r20640: Commit part 2/2

Update Heimdal to match current lorikeet-heimdal. This includes integrated PAC hooks, so Samba doesn't have to handle this any more. This also brings in the PKINIT code, hence so many new files. Andrew Bartlett (This used to be commit 351f7040f7bb73b9a60b22b564686f7c2f98a729)
author: Andrew Bartlett <abartlet@samba.org> 2007-01-10 01:57:32 +0000
committer: Gerald (Jerry) Carter <jerry@samba.org> 2007-10-10 14:37:20 -0500
commit: f7242f643763ccb6e10801af4ce53d0873e2d3e1 (patch)
tree: cd06665f49d12795e23699e6666d85da1f64d7bd /source4/heimdal/lib/gssapi/krb5/acquire_cred.c
parent: 08976cb3d2adfe5ea90ed53e6aa6fa8161649f7a (diff)
download: samba-f7242f643763ccb6e10801af4ce53d0873e2d3e1.tar.gz
samba-f7242f643763ccb6e10801af4ce53d0873e2d3e1.tar.bz2
samba-f7242f643763ccb6e10801af4ce53d0873e2d3e1.zip
1 files changed, 58 insertions, 54 deletions
diff --git a/source4/heimdal/lib/gssapi/krb5/acquire_cred.c b/source4/heimdal/lib/gssapi/krb5/acquire_cred.c
index df6e137402..e811a99a8b 100644
--- a/source4/heimdal/lib/gssapi/krb5/acquire_cred.c
+++ b/source4/heimdal/lib/gssapi/krb5/acquire_cred.c
@@ -33,13 +33,14 @@
 
 #include "krb5/gsskrb5_locl.h"
 
-RCSID("$Id: acquire_cred.c,v 1.31 2006/10/07 22:13:55 lha Exp $");
+RCSID("$Id: acquire_cred.c,v 1.33 2006/11/20 18:09:30 lha Exp $");
 
 OM_uint32
 __gsskrb5_ccache_lifetime(OM_uint32 *minor_status,
-			     krb5_ccache id,
-			     krb5_principal principal,
-			     OM_uint32 *lifetime)
+			  krb5_context context,
+			  krb5_ccache id,
+			  krb5_principal principal,
+			  OM_uint32 *lifetime)
 {
     krb5_creds in_cred, *out_cred;
     krb5_const_realm realm;
@@ -48,32 +49,30 @@ __gsskrb5_ccache_lifetime(OM_uint32 *minor_status,
     memset(&in_cred, 0, sizeof(in_cred));
     in_cred.client = principal;
 	
-    realm = krb5_principal_get_realm(_gsskrb5_context,  principal);
+    realm = krb5_principal_get_realm(context,  principal);
     if (realm == NULL) {
 	_gsskrb5_clear_status ();
 	*minor_status = KRB5_PRINC_NOMATCH; /* XXX */
 	return GSS_S_FAILURE;
     }
 
-    kret = krb5_make_principal(_gsskrb5_context, &in_cred.server, 
+    kret = krb5_make_principal(context, &in_cred.server, 
 			       realm, KRB5_TGS_NAME, realm, NULL);
     if (kret) {
-	_gsskrb5_set_error_string();
 	*minor_status = kret;
 	return GSS_S_FAILURE;
     }
 
-    kret = krb5_get_credentials(_gsskrb5_context, 0, 
+    kret = krb5_get_credentials(context, 0, 
 				id, &in_cred, &out_cred);
-    krb5_free_principal(_gsskrb5_context, in_cred.server);
+    krb5_free_principal(context, in_cred.server);
     if (kret) {
-	_gsskrb5_set_error_string();
 	*minor_status = kret;
 	return GSS_S_FAILURE;
     }
 
