Changeset 745 for trunk/server/source4/heimdal/lib/krb5
- Timestamp:
- Nov 27, 2012, 4:43:17 PM (13 years ago)
- Location:
- trunk/server
- Files:
-
- 1 deleted
- 83 edited
- 21 copied
Legend:
- Unmodified
- Added
- Removed
-
trunk/server
- Property svn:mergeinfo changed
/vendor/current merged: 581,587,591,594,597,600,615,618,740
- Property svn:mergeinfo changed
-
trunk/server/source4/heimdal/lib/krb5/acache.c
r414 r745 3 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 4 * All rights reserved. 5 * 6 * Portions Copyright (c) 2009 Apple Inc. All rights reserved. 5 7 * 6 8 * Redistribution and use in source and binary forms, with or without … … 38 40 #endif 39 41 42 #ifndef KCM_IS_API_CACHE 43 40 44 static HEIMDAL_MUTEX acc_mutex = HEIMDAL_MUTEX_INITIALIZER; 41 45 static cc_initialize_func init_func; 46 static void (KRB5_CALLCONV *set_target_uid)(uid_t); 47 static void (KRB5_CALLCONV *clear_target)(void); 48 42 49 #ifdef HAVE_DLOPEN 43 50 static void *cc_handle; … … 50 57 } krb5_acc; 51 58 52 static krb5_error_code acc_close(krb5_context, krb5_ccache);59 static krb5_error_code KRB5_CALLCONV acc_close(krb5_context, krb5_ccache); 53 60 54 61 #define ACACHE(X) ((krb5_acc *)(X)->data.data) … … 83 90 init_ccapi(krb5_context context) 84 91 { 85 const char *lib ;92 const char *lib = NULL; 86 93 87 94 HEIMDAL_MUTEX_lock(&acc_mutex); 88 95 if (init_func) { 89 96 HEIMDAL_MUTEX_unlock(&acc_mutex); 90 krb5_clear_error_message(context); 97 if (context) 98 krb5_clear_error_message(context); 91 99 return 0; 92 100 } 93 101 94 lib = krb5_config_get_string(context, NULL, 95 "libdefaults", "ccapi_library", 96 NULL); 102 if (context) 103 lib = krb5_config_get_string(context, NULL, 104 "libdefaults", "ccapi_library", 105 NULL); 97 106 if (lib == NULL) { 98 107 #ifdef __APPLE__ 99 108 lib = "/System/Library/Frameworks/Kerberos.framework/Kerberos"; 109 #elif defined(KRB5_USE_PATH_TOKENS) && defined(_WIN32) 110 lib = "%{LIBDIR}/libkrb5_cc.dll"; 100 111 #else 101 112 lib = "/usr/lib/libkrb5_cc.so"; … … 108 119 #define RTLD_LAZY 0 109 120 #endif 110 111 cc_handle = dlopen(lib, RTLD_LAZY); 121 #ifndef RTLD_LOCAL 122 #define RTLD_LOCAL 0 123 #endif 124 125 #ifdef KRB5_USE_PATH_TOKENS 126 { 127 char * explib = NULL; 128 if (_krb5_expand_path_tokens(context, lib, &explib) == 0) { 129 cc_handle = dlopen(explib, RTLD_LAZY|RTLD_LOCAL); 130 free(explib); 131 } 132 } 133 #else 134 cc_handle = dlopen(lib, RTLD_LAZY|RTLD_LOCAL); 135 #endif 136 112 137 if (cc_handle == NULL) { 113 138 HEIMDAL_MUTEX_unlock(&acc_mutex); 114 krb5_set_error_message(context, KRB5_CC_NOSUPP, 115 N_("Failed to load API cache module %s", "file"), 116 lib); 139 if (context) 140 krb5_set_error_message(context, KRB5_CC_NOSUPP, 141 N_("Failed to load API cache module %s", "file"), 142 lib); 117 143 return KRB5_CC_NOSUPP; 118 144 } 119 145 120 146 init_func = (cc_initialize_func)dlsym(cc_handle, "cc_initialize"); 147 set_target_uid = (void (KRB5_CALLCONV *)(uid_t)) 148 dlsym(cc_handle, "krb5_ipc_client_set_target_uid"); 149 clear_target = (void (KRB5_CALLCONV *)(void)) 150 dlsym(cc_handle, "krb5_ipc_client_clear_target"); 121 151 HEIMDAL_MUTEX_unlock(&acc_mutex); 122 152 if (init_func == NULL) { 123 krb5_set_error_message(context, KRB5_CC_NOSUPP, 124 N_("Failed to find cc_initialize" 125 "in %s: %s", "file, error"), lib, dlerror()); 153 if (context) 154 krb5_set_error_message(context, KRB5_CC_NOSUPP, 155 N_("Failed to find cc_initialize" 156 "in %s: %s", "file, error"), lib, dlerror()); 126 157 dlclose(cc_handle); 127 158 return KRB5_CC_NOSUPP; … … 131 162 #else 132 163 HEIMDAL_MUTEX_unlock(&acc_mutex); 133 krb5_set_error_message(context, KRB5_CC_NOSUPP, 134 N_("no support for shared object", "")); 164 if (context) 165 krb5_set_error_message(context, KRB5_CC_NOSUPP, 166 N_("no support for shared object", "")); 135 167 return KRB5_CC_NOSUPP; 136 168 #endif 169 } 170 171 void 172 _heim_krb5_ipc_client_set_target_uid(uid_t uid) 173 { 174 init_ccapi(NULL); 175 if (set_target_uid != NULL) 176 (*set_target_uid)(uid); 177 } 178 179 void 180 _heim_krb5_ipc_client_clear_target(void) 181 { 182 init_ccapi(NULL); 183 if (clear_target != NULL) 184 (*clear_target)(); 137 185 } 138 186 … … 406 454 407 455 408 static const char* 456 static const char* KRB5_CALLCONV 409 457 acc_get_name(krb5_context context, 410 458 krb5_ccache id) … … 443 491 } 444 492 445 static krb5_error_code 493 static krb5_error_code KRB5_CALLCONV 446 494 acc_alloc(krb5_context context, krb5_ccache *id) 447 495 { … … 473 521 } 474 522 475 static krb5_error_code 523 static krb5_error_code KRB5_CALLCONV 476 524 acc_resolve(krb5_context context, krb5_ccache *id, const char *res) 477 525 { … … 513 561 } 514 562 515 static krb5_error_code 563 static krb5_error_code KRB5_CALLCONV 516 564 acc_gen_new(krb5_context context, krb5_ccache *id) 517 565 { … … 531 579 } 532 580 533 static krb5_error_code 581 static krb5_error_code KRB5_CALLCONV 534 582 acc_initialize(krb5_context context, 535 583 krb5_ccache id, … … 585 633 } 586 634 587 static krb5_error_code 635 static krb5_error_code KRB5_CALLCONV 588 636 acc_close(krb5_context context, 589 637 krb5_ccache id) … … 607 655 } 608 656 609 static krb5_error_code 657 static krb5_error_code KRB5_CALLCONV 610 658 acc_destroy(krb5_context context, 611 659 krb5_ccache id) … … 625 673 } 626 674 627 static krb5_error_code 675 static krb5_error_code KRB5_CALLCONV 628 676 acc_store_cred(krb5_context context, 629 677 krb5_ccache id, … … 660 708 } 661 709 662 static krb5_error_code 710 static krb5_error_code KRB5_CALLCONV 663 711 acc_get_principal(krb5_context context, 664 712 krb5_ccache id, … … 688 736 } 689 737 690 static krb5_error_code 738 static krb5_error_code KRB5_CALLCONV 691 739 acc_get_first (krb5_context context, 692 740 krb5_ccache id, … … 713 761 714 762 715 static krb5_error_code 763 static krb5_error_code KRB5_CALLCONV 716 764 acc_get_next (krb5_context context, 717 765 krb5_ccache id, … … 740 788 } 741 789 742 static krb5_error_code 790 static krb5_error_code KRB5_CALLCONV 743 791 acc_end_get (krb5_context context, 744 792 krb5_ccache id, … … 750 798 } 751 799 752 static krb5_error_code 800 static krb5_error_code KRB5_CALLCONV 753 801 acc_remove_cred(krb5_context context, 754 802 krb5_ccache id, … … 826 874 } 827 875 828 static krb5_error_code 876 static krb5_error_code KRB5_CALLCONV 829 877 acc_set_flags(krb5_context context, 830 878 krb5_ccache id, … … 834 882 } 835 883 836 static int 884 static int KRB5_CALLCONV 837 885 acc_get_version(krb5_context context, 838 886 krb5_ccache id) … … 846 894 }; 847 895 848 static krb5_error_code 896 static krb5_error_code KRB5_CALLCONV 849 897 acc_get_cache_first(krb5_context context, krb5_cc_cursor *cursor) 850 898 { … … 880 928 } 881 929 882 static krb5_error_code 930 static krb5_error_code KRB5_CALLCONV 883 931 acc_get_cache_next(krb5_context context, krb5_cc_cursor cursor, krb5_ccache *id) 884 932 { … … 918 966 } 919 967 920 static krb5_error_code 968 static krb5_error_code KRB5_CALLCONV 921 969 acc_end_cache_get(krb5_context context, krb5_cc_cursor cursor) 922 970 { … … 931 979 } 932 980 933 static krb5_error_code 981 static krb5_error_code KRB5_CALLCONV 934 982 acc_move(krb5_context context, krb5_ccache from, krb5_ccache to) 935 983 { … … 963 1011 } 964 1012 965 static krb5_error_code 1013 static krb5_error_code KRB5_CALLCONV 966 1014 acc_get_default_name(krb5_context context, char **str) 967 1015 { … … 985 1033 } 986 1034 987 asprintf(str, "API:%s", name->data);1035 error = asprintf(str, "API:%s", name->data); 988 1036 (*name->func->release)(name); 989 1037 (*cc->func->release)(cc); 990 1038 991 if ( *str == NULL) {1039 if (error < 0 || *str == NULL) { 992 1040 krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); 993 1041 return ENOMEM; … … 996 1044 } 997 1045 998 static krb5_error_code 1046 static krb5_error_code KRB5_CALLCONV 999 1047 acc_set_default(krb5_context context, krb5_ccache id) 1000 1048 { … … 1015 1063 } 1016 1064 1017 static krb5_error_code 1065 static krb5_error_code KRB5_CALLCONV 1018 1066 acc_lastchange(krb5_context context, krb5_ccache id, krb5_timestamp *mtime) 1019 1067 { … … 1069 1117 acc_lastchange 1070 1118 }; 1119 1120 #endif -
trunk/server/source4/heimdal/lib/krb5/add_et_list.c
r414 r745 48 48 */ 49 49 50 krb5_error_code KRB5_LIB_FUNCTION 50 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 51 51 krb5_add_et_list (krb5_context context, 52 52 void (*func)(struct et_list **)) -
trunk/server/source4/heimdal/lib/krb5/addr_families.c
r414 r745 176 176 } else 177 177 p = address; 178 #ifdef HAVE_INET_ATON179 178 if(inet_aton(p, &a) == 0) 180 179 return -1; 181 #elif defined(HAVE_INET_ADDR)182 a.s_addr = inet_addr(p);183 if(a.s_addr == INADDR_NONE)184 return -1;185 #else186 return -1;187 #endif188 180 addr->addr_type = KRB5_ADDRESS_INET; 189 181 if(krb5_data_alloc(&addr->address, 4) != 0) … … 340 332 { 341 333 char buf[128], buf2[3]; 342 #ifdef HAVE_INET_NTOP343 334 if(inet_ntop(AF_INET6, addr->address.data, buf, sizeof(buf)) == NULL) 344 #endif345 335 { 346 336 /* XXX this is pretty ugly, but better than abort() */ … … 791 781 */ 792 782 793 krb5_error_code KRB5_LIB_FUNCTION 783 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 794 784 krb5_sockaddr2address (krb5_context context, 795 785 const struct sockaddr *sa, krb5_address *addr) … … 819 809 */ 820 810 821 krb5_error_code KRB5_LIB_FUNCTION 811 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 822 812 krb5_sockaddr2port (krb5_context context, 823 813 const struct sockaddr *sa, int16_t *port) … … 854 844 */ 855 845 856 krb5_error_code KRB5_LIB_FUNCTION 846 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 857 847 krb5_addr2sockaddr (krb5_context context, 858 848 const krb5_address *addr, … … 890 880 */ 891 881 892 size_t KRB5_LIB_FUNCTION 882 KRB5_LIB_FUNCTION size_t KRB5_LIB_CALL 893 883 krb5_max_sockaddr_size (void) 894 884 { … … 914 904 */ 915 905 916 krb5_boolean KRB5_LIB_FUNCTION 906 KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL 917 907 krb5_sockaddr_uninteresting(const struct sockaddr *sa) 918 908 { … … 942 932 */ 943 933 944 krb5_error_code KRB5_LIB_FUNCTION 934 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 945 935 krb5_h_addr2sockaddr (krb5_context context, 946 936 int af, … … 973 963 */ 974 964 975 krb5_error_code KRB5_LIB_FUNCTION 965 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 976 966 krb5_h_addr2addr (krb5_context context, 977 967 int af, … … 1004 994 */ 1005 995 1006 krb5_error_code KRB5_LIB_FUNCTION 996 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1007 997 krb5_anyaddr (krb5_context context, 1008 998 int af, … … 1039 1029 */ 1040 1030 1041 krb5_error_code KRB5_LIB_FUNCTION 1031 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1042 1032 krb5_print_address (const krb5_address *addr, 1043 1033 char *str, size_t len, size_t *ret_len) … … 1089 1079 */ 1090 1080 1091 krb5_error_code KRB5_LIB_FUNCTION 1081 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1092 1082 krb5_parse_address(krb5_context context, 1093 1083 const char *string, … … 1170 1160 */ 1171 1161 1172 int KRB5_LIB_FUNCTION 1162 KRB5_LIB_FUNCTION int KRB5_LIB_CALL 1173 1163 krb5_address_order(krb5_context context, 1174 1164 const krb5_address *addr1, … … 1219 1209 */ 1220 1210 1221 krb5_boolean KRB5_LIB_FUNCTION 1211 KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL 1222 1212 krb5_address_compare(krb5_context context, 1223 1213 const krb5_address *addr1, … … 1240 1230 */ 1241 1231 1242 krb5_boolean KRB5_LIB_FUNCTION 1232 KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL 1243 1233 krb5_address_search(krb5_context context, 1244 1234 const krb5_address *addr, … … 1265 1255 */ 1266 1256 1267 krb5_error_code KRB5_LIB_FUNCTION 1257 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1268 1258 krb5_free_address(krb5_context context, 1269 1259 krb5_address *address) … … 1289 1279 */ 1290 1280 1291 krb5_error_code KRB5_LIB_FUNCTION 1281 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1292 1282 krb5_free_addresses(krb5_context context, 1293 1283 krb5_addresses *addresses) … … 1315 1305 */ 1316 1306 1317 krb5_error_code KRB5_LIB_FUNCTION 1307 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1318 1308 krb5_copy_address(krb5_context context, 1319 1309 const krb5_address *inaddr, … … 1339 1329 */ 1340 1330 1341 krb5_error_code KRB5_LIB_FUNCTION 1331 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1342 1332 krb5_copy_addresses(krb5_context context, 1343 1333 const krb5_addresses *inaddr, … … 1366 1356 */ 1367 1357 1368 krb5_error_code KRB5_LIB_FUNCTION 1358 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1369 1359 krb5_append_addresses(krb5_context context, 1370 1360 krb5_addresses *dest, … … 1410 1400 */ 1411 1401 1412 krb5_error_code KRB5_LIB_FUNCTION 1402 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1413 1403 krb5_make_addrport (krb5_context context, 1414 1404 krb5_address **res, const krb5_address *addr, int16_t port) … … 1477 1467 */ 1478 1468 1479 krb5_error_code KRB5_LIB_FUNCTION 1469 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1480 1470 krb5_address_prefixlen_boundary(krb5_context context, 1481 1471 const krb5_address *inaddr, -
trunk/server/source4/heimdal/lib/krb5/appdefault.c
r414 r745 34 34 #include "krb5_locl.h" 35 35 36 void KRB5_LIB_FUNCTION 36 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 37 37 krb5_appdefault_boolean(krb5_context context, const char *appname, 38 38 krb5_const_realm realm, const char *option, … … 76 76 } 77 77 78 void KRB5_LIB_FUNCTION 78 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 79 79 krb5_appdefault_string(krb5_context context, const char *appname, 80 80 krb5_const_realm realm, const char *option, … … 120 120 } 121 121 122 void KRB5_LIB_FUNCTION 122 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 123 123 krb5_appdefault_time(krb5_context context, const char *appname, 124 124 krb5_const_realm realm, const char *option, -
trunk/server/source4/heimdal/lib/krb5/asn1_glue.c
r414 r745 38 38 #include "krb5_locl.h" 39 39 40 krb5_error_code KRB5_LIB_FUNCTION 40 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 41 41 _krb5_principal2principalname (PrincipalName *p, 42 42 const krb5_principal from) … … 45 45 } 46 46 47 krb5_error_code KRB5_LIB_FUNCTION 47 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 48 48 _krb5_principalname2krb5_principal (krb5_context context, 49 49 krb5_principal *principal, -
trunk/server/source4/heimdal/lib/krb5/auth_context.c
r414 r745 34 34 #include "krb5_locl.h" 35 35 36 krb5_error_code KRB5_LIB_FUNCTION 36 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 37 37 krb5_auth_con_init(krb5_context context, 38 38 krb5_auth_context *auth_context) … … 65 65 } 66 66 67 krb5_error_code KRB5_LIB_FUNCTION 67 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 68 68 krb5_auth_con_free(krb5_context context, 69 69 krb5_auth_context auth_context) … … 87 87 } 88 88 89 krb5_error_code KRB5_LIB_FUNCTION 89 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 90 90 krb5_auth_con_setflags(krb5_context context, 91 91 krb5_auth_context auth_context, … … 97 97 98 98 99 krb5_error_code KRB5_LIB_FUNCTION 99 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 100 100 krb5_auth_con_getflags(krb5_context context, 101 101 krb5_auth_context auth_context, … … 106 106 } 107 107 108 krb5_error_code KRB5_LIB_FUNCTION 108 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 109 109 krb5_auth_con_addflags(krb5_context context, 110 110 krb5_auth_context auth_context, … … 118 118 } 119 119 120 krb5_error_code KRB5_LIB_FUNCTION 120 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 121 121 krb5_auth_con_removeflags(krb5_context context, 122 122 krb5_auth_context auth_context, … … 130 130 } 131 131 132 krb5_error_code KRB5_LIB_FUNCTION 132 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 133 133 krb5_auth_con_setaddrs(krb5_context context, 134 134 krb5_auth_context auth_context, … … 155 155 } 156 156 157 krb5_error_code KRB5_LIB_FUNCTION 157 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 158 158 krb5_auth_con_genaddrs(krb5_context context, 159 159 krb5_auth_context auth_context, 160 int fd, int flags)160 krb5_socket_t fd, int flags) 161 161 { 162 162 krb5_error_code ret; … … 171 171 if (auth_context->local_address == NULL) { 172 172 len = sizeof(ss_local); 173 if( getsockname(fd, local, &len) < 0) {174 ret = errno;175 krb5_set_error_message(context, ret,176 "getsockname: %s",177 strerror(ret));173 if(rk_IS_SOCKET_ERROR(getsockname(fd, local, &len))) { 174 char buf[128]; 175 ret = rk_SOCK_ERRNO; 176 rk_strerror_r(ret, buf, sizeof(buf)); 177 krb5_set_error_message(context, ret, "getsockname: %s", buf); 178 178 goto out; 179 179 } … … 189 189 if(flags & KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR) { 190 190 len = sizeof(ss_remote); 191 if(getpeername(fd, remote, &len) < 0) { 192 ret = errno; 193 krb5_set_error_message(context, ret, 194 "getpeername: %s", strerror(ret)); 191 if(rk_IS_SOCKET_ERROR(getpeername(fd, remote, &len))) { 192 char buf[128]; 193 ret = rk_SOCK_ERRNO; 194 rk_strerror_r(ret, buf, sizeof(buf)); 195 krb5_set_error_message(context, ret, "getpeername: %s", buf); 195 196 goto out; 196 197 } … … 216 217 } 217 218 218 krb5_error_code KRB5_LIB_FUNCTION 219 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 219 220 krb5_auth_con_setaddrs_from_fd (krb5_context context, 220 221 krb5_auth_context auth_context, 221 222 void *p_fd) 222 223 { 223 int fd = *(int*)p_fd;224 krb5_socket_t fd = *(krb5_socket_t *)p_fd; 224 225 int flags = 0; 225 226 if(auth_context->local_address == NULL) … … 230 231 } 231 232 232 krb5_error_code KRB5_LIB_FUNCTION 233 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 233 234 krb5_auth_con_getaddrs(krb5_context context, 234 235 krb5_auth_context auth_context, … … 273 274 } 274 275 275 krb5_error_code KRB5_LIB_FUNCTION 276 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 276 277 krb5_auth_con_getkey(krb5_context context, 277 278 krb5_auth_context auth_context, … … 281 282 } 282 283 283 krb5_error_code KRB5_LIB_FUNCTION 284 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 284 285 krb5_auth_con_getlocalsubkey(krb5_context context, 285 286 krb5_auth_context auth_context, … … 289 290 } 290 291 291 krb5_error_code KRB5_LIB_FUNCTION 292 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 292 293 krb5_auth_con_getremotesubkey(krb5_context context, 293 294 krb5_auth_context auth_context, … … 297 298 } 298 299 299 krb5_error_code KRB5_LIB_FUNCTION 300 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 300 301 krb5_auth_con_setkey(krb5_context context, 301 302 krb5_auth_context auth_context, … … 307 308 } 308 309 309 krb5_error_code KRB5_LIB_FUNCTION 310 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 310 311 krb5_auth_con_setlocalsubkey(krb5_context context, 311 312 krb5_auth_context auth_context, … … 317 318 } 318 319 319 krb5_error_code KRB5_LIB_FUNCTION 320 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 320 321 krb5_auth_con_generatelocalsubkey(krb5_context context, 321 322 krb5_auth_context auth_context, … … 337 338 338 339 339 krb5_error_code KRB5_LIB_FUNCTION 340 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 340 341 krb5_auth_con_setremotesubkey(krb5_context context, 341 342 krb5_auth_context auth_context, … … 347 348 } 348 349 349 krb5_error_code KRB5_LIB_FUNCTION 350 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 350 351 krb5_auth_con_setcksumtype(krb5_context context, 351 352 krb5_auth_context auth_context, … … 356 357 } 357 358 358 krb5_error_code KRB5_LIB_FUNCTION 359 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 359 360 krb5_auth_con_getcksumtype(krb5_context context, 360 361 krb5_auth_context auth_context, … … 365 366 } 366 367 367 krb5_error_code KRB5_LIB_FUNCTION 368 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 368 369 krb5_auth_con_setkeytype (krb5_context context, 369 370 krb5_auth_context auth_context, … … 374 375 } 375 376 376 krb5_error_code KRB5_LIB_FUNCTION 377 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 377 378 krb5_auth_con_getkeytype (krb5_context context, 378 379 krb5_auth_context auth_context, … … 384 385 385 386 #if 0 386 krb5_error_code KRB5_LIB_FUNCTION 387 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 387 388 krb5_auth_con_setenctype(krb5_context context, 388 389 krb5_auth_context auth_context, … … 398 399 } 399 400 400 krb5_error_code KRB5_LIB_FUNCTION 401 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 401 402 krb5_auth_con_getenctype(krb5_context context, 402 403 krb5_auth_context auth_context, … … 407 408 #endif 408 409 409 krb5_error_code KRB5_LIB_FUNCTION 410 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 410 411 krb5_auth_con_getlocalseqnumber(krb5_context context, 411 412 krb5_auth_context auth_context, … … 416 417 } 417 418 418 krb5_error_code KRB5_LIB_FUNCTION 419 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 419 420 krb5_auth_con_setlocalseqnumber (krb5_context context, 420 421 krb5_auth_context auth_context, … … 425 426 } 426 427 427 krb5_error_code KRB5_LIB_FUNCTION 428 krb5_auth_ getremoteseqnumber(krb5_context context,429 430 428 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 429 krb5_auth_con_getremoteseqnumber(krb5_context context, 430 krb5_auth_context auth_context, 431 int32_t *seqnumber) 431 432 { 432 433 *seqnumber = auth_context->remote_seqnumber; … … 434 435 } 435 436 436 krb5_error_code KRB5_LIB_FUNCTION 437 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 437 438 krb5_auth_con_setremoteseqnumber (krb5_context context, 438 439 krb5_auth_context auth_context, … … 444 445 445 446 446 krb5_error_code KRB5_LIB_FUNCTION 447 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 447 448 krb5_auth_con_getauthenticator(krb5_context context, 448 449 krb5_auth_context auth_context, … … 461 462 462 463 463 void KRB5_LIB_FUNCTION 464 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 464 465 krb5_free_authenticator(krb5_context context, 465 466 krb5_authenticator *authenticator) … … 471 472 472 473 473 krb5_error_code KRB5_LIB_FUNCTION 474 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 474 475 krb5_auth_con_setuserkey(krb5_context context, 475 476 krb5_auth_context auth_context, … … 481 482 } 482 483 483 krb5_error_code KRB5_LIB_FUNCTION 484 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 484 485 krb5_auth_con_getrcache(krb5_context context, 485 486 krb5_auth_context auth_context, … … 490 491 } 491 492 492 krb5_error_code KRB5_LIB_FUNCTION 493 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 493 494 krb5_auth_con_setrcache(krb5_context context, 494 495 krb5_auth_context auth_context, … … 501 502 #if 0 /* not implemented */ 502 503 503 krb5_error_code KRB5_LIB_FUNCTION 504 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 504 505 krb5_auth_con_initivector(krb5_context context, 505 506 krb5_auth_context auth_context) … … 509 510 510 511 511 krb5_error_code KRB5_LIB_FUNCTION 512 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 512 513 krb5_auth_con_setivector(krb5_context context, 513 514 krb5_auth_context auth_context, -
trunk/server/source4/heimdal/lib/krb5/build_ap_req.c
r414 r745 32 32 */ 33 33 34 #include <krb5_locl.h>34 #include "krb5_locl.h" 35 35 36 krb5_error_code KRB5_LIB_FUNCTION 36 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 37 37 krb5_build_ap_req (krb5_context context, 38 38 krb5_enctype enctype, -
trunk/server/source4/heimdal/lib/krb5/build_auth.c
r414 r745 32 32 */ 33 33 34 #include <krb5_locl.h>34 #include "krb5_locl.h" 35 35 36 36 static krb5_error_code … … 100 100 } 101 101 102 krb5_error_code KRB5_LIB_FUNCTION 103 krb5_build_authenticator (krb5_context context, 104 krb5_auth_context auth_context, 105 krb5_enctype enctype, 106 krb5_creds *cred, 107 Checksum *cksum, 108 Authenticator **auth_result, 109 krb5_data *result, 110 krb5_key_usage usage) 102 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 103 _krb5_build_authenticator (krb5_context context, 104 krb5_auth_context auth_context, 105 krb5_enctype enctype, 106 krb5_creds *cred, 107 Checksum *cksum, 108 krb5_data *result, 109 krb5_key_usage usage) 111 110 { 112 Authenticator *auth;111 Authenticator auth; 113 112 u_char *buf = NULL; 114 113 size_t buf_size; … … 117 116 krb5_crypto crypto; 118 117 119 auth = calloc(1, sizeof(*auth)); 120 if (auth == NULL) { 121 krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); 122 return ENOMEM; 123 } 118 memset(&auth, 0, sizeof(auth)); 124 119 125 auth ->authenticator_vno = 5;126 copy_Realm(&cred->client->realm, &auth ->crealm);127 copy_PrincipalName(&cred->client->name, &auth ->cname);120 auth.authenticator_vno = 5; 121 copy_Realm(&cred->client->realm, &auth.crealm); 122 copy_PrincipalName(&cred->client->name, &auth.cname); 128 123 129 krb5_us_timeofday (context, &auth ->ctime, &auth->cusec);124 krb5_us_timeofday (context, &auth.ctime, &auth.cusec); 130 125 131 ret = krb5_auth_con_getlocalsubkey(context, auth_context, &auth ->subkey);126 ret = krb5_auth_con_getlocalsubkey(context, auth_context, &auth.subkey); 132 127 if(ret) 133 128 goto fail; … … 138 133 &cred->session, 139 134 &auth_context->local_seqnumber); 140 ALLOC(auth ->seq_number, 1);141 if(auth ->seq_number == NULL) {135 ALLOC(auth.seq_number, 1); 136 if(auth.seq_number == NULL) { 142 137 ret = ENOMEM; 143 138 goto fail; 144 139 } 145 *auth ->seq_number = auth_context->local_seqnumber;140 *auth.seq_number = auth_context->local_seqnumber; 146 141 } else 147 auth->seq_number = NULL; 148 auth->authorization_data = NULL; 149 auth->cksum = cksum; 142 auth.seq_number = NULL; 143 auth.authorization_data = NULL; 150 144 151 if (cksum != NULL && cksum->cksumtype == CKSUMTYPE_GSSAPI) { 152 /* 153 * This is not GSS-API specific, we only enable it for 154 * GSS for now 155 */ 156 ret = make_etypelist(context, &auth->authorization_data); 145 if (cksum) { 146 ALLOC(auth.cksum, 1); 147 if (auth.cksum == NULL) { 148 ret = ENOMEM; 149 goto fail; 150 } 151 ret = copy_Checksum(cksum, auth.cksum); 157 152 if (ret) 158 153 goto fail; 154 155 if (auth.cksum->cksumtype == CKSUMTYPE_GSSAPI) { 156 /* 157 * This is not GSS-API specific, we only enable it for 158 * GSS for now 159 */ 160 ret = make_etypelist(context, &auth.authorization_data); 161 if (ret) 162 goto fail; 163 } 159 164 } 160 165 161 166 /* XXX - Copy more to auth_context? */ 162 167 163 auth_context->authenticator->ctime = auth ->ctime;164 auth_context->authenticator->cusec = auth ->cusec;168 auth_context->authenticator->ctime = auth.ctime; 169 auth_context->authenticator->cusec = auth.cusec; 165 170 166 ASN1_MALLOC_ENCODE(Authenticator, buf, buf_size, auth, &len, ret);171 ASN1_MALLOC_ENCODE(Authenticator, buf, buf_size, &auth, &len, ret); 167 172 if (ret) 168 173 goto fail; … … 176 181 crypto, 177 182 usage /* KRB5_KU_AP_REQ_AUTH */, 178 buf + buf_size - len,183 buf, 179 184 len, 180 185 result); … … 184 189 goto fail; 185 190 191 fail: 192 free_Authenticator (&auth); 186 193 free (buf); 187 194 188 if (auth_result)189 *auth_result = auth;190 else {191 /* Don't free the `cksum', it's allocated by the caller */192 auth->cksum = NULL;193 free_Authenticator (auth);194 free (auth);195 }196 return ret;197 fail:198 free_Authenticator (auth);199 free (auth);200 free (buf);201 195 return ret; 202 196 } -
trunk/server/source4/heimdal/lib/krb5/cache.c
r414 r745 3 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 4 * All rights reserved. 5 * 6 * Portions Copyright (c) 2009 Apple Inc. All rights reserved. 5 7 * 6 8 * Redistribution and use in source and binary forms, with or without … … 82 84 char *principal; 83 85 84 krb5_unparse_name _short(context, creds.server, &principal);86 krb5_unparse_name(context, creds.server, &principal); 85 87 printf("principal: %s\\n", principal); 86 88 free(principal); … … 113 115 */ 114 116 115 krb5_error_code KRB5_LIB_FUNCTION 117 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 116 118 krb5_cc_register(krb5_context context, 117 119 const krb5_cc_ops *ops, … … 120 122 int i; 121 123 122 for(i = 0; i < context->num_cc_ops && context->cc_ops[i] .prefix; i++) {123 if(strcmp(context->cc_ops[i] .prefix, ops->prefix) == 0) {124 for(i = 0; i < context->num_cc_ops && context->cc_ops[i]->prefix; i++) { 125 if(strcmp(context->cc_ops[i]->prefix, ops->prefix) == 0) { 124 126 if(!override) { 125 127 krb5_set_error_message(context, … … 133 135 } 134 136 if(i == context->num_cc_ops) { 135 krb5_cc_ops *o = realloc(context->cc_ops,136 137 sizeof(*context->cc_ops));137 const krb5_cc_ops **o = realloc(rk_UNCONST(context->cc_ops), 138 (context->num_cc_ops + 1) * 139 sizeof(context->cc_ops[0])); 138 140 if(o == NULL) { 139 141 krb5_set_error_message(context, KRB5_CC_NOMEM, … … 141 143 return KRB5_CC_NOMEM; 142 144 } 145 context->cc_ops = o; 146 context->cc_ops[context->num_cc_ops] = NULL; 143 147 context->num_cc_ops++; 144 context->cc_ops = o; 145 memset(context->cc_ops + i, 0, 146 (context->num_cc_ops - i) * sizeof(*context->cc_ops)); 147 } 148 memcpy(&context->cc_ops[i], ops, sizeof(context->cc_ops[i])); 148 } 149 context->cc_ops[i] = ops; 149 150 return 0; 150 151 } … … 186 187 { 187 188 krb5_error_code ret; 188 189 ret = _krb5_cc_allocate(context, ops, id); 189 #ifdef KRB5_USE_PATH_TOKENS 190 char * exp_residual = NULL; 191 192 ret = _krb5_expand_path_tokens(context, residual, &exp_residual); 190 193 if (ret) 191 194 return ret; 195 196 residual = exp_residual; 197 #endif 198 199 ret = _krb5_cc_allocate(context, ops, id); 200 if (ret) { 201 #ifdef KRB5_USE_PATH_TOKENS 202 if (exp_residual) 203 free(exp_residual); 204 #endif 205 return ret; 206 } 207 192 208 ret = (*id)->ops->resolve(context, id, residual); 193 if(ret) 209 if(ret) { 194 210 free(*id); 211 *id = NULL; 212 } 213 214 #ifdef KRB5_USE_PATH_TOKENS 215 if (exp_residual) 216 free(exp_residual); 217 #endif 218 195 219 return ret; 220 } 221 222 static int 223 is_possible_path_name(const char * name) 224 { 225 const char * colon; 226 227 if ((colon = strchr(name, ':')) == NULL) 228 return TRUE; 229 230 #ifdef _WIN32 231 /* <drive letter>:\path\to\cache ? */ 232 233 if (colon == name + 1 && 234 strchr(colon + 1, ':') == NULL) 235 return TRUE; 236 #endif 237 238 return FALSE; 196 239 } 197 240 … … 211 254 212 255 213 krb5_error_code KRB5_LIB_FUNCTION 256 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 214 257 krb5_cc_resolve(krb5_context context, 215 258 const char *name, … … 220 263 *id = NULL; 221 264 222 for(i = 0; i < context->num_cc_ops && context->cc_ops[i] .prefix; i++) {223 size_t prefix_len = strlen(context->cc_ops[i] .prefix);224 225 if(strncmp(context->cc_ops[i] .prefix, name, prefix_len) == 0265 for(i = 0; i < context->num_cc_ops && context->cc_ops[i]->prefix; i++) { 266 size_t prefix_len = strlen(context->cc_ops[i]->prefix); 267 268 if(strncmp(context->cc_ops[i]->prefix, name, prefix_len) == 0 226 269 && name[prefix_len] == ':') { 227 return allocate_ccache (context, &context->cc_ops[i],270 return allocate_ccache (context, context->cc_ops[i], 228 271 name + prefix_len + 1, 229 272 id); 230 273 } 231 274 } 232 if ( strchr (name, ':') == NULL)275 if (is_possible_path_name(name)) 233 276 return allocate_ccache (context, &krb5_fcc_ops, name, id); 234 277 else { … … 251 294 */ 252 295 253 krb5_error_code KRB5_LIB_FUNCTION 296 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 254 297 krb5_cc_new_unique(krb5_context context, const char *type, 255 298 const char *hint, krb5_ccache *id) … … 283 326 284 327 285 const char* KRB5_LIB_FUNCTION 328 KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL 286 329 krb5_cc_get_name(krb5_context context, 287 330 krb5_ccache id) … … 297 340 298 341 299 const char* KRB5_LIB_FUNCTION 342 KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL 300 343 krb5_cc_get_type(krb5_context context, 301 344 krb5_ccache id) … … 305 348 306 349 /** 307 * Return the complete resolvable name the ccache `id' in `strÂŽ. 308 * `str` should be freed with free(3). 309 * Returns 0 or an error (and then *str is set to NULL). 310 * 311 * @ingroup krb5_ccache 312 */ 313 314 315 krb5_error_code KRB5_LIB_FUNCTION 350 * Return the complete resolvable name the cache 351 352 * @param context a Keberos context 353 * @param id return pointer to a found credential cache 354 * @param str the returned name of a credential cache, free with krb5_xfree() 355 * 356 * @return Returns 0 or an error (and then *str is set to NULL). 357 * 358 * @ingroup krb5_ccache 359 */ 360 361 362 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 316 363 krb5_cc_get_full_name(krb5_context context, 317 364 krb5_ccache id, … … 351 398 352 399 353 const krb5_cc_ops * 400 KRB5_LIB_FUNCTION const krb5_cc_ops * KRB5_LIB_CALL 354 401 krb5_cc_get_ops(krb5_context context, krb5_ccache id) 355 402 { … … 364 411 _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res) 365 412 { 366 size_t tlen, len = 0; 367 char *tmp, *tmp2, *append; 368 369 *res = NULL; 370 371 while (str && *str) { 372 tmp = strstr(str, "%{"); 373 if (tmp && tmp != str) { 374 append = malloc((tmp - str) + 1); 375 if (append) { 376 memcpy(append, str, tmp - str); 377 append[tmp - str] = '\0'; 378 } 379 str = tmp; 380 } else if (tmp) { 381 tmp2 = strchr(tmp, '}'); 382 if (tmp2 == NULL) { 383 free(*res); 384 *res = NULL; 385 krb5_set_error_message(context, KRB5_CONFIG_BADFORMAT, 386 "variable missing }"); 387 return KRB5_CONFIG_BADFORMAT; 388 } 389 if (strncasecmp(tmp, "%{uid}", 6) == 0) 390 asprintf(&append, "%u", (unsigned)getuid()); 391 else if (strncasecmp(tmp, "%{null}", 7) == 0) 392 append = strdup(""); 393 else { 394 free(*res); 395 *res = NULL; 396 krb5_set_error_message(context, 397 KRB5_CONFIG_BADFORMAT, 398 "expand default cache unknown " 399 "variable \"%.*s\"", 400 (int)(tmp2 - tmp) - 2, tmp + 2); 401 return KRB5_CONFIG_BADFORMAT; 402 } 403 str = tmp2 + 1; 404 } else { 405 append = strdup(str); 406 str = NULL; 407 } 408 if (append == NULL) { 409 free(*res); 410 *res = NULL; 411 krb5_set_error_message(context, ENOMEM, 412 N_("malloc: out of memory", "")); 413 return ENOMEM; 414 } 415 416 tlen = strlen(append); 417 tmp = realloc(*res, len + tlen + 1); 418 if (tmp == NULL) { 419 free(append); 420 free(*res); 421 *res = NULL; 422 krb5_set_error_message(context, ENOMEM, 423 N_("malloc: out of memory", "")); 424 return ENOMEM; 425 } 426 *res = tmp; 427 memcpy(*res + len, append, tlen + 1); 428 len = len + tlen; 429 free(append); 430 } 431 return 0; 413 return _krb5_expand_path_tokens(context, str, res); 432 414 } 433 415 … … 445 427 if (context->default_cc_name_set) 446 428 return 0; 429 430 /* XXX performance: always ask KCM/API if default name has changed */ 431 if (context->default_cc_name && 432 (strncmp(context->default_cc_name, "KCM:", 4) == 0 || 433 strncmp(context->default_cc_name, "API:", 4) == 0)) 434 return 1; 447 435 448 436 if(issuid()) … … 474 462 */ 475 463 476 krb5_error_code 464 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 477 465 krb5_cc_switch(krb5_context context, krb5_ccache id) 478 466 { … … 485 473 486 474 /** 475 * Return true if the default credential cache support switch 476 * 477 * @ingroup krb5_ccache 478 */ 479 480 KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL 481 krb5_cc_support_switch(krb5_context context, const char *type) 482 { 483 const krb5_cc_ops *ops; 484 485 ops = krb5_cc_get_prefix_ops(context, type); 486 if (ops && ops->set_default) 487 return 1; 488 return FALSE; 489 } 490 491 /** 487 492 * Set the default cc name for `context' to `name'. 488 493 * … … 490 495 */ 491 496 492 krb5_error_code KRB5_LIB_FUNCTION 497 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 493 498 krb5_cc_set_default_name(krb5_context context, const char *name) 494 499 { 495 500 krb5_error_code ret = 0; 496 char *p ;501 char *p = NULL, *exp_p = NULL; 497 502 498 503 if (name == NULL) { … … 508 513 } 509 514 } 515 516 #ifdef _WIN32 517 if (e == NULL) { 518 e = p = _krb5_get_default_cc_name_from_registry(); 519 } 520 #endif 510 521 if (e == NULL) { 511 522 e = krb5_config_get_string(context, NULL, "libdefaults", … … 546 557 } 547 558 559 ret = _krb5_expand_path_tokens(context, p, &exp_p); 560 free(p); 561 if (ret) 562 return ret; 563 548 564 if (context->default_cc_name) 549 565 free(context->default_cc_name); 550 566 551 context->default_cc_name = p;552 553 return ret;567 context->default_cc_name = exp_p; 568 569 return 0; 554 570 } 555 571 … … 564 580 565 581 566 const char* KRB5_LIB_FUNCTION 582 KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL 567 583 krb5_cc_default_name(krb5_context context) 568 584 { … … 582 598 583 599 584 krb5_error_code KRB5_LIB_FUNCTION 600 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 585 601 krb5_cc_default(krb5_context context, 586 602 krb5_ccache *id) … … 604 620 605 621 606 krb5_error_code KRB5_LIB_FUNCTION 622 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 607 623 krb5_cc_initialize(krb5_context context, 608 624 krb5_ccache id, … … 622 638 623 639 624 krb5_error_code KRB5_LIB_FUNCTION 640 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 625 641 krb5_cc_destroy(krb5_context context, 626 642 krb5_ccache id) … … 642 658 643 659 644 krb5_error_code KRB5_LIB_FUNCTION 660 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 645 661 krb5_cc_close(krb5_context context, 646 662 krb5_ccache id) … … 661 677 662 678 663 krb5_error_code KRB5_LIB_FUNCTION 679 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 664 680 krb5_cc_store_cred(krb5_context context, 665 681 krb5_ccache id, … … 674 690 * krb5_free_cred_contents. 675 691 * 676 * @return Return an error code or 0, see krb5_get_error_message(). 677 * 678 * @ingroup krb5_ccache 679 */ 680 681 682 krb5_error_code KRB5_LIB_FUNCTION 692 * @param context A Kerberos 5 context 693 * @param id a Kerberos 5 credential cache 694 * @param whichfields what fields to use for matching credentials, same 695 * flags as whichfields in krb5_compare_creds() 696 * @param mcreds template credential to use for comparing 697 * @param creds returned credential, free with krb5_free_cred_contents() 698 * 699 * @return Return an error code or 0, see krb5_get_error_message(). 700 * 701 * @ingroup krb5_ccache 702 */ 703 704 705 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 683 706 krb5_cc_retrieve_cred(krb5_context context, 684 707 krb5_ccache id, … … 718 741 719 742 720 krb5_error_code KRB5_LIB_FUNCTION 743 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 721 744 krb5_cc_get_principal(krb5_context context, 722 745 krb5_ccache id, … … 736 759 737 760 738 krb5_error_code KRB5_LIB_FUNCTION 761 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 739 762 krb5_cc_start_seq_get (krb5_context context, 740 763 const krb5_ccache id, … … 754 777 755 778 756 krb5_error_code KRB5_LIB_FUNCTION 779 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 757 780 krb5_cc_next_cred (krb5_context context, 758 781 const krb5_ccache id, … … 770 793 771 794 772 krb5_error_code KRB5_LIB_FUNCTION 795 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 773 796 krb5_cc_end_seq_get (krb5_context context, 774 797 const krb5_ccache id, … … 785 808 786 809 787 krb5_error_code KRB5_LIB_FUNCTION 810 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 788 811 krb5_cc_remove_cred(krb5_context context, 789 812 krb5_ccache id, … … 808 831 809 832 810 krb5_error_code KRB5_LIB_FUNCTION 833 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 811 834 krb5_cc_set_flags(krb5_context context, 812 835 krb5_ccache id, … … 822 845 */ 823 846 824 krb5_error_code KRB5_LIB_FUNCTION 847 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 825 848 krb5_cc_get_flags(krb5_context context, 826 849 krb5_ccache id, … … 847 870 */ 848 871 849 krb5_error_code KRB5_LIB_FUNCTION 872 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 850 873 krb5_cc_copy_match_f(krb5_context context, 851 874 const krb5_ccache from, … … 900 923 */ 901 924 902 krb5_error_code KRB5_LIB_FUNCTION 925 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 903 926 krb5_cc_copy_cache(krb5_context context, 904 927 const krb5_ccache from, … … 915 938 916 939 917 krb5_error_code KRB5_LIB_FUNCTION 940 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 918 941 krb5_cc_get_version(krb5_context context, 919 942 const krb5_ccache id) … … 932 955 933 956 934 void KRB5_LIB_FUNCTION 957 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 935 958 krb5_cc_clear_mcred(krb5_creds *mcred) 936 959 { … … 951 974 952 975 953 const krb5_cc_ops * 976 KRB5_LIB_FUNCTION const krb5_cc_ops * KRB5_LIB_CALL 954 977 krb5_cc_get_prefix_ops(krb5_context context, const char *prefix) 955 978 { … … 971 994 *p1 = '\0'; 972 995 973 for(i = 0; i < context->num_cc_ops && context->cc_ops[i] .prefix; i++) {974 if(strcmp(context->cc_ops[i] .prefix, p) == 0) {996 for(i = 0; i < context->num_cc_ops && context->cc_ops[i]->prefix; i++) { 997 if(strcmp(context->cc_ops[i]->prefix, p) == 0) { 975 998 free(p); 976 return &context->cc_ops[i];999 return context->cc_ops[i]; 977 1000 } 978 1001 } … … 1000 1023 1001 1024 1002 krb5_error_code KRB5_LIB_FUNCTION 1025 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1003 1026 krb5_cc_cache_get_first (krb5_context context, 1004 1027 const char *type, … … 1047 1070 * and advance `cursor'. 1048 1071 * 1072 * @param context A Kerberos 5 context 1073 * @param cursor the iterator cursor, returned by krb5_cc_cache_get_first() 1074 * @param id next ccache 1075 * 1049 1076 * @return Return 0 or an error code. Returns KRB5_CC_END when the end 1050 1077 * of caches is reached, see krb5_get_error_message(). … … 1054 1081 1055 1082 1056 krb5_error_code KRB5_LIB_FUNCTION 1083 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1057 1084 krb5_cc_cache_next (krb5_context context, 1058 1085 krb5_cc_cache_cursor cursor, … … 1071 1098 1072 1099 1073 krb5_error_code KRB5_LIB_FUNCTION 1100 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1074 1101 krb5_cc_cache_end_seq_get (krb5_context context, 1075 1102 krb5_cc_cache_cursor cursor) … … 1097 1124 1098 1125 1099 krb5_error_code KRB5_LIB_FUNCTION 1126 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1100 1127 krb5_cc_cache_match (krb5_context context, 1101 1128 krb5_principal client, … … 1163 1190 */ 1164 1191 1165 krb5_error_code 1192 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1166 1193 krb5_cc_move(krb5_context context, krb5_ccache from, krb5_ccache to) 1167 1194 { … … 1231 1258 */ 1232 1259 1233 krb5_boolean KRB5_LIB_FUNCTION 1260 KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL 1234 1261 krb5_is_config_principal(krb5_context context, 1235 1262 krb5_const_principal principal) … … 1259 1286 */ 1260 1287 1261 krb5_error_code KRB5_LIB_FUNCTION 1288 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1262 1289 krb5_cc_set_config(krb5_context context, krb5_ccache id, 1263 1290 krb5_const_principal principal, … … 1307 1334 1308 1335 1309 krb5_error_code KRB5_LIB_FUNCTION 1336 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1310 1337 krb5_cc_get_config(krb5_context context, krb5_ccache id, 1311 1338 krb5_const_principal principal, … … 1338 1365 */ 1339 1366 1340 struct krb5_cccol_cursor {1367 struct krb5_cccol_cursor_data { 1341 1368 int idx; 1342 1369 krb5_cc_cache_cursor cursor; … … 1355 1382 */ 1356 1383 1357 krb5_error_code KRB5_LIB_FUNCTION 1384 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1358 1385 krb5_cccol_cursor_new(krb5_context context, krb5_cccol_cursor *cursor) 1359 1386 { … … 1387 1414 1388 1415 1389 krb5_error_code KRB5_LIB_FUNCTION 1416 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1390 1417 krb5_cccol_cursor_next(krb5_context context, krb5_cccol_cursor cursor, 1391 1418 krb5_ccache *cache) … … 1399 1426 if (cursor->cursor == NULL) { 1400 1427 ret = krb5_cc_cache_get_first (context, 1401 context->cc_ops[cursor->idx] .prefix,1428 context->cc_ops[cursor->idx]->prefix, 1402 1429 &cursor->cursor); 1403 1430 if (ret) { … … 1414 1441 if (ret != KRB5_CC_END) 1415 1442 break; 1416 1443 1417 1444 cursor->idx++; 1418 1445 } … … 1438 1465 */ 1439 1466 1440 krb5_error_code KRB5_LIB_FUNCTION 1467 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1441 1468 krb5_cccol_cursor_free(krb5_context context, krb5_cccol_cursor *cursor) 1442 1469 { … … 1465 1492 1466 1493 1467 krb5_error_code KRB5_LIB_FUNCTION 1494 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1468 1495 krb5_cc_last_change_time(krb5_context context, 1469 1496 krb5_ccache id, … … 1488 1515 */ 1489 1516 1490 krb5_error_code KRB5_LIB_FUNCTION 1517 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1491 1518 krb5_cccol_last_change_time(krb5_context context, 1492 1519 const char *type, … … 1529 1556 */ 1530 1557 1531 krb5_error_code KRB5_LIB_FUNCTION 1558 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1532 1559 krb5_cc_get_friendly_name(krb5_context context, 1533 1560 krb5_ccache id, … … 1566 1593 */ 1567 1594 1568 krb5_error_code KRB5_LIB_FUNCTION 1595 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1569 1596 krb5_cc_set_friendly_name(krb5_context context, 1570 1597 krb5_ccache id, … … 1594 1621 */ 1595 1622 1596 krb5_error_code KRB5_LIB_FUNCTION 1623 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1597 1624 krb5_cc_get_lifetime(krb5_context context, krb5_ccache id, time_t *t) 1598 1625 { … … 1614 1641 *t = cred.times.endtime - now; 1615 1642 krb5_free_cred_contents(context, &cred); 1616 goto out;1643 break; 1617 1644 } 1618 1645 krb5_free_cred_contents(context, &cred); 1619 1646 } 1620 1647 1621 out:1622 1648 krb5_cc_end_seq_get(context, id, &cursor); 1623 1649 1624 1650 return ret; 1625 1651 } 1652 1653 /** 1654 * Set the time offset betwen the client and the KDC 1655 * 1656 * If the backend doesn't support KDC offset, use the context global setting. 1657 * 1658 * @param context A Kerberos 5 context. 1659 * @param id a credential cache 1660 * @param offset the offset in seconds 1661 * 1662 * @return Return an error code or 0, see krb5_get_error_message(). 1663 * 1664 * @ingroup krb5_ccache 1665 */ 1666 1667 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1668 krb5_cc_set_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat offset) 1669 { 1670 if (id->ops->set_kdc_offset == NULL) { 1671 context->kdc_sec_offset = offset; 1672 context->kdc_usec_offset = 0; 1673 return 0; 1674 } 1675 return (*id->ops->set_kdc_offset)(context, id, offset); 1676 } 1677 1678 /** 1679 * Get the time offset betwen the client and the KDC 1680 * 1681 * If the backend doesn't support KDC offset, use the context global setting. 1682 * 1683 * @param context A Kerberos 5 context. 1684 * @param id a credential cache 1685 * @param offset the offset in seconds 1686 * 1687 * @return Return an error code or 0, see krb5_get_error_message(). 1688 * 1689 * @ingroup krb5_ccache 1690 */ 1691 1692 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1693 krb5_cc_get_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat *offset) 1694 { 1695 if (id->ops->get_kdc_offset == NULL) { 1696 *offset = context->kdc_sec_offset; 1697 return 0; 1698 } 1699 return (*id->ops->get_kdc_offset)(context, id, offset); 1700 } 1701 1702 1703 #ifdef _WIN32 1704 1705 char * 1706 _krb5_get_default_cc_name_from_registry() 1707 { 1708 HKEY hk_k5 = 0; 1709 LONG code; 1710 char * ccname = NULL; 1711 1712 code = RegOpenKeyEx(HKEY_CURRENT_USER, 1713 "Software\\MIT\\Kerberos5", 1714 0, KEY_READ, &hk_k5); 1715 1716 if (code != ERROR_SUCCESS) 1717 return NULL; 1718 1719 ccname = _krb5_parse_reg_value_as_string(NULL, hk_k5, "ccname", 1720 REG_NONE, 0); 1721 1722 RegCloseKey(hk_k5); 1723 1724 return ccname; 1725 } 1726 1727 #endif -
trunk/server/source4/heimdal/lib/krb5/changepw.c
r414 r745 34 34 #define KRB5_DEPRECATED 35 35 36 #include <krb5_locl.h>36 #include "krb5_locl.h" 37 37 38 38 #undef __attribute__ … … 73 73 krb5_principal targprinc, 74 74 int is_stream, 75 int sock,75 rk_socket_t sock, 76 76 const char *passwd, 77 77 const char *host) … … 142 142 iov[2].iov_len = krb_priv_data.length; 143 143 144 if ( sendmsg (sock, &msghdr, 0) < 0) {145 ret = errno;144 if (rk_IS_SOCKET_ERROR( sendmsg (sock, &msghdr, 0) )) { 145 ret = rk_SOCK_ERRNO; 146 146 krb5_set_error_message(context, ret, "sendmsg %s: %s", 147 147 host, strerror(ret)); … … 165 165 krb5_principal targprinc, 166 166 int is_stream, 167 int sock,167 rk_socket_t sock, 168 168 const char *passwd, 169 169 const char *host) … … 252 252 iov[2].iov_len = krb_priv_data.length; 253 253 254 if ( sendmsg (sock, &msghdr, 0) < 0) {255 ret = errno;254 if (rk_IS_SOCKET_ERROR( sendmsg (sock, &msghdr, 0) )) { 255 ret = rk_SOCK_ERRNO; 256 256 krb5_set_error_message(context, ret, "sendmsg %s: %s", 257 257 host, strerror(ret)); … … 269 269 krb5_auth_context auth_context, 270 270 int is_stream, 271 int sock,271 rk_socket_t sock, 272 272 int *result_code, 273 273 krb5_data *result_code_string, … … 289 289 ret = recvfrom (sock, reply + len, sizeof(reply) - len, 290 290 0, NULL, NULL); 291 if (r et < 0) {292 save_errno = errno;291 if (rk_IS_SOCKET_ERROR(ret)) { 292 save_errno = rk_SOCK_ERRNO; 293 293 krb5_set_error_message(context, save_errno, 294 294 "recvfrom %s: %s", … … 317 317 } else { 318 318 ret = recvfrom (sock, reply, sizeof(reply), 0, NULL, NULL); 319 if (r et < 0) {320 save_errno = errno;319 if (rk_IS_SOCKET_ERROR(ret)) { 320 save_errno = rk_SOCK_ERRNO; 321 321 krb5_set_error_message(context, save_errno, 322 322 "recvfrom %s: %s", … … 465 465 krb5_principal, 466 466 int, 467 int,467 rk_socket_t, 468 468 const char *, 469 469 const char *); … … 471 471 krb5_auth_context, 472 472 int, 473 int,473 rk_socket_t, 474 474 int *, 475 475 krb5_data *, … … 518 518 krb5_krbhst_handle handle = NULL; 519 519 krb5_krbhst_info *hi; 520 int sock;520 rk_socket_t sock; 521 521 unsigned int i; 522 522 int done = 0; … … 566 566 567 567 sock = socket (a->ai_family, a->ai_socktype | SOCK_CLOEXEC, a->ai_protocol); 568 if ( sock < 0)568 if (rk_IS_BAD_SOCKET(sock)) 569 569 continue; 570 570 rk_cloexec(sock); 571 571 572 572 ret = connect(sock, a->ai_addr, a->ai_addrlen); 573 if (r et < 0) {574 close(sock);573 if (rk_IS_SOCKET_ERROR(ret)) { 574 rk_closesocket (sock); 575 575 goto out; 576 576 } … … 579 579 KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR); 580 580 if (ret) { 581 close(sock);581 rk_closesocket (sock); 582 582 goto out; 583 583 } … … 599 599 hi->hostname); 600 600 if (ret) { 601 close(sock);601 rk_closesocket(sock); 602 602 goto out; 603 603 } 604 604 } 605 605 606 #ifndef NO_LIMIT_FD_SETSIZE 606 607 if (sock >= FD_SETSIZE) { 607 608 ret = ERANGE; 608 609 krb5_set_error_message(context, ret, 609 610 "fd %d too large", sock); 610 close(sock);611 rk_closesocket (sock); 611 612 goto out; 612 613 } 614 #endif 613 615 614 616 FD_ZERO(&fdset); … … 618 620 619 621 ret = select (sock + 1, &fdset, NULL, NULL, &tv); 620 if (r et < 0 && errno!= EINTR) {621 close(sock);622 if (rk_IS_SOCKET_ERROR(ret) && rk_SOCK_ERRNO != EINTR) { 623 rk_closesocket(sock); 622 624 goto out; 623 625 } … … 639 641 } 640 642 } 641 close(sock);643 rk_closesocket (sock); 642 644 } 643 645 } … … 671 673 672 674 /** 673 * krb5_change_password() is deprecated, use krb5_set_password().675 * Deprecated: krb5_change_password() is deprecated, use krb5_set_password(). 674 676 * 675 677 * @param context a Keberos context … … 685 687 */ 686 688 687 krb5_error_code KRB5_LIB_FUNCTION 689 KRB5_DEPRECATED 690 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 688 691 krb5_change_password (krb5_context context, 689 692 krb5_creds *creds, … … 692 695 krb5_data *result_code_string, 693 696 krb5_data *result_string) 694 KRB5_DEPRECATED695 697 { 696 698 struct kpwd_proc *p = find_chpw_proto("change password"); … … 727 729 */ 728 730 729 krb5_error_code KRB5_LIB_FUNCTION 731 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 730 732 krb5_set_password(krb5_context context, 731 733 krb5_creds *creds, … … 770 772 */ 771 773 772 krb5_error_code KRB5_LIB_FUNCTION 774 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 773 775 krb5_set_password_using_ccache(krb5_context context, 774 776 krb5_ccache ccache, … … 835 837 */ 836 838 837 const char* KRB5_LIB_FUNCTION 839 KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL 838 840 krb5_passwd_result_to_string (krb5_context context, 839 841 int result) -
trunk/server/source4/heimdal/lib/krb5/codec.c
r414 r745 38 38 #ifndef HEIMDAL_SMALLER 39 39 40 krb5_error_code KRB5_LIB_FUNCTION 40 KRB5_DEPRECATED 41 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 41 42 krb5_decode_EncTicketPart (krb5_context context, 42 43 const void *data, … … 44 45 EncTicketPart *t, 45 46 size_t *len) 46 KRB5_DEPRECATED47 47 { 48 48 return decode_EncTicketPart(data, length, t, len); 49 49 } 50 50 51 krb5_error_code KRB5_LIB_FUNCTION 51 KRB5_DEPRECATED 52 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 52 53 krb5_encode_EncTicketPart (krb5_context context, 53 54 void *data, … … 55 56 EncTicketPart *t, 56 57 size_t *len) 57 KRB5_DEPRECATED58 58 { 59 59 return encode_EncTicketPart(data, length, t, len); 60 60 } 61 61 62 krb5_error_code KRB5_LIB_FUNCTION 62 KRB5_DEPRECATED 63 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 63 64 krb5_decode_EncASRepPart (krb5_context context, 64 65 const void *data, … … 66 67 EncASRepPart *t, 67 68 size_t *len) 68 KRB5_DEPRECATED69 69 { 70 70 return decode_EncASRepPart(data, length, t, len); 71 71 } 72 72 73 krb5_error_code KRB5_LIB_FUNCTION 73 KRB5_DEPRECATED 74 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 74 75 krb5_encode_EncASRepPart (krb5_context context, 75 76 void *data, … … 77 78 EncASRepPart *t, 78 79 size_t *len) 79 KRB5_DEPRECATED80 80 { 81 81 return encode_EncASRepPart(data, length, t, len); 82 82 } 83 83 84 krb5_error_code KRB5_LIB_FUNCTION 84 KRB5_DEPRECATED 85 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 85 86 krb5_decode_EncTGSRepPart (krb5_context context, 86 87 const void *data, … … 88 89 EncTGSRepPart *t, 89 90 size_t *len) 90 KRB5_DEPRECATED91 91 { 92 92 return decode_EncTGSRepPart(data, length, t, len); 93 93 } 94 94 95 krb5_error_code KRB5_LIB_FUNCTION 95 KRB5_DEPRECATED 96 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 96 97 krb5_encode_EncTGSRepPart (krb5_context context, 97 98 void *data, … … 99 100 EncTGSRepPart *t, 100 101 size_t *len) 101 KRB5_DEPRECATED102 102 { 103 103 return encode_EncTGSRepPart(data, length, t, len); 104 104 } 105 105 106 krb5_error_code KRB5_LIB_FUNCTION 106 KRB5_DEPRECATED 107 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 107 108 krb5_decode_EncAPRepPart (krb5_context context, 108 109 const void *data, … … 110 111 EncAPRepPart *t, 111 112 size_t *len) 112 KRB5_DEPRECATED113 113 { 114 114 return decode_EncAPRepPart(data, length, t, len); 115 115 } 116 116 117 krb5_error_code KRB5_LIB_FUNCTION 117 KRB5_DEPRECATED 118 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 118 119 krb5_encode_EncAPRepPart (krb5_context context, 119 120 void *data, … … 121 122 EncAPRepPart *t, 122 123 size_t *len) 123 KRB5_DEPRECATED124 124 { 125 125 return encode_EncAPRepPart(data, length, t, len); 126 126 } 127 127 128 krb5_error_code KRB5_LIB_FUNCTION 128 KRB5_DEPRECATED 129 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 129 130 krb5_decode_Authenticator (krb5_context context, 130 131 const void *data, … … 132 133 Authenticator *t, 133 134 size_t *len) 134 KRB5_DEPRECATED135 135 { 136 136 return decode_Authenticator(data, length, t, len); 137 137 } 138 138 139 krb5_error_code KRB5_LIB_FUNCTION 139 KRB5_DEPRECATED 140 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 140 141 krb5_encode_Authenticator (krb5_context context, 141 142 void *data, … … 143 144 Authenticator *t, 144 145 size_t *len) 145 KRB5_DEPRECATED146 146 { 147 147 return encode_Authenticator(data, length, t, len); 148 148 } 149 149 150 krb5_error_code KRB5_LIB_FUNCTION 150 KRB5_DEPRECATED 151 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 151 152 krb5_decode_EncKrbCredPart (krb5_context context, 152 153 const void *data, … … 154 155 EncKrbCredPart *t, 155 156 size_t *len) 156 KRB5_DEPRECATED157 157 { 158 158 return decode_EncKrbCredPart(data, length, t, len); 159 159 } 160 160 161 krb5_error_code KRB5_LIB_FUNCTION 161 KRB5_DEPRECATED 162 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 162 163 krb5_encode_EncKrbCredPart (krb5_context context, 163 164 void *data, … … 165 166 EncKrbCredPart *t, 166 167 size_t *len) 167 KRB5_DEPRECATED168 168 { 169 169 return encode_EncKrbCredPart (data, length, t, len); 170 170 } 171 171 172 krb5_error_code KRB5_LIB_FUNCTION 172 KRB5_DEPRECATED 173 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 173 174 krb5_decode_ETYPE_INFO (krb5_context context, 174 175 const void *data, … … 176 177 ETYPE_INFO *t, 177 178 size_t *len) 178 KRB5_DEPRECATED179 179 { 180 180 return decode_ETYPE_INFO(data, length, t, len); 181 181 } 182 182 183 krb5_error_code KRB5_LIB_FUNCTION 183 KRB5_DEPRECATED 184 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 184 185 krb5_encode_ETYPE_INFO (krb5_context context, 185 186 void *data, … … 187 188 ETYPE_INFO *t, 188 189 size_t *len) 189 KRB5_DEPRECATED190 190 { 191 191 return encode_ETYPE_INFO (data, length, t, len); 192 192 } 193 193 194 krb5_error_code KRB5_LIB_FUNCTION 194 KRB5_DEPRECATED 195 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 195 196 krb5_decode_ETYPE_INFO2 (krb5_context context, 196 197 const void *data, … … 198 199 ETYPE_INFO2 *t, 199 200 size_t *len) 200 KRB5_DEPRECATED201 201 { 202 202 return decode_ETYPE_INFO2(data, length, t, len); 203 203 } 204 204 205 krb5_error_code KRB5_LIB_FUNCTION 205 KRB5_DEPRECATED 206 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 206 207 krb5_encode_ETYPE_INFO2 (krb5_context context, 207 208 void *data, … … 209 210 ETYPE_INFO2 *t, 210 211 size_t *len) 211 KRB5_DEPRECATED212 212 { 213 213 return encode_ETYPE_INFO2 (data, length, t, len); -
trunk/server/source4/heimdal/lib/krb5/config_file.c
