mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
s4:heimdal: import lorikeet-heimdal-201001120029 (commit a5e675fed7c5db8a7370b77ed0bfa724196aa84d)
This commit is contained in:
parent
fac8ca52ad
commit
89eaef0253
@ -253,8 +253,14 @@ $private_h_trailer = "";
|
||||
|
||||
foreach(sort keys %funcs){
|
||||
if(/^(main)$/) { next }
|
||||
if ($funcs{$_} =~ /\^/) {
|
||||
$beginblock = "#ifdef __BLOCKS__\n";
|
||||
$endblock = "#endif /* __BLOCKS__ */\n";
|
||||
} else {
|
||||
$beginblock = $endblock = "";
|
||||
}
|
||||
if(!defined($exported{$_}) && /$private_func_re/) {
|
||||
$private_h .= $funcs{$_} . "\n\n";
|
||||
$private_h .= $beginblock . $funcs{$_} . "\n" . $endblock . "\n";
|
||||
if($funcs{$_} =~ /__attribute__/) {
|
||||
$private_attribute_seen = 1;
|
||||
}
|
||||
@ -267,7 +273,7 @@ foreach(sort keys %funcs){
|
||||
$public_h .= "#ifndef HAVE_$fupper\n";
|
||||
}
|
||||
}
|
||||
$public_h .= $funcs{$_} . "\n";
|
||||
$public_h .= $beginblock . $funcs{$_} . "\n" . $endblock;
|
||||
if($funcs{$_} =~ /__attribute__/) {
|
||||
$public_attribute_seen = 1;
|
||||
}
|
||||
@ -310,26 +316,33 @@ extern \"C\" {
|
||||
}
|
||||
if ($opt_E) {
|
||||
$public_h_header .= "#ifndef $opt_E
|
||||
#ifndef ${opt_E}_FUNCTION
|
||||
#if defined(_WIN32)
|
||||
#define ${opt_E}_FUNCTION __stdcall __declspec(dllimport)
|
||||
#define ${opt_E}_FUNCTION __declspec(dllimport)
|
||||
#define ${opt_E}_CALL __stdcall
|
||||
#define ${opt_E}_VARIABLE __declspec(dllimport)
|
||||
#else
|
||||
#define ${opt_E}_FUNCTION
|
||||
#define ${opt_E}_CALL
|
||||
#define ${opt_E}_VARIABLE
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#endif
|
||||
";
|
||||
|
||||
$private_h_header .= "#ifndef $opt_E
|
||||
#ifndef ${opt_E}_FUNCTION
|
||||
#if defined(_WIN32)
|
||||
#define ${opt_E}_FUNCTION __stdcall __declspec(dllimport)
|
||||
#define ${opt_E}_FUNCTION __declspec(dllimport)
|
||||
#define ${opt_E}_CALL __stdcall
|
||||
#define ${opt_E}_VARIABLE __declspec(dllimport)
|
||||
#else
|
||||
#define ${opt_E}_FUNCTION
|
||||
#define ${opt_E}_CALL
|
||||
#define ${opt_E}_VARIABLE
|
||||
#endif
|
||||
#endif
|
||||
#endif
|
||||
|
||||
";
|
||||
}
|
||||
|
@ -1,9 +1,10 @@
|
||||
/*
|
||||
* Copyright (c) 1997-2007 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
*
|
||||
* All rights reserved.
|
||||
*
|
||||
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
@ -215,7 +216,6 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
|
||||
"kdc", "kdc_warn_pwexpire", NULL);
|
||||
|
||||
|
||||
#ifdef PKINIT
|
||||
c->enable_pkinit =
|
||||
krb5_config_get_bool_default(context,
|
||||
NULL,
|
||||
@ -223,74 +223,73 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
|
||||
"kdc",
|
||||
"enable-pkinit",
|
||||
NULL);
|
||||
if (c->enable_pkinit) {
|
||||
const char *user_id, *anchors, *file;
|
||||
char **pool_list, **revoke_list;
|
||||
|
||||
user_id =
|
||||
krb5_config_get_string(context, NULL,
|
||||
"kdc", "pkinit_identity", NULL);
|
||||
if (user_id == NULL)
|
||||
krb5_errx(context, 1, "pkinit enabled but no identity");
|
||||
|
||||
anchors = krb5_config_get_string(context, NULL,
|
||||
"kdc", "pkinit_anchors", NULL);
|
||||
if (anchors == NULL)
|
||||
krb5_errx(context, 1, "pkinit enabled but no X509 anchors");
|
||||
|
||||
pool_list =
|
||||
krb5_config_get_strings(context, NULL,
|
||||
"kdc", "pkinit_pool", NULL);
|
||||
|
||||
revoke_list =
|
||||
krb5_config_get_strings(context, NULL,
|
||||
"kdc", "pkinit_revoke", NULL);
|
||||
|
||||
file = krb5_config_get_string(context, NULL,
|
||||
"kdc", "pkinit_kdc_ocsp", NULL);
|
||||
if (file) {
|
||||
c->pkinit_kdc_ocsp_file = strdup(file);
|
||||
if (c->pkinit_kdc_ocsp_file == NULL)
|
||||
krb5_errx(context, 1, "out of memory");
|
||||
}
|
||||
|
||||
file = krb5_config_get_string(context, NULL,
|
||||
"kdc", "pkinit_kdc_friendly_name", NULL);
|
||||
if (file) {
|
||||
c->pkinit_kdc_friendly_name = strdup(file);
|
||||
if (c->pkinit_kdc_friendly_name == NULL)
|
||||
krb5_errx(context, 1, "out of memory");
|
||||
}
|
||||
|
||||
|
||||
_kdc_pk_initialize(context, c, user_id, anchors,
|
||||
pool_list, revoke_list);
|
||||
|
||||
krb5_config_free_strings(pool_list);
|
||||
krb5_config_free_strings(revoke_list);
|
||||
|
||||
c->pkinit_princ_in_cert =
|
||||
krb5_config_get_bool_default(context, NULL,
|
||||
c->pkinit_princ_in_cert,
|
||||
"kdc",
|
||||
"pkinit_principal_in_certificate",
|
||||
NULL);
|
||||
|
||||
c->pkinit_require_binding =
|
||||
krb5_config_get_bool_default(context, NULL,
|
||||
c->pkinit_require_binding,
|
||||
"kdc",
|
||||
"pkinit_win2k_require_binding",
|
||||
NULL);
|
||||
}
|
||||
|
||||
c->pkinit_kdc_identity =
|
||||
krb5_config_get_string(context, NULL,
|
||||
"kdc", "pkinit_identity", NULL);
|
||||
c->pkinit_kdc_anchors =
|
||||
krb5_config_get_string(context, NULL,
|
||||
"kdc", "pkinit_anchors", NULL);
|
||||
c->pkinit_kdc_cert_pool =
|
||||
krb5_config_get_strings(context, NULL,
|
||||
"kdc", "pkinit_pool", NULL);
|
||||
c->pkinit_kdc_revoke =
|
||||
krb5_config_get_strings(context, NULL,
|
||||
"kdc", "pkinit_revoke", NULL);
|
||||
c->pkinit_kdc_ocsp_file =
|
||||
krb5_config_get_string(context, NULL,
|
||||
"kdc", "pkinit_kdc_ocsp", NULL);
|
||||
c->pkinit_kdc_friendly_name =
|
||||
krb5_config_get_string(context, NULL,
|
||||
"kdc", "pkinit_kdc_friendly_name", NULL);
|
||||
c->pkinit_princ_in_cert =
|
||||
krb5_config_get_bool_default(context, NULL,
|
||||
c->pkinit_princ_in_cert,
|
||||
"kdc",
|
||||
"pkinit_principal_in_certificate",
|
||||
NULL);
|
||||
c->pkinit_require_binding =
|
||||
krb5_config_get_bool_default(context, NULL,
|
||||
c->pkinit_require_binding,
|
||||
"kdc",
|
||||
"pkinit_win2k_require_binding",
|
||||
NULL);
|
||||
c->pkinit_dh_min_bits =
|
||||
krb5_config_get_int_default(context, NULL,
|
||||
0,
|
||||
"kdc", "pkinit_dh_min_bits", NULL);
|
||||
|
||||
|
||||
#ifdef __APPLE__
|
||||
c->enable_pkinit = 1;
|
||||
|
||||
if (c->pkinit_kdc_identity == NULL) {
|
||||
if (c->pkinit_kdc_friendly_name == NULL)
|
||||
c->pkinit_kdc_friendly_name =
|
||||
strdup("O=System Identity,CN=com.apple.kerberos.kdc");
|
||||
c->pkinit_kdc_identity = strdup("KEYCHAIN:");
|
||||
}
|
||||
if (c->pkinit_kdc_anchors == NULL)
|
||||
c->pkinit_kdc_anchors = strdup("KEYCHAIN:");
|
||||
|
||||
#endif
|
||||
|
||||
if (c->enable_pkinit) {
|
||||
if (c->pkinit_kdc_identity == NULL)
|
||||
krb5_errx(context, 1, "pkinit enabled but no identity");
|
||||
|
||||
if (c->pkinit_kdc_anchors == NULL)
|
||||
krb5_errx(context, 1, "pkinit enabled but no X509 anchors");
|
||||
|
||||
krb5_kdc_pk_initialize(context, c,
|
||||
c->pkinit_kdc_identity,
|
||||
c->pkinit_kdc_anchors,
|
||||
c->pkinit_kdc_cert_pool,
|
||||
c->pkinit_kdc_revoke);
|
||||
|
||||
}
|
||||
|
||||
*config = c;
|
||||
|
||||
return 0;
|
||||
|
@ -38,9 +38,8 @@
|
||||
#ifndef __HEADERS_H__
|
||||
#define __HEADERS_H__
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include <config.h>
|
||||
#endif
|
||||
|
||||
#include <limits.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
|
@ -74,8 +74,12 @@ typedef struct krb5_kdc_configuration {
|
||||
|
||||
krb5_boolean enable_pkinit;
|
||||
krb5_boolean pkinit_princ_in_cert;
|
||||
char *pkinit_kdc_ocsp_file;
|
||||
char *pkinit_kdc_friendly_name;
|
||||
const char *pkinit_kdc_identity;
|
||||
const char *pkinit_kdc_anchors;
|
||||
const char *pkinit_kdc_friendly_name;
|
||||
const char *pkinit_kdc_ocsp_file;
|
||||
char **pkinit_kdc_cert_pool;
|
||||
char **pkinit_kdc_revoke;
|
||||
int pkinit_dh_min_bits;
|
||||
int pkinit_require_binding;
|
||||
int pkinit_allow_proxy_certs;
|
||||
|
@ -77,4 +77,8 @@ loop(krb5_context context, krb5_kdc_configuration *config);
|
||||
krb5_kdc_configuration *
|
||||
configure(krb5_context context, int argc, char **argv);
|
||||
|
||||
#ifdef __APPLE__
|
||||
void bonjour_announce(krb5_context, krb5_kdc_configuration *);
|
||||
#endif
|
||||
|
||||
#endif /* __KDC_LOCL_H__ */
|
||||
|
@ -60,13 +60,13 @@ realloc_method_data(METHOD_DATA *md)
|
||||
}
|
||||
|
||||
static void
|
||||
set_salt_padata (METHOD_DATA *md, Salt *salt)
|
||||
set_salt_padata(METHOD_DATA *md, Salt *salt)
|
||||
{
|
||||
if (salt) {
|
||||
realloc_method_data(md);
|
||||
md->val[md->len - 1].padata_type = salt->type;
|
||||
der_copy_octet_string(&salt->salt,
|
||||
&md->val[md->len - 1].padata_value);
|
||||
realloc_method_data(md);
|
||||
md->val[md->len - 1].padata_type = salt->type;
|
||||
der_copy_octet_string(&salt->salt,
|
||||
&md->val[md->len - 1].padata_value);
|
||||
}
|
||||
}
|
||||
|
||||
@ -127,7 +127,7 @@ is_default_salt_p(const krb5_salt *default_salt, const Key *key)
|
||||
krb5_error_code
|
||||
_kdc_find_etype(krb5_context context, const hdb_entry_ex *princ,
|
||||
krb5_enctype *etypes, unsigned len,
|
||||
Key **ret_key, krb5_enctype *ret_etype)
|
||||
Key **ret_key)
|
||||
{
|
||||
int i;
|
||||
krb5_error_code ret = KRB5KDC_ERR_ETYPE_NOSUPP;
|
||||
@ -148,7 +148,6 @@ _kdc_find_etype(krb5_context context, const hdb_entry_ex *princ,
|
||||
continue;
|
||||
}
|
||||
*ret_key = key;
|
||||
*ret_etype = etypes[i];
|
||||
ret = 0;
|
||||
if (is_default_salt_p(&def_salt, key)) {
|
||||
krb5_free_salt (context, def_salt);
|
||||
@ -287,8 +286,9 @@ _kdc_encode_reply(krb5_context context,
|
||||
|
||||
ret = krb5_crypto_init(context, skey, etype, &crypto);
|
||||
if (ret) {
|
||||
const char *msg;
|
||||
free(buf);
|
||||
const char *msg = krb5_get_error_message(context, ret);
|
||||
msg = krb5_get_error_message(context, ret);
|
||||
kdc_log(context, config, 0, "krb5_crypto_init failed: %s", msg);
|
||||
krb5_free_error_message(context, msg);
|
||||
return ret;
|
||||
@ -902,7 +902,7 @@ _kdc_as_rep(krb5_context context,
|
||||
KDCOptions f = b->kdc_options;
|
||||
hdb_entry_ex *client = NULL, *server = NULL;
|
||||
HDB *clientdb;
|
||||
krb5_enctype cetype, setype, sessionetype;
|
||||
krb5_enctype setype, sessionetype;
|
||||
krb5_data e_data;
|
||||
EncTicketPart et;
|
||||
EncKDCRepPart ek;
|
||||
@ -912,15 +912,20 @@ _kdc_as_rep(krb5_context context,
|
||||
const char *e_text = NULL;
|
||||
krb5_crypto crypto;
|
||||
Key *ckey, *skey;
|
||||
EncryptionKey *reply_key;
|
||||
EncryptionKey *reply_key, session_key;
|
||||
int flags = 0;
|
||||
#ifdef PKINIT
|
||||
pk_client_params *pkp = NULL;
|
||||
#endif
|
||||
|
||||
memset(&rep, 0, sizeof(rep));
|
||||
memset(&session_key, 0, sizeof(session_key));
|
||||
krb5_data_zero(&e_data);
|
||||
|
||||
ALLOC(rep.padata);
|
||||
rep.padata->len = 0;
|
||||
rep.padata->val = NULL;
|
||||
|
||||
if (f.canonicalize)
|
||||
flags |= HDB_F_CANON;
|
||||
|
||||
@ -1009,18 +1014,58 @@ _kdc_as_rep(krb5_context context,
|
||||
memset(&ek, 0, sizeof(ek));
|
||||
|
||||
/*
|
||||
* Find the client key for reply encryption and pa-type salt, Pick
|
||||
* the client key upfront before the other keys because that is
|
||||
* going to affect what enctypes we are going to use in
|
||||
* ETYPE-INFO{,2}.
|
||||
* Select a session enctype from the list of the crypto systems
|
||||
* supported enctype, is supported by the client and is one of the
|
||||
* enctype of the enctype of the krbtgt.
|
||||
*
|
||||
* The later is used as a hint what enctype all KDC are supporting
|
||||
* to make sure a newer version of KDC wont generate a session
|
||||
* enctype that and older version of a KDC in the same realm can't
|
||||
* decrypt.
|
||||
*
|
||||
* But if the KDC admin is paranoid and doesn't want to have "no
|
||||
* the best" enctypes on the krbtgt, lets save the best pick from
|
||||
* the client list and hope that that will work for any other
|
||||
* KDCs.
|
||||
*/
|
||||
{
|
||||
const krb5_enctype *p;
|
||||
krb5_enctype clientbest = ETYPE_NULL;
|
||||
int i, j;
|
||||
|
||||
ret = _kdc_find_etype(context, client, b->etype.val, b->etype.len,
|
||||
&ckey, &cetype);
|
||||
if (ret) {
|
||||
kdc_log(context, config, 0,
|
||||
"Client (%s) has no support for etypes", client_name);
|
||||
goto out;
|
||||
p = krb5_kerberos_enctypes(context);
|
||||
|
||||
sessionetype = ETYPE_NULL;
|
||||
|
||||
for (i = 0; p[i] != ETYPE_NULL && sessionetype == ETYPE_NULL; i++) {
|
||||
if (krb5_enctype_valid(context, p[i]) != 0)
|
||||
continue;
|
||||
|
||||
for (j = 0; j < b->etype.len && sessionetype == ETYPE_NULL; j++) {
|
||||
Key *dummy;
|
||||
/* check with client */
|
||||
if (p[i] != b->etype.val[j])
|
||||
continue;
|
||||
/* save best of union of { client, crypto system } */
|
||||
if (clientbest == ETYPE_NULL)
|
||||
clientbest = p[i];
|
||||
/* check with krbtgt */
|
||||
ret = hdb_enctype2key(context, &server->entry, p[i], &dummy);
|
||||
if (ret)
|
||||
continue;
|
||||
sessionetype = p[i];
|
||||
}
|
||||
}
|
||||
/* if krbtgt had no shared keys with client, pick clients best */
|
||||
if (clientbest != ETYPE_NULL && sessionetype == ETYPE_NULL) {
|
||||
sessionetype = clientbest;
|
||||
} else if (sessionetype == ETYPE_NULL) {
|
||||
kdc_log(context, config, 0,
|
||||
"Client (%s) from %s has no common enctypes with KDC"
|
||||
"to use for the session key",
|
||||
client_name, from);
|
||||
goto out;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
@ -1230,7 +1275,11 @@ _kdc_as_rep(krb5_context context,
|
||||
}
|
||||
et.flags.pre_authent = 1;
|
||||
|
||||
ret = krb5_enctype_to_string(context,pa_key->key.keytype, &str);
|
||||
set_salt_padata(rep.padata, pa_key->salt);
|
||||
|
||||
reply_key = &pa_key->key;
|
||||
|
||||
ret = krb5_enctype_to_string(context, pa_key->key.keytype, &str);
|
||||
if (ret)
|
||||
str = NULL;
|
||||
|
||||
@ -1300,7 +1349,9 @@ _kdc_as_rep(krb5_context context,
|
||||
/*
|
||||
* If there is a client key, send ETYPE_INFO{,2}
|
||||
*/
|
||||
if (ckey) {
|
||||
ret = _kdc_find_etype(context, client, b->etype.val, b->etype.len,
|
||||
&ckey);
|
||||
if (ret == 0) {
|
||||
|
||||
/*
|
||||
* RFC4120 requires:
|
||||
@ -1371,63 +1422,6 @@ _kdc_as_rep(krb5_context context,
|
||||
if(ret)
|
||||
goto out;
|
||||
|
||||
/*
|
||||
* Select a session enctype from the list of the crypto systems
|
||||
* supported enctype, is supported by the client and is one of the
|
||||
* enctype of the enctype of the krbtgt.
|
||||
*
|
||||
* The later is used as a hint what enctype all KDC are supporting
|
||||
* to make sure a newer version of KDC wont generate a session
|
||||
* enctype that and older version of a KDC in the same realm can't
|
||||
* decrypt.
|
||||
*
|
||||
* But if the KDC admin is paranoid and doesn't want to have "no
|
||||
* the best" enctypes on the krbtgt, lets save the best pick from
|
||||
* the client list and hope that that will work for any other
|
||||
* KDCs.
|
||||
*/
|
||||
{
|
||||
const krb5_enctype *p;
|
||||
krb5_enctype clientbest = ETYPE_NULL;
|
||||
int i, j;
|
||||
|
||||
p = krb5_kerberos_enctypes(context);
|
||||
|
||||
sessionetype = ETYPE_NULL;
|
||||
|
||||
for (i = 0; p[i] != ETYPE_NULL && sessionetype == ETYPE_NULL; i++) {
|
||||
if (krb5_enctype_valid(context, p[i]) != 0)
|
||||
continue;
|
||||
|
||||
for (j = 0; j < b->etype.len && sessionetype == ETYPE_NULL; j++) {
|
||||
Key *dummy;
|
||||
/* check with client */
|
||||
if (p[i] != b->etype.val[j])
|
||||
continue;
|
||||
/* save best of union of { client, crypto system } */
|
||||
if (clientbest == ETYPE_NULL)
|
||||
clientbest = p[i];
|
||||
/* check with krbtgt */
|
||||
ret = hdb_enctype2key(context, &server->entry, p[i], &dummy);
|
||||
if (ret)
|
||||
continue;
|
||||
sessionetype = p[i];
|
||||
}
|
||||
}
|
||||
/* if krbtgt had no shared keys with client, pick clients best */
|
||||
if (clientbest != ETYPE_NULL && sessionetype == ETYPE_NULL) {
|
||||
sessionetype = clientbest;
|
||||
} else if (sessionetype == ETYPE_NULL) {
|
||||
kdc_log(context, config, 0,
|
||||
"Client (%s) from %s has no common enctypes with KDC"
|
||||
"to use for the session key",
|
||||
client_name, from);
|
||||
goto out;
|
||||
}
|
||||
}
|
||||
|
||||
log_as_req(context, config, cetype, setype, b);
|
||||
|
||||
if(f.renew || f.validate || f.proxy || f.forwarded || f.enc_tkt_in_skey
|
||||
|| (f.request_anonymous && !config->allow_anonymous)) {
|
||||
ret = KRB5KDC_ERR_BADOPTION;
|
||||
@ -1622,10 +1616,6 @@ _kdc_as_rep(krb5_context context,
|
||||
copy_HostAddresses(et.caddr, ek.caddr);
|
||||
}
|
||||
|
||||
ALLOC(rep.padata);
|
||||
rep.padata->len = 0;
|
||||
rep.padata->val = NULL;
|
||||
|
||||
#if PKINIT
|
||||
if (pkp) {
|
||||
e_text = "Failed to build PK-INIT reply";
|
||||
@ -1642,12 +1632,13 @@ _kdc_as_rep(krb5_context context,
|
||||
goto out;
|
||||
} else
|
||||
#endif
|
||||
if (ckey) {
|
||||
reply_key = &ckey->key;
|
||||
{
|
||||
ret = krb5_generate_random_keyblock(context, sessionetype, &et.key);
|
||||
if (ret)
|
||||
goto out;
|
||||
} else {
|
||||
}
|
||||
|
||||
if (reply_key == NULL) {
|
||||
e_text = "Client have no reply key";
|
||||
ret = KRB5KDC_ERR_CLIENT_NOTYET;
|
||||
goto out;
|
||||
@ -1657,9 +1648,6 @@ _kdc_as_rep(krb5_context context,
|
||||
if (ret)
|
||||
goto out;
|
||||
|
||||
if (ckey)
|
||||
set_salt_padata (rep.padata, ckey->salt);
|
||||
|
||||
/* Add signing of alias referral */
|
||||
if (f.canonicalize) {
|
||||
PA_ClientCanonicalized canon;
|
||||
@ -1765,6 +1753,8 @@ _kdc_as_rep(krb5_context context,
|
||||
if (ret)
|
||||
goto out;
|
||||
|
||||
log_as_req(context, config, reply_key->keytype, setype, b);
|
||||
|
||||
ret = _kdc_encode_reply(context, config,
|
||||
&rep, &et, &ek, setype, server->entry.kvno,
|
||||
&skey->key, client->entry.kvno,
|
||||
|
@ -1633,14 +1633,15 @@ server_lookup:
|
||||
} else {
|
||||
Key *skey;
|
||||
|
||||
ret = _kdc_find_etype(context, server, b->etype.val, b->etype.len,
|
||||
&skey, &etype);
|
||||
ret = _kdc_find_etype(context, server,
|
||||
b->etype.val, b->etype.len, &skey);
|
||||
if(ret) {
|
||||
kdc_log(context, config, 0,
|
||||
"Server (%s) has no support for etypes", spn);
|
||||
goto out;
|
||||
}
|
||||
ekey = &skey->key;
|
||||
etype = skey->key.keytype;
|
||||
kvno = server->entry.kvno;
|
||||
}
|
||||
|
||||
|
@ -345,10 +345,24 @@ _kdc_do_kx509(krb5_context context,
|
||||
ret = krb5_principal_compare(context, sprincipal, principal);
|
||||
krb5_free_principal(context, principal);
|
||||
if (ret != TRUE) {
|
||||
char *expected, *used;
|
||||
|
||||
ret = krb5_unparse_name(context, sprincipal, &expected);
|
||||
if (ret)
|
||||
goto out;
|
||||
ret = krb5_unparse_name(context, principal, &used);
|
||||
if (ret) {
|
||||
krb5_xfree(expected);
|
||||
goto out;
|
||||
}
|
||||
|
||||
ret = KRB5KDC_ERR_SERVER_NOMATCH;
|
||||
krb5_set_error_message(context, ret,
|
||||
"User %s used wrong Kx509 service principal",
|
||||
cname);
|
||||
"User %s used wrong Kx509 service "
|
||||
"principal, expected: %s, used %s",
|
||||
cname, expected, used);
|
||||
krb5_xfree(expected);
|
||||
krb5_xfree(used);
|
||||
goto out;
|
||||
}
|
||||
}
|
||||
|
@ -3,6 +3,8 @@
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
@ -36,13 +38,14 @@ RCSID("$Id$");
|
||||
|
||||
void
|
||||
kdc_openlog(krb5_context context,
|
||||
const char *service,
|
||||
krb5_kdc_configuration *config)
|
||||
{
|
||||
char **s = NULL, **p;
|
||||
krb5_initlog(context, "kdc", &config->logf);
|
||||
s = krb5_config_get_strings(context, NULL, "kdc", "logging", NULL);
|
||||
s = krb5_config_get_strings(context, NULL, service, "logging", NULL);
|
||||
if(s == NULL)
|
||||
s = krb5_config_get_strings(context, NULL, "logging", "kdc", NULL);
|
||||
s = krb5_config_get_strings(context, NULL, "logging", service, NULL);
|
||||
if(s){
|
||||
for(p = s; *p; p++)
|
||||
krb5_addlog_dest(context, config->logf, *p);
|
||||
|
@ -3,6 +3,8 @@
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
@ -1379,7 +1381,22 @@ _kdc_pk_mk_pa_reply(krb5_context context,
|
||||
|
||||
}
|
||||
|
||||
ASN1_MALLOC_ENCODE(PA_PK_AS_REP, buf, len, &rep, &size, ret);
|
||||
#define use_btmm_with_enckey 0
|
||||
if (use_btmm_with_enckey && rep.element == choice_PA_PK_AS_REP_encKeyPack) {
|
||||
PA_PK_AS_REP_BTMM btmm;
|
||||
heim_any any;
|
||||
|
||||
any.data = rep.u.encKeyPack.data;
|
||||
any.length = rep.u.encKeyPack.length;
|
||||
|
||||
btmm.dhSignedData = NULL;
|
||||
btmm.encKeyPack = &any;
|
||||
|
||||
ASN1_MALLOC_ENCODE(PA_PK_AS_REP_BTMM, buf, len, &btmm, &size, ret);
|
||||
} else {
|
||||
ASN1_MALLOC_ENCODE(PA_PK_AS_REP, buf, len, &rep, &size, ret);
|
||||
}
|
||||
|
||||
free_PA_PK_AS_REP(&rep);
|
||||
if (ret) {
|
||||
krb5_set_error_message(context, ret,
|
||||
@ -1928,12 +1945,12 @@ load_mappings(krb5_context context, const char *fn)
|
||||
*/
|
||||
|
||||
krb5_error_code
|
||||
_kdc_pk_initialize(krb5_context context,
|
||||
krb5_kdc_configuration *config,
|
||||
const char *user_id,
|
||||
const char *anchors,
|
||||
char **pool,
|
||||
char **revoke_list)
|
||||
krb5_kdc_pk_initialize(krb5_context context,
|
||||
krb5_kdc_configuration *config,
|
||||
const char *user_id,
|
||||
const char *anchors,
|
||||
char **pool,
|
||||
char **revoke_list)
|
||||
{
|
||||
const char *file;
|
||||
char *fn = NULL;
|
||||
|
@ -117,22 +117,21 @@ main (int argc, char **argv)
|
||||
krb5_error_code ret;
|
||||
krb5_context context;
|
||||
krb5_principal principal;
|
||||
int optind = 0;
|
||||
krb5_get_init_creds_opt *opt;
|
||||
krb5_ccache id = NULL;
|
||||
int exit_value;
|
||||
int optidx = 0;
|
||||
|
||||
optind = krb5_program_setup(&context, argc, argv,
|
||||
args, sizeof(args) / sizeof(args[0]), usage);
|
||||
setprogname(argv[0]);
|
||||
|
||||
if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
|
||||
usage(1, args, sizeof(args) / sizeof(args[0]));
|
||||
if (help_flag)
|
||||
usage (0, args, sizeof(args) / sizeof(args[0]));
|
||||
|
||||
if(version_flag){
|
||||
print_version (NULL);
|
||||
exit(0);
|
||||
usage(0, args, sizeof(args) / sizeof(args[0]));
|
||||
if (version_flag) {
|
||||
print_version(NULL);
|
||||
return 0;
|
||||
}
|
||||
|
||||
argc -= optind;
|
||||
argv += optind;
|
||||
|
||||
|
@ -3,6 +3,8 @@
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
@ -33,6 +35,10 @@
|
||||
|
||||
#include "kuser_locl.h"
|
||||
|
||||
#ifdef __APPLE__
|
||||
#include <Security/Security.h>
|
||||
#endif
|
||||
|
||||
#ifndef HEIMDAL_SMALLER
|
||||
#include "krb5-v4compat.h"
|
||||
#endif
|
||||
@ -113,7 +119,7 @@ static struct getargs args[] = {
|
||||
{ "cache", 'c', arg_string, &cred_cache,
|
||||
NP_("credentials cache", ""), "cachename" },
|
||||
|
||||
{ "forwardable", 'f', arg_flag, &forwardable_flag,
|
||||
{ "forwardable", 'f', arg_negative_flag, &forwardable_flag,
|
||||
NP_("get forwardable tickets", "")},
|
||||
|
||||
{ "keytab", 't', arg_string, &keytab_str,
|
||||
@ -422,7 +428,7 @@ get_new_tickets(krb5_context context,
|
||||
char passwd[256];
|
||||
krb5_deltat start_time = 0;
|
||||
krb5_deltat renew = 0;
|
||||
const char *renewstr = NULL;
|
||||
char *renewstr = NULL;
|
||||
krb5_enctype *enctype = NULL;
|
||||
krb5_ccache tempccache;
|
||||
#ifndef NO_NTLM
|
||||
@ -451,6 +457,33 @@ get_new_tickets(krb5_context context,
|
||||
passwd[strcspn(passwd, "\n")] = '\0';
|
||||
}
|
||||
|
||||
#ifdef __APPLE__
|
||||
if (passwd[0] == '\0') {
|
||||
const char *realm;
|
||||
OSStatus osret;
|
||||
UInt32 length;
|
||||
void *buffer;
|
||||
char *name;
|
||||
|
||||
realm = krb5_principal_get_realm(context, principal);
|
||||
|
||||
ret = krb5_unparse_name_flags(context, principal,
|
||||
KRB5_PRINCIPAL_UNPARSE_NO_REALM, &name);
|
||||
if (ret)
|
||||
goto nopassword;
|
||||
|
||||
osret = SecKeychainFindGenericPassword(NULL, strlen(realm), realm,
|
||||
strlen(name), name,
|
||||
&length, &buffer, NULL);
|
||||
free(name);
|
||||
if (osret == noErr && length < sizeof(passwd) - 1) {
|
||||
memcpy(passwd, buffer, length);
|
||||
passwd[length] = '\0';
|
||||
}
|
||||
nopassword:
|
||||
do { } while(0);
|
||||
}
|
||||
#endif
|
||||
|
||||
memset(&cred, 0, sizeof(cred));
|
||||
|
||||
@ -472,7 +505,7 @@ get_new_tickets(krb5_context context,
|
||||
pac_flag ? TRUE : FALSE);
|
||||
if (canonicalize_flag)
|
||||
krb5_get_init_creds_opt_set_canonicalize(context, opt, TRUE);
|
||||
if (pk_enterprise_flag && windows_flag)
|
||||
if ((pk_enterprise_flag || enterprise_flag || canonicalize_flag) && windows_flag)
|
||||
krb5_get_init_creds_opt_set_win2k(context, opt, TRUE);
|
||||
if (pk_user_id || ent_user_id || anonymous_flag) {
|
||||
ret = krb5_get_init_creds_opt_set_pkinit(context, opt,
|
||||
@ -881,8 +914,23 @@ main (int argc, char **argv)
|
||||
#endif
|
||||
} else {
|
||||
ret = krb5_cc_cache_match(context, principal, &ccache);
|
||||
if (ret)
|
||||
if (ret) {
|
||||
const char *type;
|
||||
ret = krb5_cc_default (context, &ccache);
|
||||
if (ret)
|
||||
krb5_err (context, 1, ret, N_("resolving credentials cache", ""));
|
||||
|
||||
/*
|
||||
* Check if the type support switching, and we do,
|
||||
* then do that instead over overwriting the current
|
||||
* default credential
|
||||
*/
|
||||
type = krb5_cc_get_type(context, ccache);
|
||||
