Don't pollute namespace, generate public headerfile
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15532 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
39
kdc/524.c
39
kdc/524.c
@@ -44,7 +44,7 @@ RCSID("$Id$");
|
||||
|
||||
static krb5_error_code
|
||||
fetch_server (krb5_context context,
|
||||
struct krb5_kdc_configuration *config,
|
||||
krb5_kdc_configuration *config,
|
||||
const Ticket *t,
|
||||
char **spn,
|
||||
hdb_entry **server,
|
||||
@@ -66,7 +66,7 @@ fetch_server (krb5_context context,
|
||||
krb5_get_err_text(context, ret));
|
||||
return ret;
|
||||
}
|
||||
ret = db_fetch(context, config, sprinc, server);
|
||||
ret = _kdc_db_fetch(context, config, sprinc, server);
|
||||
krb5_free_principal(context, sprinc);
|
||||
if (ret) {
|
||||
kdc_log(context, config, 0,
|
||||
@@ -81,7 +81,7 @@ fetch_server (krb5_context context,
|
||||
|
||||
static krb5_error_code
|
||||
log_524 (krb5_context context,
|
||||
struct krb5_kdc_configuration *config,
|
||||
krb5_kdc_configuration *config,
|
||||
const EncTicketPart *et,
|
||||
const char *from,
|
||||
const char *spn)
|
||||
@@ -111,7 +111,7 @@ log_524 (krb5_context context,
|
||||
|
||||
static krb5_error_code
|
||||
verify_flags (krb5_context context,
|
||||
struct krb5_kdc_configuration *config,
|
||||
krb5_kdc_configuration *config,
|
||||
const EncTicketPart *et,
|
||||
const char *spn)
|
||||
{
|
||||
@@ -133,7 +133,7 @@ verify_flags (krb5_context context,
|
||||
|
||||
static krb5_error_code
|
||||
set_address (krb5_context context,
|
||||
struct krb5_kdc_configuration *config,
|
||||
krb5_kdc_configuration *config,
|
||||
EncTicketPart *et,
|
||||
struct sockaddr *addr,
|
||||
const char *from)
|
||||
@@ -185,7 +185,7 @@ set_address (krb5_context context,
|
||||
|
||||
static krb5_error_code
|
||||
encrypt_v4_ticket(krb5_context context,
|
||||
struct krb5_kdc_configuration *config,
|
||||
krb5_kdc_configuration *config,
|
||||
void *buf,
|
||||
size_t len,
|
||||
krb5_keyblock *skey,
|
||||
@@ -219,9 +219,10 @@ encrypt_v4_ticket(krb5_context context,
|
||||
|
||||
static krb5_error_code
|
||||
encode_524_response(krb5_context context,
|
||||
struct krb5_kdc_configuration *config,
|
||||
const char *spn, const EncTicketPart et, const Ticket *t,
|
||||
hdb_entry *server, EncryptedData *ticket, int *kvno)
|
||||
krb5_kdc_configuration *config,
|
||||
const char *spn, const EncTicketPart et,
|
||||
const Ticket *t, hdb_entry *server,
|
||||
EncryptedData *ticket, int *kvno)
|
||||
{
|
||||
krb5_error_code ret;
|
||||
int use_2b;
|
||||
@@ -252,15 +253,15 @@ encode_524_response(krb5_context context,
|
||||
return KRB5KDC_ERR_POLICY;
|
||||
}
|
||||
|
||||
ret = encode_v4_ticket(context, config,
|
||||
buf + sizeof(buf) - 1, sizeof(buf),
|
||||
&et, &t->sname, &len);
|
||||
ret = _kdc_encode_v4_ticket(context, config,
|
||||
buf + sizeof(buf) - 1, sizeof(buf),
|
||||
&et, &t->sname, &len);
|
||||
if(ret){
|
||||
kdc_log(context, config, 0,
|
||||
"Failed to encode v4 ticket (%s)", spn);
|
||||
return ret;
|
||||
}
|
||||
ret = get_des_key(context, server, TRUE, FALSE, &skey);
|
||||
ret = _kdc_get_des_key(context, server, TRUE, FALSE, &skey);
|
||||
if(ret){
|
||||
kdc_log(context, config, 0,
|
||||
"no suitable DES key for server (%s)", spn);
|
||||
@@ -285,10 +286,10 @@ encode_524_response(krb5_context context,
|
||||
*/
|
||||
|
||||
krb5_error_code
|
||||
do_524(krb5_context context,
|
||||
struct krb5_kdc_configuration *config,
|
||||
const Ticket *t, krb5_data *reply,
|
||||
const char *from, struct sockaddr *addr)
|
||||
_kdc_do_524(krb5_context context,
|
||||
krb5_kdc_configuration *config,
|
||||
const Ticket *t, krb5_data *reply,
|
||||
const char *from, struct sockaddr *addr)
|
||||
{
|
||||
krb5_error_code ret = 0;
|
||||
krb5_crypto crypto;
|
||||
@@ -369,7 +370,7 @@ do_524(krb5_context context,
|
||||
server, &ticket, &kvno);
|
||||
free_EncTicketPart(&et);
|
||||
|
||||
out:
|
||||
out:
|
||||
/* make reply */
|
||||
memset(buf, 0, sizeof(buf));
|
||||
sp = krb5_storage_from_mem(buf, sizeof(buf));
|
||||
@@ -389,6 +390,6 @@ out:
|
||||
if(spn)
|
||||
free(spn);
|
||||
if(server)
|
||||
free_ent (context, server);
|
||||
_kdc_free_ent (context, server);
|
||||
return ret;
|
||||
}
|
||||
|
||||
@@ -35,11 +35,20 @@ libkdc_la_SOURCES = \
|
||||
524.c \
|
||||
kerberos4.c \
|
||||
kaserver.c \
|
||||
process.c \
|
||||
process.c \
|
||||
rx.h
|
||||
|
||||
|
||||
$(libkdc_la_OBJECTS): $(srcdir)/kdc-protos.h
|
||||
|
||||
libkdc_la_LDFLAGS = -version-info 1:0:0
|
||||
|
||||
CHECK_SYMBOLS = -lib kdc -version krb5_kdc kdc_ _kdc_
|
||||
|
||||
$(srcdir)/kdc-protos.h:
|
||||
cd $(srcdir) && perl ../cf/make-proto.pl -q -P comment -o kdc-protos.h $(libkdc_la_SOURCES) || rm -f kdc-protos.h
|
||||
|
||||
|
||||
hprop_LDADD = \
|
||||
$(top_builddir)/lib/hdb/libhdb.la \
|
||||
$(LIB_openldap) \
|
||||
@@ -81,4 +90,4 @@ LDADD = $(top_builddir)/lib/hdb/libhdb.la \
|
||||
|
||||
kdc_LDADD = libkdc.la $(LIB_pidfile)
|
||||
|
||||
include_HEADERS = kdc.h
|
||||
include_HEADERS = kdc.h kdc-protos.h
|
||||
|
||||
@@ -132,7 +132,7 @@ usage(int ret)
|
||||
}
|
||||
|
||||
static void
|
||||
get_dbinfo(krb5_context context, struct krb5_kdc_configuration *config)
|
||||
get_dbinfo(krb5_context context, krb5_kdc_configuration *config)
|
||||
{
|
||||
const krb5_config_binding *top_binding = NULL;
|
||||
const krb5_config_binding *db_binding;
|
||||
@@ -254,9 +254,9 @@ add_one_address (krb5_context context, const char *str, int first)
|
||||
krb5_free_addresses (context, &tmp);
|
||||
}
|
||||
|
||||
struct krb5_kdc_configuration *configure(krb5_context context, int argc, char **argv)
|
||||
krb5_kdc_configuration *configure(krb5_context context, int argc, char **argv)
|
||||
{
|
||||
struct krb5_kdc_configuration *config = malloc(sizeof(*config));
|
||||
krb5_kdc_configuration *config = malloc(sizeof(*config));
|
||||
krb5_error_code ret;
|
||||
int optidx = 0;
|
||||
const char *p;
|
||||
@@ -516,7 +516,7 @@ struct krb5_kdc_configuration *configure(krb5_context context, int argc, char **
|
||||
if (x509_anchors == NULL)
|
||||
krb5_errx(context, 1, "pkinit enabled but no X509 anchors");
|
||||
|
||||
pk_initialize(user_id, x509_anchors);
|
||||
_pk_initialize(user_id, x509_anchors);
|
||||
|
||||
config->enable_pkinit_princ_in_cert =
|
||||
krb5_config_get_bool_default(context,
|
||||
|
||||
@@ -137,7 +137,7 @@ add_port_string (krb5_context context,
|
||||
|
||||
