krb5_error_code krb5_sendto_kdc(krb5_context, const krb5_data *,
const krb5_data *, krb5_data *, int *, int);
-krb5_error_code krb5_create_secure_file(krb5_context, const char * pathname);
-krb5_error_code krb5_sync_disk_file(krb5_context, FILE *fp);
-
krb5_error_code krb5int_init_context_kdc(krb5_context *);
-krb5_error_code krb5_os_init_context(krb5_context context, profile_t profile,
- krb5_flags flags);
-
-void krb5_os_free_context(krb5_context);
-
-/* This function is needed by KfM's KerberosPreferences API
- * because it needs to be able to specify "secure" */
-krb5_error_code
-os_get_default_config_files(profile_filespec_t **pfiles, krb5_boolean secure);
-
-krb5_error_code
-krb5_os_hostaddr(krb5_context, const char *, krb5_address ***);
-
-krb5_error_code
-krb5int_get_domain_realm_mapping(krb5_context , const char *, char ***);
-
struct derived_key {
krb5_data constant;
krb5_key dkey;
const krb5_keyblock *from,
krb5_keyblock *to);
-#ifdef KRB5_OLD_CRYPTO
-/* old provider api */
-
-krb5_error_code krb5_crypto_os_localaddr(krb5_address ***);
-
krb5_error_code krb5_crypto_us_timeofday(krb5_int32 *, krb5_int32 *);
-#endif /* KRB5_OLD_CRYPTO */
-
-/* this helper fct is in libkrb5, but it makes sense declared here. */
-
-krb5_error_code
-krb5_encrypt_keyhelper(krb5_context context, krb5_key key,
- krb5_keyusage keyusage, const krb5_data *plain,
- krb5_enc_data *cipher);
-
/*
* End "los-proto.h"
*/
char * default_ccname;
} *krb5_os_context;
-/* Get the current time of day plus a specified offset. */
-krb5_error_code k5_time_with_offset(krb5_timestamp offset,
- krb5_int32 offset_usec,
- krb5_timestamp *time_out,
- krb5_int32 *usec_out);
-
/*
* Flags for the os_flags field
*
#define KRB5_LOCKMODE_DONTBLOCK 0x0004
#define KRB5_LOCKMODE_UNLOCK 0x0008
-/*
- * Define our view of the size of a DES key.
- */
-#define KRB5_MIT_DES_KEYSIZE 8
-#define KRB5_MIT_DES3_KEYSIZE 24
-#define KRB5_MIT_DES3_KEY_BYTES 21
-
-/*
- * Check if des_int.h has been included before us. If so, then check to see
- * that our view of the DES key size is the same as des_int.h's.
- */
-#ifdef MIT_DES_KEYSIZE
-#if MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE
-error(MIT_DES_KEYSIZE does not equal KRB5_MIT_DES_KEYSIZE)
-#endif /* MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE */
-#endif /* MIT_DES_KEYSIZE */
-
/*
* Begin "preauth.h"
*
#ifndef KRB5_PREAUTH__
#define KRB5_PREAUTH__
-#include <krb5/clpreauth_plugin.h>
-
-typedef struct k5_response_items_st k5_response_items;
-struct krb5_responder_context_st {
- k5_response_items *items;
-};
-
-typedef krb5_error_code
-(*krb5_gic_get_as_key_fct)(krb5_context, krb5_principal, krb5_enctype,
- krb5_prompter_fct, void *prompter_data,
- krb5_data *salt, krb5_data *s2kparams,
- krb5_keyblock *as_key, void *gak_data,
- k5_response_items *ritems);
-
typedef struct _krb5_pa_enc_ts {
krb5_timestamp patimestamp;
krb5_int32 pausec;
krb5_checksum checksum;
} krb5_iakerb_finished;
-typedef krb5_error_code
-(*krb5_preauth_obtain_proc)(krb5_context, krb5_pa_data *,
- krb5_etype_info, krb5_keyblock *,
- krb5_error_code (*)(krb5_context,
- const krb5_enctype,
- krb5_data *,
- krb5_const_pointer,
- krb5_keyblock **),
- krb5_const_pointer, krb5_creds *,
- krb5_kdc_req *, krb5_pa_data **);
-
-typedef krb5_error_code
-(*krb5_preauth_process_proc)(krb5_context, krb5_pa_data *, krb5_kdc_req *,
- krb5_kdc_rep *,
- krb5_error_code (*)(krb5_context,
- const krb5_enctype,
- krb5_data *,
- krb5_const_pointer,
- krb5_keyblock **),
- krb5_const_pointer,
- krb5_error_code (*)(krb5_context,
- const krb5_keyblock *,
- krb5_const_pointer,
- krb5_kdc_rep * ),
- krb5_keyblock **, krb5_creds *, krb5_int32 *,
- krb5_int32 *);
-
-typedef struct _krb5_preauth_ops {
- krb5_magic magic;
- int type;
- int flags;
- krb5_preauth_obtain_proc obtain;
- krb5_preauth_process_proc process;
-} krb5_preauth_ops;
-
krb5_pa_data *
krb5int_find_pa_data(krb5_context, krb5_pa_data *const *, krb5_preauthtype);
/* Does not return a copy; original padata sequence responsible for freeing*/
void krb5_free_etype_info(krb5_context, krb5_etype_info);
-/*
- * Preauthentication property flags
- */
-#define KRB5_PREAUTH_FLAGS_ENCRYPT 0x00000001
-#define KRB5_PREAUTH_FLAGS_HARDWARE 0x00000002
-
#endif /* KRB5_PREAUTH__ */
/*
* End "preauth.h"
*/
-/*
- * Extending the krb5_get_init_creds_opt structure. The original
- * krb5_get_init_creds_opt structure is defined publicly. The
- * new extended version is private. The original interface
- * assumed a pre-allocated structure which was passed to
- * krb5_get_init_creds_init(). The new interface assumes that
- * the caller will call krb5_get_init_creds_alloc() and
- * krb5_get_init_creds_free().
- *
- * Callers MUST NOT call krb5_get_init_creds_init() after allocating an
- * opts structure using krb5_get_init_creds_alloc(). To do so will
- * introduce memory leaks. Unfortunately, there is no way to enforce
- * this behavior.
- *
- * Two private flags are added for backward compatibility.
- * KRB5_GET_INIT_CREDS_OPT_EXTENDED says that the structure was allocated
- * with the new krb5_get_init_creds_opt_alloc() function.
- * KRB5_GET_INIT_CREDS_OPT_SHADOWED is set to indicate that the extended
- * structure is a shadow copy of an original krb5_get_init_creds_opt
- * structure.
- * If KRB5_GET_INIT_CREDS_OPT_SHADOWED is set after a call to
- * krb5int_gic_opt_to_opte(), the resulting extended structure should be
- * freed (using krb5_get_init_creds_free). Otherwise, the original
- * structure was already extended and there is no need to free it.
- */
-
-#define KRB5_GET_INIT_CREDS_OPT_EXTENDED 0x80000000
-#define KRB5_GET_INIT_CREDS_OPT_SHADOWED 0x40000000
-
-#define krb5_gic_opt_is_extended(s) \
- ((s) && ((s)->flags & KRB5_GET_INIT_CREDS_OPT_EXTENDED) ? 1 : 0)
-#define krb5_gic_opt_is_shadowed(s) \
- ((s) && ((s)->flags & KRB5_GET_INIT_CREDS_OPT_SHADOWED) ? 1 : 0)
-
-
-typedef struct _krb5_gic_opt_private {
- int num_preauth_data;
- krb5_gic_opt_pa_data *preauth_data;
- char * fast_ccache_name;
- krb5_ccache in_ccache;
- krb5_ccache out_ccache;
- krb5_flags fast_flags;
- krb5_expire_callback_func expire_cb;
- void *expire_data;
- krb5_responder_fn responder;
- void *responder_data;
-} krb5_gic_opt_private;
-
-/*
- * On the Mac, ensure that the layout of krb5_gic_opt_ext matches that
- * of krb5_get_init_creds_opt.
- */
-#if TARGET_OS_MAC
-# pragma pack(push,2)
-#endif
-
-typedef struct _krb5_gic_opt_ext {
- krb5_flags flags;
- krb5_deltat tkt_life;
- krb5_deltat renew_life;
- int forwardable;
- int proxiable;
- krb5_enctype *etype_list;
- int etype_list_length;
- krb5_address **address_list;
- krb5_preauthtype *preauth_list;
- int preauth_list_length;
- krb5_data *salt;
- /*
- * Do not change anything above this point in this structure.
- * It is identical to the public krb5_get_init_creds_opt structure.
- * New members must be added below.
