#define krb5_copy_error_state(CTX, OCTX) \
krb5int_set_error(&(CTX)->errinfo, (OCTX)->errinfo.code, "%s", (OCTX)->errinfo.msg)
+/*
+ * Referral definitions, debugging hooks, and subfunctions.
+ */
+#define KRB5_REFERRAL_MAXHOPS 5
+/* #define DEBUG_REFERRALS */
+
+#ifdef DEBUG_REFERRALS
+void krb5int_dbgref_dump_principal(char *, krb5_principal);
+#endif
+
+/* Common hostname-parsing code. */
+krb5_error_code KRB5_CALLCONV krb5int_clean_hostname
+ (krb5_context,
+ const char *,
+ char *,
+ size_t);
+
#endif /* _KRB5_INT_H */
* Constants for realm referrals.
*/
#define KRB5_REFERRAL_REALM ""
-#define KRB5_REFERRAL_MAXHOPS 5
/*
* Referral-specific functions.
*/
-krb5_boolean krb5_is_referral_realm(krb5_data *);
-
-/*
- * Referral debugging hooks.
- */
-/* #define DEBUG_REFERRALS */
-
-#ifdef DEBUG_REFERRALS
-void dbgref_dump_principal(char *, krb5_principal);
-#endif
+krb5_boolean KRB5_CALLCONV krb5_is_referral_realm(krb5_data *);
/*
* end "base-defs.h"
(krb5_context,
krb5_data *,
char *** );
-krb5_error_code KRB5_CALLCONV krb5_clean_hostname
- (krb5_context,
- const char *,
- char *,
- size_t);
krb5_error_code KRB5_CALLCONV krb5_free_host_realm
(krb5_context,
char * const * );
#ifdef DEBUG_REFERRALS
- dbgref_dump_principal("gc_from_kdc initial client", client);
- dbgref_dump_principal("gc_from_kdc initial server", server);
+ krb5int_dbgref_dump_principal("gc_from_kdc initial client", client);
+ krb5int_dbgref_dump_principal("gc_from_kdc initial server", server);
#endif
memset(&cc_tgt, 0, sizeof(cc_tgt));
memset(&tgtq, 0, sizeof(tgtq));
}
#ifdef DEBUG_REFERRALS
- dbgref_dump_principal("gc_from_kdc: server as requested", supplied_server);
+ krb5int_dbgref_dump_principal("gc_from_kdc: server as requested", supplied_server);
#endif
/*
for (referral_count=0;referral_count<KRB5_REFERRAL_MAXHOPS;referral_count++) {
#ifdef DEBUG_REFERRALS
#if 0
- dbgref_dump_principal("gc_from_kdc: referral loop: tgt in use", tgtptr->server);
- dbgref_dump_principal("gc_from_kdc: referral loop: request is for", server);
+ krb5int_dbgref_dump_principal("gc_from_kdc: referral loop: tgt in use", tgtptr->server);
+ krb5int_dbgref_dump_principal("gc_from_kdc: referral loop: request is for", server);
#endif
#endif
retval = krb5_get_cred_via_tkt(context, tgtptr,
if (krb5_principal_compare(context, in_cred->server, (*out_cred)->server)) {
#ifdef DEBUG_REFERRALS
printf("gc_from_kdc: request generated ticket for requested server principal\n");
- dbgref_dump_principal("gc_from_kdc final referred reply",in_cred->server);
+ krb5int_dbgref_dump_principal("gc_from_kdc final referred reply",in_cred->server);
#endif
goto cleanup;
}
else {
#ifdef DEBUG_REFERRALS
printf("gc_from_kdc: request generated referral tgt\n");
- dbgref_dump_principal("gc_from_kdc credential received", (*out_cred)->server);
+ krb5int_dbgref_dump_principal("gc_from_kdc credential received", (*out_cred)->server);
#endif
/* Check for referral routing loop. */
for (i=0;i<referral_count;i++) {
#ifdef DEBUG_REFERRALS
#if 0
- dbgref_dump_principal("gc_from_kdc: loop compare #1", (*out_cred)->server);
- dbgref_dump_principal("gc_from_kdc: loop compare #2", referral_tgts[i]->server);
+ krb5int_dbgref_dump_principal("gc_from_kdc: loop compare #1", (*out_cred)->server);
+ krb5int_dbgref_dump_principal("gc_from_kdc: loop compare #2", referral_tgts[i]->server);
#endif
#endif
if (krb5_principal_compare(context, (*out_cred)->server, referral_tgts[i]->server)) {
