svn rev #25325: trunk/src/ include/ include/krb5/ lib/ lib/krb5/ lib/krb5/krb/
ghudson@MIT.EDU
ghudson at MIT.EDU
Wed Oct 12 12:34:07 EDT 2011
http://src.mit.edu/fisheye/changelog/krb5/?cs=25325
Commit By: ghudson
Log Message:
ticket: 6974
subject: Make krb5_pac_sign public
krb5int_pac_sign was created as a private API because it is only
needed by the KDC. But it is actually used by DAL or authdata plugin
modules, not the core KDC code. Since plugin modules should not need
to consume internal libkrb5 functions, rename krb5int_pac_sign to
krb5_pac_sign and make it public.
Changed Files:
U trunk/src/include/k5-int.h
U trunk/src/include/krb5/krb5.hin
U trunk/src/lib/krb5/krb/pac_sign.c
U trunk/src/lib/krb5/krb/t_pac.c
U trunk/src/lib/krb5/libkrb5.exports
U trunk/src/lib/krb5_32.def
Modified: trunk/src/include/k5-int.h
===================================================================
--- trunk/src/include/k5-int.h 2011-10-12 15:05:39 UTC (rev 25324)
+++ trunk/src/include/k5-int.h 2011-10-12 16:34:07 UTC (rev 25325)
@@ -2786,15 +2786,6 @@
}
krb5_error_code KRB5_CALLCONV
-krb5int_pac_sign(krb5_context context,
- krb5_pac pac,
- krb5_timestamp authtime,
- krb5_const_principal principal,
- const krb5_keyblock *server_key,
- const krb5_keyblock *privsvr_key,
- krb5_data *data);
-
-krb5_error_code KRB5_CALLCONV
krb5_get_credentials_for_user(krb5_context context, krb5_flags options,
krb5_ccache ccache,
krb5_creds *in_creds,
Modified: trunk/src/include/krb5/krb5.hin
===================================================================
--- trunk/src/include/krb5/krb5.hin 2011-10-12 15:05:39 UTC (rev 25324)
+++ trunk/src/include/krb5/krb5.hin 2011-10-12 16:34:07 UTC (rev 25325)
@@ -7495,6 +7495,27 @@
const krb5_keyblock *server, const krb5_keyblock *privsvr);
/**
+ * Sign a PAC.
+ *
+ * @param [in] context Library context
+ * @param [in] pac PAC handle
+ * @param [in] authtime Expected timestamp
+ * @param [in] principal Expected principal name (or NULL)
+ * @param [in] server Key for server checksum
+ * @param [in] privsvr Key for KDC checksum
+ * @param [out] data Signed PAC encoding
+ *
+ * This function signs @a pac using the keys @a server and @a privsvr and
+ * returns the signed encoding in @a data. @a pac is modified to include the
+ * server and KDC checksum buffers. Use krb5_free_data_contents() to free @a
+ * data when it is no longer needed.
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_pac_sign(krb5_context context, krb5_pac pac, krb5_timestamp authtime,
+ krb5_const_principal principal, const krb5_keyblock *server_key,
+ const krb5_keyblock *privsvr_key, krb5_data *data);
+
+/**
* Allow the appplication to override the profile's allow_weak_crypto setting.
*
* @param [in] context Library context
Modified: trunk/src/lib/krb5/krb/pac_sign.c
===================================================================
--- trunk/src/lib/krb5/krb/pac_sign.c 2011-10-12 15:05:39 UTC (rev 25324)
+++ trunk/src/lib/krb5/krb/pac_sign.c 2011-10-12 16:34:07 UTC (rev 25325)
@@ -180,13 +180,9 @@
}
krb5_error_code KRB5_CALLCONV
-krb5int_pac_sign(krb5_context context,
- krb5_pac pac,
- krb5_timestamp authtime,
- krb5_const_principal principal,
- const krb5_keyblock *server_key,
- const krb5_keyblock *privsvr_key,
- krb5_data *data)
+krb5_pac_sign(krb5_context context, krb5_pac pac, krb5_timestamp authtime,
+ krb5_const_principal principal, const krb5_keyblock *server_key,
+ const krb5_keyblock *privsvr_key, krb5_data *data)
{
krb5_error_code ret;
krb5_data server_cksum, privsvr_cksum;
Modified: trunk/src/lib/krb5/krb/t_pac.c
===================================================================
--- trunk/src/lib/krb5/krb/t_pac.c 2011-10-12 15:05:39 UTC (rev 25324)
+++ trunk/src/lib/krb5/krb/t_pac.c 2011-10-12 16:34:07 UTC (rev 25325)
@@ -149,10 +149,10 @@
if (ret)
err(context, ret, "krb5_pac_verify");
- ret = krb5int_pac_sign(context, pac, authtime, p,
- &member_keyblock, &kdc_keyblock, &data);
+ ret = krb5_pac_sign(context, pac, authtime, p,
+ &member_keyblock, &kdc_keyblock, &data);
if (ret)
- err(context, ret, "krb5int_pac_sign");
+ err(context, ret, "krb5_pac_sign");
krb5_pac_free(context, pac);
@@ -204,10 +204,10 @@
}
free(list);
- ret = krb5int_pac_sign(context, pac2, authtime, p,
- &member_keyblock, &kdc_keyblock, &data);
+ ret = krb5_pac_sign(context, pac2, authtime, p,
+ &member_keyblock, &kdc_keyblock, &data);
if (ret)
- err(context, ret, "krb5int_pac_sign 4");
+ err(context, ret, "krb5_pac_sign 4");
krb5_pac_free(context, pac2);
@@ -283,10 +283,10 @@
krb5_free_data_contents(context, &data);
}
- ret = krb5int_pac_sign(context, pac, authtime, p,
- &member_keyblock, &kdc_keyblock, &data);
+ ret = krb5_pac_sign(context, pac, authtime, p,
+ &member_keyblock, &kdc_keyblock, &data);
if (ret)
- err(context, ret, "krb5int_pac_sign");
+ err(context, ret, "krb5_pac_sign");
krb5_pac_free(context, pac);
Modified: trunk/src/lib/krb5/libkrb5.exports
===================================================================
--- trunk/src/lib/krb5/libkrb5.exports 2011-10-12 15:05:39 UTC (rev 25324)
+++ trunk/src/lib/krb5/libkrb5.exports 2011-10-12 16:34:07 UTC (rev 25325)
@@ -465,6 +465,7 @@
krb5_pac_get_types
krb5_pac_init
krb5_pac_parse
+krb5_pac_sign
krb5_pac_verify
krb5_parse_name
krb5_parse_name_flags
@@ -617,7 +618,6 @@
krb5int_init_context_kdc
krb5int_init_trace
krb5int_initialize_library
-krb5int_pac_sign
krb5int_sendtokdc_debug_handler
krb5int_trace
profile_abandon
Modified: trunk/src/lib/krb5_32.def
===================================================================
--- trunk/src/lib/krb5_32.def 2011-10-12 15:05:39 UTC (rev 25324)
+++ trunk/src/lib/krb5_32.def 2011-10-12 16:34:07 UTC (rev 25325)
@@ -418,3 +418,4 @@
krb5_cc_switch @392
krb5_free_string @393
krb5_cc_select @394
+ krb5_pac_sign @395
More information about the cvs-krb5
mailing list