summaryrefslogtreecommitdiff
path: root/source4/heimdal/lib/krb5
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2010-01-12 18:16:45 +1100
committerAndrew Bartlett <abartlet@samba.org>2010-03-27 11:51:27 +1100
commit89eaef025376339ef25d07cdc4748920fceaa968 (patch)
treef514f4632c9d54a372a7f1f0ca845a0c3a488fbf /source4/heimdal/lib/krb5
parentfac8ca52ade6e490eea3cf3d0fc98287da321c13 (diff)
downloadsamba-89eaef025376339ef25d07cdc4748920fceaa968.tar.gz
samba-89eaef025376339ef25d07cdc4748920fceaa968.tar.bz2
samba-89eaef025376339ef25d07cdc4748920fceaa968.zip
s4:heimdal: import lorikeet-heimdal-201001120029 (commit a5e675fed7c5db8a7370b77ed0bfa724196aa84d)
Diffstat (limited to 'source4/heimdal/lib/krb5')
-rw-r--r--source4/heimdal/lib/krb5/acache.c61
-rw-r--r--source4/heimdal/lib/krb5/add_et_list.c2
-rw-r--r--source4/heimdal/lib/krb5/addr_families.c50
-rw-r--r--source4/heimdal/lib/krb5/appdefault.c6
-rw-r--r--source4/heimdal/lib/krb5/asn1_glue.c4
-rw-r--r--source4/heimdal/lib/krb5/auth_context.c90
-rw-r--r--source4/heimdal/lib/krb5/build_ap_req.c4
-rw-r--r--source4/heimdal/lib/krb5/build_auth.c18
-rw-r--r--source4/heimdal/lib/krb5/cache.c228
-rw-r--r--source4/heimdal/lib/krb5/changepw.c18
-rw-r--r--source4/heimdal/lib/krb5/codec.c64
-rw-r--r--source4/heimdal/lib/krb5/config_file.c265
-rw-r--r--source4/heimdal/lib/krb5/constants.c11
-rw-r--r--source4/heimdal/lib/krb5/context.c131
-rw-r--r--source4/heimdal/lib/krb5/convert_creds.c11
-rw-r--r--source4/heimdal/lib/krb5/copy_host_realm.c2
-rw-r--r--source4/heimdal/lib/krb5/creds.c10
-rw-r--r--source4/heimdal/lib/krb5/crypto.c133
-rw-r--r--source4/heimdal/lib/krb5/data.c16
-rw-r--r--source4/heimdal/lib/krb5/eai_to_heim_errno.c8
-rw-r--r--source4/heimdal/lib/krb5/error_string.c25
-rw-r--r--source4/heimdal/lib/krb5/expand_hostname.c4
-rw-r--r--source4/heimdal/lib/krb5/fcache.c123
-rw-r--r--source4/heimdal/lib/krb5/free.c4
-rw-r--r--source4/heimdal/lib/krb5/free_host_realm.c2
-rw-r--r--source4/heimdal/lib/krb5/generate_seq_number.c4
-rw-r--r--source4/heimdal/lib/krb5/generate_subkey.c4
-rw-r--r--source4/heimdal/lib/krb5/get_addrs.c4
-rw-r--r--source4/heimdal/lib/krb5/get_cred.c48
-rw-r--r--source4/heimdal/lib/krb5/get_default_principal.c55
-rw-r--r--source4/heimdal/lib/krb5/get_default_realm.c4
-rw-r--r--source4/heimdal/lib/krb5/get_for_creds.c6
-rw-r--r--source4/heimdal/lib/krb5/get_host_realm.c4
-rw-r--r--source4/heimdal/lib/krb5/get_in_tkt.c10
-rw-r--r--source4/heimdal/lib/krb5/get_port.c4
-rw-r--r--source4/heimdal/lib/krb5/init_creds.c91
-rw-r--r--source4/heimdal/lib/krb5/init_creds_pw.c191
-rw-r--r--source4/heimdal/lib/krb5/kcm.c575
-rw-r--r--source4/heimdal/lib/krb5/keyblock.c12
-rw-r--r--source4/heimdal/lib/krb5/keytab.c40
-rw-r--r--source4/heimdal/lib/krb5/krb5-v4compat.h21
-rw-r--r--source4/heimdal/lib/krb5/krb5.h17
-rw-r--r--source4/heimdal/lib/krb5/krb5_locl.h25
-rw-r--r--source4/heimdal/lib/krb5/krbhst.c26
-rw-r--r--source4/heimdal/lib/krb5/log.c28
-rw-r--r--source4/heimdal/lib/krb5/mcache.c24
-rw-r--r--source4/heimdal/lib/krb5/misc.c2
-rw-r--r--source4/heimdal/lib/krb5/mit_glue.c56
-rw-r--r--source4/heimdal/lib/krb5/mk_error.c2
-rw-r--r--source4/heimdal/lib/krb5/mk_priv.c4
-rw-r--r--source4/heimdal/lib/krb5/mk_rep.c4
-rw-r--r--source4/heimdal/lib/krb5/mk_req.c6
-rw-r--r--source4/heimdal/lib/krb5/mk_req_ext.c4
-rw-r--r--source4/heimdal/lib/krb5/n-fold.c2
-rw-r--r--source4/heimdal/lib/krb5/padata.c2
-rw-r--r--source4/heimdal/lib/krb5/pkinit.c114
-rw-r--r--source4/heimdal/lib/krb5/plugin.c2
-rw-r--r--source4/heimdal/lib/krb5/principal.c57
-rw-r--r--source4/heimdal/lib/krb5/prog_setup.c6
-rw-r--r--source4/heimdal/lib/krb5/prompter_posix.c2
-rw-r--r--source4/heimdal/lib/krb5/rd_cred.c6
-rw-r--r--source4/heimdal/lib/krb5/rd_error.c8
-rw-r--r--source4/heimdal/lib/krb5/rd_priv.c4
-rw-r--r--source4/heimdal/lib/krb5/rd_rep.c6
-rw-r--r--source4/heimdal/lib/krb5/rd_req.c39
-rw-r--r--source4/heimdal/lib/krb5/replay.c42
-rw-r--r--source4/heimdal/lib/krb5/send_to_kdc.c56
-rw-r--r--source4/heimdal/lib/krb5/set_default_realm.c2
-rw-r--r--source4/heimdal/lib/krb5/store.c103
-rw-r--r--source4/heimdal/lib/krb5/store_emem.c2
-rw-r--r--source4/heimdal/lib/krb5/store_fd.c20
-rw-r--r--source4/heimdal/lib/krb5/store_mem.c6
-rw-r--r--source4/heimdal/lib/krb5/ticket.c15
-rw-r--r--source4/heimdal/lib/krb5/time.c10
-rw-r--r--source4/heimdal/lib/krb5/transited.c8
-rw-r--r--source4/heimdal/lib/krb5/v4_glue.c28
-rw-r--r--source4/heimdal/lib/krb5/version.c2
-rw-r--r--source4/heimdal/lib/krb5/warn.c28
78 files changed, 2082 insertions, 1049 deletions
diff --git a/source4/heimdal/lib/krb5/acache.c b/source4/heimdal/lib/krb5/acache.c
index 0ecda99348..19a5997453 100644
--- a/source4/heimdal/lib/krb5/acache.c
+++ b/source4/heimdal/lib/krb5/acache.c
@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -37,8 +39,13 @@
#include <dlfcn.h>
#endif
+#ifndef KCM_IS_API_CACHE
+
static HEIMDAL_MUTEX acc_mutex = HEIMDAL_MUTEX_INITIALIZER;
static cc_initialize_func init_func;
+static void (*set_target_uid)(uid_t);
+static void (*clear_target)(void);
+
#ifdef HAVE_DLOPEN
static void *cc_handle;
#endif
@@ -82,18 +89,20 @@ translate_cc_error(krb5_context context, cc_int32 error)
static krb5_error_code
init_ccapi(krb5_context context)
{
- const char *lib;
+ const char *lib = NULL;
HEIMDAL_MUTEX_lock(&acc_mutex);
if (init_func) {
HEIMDAL_MUTEX_unlock(&acc_mutex);
- krb5_clear_error_message(context);
+ if (context)
+ krb5_clear_error_message(context);
return 0;
}
- lib = krb5_config_get_string(context, NULL,
- "libdefaults", "ccapi_library",
- NULL);
+ if (context)
+ lib = krb5_config_get_string(context, NULL,
+ "libdefaults", "ccapi_library",
+ NULL);
if (lib == NULL) {
#ifdef __APPLE__
lib = "/System/Library/Frameworks/Kerberos.framework/Kerberos";
@@ -107,22 +116,29 @@ init_ccapi(krb5_context context)
#ifndef RTLD_LAZY
#define RTLD_LAZY 0
#endif
+#ifndef RTLD_LOCAL
+#define RTLD_LOCAL 0
+#endif
- cc_handle = dlopen(lib, RTLD_LAZY);
+ cc_handle = dlopen(lib, RTLD_LAZY|RTLD_LOCAL);
if (cc_handle == NULL) {
HEIMDAL_MUTEX_unlock(&acc_mutex);
- krb5_set_error_message(context, KRB5_CC_NOSUPP,
- N_("Failed to load API cache module %s", "file"),
- lib);
+ if (context)
+ krb5_set_error_message(context, KRB5_CC_NOSUPP,
+ N_("Failed to load API cache module %s", "file"),
+ lib);
return KRB5_CC_NOSUPP;
}
init_func = (cc_initialize_func)dlsym(cc_handle, "cc_initialize");
+ set_target_uid = dlsym(cc_handle, "krb5_ipc_client_set_target_uid");
+ clear_target = dlsym(cc_handle, "krb5_ipc_client_clear_target");
HEIMDAL_MUTEX_unlock(&acc_mutex);
if (init_func == NULL) {
- krb5_set_error_message(context, KRB5_CC_NOSUPP,
- N_("Failed to find cc_initialize"
- "in %s: %s", "file, error"), lib, dlerror());
+ if (context)
+ krb5_set_error_message(context, KRB5_CC_NOSUPP,
+ N_("Failed to find cc_initialize"
+ "in %s: %s", "file, error"), lib, dlerror());
dlclose(cc_handle);
return KRB5_CC_NOSUPP;
}
@@ -130,12 +146,27 @@ init_ccapi(krb5_context context)
return 0;
#else
HEIMDAL_MUTEX_unlock(&acc_mutex);
- krb5_set_error_message(context, KRB5_CC_NOSUPP,
- N_("no support for shared object", ""));
+ if (context)
+ krb5_set_error_message(context, KRB5_CC_NOSUPP,
+ N_("no support for shared object", ""));
return KRB5_CC_NOSUPP;
#endif
}
+void
+_heim_krb5_ipc_client_set_target_uid(uid_t uid)
+{
+ init_ccapi(NULL);
+ (*set_target_uid)(uid);
+}
+
+void
+_heim_krb5_ipc_client_clear_target(void)
+{
+ init_ccapi(NULL);
+ (*clear_target)();
+}
+
static krb5_error_code
make_cred_from_ccred(krb5_context context,
const cc_credentials_v5_t *incred,
@@ -1068,3 +1099,5 @@ KRB5_LIB_VARIABLE const krb5_cc_ops krb5_acc_ops = {
acc_set_default,
acc_lastchange
};
+
+#endif
diff --git a/source4/heimdal/lib/krb5/add_et_list.c b/source4/heimdal/lib/krb5/add_et_list.c
index ccffd93b2c..082014e107 100644
--- a/source4/heimdal/lib/krb5/add_et_list.c
+++ b/source4/heimdal/lib/krb5/add_et_list.c
@@ -47,7 +47,7 @@
* @ingroup krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_add_et_list (krb5_context context,
void (*func)(struct et_list **))
{
diff --git a/source4/heimdal/lib/krb5/addr_families.c b/source4/heimdal/lib/krb5/addr_families.c
index f88fb2276a..cccf1cbc9a 100644
--- a/source4/heimdal/lib/krb5/addr_families.c
+++ b/source4/heimdal/lib/krb5/addr_families.c
@@ -175,16 +175,8 @@ ipv4_parse_addr (krb5_context context, const char *address, krb5_address *addr)
return -1;
} else
p = address;
-#ifdef HAVE_INET_ATON
if(inet_aton(p, &a) == 0)
return -1;
-#elif defined(HAVE_INET_ADDR)
- a.s_addr = inet_addr(p);
- if(a.s_addr == INADDR_NONE)
- return -1;
-#else
- return -1;
-#endif
addr->addr_type = KRB5_ADDRESS_INET;
if(krb5_data_alloc(&addr->address, 4) != 0)
return -1;
@@ -339,9 +331,7 @@ static int
ipv6_print_addr (const krb5_address *addr, char *str, size_t len)
{
char buf[128], buf2[3];
-#ifdef HAVE_INET_NTOP
if(inet_ntop(AF_INET6, addr->address.data, buf, sizeof(buf)) == NULL)
-#endif
{
/* XXX this is pretty ugly, but better than abort() */
int i;
@@ -790,7 +780,7 @@ find_atype(int atype)
* @ingroup krb5_address
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_sockaddr2address (krb5_context context,
const struct sockaddr *sa, krb5_address *addr)
{
@@ -818,7 +808,7 @@ krb5_sockaddr2address (krb5_context context,
* @ingroup krb5_address
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_sockaddr2port (krb5_context context,
const struct sockaddr *sa, int16_t *port)
{
@@ -853,7 +843,7 @@ krb5_sockaddr2port (krb5_context context,
* @ingroup krb5_address
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_addr2sockaddr (krb5_context context,
const krb5_address *addr,
struct sockaddr *sa,
@@ -889,7 +879,7 @@ krb5_addr2sockaddr (krb5_context context,
* @ingroup krb5_address
*/
-size_t KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION size_t KRB5_LIB_CALL
krb5_max_sockaddr_size (void)
{
if (max_sockaddr_size == 0) {
@@ -913,7 +903,7 @@ krb5_max_sockaddr_size (void)
* @ingroup krb5_address
*/
-krb5_boolean KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_sockaddr_uninteresting(const struct sockaddr *sa)
{
struct addr_operations *a = find_af(sa->sa_family);
@@ -941,7 +931,7 @@ krb5_sockaddr_uninteresting(const struct sockaddr *sa)
* @ingroup krb5_address
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_h_addr2sockaddr (krb5_context context,
int af,
const char *addr, struct sockaddr *sa,
@@ -972,7 +962,7 @@ krb5_h_addr2sockaddr (krb5_context context,
* @ingroup krb5_address
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_h_addr2addr (krb5_context context,
int af,
const char *haddr, krb5_address *addr)
@@ -1003,7 +993,7 @@ krb5_h_addr2addr (krb5_context context,
* @ingroup krb5_address
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_anyaddr (krb5_context context,
int af,
struct sockaddr *sa,
@@ -1038,7 +1028,7 @@ krb5_anyaddr (krb5_context context,
* @ingroup krb5_address
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_print_address (const krb5_address *addr,
char *str, size_t len, size_t *ret_len)
{
@@ -1088,7 +1078,7 @@ krb5_print_address (const krb5_address *addr,
* @ingroup krb5_address
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_parse_address(krb5_context context,
const char *string,
krb5_addresses *addresses)
@@ -1169,7 +1159,7 @@ krb5_parse_address(krb5_context context,
* @ingroup krb5_address
*/
-int KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION int KRB5_LIB_CALL
krb5_address_order(krb5_context context,
const krb5_address *addr1,
const krb5_address *addr2)
@@ -1218,7 +1208,7 @@ krb5_address_order(krb5_context context,
* @ingroup krb5_address
*/
-krb5_boolean KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_address_compare(krb5_context context,
const krb5_address *addr1,
const krb5_address *addr2)
@@ -1239,7 +1229,7 @@ krb5_address_compare(krb5_context context,
* @ingroup krb5_address
*/
-krb5_boolean KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_address_search(krb5_context context,
const krb5_address *addr,
const krb5_addresses *addrlist)
@@ -1264,7 +1254,7 @@ krb5_address_search(krb5_context context,
* @ingroup krb5_address
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_free_address(krb5_context context,
krb5_address *address)
{
@@ -1288,7 +1278,7 @@ krb5_free_address(krb5_context context,
* @ingroup krb5_address
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_free_addresses(krb5_context context,
krb5_addresses *addresses)
{
@@ -1314,7 +1304,7 @@ krb5_free_addresses(krb5_context context,
* @ingroup krb5_address
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_copy_address(krb5_context context,
const krb5_address *inaddr,
krb5_address *outaddr)
@@ -1338,7 +1328,7 @@ krb5_copy_address(krb5_context context,
* @ingroup krb5_address
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_copy_addresses(krb5_context context,
const krb5_addresses *inaddr,
krb5_addresses *outaddr)
@@ -1365,7 +1355,7 @@ krb5_copy_addresses(krb5_context context,
* @ingroup krb5_address
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_append_addresses(krb5_context context,
krb5_addresses *dest,
const krb5_addresses *source)
@@ -1409,7 +1399,7 @@ krb5_append_addresses(krb5_context context,
* @ingroup krb5_address
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_make_addrport (krb5_context context,
krb5_address **res, const krb5_address *addr, int16_t port)
{
@@ -1476,7 +1466,7 @@ krb5_make_addrport (krb5_context context,
* @ingroup krb5_address
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_address_prefixlen_boundary(krb5_context context,
const krb5_address *inaddr,
unsigned long prefixlen,
diff --git a/source4/heimdal/lib/krb5/appdefault.c b/source4/heimdal/lib/krb5/appdefault.c
index 383e82dad4..d4dc758faa 100644
--- a/source4/heimdal/lib/krb5/appdefault.c
+++ b/source4/heimdal/lib/krb5/appdefault.c
@@ -33,7 +33,7 @@
#include "krb5_locl.h"
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_appdefault_boolean(krb5_context context, const char *appname,
krb5_const_realm realm, const char *option,
krb5_boolean def_val, krb5_boolean *ret_val)
@@ -75,7 +75,7 @@ krb5_appdefault_boolean(krb5_context context, const char *appname,
*ret_val = def_val;
}
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_appdefault_string(krb5_context context, const char *appname,
krb5_const_realm realm, const char *option,
const char *def_val, char **ret_val)
@@ -119,7 +119,7 @@ krb5_appdefault_string(krb5_context context, const char *appname,
*ret_val = NULL;
}
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_appdefault_time(krb5_context context, const char *appname,
krb5_const_realm realm, const char *option,
time_t def_val, time_t *ret_val)
diff --git a/source4/heimdal/lib/krb5/asn1_glue.c b/source4/heimdal/lib/krb5/asn1_glue.c
index 59c0fbd64b..a821faff93 100644
--- a/source4/heimdal/lib/krb5/asn1_glue.c
+++ b/source4/heimdal/lib/krb5/asn1_glue.c
@@ -37,14 +37,14 @@
#include "krb5_locl.h"
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_principal2principalname (PrincipalName *p,
const krb5_principal from)
{
return copy_PrincipalName(&from->name, p);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_principalname2krb5_principal (krb5_context context,
krb5_principal *principal,
const PrincipalName from,
diff --git a/source4/heimdal/lib/krb5/auth_context.c b/source4/heimdal/lib/krb5/auth_context.c
index dfb9f6a0e3..ea59c73931 100644
--- a/source4/heimdal/lib/krb5/auth_context.c
+++ b/source4/heimdal/lib/krb5/auth_context.c
@@ -33,7 +33,7 @@
#include "krb5_locl.h"
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_init(krb5_context context,
krb5_auth_context *auth_context)
{
@@ -64,7 +64,7 @@ krb5_auth_con_init(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_free(krb5_context context,
krb5_auth_context auth_context)
{
@@ -86,7 +86,7 @@ krb5_auth_con_free(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_setflags(krb5_context context,
krb5_auth_context auth_context,
int32_t flags)
@@ -96,7 +96,7 @@ krb5_auth_con_setflags(krb5_context context,
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_getflags(krb5_context context,
krb5_auth_context auth_context,
int32_t *flags)
@@ -105,7 +105,7 @@ krb5_auth_con_getflags(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_addflags(krb5_context context,
krb5_auth_context auth_context,
int32_t addflags,
@@ -117,7 +117,7 @@ krb5_auth_con_addflags(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_removeflags(krb5_context context,
krb5_auth_context auth_context,
int32_t removeflags,
@@ -129,7 +129,7 @@ krb5_auth_con_removeflags(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_setaddrs(krb5_context context,
krb5_auth_context auth_context,
krb5_address *local_addr,
@@ -154,10 +154,10 @@ krb5_auth_con_setaddrs(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_genaddrs(krb5_context context,
krb5_auth_context auth_context,
- int fd, int flags)
+ krb5_socket_t fd, int flags)
{
krb5_error_code ret;
krb5_address local_k_address, remote_k_address;
@@ -170,10 +170,10 @@ krb5_auth_con_genaddrs(krb5_context context,
if(flags & KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR) {
if (auth_context->local_address == NULL) {
len = sizeof(ss_local);
- if(getsockname(fd, local, &len) < 0) {
+ if(rk_IS_SOCKET_ERROR(getsockname(fd, local, &len))) {
char buf[128];
- ret = errno;
- strerror_r(ret, buf, sizeof(buf));
+ ret = rk_SOCK_ERRNO;
+ rk_strerror_r(ret, buf, sizeof(buf));
krb5_set_error_message(context, ret, "getsockname: %s", buf);
goto out;
}
@@ -188,10 +188,10 @@ krb5_auth_con_genaddrs(krb5_context context,
}
if(flags & KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR) {
len = sizeof(ss_remote);
- if(getpeername(fd, remote, &len) < 0) {
+ if(rk_IS_SOCKET_ERROR(getpeername(fd, remote, &len))) {
char buf[128];
- ret = errno;
- strerror_r(ret, buf, sizeof(buf));
+ ret = rk_SOCK_ERRNO;
+ rk_strerror_r(ret, buf, sizeof(buf));
krb5_set_error_message(context, ret, "getpeername: %s", buf);
goto out;
}
@@ -216,12 +216,12 @@ krb5_auth_con_genaddrs(krb5_context context,
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_setaddrs_from_fd (krb5_context context,
krb5_auth_context auth_context,
void *p_fd)
{
- int fd = *(int*)p_fd;
+ krb5_socket_t fd = *(krb5_socket_t *)p_fd;
int flags = 0;
if(auth_context->local_address == NULL)
flags |= KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR;
@@ -230,7 +230,7 @@ krb5_auth_con_setaddrs_from_fd (krb5_context context,
return krb5_auth_con_genaddrs(context, auth_context, fd, flags);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_getaddrs(krb5_context context,
krb5_auth_context auth_context,
krb5_address **local_addr,
@@ -273,7 +273,7 @@ copy_key(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_getkey(krb5_context context,
krb5_auth_context auth_context,
krb5_keyblock **keyblock)
@@ -281,7 +281,7 @@ krb5_auth_con_getkey(krb5_context context,
return copy_key(context, auth_context->keyblock, keyblock);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_getlocalsubkey(krb5_context context,
krb5_auth_context auth_context,
krb5_keyblock **keyblock)
@@ -289,7 +289,7 @@ krb5_auth_con_getlocalsubkey(krb5_context context,
return copy_key(context, auth_context->local_subkey, keyblock);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_getremotesubkey(krb5_context context,
krb5_auth_context auth_context,
krb5_keyblock **keyblock)
@@ -297,7 +297,7 @@ krb5_auth_con_getremotesubkey(krb5_context context,
return copy_key(context, auth_context->remote_subkey, keyblock);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_setkey(krb5_context context,
krb5_auth_context auth_context,
krb5_keyblock *keyblock)
@@ -307,7 +307,7 @@ krb5_auth_con_setkey(krb5_context context,
return copy_key(context, keyblock, &auth_context->keyblock);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_setlocalsubkey(krb5_context context,
krb5_auth_context auth_context,
krb5_keyblock *keyblock)
@@ -317,7 +317,7 @@ krb5_auth_con_setlocalsubkey(krb5_context context,
return copy_key(context, keyblock, &auth_context->local_subkey);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_generatelocalsubkey(krb5_context context,
krb5_auth_context auth_context,
krb5_keyblock *key)
@@ -337,7 +337,7 @@ krb5_auth_con_generatelocalsubkey(krb5_context context,
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_setremotesubkey(krb5_context context,
krb5_auth_context auth_context,
krb5_keyblock *keyblock)
@@ -347,7 +347,7 @@ krb5_auth_con_setremotesubkey(krb5_context context,
return copy_key(context, keyblock, &auth_context->remote_subkey);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_setcksumtype(krb5_context context,
krb5_auth_context auth_context,
krb5_cksumtype cksumtype)
@@ -356,7 +356,7 @@ krb5_auth_con_setcksumtype(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_getcksumtype(krb5_context context,
krb5_auth_context auth_context,
krb5_cksumtype *cksumtype)
@@ -365,7 +365,7 @@ krb5_auth_con_getcksumtype(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_setkeytype (krb5_context context,
krb5_auth_context auth_context,
krb5_keytype keytype)
@@ -374,7 +374,7 @@ krb5_auth_con_setkeytype (krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_getkeytype (krb5_context context,
krb5_auth_context auth_context,
krb5_keytype *keytype)
@@ -384,7 +384,7 @@ krb5_auth_con_getkeytype (krb5_context context,
}
#if 0
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_setenctype(krb5_context context,
krb5_auth_context auth_context,
krb5_enctype etype)
@@ -398,7 +398,7 @@ krb5_auth_con_setenctype(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_getenctype(krb5_context context,
krb5_auth_context auth_context,
krb5_enctype *etype)
@@ -407,7 +407,7 @@ krb5_auth_con_getenctype(krb5_context context,
}
#endif
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_getlocalseqnumber(krb5_context context,
krb5_auth_context auth_context,
int32_t *seqnumber)
@@ -416,7 +416,7 @@ krb5_auth_con_getlocalseqnumber(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_setlocalseqnumber (krb5_context context,
krb5_auth_context auth_context,
int32_t seqnumber)
@@ -425,16 +425,16 @@ krb5_auth_con_setlocalseqnumber (krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_getremoteseqnumber(krb5_context context,
- krb5_auth_context auth_context,
- int32_t *seqnumber)
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
+krb5_auth_con_getremoteseqnumber(krb5_context context,
+ krb5_auth_context auth_context,
+ int32_t *seqnumber)
{
*seqnumber = auth_context->remote_seqnumber;
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_setremoteseqnumber (krb5_context context,
krb5_auth_context auth_context,
int32_t seqnumber)
@@ -444,7 +444,7 @@ krb5_auth_con_setremoteseqnumber (krb5_context context,
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_getauthenticator(krb5_context context,
krb5_auth_context auth_context,
krb5_authenticator *authenticator)
@@ -461,7 +461,7 @@ krb5_auth_con_getauthenticator(krb5_context context,
}
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_free_authenticator(krb5_context context,
krb5_authenticator *authenticator)
{
@@ -471,7 +471,7 @@ krb5_free_authenticator(krb5_context context,
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_setuserkey(krb5_context context,
krb5_auth_context auth_context,
krb5_keyblock *keyblock)
@@ -481,7 +481,7 @@ krb5_auth_con_setuserkey(krb5_context context,
return krb5_copy_keyblock(context, keyblock, &auth_context->keyblock);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_getrcache(krb5_context context,
krb5_auth_context auth_context,
krb5_rcache *rcache)
@@ -490,7 +490,7 @@ krb5_auth_con_getrcache(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_setrcache(krb5_context context,
krb5_auth_context auth_context,
krb5_rcache rcache)
@@ -501,7 +501,7 @@ krb5_auth_con_setrcache(krb5_context context,
#if 0 /* not implemented */
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_initivector(krb5_context context,
krb5_auth_context auth_context)
{
@@ -509,7 +509,7 @@ krb5_auth_con_initivector(krb5_context context,
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_setivector(krb5_context context,
krb5_auth_context auth_context,
krb5_pointer ivector)
diff --git a/source4/heimdal/lib/krb5/build_ap_req.c b/source4/heimdal/lib/krb5/build_ap_req.c
index 1550239faf..d56a0a194e 100644
--- a/source4/heimdal/lib/krb5/build_ap_req.c
+++ b/source4/heimdal/lib/krb5/build_ap_req.c
@@ -31,9 +31,9 @@
* SUCH DAMAGE.
*/
-#include <krb5_locl.h>
+#include "krb5_locl.h"
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_build_ap_req (krb5_context context,
krb5_enctype enctype,
krb5_creds *cred,
diff --git a/source4/heimdal/lib/krb5/build_auth.c b/source4/heimdal/lib/krb5/build_auth.c
index a845e0ac33..85d64525de 100644
--- a/source4/heimdal/lib/krb5/build_auth.c
+++ b/source4/heimdal/lib/krb5/build_auth.c
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
-#include <krb5_locl.h>
+#include "krb5_locl.h"
static krb5_error_code
make_etypelist(krb5_context context,
@@ -99,14 +99,14 @@ make_etypelist(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_build_authenticator(krb5_context context,
- krb5_auth_context auth_context,
- krb5_enctype enctype,
- krb5_creds *cred,
- Checksum *cksum,
- krb5_data *result,
- krb5_key_usage usage)
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
+_krb5_build_authenticator (krb5_context context,
+ krb5_auth_context auth_context,
+ krb5_enctype enctype,
+ krb5_creds *cred,
+ Checksum *cksum,
+ krb5_data *result,
+ krb5_key_usage usage)
{
Authenticator auth;
u_char *buf = NULL;
diff --git a/source4/heimdal/lib/krb5/cache.c b/source4/heimdal/lib/krb5/cache.c
index 3617a0eefd..ce8040d07c 100644
--- a/source4/heimdal/lib/krb5/cache.c
+++ b/source4/heimdal/lib/krb5/cache.c
@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -112,7 +114,7 @@ main (int argc, char **argv)
* @ingroup krb5_ccache
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_register(krb5_context context,
const krb5_cc_ops *ops,
krb5_boolean override)
@@ -184,13 +186,34 @@ allocate_ccache (krb5_context context,
krb5_ccache *id)
{
krb5_error_code ret;
+#ifdef KRB5_USE_PATH_TOKENS
+ char * exp_residual = NULL;
- ret = _krb5_cc_allocate(context, ops, id);
+ ret = _krb5_expand_path_tokens(context, residual, &exp_residual);
if (ret)
return ret;
+
+ residual = exp_residual;
+#endif
+
+ ret = _krb5_cc_allocate(context, ops, id);
+ if (ret) {
+#ifdef KRB5_USE_PATH_TOKENS
+ if (exp_residual)
+ free(exp_residual);
+#endif
+ return ret;
+ }
+
ret = (*id)->ops->resolve(context, id, residual);
if(ret)
free(*id);
+
+#ifdef KRB5_USE_PATH_TOKENS
+ if (exp_residual)
+ free(exp_residual);
+#endif
+
return ret;
}
@@ -209,7 +232,7 @@ allocate_ccache (krb5_context context,
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_resolve(krb5_context context,
const char *name,
krb5_ccache *id)
@@ -249,7 +272,7 @@ krb5_cc_resolve(krb5_context context,
* @ingroup krb5_ccache
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_new_unique(krb5_context context, const char *type,
const char *hint, krb5_ccache *id)
{
@@ -281,7 +304,7 @@ krb5_cc_new_unique(krb5_context context, const char *type,
*/
-const char* KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
krb5_cc_get_name(krb5_context context,
krb5_ccache id)
{
@@ -295,7 +318,7 @@ krb5_cc_get_name(krb5_context context,
*/
-const char* KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
krb5_cc_get_type(krb5_context context,
krb5_ccache id)
{
@@ -303,15 +326,19 @@ krb5_cc_get_type(krb5_context context,
}
/**
- * Return the complete resolvable name the ccache `id' in `str´.
- * `str` should be freed with free(3).
- * Returns 0 or an error (and then *str is set to NULL).
+ * Return the complete resolvable name the cache
+
+ * @param context a Keberos context
+ * @param id return pointer to a found credential cache
+ * @param str the returned name of a credential cache, free with krb5_xfree()
+ *
+ * @return Returns 0 or an error (and then *str is set to NULL).
*
* @ingroup krb5_ccache
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_get_full_name(krb5_context context,
krb5_ccache id,
char **str)
@@ -362,6 +389,7 @@ krb5_cc_get_ops(krb5_context context, krb5_ccache id)
krb5_error_code
_krb5_expand_default_cc_name(krb5_context context, const char *str, char **res)
{
+#ifndef KRB5_USE_PATH_TOKENS
size_t tlen, len = 0;
char *tmp, *tmp2, *append;
@@ -379,7 +407,8 @@ _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res)
} else if (tmp) {
tmp2 = strchr(tmp, '}');
if (tmp2 == NULL) {
- free(*res);
+ if (*res)
+ free(*res);
*res = NULL;
krb5_set_error_message(context, KRB5_CONFIG_BADFORMAT,
"variable missing }");
@@ -390,7 +419,8 @@ _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res)
else if (strncasecmp(tmp, "%{null}", 7) == 0)
append = strdup("");
else {
- free(*res);
+ if (*res)
+ free(*res);
*res = NULL;
krb5_set_error_message(context,
KRB5_CONFIG_BADFORMAT,
@@ -405,7 +435,8 @@ _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res)
str = NULL;
}
if (append == NULL) {
- free(*res);
+ if (*res)
+ free(*res);
*res = NULL;
krb5_set_error_message(context, ENOMEM,
N_("malloc: out of memory", ""));
@@ -416,7 +447,8 @@ _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res)
tmp = realloc(*res, len + tlen + 1);
if (tmp == NULL) {
free(append);
- free(*res);
+ if (*res)
+ free(*res);
*res = NULL;
krb5_set_error_message(context, ENOMEM,
N_("malloc: out of memory", ""));
@@ -428,6 +460,13 @@ _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res)
free(append);
}
return 0;
+#else /* _WIN32 */
+ /* On Windows, we use the more generic _krb5_expand_path_tokens()
+ function which also handles path tokens in addition to %{uid}
+ and %{null} */
+
+ return _krb5_expand_path_tokens(context, str, res);
+#endif
}
/*
@@ -444,6 +483,12 @@ environment_changed(krb5_context context)
if (context->default_cc_name_set)
return 0;
+ /* XXX performance: always ask KCM/API if default name has changed */
+ if (context->default_cc_name &&
+ (strncmp(context->default_cc_name, "KCM:", 4) == 0 ||
+ strncmp(context->default_cc_name, "API:", 4) == 0))
+ return 1;
+
if(issuid())
return 0;
@@ -472,7 +517,7 @@ environment_changed(krb5_context context)
* @ingroup krb5_ccache
*/
-krb5_error_code
+krb5_error_code KRB5_LIB_FUNCTION
krb5_cc_switch(krb5_context context, krb5_ccache id)
{
@@ -483,12 +528,29 @@ krb5_cc_switch(krb5_context context, krb5_ccache id)
}
/**
+ * Return true if the default credential cache support switch
+ *
+ * @ingroup krb5_ccache
+ */
+
+krb5_boolean KRB5_LIB_FUNCTION
+krb5_cc_support_switch(krb5_context context, const char *type)
+{
+ const krb5_cc_ops *ops;
+
+ ops = krb5_cc_get_prefix_ops(context, type);
+ if (ops && ops->set_default)
+ return 1;
+ return FALSE;
+}
+
+/**
* Set the default cc name for `context' to `name'.
