summaryrefslogtreecommitdiff
path: root/source4/heimdal
diff options
context:
space:
mode:
Diffstat (limited to 'source4/heimdal')
-rw-r--r--source4/heimdal/cf/make-proto.pl23
-rw-r--r--source4/heimdal/kdc/default_config.c119
-rw-r--r--source4/heimdal/kdc/headers.h3
-rw-r--r--source4/heimdal/kdc/kdc.h8
-rw-r--r--source4/heimdal/kdc/kdc_locl.h4
-rw-r--r--source4/heimdal/kdc/kerberos5.c168
-rw-r--r--source4/heimdal/kdc/krb5tgs.c5
-rw-r--r--source4/heimdal/kdc/kx509.c18
-rw-r--r--source4/heimdal/kdc/log.c7
-rw-r--r--source4/heimdal/kdc/pkinit.c31
-rw-r--r--source4/heimdal/kpasswd/kpasswd.c17
-rw-r--r--source4/heimdal/kuser/kinit.c56
-rw-r--r--source4/heimdal/lib/asn1/asn1-common.h1
-rw-r--r--source4/heimdal/lib/asn1/asn1_err.et2
-rw-r--r--source4/heimdal/lib/asn1/asn1parse.y15
-rw-r--r--source4/heimdal/lib/asn1/cms.asn12
-rw-r--r--source4/heimdal/lib/asn1/der.h2
-rw-r--r--source4/heimdal/lib/asn1/der_copy.c30
-rw-r--r--source4/heimdal/lib/asn1/der_free.c27
-rw-r--r--source4/heimdal/lib/asn1/der_get.c34
-rw-r--r--source4/heimdal/lib/asn1/der_length.c16
-rw-r--r--source4/heimdal/lib/asn1/der_locl.h2
-rw-r--r--source4/heimdal/lib/asn1/digest.asn115
-rw-r--r--source4/heimdal/lib/asn1/extra.c42
-rw-r--r--source4/heimdal/lib/asn1/gen.c267
-rw-r--r--source4/heimdal/lib/asn1/gen_copy.c4
-rw-r--r--source4/heimdal/lib/asn1/gen_decode.c36
-rw-r--r--source4/heimdal/lib/asn1/gen_encode.c5
-rw-r--r--source4/heimdal/lib/asn1/gen_free.c22
-rw-r--r--source4/heimdal/lib/asn1/gen_glue.c34
-rw-r--r--source4/heimdal/lib/asn1/gen_length.c5
-rw-r--r--source4/heimdal/lib/asn1/gen_locl.h11
-rw-r--r--source4/heimdal/lib/asn1/krb5.asn176
-rw-r--r--source4/heimdal/lib/asn1/main.c2
-rw-r--r--source4/heimdal/lib/asn1/symbol.c4
-rw-r--r--source4/heimdal/lib/asn1/test.asn142
-rw-r--r--source4/heimdal/lib/com_err/compile_et.c5
-rw-r--r--source4/heimdal/lib/gssapi/gssapi/gssapi.h7
-rw-r--r--source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h16
-rw-r--r--source4/heimdal/lib/gssapi/krb5/accept_sec_context.c18
-rw-r--r--source4/heimdal/lib/gssapi/krb5/acquire_cred.c2
-rw-r--r--source4/heimdal/lib/gssapi/krb5/init_sec_context.c4
-rw-r--r--source4/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c6
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_aeap.c3
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_mech_switch.c39
-rw-r--r--source4/heimdal/lib/gssapi/spnego/spnego_locl.h4
-rw-r--r--source4/heimdal/lib/hcrypto/aes.h2
-rw-r--r--source4/heimdal/lib/hcrypto/bn.c1
-rw-r--r--source4/heimdal/lib/hcrypto/des.c13
-rw-r--r--source4/heimdal/lib/hcrypto/evp-cc.c24
-rw-r--r--source4/heimdal/lib/hcrypto/evp-cc.h2
-rw-r--r--source4/heimdal/lib/hcrypto/evp.c1
-rw-r--r--source4/heimdal/lib/hcrypto/evp.h18
-rw-r--r--source4/heimdal/lib/hcrypto/hash.h1
-rw-r--r--source4/heimdal/lib/hcrypto/rand-fortuna.c9
-rw-r--r--source4/heimdal/lib/hcrypto/rand-unix.c38
-rw-r--r--source4/heimdal/lib/hcrypto/rand.c8
-rw-r--r--source4/heimdal/lib/hcrypto/rand.h1
-rw-r--r--source4/heimdal/lib/hcrypto/randi.h1
-rw-r--r--source4/heimdal/lib/hcrypto/rijndael-alg-fst.c3
-rw-r--r--source4/heimdal/lib/hcrypto/rnd_keys.c4
-rw-r--r--source4/heimdal/lib/hcrypto/ui.c54
-rw-r--r--source4/heimdal/lib/hdb/ext.c20
-rw-r--r--source4/heimdal/lib/hdb/hdb.c27
-rw-r--r--source4/heimdal/lib/hdb/hdb.h7
-rw-r--r--source4/heimdal/lib/hdb/mkey.c2
-rw-r--r--source4/heimdal/lib/hx509/cert.c7
-rw-r--r--source4/heimdal/lib/hx509/cms.c4
-rw-r--r--source4/heimdal/lib/hx509/crypto.c36
-rw-r--r--source4/heimdal/lib/hx509/hx_locl.h5
-rw-r--r--source4/heimdal/lib/hx509/keyset.c53
-rw-r--r--source4/heimdal/lib/hx509/ks_dir.c2
-rw-r--r--source4/heimdal/lib/hx509/ks_file.c2
-rw-r--r--source4/heimdal/lib/hx509/ks_keychain.c1
-rw-r--r--source4/heimdal/lib/hx509/ks_p12.c2
-rw-r--r--source4/heimdal/lib/hx509/peer.c3
-rw-r--r--source4/heimdal/lib/hx509/revoke.c10
-rw-r--r--source4/heimdal/lib/krb5/acache.c61
-rw-r--r--source4/heimdal/lib/krb5/add_et_list.c2
-rw-r--r--source4/heimdal/lib/krb5/addr_families.c50
-rw-r--r--source4/heimdal/lib/krb5/appdefault.c6
-rw-r--r--source4/heimdal/lib/krb5/asn1_glue.c4
-rw-r--r--source4/heimdal/lib/krb5/auth_context.c90
-rw-r--r--source4/heimdal/lib/krb5/build_ap_req.c4
-rw-r--r--source4/heimdal/lib/krb5/build_auth.c18
-rw-r--r--source4/heimdal/lib/krb5/cache.c228
-rw-r--r--source4/heimdal/lib/krb5/changepw.c18
-rw-r--r--source4/heimdal/lib/krb5/codec.c64
-rw-r--r--source4/heimdal/lib/krb5/config_file.c265
-rw-r--r--source4/heimdal/lib/krb5/constants.c11
-rw-r--r--source4/heimdal/lib/krb5/context.c131
-rw-r--r--source4/heimdal/lib/krb5/convert_creds.c11
-rw-r--r--source4/heimdal/lib/krb5/copy_host_realm.c2
-rw-r--r--source4/heimdal/lib/krb5/creds.c10
-rw-r--r--source4/heimdal/lib/krb5/crypto.c133
-rw-r--r--source4/heimdal/lib/krb5/data.c16
-rw-r--r--source4/heimdal/lib/krb5/eai_to_heim_errno.c8
-rw-r--r--source4/heimdal/lib/krb5/error_string.c25
-rw-r--r--source4/heimdal/lib/krb5/expand_hostname.c4
-rw-r--r--source4/heimdal/lib/krb5/fcache.c123
-rw-r--r--source4/heimdal/lib/krb5/free.c4
-rw-r--r--source4/heimdal/lib/krb5/free_host_realm.c2
-rw-r--r--source4/heimdal/lib/krb5/generate_seq_number.c4
-rw-r--r--source4/heimdal/lib/krb5/generate_subkey.c4
-rw-r--r--source4/heimdal/lib/krb5/get_addrs.c4
-rw-r--r--source4/heimdal/lib/krb5/get_cred.c48
-rw-r--r--source4/heimdal/lib/krb5/get_default_principal.c55
-rw-r--r--source4/heimdal/lib/krb5/get_default_realm.c4
-rw-r--r--source4/heimdal/lib/krb5/get_for_creds.c6
-rw-r--r--source4/heimdal/lib/krb5/get_host_realm.c4
-rw-r--r--source4/heimdal/lib/krb5/get_in_tkt.c10
-rw-r--r--source4/heimdal/lib/krb5/get_port.c4
-rw-r--r--source4/heimdal/lib/krb5/init_creds.c91
-rw-r--r--source4/heimdal/lib/krb5/init_creds_pw.c191
-rw-r--r--source4/heimdal/lib/krb5/kcm.c575
-rw-r--r--source4/heimdal/lib/krb5/keyblock.c12
-rw-r--r--source4/heimdal/lib/krb5/keytab.c40
-rw-r--r--source4/heimdal/lib/krb5/krb5-v4compat.h21
-rw-r--r--source4/heimdal/lib/krb5/krb5.h17
-rw-r--r--source4/heimdal/lib/krb5/krb5_locl.h25
-rw-r--r--source4/heimdal/lib/krb5/krbhst.c26
-rw-r--r--source4/heimdal/lib/krb5/log.c28
-rw-r--r--source4/heimdal/lib/krb5/mcache.c24
-rw-r--r--source4/heimdal/lib/krb5/misc.c2
-rw-r--r--source4/heimdal/lib/krb5/mit_glue.c56
-rw-r--r--source4/heimdal/lib/krb5/mk_error.c2
-rw-r--r--source4/heimdal/lib/krb5/mk_priv.c4
-rw-r--r--source4/heimdal/lib/krb5/mk_rep.c4
-rw-r--r--source4/heimdal/lib/krb5/mk_req.c6
-rw-r--r--source4/heimdal/lib/krb5/mk_req_ext.c4
-rw-r--r--source4/heimdal/lib/krb5/n-fold.c2
-rw-r--r--source4/heimdal/lib/krb5/padata.c2
-rw-r--r--source4/heimdal/lib/krb5/pkinit.c114
-rw-r--r--source4/heimdal/lib/krb5/plugin.c2
-rw-r--r--source4/heimdal/lib/krb5/principal.c57
-rw-r--r--source4/heimdal/lib/krb5/prog_setup.c6
-rw-r--r--source4/heimdal/lib/krb5/prompter_posix.c2
-rw-r--r--source4/heimdal/lib/krb5/rd_cred.c6
-rw-r--r--source4/heimdal/lib/krb5/rd_error.c8
-rw-r--r--source4/heimdal/lib/krb5/rd_priv.c4
-rw-r--r--source4/heimdal/lib/krb5/rd_rep.c6
-rw-r--r--source4/heimdal/lib/krb5/rd_req.c39
-rw-r--r--source4/heimdal/lib/krb5/replay.c42
-rw-r--r--source4/heimdal/lib/krb5/send_to_kdc.c56
-rw-r--r--source4/heimdal/lib/krb5/set_default_realm.c2
-rw-r--r--source4/heimdal/lib/krb5/store.c103
-rw-r--r--source4/heimdal/lib/krb5/store_emem.c2
-rw-r--r--source4/heimdal/lib/krb5/store_fd.c20
-rw-r--r--source4/heimdal/lib/krb5/store_mem.c6
-rw-r--r--source4/heimdal/lib/krb5/ticket.c15
-rw-r--r--source4/heimdal/lib/krb5/time.c10
-rw-r--r--source4/heimdal/lib/krb5/transited.c8
-rw-r--r--source4/heimdal/lib/krb5/v4_glue.c28
-rw-r--r--source4/heimdal/lib/krb5/version.c2
-rw-r--r--source4/heimdal/lib/krb5/warn.c28
-rw-r--r--source4/heimdal/lib/ntlm/heimntlm.h32
-rw-r--r--source4/heimdal/lib/ntlm/ntlm.c14
-rw-r--r--source4/heimdal/lib/roken/base64.c4
-rw-r--r--source4/heimdal/lib/roken/base64.h8
-rw-r--r--source4/heimdal/lib/roken/bswap.c4
-rw-r--r--source4/heimdal/lib/roken/cloexec.c15
-rw-r--r--source4/heimdal/lib/roken/closefrom.c2
-rw-r--r--source4/heimdal/lib/roken/copyhostent.c2
-rw-r--r--source4/heimdal/lib/roken/dumpdata.c6
-rw-r--r--source4/heimdal/lib/roken/ecalloc.c2
-rw-r--r--source4/heimdal/lib/roken/emalloc.c2
-rw-r--r--source4/heimdal/lib/roken/erealloc.c2
-rw-r--r--source4/heimdal/lib/roken/err.hin20
-rw-r--r--source4/heimdal/lib/roken/estrdup.c2
-rw-r--r--source4/heimdal/lib/roken/freeaddrinfo.c2
-rw-r--r--source4/heimdal/lib/roken/freehostent.c2
-rw-r--r--source4/heimdal/lib/roken/gai_strerror.c2
-rw-r--r--source4/heimdal/lib/roken/get_window_size.c16
-rw-r--r--source4/heimdal/lib/roken/getaddrinfo.c2
-rw-r--r--source4/heimdal/lib/roken/getarg.c16
-rw-r--r--source4/heimdal/lib/roken/getarg.h12
-rw-r--r--source4/heimdal/lib/roken/getdtablesize.c2
-rw-r--r--source4/heimdal/lib/roken/getipnodebyaddr.c2
-rw-r--r--source4/heimdal/lib/roken/getipnodebyname.c2
-rw-r--r--source4/heimdal/lib/roken/getnameinfo.c2
-rw-r--r--source4/heimdal/lib/roken/getprogname.c2
-rw-r--r--source4/heimdal/lib/roken/hex.c4
-rw-r--r--source4/heimdal/lib/roken/hex.h8
-rw-r--r--source4/heimdal/lib/roken/hostent_find_fqdn.c2
-rw-r--r--source4/heimdal/lib/roken/inet_aton.c2
-rw-r--r--source4/heimdal/lib/roken/inet_ntop.c2
-rw-r--r--source4/heimdal/lib/roken/inet_pton.c61
-rw-r--r--source4/heimdal/lib/roken/issuid.c2
-rw-r--r--source4/heimdal/lib/roken/net_read.c47
-rw-r--r--source4/heimdal/lib/roken/net_write.c39
-rw-r--r--source4/heimdal/lib/roken/parse_bytes.h10
-rw-r--r--source4/heimdal/lib/roken/parse_time.c8
-rw-r--r--source4/heimdal/lib/roken/parse_time.h12
-rw-r--r--source4/heimdal/lib/roken/parse_units.c20
-rw-r--r--source4/heimdal/lib/roken/parse_units.h18
-rw-r--r--source4/heimdal/lib/roken/resolve.c16
-rw-r--r--source4/heimdal/lib/roken/resolve.h14
-rw-r--r--source4/heimdal/lib/roken/rkpty.c2
-rw-r--r--source4/heimdal/lib/roken/roken-common.h142
-rw-r--r--source4/heimdal/lib/roken/roken.h.in422
-rw-r--r--source4/heimdal/lib/roken/roken_gethostby.c6
-rw-r--r--source4/heimdal/lib/roken/rtbl.c44
-rw-r--r--source4/heimdal/lib/roken/rtbl.h36
-rw-r--r--source4/heimdal/lib/roken/setprogname.c2
-rw-r--r--source4/heimdal/lib/roken/signal.c2
-rw-r--r--source4/heimdal/lib/roken/simple_exec.c44
-rw-r--r--source4/heimdal/lib/roken/socket.c60
-rw-r--r--source4/heimdal/lib/roken/strcollect.c4
-rw-r--r--source4/heimdal/lib/roken/strlwr.c2
-rw-r--r--source4/heimdal/lib/roken/strpool.c6
-rw-r--r--source4/heimdal/lib/roken/strsep.c2
-rw-r--r--source4/heimdal/lib/roken/strsep_copy.c2
-rw-r--r--source4/heimdal/lib/roken/strupr.c2
-rw-r--r--source4/heimdal/lib/roken/vis.c25
-rw-r--r--source4/heimdal/lib/roken/vis.hin23
-rw-r--r--source4/heimdal/lib/roken/xfree.c2
-rw-r--r--source4/heimdal/lib/vers/print_version.c4
-rw-r--r--source4/heimdal/lib/wind/gen-bidi.py1
-rw-r--r--source4/heimdal/lib/wind/gen-combining.py1
-rw-r--r--source4/heimdal/lib/wind/gen-errorlist.py1
-rw-r--r--source4/heimdal/lib/wind/gen-normalize.py1
-rw-r--r--source4/heimdal/lib/wind/windlocl.h1
222 files changed, 4091 insertions, 1939 deletions
diff --git a/source4/heimdal/cf/make-proto.pl b/source4/heimdal/cf/make-proto.pl
index 04733e1281..12c6d07f5e 100644
--- a/source4/heimdal/cf/make-proto.pl
+++ b/source4/heimdal/cf/make-proto.pl
@@ -253,8 +253,14 @@ $private_h_trailer = "";
foreach(sort keys %funcs){
if(/^(main)$/) { next }
+ if ($funcs{$_} =~ /\^/) {
+ $beginblock = "#ifdef __BLOCKS__\n";
+ $endblock = "#endif /* __BLOCKS__ */\n";
+ } else {
+ $beginblock = $endblock = "";
+ }
if(!defined($exported{$_}) && /$private_func_re/) {
- $private_h .= $funcs{$_} . "\n\n";
+ $private_h .= $beginblock . $funcs{$_} . "\n" . $endblock . "\n";
if($funcs{$_} =~ /__attribute__/) {
$private_attribute_seen = 1;
}
@@ -267,7 +273,7 @@ foreach(sort keys %funcs){
$public_h .= "#ifndef HAVE_$fupper\n";
}
}
- $public_h .= $funcs{$_} . "\n";
+ $public_h .= $beginblock . $funcs{$_} . "\n" . $endblock;
if($funcs{$_} =~ /__attribute__/) {
$public_attribute_seen = 1;
}
@@ -310,26 +316,33 @@ extern \"C\" {
}
if ($opt_E) {
$public_h_header .= "#ifndef $opt_E
+#ifndef ${opt_E}_FUNCTION
#if defined(_WIN32)
-#define ${opt_E}_FUNCTION __stdcall __declspec(dllimport)
+#define ${opt_E}_FUNCTION __declspec(dllimport)
+#define ${opt_E}_CALL __stdcall
#define ${opt_E}_VARIABLE __declspec(dllimport)
#else
#define ${opt_E}_FUNCTION
+#define ${opt_E}_CALL
#define ${opt_E}_VARIABLE
#endif
#endif
-
+#endif
";
$private_h_header .= "#ifndef $opt_E
+#ifndef ${opt_E}_FUNCTION
#if defined(_WIN32)
-#define ${opt_E}_FUNCTION __stdcall __declspec(dllimport)
+#define ${opt_E}_FUNCTION __declspec(dllimport)
+#define ${opt_E}_CALL __stdcall
#define ${opt_E}_VARIABLE __declspec(dllimport)
#else
#define ${opt_E}_FUNCTION
+#define ${opt_E}_CALL
#define ${opt_E}_VARIABLE
#endif
#endif
+#endif
";
}
diff --git a/source4/heimdal/kdc/default_config.c b/source4/heimdal/kdc/default_config.c
index bf65af3cb9..b568522fa4 100644
--- a/source4/heimdal/kdc/default_config.c
+++ b/source4/heimdal/kdc/default_config.c
@@ -1,9 +1,10 @@
/*
* Copyright (c) 1997-2007 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
- *
* All rights reserved.
*
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -215,7 +216,6 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
"kdc", "kdc_warn_pwexpire", NULL);
-#ifdef PKINIT
c->enable_pkinit =
krb5_config_get_bool_default(context,
NULL,
@@ -223,74 +223,73 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
"kdc",
"enable-pkinit",
NULL);
- if (c->enable_pkinit) {
- const char *user_id, *anchors, *file;
- char **pool_list, **revoke_list;
-
- user_id =
- krb5_config_get_string(context, NULL,
- "kdc", "pkinit_identity", NULL);
- if (user_id == NULL)
- krb5_errx(context, 1, "pkinit enabled but no identity");
- anchors = krb5_config_get_string(context, NULL,
- "kdc", "pkinit_anchors", NULL);
- if (anchors == NULL)
- krb5_errx(context, 1, "pkinit enabled but no X509 anchors");
- pool_list =
- krb5_config_get_strings(context, NULL,
- "kdc", "pkinit_pool", NULL);
+ c->pkinit_kdc_identity =
+ krb5_config_get_string(context, NULL,
+ "kdc", "pkinit_identity", NULL);
+ c->pkinit_kdc_anchors =
+ krb5_config_get_string(context, NULL,
+ "kdc", "pkinit_anchors", NULL);
+ c->pkinit_kdc_cert_pool =
+ krb5_config_get_strings(context, NULL,
+ "kdc", "pkinit_pool", NULL);
+ c->pkinit_kdc_revoke =
+ krb5_config_get_strings(context, NULL,
+ "kdc", "pkinit_revoke", NULL);
+ c->pkinit_kdc_ocsp_file =
+ krb5_config_get_string(context, NULL,
+ "kdc", "pkinit_kdc_ocsp", NULL);
+ c->pkinit_kdc_friendly_name =
+ krb5_config_get_string(context, NULL,
+ "kdc", "pkinit_kdc_friendly_name", NULL);
+ c->pkinit_princ_in_cert =
+ krb5_config_get_bool_default(context, NULL,
+ c->pkinit_princ_in_cert,
+ "kdc",
+ "pkinit_principal_in_certificate",
+ NULL);
+ c->pkinit_require_binding =
+ krb5_config_get_bool_default(context, NULL,
+ c->pkinit_require_binding,
+ "kdc",
+ "pkinit_win2k_require_binding",
+ NULL);
+ c->pkinit_dh_min_bits =
+ krb5_config_get_int_default(context, NULL,
+ 0,
+ "kdc", "pkinit_dh_min_bits", NULL);
- revoke_list =
- krb5_config_get_strings(context, NULL,
- "kdc", "pkinit_revoke", NULL);
- file = krb5_config_get_string(context, NULL,
- "kdc", "pkinit_kdc_ocsp", NULL);
- if (file) {
- c->pkinit_kdc_ocsp_file = strdup(file);
- if (c->pkinit_kdc_ocsp_file == NULL)
- krb5_errx(context, 1, "out of memory");
- }
-
- file = krb5_config_get_string(context, NULL,
- "kdc", "pkinit_kdc_friendly_name", NULL);
- if (file) {
- c->pkinit_kdc_friendly_name = strdup(file);
- if (c->pkinit_kdc_friendly_name == NULL)
- krb5_errx(context, 1, "out of memory");
- }
+#ifdef __APPLE__
+ c->enable_pkinit = 1;
+ if (c->pkinit_kdc_identity == NULL) {
+ if (c->pkinit_kdc_friendly_name == NULL)
+ c->pkinit_kdc_friendly_name =
+ strdup("O=System Identity,CN=com.apple.kerberos.kdc");
+ c->pkinit_kdc_identity = strdup("KEYCHAIN:");
+ }
+ if (c->pkinit_kdc_anchors == NULL)
+ c->pkinit_kdc_anchors = strdup("KEYCHAIN:");
- _kdc_pk_initialize(context, c, user_id, anchors,
- pool_list, revoke_list);
+#endif
- krb5_config_free_strings(pool_list);
- krb5_config_free_strings(revoke_list);
+ if (c->enable_pkinit) {
+ if (c->pkinit_kdc_identity == NULL)
+ krb5_errx(context, 1, "pkinit enabled but no identity");
+
+ if (c->pkinit_kdc_anchors == NULL)
+ krb5_errx(context, 1, "pkinit enabled but no X509 anchors");
- c->pkinit_princ_in_cert =
- krb5_config_get_bool_default(context, NULL,
- c->pkinit_princ_in_cert,
- "kdc",
- "pkinit_principal_in_certificate",
- NULL);
+ krb5_kdc_pk_initialize(context, c,
+ c->pkinit_kdc_identity,
+ c->pkinit_kdc_anchors,
+ c->pkinit_kdc_cert_pool,
+ c->pkinit_kdc_revoke);
- c->pkinit_require_binding =
- krb5_config_get_bool_default(context, NULL,
- c->pkinit_require_binding,
- "kdc",
- "pkinit_win2k_require_binding",
- NULL);
}
-
- c->pkinit_dh_min_bits =
- krb5_config_get_int_default(context, NULL,
- 0,
- "kdc", "pkinit_dh_min_bits", NULL);
-
-#endif
-
+
*config = c;
return 0;
diff --git a/source4/heimdal/kdc/headers.h b/source4/heimdal/kdc/headers.h
index b9a828852a..1eb3ddedcd 100644
--- a/source4/heimdal/kdc/headers.h
+++ b/source4/heimdal/kdc/headers.h
@@ -38,9 +38,8 @@
#ifndef __HEADERS_H__
#define __HEADERS_H__
-#ifdef HAVE_CONFIG_H
#include <config.h>
-#endif
+
#include <limits.h>
#include <stdio.h>
#include <stdlib.h>
diff --git a/source4/heimdal/kdc/kdc.h b/source4/heimdal/kdc/kdc.h
index 285a33af14..c353ca1c5f 100644
--- a/source4/heimdal/kdc/kdc.h
+++ b/source4/heimdal/kdc/kdc.h
@@ -74,8 +74,12 @@ typedef struct krb5_kdc_configuration {
krb5_boolean enable_pkinit;
krb5_boolean pkinit_princ_in_cert;
- char *pkinit_kdc_ocsp_file;
- char *pkinit_kdc_friendly_name;
+ const char *pkinit_kdc_identity;
+ const char *pkinit_kdc_anchors;
+ const char *pkinit_kdc_friendly_name;
+ const char *pkinit_kdc_ocsp_file;
+ char **pkinit_kdc_cert_pool;
+ char **pkinit_kdc_revoke;
int pkinit_dh_min_bits;
int pkinit_require_binding;
int pkinit_allow_proxy_certs;
diff --git a/source4/heimdal/kdc/kdc_locl.h b/source4/heimdal/kdc/kdc_locl.h
index f2da03b5e6..36d694dae5 100644
--- a/source4/heimdal/kdc/kdc_locl.h
+++ b/source4/heimdal/kdc/kdc_locl.h
@@ -77,4 +77,8 @@ loop(krb5_context context, krb5_kdc_configuration *config);
krb5_kdc_configuration *
configure(krb5_context context, int argc, char **argv);
+#ifdef __APPLE__
+void bonjour_announce(krb5_context, krb5_kdc_configuration *);
+#endif
+
#endif /* __KDC_LOCL_H__ */
diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c
index fb88aa9f8f..87162d5f98 100644
--- a/source4/heimdal/kdc/kerberos5.c
+++ b/source4/heimdal/kdc/kerberos5.c
@@ -60,13 +60,13 @@ realloc_method_data(METHOD_DATA *md)
}
static void
-set_salt_padata (METHOD_DATA *md, Salt *salt)
+set_salt_padata(METHOD_DATA *md, Salt *salt)
{
if (salt) {
- realloc_method_data(md);
- md->val[md->len - 1].padata_type = salt->type;
- der_copy_octet_string(&salt->salt,
- &md->val[md->len - 1].padata_value);
+ realloc_method_data(md);
+ md->val[md->len - 1].padata_type = salt->type;
+ der_copy_octet_string(&salt->salt,
+ &md->val[md->len - 1].padata_value);
}
}
@@ -127,7 +127,7 @@ is_default_salt_p(const krb5_salt *default_salt, const Key *key)
krb5_error_code
_kdc_find_etype(krb5_context context, const hdb_entry_ex *princ,
krb5_enctype *etypes, unsigned len,
- Key **ret_key, krb5_enctype *ret_etype)
+ Key **ret_key)
{
int i;
krb5_error_code ret = KRB5KDC_ERR_ETYPE_NOSUPP;
@@ -148,7 +148,6 @@ _kdc_find_etype(krb5_context context, const hdb_entry_ex *princ,
continue;
}
*ret_key = key;
- *ret_etype = etypes[i];
ret = 0;
if (is_default_salt_p(&def_salt, key)) {
krb5_free_salt (context, def_salt);
@@ -287,8 +286,9 @@ _kdc_encode_reply(krb5_context context,
ret = krb5_crypto_init(context, skey, etype, &crypto);
if (ret) {
+ const char *msg;
free(buf);
- const char *msg = krb5_get_error_message(context, ret);
+ msg = krb5_get_error_message(context, ret);
kdc_log(context, config, 0, "krb5_crypto_init failed: %s", msg);
krb5_free_error_message(context, msg);
return ret;
@@ -902,7 +902,7 @@ _kdc_as_rep(krb5_context context,
KDCOptions f = b->kdc_options;
hdb_entry_ex *client = NULL, *server = NULL;
HDB *clientdb;
- krb5_enctype cetype, setype, sessionetype;
+ krb5_enctype setype, sessionetype;
krb5_data e_data;
EncTicketPart et;
EncKDCRepPart ek;
@@ -912,15 +912,20 @@ _kdc_as_rep(krb5_context context,
const char *e_text = NULL;
krb5_crypto crypto;
Key *ckey, *skey;
- EncryptionKey *reply_key;
+ EncryptionKey *reply_key, session_key;
int flags = 0;
#ifdef PKINIT
pk_client_params *pkp = NULL;
#endif
memset(&rep, 0, sizeof(rep));
+ memset(&session_key, 0, sizeof(session_key));
krb5_data_zero(&e_data);
+ ALLOC(rep.padata);
+ rep.padata->len = 0;
+ rep.padata->val = NULL;
+
if (f.canonicalize)
flags |= HDB_F_CANON;
@@ -1009,18 +1014,58 @@ _kdc_as_rep(krb5_context context,
memset(&ek, 0, sizeof(ek));
/*
- * Find the client key for reply encryption and pa-type salt, Pick
- * the client key upfront before the other keys because that is
- * going to affect what enctypes we are going to use in
- * ETYPE-INFO{,2}.
+ * Select a session enctype from the list of the crypto systems
+ * supported enctype, is supported by the client and is one of the
+ * enctype of the enctype of the krbtgt.
+ *
+ * The later is used as a hint what enctype all KDC are supporting
+ * to make sure a newer version of KDC wont generate a session
+ * enctype that and older version of a KDC in the same realm can't
+ * decrypt.
+ *
+ * But if the KDC admin is paranoid and doesn't want to have "no
+ * the best" enctypes on the krbtgt, lets save the best pick from
+ * the client list and hope that that will work for any other
+ * KDCs.
*/
+ {
+ const krb5_enctype *p;
+ krb5_enctype clientbest = ETYPE_NULL;
+ int i, j;
- ret = _kdc_find_etype(context, client, b->etype.val, b->etype.len,
- &ckey, &cetype);
- if (ret) {
- kdc_log(context, config, 0,
- "Client (%s) has no support for etypes", client_name);
- goto out;
+ p = krb5_kerberos_enctypes(context);
+
+ sessionetype = ETYPE_NULL;
+
+ for (i = 0; p[i] != ETYPE_NULL && sessionetype == ETYPE_NULL; i++) {
+ if (krb5_enctype_valid(context, p[i]) != 0)
+ continue;
+
+ for (j = 0; j < b->etype.len && sessionetype == ETYPE_NULL; j++) {
+ Key *dummy;
+ /* check with client */
+ if (p[i] != b->etype.val[j])
+ continue;
+ /* save best of union of { client, crypto system } */
+ if (clientbest == ETYPE_NULL)
+ clientbest = p[i];
+ /* check with krbtgt */
+ ret = hdb_enctype2key(context, &server->entry, p[i], &dummy);
+ if (ret)
+ continue;
+ sessionetype = p[i];
+ }
+ }
+ /* if krbtgt had no shared keys with client, pick clients best */
+ if (clientbest != ETYPE_NULL && sessionetype == ETYPE_NULL) {
+ sessionetype = clientbest;
+ } else if (sessionetype == ETYPE_NULL) {
+ kdc_log(context, config, 0,
+ "Client (%s) from %s has no common enctypes with KDC"
+ "to use for the session key",
+ client_name, from);
+ goto out;
+ }
}
/*
@@ -1230,7 +1275,11 @@ _kdc_as_rep(krb5_context context,
}
et.flags.pre_authent = 1;
- ret = krb5_enctype_to_string(context,pa_key->key.keytype, &str);
+ set_salt_padata(rep.padata, pa_key->salt);
+
+ reply_key = &pa_key->key;
+
+ ret = krb5_enctype_to_string(context, pa_key->key.keytype, &str);
if (ret)
str = NULL;
@@ -1300,7 +1349,9 @@ _kdc_as_rep(krb5_context context,
/*
* If there is a client key, send ETYPE_INFO{,2}
*/
- if (ckey) {
+ ret = _kdc_find_etype(context, client, b->etype.val, b->etype.len,
+ &ckey);
+ if (ret == 0) {
/*
* RFC4120 requires:
@@ -1371,63 +1422,6 @@ _kdc_as_rep(krb5_context context,
if(ret)
goto out;
- /*
- * Select a session enctype from the list of the crypto systems
- * supported enctype, is supported by the client and is one of the
- * enctype of the enctype of the krbtgt.
- *
- * The later is used as a hint what enctype all KDC are supporting
- * to make sure a newer version of KDC wont generate a session
- * enctype that and older version of a KDC in the same realm can't
- * decrypt.
- *
- * But if the KDC admin is paranoid and doesn't want to have "no
- * the best" enctypes on the krbtgt, lets save the best pick from
- * the client list and hope that that will work for any other
- * KDCs.
- */
- {
- const krb5_enctype *p;
- krb5_enctype clientbest = ETYPE_NULL;
- int i, j;
-
- p = krb5_kerberos_enctypes(context);
-
- sessionetype = ETYPE_NULL;
-
- for (i = 0; p[i] != ETYPE_NULL && sessionetype == ETYPE_NULL; i++) {
- if (krb5_enctype_valid(context, p[i]) != 0)
- continue;
-
- for (j = 0; j < b->etype.len && sessionetype == ETYPE_NULL; j++) {
- Key *dummy;
- /* check with client */
- if (p[i] != b->etype.val[j])
- continue;
- /* save best of union of { client, crypto system } */
- if (clientbest == ETYPE_NULL)
- clientbest = p[i];
- /* check with krbtgt */
- ret = hdb_enctype2key(context, &server->entry, p[i], &dummy);
- if (ret)
- continue;
- sessionetype = p[i];
- }
- }
- /* if krbtgt had no shared keys with client, pick clients best */
- if (clientbest != ETYPE_NULL && sessionetype == ETYPE_NULL) {
- sessionetype = clientbest;
- } else if (sessionetype == ETYPE_NULL) {
- kdc_log(context, config, 0,
- "Client (%s) from %s has no common enctypes with KDC"
- "to use for the session key",
- client_name, from);
- goto out;
- }
- }
-
- log_as_req(context, config, cetype, setype, b);
-
if(f.renew || f.validate || f.proxy || f.forwarded || f.enc_tkt_in_skey
|| (f.request_anonymous && !config->allow_anonymous)) {
ret = KRB5KDC_ERR_BADOPTION;
@@ -1622,10 +1616,6 @@ _kdc_as_rep(krb5_context context,
copy_HostAddresses(et.caddr, ek.caddr);
}
- ALLOC(rep.padata);
- rep.padata->len = 0;
- rep.padata->val = NULL;
-
#if PKINIT
if (pkp) {
e_text = "Failed to build PK-INIT reply";
@@ -1642,12 +1632,13 @@ _kdc_as_rep(krb5_context context,
goto out;
} else
#endif
- if (ckey) {
- reply_key = &ckey->key;
+ {
ret = krb5_generate_random_keyblock(context, sessionetype, &et.key);
if (ret)
goto out;
- } else {
+ }
+
+ if (reply_key == NULL) {
e_text = "Client have no reply key";
ret = KRB5KDC_ERR_CLIENT_NOTYET;
goto out;
@@ -1657,9 +1648,6 @@ _kdc_as_rep(krb5_context context,
if (ret)
goto out;
- if (ckey)
- set_salt_padata (rep.padata, ckey->salt);
-
/* Add signing of alias referral */
if (f.canonicalize) {
PA_ClientCanonicalized canon;
@@ -1765,6 +1753,8 @@ _kdc_as_rep(krb5_context context,
if (ret)
goto out;
+ log_as_req(context, config, reply_key->keytype, setype, b);
+
ret = _kdc_encode_reply(context, config,
&rep, &et, &ek, setype, server->entry.kvno,
&skey->key, client->entry.kvno,
diff --git a/source4/heimdal/kdc/krb5tgs.c b/source4/heimdal/kdc/krb5tgs.c
index 312be6e016..b6f9c865bb 100644
--- a/source4/heimdal/kdc/krb5tgs.c
+++ b/source4/heimdal/kdc/krb5tgs.c
@@ -1633,14 +1633,15 @@ server_lookup:
} else {
Key *skey;
- ret = _kdc_find_etype(context, server, b->etype.val, b->etype.len,
- &skey, &etype);
+ ret = _kdc_find_etype(context, server,
+ b->etype.val, b->etype.len, &skey);
if(ret) {
kdc_log(context, config, 0,
"Server (%s) has no support for etypes", spn);
goto out;
}
ekey = &skey->key;
+ etype = skey->key.keytype;
kvno = server->entry.kvno;
}
diff --git a/source4/heimdal/kdc/kx509.c b/source4/heimdal/kdc/kx509.c
index eb757bb578..f6f8f8a3bd 100644
--- a/source4/heimdal/kdc/kx509.c
+++ b/source4/heimdal/kdc/kx509.c
@@ -345,10 +345,24 @@ _kdc_do_kx509(krb5_context context,
ret = krb5_principal_compare(context, sprincipal, principal);
krb5_free_principal(context, principal);
if (ret != TRUE) {
+ char *expected, *used;
+
+ ret = krb5_unparse_name(context, sprincipal, &expected);
+ if (ret)
+ goto out;
+ ret = krb5_unparse_name(context, principal, &used);
+ if (ret) {
+ krb5_xfree(expected);
+ goto out;
+ }
+
ret = KRB5KDC_ERR_SERVER_NOMATCH;
krb5_set_error_message(context, ret,
- "User %s used wrong Kx509 service principal",
- cname);
+ "User %s used wrong Kx509 service "
+ "principal, expected: %s, used %s",
+ cname, expected, used);
+ krb5_xfree(expected);
+ krb5_xfree(used);
goto out;
}
}
diff --git a/source4/heimdal/kdc/log.c b/source4/heimdal/kdc/log.c
index b4161da45d..06e64df840 100644
--- a/source4/heimdal/kdc/log.c
+++ b/source4/heimdal/kdc/log.c
@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -36,13 +38,14 @@ RCSID("$Id$");
void
kdc_openlog(krb5_context context,
+ const char *service,
krb5_kdc_configuration *config)
{
char **s = NULL, **p;
krb5_initlog(context, "kdc", &config->logf);
- s = krb5_config_get_strings(context, NULL, "kdc", "logging", NULL);
+ s = krb5_config_get_strings(context, NULL, service, "logging", NULL);
if(s == NULL)
- s = krb5_config_get_strings(context, NULL, "logging", "kdc", NULL);
+ s = krb5_config_get_strings(context, NULL, "logging", service, NULL);
if(s){
for(p = s; *p; p++)
krb5_addlog_dest(context, config->logf, *p);
diff --git a/source4/heimdal/kdc/pkinit.c b/source4/heimdal/kdc/pkinit.c
index 7bb32eb577..099d3ebe7d 100644
--- a/source4/heimdal/kdc/pkinit.c
+++ b/source4/heimdal/kdc/pkinit.c
@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -1379,7 +1381,22 @@ _kdc_pk_mk_pa_reply(krb5_context context,
}
- ASN1_MALLOC_ENCODE(PA_PK_AS_REP, buf, len, &rep, &size, ret);
+#define use_btmm_with_enckey 0
+ if (use_btmm_with_enckey && rep.element == choice_PA_PK_AS_REP_encKeyPack) {
+ PA_PK_AS_REP_BTMM btmm;
+ heim_any any;
+
+ any.data = rep.u.encKeyPack.data;
+ any.length = rep.u.encKeyPack.length;
+
+ btmm.dhSignedData = NULL;
+ btmm.encKeyPack = &any;
+
+ ASN1_MALLOC_ENCODE(PA_PK_AS_REP_BTMM, buf, len, &btmm, &size, ret);
+ } else {
+ ASN1_MALLOC_ENCODE(PA_PK_AS_REP, buf, len, &rep, &size, ret);
+ }
+
free_PA_PK_AS_REP(&rep);
if (ret) {
krb5_set_error_message(context, ret,
@@ -1928,12 +1945,12 @@ load_mappings(krb5_context context, const char *fn)
*/
krb5_error_code
-_kdc_pk_initialize(krb5_context context,
- krb5_kdc_configuration *config,
- const char *user_id,
- const char *anchors,
- char **pool,
- char **revoke_list)
+krb5_kdc_pk_initialize(krb5_context context,
+ krb5_kdc_configuration *config,
+ const char *user_id,
+ const char *anchors,
+ char **pool,
+ char **revoke_list)
{
const char *file;
char *fn = NULL;
diff --git a/source4/heimdal/kpasswd/kpasswd.c b/source4/heimdal/kpasswd/kpasswd.c
index c2f980b25f..57c989719e 100644
--- a/source4/heimdal/kpasswd/kpasswd.c
+++ b/source4/heimdal/kpasswd/kpasswd.c
@@ -117,22 +117,21 @@ main (int argc, char **argv)
krb5_error_code ret;
krb5_context context;
krb5_principal principal;
- int optind = 0;
krb5_get_init_creds_opt *opt;
krb5_ccache id = NULL;
int exit_value;
+ int optidx = 0;
- optind = krb5_program_setup(&context, argc, argv,
- args, sizeof(args) / sizeof(args[0]), usage);
+ setprogname(argv[0]);
+ if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
+ usage(1, args, sizeof(args) / sizeof(args[0]));
if (help_flag)
- usage (0, args, sizeof(args) / sizeof(args[0]));
-
- if(version_flag){
- print_version (NULL);
- exit(0);
+ usage(0, args, sizeof(args) / sizeof(args[0]));
+ if (version_flag) {
+ print_version(NULL);
+ return 0;
}
-
argc -= optind;
argv += optind;
diff --git a/source4/heimdal/kuser/kinit.c b/source4/heimdal/kuser/kinit.c
index 809d399336..4e9e6ac3d7 100644
--- a/source4/heimdal/kuser/kinit.c
+++ b/source4/heimdal/kuser/kinit.c
@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -33,6 +35,10 @@
#include "kuser_locl.h"
+#ifdef __APPLE__
+#include <Security/Security.h>
+#endif
+
#ifndef HEIMDAL_SMALLER
#include "krb5-v4compat.h"
#endif
@@ -113,7 +119,7 @@ static struct getargs args[] = {
{ "cache", 'c', arg_string, &cred_cache,
NP_("credentials cache", ""), "cachename" },
- { "forwardable", 'f', arg_flag, &forwardable_flag,
+ { "forwardable", 'f', arg_negative_flag, &forwardable_flag,
NP_("get forwardable tickets", "")},
{ "keytab", 't', arg_string, &keytab_str,
@@ -422,7 +428,7 @@ get_new_tickets(krb5_context context,
char passwd[256];
krb5_deltat start_time = 0;
krb5_deltat renew = 0;
- const char *renewstr = NULL;
+ char *renewstr = NULL;
krb5_enctype *enctype = NULL;
krb5_ccache tempccache;
#ifndef NO_NTLM
@@ -451,6 +457,33 @@ get_new_tickets(krb5_context context,
passwd[strcspn(passwd, "\n")] = '\0';
}
+#ifdef __APPLE__
+ if (passwd[0] == '\0') {
+ const char *realm;
+ OSStatus osret;
+ UInt32 length;
+ void *buffer;
+ char *name;
+
+ realm = krb5_principal_get_realm(context, principal);
+
+ ret = krb5_unparse_name_flags(context, principal,
+ KRB5_PRINCIPAL_UNPARSE_NO_REALM, &name);
+ if (ret)
+ goto nopassword;
+
+ osret = SecKeychainFindGenericPassword(NULL, strlen(realm), realm,
+ strlen(name), name,
+ &length, &buffer, NULL);
+ free(name);
+ if (osret == noErr && length < sizeof(passwd) - 1) {
+ memcpy(passwd, buffer, length);
+ passwd[length] = '\0';
+ }
+ nopassword:
+ do { } while(0);
+ }
+#endif
memset(&cred, 0, sizeof(cred));
@@ -472,7 +505,7 @@ get_new_tickets(krb5_context context,
pac_flag ? TRUE : FALSE);
if (canonicalize_flag)
krb5_get_init_creds_opt_set_canonicalize(context, opt, TRUE);
- if (pk_enterprise_flag && windows_flag)
+ if ((pk_enterprise_flag || enterprise_flag || canonicalize_flag) && windows_flag)
krb5_get_init_creds_opt_set_win2k(context, opt, TRUE);
if (pk_user_id || ent_user_id || anonymous_flag) {
ret = krb5_get_init_creds_opt_set_pkinit(context, opt,
@@ -881,8 +914,23 @@ main (int argc, char **argv)
#endif
} else {
ret = krb5_cc_cache_match(context, principal, &ccache);
- if (ret)
+ if (ret) {
+ const char *type;
ret = krb5_cc_default (context, &ccache);
+ if (ret)
+ krb5_err (context, 1, ret, N_("resolving credentials cache", ""));
+
+ /*
+ * Check if the type support switching, and we do,
+ * then do that instead over overwriting the current
+ * default credential
+ */
+ type = krb5_cc_get_type(context, ccache);
+ if (krb5_cc_support_switch(context, type)) {
+ krb5_cc_close(context, ccache);
+ ret = krb5_cc_new_unique(context, type, NULL, &ccache);
+ }
+ }
}
}
if (ret)
diff --git a/source4/heimdal/lib/asn1/asn1-common.h b/source4/heimdal/lib/asn1/asn1-common.h
index 4c6af8b45e..8ab97761db 100644
--- a/source4/heimdal/lib/asn1/asn1-common.h
+++ b/source4/heimdal/lib/asn1/asn1-common.h
@@ -2,6 +2,7 @@
#include <stddef.h>
#include <time.h>
+#include <krb5-types.h>
#ifndef __asn1_common_definitions__
#define __asn1_common_definitions__
diff --git a/source4/heimdal/lib/asn1/asn1_err.et b/source4/heimdal/lib/asn1/asn1_err.et
index f1a653b1f9..ac7a9ebaa5 100644
--- a/source4/heimdal/lib/asn1/asn1_err.et
+++ b/source4/heimdal/lib/asn1/asn1_err.et
@@ -24,4 +24,6 @@ error_code MAX_CONSTRAINT, "ASN.1 too many elements"
error_code EXACT_CONSTRAINT, "ASN.1 wrong number of elements"
error_code INDEF_OVERRUN, "ASN.1 BER indefinte encoding overrun"
error_code INDEF_UNDERRUN, "ASN.1 BER indefinte encoding underun"
+error_code GOT_BER, "ASN.1 got BER encoded when expected DER"
+error_code INDEF_EXTRA_DATA, "ASN.1 EoC tag contained data"
end
diff --git a/source4/heimdal/lib/asn1/asn1parse.y b/source4/heimdal/lib/asn1/asn1parse.y
index 3835744bbd..13b86b17c1 100644
--- a/source4/heimdal/lib/asn1/asn1parse.y
+++ b/source4/heimdal/lib/asn1/asn1parse.y
@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -250,7 +252,7 @@ ExtensionDefault: kw_EXTENSIBILITY kw_IMPLIED
| /* empty */
;
-ModuleBody : /* Exports */ Imports AssignmentList
+ModuleBody : Exports Imports AssignmentList
| /* empty */
;
@@ -272,11 +274,22 @@ SymbolsFromModule: referencenames kw_FROM IDENTIFIER objid_opt
for(sl = $1; sl != NULL; sl = sl->next) {
Symbol *s = addsym(sl->string);
s->stype = Stype;
+ gen_template_import(s);
}
add_import($3);
}
;
+Exports : kw_EXPORTS referencenames ';'
+ {
+ struct string_list *sl;
+ for(sl = $2; sl != NULL; sl = sl->next)
+ add_export(sl->string);
+ }
+ | kw_EXPORTS kw_ALL
+ | /* empty */
+ ;
+
AssignmentList : Assignment
| Assignment AssignmentList
;
diff --git a/source4/heimdal/lib/asn1/cms.asn1 b/source4/heimdal/lib/asn1/cms.asn1
index 1c13d5f387..ccbe683838 100644
--- a/source4/heimdal/lib/asn1/cms.asn1
+++ b/source4/heimdal/lib/asn1/cms.asn1
@@ -4,7 +4,7 @@
CMS DEFINITIONS ::= BEGIN
IMPORTS CertificateSerialNumber, AlgorithmIdentifier, Name,
- Attribute, Certificate, Name, SubjectKeyIdentifier FROM rfc2459
+ Attribute, Certificate, SubjectKeyIdentifier FROM rfc2459
heim_any, heim_any_set FROM heim;
id-pkcs7 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
diff --git a/source4/heimdal/lib/asn1/der.h b/source4/heimdal/lib/asn1/der.h
index 5b24b917d8..f20cdb83ca 100644
--- a/source4/heimdal/lib/asn1/der.h
+++ b/source4/heimdal/lib/asn1/der.h
@@ -94,6 +94,8 @@ typedef struct heim_ber_time_t {
int bt_zone;
} heim_ber_time_t;
+struct asn1_template;
+
#include <der-protos.h>
int _heim_fix_dce(size_t reallen, size_t *len);
diff --git a/source4/heimdal/lib/asn1/der_copy.c b/source4/heimdal/lib/asn1/der_copy.c
index 51a2a03300..a80c851f96 100644
--- a/source4/heimdal/lib/asn1/der_copy.c
+++ b/source4/heimdal/lib/asn1/der_copy.c
@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -46,6 +48,34 @@ der_copy_general_string (const heim_general_string *from,
}
int
+der_copy_integer (const int *from, int *to)
+{
+ *to = *from;
+ return 0;
+}
+
+int
+der_copy_unsigned (const unsigned *from, unsigned *to)
+{
+ *to = *from;
+ return 0;
+}
+
+int
+der_copy_generalized_time (const time_t *from, time_t *to)
+{
+ *to = *from;
+ return 0;
+}
+
+int
+der_copy_utctime (const time_t *from, time_t *to)
+{
+ *to = *from;
+ return 0;
+}
+
+int
der_copy_utf8string (const heim_utf8_string *from, heim_utf8_string *to)
{
return der_copy_general_string(from, to);
diff --git a/source4/heimdal/lib/asn1/der_free.c b/source4/heimdal/lib/asn1/der_free.c
index 743bb6c466..a16ddaed1c 100644
--- a/source4/heimdal/lib/asn1/der_free.c
+++ b/source4/heimdal/lib/asn1/der_free.c
@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -43,6 +45,31 @@ der_free_general_string (heim_general_string *str)
}
void
+der_free_integer (int *i)
+{
+ *i = 0;
+}
+
+void
+der_free_unsigned (unsigned *u)
+{
+ *u = 0;
+}
+
+void
+der_free_generalized_time(time_t *t)
+{
+ *t = 0;
+}
+
+void
+der_free_utctime(time_t *t)
+{
+ *t = 0;
+}
+
+
+void
der_free_utf8string (heim_utf8_string *str)
{
free(*str);
diff --git a/source4/heimdal/lib/asn1/der_get.c b/source4/heimdal/lib/asn1/der_get.c
index 5a062fb339..aee565040f 100644
--- a/source4/heimdal/lib/asn1/der_get.c
+++ b/source4/heimdal/lib/asn1/der_get.c
@@ -305,7 +305,7 @@ der_get_octet_string_ber (const unsigned char *p, size_t len,
void *ptr;
ptr = realloc(data->data, data->length + datalen);
- if (ptr == NULL && data->length + datalen != 0) {
+ if (ptr == NULL) {
e = ENOMEM;
goto out;
}
@@ -354,23 +354,21 @@ der_get_heim_integer (const unsigned char *p, size_t len,
p++;
data->length--;
}
- if (data->length) {
- data->data = malloc(data->length);
- if (data->data == NULL) {
- data->length = 0;
- if (size)
- *size = 0;
- return ENOMEM;
- }
- q = &((unsigned char*)data->data)[data->length - 1];
- p += data->length - 1;
- while (q >= (unsigned char*)data->data) {
- *q = *p ^ 0xff;
- if (carry)
- carry = !++*q;
- p--;
- q--;
- }
+ data->data = malloc(data->length);
+ if (data->data == NULL) {
+ data->length = 0;
+ if (size)
+ *size = 0;
+ return ENOMEM;
+ }
+ q = &((unsigned char*)data->data)[data->length - 1];
+ p += data->length - 1;
+ while (q >= (unsigned char*)data->data) {
+ *q = *p ^ 0xff;
+ if (carry)
+ carry = !++*q;
+ p--;
+ q--;
}
} else {
data->negative = 0;
diff --git a/source4/heimdal/lib/asn1/der_length.c b/source4/heimdal/lib/asn1/der_length.c
index 5ea3a84845..688e6ba817 100644
--- a/source4/heimdal/lib/asn1/der_length.c
+++ b/source4/heimdal/lib/asn1/der_length.c
@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -113,6 +115,20 @@ der_length_len (size_t len)
}
size_t
+der_length_tag(unsigned int tag)
+{
+ size_t len = 0;
+
+ if(tag <= 30)
+ return 1;
+ while(tag) {
+ tag /= 128;
+ len++;
+ }
+ return len + 1;
+}
+
+size_t
der_length_integer (const int *data)
{
return _heim_len_int (*data);
diff --git a/source4/heimdal/lib/asn1/der_locl.h b/source4/heimdal/lib/asn1/der_locl.h
index 1f27e72903..0f65c50a22 100644
--- a/source4/heimdal/lib/asn1/der_locl.h
+++ b/source4/heimdal/lib/asn1/der_locl.h
@@ -52,6 +52,8 @@
#include <asn1-common.h>
#include <asn1_err.h>
#include <der.h>
+#include <der-private.h>
+#include "asn1-template.h"
time_t _der_timegm (struct tm *);
size_t _heim_len_unsigned (unsigned);
diff --git a/source4/heimdal/lib/asn1/digest.asn1 b/source4/heimdal/lib/asn1/digest.asn1
index 5ee5bd4a99..027402f1ef 100644
--- a/source4/heimdal/lib/asn1/digest.asn1
+++ b/source4/heimdal/lib/asn1/digest.asn1
@@ -100,6 +100,21 @@ NTLMResponse ::= SEQUENCE {
tickets [3] SEQUENCE OF OCTET STRING OPTIONAL
}
+NTLMRequest2 ::= SEQUENCE {
+ loginUserName [0] UTF8String,
+ loginDomainName [1] UTF8String,
+ flags [2] INTEGER (0..4294967295),
+ lmchallenge [3] OCTET STRING SIZE (8),
+ ntChallengeResponce [4] OCTET STRING,
+ lmChallengeResponce [5] OCTET STRING
+}
+
+NTLMReply ::= SEQUENCE {
+ success [0] BOOLEAN,
+ flags [1] INTEGER (0..4294967295),
+ sessionkey [2] OCTET STRING OPTIONAL
+}
+
DigestReqInner ::= CHOICE {
init [0] DigestInit,
digestRequest [1] DigestRequest,
diff --git a/source4/heimdal/lib/asn1/extra.c b/source4/heimdal/lib/asn1/extra.c
index b244dbb52a..95780a7898 100644
--- a/source4/heimdal/lib/asn1/extra.c
+++ b/source4/heimdal/lib/asn1/extra.c
@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -40,13 +42,7 @@ int
encode_heim_any(unsigned char *p, size_t len,
const heim_any *data, size_t *size)
{
- if (data->length > len)
- return ASN1_OVERFLOW;
- p -= data->length;
- len -= data->length;
- memcpy (p+1, data->data, data->length);
- *size = data->length;
- return 0;
+ return der_put_octet_string (p, len, data, size);
}
int
@@ -91,8 +87,7 @@ decode_heim_any(const unsigned char *p, size_t len,
void
free_heim_any(heim_any *data)
{
- free(data->data);
- data->data = NULL;
+ der_free_octet_string(data);
}
size_t
@@ -104,58 +99,43 @@ length_heim_any(const heim_any *data)
int
copy_heim_any(const heim_any *from, heim_any *to)
{
- to->data = malloc(from->length);
- if (to->data == NULL && from->length != 0)
- return ENOMEM;
- memcpy(to->data, from->data, from->length);
- to->length = from->length;
- return 0;
+ return der_copy_octet_string(from, to);
}
int
encode_heim_any_set(unsigned char *p, size_t len,
const heim_any_set *data, size_t *size)
{
- return encode_heim_any(p, len, data, size);
+ return der_put_octet_string (p, len, data, size);
}
-
int
decode_heim_any_set(const unsigned char *p, size_t len,
heim_any_set *data, size_t *size)
{
- memset(data, 0, sizeof(*data));
- data->data = malloc(len);
- if (data->data == NULL && len != 0)
- return ENOMEM;
- data->length = len;
- memcpy(data->data, p, len);
- if (size) *size = len;
- return 0;
+ return der_get_octet_string(p, len, data, size);
}
void
free_heim_any_set(heim_any_set *data)
{
- free_heim_any(data);
+ der_free_octet_string(data);
}
size_t
length_heim_any_set(const heim_any *data)
{
- return length_heim_any(data);
+ return data->length;
}
int
copy_heim_any_set(const heim_any_set *from, heim_any_set *to)
{
- return copy_heim_any(from, to);
+ return der_copy_octet_string(from, to);
}
int
heim_any_cmp(const heim_any_set *p, const heim_any_set *q)
{
- if (p->length != q->length)
- return p->length - q->length;
- return memcmp(p->data, q->data, p->length);
+ return der_heim_octet_string_cmp(p, q);
}
diff --git a/source4/heimdal/lib/asn1/gen.c b/source4/heimdal/lib/asn1/gen.c
index 780c18b36f..8c13434203 100644
--- a/source4/heimdal/lib/asn1/gen.c
+++ b/source4/heimdal/lib/asn1/gen.c
@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -35,12 +37,12 @@
RCSID("$Id$");
-FILE *headerfile, *codefile, *logfile;
+FILE *privheaderfile, *headerfile, *codefile, *logfile, *templatefile;
#define STEM "asn1"
static const char *orig_filename;
-static char *header;
+static char *privheader, *header, *template;
static const char *headerbase = STEM;
/*
@@ -66,6 +68,45 @@ add_import (const char *module)
fprintf (headerfile, "#include <%s_asn1.h>\n", module);
}
+/*
+ * List of all exported symbols
+ */
+
+struct sexport {
+ const char *name;
+ int defined;
+ struct sexport *next;
+};
+
+static struct sexport *exports = NULL;
+
+void
+add_export (const char *name)
+{
+ struct sexport *tmp = emalloc (sizeof(*tmp));
+
+ tmp->name = name;
+ tmp->next = exports;
+ exports = tmp;
+}
+
+int
+is_export(const char *name)
+{
+ struct sexport *tmp;
+
+ if (exports == NULL) /* no export list, all exported */
+ return 1;
+
+ for (tmp = exports; tmp != NULL; tmp = tmp->next) {
+ if (strcmp(tmp->name, name) == 0) {
+ tmp->defined = 1;
+ return 1;
+ }
+ }
+ return 0;
+}
+
const char *
get_filename (void)
{
@@ -96,6 +137,23 @@ init_generate (const char *filename, const char *base)
err (1, "open %s", fn);
free(fn);
+ /* private header file */
+ asprintf(&privheader, "%s-priv.h", headerbase);
+ if (privheader == NULL)
+ errx(1, "malloc");
+ asprintf(&fn, "%s-priv.hx", headerbase);
+ if (fn == NULL)
+ errx(1, "malloc");
+ privheaderfile = fopen (fn, "w");
+ if (privheaderfile == NULL)
+ err (1, "open %s", fn);
+ free(fn);
+
+ /* template file */
+ asprintf(&template, "%s-template.c", headerbase);
+ if (template == NULL)
+ errx(1, "malloc");
+
fprintf (headerfile,
"/* Generated from %s */\n"
"/* Do not edit */\n\n",
@@ -182,6 +240,36 @@ init_generate (const char *filename, const char *base)
logfile = fopen(fn, "w");
if (logfile == NULL)
err (1, "open %s", fn);
+
+ /* if one code file, write into the one codefile */
+ if (one_code_file)
+ return;
+
+ templatefile = fopen (template, "w");
+ if (templatefile == NULL)
+ err (1, "open %s", template);
+
+ fprintf (templatefile,
+ "/* Generated from %s */\n"
+ "/* Do not edit */\n\n"
+ "#include <stdio.h>\n"
+ "#include <stdlib.h>\n"
+ "#include <time.h>\n"
+ "#include <string.h>\n"
+ "#include <errno.h>\n"
+ "#include <limits.h>\n"
+ "#include <krb5-types.h>\n",
+ filename);
+
+ fprintf (templatefile,
+ "#include <%s>\n"
+ "#include <%s>\n"
+ "#include <der.h>\n"
+ "#include <der-private.h>\n"
+ "#include <asn1-template.h>\n",
+ header, privheader);
+
+
}
void
@@ -189,9 +277,15 @@ close_generate (void)
{
fprintf (headerfile, "#endif /* __%s_h__ */\n", headerbase);
- fclose (headerfile);
- fprintf (logfile, "\n");
- fclose (logfile);
+ if (headerfile)
+ fclose (headerfile);
+ if (privheaderfile)
+ fclose (privheaderfile);
+ if (templatefile)
+ fclose (templatefile);
+ if (logfile)
+ fprintf (logfile, "\n");
+ fclose (logfile);
}
void
@@ -265,11 +359,14 @@ generate_header_of_codefile(const char *name)
orig_filename);
fprintf (codefile,
- "#include <%s.h>\n",
- headerbase);
+ "#include <%s>\n"
+ "#include <%s>\n",
+ header, privheader);
fprintf (codefile,
"#include <asn1_err.h>\n"
"#include <der.h>\n"
+ "#include <der-private.h>\n"
+ "#include <asn1-template.h>\n"
"#include <parse_units.h>\n\n");
}
@@ -328,8 +425,6 @@ generate_constant (const Symbol *s)
}
fprintf (headerfile, "} */\n");
- fprintf (headerfile, "const heim_oid *oid_%s(void);\n",
- s->gen_name);
fprintf (headerfile,
"extern const heim_oid asn1_oid_%s;\n\n",
s->gen_name);
@@ -346,12 +441,6 @@ generate_constant (const Symbol *s)
"{ %d, oid_%s_variable_num };\n\n",
s->gen_name, len, s->gen_name);
- fprintf (codefile, "const heim_oid *oid_%s(void)\n"
- "{\n"
- "return &asn1_oid_%s;\n"
- "}\n\n",
- s->gen_name, s->gen_name);
-
free(list);
if (!one_code_file)
@@ -364,6 +453,33 @@ generate_constant (const Symbol *s)
}
}
+int
+is_primitive_type(int type)
+{
+ switch(type) {
+ case TInteger:
+ case TBoolean:
+ case TOctetString:
+ case TBitString:
+ case TEnumerated:
+ case TGeneralizedTime:
+ case TGeneralString:
+ case TTeletexString:
+ case TOID:
+ case TUTCTime:
+ case TUTF8String:
+ case TPrintableString:
+ case TIA5String:
+ case TBMPString:
+ case TUniversalString:
+ case TVisibleString:
+ case TNull:
+ return 1;
+ default:
+ return 0;
+ }
+}
+
static void
space(int level)
{
@@ -550,8 +666,24 @@ define_asn1 (int level, Type *t)
}
static void
-define_type (int level, const char *name, Type *t, int typedefp, int preservep)
+getnewbasename(char **newbasename, int typedefp, const char *basename, const char *name)
+{
+ if (typedefp)
+ *newbasename = strdup(name);
+ else {
+ if (name[0] == '*')
+ name++;
+ asprintf(newbasename, "%s_%s", basename, name);
+ }
+ if (*newbasename == NULL)
+ err(1, "malloc");
+}
+
+static void
+define_type (int level, const char *name, const char *basename, Type *t, int typedefp, int preservep)
{
+ char *newbasename = NULL;
+
switch (t->type) {
case TType:
space(level);
@@ -602,16 +734,37 @@ define_type (int level, const char *name, Type *t, int typedefp, int preservep)
if(ASN1_TAILQ_EMPTY(t->members))
fprintf (headerfile, "heim_bit_string %s;\n", name);
else {
- fprintf (headerfile, "struct %s {\n", typedefp ? name : "");
+ int pos = 0;