- */
- krb5_gic_opt_private *opt_private;
-} krb5_gic_opt_ext;
-
-#if TARGET_OS_MAC
-# pragma pack(pop)
-#endif
-
-krb5_error_code
-krb5int_gic_opt_to_opte(krb5_context context, krb5_get_init_creds_opt *opt,
- krb5_gic_opt_ext **opte, unsigned int force,
- const char *where);
-
krb5_error_code
krb5int_copy_data_contents(krb5_context, const krb5_data *, krb5_data *);
krb5_error_code
krb5int_copy_data_contents_add0(krb5_context, const krb5_data *, krb5_data *);
-krb5_error_code
-krb5int_copy_creds_contents(krb5_context, const krb5_creds *, krb5_creds *);
-
-krb5_error_code KRB5_CALLCONV
-krb5int_get_init_creds(krb5_context context, krb5_creds *creds,
- krb5_principal client, krb5_prompter_fct prompter,
- void *prompter_data, krb5_deltat start_time,
- const char *in_tkt_service,
- krb5_get_init_creds_opt *options,
- krb5_gic_get_as_key_fct gak, void *gak_data,
- int *master, krb5_kdc_rep **as_reply);
-
-krb5_error_code
-krb5int_populate_gic_opt (krb5_context, krb5_get_init_creds_opt **,
- krb5_flags options, krb5_address *const *addrs,
- krb5_enctype *ktypes,
- krb5_preauthtype *pre_auth_types, krb5_creds *creds);
-
-
void KRB5_CALLCONV
krb5_free_sam_challenge_2(krb5_context, krb5_sam_challenge_2 *);
void KRB5_CALLCONV
krb5_free_pa_pac_req(krb5_context, krb5_pa_pac_req * );
-void KRB5_CALLCONV
-krb5_free_etype_list(krb5_context, krb5_etype_list * );
-
void KRB5_CALLCONV krb5_free_fast_armor(krb5_context, krb5_fast_armor *);
void KRB5_CALLCONV krb5_free_fast_armored_req(krb5_context,
krb5_fast_armored_req *);
krb5_error_code KRB5_CALLCONV
krb5int_cc_default(krb5_context, krb5_ccache *);
-krb5_error_code KRB5_CALLCONV
-krb5_cc_retrieve_cred_default(krb5_context, krb5_ccache, krb5_flags,
- krb5_creds *, krb5_creds *);
-
-krb5_error_code
-krb5int_build_conf_principals(krb5_context context, krb5_ccache id,
- krb5_const_principal principal,
- const char *name, krb5_creds *cred);
-
-krb5_boolean KRB5_CALLCONV
-krb5_creds_compare(krb5_context in_context, krb5_creds *in_creds,
- krb5_creds *in_compare_creds);
-
-void
-krb5int_set_prompt_types(krb5_context, krb5_prompt_type *);
-
-krb5_error_code
-krb5int_generate_and_save_subkey(krb5_context, krb5_auth_context,
- krb5_keyblock * /* Old keyblock, not new! */,
- krb5_enctype);
-
-struct srv_dns_entry {
- struct srv_dns_entry *next;
- int priority;
- int weight;
- unsigned short port;
- char *host;
-};
-
-#define MAX_DNS_NAMELEN (15*(MAXHOSTNAMELEN + 1)+1)
-
-#ifdef KRB5_DNS_LOOKUP
-krb5_error_code
-krb5int_make_srv_query_realm(const krb5_data *realm,
- const char *service,
- const char *protocol,
- struct srv_dns_entry **answers);
-void krb5int_free_srv_dns_data(struct srv_dns_entry *);
-#endif
-
/* value to use when requesting a keytab entry and KVNO doesn't matter */
#define IGNORE_VNO 0
/* value to use when requesting a keytab entry and enctype doesn't matter */
#define IGNORE_ENCTYPE 0
-/*
- * Convenience function for structure magic number
- */
-#define KRB5_VERIFY_MAGIC(structure,magic_number) \
- if ((structure)->magic != (magic_number)) return (magic_number);
-
/* to keep lint happy */
#define krb5_xfree(val) free((char *)(val))
krb5_error_code KRB5_CALLCONV
krb5int_accessor(krb5int_access*, krb5_int32);
-/* Ick -- some krb524 and krb4 support placed in the krb5 library,
- because AFS (and potentially other applications?) use the krb4
- object as an opaque token, which (in some implementations) is not
- in fact a krb4 ticket, so we don't want to drag in the krb4 support
- just to enable this. */
-
-#define KRB524_SERVICE "krb524"
-#define KRB524_PORT 4444
-
-/* temporary -- this should be under lib/krb5/ccache somewhere */
-
-struct _krb5_ccache {
- krb5_magic magic;
- const struct _krb5_cc_ops *ops;
- krb5_pointer data;
-};
-
-/*
- * Per-type ccache cursor.
- */
-struct krb5_cc_ptcursor_s {
- const struct _krb5_cc_ops *ops;
- krb5_pointer data;
-};
-typedef struct krb5_cc_ptcursor_s *krb5_cc_ptcursor;
-
-struct _krb5_cc_ops {
- krb5_magic magic;
- char *prefix;
- const char * (KRB5_CALLCONV *get_name)(krb5_context, krb5_ccache);
- krb5_error_code (KRB5_CALLCONV *resolve)(krb5_context, krb5_ccache *,
- const char *);
- krb5_error_code (KRB5_CALLCONV *gen_new)(krb5_context, krb5_ccache *);
- krb5_error_code (KRB5_CALLCONV *init)(krb5_context, krb5_ccache,
- krb5_principal);
- krb5_error_code (KRB5_CALLCONV *destroy)(krb5_context, krb5_ccache);
- krb5_error_code (KRB5_CALLCONV *close)(krb5_context, krb5_ccache);
- krb5_error_code (KRB5_CALLCONV *store)(krb5_context, krb5_ccache,
- krb5_creds *);
- krb5_error_code (KRB5_CALLCONV *retrieve)(krb5_context, krb5_ccache,
- krb5_flags, krb5_creds *,
- krb5_creds *);
- krb5_error_code (KRB5_CALLCONV *get_princ)(krb5_context, krb5_ccache,
- krb5_principal *);
- krb5_error_code (KRB5_CALLCONV *get_first)(krb5_context, krb5_ccache,
- krb5_cc_cursor *);
- krb5_error_code (KRB5_CALLCONV *get_next)(krb5_context, krb5_ccache,
- krb5_cc_cursor *, krb5_creds *);
- krb5_error_code (KRB5_CALLCONV *end_get)(krb5_context, krb5_ccache,
- krb5_cc_cursor *);
- krb5_error_code (KRB5_CALLCONV *remove_cred)(krb5_context, krb5_ccache,
- krb5_flags, krb5_creds *);
- krb5_error_code (KRB5_CALLCONV *set_flags)(krb5_context, krb5_ccache,
- krb5_flags);
- krb5_error_code (KRB5_CALLCONV *get_flags)(krb5_context, krb5_ccache,
- krb5_flags *);
- krb5_error_code (KRB5_CALLCONV *ptcursor_new)(krb5_context,
- krb5_cc_ptcursor *);
- krb5_error_code (KRB5_CALLCONV *ptcursor_next)(krb5_context,
- krb5_cc_ptcursor,
- krb5_ccache *);
- krb5_error_code (KRB5_CALLCONV *ptcursor_free)(krb5_context,
- krb5_cc_ptcursor *);
- krb5_error_code (KRB5_CALLCONV *move)(krb5_context, krb5_ccache,
- krb5_ccache);
- krb5_error_code (KRB5_CALLCONV *lastchange)(krb5_context,
- krb5_ccache, krb5_timestamp *);
- krb5_error_code (KRB5_CALLCONV *wasdefault)(krb5_context, krb5_ccache,
- krb5_timestamp *);
- krb5_error_code (KRB5_CALLCONV *lock)(krb5_context, krb5_ccache);
- krb5_error_code (KRB5_CALLCONV *unlock)(krb5_context, krb5_ccache);
- krb5_error_code (KRB5_CALLCONV *switch_to)(krb5_context, krb5_ccache);
-};
-
-extern const krb5_cc_ops *krb5_cc_dfl_ops;
-
typedef struct _krb5_donot_replay {
krb5_magic magic;
krb5_ui_4 hash;
const krb5_ser_entry *serializer;
} krb5_kt_ops;
-extern const krb5_kt_ops krb5_kt_dfl_ops;
-
-extern krb5_error_code krb5int_translate_gai_error(int);
-
/* Not sure it's ready for exposure just yet. */
extern krb5_error_code
krb5int_c_mandatory_cksumtype(krb5_context, krb5_enctype, krb5_cksumtype *);
*/
#define KRB5_REFERRAL_MAXHOPS 10
-/* Common hostname-parsing code. */
-krb5_error_code
-krb5int_clean_hostname(krb5_context, const char *, char *, size_t);
-
struct _krb5_kt { /* should move into k5-int.h */
krb5_magic magic;
const struct _krb5_kt_ops *ops;
krb5_error_code k5_kt_get_principal(krb5_context context, krb5_keytab keytab,
krb5_principal *princ_out);
-krb5_error_code k5_kt_client_default_name(krb5_context context,
- char **name_out);
-
krb5_error_code krb5_principal2salt_norealm(krb5_context, krb5_const_principal,
krb5_data *);
const krb5_data *, krb5_principal **,
int);
-krb5_error_code
-k5_client_realm_path(krb5_context context, const krb5_data *client,
- const krb5_data *server, krb5_data **rpath_out);
-
krb5_error_code
krb5_auth_con_set_safe_cksumtype(krb5_context, krb5_auth_context,
krb5_cksumtype);
krb5_auth_context auth_context,
krb5_authdata_context ad_context);
-krb5_error_code KRB5_CALLCONV
-krb5int_server_decrypt_ticket_keyblock(krb5_context context,
- const krb5_keyblock *key,
- krb5_ticket *ticket);
-
krb5_error_code krb5_read_message(krb5_context, krb5_pointer, krb5_data *);
krb5_error_code krb5_write_message(krb5_context, krb5_pointer, krb5_data *);
-krb5_error_code krb5int_write_messages(krb5_context, krb5_pointer, krb5_data *,
- int);
int krb5_net_read(krb5_context, int , char *, int);
int krb5_net_write(krb5_context, int , const char *, int);
krb5_enctype *default_list,
krb5_enctype **result);
-/* Utility functions for zero-terminated enctype lists. */
-size_t k5_count_etypes(const krb5_enctype *list);
-krb5_error_code k5_copy_etypes(const krb5_enctype *old_list,
- krb5_enctype **new_list);
krb5_boolean k5_etypes_contains(const krb5_enctype *list, krb5_enctype etype);
#ifdef DEBUG_ERROR_LOCATIONS
#endif
;
-#ifndef DISABLE_TRACING
-/* Do not use these functions directly; see k5-trace.h. */
-void krb5int_init_trace(krb5_context context);
-#endif
-
#endif /* _KRB5_INT_H */
krb5_data *req_pkt, krb5_kdc_req *request,
const krb5_keyblock *reply_key,
krb5_pa_data ***out_enc_padata);
-krb5_error_code
-krb5int_get_domain_realm_mapping(krb5_context context,
- const char *host, char ***realmsp);
/* Information handle for kdcpreauth callbacks. All pointers are aliases. */
struct krb5_kdcpreauth_rock_st {
#define MIT_DES_CBC_CKSUM_LENGTH (4*sizeof(krb5_octet))
-/*
- * Check if k5-int.h has been included before us. If so, then check to see
- * that our view of the DES key size is the same as k5-int.h's.
