svn rev #23357: trunk/src/ include/ lib/krb5/ lib/krb5/krb/
ghudson@MIT.EDU
ghudson at MIT.EDU
Wed Nov 25 18:09:07 EST 2009
http://src.mit.edu/fisheye/changelog/krb5/?cs=23357
Commit By: ghudson
Log Message:
Defer the conversion of the gic options structure to the extended form
until we reach krb5_get_init_creds. Rename that function to
krb5int_get_init_creds since it isn't public. Also stop exporting it.
Changed Files:
U trunk/src/include/k5-int.h
U trunk/src/lib/krb5/krb/get_in_tkt.c
U trunk/src/lib/krb5/krb/gic_keytab.c
U trunk/src/lib/krb5/krb/gic_pwd.c
U trunk/src/lib/krb5/krb/s4u_creds.c
U trunk/src/lib/krb5/libkrb5.exports
Modified: trunk/src/include/k5-int.h
===================================================================
--- trunk/src/include/k5-int.h 2009-11-25 19:03:29 UTC (rev 23356)
+++ trunk/src/include/k5-int.h 2009-11-25 23:09:07 UTC (rev 23357)
@@ -1242,15 +1242,15 @@
krb5_keyblock *as_key, void *gak_data);
krb5_error_code KRB5_CALLCONV
-krb5_get_init_creds(krb5_context context, krb5_creds *creds,
- krb5_principal client, krb5_prompter_fct prompter,
- void *prompter_data, krb5_deltat start_time,
- char *in_tkt_service, krb5_gic_opt_ext *gic_options,
- krb5_gic_get_as_key_fct gak, void *gak_data,
- int *master, krb5_kdc_rep **as_reply);
+krb5int_get_init_creds(krb5_context context, krb5_creds *creds,
+ krb5_principal client, krb5_prompter_fct prompter,
+ void *prompter_data, krb5_deltat start_time,
+ char *in_tkt_service, krb5_get_init_creds_opt *options,
+ krb5_gic_get_as_key_fct gak, void *gak_data,
+ int *master, krb5_kdc_rep **as_reply);
krb5_error_code
-krb5int_populate_gic_opt (krb5_context, krb5_gic_opt_ext **,
+krb5int_populate_gic_opt (krb5_context, krb5_get_init_creds_opt **,
krb5_flags options, krb5_address *const *addrs,
krb5_enctype *ktypes,
krb5_preauthtype *pre_auth_types, krb5_creds *creds);
Modified: trunk/src/lib/krb5/krb/get_in_tkt.c
===================================================================
--- trunk/src/lib/krb5/krb/get_in_tkt.c 2009-11-25 19:03:29 UTC (rev 23356)
+++ trunk/src/lib/krb5/krb/get_in_tkt.c 2009-11-25 23:09:07 UTC (rev 23357)
@@ -1058,18 +1058,18 @@
}
krb5_error_code KRB5_CALLCONV
-krb5_get_init_creds(krb5_context context,
- krb5_creds *creds,
- krb5_principal client,
- krb5_prompter_fct prompter,
- void *prompter_data,
- krb5_deltat start_time,
- char *in_tkt_service,
- krb5_gic_opt_ext *options,
- krb5_gic_get_as_key_fct gak_fct,
- void *gak_data,
- int *use_master,
- krb5_kdc_rep **as_reply)
+krb5int_get_init_creds(krb5_context context,
+ krb5_creds *creds,
+ krb5_principal client,
+ krb5_prompter_fct prompter,
+ void *prompter_data,
+ krb5_deltat start_time,
+ char *in_tkt_service,
+ krb5_get_init_creds_opt *opts,
+ krb5_gic_get_as_key_fct gak_fct,
+ void *gak_data,
+ int *use_master,
+ krb5_kdc_rep **as_reply)
{
krb5_error_code ret;
krb5_kdc_req request;
@@ -1094,8 +1094,8 @@
krb5_boolean retry = 0;
struct krb5int_fast_request_state *fast_state = NULL;
krb5_pa_data **out_padata = NULL;
+ krb5_gic_opt_ext *options = NULL;
-
/* initialize everything which will be freed at cleanup */
s2kparams.data = NULL;
@@ -1129,6 +1129,11 @@
if (ret)
goto cleanup;
+ ret = krb5int_gic_opt_to_opte(context, opts, &options, 1,
+ "krb5int_get_init_creds");
+ if (ret)
+ goto cleanup;
+
/*
* Set up the basic request structure
*/
@@ -1644,6 +1649,10 @@
krb5_free_kdc_rep(context, local_as_reply);