if (krb5_cc_support_switch(context, type)) {
|
||||
krb5_cc_close(context, ccache);
|
||||
ret = krb5_cc_new_unique(context, type, NULL, &ccache);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
if (ret)
|
||||
|
@ -2,6 +2,7 @@
|
||||
|
||||
#include <stddef.h>
|
||||
#include <time.h>
|
||||
#include <krb5-types.h>
|
||||
|
||||
#ifndef __asn1_common_definitions__
|
||||
#define __asn1_common_definitions__
|
||||
|
@ -24,4 +24,6 @@ error_code MAX_CONSTRAINT, "ASN.1 too many elements"
|
||||
error_code EXACT_CONSTRAINT, "ASN.1 wrong number of elements"
|
||||
error_code INDEF_OVERRUN, "ASN.1 BER indefinte encoding overrun"
|
||||
error_code INDEF_UNDERRUN, "ASN.1 BER indefinte encoding underun"
|
||||
error_code GOT_BER, "ASN.1 got BER encoded when expected DER"
|
||||
error_code INDEF_EXTRA_DATA, "ASN.1 EoC tag contained data"
|
||||
end
|
||||
|
@ -3,6 +3,8 @@
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
@ -250,7 +252,7 @@ ExtensionDefault: kw_EXTENSIBILITY kw_IMPLIED
|
||||
| /* empty */
|
||||
;
|
||||
|
||||
ModuleBody : /* Exports */ Imports AssignmentList
|
||||
ModuleBody : Exports Imports AssignmentList
|
||||
| /* empty */
|
||||
;
|
||||
|
||||
@ -272,11 +274,22 @@ SymbolsFromModule: referencenames kw_FROM IDENTIFIER objid_opt
|
||||
for(sl = $1; sl != NULL; sl = sl->next) {
|
||||
Symbol *s = addsym(sl->string);
|
||||
s->stype = Stype;
|
||||
gen_template_import(s);
|
||||
}
|
||||
add_import($3);
|
||||
}
|
||||
;
|
||||
|
||||
Exports : kw_EXPORTS referencenames ';'
|
||||
{
|
||||
struct string_list *sl;
|
||||
for(sl = $2; sl != NULL; sl = sl->next)
|
||||
add_export(sl->string);
|
||||
}
|
||||
| kw_EXPORTS kw_ALL
|
||||
| /* empty */
|
||||
;
|
||||
|
||||
AssignmentList : Assignment
|
||||
| Assignment AssignmentList
|
||||
;
|
||||
|
@ -4,7 +4,7 @@
|
||||
CMS DEFINITIONS ::= BEGIN
|
||||
|
||||
IMPORTS CertificateSerialNumber, AlgorithmIdentifier, Name,
|
||||
Attribute, Certificate, Name, SubjectKeyIdentifier FROM rfc2459
|
||||
Attribute, Certificate, SubjectKeyIdentifier FROM rfc2459
|
||||
heim_any, heim_any_set FROM heim;
|
||||
|
||||
id-pkcs7 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
||||
|
@ -94,6 +94,8 @@ typedef struct heim_ber_time_t {
|
||||
int bt_zone;
|
||||
} heim_ber_time_t;
|
||||
|
||||
struct asn1_template;
|
||||
|
||||
#include <der-protos.h>
|
||||
|
||||
int _heim_fix_dce(size_t reallen, size_t *len);
|
||||
|
@ -3,6 +3,8 @@
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
@ -45,6 +47,34 @@ der_copy_general_string (const heim_general_string *from,
|
||||
return 0;
|
||||
}
|
||||
|
||||
int
|
||||
der_copy_integer (const int *from, int *to)
|
||||
{
|
||||
*to = *from;
|
||||
return 0;
|
||||
}
|
||||
|
||||
int
|
||||
der_copy_unsigned (const unsigned *from, unsigned *to)
|
||||
{
|
||||
*to = *from;
|
||||
return 0;
|
||||
}
|
||||
|
||||
int
|
||||
der_copy_generalized_time (const time_t *from, time_t *to)
|
||||
{
|
||||
*to = *from;
|
||||
return 0;
|
||||
}
|
||||
|
||||
int
|
||||
der_copy_utctime (const time_t *from, time_t *to)
|
||||
{
|
||||
*to = *from;
|
||||
return 0;
|
||||
}
|
||||
|
||||
int
|
||||
der_copy_utf8string (const heim_utf8_string *from, heim_utf8_string *to)
|
||||
{
|
||||
|
@ -3,6 +3,8 @@
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
@ -42,6 +44,31 @@ der_free_general_string (heim_general_string *str)
|
||||
*str = NULL;
|
||||
}
|
||||
|
||||
void
|
||||
der_free_integer (int *i)
|
||||
{
|
||||
*i = 0;
|
||||
}
|
||||
|
||||
void
|
||||
der_free_unsigned (unsigned *u)
|
||||
{
|
||||
*u = 0;
|
||||
}
|
||||
|
||||
void
|
||||
der_free_generalized_time(time_t *t)
|
||||
{
|
||||
*t = 0;
|
||||
}
|
||||
|
||||
void
|
||||
der_free_utctime(time_t *t)
|
||||
{
|
||||
*t = 0;
|
||||
}
|
||||
|
||||
|
||||
void
|
||||
der_free_utf8string (heim_utf8_string *str)
|
||||
{
|
||||
|
@ -305,7 +305,7 @@ der_get_octet_string_ber (const unsigned char *p, size_t len,
|
||||
void *ptr;
|
||||
|
||||
ptr = realloc(data->data, data->length + datalen);
|
||||
if (ptr == NULL && data->length + datalen != 0) {
|
||||
if (ptr == NULL) {
|
||||
e = ENOMEM;
|
||||
goto out;
|
||||
}
|
||||
@ -354,23 +354,21 @@ der_get_heim_integer (const unsigned char *p, size_t len,
|
||||
p++;
|
||||
data->length--;
|
||||
}
|
||||
if (data->length) {
|
||||
data->data = malloc(data->length);
|
||||
if (data->data == NULL) {
|
||||
data->length = 0;
|
||||
if (size)
|
||||
*size = 0;
|
||||
return ENOMEM;
|
||||
}
|
||||
q = &((unsigned char*)data->data)[data->length - 1];
|
||||
p += data->length - 1;
|
||||
while (q >= (unsigned char*)data->data) {
|
||||
*q = *p ^ 0xff;
|
||||
if (carry)
|
||||
carry = !++*q;
|
||||
p--;
|
||||
q--;
|
||||
}
|
||||
data->data = malloc(data->length);
|
||||
if (data->data == NULL) {
|
||||
data->length = 0;
|
||||
if (size)
|
||||
*size = 0;
|
||||
return ENOMEM;
|
||||
}
|
||||
q = &((unsigned char*)data->data)[data->length - 1];
|
||||
p += data->length - 1;
|
||||
while (q >= (unsigned char*)data->data) {
|
||||
*q = *p ^ 0xff;
|
||||
if (carry)
|
||||
carry = !++*q;
|
||||
p--;
|
||||
q--;
|
||||
}
|
||||
} else {
|
||||
data->negative = 0;
|
||||
|
@ -3,6 +3,8 @@
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
@ -112,6 +114,20 @@ der_length_len (size_t len)
|
||||
}
|
||||
}
|
||||
|
||||
size_t
|
||||
der_length_tag(unsigned int tag)
|
||||
{
|
||||
size_t len = 0;
|
||||
|
||||
if(tag <= 30)
|
||||
return 1;
|
||||
while(tag) {
|
||||
tag /= 128;
|
||||
len++;
|
||||
}
|
||||
return len + 1;
|
||||
}
|
||||
|
||||
size_t
|
||||
der_length_integer (const int *data)
|
||||
{
|
||||
|
@ -52,6 +52,8 @@
|
||||
#include <asn1-common.h>
|
||||
#include <asn1_err.h>
|
||||
#include <der.h>
|
||||
#include <der-private.h>
|
||||
#include "asn1-template.h"
|
||||
|
||||
time_t _der_timegm (struct tm *);
|
||||
size_t _heim_len_unsigned (unsigned);
|
||||
|
@ -100,6 +100,21 @@ NTLMResponse ::= SEQUENCE {
|
||||
tickets [3] SEQUENCE OF OCTET STRING OPTIONAL
|
||||
}
|
||||
|
||||
NTLMRequest2 ::= SEQUENCE {
|
||||
loginUserName [0] UTF8String,
|
||||
loginDomainName [1] UTF8String,
|
||||
flags [2] INTEGER (0..4294967295),
|
||||
lmchallenge [3] OCTET STRING SIZE (8),
|
||||
ntChallengeResponce [4] OCTET STRING,
|
||||
lmChallengeResponce [5] OCTET STRING
|
||||
}
|
||||
|
||||
NTLMReply ::= SEQUENCE {
|
||||
success [0] BOOLEAN,
|
||||
flags [1] INTEGER (0..4294967295),
|
||||
sessionkey [2] OCTET STRING OPTIONAL
|
||||
}
|
||||
|
||||
DigestReqInner ::= CHOICE {
|
||||
init [0] DigestInit,
|
||||
digestRequest [1] DigestRequest,
|
||||
|
@ -3,6 +3,8 @@
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
@ -40,13 +42,7 @@ int
|
||||
encode_heim_any(unsigned char *p, size_t len,
|
||||
const heim_any *data, size_t *size)
|
||||
{
|
||||
if (data->length > len)
|
||||
return ASN1_OVERFLOW;
|
||||
p -= data->length;
|
||||
len -= data->length;
|
||||
memcpy (p+1, data->data, data->length);
|
||||
*size = data->length;
|
||||
return 0;
|
||||
return der_put_octet_string (p, len, data, size);
|
||||
}
|
||||
|
||||
int
|
||||
@ -91,8 +87,7 @@ decode_heim_any(const unsigned char *p, size_t len,
|
||||
void
|
||||
free_heim_any(heim_any *data)
|
||||
{
|
||||
free(data->data);
|
||||
data->data = NULL;
|
||||
der_free_octet_string(data);
|
||||
}
|
||||
|
||||
size_t
|
||||
@ -104,58 +99,43 @@ length_heim_any(const heim_any *data)
|
||||
int
|
||||
copy_heim_any(const heim_any *from, heim_any *to)
|
||||
{
|
||||
to->data = malloc(from->length);
|
||||
if (to->data == NULL && from->length != 0)
|
||||
return ENOMEM;
|
||||
memcpy(to->data, from->data, from->length);
|
||||
to->length = from->length;
|
||||
return 0;
|
||||
return der_copy_octet_string(from, to);
|
||||
}
|
||||
|
||||
int
|
||||
encode_heim_any_set(unsigned char *p, size_t len,
|
||||
const heim_any_set *data, size_t *size)
|
||||
{
|
||||
return encode_heim_any(p, len, data, size);
|
||||
return der_put_octet_string (p, len, data, size);
|
||||
}
|
||||
|
||||
|
||||
int
|
||||
decode_heim_any_set(const unsigned char *p, size_t len,
|
||||
heim_any_set *data, size_t *size)
|
||||
{
|
||||
memset(data, 0, sizeof(*data));
|
||||
data->data = malloc(len);
|
||||
if (data->data == NULL && len != 0)
|
||||
return ENOMEM;
|
||||
data->length = len;
|
||||
memcpy(data->data, p, len);
|
||||
if (size) *size = len;
|
||||
return 0;
|
||||
return der_get_octet_string(p, len, data, size);
|
||||
}
|
||||
|
||||
void
|
||||
free_heim_any_set(heim_any_set *data)
|
||||
{
|
||||
free_heim_any(data);
|
||||
der_free_octet_string(data);
|
||||
}
|
||||
|
||||
size_t
|
||||
length_heim_any_set(const heim_any *data)
|
||||
{
|
||||
return length_heim_any(data);
|
||||
return data->length;
|
||||
}
|
||||
|
||||
int
|
||||
copy_heim_any_set(const heim_any_set *from, heim_any_set *to)
|
||||
{
|
||||
return copy_heim_any(from, to);
|
||||
return der_copy_octet_string(from, to);
|
||||
}
|
||||
|
||||
int
|
||||
heim_any_cmp(const heim_any_set *p, const heim_any_set *q)
|
||||
{
|
||||
if (p->length != q->length)
|
||||
return p->length - q->length;
|
||||
return memcmp(p->data, q->data, p->length);
|
||||
return der_heim_octet_string_cmp(p, q);
|
||||
}
|
||||
|
@ -3,6 +3,8 @@
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
@ -35,12 +37,12 @@
|
||||
|
||||
RCSID("$Id$");
|
||||
|
||||
FILE *headerfile, *codefile, *logfile;
|
||||
FILE *privheaderfile, *headerfile, *codefile, *logfile, *templatefile;
|
||||
|
||||
#define STEM "asn1"
|
||||
|
||||
static const char *orig_filename;
|
||||
static char *header;
|
||||
static char *privheader, *header, *template;
|
||||
static const char *headerbase = STEM;
|
||||
|
||||
/*
|
||||
@ -66,6 +68,45 @@ add_import (const char *module)
|
||||
fprintf (headerfile, "#include <%s_asn1.h>\n", module);
|
||||
}
|
||||
|
||||
/*
|
||||
* List of all exported symbols
|
||||
*/
|
||||
|
||||
struct sexport {
|
||||
const char *name;
|
||||
int defined;
|
||||
struct sexport *next;
|
||||
};
|
||||
|
||||
static struct sexport *exports = NULL;
|
||||
|
||||
void
|
||||
add_export (const char *name)
|
||||
{
|
||||
struct sexport *tmp = emalloc (sizeof(*tmp));
|
||||
|
||||
tmp->name = name;
|
||||
tmp->next = exports;
|
||||
exports = tmp;
|
||||
}
|
||||
|
||||
int
|
||||
is_export(const char *name)
|
||||
{
|
||||
struct sexport *tmp;
|
||||
|
||||
if (exports == NULL) /* no export list, all exported */
|
||||
return 1;
|
||||
|
||||
for (tmp = exports; tmp != NULL; tmp = tmp->next) {
|
||||
if (strcmp(tmp->name, name) == 0) {
|
||||
tmp->defined = 1;
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
const char *
|
||||
get_filename (void)
|
||||
{
|
||||
@ -96,6 +137,23 @@ init_generate (const char *filename, const char *base)
|
||||
err (1, "open %s", fn);
|
||||
free(fn);
|
||||
|
||||
/* private header file */
|
||||
asprintf(&privheader, "%s-priv.h", headerbase);
|
||||
if (privheader == NULL)
|
||||
errx(1, "malloc");
|
||||
asprintf(&fn, "%s-priv.hx", headerbase);
|
||||
if (fn == NULL)
|
||||
errx(1, "malloc");
|
||||
privheaderfile = fopen (fn, "w");
|
||||
if (privheaderfile == NULL)
|
||||
err (1, "open %s", fn);
|
||||
free(fn);
|
||||
|
||||
/* template file */
|
||||
asprintf(&template, "%s-template.c", headerbase);
|
||||
if (template == NULL)
|
||||
errx(1, "malloc");
|
||||
|
||||
fprintf (headerfile,
|
||||
"/* Generated from %s */\n"
|
||||
"/* Do not edit */\n\n",
|
||||
@ -182,6 +240,36 @@ init_generate (const char *filename, const char *base)
|
||||
logfile = fopen(fn, "w");
|
||||
if (logfile == NULL)
|
||||
err (1, "open %s", fn);
|
||||
|
||||
/* if one code file, write into the one codefile */
|
||||
if (one_code_file)
|
||||
return;
|
||||
|
||||
templatefile = fopen (template, "w");
|
||||
if (templatefile == NULL)
|
||||
err (1, "open %s", template);
|
||||
|
||||
fprintf (templatefile,
|
||||
"/* Generated from %s */\n"
|
||||
"/* Do not edit */\n\n"
|
||||
"#include <stdio.h>\n"
|
||||
"#include <stdlib.h>\n"
|
||||
"#include <time.h>\n"
|
||||
"#include <string.h>\n"
|
||||
"#include <errno.h>\n"
|
||||
"#include <limits.h>\n"
|
||||
"#include <krb5-types.h>\n",
|
||||
filename);
|
||||
|
||||
fprintf (templatefile,
|
||||
"#include <%s>\n"
|
||||
"#include <%s>\n"
|
||||
"#include <der.h>\n"
|
||||
"#include <der-private.h>\n"
|
||||
"#include <asn1-template.h>\n",
|
||||
header, privheader);
|
||||
|
||||
|
||||
}
|
||||
|
||||
void
|
||||
@ -189,9 +277,15 @@ close_generate (void)
|
||||
{
|
||||
fprintf (headerfile, "#endif /* __%s_h__ */\n", headerbase);
|
||||
|
||||
fclose (headerfile);
|
||||
fprintf (logfile, "\n");
|
||||
fclose (logfile);
|
||||
if (headerfile)
|
||||
fclose (headerfile);
|
||||
if (privheaderfile)
|
||||
fclose (privheaderfile);
|
||||
if (templatefile)
|
||||
fclose (templatefile);
|
||||
if (logfile)
|
||||
fprintf (logfile, "\n");
|
||||
fclose (logfile);
|
||||
}
|
||||
|
||||
void
|
||||
@ -265,11 +359,14 @@ generate_header_of_codefile(const char *name)
|
||||
orig_filename);
|
||||
|
||||
fprintf (codefile,
|
||||
"#include <%s.h>\n",
|
||||
headerbase);
|
||||
"#include <%s>\n"
|
||||
"#include <%s>\n",
|
||||
header, privheader);
|
||||
fprintf (codefile,
|
||||
"#include <asn1_err.h>\n"
|
||||
"#include <der.h>\n"
|
||||
"#include <der-private.h>\n"
|
||||
"#include <asn1-template.h>\n"
|
||||
"#include <parse_units.h>\n\n");
|
||||
|
||||
}
|
||||
@ -328,8 +425,6 @@ generate_constant (const Symbol *s)
|
||||
}
|
||||
|
||||
fprintf (headerfile, "} */\n");
|
||||
fprintf (headerfile, "const heim_oid *oid_%s(void);\n",
|
||||
s->gen_name);
|
||||
fprintf (headerfile,
|
||||
"extern const heim_oid asn1_oid_%s;\n\n",
|
||||
s->gen_name);
|
||||
@ -346,12 +441,6 @@ generate_constant (const Symbol *s)
|
||||
"{ %d, oid_%s_variable_num };\n\n",
|
||||
s->gen_name, len, s->gen_name);
|
||||
|
||||
fprintf (codefile, "const heim_oid *oid_%s(void)\n"
|
||||
"{\n"
|
||||
"return &asn1_oid_%s;\n"
|
||||
"}\n\n",
|
||||
s->gen_name, s->gen_name);
|
||||
|
||||
free(list);
|
||||
|
||||
if (!one_code_file)
|
||||
@ -364,6 +453,33 @@ generate_constant (const Symbol *s)
|
||||
}
|
||||
}
|
||||
|
||||
int
|
||||
is_primitive_type(int type)
|
||||
{
|
||||
switch(type) {
|
||||
case TInteger:
|
||||
case TBoolean:
|
||||
case TOctetString:
|
||||
case TBitString:
|
||||
case TEnumerated:
|
||||
case TGeneralizedTime:
|
||||
case TGeneralString:
|
||||
case TTeletexString:
|
||||
case TOID:
|
||||
case TUTCTime:
|
||||
case TUTF8String:
|
||||
case TPrintableString:
|
||||
case TIA5String:
|
||||
case TBMPString:
|
||||
case TUniversalString:
|
||||
case TVisibleString:
|
||||
case TNull:
|
||||
return 1;
|
||||
default:
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
static void
|
||||
space(int level)
|
||||
{
|
||||
@ -550,8 +666,24 @@ define_asn1 (int level, Type *t)
|
||||
}
|
||||
|
||||
static void
|
||||
define_type (int level, const char *name, Type *t, int typedefp, int preservep)
|
||||
getnewbasename(char **newbasename, int typedefp, const char *basename, const char *name)
|
||||
{
|
||||
if (typedefp)
|
||||
*newbasename = strdup(name);
|
||||
else {
|
||||
if (name[0] == '*')
|
||||
name++;
|
||||
asprintf(newbasename, "%s_%s", basename, name);
|
||||
}
|
||||
if (*newbasename == NULL)
|
||||
err(1, "malloc");
|
||||
}
|
||||
|
||||
static void
|
||||
define_type (int level, const char *name, const char *basename, Type *t, int typedefp, int preservep)
|
||||
{
|
||||
char *newbasename = NULL;
|
||||
|
||||
switch (t->type) {
|
||||
case TType:
|
||||
space(level);
|
||||
@ -602,16 +734,37 @@ define_type (int level, const char *name, Type *t, int typedefp, int preservep)
|
||||
if(ASN1_TAILQ_EMPTY(t->members))
|
||||
fprintf (headerfile, "heim_bit_string %s;\n", name);
|
||||
else {
|
||||
fprintf (headerfile, "struct %s {\n", typedefp ? name : "");
|
||||
int pos = 0;
|
||||
getnewbasename(&newbasename, typedefp, basename, name);
|
||||
|
||||
fprintf (headerfile, "struct %s {\n", newbasename);
|
||||
ASN1_TAILQ_FOREACH(m, t->members, members) {
|
||||
char *n;
|
||||
|
||||
/* pad unused */
|
||||
while (pos < m->val) {
|
||||
asprintf (&n, "_unused%d:1", pos);
|
||||
define_type (level + 1, n, newbasename, &i, FALSE, FALSE);
|
||||
free(n);
|
||||
pos++;
|
||||
}
|
||||
|
||||
asprintf (&n, "%s:1", m->gen_name);
|
||||
if (n == NULL)
|
||||
errx(1, "malloc");
|
||||
define_type (level + 1, n, &i, FALSE, FALSE);
|
||||
define_type (level + 1, n, newbasename, &i, FALSE, FALSE);
|
||||
free (n);
|
||||
pos++;
|
||||
}
|
||||
/* pad to 32 elements */
|
||||
while (pos < 32) {
|
||||
char *n;
|
||||
asprintf (&n, "_unused%d:1", pos);
|
||||
define_type (level + 1, n, newbasename, &i, FALSE, FALSE);
|
||||
free(n);
|
||||
pos++;
|
||||
}
|
||||
|
||||
space(level);
|
||||
fprintf (headerfile, "} %s;\n\n", name);
|
||||
}
|
||||
@ -638,8 +791,10 @@ define_type (int level, const char *name, Type *t, int typedefp, int preservep)
|
||||
case TSequence: {
|
||||
Member *m;
|
||||
|
||||
getnewbasename(&newbasename, typedefp, basename, name);
|
||||
|
||||
space(level);
|
||||
fprintf (headerfile, "struct %s {\n", typedefp ? name : "");
|
||||
fprintf (headerfile, "struct %s {\n", newbasename);
|
||||
if (t->type == TSequence && preservep) {
|
||||
space(level + 1);
|
||||
fprintf(headerfile, "heim_octet_string _save;\n");
|
||||
@ -653,10 +808,10 @@ define_type (int level, const char *name, Type *t, int typedefp, int preservep)
|
||||
asprintf (&n, "*%s", m->gen_name);
|
||||
if (n == NULL)
|
||||
errx(1, "malloc");
|
||||
define_type (level + 1, n, m->type, FALSE, FALSE);
|
||||
define_type (level + 1, n, newbasename, m->type, FALSE, FALSE);
|
||||
free (n);
|
||||
} else
|
||||
define_type (level + 1, m->gen_name, m->type, FALSE, FALSE);
|
||||
define_type (level + 1, m->gen_name, newbasename, m->type, FALSE, FALSE);
|
||||
}
|
||||
space(level);
|
||||
fprintf (headerfile, "} %s;\n", name);
|
||||
@ -667,15 +822,17 @@ define_type (int level, const char *name, Type *t, int typedefp, int preservep)
|
||||
Type i;
|
||||
struct range range = { 0, INT_MAX };
|
||||
|
||||
getnewbasename(&newbasename, typedefp, basename, name);
|
||||
|
||||
i.type = TInteger;
|
||||
i.range = ⦥
|
||||
i.members = NULL;
|
||||
i.constraint = NULL;
|
||||
|
||||
space(level);
|
||||
fprintf (headerfile, "struct %s {\n", typedefp ? name : "");
|
||||
define_type (level + 1, "len", &i, FALSE, FALSE);
|
||||
define_type (level + 1, "*val", t->subtype, FALSE, FALSE);
|
||||
fprintf (headerfile, "struct %s {\n", newbasename);
|
||||
define_type (level + 1, "len", newbasename, &i, FALSE, FALSE);
|
||||
define_type (level + 1, "*val", newbasename, t->subtype, FALSE, FALSE);
|
||||
space(level);
|
||||
fprintf (headerfile, "} %s;\n", name);
|
||||
break;
|
||||
@ -693,14 +850,16 @@ define_type (int level, const char *name, Type *t, int typedefp, int preservep)
|
||||
fprintf (headerfile, "heim_general_string %s;\n", name);
|
||||
break;
|
||||
case TTag:
|
||||
define_type (level, name, t->subtype, typedefp, preservep);
|
||||
define_type (level, name, basename, t->subtype, typedefp, preservep);
|
||||
break;
|
||||
case TChoice: {
|
||||
int first = 1;
|
||||
Member *m;
|
||||
|
||||
getnewbasename(&newbasename, typedefp, basename, name);
|
||||
|
||||
space(level);
|
||||
fprintf (headerfile, "struct %s {\n", typedefp ? name : "");
|
||||
fprintf (headerfile, "struct %s {\n", newbasename);
|
||||
if (preservep) {
|
||||
space(level + 1);
|
||||
fprintf(headerfile, "heim_octet_string _save;\n");
|
||||
@ -737,10 +896,10 @@ define_type (int level, const char *name, Type *t, int typedefp, int preservep)
|
||||
asprintf (&n, "*%s", m->gen_name);
|
||||
if (n == NULL)
|
||||
errx(1, "malloc");
|
||||
define_type (level + 2, n, m->type, FALSE, FALSE);
|
||||
define_type (level + 2, n, newbasename, m->type, FALSE, FALSE);
|
||||
free (n);
|
||||
} else
|
||||
define_type (level + 2, m->gen_name, m->type, FALSE, FALSE);
|
||||
define_type (level + 2, m->gen_name, newbasename, m->type, FALSE, FALSE);
|
||||
}
|
||||
space(level + 1);
|
||||
fprintf (headerfile, "} u;\n");
|
||||
@ -787,6 +946,8 @@ define_type (int level, const char *name, Type *t, int typedefp, int preservep)
|
||||
default:
|
||||
abort ();
|
||||
}
|
||||
if (newbasename)
|
||||
free(newbasename);
|
||||
}
|
||||
|
||||
static void
|
||||
@ -800,27 +961,61 @@ generate_type_header (const Symbol *s)
|
||||
fprintf (headerfile, "\n*/\n\n");
|
||||
|
||||
fprintf (headerfile, "typedef ");
|
||||
define_type (0, s->gen_name, s->type, TRUE, preservep);
|
||||
define_type (0, s->gen_name, s->gen_name, s->type, TRUE, preservep);
|
||||
|
||||
fprintf (headerfile, "\n");
|
||||
}
|
||||
|
||||
|
||||
void
|
||||
generate_type (const Symbol *s)
|
||||
{
|
||||
FILE *h;
|
||||
|
||||
if (!one_code_file)
|
||||
generate_header_of_codefile(s->gen_name);
|
||||
|
||||
generate_type_header (s);
|
||||
generate_type_encode (s);
|
||||
generate_type_decode (s);
|
||||
generate_type_free (s);
|
||||
generate_type_length (s);
|
||||
generate_type_copy (s);
|
||||
|
||||
if (template_flag)
|
||||
generate_template(s);
|
||||
|
||||
if (template_flag == 0 || is_template_compat(s) == 0) {
|
||||
generate_type_encode (s);
|
||||
generate_type_decode (s);
|
||||
generate_type_free (s);
|
||||
generate_type_length (s);
|
||||
generate_type_copy (s);
|
||||
}
|
||||
generate_type_seq (s);
|
||||
generate_glue (s->type, s->gen_name);
|
||||
fprintf(headerfile, "\n\n");
|
||||
|
||||
/* generate prototypes */
|
||||
|
||||
if (is_export(s->name))
|
||||
h = headerfile;
|
||||
else
|
||||
h = privheaderfile;
|
||||
|
||||
fprintf (h,
|
||||
"int "
|
||||
"decode_%s(const unsigned char *, size_t, %s *, size_t *);\n",
|
||||
s->gen_name, s->gen_name);
|
||||
fprintf (h,
|
||||
"int "
|
||||
"encode_%s(unsigned char *, size_t, const %s *, size_t *);\n",
|
||||
s->gen_name, s->gen_name);
|
||||
fprintf (h,
|
||||
"size_t length_%s(const %s *);\n",
|
||||
s->gen_name, s->gen_name);
|
||||
fprintf (h,
|
||||
"int copy_%s (const %s *, %s *);\n",
|
||||
s->gen_name, s->gen_name, s->gen_name);
|
||||
fprintf (h,
|
||||
"void free_%s (%s *);\n",
|
||||
s->gen_name, s->gen_name);
|
||||
|
||||
|
||||
fprintf(h, "\n\n");
|
||||
|
||||
if (!one_code_file) {
|
||||
fprintf(codefile, "\n\n");
|
||||
|
@ -228,10 +228,6 @@ generate_type_copy (const Symbol *s)
|
||||
|
||||
used_fail = 0;
|
||||
|
||||
fprintf (headerfile,
|
||||
"int copy_%s (const %s *, %s *);\n",
|
||||
s->gen_name, s->gen_name, s->gen_name);
|
||||
|
||||
fprintf (codefile, "int\n"
|
||||
"copy_%s(const %s *from, %s *to)\n"
|
||||
"{\n"
|
||||
|
@ -56,33 +56,6 @@ decode_primitive (const char *typename, const char *name, const char *forwstr)
|
||||
#endif
|
||||
}
|
||||
|
||||
static int
|
||||
is_primitive_type(int type)
|
||||
{
|
||||
switch(type) {
|
||||
case TInteger:
|
||||
case TBoolean:
|
||||
case TOctetString:
|
||||
case TBitString:
|
||||
case TEnumerated:
|
||||
case TGeneralizedTime:
|
||||
case TGeneralString:
|
||||
case TTeletexString:
|
||||
case TOID:
|
||||
case TUTCTime:
|
||||
case TUTF8String:
|
||||
case TPrintableString:
|
||||
case TIA5String:
|
||||
case TBMPString:
|
||||
case TUniversalString:
|
||||
case TVisibleString:
|
||||
case TNull:
|
||||
return 1;
|
||||
default:
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
static void
|
||||
find_tag (const Type *t,
|
||||
Der_class *cl, Der_type *ty, unsigned *tag)
|
||||
@ -630,7 +603,7 @@ decode_type (const char *name, const Type *t, int optional,
|
||||
fprintf(codefile,
|
||||
"else {\n"
|
||||
"(%s)->u.%s.data = calloc(1, len);\n"
|
||||
"if ((%s)->u.%s.data == NULL && len != 0) {\n"
|
||||
"if ((%s)->u.%s.data == NULL) {\n"
|
||||
"e = ENOMEM; %s;\n"
|
||||
"}\n"
|
||||
"(%s)->u.%s.length = len;\n"
|
||||
@ -694,11 +667,6 @@ generate_type_decode (const Symbol *s)
|
||||
{
|
||||
int preserve = preserve_type(s->name) ? TRUE : FALSE;
|
||||
|
||||
fprintf (headerfile,
|
||||
"int "
|
||||
"decode_%s(const unsigned char *, size_t, %s *, size_t *);\n",
|
||||
s->gen_name, s->gen_name);
|
||||
|
||||
fprintf (codefile, "int\n"
|
||||
"decode_%s(const unsigned char *p,"
|
||||
" size_t len, %s *data, size_t *size)\n"
|
||||
@ -744,7 +712,7 @@ generate_type_decode (const Symbol *s)
|
||||
if (preserve)
|
||||
fprintf (codefile,
|
||||
"data->_save.data = calloc(1, ret);\n"
|
||||
"if (data->_save.data == NULL && ret != 0) { \n"
|
||||
"if (data->_save.data == NULL) { \n"
|
||||
"e = ENOMEM; goto fail; \n"
|
||||
"}\n"
|
||||
"data->_save.length = ret;\n"
|
||||
|
@ -508,11 +508,6 @@ encode_type (const char *name, const Type *t, const char *tmpstr)
|
||||
void
|
||||
generate_type_encode (const Symbol *s)
|
||||
{
|
||||
fprintf (headerfile,
|
||||
"int "
|
||||
"encode_%s(unsigned char *, size_t, const %s *, size_t *);\n",
|
||||
s->gen_name, s->gen_name);
|
||||
|
||||
fprintf (codefile, "int\n"
|
||||
"encode_%s(unsigned char *p, size_t len,"
|
