaddrs_from_fd (krb5_context context,
return krb5_auth_con_genaddrs(context, auth_context, fd, flags);
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_getaddrs(krb5_context context,
krb5_auth_context auth_context,
krb5_address **local_addr,
@ -273,7 +273,7 @@ copy_key(krb5_context context,
return 0;
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_getkey(krb5_context context,
krb5_auth_context auth_context,
krb5_keyblock **keyblock)
@ -281,7 +281,7 @@ krb5_auth_con_getkey(krb5_context context,
return copy_key(context, auth_context->keyblock, keyblock);
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_getlocalsubkey(krb5_context context,
krb5_auth_context auth_context,
krb5_keyblock **keyblock)
@ -289,7 +289,7 @@ krb5_auth_con_getlocalsubkey(krb5_context context,
return copy_key(context, auth_context->local_subkey, keyblock);
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_getremotesubkey(krb5_context context,
krb5_auth_context auth_context,
krb5_keyblock **keyblock)
@ -297,7 +297,7 @@ krb5_auth_con_getremotesubkey(krb5_context context,
return copy_key(context, auth_context->remote_subkey, keyblock);
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_setkey(krb5_context context,
krb5_auth_context auth_context,
krb5_keyblock *keyblock)
@ -307,7 +307,7 @@ krb5_auth_con_setkey(krb5_context context,
return copy_key(context, keyblock, &auth_context->keyblock);
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_setlocalsubkey(krb5_context context,
krb5_auth_context auth_context,
krb5_keyblock *keyblock)
@ -317,7 +317,7 @@ krb5_auth_con_setlocalsubkey(krb5_context context,
return copy_key(context, keyblock, &auth_context->local_subkey);
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_generatelocalsubkey(krb5_context context,
krb5_auth_context auth_context,
krb5_keyblock *key)
@ -337,7 +337,7 @@ krb5_auth_con_generatelocalsubkey(krb5_context context,
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_setremotesubkey(krb5_context context,
krb5_auth_context auth_context,
krb5_keyblock *keyblock)
@ -347,7 +347,7 @@ krb5_auth_con_setremotesubkey(krb5_context context,
return copy_key(context, keyblock, &auth_context->remote_subkey);
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_setcksumtype(krb5_context context,
krb5_auth_context auth_context,
krb5_cksumtype cksumtype)
@ -356,7 +356,7 @@ krb5_auth_con_setcksumtype(krb5_context context,
return 0;
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_getcksumtype(krb5_context context,
krb5_auth_context auth_context,
krb5_cksumtype *cksumtype)
@ -365,7 +365,7 @@ krb5_auth_con_getcksumtype(krb5_context context,
return 0;
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_setkeytype (krb5_context context,
krb5_auth_context auth_context,
krb5_keytype keytype)
@ -374,7 +374,7 @@ krb5_auth_con_setkeytype (krb5_context context,
return 0;
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_getkeytype (krb5_context context,
krb5_auth_context auth_context,
krb5_keytype *keytype)
@ -384,7 +384,7 @@ krb5_auth_con_getkeytype (krb5_context context,
}
#if 0
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_setenctype(krb5_context context,
krb5_auth_context auth_context,
krb5_enctype etype)
@ -398,7 +398,7 @@ krb5_auth_con_setenctype(krb5_context context,
return 0;
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_getenctype(krb5_context context,
krb5_auth_context auth_context,
krb5_enctype *etype)
@ -407,7 +407,7 @@ krb5_auth_con_getenctype(krb5_context context,
}
#endif
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_getlocalseqnumber(krb5_context context,
krb5_auth_context auth_context,
int32_t *seqnumber)
@ -416,7 +416,7 @@ krb5_auth_con_getlocalseqnumber(krb5_context context,
return 0;
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_setlocalseqnumber (krb5_context context,
krb5_auth_context auth_context,
int32_t seqnumber)
@ -425,16 +425,16 @@ krb5_auth_con_setlocalseqnumber (krb5_context context,
return 0;
}
krb5_error_code KRB5_LIB_FUNCTION
krb5_auth_getremoteseqnumber(krb5_context context,
krb5_auth_context auth_context,
int32_t *seqnumber)
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_getremoteseqnumber(krb5_context context,
krb5_auth_context auth_context,
int32_t *seqnumber)
{
*seqnumber = auth_context->remote_seqnumber;
return 0;
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_setremoteseqnumber (krb5_context context,
krb5_auth_context auth_context,
int32_t seqnumber)
@ -444,7 +444,7 @@ krb5_auth_con_setremoteseqnumber (krb5_context context,
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_getauthenticator(krb5_context context,
krb5_auth_context auth_context,
krb5_authenticator *authenticator)
@ -461,7 +461,7 @@ krb5_auth_con_getauthenticator(krb5_context context,
}
void KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_free_authenticator(krb5_context context,
krb5_authenticator *authenticator)
{
@ -471,7 +471,7 @@ krb5_free_authenticator(krb5_context context,
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_setuserkey(krb5_context context,
krb5_auth_context auth_context,
krb5_keyblock *keyblock)
@ -481,7 +481,7 @@ krb5_auth_con_setuserkey(krb5_context context,
return krb5_copy_keyblock(context, keyblock, &auth_context->keyblock);
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_getrcache(krb5_context context,
krb5_auth_context auth_context,
krb5_rcache *rcache)
@ -490,7 +490,7 @@ krb5_auth_con_getrcache(krb5_context context,
return 0;
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_setrcache(krb5_context context,
krb5_auth_context auth_context,
krb5_rcache rcache)
@ -501,7 +501,7 @@ krb5_auth_con_setrcache(krb5_context context,
#if 0 /* not implemented */
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_initivector(krb5_context context,
krb5_auth_context auth_context)
{
@ -509,7 +509,7 @@ krb5_auth_con_initivector(krb5_context context,
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_setivector(krb5_context context,
krb5_auth_context auth_context,
krb5_pointer ivector)

View File

@ -31,9 +31,9 @@
* SUCH DAMAGE.
*/
#include <krb5_locl.h>
#include "krb5_locl.h"
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_build_ap_req (krb5_context context,
krb5_enctype enctype,
krb5_creds *cred,

View File

@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
#include <krb5_locl.h>
#include "krb5_locl.h"
static krb5_error_code
make_etypelist(krb5_context context,
@ -99,14 +99,14 @@ make_etypelist(krb5_context context,
return 0;
}
krb5_error_code KRB5_LIB_FUNCTION
_krb5_build_authenticator(krb5_context context,
krb5_auth_context auth_context,
krb5_enctype enctype,
krb5_creds *cred,
Checksum *cksum,
krb5_data *result,
krb5_key_usage usage)
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_build_authenticator (krb5_context context,
krb5_auth_context auth_context,
krb5_enctype enctype,
krb5_creds *cred,
Checksum *cksum,
krb5_data *result,
krb5_key_usage usage)
{
Authenticator auth;
u_char *buf = NULL;