}
#ifdef DEBUG_REFERRALS
- dbgref_dump_principal("gc_from_kdc client at fallback", client);
- dbgref_dump_principal("gc_from_kdc server at fallback", server);
+ krb5int_dbgref_dump_principal("gc_from_kdc client at fallback", client);
+ krb5int_dbgref_dump_principal("gc_from_kdc server at fallback", server);
#endif
/*
}
#ifdef DEBUG_REFERRALS
- dbgref_dump_principal("gc_from_kdc server at fallback after fallback rewrite", server);
+ krb5int_dbgref_dump_principal("gc_from_kdc server at fallback after fallback rewrite", server);
#endif
/*
/* Drop the original principal back into in_cred so that it's cached
in the expected format. */
#ifdef DEBUG_REFERRALS
- dbgref_dump_principal("gc_from_kdc: final hacked server principal at cleanup",server);
+ krb5int_dbgref_dump_principal("gc_from_kdc: final hacked server principal at cleanup",server);
#endif
krb5_free_principal(context, server);
in_cred->server = supplied_server;
krb5_free_principal (context, out_supplied_server);
}
#ifdef DEBUG_REFERRALS
- dbgref_dump_principal("gc_from_kdc: final server after reversion",in_cred->server);
+ krb5int_dbgref_dump_principal("gc_from_kdc: final server after reversion",in_cred->server);
#endif
/*
* Deal with ccache TGT management: If tgts has been set from
return subretval;
(*tgts)[1]=NULL;
#ifdef DEBUG_REFERRALS
- dbgref_dump_principal("gc_from_kdc: returning referral TGT for ccache",(*tgts)[0]->server);
+ krb5int_dbgref_dump_principal("gc_from_kdc: returning referral TGT for ccache",(*tgts)[0]->server);
#endif
#if 0
}
return krb5_get_cred_from_kdc_opt(context, ccache, in_cred, out_cred, tgts,
KDC_OPT_RENEW);
}
-
-krb5_boolean krb5_is_referral_realm(krb5_data *r)
-{
- /*
- * Check for a match with KRB5_REFERRAL_REALM. Currently this relies
- * on that string constant being zero-length. (Unlike principal realm
- * names, KRB5_REFERRAL_REALM is known to be a string.)
- */
-#ifdef DEBUG_REFERRALS
-#if 0
- printf("krb5_is_ref_realm: checking <%s> for referralness: %s\n",
- r->data,(r->length==0)?"true":"false");
-#endif
-#endif
- assert(strlen(KRB5_REFERRAL_REALM)==0);
- if (r->length==0)
- return TRUE;
- else
- return FALSE;
-}
#ifdef DEBUG_REFERRALS
printf("krb5_get_cred_via_tkt starting; referral flag is %s\n", kdcoptions&KDC_OPT_CANONICALIZE?"on":"off");
- dbgref_dump_principal("krb5_get_cred_via_tkt requested ticket", in_cred->server);
- dbgref_dump_principal("krb5_get_cred_via_tkt TGT in use", tkt->server);
+ krb5int_dbgref_dump_principal("krb5_get_cred_via_tkt requested ticket", in_cred->server);
+ krb5int_dbgref_dump_principal("krb5_get_cred_via_tkt TGT in use", tkt->server);
#endif
/* tkt->client must be equal to in_cred->client */
#if 0
#ifdef DEBUG_REFERRALS
printf("gc_via_tkt: in_cred and encoding don't match but referrals requested\n");
- dbgref_dump_principal("gc_via_tkt: in_cred",in_cred->server);
- dbgref_dump_principal("gc_via_tkt: encoded server",dec_rep->enc_part2->server);
+ krb5int_dbgref_dump_principal("gc_via_tkt: in_cred",in_cred->server);
+ krb5int_dbgref_dump_principal("gc_via_tkt: encoded server",dec_rep->enc_part2->server);
#endif
#endif
}
}
return TRUE;
}
+
+krb5_boolean KRB5_CALLCONV krb5_is_referral_realm(krb5_data *r)
+{
+ /*
+ * Check for a match with KRB5_REFERRAL_REALM. Currently this relies
+ * on that string constant being zero-length. (Unlike principal realm
+ * names, KRB5_REFERRAL_REALM is known to be a string.)