static void
|
||||
add_standard_ports (krb5_context context,
|
||||
struct krb5_kdc_configuration *config,
|
||||
krb5_kdc_configuration *config,
|
||||
int family)
|
||||
{
|
||||
add_port_service(context, family, "kerberos", 88, "udp");
|
||||
@@ -166,7 +166,7 @@ add_standard_ports (krb5_context context,
|
||||
|
||||
static void
|
||||
parse_ports(krb5_context context,
|
||||
struct krb5_kdc_configuration *config,
|
||||
krb5_kdc_configuration *config,
|
||||
const char *str)
|
||||
{
|
||||
char *pos = NULL;
|
||||
@@ -248,7 +248,7 @@ reinit_descrs (struct descr *d, int n)
|
||||
|
||||
static void
|
||||
init_socket(krb5_context context,
|
||||
struct krb5_kdc_configuration *config,
|
||||
krb5_kdc_configuration *config,
|
||||
struct descr *d, krb5_address *a, int family, int type, int port)
|
||||
{
|
||||
krb5_error_code ret;
|
||||
@@ -313,7 +313,7 @@ init_socket(krb5_context context,
|
||||
|
||||
static int
|
||||
init_sockets(krb5_context context,
|
||||
struct krb5_kdc_configuration *config,
|
||||
krb5_kdc_configuration *config,
|
||||
struct descr **desc)
|
||||
{
|
||||
krb5_error_code ret;
|
||||
@@ -400,7 +400,7 @@ addr_to_string(krb5_context context,
|
||||
|
||||
static void
|
||||
do_request(krb5_context context,
|
||||
struct krb5_kdc_configuration *config,
|
||||
krb5_kdc_configuration *config,
|
||||
void *buf, size_t len, krb5_boolean prependlength,
|
||||
struct descr *d)
|
||||
{
|
||||
@@ -447,7 +447,7 @@ do_request(krb5_context context,
|
||||
|
||||
static void
|
||||
handle_udp(krb5_context context,
|
||||
struct krb5_kdc_configuration *config,
|
||||
krb5_kdc_configuration *config,
|
||||
struct descr *d)
|
||||
{
|
||||
unsigned char *buf;
|
||||
@@ -510,7 +510,7 @@ de_http(char *buf)
|
||||
|
||||
static void
|
||||
add_new_tcp (krb5_context context,
|
||||
struct krb5_kdc_configuration *config,
|
||||
krb5_kdc_configuration *config,
|
||||
struct descr *d, int parent, int child)
|
||||
{
|
||||
int s;
|
||||
@@ -546,7 +546,7 @@ add_new_tcp (krb5_context context,
|
||||
|
||||
static int
|
||||
grow_descr (krb5_context context,
|
||||
struct krb5_kdc_configuration *config,
|
||||
krb5_kdc_configuration *config,
|
||||
struct descr *d, size_t n)
|
||||
{
|
||||
if (d->size - d->len < n) {
|
||||
@@ -580,7 +580,7 @@ grow_descr (krb5_context context,
|
||||
|
||||
static int
|
||||
handle_vanilla_tcp (krb5_context context,
|
||||
struct krb5_kdc_configuration *config,
|
||||
krb5_kdc_configuration *config,
|
||||
struct descr *d)
|
||||
{
|
||||
krb5_storage *sp;
|
||||
@@ -607,7 +607,7 @@ handle_vanilla_tcp (krb5_context context,
|
||||
|
||||
static int
|
||||
handle_http_tcp (krb5_context context,
|
||||
struct krb5_kdc_configuration *config,
|
||||
krb5_kdc_configuration *config,
|
||||
struct descr *d)
|
||||
{
|
||||
char *s, *p, *t;
|
||||
@@ -714,7 +714,7 @@ handle_http_tcp (krb5_context context,
|
||||
|
||||
static void
|
||||
handle_tcp(krb5_context context,
|
||||
struct krb5_kdc_configuration *config,
|
||||
krb5_kdc_configuration *config,
|
||||
struct descr *d, int idx, int min_free)
|
||||
{
|
||||
unsigned char buf[1024];
|
||||
@@ -773,7 +773,7 @@ handle_tcp(krb5_context context,
|
||||
|
||||
void
|
||||
loop(krb5_context context,
|
||||
struct krb5_kdc_configuration *config)
|
||||
krb5_kdc_configuration *config)
|
||||
{
|
||||
struct descr *d;
|
||||
int ndescr;
|
||||
|
||||
@@ -390,7 +390,7 @@ unparse_auth_args (krb5_storage *sp,
|
||||
|
||||
static void
|
||||
do_authenticate (krb5_context context,
|
||||
struct krb5_kdc_configuration *config,
|
||||
krb5_kdc_configuration *config,
|
||||
struct rx_header *hdr,
|
||||
krb5_storage *sp,
|
||||
struct sockaddr_in *addr,
|
||||
@@ -432,7 +432,7 @@ do_authenticate (krb5_context context,
|
||||
kdc_log(context, config, 0, "AS-REQ (kaserver) %s from %s for %s",
|
||||
client_name, from, server_name);
|
||||
|
||||
ret = db_fetch4 (context, config, name, instance,
|
||||
ret = _kdc_db_fetch4 (context, config, name, instance,
|
||||
config->v4_realm, &client_entry);
|
||||
if (ret) {
|
||||
kdc_log(context, config, 0, "Client not found in database: %s: %s",
|
||||
@@ -441,7 +441,7 @@ do_authenticate (krb5_context context,
|
||||
goto out;
|
||||
}
|
||||
|
||||
ret = db_fetch4 (context, config, "krbtgt",
|
||||
ret = _kdc_db_fetch4 (context, config, "krbtgt",
|
||||
config->v4_realm, config->v4_realm, &server_entry);
|
||||
if (ret) {
|
||||
kdc_log(context, config, 0, "Server not found in database: %s: %s",
|
||||
@@ -450,17 +450,17 @@ do_authenticate (krb5_context context,
|
||||
goto out;
|
||||
}
|
||||
|
||||
ret = check_flags (context, config,
|
||||
client_entry, client_name,
|
||||
server_entry, server_name,
|
||||
TRUE);
|
||||
ret = _kdc_check_flags (context, config,
|
||||
client_entry, client_name,
|
||||
server_entry, server_name,
|
||||
TRUE);
|
||||
if (ret) {
|
||||
make_error_reply (hdr, KAPWEXPIRED, reply);
|
||||
goto out;
|
||||
}
|
||||
|
||||
/* find a DES key */
|
||||
ret = get_des_key(context, client_entry, FALSE, TRUE, &ckey);
|
||||
ret = _kdc_get_des_key(context, client_entry, FALSE, TRUE, &ckey);
|
||||
if(ret){
|
||||
kdc_log(context, config, 0, "no suitable DES key for client");
|
||||
make_error_reply (hdr, KANOKEYS, reply);
|
||||
@@ -468,7 +468,7 @@ do_authenticate (krb5_context context,
|
||||
}
|
||||
|
||||
/* find a DES key */
|
||||
ret = get_des_key(context, server_entry, TRUE, TRUE, &skey);
|
||||
ret = _kdc_get_des_key(context, server_entry, TRUE, TRUE, &skey);
|
||||
if(ret){
|
||||
kdc_log(context, config, 0, "no suitable DES key for server");
|
||||
make_error_reply (hdr, KANOKEYS, reply);
|
||||
@@ -530,7 +530,7 @@ do_authenticate (krb5_context context,
|
||||
chal + 1, "tgsT",
|
||||
&ckey->key, reply);
|
||||
|
||||
out:
|
||||
out:
|
||||
if (request.length) {
|
||||
memset (request.data, 0, request.length);
|
||||
krb5_data_free (&request);
|
||||
@@ -540,9 +540,9 @@ out:
|
||||
if (instance)
|
||||
free (instance);
|
||||
if (client_entry)
|
||||
free_ent (context, client_entry);
|
||||
_kdc_free_ent (context, client_entry);
|
||||
if (server_entry)
|
||||
free_ent (context, server_entry);
|
||||
_kdc_free_ent (context, server_entry);
|
||||
}
|
||||
|
||||
static krb5_error_code
|
||||
@@ -601,7 +601,7 @@ unparse_getticket_args (krb5_storage *sp,
|
||||
|
||||
static void
|
||||
do_getticket (krb5_context context,
|
||||
struct krb5_kdc_configuration *config,
|
||||
krb5_kdc_configuration *config,