View File

@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@ -112,7 +114,7 @@ main (int argc, char **argv)
* @ingroup krb5_ccache
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_register(krb5_context context,
const krb5_cc_ops *ops,
krb5_boolean override)
@ -184,13 +186,34 @@ allocate_ccache (krb5_context context,
krb5_ccache *id)
{
krb5_error_code ret;
#ifdef KRB5_USE_PATH_TOKENS
char * exp_residual = NULL;
ret = _krb5_cc_allocate(context, ops, id);
ret = _krb5_expand_path_tokens(context, residual, &exp_residual);
if (ret)
return ret;
residual = exp_residual;
#endif
ret = _krb5_cc_allocate(context, ops, id);
if (ret) {
#ifdef KRB5_USE_PATH_TOKENS
if (exp_residual)
free(exp_residual);
#endif
return ret;
}
ret = (*id)->ops->resolve(context, id, residual);
if(ret)
free(*id);
#ifdef KRB5_USE_PATH_TOKENS
if (exp_residual)
free(exp_residual);
#endif
return ret;
}
@ -209,7 +232,7 @@ allocate_ccache (krb5_context context,
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_resolve(krb5_context context,
const char *name,
krb5_ccache *id)
@ -249,7 +272,7 @@ krb5_cc_resolve(krb5_context context,
* @ingroup krb5_ccache
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_new_unique(krb5_context context, const char *type,
const char *hint, krb5_ccache *id)
{
@ -281,7 +304,7 @@ krb5_cc_new_unique(krb5_context context, const char *type,
*/
const char* KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
krb5_cc_get_name(krb5_context context,
krb5_ccache id)
{
@ -295,7 +318,7 @@ krb5_cc_get_name(krb5_context context,
*/
const char* KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
krb5_cc_get_type(krb5_context context,
krb5_ccache id)
{
@ -303,15 +326,19 @@ krb5_cc_get_type(krb5_context context,
}
/**
* Return the complete resolvable name the ccache `id' in `str´.
* `str` should be freed with free(3).
* Returns 0 or an error (and then *str is set to NULL).
* Return the complete resolvable name the cache
* @param context a Keberos context
* @param id return pointer to a found credential cache
* @param str the returned name of a credential cache, free with krb5_xfree()
*
* @return Returns 0 or an error (and then *str is set to NULL).
*
* @ingroup krb5_ccache
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_get_full_name(krb5_context context,
krb5_ccache id,
char **str)
@ -362,6 +389,7 @@ krb5_cc_get_ops(krb5_context context, krb5_ccache id)
krb5_error_code
_krb5_expand_default_cc_name(krb5_context context, const char *str, char **res)
{
#ifndef KRB5_USE_PATH_TOKENS
size_t tlen, len = 0;
char *tmp, *tmp2, *append;
@ -379,7 +407,8 @@ _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res)
} else if (tmp) {
tmp2 = strchr(tmp, '}');
if (tmp2 == NULL) {
free(*res);
if (*res)
free(*res);
*res = NULL;
krb5_set_error_message(context, KRB5_CONFIG_BADFORMAT,
"variable missing }");
@ -390,7 +419,8 @@ _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res)
else if (strncasecmp(tmp, "%{null}", 7) == 0)
append = strdup("");
else {
free(*res);
if (*res)
free(*res);
*res = NULL;
krb5_set_error_message(context,
KRB5_CONFIG_BADFORMAT,
@ -405,7 +435,8 @@ _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res)
str = NULL;
}
if (append == NULL) {
free(*res);
if (*res)
free(*res);
*res = NULL;
krb5_set_error_message(context, ENOMEM,
N_("malloc: out of memory", ""));
@ -416,7 +447,8 @@ _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res)
tmp = realloc(*res, len + tlen + 1);
if (tmp == NULL) {
free(append);
free(*res);
if (*res)
free(*res);
*res = NULL;
krb5_set_error_message(context, ENOMEM,
N_("malloc: out of memory", ""));
@ -428,6 +460,13 @@ _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res)
free(append);
}
return 0;
#else /* _WIN32 */
/* On Windows, we use the more generic _krb5_expand_path_tokens()
function which also handles path tokens in addition to %{uid}
and %{null} */
return _krb5_expand_path_tokens(context, str, res);
#endif
}
/*
@ -444,6 +483,12 @@ environment_changed(krb5_context context)
if (context->default_cc_name_set)
return 0;
/* XXX performance: always ask KCM/API if default name has changed */
if (context->default_cc_name &&
(strncmp(context->default_cc_name, "KCM:", 4) == 0 ||
strncmp(context->default_cc_name, "API:", 4) == 0))
return 1;
if(issuid())
return 0;
@ -472,7 +517,7 @@ environment_changed(krb5_context context)
* @ingroup krb5_ccache
*/
krb5_error_code
krb5_error_code KRB5_LIB_FUNCTION
krb5_cc_switch(krb5_context context, krb5_ccache id)
{
@ -482,13 +527,30 @@ krb5_cc_switch(krb5_context context, krb5_ccache id)
return (*id->ops->set_default)(context, id);
}
/**
* Return true if the default credential cache support switch
*
* @ingroup krb5_ccache
*/
krb5_boolean KRB5_LIB_FUNCTION
krb5_cc_support_switch(krb5_context context, const char *type)
{
const krb5_cc_ops *ops;
ops = krb5_cc_get_prefix_ops(context, type);
if (ops && ops->set_default)
return 1;
return FALSE;
}
/**
* Set the default cc name for `context' to `name'.
*
* @ingroup krb5_ccache
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_set_default_name(krb5_context context, const char *name)
{
krb5_error_code ret = 0;
@ -544,6 +606,20 @@ krb5_cc_set_default_name(krb5_context context, const char *name)
return ENOMEM;
}
#ifdef KRB5_USE_PATH_TOKENS
{
char * exp_p = NULL;
if (_krb5_expand_path_tokens(context, p, &exp_p) == 0) {
free (p);
p = exp_p;
} else {
free (p);
return EINVAL;
}
}
#endif
if (context->default_cc_name)
free(context->default_cc_name);
@ -562,7 +638,7 @@ krb5_cc_set_default_name(krb5_context context, const char *name)
*/
const char* KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
krb5_cc_default_name(krb5_context context)
{
if (context->default_cc_name == NULL || environment_changed(context))
@ -580,7 +656,7 @@ krb5_cc_default_name(krb5_context context)
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_default(krb5_context context,
krb5_ccache *id)
{
@ -602,7 +678,7 @@ krb5_cc_default(krb5_context context,
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_initialize(krb5_context context,
krb5_ccache id,
krb5_principal primary_principal)
@ -620,7 +696,7 @@ krb5_cc_initialize(krb5_context context,
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_destroy(krb5_context context,
krb5_ccache id)
{
@ -640,7 +716,7 @@ krb5_cc_destroy(krb5_context context,
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_close(krb5_context context,
krb5_ccache id)
{
@ -659,7 +735,7 @@ krb5_cc_close(krb5_context context,
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_store_cred(krb5_context context,
krb5_ccache id,
krb5_creds *creds)
@ -685,7 +761,7 @@ krb5_cc_store_cred(krb5_context context,
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_retrieve_cred(krb5_context context,
krb5_ccache id,
krb5_flags whichfields,
@ -723,7 +799,7 @@ krb5_cc_retrieve_cred(krb5_context context,
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_get_principal(krb5_context context,
krb5_ccache id,
krb5_principal *principal)
@ -741,7 +817,7 @@ krb5_cc_get_principal(krb5_context context,
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_start_seq_get (krb5_context context,
const krb5_ccache id,
krb5_cc_cursor *cursor)
@ -759,7 +835,7 @@ krb5_cc_start_seq_get (krb5_context context,
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_next_cred (krb5_context context,
const krb5_ccache id,
krb5_cc_cursor *cursor,
@ -775,7 +851,7 @@ krb5_cc_next_cred (krb5_context context,
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_end_seq_get (krb5_context context,
const krb5_ccache id,
krb5_cc_cursor *cursor)
@ -790,7 +866,7 @@ krb5_cc_end_seq_get (krb5_context context,
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_remove_cred(krb5_context context,
krb5_ccache id,
krb5_flags which,
@ -813,7 +889,7 @@ krb5_cc_remove_cred(krb5_context context,
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_set_flags(krb5_context context,
krb5_ccache id,
krb5_flags flags)
@ -827,7 +903,7 @@ krb5_cc_set_flags(krb5_context context,
* @ingroup krb5_ccache
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_get_flags(krb5_context context,
krb5_ccache id,
krb5_flags *flags)
@ -852,7 +928,7 @@ krb5_cc_get_flags(krb5_context context,
* @ingroup krb5_ccache
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_copy_match_f(krb5_context context,
const krb5_ccache from,
krb5_ccache to,
@ -905,7 +981,7 @@ krb5_cc_copy_match_f(krb5_context context,
* @ingroup @krb5_ccache
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_copy_cache(krb5_context context,
const krb5_ccache from,
krb5_ccache to)
@ -920,7 +996,7 @@ krb5_cc_copy_cache(krb5_context context,
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_get_version(krb5_context context,
const krb5_ccache id)
{
@ -937,7 +1013,7 @@ krb5_cc_get_version(krb5_context context,
*/
void KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_cc_clear_mcred(krb5_creds *mcred)
{
memset(mcred, 0, sizeof(*mcred));
@ -1005,7 +1081,7 @@ struct krb5_cc_cache_cursor_data {
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_cache_get_first (krb5_context context,
const char *type,
krb5_cc_cache_cursor *cursor)
@ -1063,7 +1139,7 @@ krb5_cc_cache_get_first (krb5_context context,
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_cache_next (krb5_context context,
krb5_cc_cache_cursor cursor,
krb5_ccache *id)
@ -1080,7 +1156,7 @@ krb5_cc_cache_next (krb5_context context,
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_cache_end_seq_get (krb5_context context,
krb5_cc_cache_cursor cursor)
{
@ -1106,7 +1182,7 @@ krb5_cc_cache_end_seq_get (krb5_context context,
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_cache_match (krb5_context context,
krb5_principal client,
krb5_ccache *id)
@ -1240,7 +1316,7 @@ build_conf_principals(krb5_context context, krb5_ccache id,
* @ingroup krb5_ccache
*/
krb5_boolean KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_is_config_principal(krb5_context context,
krb5_const_principal principal)
{
@ -1268,7 +1344,7 @@ krb5_is_config_principal(krb5_context context,
* @ingroup krb5_ccache
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_set_config(krb5_context context, krb5_ccache id,
krb5_const_principal principal,
const char *name, krb5_data *data)
@ -1316,7 +1392,7 @@ out:
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_get_config(krb5_context context, krb5_ccache id,
krb5_const_principal principal,
const char *name, krb5_data *data)
@ -1347,7 +1423,7 @@ out:
*
*/
struct krb5_cccol_cursor {
struct krb5_cccol_cursor_data {
int idx;
krb5_cc_cache_cursor cursor;
};
@ -1364,7 +1440,7 @@ struct krb5_cccol_cursor {
* @ingroup krb5_ccache
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cccol_cursor_new(krb5_context context, krb5_cccol_cursor *cursor)
{
*cursor = calloc(1, sizeof(**cursor));
@ -1396,7 +1472,7 @@ krb5_cccol_cursor_new(krb5_context context, krb5_cccol_cursor *cursor)
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cccol_cursor_next(krb5_context context, krb5_cccol_cursor cursor,
krb5_ccache *cache)
{
@ -1447,7 +1523,7 @@ krb5_cccol_cursor_next(krb5_context context, krb5_cccol_cursor cursor,
* @ingroup krb5_ccache
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cccol_cursor_free(krb5_context context, krb5_cccol_cursor *cursor)
{
krb5_cccol_cursor c = *cursor;
@ -1474,7 +1550,7 @@ krb5_cccol_cursor_free(krb5_context context, krb5_cccol_cursor *cursor)
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_last_change_time(krb5_context context,
krb5_ccache id,
krb5_timestamp *mtime)
@ -1497,7 +1573,7 @@ krb5_cc_last_change_time(krb5_context context,
* @ingroup krb5_ccache
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cccol_last_change_time(krb5_context context,
const char *type,
krb5_timestamp *mtime)
@ -1538,7 +1614,7 @@ krb5_cccol_last_change_time(krb5_context context,
* @ingroup krb5_ccache
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_get_friendly_name(krb5_context context,
krb5_ccache id,
char **name)
@ -1575,7 +1651,7 @@ krb5_cc_get_friendly_name(krb5_context context,
* @ingroup krb5_ccache
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_set_friendly_name(krb5_context context,
krb5_ccache id,
const char *name)
@ -1603,7 +1679,7 @@ krb5_cc_set_friendly_name(krb5_context context,
* @ingroup krb5_ccache
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_get_lifetime(krb5_context context, krb5_ccache id, time_t *t)
{
krb5_cc_cursor cursor;
@ -1623,13 +1699,61 @@ krb5_cc_get_lifetime(krb5_context context, krb5_ccache id, time_t *t)
if (now < cred.times.endtime)
*t = cred.times.endtime - now;
krb5_free_cred_contents(context, &cred);
goto out;
break;
}
krb5_free_cred_contents(context, &cred);
}
out:
krb5_cc_end_seq_get(context, id, &cursor);
return ret;
}
/**
* Set the time offset betwen the client and the KDC
*
* If the backend doesn't support KDC offset, use the context global setting.
*
* @param context A Kerberos 5 context.
* @param id a credential cache
* @param offset the offset in seconds
*
* @return Return an error code or 0, see krb5_get_error_message().
*
* @ingroup krb5_ccache
*/
krb5_error_code
krb5_cc_set_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat offset)
{
if (id->ops->set_kdc_offset == NULL) {
context->kdc_sec_offset = offset;
context->kdc_usec_offset = 0;
return 0;
}
return (*id->ops->set_kdc_offset)(context, id, offset);
}
/**
* Get the time offset betwen the client and the KDC
*
* If the backend doesn't support KDC offset, use the context global setting.
*
* @param context A Kerberos 5 context.
* @param id a credential cache
* @param offset the offset in seconds
*
* @return Return an error code or 0, see krb5_get_error_message().
*
* @ingroup krb5_ccache
*/
krb5_error_code
krb5_cc_get_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat *offset)
{
if (id->ops->get_kdc_offset == NULL) {
*offset = context->kdc_sec_offset;
return 0;
}
return (*id->ops->get_kdc_offset)(context, id, offset);
}