+ */
+#ifdef DEBUG_REFERRALS
+#if 0
+ printf("krb5_is_ref_realm: checking <%s> for referralness: %s\n",
+ r->data,(r->length==0)?"true":"false");
+#endif
+#endif
+ assert(strlen(KRB5_REFERRAL_REALM)==0);
+ if (r->length==0)
+ return TRUE;
+ else
+ return FALSE;
+}
printf("krb5_walk_realm_tree ending; tree (length %d) is:\n",links);
for(i=0;i<links+2;i++) {
if ((*tree)[i])
- dbgref_dump_principal("krb5_walk_realm_tree tree",(*tree)[i]);
+ krb5int_dbgref_dump_principal("krb5_walk_realm_tree tree",(*tree)[i]);
else
printf("tree element %i null\n");
}
}
#ifdef DEBUG_REFERRALS
-void dbgref_dump_principal(char *d, krb5_principal p)
+void krb5int_dbgref_dump_principal(char *d, krb5_principal p)
{
int n;
krb5_init_secure_context
krb5_internalize_opaque
krb5_is_permitted_enctype
+krb5_is_referral_realm
krb5_is_thread_safe
krb5_kdc_rep_decrypt_proc
krb5_kt_add_entry
printf("get_host_realm(host:%s) called\n",host);
#endif
- krb5_clean_hostname(context, host, local_host, sizeof local_host);
+ krb5int_clean_hostname(context, host, local_host, sizeof local_host);
/*
Search for the best match for the host or domain.
printf("get_fallback_host_realm(host >%s<) called\n",host);
#endif
- krb5_clean_hostname(context, host, local_host, sizeof local_host);
+ krb5int_clean_hostname(context, host, local_host, sizeof local_host);
/* Scan hostname for DNS realm, and save as last-ditch realm
assumption. */
* to do basic sanity checks on supplied hostname.
*/
krb5_error_code KRB5_CALLCONV
-krb5_clean_hostname(krb5_context context, const char *host, char *local_host, size_t lhsize)
+krb5int_clean_hostname(krb5_context context, const char *host, char *local_host, size_t lhsize)
{
char **retrealms;
char *realm, *cp, *temp_realm;
local_host[0]=0;
#ifdef DEBUG_REFERRALS
- printf("krb5_clean_hostname called: host<%s>, local_host<%s>, size %d\n",host,local_host,lhsize);
+ printf("krb5int_clean_hostname called: host<%s>, local_host<%s>, size %d\n",host,local_host,lhsize);
#endif
if (host) {
/* Filter out numeric addresses if the caller utterly failed to
local_host[l-1] = 0;
#ifdef DEBUG_REFERRALS
- printf("krb5_clean_hostname ending: host<%s>, local_host<%s>, size %d\n",host,local_host,lhsize);
+ printf("krb5int_clean_hostname ending: host<%s>, local_host<%s>, size %d\n",host,local_host,lhsize);
#endif
return 0;
}
printf("krb5_sname_to_principal returning\n");
printf("realm: <%s>, sname: <%s>, remote_host: <%s>\n",
realm,sname,remote_host);
- dbgref_dump_principal("krb5_sname_to_principal",*ret_princ);
+ krb5int_dbgref_dump_principal("krb5_sname_to_principal",*ret_princ);
#endif
free(remote_host);
krb5_init_keyblock
krb5_init_random_key
krb5_init_secure_context
+ krb5_is_referral_realm
krb5_is_thread_safe
krb5_kt_add_entry
krb5_kt_close
projects / thirdparty / krb5.git / commitdiff