*
* @ingroup krb5_ccache
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_set_default_name(krb5_context context, const char *name)
{
krb5_error_code ret = 0;
@@ -544,6 +606,20 @@ krb5_cc_set_default_name(krb5_context context, const char *name)
return ENOMEM;
}
+#ifdef KRB5_USE_PATH_TOKENS
+ {
+ char * exp_p = NULL;
+
+ if (_krb5_expand_path_tokens(context, p, &exp_p) == 0) {
+ free (p);
+ p = exp_p;
+ } else {
+ free (p);
+ return EINVAL;
+ }
+ }
+#endif
+
if (context->default_cc_name)
free(context->default_cc_name);
@@ -562,7 +638,7 @@ krb5_cc_set_default_name(krb5_context context, const char *name)
*/
-const char* KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
krb5_cc_default_name(krb5_context context)
{
if (context->default_cc_name == NULL || environment_changed(context))
@@ -580,7 +656,7 @@ krb5_cc_default_name(krb5_context context)
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_default(krb5_context context,
krb5_ccache *id)
{
@@ -602,7 +678,7 @@ krb5_cc_default(krb5_context context,
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_initialize(krb5_context context,
krb5_ccache id,
krb5_principal primary_principal)
@@ -620,7 +696,7 @@ krb5_cc_initialize(krb5_context context,
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_destroy(krb5_context context,
krb5_ccache id)
{
@@ -640,7 +716,7 @@ krb5_cc_destroy(krb5_context context,
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_close(krb5_context context,
krb5_ccache id)
{
@@ -659,7 +735,7 @@ krb5_cc_close(krb5_context context,
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_store_cred(krb5_context context,
krb5_ccache id,
krb5_creds *creds)
@@ -685,7 +761,7 @@ krb5_cc_store_cred(krb5_context context,
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_retrieve_cred(krb5_context context,
krb5_ccache id,
krb5_flags whichfields,
@@ -723,7 +799,7 @@ krb5_cc_retrieve_cred(krb5_context context,
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_get_principal(krb5_context context,
krb5_ccache id,
krb5_principal *principal)
@@ -741,7 +817,7 @@ krb5_cc_get_principal(krb5_context context,
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_start_seq_get (krb5_context context,
const krb5_ccache id,
krb5_cc_cursor *cursor)
@@ -759,7 +835,7 @@ krb5_cc_start_seq_get (krb5_context context,
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_next_cred (krb5_context context,
const krb5_ccache id,
krb5_cc_cursor *cursor,
@@ -775,7 +851,7 @@ krb5_cc_next_cred (krb5_context context,
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_end_seq_get (krb5_context context,
const krb5_ccache id,
krb5_cc_cursor *cursor)
@@ -790,7 +866,7 @@ krb5_cc_end_seq_get (krb5_context context,
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_remove_cred(krb5_context context,
krb5_ccache id,
krb5_flags which,
@@ -813,7 +889,7 @@ krb5_cc_remove_cred(krb5_context context,
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_set_flags(krb5_context context,
krb5_ccache id,
krb5_flags flags)
@@ -827,7 +903,7 @@ krb5_cc_set_flags(krb5_context context,
* @ingroup krb5_ccache
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_get_flags(krb5_context context,
krb5_ccache id,
krb5_flags *flags)
@@ -852,7 +928,7 @@ krb5_cc_get_flags(krb5_context context,
* @ingroup krb5_ccache
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_copy_match_f(krb5_context context,
const krb5_ccache from,
krb5_ccache to,
@@ -905,7 +981,7 @@ krb5_cc_copy_match_f(krb5_context context,
* @ingroup @krb5_ccache
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_copy_cache(krb5_context context,
const krb5_ccache from,
krb5_ccache to)
@@ -920,7 +996,7 @@ krb5_cc_copy_cache(krb5_context context,
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_get_version(krb5_context context,
const krb5_ccache id)
{
@@ -937,7 +1013,7 @@ krb5_cc_get_version(krb5_context context,
*/
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_cc_clear_mcred(krb5_creds *mcred)
{
memset(mcred, 0, sizeof(*mcred));
@@ -1005,7 +1081,7 @@ struct krb5_cc_cache_cursor_data {
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_cache_get_first (krb5_context context,
const char *type,
krb5_cc_cache_cursor *cursor)
@@ -1063,7 +1139,7 @@ krb5_cc_cache_get_first (krb5_context context,
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_cache_next (krb5_context context,
krb5_cc_cache_cursor cursor,
krb5_ccache *id)
@@ -1080,7 +1156,7 @@ krb5_cc_cache_next (krb5_context context,
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_cache_end_seq_get (krb5_context context,
krb5_cc_cache_cursor cursor)
{
@@ -1106,7 +1182,7 @@ krb5_cc_cache_end_seq_get (krb5_context context,
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_cache_match (krb5_context context,
krb5_principal client,
krb5_ccache *id)
@@ -1240,7 +1316,7 @@ build_conf_principals(krb5_context context, krb5_ccache id,
* @ingroup krb5_ccache
*/
-krb5_boolean KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_is_config_principal(krb5_context context,
krb5_const_principal principal)
{
@@ -1268,7 +1344,7 @@ krb5_is_config_principal(krb5_context context,
* @ingroup krb5_ccache
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_set_config(krb5_context context, krb5_ccache id,
krb5_const_principal principal,
const char *name, krb5_data *data)
@@ -1316,7 +1392,7 @@ out:
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_get_config(krb5_context context, krb5_ccache id,
krb5_const_principal principal,
const char *name, krb5_data *data)
@@ -1347,7 +1423,7 @@ out:
*
*/
-struct krb5_cccol_cursor {
+struct krb5_cccol_cursor_data {
int idx;
krb5_cc_cache_cursor cursor;
};
@@ -1364,7 +1440,7 @@ struct krb5_cccol_cursor {
* @ingroup krb5_ccache
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cccol_cursor_new(krb5_context context, krb5_cccol_cursor *cursor)
{
*cursor = calloc(1, sizeof(**cursor));
@@ -1396,7 +1472,7 @@ krb5_cccol_cursor_new(krb5_context context, krb5_cccol_cursor *cursor)
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cccol_cursor_next(krb5_context context, krb5_cccol_cursor cursor,
krb5_ccache *cache)
{
@@ -1447,7 +1523,7 @@ krb5_cccol_cursor_next(krb5_context context, krb5_cccol_cursor cursor,
* @ingroup krb5_ccache
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cccol_cursor_free(krb5_context context, krb5_cccol_cursor *cursor)
{
krb5_cccol_cursor c = *cursor;
@@ -1474,7 +1550,7 @@ krb5_cccol_cursor_free(krb5_context context, krb5_cccol_cursor *cursor)
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_last_change_time(krb5_context context,
krb5_ccache id,
krb5_timestamp *mtime)
@@ -1497,7 +1573,7 @@ krb5_cc_last_change_time(krb5_context context,
* @ingroup krb5_ccache
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cccol_last_change_time(krb5_context context,
const char *type,
krb5_timestamp *mtime)
@@ -1538,7 +1614,7 @@ krb5_cccol_last_change_time(krb5_context context,
* @ingroup krb5_ccache
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_get_friendly_name(krb5_context context,
krb5_ccache id,
char **name)
@@ -1575,7 +1651,7 @@ krb5_cc_get_friendly_name(krb5_context context,
* @ingroup krb5_ccache
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_set_friendly_name(krb5_context context,
krb5_ccache id,
const char *name)
@@ -1603,7 +1679,7 @@ krb5_cc_set_friendly_name(krb5_context context,
* @ingroup krb5_ccache
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_get_lifetime(krb5_context context, krb5_ccache id, time_t *t)
{
krb5_cc_cursor cursor;
@@ -1623,13 +1699,61 @@ krb5_cc_get_lifetime(krb5_context context, krb5_ccache id, time_t *t)
if (now < cred.times.endtime)
*t = cred.times.endtime - now;
krb5_free_cred_contents(context, &cred);
- goto out;
+ break;
}
krb5_free_cred_contents(context, &cred);
}
- out:
krb5_cc_end_seq_get(context, id, &cursor);
return ret;
}
+
+/**
+ * Set the time offset betwen the client and the KDC
+ *
+ * If the backend doesn't support KDC offset, use the context global setting.
+ *
+ * @param context A Kerberos 5 context.
+ * @param id a credential cache
+ * @param offset the offset in seconds
+ *
+ * @return Return an error code or 0, see krb5_get_error_message().
+ *
+ * @ingroup krb5_ccache
+ */
+
+krb5_error_code
+krb5_cc_set_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat offset)
+{
+ if (id->ops->set_kdc_offset == NULL) {
+ context->kdc_sec_offset = offset;
+ context->kdc_usec_offset = 0;
+ return 0;
+ }
+ return (*id->ops->set_kdc_offset)(context, id, offset);
+}
+
+/**
+ * Get the time offset betwen the client and the KDC
+ *
+ * If the backend doesn't support KDC offset, use the context global setting.
+ *
+ * @param context A Kerberos 5 context.
+ * @param id a credential cache
+ * @param offset the offset in seconds
+ *
+ * @return Return an error code or 0, see krb5_get_error_message().
+ *
+ * @ingroup krb5_ccache
+ */
+
+krb5_error_code
+krb5_cc_get_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat *offset)
+{
+ if (id->ops->get_kdc_offset == NULL) {
+ *offset = context->kdc_sec_offset;
+ return 0;
+ }
+ return (*id->ops->get_kdc_offset)(context, id, offset);
+}
diff --git a/source4/heimdal/lib/krb5/changepw.c b/source4/heimdal/lib/krb5/changepw.c
index 207b86b488..a962f06f5f 100644
--- a/source4/heimdal/lib/krb5/changepw.c
+++ b/source4/heimdal/lib/krb5/changepw.c
@@ -33,7 +33,7 @@
#define KRB5_DEPRECATED
-#include <krb5_locl.h>
+#include "krb5_locl.h"
#undef __attribute__
#define __attribute__(X)
@@ -602,7 +602,8 @@ change_password_loop (krb5_context context,
goto out;
}
}
-
+
+#ifndef NO_LIMIT_FD_SETSIZE
if (sock >= FD_SETSIZE) {
ret = ERANGE;
krb5_set_error_message(context, ret,
@@ -610,6 +611,7 @@ change_password_loop (krb5_context context,
close (sock);
goto out;
}
+#endif
FD_ZERO(&fdset);
FD_SET(sock, &fdset);
@@ -670,7 +672,7 @@ find_chpw_proto(const char *name)
}
/**
- * krb5_change_password() is deprecated, use krb5_set_password().
+ * Deprecated: krb5_change_password() is deprecated, use krb5_set_password().
*
* @param context a Keberos context
* @param creds
@@ -684,14 +686,14 @@ find_chpw_proto(const char *name)
* @ingroup @krb5_deprecated
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_DEPRECATED
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_change_password (krb5_context context,
krb5_creds *creds,
const char *newpw,
int *result_code,
krb5_data *result_code_string,
krb5_data *result_string)
- KRB5_DEPRECATED
{
struct kpwd_proc *p = find_chpw_proto("change password");
@@ -726,7 +728,7 @@ krb5_change_password (krb5_context context,
* @ingroup @krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_set_password(krb5_context context,
krb5_creds *creds,
const char *newpw,
@@ -769,7 +771,7 @@ krb5_set_password(krb5_context context,
*
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_set_password_using_ccache(krb5_context context,
krb5_ccache ccache,
const char *newpw,
@@ -834,7 +836,7 @@ krb5_set_password_using_ccache(krb5_context context,
*
*/
-const char* KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
krb5_passwd_result_to_string (krb5_context context,
int result)
{
diff --git a/source4/heimdal/lib/krb5/codec.c b/source4/heimdal/lib/krb5/codec.c
index ebda3e51f7..d73a719100 100644
--- a/source4/heimdal/lib/krb5/codec.c
+++ b/source4/heimdal/lib/krb5/codec.c
@@ -37,178 +37,178 @@
#ifndef HEIMDAL_SMALLER
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_DEPRECATED
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_decode_EncTicketPart (krb5_context context,
const void *data,
size_t length,
EncTicketPart *t,
size_t *len)
- KRB5_DEPRECATED
{
return decode_EncTicketPart(data, length, t, len);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_DEPRECATED
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_encode_EncTicketPart (krb5_context context,
void *data,
size_t length,
EncTicketPart *t,
size_t *len)
- KRB5_DEPRECATED
{
return encode_EncTicketPart(data, length, t, len);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_DEPRECATED
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_decode_EncASRepPart (krb5_context context,
const void *data,
size_t length,
EncASRepPart *t,
size_t *len)
- KRB5_DEPRECATED
{
return decode_EncASRepPart(data, length, t, len);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_DEPRECATED
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_encode_EncASRepPart (krb5_context context,
void *data,
size_t length,
EncASRepPart *t,
size_t *len)
- KRB5_DEPRECATED
{
return encode_EncASRepPart(data, length, t, len);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_DEPRECATED
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_decode_EncTGSRepPart (krb5_context context,
const void *data,
size_t length,
EncTGSRepPart *t,
size_t *len)
- KRB5_DEPRECATED
{
return decode_EncTGSRepPart(data, length, t, len);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_DEPRECATED
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_encode_EncTGSRepPart (krb5_context context,
void *data,
size_t length,
EncTGSRepPart *t,
size_t *len)
- KRB5_DEPRECATED
{
return encode_EncTGSRepPart(data, length, t, len);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_DEPRECATED
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_decode_EncAPRepPart (krb5_context context,
const void *data,
size_t length,
EncAPRepPart *t,
size_t *len)
- KRB5_DEPRECATED
{
return decode_EncAPRepPart(data, length, t, len);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_DEPRECATED
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_encode_EncAPRepPart (krb5_context context,
void *data,
size_t length,
EncAPRepPart *t,
size_t *len)
- KRB5_DEPRECATED
{
return encode_EncAPRepPart(data, length, t, len);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_DEPRECATED
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_decode_Authenticator (krb5_context context,
const void *data,
size_t length,
Authenticator *t,
size_t *len)
- KRB5_DEPRECATED
{
return decode_Authenticator(data, length, t, len);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_DEPRECATED
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_encode_Authenticator (krb5_context context,
void *data,
size_t length,
Authenticator *t,
size_t *len)
- KRB5_DEPRECATED
{
return encode_Authenticator(data, length, t, len);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_DEPRECATED
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_decode_EncKrbCredPart (krb5_context context,
const void *data,
size_t length,
EncKrbCredPart *t,
size_t *len)
- KRB5_DEPRECATED
{
return decode_EncKrbCredPart(data, length, t, len);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_DEPRECATED
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_encode_EncKrbCredPart (krb5_context context,
void *data,
size_t length,
EncKrbCredPart *t,
size_t *len)
- KRB5_DEPRECATED
{
return encode_EncKrbCredPart (data, length, t, len);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_DEPRECATED
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_decode_ETYPE_INFO (krb5_context context,
const void *data,
size_t length,
ETYPE_INFO *t,
size_t *len)
- KRB5_DEPRECATED
{
return decode_ETYPE_INFO(data, length, t, len);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_DEPRECATED
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_encode_ETYPE_INFO (krb5_context context,
void *data,
size_t length,
ETYPE_INFO *t,
size_t *len)
- KRB5_DEPRECATED
{
return encode_ETYPE_INFO (data, length, t, len);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_DEPRECATED
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_decode_ETYPE_INFO2 (krb5_context context,
const void *data,
size_t length,
ETYPE_INFO2 *t,
size_t *len)
- KRB5_DEPRECATED
{
return decode_ETYPE_INFO2(data, length, t, len);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_DEPRECATED
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_encode_ETYPE_INFO2 (krb5_context context,
void *data,
size_t length,
ETYPE_INFO2 *t,
size_t *len)
- KRB5_DEPRECATED
{
return encode_ETYPE_INFO2 (data, length, t, len);
}
diff --git a/source4/heimdal/lib/krb5/config_file.c b/source4/heimdal/lib/krb5/config_file.c
index 03c0e335d4..4eb4e12fad 100644
--- a/source4/heimdal/lib/krb5/config_file.c
+++ b/source4/heimdal/lib/krb5/config_file.c
@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -35,6 +37,10 @@
#include "krb5_locl.h"
+#ifdef __APPLE__
+#include <CoreFoundation/CoreFoundation.h>
+#endif
+
/* Gaah! I want a portable funopen */
struct fileptr {
const char *s;
@@ -233,6 +239,98 @@ parse_binding(struct fileptr *f, unsigned *lineno, char *p,
return ret;
}
+#ifdef __APPLE__
+static char *
+cfstring2cstring(CFStringRef string)
+{
+ CFIndex len;
+ char *str;
+
+ str = (char *) CFStringGetCStringPtr(string, kCFStringEncodingUTF8);
+ if (str)
+ return strdup(str);
+
+ len = CFStringGetLength(string);
+ len = 1 + CFStringGetMaximumSizeForEncoding(len, kCFStringEncodingUTF8);
+ str = malloc(len);
+ if (str == NULL)
+ return NULL;
+
+ if (!CFStringGetCString (string, str, len, kCFStringEncodingUTF8)) {
+ free (str);
+ return NULL;
+ }
+ return str;
+}
+
+static void
+convert_content(const void *key, const void *value, void *context)
+{
+ krb5_config_section *tmp, **parent = context;
+ char *k;
+
+ if (CFGetTypeID(key) != CFStringGetTypeID())
+ return;
+
+ k = cfstring2cstring(key);
+ if (k == NULL)
+ return;
+
+ if (CFGetTypeID(value) == CFStringGetTypeID()) {
+ tmp = get_entry(parent, k, krb5_config_string);
+ tmp->u.string = cfstring2cstring(value);
+ } else if (CFGetTypeID(value) == CFDictionaryGetTypeID()) {
+ tmp = get_entry(parent, k, krb5_config_list);
+ CFDictionaryApplyFunction(value, convert_content, &tmp->u.list);
+ } else {
+ /* log */
+ }
+ free(k);
+}
+
+static krb5_error_code
+parse_plist_config(krb5_context context, const char *path, krb5_config_section **parent)
+{
+ CFReadStreamRef s;
+ CFDictionaryRef d;
+ CFErrorRef e;
+ CFURLRef url;
+
+ url = CFURLCreateFromFileSystemRepresentation(kCFAllocatorDefault, (UInt8 *)path, strlen(path), FALSE);
+ if (url == NULL) {
+ krb5_clear_error_message(context);
+ return ENOMEM;
+ }
+
+ s = CFReadStreamCreateWithFile(kCFAllocatorDefault, url);
+ CFRelease(url);
+ if (s == NULL) {
+ krb5_clear_error_message(context);
+ return ENOMEM;
+ }
+
+ if (!CFReadStreamOpen(s)) {
+ CFRelease(s);
+ krb5_clear_error_message(context);
+ return ENOENT;
+ }
+
+ d = (CFDictionaryRef)CFPropertyListCreateWithStream (kCFAllocatorDefault, s, 0, kCFPropertyListImmutable, NULL, &e);
+ CFRelease(s);
+ if (d == NULL) {
+ krb5_clear_error_message(context);
+ return ENOENT;
+ }
+
+ CFDictionaryApplyFunction(d, convert_content, parent);
+ CFRelease(d);
+
+ return 0;
+}
+
+#endif
+
+
/*
* Parse the config file `fname', generating the structures into `res'
* returning error messages in `error_message'
@@ -280,6 +378,18 @@ krb5_config_parse_debug (struct fileptr *f,
return 0;
}
+static int
+is_plist_file(const char *fname)
+{
+ size_t len = strlen(fname);
+ char suffix[] = ".plist";
+ if (len < sizeof(suffix))
+ return 0;
+ if (strcasecmp(&fname[len - (sizeof(suffix) - 1)], suffix) != 0)
+ return 0;
+ return 1;
+}
+
/**
* Parse a configuration file and add the result into res. This
* interface can be used to parse several configuration files into one
@@ -293,7 +403,7 @@ krb5_config_parse_debug (struct fileptr *f,
* @ingroup krb5_support
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_config_parse_file_multi (krb5_context context,
const char *fname,
krb5_config_section **res)
@@ -309,9 +419,16 @@ krb5_config_parse_file_multi (krb5_context context,
* current users home directory. The behavior can be disabled and
* enabled by calling krb5_set_home_dir_access().
*/
- if (_krb5_homedir_access(context) && fname[0] == '~' && fname[1] == '/') {
+ if (fname[0] == '~' && fname[1] == '/') {
+#ifndef KRB5_USE_PATH_TOKENS
const char *home = NULL;
+ if (!_krb5_homedir_access(context)) {
+ krb5_set_error_message(context, EPERM,
+ "Access to home directory not allowed");
+ return EPERM;
+ }
+
if(!issuid())
home = getenv("HOME");
@@ -329,33 +446,73 @@ krb5_config_parse_file_multi (krb5_context context,
}
fname = newfname;
}
+#else /* KRB5_USE_PATH_TOKENS */
+ asprintf(&newfname, "%%{USERCONFIG}/%s", &fname[1]);
+ if (newfname == NULL) {
+ krb5_set_error_message(context, ENOMEM,
+ N_("malloc: out of memory", ""));
+ return ENOMEM;
+ }
+ fname = newfname;
+#endif
}
- f.f = fopen(fname, "r");
- f.s = NULL;
- if(f.f == NULL) {
- ret = errno;
- krb5_set_error_message (context, ret, "open %s: %s",
- fname, strerror(ret));
- if (newfname)
- free(newfname);
- return ret;
- }
+ if (is_plist_file(fname)) {
+#ifdef __APPLE__
+ ret = parse_plist_config(context, fname, res);
+ if (ret) {
+ krb5_set_error_message(context, ret,
+ "Failed to parse plist %s", fname);
+ if (newfname)
+ free(newfname);
+ return ret;
+ }
+#else
+ krb5_set_error_message(context, ENOENT,
+ "no support for plist configuration files");
+ return ENOENT;
+#endif
+ } else {
+#ifdef KRB5_USE_PATH_TOKENS
+ char * exp_fname = NULL;
- ret = krb5_config_parse_debug (&f, res, &lineno, &str);
- fclose(f.f);
- if (ret) {
- krb5_set_error_message (context, ret, "%s:%u: %s", fname, lineno, str);
+ ret = _krb5_expand_path_tokens(context, fname, &exp_fname);
+ if (ret) {
+ if (newfname)
+ free(newfname);
+ return ret;
+ }
+
if (newfname)
free(newfname);
- return ret;
+ fname = newfname = exp_fname;
+#endif
+
+ f.f = fopen(fname, "r");
+ f.s = NULL;
+ if(f.f == NULL) {
+ ret = errno;
+ krb5_set_error_message (context, ret, "open %s: %s",
+ fname, strerror(ret));
+ if (newfname)
+ free(newfname);
+ return ret;
+ }
+
+ ret = krb5_config_parse_debug (&f, res, &lineno, &str);
+ fclose(f.f);
+ if (ret) {
+ krb5_set_error_message (context, ret, "%s:%u: %s",
+ fname, lineno, str);
+ if (newfname)
+ free(newfname);
+ return ret;
+ }
}
- if (newfname)
- free(newfname);
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_config_parse_file (krb5_context context,
const char *fname,
krb5_config_section **res)
@@ -397,7 +554,7 @@ free_binding (krb5_context context, krb5_config_binding *b)
* @ingroup krb5_support
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_config_file_free (krb5_context context, krb5_config_section *s)
{
free_binding (context, s);
@@ -406,7 +563,7 @@ krb5_config_file_free (krb5_context context, krb5_config_section *s)
#ifndef HEIMDAL_SMALLER
-krb5_error_code
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_config_copy(krb5_context context,
krb5_config_section *c,
krb5_config_section **head)
@@ -442,7 +599,7 @@ _krb5_config_copy(krb5_context context,
#endif /* HEIMDAL_SMALLER */
-const void *
+KRB5_LIB_FUNCTION const void * KRB5_LIB_CALL
_krb5_config_get_next (krb5_context context,
const krb5_config_section *c,
const krb5_config_binding **pointer,
@@ -481,7 +638,7 @@ vget_next(krb5_context context,
return NULL;
}
-const void *
+KRB5_LIB_FUNCTION const void * KRB5_LIB_CALL
_krb5_config_vget_next (krb5_context context,
const krb5_config_section *c,
const krb5_config_binding **pointer,
@@ -517,7 +674,7 @@ _krb5_config_vget_next (krb5_context context,
return NULL;
}
-const void *
+KRB5_LIB_FUNCTION const void * KRB5_LIB_CALL
_krb5_config_get (krb5_context context,
const krb5_config_section *c,
int type,
@@ -532,6 +689,7 @@ _krb5_config_get (krb5_context context,
return ret;
}
+
const void *
_krb5_config_vget (krb5_context context,
const krb5_config_section *c,
@@ -555,7 +713,7 @@ _krb5_config_vget (krb5_context context,
* @ingroup krb5_support
*/
-const krb5_config_binding *
+KRB5_LIB_FUNCTION const krb5_config_binding * KRB5_LIB_CALL
krb5_config_get_list (krb5_context context,
const krb5_config_section *c,
...)
@@ -581,7 +739,7 @@ krb5_config_get_list (krb5_context context,
* @ingroup krb5_support
*/
-const krb5_config_binding *
+KRB5_LIB_FUNCTION const krb5_config_binding * KRB5_LIB_CALL
krb5_config_vget_list (krb5_context context,
const krb5_config_section *c,
va_list args)
@@ -604,7 +762,7 @@ krb5_config_vget_list (krb5_context context,
* @ingroup krb5_support
*/
-const char* KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
krb5_config_get_string (krb5_context context,
const krb5_config_section *c,
...)
@@ -630,7 +788,7 @@ krb5_config_get_string (krb5_context context,
* @ingroup krb5_support
*/
-const char* KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
krb5_config_vget_string (krb5_context context,
const krb5_config_section *c,
va_list args)
@@ -653,7 +811,7 @@ krb5_config_vget_string (krb5_context context,
* @ingroup krb5_support
*/
-const char* KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
krb5_config_vget_string_default (krb5_context context,
const krb5_config_section *c,
const char *def_value,
@@ -682,7 +840,7 @@ krb5_config_vget_string_default (krb5_context context,
* @ingroup krb5_support
*/
-const char* KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
krb5_config_get_string_default (krb5_context context,
const krb5_config_section *c,
const char *def_value,
@@ -710,7 +868,7 @@ krb5_config_get_string_default (krb5_context context,
* @ingroup krb5_support
*/
-char ** KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION char ** KRB5_LIB_CALL
krb5_config_vget_strings(krb5_context context,
const krb5_config_section *c,
va_list args)
@@ -770,7 +928,7 @@ cleanup:
* @ingroup krb5_support
*/
-char**
+KRB5_LIB_FUNCTION char** KRB5_LIB_CALL
krb5_config_get_strings(krb5_context context,
const krb5_config_section *c,
...)
@@ -792,7 +950,7 @@ krb5_config_get_strings(krb5_context context,
* @ingroup krb5_support
*/
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_config_free_strings(char **strings)
{
char **s = strings;
@@ -821,7 +979,7 @@ krb5_config_free_strings(char **strings)
* @ingroup krb5_support
*/
-krb5_boolean KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_config_vget_bool_default (krb5_context context,
const krb5_config_section *c,
krb5_boolean def_value,
@@ -851,7 +1009,7 @@ krb5_config_vget_bool_default (krb5_context context,
* @ingroup krb5_support
*/
-krb5_boolean KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_config_vget_bool (krb5_context context,
const krb5_config_section *c,
va_list args)
@@ -875,7 +1033,7 @@ krb5_config_vget_bool (krb5_context context,
* @ingroup krb5_support
*/
-krb5_boolean KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_config_get_bool_default (krb5_context context,
const krb5_config_section *c,
krb5_boolean def_value,
@@ -905,7 +1063,7 @@ krb5_config_get_bool_default (krb5_context context,
* @ingroup krb5_support
*/
-krb5_boolean KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_config_get_bool (krb5_context context,
const krb5_config_section *c,
...)
@@ -935,7 +1093,7 @@ krb5_config_get_bool (krb5_context context,
* @ingroup krb5_support
*/
-int KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION int KRB5_LIB_CALL
krb5_config_vget_time_default (krb5_context context,
const krb5_config_section *c,
int def_value,
@@ -964,10 +1122,10 @@ krb5_config_vget_time_default (krb5_context context,
* @ingroup krb5_support
*/
-int KRB5_LIB_FUNCTION
-krb5_config_vget_time(krb5_context context,
- const krb5_config_section *c,
- va_list args)
+KRB5_LIB_FUNCTION int KRB5_LIB_CALL
+krb5_config_vget_time (krb5_context context,
+ const krb5_config_section *c,
+ va_list args)
{
return krb5_config_vget_time_default (context, c, -1, args);
}
@@ -986,7 +1144,7 @@ krb5_config_vget_time(krb5_context context,
* @ingroup krb5_support
*/
-int KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION int KRB5_LIB_CALL
krb5_config_get_time_default (krb5_context context,
const krb5_config_section *c,
int def_value,
@@ -1012,7 +1170,7 @@ krb5_config_get_time_default (krb5_context context,
* @ingroup krb5_support
*/
-int KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION int KRB5_LIB_CALL
krb5_config_get_time (krb5_context context,
const krb5_config_section *c,
...)
@@ -1026,7 +1184,7 @@ krb5_config_get_time (krb5_context context,
}
-int KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION int KRB5_LIB_CALL
krb5_config_vget_int_default (krb5_context context,
const krb5_config_section *c,
int def_value,
@@ -1047,7 +1205,7 @@ krb5_config_vget_int_default (krb5_context context,
}
}
-int KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION int KRB5_LIB_CALL
krb5_config_vget_int (krb5_context context,
const krb5_config_section *c,
va_list args)
@@ -1055,7 +1213,7 @@ krb5_config_vget_int (krb5_context context,
return krb5_config_vget_int_default (context, c, -1, args);
}
-int KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION int KRB5_LIB_CALL
krb5_config_get_int_default (krb5_context context,
const krb5_config_section *c,
int def_value,
@@ -1069,7 +1227,7 @@ krb5_config_get_int_default (krb5_context context,
return ret;
}
-int KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION int KRB5_LIB_CALL
krb5_config_get_int (krb5_context context,
const krb5_config_section *c,
...)