r414 r745 3 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 4 * All rights reserved. 5 * 6 * Portions Copyright (c) 2009 Apple Inc. All rights reserved. 5 7 * 6 8 * Redistribution and use in source and binary forms, with or without … … 32 34 */ 33 35 36 #define KRB5_DEPRECATED 37 34 38 #include "krb5_locl.h" 39 40 #ifdef __APPLE__ 41 #include <CoreFoundation/CoreFoundation.h> 42 #endif 35 43 36 44 /* Gaah! I want a portable funopen */ … … 68 76 static krb5_error_code parse_section(char *p, krb5_config_section **s, 69 77 krb5_config_section **res, 70 const char **err or_message);78 const char **err_message); 71 79 static krb5_error_code parse_binding(struct fileptr *f, unsigned *lineno, char *p, 72 80 krb5_config_binding **b, 73 81 krb5_config_binding **parent, 74 const char **err or_message);82 const char **err_message); 75 83 static krb5_error_code parse_list(struct fileptr *f, unsigned *lineno, 76 84 krb5_config_binding **parent, 77 const char **err or_message);78 79 statickrb5_config_section *80 get_entry(krb5_config_section **parent, const char *name, int type)85 const char **err_message); 86 87 krb5_config_section * 88 _krb5_config_get_entry(krb5_config_section **parent, const char *name, int type) 81 89 { 82 90 krb5_config_section **q; … … 112 120 * starting at the line in `p', storing the resulting structure in 113 121 * `s' and hooking it into `parent'. 114 * Store the error message in `err or_message'.122 * Store the error message in `err_message'. 115 123 */ 116 124 117 125 static krb5_error_code 118 126 parse_section(char *p, krb5_config_section **s, krb5_config_section **parent, 119 const char **err or_message)127 const char **err_message) 120 128 { 121 129 char *p1; … … 124 132 p1 = strchr (p + 1, ']'); 125 133 if (p1 == NULL) { 126 *err or_message = "missing ]";134 *err_message = "missing ]"; 127 135 return KRB5_CONFIG_BADFORMAT; 128 136 } 129 137 *p1 = '\0'; 130 tmp = get_entry(parent, p + 1, krb5_config_list);138 tmp = _krb5_config_get_entry(parent, p + 1, krb5_config_list); 131 139 if(tmp == NULL) { 132 *err or_message = "out of memory";140 *err_message = "out of memory"; 133 141 return KRB5_CONFIG_BADFORMAT; 134 142 } … … 140 148 * Parse a brace-enclosed list from `f', hooking in the structure at 141 149 * `parent'. 142 * Store the error message in `err or_message'.150 * Store the error message in `err_message'. 143 151 */ 144 152 145 153 static krb5_error_code 146 154 parse_list(struct fileptr *f, unsigned *lineno, krb5_config_binding **parent, 147 const char **err or_message)148 { 149 char buf[ BUFSIZ];155 const char **err_message) 156 { 157 char buf[KRB5_BUFSIZ]; 150 158 krb5_error_code ret; 151 159 krb5_config_binding *b = NULL; … … 168 176 if (*p == '\0') 169 177 continue; 170 ret = parse_binding (f, lineno, p, &b, parent, err or_message);178 ret = parse_binding (f, lineno, p, &b, parent, err_message); 171 179 if (ret) 172 180 return ret; 173 181 } 174 182 *lineno = beg_lineno; 175 *err or_message = "unclosed {";183 *err_message = "unclosed {"; 176 184 return KRB5_CONFIG_BADFORMAT; 177 185 } … … 184 192 parse_binding(struct fileptr *f, unsigned *lineno, char *p, 185 193 krb5_config_binding **b, krb5_config_binding **parent, 186 const char **err or_message)194 const char **err_message) 187 195 { 188 196 krb5_config_binding *tmp; … … 194 202 ++p; 195 203 if (*p == '\0') { 196 *err or_message = "missing =";204 *err_message = "missing ="; 197 205 return KRB5_CONFIG_BADFORMAT; 198 206 } … … 201 209 ++p; 202 210 if (*p != '=') { 203 *err or_message = "missing =";211 *err_message = "missing ="; 204 212 return KRB5_CONFIG_BADFORMAT; 205 213 } … … 209 217 *p2 = '\0'; 210 218 if (*p == '{') { 211 tmp = get_entry(parent, p1, krb5_config_list);219 tmp = _krb5_config_get_entry(parent, p1, krb5_config_list); 212 220 if (tmp == NULL) { 213 *err or_message = "out of memory";221 *err_message = "out of memory"; 214 222 return KRB5_CONFIG_BADFORMAT; 215 223 } 216 ret = parse_list (f, lineno, &tmp->u.list, err or_message);224 ret = parse_list (f, lineno, &tmp->u.list, err_message); 217 225 } else { 218 tmp = get_entry(parent, p1, krb5_config_string);226 tmp = _krb5_config_get_entry(parent, p1, krb5_config_string); 219 227 if (tmp == NULL) { 220 *err or_message = "out of memory";228 *err_message = "out of memory"; 221 229 return KRB5_CONFIG_BADFORMAT; 222 230 } … … 232 240 } 233 241 242 #if defined(__APPLE__) 243 244 #if MAC_OS_X_VERSION_MIN_REQUIRED >= 1060 245 #define HAVE_CFPROPERTYLISTCREATEWITHSTREAM 1 246 #endif 247 248 static char * 249 cfstring2cstring(CFStringRef string) 250 { 251 CFIndex len; 252 char *str; 253 254 str = (char *) CFStringGetCStringPtr(string, kCFStringEncodingUTF8); 255 if (str) 256 return strdup(str); 257 258 len = CFStringGetLength(string); 259 len = 1 + CFStringGetMaximumSizeForEncoding(len, kCFStringEncodingUTF8); 260 str = malloc(len); 261 if (str == NULL) 262 return NULL; 263 264 if (!CFStringGetCString (string, str, len, kCFStringEncodingUTF8)) { 265 free (str); 266 return NULL; 267 } 268 return str; 269 } 270 271 static void 272 convert_content(const void *key, const void *value, void *context) 273 { 274 krb5_config_section *tmp, **parent = context; 275 char *k; 276 277 if (CFGetTypeID(key) != CFStringGetTypeID()) 278 return; 279 280 k = cfstring2cstring(key); 281 if (k == NULL) 282 return; 283 284 if (CFGetTypeID(value) == CFStringGetTypeID()) { 285 tmp = _krb5_config_get_entry(parent, k, krb5_config_string); 286 tmp->u.string = cfstring2cstring(value); 287 } else if (CFGetTypeID(value) == CFDictionaryGetTypeID()) { 288 tmp = _krb5_config_get_entry(parent, k, krb5_config_list); 289 CFDictionaryApplyFunction(value, convert_content, &tmp->u.list); 290 } else { 291 /* log */ 292 } 293 free(k); 294 } 295 296 static krb5_error_code 297 parse_plist_config(krb5_context context, const char *path, krb5_config_section **parent) 298 { 299 CFReadStreamRef s; 300 CFDictionaryRef d; 301 CFURLRef url; 302 303 url = CFURLCreateFromFileSystemRepresentation(kCFAllocatorDefault, (UInt8 *)path, strlen(path), FALSE); 304 if (url == NULL) { 305 krb5_clear_error_message(context); 306 return ENOMEM; 307 } 308 309 s = CFReadStreamCreateWithFile(kCFAllocatorDefault, url); 310 CFRelease(url); 311 if (s == NULL) { 312 krb5_clear_error_message(context); 313 return ENOMEM; 314 } 315 316 if (!CFReadStreamOpen(s)) { 317 CFRelease(s); 318 krb5_clear_error_message(context); 319 return ENOENT; 320 } 321 322 #ifdef HAVE_CFPROPERTYLISTCREATEWITHSTREAM 323 d = (CFDictionaryRef)CFPropertyListCreateWithStream(NULL, s, 0, kCFPropertyListImmutable, NULL, NULL); 324 #else 325 d = (CFDictionaryRef)CFPropertyListCreateFromStream(NULL, s, 0, kCFPropertyListImmutable, NULL, NULL); 326 #endif 327 CFRelease(s); 328 if (d == NULL) { 329 krb5_clear_error_message(context); 330 return ENOENT; 331 } 332 333 CFDictionaryApplyFunction(d, convert_content, parent); 334 CFRelease(d); 335 336 return 0; 337 } 338 339 #endif 340 341 234 342 /* 235 343 * Parse the config file `fname', generating the structures into `res' 236 * returning error messages in `err or_message'344 * returning error messages in `err_message' 237 345 */ 238 346 … … 241 349 krb5_config_section **res, 242 350 unsigned *lineno, 243 const char **err or_message)351 const char **err_message) 244 352 { 245 353 krb5_config_section *s = NULL; 246 354 krb5_config_binding *b = NULL; 247 char buf[ BUFSIZ];355 char buf[KRB5_BUFSIZ]; 248 356 krb5_error_code ret; 249 357 … … 259 367 continue; 260 368 if (*p == '[') { 261 ret = parse_section(p, &s, res, err or_message);369 ret = parse_section(p, &s, res, err_message); 262 370 if (ret) 263 371 return ret; 264 372 b = NULL; 265 373 } else if (*p == '}') { 266 *err or_message = "unmatched }";374 *err_message = "unmatched }"; 267 375 return EINVAL; /* XXX */ 268 376 } else if(*p != '\0') { 269 377 if (s == NULL) { 270 *err or_message = "binding before section";378 *err_message = "binding before section"; 271 379 return EINVAL; 272 380 } 273 ret = parse_binding(f, lineno, p, &b, &s->u.list, err or_message);381 ret = parse_binding(f, lineno, p, &b, &s->u.list, err_message); 274 382 if (ret) 275 383 return ret; … … 279 387 } 280 388 281 krb5_error_code KRB5_LIB_FUNCTION 282 krb5_config_parse_string_multi(krb5_context context, 283 const char *string, 284 krb5_config_section **res) 285 { 286 const char *str; 287 unsigned lineno = 0; 288 krb5_error_code ret; 289 struct fileptr f; 290 f.f = NULL; 291 f.s = string; 292 293 ret = krb5_config_parse_debug (&f, res, &lineno, &str); 294 if (ret) { 295 krb5_set_error_message (context, ret, "%s:%u: %s", 296 "<constant>", lineno, str); 297 return ret; 298 } 299 return 0; 389 static int 390 is_plist_file(const char *fname) 391 { 392 size_t len = strlen(fname); 393 char suffix[] = ".plist"; 394 if (len < sizeof(suffix)) 395 return 0; 396 if (strcasecmp(&fname[len - (sizeof(suffix) - 1)], suffix) != 0) 397 return 0; 398 return 1; 300 399 } 301 400 … … 313 412 */ 314 413 315 krb5_error_code KRB5_LIB_FUNCTION 414 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 316 415 krb5_config_parse_file_multi (krb5_context context, 317 416 const char *fname, … … 329 428 * enabled by calling krb5_set_home_dir_access(). 330 429 */ 331 if (_krb5_homedir_access(context) && fname[0] == '~' && fname[1] == '/') { 430 if (fname[0] == '~' && fname[1] == '/') { 431 #ifndef KRB5_USE_PATH_TOKENS 332 432 const char *home = NULL; 433 434 if (!_krb5_homedir_access(context)) { 435 krb5_set_error_message(context, EPERM, 436 "Access to home directory not allowed"); 437 return EPERM; 438 } 333 439 334 440 if(!issuid()) … … 349 455 fname = newfname; 350 456 } 351 } 352 353 f.f = fopen(fname, "r"); 354 f.s = NULL; 355 if(f.f == NULL) { 356 ret = errno; 357 krb5_set_error_message (context, ret, "open %s: %s", 358 fname, strerror(ret)); 457 #else /* KRB5_USE_PATH_TOKENS */ 458 if (asprintf(&newfname, "%%{USERCONFIG}%s", &fname[1]) < 0 || 459 newfname == NULL) 460 { 461 krb5_set_error_message(context, ENOMEM, 462 N_("malloc: out of memory", "")); 463 return ENOMEM; 464 } 465 fname = newfname; 466 #endif 467 } 468 469 if (is_plist_file(fname)) { 470 #ifdef __APPLE__ 471 ret = parse_plist_config(context, fname, res); 472 if (ret) { 473 krb5_set_error_message(context, ret, 474 "Failed to parse plist %s", fname); 475 if (newfname) 476 free(newfname); 477 return ret; 478 } 479 #else 480 krb5_set_error_message(context, ENOENT, 481 "no support for plist configuration files"); 482 return ENOENT; 483 #endif 484 } else { 485 #ifdef KRB5_USE_PATH_TOKENS 486 char * exp_fname = NULL; 487 488 ret = _krb5_expand_path_tokens(context, fname, &exp_fname); 489 if (ret) { 490 if (newfname) 491 free(newfname); 492 return ret; 493 } 494 359 495 if (newfname) 360 496 free(newfname); 361 return ret; 362 } 363 364 ret = krb5_config_parse_debug (&f, res, &lineno, &str); 365 fclose(f.f); 366 if (ret) { 367 krb5_set_error_message (context, ret, "%s:%u: %s", fname, lineno, str); 368 if (newfname) 369 free(newfname); 370 return ret; 371 } 372 if (newfname) 373 free(newfname); 497 fname = newfname = exp_fname; 498 #endif 499 500 f.f = fopen(fname, "r"); 501 f.s = NULL; 502 if(f.f == NULL) { 503 ret = errno; 504 krb5_set_error_message (context, ret, "open %s: %s", 505 fname, strerror(ret)); 506 if (newfname) 507 free(newfname); 508 return ret; 509 } 510 511 ret = krb5_config_parse_debug (&f, res, &lineno, &str); 512 fclose(f.f); 513 if (ret) { 514 krb5_set_error_message (context, ret, "%s:%u: %s", 515 fname, lineno, str); 516 if (newfname) 517 free(newfname); 518 return ret; 519 } 520 } 374 521 return 0; 375 522 } 376 523 377 krb5_error_code KRB5_LIB_FUNCTION 524 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 378 525 krb5_config_parse_file (krb5_context context, 379 526 const char *fname, … … 404 551 } 405 552 406 krb5_error_code KRB5_LIB_FUNCTION 553 /** 554 * Free configuration file section, the result of 555 * krb5_config_parse_file() and krb5_config_parse_file_multi(). 556 * 557 * @param context A Kerberos 5 context 558 * @param s the configuration section to free 559 * 560 * @return returns 0 on successes, otherwise an error code, see 561 * krb5_get_error_message() 562 * 563 * @ingroup krb5_support 564 */ 565 566 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 407 567 krb5_config_file_free (krb5_context context, krb5_config_section *s) 408 568 { … … 411 571 } 412 572 413 krb5_error_code 573 #ifndef HEIMDAL_SMALLER 574 575 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 414 576 _krb5_config_copy(krb5_context context, 415 577 krb5_config_section *c, … … 445 607 } 446 608 447 448 449 const void * 450 krb5_config_get_next (krb5_context context,451 const krb5_config_section *c,452 const krb5_config_binding **pointer,453 int type,454 ...)609 #endif /* HEIMDAL_SMALLER */ 610 611 KRB5_LIB_FUNCTION const void * KRB5_LIB_CALL 612 _krb5_config_get_next (krb5_context context, 613 const krb5_config_section *c, 614 const krb5_config_binding **pointer, 615 int type, 616 ...) 455 617 { 456 618 const char *ret; … … 458 620 459 621 va_start(args, type); 460 ret = krb5_config_vget_next (context, c, pointer, type, args);622 ret = _krb5_config_vget_next (context, c, pointer, type, args); 461 623 va_end(args); 462 624 return ret; … … 486 648 } 487 649 488 const void * 489 krb5_config_vget_next (krb5_context context,490 491 492 493 650 KRB5_LIB_FUNCTION const void * KRB5_LIB_CALL 651 _krb5_config_vget_next (krb5_context context, 652 const krb5_config_section *c, 653 const krb5_config_binding **pointer, 654 int type, 655 va_list args) 494 656 { 495 657 const krb5_config_binding *b; … … 522 684 } 523 685 524 const void * 525 krb5_config_get (krb5_context context,526 const krb5_config_section *c,527 int type,528 ...)686 KRB5_LIB_FUNCTION const void * KRB5_LIB_CALL 687 _krb5_config_get (krb5_context context, 688 const krb5_config_section *c, 689 int type, 690 ...) 529 691 { 530 692 const void *ret; … … 532 694 533 695 va_start(args, type); 534 ret = krb5_config_vget (context, c, type, args);696 ret = _krb5_config_vget (context, c, type, args); 535 697 va_end(args); 536 698 return ret; 537 699 } 538 700 701 539 702 const void * 540 krb5_config_vget (krb5_context context,541 const krb5_config_section *c,542 int type,543 va_list args)703 _krb5_config_vget (krb5_context context, 704 const krb5_config_section *c, 705 int type, 706 va_list args) 544 707 { 545 708 const krb5_config_binding *foo = NULL; 546 709 547 return krb5_config_vget_next (context, c, &foo, type, args); 548 } 549 550 const krb5_config_binding * 710 return _krb5_config_vget_next (context, c, &foo, type, args); 711 } 712 713 /** 714 * Get a list of configuration binding list for more processing 715 * 716 * @param context A Kerberos 5 context. 717 * @param c a configuration section, or NULL to use the section from context 718 * @param ... a list of names, terminated with NULL. 719 * 720 * @return NULL if configuration list is not found, a list otherwise 721 * 722 * @ingroup krb5_support 723 */ 724 725 KRB5_LIB_FUNCTION const krb5_config_binding * KRB5_LIB_CALL 551 726 krb5_config_get_list (krb5_context context, 552 727 const krb5_config_section *c, … … 562 737 } 563 738 564 const krb5_config_binding * 739 /** 740 * Get a list of configuration binding list for more processing 741 * 742 * @param context A Kerberos 5 context. 743 * @param c a configuration section, or NULL to use the section from context 744 * @param args a va_list of arguments 745 * 746 * @return NULL if configuration list is not found, a list otherwise 747 * 748 * @ingroup krb5_support 749 */ 750 751 KRB5_LIB_FUNCTION const krb5_config_binding * KRB5_LIB_CALL 565 752 krb5_config_vget_list (krb5_context context, 566 753 const krb5_config_section *c, 567 754 va_list args) 568 755 { 569 return krb5_config_vget (context, c, krb5_config_list, args); 570 } 571 572 const char* KRB5_LIB_FUNCTION 756 return _krb5_config_vget (context, c, krb5_config_list, args); 757 } 758 759 /** 760 * Returns a "const char *" to a string in the configuration database. 761 * The string may not be valid after a reload of the configuration 762 * database so a caller should make a local copy if it needs to keep 763 * the string. 764 * 765 * @param context A Kerberos 5 context. 766 * @param c a configuration section, or NULL to use the section from context 767 * @param ... a list of names, terminated with NULL. 768 * 769 * @return NULL if configuration string not found, a string otherwise 770 * 771 * @ingroup krb5_support 772 */ 773 774 KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL 573 775 krb5_config_get_string (krb5_context context, 574 776 const krb5_config_section *c, … … 584 786 } 585 787 586 const char* KRB5_LIB_FUNCTION 788 /** 789 * Like krb5_config_get_string(), but uses a va_list instead of ... 790 * 791 * @param context A Kerberos 5 context. 792 * @param c a configuration section, or NULL to use the section from context 793 * @param args a va_list of arguments 794 * 795 * @return NULL if configuration string not found, a string otherwise 796 * 797 * @ingroup krb5_support 798 */ 799 800 KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL 587 801 krb5_config_vget_string (krb5_context context, 588 802 const krb5_config_section *c, 589 803 va_list args) 590 804 { 591 return krb5_config_vget (context, c, krb5_config_string, args); 592 } 593 594 const char* KRB5_LIB_FUNCTION 805 return _krb5_config_vget (context, c, krb5_config_string, args); 806 } 807 808 /** 809 * Like krb5_config_vget_string(), but instead of returning NULL, 810 * instead return a default value. 811 * 812 * @param context A Kerberos 5 context. 813 * @param c a configuration section, or NULL to use the section from context 814 * @param def_value the default value to return if no configuration 815 * found in the database. 816 * @param args a va_list of arguments 817 * 818 * @return a configuration string 819 * 820 * @ingroup krb5_support 821 */ 822 823 KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL 595 824 krb5_config_vget_string_default (krb5_context context, 596 825 const krb5_config_section *c, … … 606 835 } 607 836 608 const char* KRB5_LIB_FUNCTION 837 /** 838 * Like krb5_config_get_string(), but instead of returning NULL, 839 * instead return a default value. 840 * 841 * @param context A Kerberos 5 context. 842 * @param c a configuration section, or NULL to use the section from context 843 * @param def_value the default value to return if no configuration 844 * found in the database. 845 * @param ... a list of names, terminated with NULL. 846 * 847 * @return a configuration string 848 * 849 * @ingroup krb5_support 850 */ 851 852 KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL 609 853 krb5_config_get_string_default (krb5_context context, 610 854 const krb5_config_section *c, … … 621 865 } 622 866 623 char ** KRB5_LIB_FUNCTION 867 static char * 868 next_component_string(char * begin, char * delims, char **state) 869 { 870 char * end; 871 872 if (begin == NULL) 873 begin = *state; 874 875 if (*begin == '\0') 876 return NULL; 877 878 end = begin; 879 while (*end == '"') { 880 char * t = strchr(end + 1, '"'); 881 882 if (t) 883 end = ++t; 884 else 885 end += strlen(end); 886 } 887 888 if (*end != '\0') { 889 size_t pos; 890 891 pos = strcspn(end, delims); 892 end = end + pos; 893 } 894 895 if (*end != '\0') { 896 *end = '\0'; 897 *state = end + 1; 898 if (*begin == '"' && *(end - 1) == '"' && begin + 1 < end) { 899 begin++; *(end - 1) = '\0'; 900 } 901 return begin; 902 } 903 904 *state = end; 905 if (*begin == '"' && *(end - 1) == '"' && begin + 1 < end) { 906 begin++; *(end - 1) = '\0'; 907 } 908 return begin; 909 } 910 911 /** 912 * Get a list of configuration strings, free the result with 913 * krb5_config_free_strings(). 914 * 915 * @param context A Kerberos 5 context. 916 * @param c a configuration section, or NULL to use the section from context 917 * @param args a va_list of arguments 918 * 919 * @return TRUE or FALSE 920 * 921 * @ingroup krb5_support 922 */ 923 924 KRB5_LIB_FUNCTION char ** KRB5_LIB_CALL 624 925 krb5_config_vget_strings(krb5_context context, 625 926 const krb5_config_section *c, … … 631 932 const char *p; 632 933 633 while((p = krb5_config_vget_next(context, c, &b,634 krb5_config_string, args))) {934 while((p = _krb5_config_vget_next(context, c, &b, 935 krb5_config_string, args))) { 635 936 char *tmp = strdup(p); 636 937 char *pos = NULL; … … 638 939 if(tmp == NULL) 639 940 goto cleanup; 640 s = strtok_r(tmp, " \t", &pos);941 s = next_component_string(tmp, " \t", &pos); 641 942 while(s){ 642 943 char **tmp2 = realloc(strings, (nstr + 1) * sizeof(*strings)); … … 648 949 if(strings[nstr-1] == NULL) 649 950 goto cleanup; 650 s = strtok_r(NULL, " \t", &pos);951 s = next_component_string(NULL, " \t", &pos); 651 952 } 652 953 free(tmp); … … 668 969 } 669 970 670 char** 971 /** 972 * Get a list of configuration strings, free the result with 973 * krb5_config_free_strings(). 974 * 975 * @param context A Kerberos 5 context. 976 * @param c a configuration section, or NULL to use the section from context 977 * @param ... a list of names, terminated with NULL. 978 * 979 * @return TRUE or FALSE 980 * 981 * @ingroup krb5_support 982 */ 983 984 KRB5_LIB_FUNCTION char** KRB5_LIB_CALL 671 985 krb5_config_get_strings(krb5_context context, 672 986 const krb5_config_section *c, … … 681 995 } 682 996 683 void KRB5_LIB_FUNCTION 997 /** 998 * Free the resulting strings from krb5_config-get_strings() and 999 * krb5_config_vget_strings(). 1000 * 1001 * @param strings strings to free 1002 * 1003 * @ingroup krb5_support 1004 */ 1005 1006 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 684 1007 krb5_config_free_strings(char **strings) 685 1008 { … … 692 1015 } 693 1016 694 krb5_boolean KRB5_LIB_FUNCTION 1017 /** 1018 * Like krb5_config_get_bool_default() but with a va_list list of 1019 * configuration selection. 1020 * 1021 * Configuration value to a boolean value, where yes/true and any 1022 * non-zero number means TRUE and other value is FALSE. 1023 * 1024 * @param context A Kerberos 5 context. 1025 * @param c a configuration section, or NULL to use the section from context 1026 * @param def_value the default value to return if no configuration 1027 * found in the database. 1028 * @param args a va_list of arguments 1029 * 1030 * @return TRUE or FALSE 1031 * 1032 * @ingroup krb5_support 1033 */ 1034 1035 KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL 695 1036 krb5_config_vget_bool_default (krb5_context context, 696 1037 const krb5_config_section *c, … … 708 1049 } 709 1050 710 krb5_boolean KRB5_LIB_FUNCTION 1051 /** 1052 * krb5_config_get_bool() will convert the configuration 1053 * option value to a boolean value, where yes/true and any non-zero 1054 * number means TRUE and other value is FALSE. 1055 * 1056 * @param context A Kerberos 5 context. 1057 * @param c a configuration section, or NULL to use the section from context 1058 * @param args a va_list of arguments 1059 * 1060 * @return TRUE or FALSE 1061 * 1062 * @ingroup krb5_support 1063 */ 1064 1065 KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL 711 1066 krb5_config_vget_bool (krb5_context context, 712 1067 const krb5_config_section *c, … … 716 1071 } 717 1072 718 krb5_boolean KRB5_LIB_FUNCTION 1073 /** 1074 * krb5_config_get_bool_default() will convert the configuration 1075 * option value to a boolean value, where yes/true and any non-zero 1076 * number means TRUE and other value is FALSE. 1077 * 1078 * @param context A Kerberos 5 context. 1079 * @param c a configuration section, or NULL to use the section from context 1080 * @param def_value the default value to return if no configuration 1081 * found in the database. 1082 * @param ... a list of names, terminated with NULL. 1083 * 1084 * @return TRUE or FALSE 1085 * 1086 * @ingroup krb5_support 1087 */ 1088 1089 KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL 719 1090 krb5_config_get_bool_default (krb5_context context, 720 1091 const krb5_config_section *c, … … 730 1101 } 731 1102 732 krb5_boolean KRB5_LIB_FUNCTION 1103 /** 1104 * Like krb5_config_get_bool() but with a va_list list of 1105 * configuration selection. 1106 * 1107 * Configuration value to a boolean value, where yes/true and any 1108 * non-zero number means TRUE and other value is FALSE. 1109 * 1110 * @param context A Kerberos 5 context. 1111 * @param c a configuration section, or NULL to use the section from context 1112 * @param ... a list of names, terminated with NULL. 1113 * 1114 * @return TRUE or FALSE 1115 * 1116 * @ingroup krb5_support 1117 */ 1118 1119 KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL 733 1120 krb5_config_get_bool (krb5_context context, 734 1121 const krb5_config_section *c, … … 743 1130 } 744 1131 745 int KRB5_LIB_FUNCTION 1132 /** 1133 * Get the time from the configuration file using a relative time. 1134 * 1135 * Like krb5_config_get_time_default() but with a va_list list of 1136 * configuration selection. 1137 * 1138 * @param context A Kerberos 5 context. 1139 * @param c a configuration section, or NULL to use the section from context 1140 * @param def_value the default value to return if no configuration 1141 * found in the database. 1142 * @param args a va_list of arguments 1143 * 1144 * @return parsed the time (or def_value on parse error) 1145 * 1146 * @ingroup krb5_support 1147 */ 1148 1149 KRB5_LIB_FUNCTION int KRB5_LIB_CALL 746 1150 krb5_config_vget_time_default (krb5_context context, 747 1151 const krb5_config_section *c, … … 760 1164 } 761 1165 762 int KRB5_LIB_FUNCTION 1166 /** 1167 * Get the time from the configuration file using a relative time, for example: 1h30s 1168 * 1169 * @param context A Kerberos 5 context. 1170 * @param c a configuration section, or NULL to use the section from context 1171 * @param args a va_list of arguments 1172 * 1173 * @return parsed the time or -1 on error 1174 * 1175 * @ingroup krb5_support 1176 */ 1177 1178 KRB5_LIB_FUNCTION int KRB5_LIB_CALL 763 1179 krb5_config_vget_time (krb5_context context, 764 1180 const krb5_config_section *c, … … 768 1184 } 769 1185 770 int KRB5_LIB_FUNCTION 1186 /** 1187 * Get the time from the configuration file using a relative time, for example: 1h30s 1188 * 1189 * @param context A Kerberos 5 context. 1190 * @param c a configuration section, or NULL to use the section from context 1191 * @param def_value the default value to return if no configuration 1192 * found in the database. 1193 * @param ... a list of names, terminated with NULL. 1194 * 1195 * @return parsed the time (or def_value on parse error) 1196 * 1197 * @ingroup krb5_support 1198 */ 1199 1200 KRB5_LIB_FUNCTION int KRB5_LIB_CALL 771 1201 krb5_config_get_time_default (krb5_context context, 772 1202 const krb5_config_section *c, … … 782 1212 } 783 1213 784 int KRB5_LIB_FUNCTION 1214 /** 1215 * Get the time from the configuration file using a relative time, for example: 1h30s 1216 * 1217 * @param context A Kerberos 5 context. 1218 * @param c a configuration section, or NULL to use the section from context 1219 * @param ... a list of names, terminated with NULL. 1220 * 1221 * @return parsed the time or -1 on error 1222 * 1223 * @ingroup krb5_support 1224 */ 1225 1226 KRB5_LIB_FUNCTION int KRB5_LIB_CALL 785 1227 krb5_config_get_time (krb5_context context, 786 1228 const krb5_config_section *c, … … 796 1238 797 1239 798 int KRB5_LIB_FUNCTION 1240 KRB5_LIB_FUNCTION int KRB5_LIB_CALL 799 1241 krb5_config_vget_int_default (krb5_context context, 800 1242 const krb5_config_section *c, … … 817 1259 } 818 1260 819 int KRB5_LIB_FUNCTION 1261 KRB5_LIB_FUNCTION int KRB5_LIB_CALL 820 1262 krb5_config_vget_int (krb5_context context, 821 1263 const krb5_config_section *c, … … 825 1267 } 826 1268 827 int KRB5_LIB_FUNCTION 1269 KRB5_LIB_FUNCTION int KRB5_LIB_CALL 828 1270 krb5_config_get_int_default (krb5_context context, 829 1271 const krb5_config_section *c, … … 839 1281 } 840 1282 841 int KRB5_LIB_FUNCTION 1283 KRB5_LIB_FUNCTION int KRB5_LIB_CALL 842 1284 krb5_config_get_int (krb5_context context, 843 1285 const krb5_config_section *c, … … 851 1293 return ret; 852 1294 } 1295 1296 1297 #ifndef HEIMDAL_SMALLER 1298 1299 /** 1300 * Deprecated: configuration files are not strings 1301 * 1302 * @ingroup krb5_deprecated 1303 */ 1304 1305 KRB5_DEPRECATED 1306 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1307 krb5_config_parse_string_multi(krb5_context context, 1308 const char *string, 1309 krb5_config_section **res) 1310 { 1311 const char *str; 1312 unsigned lineno = 0; 1313 krb5_error_code ret; 1314 struct fileptr f; 1315 f.f = NULL; 1316 f.s = string; 1317 1318 ret = krb5_config_parse_debug (&f, res, &lineno, &str); 1319 if (ret) { 1320 krb5_set_error_message (context, ret, "%s:%u: %s", 1321 "<constant>", lineno, str); 1322 return ret; 1323 } 1324 return 0; 1325 } 1326 1327 #endif -
trunk/server/source4/heimdal/lib/krb5/constants.c
r414 r745 3 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 4 * All rights reserved. 5 * 6 * Portions Copyright (c) 2009 Apple Inc. All rights reserved. 5 7 * 6 8 * Redistribution and use in source and binary forms, with or without … … 36 38 KRB5_LIB_VARIABLE const char *krb5_config_file = 37 39 #ifdef __APPLE__ 38 "~/Library/Preferences/edu.mit.Kerberos:" 39 "/Library/Preferences/edu.mit.Kerberos:" 40 "~/Library/Preferences/com.apple.Kerberos.plist" PATH_SEP 41 "/Library/Preferences/com.apple.Kerberos.plist" PATH_SEP 42 "~/Library/Preferences/edu.mit.Kerberos" PATH_SEP 43 "/Library/Preferences/edu.mit.Kerberos" PATH_SEP 44 #endif /* __APPLE__ */ 45 "~/.krb5/config" PATH_SEP 46 SYSCONFDIR "/krb5.conf" 47 #ifdef _WIN32 48 PATH_SEP "%{COMMON_APPDATA}/Kerberos/krb5.conf" 49 PATH_SEP "%{WINDOWS}/krb5.ini" 50 #else 51 PATH_SEP "/etc/krb5.conf" 40 52 #endif 41 SYSCONFDIR "/krb5.conf:/etc/krb5.conf"; 53 ; 54 42 55 KRB5_LIB_VARIABLE const char *krb5_defkeyname = KEYTAB_DEFAULT; 43 56 -
trunk/server/source4/heimdal/lib/krb5/context.c
r414 r745 1 1 /* 2 * Copyright (c) 1997 - 20 05Kungliga Tekniska Högskolan2 * Copyright (c) 1997 - 2010 Kungliga Tekniska Högskolan 3 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 4 * All rights reserved. 5 * 6 * Portions Copyright (c) 2009 Apple Inc. All rights reserved. 5 7 * 6 8 * Redistribution and use in source and binary forms, with or without … … 86 88 87 89 /* 88 *89 */90 91 static krb5_error_code92 copy_etypes (krb5_context context,93 krb5_enctype *enctypes,94 krb5_enctype **ret_enctypes)95 {96 unsigned int i;97 98 for (i = 0; enctypes[i]; i++)99 ;100 i++;101 102 *ret_enctypes = malloc(sizeof(ret_enctypes[0]) * i);103 if (*ret_enctypes == NULL) {104 krb5_set_error_message(context, ENOMEM,105 N_("malloc: out of memory", ""));106 return ENOMEM;107 }108 memcpy(*ret_enctypes, enctypes, sizeof(ret_enctypes[0]) * i);109 return 0;110 }111 112 113 /*114 90 * read variables from the configuration file and set in `context' 115 91 */ … … 120 96 krb5_error_code ret; 121 97 const char * tmp; 98 char **s; 122 99 krb5_enctype *tmptypes; 123 100 … … 127 104 128 105 INIT_FIELD(context, string, http_proxy, NULL, "http_proxy"); 106 107 ret = krb5_config_get_bool_default(context, NULL, FALSE, 108 "libdefaults", 109 "allow_weak_crypto", NULL); 110 if (ret) { 111 krb5_enctype_enable(context, ETYPE_DES_CBC_CRC); 112 krb5_enctype_enable(context, ETYPE_DES_CBC_MD4); 113 krb5_enctype_enable(context, ETYPE_DES_CBC_MD5); 114 krb5_enctype_enable(context, ETYPE_DES_CBC_NONE); 115 krb5_enctype_enable(context, ETYPE_DES_CFB64_NONE); 116 krb5_enctype_enable(context, ETYPE_DES_PCBC_NONE); 117 } 129 118 130 119 ret = set_etypes (context, "default_etypes", &tmptypes); … … 218 207 context->default_cc_name_set = 0; 219 208 220 ret = krb5_config_get_bool_default(context, NULL, FALSE, 221 "libdefaults", 222 "allow_weak_crypto", NULL); 223 if (ret) { 224 krb5_enctype_enable(context, ETYPE_DES_CBC_CRC); 225 krb5_enctype_enable(context, ETYPE_DES_CBC_MD4); 226 krb5_enctype_enable(context, ETYPE_DES_CBC_MD5); 227 krb5_enctype_enable(context, ETYPE_DES_CBC_NONE); 228 krb5_enctype_enable(context, ETYPE_DES_CFB64_NONE); 229 krb5_enctype_enable(context, ETYPE_DES_PCBC_NONE); 209 s = krb5_config_get_strings(context, NULL, "logging", "krb5", NULL); 210 if(s) { 211 char **p; 212 krb5_initlog(context, "libkrb5", &context->debug_dest); 213 for(p = s; *p; p++) 214 krb5_addlog_dest(context, context->debug_dest, *p); 215 krb5_config_free_strings(s); 216 } 217 218 tmp = krb5_config_get_string(context, NULL, "libdefaults", 219 "check-rd-req-server", NULL); 220 if (tmp == NULL && !issuid()) 221 tmp = getenv("KRB5_CHECK_RD_REQ_SERVER"); 222 if(tmp) { 223 if (strcasecmp(tmp, "ignore") == 0) 224 context->flags |= KRB5_CTX_F_RD_REQ_IGNORE; 230 225 } 231 226 … … 239 234 context->num_cc_ops = 0; 240 235 236 #ifndef KCM_IS_API_CACHE 241 237 krb5_cc_register(context, &krb5_acc_ops, TRUE); 238 #endif 242 239 krb5_cc_register(context, &krb5_fcc_ops, TRUE); 243 240 krb5_cc_register(context, &krb5_mcc_ops, TRUE); 241 #ifdef HAVE_SCC 244 242 krb5_cc_register(context, &krb5_scc_ops, TRUE); 243 #endif 245 244 #ifdef HAVE_KCM 245 #ifdef KCM_IS_API_CACHE 246 krb5_cc_register(context, &krb5_akcm_ops, TRUE); 247 #endif 246 248 krb5_cc_register(context, &krb5_kcm_ops, TRUE); 247 249 #endif 250 _krb5_load_ccache_plugins(context); 251 return 0; 252 } 253 254 static krb5_error_code 255 cc_ops_copy(krb5_context context, const krb5_context src_context) 256 { 257 const krb5_cc_ops **cc_ops; 258 259 context->cc_ops = NULL; 260 context->num_cc_ops = 0; 261 262 if (src_context->num_cc_ops == 0) 263 return 0; 264 265 cc_ops = malloc(sizeof(cc_ops[0]) * src_context->num_cc_ops); 266 if (cc_ops == NULL) { 267 krb5_set_error_message(context, KRB5_CC_NOMEM, 268 N_("malloc: out of memory", "")); 269 return KRB5_CC_NOMEM; 270 } 271 272 memcpy(rk_UNCONST(cc_ops), src_context->cc_ops, 273 sizeof(cc_ops[0]) * src_context->num_cc_ops); 274 context->cc_ops = cc_ops; 275 context->num_cc_ops = src_context->num_cc_ops; 276 248 277 return 0; 249 278 } … … 266 295 } 267 296 297 static krb5_error_code 298 kt_ops_copy(krb5_context context, const krb5_context src_context) 299 { 300 context->num_kt_types = 0; 301 context->kt_types = NULL; 302 303 if (src_context->num_kt_types == 0) 304 return 0; 305 306 context->kt_types = malloc(sizeof(context->kt_types[0]) * src_context->num_kt_types); 307 if (context->kt_types == NULL) { 308 krb5_set_error_message(context, ENOMEM, 309 N_("malloc: out of memory", "")); 310 return ENOMEM; 311 } 312 313 context->num_kt_types = src_context->num_kt_types; 314 memcpy(context->kt_types, src_context->kt_types, 315 sizeof(context->kt_types[0]) * src_context->num_kt_types); 316 317 return 0; 318 } 319 320 static const char *sysplugin_dirs[] = { 321 LIBDIR "/plugin/krb5", 322 #ifdef __APPLE__ 323 "/Library/KerberosPlugins/KerberosFrameworkPlugins", 324 "/System/Library/KerberosPlugins/KerberosFrameworkPlugins", 325 #endif 326 NULL 327 }; 328 329 static void 330 init_context_once(void *ctx) 331 { 332 krb5_context context = ctx; 333 334 _krb5_load_plugins(context, "krb5", sysplugin_dirs); 335 336 bindtextdomain(HEIMDAL_TEXTDOMAIN, HEIMDAL_LOCALEDIR); 337 } 338 268 339 269 340 /** … … 282 353 */ 283 354 284 krb5_error_code KRB5_LIB_FUNCTION 355 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 285 356 krb5_init_context(krb5_context *context) 286 357 { 358 static heim_base_once_t init_context = HEIM_BASE_ONCE_INIT; 287 359 krb5_context p; 288 360 krb5_error_code ret; … … 290 362 291 363 *context = NULL; 292 293 /* should have a run_once */294 bindtextdomain(HEIMDAL_TEXTDOMAIN, HEIMDAL_LOCALEDIR);295 364 296 365 p = calloc(1, sizeof(*p)); … … 320 389 kt_ops_register(p); 321 390 391 #ifdef PKINIT 392 ret = hx509_context_init(&p->hx509ctx); 393 if (ret) 394 goto out; 395 #endif 396 if (rk_SOCK_INIT()) 397 p->flags |= KRB5_CTX_F_SOCKETS_INITIALIZED; 398 322 399 out: 323 400 if(ret) { 324 401 krb5_free_context(p); 325 402 p = NULL; 403 } else { 404 heim_base_once_f(&init_context, p, init_context_once); 326 405 } 327 406 *context = p; … … 329 408 } 330 409 331 /** 332 * Make a copy for the Kerberos 5 context, allocated krb5_contex shoud 410 #ifndef HEIMDAL_SMALLER 411 412 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 413 krb5_get_permitted_enctypes(krb5_context context, 414 krb5_enctype **etypes) 415 { 416 return krb5_get_default_in_tkt_etypes(context, etypes); 417 } 418 419 /* 420 * 421 */ 422 423 static krb5_error_code 424 copy_etypes (krb5_context context, 425 krb5_enctype *enctypes, 426 krb5_enctype **ret_enctypes) 427 { 428 unsigned int i; 429 430 for (i = 0; enctypes[i]; i++) 431 ; 432 i++; 433 434 *ret_enctypes = malloc(sizeof(ret_enctypes[0]) * i); 435 if (*ret_enctypes == NULL) { 436 krb5_set_error_message(context, ENOMEM, 437 N_("malloc: out of memory", "")); 438 return ENOMEM; 439 } 440 memcpy(*ret_enctypes, enctypes, sizeof(ret_enctypes[0]) * i); 441 return 0; 442 } 443 444 /** 445 * Make a copy for the Kerberos 5 context, the new krb5_context shoud 333 446 * be freed with krb5_free_context(). 334 447 * … … 342 455 */ 343 456 344 krb5_error_code KRB5_LIB_FUNCTION 457 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 345 458 krb5_copy_context(krb5_context context, krb5_context *out) 346 459 { … … 394 507 /* XXX should copy */ 395 508 krb5_init_ets(p); 396 cc_ops_register(p); 397 kt_ops_register(p); 509 510 cc_ops_copy(p, context); 511 kt_ops_copy(p, context); 398 512 399 513 #if 0 /* XXX */ 400 514 if(context->warn_dest != NULL) 515 ; 516 if(context->debug_dest != NULL) 401 517 ; 402 518 #endif … … 422 538 } 423 539 540 #endif 541 424 542 /** 425 543 * Frees the krb5_context allocated by krb5_init_context(). … … 430 548 */ 431 549 432 void KRB5_LIB_FUNCTION 550 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 433 551 krb5_free_context(krb5_context context) 434 552 { … … 442 560 krb5_config_file_free (context, context->cf); 443 561 free_error_table (context->et_list); 444 free( context->cc_ops);562 free(rk_UNCONST(context->cc_ops)); 445 563 free(context->kt_types); 446 564 krb5_clear_error_message(context); 447 565 if(context->warn_dest != NULL) 448 566 krb5_closelog(context, context->warn_dest); 567 if(context->debug_dest != NULL) 568 krb5_closelog(context, context->debug_dest); 449 569 krb5_set_extra_addresses(context, NULL); 450 570 krb5_set_ignore_addresses(context, NULL); 451 571 krb5_set_send_to_kdc_func(context, NULL, NULL); 452 572 573 #ifdef PKINIT 574 if (context->hx509ctx) 575 hx509_context_free(&context->hx509ctx); 576 #endif 577 453 578 HEIMDAL_MUTEX_destroy(context->mutex); 454 579 free(context->mutex); 580 if (context->flags & KRB5_CTX_F_SOCKETS_INITIALIZED) { 581 rk_SOCK_EXIT(); 582 } 455 583 456 584 memset(context, 0, sizeof(*context)); … … 470 598 */ 471 599 472 krb5_error_code KRB5_LIB_FUNCTION 600 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 473 601 krb5_set_config_files(krb5_context context, char **filenames) 474 602 { … … 477 605 while(filenames != NULL && *filenames != NULL && **filenames != '\0') { 478 606 ret = krb5_config_parse_file_multi(context, *filenames, &tmp); 479 if(ret != 0 && ret != ENOENT && ret != EACCES ) {607 if(ret != 0 && ret != ENOENT && ret != EACCES && ret != EPERM) { 480 608 krb5_config_file_free(context, tmp); 481 609 return ret; … … 489 617 return ENXIO; 490 618 #endif 619 620 #ifdef _WIN32 621 _krb5_load_config_from_registry(context, &tmp); 622 #endif 623 491 624 krb5_config_file_free(context, context->cf); 492 625 context->cf = tmp; … … 525 658 */ 526 659 527 krb5_error_code KRB5_LIB_FUNCTION 660 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 528 661 krb5_prepend_config_files(const char *filelist, char **pq, char ***ret_pp) 529 662 { … … 541 674 ssize_t l; 542 675 q = p; 543 l = strsep_copy(&q, ":", NULL, 0);676 l = strsep_copy(&q, PATH_SEP, NULL, 0); 544 677 if(l == -1) 545 678 break; … … 549 682 return ENOMEM; 550 683 } 551 (void)strsep_copy(&p, ":", fn, l + 1);684 (void)strsep_copy(&p, PATH_SEP, fn, l + 1); 552 685 ret = add_file(&pp, &len, fn); 553 686 if (ret) { … … 590 723 */ 591 724 592 krb5_error_code KRB5_LIB_FUNCTION 725 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 593 726 krb5_prepend_config_files_default(const char *filelist, char ***pfilenames) 594 727 { … … 609 742 } 610 743 744 #ifdef _WIN32 745 746 /** 747 * Checks the registry for configuration file location 748 * 749 * Kerberos for Windows and other legacy Kerberos applications expect 750 * to find the configuration file location in the 751 * SOFTWARE\MIT\Kerberos registry key under the value "config". 752 */ 753 char * 754 _krb5_get_default_config_config_files_from_registry() 755 { 756 static const char * KeyName = "Software\\MIT\\Kerberos"; 757 char *config_file = NULL; 758 LONG rcode; 759 HKEY key; 760 761 rcode = RegOpenKeyEx(HKEY_CURRENT_USER, KeyName, 0, KEY_READ, &key); 762 if (rcode == ERROR_SUCCESS) { 763 config_file = _krb5_parse_reg_value_as_multi_string(NULL, key, "config", 764 REG_NONE, 0, PATH_SEP); 765 RegCloseKey(key); 766 } 767 768 if (config_file) 769 return config_file; 770 771 rcode = RegOpenKeyEx(HKEY_LOCAL_MACHINE, KeyName, 0, KEY_READ, &key); 772 if (rcode == ERROR_SUCCESS) { 773 config_file = _krb5_parse_reg_value_as_multi_string(NULL, key, "config", 774 REG_NONE, 0, PATH_SEP); 775 RegCloseKey(key); 776 } 777 778 return config_file; 779 } 780 781 #endif 782 611 783 /** 612 784 * Get the global configuration list. … … 620 792 */ 621 793 622 krb5_error_code KRB5_LIB_FUNCTION 794 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 623 795 krb5_get_default_config_files(char ***pfilenames) 624 796 { … … 629 801 if(!issuid()) 630 802 files = getenv("KRB5_CONFIG"); 803 804 #ifdef _WIN32 805 if (files == NULL) { 806 char * reg_files; 807 reg_files = _krb5_get_default_config_config_files_from_registry(); 808 if (reg_files != NULL) { 809 krb5_error_code code; 810 811 code = krb5_prepend_config_files(reg_files, NULL, pfilenames); 812 free(reg_files); 813 814 return code; 815 } 816 } 817 #endif 818 631 819 if (files == NULL) 632 820 files = krb5_config_file; … … 647 835 */ 648 836 649 void KRB5_LIB_FUNCTION 837 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 650 838 krb5_free_config_files(char **filenames) 651 839 { … … 669 857 */ 670 858 671 const krb5_enctype * KRB5_LIB_FUNCTION 859 KRB5_LIB_FUNCTION const krb5_enctype * KRB5_LIB_CALL 672 860 krb5_kerberos_enctypes(krb5_context context) 673 861 { … … 730 918 */ 731 919 732 krb5_error_code KRB5_LIB_FUNCTION 920 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 733 921 krb5_set_default_in_tkt_etypes(krb5_context context, 734 922 const krb5_enctype *etypes) 735 923 { 924 krb5_error_code ret; 736 925 krb5_enctype *p = NULL; 737 int i;926 unsigned int n, m; 738 927 739 928 if(etypes) { 740 for (i = 0; etypes[i]; ++i) { 741 krb5_error_code ret; 742 ret = krb5_enctype_valid(context, etypes[i]); 929 for (n = 0; etypes[n]; n++) 930 ; 931 n++; 932 ALLOC(p, n); 933 if(!p) { 934 krb5_set_error_message (context, ENOMEM, 935 N_("malloc: out of memory", "")); 936 return ENOMEM; 937 } 938 for (n = 0, m = 0; etypes[n]; n++) { 939 ret = krb5_enctype_valid(context, etypes[n]); 743 940 if (ret) 744 return ret; 745 } 746 ++i; 747 ALLOC(p, i); 748 if(!p) { 749 krb5_set_error_message (context, ENOMEM, N_("malloc: out of memory", "")); 750 return ENOMEM; 751 } 752 memmove(p, etypes, i * sizeof(krb5_enctype)); 941 continue; 942 p[m++] = etypes[n]; 943 } 944 p[m] = ETYPE_NULL; 945 if (m == 0) { 946 free(p); 947 krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP, 948 N_("no valid enctype set", "")); 949 return KRB5_PROG_ETYPE_NOSUPP; 950 } 753 951 } 754 952 if(context->etypes) … … 772 970 */ 773 971 774 krb5_error_code KRB5_LIB_FUNCTION 972 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 775 973 krb5_get_default_in_tkt_etypes(krb5_context context, 776 974 krb5_enctype **etypes) … … 799 997 800 998 /** 801 * Return the error string for the error code. The caller must not802 * free the string.803 *804 * @param context Kerberos 5 context.805 * @param code Kerberos error code.806 *807 * @return the error message matching code808 *809 * @ingroup krb5810 */811 812 const char* KRB5_LIB_FUNCTION813 krb5_get_err_text(krb5_context context, krb5_error_code code)814 {815 const char *p = NULL;816 if(context != NULL)817 p = com_right(context->et_list, code);818 if(p == NULL)819 p = strerror(code);820 if (p == NULL)821 p = "Unknown error";822 return p;823 }824 825 /**826 999 * Init the built-in ets in the Kerberos library. 827 1000 * … … 831 1004 */ 832 1005 833 void KRB5_LIB_FUNCTION 1006 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 834 1007 krb5_init_ets(krb5_context context) 835 1008 { 836 1009 if(context->et_list == NULL){ 837 1010 krb5_add_et_list(context, initialize_krb5_error_table_r); 1011 krb5_add_et_list(context, initialize_asn1_error_table_r); 1012 krb5_add_et_list(context, initialize_heim_error_table_r); 1013 1014 krb5_add_et_list(context, initialize_k524_error_table_r); 1015 1016 #ifdef COM_ERR_BINDDOMAIN_krb5 838 1017 bindtextdomain(COM_ERR_BINDDOMAIN_krb5, HEIMDAL_LOCALEDIR); 839 840 krb5_add_et_list(context, initialize_asn1_error_table_r);841 1018 bindtextdomain(COM_ERR_BINDDOMAIN_asn1, HEIMDAL_LOCALEDIR); 842 843 krb5_add_et_list(context, initialize_heim_error_table_r);844 1019 bindtextdomain(COM_ERR_BINDDOMAIN_heim, HEIMDAL_LOCALEDIR); 845 846 krb5_add_et_list(context, initialize_k524_error_table_r);847 1020 bindtextdomain(COM_ERR_BINDDOMAIN_k524, HEIMDAL_LOCALEDIR); 1021 #endif 848 1022 849 1023 #ifdef PKINIT 850 1024 krb5_add_et_list(context, initialize_hx_error_table_r); 1025 #ifdef COM_ERR_BINDDOMAIN_hx 851 1026 bindtextdomain(COM_ERR_BINDDOMAIN_hx, HEIMDAL_LOCALEDIR); 852 1027 #endif 1028 #endif 853 1029 } 854 1030 } … … 863 1039 */ 864 1040 865 void KRB5_LIB_FUNCTION 1041 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 866 1042 krb5_set_use_admin_kdc (krb5_context context, krb5_boolean flag) 867 1043 { … … 879 1055 */ 880 1056 881 krb5_boolean KRB5_LIB_FUNCTION 1057 KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL 882 1058 krb5_get_use_admin_kdc (krb5_context context) 883 1059 { … … 898 1074 */ 899 1075 900 krb5_error_code KRB5_LIB_FUNCTION 1076 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 901 1077 krb5_add_extra_addresses(krb5_context context, krb5_addresses *addresses) 902 1078 { … … 922 1098 */ 923 1099 924 krb5_error_code KRB5_LIB_FUNCTION 1100 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 925 1101 krb5_set_extra_addresses(krb5_context context, const krb5_addresses *addresses) 926 1102 { … … 958 1134 */ 959 1135 960 krb5_error_code KRB5_LIB_FUNCTION 1136 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 961 1137 krb5_get_extra_addresses(krb5_context context, krb5_addresses *addresses) 962 1138 { … … 981 1157 */ 982 1158 983 krb5_error_code KRB5_LIB_FUNCTION 1159 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 984 1160 krb5_add_ignore_addresses(krb5_context context, krb5_addresses *addresses) 985 1161 { … … 1005 1181 */ 1006 1182 1007 krb5_error_code KRB5_LIB_FUNCTION 1183 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1008 1184 krb5_set_ignore_addresses(krb5_context context, const krb5_addresses *addresses) 1009 1185 { … … 1040 1216 */ 1041 1217 1042 krb5_error_code KRB5_LIB_FUNCTION 1218 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1043 1219 krb5_get_ignore_addresses(krb5_context context, krb5_addresses *addresses) 1044 1220 { … … 1062 1238 */ 1063 1239 1064 krb5_error_code KRB5_LIB_FUNCTION 1240 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1065 1241 krb5_set_fcache_version(krb5_context context, int version) 1066 1242 { … … 1081 1257 */ 1082 1258 1083 krb5_error_code KRB5_LIB_FUNCTION 1259 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1084 1260 krb5_get_fcache_version(krb5_context context, int *version) 1085 1261 { … … 1097 1273 1098 1274 1099 krb5_boolean KRB5_LIB_FUNCTION 1275 KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL 1100 1276 krb5_is_thread_safe(void) 1101 1277 { … … 1116 1292 */ 1117 1293 1118 void KRB5_LIB_FUNCTION 1294 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 1119 1295 krb5_set_dns_canonicalize_hostname (krb5_context context, krb5_boolean flag) 1120 1296 { … … 1135 1311 */ 1136 1312 1137 krb5_boolean KRB5_LIB_FUNCTION 1313 KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL 1138 1314 krb5_get_dns_canonicalize_hostname (krb5_context context) 1139 1315 { … … 1153 1329 */ 1154 1330 1155 krb5_error_code KRB5_LIB_FUNCTION 1331 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1156 1332 krb5_get_kdc_sec_offset (krb5_context context, int32_t *sec, int32_t *usec) 1157 1333 { … … 1175 1351 */ 1176 1352 1177 krb5_error_code KRB5_LIB_FUNCTION 1353 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1178 1354 krb5_set_kdc_sec_offset (krb5_context context, int32_t sec, int32_t usec) 1179 1355 { … … 1194 1370 */ 1195 1371 1196 time_t KRB5_LIB_FUNCTION 1372 KRB5_LIB_FUNCTION time_t KRB5_LIB_CALL 1197 1373 krb5_get_max_time_skew (krb5_context context) 1198 1374 { … … 1209 1385 */ 1210 1386 1211 void KRB5_LIB_FUNCTION 1387 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 1212 1388 krb5_set_max_time_skew (krb5_context context, time_t t) 1213 1389 { … … 1229 1405 */ 1230 1406 1231 krb5_error_code KRB5_LIB_FUNCTION 1407 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1232 1408 krb5_init_etype (krb5_context context, 1233 1409 unsigned *len, … … 1277 1453 krb5_boolean allow; 1278 1454 1455 #ifdef HAVE_GETEUID 1279 1456 /* is never allowed for root */ 1280 1457 if (geteuid() == 0) 1281 1458 return FALSE; 1459 #endif 1282 1460 1283 1461 if (context && (context->flags & KRB5_CTX_F_HOMEDIR_ACCESS) == 0) … … 1305 1483 * @return the old value 1306 1484 * 1307 */ 1308 1309 krb5_boolean 1485 * @ingroup krb5 1486 */ 1487 1488 KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL 1310 1489 krb5_set_home_dir_access(krb5_context context, krb5_boolean allow) 1311 1490 { -
trunk/server/source4/heimdal/lib/krb5/convert_creds.c
r414 r745 32 32 */ 33 33 34 #define KRB5_DEPRECATED 35 34 36 #include "krb5_locl.h" 35 37 #include "krb5-v4compat.h" 36 38 37 39 #ifndef HEIMDAL_SMALLER 38 39 static krb5_error_code40 check_ticket_flags(TicketFlags f)41 {42 return 0; /* maybe add some more tests here? */43 }44 40 45 41 /** … … 59 55 */ 60 56 61 krb5_error_code KRB5_LIB_FUNCTION 57 KRB5_DEPRECATED 58 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 62 59 krb524_convert_creds_kdc(krb5_context context, 63 60 krb5_creds *in_cred, 64 61 struct credentials *v4creds) 65 62 { 66 krb5_error_code ret; 67 krb5_data reply; 68 krb5_storage *sp; 69 int32_t tmp; 70 krb5_data ticket; 71 char realm[REALM_SZ]; 72 krb5_creds *v5_creds = in_cred; 73 74 ret = check_ticket_flags(v5_creds->flags.b); 75 if(ret) 76 goto out2; 77 78 { 79 krb5_krbhst_handle handle; 80 81 ret = krb5_krbhst_init(context, 82 krb5_principal_get_realm(context, 83 v5_creds->server), 84 KRB5_KRBHST_KRB524, 85 &handle); 86 if (ret) 87 goto out2; 88 89 ret = krb5_sendto (context, 90 &v5_creds->ticket, 91 handle, 92 &reply); 93 krb5_krbhst_free(context, handle); 94 if (ret) 95 goto out2; 96 } 97 sp = krb5_storage_from_mem(reply.data, reply.length); 98 if(sp == NULL) { 99 ret = ENOMEM; 100 krb5_set_error_message (context, ENOMEM, N_("malloc: out of memory", "")); 101 goto out2; 102 } 103 krb5_ret_int32(sp, &tmp); 104 ret = tmp; 105 if(ret == 0) { 106 memset(v4creds, 0, sizeof(*v4creds)); 107 ret = krb5_ret_int32(sp, &tmp); 108 if(ret) 109 goto out; 110 v4creds->kvno = tmp; 111 ret = krb5_ret_data(sp, &ticket); 112 if(ret) 113 goto out; 114 v4creds->ticket_st.length = ticket.length; 115 memcpy(v4creds->ticket_st.dat, ticket.data, ticket.length); 116 krb5_data_free(&ticket); 117 ret = krb5_524_conv_principal(context, 118 v5_creds->server, 119 v4creds->service, 120 v4creds->instance, 121 v4creds->realm); 122 if(ret) 123 goto out; 124 v4creds->issue_date = v5_creds->times.starttime; 125 v4creds->lifetime = _krb5_krb_time_to_life(v4creds->issue_date, 126 v5_creds->times.endtime); 127 ret = krb5_524_conv_principal(context, v5_creds->client, 128 v4creds->pname, 129 v4creds->pinst, 130 realm); 131 if(ret) 132 goto out; 133 memcpy(v4creds->session, v5_creds->session.keyvalue.data, 8); 134 } else { 135 krb5_set_error_message (context, ret, 136 N_("converting credentials: %s", 137 "already localized"), 138 krb5_get_err_text(context, ret)); 139 } 140 out: 141 krb5_storage_free(sp); 142 krb5_data_free(&reply); 143 out2: 144 if (v5_creds != in_cred) 145 krb5_free_creds (context, v5_creds); 146 return ret; 63 memset(v4creds, 0, sizeof(*v4creds)); 64 krb5_set_error_message(context, EINVAL, 65 N_("krb524_convert_creds_kdc not supported", "")); 66 return EINVAL; 147 67 } 148 68 … … 162 82 */ 163 83 164 krb5_error_code KRB5_LIB_FUNCTION 84 KRB5_DEPRECATED 85 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 165 86 krb524_convert_creds_kdc_ccache(krb5_context context, 166 87 krb5_ccache ccache, … … 168 89 struct credentials *v4creds) 169 90 { 170 krb5_error_code ret; 171 krb5_creds *v5_creds = in_cred; 172 krb5_keytype keytype; 173 174 keytype = v5_creds->session.keytype; 175 176 if (keytype != ENCTYPE_DES_CBC_CRC) { 177 /* MIT krb524d doesn't like nothing but des-cbc-crc tickets, 178 so go get one */ 179 krb5_creds template; 180 181 memset (&template, 0, sizeof(template)); 182 template.session.keytype = ENCTYPE_DES_CBC_CRC; 183 ret = krb5_copy_principal (context, in_cred->client, &template.client); 184 if (ret) { 185 krb5_free_cred_contents (context, &template); 186 return ret; 187 } 188 ret = krb5_copy_principal (context, in_cred->server, &template.server); 189 if (ret) { 190 krb5_free_cred_contents (context, &template); 191 return ret; 192 } 193 194 ret = krb5_get_credentials (context, 0, ccache, 195 &template, &v5_creds); 196 krb5_free_cred_contents (context, &template); 197 if (ret) 198 return ret; 199 } 200 201 ret = krb524_convert_creds_kdc(context, v5_creds, v4creds); 202 203 if (v5_creds != in_cred) 204 krb5_free_creds (context, v5_creds); 205 return ret; 91 memset(v4creds, 0, sizeof(*v4creds)); 92 krb5_set_error_message(context, EINVAL, 93 N_("krb524_convert_creds_kdc_ccache not supported", "")); 94 return EINVAL; 206 95 } 207 96 -
trunk/server/source4/heimdal/lib/krb5/copy_host_realm.c
r414 r745 47 47 */ 48 48 49 krb5_error_code KRB5_LIB_FUNCTION 49 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 50 50 krb5_copy_host_realm(krb5_context context, 51 51 const krb5_realm *from, -
trunk/server/source4/heimdal/lib/krb5/creds.c
r414 r745 46 46 */ 47 47 48 krb5_error_code KRB5_LIB_FUNCTION 48 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 49 49 krb5_free_cred_contents (krb5_context context, krb5_creds *c) 50 50 { … … 75 75 */ 76 76 77 krb5_error_code KRB5_LIB_FUNCTION 77 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 78 78 krb5_copy_creds_contents (krb5_context context, 79 79 const krb5_creds *incred, … … 132 132 */ 133 133 134 krb5_error_code KRB5_LIB_FUNCTION 134 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 135 135 krb5_copy_creds (krb5_context context, 136 136 const krb5_creds *incred, … … 162 162 */ 163 163 164 krb5_error_code KRB5_LIB_FUNCTION 164 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 165 165 krb5_free_creds (krb5_context context, krb5_creds *c) 166 166 { … … 184 184 * determines what equal means). 185 185 * 186 * 187 * The following flags, set in whichfields affects the comparison: 188 * - KRB5_TC_MATCH_SRV_NAMEONLY Consider all realms equal when comparing the service principal. 189 * - KRB5_TC_MATCH_KEYTYPE Compare enctypes. 190 * - KRB5_TC_MATCH_FLAGS_EXACT Make sure that the ticket flags are identical. 191 * - KRB5_TC_MATCH_FLAGS Make sure that all ticket flags set in mcreds are also present in creds . 192 * - KRB5_TC_MATCH_TIMES_EXACT Compares the ticket times exactly. 193 * - KRB5_TC_MATCH_TIMES Compares only the expiration times of the creds. 194 * - KRB5_TC_MATCH_AUTHDATA Compares the authdata fields. 195 * - KRB5_TC_MATCH_2ND_TKT Compares the second tickets (used by user-to-user authentication). 196 * - KRB5_TC_MATCH_IS_SKEY Compares the existance of the second ticket. 197 * 186 198 * @param context Kerberos 5 context. 187 199 * @param whichfields which fields to compare. … … 194 206 */ 195 207 196 krb5_boolean KRB5_LIB_FUNCTION 208 KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL 197 209 krb5_compare_creds(krb5_context context, krb5_flags whichfields, 198 210 const krb5_creds * mcreds, const krb5_creds * creds) … … 267 279 */ 268 280 269 unsigned long 281 KRB5_LIB_FUNCTION unsigned long KRB5_LIB_CALL 270 282 krb5_creds_get_ticket_flags(krb5_creds *creds) 271 283 { -
trunk/server/source4/heimdal/lib/krb5/crypto.c
