oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

prefix pkinit symbols with _kdc

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15544 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2005-07-01 15:37:24 +00:00
parent bef3d96fb7
commit 9af7efed48
4 changed files with 54 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
kdc/config.c
View File

@@ -516,7 +516,7 @@ krb5_kdc_configuration *configure(krb5_context context, int argc, char **argv)
if (x509_anchors == NULL) if (x509_anchors == NULL)
krb5_errx(context, 1, "pkinit enabled but no X509 anchors"); krb5_errx(context, 1, "pkinit enabled but no X509 anchors");
_pk_initialize(context, config, user_id, x509_anchors); _kdc_pk_initialize(context, config, user_id, x509_anchors);
config->enable_pkinit_princ_in_cert = config->enable_pkinit_princ_in_cert =
krb5_config_get_bool_default(context, krb5_config_get_bool_default(context,

36
kdc/kdc_locl.h
View File

@@ -106,25 +106,25 @@ _kdc_do_524(krb5_context context,
#ifdef PKINIT #ifdef PKINIT
typedef struct pk_client_params pk_client_params; typedef struct pk_client_params pk_client_params;
krb5_error_code _pk_initialize(krb5_context, krb5_error_code _kdc_pk_initialize(krb5_context,
krb5_kdc_configuration *, krb5_kdc_configuration *,
const char *, const char *,
const char *); const char *);
krb5_error_code _pk_rd_padata(krb5_context, krb5_kdc_configuration *, krb5_error_code _kdc_pk_rd_padata(krb5_context, krb5_kdc_configuration *,
KDC_REQ *, PA_DATA *, pk_client_params **); KDC_REQ *, PA_DATA *, pk_client_params **);
krb5_error_code _pk_mk_pa_reply(krb5_context, krb5_error_code _kdc_pk_mk_pa_reply(krb5_context,
krb5_kdc_configuration *, krb5_kdc_configuration *,
pk_client_params *, pk_client_params *,
const hdb_entry *, const hdb_entry *,
const KDC_REQ *, const KDC_REQ *,
krb5_keyblock **, krb5_keyblock **,
METHOD_DATA *); METHOD_DATA *);
krb5_error_code _pk_check_client(krb5_context, krb5_error_code _kdc_pk_check_client(krb5_context,
krb5_kdc_configuration *, krb5_kdc_configuration *,
krb5_principal, krb5_principal,
const hdb_entry *, const hdb_entry *,
pk_client_params *, char **); pk_client_params *, char **);
void _pk_free_client_param(krb5_context, pk_client_params *); void _kdc_pk_free_client_param(krb5_context, pk_client_params *);
#endif #endif
/* /*

20
kdc/kerberos5.c
View File

@@ -819,7 +819,7 @@ _kdc_as_rep(krb5_context context,
if (pa) { if (pa) {
char *client_cert = NULL; char *client_cert = NULL;
ret = _pk_rd_padata(context, config, req, pa, &pkp); ret = _kdc_pk_rd_padata(context, config, req, pa, &pkp);
if (ret) { if (ret) {
ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
kdc_log(context, config, 5, kdc_log(context, config, 5,
@@ -830,16 +830,16 @@ _kdc_as_rep(krb5_context context,
if (ret == 0 && pkp == NULL) if (ret == 0 && pkp == NULL)
goto ts_enc; goto ts_enc;
ret = _pk_check_client(context, ret = _kdc_pk_check_client(context,
config, config,
client_princ, client_princ,
client, client,
pkp, pkp,
&client_cert); &client_cert);
if (ret) { if (ret) {
e_text = "PKINIT certificate not allowed to " e_text = "PKINIT certificate not allowed to "
"impersonate principal"; "impersonate principal";
_pk_free_client_param(context, pkp); _kdc_pk_free_client_param(context, pkp);
pkp = NULL; pkp = NULL;
goto ts_enc; goto ts_enc;
} }
@@ -1276,7 +1276,7 @@ _kdc_as_rep(krb5_context context,
reply_key = &ckey->key; reply_key = &ckey->key;
#if PKINIT #if PKINIT
if (pkp) { if (pkp) {
ret = _pk_mk_pa_reply(context, config, pkp, client, req, ret = _kdc_pk_mk_pa_reply(context, config, pkp, client, req,
&reply_key, rep.padata); &reply_key, rep.padata);
if (ret) if (ret)
goto out; goto out;
@@ -1315,7 +1315,7 @@ _kdc_as_rep(krb5_context context,
out2: out2:
#ifdef PKINIT #ifdef PKINIT
if (pkp) if (pkp)
_pk_free_client_param(context, pkp); _kdc_pk_free_client_param(context, pkp);
#endif #endif
if (client_princ) if (client_princ)
krb5_free_principal(context, client_princ); krb5_free_principal(context, client_princ);