@@ -1085,10 +1243,17 @@ krb5_config_get_int (krb5_context context,
#ifndef HEIMDAL_SMALLER
+/**
+ * Deprecated: configuration files are not strings
+ *
+ * @ingroup krb5_deprecated
+ */
+
+KRB5_DEPRECATED
krb5_error_code KRB5_LIB_FUNCTION
krb5_config_parse_string_multi(krb5_context context,
const char *string,
- krb5_config_section **res) KRB5_DEPRECATED
+ krb5_config_section **res)
{
const char *str;
unsigned lineno = 0;
diff --git a/source4/heimdal/lib/krb5/constants.c b/source4/heimdal/lib/krb5/constants.c
index a3b3d09f41..b85f0cf607 100644
--- a/source4/heimdal/lib/krb5/constants.c
+++ b/source4/heimdal/lib/krb5/constants.c
@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -35,10 +37,17 @@
KRB5_LIB_VARIABLE const char *krb5_config_file =
#ifdef __APPLE__
+"~/Library/Preferences/com.apple.Kerberos.plist:"
+"/Library/Preferences/com.apple.Kerberos.plist:"
"~/Library/Preferences/edu.mit.Kerberos:"
"/Library/Preferences/edu.mit.Kerberos:"
+#endif /* __APPLE__ */
+SYSCONFDIR "/krb5.conf"
+#ifndef _WIN32
+":/etc/krb5.conf"
#endif
-SYSCONFDIR "/krb5.conf:/etc/krb5.conf";
+;
+
KRB5_LIB_VARIABLE const char *krb5_defkeyname = KEYTAB_DEFAULT;
KRB5_LIB_VARIABLE const char *krb5_cc_type_api = "API";
diff --git a/source4/heimdal/lib/krb5/context.c b/source4/heimdal/lib/krb5/context.c
index 12fc676010..dff7a700c4 100644
--- a/source4/heimdal/lib/krb5/context.c
+++ b/source4/heimdal/lib/krb5/context.c
@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -223,17 +225,50 @@ cc_ops_register(krb5_context context)
context->cc_ops = NULL;
context->num_cc_ops = 0;
+#ifndef KCM_IS_API_CACHE
krb5_cc_register(context, &krb5_acc_ops, TRUE);
+#endif
krb5_cc_register(context, &krb5_fcc_ops, TRUE);
krb5_cc_register(context, &krb5_mcc_ops, TRUE);
+#ifdef HAVE_SCC
krb5_cc_register(context, &krb5_scc_ops, TRUE);
+#endif
#ifdef HAVE_KCM
+#ifdef KCM_IS_API_CACHE
+ krb5_cc_register(context, &krb5_akcm_ops, TRUE);
+#endif
krb5_cc_register(context, &krb5_kcm_ops, TRUE);
#endif
return 0;
}
static krb5_error_code
+cc_ops_copy(krb5_context context, const krb5_context src_context)
+{
+ const krb5_cc_ops **cc_ops;
+
+ context->cc_ops = NULL;
+ context->num_cc_ops = 0;
+
+ if (src_context->num_cc_ops == 0)
+ return 0;
+
+ cc_ops = malloc(sizeof(cc_ops[0]) * src_context->num_cc_ops);
+ if (cc_ops == NULL) {
+ krb5_set_error_message(context, KRB5_CC_NOMEM,
+ N_("malloc: out of memory", ""));
+ return KRB5_CC_NOMEM;
+ }
+
+ memcpy(cc_ops, src_context->cc_ops,
+ sizeof(cc_ops[0]) * src_context->num_cc_ops);
+ context->cc_ops = cc_ops;
+ context->num_cc_ops = src_context->num_cc_ops;
+
+ return 0;
+}
+
+static krb5_error_code
kt_ops_register(krb5_context context)
{
context->num_kt_types = 0;
@@ -250,6 +285,28 @@ kt_ops_register(krb5_context context)
return 0;
}
+static krb5_error_code
+kt_ops_copy(krb5_context context, const krb5_context src_context)
+{
+ context->num_kt_types = 0;
+ context->kt_types = NULL;
+
+ if (src_context->num_kt_types == 0)
+ return 0;
+
+ context->kt_types = malloc(sizeof(context->kt_types[0]) * src_context->num_kt_types);
+ if (context->kt_types == NULL) {
+ krb5_set_error_message(context, ENOMEM,
+ N_("malloc: out of memory", ""));
+ return ENOMEM;
+ }
+
+ context->num_kt_types = src_context->num_kt_types;
+ memcpy(context->kt_types, src_context->kt_types,
+ sizeof(context->kt_types[0]) * src_context->num_kt_types);
+
+ return 0;
+}
/**
* Initializes the context structure and reads the configuration file
@@ -266,7 +323,7 @@ kt_ops_register(krb5_context context)
* @ingroup krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_init_context(krb5_context *context)
{
krb5_context p;
@@ -309,6 +366,8 @@ krb5_init_context(krb5_context *context)
if (ret)
goto out;
#endif
+ if (rk_SOCK_INIT())
+ p->flags |= KRB5_CTX_F_SOCKETS_INITIALIZED;
out:
if(ret) {
@@ -359,7 +418,7 @@ copy_etypes (krb5_context context,
* @ingroup krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_copy_context(krb5_context context, krb5_context *out)
{
krb5_error_code ret;
@@ -411,8 +470,9 @@ krb5_copy_context(krb5_context context, krb5_context *out)
/* XXX should copy */
krb5_init_ets(p);
- cc_ops_register(p);
- kt_ops_register(p);
+
+ cc_ops_copy(p, context);
+ kt_ops_copy(p, context);
#if 0 /* XXX */
if(context->warn_dest != NULL)
@@ -451,7 +511,7 @@ krb5_copy_context(krb5_context context, krb5_context *out)
* @ingroup krb5
*/
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_free_context(krb5_context context)
{
if (context->default_cc_name)
@@ -480,6 +540,9 @@ krb5_free_context(krb5_context context)
HEIMDAL_MUTEX_destroy(context->mutex);
free(context->mutex);
+ if (context->flags & KRB5_CTX_F_SOCKETS_INITIALIZED) {
+ rk_SOCK_EXIT();
+ }
memset(context, 0, sizeof(*context));
free(context);
@@ -497,14 +560,14 @@ krb5_free_context(krb5_context context)
* @ingroup krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_set_config_files(krb5_context context, char **filenames)
{
krb5_error_code ret;
krb5_config_binding *tmp = NULL;
while(filenames != NULL && *filenames != NULL && **filenames != '\0') {
ret = krb5_config_parse_file_multi(context, *filenames, &tmp);
- if(ret != 0 && ret != ENOENT && ret != EACCES) {
+ if(ret != 0 && ret != ENOENT && ret != EACCES && ret != EPERM) {
krb5_config_file_free(context, tmp);
return ret;
}
@@ -552,7 +615,7 @@ add_file(char ***pfilenames, int *len, char *file)
* `pq' isn't free, it's up the the caller
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_prepend_config_files(const char *filelist, char **pq, char ***ret_pp)
{
krb5_error_code ret;
@@ -617,7 +680,7 @@ krb5_prepend_config_files(const char *filelist, char **pq, char ***ret_pp)
* @ingroup krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_prepend_config_files_default(const char *filelist, char ***pfilenames)
{
krb5_error_code ret;
@@ -647,7 +710,7 @@ krb5_prepend_config_files_default(const char *filelist, char ***pfilenames)
* @ingroup krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_default_config_files(char ***pfilenames)
{
const char *files = NULL;
@@ -674,7 +737,7 @@ krb5_get_default_config_files(char ***pfilenames)
* @ingroup krb5
*/
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_free_config_files(char **filenames)
{
char **p;
@@ -696,7 +759,7 @@ krb5_free_config_files(char **filenames)
* @ingroup krb5
*/
-const krb5_enctype * KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION const krb5_enctype * KRB5_LIB_CALL
krb5_kerberos_enctypes(krb5_context context)
{
static const krb5_enctype p[] = {
@@ -757,7 +820,7 @@ default_etypes(krb5_context context, krb5_enctype **etype)
* @ingroup krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_set_default_in_tkt_etypes(krb5_context context,
const krb5_enctype *etypes)
{
@@ -799,7 +862,7 @@ krb5_set_default_in_tkt_etypes(krb5_context context,
* @ingroup krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_default_in_tkt_etypes(krb5_context context,
krb5_enctype **etypes)
{
@@ -833,7 +896,7 @@ krb5_get_default_in_tkt_etypes(krb5_context context,
* @ingroup krb5
*/
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_init_ets(krb5_context context)
{
if(context->et_list == NULL){
@@ -868,7 +931,7 @@ krb5_init_ets(krb5_context context)
* @ingroup krb5
*/
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_set_use_admin_kdc (krb5_context context, krb5_boolean flag)
{
context->use_admin_kdc = flag;
@@ -884,7 +947,7 @@ krb5_set_use_admin_kdc (krb5_context context, krb5_boolean flag)
* @ingroup krb5
*/
-krb5_boolean KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_get_use_admin_kdc (krb5_context context)
{
return context->use_admin_kdc;
@@ -903,7 +966,7 @@ krb5_get_use_admin_kdc (krb5_context context)
* @ingroup krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_add_extra_addresses(krb5_context context, krb5_addresses *addresses)
{
@@ -927,7 +990,7 @@ krb5_add_extra_addresses(krb5_context context, krb5_addresses *addresses)
* @ingroup krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_set_extra_addresses(krb5_context context, const krb5_addresses *addresses)
{
if(context->extra_addresses)
@@ -963,7 +1026,7 @@ krb5_set_extra_addresses(krb5_context context, const krb5_addresses *addresses)
* @ingroup krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_extra_addresses(krb5_context context, krb5_addresses *addresses)
{
if(context->extra_addresses == NULL) {
@@ -986,7 +1049,7 @@ krb5_get_extra_addresses(krb5_context context, krb5_addresses *addresses)
* @ingroup krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_add_ignore_addresses(krb5_context context, krb5_addresses *addresses)
{
@@ -1010,7 +1073,7 @@ krb5_add_ignore_addresses(krb5_context context, krb5_addresses *addresses)
* @ingroup krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_set_ignore_addresses(krb5_context context, const krb5_addresses *addresses)
{
if(context->ignore_addresses)
@@ -1045,7 +1108,7 @@ krb5_set_ignore_addresses(krb5_context context, const krb5_addresses *addresses)
* @ingroup krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_ignore_addresses(krb5_context context, krb5_addresses *addresses)
{
if(context->ignore_addresses == NULL) {
@@ -1067,7 +1130,7 @@ krb5_get_ignore_addresses(krb5_context context, krb5_addresses *addresses)
* @ingroup krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_set_fcache_version(krb5_context context, int version)
{
context->fcache_vno = version;
@@ -1086,7 +1149,7 @@ krb5_set_fcache_version(krb5_context context, int version)
* @ingroup krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_fcache_version(krb5_context context, int *version)
{
*version = context->fcache_vno;
@@ -1102,7 +1165,7 @@ krb5_get_fcache_version(krb5_context context, int *version)
*/
-krb5_boolean KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_is_thread_safe(void)
{
#ifdef ENABLE_PTHREAD_SUPPORT
@@ -1121,7 +1184,7 @@ krb5_is_thread_safe(void)
* @ingroup krb5
*/
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_set_dns_canonicalize_hostname (krb5_context context, krb5_boolean flag)
{
if (flag)
@@ -1140,7 +1203,7 @@ krb5_set_dns_canonicalize_hostname (krb5_context context, krb5_boolean flag)
* @ingroup krb5
*/
-krb5_boolean KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_get_dns_canonicalize_hostname (krb5_context context)
{
return (context->flags & KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME) ? 1 : 0;
@@ -1158,7 +1221,7 @@ krb5_get_dns_canonicalize_hostname (krb5_context context)
* @ingroup krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_kdc_sec_offset (krb5_context context, int32_t *sec, int32_t *usec)
{
if (sec)
@@ -1180,7 +1243,7 @@ krb5_get_kdc_sec_offset (krb5_context context, int32_t *sec, int32_t *usec)
* @ingroup krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_set_kdc_sec_offset (krb5_context context, int32_t sec, int32_t usec)
{
context->kdc_sec_offset = sec;
@@ -1199,7 +1262,7 @@ krb5_set_kdc_sec_offset (krb5_context context, int32_t sec, int32_t usec)
* @ingroup krb5
*/
-time_t KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION time_t KRB5_LIB_CALL
krb5_get_max_time_skew (krb5_context context)
{
return context->max_skew;
@@ -1214,7 +1277,7 @@ krb5_get_max_time_skew (krb5_context context)
* @ingroup krb5
*/
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_set_max_time_skew (krb5_context context, time_t t)
{
context->max_skew = t;
@@ -1234,7 +1297,7 @@ krb5_set_max_time_skew (krb5_context context, time_t t)
* @ingroup krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_init_etype (krb5_context context,
unsigned *len,
krb5_enctype **val,
@@ -1282,9 +1345,11 @@ _krb5_homedir_access(krb5_context context)
{
krb5_boolean allow;
+#ifdef HAVE_GETEUID
/* is never allowed for root */
if (geteuid() == 0)
return FALSE;
+#endif
if (context && (context->flags & KRB5_CTX_F_HOMEDIR_ACCESS) == 0)
return FALSE;
diff --git a/source4/heimdal/lib/krb5/convert_creds.c b/source4/heimdal/lib/krb5/convert_creds.c
index 35454bf983..aff843e785 100644
--- a/source4/heimdal/lib/krb5/convert_creds.c
+++ b/source4/heimdal/lib/krb5/convert_creds.c
@@ -58,7 +58,7 @@ check_ticket_flags(TicketFlags f)
* @ingroup krb5_v4compat
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb524_convert_creds_kdc(krb5_context context,
krb5_creds *in_cred,
struct credentials *v4creds)
@@ -132,10 +132,9 @@ krb524_convert_creds_kdc(krb5_context context,
goto out;
memcpy(v4creds->session, v5_creds->session.keyvalue.data, 8);
} else {
- krb5_set_error_message (context, ret,
- N_("converting credentials: %s",
- "already localized"),
- krb5_get_err_text(context, ret));
+ krb5_prepend_error_message(context, ret,
+ N_("converting credentials",
+ "already localized"));
}
out:
krb5_storage_free(sp);
@@ -161,7 +160,7 @@ out2:
* @ingroup krb5_v4compat
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb524_convert_creds_kdc_ccache(krb5_context context,
krb5_ccache ccache,
krb5_creds *in_cred,
diff --git a/source4/heimdal/lib/krb5/copy_host_realm.c b/source4/heimdal/lib/krb5/copy_host_realm.c
index 7f19ddd3de..73bc117f12 100644
--- a/source4/heimdal/lib/krb5/copy_host_realm.c
+++ b/source4/heimdal/lib/krb5/copy_host_realm.c
@@ -46,7 +46,7 @@
* @ingroup krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_copy_host_realm(krb5_context context,
const krb5_realm *from,
krb5_realm **to)
diff --git a/source4/heimdal/lib/krb5/creds.c b/source4/heimdal/lib/krb5/creds.c
index 6cc2714172..fd277148d5 100644
--- a/source4/heimdal/lib/krb5/creds.c
+++ b/source4/heimdal/lib/krb5/creds.c
@@ -45,7 +45,7 @@
* @ingroup krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_free_cred_contents (krb5_context context, krb5_creds *c)
{
krb5_free_principal (context, c->client);
@@ -74,7 +74,7 @@ krb5_free_cred_contents (krb5_context context, krb5_creds *c)
* @ingroup krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_copy_creds_contents (krb5_context context,
const krb5_creds *incred,
krb5_creds *c)
@@ -131,7 +131,7 @@ fail:
* @ingroup krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_copy_creds (krb5_context context,
const krb5_creds *incred,
krb5_creds **outcred)
@@ -161,7 +161,7 @@ krb5_copy_creds (krb5_context context,
* @ingroup krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_free_creds (krb5_context context, krb5_creds *c)
{
krb5_free_cred_contents (context, c);
@@ -205,7 +205,7 @@ krb5_times_equal(const krb5_times *a, const krb5_times *b)
* @ingroup krb5
*/
-krb5_boolean KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_compare_creds(krb5_context context, krb5_flags whichfields,
const krb5_creds * mcreds, const krb5_creds * creds)
{
diff --git a/source4/heimdal/lib/krb5/crypto.c b/source4/heimdal/lib/krb5/crypto.c
index 745c856810..5906d43f5f 100644
--- a/source4/heimdal/lib/krb5/crypto.c
+++ b/source4/heimdal/lib/krb5/crypto.c
@@ -874,7 +874,7 @@ static struct key_type keytype_arcfour = {
EVP_rc4
};
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_salttype_to_string (krb5_context context,
krb5_enctype etype,
krb5_salttype stype,
@@ -906,7 +906,7 @@ krb5_salttype_to_string (krb5_context context,
return HEIM_ERR_SALTTYPE_NOSUPP;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_string_to_salttype (krb5_context context,
krb5_enctype etype,
const char *string,
@@ -933,7 +933,7 @@ krb5_string_to_salttype (krb5_context context,
return HEIM_ERR_SALTTYPE_NOSUPP;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_pw_salt(krb5_context context,
krb5_const_principal principal,
krb5_salt *salt)
@@ -962,7 +962,7 @@ krb5_get_pw_salt(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_free_salt(krb5_context context,
krb5_salt salt)
{
@@ -970,7 +970,7 @@ krb5_free_salt(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_string_to_key_data (krb5_context context,
krb5_enctype enctype,
krb5_data password,
@@ -988,7 +988,7 @@ krb5_string_to_key_data (krb5_context context,
return ret;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_string_to_key (krb5_context context,
krb5_enctype enctype,
const char *password,
@@ -1001,7 +1001,7 @@ krb5_string_to_key (krb5_context context,
return krb5_string_to_key_data(context, enctype, pw, principal, key);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_string_to_key_data_salt (krb5_context context,
krb5_enctype enctype,
krb5_data password,
@@ -1020,7 +1020,7 @@ krb5_string_to_key_data_salt (krb5_context context,
* `opaque'), returning the resulting key in `key'
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_string_to_key_data_salt_opaque (krb5_context context,
krb5_enctype enctype,
krb5_data password,
@@ -1052,7 +1052,7 @@ krb5_string_to_key_data_salt_opaque (krb5_context context,
* in `key'
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_string_to_key_salt (krb5_context context,
krb5_enctype enctype,
const char *password,
@@ -1065,7 +1065,7 @@ krb5_string_to_key_salt (krb5_context context,
return krb5_string_to_key_data_salt(context, enctype, pw, salt, key);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_string_to_key_salt_opaque (krb5_context context,
krb5_enctype enctype,
const char *password,
@@ -1080,7 +1080,7 @@ krb5_string_to_key_salt_opaque (krb5_context context,
pw, salt, opaque, key);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_enctype_keysize(krb5_context context,
krb5_enctype type,
size_t *keysize)
@@ -1096,7 +1096,7 @@ krb5_enctype_keysize(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_enctype_keybits(krb5_context context,
krb5_enctype type,
size_t *keybits)
@@ -1112,7 +1112,7 @@ krb5_enctype_keybits(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_generate_random_keyblock(krb5_context context,
krb5_enctype type,
krb5_keyblock *key)
@@ -1439,7 +1439,7 @@ hmac(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_hmac(krb5_context context,
krb5_cksumtype cktype,
const void *data,
@@ -1785,7 +1785,7 @@ arcfour_checksum_p(struct checksum_type *ct, krb5_crypto crypto)
(crypto->key.key->keytype == KEYTYPE_ARCFOUR);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_create_checksum(krb5_context context,
krb5_crypto crypto,
krb5_key_usage usage,
@@ -1897,7 +1897,7 @@ verify_checksum(krb5_context context,
return ret;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_verify_checksum(krb5_context context,
krb5_crypto crypto,
krb5_key_usage usage,
@@ -1926,7 +1926,7 @@ krb5_verify_checksum(krb5_context context,
data, len, cksum);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_crypto_get_checksum_type(krb5_context context,
krb5_crypto crypto,
krb5_cksumtype *type)
@@ -1951,7 +1951,7 @@ krb5_crypto_get_checksum_type(krb5_context context,
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_checksumsize(krb5_context context,
krb5_cksumtype type,
size_t *size)
@@ -1967,7 +1967,7 @@ krb5_checksumsize(krb5_context context,
return 0;
}
-krb5_boolean KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_checksum_is_keyed(krb5_context context,
krb5_cksumtype type)
{
@@ -1982,7 +1982,7 @@ krb5_checksum_is_keyed(krb5_context context,
return ct->flags & F_KEYED;
}
-krb5_boolean KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_checksum_is_collision_proof(krb5_context context,
krb5_cksumtype type)
{
@@ -1997,7 +1997,7 @@ krb5_checksum_is_collision_proof(krb5_context context,
return ct->flags & F_CPROOF;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_checksum_disable(krb5_context context,
krb5_cksumtype type)
{
@@ -2724,7 +2724,7 @@ _find_enctype(krb5_enctype type)
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_enctype_to_string(krb5_context context,
krb5_enctype etype,
char **string)
@@ -2746,7 +2746,7 @@ krb5_enctype_to_string(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_string_to_enctype(krb5_context context,
const char *string,
krb5_enctype *etype)
@@ -2763,7 +2763,7 @@ krb5_string_to_enctype(krb5_context context,
return KRB5_PROG_ETYPE_NOSUPP;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_enctype_to_keytype(krb5_context context,
krb5_enctype etype,
krb5_keytype *keytype)
@@ -2779,7 +2779,7 @@ krb5_enctype_to_keytype(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_enctype_valid(krb5_context context,
krb5_enctype etype)
{
@@ -2812,7 +2812,7 @@ krb5_enctype_valid(krb5_context context,
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cksumtype_to_enctype(krb5_context context,
krb5_cksumtype ctype,
krb5_enctype *etype)
@@ -2837,7 +2837,7 @@ krb5_cksumtype_to_enctype(krb5_context context,
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cksumtype_valid(krb5_context context,
krb5_cksumtype ctype)
{
@@ -3265,7 +3265,7 @@ find_iv(krb5_crypto_iov *data, int num_data, int type)
* 4. KRB5_CRYPTO_TYPE_TRAILER
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_encrypt_iov_ivec(krb5_context context,
krb5_crypto crypto,
unsigned usage,
@@ -3458,7 +3458,7 @@ krb5_encrypt_iov_ivec(krb5_context context,
* size as the input data or shorter.
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_decrypt_iov_ivec(krb5_context context,
krb5_crypto crypto,
unsigned usage,
@@ -3606,7 +3606,7 @@ krb5_decrypt_iov_ivec(krb5_context context,
* @ingroup krb5_crypto
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_create_checksum_iov(krb5_context context,
krb5_crypto crypto,
unsigned usage,
@@ -3689,7 +3689,7 @@ krb5_create_checksum_iov(krb5_context context,
* @ingroup krb5_crypto
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_verify_checksum_iov(krb5_context context,
krb5_crypto crypto,
unsigned usage,
@@ -3751,7 +3751,7 @@ krb5_verify_checksum_iov(krb5_context context,
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_crypto_length(krb5_context context,
krb5_crypto crypto,
int type,
@@ -3795,7 +3795,7 @@ krb5_crypto_length(krb5_context context,
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_crypto_length_iov(krb5_context context,
krb5_crypto crypto,
krb5_crypto_iov *data,
@@ -3815,7 +3815,7 @@ krb5_crypto_length_iov(krb5_context context,
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_encrypt_ivec(krb5_context context,
krb5_crypto crypto,
unsigned usage,
@@ -3834,7 +3834,7 @@ krb5_encrypt_ivec(krb5_context context,
return encrypt_internal(context, crypto, data, len, result, ivec);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_encrypt(krb5_context context,
krb5_crypto crypto,
unsigned usage,
@@ -3845,7 +3845,7 @@ krb5_encrypt(krb5_context context,
return krb5_encrypt_ivec(context, crypto, usage, data, len, result, NULL);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_encrypt_EncryptedData(krb5_context context,
krb5_crypto crypto,
unsigned usage,
@@ -3863,7 +3863,7 @@ krb5_encrypt_EncryptedData(krb5_context context,
return krb5_encrypt(context, crypto, usage, data, len, &result->cipher);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_decrypt_ivec(krb5_context context,
krb5_crypto crypto,
unsigned usage,
@@ -3882,7 +3882,7 @@ krb5_decrypt_ivec(krb5_context context,
return decrypt_internal(context, crypto, data, len, result, ivec);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_decrypt(krb5_context context,
krb5_crypto crypto,
unsigned usage,
@@ -3894,7 +3894,7 @@ krb5_decrypt(krb5_context context,
NULL);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_decrypt_EncryptedData(krb5_context context,
krb5_crypto crypto,
unsigned usage,
@@ -3936,6 +3936,7 @@ seed_something(void)
/* Calling RAND_status() will try to use /dev/urandom if it exists so
we do not have to deal with it. */
if (RAND_status() != 1) {
+#ifndef _WIN32
krb5_context context;
const char *p;
@@ -3947,6 +3948,10 @@ seed_something(void)
RAND_egd_bytes(p, ENTROPY_NEEDED);
krb5_free_context(context);
}
+#else
+ /* TODO: Once a Windows CryptoAPI RAND method is defined, we
+ can use that and failover to another method. */
+#endif
}
if (RAND_status() == 1) {
@@ -3959,7 +3964,7 @@ seed_something(void)
return -1;
}
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_generate_random_block(void *buf, size_t len)
{
static int rng_initialized = 0;
@@ -4083,7 +4088,7 @@ _new_derived_key(krb5_crypto crypto, unsigned usage)
return &d->key;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_derive_key(krb5_context context,
const krb5_keyblock *key,
krb5_enctype etype,
@@ -4162,7 +4167,7 @@ _get_derived_key(krb5_context context,
* @ingroup krb5_crypto
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_crypto_init(krb5_context context,
const krb5_keyblock *key,
krb5_enctype etype,
@@ -4244,7 +4249,7 @@ free_key_usage(krb5_context context, struct key_usage *ku,
* @ingroup krb5_crypto
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_crypto_destroy(krb5_context context,
krb5_crypto crypto)
{
@@ -4270,7 +4275,7 @@ krb5_crypto_destroy(krb5_context context,
* @ingroup krb5_crypto
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_crypto_getblocksize(krb5_context context,
krb5_crypto crypto,
size_t *blocksize)
@@ -4291,7 +4296,7 @@ krb5_crypto_getblocksize(krb5_context context,
* @ingroup krb5_crypto
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_crypto_getenctype(krb5_context context,
krb5_crypto crypto,
krb5_enctype *enctype)
@@ -4312,7 +4317,7 @@ krb5_crypto_getenctype(krb5_context context,
* @ingroup krb5_crypto
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_crypto_getpadsize(krb5_context context,
krb5_crypto crypto,
size_t *padsize)
@@ -4333,7 +4338,7 @@ krb5_crypto_getpadsize(krb5_context context,
* @ingroup krb5_crypto
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_crypto_getconfoundersize(krb5_context context,
krb5_crypto crypto,
size_t *confoundersize)
@@ -4354,7 +4359,7 @@ krb5_crypto_getconfoundersize(krb5_context context,
* @ingroup krb5_crypto
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_enctype_disable(krb5_context context,
krb5_enctype enctype)
{
@@ -4381,7 +4386,7 @@ krb5_enctype_disable(krb5_context context,
* @ingroup krb5_crypto
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_enctype_enable(krb5_context context,
krb5_enctype enctype)
{
@@ -4398,7 +4403,7 @@ krb5_enctype_enable(krb5_context context,
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_string_to_key_derived(krb5_context context,
const void *str,
size_t len,
@@ -4570,7 +4575,7 @@ krb5_crypto_overhead (krb5_context context, krb5_crypto crypto)
* @ingroup krb5_crypto
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_random_to_key(krb5_context context,
krb5_enctype type,
const void *data,
@@ -4862,7 +4867,7 @@ _krb5_pk_kdf(krb5_context context,
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_crypto_prf_length(krb5_context context,
krb5_enctype type,
size_t *length)
@@ -4880,7 +4885,7 @@ krb5_crypto_prf_length(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_crypto_prf(krb5_context context,
const krb5_crypto crypto,
const krb5_data *input,
@@ -4971,7 +4976,7 @@ krb5_crypto_prfplus(krb5_context context,
* @ingroup krb5_crypto
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_crypto_fx_cf2(krb5_context context,
const krb5_crypto crypto1,
const krb5_crypto crypto2,
@@ -5019,12 +5024,18 @@ krb5_crypto_fx_cf2(krb5_context context,
#ifndef HEIMDAL_SMALLER
-krb5_error_code KRB5_LIB_FUNCTION
+/**
+ * Deprecated: keytypes doesn't exists, they are really enctypes.
+ *
+ * @ingroup krb5_deprecated
+ */
+
+KRB5_DEPRECATED
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_keytype_to_enctypes (krb5_context context,
krb5_keytype keytype,
unsigned *len,
krb5_enctype **val)
- KRB5_DEPRECATED
{
int i;
unsigned n = 0;
@@ -5059,12 +5070,18 @@ krb5_keytype_to_enctypes (krb5_context context,
return 0;
}
+/**
+ * Deprecated: keytypes doesn't exists, they are really enctypes.
+ *
+ * @ingroup krb5_deprecated
+ */
+
/* if two enctypes have compatible keys */
-krb5_boolean KRB5_LIB_FUNCTION
+KRB5_DEPRECATED
+KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_enctypes_compatible_keys(krb5_context context,
krb5_enctype etype1,
krb5_enctype etype2)
- KRB5_DEPRECATED
{
struct encryption_type *e1 = _find_enctype(etype1);
struct encryption_type *e2 = _find_enctype(etype2);
diff --git a/source4/heimdal/lib/krb5/data.c b/source4/heimdal/lib/krb5/data.c
index 993d6058bf..838135ffad 100644
--- a/source4/heimdal/lib/krb5/data.c
+++ b/source4/heimdal/lib/krb5/data.c
@@ -41,7 +41,7 @@
* @ingroup krb5
*/
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_data_zero(krb5_data *p)
{
p->length = 0;
@@ -59,7 +59,7 @@ krb5_data_zero(krb5_data *p)
* @ingroup krb5
*/
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_data_free(krb5_data *p)
{
if(p->data != NULL)
@@ -76,7 +76,7 @@ krb5_data_free(krb5_data *p)
* @ingroup krb5
*/
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_free_data(krb5_context context,
krb5_data *p)
{
@@ -96,7 +96,7 @@ krb5_free_data(krb5_context context,
* @ingroup krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_data_alloc(krb5_data *p, int len)
{
p->data = malloc(len);
@@ -118,7 +118,7 @@ krb5_data_alloc(krb5_data *p, int len)
* @ingroup krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_data_realloc(krb5_data *p, int len)
{
void *tmp;
@@ -143,7 +143,7 @@ krb5_data_realloc(krb5_data *p, int len)
* @ingroup krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_data_copy(krb5_data *p, const void *data, size_t len)
{
if (len) {
@@ -169,7 +169,7 @@ krb5_data_copy(krb5_data *p, const void *data, size_t len)
* @ingroup krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_copy_data(krb5_context context,
const krb5_data *indata,
krb5_data **outdata)
@@ -200,7 +200,7 @@ krb5_copy_data(krb5_context context,
* @ingroup krb5
*/
-int KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION int KRB5_LIB_CALL
krb5_data_cmp(const krb5_data *data1, const krb5_data *data2)
{
if (data1->length != data2->length)
diff --git a/source4/heimdal/lib/krb5/eai_to_heim_errno.c b/source4/heimdal/lib/krb5/eai_to_heim_errno.c
index 499150f469..ef11e370f4 100644
--- a/source4/heimdal/lib/krb5/eai_to_heim_errno.c
+++ b/source4/heimdal/lib/krb5/eai_to_heim_errno.c
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
-#include <krb5_locl.h>
+#include "krb5_locl.h"
/**
* Convert the getaddrinfo() error code to a Kerberos et error code.
@@ -44,7 +44,7 @@
* @ingroup krb5_error
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_eai_to_heim_errno(int eai_errno, int system_error)
{
switch(eai_errno) {
@@ -74,8 +74,10 @@ krb5_eai_to_heim_errno(int eai_errno, int system_error)
return HEIM_EAI_SERVICE;
case EAI_SOCKTYPE:
return HEIM_EAI_SOCKTYPE;
+#ifdef EAI_SYSTEM
case EAI_SYSTEM:
return system_error;
+#endif
default:
return HEIM_EAI_UNKNOWN; /* XXX */
}
@@ -92,7 +94,7 @@ krb5_eai_to_heim_errno(int eai_errno, int system_error)
* @ingroup krb5_error
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_h_errno_to_heim_errno(int eai_errno)
{
switch(eai_errno) {
diff --git a/source4/heimdal/lib/krb5/error_string.c b/source4/heimdal/lib/krb5/error_string.c
index d2661dcaf5..adab6f5e84 100644
--- a/source4/heimdal/lib/krb5/error_string.c
+++ b/source4/heimdal/lib/krb5/error_string.c
@@ -44,7 +44,7 @@
* @ingroup krb5_error
*/
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_clear_error_message(krb5_context context)
{
HEIMDAL_MUTEX_lock(context->mutex);
@@ -67,7 +67,7 @@ krb5_clear_error_message(krb5_context context)
* @ingroup krb5_error
*/
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_set_error_message(krb5_context context, krb5_error_code ret,
const char *fmt, ...)