||||
" const %s *data, size_t *size)\n"
|
||||
|
@ -180,18 +180,14 @@ free_type (const char *name, const Type *t, int preserve)
|
||||
void
|
||||
generate_type_free (const Symbol *s)
|
||||
{
|
||||
int preserve = preserve_type(s->name) ? TRUE : FALSE;
|
||||
|
||||
fprintf (headerfile,
|
||||
"void free_%s (%s *);\n",
|
||||
s->gen_name, s->gen_name);
|
||||
|
||||
fprintf (codefile, "void\n"
|
||||
"free_%s(%s *data)\n"
|
||||
"{\n",
|
||||
s->gen_name, s->gen_name);
|
||||
|
||||
free_type ("data", s->type, preserve);
|
||||
fprintf (codefile, "}\n\n");
|
||||
int preserve = preserve_type(s->name) ? TRUE : FALSE;
|
||||
|
||||
fprintf (codefile, "void\n"
|
||||
"free_%s(%s *data)\n"
|
||||
"{\n",
|
||||
s->gen_name, s->gen_name);
|
||||
|
||||
free_type ("data", s->type, preserve);
|
||||
fprintf (codefile, "}\n\n");
|
||||
}
|
||||
|
||||
|
@ -3,6 +3,8 @@
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
@ -70,7 +72,8 @@ generate_int2 (const Type *t, const char *gen_name)
|
||||
fprintf (codefile,
|
||||
"%s int2%s(unsigned n)\n"
|
||||
"{\n"
|
||||
"\t%s flags;\n\n",
|
||||
"\t%s flags;\n\n"
|
||||
"\tmemset(&flags, 0, sizeof(flags));\n\n",
|
||||
gen_name, gen_name, gen_name);
|
||||
|
||||
if(t->members) {
|
||||
@ -92,9 +95,17 @@ generate_units (const Type *t, const char *gen_name)
|
||||
{
|
||||
Member *m;
|
||||
|
||||
fprintf (headerfile,
|
||||
"const struct units * asn1_%s_units(void);",
|
||||
gen_name);
|
||||
if (template_flag) {
|
||||
fprintf (headerfile,
|
||||
"extern const struct units *asn1_%s_table_units;\n",
|
||||
gen_name);
|
||||
fprintf (headerfile, "#define asn1_%s_units() (asn1_%s_table_units)\n",
|
||||
gen_name, gen_name);
|
||||
} else {
|
||||
fprintf (headerfile,
|
||||
"const struct units * asn1_%s_units(void);",
|
||||
gen_name);
|
||||
}
|
||||
|
||||
fprintf (codefile,
|
||||
"static struct units %s_units[] = {\n",
|
||||
@ -111,11 +122,16 @@ generate_units (const Type *t, const char *gen_name)
|
||||
"\t{NULL,\t0}\n"
|
||||
"};\n\n");
|
||||
|
||||
fprintf (codefile,
|
||||
"const struct units * asn1_%s_units(void){\n"
|
||||
"return %s_units;\n"
|
||||
"}\n\n",
|
||||
gen_name, gen_name);
|
||||
if (template_flag)
|
||||
fprintf (codefile,
|
||||
"const struct units * asn1_%s_table_units = %s_units;\n",
|
||||
gen_name, gen_name);
|
||||
else
|
||||
fprintf (codefile,
|
||||
"const struct units * asn1_%s_units(void){\n"
|
||||
"return %s_units;\n"
|
||||
"}\n\n",
|
||||
gen_name, gen_name);
|
||||
|
||||
|
||||
}
|
||||
|
@ -43,6 +43,7 @@ length_primitive (const char *typename,
|
||||
fprintf (codefile, "%s += der_length_%s(%s);\n", variable, typename, name);
|
||||
}
|
||||
|
||||
/* XXX same as der_length_tag */
|
||||
static size_t
|
||||
length_tag(unsigned int tag)
|
||||
{
|
||||
@ -269,10 +270,6 @@ length_type (const char *name, const Type *t,
|
||||
void
|
||||
generate_type_length (const Symbol *s)
|
||||
{
|
||||
fprintf (headerfile,
|
||||
"size_t length_%s(const %s *);\n",
|
||||
s->gen_name, s->gen_name);
|
||||
|
||||
fprintf (codefile,
|
||||
"size_t\n"
|
||||
"length_%s(const %s *data)\n"
|
||||
|
@ -52,6 +52,7 @@
|
||||
#include "symbol.h"
|
||||
#include "asn1-common.h"
|
||||
#include "der.h"
|
||||
#include "der-private.h"
|
||||
|
||||
void generate_type (const Symbol *);
|
||||
void generate_constant (const Symbol *);
|
||||
@ -74,7 +75,10 @@ void init_generate (const char *, const char *);
|
||||
const char *get_filename (void);
|
||||
void close_generate(void);
|
||||
void add_import(const char *);
|
||||
void add_export(const char *);
|
||||
int is_export(const char *);
|
||||
int yyparse(void);
|
||||
int is_primitive_type(int);
|
||||
|
||||
int preserve_type(const char *);
|
||||
int seq_type(const char *);
|
||||
@ -82,9 +86,14 @@ int seq_type(const char *);
|
||||
void generate_header_of_codefile(const char *);
|
||||
void close_codefile(void);
|
||||
|
||||
int is_template_compat (const Symbol *);
|
||||
void generate_template(const Symbol *);
|
||||
void gen_template_import(const Symbol *);
|
||||
|
||||
extern FILE *headerfile, *codefile, *logfile;
|
||||
|
||||
extern FILE *privheaderfile, *headerfile, *codefile, *logfile, *templatefile;
|
||||
extern int support_ber;
|
||||
extern int template_flag;
|
||||
extern int rfc1510_bitstring;
|
||||
extern int one_code_file;
|
||||
|
||||
|
@ -2,6 +2,78 @@
|
||||
|
||||
KERBEROS5 DEFINITIONS ::=
|
||||
BEGIN
|
||||
EXPORTS
|
||||
AD-AND-OR,
|
||||
AD-IF-RELEVANT,
|
||||
AD-KDCIssued,
|
||||
AD-LoginAlias,
|
||||
AP-REP,
|
||||
AP-REQ,
|
||||
AS-REP,
|
||||
AS-REQ,
|
||||
AUTHDATA-TYPE,
|
||||
Authenticator,
|
||||
AuthorizationData,
|
||||
AuthorizationDataElement,
|
||||
CKSUMTYPE,
|
||||
ChangePasswdDataMS,
|
||||
Checksum,
|
||||
ENCTYPE,
|
||||
ETYPE-INFO,
|
||||
ETYPE-INFO-ENTRY,
|
||||
ETYPE-INFO2,
|
||||
ETYPE-INFO2-ENTRY,
|
||||
EncAPRepPart,
|
||||
EncASRepPart,
|
||||
EncKDCRepPart,
|
||||
EncKrbCredPart,
|
||||
EncKrbPrivPart,
|
||||
EncTGSRepPart,
|
||||
EncTicketPart,
|
||||
EncryptedData,
|
||||
EncryptionKey,
|
||||
EtypeList,
|
||||
HostAddress,
|
||||
HostAddresses,
|
||||
KDC-REQ-BODY,
|
||||
KDCOptions,
|
||||
KDC-REP,
|
||||
KRB-CRED,
|
||||
KRB-ERROR,
|
||||
KRB-PRIV,
|
||||
KRB-SAFE,
|
||||
KRB-SAFE-BODY,
|
||||
KRB5SignedPath,
|
||||
KRB5SignedPathData,
|
||||
KRB5SignedPathPrincipals,
|
||||
KerberosString,
|
||||
KerberosTime,
|
||||
KrbCredInfo,
|
||||
LR-TYPE,
|
||||
LastReq,
|
||||
METHOD-DATA,
|
||||
NAME-TYPE,
|
||||
PA-ClientCanonicalized,
|
||||
PA-ClientCanonicalizedNames,
|
||||
PA-DATA,
|
||||
PA-ENC-TS-ENC,
|
||||
PA-PAC-REQUEST,
|
||||
PA-S4U2Self,
|
||||
PA-SERVER-REFERRAL-DATA,
|
||||
PA-ServerReferralData,
|
||||
PA-SvrReferralData,
|
||||
PADATA-TYPE,
|
||||
Principal,
|
||||
PrincipalName,
|
||||
Principals,
|
||||
Realm,
|
||||
TGS-REP,
|
||||
TGS-REQ,
|
||||
Ticket,
|
||||
TicketFlags,
|
||||
TransitedEncoding,
|
||||
TypedData
|
||||
;
|
||||
|
||||
NAME-TYPE ::= INTEGER {
|
||||
KRB5_NT_UNKNOWN(0), -- Name type not known
|
||||
@ -256,11 +328,7 @@ KDCOptions ::= BIT STRING {
|
||||
proxy(4),
|
||||
allow-postdate(5),
|
||||
postdated(6),
|
||||
unused7(7),
|
||||
renewable(8),
|
||||
unused9(9),
|
||||
unused10(10),
|
||||
unused11(11),
|
||||
request-anonymous(14),
|
||||
canonicalize(15),
|
||||
constrained-delegation(16), -- ms extension
|
||||
|
@ -63,12 +63,14 @@ seq_type(const char *p)
|
||||
}
|
||||
|
||||
int support_ber;
|
||||
int template_flag;
|
||||
int rfc1510_bitstring;
|
||||
int one_code_file;
|
||||
char *option_file;
|
||||
int version_flag;
|
||||
int help_flag;
|
||||
struct getargs args[] = {
|
||||
{ "template", 0, arg_flag, &template_flag },
|
||||
{ "encode-rfc1510-bit-string", 0, arg_flag, &rfc1510_bitstring },
|
||||
{ "decode-dce-ber", 0, arg_flag, &support_ber },
|
||||
{ "support-ber", 0, arg_flag, &support_ber },
|
||||
|
@ -34,8 +34,6 @@
|
||||
#include "gen_locl.h"
|
||||
#include "lex.h"
|
||||
|
||||
RCSID("$Id$");
|
||||
|
||||
static Hashtab *htab;
|
||||
|
||||
static int
|
||||
@ -68,7 +66,7 @@ output_name(char *s)
|
||||
char *p;
|
||||
|
||||
for (p = s; *p; ++p)
|
||||
if (*p == '-')
|
||||
if (*p == '-' || *p == '.')
|
||||
*p = '_';
|
||||
}
|
||||
|
||||
|
@ -6,8 +6,11 @@ BEGIN
|
||||
|
||||
IMPORTS heim_any FROM heim;
|
||||
|
||||
TESTuint32 ::= INTEGER (0..4294967295)
|
||||
|
||||
TESTLargeTag ::= SEQUENCE {
|
||||
foo[127] INTEGER (-2147483648..2147483647)
|
||||
foo[127] INTEGER (-2147483648..2147483647),
|
||||
bar[128] INTEGER (-2147483648..2147483647)
|
||||
}
|
||||
|
||||
TESTSeq ::= SEQUENCE {
|
||||
@ -57,6 +60,11 @@ TESTAlloc ::= SEQUENCE {
|
||||
tagless2 heim_any OPTIONAL
|
||||
}
|
||||
|
||||
TESTOptional ::= SEQUENCE {
|
||||
zero [0] INTEGER (-2147483648..2147483647) OPTIONAL,
|
||||
one [1] INTEGER (-2147483648..2147483647) OPTIONAL
|
||||
}
|
||||
|
||||
|
||||
TESTCONTAINING ::= OCTET STRING ( CONTAINING INTEGER )
|
||||
TESTENCODEDBY ::= OCTET STRING ( ENCODED BY
|
||||
@ -92,4 +100,36 @@ TESTSeqSizeOf4 ::= SEQUENCE SIZE (MIN..2) OF TESTInteger
|
||||
|
||||
TESTOSSize1 ::= OCTET STRING SIZE (1..2)
|
||||
|
||||
TESTSeqOfSeq ::= SEQUENCE OF SEQUENCE {
|
||||
zero [0] TESTInteger
|
||||
}
|
||||
|
||||
TESTSeqOfSeq2 ::= SEQUENCE OF SEQUENCE {
|
||||
string [0] GeneralString
|
||||
}
|
||||
|
||||
TESTSeqOfSeq3 ::= SEQUENCE OF SEQUENCE {
|
||||
zero [0] TESTInteger,
|
||||
string [0] GeneralString
|
||||
}
|
||||
|
||||
TESTSeqOf2 ::= SEQUENCE {
|
||||
strings SEQUENCE OF GeneralString
|
||||
}
|
||||
|
||||
TESTSeqOf3 ::= SEQUENCE {
|
||||
strings SEQUENCE OF GeneralString OPTIONAL
|
||||
}
|
||||
|
||||
TESTPreserve ::= SEQUENCE {
|
||||
zero [0] TESTInteger,
|
||||
one [1] TESTInteger
|
||||
}
|
||||
|
||||
TESTBitString ::= BIT STRING {
|
||||
zero(0),
|
||||
eight(8),
|
||||
thirtyone(31)
|
||||
}
|
||||
|
||||
END
|
||||
|
@ -32,6 +32,9 @@
|
||||
*/
|
||||
|
||||
#undef ROKEN_RENAME
|
||||
|
||||
#include "config.h"
|
||||
|
||||
#include "compile_et.h"
|
||||
#include <getarg.h>
|
||||
|
||||
@ -219,7 +222,7 @@ main(int argc, char **argv)
|
||||
err(1, "%s", filename);
|
||||
|
||||
|
||||
p = strrchr(filename, '/');
|
||||
p = strrchr(filename, rk_PATH_DELIM);
|
||||
if(p)
|
||||
p++;
|
||||
else
|
||||
|
@ -45,10 +45,12 @@
|
||||
|
||||
#ifndef BUILD_GSSAPI_LIB
|
||||
#if defined(_WIN32)
|
||||
#define GSSAPI_LIB_FUNCTION _stdcall __declspec(dllimport)
|
||||
#define GSSAPI_LIB_FUNCTION __declspec(dllimport)
|
||||
#define GSSAPI_LIB_CALL __stdcall
|
||||
#define GSSAPI_LIB_VARIABLE __declspec(dllimport)
|
||||
#else
|
||||
#define GSSAPI_LIB_FUNCTION
|
||||
#define GSSAPI_LIB_CALL
|
||||
#define GSSAPI_LIB_VARIABLE
|
||||
#endif
|
||||
#endif
|
||||
@ -810,7 +812,8 @@ extern gss_OID GSSAPI_LIB_VARIABLE GSS_C_ATTR_STREAM_SIZES;
|
||||
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_context_query_attributes(OM_uint32 * /* minor_status */,
|
||||
gss_OID /* attribute */,
|
||||
const gss_ctx_id_t /* context_handle */,
|
||||
const gss_OID /* attribute */,
|
||||
void * /*data*/,
|
||||
size_t /* len */);
|
||||
/*
|
||||
|
@ -106,27 +106,27 @@ gss_krb5_ccache_name(OM_uint32 * /*minor_status*/,
|
||||
const char ** /*out_name */);
|
||||
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION gsskrb5_register_acceptor_identity
|
||||
(const char */*identity*/);
|
||||
(const char * /*identity*/);
|
||||
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION krb5_gss_register_acceptor_identity
|
||||
(const char */*identity*/);
|
||||
(const char * /*identity*/);
|
||||
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION gss_krb5_copy_ccache
|
||||
(OM_uint32 */*minor*/,
|
||||
(OM_uint32 * /*minor*/,
|
||||
gss_cred_id_t /*cred*/,
|
||||
struct krb5_ccache_data */*out*/);
|
||||
struct krb5_ccache_data * /*out*/);
|
||||
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_krb5_import_cred(OM_uint32 */*minor*/,
|
||||
gss_krb5_import_cred(OM_uint32 * /*minor*/,
|
||||
struct krb5_ccache_data * /*in*/,
|
||||
struct Principal * /*keytab_principal*/,
|
||||
struct krb5_keytab_data * /*keytab*/,
|
||||
gss_cred_id_t */*out*/);
|
||||
gss_cred_id_t * /*out*/);
|
||||
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION gss_krb5_get_tkt_flags
|
||||
(OM_uint32 */*minor*/,
|
||||
(OM_uint32 * /*minor*/,
|
||||
gss_ctx_id_t /*context_handle*/,
|
||||
OM_uint32 */*tkt_flags*/);
|
||||
OM_uint32 * /*tkt_flags*/);
|
||||
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gsskrb5_extract_authz_data_from_sec_context
|
||||
|
@ -207,9 +207,9 @@ gsskrb5_acceptor_ready(OM_uint32 * minor_status,
|
||||
int32_t seq_number;
|
||||
int is_cfx = 0;
|
||||
|
||||
krb5_auth_getremoteseqnumber (context,
|
||||
ctx->auth_context,
|
||||
&seq_number);
|
||||
krb5_auth_con_getremoteseqnumber (context,
|
||||
ctx->auth_context,
|
||||
&seq_number);
|
||||
|
||||
_gsskrb5i_is_cfx(context, ctx, 1);
|
||||
is_cfx = (ctx->more_flags & IS_CFX);
|
||||
@ -669,9 +669,9 @@ acceptor_wait_for_dcestyle(OM_uint32 * minor_status,
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
|
||||
kret = krb5_auth_getremoteseqnumber(context,
|
||||
ctx->auth_context,
|
||||
&r_seq_number);
|
||||
kret = krb5_auth_con_getremoteseqnumber(context,
|
||||
ctx->auth_context,
|
||||
&r_seq_number);
|
||||
if (kret) {
|
||||
*minor_status = kret;
|
||||
return GSS_S_FAILURE;
|
||||
@ -749,9 +749,9 @@ acceptor_wait_for_dcestyle(OM_uint32 * minor_status,
|
||||
{
|
||||
int32_t tmp_r_seq_number, tmp_l_seq_number;
|
||||
|
||||
kret = krb5_auth_getremoteseqnumber(context,
|
||||
ctx->auth_context,
|
||||
&tmp_r_seq_number);
|
||||
kret = krb5_auth_con_getremoteseqnumber(context,
|
||||
ctx->auth_context,
|
||||
&tmp_r_seq_number);
|
||||
if (kret) {
|
||||
*minor_status = kret;
|
||||
return GSS_S_FAILURE;
|
||||
|
@ -339,7 +339,7 @@ OM_uint32 _gsskrb5_acquire_cred
|
||||
|
||||
if (desired_name != GSS_C_NO_NAME) {
|
||||
|
||||
ret = _gsskrb5_canon_name(minor_status, context, 0, NULL,
|
||||
ret = _gsskrb5_canon_name(minor_status, context, 1, NULL,
|
||||
desired_name, &handle->principal);
|
||||
if (ret) {
|
||||
HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex);
|
||||
|
@ -255,7 +255,7 @@ gsskrb5_initiator_ready(
|
||||
krb5_cc_close(context, ctx->ccache);
|
||||
ctx->ccache = NULL;
|
||||
|
||||
krb5_auth_getremoteseqnumber (context, ctx->auth_context, &seq_number);
|
||||
krb5_auth_con_getremoteseqnumber (context, ctx->auth_context, &seq_number);
|
||||
|
||||
_gsskrb5i_is_cfx(context, ctx, 0);
|
||||
is_cfx = (ctx->more_flags & IS_CFX);
|
||||
@ -782,7 +782,7 @@ repl_mutual
|
||||
* for the gss_wrap calls.
|
||||
*/
|
||||
|
||||
krb5_auth_getremoteseqnumber(context, ctx->auth_context, &remote_seq);
|
||||
krb5_auth_con_getremoteseqnumber(context, ctx->auth_context, &remote_seq);
|
||||
krb5_auth_con_getlocalseqnumber(context, ctx->auth_context, &local_seq);
|
||||
krb5_auth_con_setlocalseqnumber(context, ctx->auth_context, remote_seq);
|
||||
|
||||
|
@ -302,9 +302,9 @@ export_lucid_sec_context_v1(OM_uint32 *minor_status,
|
||||
if (ret) goto out;
|
||||
ret = krb5_store_uint32(sp, (uint32_t)number);
|
||||
if (ret) goto out;
|
||||
krb5_auth_getremoteseqnumber (context,
|
||||
context_handle->auth_context,
|
||||
&number);
|
||||
krb5_auth_con_getremoteseqnumber (context,
|
||||
context_handle->auth_context,
|
||||
&number);
|
||||
ret = krb5_store_uint32(sp, (uint32_t)0); /* store top half as zero */
|
||||
if (ret) goto out;
|
||||
ret = krb5_store_uint32(sp, (uint32_t)number);
|
||||
|
@ -202,7 +202,8 @@ gss_OID GSSAPI_LIB_VARIABLE GSS_C_ATTR_STREAM_SIZES =
|
||||
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_context_query_attributes(OM_uint32 *minor_status,
|
||||
gss_OID attribute,
|
||||
const gss_ctx_id_t context_handle,
|
||||
const gss_OID attribute,
|
||||
void *data,
|
||||
size_t len)
|
||||
{
|
||||
|
@ -176,9 +176,9 @@ add_builtin(gssapi_mech_interface mech)
|
||||
if (mech == NULL)
|
||||
return 0;
|
||||
|
||||
m = malloc(sizeof(*m));
|
||||
m = calloc(1, sizeof(*m));
|
||||
if (m == NULL)
|
||||
return 1;
|
||||
return ENOMEM;
|
||||
m->gm_so = NULL;
|
||||
m->gm_mech = *mech;
|
||||
m->gm_mech_oid = mech->gm_mech_oid; /* XXX */
|
||||
@ -187,12 +187,12 @@ add_builtin(gssapi_mech_interface mech)
|
||||
|
||||
/* pick up the oid sets of names */
|
||||
|
||||
if (m->gm_mech.gm_inquire_names_for_mech) {
|
||||
if (m->gm_mech.gm_inquire_names_for_mech)
|
||||
(*m->gm_mech.gm_inquire_names_for_mech)(&minor_status,
|
||||
&m->gm_mech.gm_mech_oid, &m->gm_name_types);
|
||||
} else {
|
||||
|
||||
if (m->gm_name_types == NULL)
|
||||
gss_create_empty_oid_set(&minor_status, &m->gm_name_types);
|
||||
}
|
||||
|
||||
SLIST_INSERT_HEAD(&_gss_mechs, m, gm_link);
|
||||
return 0;
|
||||
@ -211,6 +211,8 @@ _gss_load_mech(void)
|
||||
char *name, *oid, *lib, *kobj;
|
||||
struct _gss_mech_switch *m;
|
||||
void *so;
|
||||
gss_OID_desc mech_oid;
|
||||
int found;
|
||||
|
||||
|
||||
HEIMDAL_MUTEX_lock(&_gss_mech_mutex);
|
||||
@ -253,6 +255,23 @@ _gss_load_mech(void)
|
||||
if (!name || !oid || !lib || !kobj)
|
||||
continue;
|
||||
|
||||
if (_gss_string_to_oid(oid, &mech_oid))
|
||||
continue;
|
||||
|
||||
/*
|
||||
* Check for duplicates, already loaded mechs.
|
||||
*/
|
||||
found = 0;
|
||||
SLIST_FOREACH(m, &_gss_mechs, gm_link) {
|
||||
if (gss_oid_equal(&m->gm_mech.gm_mech_oid, &mech_oid)) {
|
||||
found = 1;
|
||||
free(mech_oid.elements);
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (found)
|
||||
continue;
|
||||
|
||||
#ifndef RTLD_LOCAL
|
||||
#define RTLD_LOCAL 0
|
||||
#endif
|
||||
@ -260,17 +279,17 @@ _gss_load_mech(void)
|
||||
so = dlopen(lib, RTLD_LAZY | RTLD_LOCAL);
|
||||
if (!so) {
|
||||
/* fprintf(stderr, "dlopen: %s\n", dlerror()); */
|
||||
free(mech_oid.elements);
|
||||
continue;
|
||||
}
|
||||
|
||||
m = malloc(sizeof(*m));
|
||||
if (!m)
|
||||
if (!m) {
|
||||
free(mech_oid.elements);
|
||||
break;
|
||||
m->gm_so = so;
|
||||
if (_gss_string_to_oid(oid, &m->gm_mech.gm_mech_oid)) {
|
||||
free(m);
|
||||
continue;
|
||||
}
|
||||
m->gm_so = so;
|
||||
m->gm_mech.gm_mech_oid = mech_oid;
|
||||
m->gm_mech.gm_flags = 0;
|
||||
|
||||
major_status = gss_add_oid_set_member(&minor_status,
|
||||
|
@ -44,6 +44,8 @@
|
||||
#include <sys/param.h>
|
||||
#endif
|
||||
|
||||
#include <roken.h>
|
||||
|
||||
#ifdef HAVE_PTHREAD_H
|
||||
#include <pthread.h>
|
||||
#endif
|
||||
@ -69,8 +71,6 @@
|
||||
#include "utils.h"
|
||||
#include <der.h>
|
||||
|
||||
#include <roken.h>
|
||||
|
||||
#define ALLOC(X, N) (X) = calloc((N), sizeof(*(X)))
|
||||
|
||||
typedef struct {
|
||||
|
@ -69,7 +69,7 @@ void AES_encrypt(const unsigned char *, unsigned char *, const AES_KEY *);
|
||||
void AES_decrypt(const unsigned char *, unsigned char *, const AES_KEY *);
|
||||
|
||||
void AES_cbc_encrypt(const unsigned char *, unsigned char *,
|
||||
const unsigned long, const AES_KEY *,
|
||||
unsigned long, const AES_KEY *,
|
||||
unsigned char *, int);
|
||||
|
||||
#ifdef __cplusplus
|
||||
|
@ -40,6 +40,7 @@
|
||||
#include <limits.h>
|
||||
|
||||
#include <krb5-types.h>
|
||||
#include <roken.h>
|
||||
#include <rfc2459_asn1.h> /* XXX */
|
||||
#include <der.h>
|
||||
|
||||
|
@ -92,6 +92,8 @@
|
||||
#include <krb5-types.h>
|
||||
#include <assert.h>
|
||||
|
||||
#include <roken.h>
|
||||
|
||||
#include "des.h"
|
||||
#include "ui.h"
|
||||
|
||||
@ -180,14 +182,13 @@ static DES_cblock weak_keys[] = {
|
||||
int
|
||||
DES_is_weak_key(DES_cblock *key)
|
||||
{
|
||||
int weak = 0;
|
||||
int i;
|
||||
|
||||
/* Not constant time size if the key is weak, the app should not use it. */
|
||||
for (i = 0; i < sizeof(weak_keys)/sizeof(weak_keys[0]); i++) {
|
||||
if (memcmp(weak_keys[i], key, DES_CBLOCK_LEN) == 0)
|
||||
return 1;
|
||||
}
|
||||
return 0;
|
||||
for (i = 0; i < sizeof(weak_keys)/sizeof(weak_keys[0]); i++)
|
||||
weak ^= (ct_memcmp(weak_keys[i], key, DES_CBLOCK_LEN) == 0);
|
||||
|
||||
return !!weak;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -3,6 +3,8 @@
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
@ -43,7 +45,9 @@
|
||||
#include <string.h>
|
||||
#include <assert.h>
|
||||
|
||||
#ifdef HAVE_COMMONCRYPTO_COMMONDIGEST_H
|
||||
#include <CommonCrypto/CommonDigest.h>
|
||||
#endif
|
||||
#include <CommonCrypto/CommonCryptor.h>
|
||||
|
||||
#include <evp.h>
|
||||
@ -420,6 +424,7 @@ EVP_cc_rc2_64_cbc(void)
|
||||
const EVP_MD *
|
||||
EVP_cc_md2(void)
|
||||
{
|
||||
#ifdef HAVE_COMMONCRYPTO_COMMONDIGEST_H
|
||||
static const struct hc_evp_md md2 = {
|
||||
CC_MD2_DIGEST_LENGTH,
|
||||
CC_MD2_BLOCK_BYTES,
|
||||
@ -430,6 +435,9 @@ EVP_cc_md2(void)
|
||||
(hc_evp_md_cleanup)NULL
|
||||
};
|
||||
return &md2;
|
||||
#else
|
||||
return NULL;
|
||||
#endif
|
||||
}
|
||||
|
||||
/**
|
||||
@ -441,6 +449,7 @@ EVP_cc_md2(void)
|
||||
const EVP_MD *
|
||||
EVP_cc_md4(void)
|
||||
{
|
||||
#ifdef HAVE_COMMONCRYPTO_COMMONDIGEST_H
|
||||
static const struct hc_evp_md md4 = {
|
||||
CC_MD4_DIGEST_LENGTH,
|
||||
CC_MD4_BLOCK_BYTES,
|
||||
@ -451,6 +460,9 @@ EVP_cc_md4(void)
|
||||
(hc_evp_md_cleanup)NULL
|
||||
};
|
||||
return &md4;
|
||||
#else
|
||||
return NULL;
|
||||
#endif
|
||||
}
|
||||
|
||||
/**
|
||||
@ -462,6 +474,7 @@ EVP_cc_md4(void)
|
||||
const EVP_MD *
|
||||
EVP_cc_md5(void)
|
||||
{
|
||||
#ifdef HAVE_COMMONCRYPTO_COMMONDIGEST_H
|
||||
static const struct hc_evp_md md5 = {
|
||||
CC_MD5_DIGEST_LENGTH,
|
||||
CC_MD5_BLOCK_BYTES,
|
||||
@ -472,6 +485,9 @@ EVP_cc_md5(void)
|
||||
(hc_evp_md_cleanup)NULL
|
||||
};
|
||||
return &md5;
|
||||
#else
|
||||
return NULL;
|
||||
#endif
|
||||
}
|
||||
|
||||
/**
|
||||
@ -483,6 +499,7 @@ EVP_cc_md5(void)
|
||||
const EVP_MD *
|
||||
EVP_cc_sha1(void)
|
||||
{
|
||||
#ifdef HAVE_COMMONCRYPTO_COMMONDIGEST_H
|
||||
static const struct hc_evp_md sha1 = {
|
||||
CC_SHA1_DIGEST_LENGTH,
|
||||
CC_SHA1_BLOCK_BYTES,
|
||||
@ -493,6 +510,9 @@ EVP_cc_sha1(void)
|
||||
(hc_evp_md_cleanup)NULL
|
||||
};
|
||||
return &sha1;
|
||||
#else
|
||||
return NULL;
|
||||
#endif
|
||||
}
|
||||
|
||||
/**
|
||||
@ -504,6 +524,7 @@ EVP_cc_sha1(void)
|
||||
const EVP_MD *
|
||||
EVP_cc_sha256(void)
|
||||
{
|
||||
#ifdef HAVE_COMMONCRYPTO_COMMONDIGEST_H
|
||||
static const struct hc_evp_md sha256 = {
|
||||
CC_SHA256_DIGEST_LENGTH,
|
||||
CC_SHA256_BLOCK_BYTES,
|
||||
@ -514,6 +535,9 @@ EVP_cc_sha256(void)
|
||||
(hc_evp_md_cleanup)NULL
|
||||
};
|
||||
return &sha256;
|
||||
#else
|
||||
return NULL;
|
||||
#endif
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -41,7 +41,7 @@
|
||||
#define EVP_cc_md4 hc_EVP_cc_md4
|
||||
#define EVP_cc_md5 hc_EVP_cc_md5
|
||||
#define EVP_cc_sha1 hc_EVP_cc_sha1
|
||||
#define EVP_cc_sha256 hc_EVP__cc_sha256
|
||||
#define EVP_cc_sha256 hc_EVP_cc_sha256
|
||||
#define EVP_cc_des_cbc hc_EVP_cc_des_cbc
|
||||
#define EVP_cc_des_ede3_cbc hc_EVP_cc_des_ede3_cbc
|
||||
#define EVP_cc_aes_128_cbc hc_EVP_cc_aes_128_cbc
|
||||
|
@ -49,6 +49,7 @@
|
||||
#include <evp-cc.h>
|
||||
|
||||
#include <krb5-types.h>
|
||||
#include <roken.h>
|
||||
|
||||
#ifndef HCRYPTO_DEF_PROVIDER
|
||||
#define HCRYPTO_DEF_PROVIDER hcrypto
|
||||
|
@ -214,24 +214,24 @@ HC_CPP_BEGIN
|
||||
*/
|
||||
|
||||
const EVP_MD *EVP_md_null(void);
|
||||
const EVP_MD *EVP_md2(void) HC_DEPRECATED_CRYPTO;
|
||||
const EVP_MD *EVP_md4(void) HC_DEPRECATED_CRYPTO;
|
||||
const EVP_MD *EVP_md5(void) HC_DEPRECATED_CRYPTO;
|
||||
const EVP_MD *EVP_sha(void) HC_DEPRECATED;
|
||||
HC_DEPRECATED_CRYPTO const EVP_MD *EVP_md2(void);
|
||||
HC_DEPRECATED_CRYPTO const EVP_MD *EVP_md4(void);
|
||||
HC_DEPRECATED_CRYPTO const EVP_MD *EVP_md5(void);
|
||||
const EVP_MD *EVP_sha(void);
|
||||
const EVP_MD *EVP_sha1(void);
|
||||
const EVP_MD *EVP_sha256(void);
|
||||
|
||||
const EVP_CIPHER * EVP_aes_128_cbc(void);
|
||||
const EVP_CIPHER * EVP_aes_192_cbc(void);
|
||||
const EVP_CIPHER * EVP_aes_256_cbc(void);
|
||||
const EVP_CIPHER * EVP_des_cbc(void) HC_DEPRECATED_CRYPTO;
|
||||
HC_DEPRECATED_CRYPTO const EVP_CIPHER * EVP_des_cbc(void);
|
||||
const EVP_CIPHER * EVP_des_ede3_cbc(void);
|
||||
const EVP_CIPHER * EVP_enc_null(void);
|
||||
const EVP_CIPHER * EVP_rc2_40_cbc(void) HC_DEPRECATED_CRYPTO;
|
||||
const EVP_CIPHER * EVP_rc2_64_cbc(void) HC_DEPRECATED_CRYPTO;
|
||||
const EVP_CIPHER * EVP_rc2_cbc(void) HC_DEPRECATED_CRYPTO;
|
||||
HC_DEPRECATED_CRYPTO const EVP_CIPHER * EVP_rc2_40_cbc(void);
|
||||
HC_DEPRECATED_CRYPTO const EVP_CIPHER * EVP_rc2_64_cbc(void);
|
||||
HC_DEPRECATED_CRYPTO const EVP_CIPHER * EVP_rc2_cbc(void);
|
||||
const EVP_CIPHER * EVP_rc4(void);
|
||||
const EVP_CIPHER * EVP_rc4_40(void) HC_DEPRECATED_CRYPTO;
|
||||
HC_DEPRECATED_CRYPTO const EVP_CIPHER * EVP_rc4_40(void);
|
||||
const EVP_CIPHER * EVP_camellia_128_cbc(void);
|
||||
const EVP_CIPHER * EVP_camellia_192_cbc(void);
|
||||
const EVP_CIPHER * EVP_camellia_256_cbc(void);
|
||||
|
@ -43,6 +43,7 @@
|
||||
#ifdef KRB5
|
||||
#include <krb5-types.h>
|
||||
#endif
|
||||
#include <roken.h>
|
||||
|
||||
#ifndef min
|
||||
#define min(a,b) (((a)>(b))?(b):(a))
|
||||
|
@ -35,6 +35,9 @@
|
||||
#include <stdlib.h>
|
||||
#include <rand.h>
|
||||
|
||||
#ifdef KRB5
|
||||
#include <krb5-types.h>
|
||||
#endif
|
||||
#include <roken.h>
|
||||
|
||||
#include "randi.h"
|
||||
@ -451,6 +454,7 @@ fortuna_reseed(void)
|
||||
if (!init_done)
|
||||
abort();
|
||||
|
||||
#ifndef NO_RAND_UNIX_METHOD
|
||||
{
|
||||
unsigned char buf[INIT_BYTES];
|
||||
if ((*hc_rand_unix_method.bytes)(buf, sizeof(buf)) == 1) {
|
||||
@ -459,6 +463,7 @@ fortuna_reseed(void)
|
||||
memset(buf, 0, sizeof(buf));
|
||||
}
|
||||
}
|
||||
#endif
|
||||
#ifdef HAVE_ARC4RANDOM
|
||||
{
|
||||
uint32_t buf[INIT_BYTES / sizeof(uint32_t)];
|
||||
@ -470,6 +475,7 @@ fortuna_reseed(void)
|
||||
entropy_p = 1;
|
||||
}
|
||||
#endif
|
||||
#ifndef NO_RAND_EGD_METHOD
|
||||
/*
|
||||
* Only to get egd entropy if /dev/random or arc4rand failed since
|
||||
* it can be horribly slow to generate new bits.
