diff options
Diffstat (limited to 'source4/heimdal/lib/krb5/init_creds.c')
| -rw-r--r-- | source4/heimdal/lib/krb5/init_creds.c | 91 |
1 files changed, 54 insertions, 37 deletions
diff --git a/source4/heimdal/lib/krb5/init_creds.c b/source4/heimdal/lib/krb5/init_creds.c index b1bd94d3b9..f555c724ed 100644 --- a/source4/heimdal/lib/krb5/init_creds.c +++ b/source4/heimdal/lib/krb5/init_creds.c @@ -3,6 +3,8 @@ * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -50,7 +52,7 @@ * @ingroup krb5_credential */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_opt_alloc(krb5_context context, krb5_get_init_creds_opt **opt) { @@ -82,7 +84,7 @@ krb5_get_init_creds_opt_alloc(krb5_context context, * @ingroup krb5_credential */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_free(krb5_context context, krb5_get_init_creds_opt *opt) { @@ -124,20 +126,21 @@ get_config_time (krb5_context context, static krb5_boolean get_config_bool (krb5_context context, + krb5_boolean def_value, const char *realm, const char *name) { - return krb5_config_get_bool (context, - NULL, - "realms", - realm, - name, - NULL) - || krb5_config_get_bool (context, - NULL, - "libdefaults", - name, - NULL); + krb5_boolean b; + + b = krb5_config_get_bool_default(context, NULL, def_value, + "realms", realm, name, NULL); + if (b != def_value) + return b; + b = krb5_config_get_bool_default (context, NULL, def_value, + "libdefaults", name, NULL); + if (b != def_value) + return b; + return def_value; } /* @@ -147,7 +150,7 @@ get_config_bool (krb5_context context, * [realms] or [libdefaults] for some of the values. */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_set_default_flags(krb5_context context, const char *appname, krb5_const_realm realm, @@ -156,11 +159,12 @@ krb5_get_init_creds_opt_set_default_flags(krb5_context context, krb5_boolean b; time_t t; - b = get_config_bool (context, realm, "forwardable"); + b = get_config_bool (context, KRB5_FORWARDABLE_DEFAULT, + realm, "forwardable"); krb5_appdefault_boolean(context, appname, realm, "forwardable", b, &b); krb5_get_init_creds_opt_set_forwardable(opt, b); - b = get_config_bool (context, realm, "proxiable"); + b = get_config_bool (context, FALSE, realm, "proxiable"); krb5_appdefault_boolean(context, appname, realm, "proxiable", b, &b); krb5_get_init_creds_opt_set_proxiable (opt, b); @@ -197,7 +201,7 @@ krb5_get_init_creds_opt_set_default_flags(krb5_context context, } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_set_tkt_life(krb5_get_init_creds_opt *opt, krb5_deltat tkt_life) { @@ -205,7 +209,7 @@ krb5_get_init_creds_opt_set_tkt_life(krb5_get_init_creds_opt *opt, opt->tkt_life = tkt_life; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_set_renew_life(krb5_get_init_creds_opt *opt, krb5_deltat renew_life) { @@ -213,7 +217,7 @@ krb5_get_init_creds_opt_set_renew_life(krb5_get_init_creds_opt *opt, opt->renew_life = renew_life; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_set_forwardable(krb5_get_init_creds_opt *opt, int forwardable) { @@ -221,7 +225,7 @@ krb5_get_init_creds_opt_set_forwardable(krb5_get_init_creds_opt *opt, opt->forwardable = forwardable; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_set_proxiable(krb5_get_init_creds_opt *opt, int proxiable) { @@ -229,7 +233,7 @@ krb5_get_init_creds_opt_set_proxiable(krb5_get_init_creds_opt *opt, opt->proxiable = proxiable; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_set_etype_list(krb5_get_init_creds_opt *opt, krb5_enctype *etype_list, int etype_list_length) @@ -239,7 +243,7 @@ krb5_get_init_creds_opt_set_etype_list(krb5_get_init_creds_opt *opt, opt->etype_list_length = etype_list_length; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_set_address_list(krb5_get_init_creds_opt *opt, krb5_addresses *addresses) { @@ -247,7 +251,7 @@ krb5_get_init_creds_opt_set_address_list(krb5_get_init_creds_opt *opt, opt->address_list = addresses; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_set_preauth_list(krb5_get_init_creds_opt *opt, krb5_preauthtype *preauth_list, int preauth_list_length) @@ -257,7 +261,7 @@ krb5_get_init_creds_opt_set_preauth_list(krb5_get_init_creds_opt *opt, opt->preauth_list = preauth_list; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_set_salt(krb5_get_init_creds_opt *opt, krb5_data *salt) { @@ -265,7 +269,7 @@ krb5_get_init_creds_opt_set_salt(krb5_get_init_creds_opt *opt, opt->salt = salt; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_set_anonymous(krb5_get_init_creds_opt *opt, int anonymous) { @@ -286,7 +290,7 @@ require_ext_opt(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_opt_set_pa_password(krb5_context context, krb5_get_init_creds_opt *opt, const char *password, @@ -301,7 +305,7 @@ krb5_get_init_creds_opt_set_pa_password(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_opt_set_pac_request(krb5_context context, krb5_get_init_creds_opt *opt, krb5_boolean req_pac) @@ -316,7 +320,7 @@ krb5_get_init_creds_opt_set_pac_request(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_opt_set_addressless(krb5_context context, krb5_get_init_creds_opt *opt, krb5_boolean addressless) @@ -332,7 +336,7 @@ krb5_get_init_creds_opt_set_addressless(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_opt_set_canonicalize(krb5_context context, krb5_get_init_creds_opt *opt, krb5_boolean req) @@ -348,7 +352,7 @@ krb5_get_init_creds_opt_set_canonicalize(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_opt_set_win2k(krb5_context context, krb5_get_init_creds_opt *opt, krb5_boolean req) @@ -357,15 +361,18 @@ krb5_get_init_creds_opt_set_win2k(krb5_context context, ret = require_ext_opt(context, opt, "init_creds_opt_set_win2k"); if (ret) return ret; - if (req) + if (req) { opt->opt_private->flags |= KRB5_INIT_CREDS_NO_C_CANON_CHECK; - else + opt->opt_private->flags |= KRB5_INIT_CREDS_NO_C_NO_EKU_CHECK; + } else { opt->opt_private->flags &= ~KRB5_INIT_CREDS_NO_C_CANON_CHECK; + opt->opt_private->flags &= ~KRB5_INIT_CREDS_NO_C_NO_EKU_CHECK; + } return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_opt_set_process_last_req(krb5_context context, krb5_get_init_creds_opt *opt, krb5_gic_process_last_req func, @@ -385,9 +392,19 @@ krb5_get_init_creds_opt_set_process_last_req(krb5_context context, #ifndef HEIMDAL_SMALLER -void KRB5_LIB_FUNCTION +/** + * Deprecated: use krb5_get_init_creds_opt_alloc(). + * + * The reason krb5_get_init_creds_opt_init() is deprecated is that + * krb5_get_init_creds_opt is a static structure and for ABI reason it + * can't grow, ie can't add new functionality. + * + * @ingroup krb5_deprecated + */ + +KRB5_DEPRECATED +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_init(krb5_get_init_creds_opt *opt) - KRB5_DEPRECATED { memset (opt, 0, sizeof(*opt)); } @@ -399,11 +416,11 @@ krb5_get_init_creds_opt_init(krb5_get_init_creds_opt *opt) * @ingroup krb5_deprecated */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_DEPRECATED +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_opt_get_error(krb5_context context, krb5_get_init_creds_opt *opt, KRB_ERROR **error) - KRB5_DEPRECATED { *error = calloc(1, sizeof(**error)); if (*error == NULL) { |