__attribute__ ((format (printf, 3, 4)))
@@ -91,7 +91,7 @@ krb5_set_error_message(krb5_context context, krb5_error_code ret,
*/
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_vset_error_message (krb5_context context, krb5_error_code ret,
const char *fmt, va_list args)
__attribute__ ((format (printf, 3, 0)))
@@ -124,7 +124,7 @@ krb5_prepend_error_message(krb5_context context, krb5_error_code ret,
va_list ap;
va_start(ap, fmt);
- krb5_vset_error_message (context, ret, fmt, ap);
+ krb5_vprepend_error_message(context, ret, fmt, ap);
va_end(ap);
}
@@ -140,8 +140,8 @@ krb5_prepend_error_message(krb5_context context, krb5_error_code ret,
*/
void KRB5_LIB_FUNCTION
-krb5_vprepend_error_message (krb5_context context, krb5_error_code ret,
- const char *fmt, va_list args)
+krb5_vprepend_error_message(krb5_context context, krb5_error_code ret,
+ const char *fmt, va_list args)
__attribute__ ((format (printf, 3, 0)))
{
char *str, *str2;
@@ -179,7 +179,7 @@ krb5_vprepend_error_message (krb5_context context, krb5_error_code ret,
* @ingroup krb5_error
*/
-char * KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION char * KRB5_LIB_CALL
krb5_get_error_string(krb5_context context)
{
char *ret = NULL;
@@ -191,7 +191,7 @@ krb5_get_error_string(krb5_context context)
return ret;
}
-krb5_boolean KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_have_error_string(krb5_context context)
{
char *str;
@@ -214,7 +214,7 @@ krb5_have_error_string(krb5_context context)
* @ingroup krb5_error
*/
-const char * KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL
krb5_get_error_message(krb5_context context, krb5_error_code code)
{
char *str;
@@ -258,7 +258,7 @@ krb5_get_error_message(krb5_context context, krb5_error_code code)
* @ingroup krb5_error
*/
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_free_error_message(krb5_context context, const char *msg)
{
free(rk_UNCONST(msg));
@@ -279,8 +279,9 @@ krb5_free_error_message(krb5_context context, const char *msg)
* @ingroup krb5
*/
-const char* KRB5_LIB_FUNCTION
-krb5_get_err_text(krb5_context context, krb5_error_code code) KRB5_DEPRECATED
+KRB5_DEPRECATED
+KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
+krb5_get_err_text(krb5_context context, krb5_error_code code)
{
const char *p = NULL;
if(context != NULL)
diff --git a/source4/heimdal/lib/krb5/expand_hostname.c b/source4/heimdal/lib/krb5/expand_hostname.c
index 67988d0d7b..7b638d5f01 100644
--- a/source4/heimdal/lib/krb5/expand_hostname.c
+++ b/source4/heimdal/lib/krb5/expand_hostname.c
@@ -63,7 +63,7 @@ copy_hostname(krb5_context context,
* @ingroup krb5_support
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_expand_hostname (krb5_context context,
const char *orig_hostname,
char **new_hostname)
@@ -140,7 +140,7 @@ vanilla_hostname (krb5_context context,
* @ingroup krb5_support
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_expand_hostname_realms (krb5_context context,
const char *orig_hostname,
char **new_hostname,
diff --git a/source4/heimdal/lib/krb5/fcache.c b/source4/heimdal/lib/krb5/fcache.c
index bec37b2913..67c4c74444 100644
--- a/source4/heimdal/lib/krb5/fcache.c
+++ b/source4/heimdal/lib/krb5/fcache.c
@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -97,7 +99,7 @@ _krb5_xlock(krb5_context context, int fd, krb5_boolean exclusive,
break;
default: {
char buf[128];
- strerror_r(ret, buf, sizeof(buf));
+ rk_strerror_r(ret, buf, sizeof(buf));
krb5_set_error_message(context, ret,
N_("error locking cache file %s: %s",
"file, error"), filename, buf);
@@ -131,7 +133,7 @@ _krb5_xunlock(krb5_context context, int fd)
break;
default: {
char buf[128];
- strerror_r(ret, buf, sizeof(buf));
+ rk_strerror_r(ret, buf, sizeof(buf));
krb5_set_error_message(context, ret,
N_("Failed to unlock file: %s", ""), buf);
break;
@@ -224,7 +226,11 @@ scrub_file (int fd)
return errno;
pos -= tmp;
}
+#ifdef _MSC_VER
+ _commit (fd);
+#else
fsync (fd);
+#endif
return 0;
}
@@ -318,6 +324,22 @@ fcc_gen_new(krb5_context context, krb5_ccache *id)
N_("malloc: out of memory", ""));
return KRB5_CC_NOMEM;
}
+#ifdef KRB5_USE_PATH_TOKENS
+ {
+ char * exp_file = NULL;
+ krb5_error_code ec;
+
+ ec = _krb5_expand_path_tokens(context, file, &exp_file);
+
+ if (ec == 0) {
+ free(file);
+ file = exp_file;
+ } else {
+ free(file);
+ return ec;
+ }
+ }
+#endif
fd = mkstemp(file);
if(fd < 0) {
int ret = errno;
@@ -374,18 +396,10 @@ fcc_open(krb5_context context,
fd = open(filename, flags, mode);
if(fd < 0) {
char buf[128];
- char *estr;
ret = errno;
- buf[0] = 0;
- estr = (char *)strerror_r(ret, buf, sizeof(buf));
- if (buf[0] != 0) {
- /* we've got the BSD/XSI strerror_r, and it use the
- * buffer. Otherwise we have the GNU strerror_r, and
- * it used a static string. Ain't standards great? */
- estr = buf;
- }
+ rk_strerror_r(ret, buf, sizeof(buf));
krb5_set_error_message(context, ret, N_("open(%s): %s", "file, error"),
- filename, estr);
+ filename, buf);
return ret;
}
rk_cloexec(fd);
@@ -447,7 +461,7 @@ fcc_initialize(krb5_context context,
if (ret == 0) {
char buf[128];
ret = errno;
- strerror_r(ret, buf, sizeof(buf));
+ rk_strerror_r(ret, buf, sizeof(buf));
krb5_set_error_message (context, ret, N_("close %s: %s", ""),
FILENAME(id), buf);
}
@@ -502,7 +516,7 @@ fcc_store_cred(krb5_context context,
if (close(fd) < 0) {
if (ret == 0) {
char buf[128];
- strerror_r(ret, buf, sizeof(buf));
+ rk_strerror_r(ret, buf, sizeof(buf));
ret = errno;
krb5_set_error_message (context, ret, N_("close %s: %s", ""),
FILENAME(id), buf);
@@ -515,13 +529,17 @@ static krb5_error_code
init_fcc (krb5_context context,
krb5_ccache id,
krb5_storage **ret_sp,
- int *ret_fd)
+ int *ret_fd,
+ krb5_deltat *kdc_offset)
{
int fd;
int8_t pvno, tag;
krb5_storage *sp;
krb5_error_code ret;
+ if (kdc_offset)
+ *kdc_offset = 0;
+
ret = fcc_open(context, id, &fd, O_RDONLY | O_BINARY | O_CLOEXEC, 0);
if(ret)
return ret;
@@ -597,8 +615,11 @@ init_fcc (krb5_context context,
goto out;
}
switch (dtag) {
- case FCC_TAG_DELTATIME :
- ret = krb5_ret_int32 (sp, &context->kdc_sec_offset);
+ case FCC_TAG_DELTATIME : {
+ int32_t offset;
+
+ ret = krb5_ret_int32 (sp, &offset);
+ ret |= krb5_ret_int32 (sp, &context->kdc_usec_offset);
if(ret) {
ret = KRB5_CC_FORMAT;
krb5_set_error_message(context, ret,
@@ -607,16 +628,11 @@ init_fcc (krb5_context context,
FILENAME(id));
goto out;
}
- ret = krb5_ret_int32 (sp, &context->kdc_usec_offset);
- if(ret) {
- ret = KRB5_CC_FORMAT;
- krb5_set_error_message(context, ret,
- N_("Error reading kdc_usec in "
- "cache file: %s", ""),
- FILENAME(id));
- goto out;
- }
+ context->kdc_sec_offset = offset;
+ if (kdc_offset)
+ *kdc_offset = offset;
break;
+ }
default :
for (i = 0; i < data_len; ++i) {
ret = krb5_ret_int8 (sp, &dummy);
@@ -668,7 +684,7 @@ fcc_get_principal(krb5_context context,
int fd;
krb5_storage *sp;
- ret = init_fcc (context, id, &sp, &fd);
+ ret = init_fcc (context, id, &sp, &fd, NULL);
if (ret)
return ret;
ret = krb5_ret_principal(sp, principal);
@@ -701,7 +717,7 @@ fcc_get_first (krb5_context context,
memset(*cursor, 0, sizeof(struct fcc_cursor));
ret = init_fcc (context, id, &FCC_CURSOR(*cursor)->sp,
- &FCC_CURSOR(*cursor)->fd);
+ &FCC_CURSOR(*cursor)->fd, NULL);
if (ret) {
free(*cursor);
*cursor = NULL;
@@ -871,7 +887,17 @@ fcc_get_cache_next(krb5_context context, krb5_cc_cursor cursor, krb5_ccache *id)
return ret;
fn = expandedfn;
}
+ /* check if file exists, don't return a non existant "next" */
+ if (strncasecmp(fn, "FILE:", 5) == 0) {
+ struct stat sb;
+ ret = stat(fn + 5, &sb);
+ if (ret) {
+ ret = KRB5_CC_END;
+ goto out;
+ }
+ }
ret = krb5_cc_resolve(context, fn, id);
+ out:
if (expandedfn)
free(expandedfn);
@@ -892,10 +918,19 @@ fcc_move(krb5_context context, krb5_ccache from, krb5_ccache to)
krb5_error_code ret = 0;
ret = rename(FILENAME(from), FILENAME(to));
+#ifdef RENAME_DOES_NOT_UNLINK
+ if (ret && (errno == EEXIST || errno == EACCES)) {
+ ret = unlink(FILENAME(to));
+ if (ret == 0) {
+ ret = rename(FILENAME(from), FILENAME(to));
+ }
+ }
+#endif
+
if (ret && errno != EXDEV) {
char buf[128];
ret = errno;
- strerror_r(ret, buf, sizeof(buf));
+ rk_strerror_r(ret, buf, sizeof(buf));
krb5_set_error_message(context, ret,
N_("Rename of file from %s "
"to %s failed: %s", ""),
@@ -955,14 +990,14 @@ fcc_move(krb5_context context, krb5_ccache from, krb5_ccache to)
{
krb5_storage *sp;
int fd;
- ret = init_fcc (context, to, &sp, &fd);
+ ret = init_fcc (context, to, &sp, &fd, NULL);
if (sp)
krb5_storage_free(sp);
fcc_unlock(context, fd);
close(fd);
}
- fcc_destroy(context, from);
+ fcc_close(context, from);
return ret;
}
@@ -996,6 +1031,28 @@ fcc_lastchange(krb5_context context, krb5_ccache id, krb5_timestamp *mtime)
return 0;
}
+static krb5_error_code
+fcc_set_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat kdc_offset)
+{
+ return 0;
+}
+
+static krb5_error_code
+fcc_get_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat *kdc_offset)
+{
+ krb5_error_code ret;
+ krb5_storage *sp;
+ int fd;
+ ret = init_fcc(context, id, &sp, &fd, kdc_offset);
+ if (sp)
+ krb5_storage_free(sp);
+ fcc_unlock(context, fd);
+ close(fd);
+
+ return ret;
+}
+
+
/**
* Variable containing the FILE based credential cache implemention.
*
@@ -1026,5 +1083,7 @@ KRB5_LIB_VARIABLE const krb5_cc_ops krb5_fcc_ops = {
fcc_move,
fcc_get_default_name,
NULL,
- fcc_lastchange
+ fcc_lastchange,
+ fcc_set_kdc_offset,
+ fcc_get_kdc_offset
};
diff --git a/source4/heimdal/lib/krb5/free.c b/source4/heimdal/lib/krb5/free.c
index 7f4374374b..5bb33b443c 100644
--- a/source4/heimdal/lib/krb5/free.c
+++ b/source4/heimdal/lib/krb5/free.c
@@ -33,7 +33,7 @@
#include "krb5_locl.h"
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_free_kdc_rep(krb5_context context, krb5_kdc_rep *rep)
{
free_KDC_REP(&rep->kdc_rep);
@@ -43,7 +43,7 @@ krb5_free_kdc_rep(krb5_context context, krb5_kdc_rep *rep)
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_xfree (void *ptr)
{
free (ptr);
diff --git a/source4/heimdal/lib/krb5/free_host_realm.c b/source4/heimdal/lib/krb5/free_host_realm.c
index f6e9f6e247..0932674e9b 100644
--- a/source4/heimdal/lib/krb5/free_host_realm.c
+++ b/source4/heimdal/lib/krb5/free_host_realm.c
@@ -44,7 +44,7 @@
* @ingroup krb5_support
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_free_host_realm(krb5_context context,
krb5_realm *realmlist)
{
diff --git a/source4/heimdal/lib/krb5/generate_seq_number.c b/source4/heimdal/lib/krb5/generate_seq_number.c
index b7bd8b99f8..575f842d8b 100644
--- a/source4/heimdal/lib/krb5/generate_seq_number.c
+++ b/source4/heimdal/lib/krb5/generate_seq_number.c
@@ -31,9 +31,9 @@
* SUCH DAMAGE.
*/
-#include <krb5_locl.h>
+#include "krb5_locl.h"
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_generate_seq_number(krb5_context context,
const krb5_keyblock *key,
uint32_t *seqno)
diff --git a/source4/heimdal/lib/krb5/generate_subkey.c b/source4/heimdal/lib/krb5/generate_subkey.c
index 003a66ac01..e09dc2a916 100644
--- a/source4/heimdal/lib/krb5/generate_subkey.c
+++ b/source4/heimdal/lib/krb5/generate_subkey.c
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
-#include <krb5_locl.h>
+#include "krb5_locl.h"
/**
* Generate subkey, from keyblock
@@ -46,7 +46,7 @@
* @ingroup krb5_crypto
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_generate_subkey_extended(krb5_context context,
const krb5_keyblock *key,
krb5_enctype etype,
diff --git a/source4/heimdal/lib/krb5/get_addrs.c b/source4/heimdal/lib/krb5/get_addrs.c
index 8f366fa148..829b2acc17 100644
--- a/source4/heimdal/lib/krb5/get_addrs.c
+++ b/source4/heimdal/lib/krb5/get_addrs.c
@@ -266,7 +266,7 @@ get_addrs_int (krb5_context context, krb5_addresses *res, int flags)
* Only include loopback address if there are no other.
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_all_client_addrs (krb5_context context, krb5_addresses *res)
{
int flags = LOOP_IF_NONE | EXTRA_ADDRESSES;
@@ -282,7 +282,7 @@ krb5_get_all_client_addrs (krb5_context context, krb5_addresses *res)
* If that fails, we return the address corresponding to `hostname'.
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_all_server_addrs (krb5_context context, krb5_addresses *res)
{
return get_addrs_int (context, res, LOOP | SCAN_INTERFACES);
diff --git a/source4/heimdal/lib/krb5/get_cred.c b/source4/heimdal/lib/krb5/get_cred.c
index e921cf0593..3d76391fa8 100644
--- a/source4/heimdal/lib/krb5/get_cred.c
+++ b/source4/heimdal/lib/krb5/get_cred.c
@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -31,7 +33,7 @@
* SUCH DAMAGE.
*/
-#include <krb5_locl.h>
+#include "krb5_locl.h"
#include <assert.h>
/*
@@ -606,7 +608,7 @@ get_cred_kdc_address(krb5_context context,
return ret;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_kdc_cred(krb5_context context,
krb5_ccache id,
krb5_kdc_flags flags,
@@ -1037,6 +1039,13 @@ _krb5_get_cred_kdc_any(krb5_context context,
krb5_creds ***ret_tgts)
{
krb5_error_code ret;
+ krb5_deltat offset;
+
+ ret = krb5_cc_get_kdc_offset(context, ccache, &offset);
+ if (ret) {
+ context->kdc_sec_offset = offset;
+ context->kdc_usec_offset = 0;
+ }
ret = get_cred_kdc_referral(context,
flags,
@@ -1059,7 +1068,7 @@ _krb5_get_cred_kdc_any(krb5_context context,
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_credentials_with_flags(krb5_context context,
krb5_flags options,
krb5_kdc_flags flags,
@@ -1145,7 +1154,7 @@ krb5_get_credentials_with_flags(krb5_context context,
return ret;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_credentials(krb5_context context,
krb5_flags options,
krb5_ccache ccache,
@@ -1166,7 +1175,7 @@ struct krb5_get_creds_opt_data {
};
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_creds_opt_alloc(krb5_context context, krb5_get_creds_opt *opt)
{
*opt = calloc(1, sizeof(**opt));
@@ -1178,7 +1187,7 @@ krb5_get_creds_opt_alloc(krb5_context context, krb5_get_creds_opt *opt)
return 0;
}
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_get_creds_opt_free(krb5_context context, krb5_get_creds_opt opt)
{
if (opt->self)
@@ -1191,7 +1200,7 @@ krb5_get_creds_opt_free(krb5_context context, krb5_get_creds_opt opt)
free(opt);
}
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_get_creds_opt_set_options(krb5_context context,
krb5_get_creds_opt opt,
krb5_flags options)
@@ -1199,7 +1208,7 @@ krb5_get_creds_opt_set_options(krb5_context context,
opt->options = options;
}
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_get_creds_opt_add_options(krb5_context context,
krb5_get_creds_opt opt,
krb5_flags options)
@@ -1207,7 +1216,7 @@ krb5_get_creds_opt_add_options(krb5_context context,
opt->options |= options;
}
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_get_creds_opt_set_enctype(krb5_context context,
krb5_get_creds_opt opt,
krb5_enctype enctype)
@@ -1215,7 +1224,7 @@ krb5_get_creds_opt_set_enctype(krb5_context context,
opt->enctype = enctype;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_creds_opt_set_impersonate(krb5_context context,
krb5_get_creds_opt opt,
krb5_const_principal self)
@@ -1225,7 +1234,7 @@ krb5_get_creds_opt_set_impersonate(krb5_context context,
return krb5_copy_principal(context, self, &opt->self);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_creds_opt_set_ticket(krb5_context context,
krb5_get_creds_opt opt,
const Ticket *ticket)
@@ -1258,7 +1267,7 @@ krb5_get_creds_opt_set_ticket(krb5_context context,
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_creds(krb5_context context,
krb5_get_creds_opt opt,
krb5_ccache ccache,
@@ -1325,14 +1334,14 @@ krb5_get_creds(krb5_context context,
if(options & KRB5_GC_EXPIRED_OK) {
*out_creds = res_creds;
krb5_free_principal(context, in_creds.client);
- return 0;
+ goto out;
}
krb5_timeofday(context, &timeret);
if(res_creds->times.endtime > timeret) {
*out_creds = res_creds;
krb5_free_principal(context, in_creds.client);
- return 0;
+ goto out;
}
if(options & KRB5_GC_CACHED)
krb5_cc_remove_cred(context, ccache, 0, res_creds);
@@ -1340,12 +1349,13 @@ krb5_get_creds(krb5_context context,
} else if(ret != KRB5_CC_END) {
free(res_creds);
krb5_free_principal(context, in_creds.client);
- return ret;
+ goto out;
}
free(res_creds);
if(options & KRB5_GC_CACHED) {
krb5_free_principal(context, in_creds.client);
- return not_found(context, in_creds.server, KRB5_CC_NOTFOUND);
+ ret = not_found(context, in_creds.server, KRB5_CC_NOTFOUND);
+ goto out;
}
if(options & KRB5_GC_USER_USER) {
flags.b.enc_tkt_in_skey = 1;
@@ -1374,6 +1384,10 @@ krb5_get_creds(krb5_context context,
free(tgts);
if(ret == 0 && (options & KRB5_GC_NO_STORE) == 0)
krb5_cc_store_cred(context, ccache, *out_creds);
+
+ out:
+ _krb5_debug(context, 5, "krb5_get_creds: ret = %d", ret);
+
return ret;
}
@@ -1381,7 +1395,7 @@ krb5_get_creds(krb5_context context,
*
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_renewed_creds(krb5_context context,
krb5_creds *creds,
krb5_const_principal client,
diff --git a/source4/heimdal/lib/krb5/get_default_principal.c b/source4/heimdal/lib/krb5/get_default_principal.c
index 82d0642934..539dedfa47 100644
--- a/source4/heimdal/lib/krb5/get_default_principal.c
+++ b/source4/heimdal/lib/krb5/get_default_principal.c
@@ -48,6 +48,8 @@ get_env_user(void)
return user;
}
+#ifndef _WIN32
+
/*
* Will only use operating-system dependant operation to get the
* default principal, for use of functions that in ccache layer to
@@ -93,7 +95,58 @@ _krb5_get_default_principal_local (krb5_context context,
return ret;
}
-krb5_error_code KRB5_LIB_FUNCTION
+#else /* _WIN32 */
+
+#define SECURITY_WIN32
+#include <security.h>
+
+krb5_error_code
+_krb5_get_default_principal_local(krb5_context context,
+ krb5_principal *princ)
+{
+ krb5_error_code ret = 0;
+
+ /* See if we can get the principal first. We only expect this to
+ work if logged into a domain. */
+ {
+ char username[1024];
+ ULONG sz = sizeof(username);
+
+ if (GetUserNameEx(NameUserPrincipal, username, &sz)) {
+ return krb5_parse_name_flags(context, username,
+ KRB5_PRINCIPAL_PARSE_ENTERPRISE,
+ princ);
+ }
+ }
+
+ /* Just get the Windows username. This should pretty much always
+ work. */
+ {
+ char username[1024];
+ DWORD dsz = sizeof(username);
+
+ if (GetUserName(username, &dsz)) {
+ return krb5_make_principal(context, princ, NULL, username, NULL);
+ }
+ }
+
+ /* Failing that, we look at the environment */
+ {
+ const char * username = get_env_user();
+
+ if (username == NULL) {
+ krb5_set_error_string(context,
+ "unable to figure out current principal");
+ return ENOTTY; /* Really? */
+ }
+
+ return krb5_make_principal(context, princ, NULL, username, NULL);
+ }
+}
+
+#endif
+
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_default_principal (krb5_context context,
krb5_principal *princ)
{
diff --git a/source4/heimdal/lib/krb5/get_default_realm.c b/source4/heimdal/lib/krb5/get_default_realm.c
index f09df264c1..2a4933a62a 100644
--- a/source4/heimdal/lib/krb5/get_default_realm.c
+++ b/source4/heimdal/lib/krb5/get_default_realm.c
@@ -38,7 +38,7 @@
* Free this memory with krb5_free_host_realm.
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_default_realms (krb5_context context,
krb5_realm **realms)
{
@@ -57,7 +57,7 @@ krb5_get_default_realms (krb5_context context,
* Return the first default realm. For compatibility.
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_default_realm(krb5_context context,
krb5_realm *realm)
{
diff --git a/source4/heimdal/lib/krb5/get_for_creds.c b/source4/heimdal/lib/krb5/get_for_creds.c
index 8c58dae187..a109c71326 100644
--- a/source4/heimdal/lib/krb5/get_for_creds.c
+++ b/source4/heimdal/lib/krb5/get_for_creds.c
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
-#include <krb5_locl.h>
+#include "krb5_locl.h"
static krb5_error_code
add_addrs(krb5_context context,
@@ -100,7 +100,7 @@ fail:
* @ingroup krb5_credential
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_fwd_tgt_creds (krb5_context context,
krb5_auth_context auth_context,
const char *hostname,
@@ -183,7 +183,7 @@ krb5_fwd_tgt_creds (krb5_context context,
* @ingroup krb5_credential
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_forwarded_creds (krb5_context context,
krb5_auth_context auth_context,
krb5_ccache ccache,
diff --git a/source4/heimdal/lib/krb5/get_host_realm.c b/source4/heimdal/lib/krb5/get_host_realm.c
index 7d7fef6e1c..7aee02734b 100644
--- a/source4/heimdal/lib/krb5/get_host_realm.c
+++ b/source4/heimdal/lib/krb5/get_host_realm.c
@@ -158,7 +158,7 @@ config_find_realm(krb5_context context,
* fall back to guessing
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_get_host_realm_int (krb5_context context,
const char *host,
krb5_boolean use_dns,
@@ -215,7 +215,7 @@ _krb5_get_host_realm_int (krb5_context context,
* `realms'. Free `realms' with krb5_free_host_realm().
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_host_realm(krb5_context context,
const char *targethost,
krb5_realm **realms)
diff --git a/source4/heimdal/lib/krb5/get_in_tkt.c b/source4/heimdal/lib/krb5/get_in_tkt.c
index 84b1ffb71f..15cbfba89d 100644
--- a/source4/heimdal/lib/krb5/get_in_tkt.c
+++ b/source4/heimdal/lib/krb5/get_in_tkt.c
@@ -361,7 +361,8 @@ set_ptypes(krb5_context context,
return(1);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_DEPRECATED
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_in_cred(krb5_context context,
krb5_flags options,
const krb5_addresses *addrs,
@@ -374,7 +375,6 @@ krb5_get_in_cred(krb5_context context,
krb5_const_pointer decryptarg,
krb5_creds *creds,
krb5_kdc_rep *ret_as_reply)
- KRB5_DEPRECATED
{
krb5_error_code ret;
AS_REQ a;
@@ -498,7 +498,7 @@ krb5_get_in_cred(krb5_context context,
goto out;
{
- unsigned flags = 0;
+ unsigned flags = EXTRACT_TICKET_TIMESYNC;
if (opts.request_anonymous)
flags |= EXTRACT_TICKET_ALLOW_SERVER_MISMATCH;
@@ -526,7 +526,8 @@ out:
return ret;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_DEPRECATED
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_in_tkt(krb5_context context,
krb5_flags options,
const krb5_addresses *addrs,
@@ -539,7 +540,6 @@ krb5_get_in_tkt(krb5_context context,
krb5_creds *creds,
krb5_ccache ccache,
krb5_kdc_rep *ret_as_reply)
- KRB5_DEPRECATED
{
krb5_error_code ret;
diff --git a/source4/heimdal/lib/krb5/get_port.c b/source4/heimdal/lib/krb5/get_port.c
index 5d0361b816..93d9433cd0 100644
--- a/source4/heimdal/lib/krb5/get_port.c
+++ b/source4/heimdal/lib/krb5/get_port.c
@@ -31,9 +31,9 @@
* SUCH DAMAGE.
*/
-#include <krb5_locl.h>
+#include "krb5_locl.h"
-int KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION int KRB5_LIB_CALL
krb5_getportbyname (krb5_context context,
const char *service,
const char *proto,
diff --git a/source4/heimdal/lib/krb5/init_creds.c b/source4/heimdal/lib/krb5/init_creds.c
index b1bd94d3b9..f555c724ed 100644
--- a/source4/heimdal/lib/krb5/init_creds.c
+++ b/source4/heimdal/lib/krb5/init_creds.c
@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -50,7 +52,7 @@
* @ingroup krb5_credential
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_init_creds_opt_alloc(krb5_context context,
krb5_get_init_creds_opt **opt)
{
@@ -82,7 +84,7 @@ krb5_get_init_creds_opt_alloc(krb5_context context,
* @ingroup krb5_credential
*/
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_get_init_creds_opt_free(krb5_context context,
krb5_get_init_creds_opt *opt)
{
@@ -124,20 +126,21 @@ get_config_time (krb5_context context,
static krb5_boolean
get_config_bool (krb5_context context,
+ krb5_boolean def_value,
const char *realm,
const char *name)
{
- return krb5_config_get_bool (context,
- NULL,
- "realms",
- realm,
- name,
- NULL)
- || krb5_config_get_bool (context,
- NULL,
- "libdefaults",
- name,
- NULL);
+ krb5_boolean b;
+
+ b = krb5_config_get_bool_default(context, NULL, def_value,
+ "realms", realm, name, NULL);
+ if (b != def_value)
+ return b;
+ b = krb5_config_get_bool_default (context, NULL, def_value,
+ "libdefaults", name, NULL);
+ if (b != def_value)
+ return b;
+ return def_value;
}
/*
@@ -147,7 +150,7 @@ get_config_bool (krb5_context context,
* [realms] or [libdefaults] for some of the values.
*/
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_get_init_creds_opt_set_default_flags(krb5_context context,
const char *appname,
krb5_const_realm realm,
@@ -156,11 +159,12 @@ krb5_get_init_creds_opt_set_default_flags(krb5_context context,
krb5_boolean b;
time_t t;
- b = get_config_bool (context, realm, "forwardable");
+ b = get_config_bool (context, KRB5_FORWARDABLE_DEFAULT,
+ realm, "forwardable");
krb5_appdefault_boolean(context, appname, realm, "forwardable", b, &b);
krb5_get_init_creds_opt_set_forwardable(opt, b);
- b = get_config_bool (context, realm, "proxiable");
+ b = get_config_bool (context, FALSE, realm, "proxiable");
krb5_appdefault_boolean(context, appname, realm, "proxiable", b, &b);
krb5_get_init_creds_opt_set_proxiable (opt, b);
@@ -197,7 +201,7 @@ krb5_get_init_creds_opt_set_default_flags(krb5_context context,
}
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_get_init_creds_opt_set_tkt_life(krb5_get_init_creds_opt *opt,
krb5_deltat tkt_life)
{
@@ -205,7 +209,7 @@ krb5_get_init_creds_opt_set_tkt_life(krb5_get_init_creds_opt *opt,
opt->tkt_life = tkt_life;
}
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_get_init_creds_opt_set_renew_life(krb5_get_init_creds_opt *opt,
krb5_deltat renew_life)
{
@@ -213,7 +217,7 @@ krb5_get_init_creds_opt_set_renew_life(krb5_get_init_creds_opt *opt,
opt->renew_life = renew_life;
}
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_get_init_creds_opt_set_forwardable(krb5_get_init_creds_opt *opt,
int forwardable)
{
@@ -221,7 +225,7 @@ krb5_get_init_creds_opt_set_forwardable(krb5_get_init_creds_opt *opt,
opt->forwardable = forwardable;
}
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_get_init_creds_opt_set_proxiable(krb5_get_init_creds_opt *opt,
int proxiable)
{
@@ -229,7 +233,7 @@ krb5_get_init_creds_opt_set_proxiable(krb5_get_init_creds_opt *opt,
opt->proxiable = proxiable;
}
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_get_init_creds_opt_set_etype_list(krb5_get_init_creds_opt *opt,
krb5_enctype *etype_list,
int etype_list_length)
@@ -239,7 +243,7 @@ krb5_get_init_creds_opt_set_etype_list(krb5_get_init_creds_opt *opt,
opt->etype_list_length = etype_list_length;
}
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_get_init_creds_opt_set_address_list(krb5_get_init_creds_opt *opt,
krb5_addresses *addresses)
{
@@ -247,7 +251,7 @@ krb5_get_init_creds_opt_set_address_list(krb5_get_init_creds_opt *opt,
opt->address_list = addresses;
}
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_get_init_creds_opt_set_preauth_list(krb5_get_init_creds_opt *opt,
krb5_preauthtype *preauth_list,
int preauth_list_length)
@@ -257,7 +261,7 @@ krb5_get_init_creds_opt_set_preauth_list(krb5_get_init_creds_opt *opt,
opt->preauth_list = preauth_list;
}
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_get_init_creds_opt_set_salt(krb5_get_init_creds_opt *opt,
krb5_data *salt)
{
@@ -265,7 +269,7 @@ krb5_get_init_creds_opt_set_salt(krb5_get_init_creds_opt *opt,
opt->salt = salt;
}
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_get_init_creds_opt_set_anonymous(krb5_get_init_creds_opt *opt,
int anonymous)
{
@@ -286,7 +290,7 @@ require_ext_opt(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_init_creds_opt_set_pa_password(krb5_context context,
krb5_get_init_creds_opt *opt,
const char *password,
@@ -301,7 +305,7 @@ krb5_get_init_creds_opt_set_pa_password(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_init_creds_opt_set_pac_request(krb5_context context,
krb5_get_init_creds_opt *opt,
krb5_boolean req_pac)
@@ -316,7 +320,7 @@ krb5_get_init_creds_opt_set_pac_request(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_init_creds_opt_set_addressless(krb5_context context,
krb5_get_init_creds_opt *opt,
krb5_boolean addressless)
@@ -332,7 +336,7 @@ krb5_get_init_creds_opt_set_addressless(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_init_creds_opt_set_canonicalize(krb5_context context,
krb5_get_init_creds_opt *opt,
krb5_boolean req)
@@ -348,7 +352,7 @@ krb5_get_init_creds_opt_set_canonicalize(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_init_creds_opt_set_win2k(krb5_context context,
krb5_get_init_creds_opt *opt,
krb5_boolean req)
@@ -357,15 +361,18 @@ krb5_get_init_creds_opt_set_win2k(krb5_context context,
ret = require_ext_opt(context, opt, "init_creds_opt_set_win2k");
if (ret)
return ret;
- if (req)
+ if (req) {
opt->opt_private->flags |= KRB5_INIT_CREDS_NO_C_CANON_CHECK;
- else
+ opt->opt_private->flags |= KRB5_INIT_CREDS_NO_C_NO_EKU_CHECK;
+ } else {
opt->opt_private->flags &= ~KRB5_INIT_CREDS_NO_C_CANON_CHECK;
+ opt->opt_private->flags &= ~KRB5_INIT_CREDS_NO_C_NO_EKU_CHECK;
+ }
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_init_creds_opt_set_process_last_req(krb5_context context,
krb5_get_init_creds_opt *opt,
krb5_gic_process_last_req func,
@@ -385,9 +392,19 @@ krb5_get_init_creds_opt_set_process_last_req(krb5_context context,
#ifndef HEIMDAL_SMALLER
-void KRB5_LIB_FUNCTION
+/**
+ * Deprecated: use krb5_get_init_creds_opt_alloc().
+ *
+ * The reason krb5_get_init_creds_opt_init() is deprecated is that
+ * krb5_get_init_creds_opt is a static structure and for ABI reason it
+ * can't grow, ie can't add new functionality.
+ *
+ * @ingroup krb5_deprecated
+ */
+
+KRB5_DEPRECATED
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_get_init_creds_opt_init(krb5_get_init_creds_opt *opt)
- KRB5_DEPRECATED
{
memset (opt, 0, sizeof(*opt));
}
@@ -399,11 +416,11 @@ krb5_get_init_creds_opt_init(krb5_get_init_creds_opt *opt)
* @ingroup krb5_deprecated
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_DEPRECATED
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_init_creds_opt_get_error(krb5_context context,
krb5_get_init_creds_opt *opt,
KRB_ERROR **error)
- KRB5_DEPRECATED
{
*error = calloc(1, sizeof(**error));
if (*error == NULL) {
diff --git a/source4/heimdal/lib/krb5/init_creds_pw.c b/source4/heimdal/lib/krb5/init_creds_pw.c
index c326fa4df7..4637a6d941 100644
--- a/source4/heimdal/lib/krb5/init_creds_pw.c
+++ b/source4/heimdal/lib/krb5/init_creds_pw.c
@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -59,6 +61,12 @@ typedef struct krb5_get_init_creds_ctx {
krb5_pk_init_ctx pk_init_ctx;
int ic_flags;
+ int used_pa_types;
+#define USED_PKINIT 1
+#define USED_PKINIT_W2K 2
+#define USED_ENC_TS_GUESS 4
+#define USED_ENC_TS_INFO 8
+
METHOD_DATA md;
KRB_ERROR error;
AS_REP as_rep;
@@ -67,8 +75,25 @@ typedef struct krb5_get_init_creds_ctx {
krb5_prompter_fct prompter;
void *prompter_data;
+ struct pa_info_data *ppaid;
+
} krb5_get_init_creds_ctx;
+
+struct pa_info_data {
+ krb5_enctype etype;
+ krb5_salt salt;
+ krb5_data *s2kparams;
+};
+
+static void
+free_paid(krb5_context context, struct pa_info_data *ppaid)
+{
+ krb5_free_salt(context, ppaid->salt);
+ if (ppaid->s2kparams)
+ krb5_free_data(context, ppaid->s2kparams);
+}
+
static krb5_error_code
default_s2k_func(krb5_context context, krb5_enctype type,
krb5_const_pointer keyseed,
@@ -79,6 +104,8 @@ default_s2k_func(krb5_context context, krb5_enctype type,
krb5_data password;
krb5_data opaque;
+ _krb5_debug(context, 5, "krb5_get_init_creds: using default_s2k_func");
+
password.data = rk_UNCONST(keyseed);
password.length = strlen(keyseed);
if (s2kparms)
@@ -120,6 +147,10 @@ free_init_creds_ctx(krb5_context context, krb5_init_creds_context ctx)
free_EncKDCRepPart(&ctx->enc_part);
free_KRB_ERROR(&ctx->error);
free_AS_REQ(&ctx->as_req);
+ if (ctx->ppaid) {
+ free_paid(context, ctx->ppaid);
+ free(ctx->ppaid);
+ }
memset(ctx, 0, sizeof(*ctx));
}
@@ -559,7 +590,7 @@ out:
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_keyblock_key_proc (krb5_context context,
krb5_keytype type,
krb5_data *salt,
@@ -681,20 +712,6 @@ init_as_req (krb5_context context,
return ret;
}
-struct pa_info_data {
- krb5_enctype etype;
- krb5_salt salt;
- krb5_data *s2kparams;
-};
-
-static void
-free_paid(krb5_context context, struct pa_info_data *ppaid)
-{
- krb5_free_salt(context, ppaid->salt);
- if (ppaid->s2kparams)
- krb5_free_data(context, ppaid->s2kparams);
-}
-
static krb5_error_code
set_paid(struct pa_info_data *paid, krb5_context context,
@@ -986,6 +1003,8 @@ add_enc_ts_padata(krb5_context context,
for (i = 0; i < netypes; ++i) {
krb5_keyblock *key;
+ _krb5_debug(context, 5, "krb5_get_init_creds: using ENC-TS with enctype %d", enctypes[i]);
+
ret = (*keyproc)(context, enctypes[i], keyseed,
*salt, s2kparams, &key);
if (ret)
@@ -1019,6 +1038,8 @@ pa_data_to_md_ts_enc(krb5_context context,
} else {
krb5_salt salt;
+ _krb5_debug(context, 5, "krb5_get_init_creds: pa-info not found, guessing salt");
+
/* make a v5 salted pa-data */
add_enc_ts_padata(context, md, client,
ctx->keyproc, ctx->keyseed,
@@ -1057,6 +1078,7 @@ static krb5_error_code
pa_data_to_md_pkinit(krb5_context context,
const AS_REQ *a,
const krb5_principal client,
+ int win2k,
krb5_get_init_creds_ctx *ctx,
METHOD_DATA *md)
{
@@ -1064,10 +1086,12 @@ pa_data_to_md_pkinit(krb5_context context,
return 0;
#ifdef PKINIT
return _krb5_pk_mk_padata(context,
- ctx->pk_init_ctx,
- &a->req_body,
- ctx->pk_nonce,
- md);
+ ctx->pk_init_ctx,
+ ctx->ic_flags,
+ win2k,
+ &a->req_body,
+ ctx->pk_nonce,
+ md);
#else
krb5_set_error_message(context, EINVAL,
N_("no support for PKINIT compiled in", ""));
@@ -1133,6 +1157,13 @@ process_pa_data_to_md(krb5_context context,
(*out_md)->len = 0;
(*out_md)->val = NULL;
+ if (_krb5_have_debug(context, 5)) {
+ unsigned i;
+ _krb5_debug(context, 5, "KDC send %d patypes", in_md->len);
+ for (i = 0; i < in_md->len; i++)
+ _krb5_debug(context, 5, "KDC send PA-DATA type: %d", in_md->val[i].padata_type);
+ }
+
/*
* Make sure we don't sent both ENC-TS and PK-INIT pa data, no
* need to expose our password protecting our PKCS12 key.