|
||||
struct rx_header *hdr,
|
||||
krb5_storage *sp,
|
||||
struct sockaddr_in *addr,
|
||||
@@ -647,7 +647,7 @@ do_getticket (krb5_context context,
|
||||
snprintf (server_name, sizeof(server_name),
|
||||
"%s.%s@%s", name, instance, config->v4_realm);
|
||||
|
||||
ret = db_fetch4 (context, config, name, instance, config->v4_realm, &server_entry);
|
||||
ret = _kdc_db_fetch4 (context, config, name, instance, config->v4_realm, &server_entry);
|
||||
if (ret) {
|
||||
kdc_log(context, config, 0, "Server not found in database: %s: %s",
|
||||
server_name, krb5_get_err_text(context, ret));
|
||||
@@ -655,7 +655,7 @@ do_getticket (krb5_context context,
|
||||
goto out;
|
||||
}
|
||||
|
||||
ret = db_fetch4 (context, config, "krbtgt",
|
||||
ret = _kdc_db_fetch4 (context, config, "krbtgt",
|
||||
config->v4_realm, config->v4_realm, &krbtgt_entry);
|
||||
if (ret) {
|
||||
kdc_log(context, config, 0,
|
||||
@@ -667,7 +667,7 @@ do_getticket (krb5_context context,
|
||||
}
|
||||
|
||||
/* find a DES key */
|
||||
ret = get_des_key(context, krbtgt_entry, TRUE, TRUE, &kkey);
|
||||
ret = _kdc_get_des_key(context, krbtgt_entry, TRUE, TRUE, &kkey);
|
||||
if(ret){
|
||||
kdc_log(context, config, 0, "no suitable DES key for krbtgt");
|
||||
make_error_reply (hdr, KANOKEYS, reply);
|
||||
@@ -675,7 +675,7 @@ do_getticket (krb5_context context,
|
||||
}
|
||||
|
||||
/* find a DES key */
|
||||
ret = get_des_key(context, server_entry, TRUE, TRUE, &skey);
|
||||
ret = _kdc_get_des_key(context, server_entry, TRUE, TRUE, &skey);
|
||||
if(ret){
|
||||
kdc_log(context, config, 0, "no suitable DES key for server");
|
||||
make_error_reply (hdr, KANOKEYS, reply);
|
||||
@@ -728,7 +728,7 @@ do_getticket (krb5_context context,
|
||||
kdc_log(context, config, 0, "TGS-REQ (kaserver) %s from %s for %s",
|
||||
client_name, from, server_name);
|
||||
|
||||
ret = db_fetch4 (context, config,
|
||||
ret = _kdc_db_fetch4 (context, config,
|
||||
ad.pname, ad.pinst, ad.prealm, &client_entry);
|
||||
if(ret && ret != HDB_ERR_NOENTRY) {
|
||||
kdc_log(context, config, 0,
|
||||
@@ -745,10 +745,10 @@ do_getticket (krb5_context context,
|
||||
goto out;
|
||||
}
|
||||
|
||||
ret = check_flags (context, config,
|
||||
client_entry, client_name,
|
||||
server_entry, server_name,
|
||||
FALSE);
|
||||
ret = _kdc_check_flags (context, config,
|
||||
client_entry, client_name,
|
||||
server_entry, server_name,
|
||||
FALSE);
|
||||
if (ret) {
|
||||
make_error_reply (hdr, KAPWEXPIRED, reply);
|
||||
goto out;
|
||||
@@ -803,7 +803,7 @@ do_getticket (krb5_context context,
|
||||
0, "gtkt",
|
||||
&ad.session, reply);
|
||||
|
||||
out:
|
||||
out:
|
||||
_krb5_krb_free_auth_data(context, &ad);
|
||||
if (aticket.length) {
|
||||
memset (aticket.data, 0, aticket.length);
|
||||
@@ -820,19 +820,19 @@ out:
|
||||
if (instance)
|
||||
free (instance);
|
||||
if (krbtgt_entry)
|
||||
free_ent (context, krbtgt_entry);
|
||||
_kdc_free_ent (context, krbtgt_entry);
|
||||
if (server_entry)
|
||||
free_ent (context, server_entry);
|
||||
_kdc_free_ent (context, server_entry);
|
||||
}
|
||||
|
||||
krb5_error_code
|
||||
do_kaserver(krb5_context context,
|
||||
struct krb5_kdc_configuration *config,
|
||||
unsigned char *buf,
|
||||
size_t len,
|
||||
krb5_data *reply,
|
||||
const char *from,
|
||||
struct sockaddr_in *addr)
|
||||
_kdc_do_kaserver(krb5_context context,
|
||||
krb5_kdc_configuration *config,
|
||||
unsigned char *buf,
|
||||
size_t len,
|
||||
krb5_data *reply,
|
||||
const char *from,
|
||||
struct sockaddr_in *addr)
|
||||
{
|
||||
krb5_error_code ret = 0;
|
||||
struct rx_header hdr;
|
||||
|
||||
@@ -1,24 +0,0 @@
|
||||
|
||||
int
|
||||
krb5_kdc_process_generic_request(krb5_context context,
|
||||
struct krb5_kdc_configuration *config,
|
||||
unsigned char *buf,
|
||||
size_t len,
|
||||
krb5_data *reply,
|
||||
krb5_boolean *prependlength,
|
||||
const char *from,
|
||||
struct sockaddr *addr);
|
||||
|
||||
int krb5_kdc_process_krb5_request(krb5_context context,
|
||||
struct krb5_kdc_configuration *config,
|
||||
unsigned char *buf,
|
||||
size_t len,
|
||||
krb5_data *reply,
|
||||
const char *from,
|
||||
struct sockaddr *addr);
|
||||
|
||||
void krb5_kdc_default_config(struct krb5_kdc_configuration *config);
|
||||
|
||||
void
|
||||
kdc_openlog(krb5_context context,
|
||||
struct krb5_kdc_configuration *config);
|
||||
@@ -49,7 +49,7 @@ enum krb5_kdc_trpolicy {
|
||||
TRPOLICY_ALWAYS_HONOUR_REQUEST
|
||||
};
|
||||
|
||||
struct krb5_kdc_configuration {
|
||||
typedef struct krb5_kdc_configuration {
|
||||
krb5_boolean require_preauth; /* require preauth for all principals */
|
||||
time_t kdc_warn_pwexpire; /* time before expiration to print a warning */
|
||||
|
||||
@@ -74,7 +74,7 @@ struct krb5_kdc_configuration {
|
||||
krb5_boolean enable_pkinit_princ_in_cert;
|
||||
|
||||
krb5_log_facility *logf;
|
||||
};
|
||||
} krb5_kdc_configuration;
|
||||
|
||||
#include <kdc-protos.h>
|
||||
|
||||
|
||||
@@ -55,59 +55,59 @@ extern int detach_from_console;
|
||||
#define _PATH_KDC_CONF HDB_DB_DIR "/kdc.conf"
|
||||
#define DEFAULT_LOG_DEST "0-1/FILE:" HDB_DB_DIR "/kdc.log"
|
||||
|
||||
extern struct timeval now;
|
||||
#define kdc_time (now.tv_sec)
|
||||
extern struct timeval _kdc_now;
|
||||
#define kdc_time (_kdc_now.tv_sec)
|
||||
|
||||
krb5_error_code as_rep (krb5_context context,
|
||||
struct krb5_kdc_configuration *config,
|
||||
krb5_error_code _kdc_as_rep (krb5_context context,
|
||||
krb5_kdc_configuration *config,
|
||||
KDC_REQ*, krb5_data*, const char*, struct sockaddr*);
|
||||
struct krb5_kdc_configuration *configure(krb5_context context, int argc, char **argv);
|
||||
krb5_kdc_configuration *configure(krb5_context context, int argc, char **argv);
|
||||
krb5_error_code
|
||||
db_fetch(krb5_context, struct krb5_kdc_configuration *,
|
||||
_kdc_db_fetch(krb5_context, krb5_kdc_configuration *,
|
||||
krb5_principal, hdb_entry **);
|
||||
void free_ent(krb5_context context, hdb_entry *);
|
||||
void _kdc_free_ent(krb5_context context, hdb_entry *);
|
||||
void kdc_log (krb5_context context,
|
||||
struct krb5_kdc_configuration *config,
|
||||
krb5_kdc_configuration *config,
|
||||
int, const char*, ...)
|
||||
__attribute__ ((format (printf, 4,5)));
|
||||
|
||||
char* kdc_log_msg (krb5_context context,
|
||||
struct krb5_kdc_configuration *config,
|
||||
krb5_kdc_configuration *config,
|
||||
int, const char*, ...)
