diff options
Diffstat (limited to 'source4/heimdal/lib/krb5')
| -rw-r--r-- | source4/heimdal/lib/krb5/cache.c | 37 | ||||
| -rw-r--r-- | source4/heimdal/lib/krb5/get_for_creds.c | 22 | ||||
| -rw-r--r-- | source4/heimdal/lib/krb5/keytab.c | 36 | ||||
| -rw-r--r-- | source4/heimdal/lib/krb5/krb5-private.h | 17 | ||||
| -rw-r--r-- | source4/heimdal/lib/krb5/krb5-protos.h | 12 | ||||
| -rw-r--r-- | source4/heimdal/lib/krb5/rd_cred.c | 2 |
6 files changed, 102 insertions, 24 deletions
diff --git a/source4/heimdal/lib/krb5/cache.c b/source4/heimdal/lib/krb5/cache.c index ec956409a7..25dc2cb8c0 100644 --- a/source4/heimdal/lib/krb5/cache.c +++ b/source4/heimdal/lib/krb5/cache.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: cache.c,v 1.73 2005/10/19 17:30:40 lha Exp $"); +RCSID("$Id: cache.c,v 1.74 2005/11/01 09:36:41 lha Exp $"); /* * Add a new ccache type with operations `ops', overwriting any @@ -223,6 +223,41 @@ krb5_cc_get_type(krb5_context context, } /* + * Return the complete resolvable name the ccache `id' in `str´. + * `str` should be freed with free(3). + * Returns 0 or an error (and then *str is set to NULL). + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_cc_get_full_name(krb5_context context, + krb5_ccache id, + char **str) +{ + const char *type, *name; + + *str = NULL; + + type = krb5_cc_get_type(context, id); + if (type == NULL) { + krb5_set_error_string(context, "cache have no name of type"); + return KRB5_CC_UNKNOWN_TYPE; + } + + name = krb5_cc_get_name(context, id); + if (name == NULL) { + krb5_set_error_string(context, "cache of type %s have no name", type); + return KRB5_CC_BADNAME; + } + + if (asprintf(str, "%s:%s", type, name) == -1) { + krb5_set_error_string(context, "malloc - out of memory"); + *str = NULL; + return ENOMEM; + } + return 0; +} + +/* * Return krb5_cc_ops of a the ccache `id'. */ diff --git a/source4/heimdal/lib/krb5/get_for_creds.c b/source4/heimdal/lib/krb5/get_for_creds.c index 7bc8942f66..be5c1db47d 100644 --- a/source4/heimdal/lib/krb5/get_for_creds.c +++ b/source4/heimdal/lib/krb5/get_for_creds.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: get_for_creds.c,v 1.45 2005/06/15 02:44:36 lha Exp $"); +RCSID("$Id: get_for_creds.c,v 1.46 2005/11/28 20:43:02 lha Exp $"); static krb5_error_code add_addrs(krb5_context context, @@ -385,17 +385,13 @@ krb5_get_forwarded_creds (krb5_context context, cred.enc_part.cipher.data = buf; cred.enc_part.cipher.length = buf_size; } else { - /* - * RFC4120 claims we should use the session key, but Heimdal - * before 0.8 used the remote subkey if it was send in the - * auth_context. - * - * Lorikeet-Heimdal is interested in windows compatiblity - * more than Heimdal compatability, so we must choose the - * session key, and break forwarding credentials to older - * Heimdal servers. - */ - + /* + * Here older versions then 0.7.2 of Heimdal used the local or + * remote subkey. That is wrong, the session key should be + * used. Heimdal 0.7.2 and newer have code to try both in the + * receiving end. + */ + ret = krb5_crypto_init(context, auth_context->keyblock, 0, &crypto); if (ret) { free(buf); diff --git a/source4/heimdal/lib/krb5/keytab.c b/source4/heimdal/lib/krb5/keytab.c index 23f6685049..43fc21c1d1 100644 --- a/source4/heimdal/lib/krb5/keytab.c +++ b/source4/heimdal/lib/krb5/keytab.