Merge branch 'master' into lukeh/moonshot
This commit is contained in:
Luke Howard
@@ -44,6 +44,7 @@ struct addr_operations {
|
||||
void (*h_addr2sockaddr)(const char *, struct sockaddr *, krb5_socklen_t *, int);
|
||||
krb5_error_code (*h_addr2addr)(const char *, krb5_address *);
|
||||
krb5_boolean (*uninteresting)(const struct sockaddr *);
|
||||
krb5_boolean (*is_loopback)(const struct sockaddr *);
|
||||
void (*anyaddr)(struct sockaddr *, krb5_socklen_t *, int);
|
||||
int (*print_addr)(const krb5_address *, char *, size_t);
|
||||
int (*parse_addr)(krb5_context, const char*, krb5_address *);
|
||||
@@ -136,6 +137,17 @@ ipv4_uninteresting (const struct sockaddr *sa)
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
static krb5_boolean
|
||||
ipv4_is_loopback (const struct sockaddr *sa)
|
||||
{
|
||||
const struct sockaddr_in *sin4 = (const struct sockaddr_in *)sa;
|
||||
|
||||
if ((ntohl(sin4->sin_addr.s_addr) >> 24) == IN_LOOPBACKNET)
|
||||
return TRUE;
|
||||
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
static void
|
||||
ipv4_anyaddr (struct sockaddr *sa, krb5_socklen_t *sa_size, int port)
|
||||
{
|
||||
@@ -310,11 +322,19 @@ ipv6_uninteresting (const struct sockaddr *sa)
|
||||
const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *)sa;
|
||||
const struct in6_addr *in6 = (const struct in6_addr *)&sin6->sin6_addr;
|
||||
|
||||
return
|
||||
IN6_IS_ADDR_LINKLOCAL(in6)
|
||||
return IN6_IS_ADDR_LINKLOCAL(in6)
|
||||
|| IN6_IS_ADDR_V4COMPAT(in6);
|
||||
}
|
||||
|
||||
static krb5_boolean
|
||||
ipv6_is_loopback (const struct sockaddr *sa)
|
||||
{
|
||||
const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *)sa;
|
||||
const struct in6_addr *in6 = (const struct in6_addr *)&sin6->sin6_addr;
|
||||
|
||||
return (IN6_IS_ADDR_LOOPBACK(in6));
|
||||
}
|
||||
|
||||
static void
|
||||
ipv6_anyaddr (struct sockaddr *sa, krb5_socklen_t *sa_size, int port)
|
||||
{
|
||||
@@ -713,8 +733,8 @@ static struct addr_operations at[] = {
|
||||
ipv4_addr2sockaddr,
|
||||
ipv4_h_addr2sockaddr,
|
||||
ipv4_h_addr2addr,
|
||||
ipv4_uninteresting, ipv4_anyaddr, ipv4_print_addr, ipv4_parse_addr,
|
||||
NULL, NULL, NULL, ipv4_mask_boundary },
|
||||
ipv4_uninteresting, ipv4_is_loopback, ipv4_anyaddr, ipv4_print_addr,
|
||||
ipv4_parse_addr, NULL, NULL, NULL, ipv4_mask_boundary },
|
||||
#ifdef HAVE_IPV6
|
||||
{AF_INET6, KRB5_ADDRESS_INET6, sizeof(struct sockaddr_in6),
|
||||
ipv6_sockaddr2addr,
|
||||
@@ -722,18 +742,18 @@ static struct addr_operations at[] = {
|
||||
ipv6_addr2sockaddr,
|
||||
ipv6_h_addr2sockaddr,
|
||||
ipv6_h_addr2addr,
|
||||
ipv6_uninteresting, ipv6_anyaddr, ipv6_print_addr, ipv6_parse_addr,
|
||||
NULL, NULL, NULL, ipv6_mask_boundary } ,
|
||||
ipv6_uninteresting, ipv6_is_loopback, ipv6_anyaddr, ipv6_print_addr,
|
||||
ipv6_parse_addr, NULL, NULL, NULL, ipv6_mask_boundary } ,
|
||||
#endif
|
||||
#ifndef HEIMDAL_SMALLER
|
||||
/* fake address type */
|
||||
{KRB5_ADDRESS_ARANGE, KRB5_ADDRESS_ARANGE, sizeof(struct arange),
|
||||
NULL, NULL, NULL, NULL, NULL, NULL, NULL,
|
||||
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
|
||||
arange_print_addr, arange_parse_addr,
|
||||
arange_order_addr, arange_free, arange_copy },
|
||||
#endif
|
||||
{KRB5_ADDRESS_ADDRPORT, KRB5_ADDRESS_ADDRPORT, 0,
|
||||
NULL, NULL, NULL, NULL, NULL,
|
||||
