krb5 commit: Move a bunch of stuff out of k5-int.h
Greg Hudson
ghudson at MIT.EDU
Sun Mar 24 01:34:40 EDT 2013
https://github.com/krb5/krb5/commit/6c8fed1bb850b92d471b0741a452bb56354fc0e9
commit 6c8fed1bb850b92d471b0741a452bb56354fc0e9
Author: Greg Hudson <ghudson at mit.edu>
Date: Sun Mar 24 01:28:13 2013 -0400
Move a bunch of stuff out of k5-int.h
Move internal declarations from k5-int.h to more localized headers
(like int-proto.h) where appropriate. Rename many symbols whose
prototypes were moved to use the k5_ prefix instead of krb5int_.
Remove some unused declarations or move them to the single source file
they were needed in. Remove krb5_creds_compare since it isn't used
any more.
src/include/k5-int.h | 371 --------------------------------
src/kdc/kdc_util.h | 3 -
src/lib/crypto/builtin/des/des_int.h | 9 -
src/lib/crypto/nss/enc_provider/des.c | 2 +-
src/lib/crypto/nss/enc_provider/des3.c | 2 +-
src/lib/krb5/ccache/cc-int.h | 69 ++++++
src/lib/krb5/ccache/cc_file.c | 4 +-
src/lib/krb5/ccache/cc_keyring.c | 4 +-
src/lib/krb5/ccache/cc_memory.c | 7 +-
src/lib/krb5/ccache/cc_mslsa.c | 8 +-
src/lib/krb5/ccache/cc_retr.c | 95 +--------
src/lib/krb5/ccache/ccapi/stdcc.c | 9 +-
src/lib/krb5/ccache/ccfns.c | 12 +-
src/lib/krb5/ccache/ser_cc.c | 1 +
src/lib/krb5/ccache/t_cc.c | 1 +
src/lib/krb5/keytab/kt-int.h | 3 +
src/lib/krb5/keytab/kt_file.c | 9 +-
src/lib/krb5/keytab/ktdefault.c | 1 +
src/lib/krb5/krb/copy_creds.c | 7 +-
src/lib/krb5/krb/enc_keyhelper.c | 8 +-
src/lib/krb5/krb/fast.c | 1 +
src/lib/krb5/krb/fwd_tgt.c | 3 +-
src/lib/krb5/krb/gen_save_subkey.c | 8 +-
src/lib/krb5/krb/get_creds.c | 2 +-
src/lib/krb5/krb/get_in_tkt.c | 34 ++--
src/lib/krb5/krb/gic_keytab.c | 14 +-
src/lib/krb5/krb/gic_opt.c | 83 +++-----
src/lib/krb5/krb/gic_opt_set_pa.c | 4 +-
src/lib/krb5/krb/gic_pwd.c | 58 +++---
src/lib/krb5/krb/in_tkt_sky.c | 16 +-
src/lib/krb5/krb/init_creds_ctx.h | 7 +-
src/lib/krb5/krb/init_ctx.c | 8 +-
src/lib/krb5/krb/int-proto.h | 128 +++++++++++
src/lib/krb5/krb/kfree.c | 9 -
src/lib/krb5/krb/mk_cred.c | 7 +-
src/lib/krb5/krb/mk_rep.c | 13 +-
src/lib/krb5/krb/mk_req_ext.c | 6 +-
src/lib/krb5/krb/preauth2.c | 1 +
src/lib/krb5/krb/preauth_sam2.c | 7 +-
src/lib/krb5/krb/s4u_creds.c | 9 +-
src/lib/krb5/krb/sendauth.c | 3 +-
src/lib/krb5/krb/ser_ctx.c | 3 +-
src/lib/krb5/krb/srv_dec_tkt.c | 11 +-
src/lib/krb5/krb/t_cc_config.c | 5 +-
src/lib/krb5/libkrb5.exports | 15 +-
src/lib/krb5/os/accessor.c | 5 +-
src/lib/krb5/os/def_realm.c | 2 +
src/lib/krb5/os/dnsglue.h | 14 ++
src/lib/krb5/os/hostaddr.c | 5 +-
src/lib/krb5/os/hst_realm.c | 14 +-
src/lib/krb5/os/init_os_ctx.c | 6 +-
src/lib/krb5/os/krbfileio.c | 9 +-
src/lib/krb5/os/localaddr.c | 3 +-
src/lib/krb5/os/locate_kdc.c | 13 +-
src/lib/krb5/os/os-proto.h | 18 ++
src/lib/krb5/os/prompter.c | 3 +-
src/lib/krb5/os/trace.c | 3 +-
src/lib/krb5/os/ustime.c | 1 +
src/lib/krb5/os/write_msg.c | 6 +-
src/lib/krb5_32.def | 1 -
60 files changed, 455 insertions(+), 728 deletions(-)
diff --git a/src/include/k5-int.h b/src/include/k5-int.h
index ed9f255..a8c1028 100644
--- a/src/include/k5-int.h
+++ b/src/include/k5-int.h
@@ -570,27 +570,8 @@ krb5_error_code krb5_unlock_file(krb5_context, int);
krb5_error_code krb5_sendto_kdc(krb5_context, const krb5_data *,
const krb5_data *, krb5_data *, int *, int);
-krb5_error_code krb5_create_secure_file(krb5_context, const char * pathname);
-krb5_error_code krb5_sync_disk_file(krb5_context, FILE *fp);
-
krb5_error_code krb5int_init_context_kdc(krb5_context *);
-krb5_error_code krb5_os_init_context(krb5_context context, profile_t profile,
- krb5_flags flags);
-
-void krb5_os_free_context(krb5_context);
-
-/* This function is needed by KfM's KerberosPreferences API
- * because it needs to be able to specify "secure" */
-krb5_error_code
-os_get_default_config_files(profile_filespec_t **pfiles, krb5_boolean secure);
-
-krb5_error_code
-krb5_os_hostaddr(krb5_context, const char *, krb5_address ***);
-
-krb5_error_code
-krb5int_get_domain_realm_mapping(krb5_context , const char *, char ***);
-
struct derived_key {
krb5_data constant;
krb5_key dkey;
@@ -699,22 +680,8 @@ krb5_error_code krb5int_c_copy_keyblock_contents(krb5_context context,
const krb5_keyblock *from,
krb5_keyblock *to);
-#ifdef KRB5_OLD_CRYPTO
-/* old provider api */
-
-krb5_error_code krb5_crypto_os_localaddr(krb5_address ***);
-
krb5_error_code krb5_crypto_us_timeofday(krb5_int32 *, krb5_int32 *);
-#endif /* KRB5_OLD_CRYPTO */
-
-/* this helper fct is in libkrb5, but it makes sense declared here. */
-
-krb5_error_code
-krb5_encrypt_keyhelper(krb5_context context, krb5_key key,
- krb5_keyusage keyusage, const krb5_data *plain,
- krb5_enc_data *cipher);
-
/*
* End "los-proto.h"
*/
@@ -727,12 +694,6 @@ typedef struct _krb5_os_context {
char * default_ccname;
} *krb5_os_context;
-/* Get the current time of day plus a specified offset. */
-krb5_error_code k5_time_with_offset(krb5_timestamp offset,
- krb5_int32 offset_usec,
- krb5_timestamp *time_out,
- krb5_int32 *usec_out);
-
/*
* Flags for the os_flags field
*
@@ -757,23 +718,6 @@ krb5_error_code k5_time_with_offset(krb5_timestamp offset,
#define KRB5_LOCKMODE_UNLOCK 0x0008
/*
- * Define our view of the size of a DES key.
- */
-#define KRB5_MIT_DES_KEYSIZE 8
-#define KRB5_MIT_DES3_KEYSIZE 24
-#define KRB5_MIT_DES3_KEY_BYTES 21
-
-/*
- * Check if des_int.h has been included before us. If so, then check to see
- * that our view of the DES key size is the same as des_int.h's.
- */
-#ifdef MIT_DES_KEYSIZE
-#if MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE
-error(MIT_DES_KEYSIZE does not equal KRB5_MIT_DES_KEYSIZE)
-#endif /* MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE */
-#endif /* MIT_DES_KEYSIZE */
-
-/*
* Begin "preauth.h"
*
* (Originally written by Glen Machin at Sandia Labs.)
@@ -786,20 +730,6 @@ error(MIT_DES_KEYSIZE does not equal KRB5_MIT_DES_KEYSIZE)
#ifndef KRB5_PREAUTH__
#define KRB5_PREAUTH__
-#include <krb5/clpreauth_plugin.h>
-
-typedef struct k5_response_items_st k5_response_items;
-struct krb5_responder_context_st {
- k5_response_items *items;
-};
-
-typedef krb5_error_code
-(*krb5_gic_get_as_key_fct)(krb5_context, krb5_principal, krb5_enctype,
- krb5_prompter_fct, void *prompter_data,
- krb5_data *salt, krb5_data *s2kparams,
- krb5_keyblock *as_key, void *gak_data,
- k5_response_items *ritems);
-
typedef struct _krb5_pa_enc_ts {
krb5_timestamp patimestamp;
krb5_int32 pausec;
@@ -897,168 +827,23 @@ typedef struct _krb5_iakerb_finished {
krb5_checksum checksum;
} krb5_iakerb_finished;
-typedef krb5_error_code
-(*krb5_preauth_obtain_proc)(krb5_context, krb5_pa_data *,
- krb5_etype_info, krb5_keyblock *,
- krb5_error_code (*)(krb5_context,
- const krb5_enctype,
- krb5_data *,
- krb5_const_pointer,
- krb5_keyblock **),
- krb5_const_pointer, krb5_creds *,
- krb5_kdc_req *, krb5_pa_data **);
-
-typedef krb5_error_code
-(*krb5_preauth_process_proc)(krb5_context, krb5_pa_data *, krb5_kdc_req *,
- krb5_kdc_rep *,
- krb5_error_code (*)(krb5_context,
- const krb5_enctype,
- krb5_data *,
- krb5_const_pointer,
- krb5_keyblock **),
- krb5_const_pointer,
- krb5_error_code (*)(krb5_context,
- const krb5_keyblock *,
- krb5_const_pointer,
- krb5_kdc_rep * ),
- krb5_keyblock **, krb5_creds *, krb5_int32 *,
- krb5_int32 *);
-
-typedef struct _krb5_preauth_ops {
- krb5_magic magic;
- int type;
- int flags;
- krb5_preauth_obtain_proc obtain;
- krb5_preauth_process_proc process;
-} krb5_preauth_ops;
-
krb5_pa_data *
krb5int_find_pa_data(krb5_context, krb5_pa_data *const *, krb5_preauthtype);
/* Does not return a copy; original padata sequence responsible for freeing*/
void krb5_free_etype_info(krb5_context, krb5_etype_info);
-/*
- * Preauthentication property flags
- */
-#define KRB5_PREAUTH_FLAGS_ENCRYPT 0x00000001
-#define KRB5_PREAUTH_FLAGS_HARDWARE 0x00000002
-
#endif /* KRB5_PREAUTH__ */
/*
* End "preauth.h"
*/
-/*
- * Extending the krb5_get_init_creds_opt structure. The original
- * krb5_get_init_creds_opt structure is defined publicly. The
- * new extended version is private. The original interface
- * assumed a pre-allocated structure which was passed to
- * krb5_get_init_creds_init(). The new interface assumes that
- * the caller will call krb5_get_init_creds_alloc() and
- * krb5_get_init_creds_free().
- *
- * Callers MUST NOT call krb5_get_init_creds_init() after allocating an
- * opts structure using krb5_get_init_creds_alloc(). To do so will
- * introduce memory leaks. Unfortunately, there is no way to enforce
- * this behavior.
- *
- * Two private flags are added for backward compatibility.
- * KRB5_GET_INIT_CREDS_OPT_EXTENDED says that the structure was allocated
- * with the new krb5_get_init_creds_opt_alloc() function.
- * KRB5_GET_INIT_CREDS_OPT_SHADOWED is set to indicate that the extended
- * structure is a shadow copy of an original krb5_get_init_creds_opt
- * structure.
- * If KRB5_GET_INIT_CREDS_OPT_SHADOWED is set after a call to
- * krb5int_gic_opt_to_opte(), the resulting extended structure should be
- * freed (using krb5_get_init_creds_free). Otherwise, the original
- * structure was already extended and there is no need to free it.
- */
-
-#define KRB5_GET_INIT_CREDS_OPT_EXTENDED 0x80000000
-#define KRB5_GET_INIT_CREDS_OPT_SHADOWED 0x40000000
-
-#define krb5_gic_opt_is_extended(s) \
- ((s) && ((s)->flags & KRB5_GET_INIT_CREDS_OPT_EXTENDED) ? 1 : 0)
-#define krb5_gic_opt_is_shadowed(s) \
- ((s) && ((s)->flags & KRB5_GET_INIT_CREDS_OPT_SHADOWED) ? 1 : 0)
-
-
-typedef struct _krb5_gic_opt_private {
- int num_preauth_data;
- krb5_gic_opt_pa_data *preauth_data;
- char * fast_ccache_name;
- krb5_ccache in_ccache;
- krb5_ccache out_ccache;
- krb5_flags fast_flags;
- krb5_expire_callback_func expire_cb;
- void *expire_data;
- krb5_responder_fn responder;
- void *responder_data;
-} krb5_gic_opt_private;
-
-/*
- * On the Mac, ensure that the layout of krb5_gic_opt_ext matches that
- * of krb5_get_init_creds_opt.
- */
-#if TARGET_OS_MAC
-# pragma pack(push,2)
-#endif
-
-typedef struct _krb5_gic_opt_ext {
- krb5_flags flags;
- krb5_deltat tkt_life;
- krb5_deltat renew_life;
- int forwardable;
- int proxiable;
- krb5_enctype *etype_list;
- int etype_list_length;
- krb5_address **address_list;
- krb5_preauthtype *preauth_list;
- int preauth_list_length;
- krb5_data *salt;
- /*
- * Do not change anything above this point in this structure.
- * It is identical to the public krb5_get_init_creds_opt structure.
- * New members must be added below.