if (referred_client.realm.data)
krb5_free_data_contents(context, &referred_client.realm);
+ if (krb5_gic_opt_is_shadowed(options)) {
+ krb5_get_init_creds_opt_free(context,
+ (krb5_get_init_creds_opt *)options);
+ }
return(ret);
}
Modified: trunk/src/lib/krb5/krb/gic_keytab.c
===================================================================
--- trunk/src/lib/krb5/krb/gic_keytab.c 2009-11-25 19:03:29 UTC (rev 23356)
+++ trunk/src/lib/krb5/krb/gic_keytab.c 2009-11-25 23:09:07 UTC (rev 23357)
@@ -88,7 +88,6 @@
krb5_error_code ret, ret2;
int use_master;
krb5_keytab keytab;
- krb5_gic_opt_ext *opte = NULL;
if (arg_keytab == NULL) {
if ((ret = krb5_kt_default(context, &keytab)))
@@ -97,19 +96,14 @@
keytab = arg_keytab;
}
- ret = krb5int_gic_opt_to_opte(context, options, &opte, 1,
- "krb5_get_init_creds_keytab");
- if (ret)
- return ret;
-
use_master = 0;
/* first try: get the requested tkt from any kdc */
- ret = krb5_get_init_creds(context, creds, client, NULL, NULL,
- start_time, in_tkt_service, opte,
- get_as_key_keytab, (void *) keytab,
- &use_master,NULL);
+ ret = krb5int_get_init_creds(context, creds, client, NULL, NULL,
+ start_time, in_tkt_service, options,
+ get_as_key_keytab, (void *) keytab,
+ &use_master,NULL);
/* check for success */
@@ -127,10 +121,10 @@
if (!use_master) {
use_master = 1;
- ret2 = krb5_get_init_creds(context, creds, client, NULL, NULL,
- start_time, in_tkt_service, opte,
- get_as_key_keytab, (void *) keytab,
- &use_master, NULL);
+ ret2 = krb5int_get_init_creds(context, creds, client, NULL, NULL,
+ start_time, in_tkt_service, options,
+ get_as_key_keytab, (void *) keytab,
+ &use_master, NULL);
if (ret2 == 0) {
ret = 0;
@@ -152,8 +146,6 @@
do any prompting or changing for keytabs, that's it. */
cleanup:
- if (opte && krb5_gic_opt_is_shadowed(opte))
- krb5_get_init_creds_opt_free(context, (krb5_get_init_creds_opt *)opte);
if (arg_keytab == NULL)
krb5_kt_close(context, keytab);
@@ -167,13 +159,13 @@
krb5_creds *creds, krb5_kdc_rep **ret_as_reply)
{
krb5_error_code retval;
- krb5_gic_opt_ext *opte;
+ krb5_get_init_creds_opt *opts;
char * server = NULL;
krb5_keytab keytab;
krb5_principal client_princ, server_princ;
int use_master = 0;
- retval = krb5int_populate_gic_opt(context, &opte,
+ retval = krb5int_populate_gic_opt(context, &opts,
options, addrs, ktypes,
pre_auth_types, creds);
if (retval)
@@ -191,14 +183,13 @@
goto cleanup;
server_princ = creds->server;
client_princ = creds->client;
- retval = krb5_get_init_creds (context,
- creds, creds->client,
- krb5_prompter_posix, NULL,
- 0, server, opte,
- get_as_key_keytab, (void *)keytab,
- &use_master, ret_as_reply);
+ retval = krb5int_get_init_creds(context, creds, creds->client,
+ krb5_prompter_posix, NULL,
+ 0, server, opts,
+ get_as_key_keytab, (void *)keytab,
+ &use_master, ret_as_reply);
krb5_free_unparsed_name( context, server);
- krb5_get_init_creds_opt_free(context, (krb5_get_init_creds_opt *)opte);
+ krb5_get_init_creds_opt_free(context, opts);
if (retval) {
goto cleanup;
}
Modified: trunk/src/lib/krb5/krb/gic_pwd.c
===================================================================
--- trunk/src/lib/krb5/krb/gic_pwd.c 2009-11-25 19:03:29 UTC (rev 23356)
+++ trunk/src/lib/krb5/krb/gic_pwd.c 2009-11-25 23:09:07 UTC (rev 23357)
@@ -103,8 +103,6 @@
char banner[1024], pw0array[1024], pw1array[1024];
krb5_prompt prompt[2];
