diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2010-01-12 18:16:45 +1100 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2010-03-27 11:51:27 +1100 |
| commit | 89eaef025376339ef25d07cdc4748920fceaa968 (patch) | |
| tree | f514f4632c9d54a372a7f1f0ca845a0c3a488fbf /source4/heimdal | |
| parent | fac8ca52ade6e490eea3cf3d0fc98287da321c13 (diff) | |
| download | samba-89eaef025376339ef25d07cdc4748920fceaa968.tar.gz samba-89eaef025376339ef25d07cdc4748920fceaa968.tar.bz2 samba-89eaef025376339ef25d07cdc4748920fceaa968.zip | |
s4:heimdal: import lorikeet-heimdal-201001120029 (commit a5e675fed7c5db8a7370b77ed0bfa724196aa84d)
Diffstat (limited to 'source4/heimdal')
222 files changed, 4091 insertions, 1939 deletions
diff --git a/source4/heimdal/cf/make-proto.pl b/source4/heimdal/cf/make-proto.pl index 04733e1281..12c6d07f5e 100644 --- a/source4/heimdal/cf/make-proto.pl +++ b/source4/heimdal/cf/make-proto.pl @@ -253,8 +253,14 @@ $private_h_trailer = ""; foreach(sort keys %funcs){ if(/^(main)$/) { next } + if ($funcs{$_} =~ /\^/) { + $beginblock = "#ifdef __BLOCKS__\n"; + $endblock = "#endif /* __BLOCKS__ */\n"; + } else { + $beginblock = $endblock = ""; + } if(!defined($exported{$_}) && /$private_func_re/) { - $private_h .= $funcs{$_} . "\n\n"; + $private_h .= $beginblock . $funcs{$_} . "\n" . $endblock . "\n"; if($funcs{$_} =~ /__attribute__/) { $private_attribute_seen = 1; } @@ -267,7 +273,7 @@ foreach(sort keys %funcs){ $public_h .= "#ifndef HAVE_$fupper\n"; } } - $public_h .= $funcs{$_} . "\n"; + $public_h .= $beginblock . $funcs{$_} . "\n" . $endblock; if($funcs{$_} =~ /__attribute__/) { $public_attribute_seen = 1; } @@ -310,26 +316,33 @@ extern \"C\" { } if ($opt_E) { $public_h_header .= "#ifndef $opt_E +#ifndef ${opt_E}_FUNCTION #if defined(_WIN32) -#define ${opt_E}_FUNCTION __stdcall __declspec(dllimport) +#define ${opt_E}_FUNCTION __declspec(dllimport) +#define ${opt_E}_CALL __stdcall #define ${opt_E}_VARIABLE __declspec(dllimport) #else #define ${opt_E}_FUNCTION +#define ${opt_E}_CALL #define ${opt_E}_VARIABLE #endif #endif - +#endif "; $private_h_header .= "#ifndef $opt_E +#ifndef ${opt_E}_FUNCTION #if defined(_WIN32) -#define ${opt_E}_FUNCTION __stdcall __declspec(dllimport) +#define ${opt_E}_FUNCTION __declspec(dllimport) +#define ${opt_E}_CALL __stdcall #define ${opt_E}_VARIABLE __declspec(dllimport) #else #define ${opt_E}_FUNCTION +#define ${opt_E}_CALL #define ${opt_E}_VARIABLE #endif #endif +#endif "; } diff --git a/source4/heimdal/kdc/default_config.c b/source4/heimdal/kdc/default_config.c index bf65af3cb9..b568522fa4 100644 --- a/source4/heimdal/kdc/default_config.c +++ b/source4/heimdal/kdc/default_config.c @@ -1,9 +1,10 @@ /* * Copyright (c) 1997-2007 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). - * * All rights reserved. * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -215,7 +216,6 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config) "kdc", "kdc_warn_pwexpire", NULL); -#ifdef PKINIT c->enable_pkinit = krb5_config_get_bool_default(context, NULL, @@ -223,74 +223,73 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config) "kdc", "enable-pkinit", NULL); - if (c->enable_pkinit) { - const char *user_id, *anchors, *file; - char **pool_list, **revoke_list; - - user_id = - krb5_config_get_string(context, NULL, - "kdc", "pkinit_identity", NULL); - if (user_id == NULL) - krb5_errx(context, 1, "pkinit enabled but no identity"); - anchors = krb5_config_get_string(context, NULL, - "kdc", "pkinit_anchors", NULL); - if (anchors == NULL) - krb5_errx(context, 1, "pkinit enabled but no X509 anchors"); - pool_list = - krb5_config_get_strings(context, NULL, - "kdc", "pkinit_pool", NULL); + c->pkinit_kdc_identity = + krb5_config_get_string(context, NULL, + "kdc", "pkinit_identity", NULL); + c->pkinit_kdc_anchors = + krb5_config_get_string(context, NULL, + "kdc", "pkinit_anchors", NULL); + c->pkinit_kdc_cert_pool = + krb5_config_get_strings(context, NULL, + "kdc", "pkinit_pool", NULL); + c->pkinit_kdc_revoke = + krb5_config_get_strings(context, NULL, + "kdc", "pkinit_revoke", NULL); + c->pkinit_kdc_ocsp_file = + krb5_config_get_string(context, NULL, + "kdc", "pkinit_kdc_ocsp", NULL); + c->pkinit_kdc_friendly_name = + krb5_config_get_string(context, NULL, + "kdc", "pkinit_kdc_friendly_name", NULL); + c->pkinit_princ_in_cert = + krb5_config_get_bool_default(context, NULL, + c->pkinit_princ_in_cert, + "kdc", + "pkinit_principal_in_certificate", + NULL); + c->pkinit_require_binding = + krb5_config_get_bool_default(context, NULL, + c->pkinit_require_binding, + "kdc", + "pkinit_win2k_require_binding", + NULL); + c->pkinit_dh_min_bits = + krb5_config_get_int_default(context, NULL, + 0, + "kdc", "pkinit_dh_min_bits", NULL); - revoke_list = - krb5_config_get_strings(context, NULL, - "kdc", "pkinit_revoke", NULL); - file = krb5_config_get_string(context, NULL, - "kdc", "pkinit_kdc_ocsp", NULL); - if (file) { - c->pkinit_kdc_ocsp_file = strdup(file); - if (c->pkinit_kdc_ocsp_file == NULL) - krb5_errx(context, 1, "out of memory"); - } - - file = krb5_config_get_string(context, NULL, - "kdc", "pkinit_kdc_friendly_name", NULL); - if (file) { - c->pkinit_kdc_friendly_name = strdup(file); - if (c->pkinit_kdc_friendly_name == NULL) - krb5_errx(context, 1, "out of memory"); - } +#ifdef __APPLE__ + c->enable_pkinit = 1; + if (c->pkinit_kdc_identity == NULL) { + if (c->pkinit_kdc_friendly_name == NULL) + c->pkinit_kdc_friendly_name = + strdup("O=System Identity,CN=com.apple.kerberos.kdc"); + c->pkinit_kdc_identity = strdup("KEYCHAIN:"); + } + if (c->pkinit_kdc_anchors == NULL) + c->pkinit_kdc_anchors = strdup("KEYCHAIN:"); - _kdc_pk_initialize(context, c, user_id, anchors, - pool_list, revoke_list); +#endif - krb5_config_free_strings(pool_list); - krb5_config_free_strings(revoke_list); + if (c->enable_pkinit) { + if (c->pkinit_kdc_identity == NULL) + krb5_errx(context, 1, "pkinit enabled but no identity"); + + if (c->pkinit_kdc_anchors == NULL) + krb5_errx(context, 1, "pkinit enabled but no X509 anchors"); - c->pkinit_princ_in_cert = - krb5_config_get_bool_default(context, NULL, - c->pkinit_princ_in_cert, - "kdc", - "pkinit_principal_in_certificate", - NULL); + krb5_kdc_pk_initialize(context, c, + c->pkinit_kdc_identity, + c->pkinit_kdc_anchors, + c->pkinit_kdc_cert_pool, + c->pkinit_kdc_revoke); - c->pkinit_require_binding = - krb5_config_get_bool_default(context, NULL, - c->pkinit_require_binding, - "kdc", - "pkinit_win2k_require_binding", - NULL); } - - c->pkinit_dh_min_bits = - krb5_config_get_int_default(context, NULL, - 0, - "kdc", "pkinit_dh_min_bits", NULL); - -#endif - + *config = c; return 0; diff --git a/source4/heimdal/kdc/headers.h b/source4/heimdal/kdc/headers.h index b9a828852a..1eb3ddedcd 100644 --- a/source4/heimdal/kdc/headers.h +++ b/source4/heimdal/kdc/headers.h @@ -38,9 +38,8 @@ #ifndef __HEADERS_H__ #define __HEADERS_H__ -#ifdef HAVE_CONFIG_H #include <config.h> -#endif + #include <limits.h> #include <stdio.h> #include <stdlib.h> diff --git a/source4/heimdal/kdc/kdc.h b/source4/heimdal/kdc/kdc.h index 285a33af14..c353ca1c5f 100644 --- a/source4/heimdal/kdc/kdc.h +++ b/source4/heimdal/kdc/kdc.h @@ -74,8 +74,12 @@ typedef struct krb5_kdc_configuration { krb5_boolean enable_pkinit; krb5_boolean pkinit_princ_in_cert; - char *pkinit_kdc_ocsp_file; - char *pkinit_kdc_friendly_name; + const char *pkinit_kdc_identity; + const char *pkinit_kdc_anchors; + const char *pkinit_kdc_friendly_name; + const char *pkinit_kdc_ocsp_file; + char **pkinit_kdc_cert_pool; + char **pkinit_kdc_revoke; int pkinit_dh_min_bits; int pkinit_require_binding; int pkinit_allow_proxy_certs; diff --git a/source4/heimdal/kdc/kdc_locl.h b/source4/heimdal/kdc/kdc_locl.h index f2da03b5e6..36d694dae5 100644 --- a/source4/heimdal/kdc/kdc_locl.h +++ b/source4/heimdal/kdc/kdc_locl.h @@ -77,4 +77,8 @@ loop(krb5_context context, krb5_kdc_configuration *config); krb5_kdc_configuration * configure(krb5_context context, int argc, char **argv); +#ifdef __APPLE__ +void bonjour_announce(krb5_context, krb5_kdc_configuration *); +#endif + #endif /* __KDC_LOCL_H__ */ diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c index fb88aa9f8f..87162d5f98 100644 --- a/source4/heimdal/kdc/kerberos5.c +++ b/source4/heimdal/kdc/kerberos5.c @@ -60,13 +60,13 @@ realloc_method_data(METHOD_DATA *md) } static void -set_salt_padata (METHOD_DATA *md, Salt *salt) +set_salt_padata(METHOD_DATA *md, Salt *salt) { if (salt) { - realloc_method_data(md); - md->val[md->len - 1].padata_type = salt->type; - der_copy_octet_string(&salt->salt, - &md->val[md->len - 1].padata_value); + realloc_method_data(md); + md->val[md->len - 1].padata_type = salt->type; + der_copy_octet_string(&salt->salt, + &md->val[md->len - 1].padata_value); } } @@ -127,7 +127,7 @@ is_default_salt_p(const krb5_salt *default_salt, const Key *key) krb5_error_code _kdc_find_etype(krb5_context context, const hdb_entry_ex *princ, krb5_enctype *etypes, unsigned len, - Key **ret_key, krb5_enctype *ret_etype) + Key **ret_key) { int i; krb5_error_code ret = KRB5KDC_ERR_ETYPE_NOSUPP; @@ -148,7 +148,6 @@ _kdc_find_etype(krb5_context context, const hdb_entry_ex *princ, continue; } *ret_key = key; - *ret_etype = etypes[i]; ret = 0; if (is_default_salt_p(&def_salt, key)) { krb5_free_salt (context, def_salt); @@ -287,8 +286,9 @@ _kdc_encode_reply(krb5_context context, ret = krb5_crypto_init(context, skey, etype, &crypto); if (ret) { + const char *msg; free(buf); - const char *msg = krb5_get_error_message(context, ret); + msg = krb5_get_error_message(context, ret); kdc_log(context, config, 0, "krb5_crypto_init failed: %s", msg); krb5_free_error_message(context, msg); return ret; @@ -902,7 +902,7 @@ _kdc_as_rep(krb5_context context, KDCOptions f = b->kdc_options; hdb_entry_ex *client = NULL, *server = NULL; HDB *clientdb; - krb5_enctype cetype, setype, sessionetype; + krb5_enctype setype, sessionetype; krb5_data e_data; EncTicketPart et; EncKDCRepPart ek; @@ -912,15 +912,20 @@ _kdc_as_rep(krb5_context context, const char *e_text = NULL; krb5_crypto crypto; Key *ckey, *skey; - EncryptionKey *reply_key; + EncryptionKey *reply_key, session_key; int flags = 0; #ifdef PKINIT pk_client_params *pkp = NULL; #endif memset(&rep, 0, sizeof(rep)); + memset(&session_key, 0, sizeof(session_key)); krb5_data_zero(&e_data); + ALLOC(rep.padata); + rep.padata->len = 0; + rep.padata->val = NULL; + if (f.canonicalize) flags |= HDB_F_CANON; @@ -1009,18 +1014,58 @@ _kdc_as_rep(krb5_context context, memset(&ek, 0, sizeof(ek)); /* - * Find the client key for reply encryption and pa-type salt, Pick - * the client key upfront before the other keys because that is - * going to affect what enctypes we are going to use in - * ETYPE-INFO{,2}. + * Select a session enctype from the list of the crypto systems + * supported enctype, is supported by the client and is one of the + * enctype of the enctype of the krbtgt. + * + * The later is used as a hint what enctype all KDC are supporting + * to make sure a newer version of KDC wont generate a session + * enctype that and older version of a KDC in the same realm can't + * decrypt. + * + * But if the KDC admin is paranoid and doesn't want to have "no + * the best" enctypes on the krbtgt, lets save the best pick from + * the client list and hope that that will work for any other + * KDCs. */ + { + const krb5_enctype *p; + krb5_enctype clientbest = ETYPE_NULL; + int i, j; - ret = _kdc_find_etype(context, client, b->etype.val, b->etype.len, - &ckey, &cetype); - if (ret) { - kdc_log(context, config, 0, - "Client (%s) has no support for etypes", client_name); - goto out; + p = krb5_kerberos_enctypes(context); + + sessionetype = ETYPE_NULL; + + for (i = 0; p[i] != ETYPE_NULL && sessionetype == ETYPE_NULL; i++) { + if (krb5_enctype_valid(context, p[i]) != 0) + continue; + + for (j = 0; j < b->etype.len && sessionetype == ETYPE_NULL; j++) { + Key *dummy; + /* check with client */ + if (p[i] != b->etype.val[j]) + continue; + /* save best of union of { client, crypto system } */ + if (clientbest == ETYPE_NULL) + clientbest = p[i]; + /* check with krbtgt */ + ret = hdb_enctype2key(context, &server->entry, p[i], &dummy); + if (ret) + continue; + sessionetype = p[i]; + } + } + /* if krbtgt had no shared keys with client, pick clients best */ + if (clientbest != ETYPE_NULL && sessionetype == ETYPE_NULL) { + sessionetype = clientbest; + } else if (sessionetype == ETYPE_NULL) { + kdc_log(context, config, 0, + "Client (%s) from %s has no common enctypes with KDC" + "to use for the session key", + client_name, from); + goto out; + } } /* @@ -1230,7 +1275,11 @@ _kdc_as_rep(krb5_context context, } et.flags.pre_authent = 1; - ret = krb5_enctype_to_string(context,pa_key->key.keytype, &str); + set_salt_padata(rep.padata, pa_key->salt); + + reply_key = &pa_key->key; + + ret = krb5_enctype_to_string(context, pa_key->key.keytype, &str); if (ret) str = NULL; @@ -1300,7 +1349,9 @@ _kdc_as_rep(krb5_context context, /* * If there is a client key, send ETYPE_INFO{,2} */ - if (ckey) { + ret = _kdc_find_etype(context, client, b->etype.val, b->etype.len, + &ckey); + if (ret == 0) { /* * RFC4120 requires: @@ -1371,63 +1422,6 @@ _kdc_as_rep(krb5_context context, if(ret) goto out; - /* - * Select a session enctype from the list of the crypto systems - * supported enctype, is supported by the client and is one of the - * enctype of the enctype of the krbtgt. - * - * The later is used as a hint what enctype all KDC are supporting - * to make sure a newer version of KDC wont generate a session - * enctype that and older version of a KDC in the same realm can't - * decrypt. - * - * But if the KDC admin is paranoid and doesn't want to have "no - * the best" enctypes on the krbtgt, lets save the best pick from - * the client list and hope that that will work for any other - * KDCs. - */ - { - const krb5_enctype *p; - krb5_enctype clientbest = ETYPE_NULL; - int i, j; - - p = krb5_kerberos_enctypes(context); - - sessionetype = ETYPE_NULL; - - for (i = 0; p[i] != ETYPE_NULL && sessionetype == ETYPE_NULL; i++) { - if (krb5_enctype_valid(context, p[i]) != 0) - continue; - - for (j = 0; j < b->etype.len && sessionetype == ETYPE_NULL; j++) { - Key *dummy; - /* check with client */ - if (p[i] != b->etype.val[j]) - continue; - /* save best of union of { client, crypto system } */ - if (clientbest == ETYPE_NULL) - clientbest = p[i]; - /* check with krbtgt */ - ret = hdb_enctype2key(context, &server->entry, p[i], &dummy); - if (ret) - continue; - sessionetype = p[i]; - } - } - /* if krbtgt had no shared keys with client, pick clients best */ - if (clientbest != ETYPE_NULL && sessionetype == ETYPE_NULL) { - sessionetype = clientbest; - } else if (sessionetype == ETYPE_NULL) { - kdc_log(context, config, 0, - "Client (%s) from %s has no common enctypes with KDC" - "to use for the session key", - client_name, from); - goto out; - } - } - - log_as_req(context, config, cetype, setype, b); - if(f.renew || f.validate || f.proxy || f.forwarded || f.enc_tkt_in_skey || (f.request_anonymous && !config->allow_anonymous)) { ret = KRB5KDC_ERR_BADOPTION; @@ -1622,10 +1616,6 @@ _kdc_as_rep(krb5_context context, copy_HostAddresses(et.caddr, ek.caddr); } - ALLOC(rep.padata); - rep.padata->len = 0; - rep.padata->val = NULL; - #if PKINIT if (pkp) { e_text = "Failed to build PK-INIT reply"; @@ -1642,12 +1632,13 @@ _kdc_as_rep(krb5_context context, goto out; } else #endif - if (ckey) { - reply_key = &ckey->key; + { ret = krb5_generate_random_keyblock(context, sessionetype, &et.key); if (ret) goto out; - } else { + } + + if (reply_key == NULL) { e_text = "Client have no reply key"; ret = KRB5KDC_ERR_CLIENT_NOTYET; goto out; @@ -1657,9 +1648,6 @@ _kdc_as_rep(krb5_context context, if (ret) goto out; - if (ckey) - set_salt_padata (rep.padata, ckey->salt); - /* Add signing of alias referral */ if (f.canonicalize) { PA_ClientCanonicalized canon; @@ -1765,6 +1753,8 @@ _kdc_as_rep(krb5_context context, if (ret) goto out; + log_as_req(context, config, reply_key->keytype, setype, b); + ret = _kdc_encode_reply(context, config, &rep, &et, &ek, setype, server->entry.kvno, &skey->key, client->entry.kvno, diff --git a/source4/heimdal/kdc/krb5tgs.c b/source4/heimdal/kdc/krb5tgs.c index 312be6e016..b6f9c865bb 100644 --- a/source4/heimdal/kdc/krb5tgs.c +++ b/source4/heimdal/kdc/krb5tgs.c @@ -1633,14 +1633,15 @@ server_lookup: } else { Key *skey; - ret = _kdc_find_etype(context, server, b->etype.val, b->etype.len, - &skey, &etype); + ret = _kdc_find_etype(context, server, + b->etype.val, b->etype.len, &skey); if(ret) { kdc_log(context, config, 0, "Server (%s) has no support for etypes", spn); goto out; } ekey = &skey->key; + etype = skey->key.keytype; kvno = server->entry.kvno; } diff --git a/source4/heimdal/kdc/kx509.c b/source4/heimdal/kdc/kx509.c index eb757bb578..f6f8f8a3bd 100644 --- a/source4/heimdal/kdc/kx509.c +++ b/source4/heimdal/kdc/kx509.c @@ -345,10 +345,24 @@ _kdc_do_kx509(krb5_context context, ret = krb5_principal_compare(context, sprincipal, principal); krb5_free_principal(context, principal); if (ret != TRUE) { + char *expected, *used; + + ret = krb5_unparse_name(context, sprincipal, &expected); + if (ret) + goto out; + ret = krb5_unparse_name(context, principal, &used); + if (ret) { + krb5_xfree(expected); + goto out; + } + ret = KRB5KDC_ERR_SERVER_NOMATCH; krb5_set_error_message(context, ret, - "User %s used wrong Kx509 service principal", - cname); + "User %s used wrong Kx509 service " + "principal, expected: %s, used %s", + cname, expected, used); + krb5_xfree(expected); + krb5_xfree(used); goto out; } } diff --git a/source4/heimdal/kdc/log.c b/source4/heimdal/kdc/log.c index b4161da45d..06e64df840 100644 --- a/source4/heimdal/kdc/log.c +++ b/source4/heimdal/kdc/log.c @@ -3,6 +3,8 @@ * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -36,13 +38,14 @@ RCSID("$Id$"); void kdc_openlog(krb5_context context, + const char *service, krb5_kdc_configuration *config) { char **s = NULL, **p; krb5_initlog(context, "kdc", &config->logf); - s = krb5_config_get_strings(context, NULL, "kdc", "logging", NULL); + s = krb5_config_get_strings(context, NULL, service, "logging", NULL); if(s == NULL) - s = krb5_config_get_strings(context, NULL, "logging", "kdc", NULL); + s = krb5_config_get_strings(context, NULL, "logging", service, NULL); if(s){ for(p = s; *p; p++) krb5_addlog_dest(context, config->logf, *p); diff --git a/source4/heimdal/kdc/pkinit.c b/source4/heimdal/kdc/pkinit.c index 7bb32eb577..099d3ebe7d 100644 --- a/source4/heimdal/kdc/pkinit.c +++ b/source4/heimdal/kdc/pkinit.c @@ -3,6 +3,8 @@ * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -1379,7 +1381,22 @@ _kdc_pk_mk_pa_reply(krb5_context context, } - ASN1_MALLOC_ENCODE(PA_PK_AS_REP, buf, len, &rep, &size, ret); +#define use_btmm_with_enckey 0 + if (use_btmm_with_enckey && rep.element == choice_PA_PK_AS_REP_encKeyPack) { + PA_PK_AS_REP_BTMM btmm; + heim_any any; + + any.data = rep.u.encKeyPack.data; + any.length = rep.u.encKeyPack.length; + + btmm.dhSignedData = NULL; + btmm.encKeyPack = &any; + + ASN1_MALLOC_ENCODE(PA_PK_AS_REP_BTMM, buf, len, &btmm, &size, ret); + } else { + ASN1_MALLOC_ENCODE(PA_PK_AS_REP, buf, len, &rep, &size, ret); + } + free_PA_PK_AS_REP(&rep); if (ret) { krb5_set_error_message(context, ret, @@ -1928,12 +1945,12 @@ load_mappings(krb5_context context, const char *fn) */ krb5_error_code -_kdc_pk_initialize(krb5_context context, - krb5_kdc_configuration *config, - const char *user_id, - const char *anchors, - char **pool, - char **revoke_list) +krb5_kdc_pk_initialize(krb5_context context, + krb5_kdc_configuration *config, + const char *user_id, + const char *anchors, + char **pool, + char **revoke_list) { const char *file; char *fn = NULL; diff --git a/source4/heimdal/kpasswd/kpasswd.c b/source4/heimdal/kpasswd/kpasswd.c index c2f980b25f..57c989719e 100644 --- a/source4/heimdal/kpasswd/kpasswd.c +++ b/source4/heimdal/kpasswd/kpasswd.c @@ -117,22 +117,21 @@ main (int argc, char **argv) krb5_error_code ret; krb5_context context; krb5_principal principal; - int optind = 0; krb5_get_init_creds_opt *opt; krb5_ccache id = NULL; int exit_value; + int optidx = 0; - optind = krb5_program_setup(&context, argc, argv, - args, sizeof(args) / sizeof(args[0]), usage); + setprogname(argv[0]); + if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx)) + usage(1, args, sizeof(args) / sizeof(args[0])); if (help_flag) - usage (0, args, sizeof(args) / sizeof(args[0])); - - if(version_flag){ - print_version (NULL); - exit(0); + usage(0, args, sizeof(args) / sizeof(args[0])); + if (version_flag) { + print_version(NULL); + return 0; } - argc -= optind; argv += optind; diff --git a/source4/heimdal/kuser/kinit.c b/source4/heimdal/kuser/kinit.c index 809d399336..4e9e6ac3d7 100644 --- a/source4/heimdal/kuser/kinit.c +++ b/source4/heimdal/kuser/kinit.c @@ -3,6 +3,8 @@ * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -33,6 +35,10 @@ #include "kuser_locl.h" +#ifdef __APPLE__ +#include <Security/Security.h> +#endif + #ifndef HEIMDAL_SMALLER #include "krb5-v4compat.h" #endif @@ -113,7 +119,7 @@ static struct getargs args[] = { { "cache", 'c', arg_string, &cred_cache, NP_("credentials cache", ""), "cachename" }, - { "forwardable", 'f', arg_flag, &forwardable_flag, + { "forwardable", 'f', arg_negative_flag, &forwardable_flag, NP_("get forwardable tickets", "")}, { "keytab", 't', arg_string, &keytab_str, @@ -422,7 +428,7 @@ get_new_tickets(krb5_context context, char passwd[256]; krb5_deltat start_time = 0; krb5_deltat renew = 0; - const char *renewstr = NULL; + char *renewstr = NULL; krb5_enctype *enctype = NULL; krb5_ccache tempccache; #ifndef NO_NTLM @@ -451,6 +457,33 @@ get_new_tickets(krb5_context context, passwd[strcspn(passwd, "\n")] = '\0'; } +#ifdef __APPLE__ + if (passwd[0] == '\0') { + const char *realm; + OSStatus osret; + UInt32 length; + void *buffer; + char *name; + + realm = krb5_principal_get_realm(context, principal); + + ret = krb5_unparse_name_flags(context, principal, + KRB5_PRINCIPAL_UNPARSE_NO_REALM, &name); + if (ret) + goto nopassword; + + osret = SecKeychainFindGenericPassword(NULL, strlen(realm), realm, + strlen(name), name, + &length, &buffer, NULL); + free(name); + if (osret == noErr && length < sizeof(passwd) - 1) { + memcpy(passwd, buffer, length); + passwd[length] = '\0'; + } + nopassword: + do { } while(0); + } +#endif memset(&cred, 0, sizeof(cred)); @@ -472,7 +505,7 @@ get_new_tickets(krb5_context context, pac_flag ? TRUE : FALSE); if (canonicalize_flag) krb5_get_init_creds_opt_set_canonicalize(context, opt, TRUE); - if (pk_enterprise_flag && windows_flag) + if ((pk_enterprise_flag || enterprise_flag || canonicalize_flag) && windows_flag) krb5_get_init_creds_opt_set_win2k(context, opt, TRUE); if (pk_user_id || ent_user_id || anonymous_flag) { ret = krb5_get_init_creds_opt_set_pkinit(context, opt, @@ -881,8 +914,23 @@ main (int argc, char **argv) #endif } else { ret = krb5_cc_cache_match(context, principal, &ccache); - if (ret) + if (ret) { + const char *type; ret = krb5_cc_default (context, &ccache); + if (ret) + krb5_err (context, 1, ret, N_("resolving credentials cache", "")); + + /* + * Check if the type support switching, and we do, + * then do that instead over overwriting the current + * default credential + */ + type = krb5_cc_get_type(context, ccache); + if (krb5_cc_support_switch(context, type)) { + krb5_cc_close(context, ccache); + ret = krb5_cc_new_unique(context, type, NULL, &ccache); + } + } } } if (ret) diff --git a/source4/heimdal/lib/asn1/asn1-common.h b/source4/heimdal/lib/asn1/asn1-common.h index 4c6af8b45e..8ab97761db 100644 --- a/source4/heimdal/lib/asn1/asn1-common.h +++ b/source4/heimdal/lib/asn1/asn1-common.h @@ -2,6 +2,7 @@ #include <stddef.h> #include <time.h> +#include <krb5-types.h> #ifndef __asn1_common_definitions__ #define __asn1_common_definitions__ diff --git a/source4/heimdal/lib/asn1/asn1_err.et b/source4/heimdal/lib/asn1/asn1_err.et index f1a653b1f9..ac7a9ebaa5 100644 --- a/source4/heimdal/lib/asn1/asn1_err.et +++ b/source4/heimdal/lib/asn1/asn1_err.et @@ -24,4 +24,6 @@ error_code MAX_CONSTRAINT, "ASN.1 too many elements" error_code EXACT_CONSTRAINT, "ASN.1 wrong number of elements" error_code INDEF_OVERRUN, "ASN.1 BER indefinte encoding overrun" error_code INDEF_UNDERRUN, "ASN.1 BER indefinte encoding underun" +error_code GOT_BER, "ASN.1 got BER encoded when expected DER" +error_code INDEF_EXTRA_DATA, "ASN.1 EoC tag contained data" end diff --git a/source4/heimdal/lib/asn1/asn1parse.y b/source4/heimdal/lib/asn1/asn1parse.y index 3835744bbd..13b86b17c1 100644 --- a/source4/heimdal/lib/asn1/asn1parse.y +++ b/source4/heimdal/lib/asn1/asn1parse.y @@ -3,6 +3,8 @@ * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -250,7 +252,7 @@ ExtensionDefault: kw_EXTENSIBILITY kw_IMPLIED | /* empty */ ; -ModuleBody : /* Exports */ Imports AssignmentList +ModuleBody : Exports Imports AssignmentList | /* empty */ ; @@ -272,11 +274,22 @@ SymbolsFromModule: referencenames kw_FROM IDENTIFIER objid_opt for(sl = $1; sl != NULL; sl = sl->next) { Symbol *s = addsym(sl->string); s->stype = Stype; + gen_template_import(s); } add_import($3); } ; +Exports : kw_EXPORTS referencenames ';' + { + struct string_list *sl; + for(sl = $2; sl != NULL; sl = sl->next) + add_export(sl->string); + } + | kw_EXPORTS kw_ALL + | /* empty */ + ; + AssignmentList : Assignment | Assignment AssignmentList ; diff --git a/source4/heimdal/lib/asn1/cms.asn1 b/source4/heimdal/lib/asn1/cms.asn1 index 1c13d5f387..ccbe683838 100644 --- a/source4/heimdal/lib/asn1/cms.asn1 +++ b/source4/heimdal/lib/asn1/cms.asn1 @@ -4,7 +4,7 @@ CMS DEFINITIONS ::= BEGIN IMPORTS CertificateSerialNumber, AlgorithmIdentifier, Name, - Attribute, Certificate, Name, SubjectKeyIdentifier FROM rfc2459 + Attribute, Certificate, SubjectKeyIdentifier FROM rfc2459 heim_any, heim_any_set FROM heim; id-pkcs7 OBJECT IDENTIFIER ::= { iso(1) member-body(2) diff --git a/source4/heimdal/lib/asn1/der.h b/source4/heimdal/lib/asn1/der.h index 5b24b917d8..f20cdb83ca 100644 --- a/source4/heimdal/lib/asn1/der.h +++ b/source4/heimdal/lib/asn1/der.h @@ -94,6 +94,8 @@ typedef struct heim_ber_time_t { int bt_zone; } heim_ber_time_t; +struct asn1_template; + #include <der-protos.h> int _heim_fix_dce(size_t reallen, size_t *len); diff --git a/source4/heimdal/lib/asn1/der_copy.c b/source4/heimdal/lib/asn1/der_copy.c index 51a2a03300..a80c851f96 100644 --- a/source4/heimdal/lib/asn1/der_copy.c +++ b/source4/heimdal/lib/asn1/der_copy.c @@ -3,6 +3,8 @@ * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -46,6 +48,34 @@ der_copy_general_string (const heim_general_string *from, } int +der_copy_integer (const int *from, int *to) +{ + *to = *from; + return 0; +} + +int +der_copy_unsigned (const unsigned *from, unsigned *to) +{ + *to = *from; + return 0; +} + +int +der_copy_generalized_time (const time_t *from, time_t *to) +{ + *to = *from; + return 0; +} + +int +der_copy_utctime (const time_t *from, time_t *to) +{ + *to = *from; + return 0; +} + +int der_copy_utf8string (const heim_utf8_string *from, heim_utf8_string *to) { return der_copy_general_string(from, to); diff --git a/source4/heimdal/lib/asn1/der_free.c b/source4/heimdal/lib/asn1/der_free.c index 743bb6c466..a16ddaed1c 100644 --- a/source4/heimdal/lib/asn1/der_free.c +++ b/source4/heimdal/lib/asn1/der_free.c @@ -3,6 +3,8 @@ * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -43,6 +45,31 @@ der_free_general_string (heim_general_string *str) } void +der_free_integer (int *i) +{ + *i = 0; +} + +void +der_free_unsigned (unsigned *u) +{ + *u = 0; +} + +void +der_free_generalized_time(time_t *t) +{ + *t = 0; +} + +void +der_free_utctime(time_t *t) +{ + *t = 0; +} + + +void der_free_utf8string (heim_utf8_string *str) { free(*str); diff --git a/source4/heimdal/lib/asn1/der_get.c b/source4/heimdal/lib/asn1/der_get.c index 5a062fb339..aee565040f 100644 --- a/source4/heimdal/lib/asn1/der_get.c +++ b/source4/heimdal/lib/asn1/der_get.c @@ -305,7 +305,7 @@ der_get_octet_string_ber (const unsigned char *p, size_t len, void *ptr; ptr = realloc(data->data, data->length + datalen); - if (ptr == NULL && data->length + datalen != 0) { + if (ptr == NULL) { e = ENOMEM; goto out; } @@ -354,23 +354,21 @@ der_get_heim_integer (const unsigned char *p, size_t len, p++; data->length--; } - if (data->length) { - data->data = malloc(data->length); - if (data->data == NULL) { - data->length = 0; - if (size) - *size = 0; - return ENOMEM; - } - q = &((unsigned char*)data->data)[data->length - 1]; - p += data->length - 1; - while (q >= (unsigned char*)data->data) { - *q = *p ^ 0xff; - if (carry) - carry = !++*q; - p--; - q--; - } + data->data = malloc(data->length); + if (data->data == NULL) { + data->length = 0; + if (size) + *size = 0; + return ENOMEM; + } + q = &((unsigned char*)data->data)[data->length - 1]; + p += data->length - 1; + while (q >= (unsigned char*)data->data) { + *q = *p ^ 0xff; + if (carry) + carry = !++*q; + p--; + q--; } } else { data->negative = 0; diff --git a/source4/heimdal/lib/asn1/der_length.c b/source4/heimdal/lib/asn1/der_length.c index 5ea3a84845..688e6ba817 100644 --- a/source4/heimdal/lib/asn1/der_length.c +++ b/source4/heimdal/lib/asn1/der_length.c @@ -3,6 +3,8 @@ * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -113,6 +115,20 @@ der_length_len (size_t len) } size_t +der_length_tag(unsigned int tag) +{ + size_t len = 0; + + if(tag <= 30) + return 1; + while(tag) { + tag /= 128; + len++; + } + return len + 1; +} + +size_t der_length_integer (const int *data) { return _heim_len_int (*data); diff --git a/source4/heimdal/lib/asn1/der_locl.h b/source4/heimdal/lib/asn1/der_locl.h index 1f27e72903..0f65c50a22 100644 --- a/source4/heimdal/lib/asn1/der_locl.h +++ b/source4/heimdal/lib/asn1/der_locl.h @@ -52,6 +52,8 @@ #include <asn1-common.h> #include <asn1_err.h> #include <der.h> +#include <der-private.h> +#include "asn1-template.h" time_t _der_timegm (struct tm *); size_t _heim_len_unsigned (unsigned); diff --git a/source4/heimdal/lib/asn1/digest.asn1 b/source4/heimdal/lib/asn1/digest.asn1 index 5ee5bd4a99..027402f1ef 100644 --- a/source4/heimdal/lib/asn1/digest.asn1 +++ b/source4/heimdal/lib/asn1/digest.asn1 @@ -100,6 +100,21 @@ NTLMResponse ::= SEQUENCE { tickets [3] SEQUENCE OF OCTET STRING OPTIONAL } +NTLMRequest2 ::= SEQUENCE { + loginUserName [0] UTF8String, + loginDomainName [1] UTF8String, + flags [2] INTEGER (0..4294967295), + lmchallenge [3] OCTET STRING SIZE (8), + ntChallengeResponce [4] OCTET STRING, + lmChallengeResponce [5] OCTET STRING +} + +NTLMReply ::= SEQUENCE { + success [0] BOOLEAN, + flags [1] INTEGER (0..4294967295), + sessionkey [2] OCTET STRING OPTIONAL +} + DigestReqInner ::= CHOICE { init [0] DigestInit, digestRequest [1] DigestRequest, diff --git a/source4/heimdal/lib/asn1/extra.c b/source4/heimdal/lib/asn1/extra.c index b244dbb52a..95780a7898 100644 --- a/source4/heimdal/lib/asn1/extra.c +++ b/source4/heimdal/lib/asn1/extra.c @@ -3,6 +3,8 @@ * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -40,13 +42,7 @@ int encode_heim_any(unsigned char *p, size_t len, const heim_any *data, size_t *size) { - if (data->length > len) - return ASN1_OVERFLOW; - p -= data->length; - len -= data->length; - memcpy (p+1, data->data, data->length); - *size = data->length; - return 0; + return der_put_octet_string (p, len, data, size); } int @@ -91,8 +87,7 @@ decode_heim_any(const unsigned char *p, size_t len, void free_heim_any(heim_any *data) { - free(data->data); - data->data = NULL; + der_free_octet_string(data); } size_t @@ -104,58 +99,43 @@ length_heim_any(const heim_any *data) int copy_heim_any(const heim_any *from, heim_any *to) { - to->data = malloc(from->length); - if (to->data == NULL && from->length != 0) - return ENOMEM; - memcpy(to->data, from->data, from->length); - to->length = from->length; - return 0; + return der_copy_octet_string(from, to); } int encode_heim_any_set(unsigned char *p, size_t len, const heim_any_set *data, size_t *size) { - return encode_heim_any(p, len, data, size); + return der_put_octet_string (p, len, data, size); } - int decode_heim_any_set(const unsigned char *p, size_t len, heim_any_set *data, size_t *size) { - memset(data, 0, sizeof(*data)); - data->data = malloc(len); - if (data->data == NULL && len != 0) - return ENOMEM; - data->length = len; - memcpy(data->data, p, len); - if (size) *size = len; - return 0; + return der_get_octet_string(p, len, data, size); } void free_heim_any_set(heim_any_set *data) { - free_heim_any(data); + der_free_octet_string(data); } size_t length_heim_any_set(const heim_any *data) { - return length_heim_any(data); + return data->length; } int copy_heim_any_set(const heim_any_set *from, heim_any_set *to) { - return copy_heim_any(from, to); + return der_copy_octet_string(from, to); } int heim_any_cmp(const heim_any_set *p, const heim_any_set *q) { - if (p->length != q->length) - return p->length - q->length; - return memcmp(p->data, q->data, p->length); + return der_heim_octet_string_cmp(p, q); } diff --git a/source4/heimdal/lib/asn1/gen.c b/source4/heimdal/lib/asn1/gen.c index 780c18b36f..8c13434203 100644 --- a/source4/heimdal/lib/asn1/gen.c +++ b/source4/heimdal/lib/asn1/gen.c @@ -3,6 +3,8 @@ * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -35,12 +37,12 @@ RCSID("$Id$"); -FILE *headerfile, *codefile, *logfile; +FILE *privheaderfile, *headerfile, *codefile, *logfile, *templatefile; #define STEM "asn1" static const char *orig_filename; -static char *header; +static char *privheader, *header, *template; static const char *headerbase = STEM; /* @@ -66,6 +68,45 @@ add_import (const char *module) fprintf (headerfile, "#include <%s_asn1.h>\n", module); } +/* + * List of all exported symbols + */ + +struct sexport { + const char *name; + int defined; + struct sexport *next; +}; + +static struct sexport *exports = NULL; + +void +add_export (const char *name) +{ + struct sexport *tmp = emalloc (sizeof(*tmp)); + + tmp->name = name; + tmp->next = exports; + exports = tmp; +} + +int +is_export(const char *name) +{ + struct sexport *tmp; + + if (exports == NULL) /* no export list, all exported */ + return 1; + + for (tmp = exports; tmp != NULL; tmp = tmp->next) { + if (strcmp(tmp->name, name) == 0) { + tmp->defined = 1; + return 1; + } + } + return 0; +} + const char * get_filename (void) { @@ -96,6 +137,23 @@ init_generate (const char *filename, const char *base) err (1, "open %s", fn); free(fn); + /* private header file */ + asprintf(&privheader, "%s-priv.h", headerbase); + if (privheader == NULL) + errx(1, "malloc"); + asprintf(&fn, "%s-priv.hx", headerbase); + if (fn == NULL) + errx(1, "malloc"); + privheaderfile = fopen (fn, "w"); + if (privheaderfile == NULL) + err (1, "open %s", fn); + free(fn); + + /* template file */ + asprintf(&template, "%s-template.c", headerbase); + if (template == NULL) + errx(1, "malloc"); + fprintf (headerfile, "/* Generated from %s */\n" "/* Do not edit */\n\n", @@ -182,6 +240,36 @@ init_generate (const char *filename, const char *base) logfile = fopen(fn, "w"); if (logfile == NULL) err (1, "open %s", fn); + + /* if one code file, write into the one codefile */ + if (one_code_file) + return; + + templatefile = fopen (template, "w"); + if (templatefile == NULL) + err (1, "open %s", template); + + fprintf (templatefile, + "/* Generated from %s */\n" + "/* Do not edit */\n\n" + "#include <stdio.h>\n" + "#include <stdlib.h>\n" + "#include <time.h>\n" + "#include <string.h>\n" + "#include <errno.h>\n" + "#include <limits.h>\n" + "#include <krb5-types.h>\n", + filename); + + fprintf (templatefile, + "#include <%s>\n" + "#include <%s>\n" + "#include <der.h>\n" + "#include <der-private.h>\n" + "#include <asn1-template.h>\n", + header, privheader); + + } void @@ -189,9 +277,15 @@ close_generate (void) { fprintf (headerfile, "#endif /* __%s_h__ */\n", headerbase); - fclose (headerfile); - fprintf (logfile, "\n"); - fclose (logfile); + if (headerfile) + fclose (headerfile); + if (privheaderfile) + fclose (privheaderfile); + if (templatefile) + fclose (templatefile); + if (logfile) + fprintf (logfile, "\n"); + fclose (logfile); } void @@ -265,11 +359,14 @@ generate_header_of_codefile(const char *name) orig_filename); fprintf (codefile, - "#include <%s.h>\n", - headerbase); + "#include <%s>\n" + "#include <%s>\n", + header, privheader); fprintf (codefile, "#include <asn1_err.h>\n" "#include <der.h>\n" + "#include <der-private.h>\n" + "#include <asn1-template.h>\n" "#include <parse_units.h>\n\n"); } @@ -328,8 +425,6 @@ generate_constant (const Symbol *s) } fprintf (headerfile, "} */\n"); - fprintf (headerfile, "const heim_oid *oid_%s(void);\n", - s->gen_name); fprintf (headerfile, "extern const heim_oid asn1_oid_%s;\n\n", s->gen_name); @@ -346,12 +441,6 @@ generate_constant (const Symbol *s) "{ %d, oid_%s_variable_num };\n\n", s->gen_name, len, s->gen_name); - fprintf (codefile, "const heim_oid *oid_%s(void)\n" - "{\n" - "return &asn1_oid_%s;\n" - "}\n\n", - s->gen_name, s->gen_name); - free(list); if (!one_code_file) @@ -364,6 +453,33 @@ generate_constant (const Symbol *s) } } +int +is_primitive_type(int type) +{ + switch(type) { + case TInteger: + case TBoolean: + case TOctetString: + case TBitString: + case TEnumerated: + case TGeneralizedTime: + case TGeneralString: + case TTeletexString: + case TOID: + case TUTCTime: + case TUTF8String: + case TPrintableString: + case TIA5String: + case TBMPString: + case TUniversalString: + case TVisibleString: + case TNull: + return 1; + default: + return 0; + } +} + static void space(int level) { @@ -550,8 +666,24 @@ define_asn1 (int level, Type *t) } static void -define_type (int level, const char *name, Type *t, int typedefp, int preservep) +getnewbasename(char **newbasename, int typedefp, const char *basename, const char *name) +{ + if (typedefp) + *newbasename = strdup(name); + else { + if (name[0] == '*') + name++; + asprintf(newbasename, "%s_%s", basename, name); + } + if (*newbasename == NULL) + err(1, "malloc"); +} + +static void +define_type (int level, const char *name, const char *basename, Type *t, int typedefp, int preservep) { + char *newbasename = NULL; + switch (t->type) { case TType: space(level); @@ -602,16 +734,37 @@ define_type (int level, const char *name, Type *t, int typedefp, int preservep) if(ASN1_TAILQ_EMPTY(t->members)) fprintf (headerfile, "heim_bit_string %s;\n", name); else { - fprintf (headerfile, "struct %s {\n", typedefp ? name : ""); + int pos = 0; + getnewbasename(&newbasename, typedefp, basename, name); + + fprintf (headerfile, "struct %s {\n", newbasename); ASN1_TAILQ_FOREACH(m, t->members, members) { char *n; + /* pad unused */ + while (pos < m->val) { + asprintf (&n, "_unused%d:1", pos); + define_type (level + 1, n, newbasename, &i, FALSE, FALSE); + free(n); + pos++; + } + asprintf (&n, "%s:1", m->gen_name); if (n == NULL) errx(1, "malloc"); - define_type (level + 1, n, &i, FALSE, FALSE); + define_type (level + 1, n, newbasename, &i, FALSE, FALSE); free (n); + pos++; + } + /* pad to 32 elements */ + while (pos < 32) { + char *n; + asprintf (&n, "_unused%d:1", pos); + define_type (level + 1, n, newbasename, &i, FALSE, FALSE); + free(n); + pos++; } + space(level); fprintf (headerfile, "} %s;\n\n", name); } @@ -638,8 +791,10 @@ define_type (int level, const char *name, Type *t, int typedefp, int preservep) case TSequence: { Member *m; + getnewbasename(&newbasename, typedefp, basename, name); + space(level); - fprintf (headerfile, "struct %s {\n", typedefp ? name : ""); + fprintf (headerfile, "struct %s {\n", newbasename); if (t->type == TSequence && preservep) { space(level + 1); fprintf(headerfile, "heim_octet_string _save;\n"); @@ -653,10 +808,10 @@ define_type (int level, const char *name, Type *t, int typedefp, int preservep) asprintf (&n, "*%s", m->gen_name); if (n == NULL) errx(1, "malloc"); - define_type (level + 1, n, m->type, FALSE, FALSE); + define_type (level + 1, n, newbasename, m->type, FALSE, FALSE); free (n); } else - define_type (level + 1, m->gen_name, m->type, FALSE, FALSE); + define_type (level + 1, m->gen_name, newbasename, m->type, FALSE, FALSE); } space(level); fprintf (headerfile, "} %s;\n", name); @@ -667,15 +822,17 @@ define_type (int level, const char *name, Type *t, int typedefp, int preservep) Type i; struct range range = { 0, INT_MAX }; + getnewbasename(&newbasename, typedefp, basename, name); + i.type = TInteger; i.range = ⦥ i.members = NULL; i.constraint = NULL; space(level); - fprintf (headerfile, "struct %s {\n", typedefp ? name : ""); - define_type (level + 1, "len", &i, FALSE, FALSE); - define_type (level + 1, "*val", t->subtype, FALSE, FALSE); + fprintf (headerfile, "struct %s {\n", newbasename); + define_type (level + 1, "len", newbasename, &i, FALSE, FALSE); + define_type (level + 1, "*val", newbasename, t->subtype, FALSE, FALSE); space(level); fprintf (headerfile, "} %s;\n", name); break; @@ -693,14 +850,16 @@ define_type (int level, const char *name, Type *t, int typedefp, int preservep) fprintf (headerfile, "heim_general_string %s;\n", name); break; case TTag: - define_type (level, name, t->subtype, typedefp, preservep); + define_type (level, name, basename, t->subtype, typedefp, preservep); break; case TChoice: { int first = 1; Member *m; + getnewbasename(&newbasename, typedefp, basename, name); + space(level); - fprintf (headerfile, "struct %s {\n", typedefp ? name : ""); + fprintf (headerfile, "struct %s {\n", newbasename); if (preservep) { space(level + 1); fprintf(headerfile, "heim_octet_string _save;\n"); @@ -737,10 +896,10 @@ define_type (int level, const char *name, Type *t, int typedefp, int preservep) asprintf (&n, "*%s", m->gen_name); if (n == NULL) errx(1, "malloc"); - define_type (level + 2, n, m->type, FALSE, FALSE); + define_type (level + 2, n, newbasename, m->type, FALSE, FALSE); free (n); } else - define_type (level + 2, m->gen_name, m->type, FALSE, FALSE); + define_type (level + 2, m->gen_name, newbasename, m->type, FALSE, FALSE); } space(level + 1); fprintf (headerfile, "} u;\n"); @@ -787,6 +946,8 @@ define_type (int level, const char *name, Type *t, int typedefp, int preservep) default: abort (); } + if (newbasename) + free(newbasename); } static void @@ -800,27 +961,61 @@ generate_type_header (const Symbol *s) fprintf (headerfile, "\n*/\n\n"); fprintf (headerfile, "typedef "); - define_type (0, s->gen_name, s->type, TRUE, preservep); + define_type (0, s->gen_name, s->gen_name, s->type, TRUE, preservep); fprintf (headerfile, "\n"); } - void generate_type (const Symbol *s) { + FILE *h; + if (!one_code_file) generate_header_of_codefile(s->gen_name); generate_type_header (s); - generate_type_encode (s); - generate_type_decode (s); - generate_type_free (s); - generate_type_length (s); - generate_type_copy (s); + + if (template_flag) + generate_template(s); + + if (template_flag == 0 || is_template_compat(s) == 0) { + generate_type_encode (s); + generate_type_decode (s); + generate_type_free (s); + generate_type_length (s); + generate_type_copy (s); + } generate_type_seq (s); generate_glue (s->type, s->gen_name); - fprintf(headerfile, "\n\n"); + + /* generate prototypes */ + + if (is_export(s->name)) + h = headerfile; + else + h = privheaderfile; + + fprintf (h, + "int " + "decode_%s(const unsigned char *, size_t, %s *, size_t *);\n", + s->gen_name, s->gen_name); + fprintf (h, + "int " + "encode_%s(unsigned char *, size_t, const %s *, size_t *);\n", + s->gen_name, s->gen_name); + fprintf (h, + "size_t length_%s(const %s *);\n", + s->gen_name, s->gen_name); + fprintf (h, + "int copy_%s (const %s *, %s *);\n", + s->gen_name, s->gen_name, s->gen_name); + fprintf (h, + "void free_%s (%s *);\n", + s->gen_name, s->gen_name); + + + fprintf(h, "\n\n"); if (!one_code_file) { fprintf(codefile, "\n\n"); diff --git a/source4/heimdal/lib/asn1/gen_copy.c b/source4/heimdal/lib/asn1/gen_copy.c index f28647d19a..5e228d0e64 100644 --- a/source4/heimdal/lib/asn1/gen_copy.c +++ b/source4/heimdal/lib/asn1/gen_copy.c @@ -228,10 +228,6 @@ generate_type_copy (const Symbol *s) used_fail = 0; - fprintf (headerfile, - "int copy_%s (const %s *, %s *);\n", - s->gen_name, s->gen_name, s->gen_name); - fprintf (codefile, "int\n" "copy_%s(const %s *from, %s *to)\n" "{\n" diff --git a/source4/heimdal/lib/asn1/gen_decode.c b/source4/heimdal/lib/asn1/gen_decode.c index 327de4c98c..043cfac2db 100644 --- a/source4/heimdal/lib/asn1/gen_decode.c +++ b/source4/heimdal/lib/asn1/gen_decode.c @@ -56,33 +56,6 @@ decode_primitive (const char *typename, const char *name, const char *forwstr) #endif } -static int -is_primitive_type(int type) -{ - switch(type) { - case TInteger: - case TBoolean: - case TOctetString: - case TBitString: - case TEnumerated: - case TGeneralizedTime: - case TGeneralString: - case TTeletexString: - case TOID: - case TUTCTime: - case TUTF8String: - case TPrintableString: - case TIA5String: - case TBMPString: - case TUniversalString: - case TVisibleString: - case TNull: - return 1; - default: - return 0; - } -} - static void find_tag (const Type *t, Der_class *cl, Der_type *ty, unsigned *tag) @@ -630,7 +603,7 @@ decode_type (const char *name, const Type *t, int optional, fprintf(codefile, "else {\n" "(%s)->u.%s.data = calloc(1, len);\n" - "if ((%s)->u.%s.data == NULL && len != 0) {\n" + "if ((%s)->u.%s.data == NULL) {\n" "e = ENOMEM; %s;\n" "}\n" "(%s)->u.