@@ -1140,21 +1171,62 @@ process_pa_data_to_md(krb5_context context,
if (ctx->pk_init_ctx) {
- ret = pa_data_to_md_pkinit(context, a, creds->client, ctx, *out_md);
+ _krb5_debug(context, 5, "krb5_get_init_creds: "
+ "prepareing PKINIT padata (%s)",
+ (ctx->used_pa_types & USED_PKINIT_W2K) ? "win2k" : "ietf");
+
+ if (ctx->used_pa_types & USED_PKINIT_W2K) {
+ krb5_set_error_message(context, KRB5_GET_IN_TKT_LOOP,
+ "Already tried pkinit, looping");
+ return KRB5_GET_IN_TKT_LOOP;
+ }
+
+ ret = pa_data_to_md_pkinit(context, a, creds->client,
+ (ctx->used_pa_types & USED_PKINIT),
+ ctx, *out_md);
if (ret)
return ret;
+ if (ctx->used_pa_types & USED_PKINIT)
+ ctx->used_pa_types |= USED_PKINIT_W2K;
+ else
+ ctx->used_pa_types |= USED_PKINIT;
+
} else if (in_md->len != 0) {
- struct pa_info_data paid, *ppaid;
+ struct pa_info_data *paid, *ppaid;
+ unsigned flag;
+
+ paid = calloc(1, sizeof(*paid));
- memset(&paid, 0, sizeof(paid));
+ paid->etype = ENCTYPE_NULL;
+ ppaid = process_pa_info(context, creds->client, a, paid, in_md);
- paid.etype = ENCTYPE_NULL;
- ppaid = process_pa_info(context, creds->client, a, &paid, in_md);
+ if (ppaid)
+ flag = USED_ENC_TS_INFO;
+ else
+ flag = USED_ENC_TS_GUESS;
+
+ if (ctx->used_pa_types & flag) {
+ if (ppaid)
+ free_paid(context, ppaid);
+ krb5_set_error_message(context, KRB5_GET_IN_TKT_LOOP,
+ "Already tried ENC-TS-%s, looping",
+ flag == USED_ENC_TS_INFO ? "info" : "guess");
+ return KRB5_GET_IN_TKT_LOOP;
+ }
pa_data_to_md_ts_enc(context, a, creds->client, ctx, ppaid, *out_md);
- if (ppaid)
- free_paid(context, ppaid);
+
+ ctx->used_pa_types |= flag;
+
+ if (ppaid) {
+ if (ctx->ppaid) {
+ free_paid(context, ctx->ppaid);
+ free(ctx->ppaid);
+ }
+ ctx->ppaid = ppaid;
+ } else
+ free(paid);
}
pa_data_add_pac_request(context, ctx, *out_md);
@@ -1190,12 +1262,15 @@ process_pa_data_to_key(krb5_context context,
ppaid = process_pa_info(context, creds->client, a, &paid,
rep->padata);
}
+ if (ppaid == NULL)
+ ppaid = ctx->ppaid;
if (ppaid == NULL) {
ret = krb5_get_pw_salt (context, creds->client, &paid.salt);
if (ret)
return ret;
paid.etype = etype;
paid.s2kparams = NULL;
+ ppaid = &paid;
}
pa = NULL;
@@ -1215,6 +1290,8 @@ process_pa_data_to_key(krb5_context context,
}
if (pa && ctx->pk_init_ctx) {
#ifdef PKINIT
+ _krb5_debug(context, 5, "krb5_get_init_creds: using PKINIT");
+
ret = _krb5_pk_rd_pa_reply(context,
a->req_body.realm,
ctx->pk_init_ctx,
@@ -1228,10 +1305,11 @@ process_pa_data_to_key(krb5_context context,
ret = EINVAL;
krb5_set_error_message(context, ret, N_("no support for PKINIT compiled in", ""));
#endif
- } else if (ctx->keyseed)
+ } else if (ctx->keyseed) {
+ _krb5_debug(context, 5, "krb5_get_init_creds: using keyproc");
ret = pa_data_to_key_plain(context, creds->client, ctx,
- paid.salt, paid.s2kparams, etype, key);
- else {
+ ppaid->salt, ppaid->s2kparams, etype, key);
+ } else {
ret = EINVAL;
krb5_set_error_message(context, ret, N_("No usable pa data type", ""));
}
@@ -1258,7 +1336,7 @@ process_pa_data_to_key(krb5_context context,
* @ingroup krb5_credential
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_init_creds_init(krb5_context context,
krb5_principal client,
krb5_prompter_fct prompter,
@@ -1312,7 +1390,7 @@ krb5_init_creds_init(krb5_context context,
* @ingroup krb5_credential
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_init_creds_set_service(krb5_context context,
krb5_init_creds_context ctx,
const char *service)
@@ -1352,7 +1430,7 @@ krb5_init_creds_set_service(krb5_context context,
* @ingroup krb5_credential
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_init_creds_set_password(krb5_context context,
krb5_init_creds_context ctx,
const char *password)
@@ -1420,7 +1498,7 @@ keytab_key_proc(krb5_context context, krb5_enctype enctype,
* @ingroup krb5_credential
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_init_creds_set_keytab(krb5_context context,
krb5_init_creds_context ctx,
krb5_keytab keytab)
@@ -1512,7 +1590,7 @@ keyblock_key_proc(krb5_context context, krb5_enctype enctype,
return krb5_copy_keyblock (context, keyseed, key);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_init_creds_set_keyblock(krb5_context context,
krb5_init_creds_context ctx,
krb5_keyblock *keyblock)
@@ -1543,7 +1621,7 @@ krb5_init_creds_set_keyblock(krb5_context context,
* @ingroup krb5_credential
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_init_creds_step(krb5_context context,
krb5_init_creds_context ctx,
krb5_data *in,
@@ -1576,16 +1654,20 @@ krb5_init_creds_step(krb5_context context,
}
ctx->pa_counter++;
+ _krb5_debug(context, 5, "krb5_get_init_creds: loop %d", ctx->pa_counter);
+
/* Lets process the input packet */
if (in && in->length) {
krb5_kdc_rep rep;
memset(&rep, 0, sizeof(rep));
+ _krb5_debug(context, 5, "krb5_get_init_creds: processing input");
+
ret = decode_AS_REP(in->data, in->length, &rep.kdc_rep, &size);
if (ret == 0) {
krb5_keyblock *key = NULL;
- unsigned eflags = EXTRACT_TICKET_AS_REQ;
+ unsigned eflags = EXTRACT_TICKET_AS_REQ | EXTRACT_TICKET_TIMESYNC;
if (ctx->flags.canonicalize) {
eflags |= EXTRACT_TICKET_ALLOW_SERVER_MISMATCH;
@@ -1601,6 +1683,8 @@ krb5_init_creds_step(krb5_context context,
goto out;
}
+ _krb5_debug(context, 5, "krb5_get_init_creds: extracting ticket");
+
ret = _krb5_extract_ticket(context,
&rep,
&ctx->cred,
@@ -1627,16 +1711,22 @@ krb5_init_creds_step(krb5_context context,
} else {
/* let's try to parse it as a KRB-ERROR */
+ _krb5_debug(context, 5, "krb5_get_init_creds: got an error");
+
free_KRB_ERROR(&ctx->error);
ret = krb5_rd_error(context, in, &ctx->error);
if(ret && in->length && ((char*)in->data)[0] == 4)
ret = KRB5KRB_AP_ERR_V4_REPLY;
- if (ret)
+ if (ret) {
+ _krb5_debug(context, 5, "krb5_get_init_creds: failed to read error");
goto out;
+ }
ret = krb5_error_from_rd_error(context, &ctx->error, &ctx->cred);
+ _krb5_debug(context, 5, "krb5_get_init_creds: KRB-ERROR %d", ret);
+
/*
* If no preauth was set and KDC requires it, give it one
* more try.
@@ -1668,16 +1758,29 @@ krb5_init_creds_step(krb5_context context,
krb5_set_real_time(context, ctx->error.stime, -1);
if (context->kdc_sec_offset)
ret = 0;
+
+ _krb5_debug(context, 10, "init_creds: err skew updateing kdc offset to %d",
+ context->kdc_sec_offset);
+
+ ctx->used_pa_types = 0;
+
} else if (ret == KRB5_KDC_ERR_WRONG_REALM && ctx->flags.canonicalize) {
/* client referal to a new realm */
+
if (ctx->error.crealm == NULL) {
krb5_set_error_message(context, ret,
N_("Got a client referral, not but no realm", ""));
goto out;
}
+ _krb5_debug(context, 5,
+ "krb5_get_init_creds: got referal to realm %s",
+ *ctx->error.crealm);
+
ret = krb5_principal_set_realm(context,
ctx->cred.client,
*ctx->error.crealm);
+
+ ctx->used_pa_types = 0;
}
if (ret)
goto out;
@@ -1731,7 +1834,7 @@ krb5_init_creds_step(krb5_context context,
* @return 0 for sucess or An Kerberos error code, see krb5_get_error_message().
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_init_creds_get_creds(krb5_context context,
krb5_init_creds_context ctx,
krb5_creds *cred)
@@ -1747,7 +1850,7 @@ krb5_init_creds_get_creds(krb5_context context,
* @ingroup krb5_credential
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_init_creds_get_error(krb5_context context,
krb5_init_creds_context ctx,
KRB_ERROR *error)
@@ -1770,7 +1873,7 @@ krb5_init_creds_get_error(krb5_context context,
* @ingroup krb5_credential
*/
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_init_creds_free(krb5_context context,
krb5_init_creds_context ctx)
{
@@ -1787,7 +1890,7 @@ krb5_init_creds_free(krb5_context context,
* @ingroup krb5_credential
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_init_creds_get(krb5_context context, krb5_init_creds_context ctx)
{
krb5_sendto_ctx stctx = NULL;
@@ -1835,7 +1938,7 @@ krb5_init_creds_get(krb5_context context, krb5_init_creds_context ctx)
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_init_creds_password(krb5_context context,
krb5_creds *creds,
krb5_principal client,
@@ -1941,7 +2044,7 @@ krb5_get_init_creds_password(krb5_context context,
* @ingroup krb5_credential
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_init_creds_keyblock(krb5_context context,
krb5_creds *creds,
krb5_principal client,
@@ -1988,7 +2091,7 @@ krb5_get_init_creds_keyblock(krb5_context context,
* @ingroup krb5_credential
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_init_creds_keytab(krb5_context context,
krb5_creds *creds,
krb5_principal client,
diff --git a/source4/heimdal/lib/krb5/kcm.c b/source4/heimdal/lib/krb5/kcm.c
index c94dea551f..01ea184773 100644
--- a/source4/heimdal/lib/krb5/kcm.c
+++ b/source4/heimdal/lib/krb5/kcm.c
@@ -2,6 +2,8 @@
* Copyright (c) 2005, PADL Software Pty Ltd.
* All rights reserved.
*
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -37,16 +39,16 @@
* Client library for Kerberos Credentials Manager (KCM) daemon
*/
-#ifdef HAVE_SYS_UN_H
-#include <sys/un.h>
-#endif
-
#include "kcm.h"
+#include <heim-ipc.h>
+
+static krb5_error_code
+kcm_set_kdc_offset(krb5_context, krb5_ccache, krb5_deltat);
+
+static const char *kcm_ipc_name = "ANY:org.h5l.kcm";
typedef struct krb5_kcmcache {
char *name;
- struct sockaddr_un path;
- char *door_path;
} krb5_kcmcache;
typedef struct krb5_kcm_cursor {
@@ -60,83 +62,23 @@ typedef struct krb5_kcm_cursor {
#define CACHENAME(X) (KCMCACHE(X)->name)
#define KCMCURSOR(C) ((krb5_kcm_cursor)(C))
-#ifdef HAVE_DOOR_CREATE
-
-static krb5_error_code
-try_door(krb5_context context,
- krb5_kcmcache *k,
- krb5_data *request_data,
- krb5_data *response_data)
-{
- door_arg_t arg;
- int fd;
- int ret;
-
- memset(&arg, 0, sizeof(arg));
-
- fd = open(k->door_path, O_RDWR);
- if (fd < 0)
- return KRB5_CC_IO;
- rk_cloexec(fd);
-
- arg.data_ptr = request_data->data;
- arg.data_size = request_data->length;
- arg.desc_ptr = NULL;
- arg.desc_num = 0;
- arg.rbuf = NULL;
- arg.rsize = 0;
-
- ret = door_call(fd, &arg);
- close(fd);
- if (ret != 0)
- return KRB5_CC_IO;
-
- ret = krb5_data_copy(response_data, arg.rbuf, arg.rsize);
- munmap(arg.rbuf, arg.rsize);
- if (ret)
- return ret;
-
- return 0;
-}
-#endif /* HAVE_DOOR_CREATE */
-
-static krb5_error_code
-try_unix_socket(krb5_context context,
- krb5_kcmcache *k,
- krb5_data *request_data,
- krb5_data *response_data)
-{
- krb5_error_code ret;
- int fd;
-
- fd = socket(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0);
- if (fd < 0)
- return KRB5_CC_IO;
- rk_cloexec(fd);
-
- if (connect(fd, rk_UNCONST(&k->path), sizeof(k->path)) != 0) {
- close(fd);
- return KRB5_CC_IO;
- }
-
- ret = _krb5_send_and_recv_tcp(fd, context->kdc_timeout,
- request_data, response_data);
- close(fd);
- return ret;
-}
+static HEIMDAL_MUTEX kcm_mutex = HEIMDAL_MUTEX_INITIALIZER;
+static heim_ipc kcm_ipc = NULL;
static krb5_error_code
kcm_send_request(krb5_context context,
- krb5_kcmcache *k,
krb5_storage *request,
krb5_data *response_data)
{
- krb5_error_code ret;
+ krb5_error_code ret = 0;
krb5_data request_data;
- int i;
- response_data->data = NULL;
- response_data->length = 0;
+ HEIMDAL_MUTEX_lock(&kcm_mutex);
+ if (kcm_ipc == NULL)
+ ret = heim_ipc_init_context(kcm_ipc_name, &kcm_ipc);
+ HEIMDAL_MUTEX_unlock(&kcm_mutex);
+ if (ret)
+ return KRB5_CC_NOSUPP;
ret = krb5_storage_to_data(request, &request_data);
if (ret) {
@@ -144,19 +86,7 @@ kcm_send_request(krb5_context context,
return KRB5_CC_NOMEM;
}
- ret = KRB5_CC_NOSUPP;
-
- for (i = 0; i < context->max_retries; i++) {
-#ifdef HAVE_DOOR_CREATE
- ret = try_door(context, k, &request_data, response_data);
- if (ret == 0 && response_data->length != 0)
- break;
-#endif
- ret = try_unix_socket(context, k, &request_data, response_data);
- if (ret == 0 && response_data->length != 0)
- break;
- }
-
+ ret = heim_ipc_call(kcm_ipc, &request_data, response_data, NULL);
krb5_data_free(&request_data);
if (ret) {
@@ -167,10 +97,10 @@ kcm_send_request(krb5_context context,
return ret;
}
-static krb5_error_code
-kcm_storage_request(krb5_context context,
- kcm_operation opcode,
- krb5_storage **storage_p)
+krb5_error_code
+krb5_kcm_storage_request(krb5_context context,
+ uint16_t opcode,
+ krb5_storage **storage_p)
{
krb5_storage *sp;
krb5_error_code ret;
@@ -209,7 +139,6 @@ static krb5_error_code
kcm_alloc(krb5_context context, const char *name, krb5_ccache *id)
{
krb5_kcmcache *k;
- const char *path;
k = malloc(sizeof(*k));
if (k == NULL) {
@@ -228,35 +157,18 @@ kcm_alloc(krb5_context context, const char *name, krb5_ccache *id)
}
} else
k->name = NULL;
-
- path = krb5_config_get_string_default(context, NULL,
- _PATH_KCM_SOCKET,
- "libdefaults",
- "kcm_socket",
- NULL);
-
- k->path.sun_family = AF_UNIX;
- strlcpy(k->path.sun_path, path, sizeof(k->path.sun_path));
-
- path = krb5_config_get_string_default(context, NULL,
- _PATH_KCM_DOOR,
- "libdefaults",
- "kcm_door",
- NULL);
- k->door_path = strdup(path);
-
+
(*id)->data.data = k;
(*id)->data.length = sizeof(*k);
return 0;
}
-static krb5_error_code
-kcm_call(krb5_context context,
- krb5_kcmcache *k,
- krb5_storage *request,
- krb5_storage **response_p,
- krb5_data *response_data_p)
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_kcm_call(krb5_context context,
+ krb5_storage *request,
+ krb5_storage **response_p,
+ krb5_data *response_data_p)
{
krb5_data response_data;
krb5_error_code ret;
@@ -266,10 +178,11 @@ kcm_call(krb5_context context,
if (response_p != NULL)
*response_p = NULL;
- ret = kcm_send_request(context, k, request, &response_data);
- if (ret) {
+ krb5_data_zero(&response_data);
+
+ ret = kcm_send_request(context, request, &response_data);
+ if (ret)
return ret;
- }
response = krb5_storage_from_data(&response_data);
if (response == NULL) {
@@ -311,8 +224,6 @@ kcm_free(krb5_context context, krb5_ccache *id)
if (k != NULL) {
if (k->name != NULL)
free(k->name);
- if (k->door_path)
- free(k->door_path);
memset(k, 0, sizeof(*k));
krb5_data_free(&(*id)->data);
}
@@ -351,13 +262,13 @@ kcm_gen_new(krb5_context context, krb5_ccache *id)
k = KCMCACHE(*id);
- ret = kcm_storage_request(context, KCM_OP_GEN_NEW, &request);
+ ret = krb5_kcm_storage_request(context, KCM_OP_GEN_NEW, &request);
if (ret) {
kcm_free(context, id);
return ret;
}
- ret = kcm_call(context, k, request, &response, &response_data);
+ ret = krb5_kcm_call(context, request, &response, &response_data);
if (ret) {
krb5_storage_free(request);
kcm_free(context, id);
@@ -395,7 +306,7 @@ kcm_initialize(krb5_context context,
krb5_kcmcache *k = KCMCACHE(id);
krb5_storage *request;
- ret = kcm_storage_request(context, KCM_OP_INITIALIZE, &request);
+ ret = krb5_kcm_storage_request(context, KCM_OP_INITIALIZE, &request);
if (ret)
return ret;
@@ -411,9 +322,13 @@ kcm_initialize(krb5_context context,
return ret;
}
- ret = kcm_call(context, k, request, NULL, NULL);
+ ret = krb5_kcm_call(context, request, NULL, NULL);
krb5_storage_free(request);
+
+ if (context->kdc_sec_offset)
+ kcm_set_kdc_offset(context, id, context->kdc_sec_offset);
+
return ret;
}
@@ -440,7 +355,7 @@ kcm_destroy(krb5_context context,
krb5_kcmcache *k = KCMCACHE(id);
krb5_storage *request;
- ret = kcm_storage_request(context, KCM_OP_DESTROY, &request);
+ ret = krb5_kcm_storage_request(context, KCM_OP_DESTROY, &request);
if (ret)
return ret;
@@ -450,7 +365,7 @@ kcm_destroy(krb5_context context,
return ret;
}
- ret = kcm_call(context, k, request, NULL, NULL);
+ ret = krb5_kcm_call(context, request, NULL, NULL);
krb5_storage_free(request);
return ret;
@@ -473,7 +388,7 @@ kcm_store_cred(krb5_context context,
krb5_kcmcache *k = KCMCACHE(id);
krb5_storage *request;
- ret = kcm_storage_request(context, KCM_OP_STORE, &request);
+ ret = krb5_kcm_storage_request(context, KCM_OP_STORE, &request);
if (ret)
return ret;
@@ -489,12 +404,13 @@ kcm_store_cred(krb5_context context,
return ret;
}
- ret = kcm_call(context, k, request, NULL, NULL);
+ ret = krb5_kcm_call(context, request, NULL, NULL);
krb5_storage_free(request);
return ret;
}
+#if 0
/*
* Request:
* NameZ
@@ -517,7 +433,7 @@ kcm_retrieve(krb5_context context,
krb5_storage *request, *response;
krb5_data response_data;
- ret = kcm_storage_request(context, KCM_OP_RETRIEVE, &request);
+ ret = krb5_kcm_storage_request(context, KCM_OP_RETRIEVE, &request);
if (ret)
return ret;
@@ -539,7 +455,7 @@ kcm_retrieve(krb5_context context,
return ret;
}
- ret = kcm_call(context, k, request, &response, &response_data);
+ ret = krb5_kcm_call(context, request, &response, &response_data);
if (ret) {
krb5_storage_free(request);
return ret;
@@ -555,6 +471,7 @@ kcm_retrieve(krb5_context context,
return ret;
}
+#endif
/*
* Request:
@@ -573,7 +490,7 @@ kcm_get_principal(krb5_context context,
krb5_storage *request, *response;
krb5_data response_data;
- ret = kcm_storage_request(context, KCM_OP_GET_PRINCIPAL, &request);
+ ret = krb5_kcm_storage_request(context, KCM_OP_GET_PRINCIPAL, &request);
if (ret)
return ret;
@@ -583,7 +500,7 @@ kcm_get_principal(krb5_context context,
return ret;
}
- ret = kcm_call(context, k, request, &response, &response_data);
+ ret = krb5_kcm_call(context, request, &response, &response_data);
if (ret) {
krb5_storage_free(request);
return ret;
@@ -619,7 +536,7 @@ kcm_get_first (krb5_context context,
krb5_storage *request, *response;
krb5_data response_data;
- ret = kcm_storage_request(context, KCM_OP_GET_FIRST, &request);
+ ret = krb5_kcm_storage_request(context, KCM_OP_GET_CRED_UUID_LIST, &request);
if (ret)
return ret;
@@ -629,7 +546,7 @@ kcm_get_first (krb5_context context,
return ret;
}
- ret = kcm_call(context, k, request, &response, &response_data);
+ ret = krb5_kcm_call(context, request, &response, &response_data);
krb5_storage_free(request);
if (ret)
return ret;
@@ -710,7 +627,7 @@ kcm_get_next (krb5_context context,
if (c->offset >= c->length)
return KRB5_CC_END;
- ret = kcm_storage_request(context, KCM_OP_GET_NEXT, &request);
+ ret = krb5_kcm_storage_request(context, KCM_OP_GET_CRED_BY_UUID, &request);
if (ret)
return ret;
@@ -730,7 +647,7 @@ kcm_get_next (krb5_context context,
return ENOMEM;
}
- ret = kcm_call(context, k, request, &response, &response_data);
+ ret = krb5_kcm_call(context, request, &response, &response_data);
krb5_storage_free(request);
if (ret == KRB5_CC_END) {
goto again;
@@ -759,32 +676,14 @@ kcm_end_get (krb5_context context,
krb5_ccache id,
krb5_cc_cursor *cursor)
{
- krb5_error_code ret;
- krb5_kcmcache *k = KCMCACHE(id);
krb5_kcm_cursor c = KCMCURSOR(*cursor);
- krb5_storage *request;
-
- ret = kcm_storage_request(context, KCM_OP_END_GET, &request);
- if (ret)
- return ret;
-
- ret = krb5_store_stringz(request, k->name);
- if (ret) {
- krb5_storage_free(request);
- return ret;
- }
-
- ret = kcm_call(context, k, request, NULL, NULL);
- krb5_storage_free(request);
- if (ret)
- return ret;
free(c->uuids);
free(c);
*cursor = NULL;
- return ret;
+ return 0;
}
/*
@@ -806,7 +705,7 @@ kcm_remove_cred(krb5_context context,
krb5_kcmcache *k = KCMCACHE(id);
krb5_storage *request;
- ret = kcm_storage_request(context, KCM_OP_REMOVE_CRED, &request);
+ ret = krb5_kcm_storage_request(context, KCM_OP_REMOVE_CRED, &request);
if (ret)
return ret;
@@ -828,7 +727,7 @@ kcm_remove_cred(krb5_context context,
return ret;
}
- ret = kcm_call(context, k, request, NULL, NULL);
+ ret = krb5_kcm_call(context, request, NULL, NULL);
krb5_storage_free(request);
return ret;
@@ -843,7 +742,7 @@ kcm_set_flags(krb5_context context,
krb5_kcmcache *k = KCMCACHE(id);
krb5_storage *request;
- ret = kcm_storage_request(context, KCM_OP_SET_FLAGS, &request);
+ ret = krb5_kcm_storage_request(context, KCM_OP_SET_FLAGS, &request);
if (ret)
return ret;
@@ -859,7 +758,7 @@ kcm_set_flags(krb5_context context,
return ret;
}
- ret = kcm_call(context, k, request, NULL, NULL);
+ ret = krb5_kcm_call(context, request, NULL, NULL);
krb5_storage_free(request);
return ret;
@@ -872,6 +771,161 @@ kcm_get_version(krb5_context context,
return 0;
}
+/*
+ * Send nothing
+ * get back list of uuids
+ */
+
+static krb5_error_code
+kcm_get_cache_first(krb5_context context, krb5_cc_cursor *cursor)
+{
+ krb5_error_code ret;
+ krb5_kcm_cursor c;
+ krb5_storage *request, *response;
+ krb5_data response_data;
+
+ *cursor = NULL;
+
+ c = calloc(1, sizeof(*c));
+ if (c == NULL) {
+ ret = ENOMEM;
+ krb5_set_error_message(context, ret,
+ N_("malloc: out of memory", ""));
+ goto out;
+ }
+
+ ret = krb5_kcm_storage_request(context, KCM_OP_GET_CACHE_UUID_LIST, &request);
+ if (ret)
+ goto out;
+
+ ret = krb5_kcm_call(context, request, &response, &response_data);
+ krb5_storage_free(request);
+ if (ret)
+ goto out;
+
+ while (1) {
+ ssize_t sret;
+ kcmuuid_t uuid;
+ void *ptr;
+
+ sret = krb5_storage_read(response, &uuid, sizeof(uuid));
+ if (sret == 0) {
+ ret = 0;
+ break;
+ } else if (sret != sizeof(uuid)) {
+ ret = EINVAL;
+ goto out;
+ }
+
+ ptr = realloc(c->uuids, sizeof(c->uuids[0]) * (c->length + 1));
+ if (ptr == NULL) {
+ ret = ENOMEM;
+ krb5_set_error_message(context, ret,
+ N_("malloc: out of memory", ""));
+ goto out;
+ }
+ c->uuids = ptr;
+
+ memcpy(&c->uuids[c->length], &uuid, sizeof(uuid));
+ c->length += 1;
+ }
+
+ krb5_storage_free(response);
+ krb5_data_free(&response_data);
+
+ out:
+ if (ret && c) {
+ free(c->uuids);
+ free(c);
+ } else
+ *cursor = c;
+
+ return ret;
+}
+
+/*
+ * Send uuid
+ * Recv cache name
+ */
+
+static krb5_error_code
+kcm_get_cache_next(krb5_context context, krb5_cc_cursor cursor, const krb5_cc_ops *ops, krb5_ccache *id)
+{
+ krb5_error_code ret;
+ krb5_kcm_cursor c = KCMCURSOR(cursor);
+ krb5_storage *request, *response;
+ krb5_data response_data;
+ ssize_t sret;
+ char *name;
+
+ *id = NULL;
+
+ again:
+
+ if (c->offset >= c->length)
+ return KRB5_CC_END;
+
+ ret = krb5_kcm_storage_request(context, KCM_OP_GET_CACHE_BY_UUID, &request);
+ if (ret)
+ return ret;
+
+ sret = krb5_storage_write(request,
+ &c->uuids[c->offset],
+ sizeof(c->uuids[c->offset]));
+ c->offset++;
+ if (sret != sizeof(c->uuids[c->offset])) {
+ krb5_storage_free(request);
+ krb5_clear_error_message(context);
+ return ENOMEM;
+ }
+
+ ret = krb5_kcm_call(context, request, &response, &response_data);
+ krb5_storage_free(request);
+ if (ret == KRB5_CC_END)
+ goto again;
+
+ ret = krb5_ret_stringz(response, &name);
+ krb5_storage_free(response);
+ krb5_data_free(&response_data);
+
+ if (ret == 0) {
+ ret = _krb5_cc_allocate(context, ops, id);
+ if (ret == 0)
+ ret = kcm_alloc(context, name, id);
+ krb5_xfree(name);
+ }
+
+ return ret;
+}
+
+static krb5_error_code
+kcm_get_cache_next_kcm(krb5_context context, krb5_cc_cursor cursor, krb5_ccache *id)
+{
+#ifndef KCM_IS_API_CACHE
+ return kcm_get_cache_next(context, cursor, &krb5_kcm_ops, id);
+#else
+ return KRB5_CC_END;
+#endif
+}
+
+static krb5_error_code
+kcm_get_cache_next_api(krb5_context context, krb5_cc_cursor cursor, krb5_ccache *id)
+{
+ return kcm_get_cache_next(context, cursor, &krb5_akcm_ops, id);
+}
+
+
+static krb5_error_code
+kcm_end_cache_get(krb5_context context, krb5_cc_cursor cursor)
+{
+ krb5_kcm_cursor c = KCMCURSOR(cursor);
+
+ free(c->uuids);
+ free(c);
+ return 0;
+}
+
+
static krb5_error_code
kcm_move(krb5_context context, krb5_ccache from, krb5_ccache to)
{
@@ -880,7 +934,7 @@ kcm_move(krb5_context context, krb5_ccache from, krb5_ccache to)
krb5_kcmcache *newk = KCMCACHE(to);
krb5_storage *request;
- ret = kcm_storage_request(context, KCM_OP_MOVE_CACHE, &request);
+ ret = krb5_kcm_storage_request(context, KCM_OP_MOVE_CACHE, &request);
if (ret)
return ret;
@@ -895,18 +949,81 @@ kcm_move(krb5_context context, krb5_ccache from, krb5_ccache to)
krb5_storage_free(request);
return ret;
}
- ret = kcm_call(context, oldk, request, NULL, NULL);
+ ret = krb5_kcm_call(context, request, NULL, NULL);
krb5_storage_free(request);
return ret;
}
static krb5_error_code
-kcm_default_name(krb5_context context, char **str)
+kcm_get_default_name(krb5_context context, const krb5_cc_ops *ops,
+ const char *defstr, char **str)
+{
+ krb5_error_code ret;
+ krb5_storage *request, *response;
+ krb5_data response_data;
+ char *name;
+
+ *str = NULL;
+
+ ret = krb5_kcm_storage_request(context, KCM_OP_GET_DEFAULT_CACHE, &request);
+ if (ret)
+ return ret;
+
+ ret = krb5_kcm_call(context, request, &response, &response_data);
+ krb5_storage_free(request);
+ if (ret)
+ return _krb5_expand_default_cc_name(context, defstr, str);
+
+ ret = krb5_ret_stringz(response, &name);
+ krb5_storage_free(response);
+ krb5_data_free(&response_data);
+ if (ret)
+ return ret;
+
+ asprintf(str, "%s:%s", ops->prefix, name);
+ free(name);
+ if (str == NULL)
+ return ENOMEM;
+
+ return 0;
+}
+
+static krb5_error_code
+kcm_get_default_name_api(krb5_context context, char **str)
+{
+ return kcm_get_default_name(context, &krb5_akcm_ops,
+ KRB5_DEFAULT_CCNAME_KCM_API, str);
+}
+
+static krb5_error_code
+kcm_get_default_name_kcm(krb5_context context, char **str)
{
- return _krb5_expand_default_cc_name(context,
- KRB5_DEFAULT_CCNAME_KCM,
- str);
+ return kcm_get_default_name(context, &krb5_kcm_ops,
+ KRB5_DEFAULT_CCNAME_KCM_KCM, str);
+}
+
+static krb5_error_code
+kcm_set_default(krb5_context context, krb5_ccache id)
+{
+ krb5_error_code ret;
+ krb5_storage *request;
+ krb5_kcmcache *k = KCMCACHE(id);
+
+ ret = krb5_kcm_storage_request(context, KCM_OP_SET_DEFAULT_CACHE, &request);
+ if (ret)
+ return ret;
+
+ ret = krb5_store_stringz(request, k->name);
+ if (ret) {
+ krb5_storage_free(request);
+ return ret;
+ }
+
+ ret = krb5_kcm_call(context, request, NULL, NULL);
+ krb5_storage_free(request);
+
+ return ret;
}
static krb5_error_code
@@ -916,6 +1033,69 @@ kcm_lastchange(krb5_context context, krb5_ccache id, krb5_timestamp *mtime)
return 0;
}
+static krb5_error_code
+kcm_set_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat kdc_offset)
+{
+ krb5_kcmcache *k = KCMCACHE(id);
+ krb5_error_code ret;
+ krb5_storage *request;
+
+ ret = krb5_kcm_storage_request(context, KCM_OP_SET_KDC_OFFSET, &request);
+ if (ret)
+ return ret;
+
+ ret = krb5_store_stringz(request, k->name);
+ if (ret) {
+ krb5_storage_free(request);
+ return ret;
+ }
+ ret = krb5_store_int32(request, kdc_offset);
+ if (ret) {
+ krb5_storage_free(request);
+ return ret;
+ }
+
+ ret = krb5_kcm_call(context, request, NULL, NULL);
+ krb5_storage_free(request);
+
+ return ret;
+}
+
+static krb5_error_code
+kcm_get_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat *kdc_offset)
+{
+ krb5_kcmcache *k = KCMCACHE(id);
+ krb5_error_code ret;
+ krb5_storage *request, *response;
+ krb5_data response_data;
+ int32_t offset;
+
+ ret = krb5_kcm_storage_request(context, KCM_OP_GET_KDC_OFFSET, &request);
+ if (ret)
+ return ret;
+
+ ret = krb5_store_stringz(request, k->name);
+ if (ret) {
+ krb5_storage_free(request);
+ return ret;
+ }
+
+ ret = krb5_kcm_call(context, request, &response, &response_data);
+ krb5_storage_free(request);
+ if (ret)
+ return ret;
+
+ ret = krb5_ret_int32(response, &offset);
+ krb5_storage_free(response);
+ krb5_data_free(&response_data);
+ if (ret)
+ return ret;
+
+ *kdc_offset = offset;
+
+ return 0;
+}
+
/**
* Variable containing the KCM based credential cache implemention.