49
kdc/pkinit.c
View File

@@ -271,7 +271,8 @@ pk_encrypt_key(krb5_context context,
} }
void void
_pk_free_client_param(krb5_context context, pk_client_params *client_params) _kdc_pk_free_client_param(krb5_context context,
pk_client_params *client_params)
{ {
if (client_params->certificate) if (client_params->certificate)
_krb5_pk_cert_free(client_params->certificate); _krb5_pk_cert_free(client_params->certificate);
@@ -508,11 +509,11 @@ verify_trusted_ca(PA_PK_AS_REQ_19 *r)
#endif /* 0 */ #endif /* 0 */
krb5_error_code krb5_error_code
_pk_rd_padata(krb5_context context, _kdc_pk_rd_padata(krb5_context context,
krb5_kdc_configuration *config, krb5_kdc_configuration *config,
KDC_REQ *req, KDC_REQ *req,
PA_DATA *pa, PA_DATA *pa,
pk_client_params **ret_params) pk_client_params **ret_params)
{ {
pk_client_params *client_params; pk_client_params *client_params;
krb5_error_code ret; krb5_error_code ret;
@@ -822,7 +823,7 @@ _pk_rd_padata(krb5_context context,
krb5_data_free(&eContent); krb5_data_free(&eContent);
free_oid(&eContentType); free_oid(&eContentType);
if (ret) if (ret)
_pk_free_client_param(context, client_params); _kdc_pk_free_client_param(context, client_params);
else else
*ret_params = client_params; *ret_params = client_params;
return ret; return ret;
@@ -1170,13 +1171,13 @@ pk_mk_pa_reply_dh(krb5_context context,
*/ */
krb5_error_code krb5_error_code
_pk_mk_pa_reply(krb5_context context, _kdc_pk_mk_pa_reply(krb5_context context,
krb5_kdc_configuration *config, krb5_kdc_configuration *config,
pk_client_params *client_params, pk_client_params *client_params,
const hdb_entry *client, const hdb_entry *client,
const KDC_REQ *req, const KDC_REQ *req,
krb5_keyblock **reply_key, krb5_keyblock **reply_key,
METHOD_DATA *md) METHOD_DATA *md)
{ {
krb5_error_code ret; krb5_error_code ret;
void *buf; void *buf;
@@ -1436,12 +1437,12 @@ pk_principal_from_X509(krb5_context context,
/* XXX match with issuer too ? */ /* XXX match with issuer too ? */
krb5_error_code krb5_error_code
_pk_check_client(krb5_context context, _kdc_pk_check_client(krb5_context context,
krb5_kdc_configuration *config, krb5_kdc_configuration *config,
krb5_principal client_princ, krb5_principal client_princ,
const hdb_entry *client, const hdb_entry *client,
pk_client_params *client_params, pk_client_params *client_params,
char **subject_name) char **subject_name)
{ {
struct krb5_pk_cert *client_cert = client_params->certificate; struct krb5_pk_cert *client_cert = client_params->certificate;
krb5_principal cert_princ; krb5_principal cert_princ;
@@ -1530,10 +1531,10 @@ add_principal_mapping(krb5_context context,
krb5_error_code krb5_error_code
_pk_initialize(krb5_context context, _kdc_pk_initialize(krb5_context context,
krb5_kdc_configuration *config, krb5_kdc_configuration *config,
const char *user_id, const char *user_id,
const char *x509_anchors) const char *x509_anchors)
{ {
const char *mapping_file; const char *mapping_file;
krb5_error_code ret; krb5_error_code ret;