%s.length = len;\n" @@ -694,11 +667,6 @@ generate_type_decode (const Symbol *s) { int preserve = preserve_type(s->name) ? TRUE : FALSE; - fprintf (headerfile, - "int " - "decode_%s(const unsigned char *, size_t, %s *, size_t *);\n", - s->gen_name, s->gen_name); - fprintf (codefile, "int\n" "decode_%s(const unsigned char *p," " size_t len, %s *data, size_t *size)\n" @@ -744,7 +712,7 @@ generate_type_decode (const Symbol *s) if (preserve) fprintf (codefile, "data->_save.data = calloc(1, ret);\n" - "if (data->_save.data == NULL && ret != 0) { \n" + "if (data->_save.data == NULL) { \n" "e = ENOMEM; goto fail; \n" "}\n" "data->_save.length = ret;\n" diff --git a/source4/heimdal/lib/asn1/gen_encode.c b/source4/heimdal/lib/asn1/gen_encode.c index 012d4677f4..e9b4e7cd12 100644 --- a/source4/heimdal/lib/asn1/gen_encode.c +++ b/source4/heimdal/lib/asn1/gen_encode.c @@ -508,11 +508,6 @@ encode_type (const char *name, const Type *t, const char *tmpstr) void generate_type_encode (const Symbol *s) { - fprintf (headerfile, - "int " - "encode_%s(unsigned char *, size_t, const %s *, size_t *);\n", - s->gen_name, s->gen_name); - fprintf (codefile, "int\n" "encode_%s(unsigned char *p, size_t len," " const %s *data, size_t *size)\n" diff --git a/source4/heimdal/lib/asn1/gen_free.c b/source4/heimdal/lib/asn1/gen_free.c index 48fe8cd787..dc612074a3 100644 --- a/source4/heimdal/lib/asn1/gen_free.c +++ b/source4/heimdal/lib/asn1/gen_free.c @@ -180,18 +180,14 @@ free_type (const char *name, const Type *t, int preserve) void generate_type_free (const Symbol *s) { - int preserve = preserve_type(s->name) ? TRUE : FALSE; - - fprintf (headerfile, - "void free_%s (%s *);\n", - s->gen_name, s->gen_name); - - fprintf (codefile, "void\n" - "free_%s(%s *data)\n" - "{\n", - s->gen_name, s->gen_name); - - free_type ("data", s->type, preserve); - fprintf (codefile, "}\n\n"); + int preserve = preserve_type(s->name) ? TRUE : FALSE; + + fprintf (codefile, "void\n" + "free_%s(%s *data)\n" + "{\n", + s->gen_name, s->gen_name); + + free_type ("data", s->type, preserve); + fprintf (codefile, "}\n\n"); } diff --git a/source4/heimdal/lib/asn1/gen_glue.c b/source4/heimdal/lib/asn1/gen_glue.c index 9f7eca45eb..32680cef41 100644 --- a/source4/heimdal/lib/asn1/gen_glue.c +++ b/source4/heimdal/lib/asn1/gen_glue.c @@ -3,6 +3,8 @@ * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -70,7 +72,8 @@ generate_int2 (const Type *t, const char *gen_name) fprintf (codefile, "%s int2%s(unsigned n)\n" "{\n" - "\t%s flags;\n\n", + "\t%s flags;\n\n" + "\tmemset(&flags, 0, sizeof(flags));\n\n", gen_name, gen_name, gen_name); if(t->members) { @@ -92,9 +95,17 @@ generate_units (const Type *t, const char *gen_name) { Member *m; - fprintf (headerfile, - "const struct units * asn1_%s_units(void);", - gen_name); + if (template_flag) { + fprintf (headerfile, + "extern const struct units *asn1_%s_table_units;\n", + gen_name); + fprintf (headerfile, "#define asn1_%s_units() (asn1_%s_table_units)\n", + gen_name, gen_name); + } else { + fprintf (headerfile, + "const struct units * asn1_%s_units(void);", + gen_name); + } fprintf (codefile, "static struct units %s_units[] = {\n", @@ -111,11 +122,16 @@ generate_units (const Type *t, const char *gen_name) "\t{NULL,\t0}\n" "};\n\n"); - fprintf (codefile, - "const struct units * asn1_%s_units(void){\n" - "return %s_units;\n" - "}\n\n", - gen_name, gen_name); + if (template_flag) + fprintf (codefile, + "const struct units * asn1_%s_table_units = %s_units;\n", + gen_name, gen_name); + else + fprintf (codefile, + "const struct units * asn1_%s_units(void){\n" + "return %s_units;\n" + "}\n\n", + gen_name, gen_name); } diff --git a/source4/heimdal/lib/asn1/gen_length.c b/source4/heimdal/lib/asn1/gen_length.c index e1f045c4c5..da6d26e373 100644 --- a/source4/heimdal/lib/asn1/gen_length.c +++ b/source4/heimdal/lib/asn1/gen_length.c @@ -43,6 +43,7 @@ length_primitive (const char *typename, fprintf (codefile, "%s += der_length_%s(%s);\n", variable, typename, name); } +/* XXX same as der_length_tag */ static size_t length_tag(unsigned int tag) { @@ -269,10 +270,6 @@ length_type (const char *name, const Type *t, void generate_type_length (const Symbol *s) { - fprintf (headerfile, - "size_t length_%s(const %s *);\n", - s->gen_name, s->gen_name); - fprintf (codefile, "size_t\n" "length_%s(const %s *data)\n" diff --git a/source4/heimdal/lib/asn1/gen_locl.h b/source4/heimdal/lib/asn1/gen_locl.h index 2bb64b5a38..9e87b0c578 100644 --- a/source4/heimdal/lib/asn1/gen_locl.h +++ b/source4/heimdal/lib/asn1/gen_locl.h @@ -52,6 +52,7 @@ #include "symbol.h" #include "asn1-common.h" #include "der.h" +#include "der-private.h" void generate_type (const Symbol *); void generate_constant (const Symbol *); @@ -74,7 +75,10 @@ void init_generate (const char *, const char *); const char *get_filename (void); void close_generate(void); void add_import(const char *); +void add_export(const char *); +int is_export(const char *); int yyparse(void); +int is_primitive_type(int); int preserve_type(const char *); int seq_type(const char *); @@ -82,9 +86,14 @@ int seq_type(const char *); void generate_header_of_codefile(const char *); void close_codefile(void); +int is_template_compat (const Symbol *); +void generate_template(const Symbol *); +void gen_template_import(const Symbol *); -extern FILE *headerfile, *codefile, *logfile; + +extern FILE *privheaderfile, *headerfile, *codefile, *logfile, *templatefile; extern int support_ber; +extern int template_flag; extern int rfc1510_bitstring; extern int one_code_file; diff --git a/source4/heimdal/lib/asn1/krb5.asn1 b/source4/heimdal/lib/asn1/krb5.asn1 index adc09ac680..ed663fcf5f 100644 --- a/source4/heimdal/lib/asn1/krb5.asn1 +++ b/source4/heimdal/lib/asn1/krb5.asn1 @@ -2,6 +2,78 @@ KERBEROS5 DEFINITIONS ::= BEGIN +EXPORTS + AD-AND-OR, + AD-IF-RELEVANT, + AD-KDCIssued, + AD-LoginAlias, + AP-REP, + AP-REQ, + AS-REP, + AS-REQ, + AUTHDATA-TYPE, + Authenticator, + AuthorizationData, + AuthorizationDataElement, + CKSUMTYPE, + ChangePasswdDataMS, + Checksum, + ENCTYPE, + ETYPE-INFO, + ETYPE-INFO-ENTRY, + ETYPE-INFO2, + ETYPE-INFO2-ENTRY, + EncAPRepPart, + EncASRepPart, + EncKDCRepPart, + EncKrbCredPart, + EncKrbPrivPart, + EncTGSRepPart, + EncTicketPart, + EncryptedData, + EncryptionKey, + EtypeList, + HostAddress, + HostAddresses, + KDC-REQ-BODY, + KDCOptions, + KDC-REP, + KRB-CRED, + KRB-ERROR, + KRB-PRIV, + KRB-SAFE, + KRB-SAFE-BODY, + KRB5SignedPath, + KRB5SignedPathData, + KRB5SignedPathPrincipals, + KerberosString, + KerberosTime, + KrbCredInfo, + LR-TYPE, + LastReq, + METHOD-DATA, + NAME-TYPE, + PA-ClientCanonicalized, + PA-ClientCanonicalizedNames, + PA-DATA, + PA-ENC-TS-ENC, + PA-PAC-REQUEST, + PA-S4U2Self, + PA-SERVER-REFERRAL-DATA, + PA-ServerReferralData, + PA-SvrReferralData, + PADATA-TYPE, + Principal, + PrincipalName, + Principals, + Realm, + TGS-REP, + TGS-REQ, + Ticket, + TicketFlags, + TransitedEncoding, + TypedData + ; NAME-TYPE ::= INTEGER { KRB5_NT_UNKNOWN(0), -- Name type not known @@ -256,11 +328,7 @@ KDCOptions ::= BIT STRING { proxy(4), allow-postdate(5), postdated(6), - unused7(7), renewable(8), - unused9(9), - unused10(10), - unused11(11), request-anonymous(14), canonicalize(15), constrained-delegation(16), -- ms extension diff --git a/source4/heimdal/lib/asn1/main.c b/source4/heimdal/lib/asn1/main.c index 5cef970d78..a99e69d0f9 100644 --- a/source4/heimdal/lib/asn1/main.c +++ b/source4/heimdal/lib/asn1/main.c @@ -63,12 +63,14 @@ seq_type(const char *p) } int support_ber; +int template_flag; int rfc1510_bitstring; int one_code_file; char *option_file; int version_flag; int help_flag; struct getargs args[] = { + { "template", 0, arg_flag, &template_flag }, { "encode-rfc1510-bit-string", 0, arg_flag, &rfc1510_bitstring }, { "decode-dce-ber", 0, arg_flag, &support_ber }, { "support-ber", 0, arg_flag, &support_ber }, diff --git a/source4/heimdal/lib/asn1/symbol.c b/source4/heimdal/lib/asn1/symbol.c index ac00bdc6cb..e65876a032 100644 --- a/source4/heimdal/lib/asn1/symbol.c +++ b/source4/heimdal/lib/asn1/symbol.c @@ -34,8 +34,6 @@ #include "gen_locl.h" #include "lex.h" -RCSID("$Id$"); - static Hashtab *htab; static int @@ -68,7 +66,7 @@ output_name(char *s) char *p; for (p = s; *p; ++p) - if (*p == '-') + if (*p == '-' || *p == '.') *p = '_'; } diff --git a/source4/heimdal/lib/asn1/test.asn1 b/source4/heimdal/lib/asn1/test.asn1 index f6237b85b8..e3c72ac76e 100644 --- a/source4/heimdal/lib/asn1/test.asn1 +++ b/source4/heimdal/lib/asn1/test.asn1 @@ -6,8 +6,11 @@ BEGIN IMPORTS heim_any FROM heim; +TESTuint32 ::= INTEGER (0..4294967295) + TESTLargeTag ::= SEQUENCE { - foo[127] INTEGER (-2147483648..2147483647) + foo[127] INTEGER (-2147483648..2147483647), + bar[128] INTEGER (-2147483648..2147483647) } TESTSeq ::= SEQUENCE { @@ -57,6 +60,11 @@ TESTAlloc ::= SEQUENCE { tagless2 heim_any OPTIONAL } +TESTOptional ::= SEQUENCE { + zero [0] INTEGER (-2147483648..2147483647) OPTIONAL, + one [1] INTEGER (-2147483648..2147483647) OPTIONAL +} + TESTCONTAINING ::= OCTET STRING ( CONTAINING INTEGER ) TESTENCODEDBY ::= OCTET STRING ( ENCODED BY @@ -92,4 +100,36 @@ TESTSeqSizeOf4 ::= SEQUENCE SIZE (MIN..2) OF TESTInteger TESTOSSize1 ::= OCTET STRING SIZE (1..2) +TESTSeqOfSeq ::= SEQUENCE OF SEQUENCE { + zero [0] TESTInteger +} + +TESTSeqOfSeq2 ::= SEQUENCE OF SEQUENCE { + string [0] GeneralString +} + +TESTSeqOfSeq3 ::= SEQUENCE OF SEQUENCE { + zero [0] TESTInteger, + string [0] GeneralString +} + +TESTSeqOf2 ::= SEQUENCE { + strings SEQUENCE OF GeneralString +} + +TESTSeqOf3 ::= SEQUENCE { + strings SEQUENCE OF GeneralString OPTIONAL +} + +TESTPreserve ::= SEQUENCE { + zero [0] TESTInteger, + one [1] TESTInteger +} + +TESTBitString ::= BIT STRING { + zero(0), + eight(8), + thirtyone(31) +} + END diff --git a/source4/heimdal/lib/com_err/compile_et.c b/source4/heimdal/lib/com_err/compile_et.c index a28e51f8da..11beaeba4b 100644 --- a/source4/heimdal/lib/com_err/compile_et.c +++ b/source4/heimdal/lib/com_err/compile_et.c @@ -32,6 +32,9 @@ */ #undef ROKEN_RENAME + +#include "config.h" + #include "compile_et.h" #include <getarg.h> @@ -219,7 +222,7 @@ main(int argc, char **argv) err(1, "%s", filename); - p = strrchr(filename, '/'); + p = strrchr(filename, rk_PATH_DELIM); if(p) p++; else diff --git a/source4/heimdal/lib/gssapi/gssapi/gssapi.h b/source4/heimdal/lib/gssapi/gssapi/gssapi.h index 6052ec8134..730737a46a 100644 --- a/source4/heimdal/lib/gssapi/gssapi/gssapi.h +++ b/source4/heimdal/lib/gssapi/gssapi/gssapi.h @@ -45,10 +45,12 @@ #ifndef BUILD_GSSAPI_LIB #if defined(_WIN32) -#define GSSAPI_LIB_FUNCTION _stdcall __declspec(dllimport) +#define GSSAPI_LIB_FUNCTION __declspec(dllimport) +#define GSSAPI_LIB_CALL __stdcall #define GSSAPI_LIB_VARIABLE __declspec(dllimport) #else #define GSSAPI_LIB_FUNCTION +#define GSSAPI_LIB_CALL #define GSSAPI_LIB_VARIABLE #endif #endif @@ -810,7 +812,8 @@ extern gss_OID GSSAPI_LIB_VARIABLE GSS_C_ATTR_STREAM_SIZES; OM_uint32 GSSAPI_LIB_FUNCTION gss_context_query_attributes(OM_uint32 * /* minor_status */, - gss_OID /* attribute */, + const gss_ctx_id_t /* context_handle */, + const gss_OID /* attribute */, void * /*data*/, size_t /* len */); /* diff --git a/source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h b/source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h index 4d004d90b5..1b91bbbb84 100644 --- a/source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h +++ b/source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h @@ -106,27 +106,27 @@ gss_krb5_ccache_name(OM_uint32 * /*minor_status*/, const char ** /*out_name */); OM_uint32 GSSAPI_LIB_FUNCTION gsskrb5_register_acceptor_identity - (const char */*identity*/); + (const char * /*identity*/); OM_uint32 GSSAPI_LIB_FUNCTION krb5_gss_register_acceptor_identity - (const char */*identity*/); + (const char * /*identity*/); OM_uint32 GSSAPI_LIB_FUNCTION gss_krb5_copy_ccache - (OM_uint32 */*minor*/, + (OM_uint32 * /*minor*/, gss_cred_id_t /*cred*/, - struct krb5_ccache_data */*out*/); + struct krb5_ccache_data * /*out*/); OM_uint32 GSSAPI_LIB_FUNCTION -gss_krb5_import_cred(OM_uint32 */*minor*/, +gss_krb5_import_cred(OM_uint32 * /*minor*/, struct krb5_ccache_data * /*in*/, struct Principal * /*keytab_principal*/, struct krb5_keytab_data * /*keytab*/, - gss_cred_id_t */*out*/); + gss_cred_id_t * /*out*/); OM_uint32 GSSAPI_LIB_FUNCTION gss_krb5_get_tkt_flags - (OM_uint32 */*minor*/, + (OM_uint32 * /*minor*/, gss_ctx_id_t /*context_handle*/, - OM_uint32 */*tkt_flags*/); + OM_uint32 * /*tkt_flags*/); OM_uint32 GSSAPI_LIB_FUNCTION gsskrb5_extract_authz_data_from_sec_context diff --git a/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c b/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c index 355d1c4332..e3ba189b36 100644 --- a/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c +++ b/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c @@ -207,9 +207,9 @@ gsskrb5_acceptor_ready(OM_uint32 * minor_status, int32_t seq_number; int is_cfx = 0; - krb5_auth_getremoteseqnumber (context, - ctx->auth_context, - &seq_number); + krb5_auth_con_getremoteseqnumber (context, + ctx->auth_context, + &seq_number); _gsskrb5i_is_cfx(context, ctx, 1); is_cfx = (ctx->more_flags & IS_CFX); @@ -669,9 +669,9 @@ acceptor_wait_for_dcestyle(OM_uint32 * minor_status, return GSS_S_FAILURE; } - kret = krb5_auth_getremoteseqnumber(context, - ctx->auth_context, - &r_seq_number); + kret = krb5_auth_con_getremoteseqnumber(context, + ctx->auth_context, + &r_seq_number); if (kret) { *minor_status = kret; return GSS_S_FAILURE; @@ -749,9 +749,9 @@ acceptor_wait_for_dcestyle(OM_uint32 * minor_status, { int32_t tmp_r_seq_number, tmp_l_seq_number; - kret = krb5_auth_getremoteseqnumber(context, - ctx->auth_context, - &tmp_r_seq_number); + kret = krb5_auth_con_getremoteseqnumber(context, + ctx->auth_context, + &tmp_r_seq_number); if (kret) { *minor_status = kret; return GSS_S_FAILURE; diff --git a/source4/heimdal/lib/gssapi/krb5/acquire_cred.c b/source4/heimdal/lib/gssapi/krb5/acquire_cred.c index 696171dcfa..7e448dcfb2 100644 --- a/source4/heimdal/lib/gssapi/krb5/acquire_cred.c +++ b/source4/heimdal/lib/gssapi/krb5/acquire_cred.c @@ -339,7 +339,7 @@ OM_uint32 _gsskrb5_acquire_cred if (desired_name != GSS_C_NO_NAME) { - ret = _gsskrb5_canon_name(minor_status, context, 0, NULL, + ret = _gsskrb5_canon_name(minor_status, context, 1, NULL, desired_name, &handle->principal); if (ret) { HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex); diff --git a/source4/heimdal/lib/gssapi/krb5/init_sec_context.c b/source4/heimdal/lib/gssapi/krb5/init_sec_context.c index 7f84efe354..fd9934a9e4 100644 --- a/source4/heimdal/lib/gssapi/krb5/init_sec_context.c +++ b/source4/heimdal/lib/gssapi/krb5/init_sec_context.c @@ -255,7 +255,7 @@ gsskrb5_initiator_ready( krb5_cc_close(context, ctx->ccache); ctx->ccache = NULL; - krb5_auth_getremoteseqnumber (context, ctx->auth_context, &seq_number); + krb5_auth_con_getremoteseqnumber (context, ctx->auth_context, &seq_number); _gsskrb5i_is_cfx(context, ctx, 0); is_cfx = (ctx->more_flags & IS_CFX); @@ -782,7 +782,7 @@ repl_mutual * for the gss_wrap calls. */ - krb5_auth_getremoteseqnumber(context, ctx->auth_context, &remote_seq); + krb5_auth_con_getremoteseqnumber(context, ctx->auth_context, &remote_seq); krb5_auth_con_getlocalseqnumber(context, ctx->auth_context, &local_seq); krb5_auth_con_setlocalseqnumber(context, ctx->auth_context, remote_seq); diff --git a/source4/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c b/source4/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c index ce01e666fa..e0b5553928 100644 --- a/source4/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c +++ b/source4/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c @@ -302,9 +302,9 @@ export_lucid_sec_context_v1(OM_uint32 *minor_status, if (ret) goto out; ret = krb5_store_uint32(sp, (uint32_t)number); if (ret) goto out; - krb5_auth_getremoteseqnumber (context, - context_handle->auth_context, - &number); + krb5_auth_con_getremoteseqnumber (context, + context_handle->auth_context, + &number); ret = krb5_store_uint32(sp, (uint32_t)0); /* store top half as zero */ if (ret) goto out; ret = krb5_store_uint32(sp, (uint32_t)number); diff --git a/source4/heimdal/lib/gssapi/mech/gss_aeap.c b/source4/heimdal/lib/gssapi/mech/gss_aeap.c index 9a1835a039..ee0113d6d3 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_aeap.c +++ b/source4/heimdal/lib/gssapi/mech/gss_aeap.c @@ -202,7 +202,8 @@ gss_OID GSSAPI_LIB_VARIABLE GSS_C_ATTR_STREAM_SIZES = OM_uint32 GSSAPI_LIB_FUNCTION gss_context_query_attributes(OM_uint32 *minor_status, - gss_OID attribute, + const gss_ctx_id_t context_handle, + const gss_OID attribute, void *data, size_t len) { diff --git a/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c b/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c index d060badfe1..5fc41d9954 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c +++ b/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c @@ -176,9 +176,9 @@ add_builtin(gssapi_mech_interface mech) if (mech == NULL) return 0; - m = malloc(sizeof(*m)); + m = calloc(1, sizeof(*m)); if (m == NULL) - return 1; + return ENOMEM; m->gm_so = NULL; m->gm_mech = *mech; m->gm_mech_oid = mech->gm_mech_oid; /* XXX */ @@ -187,12 +187,12 @@ add_builtin(gssapi_mech_interface mech) /* pick up the oid sets of names */ - if (m->gm_mech.gm_inquire_names_for_mech) { + if (m->gm_mech.gm_inquire_names_for_mech) (*m->gm_mech.gm_inquire_names_for_mech)(&minor_status, &m->gm_mech.gm_mech_oid, &m->gm_name_types); - } else { + + if (m->gm_name_types == NULL) gss_create_empty_oid_set(&minor_status, &m->gm_name_types); - } SLIST_INSERT_HEAD(&_gss_mechs, m, gm_link); return 0; @@ -211,6 +211,8 @@ _gss_load_mech(void) char *name, *oid, *lib, *kobj; struct _gss_mech_switch *m; void *so; + gss_OID_desc mech_oid; + int found; HEIMDAL_MUTEX_lock(&_gss_mech_mutex); @@ -253,6 +255,23 @@ _gss_load_mech(void) if (!name || !oid || !lib || !kobj) continue; + if (_gss_string_to_oid(oid, &mech_oid)) + continue; + + /* + * Check for duplicates, already loaded mechs. + */ + found = 0; + SLIST_FOREACH(m, &_gss_mechs, gm_link) { + if (gss_oid_equal(&m->gm_mech.gm_mech_oid, &mech_oid)) { + found = 1; + free(mech_oid.elements); + break; + } + } + if (found) + continue; + #ifndef RTLD_LOCAL #define RTLD_LOCAL 0 #endif @@ -260,17 +279,17 @@ _gss_load_mech(void) so = dlopen(lib, RTLD_LAZY | RTLD_LOCAL); if (!so) { /* fprintf(stderr, "dlopen: %s\n", dlerror()); */ + free(mech_oid.elements); continue; } m = malloc(sizeof(*m)); - if (!m) + if (!m) { + free(mech_oid.elements); break; - m->gm_so = so; - if (_gss_string_to_oid(oid, &m->gm_mech.gm_mech_oid)) { - free(m); - continue; } + m->gm_so = so; + m->gm_mech.gm_mech_oid = mech_oid; m->gm_mech.gm_flags = 0; major_status = gss_add_oid_set_member(&minor_status, diff --git a/source4/heimdal/lib/gssapi/spnego/spnego_locl.h b/source4/heimdal/lib/gssapi/spnego/spnego_locl.h index e8cad14881..dacaa3310e 100644 --- a/source4/heimdal/lib/gssapi/spnego/spnego_locl.h +++ b/source4/heimdal/lib/gssapi/spnego/spnego_locl.h @@ -44,6 +44,8 @@ #include <sys/param.h> #endif +#include <roken.h> + #ifdef HAVE_PTHREAD_H #include <pthread.h> #endif @@ -69,8 +71,6 @@ #include "utils.h" #include <der.h> -#include <roken.h> - #define ALLOC(X, N) (X) = calloc((N), sizeof(*(X))) typedef struct { diff --git a/source4/heimdal/lib/hcrypto/aes.h b/source4/heimdal/lib/hcrypto/aes.h index 23f8f5d0ab..273f1dd569 100644 --- a/source4/heimdal/lib/hcrypto/aes.h +++ b/source4/heimdal/lib/hcrypto/aes.h @@ -69,7 +69,7 @@ void AES_encrypt(const unsigned char *, unsigned char *, const AES_KEY *); void AES_decrypt(const unsigned char *, unsigned char *, const AES_KEY *); void AES_cbc_encrypt(const unsigned char *, unsigned char *, - const unsigned long, const AES_KEY *, + unsigned long, const AES_KEY *, unsigned char *, int); #ifdef __cplusplus diff --git a/source4/heimdal/lib/hcrypto/bn.c b/source4/heimdal/lib/hcrypto/bn.c index 545d9529d3..17c1ec79b7 100644 --- a/source4/heimdal/lib/hcrypto/bn.c +++ b/source4/heimdal/lib/hcrypto/bn.c @@ -40,6 +40,7 @@ #include <limits.h> #include <krb5-types.h> +#include <roken.h> #include <rfc2459_asn1.h> /* XXX */ #include <der.h> diff --git a/source4/heimdal/lib/hcrypto/des.c b/source4/heimdal/lib/hcrypto/des.c index c9067d7bcc..43ff8a3f50 100644 --- a/source4/heimdal/lib/hcrypto/des.c +++ b/source4/heimdal/lib/hcrypto/des.c @@ -92,6 +92,8 @@ #include <krb5-types.h> #include <assert.h> +#include <roken.h> + #include "des.h" #include "ui.h" @@ -180,14 +182,13 @@ static DES_cblock weak_keys[] = { int DES_is_weak_key(DES_cblock *key) { + int weak = 0; int i; - /* Not constant time size if the key is weak, the app should not use it. */ - for (i = 0; i < sizeof(weak_keys)/sizeof(weak_keys[0]); i++) { - if (memcmp(weak_keys[i], key, DES_CBLOCK_LEN) == 0) - return 1; - } - return 0; + for (i = 0; i < sizeof(weak_keys)/sizeof(weak_keys[0]); i++) + weak ^= (ct_memcmp(weak_keys[i], key, DES_CBLOCK_LEN) == 0); + + return !!weak; } /** diff --git a/source4/heimdal/lib/hcrypto/evp-cc.c b/source4/heimdal/lib/hcrypto/evp-cc.c index 15b3479f8e..f1da22537d 100644 --- a/source4/heimdal/lib/hcrypto/evp-cc.c +++ b/source4/heimdal/lib/hcrypto/evp-cc.c @@ -3,6 +3,8 @@ * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -43,7 +45,9 @@ #include <string.h> #include <assert.h> +#ifdef HAVE_COMMONCRYPTO_COMMONDIGEST_H #include <CommonCrypto/CommonDigest.h> +#endif #include <CommonCrypto/CommonCryptor.h> #include <evp.h> @@ -420,6 +424,7 @@ EVP_cc_rc2_64_cbc(void) const EVP_MD * EVP_cc_md2(void) { +#ifdef HAVE_COMMONCRYPTO_COMMONDIGEST_H static const struct hc_evp_md md2 = { CC_MD2_DIGEST_LENGTH, CC_MD2_BLOCK_BYTES, @@ -430,6 +435,9 @@ EVP_cc_md2(void) (hc_evp_md_cleanup)NULL }; return &md2; +#else + return NULL; +#endif } /** @@ -441,6 +449,7 @@ EVP_cc_md2(void) const EVP_MD * EVP_cc_md4(void) { +#ifdef HAVE_COMMONCRYPTO_COMMONDIGEST_H static const struct hc_evp_md md4 = { CC_MD4_DIGEST_LENGTH, CC_MD4_BLOCK_BYTES, @@ -451,6 +460,9 @@ EVP_cc_md4(void) (hc_evp_md_cleanup)NULL }; return &md4; +#else + return NULL; +#endif } /** @@ -462,6 +474,7 @@ EVP_cc_md4(void) const EVP_MD * EVP_cc_md5(void) { +#ifdef HAVE_COMMONCRYPTO_COMMONDIGEST_H static const struct hc_evp_md md5 = { CC_MD5_DIGEST_LENGTH, CC_MD5_BLOCK_BYTES, @@ -472,6 +485,9 @@ EVP_cc_md5(void) (hc_evp_md_cleanup)NULL }; return &md5; +#else + return NULL; +#endif } /** @@ -483,6 +499,7 @@ EVP_cc_md5(void) const EVP_MD * EVP_cc_sha1(void) { +#ifdef HAVE_COMMONCRYPTO_COMMONDIGEST_H static const struct hc_evp_md sha1 = { CC_SHA1_DIGEST_LENGTH, CC_SHA1_BLOCK_BYTES, @@ -493,6 +510,9 @@ EVP_cc_sha1(void) (hc_evp_md_cleanup)NULL }; return &sha1; +#else + return NULL; +#endif } /** @@ -504,6 +524,7 @@ EVP_cc_sha1(void) const EVP_MD * EVP_cc_sha256(void) { +#ifdef HAVE_COMMONCRYPTO_COMMONDIGEST_H static const struct hc_evp_md sha256 = { CC_SHA256_DIGEST_LENGTH, CC_SHA256_BLOCK_BYTES, @@ -514,6 +535,9 @@ EVP_cc_sha256(void) (hc_evp_md_cleanup)NULL }; return &sha256; +#else + return NULL; +#endif } /** diff --git a/source4/heimdal/lib/hcrypto/evp-cc.h b/source4/heimdal/lib/hcrypto/evp-cc.h index d2df771bc0..0febd21e98 100644 --- a/source4/heimdal/lib/hcrypto/evp-cc.h +++ b/source4/heimdal/lib/hcrypto/evp-cc.h @@ -41,7 +41,7 @@ #define EVP_cc_md4 hc_EVP_cc_md4 #define EVP_cc_md5 hc_EVP_cc_md5 #define EVP_cc_sha1 hc_EVP_cc_sha1 -#define EVP_cc_sha256 hc_EVP__cc_sha256 +#define EVP_cc_sha256 hc_EVP_cc_sha256 #define EVP_cc_des_cbc hc_EVP_cc_des_cbc #define EVP_cc_des_ede3_cbc hc_EVP_cc_des_ede3_cbc #define EVP_cc_aes_128_cbc hc_EVP_cc_aes_128_cbc diff --git a/source4/heimdal/lib/hcrypto/evp.c b/source4/heimdal/lib/hcrypto/evp.c index 006db35939..72787e185f 100644 --- a/source4/heimdal/lib/hcrypto/evp.c +++ b/source4/heimdal/lib/hcrypto/evp.c @@ -49,6 +49,7 @@ #include <evp-cc.h> #include <krb5-types.h> +#include <roken.h> #ifndef HCRYPTO_DEF_PROVIDER #define HCRYPTO_DEF_PROVIDER hcrypto diff --git a/source4/heimdal/lib/hcrypto/evp.h b/source4/heimdal/lib/hcrypto/evp.h index 600f69b7a5..ae92ab4899 100644 --- a/source4/heimdal/lib/hcrypto/evp.h +++ b/source4/heimdal/lib/hcrypto/evp.h @@ -214,24 +214,24 @@ HC_CPP_BEGIN */ const EVP_MD *EVP_md_null(void); -const EVP_MD *EVP_md2(void) HC_DEPRECATED_CRYPTO; -const EVP_MD *EVP_md4(void) HC_DEPRECATED_CRYPTO; -const EVP_MD *EVP_md5(void) HC_DEPRECATED_CRYPTO; -const EVP_MD *EVP_sha(void) HC_DEPRECATED; +HC_DEPRECATED_CRYPTO const EVP_MD *EVP_md2(void); +HC_DEPRECATED_CRYPTO const EVP_MD *EVP_md4(void); +HC_DEPRECATED_CRYPTO const EVP_MD *EVP_md5(void); +const EVP_MD *EVP_sha(void); const EVP_MD *EVP_sha1(void); const EVP_MD *EVP_sha256(void); const EVP_CIPHER * EVP_aes_128_cbc(void); const EVP_CIPHER * EVP_aes_192_cbc(void); const EVP_CIPHER * EVP_aes_256_cbc(void); -const EVP_CIPHER * EVP_des_cbc(void) HC_DEPRECATED_CRYPTO; +HC_DEPRECATED_CRYPTO const EVP_CIPHER * EVP_des_cbc(void); const EVP_CIPHER * EVP_des_ede3_cbc(void); const EVP_CIPHER * EVP_enc_null(void); -const EVP_CIPHER * EVP_rc2_40_cbc(void) HC_DEPRECATED_CRYPTO; -const EVP_CIPHER * EVP_rc2_64_cbc(void) HC_DEPRECATED_CRYPTO; -const EVP_CIPHER * EVP_rc2_cbc(void) HC_DEPRECATED_CRYPTO; +HC_DEPRECATED_CRYPTO const EVP_CIPHER * EVP_rc2_40_cbc(void); +HC_DEPRECATED_CRYPTO const EVP_CIPHER * EVP_rc2_64_cbc(void); +HC_DEPRECATED_CRYPTO const EVP_CIPHER * EVP_rc2_cbc(void); const EVP_CIPHER * EVP_rc4(void); -const EVP_CIPHER * EVP_rc4_40(void) HC_DEPRECATED_CRYPTO; +HC_DEPRECATED_CRYPTO const EVP_CIPHER * EVP_rc4_40(void); const EVP_CIPHER * EVP_camellia_128_cbc(void); const EVP_CIPHER * EVP_camellia_192_cbc(void); const EVP_CIPHER * EVP_camellia_256_cbc(void); diff --git a/source4/heimdal/lib/hcrypto/hash.h b/source4/heimdal/lib/hcrypto/hash.h index b8d5d45606..78a795f2a7 100644 --- a/source4/heimdal/lib/hcrypto/hash.h +++ b/source4/heimdal/lib/hcrypto/hash.h @@ -43,6 +43,7 @@ #ifdef KRB5 #include <krb5-types.h> #endif +#include <roken.h> #ifndef min #define min(a,b) (((a)>(b))?(b):(a)) diff --git a/source4/heimdal/lib/hcrypto/rand-fortuna.c b/source4/heimdal/lib/hcrypto/rand-fortuna.c index c39c713901..c81eb9e2d7 100644 --- a/source4/heimdal/lib/hcrypto/rand-fortuna.c +++ b/source4/heimdal/lib/hcrypto/rand-fortuna.c @@ -35,6 +35,9 @@ #include <stdlib.h> #include <rand.h> +#ifdef KRB5 +#include <krb5-types.h> +#endif #include <roken.h> #include "randi.h" @@ -451,6 +454,7 @@ fortuna_reseed(void) if (!init_done) abort(); +#ifndef NO_RAND_UNIX_METHOD { unsigned char buf[INIT_BYTES]; if ((*hc_rand_unix_method.bytes)(buf, sizeof(buf)) == 1) { @@ -459,6 +463,7 @@ fortuna_reseed(void) memset(buf, 0, sizeof(buf)); } } +#endif #ifdef HAVE_ARC4RANDOM { uint32_t buf[INIT_BYTES / sizeof(uint32_t)]; @@ -470,6 +475,7 @@ fortuna_reseed(void) entropy_p = 1; } #endif +#ifndef NO_RAND_EGD_METHOD /* * Only to get egd entropy if /dev/random or arc4rand failed since * it can be horribly slow to generate new bits. @@ -482,6 +488,7 @@ fortuna_reseed(void) memset(buf, 0, sizeof(buf)); } } +#endif /* * Fall back to gattering data from timer and secret files, this * is really the last resort. @@ -521,10 +528,12 @@ fortuna_reseed(void) gettimeofday(&tv, NULL); add_entropy(&main_state, (void *)&tv, sizeof(tv)); } +#ifdef HAVE_GETUID { uid_t u = getuid(); add_entropy(&main_state, (void *)&u, sizeof(u)); } +#endif return entropy_p; } diff --git a/source4/heimdal/lib/hcrypto/rand-unix.c b/source4/heimdal/lib/hcrypto/rand-unix.c index fcad39f1de..4c1f33da59 100644 --- a/source4/heimdal/lib/hcrypto/rand-unix.c +++ b/source4/heimdal/lib/hcrypto/rand-unix.c @@ -42,9 +42,6 @@ #include "randi.h" -static int random_fd = -1; -static HEIMDAL_MUTEX random_mutex = HEIMDAL_MUTEX_INITIALIZER; - /* * Unix /dev/random */ @@ -93,44 +90,29 @@ static int unix_bytes(unsigned char *outdata, int size) { ssize_t count; - int once = 0; + int fd; if (size < 0) return 0; else if (size == 0) return 1; - HEIMDAL_MUTEX_lock(&random_mutex); - if (random_fd == -1) { - retry: - random_fd = get_device_fd(O_RDONLY); - if (random_fd < 0) { - HEIMDAL_MUTEX_unlock(&random_mutex); - return 0; - } - } + fd = get_device_fd(O_RDONLY); + if (fd < 0) + return 0; while (size > 0) { - HEIMDAL_MUTEX_unlock(&random_mutex); - count = read (random_fd, outdata, size); - HEIMDAL_MUTEX_lock(&random_mutex); - if (random_fd < 0) { - if (errno == EINTR) - continue; - else if (errno == EBADF && once++ == 0) { - close(random_fd); - random_fd = -1; - goto retry; - } - return 0; - } else if (count <= 0) { - HEIMDAL_MUTEX_unlock(&random_mutex); + count = read(fd, outdata, size); + if (count < 0 && errno == EINTR) + continue; + else if (count <= 0) { + close(fd); return 0; } outdata += count; size -= count; } - HEIMDAL_MUTEX_unlock(&random_mutex); + close(fd); return 1; } diff --git a/source4/heimdal/lib/hcrypto/rand.c b/source4/heimdal/lib/hcrypto/rand.c index 3cd65989c6..9f0438a34e 100644 --- a/source4/heimdal/lib/hcrypto/rand.c +++ b/source4/heimdal/lib/hcrypto/rand.c @@ -3,6 +3,8 @@ * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -58,7 +60,9 @@ init_method(void) { if (selected_meth != NULL) return; -#ifdef __APPLE__ +#if defined(_WIN32) + selected_meth = &hc_rand_w32crypto_method; +#elif defined(__APPLE__) selected_meth = &hc_rand_unix_method; #else selected_meth = &hc_rand_fortuna_method; @@ -95,6 +99,8 @@ RAND_seed(const void *indata, size_t size) int RAND_bytes(void *outdata, size_t size) { + if (size == 0) + return 1; init_method(); return (*selected_meth->bytes)(outdata, size); } diff --git a/source4/heimdal/lib/hcrypto/rand.h b/source4/heimdal/lib/hcrypto/rand.h index 65800d6b99..f4e2485166 100644 --- a/source4/heimdal/lib/hcrypto/rand.h +++ b/source4/heimdal/lib/hcrypto/rand.h @@ -62,6 +62,7 @@ typedef struct RAND_METHOD RAND_METHOD; #define RAND_fortuna_method hc_RAND_fortuna_method #define RAND_egd_method hc_RAND_egd_method #define RAND_unix_method hc_RAND_unix_method +#define RAND_w32crypto_method hc_RAND_w32crypto_method /* * diff --git a/source4/heimdal/lib/hcrypto/randi.h b/source4/heimdal/lib/hcrypto/randi.h index f8f6c39b3e..c6c617af22 100644 --- a/source4/heimdal/lib/hcrypto/randi.h +++ b/source4/heimdal/lib/hcrypto/randi.h @@ -42,6 +42,7 @@ extern const RAND_METHOD hc_rand_fortuna_method; extern const RAND_METHOD hc_rand_unix_method; extern const RAND_METHOD hc_rand_egd_method; extern const RAND_METHOD hc_rand_timer_method; +extern const RAND_METHOD hc_rand_w32crypto_method; const RAND_METHOD * RAND_timer_method(void); diff --git a/source4/heimdal/lib/hcrypto/rijndael-alg-fst.c b/source4/heimdal/lib/hcrypto/rijndael-alg-fst.c index 3dd2555812..9a7f0fd3d6 100644 --- a/source4/heimdal/lib/hcrypto/rijndael-alg-fst.c +++ b/source4/heimdal/lib/hcrypto/rijndael-alg-fst.c @@ -31,11 +31,12 @@ #include "config.h" +#include <stdlib.h> #ifdef KRB5 #include <krb5-types.h> #endif -#include <rijndael-alg-fst.h> +#include "rijndael-alg-fst.h" /* the file should not be used from outside */ typedef uint8_t u8; diff --git a/source4/heimdal/lib/hcrypto/rnd_keys.c b/source4/heimdal/lib/hcrypto/rnd_keys.c index 9baf00212c..49c7634c38 100644 --- a/source4/heimdal/lib/hcrypto/rnd_keys.c +++ b/source4/heimdal/lib/hcrypto/rnd_keys.c @@ -39,11 +39,11 @@ #ifdef KRB5 #include <krb5-types.h> #endif +#include <stdlib.h> + #include <des.h> #include <rand.h> -#include <stdlib.h> - #undef __attribute__ #define __attribute__(X) diff --git a/source4/heimdal/lib/hcrypto/ui.c b/source4/heimdal/lib/hcrypto/ui.c index ca8c8442b5..f6f8a1ffe2 100644 --- a/source4/heimdal/lib/hcrypto/ui.c +++ b/source4/heimdal/lib/hcrypto/ui.c @@ -37,10 +37,15 @@ #include <stdlib.h> #include <string.h> #include <signal.h> +#ifdef HAVE_TERMIOS_H #include <termios.h> +#endif #include <roken.h> #include <ui.h> +#ifdef HAVE_CONIO_H +#include <conio.h> +#endif static sig_atomic_t intr_flag; @@ -50,6 +55,53 @@ intr(int sig) intr_flag++; } +#ifdef HAVE_CONIO_H + +/* + * Windows does console slightly different then then unix case. + */ + +static int +read_string(const char *preprompt, const char *prompt, + char *buf, size_t len, int echo) +{ + int of = 0; + int c; + char *p; + void (*oldsigintr)(int); + + _cprintf("%s%s", preprompt, prompt); + + oldsigintr = signal(SIGINT, intr); + + p = buf; + while(intr_flag == 0){ + c = ((echo)? _getche(): _getch()); + if(c == '\n') + break; + if(of == 0) + *p++ = c; + of = (p == buf + len); + } + if(of) + p--; + *p = 0; + + if(echo == 0){ + printf("\n"); + } + + signal(SIGINT, oldsigintr); + + if(intr_flag) + return -2; + if(of) + return -1; + return 0; +} + +#else /* !HAVE_CONIO_H */ + #ifndef NSIG #define NSIG 47 #endif @@ -135,6 +187,8 @@ read_string(const char *preprompt, const char *prompt, return 0; } +#endif /* HAVE_CONIO_H */ + int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt, int verify) { diff --git a/source4/heimdal/lib/hdb/ext.c b/source4/heimdal/lib/hdb/ext.c index a8a882c6b2..faf0b6bdf2 100644 --- a/source4/heimdal/lib/hdb/ext.c +++ b/source4/heimdal/lib/hdb/ext.c @@ -281,6 +281,7 @@ hdb_entry_get_password(krb5_context context, HDB *db, const hdb_entry *entry, char **p) { HDB_extension *ext; + char *str; int ret; ext = hdb_find_extension(entry, choice_HDB_extension_data_password); @@ -329,17 +330,14 @@ hdb_entry_get_password(krb5_context context, HDB *db, return 0; } - { - char *name; - ret = krb5_unparse_name(context, entry->principal, &name); - if (ret == 0) { - krb5_set_error_message(context, ENOENT, "no password attributefor %s", name); - free(name); - } else - krb5_clear_error_message(context); - - return ENOENT; - } + ret = krb5_unparse_name(context, entry->principal, &str); + if (ret == 0) { + krb5_set_error_message(context, ENOENT, "no password attributefor %s", str); + free(str); + } else + krb5_clear_error_message(context); + + return ENOENT; } int diff --git a/source4/heimdal/lib/hdb/hdb.c b/source4/heimdal/lib/hdb/hdb.c index fa70c7778d..97de918933 100644 --- a/source4/heimdal/lib/hdb/hdb.c +++ b/source4/heimdal/lib/hdb/hdb.c @@ -3,6 +3,8 @@ * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -65,9 +67,13 @@ static struct hdb_method methods[] = { #if HAVE_DB1 || HAVE_DB3 { HDB_INTERFACE_VERSION, "db:", hdb_db_create}, #endif +#if HAVE_DB1 + { HDB_INTERFACE_VERSION, "mit-db:", hdb_mdb_create}, +#endif #if HAVE_NDBM { HDB_INTERFACE_VERSION, "ndbm:", hdb_ndbm_create}, #endif + { HDB_INTERFACE_VERSION, "keytab:", hdb_keytab_create}, #if defined(OPENLDAP) && !defined(OPENLDAP_MODULE) { HDB_INTERFACE_VERSION, "ldap:", hdb_ldap_create}, { HDB_INTERFACE_VERSION, "ldapi:", hdb_ldapi_create}, @@ -411,6 +417,27 @@ hdb_list_builtin(krb5_context context, char **list) return 0; } +krb5_error_code +_hdb_keytab2hdb_entry(krb5_context context, + const krb5_keytab_entry *ktentry, + hdb_entry_ex *entry) +{ + entry->entry.kvno = ktentry->vno; + entry->entry.created_by.time = ktentry->timestamp; + + entry->entry.keys.val = calloc(1, sizeof(entry->entry.keys.val[0])); + if (entry->entry.keys.val == NULL) + return ENOMEM; + entry->entry.keys.len = 1; + + entry->entry.keys.val[0].mkvno = NULL; + entry->entry.keys.val[0].salt = NULL; + + return krb5_copy_keyblock_contents(context, + &ktentry->keyblock, + &entry->entry.keys.val[0].key); +} + /** * Create a handle for a Kerberos database * diff --git a/source4/heimdal/lib/hdb/hdb.h b/source4/heimdal/lib/hdb/hdb.h index f34c9fb36e..91b6753722 100644 --- a/source4/heimdal/lib/hdb/hdb.h +++ b/source4/heimdal/lib/hdb/hdb.h @@ -194,6 +194,13 @@ typedef struct HDB{ */ krb5_error_code (*hdb_destroy)(krb5_context, struct HDB*); /** + * Get the list of realms this backend handles. + * This call is optional to support. The returned realms are used + * for announcing the realms over bonjour. Free returned array + * with krb5_free_host_realm(). + */ + krb5_error_code (*hdb_get_realms)(krb5_context, struct HDB *, krb5_realm **); + /** * Change password. * * Will update keys for the entry when given password. The new diff --git a/source4/heimdal/lib/hdb/mkey.c b/source4/heimdal/lib/hdb/mkey.c index 35323cf100..360bb33a3a 100644 --- a/source4/heimdal/lib/hdb/mkey.c +++ b/source4/heimdal/lib/hdb/mkey.c @@ -185,7 +185,7 @@ read_master_mit(krb5_context context, const char *filename, if(ret) goto out; } - ret = hdb_process_master_key(context, 0, &key, 0, mkey); + ret = hdb_process_master_key(context, 1, &key, 0, mkey); krb5_free_keyblock_contents(context, &key); out: krb5_storage_free(sp); diff --git a/source4/heimdal/lib/hx509/cert.c b/source4/heimdal/lib/hx509/cert.c index ebf02a99e3..4783edd681 100644 --- a/source4/heimdal/lib/hx509/cert.c +++ b/source4/heimdal/lib/hx509/cert.c @@ -1023,9 +1023,12 @@ certificate_is_self_signed(hx509_context context, ret = _hx509_name_cmp(&cert->tbsCertificate.subject, &cert->tbsCertificate.issuer, &diff); *self_signed = (diff == 0); - if (ret) + if (ret) { hx509_set_error_string(context, 0, ret, "Failed to check if self signed"); + } else + ret = _hx509_self_signed_valid(context, &cert->signatureAlgorithm); + return ret; } @@ -3251,7 +3254,7 @@ _hx509_cert_get_eku(hx509_context context, * @param context A hx509 context. * @param c the certificate to encode. * @param os the encode certificate, set to NULL, 0 on case of - * error. Free the returned structure with hx509_xfree(). + * error. Free the os->data with hx509_xfree(). * * @return An hx509 error code, see hx509_get_error_string(). * diff --git a/source4/heimdal/lib/hx509/cms.c b/source4/heimdal/lib/hx509/cms.c index 4766c34655..5506cee463 100644 --- a/source4/heimdal/lib/hx509/cms.c +++ b/source4/heimdal/lib/hx509/cms.c @@ -1491,7 +1491,7 @@ hx509_cms_create_signed(hx509_context context, * signatures). */ if ((flags & HX509_CMS_SIGNATURE_NO_SIGNER) == 0) { - ret = hx509_certs_iter(context, certs, sig_process, &sigctx); + ret = hx509_certs_iter_f(context, certs, sig_process, &sigctx); if (ret) goto out; } @@ -1525,7 +1525,7 @@ hx509_cms_create_signed(hx509_context context, goto out; } - ret = hx509_certs_iter(context, sigctx.certs, cert_process, &sigctx); + ret = hx509_certs_iter_f(context, sigctx.certs, cert_process, &sigctx); if (ret) goto out; } diff --git a/source4/heimdal/lib/hx509/crypto.c b/source4/heimdal/lib/hx509/crypto.c index 050a0902b3..bee64c145f 100644 --- a/source4/heimdal/lib/hx509/crypto.c +++ b/source4/heimdal/lib/hx509/crypto.c @@ -87,8 +87,9 @@ struct signature_alg { const heim_oid *key_oid; const AlgorithmIdentifier *digest_alg; int flags; -#define PROVIDE_CONF 1 -#define REQUIRE_SIGNER 2 +#define PROVIDE_CONF 0x1 +#define REQUIRE_SIGNER 0x2 +#define SELF_SIGNED_OK 0x4 #define SIG_DIGEST 0x100 #define SIG_PUBLIC_SIG 0x200 @@ -1200,7 +1201,7 @@ static const struct signature_alg ecdsa_with_sha256_alg = { &_hx509_signature_ecdsa_with_sha256_data, &asn1_oid_id_ecPublicKey, &_hx509_signature_sha256_data, - PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG, + PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK, 0, NULL, ecdsa_verify_signature, @@ -1214,7 +1215,7 @@ static const struct signature_alg ecdsa_with_sha1_alg = { &_hx509_signature_ecdsa_with_sha1_data, &asn1_oid_id_ecPublicKey, &_hx509_signature_sha1_data, - PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG, + PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK, 0, NULL, ecdsa_verify_signature, @@ -1243,7 +1244,7 @@ static const struct signature_alg pkcs1_rsa_sha1_alg = { &_hx509_signature_rsa_with_sha1_data, &asn1_oid_id_pkcs1_rsaEncryption, NULL, - PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG, + PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK, 0, NULL, rsa_verify_signature, @@ -1256,7 +1257,7 @@ static const struct signature_alg rsa_with_sha256_alg = { &_hx509_signature_rsa_with_sha256_data, &asn1_oid_id_pkcs1_rsaEncryption, &_hx509_signature_sha256_data, - PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG, + PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK, 0, NULL, rsa_verify_signature, @@ -1269,7 +1270,7 @@ static const struct signature_alg rsa_with_sha1_alg = { &_hx509_signature_rsa_with_sha1_data, &asn1_oid_id_pkcs1_rsaEncryption, &_hx509_signature_sha1_data, - PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG, + PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK, 0, NULL, rsa_verify_signature, @@ -1482,6 +1483,27 @@ _hx509_signature_best_before(hx509_context context, } int +_hx509_self_signed_valid(hx509_context context, + const AlgorithmIdentifier *alg) +{ + const struct signature_alg *md; + + md = find_sig_alg(&alg->algorithm); + if (md == NULL) { + hx509_clear_error_string(context); + return HX509_SIG_ALG_NO_SUPPORTED; + } + if ((md->flags & SELF_SIGNED_OK) == 0) { + hx509_set_error_string(context, 0, HX509_CRYPTO_ALGORITHM_BEST_BEFORE, + "Algorithm %s not trusted for self signatures", + md->name); + return HX509_CRYPTO_ALGORITHM_BEST_BEFORE; + } + return 0; +} + + +int _hx509_verify_signature(hx509_context context, const hx509_cert cert, const AlgorithmIdentifier *alg, diff --git a/source4/heimdal/lib/hx509/hx_locl.h b/source4/heimdal/lib/hx509/hx_locl.h index 2d1c036d53..3e3ab23c6d 100644 --- a/source4/heimdal/lib/hx509/hx_locl.h +++ b/source4/heimdal/lib/hx509/hx_locl.h @@ -39,16 +39,19 @@ #include <stdlib.h> #include <ctype.h> #include <errno.h> +#ifdef HAVE_STRINGS_H #include <strings.h> +#endif #include <assert.h> #include <stdarg.h> #include <err.h> #include <limits.h> +#include <roken.h> + #include <getarg.h> #include <base64.h> #include <hex.h> -#include <roken.h> #include <com_err.h> #include <parse_units.h> #include <parse_bytes.h> diff --git a/source4/heimdal/lib/hx509/keyset.c b/source4/heimdal/lib/hx509/keyset.c index 4a96cff530..465ca1b4d3 100644 --- a/source4/heimdal/lib/hx509/keyset.c +++ b/source4/heimdal/lib/hx509/keyset.c @@ -3,6 +3,8 @@ * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -323,7 +325,7 @@ hx509_certs_end_seq(hx509_context context, * @param certs certificate store to iterate over. * @param func function to call for each certificate. The function * should return non-zero to abort the iteration, that value is passed - * back to te caller of hx509_certs_iter(). + * back to the caller of hx509_certs_iter_f(). * @param ctx context variable that will passed to the function. * * @return Returns an hx509 error code. @@ -332,10 +334,10 @@ hx509_certs_end_seq(hx509_context context, */ int -hx509_certs_iter(hx509_context context, - hx509_certs certs, - int (*func)(hx509_context, void *, hx509_cert), - void *ctx) +hx509_certs_iter_f(hx509_context context, + hx509_certs certs, + int (*func)(hx509_context, void *, hx509_cert), + void *ctx) { hx509_cursor cursor; hx509_cert c; @@ -364,13 +366,46 @@ hx509_certs_iter(hx509_context context, return ret; } +/** + * Iterate over all certificates in a keystore and call an function + * for each fo them. + * + * @param context a hx509 context. + * @param certs certificate store to iterate over. + * @param func function to call for each certificate. The function + * should return non-zero to abort the iteration, that value is passed + * back to the caller of hx509_certs_iter(). + * + * @return Returns an hx509 error code. + * + * @ingroup hx509_keyset + */ + +#ifdef __BLOCKS__ + +static int +certs_iter(hx509_context context, void *ctx, hx509_cert cert) +{ + int (^func)(hx509_cert) = ctx; + return func(cert); +} + +int +hx509_certs_iter(hx509_context context, + hx509_certs certs, + int (^func)(hx509_cert)) +{ + return hx509_certs_iter_f(context, certs, certs_iter, func); +} +#endif + /** - * Function to use to hx509_certs_iter() as a function argument, the - * ctx variable to hx509_certs_iter() should be a FILE file descriptor. + * Function to use to hx509_certs_iter_f() as a function argument, the + * ctx variable to hx509_certs_iter_f() should be a FILE file descriptor. * * @param context a hx509 context. - * @param ctx used by hx509_certs_iter(). + * @param ctx used by hx509_certs_iter_f(). * @param c a certificate * * @return Returns an hx509 error code. @@ -587,7 +622,7 @@ hx509_certs_merge(hx509_context context, hx509_certs to, hx509_certs from) { if (from == NULL) return 0; - return hx509_certs_iter(context, from, certs_merge_func, to); + return hx509_certs_iter_f(context, from, certs_merge_func, to); } /** diff --git a/source4/heimdal/lib/hx509/ks_dir.c b/source4/heimdal/lib/hx509/ks_dir.c index 9ce9b5c8e6..8c8c6e50c8 100644 --- a/source4/heimdal/lib/hx509/ks_dir.c +++ b/source4/heimdal/lib/hx509/ks_dir.c @@ -113,7 +113,7 @@ dir_iter_start(hx509_context context, free(d); return errno; } - rk_cloexec(dirfd(d->dir)); + rk_cloexec_dir(d->dir); d->certs = NULL; d->iter = NULL; diff --git a/source4/heimdal/lib/hx509/ks_file.c b/source4/heimdal/lib/hx509/ks_file.c index f137b84641..645dc405a2 100644 --- a/source4/heimdal/lib/hx509/ks_file.c +++ b/source4/heimdal/lib/hx509/ks_file.c @@ -571,7 +571,7 @@ file_store(hx509_context context, rk_cloexec_file(sc.f); sc.format = ksf->format; - ret = hx509_certs_iter(context, ksf->certs, store_func, &sc); + ret = hx509_certs_iter_f(context, ksf->certs, store_func, &sc); fclose(sc.f); return ret; } diff --git a/source4/heimdal/lib/hx509/ks_keychain.c b/source4/heimdal/lib/hx509/ks_keychain.c index 01d0c55d1c..9c6521790a 100644 --- a/source4/heimdal/lib/hx509/ks_keychain.c +++ b/source4/heimdal/lib/hx509/ks_keychain.c @@ -43,6 +43,7 @@ OSStatus SecKeyGetCSPHandle(SecKeyRef, CSSM_CSP_HANDLE *); OSStatus SecKeyGetCredentials(SecKeyRef, CSSM_ACL_AUTHORIZATION_TAG, int, const CSSM_ACCESS_CREDENTIALS **); #define kSecCredentialTypeDefault 0 +#define CSSM_SIZE uint32_t #endif diff --git a/source4/heimdal/lib/hx509/ks_p12.c b/source4/heimdal/lib/hx509/ks_p12.c index c17ce3f6ac..d94ab197cd 100644 --- a/source4/heimdal/lib/hx509/ks_p12.c +++ b/source4/heimdal/lib/hx509/ks_p12.c @@ -571,7 +571,7 @@ p12_store(hx509_context context, memset(&as, 0, sizeof(as)); memset(&pfx, 0, sizeof(pfx)); - ret = hx509_certs_iter(context, p12->certs, store_func, &as); + ret = hx509_certs_iter_f(context, p12->certs, store_func, &as); if (ret) goto out; diff --git a/source4/heimdal/lib/hx509/peer.c b/source4/heimdal/lib/hx509/peer.c index c796e19173..457f6c4d04 100644 --- a/source4/heimdal/lib/hx509/peer.c +++ b/source4/heimdal/lib/hx509/peer.c @@ -3,6 +3,8 @@ * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -144,6 +146,7 @@ hx509_peer_info_add_cms_alg(hx509_context context, hx509_set_error_string(context, 0, ENOMEM, "out of memory"); return ENOMEM; } + peer->val = ptr; ret = copy_AlgorithmIdentifier(val, &peer->val[peer->len]); if (ret == 0) peer->len += 1; diff --git a/source4/heimdal/lib/hx509/revoke.c b/source4/heimdal/lib/hx509/revoke.c index 21140b3c7e..6d2cac4afb 100644 --- a/source4/heimdal/lib/hx509/revoke.c +++ b/source4/heimdal/lib/hx509/revoke.c @@ -989,7 +989,7 @@ hx509_ocsp_request(hx509_context context, ctx.digest = digest; ctx.parent = NULL; - ret = hx509_certs_iter(context, reqcerts, add_to_req, &ctx); + ret = hx509_certs_iter_f(context, reqcerts, add_to_req, &ctx); hx509_cert_free(ctx.parent); if (ret) goto out; @@ -1004,17 +1004,17 @@ hx509_ocsp_request(hx509_context context, es = req.tbsRequest.requestExtensions; - es->val = calloc(1, sizeof(es->val[0])); + es->val = calloc(es->len, sizeof(es->val[0])); if (es->val == NULL) { ret = ENOMEM; goto out; } + es->len = 1; ret = der_copy_oid(&asn1_oid_id_pkix_ocsp_nonce, &es->val[0].extnID); if (ret) { free_OCSPRequest(&req); return ret; } - es->len = 1; es->val[0].extnValue.data = malloc(10); if (es->val[0].extnValue.data == NULL) { @@ -1153,7 +1153,7 @@ hx509_revoke_ocsp_print(hx509_context context, const char *path, FILE *out) fprintf(out, "appended certs:\n"); if (ocsp.certs) - ret = hx509_certs_iter(context, ocsp.certs, hx509_ci_print_names, out); + ret = hx509_certs_iter_f(context, ocsp.certs, hx509_ci_print_names, out); free_ocsp(&ocsp); return ret; @@ -1486,7 +1486,7 @@ hx509_crl_sign(hx509_context context, } c.tbsCertList.crlExtensions = NULL; - ret = hx509_certs_iter(context, crl->revoked, add_revoked, &c.tbsCertList); + ret = hx509_certs_iter_f(context, crl->revoked, add_revoked, &c.tbsCertList); if (ret) goto out; diff --git a/source4/heimdal/lib/krb5/acache.c b/source4/heimdal/lib/krb5/acache.c index 0ecda99348..19a5997453 100644 --- a/source4/heimdal/lib/krb5/acache.c +++ b/source4/heimdal/lib/krb5/acache.c @@ -3,6 +3,8 @@ * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -37,8 +39,13 @@ #include <dlfcn.h> #endif +#ifndef KCM_IS_API_CACHE + static HEIMDAL_MUTEX acc_mutex = HEIMDAL_MUTEX_INITIALIZER; static cc_initialize_func init_func; +static void (*set_target_uid)(uid_t); +static void (*clear_target)(void); + #ifdef HAVE_DLOPEN static void *cc_handle; #endif @@ -82,18 +89,20 @@ translate_cc_error(krb5_context context, cc_int32 error) static krb5_error_code init_ccapi(krb5_context context) { - const char *lib; + const char *lib = NULL; HEIMDAL_MUTEX_lock(&acc_mutex); if (init_func) { HEIMDAL_MUTEX_unlock(&acc_mutex); - krb5_clear_error_message(context); + if (context) + krb5_clear_error_message(context); return 0; } - lib = krb5_config_get_string(context, NULL, - "libdefaults", "ccapi_library", - NULL); + if (context) + lib = krb5_config_get_string(context, NULL, + "libdefaults", "ccapi_library", + NULL); if (lib == NULL) { #ifdef __APPLE__ lib = "/System/Library/Frameworks/Kerberos.framework/Kerberos"; @@ -107,22 +116,29 @@ init_ccapi(krb5_context context) #ifndef RTLD_LAZY #define RTLD_LAZY 0 #endif +#ifndef RTLD_LOCAL +#define RTLD_LOCAL 0 +#endif - cc_handle = dlopen(lib, RTLD_LAZY); + cc_handle = dlopen(lib, RTLD_LAZY|RTLD_LOCAL); if (cc_handle == NULL) { HEIMDAL_MUTEX_unlock(&acc_mutex); - krb5_set_error_message(context, KRB5_CC_NOSUPP, - N_("Failed to load API cache module %s", "file"), - lib); + if (context) + krb5_set_error_message(context, KRB5_CC_NOSUPP, + N_("Failed to load API cache module %s", "file"), + lib); return KRB5_CC_NOSUPP; } init_func = (cc_initialize_func)dlsym(cc_handle, "cc_initialize"); + set_target_uid = dlsym(cc_handle, "krb5_ipc_client_set_target_uid"); + clear_target = dlsym(cc_handle, "krb5_ipc_client_clear_target"); HEIMDAL_MUTEX_unlock(&acc_mutex); if (init_func == NULL) { - krb5_set_error_message(context, KRB5_CC_NOSUPP, - N_("Failed to find cc_initialize" - "in %s: %s", "file, error"), lib, dlerror()); + if (context) + krb5_set_error_message(context, KRB5_CC_NOSUPP, + N_("Failed to find cc_initialize" + "in %s: %s", "file, error"), lib, dlerror()); dlclose(cc_handle); return KRB5_CC_NOSUPP; } @@ -130,12 +146,27 @@ init_ccapi(krb5_context context) return 0; #else HEIMDAL_MUTEX_unlock(&acc_mutex); - krb5_set_error_message(context, KRB5_CC_NOSUPP, - N_("no support for shared object", "")); + if (context) + krb5_set_error_message(context, KRB5_CC_NOSUPP, + N_("no support for shared object", "")); return KRB5_CC_NOSUPP; #endif } +void +_heim_krb5_ipc_client_set_target_uid(uid_t uid) +{ + init_ccapi(NULL); + (*set_target_uid)(uid); +} + +void +_heim_krb5_ipc_client_clear_target(void) +{ + init_ccapi(NULL); + (*clear_target)(); +} + static krb5_error_code make_cred_from_ccred(krb5_context context, const cc_credentials_v5_t *incred, @@ -1068,3 +1099,5 @@ KRB5_LIB_VARIABLE const krb5_cc_ops krb5_acc_ops = { acc_set_default, acc_lastchange }; + +#endif diff --git a/source4/heimdal/lib/krb5/add_et_list.c b/source4/heimdal/lib/krb5/add_et_list.c index ccffd93b2c..082014e107 100644 --- a/source4/heimdal/lib/krb5/add_et_list.c +++ b/source4/heimdal/lib/krb5/add_et_list.c @@ -47,7 +47,7 @@ * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_add_et_list (krb5_context context, void (*func)(struct et_list **)) { diff --git a/source4/heimdal/lib/krb5/addr_families.c b/source4/heimdal/lib/krb5/addr_families.c index f88fb2276a..cccf1cbc9a 100644 --- a/source4/heimdal/lib/krb5/addr_families.c +++ b/source4/heimdal/lib/krb5/addr_families.c @@ -175,16 +175,8 @@ ipv4_parse_addr (krb5_context context, const char *address, krb5_address *addr) return -1; } else p = address; -#ifdef HAVE_INET_ATON if(inet_aton(p, &a) == 0) return -1; -#elif defined(HAVE_INET_ADDR) - a.s_addr = inet_addr(p); - if(a.s_addr == INADDR_NONE) - return -1; -#else - return -1; -#endif addr->addr_type = KRB5_ADDRESS_INET; if(krb5_data_alloc(&addr->address, 4) != 0) return -1; @@ -339,9 +331,7 @@ static int ipv6_print_addr (const krb5_address *addr, char *str, size_t len) { char buf[128], buf2[3]; -#ifdef HAVE_INET_NTOP if(inet_ntop(AF_INET6, addr->address.data, buf, sizeof(buf)) == NULL) -#endif { /* XXX this is pretty ugly, but better than abort() */ int i; @@ -790,7 +780,7 @@ find_atype(int atype) * @ingroup krb5_address */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_sockaddr2address (krb5_context context, const struct sockaddr *sa, krb5_address *addr) { @@ -818,7 +808,7 @@ krb5_sockaddr2address (krb5_context context, * @ingroup krb5_address */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_sockaddr2port (krb5_context context, const struct sockaddr *sa, int16_t *port) { @@ -853,7 +843,7 @@ krb5_sockaddr2port (krb5_context context, * @ingroup krb5_address */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_addr2sockaddr (krb5_context context, const krb5_address *addr, struct sockaddr *sa, @@ -889,7 +879,7 @@ krb5_addr2sockaddr (krb5_context context, * @ingroup krb5_address */ -size_t KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION size_t KRB5_LIB_CALL krb5_max_sockaddr_size (void) { if (max_sockaddr_size == 0) { @@ -913,7 +903,7 @@ krb5_max_sockaddr_size (void) * @ingroup krb5_address */ -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_sockaddr_uninteresting(const struct sockaddr *sa) { struct addr_operations *a = find_af(sa->sa_family); @@ -941,7 +931,7 @@ krb5_sockaddr_uninteresting(const struct sockaddr *sa) * @ingroup krb5_address */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_h_addr2sockaddr (krb5_context context, int af, const char *addr, struct sockaddr *sa, @@ -972,7 +962,7 @@ krb5_h_addr2sockaddr (krb5_context context, * @ingroup krb5_address */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_h_addr2addr (krb5_context context, int af, const char *haddr, krb5_address *addr) @@ -1003,7 +993,7 @@ krb5_h_addr2addr (krb5_context context, * @ingroup krb5_address */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_anyaddr (krb5_context context, int af, struct sockaddr *sa, @@ -1038,7 +1028,7 @@ krb5_anyaddr (krb5_context context, * @ingroup krb5_address */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_print_address (const krb5_address *addr, char *str, size_t len, size_t *ret_len) { @@ -1088,7 +1078,7 @@ krb5_print_address (const krb5_address *addr, * @ingroup krb5_address */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_parse_address(krb5_context context, const char *string, krb5_addresses *addresses) @@ -1169,7 +1159,7 @@ krb5_parse_address(krb5_context context, * @ingroup krb5_address */ -int KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_address_order(krb5_context context, const krb5_address *addr1, const krb5_address *addr2) @@ -1218,7 +1208,7 @@ krb5_address_order(krb5_context context, * @ingroup krb5_address */ -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_address_compare(krb5_context context, const krb5_address *addr1, const krb5_address *addr2) @@ -1239,7 +1229,7 @@ krb5_address_compare(krb5_context context, * @ingroup krb5_address */ -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_address_search(krb5_context context, const krb5_address *addr, const krb5_addresses *addrlist) @@ -1264,7 +1254,7 @@ krb5_address_search(krb5_context context, * @ingroup krb5_address */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_address(krb5_context context, krb5_address *address) { @@ -1288,7 +1278,7 @@ krb5_free_address(krb5_context context, * @ingroup krb5_address */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_addresses(krb5_context context, krb5_addresses *addresses) { @@ -1314,7 +1304,7 @@ krb5_free_addresses(krb5_context context, * @ingroup krb5_address */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_address(krb5_context context, const krb5_address *inaddr, krb5_address *outaddr) @@ -1338,7 +1328,7 @@ krb5_copy_address(krb5_context context, * @ingroup krb5_address */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_addresses(krb5_context context, const krb5_addresses *inaddr, krb5_addresses *outaddr) @@ -1365,7 +1355,7 @@ krb5_copy_addresses(krb5_context context, * @ingroup krb5_address */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_append_addresses(krb5_context context, krb5_addresses *dest, const krb5_addresses *source) @@ -1409,7 +1399,7 @@ krb5_append_addresses(krb5_context context, * @ingroup krb5_address */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_make_addrport (krb5_context context, krb5_address **res, const krb5_address *addr, int16_t port) { @@ -1476,7 +1466,7 @@ krb5_make_addrport (krb5_context context, * @ingroup krb5_address */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_address_prefixlen_boundary(krb5_context context, const krb5_address *inaddr, unsigned long prefixlen, diff --git a/source4/heimdal/lib/krb5/appdefault.c b/source4/heimdal/lib/krb5/appdefault.c index 383e82dad4..d4dc758faa 100644 --- a/source4/heimdal/lib/krb5/appdefault.c +++ b/source4/heimdal/lib/krb5/appdefault.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_appdefault_boolean(krb5_context context, const char *appname, krb5_const_realm realm, const char *option, krb5_boolean def_val, krb5_boolean *ret_val) @@ -75,7 +75,7 @@ krb5_appdefault_boolean(krb5_context context, const char *appname, *ret_val = def_val; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_appdefault_string(krb5_context context, const char *appname, krb5_const_realm realm, const char *option, const char *def_val, char **ret_val) @@ -119,7 +119,7 @@ krb5_appdefault_string(krb5_context context, const char *appname, *ret_val = NULL; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_appdefault_time(krb5_context context, const char *appname, krb5_const_realm realm, const char *option, time_t def_val, time_t *ret_val) diff --git a/source4/heimdal/lib/krb5/asn1_glue.c b/source4/heimdal/lib/krb5/asn1_glue.c index 59c0fbd64b..a821faff93 100644 --- a/source4/heimdal/lib/krb5/asn1_glue.c +++ b/source4/heimdal/lib/krb5/asn1_glue.c @@ -37,14 +37,14 @@ #include "krb5_locl.h" -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_principal2principalname (PrincipalName *p, const krb5_principal from) { return copy_PrincipalName(&from->name, p); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_principalname2krb5_principal (krb5_context context, krb5_principal *principal, const PrincipalName from, diff --git a/source4/heimdal/lib/krb5/auth_context.c b/source4/heimdal/lib/krb5/auth_context.c index dfb9f6a0e3..ea59c73931 100644 --- a/source4/heimdal/lib/krb5/auth_context.c +++ b/source4/heimdal/lib/krb5/auth_context.