*
@@ -932,7 +1112,7 @@ KRB5_LIB_VARIABLE const krb5_cc_ops krb5_kcm_ops = {
kcm_destroy,
kcm_close,
kcm_store_cred,
- kcm_retrieve,
+ NULL /* kcm_retrieve */,
kcm_get_principal,
kcm_get_first,
kcm_get_next,
@@ -940,15 +1120,45 @@ KRB5_LIB_VARIABLE const krb5_cc_ops krb5_kcm_ops = {
kcm_remove_cred,
kcm_set_flags,
kcm_get_version,
- NULL,
- NULL,
- NULL,
+ kcm_get_cache_first,
+ kcm_get_cache_next_kcm,
+ kcm_end_cache_get,
kcm_move,
- kcm_default_name,
- NULL,
+ kcm_get_default_name_kcm,
+ kcm_set_default,
+ kcm_lastchange,
+ kcm_set_kdc_offset,
+ kcm_get_kdc_offset
+};
+
+KRB5_LIB_VARIABLE const krb5_cc_ops krb5_akcm_ops = {
+ KRB5_CC_OPS_VERSION,
+ "API",
+ kcm_get_name,
+ kcm_resolve,
+ kcm_gen_new,
+ kcm_initialize,
+ kcm_destroy,
+ kcm_close,
+ kcm_store_cred,
+ NULL /* kcm_retrieve */,
+ kcm_get_principal,
+ kcm_get_first,
+ kcm_get_next,
+ kcm_end_get,
+ kcm_remove_cred,
+ kcm_set_flags,
+ kcm_get_version,
+ kcm_get_cache_first,
+ kcm_get_cache_next_api,
+ kcm_end_cache_get,
+ kcm_move,
+ kcm_get_default_name_api,
+ kcm_set_default,
kcm_lastchange
};
+
krb5_boolean
_krb5_kcm_is_running(krb5_context context)
{
@@ -979,14 +1189,13 @@ _krb5_kcm_noop(krb5_context context,
krb5_ccache id)
{
krb5_error_code ret;
- krb5_kcmcache *k = KCMCACHE(id);
krb5_storage *request;
- ret = kcm_storage_request(context, KCM_OP_NOOP, &request);
+ ret = krb5_kcm_storage_request(context, KCM_OP_NOOP, &request);
if (ret)
return ret;
- ret = kcm_call(context, k, request, NULL, NULL);
+ ret = krb5_kcm_call(context, request, NULL, NULL);
krb5_storage_free(request);
return ret;
@@ -1010,7 +1219,7 @@ _krb5_kcm_chmod(krb5_context context,
krb5_kcmcache *k = KCMCACHE(id);
krb5_storage *request;
- ret = kcm_storage_request(context, KCM_OP_CHMOD, &request);
+ ret = krb5_kcm_storage_request(context, KCM_OP_CHMOD, &request);
if (ret)
return ret;
@@ -1026,7 +1235,7 @@ _krb5_kcm_chmod(krb5_context context,
return ret;
}
- ret = kcm_call(context, k, request, NULL, NULL);
+ ret = krb5_kcm_call(context, request, NULL, NULL);
krb5_storage_free(request);
return ret;
@@ -1052,7 +1261,7 @@ _krb5_kcm_chown(krb5_context context,
krb5_kcmcache *k = KCMCACHE(id);
krb5_storage *request;
- ret = kcm_storage_request(context, KCM_OP_CHOWN, &request);
+ ret = krb5_kcm_storage_request(context, KCM_OP_CHOWN, &request);
if (ret)
return ret;
@@ -1074,7 +1283,7 @@ _krb5_kcm_chown(krb5_context context,
return ret;
}
- ret = kcm_call(context, k, request, NULL, NULL);
+ ret = krb5_kcm_call(context, request, NULL, NULL);
krb5_storage_free(request);
return ret;
@@ -1101,7 +1310,7 @@ _krb5_kcm_get_initial_ticket(krb5_context context,
krb5_error_code ret;
krb5_storage *request;
- ret = kcm_storage_request(context, KCM_OP_GET_INITIAL_TICKET, &request);
+ ret = krb5_kcm_storage_request(context, KCM_OP_GET_INITIAL_TICKET, &request);
if (ret)
return ret;
@@ -1131,7 +1340,7 @@ _krb5_kcm_get_initial_ticket(krb5_context context,
return ret;
}
- ret = kcm_call(context, k, request, NULL, NULL);
+ ret = krb5_kcm_call(context, request, NULL, NULL);
krb5_storage_free(request);
return ret;
@@ -1159,7 +1368,7 @@ _krb5_kcm_get_ticket(krb5_context context,
krb5_kcmcache *k = KCMCACHE(id);
krb5_storage *request;
- ret = kcm_storage_request(context, KCM_OP_GET_TICKET, &request);
+ ret = krb5_kcm_storage_request(context, KCM_OP_GET_TICKET, &request);
if (ret)
return ret;
@@ -1187,7 +1396,7 @@ _krb5_kcm_get_ticket(krb5_context context,
return ret;
}
- ret = kcm_call(context, k, request, NULL, NULL);
+ ret = krb5_kcm_call(context, request, NULL, NULL);
krb5_storage_free(request);
return ret;
diff --git a/source4/heimdal/lib/krb5/keyblock.c b/source4/heimdal/lib/krb5/keyblock.c
index 046caee6d6..2d57e301d5 100644
--- a/source4/heimdal/lib/krb5/keyblock.c
+++ b/source4/heimdal/lib/krb5/keyblock.c
@@ -41,7 +41,7 @@
* @ingroup krb5_crypto
*/
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_keyblock_zero(krb5_keyblock *keyblock)
{
keyblock->keytype = 0;
@@ -57,7 +57,7 @@ krb5_keyblock_zero(krb5_keyblock *keyblock)
* @ingroup krb5_crypto
*/
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_free_keyblock_contents(krb5_context context,
krb5_keyblock *keyblock)
{
@@ -79,7 +79,7 @@ krb5_free_keyblock_contents(krb5_context context,
* @ingroup krb5_crypto
*/
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_free_keyblock(krb5_context context,
krb5_keyblock *keyblock)
{
@@ -102,7 +102,7 @@ krb5_free_keyblock(krb5_context context,
* @ingroup krb5_crypto
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_copy_keyblock_contents (krb5_context context,
const krb5_keyblock *inblock,
krb5_keyblock *to)
@@ -124,7 +124,7 @@ krb5_copy_keyblock_contents (krb5_context context,
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_copy_keyblock (krb5_context context,
const krb5_keyblock *inblock,
krb5_keyblock **to)
@@ -170,7 +170,7 @@ krb5_keyblock_get_enctype(const krb5_keyblock *block)
* @ingroup krb5_crypto
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_keyblock_init(krb5_context context,
krb5_enctype type,
const void *data,
diff --git a/source4/heimdal/lib/krb5/keytab.c b/source4/heimdal/lib/krb5/keytab.c
index fcc74e847e..79b079a056 100644
--- a/source4/heimdal/lib/krb5/keytab.c
+++ b/source4/heimdal/lib/krb5/keytab.c
@@ -143,7 +143,7 @@ main (int argc, char **argv)
* @ingroup krb5_keytab
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_kt_register(krb5_context context,
const krb5_kt_ops *ops)
{
@@ -183,7 +183,7 @@ krb5_kt_register(krb5_context context,
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_kt_resolve(krb5_context context,
const char *name,
krb5_keytab *id)
@@ -244,7 +244,7 @@ krb5_kt_resolve(krb5_context context,
* @ingroup krb5_keytab
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_kt_default_name(krb5_context context, char *name, size_t namesize)
{
if (strlcpy (name, context->default_keytab, namesize) >= namesize) {
@@ -266,7 +266,7 @@ krb5_kt_default_name(krb5_context context, char *name, size_t namesize)
* @ingroup krb5_keytab
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_kt_default_modify_name(krb5_context context, char *name, size_t namesize)
{
const char *kt = NULL;
@@ -303,7 +303,7 @@ krb5_kt_default_modify_name(krb5_context context, char *name, size_t namesize)
* @ingroup krb5_keytab
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_kt_default(krb5_context context, krb5_keytab *id)
{
return krb5_kt_resolve (context, context->default_keytab, id);
@@ -325,7 +325,7 @@ krb5_kt_default(krb5_context context, krb5_keytab *id)
* @ingroup krb5_keytab
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_kt_read_service_key(krb5_context context,
krb5_pointer keyprocarg,
krb5_principal principal,
@@ -368,7 +368,7 @@ krb5_kt_read_service_key(krb5_context context,
* @ingroup krb5_keytab
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_kt_get_type(krb5_context context,
krb5_keytab keytab,
char *prefix,
@@ -391,7 +391,7 @@ krb5_kt_get_type(krb5_context context,
* @ingroup krb5_keytab
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_kt_get_name(krb5_context context,
krb5_keytab keytab,
char *name,
@@ -414,7 +414,7 @@ krb5_kt_get_name(krb5_context context,
* @ingroup krb5_keytab
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_kt_get_full_name(krb5_context context,
krb5_keytab keytab,
char **str)
@@ -454,7 +454,7 @@ krb5_kt_get_full_name(krb5_context context,
* @ingroup krb5_keytab
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_kt_close(krb5_context context,
krb5_keytab id)
{
@@ -478,7 +478,7 @@ krb5_kt_close(krb5_context context,
* @ingroup krb5_keytab
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_kt_destroy(krb5_context context,
krb5_keytab id)
{
@@ -523,7 +523,7 @@ compare_aliseses(krb5_context context,
* @ingroup krb5_keytab
*/
-krb5_boolean KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_kt_compare(krb5_context context,
krb5_keytab_entry *entry,
krb5_const_principal principal,
@@ -590,7 +590,7 @@ _krb5_kt_principal_not_found(krb5_context context,
* @ingroup krb5_keytab
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_kt_get_entry(krb5_context context,
krb5_keytab id,
krb5_const_principal principal,
@@ -651,7 +651,7 @@ krb5_kt_get_entry(krb5_context context,
* @ingroup krb5_keytab
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_kt_copy_entry_contents(krb5_context context,
const krb5_keytab_entry *in,
krb5_keytab_entry *out)
@@ -687,7 +687,7 @@ fail:
* @ingroup krb5_keytab
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_kt_free_entry(krb5_context context,
krb5_keytab_entry *entry)
{
@@ -709,7 +709,7 @@ krb5_kt_free_entry(krb5_context context,
* @ingroup krb5_keytab
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_kt_start_seq_get(krb5_context context,
krb5_keytab id,
krb5_kt_cursor *cursor)
@@ -738,7 +738,7 @@ krb5_kt_start_seq_get(krb5_context context,
* @ingroup krb5_keytab
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_kt_next_entry(krb5_context context,
krb5_keytab id,
krb5_keytab_entry *entry,
@@ -766,7 +766,7 @@ krb5_kt_next_entry(krb5_context context,
* @ingroup krb5_keytab
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_kt_end_seq_get(krb5_context context,
krb5_keytab id,
krb5_kt_cursor *cursor)
@@ -792,7 +792,7 @@ krb5_kt_end_seq_get(krb5_context context,
* @ingroup krb5_keytab
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_kt_add_entry(krb5_context context,
krb5_keytab id,
krb5_keytab_entry *entry)
@@ -820,7 +820,7 @@ krb5_kt_add_entry(krb5_context context,
* @ingroup krb5_keytab
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_kt_remove_entry(krb5_context context,
krb5_keytab id,
krb5_keytab_entry *entry)
diff --git a/source4/heimdal/lib/krb5/krb5-v4compat.h b/source4/heimdal/lib/krb5/krb5-v4compat.h
index dde5fa9cad..324c8c1d3c 100644
--- a/source4/heimdal/lib/krb5/krb5-v4compat.h
+++ b/source4/heimdal/lib/krb5/krb5-v4compat.h
@@ -105,8 +105,12 @@ struct credentials {
#define CLOCK_SKEW 5*60
#ifndef TKT_ROOT
+#ifdef KRB5_USE_PATH_TOKENS
+#define TKT_ROOT "%{TEMP}/tkt"
+#else
#define TKT_ROOT "/tmp/tkt"
#endif
+#endif
struct _krb5_krb_auth_data {
int8_t k_flags; /* Flags from ticket */
@@ -120,11 +124,18 @@ struct _krb5_krb_auth_data {
uint32_t address; /* Address in ticket */
};
-time_t _krb5_krb_life_to_time (int, int);
-int _krb5_krb_time_to_life (time_t, time_t);
-krb5_error_code _krb5_krb_tf_setup (krb5_context, struct credentials *,
- const char *, int);
-krb5_error_code _krb5_krb_dest_tkt(krb5_context, const char *);
+KRB5_LIB_FUNCTION time_t KRB5_LIB_CALL
+_krb5_krb_life_to_time (int, int);
+
+KRB5_LIB_FUNCTION int KRB5_LIB_CALL
+_krb5_krb_time_to_life (time_t, time_t);
+
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
+_krb5_krb_tf_setup (krb5_context, struct credentials *,
+ const char *, int);
+
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
+_krb5_krb_dest_tkt(krb5_context, const char *);
#define krb_time_to_life _krb5_krb_time_to_life
#define krb_life_to_time _krb5_krb_life_to_time
diff --git a/source4/heimdal/lib/krb5/krb5.h b/source4/heimdal/lib/krb5/krb5.h
index 1f2e769728..c810b8bc74 100644
--- a/source4/heimdal/lib/krb5/krb5.h
+++ b/source4/heimdal/lib/krb5/krb5.h
@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -301,7 +303,15 @@ typedef AP_REQ krb5_ap_req;
struct krb5_cc_ops;
+#ifdef _WIN32
+#define KRB5_USE_PATH_TOKENS 1
+#endif
+
+#ifdef KRB5_USE_PATH_TOKENS
+#define KRB5_DEFAULT_CCFILE_ROOT "%{TEMP}/krb5cc_"
+#else
#define KRB5_DEFAULT_CCFILE_ROOT "/tmp/krb5cc_"
+#endif
#define KRB5_DEFAULT_CCROOT "FILE:" KRB5_DEFAULT_CCFILE_ROOT
@@ -311,7 +321,7 @@ struct krb5_cc_ops;
NULL)
typedef void *krb5_cc_cursor;
-typedef struct krb5_cccol_cursor *krb5_cccol_cursor;
+typedef struct krb5_cccol_cursor_data *krb5_cccol_cursor;
typedef struct krb5_ccache_data {
const struct krb5_cc_ops *ops;
@@ -412,7 +422,7 @@ typedef struct krb5_creds {
typedef struct krb5_cc_cache_cursor_data *krb5_cc_cache_cursor;
-#define KRB5_CC_OPS_VERSION 2
+#define KRB5_CC_OPS_VERSION 3
typedef struct krb5_cc_ops {
int version;
@@ -442,6 +452,8 @@ typedef struct krb5_cc_ops {
krb5_error_code (*get_default_name)(krb5_context, char **);
krb5_error_code (*set_default)(krb5_context, krb5_ccache);
krb5_error_code (*lastchange)(krb5_context, krb5_ccache, krb5_timestamp *);
+ krb5_error_code (*set_kdc_offset)(krb5_context, krb5_ccache, krb5_deltat);
+ krb5_error_code (*get_kdc_offset)(krb5_context, krb5_ccache, krb5_deltat *);
} krb5_cc_ops;
struct krb5_log_facility;
@@ -834,6 +846,7 @@ extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_acc_ops;
extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_fcc_ops;
extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_mcc_ops;
extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_kcm_ops;
+extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_akcm_ops;
extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_scc_ops;
extern KRB5_LIB_VARIABLE const krb5_kt_ops krb5_fkt_ops;
diff --git a/source4/heimdal/lib/krb5/krb5_locl.h b/source4/heimdal/lib/krb5/krb5_locl.h
index d436215769..6acaa2c66b 100644
--- a/source4/heimdal/lib/krb5/krb5_locl.h
+++ b/source4/heimdal/lib/krb5/krb5_locl.h
@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -45,6 +47,8 @@
#include <stdlib.h>
#include <limits.h>
+#include <krb5-types.h>
+
#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
@@ -114,6 +118,8 @@ struct sockaddr_dl;
#include <sys/file.h>
#endif
+#include <com_err.h>
+
#define HEIMDAL_TEXTDOMAIN "heimdal_krb5"
#ifdef LIBINTL
@@ -136,8 +142,6 @@ struct sockaddr_dl;
#include <door.h>
#endif
-#include <com_err.h>
-
#include <roken.h>
#include <parse_time.h>
#include <base64.h>
@@ -183,6 +187,7 @@ struct _krb5_krb_auth_data;
#define KEYTAB_DEFAULT "FILE:" SYSCONFDIR "/krb5.keytab"
#define KEYTAB_DEFAULT_MODIFY "FILE:" SYSCONFDIR "/krb5.keytab"
+
#define MODULI_FILE SYSCONFDIR "/krb5.moduli"
#ifndef O_BINARY
@@ -219,6 +224,7 @@ struct _krb5_get_init_creds_opt_private {
int flags;
#define KRB5_INIT_CREDS_CANONICALIZE 1
#define KRB5_INIT_CREDS_NO_C_CANON_CHECK 2
+#define KRB5_INIT_CREDS_NO_C_NO_EKU_CHECK 4
struct {
krb5_gic_process_last_req func;
void *ctx;
@@ -267,20 +273,27 @@ typedef struct krb5_context_data {
#define KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME 1
#define KRB5_CTX_F_CHECK_PAC 2
#define KRB5_CTX_F_HOMEDIR_ACCESS 4
+#define KRB5_CTX_F_SOCKETS_INITIALIZED 8
struct send_to_kdc *send_to_kdc;
#ifdef PKINIT
hx509_context hx509ctx;
#endif
} krb5_context_data;
+#ifndef KRB5_USE_PATH_TOKENS
#define KRB5_DEFAULT_CCNAME_FILE "FILE:/tmp/krb5cc_%{uid}"
+#else
+#define KRB5_DEFAULT_CCNAME_FILE "FILE:%{TEMP}/krb5cc_%{uid}"
+#endif
#define KRB5_DEFAULT_CCNAME_API "API:"
-#define KRB5_DEFAULT_CCNAME_KCM "KCM:%{uid}"
+#define KRB5_DEFAULT_CCNAME_KCM_KCM "KCM:%{uid}"
+#define KRB5_DEFAULT_CCNAME_KCM_API "API:%{uid}"
#define EXTRACT_TICKET_ALLOW_CNAME_MISMATCH 1
#define EXTRACT_TICKET_ALLOW_SERVER_MISMATCH 2
#define EXTRACT_TICKET_MATCH_REALM 4
#define EXTRACT_TICKET_AS_REQ 8
+#define EXTRACT_TICKET_TIMESYNC 16
/*
* Configurable options
@@ -298,6 +311,10 @@ typedef struct krb5_context_data {
#define KRB5_ADDRESSLESS_DEFAULT TRUE
#endif
+#ifndef KRB5_FORWARDABLE_DEFAULT
+#define KRB5_FORWARDABLE_DEFAULT TRUE
+#endif
+
#ifdef PKINIT
struct krb5_pk_identity {
@@ -307,6 +324,8 @@ struct krb5_pk_identity {
hx509_certs anchors;
hx509_certs certpool;
hx509_revoke_ctx revokectx;
+ int flags;
+#define PKINIT_BTMM 1
};
enum krb5_pk_type {
diff --git a/source4/heimdal/lib/krb5/krbhst.c b/source4/heimdal/lib/krb5/krbhst.c
index 4e4b4562e5..3bb00d287d 100644
--- a/source4/heimdal/lib/krb5/krbhst.c
+++ b/source4/heimdal/lib/krb5/krbhst.c
@@ -320,7 +320,7 @@ append_host_string(krb5_context context, struct krb5_krbhst_data *kd,
* return a readable representation of `host' in `hostname, hostlen'
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_krbhst_format_string(krb5_context context, const krb5_krbhst_info *host,
char *hostname, size_t hostlen)
{
@@ -361,7 +361,7 @@ make_hints(struct addrinfo *hints, int proto)
* in `host'. free:ing is handled by krb5_krbhst_free.
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_krbhst_get_addrinfo(krb5_context context, krb5_krbhst_info *host,
struct addrinfo **ai)
{
@@ -857,7 +857,7 @@ common_init(krb5_context context,
* initialize `handle' to look for hosts of type `type' in realm `realm'
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_krbhst_init(krb5_context context,
const char *realm,
unsigned int type,
@@ -866,7 +866,7 @@ krb5_krbhst_init(krb5_context context,
return krb5_krbhst_init_flags(context, realm, type, 0, handle);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_krbhst_init_flags(krb5_context context,
const char *realm,
unsigned int type,
@@ -919,7 +919,7 @@ krb5_krbhst_init_flags(krb5_context context,
* return the next host information from `handle' in `host'
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_krbhst_next(krb5_context context,
krb5_krbhst_handle handle,
krb5_krbhst_info **host)
@@ -935,7 +935,7 @@ krb5_krbhst_next(krb5_context context,
* in `hostname' (or length `hostlen)
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_krbhst_next_as_string(krb5_context context,
krb5_krbhst_handle handle,
char *hostname,
@@ -950,13 +950,13 @@ krb5_krbhst_next_as_string(krb5_context context,
}
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_krbhst_reset(krb5_context context, krb5_krbhst_handle handle)
{
handle->index = &handle->hosts;
}
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_krbhst_free(krb5_context context, krb5_krbhst_handle handle)
{
krb5_krbhst_info *h, *next;
@@ -1021,7 +1021,7 @@ gethostlist(krb5_context context, const char *realm,
* return an malloced list of kadmin-hosts for `realm' in `hostlist'
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_krb_admin_hst (krb5_context context,
const krb5_realm *realm,
char ***hostlist)
@@ -1033,7 +1033,7 @@ krb5_get_krb_admin_hst (krb5_context context,
* return an malloced list of changepw-hosts for `realm' in `hostlist'
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_krb_changepw_hst (krb5_context context,
const krb5_realm *realm,
char ***hostlist)
@@ -1045,7 +1045,7 @@ krb5_get_krb_changepw_hst (krb5_context context,
* return an malloced list of 524-hosts for `realm' in `hostlist'
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_krb524hst (krb5_context context,
const krb5_realm *realm,
char ***hostlist)
@@ -1058,7 +1058,7 @@ krb5_get_krb524hst (krb5_context context,
* return an malloced list of KDC's for `realm' in `hostlist'
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_krbhst (krb5_context context,
const krb5_realm *realm,
char ***hostlist)
@@ -1070,7 +1070,7 @@ krb5_get_krbhst (krb5_context context,
* free all the memory allocated in `hostlist'
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_free_krbhst (krb5_context context,
char **hostlist)
{
diff --git a/source4/heimdal/lib/krb5/log.c b/source4/heimdal/lib/krb5/log.c
index 9f81460973..55c70fc96a 100644
--- a/source4/heimdal/lib/krb5/log.c
+++ b/source4/heimdal/lib/krb5/log.c
@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -113,7 +115,7 @@ find_value(const char *s, struct s2i *table)
return table->val;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_initlog(krb5_context context,
const char *program,
krb5_log_facility **fac)
@@ -135,7 +137,7 @@ krb5_initlog(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_addlog_func(krb5_context context,
krb5_log_facility *fac,
int min,
@@ -268,7 +270,7 @@ open_file(krb5_context context, krb5_log_facility *fac, int min, int max,
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *orig)
{
krb5_error_code ret = 0;
@@ -359,7 +361,7 @@ krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *orig)
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_openlog(krb5_context context,
const char *program,
krb5_log_facility **fac)
@@ -383,7 +385,7 @@ krb5_openlog(krb5_context context,
return ret;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_closelog(krb5_context context,
krb5_log_facility *fac)
{
@@ -402,7 +404,7 @@ krb5_closelog(krb5_context context,
#undef __attribute__
#define __attribute__(X)
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_vlog_msg(krb5_context context,
krb5_log_facility *fac,
char **reply,
@@ -441,7 +443,7 @@ krb5_vlog_msg(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_vlog(krb5_context context,
krb5_log_facility *fac,
int level,
@@ -452,7 +454,7 @@ krb5_vlog(krb5_context context,
return krb5_vlog_msg(context, fac, NULL, level, fmt, ap);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_log_msg(krb5_context context,
krb5_log_facility *fac,
int level,
@@ -471,7 +473,7 @@ krb5_log_msg(krb5_context context,
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_log(krb5_context context,
krb5_log_facility *fac,
int level,
@@ -504,3 +506,11 @@ _krb5_debug(krb5_context context,
krb5_vlog(context, context->debug_dest, level, fmt, ap);
va_end(ap);
}
+
+krb5_boolean KRB5_LIB_FUNCTION
+_krb5_have_debug(krb5_context context, int level)
+{
+ if (context == NULL || context->debug_dest == NULL)
+ return 0 ;
+ return 1;
+}
diff --git a/source4/heimdal/lib/krb5/mcache.c b/source4/heimdal/lib/krb5/mcache.c
index 78ef68db3d..cdafc67bae 100644
--- a/source4/heimdal/lib/krb5/mcache.c
+++ b/source4/heimdal/lib/krb5/mcache.c
@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -44,6 +46,7 @@ typedef struct krb5_mcache {
} *creds;
struct krb5_mcache *next;
time_t mtime;
+ krb5_deltat kdc_offset;
} krb5_mcache;
static HEIMDAL_MUTEX mcc_mutex = HEIMDAL_MUTEX_INITIALIZER;
@@ -93,6 +96,7 @@ mcc_alloc(const char *name)
m->primary_principal = NULL;
m->creds = NULL;
m->mtime = time(NULL);
+ m->kdc_offset = 0;
m->next = mcc_head;
mcc_head = m;
HEIMDAL_MUTEX_unlock(&mcc_mutex);
@@ -462,6 +466,22 @@ mcc_lastchange(krb5_context context, krb5_ccache id, krb5_timestamp *mtime)
return 0;
}
+static krb5_error_code
+mcc_set_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat kdc_offset)
+{
+ krb5_mcache *m = MCACHE(id);
+ m->kdc_offset = kdc_offset;
+ return 0;
+}
+
+static krb5_error_code
+mcc_get_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat *kdc_offset)
+{
+ krb5_mcache *m = MCACHE(id);
+ *kdc_offset = m->kdc_offset;
+ return 0;
+}
+
/**
* Variable containing the MEMORY based credential cache implemention.
@@ -493,5 +513,7 @@ KRB5_LIB_VARIABLE const krb5_cc_ops krb5_mcc_ops = {
mcc_move,
mcc_default_name,
NULL,
- mcc_lastchange
+ mcc_lastchange,
+ mcc_set_kdc_offset,
+ mcc_get_kdc_offset
};
diff --git a/source4/heimdal/lib/krb5/misc.c b/source4/heimdal/lib/krb5/misc.c
index e47383880c..b76c1b584d 100644
--- a/source4/heimdal/lib/krb5/misc.c
+++ b/source4/heimdal/lib/krb5/misc.c
@@ -33,7 +33,7 @@
#include "krb5_locl.h"
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_s4u2self_to_checksumdata(krb5_context context,
const PA_S4U2Self *self,
krb5_data *data)
diff --git a/source4/heimdal/lib/krb5/mit_glue.c b/source4/heimdal/lib/krb5/mit_glue.c
index dab5c6046a..0ff3d7f3c6 100644
--- a/source4/heimdal/lib/krb5/mit_glue.c
+++ b/source4/heimdal/lib/krb5/mit_glue.c
@@ -41,7 +41,7 @@
* Glue for MIT API
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_c_make_checksum(krb5_context context,
krb5_cksumtype cksumtype,
const krb5_keyblock *key,
@@ -63,7 +63,7 @@ krb5_c_make_checksum(krb5_context context,
return ret ;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_c_verify_checksum(krb5_context context, const krb5_keyblock *key,
krb5_keyusage usage, const krb5_data *data,
const krb5_checksum *cksum, krb5_boolean *valid)
@@ -80,7 +80,7 @@ krb5_c_verify_checksum(krb5_context context, const krb5_keyblock *key,
if (data_cksum.cksumtype == cksum->cksumtype
&& data_cksum.checksum.length == cksum->checksum.length
- && memcmp(data_cksum.checksum.data, cksum->checksum.data, cksum->checksum.length) == 0)
+ && ct_memcmp(data_cksum.checksum.data, cksum->checksum.data, cksum->checksum.length) == 0)
*valid = 1;
krb5_free_checksum_contents(context, &data_cksum);
@@ -88,7 +88,7 @@ krb5_c_verify_checksum(krb5_context context, const krb5_keyblock *key,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_c_get_checksum(krb5_context context, const krb5_checksum *cksum,
krb5_cksumtype *type, krb5_data **data)
{
@@ -111,7 +111,7 @@ krb5_c_get_checksum(krb5_context context, const krb5_checksum *cksum,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_c_set_checksum(krb5_context context, krb5_checksum *cksum,
krb5_cksumtype type, const krb5_data *data)
{
@@ -119,51 +119,51 @@ krb5_c_set_checksum(krb5_context context, krb5_checksum *cksum,
return der_copy_octet_string(data, &cksum->checksum);
}
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_free_checksum (krb5_context context, krb5_checksum *cksum)
{
krb5_checksum_free(context, cksum);
free(cksum);
}
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_free_checksum_contents(krb5_context context, krb5_checksum *cksum)
{
krb5_checksum_free(context, cksum);
memset(cksum, 0, sizeof(*cksum));
}
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_checksum_free(krb5_context context, krb5_checksum *cksum)
{
free_Checksum(cksum);
}
-krb5_boolean KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_c_valid_enctype (krb5_enctype etype)
{
return krb5_enctype_valid(NULL, etype);
}
-krb5_boolean KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_c_valid_cksumtype(krb5_cksumtype ctype)
{
return krb5_cksumtype_valid(NULL, ctype);
}
-krb5_boolean KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_c_is_coll_proof_cksum(krb5_cksumtype ctype)
{
return krb5_checksum_is_collision_proof(NULL, ctype);
}
-krb5_boolean KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_c_is_keyed_cksum(krb5_cksumtype ctype)
{
return krb5_checksum_is_keyed(NULL, ctype);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_copy_checksum (krb5_context context,
const krb5_checksum *old,
krb5_checksum **new)
@@ -174,14 +174,14 @@ krb5_copy_checksum (krb5_context context,
return copy_Checksum(old, *new);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_c_checksum_length (krb5_context context, krb5_cksumtype cksumtype,
size_t *length)
{
return krb5_checksumsize(context, cksumtype, length);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_c_block_size(krb5_context context,
krb5_enctype enctype,
size_t *blocksize)
@@ -204,7 +204,7 @@ krb5_c_block_size(krb5_context context,
return ret;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_c_decrypt(krb5_context context,
const krb5_keyblock key,
krb5_keyusage usage,
@@ -244,7 +244,7 @@ krb5_c_decrypt(krb5_context context,
return ret ;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_c_encrypt(krb5_context context,
const krb5_keyblock *key,
krb5_keyusage usage,
@@ -286,7 +286,7 @@ krb5_c_encrypt(krb5_context context,
return ret ;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_c_encrypt_length(krb5_context context,
krb5_enctype enctype,
size_t inputlen,
@@ -311,18 +311,24 @@ krb5_c_encrypt_length(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+/**
+ * Deprecated: keytypes doesn't exists, they are really enctypes.