r414 r745 35 35 36 36 #include "krb5_locl.h" 37 #include <pkinit_asn1.h> 38 39 #define WEAK_ENCTYPES 1 37 38 struct _krb5_key_usage { 39 unsigned usage; 40 struct _krb5_key_data key; 41 }; 42 40 43 41 44 #ifndef HEIMDAL_SMALLER … … 43 46 #endif 44 47 45 46 #ifdef HAVE_OPENSSL /* XXX forward decl for hcrypto glue */47 const EVP_CIPHER * _krb5_EVP_hcrypto_aes_128_cts(void);48 const EVP_CIPHER * _krb5_EVP_hcrypto_aes_256_cts(void);49 #define EVP_hcrypto_aes_128_cts _krb5_EVP_hcrypto_aes_128_cts50 #define EVP_hcrypto_aes_256_cts _krb5_EVP_hcrypto_aes_256_cts51 #endif52 53 struct key_data {54 krb5_keyblock *key;55 krb5_data *schedule;56 };57 58 struct key_usage {59 unsigned usage;60 struct key_data key;61 };62 63 struct krb5_crypto_data {64 struct encryption_type *et;65 struct key_data key;66 int num_key_usage;67 struct key_usage *key_usage;68 };69 70 #define CRYPTO_ETYPE(C) ((C)->et->type)71 72 /* bits for `flags' below */73 #define F_KEYED 1 /* checksum is keyed */74 #define F_CPROOF 2 /* checksum is collision proof */75 #define F_DERIVED 4 /* uses derived keys */76 #define F_VARIANT 8 /* uses `variant' keys (6.4.3) */77 #define F_PSEUDO 16 /* not a real protocol type */78 #define F_SPECIAL 32 /* backwards */79 #define F_DISABLED 64 /* enctype/checksum disabled */80 81 struct salt_type {82 krb5_salttype type;83 const char *name;84 krb5_error_code (*string_to_key)(krb5_context, krb5_enctype, krb5_data,85 krb5_salt, krb5_data, krb5_keyblock*);86 };87 88 struct key_type {89 krb5_keytype type; /* XXX */90 const char *name;91 size_t bits;92 size_t size;93 size_t schedule_size;94 void (*random_key)(krb5_context, krb5_keyblock*);95 void (*schedule)(krb5_context, struct key_type *, struct key_data *);96 struct salt_type *string_to_key;97 void (*random_to_key)(krb5_context, krb5_keyblock*, const void*, size_t);98 void (*cleanup)(krb5_context, struct key_data *);99 const EVP_CIPHER *(*evp)(void);100 };101 102 struct checksum_type {103 krb5_cksumtype type;104 const char *name;105 size_t blocksize;106 size_t checksumsize;107 unsigned flags;108 krb5_enctype (*checksum)(krb5_context context,109 struct key_data *key,110 const void *buf, size_t len,111 unsigned usage,112 Checksum *csum);113 krb5_error_code (*verify)(krb5_context context,114 struct key_data *key,115 const void *buf, size_t len,116 unsigned usage,117 Checksum *csum);118 };119 120 struct encryption_type {121 krb5_enctype type;122 const char *name;123 size_t blocksize;124 size_t padsize;125 size_t confoundersize;126 struct key_type *keytype;127 struct checksum_type *checksum;128 struct checksum_type *keyed_checksum;129 unsigned flags;130 krb5_error_code (*encrypt)(krb5_context context,131 struct key_data *key,132 void *data, size_t len,133 krb5_boolean encryptp,134 int usage,135 void *ivec);136 size_t prf_length;137 krb5_error_code (*prf)(krb5_context,138 krb5_crypto, const krb5_data *, krb5_data *);139 };140 141 #define ENCRYPTION_USAGE(U) (((U) << 8) | 0xAA)142 #define INTEGRITY_USAGE(U) (((U) << 8) | 0x55)143 #define CHECKSUM_USAGE(U) (((U) << 8) | 0x99)144 145 static struct checksum_type *_find_checksum(krb5_cksumtype type);146 static struct encryption_type *_find_enctype(krb5_enctype type);147 48 static krb5_error_code _get_derived_key(krb5_context, krb5_crypto, 148 unsigned, struct key_data**); 149 static struct key_data *_new_derived_key(krb5_crypto crypto, unsigned usage); 150 static krb5_error_code derive_key(krb5_context context, 151 struct encryption_type *et, 152 struct key_data *key, 153 const void *constant, 154 size_t len); 155 static krb5_error_code hmac(krb5_context context, 156 struct checksum_type *cm, 157 const void *data, 158 size_t len, 159 unsigned usage, 160 struct key_data *keyblock, 161 Checksum *result); 162 static void free_key_data(krb5_context, 163 struct key_data *, 164 struct encryption_type *); 49 unsigned, struct _krb5_key_data**); 50 static struct _krb5_key_data *_new_derived_key(krb5_crypto crypto, unsigned usage); 51 165 52 static void free_key_schedule(krb5_context, 166 struct key_data *, 167 struct encryption_type *); 168 static krb5_error_code usage2arcfour (krb5_context, unsigned *); 169 static void xor (DES_cblock *, const unsigned char *); 53 struct _krb5_key_data *, 54 struct _krb5_encryption_type *); 170 55 171 56 /************************************************************ … … 173 58 ************************************************************/ 174 59 175 struct evp_schedule { 176 EVP_CIPHER_CTX ectx; 177 EVP_CIPHER_CTX dctx; 178 }; 179 180 181 static HEIMDAL_MUTEX crypto_mutex = HEIMDAL_MUTEX_INITIALIZER; 182 183 #ifdef WEAK_ENCTYPES 184 static void 185 krb5_DES_random_key(krb5_context context, 186 krb5_keyblock *key) 187 { 188 DES_cblock *k = key->keyvalue.data; 189 do { 190 krb5_generate_random_block(k, sizeof(DES_cblock)); 191 DES_set_odd_parity(k); 192 } while(DES_is_weak_key(k)); 193 } 194 195 static void 196 krb5_DES_schedule_old(krb5_context context, 197 struct key_type *kt, 198 struct key_data *key) 199 { 200 DES_set_key_unchecked(key->key->keyvalue.data, key->schedule->data); 201 } 202 203 #ifdef ENABLE_AFS_STRING_TO_KEY 204 205 /* This defines the Andrew string_to_key function. It accepts a password 206 * string as input and converts it via a one-way encryption algorithm to a DES 207 * encryption key. It is compatible with the original Andrew authentication 208 * service password database. 209 */ 210 211 /* 212 * Short passwords, i.e 8 characters or less. 213 */ 214 static void 215 krb5_DES_AFS3_CMU_string_to_key (krb5_data pw, 216 krb5_data cell, 217 DES_cblock *key) 218 { 219 char password[8+1]; /* crypt is limited to 8 chars anyway */ 220 int i; 221 222 for(i = 0; i < 8; i++) { 223 char c = ((i < pw.length) ? ((char*)pw.data)[i] : 0) ^ 224 ((i < cell.length) ? 225 tolower(((unsigned char*)cell.data)[i]) : 0); 226 password[i] = c ? c : 'X'; 227 } 228 password[8] = '\0'; 229 230 memcpy(key, crypt(password, "p1") + 2, sizeof(DES_cblock)); 231 232 /* parity is inserted into the LSB so left shift each byte up one 233 bit. This allows ascii characters with a zero MSB to retain as 234 much significance as possible. */ 235 for (i = 0; i < sizeof(DES_cblock); i++) 236 ((unsigned char*)key)[i] <<= 1; 237 DES_set_odd_parity (key); 238 } 239 240 /* 241 * Long passwords, i.e 9 characters or more. 242 */ 243 static void 244 krb5_DES_AFS3_Transarc_string_to_key (krb5_data pw, 245 krb5_data cell, 246 DES_cblock *key) 247 { 248 DES_key_schedule schedule; 249 DES_cblock temp_key; 250 DES_cblock ivec; 251 char password[512]; 252 size_t passlen; 253 254 memcpy(password, pw.data, min(pw.length, sizeof(password))); 255 if(pw.length < sizeof(password)) { 256 int len = min(cell.length, sizeof(password) - pw.length); 257 int i; 258 259 memcpy(password + pw.length, cell.data, len); 260 for (i = pw.length; i < pw.length + len; ++i) 261 password[i] = tolower((unsigned char)password[i]); 262 } 263 passlen = min(sizeof(password), pw.length + cell.length); 264 memcpy(&ivec, "kerberos", 8); 265 memcpy(&temp_key, "kerberos", 8); 266 DES_set_odd_parity (&temp_key); 267 DES_set_key_unchecked (&temp_key, &schedule); 268 DES_cbc_cksum ((void*)password, &ivec, passlen, &schedule, &ivec); 269 270 memcpy(&temp_key, &ivec, 8); 271 DES_set_odd_parity (&temp_key); 272 DES_set_key_unchecked (&temp_key, &schedule); 273 DES_cbc_cksum ((void*)password, key, passlen, &schedule, &ivec); 274 memset(&schedule, 0, sizeof(schedule)); 275 memset(&temp_key, 0, sizeof(temp_key)); 276 memset(&ivec, 0, sizeof(ivec)); 277 memset(password, 0, sizeof(password)); 278 279 DES_set_odd_parity (key); 280 } 281 282 static krb5_error_code 283 DES_AFS3_string_to_key(krb5_context context, 284 krb5_enctype enctype, 285 krb5_data password, 286 krb5_salt salt, 287 krb5_data opaque, 288 krb5_keyblock *key) 289 { 290 DES_cblock tmp; 291 if(password.length > 8) 292 krb5_DES_AFS3_Transarc_string_to_key(password, salt.saltvalue, &tmp); 293 else 294 krb5_DES_AFS3_CMU_string_to_key(password, salt.saltvalue, &tmp); 295 key->keytype = enctype; 296 krb5_data_copy(&key->keyvalue, tmp, sizeof(tmp)); 297 memset(&key, 0, sizeof(key)); 298 return 0; 299 } 300 #endif /* ENABLE_AFS_STRING_TO_KEY */ 301 302 static void 303 DES_string_to_key_int(unsigned char *data, size_t length, DES_cblock *key) 304 { 305 DES_key_schedule schedule; 306 int i; 307 int reverse = 0; 308 unsigned char *p; 309 310 unsigned char swap[] = { 0x0, 0x8, 0x4, 0xc, 0x2, 0xa, 0x6, 0xe, 311 0x1, 0x9, 0x5, 0xd, 0x3, 0xb, 0x7, 0xf }; 312 memset(key, 0, 8); 313 314 p = (unsigned char*)key; 315 for (i = 0; i < length; i++) { 316 unsigned char tmp = data[i]; 317 if (!reverse) 318 *p++ ^= (tmp << 1); 319 else 320 *--p ^= (swap[tmp & 0xf] << 4) | swap[(tmp & 0xf0) >> 4]; 321 if((i % 8) == 7) 322 reverse = !reverse; 323 } 324 DES_set_odd_parity(key); 325 if(DES_is_weak_key(key)) 326 (*key)[7] ^= 0xF0; 327 DES_set_key_unchecked(key, &schedule); 328 DES_cbc_cksum((void*)data, key, length, &schedule, key); 329 memset(&schedule, 0, sizeof(schedule)); 330 DES_set_odd_parity(key); 331 if(DES_is_weak_key(key)) 332 (*key)[7] ^= 0xF0; 333 } 334 335 static krb5_error_code 336 krb5_DES_string_to_key(krb5_context context, 337 krb5_enctype enctype, 338 krb5_data password, 339 krb5_salt salt, 340 krb5_data opaque, 341 krb5_keyblock *key) 342 { 343 unsigned char *s; 344 size_t len; 345 DES_cblock tmp; 346 347 #ifdef ENABLE_AFS_STRING_TO_KEY 348 if (opaque.length == 1) { 349 unsigned long v; 350 _krb5_get_int(opaque.data, &v, 1); 351 if (v == 1) 352 return DES_AFS3_string_to_key(context, enctype, password, 353 salt, opaque, key); 354 } 355 #endif 356 357 len = password.length + salt.saltvalue.length; 358 s = malloc(len); 359 if(len > 0 && s == NULL) { 360 krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); 361 return ENOMEM; 362 } 363 memcpy(s, password.data, password.length); 364 memcpy(s + password.length, salt.saltvalue.data, salt.saltvalue.length); 365 DES_string_to_key_int(s, len, &tmp); 366 key->keytype = enctype; 367 krb5_data_copy(&key->keyvalue, tmp, sizeof(tmp)); 368 memset(&tmp, 0, sizeof(tmp)); 369 memset(s, 0, len); 370 free(s); 371 return 0; 372 } 373 374 static void 375 krb5_DES_random_to_key(krb5_context context, 376 krb5_keyblock *key, 377 const void *data, 378 size_t size) 379 { 380 DES_cblock *k = key->keyvalue.data; 381 memcpy(k, data, key->keyvalue.length); 382 DES_set_odd_parity(k); 383 if(DES_is_weak_key(k)) 384 xor(k, (const unsigned char*)"\0\0\0\0\0\0\0\xf0"); 385 } 386 #endif 387 388 /* 389 * 390 */ 391 392 static void 393 DES3_random_key(krb5_context context, 394 krb5_keyblock *key) 395 { 396 DES_cblock *k = key->keyvalue.data; 397 do { 398 krb5_generate_random_block(k, 3 * sizeof(DES_cblock)); 399 DES_set_odd_parity(&k[0]); 400 DES_set_odd_parity(&k[1]); 401 DES_set_odd_parity(&k[2]); 402 } while(DES_is_weak_key(&k[0]) || 403 DES_is_weak_key(&k[1]) || 404 DES_is_weak_key(&k[2])); 405 } 406 407 /* 408 * A = A xor B. A & B are 8 bytes. 409 */ 410 411 static void 412 xor (DES_cblock *key, const unsigned char *b) 413 { 414 unsigned char *a = (unsigned char*)key; 415 a[0] ^= b[0]; 416 a[1] ^= b[1]; 417 a[2] ^= b[2]; 418 a[3] ^= b[3]; 419 a[4] ^= b[4]; 420 a[5] ^= b[5]; 421 a[6] ^= b[6]; 422 a[7] ^= b[7]; 423 } 424 425 #ifdef DES3_OLD_ENCTYPE 426 static krb5_error_code 427 DES3_string_to_key(krb5_context context, 428 krb5_enctype enctype, 429 krb5_data password, 430 krb5_salt salt, 431 krb5_data opaque, 432 krb5_keyblock *key) 433 { 434 char *str; 435 size_t len; 436 unsigned char tmp[24]; 437 DES_cblock keys[3]; 438 krb5_error_code ret; 439 440 len = password.length + salt.saltvalue.length; 441 str = malloc(len); 442 if(len != 0 && str == NULL) { 443 krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); 444 return ENOMEM; 445 } 446 memcpy(str, password.data, password.length); 447 memcpy(str + password.length, salt.saltvalue.data, salt.saltvalue.length); 448 { 449 DES_cblock ivec; 450 DES_key_schedule s[3]; 451 int i; 452 453 ret = _krb5_n_fold(str, len, tmp, 24); 454 if (ret) { 455 memset(str, 0, len); 456 free(str); 457 krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); 458 return ret; 459 } 460 461 for(i = 0; i < 3; i++){ 462 memcpy(keys + i, tmp + i * 8, sizeof(keys[i])); 463 DES_set_odd_parity(keys + i); 464 if(DES_is_weak_key(keys + i)) 465 xor(keys + i, (const unsigned char*)"\0\0\0\0\0\0\0\xf0"); 466 DES_set_key_unchecked(keys + i, &s[i]); 467 } 468 memset(&ivec, 0, sizeof(ivec)); 469 DES_ede3_cbc_encrypt(tmp, 470 tmp, sizeof(tmp), 471 &s[0], &s[1], &s[2], &ivec, DES_ENCRYPT); 472 memset(s, 0, sizeof(s)); 473 memset(&ivec, 0, sizeof(ivec)); 474 for(i = 0; i < 3; i++){ 475 memcpy(keys + i, tmp + i * 8, sizeof(keys[i])); 476 DES_set_odd_parity(keys + i); 477 if(DES_is_weak_key(keys + i)) 478 xor(keys + i, (const unsigned char*)"\0\0\0\0\0\0\0\xf0"); 479 } 480 memset(tmp, 0, sizeof(tmp)); 481 } 482 key->keytype = enctype; 483 krb5_data_copy(&key->keyvalue, keys, sizeof(keys)); 484 memset(keys, 0, sizeof(keys)); 485 memset(str, 0, len); 486 free(str); 487 return 0; 488 } 489 #endif 490 491 static krb5_error_code 492 DES3_string_to_key_derived(krb5_context context, 493 krb5_enctype enctype, 494 krb5_data password, 495 krb5_salt salt, 496 krb5_data opaque, 497 krb5_keyblock *key) 498 { 499 krb5_error_code ret; 500 size_t len = password.length + salt.saltvalue.length; 501 char *s; 502 503 s = malloc(len); 504 if(len != 0 && s == NULL) { 505 krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); 506 return ENOMEM; 507 } 508 memcpy(s, password.data, password.length); 509 memcpy(s + password.length, salt.saltvalue.data, salt.saltvalue.length); 510 ret = krb5_string_to_key_derived(context, 511 s, 512 len, 513 enctype, 514 key); 515 memset(s, 0, len); 516 free(s); 517 return ret; 518 } 519 520 static void 521 DES3_random_to_key(krb5_context context, 522 krb5_keyblock *key, 523 const void *data, 524 size_t size) 525 { 526 unsigned char *x = key->keyvalue.data; 527 const u_char *q = data; 528 DES_cblock *k; 529 int i, j; 530 531 memset(x, 0, sizeof(x)); 532 for (i = 0; i < 3; ++i) { 533 unsigned char foo; 534 for (j = 0; j < 7; ++j) { 535 unsigned char b = q[7 * i + j]; 536 537 x[8 * i + j] = b; 538 } 539 foo = 0; 540 for (j = 6; j >= 0; --j) { 541 foo |= q[7 * i + j] & 1; 542 foo <<= 1; 543 } 544 x[8 * i + 7] = foo; 545 } 546 k = key->keyvalue.data; 547 for (i = 0; i < 3; i++) { 548 DES_set_odd_parity(&k[i]); 549 if(DES_is_weak_key(&k[i])) 550 xor(&k[i], (const unsigned char*)"\0\0\0\0\0\0\0\xf0"); 551 } 552 } 553 554 /* 555 * ARCFOUR 556 */ 557 558 static void 559 ARCFOUR_schedule(krb5_context context, 560 struct key_type *kt, 561 struct key_data *kd) 562 { 563 RC4_set_key (kd->schedule->data, 564 kd->key->keyvalue.length, kd->key->keyvalue.data); 565 } 566 567 static krb5_error_code 568 ARCFOUR_string_to_key(krb5_context context, 569 krb5_enctype enctype, 570 krb5_data password, 571 krb5_salt salt, 572 krb5_data opaque, 573 krb5_keyblock *key) 574 { 575 krb5_error_code ret; 576 uint16_t *s = NULL; 577 size_t len, i; 578 EVP_MD_CTX *m; 579 580 m = EVP_MD_CTX_create(); 581 if (m == NULL) { 582 ret = ENOMEM; 583 krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); 584 goto out; 585 } 586 587 EVP_DigestInit_ex(m, EVP_md4(), NULL); 588 589 ret = wind_utf8ucs2_length(password.data, &len); 590 if (ret) { 591 krb5_set_error_message (context, ret, 592 N_("Password not an UCS2 string", "")); 593 goto out; 594 } 595 596 s = malloc (len * sizeof(s[0])); 597 if (len != 0 && s == NULL) { 598 krb5_set_error_message (context, ENOMEM, 599 N_("malloc: out of memory", "")); 600 ret = ENOMEM; 601 goto out; 602 } 603 604 ret = wind_utf8ucs2(password.data, s, &len); 605 if (ret) { 606 krb5_set_error_message (context, ret, 607 N_("Password not an UCS2 string", "")); 608 goto out; 609 } 610 611 /* LE encoding */ 612 for (i = 0; i < len; i++) { 613 unsigned char p; 614 p = (s[i] & 0xff); 615 EVP_DigestUpdate (m, &p, 1); 616 p = (s[i] >> 8) & 0xff; 617 EVP_DigestUpdate (m, &p, 1); 618 } 619 620 key->keytype = enctype; 621 ret = krb5_data_alloc (&key->keyvalue, 16); 622 if (ret) { 623 krb5_set_error_message (context, ENOMEM, N_("malloc: out of memory", "")); 624 goto out; 625 } 626 EVP_DigestFinal_ex (m, key->keyvalue.data, NULL); 627 628 out: 629 EVP_MD_CTX_destroy(m); 630 if (s) 631 memset (s, 0, len); 632 free (s); 633 return ret; 634 } 635 636 /* 637 * AES 638 */ 639 640 int _krb5_AES_string_to_default_iterator = 4096; 641 642 static krb5_error_code 643 AES_string_to_key(krb5_context context, 644 krb5_enctype enctype, 645 krb5_data password, 646 krb5_salt salt, 647 krb5_data opaque, 648 krb5_keyblock *key) 649 { 650 krb5_error_code ret; 651 uint32_t iter; 652 struct encryption_type *et; 653 struct key_data kd; 654 655 if (opaque.length == 0) 656 iter = _krb5_AES_string_to_default_iterator; 657 else if (opaque.length == 4) { 658 unsigned long v; 659 _krb5_get_int(opaque.data, &v, 4); 660 iter = ((uint32_t)v); 661 } else 662 return KRB5_PROG_KEYTYPE_NOSUPP; /* XXX */ 663 664 et = _find_enctype(enctype); 665 if (et == NULL) 666 return KRB5_PROG_KEYTYPE_NOSUPP; 667 668 kd.schedule = NULL; 669 ALLOC(kd.key, 1); 670 if(kd.key == NULL) { 671 krb5_set_error_message (context, ENOMEM, N_("malloc: out of memory", "")); 672 return ENOMEM; 673 } 674 kd.key->keytype = enctype; 675 ret = krb5_data_alloc(&kd.key->keyvalue, et->keytype->size); 676 if (ret) { 677 krb5_set_error_message (context, ret, N_("malloc: out of memory", "")); 678 return ret; 679 } 680 681 ret = PKCS5_PBKDF2_HMAC_SHA1(password.data, password.length, 682 salt.saltvalue.data, salt.saltvalue.length, 683 iter, 684 et->keytype->size, kd.key->keyvalue.data); 685 if (ret != 1) { 686 free_key_data(context, &kd, et); 687 krb5_set_error_message(context, KRB5_PROG_KEYTYPE_NOSUPP, 688 "Error calculating s2k"); 689 return KRB5_PROG_KEYTYPE_NOSUPP; 690 } 691 692 ret = derive_key(context, et, &kd, "kerberos", strlen("kerberos")); 693 if (ret == 0) 694 ret = krb5_copy_keyblock_contents(context, kd.key, key); 695 free_key_data(context, &kd, et); 696 697 return ret; 698 } 699 700 static void 701 evp_schedule(krb5_context context, struct key_type *kt, struct key_data *kd) 702 { 703 struct evp_schedule *key = kd->schedule->data; 704 const EVP_CIPHER *c = (*kt->evp)(); 705 706 EVP_CIPHER_CTX_init(&key->ectx); 707 EVP_CIPHER_CTX_init(&key->dctx); 708 709 EVP_CipherInit_ex(&key->ectx, c, NULL, kd->key->keyvalue.data, NULL, 1); 710 EVP_CipherInit_ex(&key->dctx, c, NULL, kd->key->keyvalue.data, NULL, 0); 711 } 712 713 static void 714 evp_cleanup(krb5_context context, struct key_data *kd) 715 { 716 struct evp_schedule *key = kd->schedule->data; 717 EVP_CIPHER_CTX_cleanup(&key->ectx); 718 EVP_CIPHER_CTX_cleanup(&key->dctx); 719 } 720 721 /* 722 * 723 */ 724 725 #ifdef WEAK_ENCTYPES 726 static struct salt_type des_salt[] = { 727 { 728 KRB5_PW_SALT, 729 "pw-salt", 730 krb5_DES_string_to_key 731 }, 732 #ifdef ENABLE_AFS_STRING_TO_KEY 733 { 734 KRB5_AFS3_SALT, 735 "afs3-salt", 736 DES_AFS3_string_to_key 737 }, 738 #endif 739 { 0 } 740 }; 741 #endif 742 743 #ifdef DES3_OLD_ENCTYPE 744 static struct salt_type des3_salt[] = { 745 { 746 KRB5_PW_SALT, 747 "pw-salt", 748 DES3_string_to_key 749 }, 750 { 0 } 751 }; 752 #endif 753 754 static struct salt_type des3_salt_derived[] = { 755 { 756 KRB5_PW_SALT, 757 "pw-salt", 758 DES3_string_to_key_derived 759 }, 760 { 0 } 761 }; 762 763 static struct salt_type AES_salt[] = { 764 { 765 KRB5_PW_SALT, 766 "pw-salt", 767 AES_string_to_key 768 }, 769 { 0 } 770 }; 771 772 static struct salt_type arcfour_salt[] = { 773 { 774 KRB5_PW_SALT, 775 "pw-salt", 776 ARCFOUR_string_to_key 777 }, 778 { 0 } 779 }; 780 781 /* 782 * 783 */ 784 785 static struct key_type keytype_null = { 786 KEYTYPE_NULL, 787 "null", 788 0, 789 0, 790 0, 791 NULL, 792 NULL, 793 NULL 794 }; 795 796 #ifdef WEAK_ENCTYPES 797 static struct key_type keytype_des_old = { 798 KEYTYPE_DES, 799 "des-old", 800 56, 801 8, 802 sizeof(DES_key_schedule), 803 krb5_DES_random_key, 804 krb5_DES_schedule_old, 805 des_salt, 806 krb5_DES_random_to_key 807 }; 808 809 static struct key_type keytype_des = { 810 KEYTYPE_DES, 811 "des", 812 56, 813 8, 814 sizeof(struct evp_schedule), 815 krb5_DES_random_key, 816 evp_schedule, 817 des_salt, 818 krb5_DES_random_to_key, 819 evp_cleanup, 820 EVP_des_cbc 821 }; 822 #endif /* WEAK_ENCTYPES */ 823 824 #ifdef DES3_OLD_ENCTYPE 825 static struct key_type keytype_des3 = { 826 KEYTYPE_DES3, 827 "des3", 828 168, 829 24, 830 sizeof(struct evp_schedule), 831 DES3_random_key, 832 evp_schedule, 833 des3_salt, 834 DES3_random_to_key, 835 evp_cleanup, 836 EVP_des_ede3_cbc 837 }; 838 #endif 839 840 static struct key_type keytype_des3_derived = { 841 KEYTYPE_DES3, 842 "des3", 843 168, 844 24, 845 sizeof(struct evp_schedule), 846 DES3_random_key, 847 evp_schedule, 848 des3_salt_derived, 849 DES3_random_to_key, 850 evp_cleanup, 851 EVP_des_ede3_cbc 852 }; 853 854 static struct key_type keytype_aes128 = { 855 KEYTYPE_AES128, 856 "aes-128", 857 128, 858 16, 859 sizeof(struct evp_schedule), 860 NULL, 861 evp_schedule, 862 AES_salt, 863 NULL, 864 evp_cleanup, 865 EVP_hcrypto_aes_128_cts 866 }; 867 868 static struct key_type keytype_aes256 = { 869 KEYTYPE_AES256, 870 "aes-256", 871 256, 872 32, 873 sizeof(struct evp_schedule), 874 NULL, 875 evp_schedule, 876 AES_salt, 877 NULL, 878 evp_cleanup, 879 EVP_hcrypto_aes_256_cts 880 }; 881 882 static struct key_type keytype_arcfour = { 883 KEYTYPE_ARCFOUR, 884 "arcfour", 885 128, 886 16, 887 sizeof(RC4_KEY), 888 NULL, 889 ARCFOUR_schedule, 890 arcfour_salt 891 }; 892 893 krb5_error_code KRB5_LIB_FUNCTION 894 krb5_salttype_to_string (krb5_context context, 895 krb5_enctype etype, 896 krb5_salttype stype, 897 char **string) 898 { 899 struct encryption_type *e; 900 struct salt_type *st; 901 902 e = _find_enctype (etype); 903 if (e == NULL) { 904 krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, 905 "encryption type %d not supported", 906 etype); 907 return KRB5_PROG_ETYPE_NOSUPP; 908 } 909 for (st = e->keytype->string_to_key; st && st->type; st++) { 910 if (st->type == stype) { 911 *string = strdup (st->name); 912 if (*string == NULL) { 913 krb5_set_error_message (context, ENOMEM, 914 N_("malloc: out of memory", "")); 915 return ENOMEM; 916 } 917 return 0; 918 } 919 } 920 krb5_set_error_message (context, HEIM_ERR_SALTTYPE_NOSUPP, 921 "salttype %d not supported", stype); 922 return HEIM_ERR_SALTTYPE_NOSUPP; 923 } 924 925 krb5_error_code KRB5_LIB_FUNCTION 926 krb5_string_to_salttype (krb5_context context, 927 krb5_enctype etype, 928 const char *string, 929 krb5_salttype *salttype) 930 { 931 struct encryption_type *e; 932 struct salt_type *st; 933 934 e = _find_enctype (etype); 935 if (e == NULL) { 936 krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, 937 N_("encryption type %d not supported", ""), 938 etype); 939 return KRB5_PROG_ETYPE_NOSUPP; 940 } 941 for (st = e->keytype->string_to_key; st && st->type; st++) { 942 if (strcasecmp (st->name, string) == 0) { 943 *salttype = st->type; 944 return 0; 945 } 946 } 947 krb5_set_error_message(context, HEIM_ERR_SALTTYPE_NOSUPP, 948 N_("salttype %s not supported", ""), string); 949 return HEIM_ERR_SALTTYPE_NOSUPP; 950 } 951 952 krb5_error_code KRB5_LIB_FUNCTION 953 krb5_get_pw_salt(krb5_context context, 954 krb5_const_principal principal, 955 krb5_salt *salt) 956 { 957 size_t len; 958 int i; 959 krb5_error_code ret; 960 char *p; 961 962 salt->salttype = KRB5_PW_SALT; 963 len = strlen(principal->realm); 964 for (i = 0; i < principal->name.name_string.len; ++i) 965 len += strlen(principal->name.name_string.val[i]); 966 ret = krb5_data_alloc (&salt->saltvalue, len); 967 if (ret) 968 return ret; 969 p = salt->saltvalue.data; 970 memcpy (p, principal->realm, strlen(principal->realm)); 971 p += strlen(principal->realm); 972 for (i = 0; i < principal->name.name_string.len; ++i) { 973 memcpy (p, 974 principal->name.name_string.val[i], 975 strlen(principal->name.name_string.val[i])); 976 p += strlen(principal->name.name_string.val[i]); 977 } 978 return 0; 979 } 980 981 krb5_error_code KRB5_LIB_FUNCTION 982 krb5_free_salt(krb5_context context, 983 krb5_salt salt) 984 { 985 krb5_data_free(&salt.saltvalue); 986 return 0; 987 } 988 989 krb5_error_code KRB5_LIB_FUNCTION 990 krb5_string_to_key_data (krb5_context context, 991 krb5_enctype enctype, 992 krb5_data password, 993 krb5_principal principal, 994 krb5_keyblock *key) 995 { 996 krb5_error_code ret; 997 krb5_salt salt; 998 999 ret = krb5_get_pw_salt(context, principal, &salt); 1000 if(ret) 1001 return ret; 1002 ret = krb5_string_to_key_data_salt(context, enctype, password, salt, key); 1003 krb5_free_salt(context, salt); 1004 return ret; 1005 } 1006 1007 krb5_error_code KRB5_LIB_FUNCTION 1008 krb5_string_to_key (krb5_context context, 1009 krb5_enctype enctype, 1010 const char *password, 1011 krb5_principal principal, 1012 krb5_keyblock *key) 1013 { 1014 krb5_data pw; 1015 pw.data = rk_UNCONST(password); 1016 pw.length = strlen(password); 1017 return krb5_string_to_key_data(context, enctype, pw, principal, key); 1018 } 1019 1020 krb5_error_code KRB5_LIB_FUNCTION 1021 krb5_string_to_key_data_salt (krb5_context context, 1022 krb5_enctype enctype, 1023 krb5_data password, 1024 krb5_salt salt, 1025 krb5_keyblock *key) 1026 { 1027 krb5_data opaque; 1028 krb5_data_zero(&opaque); 1029 return krb5_string_to_key_data_salt_opaque(context, enctype, password, 1030 salt, opaque, key); 1031 } 1032 1033 /* 1034 * Do a string -> key for encryption type `enctype' operation on 1035 * `password' (with salt `salt' and the enctype specific data string 1036 * `opaque'), returning the resulting key in `key' 1037 */ 1038 1039 krb5_error_code KRB5_LIB_FUNCTION 1040 krb5_string_to_key_data_salt_opaque (krb5_context context, 1041 krb5_enctype enctype, 1042 krb5_data password, 1043 krb5_salt salt, 1044 krb5_data opaque, 1045 krb5_keyblock *key) 1046 { 1047 struct encryption_type *et =_find_enctype(enctype); 1048 struct salt_type *st; 1049 if(et == NULL) { 1050 krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, 1051 N_("encryption type %d not supported", ""), 1052 enctype); 1053 return KRB5_PROG_ETYPE_NOSUPP; 1054 } 1055 for(st = et->keytype->string_to_key; st && st->type; st++) 1056 if(st->type == salt.salttype) 1057 return (*st->string_to_key)(context, enctype, password, 1058 salt, opaque, key); 1059 krb5_set_error_message(context, HEIM_ERR_SALTTYPE_NOSUPP, 1060 N_("salt type %d not supported", ""), 1061 salt.salttype); 1062 return HEIM_ERR_SALTTYPE_NOSUPP; 1063 } 1064 1065 /* 1066 * Do a string -> key for encryption type `enctype' operation on the 1067 * string `password' (with salt `salt'), returning the resulting key 1068 * in `key' 1069 */ 1070 1071 krb5_error_code KRB5_LIB_FUNCTION 1072 krb5_string_to_key_salt (krb5_context context, 1073 krb5_enctype enctype, 1074 const char *password, 1075 krb5_salt salt, 1076 krb5_keyblock *key) 1077 { 1078 krb5_data pw; 1079 pw.data = rk_UNCONST(password); 1080 pw.length = strlen(password); 1081 return krb5_string_to_key_data_salt(context, enctype, pw, salt, key); 1082 } 1083 1084 krb5_error_code KRB5_LIB_FUNCTION 1085 krb5_string_to_key_salt_opaque (krb5_context context, 1086 krb5_enctype enctype, 1087 const char *password, 1088 krb5_salt salt, 1089 krb5_data opaque, 1090 krb5_keyblock *key) 1091 { 1092 krb5_data pw; 1093 pw.data = rk_UNCONST(password); 1094 pw.length = strlen(password); 1095 return krb5_string_to_key_data_salt_opaque(context, enctype, 1096 pw, salt, opaque, key); 1097 } 1098 1099 krb5_error_code KRB5_LIB_FUNCTION 60 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1100 61 krb5_enctype_keysize(krb5_context context, 1101 62 krb5_enctype type, 1102 63 size_t *keysize) 1103 64 { 1104 struct encryption_type *et =_find_enctype(type);65 struct _krb5_encryption_type *et = _krb5_find_enctype(type); 1105 66 if(et == NULL) { 1106 67 krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, … … 1113 74 } 1114 75 1115 krb5_error_code KRB5_LIB_FUNCTION 76 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1116 77 krb5_enctype_keybits(krb5_context context, 1117 78 krb5_enctype type, 1118 79 size_t *keybits) 1119 80 { 1120 struct encryption_type *et =_find_enctype(type);81 struct _krb5_encryption_type *et = _krb5_find_enctype(type); 1121 82 if(et == NULL) { 1122 83 krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, … … 1129 90 } 1130 91 1131 krb5_error_code KRB5_LIB_FUNCTION 92 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1132 93 krb5_generate_random_keyblock(krb5_context context, 1133 94 krb5_enctype type, … … 1135 96 { 1136 97 krb5_error_code ret; 1137 struct encryption_type *et =_find_enctype(type);98 struct _krb5_encryption_type *et = _krb5_find_enctype(type); 1138 99 if(et == NULL) { 1139 100 krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, … … 1156 117 static krb5_error_code 1157 118 _key_schedule(krb5_context context, 1158 struct key_data *key)119 struct _krb5_key_data *key) 1159 120 { 1160 121 krb5_error_code ret; 1161 struct encryption_type *et =_find_enctype(key->key->keytype);1162 struct key_type *kt;122 struct _krb5_encryption_type *et = _krb5_find_enctype(key->key->keytype); 123 struct _krb5_key_type *kt; 1163 124 1164 125 if (et == NULL) { … … 1195 156 1196 157 static krb5_error_code 1197 NONE_checksum(krb5_context context,1198 struct key_data *key,158 SHA1_checksum(krb5_context context, 159 struct _krb5_key_data *key, 1199 160 const void *data, 1200 161 size_t len, … … 1202 163 Checksum *C) 1203 164 { 1204 return 0; 1205 } 1206 1207 static krb5_error_code 1208 CRC32_checksum(krb5_context context, 1209 struct key_data *key, 1210 const void *data, 1211 size_t len, 1212 unsigned usage, 1213 Checksum *C) 1214 { 1215 uint32_t crc; 1216 unsigned char *r = C->checksum.data; 1217 _krb5_crc_init_table (); 1218 crc = _krb5_crc_update (data, len, 0); 1219 r[0] = crc & 0xff; 1220 r[1] = (crc >> 8) & 0xff; 1221 r[2] = (crc >> 16) & 0xff; 1222 r[3] = (crc >> 24) & 0xff; 1223 return 0; 1224 } 1225 1226 static krb5_error_code 1227 RSA_MD4_checksum(krb5_context context, 1228 struct key_data *key, 1229 const void *data, 1230 size_t len, 1231 unsigned usage, 1232 Checksum *C) 1233 { 1234 if (EVP_Digest(data, len, C->checksum.data, NULL, EVP_md4(), NULL) != 1) 1235 krb5_abortx(context, "md4 checksum failed"); 1236 return 0; 1237 } 1238 1239 static krb5_error_code 1240 des_checksum(krb5_context context, 1241 const EVP_MD *evp_md, 1242 struct key_data *key, 1243 const void *data, 1244 size_t len, 1245 Checksum *cksum) 1246 { 1247 struct evp_schedule *ctx = key->schedule->data; 1248 EVP_MD_CTX *m; 1249 DES_cblock ivec; 1250 unsigned char *p = cksum->checksum.data; 1251 1252 krb5_generate_random_block(p, 8); 1253 1254 m = EVP_MD_CTX_create(); 1255 if (m == NULL) { 1256 krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); 1257 return ENOMEM; 1258 } 1259 1260 EVP_DigestInit_ex(m, evp_md, NULL); 1261 EVP_DigestUpdate(m, p, 8); 1262 EVP_DigestUpdate(m, data, len); 1263 EVP_DigestFinal_ex (m, p + 8, NULL); 1264 EVP_MD_CTX_destroy(m); 1265 memset (&ivec, 0, sizeof(ivec)); 1266 EVP_CipherInit_ex(&ctx->ectx, NULL, NULL, NULL, (void *)&ivec, -1); 1267 EVP_Cipher(&ctx->ectx, p, p, 24); 1268 1269 return 0; 1270 } 1271 1272 static krb5_error_code 1273 des_verify(krb5_context context, 1274 const EVP_MD *evp_md, 1275 struct key_data *key, 1276 const void *data, 1277 size_t len, 1278 Checksum *C) 1279 { 1280 struct evp_schedule *ctx = key->schedule->data; 1281 EVP_MD_CTX *m; 1282 unsigned char tmp[24]; 1283 unsigned char res[16]; 1284 DES_cblock ivec; 1285 krb5_error_code ret = 0; 1286 1287 m = EVP_MD_CTX_create(); 1288 if (m == NULL) { 1289 krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); 1290 return ENOMEM; 1291 } 1292 1293 memset(&ivec, 0, sizeof(ivec)); 1294 EVP_CipherInit_ex(&ctx->dctx, NULL, NULL, NULL, (void *)&ivec, -1); 1295 EVP_Cipher(&ctx->dctx, tmp, C->checksum.data, 24); 1296 1297 EVP_DigestInit_ex(m, evp_md, NULL); 1298 EVP_DigestUpdate(m, tmp, 8); /* confounder */ 1299 EVP_DigestUpdate(m, data, len); 1300 EVP_DigestFinal_ex (m, res, NULL); 1301 EVP_MD_CTX_destroy(m); 1302 if(memcmp(res, tmp + 8, sizeof(res)) != 0) { 1303 krb5_clear_error_message (context); 1304 ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; 1305 } 1306 memset(tmp, 0, sizeof(tmp)); 1307 memset(res, 0, sizeof(res)); 1308 return ret; 1309 } 1310 1311 static krb5_error_code 1312 RSA_MD4_DES_checksum(krb5_context context, 1313 struct key_data *key, 1314 const void *data, 1315 size_t len, 1316 unsigned usage, 1317 Checksum *cksum) 1318 { 1319 return des_checksum(context, EVP_md4(), key, data, len, cksum); 1320 } 1321 1322 static krb5_error_code 1323 RSA_MD4_DES_verify(krb5_context context, 1324 struct key_data *key, 1325 const void *data, 1326 size_t len, 1327 unsigned usage, 1328 Checksum *C) 1329 { 1330 return des_verify(context, EVP_md5(), key, data, len, C); 1331 } 1332 1333 static krb5_error_code 1334 RSA_MD5_checksum(krb5_context context, 1335 struct key_data *key, 1336 const void *data, 1337 size_t len, 1338 unsigned usage, 1339 Checksum *C) 1340 { 1341 if (EVP_Digest(data, len, C->checksum.data, NULL, EVP_md5(), NULL) != 1) 1342 krb5_abortx(context, "md5 checksum failed"); 1343 return 0; 1344 } 1345 1346 static krb5_error_code 1347 RSA_MD5_DES_checksum(krb5_context context, 1348 struct key_data *key, 1349 const void *data, 1350 size_t len, 1351 unsigned usage, 1352 Checksum *C) 1353 { 1354 return des_checksum(context, EVP_md5(), key, data, len, C); 1355 } 1356 1357 static krb5_error_code 1358 RSA_MD5_DES_verify(krb5_context context, 1359 struct key_data *key, 1360 const void *data, 1361 size_t len, 1362 unsigned usage, 1363 Checksum *C) 1364 { 1365 return des_verify(context, EVP_md5(), key, data, len, C); 1366 } 1367 1368 #ifdef DES3_OLD_ENCTYPE 1369 static krb5_error_code 1370 RSA_MD5_DES3_checksum(krb5_context context, 1371 struct key_data *key, 1372 const void *data, 1373 size_t len, 1374 unsigned usage, 1375 Checksum *C) 1376 { 1377 return des_checksum(context, EVP_md5(), key, data, len, C); 1378 } 1379 1380 static krb5_error_code 1381 RSA_MD5_DES3_verify(krb5_context context, 1382 struct key_data *key, 165 if (EVP_Digest(data, len, C->checksum.data, NULL, EVP_sha1(), NULL) != 1) 166 krb5_abortx(context, "sha1 checksum failed"); 167 return 0; 168 } 169 170 /* HMAC according to RFC2104 */ 171 krb5_error_code 172 _krb5_internal_hmac(krb5_context context, 173 struct _krb5_checksum_type *cm, 1383 174 const void *data, 1384 175 size_t len, 1385 176 unsigned usage, 1386 Checksum *C) 1387 { 1388 return des_verify(context, EVP_md5(), key, data, len, C); 1389 } 1390 #endif 1391 1392 static krb5_error_code 1393 SHA1_checksum(krb5_context context, 1394 struct key_data *key, 1395 const void *data, 1396 size_t len, 1397 unsigned usage, 1398 Checksum *C) 1399 { 1400 if (EVP_Digest(data, len, C->checksum.data, NULL, EVP_sha1(), NULL) != 1) 1401 krb5_abortx(context, "sha1 checksum failed"); 1402 return 0; 1403 } 1404 1405 /* HMAC according to RFC2104 */ 1406 static krb5_error_code 1407 hmac(krb5_context context, 1408 struct checksum_type *cm, 1409 const void *data, 1410 size_t len, 1411 unsigned usage, 1412 struct key_data *keyblock, 1413 Checksum *result) 177 struct _krb5_key_data *keyblock, 178 Checksum *result) 1414 179 { 1415 180 unsigned char *ipad, *opad; … … 1461 226 } 1462 227 1463 krb5_error_code KRB5_LIB_FUNCTION 228 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1464 229 krb5_hmac(krb5_context context, 1465 230 krb5_cksumtype cktype, … … 1470 235 Checksum *result) 1471 236 { 1472 struct checksum_type *c =_find_checksum(cktype);1473 struct key_data kd;237 struct _krb5_checksum_type *c = _krb5_find_checksum(cktype); 238 struct _krb5_key_data kd; 1474 239 krb5_error_code ret; 1475 240 … … 1484 249 kd.schedule = NULL; 1485 250 1486 ret = hmac(context, c, data, len, usage, &kd, result);251 ret = _krb5_internal_hmac(context, c, data, len, usage, &kd, result); 1487 252 1488 253 if (kd.schedule) … … 1492 257 } 1493 258 1494 statickrb5_error_code1495 SP_HMAC_SHA1_checksum(krb5_context context,1496 structkey_data *key,1497 1498 1499 1500 1501 { 1502 struct checksum_type *c =_find_checksum(CKSUMTYPE_SHA1);259 krb5_error_code 260 _krb5_SP_HMAC_SHA1_checksum(krb5_context context, 261 struct _krb5_key_data *key, 262 const void *data, 263 size_t len, 264 unsigned usage, 265 Checksum *result) 266 { 267 struct _krb5_checksum_type *c = _krb5_find_checksum(CKSUMTYPE_SHA1); 1503 268 Checksum res; 1504 269 char sha1_data[20]; … … 1508 273 res.checksum.length = sizeof(sha1_data); 1509 274 1510 ret = hmac(context, c, data, len, usage, key, &res);275 ret = _krb5_internal_hmac(context, c, data, len, usage, key, &res); 1511 276 if (ret) 1512 277 krb5_abortx(context, "hmac failed"); … … 1515 280 } 1516 281 1517 /* 1518 * checksum according to section 5. of draft-brezak-win2k-krb-rc4-hmac-03.txt 1519 */ 1520 1521 static krb5_error_code 1522 HMAC_MD5_checksum(krb5_context context, 1523 struct key_data *key, 1524 const void *data, 1525 size_t len, 1526 unsigned usage, 1527 Checksum *result) 1528 { 1529 EVP_MD_CTX *m; 1530 struct checksum_type *c = _find_checksum (CKSUMTYPE_RSA_MD5); 1531 const char signature[] = "signaturekey"; 1532 Checksum ksign_c; 1533 struct key_data ksign; 1534 krb5_keyblock kb; 1535 unsigned char t[4]; 1536 unsigned char tmp[16]; 1537 unsigned char ksign_c_data[16]; 1538 krb5_error_code ret; 1539 1540 m = EVP_MD_CTX_create(); 1541 if (m == NULL) { 1542 krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); 1543 return ENOMEM; 1544 } 1545 ksign_c.checksum.length = sizeof(ksign_c_data); 1546 ksign_c.checksum.data = ksign_c_data; 1547 ret = hmac(context, c, signature, sizeof(signature), 0, key, &ksign_c); 1548 if (ret) { 1549 EVP_MD_CTX_destroy(m); 1550 return ret; 1551 } 1552 ksign.key = &kb; 1553 kb.keyvalue = ksign_c.checksum; 1554 EVP_DigestInit_ex(m, EVP_md5(), NULL); 1555 t[0] = (usage >> 0) & 0xFF; 1556 t[1] = (usage >> 8) & 0xFF; 1557 t[2] = (usage >> 16) & 0xFF; 1558 t[3] = (usage >> 24) & 0xFF; 1559 EVP_DigestUpdate(m, t, 4); 1560 EVP_DigestUpdate(m, data, len); 1561 EVP_DigestFinal_ex (m, tmp, NULL); 1562 EVP_MD_CTX_destroy(m); 1563 1564 ret = hmac(context, c, tmp, sizeof(tmp), 0, &ksign, result); 1565 if (ret) 1566 return ret; 1567 return 0; 1568 } 1569 1570 static struct checksum_type checksum_none = { 1571 CKSUMTYPE_NONE, 1572 "none", 1573 1, 1574 0, 1575 0, 1576 NONE_checksum, 1577 NULL 1578 }; 1579 static struct checksum_type checksum_crc32 = { 1580 CKSUMTYPE_CRC32, 1581 "crc32", 1582 1, 1583 4, 1584 0, 1585 CRC32_checksum, 1586 NULL 1587 }; 1588 static struct checksum_type checksum_rsa_md4 = { 1589 CKSUMTYPE_RSA_MD4, 1590 "rsa-md4", 1591 64, 1592 16, 1593 F_CPROOF, 1594 RSA_MD4_checksum, 1595 NULL 1596 }; 1597 static struct checksum_type checksum_rsa_md4_des = { 1598 CKSUMTYPE_RSA_MD4_DES, 1599 "rsa-md4-des", 1600 64, 1601 24, 1602 F_KEYED | F_CPROOF | F_VARIANT, 1603 RSA_MD4_DES_checksum, 1604 RSA_MD4_DES_verify 1605 }; 1606 static struct checksum_type checksum_rsa_md5 = { 1607 CKSUMTYPE_RSA_MD5, 1608 "rsa-md5", 1609 64, 1610 16, 1611 F_CPROOF, 1612 RSA_MD5_checksum, 1613 NULL 1614 }; 1615 static struct checksum_type checksum_rsa_md5_des = { 1616 CKSUMTYPE_RSA_MD5_DES, 1617 "rsa-md5-des", 1618 64, 1619 24, 1620 F_KEYED | F_CPROOF | F_VARIANT, 1621 RSA_MD5_DES_checksum, 1622 RSA_MD5_DES_verify 1623 }; 1624 #ifdef DES3_OLD_ENCTYPE 1625 static struct checksum_type checksum_rsa_md5_des3 = { 1626 CKSUMTYPE_RSA_MD5_DES3, 1627 "rsa-md5-des3", 1628 64, 1629 24, 1630 F_KEYED | F_CPROOF | F_VARIANT, 1631 RSA_MD5_DES3_checksum, 1632 RSA_MD5_DES3_verify 1633 }; 1634 #endif 1635 static struct checksum_type checksum_sha1 = { 282 struct _krb5_checksum_type _krb5_checksum_sha1 = { 1636 283 CKSUMTYPE_SHA1, 1637 284 "sha1", … … 1642 289 NULL 1643 290 }; 1644 static struct checksum_type checksum_hmac_sha1_des3 = { 1645 CKSUMTYPE_HMAC_SHA1_DES3, 1646 "hmac-sha1-des3", 1647 64, 1648 20, 1649 F_KEYED | F_CPROOF | F_DERIVED, 1650 SP_HMAC_SHA1_checksum, 1651 NULL 1652 }; 1653 1654 static struct checksum_type checksum_hmac_sha1_aes128 = { 1655 CKSUMTYPE_HMAC_SHA1_96_AES_128, 1656 "hmac-sha1-96-aes128", 1657 64, 1658 12, 1659 F_KEYED | F_CPROOF | F_DERIVED, 1660 SP_HMAC_SHA1_checksum, 1661 NULL 1662 }; 1663 1664 static struct checksum_type checksum_hmac_sha1_aes256 = { 1665 CKSUMTYPE_HMAC_SHA1_96_AES_256, 1666 "hmac-sha1-96-aes256", 1667 64, 1668 12, 1669 F_KEYED | F_CPROOF | F_DERIVED, 1670 SP_HMAC_SHA1_checksum, 1671 NULL 1672 }; 1673 1674 static struct checksum_type checksum_hmac_md5 = { 1675 CKSUMTYPE_HMAC_MD5, 1676 "hmac-md5", 1677 64, 1678 16, 1679 F_KEYED | F_CPROOF, 1680 HMAC_MD5_checksum, 1681 NULL 1682 }; 1683 1684 static struct checksum_type *checksum_types[] = { 1685 &checksum_none, 1686 &checksum_crc32, 1687 &checksum_rsa_md4, 1688 &checksum_rsa_md4_des, 1689 &checksum_rsa_md5, 1690 &checksum_rsa_md5_des, 1691 #ifdef DES3_OLD_ENCTYPE 1692 &checksum_rsa_md5_des3, 1693 #endif 1694 &checksum_sha1, 1695 &checksum_hmac_sha1_des3, 1696 &checksum_hmac_sha1_aes128, 1697 &checksum_hmac_sha1_aes256, 1698 &checksum_hmac_md5 1699 }; 1700 1701 static int num_checksums = sizeof(checksum_types) / sizeof(checksum_types[0]); 1702 1703 static struct checksum_type * 1704 _find_checksum(krb5_cksumtype type) 291 292 struct _krb5_checksum_type * 293 _krb5_find_checksum(krb5_cksumtype type) 1705 294 { 1706 295 int i; 1707 for(i = 0; i < num_checksums; i++)1708 if( checksum_types[i]->type == type)1709 return checksum_types[i];296 for(i = 0; i < _krb5_num_checksums; i++) 297 if(_krb5_checksum_types[i]->type == type) 298 return _krb5_checksum_types[i]; 1710 299 return NULL; 1711 300 } … … 1715 304 krb5_crypto crypto, 1716 305 unsigned usage, /* not krb5_key_usage */ 1717 struct checksum_type *ct,1718 struct key_data **key)306 struct _krb5_checksum_type *ct, 307 struct _krb5_key_data **key) 1719 308 { 1720 309 krb5_error_code ret = 0; … … 1745 334 static krb5_error_code 1746 335 create_checksum (krb5_context context, 1747 struct checksum_type *ct,336 struct _krb5_checksum_type *ct, 1748 337 krb5_crypto crypto, 1749 338 unsigned usage, … … 1753 342 { 1754 343 krb5_error_code ret; 1755 struct key_data *dkey;344 struct _krb5_key_data *dkey; 1756 345 int keyed_checksum; 1757 346 … … 1782 371 1783 372 static int 1784 arcfour_checksum_p(struct checksum_type *ct, krb5_crypto crypto)373 arcfour_checksum_p(struct _krb5_checksum_type *ct, krb5_crypto crypto) 1785 374 { 1786 375 return (ct->type == CKSUMTYPE_HMAC_MD5) && … … 1788 377 } 1789 378 1790 krb5_error_code KRB5_LIB_FUNCTION 379 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1791 380 krb5_create_checksum(krb5_context context, 1792 381 krb5_crypto crypto, … … 1797 386 Checksum *result) 1798 387 { 1799 struct checksum_type *ct = NULL;388 struct _krb5_checksum_type *ct = NULL; 1800 389 unsigned keyusage; 1801 390 1802 391 /* type 0 -> pick from crypto */ 1803 392 if (type) { 1804 ct = _ find_checksum(type);393 ct = _krb5_find_checksum(type); 1805 394 } else if (crypto) { 1806 395 ct = crypto->et->keyed_checksum; … … 1818 407 if (arcfour_checksum_p(ct, crypto)) { 1819 408 keyusage = usage; 1820 usage2arcfour(context, &keyusage);409 _krb5_usage2arcfour(context, &keyusage); 1821 410 } else 1822 411 keyusage = CHECKSUM_USAGE(usage); … … 1835 424 { 1836 425 krb5_error_code ret; 1837 struct key_data *dkey;426 struct _krb5_key_data *dkey; 1838 427 int keyed_checksum; 1839 428 Checksum c; 1840 struct checksum_type *ct;1841 1842 ct = _ find_checksum(cksum->cksumtype);429 struct _krb5_checksum_type *ct; 430 431 ct = _krb5_find_checksum(cksum->cksumtype); 1843 432 if (ct == NULL || (ct->flags & F_DISABLED)) { 1844 433 krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP, … … 1849 438 if(ct->checksumsize != cksum->checksum.length) { 1850 439 krb5_clear_error_message (context); 440 krb5_set_error_message(context, KRB5KRB_AP_ERR_BAD_INTEGRITY, 441 N_("Decrypt integrity check failed for checksum type %s, " 442 "length was %u, expected %u", ""), 443 ct->name, (unsigned)cksum->checksum.length, 444 (unsigned)ct->checksumsize); 445 1851 446 return KRB5KRB_AP_ERR_BAD_INTEGRITY; /* XXX */ 1852 447 } 1853 448 keyed_checksum = (ct->flags & F_KEYED) != 0; 1854 449 if(keyed_checksum) { 1855 struct checksum_type *kct;450 struct _krb5_checksum_type *kct; 1856 451 if (crypto == NULL) { 1857 krb5_set_error_message 1858 1859 1860 452 krb5_set_error_message(context, KRB5_PROG_SUMTYPE_NOSUPP, 453 N_("Checksum type %s is keyed but no " 454 "crypto context (key) was passed in", ""), 455 ct->name); 1861 456 return KRB5_PROG_SUMTYPE_NOSUPP; /* XXX */ 1862 457 } 1863 458 kct = crypto->et->keyed_checksum; 1864 459 if (kct != NULL && kct->type != ct->type) { 1865 krb5_set_error_message 1866 1867 1868 460 krb5_set_error_message(context, KRB5_PROG_SUMTYPE_NOSUPP, 461 N_("Checksum type %s is keyed, but " 462 "the key type %s passed didnt have that checksum " 463 "type as the keyed type", ""), 1869 464 ct->name, crypto->et->name); 1870 465 return KRB5_PROG_SUMTYPE_NOSUPP; /* XXX */ … … 1876 471 } else 1877 472 dkey = NULL; 1878 if(ct->verify) 1879 return (*ct->verify)(context, dkey, data, len, usage, cksum); 473 474 /* 475 * If checksum have a verify function, lets use that instead of 476 * calling ->checksum and then compare result. 477 */ 478 479 if(ct->verify) { 480 ret = (*ct->verify)(context, dkey, data, len, usage, cksum); 481 if (ret) 482 krb5_set_error_message(context, ret, 483 N_("Decrypt integrity check failed for checksum " 484 "type %s, key type %s", ""), 485 ct->name, (crypto != NULL)? crypto->et->name : "(none)"); 486 return ret; 487 } 1880 488 1881 489 ret = krb5_data_alloc (&c.checksum, ct->checksumsize); … … 1889 497 } 1890 498 1891 if(c.checksum.length != cksum->checksum.length || 1892 memcmp(c.checksum.data, cksum->checksum.data, c.checksum.length)) { 1893 krb5_clear_error_message (context); 499 if(krb5_data_ct_cmp(&c.checksum, &cksum->checksum) != 0) { 1894 500 ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; 501 krb5_set_error_message(context, ret, 502 N_("Decrypt integrity check failed for checksum " 503 "type %s, key type %s", ""), 504 ct->name, crypto ? crypto->et->name : "(unkeyed)"); 1895 505 } else { 1896 506 ret = 0; … … 1900 510 } 1901 511 1902 krb5_error_code KRB5_LIB_FUNCTION 512 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1903 513 krb5_verify_checksum(krb5_context context, 1904 514 krb5_crypto crypto, … … 1908 518 Checksum *cksum) 1909 519 { 1910 struct checksum_type *ct;520 struct _krb5_checksum_type *ct; 1911 521 unsigned keyusage; 1912 522 1913 ct = _ find_checksum(cksum->cksumtype);523 ct = _krb5_find_checksum(cksum->cksumtype); 1914 524 if(ct == NULL) { 1915 525 krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP, … … 1921 531 if (arcfour_checksum_p(ct, crypto)) { 1922 532 keyusage = usage; 1923 usage2arcfour(context, &keyusage);533 _krb5_usage2arcfour(context, &keyusage); 1924 534 } else 1925 535 keyusage = CHECKSUM_USAGE(usage); … … 1929 539 } 1930 540 1931 krb5_error_code KRB5_LIB_FUNCTION 541 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1932 542 krb5_crypto_get_checksum_type(krb5_context context, 1933 543 krb5_crypto crypto, 1934 544 krb5_cksumtype *type) 1935 545 { 1936 struct checksum_type *ct = NULL;546 struct _krb5_checksum_type *ct = NULL; 1937 547 1938 548 if (crypto != NULL) { … … 1954 564 1955 565 1956 krb5_error_code KRB5_LIB_FUNCTION 566 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1957 567 krb5_checksumsize(krb5_context context, 1958 568 krb5_cksumtype type, 1959 569 size_t *size) 1960 570 { 1961 struct checksum_type *ct =_find_checksum(type);571 struct _krb5_checksum_type *ct = _krb5_find_checksum(type); 1962 572 if(ct == NULL) { 1963 573 krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP, … … 1970 580 } 1971 581 1972 krb5_boolean KRB5_LIB_FUNCTION 582 KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL 1973 583 krb5_checksum_is_keyed(krb5_context context, 1974 584 krb5_cksumtype type) 1975 585 { 1976 struct checksum_type *ct =_find_checksum(type);586 struct _krb5_checksum_type *ct = _krb5_find_checksum(type); 1977 587 if(ct == NULL) { 1978 588 if (context) … … 1985 595 } 1986 596 1987 krb5_boolean KRB5_LIB_FUNCTION 597 KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL 1988 598 krb5_checksum_is_collision_proof(krb5_context context, 1989 599 krb5_cksumtype type) 1990 600 { 1991 struct checksum_type *ct =_find_checksum(type);601 struct _krb5_checksum_type *ct = _krb5_find_checksum(type); 1992 602 if(ct == NULL) { 1993 603 if (context) … … 2000 610 } 2001 611 2002 krb5_error_code KRB5_LIB_FUNCTION 612 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 2003 613 krb5_checksum_disable(krb5_context context, 2004 614 krb5_cksumtype type) 2005 615 { 2006 struct checksum_type *ct =_find_checksum(type);616 struct _krb5_checksum_type *ct = _krb5_find_checksum(type); 2007 617 if(ct == NULL) { 2008 618 if (context) … … 2020 630 ************************************************************/ 2021 631 2022 static krb5_error_code 2023 NULL_encrypt(krb5_context context, 2024 struct key_data *key, 2025 void *data, 2026 size_t len, 2027 krb5_boolean encryptp, 2028 int usage, 2029 void *ivec) 2030 { 2031 return 0; 2032 } 2033 2034 static krb5_error_code 2035 evp_encrypt(krb5_context context, 2036 struct key_data *key, 2037 void *data, 2038 size_t len, 2039 krb5_boolean encryptp, 2040 int usage, 2041 void *ivec) 2042 { 2043 struct evp_schedule *ctx = key->schedule->data; 2044 EVP_CIPHER_CTX *c; 2045 c = encryptp ? &ctx->ectx : &ctx->dctx; 2046 if (ivec == NULL) { 2047 /* alloca ? */ 2048 size_t len = EVP_CIPHER_CTX_iv_length(c); 2049 void *loiv = malloc(len); 2050 if (loiv == NULL) { 2051 krb5_clear_error_message(context); 2052 return ENOMEM; 2053 } 2054 memset(loiv, 0, len); 2055 EVP_CipherInit_ex(c, NULL, NULL, NULL, loiv, -1); 2056 free(loiv); 2057 } else 2058 EVP_CipherInit_ex(c, NULL, NULL, NULL, ivec, -1); 2059 EVP_Cipher(c, data, data, len); 2060 return 0; 2061 } 2062 2063 #ifdef WEAK_ENCTYPES 2064 static krb5_error_code 2065 evp_des_encrypt_null_ivec(krb5_context context, 2066 struct key_data *key, 2067 void *data, 2068 size_t len, 2069 krb5_boolean encryptp, 2070 int usage, 2071 void *ignore_ivec) 2072 { 2073 struct evp_schedule *ctx = key->schedule->data; 2074 EVP_CIPHER_CTX *c; 2075 DES_cblock ivec; 2076 memset(&ivec, 0, sizeof(ivec)); 2077 c = encryptp ? &ctx->ectx : &ctx->dctx; 2078 EVP_CipherInit_ex(c, NULL, NULL, NULL, (void *)&ivec, -1); 2079 EVP_Cipher(c, data, data, len); 2080 return 0; 2081 } 2082 2083 static krb5_error_code 2084 evp_des_encrypt_key_ivec(krb5_context context, 2085 struct key_data *key, 2086 void *data, 2087 size_t len, 2088 krb5_boolean encryptp, 2089 int usage, 2090 void *ignore_ivec) 2091 { 2092 struct evp_schedule *ctx = key->schedule->data; 2093 EVP_CIPHER_CTX *c; 2094 DES_cblock ivec; 2095 memcpy(&ivec, key->key->keyvalue.data, sizeof(ivec)); 2096 c = encryptp ? &ctx->ectx : &ctx->dctx; 2097 EVP_CipherInit_ex(c, NULL, NULL, NULL, (void *)&ivec, -1); 2098 EVP_Cipher(c, data, data, len); 2099 return 0; 2100 } 2101 2102 static krb5_error_code 2103 DES_CFB64_encrypt_null_ivec(krb5_context context, 2104 struct key_data *key, 2105 void *data, 2106 size_t len, 2107 krb5_boolean encryptp, 2108 int usage, 2109 void *ignore_ivec) 2110 { 2111 DES_cblock ivec; 2112 int num = 0; 2113 DES_key_schedule *s = key->schedule->data; 2114 memset(&ivec, 0, sizeof(ivec)); 2115 2116 DES_cfb64_encrypt(data, data, len, s, &ivec, &num, encryptp); 2117 return 0; 2118 } 2119 2120 static krb5_error_code 2121 DES_PCBC_encrypt_key_ivec(krb5_context context, 2122 struct key_data *key, 2123 void *data, 2124 size_t len, 2125 krb5_boolean encryptp, 2126 int usage, 2127 void *ignore_ivec) 2128 { 2129 DES_cblock ivec; 2130 DES_key_schedule *s = key->schedule->data; 2131 memcpy(&ivec, key->key->keyvalue.data, sizeof(ivec)); 2132 2133 DES_pcbc_encrypt(data, data, len, s, &ivec, encryptp); 2134 return 0; 2135 } 2136 #endif 2137 2138 /* 2139 * section 6 of draft-brezak-win2k-krb-rc4-hmac-03 2140 * 2141 * warning: not for small children 2142 */ 2143 2144 static krb5_error_code 2145 ARCFOUR_subencrypt(krb5_context context, 2146 struct key_data *key, 2147 void *data, 2148 size_t len, 2149 unsigned usage, 2150 void *ivec) 2151 { 2152 struct checksum_type *c = _find_checksum (CKSUMTYPE_RSA_MD5); 2153 Checksum k1_c, k2_c, k3_c, cksum; 2154 struct key_data ke; 2155 krb5_keyblock kb; 2156 unsigned char t[4]; 2157 RC4_KEY rc4_key; 2158 unsigned char *cdata = data; 2159 unsigned char k1_c_data[16], k2_c_data[16], k3_c_data[16]; 2160 krb5_error_code ret; 2161 2162 t[0] = (usage >> 0) & 0xFF; 2163 t[1] = (usage >> 8) & 0xFF; 2164 t[2] = (usage >> 16) & 0xFF; 2165 t[3] = (usage >> 24) & 0xFF; 2166 2167 k1_c.checksum.length = sizeof(k1_c_data); 2168 k1_c.checksum.data = k1_c_data; 2169 2170 ret = hmac(NULL, c, t, sizeof(t), 0, key, &k1_c); 2171 if (ret) 2172 krb5_abortx(context, "hmac failed"); 2173 2174 memcpy (k2_c_data, k1_c_data, sizeof(k1_c_data)); 2175 2176 k2_c.checksum.length = sizeof(k2_c_data); 2177 k2_c.checksum.data = k2_c_data; 2178 2179 ke.key = &kb; 2180 kb.keyvalue = k2_c.checksum; 2181 2182 cksum.checksum.length = 16; 2183 cksum.checksum.data = data; 2184 2185 ret = hmac(NULL, c, cdata + 16, len - 16, 0, &ke, &cksum); 2186 if (ret) 2187 krb5_abortx(context, "hmac failed"); 2188 2189 ke.key = &kb; 2190 kb.keyvalue = k1_c.checksum; 2191 2192 k3_c.checksum.length = sizeof(k3_c_data); 2193 k3_c.checksum.data = k3_c_data; 2194 2195 ret = hmac(NULL, c, data, 16, 0, &ke, &k3_c); 2196 if (ret) 2197 krb5_abortx(context, "hmac failed"); 2198 2199 RC4_set_key (&rc4_key, k3_c.checksum.length, k3_c.checksum.data); 2200 RC4 (&rc4_key, len - 16, cdata + 16, cdata + 16); 2201 memset (k1_c_data, 0, sizeof(k1_c_data)); 2202 memset (k2_c_data, 0, sizeof(k2_c_data)); 2203 memset (k3_c_data, 0, sizeof(k3_c_data)); 2204 return 0; 2205 } 2206 2207 static krb5_error_code 2208 ARCFOUR_subdecrypt(krb5_context context, 2209 struct key_data *key, 2210 void *data, 2211 size_t len, 2212 unsigned usage, 2213 void *ivec) 2214 { 2215 struct checksum_type *c = _find_checksum (CKSUMTYPE_RSA_MD5); 2216 Checksum k1_c, k2_c, k3_c, cksum; 2217 struct key_data ke; 2218 krb5_keyblock kb; 2219 unsigned char t[4]; 2220 RC4_KEY rc4_key; 2221 unsigned char *cdata = data; 2222 unsigned char k1_c_data[16], k2_c_data[16], k3_c_data[16]; 2223 unsigned char cksum_data[16]; 2224 krb5_error_code ret; 2225 2226 t[0] = (usage >> 0) & 0xFF; 2227 t[1] = (usage >> 8) & 0xFF; 2228 t[2] = (usage >> 16) & 0xFF; 2229 t[3] = (usage >> 24) & 0xFF; 2230 2231 k1_c.checksum.length = sizeof(k1_c_data); 2232 k1_c.checksum.data = k1_c_data; 2233 2234 ret = hmac(NULL, c, t, sizeof(t), 0, key, &k1_c); 2235 if (ret) 2236 krb5_abortx(context, "hmac failed"); 2237 2238 memcpy (k2_c_data, k1_c_data, sizeof(k1_c_data)); 2239 2240 k2_c.checksum.length = sizeof(k2_c_data); 2241 k2_c.checksum.data = k2_c_data; 2242 2243 ke.key = &kb; 2244 kb.keyvalue = k1_c.checksum; 2245 2246 k3_c.checksum.length = sizeof(k3_c_data); 2247 k3_c.checksum.data = k3_c_data; 2248 2249 ret = hmac(NULL, c, cdata, 16, 0, &ke, &k3_c); 2250 if (ret) 2251 krb5_abortx(context, "hmac failed"); 2252 2253 RC4_set_key (&rc4_key, k3_c.checksum.length, k3_c.checksum.data); 2254 RC4 (&rc4_key, len - 16, cdata + 16, cdata + 16); 2255 2256 ke.key = &kb; 2257 kb.keyvalue = k2_c.checksum; 2258 2259 cksum.checksum.length = 16; 2260 cksum.checksum.data = cksum_data; 2261 2262 ret = hmac(NULL, c, cdata + 16, len - 16, 0, &ke, &cksum); 2263 if (ret) 2264 krb5_abortx(context, "hmac failed"); 2265 2266 memset (k1_c_data, 0, sizeof(k1_c_data)); 2267 memset (k2_c_data, 0, sizeof(k2_c_data)); 2268 memset (k3_c_data, 0, sizeof(k3_c_data)); 2269 2270 if (memcmp (cksum.checksum.data, data, 16) != 0) { 2271 krb5_clear_error_message (context); 2272 return KRB5KRB_AP_ERR_BAD_INTEGRITY; 2273 } else { 2274 return 0; 2275 } 2276 } 2277 2278 /* 2279 * convert the usage numbers used in 2280 * draft-ietf-cat-kerb-key-derivation-00.txt to the ones in 2281 * draft-brezak-win2k-krb-rc4-hmac-04.txt 2282 */ 2283 2284 static krb5_error_code 2285 usage2arcfour (krb5_context context, unsigned *usage) 2286 { 2287 switch (*usage) { 2288 case KRB5_KU_AS_REP_ENC_PART : /* 3 */ 2289 case KRB5_KU_TGS_REP_ENC_PART_SUB_KEY : /* 9 */ 2290 *usage = 8; 2291 return 0; 2292 case KRB5_KU_USAGE_SEAL : /* 22 */ 2293 *usage = 13; 2294 return 0; 2295 case KRB5_KU_USAGE_SIGN : /* 23 */ 2296 *usage = 15; 2297 return 0; 2298 case KRB5_KU_USAGE_SEQ: /* 24 */ 2299 *usage = 0; 2300 return 0; 2301 default : 2302 return 0; 2303 } 2304 } 2305 2306 static krb5_error_code 2307 ARCFOUR_encrypt(krb5_context context, 2308 struct key_data *key, 2309 void *data, 2310 size_t len, 2311 krb5_boolean encryptp, 2312 int usage, 2313 void *ivec) 2314 { 2315 krb5_error_code ret; 2316 unsigned keyusage = usage; 2317 2318 if((ret = usage2arcfour (context, &keyusage)) != 0) 2319 return ret; 2320 2321 if (encryptp) 2322 return ARCFOUR_subencrypt (context, key, data, len, keyusage, ivec); 2323 else 2324 return ARCFOUR_subdecrypt (context, key, data, len, keyusage, ivec); 2325 } 2326 2327 2328 /* 2329 * 2330 */ 2331 2332 static krb5_error_code 2333 AES_PRF(krb5_context context, 2334 krb5_crypto crypto, 2335 const krb5_data *in, 2336 krb5_data *out) 2337 { 2338 struct checksum_type *ct = crypto->et->checksum; 2339 krb5_error_code ret; 2340 Checksum result; 2341 krb5_keyblock *derived; 2342 2343 result.cksumtype = ct->type; 2344 ret = krb5_data_alloc(&result.checksum, ct->checksumsize); 2345 if (ret) { 2346 krb5_set_error_message(context, ret, N_("malloc: out memory", "")); 2347 return ret; 2348 } 2349 2350 ret = (*ct->checksum)(context, NULL, in->data, in->length, 0, &result); 2351 if (ret) { 2352 krb5_data_free(&result.checksum); 2353 return ret; 2354 } 2355 2356 if (result.checksum.length < crypto->et->blocksize) 2357 krb5_abortx(context, "internal prf error"); 2358 2359 derived = NULL; 2360 ret = krb5_derive_key(context, crypto->key.key, 2361 crypto->et->type, "prf", 3, &derived); 2362 if (ret) 2363 krb5_abortx(context, "krb5_derive_key"); 2364 2365 ret = krb5_data_alloc(out, crypto->et->blocksize); 2366 if (ret) 2367 krb5_abortx(context, "malloc failed"); 2368 2369 { 2370 const EVP_CIPHER *c = (*crypto->et->keytype->evp)(); 2371 EVP_CIPHER_CTX ctx; 2372 2373 EVP_CIPHER_CTX_init(&ctx); /* ivec all zero */ 2374 EVP_CipherInit_ex(&ctx, c, NULL, derived->keyvalue.data, NULL, 1); 2375 EVP_Cipher(&ctx, out->data, result.checksum.data, 2376 crypto->et->blocksize); 2377 EVP_CIPHER_CTX_cleanup(&ctx); 2378 } 2379 2380 krb5_data_free(&result.checksum); 2381 krb5_free_keyblock(context, derived); 2382 2383 return ret; 2384 } 2385 2386 /* 2387 * these should currently be in reverse preference order. 