- */
- krb5_gic_opt_private *opt_private;
-} krb5_gic_opt_ext;
-
-#if TARGET_OS_MAC
-# pragma pack(pop)
-#endif
-
-krb5_error_code
-krb5int_gic_opt_to_opte(krb5_context context, krb5_get_init_creds_opt *opt,
- krb5_gic_opt_ext **opte, unsigned int force,
- const char *where);
-
krb5_error_code
krb5int_copy_data_contents(krb5_context, const krb5_data *, krb5_data *);
krb5_error_code
krb5int_copy_data_contents_add0(krb5_context, const krb5_data *, krb5_data *);
-krb5_error_code
-krb5int_copy_creds_contents(krb5_context, const krb5_creds *, krb5_creds *);
-
-krb5_error_code KRB5_CALLCONV
-krb5int_get_init_creds(krb5_context context, krb5_creds *creds,
- krb5_principal client, krb5_prompter_fct prompter,
- void *prompter_data, krb5_deltat start_time,
- const char *in_tkt_service,
- krb5_get_init_creds_opt *options,
- krb5_gic_get_as_key_fct gak, void *gak_data,
- int *master, krb5_kdc_rep **as_reply);
-
-krb5_error_code
-krb5int_populate_gic_opt (krb5_context, krb5_get_init_creds_opt **,
- krb5_flags options, krb5_address *const *addrs,
- krb5_enctype *ktypes,
- krb5_preauthtype *pre_auth_types, krb5_creds *creds);
-
-
void KRB5_CALLCONV
krb5_free_sam_challenge_2(krb5_context, krb5_sam_challenge_2 *);
@@ -1100,9 +885,6 @@ krb5_free_pa_s4u_x509_user(krb5_context, krb5_pa_s4u_x509_user *);
void KRB5_CALLCONV
krb5_free_pa_pac_req(krb5_context, krb5_pa_pac_req * );
-void KRB5_CALLCONV
-krb5_free_etype_list(krb5_context, krb5_etype_list * );
-
void KRB5_CALLCONV krb5_free_fast_armor(krb5_context, krb5_fast_armor *);
void KRB5_CALLCONV krb5_free_fast_armored_req(krb5_context,
krb5_fast_armored_req *);
@@ -1961,57 +1743,11 @@ krb5_ser_unpack_bytes(krb5_octet *, size_t, krb5_octet **, size_t *);
krb5_error_code KRB5_CALLCONV
krb5int_cc_default(krb5_context, krb5_ccache *);
-krb5_error_code KRB5_CALLCONV
-krb5_cc_retrieve_cred_default(krb5_context, krb5_ccache, krb5_flags,
- krb5_creds *, krb5_creds *);
-
-krb5_error_code
-krb5int_build_conf_principals(krb5_context context, krb5_ccache id,
- krb5_const_principal principal,
- const char *name, krb5_creds *cred);
-
-krb5_boolean KRB5_CALLCONV
-krb5_creds_compare(krb5_context in_context, krb5_creds *in_creds,
- krb5_creds *in_compare_creds);
-
-void
-krb5int_set_prompt_types(krb5_context, krb5_prompt_type *);
-
-krb5_error_code
-krb5int_generate_and_save_subkey(krb5_context, krb5_auth_context,
- krb5_keyblock * /* Old keyblock, not new! */,
- krb5_enctype);
-
-struct srv_dns_entry {
- struct srv_dns_entry *next;
- int priority;
- int weight;
- unsigned short port;
- char *host;
-};
-
-#define MAX_DNS_NAMELEN (15*(MAXHOSTNAMELEN + 1)+1)
-
-#ifdef KRB5_DNS_LOOKUP
-krb5_error_code
-krb5int_make_srv_query_realm(const krb5_data *realm,
- const char *service,
- const char *protocol,
- struct srv_dns_entry **answers);
-void krb5int_free_srv_dns_data(struct srv_dns_entry *);
-#endif
-
/* value to use when requesting a keytab entry and KVNO doesn't matter */
#define IGNORE_VNO 0
/* value to use when requesting a keytab entry and enctype doesn't matter */
#define IGNORE_ENCTYPE 0
-/*
- * Convenience function for structure magic number
- */
-#define KRB5_VERIFY_MAGIC(structure,magic_number) \
- if ((structure)->magic != (magic_number)) return (magic_number);
-
/* to keep lint happy */
#define krb5_xfree(val) free((char *)(val))
@@ -2146,82 +1882,6 @@ typedef struct _krb5int_access {
krb5_error_code KRB5_CALLCONV
krb5int_accessor(krb5int_access*, krb5_int32);
-/* Ick -- some krb524 and krb4 support placed in the krb5 library,
- because AFS (and potentially other applications?) use the krb4
- object as an opaque token, which (in some implementations) is not
- in fact a krb4 ticket, so we don't want to drag in the krb4 support
- just to enable this. */
-
-#define KRB524_SERVICE "krb524"
-#define KRB524_PORT 4444
-
-/* temporary -- this should be under lib/krb5/ccache somewhere */
-
-struct _krb5_ccache {
- krb5_magic magic;
- const struct _krb5_cc_ops *ops;
- krb5_pointer data;
-};
-
-/*
- * Per-type ccache cursor.
- */
-struct krb5_cc_ptcursor_s {
- const struct _krb5_cc_ops *ops;
- krb5_pointer data;
-};
-typedef struct krb5_cc_ptcursor_s *krb5_cc_ptcursor;
-
-struct _krb5_cc_ops {
- krb5_magic magic;
- char *prefix;
- const char * (KRB5_CALLCONV *get_name)(krb5_context, krb5_ccache);
- krb5_error_code (KRB5_CALLCONV *resolve)(krb5_context, krb5_ccache *,
- const char *);
- krb5_error_code (KRB5_CALLCONV *gen_new)(krb5_context, krb5_ccache *);
- krb5_error_code (KRB5_CALLCONV *init)(krb5_context, krb5_ccache,
- krb5_principal);
- krb5_error_code (KRB5_CALLCONV *destroy)(krb5_context, krb5_ccache);
- krb5_error_code (KRB5_CALLCONV *close)(krb5_context, krb5_ccache);
- krb5_error_code (KRB5_CALLCONV *store)(krb5_context, krb5_ccache,
- krb5_creds *);
- krb5_error_code (KRB5_CALLCONV *retrieve)(krb5_context, krb5_ccache,
- krb5_flags, krb5_creds *,
- krb5_creds *);
- krb5_error_code (KRB5_CALLCONV *get_princ)(krb5_context, krb5_ccache,
- krb5_principal *);
- krb5_error_code (KRB5_CALLCONV *get_first)(krb5_context, krb5_ccache,
- krb5_cc_cursor *);
- krb5_error_code (KRB5_CALLCONV *get_next)(krb5_context, krb5_ccache,
- krb5_cc_cursor *, krb5_creds *);
- krb5_error_code (KRB5_CALLCONV *end_get)(krb5_context, krb5_ccache,
- krb5_cc_cursor *);
- krb5_error_code (KRB5_CALLCONV *remove_cred)(krb5_context, krb5_ccache,
- krb5_flags, krb5_creds *);
- krb5_error_code (KRB5_CALLCONV *set_flags)(krb5_context, krb5_ccache,
- krb5_flags);
- krb5_error_code (KRB5_CALLCONV *get_flags)(krb5_context, krb5_ccache,
- krb5_flags *);
- krb5_error_code (KRB5_CALLCONV *ptcursor_new)(krb5_context,
- krb5_cc_ptcursor *);
- krb5_error_code (KRB5_CALLCONV *ptcursor_next)(krb5_context,
- krb5_cc_ptcursor,
- krb5_ccache *);
- krb5_error_code (KRB5_CALLCONV *ptcursor_free)(krb5_context,
- krb5_cc_ptcursor *);
- krb5_error_code (KRB5_CALLCONV *move)(krb5_context, krb5_ccache,
- krb5_ccache);
- krb5_error_code (KRB5_CALLCONV *lastchange)(krb5_context,
- krb5_ccache, krb5_timestamp *);
- krb5_error_code (KRB5_CALLCONV *wasdefault)(krb5_context, krb5_ccache,
- krb5_timestamp *);
- krb5_error_code (KRB5_CALLCONV *lock)(krb5_context, krb5_ccache);
- krb5_error_code (KRB5_CALLCONV *unlock)(krb5_context, krb5_ccache);
- krb5_error_code (KRB5_CALLCONV *switch_to)(krb5_context, krb5_ccache);
-};
-
-extern const krb5_cc_ops *krb5_cc_dfl_ops;
-
typedef struct _krb5_donot_replay {
krb5_magic magic;
krb5_ui_4 hash;
@@ -2310,10 +1970,6 @@ typedef struct _krb5_kt_ops {
const krb5_ser_entry *serializer;
} krb5_kt_ops;
-extern const krb5_kt_ops krb5_kt_dfl_ops;
-
-extern krb5_error_code krb5int_translate_gai_error(int);
-
/* Not sure it's ready for exposure just yet. */
extern krb5_error_code
krb5int_c_mandatory_cksumtype(krb5_context, krb5_enctype, krb5_cksumtype *);
@@ -2323,10 +1979,6 @@ krb5int_c_mandatory_cksumtype(krb5_context, krb5_enctype, krb5_cksumtype *);
*/
#define KRB5_REFERRAL_MAXHOPS 10
-/* Common hostname-parsing code. */
-krb5_error_code
-krb5int_clean_hostname(krb5_context, const char *, char *, size_t);
-
struct _krb5_kt { /* should move into k5-int.h */
krb5_magic magic;
const struct _krb5_kt_ops *ops;
@@ -2378,9 +2030,6 @@ krb5_error_code KRB5_CALLCONV krb5_kt_register(krb5_context,
krb5_error_code k5_kt_get_principal(krb5_context context, krb5_keytab keytab,
krb5_principal *princ_out);
-krb5_error_code k5_kt_client_default_name(krb5_context context,
- char **name_out);
-
krb5_error_code krb5_principal2salt_norealm(krb5_context, krb5_const_principal,
krb5_data *);
@@ -2437,10 +2086,6 @@ krb5_error_code krb5_walk_realm_tree(krb5_context, const krb5_data *,
int);
krb5_error_code
-k5_client_realm_path(krb5_context context, const krb5_data *client,
- const krb5_data *server, krb5_data **rpath_out);
-
-krb5_error_code
krb5_auth_con_set_safe_cksumtype(krb5_context, krb5_auth_context,
krb5_cksumtype);
@@ -2470,15 +2115,8 @@ krb5_auth_con_set_authdata_context(krb5_context context,
krb5_auth_context auth_context,
krb5_authdata_context ad_context);
-krb5_error_code KRB5_CALLCONV
-krb5int_server_decrypt_ticket_keyblock(krb5_context context,
- const krb5_keyblock *key,
- krb5_ticket *ticket);
-
krb5_error_code krb5_read_message(krb5_context, krb5_pointer, krb5_data *);
krb5_error_code krb5_write_message(krb5_context, krb5_pointer, krb5_data *);
-krb5_error_code krb5int_write_messages(krb5_context, krb5_pointer, krb5_data *,
- int);
int krb5_net_read(krb5_context, int , char *, int);
int krb5_net_write(krb5_context, int , const char *, int);
@@ -2617,10 +2255,6 @@ krb5_error_code krb5int_parse_enctype_list(krb5_context context,
krb5_enctype *default_list,
krb5_enctype **result);
-/* Utility functions for zero-terminated enctype lists. */
-size_t k5_count_etypes(const krb5_enctype *list);
-krb5_error_code k5_copy_etypes(const krb5_enctype *old_list,
- krb5_enctype **new_list);
krb5_boolean k5_etypes_contains(const krb5_enctype *list, krb5_enctype etype);
#ifdef DEBUG_ERROR_LOCATIONS
@@ -2635,9 +2269,4 @@ krb5_set_error_message_fl(krb5_context ctx, krb5_error_code code,
#endif
;
-#ifndef DISABLE_TRACING
-/* Do not use these functions directly; see k5-trace.h. */
-void krb5int_init_trace(krb5_context context);
-#endif
-
#endif /* _KRB5_INT_H */
diff --git a/src/kdc/kdc_util.h b/src/kdc/kdc_util.h
index e9d1ae3..8fff99c 100644
--- a/src/kdc/kdc_util.h
+++ b/src/kdc/kdc_util.h
@@ -371,9 +371,6 @@ kdc_handle_protected_negotiation( krb5_context context,
krb5_data *req_pkt, krb5_kdc_req *request,
const krb5_keyblock *reply_key,
krb5_pa_data ***out_enc_padata);
-krb5_error_code
-krb5int_get_domain_realm_mapping(krb5_context context,
- const char *host, char ***realmsp);
/* Information handle for kdcpreauth callbacks. All pointers are aliases. */
struct krb5_kdcpreauth_rock_st {
diff --git a/src/lib/crypto/builtin/des/des_int.h b/src/lib/crypto/builtin/des/des_int.h
index 2338a9c..0801cb5 100644
--- a/src/lib/crypto/builtin/des/des_int.h
+++ b/src/lib/crypto/builtin/des/des_int.h
@@ -137,15 +137,6 @@ typedef struct mit_des_ran_key_seed {
#define MIT_DES_CBC_CKSUM_LENGTH (4*sizeof(krb5_octet))
-/*
- * Check if k5-int.h has been included before us. If so, then check to see
- * that our view of the DES key size is the same as k5-int.h's.
- */
-#ifdef KRB5_MIT_DES_KEYSIZE
-#if MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE
-error(MIT_DES_KEYSIZE does not equal KRB5_MIT_DES_KEYSIZE)
-#endif /* MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE */
-#endif /* KRB5_MIT_DES_KEYSIZE */
#endif /* KRB5_MIT_DES__ */
/*
* End "mit-des.h"
diff --git a/src/lib/crypto/nss/enc_provider/des.c b/src/lib/crypto/nss/enc_provider/des.c
index 3b96617..bb1f1c0 100644
--- a/src/lib/crypto/nss/enc_provider/des.c
+++ b/src/lib/crypto/nss/enc_provider/des.c
@@ -79,7 +79,7 @@ k5_des_cbc_mac(krb5_key key, const krb5_crypto_iov *data, size_t num_data,
const struct krb5_enc_provider krb5int_enc_des = {
8,
- 7, KRB5_MIT_DES_KEYSIZE,
+ 7, 8,
k5_des_encrypt_iov,
k5_des_decrypt_iov,
k5_des_cbc_mac,
diff --git a/src/lib/crypto/nss/enc_provider/des3.c b/src/lib/crypto/nss/enc_provider/des3.c
index de3f3c9..6217709 100644
--- a/src/lib/crypto/nss/enc_provider/des3.c
+++ b/src/lib/crypto/nss/enc_provider/des3.c
@@ -64,7 +64,7 @@ k5_des3_decrypt_iov(krb5_key key, const krb5_data *ivec,
const struct krb5_enc_provider krb5int_enc_des3 = {
8,
- 21, KRB5_MIT_DES3_KEYSIZE,
+ 21, 24,
k5_des3_encrypt_iov,
k5_des3_decrypt_iov,
NULL,
diff --git a/src/lib/krb5/ccache/cc-int.h b/src/lib/krb5/ccache/cc-int.h
index 9c24f20..c29fbec 100644
--- a/src/lib/krb5/ccache/cc-int.h
+++ b/src/lib/krb5/ccache/cc-int.h
@@ -32,6 +32,16 @@
#include "k5-int.h"
+struct _krb5_ccache {
+ krb5_magic magic;
+ const struct _krb5_cc_ops *ops;
+ krb5_pointer data;
+};
+
+krb5_error_code
+k5_cc_retrieve_cred_default(krb5_context, krb5_ccache, krb5_flags,
+ krb5_creds *, krb5_creds *);
+
krb5_boolean
krb5int_cc_creds_match_request(krb5_context, krb5_flags whichfields, krb5_creds *mcreds, krb5_creds *creds);
@@ -123,4 +133,63 @@ krb5_error_code
ccselect_k5identity_initvt(krb5_context context, int maj_ver, int min_ver,
krb5_plugin_vtable vtable);
+/*
+ * Per-type ccache cursor.