- */
-#ifdef KRB5_MIT_DES_KEYSIZE
-#if MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE
-error(MIT_DES_KEYSIZE does not equal KRB5_MIT_DES_KEYSIZE)
-#endif /* MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE */
-#endif /* KRB5_MIT_DES_KEYSIZE */
#endif /* KRB5_MIT_DES__ */
/*
* End "mit-des.h"
const struct krb5_enc_provider krb5int_enc_des = {
8,
- 7, KRB5_MIT_DES_KEYSIZE,
+ 7, 8,
k5_des_encrypt_iov,
k5_des_decrypt_iov,
k5_des_cbc_mac,
const struct krb5_enc_provider krb5int_enc_des3 = {
8,
- 21, KRB5_MIT_DES3_KEYSIZE,
+ 21, 24,
k5_des3_encrypt_iov,
k5_des3_decrypt_iov,
NULL,
#include "k5-int.h"
+struct _krb5_ccache {
+ krb5_magic magic;
+ const struct _krb5_cc_ops *ops;
+ krb5_pointer data;
+};
+
+krb5_error_code
+k5_cc_retrieve_cred_default(krb5_context, krb5_ccache, krb5_flags,
+ krb5_creds *, krb5_creds *);
+
krb5_boolean
krb5int_cc_creds_match_request(krb5_context, krb5_flags whichfields, krb5_creds *mcreds, krb5_creds *creds);
ccselect_k5identity_initvt(krb5_context context, int maj_ver, int min_ver,
krb5_plugin_vtable vtable);
+/*
+ * Per-type ccache cursor.
+ */
+struct krb5_cc_ptcursor_s {
+ const struct _krb5_cc_ops *ops;
+ krb5_pointer data;
+};
+typedef struct krb5_cc_ptcursor_s *krb5_cc_ptcursor;
+
+struct _krb5_cc_ops {
+ krb5_magic magic;
+ char *prefix;
+ const char * (KRB5_CALLCONV *get_name)(krb5_context, krb5_ccache);
+ krb5_error_code (KRB5_CALLCONV *resolve)(krb5_context, krb5_ccache *,
+ const char *);
+ krb5_error_code (KRB5_CALLCONV *gen_new)(krb5_context, krb5_ccache *);
+ krb5_error_code (KRB5_CALLCONV *init)(krb5_context, krb5_ccache,
+ krb5_principal);
+ krb5_error_code (KRB5_CALLCONV *destroy)(krb5_context, krb5_ccache);
+ krb5_error_code (KRB5_CALLCONV *close)(krb5_context, krb5_ccache);
+ krb5_error_code (KRB5_CALLCONV *store)(krb5_context, krb5_ccache,
+ krb5_creds *);
+ krb5_error_code (KRB5_CALLCONV *retrieve)(krb5_context, krb5_ccache,
+ krb5_flags, krb5_creds *,
+ krb5_creds *);
+ krb5_error_code (KRB5_CALLCONV *get_princ)(krb5_context, krb5_ccache,
+ krb5_principal *);
+ krb5_error_code (KRB5_CALLCONV *get_first)(krb5_context, krb5_ccache,
+ krb5_cc_cursor *);
+ krb5_error_code (KRB5_CALLCONV *get_next)(krb5_context, krb5_ccache,
+ krb5_cc_cursor *, krb5_creds *);
+ krb5_error_code (KRB5_CALLCONV *end_get)(krb5_context, krb5_ccache,
+ krb5_cc_cursor *);
+ krb5_error_code (KRB5_CALLCONV *remove_cred)(krb5_context, krb5_ccache,
+ krb5_flags, krb5_creds *);
+ krb5_error_code (KRB5_CALLCONV *set_flags)(krb5_context, krb5_ccache,
+ krb5_flags);
+ krb5_error_code (KRB5_CALLCONV *get_flags)(krb5_context, krb5_ccache,
+ krb5_flags *);
+ krb5_error_code (KRB5_CALLCONV *ptcursor_new)(krb5_context,
+ krb5_cc_ptcursor *);
+ krb5_error_code (KRB5_CALLCONV *ptcursor_next)(krb5_context,
+ krb5_cc_ptcursor,
+ krb5_ccache *);
+ krb5_error_code (KRB5_CALLCONV *ptcursor_free)(krb5_context,
+ krb5_cc_ptcursor *);
+ krb5_error_code (KRB5_CALLCONV *move)(krb5_context, krb5_ccache,
+ krb5_ccache);
+ krb5_error_code (KRB5_CALLCONV *lastchange)(krb5_context,
+ krb5_ccache, krb5_timestamp *);
+ krb5_error_code (KRB5_CALLCONV *wasdefault)(krb5_context, krb5_ccache,
+ krb5_timestamp *);
+ krb5_error_code (KRB5_CALLCONV *lock)(krb5_context, krb5_ccache);
+ krb5_error_code (KRB5_CALLCONV *unlock)(krb5_context, krb5_ccache);
+ krb5_error_code (KRB5_CALLCONV *switch_to)(krb5_context, krb5_ccache);
+};
+
+extern const krb5_cc_ops *krb5_cc_dfl_ops;
+
#endif /* __KRB5_CCACHE_H__ */
static krb5_error_code KRB5_CALLCONV
krb5_fcc_retrieve(krb5_context context, krb5_ccache id, krb5_flags whichfields, krb5_creds *mcreds, krb5_creds *creds)
{
- return krb5_cc_retrieve_cred_default (context, id, whichfields,
- mcreds, creds);
+ return k5_cc_retrieve_cred_default(context, id, whichfields, mcreds,
+ creds);
}
{
DEBUG_PRINT(("krb5_krcc_retrieve: entered\n"));
- return krb5_cc_retrieve_cred_default(context, id, whichfields,
- mcreds, creds);
+ return k5_cc_retrieve_cred_default(context, id, whichfields, mcreds,
+ creds);
}
/*
*/
#include "cc-int.h"
+#include "../krb/int-proto.h"
#include <errno.h>
static krb5_error_code KRB5_CALLCONV krb5_mcc_close
return KRB5_CC_END;
memset(creds, 0, sizeof(krb5_creds));
if (mcursor->creds) {
- retval = krb5int_copy_creds_contents(context, mcursor->creds, creds);
+ retval = k5_copy_creds_contents(context, mcursor->creds, creds);
if (retval)
return retval;
}
krb5_mcc_retrieve(krb5_context context, krb5_ccache id, krb5_flags whichfields,
krb5_creds *mcreds, krb5_creds *creds)
{
- return krb5_cc_retrieve_cred_default (context, id, whichfields,
- mcreds, creds);
+ return k5_cc_retrieve_cred_default(context, id, whichfields, mcreds,
+ creds);
}
/*
memset(&fetchcreds, 0, sizeof(krb5_creds));
/* first try to find out if we have an existing ticket which meets the requirements */
- kret = krb5_cc_retrieve_cred_default (context, id, whichfields, mcreds, creds);
+ kret = k5_cc_retrieve_cred_default(context, id, whichfields, mcreds,
+ creds);
/* This sometimes returns a zero-length ticket; work around it. */
if ( !kret && creds->ticket.length > 0 )
return KRB5_OK;
}
/* try again to find out if we have an existing ticket which meets the requirements */
- kret = krb5_cc_retrieve_cred_default (context, id, whichfields, mcreds, creds);
+ kret = k5_cc_retrieve_cred_default(context, id, whichfields, mcreds,
+ creds);
/* This sometimes returns a zero-length ticket; work around it. */
if ( !kret && creds->ticket.length > 0 )
goto cleanup;
/* check to see if this ticket matches the request using logic from
- * krb5_cc_retrieve_cred_default()
+ * k5_cc_retrieve_cred_default()
*/
if ( krb5int_cc_creds_match_request(context, whichfields, mcreds, &fetchcreds) ) {
*creds = fetchcreds;
return nomatch_err;
}
-krb5_error_code KRB5_CALLCONV
-krb5_cc_retrieve_cred_default (krb5_context context, krb5_ccache id, krb5_flags flags, krb5_creds *mcreds, krb5_creds *creds)
+krb5_error_code
+k5_cc_retrieve_cred_default(krb5_context context, krb5_ccache id,
+ krb5_flags flags, krb5_creds *mcreds,
+ krb5_creds *creds)
{
krb5_enctype *ktypes;
int nktypes;
0, 0);
}
}
-
-/* The following function duplicates some of the functionality above and */
-/* should probably be merged with it at some point. It is used by the */
-/* CCAPI krb5_cc_remove to figure out if the opaque credentials object */
-/* returned by the CCAPI is the same creds as the caller passed in. */
-/* Unlike the code above it requires that all structures be identical. */
-
-krb5_boolean KRB5_CALLCONV
-krb5_creds_compare (krb5_context in_context,
- krb5_creds *in_creds,
- krb5_creds *in_compare_creds)
-{
- /* Set to 0 when we hit the first mismatch and then fall through */
- int equal = 1;
-
- if (equal) {
- equal = krb5_principal_compare (in_context, in_creds->client,
- in_compare_creds->client);
- }
-
- if (equal) {
- equal = krb5_principal_compare (in_context, in_creds->server,
- in_compare_creds->server);
- }
-
- if (equal) {
- equal = (in_creds->keyblock.enctype == in_compare_creds->keyblock.enctype &&
- in_creds->keyblock.length == in_compare_creds->keyblock.length &&
- (!in_creds->keyblock.length ||
- !memcmp (in_creds->keyblock.contents, in_compare_creds->keyblock.contents,
- in_creds->keyblock.length)));
- }
-
- if (equal) {
- equal = (in_creds->times.authtime == in_compare_creds->times.authtime &&
- in_creds->times.starttime == in_compare_creds->times.starttime &&
- in_creds->times.endtime == in_compare_creds->times.endtime &&
- in_creds->times.renew_till == in_compare_creds->times.renew_till);
- }
-
- if (equal) {
- equal = (in_creds->is_skey == in_compare_creds->is_skey);
- }
-
- if (equal) {
- equal = (in_creds->ticket_flags == in_compare_creds->ticket_flags);
- }
-
- if (equal) {
- krb5_address **addresses = in_creds->addresses;
- krb5_address **compare_addresses = in_compare_creds->addresses;
- unsigned int i;
-
- if (addresses && compare_addresses) {
- for (i = 0; (equal && addresses[i] && compare_addresses[i]); i++) {
- equal = krb5_address_compare (in_context, addresses[i],
- compare_addresses[i]);
- }
- if (equal) { equal = (!addresses[i] && !compare_addresses[i]); }
- } else {
- if (equal) { equal = (!addresses && !compare_addresses); }
- }
- }
-
- if (equal) {
- equal = data_eq(in_creds->ticket, in_compare_creds->ticket);
- }
-
- if (equal) {
- equal = data_eq(in_creds->second_ticket, in_compare_creds->second_ticket);
- }
-
- if (equal) {
- krb5_authdata **authdata = in_creds->authdata;
- krb5_authdata **compare_authdata = in_compare_creds->authdata;
- unsigned int i;
-
- if (authdata && compare_authdata) {
- for (i = 0; (equal && authdata[i] && compare_authdata[i]); i++) {
- equal = authdata_eq(*authdata[i], *compare_authdata[i]);