     *lifetime = out_cred->times.endtime;
-    krb5_free_creds(_gsskrb5_context, out_cred);
+    krb5_free_creds(context, out_cred);
 
     return GSS_S_COMPLETE;
 }
@@ -82,7 +81,7 @@ __gsskrb5_ccache_lifetime(OM_uint32 *minor_status,
 
 
 static krb5_error_code
-get_keytab(krb5_keytab *keytab)
+get_keytab(krb5_context context, krb5_keytab *keytab)
 {
     char kt_name[256];
     krb5_error_code kret;
@@ -90,13 +89,13 @@ get_keytab(krb5_keytab *keytab)
     HEIMDAL_MUTEX_lock(&gssapi_keytab_mutex);
 
     if (_gsskrb5_keytab != NULL) {
-	kret = krb5_kt_get_name(_gsskrb5_context,
+	kret = krb5_kt_get_name(context,
 				_gsskrb5_keytab,
 				kt_name, sizeof(kt_name));
 	if (kret == 0)
-	    kret = krb5_kt_resolve(_gsskrb5_context, kt_name, keytab);
+	    kret = krb5_kt_resolve(context, kt_name, keytab);
     } else
-	kret = krb5_kt_default(_gsskrb5_context, keytab);
+	kret = krb5_kt_default(context, keytab);
 
     HEIMDAL_MUTEX_unlock(&gssapi_keytab_mutex);
 
@@ -105,6 +104,7 @@ get_keytab(krb5_keytab *keytab)
 
 static OM_uint32 acquire_initiator_cred
 		  (OM_uint32 * minor_status,
+		   krb5_context context,
 		   const gss_name_t desired_name,
 		   OM_uint32 time_req,
 		   const gss_OID_set desired_mechs,
@@ -132,33 +132,33 @@ static OM_uint32 acquire_initiator_cred
      * caches, otherwise, fall back to default cache.  Ignore
      * errors. */
     if (handle->principal)
-	kret = krb5_cc_cache_match (_gsskrb5_context,
+	kret = krb5_cc_cache_match (context,
 				    handle->principal,
 				    NULL,
 				    &ccache);
     
     if (ccache == NULL) {
-	kret = krb5_cc_default(_gsskrb5_context, &ccache);
+	kret = krb5_cc_default(context, &ccache);
 	if (kret)
 	    goto end;
     }
-    kret = krb5_cc_get_principal(_gsskrb5_context, ccache,
+    kret = krb5_cc_get_principal(context, ccache,
 	&def_princ);
     if (kret != 0) {
 	/* we'll try to use a keytab below */
-	krb5_cc_destroy(_gsskrb5_context, ccache);
+	krb5_cc_destroy(context, ccache);
 	ccache = NULL;
 	kret = 0;
     } else if (handle->principal == NULL)  {
-	kret = krb5_copy_principal(_gsskrb5_context, def_princ,
+	kret = krb5_copy_principal(context, def_princ,
 	    &handle->principal);
 	if (kret)
 	    goto end;
     } else if (handle->principal != NULL &&
-	krb5_principal_compare(_gsskrb5_context, handle->principal,
+	krb5_principal_compare(context, handle->principal,
 	def_princ) == FALSE) {
 	/* Before failing, lets check the keytab */
-	krb5_free_principal(_gsskrb5_context, def_princ);
+	krb5_free_principal(context, def_princ);
 	def_princ = NULL;
     }
     if (def_princ == NULL) {
@@ -166,30 +166,30 @@ static OM_uint32 acquire_initiator_cred
 	 * so attempt to get a TGT using a keytab.
 	 */
 	if (handle->principal == NULL) {
-	    kret = krb5_get_default_principal(_gsskrb5_context,
+	    kret = krb5_get_default_principal(context,
 		&handle->principal);
 	    if (kret)
 		goto end;
 	}
-	kret = get_keytab(&keytab);
+	kret = get_keytab(context, &keytab);
 	if (kret)
 	    goto end;
-	kret = krb5_get_init_creds_opt_alloc(_gsskrb5_context, &opt);
+	kret = krb5_get_init_creds_opt_alloc(context, &opt);
 	if (kret)
 	    goto end;
-	kret = krb5_get_init_creds_keytab(_gsskrb5_context, &cred,
+	kret = krb5_get_init_creds_keytab(context, &cred,
 	    handle->principal, keytab, 0, NULL, opt);
-	krb5_get_init_creds_opt_free(opt);
+	krb5_get_init_creds_opt_free(context, opt);
 	if (kret)
 	    goto end;
-	kret = krb5_cc_gen_new(_gsskrb5_context, &krb5_mcc_ops,
+	kret = krb5_cc_gen_new(context, &krb5_mcc_ops,
 		&ccache);
 	if (kret)
 	    goto end;
-	kret = krb5_cc_initialize(_gsskrb5_context, ccache, cred.client);
+	kret = krb5_cc_initialize(context, ccache, cred.client);
 	if (kret)
 	    goto end;
-	kret = krb5_cc_store_cred(_gsskrb5_context, ccache, &cred);
+	kret = krb5_cc_store_cred(context, ccache, &cred);
 	if (kret)
 	    goto end;
 	handle->lifetime = cred.times.endtime;
@@ -197,9 +197,10 @@ static OM_uint32 acquire_initiator_cred
     } else {
 