+ */
+struct krb5_cc_ptcursor_s {
+ const struct _krb5_cc_ops *ops;
+ krb5_pointer data;
+};
+typedef struct krb5_cc_ptcursor_s *krb5_cc_ptcursor;
+
+struct _krb5_cc_ops {
+ krb5_magic magic;
+ char *prefix;
+ const char * (KRB5_CALLCONV *get_name)(krb5_context, krb5_ccache);
+ krb5_error_code (KRB5_CALLCONV *resolve)(krb5_context, krb5_ccache *,
+ const char *);
+ krb5_error_code (KRB5_CALLCONV *gen_new)(krb5_context, krb5_ccache *);
+ krb5_error_code (KRB5_CALLCONV *init)(krb5_context, krb5_ccache,
+ krb5_principal);
+ krb5_error_code (KRB5_CALLCONV *destroy)(krb5_context, krb5_ccache);
+ krb5_error_code (KRB5_CALLCONV *close)(krb5_context, krb5_ccache);
+ krb5_error_code (KRB5_CALLCONV *store)(krb5_context, krb5_ccache,
+ krb5_creds *);
+ krb5_error_code (KRB5_CALLCONV *retrieve)(krb5_context, krb5_ccache,
+ krb5_flags, krb5_creds *,
+ krb5_creds *);
+ krb5_error_code (KRB5_CALLCONV *get_princ)(krb5_context, krb5_ccache,
+ krb5_principal *);
+ krb5_error_code (KRB5_CALLCONV *get_first)(krb5_context, krb5_ccache,
+ krb5_cc_cursor *);
+ krb5_error_code (KRB5_CALLCONV *get_next)(krb5_context, krb5_ccache,
+ krb5_cc_cursor *, krb5_creds *);
+ krb5_error_code (KRB5_CALLCONV *end_get)(krb5_context, krb5_ccache,
+ krb5_cc_cursor *);
+ krb5_error_code (KRB5_CALLCONV *remove_cred)(krb5_context, krb5_ccache,
+ krb5_flags, krb5_creds *);
+ krb5_error_code (KRB5_CALLCONV *set_flags)(krb5_context, krb5_ccache,
+ krb5_flags);
+ krb5_error_code (KRB5_CALLCONV *get_flags)(krb5_context, krb5_ccache,
+ krb5_flags *);
+ krb5_error_code (KRB5_CALLCONV *ptcursor_new)(krb5_context,
+ krb5_cc_ptcursor *);
+ krb5_error_code (KRB5_CALLCONV *ptcursor_next)(krb5_context,
+ krb5_cc_ptcursor,
+ krb5_ccache *);
+ krb5_error_code (KRB5_CALLCONV *ptcursor_free)(krb5_context,
+ krb5_cc_ptcursor *);
+ krb5_error_code (KRB5_CALLCONV *move)(krb5_context, krb5_ccache,
+ krb5_ccache);
+ krb5_error_code (KRB5_CALLCONV *lastchange)(krb5_context,
+ krb5_ccache, krb5_timestamp *);
+ krb5_error_code (KRB5_CALLCONV *wasdefault)(krb5_context, krb5_ccache,
+ krb5_timestamp *);
+ krb5_error_code (KRB5_CALLCONV *lock)(krb5_context, krb5_ccache);
+ krb5_error_code (KRB5_CALLCONV *unlock)(krb5_context, krb5_ccache);
+ krb5_error_code (KRB5_CALLCONV *switch_to)(krb5_context, krb5_ccache);
+};
+
+extern const krb5_cc_ops *krb5_cc_dfl_ops;
+
#endif /* __KRB5_CCACHE_H__ */
diff --git a/src/lib/krb5/ccache/cc_file.c b/src/lib/krb5/ccache/cc_file.c
index 3613379..3879db5 100644
--- a/src/lib/krb5/ccache/cc_file.c
+++ b/src/lib/krb5/ccache/cc_file.c
@@ -2178,8 +2178,8 @@ done:
static krb5_error_code KRB5_CALLCONV
krb5_fcc_retrieve(krb5_context context, krb5_ccache id, krb5_flags whichfields, krb5_creds *mcreds, krb5_creds *creds)
{
- return krb5_cc_retrieve_cred_default (context, id, whichfields,
- mcreds, creds);
+ return k5_cc_retrieve_cred_default(context, id, whichfields, mcreds,
+ creds);
}
diff --git a/src/lib/krb5/ccache/cc_keyring.c b/src/lib/krb5/ccache/cc_keyring.c
index fd1bcec..7f1a641 100644
--- a/src/lib/krb5/ccache/cc_keyring.c
+++ b/src/lib/krb5/ccache/cc_keyring.c
@@ -968,8 +968,8 @@ krb5_krcc_retrieve(krb5_context context, krb5_ccache id,
{
DEBUG_PRINT(("krb5_krcc_retrieve: entered\n"));
- return krb5_cc_retrieve_cred_default(context, id, whichfields,
- mcreds, creds);
+ return k5_cc_retrieve_cred_default(context, id, whichfields, mcreds,
+ creds);
}
/*
diff --git a/src/lib/krb5/ccache/cc_memory.c b/src/lib/krb5/ccache/cc_memory.c
index aa3d89d..b774251 100644
--- a/src/lib/krb5/ccache/cc_memory.c
+++ b/src/lib/krb5/ccache/cc_memory.c
@@ -25,6 +25,7 @@
*/
#include "cc-int.h"
+#include "../krb/int-proto.h"
#include <errno.h>
static krb5_error_code KRB5_CALLCONV krb5_mcc_close
@@ -383,7 +384,7 @@ krb5_mcc_next_cred(krb5_context context, krb5_ccache id,
return KRB5_CC_END;
memset(creds, 0, sizeof(krb5_creds));
if (mcursor->creds) {
- retval = krb5int_copy_creds_contents(context, mcursor->creds, creds);
+ retval = k5_copy_creds_contents(context, mcursor->creds, creds);
if (retval)
return retval;
}
@@ -607,8 +608,8 @@ krb5_error_code KRB5_CALLCONV
krb5_mcc_retrieve(krb5_context context, krb5_ccache id, krb5_flags whichfields,
krb5_creds *mcreds, krb5_creds *creds)
{
- return krb5_cc_retrieve_cred_default (context, id, whichfields,
- mcreds, creds);
+ return k5_cc_retrieve_cred_default(context, id, whichfields, mcreds,
+ creds);
}
/*
diff --git a/src/lib/krb5/ccache/cc_mslsa.c b/src/lib/krb5/ccache/cc_mslsa.c
index bfaae65..416a7a5 100644
--- a/src/lib/krb5/ccache/cc_mslsa.c
+++ b/src/lib/krb5/ccache/cc_mslsa.c
@@ -2488,7 +2488,8 @@ krb5_lcc_retrieve(krb5_context context, krb5_ccache id, krb5_flags whichfields,
memset(&fetchcreds, 0, sizeof(krb5_creds));
/* first try to find out if we have an existing ticket which meets the requirements */
- kret = krb5_cc_retrieve_cred_default (context, id, whichfields, mcreds, creds);
+ kret = k5_cc_retrieve_cred_default(context, id, whichfields, mcreds,
+ creds);
/* This sometimes returns a zero-length ticket; work around it. */
if ( !kret && creds->ticket.length > 0 )
return KRB5_OK;
@@ -2506,7 +2507,8 @@ krb5_lcc_retrieve(krb5_context context, krb5_ccache id, krb5_flags whichfields,
}
/* try again to find out if we have an existing ticket which meets the requirements */
- kret = krb5_cc_retrieve_cred_default (context, id, whichfields, mcreds, creds);
+ kret = k5_cc_retrieve_cred_default(context, id, whichfields, mcreds,
+ creds);
/* This sometimes returns a zero-length ticket; work around it. */
if ( !kret && creds->ticket.length > 0 )
goto cleanup;
@@ -2570,7 +2572,7 @@ krb5_lcc_retrieve(krb5_context context, krb5_ccache id, krb5_flags whichfields,
/* check to see if this ticket matches the request using logic from
- * krb5_cc_retrieve_cred_default()
+ * k5_cc_retrieve_cred_default()
*/
if ( krb5int_cc_creds_match_request(context, whichfields, mcreds, &fetchcreds) ) {
*creds = fetchcreds;
diff --git a/src/lib/krb5/ccache/cc_retr.c b/src/lib/krb5/ccache/cc_retr.c
index 23d0361..960c9c9 100644
--- a/src/lib/krb5/ccache/cc_retr.c
+++ b/src/lib/krb5/ccache/cc_retr.c
@@ -266,8 +266,10 @@ krb5_cc_retrieve_cred_seq (krb5_context context, krb5_ccache id,
return nomatch_err;
}
-krb5_error_code KRB5_CALLCONV
-krb5_cc_retrieve_cred_default (krb5_context context, krb5_ccache id, krb5_flags flags, krb5_creds *mcreds, krb5_creds *creds)
+krb5_error_code
+k5_cc_retrieve_cred_default(krb5_context context, krb5_ccache id,
+ krb5_flags flags, krb5_creds *mcreds,
+ krb5_creds *creds)
{
krb5_enctype *ktypes;
int nktypes;
@@ -288,92 +290,3 @@ krb5_cc_retrieve_cred_default (krb5_context context, krb5_ccache id, krb5_flags
0, 0);
}
}
-
-/* The following function duplicates some of the functionality above and */
-/* should probably be merged with it at some point. It is used by the */
-/* CCAPI krb5_cc_remove to figure out if the opaque credentials object */
-/* returned by the CCAPI is the same creds as the caller passed in. */
-/* Unlike the code above it requires that all structures be identical. */
-
-krb5_boolean KRB5_CALLCONV
-krb5_creds_compare (krb5_context in_context,
- krb5_creds *in_creds,
- krb5_creds *in_compare_creds)
-{
- /* Set to 0 when we hit the first mismatch and then fall through */
- int equal = 1;
-
- if (equal) {
- equal = krb5_principal_compare (in_context, in_creds->client,
- in_compare_creds->client);
- }
-
- if (equal) {
- equal = krb5_principal_compare (in_context, in_creds->server,
- in_compare_creds->server);
- }
-
- if (equal) {
- equal = (in_creds->keyblock.enctype == in_compare_creds->keyblock.enctype &&
- in_creds->keyblock.length == in_compare_creds->keyblock.length &&
- (!in_creds->keyblock.length ||
- !memcmp (in_creds->keyblock.contents, in_compare_creds->keyblock.contents,
- in_creds->keyblock.length)));
- }
-
- if (equal) {
- equal = (in_creds->times.authtime == in_compare_creds->times.authtime &&
- in_creds->times.starttime == in_compare_creds->times.starttime &&
- in_creds->times.endtime == in_compare_creds->times.endtime &&
- in_creds->times.renew_till == in_compare_creds->times.renew_till);
- }
-
- if (equal) {
- equal = (in_creds->is_skey == in_compare_creds->is_skey);
- }
-
- if (equal) {
- equal = (in_creds->ticket_flags == in_compare_creds->ticket_flags);
- }
-
- if (equal) {
- krb5_address **addresses = in_creds->addresses;
- krb5_address **compare_addresses = in_compare_creds->addresses;
- unsigned int i;
-
- if (addresses && compare_addresses) {
- for (i = 0; (equal && addresses[i] && compare_addresses[i]); i++) {
- equal = krb5_address_compare (in_context, addresses[i],
- compare_addresses[i]);
- }
- if (equal) { equal = (!addresses[i] && !compare_addresses[i]); }
- } else {
- if (equal) { equal = (!addresses && !compare_addresses); }
- }
- }
-
- if (equal) {
- equal = data_eq(in_creds->ticket, in_compare_creds->ticket);
- }
-
- if (equal) {
- equal = data_eq(in_creds->second_ticket, in_compare_creds->second_ticket);
- }
-
- if (equal) {
- krb5_authdata **authdata = in_creds->authdata;
- krb5_authdata **compare_authdata = in_compare_creds->authdata;
- unsigned int i;
-
- if (authdata && compare_authdata) {
- for (i = 0; (equal && authdata[i] && compare_authdata[i]); i++) {
- equal = authdata_eq(*authdata[i], *compare_authdata[i]);
- }
- if (equal) { equal = (!authdata[i] && !compare_authdata[i]); }
- } else {
- if (equal) { equal = (!authdata && !compare_authdata); }
- }
- }
-
- return equal;
-}
diff --git a/src/lib/krb5/ccache/ccapi/stdcc.c b/src/lib/krb5/ccache/ccapi/stdcc.c
index 555a961..0256a0a 100644
--- a/src/lib/krb5/ccache/ccapi/stdcc.c
+++ b/src/lib/krb5/ccache/ccapi/stdcc.c
@@ -32,6 +32,7 @@
#if defined(_WIN32) || defined(USE_CCAPI)
#include "k5-int.h"
+#include "../cc-int.h"
#include "stdcc.h"
#include "stdcc_util.h"
#include "string.h"
@@ -620,8 +621,8 @@ krb5_stdccv3_retrieve (krb5_context context,
krb5_creds *mcreds,
krb5_creds *creds)
{
- return krb5_cc_retrieve_cred_default (context, id, whichfields,
- mcreds, creds);
+ return k5_cc_retrieve_cred_default(context, id, whichfields, mcreds,
+ creds);
}
/*
@@ -1487,8 +1488,8 @@ krb5_stdcc_retrieve(context, id, whichfields, mcreds, creds)
krb5_creds *mcreds;
krb5_creds *creds;
{
- return krb5_cc_retrieve_cred_default (context, id, whichfields,
- mcreds, creds);
+ return k5_cc_retrieve_cred_default(context, id, whichfields, mcreds,
+ creds);
}
#endif
diff --git a/src/lib/krb5/ccache/ccfns.c b/src/lib/krb5/ccache/ccfns.c
index a621560..419150a 100644
--- a/src/lib/krb5/ccache/ccfns.c
+++ b/src/lib/krb5/ccache/ccfns.c
@@ -25,6 +25,8 @@
*/
#include "k5-int.h"
+#include "cc-int.h"
+#include "../krb/int-proto.h"
const char * KRB5_CALLCONV
krb5_cc_get_name(krb5_context context, krb5_ccache cache)
@@ -213,9 +215,9 @@ static const char conf_realm[] = "X-CACHECONF:";
static const char conf_name[] = "krb5_ccache_conf_data";
krb5_error_code
-krb5int_build_conf_principals(krb5_context context, krb5_ccache id,
- krb5_const_principal principal,
- const char *name, krb5_creds *cred)
+k5_build_conf_principals(krb5_context context, krb5_ccache id,
+ krb5_const_principal principal,
+ const char *name, krb5_creds *cred)
{
krb5_principal client;
krb5_error_code ret;
@@ -277,7 +279,7 @@ krb5_cc_set_config(krb5_context context, krb5_ccache id,
TRACE_CC_SET_CONFIG(context, id, principal, key, data);
- ret = krb5int_build_conf_principals(context, id, principal, key, &cred);
+ ret = k5_build_conf_principals(context, id, principal, key, &cred);
if (ret)
goto out;
@@ -311,7 +313,7 @@ krb5_cc_get_config(krb5_context context, krb5_ccache id,
memset(&cred, 0, sizeof(cred));
memset(data, 0, sizeof(*data));
- ret = krb5int_build_conf_principals(context, id, principal, key, &mcred);
+ ret = k5_build_conf_principals(context, id, principal, key, &mcred);
if (ret)
goto out;
diff --git a/src/lib/krb5/ccache/ser_cc.c b/src/lib/krb5/ccache/ser_cc.c
index 3821b0e..fdfc5e4 100644
--- a/src/lib/krb5/ccache/ser_cc.c
+++ b/src/lib/krb5/ccache/ser_cc.c
@@ -25,6 +25,7 @@
*/
#include "k5-int.h"
+#include "cc-int.h"
/*
* Routines to deal with externalizing krb5_ccache.