- }
- if (equal) { equal = (!authdata[i] && !compare_authdata[i]); }
- } else {
- if (equal) { equal = (!authdata && !compare_authdata); }
- }
- }
-
- return equal;
-}
#if defined(_WIN32) || defined(USE_CCAPI)
#include "k5-int.h"
+#include "../cc-int.h"
#include "stdcc.h"
#include "stdcc_util.h"
#include "string.h"
krb5_creds *mcreds,
krb5_creds *creds)
{
- return krb5_cc_retrieve_cred_default (context, id, whichfields,
- mcreds, creds);
+ return k5_cc_retrieve_cred_default(context, id, whichfields, mcreds,
+ creds);
}
/*
krb5_creds *mcreds;
krb5_creds *creds;
{
- return krb5_cc_retrieve_cred_default (context, id, whichfields,
- mcreds, creds);
+ return k5_cc_retrieve_cred_default(context, id, whichfields, mcreds,
+ creds);
}
#endif
*/
#include "k5-int.h"
+#include "cc-int.h"
+#include "../krb/int-proto.h"
const char * KRB5_CALLCONV
krb5_cc_get_name(krb5_context context, krb5_ccache cache)
static const char conf_name[] = "krb5_ccache_conf_data";
krb5_error_code
-krb5int_build_conf_principals(krb5_context context, krb5_ccache id,
- krb5_const_principal principal,
- const char *name, krb5_creds *cred)
+k5_build_conf_principals(krb5_context context, krb5_ccache id,
+ krb5_const_principal principal,
+ const char *name, krb5_creds *cred)
{
krb5_principal client;
krb5_error_code ret;
TRACE_CC_SET_CONFIG(context, id, principal, key, data);
- ret = krb5int_build_conf_principals(context, id, principal, key, &cred);
+ ret = k5_build_conf_principals(context, id, principal, key, &cred);
if (ret)
goto out;
memset(&cred, 0, sizeof(cred));
memset(data, 0, sizeof(*data));
- ret = krb5int_build_conf_principals(context, id, principal, key, &mcred);
+ ret = k5_build_conf_principals(context, id, principal, key, &mcred);
if (ret)
goto out;
*/
#include "k5-int.h"
+#include "cc-int.h"
/*
* Routines to deal with externalizing krb5_ccache.
*/
#include "k5-int.h"
+#include "cc-int.h"
#include <stdio.h>
#include <stdlib.h>
#include "autoconf.h"
int krb5int_mkt_initialize(void);
void krb5int_mkt_finalize(void);
+
+extern const krb5_kt_ops krb5_kt_dfl_ops;
+
#endif /* __KRB5_KEYTAB_INT_H__ */
#ifndef LEAN_CLIENT
#include "k5-int.h"
+#include "../os/os-proto.h"
#include <stdio.h>
/*
if (!KTFILEP(id)) {
if ((mode == KRB5_LOCKMODE_EXCLUSIVE) && (errno == ENOENT)) {
/* try making it first time around */
- krb5_create_secure_file(context, KTFILENAME(id));
+ k5_create_secure_file(context, KTFILENAME(id));
errno = 0;
KTFILEP(id) = fopen(KTFILENAME(id), fopen_mode_rbplus);
if (!KTFILEP(id))
}
}
- return krb5_sync_disk_file(context, KTFILEP(id));
+ return k5_sync_disk_file(context, KTFILEP(id));
}
return 0;
if (fflush(KTFILEP(id)))
goto abend;
- retval = krb5_sync_disk_file(context, KTFILEP(id));
+ retval = k5_sync_disk_file(context, KTFILEP(id));
if (retval) {
return retval;
}
if (fflush(KTFILEP(id)))
goto abend;
- retval = krb5_sync_disk_file(context, KTFILEP(id));
+ retval = k5_sync_disk_file(context, KTFILEP(id));
return retval;
}
*/
#include "k5-int.h"
+#include "../os/os-proto.h"
#include <stdio.h>
#ifndef LEAN_CLIENT
*/
#include "k5-int.h"
+#include "int-proto.h"
/*
* Copy credentials, allocating fresh storage where needed.
if (!(tempcred = (krb5_creds *)malloc(sizeof(*tempcred))))
return ENOMEM;
- retval = krb5int_copy_creds_contents(context, incred, tempcred);
+ retval = k5_copy_creds_contents(context, incred, tempcred);
if (retval)
free(tempcred);
else
* output structure is garbage and its contents should be ignored.
*/
krb5_error_code
-krb5int_copy_creds_contents(krb5_context context, const krb5_creds *incred,
- krb5_creds *tempcred)
+k5_copy_creds_contents(krb5_context context, const krb5_creds *incred,
+ krb5_creds *tempcred)
{
krb5_error_code retval;
krb5_data *scratch;
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
- *
- * krb5_encrypt_keyhelper()
- *
*/
#include "k5-int.h"
+#include "int-proto.h"
krb5_error_code
-krb5_encrypt_keyhelper(krb5_context context, krb5_key key, krb5_keyusage usage,
- const krb5_data *plain, krb5_enc_data *cipher)
+k5_encrypt_keyhelper(krb5_context context, krb5_key key, krb5_keyusage usage,
+ const krb5_data *plain, krb5_enc_data *cipher)
{
krb5_enctype enctype;
krb5_error_code ret;
*/
#include <k5-int.h>
+#include "int-proto.h"
/*
* It is possible to support sending a request that includes both a FAST and
#include <memory.h>
#endif
#include "int-proto.h"
+#include "os-proto.h"
/* helper function: convert flags to necessary KDC options */
#define flags2options(flags) (flags & KDC_TKT_COMMON_MASK)
free_rhost = 1;
}
- retval = krb5_os_hostaddr(context, rhost, &addrs);
+ retval = k5_os_hostaddr(context, rhost, &addrs);
if (retval)
goto errout;
}
*/
#include "k5-int.h"
+#include "int-proto.h"
#include "auth_con.h"
krb5_error_code
-krb5int_generate_and_save_subkey(krb5_context context,
- krb5_auth_context auth_context,
- krb5_keyblock *keyblock,
- krb5_enctype enctype)
+k5_generate_and_save_subkey(krb5_context context,
+ krb5_auth_context auth_context,
+ krb5_keyblock *keyblock, krb5_enctype enctype)
{
/* Provide some more fodder for random number code.
This isn't strong cryptographically; the point here is not
{
if (ctx->state != STATE_COMPLETE)
return KRB5_NO_TKT_SUPPLIED;
- return krb5int_copy_creds_contents(context, ctx->reply_creds, creds);
+ return k5_copy_creds_contents(context, ctx->reply_creds, creds);
}
krb5_error_code KRB5_CALLCONV
if (ctx == NULL)
return;
- if (ctx->opte != NULL && krb5_gic_opt_is_shadowed(ctx->opte)) {
+ if (ctx->opte != NULL && gic_opt_is_shadowed(ctx->opte)) {
krb5_get_init_creds_opt_free(context,
(krb5_get_init_creds_opt *)ctx->opte);
}
if (!ctx->complete)
return KRB5_NO_TKT_SUPPLIED;
- return krb5int_copy_creds_contents(context, &ctx->cred, creds);
+ return k5_copy_creds_contents(context, &ctx->cred, creds);
}
krb5_error_code KRB5_CALLCONV
options = &local_opts;
}
- code = krb5int_gic_opt_to_opte(context, options,
- &ctx->opte, 1, "krb5_init_creds_init");
+ code = k5_gic_opt_to_opte(context, options, &ctx->opte, 1,
+ "krb5_init_creds_init");
if (code != 0)
goto cleanup;
}
krb5_error_code KRB5_CALLCONV
-krb5int_get_init_creds(krb5_context context,
- krb5_creds *creds,
- krb5_principal client,
- krb5_prompter_fct prompter,
- void *prompter_data,
- krb5_deltat start_time,
- const char *in_tkt_service,
- krb5_get_init_creds_opt *options,
- krb5_gic_get_as_key_fct gak_fct,
- void *gak_data,
- int *use_master,
- krb5_kdc_rep **as_reply)
+k5_get_init_creds(krb5_context context, krb5_creds *creds,
+ krb5_principal client, krb5_prompter_fct prompter,
+ void *prompter_data, krb5_deltat start_time,
+ const char *in_tkt_service, krb5_get_init_creds_opt *options,
+ get_as_key_fn gak_fct, void *gak_data, int *use_master,
+ krb5_kdc_rep **as_reply)
{
krb5_error_code code;
krb5_init_creds_context ctx = NULL;
}
krb5_error_code
-krb5int_populate_gic_opt(krb5_context context, krb5_get_init_creds_opt **out,
- krb5_flags options, krb5_address *const *addrs,
- krb5_enctype *ktypes,
- krb5_preauthtype *pre_auth_types, krb5_creds *creds)
+k5_populate_gic_opt(krb5_context context, krb5_get_init_creds_opt **out,
+ krb5_flags options, krb5_address *const *addrs,
+ krb5_enctype *ktypes, krb5_preauthtype *pre_auth_types,
+ krb5_creds *creds)
{
int i;
krb5_int32 starttime;
krb5_principal client_princ, server_princ;
int use_master = 0;
- retval = krb5int_populate_gic_opt(context, &opts,
- options, addrs, ktypes,
- pre_auth_types, creds);
+ retval = k5_populate_gic_opt(context, &opts, options, addrs, ktypes,
+ pre_auth_types, creds);
if (retval)
return retval;
goto cleanup;
server_princ = creds->server;
client_princ = creds->client;
- retval = krb5int_get_init_creds(context, creds, creds->client,
- krb5_prompter_posix, NULL,
- 0, server, opts,
- get_as_key_keytab, (void *)keytab,
- &use_master, ret_as_reply);
+ retval = k5_get_init_creds(context, creds, creds->client,
+ krb5_prompter_posix, NULL, 0, server, opts,
+ get_as_key_keytab, (void *)keytab, &use_master,
+ ret_as_reply);
krb5_free_unparsed_name( context, server);
if (retval) {
goto cleanup;
/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
#include "k5-int.h"
#include "int-proto.h"
+#include <krb5/clpreauth_plugin.h>
static void
init_common(krb5_get_init_creds_opt *opt)
opt->flags &= ~KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT;
}
-/*
- * Extending the krb5_get_init_creds_opt structure. The original
- * krb5_get_init_creds_opt structure is defined publicly. The
- * new extended version is private. The original interface
- * assumed a pre-allocated structure which was passed to
- * krb5_get_init_creds_init(). The new interface assumes that
- * the caller will call krb5_get_init_creds_alloc() and
- * krb5_get_init_creds_free().