|
||||
__attribute__ ((format (printf, 4,5)));
|
||||
char* kdc_log_msg_va (krb5_context context,
|
||||
struct krb5_kdc_configuration *config,
|
||||
krb5_kdc_configuration *config,
|
||||
int, const char*, va_list)
|
||||
__attribute__ ((format (printf, 4,0)));
|
||||
void
|
||||
kdc_openlog(krb5_context context,
|
||||
struct krb5_kdc_configuration *config);
|
||||
krb5_kdc_configuration *config);
|
||||
void
|
||||
loop(krb5_context context,
|
||||
struct krb5_kdc_configuration *config);
|
||||
krb5_kdc_configuration *config);
|
||||
void set_master_key (EncryptionKey);
|
||||
krb5_error_code tgs_rep (krb5_context context,
|
||||
struct krb5_kdc_configuration *config,
|
||||
krb5_error_code _kdc_tgs_rep (krb5_context context,
|
||||
krb5_kdc_configuration *config,
|
||||
KDC_REQ*, krb5_data*, const char*, struct sockaddr *);
|
||||
Key* unseal_key (Key*);
|
||||
krb5_error_code
|
||||
check_flags(krb5_context context,
|
||||
struct krb5_kdc_configuration *config,
|
||||
_kdc_check_flags(krb5_context context,
|
||||
krb5_kdc_configuration *config,
|
||||
hdb_entry *client, const char *client_name,
|
||||
hdb_entry *server, const char *server_name,
|
||||
krb5_boolean is_as_req);
|
||||
|
||||
krb5_error_code get_des_key(krb5_context context, hdb_entry*, krb5_boolean, krb5_boolean, Key**);
|
||||
krb5_error_code _kdc_get_des_key(krb5_context context, hdb_entry*, krb5_boolean, krb5_boolean, Key**);
|
||||
krb5_error_code
|
||||
encode_v4_ticket(krb5_context context,
|
||||
struct krb5_kdc_configuration *config,
|
||||
void *buf, size_t len, const EncTicketPart *et,
|
||||
const PrincipalName *service, size_t *size);
|
||||
_kdc_encode_v4_ticket(krb5_context context,
|
||||
krb5_kdc_configuration *config,
|
||||
void *buf, size_t len, const EncTicketPart *et,
|
||||
const PrincipalName *service, size_t *size);
|
||||
krb5_error_code
|
||||
do_524(krb5_context context,
|
||||
struct krb5_kdc_configuration *config,
|
||||
const Ticket *t, krb5_data *reply,
|
||||
const char *from, struct sockaddr *addr);
|
||||
_kdc_do_524(krb5_context context,
|
||||
krb5_kdc_configuration *config,
|
||||
const Ticket *t, krb5_data *reply,
|
||||
const char *from, struct sockaddr *addr);
|
||||
|
||||
#ifdef HAVE_OPENSSL
|
||||
#define des_new_random_key des_random_key
|
||||
@@ -115,41 +115,41 @@ do_524(krb5_context context,
|
||||
|
||||
#ifdef PKINIT
|
||||
typedef struct pk_client_params pk_client_params;
|
||||
krb5_error_code pk_initialize(const char *, const char *);
|
||||
krb5_error_code pk_rd_padata(krb5_context, KDC_REQ *,
|
||||
PA_DATA *, pk_client_params **);
|
||||
krb5_error_code pk_mk_pa_reply(krb5_context,
|
||||
pk_client_params *,
|
||||
const hdb_entry *,
|
||||
const KDC_REQ *,
|
||||
krb5_keyblock **,
|
||||
METHOD_DATA *);
|
||||
krb5_error_code pk_check_client(krb5_context, krb5_principal,
|
||||
const hdb_entry *,
|
||||
pk_client_params *, char **);
|
||||
void pk_free_client_param(krb5_context, pk_client_params *);
|
||||
krb5_error_code _pk_initialize(const char *, const char *);
|
||||
krb5_error_code _pk_rd_padata(krb5_context, KDC_REQ *,
|
||||
PA_DATA *, pk_client_params **);
|
||||
krb5_error_code _pk_mk_pa_reply(krb5_context,
|
||||
pk_client_params *,
|
||||
const hdb_entry *,
|
||||
const KDC_REQ *,
|
||||
krb5_keyblock **,
|
||||
METHOD_DATA *);
|
||||
krb5_error_code _pk_check_client(krb5_context, krb5_principal,
|
||||
const hdb_entry *,
|
||||
pk_client_params *, char **);
|
||||
void _pk_free_client_param(krb5_context, pk_client_params *);
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Kerberos 4
|
||||
*/
|
||||
|
||||
krb5_error_code db_fetch4 (krb5_context context,
|
||||
struct krb5_kdc_configuration *config,
|
||||
krb5_error_code _kdc_db_fetch4 (krb5_context context,
|
||||
krb5_kdc_configuration *config,
|
||||
const char*, const char*, const char*, hdb_entry**);
|
||||
krb5_error_code do_version4 (krb5_context context,
|
||||
struct krb5_kdc_configuration *config,
|
||||
krb5_error_code _kdc_do_version4 (krb5_context context,
|
||||
krb5_kdc_configuration *config,
|
||||
unsigned char*, size_t, krb5_data*, const char*,
|
||||
struct sockaddr_in*);
|
||||
int maybe_version4 (unsigned char*, int);
|
||||
int _kdc_maybe_version4 (unsigned char*, int);
|
||||
|
||||
krb5_error_code do_kaserver (krb5_context context,
|
||||
struct krb5_kdc_configuration *config,
|
||||
unsigned char*, size_t, krb5_data*, const char*,
|
||||
struct sockaddr_in*);
|
||||
krb5_error_code _kdc_do_kaserver (krb5_context context,
|
||||
krb5_kdc_configuration *config,
|
||||
unsigned char*, size_t, krb5_data*,
|
||||
const char*, struct sockaddr_in*);
|
||||
|
||||
int kdc_process_generic_request(krb5_context context,
|
||||
struct krb5_kdc_configuration *config,
|
||||
krb5_kdc_configuration *config,
|
||||
unsigned char *buf,
|
||||
size_t len,
|
||||
krb5_data *reply,
|
||||
|
||||
@@ -49,7 +49,7 @@ swap32(u_int32_t x)
|
||||
#endif /* swap32 */
|
||||
|
||||
int
|
||||
maybe_version4(unsigned char *buf, int len)
|
||||
_kdc_maybe_version4(unsigned char *buf, int len)
|
||||
{
|
||||
return len > 0 && *buf == 4;
|
||||
}
|
||||
@@ -67,7 +67,7 @@ valid_princ(krb5_context context,
|
||||
void *funcctx,
|
||||
krb5_principal princ)
|
||||
{
|
||||
struct krb5_kdc_configuration *config = funcctx;
|
||||
krb5_kdc_configuration *config = funcctx;
|
||||
krb5_error_code ret;
|
||||
char *s;
|
||||
hdb_entry *ent;
|
||||
@@ -75,7 +75,7 @@ valid_princ(krb5_context context,
|
||||
ret = krb5_unparse_name(context, princ, &s);
|
||||
if (ret)
|
||||
return FALSE;
|
||||
ret = db_fetch(context, config, princ, &ent);
|
||||
ret = _kdc_db_fetch(context, config, princ, &ent);
|
||||
if (ret) {
|
||||
kdc_log(context, config, 7, "Lookup %s failed: %s", s,
|
||||
krb5_get_err_text (context, ret));
|
||||
@@ -84,13 +84,13 @@ valid_princ(krb5_context context,
|
||||
}
|
||||
kdc_log(context, config, 7, "Lookup %s succeeded", s);
|
||||
free(s);
|
||||
free_ent(context, ent);
|
||||
_kdc_free_ent(context, ent);
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
krb5_error_code
|
||||
db_fetch4(krb5_context context,
|
||||
struct krb5_kdc_configuration *config,
|
||||
_kdc_db_fetch4(krb5_context context,
|
||||
krb5_kdc_configuration *config,
|
||||
const char *name, const char *instance, const char *realm,
|
||||
hdb_entry **ent)
|
||||
{
|
||||
@@ -101,7 +101,7 @@ db_fetch4(krb5_context context,
|
||||