View File

@ -33,7 +33,7 @@
#define KRB5_DEPRECATED
#include <krb5_locl.h>
#include "krb5_locl.h"
#undef __attribute__
#define __attribute__(X)
@ -602,7 +602,8 @@ change_password_loop (krb5_context context,
goto out;
}
}
#ifndef NO_LIMIT_FD_SETSIZE
if (sock >= FD_SETSIZE) {
ret = ERANGE;
krb5_set_error_message(context, ret,
@ -610,6 +611,7 @@ change_password_loop (krb5_context context,
close (sock);
goto out;
}
#endif
FD_ZERO(&fdset);
FD_SET(sock, &fdset);
@ -670,7 +672,7 @@ find_chpw_proto(const char *name)
}
/**
* krb5_change_password() is deprecated, use krb5_set_password().
* Deprecated: krb5_change_password() is deprecated, use krb5_set_password().
*
* @param context a Keberos context
* @param creds
@ -684,14 +686,14 @@ find_chpw_proto(const char *name)
* @ingroup @krb5_deprecated
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_change_password (krb5_context context,
krb5_creds *creds,
const char *newpw,
int *result_code,
krb5_data *result_code_string,
krb5_data *result_string)
KRB5_DEPRECATED
{
struct kpwd_proc *p = find_chpw_proto("change password");
@ -726,7 +728,7 @@ krb5_change_password (krb5_context context,
* @ingroup @krb5
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_set_password(krb5_context context,
krb5_creds *creds,
const char *newpw,
@ -769,7 +771,7 @@ krb5_set_password(krb5_context context,
*
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_set_password_using_ccache(krb5_context context,
krb5_ccache ccache,
const char *newpw,
@ -834,7 +836,7 @@ krb5_set_password_using_ccache(krb5_context context,
*
*/
const char* KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
krb5_passwd_result_to_string (krb5_context context,
int result)
{

View File

@ -37,178 +37,178 @@
#ifndef HEIMDAL_SMALLER
krb5_error_code KRB5_LIB_FUNCTION
KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_decode_EncTicketPart (krb5_context context,
const void *data,
size_t length,
EncTicketPart *t,
size_t *len)
KRB5_DEPRECATED
{
return decode_EncTicketPart(data, length, t, len);
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_encode_EncTicketPart (krb5_context context,
void *data,
size_t length,
EncTicketPart *t,
size_t *len)
KRB5_DEPRECATED
{
return encode_EncTicketPart(data, length, t, len);
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_decode_EncASRepPart (krb5_context context,
const void *data,
size_t length,
EncASRepPart *t,
size_t *len)
KRB5_DEPRECATED
{
return decode_EncASRepPart(data, length, t, len);
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_encode_EncASRepPart (krb5_context context,
void *data,
size_t length,
EncASRepPart *t,
size_t *len)
KRB5_DEPRECATED
{
return encode_EncASRepPart(data, length, t, len);
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_decode_EncTGSRepPart (krb5_context context,
const void *data,
size_t length,
EncTGSRepPart *t,
size_t *len)
KRB5_DEPRECATED
{
return decode_EncTGSRepPart(data, length, t, len);
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_encode_EncTGSRepPart (krb5_context context,
void *data,
size_t length,
EncTGSRepPart *t,
size_t *len)
KRB5_DEPRECATED
{
return encode_EncTGSRepPart(data, length, t, len);
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_decode_EncAPRepPart (krb5_context context,
const void *data,
size_t length,
EncAPRepPart *t,
size_t *len)
KRB5_DEPRECATED
{
return decode_EncAPRepPart(data, length, t, len);
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_encode_EncAPRepPart (krb5_context context,
void *data,
size_t length,
EncAPRepPart *t,
size_t *len)
KRB5_DEPRECATED
{
return encode_EncAPRepPart(data, length, t, len);
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_decode_Authenticator (krb5_context context,
const void *data,
size_t length,
Authenticator *t,
size_t *len)
KRB5_DEPRECATED
{
return decode_Authenticator(data, length, t, len);
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_encode_Authenticator (krb5_context context,
void *data,
size_t length,
Authenticator *t,
size_t *len)
KRB5_DEPRECATED
{
return encode_Authenticator(data, length, t, len);
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_decode_EncKrbCredPart (krb5_context context,
const void *data,
size_t length,
EncKrbCredPart *t,
size_t *len)
KRB5_DEPRECATED
{
return decode_EncKrbCredPart(data, length, t, len);
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_encode_EncKrbCredPart (krb5_context context,
void *data,
size_t length,
EncKrbCredPart *t,
size_t *len)
KRB5_DEPRECATED
{
return encode_EncKrbCredPart (data, length, t, len);
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_decode_ETYPE_INFO (krb5_context context,
const void *data,
size_t length,
ETYPE_INFO *t,
size_t *len)
KRB5_DEPRECATED
{
return decode_ETYPE_INFO(data, length, t, len);
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_encode_ETYPE_INFO (krb5_context context,
void *data,
size_t length,
ETYPE_INFO *t,
size_t *len)
KRB5_DEPRECATED
{
return encode_ETYPE_INFO (data, length, t, len);
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_decode_ETYPE_INFO2 (krb5_context context,
const void *data,
size_t length,
ETYPE_INFO2 *t,
size_t *len)
KRB5_DEPRECATED
{
return decode_ETYPE_INFO2(data, length, t, len);
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_encode_ETYPE_INFO2 (krb5_context context,
void *data,
size_t length,
ETYPE_INFO2 *t,
size_t *len)
KRB5_DEPRECATED
{
return encode_ETYPE_INFO2 (data, length, t, len);
}

