oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

prefix pkinit symbols with _kdc

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15544 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2005-07-01 15:37:24 +00:00
parent bef3d96fb7
commit 9af7efed48
4 changed files with 54 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
kdc/config.c
View File

@@ -516,7 +516,7 @@ krb5_kdc_configuration *configure(krb5_context context, int argc, char **argv)
if (x509_anchors == NULL)
krb5_errx(context, 1, "pkinit enabled but no X509 anchors");
_pk_initialize(context, config, user_id, x509_anchors);
_kdc_pk_initialize(context, config, user_id, x509_anchors);
config->enable_pkinit_princ_in_cert =
krb5_config_get_bool_default(context,

36
kdc/kdc_locl.h
View File

@@ -106,25 +106,25 @@ _kdc_do_524(krb5_context context,
#ifdef PKINIT
typedef struct pk_client_params pk_client_params;
krb5_error_code _pk_initialize(krb5_context,
krb5_kdc_configuration *,
const char *,
const char *);
krb5_error_code _pk_rd_padata(krb5_context, krb5_kdc_configuration *,
krb5_error_code _kdc_pk_initialize(krb5_context,
krb5_kdc_configuration *,
const char *,
const char *);
krb5_error_code _kdc_pk_rd_padata(krb5_context, krb5_kdc_configuration *,
KDC_REQ *, PA_DATA *, pk_client_params **);
krb5_error_code _pk_mk_pa_reply(krb5_context,
krb5_kdc_configuration *,
pk_client_params *,
const hdb_entry *,
const KDC_REQ *,
krb5_keyblock **,
METHOD_DATA *);
krb5_error_code _pk_check_client(krb5_context,
krb5_kdc_configuration *,
krb5_principal,
const hdb_entry *,
pk_client_params *, char **);
void _pk_free_client_param(krb5_context, pk_client_params *);
krb5_error_code _kdc_pk_mk_pa_reply(krb5_context,
krb5_kdc_configuration *,
pk_client_params *,
const hdb_entry *,
const KDC_REQ *,
krb5_keyblock **,
METHOD_DATA *);
krb5_error_code _kdc_pk_check_client(krb5_context,
krb5_kdc_configuration *,
krb5_principal,
const hdb_entry *,
pk_client_params *, char **);
void _kdc_pk_free_client_param(krb5_context, pk_client_params *);
#endif
/*

20
kdc/kerberos5.c
View File

@@ -819,7 +819,7 @@ _kdc_as_rep(krb5_context context,
if (pa) {
char *client_cert = NULL;
ret = _pk_rd_padata(context, config, req, pa, &pkp);
ret = _kdc_pk_rd_padata(context, config, req, pa, &pkp);
if (ret) {
ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
kdc_log(context, config, 5,
@@ -830,16 +830,16 @@ _kdc_as_rep(krb5_context context,
if (ret == 0 && pkp == NULL)
goto ts_enc;
ret = _pk_check_client(context,
config,
client_princ,
client,
pkp,
&client_cert);
ret = _kdc_pk_check_client(context,
config,
client_princ,
client,
pkp,
&client_cert);
if (ret) {
e_text = "PKINIT certificate not allowed to "
"impersonate principal";
_pk_free_client_param(context, pkp);
_kdc_pk_free_client_param(context, pkp);
pkp = NULL;
goto ts_enc;
}
@@ -1276,7 +1276,7 @@ _kdc_as_rep(krb5_context context,
reply_key = &ckey->key;
#if PKINIT
if (pkp) {
ret = _pk_mk_pa_reply(context, config, pkp, client, req,
ret = _kdc_pk_mk_pa_reply(context, config, pkp, client, req,
&reply_key, rep.padata);
if (ret)
goto out;
@@ -1315,7 +1315,7 @@ _kdc_as_rep(krb5_context context,
out2:
#ifdef PKINIT
if (pkp)
_pk_free_client_param(context, pkp);
_kdc_pk_free_client_param(context, pkp);
#endif
if (client_princ)
krb5_free_principal(context, client_princ);

49
kdc/pkinit.c
View File

@@ -271,7 +271,8 @@ pk_encrypt_key(krb5_context context,
}
void
_pk_free_client_param(krb5_context context, pk_client_params *client_params)
_kdc_pk_free_client_param(krb5_context context,
pk_client_params *client_params)
{
if (client_params->certificate)
_krb5_pk_cert_free(client_params->certificate);
@@ -508,11 +509,11 @@ verify_trusted_ca(PA_PK_AS_REQ_19 *r)
#endif /* 0 */
krb5_error_code
_pk_rd_padata(krb5_context context,
krb5_kdc_configuration *config,
KDC_REQ *req,
PA_DATA *pa,
pk_client_params **ret_params)
_kdc_pk_rd_padata(krb5_context context,
krb5_kdc_configuration *config,
KDC_REQ *req,
PA_DATA *pa,
pk_client_params **ret_params)
{
pk_client_params *client_params;
krb5_error_code ret;
@@ -822,7 +823,7 @@ _pk_rd_padata(krb5_context context,
krb5_data_free(&eContent);
free_oid(&eContentType);
if (ret)
_pk_free_client_param(context, client_params);
_kdc_pk_free_client_param(context, client_params);
else
*ret_params = client_params;
return ret;
@@ -1170,13 +1171,13 @@ pk_mk_pa_reply_dh(krb5_context context,
*/
krb5_error_code
_pk_mk_pa_reply(krb5_context context,
krb5_kdc_configuration *config,
pk_client_params *client_params,
const hdb_entry *client,
const KDC_REQ *req,
krb5_keyblock **reply_key,
METHOD_DATA *md)
_kdc_pk_mk_pa_reply(krb5_context context,
krb5_kdc_configuration *config,
pk_client_params *client_params,
const hdb_entry *client,
const KDC_REQ *req,
krb5_keyblock **reply_key,
METHOD_DATA *md)
{
krb5_error_code ret;
void *buf;
@@ -1436,12 +1437,12 @@ pk_principal_from_X509(krb5_context context,
/* XXX match with issuer too ? */
krb5_error_code
_pk_check_client(krb5_context context,
krb5_kdc_configuration *config,
krb5_principal client_princ,
const hdb_entry *client,
pk_client_params *client_params,
char **subject_name)
_kdc_pk_check_client(krb5_context context,
krb5_kdc_configuration *config,
krb5_principal client_princ,
const hdb_entry *client,
pk_client_params *client_params,
char **subject_name)
{
struct krb5_pk_cert *client_cert = client_params->certificate;
krb5_principal cert_princ;
@@ -1530,10 +1531,10 @@ add_principal_mapping(krb5_context context,
krb5_error_code
_pk_initialize(krb5_context context,
krb5_kdc_configuration *config,
const char *user_id,
const char *x509_anchors)
_kdc_pk_initialize(krb5_context context,
krb5_kdc_configuration *config,
const char *user_id,
const char *x509_anchors)
{
const char *mapping_file;
krb5_error_code ret;