diff --git a/src/lib/krb5/ccache/t_cc.c b/src/lib/krb5/ccache/t_cc.c
index e14ae7f..1c11272 100644
--- a/src/lib/krb5/ccache/t_cc.c
+++ b/src/lib/krb5/ccache/t_cc.c
@@ -25,6 +25,7 @@
*/
#include "k5-int.h"
+#include "cc-int.h"
#include <stdio.h>
#include <stdlib.h>
#include "autoconf.h"
diff --git a/src/lib/krb5/keytab/kt-int.h b/src/lib/krb5/keytab/kt-int.h
index ebefe80..b55118e 100644
--- a/src/lib/krb5/keytab/kt-int.h
+++ b/src/lib/krb5/keytab/kt-int.h
@@ -41,4 +41,7 @@ void krb5int_kt_finalize(void);
int krb5int_mkt_initialize(void);
void krb5int_mkt_finalize(void);
+
+extern const krb5_kt_ops krb5_kt_dfl_ops;
+
#endif /* __KRB5_KEYTAB_INT_H__ */
diff --git a/src/lib/krb5/keytab/kt_file.c b/src/lib/krb5/keytab/kt_file.c
index d2aa88b..d34e748 100644
--- a/src/lib/krb5/keytab/kt_file.c
+++ b/src/lib/krb5/keytab/kt_file.c
@@ -54,6 +54,7 @@
#ifndef LEAN_CLIENT
#include "k5-int.h"
+#include "../os/os-proto.h"
#include <stdio.h>
/*
@@ -1045,7 +1046,7 @@ krb5_ktfileint_open(krb5_context context, krb5_keytab id, int mode)
if (!KTFILEP(id)) {
if ((mode == KRB5_LOCKMODE_EXCLUSIVE) && (errno == ENOENT)) {
/* try making it first time around */
- krb5_create_secure_file(context, KTFILENAME(id));
+ k5_create_secure_file(context, KTFILENAME(id));
errno = 0;
KTFILEP(id) = fopen(KTFILENAME(id), fopen_mode_rbplus);
if (!KTFILEP(id))
@@ -1185,7 +1186,7 @@ krb5_ktfileint_delete_entry(krb5_context context, krb5_keytab id, krb5_int32 del
}
}
- return krb5_sync_disk_file(context, KTFILEP(id));
+ return k5_sync_disk_file(context, KTFILEP(id));
}
return 0;
@@ -1530,7 +1531,7 @@ krb5_ktfileint_write_entry(krb5_context context, krb5_keytab id, krb5_keytab_ent
if (fflush(KTFILEP(id)))
goto abend;
- retval = krb5_sync_disk_file(context, KTFILEP(id));
+ retval = k5_sync_disk_file(context, KTFILEP(id));
if (retval) {
return retval;
@@ -1546,7 +1547,7 @@ krb5_ktfileint_write_entry(krb5_context context, krb5_keytab id, krb5_keytab_ent
}
if (fflush(KTFILEP(id)))
goto abend;
- retval = krb5_sync_disk_file(context, KTFILEP(id));
+ retval = k5_sync_disk_file(context, KTFILEP(id));
return retval;
}
diff --git a/src/lib/krb5/keytab/ktdefault.c b/src/lib/krb5/keytab/ktdefault.c
index 2b1c298..482d52a 100644
--- a/src/lib/krb5/keytab/ktdefault.c
+++ b/src/lib/krb5/keytab/ktdefault.c
@@ -30,6 +30,7 @@
*/
#include "k5-int.h"
+#include "../os/os-proto.h"
#include <stdio.h>
#ifndef LEAN_CLIENT
diff --git a/src/lib/krb5/krb/copy_creds.c b/src/lib/krb5/krb/copy_creds.c
index 42372a1..1de56dc 100644
--- a/src/lib/krb5/krb/copy_creds.c
+++ b/src/lib/krb5/krb/copy_creds.c
@@ -25,6 +25,7 @@
*/
#include "k5-int.h"
+#include "int-proto.h"
/*
* Copy credentials, allocating fresh storage where needed.
@@ -39,7 +40,7 @@ krb5_copy_creds(krb5_context context, const krb5_creds *incred, krb5_creds **out
if (!(tempcred = (krb5_creds *)malloc(sizeof(*tempcred))))
return ENOMEM;
- retval = krb5int_copy_creds_contents(context, incred, tempcred);
+ retval = k5_copy_creds_contents(context, incred, tempcred);
if (retval)
free(tempcred);
else
@@ -54,8 +55,8 @@ krb5_copy_creds(krb5_context context, const krb5_creds *incred, krb5_creds **out
* output structure is garbage and its contents should be ignored.
*/
krb5_error_code
-krb5int_copy_creds_contents(krb5_context context, const krb5_creds *incred,
- krb5_creds *tempcred)
+k5_copy_creds_contents(krb5_context context, const krb5_creds *incred,
+ krb5_creds *tempcred)
{
krb5_error_code retval;
krb5_data *scratch;
diff --git a/src/lib/krb5/krb/enc_keyhelper.c b/src/lib/krb5/krb/enc_keyhelper.c
index 40ac4af..6878b25 100644
--- a/src/lib/krb5/krb/enc_keyhelper.c
+++ b/src/lib/krb5/krb/enc_keyhelper.c
@@ -24,16 +24,14 @@
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
- *
- * krb5_encrypt_keyhelper()
- *
*/
#include "k5-int.h"
+#include "int-proto.h"
krb5_error_code
-krb5_encrypt_keyhelper(krb5_context context, krb5_key key, krb5_keyusage usage,
- const krb5_data *plain, krb5_enc_data *cipher)
+k5_encrypt_keyhelper(krb5_context context, krb5_key key, krb5_keyusage usage,
+ const krb5_data *plain, krb5_enc_data *cipher)
{
krb5_enctype enctype;
krb5_error_code ret;
diff --git a/src/lib/krb5/krb/fast.c b/src/lib/krb5/krb/fast.c
index 5e37b45..4555b71 100644
--- a/src/lib/krb5/krb/fast.c
+++ b/src/lib/krb5/krb/fast.c
@@ -25,6 +25,7 @@
*/
#include <k5-int.h>
+#include "int-proto.h"
/*
* It is possible to support sending a request that includes both a FAST and
diff --git a/src/lib/krb5/krb/fwd_tgt.c b/src/lib/krb5/krb/fwd_tgt.c
index 2e55066..250af3a 100644
--- a/src/lib/krb5/krb/fwd_tgt.c
+++ b/src/lib/krb5/krb/fwd_tgt.c
@@ -29,6 +29,7 @@
#include <memory.h>
#endif
#include "int-proto.h"
+#include "os-proto.h"
/* helper function: convert flags to necessary KDC options */
#define flags2options(flags) (flags & KDC_TKT_COMMON_MASK)
@@ -137,7 +138,7 @@ krb5_fwd_tgt_creds(krb5_context context, krb5_auth_context auth_context,
free_rhost = 1;
}
- retval = krb5_os_hostaddr(context, rhost, &addrs);
+ retval = k5_os_hostaddr(context, rhost, &addrs);
if (retval)
goto errout;
}
diff --git a/src/lib/krb5/krb/gen_save_subkey.c b/src/lib/krb5/krb/gen_save_subkey.c
index 801eed4..61f36aa 100644
--- a/src/lib/krb5/krb/gen_save_subkey.c
+++ b/src/lib/krb5/krb/gen_save_subkey.c
@@ -25,13 +25,13 @@
*/
#include "k5-int.h"
+#include "int-proto.h"
#include "auth_con.h"
krb5_error_code
-krb5int_generate_and_save_subkey(krb5_context context,
- krb5_auth_context auth_context,
- krb5_keyblock *keyblock,
- krb5_enctype enctype)
+k5_generate_and_save_subkey(krb5_context context,
+ krb5_auth_context auth_context,
+ krb5_keyblock *keyblock, krb5_enctype enctype)
{
/* Provide some more fodder for random number code.
This isn't strong cryptographically; the point here is not
diff --git a/src/lib/krb5/krb/get_creds.c b/src/lib/krb5/krb/get_creds.c
index 9e28f48..fc74c16 100644
--- a/src/lib/krb5/krb/get_creds.c
+++ b/src/lib/krb5/krb/get_creds.c
@@ -1103,7 +1103,7 @@ krb5_tkt_creds_get_creds(krb5_context context, krb5_tkt_creds_context ctx,
{
if (ctx->state != STATE_COMPLETE)
return KRB5_NO_TKT_SUPPLIED;
- return krb5int_copy_creds_contents(context, ctx->reply_creds, creds);
+ return k5_copy_creds_contents(context, ctx->reply_creds, creds);
}
krb5_error_code KRB5_CALLCONV
diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c
index dfec991..e5fd554 100644
--- a/src/lib/krb5/krb/get_in_tkt.c
+++ b/src/lib/krb5/krb/get_in_tkt.c
@@ -491,7 +491,7 @@ krb5_init_creds_free(krb5_context context,
if (ctx == NULL)
return;
- if (ctx->opte != NULL && krb5_gic_opt_is_shadowed(ctx->opte)) {
+ if (ctx->opte != NULL && gic_opt_is_shadowed(ctx->opte)) {
krb5_get_init_creds_opt_free(context,
(krb5_get_init_creds_opt *)ctx->opte);
}
@@ -584,7 +584,7 @@ krb5_init_creds_get_creds(krb5_context context,
if (!ctx->complete)
return KRB5_NO_TKT_SUPPLIED;
- return krb5int_copy_creds_contents(context, &ctx->cred, creds);
+ return k5_copy_creds_contents(context, &ctx->cred, creds);
}
krb5_error_code KRB5_CALLCONV
@@ -808,8 +808,8 @@ krb5_init_creds_init(krb5_context context,
options = &local_opts;
}
- code = krb5int_gic_opt_to_opte(context, options,
- &ctx->opte, 1, "krb5_init_creds_init");
+ code = k5_gic_opt_to_opte(context, options, &ctx->opte, 1,
+ "krb5_init_creds_init");
if (code != 0)
goto cleanup;
@@ -1706,18 +1706,12 @@ cleanup:
}
krb5_error_code KRB5_CALLCONV
-krb5int_get_init_creds(krb5_context context,
- krb5_creds *creds,
- krb5_principal client,
- krb5_prompter_fct prompter,
- void *prompter_data,
- krb5_deltat start_time,
- const char *in_tkt_service,
- krb5_get_init_creds_opt *options,
- krb5_gic_get_as_key_fct gak_fct,
- void *gak_data,
- int *use_master,
- krb5_kdc_rep **as_reply)
+k5_get_init_creds(krb5_context context, krb5_creds *creds,
+ krb5_principal client, krb5_prompter_fct prompter,
+ void *prompter_data, krb5_deltat start_time,
+ const char *in_tkt_service, krb5_get_init_creds_opt *options,
+ get_as_key_fn gak_fct, void *gak_data, int *use_master,
+ krb5_kdc_rep **as_reply)
{
krb5_error_code code;
krb5_init_creds_context ctx = NULL;
@@ -1761,10 +1755,10 @@ cleanup:
}
krb5_error_code
-krb5int_populate_gic_opt(krb5_context context, krb5_get_init_creds_opt **out,
- krb5_flags options, krb5_address *const *addrs,
- krb5_enctype *ktypes,
- krb5_preauthtype *pre_auth_types, krb5_creds *creds)
+k5_populate_gic_opt(krb5_context context, krb5_get_init_creds_opt **out,
+ krb5_flags options, krb5_address *const *addrs,
+ krb5_enctype *ktypes, krb5_preauthtype *pre_auth_types,
+ krb5_creds *creds)
{
int i;
krb5_int32 starttime;
diff --git a/src/lib/krb5/krb/gic_keytab.c b/src/lib/krb5/krb/gic_keytab.c
index 9eef375..4c2942e 100644
--- a/src/lib/krb5/krb/gic_keytab.c
+++ b/src/lib/krb5/krb/gic_keytab.c
@@ -338,9 +338,8 @@ krb5_get_in_tkt_with_keytab(krb5_context context, krb5_flags options,
krb5_principal client_princ, server_princ;
int use_master = 0;
- retval = krb5int_populate_gic_opt(context, &opts,
- options, addrs, ktypes,
- pre_auth_types, creds);
+ retval = k5_populate_gic_opt(context, &opts, options, addrs, ktypes,
+ pre_auth_types, creds);
if (retval)
return retval;
@@ -356,11 +355,10 @@ krb5_get_in_tkt_with_keytab(krb5_context context, krb5_flags options,
goto cleanup;
server_princ = creds->server;
client_princ = creds->client;
- retval = krb5int_get_init_creds(context, creds, creds->client,
- krb5_prompter_posix, NULL,
- 0, server, opts,
- get_as_key_keytab, (void *)keytab,
- &use_master, ret_as_reply);
+ retval = k5_get_init_creds(context, creds, creds->client,
+ krb5_prompter_posix, NULL, 0, server, opts,
+ get_as_key_keytab, (void *)keytab, &use_master,
+ ret_as_reply);
krb5_free_unparsed_name( context, server);
if (retval) {
goto cleanup;
diff --git a/src/lib/krb5/krb/gic_opt.c b/src/lib/krb5/krb/gic_opt.c
index dddabf7..40a51d7 100644
--- a/src/lib/krb5/krb/gic_opt.c
+++ b/src/lib/krb5/krb/gic_opt.c
@@ -1,6 +1,7 @@
/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
#include "k5-int.h"
#include "int-proto.h"
+#include <krb5/clpreauth_plugin.h>
static void
init_common(krb5_get_init_creds_opt *opt)
@@ -100,32 +101,6 @@ krb5_get_init_creds_opt_set_change_password_prompt(krb5_get_init_creds_opt *opt,
opt->flags &= ~KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT;
}
-/*
- * Extending the krb5_get_init_creds_opt structure. The original
- * krb5_get_init_creds_opt structure is defined publicly. The
- * new extended version is private. The original interface
- * assumed a pre-allocated structure which was passed to
- * krb5_get_init_creds_init(). The new interface assumes that
- * the caller will call krb5_get_init_creds_alloc() and
- * krb5_get_init_creds_free().