View File

@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@ -35,6 +37,10 @@
#include "krb5_locl.h"
#ifdef __APPLE__
#include <CoreFoundation/CoreFoundation.h>
#endif
/* Gaah! I want a portable funopen */
struct fileptr {
const char *s;
@ -233,6 +239,98 @@ parse_binding(struct fileptr *f, unsigned *lineno, char *p,
return ret;
}
#ifdef __APPLE__
static char *
cfstring2cstring(CFStringRef string)
{
CFIndex len;
char *str;
str = (char *) CFStringGetCStringPtr(string, kCFStringEncodingUTF8);
if (str)
return strdup(str);
len = CFStringGetLength(string);
len = 1 + CFStringGetMaximumSizeForEncoding(len, kCFStringEncodingUTF8);
str = malloc(len);
if (str == NULL)
return NULL;
if (!CFStringGetCString (string, str, len, kCFStringEncodingUTF8)) {
free (str);
return NULL;
}
return str;
}
static void
convert_content(const void *key, const void *value, void *context)
{
krb5_config_section *tmp, **parent = context;
char *k;
if (CFGetTypeID(key) != CFStringGetTypeID())
return;
k = cfstring2cstring(key);
if (k == NULL)
return;
if (CFGetTypeID(value) == CFStringGetTypeID()) {
tmp = get_entry(parent, k, krb5_config_string);
tmp->u.string = cfstring2cstring(value);
} else if (CFGetTypeID(value) == CFDictionaryGetTypeID()) {
tmp = get_entry(parent, k, krb5_config_list);
CFDictionaryApplyFunction(value, convert_content, &tmp->u.list);
} else {
/* log */
}
free(k);
}
static krb5_error_code
parse_plist_config(krb5_context context, const char *path, krb5_config_section **parent)
{
CFReadStreamRef s;
CFDictionaryRef d;
CFErrorRef e;
CFURLRef url;
url = CFURLCreateFromFileSystemRepresentation(kCFAllocatorDefault, (UInt8 *)path, strlen(path), FALSE);
if (url == NULL) {
krb5_clear_error_message(context);
return ENOMEM;
}
s = CFReadStreamCreateWithFile(kCFAllocatorDefault, url);
CFRelease(url);
if (s == NULL) {
krb5_clear_error_message(context);
return ENOMEM;
}
if (!CFReadStreamOpen(s)) {
CFRelease(s);
krb5_clear_error_message(context);
return ENOENT;
}
d = (CFDictionaryRef)CFPropertyListCreateWithStream (kCFAllocatorDefault, s, 0, kCFPropertyListImmutable, NULL, &e);
CFRelease(s);
if (d == NULL) {
krb5_clear_error_message(context);
return ENOENT;
}
CFDictionaryApplyFunction(d, convert_content, parent);
CFRelease(d);
return 0;
}
#endif
/*
* Parse the config file `fname', generating the structures into `res'
* returning error messages in `error_message'
@ -280,6 +378,18 @@ krb5_config_parse_debug (struct fileptr *f,
return 0;
}
static int
is_plist_file(const char *fname)
{
size_t len = strlen(fname);
char suffix[] = ".plist";
if (len < sizeof(suffix))
return 0;
if (strcasecmp(&fname[len - (sizeof(suffix) - 1)], suffix) != 0)
return 0;
return 1;
}
/**
* Parse a configuration file and add the result into res. This
* interface can be used to parse several configuration files into one
@ -293,7 +403,7 @@ krb5_config_parse_debug (struct fileptr *f,
* @ingroup krb5_support
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_config_parse_file_multi (krb5_context context,
const char *fname,
krb5_config_section **res)
@ -309,9 +419,16 @@ krb5_config_parse_file_multi (krb5_context context,
* current users home directory. The behavior can be disabled and
* enabled by calling krb5_set_home_dir_access().
*/
if (_krb5_homedir_access(context) && fname[0] == '~' && fname[1] == '/') {
if (fname[0] == '~' && fname[1] == '/') {
#ifndef KRB5_USE_PATH_TOKENS
const char *home = NULL;
if (!_krb5_homedir_access(context)) {
krb5_set_error_message(context, EPERM,
"Access to home directory not allowed");
return EPERM;
}
if(!issuid())
home = getenv("HOME");
@ -329,33 +446,73 @@ krb5_config_parse_file_multi (krb5_context context,
}
fname = newfname;
}
#else /* KRB5_USE_PATH_TOKENS */
asprintf(&newfname, "%%{USERCONFIG}/%s", &fname[1]);
if (newfname == NULL) {
krb5_set_error_message(context, ENOMEM,
N_("malloc: out of memory", ""));
return ENOMEM;
}
fname = newfname;
#endif
}
f.f = fopen(fname, "r");
f.s = NULL;
if(f.f == NULL) {
ret = errno;
krb5_set_error_message (context, ret, "open %s: %s",
fname, strerror(ret));
if (newfname)
free(newfname);
return ret;
}
if (is_plist_file(fname)) {
#ifdef __APPLE__
ret = parse_plist_config(context, fname, res);
if (ret) {
krb5_set_error_message(context, ret,
"Failed to parse plist %s", fname);
if (newfname)
free(newfname);
return ret;
}
#else
krb5_set_error_message(context, ENOENT,
"no support for plist configuration files");
return ENOENT;
#endif
} else {
#ifdef KRB5_USE_PATH_TOKENS
char * exp_fname = NULL;
ret = krb5_config_parse_debug (&f, res, &lineno, &str);
fclose(f.f);
if (ret) {
krb5_set_error_message (context, ret, "%s:%u: %s", fname, lineno, str);
ret = _krb5_expand_path_tokens(context, fname, &exp_fname);
if (ret) {
if (newfname)
free(newfname);
return ret;
}
if (newfname)
free(newfname);
return ret;
fname = newfname = exp_fname;
#endif
f.f = fopen(fname, "r");
f.s = NULL;
if(f.f == NULL) {
ret = errno;
krb5_set_error_message (context, ret, "open %s: %s",
fname, strerror(ret));
if (newfname)
free(newfname);
return ret;
}
ret = krb5_config_parse_debug (&f, res, &lineno, &str);
fclose(f.f);
if (ret) {
krb5_set_error_message (context, ret, "%s:%u: %s",
fname, lineno, str);
if (newfname)
free(newfname);
return ret;
}
}
if (newfname)
free(newfname);
return 0;
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_config_parse_file (krb5_context context,
const char *fname,
krb5_config_section **res)
@ -397,7 +554,7 @@ free_binding (krb5_context context, krb5_config_binding *b)
* @ingroup krb5_support
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_config_file_free (krb5_context context, krb5_config_section *s)
{
free_binding (context, s);
@ -406,7 +563,7 @@ krb5_config_file_free (krb5_context context, krb5_config_section *s)
#ifndef HEIMDAL_SMALLER
krb5_error_code
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_config_copy(krb5_context context,
krb5_config_section *c,
krb5_config_section **head)
@ -442,7 +599,7 @@ _krb5_config_copy(krb5_context context,
#endif /* HEIMDAL_SMALLER */
const void *
KRB5_LIB_FUNCTION const void * KRB5_LIB_CALL
_krb5_config_get_next (krb5_context context,
const krb5_config_section *c,
const krb5_config_binding **pointer,
@ -481,7 +638,7 @@ vget_next(krb5_context context,
return NULL;
}
const void *
KRB5_LIB_FUNCTION const void * KRB5_LIB_CALL
_krb5_config_vget_next (krb5_context context,
const krb5_config_section *c,
const krb5_config_binding **pointer,
@ -517,7 +674,7 @@ _krb5_config_vget_next (krb5_context context,
return NULL;
}
const void *
KRB5_LIB_FUNCTION const void * KRB5_LIB_CALL
_krb5_config_get (krb5_context context,
const krb5_config_section *c,
int type,
@ -532,6 +689,7 @@ _krb5_config_get (krb5_context context,
return ret;
}
const void *
_krb5_config_vget (krb5_context context,
const krb5_config_section *c,
@ -555,7 +713,7 @@ _krb5_config_vget (krb5_context context,
* @ingroup krb5_support
*/
const krb5_config_binding *
KRB5_LIB_FUNCTION const krb5_config_binding * KRB5_LIB_CALL
krb5_config_get_list (krb5_context context,
const krb5_config_section *c,
...)
@ -581,7 +739,7 @@ krb5_config_get_list (krb5_context context,
* @ingroup krb5_support
*/
const krb5_config_binding *
KRB5_LIB_FUNCTION const krb5_config_binding * KRB5_LIB_CALL
krb5_config_vget_list (krb5_context context,
const krb5_config_section *c,
va_list args)
@ -604,7 +762,7 @@ krb5_config_vget_list (krb5_context context,
* @ingroup krb5_support
*/
const char* KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
krb5_config_get_string (krb5_context context,
const krb5_config_section *c,
...)
@ -630,7 +788,7 @@ krb5_config_get_string (krb5_context context,
* @ingroup krb5_support
*/
const char* KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
krb5_config_vget_string (krb5_context context,
const krb5_config_section *c,
va_list args)
@ -653,7 +811,7 @@ krb5_config_vget_string (krb5_context context,
* @ingroup krb5_support
*/
const char* KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
krb5_config_vget_string_default (krb5_context context,
const krb5_config_section *c,
const char *def_value,
@ -682,7 +840,7 @@ krb5_config_vget_string_default (krb5_context context,
* @ingroup krb5_support
*/
const char* KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
krb5_config_get_string_default (krb5_context context,
const krb5_config_section *c,
const char *def_value,
@ -710,7 +868,7 @@ krb5_config_get_string_default (krb5_context context,
* @ingroup krb5_support
*/
char ** KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION char ** KRB5_LIB_CALL
krb5_config_vget_strings(krb5_context context,
const krb5_config_section *c,
va_list args)
@ -770,7 +928,7 @@ cleanup:
* @ingroup krb5_support
*/
char**
KRB5_LIB_FUNCTION char** KRB5_LIB_CALL
krb5_config_get_strings(krb5_context context,
const krb5_config_section *c,
...)
@ -792,7 +950,7 @@ krb5_config_get_strings(krb5_context context,
* @ingroup krb5_support
*/
void KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_config_free_strings(char **strings)
{
char **s = strings;
@ -821,7 +979,7 @@ krb5_config_free_strings(char **strings)
* @ingroup krb5_support
*/
krb5_boolean KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_config_vget_bool_default (krb5_context context,
const krb5_config_section *c,
krb5_boolean def_value,
@ -851,7 +1009,7 @@ krb5_config_vget_bool_default (krb5_context context,
* @ingroup krb5_support
*/
krb5_boolean KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_config_vget_bool (krb5_context context,
const krb5_config_section *c,
va_list args)
@ -875,7 +1033,7 @@ krb5_config_vget_bool (krb5_context context,
* @ingroup krb5_support
*/
krb5_boolean KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_config_get_bool_default (krb5_context context,
const krb5_config_section *c,
krb5_boolean def_value,
@ -905,7 +1063,7 @@ krb5_config_get_bool_default (krb5_context context,
* @ingroup krb5_support
*/
krb5_boolean KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_config_get_bool (krb5_context context,
const krb5_config_section *c,
...)
@ -935,7 +1093,7 @@ krb5_config_get_bool (krb5_context context,
* @ingroup krb5_support
*/
int KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION int KRB5_LIB_CALL
krb5_config_vget_time_default (krb5_context context,
const krb5_config_section *c,
int def_value,
@ -964,10 +1122,10 @@ krb5_config_vget_time_default (krb5_context context,
* @ingroup krb5_support
*/
int KRB5_LIB_FUNCTION
krb5_config_vget_time(krb5_context context,
const krb5_config_section *c,
va_list args)
KRB5_LIB_FUNCTION int KRB5_LIB_CALL
krb5_config_vget_time (krb5_context context,
const krb5_config_section *c,
va_list args)
{
return krb5_config_vget_time_default (context, c, -1, args);
}
@ -986,7 +1144,7 @@ krb5_config_vget_time(krb5_context context,
* @ingroup krb5_support
*/
int KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION int KRB5_LIB_CALL
krb5_config_get_time_default (krb5_context context,
const krb5_config_section *c,
int def_value,
@ -1012,7 +1170,7 @@ krb5_config_get_time_default (krb5_context context,
* @ingroup krb5_support
*/
int KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION int KRB5_LIB_CALL
krb5_config_get_time (krb5_context context,
const krb5_config_section *c,
...)
@ -1026,7 +1184,7 @@ krb5_config_get_time (krb5_context context,
}
int KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION int KRB5_LIB_CALL
krb5_config_vget_int_default (krb5_context context,
const krb5_config_section *c,
int def_value,
@ -1047,7 +1205,7 @@ krb5_config_vget_int_default (krb5_context context,
}
}
int KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION int KRB5_LIB_CALL
krb5_config_vget_int (krb5_context context,
const krb5_config_section *c,
va_list args)
@ -1055,7 +1213,7 @@ krb5_config_vget_int (krb5_context context,
return krb5_config_vget_int_default (context, c, -1, args);
}
int KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION int KRB5_LIB_CALL
krb5_config_get_int_default (krb5_context context,
const krb5_config_section *c,
int def_value,
@ -1069,7 +1227,7 @@ krb5_config_get_int_default (krb5_context context,
return ret;
}
int KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION int KRB5_LIB_CALL
krb5_config_get_int (krb5_context context,
const krb5_config_section *c,
...)
@ -1085,10 +1243,17 @@ krb5_config_get_int (krb5_context context,
#ifndef HEIMDAL_SMALLER
/**
* Deprecated: configuration files are not strings
*
* @ingroup krb5_deprecated
*/
KRB5_DEPRECATED
krb5_error_code KRB5_LIB_FUNCTION
krb5_config_parse_string_multi(krb5_context context,
const char *string,
krb5_config_section **res) KRB5_DEPRECATED
krb5_config_section **res)
{
const char *str;
unsigned lineno = 0;