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_init(krb5_context context, krb5_auth_context *auth_context) { @@ -64,7 +64,7 @@ krb5_auth_con_init(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_free(krb5_context context, krb5_auth_context auth_context) { @@ -86,7 +86,7 @@ krb5_auth_con_free(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_setflags(krb5_context context, krb5_auth_context auth_context, int32_t flags) @@ -96,7 +96,7 @@ krb5_auth_con_setflags(krb5_context context, } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_getflags(krb5_context context, krb5_auth_context auth_context, int32_t *flags) @@ -105,7 +105,7 @@ krb5_auth_con_getflags(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_addflags(krb5_context context, krb5_auth_context auth_context, int32_t addflags, @@ -117,7 +117,7 @@ krb5_auth_con_addflags(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_removeflags(krb5_context context, krb5_auth_context auth_context, int32_t removeflags, @@ -129,7 +129,7 @@ krb5_auth_con_removeflags(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_setaddrs(krb5_context context, krb5_auth_context auth_context, krb5_address *local_addr, @@ -154,10 +154,10 @@ krb5_auth_con_setaddrs(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_genaddrs(krb5_context context, krb5_auth_context auth_context, - int fd, int flags) + krb5_socket_t fd, int flags) { krb5_error_code ret; krb5_address local_k_address, remote_k_address; @@ -170,10 +170,10 @@ krb5_auth_con_genaddrs(krb5_context context, if(flags & KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR) { if (auth_context->local_address == NULL) { len = sizeof(ss_local); - if(getsockname(fd, local, &len) < 0) { + if(rk_IS_SOCKET_ERROR(getsockname(fd, local, &len))) { char buf[128]; - ret = errno; - strerror_r(ret, buf, sizeof(buf)); + ret = rk_SOCK_ERRNO; + rk_strerror_r(ret, buf, sizeof(buf)); krb5_set_error_message(context, ret, "getsockname: %s", buf); goto out; } @@ -188,10 +188,10 @@ krb5_auth_con_genaddrs(krb5_context context, } if(flags & KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR) { len = sizeof(ss_remote); - if(getpeername(fd, remote, &len) < 0) { + if(rk_IS_SOCKET_ERROR(getpeername(fd, remote, &len))) { char buf[128]; - ret = errno; - strerror_r(ret, buf, sizeof(buf)); + ret = rk_SOCK_ERRNO; + rk_strerror_r(ret, buf, sizeof(buf)); krb5_set_error_message(context, ret, "getpeername: %s", buf); goto out; } @@ -216,12 +216,12 @@ krb5_auth_con_genaddrs(krb5_context context, } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_setaddrs_from_fd (krb5_context context, krb5_auth_context auth_context, void *p_fd) { - int fd = *(int*)p_fd; + krb5_socket_t fd = *(krb5_socket_t *)p_fd; int flags = 0; if(auth_context->local_address == NULL) flags |= KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR; @@ -230,7 +230,7 @@ krb5_auth_con_setaddrs_from_fd (krb5_context context, return krb5_auth_con_genaddrs(context, auth_context, fd, flags); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_getaddrs(krb5_context context, krb5_auth_context auth_context, krb5_address **local_addr, @@ -273,7 +273,7 @@ copy_key(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_getkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock **keyblock) @@ -281,7 +281,7 @@ krb5_auth_con_getkey(krb5_context context, return copy_key(context, auth_context->keyblock, keyblock); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_getlocalsubkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock **keyblock) @@ -289,7 +289,7 @@ krb5_auth_con_getlocalsubkey(krb5_context context, return copy_key(context, auth_context->local_subkey, keyblock); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_getremotesubkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock **keyblock) @@ -297,7 +297,7 @@ krb5_auth_con_getremotesubkey(krb5_context context, return copy_key(context, auth_context->remote_subkey, keyblock); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_setkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock *keyblock) @@ -307,7 +307,7 @@ krb5_auth_con_setkey(krb5_context context, return copy_key(context, keyblock, &auth_context->keyblock); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_setlocalsubkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock *keyblock) @@ -317,7 +317,7 @@ krb5_auth_con_setlocalsubkey(krb5_context context, return copy_key(context, keyblock, &auth_context->local_subkey); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_generatelocalsubkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock *key) @@ -337,7 +337,7 @@ krb5_auth_con_generatelocalsubkey(krb5_context context, } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_setremotesubkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock *keyblock) @@ -347,7 +347,7 @@ krb5_auth_con_setremotesubkey(krb5_context context, return copy_key(context, keyblock, &auth_context->remote_subkey); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_setcksumtype(krb5_context context, krb5_auth_context auth_context, krb5_cksumtype cksumtype) @@ -356,7 +356,7 @@ krb5_auth_con_setcksumtype(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_getcksumtype(krb5_context context, krb5_auth_context auth_context, krb5_cksumtype *cksumtype) @@ -365,7 +365,7 @@ krb5_auth_con_getcksumtype(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_setkeytype (krb5_context context, krb5_auth_context auth_context, krb5_keytype keytype) @@ -374,7 +374,7 @@ krb5_auth_con_setkeytype (krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_getkeytype (krb5_context context, krb5_auth_context auth_context, krb5_keytype *keytype) @@ -384,7 +384,7 @@ krb5_auth_con_getkeytype (krb5_context context, } #if 0 -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_setenctype(krb5_context context, krb5_auth_context auth_context, krb5_enctype etype) @@ -398,7 +398,7 @@ krb5_auth_con_setenctype(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_getenctype(krb5_context context, krb5_auth_context auth_context, krb5_enctype *etype) @@ -407,7 +407,7 @@ krb5_auth_con_getenctype(krb5_context context, } #endif -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_getlocalseqnumber(krb5_context context, krb5_auth_context auth_context, int32_t *seqnumber) @@ -416,7 +416,7 @@ krb5_auth_con_getlocalseqnumber(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_setlocalseqnumber (krb5_context context, krb5_auth_context auth_context, int32_t seqnumber) @@ -425,16 +425,16 @@ krb5_auth_con_setlocalseqnumber (krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION -krb5_auth_getremoteseqnumber(krb5_context context, - krb5_auth_context auth_context, - int32_t *seqnumber) +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_auth_con_getremoteseqnumber(krb5_context context, + krb5_auth_context auth_context, + int32_t *seqnumber) { *seqnumber = auth_context->remote_seqnumber; return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_setremoteseqnumber (krb5_context context, krb5_auth_context auth_context, int32_t seqnumber) @@ -444,7 +444,7 @@ krb5_auth_con_setremoteseqnumber (krb5_context context, } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_getauthenticator(krb5_context context, krb5_auth_context auth_context, krb5_authenticator *authenticator) @@ -461,7 +461,7 @@ krb5_auth_con_getauthenticator(krb5_context context, } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_authenticator(krb5_context context, krb5_authenticator *authenticator) { @@ -471,7 +471,7 @@ krb5_free_authenticator(krb5_context context, } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_setuserkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock *keyblock) @@ -481,7 +481,7 @@ krb5_auth_con_setuserkey(krb5_context context, return krb5_copy_keyblock(context, keyblock, &auth_context->keyblock); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_getrcache(krb5_context context, krb5_auth_context auth_context, krb5_rcache *rcache) @@ -490,7 +490,7 @@ krb5_auth_con_getrcache(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_setrcache(krb5_context context, krb5_auth_context auth_context, krb5_rcache rcache) @@ -501,7 +501,7 @@ krb5_auth_con_setrcache(krb5_context context, #if 0 /* not implemented */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_initivector(krb5_context context, krb5_auth_context auth_context) { @@ -509,7 +509,7 @@ krb5_auth_con_initivector(krb5_context context, } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_setivector(krb5_context context, krb5_auth_context auth_context, krb5_pointer ivector) diff --git a/source4/heimdal/lib/krb5/build_ap_req.c b/source4/heimdal/lib/krb5/build_ap_req.c index 1550239faf..d56a0a194e 100644 --- a/source4/heimdal/lib/krb5/build_ap_req.c +++ b/source4/heimdal/lib/krb5/build_ap_req.c @@ -31,9 +31,9 @@ * SUCH DAMAGE. */ -#include <krb5_locl.h> +#include "krb5_locl.h" -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_build_ap_req (krb5_context context, krb5_enctype enctype, krb5_creds *cred, diff --git a/source4/heimdal/lib/krb5/build_auth.c b/source4/heimdal/lib/krb5/build_auth.c index a845e0ac33..85d64525de 100644 --- a/source4/heimdal/lib/krb5/build_auth.c +++ b/source4/heimdal/lib/krb5/build_auth.c @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -#include <krb5_locl.h> +#include "krb5_locl.h" static krb5_error_code make_etypelist(krb5_context context, @@ -99,14 +99,14 @@ make_etypelist(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION -_krb5_build_authenticator(krb5_context context, - krb5_auth_context auth_context, - krb5_enctype enctype, - krb5_creds *cred, - Checksum *cksum, - krb5_data *result, - krb5_key_usage usage) +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_build_authenticator (krb5_context context, + krb5_auth_context auth_context, + krb5_enctype enctype, + krb5_creds *cred, + Checksum *cksum, + krb5_data *result, + krb5_key_usage usage) { Authenticator auth; u_char *buf = NULL; diff --git a/source4/heimdal/lib/krb5/cache.c b/source4/heimdal/lib/krb5/cache.c index 3617a0eefd..ce8040d07c 100644 --- a/source4/heimdal/lib/krb5/cache.c +++ b/source4/heimdal/lib/krb5/cache.c @@ -3,6 +3,8 @@ * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -112,7 +114,7 @@ main (int argc, char **argv) * @ingroup krb5_ccache */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_register(krb5_context context, const krb5_cc_ops *ops, krb5_boolean override) @@ -184,13 +186,34 @@ allocate_ccache (krb5_context context, krb5_ccache *id) { krb5_error_code ret; +#ifdef KRB5_USE_PATH_TOKENS + char * exp_residual = NULL; - ret = _krb5_cc_allocate(context, ops, id); + ret = _krb5_expand_path_tokens(context, residual, &exp_residual); if (ret) return ret; + + residual = exp_residual; +#endif + + ret = _krb5_cc_allocate(context, ops, id); + if (ret) { +#ifdef KRB5_USE_PATH_TOKENS + if (exp_residual) + free(exp_residual); +#endif + return ret; + } + ret = (*id)->ops->resolve(context, id, residual); if(ret) free(*id); + +#ifdef KRB5_USE_PATH_TOKENS + if (exp_residual) + free(exp_residual); +#endif + return ret; } @@ -209,7 +232,7 @@ allocate_ccache (krb5_context context, */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_resolve(krb5_context context, const char *name, krb5_ccache *id) @@ -249,7 +272,7 @@ krb5_cc_resolve(krb5_context context, * @ingroup krb5_ccache */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_new_unique(krb5_context context, const char *type, const char *hint, krb5_ccache *id) { @@ -281,7 +304,7 @@ krb5_cc_new_unique(krb5_context context, const char *type, */ -const char* KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_cc_get_name(krb5_context context, krb5_ccache id) { @@ -295,7 +318,7 @@ krb5_cc_get_name(krb5_context context, */ -const char* KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_cc_get_type(krb5_context context, krb5_ccache id) { @@ -303,15 +326,19 @@ krb5_cc_get_type(krb5_context context, } /** - * Return the complete resolvable name the ccache `id' in `str´. - * `str` should be freed with free(3). - * Returns 0 or an error (and then *str is set to NULL). + * Return the complete resolvable name the cache + + * @param context a Keberos context + * @param id return pointer to a found credential cache + * @param str the returned name of a credential cache, free with krb5_xfree() + * + * @return Returns 0 or an error (and then *str is set to NULL). * * @ingroup krb5_ccache */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_full_name(krb5_context context, krb5_ccache id, char **str) @@ -362,6 +389,7 @@ krb5_cc_get_ops(krb5_context context, krb5_ccache id) krb5_error_code _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res) { +#ifndef KRB5_USE_PATH_TOKENS size_t tlen, len = 0; char *tmp, *tmp2, *append; @@ -379,7 +407,8 @@ _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res) } else if (tmp) { tmp2 = strchr(tmp, '}'); if (tmp2 == NULL) { - free(*res); + if (*res) + free(*res); *res = NULL; krb5_set_error_message(context, KRB5_CONFIG_BADFORMAT, "variable missing }"); @@ -390,7 +419,8 @@ _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res) else if (strncasecmp(tmp, "%{null}", 7) == 0) append = strdup(""); else { - free(*res); + if (*res) + free(*res); *res = NULL; krb5_set_error_message(context, KRB5_CONFIG_BADFORMAT, @@ -405,7 +435,8 @@ _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res) str = NULL; } if (append == NULL) { - free(*res); + if (*res) + free(*res); *res = NULL; krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); @@ -416,7 +447,8 @@ _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res) tmp = realloc(*res, len + tlen + 1); if (tmp == NULL) { free(append); - free(*res); + if (*res) + free(*res); *res = NULL; krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); @@ -428,6 +460,13 @@ _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res) free(append); } return 0; +#else /* _WIN32 */ + /* On Windows, we use the more generic _krb5_expand_path_tokens() + function which also handles path tokens in addition to %{uid} + and %{null} */ + + return _krb5_expand_path_tokens(context, str, res); +#endif } /* @@ -444,6 +483,12 @@ environment_changed(krb5_context context) if (context->default_cc_name_set) return 0; + /* XXX performance: always ask KCM/API if default name has changed */ + if (context->default_cc_name && + (strncmp(context->default_cc_name, "KCM:", 4) == 0 || + strncmp(context->default_cc_name, "API:", 4) == 0)) + return 1; + if(issuid()) return 0; @@ -472,7 +517,7 @@ environment_changed(krb5_context context) * @ingroup krb5_ccache */ -krb5_error_code +krb5_error_code KRB5_LIB_FUNCTION krb5_cc_switch(krb5_context context, krb5_ccache id) { @@ -483,12 +528,29 @@ krb5_cc_switch(krb5_context context, krb5_ccache id) } /** + * Return true if the default credential cache support switch + * + * @ingroup krb5_ccache + */ + +krb5_boolean KRB5_LIB_FUNCTION +krb5_cc_support_switch(krb5_context context, const char *type) +{ + const krb5_cc_ops *ops; + + ops = krb5_cc_get_prefix_ops(context, type); + if (ops && ops->set_default) + return 1; + return FALSE; +} + +/** * Set the default cc name for `context' to `name'. * * @ingroup krb5_ccache */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_set_default_name(krb5_context context, const char *name) { krb5_error_code ret = 0; @@ -544,6 +606,20 @@ krb5_cc_set_default_name(krb5_context context, const char *name) return ENOMEM; } +#ifdef KRB5_USE_PATH_TOKENS + { + char * exp_p = NULL; + + if (_krb5_expand_path_tokens(context, p, &exp_p) == 0) { + free (p); + p = exp_p; + } else { + free (p); + return EINVAL; + } + } +#endif + if (context->default_cc_name) free(context->default_cc_name); @@ -562,7 +638,7 @@ krb5_cc_set_default_name(krb5_context context, const char *name) */ -const char* KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_cc_default_name(krb5_context context) { if (context->default_cc_name == NULL || environment_changed(context)) @@ -580,7 +656,7 @@ krb5_cc_default_name(krb5_context context) */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_default(krb5_context context, krb5_ccache *id) { @@ -602,7 +678,7 @@ krb5_cc_default(krb5_context context, */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_initialize(krb5_context context, krb5_ccache id, krb5_principal primary_principal) @@ -620,7 +696,7 @@ krb5_cc_initialize(krb5_context context, */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_destroy(krb5_context context, krb5_ccache id) { @@ -640,7 +716,7 @@ krb5_cc_destroy(krb5_context context, */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_close(krb5_context context, krb5_ccache id) { @@ -659,7 +735,7 @@ krb5_cc_close(krb5_context context, */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_store_cred(krb5_context context, krb5_ccache id, krb5_creds *creds) @@ -685,7 +761,7 @@ krb5_cc_store_cred(krb5_context context, */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_retrieve_cred(krb5_context context, krb5_ccache id, krb5_flags whichfields, @@ -723,7 +799,7 @@ krb5_cc_retrieve_cred(krb5_context context, */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_principal(krb5_context context, krb5_ccache id, krb5_principal *principal) @@ -741,7 +817,7 @@ krb5_cc_get_principal(krb5_context context, */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_start_seq_get (krb5_context context, const krb5_ccache id, krb5_cc_cursor *cursor) @@ -759,7 +835,7 @@ krb5_cc_start_seq_get (krb5_context context, */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_next_cred (krb5_context context, const krb5_ccache id, krb5_cc_cursor *cursor, @@ -775,7 +851,7 @@ krb5_cc_next_cred (krb5_context context, */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_end_seq_get (krb5_context context, const krb5_ccache id, krb5_cc_cursor *cursor) @@ -790,7 +866,7 @@ krb5_cc_end_seq_get (krb5_context context, */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_remove_cred(krb5_context context, krb5_ccache id, krb5_flags which, @@ -813,7 +889,7 @@ krb5_cc_remove_cred(krb5_context context, */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_set_flags(krb5_context context, krb5_ccache id, krb5_flags flags) @@ -827,7 +903,7 @@ krb5_cc_set_flags(krb5_context context, * @ingroup krb5_ccache */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_flags(krb5_context context, krb5_ccache id, krb5_flags *flags) @@ -852,7 +928,7 @@ krb5_cc_get_flags(krb5_context context, * @ingroup krb5_ccache */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_copy_match_f(krb5_context context, const krb5_ccache from, krb5_ccache to, @@ -905,7 +981,7 @@ krb5_cc_copy_match_f(krb5_context context, * @ingroup @krb5_ccache */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_copy_cache(krb5_context context, const krb5_ccache from, krb5_ccache to) @@ -920,7 +996,7 @@ krb5_cc_copy_cache(krb5_context context, */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_version(krb5_context context, const krb5_ccache id) { @@ -937,7 +1013,7 @@ krb5_cc_get_version(krb5_context context, */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_cc_clear_mcred(krb5_creds *mcred) { memset(mcred, 0, sizeof(*mcred)); @@ -1005,7 +1081,7 @@ struct krb5_cc_cache_cursor_data { */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_cache_get_first (krb5_context context, const char *type, krb5_cc_cache_cursor *cursor) @@ -1063,7 +1139,7 @@ krb5_cc_cache_get_first (krb5_context context, */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_cache_next (krb5_context context, krb5_cc_cache_cursor cursor, krb5_ccache *id) @@ -1080,7 +1156,7 @@ krb5_cc_cache_next (krb5_context context, */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_cache_end_seq_get (krb5_context context, krb5_cc_cache_cursor cursor) { @@ -1106,7 +1182,7 @@ krb5_cc_cache_end_seq_get (krb5_context context, */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_cache_match (krb5_context context, krb5_principal client, krb5_ccache *id) @@ -1240,7 +1316,7 @@ build_conf_principals(krb5_context context, krb5_ccache id, * @ingroup krb5_ccache */ -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_is_config_principal(krb5_context context, krb5_const_principal principal) { @@ -1268,7 +1344,7 @@ krb5_is_config_principal(krb5_context context, * @ingroup krb5_ccache */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_set_config(krb5_context context, krb5_ccache id, krb5_const_principal principal, const char *name, krb5_data *data) @@ -1316,7 +1392,7 @@ out: */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_config(krb5_context context, krb5_ccache id, krb5_const_principal principal, const char *name, krb5_data *data) @@ -1347,7 +1423,7 @@ out: * */ -struct krb5_cccol_cursor { +struct krb5_cccol_cursor_data { int idx; krb5_cc_cache_cursor cursor; }; @@ -1364,7 +1440,7 @@ struct krb5_cccol_cursor { * @ingroup krb5_ccache */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cccol_cursor_new(krb5_context context, krb5_cccol_cursor *cursor) { *cursor = calloc(1, sizeof(**cursor)); @@ -1396,7 +1472,7 @@ krb5_cccol_cursor_new(krb5_context context, krb5_cccol_cursor *cursor) */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cccol_cursor_next(krb5_context context, krb5_cccol_cursor cursor, krb5_ccache *cache) { @@ -1447,7 +1523,7 @@ krb5_cccol_cursor_next(krb5_context context, krb5_cccol_cursor cursor, * @ingroup krb5_ccache */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cccol_cursor_free(krb5_context context, krb5_cccol_cursor *cursor) { krb5_cccol_cursor c = *cursor; @@ -1474,7 +1550,7 @@ krb5_cccol_cursor_free(krb5_context context, krb5_cccol_cursor *cursor) */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_last_change_time(krb5_context context, krb5_ccache id, krb5_timestamp *mtime) @@ -1497,7 +1573,7 @@ krb5_cc_last_change_time(krb5_context context, * @ingroup krb5_ccache */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cccol_last_change_time(krb5_context context, const char *type, krb5_timestamp *mtime) @@ -1538,7 +1614,7 @@ krb5_cccol_last_change_time(krb5_context context, * @ingroup krb5_ccache */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_friendly_name(krb5_context context, krb5_ccache id, char **name) @@ -1575,7 +1651,7 @@ krb5_cc_get_friendly_name(krb5_context context, * @ingroup krb5_ccache */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_set_friendly_name(krb5_context context, krb5_ccache id, const char *name) @@ -1603,7 +1679,7 @@ krb5_cc_set_friendly_name(krb5_context context, * @ingroup krb5_ccache */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_lifetime(krb5_context context, krb5_ccache id, time_t *t) { krb5_cc_cursor cursor; @@ -1623,13 +1699,61 @@ krb5_cc_get_lifetime(krb5_context context, krb5_ccache id, time_t *t) if (now < cred.times.endtime) *t = cred.times.endtime - now; krb5_free_cred_contents(context, &cred); - goto out; + break; } krb5_free_cred_contents(context, &cred); } - out: krb5_cc_end_seq_get(context, id, &cursor); return ret; } + +/** + * Set the time offset betwen the client and the KDC + * + * If the backend doesn't support KDC offset, use the context global setting. + * + * @param context A Kerberos 5 context. + * @param id a credential cache + * @param offset the offset in seconds + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_ccache + */ + +krb5_error_code +krb5_cc_set_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat offset) +{ + if (id->ops->set_kdc_offset == NULL) { + context->kdc_sec_offset = offset; + context->kdc_usec_offset = 0; + return 0; + } + return (*id->ops->set_kdc_offset)(context, id, offset); +} + +/** + * Get the time offset betwen the client and the KDC + * + * If the backend doesn't support KDC offset, use the context global setting. + * + * @param context A Kerberos 5 context. + * @param id a credential cache + * @param offset the offset in seconds + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_ccache + */ + +krb5_error_code +krb5_cc_get_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat *offset) +{ + if (id->ops->get_kdc_offset == NULL) { + *offset = context->kdc_sec_offset; + return 0; + } + return (*id->ops->get_kdc_offset)(context, id, offset); +} diff --git a/source4/heimdal/lib/krb5/changepw.c b/source4/heimdal/lib/krb5/changepw.c index 207b86b488..a962f06f5f 100644 --- a/source4/heimdal/lib/krb5/changepw.c +++ b/source4/heimdal/lib/krb5/changepw.c @@ -33,7 +33,7 @@ #define KRB5_DEPRECATED -#include <krb5_locl.h> +#include "krb5_locl.h" #undef __attribute__ #define __attribute__(X) @@ -602,7 +602,8 @@ change_password_loop (krb5_context context, goto out; } } - + +#ifndef NO_LIMIT_FD_SETSIZE if (sock >= FD_SETSIZE) { ret = ERANGE; krb5_set_error_message(context, ret, @@ -610,6 +611,7 @@ change_password_loop (krb5_context context, close (sock); goto out; } +#endif FD_ZERO(&fdset); FD_SET(sock, &fdset); @@ -670,7 +672,7 @@ find_chpw_proto(const char *name) } /** - * krb5_change_password() is deprecated, use krb5_set_password(). + * Deprecated: krb5_change_password() is deprecated, use krb5_set_password(). * * @param context a Keberos context * @param creds @@ -684,14 +686,14 @@ find_chpw_proto(const char *name) * @ingroup @krb5_deprecated */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_DEPRECATED +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_change_password (krb5_context context, krb5_creds *creds, const char *newpw, int *result_code, krb5_data *result_code_string, krb5_data *result_string) - KRB5_DEPRECATED { struct kpwd_proc *p = find_chpw_proto("change password"); @@ -726,7 +728,7 @@ krb5_change_password (krb5_context context, * @ingroup @krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_password(krb5_context context, krb5_creds *creds, const char *newpw, @@ -769,7 +771,7 @@ krb5_set_password(krb5_context context, * */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_password_using_ccache(krb5_context context, krb5_ccache ccache, const char *newpw, @@ -834,7 +836,7 @@ krb5_set_password_using_ccache(krb5_context context, * */ -const char* KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_passwd_result_to_string (krb5_context context, int result) { diff --git a/source4/heimdal/lib/krb5/codec.c b/source4/heimdal/lib/krb5/codec.c index ebda3e51f7..d73a719100 100644 --- a/source4/heimdal/lib/krb5/codec.c +++ b/source4/heimdal/lib/krb5/codec.c @@ -37,178 +37,178 @@ #ifndef HEIMDAL_SMALLER -krb5_error_code KRB5_LIB_FUNCTION +KRB5_DEPRECATED +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decode_EncTicketPart (krb5_context context, const void *data, size_t length, EncTicketPart *t, size_t *len) - KRB5_DEPRECATED { return decode_EncTicketPart(data, length, t, len); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_DEPRECATED +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_encode_EncTicketPart (krb5_context context, void *data, size_t length, EncTicketPart *t, size_t *len) - KRB5_DEPRECATED { return encode_EncTicketPart(data, length, t, len); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_DEPRECATED +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decode_EncASRepPart (krb5_context context, const void *data, size_t length, EncASRepPart *t, size_t *len) - KRB5_DEPRECATED { return decode_EncASRepPart(data, length, t, len); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_DEPRECATED +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_encode_EncASRepPart (krb5_context context, void *data, size_t length, EncASRepPart *t, size_t *len) - KRB5_DEPRECATED { return encode_EncASRepPart(data, length, t, len); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_DEPRECATED +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decode_EncTGSRepPart (krb5_context context, const void *data, size_t length, EncTGSRepPart *t, size_t *len) - KRB5_DEPRECATED { return decode_EncTGSRepPart(data, length, t, len); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_DEPRECATED +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_encode_EncTGSRepPart (krb5_context context, void *data, size_t length, EncTGSRepPart *t, size_t *len) - KRB5_DEPRECATED { return encode_EncTGSRepPart(data, length, t, len); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_DEPRECATED +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decode_EncAPRepPart (krb5_context context, const void *data, size_t length, EncAPRepPart *t, size_t *len) - KRB5_DEPRECATED { return decode_EncAPRepPart(data, length, t, len); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_DEPRECATED +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_encode_EncAPRepPart (krb5_context context, void *data, size_t length, EncAPRepPart *t, size_t *len) - KRB5_DEPRECATED { return encode_EncAPRepPart(data, length, t, len); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_DEPRECATED +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decode_Authenticator (krb5_context context, const void *data, size_t length, Authenticator *t, size_t *len) - KRB5_DEPRECATED { return decode_Authenticator(data, length, t, len); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_DEPRECATED +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_encode_Authenticator (krb5_context context, void *data, size_t length, Authenticator *t, size_t *len) - KRB5_DEPRECATED { return encode_Authenticator(data, length, t, len); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_DEPRECATED +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decode_EncKrbCredPart (krb5_context context, const void *data, size_t length, EncKrbCredPart *t, size_t *len) - KRB5_DEPRECATED { return decode_EncKrbCredPart(data, length, t, len); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_DEPRECATED +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_encode_EncKrbCredPart (krb5_context context, void *data, size_t length, EncKrbCredPart *t, size_t *len) - KRB5_DEPRECATED { return encode_EncKrbCredPart (data, length, t, len); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_DEPRECATED +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decode_ETYPE_INFO (krb5_context context, const void *data, size_t length, ETYPE_INFO *t, size_t *len) - KRB5_DEPRECATED { return decode_ETYPE_INFO(data, length, t, len); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_DEPRECATED +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_encode_ETYPE_INFO (krb5_context context, void *data, size_t length, ETYPE_INFO *t, size_t *len) - KRB5_DEPRECATED { return encode_ETYPE_INFO (data, length, t, len); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_DEPRECATED +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decode_ETYPE_INFO2 (krb5_context context, const void *data, size_t length, ETYPE_INFO2 *t, size_t *len) - KRB5_DEPRECATED { return decode_ETYPE_INFO2(data, length, t, len); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_DEPRECATED +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_encode_ETYPE_INFO2 (krb5_context context, void *data, size_t length, ETYPE_INFO2 *t, size_t *len) - KRB5_DEPRECATED { return encode_ETYPE_INFO2 (data, length, t, len); } diff --git a/source4/heimdal/lib/krb5/config_file.c b/source4/heimdal/lib/krb5/config_file.c index 03c0e335d4..4eb4e12fad 100644 --- a/source4/heimdal/lib/krb5/config_file.c +++ b/source4/heimdal/lib/krb5/config_file.c @@ -3,6 +3,8 @@ * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -35,6 +37,10 @@ #include "krb5_locl.h" +#ifdef __APPLE__ +#include <CoreFoundation/CoreFoundation.h> +#endif + /* Gaah! I want a portable funopen */ struct fileptr { const char *s; @@ -233,6 +239,98 @@ parse_binding(struct fileptr *f, unsigned *lineno, char *p, return ret; } +#ifdef __APPLE__ +static char * +cfstring2cstring(CFStringRef string) +{ + CFIndex len; + char *str; + + str = (char *) CFStringGetCStringPtr(string, kCFStringEncodingUTF8); + if (str) + return strdup(str); + + len = CFStringGetLength(string); + len = 1 + CFStringGetMaximumSizeForEncoding(len, kCFStringEncodingUTF8); + str = malloc(len); + if (str == NULL) + return NULL; + + if (!CFStringGetCString (string, str, len, kCFStringEncodingUTF8)) { + free (str); + return NULL; + } + return str; +} + +static void +convert_content(const void *key, const void *value, void *context) +{ + krb5_config_section *tmp, **parent = context; + char *k; + + if (CFGetTypeID(key) != CFStringGetTypeID()) + return; + + k = cfstring2cstring(key); + if (k == NULL) + return; + + if (CFGetTypeID(value) == CFStringGetTypeID()) { + tmp = get_entry(parent, k, krb5_config_string); + tmp->u.string = cfstring2cstring(value); + } else if (CFGetTypeID(value) == CFDictionaryGetTypeID()) { + tmp = get_entry(parent, k, krb5_config_list); + CFDictionaryApplyFunction(value, convert_content, &tmp->u.list); + } else { + /* log */ + } + free(k); +} + +static krb5_error_code +parse_plist_config(krb5_context context, const char *path, krb5_config_section **parent) +{ + CFReadStreamRef s; + CFDictionaryRef d; + CFErrorRef e; + CFURLRef url; + + url = CFURLCreateFromFileSystemRepresentation(kCFAllocatorDefault, (UInt8 *)path, strlen(path), FALSE); + if (url == NULL) { + krb5_clear_error_message(context); + return ENOMEM; + } + + s = CFReadStreamCreateWithFile(kCFAllocatorDefault, url); + CFRelease(url); + if (s == NULL) { + krb5_clear_error_message(context); + return ENOMEM; + } + + if (!CFReadStreamOpen(s)) { + CFRelease(s); + krb5_clear_error_message(context); + return ENOENT; + } + + d = (CFDictionaryRef)CFPropertyListCreateWithStream (kCFAllocatorDefault, s, 0, kCFPropertyListImmutable, NULL, &e); + CFRelease(s); + if (d == NULL) { + krb5_clear_error_message(context); + return ENOENT; + } + + CFDictionaryApplyFunction(d, convert_content, parent); + CFRelease(d); + + return 0; +} + +#endif + + /* * Parse the config file `fname', generating the structures into `res' * returning error messages in `error_message' @@ -280,6 +378,18 @@ krb5_config_parse_debug (struct fileptr *f, return 0; } +static int +is_plist_file(const char *fname) +{ + size_t len = strlen(fname); + char suffix[] = ".plist"; + if (len < sizeof(suffix)) + return 0; + if (strcasecmp(&fname[len - (sizeof(suffix) - 1)], suffix) != 0) + return 0; + return 1; +} + /** * Parse a configuration file and add the result into res. This * interface can be used to parse several configuration files into one @@ -293,7 +403,7 @@ krb5_config_parse_debug (struct fileptr *f, * @ingroup krb5_support */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_config_parse_file_multi (krb5_context context, const char *fname, krb5_config_section **res) @@ -309,9 +419,16 @@ krb5_config_parse_file_multi (krb5_context context, * current users home directory. The behavior can be disabled and * enabled by calling krb5_set_home_dir_access(). */ - if (_krb5_homedir_access(context) && fname[0] == '~' && fname[1] == '/') { + if (fname[0] == '~' && fname[1] == '/') { +#ifndef KRB5_USE_PATH_TOKENS const char *home = NULL; + if (!_krb5_homedir_access(context)) { + krb5_set_error_message(context, EPERM, + "Access to home directory not allowed"); + return EPERM; + } + if(!issuid()) home = getenv("HOME"); @@ -329,33 +446,73 @@ krb5_config_parse_file_multi (krb5_context context, } fname = newfname; } +#else /* KRB5_USE_PATH_TOKENS */ + asprintf(&newfname, "%%{USERCONFIG}/%s", &fname[1]); + if (newfname == NULL) { + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); + return ENOMEM; + } + fname = newfname; +#endif } - f.f = fopen(fname, "r"); - f.s = NULL; - if(f.f == NULL) { - ret = errno; - krb5_set_error_message (context, ret, "open %s: %s", - fname, strerror(ret)); - if (newfname) - free(newfname); - return ret; - } + if (is_plist_file(fname)) { +#ifdef __APPLE__ + ret = parse_plist_config(context, fname, res); + if (ret) { + krb5_set_error_message(context, ret, + "Failed to parse plist %s", fname); + if (newfname) + free(newfname); + return ret; + } +#else + krb5_set_error_message(context, ENOENT, + "no support for plist configuration files"); + return ENOENT; +#endif + } else { +#ifdef KRB5_USE_PATH_TOKENS + char * exp_fname = NULL; - ret = krb5_config_parse_debug (&f, res, &lineno, &str); - fclose(f.f); - if (ret) { - krb5_set_error_message (context, ret, "%s:%u: %s", fname, lineno, str); + ret = _krb5_expand_path_tokens(context, fname, &exp_fname); + if (ret) { + if (newfname) + free(newfname); + return ret; + } + if (newfname) free(newfname); - return ret; + fname = newfname = exp_fname; +#endif + + f.f = fopen(fname, "r"); + f.s = NULL; + if(f.f == NULL) { + ret = errno; + krb5_set_error_message (context, ret, "open %s: %s", + fname, strerror(ret)); + if (newfname) + free(newfname); + return ret; + } + + ret = krb5_config_parse_debug (&f, res, &lineno, &str); + fclose(f.f); + if (ret) { + krb5_set_error_message (context, ret, "%s:%u: %s", + fname, lineno, str); + if (newfname) + free(newfname); + return ret; + } } - if (newfname) - free(newfname); return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_config_parse_file (krb5_context context, const char *fname, krb5_config_section **res) @@ -397,7 +554,7 @@ free_binding (krb5_context context, krb5_config_binding *b) * @ingroup krb5_support */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_config_file_free (krb5_context context, krb5_config_section *s) { free_binding (context, s); @@ -406,7 +563,7 @@ krb5_config_file_free (krb5_context context, krb5_config_section *s) #ifndef HEIMDAL_SMALLER -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_config_copy(krb5_context context, krb5_config_section *c, krb5_config_section **head) @@ -442,7 +599,7 @@ _krb5_config_copy(krb5_context context, #endif /* HEIMDAL_SMALLER */ -const void * +KRB5_LIB_FUNCTION const void * KRB5_LIB_CALL _krb5_config_get_next (krb5_context context, const krb5_config_section *c, const krb5_config_binding **pointer, @@ -481,7 +638,7 @@ vget_next(krb5_context context, return NULL; } -const void * +KRB5_LIB_FUNCTION const void * KRB5_LIB_CALL _krb5_config_vget_next (krb5_context context, const krb5_config_section *c, const krb5_config_binding **pointer, @@ -517,7 +674,7 @@ _krb5_config_vget_next (krb5_context context, return NULL; } -const void * +KRB5_LIB_FUNCTION const void * KRB5_LIB_CALL _krb5_config_get (krb5_context context, const krb5_config_section *c, int type, @@ -532,6 +689,7 @@ _krb5_config_get (krb5_context context, return ret; } + const void * _krb5_config_vget (krb5_context context, const krb5_config_section *c, @@ -555,7 +713,7 @@ _krb5_config_vget (krb5_context context, * @ingroup krb5_support */ -const krb5_config_binding * +KRB5_LIB_FUNCTION const krb5_config_binding * KRB5_LIB_CALL krb5_config_get_list (krb5_context context, const krb5_config_section *c, ...) @@ -581,7 +739,7 @@ krb5_config_get_list (krb5_context context, * @ingroup krb5_support */ -const krb5_config_binding * +KRB5_LIB_FUNCTION const krb5_config_binding * KRB5_LIB_CALL krb5_config_vget_list (krb5_context context, const krb5_config_section *c, va_list args) @@ -604,7 +762,7 @@ krb5_config_vget_list (krb5_context context, * @ingroup krb5_support */ -const char* KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_config_get_string (krb5_context context, const krb5_config_section *c, ...) @@ -630,7 +788,7 @@ krb5_config_get_string (krb5_context context, * @ingroup krb5_support */ -const char* KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_config_vget_string (krb5_context context, const krb5_config_section *c, va_list args) @@ -653,7 +811,7 @@ krb5_config_vget_string (krb5_context context, * @ingroup krb5_support */ -const char* KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_config_vget_string_default (krb5_context context, const krb5_config_section *c, const char *def_value, @@ -682,7 +840,7 @@ krb5_config_vget_string_default (krb5_context context, * @ingroup krb5_support */ -const char* KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_config_get_string_default (krb5_context context, const krb5_config_section *c, const char *def_value, @@ -710,7 +868,7 @@ krb5_config_get_string_default (krb5_context context, * @ingroup krb5_support */ -char ** KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION char ** KRB5_LIB_CALL krb5_config_vget_strings(krb5_context context, const krb5_config_section *c, va_list args) @@ -770,7 +928,7 @@ cleanup: * @ingroup krb5_support */ -char** +KRB5_LIB_FUNCTION char** KRB5_LIB_CALL krb5_config_get_strings(krb5_context context, const krb5_config_section *c, ...) @@ -792,7 +950,7 @@ krb5_config_get_strings(krb5_context context, * @ingroup krb5_support */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_config_free_strings(char **strings) { char **s = strings; @@ -821,7 +979,7 @@ krb5_config_free_strings(char **strings) * @ingroup krb5_support */ -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_config_vget_bool_default (krb5_context context, const krb5_config_section *c, krb5_boolean def_value, @@ -851,7 +1009,7 @@ krb5_config_vget_bool_default (krb5_context context, * @ingroup krb5_support */ -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_config_vget_bool (krb5_context context, const krb5_config_section *c, va_list args) @@ -875,7 +1033,7 @@ krb5_config_vget_bool (krb5_context context, * @ingroup krb5_support */ -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_config_get_bool_default (krb5_context context, const krb5_config_section *c, krb5_boolean def_value, @@ -905,7 +1063,7 @@ krb5_config_get_bool_default (krb5_context context, * @ingroup krb5_support */ -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_config_get_bool (krb5_context context, const krb5_config_section *c, ...) @@ -935,7 +1093,7 @@ krb5_config_get_bool (krb5_context context, * @ingroup krb5_support */ -int KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_config_vget_time_default (krb5_context context, const krb5_config_section *c, int def_value, @@ -964,10 +1122,10 @@ krb5_config_vget_time_default (krb5_context context, * @ingroup krb5_support */ -int KRB5_LIB_FUNCTION -krb5_config_vget_time(krb5_context context, - const krb5_config_section *c, - va_list args) +KRB5_LIB_FUNCTION int KRB5_LIB_CALL +krb5_config_vget_time (krb5_context context, + const krb5_config_section *c, + va_list args) { return krb5_config_vget_time_default (context, c, -1, args); } @@ -986,7 +1144,7 @@ krb5_config_vget_time(krb5_context context, * @ingroup krb5_support */ -int KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_config_get_time_default (krb5_context context, const krb5_config_section *c, int def_value, @@ -1012,7 +1170,7 @@ krb5_config_get_time_default (krb5_context context, * @ingroup krb5_support */ -int KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_config_get_time (krb5_context context, const krb5_config_section *c, ...) @@ -1026,7 +1184,7 @@ krb5_config_get_time (krb5_context context, } -int KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_config_vget_int_default (krb5_context context, const krb5_config_section *c, int def_value, @@ -1047,7 +1205,7 @@ krb5_config_vget_int_default (krb5_context context, } } -int KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_config_vget_int (krb5_context context, const krb5_config_section *c, va_list args) @@ -1055,7 +1213,7 @@ krb5_config_vget_int (krb5_context context, return krb5_config_vget_int_default (context, c, -1, args); } -int KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_config_get_int_default (krb5_context context, const krb5_config_section *c, int def_value, @@ -1069,7 +1227,7 @@ krb5_config_get_int_default (krb5_context context, return ret; } -int KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_config_get_int (krb5_context context, const krb5_config_section *c, ...) @@ -1085,10 +1243,17 @@ krb5_config_get_int (krb5_context context, #ifndef HEIMDAL_SMALLER +/** + * Deprecated: configuration files are not strings + * + * @ingroup krb5_deprecated + */ + +KRB5_DEPRECATED krb5_error_code KRB5_LIB_FUNCTION krb5_config_parse_string_multi(krb5_context context, const char *string, - krb5_config_section **res) KRB5_DEPRECATED + krb5_config_section **res) { const char *str; unsigned lineno = 0; diff --git a/source4/heimdal/lib/krb5/constants.c b/source4/heimdal/lib/krb5/constants.c index a3b3d09f41..b85f0cf607 100644 --- a/source4/heimdal/lib/krb5/constants.c +++ b/source4/heimdal/lib/krb5/constants.c @@ -3,6 +3,8 @@ * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -35,10 +37,17 @@ KRB5_LIB_VARIABLE const char *krb5_config_file = #ifdef __APPLE__ +"~/Library/Preferences/com.apple.Kerberos.plist:" +"/Library/Preferences/com.apple.Kerberos.plist:" "~/Library/Preferences/edu.mit.Kerberos:" "/Library/Preferences/edu.mit.Kerberos:" +#endif /* __APPLE__ */ +SYSCONFDIR "/krb5.conf" +#ifndef _WIN32 +":/etc/krb5.conf" #endif -SYSCONFDIR "/krb5.conf:/etc/krb5.conf"; +; + KRB5_LIB_VARIABLE const char *krb5_defkeyname = KEYTAB_DEFAULT; KRB5_LIB_VARIABLE const char *krb5_cc_type_api = "API"; diff --git a/source4/heimdal/lib/krb5/context.c b/source4/heimdal/lib/krb5/context.c index 12fc676010..dff7a700c4 100644 --- a/source4/heimdal/lib/krb5/context.c +++ b/source4/heimdal/lib/krb5/context.c @@ -3,6 +3,8 @@ * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -223,17 +225,50 @@ cc_ops_register(krb5_context context) context->cc_ops = NULL; context->num_cc_ops = 0; +#ifndef KCM_IS_API_CACHE krb5_cc_register(context, &krb5_acc_ops, TRUE); +#endif krb5_cc_register(context, &krb5_fcc_ops, TRUE); krb5_cc_register(context, &krb5_mcc_ops, TRUE); +#ifdef HAVE_SCC krb5_cc_register(context, &krb5_scc_ops, TRUE); +#endif #ifdef HAVE_KCM +#ifdef KCM_IS_API_CACHE + krb5_cc_register(context, &krb5_akcm_ops, TRUE); +#endif krb5_cc_register(context, &krb5_kcm_ops, TRUE); #endif return 0; } static krb5_error_code +cc_ops_copy(krb5_context context, const krb5_context src_context) +{ + const krb5_cc_ops **cc_ops; + + context->cc_ops = NULL; + context->num_cc_ops = 0; + + if (src_context->num_cc_ops == 0) + return 0; + + cc_ops = malloc(sizeof(cc_ops[0]) * src_context->num_cc_ops); + if (cc_ops == NULL) { + krb5_set_error_message(context, KRB5_CC_NOMEM, + N_("malloc: out of memory", "")); + return KRB5_CC_NOMEM; + } + + memcpy(cc_ops, src_context->cc_ops, + sizeof(cc_ops[0]) * src_context->num_cc_ops); + context->cc_ops = cc_ops; + context->num_cc_ops = src_context->num_cc_ops; + + return 0; +} + +static krb5_error_code kt_ops_register(krb5_context context) { context->num_kt_types = 0; @@ -250,6 +285,28 @@ kt_ops_register(krb5_context context) return 0; } +static krb5_error_code +kt_ops_copy(krb5_context context, const krb5_context src_context) +{ + context->num_kt_types = 0; + context->kt_types = NULL; + + if (src_context->num_kt_types == 0) + return 0; + + context->kt_types = malloc(sizeof(context->kt_types[0]) * src_context->num_kt_types); + if (context->kt_types == NULL) { + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); + return ENOMEM; + } + + context->num_kt_types = src_context->num_kt_types; + memcpy(context->kt_types, src_context->kt_types, + sizeof(context->kt_types[0]) * src_context->num_kt_types); + + return 0; +} /** * Initializes the context structure and reads the configuration file @@ -266,7 +323,7 @@ kt_ops_register(krb5_context context) * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_context(krb5_context *context) { krb5_context p; @@ -309,6 +366,8 @@ krb5_init_context(krb5_context *context) if (ret) goto out; #endif + if (rk_SOCK_INIT()) + p->flags |= KRB5_CTX_F_SOCKETS_INITIALIZED; out: if(ret) { @@ -359,7 +418,7 @@ copy_etypes (krb5_context context, * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_context(krb5_context context, krb5_context *out) { krb5_error_code ret; @@ -411,8 +470,9 @@ krb5_copy_context(krb5_context context, krb5_context *out) /* XXX should copy */ krb5_init_ets(p); - cc_ops_register(p); - kt_ops_register(p); + + cc_ops_copy(p, context); + kt_ops_copy(p, context); #if 0 /* XXX */ if(context->warn_dest != NULL) @@ -451,7 +511,7 @@ krb5_copy_context(krb5_context context, krb5_context *out) * @ingroup krb5 */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_context(krb5_context context) { if (context->default_cc_name) @@ -480,6 +540,9 @@ krb5_free_context(krb5_context context) HEIMDAL_MUTEX_destroy(context->mutex); free(context->mutex); + if (context->flags & KRB5_CTX_F_SOCKETS_INITIALIZED) { + rk_SOCK_EXIT(); + } memset(context, 0, sizeof(*context)); free(context); @@ -497,14 +560,14 @@ krb5_free_context(krb5_context context) * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_config_files(krb5_context context, char **filenames) { krb5_error_code ret; krb5_config_binding *tmp = NULL; while(filenames != NULL && *filenames != NULL && **filenames != '\0') { ret = krb5_config_parse_file_multi(context, *filenames, &tmp); - if(ret != 0 && ret != ENOENT && ret != EACCES) { + if(ret != 0 && ret != ENOENT && ret != EACCES && ret != EPERM) { krb5_config_file_free(context, tmp); return ret; } @@ -552,7 +615,7 @@ add_file(char ***pfilenames, int *len, char *file) * `pq' isn't free, it's up the the caller */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_prepend_config_files(const char *filelist, char **pq, char ***ret_pp) { krb5_error_code ret; @@ -617,7 +680,7 @@ krb5_prepend_config_files(const char *filelist, char **pq, char ***ret_pp) * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_prepend_config_files_default(const char *filelist, char ***pfilenames) { krb5_error_code ret; @@ -647,7 +710,7 @@ krb5_prepend_config_files_default(const char *filelist, char ***pfilenames) * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_default_config_files(char ***pfilenames) { const char *files = NULL; @@ -674,7 +737,7 @@ krb5_get_default_config_files(char ***pfilenames) * @ingroup krb5 */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_config_files(char **filenames) { char **p; @@ -696,7 +759,7 @@ krb5_free_config_files(char **filenames) * @ingroup krb5 */ -const krb5_enctype * KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION const krb5_enctype * KRB5_LIB_CALL krb5_kerberos_enctypes(krb5_context context) { static const krb5_enctype p[] = { @@ -757,7 +820,7 @@ default_etypes(krb5_context context, krb5_enctype **etype) * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_default_in_tkt_etypes(krb5_context context, const krb5_enctype *etypes) { @@ -799,7 +862,7 @@ krb5_set_default_in_tkt_etypes(krb5_context context, * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_default_in_tkt_etypes(krb5_context context, krb5_enctype **etypes) { @@ -833,7 +896,7 @@ krb5_get_default_in_tkt_etypes(krb5_context context, * @ingroup krb5 */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_init_ets(krb5_context context) { if(context->et_list == NULL){ @@ -868,7 +931,7 @@ krb5_init_ets(krb5_context context) * @ingroup krb5 */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_set_use_admin_kdc (krb5_context context, krb5_boolean flag) { context->use_admin_kdc = flag; @@ -884,7 +947,7 @@ krb5_set_use_admin_kdc (krb5_context context, krb5_boolean flag) * @ingroup krb5 */ -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_get_use_admin_kdc (krb5_context context) { return context->use_admin_kdc; @@ -903,7 +966,7 @@ krb5_get_use_admin_kdc (krb5_context context) * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_add_extra_addresses(krb5_context context, krb5_addresses *addresses) { @@ -927,7 +990,7 @@ krb5_add_extra_addresses(krb5_context context, krb5_addresses *addresses) * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_extra_addresses(krb5_context context, const krb5_addresses *addresses) { if(context->extra_addresses) @@ -963,7 +1026,7 @@ krb5_set_extra_addresses(krb5_context context, const krb5_addresses *addresses) * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_extra_addresses(krb5_context context, krb5_addresses *addresses) { if(context->extra_addresses == NULL) { @@ -986,7 +1049,7 @@ krb5_get_extra_addresses(krb5_context context, krb5_addresses *addresses) * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_add_ignore_addresses(krb5_context context, krb5_addresses *addresses) { @@ -1010,7 +1073,7 @@ krb5_add_ignore_addresses(krb5_context context, krb5_addresses *addresses) * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_ignore_addresses(krb5_context context, const krb5_addresses *addresses) { if(context->ignore_addresses) @@ -1045,7 +1108,7 @@ krb5_set_ignore_addresses(krb5_context context, const krb5_addresses *addresses) * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_ignore_addresses(krb5_context context, krb5_addresses *addresses) { if(context->ignore_addresses == NULL) { @@ -1067,7 +1130,7 @@ krb5_get_ignore_addresses(krb5_context context, krb5_addresses *addresses) * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_fcache_version(krb5_context context, int version) { context->fcache_vno = version; @@ -1086,7 +1149,7 @@ krb5_set_fcache_version(krb5_context context, int version) * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_fcache_version(krb5_context context, int *version) { *version = context->fcache_vno; @@ -1102,7 +1165,7 @@ krb5_get_fcache_version(krb5_context context, int *version) */ -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_is_thread_safe(void) { #ifdef ENABLE_PTHREAD_SUPPORT @@ -1121,7 +1184,7 @@ krb5_is_thread_safe(void) * @ingroup krb5 */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_set_dns_canonicalize_hostname (krb5_context context, krb5_boolean flag) { if (flag) @@ -1140,7 +1203,7 @@ krb5_set_dns_canonicalize_hostname (krb5_context context, krb5_boolean flag) * @ingroup krb5 */ -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_get_dns_canonicalize_hostname (krb5_context context) { return (context->flags & KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME) ? 