 	ret = __gsskrb5_ccache_lifetime(minor_status,
-					   ccache,
-					   handle->principal,
-					   &handle->lifetime);
+					context,
+					ccache,
+					handle->principal,
+					&handle->lifetime);
 	if (ret != GSS_S_COMPLETE)
 	    goto end;
 	kret = 0;
@@ -210,17 +211,16 @@ static OM_uint32 acquire_initiator_cred
 
 end:
     if (cred.client != NULL)
-	krb5_free_cred_contents(_gsskrb5_context, &cred);
+	krb5_free_cred_contents(context, &cred);
     if (def_princ != NULL)
-	krb5_free_principal(_gsskrb5_context, def_princ);
+	krb5_free_principal(context, def_princ);
     if (keytab != NULL)
-	krb5_kt_close(_gsskrb5_context, keytab);
+	krb5_kt_close(context, keytab);
     if (ret != GSS_S_COMPLETE) {
 	if (ccache != NULL)
-	    krb5_cc_close(_gsskrb5_context, ccache);
+	    krb5_cc_close(context, ccache);
 	if (kret != 0) {
 	    *minor_status = kret;
-	    _gsskrb5_set_error_string ();
 	}
     }
     return (ret);
@@ -228,6 +228,7 @@ end:
 
 static OM_uint32 acquire_acceptor_cred
 		  (OM_uint32 * minor_status,
+		   krb5_context context,
 		   const gss_name_t desired_name,
 		   OM_uint32 time_req,
 		   const gss_OID_set desired_mechs,
@@ -242,7 +243,7 @@ static OM_uint32 acquire_acceptor_cred
 
     kret = 0;
     ret = GSS_S_FAILURE;
-    kret = get_keytab(&handle->keytab);
+    kret = get_keytab(context, &handle->keytab);
     if (kret)
 	goto end;
     
@@ -250,21 +251,20 @@ static OM_uint32 acquire_acceptor_cred
     if (handle->principal) {
 	krb5_keytab_entry entry;
 
-	kret = krb5_kt_get_entry(_gsskrb5_context, handle->keytab, 
+	kret = krb5_kt_get_entry(context, handle->keytab, 
 				 handle->principal, 0, 0, &entry);
 	if (kret)
 	    goto end;
-	krb5_kt_free_entry(_gsskrb5_context, &entry);
+	krb5_kt_free_entry(context, &entry);
     }
     ret = GSS_S_COMPLETE;
  
 end:
     if (ret != GSS_S_COMPLETE) {
 	if (handle->keytab != NULL)
-	    krb5_kt_close(_gsskrb5_context, handle->keytab);
+	    krb5_kt_close(context, handle->keytab);
 	if (kret != 0) {
 	    *minor_status = kret;
-	    _gsskrb5_set_error_string ();
 	}
     }
     return (ret);
@@ -281,6 +281,7 @@ OM_uint32 _gsskrb5_acquire_cred
  OM_uint32 * time_rec
     )
 {
+    krb5_context context;
     gsskrb5_cred handle;
     OM_uint32 ret;
 
