svn rev #23357: trunk/src/ include/ lib/krb5/ lib/krb5/krb/

ghudson@MIT.EDU ghudson at MIT.EDU
Wed Nov 25 18:09:07 EST 2009


http://src.mit.edu/fisheye/changelog/krb5/?cs=23357
Commit By: ghudson
Log Message:
Defer the conversion of the gic options structure to the extended form
until we reach krb5_get_init_creds.  Rename that function to
krb5int_get_init_creds since it isn't public.  Also stop exporting it.



Changed Files:
U   trunk/src/include/k5-int.h
U   trunk/src/lib/krb5/krb/get_in_tkt.c
U   trunk/src/lib/krb5/krb/gic_keytab.c
U   trunk/src/lib/krb5/krb/gic_pwd.c
U   trunk/src/lib/krb5/krb/s4u_creds.c
U   trunk/src/lib/krb5/libkrb5.exports
Modified: trunk/src/include/k5-int.h
===================================================================
--- trunk/src/include/k5-int.h	2009-11-25 19:03:29 UTC (rev 23356)
+++ trunk/src/include/k5-int.h	2009-11-25 23:09:07 UTC (rev 23357)
@@ -1242,15 +1242,15 @@
                            krb5_keyblock *as_key, void *gak_data);
 
 krb5_error_code KRB5_CALLCONV
-krb5_get_init_creds(krb5_context context, krb5_creds *creds,
-                    krb5_principal client, krb5_prompter_fct prompter,
-                    void *prompter_data, krb5_deltat start_time,
-                    char *in_tkt_service, krb5_gic_opt_ext *gic_options,
-                    krb5_gic_get_as_key_fct gak, void *gak_data,
-                    int *master, krb5_kdc_rep **as_reply);
+krb5int_get_init_creds(krb5_context context, krb5_creds *creds,
+                       krb5_principal client, krb5_prompter_fct prompter,
+                       void *prompter_data, krb5_deltat start_time,
+                       char *in_tkt_service, krb5_get_init_creds_opt *options,
+                       krb5_gic_get_as_key_fct gak, void *gak_data,
+                       int *master, krb5_kdc_rep **as_reply);
 
 krb5_error_code
-krb5int_populate_gic_opt (krb5_context, krb5_gic_opt_ext **,
+krb5int_populate_gic_opt (krb5_context, krb5_get_init_creds_opt **,
                           krb5_flags options, krb5_address *const *addrs,
                           krb5_enctype *ktypes,
                           krb5_preauthtype *pre_auth_types, krb5_creds *creds);

Modified: trunk/src/lib/krb5/krb/get_in_tkt.c
===================================================================
--- trunk/src/lib/krb5/krb/get_in_tkt.c	2009-11-25 19:03:29 UTC (rev 23356)
+++ trunk/src/lib/krb5/krb/get_in_tkt.c	2009-11-25 23:09:07 UTC (rev 23357)
@@ -1058,18 +1058,18 @@
 }
 
 krb5_error_code KRB5_CALLCONV
-krb5_get_init_creds(krb5_context context,
-                    krb5_creds *creds,
-                    krb5_principal client,
-                    krb5_prompter_fct prompter,
-                    void *prompter_data,
-                    krb5_deltat start_time,
-                    char *in_tkt_service,
-                    krb5_gic_opt_ext *options,
-                    krb5_gic_get_as_key_fct gak_fct,
-                    void *gak_data,
-                    int  *use_master,
-                    krb5_kdc_rep **as_reply)
+krb5int_get_init_creds(krb5_context context,
+                       krb5_creds *creds,
+                       krb5_principal client,
+                       krb5_prompter_fct prompter,
+                       void *prompter_data,
+                       krb5_deltat start_time,
+                       char *in_tkt_service,
+                       krb5_get_init_creds_opt *opts,
+                       krb5_gic_get_as_key_fct gak_fct,
+                       void *gak_data,
+                       int  *use_master,
+                       krb5_kdc_rep **as_reply)
 {
     krb5_error_code ret;
     krb5_kdc_req request;
@@ -1094,8 +1094,8 @@
     krb5_boolean retry = 0;
     struct krb5int_fast_request_state *fast_state = NULL;
     krb5_pa_data **out_padata = NULL;
+    krb5_gic_opt_ext *options = NULL;
 
-
     /* initialize everything which will be freed at cleanup */
 
     s2kparams.data = NULL;
@@ -1129,6 +1129,11 @@
     if (ret)
         goto cleanup;
 
