From 01a1e1baef72b2067e24b9a328d888777e6afbbd Mon Sep 17 00:00:00 2001 From: Love Hornquist Astrand Date: Mon, 30 Nov 2009 17:19:13 -0800 Subject: [PATCH 01/64] check that gss_krb5_set_allowable_enctypes works --- lib/gssapi/test_context.c | 74 ++++++++++++++++++++++++++++++++------ tests/gss/check-context.in | 11 ++++++ 2 files changed, 74 insertions(+), 11 deletions(-) diff --git a/lib/gssapi/test_context.c b/lib/gssapi/test_context.c index 633c4bb48..cdfccce60 100644 --- a/lib/gssapi/test_context.c +++ b/lib/gssapi/test_context.c @@ -43,6 +43,7 @@ static char *type_string; static char *mech_string; static char *ret_mech_string; +static char *client_name; static int dns_canon_flag = -1; static int mutual_auth_flag = 0; static int dce_style_flag = 0; @@ -58,10 +59,14 @@ static char *session_enctype_string = NULL; static int client_time_offset = 0; static int server_time_offset = 0; static int max_loops = 0; +static char *limit_enctype_string = NULL; static int version_flag = 0; static int verbose_flag = 0; static int help_flag = 0; +static krb5_context context; +static krb5_enctype limit_enctype = 0; + static struct { const char *name; gss_OID *oid; @@ -452,6 +457,8 @@ static struct getargs args[] = { {"dns-canonicalize",0,arg_negative_flag, &dns_canon_flag, "use dns to canonicalize", NULL }, {"mutual-auth",0, arg_flag, &mutual_auth_flag,"mutual auth", NULL }, + {"client-name", 0, arg_string, &client_name, "client name", NULL }, + {"limit-enctype",0, arg_string, &limit_enctype_string, "enctype", NULL }, {"dce-style",0, arg_flag, &dce_style_flag, "dce-style", NULL }, {"wrapunwrap",0, arg_flag, &wrapunwrap_flag, "wrap/unwrap", NULL }, {"iov", 0, arg_flag, &iov_flag, "wrap/unwrap iov", NULL }, @@ -488,10 +495,13 @@ main(int argc, char **argv) gss_ctx_id_t cctx, sctx; void *ctx; gss_OID nameoid, mechoid, actual_mech, actual_mech2; - gss_cred_id_t deleg_cred = GSS_C_NO_CREDENTIAL; + gss_cred_id_t client_cred = GSS_C_NO_CREDENTIAL, deleg_cred = GSS_C_NO_CREDENTIAL; setprogname(argv[0]); + if (krb5_init_context(&context)) + errx(1, "krb5_init_context"); + cctx = sctx = GSS_C_NO_CONTEXT; if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind)) @@ -531,7 +541,47 @@ main(int argc, char **argv) if (gsskrb5_acceptor_identity) gsskrb5_register_acceptor_identity(gsskrb5_acceptor_identity); - loop(mechoid, nameoid, argv[0], GSS_C_NO_CREDENTIAL, + if (client_name) { + gss_buffer_desc cn; + gss_name_t cname; + cn.value = client_name; + cn.length = strlen(client_name); + maj_stat = gss_import_name(&min_stat, &cn, GSS_C_NT_USER_NAME, &cname); + if (maj_stat) + errx(1, "gss_import_name: %s", + gssapi_err(maj_stat, min_stat, GSS_C_NO_OID)); + + maj_stat = gss_acquire_cred(&min_stat, cname, 0, NULL, + GSS_C_INITIATE, &client_cred, NULL, NULL); + if (GSS_ERROR(maj_stat)) + errx(1, "gss_import_name: %s", + gssapi_err(maj_stat, min_stat, GSS_C_NO_OID)); + gss_release_name(&min_stat, &cname); + } + + if (limit_enctype_string) { + krb5_error_code ret; + + ret = krb5_string_to_enctype(context, + limit_enctype_string, + &limit_enctype); + if (ret) + krb5_err(context, 1, ret, "krb5_string_to_enctype"); + } + + + if (limit_enctype) { + if (client_cred == NULL) + errx(1, "client_cred missing"); + + maj_stat = gss_krb5_set_allowable_enctypes(&min_stat, client_cred, + 1, &limit_enctype); + if (maj_stat) + errx(1, "gss_krb5_set_allowable_enctypes: %s", + gssapi_err(maj_stat, min_stat, GSS_C_NO_OID)); + } + + loop(mechoid, nameoid, argv[0], client_cred, &sctx, &cctx, &actual_mech, &deleg_cred); if (verbose_flag) @@ -549,7 +599,6 @@ main(int argc, char **argv) /* XXX should be actual_mech */ if (gss_oid_equal(mechoid, GSS_KRB5_MECHANISM)) { - krb5_context context; time_t time; gss_buffer_desc authz_data; gss_buffer_desc in, out1, out2; @@ -557,10 +606,6 @@ main(int argc, char **argv) krb5_timestamp now; krb5_error_code ret; - ret = krb5_init_context(&context); - if (ret) - errx(1, "krb5_init_context"); - ret = krb5_timeofday(context, &now); if (ret) errx(1, "krb5_timeofday failed"); @@ -624,6 +669,8 @@ main(int argc, char **argv) if (maj_stat != GSS_S_COMPLETE) keyblock = NULL; + else if (limit_enctype && keyblock->keytype != limit_enctype) + errx(1, "gsskrb5_get_subkey wrong enctype"); maj_stat = gsskrb5_get_subkey(&min_stat, cctx, @@ -635,6 +682,8 @@ main(int argc, char **argv) if (maj_stat != GSS_S_COMPLETE) keyblock2 = NULL; + else if (limit_enctype && keyblock->keytype != limit_enctype) + errx(1, "gsskrb5_get_subkey wrong enctype"); if (keyblock || keyblock2) { if (keyblock == NULL) @@ -679,8 +728,12 @@ main(int argc, char **argv) errx(1, "gsskrb5_get_initiator_subkey failed: %s", gssapi_err(maj_stat, min_stat, actual_mech)); - if (maj_stat == GSS_S_COMPLETE) + if (maj_stat == GSS_S_COMPLETE) { + + if (limit_enctype && keyblock->keytype != limit_enctype) + errx(1, "gsskrb5_get_initiator_subkey wrong enctype"); krb5_free_keyblock(context, keyblock); + } maj_stat = gsskrb5_extract_authz_data_from_sec_context(&min_stat, sctx, @@ -689,8 +742,6 @@ main(int argc, char **argv) if (maj_stat == GSS_S_COMPLETE) gss_release_buffer(&min_stat, &authz_data); - krb5_free_context(context); - memset(&out1, 0, sizeof(out1)); memset(&out2, 0, sizeof(out2)); @@ -866,8 +917,9 @@ main(int argc, char **argv) } - empty_release(); + + krb5_free_context(context); return 0; } diff --git a/tests/gss/check-context.in b/tests/gss/check-context.in index f19ad272a..0380c5d6f 100644 --- a/tests/gss/check-context.in +++ b/tests/gss/check-context.in @@ -264,6 +264,7 @@ echo "====== gss-api session key check" # this will break when oneone invents a cooler enctype then aes256-cts-hmac-sha1-96 coolenctype="aes256-cts-hmac-sha1-96" +limit_enctype="des3-cbc-sha1" echo "Getting client initial tickets" ${kinit} --password-file=${objdir}/foopassword user1@${R} || \ @@ -277,6 +278,16 @@ ${context} \ --name-type=hostbased-service host@no-aes.test.h5l.se || \ { exitcode=1 ; echo "test failed"; } +echo "Building context on cred, check if its limited still" +${context} \ + --mech-type=krb5 \ + --client-name=user1@${R} \ + --limit-enctype="${limit_enctype}" \ + --mutual-auth \ + --name-type=hostbased-service host@no-aes.test.h5l.se || \ + { exitcode=1 ; echo "test failed"; } + + echo "====== ok-as-delegate" echo "Getting client initial tickets" From 7fc0f55b89243e57fb0e2c095255d38a48537cee Mon Sep 17 00:00:00 2001 From: Ted Percival Date: Fri, 4 Dec 2009 13:35:11 -0700 Subject: [PATCH 02/64] Fix duplicate definition of rk_freeifaddrs Introduced by incorrectly moving an ifdef in commit d00f998. Signed-off-by: Love Hornquist Astrand --- lib/roken/getifaddrs.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/roken/getifaddrs.c b/lib/roken/getifaddrs.c index 3770ebbee..d9f4950ca 100644 --- a/lib/roken/getifaddrs.c +++ b/lib/roken/getifaddrs.c @@ -1193,8 +1193,6 @@ rk_getifaddrs(struct ifaddrs **ifap) return ret; } -#endif /* !AF_NETLINK */ - ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL rk_freeifaddrs(struct ifaddrs *ifp) { @@ -1216,6 +1214,8 @@ rk_freeifaddrs(struct ifaddrs *ifp) } } +#endif /* !AF_NETLINK */ + #ifdef TEST void From 54817ef6f3e91c8e88c1db828868414d2093d3c1 Mon Sep 17 00:00:00 2001 From: Ted Percival Date: Fri, 4 Dec 2009 13:39:53 -0700 Subject: [PATCH 03/64] Revert "Try both v4 and v6 socket types" It broke detection of IPv4 addresses on HP-UX machines with an IPv6 loopback address. Successful resolution of at least one IPv6 address would then skip doing a separate IPv4 lookup as required by HP-UX. This reverts commit 76afc31e9ba2f37e64c70adc006ade9e37e9ef73. Signed-off-by: Love Hornquist Astrand --- lib/roken/getifaddrs.c | 33 +++++++++++---------------------- 1 file changed, 11 insertions(+), 22 deletions(-) diff --git a/lib/roken/getifaddrs.c b/lib/roken/getifaddrs.c index d9f4950ca..0ba1b29cf 100644 --- a/lib/roken/getifaddrs.c +++ b/lib/roken/getifaddrs.c @@ -1010,12 +1010,11 @@ getifaddrs2(struct ifaddrs **ifap, #if defined(HAVE_IPV6) && defined(SIOCGLIFCONF) && defined(SIOCGLIFFLAGS) static int getlifaddrs2(struct ifaddrs **ifap, - int siocgifconf, int siocgifflags, + int af, int siocgifconf, int siocgifflags, size_t ifreq_sz) { int ret; - int fd_inet6; - int fd_inet; + int fd; size_t buf_size; char *buf; struct lifconf ifconf; @@ -1028,16 +1027,10 @@ getlifaddrs2(struct ifaddrs **ifap, buf = NULL; memset (&sa_zero, 0, sizeof(sa_zero)); - fd_inet6 = socket(AF_INET6, SOCK_DGRAM, 0); - if (fd_inet6 < 0) + fd = socket(af, SOCK_DGRAM, 0); + if (fd < 0) return -1; - fd_inet = socket(AF_INET, SOCK_DGRAM, 0); - if (fd_inet < 0) { - close(fd_inet6); - return -1; - } - buf_size = 8192; for (;;) { buf = calloc(1, buf_size); @@ -1055,7 +1048,7 @@ getlifaddrs2(struct ifaddrs **ifap, /* * Solaris returns EINVAL when the buffer is too small. */ - if (ioctl (fd_inet, siocgifconf, &ifconf) < 0 && errno != EINVAL) { + if (ioctl (fd, siocgifconf, &ifconf) < 0 && errno != EINVAL) { ret = errno; goto error_out; } @@ -1093,11 +1086,9 @@ getlifaddrs2(struct ifaddrs **ifap, memset (&ifreq, 0, sizeof(ifreq)); memcpy (ifreq.lifr_name, ifr->lifr_name, sizeof(ifr->lifr_name)); - if (ioctl(fd_inet6, siocgifflags, &ifreq) < 0) { - if (ioctl(fd_inet, siocgifflags, &ifreq) < 0) { - ret = errno; - goto error_out; - } + if (ioctl(fd, siocgifflags, &ifreq) < 0) { + ret = errno; + goto error_out; } *end = malloc(sizeof(**end)); @@ -1151,14 +1142,12 @@ getlifaddrs2(struct ifaddrs **ifap, } *ifap = start; - close(fd_inet6); - close(fd_inet); + close(fd); free(buf); return 0; error_out: rk_freeifaddrs(start); - close(fd_inet6); - close(fd_inet); + close(fd); free(buf); errno = ret; return -1; @@ -1177,7 +1166,7 @@ rk_getifaddrs(struct ifaddrs **ifap) #endif #if defined(HAVE_IPV6) && defined(SIOCGLIFCONF) && defined(SIOCGLIFFLAGS) if (ret) - ret = getlifaddrs2 (ifap, SIOCGLIFCONF, SIOCGLIFFLAGS, + ret = getlifaddrs2 (ifap, AF_INET6, SIOCGLIFCONF, SIOCGLIFFLAGS, sizeof(struct lifreq)); #endif #if defined(HAVE_IPV6) && defined(SIOCGIFCONF) From e20183da23270383e37f5a86f462a68329aed6b6 Mon Sep 17 00:00:00 2001 From: Ted Percival Date: Fri, 4 Dec 2009 13:50:29 -0700 Subject: [PATCH 04/64] Fix roken getifaddrs for IPv4 & IPv6 on HP-UX & Solaris HP-UX only returns IPv6 addresses using SIOCGLIFCONF, SIOCGIFCONF has to be used for IPv4 addresses. Solaris uses the same code as described in the comments, which should correctly detect all addresses when running in a zone. Signed-off-by: Love Hornquist Astrand --- lib/roken/getifaddrs.c | 38 ++++++++++++++++++++++++++++++++++++-- 1 file changed, 36 insertions(+), 2 deletions(-) diff --git a/lib/roken/getifaddrs.c b/lib/roken/getifaddrs.c index 0ba1b29cf..019a43342 100644 --- a/lib/roken/getifaddrs.c +++ b/lib/roken/getifaddrs.c @@ -1165,9 +1165,43 @@ rk_getifaddrs(struct ifaddrs **ifap) sizeof(struct in6_ifreq)); #endif #if defined(HAVE_IPV6) && defined(SIOCGLIFCONF) && defined(SIOCGLIFFLAGS) - if (ret) - ret = getlifaddrs2 (ifap, AF_INET6, SIOCGLIFCONF, SIOCGLIFFLAGS, + /* Do IPv6 and IPv4 queries separately then join the result. + * + * HP-UX only returns IPv6 addresses using SIOCGLIFCONF, + * SIOCGIFCONF has to be used for IPv4 addresses. The result is then + * merged. + * + * Solaris needs particular care, because a SIOCGLIFCONF lookup using + * AF_UNSPEC can fail in a Zone requiring an AF_INET lookup, so we just + * do them separately the same as for HP-UX. See + * http://repo.or.cz/w/heimdal.git/commitdiff/76afc31e9ba2f37e64c70adc006ade9e37e9ef73 + */ + if (ret) { + int v6err, v4err; + struct ifaddrs *v6addrs, *v4addrs; + + v6err = getlifaddrs2 (&v6addrs, AF_INET6, SIOCGLIFCONF, SIOCGLIFFLAGS, sizeof(struct lifreq)); + v4err = getifaddrs2 (&v4addrs, AF_INET, SIOCGIFCONF, SIOCGIFFLAGS, + sizeof(struct ifreq)); + if (v6err) + v6addrs = NULL; + if (v4err) + v4addrs = NULL; + + if (v6addrs) { + if (v4addrs) + *ifap = append_ifaddrs(v6addrs, v4addrs); + else + *ifap = v6addrs; + } else if (v4addrs) { + *ifap = v4addrs; + } else { + *ifap = NULL; + } + + ret = (v6err || v4err) ? -1 : 0; + } #endif #if defined(HAVE_IPV6) && defined(SIOCGIFCONF) if (ret) From 5a23717814222a21d471b265d9843ac4d08b64eb Mon Sep 17 00:00:00 2001 From: Love Hornquist Astrand Date: Fri, 4 Dec 2009 21:29:48 -0800 Subject: [PATCH 05/64] use krb5_auth_con_getremoteseqnumber --- lib/gssapi/krb5/inquire_sec_context_by_oid.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/gssapi/krb5/inquire_sec_context_by_oid.c b/lib/gssapi/krb5/inquire_sec_context_by_oid.c index ce01e666f..e0b555392 100644 --- a/lib/gssapi/krb5/inquire_sec_context_by_oid.c +++ b/lib/gssapi/krb5/inquire_sec_context_by_oid.c @@ -302,9 +302,9 @@ export_lucid_sec_context_v1(OM_uint32 *minor_status, if (ret) goto out; ret = krb5_store_uint32(sp, (uint32_t)number); if (ret) goto out; - krb5_auth_getremoteseqnumber (context, - context_handle->auth_context, - &number); + krb5_auth_con_getremoteseqnumber (context, + context_handle->auth_context, + &number); ret = krb5_store_uint32(sp, (uint32_t)0); /* store top half as zero */ if (ret) goto out; ret = krb5_store_uint32(sp, (uint32_t)number); From c402cda0a4c41ac7f9e08d49697f0585a2f74fc5 Mon Sep 17 00:00:00 2001 From: Love Hornquist Astrand Date: Fri, 4 Dec 2009 21:30:06 -0800 Subject: [PATCH 06/64] use krb5_auth_con_getremoteseqnumber --- lib/gssapi/krb5/init_sec_context.