summaryrefslogtreecommitdiff
path: root/source4/heimdal/lib/krb5
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2006-11-09 00:33:43 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 14:25:24 -0500
commited77e4e57beee0c9c8b0c4c75626c41ebfc5b0c4 (patch)
tree5511351e20b0ac0c7489a2ac1f5f2b9973a6baec /source4/heimdal/lib/krb5
parenta779d288a84bc64393f64798006a06432f3a6197 (diff)
downloadsamba-ed77e4e57beee0c9c8b0c4c75626c41ebfc5b0c4.tar.gz
samba-ed77e4e57beee0c9c8b0c4c75626c41ebfc5b0c4.tar.bz2
samba-ed77e4e57beee0c9c8b0c4c75626c41ebfc5b0c4.zip
r19644: Merge up to current lorikeet-heimdal, incling adding
gsskrb5_set_default_realm(), which should fix mimir's issues. Andrew Bartlett (This used to be commit 8117e76d2adee163925a29df872015ff5021a1d3)
Diffstat (limited to 'source4/heimdal/lib/krb5')
-rw-r--r--source4/heimdal/lib/krb5/context.c6
-rw-r--r--source4/heimdal/lib/krb5/get_for_creds.c88
-rw-r--r--source4/heimdal/lib/krb5/mk_req.c2
-rw-r--r--source4/heimdal/lib/krb5/store_mem.c33
4 files changed, 81 insertions, 48 deletions
diff --git a/source4/heimdal/lib/krb5/context.c b/source4/heimdal/lib/krb5/context.c
index a25bb80786..f3b0fad347 100644
--- a/source4/heimdal/lib/krb5/context.c
+++ b/source4/heimdal/lib/krb5/context.c
@@ -34,7 +34,7 @@
#include "krb5_locl.h"
#include <com_err.h>
-RCSID("$Id: context.c,v 1.110 2006/11/04 03:27:47 lha Exp $");
+RCSID("$Id: context.c,v 1.111 2006/11/08 02:55:46 lha Exp $");
#define INIT_FIELD(C, T, E, D, F) \
(C)->E = krb5_config_get_ ## T ## _default ((C), NULL, (D), \
@@ -707,13 +707,13 @@ krb5_get_kdc_sec_offset (krb5_context context, int32_t *sec, int32_t *usec)
}
time_t KRB5_LIB_FUNCTION
-krb5_get_time_wrap (krb5_context context)
+krb5_get_max_time_skew (krb5_context context)
{
return context->max_skew;
}
void KRB5_LIB_FUNCTION
-krb5_set_time_wrap (krb5_context context, time_t t)
+krb5_set_max_time_skew (krb5_context context, time_t t)
{
context->max_skew = t;
}
diff --git a/source4/heimdal/lib/krb5/get_for_creds.c b/source4/heimdal/lib/krb5/get_for_creds.c
index 661d05663b..6eebf1fa80 100644
--- a/source4/heimdal/lib/krb5/get_for_creds.c
+++ b/source4/heimdal/lib/krb5/get_for_creds.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -162,8 +162,7 @@ krb5_get_forwarded_creds (krb5_context context,
{
krb5_error_code ret;
krb5_creds *out_creds;
- krb5_addresses *paddrs = NULL;
- krb5_addresses addrs;
+ krb5_addresses addrs, *paddrs;
KRB_CRED cred;
KrbCredInfo *krb_cred_info;
EncKrbCredPart enc_krb_cred_part;
@@ -172,53 +171,58 @@ krb5_get_forwarded_creds (krb5_context context,
size_t buf_size;
krb5_kdc_flags kdc_flags;
krb5_crypto crypto;
+ struct addrinfo *ai;
int save_errno;
krb5_creds *ticket;
char *realm;
- krb5_boolean noaddr_ever;
-
- addrs.len = 0;
- addrs.val = NULL;
realm = in_creds->client->realm;
- krb5_appdefault_boolean(context, NULL, realm, "no-addresses-ever",
- TRUE, &noaddr_ever);
- if (!noaddr_ever) {
- struct addrinfo *ai;
- paddrs = &addrs;
-
- /*
- * If tickets are address-less, forward address-less tickets.