+ *
+ * @ingroup krb5_deprecated
+ */
+
+KRB5_DEPRECATED
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_c_enctype_compare(krb5_context context,
krb5_enctype e1,
krb5_enctype e2,
krb5_boolean *similar)
- KRB5_DEPRECATED
{
*similar = (e1 == e2);
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_c_make_random_key(krb5_context context,
krb5_enctype enctype,
krb5_keyblock *random_key)
@@ -330,7 +336,7 @@ krb5_c_make_random_key(krb5_context context,
return krb5_generate_random_keyblock(context, enctype, random_key);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_c_keylengths(krb5_context context,
krb5_enctype enctype,
size_t *ilen,
@@ -345,7 +351,7 @@ krb5_c_keylengths(krb5_context context,
return krb5_enctype_keysize(context, enctype, keylen);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_c_prf_length(krb5_context context,
krb5_enctype type,
size_t *length)
@@ -353,7 +359,7 @@ krb5_c_prf_length(krb5_context context,
return krb5_crypto_prf_length(context, type, length);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_c_prf(krb5_context context,
const krb5_keyblock *key,
const krb5_data *input,
@@ -378,7 +384,7 @@ krb5_c_prf(krb5_context context,
* @ingroup krb5_ccache
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_copy_creds(krb5_context context,
const krb5_ccache from,
krb5_ccache to)
diff --git a/source4/heimdal/lib/krb5/mk_error.c b/source4/heimdal/lib/krb5/mk_error.c
index 0de30e4ddb..a837b5e290 100644
--- a/source4/heimdal/lib/krb5/mk_error.c
+++ b/source4/heimdal/lib/krb5/mk_error.c
@@ -33,7 +33,7 @@
#include "krb5_locl.h"
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_mk_error(krb5_context context,
krb5_error_code error_code,
const char *e_text,
diff --git a/source4/heimdal/lib/krb5/mk_priv.c b/source4/heimdal/lib/krb5/mk_priv.c
index 40f09ae33f..833821341d 100644
--- a/source4/heimdal/lib/krb5/mk_priv.c
+++ b/source4/heimdal/lib/krb5/mk_priv.c
@@ -31,9 +31,9 @@
* SUCH DAMAGE.
*/
-#include <krb5_locl.h>
+#include "krb5_locl.h"
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_mk_priv(krb5_context context,
krb5_auth_context auth_context,
const krb5_data *userdata,
diff --git a/source4/heimdal/lib/krb5/mk_rep.c b/source4/heimdal/lib/krb5/mk_rep.c
index 8eef0ea652..2b9c3fbdbb 100644
--- a/source4/heimdal/lib/krb5/mk_rep.c
+++ b/source4/heimdal/lib/krb5/mk_rep.c
@@ -31,9 +31,9 @@
* SUCH DAMAGE.
*/
-#include <krb5_locl.h>
+#include "krb5_locl.h"
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_mk_rep(krb5_context context,
krb5_auth_context auth_context,
krb5_data *outbuf)
diff --git a/source4/heimdal/lib/krb5/mk_req.c b/source4/heimdal/lib/krb5/mk_req.c
index c87fa61293..44e6c8b68a 100644
--- a/source4/heimdal/lib/krb5/mk_req.c
+++ b/source4/heimdal/lib/krb5/mk_req.c
@@ -31,9 +31,9 @@
* SUCH DAMAGE.
*/
-#include <krb5_locl.h>
+#include "krb5_locl.h"
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_mk_req_exact(krb5_context context,
krb5_auth_context *auth_context,
const krb5_flags ap_req_options,
@@ -77,7 +77,7 @@ krb5_mk_req_exact(krb5_context context,
return ret;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_mk_req(krb5_context context,
krb5_auth_context *auth_context,
const krb5_flags ap_req_options,
diff --git a/source4/heimdal/lib/krb5/mk_req_ext.c b/source4/heimdal/lib/krb5/mk_req_ext.c
index 03fc93b02f..af68e4e195 100644
--- a/source4/heimdal/lib/krb5/mk_req_ext.c
+++ b/source4/heimdal/lib/krb5/mk_req_ext.c
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
-#include <krb5_locl.h>
+#include "krb5_locl.h"
krb5_error_code
_krb5_mk_req_internal(krb5_context context,
@@ -143,7 +143,7 @@ out:
return ret;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_mk_req_extended(krb5_context context,
krb5_auth_context *auth_context,
const krb5_flags ap_req_options,
diff --git a/source4/heimdal/lib/krb5/n-fold.c b/source4/heimdal/lib/krb5/n-fold.c
index 0623f6aae1..f94a1ea125 100644
--- a/source4/heimdal/lib/krb5/n-fold.c
+++ b/source4/heimdal/lib/krb5/n-fold.c
@@ -96,7 +96,7 @@ add1(unsigned char *a, unsigned char *b, size_t len)
}
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_n_fold(const void *str, size_t len, void *key, size_t size)
{
/* if len < size we need at most N * len bytes, ie < 2 * size;
diff --git a/source4/heimdal/lib/krb5/padata.c b/source4/heimdal/lib/krb5/padata.c
index aa08248ed1..283a857df5 100644
--- a/source4/heimdal/lib/krb5/padata.c
+++ b/source4/heimdal/lib/krb5/padata.c
@@ -42,7 +42,7 @@ krb5_find_padata(PA_DATA *val, unsigned len, int type, int *idx)
return NULL;
}
-int KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION int KRB5_LIB_CALL
krb5_padata_add(krb5_context context, METHOD_DATA *md,
int type, void *buf, size_t len)
{
diff --git a/source4/heimdal/lib/krb5/pkinit.c b/source4/heimdal/lib/krb5/pkinit.c
index 341f6a3ee9..6711c7702f 100644
--- a/source4/heimdal/lib/krb5/pkinit.c
+++ b/source4/heimdal/lib/krb5/pkinit.c
@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -89,7 +91,7 @@ pk_copy_error(krb5_context context,
*
*/
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
_krb5_pk_cert_free(struct krb5_pk_cert *cert)
{
if (cert->cert) {
@@ -180,18 +182,26 @@ static krb5_error_code
find_cert(krb5_context context, struct krb5_pk_identity *id,
hx509_query *q, hx509_cert *cert)
{
- struct certfind cf[3] = {
+ struct certfind cf[4] = {
+ { "MobileMe EKU" },
{ "PKINIT EKU" },
{ "MS EKU" },
{ "any (or no)" }
};
- int i, ret;
+ int i, ret, start = 1;
+ unsigned oids[] = { 1, 2, 840, 113635, 100, 3, 2, 1 };
+ const heim_oid mobileMe = { sizeof(oids)/sizeof(oids[0]), oids };
+
+
+ if (id->flags & PKINIT_BTMM)
+ start = 0;
- cf[0].oid = &asn1_oid_id_pkekuoid;
- cf[1].oid = &asn1_oid_id_pkinit_ms_eku;
- cf[2].oid = NULL;
+ cf[0].oid = &mobileMe;
+ cf[1].oid = &asn1_oid_id_pkekuoid;
+ cf[2].oid = &asn1_oid_id_pkinit_ms_eku;
+ cf[3].oid = NULL;
- for (i = 0; i < sizeof(cf)/sizeof(cf[0]); i++) {
+ for (i = start; i < sizeof(cf)/sizeof(cf[0]); i++) {
ret = hx509_query_match_eku(q, cf[i].oid);
if (ret) {
pk_copy_error(context, context->hx509ctx, ret,
@@ -344,7 +354,7 @@ build_edi(krb5_context context,
hx509_certs certs,
ExternalPrincipalIdentifiers *ids)
{
- return hx509_certs_iter(hx509ctx, certs, cert2epi, ids);
+ return hx509_certs_iter_f(hx509ctx, certs, cert2epi, ids);
}
static krb5_error_code
@@ -607,7 +617,7 @@ build_auth_pack(krb5_context context,
return ret;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_pk_mk_ContentInfo(krb5_context context,
const krb5_data *buf,
const heim_oid *oid,
@@ -797,9 +807,11 @@ pk_mk_padata(krb5_context context,
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_pk_mk_padata(krb5_context context,
void *c,
+ int ic_flags,
+ int win2k,
const KDC_REQ_BODY *req_body,
unsigned nonce,
METHOD_DATA *md)
@@ -814,7 +826,7 @@ _krb5_pk_mk_padata(krb5_context context,
}
win2k_compat = krb5_config_get_bool_default(context, NULL,
- FALSE,
+ win2k,
"realms",
req_body->realm,
"pkinit_win2k",
@@ -823,7 +835,7 @@ _krb5_pk_mk_padata(krb5_context context,
if (win2k_compat) {
ctx->require_binding =
krb5_config_get_bool_default(context, NULL,
- FALSE,
+ TRUE,
"realms",
req_body->realm,
"pkinit_win2k_require_binding",
@@ -839,6 +851,11 @@ _krb5_pk_mk_padata(krb5_context context,
req_body->realm,
"pkinit_require_eku",
NULL);
+ if (ic_flags & KRB5_INIT_CREDS_NO_C_NO_EKU_CHECK)
+ ctx->require_eku = 0;
+ if (ctx->id->flags & PKINIT_BTMM)
+ ctx->require_eku = 0;
+
ctx->require_krbtgt_otherName =
krb5_config_get_bool_default(context, NULL,
TRUE,
@@ -876,13 +893,20 @@ pk_verify_sign(krb5_context context,
struct krb5_pk_cert **signer)
{
hx509_certs signer_certs;
- int ret;
+ int ret, flags = 0;
+
+ /* BTMM is broken in Leo and SnowLeo */
+ if (id->flags & PKINIT_BTMM) {
+ flags |= HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH;
+ flags |= HX509_CMS_VS_NO_KU_CHECK;
+ flags |= HX509_CMS_VS_NO_VALIDATE;
+ }
*signer = NULL;
ret = hx509_cms_verify_signed(context->hx509ctx,
id->verify_ctx,
- HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH|HX509_CMS_VS_NO_KU_CHECK,
+ flags,
data,
length,
NULL,
@@ -1510,7 +1534,7 @@ pk_rd_pa_reply_dh(krb5_context context,
return ret;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_pk_rd_pa_reply(krb5_context context,
const char *realm,
void *c,
@@ -1549,9 +1573,11 @@ _krb5_pk_rd_pa_reply(krb5_context context,
switch (rep.element) {
case choice_PA_PK_AS_REP_dhInfo:
+ _krb5_debug(context, 5, "krb5_get_init_creds: using pkinit dh");
os = rep.u.dhInfo.dhSignedData;
break;
case choice_PA_PK_AS_REP_encKeyPack:
+ _krb5_debug(context, 5, "krb5_get_init_creds: using kinit enc reply key");
os = rep.u.encKeyPack;
break;
default: {
@@ -1559,6 +1585,8 @@ _krb5_pk_rd_pa_reply(krb5_context context,
free_PA_PK_AS_REP(&rep);
memset(&rep, 0, sizeof(rep));
+ _krb5_debug(context, 5, "krb5_get_init_creds: using BTMM kinit enc reply key");
+
ret = decode_PA_PK_AS_REP_BTMM(pa->padata_value.data,
pa->padata_value.length,
&btmm,
@@ -1727,6 +1755,7 @@ hx_pass_prompter(void *data, const hx509_prompt *prompter)
static krb5_error_code
_krb5_pk_set_user_id(krb5_context context,
+ krb5_principal principal,
krb5_pk_init_ctx ctx,
struct hx509_certs_data *certs)
{
@@ -1754,13 +1783,50 @@ _krb5_pk_set_user_id(krb5_context context,
hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY);
hx509_query_match_option(q, HX509_QUERY_OPTION_KU_DIGITALSIGNATURE);
+ if (principal && strncmp("LKDC:SHA1.", krb5_principal_get_realm(context, principal), 9) == 0) {
+ ctx->id->flags |= PKINIT_BTMM;
+ }
+
ret = find_cert(context, ctx->id, q, &ctx->id->cert);
hx509_query_free(context->hx509ctx, q);
+ if (ret == 0 && _krb5_have_debug(context, 2)) {
+ hx509_name name;
+ char *str, *sn;
+ heim_integer i;
+
+ ret = hx509_cert_get_subject(ctx->id->cert, &name);
+ if (ret)
+ goto out;
+
+ ret = hx509_name_to_string(name, &str);
+ hx509_name_free(&name);
+ if (ret)
+ goto out;
+
+ ret = hx509_cert_get_serialnumber(ctx->id->cert, &i);
+ if (ret) {
+ free(str);
+ goto out;
+ }
+
+ ret = der_print_hex_heim_integer(&i, &sn);
+ der_free_heim_integer(&i);
+ if (ret) {
+ free(name);
+ goto out;
+ }
+
+ _krb5_debug(context, 2, "using cert: subject: %s sn: %s", str, sn);
+ free(str);
+ free(sn);
+ }
+ out:
+
return ret;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_pk_load_id(krb5_context context,
struct krb5_pk_identity **ret_id,
const char *user_id,
@@ -1893,7 +1959,6 @@ _krb5_pk_load_id(krb5_context context,
hx509_certs_free(&id->anchors);
hx509_certs_free(&id->certpool);
hx509_revoke_free(&id->revokectx);
- hx509_context_free(&context->hx509ctx);
free(id);
} else
*ret_id = id;
@@ -2225,7 +2290,7 @@ _krb5_dh_group_ok(krb5_context context, unsigned long bits,
}
#endif /* PKINIT */
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
_krb5_get_init_creds_opt_free_pkinit(krb5_get_init_creds_opt *opt)
{
#ifdef PKINIT
@@ -2269,7 +2334,7 @@ _krb5_get_init_creds_opt_free_pkinit(krb5_get_init_creds_opt *opt)
#endif
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_init_creds_opt_set_pkinit(krb5_context context,
krb5_get_init_creds_opt *opt,
krb5_principal principal,
@@ -2344,6 +2409,7 @@ krb5_get_init_creds_opt_set_pkinit(krb5_context context,
if (opt->opt_private->pk_init_ctx->id->certs) {
_krb5_pk_set_user_id(context,
+ principal,
opt->opt_private->pk_init_ctx,
opt->opt_private->pk_init_ctx->id->certs);
} else
@@ -2404,7 +2470,7 @@ _krb5_get_init_creds_opt_set_pkinit_user_certs(krb5_context context,
return EINVAL;
}
- _krb5_pk_set_user_id(context, opt->opt_private->pk_init_ctx, certs);
+ _krb5_pk_set_user_id(context, NULL, opt->opt_private->pk_init_ctx, certs);
return 0;
#else
@@ -2461,7 +2527,7 @@ find_ms_san(hx509_context context, hx509_cert cert, void *ctx)
* Private since it need to be redesigned using krb5_get_init_creds()
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_pk_enterprise_cert(krb5_context context,
const char *user_id,
krb5_const_realm realm,
@@ -2480,7 +2546,7 @@ _krb5_pk_enterprise_cert(krb5_context context,
*res = NULL;
if (user_id == NULL) {
- krb5_clear_error_message(context);
+ krb5_set_error_message(context, ENOENT, "no user id");
return ENOENT;
}
@@ -2488,14 +2554,14 @@ _krb5_pk_enterprise_cert(krb5_context context,
if (ret) {
pk_copy_error(context, context->hx509ctx, ret,
"Failed to init cert certs");
- return ret;
+ goto out;
}
ret = hx509_query_alloc(context->hx509ctx, &q);
if (ret) {
krb5_set_error_message(context, ret, "out of memory");
hx509_certs_free(&certs);
- return ret;
+ goto out;
}
hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY);
diff --git a/source4/heimdal/lib/krb5/plugin.c b/source4/heimdal/lib/krb5/plugin.c
index 027f2a72a7..aa71e29b39 100644
--- a/source4/heimdal/lib/krb5/plugin.c
+++ b/source4/heimdal/lib/krb5/plugin.c
@@ -205,7 +205,7 @@ load_plugins(krb5_context context)
d = opendir(*di);
if (d == NULL)
continue;
- rk_cloexec(dirfd(d));
+ rk_cloexec_dir(d);
while ((entry = readdir(d)) != NULL) {
char *n = entry->d_name;
diff --git a/source4/heimdal/lib/krb5/principal.c b/source4/heimdal/lib/krb5/principal.c
index d854113a43..00c967a72e 100644
--- a/source4/heimdal/lib/krb5/principal.c
+++ b/source4/heimdal/lib/krb5/principal.c
@@ -76,7 +76,7 @@ host/admin@H5L.ORG
* @ingroup krb5_principal
*/
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_free_principal(krb5_context context,
krb5_principal p)
{
@@ -98,7 +98,7 @@ krb5_free_principal(krb5_context context,
* @ingroup krb5_principal
*/
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_principal_set_type(krb5_context context,
krb5_principal principal,
int type)
@@ -117,7 +117,7 @@ krb5_principal_set_type(krb5_context context,
* @ingroup krb5_principal
*/
-int KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION int KRB5_LIB_CALL
krb5_principal_get_type(krb5_context context,
krb5_const_principal principal)
{
@@ -135,14 +135,14 @@ krb5_principal_get_type(krb5_context context,
* @ingroup krb5_principal
*/
-const char* KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
krb5_principal_get_realm(krb5_context context,
krb5_const_principal principal)
{
return princ_realm(principal);
}
-const char* KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
krb5_principal_get_comp_string(krb5_context context,
krb5_const_principal principal,
unsigned int component)
@@ -163,7 +163,7 @@ krb5_principal_get_comp_string(krb5_context context,
* @ingroup krb5_principal
*/
-unsigned int KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION unsigned int KRB5_LIB_CALL
krb5_principal_get_num_comp(krb5_context context,
krb5_const_principal principal)
{
@@ -183,7 +183,7 @@ krb5_principal_get_num_comp(krb5_context context,
* @ingroup krb5_principal
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_parse_name_flags(krb5_context context,
const char *name,
int flags,
@@ -384,7 +384,7 @@ exit:
* @ingroup krb5_principal
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_parse_name(krb5_context context,
const char *name,
krb5_principal *principal)
@@ -485,7 +485,7 @@ unparse_name_fixed(krb5_context context,
* @ingroup krb5_principal
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_unparse_name_fixed(krb5_context context,
krb5_const_principal principal,
char *name,
@@ -508,7 +508,7 @@ krb5_unparse_name_fixed(krb5_context context,
* @ingroup krb5_principal
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_unparse_name_fixed_short(krb5_context context,
krb5_const_principal principal,
char *name,
@@ -532,7 +532,7 @@ krb5_unparse_name_fixed_short(krb5_context context,
* @ingroup krb5_principal
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_unparse_name_fixed_flags(krb5_context context,
krb5_const_principal principal,
int flags,
@@ -596,7 +596,7 @@ unparse_name(krb5_context context,
* @ingroup krb5_principal
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_unparse_name(krb5_context context,
krb5_const_principal principal,
char **name)
@@ -617,7 +617,7 @@ krb5_unparse_name(krb5_context context,
* @ingroup krb5_principal
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_unparse_name_flags(krb5_context context,
krb5_const_principal principal,
int flags,
@@ -639,7 +639,7 @@ krb5_unparse_name_flags(krb5_context context,
* @ingroup krb5_principal
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_unparse_name_short(krb5_context context,
krb5_const_principal principal,
char **name)
@@ -660,7 +660,7 @@ krb5_unparse_name_short(krb5_context context,
* @ingroup krb5_principal
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_principal_set_realm(krb5_context context,
krb5_principal principal,
krb5_const_realm realm)
@@ -692,7 +692,7 @@ krb5_principal_set_realm(krb5_context context,
* @ingroup krb5_principal
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_build_principal(krb5_context context,
krb5_principal *principal,
int rlen,
@@ -828,8 +828,7 @@ build_principal(krb5_context context,
return 0;
}
-
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_build_principal_va(krb5_context context,
krb5_principal *principal,
int rlen,
@@ -839,7 +838,7 @@ krb5_build_principal_va(krb5_context context,
return build_principal(context, principal, rlen, realm, va_princ, ap);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_build_principal_va_ext(krb5_context context,
krb5_principal *principal,
int rlen,
@@ -850,7 +849,7 @@ krb5_build_principal_va_ext(krb5_context context,
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_build_principal_ext(krb5_context context,
krb5_principal *principal,
int rlen,
@@ -878,7 +877,7 @@ krb5_build_principal_ext(krb5_context context,
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_copy_principal(krb5_context context,
krb5_const_principal inprinc,
krb5_principal *outprinc)
@@ -913,7 +912,7 @@ krb5_copy_principal(krb5_context context,
* @see krb5_realm_compare()
*/
-krb5_boolean KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_principal_compare_any_realm(krb5_context context,
krb5_const_principal princ1,
krb5_const_principal princ2)
@@ -928,7 +927,7 @@ krb5_principal_compare_any_realm(krb5_context context,
return TRUE;
}
-krb5_boolean KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
_krb5_principal_compare_PrincipalName(krb5_context context,
krb5_const_principal princ1,
PrincipalName *princ2)
@@ -961,7 +960,7 @@ _krb5_principal_compare_PrincipalName(krb5_context context,
* return TRUE iff princ1 == princ2
*/
-krb5_boolean KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_principal_compare(krb5_context context,
krb5_const_principal princ1,
krb5_const_principal princ2)
@@ -983,7 +982,7 @@ krb5_principal_compare(krb5_context context,
* @see krb5_principal_compare()
*/
-krb5_boolean KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_realm_compare(krb5_context context,
krb5_const_principal princ1,
krb5_const_principal princ2)
@@ -997,7 +996,7 @@ krb5_realm_compare(krb5_context context,
* @ingroup krb5_principal
*/
-krb5_boolean KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_principal_match(krb5_context context,
krb5_const_principal princ,
krb5_const_principal pattern)
@@ -1083,7 +1082,7 @@ get_name_conversion(krb5_context context, const char *realm, const char *name)
* if `func', use that function for validating the conversion
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_425_conv_principal_ext2(krb5_context context,
const char *name,
const char *instance,
@@ -1375,7 +1374,7 @@ name_convert(krb5_context context, const char *name, const char *realm,
* three parameters. They have to be 40 bytes each (ANAME_SZ).
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_524_conv_principal(krb5_context context,
const krb5_principal principal,
char *name,
@@ -1461,7 +1460,7 @@ krb5_524_conv_principal(krb5_context context,
* @ingroup krb5_principal
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_sname_to_principal (krb5_context context,
const char *hostname,
const char *sname,
diff --git a/source4/heimdal/lib/krb5/prog_setup.c b/source4/heimdal/lib/krb5/prog_setup.c
index 4c060973d6..21afbf8d10 100644
--- a/source4/heimdal/lib/krb5/prog_setup.c
+++ b/source4/heimdal/lib/krb5/prog_setup.c
@@ -35,17 +35,17 @@
#include <getarg.h>
#include <err.h>
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_std_usage(int code, struct getargs *args, int num_args)
{
arg_printusage(args, num_args, NULL, "");
exit(code);
}
-int KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION int KRB5_LIB_CALL
krb5_program_setup(krb5_context *context, int argc, char **argv,
struct getargs *args, int num_args,
- void (*usage)(int, struct getargs*, int))
+ void (KRB5_LIB_CALL *usage)(int, struct getargs*, int))
{
krb5_error_code ret;
int optidx = 0;
diff --git a/source4/heimdal/lib/krb5/prompter_posix.c b/source4/heimdal/lib/krb5/prompter_posix.c
index 05deaff525..875fd99c40 100644
--- a/source4/heimdal/lib/krb5/prompter_posix.c
+++ b/source4/heimdal/lib/krb5/prompter_posix.c
@@ -33,7 +33,7 @@
#include "krb5_locl.h"
-int KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION int
krb5_prompter_posix (krb5_context context,
void *data,
const char *name,
diff --git a/source4/heimdal/lib/krb5/rd_cred.c b/source4/heimdal/lib/krb5/rd_cred.c
index f41edfa2b5..094f748b9f 100644
--- a/source4/heimdal/lib/krb5/rd_cred.c
+++ b/source4/heimdal/lib/krb5/rd_cred.c
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
-#include <krb5_locl.h>
+#include "krb5_locl.h"
static krb5_error_code
compare_addrs(krb5_context context,
@@ -52,7 +52,7 @@ compare_addrs(krb5_context context,
return KRB5KRB_AP_ERR_BADADDR;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_rd_cred(krb5_context context,
krb5_auth_context auth_context,
krb5_data *in_data,
@@ -322,7 +322,7 @@ krb5_rd_cred(krb5_context context,
return ret;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_rd_cred2 (krb5_context context,
krb5_auth_context auth_context,
krb5_ccache ccache,
diff --git a/source4/heimdal/lib/krb5/rd_error.c b/source4/heimdal/lib/krb5/rd_error.c
index 1561188fad..d778c68cd6 100644
--- a/source4/heimdal/lib/krb5/rd_error.c
+++ b/source4/heimdal/lib/krb5/rd_error.c
@@ -33,7 +33,7 @@
#include "krb5_locl.h"
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_rd_error(krb5_context context,
const krb5_data *msg,
KRB_ERROR *result)
@@ -51,7 +51,7 @@ krb5_rd_error(krb5_context context,
return 0;
}
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_free_error_contents (krb5_context context,
krb5_error *error)
{
@@ -59,7 +59,7 @@ krb5_free_error_contents (krb5_context context,
memset(error, 0, sizeof(*error));
}
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_free_error (krb5_context context,
krb5_error *error)
{
@@ -67,7 +67,7 @@ krb5_free_error (krb5_context context,
free (error);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_error_from_rd_error(krb5_context context,
const krb5_error *error,
const krb5_creds *creds)
diff --git a/source4/heimdal/lib/krb5/rd_priv.c b/source4/heimdal/lib/krb5/rd_priv.c
index fb6cfcee4f..8a46195b69 100644
--- a/source4/heimdal/lib/krb5/rd_priv.c
+++ b/source4/heimdal/lib/krb5/rd_priv.c
@@ -31,9 +31,9 @@
* SUCH DAMAGE.
*/
-#include <krb5_locl.h>
+#include "krb5_locl.h"
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_rd_priv(krb5_context context,
krb5_auth_context auth_context,
const krb5_data *inbuf,
diff --git a/source4/heimdal/lib/krb5/rd_rep.c b/source4/heimdal/lib/krb5/rd_rep.c
index 2d5792cd40..f8963a53b2 100644
--- a/source4/heimdal/lib/krb5/rd_rep.c
+++ b/source4/heimdal/lib/krb5/rd_rep.c
@@ -31,9 +31,9 @@
* SUCH DAMAGE.
*/
-#include <krb5_locl.h>
+#include "krb5_locl.h"
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_rd_rep(krb5_context context,
krb5_auth_context auth_context,
const krb5_data *inbuf,
@@ -108,7 +108,7 @@ krb5_rd_rep(krb5_context context,
return ret;
}
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_free_ap_rep_enc_part (krb5_context context,
krb5_ap_rep_enc_part *val)
{
diff --git a/source4/heimdal/lib/krb5/rd_req.c b/source4/heimdal/lib/krb5/rd_req.c
index 330c2c3c15..6b2ffbdaac 100644
--- a/source4/heimdal/lib/krb5/rd_req.c
+++ b/source4/heimdal/lib/krb5/rd_req.c
@@ -1,3 +1,4 @@
+
/*
* Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
@@ -31,7 +32,7 @@
* SUCH DAMAGE.
*/
-#include <krb5_locl.h>
+#include "krb5_locl.h"
static krb5_error_code
decrypt_tkt_enc_part (krb5_context context,
@@ -102,7 +103,7 @@ decrypt_authenticator (krb5_context context,
return ret;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_decode_ap_req(krb5_context context,
const krb5_data *inbuf,
krb5_ap_req *ap_req)
@@ -217,7 +218,7 @@ find_etypelist(krb5_context context,
return ret;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_decrypt_ticket(krb5_context context,
Ticket *ticket,
krb5_keyblock *key,
@@ -266,7 +267,7 @@ krb5_decrypt_ticket(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_verify_authenticator_checksum(krb5_context context,
krb5_auth_context ac,
void *data,
@@ -308,7 +309,7 @@ out:
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_verify_ap_req(krb5_context context,
krb5_auth_context *auth_context,
krb5_ap_req *ap_req,
@@ -329,7 +330,7 @@ krb5_verify_ap_req(krb5_context context,
KRB5_KU_AP_REQ_AUTH);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_verify_ap_req2(krb5_context context,
krb5_auth_context *auth_context,
krb5_ap_req *ap_req,
@@ -538,7 +539,7 @@ struct krb5_rd_req_out_ctx_data {
* @ingroup krb5_auth
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_rd_req_in_ctx_alloc(krb5_context context, krb5_rd_req_in_ctx *ctx)
{
*ctx = calloc(1, sizeof(**ctx));
@@ -565,7 +566,7 @@ krb5_rd_req_in_ctx_alloc(krb5_context context, krb5_rd_req_in_ctx *ctx)
* @ingroup krb5_auth
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_rd_req_in_set_keytab(krb5_context context,
krb5_rd_req_in_ctx in,
krb5_keytab keytab)
@@ -586,7 +587,7 @@ krb5_rd_req_in_set_keytab(krb5_context context,
* @ingroup krb5_auth
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_rd_req_in_set_pac_check(krb5_context context,
krb5_rd_req_in_ctx in,
krb5_boolean flag)
@@ -596,7 +597,7 @@ krb5_rd_req_in_set_pac_check(krb5_context context,
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_rd_req_in_set_keyblock(krb5_context context,
krb5_rd_req_in_ctx in,
krb5_keyblock *keyblock)
@@ -605,7 +606,7 @@ krb5_rd_req_in_set_keyblock(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_rd_req_out_get_ap_req_options(krb5_context context,
krb5_rd_req_out_ctx out,
krb5_flags *ap_req_options)
@@ -614,7 +615,7 @@ krb5_rd_req_out_get_ap_req_options(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_rd_req_out_get_ticket(krb5_context context,
krb5_rd_req_out_ctx out,
krb5_ticket **ticket)
@@ -622,7 +623,7 @@ krb5_rd_req_out_get_ticket(krb5_context context,
return krb5_copy_ticket(context, out->ticket, ticket);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_rd_req_out_get_keyblock(krb5_context context,
krb5_rd_req_out_ctx out,
krb5_keyblock **keyblock)
@@ -642,7 +643,7 @@ krb5_rd_req_out_get_keyblock(krb5_context context,
* @ingroup krb5_auth
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_rd_req_out_get_server(krb5_context context,
krb5_rd_req_out_ctx out,
krb5_principal *principal)
@@ -650,7 +651,7 @@ krb5_rd_req_out_get_server(krb5_context context,
return krb5_copy_principal(context, out->server, principal);
}
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_rd_req_in_ctx_free(krb5_context context, krb5_rd_req_in_ctx ctx)
{
free(ctx);
@@ -665,7 +666,7 @@ krb5_rd_req_in_ctx_free(krb5_context context, krb5_rd_req_in_ctx ctx)
* @ingroup krb5_auth
*/
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_rd_req_out_ctx_free(krb5_context context, krb5_rd_req_out_ctx ctx)
{
if (ctx->ticket)
@@ -681,7 +682,7 @@ krb5_rd_req_out_ctx_free(krb5_context context, krb5_rd_req_out_ctx ctx)
*
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_rd_req(krb5_context context,
krb5_auth_context *auth_context,
const krb5_data *inbuf,
@@ -726,7 +727,7 @@ out:
*
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_rd_req_with_keyblock(krb5_context context,
krb5_auth_context *auth_context,
const krb5_data *inbuf,
@@ -834,7 +835,7 @@ out:
* @ingroup krb5_auth
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_rd_req_ctx(krb5_context context,
krb5_auth_context *auth_context,
const krb5_data *inbuf,
diff --git a/source4/heimdal/lib/krb5/replay.c b/source4/heimdal/lib/krb5/replay.c
index 0cad91e437..f4eb9032d7 100644
--- a/source4/heimdal/lib/krb5/replay.c
+++ b/source4/heimdal/lib/krb5/replay.c
@@ -38,7 +38,7 @@ struct krb5_rcache_data {
char *name;
};
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_rc_resolve(krb5_context context,
krb5_rcache id,
const char *name)
@@ -52,7 +52,7 @@ krb5_rc_resolve(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_rc_resolve_type(krb5_context context,
krb5_rcache *id,
const char *type)
@@ -73,7 +73,7 @@ krb5_rc_resolve_type(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_rc_resolve_full(krb5_context context,
krb5_rcache *id,
const char *string_name)
@@ -99,19 +99,19 @@ krb5_rc_resolve_full(krb5_context context,
return ret;
}
-const char* KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
krb5_rc_default_name(krb5_context context)
{
return "FILE:/var/run/default_rcache";
}
-const char* KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
krb5_rc_default_type(krb5_context context)
{
return "FILE";
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_rc_default(krb5_context context,
krb5_rcache *id)
{
@@ -123,7 +123,7 @@ struct rc_entry{
unsigned char data[16];
};
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_rc_initialize(krb5_context context,
krb5_rcache id,
krb5_deltat auth_lifespan)
@@ -135,7 +135,7 @@ krb5_rc_initialize(krb5_context context,
if(f == NULL) {
char buf[128];
ret = errno;
- strerror_r(ret, buf, sizeof(buf));
+ rk_strerror_r(ret, buf, sizeof(buf));
krb5_set_error_message(context, ret, "open(%s): %s", id->name, buf);
return ret;
}
@@ -145,14 +145,14 @@ krb5_rc_initialize(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_rc_recover(krb5_context context,
krb5_rcache id)
{
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_rc_destroy(krb5_context context,
krb5_rcache id)
{
@@ -161,14 +161,14 @@ krb5_rc_destroy(krb5_context context,
if(remove(id->name) < 0) {
char buf[128];
ret = errno;
- strerror_r(ret, buf, sizeof(buf));
+ rk_strerror_r(ret, buf, sizeof(buf));
krb5_set_error_message(context, ret, "remove(%s): %s", id->name, buf);
return ret;
}
return krb5_rc_close(context, id);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_rc_close(krb5_context context,
krb5_rcache id)
{
@@ -196,7 +196,7 @@ checksum_authenticator(Authenticator *auth, void *data)
EVP_MD_CTX_destroy(m);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_rc_store(krb5_context context,
krb5_rcache id,
krb5_donot_replay *rep)
@@ -212,7 +212,7 @@ krb5_rc_store(krb5_context context,
if(f == NULL) {
char buf[128];
ret = errno;
- strerror_r(ret, buf, sizeof(buf));
+ rk_strerror_r(ret, buf, sizeof(buf));
krb5_set_error_message(context, ret, "open(%s): %s", id->name, buf);
return ret;
}
@@ -232,7 +232,7 @@ krb5_rc_store(krb5_context context,
char buf[128];
ret = errno;
fclose(f);
- strerror_r(ret, buf, sizeof(buf));
+ rk_strerror_r(ret, buf, sizeof(buf));
krb5_set_error_message(context, ret, "%s: %s",
id->name, buf);
return ret;
@@ -241,7 +241,7 @@ krb5_rc_store(krb5_context context,
f = fopen(id->name, "a");
if(f == NULL) {
char buf[128];
- strerror_r(errno, buf, sizeof(buf));
+ rk_strerror_r(errno, buf, sizeof(buf));
krb5_set_error_message(context, KRB5_RC_IO_UNKNOWN,
"open(%s): %s", id->name, buf);
return KRB5_RC_IO_UNKNOWN;
@@ -251,14 +251,14 @@ krb5_rc_store(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_rc_expunge(krb5_context context,
krb5_rcache id)
{
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_rc_get_lifespan(krb5_context context,
krb5_rcache id,
krb5_deltat *auth_lifespan)
@@ -276,21 +276,21 @@ krb5_rc_get_lifespan(krb5_context context,
return KRB5_RC_IO_UNKNOWN;
}
-const char* KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
krb5_rc_get_name(krb5_context context,
krb5_rcache id)
{
return id->name;
}
-const char* KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
krb5_rc_get_type(krb5_context context,
krb5_rcache id)
{
return "FILE";
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_server_rcache(krb5_context context,
const krb5_data *piece,
krb5_rcache *id)
diff --git a/source4/heimdal/lib/krb5/send_to_kdc.c b/source4/heimdal/lib/krb5/send_to_kdc.c
index 0efe14eb4f..a9be31e819 100644
--- a/source4/heimdal/lib/krb5/send_to_kdc.c
+++ b/source4/heimdal/lib/krb5/send_to_kdc.c
@@ -47,7 +47,7 @@ struct send_to_kdc {
*/
static int
-recv_loop (int fd,
+recv_loop (krb5_socket_t fd,
time_t tmout,
int udp,
size_t limit,
@@ -58,9 +58,11 @@ recv_loop (int fd,
int ret;
int nbytes;
+#ifndef NO_LIMIT_FD_SETSIZE
if (fd >= FD_SETSIZE) {
return -1;
}
+#endif
krb5_data_zero(rep);
do {
@@ -78,7 +80,7 @@ recv_loop (int fd,
} else {
void *tmp;
- if (ioctl (fd, FIONREAD, &nbytes) < 0) {
+ if (rk_SOCK_IOCTL (fd, FIONREAD, &nbytes) < 0) {
krb5_data_free (rep);
return -1;
}
@@ -111,7 +113,7 @@ recv_loop (int fd,
*/
static int
-send_and_recv_udp(int fd,
+send_and_recv_udp(krb5_socket_t fd,
time_t tmout,
const krb5_data *req,
krb5_data *rep)
@@ -130,7 +132,7 @@ send_and_recv_udp(int fd,
*/
static int
-send_and_recv_tcp(int fd,
+send_and_recv_tcp(krb5_socket_t fd,
time_t tmout,
const krb5_data *req,
krb5_data *rep)
@@ -140,9 +142,9 @@ send_and_recv_tcp(int fd,
krb5_data len_data;
_krb5_put_int(len, req->length, 4);
- if(net_write(fd, len, sizeof(len)) < 0)
+ if(net_write (fd, len, sizeof(len)) < 0)
return -1;
- if(net_write(fd, req->data, req->length) < 0)
+ if(net_write (fd, req->data, req->length) < 0)
return -1;
if (recv_loop (fd, tmout, 0, 4, &len_data) < 0)
return -1;
@@ -162,7 +164,7 @@ send_and_recv_tcp(int fd,
}
int
-_krb5_send_and_recv_tcp(int fd,
+_krb5_send_and_recv_tcp(krb5_socket_t fd,
time_t tmout,
const krb5_data *req,
krb5_data *rep)
@@ -175,7 +177,7 @@ _krb5_send_and_recv_tcp(int fd,
*/
static int
-send_and_recv_http(int fd,
+send_and_recv_http(krb5_socket_t fd,
time_t tmout,
const char *prefix,
const krb5_data *req,
@@ -264,7 +266,7 @@ send_via_proxy (krb5_context context,
struct addrinfo hints;
struct addrinfo *ai, *a;
int ret;
- int s = -1;
+ krb5_socket_t s = rk_INVALID_SOCKET;
char portstr[NI_MAXSERV];
if (proxy == NULL)
@@ -291,7 +293,7 @@ send_via_proxy (krb5_context context,
continue;
rk_cloexec(s);
if (connect (s, a->ai_addr, a->ai_addrlen) < 0) {
- close (s);
+ rk_closesocket (s);
continue;
}
break;
@@ -309,7 +311,7 @@ send_via_proxy (krb5_context context,
}
ret = send_and_recv_http(s, context->kdc_timeout,
prefix, send_data, receive);
- close (s);
+ rk_closesocket (s);
free(prefix);
if(ret == 0 && receive->length != 0)
return 0;
@@ -361,14 +363,14 @@ send_via_plugin(krb5_context context,
* in `receive'.