- *
- * Callers MUST NOT call krb5_get_init_creds_init() after allocating an
- * opts structure using krb5_get_init_creds_alloc(). To do so will
- * introduce memory leaks. Unfortunately, there is no way to enforce
- * this behavior.
- *
- * Two private flags are added for backward compatibility.
- * KRB5_GET_INIT_CREDS_OPT_EXTENDED says that the structure was allocated
- * with the new krb5_get_init_creds_opt_alloc() function.
- * KRB5_GET_INIT_CREDS_OPT_SHADOWED is set to indicate that the extended
- * structure is a shadow copy of an original krb5_get_init_creds_opt
- * structure.
- * If KRB5_GET_INIT_CREDS_OPT_SHADOWED is set after a call to
- * krb5int_gic_opt_to_opte(), the resulting extended structure should be
- * freed (using krb5_get_init_creds_free). Otherwise, the original
- * structure was already extended and there is no need to free it.
- */
-
/* Forward prototype */
static void
free_gic_opt_ext_preauth_data(krb5_context context,
static krb5_error_code
gic_opte_private_alloc(krb5_context context, krb5_gic_opt_ext *opte)
{
- if (NULL == opte || !krb5_gic_opt_is_extended(opte))
+ if (NULL == opte || !gic_opt_is_extended(opte))
return EINVAL;
opte->opt_private = calloc(1, sizeof(*opte->opt_private));
static krb5_error_code
gic_opte_private_free(krb5_context context, krb5_gic_opt_ext *opte)
{
- if (NULL == opte || !krb5_gic_opt_is_extended(opte))
+ if (NULL == opte || !gic_opt_is_extended(opte))
return EINVAL;
/* Free up any private stuff */
opte = calloc(1, sizeof(*opte));
if (NULL == opte)
return NULL;
- opte->flags = KRB5_GET_INIT_CREDS_OPT_EXTENDED;
+ opte->flags = GIC_OPT_EXTENDED;
code = gic_opte_private_alloc(context, opte);
if (code) {
return;
/* Don't touch it if we didn't allocate it */
- if (!krb5_gic_opt_is_extended(opt))
+ if (!gic_opt_is_extended(opt))
return;
opte = (krb5_gic_opt_ext *)opt;
* here will be freed by the library because the
* application is unaware of its existence.
*/
- oe->flags |= ( KRB5_GET_INIT_CREDS_OPT_EXTENDED |
- KRB5_GET_INIT_CREDS_OPT_SHADOWED);
+ oe->flags |= (GIC_OPT_EXTENDED | GIC_OPT_SHADOWED);
*opte = oe;
return 0;
* cases where the original *should* be an extended structure.
*/
krb5_error_code
-krb5int_gic_opt_to_opte(krb5_context context,
- krb5_get_init_creds_opt *opt,
- krb5_gic_opt_ext **opte,
- unsigned int force,
- const char *where)
+k5_gic_opt_to_opte(krb5_context context, krb5_get_init_creds_opt *opt,
+ krb5_gic_opt_ext **opte, unsigned int force,
+ const char *where)
{
- if (!krb5_gic_opt_is_extended(opt)) {
+ if (!gic_opt_is_extended(opt)) {
if (force) {
return gic_opte_copy(context, opt, opte);
} else {
{
int i;
- if (NULL == opte || !krb5_gic_opt_is_extended(opte))
+ if (NULL == opte || !gic_opt_is_extended(opte))
return;
if (NULL == opte->opt_private || NULL == opte->opt_private->preauth_data)
return;
int i;
size_t allocsize;
- retval = krb5int_gic_opt_to_opte(context, opt, &opte, 0,
- "krb5_get_init_creds_opt_get_pa");
+ retval = k5_gic_opt_to_opte(context, opt, &opte, 0,
+ "krb5_get_init_creds_opt_get_pa");
if (retval)
return retval;
krb5_error_code retval = 0;
krb5_gic_opt_ext *opte;
- retval = krb5int_gic_opt_to_opte(context, opt, &opte, 0,
- "krb5_get_init_creds_opt_set_fast_ccache_name");
+ retval = k5_gic_opt_to_opte(context, opt, &opte, 0,
+ "krb5_get_init_creds_opt_set_fast_ccache_name");
if (retval)
return retval;
if (opte->opt_private->fast_ccache_name) {
krb5_error_code retval = 0;
krb5_gic_opt_ext *opte;
- retval = krb5int_gic_opt_to_opte(context, opt, &opte, 0,
- "krb5_get_init_creds_opt_set_in_ccache");
+ retval = k5_gic_opt_to_opte(context, opt, &opte, 0,
+ "krb5_get_init_creds_opt_set_in_ccache");
if (retval)
return retval;
opte->opt_private->in_ccache = ccache;
krb5_error_code retval = 0;
krb5_gic_opt_ext *opte;
- retval = krb5int_gic_opt_to_opte(context, opt, &opte, 0,
- "krb5_get_init_creds_opt_set_out_ccache");
+ retval = k5_gic_opt_to_opte(context, opt, &opte, 0,
+ "krb5_get_init_creds_opt_set_out_ccache");
if (retval)
return retval;
opte->opt_private->out_ccache = ccache;
krb5_error_code retval = 0;
krb5_gic_opt_ext *opte;
- retval = krb5int_gic_opt_to_opte(context, opt, &opte, 0,
- "krb5_get_init_creds_opt_set_fast_flags");
+ retval = k5_gic_opt_to_opte(context, opt, &opte, 0,
+ "krb5_get_init_creds_opt_set_fast_flags");
if (retval)
return retval;
opte->opt_private->fast_flags = flags;
if (out_flags == NULL)
return EINVAL;
*out_flags = 0;
- retval = krb5int_gic_opt_to_opte(context, opt, &opte, 0,
- "krb5_get_init_creds_opt_get_fast_flags");
+ retval = k5_gic_opt_to_opte(context, opt, &opte, 0,
+ "krb5_get_init_creds_opt_get_fast_flags");
if (retval)
return retval;
*out_flags = opte->opt_private->fast_flags;
krb5_error_code retval = 0;
krb5_gic_opt_ext *opte;
- retval = krb5int_gic_opt_to_opte(context, opt, &opte, 0,
- "krb5_get_init_creds_opt_set_"
- "expire_callback");
+ retval = k5_gic_opt_to_opte(context, opt, &opte, 0,
+ "krb5_get_init_creds_opt_set_expire_callback");
if (retval)
return retval;
opte->opt_private->expire_cb = cb;
krb5_error_code ret;
krb5_gic_opt_ext *opte;
- ret = krb5int_gic_opt_to_opte(context, opt, &opte, 0,
- "krb5_get_init_creds_opt_set_responder");
+ ret = k5_gic_opt_to_opte(context, opt, &opte, 0,
+ "krb5_get_init_creds_opt_set_responder");
if (ret)
return ret;
opte->opt_private->responder = responder;
krb5_error_code retval;
krb5_gic_opt_ext *opte;
- retval = krb5int_gic_opt_to_opte(context, opt, &opte, 0,
- "krb5_get_init_creds_opt_set_pa");
+ retval = k5_gic_opt_to_opte(context, opt, &opte, 0,
+ "krb5_get_init_creds_opt_set_pa");
if (retval)
return retval;
#include "com_err.h"
#include "init_creds_ctx.h"
#include "int-proto.h"
+#include "os-proto.h"
krb5_error_code
krb5_get_as_key_password(krb5_context context,
prompt_type = KRB5_PROMPT_TYPE_PASSWORD;
/* PROMPTER_INVOCATION */
- krb5int_set_prompt_types(context, &prompt_type);
+ k5_set_prompt_types(context, &prompt_type);
ret = (*prompter)(context, prompter_data, NULL, NULL, 1, &prompt);
- krb5int_set_prompt_types(context, 0);
+ k5_set_prompt_types(context, 0);
if (ret)
return(ret);
}
get_expiry_times(as_reply->enc_part2, &pw_exp, &acct_exp, &is_last_req);
- ret = krb5int_gic_opt_to_opte(context, options, &opte, 0, "");
+ ret = k5_gic_opt_to_opte(context, options, &opte, 0, "");
if (ret == 0 && opte->opt_private->expire_cb != NULL) {
krb5_expire_callback_func cb = opte->opt_private->expire_cb;
void *cb_data = opte->opt_private->expire_data;
/* first try: get the requested tkt from any kdc */
- ret = krb5int_get_init_creds(context, creds, client, prompter, data,
- start_time, in_tkt_service, options,
- krb5_get_as_key_password, (void *) &pw0,
- &use_master, &as_reply);
+ ret = k5_get_init_creds(context, creds, client, prompter, data, start_time,
+ in_tkt_service, options, krb5_get_as_key_password,
+ (void *) &pw0, &use_master, &as_reply);
/* check for success */
krb5_free_kdc_rep( context, as_reply);
as_reply = NULL;
}
- ret = krb5int_get_init_creds(context, creds, client, prompter, data,
- start_time, in_tkt_service, options,
- krb5_get_as_key_password, (void *) &pw0,
- &use_master, &as_reply);
+ ret = k5_get_init_creds(context, creds, client, prompter, data,
+ start_time, in_tkt_service, options,
+ krb5_get_as_key_password, (void *) &pw0,