2388 * (only relevant for !F_PSEUDO) */ 2389 2390 static struct encryption_type enctype_null = { 2391 ETYPE_NULL, 2392 "null", 2393 1, 2394 1, 2395 0, 2396 &keytype_null, 2397 &checksum_none, 2398 NULL, 2399 F_DISABLED, 2400 NULL_encrypt, 2401 0, 2402 NULL 2403 }; 2404 static struct encryption_type enctype_arcfour_hmac_md5 = { 2405 ETYPE_ARCFOUR_HMAC_MD5, 2406 "arcfour-hmac-md5", 2407 1, 2408 1, 2409 8, 2410 &keytype_arcfour, 2411 &checksum_hmac_md5, 2412 NULL, 2413 F_SPECIAL, 2414 ARCFOUR_encrypt, 2415 0, 2416 NULL 2417 }; 2418 #ifdef DES3_OLD_ENCTYPE 2419 static struct encryption_type enctype_des3_cbc_md5 = { 2420 ETYPE_DES3_CBC_MD5, 2421 "des3-cbc-md5", 2422 8, 2423 8, 2424 8, 2425 &keytype_des3, 2426 &checksum_rsa_md5, 2427 &checksum_rsa_md5_des3, 2428 0, 2429 evp_encrypt, 2430 0, 2431 NULL 2432 }; 2433 #endif 2434 static struct encryption_type enctype_des3_cbc_sha1 = { 2435 ETYPE_DES3_CBC_SHA1, 2436 "des3-cbc-sha1", 2437 8, 2438 8, 2439 8, 2440 &keytype_des3_derived, 2441 &checksum_sha1, 2442 &checksum_hmac_sha1_des3, 2443 F_DERIVED, 2444 evp_encrypt, 2445 0, 2446 NULL 2447 }; 2448 #ifdef DES3_OLD_ENCTYPE 2449 static struct encryption_type enctype_old_des3_cbc_sha1 = { 2450 ETYPE_OLD_DES3_CBC_SHA1, 2451 "old-des3-cbc-sha1", 2452 8, 2453 8, 2454 8, 2455 &keytype_des3, 2456 &checksum_sha1, 2457 &checksum_hmac_sha1_des3, 2458 0, 2459 evp_encrypt, 2460 0, 2461 NULL 2462 }; 2463 #endif 2464 static struct encryption_type enctype_aes128_cts_hmac_sha1 = { 2465 ETYPE_AES128_CTS_HMAC_SHA1_96, 2466 "aes128-cts-hmac-sha1-96", 2467 16, 2468 1, 2469 16, 2470 &keytype_aes128, 2471 &checksum_sha1, 2472 &checksum_hmac_sha1_aes128, 2473 F_DERIVED, 2474 evp_encrypt, 2475 16, 2476 AES_PRF 2477 }; 2478 static struct encryption_type enctype_aes256_cts_hmac_sha1 = { 2479 ETYPE_AES256_CTS_HMAC_SHA1_96, 2480 "aes256-cts-hmac-sha1-96", 2481 16, 2482 1, 2483 16, 2484 &keytype_aes256, 2485 &checksum_sha1, 2486 &checksum_hmac_sha1_aes256, 2487 F_DERIVED, 2488 evp_encrypt, 2489 16, 2490 AES_PRF 2491 }; 2492 static struct encryption_type enctype_des3_cbc_none = { 2493 ETYPE_DES3_CBC_NONE, 2494 "des3-cbc-none", 2495 8, 2496 8, 2497 0, 2498 &keytype_des3_derived, 2499 &checksum_none, 2500 NULL, 2501 F_PSEUDO, 2502 evp_encrypt, 2503 0, 2504 NULL 2505 }; 2506 #ifdef WEAK_ENCTYPES 2507 static struct encryption_type enctype_des_cbc_crc = { 2508 ETYPE_DES_CBC_CRC, 2509 "des-cbc-crc", 2510 8, 2511 8, 2512 8, 2513 &keytype_des, 2514 &checksum_crc32, 2515 NULL, 2516 F_DISABLED, 2517 evp_des_encrypt_key_ivec, 2518 0, 2519 NULL 2520 }; 2521 static struct encryption_type enctype_des_cbc_md4 = { 2522 ETYPE_DES_CBC_MD4, 2523 "des-cbc-md4", 2524 8, 2525 8, 2526 8, 2527 &keytype_des, 2528 &checksum_rsa_md4, 2529 &checksum_rsa_md4_des, 2530 F_DISABLED, 2531 evp_des_encrypt_null_ivec, 2532 0, 2533 NULL 2534 }; 2535 static struct encryption_type enctype_des_cbc_md5 = { 2536 ETYPE_DES_CBC_MD5, 2537 "des-cbc-md5", 2538 8, 2539 8, 2540 8, 2541 &keytype_des, 2542 &checksum_rsa_md5, 2543 &checksum_rsa_md5_des, 2544 F_DISABLED, 2545 evp_des_encrypt_null_ivec, 2546 0, 2547 NULL 2548 }; 2549 static struct encryption_type enctype_des_cbc_none = { 2550 ETYPE_DES_CBC_NONE, 2551 "des-cbc-none", 2552 8, 2553 8, 2554 0, 2555 &keytype_des, 2556 &checksum_none, 2557 NULL, 2558 F_PSEUDO|F_DISABLED, 2559 evp_des_encrypt_null_ivec, 2560 0, 2561 NULL 2562 }; 2563 static struct encryption_type enctype_des_cfb64_none = { 2564 ETYPE_DES_CFB64_NONE, 2565 "des-cfb64-none", 2566 1, 2567 1, 2568 0, 2569 &keytype_des_old, 2570 &checksum_none, 2571 NULL, 2572 F_PSEUDO|F_DISABLED, 2573 DES_CFB64_encrypt_null_ivec, 2574 0, 2575 NULL 2576 }; 2577 static struct encryption_type enctype_des_pcbc_none = { 2578 ETYPE_DES_PCBC_NONE, 2579 "des-pcbc-none", 2580 8, 2581 8, 2582 0, 2583 &keytype_des_old, 2584 &checksum_none, 2585 NULL, 2586 F_PSEUDO|F_DISABLED, 2587 DES_PCBC_encrypt_key_ivec, 2588 0, 2589 NULL 2590 }; 2591 #endif /* WEAK_ENCTYPES */ 2592 2593 static struct encryption_type *etypes[] = { 2594 &enctype_aes256_cts_hmac_sha1, 2595 &enctype_aes128_cts_hmac_sha1, 2596 &enctype_des3_cbc_sha1, 2597 &enctype_des3_cbc_none, /* used by the gss-api mech */ 2598 &enctype_arcfour_hmac_md5, 2599 #ifdef DES3_OLD_ENCTYPE 2600 &enctype_des3_cbc_md5, 2601 &enctype_old_des3_cbc_sha1, 2602 #endif 2603 #ifdef WEAK_ENCTYPES 2604 &enctype_des_cbc_crc, 2605 &enctype_des_cbc_md4, 2606 &enctype_des_cbc_md5, 2607 &enctype_des_cbc_none, 2608 &enctype_des_cfb64_none, 2609 &enctype_des_pcbc_none, 2610 #endif 2611 &enctype_null 2612 }; 2613 2614 static unsigned num_etypes = sizeof(etypes) / sizeof(etypes[0]); 2615 2616 2617 static struct encryption_type * 2618 _find_enctype(krb5_enctype type) 632 struct _krb5_encryption_type * 633 _krb5_find_enctype(krb5_enctype type) 2619 634 { 2620 635 int i; 2621 for(i = 0; i < num_etypes; i++)2622 if( etypes[i]->type == type)2623 return etypes[i];636 for(i = 0; i < _krb5_num_etypes; i++) 637 if(_krb5_etypes[i]->type == type) 638 return _krb5_etypes[i]; 2624 639 return NULL; 2625 640 } 2626 641 2627 642 2628 krb5_error_code KRB5_LIB_FUNCTION 643 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 2629 644 krb5_enctype_to_string(krb5_context context, 2630 645 krb5_enctype etype, 2631 646 char **string) 2632 647 { 2633 struct encryption_type *e;2634 e = _ find_enctype(etype);648 struct _krb5_encryption_type *e; 649 e = _krb5_find_enctype(etype); 2635 650 if(e == NULL) { 2636 651 krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP, … … 2648 663 } 2649 664 2650 krb5_error_code KRB5_LIB_FUNCTION 665 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 2651 666 krb5_string_to_enctype(krb5_context context, 2652 667 const char *string, … … 2654 669 { 2655 670 int i; 2656 for(i = 0; i < num_etypes; i++)2657 if(strcasecmp( etypes[i]->name, string) == 0){2658 *etype = etypes[i]->type;671 for(i = 0; i < _krb5_num_etypes; i++) 672 if(strcasecmp(_krb5_etypes[i]->name, string) == 0){ 673 *etype = _krb5_etypes[i]->type; 2659 674 return 0; 2660 675 } … … 2665 680 } 2666 681 2667 krb5_error_code KRB5_LIB_FUNCTION 682 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 2668 683 krb5_enctype_to_keytype(krb5_context context, 2669 684 krb5_enctype etype, 2670 685 krb5_keytype *keytype) 2671 686 { 2672 struct encryption_type *e =_find_enctype(etype);687 struct _krb5_encryption_type *e = _krb5_find_enctype(etype); 2673 688 if(e == NULL) { 2674 689 krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP, … … 2681 696 } 2682 697 2683 krb5_error_code KRB5_LIB_FUNCTION 698 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 2684 699 krb5_enctype_valid(krb5_context context, 2685 700 krb5_enctype etype) 2686 701 { 2687 struct encryption_type *e =_find_enctype(etype);702 struct _krb5_encryption_type *e = _krb5_find_enctype(etype); 2688 703 if(e == NULL) { 2689 704 krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP, … … 2714 729 2715 730 2716 krb5_error_code KRB5_LIB_FUNCTION 731 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 2717 732 krb5_cksumtype_to_enctype(krb5_context context, 2718 733 krb5_cksumtype ctype, … … 2723 738 *etype = ETYPE_NULL; 2724 739 2725 for(i = 0; i < num_etypes; i++) {2726 if( etypes[i]->keyed_checksum &&2727 etypes[i]->keyed_checksum->type == ctype)740 for(i = 0; i < _krb5_num_etypes; i++) { 741 if(_krb5_etypes[i]->keyed_checksum && 742 _krb5_etypes[i]->keyed_checksum->type == ctype) 2728 743 { 2729 *etype = etypes[i]->type;744 *etype = _krb5_etypes[i]->type; 2730 745 return 0; 2731 746 } … … 2739 754 2740 755 2741 krb5_error_code KRB5_LIB_FUNCTION 756 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 2742 757 krb5_cksumtype_valid(krb5_context context, 2743 758 krb5_cksumtype ctype) 2744 759 { 2745 struct checksum_type *c =_find_checksum(ctype);760 struct _krb5_checksum_type *c = _krb5_find_checksum(ctype); 2746 761 if (c == NULL) { 2747 762 krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP, … … 2790 805 unsigned char *p, *q; 2791 806 krb5_error_code ret; 2792 struct key_data *dkey;2793 const struct encryption_type *et = crypto->et;807 struct _krb5_key_data *dkey; 808 const struct _krb5_encryption_type *et = crypto->et; 2794 809 2795 810 checksum_sz = CHECKSUMSIZE(et->keyed_checksum); … … 2856 871 unsigned char *p, *q; 2857 872 krb5_error_code ret; 2858 const struct encryption_type *et = crypto->et;873 const struct _krb5_encryption_type *et = crypto->et; 2859 874 2860 875 checksum_sz = CHECKSUMSIZE(et->checksum); … … 2918 933 void *ivec) 2919 934 { 2920 struct encryption_type *et = crypto->et;935 struct _krb5_encryption_type *et = crypto->et; 2921 936 size_t cksum_sz = CHECKSUMSIZE(et->checksum); 2922 937 size_t sz = len + cksum_sz + et->confoundersize; … … 2959 974 unsigned char *p; 2960 975 krb5_error_code ret; 2961 struct key_data *dkey;2962 struct encryption_type *et = crypto->et;976 struct _krb5_key_data *dkey; 977 struct _krb5_encryption_type *et = crypto->et; 2963 978 unsigned long l; 2964 979 … … 3039 1054 Checksum cksum; 3040 1055 size_t checksum_sz, l; 3041 struct encryption_type *et = crypto->et;1056 struct _krb5_encryption_type *et = crypto->et; 3042 1057 3043 1058 if ((len % et->padsize) != 0) { … … 3045 1060 return KRB5_BAD_MSIZE; 3046 1061 } 3047 3048 1062 checksum_sz = CHECKSUMSIZE(et->checksum); 1063 if (len < checksum_sz + et->confoundersize) { 1064 krb5_set_error_message(context, KRB5_BAD_MSIZE, 1065 N_("Encrypted data shorter then " 1066 "checksum + confunder", "")); 1067 return KRB5_BAD_MSIZE; 1068 } 1069 3049 1070 p = malloc(len); 3050 1071 if(len != 0 && p == NULL) { … … 3098 1119 void *ivec) 3099 1120 { 3100 struct encryption_type *et = crypto->et;1121 struct _krb5_encryption_type *et = crypto->et; 3101 1122 size_t cksum_sz = CHECKSUMSIZE(et->checksum); 3102 1123 size_t sz = len - cksum_sz - et->confoundersize; … … 3106 1127 if ((len % et->padsize) != 0) { 3107 1128 krb5_clear_error_message(context); 1129 return KRB5_BAD_MSIZE; 1130 } 1131 if (len < cksum_sz + et->confoundersize) { 1132 krb5_set_error_message(context, KRB5_BAD_MSIZE, 1133 N_("Encrypted data shorter then " 1134 "checksum + confunder", "")); 3108 1135 return KRB5_BAD_MSIZE; 3109 1136 } … … 3167 1194 */ 3168 1195 3169 krb5_error_code KRB5_LIB_FUNCTION 1196 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 3170 1197 krb5_encrypt_iov_ivec(krb5_context context, 3171 1198 krb5_crypto crypto, … … 3181 1208 unsigned char *p, *q; 3182 1209 krb5_error_code ret; 3183 struct key_data *dkey;3184 const struct encryption_type *et = crypto->et;1210 struct _krb5_key_data *dkey; 1211 const struct _krb5_encryption_type *et = crypto->et; 3185 1212 krb5_crypto_iov *tiv, *piv, *hiv; 3186 1213 … … 3360 1387 */ 3361 1388 3362 krb5_error_code KRB5_LIB_FUNCTION 1389 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 3363 1390 krb5_decrypt_iov_ivec(krb5_context context, 3364 1391 krb5_crypto crypto, … … 3373 1400 unsigned char *p, *q; 3374 1401 krb5_error_code ret; 3375 struct key_data *dkey;3376 struct encryption_type *et = crypto->et;1402 struct _krb5_key_data *dkey; 1403 struct _krb5_encryption_type *et = crypto->et; 3377 1404 krb5_crypto_iov *tiv, *hiv; 3378 1405 … … 3508 1535 */ 3509 1536 3510 krb5_error_code KRB5_LIB_FUNCTION 1537 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 3511 1538 krb5_create_checksum_iov(krb5_context context, 3512 1539 krb5_crypto crypto, … … 3585 1612 * @param data array of buffers to process 3586 1613 * @param num_data length of array 1614 * @param type return checksum type if not NULL 3587 1615 * 3588 1616 * @return Return an error code or 0. … … 3590 1618 */ 3591 1619 3592 krb5_error_code KRB5_LIB_FUNCTION 1620 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 3593 1621 krb5_verify_checksum_iov(krb5_context context, 3594 1622 krb5_crypto crypto, … … 3598 1626 krb5_cksumtype *type) 3599 1627 { 3600 struct encryption_type *et = crypto->et;1628 struct _krb5_encryption_type *et = crypto->et; 3601 1629 Checksum cksum; 3602 1630 krb5_crypto_iov *civ; … … 3652 1680 3653 1681 3654 krb5_error_code KRB5_LIB_FUNCTION 1682 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 3655 1683 krb5_crypto_length(krb5_context context, 3656 1684 krb5_crypto crypto, … … 3696 1724 3697 1725 3698 krb5_error_code KRB5_LIB_FUNCTION 1726 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 3699 1727 krb5_crypto_length_iov(krb5_context context, 3700 1728 krb5_crypto crypto, … … 3716 1744 3717 1745 3718 krb5_error_code KRB5_LIB_FUNCTION 1746 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 3719 1747 krb5_encrypt_ivec(krb5_context context, 3720 1748 krb5_crypto crypto, … … 3735 1763 } 3736 1764 3737 krb5_error_code KRB5_LIB_FUNCTION 1765 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 3738 1766 krb5_encrypt(krb5_context context, 3739 1767 krb5_crypto crypto, … … 3746 1774 } 3747 1775 3748 krb5_error_code KRB5_LIB_FUNCTION 1776 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 3749 1777 krb5_encrypt_EncryptedData(krb5_context context, 3750 1778 krb5_crypto crypto, … … 3764 1792 } 3765 1793 3766 krb5_error_code KRB5_LIB_FUNCTION 1794 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 3767 1795 krb5_decrypt_ivec(krb5_context context, 3768 1796 krb5_crypto crypto, … … 3783 1811 } 3784 1812 3785 krb5_error_code KRB5_LIB_FUNCTION 1813 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 3786 1814 krb5_decrypt(krb5_context context, 3787 1815 krb5_crypto crypto, … … 3795 1823 } 3796 1824 3797 krb5_error_code KRB5_LIB_FUNCTION 1825 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 3798 1826 krb5_decrypt_EncryptedData(krb5_context context, 3799 1827 krb5_crypto crypto, … … 3810 1838 ************************************************************/ 3811 1839 3812 #define ENTROPY_NEEDED 128 3813 3814 static int 3815 seed_something(void) 3816 { 3817 char buf[1024], seedfile[256]; 3818 3819 /* If there is a seed file, load it. But such a file cannot be trusted, 3820 so use 0 for the entropy estimate */ 3821 if (RAND_file_name(seedfile, sizeof(seedfile))) { 3822 int fd; 3823 fd = open(seedfile, O_RDONLY | O_BINARY | O_CLOEXEC); 3824 if (fd >= 0) { 3825 ssize_t ret; 3826 rk_cloexec(fd); 3827 ret = read(fd, buf, sizeof(buf)); 3828 if (ret > 0) 3829 RAND_add(buf, ret, 0.0); 3830 close(fd); 3831 } else 3832 seedfile[0] = '\0'; 3833 } else 3834 seedfile[0] = '\0'; 3835 3836 /* Calling RAND_status() will try to use /dev/urandom if it exists so 3837 we do not have to deal with it. */ 3838 if (RAND_status() != 1) { 3839 krb5_context context; 3840 const char *p; 3841 3842 /* Try using egd */ 3843 if (!krb5_init_context(&context)) { 3844 p = krb5_config_get_string(context, NULL, "libdefaults", 3845 "egd_socket", NULL); 3846 if (p != NULL) 3847 RAND_egd_bytes(p, ENTROPY_NEEDED); 3848 krb5_free_context(context); 3849 } 3850 } 3851 3852 if (RAND_status() == 1) { 3853 /* Update the seed file */ 3854 if (seedfile[0]) 3855 RAND_write_file(seedfile); 3856 3857 return 0; 3858 } else 3859 return -1; 3860 } 3861 3862 void KRB5_LIB_FUNCTION 3863 krb5_generate_random_block(void *buf, size_t len) 3864 { 3865 static int rng_initialized = 0; 3866 3867 HEIMDAL_MUTEX_lock(&crypto_mutex); 3868 if (!rng_initialized) { 3869 if (seed_something()) 3870 krb5_abortx(NULL, "Fatal: could not seed the " 3871 "random number generator"); 3872 3873 rng_initialized = 1; 3874 } 3875 HEIMDAL_MUTEX_unlock(&crypto_mutex); 3876 if (RAND_bytes(buf, len) != 1) 3877 krb5_abortx(NULL, "Failed to generate random block"); 3878 } 3879 3880 static krb5_error_code 3881 derive_key(krb5_context context, 3882 struct encryption_type *et, 3883 struct key_data *key, 3884 const void *constant, 3885 size_t len) 1840 krb5_error_code 1841 _krb5_derive_key(krb5_context context, 1842 struct _krb5_encryption_type *et, 1843 struct _krb5_key_data *key, 1844 const void *constant, 1845 size_t len) 3886 1846 { 3887 1847 unsigned char *k = NULL; 3888 1848 unsigned int nblocks = 0, i; 3889 1849 krb5_error_code ret = 0; 3890 struct key_type *kt = et->keytype;1850 struct _krb5_key_type *kt = et->keytype; 3891 1851 3892 1852 ret = _key_schedule(context, key); … … 3945 1905 switch(kt->type) { 3946 1906 case KEYTYPE_DES3: 3947 DES3_random_to_key(context, key->key, k, nblocks * et->blocksize);1907 _krb5_DES3_random_to_key(context, key->key, k, nblocks * et->blocksize); 3948 1908 break; 3949 1909 case KEYTYPE_AES128: … … 3970 1930 } 3971 1931 3972 static struct key_data *1932 static struct _krb5_key_data * 3973 1933 _new_derived_key(krb5_crypto crypto, unsigned usage) 3974 1934 { 3975 struct key_usage *d = crypto->key_usage;1935 struct _krb5_key_usage *d = crypto->key_usage; 3976 1936 d = realloc(d, (crypto->num_key_usage + 1) * sizeof(*d)); 3977 1937 if(d == NULL) … … 3984 1944 } 3985 1945 3986 krb5_error_code KRB5_LIB_FUNCTION 1946 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 3987 1947 krb5_derive_key(krb5_context context, 3988 1948 const krb5_keyblock *key, … … 3993 1953 { 3994 1954 krb5_error_code ret; 3995 struct encryption_type *et;3996 struct key_data d;1955 struct _krb5_encryption_type *et; 1956 struct _krb5_key_data d; 3997 1957 3998 1958 *derived_key = NULL; 3999 1959 4000 et = _ find_enctype (etype);1960 et = _krb5_find_enctype (etype); 4001 1961 if (et == NULL) { 4002 1962 krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, … … 4011 1971 4012 1972 d.schedule = NULL; 4013 ret = derive_key(context, et, &d, constant, constant_len);1973 ret = _krb5_derive_key(context, et, &d, constant, constant_len); 4014 1974 if (ret == 0) 4015 1975 ret = krb5_copy_keyblock(context, d.key, derived_key); 4016 free_key_data(context, &d, et);1976 _krb5_free_key_data(context, &d, et); 4017 1977 return ret; 4018 1978 } … … 4022 1982 krb5_crypto crypto, 4023 1983 unsigned usage, 4024 struct key_data **key)1984 struct _krb5_key_data **key) 4025 1985 { 4026 1986 int i; 4027 struct key_data *d;1987 struct _krb5_key_data *d; 4028 1988 unsigned char constant[5]; 4029 1989 … … 4040 2000 krb5_copy_keyblock(context, crypto->key.key, &d->key); 4041 2001 _krb5_put_int(constant, usage, 5); 4042 derive_key(context, crypto->et, d, constant, sizeof(constant));2002 _krb5_derive_key(context, crypto->et, d, constant, sizeof(constant)); 4043 2003 *key = d; 4044 2004 return 0; 4045 2005 } 4046 2006 4047 4048 krb5_error_code KRB5_LIB_FUNCTION 2007 /** 2008 * Create a crypto context used for all encryption and signature 2009 * operation. The encryption type to use is taken from the key, but 2010 * can be overridden with the enctype parameter. This can be useful 2011 * for encryptions types which is compatiable (DES for example). 2012 * 2013 * To free the crypto context, use krb5_crypto_destroy(). 2014 * 2015 * @param context Kerberos context 2016 * @param key the key block information with all key data 2017 * @param etype the encryption type 2018 * @param crypto the resulting crypto context 2019 * 2020 * @return Return an error code or 0. 2021 * 2022 * @ingroup krb5_crypto 2023 */ 2024 2025 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 4049 2026 krb5_crypto_init(krb5_context context, 4050 2027 const krb5_keyblock *key, … … 4060 2037 if(etype == ETYPE_NULL) 4061 2038 etype = key->keytype; 4062 (*crypto)->et = _ find_enctype(etype);2039 (*crypto)->et = _krb5_find_enctype(etype); 4063 2040 if((*crypto)->et == NULL || ((*crypto)->et->flags & F_DISABLED)) { 4064 2041 free(*crypto); … … 4090 2067 static void 4091 2068 free_key_schedule(krb5_context context, 4092 struct key_data *key,4093 struct encryption_type *et)2069 struct _krb5_key_data *key, 2070 struct _krb5_encryption_type *et) 4094 2071 { 4095 2072 if (et->keytype->cleanup) … … 4099 2076 } 4100 2077 4101 staticvoid4102 free_key_data(krb5_context context, structkey_data *key,4103 struct encryption_type *et)2078 void 2079 _krb5_free_key_data(krb5_context context, struct _krb5_key_data *key, 2080 struct _krb5_encryption_type *et) 4104 2081 { 4105 2082 krb5_free_keyblock(context, key->key); … … 4111 2088 4112 2089 static void 4113 free_key_usage(krb5_context context, struct key_usage *ku, 4114 struct encryption_type *et) 4115 { 4116 free_key_data(context, &ku->key, et); 4117 } 4118 4119 krb5_error_code KRB5_LIB_FUNCTION 2090 free_key_usage(krb5_context context, struct _krb5_key_usage *ku, 2091 struct _krb5_encryption_type *et) 2092 { 2093 _krb5_free_key_data(context, &ku->key, et); 2094 } 2095 2096 /** 2097 * Free a crypto context created by krb5_crypto_init(). 2098 * 2099 * @param context Kerberos context 2100 * @param crypto crypto context to free 2101 * 2102 * @return Return an error code or 0. 2103 * 2104 * @ingroup krb5_crypto 2105 */ 2106 2107 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 4120 2108 krb5_crypto_destroy(krb5_context context, 4121 2109 krb5_crypto crypto) … … 4126 2114 free_key_usage(context, &crypto->key_usage[i], crypto->et); 4127 2115 free(crypto->key_usage); 4128 free_key_data(context, &crypto->key, crypto->et);2116 _krb5_free_key_data(context, &crypto->key, crypto->et); 4129 2117 free (crypto); 4130 2118 return 0; 4131 2119 } 4132 2120 4133 krb5_error_code KRB5_LIB_FUNCTION 2121 /** 2122 * Return the blocksize used algorithm referenced by the crypto context 2123 * 2124 * @param context Kerberos context 2125 * @param crypto crypto context to query 2126 * @param blocksize the resulting blocksize 2127 * 2128 * @return Return an error code or 0. 2129 * 2130 * @ingroup krb5_crypto 2131 */ 2132 2133 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 4134 2134 krb5_crypto_getblocksize(krb5_context context, 4135 2135 krb5_crypto crypto, … … 4140 2140 } 4141 2141 4142 krb5_error_code KRB5_LIB_FUNCTION 2142 /** 2143 * Return the encryption type used by the crypto context 2144 * 2145 * @param context Kerberos context 2146 * @param crypto crypto context to query 2147 * @param enctype the resulting encryption type 2148 * 2149 * @return Return an error code or 0. 2150 * 2151 * @ingroup krb5_crypto 2152 */ 2153 2154 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 4143 2155 krb5_crypto_getenctype(krb5_context context, 4144 2156 krb5_crypto crypto, … … 4149 2161 } 4150 2162 4151 krb5_error_code KRB5_LIB_FUNCTION 2163 /** 2164 * Return the padding size used by the crypto context 2165 * 2166 * @param context Kerberos context 2167 * @param crypto crypto context to query 2168 * @param padsize the return padding size 2169 * 2170 * @return Return an error code or 0. 2171 * 2172 * @ingroup krb5_crypto 2173 */ 2174 2175 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 4152 2176 krb5_crypto_getpadsize(krb5_context context, 4153 2177 krb5_crypto crypto, … … 4158 2182 } 4159 2183 4160 krb5_error_code KRB5_LIB_FUNCTION 2184 /** 2185 * Return the confounder size used by the crypto context 2186 * 2187 * @param context Kerberos context 2188 * @param crypto crypto context to query 2189 * @param confoundersize the returned confounder size 2190 * 2191 * @return Return an error code or 0. 2192 * 2193 * @ingroup krb5_crypto 2194 */ 2195 2196 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 4161 2197 krb5_crypto_getconfoundersize(krb5_context context, 4162 2198 krb5_crypto crypto, … … 4179 2215 */ 4180 2216 4181 krb5_error_code KRB5_LIB_FUNCTION 2217 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 4182 2218 krb5_enctype_disable(krb5_context context, 4183 2219 krb5_enctype enctype) 4184 2220 { 4185 struct encryption_type *et =_find_enctype(enctype);2221 struct _krb5_encryption_type *et = _krb5_find_enctype(enctype); 4186 2222 if(et == NULL) { 4187 2223 if (context) … … 4206 2242 */ 4207 2243 4208 krb5_error_code KRB5_LIB_FUNCTION 2244 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 4209 2245 krb5_enctype_enable(krb5_context context, 4210 2246 krb5_enctype enctype) 4211 2247 { 4212 struct encryption_type *et =_find_enctype(enctype);2248 struct _krb5_encryption_type *et = _krb5_find_enctype(enctype); 4213 2249 if(et == NULL) { 4214 2250 if (context) … … 4222 2258 } 4223 2259 4224 4225 krb5_error_code KRB5_LIB_FUNCTION 4226 krb5_string_to_key_derived(krb5_context context, 4227 const void *str, 4228 size_t len, 4229 krb5_enctype etype, 4230 krb5_keyblock *key) 4231 { 4232 struct encryption_type *et = _find_enctype(etype); 4233 krb5_error_code ret; 4234 struct key_data kd; 4235 size_t keylen; 4236 u_char *tmp; 4237 4238 if(et == NULL) { 4239 krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP, 4240 N_("encryption type %d not supported", ""), 4241 etype); 4242 return KRB5_PROG_ETYPE_NOSUPP; 4243 } 4244 keylen = et->keytype->bits / 8; 4245 4246 ALLOC(kd.key, 1); 4247 if(kd.key == NULL) { 4248 krb5_set_error_message (context, ENOMEM, 4249 N_("malloc: out of memory", "")); 4250 return ENOMEM; 4251 } 4252 ret = krb5_data_alloc(&kd.key->keyvalue, et->keytype->size); 4253 if(ret) { 4254 free(kd.key); 4255 return ret; 4256 } 4257 kd.key->keytype = etype; 4258 tmp = malloc (keylen); 4259 if(tmp == NULL) { 4260 krb5_free_keyblock(context, kd.key); 4261 krb5_set_error_message (context, ENOMEM, N_("malloc: out of memory", "")); 4262 return ENOMEM; 4263 } 4264 ret = _krb5_n_fold(str, len, tmp, keylen); 4265 if (ret) { 4266 free(tmp); 4267 krb5_set_error_message (context, ENOMEM, N_("malloc: out of memory", "")); 4268 return ret; 4269 } 4270 kd.schedule = NULL; 4271 DES3_random_to_key(context, kd.key, tmp, keylen); 4272 memset(tmp, 0, keylen); 4273 free(tmp); 4274 ret = derive_key(context, 4275 et, 4276 &kd, 4277 "kerberos", /* XXX well known constant */ 4278 strlen("kerberos")); 4279 if (ret) { 4280 free_key_data(context, &kd, et); 4281 return ret; 4282 } 4283 ret = krb5_copy_keyblock_contents(context, kd.key, key); 4284 free_key_data(context, &kd, et); 4285 return ret; 2260 /** 2261 * Enable or disable all weak encryption types 2262 * 2263 * @param context Kerberos 5 context 2264 * @param enable true to enable, false to disable 2265 * 2266 * @return Return an error code or 0. 2267 * 2268 * @ingroup krb5_crypto 2269 */ 2270 2271 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 2272 krb5_allow_weak_crypto(krb5_context context, 2273 krb5_boolean enable) 2274 { 2275 int i; 2276 2277 for(i = 0; i < _krb5_num_etypes; i++) 2278 if(_krb5_etypes[i]->flags & F_WEAK) { 2279 if(enable) 2280 _krb5_etypes[i]->flags &= ~F_DISABLED; 2281 else 2282 _krb5_etypes[i]->flags |= F_DISABLED; 2283 } 2284 return 0; 4286 2285 } 4287 2286 … … 4291 2290 size_t data_len) 4292 2291 { 4293 struct encryption_type *et = crypto->et;2292 struct _krb5_encryption_type *et = crypto->et; 4294 2293 size_t padsize = et->padsize; 4295 2294 size_t checksumsize = CHECKSUMSIZE(et->checksum); … … 4306 2305 size_t data_len) 4307 2306 { 4308 struct encryption_type *et = crypto->et;2307 struct _krb5_encryption_type *et = crypto->et; 4309 2308 size_t padsize = et->padsize; 4310 2309 size_t res; … … 4323 2322 */ 4324 2323 4325 size_t 2324 KRB5_LIB_FUNCTION size_t KRB5_LIB_CALL 4326 2325 krb5_get_wrapped_length (krb5_context context, 4327 2326 krb5_crypto crypto, … … 4342 2341 krb5_crypto crypto) 4343 2342 { 4344 struct encryption_type *et = crypto->et;2343 struct _krb5_encryption_type *et = crypto->et; 4345 2344 size_t res; 4346 2345 … … 4356 2355 krb5_crypto crypto) 4357 2356 { 4358 struct encryption_type *et = crypto->et;2357 struct _krb5_encryption_type *et = crypto->et; 4359 2358 size_t res; 4360 2359 … … 4369 2368 } 4370 2369 4371 size_t 2370 KRB5_LIB_FUNCTION size_t KRB5_LIB_CALL 4372 2371 krb5_crypto_overhead (krb5_context context, krb5_crypto crypto) 4373 2372 { … … 4387 2386 * @param type the enctype resulting key will be of 4388 2387 * @param data input random data to convert to a key 4389 * @param datasize of input random data, at least krb5_enctype_keysize() long4390 * @param datakey, output key, free with krb5_free_keyblock_contents()2388 * @param size size of input random data, at least krb5_enctype_keysize() long 2389 * @param key key, output key, free with krb5_free_keyblock_contents() 4391 2390 * 4392 2391 * @return Return an error code or 0. … … 4395 2394 */ 4396 2395 4397 krb5_error_code KRB5_LIB_FUNCTION 2396 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 4398 2397 krb5_random_to_key(krb5_context context, 4399 2398 krb5_enctype type, … … 4403 2402 { 4404 2403 krb5_error_code ret; 4405 struct encryption_type *et =_find_enctype(type);2404 struct _krb5_encryption_type *et = _krb5_find_enctype(type); 4406 2405 if(et == NULL) { 4407 2406 krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, … … 4430 2429 } 4431 2430 4432 krb5_error_code 4433 _krb5_pk_octetstring2key(krb5_context context, 4434 krb5_enctype type, 4435 const void *dhdata, 4436 size_t dhsize, 4437 const heim_octet_string *c_n, 4438 const heim_octet_string *k_n, 4439 krb5_keyblock *key) 4440 { 4441 struct encryption_type *et = _find_enctype(type); 4442 krb5_error_code ret; 4443 size_t keylen, offset; 4444 void *keydata; 4445 unsigned char counter; 4446 unsigned char shaoutput[SHA_DIGEST_LENGTH]; 4447 4448 if(et == NULL) { 4449 krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, 4450 N_("encryption type %d not supported", ""), 4451 type); 4452 return KRB5_PROG_ETYPE_NOSUPP; 4453 } 4454 keylen = (et->keytype->bits + 7) / 8; 4455 4456 keydata = malloc(keylen); 4457 if (keydata == NULL) { 4458 krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); 4459 return ENOMEM; 4460 } 4461 4462 counter = 0; 4463 offset = 0; 4464 do { 4465 SHA_CTX m; 4466 4467 SHA1_Init(&m); 4468 SHA1_Update(&m, &counter, 1); 4469 SHA1_Update(&m, dhdata, dhsize); 4470 if (c_n) 4471 SHA1_Update(&m, c_n->data, c_n->length); 4472 if (k_n) 4473 SHA1_Update(&m, k_n->data, k_n->length); 4474 SHA1_Final(shaoutput, &m); 4475 4476 memcpy((unsigned char *)keydata + offset, 4477 shaoutput, 4478 min(keylen - offset, sizeof(shaoutput))); 4479 4480 offset += sizeof(shaoutput); 4481 counter++; 4482 } while(offset < keylen); 4483 memset(shaoutput, 0, sizeof(shaoutput)); 4484 4485 ret = krb5_random_to_key(context, type, keydata, keylen, key); 4486 memset(keydata, 0, sizeof(keylen)); 4487 free(keydata); 4488 return ret; 4489 } 4490 4491 static krb5_error_code 4492 encode_uvinfo(krb5_context context, krb5_const_principal p, krb5_data *data) 4493 { 4494 KRB5PrincipalName pn; 4495 krb5_error_code ret; 4496 size_t size; 4497 4498 pn.principalName = p->name; 4499 pn.realm = p->realm; 4500 4501 ASN1_MALLOC_ENCODE(KRB5PrincipalName, data->data, data->length, 4502 &pn, &size, ret); 4503 if (ret) { 4504 krb5_data_zero(data); 4505 krb5_set_error_message(context, ret, 4506 N_("Failed to encode KRB5PrincipalName", "")); 4507 return ret; 4508 } 4509 if (data->length != size) 4510 krb5_abortx(context, "asn1 compiler internal error"); 4511 return 0; 4512 } 4513 4514 static krb5_error_code 4515 encode_otherinfo(krb5_context context, 4516 const AlgorithmIdentifier *ai, 4517 krb5_const_principal client, 4518 krb5_const_principal server, 4519 krb5_enctype enctype, 4520 const krb5_data *as_req, 4521 const krb5_data *pk_as_rep, 4522 const Ticket *ticket, 4523 krb5_data *other) 4524 { 4525 PkinitSP80056AOtherInfo otherinfo; 4526 PkinitSuppPubInfo pubinfo; 4527 krb5_error_code ret; 4528 krb5_data pub; 4529 size_t size; 4530 4531 krb5_data_zero(other); 4532 memset(&otherinfo, 0, sizeof(otherinfo)); 4533 memset(&pubinfo, 0, sizeof(pubinfo)); 4534 4535 pubinfo.enctype = enctype; 4536 pubinfo.as_REQ = *as_req; 4537 pubinfo.pk_as_rep = *pk_as_rep; 4538 pubinfo.ticket = *ticket; 4539 ASN1_MALLOC_ENCODE(PkinitSuppPubInfo, pub.data, pub.length, 4540 &pubinfo, &size, ret); 4541 if (ret) { 4542 krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); 4543 return ret; 4544 } 4545 if (pub.length != size) 4546 krb5_abortx(context, "asn1 compiler internal error"); 4547 4548 ret = encode_uvinfo(context, client, &otherinfo.partyUInfo); 4549 if (ret) { 4550 free(pub.data); 4551 return ret; 4552 } 4553 ret = encode_uvinfo(context, server, &otherinfo.partyVInfo); 4554 if (ret) { 4555 free(otherinfo.partyUInfo.data); 4556 free(pub.data); 4557 return ret; 4558 } 4559 4560 otherinfo.algorithmID = *ai; 4561 otherinfo.suppPubInfo = &pub; 4562 4563 ASN1_MALLOC_ENCODE(PkinitSP80056AOtherInfo, other->data, other->length, 4564 &otherinfo, &size, ret); 4565 free(otherinfo.partyUInfo.data); 4566 free(otherinfo.partyVInfo.data); 4567 free(pub.data); 4568 if (ret) { 4569 krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); 4570 return ret; 4571 } 4572 if (other->length != size) 4573 krb5_abortx(context, "asn1 compiler internal error"); 4574 4575 return 0; 4576 } 4577 4578 krb5_error_code 4579 _krb5_pk_kdf(krb5_context context, 4580 const struct AlgorithmIdentifier *ai, 4581 const void *dhdata, 4582 size_t dhsize, 4583 krb5_const_principal client, 4584 krb5_const_principal server, 4585 krb5_enctype enctype, 4586 const krb5_data *as_req, 4587 const krb5_data *pk_as_rep, 4588 const Ticket *ticket, 4589 krb5_keyblock *key) 4590 { 4591 struct encryption_type *et; 4592 krb5_error_code ret; 4593 krb5_data other; 4594 size_t keylen, offset; 4595 uint32_t counter; 4596 unsigned char *keydata; 4597 unsigned char shaoutput[SHA_DIGEST_LENGTH]; 4598 4599 if (der_heim_oid_cmp(&asn1_oid_id_pkinit_kdf_ah_sha1, &ai->algorithm) != 0) { 4600 krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, 4601 N_("KDF not supported", "")); 4602 return KRB5_PROG_ETYPE_NOSUPP; 4603 } 4604 if (ai->parameters != NULL && 4605 (ai->parameters->length != 2 || 4606 memcmp(ai->parameters->data, "\x05\x00", 2) != 0)) 4607 { 4608 krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, 4609 N_("kdf params not NULL or the NULL-type", 4610 "")); 4611 return KRB5_PROG_ETYPE_NOSUPP; 4612 } 4613 4614 et = _find_enctype(enctype); 4615 if(et == NULL) { 4616 krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, 4617 N_("encryption type %d not supported", ""), 4618 enctype); 4619 return KRB5_PROG_ETYPE_NOSUPP; 4620 } 4621 keylen = (et->keytype->bits + 7) / 8; 4622 4623 keydata = malloc(keylen); 4624 if (keydata == NULL) { 4625 krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); 4626 return ENOMEM; 4627 } 4628 4629 ret = encode_otherinfo(context, ai, client, server, 4630 enctype, as_req, pk_as_rep, ticket, &other); 4631 if (ret) { 4632 free(keydata); 4633 return ret; 4634 } 4635 4636 offset = 0; 4637 counter = 1; 4638 do { 4639 unsigned char cdata[4]; 4640 SHA_CTX m; 4641 4642 SHA1_Init(&m); 4643 _krb5_put_int(cdata, counter, 4); 4644 SHA1_Update(&m, cdata, 4); 4645 SHA1_Update(&m, dhdata, dhsize); 4646 SHA1_Update(&m, other.data, other.length); 4647 SHA1_Final(shaoutput, &m); 4648 4649 memcpy((unsigned char *)keydata + offset, 4650 shaoutput, 4651 min(keylen - offset, sizeof(shaoutput))); 4652 4653 offset += sizeof(shaoutput); 4654 counter++; 4655 } while(offset < keylen); 4656 memset(shaoutput, 0, sizeof(shaoutput)); 4657 4658 free(other.data); 4659 4660 ret = krb5_random_to_key(context, enctype, keydata, keylen, key); 4661 memset(keydata, 0, sizeof(keylen)); 4662 free(keydata); 4663 4664 return ret; 4665 } 4666 4667 4668 krb5_error_code KRB5_LIB_FUNCTION 2431 2432 2433 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 4669 2434 krb5_crypto_prf_length(krb5_context context, 4670 2435 krb5_enctype type, 4671 2436 size_t *length) 4672 2437 { 4673 struct encryption_type *et =_find_enctype(type);2438 struct _krb5_encryption_type *et = _krb5_find_enctype(type); 4674 2439 4675 2440 if(et == NULL || et->prf_length == 0) { … … 4684 2449 } 4685 2450 4686 krb5_error_code KRB5_LIB_FUNCTION 2451 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 4687 2452 krb5_crypto_prf(krb5_context context, 4688 2453 const krb5_crypto crypto, … … 4690 2455 krb5_data *output) 4691 2456 { 4692 struct encryption_type *et = crypto->et;2457 struct _krb5_encryption_type *et = crypto->et; 4693 2458 4694 2459 krb5_data_zero(output); … … 4766 2531 * @param crypto2 second key to combine 4767 2532 * @param pepper1 factor to combine with first key to garante uniqueness 4768 * @param pepper 1factor to combine with second key to garante uniqueness2533 * @param pepper2 factor to combine with second key to garante uniqueness 4769 2534 * @param enctype the encryption type of the resulting key 4770 2535 * @param res allocated key, free with krb5_free_keyblock_contents() … … 4775 2540 */ 4776 2541 4777 krb5_error_code KRB5_LIB_FUNCTION 2542 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 4778 2543 krb5_crypto_fx_cf2(krb5_context context, 4779 2544 const krb5_crypto crypto1, … … 4823 2588 #ifndef HEIMDAL_SMALLER 4824 2589 4825 krb5_error_code KRB5_LIB_FUNCTION 2590 /** 2591 * Deprecated: keytypes doesn't exists, they are really enctypes. 2592 * 2593 * @ingroup krb5_deprecated 2594 */ 2595 2596 KRB5_DEPRECATED 2597 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 4826 2598 krb5_keytype_to_enctypes (krb5_context context, 4827 2599 krb5_keytype keytype, 4828 2600 unsigned *len, 4829 2601 krb5_enctype **val) 4830 KRB5_DEPRECATED4831 2602 { 4832 2603 int i; … … 4834 2605 krb5_enctype *ret; 4835 2606 4836 for (i = num_etypes - 1; i >= 0; --i) {4837 if ( etypes[i]->keytype->type == keytype4838 && !( etypes[i]->flags & F_PSEUDO)4839 && krb5_enctype_valid(context, etypes[i]->type) == 0)2607 for (i = _krb5_num_etypes - 1; i >= 0; --i) { 2608 if (_krb5_etypes[i]->keytype->type == keytype 2609 && !(_krb5_etypes[i]->flags & F_PSEUDO) 2610 && krb5_enctype_valid(context, _krb5_etypes[i]->type) == 0) 4840 2611 ++n; 4841 2612 } … … 4852 2623 } 4853 2624 n = 0; 4854 for (i = num_etypes - 1; i >= 0; --i) {4855 if ( etypes[i]->keytype->type == keytype4856 && !( etypes[i]->flags & F_PSEUDO)4857 && krb5_enctype_valid(context, etypes[i]->type) == 0)4858 ret[n++] = etypes[i]->type;2625 for (i = _krb5_num_etypes - 1; i >= 0; --i) { 2626 if (_krb5_etypes[i]->keytype->type == keytype 2627 && !(_krb5_etypes[i]->flags & F_PSEUDO) 2628 && krb5_enctype_valid(context, _krb5_etypes[i]->type) == 0) 2629 ret[n++] = _krb5_etypes[i]->type; 4859 2630 } 4860 2631 *len = n; … … 4863 2634 } 4864 2635 2636 /** 2637 * Deprecated: keytypes doesn't exists, they are really enctypes. 2638 * 2639 * @ingroup krb5_deprecated 2640 */ 2641 4865 2642 /* if two enctypes have compatible keys */ 4866 krb5_boolean KRB5_LIB_FUNCTION 2643 KRB5_DEPRECATED 2644 KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL 4867 2645 krb5_enctypes_compatible_keys(krb5_context context, 4868 2646 krb5_enctype etype1, 4869 2647 krb5_enctype etype2) 4870 KRB5_DEPRECATED 4871 { 4872 struct encryption_type *e1 = _find_enctype(etype1); 4873 struct encryption_type *e2 = _find_enctype(etype2); 2648 { 2649 struct _krb5_encryption_type *e1 = _krb5_find_enctype(etype1); 2650 struct _krb5_encryption_type *e2 = _krb5_find_enctype(etype2); 4874 2651 return e1 != NULL && e2 != NULL && e1->keytype == e2->keytype; 4875 2652 } -
trunk/server/source4/heimdal/lib/krb5/data.c
r414 r745 42 42 */ 43 43 44 void KRB5_LIB_FUNCTION 44 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 45 45 krb5_data_zero(krb5_data *p) 46 46 { … … 60 60 */ 61 61 62 void KRB5_LIB_FUNCTION 62 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 63 63 krb5_data_free(krb5_data *p) 64 64 { … … 77 77 */ 78 78 79 void KRB5_LIB_FUNCTION 79 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 80 80 krb5_free_data(krb5_context context, 81 81 krb5_data *p) … … 88 88 * Allocate data of and krb5_data. 89 89 * 90 * @param p krb5_data to free.90 * @param p krb5_data to allocate. 91 91 * @param len size to allocate. 92 92 * … … 97 97 */ 98 98 99 krb5_error_code KRB5_LIB_FUNCTION 99 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 100 100 krb5_data_alloc(krb5_data *p, int len) 101 101 { … … 119 119 */ 120 120 121 krb5_error_code KRB5_LIB_FUNCTION 121 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 122 122 krb5_data_realloc(krb5_data *p, int len) 123 123 { … … 144 144 */ 145 145 146 krb5_error_code KRB5_LIB_FUNCTION 146 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 147 147 krb5_data_copy(krb5_data *p, const void *data, size_t len) 148 148 { … … 170 170 */ 171 171 172 krb5_error_code KRB5_LIB_FUNCTION 172 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 173 173 krb5_copy_data(krb5_context context, 174 174 const krb5_data *indata, … … 201 201 */ 202 202 203 int KRB5_LIB_FUNCTION 203 KRB5_LIB_FUNCTION int KRB5_LIB_CALL 204 204 krb5_data_cmp(const krb5_data *data1, const krb5_data *data2) 205 205 { … … 208 208 return memcmp(data1->data, data2->data, data1->length); 209 209 } 210 211 /** 212 * Compare to data not exposing timing information from the checksum data 213 * 214 * @param data1 krb5_data to compare 215 * @param data2 krb5_data to compare 216 * 217 * @return returns zero for same data, otherwise non zero. 218 * 219 * @ingroup krb5 220 */ 221 222 KRB5_LIB_FUNCTION int KRB5_LIB_CALL 223 krb5_data_ct_cmp(const krb5_data *data1, const krb5_data *data2) 224 { 225 if (data1->length != data2->length) 226 return data1->length - data2->length; 227 return ct_memcmp(data1->data, data2->data, data1->length); 228 } -
trunk/server/source4/heimdal/lib/krb5/eai_to_heim_errno.c
r414 r745 32 32 */ 33 33 34 #include <krb5_locl.h>34 #include "krb5_locl.h" 35 35 36 36 /** … … 45 45 */ 46 46 47 krb5_error_code KRB5_LIB_FUNCTION 47 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 48 48 krb5_eai_to_heim_errno(int eai_errno, int system_error) 49 49 { … … 75 75 case EAI_SOCKTYPE: 76 76 return HEIM_EAI_SOCKTYPE; 77 #ifdef EAI_SYSTEM 77 78 case EAI_SYSTEM: 78 79 return system_error; 80 #endif 79 81 default: 80 82 return HEIM_EAI_UNKNOWN; /* XXX */ … … 93 95 */ 94 96 95 krb5_error_code KRB5_LIB_FUNCTION 97 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 96 98 krb5_h_errno_to_heim_errno(int eai_errno) 97 99 { -
trunk/server/source4/heimdal/lib/krb5/error_string.c
r414 r745 45 45 */ 46 46 47 void KRB5_LIB_FUNCTION 47 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 48 48 krb5_clear_error_message(krb5_context context) 49 49 { … … 68 68 */ 69 69 70 void KRB5_LIB_FUNCTION 70 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 71 71 krb5_set_error_message(krb5_context context, krb5_error_code ret, 72 72 const char *fmt, ...) … … 92 92 93 93 94 void KRB5_LIB_FUNCTION 94 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 95 95 krb5_vset_error_message (krb5_context context, krb5_error_code ret, 96 96 const char *fmt, va_list args) 97 97 __attribute__ ((format (printf, 3, 0))) 98 98 { 99 100 krb5_clear_error_message(context); 101 HEIMDAL_MUTEX_lock(context->mutex); 99 int r; 100 101 HEIMDAL_MUTEX_lock(context->mutex); 102 if (context->error_string) { 103 free(context->error_string); 104 context->error_string = NULL; 105 } 102 106 context->error_code = ret; 103 vasprintf(&context->error_string, fmt, args); 107 r = vasprintf(&context->error_string, fmt, args); 108 if (r < 0) 109 context->error_string = NULL; 110 HEIMDAL_MUTEX_unlock(context->mutex); 111 } 112 113 /** 114 * Prepend the context full error string for a specific error code. 115 * The error that is stored should be internationalized. 116 * 117 * @param context Kerberos 5 context 118 * @param ret The error code 119 * @param fmt Error string for the error code 120 * @param ... printf(3) style parameters. 121 * 122 * @ingroup krb5_error 123 */ 124 125 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 126 krb5_prepend_error_message(krb5_context context, krb5_error_code ret, 127 const char *fmt, ...) 128 __attribute__ ((format (printf, 3, 4))) 129 { 130 va_list ap; 131 132 va_start(ap, fmt); 133 krb5_vprepend_error_message(context, ret, fmt, ap); 134 va_end(ap); 135 } 136 137 /** 138 * Prepend the contexts's full error string for a specific error code. 139 * 140 * @param context Kerberos 5 context 141 * @param ret The error code 142 * @param fmt Error string for the error code 143 * @param args printf(3) style parameters. 144 * 145 * @ingroup krb5_error 146 */ 147 148 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 149 krb5_vprepend_error_message(krb5_context context, krb5_error_code ret, 150 const char *fmt, va_list args) 151 __attribute__ ((format (printf, 3, 0))) 152 { 153 char *str = NULL, *str2 = NULL; 154 HEIMDAL_MUTEX_lock(context->mutex); 155 if (context->error_code != ret) { 156 HEIMDAL_MUTEX_unlock(context->mutex); 157 return; 158 } 159 if (vasprintf(&str, fmt, args) < 0 || str == NULL) { 160 HEIMDAL_MUTEX_unlock(context->mutex); 161 return; 162 } 163 if (context->error_string) { 164 int e; 165 166 e = asprintf(&str2, "%s: %s", str, context->error_string); 167 free(context->error_string); 168 if (e < 0 || str2 == NULL) 169 context->error_string = NULL; 170 else 171 context->error_string = str2; 172 free(str); 173 } else 174 context->error_string = str; 104 175 HEIMDAL_MUTEX_unlock(context->mutex); 105 176 } … … 118 189 */ 119 190 120 char * KRB5_LIB_FUNCTION 191 KRB5_LIB_FUNCTION char * KRB5_LIB_CALL 121 192 krb5_get_error_string(krb5_context context) 122 193 { … … 130 201 } 131 202 132 krb5_boolean KRB5_LIB_FUNCTION 203 KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL 133 204 krb5_have_error_string(krb5_context context) 134 205 { … … 153 224 */ 154 225 155 const char * KRB5_LIB_FUNCTION 226 KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL 156 227 krb5_get_error_message(krb5_context context, krb5_error_code code) 157 228 { 158 const char *cstr;159 229 char *str; 160 230 … … 173 243 if (code == 0) 174 244 return strdup("Success"); 175 176 cstr = krb5_get_err_text(context, code); 177 if (cstr) 178 return strdup(cstr); 179 180 if (asprintf(&str, "<unknown error: %d>", (int)code) == -1) 245 { 246 const char *msg; 247 char buf[128]; 248 msg = com_right_r(context->et_list, code, buf, sizeof(buf)); 249 if (msg) 250 return strdup(msg); 251 } 252 253 if (asprintf(&str, "<unknown error: %d>", (int)code) == -1 || str == NULL) 181 254 return NULL; 182 255 … … 195 268 */ 196 269 197 void KRB5_LIB_FUNCTION 270 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 198 271 krb5_free_error_message(krb5_context context, const char *msg) 199 272 { 200 273 free(rk_UNCONST(msg)); 201 274 } 275 276 277 /** 278 * Return the error string for the error code. The caller must not 279 * free the string. 280 * 281 * This function is deprecated since its not threadsafe. 282 * 283 * @param context Kerberos 5 context. 284 * @param code Kerberos error code. 285 * 286 * @return the error message matching code 287 * 288 * @ingroup krb5 289 */ 290 291 KRB5_DEPRECATED 292 KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL 293 krb5_get_err_text(krb5_context context, krb5_error_code code) 294 { 295 const char *p = NULL; 296 if(context != NULL) 297 p = com_right(context->et_list, code); 298 if(p == NULL) 299 p = strerror(code); 300 if (p == NULL) 301 p = "Unknown error"; 302 return p; 303 } -
trunk/server/source4/heimdal/lib/krb5/expand_hostname.c
r414 r745 64 64 */ 65 65 66 krb5_error_code KRB5_LIB_FUNCTION 66 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 67 67 krb5_expand_hostname (krb5_context context, 68 68 const char *orig_hostname, … … 141 141 */ 142 142 143 krb5_error_code KRB5_LIB_FUNCTION 143 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 144 144 krb5_expand_hostname_realms (krb5_context context, 145 145 const char *orig_hostname, -
trunk/server/source4/heimdal/lib/krb5/fcache.c
r414 r745 3 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 4 * All rights reserved. 5 * 6 * Portions Copyright (c) 2009 Apple Inc. All rights reserved. 5 7 * 6 8 * Redistribution and use in source and binary forms, with or without … … 57 59 #define FCC_CURSOR(C) ((struct fcc_cursor*)(C)) 58 60 59 static const char* 61 static const char* KRB5_CALLCONV 60 62 fcc_get_name(krb5_context context, 61 63 krb5_ccache id) … … 96 98 filename); 97 99 break; 98 default: 100 default: { 101 char buf[128]; 102 rk_strerror_r(ret, buf, sizeof(buf)); 99 103 krb5_set_error_message(context, ret, 100 104 N_("error locking cache file %s: %s", 101 "file, error"), 102 filename, strerror(ret));103 break; 105 "file, error"), filename, buf); 106 break; 107 } 104 108 } 105 109 return ret; … … 128 132 ret = 0; 129 133 break; 130 default: 134 default: { 135 char buf[128]; 136 rk_strerror_r(ret, buf, sizeof(buf)); 131 137 krb5_set_error_message(context, ret, 132 N_("Failed to unlock file: %s", ""), 133 strerror(ret));134 break; 138 N_("Failed to unlock file: %s", ""), buf); 139 break; 140 } 135 141 } 136 142 return ret; … … 162 168 163 169 164 static krb5_error_code 170 static krb5_error_code KRB5_CALLCONV 165 171 fcc_lock(krb5_context context, krb5_ccache id, 166 172 int fd, krb5_boolean exclusive) … … 169 175 } 170 176 171 static krb5_error_code 177 static krb5_error_code KRB5_CALLCONV 172 178 fcc_unlock(krb5_context context, int fd) 173 179 { … … 175 181 } 176 182 177 static krb5_error_code 183 static krb5_error_code KRB5_CALLCONV 178 184 fcc_resolve(krb5_context context, krb5_ccache *id, const char *res) 179 185 { … … 221 227 pos -= tmp; 222 228 } 229 #ifdef _MSC_VER 230 _commit (fd); 231 #else 223 232 fsync (fd); 233 #endif 224 234 return 0; 225 235 } … … 295 305 } 296 306 297 static krb5_error_code 307 static krb5_error_code KRB5_CALLCONV 298 308 fcc_gen_new(krb5_context context, krb5_ccache *id) 299 309 { 310 char *file = NULL, *exp_file = NULL; 311 krb5_error_code ret; 300 312 krb5_fcache *f; 301 313 int fd; 302 char *file;303 314 304 315 f = malloc(sizeof(*f)); … … 308 319 return KRB5_CC_NOMEM; 309 320 } 310 asprintf (&file, "%sXXXXXX", KRB5_DEFAULT_CCFILE_ROOT);311 if( file == NULL) {321 ret = asprintf (&file, "%sXXXXXX", KRB5_DEFAULT_CCFILE_ROOT); 322 if(ret < 0 || file == NULL) { 312 323 free(f); 313 324 krb5_set_error_message(context, KRB5_CC_NOMEM, … … 315 326 return KRB5_CC_NOMEM; 316 327 } 317 fd = mkstemp(file); 328 ret = _krb5_expand_path_tokens(context, file, &exp_file); 329 free(file); 330 if (ret) 331 return ret; 332 333 file = exp_file; 334 335 fd = mkstemp(exp_file); 318 336 if(fd < 0) { 319 337 int ret = errno; 320 krb5_set_error_message(context, ret, N_("mkstemp %s failed", ""), file);338 krb5_set_error_message(context, ret, N_("mkstemp %s failed", ""), exp_file); 321 339 free(f); 322 free( file);340 free(exp_file); 323 341 return ret; 324 342 } 325 343 close(fd); 326 f->filename = file;344 f->filename = exp_file; 327 345 f->version = 0; 328 346 (*id)->data.data = f; … … 356 374 } 357 375 358 static krb5_error_code 376 static krb5_error_code KRB5_CALLCONV 359 377 fcc_open(krb5_context context, 360 378 krb5_ccache id, … … 370 388 fd = open(filename, flags, mode); 371 389 if(fd < 0) { 390 char buf[128]; 372 391 ret = errno; 392 rk_strerror_r(ret, buf, sizeof(buf)); 373 393 krb5_set_error_message(context, ret, N_("open(%s): %s", "file, error"), 374 filename, strerror(ret));394 filename, buf); 375 395 return ret; 376 396 } … … 385 405 } 386 406 387 static krb5_error_code 407 static krb5_error_code KRB5_CALLCONV 388 408 fcc_initialize(krb5_context context, 389 409 krb5_ccache id, … … 432 452 if (close(fd) < 0) 433 453 if (ret == 0) { 454 char buf[128]; 434 455 ret = errno; 456 rk_strerror_r(ret, buf, sizeof(buf)); 435 457 krb5_set_error_message (context, ret, N_("close %s: %s", ""), 436 FILENAME(id), strerror(ret));458 FILENAME(id), buf); 437 459 } 438 460 return ret; 439 461 } 440 462 441 static krb5_error_code 463 static krb5_error_code KRB5_CALLCONV 442 464 fcc_close(krb5_context context, 443 465 krb5_ccache id) … … 448 470 } 449 471 450 static krb5_error_code 472 static krb5_error_code KRB5_CALLCONV 451 473 fcc_destroy(krb5_context context, 452 474 krb5_ccache id) … … 456 478 } 457 479 458 static krb5_error_code 480 static krb5_error_code KRB5_CALLCONV 459 481 fcc_store_cred(krb5_context context, 460 482 krb5_ccache id, … … 486 508 if (close(fd) < 0) { 487 509 if (ret == 0) { 510 char buf[128]; 511 rk_strerror_r(ret, buf, sizeof(buf)); 488 512 ret = errno; 489 513 krb5_set_error_message (context, ret, N_("close %s: %s", ""), 490 FILENAME(id), strerror(ret));514 FILENAME(id), buf); 491 515 } 492 516 } … … 498 522 krb5_ccache id, 499 523 krb5_storage **ret_sp, 500 int *ret_fd) 524 int *ret_fd, 525 krb5_deltat *kdc_offset) 501 526 { 502 527 int fd; … … 504 529 krb5_storage *sp; 505 530 krb5_error_code ret; 531 532 if (kdc_offset) 533 *kdc_offset = 0; 506 534 507 535 ret = fcc_open(context, id, &fd, O_RDONLY | O_BINARY | O_CLOEXEC, 0); … … 580 608 } 581 609 switch (dtag) { 582 case FCC_TAG_DELTATIME : 583 ret = krb5_ret_int32 (sp, &context->kdc_sec_offset); 610 case FCC_TAG_DELTATIME : { 611 int32_t offset; 612 613 ret = krb5_ret_int32 (sp, &offset); 614 ret |= krb5_ret_int32 (sp, &context->kdc_usec_offset); 584 615 if(ret) { 585 616 ret = KRB5_CC_FORMAT; … … 590 621 goto out; 591 622 } 592 ret = krb5_ret_int32 (sp, &context->kdc_usec_offset); 593 if(ret) { 594 ret = KRB5_CC_FORMAT; 595 krb5_set_error_message(context, ret, 596 N_("Error reading kdc_usec in " 597 "cache file: %s", ""), 598 FILENAME(id)); 599 goto out; 600 } 623 context->kdc_sec_offset = offset; 624 if (kdc_offset) 625 *kdc_offset = offset; 601 626 break; 627 } 602 628 default : 603 629 for (i = 0; i < data_len; ++i) { … … 642 668 } 643 669 644 static krb5_error_code 670 static krb5_error_code KRB5_CALLCONV 645 671 fcc_get_principal(krb5_context context, 646 672 krb5_ccache id, … … 651 677 krb5_storage *sp; 652 678 653 ret = init_fcc (context, id, &sp, &fd );679 ret = init_fcc (context, id, &sp, &fd, NULL); 654 680 if (ret) 655 681 return ret; … … 663 689 } 664 690 665 static krb5_error_code 691 static krb5_error_code KRB5_CALLCONV 666 692 fcc_end_get (krb5_context context, 667 693 krb5_ccache id, 668 694 krb5_cc_cursor *cursor); 669 695 670 static krb5_error_code 696 static krb5_error_code KRB5_CALLCONV 671 697 fcc_get_first (krb5_context context, 672 698 krb5_ccache id, … … 684 710 685 711 ret = init_fcc (context, id, &FCC_CURSOR(*cursor)->sp, 686 &FCC_CURSOR(*cursor)->fd );712 &FCC_CURSOR(*cursor)->fd, NULL); 687 713 if (ret) { 688 714 free(*cursor); … … 701 727 } 702 728 703 static krb5_error_code 729 static krb5_error_code KRB5_CALLCONV 704 730 fcc_get_next (krb5_context context, 705 731 krb5_ccache id, … … 719 745 } 720 746 721 static krb5_error_code 747 static krb5_error_code KRB5_CALLCONV 722 748 fcc_end_get (krb5_context context, 723 749 krb5_ccache id, … … 731 757 } 732 758 733 static krb5_error_code 759 static krb5_error_code KRB5_CALLCONV 734 760 fcc_remove_cred(krb5_context context, 735 761 krb5_ccache id, … … 739 765 krb5_error_code ret; 740 766 krb5_ccache copy, newfile; 741 char *newname ;767 char *newname = NULL; 742 768 int fd; 743 769 … … 758 784 } 759 785 760 asprintf(&newname, "FILE:%s.XXXXXX", FILENAME(id));761 if ( newname == NULL) {786 ret = asprintf(&newname, "FILE:%s.XXXXXX", FILENAME(id)); 787 if (ret < 0 || newname == NULL) { 762 788 krb5_cc_destroy(context, copy); 763 return ret;789 return ENOMEM; 764 790 } 765 791 … … 788 814 } 789 815 790 ret = r ename(&newname[5], FILENAME(id));816 ret = rk_rename(&newname[5], FILENAME(id)); 791 817 if (ret) 792 818 ret = errno; … … 797 823 } 798 824 799 static krb5_error_code 825 static krb5_error_code KRB5_CALLCONV 800 826 fcc_set_flags(krb5_context context, 801 827 krb5_ccache id, … … 805 831 } 806 832 807 static int 833 static int KRB5_CALLCONV 808 834 fcc_get_version(krb5_context context, 809 835 krb5_ccache id) … … 816 842 }; 817 843 818 static krb5_error_code 844 static krb5_error_code KRB5_CALLCONV 819 845 fcc_get_cache_first(krb5_context context, krb5_cc_cursor *cursor) 820 846 { … … 831 857 } 832 858 833 static krb5_error_code 859 static krb5_error_code KRB5_CALLCONV 834 860 fcc_get_cache_next(krb5_context context, krb5_cc_cursor cursor, krb5_ccache *id) 835 861 { … … 854 880 fn = expandedfn; 855 881 } 882 /* check if file exists, don't return a non existant "next" */ 883 if (strncasecmp(fn, "FILE:", 5) == 0) { 884 struct stat sb; 885 ret = stat(fn + 5, &sb); 886 if (ret) { 887 ret = KRB5_CC_END; 888 goto out; 889 } 890 } 856 891 ret = krb5_cc_resolve(context, fn, id); 892 out: 857 893 if (expandedfn) 858 894 free(expandedfn); … … 861 897 } 862 898 863 static krb5_error_code 899 static krb5_error_code KRB5_CALLCONV 864 900 fcc_end_cache_get(krb5_context context, krb5_cc_cursor cursor) 865 901 { … … 869 905 } 870 906 871 static krb5_error_code 907 static krb5_error_code KRB5_CALLCONV 872 908 fcc_move(krb5_context context, krb5_ccache from, krb5_ccache to) 873 909 { 874 910 krb5_error_code ret = 0; 875 911 876 ret = rename(FILENAME(from), FILENAME(to)); 912 ret = rk_rename(FILENAME(from), FILENAME(to)); 913 877 914 if (ret && errno != EXDEV) { 915 char buf[128]; 878 916 ret = errno; 917 rk_strerror_r(ret, buf, sizeof(buf)); 879 918 krb5_set_error_message(context, ret, 880 919 N_("Rename of file from %s " 881 920 "to %s failed: %s", ""), 882 FILENAME(from), FILENAME(to), 883 strerror(ret)); 921 FILENAME(from), FILENAME(to), buf); 884 922 return ret; 885 923 } else if (ret && errno == EXDEV) { … … 937 975 krb5_storage *sp; 938 976 int fd; 939 ret = init_fcc (context, to, &sp, &fd); 940 if (sp) 941 krb5_storage_free(sp); 942 fcc_unlock(context, fd); 943 close(fd); 944 } 945 946 fcc_destroy(context, from); 947 948 return ret; 949 } 950 951 static krb5_error_code 977 if ((ret = init_fcc (context, to, &sp, &fd, NULL)) == 0) { 978 if (sp) 979 krb5_storage_free(sp); 980 fcc_unlock(context, fd); 981 close(fd); 982 } 983 } 984 985 fcc_close(context, from); 986 987 return ret; 988 } 989 990 static krb5_error_code KRB5_CALLCONV 952 991 fcc_get_default_name(krb5_context context, char **str) 953 992 { … … 957 996 } 958 997 959 static krb5_error_code 998 static krb5_error_code KRB5_CALLCONV 960 999 fcc_lastchange(krb5_context context, krb5_ccache id, krb5_timestamp *mtime) 961 1000 { … … 977 1016 return 0; 978 1017 } 1018 1019 static krb5_error_code KRB5_CALLCONV 1020 fcc_set_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat kdc_offset) 1021 { 1022 return 0; 1023 } 1024 1025 static krb5_error_code KRB5_CALLCONV 1026 fcc_get_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat *kdc_offset) 1027 { 1028 krb5_error_code ret; 1029 krb5_storage *sp = NULL; 1030 int fd; 1031 ret = init_fcc(context, id, &sp, &fd, kdc_offset); 1032 if (sp) 1033 krb5_storage_free(sp); 1034 fcc_unlock(context, fd); 1035 close(fd); 1036 1037 return ret; 1038 } 1039 979 1040 980 1041 /** … … 1008 1069 fcc_get_default_name, 1009 1070 NULL, 1010 fcc_lastchange 1071 fcc_lastchange, 1072 fcc_set_kdc_offset, 1073 fcc_get_kdc_offset 1011 1074 }; -
trunk/server/source4/heimdal/lib/krb5/free.c
r414 r745 34 34 #include "krb5_locl.h" 35 35 36 krb5_error_code KRB5_LIB_FUNCTION 36 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 37 37 krb5_free_kdc_rep(krb5_context context, krb5_kdc_rep *rep) 38 38 { … … 44 44 } 45 45 46 krb5_error_code KRB5_LIB_FUNCTION 46 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 47 47 krb5_xfree (void *ptr) 48 48 { -
trunk/server/source4/heimdal/lib/krb5/free_host_realm.c
r414 r745 45 45 */ 46 46 47 krb5_error_code KRB5_LIB_FUNCTION 47 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 48 48 krb5_free_host_realm(krb5_context context, 49 49 krb5_realm *realmlist) -
trunk/server/source4/heimdal/lib/krb5/generate_seq_number.c
r414 r745 32 32 */ 33 33 34 #include <krb5_locl.h>34 #include "krb5_locl.h" 35 35 36 krb5_error_code KRB5_LIB_FUNCTION 36 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 37 37 krb5_generate_seq_number(krb5_context context, 38 38 const krb5_keyblock *key, 39 39 uint32_t *seqno) 40 40 { 41 krb5_error_code ret; 42 krb5_keyblock *subkey; 43 uint32_t q; 44 u_char *p; 45 int i; 46 47 ret = krb5_generate_subkey (context, key, &subkey); 48 if (ret) 49 return ret; 50 51 q = 0; 52 for (p = (u_char *)subkey->keyvalue.data, i = 0; 53 i < subkey->keyvalue.length; 54 ++i, ++p) 55 q = (q << 8) | *p; 56 q &= 0xffffffff; 57 *seqno = q; 58 krb5_free_keyblock (context, subkey); 41 if (RAND_bytes((void *)seqno, sizeof(*seqno)) <= 0) 42 krb5_abortx(context, "Failed to generate random block"); 43 /* MIT used signed numbers, lets not stomp into that space directly */ 44 *seqno &= 0x3fffffff; 45 if (*seqno == 0) 46 *seqno = 1; 59 47 return 0; 60 48 } -
trunk/server/source4/heimdal/lib/krb5/generate_subkey.c
r414 r745 32 32 */ 33 33 34 #include <krb5_locl.h>34 #include "krb5_locl.h" 35 35 36 krb5_error_code KRB5_LIB_FUNCTION 37 krb5_generate_subkey(krb5_context context, 38 const krb5_keyblock *key, 39 krb5_keyblock **subkey) 40 { 41 return krb5_generate_subkey_extended(context, key, key->keytype, subkey); 42 } 36 /** 37 * Generate subkey, from keyblock 38 * 39 * @param context kerberos context 40 * @param key session key 41 * @param etype encryption type of subkey, if ETYPE_NULL, use key's enctype 42 * @param subkey returned new, free with krb5_free_keyblock(). 43 * 44 * @return 0 on success or a Kerberos 5 error code 45 * 46 * @ingroup krb5_crypto 47 */ 43 48 44 krb5_error_code KRB5_LIB_FUNCTION 49 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 45 50 krb5_generate_subkey_extended(krb5_context context, 46 51 const krb5_keyblock *key, -
trunk/server/source4/heimdal/lib/krb5/get_addrs.c
r414 r745 267 267 */ 268 268 269 krb5_error_code KRB5_LIB_FUNCTION 269 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 270 270 krb5_get_all_client_addrs (krb5_context context, krb5_addresses *res) 271 271 { … … 283 283 */ 284 284 285 krb5_error_code KRB5_LIB_FUNCTION 285 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 286 286 krb5_get_all_server_addrs (krb5_context context, krb5_addresses *res) 287 287 { -
trunk/server/source4/heimdal/lib/krb5/get_cred.c