+ getnewbasename(&newbasename, typedefp, basename, name);
+
+ fprintf (headerfile, "struct %s {\n", newbasename);
ASN1_TAILQ_FOREACH(m, t->members, members) {
char *n;
+ /* pad unused */
+ while (pos < m->val) {
+ asprintf (&n, "_unused%d:1", pos);
+ define_type (level + 1, n, newbasename, &i, FALSE, FALSE);
+ free(n);
+ pos++;
+ }
+
asprintf (&n, "%s:1", m->gen_name);
if (n == NULL)
errx(1, "malloc");
- define_type (level + 1, n, &i, FALSE, FALSE);
+ define_type (level + 1, n, newbasename, &i, FALSE, FALSE);
free (n);
+ pos++;
+ }
+ /* pad to 32 elements */
+ while (pos < 32) {
+ char *n;
+ asprintf (&n, "_unused%d:1", pos);
+ define_type (level + 1, n, newbasename, &i, FALSE, FALSE);
+ free(n);
+ pos++;
}
+
space(level);
fprintf (headerfile, "} %s;\n\n", name);
}
@@ -638,8 +791,10 @@ define_type (int level, const char *name, Type *t, int typedefp, int preservep)
case TSequence: {
Member *m;
+ getnewbasename(&newbasename, typedefp, basename, name);
+
space(level);
- fprintf (headerfile, "struct %s {\n", typedefp ? name : "");
+ fprintf (headerfile, "struct %s {\n", newbasename);
if (t->type == TSequence && preservep) {
space(level + 1);
fprintf(headerfile, "heim_octet_string _save;\n");
@@ -653,10 +808,10 @@ define_type (int level, const char *name, Type *t, int typedefp, int preservep)
asprintf (&n, "*%s", m->gen_name);
if (n == NULL)
errx(1, "malloc");
- define_type (level + 1, n, m->type, FALSE, FALSE);
+ define_type (level + 1, n, newbasename, m->type, FALSE, FALSE);
free (n);
} else
- define_type (level + 1, m->gen_name, m->type, FALSE, FALSE);
+ define_type (level + 1, m->gen_name, newbasename, m->type, FALSE, FALSE);
}
space(level);
fprintf (headerfile, "} %s;\n", name);
@@ -667,15 +822,17 @@ define_type (int level, const char *name, Type *t, int typedefp, int preservep)
Type i;
struct range range = { 0, INT_MAX };
+ getnewbasename(&newbasename, typedefp, basename, name);
+
i.type = TInteger;
i.range = &range;
i.members = NULL;
i.constraint = NULL;
space(level);
- fprintf (headerfile, "struct %s {\n", typedefp ? name : "");
- define_type (level + 1, "len", &i, FALSE, FALSE);
- define_type (level + 1, "*val", t->subtype, FALSE, FALSE);
+ fprintf (headerfile, "struct %s {\n", newbasename);
+ define_type (level + 1, "len", newbasename, &i, FALSE, FALSE);
+ define_type (level + 1, "*val", newbasename, t->subtype, FALSE, FALSE);
space(level);
fprintf (headerfile, "} %s;\n", name);
break;
@@ -693,14 +850,16 @@ define_type (int level, const char *name, Type *t, int typedefp, int preservep)
fprintf (headerfile, "heim_general_string %s;\n", name);
break;
case TTag:
- define_type (level, name, t->subtype, typedefp, preservep);
+ define_type (level, name, basename, t->subtype, typedefp, preservep);
break;
case TChoice: {
int first = 1;
Member *m;
+ getnewbasename(&newbasename, typedefp, basename, name);
+
space(level);
- fprintf (headerfile, "struct %s {\n", typedefp ? name : "");
+ fprintf (headerfile, "struct %s {\n", newbasename);
if (preservep) {
space(level + 1);
fprintf(headerfile, "heim_octet_string _save;\n");
@@ -737,10 +896,10 @@ define_type (int level, const char *name, Type *t, int typedefp, int preservep)
asprintf (&n, "*%s", m->gen_name);
if (n == NULL)
errx(1, "malloc");
- define_type (level + 2, n, m->type, FALSE, FALSE);
+ define_type (level + 2, n, newbasename, m->type, FALSE, FALSE);
free (n);
} else
- define_type (level + 2, m->gen_name, m->type, FALSE, FALSE);
+ define_type (level + 2, m->gen_name, newbasename, m->type, FALSE, FALSE);
}
space(level + 1);
fprintf (headerfile, "} u;\n");
@@ -787,6 +946,8 @@ define_type (int level, const char *name, Type *t, int typedefp, int preservep)
default:
abort ();
}
+ if (newbasename)
+ free(newbasename);
}
static void
@@ -800,27 +961,61 @@ generate_type_header (const Symbol *s)
fprintf (headerfile, "\n*/\n\n");
fprintf (headerfile, "typedef ");
- define_type (0, s->gen_name, s->type, TRUE, preservep);
+ define_type (0, s->gen_name, s->gen_name, s->type, TRUE, preservep);
fprintf (headerfile, "\n");
}
-
void
generate_type (const Symbol *s)
{
+ FILE *h;
+
if (!one_code_file)
generate_header_of_codefile(s->gen_name);
generate_type_header (s);
- generate_type_encode (s);
- generate_type_decode (s);
- generate_type_free (s);
- generate_type_length (s);
- generate_type_copy (s);
+
+ if (template_flag)
+ generate_template(s);
+
+ if (template_flag == 0 || is_template_compat(s) == 0) {
+ generate_type_encode (s);
+ generate_type_decode (s);
+ generate_type_free (s);
+ generate_type_length (s);
+ generate_type_copy (s);
+ }
generate_type_seq (s);
generate_glue (s->type, s->gen_name);
- fprintf(headerfile, "\n\n");
+
+ /* generate prototypes */
+
+ if (is_export(s->name))
+ h = headerfile;
+ else
+ h = privheaderfile;
+
+ fprintf (h,
+ "int "
+ "decode_%s(const unsigned char *, size_t, %s *, size_t *);\n",
+ s->gen_name, s->gen_name);
+ fprintf (h,
+ "int "
+ "encode_%s(unsigned char *, size_t, const %s *, size_t *);\n",
+ s->gen_name, s->gen_name);
+ fprintf (h,
+ "size_t length_%s(const %s *);\n",
+ s->gen_name, s->gen_name);
+ fprintf (h,
+ "int copy_%s (const %s *, %s *);\n",
+ s->gen_name, s->gen_name, s->gen_name);
+ fprintf (h,
+ "void free_%s (%s *);\n",
+ s->gen_name, s->gen_name);
+
+
+ fprintf(h, "\n\n");
if (!one_code_file) {
fprintf(codefile, "\n\n");
diff --git a/source4/heimdal/lib/asn1/gen_copy.c b/source4/heimdal/lib/asn1/gen_copy.c
index f28647d19a..5e228d0e64 100644
--- a/source4/heimdal/lib/asn1/gen_copy.c
+++ b/source4/heimdal/lib/asn1/gen_copy.c
@@ -228,10 +228,6 @@ generate_type_copy (const Symbol *s)
used_fail = 0;
- fprintf (headerfile,
- "int copy_%s (const %s *, %s *);\n",
- s->gen_name, s->gen_name, s->gen_name);
-
fprintf (codefile, "int\n"
"copy_%s(const %s *from, %s *to)\n"
"{\n"
diff --git a/source4/heimdal/lib/asn1/gen_decode.c b/source4/heimdal/lib/asn1/gen_decode.c
index 327de4c98c..043cfac2db 100644
--- a/source4/heimdal/lib/asn1/gen_decode.c
+++ b/source4/heimdal/lib/asn1/gen_decode.c
@@ -56,33 +56,6 @@ decode_primitive (const char *typename, const char *name, const char *forwstr)
#endif
}
-static int
-is_primitive_type(int type)
-{
- switch(type) {
- case TInteger:
- case TBoolean:
- case TOctetString:
- case TBitString:
- case TEnumerated:
- case TGeneralizedTime:
- case TGeneralString:
- case TTeletexString:
- case TOID:
- case TUTCTime:
- case TUTF8String:
- case TPrintableString:
- case TIA5String:
- case TBMPString:
- case TUniversalString:
- case TVisibleString:
- case TNull:
- return 1;
- default:
- return 0;
- }
-}
-
static void
find_tag (const Type *t,
Der_class *cl, Der_type *ty, unsigned *tag)
@@ -630,7 +603,7 @@ decode_type (const char *name, const Type *t, int optional,
fprintf(codefile,
"else {\n"
"(%s)->u.%s.data = calloc(1, len);\n"
- "if ((%s)->u.%s.data == NULL && len != 0) {\n"
+ "if ((%s)->u.%s.data == NULL) {\n"
"e = ENOMEM; %s;\n"
"}\n"
"(%s)->u.%s.length = len;\n"
@@ -694,11 +667,6 @@ generate_type_decode (const Symbol *s)
{
int preserve = preserve_type(s->name) ? TRUE : FALSE;
- fprintf (headerfile,
- "int "
- "decode_%s(const unsigned char *, size_t, %s *, size_t *);\n",
- s->gen_name, s->gen_name);
-
fprintf (codefile, "int\n"
"decode_%s(const unsigned char *p,"
" size_t len, %s *data, size_t *size)\n"
@@ -744,7 +712,7 @@ generate_type_decode (const Symbol *s)
if (preserve)
fprintf (codefile,
"data->_save.data = calloc(1, ret);\n"
- "if (data->_save.data == NULL && ret != 0) { \n"
+ "if (data->_save.data == NULL) { \n"
"e = ENOMEM; goto fail; \n"
"}\n"
"data->_save.length = ret;\n"
diff --git a/source4/heimdal/lib/asn1/gen_encode.c b/source4/heimdal/lib/asn1/gen_encode.c
index 012d4677f4..e9b4e7cd12 100644
--- a/source4/heimdal/lib/asn1/gen_encode.c
+++ b/source4/heimdal/lib/asn1/gen_encode.c
@@ -508,11 +508,6 @@ encode_type (const char *name, const Type *t, const char *tmpstr)
void
generate_type_encode (const Symbol *s)
{
- fprintf (headerfile,
- "int "
- "encode_%s(unsigned char *, size_t, const %s *, size_t *);\n",
- s->gen_name, s->gen_name);
-
fprintf (codefile, "int\n"
"encode_%s(unsigned char *p, size_t len,"
" const %s *data, size_t *size)\n"
diff --git a/source4/heimdal/lib/asn1/gen_free.c b/source4/heimdal/lib/asn1/gen_free.c
index 48fe8cd787..dc612074a3 100644
--- a/source4/heimdal/lib/asn1/gen_free.c
+++ b/source4/heimdal/lib/asn1/gen_free.c
@@ -180,18 +180,14 @@ free_type (const char *name, const Type *t, int preserve)
void
generate_type_free (const Symbol *s)
{
- int preserve = preserve_type(s->name) ? TRUE : FALSE;
-
- fprintf (headerfile,
- "void free_%s (%s *);\n",
- s->gen_name, s->gen_name);
-
- fprintf (codefile, "void\n"
- "free_%s(%s *data)\n"
- "{\n",
- s->gen_name, s->gen_name);
-
- free_type ("data", s->type, preserve);
- fprintf (codefile, "}\n\n");
+ int preserve = preserve_type(s->name) ? TRUE : FALSE;
+
+ fprintf (codefile, "void\n"
+ "free_%s(%s *data)\n"
+ "{\n",
+ s->gen_name, s->gen_name);
+
+ free_type ("data", s->type, preserve);
+ fprintf (codefile, "}\n\n");
}
diff --git a/source4/heimdal/lib/asn1/gen_glue.c b/source4/heimdal/lib/asn1/gen_glue.c
index 9f7eca45eb..32680cef41 100644
--- a/source4/heimdal/lib/asn1/gen_glue.c
+++ b/source4/heimdal/lib/asn1/gen_glue.c
@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -70,7 +72,8 @@ generate_int2 (const Type *t, const char *gen_name)
fprintf (codefile,
"%s int2%s(unsigned n)\n"
"{\n"
- "\t%s flags;\n\n",
+ "\t%s flags;\n\n"
+ "\tmemset(&flags, 0, sizeof(flags));\n\n",
gen_name, gen_name, gen_name);
if(t->members) {
@@ -92,9 +95,17 @@ generate_units (const Type *t, const char *gen_name)
{
Member *m;
- fprintf (headerfile,
- "const struct units * asn1_%s_units(void);",
- gen_name);
+ if (template_flag) {
+ fprintf (headerfile,
+ "extern const struct units *asn1_%s_table_units;\n",
+ gen_name);
+ fprintf (headerfile, "#define asn1_%s_units() (asn1_%s_table_units)\n",
+ gen_name, gen_name);
+ } else {
+ fprintf (headerfile,
+ "const struct units * asn1_%s_units(void);",
+ gen_name);
+ }
fprintf (codefile,
"static struct units %s_units[] = {\n",
@@ -111,11 +122,16 @@ generate_units (const Type *t, const char *gen_name)
"\t{NULL,\t0}\n"
"};\n\n");
- fprintf (codefile,
- "const struct units * asn1_%s_units(void){\n"
- "return %s_units;\n"
- "}\n\n",
- gen_name, gen_name);
+ if (template_flag)
+ fprintf (codefile,
+ "const struct units * asn1_%s_table_units = %s_units;\n",
+ gen_name, gen_name);
+ else
+ fprintf (codefile,
+ "const struct units * asn1_%s_units(void){\n"
+ "return %s_units;\n"
+ "}\n\n",
+ gen_name, gen_name);
}
diff --git a/source4/heimdal/lib/asn1/gen_length.c b/source4/heimdal/lib/asn1/gen_length.c
index e1f045c4c5..da6d26e373 100644
--- a/source4/heimdal/lib/asn1/gen_length.c
+++ b/source4/heimdal/lib/asn1/gen_length.c
@@ -43,6 +43,7 @@ length_primitive (const char *typename,
fprintf (codefile, "%s += der_length_%s(%s);\n", variable, typename, name);
}
+/* XXX same as der_length_tag */
static size_t
length_tag(unsigned int tag)
{
@@ -269,10 +270,6 @@ length_type (const char *name, const Type *t,
void
generate_type_length (const Symbol *s)
{
- fprintf (headerfile,
- "size_t length_%s(const %s *);\n",
- s->gen_name, s->gen_name);
-
fprintf (codefile,
"size_t\n"
"length_%s(const %s *data)\n"
diff --git a/source4/heimdal/lib/asn1/gen_locl.h b/source4/heimdal/lib/asn1/gen_locl.h
index 2bb64b5a38..9e87b0c578 100644
--- a/source4/heimdal/lib/asn1/gen_locl.h
+++ b/source4/heimdal/lib/asn1/gen_locl.h
@@ -52,6 +52,7 @@
#include "symbol.h"
#include "asn1-common.h"
#include "der.h"
+#include "der-private.h"
void generate_type (const Symbol *);
void generate_constant (const Symbol *);
@@ -74,7 +75,10 @@ void init_generate (const char *, const char *);
const char *get_filename (void);
void close_generate(void);
void add_import(const char *);
+void add_export(const char *);
+int is_export(const char *);
int yyparse(void);
+int is_primitive_type(int);
int preserve_type(const char *);
int seq_type(const char *);
@@ -82,9 +86,14 @@ int seq_type(const char *);
void generate_header_of_codefile(const char *);
void close_codefile(void);
+int is_template_compat (const Symbol *);
+void generate_template(const Symbol *);
+void gen_template_import(const Symbol *);
-extern FILE *headerfile, *codefile, *logfile;
+
+extern FILE *privheaderfile, *headerfile, *codefile, *logfile, *templatefile;
extern int support_ber;
+extern int template_flag;
extern int rfc1510_bitstring;
extern int one_code_file;
diff --git a/source4/heimdal/lib/asn1/krb5.asn1 b/source4/heimdal/lib/asn1/krb5.asn1
index adc09ac680..ed663fcf5f 100644
--- a/source4/heimdal/lib/asn1/krb5.asn1
+++ b/source4/heimdal/lib/asn1/krb5.asn1
@@ -2,6 +2,78 @@
KERBEROS5 DEFINITIONS ::=
BEGIN
+EXPORTS
+ AD-AND-OR,
+ AD-IF-RELEVANT,
+ AD-KDCIssued,
+ AD-LoginAlias,
+ AP-REP,
+ AP-REQ,
+ AS-REP,
+ AS-REQ,
+ AUTHDATA-TYPE,
+ Authenticator,
+ AuthorizationData,
+ AuthorizationDataElement,
+ CKSUMTYPE,
+ ChangePasswdDataMS,
+ Checksum,
+ ENCTYPE,
+ ETYPE-INFO,
+ ETYPE-INFO-ENTRY,
+ ETYPE-INFO2,
+ ETYPE-INFO2-ENTRY,
+ EncAPRepPart,
+ EncASRepPart,
+ EncKDCRepPart,
+ EncKrbCredPart,
+ EncKrbPrivPart,
+ EncTGSRepPart,
+ EncTicketPart,
+ EncryptedData,
+ EncryptionKey,
+ EtypeList,
+ HostAddress,
+ HostAddresses,
+ KDC-REQ-BODY,
+ KDCOptions,
+ KDC-REP,
+ KRB-CRED,
+ KRB-ERROR,
+ KRB-PRIV,
+ KRB-SAFE,
+ KRB-SAFE-BODY,
+ KRB5SignedPath,
+ KRB5SignedPathData,
+ KRB5SignedPathPrincipals,
+ KerberosString,
+ KerberosTime,
+ KrbCredInfo,
+ LR-TYPE,
+ LastReq,
+ METHOD-DATA,
+ NAME-TYPE,
+ PA-ClientCanonicalized,
+ PA-ClientCanonicalizedNames,
+ PA-DATA,
+ PA-ENC-TS-ENC,
+ PA-PAC-REQUEST,
+ PA-S4U2Self,
+ PA-SERVER-REFERRAL-DATA,
+ PA-ServerReferralData,
+ PA-SvrReferralData,
+ PADATA-TYPE,
+ Principal,
+ PrincipalName,
+ Principals,
+ Realm,
+ TGS-REP,
+ TGS-REQ,
+ Ticket,
+ TicketFlags,
+ TransitedEncoding,
+ TypedData
+ ;
NAME-TYPE ::= INTEGER {
KRB5_NT_UNKNOWN(0), -- Name type not known
@@ -256,11 +328,7 @@ KDCOptions ::= BIT STRING {
proxy(4),
allow-postdate(5),
postdated(6),
- unused7(7),
renewable(8),
- unused9(9),
- unused10(10),
- unused11(11),
request-anonymous(14),
canonicalize(15),
constrained-delegation(16), -- ms extension
diff --git a/source4/heimdal/lib/asn1/main.c b/source4/heimdal/lib/asn1/main.c
index 5cef970d78..a99e69d0f9 100644
--- a/source4/heimdal/lib/asn1/main.c
+++ b/source4/heimdal/lib/asn1/main.c
@@ -63,12 +63,14 @@ seq_type(const char *p)
}
int support_ber;
+int template_flag;
int rfc1510_bitstring;
int one_code_file;
char *option_file;
int version_flag;
int help_flag;
struct getargs args[] = {
+ { "template", 0, arg_flag, &template_flag },
{ "encode-rfc1510-bit-string", 0, arg_flag, &rfc1510_bitstring },
{ "decode-dce-ber", 0, arg_flag, &support_ber },
{ "support-ber", 0, arg_flag, &support_ber },
diff --git a/source4/heimdal/lib/asn1/symbol.c b/source4/heimdal/lib/asn1/symbol.c
index ac00bdc6cb..e65876a032 100644
--- a/source4/heimdal/lib/asn1/symbol.c
+++ b/source4/heimdal/lib/asn1/symbol.c
@@ -34,8 +34,6 @@
#include "gen_locl.h"
#include "lex.h"
-RCSID("$Id$");
-
static Hashtab *htab;
static int
@@ -68,7 +66,7 @@ output_name(char *s)
char *p;
for (p = s; *p; ++p)
- if (*p == '-')
+ if (*p == '-' || *p == '.')
*p = '_';
}
diff --git a/source4/heimdal/lib/asn1/test.asn1 b/source4/heimdal/lib/asn1/test.asn1
index f6237b85b8..e3c72ac76e 100644
--- a/source4/heimdal/lib/asn1/test.asn1
+++ b/source4/heimdal/lib/asn1/test.asn1
@@ -6,8 +6,11 @@ BEGIN
IMPORTS heim_any FROM heim;
+TESTuint32 ::= INTEGER (0..4294967295)
+
TESTLargeTag ::= SEQUENCE {
- foo[127] INTEGER (-2147483648..2147483647)
+ foo[127] INTEGER (-2147483648..2147483647),
+ bar[128] INTEGER (-2147483648..2147483647)
}
TESTSeq ::= SEQUENCE {
@@ -57,6 +60,11 @@ TESTAlloc ::= SEQUENCE {
tagless2 heim_any OPTIONAL
}
+TESTOptional ::= SEQUENCE {
+ zero [0] INTEGER (-2147483648..2147483647) OPTIONAL,
+ one [1] INTEGER (-2147483648..2147483647) OPTIONAL
+}
+
TESTCONTAINING ::= OCTET STRING ( CONTAINING INTEGER )
TESTENCODEDBY ::= OCTET STRING ( ENCODED BY
@@ -92,4 +100,36 @@ TESTSeqSizeOf4 ::= SEQUENCE SIZE (MIN..2) OF TESTInteger
TESTOSSize1 ::= OCTET STRING SIZE (1..2)
+TESTSeqOfSeq ::= SEQUENCE OF SEQUENCE {
+ zero [0] TESTInteger
+}
+
+TESTSeqOfSeq2 ::= SEQUENCE OF SEQUENCE {
+ string [0] GeneralString
+}
+
+TESTSeqOfSeq3 ::= SEQUENCE OF SEQUENCE {
+ zero [0] TESTInteger,
+ string [0] GeneralString
+}
+
+TESTSeqOf2 ::= SEQUENCE {
+ strings SEQUENCE OF GeneralString
+}
+
+TESTSeqOf3 ::= SEQUENCE {
+ strings SEQUENCE OF GeneralString OPTIONAL
+}
+
+TESTPreserve ::= SEQUENCE {
+ zero [0] TESTInteger,
+ one [1] TESTInteger
+}
+
+TESTBitString ::= BIT STRING {
+ zero(0),
+ eight(8),
+ thirtyone(31)
+}
+
END
diff --git a/source4/heimdal/lib/com_err/compile_et.c b/source4/heimdal/lib/com_err/compile_et.c
index a28e51f8da..11beaeba4b 100644
--- a/source4/heimdal/lib/com_err/compile_et.c
+++ b/source4/heimdal/lib/com_err/compile_et.c
@@ -32,6 +32,9 @@
*/
#undef ROKEN_RENAME
+
+#include "config.h"
+
#include "compile_et.h"
#include <getarg.h>
@@ -219,7 +222,7 @@ main(int argc, char **argv)
err(1, "%s", filename);
- p = strrchr(filename, '/');
+ p = strrchr(filename, rk_PATH_DELIM);
if(p)
p++;
else
diff --git a/source4/heimdal/lib/gssapi/gssapi/gssapi.h b/source4/heimdal/lib/gssapi/gssapi/gssapi.h
index 6052ec8134..730737a46a 100644
--- a/source4/heimdal/lib/gssapi/gssapi/gssapi.h
+++ b/source4/heimdal/lib/gssapi/gssapi/gssapi.h
@@ -45,10 +45,12 @@
#ifndef BUILD_GSSAPI_LIB
#if defined(_WIN32)
-#define GSSAPI_LIB_FUNCTION _stdcall __declspec(dllimport)
+#define GSSAPI_LIB_FUNCTION __declspec(dllimport)
+#define GSSAPI_LIB_CALL __stdcall
#define GSSAPI_LIB_VARIABLE __declspec(dllimport)
#else
#define GSSAPI_LIB_FUNCTION
+#define GSSAPI_LIB_CALL
#define GSSAPI_LIB_VARIABLE
#endif
#endif
@@ -810,7 +812,8 @@ extern gss_OID GSSAPI_LIB_VARIABLE GSS_C_ATTR_STREAM_SIZES;
OM_uint32 GSSAPI_LIB_FUNCTION
gss_context_query_attributes(OM_uint32 * /* minor_status */,
- gss_OID /* attribute */,
+ const gss_ctx_id_t /* context_handle */,
+ const gss_OID /* attribute */,
void * /*data*/,
size_t /* len */);
/*
diff --git a/source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h b/source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h
index 4d004d90b5..1b91bbbb84 100644
--- a/source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h
+++ b/source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h
@@ -106,27 +106,27 @@ gss_krb5_ccache_name(OM_uint32 * /*minor_status*/,
const char ** /*out_name */);
OM_uint32 GSSAPI_LIB_FUNCTION gsskrb5_register_acceptor_identity
- (const char */*identity*/);
+ (const char * /*identity*/);
OM_uint32 GSSAPI_LIB_FUNCTION krb5_gss_register_acceptor_identity
- (const char */*identity*/);
+ (const char * /*identity*/);
OM_uint32 GSSAPI_LIB_FUNCTION gss_krb5_copy_ccache
- (OM_uint32 */*minor*/,
+ (OM_uint32 * /*minor*/,
gss_cred_id_t /*cred*/,
- struct krb5_ccache_data */*out*/);
+ struct krb5_ccache_data * /*out*/);
OM_uint32 GSSAPI_LIB_FUNCTION
-gss_krb5_import_cred(OM_uint32 */*minor*/,
+gss_krb5_import_cred(OM_uint32 * /*minor*/,
struct krb5_ccache_data * /*in*/,
struct Principal * /*keytab_principal*/,
struct krb5_keytab_data * /*keytab*/,
- gss_cred_id_t */*out*/);
+ gss_cred_id_t * /*out*/);
OM_uint32 GSSAPI_LIB_FUNCTION gss_krb5_get_tkt_flags
- (OM_uint32 */*minor*/,
+ (OM_uint32 * /*minor*/,
gss_ctx_id_t /*context_handle*/,
- OM_uint32 */*tkt_flags*/);
+ OM_uint32 * /*tkt_flags*/);
OM_uint32 GSSAPI_LIB_FUNCTION
gsskrb5_extract_authz_data_from_sec_context
diff --git a/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c b/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c
index 355d1c4332..e3ba189b36 100644
--- a/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c
+++ b/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c
@@ -207,9 +207,9 @@ gsskrb5_acceptor_ready(OM_uint32 * minor_status,
int32_t seq_number;
int is_cfx = 0;
- krb5_auth_getremoteseqnumber (context,
- ctx->auth_context,
- &seq_number);
+ krb5_auth_con_getremoteseqnumber (context,
+ ctx->auth_context,
+ &seq_number);
_gsskrb5i_is_cfx(context, ctx, 1);
is_cfx = (ctx->more_flags & IS_CFX);
@@ -669,9 +669,9 @@ acceptor_wait_for_dcestyle(OM_uint32 * minor_status,
return GSS_S_FAILURE;
}
- kret = krb5_auth_getremoteseqnumber(context,
- ctx->auth_context,
- &r_seq_number);
+ kret = krb5_auth_con_getremoteseqnumber(context,
+ ctx->auth_context,
+ &r_seq_number);
if (kret) {
*minor_status = kret;
return GSS_S_FAILURE;
@@ -749,9 +749,9 @@ acceptor_wait_for_dcestyle(OM_uint32 * minor_status,
{
int32_t tmp_r_seq_number, tmp_l_seq_number;
- kret = krb5_auth_getremoteseqnumber(context,
- ctx->auth_context,
- &tmp_r_seq_number);
+ kret = krb5_auth_con_getremoteseqnumber(context,
+ ctx->auth_context,
+ &tmp_r_seq_number);
if (kret) {
*minor_status = kret;
return GSS_S_FAILURE;
diff --git a/source4/heimdal/lib/gssapi/krb5/acquire_cred.c b/source4/heimdal/lib/gssapi/krb5/acquire_cred.c
index 696171dcfa..7e448dcfb2 100644
--- a/source4/heimdal/lib/gssapi/krb5/acquire_cred.c
+++ b/source4/heimdal/lib/gssapi/krb5/acquire_cred.c
@@ -339,7 +339,7 @@ OM_uint32 _gsskrb5_acquire_cred
if (desired_name != GSS_C_NO_NAME) {
- ret = _gsskrb5_canon_name(minor_status, context, 0, NULL,
+ ret = _gsskrb5_canon_name(minor_status, context, 1, NULL,
desired_name, &handle->principal);
if (ret) {
HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex);
diff --git a/source4/heimdal/lib/gssapi/krb5/init_sec_context.c b/source4/heimdal/lib/gssapi/krb5/init_sec_context.c
index 7f84efe354..fd9934a9e4 100644
--- a/source4/heimdal/lib/gssapi/krb5/init_sec_context.c
+++ b/source4/heimdal/lib/gssapi/krb5/init_sec_context.c
@@ -255,7 +255,7 @@ gsskrb5_initiator_ready(
krb5_cc_close(context, ctx->ccache);
ctx->ccache = NULL;
- krb5_auth_getremoteseqnumber (context, ctx->auth_context, &seq_number);
+ krb5_auth_con_getremoteseqnumber (context, ctx->auth_context, &seq_number);
_gsskrb5i_is_cfx(context, ctx, 0);
is_cfx = (ctx->more_flags & IS_CFX);
@@ -782,7 +782,7 @@ repl_mutual
* for the gss_wrap calls.
*/
- krb5_auth_getremoteseqnumber(context, ctx->auth_context, &remote_seq);
+ krb5_auth_con_getremoteseqnumber(context, ctx->auth_context, &remote_seq);
krb5_auth_con_getlocalseqnumber(context, ctx->auth_context, &local_seq);
krb5_auth_con_setlocalseqnumber(context, ctx->auth_context, remote_seq);
diff --git a/source4/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c b/source4/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c
index ce01e666fa..e0b5553928 100644
--- a/source4/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c
+++ b/source4/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c
@@ -302,9 +302,9 @@ export_lucid_sec_context_v1(OM_uint32 *minor_status,
if (ret) goto out;
ret = krb5_store_uint32(sp, (uint32_t)number);
if (ret) goto out;
- krb5_auth_getremoteseqnumber (context,
- context_handle->auth_context,
- &number);
+ krb5_auth_con_getremoteseqnumber (context,
+ context_handle->auth_context,
+ &number);
ret = krb5_store_uint32(sp, (uint32_t)0); /* store top half as zero */
if (ret) goto out;
ret = krb5_store_uint32(sp, (uint32_t)number);
diff --git a/source4/heimdal/lib/gssapi/mech/gss_aeap.c b/source4/heimdal/lib/gssapi/mech/gss_aeap.c
index 9a1835a039..ee0113d6d3 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_aeap.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_aeap.c
@@ -202,7 +202,8 @@ gss_OID GSSAPI_LIB_VARIABLE GSS_C_ATTR_STREAM_SIZES =
OM_uint32 GSSAPI_LIB_FUNCTION
gss_context_query_attributes(OM_uint32 *minor_status,
- gss_OID attribute,
+ const gss_ctx_id_t context_handle,
+ const gss_OID attribute,
void *data,
size_t len)
{
diff --git a/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c b/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c
index d060badfe1..5fc41d9954 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c
@@ -176,9 +176,9 @@ add_builtin(gssapi_mech_interface mech)
if (mech == NULL)
return 0;
- m = malloc(sizeof(*m));
+ m = calloc(1, sizeof(*m));
if (m == NULL)
- return 1;
+ return ENOMEM;
m->gm_so = NULL;
m->gm_mech = *mech;
m->gm_mech_oid = mech->gm_mech_oid; /* XXX */
@@ -187,12 +187,12 @@ add_builtin(gssapi_mech_interface mech)
/* pick up the oid sets of names */
- if (m->gm_mech.gm_inquire_names_for_mech) {
+ if (m->gm_mech.gm_inquire_names_for_mech)
(*m->gm_mech.gm_inquire_names_for_mech)(&minor_status,
&m->gm_mech.gm_mech_oid, &m->gm_name_types);
- } else {
+
+ if (m->gm_name_types == NULL)
gss_create_empty_oid_set(&minor_status, &m->gm_name_types);
- }
SLIST_INSERT_HEAD(&_gss_mechs, m, gm_link);
return 0;
@@ -211,6 +211,8 @@ _gss_load_mech(void)
char *name, *oid, *lib, *kobj;
struct _gss_mech_switch *m;
void *so;
+ gss_OID_desc mech_oid;
+ int found;
HEIMDAL_MUTEX_lock(&_gss_mech_mutex);
@@ -253,6 +255,23 @@ _gss_load_mech(void)
if (!name || !oid || !lib || !kobj)
continue;
+ if (_gss_string_to_oid(oid, &mech_oid))
+ continue;
+
+ /*
+ * Check for duplicates, already loaded mechs.
+ */
+ found = 0;
+ SLIST_FOREACH(m, &_gss_mechs, gm_link) {
+ if (gss_oid_equal(&m->gm_mech.gm_mech_oid, &mech_oid)) {
+ found = 1;
+ free(mech_oid.elements);
+ break;
+ }
+ }
+ if (found)
+ continue;
+
#ifndef RTLD_LOCAL
#define RTLD_LOCAL 0
#endif
@@ -260,17 +279,17 @@ _gss_load_mech(void)
so = dlopen(lib, RTLD_LAZY | RTLD_LOCAL);
if (!so) {
/* fprintf(stderr, "dlopen: %s\n", dlerror()); */
+ free(mech_oid.elements);
continue;
}
m = malloc(sizeof(*m));
- if (!m)
+ if (!m) {
+ free(mech_oid.elements);
break;
- m->gm_so = so;
- if (_gss_string_to_oid(oid, &m->gm_mech.gm_mech_oid)) {
- free(m);
- continue;
}
+ m->gm_so = so;
+ m->gm_mech.gm_mech_oid = mech_oid;
m->gm_mech.gm_flags = 0;
major_status = gss_add_oid_set_member(&minor_status,
diff --git a/source4/heimdal/lib/gssapi/spnego/spnego_locl.h b/source4/heimdal/lib/gssapi/spnego/spnego_locl.h
index e8cad14881..dacaa3310e 100644
--- a/source4/heimdal/lib/gssapi/spnego/spnego_locl.h
+++ b/source4/heimdal/lib/gssapi/spnego/spnego_locl.h
@@ -44,6 +44,8 @@
#include <sys/param.h>
#endif
+#include <roken.h>
+
#ifdef HAVE_PTHREAD_H
#include <pthread.h>
#endif
@@ -69,8 +71,6 @@
#include "utils.h"
#include <der.h>
-#include <roken.h>
-
#define ALLOC(X, N) (X) = calloc((N), sizeof(*(X)))
typedef struct {
diff --git a/source4/heimdal/lib/hcrypto/aes.h b/source4/heimdal/lib/hcrypto/aes.h
index 23f8f5d0ab..273f1dd569 100644
--- a/source4/heimdal/lib/hcrypto/aes.h
+++ b/source4/heimdal/lib/hcrypto/aes.h
@@ -69,7 +69,7 @@ void AES_encrypt(const unsigned char *, unsigned char *, const AES_KEY *);
void AES_decrypt(const unsigned char *, unsigned char *, const AES_KEY *);
void AES_cbc_encrypt(const unsigned char *, unsigned char *,
- const unsigned long, const AES_KEY *,
+ unsigned long, const AES_KEY *,
unsigned char *, int);
#ifdef __cplusplus
diff --git a/source4/heimdal/lib/hcrypto/bn.c b/source4/heimdal/lib/hcrypto/bn.c
index 545d9529d3..17c1ec79b7 100644
--- a/source4/heimdal/lib/hcrypto/bn.c
+++ b/source4/heimdal/lib/hcrypto/bn.c
@@ -40,6 +40,7 @@
#include <limits.h>
#include <krb5-types.h>
+#include <roken.h>
#include <rfc2459_asn1.h> /* XXX */
#include <der.h>
diff --git a/source4/heimdal/lib/hcrypto/des.c b/source4/heimdal/lib/hcrypto/des.c
index c9067d7bcc..43ff8a3f50 100644
--- a/source4/heimdal/lib/hcrypto/des.c
+++ b/source4/heimdal/lib/hcrypto/des.c
@@ -92,6 +92,8 @@
#include <krb5-types.h>
#include <assert.h>
+#include <roken.h>
+
#include "des.h"
#include "ui.h"
@@ -180,14 +182,13 @@ static DES_cblock weak_keys[] = {
int
DES_is_weak_key(DES_cblock *key)
{
+ int weak = 0;
int i;
- /* Not constant time size if the key is weak, the app should not use it. */
- for (i = 0; i < sizeof(weak_keys)/sizeof(weak_keys[0]); i++) {
- if (memcmp(weak_keys[i], key, DES_CBLOCK_LEN) == 0)
- return 1;
- }
- return 0;
+ for (i = 0; i < sizeof(weak_keys)/sizeof(weak_keys[0]); i++)
+ weak ^= (ct_memcmp(weak_keys[i], key, DES_CBLOCK_LEN) == 0);
+
+ return !!weak;
}
/**
diff --git a/source4/heimdal/lib/hcrypto/evp-cc.c b/source4/heimdal/lib/hcrypto/evp-cc.c
index 15b3479f8e..f1da22537d 100644
--- a/source4/heimdal/lib/hcrypto/evp-cc.c
+++ b/source4/heimdal/lib/hcrypto/evp-cc.c
@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -43,7 +45,9 @@
#include <string.h>
#include <assert.h>
+#ifdef HAVE_COMMONCRYPTO_COMMONDIGEST_H
#include <CommonCrypto/CommonDigest.h>
+#endif
#include <CommonCrypto/CommonCryptor.h>
#include <evp.h>
@@ -420,6 +424,7 @@ EVP_cc_rc2_64_cbc(void)
const EVP_MD *
EVP_cc_md2(void)
{
+#ifdef HAVE_COMMONCRYPTO_COMMONDIGEST_H
static const struct hc_evp_md md2 = {
CC_MD2_DIGEST_LENGTH,
CC_MD2_BLOCK_BYTES,
@@ -430,6 +435,9 @@ EVP_cc_md2(void)
(hc_evp_md_cleanup)NULL
};
return &md2;
+#else
+ return NULL;
+#endif
}
/**
@@ -441,6 +449,7 @@ EVP_cc_md2(void)
const EVP_MD *
EVP_cc_md4(void)
{
+#ifdef HAVE_COMMONCRYPTO_COMMONDIGEST_H
static const struct hc_evp_md md4 = {
CC_MD4_DIGEST_LENGTH,
CC_MD4_BLOCK_BYTES,
@@ -451,6 +460,9 @@ EVP_cc_md4(void)
(hc_evp_md_cleanup)NULL
};
return &md4;
+#else
+ return NULL;
+#endif
}
/**
@@ -462,6 +474,7 @@ EVP_cc_md4(void)
const EVP_MD *
EVP_cc_md5(void)
{
+#ifdef HAVE_COMMONCRYPTO_COMMONDIGEST_H
static const struct hc_evp_md md5 = {
CC_MD5_DIGEST_LENGTH,
CC_MD5_BLOCK_BYTES,
@@ -472,6 +485,9 @@ EVP_cc_md5(void)
(hc_evp_md_cleanup)NULL
};
return &md5;
+#else
+ return NULL;
+#endif
}
/**
@@ -483,6 +499,7 @@ EVP_cc_md5(void)
const EVP_MD *
EVP_cc_sha1(void)
{
+#ifdef HAVE_COMMONCRYPTO_COMMONDIGEST_H
static const struct hc_evp_md sha1 = {
CC_SHA1_DIGEST_LENGTH,
CC_SHA1_BLOCK_BYTES,
@@ -493,6 +510,9 @@ EVP_cc_sha1(void)
(hc_evp_md_cleanup)NULL
};
return &sha1;
+#else
+ return NULL;
+#endif
}
/**
@@ -504,6 +524,7 @@ EVP_cc_sha1(void)
const EVP_MD *
EVP_cc_sha256(void)
{
+#ifdef HAVE_COMMONCRYPTO_COMMONDIGEST_H
static const struct hc_evp_md sha256 = {
CC_SHA256_DIGEST_LENGTH,
CC_SHA256_BLOCK_BYTES,
@@ -514,6 +535,9 @@ EVP_cc_sha256(void)
(hc_evp_md_cleanup)NULL
};
return &sha256;
+#else
+ return NULL;
+#endif
}
/**
diff --git a/source4/heimdal/lib/hcrypto/evp-cc.h b/source4/heimdal/lib/hcrypto/evp-cc.h
index d2df771bc0..0febd21e98 100644
--- a/source4/heimdal/lib/hcrypto/evp-cc.h
+++ b/source4/heimdal/lib/hcrypto/evp-cc.h
@@ -41,7 +41,7 @@
#define EVP_cc_md4 hc_EVP_cc_md4
#define EVP_cc_md5 hc_EVP_cc_md5
#define EVP_cc_sha1 hc_EVP_cc_sha1
-#define EVP_cc_sha256 hc_EVP__cc_sha256
+#define EVP_cc_sha256 hc_EVP_cc_sha256
#define EVP_cc_des_cbc hc_EVP_cc_des_cbc
#define EVP_cc_des_ede3_cbc hc_EVP_cc_des_ede3_cbc
#define EVP_cc_aes_128_cbc hc_EVP_cc_aes_128_cbc
diff --git a/source4/heimdal/lib/hcrypto/evp.c b/source4/heimdal/lib/hcrypto/evp.c
index 006db35939..72787e185f 100644
--- a/source4/heimdal/lib/hcrypto/evp.c
+++ b/source4/heimdal/lib/hcrypto/evp.c
@@ -49,6 +49,7 @@
#include <evp-cc.h>
#include <krb5-types.h>
+#include <roken.h>
#ifndef HCRYPTO_DEF_PROVIDER
#define HCRYPTO_DEF_PROVIDER hcrypto
diff --git a/source4/heimdal/lib/hcrypto/evp.h b/source4/heimdal/lib/hcrypto/evp.h
index 600f69b7a5..ae92ab4899 100644
--- a/source4/heimdal/lib/hcrypto/evp.h
+++ b/source4/heimdal/lib/hcrypto/evp.h
@@ -214,24 +214,24 @@ HC_CPP_BEGIN
*/
const EVP_MD *EVP_md_null(void);
-const EVP_MD *EVP_md2(void) HC_DEPRECATED_CRYPTO;
-const EVP_MD *EVP_md4(void) HC_DEPRECATED_CRYPTO;
-const EVP_MD *EVP_md5(void) HC_DEPRECATED_CRYPTO;
-const EVP_MD *EVP_sha(void) HC_DEPRECATED;
+HC_DEPRECATED_CRYPTO const EVP_MD *EVP_md2(void);
+HC_DEPRECATED_CRYPTO const EVP_MD *EVP_md4(void);
+HC_DEPRECATED_CRYPTO const EVP_MD *EVP_md5(void);
+const EVP_MD *EVP_sha(void);
const EVP_MD *EVP_sha1(void);
const EVP_MD *EVP_sha256(void);
const EVP_CIPHER * EVP_aes_128_cbc(void);
const EVP_CIPHER * EVP_aes_192_cbc(void);
const EVP_CIPHER * EVP_aes_256_cbc(void);
-const EVP_CIPHER * EVP_des_cbc(void) HC_DEPRECATED_CRYPTO;
+HC_DEPRECATED_CRYPTO const EVP_CIPHER * EVP_des_cbc(void);
const EVP_CIPHER * EVP_des_ede3_cbc(void);
const EVP_CIPHER * EVP_enc_null(void);
-const EVP_CIPHER * EVP_rc2_40_cbc(void) HC_DEPRECATED_CRYPTO;
-const EVP_CIPHER * EVP_rc2_64_cbc(void) HC_DEPRECATED_CRYPTO;
-const EVP_CIPHER * EVP_rc2_cbc(void) HC_DEPRECATED_CRYPTO;
+HC_DEPRECATED_CRYPTO const EVP_CIPHER * EVP_rc2_40_cbc(void);
+HC_DEPRECATED_CRYPTO const EVP_CIPHER * EVP_rc2_64_cbc(void);
+HC_DEPRECATED_CRYPTO const EVP_CIPHER * EVP_rc2_cbc(void);
const EVP_CIPHER * EVP_rc4(void);
-const EVP_CIPHER * EVP_rc4_40(void) HC_DEPRECATED_CRYPTO;
+HC_DEPRECATED_CRYPTO const EVP_CIPHER * EVP_rc4_40(void);
const EVP_CIPHER * EVP_camellia_128_cbc(void);
const EVP_CIPHER * EVP_camellia_192_cbc(void);
const EVP_CIPHER * EVP_camellia_256_cbc(void);
diff --git a/source4/heimdal/lib/hcrypto/hash.h b/source4/heimdal/lib/hcrypto/hash.h
index b8d5d45606..78a795f2a7 100644
--- a/source4/heimdal/lib/hcrypto/hash.h
+++ b/source4/heimdal/lib/hcrypto/hash.h
@@ -43,6 +43,7 @@
#ifdef KRB5
#include <krb5-types.h>
#endif
+#include <roken.h>
#ifndef min
#define min(a,b) (((a)>(b))?(b):(a))
diff --git a/source4/heimdal/lib/hcrypto/rand-fortuna.c b/source4/heimdal/lib/hcrypto/rand-fortuna.c
index c39c713901..c81eb9e2d7 100644
--- a/source4/heimdal/lib/hcrypto/rand-fortuna.c
+++ b/source4/heimdal/lib/hcrypto/rand-fortuna.c
@@ -35,6 +35,9 @@
#include <stdlib.h>
#include <rand.h>
+#ifdef KRB5
+#include <krb5-types.h>
+#endif
#include <roken.h>
#include "randi.h"
@@ -451,6 +454,7 @@ fortuna_reseed(void)
if (!init_done)
abort();
+#ifndef NO_RAND_UNIX_METHOD
{
unsigned char buf[INIT_BYTES];
if ((*hc_rand_unix_method.bytes)(buf, sizeof(buf)) == 1) {
@@ -459,6 +463,7 @@ fortuna_reseed(void)
memset(buf, 0, sizeof(buf));
}
}
+#endif
#ifdef HAVE_ARC4RANDOM
{
uint32_t buf[INIT_BYTES / sizeof(uint32_t)];
@@ -470,6 +475,7 @@ fortuna_reseed(void)
entropy_p = 1;
}
#endif
+#ifndef NO_RAND_EGD_METHOD
/*
* Only to get egd entropy if /dev/random or arc4rand failed since
* it can be horribly slow to generate new bits.
@@ -482,6 +488,7 @@ fortuna_reseed(void)
memset(buf, 0, sizeof(buf));
}
}
+#endif
/*
* Fall back to gattering data from timer and secret files, this
* is really the last resort.
@@ -521,10 +528,12 @@ fortuna_reseed(void)
gettimeofday(&tv, NULL);
add_entropy(&main_state, (void *)&tv, sizeof(tv));
}
+#ifdef HAVE_GETUID
{
uid_t u = getuid();
add_entropy(&main_state, (void *)&u, sizeof(u));
}
+#endif
return entropy_p;
}
diff --git a/source4/heimdal/lib/hcrypto/rand-unix.c b/source4/heimdal/lib/hcrypto/rand-unix.c
index fcad39f1de..4c1f33da59 100644
--- a/source4/heimdal/lib/hcrypto/rand-unix.c
+++ b/source4/heimdal/lib/hcrypto/rand-unix.c
@@ -42,9 +42,6 @@
#include "randi.h"
-static int random_fd = -1;
-static HEIMDAL_MUTEX random_mutex = HEIMDAL_MUTEX_INITIALIZER;
-
/*
* Unix /dev/random
*/
@@ -93,44 +90,29 @@ static int
unix_bytes(unsigned char *outdata, int size)
{
ssize_t count;
- int once = 0;
+ int fd;
if (size < 0)
return 0;
else if (size == 0)
return 1;
- HEIMDAL_MUTEX_lock(&random_mutex);
- if (random_fd == -1) {
- retry:
- random_fd = get_device_fd(O_RDONLY);
- if (random_fd < 0) {
- HEIMDAL_MUTEX_unlock(&random_mutex);
- return 0;
- }
- }
+ fd = get_device_fd(O_RDONLY);
+ if (fd < 0)
+ return 0;
while (size > 0) {
- HEIMDAL_MUTEX_unlock(&random_mutex);
- count = read (random_fd, outdata, size);
- HEIMDAL_MUTEX_lock(&random_mutex);
- if (random_fd < 0) {
- if (errno == EINTR)
- continue;
- else if (errno == EBADF && once++ == 0) {
- close(random_fd);
- random_fd = -1;
- goto retry;
- }
- return 0;
- } else if (count <= 0) {
- HEIMDAL_MUTEX_unlock(&random_mutex);
+ count = read(fd, outdata, size);
+ if (count < 0 && errno == EINTR)
+ continue;
+ else if (count <= 0) {
+ close(fd);
return 0;
}
outdata += count;
size -= count;
}
- HEIMDAL_MUTEX_unlock(&random_mutex);
+ close(fd);
return 1;
}
diff --git a/source4/heimdal/lib/hcrypto/rand.c b/source4/heimdal/lib/hcrypto/rand.c
index 3cd65989c6..9f0438a34e 100644
--- a/source4/heimdal/lib/hcrypto/rand.c
+++ b/source4/heimdal/lib/hcrypto/rand.c
@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -58,7 +60,9 @@ init_method(void)
{
if (selected_meth != NULL)
return;
-#ifdef __APPLE__
+#if defined(_WIN32)
+ selected_meth = &hc_rand_w32crypto_method;
+#elif defined(__APPLE__)
selected_meth = &hc_rand_unix_method;
#else
selected_meth = &hc_rand_fortuna_method;
@@ -95,6 +99,8 @@ RAND_seed(const void *indata, size_t size)
int
RAND_bytes(void *outdata, size_t size)
{
+ if (size == 0)
+ return 1;
init_method();
return (*selected_meth->bytes)(outdata, size);
}
diff --git a/source4/heimdal/lib/hcrypto/rand.h b/source4/heimdal/lib/hcrypto/rand.h
index 65800d6b99..f4e2485166 100644
--- a/source4/heimdal/lib/hcrypto/rand.h
+++ b/source4/heimdal/lib/hcrypto/rand.h
@@ -62,6 +62,7 @@ typedef struct RAND_METHOD RAND_METHOD;
#define RAND_fortuna_method hc_RAND_fortuna_method
#define RAND_egd_method hc_RAND_egd_method
#define RAND_unix_method hc_RAND_unix_method
+#define RAND_w32crypto_method hc_RAND_w32crypto_method
/*
*
diff --git a/source4/heimdal/lib/hcrypto/randi.h b/source4/heimdal/lib/hcrypto/randi.h
index f8f6c39b3e..c6c617af22 100644
--- a/source4/heimdal/lib/hcrypto/randi.h
+++ b/source4/heimdal/lib/hcrypto/randi.h
@@ -42,6 +42,7 @@ extern const RAND_METHOD hc_rand_fortuna_method;
extern const RAND_METHOD hc_rand_unix_method;
extern const RAND_METHOD hc_rand_egd_method;
extern const RAND_METHOD hc_rand_timer_method;
+extern const RAND_METHOD hc_rand_w32crypto_method;
const RAND_METHOD * RAND_timer_method(void);
diff --git a/source4/heimdal/lib/hcrypto/rijndael-alg-fst.c b/source4/heimdal/lib/hcrypto/rijndael-alg-fst.c
index 3dd2555812..9a7f0fd3d6 100644
--- a/source4/heimdal/lib/hcrypto/rijndael-alg-fst.c
+++ b/source4/heimdal/lib/hcrypto/rijndael-alg-fst.c
@@ -31,11 +31,12 @@
#include "config.h"
+#include <stdlib.h>
#ifdef KRB5
#include <krb5-types.h>
#endif
-#include <rijndael-alg-fst.h>
+#include "rijndael-alg-fst.h"
/* the file should not be used from outside */
typedef uint8_t u8;
diff --git a/source4/heimdal/lib/hcrypto/rnd_keys.c b/source4/heimdal/lib/hcrypto/rnd_keys.c
index 9baf00212c..49c7634c38 100644
--- a/source4/heimdal/lib/hcrypto/rnd_keys.c
+++ b/source4/heimdal/lib/hcrypto/rnd_keys.c
@@ -39,11 +39,11 @@
#ifdef KRB5
#include <krb5-types.h>
#endif
+#include <stdlib.h>
+
#include <des.h>
#include <rand.h>
-#include <stdlib.h>
-
#undef __attribute__
#define __attribute__(X)
diff --git a/source4/heimdal/lib/hcrypto/ui.c b/source4/heimdal/lib/hcrypto/ui.c
index ca8c8442b5..f6f8a1ffe2 100644
--- a/source4/heimdal/lib/hcrypto/ui.c
+++ b/source4/heimdal/lib/hcrypto/ui.c
@@ -37,10 +37,15 @@
#include <stdlib.h>
#include <string.h>
#include <signal.h>
+#ifdef HAVE_TERMIOS_H
#include <termios.h>
+#endif
#include <roken.h>
#include <ui.h>
+#ifdef HAVE_CONIO_H
+#include <conio.h>
+#endif
static sig_atomic_t intr_flag;
@@ -50,6 +55,53 @@ intr(int sig)
intr_flag++;
}
+#ifdef HAVE_CONIO_H
+
+/*
+ * Windows does console slightly different then then unix case.
+ */
+
+static int
+read_string(const char *preprompt, const char *prompt,
+ char *buf, size_t len, int echo)
+{
+ int of = 0;
+ int c;
+ char *p;
+ void (*oldsigintr)(int);
+
+ _cprintf("%s%s", preprompt, prompt);
+
+ oldsigintr = signal(SIGINT, intr);
+
+ p = buf;
+ while(intr_flag == 0){
+ c = ((echo)? _getche(): _getch());
+ if(c == '\n')
+ break;
+ if(of == 0)
+ *p++ = c;
+ of = (p == buf + len);
+ }
+ if(of)
+ p--;
+ *p = 0;
+
+ if(echo == 0){
+ printf("\n");
+ }
+
+ signal(SIGINT, oldsigintr);
+
+ if(intr_flag)
+ return -2;
+ if(of)
+ return -1;
+ return 0;
+}
+
+#else /* !HAVE_CONIO_H */
+
#ifndef NSIG
#define NSIG 47
#endif
@@ -135,6 +187,8 @@ read_string(const char *preprompt, const char *prompt,
return 0;
}
+#endif /* HAVE_CONIO_H */
+
int
UI_UTIL_read_pw_string(char *buf, int length, const char *prompt, int verify)
{
diff --git a/source4/heimdal/lib/hdb/ext.c b/source4/heimdal/lib/hdb/ext.c
index a8a882c6b2..faf0b6bdf2 100644
--- a/source4/heimdal/lib/hdb/ext.c
+++ b/source4/heimdal/lib/hdb/ext.c
@@ -281,6 +281,7 @@ hdb_entry_get_password(krb5_context context, HDB *db,
const hdb_entry *entry, char **p)
{
HDB_extension *ext;
+ char *str;
int ret;
ext = hdb_find_extension(entry, choice_HDB_extension_data_password);
@@ -329,17 +330,14 @@ hdb_entry_get_password(krb5_context context, HDB *db,
return 0;
}
- {
- char *name;
- ret = krb5_unparse_name(context, entry->principal, &name);
- if (ret == 0) {
- krb5_set_error_message(context, ENOENT, "no password attributefor %s", name);
- free(name);
- } else
- krb5_clear_error_message(context);
-
- return ENOENT;
- }
+ ret = krb5_unparse_name(context, entry->principal, &str);
+ if (ret == 0) {
+ krb5_set_error_message(context, ENOENT, "no password attributefor %s", str);
+ free(str);
+ } else
+ krb5_clear_error_message(context);
+
+ return ENOENT;
}
int
diff --git a/source4/heimdal/lib/hdb/hdb.c b/source4/heimdal/lib/hdb/hdb.c
index fa70c7778d..97de918933 100644
--- a/source4/heimdal/lib/hdb/hdb.c
+++ b/source4/heimdal/lib/hdb/hdb.c
@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -65,9 +67,13 @@ static struct hdb_method methods[] = {
#if HAVE_DB1 || HAVE_DB3
{ HDB_INTERFACE_VERSION, "db:", hdb_db_create},
#endif
+#if HAVE_DB1
+ { HDB_INTERFACE_VERSION, "mit-db:", hdb_mdb_create},
+#endif
#if HAVE_NDBM
{ HDB_INTERFACE_VERSION, "ndbm:", hdb_ndbm_create},
#endif
+ { HDB_INTERFACE_VERSION, "keytab:", hdb_keytab_create},
#if defined(OPENLDAP) && !defined(OPENLDAP_MODULE)
{ HDB_INTERFACE_VERSION, "ldap:", hdb_ldap_create},
{ HDB_INTERFACE_VERSION, "ldapi:", hdb_ldapi_create},
@@ -411,6 +417,27 @@ hdb_list_builtin(krb5_context context, char **list)
return 0;
}
+krb5_error_code
+_hdb_keytab2hdb_entry(krb5_context context,
+ const krb5_keytab_entry *ktentry,
+ hdb_entry_ex *entry)
+{
+ entry->entry.kvno = ktentry->vno;
+ entry->entry.created_by.time = ktentry->timestamp;
+
+ entry->entry.keys.val = calloc(1, sizeof(entry->entry.keys.val[0]));
+ if (entry->entry.keys.val == NULL)
+ return ENOMEM;
+ entry->entry.keys.len = 1;
+
+ entry->entry.keys.val[0].mkvno = NULL;
+ entry->entry.keys.val[0].salt = NULL;
+
+ return krb5_copy_keyblock_contents(context,
+ &ktentry->keyblock,
+ &entry->entry.keys.val[0].key);
+}
+
/**
* Create a handle for a Kerberos database
*
diff --git a/source4/heimdal/lib/hdb/hdb.h b/source4/heimdal/lib/hdb/hdb.h
index f34c9fb36e..91b6753722 100644
--- a/source4/heimdal/lib/hdb/hdb.h
+++ b/source4/heimdal/lib/hdb/hdb.h
@@ -194,6 +194,13 @@ typedef struct HDB{
*/
krb5_error_code (*hdb_destroy)(krb5_context, struct HDB*);
/**
+ * Get the list of realms this backend handles.
+ * This call is optional to support. The returned realms are used
+ * for announcing the realms over bonjour. Free returned array
+ * with krb5_free_host_realm().
+ */
+ krb5_error_code (*hdb_get_realms)(krb5_context, struct HDB *, krb5_realm **);
+ /**
* Change password.
*
* Will update keys for the entry when given password. The new
diff --git a/source4/heimdal/lib/hdb/mkey.c b/source4/heimdal/lib/hdb/mkey.c
index 35323cf100..360bb33a3a 100644
--- a/source4/heimdal/lib/hdb/mkey.c
+++ b/source4/heimdal/lib/hdb/mkey.c
@@ -185,7 +185,7 @@ read_master_mit(krb5_context context, const char *filename,
if(ret)
goto out;
}
- ret = hdb_process_master_key(context, 0, &key, 0, mkey);
+ ret = hdb_process_master_key(context, 1, &key, 0, mkey);
krb5_free_keyblock_contents(context, &key);
out:
krb5_storage_free(sp);
diff --git a/source4/heimdal/lib/hx509/cert.c b/source4/heimdal/lib/hx509/cert.c
index ebf02a99e3..4783edd681 100644
--- a/source4/heimdal/lib/hx509/cert.c
+++ b/source4/heimdal/lib/hx509/cert.c
@@ -1023,9 +1023,12 @@ certificate_is_self_signed(hx509_context context,
ret = _hx509_name_cmp(&cert->tbsCertificate.subject,
&cert->tbsCertificate.issuer, &diff);
*self_signed = (diff == 0);
- if (ret)
+ if (ret) {
hx509_set_error_string(context, 0, ret,
"Failed to check if self signed");
+ } else
+ ret = _hx509_self_signed_valid(context, &cert->signatureAlgorithm);
+
return ret;
}
@@ -3251,7 +3254,7 @@ _hx509_cert_get_eku(hx509_context context,
* @param context A hx509 context.
* @param c the certificate to encode.
* @param os the encode certificate, set to NULL, 0 on case of
- * error. Free the returned structure with hx509_xfree().
+ * error. Free the os->data with hx509_xfree().
*
* @return An hx509 error code, see hx509_get_error_string().
*
diff --git a/source4/heimdal/lib/hx509/cms.c b/source4/heimdal/lib/hx509/cms.c
index 4766c34655..5506cee463 100644
--- a/source4/heimdal/lib/hx509/cms.c
+++ b/source4/heimdal/lib/hx509/cms.c
@@ -1491,7 +1491,7 @@ hx509_cms_create_signed(hx509_context context,
* signatures).
*/
if ((flags & HX509_CMS_SIGNATURE_NO_SIGNER) == 0) {
- ret = hx509_certs_iter(context, certs, sig_process, &sigctx);
+ ret = hx509_certs_iter_f(context, certs, sig_process, &sigctx);
if (ret)
goto out;
}
@@ -1525,7 +1525,7 @@ hx509_cms_create_signed(hx509_context context,
goto out;
}
- ret = hx509_certs_iter(context, sigctx.certs, cert_process, &sigctx);
+ ret = hx509_certs_iter_f(context, sigctx.certs, cert_process, &sigctx);
if (ret)
goto out;
}
diff --git a/source4/heimdal/lib/hx509/crypto.c b/source4/heimdal/lib/hx509/crypto.c
index 050a0902b3..bee64c145f 100644
--- a/source4/heimdal/lib/hx509/crypto.c
+++ b/source4/heimdal/lib/hx509/crypto.c
@@ -87,8 +87,9 @@ struct signature_alg {
const heim_oid *key_oid;
const AlgorithmIdentifier *digest_alg;
int flags;
-#define PROVIDE_CONF 1
-#define REQUIRE_SIGNER 2
+#define PROVIDE_CONF 0x1
+#define REQUIRE_SIGNER 0x2
+#define SELF_SIGNED_OK 0x4
#define SIG_DIGEST 0x100
#define SIG_PUBLIC_SIG 0x200
@@ -1200,7 +1201,7 @@ static const struct signature_alg ecdsa_with_sha256_alg = {
&_hx509_signature_ecdsa_with_sha256_data,
&asn1_oid_id_ecPublicKey,
&_hx509_signature_sha256_data,
- PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG,
+ PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK,
0,
NULL,
ecdsa_verify_signature,
@@ -1214,7 +1215,7 @@ static const struct signature_alg ecdsa_with_sha1_alg = {
&_hx509_signature_ecdsa_with_sha1_data,
&asn1_oid_id_ecPublicKey,
&_hx509_signature_sha1_data,
- PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG,
+ PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK,
0,
NULL,
ecdsa_verify_signature,
@@ -1243,7 +1244,7 @@ static const struct signature_alg pkcs1_rsa_sha1_alg = {
&_hx509_signature_rsa_with_sha1_data,
&asn1_oid_id_pkcs1_rsaEncryption,
NULL,
- PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG,
+ PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK,
0,
NULL,
rsa_verify_signature,
@@ -1256,7 +1257,7 @@ static const struct signature_alg rsa_with_sha256_alg = {
&_hx509_signature_rsa_with_sha256_data,
&asn1_oid_id_pkcs1_rsaEncryption,
&_hx509_signature_sha256_data,
- PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG,
+ PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK,
0,
NULL,
rsa_verify_signature,
@@ -1269,7 +1270,7 @@ static const struct signature_alg rsa_with_sha1_alg = {
&_hx509_signature_rsa_with_sha1_data,
&asn1_oid_id_pkcs1_rsaEncryption,
&_hx509_signature_sha1_data,
- PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG,
+ PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK,
0,
NULL,
rsa_verify_signature,
@@ -1482,6 +1483,27 @@ _hx509_signature_best_before(hx509_context context,
}
int
+_hx509_self_signed_valid(hx509_context context,
+ const AlgorithmIdentifier *alg)
+{
+ const struct signature_alg *md;
+
+ md = find_sig_alg(&alg->algorithm);
+ if (md == NULL) {
+ hx509_clear_error_string(context);
+ return HX509_SIG_ALG_NO_SUPPORTED;
+ }
+ if ((md->flags & SELF_SIGNED_OK) == 0) {
+ hx509_set_error_string(context, 0, HX509_CRYPTO_ALGORITHM_BEST_BEFORE,
+ "Algorithm %s not trusted for self signatures",
+ md->name);
+ return HX509_CRYPTO_ALGORITHM_BEST_BEFORE;
+ }
+ return 0;
+}
+
+
+int
_hx509_verify_signature(hx509_context context,
const hx509_cert cert,
const AlgorithmIdentifier *alg,
diff --git a/source4/heimdal/lib/hx509/hx_locl.h b/source4/heimdal/lib/hx509/hx_locl.h
index 2d1c036d53..3e3ab23c6d 100644
--- a/source4/heimdal/lib/hx509/hx_locl.h
+++ b/source4/heimdal/lib/hx509/hx_locl.h
@@ -39,16 +39,19 @@
#include <stdlib.h>
#include <ctype.h>
#include <errno.h>
+#ifdef HAVE_STRINGS_H
#include <strings.h>
+#endif
#include <assert.h>
#include <stdarg.h>
#include <err.h>
#include <limits.h>
+#include <roken.h>
+
#include <getarg.h>
#include <base64.h>
#include <hex.h>
-#include <roken.h>
#include <com_err.h>
#include <parse_units.h>
#include <parse_bytes.h>
diff --git a/source4/heimdal/lib/hx509/keyset.c b/source4/heimdal/lib/hx509/keyset.c
index 4a96cff530..465ca1b4d3 100644
--- a/source4/heimdal/lib/hx509/keyset.c
+++ b/source4/heimdal/lib/hx509/keyset.c
@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -323,7 +325,7 @@ hx509_certs_end_seq(hx509_context context,
* @param certs certificate store to iterate over.