+ &use_master, &as_reply);
if (ret == 0)
goto cleanup;
krb5_get_init_creds_opt_set_forwardable(chpw_opts, 0);
krb5_get_init_creds_opt_set_proxiable(chpw_opts, 0);
- if ((ret = krb5int_get_init_creds(context, &chpw_creds, client,
- prompter, data,
- start_time, "kadmin/changepw", chpw_opts,
- krb5_get_as_key_password, (void *) &pw0,
- &use_master, NULL)))
+ ret = k5_get_init_creds(context, &chpw_creds, client, prompter, data,
+ start_time, "kadmin/changepw", chpw_opts,
+ krb5_get_as_key_password, (void *) &pw0,
+ &use_master, NULL);
+ if (ret)
goto cleanup;
prompt[0].prompt = _("Enter new password");
pw1.length = sizeof(pw1array);
/* PROMPTER_INVOCATION */
- krb5int_set_prompt_types(context, prompt_types);
+ k5_set_prompt_types(context, prompt_types);
ret = (*prompter)(context, data, 0, banner,
sizeof(prompt)/sizeof(prompt[0]), prompt);
- krb5int_set_prompt_types(context, 0);
+ k5_set_prompt_types(context, 0);
if (ret)
goto cleanup;
is final. */
TRACE_GIC_PWD_CHANGED(context);
- ret = krb5int_get_init_creds(context, creds, client, prompter, data,
- start_time, in_tkt_service, options,
- krb5_get_as_key_password, (void *) &pw0,
- &use_master, &as_reply);
+ ret = k5_get_init_creds(context, creds, client, prompter, data,
+ start_time, in_tkt_service, options,
+ krb5_get_as_key_password, (void *) &pw0,
+ &use_master, &as_reply);
if (ret)
goto cleanup;
pw0.data[0] = '\0';
pw0.length = sizeof(pw0array);
}
- retval = krb5int_populate_gic_opt(context, &opts,
- options, addrs, ktypes,
- pre_auth_types, creds);
+ retval = k5_populate_gic_opt(context, &opts, options, addrs, ktypes,
+ pre_auth_types, creds);
if (retval)
return (retval);
retval = krb5_unparse_name( context, creds->server, &server);
}
server_princ = creds->server;
client_princ = creds->client;
- retval = krb5int_get_init_creds(context, creds, creds->client,
- krb5_prompter_posix, NULL,
- 0, server, opts,
- krb5_get_as_key_password, &pw0,
- &use_master, ret_as_reply);
+ retval = k5_get_init_creds(context, creds, creds->client,
+ krb5_prompter_posix, NULL, 0, server, opts,
+ krb5_get_as_key_password, &pw0, &use_master,
+ ret_as_reply);
krb5_free_unparsed_name( context, server);
krb5_get_init_creds_opt_free(context, opts);
if (retval) {
*/
#include "k5-int.h"
+#include "int-proto.h"
-/* A krb5_gic_get_as_key_fct shim for copying a caller-provided keyblock into
- * the AS keyblock. */
+/* Copy the caller-provided keyblock into the AS keyblock. */
static krb5_error_code
get_as_key_skey(krb5_context context, krb5_principal client,
krb5_enctype etype, krb5_prompter_fct prompter,
}
#endif /* LEAN_CLIENT */
- retval = krb5int_populate_gic_opt(context, &opts, options, addrs, ktypes,
- pre_auth_types, creds);
+ retval = k5_populate_gic_opt(context, &opts, options, addrs, ktypes,
+ pre_auth_types, creds);
if (retval)
return retval;
retval = krb5_unparse_name(context, creds->server, &server);
}
server_princ = creds->server;
client_princ = creds->client;
- retval = krb5int_get_init_creds(context, creds, creds->client,
- krb5_prompter_posix, NULL, 0, server, opts,
- get_as_key_skey, (void *) key, &use_master,
- ret_as_reply);
+ retval = k5_get_init_creds(context, creds, creds->client,
+ krb5_prompter_posix, NULL, 0, server, opts,
+ get_as_key_skey, (void *)key, &use_master,
+ ret_as_reply);
krb5_free_unparsed_name(context, server);
krb5_get_init_creds_opt_free(context, opts);
if (retval)
#define KRB5_INIT_CREDS_CONTEXT 1
#include "k5-json.h"
+#include "int-proto.h"
+
+struct krb5_responder_context_st {
+ k5_response_items *items;
+};
struct _krb5_init_creds_context {
krb5_gic_opt_ext *opte;
char *in_tkt_service;
krb5_prompter_fct prompter;
void *prompter_data;
- krb5_gic_get_as_key_fct gak_fct;
+ get_as_key_fn gak_fct;
void *gak_data;
krb5_timestamp request_time;
krb5_deltat start_time;
#include "k5-int.h"
#include "int-proto.h"
+#include "os-proto.h"
#include <ctype.h>
#include "brand.c"
#include "../krb5_libinit.h"
ctx->profile_secure = (flags & KRB5_INIT_CONTEXT_SECURE) != 0;
- if ((retval = krb5_os_init_context(ctx, profile, flags)) != 0)
+ retval = k5_os_init_context(ctx, profile, flags);
+ if (retval)
goto cleanup;
ctx->trace_callback = NULL;
#ifndef DISABLE_TRACING
if (!ctx->profile_secure)
- krb5int_init_trace(ctx);
+ k5_init_trace(ctx);
#endif
retval = get_boolean(ctx, KRB5_CONF_ALLOW_WEAK_CRYPTO, 0, &tmp);
{
if (ctx == NULL)
return;
- krb5_os_free_context(ctx);
+ k5_os_free_context(ctx);
free(ctx->in_tkt_etypes);
ctx->in_tkt_etypes = NULL;
struct krb5int_fast_request_state;
+typedef struct k5_response_items_st k5_response_items;
+
+typedef krb5_error_code
+(*get_as_key_fn)(krb5_context, krb5_principal, krb5_enctype, krb5_prompter_fct,
+ void *prompter_data, krb5_data *salt, krb5_data *s2kparams,
+ krb5_keyblock *as_key, void *gak_data,
+ k5_response_items *ritems);
+
+/*
+ * Extending the krb5_get_init_creds_opt structure. The original
+ * krb5_get_init_creds_opt structure is defined publicly. The new extended
+ * version is private. The original interface assumed a pre-allocated
+ * structure which was passed to krb5_get_init_creds_init(). The new interface
+ * assumes that the caller will call krb5_get_init_creds_alloc() and
+ * krb5_get_init_creds_free().
+ *
+ * Callers MUST NOT call krb5_get_init_creds_init() after allocating an opts
+ * structure using krb5_get_init_creds_alloc(). To do so will introduce memory
+ * leaks. Unfortunately, there is no way to enforce this behavior.
+ *
+ * Two private flags are added for backward compatibility. GIC_OPT_EXTENDED
+ * says that the structure was allocated with the new
+ * krb5_get_init_creds_opt_alloc() function. GIC_OPT_SHADOWED is set to
+ * indicate that the extended structure is a shadow copy of an original
+ * krb5_get_init_creds_opt structure. If GIC_OPT_SHADOWED is set after a call
+ * to k5_gic_opt_to_opte(), the resulting extended structure should be freed
+ * (using krb5_get_init_creds_free). Otherwise, the original structure was
+ * already extended and there is no need to free it.
+ */
+
+#define GIC_OPT_EXTENDED 0x80000000
+#define GIC_OPT_SHADOWED 0x40000000
+
+#define gic_opt_is_extended(s) ((s) != NULL && ((s)->flags & GIC_OPT_EXTENDED))
+#define gic_opt_is_shadowed(s) ((s) != NULL && ((s)->flags & GIC_OPT_SHADOWED))
+
+typedef struct gic_opt_private_st {
+ int num_preauth_data;
+ krb5_gic_opt_pa_data *preauth_data;
+ char * fast_ccache_name;
+ krb5_ccache in_ccache;
+ krb5_ccache out_ccache;
+ krb5_flags fast_flags;
+ krb5_expire_callback_func expire_cb;
+ void *expire_data;
+ krb5_responder_fn responder;
+ void *responder_data;
+} gic_opt_private;
+
+/*
+ * On the Mac, ensure that the layout of krb5_gic_opt_ext matches that
+ * of krb5_get_init_creds_opt.
+ */
+#if TARGET_OS_MAC
+# pragma pack(push,2)
+#endif
+
+typedef struct _krb5_gic_opt_ext {
+ krb5_flags flags;
+ krb5_deltat tkt_life;
+ krb5_deltat renew_life;
+ int forwardable;
+ int proxiable;
+ krb5_enctype *etype_list;
+ int etype_list_length;
+ krb5_address **address_list;
+ krb5_preauthtype *preauth_list;
+ int preauth_list_length;
+ krb5_data *salt;
+ /*
+ * Do not change anything above this point in this structure.
+ * It is identical to the public krb5_get_init_creds_opt structure.
+ * New members must be added below.