r414 r745 3 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 4 * All rights reserved. 5 * 6 * Portions Copyright (c) 2009 Apple Inc. All rights reserved. 5 7 * 6 8 * Redistribution and use in source and binary forms, with or without … … 32 34 */ 33 35 34 #include <krb5_locl.h> 36 #include "krb5_locl.h" 37 #include <assert.h> 38 39 static krb5_error_code 40 get_cred_kdc_capath(krb5_context, krb5_kdc_flags, 41 krb5_ccache, krb5_creds *, krb5_principal, 42 Ticket *, krb5_creds **, krb5_creds ***); 35 43 36 44 /* … … 80 88 KDC_REQ_BODY *req_body, 81 89 krb5_authdata *authdata, 82 krb5_keyblock * key)90 krb5_keyblock *subkey) 83 91 { 84 92 if(authdata->len) { … … 102 110 return ENOMEM; 103 111 } 104 ret = krb5_crypto_init(context, key, 0, &crypto);112 ret = krb5_crypto_init(context, subkey, 0, &crypto); 105 113 if (ret) { 106 114 free (buf); … … 112 120 crypto, 113 121 KRB5_KU_TGS_REQ_AUTH_DAT_SUBKEY, 114 /* KRB5_KU_TGS_REQ_AUTH_DAT_SESSION? */115 122 buf, 116 123 len, … … 144 151 TGS_REQ *t) 145 152 { 153 krb5_auth_context ac = NULL; 146 154 krb5_error_code ret = 0; 147 155 … … 239 247 } 240 248 241 { 242 krb5_auth_context ac; 243 krb5_keyblock *key = NULL; 244 245 ret = krb5_auth_con_init(context, &ac); 246 if(ret) 247 goto fail; 248 249 if (krb5_config_get_bool_default(context, NULL, FALSE, 250 "realms", 251 krbtgt->server->realm, 252 "tgs_require_subkey", 253 NULL)) 254 { 255 ret = krb5_generate_subkey (context, &krbtgt->session, &key); 256 if (ret) { 257 krb5_auth_con_free (context, ac); 258 goto fail; 259 } 260 261 ret = krb5_auth_con_setlocalsubkey(context, ac, key); 262 if (ret) { 263 if (key) 264 krb5_free_keyblock (context, key); 265 krb5_auth_con_free (context, ac); 266 goto fail; 267 } 268 } 269 270 ret = set_auth_data (context, &t->req_body, &in_creds->authdata, 271 key ? key : &krbtgt->session); 272 if (ret) { 273 if (key) 274 krb5_free_keyblock (context, key); 275 krb5_auth_con_free (context, ac); 276 goto fail; 277 } 278 279 ret = make_pa_tgs_req(context, 280 ac, 281 &t->req_body, 282 &t->padata->val[0], 283 krbtgt); 284 if(ret) { 285 if (key) 286 krb5_free_keyblock (context, key); 287 krb5_auth_con_free(context, ac); 288 goto fail; 289 } 290 *subkey = key; 291 249 ret = krb5_auth_con_init(context, &ac); 250 if(ret) 251 goto fail; 252 253 ret = krb5_auth_con_generatelocalsubkey(context, ac, &krbtgt->session); 254 if (ret) 255 goto fail; 256 257 ret = set_auth_data (context, &t->req_body, &in_creds->authdata, 258 ac->local_subkey); 259 if (ret) 260 goto fail; 261 262 ret = make_pa_tgs_req(context, 263 ac, 264 &t->req_body, 265 &t->padata->val[0], 266 krbtgt); 267 if(ret) 268 goto fail; 269 270 ret = krb5_auth_con_getlocalsubkey(context, ac, subkey); 271 if (ret) 272 goto fail; 273 274 fail: 275 if (ac) 292 276 krb5_auth_con_free(context, ac); 293 }294 fail:295 277 if (ret) { 296 278 t->req_body.addresses = NULL; … … 338 320 339 321 /* DCE compatible decrypt proc */ 340 static krb5_error_code 322 static krb5_error_code KRB5_CALLCONV 341 323 decrypt_tkt_with_subkey (krb5_context context, 342 324 krb5_keyblock *key, 343 325 krb5_key_usage usage, 344 krb5_const_pointer s ubkey,326 krb5_const_pointer skey, 345 327 krb5_kdc_rep *dec_rep) 346 328 { 347 krb5_error_code ret; 329 const krb5_keyblock *subkey = skey; 330 krb5_error_code ret = 0; 348 331 krb5_data data; 349 332 size_t size; 350 333 krb5_crypto crypto; 351 334 352 ret = krb5_crypto_init(context, key, 0, &crypto); 353 if (ret) 354 return ret; 355 ret = krb5_decrypt_EncryptedData (context, 356 crypto, 357 usage, 358 &dec_rep->kdc_rep.enc_part, 359 &data); 360 krb5_crypto_destroy(context, crypto); 361 if(ret && subkey){ 362 /* DCE compat -- try to decrypt with subkey */ 335 assert(usage == 0); 336 337 /* 338 * start out with trying with subkey if we have one 339 */ 340 if (subkey) { 363 341 ret = krb5_crypto_init(context, subkey, 0, &crypto); 364 342 if (ret) … … 367 345 crypto, 368 346 KRB5_KU_TGS_REP_ENC_PART_SUB_KEY, 347 &dec_rep->kdc_rep.enc_part, 348 &data); 349 /* 350 * If the is Windows 2000 DC, we need to retry with key usage 351 * 8 when doing ARCFOUR. 352 */ 353 if (ret && subkey->keytype == ETYPE_ARCFOUR_HMAC_MD5) { 354 ret = krb5_decrypt_EncryptedData(context, 355 crypto, 356 8, 357 &dec_rep->kdc_rep.enc_part, 358 &data); 359 } 360 krb5_crypto_destroy(context, crypto); 361 } 362 if (subkey == NULL || ret) { 363 ret = krb5_crypto_init(context, key, 0, &crypto); 364 if (ret) 365 return ret; 366 ret = krb5_decrypt_EncryptedData (context, 367 crypto, 368 KRB5_KU_TGS_REP_ENC_PART_SESSION, 369 369 &dec_rep->kdc_rep.enc_part, 370 370 &data); … … 550 550 &krbtgt->session, 551 551 NULL, 552 KRB5_KU_TGS_REP_ENC_PART_SESSION,552 0, 553 553 &krbtgt->addresses, 554 554 nonce, … … 575 575 krb5_data_free(&resp); 576 576 krb5_data_free(&enc); 577 if(subkey){ 578 krb5_free_keyblock_contents(context, subkey); 579 free(subkey); 580 } 577 if(subkey) 578 krb5_free_keyblock(context, subkey); 581 579 return ret; 582 580 … … 628 626 } 629 627 630 krb5_error_code KRB5_LIB_FUNCTION 628 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 631 629 krb5_get_kdc_cred(krb5_context context, 632 630 krb5_ccache id, … … 730 728 } 731 729 732 /*733 get_cred(server)734 creds = cc_get_cred(server)735 if(creds) return creds736 tgt = cc_get_cred(krbtgt/server_realm@any_realm)737 if(tgt)738 return get_cred_tgt(server, tgt)739 if(client_realm == server_realm)740 return NULL741 tgt = get_cred(krbtgt/server_realm@client_realm)742 while(tgt_inst != server_realm)743 tgt = get_cred(krbtgt/server_realm@tgt_inst)744 return get_cred_tgt(server, tgt)745 */746 747 730 static krb5_error_code 748 get_cred_kdc_capath(krb5_context context, 749 krb5_kdc_flags flags, 750 krb5_ccache ccache, 751 krb5_creds *in_creds, 752 krb5_principal impersonate_principal, 753 Ticket *second_ticket, 754 krb5_creds **out_creds, 755 krb5_creds ***ret_tgts) 731 get_cred_kdc_capath_worker(krb5_context context, 732 krb5_kdc_flags flags, 733 krb5_ccache ccache, 734 krb5_creds *in_creds, 735 krb5_const_realm try_realm, 736 krb5_principal impersonate_principal, 737 Ticket *second_ticket, 738 krb5_creds **out_creds, 739 krb5_creds ***ret_tgts) 756 740 { 757 741 krb5_error_code ret; 758 742 krb5_creds *tgt, tmp_creds; 759 krb5_const_realm client_realm, server_realm , try_realm;743 krb5_const_realm client_realm, server_realm; 760 744 int ok_as_delegate = 1; 761 745 … … 768 752 if(ret) 769 753 return ret; 770 771 try_realm = krb5_config_get_string(context, NULL, "capaths",772 client_realm, server_realm, NULL);773 if (try_realm == NULL)774 try_realm = client_realm;775 754 776 755 ret = krb5_make_principal(context, … … 790 769 *ret_tgts, &tgts); 791 770 if(ret == 0){ 792 if (try_realm != client_realm) 771 /* only allow implicit ok_as_delegate if the realm is the clients realm */ 772 if (strcmp(try_realm, client_realm) != 0 || strcmp(try_realm, server_realm) != 0) 793 773 ok_as_delegate = tgts.flags.b.ok_as_delegate; 794 774 … … 881 861 krb5_free_creds(context, tgt); 882 862 return ret; 863 } 864 865 /* 866 get_cred(server) 867 creds = cc_get_cred(server) 868 if(creds) return creds 869 tgt = cc_get_cred(krbtgt/server_realm@any_realm) 870 if(tgt) 871 return get_cred_tgt(server, tgt) 872 if(client_realm == server_realm) 873 return NULL 874 tgt = get_cred(krbtgt/server_realm@client_realm) 875 while(tgt_inst != server_realm) 876 tgt = get_cred(krbtgt/server_realm@tgt_inst) 877 return get_cred_tgt(server, tgt) 878 */ 879 880 static krb5_error_code 881 get_cred_kdc_capath(krb5_context context, 882 krb5_kdc_flags flags, 883 krb5_ccache ccache, 884 krb5_creds *in_creds, 885 krb5_principal impersonate_principal, 886 Ticket *second_ticket, 887 krb5_creds **out_creds, 888 krb5_creds ***ret_tgts) 889 { 890 krb5_error_code ret; 891 krb5_const_realm client_realm, server_realm, try_realm; 892 893 client_realm = krb5_principal_get_realm(context, in_creds->client); 894 server_realm = krb5_principal_get_realm(context, in_creds->server); 895 896 try_realm = client_realm; 897 ret = get_cred_kdc_capath_worker(context, flags, ccache, in_creds, try_realm, 898 impersonate_principal, second_ticket, out_creds, 899 ret_tgts); 900 901 if (ret == KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN) { 902 try_realm = krb5_config_get_string(context, NULL, "capaths", 903 client_realm, server_realm, NULL); 904 905 if (try_realm != NULL && strcmp(try_realm, client_realm)) { 906 ret = get_cred_kdc_capath_worker(context, flags, ccache, in_creds, 907 try_realm, impersonate_principal, 908 second_ticket, out_creds, ret_tgts); 909 } 910 } 911 912 return ret; 883 913 } 884 914 … … 898 928 int loop = 0; 899 929 int ok_as_delegate = 1; 930 931 if (in_creds->server->name.name_string.len < 2 && !flags.b.canonicalize) { 932 krb5_set_error_message(context, KRB5KDC_ERR_PATH_NOT_ACCEPTED, 933 N_("Name too short to do referals, skipping", "")); 934 return KRB5KDC_ERR_PATH_NOT_ACCEPTED; 935 } 900 936 901 937 memset(&tgt, 0, sizeof(tgt)); … … 953 989 954 990 if (ret) { 955 ret = get_cred_kdc_address 956 957 991 ret = get_cred_kdc_address(context, ccache, flags, NULL, 992 &referral, &tgt, impersonate_principal, 993 second_ticket, &ticket); 958 994 if (ret) 959 995 goto out; … … 966 1002 break; 967 1003 968 if (ticket.server->name.name_string.len != 2 && 969 strcmp(ticket.server->name.name_string.val[0], KRB5_TGS_NAME) != 0) 970 { 1004 if (!krb5_principal_is_krbtgt(context, ticket.server)) { 971 1005 krb5_set_error_message(context, KRB5KRB_AP_ERR_NOT_US, 972 1006 N_("Got back an non krbtgt " 973 1007 "ticket referrals", "")); 974 krb5_free_cred_contents(context, &ticket);975 return KRB5KRB_AP_ERR_NOT_US;1008 ret = KRB5KRB_AP_ERR_NOT_US; 1009 goto out; 976 1010 } 977 1011 … … 995 1029 tgt.server->realm, 996 1030 referral_realm); 997 krb5_free_cred_contents(context, &ticket);998 return KRB5_GET_IN_TKT_LOOP;1031 ret = KRB5_GET_IN_TKT_LOOP; 1032 goto out; 999 1033 } 1000 1034 tickets++; … … 1012 1046 1013 1047 ret = add_cred(context, &ticket, ret_tgts); 1014 if (ret) { 1015 krb5_free_cred_contents(context, &ticket); 1048 if (ret) 1016 1049 goto out; 1017 }1018 1050 1019 1051 /* try realm in the referral */ … … 1033 1065 krb5_free_principal(context, referral.server); 1034 1066 krb5_free_cred_contents(context, &tgt); 1067 krb5_free_cred_contents(context, &ticket); 1035 1068 return ret; 1036 1069 } … … 1053 1086 { 1054 1087 krb5_error_code ret; 1088 krb5_deltat offset; 1089 1090 ret = krb5_cc_get_kdc_offset(context, ccache, &offset); 1091 if (ret) { 1092 context->kdc_sec_offset = offset; 1093 context->kdc_usec_offset = 0; 1094 } 1055 1095 1056 1096 ret = get_cred_kdc_referral(context, … … 1075 1115 1076 1116 1077 krb5_error_code KRB5_LIB_FUNCTION 1117 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1078 1118 krb5_get_credentials_with_flags(krb5_context context, 1079 1119 krb5_flags options, … … 1087 1127 krb5_creds *res_creds; 1088 1128 int i; 1129 1130 if (in_creds->session.keytype) { 1131 ret = krb5_enctype_valid(context, in_creds->session.keytype); 1132 if (ret) 1133 return ret; 1134 } 1089 1135 1090 1136 *out_creds = NULL; … … 1155 1201 } 1156 1202 1157 krb5_error_code KRB5_LIB_FUNCTION 1203 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1158 1204 krb5_get_credentials(krb5_context context, 1159 1205 krb5_flags options, … … 1176 1222 1177 1223 1178 krb5_error_code KRB5_LIB_FUNCTION 1224 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1179 1225 krb5_get_creds_opt_alloc(krb5_context context, krb5_get_creds_opt *opt) 1180 1226 { … … 1188 1234 } 1189 1235 1190 void KRB5_LIB_FUNCTION 1236 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 1191 1237 krb5_get_creds_opt_free(krb5_context context, krb5_get_creds_opt opt) 1192 1238 { … … 1201 1247 } 1202 1248 1203 void KRB5_LIB_FUNCTION 1249 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 1204 1250 krb5_get_creds_opt_set_options(krb5_context context, 1205 1251 krb5_get_creds_opt opt, … … 1209 1255 } 1210 1256 1211 void KRB5_LIB_FUNCTION 1257 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 1212 1258 krb5_get_creds_opt_add_options(krb5_context context, 1213 1259 krb5_get_creds_opt opt, … … 1217 1263 } 1218 1264 1219 void KRB5_LIB_FUNCTION 1265 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 1220 1266 krb5_get_creds_opt_set_enctype(krb5_context context, 1221 1267 krb5_get_creds_opt opt, … … 1225 1271 } 1226 1272 1227 krb5_error_code KRB5_LIB_FUNCTION 1273 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1228 1274 krb5_get_creds_opt_set_impersonate(krb5_context context, 1229 1275 krb5_get_creds_opt opt, … … 1235 1281 } 1236 1282 1237 krb5_error_code KRB5_LIB_FUNCTION 1283 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1238 1284 krb5_get_creds_opt_set_ticket(krb5_context context, 1239 1285 krb5_get_creds_opt opt, … … 1268 1314 1269 1315 1270 krb5_error_code KRB5_LIB_FUNCTION 1316 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1271 1317 krb5_get_creds(krb5_context context, 1272 1318 krb5_get_creds_opt opt, … … 1283 1329 int i; 1284 1330 1331 if (opt && opt->enctype) { 1332 ret = krb5_enctype_valid(context, opt->enctype); 1333 if (ret) 1334 return ret; 1335 } 1336 1285 1337 memset(&in_creds, 0, sizeof(in_creds)); 1286 1338 in_creds.server = rk_UNCONST(inprinc); … … 1290 1342 return ret; 1291 1343 1292 options = opt->options; 1344 if (opt) 1345 options = opt->options; 1346 else 1347 options = 0; 1293 1348 flags.i = 0; 1294 1349 … … 1302 1357 } 1303 1358 1304 if (opt ->enctype) {1359 if (opt && opt->enctype) { 1305 1360 in_creds.session.keytype = opt->enctype; 1306 1361 options |= KRB5_TC_MATCH_KEYTYPE; … … 1313 1368 ret = krb5_cc_retrieve_cred(context, 1314 1369 ccache, 1315 opt ->enctype ? KRB5_TC_MATCH_KEYTYPE : 0,1370 options & KRB5_TC_MATCH_KEYTYPE, 1316 1371 &in_creds, res_creds); 1317 1372 /* … … 1326 1381 *out_creds = res_creds; 1327 1382 krb5_free_principal(context, in_creds.client); 1328 return 0;1383 goto out; 1329 1384 } 1330 1385 … … 1333 1388 *out_creds = res_creds; 1334 1389 krb5_free_principal(context, in_creds.client); 1335 return 0;1390 goto out; 1336 1391 } 1337 1392 if(options & KRB5_GC_CACHED) … … 1341 1396 free(res_creds); 1342 1397 krb5_free_principal(context, in_creds.client); 1343 return ret;1398 goto out; 1344 1399 } 1345 1400 free(res_creds); 1346 1401 if(options & KRB5_GC_CACHED) { 1347 1402 krb5_free_principal(context, in_creds.client); 1348 return not_found(context, in_creds.server, KRB5_CC_NOTFOUND); 1403 ret = not_found(context, in_creds.server, KRB5_CC_NOTFOUND); 1404 goto out; 1349 1405 } 1350 1406 if(options & KRB5_GC_USER_USER) { … … 1375 1431 if(ret == 0 && (options & KRB5_GC_NO_STORE) == 0) 1376 1432 krb5_cc_store_cred(context, ccache, *out_creds); 1433 1434 out: 1435 _krb5_debug(context, 5, "krb5_get_creds: ret = %d", ret); 1436 1377 1437 return ret; 1378 1438 } … … 1382 1442 */ 1383 1443 1384 krb5_error_code KRB5_LIB_FUNCTION 1444 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1385 1445 krb5_get_renewed_creds(krb5_context context, 1386 1446 krb5_creds *creds, -
trunk/server/source4/heimdal/lib/krb5/get_default_principal.c
r414 r745 49 49 } 50 50 51 #ifndef _WIN32 52 51 53 /* 52 54 * Will only use operating-system dependant operation to get the … … 94 96 } 95 97 96 krb5_error_code KRB5_LIB_FUNCTION 98 #else /* _WIN32 */ 99 100 #define SECURITY_WIN32 101 #include <security.h> 102 103 krb5_error_code 104 _krb5_get_default_principal_local(krb5_context context, 105 krb5_principal *princ) 106 { 107 /* See if we can get the principal first. We only expect this to 108 work if logged into a domain. */ 109 { 110 char username[1024]; 111 ULONG sz = sizeof(username); 112 113 if (GetUserNameEx(NameUserPrincipal, username, &sz)) { 114 return krb5_parse_name_flags(context, username, 115 KRB5_PRINCIPAL_PARSE_ENTERPRISE, 116 princ); 117 } 118 } 119 120 /* Just get the Windows username. This should pretty much always 121 work. */ 122 { 123 char username[1024]; 124 DWORD dsz = sizeof(username); 125 126 if (GetUserName(username, &dsz)) { 127 return krb5_make_principal(context, princ, NULL, username, NULL); 128 } 129 } 130 131 /* Failing that, we look at the environment */ 132 { 133 const char * username = get_env_user(); 134 135 if (username == NULL) { 136 krb5_set_error_string(context, 137 "unable to figure out current principal"); 138 return ENOTTY; /* Really? */ 139 } 140 141 return krb5_make_principal(context, princ, NULL, username, NULL); 142 } 143 } 144 145 #endif 146 147 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 97 148 krb5_get_default_principal (krb5_context context, 98 149 krb5_principal *princ) -
trunk/server/source4/heimdal/lib/krb5/get_default_realm.c
r414 r745 39 39 */ 40 40 41 krb5_error_code KRB5_LIB_FUNCTION 41 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 42 42 krb5_get_default_realms (krb5_context context, 43 43 krb5_realm **realms) … … 58 58 */ 59 59 60 krb5_error_code KRB5_LIB_FUNCTION 60 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 61 61 krb5_get_default_realm(krb5_context context, 62 62 krb5_realm *realm) -
trunk/server/source4/heimdal/lib/krb5/get_for_creds.c
r414 r745 32 32 */ 33 33 34 #include <krb5_locl.h>34 #include "krb5_locl.h" 35 35 36 36 static krb5_error_code … … 101 101 */ 102 102 103 krb5_error_code KRB5_LIB_FUNCTION 103 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 104 104 krb5_fwd_tgt_creds (krb5_context context, 105 105 krb5_auth_context auth_context, … … 138 138 creds.client = client; 139 139 140 ret = krb5_build_principal(context, 141 &creds.server, 142 strlen(client_realm), 143 client_realm, 144 KRB5_TGS_NAME, 145 client_realm, 146 NULL); 140 ret = krb5_make_principal(context, 141 &creds.server, 142 client_realm, 143 KRB5_TGS_NAME, 144 client_realm, 145 NULL); 147 146 if (ret) 148 147 return ret; … … 185 184 */ 186 185 187 krb5_error_code KRB5_LIB_FUNCTION 186 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 188 187 krb5_get_forwarded_creds (krb5_context context, 189 188 krb5_auth_context auth_context, -
trunk/server/source4/heimdal/lib/krb5/get_host_realm.c
r414 r745 159 159 */ 160 160 161 krb5_error_code KRB5_LIB_FUNCTION 161 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 162 162 _krb5_get_host_realm_int (krb5_context context, 163 163 const char *host, … … 216 216 */ 217 217 218 krb5_error_code KRB5_LIB_FUNCTION 218 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 219 219 krb5_get_host_realm(krb5_context context, 220 220 const char *targethost, -
trunk/server/source4/heimdal/lib/krb5/get_in_tkt.c
r414 r745 362 362 } 363 363 364 krb5_error_code KRB5_LIB_FUNCTION 364 KRB5_DEPRECATED 365 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 365 366 krb5_get_in_cred(krb5_context context, 366 367 krb5_flags options, … … 375 376 krb5_creds *creds, 376 377 krb5_kdc_rep *ret_as_reply) 377 KRB5_DEPRECATED378 378 { 379 379 krb5_error_code ret; … … 499 499 500 500 { 501 unsigned flags = 0;501 unsigned flags = EXTRACT_TICKET_TIMESYNC; 502 502 if (opts.request_anonymous) 503 503 flags |= EXTRACT_TICKET_ALLOW_SERVER_MISMATCH; … … 527 527 } 528 528 529 krb5_error_code KRB5_LIB_FUNCTION 529 KRB5_DEPRECATED 530 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 530 531 krb5_get_in_tkt(krb5_context context, 531 532 krb5_flags options, … … 540 541 krb5_ccache ccache, 541 542 krb5_kdc_rep *ret_as_reply) 542 KRB5_DEPRECATED543 543 { 544 544 krb5_error_code ret; -
trunk/server/source4/heimdal/lib/krb5/get_port.c
r414 r745 32 32 */ 33 33 34 #include <krb5_locl.h>34 #include "krb5_locl.h" 35 35 36 int KRB5_LIB_FUNCTION 36 KRB5_LIB_FUNCTION int KRB5_LIB_CALL 37 37 krb5_getportbyname (krb5_context context, 38 38 const char *service, -
trunk/server/source4/heimdal/lib/krb5/init_creds.c
r414 r745 3 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 4 * All rights reserved. 5 * 6 * Portions Copyright (c) 2009 Apple Inc. All rights reserved. 5 7 * 6 8 * Redistribution and use in source and binary forms, with or without … … 51 53 */ 52 54 53 krb5_error_code KRB5_LIB_FUNCTION 55 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 54 56 krb5_get_init_creds_opt_alloc(krb5_context context, 55 57 krb5_get_init_creds_opt **opt) … … 83 85 */ 84 86 85 void KRB5_LIB_FUNCTION 87 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 86 88 krb5_get_init_creds_opt_free(krb5_context context, 87 89 krb5_get_init_creds_opt *opt) … … 125 127 static krb5_boolean 126 128 get_config_bool (krb5_context context, 129 krb5_boolean def_value, 127 130 const char *realm, 128 131 const char *name) 129 132 { 130 return krb5_config_get_bool (context,131 NULL, 132 "realms",133 realm,134 name, 135 NULL)136 || krb5_config_get_bool (context,137 NULL,138 "libdefaults", 139 name,140 NULL);133 krb5_boolean b; 134 135 b = krb5_config_get_bool_default(context, NULL, def_value, 136 "realms", realm, name, NULL); 137 if (b != def_value) 138 return b; 139 b = krb5_config_get_bool_default (context, NULL, def_value, 140 "libdefaults", name, NULL); 141 if (b != def_value) 142 return b; 143 return def_value; 141 144 } 142 145 … … 148 151 */ 149 152 150 void KRB5_LIB_FUNCTION 153 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 151 154 krb5_get_init_creds_opt_set_default_flags(krb5_context context, 152 155 const char *appname, … … 157 160 time_t t; 158 161 159 b = get_config_bool (context, realm, "forwardable"); 162 b = get_config_bool (context, KRB5_FORWARDABLE_DEFAULT, 163 realm, "forwardable"); 160 164 krb5_appdefault_boolean(context, appname, realm, "forwardable", b, &b); 161 165 krb5_get_init_creds_opt_set_forwardable(opt, b); 162 166 163 b = get_config_bool (context, realm, "proxiable");167 b = get_config_bool (context, FALSE, realm, "proxiable"); 164 168 krb5_appdefault_boolean(context, appname, realm, "proxiable", b, &b); 165 169 krb5_get_init_creds_opt_set_proxiable (opt, b); … … 198 202 199 203 200 void KRB5_LIB_FUNCTION 204 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 201 205 krb5_get_init_creds_opt_set_tkt_life(krb5_get_init_creds_opt *opt, 202 206 krb5_deltat tkt_life) … … 206 210 } 207 211 208 void KRB5_LIB_FUNCTION 212 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 209 213 krb5_get_init_creds_opt_set_renew_life(krb5_get_init_creds_opt *opt, 210 214 krb5_deltat renew_life) … … 214 218 } 215 219 216 void KRB5_LIB_FUNCTION 220 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 217 221 krb5_get_init_creds_opt_set_forwardable(krb5_get_init_creds_opt *opt, 218 222 int forwardable) … … 222 226 } 223 227 224 void KRB5_LIB_FUNCTION 228 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 225 229 krb5_get_init_creds_opt_set_proxiable(krb5_get_init_creds_opt *opt, 226 230 int proxiable) … … 230 234 } 231 235 232 void KRB5_LIB_FUNCTION 236 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 233 237 krb5_get_init_creds_opt_set_etype_list(krb5_get_init_creds_opt *opt, 234 238 krb5_enctype *etype_list, … … 240 244 } 241 245 242 void KRB5_LIB_FUNCTION 246 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 243 247 krb5_get_init_creds_opt_set_address_list(krb5_get_init_creds_opt *opt, 244 248 krb5_addresses *addresses) … … 248 252 } 249 253 250 void KRB5_LIB_FUNCTION 254 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 251 255 krb5_get_init_creds_opt_set_preauth_list(krb5_get_init_creds_opt *opt, 252 256 krb5_preauthtype *preauth_list, … … 258 262 } 259 263 260 void KRB5_LIB_FUNCTION 264 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 261 265 krb5_get_init_creds_opt_set_salt(krb5_get_init_creds_opt *opt, 262 266 krb5_data *salt) … … 266 270 } 267 271 268 void KRB5_LIB_FUNCTION 272 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 269 273 krb5_get_init_creds_opt_set_anonymous(krb5_get_init_creds_opt *opt, 270 274 int anonymous) … … 287 291 } 288 292 289 krb5_error_code KRB5_LIB_FUNCTION 293 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 290 294 krb5_get_init_creds_opt_set_pa_password(krb5_context context, 291 295 krb5_get_init_creds_opt *opt, … … 302 306 } 303 307 304 krb5_error_code KRB5_LIB_FUNCTION 308 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 305 309 krb5_get_init_creds_opt_set_pac_request(krb5_context context, 306 310 krb5_get_init_creds_opt *opt, … … 317 321 } 318 322 319 krb5_error_code KRB5_LIB_FUNCTION 323 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 320 324 krb5_get_init_creds_opt_set_addressless(krb5_context context, 321 325 krb5_get_init_creds_opt *opt, … … 333 337 } 334 338 335 krb5_error_code KRB5_LIB_FUNCTION 339 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 336 340 krb5_get_init_creds_opt_set_canonicalize(krb5_context context, 337 341 krb5_get_init_creds_opt *opt, … … 349 353 } 350 354 351 krb5_error_code KRB5_LIB_FUNCTION 355 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 352 356 krb5_get_init_creds_opt_set_win2k(krb5_context context, 353 357 krb5_get_init_creds_opt *opt, … … 358 362 if (ret) 359 363 return ret; 360 if (req) 364 if (req) { 361 365 opt->opt_private->flags |= KRB5_INIT_CREDS_NO_C_CANON_CHECK; 362 else 366 opt->opt_private->flags |= KRB5_INIT_CREDS_NO_C_NO_EKU_CHECK; 367 } else { 363 368 opt->opt_private->flags &= ~KRB5_INIT_CREDS_NO_C_CANON_CHECK; 364 return 0; 365 } 366 367 368 krb5_error_code KRB5_LIB_FUNCTION 369 opt->opt_private->flags &= ~KRB5_INIT_CREDS_NO_C_NO_EKU_CHECK; 370 } 371 return 0; 372 } 373 374 375 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 369 376 krb5_get_init_creds_opt_set_process_last_req(krb5_context context, 370 377 krb5_get_init_creds_opt *opt, … … 386 393 #ifndef HEIMDAL_SMALLER 387 394 388 void KRB5_LIB_FUNCTION 395 /** 396 * Deprecated: use krb5_get_init_creds_opt_alloc(). 397 * 398 * The reason krb5_get_init_creds_opt_init() is deprecated is that 399 * krb5_get_init_creds_opt is a static structure and for ABI reason it 400 * can't grow, ie can't add new functionality. 401 * 402 * @ingroup krb5_deprecated 403 */ 404 405 KRB5_DEPRECATED 406 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 389 407 krb5_get_init_creds_opt_init(krb5_get_init_creds_opt *opt) 390 KRB5_DEPRECATED391 408 { 392 409 memset (opt, 0, sizeof(*opt)); … … 400 417 */ 401 418 402 krb5_error_code KRB5_LIB_FUNCTION 419 KRB5_DEPRECATED 420 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 403 421 krb5_get_init_creds_opt_get_error(krb5_context context, 404 422 krb5_get_init_creds_opt *opt, 405 423 KRB_ERROR **error) 406 KRB5_DEPRECATED407 424 { 408 425 *error = calloc(1, sizeof(**error)); -
trunk/server/source4/heimdal/lib/krb5/init_creds_pw.c
r414 r745 3 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 4 * All rights reserved. 5 * 6 * Portions Copyright (c) 2009 Apple Inc. All rights reserved. 5 7 * 6 8 * Redistribution and use in source and binary forms, with or without … … 60 62 int ic_flags; 61 63 64 int used_pa_types; 65 #define USED_PKINIT 1 66 #define USED_PKINIT_W2K 2 67 #define USED_ENC_TS_GUESS 4 68 #define USED_ENC_TS_INFO 8 69 62 70 METHOD_DATA md; 63 71 KRB_ERROR error; … … 68 76 void *prompter_data; 69 77 78 struct pa_info_data *ppaid; 79 70 80 } krb5_get_init_creds_ctx; 71 81 72 static krb5_error_code 82 83 struct pa_info_data { 84 krb5_enctype etype; 85 krb5_salt salt; 86 krb5_data *s2kparams; 87 }; 88 89 static void 90 free_paid(krb5_context context, struct pa_info_data *ppaid) 91 { 92 krb5_free_salt(context, ppaid->salt); 93 if (ppaid->s2kparams) 94 krb5_free_data(context, ppaid->s2kparams); 95 } 96 97 static krb5_error_code KRB5_CALLCONV 73 98 default_s2k_func(krb5_context context, krb5_enctype type, 74 99 krb5_const_pointer keyseed, … … 79 104 krb5_data password; 80 105 krb5_data opaque; 106 107 _krb5_debug(context, 5, "krb5_get_init_creds: using default_s2k_func"); 81 108 82 109 password.data = rk_UNCONST(keyseed); … … 110 137 if (ctx->keytab_data) 111 138 free(ctx->keytab_data); 139 if (ctx->password) { 140 memset(ctx->password, 0, strlen(ctx->password)); 141 free(ctx->password); 142 } 112 143 krb5_data_free(&ctx->req_buffer); 113 144 krb5_free_cred_contents(context, &ctx->cred); … … 117 148 free_KRB_ERROR(&ctx->error); 118 149 free_AS_REQ(&ctx->as_req); 150 if (ctx->ppaid) { 151 free_paid(context, ctx->ppaid); 152 free(ctx->ppaid); 153 } 119 154 memset(ctx, 0, sizeof(*ctx)); 120 155 } … … 200 235 time_t now) 201 236 { 202 char *p; 203 204 asprintf (&p, "%s%s", str, ctime(&now)); 205 (*prompter) (context, data, NULL, p, 0, NULL); 206 free (p); 237 char *p = NULL; 238 239 if (asprintf(&p, "%s%s", str, ctime(&now)) < 0 || p == NULL) 240 return; 241 (*prompter)(context, data, NULL, p, 0, NULL); 242 free(p); 207 243 } 208 244 … … 399 435 } 400 436 if (options->flags & KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST) { 437 if (ctx->etypes) 438 free(ctx->etypes); 439 401 440 etypes = malloc((options->etype_list_length + 1) 402 441 * sizeof(krb5_enctype)); … … 525 564 if (ret) 526 565 goto out; 527 asprintf (&p, "%s: %.*s\n", 528 result_code ? "Error" : "Success", 529 (int)result_string.length, 530 result_string.length > 0 ? (char*)result_string.data : ""); 566 if (asprintf(&p, "%s: %.*s\n", 567 result_code ? "Error" : "Success", 568 (int)result_string.length, 569 result_string.length > 0 ? (char*)result_string.data : "") < 0) 570 { 571 ret = ENOMEM; 572 goto out; 573 } 531 574 532 575 /* return the result */ … … 553 596 554 597 555 krb5_error_code KRB5_LIB_FUNCTION 598 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 556 599 krb5_keyblock_key_proc (krb5_context context, 557 600 krb5_keytype type, … … 673 716 memset(a, 0, sizeof(*a)); 674 717 return ret; 675 }676 677 struct pa_info_data {678 krb5_enctype etype;679 krb5_salt salt;680 krb5_data *s2kparams;681 };682 683 static void684 free_paid(krb5_context context, struct pa_info_data *ppaid)685 {686 krb5_free_salt(context, ppaid->salt);687 if (ppaid->s2kparams)688 krb5_free_data(context, ppaid->s2kparams);689 718 } 690 719 … … 980 1009 krb5_keyblock *key; 981 1010 1011 _krb5_debug(context, 5, "krb5_get_init_creds: using ENC-TS with enctype %d", enctypes[i]); 1012 982 1013 ret = (*keyproc)(context, enctypes[i], keyseed, 983 1014 *salt, s2kparams, &key); … … 1013 1044 krb5_salt salt; 1014 1045 1046 _krb5_debug(context, 5, "krb5_get_init_creds: pa-info not found, guessing salt"); 1047 1015 1048 /* make a v5 salted pa-data */ 1016 1049 add_enc_ts_padata(context, md, client, … … 1051 1084 const AS_REQ *a, 1052 1085 const krb5_principal client, 1086 int win2k, 1053 1087 krb5_get_init_creds_ctx *ctx, 1054 1088 METHOD_DATA *md) … … 1058 1092 #ifdef PKINIT 1059 1093 return _krb5_pk_mk_padata(context, 1060 ctx->pk_init_ctx, 1061 &a->req_body, 1062 ctx->pk_nonce, 1063 md); 1094 ctx->pk_init_ctx, 1095 ctx->ic_flags, 1096 win2k, 1097 &a->req_body, 1098 ctx->pk_nonce, 1099 md); 1064 1100 #else 1065 1101 krb5_set_error_message(context, EINVAL, … … 1127 1163 (*out_md)->val = NULL; 1128 1164 1165 if (_krb5_have_debug(context, 5)) { 1166 unsigned i; 1167 _krb5_debug(context, 5, "KDC send %d patypes", in_md->len); 1168 for (i = 0; i < in_md->len; i++) 1169 _krb5_debug(context, 5, "KDC send PA-DATA type: %d", in_md->val[i].padata_type); 1170 } 1171 1129 1172 /* 1130 1173 * Make sure we don't sent both ENC-TS and PK-INIT pa data, no … … 1134 1177 if (ctx->pk_init_ctx) { 1135 1178 1136 ret = pa_data_to_md_pkinit(context, a, creds->client, ctx, *out_md); 1179 _krb5_debug(context, 5, "krb5_get_init_creds: " 1180 "prepareing PKINIT padata (%s)", 1181 (ctx->used_pa_types & USED_PKINIT_W2K) ? "win2k" : "ietf"); 1182 1183 if (ctx->used_pa_types & USED_PKINIT_W2K) { 1184 krb5_set_error_message(context, KRB5_GET_IN_TKT_LOOP, 1185 "Already tried pkinit, looping"); 1186 return KRB5_GET_IN_TKT_LOOP; 1187 } 1188 1189 ret = pa_data_to_md_pkinit(context, a, creds->client, 1190 (ctx->used_pa_types & USED_PKINIT), 1191 ctx, *out_md); 1137 1192 if (ret) 1138 1193 return ret; 1139 1194 1195 if (ctx->used_pa_types & USED_PKINIT) 1196 ctx->used_pa_types |= USED_PKINIT_W2K; 1197 else 1198 ctx->used_pa_types |= USED_PKINIT; 1199 1140 1200 } else if (in_md->len != 0) { 1141 struct pa_info_data paid, *ppaid; 1142 1143 memset(&paid, 0, sizeof(paid)); 1144 1145 paid.etype = ENCTYPE_NULL; 1146 ppaid = process_pa_info(context, creds->client, a, &paid, in_md); 1201 struct pa_info_data *paid, *ppaid; 1202 unsigned flag; 1203 1204 paid = calloc(1, sizeof(*paid)); 1205 1206 paid->etype = ENCTYPE_NULL; 1207 ppaid = process_pa_info(context, creds->client, a, paid, in_md); 1208 1209 if (ppaid) 1210 flag = USED_ENC_TS_INFO; 1211 else 1212 flag = USED_ENC_TS_GUESS; 1213 1214 if (ctx->used_pa_types & flag) { 1215 if (ppaid) 1216 free_paid(context, ppaid); 1217 krb5_set_error_message(context, KRB5_GET_IN_TKT_LOOP, 1218 "Already tried ENC-TS-%s, looping", 1219 flag == USED_ENC_TS_INFO ? "info" : "guess"); 1220 return KRB5_GET_IN_TKT_LOOP; 1221 } 1147 1222 1148 1223 pa_data_to_md_ts_enc(context, a, creds->client, ctx, ppaid, *out_md); 1149 if (ppaid) 1150 free_paid(context, ppaid); 1224 1225 ctx->used_pa_types |= flag; 1226 1227 if (ppaid) { 1228 if (ctx->ppaid) { 1229 free_paid(context, ctx->ppaid); 1230 free(ctx->ppaid); 1231 } 1232 ctx->ppaid = ppaid; 1233 } else 1234 free(paid); 1151 1235 } 1152 1236 … … 1184 1268 rep->padata); 1185 1269 } 1270 if (ppaid == NULL) 1271 ppaid = ctx->ppaid; 1186 1272 if (ppaid == NULL) { 1187 1273 ret = krb5_get_pw_salt (context, creds->client, &paid.salt); … … 1190 1276 paid.etype = etype; 1191 1277 paid.s2kparams = NULL; 1278 ppaid = &paid; 1192 1279 } 1193 1280 … … 1209 1296 if (pa && ctx->pk_init_ctx) { 1210 1297 #ifdef PKINIT 1298 _krb5_debug(context, 5, "krb5_get_init_creds: using PKINIT"); 1299 1211 1300 ret = _krb5_pk_rd_pa_reply(context, 1212 1301 a->req_body.realm, … … 1222 1311 krb5_set_error_message(context, ret, N_("no support for PKINIT compiled in", "")); 1223 1312 #endif 1224 } else if (ctx->keyseed) 1313 } else if (ctx->keyseed) { 1314 _krb5_debug(context, 5, "krb5_get_init_creds: using keyproc"); 1225 1315 ret = pa_data_to_key_plain(context, creds->client, ctx, 1226 p aid.salt, paid.s2kparams, etype, key);1227 else {1316 ppaid->salt, ppaid->s2kparams, etype, key); 1317 } else { 1228 1318 ret = EINVAL; 1229 1319 krb5_set_error_message(context, ret, N_("No usable pa data type", "")); … … 1252 1342 */ 1253 1343 1254 krb5_error_code KRB5_LIB_FUNCTION 1344 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1255 1345 krb5_init_creds_init(krb5_context context, 1256 1346 krb5_principal client, … … 1306 1396 */ 1307 1397 1308 krb5_error_code KRB5_LIB_FUNCTION 1398 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1309 1399 krb5_init_creds_set_service(krb5_context context, 1310 1400 krb5_init_creds_context ctx, … … 1329 1419 return ret; 1330 1420 } 1421 1422 /* 1423 * This is for Windows RODC that are picky about what name type 1424 * the server principal have, and the really strange part is that 1425 * they are picky about the AS-REQ name type and not the TGS-REQ 1426 * later. Oh well. 1427 */ 1428 1429 if (krb5_principal_is_krbtgt(context, principal)) 1430 krb5_principal_set_type(context, principal, KRB5_NT_SRV_INST); 1431 1331 1432 krb5_free_principal(context, ctx->cred.server); 1332 1433 ctx->cred.server = principal; … … 1346 1447 */ 1347 1448 1348 krb5_error_code KRB5_LIB_FUNCTION 1449 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1349 1450 krb5_init_creds_set_password(krb5_context context, 1350 1451 krb5_init_creds_context ctx, 1351 1452 const char *password) 1352 1453 { 1353 if (ctx->password) 1454 if (ctx->password) { 1354 1455 memset(ctx->password, 0, strlen(ctx->password)); 1456 free(ctx->password); 1457 } 1355 1458 if (password) { 1356 1459 ctx->password = strdup(password); … … 1368 1471 } 1369 1472 1370 static krb5_error_code 1473 static krb5_error_code KRB5_CALLCONV 1371 1474 keytab_key_proc(krb5_context context, krb5_enctype enctype, 1372 1475 krb5_const_pointer keyseed, … … 1412 1515 */ 1413 1516 1414 krb5_error_code KRB5_LIB_FUNCTION 1517 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1415 1518 krb5_init_creds_set_keytab(krb5_context context, 1416 1519 krb5_init_creds_context ctx, … … 1418 1521 { 1419 1522 krb5_keytab_key_proc_args *a; 1523 krb5_keytab_entry entry; 1524 krb5_kt_cursor cursor; 1525 krb5_enctype *etypes = NULL; 1526 krb5_error_code ret; 1527 size_t netypes = 0; 1528 int kvno = 0; 1420 1529 1421 1530 a = malloc(sizeof(*a)); 1422 1531 if (a == NULL) { 1423 krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); 1532 krb5_set_error_message(context, ENOMEM, 1533 N_("malloc: out of memory", "")); 1424 1534 return ENOMEM; 1425 1535 } … … 1432 1542 ctx->keyproc = keytab_key_proc; 1433 1543 1544 /* 1545 * We need to the KDC what enctypes we support for this keytab, 1546 * esp if the keytab is really a password based entry, then the 1547 * KDC might have more enctypes in the database then what we have 1548 * in the keytab. 1549 */ 1550 1551 ret = krb5_kt_start_seq_get(context, keytab, &cursor); 1552 if(ret) 1553 goto out; 1554 1555 while(krb5_kt_next_entry(context, keytab, &entry, &cursor) == 0){ 1556 void *ptr; 1557 1558 if (!krb5_principal_compare(context, entry.principal, ctx->cred.client)) 1559 goto next; 1560 1561 /* check if we ahve this kvno already */ 1562 if (entry.vno > kvno) { 1563 /* remove old list of etype */ 1564 if (etypes) 1565 free(etypes); 1566 etypes = NULL; 1567 netypes = 0; 1568 kvno = entry.vno; 1569 } else if (entry.vno != kvno) 1570 goto next; 1571 1572 /* check if enctype is supported */ 1573 if (krb5_enctype_valid(context, entry.keyblock.keytype) != 0) 1574 goto next; 1575 1576 /* add enctype to supported list */ 1577 ptr = realloc(etypes, sizeof(etypes[0]) * (netypes + 2)); 1578 if (ptr == NULL) 1579 goto next; 1580 1581 etypes = ptr; 1582 etypes[netypes] = entry.keyblock.keytype; 1583 etypes[netypes + 1] = ETYPE_NULL; 1584 netypes++; 1585 next: 1586 krb5_kt_free_entry(context, &entry); 1587 } 1588 krb5_kt_end_seq_get(context, keytab, &cursor); 1589 1590 if (etypes) { 1591 if (ctx->etypes) 1592 free(ctx->etypes); 1593 ctx->etypes = etypes; 1594 } 1595 1596 out: 1434 1597 return 0; 1435 1598 } 1436 1599 1437 static krb5_error_code 1600 static krb5_error_code KRB5_CALLCONV 1438 1601 keyblock_key_proc(krb5_context context, krb5_enctype enctype, 1439 1602 krb5_const_pointer keyseed, … … 1444 1607 } 1445 1608 1446 krb5_error_code KRB5_LIB_FUNCTION 1609 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1447 1610 krb5_init_creds_set_keyblock(krb5_context context, 1448 1611 krb5_init_creds_context ctx, … … 1467 1630 * @param out reply to KDC. 1468 1631 * @param hostinfo KDC address info, first round it can be NULL. 1469 * @param flags status of the round, if 1 is set, continue one more round. 1632 * @param flags status of the round, if 1633 * KRB5_INIT_CREDS_STEP_FLAG_CONTINUE is set, continue one more round. 1470 1634 * 1471 1635 * @return 0 for success, or an Kerberos 5 error code, see … … 1475 1639 */ 1476 1640 1477 krb5_error_code KRB5_LIB_FUNCTION 1641 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1478 1642 krb5_init_creds_step(krb5_context context, 1479 1643 krb5_init_creds_context ctx, … … 1508 1672 ctx->pa_counter++; 1509 1673 1674 _krb5_debug(context, 5, "krb5_get_init_creds: loop %d", ctx->pa_counter); 1675 1510 1676 /* Lets process the input packet */ 1511 1677 if (in && in->length) { … … 1514 1680 memset(&rep, 0, sizeof(rep)); 1515 1681 1682 _krb5_debug(context, 5, "krb5_get_init_creds: processing input"); 1683 1516 1684 ret = decode_AS_REP(in->data, in->length, &rep.kdc_rep, &size); 1517 1685 if (ret == 0) { 1518 1686 krb5_keyblock *key = NULL; 1519 unsigned eflags = EXTRACT_TICKET_AS_REQ ;1687 unsigned eflags = EXTRACT_TICKET_AS_REQ | EXTRACT_TICKET_TIMESYNC; 1520 1688 1521 1689 if (ctx->flags.canonicalize) { … … 1532 1700 goto out; 1533 1701 } 1702 1703 _krb5_debug(context, 5, "krb5_get_init_creds: extracting ticket"); 1534 1704 1535 1705 ret = _krb5_extract_ticket(context, … … 1559 1729 /* let's try to parse it as a KRB-ERROR */ 1560 1730 1731 _krb5_debug(context, 5, "krb5_get_init_creds: got an error"); 1732 1561 1733 free_KRB_ERROR(&ctx->error); 1562 1734 … … 1564 1736 if(ret && in->length && ((char*)in->data)[0] == 4) 1565 1737 ret = KRB5KRB_AP_ERR_V4_REPLY; 1566 if (ret) 1738 if (ret) { 1739 _krb5_debug(context, 5, "krb5_get_init_creds: failed to read error"); 1567 1740 goto out; 1741 } 1568 1742 1569 1743 ret = krb5_error_from_rd_error(context, &ctx->error, &ctx->cred); 1744 1745 _krb5_debug(context, 5, "krb5_get_init_creds: KRB-ERROR %d", ret); 1570 1746 1571 1747 /* … … 1600 1776 if (context->kdc_sec_offset) 1601 1777 ret = 0; 1778 1779 _krb5_debug(context, 10, "init_creds: err skew updateing kdc offset to %d", 1780 context->kdc_sec_offset); 1781 1782 ctx->used_pa_types = 0; 1783 1602 1784 } else if (ret == KRB5_KDC_ERR_WRONG_REALM && ctx->flags.canonicalize) { 1603 1785 /* client referal to a new realm */ 1786 1604 1787 if (ctx->error.crealm == NULL) { 1605 1788 krb5_set_error_message(context, ret, … … 1607 1790 goto out; 1608 1791 } 1792 _krb5_debug(context, 5, 1793 "krb5_get_init_creds: got referal to realm %s", 1794 *ctx->error.crealm); 1795 1609 1796 ret = krb5_principal_set_realm(context, 1610 1797 ctx->cred.client, 1611 1798 *ctx->error.crealm); 1799 1800 ctx->used_pa_types = 0; 1612 1801 } 1613 1802 if (ret) … … 1645 1834 out->length = ctx->req_buffer.length; 1646 1835 1647 *flags = 1;1836 *flags = KRB5_INIT_CREDS_STEP_FLAG_CONTINUE; 1648 1837 1649 1838 return 0; … … 1663 1852 */ 1664 1853 1665 krb5_error_code KRB5_LIB_FUNCTION 1854 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1666 1855 krb5_init_creds_get_creds(krb5_context context, 1667 1856 krb5_init_creds_context ctx, … … 1679 1868 */ 1680 1869 1681 krb5_error_code KRB5_LIB_FUNCTION 1870 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1682 1871 krb5_init_creds_get_error(krb5_context context, 1683 1872 krb5_init_creds_context ctx, … … 1702 1891 */ 1703 1892 1704 void KRB5_LIB_FUNCTION 1893 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 1705 1894 krb5_init_creds_free(krb5_context context, 1706 1895 krb5_init_creds_context ctx) … … 1719 1908 */ 1720 1909 1721 krb5_error_code KRB5_LIB_FUNCTION 1910 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1722 1911 krb5_init_creds_get(krb5_context context, krb5_init_creds_context ctx) 1723 1912 { … … 1767 1956 1768 1957 1769 krb5_error_code KRB5_LIB_FUNCTION 1958 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1770 1959 krb5_get_init_creds_password(krb5_context context, 1771 1960 krb5_creds *creds, … … 1831 2020 1832 2021 if (ret == KRB5KDC_ERR_KEY_EXPIRED && chpw == 0) { 1833 char buf [1024];2022 char buf2[1024]; 1834 2023 1835 2024 /* try to avoid recursion */ … … 1844 2033 client, 1845 2034 ctx->password, 1846 buf ,2035 buf2, 1847 2036 sizeof(buf), 1848 2037 prompter, … … 1873 2062 */ 1874 2063 1875 krb5_error_code KRB5_LIB_FUNCTION 2064 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1876 2065 krb5_get_init_creds_keyblock(krb5_context context, 1877 2066 krb5_creds *creds, … … 1920 2109 */ 1921 2110 1922 krb5_error_code KRB5_LIB_FUNCTION 2111 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1923 2112 krb5_get_init_creds_keytab(krb5_context context, 1924 2113 krb5_creds *creds, -
trunk/server/source4/heimdal/lib/krb5/kcm.c
r414 r745 2 2 * Copyright (c) 2005, PADL Software Pty Ltd. 3 3 * All rights reserved. 4 * 5 * Portions Copyright (c) 2009 Apple Inc. All rights reserved. 4 6 * 5 7 * Redistribution and use in source and binary forms, with or without … … 38 40 */ 39 41 40 #ifdef HAVE_SYS_UN_H41 #include <sys/un.h>42 #endif43 44 42 #include "kcm.h" 43 #include <heim-ipc.h> 44 45 static krb5_error_code 46 kcm_set_kdc_offset(krb5_context, krb5_ccache, krb5_deltat); 47 48 static const char *kcm_ipc_name = "ANY:org.h5l.kcm"; 45 49 46 50 typedef struct krb5_kcmcache { 47 51 char *name; 48 struct sockaddr_un path;49 char *door_path;50 52 } krb5_kcmcache; 51 53 … … 61 63 #define KCMCURSOR(C) ((krb5_kcm_cursor)(C)) 62 64 63 #ifdef HAVE_DOOR_CREATE 64 65 static krb5_error_code 66 try_door(krb5_context context, 67 krb5_kcmcache *k, 68 krb5_data *request_data, 69 krb5_data *response_data) 70 { 71 door_arg_t arg; 72 int fd; 73 int ret; 74 75 memset(&arg, 0, sizeof(arg)); 76 77 fd = open(k->door_path, O_RDWR); 78 if (fd < 0) 79 return KRB5_CC_IO; 80 rk_cloexec(fd); 81 82 arg.data_ptr = request_data->data; 83 arg.data_size = request_data->length; 84 arg.desc_ptr = NULL; 85 arg.desc_num = 0; 86 arg.rbuf = NULL; 87 arg.rsize = 0; 88 89 ret = door_call(fd, &arg); 90 close(fd); 91 if (ret != 0) 92 return KRB5_CC_IO; 93 94 ret = krb5_data_copy(response_data, arg.rbuf, arg.rsize); 95 munmap(arg.rbuf, arg.rsize); 96 if (ret) 97 return ret; 98 99 return 0; 100 } 101 #endif /* HAVE_DOOR_CREATE */ 102 103 static krb5_error_code 104 try_unix_socket(krb5_context context, 105 krb5_kcmcache *k, 106 krb5_data *request_data, 107 krb5_data *response_data) 108 { 109 krb5_error_code ret; 110 int fd; 111 112 fd = socket(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0); 113 if (fd < 0) 114 return KRB5_CC_IO; 115 rk_cloexec(fd); 116 117 if (connect(fd, rk_UNCONST(&k->path), sizeof(k->path)) != 0) { 118 close(fd); 119 return KRB5_CC_IO; 120 } 121 122 ret = _krb5_send_and_recv_tcp(fd, context->kdc_timeout, 123 request_data, response_data); 124 close(fd); 125 return ret; 126 } 65 static HEIMDAL_MUTEX kcm_mutex = HEIMDAL_MUTEX_INITIALIZER; 66 static heim_ipc kcm_ipc = NULL; 127 67 128 68 static krb5_error_code 129 69 kcm_send_request(krb5_context context, 130 krb5_kcmcache *k,131 70 krb5_storage *request, 132 71 krb5_data *response_data) 133 72 { 134 krb5_error_code ret ;73 krb5_error_code ret = 0; 135 74 krb5_data request_data; 136 int i; 137 138 response_data->data = NULL; 139 response_data->length = 0; 75 76 HEIMDAL_MUTEX_lock(&kcm_mutex); 77 if (kcm_ipc == NULL) 78 ret = heim_ipc_init_context(kcm_ipc_name, &kcm_ipc); 79 HEIMDAL_MUTEX_unlock(&kcm_mutex); 80 if (ret) 81 return KRB5_CC_NOSUPP; 140 82 141 83 ret = krb5_storage_to_data(request, &request_data); … … 145 87 } 146 88 147 ret = KRB5_CC_NOSUPP; 148 149 for (i = 0; i < context->max_retries; i++) { 150 #ifdef HAVE_DOOR_CREATE 151 ret = try_door(context, k, &request_data, response_data); 152 if (ret == 0 && response_data->length != 0) 153 break; 154 #endif 155 ret = try_unix_socket(context, k, &request_data, response_data); 156 if (ret == 0 && response_data->length != 0) 157 break; 158 } 159 89 ret = heim_ipc_call(kcm_ipc, &request_data, response_data, NULL); 160 90 krb5_data_free(&request_data); 161 91 … … 168 98 } 169 99 170 static krb5_error_code 171 k cm_storage_request(krb5_context context,172 kcm_operationopcode,173 100 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 101 krb5_kcm_storage_request(krb5_context context, 102 uint16_t opcode, 103 krb5_storage **storage_p) 174 104 { 175 105 krb5_storage *sp; … … 210 140 { 211 141 krb5_kcmcache *k; 212 const char *path;213 142 214 143 k = malloc(sizeof(*k)); … … 229 158 } else 230 159 k->name = NULL; 231 232 path = krb5_config_get_string_default(context, NULL, 233 _PATH_KCM_SOCKET, 234 "libdefaults", 235 "kcm_socket", 236 NULL); 237 238 k->path.sun_family = AF_UNIX; 239 strlcpy(k->path.sun_path, path, sizeof(k->path.sun_path)); 240 241 path = krb5_config_get_string_default(context, NULL, 242 _PATH_KCM_DOOR, 243 "libdefaults", 244 "kcm_door", 245 NULL); 246 k->door_path = strdup(path); 247 160 248 161 (*id)->data.data = k; 249 162 (*id)->data.length = sizeof(*k); … … 252 165 } 253 166 254 static krb5_error_code 255 kcm_call(krb5_context context, 256 krb5_kcmcache *k, 257 krb5_storage *request, 258 krb5_storage **response_p, 259 krb5_data *response_data_p) 167 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 168 krb5_kcm_call(krb5_context context, 169 krb5_storage *request, 170 krb5_storage **response_p, 171 krb5_data *response_data_p) 260 172 { 261 173 krb5_data response_data; … … 267 179 *response_p = NULL; 268 180 269 ret = kcm_send_request(context, k, request, &response_data); 270 if (ret) { 271 return ret; 272 } 181 krb5_data_zero(&response_data); 182 183 ret = kcm_send_request(context, request, &response_data); 184 if (ret) 185 return ret; 273 186 274 187 response = krb5_storage_from_data(&response_data); … … 312 225 if (k->name != NULL) 313 226 free(k->name); 314 if (k->door_path)315 free(k->door_path);316 227 memset(k, 0, sizeof(*k)); 317 228 krb5_data_free(&(*id)->data); … … 352 263 k = KCMCACHE(*id); 353 264 354 ret = k cm_storage_request(context, KCM_OP_GEN_NEW, &request);265 ret = krb5_kcm_storage_request(context, KCM_OP_GEN_NEW, &request); 355 266 if (ret) { 356 267 kcm_free(context, id); … … 358 269 } 359 270 360 ret = k cm_call(context, k, request, &response, &response_data);271 ret = krb5_kcm_call(context, request, &response, &response_data); 361 272 if (ret) { 362 273 krb5_storage_free(request); … … 396 307 krb5_storage *request; 397 308 398 ret = k cm_storage_request(context, KCM_OP_INITIALIZE, &request);309 ret = krb5_kcm_storage_request(context, KCM_OP_INITIALIZE, &request); 399 310 if (ret) 400 311 return ret; … … 412 323 } 413 324 414 ret = kcm_call(context, k, request, NULL, NULL); 415 416 krb5_storage_free(request); 325 ret = krb5_kcm_call(context, request, NULL, NULL); 326 327 krb5_storage_free(request); 328 329 if (context->kdc_sec_offset) 330 kcm_set_kdc_offset(context, id, context->kdc_sec_offset); 331 417 332 return ret; 418 333 } … … 441 356 krb5_storage *request; 442 357 443 ret = k cm_storage_request(context, KCM_OP_DESTROY, &request);358 ret = krb5_kcm_storage_request(context, KCM_OP_DESTROY, &request); 444 359 if (ret) 445 360 return ret; … … 451 366 } 452 367 453 ret = k cm_call(context, k, request, NULL, NULL);368 ret = krb5_kcm_call(context, request, NULL, NULL); 454 369 455 370 krb5_storage_free(request); … … 474 389 krb5_storage *request; 475 390 476 ret = k cm_storage_request(context, KCM_OP_STORE, &request);391 ret = krb5_kcm_storage_request(context, KCM_OP_STORE, &request); 477 392 if (ret) 478 393 return ret; … … 490 405 } 491 406 492 ret = kcm_call(context, k, request, NULL, NULL); 493 494 krb5_storage_free(request); 495 return ret; 496 } 497 407 ret = krb5_kcm_call(context, request, NULL, NULL); 408 409 krb5_storage_free(request); 410 return ret; 411 } 412 413 #if 0 498 414 /* 499 415 * Request: … … 518 434 krb5_data response_data; 519 435 520 ret = k cm_storage_request(context, KCM_OP_RETRIEVE, &request);436 ret = krb5_kcm_storage_request(context, KCM_OP_RETRIEVE, &request); 521 437 if (ret) 522 438 return ret; … … 540 456 } 541 457 542 ret = k cm_call(context, k, request, &response, &response_data);458 ret = krb5_kcm_call(context, request, &response, &response_data); 543 459 if (ret) { 544 460 krb5_storage_free(request); … … 556 472 return ret; 557 473 } 474 #endif 558 475 559 476 /* … … 574 491 krb5_data response_data; 575 492 576 ret = k cm_storage_request(context, KCM_OP_GET_PRINCIPAL, &request);493 ret = krb5_kcm_storage_request(context, KCM_OP_GET_PRINCIPAL, &request); 577 494 if (ret) 578 495 return ret; … … 584 501 } 585 502 586 ret = k cm_call(context, k, request, &response, &response_data);503 ret = krb5_kcm_call(context, request, &response, &response_data); 587 504 if (ret) { 588 505 krb5_storage_free(request); … … 620 537 krb5_data response_data; 621 538 622 ret = k cm_storage_request(context, KCM_OP_GET_FIRST, &request);539 ret = krb5_kcm_storage_request(context, KCM_OP_GET_CRED_UUID_LIST, &request); 623 540 if (ret) 624 541 return ret; … … 630 547 } 631 548 632 ret = k cm_call(context, k, request, &response, &response_data);549 ret = krb5_kcm_call(context, request, &response, &response_data); 633 550 krb5_storage_free(request); 634 551 if (ret) … … 711 628 return KRB5_CC_END; 712 629 713 ret = k cm_storage_request(context, KCM_OP_GET_NEXT, &request);630 ret = krb5_kcm_storage_request(context, KCM_OP_GET_CRED_BY_UUID, &request); 714 631 if (ret) 715 632 return ret; … … 731 648 } 732 649 733 ret = k cm_call(context, k, request, &response, &response_data);650 ret = krb5_kcm_call(context, request, &response, &response_data); 734 651 krb5_storage_free(request); 735 652 if (ret == KRB5_CC_END) { … … 760 677 krb5_cc_cursor *cursor) 761 678 { 762 krb5_error_code ret;763 krb5_kcmcache *k = KCMCACHE(id);764 679 krb5_kcm_cursor c = KCMCURSOR(*cursor); 765 krb5_storage *request;766 767 ret = kcm_storage_request(context, KCM_OP_END_GET, &request);768 if (ret)769 return ret;770 771 ret = krb5_store_stringz(request, k->name);772 if (ret) {773 krb5_storage_free(request);774 return ret;775 }776 777 ret = kcm_call(context, k, request, NULL, NULL);778 krb5_storage_free(request);779 if (ret)780 return ret;781 680 782 681 free(c->uuids); … … 785 684 *cursor = NULL; 786 685 787 return ret;686 return 0; 788 687 } 789 688 … … 807 706 krb5_storage *request; 808 707 809 ret = k cm_storage_request(context, KCM_OP_REMOVE_CRED, &request);708 ret = krb5_kcm_storage_request(context, KCM_OP_REMOVE_CRED, &request); 810 709 if (ret) 811 710 return ret; … … 829 728 } 830 729 831 ret = k cm_call(context, k, request, NULL, NULL);730 ret = krb5_kcm_call(context, request, NULL, NULL); 832 731 833 732 krb5_storage_free(request); … … 844 743 krb5_storage *request; 845 744 846 ret = k cm_storage_request(context, KCM_OP_SET_FLAGS, &request);745 ret = krb5_kcm_storage_request(context, KCM_OP_SET_FLAGS, &request); 847 746 if (ret) 848 747 return ret; … … 860 759 } 861 760 862 ret = k cm_call(context, k, request, NULL, NULL);761 ret = krb5_kcm_call(context, request, NULL, NULL); 863 762 864 763 krb5_storage_free(request); … … 873 772 } 874 773 774 /* 775 * Send nothing 776 * get back list of uuids 777 */ 778 779 static krb5_error_code 780 kcm_get_cache_first(krb5_context context, krb5_cc_cursor *cursor) 781 { 782 krb5_error_code ret; 783 krb5_kcm_cursor c; 784 krb5_storage *request, *response; 785 krb5_data response_data; 786 787 *cursor = NULL; 788 789 c = calloc(1, sizeof(*c)); 790 if (c == NULL) { 791 ret = ENOMEM; 792 krb5_set_error_message(context, ret, 793 N_("malloc: out of memory", "")); 794 goto out; 795 } 796 797 ret = krb5_kcm_storage_request(context, KCM_OP_GET_CACHE_UUID_LIST, &request); 798 if (ret) 799 goto out; 800 801 ret = krb5_kcm_call(context, request, &response, &response_data); 802 krb5_storage_free(request); 803 if (ret) 804 goto out; 805 806 while (1) { 807 ssize_t sret; 808 kcmuuid_t uuid; 809 void *ptr; 810 811 sret = krb5_storage_read(response, &uuid, sizeof(uuid)); 812 if (sret == 0) { 813 ret = 0; 814 break; 815 } else if (sret != sizeof(uuid)) { 816 ret = EINVAL; 817 goto out; 818 } 819 820 ptr = realloc(c->uuids, sizeof(c->uuids[0]) * (c->length + 1)); 821 if (ptr == NULL) { 822 ret = ENOMEM; 823 krb5_set_error_message(context, ret, 824 N_("malloc: out of memory", "")); 825 goto out; 826 } 827 c->uuids = ptr; 828 829 memcpy(&c->uuids[c->length], &uuid, sizeof(uuid)); 830 c->length += 1; 831 } 832 833 krb5_storage_free(response); 834 krb5_data_free(&response_data); 835 836 out: 837 if (ret && c) { 838 free(c->uuids); 839 free(c); 840 } else 841 *cursor = c; 842 843 return ret; 844 } 845 846 /* 847 * Send uuid 848 * Recv cache name 849 */ 850 851 static krb5_error_code 852 kcm_get_cache_next(krb5_context context, krb5_cc_cursor cursor, const krb5_cc_ops *ops, krb5_ccache *id) 853 { 854 krb5_error_code ret; 855 krb5_kcm_cursor c = KCMCURSOR(cursor); 856 krb5_storage *request, *response; 857 krb5_data response_data; 858 ssize_t sret; 859 char *name; 860 861 *id = NULL; 862 863 again: 864 865 if (c->offset >= c->length) 866 return KRB5_CC_END; 867 868 ret = krb5_kcm_storage_request(context, KCM_OP_GET_CACHE_BY_UUID, &request); 869 if (ret) 870 return ret; 871 872 sret = krb5_storage_write(request, 873 &c->uuids[c->offset], 874 sizeof(c->uuids[c->offset])); 875 c->offset++; 876 if (sret != sizeof(c->uuids[c->offset])) { 877 krb5_storage_free(request); 878 krb5_clear_error_message(context); 879 return ENOMEM; 880 } 881 882 ret = krb5_kcm_call(context, request, &response, &response_data); 883 krb5_storage_free(request); 884 if (ret == KRB5_CC_END) 885 goto again; 886 887 ret = krb5_ret_stringz(response, &name); 888 krb5_storage_free(response); 889 krb5_data_free(&response_data); 890 891 if (ret == 0) { 892 ret = _krb5_cc_allocate(context, ops, id); 893 if (ret == 0) 894 ret = kcm_alloc(context, name, id); 895 krb5_xfree(name); 896 } 897 898 return ret; 899 } 900 901 static krb5_error_code 902 kcm_get_cache_next_kcm(krb5_context context, krb5_cc_cursor cursor, krb5_ccache *id) 903 { 904 #ifndef KCM_IS_API_CACHE 905 return kcm_get_cache_next(context, cursor, &krb5_kcm_ops, id); 906 #else 907 return KRB5_CC_END; 908 #endif 909 } 910 911 static krb5_error_code 912 kcm_get_cache_next_api(krb5_context context, krb5_cc_cursor cursor, krb5_ccache *id) 913 { 914 return kcm_get_cache_next(context, cursor, &krb5_akcm_ops, id); 915 } 916 917 918 static krb5_error_code 919 kcm_end_cache_get(krb5_context context, krb5_cc_cursor cursor) 920 { 921 krb5_kcm_cursor c = KCMCURSOR(cursor); 922 923 free(c->uuids); 924 free(c); 925 return 0; 926 } 927 928 875 929 static krb5_error_code 876 930 kcm_move(krb5_context context, krb5_ccache from, krb5_ccache to) … … 881 935 krb5_storage *request; 882 936 883 ret = k cm_storage_request(context, KCM_OP_MOVE_CACHE, &request);937 ret = krb5_kcm_storage_request(context, KCM_OP_MOVE_CACHE, &request); 884 938 if (ret) 885 939 return ret; … … 896 950 return ret; 897 951 } 898 ret = kcm_call(context, oldk, request, NULL, NULL); 899 900 krb5_storage_free(request); 901 return ret; 902 } 903 904 static krb5_error_code 905 kcm_default_name(krb5_context context, char **str) 906 { 907 return _krb5_expand_default_cc_name(context, 908 KRB5_DEFAULT_CCNAME_KCM, 909 str); 952 ret = krb5_kcm_call(context, request, NULL, NULL); 953 954 krb5_storage_free(request); 955 return ret; 956 } 957 958 static krb5_error_code 959 kcm_get_default_name(krb5_context context, const krb5_cc_ops *ops, 960 const char *defstr, char **str) 961 { 962 krb5_error_code ret; 963 krb5_storage *request, *response; 964 krb5_data response_data; 965 char *name; 966 967 *str = NULL; 968 969 ret = krb5_kcm_storage_request(context, KCM_OP_GET_DEFAULT_CACHE, &request); 970 if (ret) 971 return ret; 972 973 ret = krb5_kcm_call(context, request, &response, &response_data); 974 krb5_storage_free(request); 975 if (ret) 976 return _krb5_expand_default_cc_name(context, defstr, str); 977 978 ret = krb5_ret_stringz(response, &name); 979 krb5_storage_free(response); 980 krb5_data_free(&response_data); 981 if (ret) 982 return ret; 983 984 asprintf(str, "%s:%s", ops->prefix, name); 985 free(name); 986 if (str == NULL) 987 return ENOMEM; 988 989 return 0; 990 } 991 992 static krb5_error_code 993 kcm_get_default_name_api(krb5_context context, char **str) 994 { 995 return kcm_get_default_name(context, &krb5_akcm_ops, 996 KRB5_DEFAULT_CCNAME_KCM_API, str); 997 } 998 999 static krb5_error_code 1000 kcm_get_default_name_kcm(krb5_context context, char **str) 1001 { 1002 return kcm_get_default_name(context, &krb5_kcm_ops, 1003 KRB5_DEFAULT_CCNAME_KCM_KCM, str); 1004 } 1005 1006 static krb5_error_code 1007 kcm_set_default(krb5_context context, krb5_ccache id) 1008 { 1009 krb5_error_code ret; 1010 krb5_storage *request; 1011 krb5_kcmcache *k = KCMCACHE(id); 1012 1013 ret = krb5_kcm_storage_request(context, KCM_OP_SET_DEFAULT_CACHE, &request); 1014 if (ret) 1015 return ret; 1016 1017 ret = krb5_store_stringz(request, k->name); 1018 if (ret) { 1019 krb5_storage_free(request); 1020 return ret; 1021 } 1022 1023 ret = krb5_kcm_call(context, request, NULL, NULL); 1024 krb5_storage_free(request); 1025 1026 return ret; 910 1027 } 911 1028 … … 914 1031 { 915 1032 *mtime = time(NULL); 1033 return 0; 1034 } 1035 1036 static krb5_error_code 1037 kcm_set_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat kdc_offset) 1038 { 1039 krb5_kcmcache *k = KCMCACHE(id); 1040 krb5_error_code ret; 1041 krb5_storage *request; 1042 1043 ret = krb5_kcm_storage_request(context, KCM_OP_SET_KDC_OFFSET, &request); 1044 if (ret) 1045 return ret; 1046 1047 ret = krb5_store_stringz(request, k->name); 1048 if (ret) { 1049 krb5_storage_free(request); 1050 return ret; 1051 } 1052 ret = krb5_store_int32(request, kdc_offset); 1053 if (ret) { 1054 krb5_storage_free(request); 1055 return ret; 1056 } 1057 1058 ret = krb5_kcm_call(context, request, NULL, NULL); 1059 krb5_storage_free(request); 1060 1061 return ret; 1062 } 1063 1064 static krb5_error_code 1065 kcm_get_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat *kdc_offset) 1066 { 1067 krb5_kcmcache *k = KCMCACHE(id); 1068 krb5_error_code ret; 1069 krb5_storage *request, *response; 1070 krb5_data response_data; 1071 int32_t offset; 1072 1073 ret = krb5_kcm_storage_request(context, KCM_OP_GET_KDC_OFFSET, &request); 1074 if (ret) 1075 return ret; 1076 1077 ret = krb5_store_stringz(request, k->name); 1078 if (ret) { 1079 krb5_storage_free(request); 1080 return ret; 1081 } 1082 1083 ret = krb5_kcm_call(context, request, &response, &response_data); 1084 krb5_storage_free(request); 1085 if (ret) 1086 return ret; 1087 1088 ret = krb5_ret_int32(response, &offset); 1089 krb5_storage_free(response); 1090 krb5_data_free(&response_data); 1091 if (ret) 1092 return ret; 1093 1094 *kdc_offset = offset; 1095 916 1096 return 0; 917 1097 } … … 933 1113 kcm_close, 934 1114 kcm_store_cred, 935 kcm_retrieve,1115 NULL /* kcm_retrieve */, 936 1116 kcm_get_principal, 937 1117 kcm_get_first, … … 941 1121 kcm_set_flags, 942 1122 kcm_get_version, 943 NULL,944 NULL,945 NULL,1123 kcm_get_cache_first, 1124 kcm_get_cache_next_kcm, 1125 kcm_end_cache_get, 946 1126 kcm_move, 947 kcm_default_name, 948 NULL, 1127 kcm_get_default_name_kcm, 1128 kcm_set_default, 1129 kcm_lastchange, 1130 kcm_set_kdc_offset, 1131 kcm_get_kdc_offset 1132 }; 1133 1134 KRB5_LIB_VARIABLE const krb5_cc_ops krb5_akcm_ops = { 1135 KRB5_CC_OPS_VERSION, 1136 "API", 1137 kcm_get_name, 1138 kcm_resolve, 1139 kcm_gen_new, 1140 kcm_initialize, 1141 kcm_destroy, 1142 kcm_close, 1143 kcm_store_cred, 1144 NULL /* kcm_retrieve */, 1145 kcm_get_principal, 1146 kcm_get_first, 1147 kcm_get_next, 1148 kcm_end_get, 1149 kcm_remove_cred, 1150 kcm_set_flags, 1151 kcm_get_version, 1152 kcm_get_cache_first, 1153 kcm_get_cache_next_api, 1154 kcm_end_cache_get, 1155 kcm_move, 1156 kcm_get_default_name_api, 1157 kcm_set_default, 949 1158 kcm_lastchange 950 1159 }; 1160 951 1161 952 1162 krb5_boolean … … 980 1190 { 981 1191 krb5_error_code ret; 982 krb5_kcmcache *k = KCMCACHE(id);983 1192 krb5_storage *request; 984 1193 985 ret = kcm_storage_request(context, KCM_OP_NOOP, &request); 986 if (ret) 987 return ret; 988 989 ret = kcm_call(context, k, request, NULL, NULL); 990 991 krb5_storage_free(request); 992 return ret; 993 } 994 995 996 /* 997 * Request: 998 * NameZ 999 * Mode 1000 * 1001 * Response: 1002 * 1003 */ 1004 krb5_error_code 1005 _krb5_kcm_chmod(krb5_context context, 1006 krb5_ccache id, 1007 uint16_t mode) 1008 { 1009 krb5_error_code ret; 1010 krb5_kcmcache *k = KCMCACHE(id); 1011 krb5_storage *request; 1012 1013 ret = kcm_storage_request(context, KCM_OP_CHMOD, &request); 1014 if (ret) 1015 return ret; 1016 1017 ret = krb5_store_stringz(request, k->name); 1018 if (ret) { 1019 krb5_storage_free(request); 1020 return ret; 1021 } 1022 1023 ret = krb5_store_int16(request, mode); 1024 if (ret) { 1025 krb5_storage_free(request); 1026 return ret; 1027 } 1028 1029 ret = kcm_call(context, k, request, NULL, NULL); 1030 1031 krb5_storage_free(request); 1032 return ret; 1033 } 1034 1035 1036 /* 1037 * Request: 1038 * NameZ 1039 * UID 1040 * GID 1041 * 1042 * Response: 1043 * 1044 */ 1045 krb5_error_code 1046 _krb5_kcm_chown(krb5_context context, 1047 krb5_ccache id, 1048 uint32_t uid, 1049 uint32_t gid) 1050 { 1051 krb5_error_code ret; 1052 krb5_kcmcache *k = KCMCACHE(id); 1053 krb5_storage *request; 1054 1055 ret = kcm_storage_request(context, KCM_OP_CHOWN, &request); 1056 if (ret) 1057 return ret; 1058 1059 ret = krb5_store_stringz(request, k->name); 1060 if (ret) { 1061 krb5_storage_free(request); 1062 return ret; 1063 } 1064 1065 ret = krb5_store_int32(request, uid); 1066 if (ret) { 1067 krb5_storage_free(request); 1068 return ret; 1069 } 1070 1071 ret = krb5_store_int32(request, gid); 1072 if (ret) { 1073 krb5_storage_free(request); 1074 return ret; 1075 } 1076 1077 ret = kcm_call(context, k, request, NULL, NULL); 1194 ret = krb5_kcm_storage_request(context, KCM_OP_NOOP, &request); 1195 if (ret) 1196 return ret; 1197 1198 ret = krb5_kcm_call(context, request, NULL, NULL); 1078 1199 1079 1200 krb5_storage_free(request); … … 1102 1223 krb5_storage *request; 1103 1224 1104 ret = k cm_storage_request(context, KCM_OP_GET_INITIAL_TICKET, &request);1225 ret = krb5_kcm_storage_request(context, KCM_OP_GET_INITIAL_TICKET, &request); 1105 1226 if (ret) 1106 1227 return ret; … … 1132 1253 } 1133 1254 1134 ret = k cm_call(context, k, request, NULL, NULL);1255 ret = krb5_kcm_call(context, request, NULL, NULL); 1135 1256 1136 1257 krb5_storage_free(request); … … 1160 1281 krb5_storage *request; 1161 1282 1162 ret = k cm_storage_request(context, KCM_OP_GET_TICKET, &request);1283 ret = krb5_kcm_storage_request(context, KCM_OP_GET_TICKET, &request); 1163 1284 if (ret) 1164 1285 return ret; … … 1188 1309 } 1189 1310 1190 ret = k cm_call(context, k, request, NULL, NULL);1311 ret = krb5_kcm_call(context, request, NULL, NULL); 1191 1312 1192 1313 krb5_storage_free(request); -