- *
- * Callers MUST NOT call krb5_get_init_creds_init() after allocating an
- * opts structure using krb5_get_init_creds_alloc(). To do so will
- * introduce memory leaks. Unfortunately, there is no way to enforce
- * this behavior.
- *
- * Two private flags are added for backward compatibility.
- * KRB5_GET_INIT_CREDS_OPT_EXTENDED says that the structure was allocated
- * with the new krb5_get_init_creds_opt_alloc() function.
- * KRB5_GET_INIT_CREDS_OPT_SHADOWED is set to indicate that the extended
- * structure is a shadow copy of an original krb5_get_init_creds_opt
- * structure.
- * If KRB5_GET_INIT_CREDS_OPT_SHADOWED is set after a call to
- * krb5int_gic_opt_to_opte(), the resulting extended structure should be
- * freed (using krb5_get_init_creds_free). Otherwise, the original
- * structure was already extended and there is no need to free it.
- */
-
/* Forward prototype */
static void
free_gic_opt_ext_preauth_data(krb5_context context,
@@ -134,7 +109,7 @@ free_gic_opt_ext_preauth_data(krb5_context context,
static krb5_error_code
gic_opte_private_alloc(krb5_context context, krb5_gic_opt_ext *opte)
{
- if (NULL == opte || !krb5_gic_opt_is_extended(opte))
+ if (NULL == opte || !gic_opt_is_extended(opte))
return EINVAL;
opte->opt_private = calloc(1, sizeof(*opte->opt_private));
@@ -150,7 +125,7 @@ gic_opte_private_alloc(krb5_context context, krb5_gic_opt_ext *opte)
static krb5_error_code
gic_opte_private_free(krb5_context context, krb5_gic_opt_ext *opte)
{
- if (NULL == opte || !krb5_gic_opt_is_extended(opte))
+ if (NULL == opte || !gic_opt_is_extended(opte))
return EINVAL;
/* Free up any private stuff */
@@ -172,7 +147,7 @@ gic_opte_alloc(krb5_context context)
opte = calloc(1, sizeof(*opte));
if (NULL == opte)
return NULL;
- opte->flags = KRB5_GET_INIT_CREDS_OPT_EXTENDED;
+ opte->flags = GIC_OPT_EXTENDED;
code = gic_opte_private_alloc(context, opte);
if (code) {
@@ -214,7 +189,7 @@ krb5_get_init_creds_opt_free(krb5_context context,
return;
/* Don't touch it if we didn't allocate it */
- if (!krb5_gic_opt_is_extended(opt))
+ if (!gic_opt_is_extended(opt))
return;
opte = (krb5_gic_opt_ext *)opt;
@@ -257,8 +232,7 @@ gic_opte_copy(krb5_context context,
* here will be freed by the library because the
* application is unaware of its existence.
*/
- oe->flags |= ( KRB5_GET_INIT_CREDS_OPT_EXTENDED |
- KRB5_GET_INIT_CREDS_OPT_SHADOWED);
+ oe->flags |= (GIC_OPT_EXTENDED | GIC_OPT_SHADOWED);
*opte = oe;
return 0;
@@ -275,13 +249,11 @@ gic_opte_copy(krb5_context context,
* cases where the original *should* be an extended structure.
*/
krb5_error_code
-krb5int_gic_opt_to_opte(krb5_context context,
- krb5_get_init_creds_opt *opt,
- krb5_gic_opt_ext **opte,
- unsigned int force,
- const char *where)
+k5_gic_opt_to_opte(krb5_context context, krb5_get_init_creds_opt *opt,
+ krb5_gic_opt_ext **opte, unsigned int force,
+ const char *where)
{
- if (!krb5_gic_opt_is_extended(opt)) {
+ if (!gic_opt_is_extended(opt)) {
if (force) {
return gic_opte_copy(context, opt, opte);
} else {
@@ -302,7 +274,7 @@ free_gic_opt_ext_preauth_data(krb5_context context,
{
int i;
- if (NULL == opte || !krb5_gic_opt_is_extended(opte))
+ if (NULL == opte || !gic_opt_is_extended(opte))
return;
if (NULL == opte->opt_private || NULL == opte->opt_private->preauth_data)
return;
@@ -338,8 +310,8 @@ krb5_get_init_creds_opt_get_pa(krb5_context context,
int i;
size_t allocsize;
- retval = krb5int_gic_opt_to_opte(context, opt, &opte, 0,
- "krb5_get_init_creds_opt_get_pa");
+ retval = k5_gic_opt_to_opte(context, opt, &opte, 0,
+ "krb5_get_init_creds_opt_get_pa");
if (retval)
return retval;
@@ -415,8 +387,8 @@ krb5_get_init_creds_opt_set_fast_ccache_name(krb5_context context,
krb5_error_code retval = 0;
krb5_gic_opt_ext *opte;
- retval = krb5int_gic_opt_to_opte(context, opt, &opte, 0,
- "krb5_get_init_creds_opt_set_fast_ccache_name");
+ retval = k5_gic_opt_to_opte(context, opt, &opte, 0,
+ "krb5_get_init_creds_opt_set_fast_ccache_name");
if (retval)
return retval;
if (opte->opt_private->fast_ccache_name) {
@@ -459,8 +431,8 @@ krb5_get_init_creds_opt_set_in_ccache(krb5_context context,
krb5_error_code retval = 0;
krb5_gic_opt_ext *opte;
- retval = krb5int_gic_opt_to_opte(context, opt, &opte, 0,
- "krb5_get_init_creds_opt_set_in_ccache");
+ retval = k5_gic_opt_to_opte(context, opt, &opte, 0,
+ "krb5_get_init_creds_opt_set_in_ccache");
if (retval)
return retval;
opte->opt_private->in_ccache = ccache;
@@ -475,8 +447,8 @@ krb5_get_init_creds_opt_set_out_ccache(krb5_context context,
krb5_error_code retval = 0;
krb5_gic_opt_ext *opte;
- retval = krb5int_gic_opt_to_opte(context, opt, &opte, 0,
- "krb5_get_init_creds_opt_set_out_ccache");
+ retval = k5_gic_opt_to_opte(context, opt, &opte, 0,
+ "krb5_get_init_creds_opt_set_out_ccache");
if (retval)
return retval;
opte->opt_private->out_ccache = ccache;
@@ -491,8 +463,8 @@ krb5_get_init_creds_opt_set_fast_flags(krb5_context context,
krb5_error_code retval = 0;
krb5_gic_opt_ext *opte;
- retval = krb5int_gic_opt_to_opte(context, opt, &opte, 0,
- "krb5_get_init_creds_opt_set_fast_flags");
+ retval = k5_gic_opt_to_opte(context, opt, &opte, 0,
+ "krb5_get_init_creds_opt_set_fast_flags");
if (retval)
return retval;
opte->opt_private->fast_flags = flags;
@@ -510,8 +482,8 @@ krb5_get_init_creds_opt_get_fast_flags(krb5_context context,
if (out_flags == NULL)
return EINVAL;
*out_flags = 0;
- retval = krb5int_gic_opt_to_opte(context, opt, &opte, 0,
- "krb5_get_init_creds_opt_get_fast_flags");
+ retval = k5_gic_opt_to_opte(context, opt, &opte, 0,
+ "krb5_get_init_creds_opt_get_fast_flags");
if (retval)
return retval;
*out_flags = opte->opt_private->fast_flags;
@@ -527,9 +499,8 @@ krb5_get_init_creds_opt_set_expire_callback(krb5_context context,
krb5_error_code retval = 0;
krb5_gic_opt_ext *opte;
- retval = krb5int_gic_opt_to_opte(context, opt, &opte, 0,
- "krb5_get_init_creds_opt_set_"
- "expire_callback");
+ retval = k5_gic_opt_to_opte(context, opt, &opte, 0,
+ "krb5_get_init_creds_opt_set_expire_callback");
if (retval)
return retval;
opte->opt_private->expire_cb = cb;
@@ -545,8 +516,8 @@ krb5_get_init_creds_opt_set_responder(krb5_context context,
krb5_error_code ret;
krb5_gic_opt_ext *opte;
- ret = krb5int_gic_opt_to_opte(context, opt, &opte, 0,
- "krb5_get_init_creds_opt_set_responder");
+ ret = k5_gic_opt_to_opte(context, opt, &opte, 0,
+ "krb5_get_init_creds_opt_set_responder");
if (ret)
return ret;
opte->opt_private->responder = responder;
diff --git a/src/lib/krb5/krb/gic_opt_set_pa.c b/src/lib/krb5/krb/gic_opt_set_pa.c
index 1e79c42..d447805 100644
--- a/src/lib/krb5/krb/gic_opt_set_pa.c
+++ b/src/lib/krb5/krb/gic_opt_set_pa.c
@@ -79,8 +79,8 @@ krb5_get_init_creds_opt_set_pa(krb5_context context,
krb5_error_code retval;
krb5_gic_opt_ext *opte;
- retval = krb5int_gic_opt_to_opte(context, opt, &opte, 0,
- "krb5_get_init_creds_opt_set_pa");
+ retval = k5_gic_opt_to_opte(context, opt, &opte, 0,
+ "krb5_get_init_creds_opt_set_pa");
if (retval)
return retval;
diff --git a/src/lib/krb5/krb/gic_pwd.c b/src/lib/krb5/krb/gic_pwd.c
index 32b376f..22db2b5 100644
--- a/src/lib/krb5/krb/gic_pwd.c
+++ b/src/lib/krb5/krb/gic_pwd.c
@@ -3,6 +3,7 @@
#include "com_err.h"
#include "init_creds_ctx.h"
#include "int-proto.h"
+#include "os-proto.h"
krb5_error_code
krb5_get_as_key_password(krb5_context context,
@@ -81,9 +82,9 @@ krb5_get_as_key_password(krb5_context context,
prompt_type = KRB5_PROMPT_TYPE_PASSWORD;
/* PROMPTER_INVOCATION */
- krb5int_set_prompt_types(context, &prompt_type);
+ k5_set_prompt_types(context, &prompt_type);
ret = (*prompter)(context, prompter_data, NULL, NULL, 1, &prompt);
- krb5int_set_prompt_types(context, 0);
+ k5_set_prompt_types(context, 0);
if (ret)
return(ret);
}
@@ -183,7 +184,7 @@ warn_pw_expiry(krb5_context context, krb5_get_init_creds_opt *options,
get_expiry_times(as_reply->enc_part2, &pw_exp, &acct_exp, &is_last_req);
- ret = krb5int_gic_opt_to_opte(context, options, &opte, 0, "");
+ ret = k5_gic_opt_to_opte(context, options, &opte, 0, "");
if (ret == 0 && opte->opt_private->expire_cb != NULL) {
krb5_expire_callback_func cb = opte->opt_private->expire_cb;
void *cb_data = opte->opt_private->expire_data;
@@ -286,10 +287,9 @@ krb5_get_init_creds_password(krb5_context context,
/* first try: get the requested tkt from any kdc */
- ret = krb5int_get_init_creds(context, creds, client, prompter, data,
- start_time, in_tkt_service, options,
- krb5_get_as_key_password, (void *) &pw0,
- &use_master, &as_reply);
+ ret = k5_get_init_creds(context, creds, client, prompter, data, start_time,
+ in_tkt_service, options, krb5_get_as_key_password,
+ (void *) &pw0, &use_master, &as_reply);
/* check for success */
@@ -316,10 +316,10 @@ krb5_get_init_creds_password(krb5_context context,
krb5_free_kdc_rep( context, as_reply);
as_reply = NULL;
}
- ret = krb5int_get_init_creds(context, creds, client, prompter, data,
- start_time, in_tkt_service, options,
- krb5_get_as_key_password, (void *) &pw0,