* @param func function to call for each certificate. The function
* should return non-zero to abort the iteration, that value is passed
- * back to te caller of hx509_certs_iter().
+ * back to the caller of hx509_certs_iter_f().
* @param ctx context variable that will passed to the function.
*
* @return Returns an hx509 error code.
@@ -332,10 +334,10 @@ hx509_certs_end_seq(hx509_context context,
*/
int
-hx509_certs_iter(hx509_context context,
- hx509_certs certs,
- int (*func)(hx509_context, void *, hx509_cert),
- void *ctx)
+hx509_certs_iter_f(hx509_context context,
+ hx509_certs certs,
+ int (*func)(hx509_context, void *, hx509_cert),
+ void *ctx)
{
hx509_cursor cursor;
hx509_cert c;
@@ -364,13 +366,46 @@ hx509_certs_iter(hx509_context context,
return ret;
}
+/**
+ * Iterate over all certificates in a keystore and call an function
+ * for each fo them.
+ *
+ * @param context a hx509 context.
+ * @param certs certificate store to iterate over.
+ * @param func function to call for each certificate. The function
+ * should return non-zero to abort the iteration, that value is passed
+ * back to the caller of hx509_certs_iter().
+ *
+ * @return Returns an hx509 error code.
+ *
+ * @ingroup hx509_keyset
+ */
+
+#ifdef __BLOCKS__
+
+static int
+certs_iter(hx509_context context, void *ctx, hx509_cert cert)
+{
+ int (^func)(hx509_cert) = ctx;
+ return func(cert);
+}
+
+int
+hx509_certs_iter(hx509_context context,
+ hx509_certs certs,
+ int (^func)(hx509_cert))
+{
+ return hx509_certs_iter_f(context, certs, certs_iter, func);
+}
+#endif
+
/**
- * Function to use to hx509_certs_iter() as a function argument, the
- * ctx variable to hx509_certs_iter() should be a FILE file descriptor.
+ * Function to use to hx509_certs_iter_f() as a function argument, the
+ * ctx variable to hx509_certs_iter_f() should be a FILE file descriptor.
*
* @param context a hx509 context.
- * @param ctx used by hx509_certs_iter().
+ * @param ctx used by hx509_certs_iter_f().
* @param c a certificate
*
* @return Returns an hx509 error code.
@@ -587,7 +622,7 @@ hx509_certs_merge(hx509_context context, hx509_certs to, hx509_certs from)
{
if (from == NULL)
return 0;
- return hx509_certs_iter(context, from, certs_merge_func, to);
+ return hx509_certs_iter_f(context, from, certs_merge_func, to);
}
/**
diff --git a/source4/heimdal/lib/hx509/ks_dir.c b/source4/heimdal/lib/hx509/ks_dir.c
index 9ce9b5c8e6..8c8c6e50c8 100644
--- a/source4/heimdal/lib/hx509/ks_dir.c
+++ b/source4/heimdal/lib/hx509/ks_dir.c
@@ -113,7 +113,7 @@ dir_iter_start(hx509_context context,
free(d);
return errno;
}
- rk_cloexec(dirfd(d->dir));
+ rk_cloexec_dir(d->dir);
d->certs = NULL;
d->iter = NULL;
diff --git a/source4/heimdal/lib/hx509/ks_file.c b/source4/heimdal/lib/hx509/ks_file.c
index f137b84641..645dc405a2 100644
--- a/source4/heimdal/lib/hx509/ks_file.c
+++ b/source4/heimdal/lib/hx509/ks_file.c
@@ -571,7 +571,7 @@ file_store(hx509_context context,
rk_cloexec_file(sc.f);
sc.format = ksf->format;
- ret = hx509_certs_iter(context, ksf->certs, store_func, &sc);
+ ret = hx509_certs_iter_f(context, ksf->certs, store_func, &sc);
fclose(sc.f);
return ret;
}
diff --git a/source4/heimdal/lib/hx509/ks_keychain.c b/source4/heimdal/lib/hx509/ks_keychain.c
index 01d0c55d1c..9c6521790a 100644
--- a/source4/heimdal/lib/hx509/ks_keychain.c
+++ b/source4/heimdal/lib/hx509/ks_keychain.c
@@ -43,6 +43,7 @@ OSStatus SecKeyGetCSPHandle(SecKeyRef, CSSM_CSP_HANDLE *);
OSStatus SecKeyGetCredentials(SecKeyRef, CSSM_ACL_AUTHORIZATION_TAG,
int, const CSSM_ACCESS_CREDENTIALS **);
#define kSecCredentialTypeDefault 0
+#define CSSM_SIZE uint32_t
#endif
diff --git a/source4/heimdal/lib/hx509/ks_p12.c b/source4/heimdal/lib/hx509/ks_p12.c
index c17ce3f6ac..d94ab197cd 100644
--- a/source4/heimdal/lib/hx509/ks_p12.c
+++ b/source4/heimdal/lib/hx509/ks_p12.c
@@ -571,7 +571,7 @@ p12_store(hx509_context context,
memset(&as, 0, sizeof(as));
memset(&pfx, 0, sizeof(pfx));
- ret = hx509_certs_iter(context, p12->certs, store_func, &as);
+ ret = hx509_certs_iter_f(context, p12->certs, store_func, &as);
if (ret)
goto out;
diff --git a/source4/heimdal/lib/hx509/peer.c b/source4/heimdal/lib/hx509/peer.c
index c796e19173..457f6c4d04 100644
--- a/source4/heimdal/lib/hx509/peer.c
+++ b/source4/heimdal/lib/hx509/peer.c
@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -144,6 +146,7 @@ hx509_peer_info_add_cms_alg(hx509_context context,
hx509_set_error_string(context, 0, ENOMEM, "out of memory");
return ENOMEM;
}
+ peer->val = ptr;
ret = copy_AlgorithmIdentifier(val, &peer->val[peer->len]);
if (ret == 0)
peer->len += 1;
diff --git a/source4/heimdal/lib/hx509/revoke.c b/source4/heimdal/lib/hx509/revoke.c
index 21140b3c7e..6d2cac4afb 100644
--- a/source4/heimdal/lib/hx509/revoke.c
+++ b/source4/heimdal/lib/hx509/revoke.c
@@ -989,7 +989,7 @@ hx509_ocsp_request(hx509_context context,
ctx.digest = digest;
ctx.parent = NULL;
- ret = hx509_certs_iter(context, reqcerts, add_to_req, &ctx);
+ ret = hx509_certs_iter_f(context, reqcerts, add_to_req, &ctx);
hx509_cert_free(ctx.parent);
if (ret)
goto out;
@@ -1004,17 +1004,17 @@ hx509_ocsp_request(hx509_context context,
es = req.tbsRequest.requestExtensions;
- es->val = calloc(1, sizeof(es->val[0]));
+ es->val = calloc(es->len, sizeof(es->val[0]));
if (es->val == NULL) {
ret = ENOMEM;
goto out;
}
+ es->len = 1;
ret = der_copy_oid(&asn1_oid_id_pkix_ocsp_nonce, &es->val[0].extnID);
if (ret) {
free_OCSPRequest(&req);
return ret;
}
- es->len = 1;
es->val[0].extnValue.data = malloc(10);
if (es->val[0].extnValue.data == NULL) {
@@ -1153,7 +1153,7 @@ hx509_revoke_ocsp_print(hx509_context context, const char *path, FILE *out)
fprintf(out, "appended certs:\n");
if (ocsp.certs)
- ret = hx509_certs_iter(context, ocsp.certs, hx509_ci_print_names, out);
+ ret = hx509_certs_iter_f(context, ocsp.certs, hx509_ci_print_names, out);
free_ocsp(&ocsp);
return ret;
@@ -1486,7 +1486,7 @@ hx509_crl_sign(hx509_context context,
}
c.tbsCertList.crlExtensions = NULL;
- ret = hx509_certs_iter(context, crl->revoked, add_revoked, &c.tbsCertList);
+ ret = hx509_certs_iter_f(context, crl->revoked, add_revoked, &c.tbsCertList);
if (ret)
goto out;
diff --git a/source4/heimdal/lib/krb5/acache.c b/source4/heimdal/lib/krb5/acache.c
index 0ecda99348..19a5997453 100644
--- a/source4/heimdal/lib/krb5/acache.c
+++ b/source4/heimdal/lib/krb5/acache.c
@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -37,8 +39,13 @@
#include <dlfcn.h>
#endif
+#ifndef KCM_IS_API_CACHE
+
static HEIMDAL_MUTEX acc_mutex = HEIMDAL_MUTEX_INITIALIZER;
static cc_initialize_func init_func;
+static void (*set_target_uid)(uid_t);
+static void (*clear_target)(void);
+
#ifdef HAVE_DLOPEN
static void *cc_handle;
#endif
@@ -82,18 +89,20 @@ translate_cc_error(krb5_context context, cc_int32 error)
static krb5_error_code
init_ccapi(krb5_context context)
{
- const char *lib;
+ const char *lib = NULL;
HEIMDAL_MUTEX_lock(&acc_mutex);
if (init_func) {
HEIMDAL_MUTEX_unlock(&acc_mutex);
- krb5_clear_error_message(context);
+ if (context)
+ krb5_clear_error_message(context);
return 0;
}
- lib = krb5_config_get_string(context, NULL,
- "libdefaults", "ccapi_library",
- NULL);
+ if (context)
+ lib = krb5_config_get_string(context, NULL,
+ "libdefaults", "ccapi_library",
+ NULL);
if (lib == NULL) {
#ifdef __APPLE__
lib = "/System/Library/Frameworks/Kerberos.framework/Kerberos";
@@ -107,22 +116,29 @@ init_ccapi(krb5_context context)
#ifndef RTLD_LAZY
#define RTLD_LAZY 0
#endif
+#ifndef RTLD_LOCAL
+#define RTLD_LOCAL 0
+#endif
- cc_handle = dlopen(lib, RTLD_LAZY);
+ cc_handle = dlopen(lib, RTLD_LAZY|RTLD_LOCAL);
if (cc_handle == NULL) {
HEIMDAL_MUTEX_unlock(&acc_mutex);
- krb5_set_error_message(context, KRB5_CC_NOSUPP,
- N_("Failed to load API cache module %s", "file"),
- lib);
+ if (context)
+ krb5_set_error_message(context, KRB5_CC_NOSUPP,
+ N_("Failed to load API cache module %s", "file"),
+ lib);
return KRB5_CC_NOSUPP;
}
init_func = (cc_initialize_func)dlsym(cc_handle, "cc_initialize");
+ set_target_uid = dlsym(cc_handle, "krb5_ipc_client_set_target_uid");
+ clear_target = dlsym(cc_handle, "krb5_ipc_client_clear_target");
HEIMDAL_MUTEX_unlock(&acc_mutex);
if (init_func == NULL) {
- krb5_set_error_message(context, KRB5_CC_NOSUPP,
- N_("Failed to find cc_initialize"
- "in %s: %s", "file, error"), lib, dlerror());
+ if (context)
+ krb5_set_error_message(context, KRB5_CC_NOSUPP,
+ N_("Failed to find cc_initialize"
+ "in %s: %s", "file, error"), lib, dlerror());
dlclose(cc_handle);
return KRB5_CC_NOSUPP;
}
@@ -130,12 +146,27 @@ init_ccapi(krb5_context context)
return 0;
#else
HEIMDAL_MUTEX_unlock(&acc_mutex);
- krb5_set_error_message(context, KRB5_CC_NOSUPP,
- N_("no support for shared object", ""));
+ if (context)
+ krb5_set_error_message(context, KRB5_CC_NOSUPP,
+ N_("no support for shared object", ""));
return KRB5_CC_NOSUPP;
#endif
}
+void
+_heim_krb5_ipc_client_set_target_uid(uid_t uid)
+{
+ init_ccapi(NULL);
+ (*set_target_uid)(uid);
+}
+
+void
+_heim_krb5_ipc_client_clear_target(void)
+{
+ init_ccapi(NULL);
+ (*clear_target)();
+}
+
static krb5_error_code
make_cred_from_ccred(krb5_context context,
const cc_credentials_v5_t *incred,
@@ -1068,3 +1099,5 @@ KRB5_LIB_VARIABLE const krb5_cc_ops krb5_acc_ops = {
acc_set_default,
acc_lastchange
};
+
+#endif
diff --git a/source4/heimdal/lib/krb5/add_et_list.c b/source4/heimdal/lib/krb5/add_et_list.c
index ccffd93b2c..082014e107 100644
--- a/source4/heimdal/lib/krb5/add_et_list.c
+++ b/source4/heimdal/lib/krb5/add_et_list.c
@@ -47,7 +47,7 @@
* @ingroup krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_add_et_list (krb5_context context,
void (*func)(struct et_list **))
{
diff --git a/source4/heimdal/lib/krb5/addr_families.c b/source4/heimdal/lib/krb5/addr_families.c
index f88fb2276a..cccf1cbc9a 100644
--- a/source4/heimdal/lib/krb5/addr_families.c
+++ b/source4/heimdal/lib/krb5/addr_families.c
@@ -175,16 +175,8 @@ ipv4_parse_addr (krb5_context context, const char *address, krb5_address *addr)
return -1;
} else
p = address;
-#ifdef HAVE_INET_ATON
if(inet_aton(p, &a) == 0)
return -1;
-#elif defined(HAVE_INET_ADDR)
- a.s_addr = inet_addr(p);
- if(a.s_addr == INADDR_NONE)
- return -1;
-#else
- return -1;
-#endif
addr->addr_type = KRB5_ADDRESS_INET;
if(krb5_data_alloc(&addr->address, 4) != 0)
return -1;
@@ -339,9 +331,7 @@ static int
ipv6_print_addr (const krb5_address *addr, char *str, size_t len)
{
char buf[128], buf2[3];
-#ifdef HAVE_INET_NTOP
if(inet_ntop(AF_INET6, addr->address.data, buf, sizeof(buf)) == NULL)
-#endif
{
/* XXX this is pretty ugly, but better than abort() */
int i;
@@ -790,7 +780,7 @@ find_atype(int atype)
* @ingroup krb5_address
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_sockaddr2address (krb5_context context,
const struct sockaddr *sa, krb5_address *addr)
{
@@ -818,7 +808,7 @@ krb5_sockaddr2address (krb5_context context,
* @ingroup krb5_address
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_sockaddr2port (krb5_context context,
const struct sockaddr *sa, int16_t *port)
{
@@ -853,7 +843,7 @@ krb5_sockaddr2port (krb5_context context,
* @ingroup krb5_address
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_addr2sockaddr (krb5_context context,
const krb5_address *addr,
struct sockaddr *sa,
@@ -889,7 +879,7 @@ krb5_addr2sockaddr (krb5_context context,
* @ingroup krb5_address
*/
-size_t KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION size_t KRB5_LIB_CALL
krb5_max_sockaddr_size (void)
{
if (max_sockaddr_size == 0) {
@@ -913,7 +903,7 @@ krb5_max_sockaddr_size (void)
* @ingroup krb5_address
*/
-krb5_boolean KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_sockaddr_uninteresting(const struct sockaddr *sa)
{
struct addr_operations *a = find_af(sa->sa_family);
@@ -941,7 +931,7 @@ krb5_sockaddr_uninteresting(const struct sockaddr *sa)
* @ingroup krb5_address
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_h_addr2sockaddr (krb5_context context,
int af,
const char *addr, struct sockaddr *sa,
@@ -972,7 +962,7 @@ krb5_h_addr2sockaddr (krb5_context context,
* @ingroup krb5_address
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_h_addr2addr (krb5_context context,
int af,
const char *haddr, krb5_address *addr)
@@ -1003,7 +993,7 @@ krb5_h_addr2addr (krb5_context context,
* @ingroup krb5_address
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_anyaddr (krb5_context context,
int af,
struct sockaddr *sa,
@@ -1038,7 +1028,7 @@ krb5_anyaddr (krb5_context context,
* @ingroup krb5_address
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_print_address (const krb5_address *addr,
char *str, size_t len, size_t *ret_len)
{
@@ -1088,7 +1078,7 @@ krb5_print_address (const krb5_address *addr,
* @ingroup krb5_address
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_parse_address(krb5_context context,
const char *string,
krb5_addresses *addresses)
@@ -1169,7 +1159,7 @@ krb5_parse_address(krb5_context context,
* @ingroup krb5_address
*/
-int KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION int KRB5_LIB_CALL
krb5_address_order(krb5_context context,
const krb5_address *addr1,
const krb5_address *addr2)
@@ -1218,7 +1208,7 @@ krb5_address_order(krb5_context context,
* @ingroup krb5_address
*/
-krb5_boolean KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_address_compare(krb5_context context,
const krb5_address *addr1,
const krb5_address *addr2)
@@ -1239,7 +1229,7 @@ krb5_address_compare(krb5_context context,
* @ingroup krb5_address
*/
-krb5_boolean KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_address_search(krb5_context context,
const krb5_address *addr,
const krb5_addresses *addrlist)
@@ -1264,7 +1254,7 @@ krb5_address_search(krb5_context context,
* @ingroup krb5_address
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_free_address(krb5_context context,
krb5_address *address)
{
@@ -1288,7 +1278,7 @@ krb5_free_address(krb5_context context,
* @ingroup krb5_address
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_free_addresses(krb5_context context,
krb5_addresses *addresses)
{
@@ -1314,7 +1304,7 @@ krb5_free_addresses(krb5_context context,
* @ingroup krb5_address
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_copy_address(krb5_context context,
const krb5_address *inaddr,
krb5_address *outaddr)
@@ -1338,7 +1328,7 @@ krb5_copy_address(krb5_context context,
* @ingroup krb5_address
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_copy_addresses(krb5_context context,
const krb5_addresses *inaddr,
krb5_addresses *outaddr)
@@ -1365,7 +1355,7 @@ krb5_copy_addresses(krb5_context context,
* @ingroup krb5_address
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_append_addresses(krb5_context context,
krb5_addresses *dest,
const krb5_addresses *source)
@@ -1409,7 +1399,7 @@ krb5_append_addresses(krb5_context context,
* @ingroup krb5_address
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_make_addrport (krb5_context context,
krb5_address **res, const krb5_address *addr, int16_t port)
{
@@ -1476,7 +1466,7 @@ krb5_make_addrport (krb5_context context,
* @ingroup krb5_address
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_address_prefixlen_boundary(krb5_context context,
const krb5_address *inaddr,
unsigned long prefixlen,
diff --git a/source4/heimdal/lib/krb5/appdefault.c b/source4/heimdal/lib/krb5/appdefault.c
index 383e82dad4..d4dc758faa 100644
--- a/source4/heimdal/lib/krb5/appdefault.c
+++ b/source4/heimdal/lib/krb5/appdefault.c
@@ -33,7 +33,7 @@
#include "krb5_locl.h"
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_appdefault_boolean(krb5_context context, const char *appname,
krb5_const_realm realm, const char *option,
krb5_boolean def_val, krb5_boolean *ret_val)
@@ -75,7 +75,7 @@ krb5_appdefault_boolean(krb5_context context, const char *appname,
*ret_val = def_val;
}
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_appdefault_string(krb5_context context, const char *appname,
krb5_const_realm realm, const char *option,
const char *def_val, char **ret_val)
@@ -119,7 +119,7 @@ krb5_appdefault_string(krb5_context context, const char *appname,
*ret_val = NULL;
}
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_appdefault_time(krb5_context context, const char *appname,
krb5_const_realm realm, const char *option,
time_t def_val, time_t *ret_val)
diff --git a/source4/heimdal/lib/krb5/asn1_glue.c b/source4/heimdal/lib/krb5/asn1_glue.c
index 59c0fbd64b..a821faff93 100644
--- a/source4/heimdal/lib/krb5/asn1_glue.c
+++ b/source4/heimdal/lib/krb5/asn1_glue.c
@@ -37,14 +37,14 @@
#include "krb5_locl.h"
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_principal2principalname (PrincipalName *p,
const krb5_principal from)
{
return copy_PrincipalName(&from->name, p);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_principalname2krb5_principal (krb5_context context,
krb5_principal *principal,
const PrincipalName from,
diff --git a/source4/heimdal/lib/krb5/auth_context.c b/source4/heimdal/lib/krb5/auth_context.c
index dfb9f6a0e3..ea59c73931 100644
--- a/source4/heimdal/lib/krb5/auth_context.c
+++ b/source4/heimdal/lib/krb5/auth_context.c
@@ -33,7 +33,7 @@
#include "krb5_locl.h"
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_init(krb5_context context,
krb5_auth_context *auth_context)
{
@@ -64,7 +64,7 @@ krb5_auth_con_init(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_free(krb5_context context,
krb5_auth_context auth_context)
{
@@ -86,7 +86,7 @@ krb5_auth_con_free(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_setflags(krb5_context context,
krb5_auth_context auth_context,
int32_t flags)
@@ -96,7 +96,7 @@ krb5_auth_con_setflags(krb5_context context,
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_getflags(krb5_context context,
krb5_auth_context auth_context,
int32_t *flags)
@@ -105,7 +105,7 @@ krb5_auth_con_getflags(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_addflags(krb5_context context,
krb5_auth_context auth_context,
int32_t addflags,
@@ -117,7 +117,7 @@ krb5_auth_con_addflags(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_removeflags(krb5_context context,
krb5_auth_context auth_context,
int32_t removeflags,
@@ -129,7 +129,7 @@ krb5_auth_con_removeflags(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_setaddrs(krb5_context context,
krb5_auth_context auth_context,
krb5_address *local_addr,
@@ -154,10 +154,10 @@ krb5_auth_con_setaddrs(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_genaddrs(krb5_context context,
krb5_auth_context auth_context,
- int fd, int flags)
+ krb5_socket_t fd, int flags)
{
krb5_error_code ret;
krb5_address local_k_address, remote_k_address;
@@ -170,10 +170,10 @@ krb5_auth_con_genaddrs(krb5_context context,
if(flags & KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR) {
if (auth_context->local_address == NULL) {
len = sizeof(ss_local);
- if(getsockname(fd, local, &len) < 0) {
+ if(rk_IS_SOCKET_ERROR(getsockname(fd, local, &len))) {
char buf[128];
- ret = errno;
- strerror_r(ret, buf, sizeof(buf));
+ ret = rk_SOCK_ERRNO;
+ rk_strerror_r(ret, buf, sizeof(buf));
krb5_set_error_message(context, ret, "getsockname: %s", buf);
goto out;
}
@@ -188,10 +188,10 @@ krb5_auth_con_genaddrs(krb5_context context,
}
if(flags & KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR) {
len = sizeof(ss_remote);
- if(getpeername(fd, remote, &len) < 0) {
+ if(rk_IS_SOCKET_ERROR(getpeername(fd, remote, &len))) {
char buf[128];
- ret = errno;
- strerror_r(ret, buf, sizeof(buf));
+ ret = rk_SOCK_ERRNO;
+ rk_strerror_r(ret, buf, sizeof(buf));
krb5_set_error_message(context, ret, "getpeername: %s", buf);
goto out;
}
@@ -216,12 +216,12 @@ krb5_auth_con_genaddrs(krb5_context context,
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_setaddrs_from_fd (krb5_context context,
krb5_auth_context auth_context,
void *p_fd)
{
- int fd = *(int*)p_fd;
+ krb5_socket_t fd = *(krb5_socket_t *)p_fd;
int flags = 0;
if(auth_context->local_address == NULL)
flags |= KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR;
@@ -230,7 +230,7 @@ krb5_auth_con_setaddrs_from_fd (krb5_context context,
return krb5_auth_con_genaddrs(context, auth_context, fd, flags);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_getaddrs(krb5_context context,
krb5_auth_context auth_context,
krb5_address **local_addr,
@@ -273,7 +273,7 @@ copy_key(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_getkey(krb5_context context,
krb5_auth_context auth_context,
krb5_keyblock **keyblock)
@@ -281,7 +281,7 @@ krb5_auth_con_getkey(krb5_context context,
return copy_key(context, auth_context->keyblock, keyblock);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_getlocalsubkey(krb5_context context,
krb5_auth_context auth_context,
krb5_keyblock **keyblock)
@@ -289,7 +289,7 @@ krb5_auth_con_getlocalsubkey(krb5_context context,
return copy_key(context, auth_context->local_subkey, keyblock);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_getremotesubkey(krb5_context context,
krb5_auth_context auth_context,
krb5_keyblock **keyblock)
@@ -297,7 +297,7 @@ krb5_auth_con_getremotesubkey(krb5_context context,
return copy_key(context, auth_context->remote_subkey, keyblock);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_setkey(krb5_context context,
krb5_auth_context auth_context,
krb5_keyblock *keyblock)
@@ -307,7 +307,7 @@ krb5_auth_con_setkey(krb5_context context,
return copy_key(context, keyblock, &auth_context->keyblock);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_setlocalsubkey(krb5_context context,
krb5_auth_context auth_context,
krb5_keyblock *keyblock)
@@ -317,7 +317,7 @@ krb5_auth_con_setlocalsubkey(krb5_context context,
return copy_key(context, keyblock, &auth_context->local_subkey);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_generatelocalsubkey(krb5_context context,
krb5_auth_context auth_context,
krb5_keyblock *key)
@@ -337,7 +337,7 @@ krb5_auth_con_generatelocalsubkey(krb5_context context,
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_setremotesubkey(krb5_context context,
krb5_auth_context auth_context,
krb5_keyblock *keyblock)
@@ -347,7 +347,7 @@ krb5_auth_con_setremotesubkey(krb5_context context,
return copy_key(context, keyblock, &auth_context->remote_subkey);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_setcksumtype(krb5_context context,
krb5_auth_context auth_context,
krb5_cksumtype cksumtype)
@@ -356,7 +356,7 @@ krb5_auth_con_setcksumtype(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_getcksumtype(krb5_context context,
krb5_auth_context auth_context,
krb5_cksumtype *cksumtype)
@@ -365,7 +365,7 @@ krb5_auth_con_getcksumtype(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_setkeytype (krb5_context context,
krb5_auth_context auth_context,
krb5_keytype keytype)
@@ -374,7 +374,7 @@ krb5_auth_con_setkeytype (krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_getkeytype (krb5_context context,
krb5_auth_context auth_context,
krb5_keytype *keytype)
@@ -384,7 +384,7 @@ krb5_auth_con_getkeytype (krb5_context context,
}
#if 0
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_setenctype(krb5_context context,
krb5_auth_context auth_context,
krb5_enctype etype)
@@ -398,7 +398,7 @@ krb5_auth_con_setenctype(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_getenctype(krb5_context context,
krb5_auth_context auth_context,
krb5_enctype *etype)
@@ -407,7 +407,7 @@ krb5_auth_con_getenctype(krb5_context context,
}
#endif
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_getlocalseqnumber(krb5_context context,
krb5_auth_context auth_context,
int32_t *seqnumber)
@@ -416,7 +416,7 @@ krb5_auth_con_getlocalseqnumber(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_setlocalseqnumber (krb5_context context,
krb5_auth_context auth_context,
int32_t seqnumber)
@@ -425,16 +425,16 @@ krb5_auth_con_setlocalseqnumber (krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_getremoteseqnumber(krb5_context context,
- krb5_auth_context auth_context,
- int32_t *seqnumber)
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
+krb5_auth_con_getremoteseqnumber(krb5_context context,
+ krb5_auth_context auth_context,
+ int32_t *seqnumber)
{
*seqnumber = auth_context->remote_seqnumber;
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_setremoteseqnumber (krb5_context context,
krb5_auth_context auth_context,
int32_t seqnumber)
@@ -444,7 +444,7 @@ krb5_auth_con_setremoteseqnumber (krb5_context context,
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_getauthenticator(krb5_context context,
krb5_auth_context auth_context,
krb5_authenticator *authenticator)
@@ -461,7 +461,7 @@ krb5_auth_con_getauthenticator(krb5_context context,
}
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_free_authenticator(krb5_context context,
krb5_authenticator *authenticator)
{
@@ -471,7 +471,7 @@ krb5_free_authenticator(krb5_context context,
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_setuserkey(krb5_context context,
krb5_auth_context auth_context,
krb5_keyblock *keyblock)
@@ -481,7 +481,7 @@ krb5_auth_con_setuserkey(krb5_context context,
return krb5_copy_keyblock(context, keyblock, &auth_context->keyblock);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_getrcache(krb5_context context,
krb5_auth_context auth_context,
krb5_rcache *rcache)
@@ -490,7 +490,7 @@ krb5_auth_con_getrcache(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_setrcache(krb5_context context,
krb5_auth_context auth_context,
krb5_rcache rcache)
@@ -501,7 +501,7 @@ krb5_auth_con_setrcache(krb5_context context,
#if 0 /* not implemented */
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_initivector(krb5_context context,
krb5_auth_context auth_context)
{
@@ -509,7 +509,7 @@ krb5_auth_con_initivector(krb5_context context,
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_setivector(krb5_context context,
krb5_auth_context auth_context,
krb5_pointer ivector)
diff --git a/source4/heimdal/lib/krb5/build_ap_req.c b/source4/heimdal/lib/krb5/build_ap_req.c
index 1550239faf..d56a0a194e 100644
--- a/source4/heimdal/lib/krb5/build_ap_req.c
+++ b/source4/heimdal/lib/krb5/build_ap_req.c
@@ -31,9 +31,9 @@
* SUCH DAMAGE.
*/
-#include <krb5_locl.h>
+#include "krb5_locl.h"
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_build_ap_req (krb5_context context,
krb5_enctype enctype,
krb5_creds *cred,
diff --git a/source4/heimdal/lib/krb5/build_auth.c b/source4/heimdal/lib/krb5/build_auth.c
index a845e0ac33..85d64525de 100644
--- a/source4/heimdal/lib/krb5/build_auth.c
+++ b/source4/heimdal/lib/krb5/build_auth.c
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
-#include <krb5_locl.h>
+#include "krb5_locl.h"
static krb5_error_code
make_etypelist(krb5_context context,
@@ -99,14 +99,14 @@ make_etypelist(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_build_authenticator(krb5_context context,
- krb5_auth_context auth_context,
- krb5_enctype enctype,
- krb5_creds *cred,
- Checksum *cksum,
- krb5_data *result,
- krb5_key_usage usage)
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
+_krb5_build_authenticator (krb5_context context,
+ krb5_auth_context auth_context,
+ krb5_enctype enctype,
+ krb5_creds *cred,
+ Checksum *cksum,
+ krb5_data *result,
+ krb5_key_usage usage)
{
Authenticator auth;
u_char *buf = NULL;
diff --git a/source4/heimdal/lib/krb5/cache.c b/source4/heimdal/lib/krb5/cache.c
index 3617a0eefd..ce8040d07c 100644
--- a/source4/heimdal/lib/krb5/cache.c
+++ b/source4/heimdal/lib/krb5/cache.c
@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -112,7 +114,7 @@ main (int argc, char **argv)
* @ingroup krb5_ccache
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_register(krb5_context context,
const krb5_cc_ops *ops,
krb5_boolean override)
@@ -184,13 +186,34 @@ allocate_ccache (krb5_context context,
krb5_ccache *id)
{
krb5_error_code ret;
+#ifdef KRB5_USE_PATH_TOKENS
+ char * exp_residual = NULL;
- ret = _krb5_cc_allocate(context, ops, id);
+ ret = _krb5_expand_path_tokens(context, residual, &exp_residual);
if (ret)
return ret;
+
+ residual = exp_residual;
+#endif
+
+ ret = _krb5_cc_allocate(context, ops, id);
+ if (ret) {
+#ifdef KRB5_USE_PATH_TOKENS
+ if (exp_residual)
+ free(exp_residual);
+#endif
+ return ret;
+ }
+
ret = (*id)->ops->resolve(context, id, residual);
if(ret)
free(*id);
+
+#ifdef KRB5_USE_PATH_TOKENS
+ if (exp_residual)
+ free(exp_residual);
+#endif
+
return ret;
}
@@ -209,7 +232,7 @@ allocate_ccache (krb5_context context,
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_resolve(krb5_context context,
const char *name,
krb5_ccache *id)
@@ -249,7 +272,7 @@ krb5_cc_resolve(krb5_context context,
* @ingroup krb5_ccache
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_new_unique(krb5_context context, const char *type,
const char *hint, krb5_ccache *id)
{
@@ -281,7 +304,7 @@ krb5_cc_new_unique(krb5_context context, const char *type,
*/
-const char* KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
krb5_cc_get_name(krb5_context context,
krb5_ccache id)
{
@@ -295,7 +318,7 @@ krb5_cc_get_name(krb5_context context,
*/
-const char* KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
krb5_cc_get_type(krb5_context context,
krb5_ccache id)
{
@@ -303,15 +326,19 @@ krb5_cc_get_type(krb5_context context,
}
/**
- * Return the complete resolvable name the ccache `id' in `str´.
- * `str` should be freed with free(3).
- * Returns 0 or an error (and then *str is set to NULL).
+ * Return the complete resolvable name the cache
+
+ * @param context a Keberos context
+ * @param id return pointer to a found credential cache
+ * @param str the returned name of a credential cache, free with krb5_xfree()
+ *
+ * @return Returns 0 or an error (and then *str is set to NULL).
*
* @ingroup krb5_ccache
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_get_full_name(krb5_context context,
krb5_ccache id,
char **str)
@@ -362,6 +389,7 @@ krb5_cc_get_ops(krb5_context context, krb5_ccache id)
krb5_error_code
_krb5_expand_default_cc_name(krb5_context context, const char *str, char **res)
{
+#ifndef KRB5_USE_PATH_TOKENS
size_t tlen, len = 0;
char *tmp, *tmp2, *append;
@@ -379,7 +407,8 @@ _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res)
} else if (tmp) {
tmp2 = strchr(tmp, '}');
if (tmp2 == NULL) {
- free(*res);
+ if (*res)
+ free(*res);
*res = NULL;
krb5_set_error_message(context, KRB5_CONFIG_BADFORMAT,
"variable missing }");
@@ -390,7 +419,8 @@ _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res)
else if (strncasecmp(tmp, "%{null}", 7) == 0)
append = strdup("");
else {
- free(*res);
+ if (*res)
+ free(*res);
*res = NULL;
krb5_set_error_message(context,
KRB5_CONFIG_BADFORMAT,
@@ -405,7 +435,8 @@ _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res)
str = NULL;
}
if (append == NULL) {
- free(*res);
+ if (*res)
+ free(*res);
*res = NULL;
krb5_set_error_message(context, ENOMEM,
N_("malloc: out of memory", ""));
@@ -416,7 +447,8 @@ _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res)
tmp = realloc(*res, len + tlen + 1);
if (tmp == NULL) {
free(append);
- free(*res);
+ if (*res)
+ free(*res);
*res = NULL;
krb5_set_error_message(context, ENOMEM,
N_("malloc: out of memory", ""));
@@ -428,6 +460,13 @@ _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res)
free(append);
}
return 0;
+#else /* _WIN32 */
+ /* On Windows, we use the more generic _krb5_expand_path_tokens()
+ function which also handles path tokens in addition to %{uid}
+ and %{null} */
+
+ return _krb5_expand_path_tokens(context, str, res);
+#endif
}
/*
@@ -444,6 +483,12 @@ environment_changed(krb5_context context)
if (context->default_cc_name_set)
return 0;
+ /* XXX performance: always ask KCM/API if default name has changed */
+ if (context->default_cc_name &&
+ (strncmp(context->default_cc_name, "KCM:", 4) == 0 ||
+ strncmp(context->default_cc_name, "API:", 4) == 0))
+ return 1;
+
if(issuid())
return 0;
@@ -472,7 +517,7 @@ environment_changed(krb5_context context)
* @ingroup krb5_ccache
*/
-krb5_error_code
+krb5_error_code KRB5_LIB_FUNCTION
krb5_cc_switch(krb5_context context, krb5_ccache id)
{
@@ -483,12 +528,29 @@ krb5_cc_switch(krb5_context context, krb5_ccache id)
}
/**
+ * Return true if the default credential cache support switch
+ *
+ * @ingroup krb5_ccache
+ */
+
+krb5_boolean KRB5_LIB_FUNCTION
+krb5_cc_support_switch(krb5_context context, const char *type)
+{
+ const krb5_cc_ops *ops;
+
+ ops = krb5_cc_get_prefix_ops(context, type);
+ if (ops && ops->set_default)
+ return 1;
+ return FALSE;
+}
+
+/**
* Set the default cc name for `context' to `name'.
*
* @ingroup krb5_ccache
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_set_default_name(krb5_context context, const char *name)
{
krb5_error_code ret = 0;
@@ -544,6 +606,20 @@ krb5_cc_set_default_name(krb5_context context, const char *name)
return ENOMEM;
}
+#ifdef KRB5_USE_PATH_TOKENS
+ {
+ char * exp_p = NULL;
+
+ if (_krb5_expand_path_tokens(context, p, &exp_p) == 0) {
+ free (p);
+ p = exp_p;
+ } else {
+ free (p);
+ return EINVAL;
+ }
+ }
+#endif
+
if (context->default_cc_name)
free(context->default_cc_name);
@@ -562,7 +638,7 @@ krb5_cc_set_default_name(krb5_context context, const char *name)
*/
-const char* KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
krb5_cc_default_name(krb5_context context)
{
if (context->default_cc_name == NULL || environment_changed(context))
@@ -580,7 +656,7 @@ krb5_cc_default_name(krb5_context context)
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_default(krb5_context context,
krb5_ccache *id)
{
@@ -602,7 +678,7 @@ krb5_cc_default(krb5_context context,
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_initialize(krb5_context context,
krb5_ccache id,
krb5_principal primary_principal)
@@ -620,7 +696,7 @@ krb5_cc_initialize(krb5_context context,
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_destroy(krb5_context context,
krb5_ccache id)
{
@@ -640,7 +716,7 @@ krb5_cc_destroy(krb5_context context,
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_close(krb5_context context,
krb5_ccache id)
{
@@ -659,7 +735,7 @@ krb5_cc_close(krb5_context context,
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_store_cred(krb5_context context,
krb5_ccache id,
krb5_creds *creds)
@@ -685,7 +761,7 @@ krb5_cc_store_cred(krb5_context context,
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_retrieve_cred(krb5_context context,
krb5_ccache id,
krb5_flags whichfields,
@@ -723,7 +799,7 @@ krb5_cc_retrieve_cred(krb5_context context,
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_get_principal(krb5_context context,
krb5_ccache id,
krb5_principal *principal)
@@ -741,7 +817,7 @@ krb5_cc_get_principal(krb5_context context,
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_start_seq_get (krb5_context context,
const krb5_ccache id,
krb5_cc_cursor *cursor)
@@ -759,7 +835,7 @@ krb5_cc_start_seq_get (krb5_context context,
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_next_cred (krb5_context context,
const krb5_ccache id,
krb5_cc_cursor *cursor,
@@ -775,7 +851,7 @@ krb5_cc_next_cred (krb5_context context,
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_end_seq_get (krb5_context context,
const krb5_ccache id,
krb5_cc_cursor *cursor)
@@ -790,7 +866,7 @@ krb5_cc_end_seq_get (krb5_context context,
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_remove_cred(krb5_context context,
krb5_ccache id,
krb5_flags which,
@@ -813,7 +889,7 @@ krb5_cc_remove_cred(krb5_context context,
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_set_flags(krb5_context context,
krb5_ccache id,
krb5_flags flags)
@@ -827,7 +903,7 @@ krb5_cc_set_flags(krb5_context context,
* @ingroup krb5_ccache
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_get_flags(krb5_context context,
krb5_ccache id,
krb5_flags *flags)
@@ -852,7 +928,7 @@ krb5_cc_get_flags(krb5_context context,
* @ingroup krb5_ccache
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_copy_match_f(krb5_context context,
const krb5_ccache from,
krb5_ccache to,
@@ -905,7 +981,7 @@ krb5_cc_copy_match_f(krb5_context context,
* @ingroup @krb5_ccache
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_copy_cache(krb5_context context,
const krb5_ccache from,
krb5_ccache to)
@@ -920,7 +996,7 @@ krb5_cc_copy_cache(krb5_context context,
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_get_version(krb5_context context,
const krb5_ccache id)
{
@@ -937,7 +1013,7 @@ krb5_cc_get_version(krb5_context context,
*/
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_cc_clear_mcred(krb5_creds *mcred)
{
memset(mcred, 0, sizeof(*mcred));
@@ -1005,7 +1081,7 @@ struct krb5_cc_cache_cursor_data {
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_cache_get_first (krb5_context context,
const char *type,
krb5_cc_cache_cursor *cursor)
@@ -1063,7 +1139,7 @@ krb5_cc_cache_get_first (krb5_context context,
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_cache_next (krb5_context context,
krb5_cc_cache_cursor cursor,
krb5_ccache *id)
@@ -1080,7 +1156,7 @@ krb5_cc_cache_next (krb5_context context,
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_cache_end_seq_get (krb5_context context,
krb5_cc_cache_cursor cursor)
{
@@ -1106,7 +1182,7 @@ krb5_cc_cache_end_seq_get (krb5_context context,
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_cache_match (krb5_context context,
krb5_principal client,
krb5_ccache *id)
@@ -1240,7 +1316,7 @@ build_conf_principals(krb5_context context, krb5_ccache id,
* @ingroup krb5_ccache
*/
-krb5_boolean KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_is_config_principal(krb5_context context,
krb5_const_principal principal)
{
@@ -1268,7 +1344,7 @@ krb5_is_config_principal(krb5_context context,
* @ingroup krb5_ccache
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_set_config(krb5_context context, krb5_ccache id,
krb5_const_principal principal,
const char *name, krb5_data *data)
@@ -1316,7 +1392,7 @@ out:
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_get_config(krb5_context context, krb5_ccache id,
krb5_const_principal principal,
const char *name, krb5_data *data)
@@ -1347,7 +1423,7 @@ out:
*
*/
-struct krb5_cccol_cursor {
+struct krb5_cccol_cursor_data {
int idx;
krb5_cc_cache_cursor cursor;
};
@@ -1364,7 +1440,7 @@ struct krb5_cccol_cursor {
* @ingroup krb5_ccache
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cccol_cursor_new(krb5_context context, krb5_cccol_cursor *cursor)
{
*cursor = calloc(1, sizeof(**cursor));
@@ -1396,7 +1472,7 @@ krb5_cccol_cursor_new(krb5_context context, krb5_cccol_cursor *cursor)
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cccol_cursor_next(krb5_context context, krb5_cccol_cursor cursor,
krb5_ccache *cache)
{
@@ -1447,7 +1523,7 @@ krb5_cccol_cursor_next(krb5_context context, krb5_cccol_cursor cursor,
* @ingroup krb5_ccache
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cccol_cursor_free(krb5_context context, krb5_cccol_cursor *cursor)
{
krb5_cccol_cursor c = *cursor;
@@ -1474,7 +1550,7 @@ krb5_cccol_cursor_free(krb5_context context, krb5_cccol_cursor *cursor)
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_last_change_time(krb5_context context,
krb5_ccache id,
krb5_timestamp *mtime)
@@ -1497,7 +1573,7 @@ krb5_cc_last_change_time(krb5_context context,
* @ingroup krb5_ccache
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cccol_last_change_time(krb5_context context,
const char *type,
krb5_timestamp *mtime)
@@ -1538,7 +1614,7 @@ krb5_cccol_last_change_time(krb5_context context,
* @ingroup krb5_ccache
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_get_friendly_name(krb5_context context,
krb5_ccache id,
char **name)
@@ -1575,7 +1651,7 @@ krb5_cc_get_friendly_name(krb5_context context,
* @ingroup krb5_ccache
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_set_friendly_name(krb5_context context,
krb5_ccache id,
const char *name)
@@ -1603,7 +1679,7 @@ krb5_cc_set_friendly_name(krb5_context context,
* @ingroup krb5_ccache
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_get_lifetime(krb5_context context, krb5_ccache id, time_t *t)
{
krb5_cc_cursor cursor;
@@ -1623,13 +1699,61 @@ krb5_cc_get_lifetime(krb5_context context, krb5_ccache id, time_t *t)
if (now < cred.times.endtime)
*t = cred.times.endtime - now;
krb5_free_cred_contents(context, &cred);
- goto out;
+ break;
}
krb5_free_cred_contents(context, &cred);
}
- out:
krb5_cc_end_seq_get(context, id, &cursor);
return ret;
}
+
+/**
+ * Set the time offset betwen the client and the KDC
+ *
+ * If the backend doesn't support KDC offset, use the context global setting.
+ *
+ * @param context A Kerberos 5 context.
+ * @param id a credential cache
+ * @param offset the offset in seconds
+ *
+ * @return Return an error code or 0, see krb5_get_error_message().
+ *
+ * @ingroup krb5_ccache
+ */
+
+krb5_error_code
+krb5_cc_set_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat offset)
+{
+ if (id->ops->set_kdc_offset == NULL) {
+ context->kdc_sec_offset = offset;
+ context->kdc_usec_offset = 0;
+ return 0;
+ }
+ return (*id->ops->set_kdc_offset)(context, id, offset);
+}
+
+/**
+ * Get the time offset betwen the client and the KDC
+ *
+ * If the backend doesn't support KDC offset, use the context global setting.
+ *
+ * @param context A Kerberos 5 context.
+ * @param id a credential cache
+ * @param offset the offset in seconds
+ *
+ * @return Return an error code or 0, see krb5_get_error_message().
+ *
+ * @ingroup krb5_ccache
+ */
+
+krb5_error_code
+krb5_cc_get_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat *offset)
+{
+ if (id->ops->get_kdc_offset == NULL) {
+ *offset = context->kdc_sec_offset;
+ return 0;
+ }
+ return (*id->ops->get_kdc_offset)(context, id, offset);
+}
diff --git a/source4/heimdal/lib/krb5/changepw.c b/source4/heimdal/lib/krb5/changepw.c
index 207b86b488..a962f06f5f 100644
--- a/source4/heimdal/lib/krb5/changepw.c
+++ b/source4/heimdal/lib/krb5/changepw.c
@@ -33,7 +33,7 @@
#define KRB5_DEPRECATED
-#include <krb5_locl.h>
+#include "krb5_locl.h"
#undef __attribute__
#define __attribute__(X)
@@ -602,7 +602,8 @@ change_password_loop (krb5_context context,
goto out;
}
}
-
+
+#ifndef NO_LIMIT_FD_SETSIZE
if (sock >= FD_SETSIZE) {
ret = ERANGE;
krb5_set_error_message(context, ret,
@@ -610,6 +611,7 @@ change_password_loop (krb5_context context,
close (sock);
goto out;
}
+#endif
FD_ZERO(&fdset);
FD_SET(sock, &fdset);
@@ -670,7 +672,7 @@ find_chpw_proto(const char *name)
}
/**
- * krb5_change_password() is deprecated, use krb5_set_password().
+ * Deprecated: krb5_change_password() is deprecated, use krb5_set_password().
*
* @param context a Keberos context
* @param creds
@@ -684,14 +686,14 @@ find_chpw_proto(const char *name)
* @ingroup @krb5_deprecated
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_DEPRECATED
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_change_password (krb5_context context,
krb5_creds *creds,
const char *newpw,
int *result_code,
krb5_data *result_code_string,
krb5_data *result_string)
- KRB5_DEPRECATED
{
struct kpwd_proc *p = find_chpw_proto("change password");
@@ -726,7 +728,7 @@ krb5_change_password (krb5_context context,
* @ingroup @krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_set_password(krb5_context context,
krb5_creds *creds,
const char *newpw,
@@ -769,7 +771,7 @@ krb5_set_password(krb5_context context,
*
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_set_password_using_ccache(krb5_context context,
krb5_ccache ccache,
const char *newpw,
@@ -834,7 +836,7 @@ krb5_set_password_using_ccache(krb5_context context,
*
*/
-const char* KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
krb5_passwd_result_to_string (krb5_context context,
int result)
{
diff --git a/source4/heimdal/lib/krb5/codec.c b/source4/heimdal/lib/krb5/codec.c
index ebda3e51f7..d73a719100 100644
--- a/source4/heimdal/lib/krb5/codec.c
+++ b/source4/heimdal/lib/krb5/codec.c
@@ -37,178 +37,178 @@
#ifndef HEIMDAL_SMALLER
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_DEPRECATED
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_decode_EncTicketPart (krb5_context context,
const void *data,
size_t length,
EncTicketPart *t,
size_t *len)
- KRB5_DEPRECATED
{
return decode_EncTicketPart(data, length, t, len);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_DEPRECATED
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_encode_EncTicketPart (krb5_context context,
void *data,
size_t length,
EncTicketPart *t,
size_t *len)
- KRB5_DEPRECATED
{
return encode_EncTicketPart(data, length, t, len);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_DEPRECATED
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_decode_EncASRepPart (krb5_context context,
const void *data,
size_t length,
EncASRepPart *t,
size_t *len)
- KRB5_DEPRECATED
{
return decode_EncASRepPart(data, length, t, len);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_DEPRECATED
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_encode_EncASRepPart (krb5_context context,
void *data,
size_t length,
EncASRepPart *t,
size_t *len)
- KRB5_DEPRECATED
{
return encode_EncASRepPart(data, length, t, len);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_DEPRECATED
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_decode_EncTGSRepPart (krb5_context context,
const void *data,
size_t length,
EncTGSRepPart *t,
size_t *len)
- KRB5_DEPRECATED
{
return decode_EncTGSRepPart(data, length, t, len);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_DEPRECATED
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_encode_EncTGSRepPart (krb5_context context,
void *data,
size_t length,
EncTGSRepPart *t,
size_t *len)
- KRB5_DEPRECATED
{
return encode_EncTGSRepPart(data, length, t, len);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_DEPRECATED
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_decode_EncAPRepPart (krb5_context context,
const void *data,
size_t length,
EncAPRepPart *t,
size_t *len)
- KRB5_DEPRECATED
{
return decode_EncAPRepPart(data, length, t, len);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_DEPRECATED
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_encode_EncAPRepPart (krb5_context context,
void *data,
size_t length,
EncAPRepPart *t,
size_t *len)
- KRB5_DEPRECATED
{
return encode_EncAPRepPart(data, length, t, len);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_DEPRECATED
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_decode_Authenticator (krb5_context context,
const void *data,
size_t length,
Authenticator *t,
size_t *len)
- KRB5_DEPRECATED
{
return decode_Authenticator(data, length, t, len);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_DEPRECATED
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_encode_Authenticator (krb5_context context,
void *data,
size_t length,
Authenticator *t,
size_t *len)
- KRB5_DEPRECATED
{
return encode_Authenticator(data, length, t, len);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_DEPRECATED
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_decode_EncKrbCredPart (krb5_context context,
const void *data,
size_t length,
EncKrbCredPart *t,
size_t *len)
- KRB5_DEPRECATED
{
return decode_EncKrbCredPart(data, length, t, len);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_DEPRECATED
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_encode_EncKrbCredPart (krb5_context context,
void *data,
size_t length,
EncKrbCredPart *t,
size_t *len)
- KRB5_DEPRECATED
{
return encode_EncKrbCredPart (data, length, t, len);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_DEPRECATED
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_decode_ETYPE_INFO (krb5_context context,
const void *data,
size_t length,
ETYPE_INFO *t,
size_t *len)
- KRB5_DEPRECATED
{
return decode_ETYPE_INFO(data, length, t, len);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_DEPRECATED
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_encode_ETYPE_INFO (krb5_context context,
void *data,
size_t length,
ETYPE_INFO *t,
size_t *len)
- KRB5_DEPRECATED
{
return encode_ETYPE_INFO (data, length, t, len);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_DEPRECATED
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_decode_ETYPE_INFO2 (krb5_context context,
const void *data,
size_t length,
ETYPE_INFO2 *t,
size_t *len)
- KRB5_DEPRECATED
{
return decode_ETYPE_INFO2(data, length, t, len);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_DEPRECATED
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_encode_ETYPE_INFO2 (krb5_context context,
void *data,
size_t length,
ETYPE_INFO2 *t,
size_t *len)
- KRB5_DEPRECATED
{
return encode_ETYPE_INFO2 (data, length, t, len);
}
diff --git a/source4/heimdal/lib/krb5/config_file.c b/source4/heimdal/lib/krb5/config_file.c
index 03c0e335d4..4eb4e12fad 100644
--- a/source4/heimdal/lib/krb5/config_file.c
+++ b/source4/heimdal/lib/krb5/config_file.c
@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -35,6 +37,10 @@
#include "krb5_locl.h"
+#ifdef __APPLE__
+#include <CoreFoundation/CoreFoundation.h>
+#endif
+
/* Gaah! I want a portable funopen */
struct fileptr {
const char *s;
@@ -233,6 +239,98 @@ parse_binding(struct fileptr *f, unsigned *lineno, char *p,
return ret;
}
+#ifdef __APPLE__
+static char *
+cfstring2cstring(CFStringRef string)
+{
+ CFIndex len;
+ char *str;
+
+ str = (char *) CFStringGetCStringPtr(string, kCFStringEncodingUTF8);
+ if (str)
+ return strdup(str);
+
+ len = CFStringGetLength(string);
+ len = 1 + CFStringGetMaximumSizeForEncoding(len, kCFStringEncodingUTF8);
+ str = malloc(len);
+ if (str == NULL)
+ return NULL;
+
+ if (!CFStringGetCString (string, str, len, kCFStringEncodingUTF8)) {
+ free (str);
+ return NULL;
+ }
+ return str;
+}
+
+static void
+convert_content(const void *key, const void *value, void *context)
+{
+ krb5_config_section *tmp, **parent = context;
+ char *k;
+
+ if (CFGetTypeID(key) != CFStringGetTypeID())
+ return;
+
+ k = cfstring2cstring(key);
+ if (k == NULL)
+ return;
+
+ if (CFGetTypeID(value) == CFStringGetTypeID()) {
+ tmp = get_entry(parent, k, krb5_config_string);
+ tmp->u.string = cfstring2cstring(value);
+ } else if (CFGetTypeID(value) == CFDictionaryGetTypeID()) {
+ tmp = get_entry(parent, k, krb5_config_list);
+ CFDictionaryApplyFunction(value, convert_content, &tmp->u.list);
+ } else {
+ /* log */
+ }
+ free(k);
+}
+
+static krb5_error_code
+parse_plist_config(krb5_context context, const char *path, krb5_config_section **parent)
+{
+ CFReadStreamRef s;
+ CFDictionaryRef d;
+ CFErrorRef e;
+ CFURLRef url;
+
+ url = CFURLCreateFromFileSystemRepresentation(kCFAllocatorDefault, (UInt8 *)path, strlen(path), FALSE);
+ if (url == NULL) {
+ krb5_clear_error_message(context);
+ return ENOMEM;
+ }
+
+ s = CFReadStreamCreateWithFile(kCFAllocatorDefault, url);
+ CFRelease(url);
+ if (s == NULL) {
+ krb5_clear_error_message(context);
+ return ENOMEM;
+ }
+
+ if (!CFReadStreamOpen(s)) {
+ CFRelease(s);
+ krb5_clear_error_message(context);
+ return ENOENT;
+ }
+
+ d = (CFDictionaryRef)CFPropertyListCreateWithStream (kCFAllocatorDefault, s, 0, kCFPropertyListImmutable, NULL, &e);
+ CFRelease(s);
+ if (d == NULL) {
+ krb5_clear_error_message(context);
+ return ENOENT;
+ }
+
+ CFDictionaryApplyFunction(d, convert_content, parent);
+ CFRelease(d);
+
+ return 0;
+}
+
+#endif
+
+
/*
* Parse the config file `fname', generating the structures into `res'
* returning error messages in `error_message'
@@ -280,6 +378,18 @@ krb5_config_parse_debug (struct fileptr *f,
return 0;
}
+static int
+is_plist_file(const char *fname)
+{
+ size_t len = strlen(fname);
+ char suffix[] = ".plist";
+ if (len < sizeof(suffix))
+ return 0;
+ if (strcasecmp(&fname[len - (sizeof(suffix) - 1)], suffix) != 0)
+ return 0;
+ return 1;
+}
+
/**
* Parse a configuration file and add the result into res. This
* interface can be used to parse several configuration files into one
@@ -293,7 +403,7 @@ krb5_config_parse_debug (struct fileptr *f,
* @ingroup krb5_support
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_config_parse_file_multi (krb5_context context,
const char *fname,
krb5_config_section **res)
@@ -309,9 +419,16 @@ krb5_config_parse_file_multi (krb5_context context,
* current users home directory. The behavior can be disabled and
* enabled by calling krb5_set_home_dir_access().
*/
- if (_krb5_homedir_access(context) && fname[0] == '~' && fname[1] == '/') {
+ if (fname[0] == '~' && fname[1] == '/') {
+#ifndef KRB5_USE_PATH_TOKENS
const char *home = NULL;
+ if (!_krb5_homedir_access(context)) {
+ krb5_set_error_message(context, EPERM,
+ "Access to home directory not allowed");
+ return EPERM;
+ }
+
if(!issuid())
home = getenv("HOME");
@@ -329,33 +446,73 @@ krb5_config_parse_file_multi (krb5_context context,
}
fname = newfname;
}
+#else /* KRB5_USE_PATH_TOKENS */
+ asprintf(&newfname, "%%{USERCONFIG}/%s", &fname[1]);
+ if (newfname == NULL) {
+ krb5_set_error_message(context, ENOMEM,
+ N_("malloc: out of memory", ""));
+ return ENOMEM;
+ }
+ fname = newfname;
+#endif
}
- f.f = fopen(fname, "r");
- f.s = NULL;
- if(f.f == NULL) {
- ret = errno;
- krb5_set_error_message (context, ret, "open %s: %s",
- fname, strerror(ret));
- if (newfname)
- free(newfname);
- return ret;
- }
+ if (is_plist_file(fname)) {
+#ifdef __APPLE__
+ ret = parse_plist_config(context, fname, res);
+ if (ret) {
+ krb5_set_error_message(context, ret,
+ "Failed to parse plist %s", fname);
+ if (newfname)
+ free(newfname);
+ return ret;
+ }
+#else
+ krb5_set_error_message(context, ENOENT,
+ "no support for plist configuration files");
+ return ENOENT;
+#endif
+ } else {
+#ifdef KRB5_USE_PATH_TOKENS
+ char * exp_fname = NULL;
- ret = krb5_config_parse_debug (&f, res, &lineno, &str);
- fclose(f.f);
- if (ret) {
- krb5_set_error_message (context, ret, "%s:%u: %s", fname, lineno, str);
+ ret = _krb5_expand_path_tokens(context, fname, &exp_fname);
+ if (ret) {
+ if (newfname)
+ free(newfname);
+ return ret;
+ }
+
if (newfname)
free(newfname);
- return ret;
+ fname = newfname = exp_fname;
+#endif
+
+ f.f = fopen(fname, "r");
+ f.s = NULL;
+ if(f.f == NULL) {
+ ret = errno;
+ krb5_set_error_message (context, ret, "open %s: %s",
+ fname, strerror(ret));
+ if (newfname)
+ free(newfname);
+ return ret;
+ }
+
+ ret = krb5_config_parse_debug (&f, res, &lineno, &str);
+ fclose(f.f);
+ if (ret) {
+ krb5_set_error_message (context, ret, "%s:%u: %s",
+ fname, lineno, str);
+ if (newfname)
+ free(newfname);
+ return ret;
+ }
}
- if (newfname)
- free(newfname);
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_config_parse_file (krb5_context context,
const char *fname,
krb5_config_section **res)
@@ -397,7 +554,7 @@ free_binding (krb5_context context, krb5_config_binding *b)
* @ingroup krb5_support
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_config_file_free (krb5_context context, krb5_config_section *s)
{
free_binding (context, s);
@@ -406,7 +563,7 @@ krb5_config_file_free (krb5_context context, krb5_config_section *s)
#ifndef HEIMDAL_SMALLER
-krb5_error_code
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_config_copy(krb5_context context,
krb5_config_section *c,
krb5_config_section **head)
@@ -442,7 +599,7 @@ _krb5_config_copy(krb5_context context,
#endif /* HEIMDAL_SMALLER */
-const void *
+KRB5_LIB_FUNCTION const void * KRB5_LIB_CALL
_krb5_config_get_next (krb5_context context,
const krb5_config_section *c,
const krb5_config_binding **pointer,
@@ -481,7 +638,7 @@ vget_next(krb5_context context,
return NULL;
}
-const void *
+KRB5_LIB_FUNCTION const void * KRB5_LIB_CALL
_krb5_config_vget_next (krb5_context context,
const krb5_config_section *c,
const krb5_config_binding **pointer,
@@ -517,7 +674,7 @@ _krb5_config_vget_next (krb5_context context,
return NULL;
}
-const void *
+KRB5_LIB_FUNCTION const void * KRB5_LIB_CALL
_krb5_config_get (krb5_context context,
const krb5_config_section *c,
int type,
@@ -532,6 +689,7 @@ _krb5_config_get (krb5_context context,
return ret;
}
+
const void *
_krb5_config_vget (krb5_context context,
const krb5_config_section *c,
@@ -555,7 +713,7 @@ _krb5_config_vget (krb5_context context,
* @ingroup krb5_support
*/
-const krb5_config_binding *
+KRB5_LIB_FUNCTION const krb5_config_binding * KRB5_LIB_CALL
krb5_config_get_list (krb5_context context,
const krb5_config_section *c,
...)
@@ -581,7 +739,7 @@ krb5_config_get_list (krb5_context context,
* @ingroup krb5_support
*/
-const krb5_config_binding *
+KRB5_LIB_FUNCTION const krb5_config_binding * KRB5_LIB_CALL
krb5_config_vget_list (krb5_context context,
const krb5_config_section *c,
va_list args)
@@ -604,7 +762,7 @@ krb5_config_vget_list (krb5_context context,
* @ingroup krb5_support
*/
-const char* KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
krb5_config_get_string (krb5_context context,
const krb5_config_section *c,
...)
@@ -630,7 +788,7 @@ krb5_config_get_string (krb5_context context,
* @ingroup krb5_support
*/
-const char* KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
krb5_config_vget_string (krb5_context context,
const krb5_config_section *c,
va_list args)
@@ -653,7 +811,7 @@ krb5_config_vget_string (krb5_context context,
* @ingroup krb5_support
*/
-const char* KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
krb5_config_vget_string_default (krb5_context context,
const krb5_config_section *c,
const char *def_value,
@@ -682,7 +840,7 @@ krb5_config_vget_string_default (krb5_context context,
* @ingroup krb5_support
*/
-const char* KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
krb5_config_get_string_default (krb5_context context,
const krb5_config_section *c,
const char *def_value,
@@ -710,7 +868,7 @@ krb5_config_get_string_default (krb5_context context,
* @ingroup krb5_support
*/
-char ** KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION char ** KRB5_LIB_CALL
krb5_config_vget_strings(krb5_context context,
const krb5_config_section *c,
va_list args)
@@ -770,7 +928,7 @@ cleanup:
* @ingroup krb5_support
*/
-char**
+KRB5_LIB_FUNCTION char** KRB5_LIB_CALL
krb5_config_get_strings(krb5_context context,
const krb5_config_section *c,
...)