+    ret = krb5int_gic_opt_to_opte(context, opts, &options, 1,
+                                  "krb5int_get_init_creds");
+    if (ret)
+        goto cleanup;
+
     /*
      * Set up the basic request structure
      */
@@ -1644,6 +1649,10 @@
         krb5_free_kdc_rep(context, local_as_reply);
     if (referred_client.realm.data)
         krb5_free_data_contents(context, &referred_client.realm);
+    if (krb5_gic_opt_is_shadowed(options)) {
+        krb5_get_init_creds_opt_free(context,
+                                     (krb5_get_init_creds_opt *)options);
+    }
 
     return(ret);
 }

Modified: trunk/src/lib/krb5/krb/gic_keytab.c
===================================================================
--- trunk/src/lib/krb5/krb/gic_keytab.c	2009-11-25 19:03:29 UTC (rev 23356)
+++ trunk/src/lib/krb5/krb/gic_keytab.c	2009-11-25 23:09:07 UTC (rev 23357)
@@ -88,7 +88,6 @@
     krb5_error_code ret, ret2;
     int use_master;
     krb5_keytab keytab;
-    krb5_gic_opt_ext *opte = NULL;
 
     if (arg_keytab == NULL) {
         if ((ret = krb5_kt_default(context, &keytab)))
@@ -97,19 +96,14 @@
         keytab = arg_keytab;
     }
 
-    ret = krb5int_gic_opt_to_opte(context, options, &opte, 1,
-                                  "krb5_get_init_creds_keytab");
-    if (ret)
-        return ret;
-
     use_master = 0;
 
     /* first try: get the requested tkt from any kdc */
 
-    ret = krb5_get_init_creds(context, creds, client, NULL, NULL,
-                              start_time, in_tkt_service, opte,
-                              get_as_key_keytab, (void *) keytab,
-                              &use_master,NULL);
+    ret = krb5int_get_init_creds(context, creds, client, NULL, NULL,
+                                 start_time, in_tkt_service, options,
+                                 get_as_key_keytab, (void *) keytab,
+                                 &use_master,NULL);
 
     /* check for success */
 
@@ -127,10 +121,10 @@
     if (!use_master) {
         use_master = 1;
 
-        ret2 = krb5_get_init_creds(context, creds, client, NULL, NULL,
-                                   start_time, in_tkt_service, opte,
-                                   get_as_key_keytab, (void *) keytab,
-                                   &use_master, NULL);
+        ret2 = krb5int_get_init_creds(context, creds, client, NULL, NULL,
+                                      start_time, in_tkt_service, options,
+                                      get_as_key_keytab, (void *) keytab,
+                                      &use_master, NULL);
 
         if (ret2 == 0) {
             ret = 0;
@@ -152,8 +146,6 @@
        do any prompting or changing for keytabs, that's it. */
 
 cleanup:
-    if (opte && krb5_gic_opt_is_shadowed(opte))
-        krb5_get_init_creds_opt_free(context, (krb5_get_init_creds_opt *)opte);
     if (arg_keytab == NULL)
         krb5_kt_close(context, keytab);
 
@@ -167,13 +159,13 @@
                             krb5_creds *creds, krb5_kdc_rep **ret_as_reply)
 {
     krb5_error_code retval;
-    krb5_gic_opt_ext *opte;
+    krb5_get_init_creds_opt *opts;
     char * server = NULL;
     krb5_keytab keytab;
     krb5_principal client_princ, server_princ;
     int use_master = 0;
 
-    retval = krb5int_populate_gic_opt(context, &opte,
+    retval = krb5int_populate_gic_opt(context, &opts,
                                       options, addrs, ktypes,
                                       pre_auth_types, creds);
     if (retval)
@@ -191,14 +183,13 @@
         goto cleanup;
     server_princ = creds->server;
     client_princ = creds->client;
-    retval = krb5_get_init_creds (context,
-                                  creds, creds->client,
-                                  krb5_prompter_posix,  NULL,
-                                  0, server, opte,
-                                  get_as_key_keytab, (void *)keytab,
-                                  &use_master, ret_as_reply);
+    retval = krb5int_get_init_creds(context, creds, creds->client,
+                                    krb5_prompter_posix,  NULL,
+                                    0, server, opts,
+                                    get_as_key_keytab, (void *)keytab,
+                                    &use_master, ret_as_reply);
     krb5_free_unparsed_name( context, server);
-    krb5_get_init_creds_opt_free(context, (krb5_get_init_creds_opt *)opte);
+    krb5_get_init_creds_opt_free(context, opts);
     if (retval) {
         goto cleanup;
     }

Modified: trunk/src/lib/krb5/krb/gic_pwd.c
===================================================================
--- trunk/src/lib/krb5/krb/gic_pwd.c	2009-11-25 19:03:29 UTC (rev 23356)
+++ trunk/src/lib/krb5/krb/gic_pwd.c	2009-11-25 23:09:07 UTC (rev 23357)
@@ -103,8 +103,6 @@
     char banner[1024], pw0array[1024], pw1array[1024];
     krb5_prompt prompt[2];
     krb5_prompt_type prompt_types[sizeof(prompt)/sizeof(prompt[0])];
-    krb5_gic_opt_ext *opte = NULL;
-    krb5_gic_opt_ext *chpw_opte = NULL;
 
     use_master = 0;
     as_reply = NULL;
@@ -127,17 +125,12 @@
     pw1.data[0] = '\0';
     pw1.length = sizeof(pw1array);
 