- &use_master, &as_reply);
+ ret = k5_get_init_creds(context, creds, client, prompter, data,
+ start_time, in_tkt_service, options,
+ krb5_get_as_key_password, (void *) &pw0,
+ &use_master, &as_reply);
if (ret == 0)
goto cleanup;
@@ -363,11 +363,11 @@ krb5_get_init_creds_password(krb5_context context,
krb5_get_init_creds_opt_set_forwardable(chpw_opts, 0);
krb5_get_init_creds_opt_set_proxiable(chpw_opts, 0);
- if ((ret = krb5int_get_init_creds(context, &chpw_creds, client,
- prompter, data,
- start_time, "kadmin/changepw", chpw_opts,
- krb5_get_as_key_password, (void *) &pw0,
- &use_master, NULL)))
+ ret = k5_get_init_creds(context, &chpw_creds, client, prompter, data,
+ start_time, "kadmin/changepw", chpw_opts,
+ krb5_get_as_key_password, (void *) &pw0,
+ &use_master, NULL);
+ if (ret)
goto cleanup;
prompt[0].prompt = _("Enter new password");
@@ -389,10 +389,10 @@ krb5_get_init_creds_password(krb5_context context,
pw1.length = sizeof(pw1array);
/* PROMPTER_INVOCATION */
- krb5int_set_prompt_types(context, prompt_types);
+ k5_set_prompt_types(context, prompt_types);
ret = (*prompter)(context, data, 0, banner,
sizeof(prompt)/sizeof(prompt[0]), prompt);
- krb5int_set_prompt_types(context, 0);
+ k5_set_prompt_types(context, 0);
if (ret)
goto cleanup;
@@ -460,10 +460,10 @@ krb5_get_init_creds_password(krb5_context context,
is final. */
TRACE_GIC_PWD_CHANGED(context);
- ret = krb5int_get_init_creds(context, creds, client, prompter, data,
- start_time, in_tkt_service, options,
- krb5_get_as_key_password, (void *) &pw0,
- &use_master, &as_reply);
+ ret = k5_get_init_creds(context, creds, client, prompter, data,
+ start_time, in_tkt_service, options,
+ krb5_get_as_key_password, (void *) &pw0,
+ &use_master, &as_reply);
if (ret)
goto cleanup;
@@ -528,9 +528,8 @@ krb5_get_in_tkt_with_password(krb5_context context, krb5_flags options,
pw0.data[0] = '\0';
pw0.length = sizeof(pw0array);
}
- retval = krb5int_populate_gic_opt(context, &opts,
- options, addrs, ktypes,
- pre_auth_types, creds);
+ retval = k5_populate_gic_opt(context, &opts, options, addrs, ktypes,
+ pre_auth_types, creds);
if (retval)
return (retval);
retval = krb5_unparse_name( context, creds->server, &server);
@@ -540,11 +539,10 @@ krb5_get_in_tkt_with_password(krb5_context context, krb5_flags options,
}
server_princ = creds->server;
client_princ = creds->client;
- retval = krb5int_get_init_creds(context, creds, creds->client,
- krb5_prompter_posix, NULL,
- 0, server, opts,
- krb5_get_as_key_password, &pw0,
- &use_master, ret_as_reply);
+ retval = k5_get_init_creds(context, creds, creds->client,
+ krb5_prompter_posix, NULL, 0, server, opts,
+ krb5_get_as_key_password, &pw0, &use_master,
+ ret_as_reply);
krb5_free_unparsed_name( context, server);
krb5_get_init_creds_opt_free(context, opts);
if (retval) {
diff --git a/src/lib/krb5/krb/in_tkt_sky.c b/src/lib/krb5/krb/in_tkt_sky.c
index d1b69c6..b11e694 100644
--- a/src/lib/krb5/krb/in_tkt_sky.c
+++ b/src/lib/krb5/krb/in_tkt_sky.c
@@ -25,9 +25,9 @@
*/
#include "k5-int.h"
+#include "int-proto.h"
-/* A krb5_gic_get_as_key_fct shim for copying a caller-provided keyblock into
- * the AS keyblock. */
+/* Copy the caller-provided keyblock into the AS keyblock. */
static krb5_error_code
get_as_key_skey(krb5_context context, krb5_principal client,
krb5_enctype etype, krb5_prompter_fct prompter,
@@ -86,8 +86,8 @@ krb5_get_in_tkt_with_skey(krb5_context context, krb5_flags options,
}
#endif /* LEAN_CLIENT */
- retval = krb5int_populate_gic_opt(context, &opts, options, addrs, ktypes,
- pre_auth_types, creds);
+ retval = k5_populate_gic_opt(context, &opts, options, addrs, ktypes,
+ pre_auth_types, creds);
if (retval)
return retval;
retval = krb5_unparse_name(context, creds->server, &server);
@@ -97,10 +97,10 @@ krb5_get_in_tkt_with_skey(krb5_context context, krb5_flags options,
}
server_princ = creds->server;
client_princ = creds->client;
- retval = krb5int_get_init_creds(context, creds, creds->client,
- krb5_prompter_posix, NULL, 0, server, opts,
- get_as_key_skey, (void *) key, &use_master,
- ret_as_reply);
+ retval = k5_get_init_creds(context, creds, creds->client,
+ krb5_prompter_posix, NULL, 0, server, opts,
+ get_as_key_skey, (void *)key, &use_master,
+ ret_as_reply);
krb5_free_unparsed_name(context, server);
krb5_get_init_creds_opt_free(context, opts);
if (retval)
diff --git a/src/lib/krb5/krb/init_creds_ctx.h b/src/lib/krb5/krb/init_creds_ctx.h
index 1bc90a5..d886c7a 100644
--- a/src/lib/krb5/krb/init_creds_ctx.h
+++ b/src/lib/krb5/krb/init_creds_ctx.h
@@ -4,13 +4,18 @@
#define KRB5_INIT_CREDS_CONTEXT 1
#include "k5-json.h"
+#include "int-proto.h"
+
+struct krb5_responder_context_st {
+ k5_response_items *items;
+};
struct _krb5_init_creds_context {
krb5_gic_opt_ext *opte;
char *in_tkt_service;
krb5_prompter_fct prompter;
void *prompter_data;
- krb5_gic_get_as_key_fct gak_fct;
+ get_as_key_fn gak_fct;
void *gak_data;
krb5_timestamp request_time;
krb5_deltat start_time;
diff --git a/src/lib/krb5/krb/init_ctx.c b/src/lib/krb5/krb/init_ctx.c
index 33330e7..58eb01a 100644
--- a/src/lib/krb5/krb/init_ctx.c
+++ b/src/lib/krb5/krb/init_ctx.c
@@ -51,6 +51,7 @@
#include "k5-int.h"
#include "int-proto.h"
+#include "os-proto.h"
#include <ctype.h>
#include "brand.c"
#include "../krb5_libinit.h"
@@ -189,13 +190,14 @@ krb5_init_context_profile(profile_t profile, krb5_flags flags,
ctx->profile_secure = (flags & KRB5_INIT_CONTEXT_SECURE) != 0;
- if ((retval = krb5_os_init_context(ctx, profile, flags)) != 0)
+ retval = k5_os_init_context(ctx, profile, flags);
+ if (retval)
goto cleanup;
ctx->trace_callback = NULL;
#ifndef DISABLE_TRACING
if (!ctx->profile_secure)
- krb5int_init_trace(ctx);
+ k5_init_trace(ctx);
#endif
retval = get_boolean(ctx, KRB5_CONF_ALLOW_WEAK_CRYPTO, 0, &tmp);
@@ -287,7 +289,7 @@ krb5_free_context(krb5_context ctx)
{
if (ctx == NULL)
return;
- krb5_os_free_context(ctx);
+ k5_os_free_context(ctx);
free(ctx->in_tkt_etypes);
ctx->in_tkt_etypes = NULL;
diff --git a/src/lib/krb5/krb/int-proto.h b/src/lib/krb5/krb/int-proto.h
index 6d7939e..04535f6 100644
--- a/src/lib/krb5/krb/int-proto.h
+++ b/src/lib/krb5/krb/int-proto.h
@@ -29,6 +29,92 @@
struct krb5int_fast_request_state;
+typedef struct k5_response_items_st k5_response_items;
+
+typedef krb5_error_code
+(*get_as_key_fn)(krb5_context, krb5_principal, krb5_enctype, krb5_prompter_fct,
+ void *prompter_data, krb5_data *salt, krb5_data *s2kparams,
+ krb5_keyblock *as_key, void *gak_data,
+ k5_response_items *ritems);
+
+/*
+ * Extending the krb5_get_init_creds_opt structure. The original
+ * krb5_get_init_creds_opt structure is defined publicly. The new extended
+ * version is private. The original interface assumed a pre-allocated
+ * structure which was passed to krb5_get_init_creds_init(). The new interface
+ * assumes that the caller will call krb5_get_init_creds_alloc() and
+ * krb5_get_init_creds_free().
+ *
+ * Callers MUST NOT call krb5_get_init_creds_init() after allocating an opts
+ * structure using krb5_get_init_creds_alloc(). To do so will introduce memory
+ * leaks. Unfortunately, there is no way to enforce this behavior.
+ *
+ * Two private flags are added for backward compatibility. GIC_OPT_EXTENDED
+ * says that the structure was allocated with the new
+ * krb5_get_init_creds_opt_alloc() function. GIC_OPT_SHADOWED is set to
+ * indicate that the extended structure is a shadow copy of an original
+ * krb5_get_init_creds_opt structure. If GIC_OPT_SHADOWED is set after a call
+ * to k5_gic_opt_to_opte(), the resulting extended structure should be freed
+ * (using krb5_get_init_creds_free). Otherwise, the original structure was
+ * already extended and there is no need to free it.
+ */
+
+#define GIC_OPT_EXTENDED 0x80000000
+#define GIC_OPT_SHADOWED 0x40000000
+
+#define gic_opt_is_extended(s) ((s) != NULL && ((s)->flags & GIC_OPT_EXTENDED))
+#define gic_opt_is_shadowed(s) ((s) != NULL && ((s)->flags & GIC_OPT_SHADOWED))
+
+typedef struct gic_opt_private_st {
+ int num_preauth_data;
+ krb5_gic_opt_pa_data *preauth_data;
+ char * fast_ccache_name;
+ krb5_ccache in_ccache;
+ krb5_ccache out_ccache;
+ krb5_flags fast_flags;
+ krb5_expire_callback_func expire_cb;
+ void *expire_data;
+ krb5_responder_fn responder;
+ void *responder_data;
+} gic_opt_private;
+
+/*
+ * On the Mac, ensure that the layout of krb5_gic_opt_ext matches that
+ * of krb5_get_init_creds_opt.
+ */
+#if TARGET_OS_MAC
+# pragma pack(push,2)
+#endif
+
+typedef struct _krb5_gic_opt_ext {
+ krb5_flags flags;
+ krb5_deltat tkt_life;
+ krb5_deltat renew_life;
+ int forwardable;
+ int proxiable;
+ krb5_enctype *etype_list;
+ int etype_list_length;
+ krb5_address **address_list;
+ krb5_preauthtype *preauth_list;
+ int preauth_list_length;
+ krb5_data *salt;
+ /*
+ * Do not change anything above this point in this structure.
+ * It is identical to the public krb5_get_init_creds_opt structure.
+ * New members must be added below.