krb5_prompt_type prompt_types[sizeof(prompt)/sizeof(prompt[0])];
- krb5_gic_opt_ext *opte = NULL;
- krb5_gic_opt_ext *chpw_opte = NULL;
use_master = 0;
as_reply = NULL;
@@ -127,17 +125,12 @@
pw1.data[0] = '\0';
pw1.length = sizeof(pw1array);
- ret = krb5int_gic_opt_to_opte(context, options, &opte, 1,
- "krb5_get_init_creds_password");
- if (ret)
- goto cleanup;
-
/* first try: get the requested tkt from any kdc */
- ret = krb5_get_init_creds(context, creds, client, prompter, data,
- start_time, in_tkt_service, opte,
- krb5_get_as_key_password, (void *) &pw0,
- &use_master, &as_reply);
+ ret = krb5int_get_init_creds(context, creds, client, prompter, data,
+ start_time, in_tkt_service, options,
+ krb5_get_as_key_password, (void *) &pw0,
+ &use_master, &as_reply);
/* check for success */
@@ -162,10 +155,10 @@
krb5_free_kdc_rep( context, as_reply);
as_reply = NULL;
}
- ret2 = krb5_get_init_creds(context, creds, client, prompter, data,
- start_time, in_tkt_service, opte,
- krb5_get_as_key_password, (void *) &pw0,
- &use_master, &as_reply);
+ ret2 = krb5int_get_init_creds(context, creds, client, prompter, data,
+ start_time, in_tkt_service, options,
+ krb5_get_as_key_password, (void *) &pw0,
+ &use_master, &as_reply);
if (ret2 == 0) {
ret = 0;
@@ -216,16 +209,12 @@
krb5_get_init_creds_opt_set_renew_life(chpw_opts, 0);
krb5_get_init_creds_opt_set_forwardable(chpw_opts, 0);
krb5_get_init_creds_opt_set_proxiable(chpw_opts, 0);
- ret = krb5int_gic_opt_to_opte(context, chpw_opts, &chpw_opte, 0,
- "krb5_get_init_creds_password (changing password)");
- if (ret)
- goto cleanup;
- if ((ret = krb5_get_init_creds(context, &chpw_creds, client,
- prompter, data,
- start_time, "kadmin/changepw", chpw_opte,
- krb5_get_as_key_password, (void *) &pw0,
- &use_master, NULL)))
+ if ((ret = krb5int_get_init_creds(context, &chpw_creds, client,
+ prompter, data,
+ start_time, "kadmin/changepw", chpw_opts,
+ krb5_get_as_key_password, (void *) &pw0,
+ &use_master, NULL)))
goto cleanup;
prompt[0].prompt = "Enter new password";
@@ -313,10 +302,10 @@
from the master. this is the last try. the return from this
is final. */
- ret = krb5_get_init_creds(context, creds, client, prompter, data,
- start_time, in_tkt_service, opte,
- krb5_get_as_key_password, (void *) &pw0,
- &use_master, &as_reply);
+ ret = krb5int_get_init_creds(context, creds, client, prompter, data,
+ start_time, in_tkt_service, options,
+ krb5_get_as_key_password, (void *) &pw0,
+ &use_master, &as_reply);
cleanup:
krb5int_set_prompt_types(context, 0);
@@ -397,8 +386,6 @@
if (chpw_opts)
krb5_get_init_creds_opt_free(context, chpw_opts);
- if (opte && krb5_gic_opt_is_shadowed(opte))
- krb5_get_init_creds_opt_free(context, (krb5_get_init_creds_opt *)opte);
memset(pw0array, 0, sizeof(pw0array));
memset(pw1array, 0, sizeof(pw1array));
krb5_free_cred_contents(context, &chpw_creds);
@@ -409,7 +396,7 @@
}
krb5_error_code
-krb5int_populate_gic_opt(krb5_context context, krb5_gic_opt_ext **opte,
+krb5int_populate_gic_opt(krb5_context context, krb5_get_init_creds_opt **out,
krb5_flags options, krb5_address *const *addrs,
krb5_enctype *ktypes,
krb5_preauthtype *pre_auth_types, krb5_creds *creds)
@@ -419,7 +406,7 @@
krb5_get_init_creds_opt *opt;
krb5_error_code retval;
- *opte = NULL;
+ *out = NULL;
retval = krb5_get_init_creds_opt_alloc(context, &opt);
if (retval)
return(retval);
@@ -449,8 +436,8 @@
