krb5 commit: Remove unused leashdll functions
Benjamin Kaduk
kaduk at MIT.EDU
Wed Aug 29 12:50:46 EDT 2012
https://github.com/krb5/krb5/commit/4b7fb670f3bad1c4f2251f5d1b7c7047ea6dd744
commit 4b7fb670f3bad1c4f2251f5d1b7c7047ea6dd744
Author: Kevin Wasserman <kevin.wasserman at painless-security.com>
Date: Tue Jul 17 15:49:06 2012 -0400
Remove unused leashdll functions
-not_an_API_LeashKRB5GetTickets
-not_an_API_LeashKRB5FreeTickets
and supporting routines. Also remove the unused support routine one_addr.
Signed-off-by: Kevin Wasserman <kevin.wasserman at painless-security.com>
[kaduk at mit.edu: adjust commit message]
ticket: 7305 (new)
queue: kfw
target_version: 1.10.4
tags: pullup
src/windows/leashdll/krb5routines.c | 431 -----------------------------------
src/windows/leashdll/leashw32.def | 2 -
2 files changed, 0 insertions(+), 433 deletions(-)
diff --git a/src/windows/leashdll/krb5routines.c b/src/windows/leashdll/krb5routines.c
index 8de3179..3911720 100644
--- a/src/windows/leashdll/krb5routines.c
+++ b/src/windows/leashdll/krb5routines.c
@@ -206,437 +206,6 @@ Leash_convert524(
#endif /* NO_KRB5 */
}
-#ifndef ENCTYPE_LOCAL_RC4_MD4
-#define ENCTYPE_LOCAL_RC4_MD4 0xFFFFFF80
-#endif
-
-static char *
-etype_string(krb5_enctype enctype)
-{
- static char buf[12];
-
- switch (enctype) {
- case ENCTYPE_NULL:
- return "NULL";
- case ENCTYPE_DES_CBC_CRC:
- return "DES-CBC-CRC";
- case ENCTYPE_DES_CBC_MD4:
- return "DES-CBC-MD4";
- case ENCTYPE_DES_CBC_MD5:
- return "DES-CBC-MD5";
- case ENCTYPE_DES_CBC_RAW:
- return "DES-CBC-RAW";
- case ENCTYPE_DES3_CBC_SHA:
- return "DES3-CBC-SHA";
- case ENCTYPE_DES3_CBC_RAW:
- return "DES3-CBC-RAW";
- case ENCTYPE_DES_HMAC_SHA1:
- return "DES-HMAC-SHA1";
- case ENCTYPE_DES3_CBC_SHA1:
- return "DES3-CBC-SHA1";
- case ENCTYPE_AES128_CTS_HMAC_SHA1_96:
- return "AES128_CTS-HMAC-SHA1_96";
- case ENCTYPE_AES256_CTS_HMAC_SHA1_96:
- return "AES256_CTS-HMAC-SHA1_96";
- case ENCTYPE_ARCFOUR_HMAC:
- return "RC4-HMAC-NT";
- case ENCTYPE_ARCFOUR_HMAC_EXP:
- return "RC4-HMAC-NT-EXP";
- case ENCTYPE_UNKNOWN:
- return "UNKNOWN";
-#ifdef ENCTYPE_LOCAL_DES3_HMAC_SHA1
- case ENCTYPE_LOCAL_DES3_HMAC_SHA1:
- return "LOCAL-DES3-HMAC-SHA1";
-#endif
-#ifdef ENCTYPE_LOCAL_RC4_MD4
- case ENCTYPE_LOCAL_RC4_MD4:
- return "LOCAL-RC4-MD4";
-#endif
- default:
- wsprintf(buf, "#%d", enctype);
- return buf;
- }
-}
-
-char *
-one_addr(krb5_address *a)
-{
- static char retstr[256];
- struct hostent *h;
- int no_resolve = 1;
-
- retstr[0] = '\0';
-
- if ((a->addrtype == ADDRTYPE_INET && a->length == 4)
-#ifdef AF_INET6
- || (a->addrtype == ADDRTYPE_INET6 && a->length == 16)
-#endif
- ) {
- int af = AF_INET;
-#ifdef AF_INET6
- if (a->addrtype == ADDRTYPE_INET6)
- af = AF_INET6;
-#endif
- if (!no_resolve) {
-#ifdef HAVE_GETIPNODEBYADDR
- int err;
- h = getipnodebyaddr(a->contents, a->length, af, &err);
- if (h) {
- wsprintf(retstr, "%s", h->h_name);
- freehostent(h);
- }
-#else
- h = gethostbyaddr(a->contents, a->length, af);
- if (h) {
- wsprintf(retstr,"%s", h->h_name);
- }