NULL, NULL, NULL, NULL, NULL, NULL,
|
||||
NULL, NULL, addrport_print_addr, NULL, NULL, NULL, NULL }
|
||||
};
|
||||
|
||||
@@ -912,6 +932,15 @@ krb5_sockaddr_uninteresting(const struct sockaddr *sa)
|
||||
return (*a->uninteresting)(sa);
|
||||
}
|
||||
|
||||
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
|
||||
krb5_sockaddr_is_loopback(const struct sockaddr *sa)
|
||||
{
|
||||
struct addr_operations *a = find_af(sa->sa_family);
|
||||
if (a == NULL || a->is_loopback == NULL)
|
||||
return TRUE;
|
||||
return (*a->is_loopback)(sa);
|
||||
}
|
||||
|
||||
/**
|
||||
* krb5_h_addr2sockaddr initializes a "struct sockaddr sa" from af and
|
||||
* the "struct hostent" (see gethostbyname(3) ) h_addr_list
|
||||
|
||||
@@ -82,8 +82,8 @@ gethostname_fallback (krb5_context context, krb5_addresses *res)
|
||||
}
|
||||
|
||||
enum {
|
||||
LOOP = 1, /* do include loopback interfaces */
|
||||
LOOP_IF_NONE = 2, /* include loopback if no other if's */
|
||||
LOOP = 1, /* do include loopback addrs */
|
||||
LOOP_IF_NONE = 2, /* include loopback addrs if no others */
|
||||
EXTRA_ADDRESSES = 4, /* include extra addresses */
|
||||
SCAN_INTERFACES = 8 /* scan interfaces for addresses */
|
||||
};
|
||||
@@ -146,11 +146,9 @@ find_all_addresses (krb5_context context, krb5_addresses *res, int flags)
|
||||
continue;
|
||||
if (krb5_sockaddr_uninteresting(ifa->ifa_addr))
|
||||
continue;
|
||||
if ((ifa->ifa_flags & IFF_LOOPBACK) != 0) {
|
||||
if (krb5_sockaddr_is_loopback(ifa->ifa_addr) && (flags & LOOP) == 0)
|
||||
/* We'll deal with the LOOP_IF_NONE case later. */
|
||||
if ((flags & LOOP) == 0)
|
||||
continue;
|
||||
}
|
||||
continue;
|
||||
|
||||
ret = krb5_sockaddr2address(context, ifa->ifa_addr, &res->val[idx]);
|
||||
if (ret) {
|
||||
@@ -189,24 +187,22 @@ find_all_addresses (krb5_context context, krb5_addresses *res, int flags)
|
||||
continue;
|
||||
if (krb5_sockaddr_uninteresting(ifa->ifa_addr))
|
||||
continue;
|
||||
|
||||
if ((ifa->ifa_flags & IFF_LOOPBACK) != 0) {
|
||||
ret = krb5_sockaddr2address(context,
|
||||
ifa->ifa_addr, &res->val[idx]);
|
||||
if (ret) {
|
||||
/*
|
||||
* See comment above.
|
||||
*/
|
||||
continue;
|
||||
}
|
||||
if((flags & EXTRA_ADDRESSES) &&
|
||||
krb5_address_search(context, &res->val[idx],
|
||||
&ignore_addresses)) {
|
||||
krb5_free_address(context, &res->val[idx]);
|
||||
continue;
|
||||
}
|
||||
idx++;
|
||||
if (!krb5_sockaddr_is_loopback(ifa->ifa_addr))
|
||||
continue;
|
||||
if ((ifa->ifa_flags & IFF_LOOPBACK) == 0)
|
||||
/* Presumably loopback addrs are only used on loopback ifs! */
|
||||
continue;
|
||||
ret = krb5_sockaddr2address(context,
|
||||
ifa->ifa_addr, &res->val[idx]);
|
||||
if (ret)
|
||||
continue; /* We don't consider this failure fatal */
|
||||
if((flags & EXTRA_ADDRESSES) &&
|
||||
krb5_address_search(context, &res->val[idx],
|
||||
&ignore_addresses)) {
|
||||
krb5_free_address(context, &res->val[idx]);
|
||||
continue;
|
||||
}
|
||||
idx++;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -19,6 +19,7 @@ error_code BAD_MKEY, "Failed to get the master key"
|
||||
error_code SERVICE_NOMATCH, "Unacceptable service used"
|
||||
error_code NOT_SEEKABLE, "File descriptor not seekable"
|
||||
error_code TOO_BIG, "Offset too large"
|
||||
error_code BAD_HDBENT_ENCODING, "Invalid HDB entry encoding"
|
||||
|
||||
index 64