1 : 0; @@ -1158,7 +1221,7 @@ krb5_get_dns_canonicalize_hostname (krb5_context context) * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_kdc_sec_offset (krb5_context context, int32_t *sec, int32_t *usec) { if (sec) @@ -1180,7 +1243,7 @@ krb5_get_kdc_sec_offset (krb5_context context, int32_t *sec, int32_t *usec) * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_kdc_sec_offset (krb5_context context, int32_t sec, int32_t usec) { context->kdc_sec_offset = sec; @@ -1199,7 +1262,7 @@ krb5_set_kdc_sec_offset (krb5_context context, int32_t sec, int32_t usec) * @ingroup krb5 */ -time_t KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION time_t KRB5_LIB_CALL krb5_get_max_time_skew (krb5_context context) { return context->max_skew; @@ -1214,7 +1277,7 @@ krb5_get_max_time_skew (krb5_context context) * @ingroup krb5 */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_set_max_time_skew (krb5_context context, time_t t) { context->max_skew = t; @@ -1234,7 +1297,7 @@ krb5_set_max_time_skew (krb5_context context, time_t t) * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_etype (krb5_context context, unsigned *len, krb5_enctype **val, @@ -1282,9 +1345,11 @@ _krb5_homedir_access(krb5_context context) { krb5_boolean allow; +#ifdef HAVE_GETEUID /* is never allowed for root */ if (geteuid() == 0) return FALSE; +#endif if (context && (context->flags & KRB5_CTX_F_HOMEDIR_ACCESS) == 0) return FALSE; diff --git a/source4/heimdal/lib/krb5/convert_creds.c b/source4/heimdal/lib/krb5/convert_creds.c index 35454bf983..aff843e785 100644 --- a/source4/heimdal/lib/krb5/convert_creds.c +++ b/source4/heimdal/lib/krb5/convert_creds.c @@ -58,7 +58,7 @@ check_ticket_flags(TicketFlags f) * @ingroup krb5_v4compat */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb524_convert_creds_kdc(krb5_context context, krb5_creds *in_cred, struct credentials *v4creds) @@ -132,10 +132,9 @@ krb524_convert_creds_kdc(krb5_context context, goto out; memcpy(v4creds->session, v5_creds->session.keyvalue.data, 8); } else { - krb5_set_error_message (context, ret, - N_("converting credentials: %s", - "already localized"), - krb5_get_err_text(context, ret)); + krb5_prepend_error_message(context, ret, + N_("converting credentials", + "already localized")); } out: krb5_storage_free(sp); @@ -161,7 +160,7 @@ out2: * @ingroup krb5_v4compat */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb524_convert_creds_kdc_ccache(krb5_context context, krb5_ccache ccache, krb5_creds *in_cred, diff --git a/source4/heimdal/lib/krb5/copy_host_realm.c b/source4/heimdal/lib/krb5/copy_host_realm.c index 7f19ddd3de..73bc117f12 100644 --- a/source4/heimdal/lib/krb5/copy_host_realm.c +++ b/source4/heimdal/lib/krb5/copy_host_realm.c @@ -46,7 +46,7 @@ * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_host_realm(krb5_context context, const krb5_realm *from, krb5_realm **to) diff --git a/source4/heimdal/lib/krb5/creds.c b/source4/heimdal/lib/krb5/creds.c index 6cc2714172..fd277148d5 100644 --- a/source4/heimdal/lib/krb5/creds.c +++ b/source4/heimdal/lib/krb5/creds.c @@ -45,7 +45,7 @@ * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_cred_contents (krb5_context context, krb5_creds *c) { krb5_free_principal (context, c->client); @@ -74,7 +74,7 @@ krb5_free_cred_contents (krb5_context context, krb5_creds *c) * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_creds_contents (krb5_context context, const krb5_creds *incred, krb5_creds *c) @@ -131,7 +131,7 @@ fail: * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_creds (krb5_context context, const krb5_creds *incred, krb5_creds **outcred) @@ -161,7 +161,7 @@ krb5_copy_creds (krb5_context context, * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_creds (krb5_context context, krb5_creds *c) { krb5_free_cred_contents (context, c); @@ -205,7 +205,7 @@ krb5_times_equal(const krb5_times *a, const krb5_times *b) * @ingroup krb5 */ -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_compare_creds(krb5_context context, krb5_flags whichfields, const krb5_creds * mcreds, const krb5_creds * creds) { diff --git a/source4/heimdal/lib/krb5/crypto.c b/source4/heimdal/lib/krb5/crypto.c index 745c856810..5906d43f5f 100644 --- a/source4/heimdal/lib/krb5/crypto.c +++ b/source4/heimdal/lib/krb5/crypto.c @@ -874,7 +874,7 @@ static struct key_type keytype_arcfour = { EVP_rc4 }; -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_salttype_to_string (krb5_context context, krb5_enctype etype, krb5_salttype stype, @@ -906,7 +906,7 @@ krb5_salttype_to_string (krb5_context context, return HEIM_ERR_SALTTYPE_NOSUPP; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_string_to_salttype (krb5_context context, krb5_enctype etype, const char *string, @@ -933,7 +933,7 @@ krb5_string_to_salttype (krb5_context context, return HEIM_ERR_SALTTYPE_NOSUPP; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_pw_salt(krb5_context context, krb5_const_principal principal, krb5_salt *salt) @@ -962,7 +962,7 @@ krb5_get_pw_salt(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_salt(krb5_context context, krb5_salt salt) { @@ -970,7 +970,7 @@ krb5_free_salt(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_string_to_key_data (krb5_context context, krb5_enctype enctype, krb5_data password, @@ -988,7 +988,7 @@ krb5_string_to_key_data (krb5_context context, return ret; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_string_to_key (krb5_context context, krb5_enctype enctype, const char *password, @@ -1001,7 +1001,7 @@ krb5_string_to_key (krb5_context context, return krb5_string_to_key_data(context, enctype, pw, principal, key); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_string_to_key_data_salt (krb5_context context, krb5_enctype enctype, krb5_data password, @@ -1020,7 +1020,7 @@ krb5_string_to_key_data_salt (krb5_context context, * `opaque'), returning the resulting key in `key' */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_string_to_key_data_salt_opaque (krb5_context context, krb5_enctype enctype, krb5_data password, @@ -1052,7 +1052,7 @@ krb5_string_to_key_data_salt_opaque (krb5_context context, * in `key' */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_string_to_key_salt (krb5_context context, krb5_enctype enctype, const char *password, @@ -1065,7 +1065,7 @@ krb5_string_to_key_salt (krb5_context context, return krb5_string_to_key_data_salt(context, enctype, pw, salt, key); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_string_to_key_salt_opaque (krb5_context context, krb5_enctype enctype, const char *password, @@ -1080,7 +1080,7 @@ krb5_string_to_key_salt_opaque (krb5_context context, pw, salt, opaque, key); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_enctype_keysize(krb5_context context, krb5_enctype type, size_t *keysize) @@ -1096,7 +1096,7 @@ krb5_enctype_keysize(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_enctype_keybits(krb5_context context, krb5_enctype type, size_t *keybits) @@ -1112,7 +1112,7 @@ krb5_enctype_keybits(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_generate_random_keyblock(krb5_context context, krb5_enctype type, krb5_keyblock *key) @@ -1439,7 +1439,7 @@ hmac(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_hmac(krb5_context context, krb5_cksumtype cktype, const void *data, @@ -1785,7 +1785,7 @@ arcfour_checksum_p(struct checksum_type *ct, krb5_crypto crypto) (crypto->key.key->keytype == KEYTYPE_ARCFOUR); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_create_checksum(krb5_context context, krb5_crypto crypto, krb5_key_usage usage, @@ -1897,7 +1897,7 @@ verify_checksum(krb5_context context, return ret; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_verify_checksum(krb5_context context, krb5_crypto crypto, krb5_key_usage usage, @@ -1926,7 +1926,7 @@ krb5_verify_checksum(krb5_context context, data, len, cksum); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_get_checksum_type(krb5_context context, krb5_crypto crypto, krb5_cksumtype *type) @@ -1951,7 +1951,7 @@ krb5_crypto_get_checksum_type(krb5_context context, } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_checksumsize(krb5_context context, krb5_cksumtype type, size_t *size) @@ -1967,7 +1967,7 @@ krb5_checksumsize(krb5_context context, return 0; } -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_checksum_is_keyed(krb5_context context, krb5_cksumtype type) { @@ -1982,7 +1982,7 @@ krb5_checksum_is_keyed(krb5_context context, return ct->flags & F_KEYED; } -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_checksum_is_collision_proof(krb5_context context, krb5_cksumtype type) { @@ -1997,7 +1997,7 @@ krb5_checksum_is_collision_proof(krb5_context context, return ct->flags & F_CPROOF; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_checksum_disable(krb5_context context, krb5_cksumtype type) { @@ -2724,7 +2724,7 @@ _find_enctype(krb5_enctype type) } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_enctype_to_string(krb5_context context, krb5_enctype etype, char **string) @@ -2746,7 +2746,7 @@ krb5_enctype_to_string(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_string_to_enctype(krb5_context context, const char *string, krb5_enctype *etype) @@ -2763,7 +2763,7 @@ krb5_string_to_enctype(krb5_context context, return KRB5_PROG_ETYPE_NOSUPP; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_enctype_to_keytype(krb5_context context, krb5_enctype etype, krb5_keytype *keytype) @@ -2779,7 +2779,7 @@ krb5_enctype_to_keytype(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_enctype_valid(krb5_context context, krb5_enctype etype) { @@ -2812,7 +2812,7 @@ krb5_enctype_valid(krb5_context context, */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cksumtype_to_enctype(krb5_context context, krb5_cksumtype ctype, krb5_enctype *etype) @@ -2837,7 +2837,7 @@ krb5_cksumtype_to_enctype(krb5_context context, } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cksumtype_valid(krb5_context context, krb5_cksumtype ctype) { @@ -3265,7 +3265,7 @@ find_iv(krb5_crypto_iov *data, int num_data, int type) * 4. KRB5_CRYPTO_TYPE_TRAILER */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_encrypt_iov_ivec(krb5_context context, krb5_crypto crypto, unsigned usage, @@ -3458,7 +3458,7 @@ krb5_encrypt_iov_ivec(krb5_context context, * size as the input data or shorter. */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decrypt_iov_ivec(krb5_context context, krb5_crypto crypto, unsigned usage, @@ -3606,7 +3606,7 @@ krb5_decrypt_iov_ivec(krb5_context context, * @ingroup krb5_crypto */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_create_checksum_iov(krb5_context context, krb5_crypto crypto, unsigned usage, @@ -3689,7 +3689,7 @@ krb5_create_checksum_iov(krb5_context context, * @ingroup krb5_crypto */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_verify_checksum_iov(krb5_context context, krb5_crypto crypto, unsigned usage, @@ -3751,7 +3751,7 @@ krb5_verify_checksum_iov(krb5_context context, } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_length(krb5_context context, krb5_crypto crypto, int type, @@ -3795,7 +3795,7 @@ krb5_crypto_length(krb5_context context, } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_length_iov(krb5_context context, krb5_crypto crypto, krb5_crypto_iov *data, @@ -3815,7 +3815,7 @@ krb5_crypto_length_iov(krb5_context context, } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_encrypt_ivec(krb5_context context, krb5_crypto crypto, unsigned usage, @@ -3834,7 +3834,7 @@ krb5_encrypt_ivec(krb5_context context, return encrypt_internal(context, crypto, data, len, result, ivec); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_encrypt(krb5_context context, krb5_crypto crypto, unsigned usage, @@ -3845,7 +3845,7 @@ krb5_encrypt(krb5_context context, return krb5_encrypt_ivec(context, crypto, usage, data, len, result, NULL); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_encrypt_EncryptedData(krb5_context context, krb5_crypto crypto, unsigned usage, @@ -3863,7 +3863,7 @@ krb5_encrypt_EncryptedData(krb5_context context, return krb5_encrypt(context, crypto, usage, data, len, &result->cipher); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decrypt_ivec(krb5_context context, krb5_crypto crypto, unsigned usage, @@ -3882,7 +3882,7 @@ krb5_decrypt_ivec(krb5_context context, return decrypt_internal(context, crypto, data, len, result, ivec); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decrypt(krb5_context context, krb5_crypto crypto, unsigned usage, @@ -3894,7 +3894,7 @@ krb5_decrypt(krb5_context context, NULL); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decrypt_EncryptedData(krb5_context context, krb5_crypto crypto, unsigned usage, @@ -3936,6 +3936,7 @@ seed_something(void) /* Calling RAND_status() will try to use /dev/urandom if it exists so we do not have to deal with it. */ if (RAND_status() != 1) { +#ifndef _WIN32 krb5_context context; const char *p; @@ -3947,6 +3948,10 @@ seed_something(void) RAND_egd_bytes(p, ENTROPY_NEEDED); krb5_free_context(context); } +#else + /* TODO: Once a Windows CryptoAPI RAND method is defined, we + can use that and failover to another method. */ +#endif } if (RAND_status() == 1) { @@ -3959,7 +3964,7 @@ seed_something(void) return -1; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_generate_random_block(void *buf, size_t len) { static int rng_initialized = 0; @@ -4083,7 +4088,7 @@ _new_derived_key(krb5_crypto crypto, unsigned usage) return &d->key; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_derive_key(krb5_context context, const krb5_keyblock *key, krb5_enctype etype, @@ -4162,7 +4167,7 @@ _get_derived_key(krb5_context context, * @ingroup krb5_crypto */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_init(krb5_context context, const krb5_keyblock *key, krb5_enctype etype, @@ -4244,7 +4249,7 @@ free_key_usage(krb5_context context, struct key_usage *ku, * @ingroup krb5_crypto */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_destroy(krb5_context context, krb5_crypto crypto) { @@ -4270,7 +4275,7 @@ krb5_crypto_destroy(krb5_context context, * @ingroup krb5_crypto */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_getblocksize(krb5_context context, krb5_crypto crypto, size_t *blocksize) @@ -4291,7 +4296,7 @@ krb5_crypto_getblocksize(krb5_context context, * @ingroup krb5_crypto */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_getenctype(krb5_context context, krb5_crypto crypto, krb5_enctype *enctype) @@ -4312,7 +4317,7 @@ krb5_crypto_getenctype(krb5_context context, * @ingroup krb5_crypto */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_getpadsize(krb5_context context, krb5_crypto crypto, size_t *padsize) @@ -4333,7 +4338,7 @@ krb5_crypto_getpadsize(krb5_context context, * @ingroup krb5_crypto */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_getconfoundersize(krb5_context context, krb5_crypto crypto, size_t *confoundersize) @@ -4354,7 +4359,7 @@ krb5_crypto_getconfoundersize(krb5_context context, * @ingroup krb5_crypto */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_enctype_disable(krb5_context context, krb5_enctype enctype) { @@ -4381,7 +4386,7 @@ krb5_enctype_disable(krb5_context context, * @ingroup krb5_crypto */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_enctype_enable(krb5_context context, krb5_enctype enctype) { @@ -4398,7 +4403,7 @@ krb5_enctype_enable(krb5_context context, } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_string_to_key_derived(krb5_context context, const void *str, size_t len, @@ -4570,7 +4575,7 @@ krb5_crypto_overhead (krb5_context context, krb5_crypto crypto) * @ingroup krb5_crypto */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_random_to_key(krb5_context context, krb5_enctype type, const void *data, @@ -4862,7 +4867,7 @@ _krb5_pk_kdf(krb5_context context, } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_prf_length(krb5_context context, krb5_enctype type, size_t *length) @@ -4880,7 +4885,7 @@ krb5_crypto_prf_length(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_prf(krb5_context context, const krb5_crypto crypto, const krb5_data *input, @@ -4971,7 +4976,7 @@ krb5_crypto_prfplus(krb5_context context, * @ingroup krb5_crypto */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_fx_cf2(krb5_context context, const krb5_crypto crypto1, const krb5_crypto crypto2, @@ -5019,12 +5024,18 @@ krb5_crypto_fx_cf2(krb5_context context, #ifndef HEIMDAL_SMALLER -krb5_error_code KRB5_LIB_FUNCTION +/** + * Deprecated: keytypes doesn't exists, they are really enctypes. + * + * @ingroup krb5_deprecated + */ + +KRB5_DEPRECATED +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_keytype_to_enctypes (krb5_context context, krb5_keytype keytype, unsigned *len, krb5_enctype **val) - KRB5_DEPRECATED { int i; unsigned n = 0; @@ -5059,12 +5070,18 @@ krb5_keytype_to_enctypes (krb5_context context, return 0; } +/** + * Deprecated: keytypes doesn't exists, they are really enctypes. + * + * @ingroup krb5_deprecated + */ + /* if two enctypes have compatible keys */ -krb5_boolean KRB5_LIB_FUNCTION +KRB5_DEPRECATED +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_enctypes_compatible_keys(krb5_context context, krb5_enctype etype1, krb5_enctype etype2) - KRB5_DEPRECATED { struct encryption_type *e1 = _find_enctype(etype1); struct encryption_type *e2 = _find_enctype(etype2); diff --git a/source4/heimdal/lib/krb5/data.c b/source4/heimdal/lib/krb5/data.c index 993d6058bf..838135ffad 100644 --- a/source4/heimdal/lib/krb5/data.c +++ b/source4/heimdal/lib/krb5/data.c @@ -41,7 +41,7 @@ * @ingroup krb5 */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_data_zero(krb5_data *p) { p->length = 0; @@ -59,7 +59,7 @@ krb5_data_zero(krb5_data *p) * @ingroup krb5 */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_data_free(krb5_data *p) { if(p->data != NULL) @@ -76,7 +76,7 @@ krb5_data_free(krb5_data *p) * @ingroup krb5 */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_data(krb5_context context, krb5_data *p) { @@ -96,7 +96,7 @@ krb5_free_data(krb5_context context, * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_data_alloc(krb5_data *p, int len) { p->data = malloc(len); @@ -118,7 +118,7 @@ krb5_data_alloc(krb5_data *p, int len) * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_data_realloc(krb5_data *p, int len) { void *tmp; @@ -143,7 +143,7 @@ krb5_data_realloc(krb5_data *p, int len) * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_data_copy(krb5_data *p, const void *data, size_t len) { if (len) { @@ -169,7 +169,7 @@ krb5_data_copy(krb5_data *p, const void *data, size_t len) * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_data(krb5_context context, const krb5_data *indata, krb5_data **outdata) @@ -200,7 +200,7 @@ krb5_copy_data(krb5_context context, * @ingroup krb5 */ -int KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_data_cmp(const krb5_data *data1, const krb5_data *data2) { if (data1->length != data2->length) diff --git a/source4/heimdal/lib/krb5/eai_to_heim_errno.c b/source4/heimdal/lib/krb5/eai_to_heim_errno.c index 499150f469..ef11e370f4 100644 --- a/source4/heimdal/lib/krb5/eai_to_heim_errno.c +++ b/source4/heimdal/lib/krb5/eai_to_heim_errno.c @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -#include <krb5_locl.h> +#include "krb5_locl.h" /** * Convert the getaddrinfo() error code to a Kerberos et error code. @@ -44,7 +44,7 @@ * @ingroup krb5_error */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_eai_to_heim_errno(int eai_errno, int system_error) { switch(eai_errno) { @@ -74,8 +74,10 @@ krb5_eai_to_heim_errno(int eai_errno, int system_error) return HEIM_EAI_SERVICE; case EAI_SOCKTYPE: return HEIM_EAI_SOCKTYPE; +#ifdef EAI_SYSTEM case EAI_SYSTEM: return system_error; +#endif default: return HEIM_EAI_UNKNOWN; /* XXX */ } @@ -92,7 +94,7 @@ krb5_eai_to_heim_errno(int eai_errno, int system_error) * @ingroup krb5_error */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_h_errno_to_heim_errno(int eai_errno) { switch(eai_errno) { diff --git a/source4/heimdal/lib/krb5/error_string.c b/source4/heimdal/lib/krb5/error_string.c index d2661dcaf5..adab6f5e84 100644 --- a/source4/heimdal/lib/krb5/error_string.c +++ b/source4/heimdal/lib/krb5/error_string.c @@ -44,7 +44,7 @@ * @ingroup krb5_error */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_clear_error_message(krb5_context context) { HEIMDAL_MUTEX_lock(context->mutex); @@ -67,7 +67,7 @@ krb5_clear_error_message(krb5_context context) * @ingroup krb5_error */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_set_error_message(krb5_context context, krb5_error_code ret, const char *fmt, ...) __attribute__ ((format (printf, 3, 4))) @@ -91,7 +91,7 @@ krb5_set_error_message(krb5_context context, krb5_error_code ret, */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_vset_error_message (krb5_context context, krb5_error_code ret, const char *fmt, va_list args) __attribute__ ((format (printf, 3, 0))) @@ -124,7 +124,7 @@ krb5_prepend_error_message(krb5_context context, krb5_error_code ret, va_list ap; va_start(ap, fmt); - krb5_vset_error_message (context, ret, fmt, ap); + krb5_vprepend_error_message(context, ret, fmt, ap); va_end(ap); } @@ -140,8 +140,8 @@ krb5_prepend_error_message(krb5_context context, krb5_error_code ret, */ void KRB5_LIB_FUNCTION -krb5_vprepend_error_message (krb5_context context, krb5_error_code ret, - const char *fmt, va_list args) +krb5_vprepend_error_message(krb5_context context, krb5_error_code ret, + const char *fmt, va_list args) __attribute__ ((format (printf, 3, 0))) { char *str, *str2; @@ -179,7 +179,7 @@ krb5_vprepend_error_message (krb5_context context, krb5_error_code ret, * @ingroup krb5_error */ -char * KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION char * KRB5_LIB_CALL krb5_get_error_string(krb5_context context) { char *ret = NULL; @@ -191,7 +191,7 @@ krb5_get_error_string(krb5_context context) return ret; } -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_have_error_string(krb5_context context) { char *str; @@ -214,7 +214,7 @@ krb5_have_error_string(krb5_context context) * @ingroup krb5_error */ -const char * KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL krb5_get_error_message(krb5_context context, krb5_error_code code) { char *str; @@ -258,7 +258,7 @@ krb5_get_error_message(krb5_context context, krb5_error_code code) * @ingroup krb5_error */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_error_message(krb5_context context, const char *msg) { free(rk_UNCONST(msg)); @@ -279,8 +279,9 @@ krb5_free_error_message(krb5_context context, const char *msg) * @ingroup krb5 */ -const char* KRB5_LIB_FUNCTION -krb5_get_err_text(krb5_context context, krb5_error_code code) KRB5_DEPRECATED +KRB5_DEPRECATED +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL +krb5_get_err_text(krb5_context context, krb5_error_code code) { const char *p = NULL; if(context != NULL) diff --git a/source4/heimdal/lib/krb5/expand_hostname.c b/source4/heimdal/lib/krb5/expand_hostname.c index 67988d0d7b..7b638d5f01 100644 --- a/source4/heimdal/lib/krb5/expand_hostname.c +++ b/source4/heimdal/lib/krb5/expand_hostname.c @@ -63,7 +63,7 @@ copy_hostname(krb5_context context, * @ingroup krb5_support */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_expand_hostname (krb5_context context, const char *orig_hostname, char **new_hostname) @@ -140,7 +140,7 @@ vanilla_hostname (krb5_context context, * @ingroup krb5_support */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_expand_hostname_realms (krb5_context context, const char *orig_hostname, char **new_hostname, diff --git a/source4/heimdal/lib/krb5/fcache.c b/source4/heimdal/lib/krb5/fcache.c index bec37b2913..67c4c74444 100644 --- a/source4/heimdal/lib/krb5/fcache.c +++ b/source4/heimdal/lib/krb5/fcache.c @@ -3,6 +3,8 @@ * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -97,7 +99,7 @@ _krb5_xlock(krb5_context context, int fd, krb5_boolean exclusive, break; default: { char buf[128]; - strerror_r(ret, buf, sizeof(buf)); + rk_strerror_r(ret, buf, sizeof(buf)); krb5_set_error_message(context, ret, N_("error locking cache file %s: %s", "file, error"), filename, buf); @@ -131,7 +133,7 @@ _krb5_xunlock(krb5_context context, int fd) break; default: { char buf[128]; - strerror_r(ret, buf, sizeof(buf)); + rk_strerror_r(ret, buf, sizeof(buf)); krb5_set_error_message(context, ret, N_("Failed to unlock file: %s", ""), buf); break; @@ -224,7 +226,11 @@ scrub_file (int fd) return errno; pos -= tmp; } +#ifdef _MSC_VER + _commit (fd); +#else fsync (fd); +#endif return 0; } @@ -318,6 +324,22 @@ fcc_gen_new(krb5_context context, krb5_ccache *id) N_("malloc: out of memory", "")); return KRB5_CC_NOMEM; } +#ifdef KRB5_USE_PATH_TOKENS + { + char * exp_file = NULL; + krb5_error_code ec; + + ec = _krb5_expand_path_tokens(context, file, &exp_file); + + if (ec == 0) { + free(file); + file = exp_file; + } else { + free(file); + return ec; + } + } +#endif fd = mkstemp(file); if(fd < 0) { int ret = errno; @@ -374,18 +396,10 @@ fcc_open(krb5_context context, fd = open(filename, flags, mode); if(fd < 0) { char buf[128]; - char *estr; ret = errno; - buf[0] = 0; - estr = (char *)strerror_r(ret, buf, sizeof(buf)); - if (buf[0] != 0) { - /* we've got the BSD/XSI strerror_r, and it use the - * buffer. Otherwise we have the GNU strerror_r, and - * it used a static string. Ain't standards great? */ - estr = buf; - } + rk_strerror_r(ret, buf, sizeof(buf)); krb5_set_error_message(context, ret, N_("open(%s): %s", "file, error"), - filename, estr); + filename, buf); return ret; } rk_cloexec(fd); @@ -447,7 +461,7 @@ fcc_initialize(krb5_context context, if (ret == 0) { char buf[128]; ret = errno; - strerror_r(ret, buf, sizeof(buf)); + rk_strerror_r(ret, buf, sizeof(buf)); krb5_set_error_message (context, ret, N_("close %s: %s", ""), FILENAME(id), buf); } @@ -502,7 +516,7 @@ fcc_store_cred(krb5_context context, if (close(fd) < 0) { if (ret == 0) { char buf[128]; - strerror_r(ret, buf, sizeof(buf)); + rk_strerror_r(ret, buf, sizeof(buf)); ret = errno; krb5_set_error_message (context, ret, N_("close %s: %s", ""), FILENAME(id), buf); @@ -515,13 +529,17 @@ static krb5_error_code init_fcc (krb5_context context, krb5_ccache id, krb5_storage **ret_sp, - int *ret_fd) + int *ret_fd, + krb5_deltat *kdc_offset) { int fd; int8_t pvno, tag; krb5_storage *sp; krb5_error_code ret; + if (kdc_offset) + *kdc_offset = 0; + ret = fcc_open(context, id, &fd, O_RDONLY | O_BINARY | O_CLOEXEC, 0); if(ret) return ret; @@ -597,8 +615,11 @@ init_fcc (krb5_context context, goto out; } switch (dtag) { - case FCC_TAG_DELTATIME : - ret = krb5_ret_int32 (sp, &context->kdc_sec_offset); + case FCC_TAG_DELTATIME : { + int32_t offset; + + ret = krb5_ret_int32 (sp, &offset); + ret |= krb5_ret_int32 (sp, &context->kdc_usec_offset); if(ret) { ret = KRB5_CC_FORMAT; krb5_set_error_message(context, ret, @@ -607,16 +628,11 @@ init_fcc (krb5_context context, FILENAME(id)); goto out; } - ret = krb5_ret_int32 (sp, &context->kdc_usec_offset); - if(ret) { - ret = KRB5_CC_FORMAT; - krb5_set_error_message(context, ret, - N_("Error reading kdc_usec in " - "cache file: %s", ""), - FILENAME(id)); - goto out; - } + context->kdc_sec_offset = offset; + if (kdc_offset) + *kdc_offset = offset; break; + } default : for (i = 0; i < data_len; ++i) { ret = krb5_ret_int8 (sp, &dummy); @@ -668,7 +684,7 @@ fcc_get_principal(krb5_context context, int fd; krb5_storage *sp; - ret = init_fcc (context, id, &sp, &fd); + ret = init_fcc (context, id, &sp, &fd, NULL); if (ret) return ret; ret = krb5_ret_principal(sp, principal); @@ -701,7 +717,7 @@ fcc_get_first (krb5_context context, memset(*cursor, 0, sizeof(struct fcc_cursor)); ret = init_fcc (context, id, &FCC_CURSOR(*cursor)->sp, - &FCC_CURSOR(*cursor)->fd); + &FCC_CURSOR(*cursor)->fd, NULL); if (ret) { free(*cursor); *cursor = NULL; @@ -871,7 +887,17 @@ fcc_get_cache_next(krb5_context context, krb5_cc_cursor cursor, krb5_ccache *id) return ret; fn = expandedfn; } + /* check if file exists, don't return a non existant "next" */ + if (strncasecmp(fn, "FILE:", 5) == 0) { + struct stat sb; + ret = stat(fn + 5, &sb); + if (ret) { + ret = KRB5_CC_END; + goto out; + } + } ret = krb5_cc_resolve(context, fn, id); + out: if (expandedfn) free(expandedfn); @@ -892,10 +918,19 @@ fcc_move(krb5_context context, krb5_ccache from, krb5_ccache to) krb5_error_code ret = 0; ret = rename(FILENAME(from), FILENAME(to)); +#ifdef RENAME_DOES_NOT_UNLINK + if (ret && (errno == EEXIST || errno == EACCES)) { + ret = unlink(FILENAME(to)); + if (ret == 0) { + ret = rename(FILENAME(from), FILENAME(to)); + } + } +#endif + if (ret && errno != EXDEV) { char buf[128]; ret = errno; - strerror_r(ret, buf, sizeof(buf)); + rk_strerror_r(ret, buf, sizeof(buf)); krb5_set_error_message(context, ret, N_("Rename of file from %s " "to %s failed: %s", ""), @@ -955,14 +990,14 @@ fcc_move(krb5_context context, krb5_ccache from, krb5_ccache to) { krb5_storage *sp; int fd; - ret = init_fcc (context, to, &sp, &fd); + ret = init_fcc (context, to, &sp, &fd, NULL); if (sp) krb5_storage_free(sp); fcc_unlock(context, fd); close(fd); } - fcc_destroy(context, from); + fcc_close(context, from); return ret; } @@ -996,6 +1031,28 @@ fcc_lastchange(krb5_context context, krb5_ccache id, krb5_timestamp *mtime) return 0; } +static krb5_error_code +fcc_set_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat kdc_offset) +{ + return 0; +} + +static krb5_error_code +fcc_get_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat *kdc_offset) +{ + krb5_error_code ret; + krb5_storage *sp; + int fd; + ret = init_fcc(context, id, &sp, &fd, kdc_offset); + if (sp) + krb5_storage_free(sp); + fcc_unlock(context, fd); + close(fd); + + return ret; +} + + /** * Variable containing the FILE based credential cache implemention. * @@ -1026,5 +1083,7 @@ KRB5_LIB_VARIABLE const krb5_cc_ops krb5_fcc_ops = { fcc_move, fcc_get_default_name, NULL, - fcc_lastchange + fcc_lastchange, + fcc_set_kdc_offset, + fcc_get_kdc_offset }; diff --git a/source4/heimdal/lib/krb5/free.c b/source4/heimdal/lib/krb5/free.c index 7f4374374b..5bb33b443c 100644 --- a/source4/heimdal/lib/krb5/free.c +++ b/source4/heimdal/lib/krb5/free.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_kdc_rep(krb5_context context, krb5_kdc_rep *rep) { free_KDC_REP(&rep->kdc_rep); @@ -43,7 +43,7 @@ krb5_free_kdc_rep(krb5_context context, krb5_kdc_rep *rep) return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_xfree (void *ptr) { free (ptr); diff --git a/source4/heimdal/lib/krb5/free_host_realm.c b/source4/heimdal/lib/krb5/free_host_realm.c index f6e9f6e247..0932674e9b 100644 --- a/source4/heimdal/lib/krb5/free_host_realm.c +++ b/source4/heimdal/lib/krb5/free_host_realm.c @@ -44,7 +44,7 @@ * @ingroup krb5_support */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_host_realm(krb5_context context, krb5_realm *realmlist) { diff --git a/source4/heimdal/lib/krb5/generate_seq_number.c b/source4/heimdal/lib/krb5/generate_seq_number.c index b7bd8b99f8..575f842d8b 100644 --- a/source4/heimdal/lib/krb5/generate_seq_number.c +++ b/source4/heimdal/lib/krb5/generate_seq_number.c @@ -31,9 +31,9 @@ * SUCH DAMAGE. */ -#include <krb5_locl.h> +#include "krb5_locl.h" -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_generate_seq_number(krb5_context context, const krb5_keyblock *key, uint32_t *seqno) diff --git a/source4/heimdal/lib/krb5/generate_subkey.c b/source4/heimdal/lib/krb5/generate_subkey.c index 003a66ac01..e09dc2a916 100644 --- a/source4/heimdal/lib/krb5/generate_subkey.c +++ b/source4/heimdal/lib/krb5/generate_subkey.c @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -#include <krb5_locl.h> +#include "krb5_locl.h" /** * Generate subkey, from keyblock @@ -46,7 +46,7 @@ * @ingroup krb5_crypto */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_generate_subkey_extended(krb5_context context, const krb5_keyblock *key, krb5_enctype etype, diff --git a/source4/heimdal/lib/krb5/get_addrs.c b/source4/heimdal/lib/krb5/get_addrs.c index 8f366fa148..829b2acc17 100644 --- a/source4/heimdal/lib/krb5/get_addrs.c +++ b/source4/heimdal/lib/krb5/get_addrs.c @@ -266,7 +266,7 @@ get_addrs_int (krb5_context context, krb5_addresses *res, int flags) * Only include loopback address if there are no other. */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_all_client_addrs (krb5_context context, krb5_addresses *res) { int flags = LOOP_IF_NONE | EXTRA_ADDRESSES; @@ -282,7 +282,7 @@ krb5_get_all_client_addrs (krb5_context context, krb5_addresses *res) * If that fails, we return the address corresponding to `hostname'. */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_all_server_addrs (krb5_context context, krb5_addresses *res) { return get_addrs_int (context, res, LOOP | SCAN_INTERFACES); diff --git a/source4/heimdal/lib/krb5/get_cred.c b/source4/heimdal/lib/krb5/get_cred.c index e921cf0593..3d76391fa8 100644 --- a/source4/heimdal/lib/krb5/get_cred.c +++ b/source4/heimdal/lib/krb5/get_cred.c @@ -3,6 +3,8 @@ * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -31,7 +33,7 @@ * SUCH DAMAGE. */ -#include <krb5_locl.h> +#include "krb5_locl.h" #include <assert.h> /* @@ -606,7 +608,7 @@ get_cred_kdc_address(krb5_context context, return ret; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_kdc_cred(krb5_context context, krb5_ccache id, krb5_kdc_flags flags, @@ -1037,6 +1039,13 @@ _krb5_get_cred_kdc_any(krb5_context context, krb5_creds ***ret_tgts) { krb5_error_code ret; + krb5_deltat offset; + + ret = krb5_cc_get_kdc_offset(context, ccache, &offset); + if (ret) { + context->kdc_sec_offset = offset; + context->kdc_usec_offset = 0; + } ret = get_cred_kdc_referral(context, flags, @@ -1059,7 +1068,7 @@ _krb5_get_cred_kdc_any(krb5_context context, } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_credentials_with_flags(krb5_context context, krb5_flags options, krb5_kdc_flags flags, @@ -1145,7 +1154,7 @@ krb5_get_credentials_with_flags(krb5_context context, return ret; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_credentials(krb5_context context, krb5_flags options, krb5_ccache ccache, @@ -1166,7 +1175,7 @@ struct krb5_get_creds_opt_data { }; -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_creds_opt_alloc(krb5_context context, krb5_get_creds_opt *opt) { *opt = calloc(1, sizeof(**opt)); @@ -1178,7 +1187,7 @@ krb5_get_creds_opt_alloc(krb5_context context, krb5_get_creds_opt *opt) return 0; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_creds_opt_free(krb5_context context, krb5_get_creds_opt opt) { if (opt->self) @@ -1191,7 +1200,7 @@ krb5_get_creds_opt_free(krb5_context context, krb5_get_creds_opt opt) free(opt); } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_creds_opt_set_options(krb5_context context, krb5_get_creds_opt opt, krb5_flags options) @@ -1199,7 +1208,7 @@ krb5_get_creds_opt_set_options(krb5_context context, opt->options = options; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_creds_opt_add_options(krb5_context context, krb5_get_creds_opt opt, krb5_flags options) @@ -1207,7 +1216,7 @@ krb5_get_creds_opt_add_options(krb5_context context, opt->options |= options; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_creds_opt_set_enctype(krb5_context context, krb5_get_creds_opt opt, krb5_enctype enctype) @@ -1215,7 +1224,7 @@ krb5_get_creds_opt_set_enctype(krb5_context context, opt->enctype = enctype; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_creds_opt_set_impersonate(krb5_context context, krb5_get_creds_opt opt, krb5_const_principal self) @@ -1225,7 +1234,7 @@ krb5_get_creds_opt_set_impersonate(krb5_context context, return krb5_copy_principal(context, self, &opt->self); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_creds_opt_set_ticket(krb5_context context, krb5_get_creds_opt opt, const Ticket *ticket) @@ -1258,7 +1267,7 @@ krb5_get_creds_opt_set_ticket(krb5_context context, -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_creds(krb5_context context, krb5_get_creds_opt opt, krb5_ccache ccache, @@ -1325,14 +1334,14 @@ krb5_get_creds(krb5_context context, if(options & KRB5_GC_EXPIRED_OK) { *out_creds = res_creds; krb5_free_principal(context, in_creds.client); - return 0; + goto out; } krb5_timeofday(context, &timeret); if(res_creds->times.endtime > timeret) { *out_creds = res_creds; krb5_free_principal(context, in_creds.client); - return 0; + goto out; } if(options & KRB5_GC_CACHED) krb5_cc_remove_cred(context, ccache, 0, res_creds); @@ -1340,12 +1349,13 @@ krb5_get_creds(krb5_context context, } else if(ret != KRB5_CC_END) { free(res_creds); krb5_free_principal(context, in_creds.client); - return ret; + goto out; } free(res_creds); if(options & KRB5_GC_CACHED) { krb5_free_principal(context, in_creds.client); - return not_found(context, in_creds.server, KRB5_CC_NOTFOUND); + ret = not_found(context, in_creds.server, KRB5_CC_NOTFOUND); + goto out; } if(options & KRB5_GC_USER_USER) { flags.b.enc_tkt_in_skey = 1; @@ -1374,6 +1384,10 @@ krb5_get_creds(krb5_context context, free(tgts); if(ret == 0 && (options & KRB5_GC_NO_STORE) == 0) krb5_cc_store_cred(context, ccache, *out_creds); + + out: + _krb5_debug(context, 5, "krb5_get_creds: ret = %d", ret); + return ret; } @@ -1381,7 +1395,7 @@ krb5_get_creds(krb5_context context, * */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_renewed_creds(krb5_context context, krb5_creds *creds, krb5_const_principal client, diff --git a/source4/heimdal/lib/krb5/get_default_principal.c b/source4/heimdal/lib/krb5/get_default_principal.c index 82d0642934..539dedfa47 100644 --- a/source4/heimdal/lib/krb5/get_default_principal.c +++ b/source4/heimdal/lib/krb5/get_default_principal.c @@ -48,6 +48,8 @@ get_env_user(void) return user; } +#ifndef _WIN32 + /* * Will only use operating-system dependant operation to get the * default principal, for use of functions that in ccache layer to @@ -93,7 +95,58 @@ _krb5_get_default_principal_local (krb5_context context, return ret; } -krb5_error_code KRB5_LIB_FUNCTION +#else /* _WIN32 */ + +#define SECURITY_WIN32 +#include <security.h> + +krb5_error_code +_krb5_get_default_principal_local(krb5_context context, + krb5_principal *princ) +{ + krb5_error_code ret = 0; + + /* See if we can get the principal first. We only expect this to + work if logged into a domain. */ + { + char username[1024]; + ULONG sz = sizeof(username); + + if (GetUserNameEx(NameUserPrincipal, username, &sz)) { + return krb5_parse_name_flags(context, username, + KRB5_PRINCIPAL_PARSE_ENTERPRISE, + princ); + } + } + + /* Just get the Windows username. This should pretty much always + work. */ + { + char username[1024]; + DWORD dsz = sizeof(username); + + if (GetUserName(username, &dsz)) { + return krb5_make_principal(context, princ, NULL, username, NULL); + } + } + + /* Failing that, we look at the environment */ + { + const char * username = get_env_user(); + + if (username == NULL) { + krb5_set_error_string(context, + "unable to figure out current principal"); + return ENOTTY; /* Really? */ + } + + return krb5_make_principal(context, princ, NULL, username, NULL); + } +} + +#endif + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_default_principal (krb5_context context, krb5_principal *princ) { diff --git a/source4/heimdal/lib/krb5/get_default_realm.c b/source4/heimdal/lib/krb5/get_default_realm.c index f09df264c1..2a4933a62a 100644 --- a/source4/heimdal/lib/krb5/get_default_realm.c +++ b/source4/heimdal/lib/krb5/get_default_realm.c @@ -38,7 +38,7 @@ * Free this memory with krb5_free_host_realm. */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_default_realms (krb5_context context, krb5_realm **realms) { @@ -57,7 +57,7 @@ krb5_get_default_realms (krb5_context context, * Return the first default realm. For compatibility. */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_default_realm(krb5_context context, krb5_realm *realm) { diff --git a/source4/heimdal/lib/krb5/get_for_creds.c b/source4/heimdal/lib/krb5/get_for_creds.c index 8c58dae187..a109c71326 100644 --- a/source4/heimdal/lib/krb5/get_for_creds.c +++ b/source4/heimdal/lib/krb5/get_for_creds.c @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -#include <krb5_locl.h> +#include "krb5_locl.h" static krb5_error_code add_addrs(krb5_context context, @@ -100,7 +100,7 @@ fail: * @ingroup krb5_credential */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_fwd_tgt_creds (krb5_context context, krb5_auth_context auth_context, const char *hostname, @@ -183,7 +183,7 @@ krb5_fwd_tgt_creds (krb5_context context, * @ingroup krb5_credential */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_forwarded_creds (krb5_context context, krb5_auth_context auth_context, krb5_ccache ccache, diff --git a/source4/heimdal/lib/krb5/get_host_realm.c b/source4/heimdal/lib/krb5/get_host_realm.c index 7d7fef6e1c..7aee02734b 100644 --- a/source4/heimdal/lib/krb5/get_host_realm.c +++ b/source4/heimdal/lib/krb5/get_host_realm.c @@ -158,7 +158,7 @@ config_find_realm(krb5_context context, * fall back to guessing */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_get_host_realm_int (krb5_context context, const char *host, krb5_boolean use_dns, @@ -215,7 +215,7 @@ _krb5_get_host_realm_int (krb5_context context, * `realms'. Free `realms' with krb5_free_host_realm(). */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_host_realm(krb5_context context, const char *targethost, krb5_realm **realms) diff --git a/source4/heimdal/lib/krb5/get_in_tkt.c b/source4/heimdal/lib/krb5/get_in_tkt.c index 84b1ffb71f..15cbfba89d 100644 --- a/source4/heimdal/lib/krb5/get_in_tkt.c +++ b/source4/heimdal/lib/krb5/get_in_tkt.c @@ -361,7 +361,8 @@ set_ptypes(krb5_context context, return(1); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_DEPRECATED +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_in_cred(krb5_context context, krb5_flags options, const krb5_addresses *addrs, @@ -374,7 +375,6 @@ krb5_get_in_cred(krb5_context context, krb5_const_pointer decryptarg, krb5_creds *creds, krb5_kdc_rep *ret_as_reply) - KRB5_DEPRECATED { krb5_error_code ret; AS_REQ a; @@ -498,7 +498,7 @@ krb5_get_in_cred(krb5_context context, goto out; { - unsigned flags = 0; + unsigned flags = EXTRACT_TICKET_TIMESYNC; if (opts.request_anonymous) flags |= EXTRACT_TICKET_ALLOW_SERVER_MISMATCH; @@ -526,7 +526,8 @@ out: return ret; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_DEPRECATED +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_in_tkt(krb5_context context, krb5_flags options, const krb5_addresses *addrs, @@ -539,7 +540,6 @@ krb5_get_in_tkt(krb5_context context, krb5_creds *creds, krb5_ccache ccache, krb5_kdc_rep *ret_as_reply) - KRB5_DEPRECATED { krb5_error_code ret; diff --git a/source4/heimdal/lib/krb5/get_port.c b/source4/heimdal/lib/krb5/get_port.c index 5d0361b816..93d9433cd0 100644 --- a/source4/heimdal/lib/krb5/get_port.c +++ b/source4/heimdal/lib/krb5/get_port.c @@ -31,9 +31,9 @@ * SUCH DAMAGE. */ -#include <krb5_locl.h> +#include "krb5_locl.h" -int KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_getportbyname (krb5_context context, const char *service, const char *proto, diff --git a/source4/heimdal/lib/krb5/init_creds.c b/source4/heimdal/lib/krb5/init_creds.c index b1bd94d3b9..f555c724ed 100644 --- a/source4/heimdal/lib/krb5/init_creds.c +++ b/source4/heimdal/lib/krb5/init_creds.c @@ -3,6 +3,8 @@ * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -50,7 +52,7 @@ * @ingroup krb5_credential */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_opt_alloc(krb5_context context, krb5_get_init_creds_opt **opt) { @@ -82,7 +84,7 @@ krb5_get_init_creds_opt_alloc(krb5_context context, * @ingroup krb5_credential */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_free(krb5_context context, krb5_get_init_creds_opt *opt) { @@ -124,20 +126,21 @@ get_config_time (krb5_context context, static krb5_boolean get_config_bool (krb5_context context, + krb5_boolean def_value, const char *realm, const char *name) { - return krb5_config_get_bool (context, - NULL, - "realms", - realm, - name, - NULL) - || krb5_config_get_bool (context, - NULL, - "libdefaults", - name, - NULL); + krb5_boolean b; + + b = krb5_config_get_bool_default(context, NULL, def_value, + "realms", realm, name, NULL); + if (b != def_value) + return b; + b = krb5_config_get_bool_default (context, NULL, def_value, + "libdefaults", name, NULL); + if (b != def_value) + return b; + return def_value; } /* @@ -147,7 +150,7 @@ get_config_bool (krb5_context context, * [realms] or [libdefaults] for some of the values. */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_set_default_flags(krb5_context context, const char *appname, krb5_const_realm realm, @@ -156,11 +159,12 @@ krb5_get_init_creds_opt_set_default_flags(krb5_context context, krb5_boolean b; time_t t; - b = get_config_bool (context, realm, "forwardable"); + b = get_config_bool (context, KRB5_FORWARDABLE_DEFAULT, + realm, "forwardable"); krb5_appdefault_boolean(context, appname, realm, "forwardable", b, &b); krb5_get_init_creds_opt_set_forwardable(opt, b); - b = get_config_bool (context, realm, "proxiable"); + b = get_config_bool (context, FALSE, realm, "proxiable"); krb5_appdefault_boolean(context, appname, realm, "proxiable", b, &b); krb5_get_init_creds_opt_set_proxiable (opt, b); @@ -197,7 +201,7 @@ krb5_get_init_creds_opt_set_default_flags(krb5_context context, } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_set_tkt_life(krb5_get_init_creds_opt *opt, krb5_deltat tkt_life) { @@ -205,7 +209,7 @@ krb5_get_init_creds_opt_set_tkt_life(krb5_get_init_creds_opt *opt, opt->tkt_life = tkt_life; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_set_renew_life(krb5_get_init_creds_opt *opt, krb5_deltat renew_life) { @@ -213,7 +217,7 @@ krb5_get_init_creds_opt_set_renew_life(krb5_get_init_creds_opt *opt, opt->renew_life = renew_life; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_set_forwardable(krb5_get_init_creds_opt *opt, int forwardable) { @@ -221,7 +225,7 @@ krb5_get_init_creds_opt_set_forwardable(krb5_get_init_creds_opt *opt, opt->forwardable = forwardable; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_set_proxiable(krb5_get_init_creds_opt *opt, int proxiable) { @@ -229,7 +233,7 @@ krb5_get_init_creds_opt_set_proxiable(krb5_get_init_creds_opt *opt, opt->proxiable = proxiable; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_set_etype_list(krb5_get_init_creds_opt *opt, krb5_enctype *etype_list, int etype_list_length) @@ -239,7 +243,7 @@ krb5_get_init_creds_opt_set_etype_list(krb5_get_init_creds_opt *opt, opt->etype_list_length = etype_list_length; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_set_address_list(krb5_get_init_creds_opt *opt, krb5_addresses *addresses) { @@ -247,7 +251,7 @@ krb5_get_init_creds_opt_set_address_list(krb5_get_init_creds_opt *opt, opt->address_list = addresses; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_set_preauth_list(krb5_get_init_creds_opt *opt, krb5_preauthtype *preauth_list, int preauth_list_length) @@ -257,7 +261,7 @@ krb5_get_init_creds_opt_set_preauth_list(krb5_get_init_creds_opt *opt, opt->preauth_list = preauth_list; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_set_salt(krb5_get_init_creds_opt *opt, krb5_data *salt) { @@ -265,7 +269,7 @@ krb5_get_init_creds_opt_set_salt(krb5_get_init_creds_opt *opt, opt->salt = salt; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_set_anonymous(krb5_get_init_creds_opt *opt, int anonymous) { @@ -286,7 +290,7 @@ require_ext_opt(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_opt_set_pa_password(krb5_context context, krb5_get_init_creds_opt *opt, const char *password, @@ -301,7 +305,7 @@ krb5_get_init_creds_opt_set_pa_password(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_opt_set_pac_request(krb5_context context, krb5_get_init_creds_opt *opt, krb5_boolean req_pac) @@ -316,7 +320,7 @@ krb5_get_init_creds_opt_set_pac_request(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_opt_set_addressless(krb5_context context, krb5_get_init_creds_opt *opt, krb5_boolean addressless) @@ -332,7 +336,7 @@ krb5_get_init_creds_opt_set_addressless(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_opt_set_canonicalize(krb5_context context, krb5_get_init_creds_opt *opt, krb5_boolean req) @@ -348,7 +352,7 @@ krb5_get_init_creds_opt_set_canonicalize(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_opt_set_win2k(krb5_context context, krb5_get_init_creds_opt *opt, krb5_boolean req) @@ -357,15 +361,18 @@ krb5_get_init_creds_opt_set_win2k(krb5_context context, ret = require_ext_opt(context, opt, "init_creds_opt_set_win2k"); if (ret) return ret; - if (req) + if (req) { opt->opt_private->flags |= KRB5_INIT_CREDS_NO_C_CANON_CHECK; - else + opt->opt_private->flags |= KRB5_INIT_CREDS_NO_C_NO_EKU_CHECK; + } else { opt->opt_private->flags &= ~KRB5_INIT_CREDS_NO_C_CANON_CHECK; + opt->opt_private->flags &= ~KRB5_INIT_CREDS_NO_C_NO_EKU_CHECK; + } return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_opt_set_process_last_req(krb5_context context, krb5_get_init_creds_opt *opt, krb5_gic_process_last_req func, @@ -385,9 +392,19 @@ krb5_get_init_creds_opt_set_process_last_req(krb5_context context, #ifndef HEIMDAL_SMALLER -void KRB5_LIB_FUNCTION +/** + * Deprecated: use krb5_get_init_creds_opt_alloc(). + * + * The reason krb5_get_init_creds_opt_init() is deprecated is that + * krb5_get_init_creds_opt is a static structure and for ABI reason it + * can't grow, ie can't add new functionality. + * + * @ingroup krb5_deprecated + */ + +KRB5_DEPRECATED +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_init(krb5_get_init_creds_opt *opt) - KRB5_DEPRECATED { memset (opt, 0, sizeof(*opt)); } @@ -399,11 +416,11 @@ krb5_get_init_creds_opt_init(krb5_get_init_creds_opt *opt) * @ingroup krb5_deprecated */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_DEPRECATED +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_opt_get_error(krb5_context context, krb5_get_init_creds_opt *opt, KRB_ERROR **error) - KRB5_DEPRECATED { *error = calloc(1, sizeof(**error)); if (*error == NULL) { diff --git a/source4/heimdal/lib/krb5/init_creds_pw.c b/source4/heimdal/lib/krb5/init_creds_pw.c index c326fa4df7..4637a6d941 100644 --- a/source4/heimdal/lib/krb5/init_creds_pw.c +++ b/source4/heimdal/lib/krb5/init_creds_pw.c @@ -3,6 +3,8 @@ * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -59,6 +61,12 @@ typedef struct krb5_get_init_creds_ctx { krb5_pk_init_ctx pk_init_ctx; int ic_flags; + int used_pa_types; +#define USED_PKINIT 1 +#define USED_PKINIT_W2K 2 +#define USED_ENC_TS_GUESS 4 +#define USED_ENC_TS_INFO 8 + METHOD_DATA md; KRB_ERROR error; AS_REP as_rep; @@ -67,8 +75,25 @@ typedef struct krb5_get_init_creds_ctx { krb5_prompter_fct prompter; void *prompter_data; + struct pa_info_data *ppaid; + } krb5_get_init_creds_ctx; + +struct pa_info_data { + krb5_enctype etype; + krb5_salt salt; + krb5_data *s2kparams; +}; + +static void +free_paid(krb5_context context, struct pa_info_data *ppaid) +{ + krb5_free_salt(context, ppaid->salt); + if (ppaid->s2kparams) + krb5_free_data(context, ppaid->s2kparams); +} + static krb5_error_code default_s2k_func(krb5_context context, krb5_enctype type, krb5_const_pointer keyseed, @@ -79,6 +104,8 @@ default_s2k_func(krb5_context context, krb5_enctype type, krb5_data password; krb5_data opaque; + _krb5_debug(context, 5, "krb5_get_init_creds: using default_s2k_func"); + password.data = rk_UNCONST(keyseed); password.length = strlen(keyseed); if (s2kparms) @@ -120,6 +147,10 @@ free_init_creds_ctx(krb5_context context, krb5_init_creds_context ctx) free_EncKDCRepPart(&ctx->enc_part); free_KRB_ERROR(&ctx->error); free_AS_REQ(&ctx->as_req); + if (ctx->ppaid) { + free_paid(context, ctx->ppaid); + free(ctx->ppaid); + } memset(ctx, 0, sizeof(*ctx)); } @@ -559,7 +590,7 @@ out: } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_keyblock_key_proc (krb5_context context, krb5_keytype type, krb5_data *salt, @@ -681,20 +712,6 @@ init_as_req (krb5_context context, return ret; } -struct pa_info_data { - krb5_enctype etype; - krb5_salt salt; - krb5_data *s2kparams; -}; - -static void -free_paid(krb5_context context, struct pa_info_data *ppaid) -{ - krb5_free_salt(context, ppaid->salt); - if (ppaid->s2kparams) - krb5_free_data(context, ppaid->s2kparams); -} - static krb5_error_code set_paid(struct pa_info_data *paid, krb5_context context, @@ -986,6 +1003,8 @@ add_enc_ts_padata(krb5_context context, for (i = 0; i < netypes; ++i) { krb5_keyblock *key; + _krb5_debug(context, 5, "krb5_get_init_creds: using ENC-TS with enctype %d", enctypes[i]); + ret = (*keyproc)(context, enctypes[i], keyseed, *salt, s2kparams, &key); if (ret) @@ -1019,6 +1038,8 @@ pa_data_to_md_ts_enc(krb5_context context, } else { krb5_salt salt; + _krb5_debug(context, 5, "krb5_get_init_creds: pa-info not found, guessing salt"); + /* make a v5 salted pa-data */ add_enc_ts_padata(context, md, client, ctx->keyproc, ctx->keyseed, @@ -1057,6 +1078,7 @@ static krb5_error_code pa_data_to_md_pkinit(krb5_context context, const AS_REQ *a, const krb5_principal client, + int win2k, krb5_get_init_creds_ctx *ctx, METHOD_DATA *md) { @@ -1064,10 +1086,12 @@ pa_data_to_md_pkinit(krb5_context context, return 0; #ifdef PKINIT return _krb5_pk_mk_padata(context, - ctx->pk_init_ctx, - &a->req_body, - ctx->pk_nonce, - md); + ctx->pk_init_ctx, + ctx->ic_flags, + win2k, + &a->req_body, + ctx->pk_nonce, + md); #else krb5_set_error_message(context, EINVAL, N_("no support for PKINIT compiled in", "")); @@ -1133,6 +1157,13 @@ process_pa_data_to_md(krb5_context context, (*out_md)->len = 0; (*out_md)->val = NULL; + if (_krb5_have_debug(context, 5)) { + unsigned i; + _krb5_debug(context, 5, "KDC send %d patypes", in_md->len); + for (i = 0; i < in_md->len; i++) + _krb5_debug(context, 5, "KDC send PA-DATA type: %d", in_md->val[i].padata_type); + } + /* * Make sure we don't sent both ENC-TS and PK-INIT pa data, no * need to expose our password protecting our PKCS12 key. @@ -1140,21 +1171,62 @@ process_pa_data_to_md(krb5_context context, if (ctx->pk_init_ctx) { - ret = pa_data_to_md_pkinit(context, a, creds->client, ctx, *out_md); + _krb5_debug(context, 5, "krb5_get_init_creds: " + "prepareing PKINIT padata (%s)", + (ctx->used_pa_types & USED_PKINIT_W2K) ? "win2k" : "ietf"); + + if (ctx->used_pa_types & USED_PKINIT_W2K) { + krb5_set_error_message(context, KRB5_GET_IN_TKT_LOOP, + "Already tried pkinit, looping"); + return KRB5_GET_IN_TKT_LOOP; + } + + ret = pa_data_to_md_pkinit(context, a, creds->client, + (ctx->used_pa_types & USED_PKINIT), + ctx, *out_md); if (ret) return ret; + if (ctx->used_pa_types & USED_PKINIT) + ctx->used_pa_types |= USED_PKINIT_W2K; + else + ctx->used_pa_types |= USED_PKINIT; + } else if (in_md->len != 0) { - struct pa_info_data paid, *ppaid; + struct pa_info_data *paid, *ppaid; + unsigned flag; + + paid = calloc(1, sizeof(*paid)); - memset(&paid, 0, sizeof(paid)); + paid->etype = ENCTYPE_NULL; + ppaid = process_pa_info(context, creds->client, a, paid, in_md); - paid.etype = ENCTYPE_NULL; - ppaid = process_pa_info(context, creds->client, a, &paid, in_md); + if (ppaid) + flag = USED_ENC_TS_INFO; + else + flag = USED_ENC_TS_GUESS; + + if (ctx->used_pa_types & flag) { + if (ppaid) + free_paid(context, ppaid); + krb5_set_error_message(context, KRB5_GET_IN_TKT_LOOP, + "Already tried ENC-TS-%s, looping", + flag == USED_ENC_TS_INFO ? "info" : "guess"); + return KRB5_GET_IN_TKT_LOOP; + } pa_data_to_md_ts_enc(context, a, creds->client, ctx, ppaid, *out_md); - if (ppaid) - free_paid(context, ppaid); + + ctx->used_pa_types |= flag; + + if (ppaid) { + if (ctx->ppaid) { + free_paid(context, ctx->ppaid); + free(ctx->ppaid); + } + ctx->ppaid = ppaid; + } else + free(paid); } pa_data_add_pac_request(context, ctx, *out_md); @@ -1190,12 +1262,15 @@ process_pa_data_to_key(krb5_context context, ppaid = process_pa_info(context, creds->client, a, &paid, rep->padata); } + if (ppaid == NULL) + ppaid = ctx->ppaid; if (ppaid == NULL) { ret = krb5_get_pw_salt (context, creds->client, &paid.salt); if (ret) return ret; paid.etype = etype; paid.s2kparams = NULL; + ppaid = &paid; } pa = NULL; @@ -1215,6 +1290,8 @@ process_pa_data_to_key(krb5_context context, } if (pa && ctx->pk_init_ctx) { #ifdef PKINIT + _krb5_debug(context, 5, "krb5_get_init_creds: using PKINIT"); + ret = _krb5_pk_rd_pa_reply(context, a->req_body.realm, ctx->pk_init_ctx, @@ -1228,10 +1305,11 @@ process_pa_data_to_key(krb5_context context, ret = EINVAL; krb5_set_error_message(context, ret, N_("no support for PKINIT compiled in", "")); #endif - } else if (ctx->keyseed) + } else if (ctx->keyseed) { + _krb5_debug(context, 5, "krb5_get_init_creds: using keyproc"); ret = pa_data_to_key_plain(context, creds->client, ctx, - paid.salt, paid.s2kparams, etype, key); - else { + ppaid->salt, ppaid->s2kparams, etype, key); + } else { ret = EINVAL; krb5_set_error_message(context, ret, N_("No usable pa data type", "")); } @@ -1258,7 +1336,7 @@ process_pa_data_to_key(krb5_context context, * @ingroup krb5_credential */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_init(krb5_context context, krb5_principal client, krb5_prompter_fct prompter, @@ -1312,7 +1390,7 @@ krb5_init_creds_init(krb5_context context, * @ingroup krb5_credential */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_set_service(krb5_context context, krb5_init_creds_context ctx, const char *service) @@ -1352,7 +1430,7 @@ krb5_init_creds_set_service(krb5_context context, * @ingroup krb5_credential */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_set_password(krb5_context context, krb5_init_creds_context ctx, const char *password) @@ -1420,7 +1498,7 @@ keytab_key_proc(krb5_context context, krb5_enctype enctype, * @ingroup krb5_credential */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_set_keytab(krb5_context context, krb5_init_creds_context ctx, krb5_keytab keytab) @@ -1512,7 +1590,7 @@ keyblock_key_proc(krb5_context context, krb5_enctype enctype, return krb5_copy_keyblock (context, keyseed, key); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_set_keyblock(krb5_context context, krb5_init_creds_context ctx, krb5_keyblock *keyblock) @@ -1543,7 +1621,7 @@ krb5_init_creds_set_keyblock(krb5_context context, * @ingroup krb5_credential */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_step(krb5_context context, krb5_init_creds_context ctx, krb5_data *in, @@ -1576,16 +1654,20 @@ krb5_init_creds_step(krb5_context context, } ctx->pa_counter++; + _krb5_debug(context, 5, "krb5_get_init_creds: loop %d", ctx->pa_counter); + /* Lets process the input packet */ if (in && in->length) { krb5_kdc_rep rep; memset(&rep, 0, sizeof(rep)); + _krb5_debug(context, 5, "krb5_get_init_creds: processing input"); + ret = decode_AS_REP(in->data, in->length, &rep.kdc_rep, &size); if (ret == 0) { krb5_keyblock *key = NULL; - unsigned eflags = EXTRACT_TICKET_AS_REQ; + unsigned eflags = EXTRACT_TICKET_AS_REQ | EXTRACT_TICKET_TIMESYNC; if (ctx->flags.canonicalize) { eflags |= EXTRACT_TICKET_ALLOW_SERVER_MISMATCH; @@ -1601,6 +1683,8 @@ krb5_init_creds_step(krb5_context context, goto out; } + _krb5_debug(context, 5, "krb5_get_init_creds: extracting ticket"); + ret = _krb5_extract_ticket(context, &rep, &ctx->cred, @@ -1627,16 +1711,22 @@ krb5_init_creds_step(krb5_context context, } else { /* let's try to parse it as a KRB-ERROR */ + _krb5_debug(context, 5, "krb5_get_init_creds: got an error"); + free_KRB_ERROR(&ctx->error); ret = krb5_rd_error(context, in, &ctx->error); if(ret && in->length && ((char*)in->data)[0] == 4) ret = KRB5KRB_AP_ERR_V4_REPLY; - if (ret) + if (ret) { + _krb5_debug(context, 5, "krb5_get_init_creds: failed to read error"); goto out; + } ret = krb5_error_from_rd_error(context, &ctx->error, &ctx->cred); + _krb5_debug(context, 5, "krb5_get_init_creds: KRB-ERROR %d", ret); + /* * If no preauth was set and KDC requires it, give it one * more try. @@ -1668,16 +1758,29 @@ krb5_init_creds_step(krb5_context context, krb5_set_real_time(context, ctx->error.stime, -1); if (context->kdc_sec_offset) ret = 0; + + _krb5_debug(context, 10, "init_creds: err skew updateing kdc offset to %d", + context->kdc_sec_offset); + + ctx->used_pa_types = 0; + } else if (ret == KRB5_KDC_ERR_WRONG_REALM && ctx->flags.canonicalize) { /* client referal to a new realm */ + if (ctx->error.crealm == NULL) { krb5_set_error_message(context, ret, N_("Got a client referral, not but no realm", "")); goto out; } + _krb5_debug(context, 5, + "krb5_get_init_creds: got referal to realm %s", + *ctx->error.crealm); + ret = krb5_principal_set_realm(context, ctx->cred.client, *ctx->error.crealm); + + ctx->used_pa_types = 0; } if (ret) goto out; @@ -1731,7 +1834,7 @@ krb5_init_creds_step(krb5_context context, * @return 0 for sucess or An Kerberos error code, see krb5_get_error_message(). */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_get_creds(krb5_context context, krb5_init_creds_context ctx, krb5_creds *cred) @@ -1747,7 +1850,7 @@ krb5_init_creds_get_creds(krb5_context context, * @ingroup krb5_credential */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_get_error(krb5_context context, krb5_init_creds_context ctx, KRB_ERROR *error) @@ -1770,7 +1873,7 @@ krb5_init_creds_get_error(krb5_context context, * @ingroup krb5_credential */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_init_creds_free(krb5_context context, krb5_init_creds_context ctx) { @@ -1787,7 +1890,7 @@ krb5_init_creds_free(krb5_context context, * @ingroup krb5_credential */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_get(krb5_context context, krb5_init_creds_context ctx) { krb5_sendto_ctx stctx = NULL; @@ -1835,7 +1938,7 @@ krb5_init_creds_get(krb5_context context, krb5_init_creds_context ctx) */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_password(krb5_context context, krb5_creds *creds, krb5_principal client, @@ -1941,7 +2044,7 @@ krb5_get_init_creds_password(krb5_context context, * @ingroup krb5_credential */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_keyblock(krb5_context context, krb5_creds *creds, krb5_principal client, @@ -1988,7 +2091,7 @@ krb5_get_init_creds_keyblock(krb5_context context, * @ingroup krb5_credential */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_keytab(krb5_context context, krb5_creds *creds, krb5_principal client, diff --git a/source4/heimdal/lib/krb5/kcm.c b/source4/heimdal/lib/krb5/kcm.c index c94dea551f..01ea184773 100644 --- a/source4/heimdal/lib/krb5/kcm.c +++ b/source4/heimdal/lib/krb5/kcm.c @@ -2,6 +2,8 @@ * Copyright (c) 2005, PADL Software Pty Ltd. * All rights reserved. * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -37,16 +39,16 @@ * Client library for Kerberos Credentials Manager (KCM) daemon */ -#ifdef HAVE_SYS_UN_H -#include <sys/un.h> -#endif - #include "kcm.h" +#include <heim-ipc.h> + +static krb5_error_code +kcm_set_kdc_offset(krb5_context, krb5_ccache, krb5_deltat); + +static const char *kcm_ipc_name = "ANY:org.h5l.kcm"; typedef struct krb5_kcmcache { char *name; - struct sockaddr_un path; - char *door_path; } krb5_kcmcache; typedef struct krb5_kcm_cursor { @@ -60,83 +62,23 @@ typedef struct krb5_kcm_cursor { #define CACHENAME(X) (KCMCACHE(X)->name) #define KCMCURSOR(C) ((krb5_kcm_cursor)(C)) -#ifdef HAVE_DOOR_CREATE - -static krb5_error_code -try_door(krb5_context context, - krb5_kcmcache *k, - krb5_data *request_data, - krb5_data *response_data) -{ - door_arg_t arg; - int fd; - int ret; - - memset(&arg, 0, sizeof(arg)); - - fd = open(k->door_path, O_RDWR); - if (fd < 0) - return KRB5_CC_IO; - rk_cloexec(fd); - - arg.data_ptr = request_data->data; - arg.data_size = request_data->length; - arg.desc_ptr = NULL; - arg.desc_num = 0; - arg.rbuf = NULL; - arg.rsize = 0; - - ret = door_call(fd, &arg); - close(fd); - if (ret != 0) - return KRB5_CC_IO; - - ret = krb5_data_copy(response_data, arg.rbuf, arg.rsize); - munmap(arg.rbuf, arg.rsize); - if (ret) - return ret; - - return 0; -} -#endif /* HAVE_DOOR_CREATE */ - -static krb5_error_code -try_unix_socket(krb5_context context, - krb5_kcmcache *k, - krb5_data *request_data, - krb5_data *response_data) -{ - krb5_error_code ret; - int fd; - - fd = socket(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0); - if (fd < 0) - return KRB5_CC_IO; - rk_cloexec(fd); - - if (connect(fd, rk_UNCONST(&k->path), sizeof(k->path)) != 0) { - close(fd); - return KRB5_CC_IO; - } - - ret = _krb5_send_and_recv_tcp(fd, context->kdc_timeout, - request_data, response_data); - close(fd); - return ret; -} +static HEIMDAL_MUTEX kcm_mutex = HEIMDAL_MUTEX_INITIALIZER; +static heim_ipc kcm_ipc = NULL; static krb5_error_code kcm_send_request(krb5_context context, - krb5_kcmcache *k, krb5_storage *request, krb5_data *response_data) { - krb5_error_code ret; + krb5_error_code ret = 0; krb5_data request_data; - int i; - response_data->data = NULL; - response_data->length = 0; + HEIMDAL_MUTEX_lock(&kcm_mutex); + if (kcm_ipc == NULL) + ret = heim_ipc_init_context(kcm_ipc_name, &kcm_ipc); + HEIMDAL_MUTEX_unlock(&kcm_mutex); + if (ret) + return KRB5_CC_NOSUPP; ret = krb5_storage_to_data(request, &request_data); if (ret) { @@ -144,19 +86,7 @@ kcm_send_request(krb5_context context, return KRB5_CC_NOMEM; } - ret = KRB5_CC_NOSUPP; - - for (i = 0; i < context->max_retries; i++) { -#ifdef HAVE_DOOR_CREATE - ret = try_door(context, k, &request_data, response_data); - if (ret == 0 && response_data->length != 0) - break; -#endif - ret = try_unix_socket(context, k, &request_data, response_data); - if (ret == 0 && response_data->length != 0) - break; - } - + ret = heim_ipc_call(kcm_ipc, &request_data, response_data, NULL); krb5_data_free(&request_data); if (ret) { @@ -167,10 +97,10 @@ kcm_send_request(krb5_context context, return ret; } -static krb5_error_code -kcm_storage_request(krb5_context context, - kcm_operation opcode, - krb5_storage **storage_p) +krb5_error_code +krb5_kcm_storage_request(krb5_context context, + uint16_t opcode, + krb5_storage **storage_p) { krb5_storage *sp; krb5_error_code ret; @@ -209,7 +139,6 @@ static krb5_error_code kcm_alloc(krb5_context context, const char *name, krb5_ccache *id) { krb5_kcmcache *k; - const char *path; k = malloc(sizeof(*k)); if (k == NULL) { @@ -228,35 +157,18 @@ kcm_alloc(krb5_context context, const char *name, krb5_ccache *id) } } else k->name = NULL; - - path = krb5_config_get_string_default(context, NULL, - _PATH_KCM_SOCKET, - "libdefaults", - "kcm_socket", - NULL); - - k->path.sun_family = AF_UNIX; - strlcpy(k->path.sun_path, path, sizeof(k->path.sun_path)); - - path = krb5_config_get_string_default(context, NULL, - _PATH_KCM_DOOR, - "libdefaults", - "kcm_door", - NULL); - k->door_path = strdup(path); - + (*id)->data.data = k; (*id)->data.length = sizeof(*k); return 0; } -static krb5_error_code -kcm_call(krb5_context context, - krb5_kcmcache *k, - krb5_storage *request, - krb5_storage **response_p, - krb5_data *response_data_p) +krb5_error_code KRB5_LIB_FUNCTION +krb5_kcm_call(krb5_context context, + krb5_storage *request, + krb5_storage **response_p, + krb5_data *response_data_p) { krb5_data response_data; krb5_error_code ret; @@ -266,10 +178,11 @@ kcm_call(krb5_context context, if (response_p != NULL) *response_p = NULL; - ret = kcm_send_request(context, k, request, &response_data); - if (ret) { + krb5_data_zero(&response_data); + + ret = kcm_send_request(context, request, &response_data); + if (ret) return ret; - } response = krb5_storage_from_data(&response_data); if (response == NULL) { @@ -311,8 +224,6 @@ kcm_free(krb5_context context, krb5_ccache *id) if (k != NULL) { if (k->name != NULL) free(k->name); - if (k->door_path) - free(k->door_path); memset(k, 0, sizeof(*k)); krb5_data_free(&(*id)->data); } @@ -351,13 +262,13 @@ kcm_gen_new(krb5_context context, krb5_ccache *id) k = KCMCACHE(*id); - ret = kcm_storage_request(context, KCM_OP_GEN_NEW, &request); + ret = krb5_kcm_storage_request(context, KCM_OP_GEN_NEW, &request); if (ret) { kcm_free(context, id); return ret; } - ret = kcm_call(context, k, request, &response, &response_data); + ret = krb5_kcm_call(context, request, &response, &response_data); if (ret) { krb5_storage_free(request); kcm_free(context, id); @@ -395,7 +306,7 @@ kcm_initialize(krb5_context context, krb5_kcmcache *k = KCMCACHE(id); krb5_storage *request; - ret = kcm_storage_request(context, KCM_OP_INITIALIZE, &request); + ret = krb5_kcm_storage_request(context, KCM_OP_INITIALIZE, &request); if (ret) return ret; @@ -411,9 +322,13 @@ kcm_initialize(krb5_context context, return ret; } - ret = kcm_call(context, k, request, NULL, NULL); + ret = krb5_kcm_call(context, request, NULL, NULL); krb5_storage_free(request); + + if (context->kdc_sec_offset) + kcm_set_kdc_offset(context, id, context->kdc_sec_offset); + return ret; } @@ -440,7 +355,7 @@ kcm_destroy(krb5_context context, krb5_kcmcache *k = KCMCACHE(id); krb5_storage *request; - ret = kcm_storage_request(context, KCM_OP_DESTROY, &request); + ret = krb5_kcm_storage_request(context, KCM_OP_DESTROY, &request); if (ret) return ret; @@ -450,7 +365,7 @@ kcm_destroy(krb5_context context, return ret; } - ret = kcm_call(context, k, request, NULL, NULL); + ret = krb5_kcm_call(context, request, NULL, NULL); krb5_storage_free(request); return ret; @@ -473,7 +388,7 @@ kcm_store_cred(krb5_context context, krb5_kcmcache *k = KCMCACHE(id); krb5_storage *request; - ret = kcm_storage_request(context, KCM_OP_STORE, &request); + ret = krb5_kcm_storage_request(context, KCM_OP_STORE, &request); if (ret) return ret; @@ -489,12 +404,13 @@ kcm_store_cred(krb5_context context, return ret; } - ret = kcm_call(context, k, request, NULL, NULL); + ret = krb5_kcm_call(context, request, NULL, NULL); krb5_storage_free(request); return ret; } +#if 0 /* * Request: * NameZ @@ -517,7 +433,7 @@ kcm_retrieve(krb5_context context, krb5_storage *request, *response; krb5_data response_data; - ret = kcm_storage_request(context, KCM_OP_RETRIEVE, &request); + ret = krb5_kcm_storage_request(context, KCM_OP_RETRIEVE, &request); if (ret) return ret; @@ -539,7 +455,7 @@ kcm_retrieve(krb5_context context, return ret; } - ret = kcm_call(context, k, request, &response, &response_data); + ret = krb5_kcm_call(context, request, &response, &response_data); if (ret) { krb5_storage_free(request); return ret; @@ -555,6 +471,7 @@ kcm_retrieve(krb5_context context, return ret; } +#endif /* * Request: @@ -573,7 +490,7 @@ kcm_get_principal(krb5_context context, krb5_storage *request, *response; krb5_data response_data; - ret = kcm_storage_request(context, KCM_OP_GET_PRINCIPAL, &request); + ret = krb5_kcm_storage_request(context, KCM_OP_GET_PRINCIPAL, &request); if (ret) return ret; @@ -583,7 +500,7 @@ kcm_get_principal(krb5_context context, return ret; } - ret = kcm_call(context, k, request, &response, &response_data); + ret = krb5_kcm_call(context, request, &response, &response_data); if (ret) { krb5_storage_free(request); return ret; @@ -619,7 +536,7 @@ kcm_get_first (krb5_context context, krb5_storage *request, *response; krb5_data response_data; - ret = kcm_storage_request(context, KCM_OP_GET_FIRST, &request); + ret = krb5_kcm_storage_request(context, KCM_OP_GET_CRED_UUID_LIST, &request); if (ret) return ret; @@ -629,7 +546,7 @@ kcm_get_first (krb5_context context, return ret; } - ret = kcm_call(context, k, request, &response, &response_data); + ret = krb5_kcm_call(context, request, &response, &response_data); krb5_storage_free(request); if (ret) return ret; @@ -710,7 +627,7 @@ kcm_get_next (krb5_context context, if (c->offset >= c->length) return KRB5_CC_END; - ret = kcm_storage_request(context, KCM_OP_GET_NEXT, &request); + ret = krb5_kcm_storage_request(context, KCM_OP_GET_CRED_BY_UUID, &request); if (ret) return ret; @@ -730,7 +647,7 @@ kcm_get_next (krb5_context context, return ENOMEM; } - ret = kcm_call(context, k, request, &response, &response_data); + ret = krb5_kcm_call(context, request, &response, &response_data); krb5_storage_free(request); if (ret == KRB5_CC_END) { goto again; @@ -759,32 +676,14 @@ kcm_end_get (krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor) { - krb5_error_code ret; - krb5_kcmcache *k = KCMCACHE(id); krb5_kcm_cursor c = KCMCURSOR(*cursor); - krb5_storage *request; - - ret = kcm_storage_request(context, KCM_OP_END_GET, &request); - if (ret) - return ret; - - ret = krb5_store_stringz(request, k->name); - if (ret) { - krb5_storage_free(request); - return ret; - } - - ret = kcm_call(context, k, request, NULL, NULL); - krb5_storage_free(request); - if (ret) - return ret; free(c->uuids); free(c); *cursor = NULL; - return ret; + return 0; } /* @@ -806,7 +705,7 @@ kcm_remove_cred(krb5_context context, krb5_kcmcache *k = KCMCACHE(id); krb5_storage *request; - ret = kcm_storage_request(context, KCM_OP_REMOVE_CRED, &request); + ret = krb5_kcm_storage_request(context, KCM_OP_REMOVE_CRED, &request); if (ret) return ret; @@ -828,7 +727,7 @@ kcm_remove_cred(krb5_context context, return ret; } - ret = kcm_call(context, k, request, NULL, NULL); + ret = krb5_kcm_call(context, request, NULL, NULL); krb5_storage_free(request); return ret; @@ -843,7 +742,7 @@ kcm_set_flags(krb5_context context, krb5_kcmcache *k = KCMCACHE(id); krb5_storage *request; - ret = kcm_storage_request(context, KCM_OP_SET_FLAGS, &request); + ret = krb5_kcm_storage_request(context, KCM_OP_SET_FLAGS, &request); if (ret) return ret; @@ -859,7 +758,7 @@ kcm_set_flags(krb5_context context, return ret; } - ret = kcm_call(context, k, request, NULL, NULL); + ret = krb5_kcm_call(context, request, NULL, NULL); krb5_storage_free(request); return ret; @@ -872,6 +771,161 @@ kcm_get_version(krb5_context context, return 0; } +/* + * Send nothing + * get back list of uuids + */ + +static krb5_error_code +kcm_get_cache_first(krb5_context context, krb5_cc_cursor *cursor) +{ + krb5_error_code ret; + krb5_kcm_cursor c; + krb5_storage *request, *response; + krb5_data response_data; + + *cursor = NULL; + + c = calloc(1, sizeof(*c)); + if (c == NULL) { + ret = ENOMEM; + krb5_set_error_message(context, ret, + N_("malloc: out of memory", "")); + goto out; + } + + ret = krb5_kcm_storage_request(context, KCM_OP_GET_CACHE_UUID_LIST, &request); + if (ret) + goto out; + + ret = krb5_kcm_call(context, request, &response, &response_data); + krb5_storage_free(request); + if (ret) + goto out; + + while (1) { + ssize_t sret; + kcmuuid_t uuid; + void *ptr; + + sret = krb5_storage_read(response, &uuid, sizeof(uuid)); + if (sret == 0) { + ret = 0; + break; + } else if (sret != sizeof(uuid)) { + ret = EINVAL; + goto out; + } + + ptr = realloc(c->uuids, sizeof(c->uuids[0]) * (c->length + 1)); + if (ptr == NULL) { + ret = ENOMEM; + krb5_set_error_message(context, ret, + N_("malloc: out of memory", "")); + goto out; + } + c->uuids = ptr; + + memcpy(&c->uuids[c->length], &uuid, sizeof(uuid)); + c->length += 1; + } + + krb5_storage_free(response); + krb5_data_free(&response_data); + + out: + if (ret && c) { + free(c->uuids); + free(c); + } else + *cursor = c; + + return ret; +} + +/* + * Send uuid + * Recv cache name + */ + +static krb5_error_code +kcm_get_cache_next(krb5_context context, krb5_cc_cursor cursor, const krb5_cc_ops *ops, krb5_ccache *id) +{ + krb5_error_code ret; + krb5_kcm_cursor c = KCMCURSOR(cursor); + krb5_storage *request, *response; + krb5_data response_data; + ssize_t sret; + char *name; + + *id = NULL; + + again: + + if (c->offset >= c->length) + return KRB5_CC_END; + + ret = krb5_kcm_storage_request(context, KCM_OP_GET_CACHE_BY_UUID, &request); + if (ret) + return ret; + + sret = krb5_storage_write(request, + &c->uuids[c->offset], + sizeof(c->uuids[c->offset])); + c->offset++; + if (sret != sizeof(c->uuids[c->offset])) { + krb5_storage_free(request); + krb5_clear_error_message(context); + return ENOMEM; + } + + ret = krb5_kcm_call(context, request, &response, &response_data); + krb5_storage_free(request); + if (ret == KRB5_CC_END) + goto again; + + ret = krb5_ret_stringz(response, &name); + krb5_storage_free(response); + krb5_data_free(&response_data); + + if (ret == 0) { + ret = _krb5_cc_allocate(context, ops, id); + if (ret == 0) + ret = kcm_alloc(context, name, id); + krb5_xfree(name); + } + + return ret; +} + +static krb5_error_code +kcm_get_cache_next_kcm(krb5_context context, krb5_cc_cursor cursor, krb5_ccache *id) +{ +#ifndef KCM_IS_API_CACHE + return kcm_get_cache_next(context, cursor, &krb5_kcm_ops, id); +#else + return KRB5_CC_END; +#endif +} + +static krb5_error_code +kcm_get_cache_next_api(krb5_context context, krb5_cc_cursor cursor, krb5_ccache *id) +{ + return kcm_get_cache_next(context, cursor, &krb5_akcm_ops, id); +} + + +static krb5_error_code +kcm_end_cache_get(krb5_context context, krb5_cc_cursor cursor) +{ + krb5_kcm_cursor c = KCMCURSOR(cursor); + + free(c->uuids); + free(c); + return 0; +} + + static krb5_error_code kcm_move(krb5_context context, krb5_ccache from, krb5_ccache to) { @@ -880,7 +934,7 @@ kcm_move(krb5_context context, krb5_ccache from, krb5_ccache to) krb5_kcmcache *newk = KCMCACHE(to); krb5_storage *request; - ret = kcm_storage_request(context, KCM_OP_MOVE_CACHE, &request); + ret = krb5_kcm_storage_request(context, KCM_OP_MOVE_CACHE, &request); if (ret) return ret; @@ -895,18 +949,81 @@ kcm_move(krb5_context context, krb5_ccache from, krb5_ccache to) krb5_storage_free(request); return ret; } - ret = kcm_call(context, oldk, request, NULL, NULL); + ret = krb5_kcm_call(context, request, NULL, NULL); krb5_storage_free(request); return ret; } static krb5_error_code -kcm_default_name(krb5_context context, char **str) +kcm_get_default_name(krb5_context context, const krb5_cc_ops *ops, + const char *defstr, char **str) +{ + krb5_error_code ret; + krb5_storage *request, *response; + krb5_data response_data; + char *name; + + *str = NULL; + + ret = krb5_kcm_storage_request(context, KCM_OP_GET_DEFAULT_CACHE, &request); + if (ret) + return ret; + + ret = krb5_kcm_call(context, request, &response, &response_data); + krb5_storage_free(request); + if (ret) + return _krb5_expand_default_cc_name(context, defstr, str); + + ret = krb5_ret_stringz(response, &name); + krb5_storage_free(response); + krb5_data_free(&response_data); + if (ret) + return ret; + + asprintf(str, "%s:%s", ops->prefix, name); + free(name); + if (str == NULL) + return ENOMEM; + + return 0; +} + +static krb5_error_code +kcm_get_default_name_api(krb5_context context, char **str) +{ + return kcm_get_default_name(context, &krb5_akcm_ops, + KRB5_DEFAULT_CCNAME_KCM_API, str); +} + +static krb5_error_code +kcm_get_default_name_kcm(krb5_context context, char **str) { - return _krb5_expand_default_cc_name(context, - KRB5_DEFAULT_CCNAME_KCM, - str); + return kcm_get_default_name(context, &krb5_kcm_ops, + KRB5_DEFAULT_CCNAME_KCM_KCM, str); +} + +static krb5_error_code +kcm_set_default(krb5_context context, krb5_ccache id) +{ + krb5_error_code ret; + krb5_storage *request; + krb5_kcmcache *k = KCMCACHE(id); + + ret = krb5_kcm_storage_request(context, KCM_OP_SET_DEFAULT_CACHE, &request); + if (ret) + return ret; + + ret = krb5_store_stringz(request, k->name); + if (ret) { + krb5_storage_free(request); + return ret; + } + + ret = krb5_kcm_call(context, request, NULL, NULL); + krb5_storage_free(request); + + return ret; } static krb5_error_code @@ -916,6 +1033,69 @@ kcm_lastchange(krb5_context context, krb5_ccache id, krb5_timestamp *mtime) return 0; } +static krb5_error_code +kcm_set_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat kdc_offset) +{ + krb5_kcmcache *k = KCMCACHE(id); + krb5_error_code ret; + krb5_storage *request; + + ret = krb5_kcm_storage_request(context, KCM_OP_SET_KDC_OFFSET, &request); + if (ret) + return ret; + + ret = krb5_store_stringz(request, k->name); + if (ret) { + krb5_storage_free(request); + return ret; + } + ret = krb5_store_int32(request, kdc_offset); + if (ret) { + krb5_storage_free(request); + return ret; + } + + ret = krb5_kcm_call(context, request, NULL, NULL); + krb5_storage_free(request); + + return ret; +} + +static krb5_error_code +kcm_get_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat *kdc_offset) +{ + krb5_kcmcache *k = KCMCACHE(id); + krb5_error_code ret; + krb5_storage *request, *response; + krb5_data response_data; + int32_t offset; + + ret = krb5_kcm_storage_request(context, KCM_OP_GET_KDC_OFFSET, &request); + if (ret) + return ret; + + ret = krb5_store_stringz(request, k->name); + if (ret) { + krb5_storage_free(request); + return ret; + } + + ret = krb5_kcm_call(context, request, &response, &response_data); + krb5_storage_free(request); + if (ret) + return ret; + + ret = krb5_ret_int32(response, &offset); + krb5_storage_free(response); + krb5_data_free(&response_data); + if (ret) + return ret; + + *kdc_offset = offset; + + return 0; +} + /** * Variable containing the KCM based credential cache implemention. * @@ -932,7 +1112,7 @@ KRB5_LIB_VARIABLE const krb5_cc_ops krb5_kcm_ops = { kcm_destroy, kcm_close, kcm_store_cred, - kcm_retrieve, + NULL /* kcm_retrieve */, kcm_get_principal, kcm_get_first, kcm_get_next, @@ -940,15 +1120,45 @@ KRB5_LIB_VARIABLE const krb5_cc_ops krb5_kcm_ops = { kcm_remove_cred, kcm_set_flags, kcm_get_version, - NULL, - NULL, - NULL, + kcm_get_cache_first, + kcm_get_cache_next_kcm, + kcm_end_cache_get, kcm_move, - kcm_default_name, - NULL, + kcm_get_default_name_kcm, + kcm_set_default, + kcm_lastchange, + kcm_set_kdc_offset, + kcm_get_kdc_offset +}; + +KRB5_LIB_VARIABLE const krb5_cc_ops krb5_akcm_ops = { + KRB5_CC_OPS_VERSION, + "API", + kcm_get_name, + kcm_resolve, + kcm_gen_new, + kcm_initialize, + kcm_destroy, + kcm_close, + kcm_store_cred, + NULL /* kcm_retrieve */, + kcm_get_principal, + kcm_get_first, + kcm_get_next, + kcm_end_get, + kcm_remove_cred, + kcm_set_flags, + kcm_get_version, + kcm_get_cache_first, + kcm_get_cache_next_api, + kcm_end_cache_get, + kcm_move, + kcm_get_default_name_api, + kcm_set_default, kcm_lastchange }; + krb5_boolean _krb5_kcm_is_running(krb5_context context) { @@ -979,14 +1189,13 @@ _krb5_kcm_noop(krb5_context context, krb5_ccache id) { krb5_error_code ret; - krb5_kcmcache *k = KCMCACHE(id); krb5_storage *request; - ret = kcm_storage_request(context, KCM_OP_NOOP, &request); + ret = krb5_kcm_storage_request(context, KCM_OP_NOOP, &request); if (ret) return ret; - ret = kcm_call(context, k, request, NULL, NULL); + ret = krb5_kcm_call(context, request, NULL, NULL); krb5_storage_free(request); return ret; @@ -1010,7 +1219,7 @@ _krb5_kcm_chmod(krb5_context context, krb5_kcmcache *k = KCMCACHE(id); krb5_storage *request; - ret = kcm_storage_request(context, KCM_OP_CHMOD, &request); + ret = krb5_kcm_storage_request(context, KCM_OP_CHMOD, &request); if (ret) return ret; @@ -1026,7 +1235,7 @@ _krb5_kcm_chmod(krb5_context context, return ret; } - ret = kcm_call(context, k, request, NULL, NULL); + ret = krb5_kcm_call(context, request, NULL, NULL); krb5_storage_free(request); return ret; @@ -1052,7 +1261,7 @@ _krb5_kcm_chown(krb5_context context, krb5_kcmcache *k = KCMCACHE(id); krb5_storage *request; - ret = kcm_storage_request(context, KCM_OP_CHOWN, &request); + ret = krb5_kcm_storage_request(context, KCM_OP_CHOWN, &request); if (ret) return ret; @@ -1074,7 +1283,7 @@ _krb5_kcm_chown(krb5_context context, return ret; } - ret = kcm_call(context, k, request, NULL, NULL); + ret = krb5_kcm_call(context, request, NULL, NULL); krb5_storage_free(request); return ret; @@ -1101,7 +1310,7 @@ _krb5_kcm_get_initial_ticket(krb5_context context, krb5_error_code ret; krb5_storage *request; - ret = kcm_storage_request(context, KCM_OP_GET_INITIAL_TICKET, &request); + ret = krb5_kcm_storage_request(context, KCM_OP_GET_INITIAL_TICKET, &request); if (ret) return ret; @@ -1131,7 +1340,7 @@ _krb5_kcm_get_initial_ticket(krb5_context context, return ret; } - ret = kcm_call(context, k, request, NULL, NULL); + ret = krb5_kcm_call(context, request, NULL, NULL); krb5_storage_free(request); return ret; @@ -1159,7 +1368,7 @@ _krb5_kcm_get_ticket(krb5_context context, krb5_kcmcache *k = KCMCACHE(id); krb5_storage *request; - ret = kcm_storage_request(context, KCM_OP_GET_TICKET, &request); + ret = krb5_kcm_storage_request(context, KCM_OP_GET_TICKET, &request); if (ret) return ret; @@ -1187,7 +1396,7 @@ _krb5_kcm_get_ticket(krb5_context context, return ret; } - ret = kcm_call(context, k, request, NULL, NULL); + ret = krb5_kcm_call(context, request, NULL, NULL); krb5_storage_free(request); return ret; diff --git a/source4/heimdal/lib/krb5/keyblock.c b/source4/heimdal/lib/krb5/keyblock.c index 046caee6d6..2d57e301d5 100644 --- a/source4/heimdal/lib/krb5/keyblock.c +++ b/source4/heimdal/lib/krb5/keyblock.c @@ -41,7 +41,7 @@ * @ingroup krb5_crypto */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_keyblock_zero(krb5_keyblock *keyblock) { keyblock->keytype = 0; @@ -57,7 +57,7 @@ krb5_keyblock_zero(krb5_keyblock *keyblock) * @ingroup krb5_crypto */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_keyblock_contents(krb5_context context, krb5_keyblock *keyblock) { @@ -79,7 +79,7 @@ krb5_free_keyblock_contents(krb5_context context, * @ingroup krb5_crypto */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_keyblock(krb5_context context, krb5_keyblock *keyblock) { @@ -102,7 +102,7 @@ krb5_free_keyblock(krb5_context context, * @ingroup krb5_crypto */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_keyblock_contents (krb5_context context, const krb5_keyblock *inblock, krb5_keyblock *to) @@ -124,7 +124,7 @@ krb5_copy_keyblock_contents (krb5_context context, */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_keyblock (krb5_context context, const krb5_keyblock *inblock, krb5_keyblock **to) @@ -170,7 +170,7 @@ krb5_keyblock_get_enctype(const krb5_keyblock *block) * @ingroup krb5_crypto */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_keyblock_init(krb5_context context, krb5_enctype type, const void *data, diff --git a/source4/heimdal/lib/krb5/keytab.c b/source4/heimdal/lib/krb5/keytab.c index fcc74e847e..79b079a056 100644 --- a/source4/heimdal/lib/krb5/keytab.c +++ b/source4/heimdal/lib/krb5/keytab.c @@ -143,7 +143,7 @@ main (int argc, char **argv) * @ingroup krb5_keytab */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_register(krb5_context context, const krb5_kt_ops *ops) { @@ -183,7 +183,7 @@ krb5_kt_register(krb5_context context, */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_resolve(krb5_context context, const char *name, krb5_keytab *id) @@ -244,7 +244,7 @@ krb5_kt_resolve(krb5_context context, * @ingroup krb5_keytab */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_default_name(krb5_context context, char *name, size_t namesize) { if (strlcpy (name, context->default_keytab, namesize) >= namesize) { @@ -266,7 +266,7 @@ krb5_kt_default_name(krb5_context context, char *name, size_t namesize) * @ingroup krb5_keytab */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_default_modify_name(krb5_context context, char *name, size_t namesize) { const char *kt = NULL; @@ -303,7 +303,7 @@ krb5_kt_default_modify_name(krb5_context context, char *name, size_t namesize) * @ingroup krb5_keytab */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_default(krb5_context context, krb5_keytab *id) { return krb5_kt_resolve (context, context->default_keytab, id); @@ -325,7 +325,7 @@ krb5_kt_default(krb5_context context, krb5_keytab *id) * @ingroup krb5_keytab */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_read_service_key(krb5_context context, krb5_pointer keyprocarg, krb5_principal principal, @@ -368,7 +368,7 @@ krb5_kt_read_service_key(krb5_context context, * @ingroup krb5_keytab */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_get_type(krb5_context context, krb5_keytab keytab, char *prefix, @@ -391,7 +391,7 @@ krb5_kt_get_type(krb5_context context, * @ingroup krb5_keytab */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_get_name(krb5_context context, krb5_keytab keytab, char *name, @@ -414,7 +414,7 @@ krb5_kt_get_name(krb5_context context, * @ingroup krb5_keytab */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_get_full_name(krb5_context context, krb5_keytab keytab, char **str) @@ -454,7 +454,7 @@ krb5_kt_get_full_name(krb5_context context, * @ingroup krb5_keytab */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_close(krb5_context context, krb5_keytab id) { @@ -478,7 +478,7 @@ krb5_kt_close(krb5_context context, * @ingroup krb5_keytab */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_destroy(krb5_context context, krb5_keytab id) { @@ -523,7 +523,7 @@ compare_aliseses(krb5_context context, * @ingroup krb5_keytab */ -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_kt_compare(krb5_context context, krb5_keytab_entry *entry, krb5_const_principal principal, @@ -590,7 +590,7 @@ _krb5_kt_principal_not_found(krb5_context context, * @ingroup krb5_keytab */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_get_entry(krb5_context context, krb5_keytab id, krb5_const_principal principal, @@ -651,7 +651,7 @@ krb5_kt_get_entry(krb5_context context, * @ingroup krb5_keytab */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_copy_entry_contents(krb5_context context, const krb5_keytab_entry *in, krb5_keytab_entry *out) @@ -687,7 +687,7 @@ fail: * @ingroup krb5_keytab */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_free_entry(krb5_context context, krb5_keytab_entry *entry) { @@ -709,7 +709,7 @@ krb5_kt_free_entry(krb5_context context, * @ingroup krb5_keytab */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_start_seq_get(krb5_context context, krb5_keytab id, krb5_kt_cursor *cursor) @@ -738,7 +738,7 @@ krb5_kt_start_seq_get(krb5_context context, * @ingroup krb5_keytab */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_next_entry(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry, @@ -766,7 +766,7 @@ krb5_kt_next_entry(krb5_context context, * @ingroup krb5_keytab */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_end_seq_get(krb5_context context, krb5_keytab id, krb5_kt_cursor *cursor) @@ -792,7 +792,7 @@ krb5_kt_end_seq_get(krb5_context context, * @ingroup krb5_keytab */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_add_entry(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry) @@ -820,7 +820,7 @@ krb5_kt_add_entry(krb5_context context, * @ingroup krb5_keytab */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_remove_entry(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry) diff --git a/source4/heimdal/lib/krb5/krb5-v4compat.h b/source4/heimdal/lib/krb5/krb5-v4compat.h index dde5fa9cad..324c8c1d3c 100644 --- a/source4/heimdal/lib/krb5/krb5-v4compat.h +++ b/source4/heimdal/lib/krb5/krb5-v4compat.h @@ -105,8 +105,12 @@ struct credentials { #define CLOCK_SKEW 5*60 #ifndef TKT_ROOT +#ifdef KRB5_USE_PATH_TOKENS +#define TKT_ROOT "%{TEMP}/tkt" +#else #define TKT_ROOT "/tmp/tkt" #endif +#endif struct _krb5_krb_auth_data { int8_t k_flags; /* Flags from ticket */ @@ -120,11 +124,18 @@ struct _krb5_krb_auth_data { uint32_t address; /* Address in ticket */ }; -time_t _krb5_krb_life_to_time (int, int); -int _krb5_krb_time_to_life (time_t, time_t); -krb5_error_code _krb5_krb_tf_setup (krb5_context, struct credentials *, - const char *, int); -krb5_error_code _krb5_krb_dest_tkt(krb5_context, const char *); +KRB5_LIB_FUNCTION time_t KRB5_LIB_CALL +_krb5_krb_life_to_time (int, int); + +KRB5_LIB_FUNCTION int KRB5_LIB_CALL +_krb5_krb_time_to_life (time_t, time_t); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_krb_tf_setup (krb5_context, struct credentials *, + const char *, int); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_krb_dest_tkt(krb5_context, const char *); #define krb_time_to_life _krb5_krb_time_to_life #define krb_life_to_time _krb5_krb_life_to_time diff --git a/source4/heimdal/lib/krb5/krb5.h b/source4/heimdal/lib/krb5/krb5.h index 1f2e769728..c810b8bc74 100644 --- a/source4/heimdal/lib/krb5/krb5.h +++ b/source4/heimdal/lib/krb5/krb5.h @@ -3,6 +3,8 @@ * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -301,7 +303,15 @@ typedef AP_REQ krb5_ap_req; struct krb5_cc_ops; +#ifdef _WIN32 +#define KRB5_USE_PATH_TOKENS 1 +#endif + +#ifdef KRB5_USE_PATH_TOKENS +#define KRB5_DEFAULT_CCFILE_ROOT "%{TEMP}/krb5cc_" +#else #define KRB5_DEFAULT_CCFILE_ROOT "/tmp/krb5cc_" +#endif #define KRB5_DEFAULT_CCROOT "FILE:" KRB5_DEFAULT_CCFILE_ROOT @@ -311,7 +321,7 @@ struct krb5_cc_ops; NULL) typedef void *krb5_cc_cursor; -typedef struct krb5_cccol_cursor *krb5_cccol_cursor; +typedef struct krb5_cccol_cursor_data *krb5_cccol_cursor; typedef struct krb5_ccache_data { const struct krb5_cc_ops *ops; @@ -412,7 +422,7 @@ typedef struct krb5_creds { typedef struct krb5_cc_cache_cursor_data *krb5_cc_cache_cursor; -#define KRB5_CC_OPS_VERSION 2 +#define KRB5_CC_OPS_VERSION 3 typedef struct krb5_cc_ops { int version; @@ -442,6 +452,8 @@ typedef struct krb5_cc_ops { krb5_error_code (*get_default_name)(krb5_context, char **); krb5_error_code (*set_default)(krb5_context, krb5_ccache); krb5_error_code (*lastchange)(krb5_context, krb5_ccache, krb5_timestamp *); + krb5_error_code (*set_kdc_offset)(krb5_context, krb5_ccache, krb5_deltat); + krb5_error_code (*get_kdc_offset)(krb5_context, krb5_ccache, krb5_deltat *); } krb5_cc_ops; struct krb5_log_facility; @@ -834,6 +846,7 @@ extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_acc_ops; extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_fcc_ops; extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_mcc_ops; extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_kcm_ops; +extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_akcm_ops; extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_scc_ops; extern KRB5_LIB_VARIABLE const krb5_kt_ops krb5_fkt_ops; diff --git a/source4/heimdal/lib/krb5/krb5_locl.h b/source4/heimdal/lib/krb5/krb5_locl.h index d436215769..6acaa2c66b 100644 --- a/source4/heimdal/lib/krb5/krb5_locl.h +++ b/source4/heimdal/lib/krb5/krb5_locl.h @@ -3,6 +3,8 @@ * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -45,6 +47,8 @@ #include <stdlib.h> #include <limits.h> +#include <krb5-types.h> + #ifdef HAVE_SYS_TYPES_H #include <sys/types.h> #endif @@ -114,6 +118,8 @@ struct sockaddr_dl; #include <sys/file.h> #endif +#include <com_err.h> + #define HEIMDAL_TEXTDOMAIN "heimdal_krb5" #ifdef LIBINTL @@ -136,8 +142,6 @@ struct sockaddr_dl; #include <door.h> #endif -#include <com_err.h> - #include <roken.h> #include <parse_time.h> #include <base64.h> @@ -183,6 +187,7 @@ struct _krb5_krb_auth_data; #define KEYTAB_DEFAULT "FILE:" SYSCONFDIR "/krb5.keytab" #define KEYTAB_DEFAULT_MODIFY "FILE:" SYSCONFDIR "/krb5.keytab" + #define MODULI_FILE SYSCONFDIR "/krb5.moduli" #ifndef O_BINARY @@ -219,6 +224,7 @@ struct _krb5_get_init_creds_opt_private { int flags; #define KRB5_INIT_CREDS_CANONICALIZE 1 #define KRB5_INIT_CREDS_NO_C_CANON_CHECK 2 +#define KRB5_INIT_CREDS_NO_C_NO_EKU_CHECK 4 struct { krb5_gic_process_last_req func; void *ctx; @@ -267,20 +273,27 @@ typedef struct krb5_context_data { #define KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME 1 #define KRB5_CTX_F_CHECK_PAC 2 #define KRB5_CTX_F_HOMEDIR_ACCESS 4 +#define KRB5_CTX_F_SOCKETS_INITIALIZED 8 struct send_to_kdc *send_to_kdc; #ifdef PKINIT hx509_context hx509ctx; #endif } krb5_context_data; +#ifndef KRB5_USE_PATH_TOKENS #define KRB5_DEFAULT_CCNAME_FILE "FILE:/tmp/krb5cc_%{uid}" +#else +#define KRB5_DEFAULT_CCNAME_FILE "FILE:%{TEMP}/krb5cc_%{uid}" +#endif #define KRB5_DEFAULT_CCNAME_API "API:" -#define KRB5_DEFAULT_CCNAME_KCM "KCM:%{uid}" +#define KRB5_DEFAULT_CCNAME_KCM_KCM "KCM:%{uid}" +#define KRB5_DEFAULT_CCNAME_KCM_API "API:%{uid}" #define EXTRACT_TICKET_ALLOW_CNAME_MISMATCH 1 #define EXTRACT_TICKET_ALLOW_SERVER_MISMATCH 2 #define EXTRACT_TICKET_MATCH_REALM 4 #define EXTRACT_TICKET_AS_REQ 8 +#define EXTRACT_TICKET_TIMESYNC 16 /* * Configurable options @@ -298,6 +311,10 @@ typedef struct krb5_context_data { #define KRB5_ADDRESSLESS_DEFAULT TRUE #endif +#ifndef KRB5_FORWARDABLE_DEFAULT +#define KRB5_FORWARDABLE_DEFAULT TRUE +#endif + #ifdef PKINIT struct krb5_pk_identity { @@ -307,6 +324,8 @@ struct krb5_pk_identity { hx509_certs anchors; hx509_certs certpool; hx509_revoke_ctx revokectx; + int flags; +#define PKINIT_BTMM 1 }; enum krb5_pk_type { diff --git a/source4/heimdal/lib/krb5/krbhst.c b/source4/heimdal/lib/krb5/krbhst.c index 4e4b4562e5..3bb00d287d 100644 --- a/source4/heimdal/lib/krb5/krbhst.c +++ b/source4/heimdal/lib/krb5/krbhst.c @@ -320,7 +320,7 @@ append_host_string(krb5_context context, struct krb5_krbhst_data *kd, * return a readable representation of `host' in `hostname, hostlen' */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_krbhst_format_string(krb5_context context, const krb5_krbhst_info *host, char *hostname, size_t hostlen) { @@ -361,7 +361,7 @@ make_hints(struct addrinfo *hints, int proto) * in `host'. free:ing is handled by krb5_krbhst_free. */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_krbhst_get_addrinfo(krb5_context context, krb5_krbhst_info *host, struct addrinfo **ai) { @@ -857,7 +857,7 @@ common_init(krb5_context context, * initialize `handle' to look for hosts of type `type' in realm `realm' */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_krbhst_init(krb5_context context, const char *realm, unsigned int type, @@ -866,7 +866,7 @@ krb5_krbhst_init(krb5_context context, return krb5_krbhst_init_flags(context, realm, type, 0, handle); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_krbhst_init_flags(krb5_context context, const char *realm, unsigned int type, @@ -919,7 +919,7 @@ krb5_krbhst_init_flags(krb5_context context, * return the next host information from `handle' in `host' */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_krbhst_next(krb5_context context, krb5_krbhst_handle handle, krb5_krbhst_info **host) @@ -935,7 +935,7 @@ krb5_krbhst_next(krb5_context context, * in `hostname' (or length `hostlen) */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_krbhst_next_as_string(krb5_context context, krb5_krbhst_handle handle, char *hostname, @@ -950,13 +950,13 @@ krb5_krbhst_next_as_string(krb5_context context, } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_krbhst_reset(krb5_context context, krb5_krbhst_handle handle) { handle->index = &handle->hosts; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_krbhst_free(krb5_context context, krb5_krbhst_handle handle) { krb5_krbhst_info *h, *next; @@ -1021,7 +1021,7 @@ gethostlist(krb5_context context, const char *realm, * return an malloced list of kadmin-hosts for `realm' in `hostlist' */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_krb_admin_hst (krb5_context context, const krb5_realm *realm, char ***hostlist) @@ -1033,7 +1033,7 @@ krb5_get_krb_admin_hst (krb5_context context, * return an malloced list of changepw-hosts for `realm' in `hostlist' */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_krb_changepw_hst (krb5_context context, const krb5_realm *realm, char ***hostlist) @@ -1045,7 +1045,7 @@ krb5_get_krb_changepw_hst (krb5_context context, * return an malloced list of 524-hosts for `realm' in `hostlist' */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_krb524hst (krb5_context context, const krb5_realm *realm, char ***hostlist) @@ -1058,7 +1058,7 @@ krb5_get_krb524hst (krb5_context context, * return an malloced list of KDC's for `realm' in `hostlist' */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_krbhst (krb5_context context, const krb5_realm *realm, char ***hostlist) @@ -1070,7 +1070,7 @@ krb5_get_krbhst (krb5_context context, * free all the memory allocated in `hostlist' */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_krbhst (krb5_context context, char **hostlist) { diff --git a/source4/heimdal/lib/krb5/log.c b/source4/heimdal/lib/krb5/log.c index 9f81460973..55c70fc96a 100644 --- a/source4/heimdal/lib/krb5/log.c +++ b/source4/heimdal/lib/krb5/log.c @@ -3,6 +3,8 @@ * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -113,7 +115,7 @@ find_value(const char *s, struct s2i *table) return table->val; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_initlog(krb5_context context, const char *program, krb5_log_facility **fac) @@ -135,7 +137,7 @@ krb5_initlog(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_addlog_func(krb5_context context, krb5_log_facility *fac, int min, @@ -268,7 +270,7 @@ open_file(krb5_context context, krb5_log_facility *fac, int min, int max, -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *orig) { krb5_error_code ret = 0; @@ -359,7 +361,7 @@ krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *orig) } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_openlog(krb5_context context, const char *program, krb5_log_facility **fac) @@ -383,7 +385,7 @@ krb5_openlog(krb5_context context, return ret; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_closelog(krb5_context context, krb5_log_facility *fac) { @@ -402,7 +404,7 @@ krb5_closelog(krb5_context context, #undef __attribute__ #define __attribute__(X) -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_vlog_msg(krb5_context context, krb5_log_facility *fac, char **reply, @@ -441,7 +443,7 @@ krb5_vlog_msg(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_vlog(krb5_context context, krb5_log_facility *fac, int level, @@ -452,7 +454,7 @@ krb5_vlog(krb5_context context, return krb5_vlog_msg(context, fac, NULL, level, fmt, ap); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_log_msg(krb5_context context, krb5_log_facility *fac, int level, @@ -471,7 +473,7 @@ krb5_log_msg(krb5_context context, } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_log(krb5_context context, krb5_log_facility *fac, int level, @@ -504,3 +506,11 @@ _krb5_debug(krb5_context context, krb5_vlog(context, context->debug_dest, level, fmt, ap); va_end(ap); } + +krb5_boolean KRB5_LIB_FUNCTION +_krb5_have_debug(krb5_context context, int level) +{ + if (context == NULL || context->debug_dest == NULL) + return 0 ; + return 1; +} diff --git a/source4/heimdal/lib/krb5/mcache.c b/source4/heimdal/lib/krb5/mcache.c index 78ef68db3d..cdafc67bae 100644 --- a/source4/heimdal/lib/krb5/mcache.c +++ b/source4/heimdal/lib/krb5/mcache.c @@ -3,6 +3,8 @@ * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -44,6 +46,7 @@ typedef struct krb5_mcache { } *creds; struct krb5_mcache *next; time_t mtime; + krb5_deltat kdc_offset; } krb5_mcache; static HEIMDAL_MUTEX mcc_mutex = HEIMDAL_MUTEX_INITIALIZER; @@ -93,6 +96,7 @@ mcc_alloc(const char *name) m->primary_principal = NULL; m->creds = NULL; m->mtime = time(NULL); + m->kdc_offset = 0; m->next = mcc_head; mcc_head = m; HEIMDAL_MUTEX_unlock(&mcc_mutex); @@ -462,6 +466,22 @@ mcc_lastchange(krb5_context context, krb5_ccache id, krb5_timestamp *mtime) return 0; } +static krb5_error_code +mcc_set_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat kdc_offset) +{ + krb5_mcache *m = MCACHE(id); + m->kdc_offset = kdc_offset; + return 0; +} + +static krb5_error_code +mcc_get_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat *kdc_offset) +{ + krb5_mcache *m = MCACHE(id); + *kdc_offset = m->kdc_offset; + return 0; +} + /** * Variable containing the MEMORY based credential cache implemention. @@ -493,5 +513,7 @@ KRB5_LIB_VARIABLE const krb5_cc_ops krb5_mcc_ops = { mcc_move, mcc_default_name, NULL, - mcc_lastchange + mcc_lastchange, + mcc_set_kdc_offset, + mcc_get_kdc_offset }; diff --git a/source4/heimdal/lib/krb5/misc.c b/source4/heimdal/lib/krb5/misc.c index e47383880c..b76c1b584d 100644 --- a/source4/heimdal/lib/krb5/misc.c +++ b/source4/heimdal/lib/krb5/misc.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_s4u2self_to_checksumdata(krb5_context context, const PA_S4U2Self *self, krb5_data *data) diff --git a/source4/heimdal/lib/krb5/mit_glue.c b/source4/heimdal/lib/krb5/mit_glue.c index dab5c6046a..0ff3d7f3c6 100644 --- a/source4/heimdal/lib/krb5/mit_glue.c +++ b/source4/heimdal/lib/krb5/mit_glue.c @@ -41,7 +41,7 @@ * Glue for MIT API */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_make_checksum(krb5_context context, krb5_cksumtype cksumtype, const krb5_keyblock *key, @@ -63,7 +63,7 @@ krb5_c_make_checksum(krb5_context context, return ret ; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_verify_checksum(krb5_context context, const krb5_keyblock *key, krb5_keyusage usage, const krb5_data *data, const krb5_checksum *cksum, krb5_boolean *valid) @@ -80,7 +80,7 @@ krb5_c_verify_checksum(krb5_context context, const krb5_keyblock *key, if (data_cksum.cksumtype == cksum->cksumtype && data_cksum.checksum.length == cksum->checksum.length - && memcmp(data_cksum.checksum.data, cksum->checksum.data, cksum->checksum.length) == 0) + && ct_memcmp(data_cksum.checksum.data, cksum->checksum.data, cksum->checksum.length) == 0) *valid = 1; krb5_free_checksum_contents(context, &data_cksum); @@ -88,7 +88,7 @@ krb5_c_verify_checksum(krb5_context context, const krb5_keyblock *key, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_get_checksum(krb5_context context, const krb5_checksum *cksum, krb5_cksumtype *type, krb5_data **data) { @@ -111,7 +111,7 @@ krb5_c_get_checksum(krb5_context context, const krb5_checksum *cksum, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_set_checksum(krb5_context context, krb5_checksum *cksum, krb5_cksumtype type, const krb5_data *data) { @@ -119,51 +119,51 @@ krb5_c_set_checksum(krb5_context context, krb5_checksum *cksum, return der_copy_octet_string(data, &cksum->checksum); } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_checksum (krb5_context context, krb5_checksum *cksum) { krb5_checksum_free(context, cksum); free(cksum); } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_checksum_contents(krb5_context context, krb5_checksum *cksum) { krb5_checksum_free(context, cksum); memset(cksum, 0, sizeof(*cksum)); } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_checksum_free(krb5_context context, krb5_checksum *cksum) { free_Checksum(cksum); } -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_c_valid_enctype (krb5_enctype etype) { return krb5_enctype_valid(NULL, etype); } -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_c_valid_cksumtype(krb5_cksumtype ctype) { return krb5_cksumtype_valid(NULL, ctype); } -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_c_is_coll_proof_cksum(krb5_cksumtype ctype) { return krb5_checksum_is_collision_proof(NULL, ctype); } -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_c_is_keyed_cksum(krb5_cksumtype ctype) { return krb5_checksum_is_keyed(NULL, ctype); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_checksum (krb5_context context, const krb5_checksum *old, krb5_checksum **new) @@ -174,14 +174,14 @@ krb5_copy_checksum (krb5_context context, return copy_Checksum(old, *new); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_checksum_length (krb5_context context, krb5_cksumtype cksumtype, size_t *length) { return krb5_checksumsize(context, cksumtype, length); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_block_size(krb5_context context, krb5_enctype enctype, size_t *blocksize) @@ -204,7 +204,7 @@ krb5_c_block_size(krb5_context context, return ret; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_decrypt(krb5_context context, const krb5_keyblock key, krb5_keyusage usage, @@ -244,7 +244,7 @@ krb5_c_decrypt(krb5_context context, return ret ; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_encrypt(krb5_context context, const krb5_keyblock *key, krb5_keyusage usage, @@ -286,7 +286,7 @@ krb5_c_encrypt(krb5_context context, return ret ; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_encrypt_length(krb5_context context, krb5_enctype enctype, size_t inputlen, @@ -311,18 +311,24 @@ krb5_c_encrypt_length(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +/** + * Deprecated: keytypes doesn't exists, they are really enctypes. + * + * @ingroup krb5_deprecated + */ + +KRB5_DEPRECATED +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_enctype_compare(krb5_context context, krb5_enctype e1, krb5_enctype e2, krb5_boolean *similar) - KRB5_DEPRECATED { *similar = (e1 == e2); return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_make_random_key(krb5_context context, krb5_enctype enctype, krb5_keyblock *random_key) @@ -330,7 +336,7 @@ krb5_c_make_random_key(krb5_context context, return krb5_generate_random_keyblock(context, enctype, random_key); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_keylengths(krb5_context context, krb5_enctype enctype, size_t *ilen, @@ -345,7 +351,7 @@ krb5_c_keylengths(krb5_context context, return krb5_enctype_keysize(context, enctype, keylen); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_prf_length(krb5_context context, krb5_enctype type, size_t *length) @@ -353,7 +359,7 @@ krb5_c_prf_length(krb5_context context, return krb5_crypto_prf_length(context, type, length); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_prf(krb5_context context, const krb5_keyblock *key, const krb5_data *input, @@ -378,7 +384,7 @@ krb5_c_prf(krb5_context context, * @ingroup krb5_ccache */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_copy_creds(krb5_context context, const krb5_ccache from, krb5_ccache to) diff --git a/source4/heimdal/lib/krb5/mk_error.c b/source4/heimdal/lib/krb5/mk_error.c index 0de30e4ddb..a837b5e290 100644 --- a/source4/heimdal/lib/krb5/mk_error.c +++ b/source4/heimdal/lib/krb5/mk_error.