-    ret = krb5int_gic_opt_to_opte(context, options, &opte, 1,
-                                  "krb5_get_init_creds_password");
-    if (ret)
-        goto cleanup;
-
     /* first try: get the requested tkt from any kdc */
 
-    ret = krb5_get_init_creds(context, creds, client, prompter, data,
-                              start_time, in_tkt_service, opte,
-                              krb5_get_as_key_password, (void *) &pw0,
-                              &use_master, &as_reply);
+    ret = krb5int_get_init_creds(context, creds, client, prompter, data,
+                                 start_time, in_tkt_service, options,
+                                 krb5_get_as_key_password, (void *) &pw0,
+                                 &use_master, &as_reply);
 
     /* check for success */
 
@@ -162,10 +155,10 @@
             krb5_free_kdc_rep( context, as_reply);
             as_reply = NULL;
         }
-        ret2 = krb5_get_init_creds(context, creds, client, prompter, data,
-                                   start_time, in_tkt_service, opte,
-                                   krb5_get_as_key_password, (void *) &pw0,
-                                   &use_master, &as_reply);
+        ret2 = krb5int_get_init_creds(context, creds, client, prompter, data,
+                                      start_time, in_tkt_service, options,
+                                      krb5_get_as_key_password, (void *) &pw0,
+                                      &use_master, &as_reply);
 
         if (ret2 == 0) {
             ret = 0;
@@ -216,16 +209,12 @@
     krb5_get_init_creds_opt_set_renew_life(chpw_opts, 0);
     krb5_get_init_creds_opt_set_forwardable(chpw_opts, 0);
     krb5_get_init_creds_opt_set_proxiable(chpw_opts, 0);
-    ret = krb5int_gic_opt_to_opte(context, chpw_opts, &chpw_opte, 0,
-                                  "krb5_get_init_creds_password (changing password)");
-    if (ret)
-        goto cleanup;
 
-    if ((ret = krb5_get_init_creds(context, &chpw_creds, client,
-                                   prompter, data,
-                                   start_time, "kadmin/changepw", chpw_opte,
-                                   krb5_get_as_key_password, (void *) &pw0,
-                                   &use_master, NULL)))
+    if ((ret = krb5int_get_init_creds(context, &chpw_creds, client,
+                                      prompter, data,
+                                      start_time, "kadmin/changepw", chpw_opts,
+                                      krb5_get_as_key_password, (void *) &pw0,
+                                      &use_master, NULL)))
         goto cleanup;
 
     prompt[0].prompt = "Enter new password";
@@ -313,10 +302,10 @@
        from the master.  this is the last try.  the return from this
        is final.  */
 
-    ret = krb5_get_init_creds(context, creds, client, prompter, data,
-                              start_time, in_tkt_service, opte,
-                              krb5_get_as_key_password, (void *) &pw0,
-                              &use_master, &as_reply);
+    ret = krb5int_get_init_creds(context, creds, client, prompter, data,
+                                 start_time, in_tkt_service, options,
+                                 krb5_get_as_key_password, (void *) &pw0,
+                                 &use_master, &as_reply);
 
 cleanup:
     krb5int_set_prompt_types(context, 0);
@@ -397,8 +386,6 @@
 
     if (chpw_opts)
         krb5_get_init_creds_opt_free(context, chpw_opts);
-    if (opte && krb5_gic_opt_is_shadowed(opte))
-        krb5_get_init_creds_opt_free(context, (krb5_get_init_creds_opt *)opte);
     memset(pw0array, 0, sizeof(pw0array));
     memset(pw1array, 0, sizeof(pw1array));
     krb5_free_cred_contents(context, &chpw_creds);
@@ -409,7 +396,7 @@
 }
 
 krb5_error_code
-krb5int_populate_gic_opt(krb5_context context, krb5_gic_opt_ext **opte,
+krb5int_populate_gic_opt(krb5_context context, krb5_get_init_creds_opt **out,
                          krb5_flags options, krb5_address *const *addrs,
                          krb5_enctype *ktypes,
                          krb5_preauthtype *pre_auth_types, krb5_creds *creds)
@@ -419,7 +406,7 @@
     krb5_get_init_creds_opt *opt;
     krb5_error_code retval;
 