View File

@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@ -35,10 +37,17 @@
KRB5_LIB_VARIABLE const char *krb5_config_file =
#ifdef __APPLE__
"~/Library/Preferences/com.apple.Kerberos.plist:"
"/Library/Preferences/com.apple.Kerberos.plist:"
"~/Library/Preferences/edu.mit.Kerberos:"
"/Library/Preferences/edu.mit.Kerberos:"
#endif /* __APPLE__ */
SYSCONFDIR "/krb5.conf"
#ifndef _WIN32
":/etc/krb5.conf"
#endif
SYSCONFDIR "/krb5.conf:/etc/krb5.conf";
;
KRB5_LIB_VARIABLE const char *krb5_defkeyname = KEYTAB_DEFAULT;
KRB5_LIB_VARIABLE const char *krb5_cc_type_api = "API";

View File

@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@ -223,16 +225,49 @@ cc_ops_register(krb5_context context)
context->cc_ops = NULL;
context->num_cc_ops = 0;
#ifndef KCM_IS_API_CACHE
krb5_cc_register(context, &krb5_acc_ops, TRUE);
#endif
krb5_cc_register(context, &krb5_fcc_ops, TRUE);
krb5_cc_register(context, &krb5_mcc_ops, TRUE);
#ifdef HAVE_SCC
krb5_cc_register(context, &krb5_scc_ops, TRUE);
#endif
#ifdef HAVE_KCM
#ifdef KCM_IS_API_CACHE
krb5_cc_register(context, &krb5_akcm_ops, TRUE);
#endif
krb5_cc_register(context, &krb5_kcm_ops, TRUE);
#endif
return 0;
}
static krb5_error_code
cc_ops_copy(krb5_context context, const krb5_context src_context)
{
const krb5_cc_ops **cc_ops;
context->cc_ops = NULL;
context->num_cc_ops = 0;
if (src_context->num_cc_ops == 0)
return 0;
cc_ops = malloc(sizeof(cc_ops[0]) * src_context->num_cc_ops);
if (cc_ops == NULL) {
krb5_set_error_message(context, KRB5_CC_NOMEM,
N_("malloc: out of memory", ""));
return KRB5_CC_NOMEM;
}
memcpy(cc_ops, src_context->cc_ops,
sizeof(cc_ops[0]) * src_context->num_cc_ops);
context->cc_ops = cc_ops;
context->num_cc_ops = src_context->num_cc_ops;
return 0;
}
static krb5_error_code
kt_ops_register(krb5_context context)
{
@ -250,6 +285,28 @@ kt_ops_register(krb5_context context)
return 0;
}
static krb5_error_code
kt_ops_copy(krb5_context context, const krb5_context src_context)
{
context->num_kt_types = 0;
context->kt_types = NULL;
if (src_context->num_kt_types == 0)
return 0;
context->kt_types = malloc(sizeof(context->kt_types[0]) * src_context->num_kt_types);
if (context->kt_types == NULL) {
krb5_set_error_message(context, ENOMEM,
N_("malloc: out of memory", ""));
return ENOMEM;
}
context->num_kt_types = src_context->num_kt_types;
memcpy(context->kt_types, src_context->kt_types,
sizeof(context->kt_types[0]) * src_context->num_kt_types);
return 0;
}
/**
* Initializes the context structure and reads the configuration file
@ -266,7 +323,7 @@ kt_ops_register(krb5_context context)
* @ingroup krb5
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_init_context(krb5_context *context)
{
krb5_context p;
@ -309,6 +366,8 @@ krb5_init_context(krb5_context *context)
if (ret)
goto out;
#endif
if (rk_SOCK_INIT())
p->flags |= KRB5_CTX_F_SOCKETS_INITIALIZED;
out:
if(ret) {
@ -359,7 +418,7 @@ copy_etypes (krb5_context context,
* @ingroup krb5
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_copy_context(krb5_context context, krb5_context *out)
{
krb5_error_code ret;
@ -411,8 +470,9 @@ krb5_copy_context(krb5_context context, krb5_context *out)
/* XXX should copy */
krb5_init_ets(p);
cc_ops_register(p);
kt_ops_register(p);
cc_ops_copy(p, context);
kt_ops_copy(p, context);
#if 0 /* XXX */
if(context->warn_dest != NULL)
@ -451,7 +511,7 @@ krb5_copy_context(krb5_context context, krb5_context *out)
* @ingroup krb5
*/
void KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_free_context(krb5_context context)
{
if (context->default_cc_name)
@ -480,6 +540,9 @@ krb5_free_context(krb5_context context)
HEIMDAL_MUTEX_destroy(context->mutex);
free(context->mutex);
if (context->flags & KRB5_CTX_F_SOCKETS_INITIALIZED) {
rk_SOCK_EXIT();
}
memset(context, 0, sizeof(*context));
free(context);
@ -497,14 +560,14 @@ krb5_free_context(krb5_context context)
* @ingroup krb5
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_set_config_files(krb5_context context, char **filenames)
{
krb5_error_code ret;
krb5_config_binding *tmp = NULL;
while(filenames != NULL && *filenames != NULL && **filenames != '\0') {
ret = krb5_config_parse_file_multi(context, *filenames, &tmp);
if(ret != 0 && ret != ENOENT && ret != EACCES) {
if(ret != 0 && ret != ENOENT && ret != EACCES && ret != EPERM) {
krb5_config_file_free(context, tmp);
return ret;
}
@ -552,7 +615,7 @@ add_file(char ***pfilenames, int *len, char *file)
* `pq' isn't free, it's up the the caller
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_prepend_config_files(const char *filelist, char **pq, char ***ret_pp)
{
krb5_error_code ret;
@ -617,7 +680,7 @@ krb5_prepend_config_files(const char *filelist, char **pq, char ***ret_pp)
* @ingroup krb5
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_prepend_config_files_default(const char *filelist, char ***pfilenames)
{
krb5_error_code ret;
@ -647,7 +710,7 @@ krb5_prepend_config_files_default(const char *filelist, char ***pfilenames)
* @ingroup krb5
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_default_config_files(char ***pfilenames)
{
const char *files = NULL;
@ -674,7 +737,7 @@ krb5_get_default_config_files(char ***pfilenames)
* @ingroup krb5
*/
void KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_free_config_files(char **filenames)
{
char **p;
@ -696,7 +759,7 @@ krb5_free_config_files(char **filenames)
* @ingroup krb5
*/
const krb5_enctype * KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION const krb5_enctype * KRB5_LIB_CALL
krb5_kerberos_enctypes(krb5_context context)
{
static const krb5_enctype p[] = {
@ -757,7 +820,7 @@ default_etypes(krb5_context context, krb5_enctype **etype)
* @ingroup krb5
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_set_default_in_tkt_etypes(krb5_context context,
const krb5_enctype *etypes)
{
@ -799,7 +862,7 @@ krb5_set_default_in_tkt_etypes(krb5_context context,
* @ingroup krb5
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_default_in_tkt_etypes(krb5_context context,
krb5_enctype **etypes)
{
@ -833,7 +896,7 @@ krb5_get_default_in_tkt_etypes(krb5_context context,
* @ingroup krb5
*/
void KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_init_ets(krb5_context context)
{
if(context->et_list == NULL){
@ -868,7 +931,7 @@ krb5_init_ets(krb5_context context)
* @ingroup krb5
*/
void KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_set_use_admin_kdc (krb5_context context, krb5_boolean flag)
{
context->use_admin_kdc = flag;
@ -884,7 +947,7 @@ krb5_set_use_admin_kdc (krb5_context context, krb5_boolean flag)
* @ingroup krb5
*/
krb5_boolean KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_get_use_admin_kdc (krb5_context context)
{
return context->use_admin_kdc;
@ -903,7 +966,7 @@ krb5_get_use_admin_kdc (krb5_context context)
* @ingroup krb5
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_add_extra_addresses(krb5_context context, krb5_addresses *addresses)
{
@ -927,7 +990,7 @@ krb5_add_extra_addresses(krb5_context context, krb5_addresses *addresses)
* @ingroup krb5
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_set_extra_addresses(krb5_context context, const krb5_addresses *addresses)
{
if(context->extra_addresses)
@ -963,7 +1026,7 @@ krb5_set_extra_addresses(krb5_context context, const krb5_addresses *addresses)
* @ingroup krb5
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_extra_addresses(krb5_context context, krb5_addresses *addresses)
{
if(context->extra_addresses == NULL) {
@ -986,7 +1049,7 @@ krb5_get_extra_addresses(krb5_context context, krb5_addresses *addresses)
* @ingroup krb5
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_add_ignore_addresses(krb5_context context, krb5_addresses *addresses)
{
@ -1010,7 +1073,7 @@ krb5_add_ignore_addresses(krb5_context context, krb5_addresses *addresses)
* @ingroup krb5
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_set_ignore_addresses(krb5_context context, const krb5_addresses *addresses)
{
if(context->ignore_addresses)
@ -1045,7 +1108,7 @@ krb5_set_ignore_addresses(krb5_context context, const krb5_addresses *addresses)
* @ingroup krb5
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_ignore_addresses(krb5_context context, krb5_addresses *addresses)
{
if(context->ignore_addresses == NULL) {
@ -1067,7 +1130,7 @@ krb5_get_ignore_addresses(krb5_context context, krb5_addresses *addresses)
* @ingroup krb5
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_set_fcache_version(krb5_context context, int version)
{
context->fcache_vno = version;
@ -1086,7 +1149,7 @@ krb5_set_fcache_version(krb5_context context, int version)
* @ingroup krb5
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_fcache_version(krb5_context context, int *version)
{
*version = context->fcache_vno;
@ -1102,7 +1165,7 @@ krb5_get_fcache_version(krb5_context context, int *version)
*/
krb5_boolean KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_is_thread_safe(void)
{
#ifdef ENABLE_PTHREAD_SUPPORT
@ -1121,7 +1184,7 @@ krb5_is_thread_safe(void)
* @ingroup krb5
*/
void KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_set_dns_canonicalize_hostname (krb5_context context, krb5_boolean flag)
{
if (flag)
@ -1140,7 +1203,7 @@ krb5_set_dns_canonicalize_hostname (krb5_context context, krb5_boolean flag)
* @ingroup krb5
*/
krb5_boolean KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_get_dns_canonicalize_hostname (krb5_context context)
{
return (context->flags & KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME) ? 1 : 0;
@ -1158,7 +1221,7 @@ krb5_get_dns_canonicalize_hostname (krb5_context context)
* @ingroup krb5
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_kdc_sec_offset (krb5_context context, int32_t *sec, int32_t *usec)
{
if (sec)
@ -1180,7 +1243,7 @@ krb5_get_kdc_sec_offset (krb5_context context, int32_t *sec, int32_t *usec)
* @ingroup krb5
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_set_kdc_sec_offset (krb5_context context, int32_t sec, int32_t usec)
{
context->kdc_sec_offset = sec;
@ -1199,7 +1262,7 @@ krb5_set_kdc_sec_offset (krb5_context context, int32_t sec, int32_t usec)
* @ingroup krb5
*/
time_t KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION time_t KRB5_LIB_CALL
krb5_get_max_time_skew (krb5_context context)
{
return context->max_skew;
@ -1214,7 +1277,7 @@ krb5_get_max_time_skew (krb5_context context)
* @ingroup krb5
*/
void KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_set_max_time_skew (krb5_context context, time_t t)
{
context->max_skew = t;
@ -1234,7 +1297,7 @@ krb5_set_max_time_skew (krb5_context context, time_t t)
* @ingroup krb5
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_init_etype (krb5_context context,
unsigned *len,
krb5_enctype **val,
@ -1282,9 +1345,11 @@ _krb5_homedir_access(krb5_context context)
{
krb5_boolean allow;
#ifdef HAVE_GETEUID
/* is never allowed for root */
if (geteuid() == 0)
return FALSE;
#endif
if (context && (context->flags & KRB5_CTX_F_HOMEDIR_ACCESS) == 0)
return FALSE;