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_mk_error(krb5_context context, krb5_error_code error_code, const char *e_text, diff --git a/source4/heimdal/lib/krb5/mk_priv.c b/source4/heimdal/lib/krb5/mk_priv.c index 40f09ae33f..833821341d 100644 --- a/source4/heimdal/lib/krb5/mk_priv.c +++ b/source4/heimdal/lib/krb5/mk_priv.c @@ -31,9 +31,9 @@ * SUCH DAMAGE. */ -#include <krb5_locl.h> +#include "krb5_locl.h" -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_mk_priv(krb5_context context, krb5_auth_context auth_context, const krb5_data *userdata, diff --git a/source4/heimdal/lib/krb5/mk_rep.c b/source4/heimdal/lib/krb5/mk_rep.c index 8eef0ea652..2b9c3fbdbb 100644 --- a/source4/heimdal/lib/krb5/mk_rep.c +++ b/source4/heimdal/lib/krb5/mk_rep.c @@ -31,9 +31,9 @@ * SUCH DAMAGE. */ -#include <krb5_locl.h> +#include "krb5_locl.h" -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_mk_rep(krb5_context context, krb5_auth_context auth_context, krb5_data *outbuf) diff --git a/source4/heimdal/lib/krb5/mk_req.c b/source4/heimdal/lib/krb5/mk_req.c index c87fa61293..44e6c8b68a 100644 --- a/source4/heimdal/lib/krb5/mk_req.c +++ b/source4/heimdal/lib/krb5/mk_req.c @@ -31,9 +31,9 @@ * SUCH DAMAGE. */ -#include <krb5_locl.h> +#include "krb5_locl.h" -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_mk_req_exact(krb5_context context, krb5_auth_context *auth_context, const krb5_flags ap_req_options, @@ -77,7 +77,7 @@ krb5_mk_req_exact(krb5_context context, return ret; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_mk_req(krb5_context context, krb5_auth_context *auth_context, const krb5_flags ap_req_options, diff --git a/source4/heimdal/lib/krb5/mk_req_ext.c b/source4/heimdal/lib/krb5/mk_req_ext.c index 03fc93b02f..af68e4e195 100644 --- a/source4/heimdal/lib/krb5/mk_req_ext.c +++ b/source4/heimdal/lib/krb5/mk_req_ext.c @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -#include <krb5_locl.h> +#include "krb5_locl.h" krb5_error_code _krb5_mk_req_internal(krb5_context context, @@ -143,7 +143,7 @@ out: return ret; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_mk_req_extended(krb5_context context, krb5_auth_context *auth_context, const krb5_flags ap_req_options, diff --git a/source4/heimdal/lib/krb5/n-fold.c b/source4/heimdal/lib/krb5/n-fold.c index 0623f6aae1..f94a1ea125 100644 --- a/source4/heimdal/lib/krb5/n-fold.c +++ b/source4/heimdal/lib/krb5/n-fold.c @@ -96,7 +96,7 @@ add1(unsigned char *a, unsigned char *b, size_t len) } } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_n_fold(const void *str, size_t len, void *key, size_t size) { /* if len < size we need at most N * len bytes, ie < 2 * size; diff --git a/source4/heimdal/lib/krb5/padata.c b/source4/heimdal/lib/krb5/padata.c index aa08248ed1..283a857df5 100644 --- a/source4/heimdal/lib/krb5/padata.c +++ b/source4/heimdal/lib/krb5/padata.c @@ -42,7 +42,7 @@ krb5_find_padata(PA_DATA *val, unsigned len, int type, int *idx) return NULL; } -int KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_padata_add(krb5_context context, METHOD_DATA *md, int type, void *buf, size_t len) { diff --git a/source4/heimdal/lib/krb5/pkinit.c b/source4/heimdal/lib/krb5/pkinit.c index 341f6a3ee9..6711c7702f 100644 --- a/source4/heimdal/lib/krb5/pkinit.c +++ b/source4/heimdal/lib/krb5/pkinit.c @@ -3,6 +3,8 @@ * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -89,7 +91,7 @@ pk_copy_error(krb5_context context, * */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL _krb5_pk_cert_free(struct krb5_pk_cert *cert) { if (cert->cert) { @@ -180,18 +182,26 @@ static krb5_error_code find_cert(krb5_context context, struct krb5_pk_identity *id, hx509_query *q, hx509_cert *cert) { - struct certfind cf[3] = { + struct certfind cf[4] = { + { "MobileMe EKU" }, { "PKINIT EKU" }, { "MS EKU" }, { "any (or no)" } }; - int i, ret; + int i, ret, start = 1; + unsigned oids[] = { 1, 2, 840, 113635, 100, 3, 2, 1 }; + const heim_oid mobileMe = { sizeof(oids)/sizeof(oids[0]), oids }; + + + if (id->flags & PKINIT_BTMM) + start = 0; - cf[0].oid = &asn1_oid_id_pkekuoid; - cf[1].oid = &asn1_oid_id_pkinit_ms_eku; - cf[2].oid = NULL; + cf[0].oid = &mobileMe; + cf[1].oid = &asn1_oid_id_pkekuoid; + cf[2].oid = &asn1_oid_id_pkinit_ms_eku; + cf[3].oid = NULL; - for (i = 0; i < sizeof(cf)/sizeof(cf[0]); i++) { + for (i = start; i < sizeof(cf)/sizeof(cf[0]); i++) { ret = hx509_query_match_eku(q, cf[i].oid); if (ret) { pk_copy_error(context, context->hx509ctx, ret, @@ -344,7 +354,7 @@ build_edi(krb5_context context, hx509_certs certs, ExternalPrincipalIdentifiers *ids) { - return hx509_certs_iter(hx509ctx, certs, cert2epi, ids); + return hx509_certs_iter_f(hx509ctx, certs, cert2epi, ids); } static krb5_error_code @@ -607,7 +617,7 @@ build_auth_pack(krb5_context context, return ret; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_pk_mk_ContentInfo(krb5_context context, const krb5_data *buf, const heim_oid *oid, @@ -797,9 +807,11 @@ pk_mk_padata(krb5_context context, } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_pk_mk_padata(krb5_context context, void *c, + int ic_flags, + int win2k, const KDC_REQ_BODY *req_body, unsigned nonce, METHOD_DATA *md) @@ -814,7 +826,7 @@ _krb5_pk_mk_padata(krb5_context context, } win2k_compat = krb5_config_get_bool_default(context, NULL, - FALSE, + win2k, "realms", req_body->realm, "pkinit_win2k", @@ -823,7 +835,7 @@ _krb5_pk_mk_padata(krb5_context context, if (win2k_compat) { ctx->require_binding = krb5_config_get_bool_default(context, NULL, - FALSE, + TRUE, "realms", req_body->realm, "pkinit_win2k_require_binding", @@ -839,6 +851,11 @@ _krb5_pk_mk_padata(krb5_context context, req_body->realm, "pkinit_require_eku", NULL); + if (ic_flags & KRB5_INIT_CREDS_NO_C_NO_EKU_CHECK) + ctx->require_eku = 0; + if (ctx->id->flags & PKINIT_BTMM) + ctx->require_eku = 0; + ctx->require_krbtgt_otherName = krb5_config_get_bool_default(context, NULL, TRUE, @@ -876,13 +893,20 @@ pk_verify_sign(krb5_context context, struct krb5_pk_cert **signer) { hx509_certs signer_certs; - int ret; + int ret, flags = 0; + + /* BTMM is broken in Leo and SnowLeo */ + if (id->flags & PKINIT_BTMM) { + flags |= HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH; + flags |= HX509_CMS_VS_NO_KU_CHECK; + flags |= HX509_CMS_VS_NO_VALIDATE; + } *signer = NULL; ret = hx509_cms_verify_signed(context->hx509ctx, id->verify_ctx, - HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH|HX509_CMS_VS_NO_KU_CHECK, + flags, data, length, NULL, @@ -1510,7 +1534,7 @@ pk_rd_pa_reply_dh(krb5_context context, return ret; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_pk_rd_pa_reply(krb5_context context, const char *realm, void *c, @@ -1549,9 +1573,11 @@ _krb5_pk_rd_pa_reply(krb5_context context, switch (rep.element) { case choice_PA_PK_AS_REP_dhInfo: + _krb5_debug(context, 5, "krb5_get_init_creds: using pkinit dh"); os = rep.u.dhInfo.dhSignedData; break; case choice_PA_PK_AS_REP_encKeyPack: + _krb5_debug(context, 5, "krb5_get_init_creds: using kinit enc reply key"); os = rep.u.encKeyPack; break; default: { @@ -1559,6 +1585,8 @@ _krb5_pk_rd_pa_reply(krb5_context context, free_PA_PK_AS_REP(&rep); memset(&rep, 0, sizeof(rep)); + _krb5_debug(context, 5, "krb5_get_init_creds: using BTMM kinit enc reply key"); + ret = decode_PA_PK_AS_REP_BTMM(pa->padata_value.data, pa->padata_value.length, &btmm, @@ -1727,6 +1755,7 @@ hx_pass_prompter(void *data, const hx509_prompt *prompter) static krb5_error_code _krb5_pk_set_user_id(krb5_context context, + krb5_principal principal, krb5_pk_init_ctx ctx, struct hx509_certs_data *certs) { @@ -1754,13 +1783,50 @@ _krb5_pk_set_user_id(krb5_context context, hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY); hx509_query_match_option(q, HX509_QUERY_OPTION_KU_DIGITALSIGNATURE); + if (principal && strncmp("LKDC:SHA1.", krb5_principal_get_realm(context, principal), 9) == 0) { + ctx->id->flags |= PKINIT_BTMM; + } + ret = find_cert(context, ctx->id, q, &ctx->id->cert); hx509_query_free(context->hx509ctx, q); + if (ret == 0 && _krb5_have_debug(context, 2)) { + hx509_name name; + char *str, *sn; + heim_integer i; + + ret = hx509_cert_get_subject(ctx->id->cert, &name); + if (ret) + goto out; + + ret = hx509_name_to_string(name, &str); + hx509_name_free(&name); + if (ret) + goto out; + + ret = hx509_cert_get_serialnumber(ctx->id->cert, &i); + if (ret) { + free(str); + goto out; + } + + ret = der_print_hex_heim_integer(&i, &sn); + der_free_heim_integer(&i); + if (ret) { + free(name); + goto out; + } + + _krb5_debug(context, 2, "using cert: subject: %s sn: %s", str, sn); + free(str); + free(sn); + } + out: + return ret; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_pk_load_id(krb5_context context, struct krb5_pk_identity **ret_id, const char *user_id, @@ -1893,7 +1959,6 @@ _krb5_pk_load_id(krb5_context context, hx509_certs_free(&id->anchors); hx509_certs_free(&id->certpool); hx509_revoke_free(&id->revokectx); - hx509_context_free(&context->hx509ctx); free(id); } else *ret_id = id; @@ -2225,7 +2290,7 @@ _krb5_dh_group_ok(krb5_context context, unsigned long bits, } #endif /* PKINIT */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL _krb5_get_init_creds_opt_free_pkinit(krb5_get_init_creds_opt *opt) { #ifdef PKINIT @@ -2269,7 +2334,7 @@ _krb5_get_init_creds_opt_free_pkinit(krb5_get_init_creds_opt *opt) #endif } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_opt_set_pkinit(krb5_context context, krb5_get_init_creds_opt *opt, krb5_principal principal, @@ -2344,6 +2409,7 @@ krb5_get_init_creds_opt_set_pkinit(krb5_context context, if (opt->opt_private->pk_init_ctx->id->certs) { _krb5_pk_set_user_id(context, + principal, opt->opt_private->pk_init_ctx, opt->opt_private->pk_init_ctx->id->certs); } else @@ -2404,7 +2470,7 @@ _krb5_get_init_creds_opt_set_pkinit_user_certs(krb5_context context, return EINVAL; } - _krb5_pk_set_user_id(context, opt->opt_private->pk_init_ctx, certs); + _krb5_pk_set_user_id(context, NULL, opt->opt_private->pk_init_ctx, certs); return 0; #else @@ -2461,7 +2527,7 @@ find_ms_san(hx509_context context, hx509_cert cert, void *ctx) * Private since it need to be redesigned using krb5_get_init_creds() */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_pk_enterprise_cert(krb5_context context, const char *user_id, krb5_const_realm realm, @@ -2480,7 +2546,7 @@ _krb5_pk_enterprise_cert(krb5_context context, *res = NULL; if (user_id == NULL) { - krb5_clear_error_message(context); + krb5_set_error_message(context, ENOENT, "no user id"); return ENOENT; } @@ -2488,14 +2554,14 @@ _krb5_pk_enterprise_cert(krb5_context context, if (ret) { pk_copy_error(context, context->hx509ctx, ret, "Failed to init cert certs"); - return ret; + goto out; } ret = hx509_query_alloc(context->hx509ctx, &q); if (ret) { krb5_set_error_message(context, ret, "out of memory"); hx509_certs_free(&certs); - return ret; + goto out; } hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY); diff --git a/source4/heimdal/lib/krb5/plugin.c b/source4/heimdal/lib/krb5/plugin.c index 027f2a72a7..aa71e29b39 100644 --- a/source4/heimdal/lib/krb5/plugin.c +++ b/source4/heimdal/lib/krb5/plugin.c @@ -205,7 +205,7 @@ load_plugins(krb5_context context) d = opendir(*di); if (d == NULL) continue; - rk_cloexec(dirfd(d)); + rk_cloexec_dir(d); while ((entry = readdir(d)) != NULL) { char *n = entry->d_name; diff --git a/source4/heimdal/lib/krb5/principal.c b/source4/heimdal/lib/krb5/principal.c index d854113a43..00c967a72e 100644 --- a/source4/heimdal/lib/krb5/principal.c +++ b/source4/heimdal/lib/krb5/principal.c @@ -76,7 +76,7 @@ host/admin@H5L.ORG * @ingroup krb5_principal */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_principal(krb5_context context, krb5_principal p) { @@ -98,7 +98,7 @@ krb5_free_principal(krb5_context context, * @ingroup krb5_principal */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_principal_set_type(krb5_context context, krb5_principal principal, int type) @@ -117,7 +117,7 @@ krb5_principal_set_type(krb5_context context, * @ingroup krb5_principal */ -int KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_principal_get_type(krb5_context context, krb5_const_principal principal) { @@ -135,14 +135,14 @@ krb5_principal_get_type(krb5_context context, * @ingroup krb5_principal */ -const char* KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_principal_get_realm(krb5_context context, krb5_const_principal principal) { return princ_realm(principal); } -const char* KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_principal_get_comp_string(krb5_context context, krb5_const_principal principal, unsigned int component) @@ -163,7 +163,7 @@ krb5_principal_get_comp_string(krb5_context context, * @ingroup krb5_principal */ -unsigned int KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION unsigned int KRB5_LIB_CALL krb5_principal_get_num_comp(krb5_context context, krb5_const_principal principal) { @@ -183,7 +183,7 @@ krb5_principal_get_num_comp(krb5_context context, * @ingroup krb5_principal */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_parse_name_flags(krb5_context context, const char *name, int flags, @@ -384,7 +384,7 @@ exit: * @ingroup krb5_principal */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_parse_name(krb5_context context, const char *name, krb5_principal *principal) @@ -485,7 +485,7 @@ unparse_name_fixed(krb5_context context, * @ingroup krb5_principal */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_unparse_name_fixed(krb5_context context, krb5_const_principal principal, char *name, @@ -508,7 +508,7 @@ krb5_unparse_name_fixed(krb5_context context, * @ingroup krb5_principal */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_unparse_name_fixed_short(krb5_context context, krb5_const_principal principal, char *name, @@ -532,7 +532,7 @@ krb5_unparse_name_fixed_short(krb5_context context, * @ingroup krb5_principal */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_unparse_name_fixed_flags(krb5_context context, krb5_const_principal principal, int flags, @@ -596,7 +596,7 @@ unparse_name(krb5_context context, * @ingroup krb5_principal */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_unparse_name(krb5_context context, krb5_const_principal principal, char **name) @@ -617,7 +617,7 @@ krb5_unparse_name(krb5_context context, * @ingroup krb5_principal */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_unparse_name_flags(krb5_context context, krb5_const_principal principal, int flags, @@ -639,7 +639,7 @@ krb5_unparse_name_flags(krb5_context context, * @ingroup krb5_principal */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_unparse_name_short(krb5_context context, krb5_const_principal principal, char **name) @@ -660,7 +660,7 @@ krb5_unparse_name_short(krb5_context context, * @ingroup krb5_principal */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_principal_set_realm(krb5_context context, krb5_principal principal, krb5_const_realm realm) @@ -692,7 +692,7 @@ krb5_principal_set_realm(krb5_context context, * @ingroup krb5_principal */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_build_principal(krb5_context context, krb5_principal *principal, int rlen, @@ -828,8 +828,7 @@ build_principal(krb5_context context, return 0; } - -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_build_principal_va(krb5_context context, krb5_principal *principal, int rlen, @@ -839,7 +838,7 @@ krb5_build_principal_va(krb5_context context, return build_principal(context, principal, rlen, realm, va_princ, ap); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_build_principal_va_ext(krb5_context context, krb5_principal *principal, int rlen, @@ -850,7 +849,7 @@ krb5_build_principal_va_ext(krb5_context context, } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_build_principal_ext(krb5_context context, krb5_principal *principal, int rlen, @@ -878,7 +877,7 @@ krb5_build_principal_ext(krb5_context context, */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_principal(krb5_context context, krb5_const_principal inprinc, krb5_principal *outprinc) @@ -913,7 +912,7 @@ krb5_copy_principal(krb5_context context, * @see krb5_realm_compare() */ -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_principal_compare_any_realm(krb5_context context, krb5_const_principal princ1, krb5_const_principal princ2) @@ -928,7 +927,7 @@ krb5_principal_compare_any_realm(krb5_context context, return TRUE; } -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL _krb5_principal_compare_PrincipalName(krb5_context context, krb5_const_principal princ1, PrincipalName *princ2) @@ -961,7 +960,7 @@ _krb5_principal_compare_PrincipalName(krb5_context context, * return TRUE iff princ1 == princ2 */ -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_principal_compare(krb5_context context, krb5_const_principal princ1, krb5_const_principal princ2) @@ -983,7 +982,7 @@ krb5_principal_compare(krb5_context context, * @see krb5_principal_compare() */ -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_realm_compare(krb5_context context, krb5_const_principal princ1, krb5_const_principal princ2) @@ -997,7 +996,7 @@ krb5_realm_compare(krb5_context context, * @ingroup krb5_principal */ -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_principal_match(krb5_context context, krb5_const_principal princ, krb5_const_principal pattern) @@ -1083,7 +1082,7 @@ get_name_conversion(krb5_context context, const char *realm, const char *name) * if `func', use that function for validating the conversion */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_425_conv_principal_ext2(krb5_context context, const char *name, const char *instance, @@ -1375,7 +1374,7 @@ name_convert(krb5_context context, const char *name, const char *realm, * three parameters. They have to be 40 bytes each (ANAME_SZ). */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_524_conv_principal(krb5_context context, const krb5_principal principal, char *name, @@ -1461,7 +1460,7 @@ krb5_524_conv_principal(krb5_context context, * @ingroup krb5_principal */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_sname_to_principal (krb5_context context, const char *hostname, const char *sname, diff --git a/source4/heimdal/lib/krb5/prog_setup.c b/source4/heimdal/lib/krb5/prog_setup.c index 4c060973d6..21afbf8d10 100644 --- a/source4/heimdal/lib/krb5/prog_setup.c +++ b/source4/heimdal/lib/krb5/prog_setup.c @@ -35,17 +35,17 @@ #include <getarg.h> #include <err.h> -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_std_usage(int code, struct getargs *args, int num_args) { arg_printusage(args, num_args, NULL, ""); exit(code); } -int KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_program_setup(krb5_context *context, int argc, char **argv, struct getargs *args, int num_args, - void (*usage)(int, struct getargs*, int)) + void (KRB5_LIB_CALL *usage)(int, struct getargs*, int)) { krb5_error_code ret; int optidx = 0; diff --git a/source4/heimdal/lib/krb5/prompter_posix.c b/source4/heimdal/lib/krb5/prompter_posix.c index 05deaff525..875fd99c40 100644 --- a/source4/heimdal/lib/krb5/prompter_posix.c +++ b/source4/heimdal/lib/krb5/prompter_posix.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -int KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION int krb5_prompter_posix (krb5_context context, void *data, const char *name, diff --git a/source4/heimdal/lib/krb5/rd_cred.c b/source4/heimdal/lib/krb5/rd_cred.c index f41edfa2b5..094f748b9f 100644 --- a/source4/heimdal/lib/krb5/rd_cred.c +++ b/source4/heimdal/lib/krb5/rd_cred.c @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -#include <krb5_locl.h> +#include "krb5_locl.h" static krb5_error_code compare_addrs(krb5_context context, @@ -52,7 +52,7 @@ compare_addrs(krb5_context context, return KRB5KRB_AP_ERR_BADADDR; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_cred(krb5_context context, krb5_auth_context auth_context, krb5_data *in_data, @@ -322,7 +322,7 @@ krb5_rd_cred(krb5_context context, return ret; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_cred2 (krb5_context context, krb5_auth_context auth_context, krb5_ccache ccache, diff --git a/source4/heimdal/lib/krb5/rd_error.c b/source4/heimdal/lib/krb5/rd_error.c index 1561188fad..d778c68cd6 100644 --- a/source4/heimdal/lib/krb5/rd_error.c +++ b/source4/heimdal/lib/krb5/rd_error.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_error(krb5_context context, const krb5_data *msg, KRB_ERROR *result) @@ -51,7 +51,7 @@ krb5_rd_error(krb5_context context, return 0; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_error_contents (krb5_context context, krb5_error *error) { @@ -59,7 +59,7 @@ krb5_free_error_contents (krb5_context context, memset(error, 0, sizeof(*error)); } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_error (krb5_context context, krb5_error *error) { @@ -67,7 +67,7 @@ krb5_free_error (krb5_context context, free (error); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_error_from_rd_error(krb5_context context, const krb5_error *error, const krb5_creds *creds) diff --git a/source4/heimdal/lib/krb5/rd_priv.c b/source4/heimdal/lib/krb5/rd_priv.c index fb6cfcee4f..8a46195b69 100644 --- a/source4/heimdal/lib/krb5/rd_priv.c +++ b/source4/heimdal/lib/krb5/rd_priv.c @@ -31,9 +31,9 @@ * SUCH DAMAGE. */ -#include <krb5_locl.h> +#include "krb5_locl.h" -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_priv(krb5_context context, krb5_auth_context auth_context, const krb5_data *inbuf, diff --git a/source4/heimdal/lib/krb5/rd_rep.c b/source4/heimdal/lib/krb5/rd_rep.c index 2d5792cd40..f8963a53b2 100644 --- a/source4/heimdal/lib/krb5/rd_rep.c +++ b/source4/heimdal/lib/krb5/rd_rep.c @@ -31,9 +31,9 @@ * SUCH DAMAGE. */ -#include <krb5_locl.h> +#include "krb5_locl.h" -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_rep(krb5_context context, krb5_auth_context auth_context, const krb5_data *inbuf, @@ -108,7 +108,7 @@ krb5_rd_rep(krb5_context context, return ret; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_ap_rep_enc_part (krb5_context context, krb5_ap_rep_enc_part *val) { diff --git a/source4/heimdal/lib/krb5/rd_req.c b/source4/heimdal/lib/krb5/rd_req.c index 330c2c3c15..6b2ffbdaac 100644 --- a/source4/heimdal/lib/krb5/rd_req.c +++ b/source4/heimdal/lib/krb5/rd_req.c @@ -1,3 +1,4 @@ + /* * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). @@ -31,7 +32,7 @@ * SUCH DAMAGE. */ -#include <krb5_locl.h> +#include "krb5_locl.h" static krb5_error_code decrypt_tkt_enc_part (krb5_context context, @@ -102,7 +103,7 @@ decrypt_authenticator (krb5_context context, return ret; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decode_ap_req(krb5_context context, const krb5_data *inbuf, krb5_ap_req *ap_req) @@ -217,7 +218,7 @@ find_etypelist(krb5_context context, return ret; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decrypt_ticket(krb5_context context, Ticket *ticket, krb5_keyblock *key, @@ -266,7 +267,7 @@ krb5_decrypt_ticket(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_verify_authenticator_checksum(krb5_context context, krb5_auth_context ac, void *data, @@ -308,7 +309,7 @@ out: } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_verify_ap_req(krb5_context context, krb5_auth_context *auth_context, krb5_ap_req *ap_req, @@ -329,7 +330,7 @@ krb5_verify_ap_req(krb5_context context, KRB5_KU_AP_REQ_AUTH); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_verify_ap_req2(krb5_context context, krb5_auth_context *auth_context, krb5_ap_req *ap_req, @@ -538,7 +539,7 @@ struct krb5_rd_req_out_ctx_data { * @ingroup krb5_auth */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_in_ctx_alloc(krb5_context context, krb5_rd_req_in_ctx *ctx) { *ctx = calloc(1, sizeof(**ctx)); @@ -565,7 +566,7 @@ krb5_rd_req_in_ctx_alloc(krb5_context context, krb5_rd_req_in_ctx *ctx) * @ingroup krb5_auth */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_in_set_keytab(krb5_context context, krb5_rd_req_in_ctx in, krb5_keytab keytab) @@ -586,7 +587,7 @@ krb5_rd_req_in_set_keytab(krb5_context context, * @ingroup krb5_auth */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_in_set_pac_check(krb5_context context, krb5_rd_req_in_ctx in, krb5_boolean flag) @@ -596,7 +597,7 @@ krb5_rd_req_in_set_pac_check(krb5_context context, } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_in_set_keyblock(krb5_context context, krb5_rd_req_in_ctx in, krb5_keyblock *keyblock) @@ -605,7 +606,7 @@ krb5_rd_req_in_set_keyblock(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_out_get_ap_req_options(krb5_context context, krb5_rd_req_out_ctx out, krb5_flags *ap_req_options) @@ -614,7 +615,7 @@ krb5_rd_req_out_get_ap_req_options(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_out_get_ticket(krb5_context context, krb5_rd_req_out_ctx out, krb5_ticket **ticket) @@ -622,7 +623,7 @@ krb5_rd_req_out_get_ticket(krb5_context context, return krb5_copy_ticket(context, out->ticket, ticket); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_out_get_keyblock(krb5_context context, krb5_rd_req_out_ctx out, krb5_keyblock **keyblock) @@ -642,7 +643,7 @@ krb5_rd_req_out_get_keyblock(krb5_context context, * @ingroup krb5_auth */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_out_get_server(krb5_context context, krb5_rd_req_out_ctx out, krb5_principal *principal) @@ -650,7 +651,7 @@ krb5_rd_req_out_get_server(krb5_context context, return krb5_copy_principal(context, out->server, principal); } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_rd_req_in_ctx_free(krb5_context context, krb5_rd_req_in_ctx ctx) { free(ctx); @@ -665,7 +666,7 @@ krb5_rd_req_in_ctx_free(krb5_context context, krb5_rd_req_in_ctx ctx) * @ingroup krb5_auth */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_rd_req_out_ctx_free(krb5_context context, krb5_rd_req_out_ctx ctx) { if (ctx->ticket) @@ -681,7 +682,7 @@ krb5_rd_req_out_ctx_free(krb5_context context, krb5_rd_req_out_ctx ctx) * */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req(krb5_context context, krb5_auth_context *auth_context, const krb5_data *inbuf, @@ -726,7 +727,7 @@ out: * */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_with_keyblock(krb5_context context, krb5_auth_context *auth_context, const krb5_data *inbuf, @@ -834,7 +835,7 @@ out: * @ingroup krb5_auth */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_ctx(krb5_context context, krb5_auth_context *auth_context, const krb5_data *inbuf, diff --git a/source4/heimdal/lib/krb5/replay.c b/source4/heimdal/lib/krb5/replay.c index 0cad91e437..f4eb9032d7 100644 --- a/source4/heimdal/lib/krb5/replay.c +++ b/source4/heimdal/lib/krb5/replay.c @@ -38,7 +38,7 @@ struct krb5_rcache_data { char *name; }; -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rc_resolve(krb5_context context, krb5_rcache id, const char *name) @@ -52,7 +52,7 @@ krb5_rc_resolve(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rc_resolve_type(krb5_context context, krb5_rcache *id, const char *type) @@ -73,7 +73,7 @@ krb5_rc_resolve_type(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rc_resolve_full(krb5_context context, krb5_rcache *id, const char *string_name) @@ -99,19 +99,19 @@ krb5_rc_resolve_full(krb5_context context, return ret; } -const char* KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_rc_default_name(krb5_context context) { return "FILE:/var/run/default_rcache"; } -const char* KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_rc_default_type(krb5_context context) { return "FILE"; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rc_default(krb5_context context, krb5_rcache *id) { @@ -123,7 +123,7 @@ struct rc_entry{ unsigned char data[16]; }; -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rc_initialize(krb5_context context, krb5_rcache id, krb5_deltat auth_lifespan) @@ -135,7 +135,7 @@ krb5_rc_initialize(krb5_context context, if(f == NULL) { char buf[128]; ret = errno; - strerror_r(ret, buf, sizeof(buf)); + rk_strerror_r(ret, buf, sizeof(buf)); krb5_set_error_message(context, ret, "open(%s): %s", id->name, buf); return ret; } @@ -145,14 +145,14 @@ krb5_rc_initialize(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rc_recover(krb5_context context, krb5_rcache id) { return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rc_destroy(krb5_context context, krb5_rcache id) { @@ -161,14 +161,14 @@ krb5_rc_destroy(krb5_context context, if(remove(id->name) < 0) { char buf[128]; ret = errno; - strerror_r(ret, buf, sizeof(buf)); + rk_strerror_r(ret, buf, sizeof(buf)); krb5_set_error_message(context, ret, "remove(%s): %s", id->name, buf); return ret; } return krb5_rc_close(context, id); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rc_close(krb5_context context, krb5_rcache id) { @@ -196,7 +196,7 @@ checksum_authenticator(Authenticator *auth, void *data) EVP_MD_CTX_destroy(m); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rc_store(krb5_context context, krb5_rcache id, krb5_donot_replay *rep) @@ -212,7 +212,7 @@ krb5_rc_store(krb5_context context, if(f == NULL) { char buf[128]; ret = errno; - strerror_r(ret, buf, sizeof(buf)); + rk_strerror_r(ret, buf, sizeof(buf)); krb5_set_error_message(context, ret, "open(%s): %s", id->name, buf); return ret; } @@ -232,7 +232,7 @@ krb5_rc_store(krb5_context context, char buf[128]; ret = errno; fclose(f); - strerror_r(ret, buf, sizeof(buf)); + rk_strerror_r(ret, buf, sizeof(buf)); krb5_set_error_message(context, ret, "%s: %s", id->name, buf); return ret; @@ -241,7 +241,7 @@ krb5_rc_store(krb5_context context, f = fopen(id->name, "a"); if(f == NULL) { char buf[128]; - strerror_r(errno, buf, sizeof(buf)); + rk_strerror_r(errno, buf, sizeof(buf)); krb5_set_error_message(context, KRB5_RC_IO_UNKNOWN, "open(%s): %s", id->name, buf); return KRB5_RC_IO_UNKNOWN; @@ -251,14 +251,14 @@ krb5_rc_store(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rc_expunge(krb5_context context, krb5_rcache id) { return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rc_get_lifespan(krb5_context context, krb5_rcache id, krb5_deltat *auth_lifespan) @@ -276,21 +276,21 @@ krb5_rc_get_lifespan(krb5_context context, return KRB5_RC_IO_UNKNOWN; } -const char* KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_rc_get_name(krb5_context context, krb5_rcache id) { return id->name; } -const char* KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_rc_get_type(krb5_context context, krb5_rcache id) { return "FILE"; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_server_rcache(krb5_context context, const krb5_data *piece, krb5_rcache *id) diff --git a/source4/heimdal/lib/krb5/send_to_kdc.c b/source4/heimdal/lib/krb5/send_to_kdc.c index 0efe14eb4f..a9be31e819 100644 --- a/source4/heimdal/lib/krb5/send_to_kdc.c +++ b/source4/heimdal/lib/krb5/send_to_kdc.c @@ -47,7 +47,7 @@ struct send_to_kdc { */ static int -recv_loop (int fd, +recv_loop (krb5_socket_t fd, time_t tmout, int udp, size_t limit, @@ -58,9 +58,11 @@ recv_loop (int fd, int ret; int nbytes; +#ifndef NO_LIMIT_FD_SETSIZE if (fd >= FD_SETSIZE) { return -1; } +#endif krb5_data_zero(rep); do { @@ -78,7 +80,7 @@ recv_loop (int fd, } else { void *tmp; - if (ioctl (fd, FIONREAD, &nbytes) < 0) { + if (rk_SOCK_IOCTL (fd, FIONREAD, &nbytes) < 0) { krb5_data_free (rep); return -1; } @@ -111,7 +113,7 @@ recv_loop (int fd, */ static int -send_and_recv_udp(int fd, +send_and_recv_udp(krb5_socket_t fd, time_t tmout, const krb5_data *req, krb5_data *rep) @@ -130,7 +132,7 @@ send_and_recv_udp(int fd, */ static int -send_and_recv_tcp(int fd, +send_and_recv_tcp(krb5_socket_t fd, time_t tmout, const krb5_data *req, krb5_data *rep) @@ -140,9 +142,9 @@ send_and_recv_tcp(int fd, krb5_data len_data; _krb5_put_int(len, req->length, 4); - if(net_write(fd, len, sizeof(len)) < 0) + if(net_write (fd, len, sizeof(len)) < 0) return -1; - if(net_write(fd, req->data, req->length) < 0) + if(net_write (fd, req->data, req->length) < 0) return -1; if (recv_loop (fd, tmout, 0, 4, &len_data) < 0) return -1; @@ -162,7 +164,7 @@ send_and_recv_tcp(int fd, } int -_krb5_send_and_recv_tcp(int fd, +_krb5_send_and_recv_tcp(krb5_socket_t fd, time_t tmout, const krb5_data *req, krb5_data *rep) @@ -175,7 +177,7 @@ _krb5_send_and_recv_tcp(int fd, */ static int -send_and_recv_http(int fd, +send_and_recv_http(krb5_socket_t fd, time_t tmout, const char *prefix, const krb5_data *req, @@ -264,7 +266,7 @@ send_via_proxy (krb5_context context, struct addrinfo hints; struct addrinfo *ai, *a; int ret; - int s = -1; + krb5_socket_t s = rk_INVALID_SOCKET; char portstr[NI_MAXSERV]; if (proxy == NULL) @@ -291,7 +293,7 @@ send_via_proxy (krb5_context context, continue; rk_cloexec(s); if (connect (s, a->ai_addr, a->ai_addrlen) < 0) { - close (s); + rk_closesocket (s); continue; } break; @@ -309,7 +311,7 @@ send_via_proxy (krb5_context context, } ret = send_and_recv_http(s, context->kdc_timeout, prefix, send_data, receive); - close (s); + rk_closesocket (s); free(prefix); if(ret == 0 && receive->length != 0) return 0; @@ -361,14 +363,14 @@ send_via_plugin(krb5_context context, * in `receive'. */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_sendto (krb5_context context, const krb5_data *send_data, krb5_krbhst_handle handle, krb5_data *receive) { krb5_error_code ret; - int fd; + krb5_socket_t fd; int i; krb5_data_zero(receive); @@ -414,11 +416,11 @@ krb5_sendto (krb5_context context, for (a = ai; a != NULL; a = a->ai_next) { fd = socket (a->ai_family, a->ai_socktype | SOCK_CLOEXEC, a->ai_protocol); - if (fd < 0) + if (rk_IS_BAD_SOCKET(fd)) continue; rk_cloexec(fd); if (connect (fd, a->ai_addr, a->ai_addrlen) < 0) { - close (fd); + rk_closesocket (fd); continue; } switch (hi->proto) { @@ -435,7 +437,7 @@ krb5_sendto (krb5_context context, send_data, receive); break; } - close (fd); + rk_closesocket (fd); if(ret == 0 && receive->length != 0) goto out; } @@ -451,7 +453,7 @@ out: return ret; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_sendto_kdc(krb5_context context, const krb5_data *send_data, const krb5_realm *realm, @@ -460,7 +462,7 @@ krb5_sendto_kdc(krb5_context context, return krb5_sendto_kdc_flags(context, send_data, realm, receive, 0); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_sendto_kdc_flags(krb5_context context, const krb5_data *send_data, const krb5_realm *realm, @@ -481,7 +483,7 @@ krb5_sendto_kdc_flags(krb5_context context, return ret; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_send_to_kdc_func(krb5_context context, krb5_send_to_kdc_func func, void *data) @@ -504,7 +506,7 @@ krb5_set_send_to_kdc_func(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_copy_send_to_kdc_func(krb5_context context, krb5_context to) { if (context->send_to_kdc) @@ -524,7 +526,7 @@ struct krb5_sendto_ctx_data { void *data; }; -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_sendto_ctx_alloc(krb5_context context, krb5_sendto_ctx *ctx) { *ctx = calloc(1, sizeof(**ctx)); @@ -536,26 +538,26 @@ krb5_sendto_ctx_alloc(krb5_context context, krb5_sendto_ctx *ctx) return 0; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_sendto_ctx_add_flags(krb5_sendto_ctx ctx, int flags) { ctx->flags |= flags; } -int KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_sendto_ctx_get_flags(krb5_sendto_ctx ctx) { return ctx->flags; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_sendto_ctx_set_type(krb5_sendto_ctx ctx, int type) { ctx->type = type; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_sendto_ctx_set_func(krb5_sendto_ctx ctx, krb5_sendto_ctx_func func, void *data) @@ -564,14 +566,14 @@ krb5_sendto_ctx_set_func(krb5_sendto_ctx ctx, ctx->data = data; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_sendto_ctx_free(krb5_context context, krb5_sendto_ctx ctx) { memset(ctx, 0, sizeof(*ctx)); free(ctx); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_sendto_context(krb5_context context, krb5_sendto_ctx ctx, const krb5_data *send_data, diff --git a/source4/heimdal/lib/krb5/set_default_realm.c b/source4/heimdal/lib/krb5/set_default_realm.c index 91201eeb53..ddce677c1a 100644 --- a/source4/heimdal/lib/krb5/set_default_realm.c +++ b/source4/heimdal/lib/krb5/set_default_realm.c @@ -65,7 +65,7 @@ string_to_list (krb5_context context, const char *s, krb5_realm **list) * Otherwise, the realm(s) are figured out from configuration or DNS. */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_default_realm(krb5_context context, const char *realm) { diff --git a/source4/heimdal/lib/krb5/store.c b/source4/heimdal/lib/krb5/store.c index 6e1374adf9..49e68ef177 100644 --- a/source4/heimdal/lib/krb5/store.c +++ b/source4/heimdal/lib/krb5/store.c @@ -49,7 +49,7 @@ * @ingroup krb5_storage */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_storage_set_flags(krb5_storage *sp, krb5_flags flags) { sp->flags |= flags; @@ -64,7 +64,7 @@ krb5_storage_set_flags(krb5_storage *sp, krb5_flags flags) * @ingroup krb5_storage */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_storage_clear_flags(krb5_storage *sp, krb5_flags flags) { sp->flags &= ~flags; @@ -82,7 +82,7 @@ krb5_storage_clear_flags(krb5_storage *sp, krb5_flags flags) * @ingroup krb5_storage */ -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_storage_is_flags(krb5_storage *sp, krb5_flags flags) { return (sp->flags & flags) == flags; @@ -100,7 +100,7 @@ krb5_storage_is_flags(krb5_storage *sp, krb5_flags flags) * @ingroup krb5_storage */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_storage_set_byteorder(krb5_storage *sp, krb5_flags byteorder) { sp->flags &= ~KRB5_STORAGE_BYTEORDER_MASK; @@ -113,7 +113,7 @@ krb5_storage_set_byteorder(krb5_storage *sp, krb5_flags byteorder) * @ingroup krb5_storage */ -krb5_flags KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_flags KRB5_LIB_CALL krb5_storage_get_byteorder(krb5_storage *sp) { return sp->flags & KRB5_STORAGE_BYTEORDER_MASK; @@ -132,7 +132,7 @@ krb5_storage_get_byteorder(krb5_storage *sp) * @ingroup krb5_storage */ -off_t KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION off_t KRB5_LIB_CALL krb5_storage_seek(krb5_storage *sp, off_t offset, int whence) { return (*sp->seek)(sp, offset, whence); @@ -149,7 +149,7 @@ krb5_storage_seek(krb5_storage *sp, off_t offset, int whence) * @ingroup krb5_storage */ -int KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_storage_truncate(krb5_storage *sp, off_t offset) { return (*sp->trunc)(sp, offset); @@ -167,7 +167,7 @@ krb5_storage_truncate(krb5_storage *sp, off_t offset) * @ingroup krb5_storage */ -krb5_ssize_t KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL krb5_storage_read(krb5_storage *sp, void *buf, size_t len) { return sp->fetch(sp, buf, len); @@ -185,7 +185,7 @@ krb5_storage_read(krb5_storage *sp, void *buf, size_t len) * @ingroup krb5_storage */ -krb5_ssize_t KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL krb5_storage_write(krb5_storage *sp, const void *buf, size_t len) { return sp->store(sp, buf, len); @@ -200,7 +200,7 @@ krb5_storage_write(krb5_storage *sp, const void *buf, size_t len) * @ingroup krb5_storage */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_storage_set_eof_code(krb5_storage *sp, int code) { sp->eof_code = code; @@ -216,13 +216,13 @@ krb5_storage_set_eof_code(krb5_storage *sp, int code) * @ingroup krb5_storage */ -int KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_storage_get_eof_code(krb5_storage *sp) { return sp->eof_code; } -krb5_ssize_t KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL _krb5_put_int(void *buffer, unsigned long value, size_t size) { unsigned char *p = buffer; @@ -234,7 +234,7 @@ _krb5_put_int(void *buffer, unsigned long value, size_t size) return size; } -krb5_ssize_t KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL _krb5_get_int(void *buffer, unsigned long *value, size_t size) { unsigned char *p = buffer; @@ -256,7 +256,7 @@ _krb5_get_int(void *buffer, unsigned long *value, size_t size) * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_storage_free(krb5_storage *sp) { if(sp->free) @@ -277,7 +277,7 @@ krb5_storage_free(krb5_storage *sp) * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_storage_to_data(krb5_storage *sp, krb5_data *data) { off_t pos, size; @@ -331,7 +331,7 @@ krb5_store_int(krb5_storage *sp, * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_int32(krb5_storage *sp, int32_t value) { @@ -354,7 +354,7 @@ krb5_store_int32(krb5_storage *sp, * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_uint32(krb5_storage *sp, uint32_t value) { @@ -389,7 +389,7 @@ krb5_ret_int(krb5_storage *sp, * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_int32(krb5_storage *sp, int32_t *value) { @@ -415,7 +415,7 @@ krb5_ret_int32(krb5_storage *sp, * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_uint32(krb5_storage *sp, uint32_t *value) { @@ -441,7 +441,7 @@ krb5_ret_uint32(krb5_storage *sp, * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_int16(krb5_storage *sp, int16_t value) { @@ -464,7 +464,7 @@ krb5_store_int16(krb5_storage *sp, * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_uint16(krb5_storage *sp, uint16_t value) { @@ -482,7 +482,8 @@ krb5_store_uint16(krb5_storage *sp, * * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_int16(krb5_storage *sp, int16_t *value) { @@ -511,7 +512,7 @@ krb5_ret_int16(krb5_storage *sp, * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_uint16(krb5_storage *sp, uint16_t *value) { @@ -536,7 +537,7 @@ krb5_ret_uint16(krb5_storage *sp, * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_int8(krb5_storage *sp, int8_t value) { @@ -559,7 +560,7 @@ krb5_store_int8(krb5_storage *sp, * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_uint8(krb5_storage *sp, uint8_t value) { @@ -577,7 +578,7 @@ krb5_store_uint8(krb5_storage *sp, * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_int8(krb5_storage *sp, int8_t *value) { @@ -600,7 +601,7 @@ krb5_ret_int8(krb5_storage *sp, * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_uint8(krb5_storage *sp, uint8_t *value) { @@ -626,7 +627,7 @@ krb5_ret_uint8(krb5_storage *sp, * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_data(krb5_storage *sp, krb5_data data) { @@ -654,7 +655,7 @@ krb5_store_data(krb5_storage *sp, * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_data(krb5_storage *sp, krb5_data *data) { @@ -687,7 +688,7 @@ krb5_ret_data(krb5_storage *sp, * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_string(krb5_storage *sp, const char *s) { krb5_data data; @@ -708,7 +709,7 @@ krb5_store_string(krb5_storage *sp, const char *s) */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_string(krb5_storage *sp, char **string) { @@ -738,7 +739,7 @@ krb5_ret_string(krb5_storage *sp, * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_stringz(krb5_storage *sp, const char *s) { size_t len = strlen(s) + 1; @@ -765,7 +766,7 @@ krb5_store_stringz(krb5_storage *sp, const char *s) * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_stringz(krb5_storage *sp, char **string) { @@ -798,7 +799,7 @@ krb5_ret_stringz(krb5_storage *sp, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_stringnl(krb5_storage *sp, const char *s) { size_t len = strlen(s); @@ -823,7 +824,7 @@ krb5_store_stringnl(krb5_storage *sp, const char *s) } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_stringnl(krb5_storage *sp, char **string) { @@ -879,7 +880,7 @@ krb5_ret_stringnl(krb5_storage *sp, * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_principal(krb5_storage *sp, krb5_const_principal p) { @@ -916,7 +917,7 @@ krb5_store_principal(krb5_storage *sp, * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_principal(krb5_storage *sp, krb5_principal *princ) { @@ -984,7 +985,7 @@ krb5_ret_principal(krb5_storage *sp, * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_keyblock(krb5_storage *sp, krb5_keyblock p) { int ret; @@ -1013,7 +1014,7 @@ krb5_store_keyblock(krb5_storage *sp, krb5_keyblock p) * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_keyblock(krb5_storage *sp, krb5_keyblock *p) { int ret; @@ -1043,7 +1044,7 @@ krb5_ret_keyblock(krb5_storage *sp, krb5_keyblock *p) * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_times(krb5_storage *sp, krb5_times times) { int ret; @@ -1068,7 +1069,7 @@ krb5_store_times(krb5_storage *sp, krb5_times times) * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_times(krb5_storage *sp, krb5_times *times) { int ret; @@ -1098,7 +1099,7 @@ krb5_ret_times(krb5_storage *sp, krb5_times *times) * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_address(krb5_storage *sp, krb5_address p) { int ret; @@ -1119,7 +1120,7 @@ krb5_store_address(krb5_storage *sp, krb5_address p) * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_address(krb5_storage *sp, krb5_address *adr) { int16_t t; @@ -1142,7 +1143,7 @@ krb5_ret_address(krb5_storage *sp, krb5_address *adr) * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_addrs(krb5_storage *sp, krb5_addresses p) { int i; @@ -1167,7 +1168,7 @@ krb5_store_addrs(krb5_storage *sp, krb5_addresses p) * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_addrs(krb5_storage *sp, krb5_addresses *adr) { int i; @@ -1198,7 +1199,7 @@ krb5_ret_addrs(krb5_storage *sp, krb5_addresses *adr) * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_authdata(krb5_storage *sp, krb5_authdata auth) { krb5_error_code ret; @@ -1225,7 +1226,7 @@ krb5_store_authdata(krb5_storage *sp, krb5_authdata auth) * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_authdata(krb5_storage *sp, krb5_authdata *auth) { krb5_error_code ret; @@ -1270,7 +1271,7 @@ bitswap32(int32_t b) * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_creds(krb5_storage *sp, krb5_creds *creds) { int ret; @@ -1322,7 +1323,7 @@ krb5_store_creds(krb5_storage *sp, krb5_creds *creds) * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_creds(krb5_storage *sp, krb5_creds *creds) { krb5_error_code ret; @@ -1394,7 +1395,7 @@ cleanup: * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_creds_tag(krb5_storage *sp, krb5_creds *creds) { int ret; @@ -1486,7 +1487,7 @@ krb5_store_creds_tag(krb5_storage *sp, krb5_creds *creds) * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_creds_tag(krb5_storage *sp, krb5_creds *creds) { diff --git a/source4/heimdal/lib/krb5/store_emem.c b/source4/heimdal/lib/krb5/store_emem.c index acf984280e..ccda751afb 100644 --- a/source4/heimdal/lib/krb5/store_emem.c +++ b/source4/heimdal/lib/krb5/store_emem.c @@ -158,7 +158,7 @@ emem_free(krb5_storage *sp) * @sa krb5_storage_from_data() */ -krb5_storage * KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_storage * KRB5_LIB_CALL krb5_storage_emem(void) { krb5_storage *sp; diff --git a/source4/heimdal/lib/krb5/store_fd.c b/source4/heimdal/lib/krb5/store_fd.c index 4150175927..bd357dbe3b 100644 --- a/source4/heimdal/lib/krb5/store_fd.c +++ b/source4/heimdal/lib/krb5/store_fd.c @@ -85,12 +85,26 @@ fd_free(krb5_storage * sp) * @sa krb5_storage_from_data() */ -krb5_storage * KRB5_LIB_FUNCTION -krb5_storage_from_fd(int fd) +KRB5_LIB_FUNCTION krb5_storage * KRB5_LIB_CALL +krb5_storage_from_fd(krb5_socket_t fd_in) { krb5_storage *sp; + int fd; + +#ifdef SOCKET_IS_NOT_AN_FD +#ifdef _MSC_VER + if (_get_osfhandle(fd_in) != -1) { + fd = dup(fd_in); + } else { + fd = _open_osfhandle(fd_in, 0); + } +#else +#error Dont know how to deal with fd that may or may not be a socket. +#endif +#else /* SOCKET_IS_NOT_AN_FD */ + fd = dup(fd_in); +#endif - fd = dup(fd); if (fd < 0) return NULL; diff --git a/source4/heimdal/lib/krb5/store_mem.c b/source4/heimdal/lib/krb5/store_mem.c index a913e182d5..b79bc19155 100644 --- a/source4/heimdal/lib/krb5/store_mem.c +++ b/source4/heimdal/lib/krb5/store_mem.c @@ -122,7 +122,7 @@ mem_no_trunc(krb5_storage *sp, off_t offset) * @sa krb5_storage_from_fd() */ -krb5_storage * KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_storage * KRB5_LIB_CALL krb5_storage_from_mem(void *buf, size_t len) { krb5_storage *sp = malloc(sizeof(krb5_storage)); @@ -161,7 +161,7 @@ krb5_storage_from_mem(void *buf, size_t len) * @sa krb5_storage_from_fd() */ -krb5_storage * KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_storage * KRB5_LIB_CALL krb5_storage_from_data(krb5_data *data) { return krb5_storage_from_mem(data->data, data->length); @@ -180,7 +180,7 @@ krb5_storage_from_data(krb5_data *data) * @sa krb5_storage_from_fd() */ -krb5_storage * KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_storage * KRB5_LIB_CALL krb5_storage_from_readonly_mem(const void *buf, size_t len) { krb5_storage *sp = malloc(sizeof(krb5_storage)); diff --git a/source4/heimdal/lib/krb5/ticket.c b/source4/heimdal/lib/krb5/ticket.c index 3bd9387906..4d8da93579 100644 --- a/source4/heimdal/lib/krb5/ticket.c +++ b/source4/heimdal/lib/krb5/ticket.c @@ -3,6 +3,8 @@ * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -45,7 +47,7 @@ * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_ticket(krb5_context context, krb5_ticket *ticket) { @@ -69,7 +71,7 @@ krb5_free_ticket(krb5_context context, * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_ticket(krb5_context context, const krb5_ticket *from, krb5_ticket **to) @@ -118,7 +120,7 @@ krb5_copy_ticket(krb5_context context, * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ticket_get_client(krb5_context context, const krb5_ticket *ticket, krb5_principal *client) @@ -139,7 +141,7 @@ krb5_ticket_get_client(krb5_context context, * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ticket_get_server(krb5_context context, const krb5_ticket *ticket, krb5_principal *server) @@ -158,7 +160,7 @@ krb5_ticket_get_server(krb5_context context, * @ingroup krb5 */ -time_t KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION time_t KRB5_LIB_CALL krb5_ticket_get_endtime(krb5_context context, const krb5_ticket *ticket) { @@ -336,7 +338,7 @@ out: * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ticket_get_authorization_data_type(krb5_context context, krb5_ticket *ticket, int type, @@ -761,6 +763,7 @@ _krb5_extract_ticket(krb5_context context, krb5_timeofday (context, &sec_now); if (rep->enc_part.flags.initial + && (flags & EXTRACT_TICKET_TIMESYNC) && context->kdc_sec_offset == 0 && krb5_config_get_bool (context, NULL, "libdefaults", diff --git a/source4/heimdal/lib/krb5/time.c b/source4/heimdal/lib/krb5/time.c index ed235783a2..247549ba23 100644 --- a/source4/heimdal/lib/krb5/time.c +++ b/source4/heimdal/lib/krb5/time.c @@ -47,7 +47,7 @@ * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_real_time (krb5_context context, krb5_timestamp sec, int32_t usec) @@ -79,7 +79,7 @@ krb5_set_real_time (krb5_context context, * return ``corrected'' time in `timeret'. */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_timeofday (krb5_context context, krb5_timestamp *timeret) { @@ -91,7 +91,7 @@ krb5_timeofday (krb5_context context, * like gettimeofday but with time correction to the KDC */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_us_timeofday (krb5_context context, krb5_timestamp *sec, int32_t *usec) @@ -105,7 +105,7 @@ krb5_us_timeofday (krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_format_time(krb5_context context, time_t t, char *s, size_t len, krb5_boolean include_time) { @@ -120,7 +120,7 @@ krb5_format_time(krb5_context context, time_t t, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_string_to_deltat(const char *string, krb5_deltat *deltat) { if((*deltat = parse_time(string, "s")) == -1) diff --git a/source4/heimdal/lib/krb5/transited.c b/source4/heimdal/lib/krb5/transited.c index 1ff4ce1658..a72adc0351 100644 --- a/source4/heimdal/lib/krb5/transited.c +++ b/source4/heimdal/lib/krb5/transited.c @@ -328,7 +328,7 @@ decode_realms(krb5_context context, } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_domain_x500_decode(krb5_context context, krb5_data tr, char ***realms, unsigned