+ */
+ gic_opt_private *opt_private;
+} krb5_gic_opt_ext;
+
+#if TARGET_OS_MAC
+# pragma pack(pop)
+#endif
+
+krb5_error_code
+k5_gic_opt_to_opte(krb5_context context, krb5_get_init_creds_opt *opt,
+ krb5_gic_opt_ext **opte, unsigned int force,
+ const char *where);
+
krb5_error_code
krb5int_tgtname(krb5_context context, const krb5_data *, const krb5_data *,
krb5_principal *);
krb5_error_code
k5_restore_ctx_error(krb5_context ctx, struct errinfo *in);
+krb5_error_code
+k5_encrypt_keyhelper(krb5_context context, krb5_key key,
+ krb5_keyusage keyusage, const krb5_data *plain,
+ krb5_enc_data *cipher);
+
+krb5_error_code KRB5_CALLCONV
+k5_get_init_creds(krb5_context context, krb5_creds *creds,
+ krb5_principal client, krb5_prompter_fct prompter,
+ void *prompter_data, krb5_deltat start_time,
+ const char *in_tkt_service, krb5_get_init_creds_opt *options,
+ get_as_key_fn gak, void *gak_data, int *master,
+ krb5_kdc_rep **as_reply);
+
+krb5_error_code
+k5_populate_gic_opt(krb5_context context, krb5_get_init_creds_opt **opt,
+ krb5_flags options, krb5_address *const *addrs,
+ krb5_enctype *ktypes, krb5_preauthtype *pre_auth_types,
+ krb5_creds *creds);
+
+krb5_error_code
+k5_copy_creds_contents(krb5_context, const krb5_creds *, krb5_creds *);
+
+krb5_error_code
+k5_build_conf_principals(krb5_context context, krb5_ccache id,
+ krb5_const_principal principal, const char *name,
+ krb5_creds *cred);
+
+krb5_error_code
+k5_generate_and_save_subkey(krb5_context context,
+ krb5_auth_context auth_context,
+ krb5_keyblock *keyblock, krb5_enctype enctype);
+
+krb5_error_code
+k5_client_realm_path(krb5_context context, const krb5_data *client,
+ const krb5_data *server, krb5_data **rpath_out);
+
+size_t
+k5_count_etypes(const krb5_enctype *list);
+
+krb5_error_code
+k5_copy_etypes(const krb5_enctype *old_list, krb5_enctype **new_list);
+
#endif /* KRB5_INT_FUNC_PROTO__ */
free(req);
}
-void KRB5_CALLCONV
-krb5_free_etype_list(krb5_context context,
- krb5_etype_list *etypes)
-{
- if (etypes != NULL) {
- free(etypes->etypes);
- free(etypes);
- }
-}
void KRB5_CALLCONV
krb5_free_fast_req(krb5_context context, krb5_fast_req *val)
{
*
*/
#include "k5-int.h"
+#include "int-proto.h"
#include "cleanup.h"
#include "auth_con.h"
}
/* call the encryption routine */
- retval = krb5_encrypt_keyhelper(context, pkey,
- KRB5_KEYUSAGE_KRB_CRED_ENCPART,
- scratch, pencdata);
+ retval = k5_encrypt_keyhelper(context, pkey,
+ KRB5_KEYUSAGE_KRB_CRED_ENCPART, scratch,
+ pencdata);
if (retval) {
memset(pencdata->ciphertext.data, 0, pencdata->ciphertext.length);
*/
#include "k5-int.h"
+#include "int-proto.h"
#include "auth_con.h"
/*
else if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_USE_SUBKEY) {
assert(auth_context->negotiated_etype != ENCTYPE_NULL);
- retval = krb5int_generate_and_save_subkey (context, auth_context,
- &auth_context->key->keyblock,
- auth_context->negotiated_etype);
+ retval = k5_generate_and_save_subkey(context, auth_context,
+ &auth_context->key->keyblock,
+ auth_context->negotiated_etype);
if (retval)
return retval;
repl.subkey = &auth_context->send_subkey->keyblock;
if ((retval = encode_krb5_ap_rep_enc_part(&repl, &scratch)))
return retval;
- if ((retval = krb5_encrypt_keyhelper(context, auth_context->key,
- KRB5_KEYUSAGE_AP_REP_ENCPART,
- scratch, &reply.enc_part)))
+ if ((retval = k5_encrypt_keyhelper(context, auth_context->key,
+ KRB5_KEYUSAGE_AP_REP_ENCPART, scratch,
+ &reply.enc_part)))
goto cleanup_scratch;
if (!(retval = encode_krb5_ap_rep(&reply, &toutbuf))) {
/* generate subkey if needed */
if ((ap_req_options & AP_OPTS_USE_SUBKEY)&&(!(*auth_context)->send_subkey)) {
- retval = krb5int_generate_and_save_subkey (context, *auth_context,
- &in_creds->keyblock,
- in_creds->keyblock.enctype);
+ retval = k5_generate_and_save_subkey(context, *auth_context,
+ &in_creds->keyblock,
+ in_creds->keyblock.enctype);
if (retval)
goto cleanup;
}
#include "osconf.h"
#include <krb5/clpreauth_plugin.h>
#include "int-proto.h"
+#include "os-proto.h"
#include "fast.h"
#include "init_creds_ctx.h"
#include <k5-int.h>
#include <krb5/clpreauth_plugin.h>
#include "int-proto.h"
+#include "os-proto.h"
#include "init_creds_ctx.h"
/* this macro expands to the int,ptr necessary for "%.*s" in an sprintf */
kprompt.reply = &response_data;
prompt_type = KRB5_PROMPT_TYPE_PREAUTH;
- krb5int_set_prompt_types(context, &prompt_type);
+ k5_set_prompt_types(context, &prompt_type);
if ((retval = ((*prompter)(context, prompter_data, name,
banner, 1, &kprompt)))) {
krb5_free_sam_challenge_2(context, sc2);
krb5_free_sam_challenge_2_body(context, sc2b);
- krb5int_set_prompt_types(context, 0);
+ k5_set_prompt_types(context, NULL);
return(retval);
}
- krb5int_set_prompt_types(context, (krb5_prompt_type *)NULL);
+ k5_set_prompt_types(context, NULL);
/* Generate salt used by string_to_key() */
if (ctx->default_salt) {
client = &client_data;
}
- code = krb5int_get_init_creds(context, &creds, client,
- NULL, NULL, 0, NULL, opts,
- krb5_get_as_key_noop, &userid,
- &use_master, NULL);
+ code = k5_get_init_creds(context, &creds, client, NULL, NULL, 0, NULL,
+ opts, krb5_get_as_key_noop, &userid, &use_master,
+ NULL);
if (code == 0 || code == KRB5_PREAUTH_FAILED) {
*canon_user = userid.user;
userid.user = NULL;
tgtptr = tgt;
- code = krb5int_copy_creds_contents(context, in_creds, &s4u_creds);
+ code = k5_copy_creds_contents(context, in_creds, &s4u_creds);
if (code != 0)
goto cleanup;
*/
#include "k5-int.h"
+#include "os-proto.h"
#include "com_err.h"
#include "auth_con.h"
#include <errno.h>
outbuf[0].data = (char *) sendauth_version;
outbuf[1].length = strlen(appl_version) + 1;
outbuf[1].data = appl_version;
- if ((retval = krb5int_write_messages(context, fd, outbuf, 2)))
+ if ((retval = k5_write_messages(context, fd, outbuf, 2)))
return(retval);
/*
* Now, read back a byte: 0 means no error, 1 means bad sendauth
context = (krb5_context) arg;
if (!context)
return (EINVAL);
- KRB5_VERIFY_MAGIC(context, KV5M_CONTEXT);
+ if (context->magic != KV5M_CONTEXT)
+ return (KV5M_CONTEXT);
if ((kret = krb5_context_size(kcontext, arg, &required)))
return (kret);
#include <k5-int.h>
#ifndef LEAN_CLIENT
-krb5_error_code KRB5_CALLCONV
-krb5int_server_decrypt_ticket_keyblock(krb5_context context,
- const krb5_keyblock *key,
- krb5_ticket *ticket)
+static krb5_error_code
+decrypt_ticket_keyblock(krb5_context context, const krb5_keyblock *key,
+ krb5_ticket *ticket)
{
krb5_error_code retval;
krb5_data *realm;
ticket->enc_part.kvno,
ticket->enc_part.enctype, &ktent);
if (retval == 0) {
- retval = krb5int_server_decrypt_ticket_keyblock(context, &ktent.key, ticket);
+ retval = decrypt_ticket_keyblock(context, &ktent.key, ticket);
(void) krb5_free_keytab_entry_contents(context, &ktent);
}
if (ktent.key.enctype != ticket->enc_part.enctype)
continue;
- retval = krb5int_server_decrypt_ticket_keyblock(context, &ktent.key, ticket);
+ retval = decrypt_ticket_keyblock(context, &ktent.key, ticket);
if (retval == 0) {
krb5_principal tmp;
*/
#include <k5-int.h>
+#include "int-proto.h"
#include <getopt.h>
static void
memset(&mcreds, 0, sizeof(mcreds));
memset(&creds, 0, sizeof(creds));
bail_on_err(context, "Error while deriving configuration principal names",
- krb5int_build_conf_principals(context, ccache, server, key,
- &mcreds));
+ k5_build_conf_principals(context, ccache, server, key,
+ &mcreds));
bail_on_err(context, "Error resolving first in-memory ccache",
krb5_cc_resolve(context, "MEMORY:tmp1", &tmp1));
bail_on_err(context, "Error initializing first in-memory ccache",
initialize_k5e1_error_table
initialize_kv5m_error_table
initialize_prof_error_table
+k5_build_conf_principals
k5_ccselect_free_context
-k5_copy_etypes
-k5_count_etypes
k5_etypes_contains
k5_expand_path_tokens
k5_expand_path_tokens_extra
k5_free_pa_otp_challenge
k5_free_pa_otp_req
k5_free_serverlist
+k5_init_trace
k5_kt_get_principal
k5_locate_kdc
+k5_os_free_context
+k5_os_init_context
k5_plugin_free_modules
k5_plugin_load
k5_plugin_load_all
krb5_cc_remove_cred
krb5_cc_resolve
krb5_cc_retrieve_cred
-krb5_cc_retrieve_cred_default
krb5_cc_select
krb5_cc_set_config
krb5_cc_set_default_name
krb5_copy_keyblock_contents
krb5_copy_principal