|
||||
@ -482,6 +488,7 @@ fortuna_reseed(void)
|
||||
memset(buf, 0, sizeof(buf));
|
||||
}
|
||||
}
|
||||
#endif
|
||||
/*
|
||||
* Fall back to gattering data from timer and secret files, this
|
||||
* is really the last resort.
|
||||
@ -521,10 +528,12 @@ fortuna_reseed(void)
|
||||
gettimeofday(&tv, NULL);
|
||||
add_entropy(&main_state, (void *)&tv, sizeof(tv));
|
||||
}
|
||||
#ifdef HAVE_GETUID
|
||||
{
|
||||
uid_t u = getuid();
|
||||
add_entropy(&main_state, (void *)&u, sizeof(u));
|
||||
}
|
||||
#endif
|
||||
return entropy_p;
|
||||
}
|
||||
|
||||
|
@ -42,9 +42,6 @@
|
||||
|
||||
#include "randi.h"
|
||||
|
||||
static int random_fd = -1;
|
||||
static HEIMDAL_MUTEX random_mutex = HEIMDAL_MUTEX_INITIALIZER;
|
||||
|
||||
/*
|
||||
* Unix /dev/random
|
||||
*/
|
||||
@ -93,44 +90,29 @@ static int
|
||||
unix_bytes(unsigned char *outdata, int size)
|
||||
{
|
||||
ssize_t count;
|
||||
int once = 0;
|
||||
int fd;
|
||||
|
||||
if (size < 0)
|
||||
return 0;
|
||||
else if (size == 0)
|
||||
return 1;
|
||||
|
||||
HEIMDAL_MUTEX_lock(&random_mutex);
|
||||
if (random_fd == -1) {
|
||||
retry:
|
||||
random_fd = get_device_fd(O_RDONLY);
|
||||
if (random_fd < 0) {
|
||||
HEIMDAL_MUTEX_unlock(&random_mutex);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
fd = get_device_fd(O_RDONLY);
|
||||
if (fd < 0)
|
||||
return 0;
|
||||
|
||||
while (size > 0) {
|
||||
HEIMDAL_MUTEX_unlock(&random_mutex);
|
||||
count = read (random_fd, outdata, size);
|
||||
HEIMDAL_MUTEX_lock(&random_mutex);
|
||||
if (random_fd < 0) {
|
||||
if (errno == EINTR)
|
||||
continue;
|
||||
else if (errno == EBADF && once++ == 0) {
|
||||
close(random_fd);
|
||||
random_fd = -1;
|
||||
goto retry;
|
||||
}
|
||||
return 0;
|
||||
} else if (count <= 0) {
|
||||
HEIMDAL_MUTEX_unlock(&random_mutex);
|
||||
count = read(fd, outdata, size);
|
||||
if (count < 0 && errno == EINTR)
|
||||
continue;
|
||||
else if (count <= 0) {
|
||||
close(fd);
|
||||
return 0;
|
||||
}
|
||||
outdata += count;
|
||||
size -= count;
|
||||
}
|
||||
HEIMDAL_MUTEX_unlock(&random_mutex);
|
||||
close(fd);
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
@ -3,6 +3,8 @@
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
@ -58,7 +60,9 @@ init_method(void)
|
||||
{
|
||||
if (selected_meth != NULL)
|
||||
return;
|
||||
#ifdef __APPLE__
|
||||
#if defined(_WIN32)
|
||||
selected_meth = &hc_rand_w32crypto_method;
|
||||
#elif defined(__APPLE__)
|
||||
selected_meth = &hc_rand_unix_method;
|
||||
#else
|
||||
selected_meth = &hc_rand_fortuna_method;
|
||||
@ -95,6 +99,8 @@ RAND_seed(const void *indata, size_t size)
|
||||
int
|
||||
RAND_bytes(void *outdata, size_t size)
|
||||
{
|
||||
if (size == 0)
|
||||
return 1;
|
||||
init_method();
|
||||
return (*selected_meth->bytes)(outdata, size);
|
||||
}
|
||||
|
@ -62,6 +62,7 @@ typedef struct RAND_METHOD RAND_METHOD;
|
||||
#define RAND_fortuna_method hc_RAND_fortuna_method
|
||||
#define RAND_egd_method hc_RAND_egd_method
|
||||
#define RAND_unix_method hc_RAND_unix_method
|
||||
#define RAND_w32crypto_method hc_RAND_w32crypto_method
|
||||
|
||||
/*
|
||||
*
|
||||
|
@ -42,6 +42,7 @@ extern const RAND_METHOD hc_rand_fortuna_method;
|
||||
extern const RAND_METHOD hc_rand_unix_method;
|
||||
extern const RAND_METHOD hc_rand_egd_method;
|
||||
extern const RAND_METHOD hc_rand_timer_method;
|
||||
extern const RAND_METHOD hc_rand_w32crypto_method;
|
||||
|
||||
const RAND_METHOD * RAND_timer_method(void);
|
||||
|
||||
|
@ -31,11 +31,12 @@
|
||||
#include "config.h"
|
||||
|
||||
|
||||
#include <stdlib.h>
|
||||
#ifdef KRB5
|
||||
#include <krb5-types.h>
|
||||
#endif
|
||||
|
||||
#include <rijndael-alg-fst.h>
|
||||
#include "rijndael-alg-fst.h"
|
||||
|
||||
/* the file should not be used from outside */
|
||||
typedef uint8_t u8;
|
||||
|
@ -39,11 +39,11 @@
|
||||
#ifdef KRB5
|
||||
#include <krb5-types.h>
|
||||
#endif
|
||||
#include <stdlib.h>
|
||||
|
||||
#include <des.h>
|
||||
#include <rand.h>
|
||||
|
||||
#include <stdlib.h>
|
||||
|
||||
#undef __attribute__
|
||||
#define __attribute__(X)
|
||||
|
||||
|
@ -37,10 +37,15 @@
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <signal.h>
|
||||
#ifdef HAVE_TERMIOS_H
|
||||
#include <termios.h>
|
||||
#endif
|
||||
#include <roken.h>
|
||||
|
||||
#include <ui.h>
|
||||
#ifdef HAVE_CONIO_H
|
||||
#include <conio.h>
|
||||
#endif
|
||||
|
||||
static sig_atomic_t intr_flag;
|
||||
|
||||
@ -50,6 +55,53 @@ intr(int sig)
|
||||
intr_flag++;
|
||||
}
|
||||
|
||||
#ifdef HAVE_CONIO_H
|
||||
|
||||
/*
|
||||
* Windows does console slightly different then then unix case.
|
||||
*/
|
||||
|
||||
static int
|
||||
read_string(const char *preprompt, const char *prompt,
|
||||
char *buf, size_t len, int echo)
|
||||
{
|
||||
int of = 0;
|
||||
int c;
|
||||
char *p;
|
||||
void (*oldsigintr)(int);
|
||||
|
||||
_cprintf("%s%s", preprompt, prompt);
|
||||
|
||||
oldsigintr = signal(SIGINT, intr);
|
||||
|
||||
p = buf;
|
||||
while(intr_flag == 0){
|
||||
c = ((echo)? _getche(): _getch());
|
||||
if(c == '\n')
|
||||
break;
|
||||
if(of == 0)
|
||||
*p++ = c;
|
||||
of = (p == buf + len);
|
||||
}
|
||||
if(of)
|
||||
p--;
|
||||
*p = 0;
|
||||
|
||||
if(echo == 0){
|
||||
printf("\n");
|
||||
}
|
||||
|
||||
signal(SIGINT, oldsigintr);
|
||||
|
||||
if(intr_flag)
|
||||
return -2;
|
||||
if(of)
|
||||
return -1;
|
||||
return 0;
|
||||
}
|
||||
|
||||
#else /* !HAVE_CONIO_H */
|
||||
|
||||
#ifndef NSIG
|
||||
#define NSIG 47
|
||||
#endif
|
||||
@ -135,6 +187,8 @@ read_string(const char *preprompt, const char *prompt,
|
||||
return 0;
|
||||
}
|
||||
|
||||
#endif /* HAVE_CONIO_H */
|
||||
|
||||
int
|
||||
UI_UTIL_read_pw_string(char *buf, int length, const char *prompt, int verify)
|
||||
{
|
||||
|
@ -281,6 +281,7 @@ hdb_entry_get_password(krb5_context context, HDB *db,
|
||||
const hdb_entry *entry, char **p)
|
||||
{
|
||||
HDB_extension *ext;
|
||||
char *str;
|
||||
int ret;
|
||||
|
||||
ext = hdb_find_extension(entry, choice_HDB_extension_data_password);
|
||||
@ -329,17 +330,14 @@ hdb_entry_get_password(krb5_context context, HDB *db,
|
||||
return 0;
|
||||
}
|
||||
|
||||
{
|
||||
char *name;
|
||||
ret = krb5_unparse_name(context, entry->principal, &name);
|
||||
if (ret == 0) {
|
||||
krb5_set_error_message(context, ENOENT, "no password attributefor %s", name);
|
||||
free(name);
|
||||
} else
|
||||
krb5_clear_error_message(context);
|
||||
|
||||
return ENOENT;
|
||||
}
|
||||
ret = krb5_unparse_name(context, entry->principal, &str);
|
||||
if (ret == 0) {
|
||||
krb5_set_error_message(context, ENOENT, "no password attributefor %s", str);
|
||||
free(str);
|
||||
} else
|
||||
krb5_clear_error_message(context);
|
||||
|
||||
return ENOENT;
|
||||
}
|
||||
|
||||
int
|
||||
|
@ -3,6 +3,8 @@
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
@ -65,9 +67,13 @@ static struct hdb_method methods[] = {
|
||||
#if HAVE_DB1 || HAVE_DB3
|
||||
{ HDB_INTERFACE_VERSION, "db:", hdb_db_create},
|
||||
#endif
|
||||
#if HAVE_DB1
|
||||
{ HDB_INTERFACE_VERSION, "mit-db:", hdb_mdb_create},
|
||||
#endif
|
||||
#if HAVE_NDBM
|
||||
{ HDB_INTERFACE_VERSION, "ndbm:", hdb_ndbm_create},
|
||||
#endif
|
||||
{ HDB_INTERFACE_VERSION, "keytab:", hdb_keytab_create},
|
||||
#if defined(OPENLDAP) && !defined(OPENLDAP_MODULE)
|
||||
{ HDB_INTERFACE_VERSION, "ldap:", hdb_ldap_create},
|
||||
{ HDB_INTERFACE_VERSION, "ldapi:", hdb_ldapi_create},
|
||||
@ -411,6 +417,27 @@ hdb_list_builtin(krb5_context context, char **list)
|
||||
return 0;
|
||||
}
|
||||
|
||||
krb5_error_code
|
||||
_hdb_keytab2hdb_entry(krb5_context context,
|
||||
const krb5_keytab_entry *ktentry,
|
||||
hdb_entry_ex *entry)
|
||||
{
|
||||
entry->entry.kvno = ktentry->vno;
|
||||
entry->entry.created_by.time = ktentry->timestamp;
|
||||
|
||||
entry->entry.keys.val = calloc(1, sizeof(entry->entry.keys.val[0]));
|
||||
if (entry->entry.keys.val == NULL)
|
||||
return ENOMEM;
|
||||
entry->entry.keys.len = 1;
|
||||
|
||||
entry->entry.keys.val[0].mkvno = NULL;
|
||||
entry->entry.keys.val[0].salt = NULL;
|
||||
|
||||
return krb5_copy_keyblock_contents(context,
|
||||
&ktentry->keyblock,
|
||||
&entry->entry.keys.val[0].key);
|
||||
}
|
||||
|
||||
/**
|
||||
* Create a handle for a Kerberos database
|
||||
*
|
||||
|
@ -193,6 +193,13 @@ typedef struct HDB{
|
||||
* point for the module.
|
||||
*/
|
||||
krb5_error_code (*hdb_destroy)(krb5_context, struct HDB*);
|
||||
/**
|
||||
* Get the list of realms this backend handles.
|
||||
* This call is optional to support. The returned realms are used
|
||||
* for announcing the realms over bonjour. Free returned array
|
||||
* with krb5_free_host_realm().
|
||||
*/
|
||||
krb5_error_code (*hdb_get_realms)(krb5_context, struct HDB *, krb5_realm **);
|
||||
/**
|
||||
* Change password.
|
||||
*
|
||||
|
@ -185,7 +185,7 @@ read_master_mit(krb5_context context, const char *filename,
|
||||
if(ret)
|
||||
goto out;
|
||||
}
|
||||
ret = hdb_process_master_key(context, 0, &key, 0, mkey);
|
||||
ret = hdb_process_master_key(context, 1, &key, 0, mkey);
|
||||
krb5_free_keyblock_contents(context, &key);
|
||||
out:
|
||||
krb5_storage_free(sp);
|
||||
|
@ -1023,9 +1023,12 @@ certificate_is_self_signed(hx509_context context,
|
||||
ret = _hx509_name_cmp(&cert->tbsCertificate.subject,
|
||||
&cert->tbsCertificate.issuer, &diff);
|
||||
*self_signed = (diff == 0);
|
||||
if (ret)
|
||||
if (ret) {
|
||||
hx509_set_error_string(context, 0, ret,
|
||||
"Failed to check if self signed");
|
||||
} else
|
||||
ret = _hx509_self_signed_valid(context, &cert->signatureAlgorithm);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
@ -3251,7 +3254,7 @@ _hx509_cert_get_eku(hx509_context context,
|
||||
* @param context A hx509 context.
|
||||
* @param c the certificate to encode.
|
||||
* @param os the encode certificate, set to NULL, 0 on case of
|
||||
* error. Free the returned structure with hx509_xfree().
|
||||
* error. Free the os->data with hx509_xfree().
|
||||
*
|
||||
* @return An hx509 error code, see hx509_get_error_string().
|
||||
*
|
||||
|
@ -1491,7 +1491,7 @@ hx509_cms_create_signed(hx509_context context,
|
||||
* signatures).
|
||||
*/
|
||||
if ((flags & HX509_CMS_SIGNATURE_NO_SIGNER) == 0) {
|
||||
ret = hx509_certs_iter(context, certs, sig_process, &sigctx);
|
||||
ret = hx509_certs_iter_f(context, certs, sig_process, &sigctx);
|
||||
if (ret)
|
||||
goto out;
|
||||
}
|
||||
@ -1525,7 +1525,7 @@ hx509_cms_create_signed(hx509_context context,
|
||||
goto out;
|
||||
}
|
||||
|
||||
ret = hx509_certs_iter(context, sigctx.certs, cert_process, &sigctx);
|
||||
ret = hx509_certs_iter_f(context, sigctx.certs, cert_process, &sigctx);
|
||||
if (ret)
|
||||
goto out;
|
||||
}
|
||||
|
@ -87,8 +87,9 @@ struct signature_alg {
|
||||
const heim_oid *key_oid;
|
||||
const AlgorithmIdentifier *digest_alg;
|
||||
int flags;
|
||||
#define PROVIDE_CONF 1
|
||||
#define REQUIRE_SIGNER 2
|
||||
#define PROVIDE_CONF 0x1
|
||||
#define REQUIRE_SIGNER 0x2
|
||||
#define SELF_SIGNED_OK 0x4
|
||||
|
||||
#define SIG_DIGEST 0x100
|
||||
#define SIG_PUBLIC_SIG 0x200
|
||||
@ -1200,7 +1201,7 @@ static const struct signature_alg ecdsa_with_sha256_alg = {
|
||||
&_hx509_signature_ecdsa_with_sha256_data,
|
||||
&asn1_oid_id_ecPublicKey,
|
||||
&_hx509_signature_sha256_data,
|
||||
PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG,
|
||||
PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK,
|
||||
0,
|
||||
NULL,
|
||||
ecdsa_verify_signature,
|
||||
@ -1214,7 +1215,7 @@ static const struct signature_alg ecdsa_with_sha1_alg = {
|
||||
&_hx509_signature_ecdsa_with_sha1_data,
|
||||
&asn1_oid_id_ecPublicKey,
|
||||
&_hx509_signature_sha1_data,
|
||||
PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG,
|
||||
PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK,
|
||||
0,
|
||||
NULL,
|
||||
ecdsa_verify_signature,
|
||||
@ -1243,7 +1244,7 @@ static const struct signature_alg pkcs1_rsa_sha1_alg = {
|
||||
&_hx509_signature_rsa_with_sha1_data,
|
||||
&asn1_oid_id_pkcs1_rsaEncryption,
|
||||
NULL,
|
||||
PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG,
|
||||
PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK,
|
||||
0,
|
||||
NULL,
|
||||
rsa_verify_signature,
|
||||
@ -1256,7 +1257,7 @@ static const struct signature_alg rsa_with_sha256_alg = {
|
||||
&_hx509_signature_rsa_with_sha256_data,
|
||||
&asn1_oid_id_pkcs1_rsaEncryption,
|
||||
&_hx509_signature_sha256_data,
|
||||
PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG,
|
||||
PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK,
|
||||
0,
|
||||
NULL,
|
||||
rsa_verify_signature,
|
||||
@ -1269,7 +1270,7 @@ static const struct signature_alg rsa_with_sha1_alg = {
|
||||
&_hx509_signature_rsa_with_sha1_data,
|
||||
&asn1_oid_id_pkcs1_rsaEncryption,
|
||||
&_hx509_signature_sha1_data,
|
||||
PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG,
|
||||
PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK,
|
||||
0,
|
||||
NULL,
|
||||
rsa_verify_signature,
|
||||
@ -1481,6 +1482,27 @@ _hx509_signature_best_before(hx509_context context,
|
||||
return 0;
|
||||
}
|
||||
|
||||
int
|
||||
_hx509_self_signed_valid(hx509_context context,
|
||||
const AlgorithmIdentifier *alg)
|
||||
{
|
||||
const struct signature_alg *md;
|
||||
|
||||
md = find_sig_alg(&alg->algorithm);
|
||||
if (md == NULL) {
|
||||
hx509_clear_error_string(context);
|
||||
return HX509_SIG_ALG_NO_SUPPORTED;
|
||||
}
|
||||
if ((md->flags & SELF_SIGNED_OK) == 0) {
|
||||
hx509_set_error_string(context, 0, HX509_CRYPTO_ALGORITHM_BEST_BEFORE,
|
||||
"Algorithm %s not trusted for self signatures",
|
||||
md->name);
|
||||
return HX509_CRYPTO_ALGORITHM_BEST_BEFORE;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
int
|
||||
_hx509_verify_signature(hx509_context context,
|
||||
const hx509_cert cert,
|
||||
|
@ -39,16 +39,19 @@
|
||||
#include <stdlib.h>
|
||||
#include <ctype.h>
|
||||
#include <errno.h>
|
||||
#ifdef HAVE_STRINGS_H
|
||||
#include <strings.h>
|
||||
#endif
|
||||
#include <assert.h>
|
||||
#include <stdarg.h>
|
||||
#include <err.h>
|
||||
#include <limits.h>
|
||||
|
||||
#include <roken.h>
|
||||
|
||||
#include <getarg.h>
|
||||
#include <base64.h>
|
||||
#include <hex.h>
|
||||
#include <roken.h>
|
||||
#include <com_err.h>
|
||||
#include <parse_units.h>
|
||||
#include <parse_bytes.h>
|
||||
|
@ -3,6 +3,8 @@
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
@ -323,7 +325,7 @@ hx509_certs_end_seq(hx509_context context,
|
||||
* @param certs certificate store to iterate over.
|
||||
* @param func function to call for each certificate. The function
|
||||
* should return non-zero to abort the iteration, that value is passed
|
||||
* back to te caller of hx509_certs_iter().
|
||||
* back to the caller of hx509_certs_iter_f().
|
||||
* @param ctx context variable that will passed to the function.
|
||||
*
|
||||
* @return Returns an hx509 error code.
|
||||
@ -332,10 +334,10 @@ hx509_certs_end_seq(hx509_context context,
|
||||
*/
|
||||
|
||||
int
|
||||
hx509_certs_iter(hx509_context context,
|
||||
hx509_certs certs,
|
||||
int (*func)(hx509_context, void *, hx509_cert),
|
||||
void *ctx)
|
||||
hx509_certs_iter_f(hx509_context context,
|
||||
hx509_certs certs,
|
||||
int (*func)(hx509_context, void *, hx509_cert),
|
||||
void *ctx)
|
||||
{
|
||||
hx509_cursor cursor;
|
||||
hx509_cert c;
|
||||
@ -364,13 +366,46 @@ hx509_certs_iter(hx509_context context,
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Function to use to hx509_certs_iter() as a function argument, the
|
||||
* ctx variable to hx509_certs_iter() should be a FILE file descriptor.
|
||||
* Iterate over all certificates in a keystore and call an function
|
||||
* for each fo them.
|
||||
*
|
||||
* @param context a hx509 context.
|
||||
* @param ctx used by hx509_certs_iter().
|
||||
* @param certs certificate store to iterate over.
|
||||
* @param func function to call for each certificate. The function
|
||||
* should return non-zero to abort the iteration, that value is passed
|
||||
* back to the caller of hx509_certs_iter().
|
||||
*
|
||||
* @return Returns an hx509 error code.
|
||||
*
|
||||
* @ingroup hx509_keyset
|
||||
*/
|
||||
|
||||
#ifdef __BLOCKS__
|
||||
|
||||
static int
|
||||
certs_iter(hx509_context context, void *ctx, hx509_cert cert)
|
||||
{
|
||||
int (^func)(hx509_cert) = ctx;
|
||||
return func(cert);
|
||||
}
|
||||
|
||||
int
|
||||
hx509_certs_iter(hx509_context context,
|
||||
hx509_certs certs,
|
||||
int (^func)(hx509_cert))
|
||||
{
|
||||
return hx509_certs_iter_f(context, certs, certs_iter, func);
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
/**
|
||||
* Function to use to hx509_certs_iter_f() as a function argument, the
|
||||
* ctx variable to hx509_certs_iter_f() should be a FILE file descriptor.
|
||||
*
|
||||
* @param context a hx509 context.
|
||||
* @param ctx used by hx509_certs_iter_f().
|
||||
* @param c a certificate
|
||||
*
|
||||
* @return Returns an hx509 error code.