if (creds->times.starttime) starttime = creds->times.starttime;
krb5_get_init_creds_opt_set_tkt_life(opt, creds->times.endtime - starttime);
}
- return krb5int_gic_opt_to_opte(context, opt, opte, 0,
- "krb5int_populate_gic_opt");
+ *out = opt;
+ return 0;
cleanup:
krb5_get_init_creds_opt_free(context, opt);
return retval;
@@ -489,7 +476,7 @@
char * server;
krb5_principal server_princ, client_princ;
int use_master = 0;
- krb5_gic_opt_ext *opte = NULL;
+ krb5_get_init_creds_opt *opts = NULL;
pw0.data = pw0array;
if (password && password[0]) {
@@ -500,26 +487,25 @@
pw0.data[0] = '\0';
pw0.length = sizeof(pw0array);
}
- retval = krb5int_populate_gic_opt(context, &opte,
+ retval = krb5int_populate_gic_opt(context, &opts,
options, addrs, ktypes,
pre_auth_types, creds);
if (retval)
return (retval);
retval = krb5_unparse_name( context, creds->server, &server);
if (retval) {
- krb5_get_init_creds_opt_free(context, (krb5_get_init_creds_opt *)opte);
+ krb5_get_init_creds_opt_free(context, opts);
return (retval);
}
server_princ = creds->server;
client_princ = creds->client;
- retval = krb5_get_init_creds (context,
- creds, creds->client,
- krb5_prompter_posix, NULL,
- 0, server, opte,
- krb5_get_as_key_password, &pw0,
- &use_master, ret_as_reply);
+ retval = krb5int_get_init_creds(context, creds, creds->client,
+ krb5_prompter_posix, NULL,
+ 0, server, opts,
+ krb5_get_as_key_password, &pw0,
+ &use_master, ret_as_reply);
krb5_free_unparsed_name( context, server);
- krb5_get_init_creds_opt_free(context, (krb5_get_init_creds_opt *)opte);
+ krb5_get_init_creds_opt_free(context, opts);
if (retval) {
return (retval);
}
Modified: trunk/src/lib/krb5/krb/s4u_creds.c
===================================================================
--- trunk/src/lib/krb5/krb/s4u_creds.c 2009-11-25 19:03:29 UTC (rev 23356)
+++ trunk/src/lib/krb5/krb/s4u_creds.c 2009-11-25 23:09:07 UTC (rev 23357)
@@ -66,7 +66,6 @@
krb5_creds creds;
int use_master = 0;
krb5_get_init_creds_opt *opts = NULL;
- krb5_gic_opt_ext *opte = NULL;
krb5_principal_data client_data;
krb5_principal client;
krb5_s4u_userid userid;
@@ -98,10 +97,6 @@
krb5_get_init_creds_opt_set_proxiable(opts, 0);
krb5_get_init_creds_opt_set_canonicalize(opts, 1);
krb5_get_init_creds_opt_set_preauth_list(opts, ptypes, 1);
- code = krb5int_gic_opt_to_opte(context, opts, &opte,
- 0, "s4u_identify_user");
- if (code != 0)
- goto cleanup;
if (in_creds->client != NULL)
client = in_creds->client;
@@ -115,10 +110,10 @@
client = &client_data;
}
- code = krb5_get_init_creds(context, &creds, client,
- NULL, NULL, 0, NULL, opte,
- krb5_get_as_key_noop, &userid,
- &use_master, NULL);
+ code = krb5int_get_init_creds(context, &creds, client,
+ NULL, NULL, 0, NULL, opts,
+ krb5_get_as_key_noop, &userid,
+ &use_master, NULL);
if (code == 0 ||
code == KDC_ERR_PREAUTH_REQUIRED ||
code == KDC_ERR_PREAUTH_FAILED) {
Modified: trunk/src/lib/krb5/libkrb5.exports
===================================================================
--- trunk/src/lib/krb5/libkrb5.exports 2009-11-25 19:03:29 UTC (rev 23356)
+++ trunk/src/lib/krb5/libkrb5.exports 2009-11-25 23:09:07 UTC (rev 23357)
@@ -323,7 +323,6 @@
krb5_get_in_tkt_with_keytab
krb5_get_in_tkt_with_password
krb5_get_in_tkt_with_skey
-krb5_get_init_creds
krb5_get_init_creds_keytab
krb5_get_init_creds_opt_alloc
krb5_get_init_creds_opt_free
More information about the cvs-krb5
mailing list