@@ -792,7 +950,7 @@ krb5_config_get_strings(krb5_context context,
* @ingroup krb5_support
*/
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_config_free_strings(char **strings)
{
char **s = strings;
@@ -821,7 +979,7 @@ krb5_config_free_strings(char **strings)
* @ingroup krb5_support
*/
-krb5_boolean KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_config_vget_bool_default (krb5_context context,
const krb5_config_section *c,
krb5_boolean def_value,
@@ -851,7 +1009,7 @@ krb5_config_vget_bool_default (krb5_context context,
* @ingroup krb5_support
*/
-krb5_boolean KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_config_vget_bool (krb5_context context,
const krb5_config_section *c,
va_list args)
@@ -875,7 +1033,7 @@ krb5_config_vget_bool (krb5_context context,
* @ingroup krb5_support
*/
-krb5_boolean KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_config_get_bool_default (krb5_context context,
const krb5_config_section *c,
krb5_boolean def_value,
@@ -905,7 +1063,7 @@ krb5_config_get_bool_default (krb5_context context,
* @ingroup krb5_support
*/
-krb5_boolean KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_config_get_bool (krb5_context context,
const krb5_config_section *c,
...)
@@ -935,7 +1093,7 @@ krb5_config_get_bool (krb5_context context,
* @ingroup krb5_support
*/
-int KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION int KRB5_LIB_CALL
krb5_config_vget_time_default (krb5_context context,
const krb5_config_section *c,
int def_value,
@@ -964,10 +1122,10 @@ krb5_config_vget_time_default (krb5_context context,
* @ingroup krb5_support
*/
-int KRB5_LIB_FUNCTION
-krb5_config_vget_time(krb5_context context,
- const krb5_config_section *c,
- va_list args)
+KRB5_LIB_FUNCTION int KRB5_LIB_CALL
+krb5_config_vget_time (krb5_context context,
+ const krb5_config_section *c,
+ va_list args)
{
return krb5_config_vget_time_default (context, c, -1, args);
}
@@ -986,7 +1144,7 @@ krb5_config_vget_time(krb5_context context,
* @ingroup krb5_support
*/
-int KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION int KRB5_LIB_CALL
krb5_config_get_time_default (krb5_context context,
const krb5_config_section *c,
int def_value,
@@ -1012,7 +1170,7 @@ krb5_config_get_time_default (krb5_context context,
* @ingroup krb5_support
*/
-int KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION int KRB5_LIB_CALL
krb5_config_get_time (krb5_context context,
const krb5_config_section *c,
...)
@@ -1026,7 +1184,7 @@ krb5_config_get_time (krb5_context context,
}
-int KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION int KRB5_LIB_CALL
krb5_config_vget_int_default (krb5_context context,
const krb5_config_section *c,
int def_value,
@@ -1047,7 +1205,7 @@ krb5_config_vget_int_default (krb5_context context,
}
}
-int KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION int KRB5_LIB_CALL
krb5_config_vget_int (krb5_context context,
const krb5_config_section *c,
va_list args)
@@ -1055,7 +1213,7 @@ krb5_config_vget_int (krb5_context context,
return krb5_config_vget_int_default (context, c, -1, args);
}
-int KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION int KRB5_LIB_CALL
krb5_config_get_int_default (krb5_context context,
const krb5_config_section *c,
int def_value,
@@ -1069,7 +1227,7 @@ krb5_config_get_int_default (krb5_context context,
return ret;
}
-int KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION int KRB5_LIB_CALL
krb5_config_get_int (krb5_context context,
const krb5_config_section *c,
...)
@@ -1085,10 +1243,17 @@ krb5_config_get_int (krb5_context context,
#ifndef HEIMDAL_SMALLER
+/**
+ * Deprecated: configuration files are not strings
+ *
+ * @ingroup krb5_deprecated
+ */
+
+KRB5_DEPRECATED
krb5_error_code KRB5_LIB_FUNCTION
krb5_config_parse_string_multi(krb5_context context,
const char *string,
- krb5_config_section **res) KRB5_DEPRECATED
+ krb5_config_section **res)
{
const char *str;
unsigned lineno = 0;
diff --git a/source4/heimdal/lib/krb5/constants.c b/source4/heimdal/lib/krb5/constants.c
index a3b3d09f41..b85f0cf607 100644
--- a/source4/heimdal/lib/krb5/constants.c
+++ b/source4/heimdal/lib/krb5/constants.c
@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -35,10 +37,17 @@
KRB5_LIB_VARIABLE const char *krb5_config_file =
#ifdef __APPLE__
+"~/Library/Preferences/com.apple.Kerberos.plist:"
+"/Library/Preferences/com.apple.Kerberos.plist:"
"~/Library/Preferences/edu.mit.Kerberos:"
"/Library/Preferences/edu.mit.Kerberos:"
+#endif /* __APPLE__ */
+SYSCONFDIR "/krb5.conf"
+#ifndef _WIN32
+":/etc/krb5.conf"
#endif
-SYSCONFDIR "/krb5.conf:/etc/krb5.conf";
+;
+
KRB5_LIB_VARIABLE const char *krb5_defkeyname = KEYTAB_DEFAULT;
KRB5_LIB_VARIABLE const char *krb5_cc_type_api = "API";
diff --git a/source4/heimdal/lib/krb5/context.c b/source4/heimdal/lib/krb5/context.c
index 12fc676010..dff7a700c4 100644
--- a/source4/heimdal/lib/krb5/context.c
+++ b/source4/heimdal/lib/krb5/context.c
@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -223,17 +225,50 @@ cc_ops_register(krb5_context context)
context->cc_ops = NULL;
context->num_cc_ops = 0;
+#ifndef KCM_IS_API_CACHE
krb5_cc_register(context, &krb5_acc_ops, TRUE);
+#endif
krb5_cc_register(context, &krb5_fcc_ops, TRUE);
krb5_cc_register(context, &krb5_mcc_ops, TRUE);
+#ifdef HAVE_SCC
krb5_cc_register(context, &krb5_scc_ops, TRUE);
+#endif
#ifdef HAVE_KCM
+#ifdef KCM_IS_API_CACHE
+ krb5_cc_register(context, &krb5_akcm_ops, TRUE);
+#endif
krb5_cc_register(context, &krb5_kcm_ops, TRUE);
#endif
return 0;
}
static krb5_error_code
+cc_ops_copy(krb5_context context, const krb5_context src_context)
+{
+ const krb5_cc_ops **cc_ops;
+
+ context->cc_ops = NULL;
+ context->num_cc_ops = 0;
+
+ if (src_context->num_cc_ops == 0)
+ return 0;
+
+ cc_ops = malloc(sizeof(cc_ops[0]) * src_context->num_cc_ops);
+ if (cc_ops == NULL) {
+ krb5_set_error_message(context, KRB5_CC_NOMEM,
+ N_("malloc: out of memory", ""));
+ return KRB5_CC_NOMEM;
+ }
+
+ memcpy(cc_ops, src_context->cc_ops,
+ sizeof(cc_ops[0]) * src_context->num_cc_ops);
+ context->cc_ops = cc_ops;
+ context->num_cc_ops = src_context->num_cc_ops;
+
+ return 0;
+}
+
+static krb5_error_code
kt_ops_register(krb5_context context)
{
context->num_kt_types = 0;
@@ -250,6 +285,28 @@ kt_ops_register(krb5_context context)
return 0;
}
+static krb5_error_code
+kt_ops_copy(krb5_context context, const krb5_context src_context)
+{
+ context->num_kt_types = 0;
+ context->kt_types = NULL;
+
+ if (src_context->num_kt_types == 0)
+ return 0;
+
+ context->kt_types = malloc(sizeof(context->kt_types[0]) * src_context->num_kt_types);
+ if (context->kt_types == NULL) {
+ krb5_set_error_message(context, ENOMEM,
+ N_("malloc: out of memory", ""));
+ return ENOMEM;
+ }
+
+ context->num_kt_types = src_context->num_kt_types;
+ memcpy(context->kt_types, src_context->kt_types,
+ sizeof(context->kt_types[0]) * src_context->num_kt_types);
+
+ return 0;
+}
/**
* Initializes the context structure and reads the configuration file
@@ -266,7 +323,7 @@ kt_ops_register(krb5_context context)
* @ingroup krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_init_context(krb5_context *context)
{
krb5_context p;
@@ -309,6 +366,8 @@ krb5_init_context(krb5_context *context)
if (ret)
goto out;
#endif
+ if (rk_SOCK_INIT())
+ p->flags |= KRB5_CTX_F_SOCKETS_INITIALIZED;
out:
if(ret) {
@@ -359,7 +418,7 @@ copy_etypes (krb5_context context,
* @ingroup krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_copy_context(krb5_context context, krb5_context *out)
{
krb5_error_code ret;
@@ -411,8 +470,9 @@ krb5_copy_context(krb5_context context, krb5_context *out)
/* XXX should copy */
krb5_init_ets(p);
- cc_ops_register(p);
- kt_ops_register(p);
+
+ cc_ops_copy(p, context);
+ kt_ops_copy(p, context);
#if 0 /* XXX */
if(context->warn_dest != NULL)
@@ -451,7 +511,7 @@ krb5_copy_context(krb5_context context, krb5_context *out)
* @ingroup krb5
*/
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_free_context(krb5_context context)
{
if (context->default_cc_name)
@@ -480,6 +540,9 @@ krb5_free_context(krb5_context context)
HEIMDAL_MUTEX_destroy(context->mutex);
free(context->mutex);
+ if (context->flags & KRB5_CTX_F_SOCKETS_INITIALIZED) {
+ rk_SOCK_EXIT();
+ }
memset(context, 0, sizeof(*context));
free(context);
@@ -497,14 +560,14 @@ krb5_free_context(krb5_context context)
* @ingroup krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_set_config_files(krb5_context context, char **filenames)
{
krb5_error_code ret;
krb5_config_binding *tmp = NULL;
while(filenames != NULL && *filenames != NULL && **filenames != '\0') {
ret = krb5_config_parse_file_multi(context, *filenames, &tmp);
- if(ret != 0 && ret != ENOENT && ret != EACCES) {
+ if(ret != 0 && ret != ENOENT && ret != EACCES && ret != EPERM) {
krb5_config_file_free(context, tmp);
return ret;
}
@@ -552,7 +615,7 @@ add_file(char ***pfilenames, int *len, char *file)
* `pq' isn't free, it's up the the caller
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_prepend_config_files(const char *filelist, char **pq, char ***ret_pp)
{
krb5_error_code ret;
@@ -617,7 +680,7 @@ krb5_prepend_config_files(const char *filelist, char **pq, char ***ret_pp)
* @ingroup krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_prepend_config_files_default(const char *filelist, char ***pfilenames)
{
krb5_error_code ret;
@@ -647,7 +710,7 @@ krb5_prepend_config_files_default(const char *filelist, char ***pfilenames)
* @ingroup krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_default_config_files(char ***pfilenames)
{
const char *files = NULL;
@@ -674,7 +737,7 @@ krb5_get_default_config_files(char ***pfilenames)
* @ingroup krb5
*/
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_free_config_files(char **filenames)
{
char **p;
@@ -696,7 +759,7 @@ krb5_free_config_files(char **filenames)
* @ingroup krb5
*/
-const krb5_enctype * KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION const krb5_enctype * KRB5_LIB_CALL
krb5_kerberos_enctypes(krb5_context context)
{
static const krb5_enctype p[] = {
@@ -757,7 +820,7 @@ default_etypes(krb5_context context, krb5_enctype **etype)
* @ingroup krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_set_default_in_tkt_etypes(krb5_context context,
const krb5_enctype *etypes)
{
@@ -799,7 +862,7 @@ krb5_set_default_in_tkt_etypes(krb5_context context,
* @ingroup krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_default_in_tkt_etypes(krb5_context context,
krb5_enctype **etypes)
{
@@ -833,7 +896,7 @@ krb5_get_default_in_tkt_etypes(krb5_context context,
* @ingroup krb5
*/
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_init_ets(krb5_context context)
{
if(context->et_list == NULL){
@@ -868,7 +931,7 @@ krb5_init_ets(krb5_context context)
* @ingroup krb5
*/
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_set_use_admin_kdc (krb5_context context, krb5_boolean flag)
{
context->use_admin_kdc = flag;
@@ -884,7 +947,7 @@ krb5_set_use_admin_kdc (krb5_context context, krb5_boolean flag)
* @ingroup krb5
*/
-krb5_boolean KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_get_use_admin_kdc (krb5_context context)
{
return context->use_admin_kdc;
@@ -903,7 +966,7 @@ krb5_get_use_admin_kdc (krb5_context context)
* @ingroup krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_add_extra_addresses(krb5_context context, krb5_addresses *addresses)
{
@@ -927,7 +990,7 @@ krb5_add_extra_addresses(krb5_context context, krb5_addresses *addresses)
* @ingroup krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_set_extra_addresses(krb5_context context, const krb5_addresses *addresses)
{
if(context->extra_addresses)
@@ -963,7 +1026,7 @@ krb5_set_extra_addresses(krb5_context context, const krb5_addresses *addresses)
* @ingroup krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_extra_addresses(krb5_context context, krb5_addresses *addresses)
{
if(context->extra_addresses == NULL) {
@@ -986,7 +1049,7 @@ krb5_get_extra_addresses(krb5_context context, krb5_addresses *addresses)
* @ingroup krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_add_ignore_addresses(krb5_context context, krb5_addresses *addresses)
{
@@ -1010,7 +1073,7 @@ krb5_add_ignore_addresses(krb5_context context, krb5_addresses *addresses)
* @ingroup krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_set_ignore_addresses(krb5_context context, const krb5_addresses *addresses)
{
if(context->ignore_addresses)
@@ -1045,7 +1108,7 @@ krb5_set_ignore_addresses(krb5_context context, const krb5_addresses *addresses)
* @ingroup krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_ignore_addresses(krb5_context context, krb5_addresses *addresses)
{
if(context->ignore_addresses == NULL) {
@@ -1067,7 +1130,7 @@ krb5_get_ignore_addresses(krb5_context context, krb5_addresses *addresses)
* @ingroup krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_set_fcache_version(krb5_context context, int version)
{
context->fcache_vno = version;
@@ -1086,7 +1149,7 @@ krb5_set_fcache_version(krb5_context context, int version)
* @ingroup krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_fcache_version(krb5_context context, int *version)
{
*version = context->fcache_vno;
@@ -1102,7 +1165,7 @@ krb5_get_fcache_version(krb5_context context, int *version)
*/
-krb5_boolean KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_is_thread_safe(void)
{
#ifdef ENABLE_PTHREAD_SUPPORT
@@ -1121,7 +1184,7 @@ krb5_is_thread_safe(void)
* @ingroup krb5
*/
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_set_dns_canonicalize_hostname (krb5_context context, krb5_boolean flag)
{
if (flag)
@@ -1140,7 +1203,7 @@ krb5_set_dns_canonicalize_hostname (krb5_context context, krb5_boolean flag)
* @ingroup krb5
*/
-krb5_boolean KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_get_dns_canonicalize_hostname (krb5_context context)
{
return (context->flags & KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME) ? 1 : 0;
@@ -1158,7 +1221,7 @@ krb5_get_dns_canonicalize_hostname (krb5_context context)
* @ingroup krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_kdc_sec_offset (krb5_context context, int32_t *sec, int32_t *usec)
{
if (sec)
@@ -1180,7 +1243,7 @@ krb5_get_kdc_sec_offset (krb5_context context, int32_t *sec, int32_t *usec)
* @ingroup krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_set_kdc_sec_offset (krb5_context context, int32_t sec, int32_t usec)
{
context->kdc_sec_offset = sec;
@@ -1199,7 +1262,7 @@ krb5_set_kdc_sec_offset (krb5_context context, int32_t sec, int32_t usec)
* @ingroup krb5
*/
-time_t KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION time_t KRB5_LIB_CALL
krb5_get_max_time_skew (krb5_context context)
{
return context->max_skew;
@@ -1214,7 +1277,7 @@ krb5_get_max_time_skew (krb5_context context)
* @ingroup krb5
*/
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_set_max_time_skew (krb5_context context, time_t t)
{
context->max_skew = t;
@@ -1234,7 +1297,7 @@ krb5_set_max_time_skew (krb5_context context, time_t t)
* @ingroup krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_init_etype (krb5_context context,
unsigned *len,
krb5_enctype **val,
@@ -1282,9 +1345,11 @@ _krb5_homedir_access(krb5_context context)
{
krb5_boolean allow;
+#ifdef HAVE_GETEUID
/* is never allowed for root */
if (geteuid() == 0)
return FALSE;
+#endif
if (context && (context->flags & KRB5_CTX_F_HOMEDIR_ACCESS) == 0)
return FALSE;
diff --git a/source4/heimdal/lib/krb5/convert_creds.c b/source4/heimdal/lib/krb5/convert_creds.c
index 35454bf983..aff843e785 100644
--- a/source4/heimdal/lib/krb5/convert_creds.c
+++ b/source4/heimdal/lib/krb5/convert_creds.c
@@ -58,7 +58,7 @@ check_ticket_flags(TicketFlags f)
* @ingroup krb5_v4compat
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb524_convert_creds_kdc(krb5_context context,
krb5_creds *in_cred,
struct credentials *v4creds)
@@ -132,10 +132,9 @@ krb524_convert_creds_kdc(krb5_context context,
goto out;
memcpy(v4creds->session, v5_creds->session.keyvalue.data, 8);
} else {
- krb5_set_error_message (context, ret,
- N_("converting credentials: %s",
- "already localized"),
- krb5_get_err_text(context, ret));
+ krb5_prepend_error_message(context, ret,
+ N_("converting credentials",
+ "already localized"));
}
out:
krb5_storage_free(sp);
@@ -161,7 +160,7 @@ out2:
* @ingroup krb5_v4compat
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb524_convert_creds_kdc_ccache(krb5_context context,
krb5_ccache ccache,
krb5_creds *in_cred,
diff --git a/source4/heimdal/lib/krb5/copy_host_realm.c b/source4/heimdal/lib/krb5/copy_host_realm.c
index 7f19ddd3de..73bc117f12 100644
--- a/source4/heimdal/lib/krb5/copy_host_realm.c
+++ b/source4/heimdal/lib/krb5/copy_host_realm.c
@@ -46,7 +46,7 @@
* @ingroup krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_copy_host_realm(krb5_context context,
const krb5_realm *from,
krb5_realm **to)
diff --git a/source4/heimdal/lib/krb5/creds.c b/source4/heimdal/lib/krb5/creds.c
index 6cc2714172..fd277148d5 100644
--- a/source4/heimdal/lib/krb5/creds.c
+++ b/source4/heimdal/lib/krb5/creds.c
@@ -45,7 +45,7 @@
* @ingroup krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_free_cred_contents (krb5_context context, krb5_creds *c)
{
krb5_free_principal (context, c->client);
@@ -74,7 +74,7 @@ krb5_free_cred_contents (krb5_context context, krb5_creds *c)
* @ingroup krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_copy_creds_contents (krb5_context context,
const krb5_creds *incred,
krb5_creds *c)
@@ -131,7 +131,7 @@ fail:
* @ingroup krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_copy_creds (krb5_context context,
const krb5_creds *incred,
krb5_creds **outcred)
@@ -161,7 +161,7 @@ krb5_copy_creds (krb5_context context,
* @ingroup krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_free_creds (krb5_context context, krb5_creds *c)
{
krb5_free_cred_contents (context, c);
@@ -205,7 +205,7 @@ krb5_times_equal(const krb5_times *a, const krb5_times *b)
* @ingroup krb5
*/
-krb5_boolean KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_compare_creds(krb5_context context, krb5_flags whichfields,
const krb5_creds * mcreds, const krb5_creds * creds)
{
diff --git a/source4/heimdal/lib/krb5/crypto.c b/source4/heimdal/lib/krb5/crypto.c
index 745c856810..5906d43f5f 100644
--- a/source4/heimdal/lib/krb5/crypto.c
+++ b/source4/heimdal/lib/krb5/crypto.c
@@ -874,7 +874,7 @@ static struct key_type keytype_arcfour = {
EVP_rc4
};
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_salttype_to_string (krb5_context context,
krb5_enctype etype,
krb5_salttype stype,
@@ -906,7 +906,7 @@ krb5_salttype_to_string (krb5_context context,
return HEIM_ERR_SALTTYPE_NOSUPP;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_string_to_salttype (krb5_context context,
krb5_enctype etype,
const char *string,
@@ -933,7 +933,7 @@ krb5_string_to_salttype (krb5_context context,
return HEIM_ERR_SALTTYPE_NOSUPP;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_pw_salt(krb5_context context,
krb5_const_principal principal,
krb5_salt *salt)
@@ -962,7 +962,7 @@ krb5_get_pw_salt(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_free_salt(krb5_context context,
krb5_salt salt)
{
@@ -970,7 +970,7 @@ krb5_free_salt(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_string_to_key_data (krb5_context context,
krb5_enctype enctype,
krb5_data password,
@@ -988,7 +988,7 @@ krb5_string_to_key_data (krb5_context context,
return ret;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_string_to_key (krb5_context context,
krb5_enctype enctype,
const char *password,
@@ -1001,7 +1001,7 @@ krb5_string_to_key (krb5_context context,
return krb5_string_to_key_data(context, enctype, pw, principal, key);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_string_to_key_data_salt (krb5_context context,
krb5_enctype enctype,
krb5_data password,
@@ -1020,7 +1020,7 @@ krb5_string_to_key_data_salt (krb5_context context,
* `opaque'), returning the resulting key in `key'
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_string_to_key_data_salt_opaque (krb5_context context,
krb5_enctype enctype,
krb5_data password,
@@ -1052,7 +1052,7 @@ krb5_string_to_key_data_salt_opaque (krb5_context context,
* in `key'
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_string_to_key_salt (krb5_context context,
krb5_enctype enctype,
const char *password,
@@ -1065,7 +1065,7 @@ krb5_string_to_key_salt (krb5_context context,
return krb5_string_to_key_data_salt(context, enctype, pw, salt, key);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_string_to_key_salt_opaque (krb5_context context,
krb5_enctype enctype,
const char *password,
@@ -1080,7 +1080,7 @@ krb5_string_to_key_salt_opaque (krb5_context context,
pw, salt, opaque, key);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_enctype_keysize(krb5_context context,
krb5_enctype type,
size_t *keysize)
@@ -1096,7 +1096,7 @@ krb5_enctype_keysize(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_enctype_keybits(krb5_context context,
krb5_enctype type,
size_t *keybits)
@@ -1112,7 +1112,7 @@ krb5_enctype_keybits(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_generate_random_keyblock(krb5_context context,
krb5_enctype type,
krb5_keyblock *key)
@@ -1439,7 +1439,7 @@ hmac(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_hmac(krb5_context context,
krb5_cksumtype cktype,
const void *data,
@@ -1785,7 +1785,7 @@ arcfour_checksum_p(struct checksum_type *ct, krb5_crypto crypto)
(crypto->key.key->keytype == KEYTYPE_ARCFOUR);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_create_checksum(krb5_context context,
krb5_crypto crypto,
krb5_key_usage usage,
@@ -1897,7 +1897,7 @@ verify_checksum(krb5_context context,
return ret;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_verify_checksum(krb5_context context,
krb5_crypto crypto,
krb5_key_usage usage,
@@ -1926,7 +1926,7 @@ krb5_verify_checksum(krb5_context context,
data, len, cksum);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_crypto_get_checksum_type(krb5_context context,
krb5_crypto crypto,
krb5_cksumtype *type)
@@ -1951,7 +1951,7 @@ krb5_crypto_get_checksum_type(krb5_context context,
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_checksumsize(krb5_context context,
krb5_cksumtype type,
size_t *size)
@@ -1967,7 +1967,7 @@ krb5_checksumsize(krb5_context context,
return 0;
}
-krb5_boolean KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_checksum_is_keyed(krb5_context context,
krb5_cksumtype type)
{
@@ -1982,7 +1982,7 @@ krb5_checksum_is_keyed(krb5_context context,
return ct->flags & F_KEYED;
}
-krb5_boolean KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_checksum_is_collision_proof(krb5_context context,
krb5_cksumtype type)
{
@@ -1997,7 +1997,7 @@ krb5_checksum_is_collision_proof(krb5_context context,
return ct->flags & F_CPROOF;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_checksum_disable(krb5_context context,
krb5_cksumtype type)
{
@@ -2724,7 +2724,7 @@ _find_enctype(krb5_enctype type)
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_enctype_to_string(krb5_context context,
krb5_enctype etype,
char **string)
@@ -2746,7 +2746,7 @@ krb5_enctype_to_string(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_string_to_enctype(krb5_context context,
const char *string,
krb5_enctype *etype)
@@ -2763,7 +2763,7 @@ krb5_string_to_enctype(krb5_context context,
return KRB5_PROG_ETYPE_NOSUPP;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_enctype_to_keytype(krb5_context context,
krb5_enctype etype,
krb5_keytype *keytype)
@@ -2779,7 +2779,7 @@ krb5_enctype_to_keytype(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_enctype_valid(krb5_context context,
krb5_enctype etype)
{
@@ -2812,7 +2812,7 @@ krb5_enctype_valid(krb5_context context,
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cksumtype_to_enctype(krb5_context context,
krb5_cksumtype ctype,
krb5_enctype *etype)
@@ -2837,7 +2837,7 @@ krb5_cksumtype_to_enctype(krb5_context context,
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cksumtype_valid(krb5_context context,
krb5_cksumtype ctype)
{
@@ -3265,7 +3265,7 @@ find_iv(krb5_crypto_iov *data, int num_data, int type)
* 4. KRB5_CRYPTO_TYPE_TRAILER
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_encrypt_iov_ivec(krb5_context context,
krb5_crypto crypto,
unsigned usage,
@@ -3458,7 +3458,7 @@ krb5_encrypt_iov_ivec(krb5_context context,
* size as the input data or shorter.
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_decrypt_iov_ivec(krb5_context context,
krb5_crypto crypto,
unsigned usage,
@@ -3606,7 +3606,7 @@ krb5_decrypt_iov_ivec(krb5_context context,
* @ingroup krb5_crypto
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_create_checksum_iov(krb5_context context,
krb5_crypto crypto,
unsigned usage,
@@ -3689,7 +3689,7 @@ krb5_create_checksum_iov(krb5_context context,
* @ingroup krb5_crypto
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_verify_checksum_iov(krb5_context context,
krb5_crypto crypto,
unsigned usage,
@@ -3751,7 +3751,7 @@ krb5_verify_checksum_iov(krb5_context context,
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_crypto_length(krb5_context context,
krb5_crypto crypto,
int type,
@@ -3795,7 +3795,7 @@ krb5_crypto_length(krb5_context context,
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_crypto_length_iov(krb5_context context,
krb5_crypto crypto,
krb5_crypto_iov *data,
@@ -3815,7 +3815,7 @@ krb5_crypto_length_iov(krb5_context context,
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_encrypt_ivec(krb5_context context,
krb5_crypto crypto,
unsigned usage,
@@ -3834,7 +3834,7 @@ krb5_encrypt_ivec(krb5_context context,
return encrypt_internal(context, crypto, data, len, result, ivec);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_encrypt(krb5_context context,
krb5_crypto crypto,
unsigned usage,
@@ -3845,7 +3845,7 @@ krb5_encrypt(krb5_context context,
return krb5_encrypt_ivec(context, crypto, usage, data, len, result, NULL);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_encrypt_EncryptedData(krb5_context context,
krb5_crypto crypto,
unsigned usage,
@@ -3863,7 +3863,7 @@ krb5_encrypt_EncryptedData(krb5_context context,
return krb5_encrypt(context, crypto, usage, data, len, &result->cipher);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_decrypt_ivec(krb5_context context,
krb5_crypto crypto,
unsigned usage,
@@ -3882,7 +3882,7 @@ krb5_decrypt_ivec(krb5_context context,
return decrypt_internal(context, crypto, data, len, result, ivec);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_decrypt(krb5_context context,
krb5_crypto crypto,
unsigned usage,
@@ -3894,7 +3894,7 @@ krb5_decrypt(krb5_context context,
NULL);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_decrypt_EncryptedData(krb5_context context,
krb5_crypto crypto,
unsigned usage,
@@ -3936,6 +3936,7 @@ seed_something(void)
/* Calling RAND_status() will try to use /dev/urandom if it exists so
we do not have to deal with it. */
if (RAND_status() != 1) {
+#ifndef _WIN32
krb5_context context;
const char *p;
@@ -3947,6 +3948,10 @@ seed_something(void)
RAND_egd_bytes(p, ENTROPY_NEEDED);
krb5_free_context(context);
}
+#else
+ /* TODO: Once a Windows CryptoAPI RAND method is defined, we
+ can use that and failover to another method. */
+#endif
}
if (RAND_status() == 1) {
@@ -3959,7 +3964,7 @@ seed_something(void)
return -1;
}
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_generate_random_block(void *buf, size_t len)
{
static int rng_initialized = 0;
@@ -4083,7 +4088,7 @@ _new_derived_key(krb5_crypto crypto, unsigned usage)
return &d->key;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_derive_key(krb5_context context,
const krb5_keyblock *key,
krb5_enctype etype,
@@ -4162,7 +4167,7 @@ _get_derived_key(krb5_context context,
* @ingroup krb5_crypto
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_crypto_init(krb5_context context,
const krb5_keyblock *key,
krb5_enctype etype,
@@ -4244,7 +4249,7 @@ free_key_usage(krb5_context context, struct key_usage *ku,
* @ingroup krb5_crypto
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_crypto_destroy(krb5_context context,
krb5_crypto crypto)
{
@@ -4270,7 +4275,7 @@ krb5_crypto_destroy(krb5_context context,
* @ingroup krb5_crypto
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_crypto_getblocksize(krb5_context context,
krb5_crypto crypto,
size_t *blocksize)
@@ -4291,7 +4296,7 @@ krb5_crypto_getblocksize(krb5_context context,
* @ingroup krb5_crypto
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_crypto_getenctype(krb5_context context,
krb5_crypto crypto,
krb5_enctype *enctype)
@@ -4312,7 +4317,7 @@ krb5_crypto_getenctype(krb5_context context,
* @ingroup krb5_crypto
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_crypto_getpadsize(krb5_context context,
krb5_crypto crypto,
size_t *padsize)
@@ -4333,7 +4338,7 @@ krb5_crypto_getpadsize(krb5_context context,
* @ingroup krb5_crypto
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_crypto_getconfoundersize(krb5_context context,
krb5_crypto crypto,
size_t *confoundersize)
@@ -4354,7 +4359,7 @@ krb5_crypto_getconfoundersize(krb5_context context,
* @ingroup krb5_crypto
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_enctype_disable(krb5_context context,
krb5_enctype enctype)
{
@@ -4381,7 +4386,7 @@ krb5_enctype_disable(krb5_context context,
* @ingroup krb5_crypto
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_enctype_enable(krb5_context context,
krb5_enctype enctype)
{
@@ -4398,7 +4403,7 @@ krb5_enctype_enable(krb5_context context,
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_string_to_key_derived(krb5_context context,
const void *str,
size_t len,
@@ -4570,7 +4575,7 @@ krb5_crypto_overhead (krb5_context context, krb5_crypto crypto)
* @ingroup krb5_crypto
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_random_to_key(krb5_context context,
krb5_enctype type,
const void *data,
@@ -4862,7 +4867,7 @@ _krb5_pk_kdf(krb5_context context,
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_crypto_prf_length(krb5_context context,
krb5_enctype type,
size_t *length)
@@ -4880,7 +4885,7 @@ krb5_crypto_prf_length(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_crypto_prf(krb5_context context,
const krb5_crypto crypto,
const krb5_data *input,
@@ -4971,7 +4976,7 @@ krb5_crypto_prfplus(krb5_context context,
* @ingroup krb5_crypto
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_crypto_fx_cf2(krb5_context context,
const krb5_crypto crypto1,
const krb5_crypto crypto2,
@@ -5019,12 +5024,18 @@ krb5_crypto_fx_cf2(krb5_context context,
#ifndef HEIMDAL_SMALLER
-krb5_error_code KRB5_LIB_FUNCTION
+/**
+ * Deprecated: keytypes doesn't exists, they are really enctypes.
+ *
+ * @ingroup krb5_deprecated
+ */
+
+KRB5_DEPRECATED
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_keytype_to_enctypes (krb5_context context,
krb5_keytype keytype,
unsigned *len,
krb5_enctype **val)
- KRB5_DEPRECATED
{
int i;
unsigned n = 0;
@@ -5059,12 +5070,18 @@ krb5_keytype_to_enctypes (krb5_context context,
return 0;
}
+/**
+ * Deprecated: keytypes doesn't exists, they are really enctypes.
+ *
+ * @ingroup krb5_deprecated
+ */
+
/* if two enctypes have compatible keys */
-krb5_boolean KRB5_LIB_FUNCTION
+KRB5_DEPRECATED
+KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_enctypes_compatible_keys(krb5_context context,
krb5_enctype etype1,
krb5_enctype etype2)
- KRB5_DEPRECATED
{
struct encryption_type *e1 = _find_enctype(etype1);
struct encryption_type *e2 = _find_enctype(etype2);
diff --git a/source4/heimdal/lib/krb5/data.c b/source4/heimdal/lib/krb5/data.c
index 993d6058bf..838135ffad 100644
--- a/source4/heimdal/lib/krb5/data.c
+++ b/source4/heimdal/lib/krb5/data.c
@@ -41,7 +41,7 @@
* @ingroup krb5
*/
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_data_zero(krb5_data *p)
{
p->length = 0;
@@ -59,7 +59,7 @@ krb5_data_zero(krb5_data *p)
* @ingroup krb5
*/
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_data_free(krb5_data *p)
{
if(p->data != NULL)
@@ -76,7 +76,7 @@ krb5_data_free(krb5_data *p)
* @ingroup krb5
*/
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_free_data(krb5_context context,
krb5_data *p)
{
@@ -96,7 +96,7 @@ krb5_free_data(krb5_context context,
* @ingroup krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_data_alloc(krb5_data *p, int len)
{
p->data = malloc(len);
@@ -118,7 +118,7 @@ krb5_data_alloc(krb5_data *p, int len)
* @ingroup krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_data_realloc(krb5_data *p, int len)
{
void *tmp;
@@ -143,7 +143,7 @@ krb5_data_realloc(krb5_data *p, int len)
* @ingroup krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_data_copy(krb5_data *p, const void *data, size_t len)
{
if (len) {
@@ -169,7 +169,7 @@ krb5_data_copy(krb5_data *p, const void *data, size_t len)
* @ingroup krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_copy_data(krb5_context context,
const krb5_data *indata,
krb5_data **outdata)
@@ -200,7 +200,7 @@ krb5_copy_data(krb5_context context,
* @ingroup krb5
*/
-int KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION int KRB5_LIB_CALL
krb5_data_cmp(const krb5_data *data1, const krb5_data *data2)
{
if (data1->length != data2->length)
diff --git a/source4/heimdal/lib/krb5/eai_to_heim_errno.c b/source4/heimdal/lib/krb5/eai_to_heim_errno.c
index 499150f469..ef11e370f4 100644
--- a/source4/heimdal/lib/krb5/eai_to_heim_errno.c
+++ b/source4/heimdal/lib/krb5/eai_to_heim_errno.c
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
-#include <krb5_locl.h>
+#include "krb5_locl.h"
/**
* Convert the getaddrinfo() error code to a Kerberos et error code.
@@ -44,7 +44,7 @@
* @ingroup krb5_error
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_eai_to_heim_errno(int eai_errno, int system_error)
{
switch(eai_errno) {
@@ -74,8 +74,10 @@ krb5_eai_to_heim_errno(int eai_errno, int system_error)
return HEIM_EAI_SERVICE;
case EAI_SOCKTYPE:
return HEIM_EAI_SOCKTYPE;
+#ifdef EAI_SYSTEM
case EAI_SYSTEM:
return system_error;
+#endif
default:
return HEIM_EAI_UNKNOWN; /* XXX */
}
@@ -92,7 +94,7 @@ krb5_eai_to_heim_errno(int eai_errno, int system_error)
* @ingroup krb5_error
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_h_errno_to_heim_errno(int eai_errno)
{
switch(eai_errno) {
diff --git a/source4/heimdal/lib/krb5/error_string.c b/source4/heimdal/lib/krb5/error_string.c
index d2661dcaf5..adab6f5e84 100644
--- a/source4/heimdal/lib/krb5/error_string.c
+++ b/source4/heimdal/lib/krb5/error_string.c
@@ -44,7 +44,7 @@
* @ingroup krb5_error
*/
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_clear_error_message(krb5_context context)
{
HEIMDAL_MUTEX_lock(context->mutex);
@@ -67,7 +67,7 @@ krb5_clear_error_message(krb5_context context)
* @ingroup krb5_error
*/
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_set_error_message(krb5_context context, krb5_error_code ret,
const char *fmt, ...)
__attribute__ ((format (printf, 3, 4)))
@@ -91,7 +91,7 @@ krb5_set_error_message(krb5_context context, krb5_error_code ret,
*/
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_vset_error_message (krb5_context context, krb5_error_code ret,
const char *fmt, va_list args)
__attribute__ ((format (printf, 3, 0)))
@@ -124,7 +124,7 @@ krb5_prepend_error_message(krb5_context context, krb5_error_code ret,
va_list ap;
va_start(ap, fmt);
- krb5_vset_error_message (context, ret, fmt, ap);
+ krb5_vprepend_error_message(context, ret, fmt, ap);
va_end(ap);
}
@@ -140,8 +140,8 @@ krb5_prepend_error_message(krb5_context context, krb5_error_code ret,
*/
void KRB5_LIB_FUNCTION
-krb5_vprepend_error_message (krb5_context context, krb5_error_code ret,
- const char *fmt, va_list args)
+krb5_vprepend_error_message(krb5_context context, krb5_error_code ret,
+ const char *fmt, va_list args)
__attribute__ ((format (printf, 3, 0)))
{
char *str, *str2;
@@ -179,7 +179,7 @@ krb5_vprepend_error_message (krb5_context context, krb5_error_code ret,
* @ingroup krb5_error
*/
-char * KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION char * KRB5_LIB_CALL
krb5_get_error_string(krb5_context context)
{
char *ret = NULL;
@@ -191,7 +191,7 @@ krb5_get_error_string(krb5_context context)
return ret;
}
-krb5_boolean KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_have_error_string(krb5_context context)
{
char *str;
@@ -214,7 +214,7 @@ krb5_have_error_string(krb5_context context)
* @ingroup krb5_error
*/
-const char * KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL
krb5_get_error_message(krb5_context context, krb5_error_code code)
{
char *str;
@@ -258,7 +258,7 @@ krb5_get_error_message(krb5_context context, krb5_error_code code)
* @ingroup krb5_error
*/
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_free_error_message(krb5_context context, const char *msg)
{
free(rk_UNCONST(msg));
@@ -279,8 +279,9 @@ krb5_free_error_message(krb5_context context, const char *msg)
* @ingroup krb5
*/
-const char* KRB5_LIB_FUNCTION
-krb5_get_err_text(krb5_context context, krb5_error_code code) KRB5_DEPRECATED
+KRB5_DEPRECATED
+KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
+krb5_get_err_text(krb5_context context, krb5_error_code code)
{
const char *p = NULL;
if(context != NULL)
diff --git a/source4/heimdal/lib/krb5/expand_hostname.c b/source4/heimdal/lib/krb5/expand_hostname.c
index 67988d0d7b..7b638d5f01 100644
--- a/source4/heimdal/lib/krb5/expand_hostname.c
+++ b/source4/heimdal/lib/krb5/expand_hostname.c
@@ -63,7 +63,7 @@ copy_hostname(krb5_context context,
* @ingroup krb5_support
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_expand_hostname (krb5_context context,
const char *orig_hostname,
char **new_hostname)
@@ -140,7 +140,7 @@ vanilla_hostname (krb5_context context,
* @ingroup krb5_support
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_expand_hostname_realms (krb5_context context,
const char *orig_hostname,
char **new_hostname,
diff --git a/source4/heimdal/lib/krb5/fcache.c b/source4/heimdal/lib/krb5/fcache.c
index bec37b2913..67c4c74444 100644
--- a/source4/heimdal/lib/krb5/fcache.c
+++ b/source4/heimdal/lib/krb5/fcache.c
@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -97,7 +99,7 @@ _krb5_xlock(krb5_context context, int fd, krb5_boolean exclusive,
break;
default: {
char buf[128];
- strerror_r(ret, buf, sizeof(buf));
+ rk_strerror_r(ret, buf, sizeof(buf));
krb5_set_error_message(context, ret,
N_("error locking cache file %s: %s",
"file, error"), filename, buf);
@@ -131,7 +133,7 @@ _krb5_xunlock(krb5_context context, int fd)
break;
default: {
char buf[128];
- strerror_r(ret, buf, sizeof(buf));
+ rk_strerror_r(ret, buf, sizeof(buf));
krb5_set_error_message(context, ret,
N_("Failed to unlock file: %s", ""), buf);
break;
@@ -224,7 +226,11 @@ scrub_file (int fd)
return errno;
pos -= tmp;
}
+#ifdef _MSC_VER
+ _commit (fd);
+#else
fsync (fd);
+#endif
return 0;
}
@@ -318,6 +324,22 @@ fcc_gen_new(krb5_context context, krb5_ccache *id)
N_("malloc: out of memory", ""));
return KRB5_CC_NOMEM;
}
+#ifdef KRB5_USE_PATH_TOKENS
+ {
+ char * exp_file = NULL;
+ krb5_error_code ec;
+
+ ec = _krb5_expand_path_tokens(context, file, &exp_file);
+
+ if (ec == 0) {
+ free(file);
+ file = exp_file;
+ } else {
+ free(file);
+ return ec;
+ }
+ }
+#endif
fd = mkstemp(file);
if(fd < 0) {
int ret = errno;
@@ -374,18 +396,10 @@ fcc_open(krb5_context context,
fd = open(filename, flags, mode);
if(fd < 0) {
char buf[128];
- char *estr;
ret = errno;
- buf[0] = 0;
- estr = (char *)strerror_r(ret, buf, sizeof(buf));
- if (buf[0] != 0) {
- /* we've got the BSD/XSI strerror_r, and it use the
- * buffer. Otherwise we have the GNU strerror_r, and
- * it used a static string. Ain't standards great? */
- estr = buf;
- }
+ rk_strerror_r(ret, buf, sizeof(buf));
krb5_set_error_message(context, ret, N_("open(%s): %s", "file, error"),
- filename, estr);
+ filename, buf);
return ret;
}
rk_cloexec(fd);
@@ -447,7 +461,7 @@ fcc_initialize(krb5_context context,
if (ret == 0) {
char buf[128];
ret = errno;
- strerror_r(ret, buf, sizeof(buf));
+ rk_strerror_r(ret, buf, sizeof(buf));
krb5_set_error_message (context, ret, N_("close %s: %s", ""),
FILENAME(id), buf);
}
@@ -502,7 +516,7 @@ fcc_store_cred(krb5_context context,
if (close(fd) < 0) {
if (ret == 0) {
char buf[128];
- strerror_r(ret, buf, sizeof(buf));
+ rk_strerror_r(ret, buf, sizeof(buf));
ret = errno;
krb5_set_error_message (context, ret, N_("close %s: %s", ""),
FILENAME(id), buf);
@@ -515,13 +529,17 @@ static krb5_error_code
init_fcc (krb5_context context,
krb5_ccache id,
krb5_storage **ret_sp,
- int *ret_fd)
+ int *ret_fd,
+ krb5_deltat *kdc_offset)
{
int fd;
int8_t pvno, tag;
krb5_storage *sp;
krb5_error_code ret;
+ if (kdc_offset)
+ *kdc_offset = 0;
+
ret = fcc_open(context, id, &fd, O_RDONLY | O_BINARY | O_CLOEXEC, 0);
if(ret)
return ret;
@@ -597,8 +615,11 @@ init_fcc (krb5_context context,
goto out;
}
switch (dtag) {
- case FCC_TAG_DELTATIME :
- ret = krb5_ret_int32 (sp, &context->kdc_sec_offset);
+ case FCC_TAG_DELTATIME : {
+ int32_t offset;
+
+ ret = krb5_ret_int32 (sp, &offset);
+ ret |= krb5_ret_int32 (sp, &context->kdc_usec_offset);
if(ret) {
ret = KRB5_CC_FORMAT;
krb5_set_error_message(context, ret,
@@ -607,16 +628,11 @@ init_fcc (krb5_context context,
FILENAME(id));
goto out;
}
- ret = krb5_ret_int32 (sp, &context->kdc_usec_offset);
- if(ret) {
- ret = KRB5_CC_FORMAT;
- krb5_set_error_message(context, ret,
- N_("Error reading kdc_usec in "
- "cache file: %s", ""),
- FILENAME(id));
- goto out;
- }
+ context->kdc_sec_offset = offset;
+ if (kdc_offset)
+ *kdc_offset = offset;
break;
+ }
default :
for (i = 0; i < data_len; ++i) {
ret = krb5_ret_int8 (sp, &dummy);
@@ -668,7 +684,7 @@ fcc_get_principal(krb5_context context,
int fd;
krb5_storage *sp;
- ret = init_fcc (context, id, &sp, &fd);
+ ret = init_fcc (context, id, &sp, &fd, NULL);
if (ret)
return ret;
ret = krb5_ret_principal(sp, principal);
@@ -701,7 +717,7 @@ fcc_get_first (krb5_context context,
memset(*cursor, 0, sizeof(struct fcc_cursor));
ret = init_fcc (context, id, &FCC_CURSOR(*cursor)->sp,
- &FCC_CURSOR(*cursor)->fd);
+ &FCC_CURSOR(*cursor)->fd, NULL);
if (ret) {
free(*cursor);
*cursor = NULL;
@@ -871,7 +887,17 @@ fcc_get_cache_next(krb5_context context, krb5_cc_cursor cursor, krb5_ccache *id)
return ret;
fn = expandedfn;
}
+ /* check if file exists, don't return a non existant "next" */
+ if (strncasecmp(fn, "FILE:", 5) == 0) {
+ struct stat sb;
+ ret = stat(fn + 5, &sb);
+ if (ret) {
+ ret = KRB5_CC_END;
+ goto out;
+ }
+ }
ret = krb5_cc_resolve(context, fn, id);
+ out:
if (expandedfn)
free(expandedfn);
@@ -892,10 +918,19 @@ fcc_move(krb5_context context, krb5_ccache from, krb5_ccache to)
krb5_error_code ret = 0;
ret = rename(FILENAME(from), FILENAME(to));
+#ifdef RENAME_DOES_NOT_UNLINK
+ if (ret && (errno == EEXIST || errno == EACCES)) {
+ ret = unlink(FILENAME(to));
+ if (ret == 0) {
+ ret = rename(FILENAME(from), FILENAME(to));
+ }
+ }
+#endif
+
if (ret && errno != EXDEV) {
char buf[128];
ret = errno;
- strerror_r(ret, buf, sizeof(buf));
+ rk_strerror_r(ret, buf, sizeof(buf));
krb5_set_error_message(context, ret,
N_("Rename of file from %s "
"to %s failed: %s", ""),
@@ -955,14 +990,14 @@ fcc_move(krb5_context context, krb5_ccache from, krb5_ccache to)
{
krb5_storage *sp;
int fd;
- ret = init_fcc (context, to, &sp, &fd);
+ ret = init_fcc (context, to, &sp, &fd, NULL);
if (sp)
krb5_storage_free(sp);
fcc_unlock(context, fd);
close(fd);
}
- fcc_destroy(context, from);
+ fcc_close(context, from);
return ret;
}
@@ -996,6 +1031,28 @@ fcc_lastchange(krb5_context context, krb5_ccache id, krb5_timestamp *mtime)
return 0;
}
+static krb5_error_code
+fcc_set_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat kdc_offset)
+{
+ return 0;
+}
+
+static krb5_error_code
+fcc_get_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat *kdc_offset)
+{
+ krb5_error_code ret;
+ krb5_storage *sp;
+ int fd;
+ ret = init_fcc(context, id, &sp, &fd, kdc_offset);
+ if (sp)
+ krb5_storage_free(sp);
+ fcc_unlock(context, fd);
+ close(fd);
+
+ return ret;
+}
+
+
/**
* Variable containing the FILE based credential cache implemention.
*
@@ -1026,5 +1083,7 @@ KRB5_LIB_VARIABLE const krb5_cc_ops krb5_fcc_ops = {
fcc_move,
fcc_get_default_name,
NULL,
- fcc_lastchange
+ fcc_lastchange,
+ fcc_set_kdc_offset,
+ fcc_get_kdc_offset
};
diff --git a/source4/heimdal/lib/krb5/free.c b/source4/heimdal/lib/krb5/free.c
index 7f4374374b..5bb33b443c 100644
--- a/source4/heimdal/lib/krb5/free.c
+++ b/source4/heimdal/lib/krb5/free.c
@@ -33,7 +33,7 @@
#include "krb5_locl.h"
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_free_kdc_rep(krb5_context context, krb5_kdc_rep *rep)
{
free_KDC_REP(&rep->kdc_rep);
@@ -43,7 +43,7 @@ krb5_free_kdc_rep(krb5_context context, krb5_kdc_rep *rep)
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_xfree (void *ptr)
{
free (ptr);
diff --git a/source4/heimdal/lib/krb5/free_host_realm.c b/source4/heimdal/lib/krb5/free_host_realm.c
index f6e9f6e247..0932674e9b 100644
--- a/source4/heimdal/lib/krb5/free_host_realm.c
+++ b/source4/heimdal/lib/krb5/free_host_realm.c
@@ -44,7 +44,7 @@
* @ingroup krb5_support
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_free_host_realm(krb5_context context,
krb5_realm *realmlist)
{
diff --git a/source4/heimdal/lib/krb5/generate_seq_number.c b/source4/heimdal/lib/krb5/generate_seq_number.c
index b7bd8b99f8..575f842d8b 100644
--- a/source4/heimdal/lib/krb5/generate_seq_number.c
+++ b/source4/heimdal/lib/krb5/generate_seq_number.c
@@ -31,9 +31,9 @@
* SUCH DAMAGE.
*/
-#include <krb5_locl.h>
+#include "krb5_locl.h"
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_generate_seq_number(krb5_context context,
const krb5_keyblock *key,
uint32_t *seqno)
diff --git a/source4/heimdal/lib/krb5/generate_subkey.c b/source4/heimdal/lib/krb5/generate_subkey.c
index 003a66ac01..e09dc2a916 100644
--- a/source4/heimdal/lib/krb5/generate_subkey.c
+++ b/source4/heimdal/lib/krb5/generate_subkey.c
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
-#include <krb5_locl.h>
+#include "krb5_locl.h"
/**
* Generate subkey, from keyblock
@@ -46,7 +46,7 @@
* @ingroup krb5_crypto
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_generate_subkey_extended(krb5_context context,
const krb5_keyblock *key,
krb5_enctype etype,
diff --git a/source4/heimdal/lib/krb5/get_addrs.c b/source4/heimdal/lib/krb5/get_addrs.c
index 8f366fa148..829b2acc17 100644
--- a/source4/heimdal/lib/krb5/get_addrs.c
+++ b/source4/heimdal/lib/krb5/get_addrs.c
@@ -266,7 +266,7 @@ get_addrs_int (krb5_context context, krb5_addresses *res, int flags)
* Only include loopback address if there are no other.
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_all_client_addrs (krb5_context context, krb5_addresses *res)
{
int flags = LOOP_IF_NONE | EXTRA_ADDRESSES;
@@ -282,7 +282,7 @@ krb5_get_all_client_addrs (krb5_context context, krb5_addresses *res)
* If that fails, we return the address corresponding to `hostname'.
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_all_server_addrs (krb5_context context, krb5_addresses *res)
{
return get_addrs_int (context, res, LOOP | SCAN_INTERFACES);
diff --git a/source4/heimdal/lib/krb5/get_cred.c b/source4/heimdal/lib/krb5/get_cred.c
index e921cf0593..3d76391fa8 100644
--- a/source4/heimdal/lib/krb5/get_cred.c
+++ b/source4/heimdal/lib/krb5/get_cred.c
@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -31,7 +33,7 @@
* SUCH DAMAGE.
*/
-#include <krb5_locl.h>
+#include "krb5_locl.h"
#include <assert.h>
/*
@@ -606,7 +608,7 @@ get_cred_kdc_address(krb5_context context,
return ret;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_kdc_cred(krb5_context context,
krb5_ccache id,
krb5_kdc_flags flags,
@@ -1037,6 +1039,13 @@ _krb5_get_cred_kdc_any(krb5_context context,
krb5_creds ***ret_tgts)
{
krb5_error_code ret;
+ krb5_deltat offset;
+
+ ret = krb5_cc_get_kdc_offset(context, ccache, &offset);
+ if (ret) {
+ context->kdc_sec_offset = offset;
+ context->kdc_usec_offset = 0;
+ }
ret = get_cred_kdc_referral(context,
flags,
@@ -1059,7 +1068,7 @@ _krb5_get_cred_kdc_any(krb5_context context,
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_credentials_with_flags(krb5_context context,
krb5_flags options,
krb5_kdc_flags flags,
@@ -1145,7 +1154,7 @@ krb5_get_credentials_with_flags(krb5_context context,
return ret;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_credentials(krb5_context context,
krb5_flags options,
krb5_ccache ccache,
@@ -1166,7 +1175,7 @@ struct krb5_get_creds_opt_data {
};
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_creds_opt_alloc(krb5_context context, krb5_get_creds_opt *opt)
{
*opt = calloc(1, sizeof(**opt));
@@ -1178,7 +1187,7 @@ krb5_get_creds_opt_alloc(krb5_context context, krb5_get_creds_opt *opt)
return 0;
}
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_get_creds_opt_free(krb5_context context, krb5_get_creds_opt opt)
{
if (opt->self)
@@ -1191,7 +1200,7 @@ krb5_get_creds_opt_free(krb5_context context, krb5_get_creds_opt opt)
free(opt);
}
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_get_creds_opt_set_options(krb5_context context,
krb5_get_creds_opt opt,
krb5_flags options)
@@ -1199,7 +1208,7 @@ krb5_get_creds_opt_set_options(krb5_context context,
opt->options = options;
}
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_get_creds_opt_add_options(krb5_context context,
krb5_get_creds_opt opt,
krb5_flags options)
@@ -1207,7 +1216,7 @@ krb5_get_creds_opt_add_options(krb5_context context,
opt->options |= options;
}
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_get_creds_opt_set_enctype(krb5_context context,
krb5_get_creds_opt opt,
krb5_enctype enctype)
@@ -1215,7 +1224,7 @@ krb5_get_creds_opt_set_enctype(krb5_context context,
opt->enctype = enctype;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_creds_opt_set_impersonate(krb5_context context,
krb5_get_creds_opt opt,
krb5_const_principal self)
@@ -1225,7 +1234,7 @@ krb5_get_creds_opt_set_impersonate(krb5_context context,
return krb5_copy_principal(context, self, &opt->self);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_creds_opt_set_ticket(krb5_context context,
krb5_get_creds_opt opt,
const Ticket *ticket)
@@ -1258,7 +1267,7 @@ krb5_get_creds_opt_set_ticket(krb5_context context,
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_creds(krb5_context context,
krb5_get_creds_opt opt,
krb5_ccache ccache,
@@ -1325,14 +1334,14 @@ krb5_get_creds(krb5_context context,
if(options & KRB5_GC_EXPIRED_OK) {
*out_creds = res_creds;
krb5_free_principal(context, in_creds.client);
- return 0;
+ goto out;
}
krb5_timeofday(context, &timeret);
if(res_creds->times.endtime > timeret) {
*out_creds = res_creds;
krb5_free_principal(context, in_creds.client);
- return 0;
+ goto out;
}
if(options & KRB5_GC_CACHED)
krb5_cc_remove_cred(context, ccache, 0, res_creds);
@@ -1340,12 +1349,13 @@ krb5_get_creds(krb5_context context,
} else if(ret != KRB5_CC_END) {
free(res_creds);
krb5_free_principal(context, in_creds.client);
- return ret;
+ goto out;
}
free(res_creds);
if(options & KRB5_GC_CACHED) {
krb5_free_principal(context, in_creds.client);
- return not_found(context, in_creds.server, KRB5_CC_NOTFOUND);
+ ret = not_found(context, in_creds.server, KRB5_CC_NOTFOUND);
+ goto out;
}
if(options & KRB5_GC_USER_USER) {
flags.b.enc_tkt_in_skey = 1;
@@ -1374,6 +1384,10 @@ krb5_get_creds(krb5_context context,
free(tgts);
if(ret == 0 && (options & KRB5_GC_NO_STORE) == 0)
krb5_cc_store_cred(context, ccache, *out_creds);
+
+ out:
+ _krb5_debug(context, 5, "krb5_get_creds: ret = %d", ret);
+
return ret;
}
@@ -1381,7 +1395,7 @@ krb5_get_creds(krb5_context context,
*
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_renewed_creds(krb5_context context,
krb5_creds *creds,
krb5_const_principal client,
diff --git a/source4/heimdal/lib/krb5/get_default_principal.c b/source4/heimdal/lib/krb5/get_default_principal.c
index 82d0642934..539dedfa47 100644
--- a/source4/heimdal/lib/krb5/get_default_principal.c
+++ b/source4/heimdal/lib/krb5/get_default_principal.c
@@ -48,6 +48,8 @@ get_env_user(void)
return user;
}
+#ifndef _WIN32
+
/*
* Will only use operating-system dependant operation to get the
* default principal, for use of functions that in ccache layer to
@@ -93,7 +95,58 @@ _krb5_get_default_principal_local (krb5_context context,
return ret;
}
-krb5_error_code KRB5_LIB_FUNCTION
+#else /* _WIN32 */
+
+#define SECURITY_WIN32
+#include <security.h>
+
+krb5_error_code
+_krb5_get_default_principal_local(krb5_context context,
+ krb5_principal *princ)
+{
+ krb5_error_code ret = 0;
+
+ /* See if we can get the principal first. We only expect this to
+ work if logged into a domain. */
+ {
+ char username[1024];
+ ULONG sz = sizeof(username);
+
+ if (GetUserNameEx(NameUserPrincipal, username, &sz)) {
+ return krb5_parse_name_flags(context, username,
+ KRB5_PRINCIPAL_PARSE_ENTERPRISE,
+ princ);
+ }
+ }
+
+ /* Just get the Windows username. This should pretty much always
+ work. */
+ {
+ char username[1024];
+ DWORD dsz = sizeof(username);
+
+ if (GetUserName(username, &dsz)) {
+ return krb5_make_principal(context, princ, NULL, username, NULL);
+ }
+ }
+
+ /* Failing that, we look at the environment */
+ {
+ const char * username = get_env_user();
+
+ if (username == NULL) {
+ krb5_set_error_string(context,
+ "unable to figure out current principal");
+ return ENOTTY; /* Really? */
+ }
+
+ return krb5_make_principal(context, princ, NULL, username, NULL);
+ }
+}
+
+#endif
+
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_default_principal (krb5_context context,
krb5_principal *princ)
{
diff --git a/source4/heimdal/lib/krb5/get_default_realm.c b/source4/heimdal/lib/krb5/get_default_realm.c
index f09df264c1..2a4933a62a 100644
--- a/source4/heimdal/lib/krb5/get_default_realm.c
+++ b/source4/heimdal/lib/krb5/get_default_realm.c
@@ -38,7 +38,7 @@
* Free this memory with krb5_free_host_realm.
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_default_realms (krb5_context context,
krb5_realm **realms)
{
@@ -57,7 +57,7 @@ krb5_get_default_realms (krb5_context context,
* Return the first default realm. For compatibility.
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_default_realm(krb5_context context,
krb5_realm *realm)
{
diff --git a/source4/heimdal/lib/krb5/get_for_creds.c b/source4/heimdal/lib/krb5/get_for_creds.c
index 8c58dae187..a109c71326 100644
--- a/source4/heimdal/lib/krb5/get_for_creds.c
+++ b/source4/heimdal/lib/krb5/get_for_creds.c
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
-#include <krb5_locl.h>
+#include "krb5_locl.h"
static krb5_error_code
add_addrs(krb5_context context,
@@ -100,7 +100,7 @@ fail:
* @ingroup krb5_credential
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_fwd_tgt_creds (krb5_context context,
krb5_auth_context auth_context,
const char *hostname,
@@ -183,7 +183,7 @@ krb5_fwd_tgt_creds (krb5_context context,
* @ingroup krb5_credential
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_forwarded_creds (krb5_context context,
krb5_auth_context auth_context,
krb5_ccache ccache,
diff --git a/source4/heimdal/lib/krb5/get_host_realm.c b/source4/heimdal/lib/krb5/get_host_realm.c
index 7d7fef6e1c..7aee02734b 100644
--- a/source4/heimdal/lib/krb5/get_host_realm.c
+++ b/source4/heimdal/lib/krb5/get_host_realm.c
@@ -158,7 +158,7 @@ config_find_realm(krb5_context context,
* fall back to guessing
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_get_host_realm_int (krb5_context context,
const char *host,
krb5_boolean use_dns,
@@ -215,7 +215,7 @@ _krb5_get_host_realm_int (krb5_context context,
* `realms'. Free `realms' with krb5_free_host_realm().
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_host_realm(krb5_context context,
const char *targethost,
krb5_realm **realms)
diff --git a/source4/heimdal/lib/krb5/get_in_tkt.c b/source4/heimdal/lib/krb5/get_in_tkt.c
index 84b1ffb71f..15cbfba89d 100644
--- a/source4/heimdal/lib/krb5/get_in_tkt.c
+++ b/source4/heimdal/lib/krb5/get_in_tkt.c
@@ -361,7 +361,8 @@ set_ptypes(krb5_context context,
return(1);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_DEPRECATED
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_in_cred(krb5_context context,
krb5_flags options,
const krb5_addresses *addrs,
@@ -374,7 +375,6 @@ krb5_get_in_cred(krb5_context context,
krb5_const_pointer decryptarg,
krb5_creds *creds,
krb5_kdc_rep *ret_as_reply)
- KRB5_DEPRECATED
{
krb5_error_code ret;
AS_REQ a;
@@ -498,7 +498,7 @@ krb5_get_in_cred(krb5_context context,
goto out;
{
- unsigned flags = 0;
+ unsigned flags = EXTRACT_TICKET_TIMESYNC;
if (opts.request_anonymous)
flags |= EXTRACT_TICKET_ALLOW_SERVER_MISMATCH;
@@ -526,7 +526,8 @@ out:
return ret;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_DEPRECATED
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_in_tkt(krb5_context context,
krb5_flags options,
const krb5_addresses *addrs,
@@ -539,7 +540,6 @@ krb5_get_in_tkt(krb5_context context,
krb5_creds *creds,
krb5_ccache ccache,
krb5_kdc_rep *ret_as_reply)
- KRB5_DEPRECATED
{
krb5_error_code ret;
diff --git a/source4/heimdal/lib/krb5/get_port.c b/source4/heimdal/lib/krb5/get_port.c
index 5d0361b816..93d9433cd0 100644
--- a/source4/heimdal/lib/krb5/get_port.c
+++ b/source4/heimdal/lib/krb5/get_port.c
@@ -31,9 +31,9 @@
* SUCH DAMAGE.