+ */
+ gic_opt_private *opt_private;
+} krb5_gic_opt_ext;
+
+#if TARGET_OS_MAC
+# pragma pack(pop)
+#endif
+
+krb5_error_code
+k5_gic_opt_to_opte(krb5_context context, krb5_get_init_creds_opt *opt,
+ krb5_gic_opt_ext **opte, unsigned int force,
+ const char *where);
+
krb5_error_code
krb5int_tgtname(krb5_context context, const krb5_data *, const krb5_data *,
krb5_principal *);
@@ -236,4 +322,46 @@ k5_save_ctx_error(krb5_context ctx, krb5_error_code code, struct errinfo *out);
krb5_error_code
k5_restore_ctx_error(krb5_context ctx, struct errinfo *in);
+krb5_error_code
+k5_encrypt_keyhelper(krb5_context context, krb5_key key,
+ krb5_keyusage keyusage, const krb5_data *plain,
+ krb5_enc_data *cipher);
+
+krb5_error_code KRB5_CALLCONV
+k5_get_init_creds(krb5_context context, krb5_creds *creds,
+ krb5_principal client, krb5_prompter_fct prompter,
+ void *prompter_data, krb5_deltat start_time,
+ const char *in_tkt_service, krb5_get_init_creds_opt *options,
+ get_as_key_fn gak, void *gak_data, int *master,
+ krb5_kdc_rep **as_reply);
+
+krb5_error_code
+k5_populate_gic_opt(krb5_context context, krb5_get_init_creds_opt **opt,
+ krb5_flags options, krb5_address *const *addrs,
+ krb5_enctype *ktypes, krb5_preauthtype *pre_auth_types,
+ krb5_creds *creds);
+
+krb5_error_code
+k5_copy_creds_contents(krb5_context, const krb5_creds *, krb5_creds *);
+
+krb5_error_code
+k5_build_conf_principals(krb5_context context, krb5_ccache id,
+ krb5_const_principal principal, const char *name,
+ krb5_creds *cred);
+
+krb5_error_code
+k5_generate_and_save_subkey(krb5_context context,
+ krb5_auth_context auth_context,
+ krb5_keyblock *keyblock, krb5_enctype enctype);
+
+krb5_error_code
+k5_client_realm_path(krb5_context context, const krb5_data *client,
+ const krb5_data *server, krb5_data **rpath_out);
+
+size_t
+k5_count_etypes(const krb5_enctype *list);
+
+krb5_error_code
+k5_copy_etypes(const krb5_enctype *old_list, krb5_enctype **new_list);
+
#endif /* KRB5_INT_FUNC_PROTO__ */
diff --git a/src/lib/krb5/krb/kfree.c b/src/lib/krb5/krb/kfree.c
index 9629ae6..466861f 100644
--- a/src/lib/krb5/krb/kfree.c
+++ b/src/lib/krb5/krb/kfree.c
@@ -641,15 +641,6 @@ krb5_free_pa_pac_req(krb5_context context,
}
void KRB5_CALLCONV
-krb5_free_etype_list(krb5_context context,
- krb5_etype_list *etypes)
-{
- if (etypes != NULL) {
- free(etypes->etypes);
- free(etypes);
- }
-}
-void KRB5_CALLCONV
krb5_free_fast_req(krb5_context context, krb5_fast_req *val)
{
if (val == NULL)
diff --git a/src/lib/krb5/krb/mk_cred.c b/src/lib/krb5/krb/mk_cred.c
index 566d138..a31d85c 100644
--- a/src/lib/krb5/krb/mk_cred.c
+++ b/src/lib/krb5/krb/mk_cred.c
@@ -9,6 +9,7 @@
*
*/
#include "k5-int.h"
+#include "int-proto.h"
#include "cleanup.h"
#include "auth_con.h"
@@ -44,9 +45,9 @@ encrypt_credencpart(krb5_context context, krb5_cred_enc_part *pcredpart,
}
/* call the encryption routine */
- retval = krb5_encrypt_keyhelper(context, pkey,
- KRB5_KEYUSAGE_KRB_CRED_ENCPART,
- scratch, pencdata);
+ retval = k5_encrypt_keyhelper(context, pkey,
+ KRB5_KEYUSAGE_KRB_CRED_ENCPART, scratch,
+ pencdata);
if (retval) {
memset(pencdata->ciphertext.data, 0, pencdata->ciphertext.length);
diff --git a/src/lib/krb5/krb/mk_rep.c b/src/lib/krb5/krb/mk_rep.c
index 0681a22..dd7a7d9 100644
--- a/src/lib/krb5/krb/mk_rep.c
+++ b/src/lib/krb5/krb/mk_rep.c
@@ -52,6 +52,7 @@
*/
#include "k5-int.h"
+#include "int-proto.h"
#include "auth_con.h"
/*
@@ -95,9 +96,9 @@ k5_mk_rep(krb5_context context, krb5_auth_context auth_context,
else if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_USE_SUBKEY) {
assert(auth_context->negotiated_etype != ENCTYPE_NULL);
- retval = krb5int_generate_and_save_subkey (context, auth_context,
- &auth_context->key->keyblock,
- auth_context->negotiated_etype);
+ retval = k5_generate_and_save_subkey(context, auth_context,
+ &auth_context->key->keyblock,
+ auth_context->negotiated_etype);
if (retval)
return retval;
repl.subkey = &auth_context->send_subkey->keyblock;
@@ -116,9 +117,9 @@ k5_mk_rep(krb5_context context, krb5_auth_context auth_context,
if ((retval = encode_krb5_ap_rep_enc_part(&repl, &scratch)))
return retval;
- if ((retval = krb5_encrypt_keyhelper(context, auth_context->key,
- KRB5_KEYUSAGE_AP_REP_ENCPART,
- scratch, &reply.enc_part)))
+ if ((retval = k5_encrypt_keyhelper(context, auth_context->key,
+ KRB5_KEYUSAGE_AP_REP_ENCPART, scratch,
+ &reply.enc_part)))
goto cleanup_scratch;
if (!(retval = encode_krb5_ap_rep(&reply, &toutbuf))) {
diff --git a/src/lib/krb5/krb/mk_req_ext.c b/src/lib/krb5/krb/mk_req_ext.c
index 1938cbe..dce0927 100644
--- a/src/lib/krb5/krb/mk_req_ext.c
+++ b/src/lib/krb5/krb/mk_req_ext.c
@@ -174,9 +174,9 @@ krb5_mk_req_extended(krb5_context context, krb5_auth_context *auth_context,
/* generate subkey if needed */
if ((ap_req_options & AP_OPTS_USE_SUBKEY)&&(!(*auth_context)->send_subkey)) {
- retval = krb5int_generate_and_save_subkey (context, *auth_context,
- &in_creds->keyblock,
- in_creds->keyblock.enctype);
+ retval = k5_generate_and_save_subkey(context, *auth_context,
+ &in_creds->keyblock,
+ in_creds->keyblock.enctype);
if (retval)
goto cleanup;
}
diff --git a/src/lib/krb5/krb/preauth2.c b/src/lib/krb5/krb/preauth2.c
index 7252048..747611e 100644
--- a/src/lib/krb5/krb/preauth2.c
+++ b/src/lib/krb5/krb/preauth2.c
@@ -35,6 +35,7 @@
#include "osconf.h"
#include <krb5/clpreauth_plugin.h>
#include "int-proto.h"
+#include "os-proto.h"
#include "fast.h"
#include "init_creds_ctx.h"
diff --git a/src/lib/krb5/krb/preauth_sam2.c b/src/lib/krb5/krb/preauth_sam2.c
index e6e2c68..6888e94 100644
--- a/src/lib/krb5/krb/preauth_sam2.c
+++ b/src/lib/krb5/krb/preauth_sam2.c
@@ -28,6 +28,7 @@
#include <k5-int.h>
#include <krb5/clpreauth_plugin.h>
#include "int-proto.h"
+#include "os-proto.h"
#include "init_creds_ctx.h"
/* this macro expands to the int,ptr necessary for "%.*s" in an sprintf */
@@ -182,17 +183,17 @@ sam2_process(krb5_context context, krb5_clpreauth_moddata moddata,
kprompt.reply = &response_data;
prompt_type = KRB5_PROMPT_TYPE_PREAUTH;
- krb5int_set_prompt_types(context, &prompt_type);
+ k5_set_prompt_types(context, &prompt_type);
if ((retval = ((*prompter)(context, prompter_data, name,
banner, 1, &kprompt)))) {
krb5_free_sam_challenge_2(context, sc2);
krb5_free_sam_challenge_2_body(context, sc2b);
- krb5int_set_prompt_types(context, 0);
+ k5_set_prompt_types(context, NULL);
return(retval);
}
- krb5int_set_prompt_types(context, (krb5_prompt_type *)NULL);
+ k5_set_prompt_types(context, NULL);
/* Generate salt used by string_to_key() */
if (ctx->default_salt) {
diff --git a/src/lib/krb5/krb/s4u_creds.c b/src/lib/krb5/krb/s4u_creds.c
index b3c536c..8d5f130 100644
--- a/src/lib/krb5/krb/s4u_creds.c
+++ b/src/lib/krb5/krb/s4u_creds.c
@@ -115,10 +115,9 @@ s4u_identify_user(krb5_context context,
client = &client_data;
}
- code = krb5int_get_init_creds(context, &creds, client,
- NULL, NULL, 0, NULL, opts,
- krb5_get_as_key_noop, &userid,
- &use_master, NULL);
+ code = k5_get_init_creds(context, &creds, client, NULL, NULL, 0, NULL,
+ opts, krb5_get_as_key_noop, &userid, &use_master,
+ NULL);
if (code == 0 || code == KRB5_PREAUTH_FAILED) {
*canon_user = userid.user;
userid.user = NULL;
@@ -517,7 +516,7 @@ krb5_get_self_cred_from_kdc(krb5_context context,
tgtptr = tgt;
- code = krb5int_copy_creds_contents(context, in_creds, &s4u_creds);
+ code = k5_copy_creds_contents(context, in_creds, &s4u_creds);
if (code != 0)
goto cleanup;
diff --git a/src/lib/krb5/krb/sendauth.c b/src/lib/krb5/krb/sendauth.c
index dc0c6e8..b1dde3c 100644
--- a/src/lib/krb5/krb/sendauth.c
+++ b/src/lib/krb5/krb/sendauth.c
@@ -25,6 +25,7 @@
*/
#include "k5-int.h"
+#include "os-proto.h"
#include "com_err.h"
#include "auth_con.h"
#include <errno.h>
@@ -63,7 +64,7 @@ krb5_sendauth(krb5_context context, krb5_auth_context *auth_context,
outbuf[0].data = (char *) sendauth_version;
outbuf[1].length = strlen(appl_version) + 1;
outbuf[1].data = appl_version;
- if ((retval = krb5int_write_messages(context, fd, outbuf, 2)))
+ if ((retval = k5_write_messages(context, fd, outbuf, 2)))
return(retval);
/*
* Now, read back a byte: 0 means no error, 1 means bad sendauth
diff --git a/src/lib/krb5/krb/ser_ctx.c b/src/lib/krb5/krb/ser_ctx.c
index 0452ebf..b52a04d 100644
--- a/src/lib/krb5/krb/ser_ctx.c
+++ b/src/lib/krb5/krb/ser_ctx.c
@@ -189,7 +189,8 @@ krb5_context_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet **b
context = (krb5_context) arg;
if (!context)
return (EINVAL);
- KRB5_VERIFY_MAGIC(context, KV5M_CONTEXT);
+ if (context->magic != KV5M_CONTEXT)
+ return (KV5M_CONTEXT);
if ((kret = krb5_context_size(kcontext, arg, &required)))
return (kret);
diff --git a/src/lib/krb5/krb/srv_dec_tkt.c b/src/lib/krb5/krb/srv_dec_tkt.c
index 094758c..708a25f 100644
--- a/src/lib/krb5/krb/srv_dec_tkt.c
+++ b/src/lib/krb5/krb/srv_dec_tkt.c
@@ -40,10 +40,9 @@
#include <k5-int.h>
#ifndef LEAN_CLIENT
-krb5_error_code KRB5_CALLCONV
-krb5int_server_decrypt_ticket_keyblock(krb5_context context,
- const krb5_keyblock *key,
- krb5_ticket *ticket)
+static krb5_error_code
+decrypt_ticket_keyblock(krb5_context context, const krb5_keyblock *key,
+ krb5_ticket *ticket)
{
krb5_error_code retval;
krb5_data *realm;
@@ -85,7 +84,7 @@ krb5_server_decrypt_ticket_keytab(krb5_context context,
ticket->enc_part.kvno,
ticket->enc_part.enctype, &ktent);
if (retval == 0) {
- retval = krb5int_server_decrypt_ticket_keyblock(context, &ktent.key, ticket);
+ retval = decrypt_ticket_keyblock(context, &ktent.key, ticket);
(void) krb5_free_keytab_entry_contents(context, &ktent);
}
@@ -103,7 +102,7 @@ krb5_server_decrypt_ticket_keytab(krb5_context context,
if (ktent.key.enctype != ticket->enc_part.enctype)
continue;
- retval = krb5int_server_decrypt_ticket_keyblock(context, &ktent.key, ticket);
+ retval = decrypt_ticket_keyblock(context, &ktent.key, ticket);
if (retval == 0) {
krb5_principal tmp;
diff --git a/src/lib/krb5/krb/t_cc_config.c b/src/lib/krb5/krb/t_cc_config.c
index 04e7283..156a5b5 100644
--- a/src/lib/krb5/krb/t_cc_config.c
+++ b/src/lib/krb5/krb/t_cc_config.c
@@ -36,6 +36,7 @@
*/
#include <k5-int.h>
+#include "int-proto.h"
#include <getopt.h>
static void
@@ -70,8 +71,8 @@ unset_config(krb5_context context, krb5_ccache ccache,
memset(&mcreds, 0, sizeof(mcreds));
memset(&creds, 0, sizeof(creds));
bail_on_err(context, "Error while deriving configuration principal names",
- krb5int_build_conf_principals(context, ccache, server, key,
- &mcreds));
+ k5_build_conf_principals(context, ccache, server, key,
+ &mcreds));
bail_on_err(context, "Error resolving first in-memory ccache",
krb5_cc_resolve(context, "MEMORY:tmp1", &tmp1));
bail_on_err(context, "Error initializing first in-memory ccache",
diff --git a/src/lib/krb5/libkrb5.exports b/src/lib/krb5/libkrb5.exports
index de41959..b0547d5 100644
--- a/src/lib/krb5/libkrb5.exports
+++ b/src/lib/krb5/libkrb5.exports
@@ -105,9 +105,8 @@ initialize_krb5_error_table
initialize_k5e1_error_table
initialize_kv5m_error_table
initialize_prof_error_table
+k5_build_conf_principals
k5_ccselect_free_context
-k5_copy_etypes
-k5_count_etypes
k5_etypes_contains
k5_expand_path_tokens
k5_expand_path_tokens_extra
@@ -116,8 +115,11 @@ k5_free_otp_tokeninfo
k5_free_pa_otp_challenge
k5_free_pa_otp_req
k5_free_serverlist
+k5_init_trace
k5_kt_get_principal
k5_locate_kdc
+k5_os_free_context
+k5_os_init_context
k5_plugin_free_modules
k5_plugin_load
k5_plugin_load_all
@@ -215,7 +217,6 @@ krb5_cc_register
krb5_cc_remove_cred
krb5_cc_resolve
krb5_cc_retrieve_cred
-krb5_cc_retrieve_cred_default
krb5_cc_select
krb5_cc_set_config
krb5_cc_set_default_name
@@ -248,7 +249,6 @@ krb5_copy_keyblock
krb5_copy_keyblock_contents
krb5_copy_principal
krb5_copy_ticket
-krb5_create_secure_file
krb5_crypto_us_timeofday
krb5_decode_authdata_container
krb5_decode_ticket
@@ -444,9 +444,6 @@ krb5_mk_req_extended
krb5_mk_safe
krb5_net_read
krb5_net_write
-krb5_os_free_context
-krb5_os_hostaddr
-krb5_os_init_context
krb5_os_localaddr
krb5_overridekeyname
krb5_pac_add_buffer
@@ -569,7 +566,6 @@ krb5_sname_to_principal
krb5_string_to_deltat
krb5_string_to_salttype
krb5_string_to_timestamp
-krb5_sync_disk_file
krb5int_tgtname
krb5_tkt_creds_free