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/gssapi/krb5/init_sec_context.c b/lib/gssapi/krb5/init_sec_context.c index 7f84efe35..fd9934a9e 100644 --- a/lib/gssapi/krb5/init_sec_context.c +++ b/lib/gssapi/krb5/init_sec_context.c @@ -255,7 +255,7 @@ gsskrb5_initiator_ready( krb5_cc_close(context, ctx->ccache); ctx->ccache = NULL; - krb5_auth_getremoteseqnumber (context, ctx->auth_context, &seq_number); + krb5_auth_con_getremoteseqnumber (context, ctx->auth_context, &seq_number); _gsskrb5i_is_cfx(context, ctx, 0); is_cfx = (ctx->more_flags & IS_CFX); @@ -782,7 +782,7 @@ repl_mutual * for the gss_wrap calls. */ - krb5_auth_getremoteseqnumber(context, ctx->auth_context, &remote_seq); + krb5_auth_con_getremoteseqnumber(context, ctx->auth_context, &remote_seq); krb5_auth_con_getlocalseqnumber(context, ctx->auth_context, &local_seq); krb5_auth_con_setlocalseqnumber(context, ctx->auth_context, remote_seq); From 5b7780b997c1891b14a334d444f9c129470d31d3 Mon Sep 17 00:00:00 2001 From: Love Hornquist Astrand Date: Fri, 4 Dec 2009 21:35:18 -0800 Subject: [PATCH 07/64] use krb5_auth_con_getremoteseqnumber --- lib/gssapi/krb5/accept_sec_context.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/lib/gssapi/krb5/accept_sec_context.c b/lib/gssapi/krb5/accept_sec_context.c index 355d1c433..e3ba189b3 100644 --- a/lib/gssapi/krb5/accept_sec_context.c +++ b/lib/gssapi/krb5/accept_sec_context.c @@ -207,9 +207,9 @@ gsskrb5_acceptor_ready(OM_uint32 * minor_status, int32_t seq_number; int is_cfx = 0; - krb5_auth_getremoteseqnumber (context, - ctx->auth_context, - &seq_number); + krb5_auth_con_getremoteseqnumber (context, + ctx->auth_context, + &seq_number); _gsskrb5i_is_cfx(context, ctx, 1); is_cfx = (ctx->more_flags & IS_CFX); @@ -669,9 +669,9 @@ acceptor_wait_for_dcestyle(OM_uint32 * minor_status, return GSS_S_FAILURE; } - kret = krb5_auth_getremoteseqnumber(context, - ctx->auth_context, - &r_seq_number); + kret = krb5_auth_con_getremoteseqnumber(context, + ctx->auth_context, + &r_seq_number); if (kret) { *minor_status = kret; return GSS_S_FAILURE; @@ -749,9 +749,9 @@ acceptor_wait_for_dcestyle(OM_uint32 * minor_status, { int32_t tmp_r_seq_number, tmp_l_seq_number; - kret = krb5_auth_getremoteseqnumber(context, - ctx->auth_context, - &tmp_r_seq_number); + kret = krb5_auth_con_getremoteseqnumber(context, + ctx->auth_context, + &tmp_r_seq_number); if (kret) { *minor_status = kret; return GSS_S_FAILURE; From e347f1da9567aeba416c04b10316627b26ed01b1 Mon Sep 17 00:00:00 2001 From: Love Hornquist Astrand Date: Sat, 5 Dec 2009 16:40:26 -0800 Subject: [PATCH 08/64] fill in all bits for NTLM flags --- lib/ntlm/heimntlm.h | 32 ++++++++++++++++++++++++++++---- 1 file changed, 28 insertions(+), 4 deletions(-) diff --git a/lib/ntlm/heimntlm.h b/lib/ntlm/heimntlm.h index c1ed23ec1..03f97d0b8 100644 --- a/lib/ntlm/heimntlm.h +++ b/lib/ntlm/heimntlm.h @@ -46,21 +46,45 @@ struct ntlm_buf { }; #define NTLM_NEG_UNICODE 0x00000001 +#define NTLM_NEG_OEM 0x00000002 #define NTLM_NEG_TARGET 0x00000004 +#define NTLM_MBZ9 0x00000008 + #define NTLM_NEG_SIGN 0x00000010 #define NTLM_NEG_SEAL 0x00000020 +#define NTLM_NEG_DATAGRAM 0x00000040 +#define NTLM_NEG_LM_KEY 0x00000080 + +#define NTLM_MBZ8 0x00000100 #define NTLM_NEG_NTLM 0x00000200 +#define NTLM_NEG_NT_ONLY 0x00000400 +#define NTLM_MBZ7 0x00000800 -#define NTLM_SUPPLIED_DOMAIN 0x00001000 -#define NTLM_SUPPLIED_WORKSTAION 0x00002000 - +#define NTLM_OEM_SUPPLIED_DOMAIN 0x00001000 +#define NTLM_OEM_SUPPLIED_WORKSTAION 0x00002000 +#define NTLM_MBZ6 0x00004000 #define NTLM_NEG_ALWAYS_SIGN 0x00008000 -#define NTLM_NEG_NTLM2_SESSION 0x00080000 #define NTLM_TARGET_DOMAIN 0x00010000 #define NTLM_TARGET_SERVER 0x00020000 +#define NTLM_TARGET_SHARE 0x00040000 +#define NTLM_NEG_NTLM2_SESSION 0x00080000 +#define NTLM_NEG_NTLM2 0x00080000 + +#define NTLM_NEG_IDENTIFY 0x00100000 +#define NTLM_MBZ5 0x00200000 +#define NTLM_NON_NT_SESSION_KEY 0x00400000 +#define NTLM_NEG_TARGET_INFO 0x00800000 + +#define NTLM_MBZ4 0x01000000 +#define NTLM_NEG_VERSION 0x02000000 +#define NTLM_MBZ3 0x04000000 +#define NTLM_MBZ2 0x08000000 + +#define NTLM_MBZ1 0x10000000 #define NTLM_ENC_128 0x20000000 #define NTLM_NEG_KEYEX 0x40000000 +#define NTLM_NEGOTIATE_56 0x80000000 /** * Struct for the NTLM target info, the strings is assumed to be in From b6460f7364b1b894408401c0c6c0b75a20900287 Mon Sep 17 00:00:00 2001 From: Love Hornquist Astrand Date: Sat, 5 Dec 2009 16:45:29 -0800 Subject: [PATCH 09/64] document some mbz flags from wireshark --- lib/ntlm/heimntlm.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/ntlm/heimntlm.h b/lib/ntlm/heimntlm.h index 03f97d0b8..0fcc832e1 100644 --- a/lib/ntlm/heimntlm.h +++ b/lib/ntlm/heimntlm.h @@ -58,11 +58,11 @@ struct ntlm_buf { #define NTLM_MBZ8 0x00000100 #define NTLM_NEG_NTLM 0x00000200 #define NTLM_NEG_NT_ONLY 0x00000400 -#define NTLM_MBZ7 0x00000800 +#define NTLM_MBZ7 0x00000800 /* anon ? */ #define NTLM_OEM_SUPPLIED_DOMAIN 0x00001000 #define NTLM_OEM_SUPPLIED_WORKSTAION 0x00002000 -#define NTLM_MBZ6 0x00004000 +#define NTLM_MBZ6 0x00004000 /* local call ? */ #define NTLM_NEG_ALWAYS_SIGN 0x00008000 #define NTLM_TARGET_DOMAIN 0x00010000 From 778df10ddce0cb890316a087305fa11d2bbb5153 Mon Sep 17 00:00:00 2001 From: Kamen Mazdrashki Date: Sun, 6 Dec 2009 04:05:45 +0200 Subject: [PATCH 10/64] krb5: Fix leaked hx509_context pointer Signed-off-by: Love Hornquist Astrand --- lib/krb5/context.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/krb5/context.c b/lib/krb5/context.c index 15e4c5022..4141c090a 100644 --- a/lib/krb5/context.c +++ b/lib/krb5/context.c @@ -483,6 +483,10 @@ krb5_free_context(krb5_context context) krb5_set_ignore_addresses(context, NULL); krb5_set_send_to_kdc_func(context, NULL, NULL); +#ifdef PKINIT + hx509_context_free(&context->hx509ctx); +#endif + HEIMDAL_MUTEX_destroy(context->mutex); free(context->mutex); From c93cea7ea643f74fe36f1b6c06a9f9a59e10c950 Mon Sep 17 00:00:00 2001 From: Ted Percival Date: Fri, 4 Dec 2009 13:50:29 -0700 Subject: [PATCH 11/64] Fix roken getifaddrs for IPv4 & IPv6 on HP-UX & Solaris HP-UX only returns IPv6 addresses using SIOCGLIFCONF, SIOCGIFCONF has to be used for IPv4 addresses. Solaris uses the same code as described in the comments, which should correctly detect all addresses when running in a zone. This adds the code that went missing from commit e20183da. Signed-off-by: Love Hornquist Astrand --- lib/roken/getifaddrs.c | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/lib/roken/getifaddrs.c b/lib/roken/getifaddrs.c index 019a43342..1e0583b7d 100644 --- a/lib/roken/getifaddrs.c +++ b/lib/roken/getifaddrs.c @@ -1039,7 +1039,7 @@ getlifaddrs2(struct ifaddrs **ifap, goto error_out; } #ifndef __hpux - ifconf.lifc_family = AF_UNSPEC; + ifconf.lifc_family = af; ifconf.lifc_flags = 0; #endif ifconf.lifc_len = buf_size; @@ -1154,6 +1154,27 @@ getlifaddrs2(struct ifaddrs **ifap, } #endif /* defined(HAVE_IPV6) && defined(SIOCGLIFCONF) && defined(SIOCGLIFFLAGS) */ +/** + * Join two struct ifaddrs lists by appending supp to base. + * Either may be NULL. The new list head (usually base) will be + * returned. + */ +static struct ifaddrs * +append_ifaddrs(struct ifaddrs *base, struct ifaddrs *supp) { + if (!base) + return supp; + + if (!supp) + return base; + + while (base->ifa_next) + base = base->ifa_next; + + base->ifa_next = supp; + + return base; +} + ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rk_getifaddrs(struct ifaddrs **ifap) { From a92eef46683385e60d63c9ea556b8ead036822e4 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 8 Dec 2009 04:15:41 +1100 Subject: [PATCH 12/64] s4-heimdal: fixed a use-after-free heimdal bug s4-heimdal: fixed a use-after-free heimdal bug This caused samba4kinit to segfault on some systems Signed-off-by: Love Hornquist Astrand --- lib/krb5/init_creds_pw.c | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/krb5/init_creds_pw.c b/lib/krb5/init_creds_pw.c index c910fea13..eb3373494 100644 --- a/lib/krb5/init_creds_pw.c +++ b/lib/krb5/init_creds_pw.c @@ -1541,6 +1541,7 @@ krb5_init_creds_set_keytab(krb5_context context, /* remove old list of etype */ if (etypes) free(etypes); + etypes = NULL; netypes = 0; kvno = entry.vno; } else if (entry.vno != kvno) From 5e43df65a5d4294eebc1cac6e79b2602fa5a89e3 Mon Sep 17 00:00:00 2001 From: Love Hornquist Astrand Date: Mon, 7 Dec 2009 21:10:52 -0800 Subject: [PATCH 13/64] make compile --- lib/ntlm/ntlm.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/lib/ntlm/ntlm.c b/lib/ntlm/ntlm.c index 36a04f1ff..5a867b2c3 100644 --- a/lib/ntlm/ntlm.c +++ b/lib/ntlm/ntlm.c @@ -422,9 +422,9 @@ heim_ntlm_decode_type1(const struct ntlm_buf *buf, struct ntlm_type1 *data) CHECK(krb5_ret_uint32(in, &type), 0); CHECK(type, 1); CHECK(krb5_ret_uint32(in, &data->flags), 0); - if (data->flags & NTLM_SUPPLIED_DOMAIN) + if (data->flags & NTLM_OEM_SUPPLIED_DOMAIN) CHECK(ret_sec_buffer(in, &domain), 0); - if (data->flags & NTLM_SUPPLIED_WORKSTAION) + if (data->flags & NTLM_OEM_SUPPLIED_WORKSTAION) CHECK(ret_sec_buffer(in, &hostname), 0); #if 0 if (domain.offset > 32) { @@ -432,9 +432,9 @@ heim_ntlm_decode_type1(const struct ntlm_buf *buf, struct ntlm_type1 *data) CHECK(krb5_ret_uint32(in, &data->os[1]), 0); } #endif - if (data->flags & NTLM_SUPPLIED_DOMAIN) + if (data->flags & NTLM_OEM_SUPPLIED_DOMAIN) CHECK(ret_string(in, 0, &domain, &data->domain), 0); - if (data->flags & NTLM_SUPPLIED_WORKSTAION) + if (data->flags & NTLM_OEM_SUPPLIED_WORKSTAION) CHECK(ret_string(in, 0, &hostname, &data->hostname), 0); out: @@ -472,11 +472,11 @@ heim_ntlm_encode_type1(const struct ntlm_type1 *type1, struct ntlm_buf *data) if (type1->domain) { base += 8; - flags |= NTLM_SUPPLIED_DOMAIN; + flags |= NTLM_OEM_SUPPLIED_DOMAIN; } if (type1->hostname) { base += 8; - flags |= NTLM_SUPPLIED_WORKSTAION; + flags |= NTLM_OEM_SUPPLIED_WORKSTAION; } if (type1->os[0]) base += 8; From e3044663df2cfcafd5bf4e2ea6f2a1ba1503d8ea Mon Sep 17 00:00:00 2001 From: Love Hornquist Astrand Date: Mon, 7 Dec 2009 21:15:29 -0800 Subject: [PATCH 14/64] add version script to libotp --- lib/otp/Makefile.am | 4 ++++ lib/otp/version-script.map | 24 ++++++++++++++++++++++++ 2 files changed, 28 insertions(+) create mode 100644 lib/otp/version-script.map diff --git a/lib/otp/Makefile.am b/lib/otp/Makefile.am index 80f99bf01..12077a189 100644 --- a/lib/otp/Makefile.am +++ b/lib/otp/Makefile.am @@ -40,6 +40,10 @@ if do_roken_rename ROKEN_SRCS = snprintf.c strcasecmp.c strncasecmp.c strlwr.c strlcpy.c strlcat.c endif +if versionscript +libotp_la_LDFLAGS += $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map +endif + $(libotp_la_OBJECTS): $(ndbm_wrap) ndbm_wrap.c: diff --git a/lib/otp/version-script.map b/lib/otp/version-script.map new file mode 100644 index 000000000..c6acbfdae --- /dev/null +++ b/lib/otp/version-script.map @@ -0,0 +1,24 @@ +HEIMDAL_OTP_1.0 { + global: + otp_challenge; + otp_checksum; + otp_db_close; + otp_db_open; + otp_delete; + otp_error; + otp_get; + otp_parse; + otp_parse_altdict; + otp_parse_hex; + otp_parse_stddict; + otp_print_hex; + otp_print_hex_extended; + otp_print_stddict; + otp_print_stddict_extended; + otp_put; + otp_simple_get; + otp_verify_user; + otp_verify_user_1; + local: + *; +}; From d57236a5202d6a8b5b526d8318965274c330f78a Mon Sep 17 00:00:00 2001 From: Love Hornquist Astrand Date: Mon, 7 Dec 2009 21:16:43 -0800 Subject: [PATCH 15/64] add back krb5_version and krb5_long_version to libkrb5, hide them in libvers prompted by bug reported by Markus Moeller --- configure.ac | 7 +++++-- lib/krb5/version.c | 2 -- lib/vers/print_version.c | 2 ++ 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/configure.ac b/configure.ac index 5bca7c6c0..48bd2f0f9 100644 --- a/configure.ac +++ b/configure.ac @@ -628,8 +628,11 @@ dnl This is the release version name-number[beta] dnl cat > include/newversion.h.in < +#define VERSION_HIDDEN static + #include "roken.h" #include "version.h" From c867fd3e2ef9df4637a0f9a43259718d2782b3e8 Mon Sep 17 00:00:00 2001 From: Love Hornquist Astrand Date: Tue, 8 Dec 2009 00:15:10 -0800 Subject: [PATCH 16/64] Make libtool pull in the depenency on libldap Put in explicy depenency on libdap so that libtool might to the right thing for us. Patch from Jan Rekorajski --- kadmin/Makefile.am | 1 - kcm/Makefile.am | 1 - kdc/Makefile.am | 4 ---- kpasswd/Makefile.am | 1 - lib/hdb/Makefile.am | 6 ++++-- lib/kadm5/Makefile.am | 2 -- 6 files changed, 4 insertions(+), 11 deletions(-) diff --git a/kadmin/Makefile.am b/kadmin/Makefile.am index 03617ee79..327ee1d05 100644 --- a/kadmin/Makefile.am +++ b/kadmin/Makefile.am @@ -61,7 +61,6 @@ check_PROGRAMS = $(TESTS) LDADD_common = \ $(top_builddir)/lib/hdb/libhdb.la \ - $(LIB_openldap) \ $(top_builddir)/lib/krb5/libkrb5.la \ $(LIB_hcrypto) \ $(top_builddir)/lib/asn1/libasn1.la \ diff --git a/kcm/Makefile.am b/kcm/Makefile.am index 5973d9759..519a8aab6 100644 --- a/kcm/Makefile.am +++ b/kcm/Makefile.am @@ -31,7 +31,6 @@ $(kcm_OBJECTS): $(srcdir)/kcm-protos.h man_MANS = kcm.8 LDADD = $(top_builddir)/lib/hdb/libhdb.la \ - $(LIB_openldap) \ $(top_builddir)/lib/krb5/libkrb5.la \ $(LIB_krb4) \ $(LIB_hcrypto) \ diff --git a/kdc/Makefile.am b/kdc/Makefile.am index cd3ab84a7..b87fa02d5 100644 --- a/kdc/Makefile.am +++ b/kdc/Makefile.am @@ -70,7 +70,6 @@ $(srcdir)/kdc-private.h: hprop_LDADD = \ $(top_builddir)/lib/hdb/libhdb.la \ - $(LIB_openldap) \ $(top_builddir)/lib/krb5/libkrb5.la \ $(LIB_kdb) $(LIB_krb4) \ $(LIB_hcrypto) \ @@ -80,7 +79,6 @@ hprop_LDADD = \ hpropd_LDADD = \ $(top_builddir)/lib/hdb/libhdb.la \ - $(LIB_openldap) \ $(top_builddir)/lib/krb5/libkrb5.la \ $(LIB_kdb) $(LIB_krb4) \ $(LIB_hcrypto) \ @@ -95,7 +93,6 @@ endif libkdc_la_LIBADD = \ $(LIB_pkinit) \ $(top_builddir)/lib/hdb/libhdb.la \ - $(LIB_openldap) \ $(top_builddir)/lib/krb5/libkrb5.la \ $(LIB_kdb) $(LIB_krb4) \ $(top_builddir)/lib/ntlm/libheimntlm.la \ @@ -105,7 +102,6 @@ libkdc_la_LIBADD = \ $(DBLIB) LDADD = $(top_builddir)/lib/hdb/libhdb.la \ - $(LIB_openldap) \ $(top_builddir)/lib/krb5/libkrb5.la \ $(LIB_krb4) \ $(LIB_hcrypto) \ diff --git a/kpasswd/Makefile.am b/kpasswd/Makefile.am index 83509053e..2c1d3056c 100644 --- a/kpasswd/Makefile.am +++ b/kpasswd/Makefile.am @@ -19,7 +19,6 @@ kpasswdd_SOURCES = kpasswdd.c kpasswd_locl.h kpasswdd_LDADD = \ $(top_builddir)/lib/kadm5/libkadm5srv.la \ $(top_builddir)/lib/hdb/libhdb.la \ - $(LIB_openldap) \ $(LDADD) \ $(LIB_pidfile) \ $(LIB_dlopen) \ diff --git a/lib/hdb/Makefile.am b/lib/hdb/Makefile.am index 2310f4c44..6925cc601 100644 --- a/lib/hdb/Makefile.am +++ b/lib/hdb/Makefile.am @@ -47,11 +47,13 @@ if OPENLDAP_MODULE ldap_so = hdb_ldap.la hdb_ldap_la_SOURCES = hdb-ldap.c -hdb_ldap_la_LDFLAGS = -module +hdb_ldap_la_LDFLAGS = -module -avoid-version +hdb_ldap_la_LIBADD = $(LIB_openldap) libhdb.la else ldap = hdb-ldap.c +ldap_lib = $(LIB_openldap) endif @@ -95,7 +97,7 @@ libhdb_la_LIBADD = \ ../asn1/libasn1.la \ $(LIB_sqlite3) \ $(LIBADD_roken) \ - $(LIB_openldap) \ + $(ldap_lib) \ $(LIB_dlopen) \ $(DBLIB) \ $(LIB_NDBM) diff --git a/lib/kadm5/Makefile.am b/lib/kadm5/Makefile.am index 6a56c0221..09f6d4b95 100644 --- a/lib/kadm5/Makefile.am +++ b/lib/kadm5/Makefile.am @@ -125,7 +125,6 @@ man_MANS = kadm5_pwcheck.3 iprop.8 iprop-log.8 LDADD = \ libkadm5srv.la \ $(top_builddir)/lib/hdb/libhdb.la \ - $(LIB_openldap) \ $(top_builddir)/lib/krb5/libkrb5.la \ $(top_builddir)/lib/asn1/libasn1.la \ $(LIB_hcrypto) \ @@ -137,7 +136,6 @@ LDADD = \ iprop_log_LDADD = \ libkadm5srv.la \ $(top_builddir)/lib/hdb/libhdb.la \ - $(LIB_openldap) \ $(top_builddir)/lib/krb5/libkrb5.la \ $(top_builddir)/lib/asn1/libasn1.la \ $(LIB_hcrypto) \ From 4835144bb2c095142fcd468128ef13585b3ea0c8 Mon Sep 17 00:00:00 2001 From: Love Hornquist Astrand Date: Wed, 9 Dec 2009 22:40:10 +0100 Subject: [PATCH 17/64] Install kadm5-pwcheck.h header Prompted by bug from Russ Allbery --- lib/kadm5/Makefile.am | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/kadm5/Makefile.am b/lib/kadm5/Makefile.am index 09f6d4b95..dd311fdc6 100644 --- a/lib/kadm5/Makefile.am +++ b/lib/kadm5/Makefile.am @@ -32,7 +32,9 @@ default_keys_SOURCES = default_keys.c kadm5includedir = $(includedir)/kadm5 buildkadm5include = $(buildinclude)/kadm5 -dist_kadm5include_HEADERS = admin.h private.h kadm5-protos.h kadm5-private.h +dist_kadm5include_HEADERS = admin.h private.h kadm5-pwcheck.h +dist_kadm5include_HEADERS += kadm5-protos.h kadm5-private.h + nodist_kadm5include_HEADERS = kadm5_err.h install-build-headers:: $(dist_kadm5include_HEADERS) $(nodist_kadm5include_HEADERS) @@ -69,7 +71,6 @@ dist_libkadm5clnt_la_SOURCES = \ randkey_c.c \ rename_c.c \ send_recv.c \ - kadm5-pwcheck.h \ admin.h nodist_libkadm5clnt_la_SOURCES = \ @@ -106,7 +107,6 @@ dist_libkadm5srv_la_SOURCES = \ server_glue.c \ set_keys.c \ set_modifier.c \ - kadm5-pwcheck.h \ admin.h nodist_libkadm5srv_la_SOURCES = \ From bfcdeda3b42346a05984143261548092f7bf57b6 Mon Sep 17 00:00:00 2001 From: Ted Percival Date: Thu, 10 Dec 2009 15:14:10 -0700 Subject: [PATCH 18/64] Fix memory leak in fcc_move This usually occurs when re-initializing a file credential cache over the top of an existing one. This was meant to be fixed in commit 48cb3aa by calling fcc_destroy(), but that only unlinks the "from" file (which was already renamed or unlinked) but still doesn't free the in-memory credentials. Using fcc_close() instead of fcc_destroy() frees the leaked in-memory credentials. Signed-off-by: Love Hornquist Astrand --- lib/krb5/fcache.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/krb5/fcache.c b/lib/krb5/fcache.c index 037745efc..da5f54914 100644 --- a/lib/krb5/fcache.c +++ b/lib/krb5/fcache.c @@ -968,7 +968,7 @@ fcc_move(krb5_context context, krb5_ccache from, krb5_ccache to) close(fd); } - fcc_destroy(context, from); + fcc_close(context, from); return ret; } From bafa4d7e96dc62038b3193c2ada4bd87f0c28c97 Mon Sep 17 00:00:00 2001 From: Love Hornquist Astrand Date: Thu, 10 Dec 2009 23:49:49 +0100 Subject: [PATCH 19/64] add Ted Percival --- doc/ack.texi | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/ack.texi b/doc/ack.texi index 52a530154..5d5916da5 100644 --- a/doc/ack.texi +++ b/doc/ack.texi @@ -81,6 +81,7 @@ Bugfixes, documentation, encouragement, and code has been contributed by: @item Roman Divacky @item Sho Hosoda, 細田 将 @item Stefan Metzmacher +@item Ted Percival @item Victor Guerra @item Zeqing Xia @item Åke Sandgren From 3f1ba393c59cd55f4a39071411668731428bb710 Mon Sep 17 00:00:00 2001 From: Love Hornquist Astrand Date: Fri, 11 Dec 2009 03:14:15 +0100 Subject: [PATCH 20/64] bump -version-info --- lib/krb5/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/krb5/Makefile.am b/lib/krb5/Makefile.am index 30d1c3779..cd8474e8a 100644 --- a/lib/krb5/Makefile.am +++ b/lib/krb5/Makefile.am @@ -187,7 +187,7 @@ dist_libkrb5_la_SOURCES = \ nodist_libkrb5_la_SOURCES = \ $(ERR_FILES) -libkrb5_la_LDFLAGS = -version-info 25:0:0 +libkrb5_la_LDFLAGS = -version-info 26:0:0 if versionscript libkrb5_la_LDFLAGS += $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map From 85ad70e23047fb75bf6b34abf1dc9eae0f5b2a4c Mon Sep 17 00:00:00 2001 From: Love Hornquist Astrand Date: Sun, 13 Dec 2009 11:02:46 -0800 Subject: [PATCH 21/64] fix type for strerror_r --- lib/roken/strerror_r.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/roken/strerror_r.c b/lib/roken/strerror_r.c index 60bf108d0..d2ed9a97a 100644 --- a/lib/roken/strerror_r.c +++ b/lib/roken/strerror_r.c @@ -40,8 +40,8 @@ extern int sys_nerr; extern char *sys_errlist[]; -char* ROKEN_LIB_FUNCTION -strerror_r(int eno, char *strerrbuf, size_t buflen) +int ROKEN_LIB_FUNCTION +rk_strerror_r(int eno, char *strerrbuf, size_t buflen) { int ret; if(eno < 0 || eno >= sys_nerr) { From 74527a0bb224fd510e5c718e23f8bc4307c90957 Mon Sep 17 00:00:00 2001 From: Love Hornquist Astrand Date: Sun, 13 Dec 2009 11:15:38 -0800 Subject: [PATCH 22/64] if we have strerror_r, assume its the non standard strerror_r --- lib/roken/strerror_r.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/lib/roken/strerror_r.c b/lib/roken/strerror_r.c index d2ed9a97a..ea32b6a1e 100644 --- a/lib/roken/strerror_r.c +++ b/lib/roken/strerror_r.c @@ -37,12 +37,23 @@ #include #include +#ifndef HAVE_STRERROR_R extern int sys_nerr; extern char *sys_errlist[]; +#endif int ROKEN_LIB_FUNCTION rk_strerror_r(int eno, char *strerrbuf, size_t buflen) { + /* Assume is the linux broken strerror_r (returns the a buffer (char *) if the input buffer wasn't use */ +#ifdef HAVE_STRERROR_R + const char *str; + str = strerror_r(eno, strerrbuf, buflen); + if (str != strerrbuf) + if (strlcpy(strerrbuf, str, buflen) >= buflen) + return ERANGE; + return 0; +#else int ret; if(eno < 0 || eno >= sys_nerr) { snprintf(strerrbuf, buflen, "Error %d occurred.", eno); @@ -52,4 +63,5 @@ rk_strerror_r(int eno, char *strerrbuf, size_t buflen) if (ret > buflen) return ERANGE; return 0; +#endif } From da84ccc31d1bc68c1b905c1145b087d1d1e3edca Mon Sep 17 00:00:00 2001 From: Love Hornquist Astrand Date: Sun, 13 Dec 2009 11:24:07 -0800 Subject: [PATCH 23/64] require automake 1.10.3 since it fixes security problems in the generated files --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 48bd2f0f9..04e352460 100644 --- a/configure.ac +++ b/configure.ac @@ -7,7 +7,7 @@ AC_CONFIG_SRCDIR([kuser/kinit.c]) AC_CONFIG_HEADERS(include/config.h) AC_CONFIG_MACRO_DIR([cf]) -AM_INIT_AUTOMAKE([foreign 1.10]) +AM_INIT_AUTOMAKE([foreign 1.10.3]) AM_MAINTAINER_MODE dnl Checks for programs. From 75aa4b44fa3b175a357f5cf9701e57c1b3324478 Mon Sep 17 00:00:00 2001 From: Love Hornquist Astrand Date: Sun, 13 Dec 2009 11:42:12 -0800 Subject: [PATCH 24/64] switch to rk_strerror_r --- lib/krb5/acl.c | 2 +- lib/krb5/auth_context.c | 4 ++-- lib/krb5/fcache.c | 12 ++++++------ lib/krb5/replay.c | 10 +++++----- 4 files changed, 14 insertions(+), 14 deletions(-) diff --git a/lib/krb5/acl.c b/lib/krb5/acl.c index d547dc50d..331232bdb 100644 --- a/lib/krb5/acl.c +++ b/lib/krb5/acl.c @@ -257,7 +257,7 @@ krb5_acl_match_file(krb5_context context, f = fopen(file, "r"); if(f == NULL) { int save_errno = errno; - strerror_r(save_errno, buf, sizeof(buf)); + rk_rk_strerror_r(save_errno, buf, sizeof(buf)); krb5_set_error_message(context, save_errno, N_("open(%s): %s", "file, errno"), file, buf); diff --git a/lib/krb5/auth_context.c b/lib/krb5/auth_context.c index 153260bb1..7f048e1dd 100644 --- a/lib/krb5/auth_context.c +++ b/lib/krb5/auth_context.c @@ -173,7 +173,7 @@ krb5_auth_con_genaddrs(krb5_context context, if(getsockname(fd, local, &len) < 0) { char buf[128]; ret = errno; - strerror_r(ret, buf, sizeof(buf)); + rk_rk_strerror_r(ret, buf, sizeof(buf)); krb5_set_error_message(context, ret, "getsockname: %s", buf); goto out; } @@ -191,7 +191,7 @@ krb5_auth_con_genaddrs(krb5_context context, if(getpeername(fd, remote, &len) < 0) { char buf[128]; ret = errno; - strerror_r(ret, buf, sizeof(buf)); + rk_rk_strerror_r(ret, buf, sizeof(buf)); krb5_set_error_message(context, ret, "getpeername: %s", buf); goto out; } diff --git a/lib/krb5/fcache.c b/lib/krb5/fcache.c index da5f54914..9528d5419 100644 --- a/lib/krb5/fcache.c +++ b/lib/krb5/fcache.c @@ -99,7 +99,7 @@ _krb5_xlock(krb5_context context, int fd, krb5_boolean exclusive, break; default: { char buf[128]; - strerror_r(ret, buf, sizeof(buf)); + rk_strerror_r(ret, buf, sizeof(buf)); krb5_set_error_message(context, ret, N_("error locking cache file %s: %s", "file, error"), filename, buf); @@ -133,7 +133,7 @@ _krb5_xunlock(krb5_context context, int fd) break; default: { char buf[128]; - strerror_r(ret, buf, sizeof(buf)); + rk_strerror_r(ret, buf, sizeof(buf)); krb5_set_error_message(context, ret, N_("Failed to unlock file: %s", ""), buf); break; @@ -377,7 +377,7 @@ fcc_open(krb5_context context, if(fd < 0) { char buf[128]; ret = errno; - strerror_r(ret, buf, sizeof(buf)); + rk_strerror_r(ret, buf, sizeof(buf)); krb5_set_error_message(context, ret, N_("open(%s): %s", "file, error"), filename, buf); return ret; @@ -441,7 +441,7 @@ fcc_initialize(krb5_context context, if (ret == 0) { char buf[128]; ret = errno; - strerror_r(ret, buf, sizeof(buf)); + rk_strerror_r(ret, buf, sizeof(buf)); krb5_set_error_message (context, ret, N_("close %s: %s", ""), FILENAME(id), buf); } @@ -496,7 +496,7 @@ fcc_store_cred(krb5_context context, if (close(fd) < 0) { if (ret == 0) { char buf[128]; - strerror_r(ret, buf, sizeof(buf)); + rk_strerror_r(ret, buf, sizeof(buf)); ret = errno; krb5_set_error_message (context, ret, N_("close %s: %s", ""), FILENAME(id), buf); @@ -901,7 +901,7 @@ fcc_move(krb5_context context, krb5_ccache from, krb5_ccache to) if (ret && errno != EXDEV) { char buf[128]; ret = errno; - strerror_r(ret, buf, sizeof(buf)); + rk_strerror_r(ret, buf, sizeof(buf)); krb5_set_error_message(context, ret, N_("Rename of file from %s " "to %s failed: %s", ""), diff --git a/lib/krb5/replay.c b/lib/krb5/replay.c index 0cad91e43..d6316febd 100644 --- a/lib/krb5/replay.c +++ b/lib/krb5/replay.c @@ -135,7 +135,7 @@ krb5_rc_initialize(krb5_context context, if(f == NULL) { char buf[128]; ret = errno; - strerror_r(ret, buf, sizeof(buf)); + rk_strerror_r(ret, buf, sizeof(buf)); krb5_set_error_message(context, ret, "open(%s): %s", id->name, buf); return ret; } @@ -161,7 +161,7 @@ krb5_rc_destroy(krb5_context context, if(remove(id->name) < 0) { char buf[128]; ret = errno; - strerror_r(ret, buf, sizeof(buf)); + rk_strerror_r(ret, buf, sizeof(buf)); krb5_set_error_message(context, ret, "remove(%s): %s", id->name, buf); return ret; } @@ -212,7 +212,7 @@ krb5_rc_store(krb5_context context, if(f == NULL) { char buf[128]; ret = errno; - strerror_r(ret, buf, sizeof(buf)); + rk_strerror_r(ret, buf, sizeof(buf)); krb5_set_error_message(context, ret, "open(%s): %s", id->name, buf); return ret; } @@ -232,7 +232,7 @@ krb5_rc_store(krb5_context context, char buf[128]; ret = errno; fclose(f); - strerror_r(ret, buf, sizeof(buf)); + rk_strerror_r(ret, buf, sizeof(buf)); krb5_set_error_message(context, ret, "%s: %s", id->name, buf); return ret; @@ -241,7 +241,7 @@ krb5_rc_store(krb5_context context, f = fopen(id->name, "a"); if(f == NULL) { char buf[128]; - strerror_r(errno, buf, sizeof(buf)); + rk_strerror_r(errno, buf, sizeof(buf)); krb5_set_error_message(context, KRB5_RC_IO_UNKNOWN, "open(%s): %s", id->name, buf); return KRB5_RC_IO_UNKNOWN; From 6dcf1c947bd12d0ad412b6d359da2d538e19ee5b Mon Sep 17 00:00:00 2001 From: Love Hornquist Astrand Date: Sun, 13 Dec 2009 12:01:31 -0800 Subject: [PATCH 25/64] Try handle strerror_r more correct --- cf/roken-frag.m4 | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/cf/roken-frag.m4 b/cf/roken-frag.m4 index ae78e7e91..ab63a0904 100644 --- a/cf/roken-frag.m4 +++ b/cf/roken-frag.m4 @@ -311,7 +311,6 @@ case "$host_os" in AC_BROKEN([daemon]) ;; esac - AC_BROKEN([ \ chown \ copyhostent \ @@ -357,7 +356,6 @@ AC_BROKEN([ \ strcasecmp \ strdup \ strerror \ - strerror_r \ strftime \ strlcat \ strlcpy \ @@ -502,6 +500,19 @@ AC_REQUIRE([rk_BROKEN_REALLOC])dnl dnl AC_KRB_FUNC_GETCWD_BROKEN +dnl strerror_r is great fun, on linux it exists before sus catched up, +dnl so the return type is diffrent, lets check for both + +AC_PROTO_COMPAT([ +#include +#include +], +strerror_r, int strerror_r(int, char *, size_t)) + +AC_CHECK_FUNC([strerror_r], + [AC_DEFINE_UNQUOTED(HAVE_STRERROR_R, 1, + [Define if you have the function strerror_r.])]) + dnl dnl Checks for prototypes and declarations dnl From 2f07a7d29d55dc31f09885699c5d5fc22bc9ae76 Mon Sep 17 00:00:00 2001 From: Love Hornquist Astrand Date: Sun, 13 Dec 2009 12:02:28 -0800 Subject: [PATCH 26/64] Try handle strerror_r more correct --- lib/roken/roken.h.in | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/roken/roken.h.in b/lib/roken/roken.h.in index bf36c7eff..4c7d66694 100644 --- a/lib/roken/roken.h.in +++ b/lib/roken/roken.h.in @@ -461,12 +461,12 @@ ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL getdtablesize(void); ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL strerror(int); #endif -#if !defined(HAVE_STRERROR) && !defined(strerror) -#define strerror_r rk_strerror_r -int ROKEN_LIB_FUNCTION strerror_r(int, char *, size_t); +#if !defined(HAVE_STRERROR_R) && !defined(strerror_r) && !defined(STRERROR_R_PROTO_COMPATIBLE) +int ROKEN_LIB_FUNCTION rk_strerror_r(int, char *, size_t); +#else +#define rk_strerror_r strerror_r #endif - #if !defined(HAVE_HSTRERROR) || defined(NEED_HSTRERROR_PROTO) #ifndef HAVE_HSTRERROR #define hstrerror rk_hstrerror From 5312f4de31df74c81bebd83ab17f44ff930f1444 Mon Sep 17 00:00:00 2001 From: Love Hornquist Astrand Date: Sun, 13 Dec 2009 12:02:46 -0800 Subject: [PATCH 27/64] always include strerror_r.c --- lib/roken/Makefile.am | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/roken/Makefile.am b/lib/roken/Makefile.am index eb4d41a29..f4e97e7ab 100644 --- a/lib/roken/Makefile.am +++ b/lib/roken/Makefile.am @@ -100,6 +100,7 @@ libroken_la_SOURCES = \ snprintf.c \ socket.c \ strcollect.c \ + strerror_r.c \ strpool.c \ timeval.c \ tm2time.c \ From 77e382a2e02a6cee04a1d12028b2517b0295147b Mon Sep 17 00:00:00 2001 From: Love Hornquist Astrand Date: Sun, 13 Dec 2009 12:03:04 -0800 Subject: [PATCH 28/64] handle that we always include strerror_r.c --- lib/roken/strerror_r.