View File

@ -58,7 +58,7 @@ check_ticket_flags(TicketFlags f)
* @ingroup krb5_v4compat
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb524_convert_creds_kdc(krb5_context context,
krb5_creds *in_cred,
struct credentials *v4creds)
@ -132,10 +132,9 @@ krb524_convert_creds_kdc(krb5_context context,
goto out;
memcpy(v4creds->session, v5_creds->session.keyvalue.data, 8);
} else {
krb5_set_error_message (context, ret,
N_("converting credentials: %s",
"already localized"),
krb5_get_err_text(context, ret));
krb5_prepend_error_message(context, ret,
N_("converting credentials",
"already localized"));
}
out:
krb5_storage_free(sp);
@ -161,7 +160,7 @@ out2:
* @ingroup krb5_v4compat
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb524_convert_creds_kdc_ccache(krb5_context context,
krb5_ccache ccache,
krb5_creds *in_cred,

View File

@ -46,7 +46,7 @@
* @ingroup krb5
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_copy_host_realm(krb5_context context,
const krb5_realm *from,
krb5_realm **to)

View File

@ -45,7 +45,7 @@
* @ingroup krb5
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_free_cred_contents (krb5_context context, krb5_creds *c)
{
krb5_free_principal (context, c->client);
@ -74,7 +74,7 @@ krb5_free_cred_contents (krb5_context context, krb5_creds *c)
* @ingroup krb5
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_copy_creds_contents (krb5_context context,
const krb5_creds *incred,
krb5_creds *c)
@ -131,7 +131,7 @@ fail:
* @ingroup krb5
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_copy_creds (krb5_context context,
const krb5_creds *incred,
krb5_creds **outcred)
@ -161,7 +161,7 @@ krb5_copy_creds (krb5_context context,
* @ingroup krb5
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_free_creds (krb5_context context, krb5_creds *c)
{
krb5_free_cred_contents (context, c);
@ -205,7 +205,7 @@ krb5_times_equal(const krb5_times *a, const krb5_times *b)
* @ingroup krb5
*/
krb5_boolean KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_compare_creds(krb5_context context, krb5_flags whichfields,
const krb5_creds * mcreds, const krb5_creds * creds)
{