*/
-#include <krb5_locl.h>
+#include "krb5_locl.h"
-int KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION int KRB5_LIB_CALL
krb5_getportbyname (krb5_context context,
const char *service,
const char *proto,
diff --git a/source4/heimdal/lib/krb5/init_creds.c b/source4/heimdal/lib/krb5/init_creds.c
index b1bd94d3b9..f555c724ed 100644
--- a/source4/heimdal/lib/krb5/init_creds.c
+++ b/source4/heimdal/lib/krb5/init_creds.c
@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -50,7 +52,7 @@
* @ingroup krb5_credential
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_init_creds_opt_alloc(krb5_context context,
krb5_get_init_creds_opt **opt)
{
@@ -82,7 +84,7 @@ krb5_get_init_creds_opt_alloc(krb5_context context,
* @ingroup krb5_credential
*/
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_get_init_creds_opt_free(krb5_context context,
krb5_get_init_creds_opt *opt)
{
@@ -124,20 +126,21 @@ get_config_time (krb5_context context,
static krb5_boolean
get_config_bool (krb5_context context,
+ krb5_boolean def_value,
const char *realm,
const char *name)
{
- return krb5_config_get_bool (context,
- NULL,
- "realms",
- realm,
- name,
- NULL)
- || krb5_config_get_bool (context,
- NULL,
- "libdefaults",
- name,
- NULL);
+ krb5_boolean b;
+
+ b = krb5_config_get_bool_default(context, NULL, def_value,
+ "realms", realm, name, NULL);
+ if (b != def_value)
+ return b;
+ b = krb5_config_get_bool_default (context, NULL, def_value,
+ "libdefaults", name, NULL);
+ if (b != def_value)
+ return b;
+ return def_value;
}
/*
@@ -147,7 +150,7 @@ get_config_bool (krb5_context context,
* [realms] or [libdefaults] for some of the values.
*/
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_get_init_creds_opt_set_default_flags(krb5_context context,
const char *appname,
krb5_const_realm realm,
@@ -156,11 +159,12 @@ krb5_get_init_creds_opt_set_default_flags(krb5_context context,
krb5_boolean b;
time_t t;
- b = get_config_bool (context, realm, "forwardable");
+ b = get_config_bool (context, KRB5_FORWARDABLE_DEFAULT,
+ realm, "forwardable");
krb5_appdefault_boolean(context, appname, realm, "forwardable", b, &b);
krb5_get_init_creds_opt_set_forwardable(opt, b);
- b = get_config_bool (context, realm, "proxiable");
+ b = get_config_bool (context, FALSE, realm, "proxiable");
krb5_appdefault_boolean(context, appname, realm, "proxiable", b, &b);
krb5_get_init_creds_opt_set_proxiable (opt, b);
@@ -197,7 +201,7 @@ krb5_get_init_creds_opt_set_default_flags(krb5_context context,
}
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_get_init_creds_opt_set_tkt_life(krb5_get_init_creds_opt *opt,
krb5_deltat tkt_life)
{
@@ -205,7 +209,7 @@ krb5_get_init_creds_opt_set_tkt_life(krb5_get_init_creds_opt *opt,
opt->tkt_life = tkt_life;
}
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_get_init_creds_opt_set_renew_life(krb5_get_init_creds_opt *opt,
krb5_deltat renew_life)
{
@@ -213,7 +217,7 @@ krb5_get_init_creds_opt_set_renew_life(krb5_get_init_creds_opt *opt,
opt->renew_life = renew_life;
}
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_get_init_creds_opt_set_forwardable(krb5_get_init_creds_opt *opt,
int forwardable)
{
@@ -221,7 +225,7 @@ krb5_get_init_creds_opt_set_forwardable(krb5_get_init_creds_opt *opt,
opt->forwardable = forwardable;
}
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_get_init_creds_opt_set_proxiable(krb5_get_init_creds_opt *opt,
int proxiable)
{
@@ -229,7 +233,7 @@ krb5_get_init_creds_opt_set_proxiable(krb5_get_init_creds_opt *opt,
opt->proxiable = proxiable;
}
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_get_init_creds_opt_set_etype_list(krb5_get_init_creds_opt *opt,
krb5_enctype *etype_list,
int etype_list_length)
@@ -239,7 +243,7 @@ krb5_get_init_creds_opt_set_etype_list(krb5_get_init_creds_opt *opt,
opt->etype_list_length = etype_list_length;
}
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_get_init_creds_opt_set_address_list(krb5_get_init_creds_opt *opt,
krb5_addresses *addresses)
{
@@ -247,7 +251,7 @@ krb5_get_init_creds_opt_set_address_list(krb5_get_init_creds_opt *opt,
opt->address_list = addresses;
}
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_get_init_creds_opt_set_preauth_list(krb5_get_init_creds_opt *opt,
krb5_preauthtype *preauth_list,
int preauth_list_length)
@@ -257,7 +261,7 @@ krb5_get_init_creds_opt_set_preauth_list(krb5_get_init_creds_opt *opt,
opt->preauth_list = preauth_list;
}
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_get_init_creds_opt_set_salt(krb5_get_init_creds_opt *opt,
krb5_data *salt)
{
@@ -265,7 +269,7 @@ krb5_get_init_creds_opt_set_salt(krb5_get_init_creds_opt *opt,
opt->salt = salt;
}
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_get_init_creds_opt_set_anonymous(krb5_get_init_creds_opt *opt,
int anonymous)
{
@@ -286,7 +290,7 @@ require_ext_opt(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_init_creds_opt_set_pa_password(krb5_context context,
krb5_get_init_creds_opt *opt,
const char *password,
@@ -301,7 +305,7 @@ krb5_get_init_creds_opt_set_pa_password(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_init_creds_opt_set_pac_request(krb5_context context,
krb5_get_init_creds_opt *opt,
krb5_boolean req_pac)
@@ -316,7 +320,7 @@ krb5_get_init_creds_opt_set_pac_request(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_init_creds_opt_set_addressless(krb5_context context,
krb5_get_init_creds_opt *opt,
krb5_boolean addressless)
@@ -332,7 +336,7 @@ krb5_get_init_creds_opt_set_addressless(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_init_creds_opt_set_canonicalize(krb5_context context,
krb5_get_init_creds_opt *opt,
krb5_boolean req)
@@ -348,7 +352,7 @@ krb5_get_init_creds_opt_set_canonicalize(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_init_creds_opt_set_win2k(krb5_context context,
krb5_get_init_creds_opt *opt,
krb5_boolean req)
@@ -357,15 +361,18 @@ krb5_get_init_creds_opt_set_win2k(krb5_context context,
ret = require_ext_opt(context, opt, "init_creds_opt_set_win2k");
if (ret)
return ret;
- if (req)
+ if (req) {
opt->opt_private->flags |= KRB5_INIT_CREDS_NO_C_CANON_CHECK;
- else
+ opt->opt_private->flags |= KRB5_INIT_CREDS_NO_C_NO_EKU_CHECK;
+ } else {
opt->opt_private->flags &= ~KRB5_INIT_CREDS_NO_C_CANON_CHECK;
+ opt->opt_private->flags &= ~KRB5_INIT_CREDS_NO_C_NO_EKU_CHECK;
+ }
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_init_creds_opt_set_process_last_req(krb5_context context,
krb5_get_init_creds_opt *opt,
krb5_gic_process_last_req func,
@@ -385,9 +392,19 @@ krb5_get_init_creds_opt_set_process_last_req(krb5_context context,
#ifndef HEIMDAL_SMALLER
-void KRB5_LIB_FUNCTION
+/**
+ * Deprecated: use krb5_get_init_creds_opt_alloc().
+ *
+ * The reason krb5_get_init_creds_opt_init() is deprecated is that
+ * krb5_get_init_creds_opt is a static structure and for ABI reason it
+ * can't grow, ie can't add new functionality.
+ *
+ * @ingroup krb5_deprecated
+ */
+
+KRB5_DEPRECATED
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_get_init_creds_opt_init(krb5_get_init_creds_opt *opt)
- KRB5_DEPRECATED
{
memset (opt, 0, sizeof(*opt));
}
@@ -399,11 +416,11 @@ krb5_get_init_creds_opt_init(krb5_get_init_creds_opt *opt)
* @ingroup krb5_deprecated
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_DEPRECATED
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_init_creds_opt_get_error(krb5_context context,
krb5_get_init_creds_opt *opt,
KRB_ERROR **error)
- KRB5_DEPRECATED
{
*error = calloc(1, sizeof(**error));
if (*error == NULL) {
diff --git a/source4/heimdal/lib/krb5/init_creds_pw.c b/source4/heimdal/lib/krb5/init_creds_pw.c
index c326fa4df7..4637a6d941 100644
--- a/source4/heimdal/lib/krb5/init_creds_pw.c
+++ b/source4/heimdal/lib/krb5/init_creds_pw.c
@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -59,6 +61,12 @@ typedef struct krb5_get_init_creds_ctx {
krb5_pk_init_ctx pk_init_ctx;
int ic_flags;
+ int used_pa_types;
+#define USED_PKINIT 1
+#define USED_PKINIT_W2K 2
+#define USED_ENC_TS_GUESS 4
+#define USED_ENC_TS_INFO 8
+
METHOD_DATA md;
KRB_ERROR error;
AS_REP as_rep;
@@ -67,8 +75,25 @@ typedef struct krb5_get_init_creds_ctx {
krb5_prompter_fct prompter;
void *prompter_data;
+ struct pa_info_data *ppaid;
+
} krb5_get_init_creds_ctx;
+
+struct pa_info_data {
+ krb5_enctype etype;
+ krb5_salt salt;
+ krb5_data *s2kparams;
+};
+
+static void
+free_paid(krb5_context context, struct pa_info_data *ppaid)
+{
+ krb5_free_salt(context, ppaid->salt);
+ if (ppaid->s2kparams)
+ krb5_free_data(context, ppaid->s2kparams);
+}
+
static krb5_error_code
default_s2k_func(krb5_context context, krb5_enctype type,
krb5_const_pointer keyseed,
@@ -79,6 +104,8 @@ default_s2k_func(krb5_context context, krb5_enctype type,
krb5_data password;
krb5_data opaque;
+ _krb5_debug(context, 5, "krb5_get_init_creds: using default_s2k_func");
+
password.data = rk_UNCONST(keyseed);
password.length = strlen(keyseed);
if (s2kparms)
@@ -120,6 +147,10 @@ free_init_creds_ctx(krb5_context context, krb5_init_creds_context ctx)
free_EncKDCRepPart(&ctx->enc_part);
free_KRB_ERROR(&ctx->error);
free_AS_REQ(&ctx->as_req);
+ if (ctx->ppaid) {
+ free_paid(context, ctx->ppaid);
+ free(ctx->ppaid);
+ }
memset(ctx, 0, sizeof(*ctx));
}
@@ -559,7 +590,7 @@ out:
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_keyblock_key_proc (krb5_context context,
krb5_keytype type,
krb5_data *salt,
@@ -681,20 +712,6 @@ init_as_req (krb5_context context,
return ret;
}
-struct pa_info_data {
- krb5_enctype etype;
- krb5_salt salt;
- krb5_data *s2kparams;
-};
-
-static void
-free_paid(krb5_context context, struct pa_info_data *ppaid)
-{
- krb5_free_salt(context, ppaid->salt);
- if (ppaid->s2kparams)
- krb5_free_data(context, ppaid->s2kparams);
-}
-
static krb5_error_code
set_paid(struct pa_info_data *paid, krb5_context context,
@@ -986,6 +1003,8 @@ add_enc_ts_padata(krb5_context context,
for (i = 0; i < netypes; ++i) {
krb5_keyblock *key;
+ _krb5_debug(context, 5, "krb5_get_init_creds: using ENC-TS with enctype %d", enctypes[i]);
+
ret = (*keyproc)(context, enctypes[i], keyseed,
*salt, s2kparams, &key);
if (ret)
@@ -1019,6 +1038,8 @@ pa_data_to_md_ts_enc(krb5_context context,
} else {
krb5_salt salt;
+ _krb5_debug(context, 5, "krb5_get_init_creds: pa-info not found, guessing salt");
+
/* make a v5 salted pa-data */
add_enc_ts_padata(context, md, client,
ctx->keyproc, ctx->keyseed,
@@ -1057,6 +1078,7 @@ static krb5_error_code
pa_data_to_md_pkinit(krb5_context context,
const AS_REQ *a,
const krb5_principal client,
+ int win2k,
krb5_get_init_creds_ctx *ctx,
METHOD_DATA *md)
{
@@ -1064,10 +1086,12 @@ pa_data_to_md_pkinit(krb5_context context,
return 0;
#ifdef PKINIT
return _krb5_pk_mk_padata(context,
- ctx->pk_init_ctx,
- &a->req_body,
- ctx->pk_nonce,
- md);
+ ctx->pk_init_ctx,
+ ctx->ic_flags,
+ win2k,
+ &a->req_body,
+ ctx->pk_nonce,
+ md);
#else
krb5_set_error_message(context, EINVAL,
N_("no support for PKINIT compiled in", ""));
@@ -1133,6 +1157,13 @@ process_pa_data_to_md(krb5_context context,
(*out_md)->len = 0;
(*out_md)->val = NULL;
+ if (_krb5_have_debug(context, 5)) {
+ unsigned i;
+ _krb5_debug(context, 5, "KDC send %d patypes", in_md->len);
+ for (i = 0; i < in_md->len; i++)
+ _krb5_debug(context, 5, "KDC send PA-DATA type: %d", in_md->val[i].padata_type);
+ }
+
/*
* Make sure we don't sent both ENC-TS and PK-INIT pa data, no
* need to expose our password protecting our PKCS12 key.
@@ -1140,21 +1171,62 @@ process_pa_data_to_md(krb5_context context,
if (ctx->pk_init_ctx) {
- ret = pa_data_to_md_pkinit(context, a, creds->client, ctx, *out_md);
+ _krb5_debug(context, 5, "krb5_get_init_creds: "
+ "prepareing PKINIT padata (%s)",
+ (ctx->used_pa_types & USED_PKINIT_W2K) ? "win2k" : "ietf");
+
+ if (ctx->used_pa_types & USED_PKINIT_W2K) {
+ krb5_set_error_message(context, KRB5_GET_IN_TKT_LOOP,
+ "Already tried pkinit, looping");
+ return KRB5_GET_IN_TKT_LOOP;
+ }
+
+ ret = pa_data_to_md_pkinit(context, a, creds->client,
+ (ctx->used_pa_types & USED_PKINIT),
+ ctx, *out_md);
if (ret)
return ret;
+ if (ctx->used_pa_types & USED_PKINIT)
+ ctx->used_pa_types |= USED_PKINIT_W2K;
+ else
+ ctx->used_pa_types |= USED_PKINIT;
+
} else if (in_md->len != 0) {
- struct pa_info_data paid, *ppaid;
+ struct pa_info_data *paid, *ppaid;
+ unsigned flag;
+
+ paid = calloc(1, sizeof(*paid));
- memset(&paid, 0, sizeof(paid));
+ paid->etype = ENCTYPE_NULL;
+ ppaid = process_pa_info(context, creds->client, a, paid, in_md);
- paid.etype = ENCTYPE_NULL;
- ppaid = process_pa_info(context, creds->client, a, &paid, in_md);
+ if (ppaid)
+ flag = USED_ENC_TS_INFO;
+ else
+ flag = USED_ENC_TS_GUESS;
+
+ if (ctx->used_pa_types & flag) {
+ if (ppaid)
+ free_paid(context, ppaid);
+ krb5_set_error_message(context, KRB5_GET_IN_TKT_LOOP,
+ "Already tried ENC-TS-%s, looping",
+ flag == USED_ENC_TS_INFO ? "info" : "guess");
+ return KRB5_GET_IN_TKT_LOOP;
+ }
pa_data_to_md_ts_enc(context, a, creds->client, ctx, ppaid, *out_md);
- if (ppaid)
- free_paid(context, ppaid);
+
+ ctx->used_pa_types |= flag;
+
+ if (ppaid) {
+ if (ctx->ppaid) {
+ free_paid(context, ctx->ppaid);
+ free(ctx->ppaid);
+ }
+ ctx->ppaid = ppaid;
+ } else
+ free(paid);
}
pa_data_add_pac_request(context, ctx, *out_md);
@@ -1190,12 +1262,15 @@ process_pa_data_to_key(krb5_context context,
ppaid = process_pa_info(context, creds->client, a, &paid,
rep->padata);
}
+ if (ppaid == NULL)
+ ppaid = ctx->ppaid;
if (ppaid == NULL) {
ret = krb5_get_pw_salt (context, creds->client, &paid.salt);
if (ret)
return ret;
paid.etype = etype;
paid.s2kparams = NULL;
+ ppaid = &paid;
}
pa = NULL;
@@ -1215,6 +1290,8 @@ process_pa_data_to_key(krb5_context context,
}
if (pa && ctx->pk_init_ctx) {
#ifdef PKINIT
+ _krb5_debug(context, 5, "krb5_get_init_creds: using PKINIT");
+
ret = _krb5_pk_rd_pa_reply(context,
a->req_body.realm,
ctx->pk_init_ctx,
@@ -1228,10 +1305,11 @@ process_pa_data_to_key(krb5_context context,
ret = EINVAL;
krb5_set_error_message(context, ret, N_("no support for PKINIT compiled in", ""));
#endif
- } else if (ctx->keyseed)
+ } else if (ctx->keyseed) {
+ _krb5_debug(context, 5, "krb5_get_init_creds: using keyproc");
ret = pa_data_to_key_plain(context, creds->client, ctx,
- paid.salt, paid.s2kparams, etype, key);
- else {
+ ppaid->salt, ppaid->s2kparams, etype, key);
+ } else {
ret = EINVAL;
krb5_set_error_message(context, ret, N_("No usable pa data type", ""));
}
@@ -1258,7 +1336,7 @@ process_pa_data_to_key(krb5_context context,
* @ingroup krb5_credential
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_init_creds_init(krb5_context context,
krb5_principal client,
krb5_prompter_fct prompter,
@@ -1312,7 +1390,7 @@ krb5_init_creds_init(krb5_context context,
* @ingroup krb5_credential
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_init_creds_set_service(krb5_context context,
krb5_init_creds_context ctx,
const char *service)
@@ -1352,7 +1430,7 @@ krb5_init_creds_set_service(krb5_context context,
* @ingroup krb5_credential
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_init_creds_set_password(krb5_context context,
krb5_init_creds_context ctx,
const char *password)
@@ -1420,7 +1498,7 @@ keytab_key_proc(krb5_context context, krb5_enctype enctype,
* @ingroup krb5_credential
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_init_creds_set_keytab(krb5_context context,
krb5_init_creds_context ctx,
krb5_keytab keytab)
@@ -1512,7 +1590,7 @@ keyblock_key_proc(krb5_context context, krb5_enctype enctype,
return krb5_copy_keyblock (context, keyseed, key);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_init_creds_set_keyblock(krb5_context context,
krb5_init_creds_context ctx,
krb5_keyblock *keyblock)
@@ -1543,7 +1621,7 @@ krb5_init_creds_set_keyblock(krb5_context context,
* @ingroup krb5_credential
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_init_creds_step(krb5_context context,
krb5_init_creds_context ctx,
krb5_data *in,
@@ -1576,16 +1654,20 @@ krb5_init_creds_step(krb5_context context,
}
ctx->pa_counter++;
+ _krb5_debug(context, 5, "krb5_get_init_creds: loop %d", ctx->pa_counter);
+
/* Lets process the input packet */
if (in && in->length) {
krb5_kdc_rep rep;
memset(&rep, 0, sizeof(rep));
+ _krb5_debug(context, 5, "krb5_get_init_creds: processing input");
+
ret = decode_AS_REP(in->data, in->length, &rep.kdc_rep, &size);
if (ret == 0) {
krb5_keyblock *key = NULL;
- unsigned eflags = EXTRACT_TICKET_AS_REQ;
+ unsigned eflags = EXTRACT_TICKET_AS_REQ | EXTRACT_TICKET_TIMESYNC;
if (ctx->flags.canonicalize) {
eflags |= EXTRACT_TICKET_ALLOW_SERVER_MISMATCH;
@@ -1601,6 +1683,8 @@ krb5_init_creds_step(krb5_context context,
goto out;
}
+ _krb5_debug(context, 5, "krb5_get_init_creds: extracting ticket");
+
ret = _krb5_extract_ticket(context,
&rep,
&ctx->cred,
@@ -1627,16 +1711,22 @@ krb5_init_creds_step(krb5_context context,
} else {
/* let's try to parse it as a KRB-ERROR */
+ _krb5_debug(context, 5, "krb5_get_init_creds: got an error");
+
free_KRB_ERROR(&ctx->error);
ret = krb5_rd_error(context, in, &ctx->error);
if(ret && in->length && ((char*)in->data)[0] == 4)
ret = KRB5KRB_AP_ERR_V4_REPLY;
- if (ret)
+ if (ret) {
+ _krb5_debug(context, 5, "krb5_get_init_creds: failed to read error");
goto out;
+ }
ret = krb5_error_from_rd_error(context, &ctx->error, &ctx->cred);
+ _krb5_debug(context, 5, "krb5_get_init_creds: KRB-ERROR %d", ret);
+
/*
* If no preauth was set and KDC requires it, give it one
* more try.
@@ -1668,16 +1758,29 @@ krb5_init_creds_step(krb5_context context,
krb5_set_real_time(context, ctx->error.stime, -1);
if (context->kdc_sec_offset)
ret = 0;
+
+ _krb5_debug(context, 10, "init_creds: err skew updateing kdc offset to %d",
+ context->kdc_sec_offset);
+
+ ctx->used_pa_types = 0;
+
} else if (ret == KRB5_KDC_ERR_WRONG_REALM && ctx->flags.canonicalize) {
/* client referal to a new realm */
+
if (ctx->error.crealm == NULL) {
krb5_set_error_message(context, ret,
N_("Got a client referral, not but no realm", ""));
goto out;
}
+ _krb5_debug(context, 5,
+ "krb5_get_init_creds: got referal to realm %s",
+ *ctx->error.crealm);
+
ret = krb5_principal_set_realm(context,
ctx->cred.client,
*ctx->error.crealm);
+
+ ctx->used_pa_types = 0;
}
if (ret)
goto out;
@@ -1731,7 +1834,7 @@ krb5_init_creds_step(krb5_context context,
* @return 0 for sucess or An Kerberos error code, see krb5_get_error_message().
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_init_creds_get_creds(krb5_context context,
krb5_init_creds_context ctx,
krb5_creds *cred)
@@ -1747,7 +1850,7 @@ krb5_init_creds_get_creds(krb5_context context,
* @ingroup krb5_credential
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_init_creds_get_error(krb5_context context,
krb5_init_creds_context ctx,
KRB_ERROR *error)
@@ -1770,7 +1873,7 @@ krb5_init_creds_get_error(krb5_context context,
* @ingroup krb5_credential
*/
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_init_creds_free(krb5_context context,
krb5_init_creds_context ctx)
{
@@ -1787,7 +1890,7 @@ krb5_init_creds_free(krb5_context context,
* @ingroup krb5_credential
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_init_creds_get(krb5_context context, krb5_init_creds_context ctx)
{
krb5_sendto_ctx stctx = NULL;
@@ -1835,7 +1938,7 @@ krb5_init_creds_get(krb5_context context, krb5_init_creds_context ctx)
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_init_creds_password(krb5_context context,
krb5_creds *creds,
krb5_principal client,
@@ -1941,7 +2044,7 @@ krb5_get_init_creds_password(krb5_context context,
* @ingroup krb5_credential
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_init_creds_keyblock(krb5_context context,
krb5_creds *creds,
krb5_principal client,
@@ -1988,7 +2091,7 @@ krb5_get_init_creds_keyblock(krb5_context context,
* @ingroup krb5_credential
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_init_creds_keytab(krb5_context context,
krb5_creds *creds,
krb5_principal client,
diff --git a/source4/heimdal/lib/krb5/kcm.c b/source4/heimdal/lib/krb5/kcm.c
index c94dea551f..01ea184773 100644
--- a/source4/heimdal/lib/krb5/kcm.c
+++ b/source4/heimdal/lib/krb5/kcm.c
@@ -2,6 +2,8 @@
* Copyright (c) 2005, PADL Software Pty Ltd.
* All rights reserved.
*
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -37,16 +39,16 @@
* Client library for Kerberos Credentials Manager (KCM) daemon
*/
-#ifdef HAVE_SYS_UN_H
-#include <sys/un.h>
-#endif
-
#include "kcm.h"
+#include <heim-ipc.h>
+
+static krb5_error_code
+kcm_set_kdc_offset(krb5_context, krb5_ccache, krb5_deltat);
+
+static const char *kcm_ipc_name = "ANY:org.h5l.kcm";
typedef struct krb5_kcmcache {
char *name;
- struct sockaddr_un path;
- char *door_path;
} krb5_kcmcache;
typedef struct krb5_kcm_cursor {
@@ -60,83 +62,23 @@ typedef struct krb5_kcm_cursor {
#define CACHENAME(X) (KCMCACHE(X)->name)
#define KCMCURSOR(C) ((krb5_kcm_cursor)(C))
-#ifdef HAVE_DOOR_CREATE
-
-static krb5_error_code
-try_door(krb5_context context,
- krb5_kcmcache *k,
- krb5_data *request_data,
- krb5_data *response_data)
-{
- door_arg_t arg;
- int fd;
- int ret;
-
- memset(&arg, 0, sizeof(arg));
-
- fd = open(k->door_path, O_RDWR);
- if (fd < 0)
- return KRB5_CC_IO;
- rk_cloexec(fd);
-
- arg.data_ptr = request_data->data;
- arg.data_size = request_data->length;
- arg.desc_ptr = NULL;
- arg.desc_num = 0;
- arg.rbuf = NULL;
- arg.rsize = 0;
-
- ret = door_call(fd, &arg);
- close(fd);
- if (ret != 0)
- return KRB5_CC_IO;
-
- ret = krb5_data_copy(response_data, arg.rbuf, arg.rsize);
- munmap(arg.rbuf, arg.rsize);
- if (ret)
- return ret;
-
- return 0;
-}
-#endif /* HAVE_DOOR_CREATE */
-
-static krb5_error_code
-try_unix_socket(krb5_context context,
- krb5_kcmcache *k,
- krb5_data *request_data,
- krb5_data *response_data)
-{
- krb5_error_code ret;
- int fd;
-
- fd = socket(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0);
- if (fd < 0)
- return KRB5_CC_IO;
- rk_cloexec(fd);
-
- if (connect(fd, rk_UNCONST(&k->path), sizeof(k->path)) != 0) {
- close(fd);
- return KRB5_CC_IO;
- }
-
- ret = _krb5_send_and_recv_tcp(fd, context->kdc_timeout,
- request_data, response_data);
- close(fd);
- return ret;
-}
+static HEIMDAL_MUTEX kcm_mutex = HEIMDAL_MUTEX_INITIALIZER;
+static heim_ipc kcm_ipc = NULL;
static krb5_error_code
kcm_send_request(krb5_context context,
- krb5_kcmcache *k,
krb5_storage *request,
krb5_data *response_data)
{
- krb5_error_code ret;
+ krb5_error_code ret = 0;
krb5_data request_data;
- int i;
- response_data->data = NULL;
- response_data->length = 0;
+ HEIMDAL_MUTEX_lock(&kcm_mutex);
+ if (kcm_ipc == NULL)
+ ret = heim_ipc_init_context(kcm_ipc_name, &kcm_ipc);
+ HEIMDAL_MUTEX_unlock(&kcm_mutex);
+ if (ret)
+ return KRB5_CC_NOSUPP;
ret = krb5_storage_to_data(request, &request_data);
if (ret) {
@@ -144,19 +86,7 @@ kcm_send_request(krb5_context context,
return KRB5_CC_NOMEM;
}
- ret = KRB5_CC_NOSUPP;
-
- for (i = 0; i < context->max_retries; i++) {
-#ifdef HAVE_DOOR_CREATE
- ret = try_door(context, k, &request_data, response_data);
- if (ret == 0 && response_data->length != 0)
- break;
-#endif
- ret = try_unix_socket(context, k, &request_data, response_data);
- if (ret == 0 && response_data->length != 0)
- break;
- }
-
+ ret = heim_ipc_call(kcm_ipc, &request_data, response_data, NULL);
krb5_data_free(&request_data);
if (ret) {
@@ -167,10 +97,10 @@ kcm_send_request(krb5_context context,
return ret;
}
-static krb5_error_code
-kcm_storage_request(krb5_context context,
- kcm_operation opcode,
- krb5_storage **storage_p)
+krb5_error_code
+krb5_kcm_storage_request(krb5_context context,
+ uint16_t opcode,
+ krb5_storage **storage_p)
{
krb5_storage *sp;
krb5_error_code ret;
@@ -209,7 +139,6 @@ static krb5_error_code
kcm_alloc(krb5_context context, const char *name, krb5_ccache *id)
{
krb5_kcmcache *k;
- const char *path;
k = malloc(sizeof(*k));
if (k == NULL) {
@@ -228,35 +157,18 @@ kcm_alloc(krb5_context context, const char *name, krb5_ccache *id)
}
} else
k->name = NULL;
-
- path = krb5_config_get_string_default(context, NULL,
- _PATH_KCM_SOCKET,
- "libdefaults",
- "kcm_socket",
- NULL);
-
- k->path.sun_family = AF_UNIX;
- strlcpy(k->path.sun_path, path, sizeof(k->path.sun_path));
-
- path = krb5_config_get_string_default(context, NULL,
- _PATH_KCM_DOOR,
- "libdefaults",
- "kcm_door",
- NULL);
- k->door_path = strdup(path);
-
+
(*id)->data.data = k;
(*id)->data.length = sizeof(*k);
return 0;
}
-static krb5_error_code
-kcm_call(krb5_context context,
- krb5_kcmcache *k,
- krb5_storage *request,
- krb5_storage **response_p,
- krb5_data *response_data_p)
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_kcm_call(krb5_context context,
+ krb5_storage *request,
+ krb5_storage **response_p,
+ krb5_data *response_data_p)
{
krb5_data response_data;
krb5_error_code ret;
@@ -266,10 +178,11 @@ kcm_call(krb5_context context,
if (response_p != NULL)
*response_p = NULL;
- ret = kcm_send_request(context, k, request, &response_data);
- if (ret) {
+ krb5_data_zero(&response_data);
+
+ ret = kcm_send_request(context, request, &response_data);
+ if (ret)
return ret;
- }
response = krb5_storage_from_data(&response_data);
if (response == NULL) {
@@ -311,8 +224,6 @@ kcm_free(krb5_context context, krb5_ccache *id)
if (k != NULL) {
if (k->name != NULL)
free(k->name);
- if (k->door_path)
- free(k->door_path);
memset(k, 0, sizeof(*k));
krb5_data_free(&(*id)->data);
}
@@ -351,13 +262,13 @@ kcm_gen_new(krb5_context context, krb5_ccache *id)
k = KCMCACHE(*id);
- ret = kcm_storage_request(context, KCM_OP_GEN_NEW, &request);
+ ret = krb5_kcm_storage_request(context, KCM_OP_GEN_NEW, &request);
if (ret) {
kcm_free(context, id);
return ret;
}
- ret = kcm_call(context, k, request, &response, &response_data);
+ ret = krb5_kcm_call(context, request, &response, &response_data);
if (ret) {
krb5_storage_free(request);
kcm_free(context, id);
@@ -395,7 +306,7 @@ kcm_initialize(krb5_context context,
krb5_kcmcache *k = KCMCACHE(id);
krb5_storage *request;
- ret = kcm_storage_request(context, KCM_OP_INITIALIZE, &request);
+ ret = krb5_kcm_storage_request(context, KCM_OP_INITIALIZE, &request);
if (ret)
return ret;
@@ -411,9 +322,13 @@ kcm_initialize(krb5_context context,
return ret;
}
- ret = kcm_call(context, k, request, NULL, NULL);
+ ret = krb5_kcm_call(context, request, NULL, NULL);
krb5_storage_free(request);
+
+ if (context->kdc_sec_offset)
+ kcm_set_kdc_offset(context, id, context->kdc_sec_offset);
+
return ret;
}
@@ -440,7 +355,7 @@ kcm_destroy(krb5_context context,
krb5_kcmcache *k = KCMCACHE(id);
krb5_storage *request;
- ret = kcm_storage_request(context, KCM_OP_DESTROY, &request);
+ ret = krb5_kcm_storage_request(context, KCM_OP_DESTROY, &request);
if (ret)
return ret;
@@ -450,7 +365,7 @@ kcm_destroy(krb5_context context,
return ret;
}
- ret = kcm_call(context, k, request, NULL, NULL);
+ ret = krb5_kcm_call(context, request, NULL, NULL);
krb5_storage_free(request);
return ret;
@@ -473,7 +388,7 @@ kcm_store_cred(krb5_context context,
krb5_kcmcache *k = KCMCACHE(id);
krb5_storage *request;
- ret = kcm_storage_request(context, KCM_OP_STORE, &request);
+ ret = krb5_kcm_storage_request(context, KCM_OP_STORE, &request);
if (ret)
return ret;
@@ -489,12 +404,13 @@ kcm_store_cred(krb5_context context,
return ret;
}
- ret = kcm_call(context, k, request, NULL, NULL);
+ ret = krb5_kcm_call(context, request, NULL, NULL);
krb5_storage_free(request);
return ret;
}
+#if 0
/*
* Request:
* NameZ
@@ -517,7 +433,7 @@ kcm_retrieve(krb5_context context,
krb5_storage *request, *response;
krb5_data response_data;
- ret = kcm_storage_request(context, KCM_OP_RETRIEVE, &request);
+ ret = krb5_kcm_storage_request(context, KCM_OP_RETRIEVE, &request);
if (ret)
return ret;
@@ -539,7 +455,7 @@ kcm_retrieve(krb5_context context,
return ret;
}
- ret = kcm_call(context, k, request, &response, &response_data);
+ ret = krb5_kcm_call(context, request, &response, &response_data);
if (ret) {
krb5_storage_free(request);
return ret;
@@ -555,6 +471,7 @@ kcm_retrieve(krb5_context context,
return ret;
}
+#endif
/*
* Request:
@@ -573,7 +490,7 @@ kcm_get_principal(krb5_context context,
krb5_storage *request, *response;
krb5_data response_data;
- ret = kcm_storage_request(context, KCM_OP_GET_PRINCIPAL, &request);
+ ret = krb5_kcm_storage_request(context, KCM_OP_GET_PRINCIPAL, &request);
if (ret)
return ret;
@@ -583,7 +500,7 @@ kcm_get_principal(krb5_context context,
return ret;
}
- ret = kcm_call(context, k, request, &response, &response_data);
+ ret = krb5_kcm_call(context, request, &response, &response_data);
if (ret) {
krb5_storage_free(request);
return ret;
@@ -619,7 +536,7 @@ kcm_get_first (krb5_context context,
krb5_storage *request, *response;
krb5_data response_data;
- ret = kcm_storage_request(context, KCM_OP_GET_FIRST, &request);
+ ret = krb5_kcm_storage_request(context, KCM_OP_GET_CRED_UUID_LIST, &request);
if (ret)
return ret;
@@ -629,7 +546,7 @@ kcm_get_first (krb5_context context,
return ret;
}
- ret = kcm_call(context, k, request, &response, &response_data);
+ ret = krb5_kcm_call(context, request, &response, &response_data);
krb5_storage_free(request);
if (ret)
return ret;
@@ -710,7 +627,7 @@ kcm_get_next (krb5_context context,
if (c->offset >= c->length)
return KRB5_CC_END;
- ret = kcm_storage_request(context, KCM_OP_GET_NEXT, &request);
+ ret = krb5_kcm_storage_request(context, KCM_OP_GET_CRED_BY_UUID, &request);
if (ret)
return ret;
@@ -730,7 +647,7 @@ kcm_get_next (krb5_context context,
return ENOMEM;
}
- ret = kcm_call(context, k, request, &response, &response_data);
+ ret = krb5_kcm_call(context, request, &response, &response_data);
krb5_storage_free(request);
if (ret == KRB5_CC_END) {
goto again;
@@ -759,32 +676,14 @@ kcm_end_get (krb5_context context,
krb5_ccache id,
krb5_cc_cursor *cursor)
{
- krb5_error_code ret;
- krb5_kcmcache *k = KCMCACHE(id);
krb5_kcm_cursor c = KCMCURSOR(*cursor);
- krb5_storage *request;
-
- ret = kcm_storage_request(context, KCM_OP_END_GET, &request);
- if (ret)
- return ret;
-
- ret = krb5_store_stringz(request, k->name);
- if (ret) {
- krb5_storage_free(request);
- return ret;
- }
-
- ret = kcm_call(context, k, request, NULL, NULL);
- krb5_storage_free(request);
- if (ret)
- return ret;
free(c->uuids);
free(c);
*cursor = NULL;
- return ret;
+ return 0;
}
/*
@@ -806,7 +705,7 @@ kcm_remove_cred(krb5_context context,
krb5_kcmcache *k = KCMCACHE(id);
krb5_storage *request;
- ret = kcm_storage_request(context, KCM_OP_REMOVE_CRED, &request);
+ ret = krb5_kcm_storage_request(context, KCM_OP_REMOVE_CRED, &request);
if (ret)
return ret;
@@ -828,7 +727,7 @@ kcm_remove_cred(krb5_context context,
return ret;
}
- ret = kcm_call(context, k, request, NULL, NULL);
+ ret = krb5_kcm_call(context, request, NULL, NULL);
krb5_storage_free(request);
return ret;
@@ -843,7 +742,7 @@ kcm_set_flags(krb5_context context,
krb5_kcmcache *k = KCMCACHE(id);
krb5_storage *request;
- ret = kcm_storage_request(context, KCM_OP_SET_FLAGS, &request);
+ ret = krb5_kcm_storage_request(context, KCM_OP_SET_FLAGS, &request);
if (ret)
return ret;
@@ -859,7 +758,7 @@ kcm_set_flags(krb5_context context,
return ret;
}
- ret = kcm_call(context, k, request, NULL, NULL);
+ ret = krb5_kcm_call(context, request, NULL, NULL);
krb5_storage_free(request);
return ret;
@@ -872,6 +771,161 @@ kcm_get_version(krb5_context context,
return 0;
}
+/*
+ * Send nothing
+ * get back list of uuids
+ */
+
+static krb5_error_code
+kcm_get_cache_first(krb5_context context, krb5_cc_cursor *cursor)
+{
+ krb5_error_code ret;
+ krb5_kcm_cursor c;
+ krb5_storage *request, *response;
+ krb5_data response_data;
+
+ *cursor = NULL;
+
+ c = calloc(1, sizeof(*c));
+ if (c == NULL) {
+ ret = ENOMEM;
+ krb5_set_error_message(context, ret,
+ N_("malloc: out of memory", ""));
+ goto out;
+ }
+
+ ret = krb5_kcm_storage_request(context, KCM_OP_GET_CACHE_UUID_LIST, &request);
+ if (ret)
+ goto out;
+
+ ret = krb5_kcm_call(context, request, &response, &response_data);
+ krb5_storage_free(request);
+ if (ret)
+ goto out;
+
+ while (1) {
+ ssize_t sret;
+ kcmuuid_t uuid;
+ void *ptr;
+
+ sret = krb5_storage_read(response, &uuid, sizeof(uuid));
+ if (sret == 0) {
+ ret = 0;
+ break;
+ } else if (sret != sizeof(uuid)) {
+ ret = EINVAL;
+ goto out;
+ }
+
+ ptr = realloc(c->uuids, sizeof(c->uuids[0]) * (c->length + 1));
+ if (ptr == NULL) {
+ ret = ENOMEM;
+ krb5_set_error_message(context, ret,
+ N_("malloc: out of memory", ""));
+ goto out;
+ }
+ c->uuids = ptr;
+
+ memcpy(&c->uuids[c->length], &uuid, sizeof(uuid));
+ c->length += 1;
+ }
+
+ krb5_storage_free(response);
+ krb5_data_free(&response_data);
+
+ out:
+ if (ret && c) {
+ free(c->uuids);
+ free(c);
+ } else
+ *cursor = c;
+
+ return ret;
+}
+
+/*
+ * Send uuid
+ * Recv cache name
+ */
+
+static krb5_error_code
+kcm_get_cache_next(krb5_context context, krb5_cc_cursor cursor, const krb5_cc_ops *ops, krb5_ccache *id)
+{
+ krb5_error_code ret;
+ krb5_kcm_cursor c = KCMCURSOR(cursor);
+ krb5_storage *request, *response;
+ krb5_data response_data;
+ ssize_t sret;
+ char *name;
+
+ *id = NULL;
+
+ again:
+
+ if (c->offset >= c->length)
+ return KRB5_CC_END;
+
+ ret = krb5_kcm_storage_request(context, KCM_OP_GET_CACHE_BY_UUID, &request);
+ if (ret)
+ return ret;
+
+ sret = krb5_storage_write(request,
+ &c->uuids[c->offset],
+ sizeof(c->uuids[c->offset]));
+ c->offset++;
+ if (sret != sizeof(c->uuids[c->offset])) {
+ krb5_storage_free(request);
+ krb5_clear_error_message(context);
+ return ENOMEM;
+ }
+
+ ret = krb5_kcm_call(context, request, &response, &response_data);
+ krb5_storage_free(request);
+ if (ret == KRB5_CC_END)
+ goto again;
+
+ ret = krb5_ret_stringz(response, &name);
+ krb5_storage_free(response);
+ krb5_data_free(&response_data);
+
+ if (ret == 0) {
+ ret = _krb5_cc_allocate(context, ops, id);
+ if (ret == 0)
+ ret = kcm_alloc(context, name, id);
+ krb5_xfree(name);
+ }
+
+ return ret;
+}
+
+static krb5_error_code
+kcm_get_cache_next_kcm(krb5_context context, krb5_cc_cursor cursor, krb5_ccache *id)
+{
+#ifndef KCM_IS_API_CACHE
+ return kcm_get_cache_next(context, cursor, &krb5_kcm_ops, id);
+#else
+ return KRB5_CC_END;
+#endif
+}
+
+static krb5_error_code
+kcm_get_cache_next_api(krb5_context context, krb5_cc_cursor cursor, krb5_ccache *id)
+{
+ return kcm_get_cache_next(context, cursor, &krb5_akcm_ops, id);
+}
+
+
+static krb5_error_code
+kcm_end_cache_get(krb5_context context, krb5_cc_cursor cursor)
+{
+ krb5_kcm_cursor c = KCMCURSOR(cursor);
+
+ free(c->uuids);
+ free(c);
+ return 0;
+}
+
+
static krb5_error_code
kcm_move(krb5_context context, krb5_ccache from, krb5_ccache to)
{
@@ -880,7 +934,7 @@ kcm_move(krb5_context context, krb5_ccache from, krb5_ccache to)
krb5_kcmcache *newk = KCMCACHE(to);
krb5_storage *request;
- ret = kcm_storage_request(context, KCM_OP_MOVE_CACHE, &request);
+ ret = krb5_kcm_storage_request(context, KCM_OP_MOVE_CACHE, &request);
if (ret)
return ret;
@@ -895,18 +949,81 @@ kcm_move(krb5_context context, krb5_ccache from, krb5_ccache to)
krb5_storage_free(request);
return ret;
}
- ret = kcm_call(context, oldk, request, NULL, NULL);
+ ret = krb5_kcm_call(context, request, NULL, NULL);
krb5_storage_free(request);
return ret;
}
static krb5_error_code
-kcm_default_name(krb5_context context, char **str)
+kcm_get_default_name(krb5_context context, const krb5_cc_ops *ops,
+ const char *defstr, char **str)
+{
+ krb5_error_code ret;
+ krb5_storage *request, *response;
+ krb5_data response_data;
+ char *name;
+
+ *str = NULL;
+
+ ret = krb5_kcm_storage_request(context, KCM_OP_GET_DEFAULT_CACHE, &request);
+ if (ret)
+ return ret;
+
+ ret = krb5_kcm_call(context, request, &response, &response_data);
+ krb5_storage_free(request);
+ if (ret)
+ return _krb5_expand_default_cc_name(context, defstr, str);
+
+ ret = krb5_ret_stringz(response, &name);
+ krb5_storage_free(response);
+ krb5_data_free(&response_data);
+ if (ret)
+ return ret;
+
+ asprintf(str, "%s:%s", ops->prefix, name);
+ free(name);
+ if (str == NULL)
+ return ENOMEM;
+
+ return 0;
+}
+
+static krb5_error_code
+kcm_get_default_name_api(krb5_context context, char **str)
+{
+ return kcm_get_default_name(context, &krb5_akcm_ops,
+ KRB5_DEFAULT_CCNAME_KCM_API, str);
+}
+
+static krb5_error_code
+kcm_get_default_name_kcm(krb5_context context, char **str)
{
- return _krb5_expand_default_cc_name(context,
- KRB5_DEFAULT_CCNAME_KCM,
- str);
+ return kcm_get_default_name(context, &krb5_kcm_ops,
+ KRB5_DEFAULT_CCNAME_KCM_KCM, str);
+}
+
+static krb5_error_code
+kcm_set_default(krb5_context context, krb5_ccache id)
+{
+ krb5_error_code ret;
+ krb5_storage *request;
+ krb5_kcmcache *k = KCMCACHE(id);
+
+ ret = krb5_kcm_storage_request(context, KCM_OP_SET_DEFAULT_CACHE, &request);
+ if (ret)
+ return ret;
+
+ ret = krb5_store_stringz(request, k->name);
+ if (ret) {
+ krb5_storage_free(request);
+ return ret;
+ }
+
+ ret = krb5_kcm_call(context, request, NULL, NULL);
+ krb5_storage_free(request);
+
+ return ret;
}
static krb5_error_code
@@ -916,6 +1033,69 @@ kcm_lastchange(krb5_context context, krb5_ccache id, krb5_timestamp *mtime)
return 0;
}
+static krb5_error_code
+kcm_set_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat kdc_offset)
+{
+ krb5_kcmcache *k = KCMCACHE(id);
+ krb5_error_code ret;
+ krb5_storage *request;
+
+ ret = krb5_kcm_storage_request(context, KCM_OP_SET_KDC_OFFSET, &request);
+ if (ret)
+ return ret;
+
+ ret = krb5_store_stringz(request, k->name);
+ if (ret) {
+ krb5_storage_free(request);
+ return ret;
+ }
+ ret = krb5_store_int32(request, kdc_offset);
+ if (ret) {
+ krb5_storage_free(request);
+ return ret;
+ }
+
+ ret = krb5_kcm_call(context, request, NULL, NULL);
+ krb5_storage_free(request);
+
+ return ret;
+}
+
+static krb5_error_code
+kcm_get_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat *kdc_offset)
+{
+ krb5_kcmcache *k = KCMCACHE(id);
+ krb5_error_code ret;
+ krb5_storage *request, *response;
+ krb5_data response_data;
+ int32_t offset;
+
+ ret = krb5_kcm_storage_request(context, KCM_OP_GET_KDC_OFFSET, &request);
+ if (ret)
+ return ret;
+
+ ret = krb5_store_stringz(request, k->name);
+ if (ret) {
+ krb5_storage_free(request);
+ return ret;
+ }
+
+ ret = krb5_kcm_call(context, request, &response, &response_data);
+ krb5_storage_free(request);
+ if (ret)
+ return ret;
+
+ ret = krb5_ret_int32(response, &offset);
+ krb5_storage_free(response);
+ krb5_data_free(&response_data);
+ if (ret)
+ return ret;
+
+ *kdc_offset = offset;
+
+ return 0;
+}
+
/**
* Variable containing the KCM based credential cache implemention.
*
@@ -932,7 +1112,7 @@ KRB5_LIB_VARIABLE const krb5_cc_ops krb5_kcm_ops = {
kcm_destroy,
kcm_close,
kcm_store_cred,
- kcm_retrieve,
+ NULL /* kcm_retrieve */,
kcm_get_principal,
kcm_get_first,
kcm_get_next,
@@ -940,15 +1120,45 @@ KRB5_LIB_VARIABLE const krb5_cc_ops krb5_kcm_ops = {
kcm_remove_cred,
kcm_set_flags,
kcm_get_version,
- NULL,
- NULL,
- NULL,
+ kcm_get_cache_first,
+ kcm_get_cache_next_kcm,
+ kcm_end_cache_get,
kcm_move,
- kcm_default_name,
- NULL,
+ kcm_get_default_name_kcm,
+ kcm_set_default,
+ kcm_lastchange,
+ kcm_set_kdc_offset,
+ kcm_get_kdc_offset
+};
+
+KRB5_LIB_VARIABLE const krb5_cc_ops krb5_akcm_ops = {
+ KRB5_CC_OPS_VERSION,
+ "API",
+ kcm_get_name,
+ kcm_resolve,
+ kcm_gen_new,
+ kcm_initialize,
+ kcm_destroy,
+ kcm_close,
+ kcm_store_cred,
+ NULL /* kcm_retrieve */,
+ kcm_get_principal,
+ kcm_get_first,
+ kcm_get_next,
+ kcm_end_get,
+ kcm_remove_cred,
+ kcm_set_flags,
+ kcm_get_version,
+ kcm_get_cache_first,
+ kcm_get_cache_next_api,
+ kcm_end_cache_get,
+ kcm_move,
+ kcm_get_default_name_api,
+ kcm_set_default,
kcm_lastchange
};
+
krb5_boolean
_krb5_kcm_is_running(krb5_context context)
{
@@ -979,14 +1189,13 @@ _krb5_kcm_noop(krb5_context context,
krb5_ccache id)
{
krb5_error_code ret;
- krb5_kcmcache *k = KCMCACHE(id);
krb5_storage *request;
- ret = kcm_storage_request(context, KCM_OP_NOOP, &request);
+ ret = krb5_kcm_storage_request(context, KCM_OP_NOOP, &request);
if (ret)
return ret;
- ret = kcm_call(context, k, request, NULL, NULL);
+ ret = krb5_kcm_call(context, request, NULL, NULL);
krb5_storage_free(request);
return ret;
@@ -1010,7 +1219,7 @@ _krb5_kcm_chmod(krb5_context context,
krb5_kcmcache *k = KCMCACHE(id);
krb5_storage *request;
- ret = kcm_storage_request(context, KCM_OP_CHMOD, &request);
+ ret = krb5_kcm_storage_request(context, KCM_OP_CHMOD, &request);
if (ret)
return ret;
@@ -1026,7 +1235,7 @@ _krb5_kcm_chmod(krb5_context context,
return ret;
}
- ret = kcm_call(context, k, request, NULL, NULL);
+ ret = krb5_kcm_call(context, request, NULL, NULL);
krb5_storage_free(request);
return ret;
@@ -1052,7 +1261,7 @@ _krb5_kcm_chown(krb5_context context,
krb5_kcmcache *k = KCMCACHE(id);
krb5_storage *request;
- ret = kcm_storage_request(context, KCM_OP_CHOWN, &request);
+ ret = krb5_kcm_storage_request(context, KCM_OP_CHOWN, &request);
if (ret)
return ret;
@@ -1074,7 +1283,7 @@ _krb5_kcm_chown(krb5_context context,
return ret;
}
- ret = kcm_call(context, k, request, NULL, NULL);
+ ret = krb5_kcm_call(context, request, NULL, NULL);
krb5_storage_free(request);
return ret;
@@ -1101,7 +1310,7 @@ _krb5_kcm_get_initial_ticket(krb5_context context,
krb5_error_code ret;
krb5_storage *request;
- ret = kcm_storage_request(context, KCM_OP_GET_INITIAL_TICKET, &request);
+ ret = krb5_kcm_storage_request(context, KCM_OP_GET_INITIAL_TICKET, &request);
if (ret)
return ret;
@@ -1131,7 +1340,7 @@ _krb5_kcm_get_initial_ticket(krb5_context context,
return ret;
}
- ret = kcm_call(context, k, request, NULL, NULL);
+ ret = krb5_kcm_call(context, request, NULL, NULL);
krb5_storage_free(request);
return ret;
@@ -1159,7 +1368,7 @@ _krb5_kcm_get_ticket(krb5_context context,
krb5_kcmcache *k = KCMCACHE(id);
krb5_storage *request;
- ret = kcm_storage_request(context, KCM_OP_GET_TICKET, &request);
+ ret = krb5_kcm_storage_request(context, KCM_OP_GET_TICKET, &request);
if (ret)
return ret;
@@ -1187,7 +1396,7 @@ _krb5_kcm_get_ticket(krb5_context context,
return ret;
}
- ret = kcm_call(context, k, request, NULL, NULL);
+ ret = krb5_kcm_call(context, request, NULL, NULL);
krb5_storage_free(request);
return ret;
diff --git a/source4/heimdal/lib/krb5/keyblock.c b/source4/heimdal/lib/krb5/keyblock.c
index 046caee6d6..2d57e301d5 100644
--- a/source4/heimdal/lib/krb5/keyblock.c
+++ b/source4/heimdal/lib/krb5/keyblock.c
@@ -41,7 +41,7 @@
* @ingroup krb5_crypto
*/
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_keyblock_zero(krb5_keyblock *keyblock)
{
keyblock->keytype = 0;
@@ -57,7 +57,7 @@ krb5_keyblock_zero(krb5_keyblock *keyblock)
* @ingroup krb5_crypto
*/
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_free_keyblock_contents(krb5_context context,
krb5_keyblock *keyblock)
{
@@ -79,7 +79,7 @@ krb5_free_keyblock_contents(krb5_context context,
* @ingroup krb5_crypto
*/
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_free_keyblock(krb5_context context,
krb5_keyblock *keyblock)
{
@@ -102,7 +102,7 @@ krb5_free_keyblock(krb5_context context,
* @ingroup krb5_crypto
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_copy_keyblock_contents (krb5_context context,
const krb5_keyblock *inblock,
krb5_keyblock *to)
@@ -124,7 +124,7 @@ krb5_copy_keyblock_contents (krb5_context context,
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_copy_keyblock (krb5_context context,
const krb5_keyblock *inblock,
krb5_keyblock **to)
@@ -170,7 +170,7 @@ krb5_keyblock_get_enctype(const krb5_keyblock *block)
* @ingroup krb5_crypto
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_keyblock_init(krb5_context context,
krb5_enctype type,
const void *data,
diff --git a/source4/heimdal/lib/krb5/keytab.c b/source4/heimdal/lib/krb5/keytab.c
index fcc74e847e..79b079a056 100644
--- a/source4/heimdal/lib/krb5/keytab.c
+++ b/source4/heimdal/lib/krb5/keytab.c
@@ -143,7 +143,7 @@ main (int argc, char **argv)
* @ingroup krb5_keytab
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_kt_register(krb5_context context,
const krb5_kt_ops *ops)
{
@@ -183,7 +183,7 @@ krb5_kt_register(krb5_context context,
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_kt_resolve(krb5_context context,
const char *name,
krb5_keytab *id)
@@ -244,7 +244,7 @@ krb5_kt_resolve(krb5_context context,
* @ingroup krb5_keytab
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_kt_default_name(krb5_context context, char *name, size_t namesize)
{
if (strlcpy (name, context->default_keytab, namesize) >= namesize) {
@@ -266,7 +266,7 @@ krb5_kt_default_name(krb5_context context, char *name, size_t namesize)
* @ingroup krb5_keytab
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_kt_default_modify_name(krb5_context context, char *name, size_t namesize)
{
const char *kt = NULL;
@@ -303,7 +303,7 @@ krb5_kt_default_modify_name(krb5_context context, char *name, size_t namesize)
* @ingroup krb5_keytab
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_kt_default(krb5_context context, krb5_keytab *id)
{
return krb5_kt_resolve (context, context->default_keytab, id);
@@ -325,7 +325,7 @@ krb5_kt_default(krb5_context context, krb5_keytab *id)
* @ingroup krb5_keytab
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_kt_read_service_key(krb5_context context,
krb5_pointer keyprocarg,
krb5_principal principal,
@@ -368,7 +368,7 @@ krb5_kt_read_service_key(krb5_context context,
* @ingroup krb5_keytab
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_kt_get_type(krb5_context context,
krb5_keytab keytab,
char *prefix,
@@ -391,7 +391,7 @@ krb5_kt_get_type(krb5_context context,
* @ingroup krb5_keytab
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_kt_get_name(krb5_context context,
krb5_keytab keytab,
char *name,
@@ -414,7 +414,7 @@ krb5_kt_get_name(krb5_context context,
* @ingroup krb5_keytab
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_kt_get_full_name(krb5_context context,
krb5_keytab keytab,
char **str)
@@ -454,7 +454,7 @@ krb5_kt_get_full_name(krb5_context context,
* @ingroup krb5_keytab
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_kt_close(krb5_context context,
krb5_keytab id)
{
@@ -478,7 +478,7 @@ krb5_kt_close(krb5_context context,
* @ingroup krb5_keytab
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_kt_destroy(krb5_context context,
krb5_keytab id)
{
@@ -523,7 +523,7 @@ compare_aliseses(krb5_context context,
* @ingroup krb5_keytab
*/
-krb5_boolean KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_kt_compare(krb5_context context,
krb5_keytab_entry *entry,
krb5_const_principal principal,
@@ -590,7 +590,7 @@ _krb5_kt_principal_not_found(krb5_context context,
* @ingroup krb5_keytab
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_kt_get_entry(krb5_context context,
krb5_keytab id,
krb5_const_principal principal,
@@ -651,7 +651,7 @@ krb5_kt_get_entry(krb5_context context,
* @ingroup krb5_keytab
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_kt_copy_entry_contents(krb5_context context,
const krb5_keytab_entry *in,
krb5_keytab_entry *out)
@@ -687,7 +687,7 @@ fail:
* @ingroup krb5_keytab
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_kt_free_entry(krb5_context context,
krb5_keytab_entry *entry)
{
@@ -709,7 +709,7 @@ krb5_kt_free_entry(krb5_context context,
* @ingroup krb5_keytab
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_kt_start_seq_get(krb5_context context,
krb5_keytab id,
krb5_kt_cursor *cursor)
@@ -738,7 +738,7 @@ krb5_kt_start_seq_get(krb5_context context,
* @ingroup krb5_keytab
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_kt_next_entry(krb5_context context,
krb5_keytab id,
krb5_keytab_entry *entry,
@@ -766,7 +766,7 @@ krb5_kt_next_entry(krb5_context context,
* @ingroup krb5_keytab
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_kt_end_seq_get(krb5_context context,
krb5_keytab id,
krb5_kt_cursor *cursor)
@@ -792,7 +792,7 @@ krb5_kt_end_seq_get(krb5_context context,
* @ingroup krb5_keytab
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_kt_add_entry(krb5_context context,
krb5_keytab id,
krb5_keytab_entry *entry)
@@ -820,7 +820,7 @@ krb5_kt_add_entry(krb5_context context,
* @ingroup krb5_keytab
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_kt_remove_entry(krb5_context context,
krb5_keytab id,
krb5_keytab_entry *entry)
diff --git a/source4/heimdal/lib/krb5/krb5-v4compat.h b/source4/heimdal/lib/krb5/krb5-v4compat.h
index dde5fa9cad..324c8c1d3c 100644
--- a/source4/heimdal/lib/krb5/krb5-v4compat.h
+++ b/source4/heimdal/lib/krb5/krb5-v4compat.h
@@ -105,8 +105,12 @@ struct credentials {
#define CLOCK_SKEW 5*60
#ifndef TKT_ROOT
+#ifdef KRB5_USE_PATH_TOKENS
+#define TKT_ROOT "%{TEMP}/tkt"
+#else
#define TKT_ROOT "/tmp/tkt"
#endif
+#endif
struct _krb5_krb_auth_data {
int8_t k_flags; /* Flags from ticket */
@@ -120,11 +124,18 @@ struct _krb5_krb_auth_data {
uint32_t address; /* Address in ticket */
};
-time_t _krb5_krb_life_to_time (int, int);
-int _krb5_krb_time_to_life (time_t, time_t);
-krb5_error_code _krb5_krb_tf_setup (krb5_context, struct credentials *,
- const char *, int);
-krb5_error_code _krb5_krb_dest_tkt(krb5_context, const char *);
+KRB5_LIB_FUNCTION time_t KRB5_LIB_CALL
+_krb5_krb_life_to_time (int, int);
+
+KRB5_LIB_FUNCTION int KRB5_LIB_CALL
+_krb5_krb_time_to_life (time_t, time_t);
+
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
+_krb5_krb_tf_setup (krb5_context, struct credentials *,
+ const char *, int);
+
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
+_krb5_krb_dest_tkt(krb5_context, const char *);
#define krb_time_to_life _krb5_krb_time_to_life
#define krb_life_to_time _krb5_krb_life_to_time
diff --git a/source4/heimdal/lib/krb5/krb5.h b/source4/heimdal/lib/krb5/krb5.h
index 1f2e769728..c810b8bc74 100644
--- a/source4/heimdal/lib/krb5/krb5.h
+++ b/source4/heimdal/lib/krb5/krb5.h
@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -301,7 +303,15 @@ typedef AP_REQ krb5_ap_req;
struct krb5_cc_ops;
+#ifdef _WIN32
+#define KRB5_USE_PATH_TOKENS 1
+#endif
+
+#ifdef KRB5_USE_PATH_TOKENS
+#define KRB5_DEFAULT_CCFILE_ROOT "%{TEMP}/krb5cc_"
+#else
#define KRB5_DEFAULT_CCFILE_ROOT "/tmp/krb5cc_"
+#endif
#define KRB5_DEFAULT_CCROOT "FILE:" KRB5_DEFAULT_CCFILE_ROOT
@@ -311,7 +321,7 @@ struct krb5_cc_ops;
NULL)
typedef void *krb5_cc_cursor;
-typedef struct krb5_cccol_cursor *krb5_cccol_cursor;
+typedef struct krb5_cccol_cursor_data *krb5_cccol_cursor;
typedef struct krb5_ccache_data {
const struct krb5_cc_ops *ops;
@@ -412,7 +422,7 @@ typedef struct krb5_creds {
typedef struct krb5_cc_cache_cursor_data *krb5_cc_cache_cursor;
-#define KRB5_CC_OPS_VERSION 2
+#define KRB5_CC_OPS_VERSION 3
typedef struct krb5_cc_ops {
int version;
@@ -442,6 +452,8 @@ typedef struct krb5_cc_ops {
krb5_error_code (*get_default_name)(krb5_context, char **);
krb5_error_code (*set_default)(krb5_context, krb5_ccache);
krb5_error_code (*lastchange)(krb5_context, krb5_ccache, krb5_timestamp *);
+ krb5_error_code (*set_kdc_offset)(krb5_context, krb5_ccache, krb5_deltat);
+ krb5_error_code (*get_kdc_offset)(krb5_context, krb5_ccache, krb5_deltat *);
} krb5_cc_ops;
struct krb5_log_facility;
@@ -834,6 +846,7 @@ extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_acc_ops;
extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_fcc_ops;
extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_mcc_ops;
extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_kcm_ops;
+extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_akcm_ops;
extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_scc_ops;
extern KRB5_LIB_VARIABLE const krb5_kt_ops krb5_fkt_ops;
diff --git a/source4/heimdal/lib/krb5/krb5_locl.h b/source4/heimdal/lib/krb5/krb5_locl.h
index d436215769..6acaa2c66b 100644
--- a/source4/heimdal/lib/krb5/krb5_locl.h
+++ b/source4/heimdal/lib/krb5/krb5_locl.h
@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -45,6 +47,8 @@
#include <stdlib.h>
#include <limits.h>
+#include <krb5-types.h>
+
#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
@@ -114,6 +118,8 @@ struct sockaddr_dl;
#include <sys/file.h>
#endif
+#include <com_err.h>
+
#define HEIMDAL_TEXTDOMAIN "heimdal_krb5"
#ifdef LIBINTL
@@ -136,8 +142,6 @@ struct sockaddr_dl;
#include <door.h>
#endif
-#include <com_err.h>
-
#include <roken.h>
#include <parse_time.h>
#include <base64.h>
@@ -183,6 +187,7 @@ struct _krb5_krb_auth_data;
#define KEYTAB_DEFAULT "FILE:" SYSCONFDIR "/krb5.keytab"
#define KEYTAB_DEFAULT_MODIFY "FILE:" SYSCONFDIR "/krb5.keytab"
+
#define MODULI_FILE SYSCONFDIR "/krb5.moduli"
#ifndef O_BINARY
@@ -219,6 +224,7 @@ struct _krb5_get_init_creds_opt_private {
int flags;
#define KRB5_INIT_CREDS_CANONICALIZE 1
#define KRB5_INIT_CREDS_NO_C_CANON_CHECK 2
+#define KRB5_INIT_CREDS_NO_C_NO_EKU_CHECK 4
struct {
krb5_gic_process_last_req func;
void *ctx;
@@ -267,20 +273,27 @@ typedef struct krb5_context_data {
#define KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME 1
#define KRB5_CTX_F_CHECK_PAC 2
#define KRB5_CTX_F_HOMEDIR_ACCESS 4
+#define KRB5_CTX_F_SOCKETS_INITIALIZED 8
struct send_to_kdc *send_to_kdc;
#ifdef PKINIT
hx509_context hx509ctx;
#endif
} krb5_context_data;
+#ifndef KRB5_USE_PATH_TOKENS
#define KRB5_DEFAULT_CCNAME_FILE "FILE:/tmp/krb5cc_%{uid}"
+#else
+#define KRB5_DEFAULT_CCNAME_FILE "FILE:%{TEMP}/krb5cc_%{uid}"
+#endif
#define KRB5_DEFAULT_CCNAME_API "API:"
-#define KRB5_DEFAULT_CCNAME_KCM "KCM:%{uid}"
+#define KRB5_DEFAULT_CCNAME_KCM_KCM "KCM:%{uid}"
+#define KRB5_DEFAULT_CCNAME_KCM_API "API:%{uid}"
#define EXTRACT_TICKET_ALLOW_CNAME_MISMATCH 1
#define EXTRACT_TICKET_ALLOW_SERVER_MISMATCH 2
#define EXTRACT_TICKET_MATCH_REALM 4
#define EXTRACT_TICKET_AS_REQ 8
+#define EXTRACT_TICKET_TIMESYNC 16
/*
* Configurable options
@@ -298,6 +311,10 @@ typedef struct krb5_context_data {
#define KRB5_ADDRESSLESS_DEFAULT TRUE
#endif
+#ifndef KRB5_FORWARDABLE_DEFAULT
+#define KRB5_FORWARDABLE_DEFAULT TRUE
+#endif
+
#ifdef PKINIT
struct krb5_pk_identity {
@@ -307,6 +324,8 @@ struct krb5_pk_identity {
hx509_certs anchors;
hx509_certs certpool;
hx509_revoke_ctx revokectx;
+ int flags;
+#define PKINIT_BTMM 1
};
enum krb5_pk_type {
diff --git a/source4/heimdal/lib/krb5/krbhst.c b/source4/heimdal/lib/krb5/krbhst.c
index 4e4b4562e5..3bb00d287d 100644
--- a/source4/heimdal/lib/krb5/krbhst.c
+++ b/source4/heimdal/lib/krb5/krbhst.c
@@ -320,7 +320,7 @@ append_host_string(krb5_context context, struct krb5_krbhst_data *kd,
* return a readable representation of `host' in `hostname, hostlen'
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_krbhst_format_string(krb5_context context, const krb5_krbhst_info *host,
char *hostname, size_t hostlen)
{
@@ -361,7 +361,7 @@ make_hints(struct addrinfo *hints, int proto)
* in `host'. free:ing is handled by krb5_krbhst_free.