|
||||
@ -587,7 +622,7 @@ hx509_certs_merge(hx509_context context, hx509_certs to, hx509_certs from)
|
||||
{
|
||||
if (from == NULL)
|
||||
return 0;
|
||||
return hx509_certs_iter(context, from, certs_merge_func, to);
|
||||
return hx509_certs_iter_f(context, from, certs_merge_func, to);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -113,7 +113,7 @@ dir_iter_start(hx509_context context,
|
||||
free(d);
|
||||
return errno;
|
||||
}
|
||||
rk_cloexec(dirfd(d->dir));
|
||||
rk_cloexec_dir(d->dir);
|
||||
d->certs = NULL;
|
||||
d->iter = NULL;
|
||||
|
||||
|
@ -571,7 +571,7 @@ file_store(hx509_context context,
|
||||
rk_cloexec_file(sc.f);
|
||||
sc.format = ksf->format;
|
||||
|
||||
ret = hx509_certs_iter(context, ksf->certs, store_func, &sc);
|
||||
ret = hx509_certs_iter_f(context, ksf->certs, store_func, &sc);
|
||||
fclose(sc.f);
|
||||
return ret;
|
||||
}
|
||||
|
@ -43,6 +43,7 @@ OSStatus SecKeyGetCSPHandle(SecKeyRef, CSSM_CSP_HANDLE *);
|
||||
OSStatus SecKeyGetCredentials(SecKeyRef, CSSM_ACL_AUTHORIZATION_TAG,
|
||||
int, const CSSM_ACCESS_CREDENTIALS **);
|
||||
#define kSecCredentialTypeDefault 0
|
||||
#define CSSM_SIZE uint32_t
|
||||
#endif
|
||||
|
||||
|
||||
|
@ -571,7 +571,7 @@ p12_store(hx509_context context,
|
||||
memset(&as, 0, sizeof(as));
|
||||
memset(&pfx, 0, sizeof(pfx));
|
||||
|
||||
ret = hx509_certs_iter(context, p12->certs, store_func, &as);
|
||||
ret = hx509_certs_iter_f(context, p12->certs, store_func, &as);
|
||||
if (ret)
|
||||
goto out;
|
||||
|
||||
|
@ -3,6 +3,8 @@
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
@ -144,6 +146,7 @@ hx509_peer_info_add_cms_alg(hx509_context context,
|
||||
hx509_set_error_string(context, 0, ENOMEM, "out of memory");
|
||||
return ENOMEM;
|
||||
}
|
||||
peer->val = ptr;
|
||||
ret = copy_AlgorithmIdentifier(val, &peer->val[peer->len]);
|
||||
if (ret == 0)
|
||||
peer->len += 1;
|
||||
|
@ -989,7 +989,7 @@ hx509_ocsp_request(hx509_context context,
|
||||
ctx.digest = digest;
|
||||
ctx.parent = NULL;
|
||||
|
||||
ret = hx509_certs_iter(context, reqcerts, add_to_req, &ctx);
|
||||
ret = hx509_certs_iter_f(context, reqcerts, add_to_req, &ctx);
|
||||
hx509_cert_free(ctx.parent);
|
||||
if (ret)
|
||||
goto out;
|
||||
@ -1004,17 +1004,17 @@ hx509_ocsp_request(hx509_context context,
|
||||
|
||||
es = req.tbsRequest.requestExtensions;
|
||||
|
||||
es->val = calloc(1, sizeof(es->val[0]));
|
||||
es->val = calloc(es->len, sizeof(es->val[0]));
|
||||
if (es->val == NULL) {
|
||||
ret = ENOMEM;
|
||||
goto out;
|
||||
}
|
||||
es->len = 1;
|
||||
ret = der_copy_oid(&asn1_oid_id_pkix_ocsp_nonce, &es->val[0].extnID);
|
||||
if (ret) {
|
||||
free_OCSPRequest(&req);
|
||||
return ret;
|
||||
}
|
||||
es->len = 1;
|
||||
|
||||
es->val[0].extnValue.data = malloc(10);
|
||||
if (es->val[0].extnValue.data == NULL) {
|
||||
@ -1153,7 +1153,7 @@ hx509_revoke_ocsp_print(hx509_context context, const char *path, FILE *out)
|
||||
|
||||
fprintf(out, "appended certs:\n");
|
||||
if (ocsp.certs)
|
||||
ret = hx509_certs_iter(context, ocsp.certs, hx509_ci_print_names, out);
|
||||
ret = hx509_certs_iter_f(context, ocsp.certs, hx509_ci_print_names, out);
|
||||
|
||||
free_ocsp(&ocsp);
|
||||
return ret;
|
||||
@ -1486,7 +1486,7 @@ hx509_crl_sign(hx509_context context,
|
||||
}
|
||||
c.tbsCertList.crlExtensions = NULL;
|
||||
|
||||
ret = hx509_certs_iter(context, crl->revoked, add_revoked, &c.tbsCertList);
|
||||
ret = hx509_certs_iter_f(context, crl->revoked, add_revoked, &c.tbsCertList);
|
||||
if (ret)
|
||||
goto out;
|
||||
|
||||
|
@ -3,6 +3,8 @@
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
@ -37,8 +39,13 @@
|
||||
#include <dlfcn.h>
|
||||
#endif
|
||||
|
||||
#ifndef KCM_IS_API_CACHE
|
||||
|
||||
static HEIMDAL_MUTEX acc_mutex = HEIMDAL_MUTEX_INITIALIZER;
|
||||
static cc_initialize_func init_func;
|
||||
static void (*set_target_uid)(uid_t);
|
||||
static void (*clear_target)(void);
|
||||
|
||||
#ifdef HAVE_DLOPEN
|
||||
static void *cc_handle;
|
||||
#endif
|
||||
@ -82,18 +89,20 @@ translate_cc_error(krb5_context context, cc_int32 error)
|
||||
static krb5_error_code
|
||||
init_ccapi(krb5_context context)
|
||||
{
|
||||
const char *lib;
|
||||
const char *lib = NULL;
|
||||
|
||||
HEIMDAL_MUTEX_lock(&acc_mutex);
|
||||
if (init_func) {
|
||||
HEIMDAL_MUTEX_unlock(&acc_mutex);
|
||||
krb5_clear_error_message(context);
|
||||
if (context)
|
||||
krb5_clear_error_message(context);
|
||||
return 0;
|
||||
}
|
||||
|
||||
lib = krb5_config_get_string(context, NULL,
|
||||
"libdefaults", "ccapi_library",
|
||||
NULL);
|
||||
if (context)
|
||||
lib = krb5_config_get_string(context, NULL,
|
||||
"libdefaults", "ccapi_library",
|
||||
NULL);
|
||||
if (lib == NULL) {
|
||||
#ifdef __APPLE__
|
||||
lib = "/System/Library/Frameworks/Kerberos.framework/Kerberos";
|
||||
@ -106,23 +115,30 @@ init_ccapi(krb5_context context)
|
||||
|
||||
#ifndef RTLD_LAZY
|
||||
#define RTLD_LAZY 0
|
||||
#endif
|
||||
#ifndef RTLD_LOCAL
|
||||
#define RTLD_LOCAL 0
|
||||
#endif
|
||||
|
||||
cc_handle = dlopen(lib, RTLD_LAZY);
|
||||
cc_handle = dlopen(lib, RTLD_LAZY|RTLD_LOCAL);
|
||||
if (cc_handle == NULL) {
|
||||
HEIMDAL_MUTEX_unlock(&acc_mutex);
|
||||
krb5_set_error_message(context, KRB5_CC_NOSUPP,
|
||||
N_("Failed to load API cache module %s", "file"),
|
||||
lib);
|
||||
if (context)
|
||||
krb5_set_error_message(context, KRB5_CC_NOSUPP,
|
||||
N_("Failed to load API cache module %s", "file"),
|
||||
lib);
|
||||
return KRB5_CC_NOSUPP;
|
||||
}
|
||||
|
||||
init_func = (cc_initialize_func)dlsym(cc_handle, "cc_initialize");
|
||||
set_target_uid = dlsym(cc_handle, "krb5_ipc_client_set_target_uid");
|
||||
clear_target = dlsym(cc_handle, "krb5_ipc_client_clear_target");
|
||||
HEIMDAL_MUTEX_unlock(&acc_mutex);
|
||||
if (init_func == NULL) {
|
||||
krb5_set_error_message(context, KRB5_CC_NOSUPP,
|
||||
N_("Failed to find cc_initialize"
|
||||
"in %s: %s", "file, error"), lib, dlerror());
|
||||
if (context)
|
||||
krb5_set_error_message(context, KRB5_CC_NOSUPP,
|
||||
N_("Failed to find cc_initialize"
|
||||
"in %s: %s", "file, error"), lib, dlerror());
|
||||
dlclose(cc_handle);
|
||||
return KRB5_CC_NOSUPP;
|
||||
}
|
||||
@ -130,12 +146,27 @@ init_ccapi(krb5_context context)
|
||||
return 0;
|
||||
#else
|
||||
HEIMDAL_MUTEX_unlock(&acc_mutex);
|
||||
krb5_set_error_message(context, KRB5_CC_NOSUPP,
|
||||
N_("no support for shared object", ""));
|
||||
if (context)
|
||||
krb5_set_error_message(context, KRB5_CC_NOSUPP,
|
||||
N_("no support for shared object", ""));
|
||||
return KRB5_CC_NOSUPP;
|
||||
#endif
|
||||
}
|
||||
|
||||
void
|
||||
_heim_krb5_ipc_client_set_target_uid(uid_t uid)
|
||||
{
|
||||
init_ccapi(NULL);
|
||||
(*set_target_uid)(uid);
|
||||
}
|
||||
|
||||
void
|
||||
_heim_krb5_ipc_client_clear_target(void)
|
||||
{
|
||||
init_ccapi(NULL);
|
||||
(*clear_target)();
|
||||
}
|
||||
|
||||
static krb5_error_code
|
||||
make_cred_from_ccred(krb5_context context,
|
||||
const cc_credentials_v5_t *incred,
|
||||
@ -1068,3 +1099,5 @@ KRB5_LIB_VARIABLE const krb5_cc_ops krb5_acc_ops = {
|
||||
acc_set_default,
|
||||
acc_lastchange
|
||||
};
|
||||
|
||||
#endif
|
||||
|
@ -47,7 +47,7 @@
|
||||
* @ingroup krb5
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_add_et_list (krb5_context context,
|
||||
void (*func)(struct et_list **))
|
||||
{
|
||||
|
@ -175,16 +175,8 @@ ipv4_parse_addr (krb5_context context, const char *address, krb5_address *addr)
|
||||
return -1;
|
||||
} else
|
||||
p = address;
|
||||
#ifdef HAVE_INET_ATON
|
||||
if(inet_aton(p, &a) == 0)
|
||||
return -1;
|
||||
#elif defined(HAVE_INET_ADDR)
|
||||
a.s_addr = inet_addr(p);
|
||||
if(a.s_addr == INADDR_NONE)
|
||||
return -1;
|
||||
#else
|
||||
return -1;
|
||||
#endif
|
||||
addr->addr_type = KRB5_ADDRESS_INET;
|
||||
if(krb5_data_alloc(&addr->address, 4) != 0)
|
||||
return -1;
|
||||
@ -339,9 +331,7 @@ static int
|
||||
ipv6_print_addr (const krb5_address *addr, char *str, size_t len)
|
||||
{
|
||||
char buf[128], buf2[3];
|
||||
#ifdef HAVE_INET_NTOP
|
||||
if(inet_ntop(AF_INET6, addr->address.data, buf, sizeof(buf)) == NULL)
|
||||
#endif
|
||||
{
|
||||
/* XXX this is pretty ugly, but better than abort() */
|
||||
int i;
|
||||
@ -790,7 +780,7 @@ find_atype(int atype)
|
||||
* @ingroup krb5_address
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_sockaddr2address (krb5_context context,
|
||||
const struct sockaddr *sa, krb5_address *addr)
|
||||
{
|
||||
@ -818,7 +808,7 @@ krb5_sockaddr2address (krb5_context context,
|
||||
* @ingroup krb5_address
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_sockaddr2port (krb5_context context,
|
||||
const struct sockaddr *sa, int16_t *port)
|
||||
{
|
||||
@ -853,7 +843,7 @@ krb5_sockaddr2port (krb5_context context,
|
||||
* @ingroup krb5_address
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_addr2sockaddr (krb5_context context,
|
||||
const krb5_address *addr,
|
||||
struct sockaddr *sa,
|
||||
@ -889,7 +879,7 @@ krb5_addr2sockaddr (krb5_context context,
|
||||
* @ingroup krb5_address
|
||||
*/
|
||||
|
||||
size_t KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION size_t KRB5_LIB_CALL
|
||||
krb5_max_sockaddr_size (void)
|
||||
{
|
||||
if (max_sockaddr_size == 0) {
|
||||
@ -913,7 +903,7 @@ krb5_max_sockaddr_size (void)
|
||||
* @ingroup krb5_address
|
||||
*/
|
||||
|
||||
krb5_boolean KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
|
||||
krb5_sockaddr_uninteresting(const struct sockaddr *sa)
|
||||
{
|
||||
struct addr_operations *a = find_af(sa->sa_family);
|
||||
@ -941,7 +931,7 @@ krb5_sockaddr_uninteresting(const struct sockaddr *sa)
|
||||
* @ingroup krb5_address
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_h_addr2sockaddr (krb5_context context,
|
||||
int af,
|
||||
const char *addr, struct sockaddr *sa,
|
||||
@ -972,7 +962,7 @@ krb5_h_addr2sockaddr (krb5_context context,
|
||||
* @ingroup krb5_address
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_h_addr2addr (krb5_context context,
|
||||
int af,
|
||||
const char *haddr, krb5_address *addr)
|
||||
@ -1003,7 +993,7 @@ krb5_h_addr2addr (krb5_context context,
|
||||
* @ingroup krb5_address
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_anyaddr (krb5_context context,
|
||||
int af,
|
||||
struct sockaddr *sa,
|
||||
@ -1038,7 +1028,7 @@ krb5_anyaddr (krb5_context context,
|
||||
* @ingroup krb5_address
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_print_address (const krb5_address *addr,
|
||||
char *str, size_t len, size_t *ret_len)
|
||||
{
|
||||
@ -1088,7 +1078,7 @@ krb5_print_address (const krb5_address *addr,
|
||||
* @ingroup krb5_address
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_parse_address(krb5_context context,
|
||||
const char *string,
|
||||
krb5_addresses *addresses)
|
||||
@ -1169,7 +1159,7 @@ krb5_parse_address(krb5_context context,
|
||||
* @ingroup krb5_address
|
||||
*/
|
||||
|
||||
int KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION int KRB5_LIB_CALL
|
||||
krb5_address_order(krb5_context context,
|
||||
const krb5_address *addr1,
|
||||
const krb5_address *addr2)
|
||||
@ -1218,7 +1208,7 @@ krb5_address_order(krb5_context context,
|
||||
* @ingroup krb5_address
|
||||
*/
|
||||
|
||||
krb5_boolean KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
|
||||
krb5_address_compare(krb5_context context,
|
||||
const krb5_address *addr1,
|
||||
const krb5_address *addr2)
|
||||
@ -1239,7 +1229,7 @@ krb5_address_compare(krb5_context context,
|
||||
* @ingroup krb5_address
|
||||
*/
|
||||
|
||||
krb5_boolean KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
|
||||
krb5_address_search(krb5_context context,
|
||||
const krb5_address *addr,
|
||||
const krb5_addresses *addrlist)
|
||||
@ -1264,7 +1254,7 @@ krb5_address_search(krb5_context context,
|
||||
* @ingroup krb5_address
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_free_address(krb5_context context,
|
||||
krb5_address *address)
|
||||
{
|
||||
@ -1288,7 +1278,7 @@ krb5_free_address(krb5_context context,
|
||||
* @ingroup krb5_address
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_free_addresses(krb5_context context,
|
||||
krb5_addresses *addresses)
|
||||
{
|
||||
@ -1314,7 +1304,7 @@ krb5_free_addresses(krb5_context context,
|
||||
* @ingroup krb5_address
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_copy_address(krb5_context context,
|
||||
const krb5_address *inaddr,
|
||||
krb5_address *outaddr)
|
||||
@ -1338,7 +1328,7 @@ krb5_copy_address(krb5_context context,
|
||||
* @ingroup krb5_address
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_copy_addresses(krb5_context context,
|
||||
const krb5_addresses *inaddr,
|
||||
krb5_addresses *outaddr)
|
||||
@ -1365,7 +1355,7 @@ krb5_copy_addresses(krb5_context context,
|
||||
* @ingroup krb5_address
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_append_addresses(krb5_context context,
|
||||
krb5_addresses *dest,
|
||||
const krb5_addresses *source)
|
||||
@ -1409,7 +1399,7 @@ krb5_append_addresses(krb5_context context,
|
||||
* @ingroup krb5_address
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_make_addrport (krb5_context context,
|
||||
krb5_address **res, const krb5_address *addr, int16_t port)
|
||||
{
|
||||
@ -1476,7 +1466,7 @@ krb5_make_addrport (krb5_context context,
|
||||
* @ingroup krb5_address
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_address_prefixlen_boundary(krb5_context context,
|
||||
const krb5_address *inaddr,
|
||||
unsigned long prefixlen,
|
||||
|
@ -33,7 +33,7 @@
|
||||
|
||||
#include "krb5_locl.h"
|
||||
|
||||
void KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION void KRB5_LIB_CALL
|
||||
krb5_appdefault_boolean(krb5_context context, const char *appname,
|
||||
krb5_const_realm realm, const char *option,
|
||||
krb5_boolean def_val, krb5_boolean *ret_val)
|
||||
@ -75,7 +75,7 @@ krb5_appdefault_boolean(krb5_context context, const char *appname,
|
||||
*ret_val = def_val;
|
||||
}
|
||||
|
||||
void KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION void KRB5_LIB_CALL
|
||||
krb5_appdefault_string(krb5_context context, const char *appname,
|
||||
krb5_const_realm realm, const char *option,
|
||||
const char *def_val, char **ret_val)
|
||||
@ -119,7 +119,7 @@ krb5_appdefault_string(krb5_context context, const char *appname,
|
||||
*ret_val = NULL;
|
||||
}
|
||||
|
||||
void KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION void KRB5_LIB_CALL
|
||||
krb5_appdefault_time(krb5_context context, const char *appname,
|
||||
krb5_const_realm realm, const char *option,
|
||||
time_t def_val, time_t *ret_val)
|
||||
|
@ -37,14 +37,14 @@
|
||||
|
||||
#include "krb5_locl.h"
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
_krb5_principal2principalname (PrincipalName *p,
|
||||
const krb5_principal from)
|
||||
{
|
||||
return copy_PrincipalName(&from->name, p);
|
||||
}
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
_krb5_principalname2krb5_principal (krb5_context context,
|
||||
krb5_principal *principal,
|
||||
const PrincipalName from,
|
||||
|
@ -33,7 +33,7 @@
|
||||
|
||||
#include "krb5_locl.h"
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_auth_con_init(krb5_context context,
|
||||
krb5_auth_context *auth_context)
|
||||
{
|
||||
@ -64,7 +64,7 @@ krb5_auth_con_init(krb5_context context,
|
||||
return 0;
|
||||
}
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_auth_con_free(krb5_context context,
|
||||
krb5_auth_context auth_context)
|
||||
{
|
||||
@ -86,7 +86,7 @@ krb5_auth_con_free(krb5_context context,
|
||||
return 0;
|
||||
}
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_auth_con_setflags(krb5_context context,
|
||||
krb5_auth_context auth_context,
|
||||
int32_t flags)
|
||||
@ -96,7 +96,7 @@ krb5_auth_con_setflags(krb5_context context,
|
||||
}
|
||||
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_auth_con_getflags(krb5_context context,
|
||||
krb5_auth_context auth_context,
|
||||
int32_t *flags)
|
||||
@ -105,7 +105,7 @@ krb5_auth_con_getflags(krb5_context context,
|
||||
return 0;
|
||||
}
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_auth_con_addflags(krb5_context context,
|
||||
krb5_auth_context auth_context,
|
||||
int32_t addflags,
|
||||
@ -117,7 +117,7 @@ krb5_auth_con_addflags(krb5_context context,
|
||||
return 0;
|
||||
}
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_auth_con_removeflags(krb5_context context,
|
||||
krb5_auth_context auth_context,
|
||||
int32_t removeflags,
|
||||
@ -129,7 +129,7 @@ krb5_auth_con_removeflags(krb5_context context,
|
||||
return 0;
|
||||
}
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_auth_con_setaddrs(krb5_context context,
|
||||
krb5_auth_context auth_context,
|
||||
krb5_address *local_addr,
|
||||
@ -154,10 +154,10 @@ krb5_auth_con_setaddrs(krb5_context context,
|
||||
return 0;
|
||||
}
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_auth_con_genaddrs(krb5_context context,
|
||||
krb5_auth_context auth_context,
|
||||
int fd, int flags)
|
||||
krb5_socket_t fd, int flags)
|
||||
{
|
||||
krb5_error_code ret;
|
||||
krb5_address local_k_address, remote_k_address;
|
||||
@ -170,10 +170,10 @@ krb5_auth_con_genaddrs(krb5_context context,
|
||||
if(flags & KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR) {
|
||||
if (auth_context->local_address == NULL) {
|
||||
len = sizeof(ss_local);
|
||||
if(getsockname(fd, local, &len) < 0) {
|
||||
if(rk_IS_SOCKET_ERROR(getsockname(fd, local, &len))) {
|
||||
char buf[128];
|
||||
ret = errno;
|
||||
strerror_r(ret, buf, sizeof(buf));
|
||||
ret = rk_SOCK_ERRNO;
|
||||
rk_strerror_r(ret, buf, sizeof(buf));
|
||||
krb5_set_error_message(context, ret, "getsockname: %s", buf);
|
||||
goto out;
|
||||
}
|
||||
@ -188,10 +188,10 @@ krb5_auth_con_genaddrs(krb5_context context,
|
||||
}
|
||||
if(flags & KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR) {
|
||||
len = sizeof(ss_remote);
|
||||
if(getpeername(fd, remote, &len) < 0) {
|
||||
if(rk_IS_SOCKET_ERROR(getpeername(fd, remote, &len))) {
|
||||
char buf[128];
|
||||
ret = errno;
|
||||
strerror_r(ret, buf, sizeof(buf));
|
||||
ret = rk_SOCK_ERRNO;
|
||||
rk_strerror_r(ret, buf, sizeof(buf));
|
||||
krb5_set_error_message(context, ret, "getpeername: %s", buf);
|
||||
goto out;
|
||||
}
|
||||
@ -216,12 +216,12 @@ krb5_auth_con_genaddrs(krb5_context context,
|
||||
|
||||
}
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_auth_con_setaddrs_from_fd (krb5_context context,
|
||||
krb5_auth_context auth_context,
|
||||
void *p_fd)
|
||||
{
|
||||
int fd = *(int*)p_fd;
|
||||
krb5_socket_t fd = *(krb5_socket_t *)p_fd;
|
||||
int flags = 0;
|
||||
if(auth_context->local_address == NULL)
|
||||
flags |= KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR;
|
||||
@ -230,7 +230,7 @@ krb5_auth_con_setaddrs_from_fd (krb5_context context,
|
||||
return krb5_auth_con_genaddrs(context, auth_context, fd, flags);
|
||||
}
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_auth_con_getaddrs(krb5_context context,
|
||||
krb5_auth_context auth_context,
|
||||
krb5_address **local_addr,
|
||||
@ -273,7 +273,7 @@ copy_key(krb5_context context,
|
||||
return 0;
|
||||
}
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_auth_con_getkey(krb5_context context,
|
||||
krb5_auth_context auth_context,
|
||||
krb5_keyblock **keyblock)
|
||||
@ -281,7 +281,7 @@ krb5_auth_con_getkey(krb5_context context,
|
||||
return copy_key(context, auth_context->keyblock, keyblock);
|
||||
}
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_auth_con_getlocalsubkey(krb5_context context,
|
||||
krb5_auth_context auth_context,
|
||||
krb5_keyblock **keyblock)
|
||||
@ -289,7 +289,7 @@ krb5_auth_con_getlocalsubkey(krb5_context context,
|
||||
return copy_key(context, auth_context->local_subkey, keyblock);
|
||||
}
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_auth_con_getremotesubkey(krb5_context context,
|
||||
krb5_auth_context auth_context,
|
||||
krb5_keyblock **keyblock)
|
||||
@ -297,7 +297,7 @@ krb5_auth_con_getremotesubkey(krb5_context context,
|
||||
return copy_key(context, auth_context->remote_subkey, keyblock);
|
||||
}
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_auth_con_setkey(krb5_context context,
|
||||
krb5_auth_context auth_context,
|
||||
krb5_keyblock *keyblock)
|
||||
@ -307,7 +307,7 @@ krb5_auth_con_setkey(krb5_context context,
|
||||
return copy_key(context, keyblock, &auth_context->keyblock);
|
||||
}
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_auth_con_setlocalsubkey(krb5_context context,
|
||||
krb5_auth_context auth_context,
|
||||
krb5_keyblock *keyblock)
|
||||
@ -317,7 +317,7 @@ krb5_auth_con_setlocalsubkey(krb5_context context,
|
||||
return copy_key(context, keyblock, &auth_context->local_subkey);
|
||||
}
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_auth_con_generatelocalsubkey(krb5_context context,
|
||||
krb5_auth_context auth_context,
|
||||
krb5_keyblock *key)
|
||||
@ -337,7 +337,7 @@ krb5_auth_con_generatelocalsubkey(krb5_context context,
|
||||
}
|
||||
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_auth_con_setremotesubkey(krb5_context context,
|
||||
krb5_auth_context auth_context,
|
||||
krb5_keyblock *keyblock)
|
||||
@ -347,7 +347,7 @@ krb5_auth_con_setremotesubkey(krb5_context context,
|
||||
return copy_key(context, keyblock, &auth_context->remote_subkey);
|
||||
}
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_auth_con_setcksumtype(krb5_context context,
|
||||
krb5_auth_context auth_context,
|
||||
krb5_cksumtype cksumtype)
|
||||
@ -356,7 +356,7 @@ krb5_auth_con_setcksumtype(krb5_context context,
|
||||
return 0;
|
||||
}
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_auth_con_getcksumtype(krb5_context context,
|
||||
krb5_auth_context auth_context,
|
||||
krb5_cksumtype *cksumtype)
|
||||
@ -365,7 +365,7 @@ krb5_auth_con_getcksumtype(krb5_context context,
|
||||
return 0;
|
||||
}
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_auth_con_setkeytype (krb5_context context,
|
||||
krb5_auth_context auth_context,
|
||||
krb5_keytype keytype)
|
||||
@ -374,7 +374,7 @@ krb5_auth_con_setkeytype (krb5_context context,
|
||||
return 0;
|
||||
}
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_auth_con_getkeytype (krb5_context context,
|
||||
krb5_auth_context auth_context,
|
||||
krb5_keytype *keytype)
|
||||
@ -384,7 +384,7 @@ krb5_auth_con_getkeytype (krb5_context context,
|
||||
}
|
||||
|
||||
#if 0
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_auth_con_setenctype(krb5_context context,
|
||||
krb5_auth_context auth_context,
|
||||
krb5_enctype etype)
|
||||
@ -398,7 +398,7 @@ krb5_auth_con_setenctype(krb5_context context,
|
||||
return 0;
|
||||
}
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_auth_con_getenctype(krb5_context context,
|
||||
krb5_auth_context auth_context,
|
||||
krb5_enctype *etype)
|
||||
@ -407,7 +407,7 @@ krb5_auth_con_getenctype(krb5_context context,
|
||||
}
|
||||
#endif
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_auth_con_getlocalseqnumber(krb5_context context,
|
||||
krb5_auth_context auth_context,
|
||||
int32_t *seqnumber)
|
||||
@ -416,7 +416,7 @@ krb5_auth_con_getlocalseqnumber(krb5_context context,
|
||||
return 0;
|
||||
}
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_auth_con_setlocalseqnumber (krb5_context context,
|
||||
krb5_auth_context auth_context,
|
||||
int32_t seqnumber)
|
||||
@ -425,16 +425,16 @@ krb5_auth_con_setlocalseqnumber (krb5_context context,
|
||||
return 0;
|
||||
}
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
krb5_auth_getremoteseqnumber(krb5_context context,
|
||||
krb5_auth_context auth_context,
|
||||
int32_t *seqnumber)
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_auth_con_getremoteseqnumber(krb5_context context,
|
||||
krb5_auth_context auth_context,
|
||||
int32_t *seqnumber)
|
||||
{
|
||||
*seqnumber = auth_context->remote_seqnumber;
|
||||
return 0;
|
||||
}
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_auth_con_setremoteseqnumber (krb5_context context,
|
||||
krb5_auth_context auth_context,
|
||||
int32_t seqnumber)
|
||||
@ -444,7 +444,7 @@ krb5_auth_con_setremoteseqnumber (krb5_context context,
|
||||
}
|
||||
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_auth_con_getauthenticator(krb5_context context,
|
||||
krb5_auth_context auth_context,
|
||||
krb5_authenticator *authenticator)
|
||||
@ -461,7 +461,7 @@ krb5_auth_con_getauthenticator(krb5_context context,
|
||||
}
|
||||
|
||||
|
||||
void KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION void KRB5_LIB_CALL
|
||||
krb5_free_authenticator(krb5_context context,
|
||||
krb5_authenticator *authenticator)
|
||||
{
|
||||
@ -471,7 +471,7 @@ krb5_free_authenticator(krb5_context context,
|
||||
}
|
||||
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_auth_con_setuserkey(krb5_context context,
|
||||
krb5_auth_context auth_context,
|
||||
krb5_keyblock *keyblock)
|
||||
@ -481,7 +481,7 @@ krb5_auth_con_setuserkey(krb5_context context,
|
||||
return krb5_copy_keyblock(context, keyblock, &auth_context->keyblock);
|
||||
}
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_auth_con_getrcache(krb5_context context,
|
||||
krb5_auth_context auth_context,
|
||||
krb5_rcache *rcache)
|
||||
@ -490,7 +490,7 @@ krb5_auth_con_getrcache(krb5_context context,
|
||||
return 0;
|
||||
}
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_auth_con_setrcache(krb5_context context,
|
||||
krb5_auth_context auth_context,
|
||||
krb5_rcache rcache)
|
||||
@ -501,7 +501,7 @@ krb5_auth_con_setrcache(krb5_context context,
|
||||
|
||||
#if 0 /* not implemented */
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_auth_con_initivector(krb5_context context,
|
||||
krb5_auth_context auth_context)
|
||||
{
|
||||
@ -509,7 +509,7 @@ krb5_auth_con_initivector(krb5_context context,
|
||||
}
|
||||
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_auth_con_setivector(krb5_context context,
|
||||
krb5_auth_context auth_context,
|
||||
krb5_pointer ivector)
|
||||
|
@ -31,9 +31,9 @@
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include <krb5_locl.h>
|
||||
#include "krb5_locl.h"
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_build_ap_req (krb5_context context,
|
||||
krb5_enctype enctype,
|
||||
krb5_creds *cred,
|
||||
|
@ -31,7 +31,7 @@
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include <krb5_locl.h>
|
||||
#include "krb5_locl.h"
|
||||
|
||||
static krb5_error_code
|
||||
make_etypelist(krb5_context context,
|
||||
@ -99,14 +99,14 @@ make_etypelist(krb5_context context,
|
||||
return 0;
|
||||
}
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
_krb5_build_authenticator(krb5_context context,
|
||||
krb5_auth_context auth_context,
|
||||
krb5_enctype enctype,
|
||||
krb5_creds *cred,
|
||||
Checksum *cksum,
|
||||
krb5_data *result,
|
||||
krb5_key_usage usage)
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
_krb5_build_authenticator (krb5_context context,
|
||||
krb5_auth_context auth_context,
|
||||
krb5_enctype enctype,
|
||||
krb5_creds *cred,
|
||||
Checksum *cksum,
|
||||
krb5_data *result,
|
||||
krb5_key_usage usage)
|
||||
{
|
||||
Authenticator auth;
|
||||
u_char *buf = NULL;
|
||||
|
@ -3,6 +3,8 @@
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
@ -112,7 +114,7 @@ main (int argc, char **argv)
|
||||
* @ingroup krb5_ccache
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_cc_register(krb5_context context,
|
||||
const krb5_cc_ops *ops,
|
||||
krb5_boolean override)
|
||||
@ -184,13 +186,34 @@ allocate_ccache (krb5_context context,
|
||||
krb5_ccache *id)
|
||||
{
|
||||
krb5_error_code ret;
|
||||
#ifdef KRB5_USE_PATH_TOKENS
|
||||
char * exp_residual = NULL;
|
||||
|
||||
ret = _krb5_cc_allocate(context, ops, id);
|
||||
ret = _krb5_expand_path_tokens(context, residual, &exp_residual);
|
||||
if (ret)
|
||||
return ret;
|
||||
|
||||
residual = exp_residual;
|
||||
#endif
|
||||
|
||||
ret = _krb5_cc_allocate(context, ops, id);
|
||||
if (ret) {
|
||||
#ifdef KRB5_USE_PATH_TOKENS
|
||||
if (exp_residual)
|
||||
free(exp_residual);
|
||||
#endif
|
||||
return ret;
|
||||
}
|
||||
|
||||
ret = (*id)->ops->resolve(context, id, residual);
|
||||
if(ret)
|
||||
free(*id);
|
||||
|
||||
#ifdef KRB5_USE_PATH_TOKENS
|
||||
if (exp_residual)
|
||||
free(exp_residual);
|
||||
#endif
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
@ -209,7 +232,7 @@ allocate_ccache (krb5_context context,
|
||||
*/
|
||||
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_cc_resolve(krb5_context context,
|
||||
const char *name,
|
||||
krb5_ccache *id)
|
||||
@ -249,7 +272,7 @@ krb5_cc_resolve(krb5_context context,
|
||||
* @ingroup krb5_ccache
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_cc_new_unique(krb5_context context, const char *type,
|
||||
const char *hint, krb5_ccache *id)
|
||||
{
|
||||
@ -281,7 +304,7 @@ krb5_cc_new_unique(krb5_context context, const char *type,
|
||||
*/
|
||||
|
||||
|
||||
const char* KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
|
||||
krb5_cc_get_name(krb5_context context,
|
||||
krb5_ccache id)
|
||||
{
|
||||
@ -295,7 +318,7 @@ krb5_cc_get_name(krb5_context context,
|
||||
*/
|
||||
|
||||
|
||||
const char* KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
|
||||
krb5_cc_get_type(krb5_context context,
|
||||
krb5_ccache id)
|
||||
{
|
||||
@ -303,15 +326,19 @@ krb5_cc_get_type(krb5_context context,
|
||||
}
|
||||
|
||||
/**
|
||||
* Return the complete resolvable name the ccache `id' in `str´.
|
||||
* `str` should be freed with free(3).
|
||||
* Returns 0 or an error (and then *str is set to NULL).
|
||||
* Return the complete resolvable name the cache
|
||||
|
||||
* @param context a Keberos context
|
||||
* @param id return pointer to a found credential cache
|
||||
* @param str the returned name of a credential cache, free with krb5_xfree()
|
||||
*
|
||||
* @return Returns 0 or an error (and then *str is set to NULL).