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab.c,v 1.62 2005/07/06 01:14:42 lha Exp $"); +RCSID("$Id: keytab.c,v 1.63 2005/11/25 21:46:40 lha Exp $"); /* * Register a new keytab in `ops' @@ -240,6 +240,40 @@ krb5_kt_get_name(krb5_context context, } /* + * Retrieve the full name of the keytab `keytab' and store the name in + * `str'. `str' needs to be freed by the caller using free(3). + * Returns 0 or an error. On error, *str is set to NULL. + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_kt_get_full_name(krb5_context context, + krb5_keytab keytab, + char **str) +{ + char type[KRB5_KT_PREFIX_MAX_LEN]; + char name[MAXPATHLEN]; + krb5_error_code ret; + + *str = NULL; + + ret = krb5_kt_get_type(context, keytab, type, sizeof(type)); + if (ret) + return ret; + + ret = krb5_kt_get_name(context, keytab, name, sizeof(name)); + if (ret) + return ret; + + if (asprintf(str, "%s:%s", type, name) == -1) { + krb5_set_error_string(context, "malloc - out of memory"); + *str = NULL; + return ENOMEM; + } + + return 0; +} + +/* * Finish using the keytab in `id'. All resources will be released, * even on errors. Return 0 or an error. */ diff --git a/source4/heimdal/lib/krb5/krb5-private.h b/source4/heimdal/lib/krb5/krb5-private.h index 2645c29fe7..3602c89ec6 100644 --- a/source4/heimdal/lib/krb5/krb5-private.h +++ b/source4/heimdal/lib/krb5/krb5-private.h @@ -77,6 +77,15 @@ _krb5_extract_ticket ( krb5_decrypt_proc /*decrypt_proc*/, krb5_const_pointer /*decryptarg*/); +int +_krb5_find_type_in_ad ( + krb5_context /*context*/, + int /*type*/, + krb5_data */*data*/, + krb5_boolean */*found*/, + krb5_keyblock */*sessionkey*/, + const AuthorizationData */*ad*/); + void _krb5_free_krbhst_info (krb5_krbhst_info */*hi*/); @@ -399,12 +408,4 @@ _krb5_xunlock ( krb5_context /*context*/, int /*fd*/); -int -_krb5_find_type_in_ad(krb5_context context, - int type, - krb5_data *data, - int *found, - krb5_keyblock *sessionkey, - const AuthorizationData *ad); - #endif /* __krb5_private_h__ */ diff --git a/source4/heimdal/lib/krb5/krb5-protos.h b/source4/heimdal/lib/krb5/krb5-protos.h index a46f8b8f8f..33e35ca60e 100644 --- a/source4/heimdal/lib/krb5/krb5-protos.h +++ b/source4/heimdal/lib/krb5/krb5-protos.h @@ -607,6 +607,12 @@ krb5_cc_gen_new ( const krb5_cc_ops */*ops*/, krb5_ccache */*id*/); +krb5_error_code KRB5_LIB_FUNCTION +krb5_cc_get_full_name ( + krb5_context /*context*/, + krb5_ccache /*id*/, + char **/*str*/); + const char* KRB5_LIB_FUNCTION krb5_cc_get_name ( krb5_context /*context*/, @@ -2186,6 +2192,12 @@ krb5_kt_get_entry ( krb5_keytab_entry */*entry*/); krb5_error_code KRB5_LIB_FUNCTION +krb5_kt_get_full_name ( + krb5_context /*context*/, + krb5_keytab /*keytab*/, + char **/*str*/); + +krb5_error_code KRB5_LIB_FUNCTION krb5_kt_get_name ( krb5_context /*context*/, krb5_keytab /*keytab*/, diff --git a/source4/heimdal/lib/krb5/rd_cred.c b/source4/heimdal/lib/krb5/rd_cred.c index 07f142267c..d62adadf26 100644 --- a/source4/heimdal/lib/krb5/rd_cred.c +++ b/source4/heimdal/lib/krb5/rd_cred.c @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: rd_cred.c,v 1.25 2005/09/23 03:37:57 lha Exp $"); +RCSID("$Id: rd_cred.c,v 1.26 2005/11/02 08:36:42 lha Exp $"); static krb5_error_code compare_addrs(krb5_context context, |