- */
-
- ret = _krb5_get_krbtgt (context,
- ccache,
- realm,
- &ticket);
- if(ret == 0) {
- if (ticket->addresses.len == 0)
- paddrs = NULL;
- krb5_free_creds (context, ticket);
- }
-
- if (paddrs != NULL) {
-
- ret = getaddrinfo (hostname, NULL, NULL, &ai);
- if (ret) {
- save_errno = errno;
- krb5_set_error_string(context, "resolving %s: %s",
- hostname, gai_strerror(ret));
- return krb5_eai_to_heim_errno(ret, save_errno);
- }
-
- ret = add_addrs (context, &addrs, ai);
- freeaddrinfo (ai);
- if (ret)
- return ret;
- }
+ addrs.len = 0;
+ addrs.val = NULL;
+ paddrs = &addrs;
+
+ {
+ krb5_boolean noaddr;
+ krb5_appdefault_boolean(context, NULL, realm,
+ "no-addresses", KRB5_ADDRESSLESS_DEFAULT,
+ &noaddr);
+ if (noaddr)
+ paddrs = NULL;
}
+
+ /*
+ * If tickets are address-less, forward address-less tickets.
+ */
+
+ if (paddrs) {
+ ret = _krb5_get_krbtgt (context,
+ ccache,
+ realm,
+ &ticket);
+ if(ret == 0) {
+ if (ticket->addresses.len == 0)
+ paddrs = NULL;
+ krb5_free_creds (context, ticket);
+ }
+ }
+
+ if (paddrs != NULL) {
+ ret = getaddrinfo (hostname, NULL, NULL, &ai);
+ if (ret) {
+ save_errno = errno;
+ krb5_set_error_string(context, "resolving %s: %s",
+ hostname, gai_strerror(ret));
+ return krb5_eai_to_heim_errno(ret, save_errno);
+ }
+
+ ret = add_addrs (context, &addrs, ai);
+ freeaddrinfo (ai);
+ if (ret)
+ return ret;
+ }
+
kdc_flags.b = int2KDCOptions(flags);
ret = krb5_get_kdc_cred (context,
diff --git a/source4/heimdal/lib/krb5/mk_req.c b/source4/heimdal/lib/krb5/mk_req.c
index 44e5d9c222..adc077e13f 100644
--- a/source4/heimdal/lib/krb5/mk_req.c
+++ b/source4/heimdal/lib/krb5/mk_req.c
@@ -64,9 +64,7 @@ krb5_mk_req_exact(krb5_context context,
if (auth_context && *auth_context && (*auth_context)->keytype)
this_cred.session.keytype = (*auth_context)->keytype;
- /* This is the network contact with the KDC */
ret = krb5_get_credentials (context, 0, ccache, &this_cred, &cred);
-
krb5_free_cred_contents(context, &this_cred);
if (ret)
return ret;
diff --git a/source4/heimdal/lib/krb5/store_mem.c b/source4/heimdal/lib/krb5/store_mem.c
index decf74adce..d2b6d18252 100644
--- a/source4/heimdal/lib/krb5/store_mem.c
+++ b/source4/heimdal/lib/krb5/store_mem.c
@@ -34,7 +34,7 @@
#include "krb5_locl.h"
#include "store-int.h"
-RCSID("$Id: store_mem.c,v 1.12 2004/05/25 21:44:17 lha Exp $");
+RCSID("$Id: store_mem.c,v 1.13 2006/11/07 23:02:53 lha Exp $");
typedef struct mem_storage{
unsigned char *base;
@@ -64,6 +64,12 @@ mem_store(krb5_storage *sp, const void *data, size_t size)
return size;
}
+static ssize_t
+mem_no_store(krb5_storage *sp, const void *data, size_t size)
+{
+ return -1;
+}
+
static off_t
mem_seek(krb5_storage *sp, off_t offset, int whence)
{
@@ -117,3 +123,28 @@ krb5_storage_from_data(krb5_data *data)
{
return krb5_storage_from_mem(data->data, data->length);
}
+
+krb5_storage * KRB5_LIB_FUNCTION
+krb5_storage_from_readonly_mem(const void *buf, size_t len)
+{
+ krb5_storage *sp = malloc(sizeof(krb5_storage));
+ mem_storage *s;
+ if(sp == NULL)
+ return NULL;
+ s = malloc(sizeof(*s));
+ if(s == NULL) {
+ free(sp);
+ return NULL;
+ }
+ sp->data = s;
+ sp->flags = 0;
+ sp->eof_code = HEIM_ERR_EOF;
+ s->base = rk_UNCONST(buf);
+ s->size = len;
+ s->ptr = rk_UNCONST(buf);
+ sp->fetch = mem_fetch;
+ sp->store = mem_no_store;
+ sp->seek = mem_seek;
+ sp->free = NULL;
+ return sp;
+}