krb5_tkt_creds_get
@@ -597,10 +593,8 @@ krb5_vset_error_message
krb5_walk_realm_tree
krb5_write_message
krb5int_accessor
-krb5int_build_conf_principals
krb5int_cc_default
krb5int_cleanup_library
-krb5int_clean_hostname
krb5int_cm_call_select
krb5int_copy_data_contents
krb5int_copy_data_contents_add0
@@ -609,7 +603,6 @@ krb5int_foreach_localaddr
krb5int_free_data_list
krb5int_get_authdata_containee_types
krb5int_init_context_kdc
-krb5int_init_trace
krb5int_initialize_library
krb5int_parse_enctype_list
krb5int_sendtokdc_debug_handler
diff --git a/src/lib/krb5/os/accessor.c b/src/lib/krb5/os/accessor.c
index 2e31e83..df63b14 100644
--- a/src/lib/krb5/os/accessor.c
+++ b/src/lib/krb5/os/accessor.c
@@ -26,6 +26,7 @@
#include "k5-int.h"
#include "os-proto.h"
+#include "../krb/int-proto.h"
/* If this trick gets used elsewhere, move it to k5-platform.h. */
#ifndef DESIGNATED_INITIALIZERS
@@ -52,7 +53,7 @@ krb5int_accessor(krb5int_access *internals, krb5_int32 version)
#endif
S (auth_con_get_subkey_enctype, krb5_auth_con_get_subkey_enctype),
- S (clean_hostname, krb5int_clean_hostname),
+ S (clean_hostname, k5_clean_hostname),
#ifndef LEAN_CLIENT
#define SC(FIELD, VAL) S(FIELD, VAL)
@@ -101,7 +102,7 @@ krb5int_accessor(krb5int_access *internals, krb5_int32 version)
SC (decode_krb5_td_dh_parameters, decode_krb5_td_dh_parameters),
SC (encode_krb5_kdc_req_body, encode_krb5_kdc_req_body),
SC (free_kdc_req, krb5_free_kdc_req),
- SC (set_prompt_types, krb5int_set_prompt_types),
+ SC (set_prompt_types, k5_set_prompt_types),
#undef SC
#if DESIGNATED_INITIALIZERS
diff --git a/src/lib/krb5/os/def_realm.c b/src/lib/krb5/os/def_realm.c
index f47e170..0ebe9db 100644
--- a/src/lib/krb5/os/def_realm.c
+++ b/src/lib/krb5/os/def_realm.c
@@ -51,6 +51,8 @@
#define MAXHOSTNAMELEN 64
#endif
+#define MAX_DNS_NAMELEN (15*(MAXHOSTNAMELEN + 1)+1)
+
#endif /* KRB5_DNS_LOOKUP */
/*
diff --git a/src/lib/krb5/os/dnsglue.h b/src/lib/krb5/os/dnsglue.h
index e66de6a..2f9192f 100644
--- a/src/lib/krb5/os/dnsglue.h
+++ b/src/lib/krb5/os/dnsglue.h
@@ -155,5 +155,19 @@ int krb5int_dns_expand(struct krb5int_dns_state *,
const unsigned char *, char *, int);
void krb5int_dns_fini(struct krb5int_dns_state *);
+struct srv_dns_entry {
+ struct srv_dns_entry *next;
+ int priority;
+ int weight;
+ unsigned short port;
+ char *host;
+};
+
+krb5_error_code krb5int_make_srv_query_realm(const krb5_data *realm,
+ const char *service,
+ const char *protocol,
+ struct srv_dns_entry **answers);
+void krb5int_free_srv_dns_data(struct srv_dns_entry *);
+
#endif /* KRB5_DNS_LOOKUP */
#endif /* !defined(KRB5_DNSGLUE_H) */
diff --git a/src/lib/krb5/os/hostaddr.c b/src/lib/krb5/os/hostaddr.c
index a38fad5..22f6ad6 100644
--- a/src/lib/krb5/os/hostaddr.c
+++ b/src/lib/krb5/os/hostaddr.c
@@ -25,12 +25,13 @@
*/
#include "k5-int.h"
+#include "os-proto.h"
#include "fake-addrinfo.h"
krb5_error_code
-krb5_os_hostaddr(krb5_context context, const char *name,
- krb5_address ***ret_addrs)
+k5_os_hostaddr(krb5_context context, const char *name,
+ krb5_address ***ret_addrs)
{
krb5_error_code retval;
krb5_address **addrs;
diff --git a/src/lib/krb5/os/hst_realm.c b/src/lib/krb5/os/hst_realm.c
index 599823e..7160873 100644
--- a/src/lib/krb5/os/hst_realm.c
+++ b/src/lib/krb5/os/hst_realm.c
@@ -31,7 +31,7 @@
/*
* krb5_get_host_realm()
* krb5_get_fallback_host_realm()
- * krb5int_clean_hostname()
+ * k5_clean_hostname()
* krb5_free_host_realm()
*/
@@ -98,7 +98,7 @@ domain_heuristic(krb5_context context, const char *domain,
#endif /* MAXDNAME */
#endif /* KRB5_DNS_LOOKUP */
-krb5_error_code krb5int_translate_gai_error (int);
+static krb5_error_code krb5int_translate_gai_error(int);
static krb5_error_code
get_fq_hostname(char *buf, size_t bufsize, const char *name)
@@ -144,7 +144,7 @@ krb5_get_host_realm(krb5_context context, const char *host, char ***realmsp)
TRACE_GET_HOST_REALM(context, host);
- retval = krb5int_clean_hostname(context, host, local_host, sizeof local_host);
+ retval = k5_clean_hostname(context, host, local_host, sizeof local_host);
if (retval)
return retval;
@@ -216,7 +216,7 @@ krb5_get_host_realm(krb5_context context, const char *host, char ***realmsp)
# endif
#endif
-krb5_error_code
+static krb5_error_code
krb5int_translate_gai_error (int num)
{
switch (num) {
@@ -279,7 +279,7 @@ krb5_get_fallback_host_realm(krb5_context context,
TRACE_GET_FALLBACK_HOST_REALM(context, host);
- retval = krb5int_clean_hostname(context, host, local_host, sizeof local_host);
+ retval = k5_clean_hostname(context, host, local_host, sizeof local_host);
if (retval)
return retval;
@@ -367,8 +367,8 @@ krb5_get_fallback_host_realm(krb5_context context,
* to do basic sanity checks on supplied hostname.
*/
krb5_error_code
-krb5int_clean_hostname(krb5_context context,
- const char *host, char *local_host, size_t lhsize)
+k5_clean_hostname(krb5_context context, const char *host, char *local_host,
+ size_t lhsize)
{
char *cp;
krb5_error_code retval;
diff --git a/src/lib/krb5/os/init_os_ctx.c b/src/lib/krb5/os/init_os_ctx.c
index 56b8d92..2afe2e1 100644
--- a/src/lib/krb5/os/init_os_ctx.c
+++ b/src/lib/krb5/os/init_os_ctx.c
@@ -234,7 +234,7 @@ free_filespecs(profile_filespec_t *files)
/* This function is needed by KfM's KerberosPreferences API
* because it needs to be able to specify "secure" */
-krb5_error_code
+static krb5_error_code
os_get_default_config_files(profile_filespec_t **pfiles, krb5_boolean secure)
{
profile_filespec_t* files;
@@ -421,7 +421,7 @@ os_init_paths(krb5_context ctx, krb5_boolean kdc)
}
krb5_error_code
-krb5_os_init_context(krb5_context ctx, profile_t profile, krb5_flags flags)
+k5_os_init_context(krb5_context ctx, profile_t profile, krb5_flags flags)
{
krb5_os_context os_ctx;
krb5_error_code retval = 0;
@@ -499,7 +499,7 @@ krb5_free_config_files(char **filenames)
}
void
-krb5_os_free_context(krb5_context ctx)
+k5_os_free_context(krb5_context ctx)
{
krb5_os_context os_ctx;
diff --git a/src/lib/krb5/os/krbfileio.c b/src/lib/krb5/os/krbfileio.c
index 6dce8ca..41cd40f 100644
--- a/src/lib/krb5/os/krbfileio.c
+++ b/src/lib/krb5/os/krbfileio.c
@@ -26,10 +26,6 @@
* M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
- *
- *
- * krb5_create_secure_file
- * krb5_sync_disk_file
*/
#ifdef MODULE_VERSION_ID
@@ -38,6 +34,7 @@ static char *VersionID = "@(#)krbfileio.c 2 - 08/22/91";
#include "k5-int.h"
+#include "os-proto.h"
#ifdef HAVE_SYS_FILE_H
#include <sys/file.h>
#endif
@@ -52,7 +49,7 @@ static char *VersionID = "@(#)krbfileio.c 2 - 08/22/91";
#endif
krb5_error_code
-krb5_create_secure_file(krb5_context context, const char *pathname)
+k5_create_secure_file(krb5_context context, const char *pathname)
{
int fd;
@@ -89,7 +86,7 @@ krb5_create_secure_file(krb5_context context, const char *pathname)
}
krb5_error_code
-krb5_sync_disk_file(krb5_context context, FILE *fp)
+k5_sync_disk_file(krb5_context context, FILE *fp)
{
fflush(fp);
#if !defined(MSDOS_FILESYSTEM)
diff --git a/src/lib/krb5/os/localaddr.c b/src/lib/krb5/os/localaddr.c
index faa214a..f894d05 100644
--- a/src/lib/krb5/os/localaddr.c
+++ b/src/lib/krb5/os/localaddr.c
@@ -34,6 +34,7 @@
*/
#include "k5-int.h"
+#include "os-proto.h"
#if !defined(_WIN32)
@@ -1291,7 +1292,7 @@ krb5_os_localaddr_profile (krb5_context context, struct localaddr_data *datap)
fprintf (stderr, " processing '%s'\n", current);
#endif
newaddrs = 0;
- err = krb5_os_hostaddr (context, current, &newaddrs);
+ err = k5_os_hostaddr (context, current, &newaddrs);
if (err)
continue;
for (i = 0; newaddrs[i]; i++) {
diff --git a/src/lib/krb5/os/locate_kdc.c b/src/lib/krb5/os/locate_kdc.c
index 5bf7776..283f36c 100644
--- a/src/lib/krb5/os/locate_kdc.c
+++ b/src/lib/krb5/os/locate_kdc.c
@@ -38,14 +38,7 @@
#include <resolv.h>
#include <netdb.h>
#endif /* WSHELPER */
-#ifndef T_SRV
-#define T_SRV 33
-#endif /* T_SRV */
-
-/* for old Unixes and friends ... */
-#ifndef MAXHOSTNAMELEN
-#define MAXHOSTNAMELEN 64
-#endif
+#include "dnsglue.h"
#if KRB5_DNS_LOOKUP_KDC
#define DEFAULT_LOOKUP_KDC 1
@@ -488,8 +481,8 @@ prof_locate_server(krb5_context context, const krb5_data *realm,
break;
case locate_service_krb524:
profname = KRB5_CONF_KRB524_SERVER;
- serv = getservbyname(KRB524_SERVICE, "udp");
- dflport1 = serv ? serv->s_port : htons (KRB524_PORT);
+ serv = getservbyname("krb524", "udp");
+ dflport1 = serv ? serv->s_port : htons(4444);
break;
case locate_service_kpasswd:
profname = KRB5_CONF_KPASSWD_SERVER;
diff --git a/src/lib/krb5/os/os-proto.h b/src/lib/krb5/os/os-proto.h
index e50a0d4..83c9d65 100644
--- a/src/lib/krb5/os/os-proto.h
+++ b/src/lib/krb5/os/os-proto.h
@@ -110,6 +110,24 @@ krb5_error_code k5_expand_path_tokens_extra(krb5_context context,
const char *path_in,
char **path_out, ...);
+krb5_error_code k5_create_secure_file(krb5_context, const char * pathname);
+krb5_error_code k5_sync_disk_file(krb5_context, FILE *fp);
+krb5_error_code k5_os_init_context(krb5_context context, profile_t profile,
+ krb5_flags flags);
+void k5_os_free_context(krb5_context);
+krb5_error_code k5_os_hostaddr(krb5_context, const char *, krb5_address ***);
+krb5_error_code k5_time_with_offset(krb5_timestamp offset,
+ krb5_int32 offset_usec,
+ krb5_timestamp *time_out,
+ krb5_int32 *usec_out);
+void k5_set_prompt_types(krb5_context, krb5_prompt_type *);
+krb5_error_code k5_clean_hostname(krb5_context, const char *, char *, size_t);
+krb5_error_code k5_kt_client_default_name(krb5_context context,
+ char **name_out);
+krb5_error_code k5_write_messages(krb5_context, krb5_pointer, krb5_data *,
+ int);
+void k5_init_trace(krb5_context context);
+
#include "k5-thread.h"
extern k5_mutex_t krb5int_us_time_mutex;
diff --git a/src/lib/krb5/os/prompter.c b/src/lib/krb5/os/prompter.c
index aa7399c..26cdebc 100644
--- a/src/lib/krb5/os/prompter.c
+++ b/src/lib/krb5/os/prompter.c
@@ -1,5 +1,6 @@
/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
#include "k5-int.h"
+#include "os-proto.h"
#if !defined(_WIN32) || (defined(_WIN32) && defined(__CYGWIN32__))
#include <stdio.h>
#include <errno.h>
@@ -317,7 +318,7 @@ krb5_prompter_posix(krb5_context context,
#endif /* Windows or Mac */
void
-krb5int_set_prompt_types(krb5_context context, krb5_prompt_type *types)
+k5_set_prompt_types(krb5_context context, krb5_prompt_type *types)
{
context->prompt_types = types;
}
diff --git a/src/lib/krb5/os/trace.c b/src/lib/krb5/os/trace.c
index 21fe105..97e1c06 100644
--- a/src/lib/krb5/os/trace.c
+++ b/src/lib/krb5/os/trace.c
@@ -38,6 +38,7 @@
*/
#include "k5-int.h"
+#include "os-proto.h"
#include "cm.h"
#ifndef DISABLE_TRACING
@@ -328,7 +329,7 @@ subfmt(krb5_context context, struct k5buf *buf, const char *fmt, ...)
}
void
-krb5int_init_trace(krb5_context context)
+k5_init_trace(krb5_context context)
{
const char *filename;
diff --git a/src/lib/krb5/os/ustime.c b/src/lib/krb5/os/ustime.c
index 90fa4a6..0563576 100644
--- a/src/lib/krb5/os/ustime.c
+++ b/src/lib/krb5/os/ustime.c
@@ -34,6 +34,7 @@
*/
#include "k5-int.h"
+#include "os-proto.h"
krb5_error_code
k5_time_with_offset(krb5_timestamp offset, krb5_int32 offset_usec,
diff --git a/src/lib/krb5/os/write_msg.c b/src/lib/krb5/os/write_msg.c
index b745f3f..a9d6050 100644
--- a/src/lib/krb5/os/write_msg.c
+++ b/src/lib/krb5/os/write_msg.c
@@ -36,8 +36,8 @@
* efficiently.
*/
krb5_error_code
-krb5int_write_messages(krb5_context context, krb5_pointer fdp,
- krb5_data *outbuf, int nbufs)
+k5_write_messages(krb5_context context, krb5_pointer fdp, krb5_data *outbuf,
+ int nbufs)
{
int fd = *( (int *) fdp);
@@ -72,5 +72,5 @@ krb5int_write_messages(krb5_context context, krb5_pointer fdp,
krb5_error_code
krb5_write_message(krb5_context context, krb5_pointer fdp, krb5_data *outbuf)
{
- return krb5int_write_messages(context, fdp, outbuf, 1);
+ return k5_write_messages(context, fdp, outbuf, 1);
}
diff --git a/src/lib/krb5_32.def b/src/lib/krb5_32.def
index d093d1f..57604ad 100644
--- a/src/lib/krb5_32.def
+++ b/src/lib/krb5_32.def
@@ -443,7 +443,6 @@ EXPORTS
krb5_responder_otp_challenge_free @415
krb5_cc_move @416
krb5_get_init_creds_opt_set_in_ccache @417
- krb5int_build_conf_principals @418 ; PRIVATE
; new in 1.12
krb5_free_enctypes @419
More information about the cvs-krb5
mailing list