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/roken/strerror_r.c b/lib/roken/strerror_r.c index ea32b6a1e..2acc8a8c0 100644 --- a/lib/roken/strerror_r.c +++ b/lib/roken/strerror_r.c @@ -33,6 +33,8 @@ #include +#if !defined(HAVE_STRERROR_R) && !defined(STRERROR_R_PROTO_COMPATIBLE) + #include #include #include @@ -65,3 +67,5 @@ rk_strerror_r(int eno, char *strerrbuf, size_t buflen) return 0; #endif } + +#endif From 0a4b702cf12f78fd9805fd249e16142f6d4762eb Mon Sep 17 00:00:00 2001 From: Love Hornquist Astrand Date: Sun, 13 Dec 2009 12:22:33 -0800 Subject: [PATCH 29/64] less dup rk_ --- lib/krb5/acl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/krb5/acl.c b/lib/krb5/acl.c index 331232bdb..66fd80cea 100644 --- a/lib/krb5/acl.c +++ b/lib/krb5/acl.c @@ -257,7 +257,7 @@ krb5_acl_match_file(krb5_context context, f = fopen(file, "r"); if(f == NULL) { int save_errno = errno; - rk_rk_strerror_r(save_errno, buf, sizeof(buf)); + rk_strerror_r(save_errno, buf, sizeof(buf)); krb5_set_error_message(context, save_errno, N_("open(%s): %s", "file, errno"), file, buf); From 659868bf1bf55558936523b52bff8f78148cddf7 Mon Sep 17 00:00:00 2001 From: Love Hornquist Astrand Date: Sun, 13 Dec 2009 12:24:09 -0800 Subject: [PATCH 30/64] drop -version-info --- lib/ipc/Makefile.am | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/ipc/Makefile.am b/lib/ipc/Makefile.am index b3f3ba05f..a5fd57152 100644 --- a/lib/ipc/Makefile.am +++ b/lib/ipc/Makefile.am @@ -9,8 +9,8 @@ libheim_ipcs_la_SOURCES = server.c common.c include_HEADERS = heim-ipc.h -libheim_ipcc_la_LDFLAGS = -version-info 0:0:0 -libheim_ipcs_la_LDFLAGS = -version-info 0:0:0 +#libheim_ipcc_la_LDFLAGS = -version-info 0:0:0 +#libheim_ipcs_la_LDFLAGS = -version-info 0:0:0 libheim_ipcc_la_LIBADD = \ $(LIB_roken) From fff93502278400bd3d549ce4f8abd9dc725df6a4 Mon Sep 17 00:00:00 2001 From: Love Hornquist Astrand Date: Sun, 13 Dec 2009 12:24:47 -0800 Subject: [PATCH 31/64] less dup rk_ --- lib/krb5/auth_context.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/krb5/auth_context.c b/lib/krb5/auth_context.c index 7f048e1dd..34ab18584 100644 --- a/lib/krb5/auth_context.c +++ b/lib/krb5/auth_context.c @@ -173,7 +173,7 @@ krb5_auth_con_genaddrs(krb5_context context, if(getsockname(fd, local, &len) < 0) { char buf[128]; ret = errno; - rk_rk_strerror_r(ret, buf, sizeof(buf)); + rk_strerror_r(ret, buf, sizeof(buf)); krb5_set_error_message(context, ret, "getsockname: %s", buf); goto out; } @@ -191,7 +191,7 @@ krb5_auth_con_genaddrs(krb5_context context, if(getpeername(fd, remote, &len) < 0) { char buf[128]; ret = errno; - rk_rk_strerror_r(ret, buf, sizeof(buf)); + rk_strerror_r(ret, buf, sizeof(buf)); krb5_set_error_message(context, ret, "getpeername: %s", buf); goto out; } From baf83f0b3df71a8189cb89871a871fb904b8ce7d Mon Sep 17 00:00:00 2001 From: Love Hornquist Astrand Date: Sun, 13 Dec 2009 13:24:44 -0800 Subject: [PATCH 32/64] unix -> u --- lib/ipc/ts.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/ipc/ts.c b/lib/ipc/ts.c index c5594c221..4867eca89 100644 --- a/lib/ipc/ts.c +++ b/lib/ipc/ts.c @@ -74,7 +74,7 @@ test_service(void *ctx, const heim_idata *req, int main(int argc, char **argv) { - heim_sipc unix; + heim_sipc u; int optidx = 0; setprogname(argv[0]); @@ -98,7 +98,7 @@ main(int argc, char **argv) } #endif heim_sipc_service_unix("org.h5l.test-ipc", - test_service, NULL, &unix); + test_service, NULL, &u); heim_ipc_main(); return 0; From 722a54f6bac0d8fa73792e3c9d8a6a80c49d618a Mon Sep 17 00:00:00 2001 From: Love Hornquist Astrand Date: Sun, 13 Dec 2009 13:29:02 -0800 Subject: [PATCH 33/64] add missing ; --- lib/krb5/version-script.map | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/krb5/version-script.map b/lib/krb5/version-script.map index fff13a41e..d68e630f0 100644 --- a/lib/krb5/version-script.map +++ b/lib/krb5/version-script.map @@ -117,7 +117,7 @@ HEIMDAL_KRB5_2.0 { krb5_cc_set_kdc_offset; krb5_cc_start_seq_get; krb5_cc_store_cred; - krb5_cc_support_switch + krb5_cc_support_switch; krb5_cc_switch; krb5_cc_set_friendly_name; krb5_change_password; From 8df64cb19544a4570ae7f65ce992ecd202166dc5 Mon Sep 17 00:00:00 2001 From: Love Hornquist Astrand Date: Sun, 13 Dec 2009 13:33:41 -0800 Subject: [PATCH 34/64] add krb5_auth_con_getremoteseqnumber --- lib/krb5/version-script.map | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/krb5/version-script.map b/lib/krb5/version-script.map index d68e630f0..d06f16b9c 100644 --- a/lib/krb5/version-script.map +++ b/lib/krb5/version-script.map @@ -39,6 +39,7 @@ HEIMDAL_KRB5_2.0 { krb5_auth_con_getlocalseqnumber; krb5_auth_con_getlocalsubkey; krb5_auth_con_getrcache; + krb5_auth_con_getremoteseqnumber; krb5_auth_con_getremotesubkey; krb5_auth_con_init; krb5_auth_con_removeflags; From 936c3bbd7eb1bc1ecf006af8c1e29379db1135ac Mon Sep 17 00:00:00 2001 From: Love Hornquist Astrand Date: Sun, 13 Dec 2009 13:52:34 -0800 Subject: [PATCH 35/64] add otp_find_alg --- lib/otp/version-script.map | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/otp/version-script.map b/lib/otp/version-script.map index c6acbfdae..499943f29 100644 --- a/lib/otp/version-script.map +++ b/lib/otp/version-script.map @@ -6,6 +6,7 @@ HEIMDAL_OTP_1.0 { otp_db_open; otp_delete; otp_error; + otp_find_alg; otp_get; otp_parse; otp_parse_altdict; From 2613e3c9734dfdb03fc225dc5740dee2ece2a4b6 Mon Sep 17 00:00:00 2001 From: Love Hornquist Astrand Date: Sun, 13 Dec 2009 15:10:52 -0800 Subject: [PATCH 36/64] x --- lib/ipc/Makefile.am | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/lib/ipc/Makefile.am b/lib/ipc/Makefile.am index a5fd57152..cc10f8fae 100644 --- a/lib/ipc/Makefile.am +++ b/lib/ipc/Makefile.am @@ -9,19 +9,23 @@ libheim_ipcs_la_SOURCES = server.c common.c include_HEADERS = heim-ipc.h +## +## Enable when this is not a noinst_ library +## #libheim_ipcc_la_LDFLAGS = -version-info 0:0:0 #libheim_ipcs_la_LDFLAGS = -version-info 0:0:0 +# +#if versionscript +#libheim_ipcc_la_LDFLAGS += $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-scriptc.map +#libheim_ipcs_la_LDFLAGS += $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-scripts.map +#endif + libheim_ipcc_la_LIBADD = \ $(LIB_roken) libheim_ipcs_la_LIBADD = $(libheim_ipcc_la_LIBADD) -if versionscript -libheim_ipcc_la_LDFLAGS += $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-scriptc.map -libheim_ipcs_la_LDFLAGS += $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-scripts.map -endif - TESTS = $(check_PROGRAMS) noinst_PROGRAMS = tc ts From daef47b7daa09f92de5fa11f857517ca6e9939f8 Mon Sep 17 00:00:00 2001 From: Love Hornquist Astrand Date: Sun, 13 Dec 2009 15:36:14 -0800 Subject: [PATCH 37/64] don't define SQLITE_THREADSAFE just because THREADSAFE is set --- lib/sqlite/sqlite3.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/lib/sqlite/sqlite3.c b/lib/sqlite/sqlite3.c index 5319e3be8..780d4ad6a 100644 --- a/lib/sqlite/sqlite3.c +++ b/lib/sqlite/sqlite3.c @@ -367,12 +367,8 @@ SQLITE_PRIVATE void sqlite3Coverage(int); ** We support that for legacy */ #if !defined(SQLITE_THREADSAFE) -#if defined(THREADSAFE) -# define SQLITE_THREADSAFE THREADSAFE -#else # define SQLITE_THREADSAFE 1 #endif -#endif /* ** The SQLITE_DEFAULT_MEMSTATUS macro must be defined as either 0 or 1. From b0feb58f325ce8c5fb8ccc61cecc579e14f1fd1c Mon Sep 17 00:00:00 2001 From: Love Hornquist Astrand Date: Sun, 13 Dec 2009 15:43:02 -0800 Subject: [PATCH 38/64] remove invalid $Id$ --- lib/ipc/Makefile.am | 3 --- 1 file changed, 3 deletions(-) diff --git a/lib/ipc/Makefile.am b/lib/ipc/Makefile.am index cc10f8fae..cda1d4a5b 100644 --- a/lib/ipc/Makefile.am +++ b/lib/ipc/Makefile.am @@ -1,5 +1,3 @@ -# $Id: Makefile.am,v 1.1 2004/12/20 08:31:45 assar Exp $ - include $(top_srcdir)/Makefile.am.common noinst_LTLIBRARIES = libheim-ipcc.la libheim-ipcs.la @@ -20,7 +18,6 @@ include_HEADERS = heim-ipc.h #libheim_ipcs_la_LDFLAGS += $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-scripts.map #endif - libheim_ipcc_la_LIBADD = \ $(LIB_roken) From 8991a408472d754fba3019905192a9c1818b005d Mon Sep 17 00:00:00 2001 From: Love Hornquist Astrand Date: Sun, 13 Dec 2009 16:35:50 -0800 Subject: [PATCH 39/64] add PTHREADS_LIBS --- lib/sqlite/Makefile.am | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/sqlite/Makefile.am b/lib/sqlite/Makefile.am index f30829a07..d97a86587 100644 --- a/lib/sqlite/Makefile.am +++ b/lib/sqlite/Makefile.am @@ -7,3 +7,5 @@ lib_LTLIBRARIES = libheimsqlite.la noinst_HEADERS = sqlite3.h sqlite3ext.h libheimsqlite_la_SOURCES = sqlite3.c + +libheimsqlite_la_LIBADD = $(PTHREADS_LIBS) From 85327d624282740edaeb2cb9d595c5a94e96ed35 Mon Sep 17 00:00:00 2001 From: Love Hornquist Astrand Date: Sun, 13 Dec 2009 22:47:23 -0800 Subject: [PATCH 40/64] freebsd supports pthreads --- cf/pthreads.m4 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cf/pthreads.m4 b/cf/pthreads.m4 index f08a9fe1f..b86b0e34b 100644 --- a/cf/pthreads.m4 +++ b/cf/pthreads.m4 @@ -19,17 +19,17 @@ case "$host" in PTHREADS_LIBS=-mt fi ;; -*-*-netbsd[12]*) +*-*-netbsd[[12]]*) native_pthread_support="if running netbsd 1.6T or newer" dnl heim_threads.h knows this PTHREADS_LIBS="-lpthread" ;; -*-*-netbsd[3456789]*) +*-*-netbsd[[3456789]]*) native_pthread_support="netbsd 3 uses explict pthread" dnl heim_threads.h knows this PTHREADS_LIBS="-lpthread" ;; -*-*-freebsd5*) +*-*-freebsd[[56789]]*) native_pthread_support=yes ;; *-*-openbsd*) From a80ec519cd81282aabebfdc617d839c6a458e59e Mon Sep 17 00:00:00 2001 From: Love Hornquist Astrand Date: Sun, 13 Dec 2009 22:48:56 -0800 Subject: [PATCH 41/64] condition threadsafe on ENABLE_PTHREAD_SUPPORT --- lib/sqlite/sqlite3.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/lib/sqlite/sqlite3.c b/lib/sqlite/sqlite3.c index 780d4ad6a..37964b71f 100644 --- a/lib/sqlite/sqlite3.c +++ b/lib/sqlite/sqlite3.c @@ -366,6 +366,12 @@ SQLITE_PRIVATE void sqlite3Coverage(int); ** Older versions of SQLite used an optional THREADSAFE macro. ** We support that for legacy */ +#ifdef ENABLE_PTHREAD_SUPPORT +#define SQLITE_THREADSAFE 1 +#else +#define SQLITE_THREADSAFE 0 +#endif + #if !defined(SQLITE_THREADSAFE) # define SQLITE_THREADSAFE 1 #endif From 9f5772050b4094ed3e4803d3d1bf5c57a732d2b2 Mon Sep 17 00:00:00 2001 From: Love Hornquist Astrand Date: Sun, 13 Dec 2009 22:55:36 -0800 Subject: [PATCH 42/64] Match old code and use krb5_sname_to_principal on the imported name for acquire cred. Reported by Jan Rekorajski --- lib/gssapi/krb5/acquire_cred.