valid_princ, config, 0, &p);
|
||||
if(ret)
|
||||
return ret;
|
||||
ret = db_fetch(context, config, p, ent);
|
||||
ret = _kdc_db_fetch(context, config, p, ent);
|
||||
krb5_free_principal(context, p);
|
||||
return ret;
|
||||
}
|
||||
@@ -115,13 +115,13 @@ db_fetch4(krb5_context context,
|
||||
*/
|
||||
|
||||
krb5_error_code
|
||||
do_version4(krb5_context context,
|
||||
struct krb5_kdc_configuration *config,
|
||||
unsigned char *buf,
|
||||
size_t len,
|
||||
krb5_data *reply,
|
||||
const char *from,
|
||||
struct sockaddr_in *addr)
|
||||
_kdc_do_version4(krb5_context context,
|
||||
krb5_kdc_configuration *config,
|
||||
unsigned char *buf,
|
||||
size_t len,
|
||||
krb5_data *reply,
|
||||
const char *from,
|
||||
struct sockaddr_in *addr)
|
||||
{
|
||||
krb5_storage *sp;
|
||||
krb5_error_code ret;
|
||||
@@ -181,7 +181,7 @@ do_version4(krb5_context context,
|
||||
kdc_log(context, config, 0, "AS-REQ (krb4) %s from %s for %s",
|
||||
client_name, from, server_name);
|
||||
|
||||
ret = db_fetch4(context, config, name, inst, realm, &client);
|
||||
ret = _kdc_db_fetch4(context, config, name, inst, realm, &client);
|
||||
if(ret) {
|
||||
kdc_log(context, config, 0, "Client not found in database: %s: %s",
|
||||
client_name, krb5_get_err_text(context, ret));
|
||||
@@ -189,7 +189,7 @@ do_version4(krb5_context context,
|
||||
"principal unknown");
|
||||
goto out1;
|
||||
}
|
||||
ret = db_fetch4(context, config, sname, sinst,
|
||||
ret = _kdc_db_fetch4(context, config, sname, sinst,
|
||||
config->v4_realm, &server);
|
||||
if(ret){
|
||||
kdc_log(context, config, 0, "Server not found in database: %s: %s",
|
||||
@@ -199,10 +199,10 @@ do_version4(krb5_context context,
|
||||
goto out1;
|
||||
}
|
||||
|
||||
ret = check_flags (context, config,
|
||||
client, client_name,
|
||||
server, server_name,
|
||||
TRUE);
|
||||
ret = _kdc_check_flags (context, config,
|
||||
client, client_name,
|
||||
server, server_name,
|
||||
TRUE);
|
||||
if (ret) {
|
||||
/* good error code? */
|
||||
make_err_reply(context, reply, KERB_ERR_NAME_EXP,
|
||||
@@ -227,7 +227,7 @@ do_version4(krb5_context context,
|
||||
goto out1;
|
||||
}
|
||||
|
||||
ret = get_des_key(context, client, FALSE, FALSE, &ckey);
|
||||
ret = _kdc_get_des_key(context, client, FALSE, FALSE, &ckey);
|
||||
if(ret){
|
||||
kdc_log(context, config, 0, "no suitable DES key for client");
|
||||
make_err_reply(context, reply, KDC_NULL_KEY,
|
||||
@@ -249,7 +249,7 @@ do_version4(krb5_context context,
|
||||
}
|
||||
#endif
|
||||
|
||||
ret = get_des_key(context, server, TRUE, FALSE, &skey);
|
||||
ret = _kdc_get_des_key(context, server, TRUE, FALSE, &skey);
|
||||
if(ret){
|
||||
kdc_log(context, config, 0, "no suitable DES key for server");
|
||||
/* XXX */
|
||||
@@ -360,7 +360,7 @@ do_version4(krb5_context context,
|
||||
goto out2;
|
||||
}
|
||||
|
||||
ret = db_fetch(context, config, tgt_princ, &tgt);
|
||||
ret = _kdc_db_fetch(context, config, tgt_princ, &tgt);
|
||||
if(ret){
|
||||
char *s;
|
||||
s = kdc_log_msg(context, config, 0, "Ticket-granting ticket not "
|
||||
@@ -382,7 +382,7 @@ do_version4(krb5_context context,
|
||||
goto out2;
|
||||
}
|
||||
|
||||
ret = get_des_key(context, tgt, TRUE, FALSE, &tkey);
|
||||
ret = _kdc_get_des_key(context, tgt, TRUE, FALSE, &tkey);
|
||||
if(ret){
|
||||
kdc_log(context, config, 0,
|
||||
"no suitable DES key for krbtgt (krb4)");
|
||||
@@ -455,7 +455,7 @@ do_version4(krb5_context context,
|
||||
goto out2;
|
||||
}
|
||||
|
||||
ret = db_fetch4(context, config, ad.pname, ad.pinst, ad.prealm, &client);
|
||||
ret = _kdc_db_fetch4(context, config, ad.pname, ad.pinst, ad.prealm, &client);
|
||||
if(ret && ret != HDB_ERR_NOENTRY) {
|
||||
char *s;
|
||||
s = kdc_log_msg(context, config, 0,
|
||||
@@ -475,7 +475,7 @@ do_version4(krb5_context context,
|
||||
goto out2;
|
||||
}
|
||||
|
||||
ret = db_fetch4(context, config, sname, sinst, config->v4_realm, &server);
|
||||
ret = _kdc_db_fetch4(context, config, sname, sinst, config->v4_realm, &server);
|
||||
if(ret){
|
||||
char *s;
|
||||
s = kdc_log_msg(context, config, 0,
|
||||
@@ -486,10 +486,10 @@ do_version4(krb5_context context,
|
||||
goto out2;
|
||||
}
|
||||
|
||||
ret = check_flags (context, config,
|
||||
client, client_name,
|
||||
server, server_name,
|
||||
FALSE);
|
||||
ret = _kdc_check_flags (context, config,
|
||||
client, client_name,
|
||||
server, server_name,
|
||||
FALSE);
|
||||
if (ret) {
|
||||
/* good error code? */
|
||||
make_err_reply(context, reply, KERB_ERR_NAME_EXP,
|
||||
@@ -497,7 +497,7 @@ do_version4(krb5_context context,
|
||||
goto out2;
|
||||
}
|
||||
|
||||
ret = get_des_key(context, server, TRUE, FALSE, &skey);
|
||||
ret = _kdc_get_des_key(context, server, TRUE, FALSE, &skey);
|
||||
if(ret){
|
||||
kdc_log(context, config, 0,
|
||||
"no suitable DES key for server (krb4)");
|
||||
@@ -598,7 +598,7 @@ do_version4(krb5_context context,
|
||||
if(tgt_princ)
|
||||
krb5_free_principal(context, tgt_princ);
|
||||
if(tgt)
|
||||
free_ent(context, tgt);
|
||||
_kdc_free_ent(context, tgt);
|
||||
break;
|
||||
}
|
||||
case AUTH_MSG_ERR_REPLY:
|
||||
@@ -621,18 +621,18 @@ do_version4(krb5_context context,
|
||||
if(sinst)
|
||||
free(sinst);
|
||||
if(client)
|
||||
free_ent(context, client);
|
||||
_kdc_free_ent(context, client);
|
||||
if(server)
|
||||
free_ent(context, server);
|
||||
_kdc_free_ent(context, server);
|
||||
krb5_storage_free(sp);
|
||||
return 0;
|
||||
}
|
||||
|
||||
krb5_error_code
|
||||
encode_v4_ticket(krb5_context context,
|
||||
struct krb5_kdc_configuration *config,
|
||||
void *buf, size_t len, const EncTicketPart *et,
|
||||
const PrincipalName *service, size_t *size)
|
||||
_kdc_encode_v4_ticket(krb5_context context,
|
||||
krb5_kdc_configuration *config,
|
||||
void *buf, size_t len, const EncTicketPart *et,
|
||||
const PrincipalName *service, size_t *size)
|
||||
{
|
||||
krb5_storage *sp;
|
||||
krb5_error_code ret;
|
||||
@@ -718,9 +718,9 @@ encode_v4_ticket(krb5_context context,
|
||||
}
|
||||
|
||||
krb5_error_code
|
||||
get_des_key(krb5_context context,
|
||||
hdb_entry *principal, krb5_boolean is_server,
|
||||
krb5_boolean prefer_afs_key, Key **ret_key)
|
||||
_kdc_get_des_key(krb5_context context,
|
||||
hdb_entry *principal, krb5_boolean is_server,
|
||||
krb5_boolean prefer_afs_key, Key **ret_key)
|
||||
{
|
||||
Key *v5_key = NULL, *v4_key = NULL, *afs_key = NULL, *server_key = NULL;