trunk/server/source4/heimdal/lib/krb5/keyblock.c
r414 r745 42 42 */ 43 43 44 void KRB5_LIB_FUNCTION 44 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 45 45 krb5_keyblock_zero(krb5_keyblock *keyblock) 46 46 { … … 58 58 */ 59 59 60 void KRB5_LIB_FUNCTION 60 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 61 61 krb5_free_keyblock_contents(krb5_context context, 62 62 krb5_keyblock *keyblock) … … 80 80 */ 81 81 82 void KRB5_LIB_FUNCTION 82 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 83 83 krb5_free_keyblock(krb5_context context, 84 84 krb5_keyblock *keyblock) … … 98 98 * @param to the output key. 99 99 * 100 * @ param0 on success or a Kerberos 5 error code101 * 102 * @ingroup krb5_crypto 103 */ 104 105 krb5_error_code KRB5_LIB_FUNCTION 100 * @return 0 on success or a Kerberos 5 error code 101 * 102 * @ingroup krb5_crypto 103 */ 104 105 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 106 106 krb5_copy_keyblock_contents (krb5_context context, 107 107 const krb5_keyblock *inblock, … … 119 119 * @param to the output key. 120 120 * 121 * @ param0 on success or a Kerberos 5 error code122 * 123 * @ingroup krb5_crypto 124 */ 125 126 127 krb5_error_code KRB5_LIB_FUNCTION 121 * @return 0 on success or a Kerberos 5 error code 122 * 123 * @ingroup krb5_crypto 124 */ 125 126 127 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 128 128 krb5_copy_keyblock (krb5_context context, 129 129 const krb5_keyblock *inblock, … … 156 156 */ 157 157 158 krb5_enctype 158 KRB5_LIB_FUNCTION krb5_enctype KRB5_LIB_CALL 159 159 krb5_keyblock_get_enctype(const krb5_keyblock *block) 160 160 { … … 166 166 * `size'. Key should be freed using krb5_free_keyblock_contents(). 167 167 * 168 * @ingroup krb5_crypto 169 */ 170 171 krb5_error_code KRB5_LIB_FUNCTION 168 * @return 0 on success or a Kerberos 5 error code 169 * 170 * @ingroup krb5_crypto 171 */ 172 173 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 172 174 krb5_keyblock_init(krb5_context context, 173 175 krb5_enctype type, -
trunk/server/source4/heimdal/lib/krb5/keytab.c
r414 r745 74 74 * the type's name is AFSKEYFILE. The residual part is a filename. 75 75 * 76 * - krb477 * the keytab is a Kerberos 4 srvtab that is on-the-fly converted to78 * a keytab. The type's name is krb4 The residual part is a79 * filename.80 *81 76 * - memory 82 77 * The keytab is stored in a memory segment. This allows sensitive … … 84 79 * is MEMORY. Each MEMORY keytab is referenced counted by and 85 80 * opened by the residual name, so two handles can point to the 86 * same memory area. When the last user closes the entry, it 87 * disappears. 81 * same memory area. When the last user closes using krb5_kt_close() 82 * the keytab, the keys in they keytab is memset() to zero and freed 83 * and can no longer be looked up by name. 88 84 * 89 85 * … … 114 110 krb5_err(context, 1, ret, "krb5_kt_start_seq_get"); 115 111 while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0){ 116 krb5_unparse_name _short(context, entry.principal, &principal);112 krb5_unparse_name(context, entry.principal, &principal); 117 113 printf("principal: %s\n", principal); 118 114 free(principal); … … 144 140 */ 145 141 146 krb5_error_code KRB5_LIB_FUNCTION 142 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 147 143 krb5_kt_register(krb5_context context, 148 144 const krb5_kt_ops *ops) … … 170 166 } 171 167 168 static const char * 169 keytab_name(const char * name, const char ** ptype, size_t * ptype_len) 170 { 171 const char * residual; 172 173 residual = strchr(name, ':'); 174 175 if (residual == NULL 176 177 #ifdef _WIN32 178 179 /* Avoid treating <drive>:<path> as a keytab type 180 * specification */ 181 182 || name + 1 == residual 183 #endif 184 ) { 185 186 *ptype = "FILE"; 187 *ptype_len = strlen(*ptype); 188 residual = name; 189 } else { 190 *ptype = name; 191 *ptype_len = residual - name; 192 residual++; 193 } 194 195 return residual; 196 } 197 172 198 /** 173 199 * Resolve the keytab name (of the form `type:residual') in `name' … … 184 210 185 211 186 krb5_error_code KRB5_LIB_FUNCTION 212 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 187 213 krb5_kt_resolve(krb5_context context, 188 214 const char *name, … … 195 221 krb5_error_code ret; 196 222 197 residual = strchr(name, ':'); 198 if(residual == NULL) { 199 type = "FILE"; 200 type_len = strlen(type); 201 residual = name; 202 } else { 203 type = name; 204 type_len = residual - name; 205 residual++; 206 } 223 residual = keytab_name(name, &type, &type_len); 207 224 208 225 for(i = 0; i < context->num_kt_types; i++) { … … 245 262 */ 246 263 247 krb5_error_code KRB5_LIB_FUNCTION 264 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 248 265 krb5_kt_default_name(krb5_context context, char *name, size_t namesize) 249 266 { … … 267 284 */ 268 285 269 krb5_error_code KRB5_LIB_FUNCTION 286 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 270 287 krb5_kt_default_modify_name(krb5_context context, char *name, size_t namesize) 271 288 { … … 304 321 */ 305 322 306 krb5_error_code KRB5_LIB_FUNCTION 323 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 307 324 krb5_kt_default(krb5_context context, krb5_keytab *id) 308 325 { … … 326 343 */ 327 344 328 krb5_error_code KRB5_LIB_FUNCTION 345 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 329 346 krb5_kt_read_service_key(krb5_context context, 330 347 krb5_pointer keyprocarg, … … 369 386 */ 370 387 371 krb5_error_code KRB5_LIB_FUNCTION 388 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 372 389 krb5_kt_get_type(krb5_context context, 373 390 krb5_keytab keytab, … … 392 409 */ 393 410 394 krb5_error_code KRB5_LIB_FUNCTION 411 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 395 412 krb5_kt_get_name(krb5_context context, 396 413 krb5_keytab keytab, … … 415 432 */ 416 433 417 krb5_error_code KRB5_LIB_FUNCTION 434 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 418 435 krb5_kt_get_full_name(krb5_context context, 419 436 krb5_keytab keytab, … … 455 472 */ 456 473 457 krb5_error_code KRB5_LIB_FUNCTION 474 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 458 475 krb5_kt_close(krb5_context context, 459 476 krb5_keytab id) … … 479 496 */ 480 497 481 krb5_error_code KRB5_LIB_FUNCTION 498 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 482 499 krb5_kt_destroy(krb5_context context, 483 500 krb5_keytab id) … … 524 541 */ 525 542 526 krb5_boolean KRB5_LIB_FUNCTION 543 KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL 527 544 krb5_kt_compare(krb5_context context, 528 545 krb5_keytab_entry *entry, … … 591 608 */ 592 609 593 krb5_error_code KRB5_LIB_FUNCTION 610 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 594 611 krb5_kt_get_entry(krb5_context context, 595 612 krb5_keytab id, … … 652 669 */ 653 670 654 krb5_error_code KRB5_LIB_FUNCTION 671 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 655 672 krb5_kt_copy_entry_contents(krb5_context context, 656 673 const krb5_keytab_entry *in, … … 688 705 */ 689 706 690 krb5_error_code KRB5_LIB_FUNCTION 707 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 691 708 krb5_kt_free_entry(krb5_context context, 692 709 krb5_keytab_entry *entry) … … 710 727 */ 711 728 712 krb5_error_code KRB5_LIB_FUNCTION 729 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 713 730 krb5_kt_start_seq_get(krb5_context context, 714 731 krb5_keytab id, … … 739 756 */ 740 757 741 krb5_error_code KRB5_LIB_FUNCTION 758 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 742 759 krb5_kt_next_entry(krb5_context context, 743 760 krb5_keytab id, … … 767 784 */ 768 785 769 krb5_error_code KRB5_LIB_FUNCTION 786 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 770 787 krb5_kt_end_seq_get(krb5_context context, 771 788 krb5_keytab id, … … 793 810 */ 794 811 795 krb5_error_code KRB5_LIB_FUNCTION 812 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 796 813 krb5_kt_add_entry(krb5_context context, 797 814 krb5_keytab id, … … 821 838 */ 822 839 823 krb5_error_code KRB5_LIB_FUNCTION 840 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 824 841 krb5_kt_remove_entry(krb5_context context, 825 842 krb5_keytab id, -
trunk/server/source4/heimdal/lib/krb5/keytab_any.c
r414 r745 54 54 } 55 55 56 static krb5_error_code 56 static krb5_error_code KRB5_CALLCONV 57 57 any_resolve(krb5_context context, const char *name, krb5_keytab id) 58 58 { … … 62 62 63 63 while (strsep_copy(&name, ",", buf, sizeof(buf)) != -1) { 64 a = malloc(sizeof(*a));64 a = calloc(1, sizeof(*a)); 65 65 if (a == NULL) { 66 66 ret = ENOMEM; … … 96 96 } 97 97 98 static krb5_error_code 98 static krb5_error_code KRB5_CALLCONV 99 99 any_get_name (krb5_context context, 100 100 krb5_keytab id, … … 107 107 } 108 108 109 static krb5_error_code 109 static krb5_error_code KRB5_CALLCONV 110 110 any_close (krb5_context context, 111 111 krb5_keytab id) … … 122 122 }; 123 123 124 static krb5_error_code 124 static krb5_error_code KRB5_CALLCONV 125 125 any_start_seq_get(krb5_context context, 126 126 krb5_keytab id, … … 151 151 } 152 152 153 static krb5_error_code 153 static krb5_error_code KRB5_CALLCONV 154 154 any_next_entry (krb5_context context, 155 155 krb5_keytab id, … … 183 183 } 184 184 185 static krb5_error_code 185 static krb5_error_code KRB5_CALLCONV 186 186 any_end_seq_get(krb5_context context, 187 187 krb5_keytab id, … … 199 199 } 200 200 201 static krb5_error_code 201 static krb5_error_code KRB5_CALLCONV 202 202 any_add_entry(krb5_context context, 203 203 krb5_keytab id, … … 219 219 } 220 220 221 static krb5_error_code 221 static krb5_error_code KRB5_CALLCONV 222 222 any_remove_entry(krb5_context context, 223 223 krb5_keytab id, -
trunk/server/source4/heimdal/lib/krb5/keytab_file.c
r414 r745 287 287 } 288 288 289 static krb5_error_code 289 static krb5_error_code KRB5_CALLCONV 290 290 fkt_resolve(krb5_context context, const char *name, krb5_keytab id) 291 291 { … … 308 308 } 309 309 310 static krb5_error_code 310 static krb5_error_code KRB5_CALLCONV 311 311 fkt_resolve_java14(krb5_context context, const char *name, krb5_keytab id) 312 312 { … … 321 321 } 322 322 323 static krb5_error_code 323 static krb5_error_code KRB5_CALLCONV 324 324 fkt_close(krb5_context context, krb5_keytab id) 325 325 { … … 330 330 } 331 331 332 static krb5_error_code 332 static krb5_error_code KRB5_CALLCONV 333 333 fkt_destroy(krb5_context context, krb5_keytab id) 334 334 { … … 338 338 } 339 339 340 static krb5_error_code 340 static krb5_error_code KRB5_CALLCONV 341 341 fkt_get_name(krb5_context context, 342 342 krb5_keytab id, … … 431 431 } 432 432 433 static krb5_error_code 433 static krb5_error_code KRB5_CALLCONV 434 434 fkt_start_seq_get(krb5_context context, 435 435 krb5_keytab id, … … 504 504 } 505 505 506 static krb5_error_code 506 static krb5_error_code KRB5_CALLCONV 507 507 fkt_next_entry(krb5_context context, 508 508 krb5_keytab id, … … 513 513 } 514 514 515 static krb5_error_code 515 static krb5_error_code KRB5_CALLCONV 516 516 fkt_end_seq_get(krb5_context context, 517 517 krb5_keytab id, … … 524 524 } 525 525 526 static krb5_error_code 526 static krb5_error_code KRB5_CALLCONV 527 527 fkt_setup_keytab(krb5_context context, 528 528 krb5_keytab id, … … 538 538 } 539 539 540 static krb5_error_code 540 static krb5_error_code KRB5_CALLCONV 541 541 fkt_add_entry(krb5_context context, 542 542 krb5_keytab id, … … 724 724 } 725 725 726 static krb5_error_code 726 static krb5_error_code KRB5_CALLCONV 727 727 fkt_remove_entry(krb5_context context, 728 728 krb5_keytab id, -
trunk/server/source4/heimdal/lib/krb5/keytab_keyfile.c
r414 r745 129 129 */ 130 130 131 static krb5_error_code 131 static krb5_error_code KRB5_CALLCONV 132 132 akf_resolve(krb5_context context, const char *name, krb5_keytab id) 133 133 { … … 165 165 */ 166 166 167 static krb5_error_code 167 static krb5_error_code KRB5_CALLCONV 168 168 akf_close(krb5_context context, krb5_keytab id) 169 169 { … … 180 180 */ 181 181 182 static krb5_error_code 182 static krb5_error_code KRB5_CALLCONV 183 183 akf_get_name(krb5_context context, 184 184 krb5_keytab id, … … 196 196 */ 197 197 198 static krb5_error_code 198 static krb5_error_code KRB5_CALLCONV 199 199 akf_start_seq_get(krb5_context context, 200 200 krb5_keytab id, … … 227 227 } 228 228 229 static krb5_error_code 229 static krb5_error_code KRB5_CALLCONV 230 230 akf_next_entry(krb5_context context, 231 231 krb5_keytab id, … … 282 282 } 283 283 284 static krb5_error_code 284 static krb5_error_code KRB5_CALLCONV 285 285 akf_end_seq_get(krb5_context context, 286 286 krb5_keytab id, … … 292 292 } 293 293 294 static krb5_error_code 294 static krb5_error_code KRB5_CALLCONV 295 295 akf_add_entry(krb5_context context, 296 296 krb5_keytab id, -
trunk/server/source4/heimdal/lib/krb5/keytab_memory.c
r414 r745 51 51 52 52 53 static krb5_error_code 53 static krb5_error_code KRB5_CALLCONV 54 54 mkt_resolve(krb5_context context, const char *name, krb5_keytab id) 55 55 { … … 96 96 } 97 97 98 static krb5_error_code 98 static krb5_error_code KRB5_CALLCONV 99 99 mkt_close(krb5_context context, krb5_keytab id) 100 100 { … … 127 127 } 128 128 129 static krb5_error_code 129 static krb5_error_code KRB5_CALLCONV 130 130 mkt_get_name(krb5_context context, 131 131 krb5_keytab id, … … 138 138 } 139 139 140 static krb5_error_code 140 static krb5_error_code KRB5_CALLCONV 141 141 mkt_start_seq_get(krb5_context context, 142 142 krb5_keytab id, … … 148 148 } 149 149 150 static krb5_error_code 150 static krb5_error_code KRB5_CALLCONV 151 151 mkt_next_entry(krb5_context context, 152 152 krb5_keytab id, … … 160 160 } 161 161 162 static krb5_error_code 162 static krb5_error_code KRB5_CALLCONV 163 163 mkt_end_seq_get(krb5_context context, 164 164 krb5_keytab id, … … 168 168 } 169 169 170 static krb5_error_code 170 static krb5_error_code KRB5_CALLCONV 171 171 mkt_add_entry(krb5_context context, 172 172 krb5_keytab id, … … 186 186 } 187 187 188 static krb5_error_code 188 static krb5_error_code KRB5_CALLCONV 189 189 mkt_remove_entry(krb5_context context, 190 190 krb5_keytab id, -
trunk/server/source4/heimdal/lib/krb5/krb5-v4compat.h
r414 r745 106 106 107 107 #ifndef TKT_ROOT 108 #ifdef KRB5_USE_PATH_TOKENS 109 #define TKT_ROOT "%{TEMP}/tkt" 110 #else 108 111 #define TKT_ROOT "/tmp/tkt" 112 #endif 109 113 #endif 110 114 … … 121 125 }; 122 126 123 time_t _krb5_krb_life_to_time (int, int); 124 int _krb5_krb_time_to_life (time_t, time_t); 125 krb5_error_code _krb5_krb_tf_setup (krb5_context, struct credentials *, 126 const char *, int); 127 krb5_error_code _krb5_krb_dest_tkt(krb5_context, const char *); 127 KRB5_LIB_FUNCTION time_t KRB5_LIB_CALL 128 _krb5_krb_life_to_time (int, int); 129 130 KRB5_LIB_FUNCTION int KRB5_LIB_CALL 131 _krb5_krb_time_to_life (time_t, time_t); 132 133 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 134 _krb5_krb_tf_setup (krb5_context, struct credentials *, 135 const char *, int); 136 137 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 138 _krb5_krb_dest_tkt(krb5_context, const char *); 128 139 129 140 #define krb_time_to_life _krb5_krb_time_to_life -
trunk/server/source4/heimdal/lib/krb5/krb5.h
r414 r745 3 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 4 * All rights reserved. 5 * 6 * Portions Copyright (c) 2009 Apple Inc. All rights reserved. 5 7 * 6 8 * Redistribution and use in source and binary forms, with or without … … 62 64 #endif 63 65 66 #ifdef _WIN32 67 #define KRB5_CALLCONV __stdcall 68 #else 69 #define KRB5_CALLCONV 70 #endif 71 64 72 /* simple constants */ 65 73 … … 73 81 typedef int32_t krb5_error_code; 74 82 75 typedef int krb5_kvno;83 typedef int32_t krb5_kvno; 76 84 77 85 typedef uint32_t krb5_flags; … … 234 242 KRB5_KU_PA_PKINIT_KX = 44, 235 243 /* Encryption type of the kdc session contribution in pk-init */ 244 KRB5_KU_AS_REQ = 56, 245 /* Checksum of over the AS-REQ send by the KDC in PA-REQ-ENC-PA-REP */ 236 246 KRB5_KU_DIGEST_ENCRYPT = -18, 237 247 /* Encryption key usage used in the digest encryption field */ … … 302 312 struct krb5_cc_ops; 303 313 314 #ifdef _WIN32 315 #define KRB5_USE_PATH_TOKENS 1 316 #endif 317 318 #ifdef KRB5_USE_PATH_TOKENS 319 #define KRB5_DEFAULT_CCFILE_ROOT "%{TEMP}/krb5cc_" 320 #else 304 321 #define KRB5_DEFAULT_CCFILE_ROOT "/tmp/krb5cc_" 322 #endif 305 323 306 324 #define KRB5_DEFAULT_CCROOT "FILE:" KRB5_DEFAULT_CCFILE_ROOT … … 312 330 313 331 typedef void *krb5_cc_cursor; 314 typedef struct krb5_cccol_cursor *krb5_cccol_cursor;332 typedef struct krb5_cccol_cursor_data *krb5_cccol_cursor; 315 333 316 334 typedef struct krb5_ccache_data { … … 395 413 #define KRB5_TC_MATCH_IS_SKEY (1 << 22) 396 414 415 /* constants for get_flags and set_flags */ 416 #define KRB5_TC_OPENCLOSE 0x00000001 417 #define KRB5_TC_NOTICKET 0x00000002 418 397 419 typedef AuthorizationData krb5_authdata; 398 420 … … 413 435 typedef struct krb5_cc_cache_cursor_data *krb5_cc_cache_cursor; 414 436 415 #define KRB5_CC_OPS_VERSION 2437 #define KRB5_CC_OPS_VERSION 3 416 438 417 439 typedef struct krb5_cc_ops { 418 440 int version; 419 441 const char *prefix; 420 const char* (*get_name)(krb5_context, krb5_ccache); 421 krb5_error_code (*resolve)(krb5_context, krb5_ccache *, const char *); 422 krb5_error_code (*gen_new)(krb5_context, krb5_ccache *); 423 krb5_error_code (*init)(krb5_context, krb5_ccache, krb5_principal); 424 krb5_error_code (*destroy)(krb5_context, krb5_ccache); 425 krb5_error_code (*close)(krb5_context, krb5_ccache); 426 krb5_error_code (*store)(krb5_context, krb5_ccache, krb5_creds*); 427 krb5_error_code (*retrieve)(krb5_context, krb5_ccache, 428 krb5_flags, const krb5_creds*, krb5_creds *); 429 krb5_error_code (*get_princ)(krb5_context, krb5_ccache, krb5_principal*); 430 krb5_error_code (*get_first)(krb5_context, krb5_ccache, krb5_cc_cursor *); 431 krb5_error_code (*get_next)(krb5_context, krb5_ccache, 432 krb5_cc_cursor*, krb5_creds*); 433 krb5_error_code (*end_get)(krb5_context, krb5_ccache, krb5_cc_cursor*); 434 krb5_error_code (*remove_cred)(krb5_context, krb5_ccache, 435 krb5_flags, krb5_creds*); 436 krb5_error_code (*set_flags)(krb5_context, krb5_ccache, krb5_flags); 437 int (*get_version)(krb5_context, krb5_ccache); 438 krb5_error_code (*get_cache_first)(krb5_context, krb5_cc_cursor *); 439 krb5_error_code (*get_cache_next)(krb5_context, krb5_cc_cursor, krb5_ccache *); 440 krb5_error_code (*end_cache_get)(krb5_context, krb5_cc_cursor); 441 krb5_error_code (*move)(krb5_context, krb5_ccache, krb5_ccache); 442 krb5_error_code (*get_default_name)(krb5_context, char **); 443 krb5_error_code (*set_default)(krb5_context, krb5_ccache); 444 krb5_error_code (*lastchange)(krb5_context, krb5_ccache, krb5_timestamp *); 442 const char* (KRB5_CALLCONV * get_name)(krb5_context, krb5_ccache); 443 krb5_error_code (KRB5_CALLCONV * resolve)(krb5_context, krb5_ccache *, const char *); 444 krb5_error_code (KRB5_CALLCONV * gen_new)(krb5_context, krb5_ccache *); 445 krb5_error_code (KRB5_CALLCONV * init)(krb5_context, krb5_ccache, krb5_principal); 446 krb5_error_code (KRB5_CALLCONV * destroy)(krb5_context, krb5_ccache); 447 krb5_error_code (KRB5_CALLCONV * close)(krb5_context, krb5_ccache); 448 krb5_error_code (KRB5_CALLCONV * store)(krb5_context, krb5_ccache, krb5_creds*); 449 krb5_error_code (KRB5_CALLCONV * retrieve)(krb5_context, krb5_ccache, 450 krb5_flags, const krb5_creds*, krb5_creds *); 451 krb5_error_code (KRB5_CALLCONV * get_princ)(krb5_context, krb5_ccache, krb5_principal*); 452 krb5_error_code (KRB5_CALLCONV * get_first)(krb5_context, krb5_ccache, krb5_cc_cursor *); 453 krb5_error_code (KRB5_CALLCONV * get_next)(krb5_context, krb5_ccache, 454 krb5_cc_cursor*, krb5_creds*); 455 krb5_error_code (KRB5_CALLCONV * end_get)(krb5_context, krb5_ccache, krb5_cc_cursor*); 456 krb5_error_code (KRB5_CALLCONV * remove_cred)(krb5_context, krb5_ccache, 457 krb5_flags, krb5_creds*); 458 krb5_error_code (KRB5_CALLCONV * set_flags)(krb5_context, krb5_ccache, krb5_flags); 459 int (KRB5_CALLCONV * get_version)(krb5_context, krb5_ccache); 460 krb5_error_code (KRB5_CALLCONV * get_cache_first)(krb5_context, krb5_cc_cursor *); 461 krb5_error_code (KRB5_CALLCONV * get_cache_next)(krb5_context, krb5_cc_cursor, 462 krb5_ccache *); 463 krb5_error_code (KRB5_CALLCONV * end_cache_get)(krb5_context, krb5_cc_cursor); 464 krb5_error_code (KRB5_CALLCONV * move)(krb5_context, krb5_ccache, krb5_ccache); 465 krb5_error_code (KRB5_CALLCONV * get_default_name)(krb5_context, char **); 466 krb5_error_code (KRB5_CALLCONV * set_default)(krb5_context, krb5_ccache); 467 krb5_error_code (KRB5_CALLCONV * lastchange)(krb5_context, krb5_ccache, krb5_timestamp *); 468 krb5_error_code (KRB5_CALLCONV * set_kdc_offset)(krb5_context, krb5_ccache, krb5_deltat); 469 krb5_error_code (KRB5_CALLCONV * get_kdc_offset)(krb5_context, krb5_ccache, krb5_deltat *); 445 470 } krb5_cc_ops; 446 471 … … 512 537 struct krb5_keytab_data { 513 538 const char *prefix; 514 krb5_error_code ( *resolve)(krb5_context, const char*, krb5_keytab);515 krb5_error_code ( *get_name)(krb5_context, krb5_keytab, char*, size_t);516 krb5_error_code ( *close)(krb5_context, krb5_keytab);517 krb5_error_code ( *destroy)(krb5_context, krb5_keytab);518 krb5_error_code ( *get)(krb5_context, krb5_keytab, krb5_const_principal,519 520 krb5_error_code ( *start_seq_get)(krb5_context, krb5_keytab, krb5_kt_cursor*);521 krb5_error_code ( *next_entry)(krb5_context, krb5_keytab,522 523 krb5_error_code ( *end_seq_get)(krb5_context, krb5_keytab, krb5_kt_cursor*);524 krb5_error_code ( *add)(krb5_context, krb5_keytab, krb5_keytab_entry*);525 krb5_error_code ( *remove)(krb5_context, krb5_keytab, krb5_keytab_entry*);539 krb5_error_code (KRB5_CALLCONV * resolve)(krb5_context, const char*, krb5_keytab); 540 krb5_error_code (KRB5_CALLCONV * get_name)(krb5_context, krb5_keytab, char*, size_t); 541 krb5_error_code (KRB5_CALLCONV * close)(krb5_context, krb5_keytab); 542 krb5_error_code (KRB5_CALLCONV * destroy)(krb5_context, krb5_keytab); 543 krb5_error_code (KRB5_CALLCONV * get)(krb5_context, krb5_keytab, krb5_const_principal, 544 krb5_kvno, krb5_enctype, krb5_keytab_entry*); 545 krb5_error_code (KRB5_CALLCONV * start_seq_get)(krb5_context, krb5_keytab, krb5_kt_cursor*); 546 krb5_error_code (KRB5_CALLCONV * next_entry)(krb5_context, krb5_keytab, 547 krb5_keytab_entry*, krb5_kt_cursor*); 548 krb5_error_code (KRB5_CALLCONV * end_seq_get)(krb5_context, krb5_keytab, krb5_kt_cursor*); 549 krb5_error_code (KRB5_CALLCONV * add)(krb5_context, krb5_keytab, krb5_keytab_entry*); 550 krb5_error_code (KRB5_CALLCONV * remove)(krb5_context, krb5_keytab, krb5_keytab_entry*); 526 551 void *data; 527 552 int32_t version; … … 595 620 extern const char *heimdal_version, *heimdal_long_version; 596 621 597 typedef void ( *krb5_log_log_func_t)(const char*, const char*, void*);598 typedef void ( *krb5_log_close_func_t)(void*);622 typedef void (KRB5_CALLCONV * krb5_log_log_func_t)(const char*, const char*, void*); 623 typedef void (KRB5_CALLCONV * krb5_log_close_func_t)(void*); 599 624 600 625 typedef struct krb5_log_facility { … … 631 656 } krb5_prompt; 632 657 633 typedef int ( *krb5_prompter_fct)(krb5_context /*context*/,634 635 636 637 638 639 typedef krb5_error_code ( *krb5_key_proc)(krb5_context /*context*/,640 641 642 643 644 typedef krb5_error_code ( *krb5_decrypt_proc)(krb5_context /*context*/,645 646 647 648 649 typedef krb5_error_code ( *krb5_s2k_proc)(krb5_context /*context*/,650 651 652 653 654 658 typedef int (KRB5_CALLCONV * krb5_prompter_fct)(krb5_context /*context*/, 659 void * /*data*/, 660 const char * /*name*/, 661 const char * /*banner*/, 662 int /*num_prompts*/, 663 krb5_prompt /*prompts*/[]); 664 typedef krb5_error_code (KRB5_CALLCONV * krb5_key_proc)(krb5_context /*context*/, 665 krb5_enctype /*type*/, 666 krb5_salt /*salt*/, 667 krb5_const_pointer /*keyseed*/, 668 krb5_keyblock ** /*key*/); 669 typedef krb5_error_code (KRB5_CALLCONV * krb5_decrypt_proc)(krb5_context /*context*/, 670 krb5_keyblock * /*key*/, 671 krb5_key_usage /*usage*/, 672 krb5_const_pointer /*decrypt_arg*/, 673 krb5_kdc_rep * /*dec_rep*/); 674 typedef krb5_error_code (KRB5_CALLCONV * krb5_s2k_proc)(krb5_context /*context*/, 675 krb5_enctype /*type*/, 676 krb5_const_pointer /*keyseed*/, 677 krb5_salt /*salt*/, 678 krb5_data * /*s2kparms*/, 679 krb5_keyblock ** /*key*/); 655 680 656 681 struct _krb5_get_init_creds_opt_private; … … 687 712 #define KRB5_GET_INIT_CREDS_OPT_DISABLE_TRANSITED_CHECK 0x0200 688 713 714 /* krb5_init_creds_step flags argument */ 715 #define KRB5_INIT_CREDS_STEP_FLAG_CONTINUE 0x0001 716 689 717 typedef struct _krb5_verify_init_creds_opt { 690 718 krb5_flags flags; … … 746 774 }; 747 775 748 typedef krb5_error_code (*krb5_send_to_kdc_func)(krb5_context, 749 void *, 750 krb5_krbhst_info *, 751 time_t, 752 const krb5_data *, 753 krb5_data *); 776 typedef krb5_error_code 777 (KRB5_CALLCONV * krb5_send_to_kdc_func)(krb5_context, void *, krb5_krbhst_info *, time_t, 778 const krb5_data *, krb5_data *); 754 779 755 780 /** flags for krb5_parse_name_flags */ … … 773 798 #define KRB5_SENDTO_CONTINUE 2 774 799 775 typedef krb5_error_code (*krb5_sendto_ctx_func)(krb5_context, krb5_sendto_ctx, void *, const krb5_data *, int *); 800 typedef krb5_error_code 801 (KRB5_CALLCONV * krb5_sendto_ctx_func)(krb5_context, krb5_sendto_ctx, void *, 802 const krb5_data *, int *); 776 803 777 804 struct krb5_plugin; … … 817 844 818 845 typedef krb5_error_code 819 ( *krb5_gic_process_last_req)(krb5_context, krb5_last_req_entry **, void *);846 (KRB5_CALLCONV * krb5_gic_process_last_req)(krb5_context, krb5_last_req_entry **, void *); 820 847 821 848 /* 822 849 * 823 850 */ 851 852 struct hx509_certs_data; 824 853 825 854 #include <krb5-protos.h> … … 835 864 extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_mcc_ops; 836 865 extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_kcm_ops; 866 extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_akcm_ops; 837 867 extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_scc_ops; 838 868 … … 842 872 extern KRB5_LIB_VARIABLE const krb5_kt_ops krb5_mkt_ops; 843 873 extern KRB5_LIB_VARIABLE const krb5_kt_ops krb5_akf_ops; 844 extern KRB5_LIB_VARIABLE const krb5_kt_ops krb4_fkt_ops;845 extern KRB5_LIB_VARIABLE const krb5_kt_ops krb5_srvtab_fkt_ops;846 874 extern KRB5_LIB_VARIABLE const krb5_kt_ops krb5_any_ops; 847 875 -
trunk/server/source4/heimdal/lib/krb5/krb5_locl.h
r414 r745 3 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 4 * All rights reserved. 5 * 6 * Portions Copyright (c) 2009 Apple Inc. All rights reserved. 5 7 * 6 8 * Redistribution and use in source and binary forms, with or without … … 46 48 #include <limits.h> 47 49 50 #include <krb5-types.h> 51 48 52 #ifdef HAVE_SYS_TYPES_H 49 53 #include <sys/types.h> … … 114 118 #include <sys/file.h> 115 119 #endif 120 121 #include <com_err.h> 122 123 #include <heimbase.h> 116 124 117 125 #define HEIMDAL_TEXTDOMAIN "heimdal_krb5" … … 152 160 153 161 /* XXX glue for pkinit */ 162 struct hx509_certs_data; 154 163 struct krb5_pk_identity; 155 164 struct krb5_pk_cert; … … 170 179 #include <hx509.h> 171 180 #endif 181 182 #include "crypto.h" 183 172 184 #include <krb5-private.h> 173 185 … … 176 188 #define ALLOC(X, N) (X) = calloc((N), sizeof(*(X))) 177 189 #define ALLOC_SEQ(X, N) do { (X)->len = (N); ALLOC((X)->val, (N)); } while(0) 190 191 #ifndef PATH_SEP 192 #define PATH_SEP ":" 193 #endif 178 194 179 195 /* should this be public? */ … … 181 197 #define KEYTAB_DEFAULT_MODIFY "FILE:" SYSCONFDIR "/krb5.keytab" 182 198 199 183 200 #define MODULI_FILE SYSCONFDIR "/krb5.moduli" 184 201 … … 196 213 197 214 198 #define KRB5_BUFSIZ 1024215 #define KRB5_BUFSIZ 2048 199 216 200 217 typedef enum { … … 217 234 #define KRB5_INIT_CREDS_CANONICALIZE 1 218 235 #define KRB5_INIT_CREDS_NO_C_CANON_CHECK 2 236 #define KRB5_INIT_CREDS_NO_C_NO_EKU_CHECK 4 219 237 struct { 220 238 krb5_gic_process_last_req func; … … 235 253 struct et_list *et_list; 236 254 struct krb5_log_facility *warn_dest; 237 krb5_cc_ops *cc_ops; 255 struct krb5_log_facility *debug_dest; 256 const krb5_cc_ops **cc_ops; 238 257 int num_cc_ops; 239 258 const char *http_proxy; … … 264 283 #define KRB5_CTX_F_CHECK_PAC 2 265 284 #define KRB5_CTX_F_HOMEDIR_ACCESS 4 285 #define KRB5_CTX_F_SOCKETS_INITIALIZED 8 286 #define KRB5_CTX_F_RD_REQ_IGNORE 16 266 287 struct send_to_kdc *send_to_kdc; 288 #ifdef PKINIT 289 hx509_context hx509ctx; 290 #endif 267 291 } krb5_context_data; 268 292 293 #ifndef KRB5_USE_PATH_TOKENS 269 294 #define KRB5_DEFAULT_CCNAME_FILE "FILE:/tmp/krb5cc_%{uid}" 295 #else 296 #define KRB5_DEFAULT_CCNAME_FILE "FILE:%{TEMP}/krb5cc_%{uid}" 297 #endif 270 298 #define KRB5_DEFAULT_CCNAME_API "API:" 271 #define KRB5_DEFAULT_CCNAME_KCM "KCM:%{uid}" 299 #define KRB5_DEFAULT_CCNAME_KCM_KCM "KCM:%{uid}" 300 #define KRB5_DEFAULT_CCNAME_KCM_API "API:%{uid}" 272 301 273 302 #define EXTRACT_TICKET_ALLOW_CNAME_MISMATCH 1 … … 275 304 #define EXTRACT_TICKET_MATCH_REALM 4 276 305 #define EXTRACT_TICKET_AS_REQ 8 306 #define EXTRACT_TICKET_TIMESYNC 16 277 307 278 308 /* … … 292 322 #endif 293 323 324 #ifndef KRB5_FORWARDABLE_DEFAULT 325 #define KRB5_FORWARDABLE_DEFAULT TRUE 326 #endif 327 294 328 #ifdef PKINIT 295 329 296 330 struct krb5_pk_identity { 297 hx509_context hx509ctx;298 331 hx509_verify_ctx verify_ctx; 299 332 hx509_certs certs; … … 302 335 hx509_certs certpool; 303 336 hx509_revoke_ctx revokectx; 337 int flags; 338 #define PKINIT_BTMM 1 304 339 }; 305 340 -
trunk/server/source4/heimdal/lib/krb5/krbhst.c
r414 r745 87 87 88 88 r = rk_dns_lookup(domain, dns_type); 89 if(r == NULL) 89 if(r == NULL) { 90 _krb5_debug(context, 0, 91 "DNS lookup failed domain: %s", domain); 90 92 return KRB5_KDC_UNREACH; 93 } 91 94 92 95 for(num_srv = 0, rr = r->head; rr; rr = rr->next) … … 177 180 } 178 181 182 /* 183 * 184 */ 185 186 const char * 187 _krb5_krbhst_get_realm(krb5_krbhst_handle handle) 188 { 189 return handle->realm; 190 } 179 191 180 192 /* … … 187 199 const char *spec, int def_port, int port) 188 200 { 189 const char *p = spec ;201 const char *p = spec, *q; 190 202 struct krb5_krbhst_info *hi; 191 203 … … 210 222 } 211 223 212 if(strsep_copy(&p, ":", hi->hostname, strlen(spec) + 1) < 0) { 224 if (p[0] == '[' && (q = strchr(p, ']')) != NULL) { 225 /* if address looks like [foo:bar] or [foo:bar]: its a ipv6 226 adress, strip of [] */ 227 memcpy(hi->hostname, &p[1], q - p - 1); 228 hi->hostname[q - p - 1] = '\0'; 229 p = q + 1; 230 /* get trailing : */ 231 if (p[0] == ':') 232 p++; 233 } else if(strsep_copy(&p, ":", hi->hostname, strlen(spec) + 1) < 0) { 234 /* copy everything before : */ 213 235 free(hi); 214 236 return NULL; … … 219 241 220 242 hi->port = hi->def_port = def_port; 221 if(p != NULL ) {243 if(p != NULL && p[0]) { 222 244 char *end; 223 245 hi->port = strtol(p, &end, 0); … … 299 321 */ 300 322 301 krb5_error_code KRB5_LIB_FUNCTION 323 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 302 324 krb5_krbhst_format_string(krb5_context context, const krb5_krbhst_info *host, 303 325 char *hostname, size_t hostlen) … … 335 357 } 336 358 337 /* 338 * return an `struct addrinfo *' in `ai' corresponding to the information 339 * in `host'. free:ing is handled by krb5_krbhst_free. 340 */ 341 342 krb5_error_code KRB5_LIB_FUNCTION 359 /** 360 * Return an `struct addrinfo *' for a KDC host. 361 * 362 * Returns an the struct addrinfo in in that corresponds to the 363 * information in `host'. free:ing is handled by krb5_krbhst_free, so 364 * the returned ai must not be released. 365 * 366 * @ingroup krb5 367 */ 368 369 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 343 370 krb5_krbhst_get_addrinfo(krb5_context context, krb5_krbhst_info *host, 344 371 struct addrinfo **ai) 345 372 { 346 struct addrinfo hints; 347 char portstr[NI_MAXSERV]; 348 int ret; 373 int ret = 0; 349 374 350 375 if (host->ai == NULL) { 376 struct addrinfo hints; 377 char portstr[NI_MAXSERV]; 378 char *hostname = host->hostname; 379 380 snprintf (portstr, sizeof(portstr), "%d", host->port); 351 381 make_hints(&hints, host->proto); 352 snprintf (portstr, sizeof(portstr), "%d", host->port); 382 383 /** 384 * First try this as an IP address, this allows us to add a 385 * dot at the end to stop using the search domains. 386 */ 387 388 hints.ai_flags |= AI_NUMERICHOST | AI_NUMERICSERV; 389 353 390 ret = getaddrinfo(host->hostname, portstr, &hints, &host->ai); 354 if (ret) 355 return krb5_eai_to_heim_errno(ret, errno); 356 } 391 if (ret == 0) 392 goto out; 393 394 /** 395 * If the hostname contains a dot, assumes it's a FQDN and 396 * don't use search domains since that might be painfully slow 397 * when machine is disconnected from that network. 398 */ 399 400 hints.ai_flags &= ~(AI_NUMERICHOST); 401 402 if (strchr(hostname, '.') && hostname[strlen(hostname) - 1] != '.') { 403 ret = asprintf(&hostname, "%s.", host->hostname); 404 if (ret < 0 || hostname == NULL) 405 return ENOMEM; 406 } 407 408 ret = getaddrinfo(hostname, portstr, &hints, &host->ai); 409 if (hostname != host->hostname) 410 free(hostname); 411 if (ret) { 412 ret = krb5_eai_to_heim_errno(ret, errno); 413 goto out; 414 } 415 } 416 out: 357 417 *ai = host->ai; 358 return 0;418 return ret; 359 419 } 360 420 … … 375 435 const char *proto, const char *service) 376 436 { 437 krb5_error_code ret; 377 438 krb5_krbhst_info **res; 378 439 int count, i; 379 440 380 if (srv_find_realm(context, &res, &count, kd->realm, "SRV", proto, service, 381 kd->port)) 441 ret = srv_find_realm(context, &res, &count, kd->realm, "SRV", proto, service, 442 kd->port); 443 _krb5_debug(context, 2, "searching DNS for realm %s %s.%s -> %d", 444 kd->realm, proto, service, ret); 445 if (ret) 382 446 return; 383 447 for(i = 0; i < count; i++) … … 396 460 { 397 461 int i; 398 399 462 char **hostlist; 400 463 hostlist = krb5_config_get_strings(context, NULL, 401 464 "realms", kd->realm, conf_string, NULL); 465 466 _krb5_debug(context, 2, "configuration file for realm %s%s found", 467 kd->realm, hostlist ? "" : " not"); 402 468 403 469 if(hostlist == NULL) … … 421 487 const char *serv_string, int port, int proto) 422 488 { 423 char *host ;489 char *host = NULL; 424 490 int ret; 425 491 struct addrinfo *ai; 426 492 struct addrinfo hints; 427 493 char portstr[NI_MAXSERV]; 494 495 _krb5_debug(context, 2, "fallback lookup %d for realm %s (service %s)", 496 kd->fallback_count, kd->realm, serv_string); 428 497 429 498 /* … … 437 506 438 507 if(kd->fallback_count == 0) 439 asprintf(&host, "%s.%s.", serv_string, kd->realm);508 ret = asprintf(&host, "%s.%s.", serv_string, kd->realm); 440 509 else 441 asprintf(&host, "%s-%d.%s.",442 serv_string, kd->fallback_count, kd->realm);443 444 if ( host == NULL)510 ret = asprintf(&host, "%s-%d.%s.", 511 serv_string, kd->fallback_count, kd->realm); 512 513 if (ret < 0 || host == NULL) 445 514 return ENOMEM; 446 515 … … 546 615 kd->realm, ret); 547 616 break; 548 } else if (ret == 0) 617 } else if (ret == 0) { 618 _krb5_debug(context, 2, "plugin found result for realm %s", kd->realm); 549 619 kd->flags |= KD_CONFIG_EXISTS; 620 } 550 621 551 622 } … … 578 649 } 579 650 580 if (kd->flags & KD_CONFIG_EXISTS) 581 return KRB5_KDC_UNREACH; /* XXX */ 651 if (kd->flags & KD_CONFIG_EXISTS) { 652 _krb5_debug(context, 1, 653 "Configuration exists for realm %s, wont go to DNS", 654 kd->realm); 655 return KRB5_KDC_UNREACH; 656 } 582 657 583 658 if(context->srv_lookup) { … … 613 688 } 614 689 690 _krb5_debug(context, 0, "No KDC entries found for %s", kd->realm); 691 615 692 return KRB5_KDC_UNREACH; /* XXX */ 616 693 } … … 637 714 } 638 715 639 if (kd->flags & KD_CONFIG_EXISTS) 640 return KRB5_KDC_UNREACH; /* XXX */ 716 if (kd->flags & KD_CONFIG_EXISTS) { 717 _krb5_debug(context, 1, 718 "Configuration exists for realm %s, wont go to DNS", 719 kd->realm); 720 return KRB5_KDC_UNREACH; 721 } 641 722 642 723 if(context->srv_lookup) { … … 661 742 } 662 743 744 _krb5_debug(context, 0, "No admin entries found for realm %s", kd->realm); 745 663 746 return KRB5_KDC_UNREACH; /* XXX */ 664 747 } … … 685 768 } 686 769 687 if (kd->flags & KD_CONFIG_EXISTS) 688 return KRB5_KDC_UNREACH; /* XXX */ 770 if (kd->flags & KD_CONFIG_EXISTS) { 771 _krb5_debug(context, 1, 772 "Configuration exists for realm %s, wont go to DNS", 773 kd->realm); 774 return KRB5_KDC_UNREACH; 775 } 689 776 690 777 if(context->srv_lookup) { … … 715 802 } 716 803 717 return KRB5_KDC_UNREACH; /* XXX */ 804 _krb5_debug(context, 0, "No kpasswd entries found for realm %s", kd->realm); 805 806 return KRB5_KDC_UNREACH; 718 807 } 719 808 … … 737 826 } 738 827 739 if (kd->flags & KD_CONFIG_EXISTS) 740 return KRB5_KDC_UNREACH; /* XXX */ 828 if (kd->flags & KD_CONFIG_EXISTS) { 829 _krb5_debug(context, 1, 830 "Configuration exists for realm %s, wont go to DNS", 831 kd->realm); 832 return KRB5_KDC_UNREACH; 833 } 741 834 742 835 if(context->srv_lookup) { … … 765 858 } 766 859 767 return KRB5_KDC_UNREACH; /* XXX */ 860 _krb5_debug(context, 0, "No kpasswd entries found for realm %s", kd->realm); 861 862 return KRB5_KDC_UNREACH; 768 863 } 769 864 770 865 static struct krb5_krbhst_data* 771 866 common_init(krb5_context context, 867 const char *service, 772 868 const char *realm, 773 869 int flags) … … 782 878 return NULL; 783 879 } 880 881 _krb5_debug(context, 2, "Trying to find service %s for realm %s flags %x", 882 service, realm, flags); 784 883 785 884 /* For 'realms' without a . do not even think of going to DNS */ … … 797 896 */ 798 897 799 krb5_error_code KRB5_LIB_FUNCTION 898 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 800 899 krb5_krbhst_init(krb5_context context, 801 900 const char *realm, … … 806 905 } 807 906 808 krb5_error_code KRB5_LIB_FUNCTION 907 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 809 908 krb5_krbhst_init_flags(krb5_context context, 810 909 const char *realm, … … 817 916 krb5_krbhst_info **); 818 917 int def_port; 918 const char *service; 819 919 820 920 switch(type) { … … 822 922 next = kdc_get_next; 823 923 def_port = ntohs(krb5_getportbyname (context, "kerberos", "udp", 88)); 924 service = "kdc"; 824 925 break; 825 926 case KRB5_KRBHST_ADMIN: … … 827 928 def_port = ntohs(krb5_getportbyname (context, "kerberos-adm", 828 929 "tcp", 749)); 930 service = "admin"; 829 931 break; 830 932 case KRB5_KRBHST_CHANGEPW: … … 832 934 def_port = ntohs(krb5_getportbyname (context, "kpasswd", "udp", 833 935 KPASSWD_PORT)); 936 service = "change_password"; 834 937 break; 835 938 case KRB5_KRBHST_KRB524: 836 939 next = krb524_get_next; 837 940 def_port = ntohs(krb5_getportbyname (context, "krb524", "udp", 4444)); 941 service = "524"; 838 942 break; 839 943 default: … … 842 946 return ENOTTY; 843 947 } 844 if((kd = common_init(context, realm, flags)) == NULL)948 if((kd = common_init(context, service, realm, flags)) == NULL) 845 949 return ENOMEM; 846 950 kd->get_next = next; … … 854 958 */ 855 959 856 krb5_error_code KRB5_LIB_FUNCTION 960 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 857 961 krb5_krbhst_next(krb5_context context, 858 962 krb5_krbhst_handle handle, … … 870 974 */ 871 975 872 krb5_error_code KRB5_LIB_FUNCTION 976 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 873 977 krb5_krbhst_next_as_string(krb5_context context, 874 978 krb5_krbhst_handle handle, … … 885 989 886 990 887 void KRB5_LIB_FUNCTION 991 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 888 992 krb5_krbhst_reset(krb5_context context, krb5_krbhst_handle handle) 889 993 { … … 891 995 } 892 996 893 void KRB5_LIB_FUNCTION 997 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 894 998 krb5_krbhst_free(krb5_context context, krb5_krbhst_handle handle) 895 999 { … … 956 1060 */ 957 1061 958 krb5_error_code KRB5_LIB_FUNCTION 1062 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 959 1063 krb5_get_krb_admin_hst (krb5_context context, 960 1064 const krb5_realm *realm, … … 968 1072 */ 969 1073 970 krb5_error_code KRB5_LIB_FUNCTION 1074 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 971 1075 krb5_get_krb_changepw_hst (krb5_context context, 972 1076 const krb5_realm *realm, … … 980 1084 */ 981 1085 982 krb5_error_code KRB5_LIB_FUNCTION 1086 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 983 1087 krb5_get_krb524hst (krb5_context context, 984 1088 const krb5_realm *realm, … … 993 1097 */ 994 1098 995 krb5_error_code KRB5_LIB_FUNCTION 1099 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 996 1100 krb5_get_krbhst (krb5_context context, 997 1101 const krb5_realm *realm, … … 1005 1109 */ 1006 1110 1007 krb5_error_code KRB5_LIB_FUNCTION 1111 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1008 1112 krb5_free_krbhst (krb5_context context, 1009 1113 char **hostlist) -
trunk/server/source4/heimdal/lib/krb5/log.c
r414 r745 3 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 4 * All rights reserved. 5 * 6 * Portions Copyright (c) 2009 Apple Inc. All rights reserved. 5 7 * 6 8 * Redistribution and use in source and binary forms, with or without … … 114 116 } 115 117 116 krb5_error_code KRB5_LIB_FUNCTION 118 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 117 119 krb5_initlog(krb5_context context, 118 120 const char *program, … … 136 138 } 137 139 138 krb5_error_code KRB5_LIB_FUNCTION 140 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 139 141 krb5_addlog_func(krb5_context context, 140 142 krb5_log_facility *fac, … … 164 166 }; 165 167 166 static void 168 static void KRB5_CALLCONV 167 169 log_syslog(const char *timestr, 168 170 const char *msg, … … 174 176 } 175 177 176 static void 178 static void KRB5_CALLCONV 177 179 close_syslog(void *data) 178 180 { … … 214 216 }; 215 217 216 static void 218 static void KRB5_CALLCONV 217 219 log_file(const char *timestr, 218 220 const char *msg, … … 240 242 } 241 243 242 static void 244 static void KRB5_CALLCONV 243 245 close_file(void *data) 244 246 { … … 269 271 270 272 271 krb5_error_code KRB5_LIB_FUNCTION 273 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 272 274 krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *orig) 273 275 { … … 360 362 361 363 362 krb5_error_code KRB5_LIB_FUNCTION 364 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 363 365 krb5_openlog(krb5_context context, 364 366 const char *program, … … 384 386 } 385 387 386 krb5_error_code KRB5_LIB_FUNCTION 388 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 387 389 krb5_closelog(krb5_context context, 388 390 krb5_log_facility *fac) … … 403 405 #define __attribute__(X) 404 406 405 krb5_error_code KRB5_LIB_FUNCTION 407 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 406 408 krb5_vlog_msg(krb5_context context, 407 409 krb5_log_facility *fac, … … 427 429 } 428 430 if(actual == NULL) { 429 vasprintf(&msg, fmt, ap);430 if( msg == NULL)431 int ret = vasprintf(&msg, fmt, ap); 432 if(ret < 0 || msg == NULL) 431 433 actual = fmt; 432 434 else … … 442 444 } 443 445 444 krb5_error_code KRB5_LIB_FUNCTION 446 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 445 447 krb5_vlog(krb5_context context, 446 448 krb5_log_facility *fac, … … 453 455 } 454 456 455 krb5_error_code KRB5_LIB_FUNCTION 457 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 456 458 krb5_log_msg(krb5_context context, 457 459 krb5_log_facility *fac, … … 472 474 473 475 474 krb5_error_code KRB5_LIB_FUNCTION 476 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 475 477 krb5_log(krb5_context context, 476 478 krb5_log_facility *fac, … … 489 491 } 490 492 493 void KRB5_LIB_FUNCTION 494 _krb5_debug(krb5_context context, 495 int level, 496 const char *fmt, 497 ...) 498 __attribute__((format (printf, 3, 4))) 499 { 500 va_list ap; 501 502 if (context == NULL || context->debug_dest == NULL) 503 return; 504 505 va_start(ap, fmt); 506 krb5_vlog(context, context->debug_dest, level, fmt, ap); 507 va_end(ap); 508 } 509 510 krb5_boolean KRB5_LIB_FUNCTION 511 _krb5_have_debug(krb5_context context, int level) 512 { 513 if (context == NULL || context->debug_dest == NULL) 514 return 0 ; 515 return 1; 516 } -
trunk/server/source4/heimdal/lib/krb5/mcache.c
r414 r745 3 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 4 * All rights reserved. 5 * 6 * Portions Copyright (c) 2009 Apple Inc. All rights reserved. 5 7 * 6 8 * Redistribution and use in source and binary forms, with or without … … 45 47 struct krb5_mcache *next; 46 48 time_t mtime; 49 krb5_deltat kdc_offset; 47 50 } krb5_mcache; 48 51 … … 54 57 #define MISDEAD(X) ((X)->dead) 55 58 56 static const char* 59 static const char* KRB5_CALLCONV 57 60 mcc_get_name(krb5_context context, 58 61 krb5_ccache id) … … 61 64 } 62 65 63 static krb5_mcache * 66 static krb5_mcache * KRB5_CALLCONV 64 67 mcc_alloc(const char *name) 65 68 { 66 69 krb5_mcache *m, *m_c; 70 int ret = 0; 67 71 68 72 ALLOC(m, 1); … … 70 74 return NULL; 71 75 if(name == NULL) 72 asprintf(&m->name, "%p", m);76 ret = asprintf(&m->name, "%p", m); 73 77 else 74 78 m->name = strdup(name); 75 if( m->name == NULL) {79 if(ret < 0 || m->name == NULL) { 76 80 free(m); 77 81 return NULL; … … 94 98 m->creds = NULL; 95 99 m->mtime = time(NULL); 100 m->kdc_offset = 0; 96 101 m->next = mcc_head; 97 102 mcc_head = m; … … 100 105 } 101 106 102 static krb5_error_code 107 static krb5_error_code KRB5_CALLCONV 103 108 mcc_resolve(krb5_context context, krb5_ccache *id, const char *res) 104 109 { … … 132 137 133 138 134 static krb5_error_code 139 static krb5_error_code KRB5_CALLCONV 135 140 mcc_gen_new(krb5_context context, krb5_ccache *id) 136 141 { … … 151 156 } 152 157 153 static krb5_error_code 158 static krb5_error_code KRB5_CALLCONV 154 159 mcc_initialize(krb5_context context, 155 160 krb5_ccache id, … … 177 182 } 178 183 179 static krb5_error_code 184 static krb5_error_code KRB5_CALLCONV 180 185 mcc_close(krb5_context context, 181 186 krb5_ccache id) … … 186 191 } 187 192 188 static krb5_error_code 193 static krb5_error_code KRB5_CALLCONV 189 194 mcc_destroy(krb5_context context, 190 195 krb5_ccache id) … … 227 232 } 228 233 229 static krb5_error_code 234 static krb5_error_code KRB5_CALLCONV 230 235 mcc_store_cred(krb5_context context, 231 236 krb5_ccache id, … … 258 263 } 259 264 260 static krb5_error_code 265 static krb5_error_code KRB5_CALLCONV 261 266 mcc_get_principal(krb5_context context, 262 267 krb5_ccache id, … … 272 277 } 273 278 274 static krb5_error_code 279 static krb5_error_code KRB5_CALLCONV 275 280 mcc_get_first (krb5_context context, 276 281 krb5_ccache id, … … 286 291 } 287 292 288 static krb5_error_code 293 static krb5_error_code KRB5_CALLCONV 289 294 mcc_get_next (krb5_context context, 290 295 krb5_ccache id, … … 308 313 } 309 314 310 static krb5_error_code 315 static krb5_error_code KRB5_CALLCONV 311 316 mcc_end_get (krb5_context context, 312 317 krb5_ccache id, … … 316 321 } 317 322 318 static krb5_error_code 323 static krb5_error_code KRB5_CALLCONV 319 324 mcc_remove_cred(krb5_context context, 320 325 krb5_ccache id, … … 336 341 } 337 342 338 static krb5_error_code 343 static krb5_error_code KRB5_CALLCONV 339 344 mcc_set_flags(krb5_context context, 340 345 krb5_ccache id, … … 348 353 }; 349 354 350 static krb5_error_code 355 static krb5_error_code KRB5_CALLCONV 351 356 mcc_get_cache_first(krb5_context context, krb5_cc_cursor *cursor) 352 357 { … … 370 375 } 371 376 372 static krb5_error_code 377 static krb5_error_code KRB5_CALLCONV 373 378 mcc_get_cache_next(krb5_context context, krb5_cc_cursor cursor, krb5_ccache *id) 374 379 { … … 397 402 } 398 403 399 static krb5_error_code 404 static krb5_error_code KRB5_CALLCONV 400 405 mcc_end_cache_get(krb5_context context, krb5_cc_cursor cursor) 401 406 { … … 409 414 } 410 415 411 static krb5_error_code 416 static krb5_error_code KRB5_CALLCONV 412 417 mcc_move(krb5_context context, krb5_ccache from, krb5_ccache to) 413 418 { … … 444 449 } 445 450 446 static krb5_error_code 451 static krb5_error_code KRB5_CALLCONV 447 452 mcc_default_name(krb5_context context, char **str) 448 453 { … … 456 461 } 457 462 458 static krb5_error_code 463 static krb5_error_code KRB5_CALLCONV 459 464 mcc_lastchange(krb5_context context, krb5_ccache id, krb5_timestamp *mtime) 460 465 { 461 466 *mtime = MCACHE(id)->mtime; 467 return 0; 468 } 469 470 static krb5_error_code KRB5_CALLCONV 471 mcc_set_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat kdc_offset) 472 { 473 krb5_mcache *m = MCACHE(id); 474 m->kdc_offset = kdc_offset; 475 return 0; 476 } 477 478 static krb5_error_code KRB5_CALLCONV 479 mcc_get_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat *kdc_offset) 480 { 481 krb5_mcache *m = MCACHE(id); 482 *kdc_offset = m->kdc_offset; 462 483 return 0; 463 484 } … … 494 515 mcc_default_name, 495 516 NULL, 496 mcc_lastchange 517 mcc_lastchange, 518 mcc_set_kdc_offset, 519 mcc_get_kdc_offset 497 520 }; -
trunk/server/source4/heimdal/lib/krb5/misc.c
r414 r745 34 34 #include "krb5_locl.h" 35 35 36 krb5_error_code KRB5_LIB_FUNCTION 36 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 37 37 _krb5_s4u2self_to_checksumdata(krb5_context context, 38 38 const PA_S4U2Self *self, … … 83 83 return ret; 84 84 } 85 86 krb5_error_code 87 krb5_enomem(krb5_context context) 88 { 89 krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); 90 return ENOMEM; 91 } -
trunk/server/source4/heimdal/lib/krb5/mit_glue.c
r414 r745 42 42 */ 43 43 44 krb5_error_code KRB5_LIB_FUNCTION 44 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 45 45 krb5_c_make_checksum(krb5_context context, 46 46 krb5_cksumtype cksumtype, … … 64 64 } 65 65 66 krb5_error_code KRB5_LIB_FUNCTION 66 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 67 67 krb5_c_verify_checksum(krb5_context context, const krb5_keyblock *key, 68 68 krb5_keyusage usage, const krb5_data *data, … … 80 80 81 81 if (data_cksum.cksumtype == cksum->cksumtype 82 && data_cksum.checksum.length == cksum->checksum.length 83 && memcmp(data_cksum.checksum.data, cksum->checksum.data, cksum->checksum.length) == 0) 82 && krb5_data_ct_cmp(&data_cksum.checksum, &cksum->checksum) == 0) 84 83 *valid = 1; 85 84 … … 89 88 } 90 89 91 krb5_error_code KRB5_LIB_FUNCTION 90 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 92 91 krb5_c_get_checksum(krb5_context context, const krb5_checksum *cksum, 93 92 krb5_cksumtype *type, krb5_data **data) … … 112 111 } 113 112 114 krb5_error_code KRB5_LIB_FUNCTION 113 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 115 114 krb5_c_set_checksum(krb5_context context, krb5_checksum *cksum, 116 115 krb5_cksumtype type, const krb5_data *data) … … 120 119 } 121 120 122 void KRB5_LIB_FUNCTION 121 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 123 122 krb5_free_checksum (krb5_context context, krb5_checksum *cksum) 124 123 { … … 127 126 } 128 127 129 void KRB5_LIB_FUNCTION 128 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 130 129 krb5_free_checksum_contents(krb5_context context, krb5_checksum *cksum) 131 130 { … … 134 133 } 135 134 136 void KRB5_LIB_FUNCTION 135 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 137 136 krb5_checksum_free(krb5_context context, krb5_checksum *cksum) 138 137 { … … 140 139 } 141 140 142 krb5_boolean KRB5_LIB_FUNCTION 141 KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL 143 142 krb5_c_valid_enctype (krb5_enctype etype) 144 143 { … … 146 145 } 147 146 148 krb5_boolean KRB5_LIB_FUNCTION 147 KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL 149 148 krb5_c_valid_cksumtype(krb5_cksumtype ctype) 150 149 { … … 152 151 } 153 152 154 krb5_boolean KRB5_LIB_FUNCTION 153 KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL 155 154 krb5_c_is_coll_proof_cksum(krb5_cksumtype ctype) 156 155 { … … 158 157 } 159 158 160 krb5_boolean KRB5_LIB_FUNCTION 159 KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL 161 160 krb5_c_is_keyed_cksum(krb5_cksumtype ctype) 162 161 { … … 164 163 } 165 164 166 krb5_error_code KRB5_LIB_FUNCTION 165 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 167 166 krb5_copy_checksum (krb5_context context, 168 167 const krb5_checksum *old, … … 175 174 } 176 175 177 krb5_error_code KRB5_LIB_FUNCTION 176 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 178 177 krb5_c_checksum_length (krb5_context context, krb5_cksumtype cksumtype, 179 178 size_t *length) … … 182 181 } 183 182 184 krb5_error_code KRB5_LIB_FUNCTION 183 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 185 184 krb5_c_block_size(krb5_context context, 186 185 krb5_enctype enctype, … … 205 204 } 206 205 207 krb5_error_code KRB5_LIB_FUNCTION 206 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 208 207 krb5_c_decrypt(krb5_context context, 209 208 const krb5_keyblock key, … … 245 244 } 246 245 247 krb5_error_code KRB5_LIB_FUNCTION 246 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 248 247 krb5_c_encrypt(krb5_context context, 249 248 const krb5_keyblock *key, … … 287 286 } 288 287 289 krb5_error_code KRB5_LIB_FUNCTION 288 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 290 289 krb5_c_encrypt_length(krb5_context context, 291 290 krb5_enctype enctype, … … 312 311 } 313 312 314 krb5_error_code KRB5_LIB_FUNCTION 313 /** 314 * Deprecated: keytypes doesn't exists, they are really enctypes. 315 * 316 * @ingroup krb5_deprecated 317 */ 318 319 KRB5_DEPRECATED 320 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 315 321 krb5_c_enctype_compare(krb5_context context, 316 322 krb5_enctype e1, 317 323 krb5_enctype e2, 318 324 krb5_boolean *similar) 319 KRB5_DEPRECATED320 325 { 321 326 *similar = (e1 == e2); … … 323 328 } 324 329 325 krb5_error_code KRB5_LIB_FUNCTION 330 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 326 331 krb5_c_make_random_key(krb5_context context, 327 332 krb5_enctype enctype, … … 331 336 } 332 337 333 krb5_error_code KRB5_LIB_FUNCTION 338 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 334 339 krb5_c_keylengths(krb5_context context, 335 340 krb5_enctype enctype, … … 346 351 } 347 352 348 krb5_error_code KRB5_LIB_FUNCTION 353 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 349 354 krb5_c_prf_length(krb5_context context, 350 355 krb5_enctype type, … … 354 359 } 355 360 356 krb5_error_code KRB5_LIB_FUNCTION 361 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 357 362 krb5_c_prf(krb5_context context, 358 363 const krb5_keyblock *key, … … 373 378 } 374 379 380 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 381 krb5_c_random_make_octets(krb5_context context, krb5_data * data) 382 { 383 return krb5_generate_random_keyblock(context, data->length, data->data); 384 } 385 375 386 /** 376 387 * MIT compat glue … … 379 390 */ 380 391 381 krb5_error_code KRB5_LIB_FUNCTION 392 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 382 393 krb5_cc_copy_creds(krb5_context context, 383 394 const krb5_ccache from, … … 387 398 } 388 399 400 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 401 krb5_auth_con_getsendsubkey(krb5_context context, krb5_auth_context auth_context, 402 krb5_keyblock **keyblock) 403 { 404 return krb5_auth_con_getlocalsubkey(context, auth_context, keyblock); 405 } 406 407 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 408 krb5_auth_con_getrecvsubkey(krb5_context context, krb5_auth_context auth_context, 409 krb5_keyblock **keyblock) 410 { 411 return krb5_auth_con_getremotesubkey(context, auth_context, keyblock); 412 } 413 414 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 415 krb5_auth_con_setsendsubkey(krb5_context context, krb5_auth_context auth_context, 416 krb5_keyblock *keyblock) 417 { 418 return krb5_auth_con_setlocalsubkey(context, auth_context, keyblock); 419 } 420 421 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 422 krb5_auth_con_setrecvsubkey(krb5_context context, krb5_auth_context auth_context, 423 krb5_keyblock *keyblock) 424 { 425 return krb5_auth_con_setremotesubkey(context, auth_context, keyblock); 426 } 427 428 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 429 krb5_free_default_realm(krb5_context context, krb5_realm realm) 430 { 431 return krb5_xfree(realm); 432 } 433 389 434 #endif /* HEIMDAL_SMALLER */ -
trunk/server/source4/heimdal/lib/krb5/mk_error.c
r414 r745 34 34 #include "krb5_locl.h" 35 35 36 krb5_error_code KRB5_LIB_FUNCTION 36 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 37 37 krb5_mk_error(krb5_context context, 38 38 krb5_error_code error_code, … … 45 45 krb5_data *reply) 46 46 { 47 const char *e_text2 = NULL; 47 48 KRB_ERROR msg; 48 49 krb5_timestamp sec; … … 63 64 if(error_code < KRB5KDC_ERR_NONE || error_code >= KRB5_ERR_RCSID) { 64 65 if(e_text == NULL) 65 e_text = krb5_get_err_text(context, error_code);66 e_text = e_text2 = krb5_get_error_message(context, error_code); 66 67 error_code = KRB5KRB_ERR_GENERIC; 67 68 } … … 83 84 84 85 ASN1_MALLOC_ENCODE(KRB_ERROR, reply->data, reply->length, &msg, &len, ret); 86 if (e_text2) 87 krb5_free_error_message(context, e_text2); 85 88 if (ret) 86 89 return ret; -
trunk/server/source4/heimdal/lib/krb5/mk_priv.c
r414 r745 32 32 */ 33 33 34 #include <krb5_locl.h>34 #include "krb5_locl.h" 35 35 36 krb5_error_code KRB5_LIB_FUNCTION 36 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 37 37 krb5_mk_priv(krb5_context context, 38 38 krb5_auth_context auth_context, -
trunk/server/source4/heimdal/lib/krb5/mk_rep.c
r414 r745 32 32 */ 33 33 34 #include <krb5_locl.h>34 #include "krb5_locl.h" 35 35 36 krb5_error_code KRB5_LIB_FUNCTION 36 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 37 37 krb5_mk_rep(krb5_context context, 38 38 krb5_auth_context auth_context, -
trunk/server/source4/heimdal/lib/krb5/mk_req.c
r414 r745 32 32 */ 33 33 34 #include <krb5_locl.h>34 #include "krb5_locl.h" 35 35 36 krb5_error_code KRB5_LIB_FUNCTION 36 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 37 37 krb5_mk_req_exact(krb5_context context, 38 38 krb5_auth_context *auth_context, … … 78 78 } 79 79 80 krb5_error_code KRB5_LIB_FUNCTION 80 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 81 81 krb5_mk_req(krb5_context context, 82 82 krb5_auth_context *auth_context, -
trunk/server/source4/heimdal/lib/krb5/mk_req_ext.c
r414 r745 32 32 */ 33 33 34 #include <krb5_locl.h>34 #include "krb5_locl.h" 35 35 36 36 krb5_error_code … … 124 124 goto out; 125 125 126 ret = krb5_build_authenticator(context,126 ret = _krb5_build_authenticator(context, 127 127 ac, 128 128 ac->keyblock->keytype, 129 129 in_creds, 130 130 c_opt, 131 NULL,132 131 &authenticator, 133 132 encrypt_usage); … … 145 144 } 146 145 147 krb5_error_code KRB5_LIB_FUNCTION 146 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 148 147 krb5_mk_req_extended(krb5_context context, 149 148 krb5_auth_context *auth_context, -
trunk/server/source4/heimdal/lib/krb5/n-fold.c
r414 r745 97 97 } 98 98 99 krb5_error_code KRB5_LIB_FUNCTION 99 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 100 100 _krb5_n_fold(const void *str, size_t len, void *key, size_t size) 101 101 { -
trunk/server/source4/heimdal/lib/krb5/pac.c