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/gssapi/krb5/acquire_cred.c b/lib/gssapi/krb5/acquire_cred.c index 696171dcf..7e448dcfb 100644 --- a/lib/gssapi/krb5/acquire_cred.c +++ b/lib/gssapi/krb5/acquire_cred.c @@ -339,7 +339,7 @@ OM_uint32 _gsskrb5_acquire_cred if (desired_name != GSS_C_NO_NAME) { - ret = _gsskrb5_canon_name(minor_status, context, 0, NULL, + ret = _gsskrb5_canon_name(minor_status, context, 1, NULL, desired_name, &handle->principal); if (ret) { HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex); From 9accf9f36ac2a54f94a3821a2e46f55b0f3c92d0 Mon Sep 17 00:00:00 2001 From: Love Hornquist Astrand Date: Mon, 14 Dec 2009 14:06:51 -0800 Subject: [PATCH 43/64] add Jan Rekorajski --- doc/ack.texi | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/ack.texi b/doc/ack.texi index 5d5916da5..80e56db92 100644 --- a/doc/ack.texi +++ b/doc/ack.texi @@ -55,6 +55,7 @@ Bugfixes, documentation, encouragement, and code has been contributed by: @item Frank van der Linden @item Guido Günther @item Jason McIntyre +@item Jan Rekorajski @item Johan Gadsjö @item Johan Ihrén @item John Center From 986aff5a861cd99422a83933152fb77d9d519249 Mon Sep 17 00:00:00 2001 From: Love Hornquist Astrand Date: Mon, 14 Dec 2009 16:05:10 -0800 Subject: [PATCH 44/64] (kcm_send_request): if heim_ipc_init_context, we have not kcm --- lib/krb5/kcm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/krb5/kcm.c b/lib/krb5/kcm.c index d1d6c534d..01ea18477 100644 --- a/lib/krb5/kcm.c +++ b/lib/krb5/kcm.c @@ -78,7 +78,7 @@ kcm_send_request(krb5_context context, ret = heim_ipc_init_context(kcm_ipc_name, &kcm_ipc); HEIMDAL_MUTEX_unlock(&kcm_mutex); if (ret) - return ret; + return KRB5_CC_NOSUPP; ret = krb5_storage_to_data(request, &request_data); if (ret) { From a740ee89bca47fd80af041b3546f38e14d706cd0 Mon Sep 17 00:00:00 2001 From: Love Hornquist Astrand Date: Mon, 14 Dec 2009 17:16:59 -0800 Subject: [PATCH 45/64] Check for duplicates, already loaded mechs --- lib/gssapi/mech/gss_mech_switch.c | 32 +++++++++++++++++++++++++------ 1 file changed, 26 insertions(+), 6 deletions(-) diff --git a/lib/gssapi/mech/gss_mech_switch.c b/lib/gssapi/mech/gss_mech_switch.c index d060badfe..3a3254646 100644 --- a/lib/gssapi/mech/gss_mech_switch.c +++ b/lib/gssapi/mech/gss_mech_switch.c @@ -190,7 +190,8 @@ add_builtin(gssapi_mech_interface mech) if (m->gm_mech.gm_inquire_names_for_mech) { (*m->gm_mech.gm_inquire_names_for_mech)(&minor_status, &m->gm_mech.gm_mech_oid, &m->gm_name_types); - } else { + } + if (m->gm_name_types == NULL) { gss_create_empty_oid_set(&minor_status, &m->gm_name_types); } @@ -211,6 +212,8 @@ _gss_load_mech(void) char *name, *oid, *lib, *kobj; struct _gss_mech_switch *m; void *so; + gss_OID_desc mech_oid; + int found; HEIMDAL_MUTEX_lock(&_gss_mech_mutex); @@ -253,6 +256,23 @@ _gss_load_mech(void) if (!name || !oid || !lib || !kobj) continue; + if (_gss_string_to_oid(oid, &mech_oid)) + continue; + + /* + * Check for duplicates, already loaded mechs. + */ + found = 0; + SLIST_FOREACH(m, &_gss_mechs, gm_link) { + if (gss_oid_equal(&m->gm_mech.gm_mech_oid, &mech_oid)) { + found = 1; + free(mech_oid.elements); + break; + } + } + if (found) + continue; + #ifndef RTLD_LOCAL #define RTLD_LOCAL 0 #endif @@ -260,17 +280,17 @@ _gss_load_mech(void) so = dlopen(lib, RTLD_LAZY | RTLD_LOCAL); if (!so) { /* fprintf(stderr, "dlopen: %s\n", dlerror()); */ + free(mech_oid.elements); continue; } m = malloc(sizeof(*m)); - if (!m) + if (!m) { + free(mech_oid.elements); break; - m->gm_so = so; - if (_gss_string_to_oid(oid, &m->gm_mech.gm_mech_oid)) { - free(m); - continue; } + m->gm_so = so; + m->gm_mech.gm_mech_oid = mech_oid; m->gm_mech.gm_flags = 0; major_status = gss_add_oid_set_member(&minor_status, From baf9c1c85b2c15b946e86a854d7678f25c9e0e35 Mon Sep 17 00:00:00 2001 From: Love Hornquist Astrand Date: Mon, 14 Dec 2009 18:25:04 -0800 Subject: [PATCH 46/64] in sh, equal compare is really = for strings, not == --- tests/gss/check-context.in | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/gss/check-context.in b/tests/gss/check-context.in index 0380c5d6f..96e8c2649 100644 --- a/tests/gss/check-context.in +++ b/tests/gss/check-context.in @@ -175,11 +175,11 @@ ${context} --no-dns-canon --name-type=krb5-principal-name host/lucid || \ echo "======test context building" for mech in krb5 krb5iov spnego spnegoiov; do - if [ "$mech" == "krb5iov" ] ; then + if [ "$mech" = "krb5iov" ] ; then mech="krb5" iov="--iov" fi - if [ "$mech" == "spnegoiov" ] ; then + if [ "$mech" = "spnegoiov" ] ; then mech="spnego" iov="--iov" fi @@ -215,11 +215,11 @@ done echo "======dce-style" for mech in krb5 krb5iov spnego; do iov="" - if [ "$mech" == "krb5iov" ] ; then + if [ "$mech" = "krb5iov" ] ; then mech="krb5" iov="--iov" fi - if [ "$mech" == "spnegoiov" ] ; then + if [ "$mech" = "spnegoiov" ] ; then mech="spnego" iov="--iov" fi From eadb8838cb7863a1f13442ff388936d0c3826b0a Mon Sep 17 00:00:00 2001 From: Love Hornquist Astrand Date: Mon, 14 Dec 2009 21:40:16 -0800 Subject: [PATCH 47/64] use calloc(), indent more prettier --- lib/gssapi/mech/gss_mech_switch.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/lib/gssapi/mech/gss_mech_switch.c b/lib/gssapi/mech/gss_mech_switch.c index 3a3254646..5fc41d995 100644 --- a/lib/gssapi/mech/gss_mech_switch.c +++ b/lib/gssapi/mech/gss_mech_switch.c @@ -176,9 +176,9 @@ add_builtin(gssapi_mech_interface mech) if (mech == NULL) return 0; - m = malloc(sizeof(*m)); + m = calloc(1, sizeof(*m)); if (m == NULL) - return 1; + return ENOMEM; m->gm_so = NULL; m->gm_mech = *mech; m->gm_mech_oid = mech->gm_mech_oid; /* XXX */ @@ -187,13 +187,12 @@ add_builtin(gssapi_mech_interface mech) /* pick up the oid sets of names */ - if (m->gm_mech.gm_inquire_names_for_mech) { + if (m->gm_mech.gm_inquire_names_for_mech) (*m->gm_mech.gm_inquire_names_for_mech)(&minor_status, &m->gm_mech.gm_mech_oid, &m->gm_name_types); - } - if (m->gm_name_types == NULL) { + + if (m->gm_name_types == NULL) gss_create_empty_oid_set(&minor_status, &m->gm_name_types); - } SLIST_INSERT_HEAD(&_gss_mechs, m, gm_link); return 0; From 45260b1fda8bcc3678cf777df56c9d8b1a022fac Mon Sep 17 00:00:00 2001 From: Love Hornquist Astrand Date: Mon, 14 Dec 2009 22:11:19 -0800 Subject: [PATCH 48/64] sprinkle 'echo "test failed"' --- tests/gss/check-context.in | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/tests/gss/check-context.in b/tests/gss/check-context.in index 96e8c2649..caa039690 100644 --- a/tests/gss/check-context.in +++ b/tests/gss/check-context.in @@ -126,7 +126,8 @@ trap "kill ${kdcpid}; echo signal killing kdc; exit 1;" EXIT exitcode=0 echo "Getting client initial tickets" -${kinit} --password-file=${objdir}/foopassword --forwardable user1@${R} || exitcode=1 +${kinit} --password-file=${objdir}/foopassword --forwardable user1@${R} || \ + { exitcode=1 ; echo "test failed"; } echo "======test unreadable/non existant keytab and its error message" ${context} --mech-type=krb5 host@lucid.test.h5l.se || \ @@ -292,7 +293,8 @@ echo "====== ok-as-delegate" echo "Getting client initial tickets" ${kinit} --forwardable \ - --password-file=${objdir}/foopassword user1@${R} || exitcode=1 + --password-file=${objdir}/foopassword user1@${R} || \ + { exitcode=1 ; echo "test failed"; } echo "ok-as-delegate not used" ${context} \ @@ -318,7 +320,8 @@ ${context} \ echo "Getting client initial tickets with --ok-as-delgate" ${kinit} --ok-as-delegate --forwardable \ - --password-file=${objdir}/foopassword user1@${R} || exitcode=1 + --password-file=${objdir}/foopassword user1@${R} || \ + { exitcode=1 ; echo "test failed"; } echo "policy delegate to non delegate host" ${context} \ @@ -357,7 +360,8 @@ ${context} \ echo "======time diffs between client and server" echo "Getting client initial ticket" -${kinit} --password-file=${objdir}/foopassword user1@${R} || exitcode=1 +${kinit} --password-file=${objdir}/foopassword user1@${R} || \ + { exitcode=1 ; echo "test failed"; } echo "No time offset" ${context} \ @@ -389,7 +393,8 @@ ${context} \ echo "Getting client initial ticket" ${kinit} --password-file=${objdir}/foopassword user1@${R} || exitcode=1 # Pre-poplute the cache since tgs-req will fail since our time is wrong -${kgetcred} host/lucid.test.h5l.se@${R} || exitcode=1 +${kgetcred} host/lucid.test.h5l.se@${R} || \ + { exitcode=1 ; echo "test failed"; } echo "Client time offset" ${context} \ From 36566c31a079761ba24f5335695d430f70e04456 Mon Sep 17 00:00:00 2001 From: Love Hornquist Astrand Date: Mon, 14 Dec 2009 22:12:29 -0800 Subject: [PATCH 49/64] sprinkle more 'echo "test failed"' --- tests/gss/check-context.in | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/tests/gss/check-context.in b/tests/gss/check-context.in index caa039690..3587f7cf9 100644 --- a/tests/gss/check-context.in +++ b/tests/gss/check-context.in @@ -391,7 +391,8 @@ ${context} \ { exitcode=1 ; echo "test failed"; } echo "Getting client initial ticket" -${kinit} --password-file=${objdir}/foopassword user1@${R} || exitcode=1 +${kinit} --password-file=${objdir}/foopassword user1@${R} || \ + { exitcode=1 ; echo "test failed"; } # Pre-poplute the cache since tgs-req will fail since our time is wrong ${kgetcred} host/lucid.test.h5l.se@${R} || \ { exitcode=1 ; echo "test failed"; } @@ -407,7 +408,8 @@ ${context} \ echo "Getting client initial tickets (use-referrals)" ${kinit} \ --password-file=${objdir}/foopassword \ - --use-referrals user1@${R} || exitcode=1 + --use-referrals user1@${R} || \ + { exitcode=1 ; echo "test failed"; } # XXX these tests really need to use somethat that resolve to something ${context} \ From 3a42c1f7cbaec2f4a35896d807c041ceebc77b4e Mon Sep 17 00:00:00 2001 From: Love Hornquist Astrand Date: Mon, 14 Dec 2009 22:43:37 -0800 Subject: [PATCH 50/64] More debug logging --- tests/gss/check-context.in | 181 ++++++++++++++++++------------------- 1 file changed, 90 insertions(+), 91 deletions(-) diff --git a/tests/gss/check-context.in b/tests/gss/check-context.in index 3587f7cf9..8740bd506 100644 --- a/tests/gss/check-context.in +++ b/tests/gss/check-context.in @@ -123,56 +123,56 @@ fi trap "kill ${kdcpid}; echo signal killing kdc; exit 1;" EXIT -exitcode=0 +testfailed="echo test failed; cat messages.log; exit 1" -echo "Getting client initial tickets" +echo "Getting client initial tickets" ; > messages.log ${kinit} --password-file=${objdir}/foopassword --forwardable user1@${R} || \ - { exitcode=1 ; echo "test failed"; } + { eval "$testfailed"; } -echo "======test unreadable/non existant keytab and its error message" +echo "======test unreadable/non existant keytab and its error message" ; > messages.log ${context} --mech-type=krb5 host@lucid.test.h5l.se || \ - { exitcode=1 ; echo "test failed"; } + { eval "$testfailed"; } mv ${keytabfile} ${keytabfile}.no -echo "checking non existant keytabfile (krb5)" +echo "checking non existant keytabfile (krb5)" ; > messages.log ${context} --mech-type=krb5 host@lucid.test.h5l.se > test_context.log 2>&1 && \ - { exitcode=1 ; echo "test failed"; } + { eval "$testfailed"; } grep ${keytabfile} test_context.log > /dev/null || \ - { exitcode=1 ; echo "string missing failed"; } -echo "checking non existant keytabfile (spengo)" + { echo "string missing failed"; eval "$testfailed"; } +echo "checking non existant keytabfile (spengo)" ; > messages.log ${context} --mech-type=spnego host@lucid.test.h5l.se > test_context.log 2>&1 && \ - { exitcode=1 ; echo "test failed"; } + { eval "$testfailed"; } grep ${keytabfile} test_context.log > /dev/null || \ - { exitcode=1 ; echo "string missing failed"; } + { echo "string missing failed"; eval "$testfailed"; } mv ${keytabfile}.no ${keytabfile} echo "======test naming combinations" -echo "plain" +echo "plain" ; > messages.log ${context} --name-type=hostbased-service host@lucid.test.h5l.se || \ - { exitcode=1 ; echo "test failed"; } -echo "plain (krb5)" + { eval "$testfailed"; } +echo "plain (krb5)" ; > messages.log ${context} --name-type=krb5-principal-name host/lucid.test.h5l.se@${R} || \ - { exitcode=1 ; echo "test failed"; } -echo "plain (krb5 realmless)" + { eval "$testfailed"; } +echo "plain (krb5 realmless)" ; > messages.log ${context} --name-type=krb5-principal-name host/lucid.test.h5l.se || \ - { exitcode=1 ; echo "test failed"; } -echo "dns canon on (long name) OFF, need dns_wrapper" + { eval "$testfailed"; } +echo "dns canon on (long name) OFF, need dns_wrapper" ; > messages.log #${context} --dns-canon host@lucid.test.h5l.se || \ -# { exitcode=1 ; echo "test failed"; } -echo "dns canon off (long name)" +# { eval "$testfailed"; } +echo "dns canon off (long name)" ; > messages.log ${context} --no-dns-canon host@lucid.test.h5l.se || \ - { exitcode=1 ; echo "test failed"; } -echo "dns canon off (short name)" + { eval "$testfailed"; } +echo "dns canon off (short name)" ; > messages.log ${context} --no-dns-canon host@lucid || \ - { exitcode=1 ; echo "test failed"; } -echo "dns canon off (short name, krb5)" + { eval "$testfailed"; } +echo "dns canon off (short name, krb5)" ; > messages.log ${context} --no-dns-canon --name-type=krb5-principal-name host/lucid@${R} || \ - { exitcode=1 ; echo "test failed"; } -echo "dns canon off (short name, krb5)" + { eval "$testfailed"; } +echo "dns canon off (short name, krb5)" ; > messages.log ${context} --no-dns-canon --name-type=krb5-principal-name host/lucid || \ - { exitcode=1 ; echo "test failed"; } + { eval "$testfailed"; } echo "======test context building" for mech in krb5 krb5iov spnego spnegoiov; do @@ -185,32 +185,32 @@ for mech in krb5 krb5iov spnego spnegoiov; do iov="--iov" fi - echo "${mech} no-mutual ${iov}" + echo "${mech} no-mutual ${iov}" ; > messages.log ${context} --mech-type=${mech} \ --wrapunwrap ${iov} \ --name-type=hostbased-service host@lucid.test.h5l.se || \ - { exitcode=1 ; echo "test failed"; } + { eval "$testfailed"; } - echo "${mech} mutual ${iov}" + echo "${mech} mutual ${iov}" ; > messages.log ${context} --mech-type=${mech} \ --mutual \ --wrapunwrap ${iov} \ --name-type=hostbased-service host@lucid.test.h5l.se || \ - { exitcode=1 ; echo "test failed"; } + { eval "$testfailed"; } - echo "${mech} delegate ${iov}" + echo "${mech} delegate ${iov}" ; > messages.log ${context} --mech-type=${mech} \ --delegate \ --wrapunwrap ${iov} \ --name-type=hostbased-service host@lucid.test.h5l.se || \ - { exitcode=1 ; echo "test failed"; } + { eval "$testfailed"; } - echo "${mech} mutual delegate ${iov}" + echo "${mech} mutual delegate ${iov}" ; > messages.log ${context} --mech-type=${mech} \ --mutual --delegate \ --wrapunwrap ${iov} \ --name-type=hostbased-service host@lucid.test.h5l.se || \ - { exitcode=1 ; echo "test failed"; } + { eval "$testfailed"; } done echo "======dce-style" @@ -225,14 +225,14 @@ for mech in krb5 krb5iov spnego; do iov="--iov" fi - echo "${mech}: dce-style ${iov}" + echo "${mech}: dce-style ${iov}" ; > messages.log ${context} \ --mech-type=${mech} \ --mutual \ --dce-style \ --wrapunwrap ${iov} \ --name-type=hostbased-service host@lucid.test.h5l.se || \ - { exitcode=1 ; echo "test failed"; } + { eval "$testfailed"; } done @@ -240,15 +240,15 @@ echo "test gsskrb5_register_acceptor_identity (both positive and negative)" cp ${keytabfile} ${keytabfile}.new for mech in krb5 spnego; do - echo "${mech}: acceptor_identity positive" + echo "${mech}: acceptor_identity positive" ; > messages.log ${context} --gsskrb5-acceptor-identity=${keytabfile}.new \ --mech-type=$mech host@lucid.test.h5l.se || \ - { exitcode=1 ; echo "test failed"; } + { eval "$testfailed"; } - echo "${mech}: acceptor_identity negative" + echo "${mech}: acceptor_identity negative" ; > messages.log ${context} --gsskrb5-acceptor-identity=${keytabfile}.foo \ --mech-type=$mech host@lucid.test.h5l.se 2>/dev/null && \ - { exitcode=1 ; echo "test failed"; } + { eval "$testfailed"; } done rm ${keytabfile}.new @@ -258,7 +258,7 @@ rm ${keytabfile}.new #${context} --mech-type=sasl-digest-md5 \ # --name-type=hostbased-service \ # host@lucid.test.h5l.se || \ -# { exitcode=1 ; echo "test failed"; } +# { eval "$testfailed"; } echo "====== gss-api session key check" @@ -267,179 +267,178 @@ echo "====== gss-api session key check" coolenctype="aes256-cts-hmac-sha1-96" limit_enctype="des3-cbc-sha1" -echo "Getting client initial tickets" +echo "Getting client initial tickets" ; > messages.log ${kinit} --password-file=${objdir}/foopassword user1@${R} || \ - { echo "kinit failed"; exitcode=1; } + { eval "$testfailed"; } -echo "Building context on cred w/o aes, but still ${coolenctype} session key" + +echo "Building context on cred w/o aes, but still ${coolenctype} session key" ; > messages.log ${context} \ --mech-type=krb5 \ --mutual-auth \ --session-enctype=${coolenctype} \ --name-type=hostbased-service host@no-aes.test.h5l.se || \ - { exitcode=1 ; echo "test failed"; } + { eval "$testfailed"; } -echo "Building context on cred, check if its limited still" +echo "Building context on cred, check if its limited still" ; > messages.log ${context} \ --mech-type=krb5 \ --client-name=user1@${R} \ --limit-enctype="${limit_enctype}" \ --mutual-auth \ --name-type=hostbased-service host@no-aes.test.h5l.se || \ - { exitcode=1 ; echo "test failed"; } + { eval "$testfailed"; } echo "====== ok-as-delegate" -echo "Getting client initial tickets" +echo "Getting client initial tickets" ; > messages.log ${kinit} --forwardable \ --password-file=${objdir}/foopassword user1@${R} || \ - { exitcode=1 ; echo "test failed"; } + { eval "$testfailed"; } -echo "ok-as-delegate not used" +echo "ok-as-delegate not used" ; > messages.log ${context} \ --mech-type=krb5 \ --delegate \ --name-type=hostbased-service host@lucid.test.h5l.se || \ - { exitcode=1 ; echo "test failed"; } + { eval "$testfailed"; } -echo "host without ok-as-delegate with policy-delegate" +echo "host without ok-as-delegate with policy-delegate" ; > messages.log ${context} \ --mech-type=krb5 \ --policy-delegate \ --server-no-delegate \ --name-type=hostbased-service host@lucid.test.h5l.se || \ - { exitcode=1 ; echo "test failed"; } + { eval "$testfailed"; } -echo "ok-as-delegate used by policy" +echo "ok-as-delegate used by policy" ; > messages.log ${context} \ --mech-type=krb5 \ --policy-delegate \ --name-type=hostbased-service host@ok-delegate.test.h5l.se || \ - { exitcode=1 ; echo "test failed"; } + { eval "$testfailed"; } -echo "Getting client initial tickets with --ok-as-delgate" +echo "Getting client initial tickets with --ok-as-delgate" ; > messages.log ${kinit} --ok-as-delegate --forwardable \ --password-file=${objdir}/foopassword user1@${R} || \ - { exitcode=1 ; echo "test failed"; } + { eval "$testfailed"; } -echo "policy delegate to non delegate host" +echo "policy delegate to non delegate host" ; > messages.log ${context} \ --mech-type=krb5 \ --policy-delegate \ --server-no-delegate \ --name-type=hostbased-service host@lucid.test.h5l.se || \ - { exitcode=1 ; echo "test failed"; } + { eval "$testfailed"; } -echo "ok-as-delegate" +echo "ok-as-delegate" ; > messages.log ${context} \ --mech-type=krb5 \ --delegate \ --name-type=hostbased-service host@lucid.test.h5l.se || \ - { exitcode=1 ; echo "test failed"; } + { eval "$testfailed"; } echo "======export/import cred" -echo "export-import cred (krb5)" +echo "export-import cred (krb5)" ; > messages.log ${context} \ --mech-type=krb5 \ --delegate \ --export-import-cred \ --name-type=hostbased-service host@ok-delegate.test.h5l.se || \ - { exitcode=1 ; echo "test failed"; } + { eval "$testfailed"; } -echo "export-import cred (spnego)" +echo "export-import cred (spnego)" ; > messages.log ${context} \ --mech-type=spnego \ --delegate \ --export-import-cred \ --name-type=hostbased-service host@ok-delegate.test.h5l.se || \ - { exitcode=1 ; echo "test failed"; } + { eval "$testfailed"; } echo "======time diffs between client and server" -echo "Getting client initial ticket" +echo "Getting client initial ticket" ; > messages.log ${kinit} --password-file=${objdir}/foopassword user1@${R} || \ - { exitcode=1 ; echo "test failed"; } + { eval "$testfailed"; } -echo "No time offset" +echo "No time offset" ; > messages.log ${context} \ --mech-type=krb5 \ --name-type=hostbased-service host@lucid.test.h5l.se || \ - { exitcode=1 ; echo "test failed"; } + { eval "$testfailed"; } -echo "Getting client initial ticket" -${kinit} --password-file=${objdir}/foopassword user1@${R} || exitcode=1 +echo "Getting client initial ticket" ; > messages.log +${kinit} --password-file=${objdir}/foopassword user1@${R} || \ + { eval "$testfailed"; } -echo "Server time offset" +echo "Server time offset" ; > messages.log ${context} \ --mech-type=krb5 \ --mutual-auth \ --server-time-offset=3600 \ --max-loops=3 \ --name-type=hostbased-service host@lucid.test.h5l.se || \ - { exitcode=1 ; echo "test failed"; } + { eval "$testfailed"; } -echo "Server time offset (cached ?)" +echo "Server time offset (cached ?)" ; > messages.log ${context} \ --mech-type=krb5 \ --mutual-auth \ --server-time-offset=3600 \ --max-loops=2 \ --name-type=hostbased-service host@lucid.test.h5l.se || \ - { exitcode=1 ; echo "test failed"; } + { eval "$testfailed"; } -echo "Getting client initial ticket" +echo "Getting client initial ticket" ; > messages.log ${kinit} --password-file=${objdir}/foopassword user1@${R} || \ - { exitcode=1 ; echo "test failed"; } + { eval "$testfailed"; } # Pre-poplute the cache since tgs-req will fail since our time is wrong ${kgetcred} host/lucid.test.h5l.se@${R} || \ - { exitcode=1 ; echo "test failed"; } + { eval "$testfailed"; } -echo "Client time offset" +echo "Client time offset" ; > messages.log ${context} \ --mech-type=krb5 \ --mutual-auth \ --client-time-offset=3600 \ --name-type=hostbased-service host@lucid.test.h5l.se || \ - { exitcode=1 ; echo "test failed"; } + { eval "$testfailed"; } -echo "Getting client initial tickets (use-referrals)" +echo "Getting client initial tickets (use-referrals)" ; > messages.log ${kinit} \ --password-file=${objdir}/foopassword \ --use-referrals user1@${R} || \ - { exitcode=1 ; echo "test failed"; } + { eval "$testfailed"; } # XXX these tests really need to use somethat that resolve to something ${context} \ --mech-type=krb5 \ host@short || \ - { exitcode=1 ; echo "test failed"; } + { eval "$testfailed"; } ${context} \ --mech-type=krb5 \ --name-type=krb5-principal-name host/short || \ - { exitcode=1 ; echo "test failed"; } + { eval "$testfailed"; } ${context} \ --mech-type=krb5 \ host@long.test.h5l.se || \ - { exitcode=1 ; echo "test failed"; } + { eval "$testfailed"; } ${context} \ --mech-type=krb5 \ --name-type=krb5-principal-name \ host/long.test.h5l.se || \ - { exitcode=1 ; echo "test failed"; } + { eval "$testfailed"; } trap "" EXIT echo "killing kdc (${kdcpid})" kill ${kdcpid} 2> /dev/null -[ "$exitcode" = 0 ] && echo "all ok" - -exit $exitcode - +exit 0 From a2378f6b82d84f29d9784055230e02d0b12303cd Mon Sep 17 00:00:00 2001 From: Love Hornquist Astrand Date: Mon, 14 Dec 2009 23:15:56 -0800 Subject: [PATCH 51/64] log what the error string say too --- tests/gss/check-context.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/gss/check-context.in b/tests/gss/check-context.in index 8740bd506..06f7774f9 100644 --- a/tests/gss/check-context.in +++ b/tests/gss/check-context.in @@ -139,12 +139,12 @@ echo "checking non existant keytabfile (krb5)" ; > messages.log ${context} --mech-type=krb5 host@lucid.test.h5l.se > test_context.log 2>&1 && \ { eval "$testfailed"; } grep ${keytabfile} test_context.log > /dev/null || \ - { echo "string missing failed"; eval "$testfailed"; } + { echo "string missing failed"; cat test_context.log ; eval "$testfailed"; } echo "checking non existant keytabfile (spengo)" ; > messages.log ${context} --mech-type=spnego host@lucid.test.h5l.se > test_context.log 2>&1 && \ { eval "$testfailed"; } grep ${keytabfile} test_context.log > /dev/null || \ - { echo "string missing failed"; eval "$testfailed"; } + { echo "string missing failed"; cat test_context.log ; eval "$testfailed"; } mv ${keytabfile}.no ${keytabfile} From 76c1e2e8a289e99ace62b8f57554fade6b500d89 Mon Sep 17 00:00:00 2001 From: Love Hornquist Astrand Date: Thu, 17 Dec 2009 09:11:09 +0100 Subject: [PATCH 52/64] switch to PTHREADS_LIBADD --- lib/sqlite/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/sqlite/Makefile.am b/lib/sqlite/Makefile.am index d97a86587..23d030652 100644 --- a/lib/sqlite/Makefile.am +++ b/lib/sqlite/Makefile.am @@ -8,4 +8,4 @@ noinst_HEADERS = sqlite3.h sqlite3ext.h libheimsqlite_la_SOURCES = sqlite3.c -libheimsqlite_la_LIBADD = $(PTHREADS_LIBS) +libheimsqlite_la_LIBADD = $(PTHREADS_LIBADD) From 6ec7e01c391339a97c71dd2bdd335d723e278798 Mon Sep 17 00:00:00 2001 From: Love Hornquist Astrand Date: Thu, 17 Dec 2009 09:24:52 +0100 Subject: [PATCH 53/64] add PTHREAD_LIBADD --- tools/krb5-config.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/krb5-config.in b/tools/krb5-config.in index c52fa2500..8bbbf80b5 100644 --- a/tools/krb5-config.in +++ b/tools/krb5-config.in @@ -137,7 +137,7 @@ if test "$do_libs" = "yes"; then esac lib_flags="$lib_flags -lkrb5 @LIB_pkinit@ -lcom_err" lib_flags="$lib_flags @LIB_hcrypto_appl@ -lasn1 -lwind -lroken" - lib_flags="$lib_flags @LIB_crypt@ @LIB_dlopen@" + lib_flags="$lib_flags @LIB_crypt@ @PTHREAD_LIBADD@ @LIB_dlopen@" lib_flags="$lib_flags @LIB_door_create@ @LIBS@" echo $lib_flags fi From 4f88942d9c6764878bf093fdcf3e635f75614005 Mon Sep 17 00:00:00 2001 From: Love Hornquist Astrand Date: Thu, 17 Dec 2009 09:25:01 +0100 Subject: [PATCH 54/64] add PTHREAD_LIBADD --- tools/Makefile.am | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/Makefile.am b/tools/Makefile.am index 07ea5bcc7..bdfa08ca3 100644 --- a/tools/Makefile.am +++ b/tools/Makefile.am @@ -20,6 +20,7 @@ subst = sed -e "s!@PACKAGE\@!$(PACKAGE)!g" \ -e "s!@exec_prefix\@!$(exec_prefix)!g" \ -e "s!@libdir\@!$(libdir)!g" \ -e "s!@includedir\@!$(includedir)!g" \ + -e "s!@PTHREAD_LIBADD\@!$(PTHREAD_LIBADD)!g" \ -e "s!@LIB_crypt\@!$(LIB_crypt)!g" \ -e "s!@LIB_dbopen\@!$(LIB_dbopen)!g" \ -e "s!@INCLUDE_hcrypto\@!$(INCLUDE_hcrypto)!g" \ From d9e7f5cd97b534f6c3a511095a0393a4d575b391 Mon Sep 17 00:00:00 2001 From: Love Hornquist Astrand Date: Thu, 17 Dec 2009 09:25:30 +0100 Subject: [PATCH 55/64] add PTHREAD_LIBADD --- lib/krb5/Makefile.am | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/krb5/Makefile.am b/lib/krb5/Makefile.am index cd8474e8a..72140e247 100644 --- a/lib/krb5/Makefile.am +++ b/lib/krb5/Makefile.am @@ -67,6 +67,7 @@ libkrb5_la_LIBADD = \ ../wind/libwind.la \ $(LIB_libintl) \ $(LIBADD_roken) \ + $(PTHREAD_LIBADD) \ $(LIB_door_create) \ $(LIB_dlopen) From 50b48daa9b01aa198857aaef624d185d7d8690f6 Mon Sep 17 00:00:00 2001 From: Love Hornquist Astrand Date: Thu, 17 Dec 2009 09:26:28 +0100 Subject: [PATCH 56/64] use PTHREADS_LIBADD for freebsd6 and newer --- cf/pthreads.m4 | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/cf/pthreads.m4 b/cf/pthreads.m4 index b86b0e34b..2df7b8ce5 100644 --- a/cf/pthreads.m4 +++ b/cf/pthreads.m4 @@ -29,9 +29,13 @@ case "$host" in dnl heim_threads.h knows this PTHREADS_LIBS="-lpthread" ;; -*-*-freebsd[[56789]]*) +*-*-freebsd[[56]]*) native_pthread_support=yes ;; +*-*-freebsd[[789]]*) + native_pthread_support=yes + PTHREADS_LIBADD="-lthr" + ;; *-*-openbsd*) native_pthread_support=yes PTHREADS_CFLAGS=-pthread @@ -81,10 +85,12 @@ if test "$enable_pthread_support" != no; then else PTHREADS_CFLAGS="" PTHREADS_LIBS="" + PTHREADS_LIBADD="" fi AC_SUBST(PTHREADS_CFLAGS) AC_SUBST(PTHREADS_LIBS) +AC_SUBST(PTHREADS_LIBADD) AC_MSG_RESULT($enable_pthread_support) ]) From 2c70285d3d5d48f1dad76e7e2cc2df44afe18a9a Mon Sep 17 00:00:00 2001 From: Love Hornquist Astrand Date: Thu, 17 Dec 2009 10:05:10 +0100 Subject: [PATCH 57/64] more up ${env_setup} --- tests/kdc/check-kdc.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/kdc/check-kdc.in b/tests/kdc/check-kdc.in index 0bb2d8ab1..0e1f9d740 100644 --- a/tests/kdc/check-kdc.in +++ b/tests/kdc/check-kdc.in @@ -35,13 +35,13 @@ top_builddir="@top_builddir@" env_setup="@env_setup@" objdir="@objdir@" +. ${env_setup} + KRB5_CONFIG="${1-${objdir}/krb5.conf}" export KRB5_CONFIG testfailed="echo test failed; cat messages.log; exit 1" -. ${env_setup} - # If there is no useful db support compile in, disable test ${have_db} || exit 77 From 869d8fe46597eeb56dd29b9e892b8c753b1c8c6f Mon Sep 17 00:00:00 2001 From: Love Hornquist Astrand Date: Thu, 17 Dec 2009 10:05:49 +0100 Subject: [PATCH 58/64] clean KRB5CCNAME and KRB5_CONFIG, require test to reset them --- tests/bin/setup-env.in | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/bin/setup-env.in b/tests/bin/setup-env.in index 17b793c72..a84848285 100644 --- a/tests/bin/setup-env.in +++ b/tests/bin/setup-env.in @@ -1,5 +1,8 @@ #!