|
||||
*
|
||||
* @ingroup krb5_ccache
|
||||
*/
|
||||
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_cc_get_full_name(krb5_context context,
|
||||
krb5_ccache id,
|
||||
char **str)
|
||||
@ -362,6 +389,7 @@ krb5_cc_get_ops(krb5_context context, krb5_ccache id)
|
||||
krb5_error_code
|
||||
_krb5_expand_default_cc_name(krb5_context context, const char *str, char **res)
|
||||
{
|
||||
#ifndef KRB5_USE_PATH_TOKENS
|
||||
size_t tlen, len = 0;
|
||||
char *tmp, *tmp2, *append;
|
||||
|
||||
@ -379,7 +407,8 @@ _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res)
|
||||
} else if (tmp) {
|
||||
tmp2 = strchr(tmp, '}');
|
||||
if (tmp2 == NULL) {
|
||||
free(*res);
|
||||
if (*res)
|
||||
free(*res);
|
||||
*res = NULL;
|
||||
krb5_set_error_message(context, KRB5_CONFIG_BADFORMAT,
|
||||
"variable missing }");
|
||||
@ -390,7 +419,8 @@ _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res)
|
||||
else if (strncasecmp(tmp, "%{null}", 7) == 0)
|
||||
append = strdup("");
|
||||
else {
|
||||
free(*res);
|
||||
if (*res)
|
||||
free(*res);
|
||||
*res = NULL;
|
||||
krb5_set_error_message(context,
|
||||
KRB5_CONFIG_BADFORMAT,
|
||||
@ -405,7 +435,8 @@ _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res)
|
||||
str = NULL;
|
||||
}
|
||||
if (append == NULL) {
|
||||
free(*res);
|
||||
if (*res)
|
||||
free(*res);
|
||||
*res = NULL;
|
||||
krb5_set_error_message(context, ENOMEM,
|
||||
N_("malloc: out of memory", ""));
|
||||
@ -416,7 +447,8 @@ _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res)
|
||||
tmp = realloc(*res, len + tlen + 1);
|
||||
if (tmp == NULL) {
|
||||
free(append);
|
||||
free(*res);
|
||||
if (*res)
|
||||
free(*res);
|
||||
*res = NULL;
|
||||
krb5_set_error_message(context, ENOMEM,
|
||||
N_("malloc: out of memory", ""));
|
||||
@ -428,6 +460,13 @@ _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res)
|
||||
free(append);
|
||||
}
|
||||
return 0;
|
||||
#else /* _WIN32 */
|
||||
/* On Windows, we use the more generic _krb5_expand_path_tokens()
|
||||
function which also handles path tokens in addition to %{uid}
|
||||
and %{null} */
|
||||
|
||||
return _krb5_expand_path_tokens(context, str, res);
|
||||
#endif
|
||||
}
|
||||
|
||||
/*
|
||||
@ -444,6 +483,12 @@ environment_changed(krb5_context context)
|
||||
if (context->default_cc_name_set)
|
||||
return 0;
|
||||
|
||||
/* XXX performance: always ask KCM/API if default name has changed */
|
||||
if (context->default_cc_name &&
|
||||
(strncmp(context->default_cc_name, "KCM:", 4) == 0 ||
|
||||
strncmp(context->default_cc_name, "API:", 4) == 0))
|
||||
return 1;
|
||||
|
||||
if(issuid())
|
||||
return 0;
|
||||
|
||||
@ -472,7 +517,7 @@ environment_changed(krb5_context context)
|
||||
* @ingroup krb5_ccache
|
||||
*/
|
||||
|
||||
krb5_error_code
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
krb5_cc_switch(krb5_context context, krb5_ccache id)
|
||||
{
|
||||
|
||||
@ -482,13 +527,30 @@ krb5_cc_switch(krb5_context context, krb5_ccache id)
|
||||
return (*id->ops->set_default)(context, id);
|
||||
}
|
||||
|
||||
/**
|
||||
* Return true if the default credential cache support switch
|
||||
*
|
||||
* @ingroup krb5_ccache
|
||||
*/
|
||||
|
||||
krb5_boolean KRB5_LIB_FUNCTION
|
||||
krb5_cc_support_switch(krb5_context context, const char *type)
|
||||
{
|
||||
const krb5_cc_ops *ops;
|
||||
|
||||
ops = krb5_cc_get_prefix_ops(context, type);
|
||||
if (ops && ops->set_default)
|
||||
return 1;
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the default cc name for `context' to `name'.
|
||||
*
|
||||
* @ingroup krb5_ccache
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_cc_set_default_name(krb5_context context, const char *name)
|
||||
{
|
||||
krb5_error_code ret = 0;
|
||||
@ -544,6 +606,20 @@ krb5_cc_set_default_name(krb5_context context, const char *name)
|
||||
return ENOMEM;
|
||||
}
|
||||
|
||||
#ifdef KRB5_USE_PATH_TOKENS
|
||||
{
|
||||
char * exp_p = NULL;
|
||||
|
||||
if (_krb5_expand_path_tokens(context, p, &exp_p) == 0) {
|
||||
free (p);
|
||||
p = exp_p;
|
||||
} else {
|
||||
free (p);
|
||||
return EINVAL;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
if (context->default_cc_name)
|
||||
free(context->default_cc_name);
|
||||
|
||||
@ -562,7 +638,7 @@ krb5_cc_set_default_name(krb5_context context, const char *name)
|
||||
*/
|
||||
|
||||
|
||||
const char* KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
|
||||
krb5_cc_default_name(krb5_context context)
|
||||
{
|
||||
if (context->default_cc_name == NULL || environment_changed(context))
|
||||
@ -580,7 +656,7 @@ krb5_cc_default_name(krb5_context context)
|
||||
*/
|
||||
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_cc_default(krb5_context context,
|
||||
krb5_ccache *id)
|
||||
{
|
||||
@ -602,7 +678,7 @@ krb5_cc_default(krb5_context context,
|
||||
*/
|
||||
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_cc_initialize(krb5_context context,
|
||||
krb5_ccache id,
|
||||
krb5_principal primary_principal)
|
||||
@ -620,7 +696,7 @@ krb5_cc_initialize(krb5_context context,
|
||||
*/
|
||||
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_cc_destroy(krb5_context context,
|
||||
krb5_ccache id)
|
||||
{
|
||||
@ -640,7 +716,7 @@ krb5_cc_destroy(krb5_context context,
|
||||
*/
|
||||
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_cc_close(krb5_context context,
|
||||
krb5_ccache id)
|
||||
{
|
||||
@ -659,7 +735,7 @@ krb5_cc_close(krb5_context context,
|
||||
*/
|
||||
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_cc_store_cred(krb5_context context,
|
||||
krb5_ccache id,
|
||||
krb5_creds *creds)
|
||||
@ -685,7 +761,7 @@ krb5_cc_store_cred(krb5_context context,
|
||||
*/
|
||||
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_cc_retrieve_cred(krb5_context context,
|
||||
krb5_ccache id,
|
||||
krb5_flags whichfields,
|
||||
@ -723,7 +799,7 @@ krb5_cc_retrieve_cred(krb5_context context,
|
||||
*/
|
||||
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_cc_get_principal(krb5_context context,
|
||||
krb5_ccache id,
|
||||
krb5_principal *principal)
|
||||
@ -741,7 +817,7 @@ krb5_cc_get_principal(krb5_context context,
|
||||
*/
|
||||
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_cc_start_seq_get (krb5_context context,
|
||||
const krb5_ccache id,
|
||||
krb5_cc_cursor *cursor)
|
||||
@ -759,7 +835,7 @@ krb5_cc_start_seq_get (krb5_context context,
|
||||
*/
|
||||
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_cc_next_cred (krb5_context context,
|
||||
const krb5_ccache id,
|
||||
krb5_cc_cursor *cursor,
|
||||
@ -775,7 +851,7 @@ krb5_cc_next_cred (krb5_context context,
|
||||
*/
|
||||
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_cc_end_seq_get (krb5_context context,
|
||||
const krb5_ccache id,
|
||||
krb5_cc_cursor *cursor)
|
||||
@ -790,7 +866,7 @@ krb5_cc_end_seq_get (krb5_context context,
|
||||
*/
|
||||
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_cc_remove_cred(krb5_context context,
|
||||
krb5_ccache id,
|
||||
krb5_flags which,
|
||||
@ -813,7 +889,7 @@ krb5_cc_remove_cred(krb5_context context,
|
||||
*/
|
||||
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_cc_set_flags(krb5_context context,
|
||||
krb5_ccache id,
|
||||
krb5_flags flags)
|
||||
@ -827,7 +903,7 @@ krb5_cc_set_flags(krb5_context context,
|
||||
* @ingroup krb5_ccache
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_cc_get_flags(krb5_context context,
|
||||
krb5_ccache id,
|
||||
krb5_flags *flags)
|
||||
@ -852,7 +928,7 @@ krb5_cc_get_flags(krb5_context context,
|
||||
* @ingroup krb5_ccache
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_cc_copy_match_f(krb5_context context,
|
||||
const krb5_ccache from,
|
||||
krb5_ccache to,
|
||||
@ -905,7 +981,7 @@ krb5_cc_copy_match_f(krb5_context context,
|
||||
* @ingroup @krb5_ccache
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_cc_copy_cache(krb5_context context,
|
||||
const krb5_ccache from,
|
||||
krb5_ccache to)
|
||||
@ -920,7 +996,7 @@ krb5_cc_copy_cache(krb5_context context,
|
||||
*/
|
||||
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_cc_get_version(krb5_context context,
|
||||
const krb5_ccache id)
|
||||
{
|
||||
@ -937,7 +1013,7 @@ krb5_cc_get_version(krb5_context context,
|
||||
*/
|
||||
|
||||
|
||||
void KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION void KRB5_LIB_CALL
|
||||
krb5_cc_clear_mcred(krb5_creds *mcred)
|
||||
{
|
||||
memset(mcred, 0, sizeof(*mcred));
|
||||
@ -1005,7 +1081,7 @@ struct krb5_cc_cache_cursor_data {
|
||||
*/
|
||||
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_cc_cache_get_first (krb5_context context,
|
||||
const char *type,
|
||||
krb5_cc_cache_cursor *cursor)
|
||||
@ -1063,7 +1139,7 @@ krb5_cc_cache_get_first (krb5_context context,
|
||||
*/
|
||||
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_cc_cache_next (krb5_context context,
|
||||
krb5_cc_cache_cursor cursor,
|
||||
krb5_ccache *id)
|
||||
@ -1080,7 +1156,7 @@ krb5_cc_cache_next (krb5_context context,
|
||||
*/
|
||||
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_cc_cache_end_seq_get (krb5_context context,
|
||||
krb5_cc_cache_cursor cursor)
|
||||
{
|
||||
@ -1106,7 +1182,7 @@ krb5_cc_cache_end_seq_get (krb5_context context,
|
||||
*/
|
||||
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_cc_cache_match (krb5_context context,
|
||||
krb5_principal client,
|
||||
krb5_ccache *id)
|
||||
@ -1240,7 +1316,7 @@ build_conf_principals(krb5_context context, krb5_ccache id,
|
||||
* @ingroup krb5_ccache
|
||||
*/
|
||||
|
||||
krb5_boolean KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
|
||||
krb5_is_config_principal(krb5_context context,
|
||||
krb5_const_principal principal)
|
||||
{
|
||||
@ -1268,7 +1344,7 @@ krb5_is_config_principal(krb5_context context,
|
||||
* @ingroup krb5_ccache
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_cc_set_config(krb5_context context, krb5_ccache id,
|
||||
krb5_const_principal principal,
|
||||
const char *name, krb5_data *data)
|
||||
@ -1316,7 +1392,7 @@ out:
|
||||
*/
|
||||
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_cc_get_config(krb5_context context, krb5_ccache id,
|
||||
krb5_const_principal principal,
|
||||
const char *name, krb5_data *data)
|
||||
@ -1347,7 +1423,7 @@ out:
|
||||
*
|
||||
*/
|
||||
|
||||
struct krb5_cccol_cursor {
|
||||
struct krb5_cccol_cursor_data {
|
||||
int idx;
|
||||
krb5_cc_cache_cursor cursor;
|
||||
};
|
||||
@ -1364,7 +1440,7 @@ struct krb5_cccol_cursor {
|
||||
* @ingroup krb5_ccache
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_cccol_cursor_new(krb5_context context, krb5_cccol_cursor *cursor)
|
||||
{
|
||||
*cursor = calloc(1, sizeof(**cursor));
|
||||
@ -1396,7 +1472,7 @@ krb5_cccol_cursor_new(krb5_context context, krb5_cccol_cursor *cursor)
|
||||
*/
|
||||
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_cccol_cursor_next(krb5_context context, krb5_cccol_cursor cursor,
|
||||
krb5_ccache *cache)
|
||||
{
|
||||
@ -1447,7 +1523,7 @@ krb5_cccol_cursor_next(krb5_context context, krb5_cccol_cursor cursor,
|
||||
* @ingroup krb5_ccache
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_cccol_cursor_free(krb5_context context, krb5_cccol_cursor *cursor)
|
||||
{
|
||||
krb5_cccol_cursor c = *cursor;
|
||||
@ -1474,7 +1550,7 @@ krb5_cccol_cursor_free(krb5_context context, krb5_cccol_cursor *cursor)
|
||||
*/
|
||||
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_cc_last_change_time(krb5_context context,
|
||||
krb5_ccache id,
|
||||
krb5_timestamp *mtime)
|
||||
@ -1497,7 +1573,7 @@ krb5_cc_last_change_time(krb5_context context,
|
||||
* @ingroup krb5_ccache
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_cccol_last_change_time(krb5_context context,
|
||||
const char *type,
|
||||
krb5_timestamp *mtime)
|
||||
@ -1538,7 +1614,7 @@ krb5_cccol_last_change_time(krb5_context context,
|
||||
* @ingroup krb5_ccache
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_cc_get_friendly_name(krb5_context context,
|
||||
krb5_ccache id,
|
||||
char **name)
|
||||
@ -1575,7 +1651,7 @@ krb5_cc_get_friendly_name(krb5_context context,
|
||||
* @ingroup krb5_ccache
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_cc_set_friendly_name(krb5_context context,
|
||||
krb5_ccache id,
|
||||
const char *name)
|
||||
@ -1603,7 +1679,7 @@ krb5_cc_set_friendly_name(krb5_context context,
|
||||
* @ingroup krb5_ccache
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_cc_get_lifetime(krb5_context context, krb5_ccache id, time_t *t)
|
||||
{
|
||||
krb5_cc_cursor cursor;
|
||||
@ -1623,13 +1699,61 @@ krb5_cc_get_lifetime(krb5_context context, krb5_ccache id, time_t *t)
|
||||
if (now < cred.times.endtime)
|
||||
*t = cred.times.endtime - now;
|
||||
krb5_free_cred_contents(context, &cred);
|
||||
goto out;
|
||||
break;
|
||||
}
|
||||
krb5_free_cred_contents(context, &cred);
|
||||
}
|
||||
|
||||
out:
|
||||
krb5_cc_end_seq_get(context, id, &cursor);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the time offset betwen the client and the KDC
|
||||
*
|
||||
* If the backend doesn't support KDC offset, use the context global setting.
|
||||
*
|
||||
* @param context A Kerberos 5 context.
|
||||
* @param id a credential cache
|
||||
* @param offset the offset in seconds
|
||||
*
|
||||
* @return Return an error code or 0, see krb5_get_error_message().
|
||||
*
|
||||
* @ingroup krb5_ccache
|
||||
*/
|
||||
|
||||
krb5_error_code
|
||||
krb5_cc_set_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat offset)
|
||||
{
|
||||
if (id->ops->set_kdc_offset == NULL) {
|
||||
context->kdc_sec_offset = offset;
|
||||
context->kdc_usec_offset = 0;
|
||||
return 0;
|
||||
}
|
||||
return (*id->ops->set_kdc_offset)(context, id, offset);
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the time offset betwen the client and the KDC
|
||||
*
|
||||
* If the backend doesn't support KDC offset, use the context global setting.
|
||||
*
|
||||
* @param context A Kerberos 5 context.
|
||||
* @param id a credential cache
|
||||
* @param offset the offset in seconds
|
||||
*
|
||||
* @return Return an error code or 0, see krb5_get_error_message().
|
||||
*
|
||||
* @ingroup krb5_ccache
|
||||
*/
|
||||
|
||||
krb5_error_code
|
||||
krb5_cc_get_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat *offset)
|
||||
{
|
||||
if (id->ops->get_kdc_offset == NULL) {
|
||||
*offset = context->kdc_sec_offset;
|
||||
return 0;
|
||||
}
|
||||
return (*id->ops->get_kdc_offset)(context, id, offset);
|
||||
}
|
||||
|
@ -33,7 +33,7 @@
|
||||
|
||||
#define KRB5_DEPRECATED
|
||||
|
||||
#include <krb5_locl.h>
|
||||
#include "krb5_locl.h"
|
||||
|
||||
#undef __attribute__
|
||||
#define __attribute__(X)
|
||||
@ -602,7 +602,8 @@ change_password_loop (krb5_context context,
|
||||
goto out;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
#ifndef NO_LIMIT_FD_SETSIZE
|
||||
if (sock >= FD_SETSIZE) {
|
||||
ret = ERANGE;
|
||||
krb5_set_error_message(context, ret,
|
||||
@ -610,6 +611,7 @@ change_password_loop (krb5_context context,
|
||||
close (sock);
|
||||
goto out;
|
||||
}
|
||||
#endif
|
||||
|
||||
FD_ZERO(&fdset);
|
||||
FD_SET(sock, &fdset);
|
||||
@ -670,7 +672,7 @@ find_chpw_proto(const char *name)
|
||||
}
|
||||
|
||||
/**
|
||||
* krb5_change_password() is deprecated, use krb5_set_password().
|
||||
* Deprecated: krb5_change_password() is deprecated, use krb5_set_password().
|
||||
*
|
||||
* @param context a Keberos context
|
||||
* @param creds
|
||||
@ -684,14 +686,14 @@ find_chpw_proto(const char *name)
|
||||
* @ingroup @krb5_deprecated
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_DEPRECATED
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_change_password (krb5_context context,
|
||||
krb5_creds *creds,
|
||||
const char *newpw,
|
||||
int *result_code,
|
||||
krb5_data *result_code_string,
|
||||
krb5_data *result_string)
|
||||
KRB5_DEPRECATED
|
||||
{
|
||||
struct kpwd_proc *p = find_chpw_proto("change password");
|
||||
|
||||
@ -726,7 +728,7 @@ krb5_change_password (krb5_context context,
|
||||
* @ingroup @krb5
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_set_password(krb5_context context,
|
||||
krb5_creds *creds,
|
||||
const char *newpw,
|
||||
@ -769,7 +771,7 @@ krb5_set_password(krb5_context context,
|
||||
*
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_set_password_using_ccache(krb5_context context,
|
||||
krb5_ccache ccache,
|
||||
const char *newpw,
|
||||
@ -834,7 +836,7 @@ krb5_set_password_using_ccache(krb5_context context,
|
||||
*
|
||||
*/
|
||||
|
||||
const char* KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
|
||||
krb5_passwd_result_to_string (krb5_context context,
|
||||
int result)
|
||||
{
|
||||
|
@ -37,178 +37,178 @@
|
||||
|
||||
#ifndef HEIMDAL_SMALLER
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_DEPRECATED
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_decode_EncTicketPart (krb5_context context,
|
||||
const void *data,
|
||||
size_t length,
|
||||
EncTicketPart *t,
|
||||
size_t *len)
|
||||
KRB5_DEPRECATED
|
||||
{
|
||||
return decode_EncTicketPart(data, length, t, len);
|
||||
}
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_DEPRECATED
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_encode_EncTicketPart (krb5_context context,
|
||||
void *data,
|
||||
size_t length,
|
||||
EncTicketPart *t,
|
||||
size_t *len)
|
||||
KRB5_DEPRECATED
|
||||
{
|
||||
return encode_EncTicketPart(data, length, t, len);
|
||||
}
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_DEPRECATED
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_decode_EncASRepPart (krb5_context context,
|
||||
const void *data,
|
||||
size_t length,
|
||||
EncASRepPart *t,
|
||||
size_t *len)
|
||||
KRB5_DEPRECATED
|
||||
{
|
||||
return decode_EncASRepPart(data, length, t, len);
|
||||
}
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_DEPRECATED
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_encode_EncASRepPart (krb5_context context,
|
||||
void *data,
|
||||
size_t length,
|
||||
EncASRepPart *t,
|
||||
size_t *len)
|
||||
KRB5_DEPRECATED
|
||||
{
|
||||
return encode_EncASRepPart(data, length, t, len);
|
||||
}
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_DEPRECATED
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_decode_EncTGSRepPart (krb5_context context,
|
||||
const void *data,
|
||||
size_t length,
|
||||
EncTGSRepPart *t,
|
||||
size_t *len)
|
||||
KRB5_DEPRECATED
|
||||
{
|
||||
return decode_EncTGSRepPart(data, length, t, len);
|
||||
}
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_DEPRECATED
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_encode_EncTGSRepPart (krb5_context context,
|
||||
void *data,
|
||||
size_t length,
|
||||
EncTGSRepPart *t,
|
||||
size_t *len)
|
||||
KRB5_DEPRECATED
|
||||
{
|
||||
return encode_EncTGSRepPart(data, length, t, len);
|
||||
}
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_DEPRECATED
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_decode_EncAPRepPart (krb5_context context,
|
||||
const void *data,
|
||||
size_t length,
|
||||
EncAPRepPart *t,
|
||||
size_t *len)
|
||||
KRB5_DEPRECATED
|
||||
{
|
||||
return decode_EncAPRepPart(data, length, t, len);
|
||||
}
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_DEPRECATED
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_encode_EncAPRepPart (krb5_context context,
|
||||
void *data,
|
||||
size_t length,
|
||||
EncAPRepPart *t,
|
||||
size_t *len)
|
||||
KRB5_DEPRECATED
|
||||
{
|
||||
return encode_EncAPRepPart(data, length, t, len);
|
||||
}
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_DEPRECATED
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_decode_Authenticator (krb5_context context,
|
||||
const void *data,
|
||||
size_t length,
|
||||
Authenticator *t,
|
||||
size_t *len)
|
||||
KRB5_DEPRECATED
|
||||
{
|
||||
return decode_Authenticator(data, length, t, len);
|
||||
}
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_DEPRECATED
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_encode_Authenticator (krb5_context context,
|
||||
void *data,
|
||||
size_t length,
|
||||
Authenticator *t,
|
||||
size_t *len)
|
||||
KRB5_DEPRECATED
|
||||
{
|
||||
return encode_Authenticator(data, length, t, len);
|
||||
}
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_DEPRECATED
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_decode_EncKrbCredPart (krb5_context context,
|
||||
const void *data,
|
||||
size_t length,
|
||||
EncKrbCredPart *t,
|
||||
size_t *len)
|
||||
KRB5_DEPRECATED
|
||||
{
|
||||
return decode_EncKrbCredPart(data, length, t, len);
|
||||
}
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_DEPRECATED
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_encode_EncKrbCredPart (krb5_context context,
|
||||
void *data,
|
||||
size_t length,
|
||||
EncKrbCredPart *t,
|
||||
size_t *len)
|
||||
KRB5_DEPRECATED
|
||||
{
|
||||
return encode_EncKrbCredPart (data, length, t, len);
|
||||
}
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_DEPRECATED
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_decode_ETYPE_INFO (krb5_context context,
|
||||
const void *data,
|
||||
size_t length,
|
||||
ETYPE_INFO *t,
|
||||
size_t *len)
|
||||
KRB5_DEPRECATED
|
||||
{
|
||||
return decode_ETYPE_INFO(data, length, t, len);
|
||||
}
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_DEPRECATED
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_encode_ETYPE_INFO (krb5_context context,
|
||||
void *data,
|
||||
size_t length,
|
||||
ETYPE_INFO *t,
|
||||
size_t *len)
|
||||
KRB5_DEPRECATED
|
||||
{
|
||||
return encode_ETYPE_INFO (data, length, t, len);
|
||||
}
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_DEPRECATED
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_decode_ETYPE_INFO2 (krb5_context context,
|
||||
const void *data,
|
||||
size_t length,
|
||||
ETYPE_INFO2 *t,
|
||||
size_t *len)
|
||||
KRB5_DEPRECATED
|
||||
{
|
||||
return decode_ETYPE_INFO2(data, length, t, len);
|
||||
}
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_DEPRECATED
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_encode_ETYPE_INFO2 (krb5_context context,
|
||||
void *data,
|
||||
size_t length,
|
||||
ETYPE_INFO2 *t,
|
||||
size_t *len)
|
||||
KRB5_DEPRECATED
|
||||
{
|
||||
return encode_ETYPE_INFO2 (data, length, t, len);
|
||||
}
|
||||
|
@ -3,6 +3,8 @@
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
@ -35,6 +37,10 @@
|
||||
|
||||
#include "krb5_locl.h"
|
||||
|
||||
#ifdef __APPLE__
|
||||
#include <CoreFoundation/CoreFoundation.h>
|
||||
#endif
|
||||
|
||||
/* Gaah! I want a portable funopen */
|
||||
struct fileptr {
|
||||
const char *s;
|
||||
@ -233,6 +239,98 @@ parse_binding(struct fileptr *f, unsigned *lineno, char *p,
|
||||
return ret;
|
||||
}
|
||||
|
||||
#ifdef __APPLE__
|
||||
static char *
|
||||
cfstring2cstring(CFStringRef string)
|
||||
{
|
||||
CFIndex len;
|
||||
char *str;
|
||||
|
||||
str = (char *) CFStringGetCStringPtr(string, kCFStringEncodingUTF8);
|
||||
if (str)
|
||||
return strdup(str);
|
||||
|
||||
len = CFStringGetLength(string);
|
||||
len = 1 + CFStringGetMaximumSizeForEncoding(len, kCFStringEncodingUTF8);
|
||||
str = malloc(len);
|
||||
if (str == NULL)
|
||||
return NULL;
|
||||
|
||||
if (!CFStringGetCString (string, str, len, kCFStringEncodingUTF8)) {
|
||||
free (str);
|
||||
return NULL;
|
||||
}
|
||||
return str;
|
||||
}
|
||||
|
||||
static void
|
||||
convert_content(const void *key, const void *value, void *context)
|
||||
{
|
||||
krb5_config_section *tmp, **parent = context;
|
||||
char *k;
|
||||
|
||||
if (CFGetTypeID(key) != CFStringGetTypeID())
|
||||
return;
|
||||
|
||||
k = cfstring2cstring(key);
|
||||
if (k == NULL)
|
||||
return;
|
||||
|
||||
if (CFGetTypeID(value) == CFStringGetTypeID()) {
|
||||
tmp = get_entry(parent, k, krb5_config_string);
|
||||
tmp->u.string = cfstring2cstring(value);
|
||||
} else if (CFGetTypeID(value) == CFDictionaryGetTypeID()) {
|
||||
tmp = get_entry(parent, k, krb5_config_list);
|
||||
CFDictionaryApplyFunction(value, convert_content, &tmp->u.list);
|
||||
} else {
|
||||
/* log */
|
||||
}
|
||||
free(k);
|
||||
}
|
||||
|
||||
static krb5_error_code
|
||||
parse_plist_config(krb5_context context, const char *path, krb5_config_section **parent)
|
||||
{
|
||||
CFReadStreamRef s;
|
||||
CFDictionaryRef d;
|
||||
CFErrorRef e;
|
||||
CFURLRef url;
|
||||
|
||||
url = CFURLCreateFromFileSystemRepresentation(kCFAllocatorDefault, (UInt8 *)path, strlen(path), FALSE);
|
||||
if (url == NULL) {
|
||||
krb5_clear_error_message(context);
|
||||
return ENOMEM;
|
||||
}
|
||||
|
||||
s = CFReadStreamCreateWithFile(kCFAllocatorDefault, url);
|
||||
CFRelease(url);
|
||||
if (s == NULL) {
|
||||
krb5_clear_error_message(context);
|
||||
return ENOMEM;
|
||||
}
|
||||
|
||||
if (!CFReadStreamOpen(s)) {
|
||||
CFRelease(s);
|
||||
krb5_clear_error_message(context);
|
||||
return ENOENT;
|
||||
}
|
||||
|
||||
d = (CFDictionaryRef)CFPropertyListCreateWithStream (kCFAllocatorDefault, s, 0, kCFPropertyListImmutable, NULL, &e);
|
||||
CFRelease(s);
|
||||
if (d == NULL) {
|
||||
krb5_clear_error_message(context);
|
||||
return ENOENT;
|
||||
}
|
||||
|
||||
CFDictionaryApplyFunction(d, convert_content, parent);
|
||||
CFRelease(d);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
|
||||
/*
|
||||
* Parse the config file `fname', generating the structures into `res'
|
||||
* returning error messages in `error_message'
|
||||
@ -280,6 +378,18 @@ krb5_config_parse_debug (struct fileptr *f,
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int
|
||||
is_plist_file(const char *fname)
|
||||
{
|
||||
size_t len = strlen(fname);
|
||||
char suffix[] = ".plist";
|
||||
if (len < sizeof(suffix))
|
||||
return 0;
|
||||
if (strcasecmp(&fname[len - (sizeof(suffix) - 1)], suffix) != 0)
|
||||
return 0;
|
||||
return 1;
|
||||
}
|
||||
|
||||
/**
|
||||
* Parse a configuration file and add the result into res. This
|
||||
* interface can be used to parse several configuration files into one
|
||||
@ -293,7 +403,7 @@ krb5_config_parse_debug (struct fileptr *f,
|
||||
* @ingroup krb5_support
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_config_parse_file_multi (krb5_context context,
|
||||
const char *fname,
|
||||
krb5_config_section **res)
|
||||
@ -309,9 +419,16 @@ krb5_config_parse_file_multi (krb5_context context,
|
||||
* current users home directory. The behavior can be disabled and
|
||||
* enabled by calling krb5_set_home_dir_access().
|
||||
*/
|
||||
if (_krb5_homedir_access(context) && fname[0] == '~' && fname[1] == '/') {
|
||||
if (fname[0] == '~' && fname[1] == '/') {
|
||||
#ifndef KRB5_USE_PATH_TOKENS
|
||||
const char *home = NULL;
|
||||
|
||||
if (!_krb5_homedir_access(context)) {
|
||||
krb5_set_error_message(context, EPERM,
|
||||
"Access to home directory not allowed");
|
||||
return EPERM;
|
||||
}
|
||||
|
||||
if(!issuid())
|
||||
home = getenv("HOME");
|
||||
|
||||
@ -329,33 +446,73 @@ krb5_config_parse_file_multi (krb5_context context,
|
||||
}
|
||||
fname = newfname;
|
||||
}
|
||||
#else /* KRB5_USE_PATH_TOKENS */
|
||||
asprintf(&newfname, "%%{USERCONFIG}/%s", &fname[1]);
|
||||
if (newfname == NULL) {
|
||||
krb5_set_error_message(context, ENOMEM,
|
||||
N_("malloc: out of memory", ""));
|
||||
return ENOMEM;
|
||||
}
|
||||
fname = newfname;
|
||||
#endif
|
||||
}
|
||||
|
||||
f.f = fopen(fname, "r");
|
||||
f.s = NULL;
|
||||
if(f.f == NULL) {
|
||||
ret = errno;
|
||||
krb5_set_error_message (context, ret, "open %s: %s",
|
||||
fname, strerror(ret));
|
||||
if (newfname)
|
||||
free(newfname);
|
||||
return ret;
|
||||
}
|
||||
if (is_plist_file(fname)) {
|
||||
#ifdef __APPLE__
|
||||
ret = parse_plist_config(context, fname, res);
|
||||
if (ret) {
|
||||
krb5_set_error_message(context, ret,
|
||||
"Failed to parse plist %s", fname);
|
||||
if (newfname)
|
||||
free(newfname);
|
||||
return ret;
|
||||
}
|
||||
#else
|
||||
krb5_set_error_message(context, ENOENT,
|
||||
"no support for plist configuration files");
|
||||
return ENOENT;
|
||||
#endif
|
||||
} else {
|
||||
#ifdef KRB5_USE_PATH_TOKENS
|
||||
char * exp_fname = NULL;
|
||||
|
||||
ret = krb5_config_parse_debug (&f, res, &lineno, &str);
|
||||
fclose(f.f);
|
||||
if (ret) {
|
||||
krb5_set_error_message (context, ret, "%s:%u: %s", fname, lineno, str);
|
||||
ret = _krb5_expand_path_tokens(context, fname, &exp_fname);
|
||||
if (ret) {
|
||||
if (newfname)
|
||||
free(newfname);
|
||||
return ret;
|
||||
}
|
||||
|
||||
if (newfname)
|
||||
free(newfname);
|
||||
return ret;
|
||||
fname = newfname = exp_fname;
|
||||
#endif
|
||||
|
||||
f.f = fopen(fname, "r");
|
||||
f.s = NULL;
|
||||
if(f.f == NULL) {
|
||||
ret = errno;
|
||||
krb5_set_error_message (context, ret, "open %s: %s",
|
||||
fname, strerror(ret));
|
||||
if (newfname)
|
||||
free(newfname);
|
||||
return ret;
|
||||
}
|
||||
|
||||
ret = krb5_config_parse_debug (&f, res, &lineno, &str);
|
||||
fclose(f.f);
|
||||
if (ret) {
|
||||
krb5_set_error_message (context, ret, "%s:%u: %s",
|
||||
fname, lineno, str);
|
||||
if (newfname)
|
||||
free(newfname);
|
||||
return ret;
|
||||
}
|
||||
}
|
||||
if (newfname)
|
||||
free(newfname);
|
||||
return 0;
|
||||
}
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_config_parse_file (krb5_context context,
|
||||
const char *fname,
|
||||
krb5_config_section **res)
|
||||
@ -397,7 +554,7 @@ free_binding (krb5_context context, krb5_config_binding *b)
|
||||
* @ingroup krb5_support
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_config_file_free (krb5_context context, krb5_config_section *s)
|
||||
{
|
||||
free_binding (context, s);
|
||||
@ -406,7 +563,7 @@ krb5_config_file_free (krb5_context context, krb5_config_section *s)
|
||||
|
||||
#ifndef HEIMDAL_SMALLER
|
||||
|
||||
krb5_error_code
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
_krb5_config_copy(krb5_context context,
|
||||
krb5_config_section *c,
|
||||
krb5_config_section **head)
|
||||
@ -442,7 +599,7 @@ _krb5_config_copy(krb5_context context,
|
||||
|
||||
#endif /* HEIMDAL_SMALLER */
|
||||
|
||||
const void *
|
||||
KRB5_LIB_FUNCTION const void * KRB5_LIB_CALL
|
||||
_krb5_config_get_next (krb5_context context,
|
||||
const krb5_config_section *c,
|
||||
const krb5_config_binding **pointer,
|
||||
@ -481,7 +638,7 @@ vget_next(krb5_context context,
|
||||
return NULL;
|
||||
}
|
||||
|
||||
const void *
|
||||
KRB5_LIB_FUNCTION const void * KRB5_LIB_CALL
|
||||
_krb5_config_vget_next (krb5_context context,
|
||||
const krb5_config_section *c,
|
||||
const krb5_config_binding **pointer,
|
||||
@ -517,7 +674,7 @@ _krb5_config_vget_next (krb5_context context,
|
||||
return NULL;
|
||||
}
|
||||
|
||||
const void *
|
||||
KRB5_LIB_FUNCTION const void * KRB5_LIB_CALL
|
||||
_krb5_config_get (krb5_context context,
|
||||
const krb5_config_section *c,
|
||||
int type,
|
||||
@ -532,6 +689,7 @@ _krb5_config_get (krb5_context context,
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
const void *
|
||||
_krb5_config_vget (krb5_context context,
|
||||
const krb5_config_section *c,
|
||||
@ -555,7 +713,7 @@ _krb5_config_vget (krb5_context context,
|
||||
* @ingroup krb5_support
|
||||
*/
|
||||
|
||||
const krb5_config_binding *
|
||||
KRB5_LIB_FUNCTION const krb5_config_binding * KRB5_LIB_CALL
|
||||
krb5_config_get_list (krb5_context context,
|
||||
const krb5_config_section *c,
|
||||
...)