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_sendto (krb5_context context,
const krb5_data *send_data,
krb5_krbhst_handle handle,
krb5_data *receive)
{
krb5_error_code ret;
- int fd;
+ krb5_socket_t fd;
int i;
krb5_data_zero(receive);
@@ -414,11 +416,11 @@ krb5_sendto (krb5_context context,
for (a = ai; a != NULL; a = a->ai_next) {
fd = socket (a->ai_family, a->ai_socktype | SOCK_CLOEXEC, a->ai_protocol);
- if (fd < 0)
+ if (rk_IS_BAD_SOCKET(fd))
continue;
rk_cloexec(fd);
if (connect (fd, a->ai_addr, a->ai_addrlen) < 0) {
- close (fd);
+ rk_closesocket (fd);
continue;
}
switch (hi->proto) {
@@ -435,7 +437,7 @@ krb5_sendto (krb5_context context,
send_data, receive);
break;
}
- close (fd);
+ rk_closesocket (fd);
if(ret == 0 && receive->length != 0)
goto out;
}
@@ -451,7 +453,7 @@ out:
return ret;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_sendto_kdc(krb5_context context,
const krb5_data *send_data,
const krb5_realm *realm,
@@ -460,7 +462,7 @@ krb5_sendto_kdc(krb5_context context,
return krb5_sendto_kdc_flags(context, send_data, realm, receive, 0);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_sendto_kdc_flags(krb5_context context,
const krb5_data *send_data,
const krb5_realm *realm,
@@ -481,7 +483,7 @@ krb5_sendto_kdc_flags(krb5_context context,
return ret;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_set_send_to_kdc_func(krb5_context context,
krb5_send_to_kdc_func func,
void *data)
@@ -504,7 +506,7 @@ krb5_set_send_to_kdc_func(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_copy_send_to_kdc_func(krb5_context context, krb5_context to)
{
if (context->send_to_kdc)
@@ -524,7 +526,7 @@ struct krb5_sendto_ctx_data {
void *data;
};
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_sendto_ctx_alloc(krb5_context context, krb5_sendto_ctx *ctx)
{
*ctx = calloc(1, sizeof(**ctx));
@@ -536,26 +538,26 @@ krb5_sendto_ctx_alloc(krb5_context context, krb5_sendto_ctx *ctx)
return 0;
}
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_sendto_ctx_add_flags(krb5_sendto_ctx ctx, int flags)
{
ctx->flags |= flags;
}
-int KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION int KRB5_LIB_CALL
krb5_sendto_ctx_get_flags(krb5_sendto_ctx ctx)
{
return ctx->flags;
}
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_sendto_ctx_set_type(krb5_sendto_ctx ctx, int type)
{
ctx->type = type;
}
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_sendto_ctx_set_func(krb5_sendto_ctx ctx,
krb5_sendto_ctx_func func,
void *data)
@@ -564,14 +566,14 @@ krb5_sendto_ctx_set_func(krb5_sendto_ctx ctx,
ctx->data = data;
}
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_sendto_ctx_free(krb5_context context, krb5_sendto_ctx ctx)
{
memset(ctx, 0, sizeof(*ctx));
free(ctx);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_sendto_context(krb5_context context,
krb5_sendto_ctx ctx,
const krb5_data *send_data,
diff --git a/source4/heimdal/lib/krb5/set_default_realm.c b/source4/heimdal/lib/krb5/set_default_realm.c
index 91201eeb53..ddce677c1a 100644
--- a/source4/heimdal/lib/krb5/set_default_realm.c
+++ b/source4/heimdal/lib/krb5/set_default_realm.c
@@ -65,7 +65,7 @@ string_to_list (krb5_context context, const char *s, krb5_realm **list)
* Otherwise, the realm(s) are figured out from configuration or DNS.
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_set_default_realm(krb5_context context,
const char *realm)
{
diff --git a/source4/heimdal/lib/krb5/store.c b/source4/heimdal/lib/krb5/store.c
index 6e1374adf9..49e68ef177 100644
--- a/source4/heimdal/lib/krb5/store.c
+++ b/source4/heimdal/lib/krb5/store.c
@@ -49,7 +49,7 @@
* @ingroup krb5_storage
*/
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_storage_set_flags(krb5_storage *sp, krb5_flags flags)
{
sp->flags |= flags;
@@ -64,7 +64,7 @@ krb5_storage_set_flags(krb5_storage *sp, krb5_flags flags)
* @ingroup krb5_storage
*/
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_storage_clear_flags(krb5_storage *sp, krb5_flags flags)
{
sp->flags &= ~flags;
@@ -82,7 +82,7 @@ krb5_storage_clear_flags(krb5_storage *sp, krb5_flags flags)
* @ingroup krb5_storage
*/
-krb5_boolean KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_storage_is_flags(krb5_storage *sp, krb5_flags flags)
{
return (sp->flags & flags) == flags;
@@ -100,7 +100,7 @@ krb5_storage_is_flags(krb5_storage *sp, krb5_flags flags)
* @ingroup krb5_storage
*/
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_storage_set_byteorder(krb5_storage *sp, krb5_flags byteorder)
{
sp->flags &= ~KRB5_STORAGE_BYTEORDER_MASK;
@@ -113,7 +113,7 @@ krb5_storage_set_byteorder(krb5_storage *sp, krb5_flags byteorder)
* @ingroup krb5_storage
*/
-krb5_flags KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_flags KRB5_LIB_CALL
krb5_storage_get_byteorder(krb5_storage *sp)
{
return sp->flags & KRB5_STORAGE_BYTEORDER_MASK;
@@ -132,7 +132,7 @@ krb5_storage_get_byteorder(krb5_storage *sp)
* @ingroup krb5_storage
*/
-off_t KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION off_t KRB5_LIB_CALL
krb5_storage_seek(krb5_storage *sp, off_t offset, int whence)
{
return (*sp->seek)(sp, offset, whence);
@@ -149,7 +149,7 @@ krb5_storage_seek(krb5_storage *sp, off_t offset, int whence)
* @ingroup krb5_storage
*/
-int KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION int KRB5_LIB_CALL
krb5_storage_truncate(krb5_storage *sp, off_t offset)
{
return (*sp->trunc)(sp, offset);
@@ -167,7 +167,7 @@ krb5_storage_truncate(krb5_storage *sp, off_t offset)
* @ingroup krb5_storage
*/
-krb5_ssize_t KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL
krb5_storage_read(krb5_storage *sp, void *buf, size_t len)
{
return sp->fetch(sp, buf, len);
@@ -185,7 +185,7 @@ krb5_storage_read(krb5_storage *sp, void *buf, size_t len)
* @ingroup krb5_storage
*/
-krb5_ssize_t KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL
krb5_storage_write(krb5_storage *sp, const void *buf, size_t len)
{
return sp->store(sp, buf, len);
@@ -200,7 +200,7 @@ krb5_storage_write(krb5_storage *sp, const void *buf, size_t len)
* @ingroup krb5_storage
*/
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_storage_set_eof_code(krb5_storage *sp, int code)
{
sp->eof_code = code;
@@ -216,13 +216,13 @@ krb5_storage_set_eof_code(krb5_storage *sp, int code)
* @ingroup krb5_storage
*/
-int KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION int KRB5_LIB_CALL
krb5_storage_get_eof_code(krb5_storage *sp)
{
return sp->eof_code;
}
-krb5_ssize_t KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL
_krb5_put_int(void *buffer, unsigned long value, size_t size)
{
unsigned char *p = buffer;
@@ -234,7 +234,7 @@ _krb5_put_int(void *buffer, unsigned long value, size_t size)
return size;
}
-krb5_ssize_t KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL
_krb5_get_int(void *buffer, unsigned long *value, size_t size)
{
unsigned char *p = buffer;
@@ -256,7 +256,7 @@ _krb5_get_int(void *buffer, unsigned long *value, size_t size)
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_storage_free(krb5_storage *sp)
{
if(sp->free)
@@ -277,7 +277,7 @@ krb5_storage_free(krb5_storage *sp)
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_storage_to_data(krb5_storage *sp, krb5_data *data)
{
off_t pos, size;
@@ -331,7 +331,7 @@ krb5_store_int(krb5_storage *sp,
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_store_int32(krb5_storage *sp,
int32_t value)
{
@@ -354,7 +354,7 @@ krb5_store_int32(krb5_storage *sp,
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_store_uint32(krb5_storage *sp,
uint32_t value)
{
@@ -389,7 +389,7 @@ krb5_ret_int(krb5_storage *sp,
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_ret_int32(krb5_storage *sp,
int32_t *value)
{
@@ -415,7 +415,7 @@ krb5_ret_int32(krb5_storage *sp,
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_ret_uint32(krb5_storage *sp,
uint32_t *value)
{
@@ -441,7 +441,7 @@ krb5_ret_uint32(krb5_storage *sp,
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_store_int16(krb5_storage *sp,
int16_t value)
{
@@ -464,7 +464,7 @@ krb5_store_int16(krb5_storage *sp,
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_store_uint16(krb5_storage *sp,
uint16_t value)
{
@@ -482,7 +482,8 @@ krb5_store_uint16(krb5_storage *sp,
*
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_ret_int16(krb5_storage *sp,
int16_t *value)
{
@@ -511,7 +512,7 @@ krb5_ret_int16(krb5_storage *sp,
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_ret_uint16(krb5_storage *sp,
uint16_t *value)
{
@@ -536,7 +537,7 @@ krb5_ret_uint16(krb5_storage *sp,
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_store_int8(krb5_storage *sp,
int8_t value)
{
@@ -559,7 +560,7 @@ krb5_store_int8(krb5_storage *sp,
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_store_uint8(krb5_storage *sp,
uint8_t value)
{
@@ -577,7 +578,7 @@ krb5_store_uint8(krb5_storage *sp,
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_ret_int8(krb5_storage *sp,
int8_t *value)
{
@@ -600,7 +601,7 @@ krb5_ret_int8(krb5_storage *sp,
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_ret_uint8(krb5_storage *sp,
uint8_t *value)
{
@@ -626,7 +627,7 @@ krb5_ret_uint8(krb5_storage *sp,
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_store_data(krb5_storage *sp,
krb5_data data)
{
@@ -654,7 +655,7 @@ krb5_store_data(krb5_storage *sp,
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_ret_data(krb5_storage *sp,
krb5_data *data)
{
@@ -687,7 +688,7 @@ krb5_ret_data(krb5_storage *sp,
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_store_string(krb5_storage *sp, const char *s)
{
krb5_data data;
@@ -708,7 +709,7 @@ krb5_store_string(krb5_storage *sp, const char *s)
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_ret_string(krb5_storage *sp,
char **string)
{
@@ -738,7 +739,7 @@ krb5_ret_string(krb5_storage *sp,
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_store_stringz(krb5_storage *sp, const char *s)
{
size_t len = strlen(s) + 1;
@@ -765,7 +766,7 @@ krb5_store_stringz(krb5_storage *sp, const char *s)
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_ret_stringz(krb5_storage *sp,
char **string)
{
@@ -798,7 +799,7 @@ krb5_ret_stringz(krb5_storage *sp,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_store_stringnl(krb5_storage *sp, const char *s)
{
size_t len = strlen(s);
@@ -823,7 +824,7 @@ krb5_store_stringnl(krb5_storage *sp, const char *s)
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_ret_stringnl(krb5_storage *sp,
char **string)
{
@@ -879,7 +880,7 @@ krb5_ret_stringnl(krb5_storage *sp,
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_store_principal(krb5_storage *sp,
krb5_const_principal p)
{
@@ -916,7 +917,7 @@ krb5_store_principal(krb5_storage *sp,
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_ret_principal(krb5_storage *sp,
krb5_principal *princ)
{
@@ -984,7 +985,7 @@ krb5_ret_principal(krb5_storage *sp,
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_store_keyblock(krb5_storage *sp, krb5_keyblock p)
{
int ret;
@@ -1013,7 +1014,7 @@ krb5_store_keyblock(krb5_storage *sp, krb5_keyblock p)
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_ret_keyblock(krb5_storage *sp, krb5_keyblock *p)
{
int ret;
@@ -1043,7 +1044,7 @@ krb5_ret_keyblock(krb5_storage *sp, krb5_keyblock *p)
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_store_times(krb5_storage *sp, krb5_times times)
{
int ret;
@@ -1068,7 +1069,7 @@ krb5_store_times(krb5_storage *sp, krb5_times times)
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_ret_times(krb5_storage *sp, krb5_times *times)
{
int ret;
@@ -1098,7 +1099,7 @@ krb5_ret_times(krb5_storage *sp, krb5_times *times)
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_store_address(krb5_storage *sp, krb5_address p)
{
int ret;
@@ -1119,7 +1120,7 @@ krb5_store_address(krb5_storage *sp, krb5_address p)
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_ret_address(krb5_storage *sp, krb5_address *adr)
{
int16_t t;
@@ -1142,7 +1143,7 @@ krb5_ret_address(krb5_storage *sp, krb5_address *adr)
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_store_addrs(krb5_storage *sp, krb5_addresses p)
{
int i;
@@ -1167,7 +1168,7 @@ krb5_store_addrs(krb5_storage *sp, krb5_addresses p)
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_ret_addrs(krb5_storage *sp, krb5_addresses *adr)
{
int i;
@@ -1198,7 +1199,7 @@ krb5_ret_addrs(krb5_storage *sp, krb5_addresses *adr)
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_store_authdata(krb5_storage *sp, krb5_authdata auth)
{
krb5_error_code ret;
@@ -1225,7 +1226,7 @@ krb5_store_authdata(krb5_storage *sp, krb5_authdata auth)
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_ret_authdata(krb5_storage *sp, krb5_authdata *auth)
{
krb5_error_code ret;
@@ -1270,7 +1271,7 @@ bitswap32(int32_t b)
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_store_creds(krb5_storage *sp, krb5_creds *creds)
{
int ret;
@@ -1322,7 +1323,7 @@ krb5_store_creds(krb5_storage *sp, krb5_creds *creds)
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_ret_creds(krb5_storage *sp, krb5_creds *creds)
{
krb5_error_code ret;
@@ -1394,7 +1395,7 @@ cleanup:
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_store_creds_tag(krb5_storage *sp, krb5_creds *creds)
{
int ret;
@@ -1486,7 +1487,7 @@ krb5_store_creds_tag(krb5_storage *sp, krb5_creds *creds)
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_ret_creds_tag(krb5_storage *sp,
krb5_creds *creds)
{
diff --git a/source4/heimdal/lib/krb5/store_emem.c b/source4/heimdal/lib/krb5/store_emem.c
index acf984280e..ccda751afb 100644
--- a/source4/heimdal/lib/krb5/store_emem.c
+++ b/source4/heimdal/lib/krb5/store_emem.c
@@ -158,7 +158,7 @@ emem_free(krb5_storage *sp)
* @sa krb5_storage_from_data()
*/
-krb5_storage * KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_storage * KRB5_LIB_CALL
krb5_storage_emem(void)
{
krb5_storage *sp;
diff --git a/source4/heimdal/lib/krb5/store_fd.c b/source4/heimdal/lib/krb5/store_fd.c
index 4150175927..bd357dbe3b 100644
--- a/source4/heimdal/lib/krb5/store_fd.c
+++ b/source4/heimdal/lib/krb5/store_fd.c
@@ -85,12 +85,26 @@ fd_free(krb5_storage * sp)
* @sa krb5_storage_from_data()
*/
-krb5_storage * KRB5_LIB_FUNCTION
-krb5_storage_from_fd(int fd)
+KRB5_LIB_FUNCTION krb5_storage * KRB5_LIB_CALL
+krb5_storage_from_fd(krb5_socket_t fd_in)
{
krb5_storage *sp;
+ int fd;
+
+#ifdef SOCKET_IS_NOT_AN_FD
+#ifdef _MSC_VER
+ if (_get_osfhandle(fd_in) != -1) {
+ fd = dup(fd_in);
+ } else {
+ fd = _open_osfhandle(fd_in, 0);
+ }
+#else
+#error Dont know how to deal with fd that may or may not be a socket.
+#endif
+#else /* SOCKET_IS_NOT_AN_FD */
+ fd = dup(fd_in);
+#endif
- fd = dup(fd);
if (fd < 0)
return NULL;
diff --git a/source4/heimdal/lib/krb5/store_mem.c b/source4/heimdal/lib/krb5/store_mem.c
index a913e182d5..b79bc19155 100644
--- a/source4/heimdal/lib/krb5/store_mem.c
+++ b/source4/heimdal/lib/krb5/store_mem.c
@@ -122,7 +122,7 @@ mem_no_trunc(krb5_storage *sp, off_t offset)
* @sa krb5_storage_from_fd()
*/
-krb5_storage * KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_storage * KRB5_LIB_CALL
krb5_storage_from_mem(void *buf, size_t len)
{
krb5_storage *sp = malloc(sizeof(krb5_storage));
@@ -161,7 +161,7 @@ krb5_storage_from_mem(void *buf, size_t len)
* @sa krb5_storage_from_fd()
*/
-krb5_storage * KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_storage * KRB5_LIB_CALL
krb5_storage_from_data(krb5_data *data)
{
return krb5_storage_from_mem(data->data, data->length);
@@ -180,7 +180,7 @@ krb5_storage_from_data(krb5_data *data)
* @sa krb5_storage_from_fd()
*/
-krb5_storage * KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_storage * KRB5_LIB_CALL
krb5_storage_from_readonly_mem(const void *buf, size_t len)
{
krb5_storage *sp = malloc(sizeof(krb5_storage));
diff --git a/source4/heimdal/lib/krb5/ticket.c b/source4/heimdal/lib/krb5/ticket.c
index 3bd9387906..4d8da93579 100644
--- a/source4/heimdal/lib/krb5/ticket.c
+++ b/source4/heimdal/lib/krb5/ticket.c
@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -45,7 +47,7 @@
* @ingroup krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_free_ticket(krb5_context context,
krb5_ticket *ticket)
{
@@ -69,7 +71,7 @@ krb5_free_ticket(krb5_context context,
* @ingroup krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_copy_ticket(krb5_context context,
const krb5_ticket *from,
krb5_ticket **to)
@@ -118,7 +120,7 @@ krb5_copy_ticket(krb5_context context,
* @ingroup krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_ticket_get_client(krb5_context context,
const krb5_ticket *ticket,
krb5_principal *client)
@@ -139,7 +141,7 @@ krb5_ticket_get_client(krb5_context context,
* @ingroup krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_ticket_get_server(krb5_context context,
const krb5_ticket *ticket,
krb5_principal *server)
@@ -158,7 +160,7 @@ krb5_ticket_get_server(krb5_context context,
* @ingroup krb5
*/
-time_t KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION time_t KRB5_LIB_CALL
krb5_ticket_get_endtime(krb5_context context,
const krb5_ticket *ticket)
{
@@ -336,7 +338,7 @@ out:
* @ingroup krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_ticket_get_authorization_data_type(krb5_context context,
krb5_ticket *ticket,
int type,
@@ -761,6 +763,7 @@ _krb5_extract_ticket(krb5_context context,
krb5_timeofday (context, &sec_now);
if (rep->enc_part.flags.initial
+ && (flags & EXTRACT_TICKET_TIMESYNC)
&& context->kdc_sec_offset == 0
&& krb5_config_get_bool (context, NULL,
"libdefaults",
diff --git a/source4/heimdal/lib/krb5/time.c b/source4/heimdal/lib/krb5/time.c
index ed235783a2..247549ba23 100644
--- a/source4/heimdal/lib/krb5/time.c
+++ b/source4/heimdal/lib/krb5/time.c
@@ -47,7 +47,7 @@
* @ingroup krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_set_real_time (krb5_context context,
krb5_timestamp sec,
int32_t usec)
@@ -79,7 +79,7 @@ krb5_set_real_time (krb5_context context,
* return ``corrected'' time in `timeret'.
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_timeofday (krb5_context context,
krb5_timestamp *timeret)
{
@@ -91,7 +91,7 @@ krb5_timeofday (krb5_context context,
* like gettimeofday but with time correction to the KDC
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_us_timeofday (krb5_context context,
krb5_timestamp *sec,
int32_t *usec)
@@ -105,7 +105,7 @@ krb5_us_timeofday (krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_format_time(krb5_context context, time_t t,
char *s, size_t len, krb5_boolean include_time)
{
@@ -120,7 +120,7 @@ krb5_format_time(krb5_context context, time_t t,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_string_to_deltat(const char *string, krb5_deltat *deltat)
{
if((*deltat = parse_time(string, "s")) == -1)
diff --git a/source4/heimdal/lib/krb5/transited.c b/source4/heimdal/lib/krb5/transited.c
index 1ff4ce1658..a72adc0351 100644
--- a/source4/heimdal/lib/krb5/transited.c
+++ b/source4/heimdal/lib/krb5/transited.c
@@ -328,7 +328,7 @@ decode_realms(krb5_context context,
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_domain_x500_decode(krb5_context context,
krb5_data tr, char ***realms, unsigned int *num_realms,
const char *client_realm, const char *server_realm)
@@ -389,7 +389,7 @@ krb5_domain_x500_decode(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_domain_x500_encode(char **realms, unsigned int num_realms,
krb5_data *encoding)
{
@@ -421,7 +421,7 @@ krb5_domain_x500_encode(char **realms, unsigned int num_realms,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_check_transited(krb5_context context,
krb5_const_realm client_realm,
krb5_const_realm server_realm,
@@ -461,7 +461,7 @@ krb5_check_transited(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_check_transited_realms(krb5_context context,
const char *const *realms,
unsigned int num_realms,
diff --git a/source4/heimdal/lib/krb5/v4_glue.c b/source4/heimdal/lib/krb5/v4_glue.c
index 168268ceab..01cf323d37 100644
--- a/source4/heimdal/lib/krb5/v4_glue.c
+++ b/source4/heimdal/lib/krb5/v4_glue.c
@@ -58,7 +58,7 @@ static const int _tkt_lifetimes[TKTLIFENUMFIXED] = {
1623226, 1735464, 1855462, 1983758, 2120925, 2267576, 2424367, 2592000
};
-int KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION int KRB5_LIB_CALL
_krb5_krb_time_to_life(time_t start, time_t end)
{
int i;
@@ -82,7 +82,7 @@ _krb5_krb_time_to_life(time_t start, time_t end)
}
-time_t KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION time_t KRB5_LIB_CALL
_krb5_krb_life_to_time(int start, int life_)
{
unsigned char life = (unsigned char) life_;
@@ -118,9 +118,15 @@ get_krb4_cc_name(const char *tkfile, char **cc)
if (path)
*cc = strdup(path);
}
+#ifdef HAVE_GETUID
if(*cc == NULL)
if (asprintf(cc, "%s%u", TKT_ROOT, (unsigned)getuid()) < 0)
return errno;
+#elif defined(KRB5_USE_PATH_TOKENS)
+ if(*cc == NULL)
+ if (_krb5_expand_path_tokens(NULL, TKT_ROOT "%{uid}", cc))
+ return ENOMEM;
+#endif
} else {
*cc = strdup(tkfile);
if (*cc == NULL)
@@ -232,7 +238,7 @@ write_v4_cc(krb5_context context, const char *tkfile,
*
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_krb_tf_setup(krb5_context context,
struct credentials *v4creds,
const char *tkfile,
@@ -288,7 +294,7 @@ _krb5_krb_tf_setup(krb5_context context,
*
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_krb_dest_tkt(krb5_context context, const char *tkfile)
{
krb5_error_code ret;
@@ -405,7 +411,7 @@ put_nir(krb5_storage *sp, const char *name,
*
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_krb_create_ticket(krb5_context context,
unsigned char flags,
const char *pname,
@@ -464,7 +470,7 @@ _krb5_krb_create_ticket(krb5_context context,
*
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_krb_create_ciph(krb5_context context,
const krb5_keyblock *session,
const char *service,
@@ -524,7 +530,7 @@ _krb5_krb_create_ciph(krb5_context context,
*
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_krb_create_auth_reply(krb5_context context,
const char *pname,
const char *pinst,
@@ -577,7 +583,7 @@ _krb5_krb_create_auth_reply(krb5_context context,
*
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_krb_cr_err_reply(krb5_context context,
const char *name,
const char *inst,
@@ -644,7 +650,7 @@ get_v4_stringz(krb5_storage *sp, char **str, size_t max_len)
*
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_krb_decomp_ticket(krb5_context context,
const krb5_data *enc_ticket,
const krb5_keyblock *key,
@@ -738,7 +744,7 @@ _krb5_krb_decomp_ticket(krb5_context context,
*
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_krb_rd_req(krb5_context context,
krb5_data *authent,
const char *service,
@@ -938,7 +944,7 @@ _krb5_krb_rd_req(krb5_context context,
*
*/
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
_krb5_krb_free_auth_data(krb5_context context, struct _krb5_krb_auth_data *ad)
{
if (ad->pname)
diff --git a/source4/heimdal/lib/krb5/version.c b/source4/heimdal/lib/krb5/version.c
index a0e750604e..302854de3f 100644
--- a/source4/heimdal/lib/krb5/version.c
+++ b/source4/heimdal/lib/krb5/version.c
@@ -35,7 +35,5 @@
/* this is just to get a version stamp in the library file */
-#define heimdal_version __heimdal_version
-#define heimdal_long_version __heimdal_long_version
#include "version.h"
diff --git a/source4/heimdal/lib/krb5/warn.c b/source4/heimdal/lib/krb5/warn.c
index 886a1fe981..a4c633936f 100644
--- a/source4/heimdal/lib/krb5/warn.c
+++ b/source4/heimdal/lib/krb5/warn.c
@@ -100,7 +100,7 @@ _warnerr(krb5_context context, int do_errtext,
* @ingroup krb5_error
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_vwarn(krb5_context context, krb5_error_code code,
const char *fmt, va_list ap)
__attribute__ ((format (printf, 3, 0)))
@@ -119,7 +119,7 @@ krb5_vwarn(krb5_context context, krb5_error_code code,
* @ingroup krb5_error
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_warn(krb5_context context, krb5_error_code code, const char *fmt, ...)
__attribute__ ((format (printf, 3, 4)))
{
@@ -137,7 +137,7 @@ krb5_warn(krb5_context context, krb5_error_code code, const char *fmt, ...)
* @ingroup krb5_error
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_vwarnx(krb5_context context, const char *fmt, va_list ap)
__attribute__ ((format (printf, 2, 0)))
{
@@ -153,7 +153,7 @@ krb5_vwarnx(krb5_context context, const char *fmt, va_list ap)
* @ingroup krb5_error
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_warnx(krb5_context context, const char *fmt, ...)
__attribute__ ((format (printf, 2, 3)))
{
@@ -174,7 +174,7 @@ krb5_warnx(krb5_context context, const char *fmt, ...)
* @ingroup krb5_error
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_verr(krb5_context context, int eval, krb5_error_code code,
const char *fmt, va_list ap)
__attribute__ ((noreturn, format (printf, 4, 0)))
@@ -195,7 +195,7 @@ krb5_verr(krb5_context context, int eval, krb5_error_code code,
* @ingroup krb5_error
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_err(krb5_context context, int eval, krb5_error_code code,
const char *fmt, ...)
__attribute__ ((noreturn, format (printf, 4, 5)))
@@ -215,7 +215,7 @@ krb5_err(krb5_context context, int eval, krb5_error_code code,
* @ingroup krb5_error
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_verrx(krb5_context context, int eval, const char *fmt, va_list ap)
__attribute__ ((noreturn, format (printf, 3, 0)))
{
@@ -233,7 +233,7 @@ krb5_verrx(krb5_context context, int eval, const char *fmt, va_list ap)
* @ingroup krb5_error
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_errx(krb5_context context, int eval, const char *fmt, ...)
__attribute__ ((noreturn, format (printf, 3, 4)))
{
@@ -253,7 +253,7 @@ krb5_errx(krb5_context context, int eval, const char *fmt, ...)
* @ingroup krb5_error
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_vabort(krb5_context context, krb5_error_code code,
const char *fmt, va_list ap)
__attribute__ ((noreturn, format (printf, 3, 0)))
@@ -273,7 +273,7 @@ krb5_vabort(krb5_context context, krb5_error_code code,
* @ingroup krb5_error
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_abort(krb5_context context, krb5_error_code code, const char *fmt, ...)
__attribute__ ((noreturn, format (printf, 3, 4)))
{
@@ -281,7 +281,7 @@ krb5_abort(krb5_context context, krb5_error_code code, const char *fmt, ...)
abort();
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_vabortx(krb5_context context, const char *fmt, va_list ap)
__attribute__ ((noreturn, format (printf, 2, 0)))
{
@@ -299,7 +299,7 @@ krb5_vabortx(krb5_context context, const char *fmt, va_list ap)
* @ingroup krb5_error
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_abortx(krb5_context context, const char *fmt, ...)
__attribute__ ((noreturn, format (printf, 2, 3)))
{
@@ -316,7 +316,7 @@ krb5_abortx(krb5_context context, const char *fmt, ...)
* @ingroup krb5_error
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_set_warn_dest(krb5_context context, krb5_log_facility *fac)
{
context->warn_dest = fac;
@@ -331,7 +331,7 @@ krb5_set_warn_dest(krb5_context context, krb5_log_facility *fac)
* @ingroup krb5_error
*/
-krb5_log_facility * KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_log_facility * KRB5_LIB_CALL
krb5_get_warn_dest(krb5_context context)
{
return context->warn_dest;