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_krbhst_get_addrinfo(krb5_context context, krb5_krbhst_info *host,
struct addrinfo **ai)
{
@@ -857,7 +857,7 @@ common_init(krb5_context context,
* initialize `handle' to look for hosts of type `type' in realm `realm'
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_krbhst_init(krb5_context context,
const char *realm,
unsigned int type,
@@ -866,7 +866,7 @@ krb5_krbhst_init(krb5_context context,
return krb5_krbhst_init_flags(context, realm, type, 0, handle);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_krbhst_init_flags(krb5_context context,
const char *realm,
unsigned int type,
@@ -919,7 +919,7 @@ krb5_krbhst_init_flags(krb5_context context,
* return the next host information from `handle' in `host'
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_krbhst_next(krb5_context context,
krb5_krbhst_handle handle,
krb5_krbhst_info **host)
@@ -935,7 +935,7 @@ krb5_krbhst_next(krb5_context context,
* in `hostname' (or length `hostlen)
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_krbhst_next_as_string(krb5_context context,
krb5_krbhst_handle handle,
char *hostname,
@@ -950,13 +950,13 @@ krb5_krbhst_next_as_string(krb5_context context,
}
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_krbhst_reset(krb5_context context, krb5_krbhst_handle handle)
{
handle->index = &handle->hosts;
}
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_krbhst_free(krb5_context context, krb5_krbhst_handle handle)
{
krb5_krbhst_info *h, *next;
@@ -1021,7 +1021,7 @@ gethostlist(krb5_context context, const char *realm,
* return an malloced list of kadmin-hosts for `realm' in `hostlist'
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_krb_admin_hst (krb5_context context,
const krb5_realm *realm,
char ***hostlist)
@@ -1033,7 +1033,7 @@ krb5_get_krb_admin_hst (krb5_context context,
* return an malloced list of changepw-hosts for `realm' in `hostlist'
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_krb_changepw_hst (krb5_context context,
const krb5_realm *realm,
char ***hostlist)
@@ -1045,7 +1045,7 @@ krb5_get_krb_changepw_hst (krb5_context context,
* return an malloced list of 524-hosts for `realm' in `hostlist'
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_krb524hst (krb5_context context,
const krb5_realm *realm,
char ***hostlist)
@@ -1058,7 +1058,7 @@ krb5_get_krb524hst (krb5_context context,
* return an malloced list of KDC's for `realm' in `hostlist'
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_krbhst (krb5_context context,
const krb5_realm *realm,
char ***hostlist)
@@ -1070,7 +1070,7 @@ krb5_get_krbhst (krb5_context context,
* free all the memory allocated in `hostlist'
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_free_krbhst (krb5_context context,
char **hostlist)
{
diff --git a/source4/heimdal/lib/krb5/log.c b/source4/heimdal/lib/krb5/log.c
index 9f81460973..55c70fc96a 100644
--- a/source4/heimdal/lib/krb5/log.c
+++ b/source4/heimdal/lib/krb5/log.c
@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -113,7 +115,7 @@ find_value(const char *s, struct s2i *table)
return table->val;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_initlog(krb5_context context,
const char *program,
krb5_log_facility **fac)
@@ -135,7 +137,7 @@ krb5_initlog(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_addlog_func(krb5_context context,
krb5_log_facility *fac,
int min,
@@ -268,7 +270,7 @@ open_file(krb5_context context, krb5_log_facility *fac, int min, int max,
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *orig)
{
krb5_error_code ret = 0;
@@ -359,7 +361,7 @@ krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *orig)
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_openlog(krb5_context context,
const char *program,
krb5_log_facility **fac)
@@ -383,7 +385,7 @@ krb5_openlog(krb5_context context,
return ret;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_closelog(krb5_context context,
krb5_log_facility *fac)
{
@@ -402,7 +404,7 @@ krb5_closelog(krb5_context context,
#undef __attribute__
#define __attribute__(X)
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_vlog_msg(krb5_context context,
krb5_log_facility *fac,
char **reply,
@@ -441,7 +443,7 @@ krb5_vlog_msg(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_vlog(krb5_context context,
krb5_log_facility *fac,
int level,
@@ -452,7 +454,7 @@ krb5_vlog(krb5_context context,
return krb5_vlog_msg(context, fac, NULL, level, fmt, ap);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_log_msg(krb5_context context,
krb5_log_facility *fac,
int level,
@@ -471,7 +473,7 @@ krb5_log_msg(krb5_context context,
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_log(krb5_context context,
krb5_log_facility *fac,
int level,
@@ -504,3 +506,11 @@ _krb5_debug(krb5_context context,
krb5_vlog(context, context->debug_dest, level, fmt, ap);
va_end(ap);
}
+
+krb5_boolean KRB5_LIB_FUNCTION
+_krb5_have_debug(krb5_context context, int level)
+{
+ if (context == NULL || context->debug_dest == NULL)
+ return 0 ;
+ return 1;
+}
diff --git a/source4/heimdal/lib/krb5/mcache.c b/source4/heimdal/lib/krb5/mcache.c
index 78ef68db3d..cdafc67bae 100644
--- a/source4/heimdal/lib/krb5/mcache.c
+++ b/source4/heimdal/lib/krb5/mcache.c
@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -44,6 +46,7 @@ typedef struct krb5_mcache {
} *creds;
struct krb5_mcache *next;
time_t mtime;
+ krb5_deltat kdc_offset;
} krb5_mcache;
static HEIMDAL_MUTEX mcc_mutex = HEIMDAL_MUTEX_INITIALIZER;
@@ -93,6 +96,7 @@ mcc_alloc(const char *name)
m->primary_principal = NULL;
m->creds = NULL;
m->mtime = time(NULL);
+ m->kdc_offset = 0;
m->next = mcc_head;
mcc_head = m;
HEIMDAL_MUTEX_unlock(&mcc_mutex);
@@ -462,6 +466,22 @@ mcc_lastchange(krb5_context context, krb5_ccache id, krb5_timestamp *mtime)
return 0;
}
+static krb5_error_code
+mcc_set_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat kdc_offset)
+{
+ krb5_mcache *m = MCACHE(id);
+ m->kdc_offset = kdc_offset;
+ return 0;
+}
+
+static krb5_error_code
+mcc_get_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat *kdc_offset)
+{
+ krb5_mcache *m = MCACHE(id);
+ *kdc_offset = m->kdc_offset;
+ return 0;
+}
+
/**
* Variable containing the MEMORY based credential cache implemention.
@@ -493,5 +513,7 @@ KRB5_LIB_VARIABLE const krb5_cc_ops krb5_mcc_ops = {
mcc_move,
mcc_default_name,
NULL,
- mcc_lastchange
+ mcc_lastchange,
+ mcc_set_kdc_offset,
+ mcc_get_kdc_offset
};
diff --git a/source4/heimdal/lib/krb5/misc.c b/source4/heimdal/lib/krb5/misc.c
index e47383880c..b76c1b584d 100644
--- a/source4/heimdal/lib/krb5/misc.c
+++ b/source4/heimdal/lib/krb5/misc.c
@@ -33,7 +33,7 @@
#include "krb5_locl.h"
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_s4u2self_to_checksumdata(krb5_context context,
const PA_S4U2Self *self,
krb5_data *data)
diff --git a/source4/heimdal/lib/krb5/mit_glue.c b/source4/heimdal/lib/krb5/mit_glue.c
index dab5c6046a..0ff3d7f3c6 100644
--- a/source4/heimdal/lib/krb5/mit_glue.c
+++ b/source4/heimdal/lib/krb5/mit_glue.c
@@ -41,7 +41,7 @@
* Glue for MIT API
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_c_make_checksum(krb5_context context,
krb5_cksumtype cksumtype,
const krb5_keyblock *key,
@@ -63,7 +63,7 @@ krb5_c_make_checksum(krb5_context context,
return ret ;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_c_verify_checksum(krb5_context context, const krb5_keyblock *key,
krb5_keyusage usage, const krb5_data *data,
const krb5_checksum *cksum, krb5_boolean *valid)
@@ -80,7 +80,7 @@ krb5_c_verify_checksum(krb5_context context, const krb5_keyblock *key,
if (data_cksum.cksumtype == cksum->cksumtype
&& data_cksum.checksum.length == cksum->checksum.length
- && memcmp(data_cksum.checksum.data, cksum->checksum.data, cksum->checksum.length) == 0)
+ && ct_memcmp(data_cksum.checksum.data, cksum->checksum.data, cksum->checksum.length) == 0)
*valid = 1;
krb5_free_checksum_contents(context, &data_cksum);
@@ -88,7 +88,7 @@ krb5_c_verify_checksum(krb5_context context, const krb5_keyblock *key,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_c_get_checksum(krb5_context context, const krb5_checksum *cksum,
krb5_cksumtype *type, krb5_data **data)
{
@@ -111,7 +111,7 @@ krb5_c_get_checksum(krb5_context context, const krb5_checksum *cksum,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_c_set_checksum(krb5_context context, krb5_checksum *cksum,
krb5_cksumtype type, const krb5_data *data)
{
@@ -119,51 +119,51 @@ krb5_c_set_checksum(krb5_context context, krb5_checksum *cksum,
return der_copy_octet_string(data, &cksum->checksum);
}
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_free_checksum (krb5_context context, krb5_checksum *cksum)
{
krb5_checksum_free(context, cksum);
free(cksum);
}
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_free_checksum_contents(krb5_context context, krb5_checksum *cksum)
{
krb5_checksum_free(context, cksum);
memset(cksum, 0, sizeof(*cksum));
}
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_checksum_free(krb5_context context, krb5_checksum *cksum)
{
free_Checksum(cksum);
}
-krb5_boolean KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_c_valid_enctype (krb5_enctype etype)
{
return krb5_enctype_valid(NULL, etype);
}
-krb5_boolean KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_c_valid_cksumtype(krb5_cksumtype ctype)
{
return krb5_cksumtype_valid(NULL, ctype);
}
-krb5_boolean KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_c_is_coll_proof_cksum(krb5_cksumtype ctype)
{
return krb5_checksum_is_collision_proof(NULL, ctype);
}
-krb5_boolean KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_c_is_keyed_cksum(krb5_cksumtype ctype)
{
return krb5_checksum_is_keyed(NULL, ctype);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_copy_checksum (krb5_context context,
const krb5_checksum *old,
krb5_checksum **new)
@@ -174,14 +174,14 @@ krb5_copy_checksum (krb5_context context,
return copy_Checksum(old, *new);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_c_checksum_length (krb5_context context, krb5_cksumtype cksumtype,
size_t *length)
{
return krb5_checksumsize(context, cksumtype, length);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_c_block_size(krb5_context context,
krb5_enctype enctype,
size_t *blocksize)
@@ -204,7 +204,7 @@ krb5_c_block_size(krb5_context context,
return ret;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_c_decrypt(krb5_context context,
const krb5_keyblock key,
krb5_keyusage usage,
@@ -244,7 +244,7 @@ krb5_c_decrypt(krb5_context context,
return ret ;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_c_encrypt(krb5_context context,
const krb5_keyblock *key,
krb5_keyusage usage,
@@ -286,7 +286,7 @@ krb5_c_encrypt(krb5_context context,
return ret ;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_c_encrypt_length(krb5_context context,
krb5_enctype enctype,
size_t inputlen,
@@ -311,18 +311,24 @@ krb5_c_encrypt_length(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+/**
+ * Deprecated: keytypes doesn't exists, they are really enctypes.
+ *
+ * @ingroup krb5_deprecated
+ */
+
+KRB5_DEPRECATED
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_c_enctype_compare(krb5_context context,
krb5_enctype e1,
krb5_enctype e2,
krb5_boolean *similar)
- KRB5_DEPRECATED
{
*similar = (e1 == e2);
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_c_make_random_key(krb5_context context,
krb5_enctype enctype,
krb5_keyblock *random_key)
@@ -330,7 +336,7 @@ krb5_c_make_random_key(krb5_context context,
return krb5_generate_random_keyblock(context, enctype, random_key);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_c_keylengths(krb5_context context,
krb5_enctype enctype,
size_t *ilen,
@@ -345,7 +351,7 @@ krb5_c_keylengths(krb5_context context,
return krb5_enctype_keysize(context, enctype, keylen);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_c_prf_length(krb5_context context,
krb5_enctype type,
size_t *length)
@@ -353,7 +359,7 @@ krb5_c_prf_length(krb5_context context,
return krb5_crypto_prf_length(context, type, length);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_c_prf(krb5_context context,
const krb5_keyblock *key,
const krb5_data *input,
@@ -378,7 +384,7 @@ krb5_c_prf(krb5_context context,
* @ingroup krb5_ccache
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_copy_creds(krb5_context context,
const krb5_ccache from,
krb5_ccache to)
diff --git a/source4/heimdal/lib/krb5/mk_error.c b/source4/heimdal/lib/krb5/mk_error.c
index 0de30e4ddb..a837b5e290 100644
--- a/source4/heimdal/lib/krb5/mk_error.c
+++ b/source4/heimdal/lib/krb5/mk_error.c
@@ -33,7 +33,7 @@
#include "krb5_locl.h"
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_mk_error(krb5_context context,
krb5_error_code error_code,
const char *e_text,
diff --git a/source4/heimdal/lib/krb5/mk_priv.c b/source4/heimdal/lib/krb5/mk_priv.c
index 40f09ae33f..833821341d 100644
--- a/source4/heimdal/lib/krb5/mk_priv.c
+++ b/source4/heimdal/lib/krb5/mk_priv.c
@@ -31,9 +31,9 @@
* SUCH DAMAGE.
*/
-#include <krb5_locl.h>
+#include "krb5_locl.h"
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_mk_priv(krb5_context context,
krb5_auth_context auth_context,
const krb5_data *userdata,
diff --git a/source4/heimdal/lib/krb5/mk_rep.c b/source4/heimdal/lib/krb5/mk_rep.c
index 8eef0ea652..2b9c3fbdbb 100644
--- a/source4/heimdal/lib/krb5/mk_rep.c
+++ b/source4/heimdal/lib/krb5/mk_rep.c
@@ -31,9 +31,9 @@
* SUCH DAMAGE.
*/
-#include <krb5_locl.h>
+#include "krb5_locl.h"
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_mk_rep(krb5_context context,
krb5_auth_context auth_context,
krb5_data *outbuf)
diff --git a/source4/heimdal/lib/krb5/mk_req.c b/source4/heimdal/lib/krb5/mk_req.c
index c87fa61293..44e6c8b68a 100644
--- a/source4/heimdal/lib/krb5/mk_req.c
+++ b/source4/heimdal/lib/krb5/mk_req.c
@@ -31,9 +31,9 @@
* SUCH DAMAGE.
*/
-#include <krb5_locl.h>
+#include "krb5_locl.h"
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_mk_req_exact(krb5_context context,
krb5_auth_context *auth_context,
const krb5_flags ap_req_options,
@@ -77,7 +77,7 @@ krb5_mk_req_exact(krb5_context context,
return ret;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_mk_req(krb5_context context,
krb5_auth_context *auth_context,
const krb5_flags ap_req_options,
diff --git a/source4/heimdal/lib/krb5/mk_req_ext.c b/source4/heimdal/lib/krb5/mk_req_ext.c
index 03fc93b02f..af68e4e195 100644
--- a/source4/heimdal/lib/krb5/mk_req_ext.c
+++ b/source4/heimdal/lib/krb5/mk_req_ext.c
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
-#include <krb5_locl.h>
+#include "krb5_locl.h"
krb5_error_code
_krb5_mk_req_internal(krb5_context context,
@@ -143,7 +143,7 @@ out:
return ret;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_mk_req_extended(krb5_context context,
krb5_auth_context *auth_context,
const krb5_flags ap_req_options,
diff --git a/source4/heimdal/lib/krb5/n-fold.c b/source4/heimdal/lib/krb5/n-fold.c
index 0623f6aae1..f94a1ea125 100644
--- a/source4/heimdal/lib/krb5/n-fold.c
+++ b/source4/heimdal/lib/krb5/n-fold.c
@@ -96,7 +96,7 @@ add1(unsigned char *a, unsigned char *b, size_t len)
}
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_n_fold(const void *str, size_t len, void *key, size_t size)
{
/* if len < size we need at most N * len bytes, ie < 2 * size;
diff --git a/source4/heimdal/lib/krb5/padata.c b/source4/heimdal/lib/krb5/padata.c
index aa08248ed1..283a857df5 100644
--- a/source4/heimdal/lib/krb5/padata.c
+++ b/source4/heimdal/lib/krb5/padata.c
@@ -42,7 +42,7 @@ krb5_find_padata(PA_DATA *val, unsigned len, int type, int *idx)
return NULL;
}
-int KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION int KRB5_LIB_CALL
krb5_padata_add(krb5_context context, METHOD_DATA *md,
int type, void *buf, size_t len)
{
diff --git a/source4/heimdal/lib/krb5/pkinit.c b/source4/heimdal/lib/krb5/pkinit.c
index 341f6a3ee9..6711c7702f 100644
--- a/source4/heimdal/lib/krb5/pkinit.c
+++ b/source4/heimdal/lib/krb5/pkinit.c
@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -89,7 +91,7 @@ pk_copy_error(krb5_context context,
*
*/
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
_krb5_pk_cert_free(struct krb5_pk_cert *cert)
{
if (cert->cert) {
@@ -180,18 +182,26 @@ static krb5_error_code
find_cert(krb5_context context, struct krb5_pk_identity *id,
hx509_query *q, hx509_cert *cert)
{
- struct certfind cf[3] = {
+ struct certfind cf[4] = {
+ { "MobileMe EKU" },
{ "PKINIT EKU" },
{ "MS EKU" },
{ "any (or no)" }
};
- int i, ret;
+ int i, ret, start = 1;
+ unsigned oids[] = { 1, 2, 840, 113635, 100, 3, 2, 1 };
+ const heim_oid mobileMe = { sizeof(oids)/sizeof(oids[0]), oids };
+
+
+ if (id->flags & PKINIT_BTMM)
+ start = 0;
- cf[0].oid = &asn1_oid_id_pkekuoid;
- cf[1].oid = &asn1_oid_id_pkinit_ms_eku;
- cf[2].oid = NULL;
+ cf[0].oid = &mobileMe;
+ cf[1].oid = &asn1_oid_id_pkekuoid;
+ cf[2].oid = &asn1_oid_id_pkinit_ms_eku;
+ cf[3].oid = NULL;
- for (i = 0; i < sizeof(cf)/sizeof(cf[0]); i++) {
+ for (i = start; i < sizeof(cf)/sizeof(cf[0]); i++) {
ret = hx509_query_match_eku(q, cf[i].oid);
if (ret) {
pk_copy_error(context, context->hx509ctx, ret,
@@ -344,7 +354,7 @@ build_edi(krb5_context context,
hx509_certs certs,
ExternalPrincipalIdentifiers *ids)
{
- return hx509_certs_iter(hx509ctx, certs, cert2epi, ids);
+ return hx509_certs_iter_f(hx509ctx, certs, cert2epi, ids);
}
static krb5_error_code
@@ -607,7 +617,7 @@ build_auth_pack(krb5_context context,
return ret;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_pk_mk_ContentInfo(krb5_context context,
const krb5_data *buf,
const heim_oid *oid,
@@ -797,9 +807,11 @@ pk_mk_padata(krb5_context context,
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_pk_mk_padata(krb5_context context,
void *c,
+ int ic_flags,
+ int win2k,
const KDC_REQ_BODY *req_body,
unsigned nonce,
METHOD_DATA *md)
@@ -814,7 +826,7 @@ _krb5_pk_mk_padata(krb5_context context,
}
win2k_compat = krb5_config_get_bool_default(context, NULL,
- FALSE,
+ win2k,
"realms",
req_body->realm,
"pkinit_win2k",
@@ -823,7 +835,7 @@ _krb5_pk_mk_padata(krb5_context context,
if (win2k_compat) {
ctx->require_binding =
krb5_config_get_bool_default(context, NULL,
- FALSE,
+ TRUE,
"realms",
req_body->realm,
"pkinit_win2k_require_binding",
@@ -839,6 +851,11 @@ _krb5_pk_mk_padata(krb5_context context,
req_body->realm,
"pkinit_require_eku",
NULL);
+ if (ic_flags & KRB5_INIT_CREDS_NO_C_NO_EKU_CHECK)
+ ctx->require_eku = 0;
+ if (ctx->id->flags & PKINIT_BTMM)
+ ctx->require_eku = 0;
+
ctx->require_krbtgt_otherName =
krb5_config_get_bool_default(context, NULL,
TRUE,
@@ -876,13 +893,20 @@ pk_verify_sign(krb5_context context,
struct krb5_pk_cert **signer)
{
hx509_certs signer_certs;
- int ret;
+ int ret, flags = 0;
+
+ /* BTMM is broken in Leo and SnowLeo */
+ if (id->flags & PKINIT_BTMM) {
+ flags |= HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH;
+ flags |= HX509_CMS_VS_NO_KU_CHECK;
+ flags |= HX509_CMS_VS_NO_VALIDATE;
+ }
*signer = NULL;
ret = hx509_cms_verify_signed(context->hx509ctx,
id->verify_ctx,
- HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH|HX509_CMS_VS_NO_KU_CHECK,
+ flags,
data,
length,
NULL,
@@ -1510,7 +1534,7 @@ pk_rd_pa_reply_dh(krb5_context context,
return ret;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_pk_rd_pa_reply(krb5_context context,
const char *realm,
void *c,
@@ -1549,9 +1573,11 @@ _krb5_pk_rd_pa_reply(krb5_context context,
switch (rep.element) {
case choice_PA_PK_AS_REP_dhInfo:
+ _krb5_debug(context, 5, "krb5_get_init_creds: using pkinit dh");
os = rep.u.dhInfo.dhSignedData;
break;
case choice_PA_PK_AS_REP_encKeyPack:
+ _krb5_debug(context, 5, "krb5_get_init_creds: using kinit enc reply key");
os = rep.u.encKeyPack;
break;
default: {
@@ -1559,6 +1585,8 @@ _krb5_pk_rd_pa_reply(krb5_context context,
free_PA_PK_AS_REP(&rep);
memset(&rep, 0, sizeof(rep));
+ _krb5_debug(context, 5, "krb5_get_init_creds: using BTMM kinit enc reply key");
+
ret = decode_PA_PK_AS_REP_BTMM(pa->padata_value.data,
pa->padata_value.length,
&btmm,
@@ -1727,6 +1755,7 @@ hx_pass_prompter(void *data, const hx509_prompt *prompter)
static krb5_error_code
_krb5_pk_set_user_id(krb5_context context,
+ krb5_principal principal,
krb5_pk_init_ctx ctx,
struct hx509_certs_data *certs)
{
@@ -1754,13 +1783,50 @@ _krb5_pk_set_user_id(krb5_context context,
hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY);
hx509_query_match_option(q, HX509_QUERY_OPTION_KU_DIGITALSIGNATURE);
+ if (principal && strncmp("LKDC:SHA1.", krb5_principal_get_realm(context, principal), 9) == 0) {
+ ctx->id->flags |= PKINIT_BTMM;
+ }
+
ret = find_cert(context, ctx->id, q, &ctx->id->cert);
hx509_query_free(context->hx509ctx, q);
+ if (ret == 0 && _krb5_have_debug(context, 2)) {
+ hx509_name name;
+ char *str, *sn;
+ heim_integer i;
+
+ ret = hx509_cert_get_subject(ctx->id->cert, &name);
+ if (ret)
+ goto out;
+
+ ret = hx509_name_to_string(name, &str);
+ hx509_name_free(&name);
+ if (ret)
+ goto out;
+
+ ret = hx509_cert_get_serialnumber(ctx->id->cert, &i);
+ if (ret) {
+ free(str);
+ goto out;
+ }
+
+ ret = der_print_hex_heim_integer(&i, &sn);
+ der_free_heim_integer(&i);
+ if (ret) {
+ free(name);
+ goto out;
+ }
+
+ _krb5_debug(context, 2, "using cert: subject: %s sn: %s", str, sn);
+ free(str);
+ free(sn);
+ }
+ out:
+
return ret;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_pk_load_id(krb5_context context,
struct krb5_pk_identity **ret_id,
const char *user_id,
@@ -1893,7 +1959,6 @@ _krb5_pk_load_id(krb5_context context,
hx509_certs_free(&id->anchors);
hx509_certs_free(&id->certpool);
hx509_revoke_free(&id->revokectx);
- hx509_context_free(&context->hx509ctx);
free(id);
} else
*ret_id = id;
@@ -2225,7 +2290,7 @@ _krb5_dh_group_ok(krb5_context context, unsigned long bits,
}
#endif /* PKINIT */
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
_krb5_get_init_creds_opt_free_pkinit(krb5_get_init_creds_opt *opt)
{
#ifdef PKINIT
@@ -2269,7 +2334,7 @@ _krb5_get_init_creds_opt_free_pkinit(krb5_get_init_creds_opt *opt)
#endif
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_init_creds_opt_set_pkinit(krb5_context context,
krb5_get_init_creds_opt *opt,
krb5_principal principal,
@@ -2344,6 +2409,7 @@ krb5_get_init_creds_opt_set_pkinit(krb5_context context,
if (opt->opt_private->pk_init_ctx->id->certs) {
_krb5_pk_set_user_id(context,
+ principal,
opt->opt_private->pk_init_ctx,
opt->opt_private->pk_init_ctx->id->certs);
} else
@@ -2404,7 +2470,7 @@ _krb5_get_init_creds_opt_set_pkinit_user_certs(krb5_context context,
return EINVAL;
}
- _krb5_pk_set_user_id(context, opt->opt_private->pk_init_ctx, certs);
+ _krb5_pk_set_user_id(context, NULL, opt->opt_private->pk_init_ctx, certs);
return 0;
#else
@@ -2461,7 +2527,7 @@ find_ms_san(hx509_context context, hx509_cert cert, void *ctx)
* Private since it need to be redesigned using krb5_get_init_creds()
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_pk_enterprise_cert(krb5_context context,
const char *user_id,
krb5_const_realm realm,
@@ -2480,7 +2546,7 @@ _krb5_pk_enterprise_cert(krb5_context context,
*res = NULL;
if (user_id == NULL) {
- krb5_clear_error_message(context);
+ krb5_set_error_message(context, ENOENT, "no user id");
return ENOENT;
}
@@ -2488,14 +2554,14 @@ _krb5_pk_enterprise_cert(krb5_context context,
if (ret) {
pk_copy_error(context, context->hx509ctx, ret,
"Failed to init cert certs");
- return ret;
+ goto out;
}
ret = hx509_query_alloc(context->hx509ctx, &q);
if (ret) {
krb5_set_error_message(context, ret, "out of memory");
hx509_certs_free(&certs);
- return ret;
+ goto out;
}
hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY);
diff --git a/source4/heimdal/lib/krb5/plugin.c b/source4/heimdal/lib/krb5/plugin.c
index 027f2a72a7..aa71e29b39 100644
--- a/source4/heimdal/lib/krb5/plugin.c
+++ b/source4/heimdal/lib/krb5/plugin.c
@@ -205,7 +205,7 @@ load_plugins(krb5_context context)
d = opendir(*di);
if (d == NULL)
continue;
- rk_cloexec(dirfd(d));
+ rk_cloexec_dir(d);
while ((entry = readdir(d)) != NULL) {
char *n = entry->d_name;
diff --git a/source4/heimdal/lib/krb5/principal.c b/source4/heimdal/lib/krb5/principal.c
index d854113a43..00c967a72e 100644
--- a/source4/heimdal/lib/krb5/principal.c
+++ b/source4/heimdal/lib/krb5/principal.c
@@ -76,7 +76,7 @@ host/admin@H5L.ORG
* @ingroup krb5_principal
*/
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_free_principal(krb5_context context,
krb5_principal p)
{
@@ -98,7 +98,7 @@ krb5_free_principal(krb5_context context,
* @ingroup krb5_principal
*/
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_principal_set_type(krb5_context context,
krb5_principal principal,
int type)
@@ -117,7 +117,7 @@ krb5_principal_set_type(krb5_context context,
* @ingroup krb5_principal
*/
-int KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION int KRB5_LIB_CALL
krb5_principal_get_type(krb5_context context,
krb5_const_principal principal)
{
@@ -135,14 +135,14 @@ krb5_principal_get_type(krb5_context context,
* @ingroup krb5_principal
*/
-const char* KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
krb5_principal_get_realm(krb5_context context,
krb5_const_principal principal)
{
return princ_realm(principal);
}
-const char* KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
krb5_principal_get_comp_string(krb5_context context,
krb5_const_principal principal,
unsigned int component)
@@ -163,7 +163,7 @@ krb5_principal_get_comp_string(krb5_context context,
* @ingroup krb5_principal
*/
-unsigned int KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION unsigned int KRB5_LIB_CALL
krb5_principal_get_num_comp(krb5_context context,
krb5_const_principal principal)
{
@@ -183,7 +183,7 @@ krb5_principal_get_num_comp(krb5_context context,
* @ingroup krb5_principal
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_parse_name_flags(krb5_context context,
const char *name,
int flags,
@@ -384,7 +384,7 @@ exit:
* @ingroup krb5_principal
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_parse_name(krb5_context context,
const char *name,
krb5_principal *principal)
@@ -485,7 +485,7 @@ unparse_name_fixed(krb5_context context,
* @ingroup krb5_principal
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_unparse_name_fixed(krb5_context context,
krb5_const_principal principal,
char *name,
@@ -508,7 +508,7 @@ krb5_unparse_name_fixed(krb5_context context,
* @ingroup krb5_principal
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_unparse_name_fixed_short(krb5_context context,
krb5_const_principal principal,
char *name,
@@ -532,7 +532,7 @@ krb5_unparse_name_fixed_short(krb5_context context,
* @ingroup krb5_principal
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_unparse_name_fixed_flags(krb5_context context,
krb5_const_principal principal,
int flags,
@@ -596,7 +596,7 @@ unparse_name(krb5_context context,
* @ingroup krb5_principal
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_unparse_name(krb5_context context,
krb5_const_principal principal,
char **name)
@@ -617,7 +617,7 @@ krb5_unparse_name(krb5_context context,
* @ingroup krb5_principal
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_unparse_name_flags(krb5_context context,
krb5_const_principal principal,
int flags,
@@ -639,7 +639,7 @@ krb5_unparse_name_flags(krb5_context context,
* @ingroup krb5_principal
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_unparse_name_short(krb5_context context,
krb5_const_principal principal,
char **name)
@@ -660,7 +660,7 @@ krb5_unparse_name_short(krb5_context context,
* @ingroup krb5_principal
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_principal_set_realm(krb5_context context,
krb5_principal principal,
krb5_const_realm realm)
@@ -692,7 +692,7 @@ krb5_principal_set_realm(krb5_context context,
* @ingroup krb5_principal
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_build_principal(krb5_context context,
krb5_principal *principal,
int rlen,
@@ -828,8 +828,7 @@ build_principal(krb5_context context,
return 0;
}
-
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_build_principal_va(krb5_context context,
krb5_principal *principal,
int rlen,
@@ -839,7 +838,7 @@ krb5_build_principal_va(krb5_context context,
return build_principal(context, principal, rlen, realm, va_princ, ap);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_build_principal_va_ext(krb5_context context,
krb5_principal *principal,
int rlen,
@@ -850,7 +849,7 @@ krb5_build_principal_va_ext(krb5_context context,
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_build_principal_ext(krb5_context context,
krb5_principal *principal,
int rlen,
@@ -878,7 +877,7 @@ krb5_build_principal_ext(krb5_context context,
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_copy_principal(krb5_context context,
krb5_const_principal inprinc,
krb5_principal *outprinc)
@@ -913,7 +912,7 @@ krb5_copy_principal(krb5_context context,
* @see krb5_realm_compare()
*/
-krb5_boolean KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_principal_compare_any_realm(krb5_context context,
krb5_const_principal princ1,
krb5_const_principal princ2)
@@ -928,7 +927,7 @@ krb5_principal_compare_any_realm(krb5_context context,
return TRUE;
}
-krb5_boolean KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
_krb5_principal_compare_PrincipalName(krb5_context context,
krb5_const_principal princ1,
PrincipalName *princ2)
@@ -961,7 +960,7 @@ _krb5_principal_compare_PrincipalName(krb5_context context,
* return TRUE iff princ1 == princ2
*/
-krb5_boolean KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_principal_compare(krb5_context context,
krb5_const_principal princ1,
krb5_const_principal princ2)
@@ -983,7 +982,7 @@ krb5_principal_compare(krb5_context context,
* @see krb5_principal_compare()
*/
-krb5_boolean KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_realm_compare(krb5_context context,
krb5_const_principal princ1,
krb5_const_principal princ2)
@@ -997,7 +996,7 @@ krb5_realm_compare(krb5_context context,
* @ingroup krb5_principal
*/
-krb5_boolean KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_principal_match(krb5_context context,
krb5_const_principal princ,
krb5_const_principal pattern)
@@ -1083,7 +1082,7 @@ get_name_conversion(krb5_context context, const char *realm, const char *name)
* if `func', use that function for validating the conversion
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_425_conv_principal_ext2(krb5_context context,
const char *name,
const char *instance,
@@ -1375,7 +1374,7 @@ name_convert(krb5_context context, const char *name, const char *realm,
* three parameters. They have to be 40 bytes each (ANAME_SZ).
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_524_conv_principal(krb5_context context,
const krb5_principal principal,
char *name,
@@ -1461,7 +1460,7 @@ krb5_524_conv_principal(krb5_context context,
* @ingroup krb5_principal
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_sname_to_principal (krb5_context context,
const char *hostname,
const char *sname,
diff --git a/source4/heimdal/lib/krb5/prog_setup.c b/source4/heimdal/lib/krb5/prog_setup.c
index 4c060973d6..21afbf8d10 100644
--- a/source4/heimdal/lib/krb5/prog_setup.c
+++ b/source4/heimdal/lib/krb5/prog_setup.c
@@ -35,17 +35,17 @@
#include <getarg.h>
#include <err.h>
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_std_usage(int code, struct getargs *args, int num_args)
{
arg_printusage(args, num_args, NULL, "");
exit(code);
}
-int KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION int KRB5_LIB_CALL
krb5_program_setup(krb5_context *context, int argc, char **argv,
struct getargs *args, int num_args,
- void (*usage)(int, struct getargs*, int))
+ void (KRB5_LIB_CALL *usage)(int, struct getargs*, int))
{
krb5_error_code ret;
int optidx = 0;
diff --git a/source4/heimdal/lib/krb5/prompter_posix.c b/source4/heimdal/lib/krb5/prompter_posix.c
index 05deaff525..875fd99c40 100644
--- a/source4/heimdal/lib/krb5/prompter_posix.c
+++ b/source4/heimdal/lib/krb5/prompter_posix.c
@@ -33,7 +33,7 @@
#include "krb5_locl.h"
-int KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION int
krb5_prompter_posix (krb5_context context,
void *data,
const char *name,
diff --git a/source4/heimdal/lib/krb5/rd_cred.c b/source4/heimdal/lib/krb5/rd_cred.c
index f41edfa2b5..094f748b9f 100644
--- a/source4/heimdal/lib/krb5/rd_cred.c
+++ b/source4/heimdal/lib/krb5/rd_cred.c
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
-#include <krb5_locl.h>
+#include "krb5_locl.h"
static krb5_error_code
compare_addrs(krb5_context context,
@@ -52,7 +52,7 @@ compare_addrs(krb5_context context,
return KRB5KRB_AP_ERR_BADADDR;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_rd_cred(krb5_context context,
krb5_auth_context auth_context,
krb5_data *in_data,
@@ -322,7 +322,7 @@ krb5_rd_cred(krb5_context context,
return ret;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_rd_cred2 (krb5_context context,
krb5_auth_context auth_context,
krb5_ccache ccache,
diff --git a/source4/heimdal/lib/krb5/rd_error.c b/source4/heimdal/lib/krb5/rd_error.c
index 1561188fad..d778c68cd6 100644
--- a/source4/heimdal/lib/krb5/rd_error.c
+++ b/source4/heimdal/lib/krb5/rd_error.c
@@ -33,7 +33,7 @@
#include "krb5_locl.h"
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_rd_error(krb5_context context,
const krb5_data *msg,
KRB_ERROR *result)
@@ -51,7 +51,7 @@ krb5_rd_error(krb5_context context,
return 0;
}
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_free_error_contents (krb5_context context,
krb5_error *error)
{
@@ -59,7 +59,7 @@ krb5_free_error_contents (krb5_context context,
memset(error, 0, sizeof(*error));
}
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_free_error (krb5_context context,
krb5_error *error)
{
@@ -67,7 +67,7 @@ krb5_free_error (krb5_context context,
free (error);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_error_from_rd_error(krb5_context context,
const krb5_error *error,
const krb5_creds *creds)
diff --git a/source4/heimdal/lib/krb5/rd_priv.c b/source4/heimdal/lib/krb5/rd_priv.c
index fb6cfcee4f..8a46195b69 100644
--- a/source4/heimdal/lib/krb5/rd_priv.c
+++ b/source4/heimdal/lib/krb5/rd_priv.c
@@ -31,9 +31,9 @@
* SUCH DAMAGE.
*/
-#include <krb5_locl.h>
+#include "krb5_locl.h"
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_rd_priv(krb5_context context,
krb5_auth_context auth_context,
const krb5_data *inbuf,
diff --git a/source4/heimdal/lib/krb5/rd_rep.c b/source4/heimdal/lib/krb5/rd_rep.c
index 2d5792cd40..f8963a53b2 100644
--- a/source4/heimdal/lib/krb5/rd_rep.c
+++ b/source4/heimdal/lib/krb5/rd_rep.c
@@ -31,9 +31,9 @@
* SUCH DAMAGE.
*/
-#include <krb5_locl.h>
+#include "krb5_locl.h"
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_rd_rep(krb5_context context,
krb5_auth_context auth_context,
const krb5_data *inbuf,
@@ -108,7 +108,7 @@ krb5_rd_rep(krb5_context context,
return ret;
}
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_free_ap_rep_enc_part (krb5_context context,
krb5_ap_rep_enc_part *val)
{
diff --git a/source4/heimdal/lib/krb5/rd_req.c b/source4/heimdal/lib/krb5/rd_req.c
index 330c2c3c15..6b2ffbdaac 100644
--- a/source4/heimdal/lib/krb5/rd_req.c
+++ b/source4/heimdal/lib/krb5/rd_req.c
@@ -1,3 +1,4 @@
+
/*
* Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
@@ -31,7 +32,7 @@
* SUCH DAMAGE.
*/
-#include <krb5_locl.h>
+#include "krb5_locl.h"
static krb5_error_code
decrypt_tkt_enc_part (krb5_context context,
@@ -102,7 +103,7 @@ decrypt_authenticator (krb5_context context,
return ret;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_decode_ap_req(krb5_context context,
const krb5_data *inbuf,
krb5_ap_req *ap_req)
@@ -217,7 +218,7 @@ find_etypelist(krb5_context context,
return ret;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_decrypt_ticket(krb5_context context,
Ticket *ticket,
krb5_keyblock *key,
@@ -266,7 +267,7 @@ krb5_decrypt_ticket(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_verify_authenticator_checksum(krb5_context context,
krb5_auth_context ac,
void *data,
@@ -308,7 +309,7 @@ out:
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_verify_ap_req(krb5_context context,
krb5_auth_context *auth_context,
krb5_ap_req *ap_req,
@@ -329,7 +330,7 @@ krb5_verify_ap_req(krb5_context context,
KRB5_KU_AP_REQ_AUTH);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_verify_ap_req2(krb5_context context,
krb5_auth_context *auth_context,
krb5_ap_req *ap_req,
@@ -538,7 +539,7 @@ struct krb5_rd_req_out_ctx_data {
* @ingroup krb5_auth
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_rd_req_in_ctx_alloc(krb5_context context, krb5_rd_req_in_ctx *ctx)
{
*ctx = calloc(1, sizeof(**ctx));
@@ -565,7 +566,7 @@ krb5_rd_req_in_ctx_alloc(krb5_context context, krb5_rd_req_in_ctx *ctx)
* @ingroup krb5_auth
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_rd_req_in_set_keytab(krb5_context context,
krb5_rd_req_in_ctx in,
krb5_keytab keytab)
@@ -586,7 +587,7 @@ krb5_rd_req_in_set_keytab(krb5_context context,
* @ingroup krb5_auth
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_rd_req_in_set_pac_check(krb5_context context,
krb5_rd_req_in_ctx in,
krb5_boolean flag)
@@ -596,7 +597,7 @@ krb5_rd_req_in_set_pac_check(krb5_context context,
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_rd_req_in_set_keyblock(krb5_context context,
krb5_rd_req_in_ctx in,
krb5_keyblock *keyblock)
@@ -605,7 +606,7 @@ krb5_rd_req_in_set_keyblock(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_rd_req_out_get_ap_req_options(krb5_context context,
krb5_rd_req_out_ctx out,
krb5_flags *ap_req_options)
@@ -614,7 +615,7 @@ krb5_rd_req_out_get_ap_req_options(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_rd_req_out_get_ticket(krb5_context context,
krb5_rd_req_out_ctx out,
krb5_ticket **ticket)
@@ -622,7 +623,7 @@ krb5_rd_req_out_get_ticket(krb5_context context,
return krb5_copy_ticket(context, out->ticket, ticket);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_rd_req_out_get_keyblock(krb5_context context,
krb5_rd_req_out_ctx out,
krb5_keyblock **keyblock)
@@ -642,7 +643,7 @@ krb5_rd_req_out_get_keyblock(krb5_context context,
* @ingroup krb5_auth
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_rd_req_out_get_server(krb5_context context,
krb5_rd_req_out_ctx out,
krb5_principal *principal)
@@ -650,7 +651,7 @@ krb5_rd_req_out_get_server(krb5_context context,
return krb5_copy_principal(context, out->server, principal);
}
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_rd_req_in_ctx_free(krb5_context context, krb5_rd_req_in_ctx ctx)
{
free(ctx);
@@ -665,7 +666,7 @@ krb5_rd_req_in_ctx_free(krb5_context context, krb5_rd_req_in_ctx ctx)
* @ingroup krb5_auth
*/
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_rd_req_out_ctx_free(krb5_context context, krb5_rd_req_out_ctx ctx)
{
if (ctx->ticket)
@@ -681,7 +682,7 @@ krb5_rd_req_out_ctx_free(krb5_context context, krb5_rd_req_out_ctx ctx)
*
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_rd_req(krb5_context context,
krb5_auth_context *auth_context,
const krb5_data *inbuf,
@@ -726,7 +727,7 @@ out:
*
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_rd_req_with_keyblock(krb5_context context,
krb5_auth_context *auth_context,
const krb5_data *inbuf,
@@ -834,7 +835,7 @@ out:
* @ingroup krb5_auth
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_rd_req_ctx(krb5_context context,
krb5_auth_context *auth_context,
const krb5_data *inbuf,
diff --git a/source4/heimdal/lib/krb5/replay.c b/source4/heimdal/lib/krb5/replay.c
index 0cad91e437..f4eb9032d7 100644
--- a/source4/heimdal/lib/krb5/replay.c
+++ b/source4/heimdal/lib/krb5/replay.c
@@ -38,7 +38,7 @@ struct krb5_rcache_data {
char *name;
};
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_rc_resolve(krb5_context context,
krb5_rcache id,
const char *name)
@@ -52,7 +52,7 @@ krb5_rc_resolve(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_rc_resolve_type(krb5_context context,
krb5_rcache *id,
const char *type)
@@ -73,7 +73,7 @@ krb5_rc_resolve_type(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_rc_resolve_full(krb5_context context,
krb5_rcache *id,
const char *string_name)
@@ -99,19 +99,19 @@ krb5_rc_resolve_full(krb5_context context,
return ret;
}
-const char* KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
krb5_rc_default_name(krb5_context context)
{
return "FILE:/var/run/default_rcache";
}
-const char* KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
krb5_rc_default_type(krb5_context context)
{
return "FILE";
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_rc_default(krb5_context context,
krb5_rcache *id)
{
@@ -123,7 +123,7 @@ struct rc_entry{
unsigned char data[16];
};
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_rc_initialize(krb5_context context,
krb5_rcache id,
krb5_deltat auth_lifespan)
@@ -135,7 +135,7 @@ krb5_rc_initialize(krb5_context context,
if(f == NULL) {
char buf[128];
ret = errno;
- strerror_r(ret, buf, sizeof(buf));
+ rk_strerror_r(ret, buf, sizeof(buf));
krb5_set_error_message(context, ret, "open(%s): %s", id->name, buf);
return ret;
}
@@ -145,14 +145,14 @@ krb5_rc_initialize(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_rc_recover(krb5_context context,
krb5_rcache id)
{
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_rc_destroy(krb5_context context,
krb5_rcache id)
{
@@ -161,14 +161,14 @@ krb5_rc_destroy(krb5_context context,
if(remove(id->name) < 0) {
char buf[128];
ret = errno;
- strerror_r(ret, buf, sizeof(buf));
+ rk_strerror_r(ret, buf, sizeof(buf));
krb5_set_error_message(context, ret, "remove(%s): %s", id->name, buf);
return ret;
}
return krb5_rc_close(context, id);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_rc_close(krb5_context context,
krb5_rcache id)
{
@@ -196,7 +196,7 @@ checksum_authenticator(Authenticator *auth, void *data)
EVP_MD_CTX_destroy(m);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_rc_store(krb5_context context,
krb5_rcache id,
krb5_donot_replay *rep)
@@ -212,7 +212,7 @@ krb5_rc_store(krb5_context context,
if(f == NULL) {
char buf[128];
ret = errno;
- strerror_r(ret, buf, sizeof(buf));
+ rk_strerror_r(ret, buf, sizeof(buf));
krb5_set_error_message(context, ret, "open(%s): %s", id->name, buf);
return ret;
}
@@ -232,7 +232,7 @@ krb5_rc_store(krb5_context context,
char buf[128];
ret = errno;
fclose(f);
- strerror_r(ret, buf, sizeof(buf));
+ rk_strerror_r(ret, buf, sizeof(buf));
krb5_set_error_message(context, ret, "%s: %s",
id->name, buf);
return ret;
@@ -241,7 +241,7 @@ krb5_rc_store(krb5_context context,
f = fopen(id->name, "a");
if(f == NULL) {
char buf[128];
- strerror_r(errno, buf, sizeof(buf));
+ rk_strerror_r(errno, buf, sizeof(buf));
krb5_set_error_message(context, KRB5_RC_IO_UNKNOWN,
"open(%s): %s", id->name, buf);
return KRB5_RC_IO_UNKNOWN;
@@ -251,14 +251,14 @@ krb5_rc_store(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_rc_expunge(krb5_context context,
krb5_rcache id)
{
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_rc_get_lifespan(krb5_context context,
krb5_rcache id,
krb5_deltat *auth_lifespan)
@@ -276,21 +276,21 @@ krb5_rc_get_lifespan(krb5_context context,
return KRB5_RC_IO_UNKNOWN;
}
-const char* KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
krb5_rc_get_name(krb5_context context,
krb5_rcache id)
{
return id->name;
}
-const char* KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
krb5_rc_get_type(krb5_context context,
krb5_rcache id)
{
return "FILE";
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_server_rcache(krb5_context context,
const krb5_data *piece,
krb5_rcache *id)
diff --git a/source4/heimdal/lib/krb5/send_to_kdc.c b/source4/heimdal/lib/krb5/send_to_kdc.c
index 0efe14eb4f..a9be31e819 100644
--- a/source4/heimdal/lib/krb5/send_to_kdc.c
+++ b/source4/heimdal/lib/krb5/send_to_kdc.c
@@ -47,7 +47,7 @@ struct send_to_kdc {
*/
static int
-recv_loop (int fd,
+recv_loop (krb5_socket_t fd,
time_t tmout,
int udp,
size_t limit,
@@ -58,9 +58,11 @@ recv_loop (int fd,
int ret;
int nbytes;
+#ifndef NO_LIMIT_FD_SETSIZE
if (fd >= FD_SETSIZE) {
return -1;
}
+#endif
krb5_data_zero(rep);
do {
@@ -78,7 +80,7 @@ recv_loop (int fd,
} else {
void *tmp;
- if (ioctl (fd, FIONREAD, &nbytes) < 0) {
+ if (rk_SOCK_IOCTL (fd, FIONREAD, &nbytes) < 0) {
krb5_data_free (rep);
return -1;
}
@@ -111,7 +113,7 @@ recv_loop (int fd,
*/
static int
-send_and_recv_udp(int fd,
+send_and_recv_udp(krb5_socket_t fd,
time_t tmout,
const krb5_data *req,
krb5_data *rep)
@@ -130,7 +132,7 @@ send_and_recv_udp(int fd,
*/
static int
-send_and_recv_tcp(int fd,
+send_and_recv_tcp(krb5_socket_t fd,
time_t tmout,
const krb5_data *req,
krb5_data *rep)
@@ -140,9 +142,9 @@ send_and_recv_tcp(int fd,
krb5_data len_data;
_krb5_put_int(len, req->length, 4);
- if(net_write(fd, len, sizeof(len)) < 0)
+ if(net_write (fd, len, sizeof(len)) < 0)
return -1;
- if(net_write(fd, req->data, req->length) < 0)
+ if(net_write (fd, req->data, req->length) < 0)
return -1;
if (recv_loop (fd, tmout, 0, 4, &len_data) < 0)
return -1;
@@ -162,7 +164,7 @@ send_and_recv_tcp(int fd,
}
int
-_krb5_send_and_recv_tcp(int fd,
+_krb5_send_and_recv_tcp(krb5_socket_t fd,
time_t tmout,
const krb5_data *req,
krb5_data *rep)
@@ -175,7 +177,7 @@ _krb5_send_and_recv_tcp(int fd,
*/
static int
-send_and_recv_http(int fd,
+send_and_recv_http(krb5_socket_t fd,
time_t tmout,
const char *prefix,
const krb5_data *req,
@@ -264,7 +266,7 @@ send_via_proxy (krb5_context context,
struct addrinfo hints;
struct addrinfo *ai, *a;
int ret;
- int s = -1;
+ krb5_socket_t s = rk_INVALID_SOCKET;
char portstr[NI_MAXSERV];
if (proxy == NULL)
@@ -291,7 +293,7 @@ send_via_proxy (krb5_context context,
continue;
rk_cloexec(s);
if (connect (s, a->ai_addr, a->ai_addrlen) < 0) {
- close (s);
+ rk_closesocket (s);
continue;
}
break;
@@ -309,7 +311,7 @@ send_via_proxy (krb5_context context,
}
ret = send_and_recv_http(s, context->kdc_timeout,
prefix, send_data, receive);
- close (s);
+ rk_closesocket (s);
free(prefix);
if(ret == 0 && receive->length != 0)
return 0;
@@ -361,14 +363,14 @@ send_via_plugin(krb5_context context,
* in `receive'.
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_sendto (krb5_context context,
const krb5_data *send_data,
krb5_krbhst_handle handle,
krb5_data *receive)
{
krb5_error_code ret;
- int fd;
+ krb5_socket_t fd;
int i;
krb5_data_zero(receive);
@@ -414,11 +416,11 @@ krb5_sendto (krb5_context context,
for (a = ai; a != NULL; a = a->ai_next) {
fd = socket (a->ai_family, a->ai_socktype | SOCK_CLOEXEC, a->ai_protocol);
- if (fd < 0)
+ if (rk_IS_BAD_SOCKET(fd))
continue;
rk_cloexec(fd);
if (connect (fd, a->ai_addr, a->ai_addrlen) < 0) {
- close (fd);
+ rk_closesocket (fd);
continue;
}
switch (hi->proto) {
@@ -435,7 +437,7 @@ krb5_sendto (krb5_context context,
send_data, receive);
break;
}
- close (fd);
+ rk_closesocket (fd);
if(ret == 0 && receive->length != 0)
goto out;
}
@@ -451,7 +453,7 @@ out:
return ret;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_sendto_kdc(krb5_context context,
const krb5_data *send_data,
const krb5_realm *realm,
@@ -460,7 +462,7 @@ krb5_sendto_kdc(krb5_context context,
return krb5_sendto_kdc_flags(context, send_data, realm, receive, 0);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_sendto_kdc_flags(krb5_context context,
const krb5_data *send_data,
const krb5_realm *realm,
@@ -481,7 +483,7 @@ krb5_sendto_kdc_flags(krb5_context context,
return ret;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_set_send_to_kdc_func(krb5_context context,
krb5_send_to_kdc_func func,
void *data)
@@ -504,7 +506,7 @@ krb5_set_send_to_kdc_func(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_copy_send_to_kdc_func(krb5_context context, krb5_context to)
{
if (context->send_to_kdc)
@@ -524,7 +526,7 @@ struct krb5_sendto_ctx_data {
void *data;
};
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_sendto_ctx_alloc(krb5_context context, krb5_sendto_ctx *ctx)
{
*ctx = calloc(1, sizeof(**ctx));
@@ -536,26 +538,26 @@ krb5_sendto_ctx_alloc(krb5_context context, krb5_sendto_ctx *ctx)
return 0;
}
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_sendto_ctx_add_flags(krb5_sendto_ctx ctx, int flags)
{
ctx->flags |= flags;
}
-int KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION int KRB5_LIB_CALL
krb5_sendto_ctx_get_flags(krb5_sendto_ctx ctx)
{
return ctx->flags;
}
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_sendto_ctx_set_type(krb5_sendto_ctx ctx, int type)
{
ctx->type = type;
}
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_sendto_ctx_set_func(krb5_sendto_ctx ctx,
krb5_sendto_ctx_func func,
void *data)
@@ -564,14 +566,14 @@ krb5_sendto_ctx_set_func(krb5_sendto_ctx ctx,
ctx->data = data;
}
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_sendto_ctx_free(krb5_context context, krb5_sendto_ctx ctx)
{
memset(ctx, 0, sizeof(*ctx));
free(ctx);
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_sendto_context(krb5_context context,
krb5_sendto_ctx ctx,
const krb5_data *send_data,
diff --git a/source4/heimdal/lib/krb5/set_default_realm.c b/source4/heimdal/lib/krb5/set_default_realm.c
index 91201eeb53..ddce677c1a 100644
--- a/source4/heimdal/lib/krb5/set_default_realm.c
+++ b/source4/heimdal/lib/krb5/set_default_realm.c
@@ -65,7 +65,7 @@ string_to_list (krb5_context context, const char *s, krb5_realm **list)
* Otherwise, the realm(s) are figured out from configuration or DNS.
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_set_default_realm(krb5_context context,
const char *realm)
{
diff --git a/source4/heimdal/lib/krb5/store.c b/source4/heimdal/lib/krb5/store.c
index 6e1374adf9..49e68ef177 100644
--- a/source4/heimdal/lib/krb5/store.c
+++ b/source4/heimdal/lib/krb5/store.c
@@ -49,7 +49,7 @@
* @ingroup krb5_storage
*/
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_storage_set_flags(krb5_storage *sp, krb5_flags flags)
{
sp->flags |= flags;
@@ -64,7 +64,7 @@ krb5_storage_set_flags(krb5_storage *sp, krb5_flags flags)
* @ingroup krb5_storage
*/
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_storage_clear_flags(krb5_storage *sp, krb5_flags flags)
{
sp->flags &= ~flags;
@@ -82,7 +82,7 @@ krb5_storage_clear_flags(krb5_storage *sp, krb5_flags flags)
* @ingroup krb5_storage
*/
-krb5_boolean KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_storage_is_flags(krb5_storage *sp, krb5_flags flags)
{
return (sp->flags & flags) == flags;
@@ -100,7 +100,7 @@ krb5_storage_is_flags(krb5_storage *sp, krb5_flags flags)
* @ingroup krb5_storage
*/
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_storage_set_byteorder(krb5_storage *sp, krb5_flags byteorder)
{
sp->flags &= ~KRB5_STORAGE_BYTEORDER_MASK;
@@ -113,7 +113,7 @@ krb5_storage_set_byteorder(krb5_storage *sp, krb5_flags byteorder)
* @ingroup krb5_storage
*/
-krb5_flags KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_flags KRB5_LIB_CALL
krb5_storage_get_byteorder(krb5_storage *sp)
{
return sp->flags & KRB5_STORAGE_BYTEORDER_MASK;
@@ -132,7 +132,7 @@ krb5_storage_get_byteorder(krb5_storage *sp)
* @ingroup krb5_storage
*/
-off_t KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION off_t KRB5_LIB_CALL
krb5_storage_seek(krb5_storage *sp, off_t offset, int whence)
{
return (*sp->seek)(sp, offset, whence);
@@ -149,7 +149,7 @@ krb5_storage_seek(krb5_storage *sp, off_t offset, int whence)
* @ingroup krb5_storage
*/
-int KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION int KRB5_LIB_CALL
krb5_storage_truncate(krb5_storage *sp, off_t offset)
{
return (*sp->trunc)(sp, offset);
@@ -167,7 +167,7 @@ krb5_storage_truncate(krb5_storage *sp, off_t offset)
* @ingroup krb5_storage
*/
-krb5_ssize_t KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL
krb5_storage_read(krb5_storage *sp, void *buf, size_t len)
{
return sp->fetch(sp, buf, len);
@@ -185,7 +185,7 @@ krb5_storage_read(krb5_storage *sp, void *buf, size_t len)
* @ingroup krb5_storage
*/
-krb5_ssize_t KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL
krb5_storage_write(krb5_storage *sp, const void *buf, size_t len)
{
return sp->store(sp, buf, len);
@@ -200,7 +200,7 @@ krb5_storage_write(krb5_storage *sp, const void *buf, size_t len)
* @ingroup krb5_storage
*/
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_storage_set_eof_code(krb5_storage *sp, int code)
{
sp->eof_code = code;
@@ -216,13 +216,13 @@ krb5_storage_set_eof_code(krb5_storage *sp, int code)
* @ingroup krb5_storage
*/
-int KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION int KRB5_LIB_CALL
krb5_storage_get_eof_code(krb5_storage *sp)
{
return sp->eof_code;
}
-krb5_ssize_t KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL
_krb5_put_int(void *buffer, unsigned long value, size_t size)
{
unsigned char *p = buffer;
@@ -234,7 +234,7 @@ _krb5_put_int(void *buffer, unsigned long value, size_t size)
return size;
}
-krb5_ssize_t KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL
_krb5_get_int(void *buffer, unsigned long *value, size_t size)
{
unsigned char *p = buffer;
@@ -256,7 +256,7 @@ _krb5_get_int(void *buffer, unsigned long *value, size_t size)
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_storage_free(krb5_storage *sp)
{
if(sp->free)
@@ -277,7 +277,7 @@ krb5_storage_free(krb5_storage *sp)
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_storage_to_data(krb5_storage *sp, krb5_data *data)
{
off_t pos, size;
@@ -331,7 +331,7 @@ krb5_store_int(krb5_storage *sp,
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_store_int32(krb5_storage *sp,
int32_t value)
{
@@ -354,7 +354,7 @@ krb5_store_int32(krb5_storage *sp,
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_store_uint32(krb5_storage *sp,
uint32_t value)
{
@@ -389,7 +389,7 @@ krb5_ret_int(krb5_storage *sp,
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_ret_int32(krb5_storage *sp,
int32_t *value)
{
@@ -415,7 +415,7 @@ krb5_ret_int32(krb5_storage *sp,
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_ret_uint32(krb5_storage *sp,
uint32_t *value)
{
@@ -441,7 +441,7 @@ krb5_ret_uint32(krb5_storage *sp,
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_store_int16(krb5_storage *sp,
int16_t value)
{
@@ -464,7 +464,7 @@ krb5_store_int16(krb5_storage *sp,
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_store_uint16(krb5_storage *sp,
uint16_t value)
{
@@ -482,7 +482,8 @@ krb5_store_uint16(krb5_storage *sp,
*
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_ret_int16(krb5_storage *sp,
int16_t *value)
{
@@ -511,7 +512,7 @@ krb5_ret_int16(krb5_storage *sp,
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_ret_uint16(krb5_storage *sp,
uint16_t *value)
{
@@ -536,7 +537,7 @@ krb5_ret_uint16(krb5_storage *sp,
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_store_int8(krb5_storage *sp,
int8_t value)
{
@@ -559,7 +560,7 @@ krb5_store_int8(krb5_storage *sp,
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_store_uint8(krb5_storage *sp,
uint8_t value)
{
@@ -577,7 +578,7 @@ krb5_store_uint8(krb5_storage *sp,
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_ret_int8(krb5_storage *sp,
int8_t *value)
{
@@ -600,7 +601,7 @@ krb5_ret_int8(krb5_storage *sp,
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_ret_uint8(krb5_storage *sp,
uint8_t *value)
{
@@ -626,7 +627,7 @@ krb5_ret_uint8(krb5_storage *sp,
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_store_data(krb5_storage *sp,
krb5_data data)
{
@@ -654,7 +655,7 @@ krb5_store_data(krb5_storage *sp,
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_ret_data(krb5_storage *sp,
krb5_data *data)
{
@@ -687,7 +688,7 @@ krb5_ret_data(krb5_storage *sp,
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_store_string(krb5_storage *sp, const char *s)
{
krb5_data data;
@@ -708,7 +709,7 @@ krb5_store_string(krb5_storage *sp, const char *s)
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_ret_string(krb5_storage *sp,
char **string)
{
@@ -738,7 +739,7 @@ krb5_ret_string(krb5_storage *sp,
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_store_stringz(krb5_storage *sp, const char *s)
{
size_t len = strlen(s) + 1;
@@ -765,7 +766,7 @@ krb5_store_stringz(krb5_storage *sp, const char *s)
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_ret_stringz(krb5_storage *sp,
char **string)
{
@@ -798,7 +799,7 @@ krb5_ret_stringz(krb5_storage *sp,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_store_stringnl(krb5_storage *sp, const char *s)
{
size_t len = strlen(s);
@@ -823,7 +824,7 @@ krb5_store_stringnl(krb5_storage *sp, const char *s)
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_ret_stringnl(krb5_storage *sp,
char **string)
{
@@ -879,7 +880,7 @@ krb5_ret_stringnl(krb5_storage *sp,
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_store_principal(krb5_storage *sp,
krb5_const_principal p)
{
@@ -916,7 +917,7 @@ krb5_store_principal(krb5_storage *sp,
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_ret_principal(krb5_storage *sp,
krb5_principal *princ)
{
@@ -984,7 +985,7 @@ krb5_ret_principal(krb5_storage *sp,
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_store_keyblock(krb5_storage *sp, krb5_keyblock p)
{
int ret;
@@ -1013,7 +1014,7 @@ krb5_store_keyblock(krb5_storage *sp, krb5_keyblock p)
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_ret_keyblock(krb5_storage *sp, krb5_keyblock *p)
{
int ret;
@@ -1043,7 +1044,7 @@ krb5_ret_keyblock(krb5_storage *sp, krb5_keyblock *p)
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_store_times(krb5_storage *sp, krb5_times times)
{
int ret;
@@ -1068,7 +1069,7 @@ krb5_store_times(krb5_storage *sp, krb5_times times)
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_ret_times(krb5_storage *sp, krb5_times *times)
{
int ret;
@@ -1098,7 +1099,7 @@ krb5_ret_times(krb5_storage *sp, krb5_times *times)
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_store_address(krb5_storage *sp, krb5_address p)
{
int ret;
@@ -1119,7 +1120,7 @@ krb5_store_address(krb5_storage *sp, krb5_address p)
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_ret_address(krb5_storage *sp, krb5_address *adr)
{
int16_t t;
@@ -1142,7 +1143,7 @@ krb5_ret_address(krb5_storage *sp, krb5_address *adr)
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_store_addrs(krb5_storage *sp, krb5_addresses p)
{
int i;
@@ -1167,7 +1168,7 @@ krb5_store_addrs(krb5_storage *sp, krb5_addresses p)
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_ret_addrs(krb5_storage *sp, krb5_addresses *adr)
{
int i;
@@ -1198,7 +1199,7 @@ krb5_ret_addrs(krb5_storage *sp, krb5_addresses *adr)
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_store_authdata(krb5_storage *sp, krb5_authdata auth)
{
krb5_error_code ret;
@@ -1225,7 +1226,7 @@ krb5_store_authdata(krb5_storage *sp, krb5_authdata auth)
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_ret_authdata(krb5_storage *sp, krb5_authdata *auth)
{
krb5_error_code ret;
@@ -1270,7 +1271,7 @@ bitswap32(int32_t b)
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_store_creds(krb5_storage *sp, krb5_creds *creds)
{
int ret;
@@ -1322,7 +1323,7 @@ krb5_store_creds(krb5_storage *sp, krb5_creds *creds)
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_ret_creds(krb5_storage *sp, krb5_creds *creds)
{
krb5_error_code ret;
@@ -1394,7 +1395,7 @@ cleanup:
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_store_creds_tag(krb5_storage *sp, krb5_creds *creds)
{
int ret;
@@ -1486,7 +1487,7 @@ krb5_store_creds_tag(krb5_storage *sp, krb5_creds *creds)
* @ingroup krb5_storage
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_ret_creds_tag(krb5_storage *sp,
krb5_creds *creds)
{
diff --git a/source4/heimdal/lib/krb5/store_emem.c b/source4/heimdal/lib/krb5/store_emem.c
index acf984280e..ccda751afb 100644
--- a/source4/heimdal/lib/krb5/store_emem.c
+++ b/source4/heimdal/lib/krb5/store_emem.c
@@ -158,7 +158,7 @@ emem_free(krb5_storage *sp)
* @sa krb5_storage_from_data()
*/
-krb5_storage * KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_storage * KRB5_LIB_CALL
krb5_storage_emem(void)
{
krb5_storage *sp;
diff --git a/source4/heimdal/lib/krb5/store_fd.c b/source4/heimdal/lib/krb5/store_fd.c
index 4150175927..bd357dbe3b 100644
--- a/source4/heimdal/lib/krb5/store_fd.c
+++ b/source4/heimdal/lib/krb5/store_fd.c
@@ -85,12 +85,26 @@ fd_free(krb5_storage * sp)
* @sa krb5_storage_from_data()
*/
-krb5_storage * KRB5_LIB_FUNCTION
-krb5_storage_from_fd(int fd)
+KRB5_LIB_FUNCTION krb5_storage * KRB5_LIB_CALL
+krb5_storage_from_fd(krb5_socket_t fd_in)
{
krb5_storage *sp;
+ int fd;
+
+#ifdef SOCKET_IS_NOT_AN_FD
+#ifdef _MSC_VER
+ if (_get_osfhandle(fd_in) != -1) {
+ fd = dup(fd_in);
+ } else {
+ fd = _open_osfhandle(fd_in, 0);
+ }
+#else
+#error Dont know how to deal with fd that may or may not be a socket.