-    *opte = NULL;
+    *out = NULL;
     retval = krb5_get_init_creds_opt_alloc(context, &opt);
     if (retval)
         return(retval);
@@ -449,8 +436,8 @@
         if (creds->times.starttime) starttime = creds->times.starttime;
         krb5_get_init_creds_opt_set_tkt_life(opt, creds->times.endtime - starttime);
     }
-    return krb5int_gic_opt_to_opte(context, opt, opte, 0,
-                                   "krb5int_populate_gic_opt");
+    *out = opt;
+    return 0;
 cleanup:
     krb5_get_init_creds_opt_free(context, opt);
     return retval;
@@ -489,7 +476,7 @@
     char * server;
     krb5_principal server_princ, client_princ;
     int use_master = 0;
-    krb5_gic_opt_ext *opte = NULL;
+    krb5_get_init_creds_opt *opts = NULL;
 
     pw0.data = pw0array;
     if (password && password[0]) {
@@ -500,26 +487,25 @@
         pw0.data[0] = '\0';
         pw0.length = sizeof(pw0array);
     }
-    retval = krb5int_populate_gic_opt(context, &opte,
+    retval = krb5int_populate_gic_opt(context, &opts,
                                       options, addrs, ktypes,
                                       pre_auth_types, creds);
     if (retval)
         return (retval);
     retval = krb5_unparse_name( context, creds->server, &server);
     if (retval) {
-        krb5_get_init_creds_opt_free(context, (krb5_get_init_creds_opt *)opte);
+        krb5_get_init_creds_opt_free(context, opts);
         return (retval);
     }
     server_princ = creds->server;
     client_princ = creds->client;
-    retval = krb5_get_init_creds (context,
-                                  creds, creds->client,
-                                  krb5_prompter_posix,  NULL,
-                                  0, server, opte,
-                                  krb5_get_as_key_password, &pw0,
-                                  &use_master, ret_as_reply);
+    retval = krb5int_get_init_creds(context, creds, creds->client,
+                                    krb5_prompter_posix, NULL,
+                                    0, server, opts,
+                                    krb5_get_as_key_password, &pw0,
+                                    &use_master, ret_as_reply);
     krb5_free_unparsed_name( context, server);
-    krb5_get_init_creds_opt_free(context, (krb5_get_init_creds_opt *)opte);
+    krb5_get_init_creds_opt_free(context, opts);
     if (retval) {
         return (retval);
     }

Modified: trunk/src/lib/krb5/krb/s4u_creds.c
===================================================================
--- trunk/src/lib/krb5/krb/s4u_creds.c	2009-11-25 19:03:29 UTC (rev 23356)
+++ trunk/src/lib/krb5/krb/s4u_creds.c	2009-11-25 23:09:07 UTC (rev 23357)
@@ -66,7 +66,6 @@
     krb5_creds creds;
     int use_master = 0;
     krb5_get_init_creds_opt *opts = NULL;
-    krb5_gic_opt_ext *opte = NULL;
     krb5_principal_data client_data;
     krb5_principal client;
     krb5_s4u_userid userid;
@@ -98,10 +97,6 @@
     krb5_get_init_creds_opt_set_proxiable(opts, 0);
     krb5_get_init_creds_opt_set_canonicalize(opts, 1);
     krb5_get_init_creds_opt_set_preauth_list(opts, ptypes, 1);
-    code = krb5int_gic_opt_to_opte(context, opts, &opte,
-                                   0, "s4u_identify_user");
-    if (code != 0)
-        goto cleanup;
 
     if (in_creds->client != NULL)
         client = in_creds->client;
@@ -115,10 +110,10 @@
         client = &client_data;
     }
 
-    code = krb5_get_init_creds(context, &creds, client,
-                               NULL, NULL, 0, NULL, opte,
-                               krb5_get_as_key_noop, &userid,
-                               &use_master, NULL);
+    code = krb5int_get_init_creds(context, &creds, client,
+                                  NULL, NULL, 0, NULL, opts,
+                                  krb5_get_as_key_noop, &userid,
+                                  &use_master, NULL);
     if (code == 0 ||
         code == KDC_ERR_PREAUTH_REQUIRED ||
         code == KDC_ERR_PREAUTH_FAILED) {

Modified: trunk/src/lib/krb5/libkrb5.exports
===================================================================
--- trunk/src/lib/krb5/libkrb5.exports	2009-11-25 19:03:29 UTC (rev 23356)
+++ trunk/src/lib/krb5/libkrb5.exports	2009-11-25 23:09:07 UTC (rev 23357)
@@ -323,7 +323,6 @@
 krb5_get_in_tkt_with_keytab
 krb5_get_in_tkt_with_password
 krb5_get_in_tkt_with_skey
-krb5_get_init_creds
 krb5_get_init_creds_keytab
 krb5_get_init_creds_opt_alloc
 krb5_get_init_creds_opt_free




More information about the cvs-krb5 mailing list