@@ -289,7 +290,7 @@ OM_uint32 _gsskrb5_acquire_cred
 	return GSS_S_FAILURE;
     }
 
-    GSSAPI_KRB5_INIT ();
+    GSSAPI_KRB5_INIT(&context);
 
     *output_cred_handle = NULL;
     if (time_rec)
@@ -320,31 +321,33 @@ OM_uint32 _gsskrb5_acquire_cred
 
     if (desired_name != GSS_C_NO_NAME) {
 	krb5_principal name = (krb5_principal)desired_name;
-	ret = krb5_copy_principal(_gsskrb5_context, name, &handle->principal);
+	ret = krb5_copy_principal(context, name, &handle->principal);
 	if (ret) {
 	    HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex);
-	    _gsskrb5_set_error_string();
 	    *minor_status = ret;
 	    free(handle);
 	    return GSS_S_FAILURE;
 	}
     }
     if (cred_usage == GSS_C_INITIATE || cred_usage == GSS_C_BOTH) {
-	ret = acquire_initiator_cred(minor_status, desired_name, time_req,
-				     desired_mechs, cred_usage, handle, actual_mechs, time_rec);
+	ret = acquire_initiator_cred(minor_status, context,
+				     desired_name, time_req,
+				     desired_mechs, cred_usage, handle,
+				     actual_mechs, time_rec);
     	if (ret != GSS_S_COMPLETE) {
 	    HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex);
-	    krb5_free_principal(_gsskrb5_context, handle->principal);
+	    krb5_free_principal(context, handle->principal);
 	    free(handle);
 	    return (ret);
 	}
     }
     if (cred_usage == GSS_C_ACCEPT || cred_usage == GSS_C_BOTH) {
-	ret = acquire_acceptor_cred(minor_status, desired_name, time_req,
+	ret = acquire_acceptor_cred(minor_status, context,
+				    desired_name, time_req,
 				    desired_mechs, cred_usage, handle, actual_mechs, time_rec);
 	if (ret != GSS_S_COMPLETE) {
 	    HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex);
-	    krb5_free_principal(_gsskrb5_context, handle->principal);
+	    krb5_free_principal(context, handle->principal);
 	    free(handle);
 	    return (ret);
 	}
@@ -360,15 +363,16 @@ OM_uint32 _gsskrb5_acquire_cred
 	if (handle->mechanisms != NULL)
 	    _gsskrb5_release_oid_set(NULL, &handle->mechanisms);
 	HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex);
-	krb5_free_principal(_gsskrb5_context, handle->principal);
+	krb5_free_principal(context, handle->principal);
 	free(handle);
 	return (ret);
     } 
     *minor_status = 0;
     if (time_rec) {
 	ret = _gsskrb5_lifetime_left(minor_status,
-				   handle->lifetime,
-				   time_rec);
+				     context,
+				     handle->lifetime,
+				     time_rec);
 
 	if (ret)
 	    return ret;
author	Andrew Bartlett <abartlet@samba.org>	2007-01-10 01:57:32 +0000
committer	Gerald (Jerry) Carter <jerry@samba.org>	2007-10-10 14:37:20 -0500
commit	f7242f643763ccb6e10801af4ce53d0873e2d3e1 (patch)
tree	cd06665f49d12795e23699e6666d85da1f64d7bd /source4/heimdal/lib/gssapi/krb5/acquire_cred.c
parent	08976cb3d2adfe5ea90ed53e6aa6fa8161649f7a (diff)
download	samba-f7242f643763ccb6e10801af4ce53d0873e2d3e1.tar.gz samba-f7242f643763ccb6e10801af4ce53d0873e2d3e1.tar.bz2 samba-f7242f643763ccb6e10801af4ce53d0873e2d3e1.zip