r414 r745 77 77 78 78 /* 79 * 79 * HMAC-MD5 checksum over any key (needed for the PAC routines) 80 80 */ 81 81 82 krb5_error_code 82 static krb5_error_code 83 HMAC_MD5_any_checksum(krb5_context context, 84 const krb5_keyblock *key, 85 const void *data, 86 size_t len, 87 unsigned usage, 88 Checksum *result) 89 { 90 struct _krb5_key_data local_key; 91 krb5_error_code ret; 92 93 memset(&local_key, 0, sizeof(local_key)); 94 95 ret = krb5_copy_keyblock(context, key, &local_key.key); 96 if (ret) 97 return ret; 98 99 ret = krb5_data_alloc (&result->checksum, 16); 100 if (ret) { 101 krb5_free_keyblock(context, local_key.key); 102 return ret; 103 } 104 105 result->cksumtype = CKSUMTYPE_HMAC_MD5; 106 ret = _krb5_HMAC_MD5_checksum(context, &local_key, data, len, usage, result); 107 if (ret) 108 krb5_data_free(&result->checksum); 109 110 krb5_free_keyblock(context, local_key.key); 111 return ret; 112 } 113 114 115 /* 116 * 117 */ 118 119 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 83 120 krb5_pac_parse(krb5_context context, const void *ptr, size_t len, 84 121 krb5_pac *pac) … … 91 128 p = calloc(1, sizeof(*p)); 92 129 if (p == NULL) { 93 ret = ENOMEM; 94 krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); 130 ret = krb5_enomem(context); 95 131 goto out; 96 132 } … … 98 134 sp = krb5_storage_from_readonly_mem(ptr, len); 99 135 if (sp == NULL) { 100 ret = ENOMEM; 101 krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); 136 ret = krb5_enomem(context); 102 137 goto out; 103 138 } … … 122 157 sizeof(*p->pac) + (sizeof(p->pac->buffers[0]) * (tmp - 1))); 123 158 if (p->pac == NULL) { 124 ret = ENOMEM; 125 krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); 159 ret = krb5_enomem(context); 126 160 goto out; 127 161 } … … 225 259 } 226 260 227 krb5_error_code 261 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 228 262 krb5_pac_init(krb5_context context, krb5_pac *pac) 229 263 { … … 233 267 p = calloc(1, sizeof(*p)); 234 268 if (p == NULL) { 235 krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); 236 return ENOMEM; 269 return krb5_enomem(context); 237 270 } 238 271 … … 240 273 if (p->pac == NULL) { 241 274 free(p); 242 krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); 243 return ENOMEM; 275 return krb5_enomem(context); 244 276 } 245 277 … … 248 280 free (p->pac); 249 281 free(p); 250 krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); 251 return ret; 252 } 253 282 return krb5_enomem(context); 283 } 254 284 255 285 *pac = p; … … 257 287 } 258 288 259 krb5_error_code 289 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 260 290 krb5_pac_add_buffer(krb5_context context, krb5_pac p, 261 291 uint32_t type, const krb5_data *data) … … 270 300 ptr = realloc(p->pac, 271 301 sizeof(*p->pac) + (sizeof(p->pac->buffers[0]) * len)); 272 if (ptr == NULL) { 273 krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); 274 return ENOMEM; 275 } 302 if (ptr == NULL) 303 return krb5_enomem(context); 304 276 305 p->pac = ptr; 277 306 … … 339 368 */ 340 369 341 krb5_error_code 370 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 342 371 krb5_pac_get_buffer(krb5_context context, krb5_pac p, 343 372 uint32_t type, krb5_data *data) … … 369 398 */ 370 399 371 krb5_error_code 400 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 372 401 krb5_pac_get_types(krb5_context context, 373 402 krb5_pac p, … … 380 409 if (*types == NULL) { 381 410 *len = 0; 382 krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); 383 return ENOMEM; 411 return krb5_enomem(context); 384 412 } 385 413 for (i = 0; i < p->pac->numbuffers; i++) … … 394 422 */ 395 423 396 void 424 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 397 425 krb5_pac_free(krb5_context context, krb5_pac pac) 398 426 { … … 413 441 const krb5_keyblock *key) 414 442 { 415 krb5_crypto crypto = NULL;416 443 krb5_storage *sp = NULL; 417 444 uint32_t type; … … 423 450 sp = krb5_storage_from_mem((char *)data->data + sig->offset_lo, 424 451 sig->buffersize); 425 if (sp == NULL) { 426 krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); 427 return ENOMEM; 428 } 452 if (sp == NULL) 453 return krb5_enomem(context); 454 429 455 krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE); 430 456 … … 435 461 cksum.checksum.data = malloc(cksum.checksum.length); 436 462 if (cksum.checksum.data == NULL) { 437 ret = ENOMEM; 438 krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); 463 ret = krb5_enomem(context); 439 464 goto out; 440 465 } … … 453 478 } 454 479 455 ret = krb5_crypto_init(context, key, 0, &crypto); 456 if (ret) 457 goto out; 458 459 ret = krb5_verify_checksum(context, crypto, KRB5_KU_OTHER_CKSUM, 460 ptr, len, &cksum); 480 /* If the checksum is HMAC-MD5, the checksum type is not tied to 481 * the key type, instead the HMAC-MD5 checksum is applied blindly 482 * on whatever key is used for this connection, avoiding issues 483 * with unkeyed checksums on des-cbc-md5 and des-cbc-crc. See 484 * http://comments.gmane.org/gmane.comp.encryption.kerberos.devel/8743 485 * for the same issue in MIT, and 486 * http://blogs.msdn.com/b/openspecification/archive/2010/01/01/verifying-the-server-signature-in-kerberos-privilege-account-certificate.aspx 487 * for Microsoft's explaination */ 488 489 if (cksum.cksumtype == CKSUMTYPE_HMAC_MD5) { 490 Checksum local_checksum; 491 492 memset(&local_checksum, 0, sizeof(local_checksum)); 493 494 ret = HMAC_MD5_any_checksum(context, key, ptr, len, 495 KRB5_KU_OTHER_CKSUM, &local_checksum); 496 497 if (ret != 0 || krb5_data_ct_cmp(&local_checksum.checksum, &cksum.checksum) != 0) { 498 ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; 499 krb5_set_error_message(context, ret, 500 N_("PAC integrity check failed for " 501 "hmac-md5 checksum", "")); 502 } 503 krb5_data_free(&local_checksum.checksum); 504 505 } else { 506 krb5_crypto crypto = NULL; 507 508 ret = krb5_crypto_init(context, key, 0, &crypto); 509 if (ret) 510 goto out; 511 512 ret = krb5_verify_checksum(context, crypto, KRB5_KU_OTHER_CKSUM, 513 ptr, len, &cksum); 514 krb5_crypto_destroy(context, crypto); 515 } 461 516 free(cksum.checksum.data); 462 krb5_crypto_destroy(context, crypto);463 517 krb5_storage_free(sp); 464 518 … … 470 524 if (sp) 471 525 krb5_storage_free(sp); 472 if (crypto)473 krb5_crypto_destroy(context, crypto);474 526 return ret; 475 527 } … … 478 530 create_checksum(krb5_context context, 479 531 const krb5_keyblock *key, 532 uint32_t cksumtype, 480 533 void *data, size_t datalen, 481 534 void *sig, size_t siglen) … … 485 538 Checksum cksum; 486 539 487 ret = krb5_crypto_init(context, key, 0, &crypto); 488 if (ret) 489 return ret; 490 491 ret = krb5_create_checksum(context, crypto, KRB5_KU_OTHER_CKSUM, 0, 492 data, datalen, &cksum); 493 krb5_crypto_destroy(context, crypto); 494 if (ret) 495 return ret; 496 540 /* If the checksum is HMAC-MD5, the checksum type is not tied to 541 * the key type, instead the HMAC-MD5 checksum is applied blindly 542 * on whatever key is used for this connection, avoiding issues 543 * with unkeyed checksums on des-cbc-md5 and des-cbc-crc. See 544 * http://comments.gmane.org/gmane.comp.encryption.kerberos.devel/8743 545 * for the same issue in MIT, and 546 * http://blogs.msdn.com/b/openspecification/archive/2010/01/01/verifying-the-server-signature-in-kerberos-privilege-account-certificate.aspx 547 * for Microsoft's explaination */ 548 549 if (cksumtype == CKSUMTYPE_HMAC_MD5) { 550 ret = HMAC_MD5_any_checksum(context, key, data, datalen, 551 KRB5_KU_OTHER_CKSUM, &cksum); 552 } else { 553 ret = krb5_crypto_init(context, key, 0, &crypto); 554 if (ret) 555 return ret; 556 557 ret = krb5_create_checksum(context, crypto, KRB5_KU_OTHER_CKSUM, 0, 558 data, datalen, &cksum); 559 krb5_crypto_destroy(context, crypto); 560 if (ret) 561 return ret; 562 } 497 563 if (cksum.checksum.length != siglen) { 498 564 krb5_set_error_message(context, EINVAL, "pac checksum wrong length"); … … 538 604 sp = krb5_storage_from_readonly_mem((const char *)data->data + logon_name->offset_lo, 539 605 logon_name->buffersize); 540 if (sp == NULL) { 541 krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); 542 return ENOMEM; 543 } 606 if (sp == NULL) 607 return krb5_enomem(context); 544 608 545 609 krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE); … … 568 632 if (s == NULL) { 569 633 krb5_storage_free(sp); 570 krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); 571 return ENOMEM; 634 return krb5_enomem(context); 572 635 } 573 636 ret = krb5_storage_read(sp, s, len); … … 585 648 586 649 ucs2 = malloc(sizeof(ucs2[0]) * ucs2len); 587 if (ucs2 == NULL) { 588 krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); 589 return ENOMEM; 590 } 650 if (ucs2 == NULL) 651 return krb5_enomem(context); 652 591 653 ret = wind_ucs2read(s, len, &flags, ucs2, &ucs2len); 592 654 free(s); … … 606 668 if (s == NULL) { 607 669 free(ucs2); 608 krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); 609 return ENOMEM; 670 return krb5_enomem(context); 610 671 } 611 672 ret = wind_ucs2utf8(ucs2, ucs2len, s, &u8len); … … 653 714 654 715 sp = krb5_storage_emem(); 655 if (sp == NULL) { 656 krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); 657 return ENOMEM; 658 } 716 if (sp == NULL) 717 return krb5_enomem(context); 718 659 719 krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE); 660 720 … … 674 734 s2 = malloc(len * 2); 675 735 if (s2 == NULL) { 676 ret = ENOMEM;736 ret = krb5_enomem(context); 677 737 free(s); 678 738 goto out; … … 690 750 free(s2); 691 751 if (ret != len * 2) { 692 ret = ENOMEM;752 ret = krb5_enomem(context); 693 753 goto out; 694 754 } … … 721 781 */ 722 782 723 krb5_error_code 783 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 724 784 krb5_pac_verify(krb5_context context, 725 785 const krb5_pac pac, … … 817 877 l = sizeof(zeros); 818 878 sret = krb5_storage_write(sp, zeros, l); 819 if (sret <= 0) { 820 krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); 821 return ENOMEM; 822 } 879 if (sret <= 0) 880 return krb5_enomem(context); 881 823 882 len -= sret; 824 883 } … … 846 905 847 906 if (krb5_checksum_is_keyed(context, cktype) == FALSE) { 848 krb5_set_error_message(context, EINVAL, "PAC checksum type is not keyed");849 return EINVAL;907 *cksumtype = CKSUMTYPE_HMAC_MD5; 908 *cksumsize = 16; 850 909 } 851 910 … … 890 949 891 950 ptr = realloc(p->pac, sizeof(*p->pac) + (sizeof(p->pac->buffers[0]) * (p->pac->numbuffers + num - 1))); 892 if (ptr == NULL) { 893 krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); 894 return ENOMEM; 895 } 951 if (ptr == NULL) 952 return krb5_enomem(context); 953 896 954 p->pac = ptr; 897 955 … … 928 986 /* Encode PAC */ 929 987 sp = krb5_storage_emem(); 930 if (sp == NULL) { 931 krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); 932 return ENOMEM; 933 } 988 if (sp == NULL) 989 return krb5_enomem(context); 990 934 991 krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE); 935 992 … … 937 994 if (spdata == NULL) { 938 995 krb5_storage_free(sp); 939 krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); 940 return ENOMEM; 996 return krb5_enomem(context); 941 997 } 942 998 krb5_storage_set_flags(spdata, KRB5_STORAGE_BYTEORDER_LE); … … 976 1032 sret = krb5_storage_write(spdata, ptr, len); 977 1033 if (sret != len) { 978 ret = ENOMEM; 979 krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); 1034 ret = krb5_enomem(context); 980 1035 goto out; 981 1036 } … … 1014 1069 if (ret != d.length) { 1015 1070 krb5_data_free(&d); 1016 ret = ENOMEM; 1017 krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); 1071 ret = krb5_enomem(context); 1018 1072 goto out; 1019 1073 } … … 1022 1076 ret = krb5_storage_to_data(sp, &d); 1023 1077 if (ret) { 1024 krb5_set_error_message(context, ret, N_("malloc: out of memory", ""));1078 ret = krb5_enomem(context); 1025 1079 goto out; 1026 1080 } 1027 1081 1028 1082 /* sign */ 1029 1030 ret = create_checksum(context, server_key, 1083 ret = create_checksum(context, server_key, server_cksumtype, 1031 1084 d.data, d.length, 1032 1085 (char *)d.data + server_offset, server_size); … … 1035 1088 goto out; 1036 1089 } 1037 1038 ret = create_checksum(context, priv_key, 1090 ret = create_checksum(context, priv_key, priv_cksumtype, 1039 1091 (char *)d.data + server_offset, server_size, 1040 1092 (char *)d.data + priv_offset, priv_size); -
trunk/server/source4/heimdal/lib/krb5/padata.c
r414 r745 34 34 #include "krb5_locl.h" 35 35 36 PA_DATA * 36 KRB5_LIB_FUNCTION PA_DATA * KRB5_LIB_CALL 37 37 krb5_find_padata(PA_DATA *val, unsigned len, int type, int *idx) 38 38 { … … 43 43 } 44 44 45 int KRB5_LIB_FUNCTION 45 KRB5_LIB_FUNCTION int KRB5_LIB_CALL 46 46 krb5_padata_add(krb5_context context, METHOD_DATA *md, 47 47 int type, void *buf, size_t len) -
trunk/server/source4/heimdal/lib/krb5/pkinit.c
r414 r745 3 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 4 * All rights reserved. 5 * 6 * Portions Copyright (c) 2009 Apple Inc. All rights reserved. 5 7 * 6 8 * Redistribution and use in source and binary forms, with or without … … 75 77 unsigned int require_hostname_match:1; 76 78 unsigned int trustedCertifiers:1; 79 unsigned int anonymous:1; 77 80 }; 78 81 … … 89 92 */ 90 93 91 void KRB5_LIB_FUNCTION 94 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 92 95 _krb5_pk_cert_free(struct krb5_pk_cert *cert) 93 96 { … … 180 183 hx509_query *q, hx509_cert *cert) 181 184 { 182 struct certfind cf[3] = { 185 struct certfind cf[4] = { 186 { "MobileMe EKU" }, 183 187 { "PKINIT EKU" }, 184 188 { "MS EKU" }, 185 189 { "any (or no)" } 186 190 }; 187 int i, ret; 188 189 cf[0].oid = &asn1_oid_id_pkekuoid; 190 cf[1].oid = &asn1_oid_id_pkinit_ms_eku; 191 cf[2].oid = NULL; 192 193 for (i = 0; i < sizeof(cf)/sizeof(cf[0]); i++) { 191 int i, ret, start = 1; 192 unsigned oids[] = { 1, 2, 840, 113635, 100, 3, 2, 1 }; 193 const heim_oid mobileMe = { sizeof(oids)/sizeof(oids[0]), oids }; 194 195 196 if (id->flags & PKINIT_BTMM) 197 start = 0; 198 199 cf[0].oid = &mobileMe; 200 cf[1].oid = &asn1_oid_id_pkekuoid; 201 cf[2].oid = &asn1_oid_id_pkinit_ms_eku; 202 cf[3].oid = NULL; 203 204 for (i = start; i < sizeof(cf)/sizeof(cf[0]); i++) { 194 205 ret = hx509_query_match_eku(q, cf[i].oid); 195 206 if (ret) { 196 pk_copy_error(context, id->hx509ctx, ret,207 pk_copy_error(context, context->hx509ctx, ret, 197 208 "Failed setting %s OID", cf[i].type); 198 209 return ret; 199 210 } 200 211 201 ret = hx509_certs_find( id->hx509ctx, id->certs, q, cert);212 ret = hx509_certs_find(context->hx509ctx, id->certs, q, cert); 202 213 if (ret == 0) 203 214 break; 204 pk_copy_error(context, id->hx509ctx, ret,215 pk_copy_error(context, context->hx509ctx, ret, 205 216 "Failed finding certificate with %s OID", cf[i].type); 206 217 } … … 222 233 flags |= HX509_CMS_SIGNATURE_NO_SIGNER; 223 234 224 ret = hx509_cms_create_signed_1( id->hx509ctx,235 ret = hx509_cms_create_signed_1(context->hx509ctx, 225 236 flags, 226 237 eContentType, … … 234 245 sd_data); 235 246 if (ret) { 236 pk_copy_error(context, id->hx509ctx, ret,247 pk_copy_error(context, context->hx509ctx, ret, 237 248 "Create CMS signedData"); 238 249 return ret; … … 344 355 ExternalPrincipalIdentifiers *ids) 345 356 { 346 return hx509_certs_iter (hx509ctx, certs, cert2epi, ids);357 return hx509_certs_iter_f(hx509ctx, certs, cert2epi, ids); 347 358 } 348 359 … … 597 608 return ENOMEM; 598 609 599 ret = hx509_crypto_available(c tx->id->hx509ctx, HX509_SELECT_ALL, NULL,610 ret = hx509_crypto_available(context->hx509ctx, HX509_SELECT_ALL, NULL, 600 611 &a->supportedCMSTypes->val, 601 612 &a->supportedCMSTypes->len); … … 607 618 } 608 619 609 krb5_error_code KRB5_LIB_FUNCTION 620 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 610 621 _krb5_pk_mk_ContentInfo(krb5_context context, 611 622 const krb5_data *buf, … … 757 768 goto out; 758 769 } 759 ret = build_edi(context, c tx->id->hx509ctx,770 ret = build_edi(context, context->hx509ctx, 760 771 ctx->id->anchors, req.trustedCertifiers); 761 772 if (ret) { … … 797 808 798 809 799 krb5_error_code KRB5_LIB_FUNCTION 810 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 800 811 _krb5_pk_mk_padata(krb5_context context, 801 812 void *c, 813 int ic_flags, 814 int win2k, 802 815 const KDC_REQ_BODY *req_body, 803 816 unsigned nonce, … … 807 820 int win2k_compat; 808 821 822 if (ctx->id->certs == NULL && ctx->anonymous == 0) { 823 krb5_set_error_message(context, HEIM_PKINIT_NO_PRIVATE_KEY, 824 N_("PKINIT: No user certificate given", "")); 825 return HEIM_PKINIT_NO_PRIVATE_KEY; 826 } 827 809 828 win2k_compat = krb5_config_get_bool_default(context, NULL, 810 FALSE,829 win2k, 811 830 "realms", 812 831 req_body->realm, … … 817 836 ctx->require_binding = 818 837 krb5_config_get_bool_default(context, NULL, 819 FALSE,838 TRUE, 820 839 "realms", 821 840 req_body->realm, … … 833 852 "pkinit_require_eku", 834 853 NULL); 854 if (ic_flags & KRB5_INIT_CREDS_NO_C_NO_EKU_CHECK) 855 ctx->require_eku = 0; 856 if (ctx->id->flags & PKINIT_BTMM) 857 ctx->require_eku = 0; 858 835 859 ctx->require_krbtgt_otherName = 836 860 krb5_config_get_bool_default(context, NULL, … … 870 894 { 871 895 hx509_certs signer_certs; 872 int ret; 896 int ret, flags = 0; 897 898 /* BTMM is broken in Leo and SnowLeo */ 899 if (id->flags & PKINIT_BTMM) { 900 flags |= HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH; 901 flags |= HX509_CMS_VS_NO_KU_CHECK; 902 flags |= HX509_CMS_VS_NO_VALIDATE; 903 } 873 904 874 905 *signer = NULL; 875 906 876 ret = hx509_cms_verify_signed( id->hx509ctx,907 ret = hx509_cms_verify_signed(context->hx509ctx, 877 908 id->verify_ctx, 878 HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH|HX509_CMS_VS_NO_KU_CHECK,909 flags, 879 910 data, 880 911 length, … … 885 916 &signer_certs); 886 917 if (ret) { 887 pk_copy_error(context, id->hx509ctx, ret,918 pk_copy_error(context, context->hx509ctx, ret, 888 919 "CMS verify signed failed"); 889 920 return ret; … … 897 928 } 898 929 899 ret = hx509_get_one_cert( id->hx509ctx, signer_certs, &(*signer)->cert);900 if (ret) { 901 pk_copy_error(context, id->hx509ctx, ret,930 ret = hx509_get_one_cert(context->hx509ctx, signer_certs, &(*signer)->cert); 931 if (ret) { 932 pk_copy_error(context, context->hx509ctx, ret, 902 933 "Failed to get on of the signer certs"); 903 934 goto out; … … 1041 1072 1042 1073 if (ctx->require_eku) { 1043 ret = hx509_cert_check_eku(c tx->id->hx509ctx, host->cert,1074 ret = hx509_cert_check_eku(context->hx509ctx, host->cert, 1044 1075 &asn1_oid_id_pkkdcekuoid, 0); 1045 1076 if (ret) { … … 1053 1084 int i; 1054 1085 1055 ret = hx509_cert_find_subjectAltName_otherName(c tx->id->hx509ctx,1086 ret = hx509_cert_find_subjectAltName_otherName(context->hx509ctx, 1056 1087 host->cert, 1057 1088 &asn1_oid_id_pkinit_san, … … 1103 1134 1104 1135 if (hi) { 1105 ret = hx509_verify_hostname(c tx->id->hx509ctx, host->cert,1136 ret = hx509_verify_hostname(context->hx509ctx, host->cert, 1106 1137 ctx->require_hostname_match, 1107 1138 HX509_HN_HOSTNAME, … … 1146 1177 flags |= HX509_CMS_UE_ALLOW_WEAK; 1147 1178 1148 ret = hx509_cms_unenvelope(c tx->id->hx509ctx,1179 ret = hx509_cms_unenvelope(context->hx509ctx, 1149 1180 ctx->id->certs, 1150 1181 flags, … … 1156 1187 &content); 1157 1188 if (ret) { 1158 pk_copy_error(context, c tx->id->hx509ctx, ret,1189 pk_copy_error(context, context->hx509ctx, ret, 1159 1190 "Failed to unenvelope CMS data in PK-INIT reply"); 1160 1191 return ret; … … 1162 1193 der_free_oid(&contentType); 1163 1194 1164 #if 0 /* windows LH with interesting CMS packets, leaks memory */1165 {1166 size_t ph = 1 + der_length_len (length);1167 unsigned char *ptr = malloc(length + ph);1168 size_t l;1169 1170 memcpy(ptr + ph, p, length);1171 1172 ret = der_put_length_and_tag (ptr + ph - 1, ph, length,1173 ASN1_C_UNIV, CONS, UT_Sequence, &l);1174 if (ret)1175 return ret;1176 ptr += ph - l;1177 length += l;1178 p = ptr;1179 }1180 #endif1181 1182 1195 /* win2k uses ContentInfo */ 1183 1196 if (type == PKINIT_WIN2K) { 1184 heim_oid type ;1197 heim_oid type2; 1185 1198 heim_octet_string out; 1186 1199 1187 ret = hx509_cms_unwrap_ContentInfo(&content, &type, &out, NULL); 1188 if (ret) 1189 goto out; 1190 if (der_heim_oid_cmp(&type, &asn1_oid_id_pkcs7_signedData)) { 1200 ret = hx509_cms_unwrap_ContentInfo(&content, &type2, &out, NULL); 1201 if (ret) { 1202 /* windows LH with interesting CMS packets */ 1203 size_t ph = 1 + der_length_len(content.length); 1204 unsigned char *ptr = malloc(content.length + ph); 1205 size_t l; 1206 1207 memcpy(ptr + ph, content.data, content.length); 1208 1209 ret = der_put_length_and_tag (ptr + ph - 1, ph, content.length, 1210 ASN1_C_UNIV, CONS, UT_Sequence, &l); 1211 if (ret) 1212 return ret; 1213 free(content.data); 1214 content.data = ptr; 1215 content.length += ph; 1216 1217 ret = hx509_cms_unwrap_ContentInfo(&content, &type2, &out, NULL); 1218 if (ret) 1219 goto out; 1220 } 1221 if (der_heim_oid_cmp(&type2, &asn1_oid_id_pkcs7_signedData)) { 1191 1222 ret = EINVAL; /* XXX */ 1192 1223 krb5_set_error_message(context, ret, 1193 1224 N_("PKINIT: Invalid content type", "")); 1194 der_free_oid(&type );1225 der_free_oid(&type2); 1195 1226 der_free_octet_string(&out); 1196 1227 goto out; 1197 1228 } 1198 der_free_oid(&type );1229 der_free_oid(&type2); 1199 1230 krb5_data_free(&content); 1200 1231 ret = krb5_data_copy(&content, out.data, out.length); … … 1386 1417 1387 1418 1388 dh_gen_keylen = DH_size(ctx->u.dh); 1389 size = BN_num_bytes(ctx->u.dh->p); 1390 if (size < dh_gen_keylen) 1391 size = dh_gen_keylen; 1419 size = DH_size(ctx->u.dh); 1392 1420 1393 1421 dh_gen_key = malloc(size); … … 1397 1425 goto out; 1398 1426 } 1399 memset(dh_gen_key, 0, size - dh_gen_keylen);1400 1427 1401 dh_gen_keylen = DH_compute_key(dh_gen_key + (size - dh_gen_keylen), 1402 kdc_dh_pubkey, ctx->u.dh); 1428 dh_gen_keylen = DH_compute_key(dh_gen_key, kdc_dh_pubkey, ctx->u.dh); 1403 1429 if (dh_gen_keylen == -1) { 1404 1430 ret = KRB5KRB_ERR_GENERIC; … … 1408 1434 goto out; 1409 1435 } 1436 if (dh_gen_keylen < size) { 1437 size -= dh_gen_keylen; 1438 memmove(dh_gen_key + size, dh_gen_key, dh_gen_keylen); 1439 memset(dh_gen_key, 0, size); 1440 } 1441 1410 1442 } else { 1411 1443 #ifdef HAVE_OPENSSL … … 1504 1536 } 1505 1537 1506 krb5_error_code KRB5_LIB_FUNCTION 1538 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1507 1539 _krb5_pk_rd_pa_reply(krb5_context context, 1508 1540 const char *realm, … … 1543 1575 switch (rep.element) { 1544 1576 case choice_PA_PK_AS_REP_dhInfo: 1577 _krb5_debug(context, 5, "krb5_get_init_creds: using pkinit dh"); 1545 1578 os = rep.u.dhInfo.dhSignedData; 1546 1579 break; 1547 1580 case choice_PA_PK_AS_REP_encKeyPack: 1581 _krb5_debug(context, 5, "krb5_get_init_creds: using kinit enc reply key"); 1548 1582 os = rep.u.encKeyPack; 1549 1583 break; … … 1553 1587 memset(&rep, 0, sizeof(rep)); 1554 1588 1589 _krb5_debug(context, 5, "krb5_get_init_creds: using BTMM kinit enc reply key"); 1590 1555 1591 ret = decode_PA_PK_AS_REP_BTMM(pa->padata_value.data, 1556 1592 pa->padata_value.length, … … 1719 1755 } 1720 1756 1721 krb5_error_code KRB5_LIB_FUNCTION 1757 static krb5_error_code 1758 _krb5_pk_set_user_id(krb5_context context, 1759 krb5_principal principal, 1760 krb5_pk_init_ctx ctx, 1761 struct hx509_certs_data *certs) 1762 { 1763 hx509_certs c = hx509_certs_ref(certs); 1764 hx509_query *q = NULL; 1765 int ret; 1766 1767 if (ctx->id->certs) 1768 hx509_certs_free(&ctx->id->certs); 1769 if (ctx->id->cert) { 1770 hx509_cert_free(ctx->id->cert); 1771 ctx->id->cert = NULL; 1772 } 1773 1774 ctx->id->certs = c; 1775 ctx->anonymous = 0; 1776 1777 ret = hx509_query_alloc(context->hx509ctx, &q); 1778 if (ret) { 1779 pk_copy_error(context, context->hx509ctx, ret, 1780 "Allocate query to find signing certificate"); 1781 return ret; 1782 } 1783 1784 hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY); 1785 hx509_query_match_option(q, HX509_QUERY_OPTION_KU_DIGITALSIGNATURE); 1786 1787 if (principal && strncmp("LKDC:SHA1.", krb5_principal_get_realm(context, principal), 9) == 0) { 1788 ctx->id->flags |= PKINIT_BTMM; 1789 } 1790 1791 ret = find_cert(context, ctx->id, q, &ctx->id->cert); 1792 hx509_query_free(context->hx509ctx, q); 1793 1794 if (ret == 0 && _krb5_have_debug(context, 2)) { 1795 hx509_name name; 1796 char *str, *sn; 1797 heim_integer i; 1798 1799 ret = hx509_cert_get_subject(ctx->id->cert, &name); 1800 if (ret) 1801 goto out; 1802 1803 ret = hx509_name_to_string(name, &str); 1804 hx509_name_free(&name); 1805 if (ret) 1806 goto out; 1807 1808 ret = hx509_cert_get_serialnumber(ctx->id->cert, &i); 1809 if (ret) { 1810 free(str); 1811 goto out; 1812 } 1813 1814 ret = der_print_hex_heim_integer(&i, &sn); 1815 der_free_heim_integer(&i); 1816 if (ret) { 1817 free(name); 1818 goto out; 1819 } 1820 1821 _krb5_debug(context, 2, "using cert: subject: %s sn: %s", str, sn); 1822 free(str); 1823 free(sn); 1824 } 1825 out: 1826 1827 return ret; 1828 } 1829 1830 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1722 1831 _krb5_pk_load_id(krb5_context context, 1723 1832 struct krb5_pk_identity **ret_id, 1724 int flags,1725 1833 const char *user_id, 1726 1834 const char *anchor_id, … … 1732 1840 { 1733 1841 struct krb5_pk_identity *id = NULL; 1734 hx509_lock lock = NULL;1735 1842 struct prompter p; 1736 1843 int ret; … … 1742 1849 N_("PKINIT: No anchor given", "")); 1743 1850 return HEIM_PKINIT_NO_VALID_CA; 1744 }1745 1746 if (user_id == NULL && (flags & 4) == 0) {1747 krb5_set_error_message(context, HEIM_PKINIT_NO_PRIVATE_KEY,1748 N_("PKINIT: No user certificate given", ""));1749 return HEIM_PKINIT_NO_PRIVATE_KEY;1750 1851 } 1751 1852 … … 1759 1860 } 1760 1861 1761 ret = hx509_context_init(&id->hx509ctx);1762 if (ret)1763 goto out;1764 1765 ret = hx509_lock_init(id->hx509ctx, &lock);1766 if (ret) {1767 pk_copy_error(context, id->hx509ctx, ret, "Failed init lock");1768 goto out;1769 }1770 1771 if (password && password[0])1772 hx509_lock_add_password(lock, password);1773 1774 if (prompter) {1775 p.context = context;1776 p.prompter = prompter;1777 p.prompter_data = prompter_data;1778 1779 ret = hx509_lock_set_prompter(lock, hx_pass_prompter, &p);1780 if (ret)1781 goto out;1782 }1783 1784 1862 if (user_id) { 1785 ret = hx509_certs_init(id->hx509ctx, user_id, 0, lock, &id->certs); 1786 if (ret) { 1787 pk_copy_error(context, id->hx509ctx, ret, 1863 hx509_lock lock; 1864 1865 ret = hx509_lock_init(context->hx509ctx, &lock); 1866 if (ret) { 1867 pk_copy_error(context, context->hx509ctx, ret, "Failed init lock"); 1868 goto out; 1869 } 1870 1871 if (password && password[0]) 1872 hx509_lock_add_password(lock, password); 1873 1874 if (prompter) { 1875 p.context = context; 1876 p.prompter = prompter; 1877 p.prompter_data = prompter_data; 1878 1879 ret = hx509_lock_set_prompter(lock, hx_pass_prompter, &p); 1880 if (ret) { 1881 hx509_lock_free(lock); 1882 goto out; 1883 } 1884 } 1885 1886 ret = hx509_certs_init(context->hx509ctx, user_id, 0, lock, &id->certs); 1887 hx509_lock_free(lock); 1888 if (ret) { 1889 pk_copy_error(context, context->hx509ctx, ret, 1788 1890 "Failed to init cert certs"); 1789 1891 goto out; … … 1793 1895 } 1794 1896 1795 ret = hx509_certs_init( id->hx509ctx, anchor_id, 0, NULL, &id->anchors);1796 if (ret) { 1797 pk_copy_error(context, id->hx509ctx, ret,1897 ret = hx509_certs_init(context->hx509ctx, anchor_id, 0, NULL, &id->anchors); 1898 if (ret) { 1899 pk_copy_error(context, context->hx509ctx, ret, 1798 1900 "Failed to init anchors"); 1799 1901 goto out; 1800 1902 } 1801 1903 1802 ret = hx509_certs_init( id->hx509ctx, "MEMORY:pkinit-cert-chain",1904 ret = hx509_certs_init(context->hx509ctx, "MEMORY:pkinit-cert-chain", 1803 1905 0, NULL, &id->certpool); 1804 1906 if (ret) { 1805 pk_copy_error(context, id->hx509ctx, ret,1907 pk_copy_error(context, context->hx509ctx, ret, 1806 1908 "Failed to init chain"); 1807 1909 goto out; … … 1809 1911 1810 1912 while (chain_list && *chain_list) { 1811 ret = hx509_certs_append( id->hx509ctx, id->certpool,1913 ret = hx509_certs_append(context->hx509ctx, id->certpool, 1812 1914 NULL, *chain_list); 1813 1915 if (ret) { 1814 pk_copy_error(context, id->hx509ctx, ret,1916 pk_copy_error(context, context->hx509ctx, ret, 1815 1917 "Failed to laod chain %s", 1816 1918 *chain_list); … … 1821 1923 1822 1924 if (revoke_list) { 1823 ret = hx509_revoke_init( id->hx509ctx, &id->revokectx);1824 if (ret) { 1825 pk_copy_error(context, id->hx509ctx, ret,1925 ret = hx509_revoke_init(context->hx509ctx, &id->revokectx); 1926 if (ret) { 1927 pk_copy_error(context, context->hx509ctx, ret, 1826 1928 "Failed init revoke list"); 1827 1929 goto out; … … 1829 1931 1830 1932 while (*revoke_list) { 1831 ret = hx509_revoke_add_crl( id->hx509ctx,1933 ret = hx509_revoke_add_crl(context->hx509ctx, 1832 1934 id->revokectx, 1833 1935 *revoke_list); 1834 1936 if (ret) { 1835 pk_copy_error(context, id->hx509ctx, ret,1937 pk_copy_error(context, context->hx509ctx, ret, 1836 1938 "Failed load revoke list"); 1837 1939 goto out; … … 1840 1942 } 1841 1943 } else 1842 hx509_context_set_missing_revoke( id->hx509ctx, 1);1843 1844 ret = hx509_verify_init_ctx( id->hx509ctx, &id->verify_ctx);1845 if (ret) { 1846 pk_copy_error(context, id->hx509ctx, ret,1944 hx509_context_set_missing_revoke(context->hx509ctx, 1); 1945 1946 ret = hx509_verify_init_ctx(context->hx509ctx, &id->verify_ctx); 1947 if (ret) { 1948 pk_copy_error(context, context->hx509ctx, ret, 1847 1949 "Failed init verify context"); 1848 1950 goto out; … … 1859 1961 hx509_certs_free(&id->certpool); 1860 1962 hx509_revoke_free(&id->revokectx); 1861 hx509_context_free(&id->hx509ctx);1862 1963 free(id); 1863 1964 } else 1864 1965 *ret_id = id; 1865 1866 if (lock)1867 hx509_lock_free(lock);1868 1966 1869 1967 return ret; … … 1883 1981 va_list va; 1884 1982 char *s, *f; 1983 int ret; 1885 1984 1886 1985 va_start(va, fmt); 1887 vasprintf(&f, fmt, va);1986 ret = vasprintf(&f, fmt, va); 1888 1987 va_end(va); 1889 if ( f == NULL) {1988 if (ret == -1 || f == NULL) { 1890 1989 krb5_clear_error_message(context); 1891 1990 return; … … 2116 2215 file = MODULI_FILE; 2117 2216 2217 #ifdef KRB5_USE_PATH_TOKENS 2218 { 2219 char * exp_file; 2220 2221 if (_krb5_expand_path_tokens(context, file, &exp_file) == 0) { 2222 f = fopen(exp_file, "r"); 2223 krb5_xfree(exp_file); 2224 } else { 2225 f = NULL; 2226 } 2227 } 2228 #else 2118 2229 f = fopen(file, "r"); 2230 #endif 2231 2119 2232 if (f == NULL) { 2120 2233 *moduli = m; … … 2193 2306 #endif /* PKINIT */ 2194 2307 2195 void KRB5_LIB_FUNCTION 2308 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 2196 2309 _krb5_get_init_creds_opt_free_pkinit(krb5_get_init_creds_opt *opt) 2197 2310 { … … 2204 2317 switch (ctx->keyex) { 2205 2318 case USE_DH: 2206 DH_free(ctx->u.dh); 2319 if (ctx->u.dh) 2320 DH_free(ctx->u.dh); 2207 2321 break; 2208 2322 case USE_RSA: … … 2210 2324 case USE_ECDH: 2211 2325 #ifdef HAVE_OPENSSL 2212 EC_KEY_free(ctx->u.eckey); 2326 if (ctx->u.eckey) 2327 EC_KEY_free(ctx->u.eckey); 2213 2328 #endif 2214 2329 break; … … 2220 2335 hx509_certs_free(&ctx->id->anchors); 2221 2336 hx509_certs_free(&ctx->id->certpool); 2222 hx509_context_free(&ctx->id->hx509ctx);2223 2337 2224 2338 if (ctx->clientDHNonce) { … … 2236 2350 } 2237 2351 2238 krb5_error_code KRB5_LIB_FUNCTION 2352 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 2239 2353 krb5_get_init_creds_opt_set_pkinit(krb5_context context, 2240 2354 krb5_get_init_creds_opt *opt, … … 2291 2405 } 2292 2406 2407 if (flags & 4) 2408 opt->opt_private->pk_init_ctx->anonymous = 1; 2409 2293 2410 ret = _krb5_pk_load_id(context, 2294 2411 &opt->opt_private->pk_init_ctx->id, 2295 flags,2296 2412 user_id, 2297 2413 x509_anchors, … … 2308 2424 2309 2425 if (opt->opt_private->pk_init_ctx->id->certs) { 2310 hx509_query *q = NULL; 2311 hx509_cert cert = NULL; 2312 hx509_context hx509ctx = opt->opt_private->pk_init_ctx->id->hx509ctx; 2313 2314 ret = hx509_query_alloc(hx509ctx, &q); 2315 if (ret) { 2316 pk_copy_error(context, hx509ctx, ret, 2317 "Allocate query to find signing certificate"); 2318 return ret; 2319 } 2320 2321 hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY); 2322 hx509_query_match_option(q, HX509_QUERY_OPTION_KU_DIGITALSIGNATURE); 2323 2324 ret = find_cert(context, opt->opt_private->pk_init_ctx->id, q, &cert); 2325 hx509_query_free(hx509ctx, q); 2326 if (ret) 2327 return ret; 2328 2329 opt->opt_private->pk_init_ctx->id->cert = cert; 2426 _krb5_pk_set_user_id(context, 2427 principal, 2428 opt->opt_private->pk_init_ctx, 2429 opt->opt_private->pk_init_ctx->id->certs); 2330 2430 } else 2331 2431 opt->opt_private->pk_init_ctx->id->cert = NULL; 2332 2432 2333 2433 if ((flags & 2) == 0) { 2334 hx509_context hx509ctx = opt->opt_private->pk_init_ctx->id->hx509ctx;2434 hx509_context hx509ctx = context->hx509ctx; 2335 2435 hx509_cert cert = opt->opt_private->pk_init_ctx->id->cert; 2336 2436 … … 2369 2469 } 2370 2470 2471 krb5_error_code KRB5_LIB_FUNCTION 2472 krb5_get_init_creds_opt_set_pkinit_user_certs(krb5_context context, 2473 krb5_get_init_creds_opt *opt, 2474 struct hx509_certs_data *certs) 2475 { 2476 #ifdef PKINIT 2477 if (opt->opt_private == NULL) { 2478 krb5_set_error_message(context, EINVAL, 2479 N_("PKINIT: on non extendable opt", "")); 2480 return EINVAL; 2481 } 2482 if (opt->opt_private->pk_init_ctx == NULL) { 2483 krb5_set_error_message(context, EINVAL, 2484 N_("PKINIT: on pkinit context", "")); 2485 return EINVAL; 2486 } 2487 2488 _krb5_pk_set_user_id(context, NULL, opt->opt_private->pk_init_ctx, certs); 2489 2490 return 0; 2491 #else 2492 krb5_set_error_message(context, EINVAL, 2493 N_("no support for PKINIT compiled in", "")); 2494 return EINVAL; 2495 #endif 2496 } 2497 2371 2498 #ifdef PKINIT 2372 2499 … … 2416 2543 */ 2417 2544 2418 krb5_error_code KRB5_LIB_FUNCTION 2419 _krb5_pk_enterprise_cert(krb5_context context, 2420 const char *user_id, 2421 krb5_const_realm realm, 2422 krb5_principal *principal) 2545 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 2546 krb5_pk_enterprise_cert(krb5_context context, 2547 const char *user_id, 2548 krb5_const_realm realm, 2549 krb5_principal *principal, 2550 struct hx509_certs_data **res) 2423 2551 { 2424 2552 #ifdef PKINIT 2425 2553 krb5_error_code ret; 2426 hx509_context hx509ctx;2427 2554 hx509_certs certs, result; 2428 2555 hx509_cert cert; … … 2431 2558 2432 2559 *principal = NULL; 2560 if (res) 2561 *res = NULL; 2433 2562 2434 if (user_id == NULL) 2563 if (user_id == NULL) { 2564 krb5_set_error_message(context, ENOENT, "no user id"); 2435 2565 return ENOENT; 2436 2437 ret = hx509_context_init(&hx509ctx); 2438 if (ret) 2439 return ret; 2440 2441 ret = hx509_certs_init(hx509ctx, user_id, 0, NULL, &certs); 2442 if (ret) { 2443 pk_copy_error(context, hx509ctx, ret, 2566 } 2567 2568 ret = hx509_certs_init(context->hx509ctx, user_id, 0, NULL, &certs); 2569 if (ret) { 2570 pk_copy_error(context, context->hx509ctx, ret, 2444 2571 "Failed to init cert certs"); 2445 return ret; 2446 } 2447 2448 ret = hx509_query_alloc(hx509ctx, &q); 2449 if (ret) { 2572 goto out; 2573 } 2574 2575 ret = hx509_query_alloc(context->hx509ctx, &q); 2576 if (ret) { 2577 krb5_set_error_message(context, ret, "out of memory"); 2450 2578 hx509_certs_free(&certs); 2451 return ret;2579 goto out; 2452 2580 } 2453 2581 … … 2457 2585 hx509_query_match_cmp_func(q, find_ms_san, NULL); 2458 2586 2459 ret = hx509_certs_filter( hx509ctx, certs, q, &result);2460 hx509_query_free( hx509ctx, q);2587 ret = hx509_certs_filter(context->hx509ctx, certs, q, &result); 2588 hx509_query_free(context->hx509ctx, q); 2461 2589 hx509_certs_free(&certs); 2462 if (ret) 2590 if (ret) { 2591 pk_copy_error(context, context->hx509ctx, ret, 2592 "Failed to find PKINIT certificate"); 2463 2593 return ret; 2594 } 2464 2595 2465 ret = hx509_get_one_cert( hx509ctx, result, &cert);2596 ret = hx509_get_one_cert(context->hx509ctx, result, &cert); 2466 2597 hx509_certs_free(&result); 2467 if (ret) 2468 return ret; 2469 2470 ret = get_ms_san(hx509ctx, cert, &name); 2471 if (ret) 2472 return ret; 2598 if (ret) { 2599 pk_copy_error(context, context->hx509ctx, ret, 2600 "Failed to get one cert"); 2601 goto out; 2602 } 2603 2604 ret = get_ms_san(context->hx509ctx, cert, &name); 2605 if (ret) { 2606 pk_copy_error(context, context->hx509ctx, ret, 2607 "Failed to get MS SAN"); 2608 goto out; 2609 } 2473 2610 2474 2611 ret = krb5_make_principal(context, principal, realm, name, NULL); 2475 2612 free(name); 2476 hx509_context_free(&hx509ctx);2477 2613 if (ret) 2478 return ret;2614 goto out; 2479 2615 2480 2616 krb5_principal_set_type(context, *principal, KRB5_NT_ENTERPRISE_PRINCIPAL); 2481 2617 2618 if (res) { 2619 ret = hx509_certs_init(context->hx509ctx, "MEMORY:", 0, NULL, res); 2620 if (ret) { 2621 hx509_cert_free(cert); 2622 goto out; 2623 } 2624 2625 ret = hx509_certs_add(context->hx509ctx, *res, cert); 2626 if (ret) { 2627 hx509_certs_free(res); 2628 goto out; 2629 } 2630 } 2631 2632 out: 2633 hx509_cert_free(cert); 2634 2482 2635 return ret; 2483 2636 #else -
trunk/server/source4/heimdal/lib/krb5/plugin.c
r414 r745 136 136 */ 137 137 138 krb5_error_code 138 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 139 139 krb5_plugin_register(krb5_context context, 140 140 enum krb5_plugin_type type, … … 180 180 } 181 181 182 static int 183 is_valid_plugin_filename(const char * n) 184 { 185 if (n[0] == '.' && (n[1] == '\0' || (n[1] == '.' && n[2] == '\0'))) 186 return 0; 187 188 #ifdef _WIN32 189 /* On Windows, we only attempt to load .dll files as plug-ins. */ 190 { 191 const char * ext; 192 193 ext = strrchr(n, '.'); 194 if (ext == NULL) 195 return 0; 196 197 return !stricmp(ext, ".dll"); 198 } 199 #endif 200 201 return 1; 202 } 203 204 static void 205 trim_trailing_slash(char * path) 206 { 207 size_t l; 208 209 l = strlen(path); 210 while (l > 0 && (path[l - 1] == '/' 211 #ifdef BACKSLASH_PATH_DELIM 212 || path[l - 1] == '\\' 213 #endif 214 )) { 215 path[--l] = '\0'; 216 } 217 } 218 182 219 static krb5_error_code 183 220 load_plugins(krb5_context context) … … 202 239 203 240 for (di = dirs; *di != NULL; di++) { 204 205 d = opendir(*di); 241 char * dir = *di; 242 243 #ifdef KRB5_USE_PATH_TOKENS 244 if (_krb5_expand_path_tokens(context, *di, &dir)) 245 goto next_dir; 246 #endif 247 248 trim_trailing_slash(dir); 249 250 d = opendir(dir); 251 206 252 if (d == NULL) 207 continue; 208 rk_cloexec(dirfd(d)); 253 goto next_dir; 254 255 rk_cloexec_dir(d); 209 256 210 257 while ((entry = readdir(d)) != NULL) { … … 212 259 213 260 /* skip . and .. */ 214 if (n[0] == '.' && (n[1] == '\0' || (n[1] == '.' && n[2] == '\0')))261 if (!is_valid_plugin_filename(n)) 215 262 continue; 216 263 217 264 path = NULL; 265 ret = 0; 218 266 #ifdef __APPLE__ 219 267 { /* support loading bundles on MacOS */ 220 268 size_t len = strlen(n); 221 269 if (len > 7 && strcmp(&n[len - 7], ".bundle") == 0) 222 asprintf(&path, "%s/%s/Contents/MacOS/%.*s", *di, n, (int)(len - 7), n);270 ret = asprintf(&path, "%s/%s/Contents/MacOS/%.*s", dir, n, (int)(len - 7), n); 223 271 } 224 272 #endif 225 if ( path == NULL)226 asprintf(&path, "%s/%s", *di, n);227 228 if ( path == NULL) {273 if (ret < 0 || path == NULL) 274 ret = asprintf(&path, "%s/%s", dir, n); 275 276 if (ret < 0 || path == NULL) { 229 277 ret = ENOMEM; 230 278 krb5_set_error_message(context, ret, "malloc: out of memory"); … … 243 291 } 244 292 closedir(d); 293 294 next_dir: 295 if (dir != *di) 296 free(dir); 245 297 } 246 298 if (dirs != rk_UNCONST(sysplugin_dirs)) … … 325 377 } 326 378 } 379 /* 380 * module - dict of { 381 * ModuleName = [ 382 * plugin = object{ 383 * array = { ptr, ctx } 384 * } 385 * ] 386 * } 387 */ 388 389 static heim_dict_t modules; 390 391 struct plugin2 { 392 heim_string_t path; 393 void *dsohandle; 394 heim_dict_t names; 395 }; 396 397 static void 398 plug_dealloc(void *ptr) 399 { 400 struct plugin2 *p = ptr; 401 heim_release(p->path); 402 heim_release(p->names); 403 if (p->dsohandle) 404 dlclose(p->dsohandle); 405 } 406 407 408 void 409 _krb5_load_plugins(krb5_context context, const char *name, const char **paths) 410 { 411 #ifdef HAVE_DLOPEN 412 heim_string_t s = heim_string_create(name); 413 heim_dict_t module; 414 struct dirent *entry; 415 krb5_error_code ret; 416 const char **di; 417 DIR *d; 418 419 HEIMDAL_MUTEX_lock(&plugin_mutex); 420 421 if (modules == NULL) { 422 modules = heim_dict_create(11); 423 if (modules == NULL) { 424 HEIMDAL_MUTEX_unlock(&plugin_mutex); 425 return; 426 } 427 } 428 429 module = heim_dict_copy_value(modules, s); 430 if (module == NULL) { 431 module = heim_dict_create(11); 432 if (module == NULL) { 433 HEIMDAL_MUTEX_unlock(&plugin_mutex); 434 heim_release(s); 435 return; 436 } 437 heim_dict_add_value(modules, s, module); 438 } 439 heim_release(s); 440 441 for (di = paths; *di != NULL; di++) { 442 d = opendir(*di); 443 if (d == NULL) 444 continue; 445 rk_cloexec_dir(d); 446 447 while ((entry = readdir(d)) != NULL) { 448 char *n = entry->d_name; 449 char *path = NULL; 450 heim_string_t spath; 451 struct plugin2 *p; 452 453 /* skip . and .. */ 454 if (n[0] == '.' && (n[1] == '\0' || (n[1] == '.' && n[2] == '\0'))) 455 continue; 456 457 ret = 0; 458 #ifdef __APPLE__ 459 { /* support loading bundles on MacOS */ 460 size_t len = strlen(n); 461 if (len > 7 && strcmp(&n[len - 7], ".bundle") == 0) 462 ret = asprintf(&path, "%s/%s/Contents/MacOS/%.*s", *di, n, (int)(len - 7), n); 463 } 464 #endif 465 if (ret < 0 || path == NULL) 466 ret = asprintf(&path, "%s/%s", *di, n); 467 468 if (ret < 0 || path == NULL) 469 continue; 470 471 spath = heim_string_create(n); 472 if (spath == NULL) { 473 free(path); 474 continue; 475 } 476 477 /* check if already cached */ 478 p = heim_dict_copy_value(module, spath); 479 if (p == NULL) { 480 p = heim_alloc(sizeof(*p), "krb5-plugin", plug_dealloc); 481 if (p) 482 p->dsohandle = dlopen(path, RTLD_LOCAL|RTLD_LAZY); 483 484 if (p->dsohandle) { 485 p->path = heim_retain(spath); 486 p->names = heim_dict_create(11); 487 heim_dict_add_value(module, spath, p); 488 } 489 } 490 heim_release(spath); 491 heim_release(p); 492 free(path); 493 } 494 closedir(d); 495 } 496 heim_release(module); 497 HEIMDAL_MUTEX_unlock(&plugin_mutex); 498 #endif /* HAVE_DLOPEN */ 499 } 500 501 void 502 _krb5_unload_plugins(krb5_context context, const char *name) 503 { 504 HEIMDAL_MUTEX_lock(&plugin_mutex); 505 heim_release(modules); 506 modules = NULL; 507 HEIMDAL_MUTEX_unlock(&plugin_mutex); 508 } 509 510 /* 511 * 512 */ 513 514 struct common_plugin_method { 515 int version; 516 krb5_error_code (*init)(krb5_context, void **); 517 void (*fini)(void *); 518 }; 519 520 struct plug { 521 void *dataptr; 522 void *ctx; 523 }; 524 525 static void 526 plug_free(void *ptr) 527 { 528 struct plug *pl = ptr; 529 if (pl->dataptr) { 530 struct common_plugin_method *cpm = pl->dataptr; 531 cpm->fini(pl->ctx); 532 } 533 } 534 535 struct iter_ctx { 536 krb5_context context; 537 heim_string_t n; 538 const char *name; 539 int min_version; 540 heim_array_t result; 541 krb5_error_code (*func)(krb5_context, const void *, void *, void *); 542 void *userctx; 543 krb5_error_code ret; 544 }; 545 546 static void 547 search_modules(void *ctx, heim_object_t key, heim_object_t value) 548 { 549 struct iter_ctx *s = ctx; 550 struct plugin2 *p = value; 551 struct plug *pl = heim_dict_copy_value(p->names, s->n); 552 struct common_plugin_method *cpm; 553 554 if (pl == NULL) { 555 if (p->dsohandle == NULL) 556 return; 557 558 pl = heim_alloc(sizeof(*pl), "struct-plug", plug_free); 559 560 cpm = pl->dataptr = dlsym(p->dsohandle, s->name); 561 if (cpm) { 562 int ret; 563 564 ret = cpm->init(s->context, &pl->ctx); 565 if (ret) 566 cpm = pl->dataptr = NULL; 567 } 568 heim_dict_add_value(p->names, s->n, pl); 569 } else { 570 cpm = pl->dataptr; 571 } 572 573 if (cpm && cpm->version >= s->min_version) 574 heim_array_append_value(s->result, pl); 575 576 heim_release(pl); 577 } 578 579 static void 580 eval_results(heim_object_t value, void *ctx) 581 { 582 struct plug *pl = value; 583 struct iter_ctx *s = ctx; 584 585 if (s->ret != KRB5_PLUGIN_NO_HANDLE) 586 return; 587 588 s->ret = s->func(s->context, pl->dataptr, pl->ctx, s->userctx); 589 } 590 591 krb5_error_code 592 _krb5_plugin_run_f(krb5_context context, 593 const char *module, 594 const char *name, 595 int min_version, 596 int flags, 597 void *userctx, 598 krb5_error_code (*func)(krb5_context, const void *, void *, void *)) 599 { 600 heim_string_t m = heim_string_create(module); 601 heim_dict_t dict; 602 struct iter_ctx s; 603 604 HEIMDAL_MUTEX_lock(&plugin_mutex); 605 606 dict = heim_dict_copy_value(modules, m); 607 heim_release(m); 608 if (dict == NULL) { 609 HEIMDAL_MUTEX_unlock(&plugin_mutex); 610 return KRB5_PLUGIN_NO_HANDLE; 611 } 612 613 s.context = context; 614 s.name = name; 615 s.n = heim_string_create(name); 616 s.min_version = min_version; 617 s.result = heim_array_create(); 618 s.func = func; 619 s.userctx = userctx; 620 621 heim_dict_iterate_f(dict, search_modules, &s); 622 623 heim_release(dict); 624 625 HEIMDAL_MUTEX_unlock(&plugin_mutex); 626 627 s.ret = KRB5_PLUGIN_NO_HANDLE; 628 629 heim_array_iterate_f(s.result, eval_results, &s); 630 631 heim_release(s.result); 632 heim_release(s.n); 633 634 return s.ret; 635 } -
trunk/server/source4/heimdal/lib/krb5/principal.c
r414 r745 77 77 */ 78 78 79 void KRB5_LIB_FUNCTION 79 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 80 80 krb5_free_principal(krb5_context context, 81 81 krb5_principal p) … … 99 99 */ 100 100 101 void KRB5_LIB_FUNCTION 101 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 102 102 krb5_principal_set_type(krb5_context context, 103 103 krb5_principal principal, … … 107 107 } 108 108 109 int KRB5_LIB_FUNCTION 109 /** 110 * Get the type of the principal 111 * 112 * @param context A Kerberos context. 113 * @param principal principal to get the type for 114 * 115 * @return the type of principal 116 * 117 * @ingroup krb5_principal 118 */ 119 120 KRB5_LIB_FUNCTION int KRB5_LIB_CALL 110 121 krb5_principal_get_type(krb5_context context, 111 122 krb5_const_principal principal) … … 114 125 } 115 126 116 const char* KRB5_LIB_FUNCTION 127 /** 128 * Get the realm of the principal 129 * 130 * @param context A Kerberos context. 131 * @param principal principal to get the realm for 132 * 133 * @return realm of the principal, don't free or use after krb5_principal is freed 134 * 135 * @ingroup krb5_principal 136 */ 137 138 KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL 117 139 krb5_principal_get_realm(krb5_context context, 118 140 krb5_const_principal principal) … … 121 143 } 122 144 123 const char* KRB5_LIB_FUNCTION 145 KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL 124 146 krb5_principal_get_comp_string(krb5_context context, 125 147 krb5_const_principal principal, … … 142 164 */ 143 165 144 unsigned int KRB5_LIB_FUNCTION 166 KRB5_LIB_FUNCTION unsigned int KRB5_LIB_CALL 145 167 krb5_principal_get_num_comp(krb5_context context, 146 168 krb5_const_principal principal) … … 149 171 } 150 172 151 krb5_error_code KRB5_LIB_FUNCTION 173 /** 174 * Parse a name into a krb5_principal structure, flags controls the behavior. 175 * 176 * @param context Kerberos 5 context 177 * @param name name to parse into a Kerberos principal 178 * @param flags flags to control the behavior 179 * @param principal returned principal, free with krb5_free_principal(). 180 * 181 * @return An krb5 error code, see krb5_get_error_message(). 182 * 183 * @ingroup krb5_principal 184 */ 185 186 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 152 187 krb5_parse_name_flags(krb5_context context, 153 188 const char *name, … … 338 373 } 339 374 340 krb5_error_code KRB5_LIB_FUNCTION 375 /** 376 * Parse a name into a krb5_principal structure 377 * 378 * @param context Kerberos 5 context 379 * @param name name to parse into a Kerberos principal 380 * @param principal returned principal, free with krb5_free_principal(). 381 * 382 * @return An krb5 error code, see krb5_get_error_message(). 383 * 384 * @ingroup krb5_principal 385 */ 386 387 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 341 388 krb5_parse_name(krb5_context context, 342 389 const char *name, … … 426 473 } 427 474 428 krb5_error_code KRB5_LIB_FUNCTION 475 /** 476 * Unparse the principal name to a fixed buffer 477 * 478 * @param context A Kerberos context. 479 * @param principal principal to unparse 480 * @param name buffer to write name to 481 * @param len length of buffer 482 * 483 * @return An krb5 error code, see krb5_get_error_message(). 484 * 485 * @ingroup krb5_principal 486 */ 487 488 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 429 489 krb5_unparse_name_fixed(krb5_context context, 430 490 krb5_const_principal principal, … … 435 495 } 436 496 437 krb5_error_code KRB5_LIB_FUNCTION 497 /** 498 * Unparse the principal name to a fixed buffer. The realm is skipped 499 * if its a default realm. 500 * 501 * @param context A Kerberos context. 502 * @param principal principal to unparse 503 * @param name buffer to write name to 504 * @param len length of buffer 505 * 506 * @return An krb5 error code, see krb5_get_error_message(). 507 * 508 * @ingroup krb5_principal 509 */ 510 511 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 438 512 krb5_unparse_name_fixed_short(krb5_context context, 439 513 krb5_const_principal principal, … … 445 519 } 446 520 447 krb5_error_code KRB5_LIB_FUNCTION 521 /** 522 * Unparse the principal name with unparse flags to a fixed buffer. 523 * 524 * @param context A Kerberos context. 525 * @param principal principal to unparse 526 * @param flags unparse flags 527 * @param name buffer to write name to 528 * @param len length of buffer 529 * 530 * @return An krb5 error code, see krb5_get_error_message(). 531 * 532 * @ingroup krb5_principal 533 */ 534 535 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 448 536 krb5_unparse_name_fixed_flags(krb5_context context, 449 537 krb5_const_principal principal, … … 509 597 */ 510 598 511 krb5_error_code KRB5_LIB_FUNCTION 599 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 512 600 krb5_unparse_name(krb5_context context, 513 601 krb5_const_principal principal, … … 530 618 */ 531 619 532 krb5_error_code KRB5_LIB_FUNCTION 620 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 533 621 krb5_unparse_name_flags(krb5_context context, 534 622 krb5_const_principal principal, … … 539 627 } 540 628 541 krb5_error_code KRB5_LIB_FUNCTION 629 /** 630 * Unparse the principal name to a allocated buffer. The realm is 631 * skipped if its a default realm. 632 * 633 * @param context A Kerberos context. 634 * @param principal principal to unparse 635 * @param name returned buffer, free with krb5_xfree() 636 * 637 * @return An krb5 error code, see krb5_get_error_message(). 638 * 639 * @ingroup krb5_principal 640 */ 641 642 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 542 643 krb5_unparse_name_short(krb5_context context, 543 644 krb5_const_principal principal, … … 547 648 } 548 649 549 #if 0 /* not implemented */ 550 551 krb5_error_code KRB5_LIB_FUNCTION 552 krb5_unparse_name_ext(krb5_context context, 553 krb5_const_principal principal, 554 char **name, 555 size_t *size) 556 { 557 krb5_abortx(context, "unimplemented krb5_unparse_name_ext called");558 } 559 560 #endif 561 562 krb5_error_code KRB5_LIB_FUNCTION 650 /** 651 * Set a new realm for a principal, and as a side-effect free the 652 * previous realm. 653 * 654 * @param context A Kerberos context. 655 * @param principal principal set the realm for 656 * @param realm the new realm to set 657 * 658 * @return An krb5 error code, see krb5_get_error_message(). 659 * 660 * @ingroup krb5_principal 661 */ 662 663 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 563 664 krb5_principal_set_realm(krb5_context context, 564 665 krb5_principal principal, … … 577 678 } 578 679 579 580 krb5_error_code KRB5_LIB_FUNCTION 680 #ifndef HEIMDAL_SMALLER 681 /** 682 * Build a principal using vararg style building 683 * 684 * @param context A Kerberos context. 685 * @param principal returned principal 686 * @param rlen length of realm 687 * @param realm realm name 688 * @param ... a list of components ended with NULL. 689 * 690 * @return An krb5 error code, see krb5_get_error_message(). 691 * 692 * @ingroup krb5_principal 693 */ 694 695 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 581 696 krb5_build_principal(krb5_context context, 582 697 krb5_principal *principal, … … 590 705 ret = krb5_build_principal_va(context, principal, rlen, realm, ap); 591 706 va_end(ap); 707 return ret; 708 } 709 #endif 710 711 /** 712 * Build a principal using vararg style building 713 * 714 * @param context A Kerberos context. 715 * @param principal returned principal 716 * @param realm realm name 717 * @param ... a list of components ended with NULL. 718 * 719 * @return An krb5 error code, see krb5_get_error_message(). 720 * 721 * @ingroup krb5_principal 722 */ 723 724 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 725 krb5_make_principal(krb5_context context, 726 krb5_principal *principal, 727 krb5_const_realm realm, 728 ...) 729 { 730 krb5_error_code ret; 731 krb5_realm r = NULL; 732 va_list ap; 733 if(realm == NULL) { 734 ret = krb5_get_default_realm(context, &r); 735 if(ret) 736 return ret; 737 realm = r; 738 } 739 va_start(ap, realm); 740 ret = krb5_build_principal_va(context, principal, strlen(realm), realm, ap); 741 va_end(ap); 742 if(r) 743 free(r); 592 744 return ret; 593 745 } … … 677 829 } 678 830 679 krb5_error_code KRB5_LIB_FUNCTION 680 krb5_make_principal(krb5_context context, 681 krb5_principal *principal, 682 krb5_const_realm realm, 683 ...) 684 { 685 krb5_error_code ret; 686 krb5_realm r = NULL; 687 va_list ap; 688 if(realm == NULL) { 689 ret = krb5_get_default_realm(context, &r); 690 if(ret) 691 return ret; 692 realm = r; 693 } 694 va_start(ap, realm); 695 ret = krb5_build_principal_va(context, principal, strlen(realm), realm, ap); 696 va_end(ap); 697 if(r) 698 free(r); 699 return ret; 700 } 701 702 krb5_error_code KRB5_LIB_FUNCTION 831 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 703 832 krb5_build_principal_va(krb5_context context, 704 833 krb5_principal *principal, … … 710 839 } 711 840 712 krb5_error_code KRB5_LIB_FUNCTION 841 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 713 842 krb5_build_principal_va_ext(krb5_context context, 714 843 krb5_principal *principal, … … 721 850 722 851 723 krb5_error_code KRB5_LIB_FUNCTION 852 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 724 853 krb5_build_principal_ext(krb5_context context, 725 854 krb5_principal *principal, … … 736 865 } 737 866 738 739 krb5_error_code KRB5_LIB_FUNCTION 867 /** 868 * Copy a principal 869 * 870 * @param context A Kerberos context. 871 * @param inprinc principal to copy 872 * @param outprinc copied principal, free with krb5_free_principal() 873 * 874 * @return An krb5 error code, see krb5_get_error_message(). 875 * 876 * @ingroup krb5_principal 877 */ 878 879 880 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 740 881 krb5_copy_principal(krb5_context context, 741 882 krb5_const_principal inprinc, … … 768 909 * 769 910 * @ingroup krb5_principal 770 */ 771 772 krb5_boolean KRB5_LIB_FUNCTION 911 * @see krb5_principal_compare() 912 * @see krb5_realm_compare() 913 */ 914 915 KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL 773 916 krb5_principal_compare_any_realm(krb5_context context, 774 917 krb5_const_principal princ1, … … 785 928 } 786 929 787 krb5_boolean KRB5_LIB_FUNCTION 930 KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL 788 931 _krb5_principal_compare_PrincipalName(krb5_context context, 789 932 krb5_const_principal princ1, … … 801 944 802 945 946 /** 947 * Compares the two principals, including realm of the principals and returns 948 * TRUE if they are the same and FALSE if not. 949 * 950 * @param context Kerberos 5 context 951 * @param princ1 first principal to compare 952 * @param princ2 second principal to compare 953 * 954 * @ingroup krb5_principal 955 * @see krb5_principal_compare_any_realm() 956 * @see krb5_realm_compare() 957 */ 958 803 959 /* 804 960 * return TRUE iff princ1 == princ2 805 961 */ 806 962 807 krb5_boolean KRB5_LIB_FUNCTION 963 KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL 808 964 krb5_principal_compare(krb5_context context, 809 965 krb5_const_principal princ1, … … 815 971 } 816 972 817 /* 973 /** 818 974 * return TRUE iff realm(princ1) == realm(princ2) 819 */ 820 821 krb5_boolean KRB5_LIB_FUNCTION 975 * 976 * @param context Kerberos 5 context 977 * @param princ1 first principal to compare 978 * @param princ2 second principal to compare 979 * 980 * @ingroup krb5_principal 981 * @see krb5_principal_compare_any_realm() 982 * @see krb5_principal_compare() 983 */ 984 985 KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL 822 986 krb5_realm_compare(krb5_context context, 823 987 krb5_const_principal princ1, … … 827 991 } 828 992 829 /* 993 /** 830 994 * return TRUE iff princ matches pattern 831 */ 832 833 krb5_boolean KRB5_LIB_FUNCTION 995 * 996 * @ingroup krb5_principal 997 */ 998 999 KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL 834 1000 krb5_principal_match(krb5_context context, 835 1001 krb5_const_principal princ, … … 848 1014 } 849 1015 850 #if defined(KRB4) || !defined(HEIMDAL_SMALLER)851 852 static struct v4_name_convert {853 const char *from;854 const char *to;855 } default_v4_name_convert[] = {856 { "ftp", "ftp" },857 { "hprop", "hprop" },858 { "pop", "pop" },859 { "imap", "imap" },860 { "rcmd", "host" },861 { "smtp", "smtp" },862 { NULL, NULL }863 };864 865 #endif866 867 #ifdef KRB4868 869 /*870 * return the converted instance name of `name' in `realm'.871 * look in the configuration file and then in the default set above.872 * return NULL if no conversion is appropriate.873 */874 875 static const char*876 get_name_conversion(krb5_context context, const char *realm, const char *name)877 {878 struct v4_name_convert *q;879 const char *p;880 881 p = krb5_config_get_string(context, NULL, "realms", realm,882 "v4_name_convert", "host", name, NULL);883 if(p == NULL)884 p = krb5_config_get_string(context, NULL, "libdefaults",885 "v4_name_convert", "host", name, NULL);886 if(p)887 return p;888 889 /* XXX should be possible to override default list */890 p = krb5_config_get_string(context, NULL,891 "realms",892 realm,893 "v4_name_convert",894 "plain",895 name,896 NULL);897 if(p)898 return NULL;899 p = krb5_config_get_string(context, NULL,900 "libdefaults",901 "v4_name_convert",902 "plain",903 name,904 NULL);905 if(p)906 return NULL;907 for(q = default_v4_name_convert; q->from; q++)908 if(strcmp(q->from, name) == 0)909 return q->to;910 return NULL;911 }912 913 /*914 * convert the v4 principal `name.instance@realm' to a v5 principal in `princ'.915 * if `resolve', use DNS.916 * if `func', use that function for validating the conversion917 */918 919 krb5_error_code KRB5_LIB_FUNCTION920 krb5_425_conv_principal_ext2(krb5_context context,921 const char *name,922 const char *instance,923 const char *realm,924 krb5_boolean (*func)(krb5_context,925 void *, krb5_principal),926 void *funcctx,927 krb5_boolean resolve,928 krb5_principal *princ)929 {930 const char *p;931 krb5_error_code ret;932 krb5_principal pr;933 char host[MAXHOSTNAMELEN];934 char local_hostname[MAXHOSTNAMELEN];935 936 /* do the following: if the name is found in the937 `v4_name_convert:host' part, is assumed to be a `host' type938 principal, and the instance is looked up in the939 `v4_instance_convert' part. if not found there the name is940 (optionally) looked up as a hostname, and if that doesn't yield941 anything, the `default_domain' is appended to the instance942 */943 944 if(instance == NULL)945 goto no_host;946 if(instance[0] == 0){947 instance = NULL;948 goto no_host;949 }950 p = get_name_conversion(context, realm, name);951 if(p == NULL)952 goto no_host;953 name = p;954 p = krb5_config_get_string(context, NULL, "realms", realm,955 "v4_instance_convert", instance, NULL);956 if(p){957 instance = p;958 ret = krb5_make_principal(context, &pr, realm, name, instance, NULL);959 if (ret)960 return ret;961 if(func == NULL || (*func)(context, funcctx, pr)){962 *princ = pr;963 return 0;964 }965 krb5_free_principal(context, pr);966 *princ = NULL;967 krb5_clear_error_message (context);968 return HEIM_ERR_V4_PRINC_NO_CONV;969 }970 if(resolve){971 krb5_boolean passed = FALSE;972 char *inst = NULL;973 #ifdef USE_RESOLVER974 struct rk_dns_reply *r;975 976 r = rk_dns_lookup(instance, "aaaa");977 if (r) {978 if (r->head && r->head->type == rk_ns_t_aaaa) {979 inst = strdup(r->head->domain);980 passed = TRUE;981 }982 rk_dns_free_data(r);983 } else {984 r = rk_dns_lookup(instance, "a");985 if (r) {986 if(r->head && r->head->type == rk_ns_t_a) {987 inst = strdup(r->head->domain);988 passed = TRUE;989 }990 rk_dns_free_data(r);991 }992 }993 #else994 struct addrinfo hints, *ai;995 996 memset (&hints, 0, sizeof(hints));997 hints.ai_flags = AI_CANONNAME;998 ret = getaddrinfo(instance, NULL, &hints, &ai);999 if (ret == 0) {1000 const struct addrinfo *a;1001 for (a = ai; a != NULL; a = a->ai_next) {1002 if (a->ai_canonname != NULL) {1003 inst = strdup (a->ai_canonname);1004 passed = TRUE;1005 break;1006 }1007 }1008 freeaddrinfo (ai);1009 }1010 #endif1011 if (passed) {1012 if (inst == NULL) {1013 krb5_set_error_message(context, ENOMEM,1014 N_("malloc: out of memory", ""));1015 return ENOMEM;1016 }1017 strlwr(inst);1018 ret = krb5_make_principal(context, &pr, realm, name, inst,1019 NULL);1020 free (inst);1021 if(ret == 0) {1022 if(func == NULL || (*func)(context, funcctx, pr)){1023 *princ = pr;1024 return 0;1025 }1026 krb5_free_principal(context, pr);1027 }1028 }1029 }1030 if(func != NULL) {1031 snprintf(host, sizeof(host), "%s.%s", instance, realm);1032 strlwr(host);1033 ret = krb5_make_principal(context, &pr, realm, name, host, NULL);1034 if (ret)1035 return ret;1036 if((*func)(context, funcctx, pr)){1037 *princ = pr;1038 return 0;1039 }1040 krb5_free_principal(context, pr);1041 }1042 1043 /*1044 * if the instance is the first component of the local hostname,1045 * the converted host should be the long hostname.1046 */1047 1048 if (func == NULL &&1049 gethostname (local_hostname, sizeof(local_hostname)) == 0 &&1050 strncmp(instance, local_hostname, strlen(instance)) == 0 &&1051 local_hostname[strlen(instance)] == '.') {1052 strlcpy(host, local_hostname, sizeof(host));1053 goto local_host;1054 }1055 1056 {1057 char **domains, **d;1058 domains = krb5_config_get_strings(context, NULL, "realms", realm,1059 "v4_domains", NULL);1060 for(d = domains; d && *d; d++){1061 snprintf(host, sizeof(host), "%s.%s", instance, *d);1062 ret = krb5_make_principal(context, &pr, realm, name, host, NULL);1063 if (ret) {1064 krb5_config_free_strings(domains);1065 return ret;1066 }1067 if(func == NULL || (*func)(context, funcctx, pr)){1068 *princ = pr;1069 krb5_config_free_strings(domains);1070 return 0;1071 }1072 krb5_free_principal(context, pr);1073 }1074 krb5_config_free_strings(domains);1075 }1076 1077 1078 p = krb5_config_get_string(context, NULL, "realms", realm,1079 "default_domain", NULL);1080 if(p == NULL){1081 /* this should be an error, just faking a name is not good */1082 krb5_clear_error_message (context);1083 return HEIM_ERR_V4_PRINC_NO_CONV;1084 }1085 1086 if (*p == '.')1087 ++p;1088 snprintf(host, sizeof(host), "%s.%s", instance, p);1089 local_host:1090 ret = krb5_make_principal(context, &pr, realm, name, host, NULL);1091 if (ret)1092 return ret;1093 if(func == NULL || (*func)(context, funcctx, pr)){1094 *princ = pr;1095 return 0;1096 }1097 krb5_free_principal(context, pr);1098 krb5_clear_error_message (context);1099 return HEIM_ERR_V4_PRINC_NO_CONV;1100 no_host:1101 p = krb5_config_get_string(context, NULL,1102 "realms",1103 realm,1104 "v4_name_convert",1105 "plain",1106 name,1107 NULL);1108 if(p == NULL)1109 p = krb5_config_get_string(context, NULL,1110 "libdefaults",1111 "v4_name_convert",1112 "plain",1113 name,1114 NULL);1115 if(p)1116 name = p;1117 1118 ret = krb5_make_principal(context, &pr, realm, name, instance, NULL);1119 if (ret)1120 return ret;1121 if(func == NULL || (*func)(context, funcctx, pr)){1122 *princ = pr;1123 return 0;1124 }1125 krb5_free_principal(context, pr);1126 krb5_clear_error_message (context);1127 return HEIM_ERR_V4_PRINC_NO_CONV;1128 }1129 1130 #endif /* KRB4 */1131 1132 #ifndef HEIMDAL_SMALLER1133 1134 static int1135 check_list(const krb5_config_binding *l, const char *name, const char **out)1136 {1137 while(l){1138 if (l->type != krb5_config_string)1139 continue;1140 if(strcmp(name, l->u.string) == 0) {1141 *out = l->name;1142 return 1;1143 }1144 l = l->next;1145 }1146 return 0;1147 }1148 1149 static int1150 name_convert(krb5_context context, const char *name, const char *realm,1151 const char **out)1152 {1153 const krb5_config_binding *l;1154 l = krb5_config_get_list (context,1155 NULL,1156 "realms",1157 realm,1158 "v4_name_convert",1159 "host",1160 NULL);1161 if(l && check_list(l, name, out))1162 return KRB5_NT_SRV_HST;1163 l = krb5_config_get_list (context,1164 NULL,1165 "libdefaults",1166 "v4_name_convert",1167 "host",1168 NULL);1169 if(l && check_list(l, name, out))1170 return KRB5_NT_SRV_HST;1171 l = krb5_config_get_list (context,1172 NULL,1173 "realms",1174 realm,1175 "v4_name_convert",1176 "plain",1177 NULL);1178 if(l && check_list(l, name, out))1179 return KRB5_NT_UNKNOWN;1180 l = krb5_config_get_list (context,1181 NULL,1182 "libdefaults",1183 "v4_name_convert",1184 "host",1185 NULL);1186 if(l && check_list(l, name, out))1187 return KRB5_NT_UNKNOWN;1188 1189 /* didn't find it in config file, try built-in list */1190 #ifdef KRB41191 {1192 struct v4_name_convert *q;1193 for(q = default_v4_name_convert; q->from; q++) {1194 if(strcmp(name, q->to) == 0) {1195 *out = q->from;1196 return KRB5_NT_SRV_HST;1197 }1198 }1199 }1200 #endif1201 return -1;1202 }1203 1204 /*1205 * convert the v5 principal in `principal' into a v4 corresponding one1206 * in `name, instance, realm'1207 * this is limited interface since there's no length given for these1208 * three parameters. They have to be 40 bytes each (ANAME_SZ).1209 */1210 1211 krb5_error_code KRB5_LIB_FUNCTION1212 krb5_524_conv_principal(krb5_context context,1213 const krb5_principal principal,1214 char *name,1215 char *instance,1216 char *realm)1217 {1218 const char *n, *i, *r;1219 char tmpinst[40];1220 int type = princ_type(principal);1221 const int aname_sz = 40;1222 1223 r = principal->realm;1224 1225 switch(principal->name.name_string.len){1226 case 1:1227 n = principal->name.name_string.val[0];1228 i = "";1229 break;1230 case 2:1231 n = principal->name.name_string.val[0];1232 i = principal->name.name_string.val[1];1233 break;1234 default:1235 krb5_set_error_message(context, KRB5_PARSE_MALFORMED,1236 N_("cannot convert a %d "1237 "component principal", ""),1238 principal->name.name_string.len);1239 return KRB5_PARSE_MALFORMED;1240 }1241 1242 {1243 const char *tmp;1244 int t = name_convert(context, n, r, &tmp);1245 if(t >= 0) {1246 type = t;1247 n = tmp;1248 }1249 }1250 1251 if(type == KRB5_NT_SRV_HST){1252 char *p;1253 1254 strlcpy (tmpinst, i, sizeof(tmpinst));1255 p = strchr(tmpinst, '.');1256 if(p)1257 *p = 0;1258 i = tmpinst;1259 }1260 1261 if (strlcpy (name, n, aname_sz) >= aname_sz) {1262 krb5_set_error_message(context, KRB5_PARSE_MALFORMED,1263 N_("too long name component to convert", ""));1264 return KRB5_PARSE_MALFORMED;1265 }1266 if (strlcpy (instance, i, aname_sz) >= aname_sz) {1267 krb5_set_error_message(context, KRB5_PARSE_MALFORMED,1268 N_("too long instance component to convert", ""));1269 return KRB5_PARSE_MALFORMED;1270 }1271 if (strlcpy (realm, r, aname_sz) >= aname_sz) {1272 krb5_set_error_message(context, KRB5_PARSE_MALFORMED,1273 N_("too long realm component to convert", ""));1274 return KRB5_PARSE_MALFORMED;1275 }1276 return 0;1277 }1278 1279 #endif /* !HEIMDAL_SMALLER */1280 1281 1016 /** 1282 1017 * Create a principal for the service running on hostname. If … … 1295 1030 */ 1296 1031 1297 krb5_error_code KRB5_LIB_FUNCTION 1032 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1298 1033 krb5_sname_to_principal (krb5_context context, 1299 1034 const char *hostname, … … 1365 1100 }; 1366 1101 1367 krb5_error_code 1102 /** 1103 * Parse nametype string and return a nametype integer 1104 * 1105 * @ingroup krb5_principal 1106 */ 1107 1108 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1368 1109 krb5_parse_nametype(krb5_context context, const char *str, int32_t *nametype) 1369 1110 { … … 1380 1121 return KRB5_PARSE_MALFORMED; 1381 1122 } 1123 1124 /** 1125 * Check if the cname part of the principal is a krbtgt principal 1126 * 1127 * @ingroup krb5_principal 1128 */ 1129 1130 KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL 1131 krb5_principal_is_krbtgt(krb5_context context, krb5_const_principal p) 1132 { 1133 return p->name.name_string.len == 2 && 1134 strcmp(p->name.name_string.val[0], KRB5_TGS_NAME) == 0; 1135 1136 } -