/bin/sh +unset KRB5_CONFIG +unset KRB5CCNAME + top_builddir="@top_builddir@" top_srcdir="@top_srcdir@" EGREP="@EGREP@" From c0b1bab37899e4cd77b9ef6c008ac063f03c2031 Mon Sep 17 00:00:00 2001 From: Love Hornquist Astrand Date: Thu, 17 Dec 2009 10:10:13 +0100 Subject: [PATCH 59/64] Use -lpthread for modern freebsd instead --- cf/pthreads.m4 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cf/pthreads.m4 b/cf/pthreads.m4 index 2df7b8ce5..135acd79d 100644 --- a/cf/pthreads.m4 +++ b/cf/pthreads.m4 @@ -34,7 +34,7 @@ case "$host" in ;; *-*-freebsd[[789]]*) native_pthread_support=yes - PTHREADS_LIBADD="-lthr" + PTHREADS_LIBADD="-lpthread ;; *-*-openbsd*) native_pthread_support=yes From 1b6d89c457683412566b3757d68f643b6497139a Mon Sep 17 00:00:00 2001 From: Love Hornquist Astrand Date: Thu, 17 Dec 2009 10:15:24 +0100 Subject: [PATCH 60/64] correct quoting --- cf/pthreads.m4 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cf/pthreads.m4 b/cf/pthreads.m4 index 135acd79d..f6c530daf 100644 --- a/cf/pthreads.m4 +++ b/cf/pthreads.m4 @@ -34,7 +34,7 @@ case "$host" in ;; *-*-freebsd[[789]]*) native_pthread_support=yes - PTHREADS_LIBADD="-lpthread + PTHREADS_LIBADD="-lpthread" ;; *-*-openbsd*) native_pthread_support=yes From ce1846a5733c8571fe6b0d3d75352d995d7e2a72 Mon Sep 17 00:00:00 2001 From: Love Hornquist Astrand Date: Thu, 17 Dec 2009 10:43:49 +0100 Subject: [PATCH 61/64] its really just LIBADD more most of them --- cf/pthreads.m4 | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/cf/pthreads.m4 b/cf/pthreads.m4 index f6c530daf..3b36047b5 100644 --- a/cf/pthreads.m4 +++ b/cf/pthreads.m4 @@ -13,21 +13,22 @@ case "$host" in native_pthread_support=yes if test "$GCC" = yes; then PTHREADS_CFLAGS=-pthreads - PTHREADS_LIBS=-pthreads + PTHREAD_LIBADD=-pthreads else PTHREADS_CFLAGS=-mt - PTHREADS_LIBS=-mt + PTHREAD_LDADD=-mt + PTHREAD_LIBADD=-mt fi ;; *-*-netbsd[[12]]*) native_pthread_support="if running netbsd 1.6T or newer" dnl heim_threads.h knows this - PTHREADS_LIBS="-lpthread" + PTHREAD_LIBADD="-lpthread" ;; *-*-netbsd[[3456789]]*) native_pthread_support="netbsd 3 uses explict pthread" dnl heim_threads.h knows this - PTHREADS_LIBS="-lpthread" + PTHREAD_LIBADD="-lpthread" ;; *-*-freebsd[[56]]*) native_pthread_support=yes @@ -39,21 +40,21 @@ case "$host" in *-*-openbsd*) native_pthread_support=yes PTHREADS_CFLAGS=-pthread - PTHREADS_LIBS=-pthread + PTHREAD_LIBADD=-pthread ;; *-*-linux* | *-*-linux-gnu) case `uname -r` in 2.*) native_pthread_support=yes PTHREADS_CFLAGS=-pthread - PTHREADS_LIBS=-pthread + PTHREAD_LIBADD=-pthread ;; esac ;; *-*-kfreebsd*-gnu*) native_pthread_support=yes PTHREADS_CFLAGS=-pthread - PTHREADS_LIBS=-pthread + PTHREAD_LIBADD=-pthread ;; *-*-aix*) dnl AIX is disabled since we don't handle the utmp/utmpx @@ -62,7 +63,7 @@ case "$host" in ;; mips-sgi-irix6.[[5-9]]) # maybe works for earlier versions too native_pthread_support=yes - PTHREADS_LIBS="-lpthread" + PTHREAD_LIBADD="-lpthread" ;; *-*-darwin*) native_pthread_support=yes @@ -81,15 +82,15 @@ if test "$enable_pthread_support" != no; then [Define if you want have a thread safe libraries]) dnl This sucks, but libtool doesn't save the depenecy on -pthread dnl for libraries. - LIBS="$PTHREADS_LIBS $LIBS" + LIBS="$PTHREAD_LIBADD $LIBS" else PTHREADS_CFLAGS="" - PTHREADS_LIBS="" + PTHREAD_LIBADD="" PTHREADS_LIBADD="" fi AC_SUBST(PTHREADS_CFLAGS) -AC_SUBST(PTHREADS_LIBS) +AC_SUBST(PTHREAD_LDADD) AC_SUBST(PTHREADS_LIBADD) AC_MSG_RESULT($enable_pthread_support) From 09f478ab98fabce67d8211d6ee57d61d9120f4cb Mon Sep 17 00:00:00 2001 From: Love Hornquist Astrand Date: Mon, 21 Dec 2009 08:05:16 +0100 Subject: [PATCH 62/64] unset KRB5CCNAME --- tests/kdc/check-cc.in | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/tests/kdc/check-cc.in b/tests/kdc/check-cc.in index 05cc45a8e..0a3770387 100644 --- a/tests/kdc/check-cc.in +++ b/tests/kdc/check-cc.in @@ -36,6 +36,11 @@ objdir="@objdir@" . ${env_setup} +KRB5_CONFIG="${objdir}/krb5-cc.conf" +export KRB5_CONFIG + +unset KRB5CCNAME + testfailed="echo test failed; exit 1" # If there is no useful db support compile in, disable test @@ -56,9 +61,6 @@ cache="FILE:${objdir}/cache.krb5" keytabfile=${objdir}/server.keytab keytab="FILE:${keytabfile}" -KRB5_CONFIG="${objdir}/krb5-cc.conf" -export KRB5_CONFIG - rm -f ${keytabfile} rm -f current-db* rm -f out-* From 687db64c567b4529aa723a8f5f87946f7cde4cd5 Mon Sep 17 00:00:00 2001 From: Love Hornquist Astrand Date: Mon, 21 Dec 2009 08:45:28 +0100 Subject: [PATCH 63/64] Patch from Secure Endpoints/Asanka Herath for windows support --- lib/krb5/acl.c | 4 +- lib/krb5/add_et_list.c | 2 +- lib/krb5/addr_families.c | 50 +- lib/krb5/aname_to_localname.c | 4 +- lib/krb5/appdefault.c | 6 +- lib/krb5/asn1_glue.c | 4 +- lib/krb5/auth_context.c | 76 ++-- lib/krb5/build_ap_req.c | 4 +- lib/krb5/build_auth.c | 18 +- lib/krb5/cache.c | 137 ++++-- lib/krb5/changepw.c | 16 +- lib/krb5/codec.c | 64 +-- lib/krb5/config_file.c | 73 +-- lib/krb5/constants.c | 7 +- lib/krb5/context.c | 121 +++-- lib/krb5/convert_creds.c | 4 +- lib/krb5/copy_host_realm.c | 2 +- lib/krb5/creds.c | 10 +- lib/krb5/crypto.c | 121 ++--- lib/krb5/data.c | 16 +- lib/krb5/deprecated.c | 92 ++-- lib/krb5/derived-key-test.c | 2 +- lib/krb5/dll.c | 58 +++ lib/krb5/eai_to_heim_errno.c | 8 +- lib/krb5/error_string.c | 16 +- lib/krb5/expand_hostname.c | 4 +- lib/krb5/expand_path_w32.c | 484 ++++++++++++++++++++ lib/krb5/fcache.c | 29 ++ lib/krb5/free.c | 4 +- lib/krb5/free_host_realm.c | 2 +- lib/krb5/generate_seq_number.c | 4 +- lib/krb5/generate_subkey.c | 4 +- lib/krb5/get_addrs.c | 4 +- lib/krb5/get_cred.c | 26 +- lib/krb5/get_default_principal.c | 55 ++- lib/krb5/get_default_realm.c | 4 +- lib/krb5/get_for_creds.c | 6 +- lib/krb5/get_host_realm.c | 4 +- lib/krb5/get_in_tkt.c | 8 +- lib/krb5/get_port.c | 4 +- lib/krb5/init_creds.c | 44 +- lib/krb5/init_creds_pw.c | 28 +- lib/krb5/keyblock.c | 12 +- lib/krb5/keytab.c | 40 +- lib/krb5/krb5-v4compat.h | 21 +- lib/krb5/krb5.h | 8 + lib/krb5/krb5_locl.h | 8 + lib/krb5/krbhst.c | 26 +- lib/krb5/kuserok.c | 18 +- lib/krb5/libkrb5-exports.def.in | 758 +++++++++++++++++++++++++++++++ lib/krb5/log.c | 18 +- lib/krb5/misc.c | 2 +- lib/krb5/mit_glue.c | 48 +- lib/krb5/mk_error.c | 2 +- lib/krb5/mk_priv.c | 4 +- lib/krb5/mk_rep.c | 4 +- lib/krb5/mk_req.c | 6 +- lib/krb5/mk_req_ext.c | 4 +- lib/krb5/mk_safe.c | 4 +- lib/krb5/n-fold.c | 2 +- lib/krb5/net_read.c | 7 +- lib/krb5/net_write.c | 41 +- lib/krb5/padata.c | 2 +- lib/krb5/parse-name-test.c | 2 +- lib/krb5/pkinit.c | 16 +- lib/krb5/plugin.c | 2 + lib/krb5/principal.c | 57 ++- lib/krb5/prog_setup.c | 6 +- lib/krb5/prompter_posix.c | 2 +- lib/krb5/rd_cred.c | 6 +- lib/krb5/rd_error.c | 8 +- lib/krb5/rd_priv.c | 4 +- lib/krb5/rd_rep.c | 6 +- lib/krb5/rd_req.c | 39 +- lib/krb5/rd_safe.c | 4 +- lib/krb5/read_message.c | 6 +- lib/krb5/recvauth.c | 4 +- lib/krb5/replay.c | 32 +- lib/krb5/scache.c | 4 + lib/krb5/send_to_kdc.c | 58 +-- lib/krb5/sendauth.c | 2 +- lib/krb5/set_default_realm.c | 2 +- lib/krb5/sock_principal.c | 2 +- lib/krb5/store.c | 103 ++--- lib/krb5/store_emem.c | 2 +- lib/krb5/store_fd.c | 20 +- lib/krb5/store_mem.c | 6 +- lib/krb5/test_addr.c | 29 ++ lib/krb5/test_cc.c | 38 +- lib/krb5/ticket.c | 12 +- lib/krb5/time.c | 10 +- lib/krb5/transited.c | 8 +- lib/krb5/v4_glue.c | 28 +- lib/krb5/verify_init.c | 8 +- lib/krb5/verify_user.c | 22 +- lib/krb5/warn.c | 28 +- lib/krb5/write_message.c | 6 +- 97 files changed, 2452 insertions(+), 794 deletions(-) create mode 100644 lib/krb5/dll.c create mode 100644 lib/krb5/expand_path_w32.c create mode 100644 lib/krb5/libkrb5-exports.def.in diff --git a/lib/krb5/acl.c b/lib/krb5/acl.c index 66fd80cea..0e152405a 100644 --- a/lib/krb5/acl.c +++ b/lib/krb5/acl.c @@ -198,7 +198,7 @@ acl_match_acl(krb5_context context, * @ingroup krb5_support */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_acl_match_string(krb5_context context, const char *string, const char *format, @@ -241,7 +241,7 @@ krb5_acl_match_string(krb5_context context, * @ingroup krb5_support */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_acl_match_file(krb5_context context, const char *file, const char *format, diff --git a/lib/krb5/add_et_list.c b/lib/krb5/add_et_list.c index ccffd93b2..082014e10 100644 --- a/lib/krb5/add_et_list.c +++ b/lib/krb5/add_et_list.c @@ -47,7 +47,7 @@ * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_add_et_list (krb5_context context, void (*func)(struct et_list **)) { diff --git a/lib/krb5/addr_families.c b/lib/krb5/addr_families.c index f88fb2276..cccf1cbc9 100644 --- a/lib/krb5/addr_families.c +++ b/lib/krb5/addr_families.c @@ -175,16 +175,8 @@ ipv4_parse_addr (krb5_context context, const char *address, krb5_address *addr) return -1; } else p = address; -#ifdef HAVE_INET_ATON if(inet_aton(p, &a) == 0) return -1; -#elif defined(HAVE_INET_ADDR) - a.s_addr = inet_addr(p); - if(a.s_addr == INADDR_NONE) - return -1; -#else - return -1; -#endif addr->addr_type = KRB5_ADDRESS_INET; if(krb5_data_alloc(&addr->address, 4) != 0) return -1; @@ -339,9 +331,7 @@ static int ipv6_print_addr (const krb5_address *addr, char *str, size_t len) { char buf[128], buf2[3]; -#ifdef HAVE_INET_NTOP if(inet_ntop(AF_INET6, addr->address.data, buf, sizeof(buf)) == NULL) -#endif { /* XXX this is pretty ugly, but better than abort() */ int i; @@ -790,7 +780,7 @@ find_atype(int atype) * @ingroup krb5_address */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_sockaddr2address (krb5_context context, const struct sockaddr *sa, krb5_address *addr) { @@ -818,7 +808,7 @@ krb5_sockaddr2address (krb5_context context, * @ingroup krb5_address */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_sockaddr2port (krb5_context context, const struct sockaddr *sa, int16_t *port) { @@ -853,7 +843,7 @@ krb5_sockaddr2port (krb5_context context, * @ingroup krb5_address */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_addr2sockaddr (krb5_context context, const krb5_address *addr, struct sockaddr *sa, @@ -889,7 +879,7 @@ krb5_addr2sockaddr (krb5_context context, * @ingroup krb5_address */ -size_t KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION size_t KRB5_LIB_CALL krb5_max_sockaddr_size (void) { if (max_sockaddr_size == 0) { @@ -913,7 +903,7 @@ krb5_max_sockaddr_size (void) * @ingroup krb5_address */ -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_sockaddr_uninteresting(const struct sockaddr *sa) { struct addr_operations *a = find_af(sa->sa_family); @@ -941,7 +931,7 @@ krb5_sockaddr_uninteresting(const struct sockaddr *sa) * @ingroup krb5_address */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_h_addr2sockaddr (krb5_context context, int af, const char *addr, struct sockaddr *sa, @@ -972,7 +962,7 @@ krb5_h_addr2sockaddr (krb5_context context, * @ingroup krb5_address */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_h_addr2addr (krb5_context context, int af, const char *haddr, krb5_address *addr) @@ -1003,7 +993,7 @@ krb5_h_addr2addr (krb5_context context, * @ingroup krb5_address */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_anyaddr (krb5_context context, int af, struct sockaddr *sa, @@ -1038,7 +1028,7 @@ krb5_anyaddr (krb5_context context, * @ingroup krb5_address */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_print_address (const krb5_address *addr, char *str, size_t len, size_t *ret_len) { @@ -1088,7 +1078,7 @@ krb5_print_address (const krb5_address *addr, * @ingroup krb5_address */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_parse_address(krb5_context context, const char *string, krb5_addresses *addresses) @@ -1169,7 +1159,7 @@ krb5_parse_address(krb5_context context, * @ingroup krb5_address */ -int KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_address_order(krb5_context context, const krb5_address *addr1, const krb5_address *addr2) @@ -1218,7 +1208,7 @@ krb5_address_order(krb5_context context, * @ingroup krb5_address */ -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_address_compare(krb5_context context, const krb5_address *addr1, const krb5_address *addr2) @@ -1239,7 +1229,7 @@ krb5_address_compare(krb5_context context, * @ingroup krb5_address */ -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_address_search(krb5_context context, const krb5_address *addr, const krb5_addresses *addrlist) @@ -1264,7 +1254,7 @@ krb5_address_search(krb5_context context, * @ingroup krb5_address */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_address(krb5_context context, krb5_address *address) { @@ -1288,7 +1278,7 @@ krb5_free_address(krb5_context context, * @ingroup krb5_address */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_addresses(krb5_context context, krb5_addresses *addresses) { @@ -1314,7 +1304,7 @@ krb5_free_addresses(krb5_context context, * @ingroup krb5_address */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_address(krb5_context context, const krb5_address *inaddr, krb5_address *outaddr) @@ -1338,7 +1328,7 @@ krb5_copy_address(krb5_context context, * @ingroup krb5_address */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_addresses(krb5_context context, const krb5_addresses *inaddr, krb5_addresses *outaddr) @@ -1365,7 +1355,7 @@ krb5_copy_addresses(krb5_context context, * @ingroup krb5_address */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_append_addresses(krb5_context context, krb5_addresses *dest, const krb5_addresses *source) @@ -1409,7 +1399,7 @@ krb5_append_addresses(krb5_context context, * @ingroup krb5_address */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_make_addrport (krb5_context context, krb5_address **res, const krb5_address *addr, int16_t port) { @@ -1476,7 +1466,7 @@ krb5_make_addrport (krb5_context context, * @ingroup krb5_address */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_address_prefixlen_boundary(krb5_context context, const krb5_address *inaddr, unsigned long prefixlen, diff --git a/lib/krb5/aname_to_localname.c b/lib/krb5/aname_to_localname.c index 2986aab92..78cf4c6f6 100644 --- a/lib/krb5/aname_to_localname.c +++ b/lib/krb5/aname_to_localname.c @@ -31,9 +31,9 @@ * SUCH DAMAGE. */ -#include +#include "krb5_locl.h" -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_aname_to_localname (krb5_context context, krb5_const_principal aname, size_t lnsize, diff --git a/lib/krb5/appdefault.c b/lib/krb5/appdefault.c index 383e82dad..d4dc758fa 100644 --- a/lib/krb5/appdefault.c +++ b/lib/krb5/appdefault.