|
||||
@ -581,7 +739,7 @@ krb5_config_get_list (krb5_context context,
|
||||
* @ingroup krb5_support
|
||||
*/
|
||||
|
||||
const krb5_config_binding *
|
||||
KRB5_LIB_FUNCTION const krb5_config_binding * KRB5_LIB_CALL
|
||||
krb5_config_vget_list (krb5_context context,
|
||||
const krb5_config_section *c,
|
||||
va_list args)
|
||||
@ -604,7 +762,7 @@ krb5_config_vget_list (krb5_context context,
|
||||
* @ingroup krb5_support
|
||||
*/
|
||||
|
||||
const char* KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
|
||||
krb5_config_get_string (krb5_context context,
|
||||
const krb5_config_section *c,
|
||||
...)
|
||||
@ -630,7 +788,7 @@ krb5_config_get_string (krb5_context context,
|
||||
* @ingroup krb5_support
|
||||
*/
|
||||
|
||||
const char* KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
|
||||
krb5_config_vget_string (krb5_context context,
|
||||
const krb5_config_section *c,
|
||||
va_list args)
|
||||
@ -653,7 +811,7 @@ krb5_config_vget_string (krb5_context context,
|
||||
* @ingroup krb5_support
|
||||
*/
|
||||
|
||||
const char* KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
|
||||
krb5_config_vget_string_default (krb5_context context,
|
||||
const krb5_config_section *c,
|
||||
const char *def_value,
|
||||
@ -682,7 +840,7 @@ krb5_config_vget_string_default (krb5_context context,
|
||||
* @ingroup krb5_support
|
||||
*/
|
||||
|
||||
const char* KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
|
||||
krb5_config_get_string_default (krb5_context context,
|
||||
const krb5_config_section *c,
|
||||
const char *def_value,
|
||||
@ -710,7 +868,7 @@ krb5_config_get_string_default (krb5_context context,
|
||||
* @ingroup krb5_support
|
||||
*/
|
||||
|
||||
char ** KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION char ** KRB5_LIB_CALL
|
||||
krb5_config_vget_strings(krb5_context context,
|
||||
const krb5_config_section *c,
|
||||
va_list args)
|
||||
@ -770,7 +928,7 @@ cleanup:
|
||||
* @ingroup krb5_support
|
||||
*/
|
||||
|
||||
char**
|
||||
KRB5_LIB_FUNCTION char** KRB5_LIB_CALL
|
||||
krb5_config_get_strings(krb5_context context,
|
||||
const krb5_config_section *c,
|
||||
...)
|
||||
@ -792,7 +950,7 @@ krb5_config_get_strings(krb5_context context,
|
||||
* @ingroup krb5_support
|
||||
*/
|
||||
|
||||
void KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION void KRB5_LIB_CALL
|
||||
krb5_config_free_strings(char **strings)
|
||||
{
|
||||
char **s = strings;
|
||||
@ -821,7 +979,7 @@ krb5_config_free_strings(char **strings)
|
||||
* @ingroup krb5_support
|
||||
*/
|
||||
|
||||
krb5_boolean KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
|
||||
krb5_config_vget_bool_default (krb5_context context,
|
||||
const krb5_config_section *c,
|
||||
krb5_boolean def_value,
|
||||
@ -851,7 +1009,7 @@ krb5_config_vget_bool_default (krb5_context context,
|
||||
* @ingroup krb5_support
|
||||
*/
|
||||
|
||||
krb5_boolean KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
|
||||
krb5_config_vget_bool (krb5_context context,
|
||||
const krb5_config_section *c,
|
||||
va_list args)
|
||||
@ -875,7 +1033,7 @@ krb5_config_vget_bool (krb5_context context,
|
||||
* @ingroup krb5_support
|
||||
*/
|
||||
|
||||
krb5_boolean KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
|
||||
krb5_config_get_bool_default (krb5_context context,
|
||||
const krb5_config_section *c,
|
||||
krb5_boolean def_value,
|
||||
@ -905,7 +1063,7 @@ krb5_config_get_bool_default (krb5_context context,
|
||||
* @ingroup krb5_support
|
||||
*/
|
||||
|
||||
krb5_boolean KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
|
||||
krb5_config_get_bool (krb5_context context,
|
||||
const krb5_config_section *c,
|
||||
...)
|
||||
@ -935,7 +1093,7 @@ krb5_config_get_bool (krb5_context context,
|
||||
* @ingroup krb5_support
|
||||
*/
|
||||
|
||||
int KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION int KRB5_LIB_CALL
|
||||
krb5_config_vget_time_default (krb5_context context,
|
||||
const krb5_config_section *c,
|
||||
int def_value,
|
||||
@ -964,10 +1122,10 @@ krb5_config_vget_time_default (krb5_context context,
|
||||
* @ingroup krb5_support
|
||||
*/
|
||||
|
||||
int KRB5_LIB_FUNCTION
|
||||
krb5_config_vget_time(krb5_context context,
|
||||
const krb5_config_section *c,
|
||||
va_list args)
|
||||
KRB5_LIB_FUNCTION int KRB5_LIB_CALL
|
||||
krb5_config_vget_time (krb5_context context,
|
||||
const krb5_config_section *c,
|
||||
va_list args)
|
||||
{
|
||||
return krb5_config_vget_time_default (context, c, -1, args);
|
||||
}
|
||||
@ -986,7 +1144,7 @@ krb5_config_vget_time(krb5_context context,
|
||||
* @ingroup krb5_support
|
||||
*/
|
||||
|
||||
int KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION int KRB5_LIB_CALL
|
||||
krb5_config_get_time_default (krb5_context context,
|
||||
const krb5_config_section *c,
|
||||
int def_value,
|
||||
@ -1012,7 +1170,7 @@ krb5_config_get_time_default (krb5_context context,
|
||||
* @ingroup krb5_support
|
||||
*/
|
||||
|
||||
int KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION int KRB5_LIB_CALL
|
||||
krb5_config_get_time (krb5_context context,
|
||||
const krb5_config_section *c,
|
||||
...)
|
||||
@ -1026,7 +1184,7 @@ krb5_config_get_time (krb5_context context,
|
||||
}
|
||||
|
||||
|
||||
int KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION int KRB5_LIB_CALL
|
||||
krb5_config_vget_int_default (krb5_context context,
|
||||
const krb5_config_section *c,
|
||||
int def_value,
|
||||
@ -1047,7 +1205,7 @@ krb5_config_vget_int_default (krb5_context context,
|
||||
}
|
||||
}
|
||||
|
||||
int KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION int KRB5_LIB_CALL
|
||||
krb5_config_vget_int (krb5_context context,
|
||||
const krb5_config_section *c,
|
||||
va_list args)
|
||||
@ -1055,7 +1213,7 @@ krb5_config_vget_int (krb5_context context,
|
||||
return krb5_config_vget_int_default (context, c, -1, args);
|
||||
}
|
||||
|
||||
int KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION int KRB5_LIB_CALL
|
||||
krb5_config_get_int_default (krb5_context context,
|
||||
const krb5_config_section *c,
|
||||
int def_value,
|
||||
@ -1069,7 +1227,7 @@ krb5_config_get_int_default (krb5_context context,
|
||||
return ret;
|
||||
}
|
||||
|
||||
int KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION int KRB5_LIB_CALL
|
||||
krb5_config_get_int (krb5_context context,
|
||||
const krb5_config_section *c,
|
||||
...)
|
||||
@ -1085,10 +1243,17 @@ krb5_config_get_int (krb5_context context,
|
||||
|
||||
#ifndef HEIMDAL_SMALLER
|
||||
|
||||
/**
|
||||
* Deprecated: configuration files are not strings
|
||||
*
|
||||
* @ingroup krb5_deprecated
|
||||
*/
|
||||
|
||||
KRB5_DEPRECATED
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
krb5_config_parse_string_multi(krb5_context context,
|
||||
const char *string,
|
||||
krb5_config_section **res) KRB5_DEPRECATED
|
||||
krb5_config_section **res)
|
||||
{
|
||||
const char *str;
|
||||
unsigned lineno = 0;
|
||||
|
@ -3,6 +3,8 @@
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
@ -35,10 +37,17 @@
|
||||
|
||||
KRB5_LIB_VARIABLE const char *krb5_config_file =
|
||||
#ifdef __APPLE__
|
||||
"~/Library/Preferences/com.apple.Kerberos.plist:"
|
||||
"/Library/Preferences/com.apple.Kerberos.plist:"
|
||||
"~/Library/Preferences/edu.mit.Kerberos:"
|
||||
"/Library/Preferences/edu.mit.Kerberos:"
|
||||
#endif /* __APPLE__ */
|
||||
SYSCONFDIR "/krb5.conf"
|
||||
#ifndef _WIN32
|
||||
":/etc/krb5.conf"
|
||||
#endif
|
||||
SYSCONFDIR "/krb5.conf:/etc/krb5.conf";
|
||||
;
|
||||
|
||||
KRB5_LIB_VARIABLE const char *krb5_defkeyname = KEYTAB_DEFAULT;
|
||||
|
||||
KRB5_LIB_VARIABLE const char *krb5_cc_type_api = "API";
|
||||
|
@ -3,6 +3,8 @@
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
@ -223,16 +225,49 @@ cc_ops_register(krb5_context context)
|
||||
context->cc_ops = NULL;
|
||||
context->num_cc_ops = 0;
|
||||
|
||||
#ifndef KCM_IS_API_CACHE
|
||||
krb5_cc_register(context, &krb5_acc_ops, TRUE);
|
||||
#endif
|
||||
krb5_cc_register(context, &krb5_fcc_ops, TRUE);
|
||||
krb5_cc_register(context, &krb5_mcc_ops, TRUE);
|
||||
#ifdef HAVE_SCC
|
||||
krb5_cc_register(context, &krb5_scc_ops, TRUE);
|
||||
#endif
|
||||
#ifdef HAVE_KCM
|
||||
#ifdef KCM_IS_API_CACHE
|
||||
krb5_cc_register(context, &krb5_akcm_ops, TRUE);
|
||||
#endif
|
||||
krb5_cc_register(context, &krb5_kcm_ops, TRUE);
|
||||
#endif
|
||||
return 0;
|
||||
}
|
||||
|
||||
static krb5_error_code
|
||||
cc_ops_copy(krb5_context context, const krb5_context src_context)
|
||||
{
|
||||
const krb5_cc_ops **cc_ops;
|
||||
|
||||
context->cc_ops = NULL;
|
||||
context->num_cc_ops = 0;
|
||||
|
||||
if (src_context->num_cc_ops == 0)
|
||||
return 0;
|
||||
|
||||
cc_ops = malloc(sizeof(cc_ops[0]) * src_context->num_cc_ops);
|
||||
if (cc_ops == NULL) {
|
||||
krb5_set_error_message(context, KRB5_CC_NOMEM,
|
||||
N_("malloc: out of memory", ""));
|
||||
return KRB5_CC_NOMEM;
|
||||
}
|
||||
|
||||
memcpy(cc_ops, src_context->cc_ops,
|
||||
sizeof(cc_ops[0]) * src_context->num_cc_ops);
|
||||
context->cc_ops = cc_ops;
|
||||
context->num_cc_ops = src_context->num_cc_ops;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
static krb5_error_code
|
||||
kt_ops_register(krb5_context context)
|
||||
{
|
||||
@ -250,6 +285,28 @@ kt_ops_register(krb5_context context)
|
||||
return 0;
|
||||
}
|
||||
|
||||
static krb5_error_code
|
||||
kt_ops_copy(krb5_context context, const krb5_context src_context)
|
||||
{
|
||||
context->num_kt_types = 0;
|
||||
context->kt_types = NULL;
|
||||
|
||||
if (src_context->num_kt_types == 0)
|
||||
return 0;
|
||||
|
||||
context->kt_types = malloc(sizeof(context->kt_types[0]) * src_context->num_kt_types);
|
||||
if (context->kt_types == NULL) {
|
||||
krb5_set_error_message(context, ENOMEM,
|
||||
N_("malloc: out of memory", ""));
|
||||
return ENOMEM;
|
||||
}
|
||||
|
||||
context->num_kt_types = src_context->num_kt_types;
|
||||
memcpy(context->kt_types, src_context->kt_types,
|
||||
sizeof(context->kt_types[0]) * src_context->num_kt_types);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
/**
|
||||
* Initializes the context structure and reads the configuration file
|
||||
@ -266,7 +323,7 @@ kt_ops_register(krb5_context context)
|
||||
* @ingroup krb5
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_init_context(krb5_context *context)
|
||||
{
|
||||
krb5_context p;
|
||||
@ -309,6 +366,8 @@ krb5_init_context(krb5_context *context)
|
||||
if (ret)
|
||||
goto out;
|
||||
#endif
|
||||
if (rk_SOCK_INIT())
|
||||
p->flags |= KRB5_CTX_F_SOCKETS_INITIALIZED;
|
||||
|
||||
out:
|
||||
if(ret) {
|
||||
@ -359,7 +418,7 @@ copy_etypes (krb5_context context,
|
||||
* @ingroup krb5
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_copy_context(krb5_context context, krb5_context *out)
|
||||
{
|
||||
krb5_error_code ret;
|
||||
@ -411,8 +470,9 @@ krb5_copy_context(krb5_context context, krb5_context *out)
|
||||
|
||||
/* XXX should copy */
|
||||
krb5_init_ets(p);
|
||||
cc_ops_register(p);
|
||||
kt_ops_register(p);
|
||||
|
||||
cc_ops_copy(p, context);
|
||||
kt_ops_copy(p, context);
|
||||
|
||||
#if 0 /* XXX */
|
||||
if(context->warn_dest != NULL)
|
||||
@ -451,7 +511,7 @@ krb5_copy_context(krb5_context context, krb5_context *out)
|
||||
* @ingroup krb5
|
||||
*/
|
||||
|
||||
void KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION void KRB5_LIB_CALL
|
||||
krb5_free_context(krb5_context context)
|
||||
{
|
||||
if (context->default_cc_name)
|
||||
@ -480,6 +540,9 @@ krb5_free_context(krb5_context context)
|
||||
|
||||
HEIMDAL_MUTEX_destroy(context->mutex);
|
||||
free(context->mutex);
|
||||
if (context->flags & KRB5_CTX_F_SOCKETS_INITIALIZED) {
|
||||
rk_SOCK_EXIT();
|
||||
}
|
||||
|
||||
memset(context, 0, sizeof(*context));
|
||||
free(context);
|
||||
@ -497,14 +560,14 @@ krb5_free_context(krb5_context context)
|
||||
* @ingroup krb5
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_set_config_files(krb5_context context, char **filenames)
|
||||
{
|
||||
krb5_error_code ret;
|
||||
krb5_config_binding *tmp = NULL;
|
||||
while(filenames != NULL && *filenames != NULL && **filenames != '\0') {
|
||||
ret = krb5_config_parse_file_multi(context, *filenames, &tmp);
|
||||
if(ret != 0 && ret != ENOENT && ret != EACCES) {
|
||||
if(ret != 0 && ret != ENOENT && ret != EACCES && ret != EPERM) {
|
||||
krb5_config_file_free(context, tmp);
|
||||
return ret;
|
||||
}
|
||||
@ -552,7 +615,7 @@ add_file(char ***pfilenames, int *len, char *file)
|
||||
* `pq' isn't free, it's up the the caller
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_prepend_config_files(const char *filelist, char **pq, char ***ret_pp)
|
||||
{
|
||||
krb5_error_code ret;
|
||||
@ -617,7 +680,7 @@ krb5_prepend_config_files(const char *filelist, char **pq, char ***ret_pp)
|
||||
* @ingroup krb5
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_prepend_config_files_default(const char *filelist, char ***pfilenames)
|
||||
{
|
||||
krb5_error_code ret;
|
||||
@ -647,7 +710,7 @@ krb5_prepend_config_files_default(const char *filelist, char ***pfilenames)
|
||||
* @ingroup krb5
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_get_default_config_files(char ***pfilenames)
|
||||
{
|
||||
const char *files = NULL;
|
||||
@ -674,7 +737,7 @@ krb5_get_default_config_files(char ***pfilenames)
|
||||
* @ingroup krb5
|
||||
*/
|
||||
|
||||
void KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION void KRB5_LIB_CALL
|
||||
krb5_free_config_files(char **filenames)
|
||||
{
|
||||
char **p;
|
||||
@ -696,7 +759,7 @@ krb5_free_config_files(char **filenames)
|
||||
* @ingroup krb5
|
||||
*/
|
||||
|
||||
const krb5_enctype * KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION const krb5_enctype * KRB5_LIB_CALL
|
||||
krb5_kerberos_enctypes(krb5_context context)
|
||||
{
|
||||
static const krb5_enctype p[] = {
|
||||
@ -757,7 +820,7 @@ default_etypes(krb5_context context, krb5_enctype **etype)
|
||||
* @ingroup krb5
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_set_default_in_tkt_etypes(krb5_context context,
|
||||
const krb5_enctype *etypes)
|
||||
{
|
||||
@ -799,7 +862,7 @@ krb5_set_default_in_tkt_etypes(krb5_context context,
|
||||
* @ingroup krb5
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_get_default_in_tkt_etypes(krb5_context context,
|
||||
krb5_enctype **etypes)
|
||||
{
|
||||
@ -833,7 +896,7 @@ krb5_get_default_in_tkt_etypes(krb5_context context,
|
||||
* @ingroup krb5
|
||||
*/
|
||||
|
||||
void KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION void KRB5_LIB_CALL
|
||||
krb5_init_ets(krb5_context context)
|
||||
{
|
||||
if(context->et_list == NULL){
|
||||
@ -868,7 +931,7 @@ krb5_init_ets(krb5_context context)
|
||||
* @ingroup krb5
|
||||
*/
|
||||
|
||||
void KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION void KRB5_LIB_CALL
|
||||
krb5_set_use_admin_kdc (krb5_context context, krb5_boolean flag)
|
||||
{
|
||||
context->use_admin_kdc = flag;
|
||||
@ -884,7 +947,7 @@ krb5_set_use_admin_kdc (krb5_context context, krb5_boolean flag)
|
||||
* @ingroup krb5
|
||||
*/
|
||||
|
||||
krb5_boolean KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
|
||||
krb5_get_use_admin_kdc (krb5_context context)
|
||||
{
|
||||
return context->use_admin_kdc;
|
||||
@ -903,7 +966,7 @@ krb5_get_use_admin_kdc (krb5_context context)
|
||||
* @ingroup krb5
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_add_extra_addresses(krb5_context context, krb5_addresses *addresses)
|
||||
{
|
||||
|
||||
@ -927,7 +990,7 @@ krb5_add_extra_addresses(krb5_context context, krb5_addresses *addresses)
|
||||
* @ingroup krb5
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_set_extra_addresses(krb5_context context, const krb5_addresses *addresses)
|
||||
{
|
||||
if(context->extra_addresses)
|
||||
@ -963,7 +1026,7 @@ krb5_set_extra_addresses(krb5_context context, const krb5_addresses *addresses)
|
||||
* @ingroup krb5
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_get_extra_addresses(krb5_context context, krb5_addresses *addresses)
|
||||
{
|
||||
if(context->extra_addresses == NULL) {
|
||||
@ -986,7 +1049,7 @@ krb5_get_extra_addresses(krb5_context context, krb5_addresses *addresses)
|
||||
* @ingroup krb5
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_add_ignore_addresses(krb5_context context, krb5_addresses *addresses)
|
||||
{
|
||||
|
||||
@ -1010,7 +1073,7 @@ krb5_add_ignore_addresses(krb5_context context, krb5_addresses *addresses)
|
||||
* @ingroup krb5
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_set_ignore_addresses(krb5_context context, const krb5_addresses *addresses)
|
||||
{
|
||||
if(context->ignore_addresses)
|
||||
@ -1045,7 +1108,7 @@ krb5_set_ignore_addresses(krb5_context context, const krb5_addresses *addresses)
|
||||
* @ingroup krb5
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_get_ignore_addresses(krb5_context context, krb5_addresses *addresses)
|
||||
{
|
||||
if(context->ignore_addresses == NULL) {
|
||||
@ -1067,7 +1130,7 @@ krb5_get_ignore_addresses(krb5_context context, krb5_addresses *addresses)
|
||||
* @ingroup krb5
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_set_fcache_version(krb5_context context, int version)
|
||||
{
|
||||
context->fcache_vno = version;
|
||||
@ -1086,7 +1149,7 @@ krb5_set_fcache_version(krb5_context context, int version)
|
||||
* @ingroup krb5
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_get_fcache_version(krb5_context context, int *version)
|
||||
{
|
||||
*version = context->fcache_vno;
|
||||
@ -1102,7 +1165,7 @@ krb5_get_fcache_version(krb5_context context, int *version)
|
||||
*/
|
||||
|
||||
|
||||
krb5_boolean KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
|
||||
krb5_is_thread_safe(void)
|
||||
{
|
||||
#ifdef ENABLE_PTHREAD_SUPPORT
|
||||
@ -1121,7 +1184,7 @@ krb5_is_thread_safe(void)
|
||||
* @ingroup krb5
|
||||
*/
|
||||
|
||||
void KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION void KRB5_LIB_CALL
|
||||
krb5_set_dns_canonicalize_hostname (krb5_context context, krb5_boolean flag)
|
||||
{
|
||||
if (flag)
|
||||
@ -1140,7 +1203,7 @@ krb5_set_dns_canonicalize_hostname (krb5_context context, krb5_boolean flag)
|
||||
* @ingroup krb5
|
||||
*/
|
||||
|
||||
krb5_boolean KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
|
||||
krb5_get_dns_canonicalize_hostname (krb5_context context)
|
||||
{
|
||||
return (context->flags & KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME) ? 1 : 0;
|
||||
@ -1158,7 +1221,7 @@ krb5_get_dns_canonicalize_hostname (krb5_context context)
|
||||
* @ingroup krb5
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_get_kdc_sec_offset (krb5_context context, int32_t *sec, int32_t *usec)
|
||||
{
|
||||
if (sec)
|
||||
@ -1180,7 +1243,7 @@ krb5_get_kdc_sec_offset (krb5_context context, int32_t *sec, int32_t *usec)
|
||||
* @ingroup krb5
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_set_kdc_sec_offset (krb5_context context, int32_t sec, int32_t usec)
|
||||
{
|
||||
context->kdc_sec_offset = sec;
|
||||
@ -1199,7 +1262,7 @@ krb5_set_kdc_sec_offset (krb5_context context, int32_t sec, int32_t usec)
|
||||
* @ingroup krb5
|
||||
*/
|
||||
|
||||
time_t KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION time_t KRB5_LIB_CALL
|
||||
krb5_get_max_time_skew (krb5_context context)
|
||||
{
|
||||
return context->max_skew;
|
||||
@ -1214,7 +1277,7 @@ krb5_get_max_time_skew (krb5_context context)
|
||||
* @ingroup krb5
|
||||
*/
|
||||
|
||||
void KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION void KRB5_LIB_CALL
|
||||
krb5_set_max_time_skew (krb5_context context, time_t t)
|
||||
{
|
||||
context->max_skew = t;
|
||||
@ -1234,7 +1297,7 @@ krb5_set_max_time_skew (krb5_context context, time_t t)
|
||||
* @ingroup krb5
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_init_etype (krb5_context context,
|
||||
unsigned *len,
|
||||
krb5_enctype **val,
|
||||
@ -1282,9 +1345,11 @@ _krb5_homedir_access(krb5_context context)
|
||||
{
|
||||
krb5_boolean allow;
|
||||
|
||||
#ifdef HAVE_GETEUID
|
||||
/* is never allowed for root */
|
||||
if (geteuid() == 0)
|
||||
return FALSE;
|
||||
#endif
|
||||
|
||||
if (context && (context->flags & KRB5_CTX_F_HOMEDIR_ACCESS) == 0)
|
||||
return FALSE;
|
||||
|
@ -58,7 +58,7 @@ check_ticket_flags(TicketFlags f)
|
||||
* @ingroup krb5_v4compat
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb524_convert_creds_kdc(krb5_context context,
|
||||
krb5_creds *in_cred,
|
||||
struct credentials *v4creds)
|
||||
@ -132,10 +132,9 @@ krb524_convert_creds_kdc(krb5_context context,
|
||||
goto out;
|
||||
memcpy(v4creds->session, v5_creds->session.keyvalue.data, 8);
|
||||
} else {
|
||||
krb5_set_error_message (context, ret,
|
||||
N_("converting credentials: %s",
|
||||
"already localized"),
|
||||
krb5_get_err_text(context, ret));
|
||||
krb5_prepend_error_message(context, ret,
|
||||
N_("converting credentials",
|
||||
"already localized"));
|
||||
}
|
||||
out:
|
||||
krb5_storage_free(sp);
|
||||
@ -161,7 +160,7 @@ out2:
|
||||
* @ingroup krb5_v4compat
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb524_convert_creds_kdc_ccache(krb5_context context,
|
||||
krb5_ccache ccache,
|
||||
krb5_creds *in_cred,
|
||||
|
@ -46,7 +46,7 @@
|
||||
* @ingroup krb5
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_copy_host_realm(krb5_context context,
|
||||
const krb5_realm *from,
|
||||
krb5_realm **to)
|
||||
|
@ -45,7 +45,7 @@
|
||||
* @ingroup krb5
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_free_cred_contents (krb5_context context, krb5_creds *c)
|
||||
{
|
||||
krb5_free_principal (context, c->client);
|
||||
@ -74,7 +74,7 @@ krb5_free_cred_contents (krb5_context context, krb5_creds *c)
|
||||
* @ingroup krb5
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_copy_creds_contents (krb5_context context,
|
||||
const krb5_creds *incred,
|
||||
krb5_creds *c)
|
||||
@ -131,7 +131,7 @@ fail:
|
||||
* @ingroup krb5
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_copy_creds (krb5_context context,
|
||||
const krb5_creds *incred,
|
||||
krb5_creds **outcred)
|
||||
@ -161,7 +161,7 @@ krb5_copy_creds (krb5_context context,
|
||||
* @ingroup krb5
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_free_creds (krb5_context context, krb5_creds *c)
|
||||
{
|
||||
krb5_free_cred_contents (context, c);
|
||||
@ -205,7 +205,7 @@ krb5_times_equal(const krb5_times *a, const krb5_times *b)
|
||||
* @ingroup krb5
|
||||
*/
|
||||
|
||||
krb5_boolean KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
|
||||
krb5_compare_creds(krb5_context context, krb5_flags whichfields,
|
||||
const krb5_creds * mcreds, const krb5_creds * creds)
|
||||
{
|
||||
|
@ -874,7 +874,7 @@ static struct key_type keytype_arcfour = {
|
||||
EVP_rc4
|
||||
};
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_salttype_to_string (krb5_context context,
|
||||
krb5_enctype etype,
|
||||
krb5_salttype stype,
|
||||
@ -906,7 +906,7 @@ krb5_salttype_to_string (krb5_context context,
|
||||
return HEIM_ERR_SALTTYPE_NOSUPP;
|
||||
}
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_string_to_salttype (krb5_context context,
|
||||
krb5_enctype etype,
|
||||
const char *string,
|
||||
@ -933,7 +933,7 @@ krb5_string_to_salttype (krb5_context context,
|
||||
return HEIM_ERR_SALTTYPE_NOSUPP;
|
||||
}
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_get_pw_salt(krb5_context context,
|
||||
krb5_const_principal principal,
|
||||
krb5_salt *salt)
|
||||
@ -962,7 +962,7 @@ krb5_get_pw_salt(krb5_context context,
|
||||
return 0;
|
||||
}
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_free_salt(krb5_context context,
|
||||
krb5_salt salt)
|
||||
{
|
||||
@ -970,7 +970,7 @@ krb5_free_salt(krb5_context context,
|
||||
return 0;
|
||||
}
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_string_to_key_data (krb5_context context,
|
||||
krb5_enctype enctype,
|
||||
krb5_data password,
|
||||
@ -988,7 +988,7 @@ krb5_string_to_key_data (krb5_context context,
|
||||
return ret;
|
||||
}
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_string_to_key (krb5_context context,
|
||||
krb5_enctype enctype,
|
||||
const char *password,
|
||||
@ -1001,7 +1001,7 @@ krb5_string_to_key (krb5_context context,
|
||||
return krb5_string_to_key_data(context, enctype, pw, principal, key);
|
||||
}
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_string_to_key_data_salt (krb5_context context,
|
||||
krb5_enctype enctype,
|
||||
krb5_data password,
|
||||
@ -1020,7 +1020,7 @@ krb5_string_to_key_data_salt (krb5_context context,
|
||||
* `opaque'), returning the resulting key in `key'
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_string_to_key_data_salt_opaque (krb5_context context,
|
||||
krb5_enctype enctype,
|
||||
krb5_data password,
|
||||
@ -1052,7 +1052,7 @@ krb5_string_to_key_data_salt_opaque (krb5_context context,
|
||||
* in `key'
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_string_to_key_salt (krb5_context context,
|
||||
krb5_enctype enctype,
|
||||
const char *password,
|
||||
@ -1065,7 +1065,7 @@ krb5_string_to_key_salt (krb5_context context,
|
||||
return krb5_string_to_key_data_salt(context, enctype, pw, salt, key);
|
||||
}
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_string_to_key_salt_opaque (krb5_context context,
|
||||
krb5_enctype enctype,
|
||||
const char *password,
|
||||
@ -1080,7 +1080,7 @@ krb5_string_to_key_salt_opaque (krb5_context context,
|
||||
pw, salt, opaque, key);
|
||||
}
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_enctype_keysize(krb5_context context,
|
||||
krb5_enctype type,
|
||||
size_t *keysize)
|
||||
@ -1096,7 +1096,7 @@ krb5_enctype_keysize(krb5_context context,
|
||||
return 0;
|
||||
}
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_enctype_keybits(krb5_context context,
|
||||
krb5_enctype type,
|
||||
size_t *keybits)
|
||||
@ -1112,7 +1112,7 @@ krb5_enctype_keybits(krb5_context context,
|
||||
return 0;
|
||||
}
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_generate_random_keyblock(krb5_context context,
|
||||
krb5_enctype type,
|
||||
krb5_keyblock *key)
|
||||
@ -1439,7 +1439,7 @@ hmac(krb5_context context,
|
||||
return 0;
|
||||
}
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_hmac(krb5_context context,
|
||||
krb5_cksumtype cktype,
|
||||
const void *data,
|
||||
@ -1785,7 +1785,7 @@ arcfour_checksum_p(struct checksum_type *ct, krb5_crypto crypto)
|
||||
(crypto->key.key->keytype == KEYTYPE_ARCFOUR);
|
||||
}
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_create_checksum(krb5_context context,
|
||||
krb5_crypto crypto,
|
||||
krb5_key_usage usage,
|
||||
@ -1897,7 +1897,7 @@ verify_checksum(krb5_context context,
|
||||
return ret;
|
||||
}
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_verify_checksum(krb5_context context,
|
||||
krb5_crypto crypto,
|
||||
krb5_key_usage usage,
|
||||
@ -1926,7 +1926,7 @@ krb5_verify_checksum(krb5_context context,
|
||||
data, len, cksum);
|
||||
}
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_crypto_get_checksum_type(krb5_context context,
|
||||
krb5_crypto crypto,
|
||||
krb5_cksumtype *type)
|
||||
@ -1951,7 +1951,7 @@ krb5_crypto_get_checksum_type(krb5_context context,
|
||||
}
|
||||
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_checksumsize(krb5_context context,
|
||||
krb5_cksumtype type,
|
||||
size_t *size)
|
||||
@ -1967,7 +1967,7 @@ krb5_checksumsize(krb5_context context,
|
||||
return 0;
|
||||
}
|
||||
|
||||
krb5_boolean KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
|
||||
krb5_checksum_is_keyed(krb5_context context,
|
||||
krb5_cksumtype type)
|
||||
{
|
||||
@ -1982,7 +1982,7 @@ krb5_checksum_is_keyed(krb5_context context,
|
||||
return ct->flags & F_KEYED;
|
||||
}
|
||||
|
||||
krb5_boolean KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
|
||||
krb5_checksum_is_collision_proof(krb5_context context,
|
||||
krb5_cksumtype type)
|
||||
{
|
||||
@ -1997,7 +1997,7 @@ krb5_checksum_is_collision_proof(krb5_context context,
|
||||
return ct->flags & F_CPROOF;
|
||||
}
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_checksum_disable(krb5_context context,
|
||||
krb5_cksumtype type)
|
||||
{
|
||||
@ -2724,7 +2724,7 @@ _find_enctype(krb5_enctype type)
|
||||
}
|
||||
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_enctype_to_string(krb5_context context,
|
||||
krb5_enctype etype,
|
||||
char **string)
|
||||
@ -2746,7 +2746,7 @@ krb5_enctype_to_string(krb5_context context,
|
||||
return 0;
|
||||
}
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_string_to_enctype(krb5_context context,
|
||||
const char *string,
|
||||
krb5_enctype *etype)
|
||||
@ -2763,7 +2763,7 @@ krb5_string_to_enctype(krb5_context context,
|
||||
return KRB5_PROG_ETYPE_NOSUPP;
|
||||
}
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_enctype_to_keytype(krb5_context context,
|
||||
krb5_enctype etype,
|
||||
krb5_keytype *keytype)
|
||||
@ -2779,7 +2779,7 @@ krb5_enctype_to_keytype(krb5_context context,
|
||||
return 0;
|
||||
}
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_enctype_valid(krb5_context context,
|
||||
krb5_enctype etype)
|
||||
{
|
||||
@ -2812,7 +2812,7 @@ krb5_enctype_valid(krb5_context context,
|
||||
*/
|
||||
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_cksumtype_to_enctype(krb5_context context,
|
||||
krb5_cksumtype ctype,
|
||||
krb5_enctype *etype)
|
||||
@ -2837,7 +2837,7 @@ krb5_cksumtype_to_enctype(krb5_context context,
|
||||
}
|
||||
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_cksumtype_valid(krb5_context context,
|
||||
krb5_cksumtype ctype)
|
||||
{
|
||||
@ -3265,7 +3265,7 @@ find_iv(krb5_crypto_iov *data, int num_data, int type)
|
||||
* 4. KRB5_CRYPTO_TYPE_TRAILER
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_encrypt_iov_ivec(krb5_context context,
|
||||
krb5_crypto crypto,
|
||||
unsigned usage,
|
||||
@ -3458,7 +3458,7 @@ krb5_encrypt_iov_ivec(krb5_context context,
|
||||
* size as the input data or shorter.