trunk/server/source4/heimdal/lib/krb5/prog_setup.c
r414 r745 36 36 #include <err.h> 37 37 38 void KRB5_LIB_FUNCTION 38 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 39 39 krb5_std_usage(int code, struct getargs *args, int num_args) 40 40 { … … 43 43 } 44 44 45 int KRB5_LIB_FUNCTION 45 KRB5_LIB_FUNCTION int KRB5_LIB_CALL 46 46 krb5_program_setup(krb5_context *context, int argc, char **argv, 47 47 struct getargs *args, int num_args, 48 void ( *usage)(int, struct getargs*, int))48 void (KRB5_LIB_CALL *usage)(int, struct getargs*, int)) 49 49 { 50 50 krb5_error_code ret; -
trunk/server/source4/heimdal/lib/krb5/prompter_posix.c
r414 r745 34 34 #include "krb5_locl.h" 35 35 36 int KRB5_LIB_FUNCTION 36 KRB5_LIB_FUNCTION int KRB5_CALLCONV 37 37 krb5_prompter_posix (krb5_context context, 38 38 void *data, -
trunk/server/source4/heimdal/lib/krb5/rd_cred.c
r414 r745 32 32 */ 33 33 34 #include <krb5_locl.h>34 #include "krb5_locl.h" 35 35 36 36 static krb5_error_code … … 53 53 } 54 54 55 krb5_error_code KRB5_LIB_FUNCTION 55 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 56 56 krb5_rd_cred(krb5_context context, 57 57 krb5_auth_context auth_context, … … 323 323 } 324 324 325 krb5_error_code KRB5_LIB_FUNCTION 325 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 326 326 krb5_rd_cred2 (krb5_context context, 327 327 krb5_auth_context auth_context, -
trunk/server/source4/heimdal/lib/krb5/rd_error.c
r414 r745 34 34 #include "krb5_locl.h" 35 35 36 krb5_error_code KRB5_LIB_FUNCTION 36 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 37 37 krb5_rd_error(krb5_context context, 38 38 const krb5_data *msg, … … 52 52 } 53 53 54 void KRB5_LIB_FUNCTION 54 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 55 55 krb5_free_error_contents (krb5_context context, 56 56 krb5_error *error) … … 60 60 } 61 61 62 void KRB5_LIB_FUNCTION 62 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 63 63 krb5_free_error (krb5_context context, 64 64 krb5_error *error) … … 68 68 } 69 69 70 krb5_error_code KRB5_LIB_FUNCTION 70 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 71 71 krb5_error_from_rd_error(krb5_context context, 72 72 const krb5_error *error, -
trunk/server/source4/heimdal/lib/krb5/rd_priv.c
r414 r745 32 32 */ 33 33 34 #include <krb5_locl.h>34 #include "krb5_locl.h" 35 35 36 krb5_error_code KRB5_LIB_FUNCTION 36 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 37 37 krb5_rd_priv(krb5_context context, 38 38 krb5_auth_context auth_context, -
trunk/server/source4/heimdal/lib/krb5/rd_rep.c
r414 r745 32 32 */ 33 33 34 #include <krb5_locl.h>34 #include "krb5_locl.h" 35 35 36 krb5_error_code KRB5_LIB_FUNCTION 36 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 37 37 krb5_rd_rep(krb5_context context, 38 38 krb5_auth_context auth_context, … … 109 109 } 110 110 111 void KRB5_LIB_FUNCTION 111 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 112 112 krb5_free_ap_rep_enc_part (krb5_context context, 113 113 krb5_ap_rep_enc_part *val) -
trunk/server/source4/heimdal/lib/krb5/rd_req.c
r414 r745 1 1 2 /* 2 3 * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan … … 32 33 */ 33 34 34 #include <krb5_locl.h>35 #include "krb5_locl.h" 35 36 36 37 static krb5_error_code … … 103 104 } 104 105 105 krb5_error_code KRB5_LIB_FUNCTION 106 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 106 107 krb5_decode_ap_req(krb5_context context, 107 108 const krb5_data *inbuf, … … 218 219 } 219 220 220 krb5_error_code KRB5_LIB_FUNCTION 221 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 221 222 krb5_decrypt_ticket(krb5_context context, 222 223 Ticket *ticket, … … 267 268 } 268 269 269 krb5_error_code KRB5_LIB_FUNCTION 270 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 270 271 krb5_verify_authenticator_checksum(krb5_context context, 271 272 krb5_auth_context ac, … … 309 310 310 311 311 krb5_error_code KRB5_LIB_FUNCTION 312 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 312 313 krb5_verify_ap_req(krb5_context context, 313 314 krb5_auth_context *auth_context, … … 330 331 } 331 332 332 krb5_error_code KRB5_LIB_FUNCTION 333 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 333 334 krb5_verify_ap_req2(krb5_context context, 334 335 krb5_auth_context *auth_context, … … 539 540 */ 540 541 541 krb5_error_code KRB5_LIB_FUNCTION 542 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 542 543 krb5_rd_req_in_ctx_alloc(krb5_context context, krb5_rd_req_in_ctx *ctx) 543 544 { … … 566 567 */ 567 568 568 krb5_error_code KRB5_LIB_FUNCTION 569 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 569 570 krb5_rd_req_in_set_keytab(krb5_context context, 570 571 krb5_rd_req_in_ctx in, … … 587 588 */ 588 589 589 krb5_error_code KRB5_LIB_FUNCTION 590 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 590 591 krb5_rd_req_in_set_pac_check(krb5_context context, 591 592 krb5_rd_req_in_ctx in, … … 597 598 598 599 599 krb5_error_code KRB5_LIB_FUNCTION 600 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 600 601 krb5_rd_req_in_set_keyblock(krb5_context context, 601 602 krb5_rd_req_in_ctx in, … … 606 607 } 607 608 608 krb5_error_code KRB5_LIB_FUNCTION 609 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 609 610 krb5_rd_req_out_get_ap_req_options(krb5_context context, 610 611 krb5_rd_req_out_ctx out, … … 615 616 } 616 617 617 krb5_error_code KRB5_LIB_FUNCTION 618 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 618 619 krb5_rd_req_out_get_ticket(krb5_context context, 619 620 krb5_rd_req_out_ctx out, … … 623 624 } 624 625 625 krb5_error_code KRB5_LIB_FUNCTION 626 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 626 627 krb5_rd_req_out_get_keyblock(krb5_context context, 627 628 krb5_rd_req_out_ctx out, … … 643 644 */ 644 645 645 krb5_error_code KRB5_LIB_FUNCTION 646 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 646 647 krb5_rd_req_out_get_server(krb5_context context, 647 648 krb5_rd_req_out_ctx out, … … 651 652 } 652 653 653 void KRB5_LIB_FUNCTION 654 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 654 655 krb5_rd_req_in_ctx_free(krb5_context context, krb5_rd_req_in_ctx ctx) 655 656 { … … 666 667 */ 667 668 668 void KRB5_LIB_FUNCTION 669 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 669 670 krb5_rd_req_out_ctx_free(krb5_context context, krb5_rd_req_out_ctx ctx) 670 671 { … … 682 683 */ 683 684 684 krb5_error_code KRB5_LIB_FUNCTION 685 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 685 686 krb5_rd_req(krb5_context context, 686 687 krb5_auth_context *auth_context, … … 727 728 */ 728 729 729 krb5_error_code KRB5_LIB_FUNCTION 730 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 730 731 krb5_rd_req_with_keyblock(krb5_context context, 731 732 krb5_auth_context *auth_context, … … 821 822 * 822 823 * @param server the server with authenticate as, if NULL the function 823 * will try to find any avai able credentintial in the keytab824 * will try to find any available credential in the keytab 824 825 * that will verify the reply. The function will prefer the 825 826 * server the server client specified in the AP-REQ, but if … … 835 836 */ 836 837 837 krb5_error_code KRB5_LIB_FUNCTION 838 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 838 839 krb5_rd_req_ctx(krb5_context context, 839 840 krb5_auth_context *auth_context, … … 926 927 if (ret) { 927 928 /* If caller specified a server, fail. */ 928 if (service == NULL )929 if (service == NULL && (context->flags & KRB5_CTX_F_RD_REQ_IGNORE) == 0) 929 930 goto out; 930 931 /* Otherwise, fall back to iterating over the keytab. This -
trunk/server/source4/heimdal/lib/krb5/replay.c
r414 r745 39 39 }; 40 40 41 krb5_error_code KRB5_LIB_FUNCTION 41 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 42 42 krb5_rc_resolve(krb5_context context, 43 43 krb5_rcache id, … … 53 53 } 54 54 55 krb5_error_code KRB5_LIB_FUNCTION 55 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 56 56 krb5_rc_resolve_type(krb5_context context, 57 57 krb5_rcache *id, … … 74 74 } 75 75 76 krb5_error_code KRB5_LIB_FUNCTION 76 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 77 77 krb5_rc_resolve_full(krb5_context context, 78 78 krb5_rcache *id, … … 100 100 } 101 101 102 const char* KRB5_LIB_FUNCTION 102 KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL 103 103 krb5_rc_default_name(krb5_context context) 104 104 { … … 106 106 } 107 107 108 const char* KRB5_LIB_FUNCTION 108 KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL 109 109 krb5_rc_default_type(krb5_context context) 110 110 { … … 112 112 } 113 113 114 krb5_error_code KRB5_LIB_FUNCTION 114 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 115 115 krb5_rc_default(krb5_context context, 116 116 krb5_rcache *id) … … 124 124 }; 125 125 126 krb5_error_code KRB5_LIB_FUNCTION 126 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 127 127 krb5_rc_initialize(krb5_context context, 128 128 krb5_rcache id, … … 134 134 135 135 if(f == NULL) { 136 char buf[128]; 136 137 ret = errno; 137 krb5_set_error_message(context, ret, "open(%s): %s", id->name,138 strerror(ret));138 rk_strerror_r(ret, buf, sizeof(buf)); 139 krb5_set_error_message(context, ret, "open(%s): %s", id->name, buf); 139 140 return ret; 140 141 } … … 145 146 } 146 147 147 krb5_error_code KRB5_LIB_FUNCTION 148 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 148 149 krb5_rc_recover(krb5_context context, 149 150 krb5_rcache id) … … 152 153 } 153 154 154 krb5_error_code KRB5_LIB_FUNCTION 155 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 155 156 krb5_rc_destroy(krb5_context context, 156 157 krb5_rcache id) … … 159 160 160 161 if(remove(id->name) < 0) { 162 char buf[128]; 161 163 ret = errno; 162 krb5_set_error_message(context, ret, "remove(%s): %s", id->name,163 strerror(ret));164 rk_strerror_r(ret, buf, sizeof(buf)); 165 krb5_set_error_message(context, ret, "remove(%s): %s", id->name, buf); 164 166 return ret; 165 167 } … … 167 169 } 168 170 169 krb5_error_code KRB5_LIB_FUNCTION 171 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 170 172 krb5_rc_close(krb5_context context, 171 173 krb5_rcache id) … … 179 181 checksum_authenticator(Authenticator *auth, void *data) 180 182 { 181 MD5_CTX md5; 182 int i; 183 184 MD5_Init (&md5); 185 MD5_Update (&md5, auth->crealm, strlen(auth->crealm)); 183 EVP_MD_CTX *m = EVP_MD_CTX_create(); 184 unsigned i; 185 186 EVP_DigestInit_ex(m, EVP_md5(), NULL); 187 188 EVP_DigestUpdate(m, auth->crealm, strlen(auth->crealm)); 186 189 for(i = 0; i < auth->cname.name_string.len; i++) 187 MD5_Update(&md5, auth->cname.name_string.val[i],190 EVP_DigestUpdate(m, auth->cname.name_string.val[i], 188 191 strlen(auth->cname.name_string.val[i])); 189 MD5_Update (&md5, &auth->ctime, sizeof(auth->ctime)); 190 MD5_Update (&md5, &auth->cusec, sizeof(auth->cusec)); 191 MD5_Final (data, &md5); 192 } 193 194 krb5_error_code KRB5_LIB_FUNCTION 192 EVP_DigestUpdate(m, &auth->ctime, sizeof(auth->ctime)); 193 EVP_DigestUpdate(m, &auth->cusec, sizeof(auth->cusec)); 194 195 EVP_DigestFinal_ex(m, data, NULL); 196 EVP_MD_CTX_destroy(m); 197 } 198 199 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 195 200 krb5_rc_store(krb5_context context, 196 201 krb5_rcache id, … … 206 211 f = fopen(id->name, "r"); 207 212 if(f == NULL) { 213 char buf[128]; 208 214 ret = errno; 209 krb5_set_error_message(context, ret, "open(%s): %s", id->name,210 strerror(ret));215 rk_strerror_r(ret, buf, sizeof(buf)); 216 krb5_set_error_message(context, ret, "open(%s): %s", id->name, buf); 211 217 return ret; 212 218 } … … 224 230 } 225 231 if(ferror(f)){ 232 char buf[128]; 226 233 ret = errno; 227 234 fclose(f); 235 rk_strerror_r(ret, buf, sizeof(buf)); 228 236 krb5_set_error_message(context, ret, "%s: %s", 229 id->name, strerror(ret));237 id->name, buf); 230 238 return ret; 231 239 } … … 233 241 f = fopen(id->name, "a"); 234 242 if(f == NULL) { 243 char buf[128]; 244 rk_strerror_r(errno, buf, sizeof(buf)); 235 245 krb5_set_error_message(context, KRB5_RC_IO_UNKNOWN, 236 "open(%s): %s", id->name, 237 strerror(errno)); 246 "open(%s): %s", id->name, buf); 238 247 return KRB5_RC_IO_UNKNOWN; 239 248 } … … 243 252 } 244 253 245 krb5_error_code KRB5_LIB_FUNCTION 254 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 246 255 krb5_rc_expunge(krb5_context context, 247 256 krb5_rcache id) … … 250 259 } 251 260 252 krb5_error_code KRB5_LIB_FUNCTION 261 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 253 262 krb5_rc_get_lifespan(krb5_context context, 254 263 krb5_rcache id, … … 268 277 } 269 278 270 const char* KRB5_LIB_FUNCTION 279 KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL 271 280 krb5_rc_get_name(krb5_context context, 272 281 krb5_rcache id) … … 275 284 } 276 285 277 const char* KRB5_LIB_FUNCTION 286 KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL 278 287 krb5_rc_get_type(krb5_context context, 279 288 krb5_rcache id) … … 282 291 } 283 292 284 krb5_error_code KRB5_LIB_FUNCTION 293 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 285 294 krb5_get_server_rcache(krb5_context context, 286 295 const krb5_data *piece, … … 300 309 strvisx(tmp, piece->data, piece->length, VIS_WHITE | VIS_OCTAL); 301 310 #ifdef HAVE_GETEUID 302 asprintf(&name, "FILE:rc_%s_%u", tmp, (unsigned)geteuid());311 ret = asprintf(&name, "FILE:rc_%s_%u", tmp, (unsigned)geteuid()); 303 312 #else 304 asprintf(&name, "FILE:rc_%s", tmp);313 ret = asprintf(&name, "FILE:rc_%s", tmp); 305 314 #endif 306 315 free(tmp); 307 if( name == NULL) {316 if(ret < 0 || name == NULL) { 308 317 krb5_set_error_message(context, ENOMEM, 309 318 N_("malloc: out of memory", "")); -
trunk/server/source4/heimdal/lib/krb5/send_to_kdc.c
r414 r745 48 48 49 49 static int 50 recv_loop ( int fd,50 recv_loop (krb5_socket_t fd, 51 51 time_t tmout, 52 52 int udp, … … 59 59 int nbytes; 60 60 61 #ifndef NO_LIMIT_FD_SETSIZE 61 62 if (fd >= FD_SETSIZE) { 62 63 return -1; 63 64 } 65 #endif 64 66 65 67 krb5_data_zero(rep); … … 79 81 void *tmp; 80 82 81 if ( ioctl(fd, FIONREAD, &nbytes) < 0) {83 if (rk_SOCK_IOCTL (fd, FIONREAD, &nbytes) < 0) { 82 84 krb5_data_free (rep); 83 85 return -1; … … 112 114 113 115 static int 114 send_and_recv_udp( int fd,116 send_and_recv_udp(krb5_socket_t fd, 115 117 time_t tmout, 116 118 const krb5_data *req, … … 131 133 132 134 static int 133 send_and_recv_tcp( int fd,135 send_and_recv_tcp(krb5_socket_t fd, 134 136 time_t tmout, 135 137 const krb5_data *req, … … 141 143 142 144 _krb5_put_int(len, req->length, 4); 143 if(net_write (fd, len, sizeof(len)) < 0)144 return -1; 145 if(net_write (fd, req->data, req->length) < 0)145 if(net_write (fd, len, sizeof(len)) < 0) 146 return -1; 147 if(net_write (fd, req->data, req->length) < 0) 146 148 return -1; 147 149 if (recv_loop (fd, tmout, 0, 4, &len_data) < 0) … … 163 165 164 166 int 165 _krb5_send_and_recv_tcp( int fd,167 _krb5_send_and_recv_tcp(krb5_socket_t fd, 166 168 time_t tmout, 167 169 const krb5_data *req, … … 176 178 177 179 static int 178 send_and_recv_http( int fd,180 send_and_recv_http(krb5_socket_t fd, 179 181 time_t tmout, 180 182 const char *prefix, … … 182 184 krb5_data *rep) 183 185 { 184 char *request ;186 char *request = NULL; 185 187 char *str; 186 188 int ret; … … 189 191 if(len < 0) 190 192 return -1; 191 asprintf(&request, "GET %s%s HTTP/1.0\r\n\r\n", prefix, str);193 ret = asprintf(&request, "GET %s%s HTTP/1.0\r\n\r\n", prefix, str); 192 194 free(str); 193 if (re quest == NULL)195 if (ret < 0 || request == NULL) 194 196 return -1; 195 197 ret = net_write (fd, request, strlen(request)); … … 260 262 char *proxy2 = strdup(context->http_proxy); 261 263 char *proxy = proxy2; 262 char *prefix ;264 char *prefix = NULL; 263 265 char *colon; 264 266 struct addrinfo hints; 265 267 struct addrinfo *ai, *a; 266 268 int ret; 267 int s = -1;269 krb5_socket_t s = rk_INVALID_SOCKET; 268 270 char portstr[NI_MAXSERV]; 269 271 … … 287 289 288 290 for (a = ai; a != NULL; a = a->ai_next) { 289 s = socket (a->ai_family, a->ai_socktype , a->ai_protocol | SOCK_CLOEXEC);291 s = socket (a->ai_family, a->ai_socktype | SOCK_CLOEXEC, a->ai_protocol); 290 292 if (s < 0) 291 293 continue; 292 294 rk_cloexec(s); 293 295 if (connect (s, a->ai_addr, a->ai_addrlen) < 0) { 294 close(s);296 rk_closesocket (s); 295 297 continue; 296 298 } … … 303 305 freeaddrinfo (ai); 304 306 305 asprintf(&prefix, "http://%s/", hi->hostname);306 if( prefix == NULL) {307 ret = asprintf(&prefix, "http://%s/", hi->hostname); 308 if(ret < 0 || prefix == NULL) { 307 309 close(s); 308 310 return 1; … … 310 312 ret = send_and_recv_http(s, context->kdc_timeout, 311 313 prefix, send_data, receive); 312 close(s);314 rk_closesocket (s); 313 315 free(prefix); 314 316 if(ret == 0 && receive->length != 0) … … 362 364 */ 363 365 364 krb5_error_code KRB5_LIB_FUNCTION 366 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 365 367 krb5_sendto (krb5_context context, 366 368 const krb5_data *send_data, … … 369 371 { 370 372 krb5_error_code ret; 371 int fd;373 krb5_socket_t fd; 372 374 int i; 373 375 … … 379 381 while (krb5_krbhst_next(context, handle, &hi) == 0) { 380 382 struct addrinfo *ai, *a; 383 384 _krb5_debug(context, 2, 385 "trying to communicate with host %s in realm %s", 386 hi->hostname, _krb5_krbhst_get_realm(handle)); 381 387 382 388 if (context->send_to_kdc) { … … 411 417 for (a = ai; a != NULL; a = a->ai_next) { 412 418 fd = socket (a->ai_family, a->ai_socktype | SOCK_CLOEXEC, a->ai_protocol); 413 if ( fd < 0)419 if (rk_IS_BAD_SOCKET(fd)) 414 420 continue; 415 421 rk_cloexec(fd); 416 422 if (connect (fd, a->ai_addr, a->ai_addrlen) < 0) { 417 close(fd);423 rk_closesocket (fd); 418 424 continue; 419 425 } … … 432 438 break; 433 439 } 434 close(fd);440 rk_closesocket (fd); 435 441 if(ret == 0 && receive->length != 0) 436 442 goto out; … … 442 448 ret = KRB5_KDC_UNREACH; 443 449 out: 450 _krb5_debug(context, 2, 451 "result of trying to talk to realm %s = %d", 452 _krb5_krbhst_get_realm(handle), ret); 444 453 return ret; 445 454 } 446 455 447 krb5_error_code KRB5_LIB_FUNCTION 456 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 448 457 krb5_sendto_kdc(krb5_context context, 449 458 const krb5_data *send_data, … … 454 463 } 455 464 456 krb5_error_code KRB5_LIB_FUNCTION 465 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 457 466 krb5_sendto_kdc_flags(krb5_context context, 458 467 const krb5_data *send_data, … … 475 484 } 476 485 477 krb5_error_code KRB5_LIB_FUNCTION 486 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 478 487 krb5_set_send_to_kdc_func(krb5_context context, 479 488 krb5_send_to_kdc_func func, … … 498 507 } 499 508 500 krb5_error_code KRB5_LIB_FUNCTION 509 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 501 510 _krb5_copy_send_to_kdc_func(krb5_context context, krb5_context to) 502 511 { … … 518 527 }; 519 528 520 krb5_error_code KRB5_LIB_FUNCTION 529 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 521 530 krb5_sendto_ctx_alloc(krb5_context context, krb5_sendto_ctx *ctx) 522 531 { … … 530 539 } 531 540 532 void KRB5_LIB_FUNCTION 541 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 533 542 krb5_sendto_ctx_add_flags(krb5_sendto_ctx ctx, int flags) 534 543 { … … 536 545 } 537 546 538 int KRB5_LIB_FUNCTION 547 KRB5_LIB_FUNCTION int KRB5_LIB_CALL 539 548 krb5_sendto_ctx_get_flags(krb5_sendto_ctx ctx) 540 549 { … … 542 551 } 543 552 544 void KRB5_LIB_FUNCTION 553 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 545 554 krb5_sendto_ctx_set_type(krb5_sendto_ctx ctx, int type) 546 555 { … … 549 558 550 559 551 void KRB5_LIB_FUNCTION 560 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 552 561 krb5_sendto_ctx_set_func(krb5_sendto_ctx ctx, 553 562 krb5_sendto_ctx_func func, … … 558 567 } 559 568 560 void KRB5_LIB_FUNCTION 569 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 561 570 krb5_sendto_ctx_free(krb5_context context, krb5_sendto_ctx ctx) 562 571 { … … 565 574 } 566 575 567 krb5_error_code KRB5_LIB_FUNCTION 576 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 568 577 krb5_sendto_context(krb5_context context, 569 578 krb5_sendto_ctx ctx, … … 640 649 } 641 650 642 krb5_error_code 651 krb5_error_code KRB5_CALLCONV 643 652 _krb5_kdc_retry(krb5_context context, krb5_sendto_ctx ctx, void *data, 644 653 const krb5_data *reply, int *action) -
trunk/server/source4/heimdal/lib/krb5/set_default_realm.c
r414 r745 66 66 */ 67 67 68 krb5_error_code KRB5_LIB_FUNCTION 68 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 69 69 krb5_set_default_realm(krb5_context context, 70 70 const char *realm) -
trunk/server/source4/heimdal/lib/krb5/store.c
r414 r745 41 41 krb5_storage_is_flags((SP), KRB5_STORAGE_HOST_BYTEORDER)) 42 42 43 void KRB5_LIB_FUNCTION 43 /** 44 * Add the flags on a storage buffer by or-ing in the flags to the buffer. 45 * 46 * @param sp the storage buffer to set the flags on 47 * @param flags the flags to set 48 * 49 * @ingroup krb5_storage 50 */ 51 52 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 44 53 krb5_storage_set_flags(krb5_storage *sp, krb5_flags flags) 45 54 { … … 47 56 } 48 57 49 void KRB5_LIB_FUNCTION 58 /** 59 * Clear the flags on a storage buffer 60 * 61 * @param sp the storage buffer to clear the flags on 62 * @param flags the flags to clear 63 * 64 * @ingroup krb5_storage 65 */ 66 67 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 50 68 krb5_storage_clear_flags(krb5_storage *sp, krb5_flags flags) 51 69 { … … 65 83 */ 66 84 67 krb5_boolean KRB5_LIB_FUNCTION 85 KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL 68 86 krb5_storage_is_flags(krb5_storage *sp, krb5_flags flags) 69 87 { … … 83 101 */ 84 102 85 void KRB5_LIB_FUNCTION 103 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 86 104 krb5_storage_set_byteorder(krb5_storage *sp, krb5_flags byteorder) 87 105 { … … 96 114 */ 97 115 98 krb5_flags KRB5_LIB_FUNCTION 116 KRB5_LIB_FUNCTION krb5_flags KRB5_LIB_CALL 99 117 krb5_storage_get_byteorder(krb5_storage *sp) 100 118 { … … 115 133 */ 116 134 117 off_t KRB5_LIB_FUNCTION 135 KRB5_LIB_FUNCTION off_t KRB5_LIB_CALL 118 136 krb5_storage_seek(krb5_storage *sp, off_t offset, int whence) 119 137 { … … 132 150 */ 133 151 134 int KRB5_LIB_FUNCTION 152 KRB5_LIB_FUNCTION int KRB5_LIB_CALL 135 153 krb5_storage_truncate(krb5_storage *sp, off_t offset) 136 154 { … … 150 168 */ 151 169 152 krb5_ssize_t KRB5_LIB_FUNCTION 170 KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL 153 171 krb5_storage_read(krb5_storage *sp, void *buf, size_t len) 154 172 { … … 168 186 */ 169 187 170 krb5_ssize_t KRB5_LIB_FUNCTION 188 KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL 171 189 krb5_storage_write(krb5_storage *sp, const void *buf, size_t len) 172 190 { … … 183 201 */ 184 202 185 void KRB5_LIB_FUNCTION 203 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 186 204 krb5_storage_set_eof_code(krb5_storage *sp, int code) 187 205 { … … 199 217 */ 200 218 201 int KRB5_LIB_FUNCTION 219 KRB5_LIB_FUNCTION int KRB5_LIB_CALL 202 220 krb5_storage_get_eof_code(krb5_storage *sp) 203 221 { … … 205 223 } 206 224 207 krb5_ssize_t KRB5_LIB_FUNCTION208 _krb5_put_int(void *buffer, unsigned long value, size_t size)209 {210 unsigned char *p = buffer;211 int i;212 for (i = size - 1; i >= 0; i--) {213 p[i] = value & 0xff;214 value >>= 8;215 }216 return size;217 }218 219 krb5_ssize_t KRB5_LIB_FUNCTION220 _krb5_get_int(void *buffer, unsigned long *value, size_t size)221 {222 unsigned char *p = buffer;223 unsigned long v = 0;224 int i;225 for (i = 0; i < size; i++)226 v = (v << 8) + p[i];227 *value = v;228 return size;229 }230 231 225 /** 232 226 * Free a krb5 storage. … … 239 233 */ 240 234 241 krb5_error_code KRB5_LIB_FUNCTION 235 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 242 236 krb5_storage_free(krb5_storage *sp) 243 237 { … … 260 254 */ 261 255 262 krb5_error_code KRB5_LIB_FUNCTION 256 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 263 257 krb5_storage_to_data(krb5_storage *sp, krb5_data *data) 264 258 { … … 314 308 */ 315 309 316 krb5_error_code KRB5_LIB_FUNCTION 310 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 317 311 krb5_store_int32(krb5_storage *sp, 318 312 int32_t value) … … 337 331 */ 338 332 339 krb5_error_code KRB5_LIB_FUNCTION 333 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 340 334 krb5_store_uint32(krb5_storage *sp, 341 335 uint32_t value) … … 360 354 } 361 355 362 krb5_error_code KRB5_LIB_FUNCTION 356 /** 357 * Read a int32 from storage, byte order is controlled by the settings 358 * on the storage, see krb5_storage_set_byteorder(). 359 * 360 * @param sp the storage to write too 361 * @param value the value read from the buffer 362 * 363 * @return 0 for success, or a Kerberos 5 error code on failure. 364 * 365 * @ingroup krb5_storage 366 */ 367 368 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 363 369 krb5_ret_int32(krb5_storage *sp, 364 370 int32_t *value) … … 374 380 } 375 381 376 krb5_error_code KRB5_LIB_FUNCTION 382 /** 383 * Read a uint32 from storage, byte order is controlled by the settings 384 * on the storage, see krb5_storage_set_byteorder(). 385 * 386 * @param sp the storage to write too 387 * @param value the value read from the buffer 388 * 389 * @return 0 for success, or a Kerberos 5 error code on failure. 390 * 391 * @ingroup krb5_storage 392 */ 393 394 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 377 395 krb5_ret_uint32(krb5_storage *sp, 378 396 uint32_t *value) … … 400 418 */ 401 419 402 krb5_error_code KRB5_LIB_FUNCTION 420 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 403 421 krb5_store_int16(krb5_storage *sp, 404 422 int16_t value) … … 423 441 */ 424 442 425 krb5_error_code KRB5_LIB_FUNCTION 443 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 426 444 krb5_store_uint16(krb5_storage *sp, 427 445 uint16_t value) … … 430 448 } 431 449 432 krb5_error_code KRB5_LIB_FUNCTION 450 /** 451 * Read a int16 from storage, byte order is controlled by the settings 452 * on the storage, see krb5_storage_set_byteorder(). 453 * 454 * @param sp the storage to write too 455 * @param value the value read from the buffer 456 * 457 * @return 0 for success, or a Kerberos 5 error code on failure. 458 * 459 * @ingroup krb5_storage 460 */ 461 462 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 433 463 krb5_ret_int16(krb5_storage *sp, 434 464 int16_t *value) … … 447 477 } 448 478 449 krb5_error_code KRB5_LIB_FUNCTION 479 /** 480 * Read a int16 from storage, byte order is controlled by the settings 481 * on the storage, see krb5_storage_set_byteorder(). 482 * 483 * @param sp the storage to write too 484 * @param value the value read from the buffer 485 * 486 * @return 0 for success, or a Kerberos 5 error code on failure. 487 * 488 * @ingroup krb5_storage 489 */ 490 491 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 450 492 krb5_ret_uint16(krb5_storage *sp, 451 493 uint16_t *value) … … 472 514 */ 473 515 474 krb5_error_code KRB5_LIB_FUNCTION 516 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 475 517 krb5_store_int8(krb5_storage *sp, 476 518 int8_t value) … … 495 537 */ 496 538 497 krb5_error_code KRB5_LIB_FUNCTION 539 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 498 540 krb5_store_uint8(krb5_storage *sp, 499 541 uint8_t value) … … 502 544 } 503 545 504 krb5_error_code KRB5_LIB_FUNCTION 546 /** 547 * Read a int8 from storage 548 * 549 * @param sp the storage to write too 550 * @param value the value read from the buffer 551 * 552 * @return 0 for success, or a Kerberos 5 error code on failure. 553 * 554 * @ingroup krb5_storage 555 */ 556 557 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 505 558 krb5_ret_int8(krb5_storage *sp, 506 559 int8_t *value) … … 514 567 } 515 568 516 krb5_error_code KRB5_LIB_FUNCTION 569 /** 570 * Read a uint8 from storage 571 * 572 * @param sp the storage to write too 573 * @param value the value read from the buffer 574 * 575 * @return 0 for success, or a Kerberos 5 error code on failure. 576 * 577 * @ingroup krb5_storage 578 */ 579 580 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 517 581 krb5_ret_uint8(krb5_storage *sp, 518 582 uint8_t *value) … … 529 593 530 594 /** 531 * Store a data to the storage. 595 * Store a data to the storage. The data is stored with an int32 as 596 * lenght plus the data (not padded). 532 597 * 533 598 * @param sp the storage buffer to write to … … 539 604 */ 540 605 541 krb5_error_code KRB5_LIB_FUNCTION 606 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 542 607 krb5_store_data(krb5_storage *sp, 543 608 krb5_data data) … … 567 632 */ 568 633 569 krb5_error_code KRB5_LIB_FUNCTION 634 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 570 635 krb5_ret_data(krb5_storage *sp, 571 636 krb5_data *data) … … 588 653 } 589 654 590 krb5_error_code KRB5_LIB_FUNCTION 655 /** 656 * Store a string to the buffer. The data is formated as an len:uint32 657 * plus the string itself (not padded). 658 * 659 * @param sp the storage buffer to write to 660 * @param s the string to store. 661 * 662 * @return 0 on success, a Kerberos 5 error code on failure. 663 * 664 * @ingroup krb5_storage 665 */ 666 667 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 591 668 krb5_store_string(krb5_storage *sp, const char *s) 592 669 { … … 597 674 } 598 675 599 krb5_error_code KRB5_LIB_FUNCTION 676 /** 677 * Parse a string from the storage. 678 * 679 * @param sp the storage buffer to read from 680 * @param string the parsed string 681 * 682 * @return 0 on success, a Kerberos 5 error code on failure. 683 * 684 * @ingroup krb5_storage 685 */ 686 687 688 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 600 689 krb5_ret_string(krb5_storage *sp, 601 690 char **string) … … 615 704 } 616 705 617 krb5_error_code KRB5_LIB_FUNCTION 706 /** 707 * Store a zero terminated string to the buffer. The data is stored 708 * one character at a time until a NUL is stored. 709 * 710 * @param sp the storage buffer to write to 711 * @param s the string to store. 712 * 713 * @return 0 on success, a Kerberos 5 error code on failure. 714 * 715 * @ingroup krb5_storage 716 */ 717 718 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 618 719 krb5_store_stringz(krb5_storage *sp, const char *s) 619 720 { … … 631 732 } 632 733 633 krb5_error_code KRB5_LIB_FUNCTION 734 /** 735 * Parse zero terminated string from the storage. 736 * 737 * @param sp the storage buffer to read from 738 * @param string the parsed string 739 * 740 * @return 0 on success, a Kerberos 5 error code on failure. 741 * 742 * @ingroup krb5_storage 743 */ 744 745 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 634 746 krb5_ret_stringz(krb5_storage *sp, 635 747 char **string) … … 664 776 } 665 777 666 krb5_error_code KRB5_LIB_FUNCTION 778 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 667 779 krb5_store_stringnl(krb5_storage *sp, const char *s) 668 780 { … … 689 801 } 690 802 691 krb5_error_code KRB5_LIB_FUNCTION 803 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 692 804 krb5_ret_stringnl(krb5_storage *sp, 693 805 char **string) … … 734 846 } 735 847 736 737 krb5_error_code KRB5_LIB_FUNCTION 848 /** 849 * Write a principal block to storage. 850 * 851 * @param sp the storage buffer to write to 852 * @param p the principal block to write. 853 * 854 * @return 0 on success, a Kerberos 5 error code on failure. 855 * 856 * @ingroup krb5_storage 857 */ 858 859 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 738 860 krb5_store_principal(krb5_storage *sp, 739 861 krb5_const_principal p) … … 761 883 } 762 884 763 krb5_error_code KRB5_LIB_FUNCTION 885 /** 886 * Parse principal from the storage. 887 * 888 * @param sp the storage buffer to read from 889 * @param princ the parsed principal 890 * 891 * @return 0 on success, a Kerberos 5 error code on failure. 892 * 893 * @ingroup krb5_storage 894 */ 895 896 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 764 897 krb5_ret_principal(krb5_storage *sp, 765 898 krb5_principal *princ) … … 829 962 */ 830 963 831 krb5_error_code KRB5_LIB_FUNCTION 964 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 832 965 krb5_store_keyblock(krb5_storage *sp, krb5_keyblock p) 833 966 { … … 858 991 */ 859 992 860 krb5_error_code KRB5_LIB_FUNCTION 993 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 861 994 krb5_ret_keyblock(krb5_storage *sp, krb5_keyblock *p) 862 995 { … … 888 1021 */ 889 1022 890 krb5_error_code KRB5_LIB_FUNCTION 1023 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 891 1024 krb5_store_times(krb5_storage *sp, krb5_times times) 892 1025 { … … 913 1046 */ 914 1047 915 krb5_error_code KRB5_LIB_FUNCTION 1048 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 916 1049 krb5_ret_times(krb5_storage *sp, krb5_times *times) 917 1050 { … … 932 1065 } 933 1066 934 krb5_error_code KRB5_LIB_FUNCTION 1067 /** 1068 * Write a address block to storage. 1069 * 1070 * @param sp the storage buffer to write to 1071 * @param p the address block to write. 1072 * 1073 * @return 0 on success, a Kerberos 5 error code on failure. 1074 * 1075 * @ingroup krb5_storage 1076 */ 1077 1078 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 935 1079 krb5_store_address(krb5_storage *sp, krb5_address p) 936 1080 { … … 942 1086 } 943 1087 944 krb5_error_code KRB5_LIB_FUNCTION 1088 /** 1089 * Read a address block from the storage. 1090 * 1091 * @param sp the storage buffer to write to 1092 * @param adr the address block read from storage 1093 * 1094 * @return 0 on success, a Kerberos 5 error code on failure. 1095 * 1096 * @ingroup krb5_storage 1097 */ 1098 1099 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 945 1100 krb5_ret_address(krb5_storage *sp, krb5_address *adr) 946 1101 { … … 954 1109 } 955 1110 956 krb5_error_code KRB5_LIB_FUNCTION 1111 /** 1112 * Write a addresses block to storage. 1113 * 1114 * @param sp the storage buffer to write to 1115 * @param p the addresses block to write. 1116 * 1117 * @return 0 on success, a Kerberos 5 error code on failure. 1118 * 1119 * @ingroup krb5_storage 1120 */ 1121 1122 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 957 1123 krb5_store_addrs(krb5_storage *sp, krb5_addresses p) 958 1124 { … … 968 1134 } 969 1135 970 krb5_error_code KRB5_LIB_FUNCTION 1136 /** 1137 * Read a addresses block from the storage. 1138 * 1139 * @param sp the storage buffer to write to 1140 * @param adr the addresses block read from storage 1141 * 1142 * @return 0 on success, a Kerberos 5 error code on failure. 1143 * 1144 * @ingroup krb5_storage 1145 */ 1146 1147 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 971 1148 krb5_ret_addrs(krb5_storage *sp, krb5_addresses *adr) 972 1149 { … … 988 1165 } 989 1166 990 krb5_error_code KRB5_LIB_FUNCTION 1167 /** 1168 * Write a auth data block to storage. 1169 * 1170 * @param sp the storage buffer to write to 1171 * @param auth the auth data block to write. 1172 * 1173 * @return 0 on success, a Kerberos 5 error code on failure. 1174 * 1175 * @ingroup krb5_storage 1176 */ 1177 1178 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 991 1179 krb5_store_authdata(krb5_storage *sp, krb5_authdata auth) 992 1180 { … … 1004 1192 } 1005 1193 1006 krb5_error_code KRB5_LIB_FUNCTION 1194 /** 1195 * Read a auth data from the storage. 1196 * 1197 * @param sp the storage buffer to write to 1198 * @param auth the auth data block read from storage 1199 * 1200 * @return 0 on success, a Kerberos 5 error code on failure. 1201 * 1202 * @ingroup krb5_storage 1203 */ 1204 1205 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1007 1206 krb5_ret_authdata(krb5_storage *sp, krb5_authdata *auth) 1008 1207 { … … 1038 1237 } 1039 1238 1040 1041 /* 1042 * 1043 */ 1044 1045 krb5_error_code KRB5_LIB_FUNCTION 1239 /** 1240 * Write a credentials block to storage. 1241 * 1242 * @param sp the storage buffer to write to 1243 * @param creds the creds block to write. 1244 * 1245 * @return 0 on success, a Kerberos 5 error code on failure. 1246 * 1247 * @ingroup krb5_storage 1248 */ 1249 1250 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1046 1251 krb5_store_creds(krb5_storage *sp, krb5_creds *creds) 1047 1252 { … … 1084 1289 } 1085 1290 1086 krb5_error_code KRB5_LIB_FUNCTION 1291 /** 1292 * Read a credentials block from the storage. 1293 * 1294 * @param sp the storage buffer to write to 1295 * @param creds the credentials block read from storage 1296 * 1297 * @return 0 on success, a Kerberos 5 error code on failure. 1298 * 1299 * @ingroup krb5_storage 1300 */ 1301 1302 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1087 1303 krb5_ret_creds(krb5_storage *sp, krb5_creds *creds) 1088 1304 { … … 1145 1361 #define SC_ADDRESSES 0x0040 1146 1362 1147 /* 1148 * 1149 */ 1150 1151 krb5_error_code KRB5_LIB_FUNCTION 1363 /** 1364 * Write a tagged credentials block to storage. 1365 * 1366 * @param sp the storage buffer to write to 1367 * @param creds the creds block to write. 1368 * 1369 * @return 0 on success, a Kerberos 5 error code on failure. 1370 * 1371 * @ingroup krb5_storage 1372 */ 1373 1374 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1152 1375 krb5_store_creds_tag(krb5_storage *sp, krb5_creds *creds) 1153 1376 { … … 1230 1453 } 1231 1454 1232 krb5_error_code KRB5_LIB_FUNCTION 1455 /** 1456 * Read a tagged credentials block from the storage. 1457 * 1458 * @param sp the storage buffer to write to 1459 * @param creds the credentials block read from storage 1460 * 1461 * @return 0 on success, a Kerberos 5 error code on failure. 1462 * 1463 * @ingroup krb5_storage 1464 */ 1465 1466 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1233 1467 krb5_ret_creds_tag(krb5_storage *sp, 1234 1468 krb5_creds *creds) -
trunk/server/source4/heimdal/lib/krb5/store_emem.c
r414 r745 159 159 */ 160 160 161 krb5_storage * KRB5_LIB_FUNCTION 161 KRB5_LIB_FUNCTION krb5_storage * KRB5_LIB_CALL 162 162 krb5_storage_emem(void) 163 163 { -
trunk/server/source4/heimdal/lib/krb5/store_fd.c
r414 r745 86 86 */ 87 87 88 krb5_storage * KRB5_LIB_FUNCTION 89 krb5_storage_from_fd( int fd)88 KRB5_LIB_FUNCTION krb5_storage * KRB5_LIB_CALL 89 krb5_storage_from_fd(krb5_socket_t fd_in) 90 90 { 91 91 krb5_storage *sp; 92 int fd; 92 93 93 fd = dup(fd); 94 #ifdef SOCKET_IS_NOT_AN_FD 95 #ifdef _MSC_VER 96 if (_get_osfhandle(fd_in) != -1) { 97 fd = dup(fd_in); 98 } else { 99 fd = _open_osfhandle(fd_in, 0); 100 } 101 #else 102 #error Dont know how to deal with fd that may or may not be a socket. 103 #endif 104 #else /* SOCKET_IS_NOT_AN_FD */ 105 fd = dup(fd_in); 106 #endif 107 94 108 if (fd < 0) 95 109 return NULL; -
trunk/server/source4/heimdal/lib/krb5/store_mem.c
r414 r745 111 111 112 112 /** 113 * 113 * Create a fixed size memory storage block 114 114 * 115 115 * @return A krb5_storage on success, or NULL on out of memory error. … … 123 123 */ 124 124 125 krb5_storage * KRB5_LIB_FUNCTION 125 KRB5_LIB_FUNCTION krb5_storage * KRB5_LIB_CALL 126 126 krb5_storage_from_mem(void *buf, size_t len) 127 127 { … … 150 150 151 151 /** 152 * 152 * Create a fixed size memory storage block 153 153 * 154 154 * @return A krb5_storage on success, or NULL on out of memory error. … … 162 162 */ 163 163 164 krb5_storage * KRB5_LIB_FUNCTION 164 KRB5_LIB_FUNCTION krb5_storage * KRB5_LIB_CALL 165 165 krb5_storage_from_data(krb5_data *data) 166 166 { … … 169 169 170 170 /** 171 * 171 * Create a fixed size memory storage block that is read only 172 172 * 173 173 * @return A krb5_storage on success, or NULL on out of memory error. … … 181 181 */ 182 182 183 krb5_storage * KRB5_LIB_FUNCTION 183 KRB5_LIB_FUNCTION krb5_storage * KRB5_LIB_CALL 184 184 krb5_storage_from_readonly_mem(const void *buf, size_t len) 185 185 { -
trunk/server/source4/heimdal/lib/krb5/ticket.c
r414 r745 3 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 4 * All rights reserved. 5 * 6 * Portions Copyright (c) 2009 Apple Inc. All rights reserved. 5 7 * 6 8 * Redistribution and use in source and binary forms, with or without … … 34 36 #include "krb5_locl.h" 35 37 36 krb5_error_code KRB5_LIB_FUNCTION 38 /** 39 * Free ticket and content 40 * 41 * @param context a Kerberos 5 context 42 * @param ticket ticket to free 43 * 44 * @return Returns 0 to indicate success. Otherwise an kerberos et 45 * error code is returned, see krb5_get_error_message(). 46 * 47 * @ingroup krb5 48 */ 49 50 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 37 51 krb5_free_ticket(krb5_context context, 38 52 krb5_ticket *ticket) … … 45 59 } 46 60 47 krb5_error_code KRB5_LIB_FUNCTION 61 /** 62 * Copy ticket and content 63 * 64 * @param context a Kerberos 5 context 65 * @param from ticket to copy 66 * @param to new copy of ticket, free with krb5_free_ticket() 67 * 68 * @return Returns 0 to indicate success. Otherwise an kerberos et 69 * error code is returned, see krb5_get_error_message(). 70 * 71 * @ingroup krb5 72 */ 73 74 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 48 75 krb5_copy_ticket(krb5_context context, 49 76 const krb5_ticket *from, … … 81 108 } 82 109 83 krb5_error_code KRB5_LIB_FUNCTION 110 /** 111 * Return client principal in ticket 112 * 113 * @param context a Kerberos 5 context 114 * @param ticket ticket to copy 115 * @param client client principal, free with krb5_free_principal() 116 * 117 * @return Returns 0 to indicate success. Otherwise an kerberos et 118 * error code is returned, see krb5_get_error_message(). 119 * 120 * @ingroup krb5 121 */ 122 123 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 84 124 krb5_ticket_get_client(krb5_context context, 85 125 const krb5_ticket *ticket, … … 89 129 } 90 130 91 krb5_error_code KRB5_LIB_FUNCTION 131 /** 132 * Return server principal in ticket 133 * 134 * @param context a Kerberos 5 context 135 * @param ticket ticket to copy 136 * @param server server principal, free with krb5_free_principal() 137 * 138 * @return Returns 0 to indicate success. Otherwise an kerberos et 139 * error code is returned, see krb5_get_error_message(). 140 * 141 * @ingroup krb5 142 */ 143 144 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 92 145 krb5_ticket_get_server(krb5_context context, 93 146 const krb5_ticket *ticket, … … 97 150 } 98 151 99 time_t KRB5_LIB_FUNCTION 152 /** 153 * Return end time of ticket 154 * 155 * @param context a Kerberos 5 context 156 * @param ticket ticket to copy 157 * 158 * @return end time of ticket 159 * 160 * @ingroup krb5 161 */ 162 163 KRB5_LIB_FUNCTION time_t KRB5_LIB_CALL 100 164 krb5_ticket_get_endtime(krb5_context context, 101 165 const krb5_ticket *ticket) … … 114 178 * @ingroup krb5_ticket 115 179 */ 116 unsigned long 180 KRB5_LIB_FUNCTION unsigned long KRB5_LIB_CALL 117 181 krb5_ticket_get_flags(krb5_context context, 118 182 const krb5_ticket *ticket) … … 262 326 } 263 327 264 /* 265 * Extract the authorization data type of `type' from the 266 * 'ticket'. Store the field in `data'. This function is to use for 267 * kerberos applications. 328 /** 329 * Extract the authorization data type of type from the ticket. Store 330 * the field in data. This function is to use for kerberos 331 * applications. 332 * 333 * @param context a Kerberos 5 context 334 * @param ticket Kerberos ticket 335 * @param type type to fetch 336 * @param data returned data, free with krb5_data_free() 337 * 338 * @ingroup krb5 268 339 */ 269 340 270 krb5_error_code KRB5_LIB_FUNCTION 341 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 271 342 krb5_ticket_get_authorization_data_type(krb5_context context, 272 343 krb5_ticket *ticket, … … 373 444 } 374 445 375 if (returned->name.name_string.len == 2 && 376 strcmp(returned->name.name_string.val[0], KRB5_TGS_NAME) == 0) 377 { 446 if (krb5_principal_is_krbtgt(context, returned)) { 378 447 const char *realm = returned->name.name_string.val[1]; 379 448 … … 415 484 return ret; 416 485 noreferral: 417 if (krb5_principal_compare(context, requested, returned) == FALSE) { 486 /* 487 * Expect excact match or that we got a krbtgt 488 */ 489 if (krb5_principal_compare(context, requested, returned) != TRUE && 490 (krb5_realm_compare(context, requested, returned) != TRUE && 491 krb5_principal_is_krbtgt(context, returned) != TRUE)) 492 { 418 493 krb5_set_error_message(context, KRB5KRB_AP_ERR_MODIFIED, 419 494 N_("Not same server principal returned " … … 528 603 529 604 530 static krb5_error_code 605 static krb5_error_code KRB5_CALLCONV 531 606 decrypt_tkt (krb5_context context, 532 607 krb5_keyblock *key, … … 693 768 krb5_timeofday (context, &sec_now); 694 769 if (rep->enc_part.flags.initial 770 && (flags & EXTRACT_TICKET_TIMESYNC) 695 771 && context->kdc_sec_offset == 0 696 772 && krb5_config_get_bool (context, NULL, -
trunk/server/source4/heimdal/lib/krb5/time.c
r414 r745 48 48 */ 49 49 50 krb5_error_code KRB5_LIB_FUNCTION 50 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 51 51 krb5_set_real_time (krb5_context context, 52 52 krb5_timestamp sec, … … 80 80 */ 81 81 82 krb5_error_code KRB5_LIB_FUNCTION 82 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 83 83 krb5_timeofday (krb5_context context, 84 84 krb5_timestamp *timeret) … … 92 92 */ 93 93 94 krb5_error_code KRB5_LIB_FUNCTION 94 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 95 95 krb5_us_timeofday (krb5_context context, 96 96 krb5_timestamp *sec, … … 106 106 } 107 107 108 krb5_error_code KRB5_LIB_FUNCTION 108 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 109 109 krb5_format_time(krb5_context context, time_t t, 110 110 char *s, size_t len, krb5_boolean include_time) … … 121 121 } 122 122 123 krb5_error_code KRB5_LIB_FUNCTION 123 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 124 124 krb5_string_to_deltat(const char *string, krb5_deltat *deltat) 125 125 { -
trunk/server/source4/heimdal/lib/krb5/transited.c
r414 r745 329 329 330 330 331 krb5_error_code KRB5_LIB_FUNCTION 331 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 332 332 krb5_domain_x500_decode(krb5_context context, 333 333 krb5_data tr, char ***realms, unsigned int *num_realms, … … 390 390 } 391 391 392 krb5_error_code KRB5_LIB_FUNCTION 392 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 393 393 krb5_domain_x500_encode(char **realms, unsigned int num_realms, 394 394 krb5_data *encoding) … … 422 422 } 423 423 424 krb5_error_code KRB5_LIB_FUNCTION 424 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 425 425 krb5_check_transited(krb5_context context, 426 426 krb5_const_realm client_realm, … … 462 462 } 463 463 464 krb5_error_code KRB5_LIB_FUNCTION 464 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 465 465 krb5_check_transited_realms(krb5_context context, 466 466 const char *const *realms, -
trunk/server/source4/heimdal/lib/krb5/version.c
r414 r745 36 36 /* this is just to get a version stamp in the library file */ 37 37 38 #define heimdal_version __heimdal_version39 #define heimdal_long_version __heimdal_long_version40 38 #include "version.h" 41 39 -
trunk/server/source4/heimdal/lib/krb5/warn.c
r414 r745 47 47 char *msg = NULL; 48 48 const char *err_str = NULL; 49 krb5_error_code ret; 49 50 50 51 args[0] = args[1] = NULL; … … 54 55 if(do_errtext) 55 56 strlcat(xfmt, ": ", sizeof(xfmt)); 56 vasprintf(&msg, fmt, ap);57 if( msg == NULL)57 ret = vasprintf(&msg, fmt, ap); 58 if(ret < 0 || msg == NULL) 58 59 return ENOMEM; 59 60 *arg++ = msg; 60 61 } 61 62 if(context && do_errtext){ 62 const char *err_msg;63 64 63 strlcat(xfmt, "%s", sizeof(xfmt)); 65 64 … … 68 67 *arg = err_str; 69 68 } else { 70 err_msg = krb5_get_err_text(context, code); 71 if (err_msg) 72 *arg = err_msg; 73 else 74 *arg= "<unknown error>"; 69 *arg= "<unknown error>"; 75 70 } 76 71 } … … 107 102 */ 108 103 109 krb5_error_code KRB5_LIB_FUNCTION 104 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 110 105 krb5_vwarn(krb5_context context, krb5_error_code code, 111 106 const char *fmt, va_list ap) … … 126 121 */ 127 122 128 krb5_error_code KRB5_LIB_FUNCTION 123 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 129 124 krb5_warn(krb5_context context, krb5_error_code code, const char *fmt, ...) 130 125 __attribute__ ((format (printf, 3, 4))) … … 144 139 */ 145 140 146 krb5_error_code KRB5_LIB_FUNCTION 141 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 147 142 krb5_vwarnx(krb5_context context, const char *fmt, va_list ap) 148 143 __attribute__ ((format (printf, 2, 0))) … … 160 155 */ 161 156 162 krb5_error_code KRB5_LIB_FUNCTION 157 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 163 158 krb5_warnx(krb5_context context, const char *fmt, ...) 164 159 __attribute__ ((format (printf, 2, 3))) … … 181 176 */ 182 177 183 krb5_error_code KRB5_LIB_FUNCTION 178 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 184 179 krb5_verr(krb5_context context, int eval, krb5_error_code code, 185 180 const char *fmt, va_list ap) … … 188 183 _warnerr(context, 1, code, 0, fmt, ap); 189 184 exit(eval); 185 UNREACHABLE(return 0); 190 186 } 191 187 … … 202 198 */ 203 199 204 krb5_error_code KRB5_LIB_FUNCTION 200 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 205 201 krb5_err(krb5_context context, int eval, krb5_error_code code, 206 202 const char *fmt, ...) … … 209 205 FUNC(1, code, 0); 210 206 exit(eval); 207 UNREACHABLE(return 0); 211 208 } 212 209 … … 222 219 */ 223 220 224 krb5_error_code KRB5_LIB_FUNCTION 221 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 225 222 krb5_verrx(krb5_context context, int eval, const char *fmt, va_list ap) 226 223 __attribute__ ((noreturn, format (printf, 3, 0))) … … 228 225 _warnerr(context, 0, 0, 0, fmt, ap); 229 226 exit(eval); 227 UNREACHABLE(return 0); 230 228 } 231 229 … … 240 238 */ 241 239 242 krb5_error_code KRB5_LIB_FUNCTION 240 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 243 241 krb5_errx(krb5_context context, int eval, const char *fmt, ...) 244 242 __attribute__ ((noreturn, format (printf, 3, 4))) … … 246 244 FUNC(0, 0, 0); 247 245 exit(eval); 246 UNREACHABLE(return 0); 248 247 } 249 248 … … 260 259 */ 261 260 262 krb5_error_code KRB5_LIB_FUNCTION 261 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 263 262 krb5_vabort(krb5_context context, krb5_error_code code, 264 263 const char *fmt, va_list ap) … … 267 266 _warnerr(context, 1, code, 0, fmt, ap); 268 267 abort(); 269 } 270 271 /** 272 * Log a warning to the log, default stderr, include bthe error from 268 UNREACHABLE(return 0); 269 } 270 271 /** 272 * Log a warning to the log, default stderr, include the error from 273 273 * the last failure and then abort. 274 274 * … … 280 280 */ 281 281 282 krb5_error_code KRB5_LIB_FUNCTION 282 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 283 283 krb5_abort(krb5_context context, krb5_error_code code, const char *fmt, ...) 284 284 __attribute__ ((noreturn, format (printf, 3, 4))) … … 286 286 FUNC(1, code, 0); 287 287 abort(); 288 } 289 290 krb5_error_code KRB5_LIB_FUNCTION 288 UNREACHABLE(return 0); 289 } 290 291 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 291 292 krb5_vabortx(krb5_context context, const char *fmt, va_list ap) 292 293 __attribute__ ((noreturn, format (printf, 2, 0))) … … 294 295 _warnerr(context, 0, 0, 0, fmt, ap); 295 296 abort(); 297 UNREACHABLE(return 0); 296 298 } 297 299 … … 306 308 */ 307 309 308 krb5_error_code KRB5_LIB_FUNCTION 310 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 309 311 krb5_abortx(krb5_context context, const char *fmt, ...) 310 312 __attribute__ ((noreturn, format (printf, 2, 3))) … … 312 314 FUNC(0, 0, 0); 313 315 abort(); 316 UNREACHABLE(return 0); 314 317 } 315 318 … … 323 326 */ 324 327 325 krb5_error_code KRB5_LIB_FUNCTION 328 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 326 329 krb5_set_warn_dest(krb5_context context, krb5_log_facility *fac) 327 330 { … … 338 341 */ 339 342 340 krb5_log_facility * KRB5_LIB_FUNCTION 343 KRB5_LIB_FUNCTION krb5_log_facility * KRB5_LIB_CALL 341 344 krb5_get_warn_dest(krb5_context context) 342 345 {
Note:
See TracChangeset
for help on using the changeset viewer.