|
||||
int i;
|
||||
|
||||
125
kdc/kerberos5.c
125
kdc/kerberos5.c
@@ -118,7 +118,7 @@ find_etype(krb5_context context, hdb_entry *princ,
|
||||
|
||||
static krb5_error_code
|
||||
find_keys(krb5_context context,
|
||||
struct krb5_kdc_configuration *config,
|
||||
krb5_kdc_configuration *config,
|
||||
hdb_entry *client,
|
||||
hdb_entry *server,
|
||||
Key **ckey,
|
||||
@@ -181,7 +181,7 @@ make_anonymous_principalname (PrincipalName *pn)
|
||||
|
||||
static void
|
||||
log_timestamp(krb5_context context,
|
||||
struct krb5_kdc_configuration *config,
|
||||
krb5_kdc_configuration *config,
|
||||
const char *type,
|
||||
KerberosTime authtime, KerberosTime *starttime,
|
||||
KerberosTime endtime, KerberosTime *renew_till)
|
||||
@@ -206,7 +206,7 @@ log_timestamp(krb5_context context,
|
||||
|
||||
static krb5_error_code
|
||||
encode_reply(krb5_context context,
|
||||
struct krb5_kdc_configuration *config,
|
||||
krb5_kdc_configuration *config,
|
||||
KDC_REP *rep, EncTicketPart *et, EncKDCRepPart *ek,
|
||||
krb5_enctype etype,
|
||||
int skvno, EncryptionKey *skey,
|
||||
@@ -356,7 +356,7 @@ make_etype_info_entry(krb5_context context, ETYPE_INFO_ENTRY *ent, Key *key)
|
||||
|
||||
static krb5_error_code
|
||||
get_pa_etype_info(krb5_context context,
|
||||
struct krb5_kdc_configuration *config,
|
||||
krb5_kdc_configuration *config,
|
||||
METHOD_DATA *md, hdb_entry *client,
|
||||
ENCTYPE *etypes, unsigned int etypes_len)
|
||||
{
|
||||
@@ -519,7 +519,7 @@ only_older_enctype_p(const KDC_REQ *req)
|
||||
|
||||
static krb5_error_code
|
||||
get_pa_etype_info2(krb5_context context,
|
||||
struct krb5_kdc_configuration *config,
|
||||
krb5_kdc_configuration *config,
|
||||
METHOD_DATA *md, hdb_entry *client,
|
||||
ENCTYPE *etypes, unsigned int etypes_len)
|
||||
{
|
||||
@@ -604,21 +604,23 @@ get_pa_etype_info2(krb5_context context,
|
||||
*/
|
||||
|
||||
krb5_error_code
|
||||
check_flags(krb5_context context,
|
||||
struct krb5_kdc_configuration *config,
|
||||
hdb_entry *client, const char *client_name,
|
||||
hdb_entry *server, const char *server_name,
|
||||
krb5_boolean is_as_req)
|
||||
_kdc_check_flags(krb5_context context,
|
||||
krb5_kdc_configuration *config,
|
||||
hdb_entry *client, const char *client_name,
|
||||
hdb_entry *server, const char *server_name,
|
||||
krb5_boolean is_as_req)
|
||||
{
|
||||
if(client != NULL) {
|
||||
/* check client */
|
||||
if (client->flags.invalid) {
|
||||
kdc_log(context, config, 0, "Client (%s) has invalid bit set", client_name);
|
||||
kdc_log(context, config, 0,
|
||||
"Client (%s) has invalid bit set", client_name);
|
||||
return KRB5KDC_ERR_POLICY;
|
||||
}
|
||||
|
||||
if(!client->flags.client){
|
||||
kdc_log(context, config, 0, "Principal may not act as client -- %s",
|
||||
kdc_log(context, config, 0,
|
||||
"Principal may not act as client -- %s",
|
||||
client_name);
|
||||
return KRB5KDC_ERR_POLICY;
|
||||
}
|
||||
@@ -685,7 +687,7 @@ check_flags(krb5_context context,
|
||||
|
||||
static krb5_boolean
|
||||
check_addresses(krb5_context context,
|
||||
struct krb5_kdc_configuration *config,
|
||||
krb5_kdc_configuration *config,
|
||||
HostAddresses *addresses, const struct sockaddr *from)
|
||||
{
|
||||
krb5_error_code ret;
|
||||
@@ -708,12 +710,12 @@ check_addresses(krb5_context context,
|
||||
}
|
||||
|
||||
krb5_error_code
|
||||
as_rep(krb5_context context,
|
||||
struct krb5_kdc_configuration *config,
|
||||
KDC_REQ *req,
|
||||
krb5_data *reply,
|
||||
const char *from,
|
||||
struct sockaddr *from_addr)
|
||||
_kdc_as_rep(krb5_context context,
|
||||
krb5_kdc_configuration *config,
|
||||
KDC_REQ *req,
|
||||
krb5_data *reply,
|
||||
const char *from,
|
||||
struct sockaddr *from_addr)
|
||||
{
|
||||
KDC_REQ_BODY *b = &req->req_body;
|
||||
AS_REP rep;
|
||||
@@ -764,7 +766,7 @@ as_rep(krb5_context context,
|
||||
kdc_log(context, config, 0, "AS-REQ %s from %s for %s",
|
||||
client_name, from, server_name);
|
||||
|
||||
ret = db_fetch(context, config, client_princ, &client);
|
||||
ret = _kdc_db_fetch(context, config, client_princ, &client);
|
||||
if(ret){
|
||||
kdc_log(context, config, 0, "UNKNOWN -- %s: %s", client_name,
|
||||
krb5_get_err_text(context, ret));
|
||||
@@ -772,7 +774,7 @@ as_rep(krb5_context context,
|
||||
goto out;
|
||||
}
|
||||
|
||||
ret = db_fetch(context, config, server_princ, &server);
|
||||
ret = _kdc_db_fetch(context, config, server_princ, &server);
|
||||
if(ret){
|
||||
kdc_log(context, config, 0, "UNKNOWN -- %s: %s", server_name,
|
||||
krb5_get_err_text(context, ret));
|
||||
@@ -780,8 +782,10 @@ as_rep(krb5_context context,
|
||||
goto out;
|
||||
}
|
||||
|
||||
ret = check_flags(context, config,
|
||||
client, client_name, server, server_name, TRUE);
|
||||
ret = _kdc_check_flags(context, config,
|
||||
client, client_name,
|
||||
server, server_name,
|
||||
TRUE);
|
||||
if(ret)
|
||||
goto out;
|
||||
|
||||
@@ -815,25 +819,26 @@ as_rep(krb5_context context,
|
||||
if (pa) {
|
||||
char *client_cert = NULL;
|
||||
|
||||
ret = pk_rd_padata(context, req, pa, &pkp);
|
||||
ret = _pk_rd_padata(context, req, pa, &pkp);
|
||||
if (ret) {
|
||||
ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
|
||||
kdc_log(context, config, 5, "Failed to decode PKINIT PA-DATA -- %s",
|
||||
kdc_log(context, config, 5,
|
||||
"Failed to decode PKINIT PA-DATA -- %s",
|
||||
client_name);
|
||||
goto ts_enc;
|
||||
}
|
||||
if (ret == 0 && pkp == NULL)
|
||||
goto ts_enc;
|
||||
|
||||
ret = pk_check_client(context,
|
||||
client_princ,
|
||||
client,
|
||||
pkp,
|
||||
&client_cert);
|
||||
ret = _pk_check_client(context,
|
||||
client_princ,
|
||||
client,
|
||||
pkp,
|
||||
&client_cert);
|
||||
if (ret) {
|
||||
e_text = "PKINIT certificate not allowed to "
|
||||
"impersonate principal";
|
||||
pk_free_client_param(context, pkp);
|
||||
_pk_free_client_param(context, pkp);
|
||||
pkp = NULL;
|
||||
goto ts_enc;
|
||||
}
|
||||
@@ -917,7 +922,7 @@ as_rep(krb5_context context,
|
||||
e_text = "Failed to decrypt PA-DATA";
|
||||
kdc_log(context, config,
|
||||
5, "Failed to decrypt PA-DATA -- %s",
|
||||
client_name);
|
||||
client_name);
|
||||
ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
|
||||
continue;
|
||||
}
|
||||
@@ -932,7 +937,7 @@ as_rep(krb5_context context,
|
||||
ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
|
||||
kdc_log(context, config,