-#endif
- if (h)
- return(retstr);
- }
- if (no_resolve || !h) {
-#ifdef HAVE_INET_NTOP
- char buf[46];
- const char *name = inet_ntop(a->addrtype, a->contents, buf, sizeof(buf));
- if (name) {
- wsprintf(retstr,"%s", name);
- return;
- }
-#else
- if (a->addrtype == ADDRTYPE_INET) {
- wsprintf(retstr,"%d.%d.%d.%d", a->contents[0], a->contents[1],
- a->contents[2], a->contents[3]);
- return(retstr);
- }
-#endif
- }
- }
- wsprintf(retstr,"unknown addr type %d", a->addrtype);
- return(retstr);
-}
-
-static void
-CredToTicketInfo(krb5_creds KRBv5Credentials, TICKETINFO *ticketinfo)
-{
- ticketinfo->issued = KRBv5Credentials.times.starttime;
- ticketinfo->valid_until = KRBv5Credentials.times.endtime;
- ticketinfo->renew_until =
- KRBv5Credentials.ticket_flags & TKT_FLG_RENEWABLE ?
- KRBv5Credentials.times.renew_till : 0;
- _tzset();
- if (ticketinfo->valid_until - time(0) <= 0L)
- ticketinfo->btickets = EXPD_TICKETS;
- else
- ticketinfo->btickets = GOOD_TICKETS;
-}
-
-static int
-CredToTicketList(krb5_context ctx, krb5_creds KRBv5Credentials,
- char *PrincipalName, TicketList ***ticketListTail)
-{
- krb5_error_code code = 0;
- krb5_ticket *tkt=NULL;
- char *sServerName = NULL;
- char Buffer[256];
- char *ticketFlag;
- char *functionName = NULL;
- TicketList *list = NULL;
-
- functionName = "krb5_unparse_name()";
- code = (*pkrb5_unparse_name)(ctx, KRBv5Credentials.server, &sServerName);
- if (code)
- goto cleanup;
-
- if (!KRBv5Credentials.times.starttime)
- KRBv5Credentials.times.starttime = KRBv5Credentials.times.authtime;
-
- memset(Buffer, '\0', sizeof(Buffer));
-
- ticketFlag = GetTicketFlag(&KRBv5Credentials);
-
- // @fixme: calloc for ptr init
- list = calloc(1, sizeof(TicketList));
- if (list == NULL) {
- code = ENOMEM;
- functionName = "calloc()";
- goto cleanup;
- }
- list->service = strdup(sServerName);
- if (!list->service) {
- code = ENOMEM;
- functionName = "calloc()";
- goto cleanup;
- }
- list->issued = KRBv5Credentials.times.starttime;
- list->valid_until = KRBv5Credentials.times.endtime;
- if (KRBv5Credentials.ticket_flags & TKT_FLG_RENEWABLE)
- list->renew_until = KRBv5Credentials.times.renew_till;
- else
- list->renew_until = 0;
-
- if (!pkrb5_decode_ticket(&KRBv5Credentials.ticket, &tkt)) {
- wsprintf(Buffer, "Session Key: %s Ticket: %s",
- etype_string(KRBv5Credentials.keyblock.enctype),
- etype_string(tkt->enc_part.enctype));
- pkrb5_free_ticket(ctx, tkt);
- tkt = NULL;
- } else {
- wsprintf(Buffer, "Session Key: %s",
- etype_string(KRBv5Credentials.keyblock.enctype));
- }
-
- list->encTypes = calloc(1, strlen(Buffer)+1);
- if (list->encTypes == NULL) {
- functionName = "calloc()";
- code = ENOMEM;
- goto cleanup;
- }
- strcpy(list->encTypes, Buffer);
-
-cleanup:
- if (code) {
- Leash_krb5_error(code, functionName, 0, &ctx, NULL);
- if (list != NULL) {
- not_an_API_LeashFreeTicketList(&list);
- }
- } else {
- **ticketListTail = list;
- *ticketListTail = &list->next;
- }
-
- if (sServerName != NULL)
- (*pkrb5_free_unparsed_name)(ctx, sServerName);
-
- return code;