+#endif
+#else /* SOCKET_IS_NOT_AN_FD */
+ fd = dup(fd_in);
+#endif
- fd = dup(fd);
if (fd < 0)
return NULL;
diff --git a/source4/heimdal/lib/krb5/store_mem.c b/source4/heimdal/lib/krb5/store_mem.c
index a913e182d5..b79bc19155 100644
--- a/source4/heimdal/lib/krb5/store_mem.c
+++ b/source4/heimdal/lib/krb5/store_mem.c
@@ -122,7 +122,7 @@ mem_no_trunc(krb5_storage *sp, off_t offset)
* @sa krb5_storage_from_fd()
*/
-krb5_storage * KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_storage * KRB5_LIB_CALL
krb5_storage_from_mem(void *buf, size_t len)
{
krb5_storage *sp = malloc(sizeof(krb5_storage));
@@ -161,7 +161,7 @@ krb5_storage_from_mem(void *buf, size_t len)
* @sa krb5_storage_from_fd()
*/
-krb5_storage * KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_storage * KRB5_LIB_CALL
krb5_storage_from_data(krb5_data *data)
{
return krb5_storage_from_mem(data->data, data->length);
@@ -180,7 +180,7 @@ krb5_storage_from_data(krb5_data *data)
* @sa krb5_storage_from_fd()
*/
-krb5_storage * KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_storage * KRB5_LIB_CALL
krb5_storage_from_readonly_mem(const void *buf, size_t len)
{
krb5_storage *sp = malloc(sizeof(krb5_storage));
diff --git a/source4/heimdal/lib/krb5/ticket.c b/source4/heimdal/lib/krb5/ticket.c
index 3bd9387906..4d8da93579 100644
--- a/source4/heimdal/lib/krb5/ticket.c
+++ b/source4/heimdal/lib/krb5/ticket.c
@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -45,7 +47,7 @@
* @ingroup krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_free_ticket(krb5_context context,
krb5_ticket *ticket)
{
@@ -69,7 +71,7 @@ krb5_free_ticket(krb5_context context,
* @ingroup krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_copy_ticket(krb5_context context,
const krb5_ticket *from,
krb5_ticket **to)
@@ -118,7 +120,7 @@ krb5_copy_ticket(krb5_context context,
* @ingroup krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_ticket_get_client(krb5_context context,
const krb5_ticket *ticket,
krb5_principal *client)
@@ -139,7 +141,7 @@ krb5_ticket_get_client(krb5_context context,
* @ingroup krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_ticket_get_server(krb5_context context,
const krb5_ticket *ticket,
krb5_principal *server)
@@ -158,7 +160,7 @@ krb5_ticket_get_server(krb5_context context,
* @ingroup krb5
*/
-time_t KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION time_t KRB5_LIB_CALL
krb5_ticket_get_endtime(krb5_context context,
const krb5_ticket *ticket)
{
@@ -336,7 +338,7 @@ out:
* @ingroup krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_ticket_get_authorization_data_type(krb5_context context,
krb5_ticket *ticket,
int type,
@@ -761,6 +763,7 @@ _krb5_extract_ticket(krb5_context context,
krb5_timeofday (context, &sec_now);
if (rep->enc_part.flags.initial
+ && (flags & EXTRACT_TICKET_TIMESYNC)
&& context->kdc_sec_offset == 0
&& krb5_config_get_bool (context, NULL,
"libdefaults",
diff --git a/source4/heimdal/lib/krb5/time.c b/source4/heimdal/lib/krb5/time.c
index ed235783a2..247549ba23 100644
--- a/source4/heimdal/lib/krb5/time.c
+++ b/source4/heimdal/lib/krb5/time.c
@@ -47,7 +47,7 @@
* @ingroup krb5
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_set_real_time (krb5_context context,
krb5_timestamp sec,
int32_t usec)
@@ -79,7 +79,7 @@ krb5_set_real_time (krb5_context context,
* return ``corrected'' time in `timeret'.
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_timeofday (krb5_context context,
krb5_timestamp *timeret)
{
@@ -91,7 +91,7 @@ krb5_timeofday (krb5_context context,
* like gettimeofday but with time correction to the KDC
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_us_timeofday (krb5_context context,
krb5_timestamp *sec,
int32_t *usec)
@@ -105,7 +105,7 @@ krb5_us_timeofday (krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_format_time(krb5_context context, time_t t,
char *s, size_t len, krb5_boolean include_time)
{
@@ -120,7 +120,7 @@ krb5_format_time(krb5_context context, time_t t,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_string_to_deltat(const char *string, krb5_deltat *deltat)
{
if((*deltat = parse_time(string, "s")) == -1)
diff --git a/source4/heimdal/lib/krb5/transited.c b/source4/heimdal/lib/krb5/transited.c
index 1ff4ce1658..a72adc0351 100644
--- a/source4/heimdal/lib/krb5/transited.c
+++ b/source4/heimdal/lib/krb5/transited.c
@@ -328,7 +328,7 @@ decode_realms(krb5_context context,
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_domain_x500_decode(krb5_context context,
krb5_data tr, char ***realms, unsigned int *num_realms,
const char *client_realm, const char *server_realm)
@@ -389,7 +389,7 @@ krb5_domain_x500_decode(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_domain_x500_encode(char **realms, unsigned int num_realms,
krb5_data *encoding)
{
@@ -421,7 +421,7 @@ krb5_domain_x500_encode(char **realms, unsigned int num_realms,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_check_transited(krb5_context context,
krb5_const_realm client_realm,
krb5_const_realm server_realm,
@@ -461,7 +461,7 @@ krb5_check_transited(krb5_context context,
return 0;
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_check_transited_realms(krb5_context context,
const char *const *realms,
unsigned int num_realms,
diff --git a/source4/heimdal/lib/krb5/v4_glue.c b/source4/heimdal/lib/krb5/v4_glue.c
index 168268ceab..01cf323d37 100644
--- a/source4/heimdal/lib/krb5/v4_glue.c
+++ b/source4/heimdal/lib/krb5/v4_glue.c
@@ -58,7 +58,7 @@ static const int _tkt_lifetimes[TKTLIFENUMFIXED] = {
1623226, 1735464, 1855462, 1983758, 2120925, 2267576, 2424367, 2592000
};
-int KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION int KRB5_LIB_CALL
_krb5_krb_time_to_life(time_t start, time_t end)
{
int i;
@@ -82,7 +82,7 @@ _krb5_krb_time_to_life(time_t start, time_t end)
}
-time_t KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION time_t KRB5_LIB_CALL
_krb5_krb_life_to_time(int start, int life_)
{
unsigned char life = (unsigned char) life_;
@@ -118,9 +118,15 @@ get_krb4_cc_name(const char *tkfile, char **cc)
if (path)
*cc = strdup(path);
}
+#ifdef HAVE_GETUID
if(*cc == NULL)
if (asprintf(cc, "%s%u", TKT_ROOT, (unsigned)getuid()) < 0)
return errno;
+#elif defined(KRB5_USE_PATH_TOKENS)
+ if(*cc == NULL)
+ if (_krb5_expand_path_tokens(NULL, TKT_ROOT "%{uid}", cc))
+ return ENOMEM;
+#endif
} else {
*cc = strdup(tkfile);
if (*cc == NULL)
@@ -232,7 +238,7 @@ write_v4_cc(krb5_context context, const char *tkfile,
*
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_krb_tf_setup(krb5_context context,
struct credentials *v4creds,
const char *tkfile,
@@ -288,7 +294,7 @@ _krb5_krb_tf_setup(krb5_context context,
*
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_krb_dest_tkt(krb5_context context, const char *tkfile)
{
krb5_error_code ret;
@@ -405,7 +411,7 @@ put_nir(krb5_storage *sp, const char *name,
*
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_krb_create_ticket(krb5_context context,
unsigned char flags,
const char *pname,
@@ -464,7 +470,7 @@ _krb5_krb_create_ticket(krb5_context context,
*
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_krb_create_ciph(krb5_context context,
const krb5_keyblock *session,
const char *service,
@@ -524,7 +530,7 @@ _krb5_krb_create_ciph(krb5_context context,
*
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_krb_create_auth_reply(krb5_context context,
const char *pname,
const char *pinst,
@@ -577,7 +583,7 @@ _krb5_krb_create_auth_reply(krb5_context context,
*
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_krb_cr_err_reply(krb5_context context,
const char *name,
const char *inst,
@@ -644,7 +650,7 @@ get_v4_stringz(krb5_storage *sp, char **str, size_t max_len)
*
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_krb_decomp_ticket(krb5_context context,
const krb5_data *enc_ticket,
const krb5_keyblock *key,
@@ -738,7 +744,7 @@ _krb5_krb_decomp_ticket(krb5_context context,
*
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_krb_rd_req(krb5_context context,
krb5_data *authent,
const char *service,
@@ -938,7 +944,7 @@ _krb5_krb_rd_req(krb5_context context,
*
*/
-void KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
_krb5_krb_free_auth_data(krb5_context context, struct _krb5_krb_auth_data *ad)
{
if (ad->pname)
diff --git a/source4/heimdal/lib/krb5/version.c b/source4/heimdal/lib/krb5/version.c
index a0e750604e..302854de3f 100644
--- a/source4/heimdal/lib/krb5/version.c
+++ b/source4/heimdal/lib/krb5/version.c
@@ -35,7 +35,5 @@
/* this is just to get a version stamp in the library file */
-#define heimdal_version __heimdal_version
-#define heimdal_long_version __heimdal_long_version
#include "version.h"
diff --git a/source4/heimdal/lib/krb5/warn.c b/source4/heimdal/lib/krb5/warn.c
index 886a1fe981..a4c633936f 100644
--- a/source4/heimdal/lib/krb5/warn.c
+++ b/source4/heimdal/lib/krb5/warn.c
@@ -100,7 +100,7 @@ _warnerr(krb5_context context, int do_errtext,
* @ingroup krb5_error
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_vwarn(krb5_context context, krb5_error_code code,
const char *fmt, va_list ap)
__attribute__ ((format (printf, 3, 0)))
@@ -119,7 +119,7 @@ krb5_vwarn(krb5_context context, krb5_error_code code,
* @ingroup krb5_error
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_warn(krb5_context context, krb5_error_code code, const char *fmt, ...)
__attribute__ ((format (printf, 3, 4)))
{
@@ -137,7 +137,7 @@ krb5_warn(krb5_context context, krb5_error_code code, const char *fmt, ...)
* @ingroup krb5_error
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_vwarnx(krb5_context context, const char *fmt, va_list ap)
__attribute__ ((format (printf, 2, 0)))
{
@@ -153,7 +153,7 @@ krb5_vwarnx(krb5_context context, const char *fmt, va_list ap)
* @ingroup krb5_error
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_warnx(krb5_context context, const char *fmt, ...)
__attribute__ ((format (printf, 2, 3)))
{
@@ -174,7 +174,7 @@ krb5_warnx(krb5_context context, const char *fmt, ...)
* @ingroup krb5_error
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_verr(krb5_context context, int eval, krb5_error_code code,
const char *fmt, va_list ap)
__attribute__ ((noreturn, format (printf, 4, 0)))
@@ -195,7 +195,7 @@ krb5_verr(krb5_context context, int eval, krb5_error_code code,
* @ingroup krb5_error
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_err(krb5_context context, int eval, krb5_error_code code,
const char *fmt, ...)
__attribute__ ((noreturn, format (printf, 4, 5)))
@@ -215,7 +215,7 @@ krb5_err(krb5_context context, int eval, krb5_error_code code,
* @ingroup krb5_error
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_verrx(krb5_context context, int eval, const char *fmt, va_list ap)
__attribute__ ((noreturn, format (printf, 3, 0)))
{
@@ -233,7 +233,7 @@ krb5_verrx(krb5_context context, int eval, const char *fmt, va_list ap)
* @ingroup krb5_error
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_errx(krb5_context context, int eval, const char *fmt, ...)
__attribute__ ((noreturn, format (printf, 3, 4)))
{
@@ -253,7 +253,7 @@ krb5_errx(krb5_context context, int eval, const char *fmt, ...)
* @ingroup krb5_error
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_vabort(krb5_context context, krb5_error_code code,
const char *fmt, va_list ap)
__attribute__ ((noreturn, format (printf, 3, 0)))
@@ -273,7 +273,7 @@ krb5_vabort(krb5_context context, krb5_error_code code,
* @ingroup krb5_error
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_abort(krb5_context context, krb5_error_code code, const char *fmt, ...)
__attribute__ ((noreturn, format (printf, 3, 4)))
{
@@ -281,7 +281,7 @@ krb5_abort(krb5_context context, krb5_error_code code, const char *fmt, ...)
abort();
}
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_vabortx(krb5_context context, const char *fmt, va_list ap)
__attribute__ ((noreturn, format (printf, 2, 0)))
{
@@ -299,7 +299,7 @@ krb5_vabortx(krb5_context context, const char *fmt, va_list ap)
* @ingroup krb5_error
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_abortx(krb5_context context, const char *fmt, ...)
__attribute__ ((noreturn, format (printf, 2, 3)))
{
@@ -316,7 +316,7 @@ krb5_abortx(krb5_context context, const char *fmt, ...)
* @ingroup krb5_error
*/
-krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_set_warn_dest(krb5_context context, krb5_log_facility *fac)
{
context->warn_dest = fac;
@@ -331,7 +331,7 @@ krb5_set_warn_dest(krb5_context context, krb5_log_facility *fac)
* @ingroup krb5_error
*/
-krb5_log_facility * KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_log_facility * KRB5_LIB_CALL
krb5_get_warn_dest(krb5_context context)
{
return context->warn_dest;
diff --git a/source4/heimdal/lib/ntlm/heimntlm.h b/source4/heimdal/lib/ntlm/heimntlm.h
index c1ed23ec10..0fcc832e1f 100644
--- a/source4/heimdal/lib/ntlm/heimntlm.h
+++ b/source4/heimdal/lib/ntlm/heimntlm.h
@@ -46,21 +46,45 @@ struct ntlm_buf {
};
#define NTLM_NEG_UNICODE 0x00000001
+#define NTLM_NEG_OEM 0x00000002
#define NTLM_NEG_TARGET 0x00000004
+#define NTLM_MBZ9 0x00000008
+
#define NTLM_NEG_SIGN 0x00000010
#define NTLM_NEG_SEAL 0x00000020
-#define NTLM_NEG_NTLM 0x00000200
+#define NTLM_NEG_DATAGRAM 0x00000040
+#define NTLM_NEG_LM_KEY 0x00000080
-#define NTLM_SUPPLIED_DOMAIN 0x00001000
-#define NTLM_SUPPLIED_WORKSTAION 0x00002000
+#define NTLM_MBZ8 0x00000100
+#define NTLM_NEG_NTLM 0x00000200
+#define NTLM_NEG_NT_ONLY 0x00000400
+#define NTLM_MBZ7 0x00000800 /* anon ? */
+#define NTLM_OEM_SUPPLIED_DOMAIN 0x00001000
+#define NTLM_OEM_SUPPLIED_WORKSTAION 0x00002000
+#define NTLM_MBZ6 0x00004000 /* local call ? */
#define NTLM_NEG_ALWAYS_SIGN 0x00008000
-#define NTLM_NEG_NTLM2_SESSION 0x00080000
#define NTLM_TARGET_DOMAIN 0x00010000
#define NTLM_TARGET_SERVER 0x00020000
+#define NTLM_TARGET_SHARE 0x00040000
+#define NTLM_NEG_NTLM2_SESSION 0x00080000
+#define NTLM_NEG_NTLM2 0x00080000
+
+#define NTLM_NEG_IDENTIFY 0x00100000
+#define NTLM_MBZ5 0x00200000
+#define NTLM_NON_NT_SESSION_KEY 0x00400000
+#define NTLM_NEG_TARGET_INFO 0x00800000
+
+#define NTLM_MBZ4 0x01000000
+#define NTLM_NEG_VERSION 0x02000000
+#define NTLM_MBZ3 0x04000000
+#define NTLM_MBZ2 0x08000000
+
+#define NTLM_MBZ1 0x10000000
#define NTLM_ENC_128 0x20000000
#define NTLM_NEG_KEYEX 0x40000000
+#define NTLM_NEGOTIATE_56 0x80000000
/**
* Struct for the NTLM target info, the strings is assumed to be in
diff --git a/source4/heimdal/lib/ntlm/ntlm.c b/source4/heimdal/lib/ntlm/ntlm.c
index 36a04f1ff2..71f96bfce2 100644
--- a/source4/heimdal/lib/ntlm/ntlm.c
+++ b/source4/heimdal/lib/ntlm/ntlm.c
@@ -41,8 +41,8 @@
#include <errno.h>
#include <limits.h>
-#include <krb5.h>
#include <roken.h>
+#include <krb5.h>
#define HC_DEPRECATED_CRYPTO
@@ -422,9 +422,9 @@ heim_ntlm_decode_type1(const struct ntlm_buf *buf, struct ntlm_type1 *data)
CHECK(krb5_ret_uint32(in, &type), 0);
CHECK(type, 1);
CHECK(krb5_ret_uint32(in, &data->flags), 0);
- if (data->flags & NTLM_SUPPLIED_DOMAIN)
+ if (data->flags & NTLM_OEM_SUPPLIED_DOMAIN)
CHECK(ret_sec_buffer(in, &domain), 0);
- if (data->flags & NTLM_SUPPLIED_WORKSTAION)
+ if (data->flags & NTLM_OEM_SUPPLIED_WORKSTAION)
CHECK(ret_sec_buffer(in, &hostname), 0);
#if 0
if (domain.offset > 32) {
@@ -432,9 +432,9 @@ heim_ntlm_decode_type1(const struct ntlm_buf *buf, struct ntlm_type1 *data)
CHECK(krb5_ret_uint32(in, &data->os[1]), 0);
}
#endif
- if (data->flags & NTLM_SUPPLIED_DOMAIN)
+ if (data->flags & NTLM_OEM_SUPPLIED_DOMAIN)
CHECK(ret_string(in, 0, &domain, &data->domain), 0);
- if (data->flags & NTLM_SUPPLIED_WORKSTAION)
+ if (data->flags & NTLM_OEM_SUPPLIED_WORKSTAION)
CHECK(ret_string(in, 0, &hostname, &data->hostname), 0);
out:
@@ -472,11 +472,11 @@ heim_ntlm_encode_type1(const struct ntlm_type1 *type1, struct ntlm_buf *data)
if (type1->domain) {
base += 8;
- flags |= NTLM_SUPPLIED_DOMAIN;
+ flags |= NTLM_OEM_SUPPLIED_DOMAIN;
}
if (type1->hostname) {
base += 8;
- flags |= NTLM_SUPPLIED_WORKSTAION;
+ flags |= NTLM_OEM_SUPPLIED_WORKSTAION;
}
if (type1->os[0])
base += 8;
diff --git a/source4/heimdal/lib/roken/base64.c b/source4/heimdal/lib/roken/base64.c
index a9f0535dda..4c06bd2d1f 100644
--- a/source4/heimdal/lib/roken/base64.c
+++ b/source4/heimdal/lib/roken/base64.c
@@ -51,7 +51,7 @@ pos(char c)
return -1;
}
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
base64_encode(const void *data, int size, char **str)
{
char *s, *p;
@@ -120,7 +120,7 @@ token_decode(const char *token)
return (marker << 24) | val;
}
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
base64_decode(const char *str, void *data)
{
const char *p;
diff --git a/source4/heimdal/lib/roken/base64.h b/source4/heimdal/lib/roken/base64.h
index f42c0ba429..dfae4c13b3 100644
--- a/source4/heimdal/lib/roken/base64.h
+++ b/source4/heimdal/lib/roken/base64.h
@@ -38,16 +38,18 @@
#ifndef ROKEN_LIB_FUNCTION
#ifdef _WIN32
-#define ROKEN_LIB_FUNCTION _stdcall
+#define ROKEN_LIB_FUNCTION
+#define ROKEN_LIB_CALL __cdecl
#else
#define ROKEN_LIB_FUNCTION
+#define ROKEN_LIB_CALL
#endif
#endif
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
base64_encode(const void *, int, char **);
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
base64_decode(const char *, void *);
#endif
diff --git a/source4/heimdal/lib/roken/bswap.c b/source4/heimdal/lib/roken/bswap.c
index 67d240c231..7f8c1c22b1 100644
--- a/source4/heimdal/lib/roken/bswap.c
+++ b/source4/heimdal/lib/roken/bswap.c
@@ -36,7 +36,7 @@
#ifndef HAVE_BSWAP32
-unsigned int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION unsigned int ROKEN_LIB_CALL
bswap32 (unsigned int val)
{
return (val & 0xff) << 24 |
@@ -48,7 +48,7 @@ bswap32 (unsigned int val)
#ifndef HAVE_BSWAP16
-unsigned short ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION unsigned short ROKEN_LIB_CALL
bswap16 (unsigned short val)
{
return (val & 0xff) << 8 |
diff --git a/source4/heimdal/lib/roken/cloexec.c b/source4/heimdal/lib/roken/cloexec.c
index c015b1d8fa..2d1fe033f2 100644
--- a/source4/heimdal/lib/roken/cloexec.c
+++ b/source4/heimdal/lib/roken/cloexec.c
@@ -33,14 +33,12 @@
#include <config.h>
-#include <unistd.h>
-#include <fcntl.h>
-
#include "roken.h"
void ROKEN_LIB_FUNCTION
rk_cloexec(int fd)
{
+#ifdef HAVE_FCNTL
int ret;
ret = fcntl(fd, F_GETFD);
@@ -48,10 +46,21 @@ rk_cloexec(int fd)
return;
if (fcntl(fd, F_SETFD, ret | FD_CLOEXEC) == -1)
return;
+#endif
}
void ROKEN_LIB_FUNCTION
rk_cloexec_file(FILE *f)
{
+#ifdef HAVE_FCNTL
rk_cloexec(fileno(f));
+#endif
+}
+
+void ROKEN_LIB_FUNCTION
+rk_cloexec_dir(DIR * d)
+{
+#ifndef _WIN32
+ rk_cloexec(dirfd(d));
+#endif
}
diff --git a/source4/heimdal/lib/roken/closefrom.c b/source4/heimdal/lib/roken/closefrom.c
index 7aa0ef7372..770eb2c67a 100644
--- a/source4/heimdal/lib/roken/closefrom.c
+++ b/source4/heimdal/lib/roken/closefrom.c
@@ -42,7 +42,7 @@
#include "roken.h"
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
closefrom(int fd)
{
int num = getdtablesize();
diff --git a/source4/heimdal/lib/roken/copyhostent.c b/source4/heimdal/lib/roken/copyhostent.c
index 69c1ba40ff..4ed630210f 100644
--- a/source4/heimdal/lib/roken/copyhostent.c
+++ b/source4/heimdal/lib/roken/copyhostent.c
@@ -39,7 +39,7 @@
* return a malloced copy of `h'
*/
-struct hostent * ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION struct hostent * ROKEN_LIB_CALL
copyhostent (const struct hostent *h)
{
struct hostent *res;
diff --git a/source4/heimdal/lib/roken/dumpdata.c b/source4/heimdal/lib/roken/dumpdata.c
index c5513c323d..f30f0e54cc 100644
--- a/source4/heimdal/lib/roken/dumpdata.c
+++ b/source4/heimdal/lib/roken/dumpdata.c
@@ -33,15 +33,13 @@
#include <config.h>
-#include <unistd.h>
-
#include "roken.h"
/*
* Write datablob to a filename, don't care about errors.
*/
-void ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
rk_dumpdata (const char *filename, const void *buf, size_t size)
{
int fd;
@@ -57,7 +55,7 @@ rk_dumpdata (const char *filename, const void *buf, size_t size)
* Read all data from a filename, care about errors.
*/
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
rk_undumpdata(const char *filename, void **buf, size_t *size)
{
struct stat sb;
diff --git a/source4/heimdal/lib/roken/ecalloc.c b/source4/heimdal/lib/roken/ecalloc.c
index c8e6504030..04b37330c9 100644
--- a/source4/heimdal/lib/roken/ecalloc.c
+++ b/source4/heimdal/lib/roken/ecalloc.c
@@ -42,7 +42,7 @@
* Like calloc but never fails.
*/
-void * ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION void * ROKEN_LIB_CALL
ecalloc (size_t number, size_t size)
{
void *tmp = calloc (number, size);
diff --git a/source4/heimdal/lib/roken/emalloc.c b/source4/heimdal/lib/roken/emalloc.c
index c937e6d707..2520230a35 100644
--- a/source4/heimdal/lib/roken/emalloc.c
+++ b/source4/heimdal/lib/roken/emalloc.c
@@ -42,7 +42,7 @@
* Like malloc but never fails.
*/
-void * ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION void * ROKEN_LIB_CALL
emalloc (size_t sz)
{
void *tmp = malloc (sz);
diff --git a/source4/heimdal/lib/roken/erealloc.c b/source4/heimdal/lib/roken/erealloc.c
index f77c8ec733..1c30ecc60b 100644
--- a/source4/heimdal/lib/roken/erealloc.c
+++ b/source4/heimdal/lib/roken/erealloc.c
@@ -42,7 +42,7 @@
* Like realloc but never fails.
*/
-void * ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION void * ROKEN_LIB_CALL
erealloc (void *ptr, size_t sz)
{
void *tmp = realloc (ptr, sz);
diff --git a/source4/heimdal/lib/roken/err.hin b/source4/heimdal/lib/roken/err.hin
index 9fd1856e2b..96fe5cf851 100644
--- a/source4/heimdal/lib/roken/err.hin
+++ b/source4/heimdal/lib/roken/err.hin
@@ -48,40 +48,42 @@
#ifndef ROKEN_LIB_FUNCTION
#ifdef _WIN32
-#define ROKEN_LIB_FUNCTION _stdcall
+#define ROKEN_LIB_FUNCTION
+#define ROKEN_LIB_CALL __cdecl
#else
#define ROKEN_LIB_FUNCTION
+#define ROKEN_LIB_CALL
#endif
#endif
-void ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
verr(int eval, const char *fmt, va_list ap)
__attribute__ ((noreturn, format (printf, 2, 0)));
-void ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
err(int eval, const char *fmt, ...)
__attribute__ ((noreturn, format (printf, 2, 3)));
-void ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
verrx(int eval, const char *fmt, va_list ap)
__attribute__ ((noreturn, format (printf, 2, 0)));
-void ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
errx(int eval, const char *fmt, ...)
__attribute__ ((noreturn, format (printf, 2, 3)));
-void ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
vwarn(const char *fmt, va_list ap)
__attribute__ ((format (printf, 1, 0)));
-void ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
warn(const char *fmt, ...)
__attribute__ ((format (printf, 1, 2)));
-void ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
vwarnx(const char *fmt, va_list ap)
__attribute__ ((format (printf, 1, 0)));
-void ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
warnx(const char *fmt, ...)
__attribute__ ((format (printf, 1, 2)));
diff --git a/source4/heimdal/lib/roken/estrdup.c b/source4/heimdal/lib/roken/estrdup.c
index ab7f26550b..d275a2830b 100644
--- a/source4/heimdal/lib/roken/estrdup.c
+++ b/source4/heimdal/lib/roken/estrdup.c
@@ -42,7 +42,7 @@
* Like strdup but never fails.
*/
-char * ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL
estrdup (const char *str)
{
char *tmp = strdup (str);
diff --git a/source4/heimdal/lib/roken/freeaddrinfo.c b/source4/heimdal/lib/roken/freeaddrinfo.c
index 434e49e888..7132e95dd3 100644
--- a/source4/heimdal/lib/roken/freeaddrinfo.c
+++ b/source4/heimdal/lib/roken/freeaddrinfo.c
@@ -39,7 +39,7 @@
* free the list of `struct addrinfo' starting at `ai'
*/
-void ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
freeaddrinfo(struct addrinfo *ai)
{
struct addrinfo *tofree;
diff --git a/source4/heimdal/lib/roken/freehostent.c b/source4/heimdal/lib/roken/freehostent.c
index 335504300a..61fbb223b5 100644
--- a/source4/heimdal/lib/roken/freehostent.c
+++ b/source4/heimdal/lib/roken/freehostent.c
@@ -39,7 +39,7 @@
* free a malloced hostent
*/
-void ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
freehostent (struct hostent *h)
{
char **p;
diff --git a/source4/heimdal/lib/roken/gai_strerror.c b/source4/heimdal/lib/roken/gai_strerror.c
index 10beac05ea..1e326bee36 100644
--- a/source4/heimdal/lib/roken/gai_strerror.c
+++ b/source4/heimdal/lib/roken/gai_strerror.c
@@ -62,7 +62,7 @@ static struct gai_error {
*
*/
-const char * ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION const char * ROKEN_LIB_CALL
gai_strerror(int ecode)
{
struct gai_error *g;
diff --git a/source4/heimdal/lib/roken/get_window_size.c b/source4/heimdal/lib/roken/get_window_size.c
index 60fb1764fa..13e7ebf157 100644
--- a/source4/heimdal/lib/roken/get_window_size.c
+++ b/source4/heimdal/lib/roken/get_window_size.c
@@ -57,7 +57,7 @@
#include "roken.h"
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
get_window_size(int fd, struct winsize *wp)
{
int ret = -1;
@@ -85,6 +85,20 @@ get_window_size(int fd, struct winsize *wp)
wp->ws_col = dst[0];
ret = 0;
}
+#elif defined(_WIN32)
+ {
+ intptr_t fh = 0;
+ CONSOLE_SCREEN_BUFFER_INFO sb_info;
+
+ fh = _get_osfhandle(fd);
+ if (fh != (intptr_t) INVALID_HANDLE_VALUE &&
+ GetConsoleScreenBufferInfo((HANDLE) fh, &sb_info)) {
+ wp->ws_row = 1 + sb_info.srWindow.Bottom - sb_info.srWindow.Top;
+ wp->ws_col = 1 + sb_info.srWindow.Right - sb_info.srWindow.Left;
+
+ ret = 0;
+ }
+ }
#endif
if (ret != 0) {
char *s;
diff --git a/source4/heimdal/lib/roken/getaddrinfo.c b/source4/heimdal/lib/roken/getaddrinfo.c
index 8c61299763..c8ed95413f 100644
--- a/source4/heimdal/lib/roken/getaddrinfo.c
+++ b/source4/heimdal/lib/roken/getaddrinfo.c
@@ -365,7 +365,7 @@ get_nodes (const char *nodename,
* };
*/
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
getaddrinfo(const char *nodename,
const char *servname,
const struct addrinfo *hints,
diff --git a/source4/heimdal/lib/roken/getarg.c b/source4/heimdal/lib/roken/getarg.c
index 60b0f645af..d182f0019e 100644
--- a/source4/heimdal/lib/roken/getarg.c
+++ b/source4/heimdal/lib/roken/getarg.c
@@ -91,7 +91,7 @@ mandoc_template(struct getargs *args,
const char *extra_string,
char *(i18n)(const char *))
{
- int i;
+ size_t i;
char timestr[64], cmd[64];
char buf[128];
const char *p;
@@ -207,7 +207,7 @@ builtin_i18n(const char *str)
return rk_UNCONST(str);
}
-void ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
arg_printusage (struct getargs *args,
size_t num_args,
const char *progname,
@@ -217,7 +217,7 @@ arg_printusage (struct getargs *args,
progname, extra_string, builtin_i18n);
}
-void ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
arg_printusage_i18n (struct getargs *args,
size_t num_args,
const char *usage,
@@ -225,8 +225,7 @@ arg_printusage_i18n (struct getargs *args,
const char *extra_string,
char *(i18n)(const char *))
{
- int i;
- size_t max_len = 0;
+ size_t i, max_len = 0;
char buf[128];
int col = 0, columns;
struct winsize ws;
@@ -474,6 +473,7 @@ arg_match_long(struct getargs *args, size_t num_args,
default:
abort ();
+ UNREACHABLE(return 0);
}
/* not reached */
@@ -550,7 +550,7 @@ arg_match_short (struct getargs *args, size_t num_args,
return 0;
}
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
getarg(struct getargs *args, size_t num_args,
int argc, char **argv, int *goptind)
{
@@ -562,7 +562,7 @@ getarg(struct getargs *args, size_t num_args,
#elif defined(HAVE_RANDOM)
srandom(time(NULL));
#else
- srand (time(NULL));
+ srand ((int) time(NULL));
#endif
(*goptind)++;
for(i = *goptind; i < argc; i++) {
@@ -586,7 +586,7 @@ getarg(struct getargs *args, size_t num_args,
return ret;
}
-void ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
free_getarg_strings (getarg_strings *s)
{
free (s->strings);
diff --git a/source4/heimdal/lib/roken/getarg.h b/source4/heimdal/lib/roken/getarg.h
index 64b65aa766..79573a0ea4 100644
--- a/source4/heimdal/lib/roken/getarg.h
+++ b/source4/heimdal/lib/roken/getarg.h
@@ -40,9 +40,11 @@
#ifndef ROKEN_LIB_FUNCTION
#ifdef _WIN32
-#define ROKEN_LIB_FUNCTION _stdcall
+#define ROKEN_LIB_FUNCTION
+#define ROKEN_LIB_CALL __cdecl
#else
#define ROKEN_LIB_FUNCTION
+#define ROKEN_LIB_CALL
#endif
#endif
@@ -86,17 +88,17 @@ typedef struct getarg_collect_info {
void *data;
} getarg_collect_info;
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
getarg(struct getargs *args, size_t num_args,
int argc, char **argv, int *goptind);
-void ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
arg_printusage (struct getargs *args,
size_t num_args,
const char *progname,
const char *extra_string);
-void ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
arg_printusage_i18n (struct getargs *args,
size_t num_args,
const char *usage,
@@ -104,7 +106,7 @@ arg_printusage_i18n (struct getargs *args,
const char *extra_string,
char *(i18n)(const char *));
-void ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
free_getarg_strings (getarg_strings *);
#endif /* __GETARG_H__ */
diff --git a/source4/heimdal/lib/roken/getdtablesize.c b/source4/heimdal/lib/roken/getdtablesize.c
index a515af3454..08c0661faa 100644
--- a/source4/heimdal/lib/roken/getdtablesize.c
+++ b/source4/heimdal/lib/roken/getdtablesize.c
@@ -61,7 +61,7 @@
#include <sys/sysctl.h>
#endif
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
getdtablesize(void)
{
int files = -1;
diff --git a/source4/heimdal/lib/roken/getipnodebyaddr.c b/source4/heimdal/lib/roken/getipnodebyaddr.c
index ddaec03a89..7d4095f1d8 100644
--- a/source4/heimdal/lib/roken/getipnodebyaddr.c
+++ b/source4/heimdal/lib/roken/getipnodebyaddr.c
@@ -40,7 +40,7 @@
* to a malloced struct hostent or NULL.
*/
-struct hostent * ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION struct hostent * ROKEN_LIB_CALL
getipnodebyaddr (const void *src, size_t len, int af, int *error_num)
{
struct hostent *tmp;
diff --git a/source4/heimdal/lib/roken/getipnodebyname.c b/source4/heimdal/lib/roken/getipnodebyname.c
index 16fdbdd24a..2ff282707c 100644
--- a/source4/heimdal/lib/roken/getipnodebyname.c
+++ b/source4/heimdal/lib/roken/getipnodebyname.c
@@ -44,7 +44,7 @@ static int h_errno = NO_RECOVERY;
* to a malloced struct hostent or NULL.
*/
-struct hostent * ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION struct hostent * ROKEN_LIB_CALL
getipnodebyname (const char *name, int af, int flags, int *error_num)
{
struct hostent *tmp;
diff --git a/source4/heimdal/lib/roken/getnameinfo.c b/source4/heimdal/lib/roken/getnameinfo.c
index 0621cfeee1..b23ad01ebd 100644
--- a/source4/heimdal/lib/roken/getnameinfo.c
+++ b/source4/heimdal/lib/roken/getnameinfo.c
@@ -91,7 +91,7 @@ doit (int af,
*
*/
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
getnameinfo(const struct sockaddr *sa, socklen_t salen,
char *host, size_t hostlen,
char *serv, size_t servlen,
diff --git a/source4/heimdal/lib/roken/getprogname.c b/source4/heimdal/lib/roken/getprogname.c
index 933b6dec79..a310208a84 100644
--- a/source4/heimdal/lib/roken/getprogname.c
+++ b/source4/heimdal/lib/roken/getprogname.c
@@ -40,7 +40,7 @@ const char *__progname;
#endif
#ifndef HAVE_GETPROGNAME
-const char * ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION const char * ROKEN_LIB_CALL
getprogname(void)
{
return __progname;
diff --git a/source4/heimdal/lib/roken/hex.c b/source4/heimdal/lib/roken/hex.c
index 95488af5c7..91590dd49d 100644
--- a/source4/heimdal/lib/roken/hex.c
+++ b/source4/heimdal/lib/roken/hex.c
@@ -50,7 +50,7 @@ pos(char c)
return -1;
}
-ssize_t ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL
hex_encode(const void *data, size_t size, char **str)
{
const unsigned char *q = data;
@@ -80,7 +80,7 @@ hex_encode(const void *data, size_t size, char **str)
return i * 2;
}
-ssize_t ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL
hex_decode(const char *str, void *data, size_t len)
{
size_t l;
diff --git a/source4/heimdal/lib/roken/hex.h b/source4/heimdal/lib/roken/hex.h
index b3c45511c8..c266268ea0 100644
--- a/source4/heimdal/lib/roken/hex.h
+++ b/source4/heimdal/lib/roken/hex.h
@@ -38,18 +38,20 @@
#ifndef ROKEN_LIB_FUNCTION
#ifdef _WIN32
-#define ROKEN_LIB_FUNCTION _stdcall
+#define ROKEN_LIB_FUNCTION
+#define ROKEN_LIB_CALL __cdecl
#else
#define ROKEN_LIB_FUNCTION
+#define ROKEN_LIB_CALL
#endif
#endif
#define hex_encode rk_hex_encode
#define hex_decode rk_hex_decode
-ssize_t ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL
hex_encode(const void *, size_t, char **);
-ssize_t ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL
hex_decode(const char *, void *, size_t);
#endif /* _rk_HEX_H_ */
diff --git a/source4/heimdal/lib/roken/hostent_find_fqdn.c b/source4/heimdal/lib/roken/hostent_find_fqdn.c
index b5f2b42f60..dc3c17ff22 100644
--- a/source4/heimdal/lib/roken/hostent_find_fqdn.c
+++ b/source4/heimdal/lib/roken/hostent_find_fqdn.c
@@ -39,7 +39,7 @@
* Try to find a fqdn (with `.') in he if possible, else return h_name
*/
-const char * ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION const char * ROKEN_LIB_CALL
hostent_find_fqdn (const struct hostent *he)
{
const char *ret = he->h_name;
diff --git a/source4/heimdal/lib/roken/inet_aton.c b/source4/heimdal/lib/roken/inet_aton.c
index c9b21e00f8..31644a0cd3 100644
--- a/source4/heimdal/lib/roken/inet_aton.c
+++ b/source4/heimdal/lib/roken/inet_aton.c
@@ -38,7 +38,7 @@
/* Minimal implementation of inet_aton.
* Cannot distinguish between failure and a local broadcast address. */
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
inet_aton(const char *cp, struct in_addr *addr)
{
addr->s_addr = inet_addr(cp);
diff --git a/source4/heimdal/lib/roken/inet_ntop.c b/source4/heimdal/lib/roken/inet_ntop.c
index daf3e926dd..0c72b27fc6 100644
--- a/source4/heimdal/lib/roken/inet_ntop.c
+++ b/source4/heimdal/lib/roken/inet_ntop.c
@@ -113,7 +113,7 @@ inet_ntop_v6 (const void *src, char *dst, size_t size)
}
#endif /* HAVE_IPV6 */
-const char * ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION const char * ROKEN_LIB_CALL
inet_ntop(int af, const void *src, char *dst, size_t size)
{
switch (af) {
diff --git a/source4/heimdal/lib/roken/inet_pton.c b/source4/heimdal/lib/roken/inet_pton.c
index ad60824f4a..3db1f49f22 100644
--- a/source4/heimdal/lib/roken/inet_pton.c
+++ b/source4/heimdal/lib/roken/inet_pton.c
@@ -35,7 +35,64 @@
#include "roken.h"
-int ROKEN_LIB_FUNCTION
+#ifdef HAVE_WINSOCK
+
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
+inet_pton(int af, const char *src, void *dst)
+{
+ switch (af) {
+ case AF_INET:
+ {
+ struct sockaddr_in si4;
+ INT r;
+ INT s = sizeof(si4);
+
+ si4.sin_family = AF_INET;
+ r = WSAStringToAddress(src, AF_INET, NULL, (LPSOCKADDR) &si4, &s);
+
+ if (r == 0) {
+ memcpy(dst, &si4.sin_addr, sizeof(si4.sin_addr));
+ return 1;
+ }
+ }
+ break;
+
+ case AF_INET6:
+ {
+ struct sockaddr_in6 si6;
+ INT r;
+ INT s = sizeof(si6);
+
+ si6.sin6_family = AF_INET6;
+ r = WSAStringToAddress(src, AF_INET6, NULL, (LPSOCKADDR) &si6, &s);
+
+ if (r == 0) {
+ memcpy(dst, &si6.sin6_addr, sizeof(si6.sin6_addr));
+ return 1;
+ }
+ }
+ break;
+
+ default:
+ _set_errno( EAFNOSUPPORT );
+ return -1;
+ }
+
+ /* the call failed */
+ {
+ int le = WSAGetLastError();
+
+ if (le == WSAEINVAL)
+ return 0;
+
+ _set_errno(le);
+ return -1;
+ }
+}
+
+#else /* !HAVE_WINSOCK */
+
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
inet_pton(int af, const char *src, void *dst)
{
if (af != AF_INET) {
@@ -44,3 +101,5 @@ inet_pton(int af, const char *src, void *dst)
}
return inet_aton (src, dst);
}
+
+#endif
diff --git a/source4/heimdal/lib/roken/issuid.c b/source4/heimdal/lib/roken/issuid.c
index 2999e8249c..ea0db803e2 100644
--- a/source4/heimdal/lib/roken/issuid.c
+++ b/source4/heimdal/lib/roken/issuid.c
@@ -35,7 +35,7 @@
#include "roken.h"
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
issuid(void)
{
#if defined(HAVE_ISSETUGID)
diff --git a/source4/heimdal/lib/roken/net_read.c b/source4/heimdal/lib/roken/net_read.c
index 9d055d0068..b57dda3dda 100644
--- a/source4/heimdal/lib/roken/net_read.c
+++ b/source4/heimdal/lib/roken/net_read.c
@@ -33,29 +33,23 @@
#include <config.h>
-#include <sys/types.h>
-#include <unistd.h>
-#include <errno.h>
-
#include "roken.h"
/*
* Like read but never return partial data.
*/
-ssize_t ROKEN_LIB_FUNCTION
-net_read (int fd, void *buf, size_t nbytes)
+#ifndef _WIN32
+
+ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL
+net_read (rk_socket_t fd, void *buf, size_t nbytes)
{
char *cbuf = (char *)buf;
ssize_t count;
size_t rem = nbytes;
while (rem > 0) {
-#ifdef WIN32
- count = recv (fd, cbuf, rem, 0);
-#else
count = read (fd, cbuf, rem);
-#endif
if (count < 0) {
if (errno == EINTR)
continue;
@@ -69,3 +63,36 @@ net_read (int fd, void *buf, size_t nbytes)
}
return nbytes;
}
+
+#else
+
+ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL
+net_read(rk_socket_t sock, void *buf, size_t nbytes)
+{
+ char *cbuf = (char *)buf;
+ ssize_t count;
+ size_t rem = nbytes;
+
+ while (rem > 0) {
+ count = recv (sock, cbuf, rem, 0);
+ if (count < 0) {
+
+ /* With WinSock, the error EINTR (WSAEINTR), is used to
+ indicate that a blocking call was cancelled using
+ WSACancelBlockingCall(). */
+
+#ifndef HAVE_WINSOCK
+ if (rk_SOCK_ERRNO == EINTR)
+ continue;
+#endif
+ return count;
+ } else if (count == 0) {
+ return count;
+ }
+ cbuf += count;
+ rem -= count;
+ }
+ return nbytes;
+}
+
+#endif
diff --git a/source4/heimdal/lib/roken/net_write.c b/source4/heimdal/lib/roken/net_write.c
index 515f210973..94c9df1c38 100644
--- a/source4/heimdal/lib/roken/net_write.c
+++ b/source4/heimdal/lib/roken/net_write.c
@@ -33,29 +33,23 @@
#include <config.h>
-#include <sys/types.h>
-#include <unistd.h>
-#include <errno.h>
-
#include "roken.h"
/*
* Like write but never return partial data.
*/
-ssize_t ROKEN_LIB_FUNCTION
-net_write (int fd, const void *buf, size_t nbytes)
+#ifndef _WIN32
+
+ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL
+net_write (rk_socket_t fd, const void *buf, size_t nbytes)
{
const char *cbuf = (const char *)buf;
ssize_t count;
size_t rem = nbytes;
while (rem > 0) {
-#ifdef WIN32
- count = send (fd, cbuf, rem, 0);
-#else
count = write (fd, cbuf, rem);
-#endif
if (count < 0) {
if (errno == EINTR)
continue;
@@ -67,3 +61,28 @@ net_write (int fd, const void *buf, size_t nbytes)
}
return nbytes;
}
+
+#else
+
+ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL
+net_write(rk_socket_t sock, const void *buf, size_t nbytes)
+{
+ const char *cbuf = (const char *)buf;
+ ssize_t count;
+ size_t rem = nbytes;
+
+ while (rem > 0) {
+ count = send (sock, cbuf, rem, 0);
+ if (count < 0) {
+ if (errno == EINTR)
+ continue;
+ else
+ return count;
+ }
+ cbuf += count;
+ rem -= count;
+ }
+ return nbytes;
+}
+
+#endif
diff --git a/source4/heimdal/lib/roken/parse_bytes.h b/source4/heimdal/lib/roken/parse_bytes.h
index 7d389e808e..8a88eca49b 100644
--- a/source4/heimdal/lib/roken/parse_bytes.h
+++ b/source4/heimdal/lib/roken/parse_bytes.h
@@ -38,19 +38,21 @@
#ifndef ROKEN_LIB_FUNCTION
#ifdef _WIN32
-#define ROKEN_LIB_FUNCTION _stdcall
+#define ROKEN_LIB_FUNCTION
+#define ROKEN_LIB_CALL __cdecl
#else
#define ROKEN_LIB_FUNCTION
+#define ROKEN_LIB_CALL
#endif
#endif
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
parse_bytes (const char *s, const char *def_unit);
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
unparse_bytes (int t, char *s, size_t len);
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
unparse_bytes_short (int t, char *s, size_t len);
#endif /* __PARSE_BYTES_H__ */
diff --git a/source4/heimdal/lib/roken/parse_time.c b/source4/heimdal/lib/roken/parse_time.c
index b581970bd7..febd6a5d2b 100644
--- a/source4/heimdal/lib/roken/parse_time.c
+++ b/source4/heimdal/lib/roken/parse_time.c
@@ -50,25 +50,25 @@ static struct units time_units[] = {
{NULL, 0},
};
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
parse_time (const char *s, const char *def_unit)
{
return parse_units (s, time_units, def_unit);
}
-size_t ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION size_t ROKEN_LIB_CALL
unparse_time (int t, char *s, size_t len)
{
return unparse_units (t, time_units, s, len);
}
-size_t ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION size_t ROKEN_LIB_CALL
unparse_time_approx (int t, char *s, size_t len)
{
return unparse_units_approx (t, time_units, s, len);
}
-void ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
print_time_table (FILE *f)
{
print_units_table (time_units, f);
diff --git a/source4/heimdal/lib/roken/parse_time.h b/source4/heimdal/lib/roken/parse_time.h
index 23aae2fc97..dabcefd81a 100644
--- a/source4/heimdal/lib/roken/parse_time.h
+++ b/source4/heimdal/lib/roken/parse_time.h
@@ -38,22 +38,24 @@
#ifndef ROKEN_LIB_FUNCTION
#ifdef _WIN32
-#define ROKEN_LIB_FUNCTION _stdcall
+#define ROKEN_LIB_FUNCTION
+#define ROKEN_LIB_CALL __cdecl
#else
#define ROKEN_LIB_FUNCTION
+#define ROKEN_LIB_CALL
#endif
#endif
-int
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
parse_time (const char *s, const char *def_unit);
-size_t
+ROKEN_LIB_FUNCTION size_t ROKEN_LIB_CALL
unparse_time (int t, char *s, size_t len);
-size_t
+ROKEN_LIB_FUNCTION size_t ROKEN_LIB_CALL
unparse_time_approx (int t, char *s, size_t len);
-void
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
print_time_table (FILE *f);
#endif /* __PARSE_TIME_H__ */
diff --git a/source4/heimdal/lib/roken/parse_units.c b/source4/heimdal/lib/roken/parse_units.c
index a848298c57..d2857cfa07 100644
--- a/source4/heimdal/lib/roken/parse_units.c
+++ b/source4/heimdal/lib/roken/parse_units.c
@@ -70,7 +70,7 @@ parse_something (const char *s, const struct units *units,
p = s;
while (*p) {
- double val;
+ int val;
char *next;
const struct units *u, *partial_unit;
size_t u_len;
@@ -80,7 +80,7 @@ parse_something (const char *s, const struct units *units,
while(isspace((unsigned char)*p) || *p == ',')
++p;
- val = strtod (p, &next); /* strtol(p, &next, 0); */
+ val = strtol(p, &next, 0);
if (p == next) {
val = 0;
if(!accept_no_val_p)
@@ -149,7 +149,7 @@ acc_units(int res, int val, unsigned mult)
return res + val * mult;
}
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
parse_units (const char *s, const struct units *units,
const char *def_unit)
{
@@ -175,7 +175,7 @@ acc_flags(int res, int val, unsigned mult)
return -1;
}
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
parse_flags (const char *s, const struct units *units,
int orig)
{
@@ -208,7 +208,7 @@ unparse_something (int num, const struct units *units, char *s, size_t len,
tmp = (*print) (s, len, divisor, u->name, num);
if (tmp < 0)
return tmp;
- if (tmp > len) {
+ if (tmp > (int) len) {
len = 0;
s = NULL;
} else {
@@ -245,7 +245,7 @@ update_unit_approx (int in, unsigned mult)
return update_unit (in, mult);
}
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
unparse_units (int num, const struct units *units, char *s, size_t len)
{
return unparse_something (num, units, s, len,
@@ -254,7 +254,7 @@ unparse_units (int num, const struct units *units, char *s, size_t len)
"0");
}
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
unparse_units_approx (int num, const struct units *units, char *s, size_t len)
{
return unparse_something (num, units, s, len,
@@ -263,7 +263,7 @@ unparse_units_approx (int num, const struct units *units, char *s, size_t len)
"0");
}
-void ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
print_units_table (const struct units *units, FILE *f)
{
const struct units *u, *u2;
@@ -308,7 +308,7 @@ update_flag (int in, unsigned mult)
return in - mult;
}
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
unparse_flags (int num, const struct units *units, char *s, size_t len)
{
return unparse_something (num, units, s, len,
@@ -317,7 +317,7 @@ unparse_flags (int num, const struct units *units, char *s, size_t len)
"");
}
-void ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
print_flags_table (const struct units *units, FILE *f)
{
const struct units *u;
diff --git a/source4/heimdal/lib/roken/parse_units.h b/source4/heimdal/lib/roken/parse_units.h
index 2f2235bb0d..2d1c286906 100644
--- a/source4/heimdal/lib/roken/parse_units.h
+++ b/source4/heimdal/lib/roken/parse_units.h
@@ -41,9 +41,11 @@
#ifndef ROKEN_LIB_FUNCTION
#ifdef _WIN32
-#define ROKEN_LIB_FUNCTION _stdcall
+#define ROKEN_LIB_FUNCTION
+#define ROKEN_LIB_CALL __cdecl
#else
#define ROKEN_LIB_FUNCTION
+#define ROKEN_LIB_CALL
#endif
#endif
@@ -52,28 +54,28 @@ struct units {
unsigned mult;
};
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
parse_units (const char *s, const struct units *units,
const char *def_unit);
-void ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
print_units_table (const struct units *units, FILE *f);
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
parse_flags (const char *s, const struct units *units,
int orig);
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
unparse_units (int num, const struct units *units, char *s, size_t len);
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
unparse_units_approx (int num, const struct units *units, char *s,
size_t len);
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
unparse_flags (int num, const struct units *units, char *s, size_t len);
-void ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
print_flags_table (const struct units *units, FILE *f);
#endif /* __PARSE_UNITS_H__ */
diff --git a/source4/heimdal/lib/roken/resolve.c b/source4/heimdal/lib/roken/resolve.c
index 419c8d94e0..0c0fc1dd92 100644
--- a/source4/heimdal/lib/roken/resolve.c
+++ b/source4/heimdal/lib/roken/resolve.c
@@ -78,7 +78,7 @@ static struct stot{
int _resolve_debug = 0;
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
rk_dns_string_to_type(const char *name)
{
struct stot *p = stot;
@@ -88,7 +88,7 @@ rk_dns_string_to_type(const char *name)
return -1;
}
-const char * ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION const char * ROKEN_LIB_CALL
rk_dns_type_to_string(int type)
{
struct stot *p = stot;
@@ -110,7 +110,7 @@ dns_free_rr(struct rk_resource_record *rr)
free(rr);
}
-void ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
rk_dns_free_data(struct rk_dns_reply *r)
{
struct rk_resource_record *rr;
@@ -584,7 +584,7 @@ dns_lookup_int(const char *domain, int rr_class, int rr_type)
return r;
}
-struct rk_dns_reply * ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION struct rk_dns_reply * ROKEN_LIB_CALL
rk_dns_lookup(const char *domain, const char *type_name)
{
int type;
@@ -614,7 +614,7 @@ compare_srv(const void *a, const void *b)
#endif
/* try to rearrange the srv-records by the algorithm in RFC2782 */
-void ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
rk_dns_srv_order(struct rk_dns_reply *r)
{
struct rk_resource_record **srvs, **ss, **headp;
@@ -704,18 +704,18 @@ rk_dns_srv_order(struct rk_dns_reply *r)
#else /* NOT defined(HAVE_RES_SEARCH) && defined(HAVE_DN_EXPAND) */
-struct rk_dns_reply * ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION struct rk_dns_reply * ROKEN_LIB_CALL
rk_dns_lookup(const char *domain, const char *type_name)
{
return NULL;
}
-void ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
rk_dns_free_data(struct rk_dns_reply *r)
{
}
-void ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
rk_dns_srv_order(struct rk_dns_reply *r)
{
}
diff --git a/source4/heimdal/lib/roken/resolve.h b/source4/heimdal/lib/roken/resolve.h
index 91b2afefe7..adec8084b8 100644
--- a/source4/heimdal/lib/roken/resolve.h
+++ b/source4/heimdal/lib/roken/resolve.h
@@ -38,9 +38,11 @@
#ifndef ROKEN_LIB_FUNCTION
#ifdef _WIN32
-#define ROKEN_LIB_FUNCTION _stdcall
+#define ROKEN_LIB_FUNCTION
+#define ROKEN_LIB_CALL __cdecl
#else
#define ROKEN_LIB_FUNCTION
+#define ROKEN_LIB_CALL
#endif
#endif
@@ -231,15 +233,15 @@ struct rk_dns_reply{
extern "C" {
#endif
-struct rk_dns_reply* ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION struct rk_dns_reply* ROKEN_LIB_CALL
rk_dns_lookup(const char *, const char *);
-void ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
rk_dns_free_data(struct rk_dns_reply *);
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
rk_dns_string_to_type(const char *name);
-const char *ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION const char * ROKEN_LIB_CALL
rk_dns_type_to_string(int type);
-void ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
rk_dns_srv_order(struct rk_dns_reply*);
#ifdef __cplusplus
diff --git a/source4/heimdal/lib/roken/rkpty.c b/source4/heimdal/lib/roken/rkpty.c
index 6043e2b815..0faf668615 100644
--- a/source4/heimdal/lib/roken/rkpty.c
+++ b/source4/heimdal/lib/roken/rkpty.c
@@ -41,7 +41,9 @@
#endif
#include <stdio.h>
#include <stdlib.h>
+#ifdef HAVE_UNISTD_H
#include <unistd.h>
+#endif
#ifdef HAVE_PTY_H
#include <pty.h>
#endif
diff --git a/source4/heimdal/lib/roken/roken-common.h b/source4/heimdal/lib/roken/roken-common.h
index ea7dcaade0..a437d8a346 100644
--- a/source4/heimdal/lib/roken/roken-common.h
+++ b/source4/heimdal/lib/roken/roken-common.h
@@ -38,9 +38,11 @@
#ifndef ROKEN_LIB_FUNCTION
#ifdef _WIN32
-#define ROKEN_LIB_FUNCTION _stdcall
+#define ROKEN_LIB_FUNCTION
+#define ROKEN_LIB_CALL __cdecl
#else
#define ROKEN_LIB_FUNCTION
+#define ROKEN_LIB_CALL
#endif
#endif
@@ -120,6 +122,8 @@
#define O_ACCMODE 003
#endif
+#ifndef _WIN32
+
#ifndef _PATH_DEV
#define _PATH_DEV "/dev/"
#endif
@@ -144,6 +148,16 @@
#define MAXPATHLEN (1024+4)
#endif
+#endif /* !_WIN32 */
+
+#ifndef PATH_MAX
+#define PATH_MAX MAX_PATH
+#endif
+
+#ifndef RETSIGTYPE
+#define RETSIGTYPE void
+#endif
+
#ifndef SIG_ERR
#define SIG_ERR ((RETSIGTYPE (*)(int))-1)
#endif
@@ -261,193 +275,215 @@
ROKEN_CPP_START
#ifndef IRIX4 /* fix for compiler bug */
+#ifndef _WIN32
#ifdef RETSIGTYPE
typedef RETSIGTYPE (*SigAction)(int);
SigAction signal(int iSig, SigAction pAction); /* BSD compatible */
#endif
#endif
+#endif
+
+#define SE_E_UNSPECIFIED (-1)
+#define SE_E_FORKFAILED (-2)
+#define SE_E_WAITPIDFAILED (-3)
+#define SE_E_EXECTIMEOUT (-4)
+#define SE_E_NOEXEC 126
+#define SE_E_NOTFOUND 127
+
+#define SE_PROCSTATUS(st) (((st) >= 0 && (st) < 126)? st: -1)
+#define SE_PROCSIGNAL(st) (((st) >= 128)? (st) - 128: -1)
+#define SE_IS_ERROR(st) ((st) < 0 || (st) >= 126)
+
#define simple_execve rk_simple_execve
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
simple_execve(const char*, char*const[], char*const[]);
#define simple_execve_timed rk_simple_execve_timed
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
simple_execve_timed(const char *, char *const[],
char *const [], time_t (*)(void *),
void *, time_t);
#define simple_execvp rk_simple_execvp
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
simple_execvp(const char*, char *const[]);
#define simple_execvp_timed rk_simple_execvp_timed
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
simple_execvp_timed(const char *, char *const[],
time_t (*)(void *), void *, time_t);
#define simple_execlp rk_simple_execlp
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
simple_execlp(const char*, ...);
#define simple_execle rk_simple_execle
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
simple_execle(const char*, ...);
#define wait_for_process rk_wait_for_process
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
wait_for_process(pid_t);
#define wait_for_process_timed rk_wait_for_process_timed
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
wait_for_process_timed(pid_t, time_t (*)(void *),
- void *, time_t);
+ void *, time_t);
+
#define pipe_execv rk_pipe_execv
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
pipe_execv(FILE**, FILE**, FILE**, const char*, ...);
#define print_version rk_print_version
-void ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
print_version(const char *);
#define eread rk_eread
-ssize_t ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL
eread (int fd, void *buf, size_t nbytes);
#define ewrite rk_ewrite
-ssize_t ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL
ewrite (int fd, const void *buf, size_t nbytes);
struct hostent;
#define hostent_find_fqdn rk_hostent_find_fqdn
-const char * ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION const char * ROKEN_LIB_CALL
hostent_find_fqdn (const struct hostent *);
#define esetenv rk_esetenv
-void ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
esetenv(const char *, const char *, int);
#define socket_set_address_and_port rk_socket_set_address_and_port
-void ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
socket_set_address_and_port (struct sockaddr *, const void *, int);
#define socket_addr_size rk_socket_addr_size
-size_t ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION size_t ROKEN_LIB_CALL
socket_addr_size (const struct sockaddr *);
#define socket_set_any rk_socket_set_any
-void ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
socket_set_any (struct sockaddr *, int);
#define socket_sockaddr_size rk_socket_sockaddr_size
-size_t ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION size_t ROKEN_LIB_CALL
socket_sockaddr_size (const struct sockaddr *);
#define socket_get_address rk_socket_get_address
-void * ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION void * ROKEN_LIB_CALL
socket_get_address (const struct sockaddr *);
#define socket_get_port rk_socket_get_port
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
socket_get_port (const struct sockaddr *);
#define socket_set_port rk_socket_set_port
-void ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
socket_set_port (struct sockaddr *, int);
#define socket_set_portrange rk_socket_set_portrange
-void ROKEN_LIB_FUNCTION
-socket_set_portrange (int, int, int);
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
+socket_set_portrange (rk_socket_t, int, int);
#define socket_set_debug rk_socket_set_debug
-void ROKEN_LIB_FUNCTION
-socket_set_debug (int);
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
+socket_set_debug (rk_socket_t);
#define socket_set_tos rk_socket_set_tos
-void ROKEN_LIB_FUNCTION
-socket_set_tos (int, int);
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
+socket_set_tos (rk_socket_t, int);
#define socket_set_reuseaddr rk_socket_set_reuseaddr
-void ROKEN_LIB_FUNCTION
-socket_set_reuseaddr (int, int);
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
+socket_set_reuseaddr (rk_socket_t, int);
#define socket_set_ipv6only rk_socket_set_ipv6only
-void ROKEN_LIB_FUNCTION
-socket_set_ipv6only (int, int);
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
+socket_set_ipv6only (rk_socket_t, int);
+
+#define socket_to_fd rk_socket_to_fd
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
+socket_to_fd(rk_socket_t, int);
#define vstrcollect rk_vstrcollect
-char ** ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION char ** ROKEN_LIB_CALL
vstrcollect(va_list *ap);
#define strcollect rk_strcollect
-char ** ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION char ** ROKEN_LIB_CALL
strcollect(char *first, ...);
#define timevalfix rk_timevalfix
-void ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
timevalfix(struct timeval *t1);
#define timevaladd rk_timevaladd
-void ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
timevaladd(struct timeval *t1, const struct timeval *t2);
#define timevalsub rk_timevalsub
-void ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
timevalsub(struct timeval *t1, const struct timeval *t2);
#define pid_file_write rk_pid_file_write
-char *ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL
pid_file_write (const char *progname);
#define pid_file_delete rk_pid_file_delete
-void ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
pid_file_delete (char **);
#define read_environment rk_read_environment
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
read_environment(const char *file, char ***env);
#define free_environment rk_free_environment
-void ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
free_environment(char **);
#define warnerr rk_warnerr
-void ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
rk_warnerr(int doerrno, const char *fmt, va_list ap)
__attribute__ ((format (printf, 2, 0)));
-void * ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION void * ROKEN_LIB_CALL
rk_realloc(void *, size_t);
struct rk_strpool;
-char * ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL
rk_strpoolcollect(struct rk_strpool *);
-struct rk_strpool * ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION struct rk_strpool * ROKEN_LIB_CALL
rk_strpoolprintf(struct rk_strpool *, const char *, ...)