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_decrypt_iov_ivec(krb5_context context,
|
||||
krb5_crypto crypto,
|
||||
unsigned usage,
|
||||
@ -3606,7 +3606,7 @@ krb5_decrypt_iov_ivec(krb5_context context,
|
||||
* @ingroup krb5_crypto
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_create_checksum_iov(krb5_context context,
|
||||
krb5_crypto crypto,
|
||||
unsigned usage,
|
||||
@ -3689,7 +3689,7 @@ krb5_create_checksum_iov(krb5_context context,
|
||||
* @ingroup krb5_crypto
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_verify_checksum_iov(krb5_context context,
|
||||
krb5_crypto crypto,
|
||||
unsigned usage,
|
||||
@ -3751,7 +3751,7 @@ krb5_verify_checksum_iov(krb5_context context,
|
||||
}
|
||||
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_crypto_length(krb5_context context,
|
||||
krb5_crypto crypto,
|
||||
int type,
|
||||
@ -3795,7 +3795,7 @@ krb5_crypto_length(krb5_context context,
|
||||
}
|
||||
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_crypto_length_iov(krb5_context context,
|
||||
krb5_crypto crypto,
|
||||
krb5_crypto_iov *data,
|
||||
@ -3815,7 +3815,7 @@ krb5_crypto_length_iov(krb5_context context,
|
||||
}
|
||||
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_encrypt_ivec(krb5_context context,
|
||||
krb5_crypto crypto,
|
||||
unsigned usage,
|
||||
@ -3834,7 +3834,7 @@ krb5_encrypt_ivec(krb5_context context,
|
||||
return encrypt_internal(context, crypto, data, len, result, ivec);
|
||||
}
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_encrypt(krb5_context context,
|
||||
krb5_crypto crypto,
|
||||
unsigned usage,
|
||||
@ -3845,7 +3845,7 @@ krb5_encrypt(krb5_context context,
|
||||
return krb5_encrypt_ivec(context, crypto, usage, data, len, result, NULL);
|
||||
}
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_encrypt_EncryptedData(krb5_context context,
|
||||
krb5_crypto crypto,
|
||||
unsigned usage,
|
||||
@ -3863,7 +3863,7 @@ krb5_encrypt_EncryptedData(krb5_context context,
|
||||
return krb5_encrypt(context, crypto, usage, data, len, &result->cipher);
|
||||
}
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_decrypt_ivec(krb5_context context,
|
||||
krb5_crypto crypto,
|
||||
unsigned usage,
|
||||
@ -3882,7 +3882,7 @@ krb5_decrypt_ivec(krb5_context context,
|
||||
return decrypt_internal(context, crypto, data, len, result, ivec);
|
||||
}
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_decrypt(krb5_context context,
|
||||
krb5_crypto crypto,
|
||||
unsigned usage,
|
||||
@ -3894,7 +3894,7 @@ krb5_decrypt(krb5_context context,
|
||||
NULL);
|
||||
}
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_decrypt_EncryptedData(krb5_context context,
|
||||
krb5_crypto crypto,
|
||||
unsigned usage,
|
||||
@ -3936,6 +3936,7 @@ seed_something(void)
|
||||
/* Calling RAND_status() will try to use /dev/urandom if it exists so
|
||||
we do not have to deal with it. */
|
||||
if (RAND_status() != 1) {
|
||||
#ifndef _WIN32
|
||||
krb5_context context;
|
||||
const char *p;
|
||||
|
||||
@ -3947,6 +3948,10 @@ seed_something(void)
|
||||
RAND_egd_bytes(p, ENTROPY_NEEDED);
|
||||
krb5_free_context(context);
|
||||
}
|
||||
#else
|
||||
/* TODO: Once a Windows CryptoAPI RAND method is defined, we
|
||||
can use that and failover to another method. */
|
||||
#endif
|
||||
}
|
||||
|
||||
if (RAND_status() == 1) {
|
||||
@ -3959,7 +3964,7 @@ seed_something(void)
|
||||
return -1;
|
||||
}
|
||||
|
||||
void KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION void KRB5_LIB_CALL
|
||||
krb5_generate_random_block(void *buf, size_t len)
|
||||
{
|
||||
static int rng_initialized = 0;
|
||||
@ -4083,7 +4088,7 @@ _new_derived_key(krb5_crypto crypto, unsigned usage)
|
||||
return &d->key;
|
||||
}
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_derive_key(krb5_context context,
|
||||
const krb5_keyblock *key,
|
||||
krb5_enctype etype,
|
||||
@ -4162,7 +4167,7 @@ _get_derived_key(krb5_context context,
|
||||
* @ingroup krb5_crypto
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_crypto_init(krb5_context context,
|
||||
const krb5_keyblock *key,
|
||||
krb5_enctype etype,
|
||||
@ -4244,7 +4249,7 @@ free_key_usage(krb5_context context, struct key_usage *ku,
|
||||
* @ingroup krb5_crypto
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_crypto_destroy(krb5_context context,
|
||||
krb5_crypto crypto)
|
||||
{
|
||||
@ -4270,7 +4275,7 @@ krb5_crypto_destroy(krb5_context context,
|
||||
* @ingroup krb5_crypto
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_crypto_getblocksize(krb5_context context,
|
||||
krb5_crypto crypto,
|
||||
size_t *blocksize)
|
||||
@ -4291,7 +4296,7 @@ krb5_crypto_getblocksize(krb5_context context,
|
||||
* @ingroup krb5_crypto
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_crypto_getenctype(krb5_context context,
|
||||
krb5_crypto crypto,
|
||||
krb5_enctype *enctype)
|
||||
@ -4312,7 +4317,7 @@ krb5_crypto_getenctype(krb5_context context,
|
||||
* @ingroup krb5_crypto
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_crypto_getpadsize(krb5_context context,
|
||||
krb5_crypto crypto,
|
||||
size_t *padsize)
|
||||
@ -4333,7 +4338,7 @@ krb5_crypto_getpadsize(krb5_context context,
|
||||
* @ingroup krb5_crypto
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_crypto_getconfoundersize(krb5_context context,
|
||||
krb5_crypto crypto,
|
||||
size_t *confoundersize)
|
||||
@ -4354,7 +4359,7 @@ krb5_crypto_getconfoundersize(krb5_context context,
|
||||
* @ingroup krb5_crypto
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_enctype_disable(krb5_context context,
|
||||
krb5_enctype enctype)
|
||||
{
|
||||
@ -4381,7 +4386,7 @@ krb5_enctype_disable(krb5_context context,
|
||||
* @ingroup krb5_crypto
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_enctype_enable(krb5_context context,
|
||||
krb5_enctype enctype)
|
||||
{
|
||||
@ -4398,7 +4403,7 @@ krb5_enctype_enable(krb5_context context,
|
||||
}
|
||||
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_string_to_key_derived(krb5_context context,
|
||||
const void *str,
|
||||
size_t len,
|
||||
@ -4570,7 +4575,7 @@ krb5_crypto_overhead (krb5_context context, krb5_crypto crypto)
|
||||
* @ingroup krb5_crypto
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_random_to_key(krb5_context context,
|
||||
krb5_enctype type,
|
||||
const void *data,
|
||||
@ -4862,7 +4867,7 @@ _krb5_pk_kdf(krb5_context context,
|
||||
}
|
||||
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_crypto_prf_length(krb5_context context,
|
||||
krb5_enctype type,
|
||||
size_t *length)
|
||||
@ -4880,7 +4885,7 @@ krb5_crypto_prf_length(krb5_context context,
|
||||
return 0;
|
||||
}
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_crypto_prf(krb5_context context,
|
||||
const krb5_crypto crypto,
|
||||
const krb5_data *input,
|
||||
@ -4971,7 +4976,7 @@ krb5_crypto_prfplus(krb5_context context,
|
||||
* @ingroup krb5_crypto
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_crypto_fx_cf2(krb5_context context,
|
||||
const krb5_crypto crypto1,
|
||||
const krb5_crypto crypto2,
|
||||
@ -5019,12 +5024,18 @@ krb5_crypto_fx_cf2(krb5_context context,
|
||||
|
||||
#ifndef HEIMDAL_SMALLER
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
/**
|
||||
* Deprecated: keytypes doesn't exists, they are really enctypes.
|
||||
*
|
||||
* @ingroup krb5_deprecated
|
||||
*/
|
||||
|
||||
KRB5_DEPRECATED
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_keytype_to_enctypes (krb5_context context,
|
||||
krb5_keytype keytype,
|
||||
unsigned *len,
|
||||
krb5_enctype **val)
|
||||
KRB5_DEPRECATED
|
||||
{
|
||||
int i;
|
||||
unsigned n = 0;
|
||||
@ -5059,12 +5070,18 @@ krb5_keytype_to_enctypes (krb5_context context,
|
||||
return 0;
|
||||
}
|
||||
|
||||
/**
|
||||
* Deprecated: keytypes doesn't exists, they are really enctypes.
|
||||
*
|
||||
* @ingroup krb5_deprecated
|
||||
*/
|
||||
|
||||
/* if two enctypes have compatible keys */
|
||||
krb5_boolean KRB5_LIB_FUNCTION
|
||||
KRB5_DEPRECATED
|
||||
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
|
||||
krb5_enctypes_compatible_keys(krb5_context context,
|
||||
krb5_enctype etype1,
|
||||
krb5_enctype etype2)
|
||||
KRB5_DEPRECATED
|
||||
{
|
||||
struct encryption_type *e1 = _find_enctype(etype1);
|
||||
struct encryption_type *e2 = _find_enctype(etype2);
|
||||
|
@ -41,7 +41,7 @@
|
||||
* @ingroup krb5
|
||||
*/
|
||||
|
||||
void KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION void KRB5_LIB_CALL
|
||||
krb5_data_zero(krb5_data *p)
|
||||
{
|
||||
p->length = 0;
|
||||
@ -59,7 +59,7 @@ krb5_data_zero(krb5_data *p)
|
||||
* @ingroup krb5
|
||||
*/
|
||||
|
||||
void KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION void KRB5_LIB_CALL
|
||||
krb5_data_free(krb5_data *p)
|
||||
{
|
||||
if(p->data != NULL)
|
||||
@ -76,7 +76,7 @@ krb5_data_free(krb5_data *p)
|
||||
* @ingroup krb5
|
||||
*/
|
||||
|
||||
void KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION void KRB5_LIB_CALL
|
||||
krb5_free_data(krb5_context context,
|
||||
krb5_data *p)
|
||||
{
|
||||
@ -96,7 +96,7 @@ krb5_free_data(krb5_context context,
|
||||
* @ingroup krb5
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_data_alloc(krb5_data *p, int len)
|
||||
{
|
||||
p->data = malloc(len);
|
||||
@ -118,7 +118,7 @@ krb5_data_alloc(krb5_data *p, int len)
|
||||
* @ingroup krb5
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_data_realloc(krb5_data *p, int len)
|
||||
{
|
||||
void *tmp;
|
||||
@ -143,7 +143,7 @@ krb5_data_realloc(krb5_data *p, int len)
|
||||
* @ingroup krb5
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_data_copy(krb5_data *p, const void *data, size_t len)
|
||||
{
|
||||
if (len) {
|
||||
@ -169,7 +169,7 @@ krb5_data_copy(krb5_data *p, const void *data, size_t len)
|
||||
* @ingroup krb5
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_copy_data(krb5_context context,
|
||||
const krb5_data *indata,
|
||||
krb5_data **outdata)
|
||||
@ -200,7 +200,7 @@ krb5_copy_data(krb5_context context,
|
||||
* @ingroup krb5
|
||||
*/
|
||||
|
||||
int KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION int KRB5_LIB_CALL
|
||||
krb5_data_cmp(const krb5_data *data1, const krb5_data *data2)
|
||||
{
|
||||
if (data1->length != data2->length)
|
||||
|
@ -31,7 +31,7 @@
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include <krb5_locl.h>
|
||||
#include "krb5_locl.h"
|
||||
|
||||
/**
|
||||
* Convert the getaddrinfo() error code to a Kerberos et error code.
|
||||
@ -44,7 +44,7 @@
|
||||
* @ingroup krb5_error
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_eai_to_heim_errno(int eai_errno, int system_error)
|
||||
{
|
||||
switch(eai_errno) {
|
||||
@ -74,8 +74,10 @@ krb5_eai_to_heim_errno(int eai_errno, int system_error)
|
||||
return HEIM_EAI_SERVICE;
|
||||
case EAI_SOCKTYPE:
|
||||
return HEIM_EAI_SOCKTYPE;
|
||||
#ifdef EAI_SYSTEM
|
||||
case EAI_SYSTEM:
|
||||
return system_error;
|
||||
#endif
|
||||
default:
|
||||
return HEIM_EAI_UNKNOWN; /* XXX */
|
||||
}
|
||||
@ -92,7 +94,7 @@ krb5_eai_to_heim_errno(int eai_errno, int system_error)
|
||||
* @ingroup krb5_error
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_h_errno_to_heim_errno(int eai_errno)
|
||||
{
|
||||
switch(eai_errno) {
|
||||
|
@ -44,7 +44,7 @@
|
||||
* @ingroup krb5_error
|
||||
*/
|
||||
|
||||
void KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION void KRB5_LIB_CALL
|
||||
krb5_clear_error_message(krb5_context context)
|
||||
{
|
||||
HEIMDAL_MUTEX_lock(context->mutex);
|
||||
@ -67,7 +67,7 @@ krb5_clear_error_message(krb5_context context)
|
||||
* @ingroup krb5_error
|
||||
*/
|
||||
|
||||
void KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION void KRB5_LIB_CALL
|
||||
krb5_set_error_message(krb5_context context, krb5_error_code ret,
|
||||
const char *fmt, ...)
|
||||
__attribute__ ((format (printf, 3, 4)))
|
||||
@ -91,7 +91,7 @@ krb5_set_error_message(krb5_context context, krb5_error_code ret,
|
||||
*/
|
||||
|
||||
|
||||
void KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION void KRB5_LIB_CALL
|
||||
krb5_vset_error_message (krb5_context context, krb5_error_code ret,
|
||||
const char *fmt, va_list args)
|
||||
__attribute__ ((format (printf, 3, 0)))
|
||||
@ -124,7 +124,7 @@ krb5_prepend_error_message(krb5_context context, krb5_error_code ret,
|
||||
va_list ap;
|
||||
|
||||
va_start(ap, fmt);
|
||||
krb5_vset_error_message (context, ret, fmt, ap);
|
||||
krb5_vprepend_error_message(context, ret, fmt, ap);
|
||||
va_end(ap);
|
||||
}
|
||||
|
||||
@ -140,8 +140,8 @@ krb5_prepend_error_message(krb5_context context, krb5_error_code ret,
|
||||
*/
|
||||
|
||||
void KRB5_LIB_FUNCTION
|
||||
krb5_vprepend_error_message (krb5_context context, krb5_error_code ret,
|
||||
const char *fmt, va_list args)
|
||||
krb5_vprepend_error_message(krb5_context context, krb5_error_code ret,
|
||||
const char *fmt, va_list args)
|
||||
__attribute__ ((format (printf, 3, 0)))
|
||||
{
|
||||
char *str, *str2;
|
||||
@ -179,7 +179,7 @@ krb5_vprepend_error_message (krb5_context context, krb5_error_code ret,
|
||||
* @ingroup krb5_error
|
||||
*/
|
||||
|
||||
char * KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION char * KRB5_LIB_CALL
|
||||
krb5_get_error_string(krb5_context context)
|
||||
{
|
||||
char *ret = NULL;
|
||||
@ -191,7 +191,7 @@ krb5_get_error_string(krb5_context context)
|
||||
return ret;
|
||||
}
|
||||
|
||||
krb5_boolean KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
|
||||
krb5_have_error_string(krb5_context context)
|
||||
{
|
||||
char *str;
|
||||
@ -214,7 +214,7 @@ krb5_have_error_string(krb5_context context)
|
||||
* @ingroup krb5_error
|
||||
*/
|
||||
|
||||
const char * KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL
|
||||
krb5_get_error_message(krb5_context context, krb5_error_code code)
|
||||
{
|
||||
char *str;
|
||||
@ -258,7 +258,7 @@ krb5_get_error_message(krb5_context context, krb5_error_code code)
|
||||
* @ingroup krb5_error
|
||||
*/
|
||||
|
||||
void KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION void KRB5_LIB_CALL
|
||||
krb5_free_error_message(krb5_context context, const char *msg)
|
||||
{
|
||||
free(rk_UNCONST(msg));
|
||||
@ -279,8 +279,9 @@ krb5_free_error_message(krb5_context context, const char *msg)
|
||||
* @ingroup krb5
|
||||
*/
|
||||
|
||||
const char* KRB5_LIB_FUNCTION
|
||||
krb5_get_err_text(krb5_context context, krb5_error_code code) KRB5_DEPRECATED
|
||||
KRB5_DEPRECATED
|
||||
KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
|
||||
krb5_get_err_text(krb5_context context, krb5_error_code code)
|
||||
{
|
||||
const char *p = NULL;
|
||||
if(context != NULL)
|
||||
|
@ -63,7 +63,7 @@ copy_hostname(krb5_context context,
|
||||
* @ingroup krb5_support
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_expand_hostname (krb5_context context,
|
||||
const char *orig_hostname,
|
||||
char **new_hostname)
|
||||
@ -140,7 +140,7 @@ vanilla_hostname (krb5_context context,
|
||||
* @ingroup krb5_support
|
||||
*/
|
||||
|
||||
krb5_error_code KRB5_LIB_FUNCTION
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_expand_hostname_realms (krb5_context context,
|
||||
const char *orig_hostname,
|
||||
char **new_hostname,
|
||||
|
@ -3,6 +3,8 @@
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
@ -97,7 +99,7 @@ _krb5_xlock(krb5_context context, int fd, krb5_boolean exclusive,
|
||||
break;
|
||||
default: {
|
||||
char buf[128];
|
||||
strerror_r(ret, buf, sizeof(buf));
|
||||
rk_strerror_r(ret, buf, sizeof(buf));
|
||||
krb5_set_error_message(context, ret,
|
||||
N_("error locking cache file %s: %s",
|
||||
"file, error"), filename, buf);
|
||||
@ -131,7 +133,7 @@ _krb5_xunlock(krb5_context context, int fd)
|
||||
break;
|
||||
default: {
|
||||
char buf[128];
|
||||
strerror_r(ret, buf, sizeof(buf));
|
||||
rk_strerror_r(ret, buf, sizeof(buf));
|
||||
krb5_set_error_message(context, ret,
|
||||
N_("Failed to unlock file: %s", ""), buf);
|
||||
break;
|
||||
@ -224,7 +226,11 @@ scrub_file (int fd)
|
||||
return errno;
|
||||
pos -= tmp;
|
||||
}
|
||||
#ifdef _MSC_VER
|
||||
_commit (fd);
|
||||
#else
|
||||
fsync (fd);
|
||||
#endif
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -318,6 +324,22 @@ fcc_gen_new(krb5_context context, krb5_ccache *id)
|
||||
N_("malloc: out of memory", ""));
|
||||
return KRB5_CC_NOMEM;
|
||||
}
|
||||
#ifdef KRB5_USE_PATH_TOKENS
|
||||
{
|
||||
char * exp_file = NULL;
|
||||
krb5_error_code ec;
|
||||
|
||||
ec = _krb5_expand_path_tokens(context, file, &exp_file);
|
||||
|
||||
if (ec == 0) {
|
||||
free(file);
|
||||
file = exp_file;
|
||||
} else {
|
||||
free(file);
|
||||
return ec;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
fd = mkstemp(file);
|
||||
if(fd < 0) {
|
||||
int ret = errno;
|
||||
@ -374,18 +396,10 @@ fcc_open(krb5_context context,
|
||||
fd = open(filename, flags, mode);
|
||||
if(fd < 0) {
|
||||
char buf[128];
|
||||
char *estr;
|
||||
ret = errno;
|
||||
buf[0] = 0;
|
||||
estr = (char *)strerror_r(ret, buf, sizeof(buf));
|
||||
if (buf[0] != 0) {
|
||||
/* we've got the BSD/XSI strerror_r, and it use the
|
||||
* buffer. Otherwise we have the GNU strerror_r, and
|
||||
* it used a static string. Ain't standards great? */
|
||||
estr = buf;
|
||||
}
|
||||
rk_strerror_r(ret, buf, sizeof(buf));
|
||||
krb5_set_error_message(context, ret, N_("open(%s): %s", "file, error"),
|
||||
filename, estr);
|
||||
filename, buf);
|
||||
return ret;
|
||||
}
|
||||
rk_cloexec(fd);
|
||||
@ -447,7 +461,7 @@ fcc_initialize(krb5_context context,
|
||||
if (ret == 0) {
|
||||
char buf[128];
|
||||
ret = errno;
|
||||
strerror_r(ret, buf, sizeof(buf));
|
||||
rk_strerror_r(ret, buf, sizeof(buf));
|
||||
krb5_set_error_message (context, ret, N_("close %s: %s", ""),
|
||||
FILENAME(id), buf);
|
||||
}
|
||||
@ -502,7 +516,7 @@ fcc_store_cred(krb5_context context,
|
||||
if (close(fd) < 0) {
|
||||
if (ret == 0) {
|
||||
char buf[128];
|
||||
strerror_r(ret, buf, sizeof(buf));
|
||||
rk_strerror_r(ret, buf, sizeof(buf));
|
||||
ret = errno;
|
||||
krb5_set_error_message (context, ret, N_("close %s: %s", ""),
|
||||
FILENAME(id), buf);
|
||||
@ -515,13 +529,17 @@ static krb5_error_code
|
||||
init_fcc (krb5_context context,
|
||||
krb5_ccache id,
|
||||
krb5_storage **ret_sp,
|
||||
int *ret_fd)
|
||||
int *ret_fd,
|
||||
krb5_deltat *kdc_offset)
|
||||
{
|
||||
int fd;
|
||||
int8_t pvno, tag;
|
||||
krb5_storage *sp;
|
||||
krb5_error_code ret;
|
||||
|
||||
if (kdc_offset)
|
||||
*kdc_offset = 0;
|
||||
|
||||
ret = fcc_open(context, id, &fd, O_RDONLY | O_BINARY | O_CLOEXEC, 0);
|
||||
if(ret)
|
||||
return ret;
|
||||
@ -597,8 +615,11 @@ init_fcc (krb5_context context,
|
||||
goto out;
|
||||
}
|
||||
switch (dtag) {
|
||||
case FCC_TAG_DELTATIME :
|
||||
ret = krb5_ret_int32 (sp, &context->kdc_sec_offset);
|
||||
case FCC_TAG_DELTATIME : {
|
||||
int32_t offset;
|
||||
|
||||
ret = krb5_ret_int32 (sp, &offset);
|
||||
ret |= krb5_ret_int32 (sp, &context->kdc_usec_offset);
|
||||
if(ret) {
|
||||
ret = KRB5_CC_FORMAT;
|
||||
krb5_set_error_message(context, ret,
|
||||
@ -607,16 +628,11 @@ init_fcc (krb5_context context,
|
||||
FILENAME(id));
|
||||
goto out;
|
||||
}
|
||||
ret = krb5_ret_int32 (sp, &context->kdc_usec_offset);
|
||||
if(ret) {
|
||||
ret = KRB5_CC_FORMAT;
|
||||
krb5_set_error_message(context, ret,
|
||||
N_("Error reading kdc_usec in "
|
||||
"cache file: %s", ""),
|
||||
FILENAME(id));
|
||||
goto out;
|
||||
}
|
||||
context->kdc_sec_offset = offset;
|
||||
if (kdc_offset)
|
||||
*kdc_offset = offset;
|
||||
break;
|
||||
}
|
||||
default :
|
||||
for (i = 0; i < data_len; ++i) {
|
||||
ret = krb5_ret_int8 (sp, &dummy);
|
||||
@ -668,7 +684,7 @@ fcc_get_principal(krb5_context context,
|
||||
int fd;
|
||||
krb5_storage *sp;
|
||||
|
||||
ret = init_fcc (context, id, &sp, &fd);
|
||||
ret = init_fcc (context, id, &sp, &fd, NULL);
|
||||
if (ret)
|
||||
return ret;
|
||||
ret = krb5_ret_principal(sp, principal);
|
||||
@ -701,7 +717,7 @@ fcc_get_first (krb5_context context,
|
||||
memset(*cursor, 0, sizeof(struct fcc_cursor));
|
||||
|
||||
ret = init_fcc (context, id, &FCC_CURSOR(*cursor)->sp,
|
||||
&FCC_CURSOR(*cursor)->fd);
|
||||
&FCC_CURSOR(*cursor)->fd, NULL);
|
||||
if (ret) {
|
||||
free(*cursor);
|
||||
*cursor = NULL;
|
||||
@ -871,7 +887,17 @@ fcc_get_cache_next(krb5_context context, krb5_cc_cursor cursor, krb5_ccache *id)
|
||||
return ret;
|
||||
fn = expandedfn;
|
||||
}
|
||||
/* check if file exists, don't return a non existant "next" */
|
||||
if (strncasecmp(fn, "FILE:", 5) == 0) {
|
||||
struct stat sb;
|
||||
ret = stat(fn + 5, &sb);
|
||||
if (ret) {
|
||||
ret = KRB5_CC_END;
|
||||
goto out;
|
||||
}
|
||||
}
|
||||
ret = krb5_cc_resolve(context, fn, id);
|
||||
out:
|
||||
if (expandedfn)
|
||||
free(expandedfn);
|
||||
|
||||
@ -892,10 +918,19 @@ fcc_move(krb5_context context, krb5_ccache from, krb5_ccache to)
|
||||
krb5_error_code ret = 0;
|
||||
|
||||
ret = rename(FILENAME(from), FILENAME(to));
|
||||
#ifdef RENAME_DOES_NOT_UNLINK
|
||||
if (ret && (errno == EEXIST || errno == EACCES)) {
|
||||
ret = unlink(FILENAME(to));
|
||||
if (ret == 0) {
|
||||
ret = rename(FILENAME(from), FILENAME(to));
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
if (ret && errno != EXDEV) {
|
||||
char buf[128];
|
||||
ret = errno;
|
||||
strerror_r(ret, buf, sizeof(buf));
|
||||
rk_strerror_r(ret, buf, sizeof(buf));
|
||||
krb5_set_error_message(context, ret,
|
||||
N_("Rename of file from %s "
|
||||
"to %s failed: %s", ""),
|
||||
@ -955,14 +990,14 @@ fcc_move(krb5_context context, krb5_ccache from, krb5_ccache to)
|
||||
{
|
||||
krb5_storage *sp;
|
||||
int fd;
|
||||
ret = init_fcc (context, to, &sp, &fd);
|
||||
ret = init_fcc (context, to, &sp, &fd, NULL);
|
||||
if (sp)
|
||||
krb5_storage_free(sp);
|
||||
fcc_unlock(context, fd);
|
||||
close(fd);
|
||||
}
|
||||
|
||||
fcc_destroy(context, from);
|
||||
fcc_close(context, from);
|
||||
|
||||
return ret;
|
||||
}
|
||||
@ -996,6 +1031,28 @@ fcc_lastchange(krb5_context context, krb5_ccache id, krb5_timestamp *mtime)
|
||||
return 0;
|
||||
}
|
||||
|
||||
static krb5_error_code
|
||||
fcc_set_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat kdc_offset)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
static krb5_error_code
|
||||
fcc_get_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat *kdc_offset)
|
||||
{
|
||||
krb5_error_code ret;
|
||||
krb5_storage *sp;
|
||||
int fd;
|
||||
ret = init_fcc(context, id, &sp, &fd, kdc_offset);
|
||||
if (sp)
|
||||
krb5_storage_free(sp);
|
||||
fcc_unlock(context, fd);
|
||||
close(fd);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Variable containing the FILE based credential cache implemention.
|
||||
*
|
||||
@ -1026,5 +1083,7 @@ KRB5_LIB_VARIABLE const krb5_cc_ops krb5_fcc_ops = {
|
||||
fcc_move,
|
||||
fcc_get_default_name,
|
||||
NULL,
|
||||
fcc_lastchange
|
||||
fcc_lastchange,
|
||||
fcc_set_kdc_offset,
|
||||
fcc_get_kdc_offset
|
||||
};
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user