-}
-
-int
-do_ccache(krb5_context ctx,
- krb5_ccache cache,
- TICKETINFO ***ticketInfoTail)
-{
- krb5_cc_cursor cur;
- krb5_creds creds;
- krb5_principal princ = NULL;
- krb5_flags flags;
- krb5_error_code code;
- char *defname = NULL;
- char *functionName = NULL;
- TicketList **ticketListTail;
- TICKETINFO *ticketinfo;
-
- flags = 0; /* turns off OPENCLOSE mode */
- code = pkrb5_cc_set_flags(ctx, cache, flags);
- if (code) {
- functionName = "krb5_cc_set_flags";
- goto cleanup;
- }
- code = pkrb5_cc_get_principal(ctx, cache, &princ);
- if (code) {
- functionName = "krb5_cc_get_principal";
- goto cleanup;
- }
- code = pkrb5_unparse_name(ctx, princ, &defname);
- if (code) {
- functionName = "krb5_unparse_name";
- goto cleanup;
- }
- code = pkrb5_cc_start_seq_get(ctx, cache, &cur);
- if (code) {
- functionName = "krb5_cc_start_seq_get";
- goto cleanup;
- }
-
- ticketinfo = calloc(1, sizeof(TICKETINFO));
- if (ticketinfo == NULL) {
- functionName = "calloc";
- code = ENOMEM;
- goto cleanup;
- }
- ticketinfo->next = NULL;
- ticketinfo->ticket_list = NULL;
- ticketinfo->principal = strdup(defname);
- if (ticketinfo->principal == NULL) {
- functionName = "strdup";
- code = ENOMEM;
- goto cleanup;
- }
- ticketinfo->ccache_name = strdup(pkrb5_cc_get_name(ctx, cache));
- if (ticketinfo->ccache_name == NULL) {
- functionName = "strdup";
- code = ENOMEM;
- goto cleanup;
- }
- **ticketInfoTail = ticketinfo;
- *ticketInfoTail = &ticketinfo->next;
- ticketListTail = &ticketinfo->ticket_list;
- while (!(code = pkrb5_cc_next_cred(ctx, cache, &cur, &creds))) {
- if (pkrb5_is_config_principal(ctx, creds.server))
- continue;
- CredToTicketList(ctx, creds, defname, &ticketListTail);
- CredToTicketInfo(creds, ticketinfo);
- pkrb5_free_cred_contents(ctx, &creds);
- }
- if (code == KRB5_CC_END) {
- code = pkrb5_cc_end_seq_get(ctx, cache, &cur);
- if (code) {
- functionName = "krb5_cc_end_seq_get";
- goto cleanup;
- }
- flags = KRB5_TC_OPENCLOSE; /* turns on OPENCLOSE mode */
- code = pkrb5_cc_set_flags(ctx, cache, flags);
- if (code) {
- functionName = "krb5_cc_set_flags";
- goto cleanup;
- }
- } else {
- functionName = "krb5_cc_next_cred";
- goto cleanup;
- }
-cleanup:
- if (code) {
- Leash_krb5_error(code, functionName, 0, NULL, NULL);
- }
- if (princ)
- pkrb5_free_principal(ctx, princ);
- if (defname)
- pkrb5_free_unparsed_name(ctx, defname);
- return code ? 1 : 0;
-}
-
-
-//
-// Returns 0 for success, 1 for failure
-//
-int
-do_all_ccaches(krb5_context ctx, TICKETINFO **ticketinfotail)
-{
- krb5_error_code code;
- krb5_ccache cache;
- krb5_cccol_cursor cursor;
- int retval = 0;
- char *functionName = NULL;
-
- code = pkrb5_cccol_cursor_new(ctx, &cursor);
- if (code) {
- functionName = "krb5_cccol_cursor_new";
- goto cleanup;
- }
- retval = 0;
- while (!(code = pkrb5_cccol_cursor_next(ctx, cursor, &cache)) &&
- cache != NULL) {
- // Note that ticketList will be updated here to point to the tail
- // of the list but the caller of this function will remain with a
- // pointer to the head.