|
||||
5, "Failed to decode PA-ENC-TS_ENC -- %s",
|
||||
client_name);
|
||||
client_name);
|
||||
continue;
|
||||
}
|
||||
free_PA_ENC_TS_ENC(&p);
|
||||
@@ -1270,8 +1275,8 @@ as_rep(krb5_context context,
|
||||
reply_key = &ckey->key;
|
||||
#if PKINIT
|
||||
if (pkp) {
|
||||
ret = pk_mk_pa_reply(context, pkp, client, req,
|
||||
&reply_key, rep.padata);
|
||||
ret = _pk_mk_pa_reply(context, pkp, client, req,
|
||||
&reply_key, rep.padata);
|
||||
if (ret)
|
||||
goto out;
|
||||
}
|
||||
@@ -1309,7 +1314,7 @@ as_rep(krb5_context context,
|
||||
out2:
|
||||
#ifdef PKINIT
|
||||
if (pkp)
|
||||
pk_free_client_param(context, pkp);
|
||||
_pk_free_client_param(context, pkp);
|
||||
#endif
|
||||
if (client_princ)
|
||||
krb5_free_principal(context, client_princ);
|
||||
@@ -1318,16 +1323,16 @@ as_rep(krb5_context context,
|
||||
krb5_free_principal(context, server_princ);
|
||||
free(server_name);
|
||||
if(client)
|
||||
free_ent(context, client);
|
||||
_kdc_free_ent(context, client);
|
||||
if(server)
|
||||
free_ent(context, server);
|
||||
_kdc_free_ent(context, server);
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
static krb5_error_code
|
||||
check_tgs_flags(krb5_context context,
|
||||
struct krb5_kdc_configuration *config,
|
||||
krb5_kdc_configuration *config,
|
||||
KDC_REQ_BODY *b, EncTicketPart *tgt, EncTicketPart *et)
|
||||
{
|
||||
KDCOptions f = b->kdc_options;
|
||||
@@ -1448,7 +1453,7 @@ check_tgs_flags(krb5_context context,
|
||||
|
||||
static krb5_error_code
|
||||
fix_transited_encoding(krb5_context context,
|
||||
struct krb5_kdc_configuration *config,
|
||||
krb5_kdc_configuration *config,
|
||||
krb5_boolean check_policy,
|
||||
TransitedEncoding *tr,
|
||||
EncTicketPart *et,
|
||||
@@ -1545,7 +1550,7 @@ fix_transited_encoding(krb5_context context,
|
||||
|
||||
static krb5_error_code
|
||||
tgs_make_reply(krb5_context context,
|
||||
struct krb5_kdc_configuration *config,
|
||||
krb5_kdc_configuration *config,
|
||||
KDC_REQ_BODY *b,
|
||||
EncTicketPart *tgt,
|
||||
EncTicketPart *adtkt,
|
||||
@@ -1755,7 +1760,7 @@ tgs_make_reply(krb5_context context,
|
||||
|
||||
static krb5_error_code
|
||||
tgs_check_authenticator(krb5_context context,
|
||||
struct krb5_kdc_configuration *config,
|
||||
krb5_kdc_configuration *config,
|
||||
krb5_auth_context ac,
|
||||
KDC_REQ_BODY *b,
|
||||
const char **e_text,
|
||||
@@ -1869,7 +1874,7 @@ need_referral(krb5_context context, krb5_principal server, krb5_realm **realms)
|
||||
|
||||
static krb5_error_code
|
||||
tgs_rep2(krb5_context context,
|
||||
struct krb5_kdc_configuration *config,
|
||||
krb5_kdc_configuration *config,
|
||||
KDC_REQ_BODY *b,
|
||||
PA_DATA *tgs_req,
|
||||
krb5_data *reply,
|
||||
@@ -1918,7 +1923,7 @@ tgs_rep2(krb5_context context,
|
||||
ap_req.ticket.sname,
|
||||
ap_req.ticket.realm);
|
||||
|
||||
ret = db_fetch(context, config, princ, &krbtgt);
|
||||
ret = _kdc_db_fetch(context, config, princ, &krbtgt);
|
||||
|
||||
if(ret) {
|
||||
char *p;
|
||||
@@ -2117,7 +2122,7 @@ tgs_rep2(krb5_context context,
|
||||
goto out2;
|
||||
}
|
||||
_krb5_principalname2krb5_principal(&p, t->sname, t->realm);
|
||||
ret = db_fetch(context, config, p, &uu);
|
||||
ret = _kdc_db_fetch(context, config, p, &uu);
|
||||
krb5_free_principal(context, p);
|
||||
if(ret){
|
||||
if (ret == HDB_ERR_NOENTRY)
|
||||
@@ -2156,7 +2161,7 @@ tgs_rep2(krb5_context context,
|
||||
kdc_log(context, config, 0,
|
||||
"TGS-REQ %s from %s for %s", cpn, from, spn);
|
||||
server_lookup:
|
||||
ret = db_fetch(context, config, sp, &server);
|
||||
ret = _kdc_db_fetch(context, config, sp, &server);
|
||||
|
||||
if(ret){
|
||||
const char *new_rlm;
|
||||
@@ -2205,7 +2210,7 @@ tgs_rep2(krb5_context context,
|
||||
goto out;
|
||||
}
|
||||
|
||||
ret = db_fetch(context, config, cp, &client);
|
||||
ret = _kdc_db_fetch(context, config, cp, &client);
|
||||
if(ret)
|
||||
kdc_log(context, config, 1, "Client not found in database: %s: %s",
|
||||
cpn, krb5_get_err_text(context, ret));
|
||||
@@ -2235,8 +2240,10 @@ tgs_rep2(krb5_context context,
|
||||
|
||||
}
|
||||
|
||||
ret = check_flags(context, config,
|
||||
client, cpn, server, spn, FALSE);
|
||||
ret = _kdc_check_flags(context, config,
|
||||
client, cpn,
|
||||
server, spn,
|
||||
FALSE);
|
||||
if(ret)
|
||||
goto out;
|
||||
|
||||
@@ -2274,11 +2281,11 @@ tgs_rep2(krb5_context context,
|
||||
free(cpn);
|
||||
|
||||
if(server)
|
||||
free_ent(context, server);
|
||||
_kdc_free_ent(context, server);
|
||||
if(client)
|
||||
free_ent(context, client);
|
||||
_kdc_free_ent(context, client);
|
||||
}
|
||||
out2:
|
||||
out2:
|
||||
if(ret) {
|
||||
krb5_mk_error(context,
|
||||
ret,
|
||||
@@ -2305,19 +2312,19 @@ out2:
|
||||
}
|
||||
|
||||
if(krbtgt)
|
||||
free_ent(context, krbtgt);
|
||||
_kdc_free_ent(context, krbtgt);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
krb5_error_code
|
||||
tgs_rep(krb5_context context,
|
||||
struct krb5_kdc_configuration *config,
|
||||
KDC_REQ *req,
|
||||
krb5_data *data,
|
||||
const char *from,
|
||||
struct sockaddr *from_addr)
|
||||
_kdc_tgs_rep(krb5_context context,
|
||||
krb5_kdc_configuration *config,
|
||||
KDC_REQ *req,
|
||||
krb5_data *data,
|
||||
const char *from,
|
||||
struct sockaddr *from_addr)
|
||||
{
|
||||
krb5_error_code ret;
|
||||
int i = 0;
|
||||
|
||||
@@ -36,7 +36,7 @@ RCSID("$Id$");
|
||||
|
||||
void
|
||||
kdc_openlog(krb5_context context,
|
||||
struct krb5_kdc_configuration *config)
|
||||
krb5_kdc_configuration *config)
|
||||
{
|
||||
char **s = NULL, **p;
|
||||
krb5_initlog(context, "kdc", &config->logf);
|
||||
@@ -54,7 +54,7 @@ kdc_openlog(krb5_context context,
|
||||
|
||||
char*
|
||||
kdc_log_msg_va(krb5_context context,
|
||||
struct krb5_kdc_configuration *config,
|
||||
krb5_kdc_configuration *config,
|
||||
int level, const char *fmt, va_list ap)
|
||||
{
|
||||
char *msg;
|
||||
@@ -64,7 +64,7 @@ kdc_log_msg_va(krb5_context context,
|
||||
|
||||
char*
|
||||
kdc_log_msg(krb5_context context,
|
||||
struct krb5_kdc_configuration *config,
|
||||
krb5_kdc_configuration *config,
|
||||
int level, const char *fmt, ...)
|
||||
{
|
||||
va_list ap;
|
||||
@@ -77,7 +77,7 @@ kdc_log_msg(krb5_context context,
|
||||
|
||||
void
|
||||
kdc_log(krb5_context context,
|
||||
struct krb5_kdc_configuration *config,
|
||||
krb5_kdc_configuration *config,
|
||||
int level, const char *fmt, ...)