|
||||
prefix HEIM_PKINIT
|
||||
|
||||
@@ -166,29 +166,27 @@ krb5_kt_register(krb5_context context,
|
||||
}
|
||||
|
||||
static const char *
|
||||
keytab_name(const char * name, const char ** ptype, size_t * ptype_len)
|
||||
keytab_name(const char *name, const char **type, size_t *type_len)
|
||||
{
|
||||
const char * residual;
|
||||
const char *residual;
|
||||
|
||||
residual = strchr(name, ':');
|
||||
|
||||
if (residual == NULL
|
||||
|
||||
if (residual == NULL ||
|
||||
name[0] == '/'
|
||||
#ifdef _WIN32
|
||||
|
||||
/* Avoid treating <drive>:<path> as a keytab type
|
||||
* specification */
|
||||
|
||||
|| name + 1 == residual
|
||||
#endif
|
||||
) {
|
||||
|
||||
*ptype = "FILE";
|
||||
*ptype_len = strlen(*ptype);
|
||||
*type = "FILE";
|
||||
*type_len = strlen(*type);
|
||||
residual = name;
|
||||
} else {
|
||||
*ptype = name;
|
||||
*ptype_len = residual - name;
|
||||
*type = name;
|
||||
*type_len = residual - name;
|
||||
residual++;
|
||||
}
|
||||
|
||||
@@ -850,3 +848,46 @@ krb5_kt_remove_entry(krb5_context context,
|
||||
}
|
||||
return (*id->remove)(context, id, entry);
|
||||
}
|
||||
|
||||
/**
|
||||
* Return true if the keytab exists and have entries
|
||||
*
|
||||
* @param context a Keberos context.
|
||||
* @param id a keytab.
|
||||
*
|
||||
* @return Return an error code or 0, see krb5_get_error_message().
|
||||
*
|
||||
* @ingroup krb5_keytab
|
||||
*/
|
||||
|
||||
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
|
||||
krb5_kt_have_content(krb5_context context,
|
||||
krb5_keytab id)
|
||||
{
|
||||
krb5_keytab_entry entry;
|
||||
krb5_kt_cursor cursor;
|
||||
krb5_error_code ret;
|
||||
char *name;
|
||||
|
||||
ret = krb5_kt_start_seq_get(context, id, &cursor);
|
||||
if (ret)
|
||||
goto notfound;
|
||||
|
||||
ret = krb5_kt_next_entry(context, id, &entry, &cursor);
|
||||
krb5_kt_end_seq_get(context, id, &cursor);
|
||||
if (ret)
|
||||
goto notfound;
|
||||
|
||||
krb5_kt_free_entry(context, &entry);
|
||||
|
||||
return 0;
|
||||
|
||||
notfound:
|
||||
ret = krb5_kt_get_full_name(context, id, &name);
|
||||
if (ret == 0) {
|
||||
krb5_set_error_message(context, KRB5_KT_NOTFOUND,
|
||||
N_("No entry in keytab: %s", ""), name);
|
||||
free(name);
|
||||
}
|
||||
return KRB5_KT_NOTFOUND;
|
||||
}
|
||||
|
||||
@@ -224,7 +224,8 @@ check_escaped_strings(void)
|
||||
}
|
||||
|
||||
if (*s || *e)
|
||||
errx(1, "Configuation string list for value [%s] has incorrect length.\n");
|
||||
errx(1, "Configuation string list for value [%s] has incorrect length.",
|
||||
config_strings_tests[i].name);
|
||||
|
||||
krb5_config_free_strings(ps);
|
||||
}
|
||||
|
||||
@@ -54,6 +54,10 @@ test_empty_keytab(krb5_context context, const char *keytab)
|
||||
|
||||
krb5_kt_remove_entry(context, id, &entry);
|
||||
|
||||
ret = krb5_kt_have_content(context, id);
|
||||
if (ret == 0)
|
||||
krb5_errx(context, 1, "supposed to be empty keytab isn't");
|
||||
|
||||
ret = krb5_kt_close(context, id);
|
||||
if (ret)
|
||||
krb5_err(context, 1, ret, "krb5_kt_close");
|
||||
|
||||
@@ -421,6 +421,7 @@ HEIMDAL_KRB5_2.0 {
|
||||
krb5_kt_get_full_name;
|
||||
krb5_kt_get_name;
|
||||
krb5_kt_get_type;
|
||||
krb5_kt_have_content;
|
||||
krb5_kt_next_entry;
|
||||
krb5_kt_read_service_key;
|
||||
krb5_kt_register;
|
||||
|
||||
Reference in New Issue
Block a user