View File

@ -874,7 +874,7 @@ static struct key_type keytype_arcfour = {
EVP_rc4
};
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_salttype_to_string (krb5_context context,
krb5_enctype etype,
krb5_salttype stype,
@ -906,7 +906,7 @@ krb5_salttype_to_string (krb5_context context,
return HEIM_ERR_SALTTYPE_NOSUPP;
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_string_to_salttype (krb5_context context,
krb5_enctype etype,
const char *string,
@ -933,7 +933,7 @@ krb5_string_to_salttype (krb5_context context,
return HEIM_ERR_SALTTYPE_NOSUPP;
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_pw_salt(krb5_context context,
krb5_const_principal principal,
krb5_salt *salt)
@ -962,7 +962,7 @@ krb5_get_pw_salt(krb5_context context,
return 0;
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_free_salt(krb5_context context,
krb5_salt salt)
{
@ -970,7 +970,7 @@ krb5_free_salt(krb5_context context,
return 0;
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_string_to_key_data (krb5_context context,
krb5_enctype enctype,
krb5_data password,
@ -988,7 +988,7 @@ krb5_string_to_key_data (krb5_context context,
return ret;
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_string_to_key (krb5_context context,
krb5_enctype enctype,
const char *password,
@ -1001,7 +1001,7 @@ krb5_string_to_key (krb5_context context,
return krb5_string_to_key_data(context, enctype, pw, principal, key);
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_string_to_key_data_salt (krb5_context context,
krb5_enctype enctype,
krb5_data password,
@ -1020,7 +1020,7 @@ krb5_string_to_key_data_salt (krb5_context context,
* `opaque'), returning the resulting key in `key'
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_string_to_key_data_salt_opaque (krb5_context context,
krb5_enctype enctype,
krb5_data password,
@ -1052,7 +1052,7 @@ krb5_string_to_key_data_salt_opaque (krb5_context context,
* in `key'
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_string_to_key_salt (krb5_context context,
krb5_enctype enctype,
const char *password,
@ -1065,7 +1065,7 @@ krb5_string_to_key_salt (krb5_context context,
return krb5_string_to_key_data_salt(context, enctype, pw, salt, key);
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_string_to_key_salt_opaque (krb5_context context,
krb5_enctype enctype,
const char *password,
@ -1080,7 +1080,7 @@ krb5_string_to_key_salt_opaque (krb5_context context,
pw, salt, opaque, key);
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_enctype_keysize(krb5_context context,
krb5_enctype type,
size_t *keysize)
@ -1096,7 +1096,7 @@ krb5_enctype_keysize(krb5_context context,
return 0;
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_enctype_keybits(krb5_context context,
krb5_enctype type,
size_t *keybits)
@ -1112,7 +1112,7 @@ krb5_enctype_keybits(krb5_context context,
return 0;
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_generate_random_keyblock(krb5_context context,
krb5_enctype type,
krb5_keyblock *key)
@ -1439,7 +1439,7 @@ hmac(krb5_context context,
return 0;
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_hmac(krb5_context context,
krb5_cksumtype cktype,
const void *data,
@ -1785,7 +1785,7 @@ arcfour_checksum_p(struct checksum_type *ct, krb5_crypto crypto)
(crypto->key.key->keytype == KEYTYPE_ARCFOUR);
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_create_checksum(krb5_context context,
krb5_crypto crypto,
krb5_key_usage usage,
@ -1897,7 +1897,7 @@ verify_checksum(krb5_context context,
return ret;
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_verify_checksum(krb5_context context,
krb5_crypto crypto,
krb5_key_usage usage,
@ -1926,7 +1926,7 @@ krb5_verify_checksum(krb5_context context,
data, len, cksum);
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_crypto_get_checksum_type(krb5_context context,
krb5_crypto crypto,
krb5_cksumtype *type)
@ -1951,7 +1951,7 @@ krb5_crypto_get_checksum_type(krb5_context context,
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_checksumsize(krb5_context context,
krb5_cksumtype type,
size_t *size)
@ -1967,7 +1967,7 @@ krb5_checksumsize(krb5_context context,
return 0;
}
krb5_boolean KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_checksum_is_keyed(krb5_context context,
krb5_cksumtype type)
{
@ -1982,7 +1982,7 @@ krb5_checksum_is_keyed(krb5_context context,
return ct->flags & F_KEYED;
}
krb5_boolean KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_checksum_is_collision_proof(krb5_context context,
krb5_cksumtype type)
{
@ -1997,7 +1997,7 @@ krb5_checksum_is_collision_proof(krb5_context context,
return ct->flags & F_CPROOF;
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_checksum_disable(krb5_context context,
krb5_cksumtype type)
{
@ -2724,7 +2724,7 @@ _find_enctype(krb5_enctype type)
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_enctype_to_string(krb5_context context,
krb5_enctype etype,
char **string)
@ -2746,7 +2746,7 @@ krb5_enctype_to_string(krb5_context context,
return 0;
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_string_to_enctype(krb5_context context,
const char *string,
krb5_enctype *etype)
@ -2763,7 +2763,7 @@ krb5_string_to_enctype(krb5_context context,
return KRB5_PROG_ETYPE_NOSUPP;
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_enctype_to_keytype(krb5_context context,
krb5_enctype etype,
krb5_keytype *keytype)
@ -2779,7 +2779,7 @@ krb5_enctype_to_keytype(krb5_context context,
return 0;
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_enctype_valid(krb5_context context,
krb5_enctype etype)
{
@ -2812,7 +2812,7 @@ krb5_enctype_valid(krb5_context context,
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cksumtype_to_enctype(krb5_context context,
krb5_cksumtype ctype,
krb5_enctype *etype)
@ -2837,7 +2837,7 @@ krb5_cksumtype_to_enctype(krb5_context context,
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cksumtype_valid(krb5_context context,
krb5_cksumtype ctype)
{
@ -3265,7 +3265,7 @@ find_iv(krb5_crypto_iov *data, int num_data, int type)
* 4. KRB5_CRYPTO_TYPE_TRAILER
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_encrypt_iov_ivec(krb5_context context,
krb5_crypto crypto,
unsigned usage,
@ -3458,7 +3458,7 @@ krb5_encrypt_iov_ivec(krb5_context context,
* size as the input data or shorter.
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_decrypt_iov_ivec(krb5_context context,
krb5_crypto crypto,
unsigned usage,
@ -3606,7 +3606,7 @@ krb5_decrypt_iov_ivec(krb5_context context,
* @ingroup krb5_crypto
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_create_checksum_iov(krb5_context context,
krb5_crypto crypto,
unsigned usage,
@ -3689,7 +3689,7 @@ krb5_create_checksum_iov(krb5_context context,
* @ingroup krb5_crypto
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_verify_checksum_iov(krb5_context context,
krb5_crypto crypto,
unsigned usage,
@ -3751,7 +3751,7 @@ krb5_verify_checksum_iov(krb5_context context,
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_crypto_length(krb5_context context,
krb5_crypto crypto,
int type,
@ -3795,7 +3795,7 @@ krb5_crypto_length(krb5_context context,
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_crypto_length_iov(krb5_context context,
krb5_crypto crypto,
krb5_crypto_iov *data,
@ -3815,7 +3815,7 @@ krb5_crypto_length_iov(krb5_context context,
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_encrypt_ivec(krb5_context context,
krb5_crypto crypto,
unsigned usage,
@ -3834,7 +3834,7 @@ krb5_encrypt_ivec(krb5_context context,
return encrypt_internal(context, crypto, data, len, result, ivec);
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_encrypt(krb5_context context,
krb5_crypto crypto,
unsigned usage,
@ -3845,7 +3845,7 @@ krb5_encrypt(krb5_context context,
return krb5_encrypt_ivec(context, crypto, usage, data, len, result, NULL);
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_encrypt_EncryptedData(krb5_context context,
krb5_crypto crypto,
unsigned usage,
@ -3863,7 +3863,7 @@ krb5_encrypt_EncryptedData(krb5_context context,
return krb5_encrypt(context, crypto, usage, data, len, &result->cipher);
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_decrypt_ivec(krb5_context context,
krb5_crypto crypto,
unsigned usage,
@ -3882,7 +3882,7 @@ krb5_decrypt_ivec(krb5_context context,
return decrypt_internal(context, crypto, data, len, result, ivec);
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_decrypt(krb5_context context,
krb5_crypto crypto,
unsigned usage,
@ -3894,7 +3894,7 @@ krb5_decrypt(krb5_context context,
NULL);
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_decrypt_EncryptedData(krb5_context context,
krb5_crypto crypto,
unsigned usage,
@ -3936,6 +3936,7 @@ seed_something(void)
/* Calling RAND_status() will try to use /dev/urandom if it exists so
we do not have to deal with it. */
if (RAND_status() != 1) {
#ifndef _WIN32
krb5_context context;
const char *p;
@ -3947,6 +3948,10 @@ seed_something(void)
RAND_egd_bytes(p, ENTROPY_NEEDED);
krb5_free_context(context);
}
#else
/* TODO: Once a Windows CryptoAPI RAND method is defined, we
can use that and failover to another method. */
#endif
}
if (RAND_status() == 1) {
@ -3959,7 +3964,7 @@ seed_something(void)
return -1;
}
void KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_generate_random_block(void *buf, size_t len)
{
static int rng_initialized = 0;
@ -4083,7 +4088,7 @@ _new_derived_key(krb5_crypto crypto, unsigned usage)
return &d->key;
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_derive_key(krb5_context context,
const krb5_keyblock *key,
krb5_enctype etype,
@ -4162,7 +4167,7 @@ _get_derived_key(krb5_context context,
* @ingroup krb5_crypto
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_crypto_init(krb5_context context,
const krb5_keyblock *key,
krb5_enctype etype,
@ -4244,7 +4249,7 @@ free_key_usage(krb5_context context, struct key_usage *ku,
* @ingroup krb5_crypto
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_crypto_destroy(krb5_context context,
krb5_crypto crypto)
{
@ -4270,7 +4275,7 @@ krb5_crypto_destroy(krb5_context context,
* @ingroup krb5_crypto
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_crypto_getblocksize(krb5_context context,
krb5_crypto crypto,
size_t *blocksize)
@ -4291,7 +4296,7 @@ krb5_crypto_getblocksize(krb5_context context,
* @ingroup krb5_crypto
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_crypto_getenctype(krb5_context context,
krb5_crypto crypto,
krb5_enctype *enctype)
@ -4312,7 +4317,7 @@ krb5_crypto_getenctype(krb5_context context,
* @ingroup krb5_crypto
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_crypto_getpadsize(krb5_context context,
krb5_crypto crypto,
size_t *padsize)
@ -4333,7 +4338,7 @@ krb5_crypto_getpadsize(krb5_context context,
* @ingroup krb5_crypto
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_crypto_getconfoundersize(krb5_context context,
krb5_crypto crypto,
size_t *confoundersize)
@ -4354,7 +4359,7 @@ krb5_crypto_getconfoundersize(krb5_context context,
* @ingroup krb5_crypto
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_enctype_disable(krb5_context context,
krb5_enctype enctype)
{
@ -4381,7 +4386,7 @@ krb5_enctype_disable(krb5_context context,
* @ingroup krb5_crypto
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_enctype_enable(krb5_context context,
krb5_enctype enctype)
{
@ -4398,7 +4403,7 @@ krb5_enctype_enable(krb5_context context,
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_string_to_key_derived(krb5_context context,
const void *str,
size_t len,
@ -4570,7 +4575,7 @@ krb5_crypto_overhead (krb5_context context, krb5_crypto crypto)
* @ingroup krb5_crypto
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_random_to_key(krb5_context context,
krb5_enctype type,
const void *data,
@ -4862,7 +4867,7 @@ _krb5_pk_kdf(krb5_context context,
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_crypto_prf_length(krb5_context context,
krb5_enctype type,
size_t *length)
@ -4880,7 +4885,7 @@ krb5_crypto_prf_length(krb5_context context,
return 0;
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_crypto_prf(krb5_context context,
const krb5_crypto crypto,
const krb5_data *input,
@ -4971,7 +4976,7 @@ krb5_crypto_prfplus(krb5_context context,
* @ingroup krb5_crypto
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_crypto_fx_cf2(krb5_context context,
const krb5_crypto crypto1,
const krb5_crypto crypto2,
@ -5019,12 +5024,18 @@ krb5_crypto_fx_cf2(krb5_context context,
#ifndef HEIMDAL_SMALLER
krb5_error_code KRB5_LIB_FUNCTION
/**
* Deprecated: keytypes doesn't exists, they are really enctypes.
*
* @ingroup krb5_deprecated
*/
KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_keytype_to_enctypes (krb5_context context,
krb5_keytype keytype,
unsigned *len,
krb5_enctype **val)
KRB5_DEPRECATED
{
int i;
unsigned n = 0;
@ -5059,12 +5070,18 @@ krb5_keytype_to_enctypes (krb5_context context,
return 0;
}
/**
* Deprecated: keytypes doesn't exists, they are really enctypes.
*
* @ingroup krb5_deprecated
*/
/* if two enctypes have compatible keys */
krb5_boolean KRB5_LIB_FUNCTION
KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_enctypes_compatible_keys(krb5_context context,
krb5_enctype etype1,
krb5_enctype etype2)
KRB5_DEPRECATED
{
struct encryption_type *e1 = _find_enctype(etype1);
struct encryption_type *e2 = _find_enctype(etype2);

View File

@ -41,7 +41,7 @@
* @ingroup krb5
*/
void KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_data_zero(krb5_data *p)
{
p->length = 0;
@ -59,7 +59,7 @@ krb5_data_zero(krb5_data *p)
* @ingroup krb5
*/
void KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_data_free(krb5_data *p)
{
if(p->data != NULL)
@ -76,7 +76,7 @@ krb5_data_free(krb5_data *p)
* @ingroup krb5
*/
void KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_free_data(krb5_context context,
krb5_data *p)
{
@ -96,7 +96,7 @@ krb5_free_data(krb5_context context,
* @ingroup krb5
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_data_alloc(krb5_data *p, int len)
{
p->data = malloc(len);
@ -118,7 +118,7 @@ krb5_data_alloc(krb5_data *p, int len)
* @ingroup krb5
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_data_realloc(krb5_data *p, int len)
{
void *tmp;
@ -143,7 +143,7 @@ krb5_data_realloc(krb5_data *p, int len)
* @ingroup krb5
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_data_copy(krb5_data *p, const void *data, size_t len)
{
if (len) {
@ -169,7 +169,7 @@ krb5_data_copy(krb5_data *p, const void *data, size_t len)
* @ingroup krb5
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_copy_data(krb5_context context,
const krb5_data *indata,
krb5_data **outdata)
@ -200,7 +200,7 @@ krb5_copy_data(krb5_context context,
* @ingroup krb5
*/
int KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION int KRB5_LIB_CALL
krb5_data_cmp(const krb5_data *data1, const krb5_data *data2)
{
if (data1->length != data2->length)

View File

@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
#include <krb5_locl.h>
#include "krb5_locl.h"
/**
* Convert the getaddrinfo() error code to a Kerberos et error code.
@ -44,7 +44,7 @@
* @ingroup krb5_error
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_eai_to_heim_errno(int eai_errno, int system_error)
{
switch(eai_errno) {
@ -74,8 +74,10 @@ krb5_eai_to_heim_errno(int eai_errno, int system_error)
return HEIM_EAI_SERVICE;
case EAI_SOCKTYPE:
return HEIM_EAI_SOCKTYPE;
#ifdef EAI_SYSTEM
case EAI_SYSTEM:
return system_error;
#endif
default:
return HEIM_EAI_UNKNOWN; /* XXX */
}
@ -92,7 +94,7 @@ krb5_eai_to_heim_errno(int eai_errno, int system_error)
* @ingroup krb5_error
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_h_errno_to_heim_errno(int eai_errno)
{
switch(eai_errno) {