int *num_realms, const char *client_realm, const char *server_realm) @@ -389,7 +389,7 @@ krb5_domain_x500_decode(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_domain_x500_encode(char **realms, unsigned int num_realms, krb5_data *encoding) { @@ -421,7 +421,7 @@ krb5_domain_x500_encode(char **realms, unsigned int num_realms, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_check_transited(krb5_context context, krb5_const_realm client_realm, krb5_const_realm server_realm, @@ -461,7 +461,7 @@ krb5_check_transited(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_check_transited_realms(krb5_context context, const char *const *realms, unsigned int num_realms, diff --git a/source4/heimdal/lib/krb5/v4_glue.c b/source4/heimdal/lib/krb5/v4_glue.c index 168268ceab..01cf323d37 100644 --- a/source4/heimdal/lib/krb5/v4_glue.c +++ b/source4/heimdal/lib/krb5/v4_glue.c @@ -58,7 +58,7 @@ static const int _tkt_lifetimes[TKTLIFENUMFIXED] = { 1623226, 1735464, 1855462, 1983758, 2120925, 2267576, 2424367, 2592000 }; -int KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION int KRB5_LIB_CALL _krb5_krb_time_to_life(time_t start, time_t end) { int i; @@ -82,7 +82,7 @@ _krb5_krb_time_to_life(time_t start, time_t end) } -time_t KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION time_t KRB5_LIB_CALL _krb5_krb_life_to_time(int start, int life_) { unsigned char life = (unsigned char) life_; @@ -118,9 +118,15 @@ get_krb4_cc_name(const char *tkfile, char **cc) if (path) *cc = strdup(path); } +#ifdef HAVE_GETUID if(*cc == NULL) if (asprintf(cc, "%s%u", TKT_ROOT, (unsigned)getuid()) < 0) return errno; +#elif defined(KRB5_USE_PATH_TOKENS) + if(*cc == NULL) + if (_krb5_expand_path_tokens(NULL, TKT_ROOT "%{uid}", cc)) + return ENOMEM; +#endif } else { *cc = strdup(tkfile); if (*cc == NULL) @@ -232,7 +238,7 @@ write_v4_cc(krb5_context context, const char *tkfile, * */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_krb_tf_setup(krb5_context context, struct credentials *v4creds, const char *tkfile, @@ -288,7 +294,7 @@ _krb5_krb_tf_setup(krb5_context context, * */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_krb_dest_tkt(krb5_context context, const char *tkfile) { krb5_error_code ret; @@ -405,7 +411,7 @@ put_nir(krb5_storage *sp, const char *name, * */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_krb_create_ticket(krb5_context context, unsigned char flags, const char *pname, @@ -464,7 +470,7 @@ _krb5_krb_create_ticket(krb5_context context, * */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_krb_create_ciph(krb5_context context, const krb5_keyblock *session, const char *service, @@ -524,7 +530,7 @@ _krb5_krb_create_ciph(krb5_context context, * */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_krb_create_auth_reply(krb5_context context, const char *pname, const char *pinst, @@ -577,7 +583,7 @@ _krb5_krb_create_auth_reply(krb5_context context, * */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_krb_cr_err_reply(krb5_context context, const char *name, const char *inst, @@ -644,7 +650,7 @@ get_v4_stringz(krb5_storage *sp, char **str, size_t max_len) * */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_krb_decomp_ticket(krb5_context context, const krb5_data *enc_ticket, const krb5_keyblock *key, @@ -738,7 +744,7 @@ _krb5_krb_decomp_ticket(krb5_context context, * */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_krb_rd_req(krb5_context context, krb5_data *authent, const char *service, @@ -938,7 +944,7 @@ _krb5_krb_rd_req(krb5_context context, * */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL _krb5_krb_free_auth_data(krb5_context context, struct _krb5_krb_auth_data *ad) { if (ad->pname) diff --git a/source4/heimdal/lib/krb5/version.c b/source4/heimdal/lib/krb5/version.c index a0e750604e..302854de3f 100644 --- a/source4/heimdal/lib/krb5/version.c +++ b/source4/heimdal/lib/krb5/version.c @@ -35,7 +35,5 @@ /* this is just to get a version stamp in the library file */ -#define heimdal_version __heimdal_version -#define heimdal_long_version __heimdal_long_version #include "version.h" diff --git a/source4/heimdal/lib/krb5/warn.c b/source4/heimdal/lib/krb5/warn.c index 886a1fe981..a4c633936f 100644 --- a/source4/heimdal/lib/krb5/warn.c +++ b/source4/heimdal/lib/krb5/warn.c @@ -100,7 +100,7 @@ _warnerr(krb5_context context, int do_errtext, * @ingroup krb5_error */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_vwarn(krb5_context context, krb5_error_code code, const char *fmt, va_list ap) __attribute__ ((format (printf, 3, 0))) @@ -119,7 +119,7 @@ krb5_vwarn(krb5_context context, krb5_error_code code, * @ingroup krb5_error */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_warn(krb5_context context, krb5_error_code code, const char *fmt, ...) __attribute__ ((format (printf, 3, 4))) { @@ -137,7 +137,7 @@ krb5_warn(krb5_context context, krb5_error_code code, const char *fmt, ...) * @ingroup krb5_error */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_vwarnx(krb5_context context, const char *fmt, va_list ap) __attribute__ ((format (printf, 2, 0))) { @@ -153,7 +153,7 @@ krb5_vwarnx(krb5_context context, const char *fmt, va_list ap) * @ingroup krb5_error */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_warnx(krb5_context context, const char *fmt, ...) __attribute__ ((format (printf, 2, 3))) { @@ -174,7 +174,7 @@ krb5_warnx(krb5_context context, const char *fmt, ...) * @ingroup krb5_error */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_verr(krb5_context context, int eval, krb5_error_code code, const char *fmt, va_list ap) __attribute__ ((noreturn, format (printf, 4, 0))) @@ -195,7 +195,7 @@ krb5_verr(krb5_context context, int eval, krb5_error_code code, * @ingroup krb5_error */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_err(krb5_context context, int eval, krb5_error_code code, const char *fmt, ...) __attribute__ ((noreturn, format (printf, 4, 5))) @@ -215,7 +215,7 @@ krb5_err(krb5_context context, int eval, krb5_error_code code, * @ingroup krb5_error */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_verrx(krb5_context context, int eval, const char *fmt, va_list ap) __attribute__ ((noreturn, format (printf, 3, 0))) { @@ -233,7 +233,7 @@ krb5_verrx(krb5_context context, int eval, const char *fmt, va_list ap) * @ingroup krb5_error */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_errx(krb5_context context, int eval, const char *fmt, ...) __attribute__ ((noreturn, format (printf, 3, 4))) { @@ -253,7 +253,7 @@ krb5_errx(krb5_context context, int eval, const char *fmt, ...) * @ingroup krb5_error */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_vabort(krb5_context context, krb5_error_code code, const char *fmt, va_list ap) __attribute__ ((noreturn, format (printf, 3, 0))) @@ -273,7 +273,7 @@ krb5_vabort(krb5_context context, krb5_error_code code, * @ingroup krb5_error */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_abort(krb5_context context, krb5_error_code code, const char *fmt, ...) __attribute__ ((noreturn, format (printf, 3, 4))) { @@ -281,7 +281,7 @@ krb5_abort(krb5_context context, krb5_error_code code, const char *fmt, ...) abort(); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_vabortx(krb5_context context, const char *fmt, va_list ap) __attribute__ ((noreturn, format (printf, 2, 0))) { @@ -299,7 +299,7 @@ krb5_vabortx(krb5_context context, const char *fmt, va_list ap) * @ingroup krb5_error */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_abortx(krb5_context context, const char *fmt, ...) __attribute__ ((noreturn, format (printf, 2, 3))) { @@ -316,7 +316,7 @@ krb5_abortx(krb5_context context, const char *fmt, ...) * @ingroup krb5_error */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_warn_dest(krb5_context context, krb5_log_facility *fac) { context->warn_dest = fac; @@ -331,7 +331,7 @@ krb5_set_warn_dest(krb5_context context, krb5_log_facility *fac) * @ingroup krb5_error */ -krb5_log_facility * KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_log_facility * KRB5_LIB_CALL krb5_get_warn_dest(krb5_context context) { return context->warn_dest; diff --git a/source4/heimdal/lib/ntlm/heimntlm.h b/source4/heimdal/lib/ntlm/heimntlm.h index c1ed23ec10..0fcc832e1f 100644 --- a/source4/heimdal/lib/ntlm/heimntlm.h +++ b/source4/heimdal/lib/ntlm/heimntlm.h @@ -46,21 +46,45 @@ struct ntlm_buf { }; #define NTLM_NEG_UNICODE 0x00000001 +#define NTLM_NEG_OEM 0x00000002 #define NTLM_NEG_TARGET 0x00000004 +#define NTLM_MBZ9 0x00000008 + #define NTLM_NEG_SIGN 0x00000010 #define NTLM_NEG_SEAL 0x00000020 -#define NTLM_NEG_NTLM 0x00000200 +#define NTLM_NEG_DATAGRAM 0x00000040 +#define NTLM_NEG_LM_KEY 0x00000080 -#define NTLM_SUPPLIED_DOMAIN 0x00001000 -#define NTLM_SUPPLIED_WORKSTAION 0x00002000 +#define NTLM_MBZ8 0x00000100 +#define NTLM_NEG_NTLM 0x00000200 +#define NTLM_NEG_NT_ONLY 0x00000400 +#define NTLM_MBZ7 0x00000800 /* anon ? */ +#define NTLM_OEM_SUPPLIED_DOMAIN 0x00001000 +#define NTLM_OEM_SUPPLIED_WORKSTAION 0x00002000 +#define NTLM_MBZ6 0x00004000 /* local call ? */ #define NTLM_NEG_ALWAYS_SIGN 0x00008000 -#define NTLM_NEG_NTLM2_SESSION 0x00080000 #define NTLM_TARGET_DOMAIN 0x00010000 #define NTLM_TARGET_SERVER 0x00020000 +#define NTLM_TARGET_SHARE 0x00040000 +#define NTLM_NEG_NTLM2_SESSION 0x00080000 +#define NTLM_NEG_NTLM2 0x00080000 + +#define NTLM_NEG_IDENTIFY 0x00100000 +#define NTLM_MBZ5 0x00200000 +#define NTLM_NON_NT_SESSION_KEY 0x00400000 +#define NTLM_NEG_TARGET_INFO 0x00800000 + +#define NTLM_MBZ4 0x01000000 +#define NTLM_NEG_VERSION 0x02000000 +#define NTLM_MBZ3 0x04000000 +#define NTLM_MBZ2 0x08000000 + +#define NTLM_MBZ1 0x10000000 #define NTLM_ENC_128 0x20000000 #define NTLM_NEG_KEYEX 0x40000000 +#define NTLM_NEGOTIATE_56 0x80000000 /** * Struct for the NTLM target info, the strings is assumed to be in diff --git a/source4/heimdal/lib/ntlm/ntlm.c b/source4/heimdal/lib/ntlm/ntlm.c index 36a04f1ff2..71f96bfce2 100644 --- a/source4/heimdal/lib/ntlm/ntlm.c +++ b/source4/heimdal/lib/ntlm/ntlm.c @@ -41,8 +41,8 @@ #include <errno.h> #include <limits.h> -#include <krb5.h> #include <roken.h> +#include <krb5.h> #define HC_DEPRECATED_CRYPTO @@ -422,9 +422,9 @@ heim_ntlm_decode_type1(const struct ntlm_buf *buf, struct ntlm_type1 *data) CHECK(krb5_ret_uint32(in, &type), 0); CHECK(type, 1); CHECK(krb5_ret_uint32(in, &data->flags), 0); - if (data->flags & NTLM_SUPPLIED_DOMAIN) + if (data->flags & NTLM_OEM_SUPPLIED_DOMAIN) CHECK(ret_sec_buffer(in, &domain), 0); - if (data->flags & NTLM_SUPPLIED_WORKSTAION) + if (data->flags & NTLM_OEM_SUPPLIED_WORKSTAION) CHECK(ret_sec_buffer(in, &hostname), 0); #if 0 if (domain.offset > 32) { @@ -432,9 +432,9 @@ heim_ntlm_decode_type1(const struct ntlm_buf *buf, struct ntlm_type1 *data) CHECK(krb5_ret_uint32(in, &data->os[1]), 0); } #endif - if (data->flags & NTLM_SUPPLIED_DOMAIN) + if (data->flags & NTLM_OEM_SUPPLIED_DOMAIN) CHECK(ret_string(in, 0, &domain, &data->domain), 0); - if (data->flags & NTLM_SUPPLIED_WORKSTAION) + if (data->flags & NTLM_OEM_SUPPLIED_WORKSTAION) CHECK(ret_string(in, 0, &hostname, &data->hostname), 0); out: @@ -472,11 +472,11 @@ heim_ntlm_encode_type1(const struct ntlm_type1 *type1, struct ntlm_buf *data) if (type1->domain) { base += 8; - flags |= NTLM_SUPPLIED_DOMAIN; + flags |= NTLM_OEM_SUPPLIED_DOMAIN; } if (type1->hostname) { base += 8; - flags |= NTLM_SUPPLIED_WORKSTAION; + flags |= NTLM_OEM_SUPPLIED_WORKSTAION; } if (type1->os[0]) base += 8; diff --git a/source4/heimdal/lib/roken/base64.c b/source4/heimdal/lib/roken/base64.c index a9f0535dda..4c06bd2d1f 100644 --- a/source4/heimdal/lib/roken/base64.c +++ b/source4/heimdal/lib/roken/base64.c @@ -51,7 +51,7 @@ pos(char c) return -1; } -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL base64_encode(const void *data, int size, char **str) { char *s, *p; @@ -120,7 +120,7 @@ token_decode(const char *token) return (marker << 24) | val; } -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL base64_decode(const char *str, void *data) { const char *p; diff --git a/source4/heimdal/lib/roken/base64.h b/source4/heimdal/lib/roken/base64.h index f42c0ba429..dfae4c13b3 100644 --- a/source4/heimdal/lib/roken/base64.h +++ b/source4/heimdal/lib/roken/base64.h @@ -38,16 +38,18 @@ #ifndef ROKEN_LIB_FUNCTION #ifdef _WIN32 -#define ROKEN_LIB_FUNCTION _stdcall +#define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL __cdecl #else #define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL #endif #endif -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL base64_encode(const void *, int, char **); -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL base64_decode(const char *, void *); #endif diff --git a/source4/heimdal/lib/roken/bswap.c b/source4/heimdal/lib/roken/bswap.c index 67d240c231..7f8c1c22b1 100644 --- a/source4/heimdal/lib/roken/bswap.c +++ b/source4/heimdal/lib/roken/bswap.c @@ -36,7 +36,7 @@ #ifndef HAVE_BSWAP32 -unsigned int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION unsigned int ROKEN_LIB_CALL bswap32 (unsigned int val) { return (val & 0xff) << 24 | @@ -48,7 +48,7 @@ bswap32 (unsigned int val) #ifndef HAVE_BSWAP16 -unsigned short ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION unsigned short ROKEN_LIB_CALL bswap16 (unsigned short val) { return (val & 0xff) << 8 | diff --git a/source4/heimdal/lib/roken/cloexec.c b/source4/heimdal/lib/roken/cloexec.c index c015b1d8fa..2d1fe033f2 100644 --- a/source4/heimdal/lib/roken/cloexec.c +++ b/source4/heimdal/lib/roken/cloexec.c @@ -33,14 +33,12 @@ #include <config.h> -#include <unistd.h> -#include <fcntl.h> - #include "roken.h" void ROKEN_LIB_FUNCTION rk_cloexec(int fd) { +#ifdef HAVE_FCNTL int ret; ret = fcntl(fd, F_GETFD); @@ -48,10 +46,21 @@ rk_cloexec(int fd) return; if (fcntl(fd, F_SETFD, ret | FD_CLOEXEC) == -1) return; +#endif } void ROKEN_LIB_FUNCTION rk_cloexec_file(FILE *f) { +#ifdef HAVE_FCNTL rk_cloexec(fileno(f)); +#endif +} + +void ROKEN_LIB_FUNCTION +rk_cloexec_dir(DIR * d) +{ +#ifndef _WIN32 + rk_cloexec(dirfd(d)); +#endif } diff --git a/source4/heimdal/lib/roken/closefrom.c b/source4/heimdal/lib/roken/closefrom.c index 7aa0ef7372..770eb2c67a 100644 --- a/source4/heimdal/lib/roken/closefrom.c +++ b/source4/heimdal/lib/roken/closefrom.c @@ -42,7 +42,7 @@ #include "roken.h" -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL closefrom(int fd) { int num = getdtablesize(); diff --git a/source4/heimdal/lib/roken/copyhostent.c b/source4/heimdal/lib/roken/copyhostent.c index 69c1ba40ff..4ed630210f 100644 --- a/source4/heimdal/lib/roken/copyhostent.c +++ b/source4/heimdal/lib/roken/copyhostent.c @@ -39,7 +39,7 @@ * return a malloced copy of `h' */ -struct hostent * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION struct hostent * ROKEN_LIB_CALL copyhostent (const struct hostent *h) { struct hostent *res; diff --git a/source4/heimdal/lib/roken/dumpdata.c b/source4/heimdal/lib/roken/dumpdata.c index c5513c323d..f30f0e54cc 100644 --- a/source4/heimdal/lib/roken/dumpdata.c +++ b/source4/heimdal/lib/roken/dumpdata.c @@ -33,15 +33,13 @@ #include <config.h> -#include <unistd.h> - #include "roken.h" /* * Write datablob to a filename, don't care about errors. */ -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL rk_dumpdata (const char *filename, const void *buf, size_t size) { int fd; @@ -57,7 +55,7 @@ rk_dumpdata (const char *filename, const void *buf, size_t size) * Read all data from a filename, care about errors. */ -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rk_undumpdata(const char *filename, void **buf, size_t *size) { struct stat sb; diff --git a/source4/heimdal/lib/roken/ecalloc.c b/source4/heimdal/lib/roken/ecalloc.c index c8e6504030..04b37330c9 100644 --- a/source4/heimdal/lib/roken/ecalloc.c +++ b/source4/heimdal/lib/roken/ecalloc.c @@ -42,7 +42,7 @@ * Like calloc but never fails. */ -void * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void * ROKEN_LIB_CALL ecalloc (size_t number, size_t size) { void *tmp = calloc (number, size); diff --git a/source4/heimdal/lib/roken/emalloc.c b/source4/heimdal/lib/roken/emalloc.c index c937e6d707..2520230a35 100644 --- a/source4/heimdal/lib/roken/emalloc.c +++ b/source4/heimdal/lib/roken/emalloc.c @@ -42,7 +42,7 @@ * Like malloc but never fails. */ -void * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void * ROKEN_LIB_CALL emalloc (size_t sz) { void *tmp = malloc (sz); diff --git a/source4/heimdal/lib/roken/erealloc.c b/source4/heimdal/lib/roken/erealloc.c index f77c8ec733..1c30ecc60b 100644 --- a/source4/heimdal/lib/roken/erealloc.c +++ b/source4/heimdal/lib/roken/erealloc.c @@ -42,7 +42,7 @@ * Like realloc but never fails. */ -void * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void * ROKEN_LIB_CALL erealloc (void *ptr, size_t sz) { void *tmp = realloc (ptr, sz); diff --git a/source4/heimdal/lib/roken/err.hin b/source4/heimdal/lib/roken/err.hin index 9fd1856e2b..96fe5cf851 100644 --- a/source4/heimdal/lib/roken/err.hin +++ b/source4/heimdal/lib/roken/err.hin @@ -48,40 +48,42 @@ #ifndef ROKEN_LIB_FUNCTION #ifdef _WIN32 -#define ROKEN_LIB_FUNCTION _stdcall +#define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL __cdecl #else #define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL #endif #endif -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL verr(int eval, const char *fmt, va_list ap) __attribute__ ((noreturn, format (printf, 2, 0))); -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL err(int eval, const char *fmt, ...) __attribute__ ((noreturn, format (printf, 2, 3))); -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL verrx(int eval, const char *fmt, va_list ap) __attribute__ ((noreturn, format (printf, 2, 0))); -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL errx(int eval, const char *fmt, ...) __attribute__ ((noreturn, format (printf, 2, 3))); -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL vwarn(const char *fmt, va_list ap) __attribute__ ((format (printf, 1, 0))); -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL warn(const char *fmt, ...) __attribute__ ((format (printf, 1, 2))); -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL vwarnx(const char *fmt, va_list ap) __attribute__ ((format (printf, 1, 0))); -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL warnx(const char *fmt, ...) __attribute__ ((format (printf, 1, 2))); diff --git a/source4/heimdal/lib/roken/estrdup.c b/source4/heimdal/lib/roken/estrdup.c index ab7f26550b..d275a2830b 100644 --- a/source4/heimdal/lib/roken/estrdup.c +++ b/source4/heimdal/lib/roken/estrdup.c @@ -42,7 +42,7 @@ * Like strdup but never fails. */ -char * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL estrdup (const char *str) { char *tmp = strdup (str); diff --git a/source4/heimdal/lib/roken/freeaddrinfo.c b/source4/heimdal/lib/roken/freeaddrinfo.c index 434e49e888..7132e95dd3 100644 --- a/source4/heimdal/lib/roken/freeaddrinfo.c +++ b/source4/heimdal/lib/roken/freeaddrinfo.c @@ -39,7 +39,7 @@ * free the list of `struct addrinfo' starting at `ai' */ -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL freeaddrinfo(struct addrinfo *ai) { struct addrinfo *tofree; diff --git a/source4/heimdal/lib/roken/freehostent.c b/source4/heimdal/lib/roken/freehostent.c index 335504300a..61fbb223b5 100644 --- a/source4/heimdal/lib/roken/freehostent.c +++ b/source4/heimdal/lib/roken/freehostent.c @@ -39,7 +39,7 @@ * free a malloced hostent */ -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL freehostent (struct hostent *h) { char **p; diff --git a/source4/heimdal/lib/roken/gai_strerror.c b/source4/heimdal/lib/roken/gai_strerror.c index 10beac05ea..1e326bee36 100644 --- a/source4/heimdal/lib/roken/gai_strerror.c +++ b/source4/heimdal/lib/roken/gai_strerror.c @@ -62,7 +62,7 @@ static struct gai_error { * */ -const char * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION const char * ROKEN_LIB_CALL gai_strerror(int ecode) { struct gai_error *g; diff --git a/source4/heimdal/lib/roken/get_window_size.c b/source4/heimdal/lib/roken/get_window_size.c index 60fb1764fa..13e7ebf157 100644 --- a/source4/heimdal/lib/roken/get_window_size.c +++ b/source4/heimdal/lib/roken/get_window_size.c @@ -57,7 +57,7 @@ #include "roken.h" -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL get_window_size(int fd, struct winsize *wp) { int ret = -1; @@ -85,6 +85,20 @@ get_window_size(int fd, struct winsize *wp) wp->ws_col = dst[0]; ret = 0; } +#elif defined(_WIN32) + { + intptr_t fh = 0; + CONSOLE_SCREEN_BUFFER_INFO sb_info; + + fh = _get_osfhandle(fd); + if (fh != (intptr_t) INVALID_HANDLE_VALUE && + GetConsoleScreenBufferInfo((HANDLE) fh, &sb_info)) { + wp->ws_row = 1 + sb_info.srWindow.Bottom - sb_info.srWindow.Top; + wp->ws_col = 1 + sb_info.srWindow.Right - sb_info.srWindow.Left; + + ret = 0; + } + } #endif if (ret != 0) { char *s; diff --git a/source4/heimdal/lib/roken/getaddrinfo.c b/source4/heimdal/lib/roken/getaddrinfo.c index 8c61299763..c8ed95413f 100644 --- a/source4/heimdal/lib/roken/getaddrinfo.c +++ b/source4/heimdal/lib/roken/getaddrinfo.c @@ -365,7 +365,7 @@ get_nodes (const char *nodename, * }; */ -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL getaddrinfo(const char *nodename, const char *servname, const struct addrinfo *hints, diff --git a/source4/heimdal/lib/roken/getarg.c b/source4/heimdal/lib/roken/getarg.c index 60b0f645af..d182f0019e 100644 --- a/source4/heimdal/lib/roken/getarg.c +++ b/source4/heimdal/lib/roken/getarg.c @@ -91,7 +91,7 @@ mandoc_template(struct getargs *args, const char *extra_string, char *(i18n)(const char *)) { - int i; + size_t i; char timestr[64], cmd[64]; char buf[128]; const char *p; @@ -207,7 +207,7 @@ builtin_i18n(const char *str) return rk_UNCONST(str); } -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL arg_printusage (struct getargs *args, size_t num_args, const char *progname, @@ -217,7 +217,7 @@ arg_printusage (struct getargs *args, progname, extra_string, builtin_i18n); } -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL arg_printusage_i18n (struct getargs *args, size_t num_args, const char *usage, @@ -225,8 +225,7 @@ arg_printusage_i18n (struct getargs *args, const char *extra_string, char *(i18n)(const char *)) { - int i; - size_t max_len = 0; + size_t i, max_len = 0; char buf[128]; int col = 0, columns; struct winsize ws; @@ -474,6 +473,7 @@ arg_match_long(struct getargs *args, size_t num_args, default: abort (); + UNREACHABLE(return 0); } /* not reached */ @@ -550,7 +550,7 @@ arg_match_short (struct getargs *args, size_t num_args, return 0; } -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL getarg(struct getargs *args, size_t num_args, int argc, char **argv, int *goptind) { @@ -562,7 +562,7 @@ getarg(struct getargs *args, size_t num_args, #elif defined(HAVE_RANDOM) srandom(time(NULL)); #else - srand (time(NULL)); + srand ((int) time(NULL)); #endif (*goptind)++; for(i = *goptind; i < argc; i++) { @@ -586,7 +586,7 @@ getarg(struct getargs *args, size_t num_args, return ret; } -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL free_getarg_strings (getarg_strings *s) { free (s->strings); diff --git a/source4/heimdal/lib/roken/getarg.h b/source4/heimdal/lib/roken/getarg.h index 64b65aa766..79573a0ea4 100644 --- a/source4/heimdal/lib/roken/getarg.h +++ b/source4/heimdal/lib/roken/getarg.h @@ -40,9 +40,11 @@ #ifndef ROKEN_LIB_FUNCTION #ifdef _WIN32 -#define ROKEN_LIB_FUNCTION _stdcall +#define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL __cdecl #else #define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL #endif #endif @@ -86,17 +88,17 @@ typedef struct getarg_collect_info { void *data; } getarg_collect_info; -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL getarg(struct getargs *args, size_t num_args, int argc, char **argv, int *goptind); -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL arg_printusage (struct getargs *args, size_t num_args, const char *progname, const char *extra_string); -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL arg_printusage_i18n (struct getargs *args, size_t num_args, const char *usage, @@ -104,7 +106,7 @@ arg_printusage_i18n (struct getargs *args, const char *extra_string, char *(i18n)(const char *)); -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL free_getarg_strings (getarg_strings *); #endif /* __GETARG_H__ */ diff --git a/source4/heimdal/lib/roken/getdtablesize.c b/source4/heimdal/lib/roken/getdtablesize.c index a515af3454..08c0661faa 100644 --- a/source4/heimdal/lib/roken/getdtablesize.c +++ b/source4/heimdal/lib/roken/getdtablesize.c @@ -61,7 +61,7 @@ #include <sys/sysctl.h> #endif -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL getdtablesize(void) { int files = -1; diff --git a/source4/heimdal/lib/roken/getipnodebyaddr.c b/source4/heimdal/lib/roken/getipnodebyaddr.c index ddaec03a89..7d4095f1d8 100644 --- a/source4/heimdal/lib/roken/getipnodebyaddr.c +++ b/source4/heimdal/lib/roken/getipnodebyaddr.c @@ -40,7 +40,7 @@ * to a malloced struct hostent or NULL. */ -struct hostent * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION struct hostent * ROKEN_LIB_CALL getipnodebyaddr (const void *src, size_t len, int af, int *error_num) { struct hostent *tmp; diff --git a/source4/heimdal/lib/roken/getipnodebyname.c b/source4/heimdal/lib/roken/getipnodebyname.c index 16fdbdd24a..2ff282707c 100644 --- a/source4/heimdal/lib/roken/getipnodebyname.c +++ b/source4/heimdal/lib/roken/getipnodebyname.c @@ -44,7 +44,7 @@ static int h_errno = NO_RECOVERY; * to a malloced struct hostent or NULL. */ -struct hostent * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION struct hostent * ROKEN_LIB_CALL getipnodebyname (const char *name, int af, int flags, int *error_num) { struct hostent *tmp; diff --git a/source4/heimdal/lib/roken/getnameinfo.c b/source4/heimdal/lib/roken/getnameinfo.c index 0621cfeee1..b23ad01ebd 100644 --- a/source4/heimdal/lib/roken/getnameinfo.c +++ b/source4/heimdal/lib/roken/getnameinfo.c @@ -91,7 +91,7 @@ doit (int af, * */ -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL getnameinfo(const struct sockaddr *sa, socklen_t salen, char *host, size_t hostlen, char *serv, size_t servlen, diff --git a/source4/heimdal/lib/roken/getprogname.c b/source4/heimdal/lib/roken/getprogname.c index 933b6dec79..a310208a84 100644 --- a/source4/heimdal/lib/roken/getprogname.c +++ b/source4/heimdal/lib/roken/getprogname.c @@ -40,7 +40,7 @@ const char *__progname; #endif #ifndef HAVE_GETPROGNAME -const char * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION const char * ROKEN_LIB_CALL getprogname(void) { return __progname; diff --git a/source4/heimdal/lib/roken/hex.c b/source4/heimdal/lib/roken/hex.c index 95488af5c7..91590dd49d 100644 --- a/source4/heimdal/lib/roken/hex.c +++ b/source4/heimdal/lib/roken/hex.c @@ -50,7 +50,7 @@ pos(char c) return -1; } -ssize_t ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL hex_encode(const void *data, size_t size, char **str) { const unsigned char *q = data; @@ -80,7 +80,7 @@ hex_encode(const void *data, size_t size, char **str) return i * 2; } -ssize_t ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL hex_decode(const char *str, void *data, size_t len) { size_t l; diff --git a/source4/heimdal/lib/roken/hex.h b/source4/heimdal/lib/roken/hex.h index b3c45511c8..c266268ea0 100644 --- a/source4/heimdal/lib/roken/hex.h +++ b/source4/heimdal/lib/roken/hex.h @@ -38,18 +38,20 @@ #ifndef ROKEN_LIB_FUNCTION #ifdef _WIN32 -#define ROKEN_LIB_FUNCTION _stdcall +#define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL __cdecl #else #define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL #endif #endif #define hex_encode rk_hex_encode #define hex_decode rk_hex_decode -ssize_t ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL hex_encode(const void *, size_t, char **); -ssize_t ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL hex_decode(const char *, void *, size_t); #endif /* _rk_HEX_H_ */ diff --git a/source4/heimdal/lib/roken/hostent_find_fqdn.c b/source4/heimdal/lib/roken/hostent_find_fqdn.c index b5f2b42f60..dc3c17ff22 100644 --- a/source4/heimdal/lib/roken/hostent_find_fqdn.c +++ b/source4/heimdal/lib/roken/hostent_find_fqdn.c @@ -39,7 +39,7 @@ * Try to find a fqdn (with `.') in he if possible, else return h_name */ -const char * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION const char * ROKEN_LIB_CALL hostent_find_fqdn (const struct hostent *he) { const char *ret = he->h_name; diff --git a/source4/heimdal/lib/roken/inet_aton.c b/source4/heimdal/lib/roken/inet_aton.c index c9b21e00f8..31644a0cd3 100644 --- a/source4/heimdal/lib/roken/inet_aton.c +++ b/source4/heimdal/lib/roken/inet_aton.c @@ -38,7 +38,7 @@ /* Minimal implementation of inet_aton. * Cannot distinguish between failure and a local broadcast address. */ -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL inet_aton(const char *cp, struct in_addr *addr) { addr->s_addr = inet_addr(cp); diff --git a/source4/heimdal/lib/roken/inet_ntop.c b/source4/heimdal/lib/roken/inet_ntop.c index daf3e926dd..0c72b27fc6 100644 --- a/source4/heimdal/lib/roken/inet_ntop.c +++ b/source4/heimdal/lib/roken/inet_ntop.c @@ -113,7 +113,7 @@ inet_ntop_v6 (const void *src, char *dst, size_t size) } #endif /* HAVE_IPV6 */ -const char * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION const char * ROKEN_LIB_CALL inet_ntop(int af, const void *src, char *dst, size_t size) { switch (af) { diff --git a/source4/heimdal/lib/roken/inet_pton.c b/source4/heimdal/lib/roken/inet_pton.c index ad60824f4a..3db1f49f22 100644 --- a/source4/heimdal/lib/roken/inet_pton.c +++ b/source4/heimdal/lib/roken/inet_pton.c @@ -35,7 +35,64 @@ #include "roken.h" -int ROKEN_LIB_FUNCTION +#ifdef HAVE_WINSOCK + +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +inet_pton(int af, const char *src, void *dst) +{ + switch (af) { + case AF_INET: + { + struct sockaddr_in si4; + INT r; + INT s = sizeof(si4); + + si4.sin_family = AF_INET; + r = WSAStringToAddress(src, AF_INET, NULL, (LPSOCKADDR) &si4, &s); + + if (r == 0) { + memcpy(dst, &si4.sin_addr, sizeof(si4.sin_addr)); + return 1; + } + } + break; + + case AF_INET6: + { + struct sockaddr_in6 si6; + INT r; + INT s = sizeof(si6); + + si6.sin6_family = AF_INET6; + r = WSAStringToAddress(src, AF_INET6, NULL, (LPSOCKADDR) &si6, &s); + + if (r == 0) { + memcpy(dst, &si6.sin6_addr, sizeof(si6.sin6_addr)); + return 1; + } + } + break; + + default: + _set_errno( EAFNOSUPPORT ); + return -1; + } + + /* the call failed */ + { + int le = WSAGetLastError(); + + if (le == WSAEINVAL) + return 0; + + _set_errno(le); + return -1; + } +} + +#else /* !HAVE_WINSOCK */ + +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL inet_pton(int af, const char *src, void *dst) { if (af != AF_INET) { @@ -44,3 +101,5 @@ inet_pton(int af, const char *src, void *dst) } return inet_aton (src, dst); } + +#endif diff --git a/source4/heimdal/lib/roken/issuid.c b/source4/heimdal/lib/roken/issuid.c index 2999e8249c..ea0db803e2 100644 --- a/source4/heimdal/lib/roken/issuid.c +++ b/source4/heimdal/lib/roken/issuid.c @@ -35,7 +35,7 @@ #include "roken.h" -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL issuid(void) { #if defined(HAVE_ISSETUGID) diff --git a/source4/heimdal/lib/roken/net_read.c b/source4/heimdal/lib/roken/net_read.c index 9d055d0068..b57dda3dda 100644 --- a/source4/heimdal/lib/roken/net_read.c +++ b/source4/heimdal/lib/roken/net_read.c @@ -33,29 +33,23 @@ #include <config.h> -#include <sys/types.h> -#include <unistd.h> -#include <errno.h> - #include "roken.h" /* * Like read but never return partial data. */ -ssize_t ROKEN_LIB_FUNCTION -net_read (int fd, void *buf, size_t nbytes) +#ifndef _WIN32 + +ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL +net_read (rk_socket_t fd, void *buf, size_t nbytes) { char *cbuf = (char *)buf; ssize_t count; size_t rem = nbytes; while (rem > 0) { -#ifdef WIN32 - count = recv (fd, cbuf, rem, 0); -#else count = read (fd, cbuf, rem); -#endif if (count < 0) { if (errno == EINTR) continue; @@ -69,3 +63,36 @@ net_read (int fd, void *buf, size_t nbytes) } return nbytes; } + +#else + +ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL +net_read(rk_socket_t sock, void *buf, size_t nbytes) +{ + char *cbuf = (char *)buf; + ssize_t count; + size_t rem = nbytes; + + while (rem > 0) { + count = recv (sock, cbuf, rem, 0); + if (count < 0) { + + /* With WinSock, the error EINTR (WSAEINTR), is used to + indicate that a blocking call was cancelled using + WSACancelBlockingCall(). */ + +#ifndef HAVE_WINSOCK + if (rk_SOCK_ERRNO == EINTR) + continue; +#endif + return count; + } else if (count == 0) { + return count; + } + cbuf += count; + rem -= count; + } + return nbytes; +} + +#endif diff --git a/source4/heimdal/lib/roken/net_write.c b/source4/heimdal/lib/roken/net_write.c index 515f210973..94c9df1c38 100644 --- a/source4/heimdal/lib/roken/net_write.c +++ b/source4/heimdal/lib/roken/net_write.c @@ -33,29 +33,23 @@ #include <config.h> -#include <sys/types.h> -#include <unistd.h> -#include <errno.h> - #include "roken.h" /* * Like write but never return partial data. */ -ssize_t ROKEN_LIB_FUNCTION -net_write (int fd, const void *buf, size_t nbytes) +#ifndef _WIN32 + +ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL +net_write (rk_socket_t fd, const void *buf, size_t nbytes) { const char *cbuf = (const char *)buf; ssize_t count; size_t rem = nbytes; while (rem > 0) { -#ifdef WIN32 - count = send (fd, cbuf, rem, 0); -#else count = write (fd, cbuf, rem); -#endif if (count < 0) { if (errno == EINTR) continue; @@ -67,3 +61,28 @@ net_write (int fd, const void *buf, size_t nbytes) } return nbytes; } + +#else + +ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL +net_write(rk_socket_t sock, const void *buf, size_t nbytes) +{ + const char *cbuf = (const char *)buf; + ssize_t count; + size_t rem = nbytes; + + while (rem > 0) { + count = send (sock, cbuf, rem, 0); + if (count < 0) { + if (errno == EINTR) + continue; + else + return count; + } + cbuf += count; + rem -= count; + } + return nbytes; +} + +#endif diff --git a/source4/heimdal/lib/roken/parse_bytes.h b/source4/heimdal/lib/roken/parse_bytes.h index 7d389e808e..8a88eca49b 100644 --- a/source4/heimdal/lib/roken/parse_bytes.h +++ b/source4/heimdal/lib/roken/parse_bytes.h @@ -38,19 +38,21 @@ #ifndef ROKEN_LIB_FUNCTION #ifdef _WIN32 -#define ROKEN_LIB_FUNCTION _stdcall +#define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL __cdecl #else #define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL #endif #endif -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL parse_bytes (const char *s, const char *def_unit); -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL unparse_bytes (int t, char *s, size_t len); -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL unparse_bytes_short (int t, char *s, size_t len); #endif /* __PARSE_BYTES_H__ */ diff --git a/source4/heimdal/lib/roken/parse_time.c b/source4/heimdal/lib/roken/parse_time.c index b581970bd7..febd6a5d2b 100644 --- a/source4/heimdal/lib/roken/parse_time.c +++ b/source4/heimdal/lib/roken/parse_time.c @@ -50,25 +50,25 @@ static struct units time_units[] = { {NULL, 0}, }; -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL parse_time (const char *s, const char *def_unit) { return parse_units (s, time_units, def_unit); } -size_t ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION size_t ROKEN_LIB_CALL unparse_time (int t, char *s, size_t len) { return unparse_units (t, time_units, s, len); } -size_t ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION size_t ROKEN_LIB_CALL unparse_time_approx (int t, char *s, size_t len) { return unparse_units_approx (t, time_units, s, len); } -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL print_time_table (FILE *f) { print_units_table (time_units, f); diff --git a/source4/heimdal/lib/roken/parse_time.h b/source4/heimdal/lib/roken/parse_time.h index 23aae2fc97..dabcefd81a 100644 --- a/source4/heimdal/lib/roken/parse_time.h +++ b/source4/heimdal/lib/roken/parse_time.h @@ -38,22 +38,24 @@ #ifndef ROKEN_LIB_FUNCTION #ifdef _WIN32 -#define ROKEN_LIB_FUNCTION _stdcall +#define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL __cdecl #else #define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL #endif #endif -int +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL parse_time (const char *s, const char *def_unit); -size_t +ROKEN_LIB_FUNCTION size_t ROKEN_LIB_CALL unparse_time (int t, char *s, size_t len); -size_t +ROKEN_LIB_FUNCTION size_t ROKEN_LIB_CALL unparse_time_approx (int t, char *s, size_t len); -void +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL print_time_table (FILE *f); #endif /* __PARSE_TIME_H__ */ diff --git a/source4/heimdal/lib/roken/parse_units.c b/source4/heimdal/lib/roken/parse_units.c index a848298c57..d2857cfa07 100644 --- a/source4/heimdal/lib/roken/parse_units.c +++ b/source4/heimdal/lib/roken/parse_units.c @@ -70,7 +70,7 @@ parse_something (const char *s, const struct units *units, p = s; while (*p) { - double val; + int val; char *next; const struct units *u, *partial_unit; size_t u_len; @@ -80,7 +80,7 @@ parse_something (const char *s, const struct units *units, while(isspace((unsigned char)*p) || *p == ',') ++p; - val = strtod (p, &next); /* strtol(p, &next, 0); */ + val = strtol(p, &next, 0); if (p == next) { val = 0; if(!accept_no_val_p) @@ -149,7 +149,7 @@ acc_units(int res, int val, unsigned mult) return res + val * mult; } -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL parse_units (const char *s, const struct units *units, const char *def_unit) { @@ -175,7 +175,7 @@ acc_flags(int res, int val, unsigned mult) return -1; } -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL parse_flags (const char *s, const struct units *units, int orig) { @@ -208,7 +208,7 @@ unparse_something (int num, const struct units *units, char *s, size_t len, tmp = (*print) (s, len, divisor, u->name, num); if (tmp < 0) return tmp; - if (tmp > len) { + if (tmp > (int) len) { len = 0; s = NULL; } else { @@ -245,7 +245,7 @@ update_unit_approx (int in, unsigned mult) return update_unit (in, mult); } -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL unparse_units (int num, const struct units *units, char *s, size_t len) { return unparse_something (num, units, s, len, @@ -254,7 +254,7 @@ unparse_units (int num, const struct units *units, char *s, size_t len) "0"); } -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL unparse_units_approx (int num, const struct units *units, char *s, size_t len) { return unparse_something (num, units, s, len, @@ -263,7 +263,7 @@ unparse_units_approx (int num, const struct units *units, char *s, size_t len) "0"); } -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL print_units_table (const struct units *units, FILE *f) { const struct units *u, *u2; @@ -308,7 +308,7 @@ update_flag (int in, unsigned mult) return in - mult; } -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL unparse_flags (int num, const struct units *units, char *s, size_t len) { return unparse_something (num, units, s, len, @@ -317,7 +317,7 @@ unparse_flags (int num, const struct units *units, char *s, size_t len) ""); } -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL print_flags_table (const struct units *units, FILE *f) { const struct units *u; diff --git a/source4/heimdal/lib/roken/parse_units.h b/source4/heimdal/lib/roken/parse_units.h index 2f2235bb0d..2d1c286906 100644 --- a/source4/heimdal/lib/roken/parse_units.h +++ b/source4/heimdal/lib/roken/parse_units.h @@ -41,9 +41,11 @@ #ifndef ROKEN_LIB_FUNCTION #ifdef _WIN32 -#define ROKEN_LIB_FUNCTION _stdcall +#define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL __cdecl #else #define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL #endif #endif @@ -52,28 +54,28 @@ struct units { unsigned mult; }; -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL parse_units (const char *s, const struct units *units, const char *def_unit); -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL print_units_table (const struct units *units, FILE *f); -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL parse_flags (const char *s, const struct units *units, int orig); -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL unparse_units (int num, const struct units *units, char *s, size_t len); -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL unparse_units_approx (int num, const struct units *units, char *s, size_t len); -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL unparse_flags (int num, const struct units *units, char *s, size_t len); -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL print_flags_table (const struct units *units, FILE *f); #endif /* __PARSE_UNITS_H__ */ diff --git a/source4/heimdal/lib/roken/resolve.c b/source4/heimdal/lib/roken/resolve.c index 419c8d94e0..0c0fc1dd92 100644 --- a/source4/heimdal/lib/roken/resolve.c +++ b/source4/heimdal/lib/roken/resolve.c @@ -78,7 +78,7 @@ static struct stot{ int _resolve_debug = 0; -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rk_dns_string_to_type(const char *name) { struct stot *p = stot; @@ -88,7 +88,7 @@ rk_dns_string_to_type(const char *name) return -1; } -const char * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION const char * ROKEN_LIB_CALL rk_dns_type_to_string(int type) { struct stot *p = stot; @@ -110,7 +110,7 @@ dns_free_rr(struct rk_resource_record *rr) free(rr); } -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL rk_dns_free_data(struct rk_dns_reply *r) { struct rk_resource_record *rr; @@ -584,7 +584,7 @@ dns_lookup_int(const char *domain, int rr_class, int rr_type) return r; } -struct rk_dns_reply * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION struct rk_dns_reply * ROKEN_LIB_CALL rk_dns_lookup(const char *domain, const char *type_name) { int type; @@ -614,7 +614,7 @@ compare_srv(const void *a, const void *b) #endif /* try to rearrange the srv-records by the algorithm in RFC2782 */ -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL rk_dns_srv_order(struct rk_dns_reply *r) { struct rk_resource_record **srvs, **ss, **headp; @@ -704,18 +704,18 @@ rk_dns_srv_order(struct rk_dns_reply *r) #else /* NOT defined(HAVE_RES_SEARCH) && defined(HAVE_DN_EXPAND) */ -struct rk_dns_reply * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION struct rk_dns_reply * ROKEN_LIB_CALL rk_dns_lookup(const char *domain, const char *type_name) { return NULL; } -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL rk_dns_free_data(struct rk_dns_reply *r) { } -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL rk_dns_srv_order(struct rk_dns_reply *r) { } diff --git a/source4/heimdal/lib/roken/resolve.h b/source4/heimdal/lib/roken/resolve.h index 91b2afefe7..adec8084b8 100644 --- a/source4/heimdal/lib/roken/resolve.h +++ b/source4/heimdal/lib/roken/resolve.h @@ -38,9 +38,11 @@ #ifndef ROKEN_LIB_FUNCTION #ifdef _WIN32 -#define ROKEN_LIB_FUNCTION _stdcall +#define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL __cdecl #else #define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL #endif #endif @@ -231,15 +233,15 @@ struct rk_dns_reply{ extern "C" { #endif -struct rk_dns_reply* ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION struct rk_dns_reply* ROKEN_LIB_CALL rk_dns_lookup(const char *, const char *); -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL rk_dns_free_data(struct rk_dns_reply *); -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rk_dns_string_to_type(const char *name); -const char *ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION const char * ROKEN_LIB_CALL rk_dns_type_to_string(int type); -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL rk_dns_srv_order(struct rk_dns_reply*); #ifdef __cplusplus diff --git a/source4/heimdal/lib/roken/rkpty.c b/source4/heimdal/lib/roken/rkpty.c index 6043e2b815..0faf668615 100644 --- a/source4/heimdal/lib/roken/rkpty.c +++ b/source4/heimdal/lib/roken/rkpty.c @@ -41,7 +41,9 @@ #endif #include <stdio.h> #include <stdlib.h> +#ifdef HAVE_UNISTD_H #include <unistd.h> +#endif #ifdef HAVE_PTY_H #include <pty.h> #endif diff --git a/source4/heimdal/lib/roken/roken-common.h b/source4/heimdal/lib/roken/roken-common.h index ea7dcaade0..a437d8a346 100644 --- a/source4/heimdal/lib/roken/roken-common.h +++ b/source4/heimdal/lib/roken/roken-common.h @@ -38,9 +38,11 @@ #ifndef ROKEN_LIB_FUNCTION #ifdef _WIN32 -#define ROKEN_LIB_FUNCTION _stdcall +#define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL __cdecl #else #define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL #endif #endif @@ -120,6 +122,8 @@ #define O_ACCMODE 003 #endif +#ifndef _WIN32 + #ifndef _PATH_DEV #define _PATH_DEV "/dev/" #endif @@ -144,6 +148,16 @@ #define MAXPATHLEN (1024+4) #endif +#endif /* !_WIN32 */ + +#ifndef PATH_MAX +#define PATH_MAX MAX_PATH +#endif + +#ifndef RETSIGTYPE +#define RETSIGTYPE void +#endif + #ifndef SIG_ERR #define SIG_ERR ((RETSIGTYPE (*)(int))-1) #endif @@ -261,193 +275,215 @@ ROKEN_CPP_START #ifndef IRIX4 /* fix for compiler bug */ +#ifndef _WIN32 #ifdef RETSIGTYPE typedef RETSIGTYPE (*SigAction)(int); SigAction signal(int iSig, SigAction pAction); /* BSD compatible */ #endif #endif +#endif + +#define SE_E_UNSPECIFIED (-1) +#define SE_E_FORKFAILED (-2) +#define SE_E_WAITPIDFAILED (-3) +#define SE_E_EXECTIMEOUT (-4) +#define SE_E_NOEXEC 126 +#define SE_E_NOTFOUND 127 + +#define SE_PROCSTATUS(st) (((st) >= 0 && (st) < 126)? st: -1) +#define SE_PROCSIGNAL(st) (((st) >= 128)? (st) - 128: -1) +#define SE_IS_ERROR(st) ((st) < 0 || (st) >= 126) + #define simple_execve rk_simple_execve -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL simple_execve(const char*, char*const[], char*const[]); #define simple_execve_timed rk_simple_execve_timed -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL simple_execve_timed(const char *, char *const[], char *const [], time_t (*)(void *), void *, time_t); #define simple_execvp rk_simple_execvp -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL simple_execvp(const char*, char *const[]); #define simple_execvp_timed rk_simple_execvp_timed -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL simple_execvp_timed(const char *, char *const[], time_t (*)(void *), void *, time_t); #define simple_execlp rk_simple_execlp -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL simple_execlp(const char*, ...); #define simple_execle rk_simple_execle -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL simple_execle(const char*, ...); #define wait_for_process rk_wait_for_process -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL wait_for_process(pid_t); #define wait_for_process_timed rk_wait_for_process_timed -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL wait_for_process_timed(pid_t, time_t (*)(void *), - void *, time_t); + void *, time_t); + #define pipe_execv rk_pipe_execv -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL pipe_execv(FILE**, FILE**, FILE**, const char*, ...); #define print_version rk_print_version -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL print_version(const char *); #define eread rk_eread -ssize_t ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL eread (int fd, void *buf, size_t nbytes); #define ewrite rk_ewrite -ssize_t ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL ewrite (int fd, const void *buf, size_t nbytes); struct hostent; #define hostent_find_fqdn rk_hostent_find_fqdn -const char * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION const char * ROKEN_LIB_CALL hostent_find_fqdn (const struct hostent *); #define esetenv rk_esetenv -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL esetenv(const char *, const char *, int); #define socket_set_address_and_port rk_socket_set_address_and_port -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL socket_set_address_and_port (struct sockaddr *, const void *, int); #define socket_addr_size rk_socket_addr_size -size_t ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION size_t ROKEN_LIB_CALL socket_addr_size (const struct sockaddr *); #define socket_set_any rk_socket_set_any -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL socket_set_any (struct sockaddr *, int); #define socket_sockaddr_size rk_socket_sockaddr_size -size_t ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION size_t ROKEN_LIB_CALL socket_sockaddr_size (const struct sockaddr *); #define socket_get_address rk_socket_get_address -void * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void * ROKEN_LIB_CALL socket_get_address (const struct sockaddr *); #define socket_get_port rk_socket_get_port -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL socket_get_port (const struct sockaddr *); #define socket_set_port rk_socket_set_port -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL socket_set_port (struct sockaddr *, int); #define socket_set_portrange rk_socket_set_portrange -void ROKEN_LIB_FUNCTION -socket_set_portrange (int, int, int); +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +socket_set_portrange (rk_socket_t, int, int); #define socket_set_debug rk_socket_set_debug -void ROKEN_LIB_FUNCTION -socket_set_debug (int); +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +socket_set_debug (rk_socket_t); #define socket_set_tos rk_socket_set_tos -void ROKEN_LIB_FUNCTION -socket_set_tos (int, int); +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +socket_set_tos (rk_socket_t, int); #define socket_set_reuseaddr rk_socket_set_reuseaddr -void ROKEN_LIB_FUNCTION -socket_set_reuseaddr (int, int); +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +socket_set_reuseaddr (rk_socket_t, int); #define socket_set_ipv6only rk_socket_set_ipv6only -void ROKEN_LIB_FUNCTION -socket_set_ipv6only (int, int); +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +socket_set_ipv6only (rk_socket_t, int); + +#define socket_to_fd rk_socket_to_fd +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +socket_to_fd(rk_socket_t, int); #define vstrcollect rk_vstrcollect -char ** ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION char ** ROKEN_LIB_CALL vstrcollect(va_list *ap); #define strcollect rk_strcollect -char ** ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION char ** ROKEN_LIB_CALL strcollect(char *first, ...); #define timevalfix rk_timevalfix -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL timevalfix(struct timeval *t1); #define timevaladd rk_timevaladd -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL timevaladd(struct timeval *t1, const struct timeval *t2); #define timevalsub rk_timevalsub -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL timevalsub(struct timeval *t1, const struct timeval *t2); #define pid_file_write rk_pid_file_write -char *ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL pid_file_write (const char *progname); #define pid_file_delete rk_pid_file_delete -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL pid_file_delete (char **); #define read_environment rk_read_environment -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL read_environment(const char *file, char ***env); #define free_environment rk_free_environment -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL free_environment(char **); #define warnerr rk_warnerr -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL rk_warnerr(int doerrno, const char *fmt, va_list ap) __attribute__ ((format (printf, 2, 0))); -void * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void * ROKEN_LIB_CALL rk_realloc(void *, size_t); struct rk_strpool; -char * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL rk_strpoolcollect(struct rk_strpool *); -struct rk_strpool * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION struct rk_strpool * ROKEN_LIB_CALL rk_strpoolprintf(struct rk_strpool *, const char *, ...) __attribute__ ((format (printf, 2, 3))); -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL rk_strpoolfree(struct rk_strpool *); -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL rk_dumpdata (const char *, const void *, size_t); -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rk_undumpdata (const char *, void **, size_t *); -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL rk_xfree (void *); -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL rk_cloexec(int); -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL rk_cloexec_file(FILE *); -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +rk_cloexec_dir(DIR *); + +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL ct_memcmp(const void *, const void *, size_t); ROKEN_CPP_END diff --git a/source4/heimdal/lib/roken/roken.h.in b/source4/heimdal/lib/roken/roken.h.in index 6fc533c697..0492db4d6b 100644 --- a/source4/heimdal/lib/roken/roken.h.in +++ b/source4/heimdal/lib/roken/roken.h.in @@ -41,6 +41,96 @@ #include <string.h> #include <signal.h> +#ifndef ROKEN_LIB_FUNCTION +#ifdef _WIN32 +#define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL __cdecl +#else +#define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL +#endif +#endif + +#ifdef HAVE_WINSOCK +/* Declarations for Microsoft Windows */ + +#include<ws2tcpip.h> + +/* + * error codes for inet_ntop/inet_pton + */ +#define EAFNOSUPPORT WSAEAFNOSUPPORT + +typedef SOCKET rk_socket_t; + +#define rk_closesocket(x) closesocket(x) +#define rk_INVALID_SOCKET INVALID_SOCKET +#define rk_IS_BAD_SOCKET(s) ((s) == INVALID_SOCKET) +#define rk_IS_SOCKET_ERROR(rv) ((rv) == SOCKET_ERROR) +#define rk_SOCK_ERRNO WSAGetLastError() +#define rk_SOCK_IOCTL(s,c,a) ioctlsocket((s),(c),(a)) + +#define ETIMEDOUT WSAETIMEDOUT +#define EWOULDBLOCK WSAEWOULDBLOCK +#define ENOTSOCK WSAENOTSOCK + +#define rk_SOCK_INIT() rk_WSAStartup() +#define rk_SOCK_EXIT() rk_WSACleanup() + +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rk_WSAStartup(void); +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rk_WSACleanup(void); + +#else /* not WinSock */ + +typedef int rk_socket_t; + +#define rk_closesocket(x) close(x) +#define rk_SOCK_IOCTL(s,c,a) ioctl((s),(c),(a)) +#define rk_IS_BAD_SOCKET(s) ((s) < 0) +#define rk_IS_SOCKET_ERROR(rv) ((rv) < 0) +#define rk_SOCK_ERRNO errno +#define rk_INVALID_SOCKET (-1) + +#define rk_SOCK_INIT() 0 +#define rk_SOCK_EXIT() do { } while(0) + +#endif + +#ifdef _MSC_VER +/* Declarations for Microsoft Visual C runtime on Windows */ + +#include<process.h> + +#include<io.h> + +#ifndef __BIT_TYPES_DEFINED__ +#define __BIT_TYPES_DEFINED__ + +typedef __int8 int8_t; +typedef __int16 int16_t; +typedef __int32 int32_t; +typedef __int64 int64_t; +typedef unsigned __int8 uint8_t; +typedef unsigned __int16 uint16_t; +typedef unsigned __int32 uint32_t; +typedef unsigned __int64 uint64_t; +typedef uint8_t u_int8_t; +typedef uint16_t u_int16_t; +typedef uint32_t u_int32_t; +typedef uint64_t u_int64_t; + +#endif /* __BIT_TYPES_DEFINED__ */ + +#define UNREACHABLE(x) x +#define UNUSED_ARGUMENT(x) ((void) x) + +#else + +#define UNREACHABLE(x) +#define UNUSED_ARGUMENT(x) + +#endif + #ifdef _AIX struct ether_addr; struct sockaddr_dl; @@ -132,9 +222,21 @@ struct sockaddr_dl; #include <paths.h> #endif +#ifdef HAVE_DIRENT_H +#include <dirent.h> +#endif + +#ifdef BACKSLASH_PATH_DELIM +#define rk_PATH_DELIM '\\' +#endif + #ifndef HAVE_SSIZE_T +#ifdef _WIN64 +typedef __int64 ssize_t; +#else typedef int ssize_t; #endif +#endif #include <roken-common.h> @@ -150,23 +252,86 @@ ROKEN_CPP_START #define setsid _setsid #endif +#ifdef _MSC_VER +/* Additional macros for Visual C/C++ runtime */ + +#define close _close + +#define getpid _getpid + +#define open _open + +#define chdir _chdir + +#define fsync _commit + +/* The MSVC implementation of snprintf is not C99 compliant. */ +#define snprintf rk_snprintf +#define vsnprintf rk_vsnprintf +#define vasnprintf rk_vasnprintf +#define vasprintf rk_vasprintf +#define asnprintf rk_asnprintf +#define asprintf rk_asprintf + +#define _PIPE_BUFFER_SZ 8192 +#define pipe(fds) _pipe((fds), _PIPE_BUFFER_SZ, O_BINARY); + +#define ftruncate(fd, sz) _chsize((fd), (sz)) + +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +rk_snprintf (char *str, size_t sz, const char *format, ...); + +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +rk_asprintf (char **ret, const char *format, ...); + +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +rk_asnprintf (char **ret, size_t max_sz, const char *format, ...); + +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +rk_vasprintf (char **ret, const char *format, va_list args); + +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +rk_vasnprintf (char **ret, size_t max_sz, const char *format, va_list args); + +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +rk_vsnprintf (char *str, size_t sz, const char *format, va_list args); + +/* missing stat.h predicates */ + +#define S_ISREG(m) (((m) & _S_IFREG) == _S_IFREG) + +#define S_ISDIR(m) (((m) & _S_IFDIR) == _S_IFDIR) + +#define S_ISCHR(m) (((m) & _S_IFCHR) == _S_IFCHR) + +#define S_ISFIFO(m) (((m) & _S_IFIFO) == _S_IFIFO) + +/* The following are not implemented: + + S_ISLNK(m) + S_ISSOCK(m) + S_ISBLK(m) +*/ + +#endif /* _MSC_VER */ + #ifndef HAVE_PUTENV #define putenv rk_putenv -int ROKEN_LIB_FUNCTION putenv(const char *); +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL putenv(const char *); #endif #if !defined(HAVE_SETENV) || defined(NEED_SETENV_PROTO) #ifndef HAVE_SETENV #define setenv rk_setenv #endif -int ROKEN_LIB_FUNCTION setenv(const char *, const char *, int); +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL setenv(const char *, const char *, int); #endif #if !defined(HAVE_UNSETENV) || defined(NEED_UNSETENV_PROTO) #ifndef HAVE_UNSETENV #define unsetenv rk_unsetenv #endif -void ROKEN_LIB_FUNCTION unsetenv(const char *); +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL unsetenv(const char *); #endif #if !defined(HAVE_GETUSERSHELL) || defined(NEED_GETUSERSHELL_PROTO) @@ -174,15 +339,15 @@ void ROKEN_LIB_FUNCTION unsetenv(const char *); #define getusershell rk_getusershell #define endusershell rk_endusershell #endif -char * ROKEN_LIB_FUNCTION getusershell(void); -void ROKEN_LIB_FUNCTION endusershell(void); +ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL getusershell(void); +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL endusershell(void); #endif #if !defined(HAVE_SNPRINTF) || defined(NEED_SNPRINTF_PROTO) #ifndef HAVE_SNPRINTF #define snprintf rk_snprintf #endif -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rk_snprintf (char *, size_t, const char *, ...) __attribute__ ((format (printf, 3, 4))); #endif @@ -191,7 +356,7 @@ int ROKEN_LIB_FUNCTION #ifndef HAVE_VSNPRINTF #define vsnprintf rk_vsnprintf #endif -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rk_vsnprintf (char *, size_t, const char *, va_list) __attribute__((format (printf, 3, 0))); #endif @@ -200,7 +365,7 @@ int ROKEN_LIB_FUNCTION #ifndef HAVE_ASPRINTF #define asprintf rk_asprintf #endif -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rk_asprintf (char **, const char *, ...) __attribute__ ((format (printf, 2, 3))); #endif @@ -209,7 +374,7 @@ int ROKEN_LIB_FUNCTION #ifndef HAVE_VASPRINTF #define vasprintf rk_vasprintf #endif -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rk_vasprintf (char **, const char *, va_list) __attribute__((format (printf, 2, 0))); #endif @@ -218,7 +383,7 @@ int ROKEN_LIB_FUNCTION #ifndef HAVE_ASNPRINTF #define asnprintf rk_asnprintf #endif -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rk_asnprintf (char **, size_t, const char *, ...) __attribute__ ((format (printf, 3, 4))); #endif @@ -227,91 +392,91 @@ int ROKEN_LIB_FUNCTION #ifndef HAVE_VASNPRINTF #define vasnprintf rk_vasnprintf #endif -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL vasnprintf (char **, size_t, const char *, va_list) __attribute__((format (printf, 3, 0))); #endif #ifndef HAVE_STRDUP #define strdup rk_strdup -char * ROKEN_LIB_FUNCTION strdup(const char *); +ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL strdup(const char *); #endif #if !defined(HAVE_STRNDUP) || defined(NEED_STRNDUP_PROTO) #ifndef HAVE_STRNDUP #define strndup rk_strndup #endif -char * ROKEN_LIB_FUNCTION strndup(const char *, size_t); +ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL strndup(const char *, size_t); #endif #ifndef HAVE_STRLWR #define strlwr rk_strlwr -char * ROKEN_LIB_FUNCTION strlwr(char *); +ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL strlwr(char *); #endif #ifndef HAVE_STRNLEN #define strnlen rk_strnlen -size_t ROKEN_LIB_FUNCTION strnlen(const char*, size_t); +ROKEN_LIB_FUNCTION size_t ROKEN_LIB_CALL strnlen(const char*, size_t); #endif #if !defined(HAVE_STRSEP) || defined(NEED_STRSEP_PROTO) #ifndef HAVE_STRSEP #define strsep rk_strsep #endif -char * ROKEN_LIB_FUNCTION strsep(char**, const char*); +ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL strsep(char**, const char*); #endif #if !defined(HAVE_STRSEP_COPY) || defined(NEED_STRSEP_COPY_PROTO) #ifndef HAVE_STRSEP_COPY #define strsep_copy rk_strsep_copy #endif -ssize_t ROKEN_LIB_FUNCTION strsep_copy(const char**, const char*, char*, size_t); +ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL strsep_copy(const char**, const char*, char*, size_t); #endif #ifndef HAVE_STRCASECMP #define strcasecmp rk_strcasecmp -int ROKEN_LIB_FUNCTION strcasecmp(const char *, const char *); +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL strcasecmp(const char *, const char *); #endif #ifdef NEED_FCLOSE_PROTO -int ROKEN_LIB_FUNCTION fclose(FILE *); +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL fclose(FILE *); #endif #ifdef NEED_STRTOK_R_PROTO -char * ROKEN_LIB_FUNCTION strtok_r(char *, const char *, char **); +ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL strtok_r(char *, const char *, char **); #endif #ifndef HAVE_STRUPR #define strupr rk_strupr -char * ROKEN_LIB_FUNCTION strupr(char *); +ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL strupr(char *); #endif #ifndef HAVE_STRLCPY #define strlcpy rk_strlcpy -size_t ROKEN_LIB_FUNCTION strlcpy (char *, const char *, size_t); +ROKEN_LIB_FUNCTION size_t ROKEN_LIB_CALL strlcpy (char *, const char *, size_t); #endif #ifndef HAVE_STRLCAT #define strlcat rk_strlcat -size_t ROKEN_LIB_FUNCTION strlcat (char *, const char *, size_t); +ROKEN_LIB_FUNCTION size_t ROKEN_LIB_CALL strlcat (char *, const char *, size_t); #endif #ifndef HAVE_GETDTABLESIZE #define getdtablesize rk_getdtablesize -int ROKEN_LIB_FUNCTION getdtablesize(void); +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL getdtablesize(void); #endif #if !defined(HAVE_STRERROR) && !defined(strerror) #define strerror rk_strerror -char * ROKEN_LIB_FUNCTION strerror(int); +ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL strerror(int); #endif -#if !defined(HAVE_STRERROR) && !defined(strerror) -#define strerror_r rk_strerror_r -int ROKEN_LIB_FUNCTION strerror_r(int, char *, size_t); +#if !defined(HAVE_STRERROR_R) && !defined(strerror_r) && !defined(STRERROR_R_PROTO_COMPATIBLE) +int ROKEN_LIB_FUNCTION rk_strerror_r(int, char *, size_t); +#else +#define rk_strerror_r strerror_r #endif - #if !defined(HAVE_HSTRERROR) || defined(NEED_HSTRERROR_PROTO) #ifndef HAVE_HSTRERROR #define hstrerror rk_hstrerror @@ -319,6 +484,7 @@ int ROKEN_LIB_FUNCTION strerror_r(int, char *, size_t); /* This causes a fatal error under Psoriasis */ #ifndef SunOS const char * ROKEN_LIB_FUNCTION hstrerror(int); +ROKEN_LIB_FUNCTION const char * ROKEN_LIB_CALL hstrerror(int); #endif #endif @@ -330,88 +496,88 @@ extern int h_errno; #ifndef HAVE_INET_ATON #define inet_aton rk_inet_aton #endif -int ROKEN_LIB_FUNCTION inet_aton(const char *, struct in_addr *); +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL inet_aton(const char *, struct in_addr *); #endif #ifndef HAVE_INET_NTOP #define inet_ntop rk_inet_ntop -const char * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION const char * ROKEN_LIB_CALL inet_ntop(int af, const void *src, char *dst, size_t size); #endif #ifndef HAVE_INET_PTON #define inet_pton rk_inet_pton -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL inet_pton(int, const char *, void *); #endif #ifndef HAVE_GETCWD #define getcwd rk_getcwd -char* ROKEN_LIB_FUNCTION getcwd(char *, size_t); +ROKEN_LIB_FUNCTION char* ROKEN_LIB_CALL getcwd(char *, size_t); #endif #ifdef HAVE_PWD_H #include <pwd.h> -struct passwd * ROKEN_LIB_FUNCTION k_getpwnam (const char *); -struct passwd * ROKEN_LIB_FUNCTION k_getpwuid (uid_t); +ROKEN_LIB_FUNCTION struct passwd * ROKEN_LIB_CALL k_getpwnam (const char *); +ROKEN_LIB_FUNCTION struct passwd * ROKEN_LIB_CALL k_getpwuid (uid_t); #endif -const char * ROKEN_LIB_FUNCTION get_default_username (void); +ROKEN_LIB_FUNCTION const char * ROKEN_LIB_CALL get_default_username (void); #ifndef HAVE_SETEUID #define seteuid rk_seteuid -int ROKEN_LIB_FUNCTION seteuid(uid_t); +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL seteuid(uid_t); #endif #ifndef HAVE_SETEGID #define setegid rk_setegid -int ROKEN_LIB_FUNCTION setegid(gid_t); +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL setegid(gid_t); #endif #ifndef HAVE_LSTAT #define lstat rk_lstat -int ROKEN_LIB_FUNCTION lstat(const char *, struct stat *); +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL lstat(const char *, struct stat *); #endif #if !defined(HAVE_MKSTEMP) || defined(NEED_MKSTEMP_PROTO) #ifndef HAVE_MKSTEMP #define mkstemp rk_mkstemp #endif -int ROKEN_LIB_FUNCTION mkstemp(char *); +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL mkstemp(char *); #endif #ifndef HAVE_CGETENT #define cgetent rk_cgetent #define cgetstr rk_cgetstr -int ROKEN_LIB_FUNCTION cgetent(char **, char **, const char *); -int ROKEN_LIB_FUNCTION cgetstr(char *, const char *, char **); +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL cgetent(char **, char **, const char *); +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL cgetstr(char *, const char *, char **); #endif #ifndef HAVE_INITGROUPS #define initgroups rk_initgroups -int ROKEN_LIB_FUNCTION initgroups(const char *, gid_t); +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL initgroups(const char *, gid_t); #endif #ifndef HAVE_FCHOWN #define fchown rk_fchown -int ROKEN_LIB_FUNCTION fchown(int, uid_t, gid_t); +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL fchown(int, uid_t, gid_t); #endif #if !defined(HAVE_DAEMON) || defined(NEED_DAEMON_PROTO) #ifndef HAVE_DAEMON #define daemon rk_daemon #endif -int ROKEN_LIB_FUNCTION daemon(int, int); +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL daemon(int, int); #endif #ifndef HAVE_CHOWN #define chown rk_chown -int ROKEN_LIB_FUNCTION chown(const char *, uid_t, gid_t); +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL chown(const char *, uid_t, gid_t); #endif #ifndef HAVE_RCMD #define rcmd rk_rcmd -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rcmd(char **, unsigned short, const char *, const char *, const char *, int *); #endif @@ -420,13 +586,13 @@ int ROKEN_LIB_FUNCTION #ifndef HAVE_INNETGR #define innetgr rk_innetgr #endif -int ROKEN_LIB_FUNCTION innetgr(const char*, const char*, +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL innetgr(const char*, const char*, const char*, const char*); #endif #ifndef HAVE_IRUSEROK #define iruserok rk_iruserok -int ROKEN_LIB_FUNCTION iruserok(unsigned, int, +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL iruserok(unsigned, int, const char *, const char *); #endif @@ -434,34 +600,38 @@ int ROKEN_LIB_FUNCTION iruserok(unsigned, int, #ifndef HAVE_GETHOSTNAME #define gethostname rk_gethostname #endif -int ROKEN_LIB_FUNCTION gethostname(char *, int); +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL gethostname(char *, int); #endif #ifndef HAVE_WRITEV #define writev rk_writev -ssize_t ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL writev(int, const struct iovec *, int); #endif #ifndef HAVE_READV #define readv rk_readv -ssize_t ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL readv(int, const struct iovec *, int); #endif #ifndef HAVE_PIDFILE +#ifdef NO_PIDFILES +#define pidfile(x) ((void) 0) +#else #define pidfile rk_pidfile -void ROKEN_LIB_FUNCTION pidfile (const char*); +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL pidfile (const char*); +#endif #endif #ifndef HAVE_BSWAP32 #define bswap32 rk_bswap32 -unsigned int ROKEN_LIB_FUNCTION bswap32(unsigned int); +ROKEN_LIB_FUNCTION unsigned int ROKEN_LIB_CALL bswap32(unsigned int); #endif #ifndef HAVE_BSWAP16 #define bswap16 rk_bswap16 -unsigned short ROKEN_LIB_FUNCTION bswap16(unsigned short); +ROKEN_LIB_FUNCTION unsigned short ROKEN_LIB_CALL bswap16(unsigned short); #endif #ifndef HAVE_FLOCK @@ -486,24 +656,27 @@ int rk_flock(int fd, int operation); #define dirfd(x) ((x)->dd_fd) #endif -time_t ROKEN_LIB_FUNCTION tm2time (struct tm, int); +ROKEN_LIB_FUNCTION time_t ROKEN_LIB_CALL tm2time (struct tm, int); -int ROKEN_LIB_FUNCTION unix_verify_user(char *, char *); +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL unix_verify_user(char *, char *); -int ROKEN_LIB_FUNCTION roken_concat (char *, size_t, ...); +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL roken_concat (char *, size_t, ...); -size_t ROKEN_LIB_FUNCTION roken_mconcat (char **, size_t, ...); +ROKEN_LIB_FUNCTION size_t ROKEN_LIB_CALL roken_mconcat (char **, size_t, ...); -int ROKEN_LIB_FUNCTION roken_vconcat (char *, size_t, va_list); +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL roken_vconcat (char *, size_t, va_list); -size_t ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION size_t ROKEN_LIB_CALL roken_vmconcat (char **, size_t, va_list); -ssize_t ROKEN_LIB_FUNCTION net_write (int, const void *, size_t); +ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL + net_write (rk_socket_t, const void *, size_t); -ssize_t ROKEN_LIB_FUNCTION net_read (int, void *, size_t); +ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL + net_read (rk_socket_t, void *, size_t); -int ROKEN_LIB_FUNCTION issuid(void); +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL + issuid(void); #ifndef HAVE_STRUCT_WINSIZE struct winsize { @@ -512,11 +685,11 @@ struct winsize { }; #endif -int ROKEN_LIB_FUNCTION get_window_size(int fd, struct winsize *); +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL get_window_size(int fd, struct winsize *); #ifndef HAVE_VSYSLOG #define vsyslog rk_vsyslog -void ROKEN_LIB_FUNCTION vsyslog(int, const char *, va_list); +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL vsyslog(int, const char *, va_list); #endif #if !HAVE_DECL_OPTARG @@ -531,25 +704,25 @@ extern int opterr; #ifndef HAVE_GETIPNODEBYNAME #define getipnodebyname rk_getipnodebyname -struct hostent * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION struct hostent * ROKEN_LIB_CALL getipnodebyname (const char *, int, int, int *); #endif #ifndef HAVE_GETIPNODEBYADDR #define getipnodebyaddr rk_getipnodebyaddr -struct hostent * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION struct hostent * ROKEN_LIB_CALL getipnodebyaddr (const void *, size_t, int, int *); #endif #ifndef HAVE_FREEHOSTENT #define freehostent rk_freehostent -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL freehostent (struct hostent *); #endif #ifndef HAVE_COPYHOSTENT #define copyhostent rk_copyhostent -struct hostent * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION struct hostent * ROKEN_LIB_CALL copyhostent (const struct hostent *); #endif @@ -617,7 +790,7 @@ struct addrinfo { #ifndef HAVE_GETADDRINFO #define getaddrinfo rk_getaddrinfo -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL getaddrinfo(const char *, const char *, const struct addrinfo *, @@ -626,7 +799,7 @@ getaddrinfo(const char *, #ifndef HAVE_GETNAMEINFO #define getnameinfo rk_getnameinfo -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL getnameinfo(const struct sockaddr *, socklen_t, char *, size_t, char *, size_t, @@ -635,65 +808,103 @@ getnameinfo(const struct sockaddr *, socklen_t, #ifndef HAVE_FREEADDRINFO #define freeaddrinfo rk_freeaddrinfo -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL freeaddrinfo(struct addrinfo *); #endif #ifndef HAVE_GAI_STRERROR #define gai_strerror rk_gai_strerror -const char * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION const char * ROKEN_LIB_CALL gai_strerror(int); #endif -int ROKEN_LIB_FUNCTION +#ifdef HAVE_WINSOCK + +/* While we are at it, define WinSock specific scatter gather socket + I/O. */ + +#define iovec _WSABUF +#define iov_base buf +#define iov_len len + +struct msghdr { + void *msg_name; + socklen_t msg_namelen; + struct iovec *msg_iov; + size_t msg_iovlen; + void *msg_control; + socklen_t msg_controllen; + int msg_flags; +}; + +#define sendmsg sendmsg_w32 + +ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL +sendmsg_w32(rk_socket_t s, const struct msghdr * msg, int flags); + +#endif + +#ifdef NO_SLEEP + +ROKEN_LIB_FUNCTION unsigned int ROKEN_LIB_CALL +sleep(unsigned int seconds); + +#endif + +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL getnameinfo_verified(const struct sockaddr *, socklen_t, char *, size_t, char *, size_t, int); -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL roken_getaddrinfo_hostspec(const char *, int, struct addrinfo **); -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL roken_getaddrinfo_hostspec2(const char *, int, int, struct addrinfo **); #ifndef HAVE_STRFTIME #define strftime rk_strftime -size_t ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION size_t ROKEN_LIB_CALL strftime (char *, size_t, const char *, const struct tm *); #endif #ifndef HAVE_STRPTIME #define strptime rk_strptime -char * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL strptime (const char *, const char *, struct tm *); #endif +#ifndef HAVE_GETTIMEOFDAY +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +gettimeofday (struct timeval *, void *); +#endif + #ifndef HAVE_EMALLOC #define emalloc rk_emalloc -void * ROKEN_LIB_FUNCTION emalloc (size_t); +ROKEN_LIB_FUNCTION void * ROKEN_LIB_CALL emalloc (size_t); #endif #ifndef HAVE_ECALLOC #define ecalloc rk_ecalloc -void * ROKEN_LIB_FUNCTION ecalloc(size_t, size_t); +ROKEN_LIB_FUNCTION void * ROKEN_LIB_CALL ecalloc(size_t, size_t); #endif #ifndef HAVE_EREALLOC #define erealloc rk_erealloc -void * ROKEN_LIB_FUNCTION erealloc (void *, size_t); +ROKEN_LIB_FUNCTION void * ROKEN_LIB_CALL erealloc (void *, size_t); #endif #ifndef HAVE_ESTRDUP #define estrdup rk_estrdup -char * ROKEN_LIB_FUNCTION estrdup (const char *); +ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL estrdup (const char *); #endif /* * kludges and such */ -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL roken_gethostby_setup(const char*, const char*); -struct hostent* ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION struct hostent* ROKEN_LIB_CALL roken_gethostbyname(const char*); -struct hostent* ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION struct hostent* ROKEN_LIB_CALL roken_gethostbyaddr(const void*, size_t, int); #ifdef GETSERVBYNAME_PROTO_COMPATIBLE @@ -716,24 +927,27 @@ roken_gethostbyaddr(const void*, size_t, int); #ifndef HAVE_SETPROGNAME #define setprogname rk_setprogname -void ROKEN_LIB_FUNCTION setprogname(const char *); +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL setprogname(const char *); #endif #ifndef HAVE_GETPROGNAME #define getprogname rk_getprogname -const char * ROKEN_LIB_FUNCTION getprogname(void); +ROKEN_LIB_FUNCTION const char * ROKEN_LIB_CALL getprogname(void); #endif #if !defined(HAVE_SETPROGNAME) && !defined(HAVE_GETPROGNAME) && !HAVE_DECL___PROGNAME extern const char *__progname; #endif -void ROKEN_LIB_FUNCTION mini_inetd_addrinfo (struct addrinfo*); -void ROKEN_LIB_FUNCTION mini_inetd (int); +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +mini_inetd_addrinfo (struct addrinfo*, rk_socket_t *); + +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +mini_inetd (int, rk_socket_t *); #ifndef HAVE_LOCALTIME_R #define localtime_r rk_localtime_r -struct tm * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION struct tm * ROKEN_LIB_CALL localtime_r(const time_t *, struct tm *); #endif @@ -741,15 +955,23 @@ localtime_r(const time_t *, struct tm *); #ifndef HAVE_STRSVIS #define strsvis rk_strsvis #endif -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL strsvis(char *, const char *, int, const char *); #endif +#if !defined(HAVE_STRSVISX) || defined(NEED_STRSVISX_PROTO) +#ifndef HAVE_STRSVISX +#define strsvisx rk_strsvisx +#endif +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +strsvisx(char *, const char *, size_t, int, const char *); +#endif + #if !defined(HAVE_STRUNVIS) || defined(NEED_STRUNVIS_PROTO) #ifndef HAVE_STRUNVIS #define strunvis rk_strunvis #endif -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL strunvis(char *, const char *); #endif @@ -757,7 +979,7 @@ strunvis(char *, const char *); #ifndef HAVE_STRVIS #define strvis rk_strvis #endif -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL strvis(char *, const char *, int); #endif @@ -765,7 +987,7 @@ strvis(char *, const char *, int); #ifndef HAVE_STRVISX #define strvisx rk_strvisx #endif -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL strvisx(char *, const char *, size_t, int); #endif @@ -773,7 +995,7 @@ strvisx(char *, const char *, size_t, int); #ifndef HAVE_SVIS #define svis rk_svis #endif -char * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL svis(char *, int, int, int, const char *); #endif @@ -781,7 +1003,7 @@ svis(char *, int, int, int, const char *); #ifndef HAVE_UNVIS #define unvis rk_unvis #endif -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL unvis(char *, int, int *, int); #endif @@ -789,19 +1011,19 @@ unvis(char *, int, int *, int); #ifndef HAVE_VIS #define vis rk_vis #endif -char * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL vis(char *, int, int, int); #endif #if !defined(HAVE_CLOSEFROM) #define closefrom rk_closefrom -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL closefrom(int); #endif #if !defined(HAVE_TIMEGM) #define timegm rk_timegm -time_t ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION time_t ROKEN_LIB_CALL rk_timegm(struct tm *tm); #endif diff --git a/source4/heimdal/lib/roken/roken_gethostby.c b/source4/heimdal/lib/roken/roken_gethostby.c index d87a49a04b..c99596c536 100644 --- a/source4/heimdal/lib/roken/roken_gethostby.c +++ b/source4/heimdal/lib/roken/roken_gethostby.c @@ -104,7 +104,7 @@ split_spec(const char *spec, char **host, int *port, char **path, int def_port) } -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL roken_gethostby_setup(const char *proxy_spec, const char *dns_spec) { char *proxy_host = NULL; @@ -207,7 +207,7 @@ roken_gethostby(const char *hostname) } } -struct hostent* +ROKEN_LIB_FUNCTION struct hostent* ROKEN_LIB_CALL roken_gethostbyname(const char *hostname) { struct hostent *he; @@ -217,7 +217,7 @@ roken_gethostbyname(const char *hostname) return roken_gethostby(hostname); } -struct hostent* ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION struct hostent* ROKEN_LIB_CALL roken_gethostbyaddr(const void *addr, size_t len, int type) { struct in_addr a; diff --git a/source4/heimdal/lib/roken/rtbl.c b/source4/heimdal/lib/roken/rtbl.c index 7d11a487cf..fe0fde662b 100644 --- a/source4/heimdal/lib/roken/rtbl.c +++ b/source4/heimdal/lib/roken/rtbl.c @@ -59,19 +59,19 @@ struct rtbl_data { char *column_separator; }; -rtbl_t ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION rtbl_t ROKEN_LIB_CALL rtbl_create (void) { return calloc (1, sizeof (struct rtbl_data)); } -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL rtbl_set_flags (rtbl_t table, unsigned int flags) { table->flags = flags; } -unsigned int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION unsigned int ROKEN_LIB_CALL rtbl_get_flags (rtbl_t table) { return table->flags; @@ -80,7 +80,7 @@ rtbl_get_flags (rtbl_t table) static struct column_data * rtbl_get_column_by_id (rtbl_t table, unsigned int id) { - int i; + size_t i; for(i = 0; i < table->num_columns; i++) if(table->columns[i]->column_id == id) return table->columns[i]; @@ -90,17 +90,17 @@ rtbl_get_column_by_id (rtbl_t table, unsigned int id) static struct column_data * rtbl_get_column (rtbl_t table, const char *column) { - int i; + size_t i; for(i = 0; i < table->num_columns; i++) if(strcmp(table->columns[i]->header, column) == 0) return table->columns[i]; return NULL; } -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL rtbl_destroy (rtbl_t table) { - int i, j; + size_t i, j; for (i = 0; i < table->num_columns; i++) { struct column_data *c = table->columns[i]; @@ -119,7 +119,7 @@ rtbl_destroy (rtbl_t table) free (table); } -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rtbl_add_column_by_id (rtbl_t table, unsigned int id, const char *header, unsigned int flags) { @@ -148,13 +148,13 @@ rtbl_add_column_by_id (rtbl_t table, unsigned int id, return 0; } -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rtbl_add_column (rtbl_t table, const char *header, unsigned int flags) { return rtbl_add_column_by_id(table, 0, header, flags); } -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rtbl_new_row(rtbl_t table) { size_t max_rows = 0; @@ -183,18 +183,18 @@ rtbl_new_row(rtbl_t table) static void column_compute_width (rtbl_t table, struct column_data *column) { - int i; + size_t i; if(table->flags & RTBL_HEADER_STYLE_NONE) column->width = 0; else column->width = strlen (column->header); for (i = 0; i < column->num_rows; i++) - column->width = max (column->width, strlen (column->rows[i].data)); + column->width = max (column->width, (int) strlen (column->rows[i].data)); } /* DEPRECATED */ -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rtbl_set_prefix (rtbl_t table, const char *prefix) { if (table->column_prefix) @@ -205,7 +205,7 @@ rtbl_set_prefix (rtbl_t table, const char *prefix) return 0; } -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rtbl_set_separator (rtbl_t table, const char *separator) { if (table->column_separator) @@ -216,7 +216,7 @@ rtbl_set_separator (rtbl_t table, const char *separator) return 0; } -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rtbl_set_column_prefix (rtbl_t table, const char *column, const char *prefix) { @@ -232,7 +232,7 @@ rtbl_set_column_prefix (rtbl_t table, const char *column, return 0; } -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rtbl_set_column_affix_by_id(rtbl_t table, unsigned int id, const char *prefix, const char *suffix) { @@ -301,7 +301,7 @@ add_column_entry (struct column_data *c, const char *data) return 0; } -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rtbl_add_column_entry_by_id (rtbl_t table, unsigned int id, const char *data) { struct column_data *c = rtbl_get_column_by_id (table, id); @@ -312,7 +312,7 @@ rtbl_add_column_entry_by_id (rtbl_t table, unsigned int id, const char *data) return add_column_entry(c, data); } -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rtbl_add_column_entryv_by_id (rtbl_t table, unsigned int id, const char *fmt, ...) { @@ -330,7 +330,7 @@ rtbl_add_column_entryv_by_id (rtbl_t table, unsigned int id, return ret; } -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rtbl_add_column_entry (rtbl_t table, const char *column, const char *data) { struct column_data *c = rtbl_get_column (table, column); @@ -341,7 +341,7 @@ rtbl_add_column_entry (rtbl_t table, const char *column, const char *data) return add_column_entry(c, data); } -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rtbl_add_column_entryv (rtbl_t table, const char *column, const char *fmt, ...) { va_list ap; @@ -359,10 +359,10 @@ rtbl_add_column_entryv (rtbl_t table, const char *column, const char *fmt, ...) } -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rtbl_format (rtbl_t table, FILE * f) { - int i, j; + size_t i, j; for (i = 0; i < table->num_columns; i++) column_compute_width (table, table->columns[i]); diff --git a/source4/heimdal/lib/roken/rtbl.h b/source4/heimdal/lib/roken/rtbl.h index 60bbc9f873..549d3a8aa4 100644 --- a/source4/heimdal/lib/roken/rtbl.h +++ b/source4/heimdal/lib/roken/rtbl.h @@ -37,9 +37,11 @@ #ifndef ROKEN_LIB_FUNCTION #ifdef _WIN32 -#define ROKEN_LIB_FUNCTION _stdcall +#define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL __cdecl #else #define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL #endif #endif @@ -60,55 +62,55 @@ typedef struct rtbl_data *rtbl_t; /* flags */ #define RTBL_HEADER_STYLE_NONE 1 -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rtbl_add_column (rtbl_t, const char*, unsigned int); -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rtbl_add_column_by_id (rtbl_t, unsigned int, const char*, unsigned int); -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rtbl_add_column_entryv_by_id (rtbl_t table, unsigned int id, const char *fmt, ...) __attribute__ ((format (printf, 3, 0))); -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rtbl_add_column_entry (rtbl_t, const char*, const char*); -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rtbl_add_column_entryv (rtbl_t, const char*, const char*, ...) __attribute__ ((format (printf, 3, 0))); -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rtbl_add_column_entry_by_id (rtbl_t, unsigned int, const char*); -rtbl_t ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION rtbl_t ROKEN_LIB_CALL rtbl_create (void); -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL rtbl_destroy (rtbl_t); -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rtbl_format (rtbl_t, FILE*); -unsigned int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION unsigned int ROKEN_LIB_CALL rtbl_get_flags (rtbl_t); -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rtbl_new_row (rtbl_t); -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rtbl_set_column_affix_by_id (rtbl_t, unsigned int, const char*, const char*); -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rtbl_set_column_prefix (rtbl_t, const char*, const char*); -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL rtbl_set_flags (rtbl_t, unsigned int); -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rtbl_set_prefix (rtbl_t, const char*); -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rtbl_set_separator (rtbl_t, const char*); #ifdef __cplusplus diff --git a/source4/heimdal/lib/roken/setprogname.c b/source4/heimdal/lib/roken/setprogname.c index 225e6ae092..115af77b88 100644 --- a/source4/heimdal/lib/roken/setprogname.c +++ b/source4/heimdal/lib/roken/setprogname.c @@ -40,7 +40,7 @@ extern const char *__progname; #endif #ifndef HAVE_SETPROGNAME -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL setprogname(const char *argv0) { #ifndef HAVE___PROGNAME diff --git a/source4/heimdal/lib/roken/signal.c b/source4/heimdal/lib/roken/signal.c index 19a4845435..284f1e7926 100644 --- a/source4/heimdal/lib/roken/signal.c +++ b/source4/heimdal/lib/roken/signal.c @@ -47,7 +47,7 @@ * Do we need any extra hacks for SIGCLD and/or SIGCHLD? */ -SigAction ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION SigAction ROKEN_LIB_CALL signal(int iSig, SigAction pAction) { struct sigaction saNew, saOld; diff --git a/source4/heimdal/lib/roken/simple_exec.c b/source4/heimdal/lib/roken/simple_exec.c index 86dde1bad2..97679d7e41 100644 --- a/source4/heimdal/lib/roken/simple_exec.c +++ b/source4/heimdal/lib/roken/simple_exec.c @@ -52,13 +52,13 @@ #define EX_NOTFOUND 127 /* return values: - -1 on `unspecified' system errors - -2 on fork failures - -3 on waitpid errors - -4 exec timeout + SE_E_UNSPECIFIED on `unspecified' system errors + SE_E_FORKFAILED on fork failures + SE_E_WAITPIDFAILED on waitpid errors + SE_E_EXECTIMEOUT exec timeout 0- is return value from subprocess - 126 if the program couldn't be executed - 127 if the program couldn't be found + SE_E_NOEXEC if the program couldn't be executed + SE_E_NOTFOUND if the program couldn't be found 128- is 128 + signal that killed subprocess possible values `func' can return: @@ -78,7 +78,7 @@ sigtimeout(int sig) SIGRETURN(0); } -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL wait_for_process_timed(pid_t pid, time_t (*func)(void *), void *ptr, time_t timeout) { @@ -98,7 +98,7 @@ wait_for_process_timed(pid_t pid, time_t (*func)(void *), while(waitpid(pid, &status, 0) < 0) { if (errno != EINTR) { - ret = -3; + ret = SE_E_WAITPIDFAILED; goto out; } if (func == NULL) @@ -110,7 +110,7 @@ wait_for_process_timed(pid_t pid, time_t (*func)(void *), kill(pid, SIGTERM); continue; } else if (timeout == (time_t)-2) { - ret = -4; + ret = SE_E_EXECTIMEOUT; goto out; } alarm(timeout); @@ -134,13 +134,13 @@ wait_for_process_timed(pid_t pid, time_t (*func)(void *), return ret; } -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL wait_for_process(pid_t pid) { return wait_for_process_timed(pid, NULL, NULL, 0); } -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL pipe_execv(FILE **stdin_fd, FILE **stdout_fd, FILE **stderr_fd, const char *file, ...) { @@ -211,7 +211,7 @@ pipe_execv(FILE **stdin_fd, FILE **stdout_fd, FILE **stderr_fd, close(err_fd[0]); close(err_fd[1]); } - return -2; + return SE_E_FORKFAILED; default: if(stdin_fd != NULL) { close(in_fd[0]); @@ -229,14 +229,14 @@ pipe_execv(FILE **stdin_fd, FILE **stdout_fd, FILE **stderr_fd, return pid; } -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL simple_execvp_timed(const char *file, char *const args[], time_t (*func)(void *), void *ptr, time_t timeout) { pid_t pid = fork(); switch(pid){ case -1: - return -2; + return SE_E_FORKFAILED; case 0: execvp(file, args); exit((errno == ENOENT) ? EX_NOTFOUND : EX_NOEXEC); @@ -245,21 +245,21 @@ simple_execvp_timed(const char *file, char *const args[], } } -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL simple_execvp(const char *file, char *const args[]) { return simple_execvp_timed(file, args, NULL, NULL, 0); } /* gee, I'd like a execvpe */ -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL simple_execve_timed(const char *file, char *const args[], char *const envp[], time_t (*func)(void *), void *ptr, time_t timeout) { pid_t pid = fork(); switch(pid){ case -1: - return -2; + return SE_E_FORKFAILED; case 0: execve(file, args, envp); exit((errno == ENOENT) ? EX_NOTFOUND : EX_NOEXEC); @@ -268,13 +268,13 @@ simple_execve_timed(const char *file, char *const args[], char *const envp[], } } -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL simple_execve(const char *file, char *const args[], char *const envp[]) { return simple_execve_timed(file, args, envp, NULL, NULL, 0); } -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL simple_execlp(const char *file, ...) { va_list ap; @@ -285,13 +285,13 @@ simple_execlp(const char *file, ...) argv = vstrcollect(&ap); va_end(ap); if(argv == NULL) - return -1; + return SE_E_UNSPECIFIED; ret = simple_execvp(file, argv); free(argv); return ret; } -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL simple_execle(const char *file, ... /* ,char *const envp[] */) { va_list ap; @@ -304,7 +304,7 @@ simple_execle(const char *file, ... /* ,char *const envp[] */) envp = va_arg(ap, char **); va_end(ap); if(argv == NULL) - return -1; + return SE_E_UNSPECIFIED; ret = simple_execve(file, argv, envp); free(argv); return ret; diff --git a/source4/heimdal/lib/roken/socket.c b/source4/heimdal/lib/roken/socket.c index ab1b7ff344..bfc4b7102b 100644 --- a/source4/heimdal/lib/roken/socket.c +++ b/source4/heimdal/lib/roken/socket.c @@ -40,7 +40,7 @@ * Set `sa' to the unitialized address of address family `af' */ -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL socket_set_any (struct sockaddr *sa, int af) { switch (af) { @@ -74,7 +74,7 @@ socket_set_any (struct sockaddr *sa, int af) * set `sa' to (`ptr', `port') */ -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL socket_set_address_and_port (struct sockaddr *sa, const void *ptr, int port) { switch (sa->sa_family) { @@ -108,7 +108,7 @@ socket_set_address_and_port (struct sockaddr *sa, const void *ptr, int port) * Return the size of an address of the type in `sa' */ -size_t ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION size_t ROKEN_LIB_CALL socket_addr_size (const struct sockaddr *sa) { switch (sa->sa_family) { @@ -120,7 +120,7 @@ socket_addr_size (const struct sockaddr *sa) #endif default : errx (1, "unknown address family %d", sa->sa_family); - break; + UNREACHABLE(return 0); } } @@ -128,7 +128,7 @@ socket_addr_size (const struct sockaddr *sa) * Return the size of a `struct sockaddr' in `sa'. */ -size_t ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION size_t ROKEN_LIB_CALL socket_sockaddr_size (const struct sockaddr *sa) { switch (sa->sa_family) { @@ -140,7 +140,7 @@ socket_sockaddr_size (const struct sockaddr *sa) #endif default : errx (1, "unknown address family %d", sa->sa_family); - break; + UNREACHABLE(return 0); } } @@ -148,7 +148,7 @@ socket_sockaddr_size (const struct sockaddr *sa) * Return the binary address of `sa'. */ -void * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void * ROKEN_LIB_CALL socket_get_address (const struct sockaddr *sa) { switch (sa->sa_family) { @@ -164,7 +164,7 @@ socket_get_address (const struct sockaddr *sa) #endif default : errx (1, "unknown address family %d", sa->sa_family); - break; + UNREACHABLE(return NULL); } } @@ -172,7 +172,7 @@ socket_get_address (const struct sockaddr *sa) * Return the port number from `sa'. */ -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL socket_get_port (const struct sockaddr *sa) { switch (sa->sa_family) { @@ -188,7 +188,7 @@ socket_get_port (const struct sockaddr *sa) #endif default : errx (1, "unknown address family %d", sa->sa_family); - break; + UNREACHABLE(return 0); } } @@ -196,7 +196,7 @@ socket_get_port (const struct sockaddr *sa) * Set the port in `sa' to `port'. */ -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL socket_set_port (struct sockaddr *sa, int port) { switch (sa->sa_family) { @@ -221,8 +221,8 @@ socket_set_port (struct sockaddr *sa, int port) /* * Set the range of ports to use when binding with port = 0. */ -void ROKEN_LIB_FUNCTION -socket_set_portrange (int sock, int restr, int af) +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +socket_set_portrange (rk_socket_t sock, int restr, int af) { #if defined(IP_PORTRANGE) if (af == AF_INET) { @@ -247,8 +247,8 @@ socket_set_portrange (int sock, int restr, int af) * Enable debug on `sock'. */ -void ROKEN_LIB_FUNCTION -socket_set_debug (int sock) +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +socket_set_debug (rk_socket_t sock) { #if defined(SO_DEBUG) && defined(HAVE_SETSOCKOPT) int on = 1; @@ -262,8 +262,8 @@ socket_set_debug (int sock) * Set the type-of-service of `sock' to `tos'. */ -void ROKEN_LIB_FUNCTION -socket_set_tos (int sock, int tos) +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +socket_set_tos (rk_socket_t sock, int tos) { #if defined(IP_TOS) && defined(HAVE_SETSOCKOPT) if (setsockopt (sock, IPPROTO_IP, IP_TOS, (void *) &tos, sizeof (int)) < 0) @@ -276,8 +276,8 @@ socket_set_tos (int sock, int tos) * set the reuse of addresses on `sock' to `val'. */ -void ROKEN_LIB_FUNCTION -socket_set_reuseaddr (int sock, int val) +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +socket_set_reuseaddr (rk_socket_t sock, int val) { #if defined(SO_REUSEADDR) && defined(HAVE_SETSOCKOPT) if(setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *)&val, @@ -290,10 +290,28 @@ socket_set_reuseaddr (int sock, int val) * Set the that the `sock' should bind to only IPv6 addresses. */ -void ROKEN_LIB_FUNCTION -socket_set_ipv6only (int sock, int val) +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +socket_set_ipv6only (rk_socket_t sock, int val) { #if defined(IPV6_V6ONLY) && defined(HAVE_SETSOCKOPT) setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY, (void *)&val, sizeof(val)); #endif } + +/** + * Create a file descriptor from a socket + * + * While the socket handle in \a sock can be used with WinSock + * functions after calling socket_to_fd(), it should not be closed + * with rk_closesocket(). The socket will be closed when the associated + * file descriptor is closed. + */ +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +socket_to_fd(rk_socket_t sock, int flags) +{ +#ifndef _WIN32 + return sock; +#else + return _open_osfhandle((intptr_t) sock, flags); +#endif +} diff --git a/source4/heimdal/lib/roken/strcollect.c b/source4/heimdal/lib/roken/strcollect.c index f444d05e25..0afc3f0c62 100644 --- a/source4/heimdal/lib/roken/strcollect.c +++ b/source4/heimdal/lib/roken/strcollect.c @@ -66,7 +66,7 @@ sub (char **argv, int i, int argc, va_list *ap) * terminated by NULL. */ -char ** ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION char ** ROKEN_LIB_CALL vstrcollect(va_list *ap) { return sub (NULL, 0, 0, ap); @@ -76,7 +76,7 @@ vstrcollect(va_list *ap) * */ -char ** ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION char ** ROKEN_LIB_CALL strcollect(char *first, ...) { va_list ap; diff --git a/source4/heimdal/lib/roken/strlwr.c b/source4/heimdal/lib/roken/strlwr.c index 1a6634b736..68bd4edad3 100644 --- a/source4/heimdal/lib/roken/strlwr.c +++ b/source4/heimdal/lib/roken/strlwr.c @@ -38,7 +38,7 @@ #include "roken.h" #ifndef HAVE_STRLWR -char * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL strlwr(char *str) { char *s; diff --git a/source4/heimdal/lib/roken/strpool.c b/source4/heimdal/lib/roken/strpool.c index 642d335dec..6e6a737bc6 100644 --- a/source4/heimdal/lib/roken/strpool.c +++ b/source4/heimdal/lib/roken/strpool.c @@ -46,7 +46,7 @@ struct rk_strpool { * */ -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL rk_strpoolfree(struct rk_strpool *p) { if (p->str) { @@ -60,7 +60,7 @@ rk_strpoolfree(struct rk_strpool *p) * */ -struct rk_strpool * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION struct rk_strpool * ROKEN_LIB_CALL rk_strpoolprintf(struct rk_strpool *p, const char *fmt, ...) { va_list ap; @@ -97,7 +97,7 @@ rk_strpoolprintf(struct rk_strpool *p, const char *fmt, ...) * */ -char * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL rk_strpoolcollect(struct rk_strpool *p) { char *str; diff --git a/source4/heimdal/lib/roken/strsep.c b/source4/heimdal/lib/roken/strsep.c index 5cbf8557a5..76b447c373 100644 --- a/source4/heimdal/lib/roken/strsep.c +++ b/source4/heimdal/lib/roken/strsep.c @@ -39,7 +39,7 @@ #ifndef HAVE_STRSEP -char * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL strsep(char **str, const char *delim) { char *save = *str; diff --git a/source4/heimdal/lib/roken/strsep_copy.c b/source4/heimdal/lib/roken/strsep_copy.c index 908e37ca40..9624b5a46f 100644 --- a/source4/heimdal/lib/roken/strsep_copy.c +++ b/source4/heimdal/lib/roken/strsep_copy.c @@ -41,7 +41,7 @@ /* strsep, but with const stringp, so return string in buf */ -ssize_t ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL strsep_copy(const char **stringp, const char *delim, char *buf, size_t len) { const char *save = *stringp; diff --git a/source4/heimdal/lib/roken/strupr.c b/source4/heimdal/lib/roken/strupr.c index db2d987f9f..fdff7f44a8 100644 --- a/source4/heimdal/lib/roken/strupr.c +++ b/source4/heimdal/lib/roken/strupr.c @@ -38,7 +38,7 @@ #include "roken.h" #ifndef HAVE_STRUPR -char * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL strupr(char *str) { char *s; diff --git a/source4/heimdal/lib/roken/vis.c b/source4/heimdal/lib/roken/vis.c index 155b148e86..19ff29d95c 100644 --- a/source4/heimdal/lib/roken/vis.c +++ b/source4/heimdal/lib/roken/vis.c @@ -106,17 +106,17 @@ static char *do_svis(char *, int, int, int, const char *); #define BELL '\007' #endif -char * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL rk_vis (char *, int, int, int); -char * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL rk_svis (char *, int, int, int, const char *); -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rk_strvis (char *, const char *, int); -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rk_strsvis (char *, const char *, int, const char *); -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rk_strvisx (char *, const char *, size_t, int); -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rk_strsvisx (char *, const char *, size_t, int, const char *); @@ -249,7 +249,7 @@ do_svis(char *dst, int c, int flag, int nextc, const char *extra) * svis - visually encode characters, also encoding the characters * pointed to by `extra' */ -char * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL rk_svis(char *dst, int c, int flag, int nextc, const char *extra) { char *nextra = NULL; @@ -286,7 +286,8 @@ rk_svis(char *dst, int c, int flag, int nextc, const char *extra) * Strsvisx encodes exactly len bytes from src into dst. * This is useful for encoding a block of data. */ -int ROKEN_LIB_FUNCTION + +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rk_strsvis(char *dst, const char *csrc, int flag, const char *extra) { int c; @@ -315,7 +316,7 @@ rk_strsvis(char *dst, const char *csrc, int flag, const char *extra) } -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rk_strsvisx(char *dst, const char *csrc, size_t len, int flag, const char *extra) { unsigned char c; @@ -353,7 +354,7 @@ rk_strsvisx(char *dst, const char *csrc, size_t len, int flag, const char *extra /* * vis - visually encode characters */ -char * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL rk_vis(char *dst, int c, int flag, int nextc) { char *extra = NULL; @@ -386,7 +387,7 @@ rk_vis(char *dst, int c, int flag, int nextc) * Strvisx encodes exactly len bytes from src into dst. * This is useful for encoding a block of data. */ -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rk_strvis(char *dst, const char *src, int flag) { char *extra = NULL; @@ -403,7 +404,7 @@ rk_strvis(char *dst, const char *src, int flag) } -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rk_strvisx(char *dst, const char *src, size_t len, int flag) { char *extra = NULL; diff --git a/source4/heimdal/lib/roken/vis.hin b/source4/heimdal/lib/roken/vis.hin index a1481b789e..25d662a980 100644 --- a/source4/heimdal/lib/roken/vis.hin +++ b/source4/heimdal/lib/roken/vis.hin @@ -36,9 +36,11 @@ #ifndef ROKEN_LIB_FUNCTION #ifdef _WIN32 -#define ROKEN_LIB_FUNCTION _stdcall +#define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL __cdecl #else #define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL #endif #endif @@ -84,24 +86,25 @@ ROKEN_CPP_START -char * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL rk_vis(char *, int, int, int); -char * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL rk_svis(char *, int, int, int, const char *); -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rk_strvis(char *, const char *, int); -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rk_strsvis(char *, const char *, int, const char *); -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rk_strvisx(char *, const char *, size_t, int); -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rk_strsvisx(char *, const char *, size_t, int, const char *); -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rk_strunvis(char *, const char *); -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rk_strunvisx(char *, const char *, int); -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rk_unvis(char *, int, int *, int); + ROKEN_CPP_END #ifndef HAVE_VIS diff --git a/source4/heimdal/lib/roken/xfree.c b/source4/heimdal/lib/roken/xfree.c index 13366ce132..c7e30daf85 100644 --- a/source4/heimdal/lib/roken/xfree.c +++ b/source4/heimdal/lib/roken/xfree.c @@ -33,8 +33,6 @@ #include <config.h> -#include <unistd.h> - #include "roken.h" void ROKEN_LIB_FUNCTION diff --git a/source4/heimdal/lib/vers/print_version.c b/source4/heimdal/lib/vers/print_version.c index 9d102c7dc5..c702ae0fce 100644 --- a/source4/heimdal/lib/vers/print_version.c +++ b/source4/heimdal/lib/vers/print_version.c @@ -34,6 +34,8 @@ #include <config.h> +#define VERSION_HIDDEN static + #include "roken.h" #include "version.h" @@ -49,6 +51,6 @@ print_version(const char *progname) if(*package_list == '\0') package_list = "no version information"; fprintf(stderr, "%s (%s)\n", progname, package_list); - fprintf(stderr, "Copyright 1995-2008 Kungliga Tekniska Högskolan\n"); + fprintf(stderr, "Copyright 1995-2010 Kungliga Tekniska Högskolan\n"); fprintf(stderr, "Send bug-reports to %s\n", PACKAGE_BUGREPORT); } diff --git a/source4/heimdal/lib/wind/gen-bidi.py b/source4/heimdal/lib/wind/gen-bidi.py index 42af72f3bf..70abb1ed76 100644 --- a/source4/heimdal/lib/wind/gen-bidi.py +++ b/source4/heimdal/lib/wind/gen-bidi.py @@ -70,6 +70,7 @@ extern const size_t _wind_l_table_size; bidi_c.file.write( ''' +#include <stdlib.h> #include "bidi_table.h" ''') diff --git a/source4/heimdal/lib/wind/gen-combining.py b/source4/heimdal/lib/wind/gen-combining.py index f7e9bf881f..cc692fd2a6 100644 --- a/source4/heimdal/lib/wind/gen-combining.py +++ b/source4/heimdal/lib/wind/gen-combining.py @@ -73,6 +73,7 @@ extern const size_t _wind_combining_table_size; combining_c.file.write( ''' +#include <stdlib.h> #include "combining_table.h" const struct translation _wind_combining_table[] = { diff --git a/source4/heimdal/lib/wind/gen-errorlist.py b/source4/heimdal/lib/wind/gen-errorlist.py index 6ea88d7bc5..b921377ab7 100644 --- a/source4/heimdal/lib/wind/gen-errorlist.py +++ b/source4/heimdal/lib/wind/gen-errorlist.py @@ -77,6 +77,7 @@ extern const size_t _wind_errorlist_table_size; errorlist_c.file.write( ''' +#include <stdlib.h> #include "errorlist_table.h" const struct error_entry _wind_errorlist_table[] = { diff --git a/source4/heimdal/lib/wind/gen-normalize.py b/source4/heimdal/lib/wind/gen-normalize.py index 0a20b71cfa..c076088fd0 100644 --- a/source4/heimdal/lib/wind/gen-normalize.py +++ b/source4/heimdal/lib/wind/gen-normalize.py @@ -97,6 +97,7 @@ extern const unsigned short _wind_canon_next_table[]; normalize_c.file.write( ''' +#include <stdlib.h> #include "normalize_table.h" const struct translation _wind_normalize_table[] = { diff --git a/source4/heimdal/lib/wind/windlocl.h b/source4/heimdal/lib/wind/windlocl.h index fb5e0b25da..da9d58cfee 100644 --- a/source4/heimdal/lib/wind/windlocl.h +++ b/source4/heimdal/lib/wind/windlocl.h @@ -41,6 +41,7 @@ #endif #include <krb5-types.h> +#include <roken.h> #include "wind.h" #include "wind_err.h" |