|
||||
{
|
||||
va_list ap;
|
||||
|
||||
@@ -53,7 +53,7 @@ main(int argc, char **argv)
|
||||
{
|
||||
krb5_error_code ret;
|
||||
krb5_context context;
|
||||
struct krb5_kdc_configuration *config;
|
||||
krb5_kdc_configuration *config;
|
||||
|
||||
setprogname(argv[0]);
|
||||
|
||||
|
||||
12
kdc/misc.c
12
kdc/misc.c
@@ -35,13 +35,13 @@
|
||||
|
||||
RCSID("$Id$");
|
||||
|
||||
struct timeval now;
|
||||
struct timeval _kdc_now;
|
||||
|
||||
krb5_error_code
|
||||
db_fetch(krb5_context context,
|
||||
struct krb5_kdc_configuration *config,
|
||||
krb5_principal principal,
|
||||
hdb_entry **h)
|
||||
_kdc_db_fetch(krb5_context context,
|
||||
krb5_kdc_configuration *config,
|
||||
krb5_principal principal,
|
||||
hdb_entry **h)
|
||||
{
|
||||
hdb_entry *ent;
|
||||
krb5_error_code ret = HDB_ERR_NOENTRY;
|
||||
@@ -74,7 +74,7 @@ db_fetch(krb5_context context,
|
||||
}
|
||||
|
||||
void
|
||||
free_ent(krb5_context context, hdb_entry *ent)
|
||||
_kdc_free_ent(krb5_context context, hdb_entry *ent)
|
||||
{
|
||||
hdb_free_entry (context, ent);
|
||||
free (ent);
|
||||
|
||||
34
kdc/pkinit.c
34
kdc/pkinit.c
@@ -271,7 +271,7 @@ pk_encrypt_key(krb5_context context,
|
||||
}
|
||||
|
||||
void
|
||||
pk_free_client_param(krb5_context context, pk_client_params *client_params)
|
||||
_pk_free_client_param(krb5_context context, pk_client_params *client_params)
|
||||
{
|
||||
if (client_params->certificate)
|
||||
_krb5_pk_cert_free(client_params->certificate);
|
||||
@@ -508,10 +508,10 @@ verify_trusted_ca(PA_PK_AS_REQ_19 *r)
|
||||
#endif /* 0 */
|
||||
|
||||
krb5_error_code
|
||||
pk_rd_padata(krb5_context context,
|
||||
KDC_REQ *req,
|
||||
PA_DATA *pa,
|
||||
pk_client_params **ret_params)
|
||||
_pk_rd_padata(krb5_context context,
|
||||
KDC_REQ *req,
|
||||
PA_DATA *pa,
|
||||
pk_client_params **ret_params)
|
||||
{
|
||||
pk_client_params *client_params;
|
||||
krb5_error_code ret;
|
||||
@@ -1169,12 +1169,12 @@ pk_mk_pa_reply_dh(krb5_context context,
|
||||
*/
|
||||
|
||||
krb5_error_code
|
||||
pk_mk_pa_reply(krb5_context context,
|
||||
pk_client_params *client_params,
|
||||
const hdb_entry *client,
|
||||
const KDC_REQ *req,
|
||||
krb5_keyblock **reply_key,
|
||||
METHOD_DATA *md)
|
||||
_pk_mk_pa_reply(krb5_context context,
|
||||
pk_client_params *client_params,
|
||||
const hdb_entry *client,
|
||||
const KDC_REQ *req,
|
||||
krb5_keyblock **reply_key,
|
||||
METHOD_DATA *md)
|
||||
{
|
||||
krb5_error_code ret;
|
||||
void *buf;
|
||||
@@ -1432,11 +1432,11 @@ pk_principal_from_X509(krb5_context context,
|
||||
/* XXX match with issuer too ? */
|
||||
|
||||
krb5_error_code
|
||||
pk_check_client(krb5_context context,
|
||||
krb5_principal client_princ,
|
||||
const hdb_entry *client,
|
||||
pk_client_params *client_params,
|
||||
char **subject_name)
|
||||
_pk_check_client(krb5_context context,
|
||||
krb5_principal client_princ,
|
||||
const hdb_entry *client,
|
||||
pk_client_params *client_params,
|
||||
char **subject_name)
|
||||
{
|
||||
struct krb5_pk_cert *client_cert = client_params->certificate;
|
||||
krb5_principal cert_princ;
|
||||
@@ -1522,7 +1522,7 @@ add_principal_mapping(const char *principal_name, const char * subject)
|
||||
|
||||
|
||||
krb5_error_code
|
||||
pk_initialize(const char *user_id, const char *x509_anchors)
|
||||
_pk_initialize(const char *user_id, const char *x509_anchors)
|
||||
{
|
||||
const char *mapping_file;
|
||||
krb5_error_code ret;
|
||||
|
||||
@@ -43,7 +43,7 @@ RCSID("$Id$");
|
||||
|
||||
int
|
||||
krb5_kdc_process_generic_request(krb5_context context,
|
||||
struct krb5_kdc_configuration *config,
|
||||
krb5_kdc_configuration *config,
|
||||
unsigned char *buf,
|
||||
size_t len,
|
||||
krb5_data *reply,
|
||||
@@ -56,27 +56,27 @@ krb5_kdc_process_generic_request(krb5_context context,
|
||||
krb5_error_code ret;
|
||||
size_t i;
|
||||
|
||||
gettimeofday(&now, NULL);
|
||||
gettimeofday(&_kdc_now, NULL);
|
||||
if(decode_AS_REQ(buf, len, &req, &i) == 0){
|
||||
ret = as_rep(context, config, &req, reply, from, addr);
|
||||
ret = _kdc_as_rep(context, config, &req, reply, from, addr);
|
||||
free_AS_REQ(&req);
|
||||
return ret;
|
||||
}else if(decode_TGS_REQ(buf, len, &req, &i) == 0){
|
||||
ret = tgs_rep(context, config, &req, reply, from, addr);
|
||||
ret = _kdc_tgs_rep(context, config, &req, reply, from, addr);
|
||||
free_TGS_REQ(&req);
|
||||
return ret;
|
||||
}else if(decode_Ticket(buf, len, &ticket, &i) == 0){
|
||||
ret = do_524(context, config, &ticket, reply, from, addr);
|
||||
ret = _kdc_do_524(context, config, &ticket, reply, from, addr);
|
||||
free_Ticket(&ticket);
|
||||
return ret;
|
||||
} else if(maybe_version4(buf, len)){
|
||||
} else if(_kdc_maybe_version4(buf, len)){
|
||||
*prependlength = FALSE; /* elbitapmoc sdrawkcab XXX */
|
||||
do_version4(context, config, buf, len, reply, from,
|
||||
(struct sockaddr_in*)addr);
|
||||
_kdc_do_version4(context, config, buf, len, reply, from,
|
||||
(struct sockaddr_in*)addr);
|
||||
return 0;
|
||||
} else if (config->enable_kaserver) {
|
||||
ret = do_kaserver(context, config, buf, len, reply, from,
|
||||
(struct sockaddr_in*)addr);
|
||||
ret = _kdc_do_kaserver(context, config, buf, len, reply, from,
|
||||
(struct sockaddr_in*)addr);
|
||||
return ret;
|
||||
}
|
||||
|
||||
@@ -90,25 +90,26 @@ krb5_kdc_process_generic_request(krb5_context context,
|
||||
* This only processes krb5 requests
|
||||
*/
|
||||
|
||||
int krb5_kdc_process_krb5_request(krb5_context context,
|
||||
struct krb5_kdc_configuration *config,
|
||||
unsigned char *buf,
|
||||
size_t len,
|
||||
krb5_data *reply,
|
||||
const char *from,
|
||||
struct sockaddr *addr)
|
||||
int
|
||||
krb5_kdc_process_krb5_request(krb5_context context,
|
||||
krb5_kdc_configuration *config,
|
||||
unsigned char *buf,
|
||||
size_t len,
|
||||
krb5_data *reply,
|
||||
const char *from,
|
||||
struct sockaddr *addr)
|
||||
{
|
||||
KDC_REQ req;
|
||||
krb5_error_code ret;
|
||||
size_t i;
|
||||
|
||||
gettimeofday(&now, NULL);
|
||||
gettimeofday(&_kdc_now, NULL);
|
||||
if(decode_AS_REQ(buf, len, &req, &i) == 0){
|
||||
ret = as_rep(context, config, &req, reply, from, addr);
|
||||
ret = _kdc_as_rep(context, config, &req, reply, from, addr);
|
||||
free_AS_REQ(&req);
|
||||
return ret;
|
||||
}else if(decode_TGS_REQ(buf, len, &req, &i) == 0){
|
||||
ret = tgs_rep(context, config, &req, reply, from, addr);
|
||||
ret = _kdc_tgs_rep(context, config, &req, reply, from, addr);
|
||||
free_TGS_REQ(&req);
|
||||
return ret;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user