View File

@ -44,7 +44,7 @@
* @ingroup krb5_error
*/
void KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_clear_error_message(krb5_context context)
{
HEIMDAL_MUTEX_lock(context->mutex);
@ -67,7 +67,7 @@ krb5_clear_error_message(krb5_context context)
* @ingroup krb5_error
*/
void KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_set_error_message(krb5_context context, krb5_error_code ret,
const char *fmt, ...)
__attribute__ ((format (printf, 3, 4)))
@ -91,7 +91,7 @@ krb5_set_error_message(krb5_context context, krb5_error_code ret,
*/
void KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_vset_error_message (krb5_context context, krb5_error_code ret,
const char *fmt, va_list args)
__attribute__ ((format (printf, 3, 0)))
@ -124,7 +124,7 @@ krb5_prepend_error_message(krb5_context context, krb5_error_code ret,
va_list ap;
va_start(ap, fmt);
krb5_vset_error_message (context, ret, fmt, ap);
krb5_vprepend_error_message(context, ret, fmt, ap);
va_end(ap);
}
@ -140,8 +140,8 @@ krb5_prepend_error_message(krb5_context context, krb5_error_code ret,
*/
void KRB5_LIB_FUNCTION
krb5_vprepend_error_message (krb5_context context, krb5_error_code ret,
const char *fmt, va_list args)
krb5_vprepend_error_message(krb5_context context, krb5_error_code ret,
const char *fmt, va_list args)
__attribute__ ((format (printf, 3, 0)))
{
char *str, *str2;
@ -179,7 +179,7 @@ krb5_vprepend_error_message (krb5_context context, krb5_error_code ret,
* @ingroup krb5_error
*/
char * KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION char * KRB5_LIB_CALL
krb5_get_error_string(krb5_context context)
{
char *ret = NULL;
@ -191,7 +191,7 @@ krb5_get_error_string(krb5_context context)
return ret;
}
krb5_boolean KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_have_error_string(krb5_context context)
{
char *str;
@ -214,7 +214,7 @@ krb5_have_error_string(krb5_context context)
* @ingroup krb5_error
*/
const char * KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL
krb5_get_error_message(krb5_context context, krb5_error_code code)
{
char *str;
@ -258,7 +258,7 @@ krb5_get_error_message(krb5_context context, krb5_error_code code)
* @ingroup krb5_error
*/
void KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_free_error_message(krb5_context context, const char *msg)
{
free(rk_UNCONST(msg));
@ -279,8 +279,9 @@ krb5_free_error_message(krb5_context context, const char *msg)
* @ingroup krb5
*/
const char* KRB5_LIB_FUNCTION
krb5_get_err_text(krb5_context context, krb5_error_code code) KRB5_DEPRECATED
KRB5_DEPRECATED
KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
krb5_get_err_text(krb5_context context, krb5_error_code code)
{
const char *p = NULL;
if(context != NULL)

View File

@ -63,7 +63,7 @@ copy_hostname(krb5_context context,
* @ingroup krb5_support
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_expand_hostname (krb5_context context,
const char *orig_hostname,
char **new_hostname)
@ -140,7 +140,7 @@ vanilla_hostname (krb5_context context,
* @ingroup krb5_support
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_expand_hostname_realms (krb5_context context,
const char *orig_hostname,
char **new_hostname,

View File

@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@ -97,7 +99,7 @@ _krb5_xlock(krb5_context context, int fd, krb5_boolean exclusive,
break;
default: {
char buf[128];
strerror_r(ret, buf, sizeof(buf));
rk_strerror_r(ret, buf, sizeof(buf));
krb5_set_error_message(context, ret,
N_("error locking cache file %s: %s",
"file, error"), filename, buf);
@ -131,7 +133,7 @@ _krb5_xunlock(krb5_context context, int fd)
break;
default: {
char buf[128];
strerror_r(ret, buf, sizeof(buf));
rk_strerror_r(ret, buf, sizeof(buf));
krb5_set_error_message(context, ret,
N_("Failed to unlock file: %s", ""), buf);
break;
@ -224,7 +226,11 @@ scrub_file (int fd)
return errno;
pos -= tmp;
}
#ifdef _MSC_VER
_commit (fd);
#else
fsync (fd);
#endif
return 0;
}
@ -318,6 +324,22 @@ fcc_gen_new(krb5_context context, krb5_ccache *id)
N_("malloc: out of memory", ""));
return KRB5_CC_NOMEM;
}
#ifdef KRB5_USE_PATH_TOKENS
{
char * exp_file = NULL;
krb5_error_code ec;
ec = _krb5_expand_path_tokens(context, file, &exp_file);
if (ec == 0) {
free(file);
file = exp_file;
} else {
free(file);
return ec;
}
}
#endif
fd = mkstemp(file);
if(fd < 0) {
int ret = errno;
@ -374,18 +396,10 @@ fcc_open(krb5_context context,
fd = open(filename, flags, mode);
if(fd < 0) {
char buf[128];
char *estr;
ret = errno;
buf[0] = 0;
estr = (char *)strerror_r(ret, buf, sizeof(buf));
if (buf[0] != 0) {
/* we've got the BSD/XSI strerror_r, and it use the
* buffer. Otherwise we have the GNU strerror_r, and
* it used a static string. Ain't standards great? */
estr = buf;
}
rk_strerror_r(ret, buf, sizeof(buf));
krb5_set_error_message(context, ret, N_("open(%s): %s", "file, error"),
filename, estr);
filename, buf);
return ret;
}
rk_cloexec(fd);
@ -447,7 +461,7 @@ fcc_initialize(krb5_context context,
if (ret == 0) {
char buf[128];
ret = errno;
strerror_r(ret, buf, sizeof(buf));
rk_strerror_r(ret, buf, sizeof(buf));
krb5_set_error_message (context, ret, N_("close %s: %s", ""),
FILENAME(id), buf);
}
@ -502,7 +516,7 @@ fcc_store_cred(krb5_context context,
if (close(fd) < 0) {
if (ret == 0) {
char buf[128];
strerror_r(ret, buf, sizeof(buf));
rk_strerror_r(ret, buf, sizeof(buf));
ret = errno;
krb5_set_error_message (context, ret, N_("close %s: %s", ""),
FILENAME(id), buf);
@ -515,13 +529,17 @@ static krb5_error_code
init_fcc (krb5_context context,
krb5_ccache id,
krb5_storage **ret_sp,
int *ret_fd)
int *ret_fd,
krb5_deltat *kdc_offset)
{
int fd;
int8_t pvno, tag;
krb5_storage *sp;
krb5_error_code ret;
if (kdc_offset)
*kdc_offset = 0;
ret = fcc_open(context, id, &fd, O_RDONLY | O_BINARY | O_CLOEXEC, 0);
if(ret)
return ret;
@ -597,8 +615,11 @@ init_fcc (krb5_context context,
goto out;
}
switch (dtag) {
case FCC_TAG_DELTATIME :
ret = krb5_ret_int32 (sp, &context->kdc_sec_offset);
case FCC_TAG_DELTATIME : {
int32_t offset;
ret = krb5_ret_int32 (sp, &offset);
ret |= krb5_ret_int32 (sp, &context->kdc_usec_offset);
if(ret) {
ret = KRB5_CC_FORMAT;
krb5_set_error_message(context, ret,
@ -607,16 +628,11 @@ init_fcc (krb5_context context,
FILENAME(id));
goto out;
}
ret = krb5_ret_int32 (sp, &context->kdc_usec_offset);
if(ret) {
ret = KRB5_CC_FORMAT;
krb5_set_error_message(context, ret,
N_("Error reading kdc_usec in "
"cache file: %s", ""),
FILENAME(id));
goto out;
}
context->kdc_sec_offset = offset;
if (kdc_offset)
*kdc_offset = offset;
break;
}
default :
for (i = 0; i < data_len; ++i) {
ret = krb5_ret_int8 (sp, &dummy);
@ -668,7 +684,7 @@ fcc_get_principal(krb5_context context,
int fd;
krb5_storage *sp;
ret = init_fcc (context, id, &sp, &fd);
ret = init_fcc (context, id, &sp, &fd, NULL);
if (ret)
return ret;
ret = krb5_ret_principal(sp, principal);
@ -701,7 +717,7 @@ fcc_get_first (krb5_context context,
memset(*cursor, 0, sizeof(struct fcc_cursor));
ret = init_fcc (context, id, &FCC_CURSOR(*cursor)->sp,
&FCC_CURSOR(*cursor)->fd);
&FCC_CURSOR(*cursor)->fd, NULL);
if (ret) {
free(*cursor);
*cursor = NULL;
@ -871,7 +887,17 @@ fcc_get_cache_next(krb5_context context, krb5_cc_cursor cursor, krb5_ccache *id)
return ret;
fn = expandedfn;
}
/* check if file exists, don't return a non existant "next" */
if (strncasecmp(fn, "FILE:", 5) == 0) {
struct stat sb;
ret = stat(fn + 5, &sb);
if (ret) {
ret = KRB5_CC_END;
goto out;
}
}
ret = krb5_cc_resolve(context, fn, id);
out:
if (expandedfn)
free(expandedfn);
@ -892,10 +918,19 @@ fcc_move(krb5_context context, krb5_ccache from, krb5_ccache to)
krb5_error_code ret = 0;
ret = rename(FILENAME(from), FILENAME(to));
#ifdef RENAME_DOES_NOT_UNLINK
if (ret && (errno == EEXIST || errno == EACCES)) {
ret = unlink(FILENAME(to));
if (ret == 0) {
ret = rename(FILENAME(from), FILENAME(to));
}
}
#endif
if (ret && errno != EXDEV) {
char buf[128];
ret = errno;
strerror_r(ret, buf, sizeof(buf));
rk_strerror_r(ret, buf, sizeof(buf));
krb5_set_error_message(context, ret,
N_("Rename of file from %s "
"to %s failed: %s", ""),
@ -955,14 +990,14 @@ fcc_move(krb5_context context, krb5_ccache from, krb5_ccache to)
{
krb5_storage *sp;
int fd;
ret = init_fcc (context, to, &sp, &fd);
ret = init_fcc (context, to, &sp, &fd, NULL);
if (sp)
krb5_storage_free(sp);
fcc_unlock(context, fd);
close(fd);
}
fcc_destroy(context, from);
fcc_close(context, from);
return ret;
}
@ -996,6 +1031,28 @@ fcc_lastchange(krb5_context context, krb5_ccache id, krb5_timestamp *mtime)
return 0;
}
static krb5_error_code
fcc_set_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat kdc_offset)
{
return 0;
}
static krb5_error_code
fcc_get_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat *kdc_offset)
{
krb5_error_code ret;
krb5_storage *sp;
int fd;
ret = init_fcc(context, id, &sp, &fd, kdc_offset);
if (sp)
krb5_storage_free(sp);
fcc_unlock(context, fd);
close(fd);
return ret;
}
/**
* Variable containing the FILE based credential cache implemention.
*
@ -1026,5 +1083,7 @@ KRB5_LIB_VARIABLE const krb5_cc_ops krb5_fcc_ops = {
fcc_move,
fcc_get_default_name,
NULL,
fcc_lastchange
fcc_lastchange,
fcc_set_kdc_offset,
fcc_get_kdc_offset
};

Some files were not shown because too many files have changed in this diff Show More