krb5_copy_ticket
-krb5_create_secure_file
krb5_crypto_us_timeofday
krb5_decode_authdata_container
krb5_decode_ticket
krb5_mk_safe
krb5_net_read
krb5_net_write
-krb5_os_free_context
-krb5_os_hostaddr
-krb5_os_init_context
krb5_os_localaddr
krb5_overridekeyname
krb5_pac_add_buffer
krb5_string_to_deltat
krb5_string_to_salttype
krb5_string_to_timestamp
-krb5_sync_disk_file
krb5int_tgtname
krb5_tkt_creds_free
krb5_tkt_creds_get
krb5_walk_realm_tree
krb5_write_message
krb5int_accessor
-krb5int_build_conf_principals
krb5int_cc_default
krb5int_cleanup_library
-krb5int_clean_hostname
krb5int_cm_call_select
krb5int_copy_data_contents
krb5int_copy_data_contents_add0
krb5int_free_data_list
krb5int_get_authdata_containee_types
krb5int_init_context_kdc
-krb5int_init_trace
krb5int_initialize_library
krb5int_parse_enctype_list
krb5int_sendtokdc_debug_handler
#include "k5-int.h"
#include "os-proto.h"
+#include "../krb/int-proto.h"
/* If this trick gets used elsewhere, move it to k5-platform.h. */
#ifndef DESIGNATED_INITIALIZERS
#endif
S (auth_con_get_subkey_enctype, krb5_auth_con_get_subkey_enctype),
- S (clean_hostname, krb5int_clean_hostname),
+ S (clean_hostname, k5_clean_hostname),
#ifndef LEAN_CLIENT
#define SC(FIELD, VAL) S(FIELD, VAL)
SC (decode_krb5_td_dh_parameters, decode_krb5_td_dh_parameters),
SC (encode_krb5_kdc_req_body, encode_krb5_kdc_req_body),
SC (free_kdc_req, krb5_free_kdc_req),
- SC (set_prompt_types, krb5int_set_prompt_types),
+ SC (set_prompt_types, k5_set_prompt_types),
#undef SC
#if DESIGNATED_INITIALIZERS
#define MAXHOSTNAMELEN 64
#endif
+#define MAX_DNS_NAMELEN (15*(MAXHOSTNAMELEN + 1)+1)
+
#endif /* KRB5_DNS_LOOKUP */
/*
const unsigned char *, char *, int);
void krb5int_dns_fini(struct krb5int_dns_state *);
+struct srv_dns_entry {
+ struct srv_dns_entry *next;
+ int priority;
+ int weight;
+ unsigned short port;
+ char *host;
+};
+
+krb5_error_code krb5int_make_srv_query_realm(const krb5_data *realm,
+ const char *service,
+ const char *protocol,
+ struct srv_dns_entry **answers);
+void krb5int_free_srv_dns_data(struct srv_dns_entry *);
+
#endif /* KRB5_DNS_LOOKUP */
#endif /* !defined(KRB5_DNSGLUE_H) */
*/
#include "k5-int.h"
+#include "os-proto.h"
#include "fake-addrinfo.h"
krb5_error_code
-krb5_os_hostaddr(krb5_context context, const char *name,
- krb5_address ***ret_addrs)
+k5_os_hostaddr(krb5_context context, const char *name,
+ krb5_address ***ret_addrs)
{
krb5_error_code retval;
krb5_address **addrs;
/*
* krb5_get_host_realm()
* krb5_get_fallback_host_realm()
- * krb5int_clean_hostname()
+ * k5_clean_hostname()
* krb5_free_host_realm()
*/
#endif /* MAXDNAME */
#endif /* KRB5_DNS_LOOKUP */
-krb5_error_code krb5int_translate_gai_error (int);
+static krb5_error_code krb5int_translate_gai_error(int);
static krb5_error_code
get_fq_hostname(char *buf, size_t bufsize, const char *name)
TRACE_GET_HOST_REALM(context, host);
- retval = krb5int_clean_hostname(context, host, local_host, sizeof local_host);
+ retval = k5_clean_hostname(context, host, local_host, sizeof local_host);
if (retval)
return retval;
# endif
#endif
-krb5_error_code
+static krb5_error_code
krb5int_translate_gai_error (int num)
{
switch (num) {
TRACE_GET_FALLBACK_HOST_REALM(context, host);
- retval = krb5int_clean_hostname(context, host, local_host, sizeof local_host);
+ retval = k5_clean_hostname(context, host, local_host, sizeof local_host);
if (retval)
return retval;
* to do basic sanity checks on supplied hostname.
*/
krb5_error_code
-krb5int_clean_hostname(krb5_context context,
- const char *host, char *local_host, size_t lhsize)
+k5_clean_hostname(krb5_context context, const char *host, char *local_host,
+ size_t lhsize)
{
char *cp;
krb5_error_code retval;
/* This function is needed by KfM's KerberosPreferences API
* because it needs to be able to specify "secure" */
-krb5_error_code
+static krb5_error_code
os_get_default_config_files(profile_filespec_t **pfiles, krb5_boolean secure)
{
profile_filespec_t* files;
}
krb5_error_code
-krb5_os_init_context(krb5_context ctx, profile_t profile, krb5_flags flags)
+k5_os_init_context(krb5_context ctx, profile_t profile, krb5_flags flags)
{
krb5_os_context os_ctx;
krb5_error_code retval = 0;
}
void
-krb5_os_free_context(krb5_context ctx)
+k5_os_free_context(krb5_context ctx)
{
krb5_os_context os_ctx;
* M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
- *
- *
- * krb5_create_secure_file
- * krb5_sync_disk_file
*/
#ifdef MODULE_VERSION_ID
#include "k5-int.h"
+#include "os-proto.h"
#ifdef HAVE_SYS_FILE_H
#include <sys/file.h>
#endif
#endif
krb5_error_code
-krb5_create_secure_file(krb5_context context, const char *pathname)
+k5_create_secure_file(krb5_context context, const char *pathname)
{
int fd;
}
krb5_error_code
-krb5_sync_disk_file(krb5_context context, FILE *fp)
+k5_sync_disk_file(krb5_context context, FILE *fp)
{
fflush(fp);
#if !defined(MSDOS_FILESYSTEM)
*/
#include "k5-int.h"
+#include "os-proto.h"
#if !defined(_WIN32)
fprintf (stderr, " processing '%s'\n", current);
#endif
newaddrs = 0;
- err = krb5_os_hostaddr (context, current, &newaddrs);
+ err = k5_os_hostaddr (context, current, &newaddrs);
if (err)
continue;
for (i = 0; newaddrs[i]; i++) {
#include <resolv.h>
#include <netdb.h>
#endif /* WSHELPER */
-#ifndef T_SRV
-#define T_SRV 33
-#endif /* T_SRV */
-
-/* for old Unixes and friends ... */
-#ifndef MAXHOSTNAMELEN
-#define MAXHOSTNAMELEN 64
-#endif
+#include "dnsglue.h"
#if KRB5_DNS_LOOKUP_KDC
#define DEFAULT_LOOKUP_KDC 1
break;
case locate_service_krb524:
profname = KRB5_CONF_KRB524_SERVER;
- serv = getservbyname(KRB524_SERVICE, "udp");
- dflport1 = serv ? serv->s_port : htons (KRB524_PORT);
+ serv = getservbyname("krb524", "udp");
+ dflport1 = serv ? serv->s_port : htons(4444);
break;
case locate_service_kpasswd:
profname = KRB5_CONF_KPASSWD_SERVER;
const char *path_in,
char **path_out, ...);
+krb5_error_code k5_create_secure_file(krb5_context, const char * pathname);
+krb5_error_code k5_sync_disk_file(krb5_context, FILE *fp);
+krb5_error_code k5_os_init_context(krb5_context context, profile_t profile,
+ krb5_flags flags);
+void k5_os_free_context(krb5_context);
+krb5_error_code k5_os_hostaddr(krb5_context, const char *, krb5_address ***);
+krb5_error_code k5_time_with_offset(krb5_timestamp offset,
+ krb5_int32 offset_usec,
+ krb5_timestamp *time_out,
+ krb5_int32 *usec_out);
+void k5_set_prompt_types(krb5_context, krb5_prompt_type *);
+krb5_error_code k5_clean_hostname(krb5_context, const char *, char *, size_t);
+krb5_error_code k5_kt_client_default_name(krb5_context context,
+ char **name_out);
+krb5_error_code k5_write_messages(krb5_context, krb5_pointer, krb5_data *,
+ int);
+void k5_init_trace(krb5_context context);
+
#include "k5-thread.h"
extern k5_mutex_t krb5int_us_time_mutex;
/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
#include "k5-int.h"
+#include "os-proto.h"
#if !defined(_WIN32) || (defined(_WIN32) && defined(__CYGWIN32__))
#include <stdio.h>
#include <errno.h>
#endif /* Windows or Mac */
void
-krb5int_set_prompt_types(krb5_context context, krb5_prompt_type *types)
+k5_set_prompt_types(krb5_context context, krb5_prompt_type *types)
{
context->prompt_types = types;
}
*/
#include "k5-int.h"
+#include "os-proto.h"
#include "cm.h"
#ifndef DISABLE_TRACING
}
void
-krb5int_init_trace(krb5_context context)
+k5_init_trace(krb5_context context)
{
const char *filename;
*/
#include "k5-int.h"
+#include "os-proto.h"
krb5_error_code
k5_time_with_offset(krb5_timestamp offset, krb5_int32 offset_usec,
* efficiently.
*/
krb5_error_code
-krb5int_write_messages(krb5_context context, krb5_pointer fdp,
- krb5_data *outbuf, int nbufs)
+k5_write_messages(krb5_context context, krb5_pointer fdp, krb5_data *outbuf,
+ int nbufs)
{
int fd = *( (int *) fdp);
krb5_error_code
krb5_write_message(krb5_context context, krb5_pointer fdp, krb5_data *outbuf)
{
- return krb5int_write_messages(context, fdp, outbuf, 1);
+ return k5_write_messages(context, fdp, outbuf, 1);
}
krb5_responder_otp_challenge_free @415
krb5_cc_move @416
krb5_get_init_creds_opt_set_in_ccache @417
- krb5int_build_conf_principals @418 ; PRIVATE
; new in 1.12
krb5_free_enctypes @419
projects / thirdparty / krb5.git / commitdiff