__attribute__ ((format (printf, 2, 3)));
-void ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
rk_strpoolfree(struct rk_strpool *);
-void ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
rk_dumpdata (const char *, const void *, size_t);
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
rk_undumpdata (const char *, void **, size_t *);
-void ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
rk_xfree (void *);
-void ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
rk_cloexec(int);
-void ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
rk_cloexec_file(FILE *);
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
+rk_cloexec_dir(DIR *);
+
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
ct_memcmp(const void *, const void *, size_t);
ROKEN_CPP_END
diff --git a/source4/heimdal/lib/roken/roken.h.in b/source4/heimdal/lib/roken/roken.h.in
index 6fc533c697..0492db4d6b 100644
--- a/source4/heimdal/lib/roken/roken.h.in
+++ b/source4/heimdal/lib/roken/roken.h.in
@@ -41,6 +41,96 @@
#include <string.h>
#include <signal.h>
+#ifndef ROKEN_LIB_FUNCTION
+#ifdef _WIN32
+#define ROKEN_LIB_FUNCTION
+#define ROKEN_LIB_CALL __cdecl
+#else
+#define ROKEN_LIB_FUNCTION
+#define ROKEN_LIB_CALL
+#endif
+#endif
+
+#ifdef HAVE_WINSOCK
+/* Declarations for Microsoft Windows */
+
+#include<ws2tcpip.h>
+
+/*
+ * error codes for inet_ntop/inet_pton
+ */
+#define EAFNOSUPPORT WSAEAFNOSUPPORT
+
+typedef SOCKET rk_socket_t;
+
+#define rk_closesocket(x) closesocket(x)
+#define rk_INVALID_SOCKET INVALID_SOCKET
+#define rk_IS_BAD_SOCKET(s) ((s) == INVALID_SOCKET)
+#define rk_IS_SOCKET_ERROR(rv) ((rv) == SOCKET_ERROR)
+#define rk_SOCK_ERRNO WSAGetLastError()
+#define rk_SOCK_IOCTL(s,c,a) ioctlsocket((s),(c),(a))
+
+#define ETIMEDOUT WSAETIMEDOUT
+#define EWOULDBLOCK WSAEWOULDBLOCK
+#define ENOTSOCK WSAENOTSOCK
+
+#define rk_SOCK_INIT() rk_WSAStartup()
+#define rk_SOCK_EXIT() rk_WSACleanup()
+
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rk_WSAStartup(void);
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rk_WSACleanup(void);
+
+#else /* not WinSock */
+
+typedef int rk_socket_t;
+
+#define rk_closesocket(x) close(x)
+#define rk_SOCK_IOCTL(s,c,a) ioctl((s),(c),(a))
+#define rk_IS_BAD_SOCKET(s) ((s) < 0)
+#define rk_IS_SOCKET_ERROR(rv) ((rv) < 0)
+#define rk_SOCK_ERRNO errno
+#define rk_INVALID_SOCKET (-1)
+
+#define rk_SOCK_INIT() 0
+#define rk_SOCK_EXIT() do { } while(0)
+
+#endif
+
+#ifdef _MSC_VER
+/* Declarations for Microsoft Visual C runtime on Windows */
+
+#include<process.h>
+
+#include<io.h>
+
+#ifndef __BIT_TYPES_DEFINED__
+#define __BIT_TYPES_DEFINED__
+
+typedef __int8 int8_t;
+typedef __int16 int16_t;
+typedef __int32 int32_t;
+typedef __int64 int64_t;
+typedef unsigned __int8 uint8_t;
+typedef unsigned __int16 uint16_t;
+typedef unsigned __int32 uint32_t;
+typedef unsigned __int64 uint64_t;
+typedef uint8_t u_int8_t;
+typedef uint16_t u_int16_t;
+typedef uint32_t u_int32_t;
+typedef uint64_t u_int64_t;
+
+#endif /* __BIT_TYPES_DEFINED__ */
+
+#define UNREACHABLE(x) x
+#define UNUSED_ARGUMENT(x) ((void) x)
+
+#else
+
+#define UNREACHABLE(x)
+#define UNUSED_ARGUMENT(x)
+
+#endif
+
#ifdef _AIX
struct ether_addr;
struct sockaddr_dl;
@@ -132,9 +222,21 @@ struct sockaddr_dl;
#include <paths.h>
#endif
+#ifdef HAVE_DIRENT_H
+#include <dirent.h>
+#endif
+
+#ifdef BACKSLASH_PATH_DELIM
+#define rk_PATH_DELIM '\\'
+#endif
+
#ifndef HAVE_SSIZE_T
+#ifdef _WIN64
+typedef __int64 ssize_t;
+#else
typedef int ssize_t;
#endif
+#endif
#include <roken-common.h>
@@ -150,23 +252,86 @@ ROKEN_CPP_START
#define setsid _setsid
#endif
+#ifdef _MSC_VER
+/* Additional macros for Visual C/C++ runtime */
+
+#define close _close
+
+#define getpid _getpid
+
+#define open _open
+
+#define chdir _chdir
+
+#define fsync _commit
+
+/* The MSVC implementation of snprintf is not C99 compliant. */
+#define snprintf rk_snprintf
+#define vsnprintf rk_vsnprintf
+#define vasnprintf rk_vasnprintf
+#define vasprintf rk_vasprintf
+#define asnprintf rk_asnprintf
+#define asprintf rk_asprintf
+
+#define _PIPE_BUFFER_SZ 8192
+#define pipe(fds) _pipe((fds), _PIPE_BUFFER_SZ, O_BINARY);
+
+#define ftruncate(fd, sz) _chsize((fd), (sz))
+
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
+rk_snprintf (char *str, size_t sz, const char *format, ...);
+
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
+rk_asprintf (char **ret, const char *format, ...);
+
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
+rk_asnprintf (char **ret, size_t max_sz, const char *format, ...);
+
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
+rk_vasprintf (char **ret, const char *format, va_list args);
+
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
+rk_vasnprintf (char **ret, size_t max_sz, const char *format, va_list args);
+
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
+rk_vsnprintf (char *str, size_t sz, const char *format, va_list args);
+
+/* missing stat.h predicates */
+
+#define S_ISREG(m) (((m) & _S_IFREG) == _S_IFREG)
+
+#define S_ISDIR(m) (((m) & _S_IFDIR) == _S_IFDIR)
+
+#define S_ISCHR(m) (((m) & _S_IFCHR) == _S_IFCHR)
+
+#define S_ISFIFO(m) (((m) & _S_IFIFO) == _S_IFIFO)
+
+/* The following are not implemented:
+
+ S_ISLNK(m)
+ S_ISSOCK(m)
+ S_ISBLK(m)
+*/
+
+#endif /* _MSC_VER */
+
#ifndef HAVE_PUTENV
#define putenv rk_putenv
-int ROKEN_LIB_FUNCTION putenv(const char *);
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL putenv(const char *);
#endif
#if !defined(HAVE_SETENV) || defined(NEED_SETENV_PROTO)
#ifndef HAVE_SETENV
#define setenv rk_setenv
#endif
-int ROKEN_LIB_FUNCTION setenv(const char *, const char *, int);
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL setenv(const char *, const char *, int);
#endif
#if !defined(HAVE_UNSETENV) || defined(NEED_UNSETENV_PROTO)
#ifndef HAVE_UNSETENV
#define unsetenv rk_unsetenv
#endif
-void ROKEN_LIB_FUNCTION unsetenv(const char *);
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL unsetenv(const char *);
#endif
#if !defined(HAVE_GETUSERSHELL) || defined(NEED_GETUSERSHELL_PROTO)
@@ -174,15 +339,15 @@ void ROKEN_LIB_FUNCTION unsetenv(const char *);
#define getusershell rk_getusershell
#define endusershell rk_endusershell
#endif
-char * ROKEN_LIB_FUNCTION getusershell(void);
-void ROKEN_LIB_FUNCTION endusershell(void);
+ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL getusershell(void);
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL endusershell(void);
#endif
#if !defined(HAVE_SNPRINTF) || defined(NEED_SNPRINTF_PROTO)
#ifndef HAVE_SNPRINTF
#define snprintf rk_snprintf
#endif
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
rk_snprintf (char *, size_t, const char *, ...)
__attribute__ ((format (printf, 3, 4)));
#endif
@@ -191,7 +356,7 @@ int ROKEN_LIB_FUNCTION
#ifndef HAVE_VSNPRINTF
#define vsnprintf rk_vsnprintf
#endif
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
rk_vsnprintf (char *, size_t, const char *, va_list)
__attribute__((format (printf, 3, 0)));
#endif
@@ -200,7 +365,7 @@ int ROKEN_LIB_FUNCTION
#ifndef HAVE_ASPRINTF
#define asprintf rk_asprintf
#endif
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
rk_asprintf (char **, const char *, ...)
__attribute__ ((format (printf, 2, 3)));
#endif
@@ -209,7 +374,7 @@ int ROKEN_LIB_FUNCTION
#ifndef HAVE_VASPRINTF
#define vasprintf rk_vasprintf
#endif
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
rk_vasprintf (char **, const char *, va_list)
__attribute__((format (printf, 2, 0)));
#endif
@@ -218,7 +383,7 @@ int ROKEN_LIB_FUNCTION
#ifndef HAVE_ASNPRINTF
#define asnprintf rk_asnprintf
#endif
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
rk_asnprintf (char **, size_t, const char *, ...)
__attribute__ ((format (printf, 3, 4)));
#endif
@@ -227,91 +392,91 @@ int ROKEN_LIB_FUNCTION
#ifndef HAVE_VASNPRINTF
#define vasnprintf rk_vasnprintf
#endif
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
vasnprintf (char **, size_t, const char *, va_list)
__attribute__((format (printf, 3, 0)));
#endif
#ifndef HAVE_STRDUP
#define strdup rk_strdup
-char * ROKEN_LIB_FUNCTION strdup(const char *);
+ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL strdup(const char *);
#endif
#if !defined(HAVE_STRNDUP) || defined(NEED_STRNDUP_PROTO)
#ifndef HAVE_STRNDUP
#define strndup rk_strndup
#endif
-char * ROKEN_LIB_FUNCTION strndup(const char *, size_t);
+ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL strndup(const char *, size_t);
#endif
#ifndef HAVE_STRLWR
#define strlwr rk_strlwr
-char * ROKEN_LIB_FUNCTION strlwr(char *);
+ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL strlwr(char *);
#endif
#ifndef HAVE_STRNLEN
#define strnlen rk_strnlen
-size_t ROKEN_LIB_FUNCTION strnlen(const char*, size_t);
+ROKEN_LIB_FUNCTION size_t ROKEN_LIB_CALL strnlen(const char*, size_t);
#endif
#if !defined(HAVE_STRSEP) || defined(NEED_STRSEP_PROTO)
#ifndef HAVE_STRSEP
#define strsep rk_strsep
#endif
-char * ROKEN_LIB_FUNCTION strsep(char**, const char*);
+ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL strsep(char**, const char*);
#endif
#if !defined(HAVE_STRSEP_COPY) || defined(NEED_STRSEP_COPY_PROTO)
#ifndef HAVE_STRSEP_COPY
#define strsep_copy rk_strsep_copy
#endif
-ssize_t ROKEN_LIB_FUNCTION strsep_copy(const char**, const char*, char*, size_t);
+ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL strsep_copy(const char**, const char*, char*, size_t);
#endif
#ifndef HAVE_STRCASECMP
#define strcasecmp rk_strcasecmp
-int ROKEN_LIB_FUNCTION strcasecmp(const char *, const char *);
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL strcasecmp(const char *, const char *);
#endif
#ifdef NEED_FCLOSE_PROTO
-int ROKEN_LIB_FUNCTION fclose(FILE *);
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL fclose(FILE *);
#endif
#ifdef NEED_STRTOK_R_PROTO
-char * ROKEN_LIB_FUNCTION strtok_r(char *, const char *, char **);
+ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL strtok_r(char *, const char *, char **);
#endif
#ifndef HAVE_STRUPR
#define strupr rk_strupr
-char * ROKEN_LIB_FUNCTION strupr(char *);
+ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL strupr(char *);
#endif
#ifndef HAVE_STRLCPY
#define strlcpy rk_strlcpy
-size_t ROKEN_LIB_FUNCTION strlcpy (char *, const char *, size_t);
+ROKEN_LIB_FUNCTION size_t ROKEN_LIB_CALL strlcpy (char *, const char *, size_t);
#endif
#ifndef HAVE_STRLCAT
#define strlcat rk_strlcat
-size_t ROKEN_LIB_FUNCTION strlcat (char *, const char *, size_t);
+ROKEN_LIB_FUNCTION size_t ROKEN_LIB_CALL strlcat (char *, const char *, size_t);
#endif
#ifndef HAVE_GETDTABLESIZE
#define getdtablesize rk_getdtablesize
-int ROKEN_LIB_FUNCTION getdtablesize(void);
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL getdtablesize(void);
#endif
#if !defined(HAVE_STRERROR) && !defined(strerror)
#define strerror rk_strerror
-char * ROKEN_LIB_FUNCTION strerror(int);
+ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL strerror(int);
#endif
-#if !defined(HAVE_STRERROR) && !defined(strerror)
-#define strerror_r rk_strerror_r
-int ROKEN_LIB_FUNCTION strerror_r(int, char *, size_t);
+#if !defined(HAVE_STRERROR_R) && !defined(strerror_r) && !defined(STRERROR_R_PROTO_COMPATIBLE)
+int ROKEN_LIB_FUNCTION rk_strerror_r(int, char *, size_t);
+#else
+#define rk_strerror_r strerror_r
#endif
-
#if !defined(HAVE_HSTRERROR) || defined(NEED_HSTRERROR_PROTO)
#ifndef HAVE_HSTRERROR
#define hstrerror rk_hstrerror
@@ -319,6 +484,7 @@ int ROKEN_LIB_FUNCTION strerror_r(int, char *, size_t);
/* This causes a fatal error under Psoriasis */
#ifndef SunOS
const char * ROKEN_LIB_FUNCTION hstrerror(int);
+ROKEN_LIB_FUNCTION const char * ROKEN_LIB_CALL hstrerror(int);
#endif
#endif
@@ -330,88 +496,88 @@ extern int h_errno;
#ifndef HAVE_INET_ATON
#define inet_aton rk_inet_aton
#endif
-int ROKEN_LIB_FUNCTION inet_aton(const char *, struct in_addr *);
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL inet_aton(const char *, struct in_addr *);
#endif
#ifndef HAVE_INET_NTOP
#define inet_ntop rk_inet_ntop
-const char * ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION const char * ROKEN_LIB_CALL
inet_ntop(int af, const void *src, char *dst, size_t size);
#endif
#ifndef HAVE_INET_PTON
#define inet_pton rk_inet_pton
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
inet_pton(int, const char *, void *);
#endif
#ifndef HAVE_GETCWD
#define getcwd rk_getcwd
-char* ROKEN_LIB_FUNCTION getcwd(char *, size_t);
+ROKEN_LIB_FUNCTION char* ROKEN_LIB_CALL getcwd(char *, size_t);
#endif
#ifdef HAVE_PWD_H
#include <pwd.h>
-struct passwd * ROKEN_LIB_FUNCTION k_getpwnam (const char *);
-struct passwd * ROKEN_LIB_FUNCTION k_getpwuid (uid_t);
+ROKEN_LIB_FUNCTION struct passwd * ROKEN_LIB_CALL k_getpwnam (const char *);
+ROKEN_LIB_FUNCTION struct passwd * ROKEN_LIB_CALL k_getpwuid (uid_t);
#endif
-const char * ROKEN_LIB_FUNCTION get_default_username (void);
+ROKEN_LIB_FUNCTION const char * ROKEN_LIB_CALL get_default_username (void);
#ifndef HAVE_SETEUID
#define seteuid rk_seteuid
-int ROKEN_LIB_FUNCTION seteuid(uid_t);
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL seteuid(uid_t);
#endif
#ifndef HAVE_SETEGID
#define setegid rk_setegid
-int ROKEN_LIB_FUNCTION setegid(gid_t);
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL setegid(gid_t);
#endif
#ifndef HAVE_LSTAT
#define lstat rk_lstat
-int ROKEN_LIB_FUNCTION lstat(const char *, struct stat *);
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL lstat(const char *, struct stat *);
#endif
#if !defined(HAVE_MKSTEMP) || defined(NEED_MKSTEMP_PROTO)
#ifndef HAVE_MKSTEMP
#define mkstemp rk_mkstemp
#endif
-int ROKEN_LIB_FUNCTION mkstemp(char *);
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL mkstemp(char *);
#endif
#ifndef HAVE_CGETENT
#define cgetent rk_cgetent
#define cgetstr rk_cgetstr
-int ROKEN_LIB_FUNCTION cgetent(char **, char **, const char *);
-int ROKEN_LIB_FUNCTION cgetstr(char *, const char *, char **);
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL cgetent(char **, char **, const char *);
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL cgetstr(char *, const char *, char **);
#endif
#ifndef HAVE_INITGROUPS
#define initgroups rk_initgroups
-int ROKEN_LIB_FUNCTION initgroups(const char *, gid_t);
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL initgroups(const char *, gid_t);
#endif
#ifndef HAVE_FCHOWN
#define fchown rk_fchown
-int ROKEN_LIB_FUNCTION fchown(int, uid_t, gid_t);
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL fchown(int, uid_t, gid_t);
#endif
#if !defined(HAVE_DAEMON) || defined(NEED_DAEMON_PROTO)
#ifndef HAVE_DAEMON
#define daemon rk_daemon
#endif
-int ROKEN_LIB_FUNCTION daemon(int, int);
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL daemon(int, int);
#endif
#ifndef HAVE_CHOWN
#define chown rk_chown
-int ROKEN_LIB_FUNCTION chown(const char *, uid_t, gid_t);
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL chown(const char *, uid_t, gid_t);
#endif
#ifndef HAVE_RCMD
#define rcmd rk_rcmd
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
rcmd(char **, unsigned short, const char *,
const char *, const char *, int *);
#endif
@@ -420,13 +586,13 @@ int ROKEN_LIB_FUNCTION
#ifndef HAVE_INNETGR
#define innetgr rk_innetgr
#endif
-int ROKEN_LIB_FUNCTION innetgr(const char*, const char*,
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL innetgr(const char*, const char*,
const char*, const char*);
#endif
#ifndef HAVE_IRUSEROK
#define iruserok rk_iruserok
-int ROKEN_LIB_FUNCTION iruserok(unsigned, int,
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL iruserok(unsigned, int,
const char *, const char *);
#endif
@@ -434,34 +600,38 @@ int ROKEN_LIB_FUNCTION iruserok(unsigned, int,
#ifndef HAVE_GETHOSTNAME
#define gethostname rk_gethostname
#endif
-int ROKEN_LIB_FUNCTION gethostname(char *, int);
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL gethostname(char *, int);
#endif
#ifndef HAVE_WRITEV
#define writev rk_writev
-ssize_t ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL
writev(int, const struct iovec *, int);
#endif
#ifndef HAVE_READV
#define readv rk_readv
-ssize_t ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL
readv(int, const struct iovec *, int);
#endif
#ifndef HAVE_PIDFILE
+#ifdef NO_PIDFILES
+#define pidfile(x) ((void) 0)
+#else
#define pidfile rk_pidfile
-void ROKEN_LIB_FUNCTION pidfile (const char*);
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL pidfile (const char*);
+#endif
#endif
#ifndef HAVE_BSWAP32
#define bswap32 rk_bswap32
-unsigned int ROKEN_LIB_FUNCTION bswap32(unsigned int);
+ROKEN_LIB_FUNCTION unsigned int ROKEN_LIB_CALL bswap32(unsigned int);
#endif
#ifndef HAVE_BSWAP16
#define bswap16 rk_bswap16
-unsigned short ROKEN_LIB_FUNCTION bswap16(unsigned short);
+ROKEN_LIB_FUNCTION unsigned short ROKEN_LIB_CALL bswap16(unsigned short);
#endif
#ifndef HAVE_FLOCK
@@ -486,24 +656,27 @@ int rk_flock(int fd, int operation);
#define dirfd(x) ((x)->dd_fd)
#endif
-time_t ROKEN_LIB_FUNCTION tm2time (struct tm, int);
+ROKEN_LIB_FUNCTION time_t ROKEN_LIB_CALL tm2time (struct tm, int);
-int ROKEN_LIB_FUNCTION unix_verify_user(char *, char *);
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL unix_verify_user(char *, char *);
-int ROKEN_LIB_FUNCTION roken_concat (char *, size_t, ...);
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL roken_concat (char *, size_t, ...);
-size_t ROKEN_LIB_FUNCTION roken_mconcat (char **, size_t, ...);
+ROKEN_LIB_FUNCTION size_t ROKEN_LIB_CALL roken_mconcat (char **, size_t, ...);
-int ROKEN_LIB_FUNCTION roken_vconcat (char *, size_t, va_list);
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL roken_vconcat (char *, size_t, va_list);
-size_t ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION size_t ROKEN_LIB_CALL
roken_vmconcat (char **, size_t, va_list);
-ssize_t ROKEN_LIB_FUNCTION net_write (int, const void *, size_t);
+ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL
+ net_write (rk_socket_t, const void *, size_t);
-ssize_t ROKEN_LIB_FUNCTION net_read (int, void *, size_t);
+ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL
+ net_read (rk_socket_t, void *, size_t);
-int ROKEN_LIB_FUNCTION issuid(void);
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
+ issuid(void);
#ifndef HAVE_STRUCT_WINSIZE
struct winsize {
@@ -512,11 +685,11 @@ struct winsize {
};
#endif
-int ROKEN_LIB_FUNCTION get_window_size(int fd, struct winsize *);
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL get_window_size(int fd, struct winsize *);
#ifndef HAVE_VSYSLOG
#define vsyslog rk_vsyslog
-void ROKEN_LIB_FUNCTION vsyslog(int, const char *, va_list);
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL vsyslog(int, const char *, va_list);
#endif
#if !HAVE_DECL_OPTARG
@@ -531,25 +704,25 @@ extern int opterr;
#ifndef HAVE_GETIPNODEBYNAME
#define getipnodebyname rk_getipnodebyname
-struct hostent * ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION struct hostent * ROKEN_LIB_CALL
getipnodebyname (const char *, int, int, int *);
#endif
#ifndef HAVE_GETIPNODEBYADDR
#define getipnodebyaddr rk_getipnodebyaddr
-struct hostent * ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION struct hostent * ROKEN_LIB_CALL
getipnodebyaddr (const void *, size_t, int, int *);
#endif
#ifndef HAVE_FREEHOSTENT
#define freehostent rk_freehostent
-void ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
freehostent (struct hostent *);
#endif
#ifndef HAVE_COPYHOSTENT
#define copyhostent rk_copyhostent
-struct hostent * ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION struct hostent * ROKEN_LIB_CALL
copyhostent (const struct hostent *);
#endif
@@ -617,7 +790,7 @@ struct addrinfo {
#ifndef HAVE_GETADDRINFO
#define getaddrinfo rk_getaddrinfo
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
getaddrinfo(const char *,
const char *,
const struct addrinfo *,
@@ -626,7 +799,7 @@ getaddrinfo(const char *,
#ifndef HAVE_GETNAMEINFO
#define getnameinfo rk_getnameinfo
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
getnameinfo(const struct sockaddr *, socklen_t,
char *, size_t,
char *, size_t,
@@ -635,65 +808,103 @@ getnameinfo(const struct sockaddr *, socklen_t,
#ifndef HAVE_FREEADDRINFO
#define freeaddrinfo rk_freeaddrinfo
-void ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
freeaddrinfo(struct addrinfo *);
#endif
#ifndef HAVE_GAI_STRERROR
#define gai_strerror rk_gai_strerror
-const char * ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION const char * ROKEN_LIB_CALL
gai_strerror(int);
#endif
-int ROKEN_LIB_FUNCTION
+#ifdef HAVE_WINSOCK
+
+/* While we are at it, define WinSock specific scatter gather socket
+ I/O. */
+
+#define iovec _WSABUF
+#define iov_base buf
+#define iov_len len
+
+struct msghdr {
+ void *msg_name;
+ socklen_t msg_namelen;
+ struct iovec *msg_iov;
+ size_t msg_iovlen;
+ void *msg_control;
+ socklen_t msg_controllen;
+ int msg_flags;
+};
+
+#define sendmsg sendmsg_w32
+
+ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL
+sendmsg_w32(rk_socket_t s, const struct msghdr * msg, int flags);
+
+#endif
+
+#ifdef NO_SLEEP
+
+ROKEN_LIB_FUNCTION unsigned int ROKEN_LIB_CALL
+sleep(unsigned int seconds);
+
+#endif
+
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
getnameinfo_verified(const struct sockaddr *, socklen_t,
char *, size_t,
char *, size_t,
int);
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
roken_getaddrinfo_hostspec(const char *, int, struct addrinfo **);
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
roken_getaddrinfo_hostspec2(const char *, int, int, struct addrinfo **);
#ifndef HAVE_STRFTIME
#define strftime rk_strftime
-size_t ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION size_t ROKEN_LIB_CALL
strftime (char *, size_t, const char *, const struct tm *);
#endif
#ifndef HAVE_STRPTIME
#define strptime rk_strptime
-char * ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL
strptime (const char *, const char *, struct tm *);
#endif
+#ifndef HAVE_GETTIMEOFDAY
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
+gettimeofday (struct timeval *, void *);
+#endif
+
#ifndef HAVE_EMALLOC
#define emalloc rk_emalloc
-void * ROKEN_LIB_FUNCTION emalloc (size_t);
+ROKEN_LIB_FUNCTION void * ROKEN_LIB_CALL emalloc (size_t);
#endif
#ifndef HAVE_ECALLOC
#define ecalloc rk_ecalloc
-void * ROKEN_LIB_FUNCTION ecalloc(size_t, size_t);
+ROKEN_LIB_FUNCTION void * ROKEN_LIB_CALL ecalloc(size_t, size_t);
#endif
#ifndef HAVE_EREALLOC
#define erealloc rk_erealloc
-void * ROKEN_LIB_FUNCTION erealloc (void *, size_t);
+ROKEN_LIB_FUNCTION void * ROKEN_LIB_CALL erealloc (void *, size_t);
#endif
#ifndef HAVE_ESTRDUP
#define estrdup rk_estrdup
-char * ROKEN_LIB_FUNCTION estrdup (const char *);
+ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL estrdup (const char *);
#endif
/*
* kludges and such
*/
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
roken_gethostby_setup(const char*, const char*);
-struct hostent* ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION struct hostent* ROKEN_LIB_CALL
roken_gethostbyname(const char*);
-struct hostent* ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION struct hostent* ROKEN_LIB_CALL
roken_gethostbyaddr(const void*, size_t, int);
#ifdef GETSERVBYNAME_PROTO_COMPATIBLE
@@ -716,24 +927,27 @@ roken_gethostbyaddr(const void*, size_t, int);
#ifndef HAVE_SETPROGNAME
#define setprogname rk_setprogname
-void ROKEN_LIB_FUNCTION setprogname(const char *);
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL setprogname(const char *);
#endif
#ifndef HAVE_GETPROGNAME
#define getprogname rk_getprogname
-const char * ROKEN_LIB_FUNCTION getprogname(void);
+ROKEN_LIB_FUNCTION const char * ROKEN_LIB_CALL getprogname(void);
#endif
#if !defined(HAVE_SETPROGNAME) && !defined(HAVE_GETPROGNAME) && !HAVE_DECL___PROGNAME
extern const char *__progname;
#endif
-void ROKEN_LIB_FUNCTION mini_inetd_addrinfo (struct addrinfo*);
-void ROKEN_LIB_FUNCTION mini_inetd (int);
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
+mini_inetd_addrinfo (struct addrinfo*, rk_socket_t *);
+
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
+mini_inetd (int, rk_socket_t *);
#ifndef HAVE_LOCALTIME_R
#define localtime_r rk_localtime_r
-struct tm * ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION struct tm * ROKEN_LIB_CALL
localtime_r(const time_t *, struct tm *);
#endif
@@ -741,15 +955,23 @@ localtime_r(const time_t *, struct tm *);
#ifndef HAVE_STRSVIS
#define strsvis rk_strsvis
#endif
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
strsvis(char *, const char *, int, const char *);
#endif
+#if !defined(HAVE_STRSVISX) || defined(NEED_STRSVISX_PROTO)
+#ifndef HAVE_STRSVISX
+#define strsvisx rk_strsvisx
+#endif
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
+strsvisx(char *, const char *, size_t, int, const char *);
+#endif
+
#if !defined(HAVE_STRUNVIS) || defined(NEED_STRUNVIS_PROTO)
#ifndef HAVE_STRUNVIS
#define strunvis rk_strunvis
#endif
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
strunvis(char *, const char *);
#endif
@@ -757,7 +979,7 @@ strunvis(char *, const char *);
#ifndef HAVE_STRVIS
#define strvis rk_strvis
#endif
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
strvis(char *, const char *, int);
#endif
@@ -765,7 +987,7 @@ strvis(char *, const char *, int);
#ifndef HAVE_STRVISX
#define strvisx rk_strvisx
#endif
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
strvisx(char *, const char *, size_t, int);
#endif
@@ -773,7 +995,7 @@ strvisx(char *, const char *, size_t, int);
#ifndef HAVE_SVIS
#define svis rk_svis
#endif
-char * ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL
svis(char *, int, int, int, const char *);
#endif
@@ -781,7 +1003,7 @@ svis(char *, int, int, int, const char *);
#ifndef HAVE_UNVIS
#define unvis rk_unvis
#endif
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
unvis(char *, int, int *, int);
#endif
@@ -789,19 +1011,19 @@ unvis(char *, int, int *, int);
#ifndef HAVE_VIS
#define vis rk_vis
#endif
-char * ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL
vis(char *, int, int, int);
#endif
#if !defined(HAVE_CLOSEFROM)
#define closefrom rk_closefrom
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
closefrom(int);
#endif
#if !defined(HAVE_TIMEGM)
#define timegm rk_timegm
-time_t ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION time_t ROKEN_LIB_CALL
rk_timegm(struct tm *tm);
#endif
diff --git a/source4/heimdal/lib/roken/roken_gethostby.c b/source4/heimdal/lib/roken/roken_gethostby.c
index d87a49a04b..c99596c536 100644
--- a/source4/heimdal/lib/roken/roken_gethostby.c
+++ b/source4/heimdal/lib/roken/roken_gethostby.c
@@ -104,7 +104,7 @@ split_spec(const char *spec, char **host, int *port, char **path, int def_port)
}
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
roken_gethostby_setup(const char *proxy_spec, const char *dns_spec)
{
char *proxy_host = NULL;
@@ -207,7 +207,7 @@ roken_gethostby(const char *hostname)
}
}
-struct hostent*
+ROKEN_LIB_FUNCTION struct hostent* ROKEN_LIB_CALL
roken_gethostbyname(const char *hostname)
{
struct hostent *he;
@@ -217,7 +217,7 @@ roken_gethostbyname(const char *hostname)
return roken_gethostby(hostname);
}
-struct hostent* ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION struct hostent* ROKEN_LIB_CALL
roken_gethostbyaddr(const void *addr, size_t len, int type)
{
struct in_addr a;
diff --git a/source4/heimdal/lib/roken/rtbl.c b/source4/heimdal/lib/roken/rtbl.c
index 7d11a487cf..fe0fde662b 100644
--- a/source4/heimdal/lib/roken/rtbl.c
+++ b/source4/heimdal/lib/roken/rtbl.c
@@ -59,19 +59,19 @@ struct rtbl_data {
char *column_separator;
};
-rtbl_t ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION rtbl_t ROKEN_LIB_CALL
rtbl_create (void)
{
return calloc (1, sizeof (struct rtbl_data));
}
-void ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
rtbl_set_flags (rtbl_t table, unsigned int flags)
{
table->flags = flags;
}
-unsigned int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION unsigned int ROKEN_LIB_CALL
rtbl_get_flags (rtbl_t table)
{
return table->flags;
@@ -80,7 +80,7 @@ rtbl_get_flags (rtbl_t table)
static struct column_data *
rtbl_get_column_by_id (rtbl_t table, unsigned int id)
{
- int i;
+ size_t i;
for(i = 0; i < table->num_columns; i++)
if(table->columns[i]->column_id == id)
return table->columns[i];
@@ -90,17 +90,17 @@ rtbl_get_column_by_id (rtbl_t table, unsigned int id)
static struct column_data *
rtbl_get_column (rtbl_t table, const char *column)
{
- int i;
+ size_t i;
for(i = 0; i < table->num_columns; i++)
if(strcmp(table->columns[i]->header, column) == 0)
return table->columns[i];
return NULL;
}
-void ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
rtbl_destroy (rtbl_t table)
{
- int i, j;
+ size_t i, j;
for (i = 0; i < table->num_columns; i++) {
struct column_data *c = table->columns[i];
@@ -119,7 +119,7 @@ rtbl_destroy (rtbl_t table)
free (table);
}
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
rtbl_add_column_by_id (rtbl_t table, unsigned int id,
const char *header, unsigned int flags)
{
@@ -148,13 +148,13 @@ rtbl_add_column_by_id (rtbl_t table, unsigned int id,
return 0;
}
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
rtbl_add_column (rtbl_t table, const char *header, unsigned int flags)
{
return rtbl_add_column_by_id(table, 0, header, flags);
}
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
rtbl_new_row(rtbl_t table)
{
size_t max_rows = 0;
@@ -183,18 +183,18 @@ rtbl_new_row(rtbl_t table)
static void
column_compute_width (rtbl_t table, struct column_data *column)
{
- int i;
+ size_t i;
if(table->flags & RTBL_HEADER_STYLE_NONE)
column->width = 0;
else
column->width = strlen (column->header);
for (i = 0; i < column->num_rows; i++)
- column->width = max (column->width, strlen (column->rows[i].data));
+ column->width = max (column->width, (int) strlen (column->rows[i].data));
}
/* DEPRECATED */
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
rtbl_set_prefix (rtbl_t table, const char *prefix)
{
if (table->column_prefix)
@@ -205,7 +205,7 @@ rtbl_set_prefix (rtbl_t table, const char *prefix)
return 0;
}
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
rtbl_set_separator (rtbl_t table, const char *separator)
{
if (table->column_separator)
@@ -216,7 +216,7 @@ rtbl_set_separator (rtbl_t table, const char *separator)
return 0;
}
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
rtbl_set_column_prefix (rtbl_t table, const char *column,
const char *prefix)
{
@@ -232,7 +232,7 @@ rtbl_set_column_prefix (rtbl_t table, const char *column,
return 0;
}
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
rtbl_set_column_affix_by_id(rtbl_t table, unsigned int id,
const char *prefix, const char *suffix)
{
@@ -301,7 +301,7 @@ add_column_entry (struct column_data *c, const char *data)
return 0;
}
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
rtbl_add_column_entry_by_id (rtbl_t table, unsigned int id, const char *data)
{
struct column_data *c = rtbl_get_column_by_id (table, id);
@@ -312,7 +312,7 @@ rtbl_add_column_entry_by_id (rtbl_t table, unsigned int id, const char *data)
return add_column_entry(c, data);
}
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
rtbl_add_column_entryv_by_id (rtbl_t table, unsigned int id,
const char *fmt, ...)
{
@@ -330,7 +330,7 @@ rtbl_add_column_entryv_by_id (rtbl_t table, unsigned int id,
return ret;
}
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
rtbl_add_column_entry (rtbl_t table, const char *column, const char *data)
{
struct column_data *c = rtbl_get_column (table, column);
@@ -341,7 +341,7 @@ rtbl_add_column_entry (rtbl_t table, const char *column, const char *data)
return add_column_entry(c, data);
}
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
rtbl_add_column_entryv (rtbl_t table, const char *column, const char *fmt, ...)
{
va_list ap;
@@ -359,10 +359,10 @@ rtbl_add_column_entryv (rtbl_t table, const char *column, const char *fmt, ...)
}
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
rtbl_format (rtbl_t table, FILE * f)
{
- int i, j;
+ size_t i, j;
for (i = 0; i < table->num_columns; i++)
column_compute_width (table, table->columns[i]);
diff --git a/source4/heimdal/lib/roken/rtbl.h b/source4/heimdal/lib/roken/rtbl.h
index 60bbc9f873..549d3a8aa4 100644
--- a/source4/heimdal/lib/roken/rtbl.h
+++ b/source4/heimdal/lib/roken/rtbl.h
@@ -37,9 +37,11 @@
#ifndef ROKEN_LIB_FUNCTION
#ifdef _WIN32
-#define ROKEN_LIB_FUNCTION _stdcall
+#define ROKEN_LIB_FUNCTION
+#define ROKEN_LIB_CALL __cdecl
#else
#define ROKEN_LIB_FUNCTION
+#define ROKEN_LIB_CALL
#endif
#endif
@@ -60,55 +62,55 @@ typedef struct rtbl_data *rtbl_t;
/* flags */
#define RTBL_HEADER_STYLE_NONE 1
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
rtbl_add_column (rtbl_t, const char*, unsigned int);
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
rtbl_add_column_by_id (rtbl_t, unsigned int, const char*, unsigned int);
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
rtbl_add_column_entryv_by_id (rtbl_t table, unsigned int id,
const char *fmt, ...)
__attribute__ ((format (printf, 3, 0)));
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
rtbl_add_column_entry (rtbl_t, const char*, const char*);
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
rtbl_add_column_entryv (rtbl_t, const char*, const char*, ...)
__attribute__ ((format (printf, 3, 0)));
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
rtbl_add_column_entry_by_id (rtbl_t, unsigned int, const char*);
-rtbl_t ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION rtbl_t ROKEN_LIB_CALL
rtbl_create (void);
-void ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
rtbl_destroy (rtbl_t);
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
rtbl_format (rtbl_t, FILE*);
-unsigned int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION unsigned int ROKEN_LIB_CALL
rtbl_get_flags (rtbl_t);
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
rtbl_new_row (rtbl_t);
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
rtbl_set_column_affix_by_id (rtbl_t, unsigned int, const char*, const char*);
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
rtbl_set_column_prefix (rtbl_t, const char*, const char*);
-void ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
rtbl_set_flags (rtbl_t, unsigned int);
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
rtbl_set_prefix (rtbl_t, const char*);
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
rtbl_set_separator (rtbl_t, const char*);
#ifdef __cplusplus
diff --git a/source4/heimdal/lib/roken/setprogname.c b/source4/heimdal/lib/roken/setprogname.c
index 225e6ae092..115af77b88 100644
--- a/source4/heimdal/lib/roken/setprogname.c
+++ b/source4/heimdal/lib/roken/setprogname.c
@@ -40,7 +40,7 @@ extern const char *__progname;
#endif
#ifndef HAVE_SETPROGNAME
-void ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
setprogname(const char *argv0)
{
#ifndef HAVE___PROGNAME
diff --git a/source4/heimdal/lib/roken/signal.c b/source4/heimdal/lib/roken/signal.c
index 19a4845435..284f1e7926 100644
--- a/source4/heimdal/lib/roken/signal.c
+++ b/source4/heimdal/lib/roken/signal.c
@@ -47,7 +47,7 @@
* Do we need any extra hacks for SIGCLD and/or SIGCHLD?
*/
-SigAction ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION SigAction ROKEN_LIB_CALL
signal(int iSig, SigAction pAction)
{
struct sigaction saNew, saOld;
diff --git a/source4/heimdal/lib/roken/simple_exec.c b/source4/heimdal/lib/roken/simple_exec.c
index 86dde1bad2..97679d7e41 100644
--- a/source4/heimdal/lib/roken/simple_exec.c
+++ b/source4/heimdal/lib/roken/simple_exec.c
@@ -52,13 +52,13 @@
#define EX_NOTFOUND 127
/* return values:
- -1 on `unspecified' system errors
- -2 on fork failures
- -3 on waitpid errors
- -4 exec timeout
+ SE_E_UNSPECIFIED on `unspecified' system errors
+ SE_E_FORKFAILED on fork failures
+ SE_E_WAITPIDFAILED on waitpid errors
+ SE_E_EXECTIMEOUT exec timeout
0- is return value from subprocess
- 126 if the program couldn't be executed
- 127 if the program couldn't be found
+ SE_E_NOEXEC if the program couldn't be executed
+ SE_E_NOTFOUND if the program couldn't be found
128- is 128 + signal that killed subprocess
possible values `func' can return:
@@ -78,7 +78,7 @@ sigtimeout(int sig)
SIGRETURN(0);
}
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
wait_for_process_timed(pid_t pid, time_t (*func)(void *),
void *ptr, time_t timeout)
{
@@ -98,7 +98,7 @@ wait_for_process_timed(pid_t pid, time_t (*func)(void *),
while(waitpid(pid, &status, 0) < 0) {
if (errno != EINTR) {
- ret = -3;
+ ret = SE_E_WAITPIDFAILED;
goto out;
}
if (func == NULL)
@@ -110,7 +110,7 @@ wait_for_process_timed(pid_t pid, time_t (*func)(void *),
kill(pid, SIGTERM);
continue;
} else if (timeout == (time_t)-2) {
- ret = -4;
+ ret = SE_E_EXECTIMEOUT;
goto out;
}
alarm(timeout);
@@ -134,13 +134,13 @@ wait_for_process_timed(pid_t pid, time_t (*func)(void *),
return ret;
}
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
wait_for_process(pid_t pid)
{
return wait_for_process_timed(pid, NULL, NULL, 0);
}
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
pipe_execv(FILE **stdin_fd, FILE **stdout_fd, FILE **stderr_fd,
const char *file, ...)
{
@@ -211,7 +211,7 @@ pipe_execv(FILE **stdin_fd, FILE **stdout_fd, FILE **stderr_fd,
close(err_fd[0]);
close(err_fd[1]);
}
- return -2;
+ return SE_E_FORKFAILED;
default:
if(stdin_fd != NULL) {
close(in_fd[0]);
@@ -229,14 +229,14 @@ pipe_execv(FILE **stdin_fd, FILE **stdout_fd, FILE **stderr_fd,
return pid;
}
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
simple_execvp_timed(const char *file, char *const args[],
time_t (*func)(void *), void *ptr, time_t timeout)
{
pid_t pid = fork();
switch(pid){
case -1:
- return -2;
+ return SE_E_FORKFAILED;
case 0:
execvp(file, args);
exit((errno == ENOENT) ? EX_NOTFOUND : EX_NOEXEC);
@@ -245,21 +245,21 @@ simple_execvp_timed(const char *file, char *const args[],
}
}
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
simple_execvp(const char *file, char *const args[])
{
return simple_execvp_timed(file, args, NULL, NULL, 0);
}
/* gee, I'd like a execvpe */
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
simple_execve_timed(const char *file, char *const args[], char *const envp[],
time_t (*func)(void *), void *ptr, time_t timeout)
{
pid_t pid = fork();
switch(pid){
case -1:
- return -2;
+ return SE_E_FORKFAILED;
case 0:
execve(file, args, envp);
exit((errno == ENOENT) ? EX_NOTFOUND : EX_NOEXEC);
@@ -268,13 +268,13 @@ simple_execve_timed(const char *file, char *const args[], char *const envp[],
}
}
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
simple_execve(const char *file, char *const args[], char *const envp[])
{
return simple_execve_timed(file, args, envp, NULL, NULL, 0);
}
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
simple_execlp(const char *file, ...)
{
va_list ap;
@@ -285,13 +285,13 @@ simple_execlp(const char *file, ...)
argv = vstrcollect(&ap);
va_end(ap);
if(argv == NULL)
- return -1;
+ return SE_E_UNSPECIFIED;
ret = simple_execvp(file, argv);
free(argv);
return ret;
}
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
simple_execle(const char *file, ... /* ,char *const envp[] */)
{
va_list ap;
@@ -304,7 +304,7 @@ simple_execle(const char *file, ... /* ,char *const envp[] */)
envp = va_arg(ap, char **);
va_end(ap);
if(argv == NULL)
- return -1;
+ return SE_E_UNSPECIFIED;
ret = simple_execve(file, argv, envp);
free(argv);
return ret;
diff --git a/source4/heimdal/lib/roken/socket.c b/source4/heimdal/lib/roken/socket.c
index ab1b7ff344..bfc4b7102b 100644
--- a/source4/heimdal/lib/roken/socket.c
+++ b/source4/heimdal/lib/roken/socket.c
@@ -40,7 +40,7 @@
* Set `sa' to the unitialized address of address family `af'
*/
-void ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
socket_set_any (struct sockaddr *sa, int af)
{
switch (af) {
@@ -74,7 +74,7 @@ socket_set_any (struct sockaddr *sa, int af)
* set `sa' to (`ptr', `port')
*/
-void ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
socket_set_address_and_port (struct sockaddr *sa, const void *ptr, int port)
{
switch (sa->sa_family) {
@@ -108,7 +108,7 @@ socket_set_address_and_port (struct sockaddr *sa, const void *ptr, int port)
* Return the size of an address of the type in `sa'
*/
-size_t ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION size_t ROKEN_LIB_CALL
socket_addr_size (const struct sockaddr *sa)
{
switch (sa->sa_family) {
@@ -120,7 +120,7 @@ socket_addr_size (const struct sockaddr *sa)
#endif
default :
errx (1, "unknown address family %d", sa->sa_family);
- break;
+ UNREACHABLE(return 0);
}
}
@@ -128,7 +128,7 @@ socket_addr_size (const struct sockaddr *sa)
* Return the size of a `struct sockaddr' in `sa'.
*/
-size_t ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION size_t ROKEN_LIB_CALL
socket_sockaddr_size (const struct sockaddr *sa)
{
switch (sa->sa_family) {
@@ -140,7 +140,7 @@ socket_sockaddr_size (const struct sockaddr *sa)
#endif
default :
errx (1, "unknown address family %d", sa->sa_family);
- break;
+ UNREACHABLE(return 0);
}
}
@@ -148,7 +148,7 @@ socket_sockaddr_size (const struct sockaddr *sa)
* Return the binary address of `sa'.
*/
-void * ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION void * ROKEN_LIB_CALL
socket_get_address (const struct sockaddr *sa)
{
switch (sa->sa_family) {
@@ -164,7 +164,7 @@ socket_get_address (const struct sockaddr *sa)
#endif
default :
errx (1, "unknown address family %d", sa->sa_family);
- break;
+ UNREACHABLE(return NULL);
}
}
@@ -172,7 +172,7 @@ socket_get_address (const struct sockaddr *sa)
* Return the port number from `sa'.
*/
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
socket_get_port (const struct sockaddr *sa)
{
switch (sa->sa_family) {
@@ -188,7 +188,7 @@ socket_get_port (const struct sockaddr *sa)
#endif
default :
errx (1, "unknown address family %d", sa->sa_family);
- break;
+ UNREACHABLE(return 0);
}
}
@@ -196,7 +196,7 @@ socket_get_port (const struct sockaddr *sa)
* Set the port in `sa' to `port'.
*/
-void ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
socket_set_port (struct sockaddr *sa, int port)
{
switch (sa->sa_family) {
@@ -221,8 +221,8 @@ socket_set_port (struct sockaddr *sa, int port)
/*
* Set the range of ports to use when binding with port = 0.
*/
-void ROKEN_LIB_FUNCTION
-socket_set_portrange (int sock, int restr, int af)
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
+socket_set_portrange (rk_socket_t sock, int restr, int af)
{
#if defined(IP_PORTRANGE)
if (af == AF_INET) {
@@ -247,8 +247,8 @@ socket_set_portrange (int sock, int restr, int af)
* Enable debug on `sock'.
*/
-void ROKEN_LIB_FUNCTION
-socket_set_debug (int sock)
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
+socket_set_debug (rk_socket_t sock)
{
#if defined(SO_DEBUG) && defined(HAVE_SETSOCKOPT)
int on = 1;
@@ -262,8 +262,8 @@ socket_set_debug (int sock)
* Set the type-of-service of `sock' to `tos'.
*/
-void ROKEN_LIB_FUNCTION
-socket_set_tos (int sock, int tos)
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
+socket_set_tos (rk_socket_t sock, int tos)
{
#if defined(IP_TOS) && defined(HAVE_SETSOCKOPT)
if (setsockopt (sock, IPPROTO_IP, IP_TOS, (void *) &tos, sizeof (int)) < 0)
@@ -276,8 +276,8 @@ socket_set_tos (int sock, int tos)
* set the reuse of addresses on `sock' to `val'.
*/
-void ROKEN_LIB_FUNCTION
-socket_set_reuseaddr (int sock, int val)
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
+socket_set_reuseaddr (rk_socket_t sock, int val)
{
#if defined(SO_REUSEADDR) && defined(HAVE_SETSOCKOPT)
if(setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *)&val,
@@ -290,10 +290,28 @@ socket_set_reuseaddr (int sock, int val)
* Set the that the `sock' should bind to only IPv6 addresses.
*/
-void ROKEN_LIB_FUNCTION
-socket_set_ipv6only (int sock, int val)
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
+socket_set_ipv6only (rk_socket_t sock, int val)
{
#if defined(IPV6_V6ONLY) && defined(HAVE_SETSOCKOPT)
setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY, (void *)&val, sizeof(val));
#endif
}
+
+/**
+ * Create a file descriptor from a socket
+ *
+ * While the socket handle in \a sock can be used with WinSock
+ * functions after calling socket_to_fd(), it should not be closed
+ * with rk_closesocket(). The socket will be closed when the associated
+ * file descriptor is closed.
+ */
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
+socket_to_fd(rk_socket_t sock, int flags)
+{
+#ifndef _WIN32
+ return sock;
+#else
+ return _open_osfhandle((intptr_t) sock, flags);
+#endif
+}
diff --git a/source4/heimdal/lib/roken/strcollect.c b/source4/heimdal/lib/roken/strcollect.c
index f444d05e25..0afc3f0c62 100644
--- a/source4/heimdal/lib/roken/strcollect.c
+++ b/source4/heimdal/lib/roken/strcollect.c
@@ -66,7 +66,7 @@ sub (char **argv, int i, int argc, va_list *ap)
* terminated by NULL.
*/
-char ** ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION char ** ROKEN_LIB_CALL
vstrcollect(va_list *ap)
{
return sub (NULL, 0, 0, ap);
@@ -76,7 +76,7 @@ vstrcollect(va_list *ap)
*
*/
-char ** ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION char ** ROKEN_LIB_CALL
strcollect(char *first, ...)
{
va_list ap;
diff --git a/source4/heimdal/lib/roken/strlwr.c b/source4/heimdal/lib/roken/strlwr.c
index 1a6634b736..68bd4edad3 100644
--- a/source4/heimdal/lib/roken/strlwr.c
+++ b/source4/heimdal/lib/roken/strlwr.c
@@ -38,7 +38,7 @@
#include "roken.h"
#ifndef HAVE_STRLWR
-char * ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL
strlwr(char *str)
{
char *s;
diff --git a/source4/heimdal/lib/roken/strpool.c b/source4/heimdal/lib/roken/strpool.c
index 642d335dec..6e6a737bc6 100644
--- a/source4/heimdal/lib/roken/strpool.c
+++ b/source4/heimdal/lib/roken/strpool.c
@@ -46,7 +46,7 @@ struct rk_strpool {
*
*/
-void ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
rk_strpoolfree(struct rk_strpool *p)
{
if (p->str) {
@@ -60,7 +60,7 @@ rk_strpoolfree(struct rk_strpool *p)
*
*/
-struct rk_strpool * ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION struct rk_strpool * ROKEN_LIB_CALL
rk_strpoolprintf(struct rk_strpool *p, const char *fmt, ...)
{
va_list ap;
@@ -97,7 +97,7 @@ rk_strpoolprintf(struct rk_strpool *p, const char *fmt, ...)
*
*/
-char * ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL
rk_strpoolcollect(struct rk_strpool *p)
{
char *str;
diff --git a/source4/heimdal/lib/roken/strsep.c b/source4/heimdal/lib/roken/strsep.c
index 5cbf8557a5..76b447c373 100644
--- a/source4/heimdal/lib/roken/strsep.c
+++ b/source4/heimdal/lib/roken/strsep.c
@@ -39,7 +39,7 @@
#ifndef HAVE_STRSEP
-char * ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL
strsep(char **str, const char *delim)
{
char *save = *str;
diff --git a/source4/heimdal/lib/roken/strsep_copy.c b/source4/heimdal/lib/roken/strsep_copy.c
index 908e37ca40..9624b5a46f 100644
--- a/source4/heimdal/lib/roken/strsep_copy.c
+++ b/source4/heimdal/lib/roken/strsep_copy.c
@@ -41,7 +41,7 @@
/* strsep, but with const stringp, so return string in buf */
-ssize_t ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL
strsep_copy(const char **stringp, const char *delim, char *buf, size_t len)
{
const char *save = *stringp;
diff --git a/source4/heimdal/lib/roken/strupr.c b/source4/heimdal/lib/roken/strupr.c
index db2d987f9f..fdff7f44a8 100644
--- a/source4/heimdal/lib/roken/strupr.c
+++ b/source4/heimdal/lib/roken/strupr.c
@@ -38,7 +38,7 @@
#include "roken.h"
#ifndef HAVE_STRUPR
-char * ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL
strupr(char *str)
{
char *s;
diff --git a/source4/heimdal/lib/roken/vis.c b/source4/heimdal/lib/roken/vis.c
index 155b148e86..19ff29d95c 100644
--- a/source4/heimdal/lib/roken/vis.c
+++ b/source4/heimdal/lib/roken/vis.c
@@ -106,17 +106,17 @@ static char *do_svis(char *, int, int, int, const char *);
#define BELL '\007'
#endif
-char * ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL
rk_vis (char *, int, int, int);
-char * ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL
rk_svis (char *, int, int, int, const char *);
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
rk_strvis (char *, const char *, int);
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
rk_strsvis (char *, const char *, int, const char *);
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
rk_strvisx (char *, const char *, size_t, int);
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
rk_strsvisx (char *, const char *, size_t, int, const char *);
@@ -249,7 +249,7 @@ do_svis(char *dst, int c, int flag, int nextc, const char *extra)
* svis - visually encode characters, also encoding the characters
* pointed to by `extra'
*/
-char * ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL
rk_svis(char *dst, int c, int flag, int nextc, const char *extra)
{
char *nextra = NULL;
@@ -286,7 +286,8 @@ rk_svis(char *dst, int c, int flag, int nextc, const char *extra)
* Strsvisx encodes exactly len bytes from src into dst.
* This is useful for encoding a block of data.
*/
-int ROKEN_LIB_FUNCTION
+
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
rk_strsvis(char *dst, const char *csrc, int flag, const char *extra)
{
int c;
@@ -315,7 +316,7 @@ rk_strsvis(char *dst, const char *csrc, int flag, const char *extra)
}
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
rk_strsvisx(char *dst, const char *csrc, size_t len, int flag, const char *extra)
{
unsigned char c;
@@ -353,7 +354,7 @@ rk_strsvisx(char *dst, const char *csrc, size_t len, int flag, const char *extra
/*
* vis - visually encode characters
*/
-char * ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL
rk_vis(char *dst, int c, int flag, int nextc)
{
char *extra = NULL;
@@ -386,7 +387,7 @@ rk_vis(char *dst, int c, int flag, int nextc)
* Strvisx encodes exactly len bytes from src into dst.
* This is useful for encoding a block of data.
*/
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
rk_strvis(char *dst, const char *src, int flag)
{
char *extra = NULL;
@@ -403,7 +404,7 @@ rk_strvis(char *dst, const char *src, int flag)
}
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
rk_strvisx(char *dst, const char *src, size_t len, int flag)
{
char *extra = NULL;
diff --git a/source4/heimdal/lib/roken/vis.hin b/source4/heimdal/lib/roken/vis.hin
index a1481b789e..25d662a980 100644
--- a/source4/heimdal/lib/roken/vis.hin
+++ b/source4/heimdal/lib/roken/vis.hin
@@ -36,9 +36,11 @@
#ifndef ROKEN_LIB_FUNCTION
#ifdef _WIN32
-#define ROKEN_LIB_FUNCTION _stdcall
+#define ROKEN_LIB_FUNCTION
+#define ROKEN_LIB_CALL __cdecl
#else
#define ROKEN_LIB_FUNCTION
+#define ROKEN_LIB_CALL
#endif
#endif
@@ -84,24 +86,25 @@
ROKEN_CPP_START
-char * ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL
rk_vis(char *, int, int, int);
-char * ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL
rk_svis(char *, int, int, int, const char *);
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
rk_strvis(char *, const char *, int);
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
rk_strsvis(char *, const char *, int, const char *);
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
rk_strvisx(char *, const char *, size_t, int);
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
rk_strsvisx(char *, const char *, size_t, int, const char *);
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
rk_strunvis(char *, const char *);
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
rk_strunvisx(char *, const char *, int);
-int ROKEN_LIB_FUNCTION
+ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
rk_unvis(char *, int, int *, int);
+
ROKEN_CPP_END
#ifndef HAVE_VIS
diff --git a/source4/heimdal/lib/roken/xfree.c b/source4/heimdal/lib/roken/xfree.c
index 13366ce132..c7e30daf85 100644
--- a/source4/heimdal/lib/roken/xfree.c
+++ b/source4/heimdal/lib/roken/xfree.c
@@ -33,8 +33,6 @@
#include <config.h>
-#include <unistd.h>
-
#include "roken.h"
void ROKEN_LIB_FUNCTION
diff --git a/source4/heimdal/lib/vers/print_version.c b/source4/heimdal/lib/vers/print_version.c
index 9d102c7dc5..c702ae0fce 100644
--- a/source4/heimdal/lib/vers/print_version.c
+++ b/source4/heimdal/lib/vers/print_version.c
@@ -34,6 +34,8 @@
#include <config.h>
+#define VERSION_HIDDEN static
+
#include "roken.h"
#include "version.h"
@@ -49,6 +51,6 @@ print_version(const char *progname)
if(*package_list == '\0')
package_list = "no version information";
fprintf(stderr, "%s (%s)\n", progname, package_list);
- fprintf(stderr, "Copyright 1995-2008 Kungliga Tekniska Högskolan\n");
+ fprintf(stderr, "Copyright 1995-2010 Kungliga Tekniska Högskolan\n");
fprintf(stderr, "Send bug-reports to %s\n", PACKAGE_BUGREPORT);
}
diff --git a/source4/heimdal/lib/wind/gen-bidi.py b/source4/heimdal/lib/wind/gen-bidi.py
index 42af72f3bf..70abb1ed76 100644
--- a/source4/heimdal/lib/wind/gen-bidi.py
+++ b/source4/heimdal/lib/wind/gen-bidi.py
@@ -70,6 +70,7 @@ extern const size_t _wind_l_table_size;
bidi_c.file.write(
'''
+#include <stdlib.h>
#include "bidi_table.h"
''')
diff --git a/source4/heimdal/lib/wind/gen-combining.py b/source4/heimdal/lib/wind/gen-combining.py
index f7e9bf881f..cc692fd2a6 100644
--- a/source4/heimdal/lib/wind/gen-combining.py
+++ b/source4/heimdal/lib/wind/gen-combining.py
@@ -73,6 +73,7 @@ extern const size_t _wind_combining_table_size;
combining_c.file.write(
'''
+#include <stdlib.h>
#include "combining_table.h"
const struct translation _wind_combining_table[] = {
diff --git a/source4/heimdal/lib/wind/gen-errorlist.py b/source4/heimdal/lib/wind/gen-errorlist.py
index 6ea88d7bc5..b921377ab7 100644
--- a/source4/heimdal/lib/wind/gen-errorlist.py
+++ b/source4/heimdal/lib/wind/gen-errorlist.py
@@ -77,6 +77,7 @@ extern const size_t _wind_errorlist_table_size;
errorlist_c.file.write(
'''
+#include <stdlib.h>
#include "errorlist_table.h"
const struct error_entry _wind_errorlist_table[] = {
diff --git a/source4/heimdal/lib/wind/gen-normalize.py b/source4/heimdal/lib/wind/gen-normalize.py
index 0a20b71cfa..c076088fd0 100644
--- a/source4/heimdal/lib/wind/gen-normalize.py
+++ b/source4/heimdal/lib/wind/gen-normalize.py
@@ -97,6 +97,7 @@ extern const unsigned short _wind_canon_next_table[];
normalize_c.file.write(
'''
+#include <stdlib.h>
#include "normalize_table.h"
const struct translation _wind_normalize_table[] = {
diff --git a/source4/heimdal/lib/wind/windlocl.h b/source4/heimdal/lib/wind/windlocl.h
index fb5e0b25da..da9d58cfee 100644
--- a/source4/heimdal/lib/wind/windlocl.h
+++ b/source4/heimdal/lib/wind/windlocl.h
@@ -41,6 +41,7 @@
#endif
#include <krb5-types.h>
+#include <roken.h>
#include "wind.h"
#include "wind_err.h"