- do_ccache(ctx, cache, &ticketinfotail);
- pkrb5_cc_close(ctx, cache);
- }
- if (code)
- functionName = "krb5_cccol_cursor_next";
- pkrb5_cccol_cursor_free(ctx, &cursor);
-cleanup:
- if (code) {
- Leash_krb5_error(code, functionName, 0, NULL, NULL);
- }
- return retval;
-}
-
-static void FreeTicketInfo(TICKETINFO *ticketinfo)
-{
- if (ticketinfo->principal) {
- free(ticketinfo->principal);
- ticketinfo->principal = NULL;
- }
- if (ticketinfo->ccache_name) {
- free(ticketinfo->ccache_name);
- ticketinfo->ccache_name = NULL;
- }
- if (ticketinfo->ticket_list)
- not_an_API_LeashFreeTicketList(&ticketinfo->ticket_list);
-}
-
-long
-not_an_API_LeashKRB5FreeTickets(TICKETINFO *ticketinfo)
-{
- TICKETINFO *initial = ticketinfo; // @TEMP fixme
- TICKETINFO *next;
- while (ticketinfo != NULL) {
- next = ticketinfo->next;
- FreeTicketInfo(ticketinfo);
- // @TEMP fixme
- if (ticketinfo != initial) {
- free(ticketinfo);
- }
- ticketinfo = next;
- }
- return 0;
-}
-
-
-/*
- * LeashKRB5GetTickets() treats krbv5Context as an in/out variable.
- * If the caller does not provide a krb5_context, one will be allocated.
- * It is up to the caller to ensure that the context is eventually freed.
- * A context can be returned even if the function returns an error.
- */
-
-long
-not_an_API_LeashKRB5GetTickets(TICKETINFO *ticketinfo,
- krb5_context *krbv5Context)
-{
- krb5_error_code code;
- krb5_principal me = 0;
- krb5_context ctx = 0;
- krb5_ccache cache = 0;
- char *PrincipalName = NULL;
-
- code = Leash_krb5_initialize(krbv5Context);
- if (code)
- return code;
-
- ctx = *krbv5Context;
-
- // @TEMP fixme; shouldn't be necessary
- // save default principal name in ticketinfo
- if (ticketinfo != NULL) {
- ticketinfo->btickets = NO_TICKETS;
- ticketinfo->principal = NULL;
- ticketinfo->ccache_name = NULL;
- ticketinfo->next = NULL;
- ticketinfo->ticket_list = NULL;
-
- code = pkrb5_cc_default(ctx, &cache);
- if (code)
- goto cleanup;
- ticketinfo->ccache_name = strdup(pkrb5_cc_get_name(ctx, cache));
- if (ticketinfo->ccache_name == NULL) {
- code = ENOMEM;
- goto cleanup;
- }
- if (!pkrb5_cc_get_principal(ctx, cache, &me)) {
- code = (*pkrb5_unparse_name)(ctx, me, &PrincipalName);
- if (code)
- goto cleanup;
- if (PrincipalName) {
- ticketinfo->principal = strdup(PrincipalName);
- pkrb5_free_unparsed_name(ctx, PrincipalName);
- }
- }
- }
-
- do_all_ccaches(*krbv5Context, &ticketinfo->next);
- // @TEMP aggregate ticket info here?
-
-cleanup:
- if (code)
- not_an_API_LeashKRB5FreeTickets(ticketinfo);
- if (cache)
- pkrb5_cc_close(ctx, cache);
- if (me)
- pkrb5_free_principal(ctx, me);
- return code;
-}
-
int
LeashKRB5_renew(void)
diff --git a/src/windows/leashdll/leashw32.def b/src/windows/leashdll/leashw32.def
index 7537174..a453924 100644
--- a/src/windows/leashdll/leashw32.def
+++ b/src/windows/leashdll/leashw32.def
@@ -101,9 +101,7 @@ EXPORTS
; XXX - These have to go...
not_an_API_LeashAFSGetToken
- not_an_API_LeashKRB5GetTickets
not_an_API_LeashFreeTicketList
not_an_API_LeashKRB4GetTickets
not_an_API_LeashGetTimeServerName
not_an_API_Leash_AcquireInitialTicketsIfNeeded
- not_an_API_LeashKRB5FreeTickets
\ No newline at end of file
More information about the cvs-krb5
mailing list