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_appdefault_boolean(krb5_context context, const char *appname, krb5_const_realm realm, const char *option, krb5_boolean def_val, krb5_boolean *ret_val) @@ -75,7 +75,7 @@ krb5_appdefault_boolean(krb5_context context, const char *appname, *ret_val = def_val; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_appdefault_string(krb5_context context, const char *appname, krb5_const_realm realm, const char *option, const char *def_val, char **ret_val) @@ -119,7 +119,7 @@ krb5_appdefault_string(krb5_context context, const char *appname, *ret_val = NULL; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_appdefault_time(krb5_context context, const char *appname, krb5_const_realm realm, const char *option, time_t def_val, time_t *ret_val) diff --git a/lib/krb5/asn1_glue.c b/lib/krb5/asn1_glue.c index 59c0fbd64..a821faff9 100644 --- a/lib/krb5/asn1_glue.c +++ b/lib/krb5/asn1_glue.c @@ -37,14 +37,14 @@ #include "krb5_locl.h" -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_principal2principalname (PrincipalName *p, const krb5_principal from) { return copy_PrincipalName(&from->name, p); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_principalname2krb5_principal (krb5_context context, krb5_principal *principal, const PrincipalName from, diff --git a/lib/krb5/auth_context.c b/lib/krb5/auth_context.c index 34ab18584..846d71578 100644 --- a/lib/krb5/auth_context.c +++ b/lib/krb5/auth_context.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_init(krb5_context context, krb5_auth_context *auth_context) { @@ -64,7 +64,7 @@ krb5_auth_con_init(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_free(krb5_context context, krb5_auth_context auth_context) { @@ -86,7 +86,7 @@ krb5_auth_con_free(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_setflags(krb5_context context, krb5_auth_context auth_context, int32_t flags) @@ -96,7 +96,7 @@ krb5_auth_con_setflags(krb5_context context, } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_getflags(krb5_context context, krb5_auth_context auth_context, int32_t *flags) @@ -105,7 +105,7 @@ krb5_auth_con_getflags(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_addflags(krb5_context context, krb5_auth_context auth_context, int32_t addflags, @@ -117,7 +117,7 @@ krb5_auth_con_addflags(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_removeflags(krb5_context context, krb5_auth_context auth_context, int32_t removeflags, @@ -129,7 +129,7 @@ krb5_auth_con_removeflags(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_setaddrs(krb5_context context, krb5_auth_context auth_context, krb5_address *local_addr, @@ -154,10 +154,10 @@ krb5_auth_con_setaddrs(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_genaddrs(krb5_context context, krb5_auth_context auth_context, - int fd, int flags) + krb5_socket_t fd, int flags) { krb5_error_code ret; krb5_address local_k_address, remote_k_address; @@ -170,7 +170,7 @@ krb5_auth_con_genaddrs(krb5_context context, if(flags & KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR) { if (auth_context->local_address == NULL) { len = sizeof(ss_local); - if(getsockname(fd, local, &len) < 0) { + if(IS_SOCKET_ERROR(getsockname(fd, local, &len))) { char buf[128]; ret = errno; rk_strerror_r(ret, buf, sizeof(buf)); @@ -188,7 +188,7 @@ krb5_auth_con_genaddrs(krb5_context context, } if(flags & KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR) { len = sizeof(ss_remote); - if(getpeername(fd, remote, &len) < 0) { + if(IS_SOCKET_ERROR(getpeername(fd, remote, &len))) { char buf[128]; ret = errno; rk_strerror_r(ret, buf, sizeof(buf)); @@ -216,12 +216,12 @@ krb5_auth_con_genaddrs(krb5_context context, } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_setaddrs_from_fd (krb5_context context, krb5_auth_context auth_context, void *p_fd) { - int fd = *(int*)p_fd; + krb5_socket_t fd = *(krb5_socket_t *)p_fd; int flags = 0; if(auth_context->local_address == NULL) flags |= KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR; @@ -230,7 +230,7 @@ krb5_auth_con_setaddrs_from_fd (krb5_context context, return krb5_auth_con_genaddrs(context, auth_context, fd, flags); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_getaddrs(krb5_context context, krb5_auth_context auth_context, krb5_address **local_addr, @@ -273,7 +273,7 @@ copy_key(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_getkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock **keyblock) @@ -281,7 +281,7 @@ krb5_auth_con_getkey(krb5_context context, return copy_key(context, auth_context->keyblock, keyblock); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_getlocalsubkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock **keyblock) @@ -289,7 +289,7 @@ krb5_auth_con_getlocalsubkey(krb5_context context, return copy_key(context, auth_context->local_subkey, keyblock); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_getremotesubkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock **keyblock) @@ -297,7 +297,7 @@ krb5_auth_con_getremotesubkey(krb5_context context, return copy_key(context, auth_context->remote_subkey, keyblock); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_setkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock *keyblock) @@ -307,7 +307,7 @@ krb5_auth_con_setkey(krb5_context context, return copy_key(context, keyblock, &auth_context->keyblock); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_setlocalsubkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock *keyblock) @@ -317,7 +317,7 @@ krb5_auth_con_setlocalsubkey(krb5_context context, return copy_key(context, keyblock, &auth_context->local_subkey); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_generatelocalsubkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock *key) @@ -337,7 +337,7 @@ krb5_auth_con_generatelocalsubkey(krb5_context context, } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_setremotesubkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock *keyblock) @@ -347,7 +347,7 @@ krb5_auth_con_setremotesubkey(krb5_context context, return copy_key(context, keyblock, &auth_context->remote_subkey); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_setcksumtype(krb5_context context, krb5_auth_context auth_context, krb5_cksumtype cksumtype) @@ -356,7 +356,7 @@ krb5_auth_con_setcksumtype(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_getcksumtype(krb5_context context, krb5_auth_context auth_context, krb5_cksumtype *cksumtype) @@ -365,7 +365,7 @@ krb5_auth_con_getcksumtype(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_setkeytype (krb5_context context, krb5_auth_context auth_context, krb5_keytype keytype) @@ -374,7 +374,7 @@ krb5_auth_con_setkeytype (krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_getkeytype (krb5_context context, krb5_auth_context auth_context, krb5_keytype *keytype) @@ -384,7 +384,7 @@ krb5_auth_con_getkeytype (krb5_context context, } #if 0 -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_setenctype(krb5_context context, krb5_auth_context auth_context, krb5_enctype etype) @@ -398,7 +398,7 @@ krb5_auth_con_setenctype(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_getenctype(krb5_context context, krb5_auth_context auth_context, krb5_enctype *etype) @@ -407,7 +407,7 @@ krb5_auth_con_getenctype(krb5_context context, } #endif -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_getlocalseqnumber(krb5_context context, krb5_auth_context auth_context, int32_t *seqnumber) @@ -416,7 +416,7 @@ krb5_auth_con_getlocalseqnumber(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_setlocalseqnumber (krb5_context context, krb5_auth_context auth_context, int32_t seqnumber) @@ -425,7 +425,7 @@ krb5_auth_con_setlocalseqnumber (krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_FUNCTION krb5_auth_con_getremoteseqnumber(krb5_context context, krb5_auth_context auth_context, int32_t *seqnumber) @@ -434,7 +434,7 @@ krb5_auth_con_getremoteseqnumber(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_setremoteseqnumber (krb5_context context, krb5_auth_context auth_context, int32_t seqnumber) @@ -444,7 +444,7 @@ krb5_auth_con_setremoteseqnumber (krb5_context context, } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_getauthenticator(krb5_context context, krb5_auth_context auth_context, krb5_authenticator *authenticator) @@ -461,7 +461,7 @@ krb5_auth_con_getauthenticator(krb5_context context, } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_authenticator(krb5_context context, krb5_authenticator *authenticator) { @@ -471,7 +471,7 @@ krb5_free_authenticator(krb5_context context, } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_setuserkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock *keyblock) @@ -481,7 +481,7 @@ krb5_auth_con_setuserkey(krb5_context context, return krb5_copy_keyblock(context, keyblock, &auth_context->keyblock); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_getrcache(krb5_context context, krb5_auth_context auth_context, krb5_rcache *rcache) @@ -490,7 +490,7 @@ krb5_auth_con_getrcache(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_setrcache(krb5_context context, krb5_auth_context auth_context, krb5_rcache rcache) @@ -501,7 +501,7 @@ krb5_auth_con_setrcache(krb5_context context, #if 0 /* not implemented */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_initivector(krb5_context context, krb5_auth_context auth_context) { @@ -509,7 +509,7 @@ krb5_auth_con_initivector(krb5_context context, } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_setivector(krb5_context context, krb5_auth_context auth_context, krb5_pointer ivector) diff --git a/lib/krb5/build_ap_req.c b/lib/krb5/build_ap_req.c index 1550239fa..d56a0a194 100644 --- a/lib/krb5/build_ap_req.c +++ b/lib/krb5/build_ap_req.c @@ -31,9 +31,9 @@ * SUCH DAMAGE. */ -#include +#include "krb5_locl.h" -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_build_ap_req (krb5_context context, krb5_enctype enctype, krb5_creds *cred, diff --git a/lib/krb5/build_auth.c b/lib/krb5/build_auth.c index a845e0ac3..85d64525d 100644 --- a/lib/krb5/build_auth.c +++ b/lib/krb5/build_auth.c @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -#include +#include "krb5_locl.h" static krb5_error_code make_etypelist(krb5_context context, @@ -99,14 +99,14 @@ make_etypelist(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION -_krb5_build_authenticator(krb5_context context, - krb5_auth_context auth_context, - krb5_enctype enctype, - krb5_creds *cred, - Checksum *cksum, - krb5_data *result, - krb5_key_usage usage) +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_build_authenticator (krb5_context context, + krb5_auth_context auth_context, + krb5_enctype enctype, + krb5_creds *cred, + Checksum *cksum, + krb5_data *result, + krb5_key_usage usage) { Authenticator auth; u_char *buf = NULL; diff --git a/lib/krb5/cache.c b/lib/krb5/cache.c index 42e187751..3b5d2419f 100644 --- a/lib/krb5/cache.c +++ b/lib/krb5/cache.c @@ -114,7 +114,7 @@ main (int argc, char **argv) * @ingroup krb5_ccache */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_register(krb5_context context, const krb5_cc_ops *ops, krb5_boolean override) @@ -186,13 +186,34 @@ allocate_ccache (krb5_context context, krb5_ccache *id) { krb5_error_code ret; + char * exp_residual = NULL; - ret = _krb5_cc_allocate(context, ops, id); +#ifdef KRB5_USE_PATH_TOKENS + ret = _krb5_expand_path_tokens(context, residual, &exp_residual); if (ret) return ret; + + residual = exp_residual; +#endif + + ret = _krb5_cc_allocate(context, ops, id); + if (ret) { +#ifdef KRB5_USE_PATH_TOKENS + if (exp_residual) + free(exp_residual); +#endif + return ret; + } + ret = (*id)->ops->resolve(context, id, residual); if(ret) free(*id); + +#ifdef KRB5_USE_PATH_TOKENS + if (exp_residual) + free(exp_residual); +#endif + return ret; } @@ -211,7 +232,7 @@ allocate_ccache (krb5_context context, */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_resolve(krb5_context context, const char *name, krb5_ccache *id) @@ -251,7 +272,7 @@ krb5_cc_resolve(krb5_context context, * @ingroup krb5_ccache */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_new_unique(krb5_context context, const char *type, const char *hint, krb5_ccache *id) { @@ -283,7 +304,7 @@ krb5_cc_new_unique(krb5_context context, const char *type, */ -const char* KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_cc_get_name(krb5_context context, krb5_ccache id) { @@ -297,7 +318,7 @@ krb5_cc_get_name(krb5_context context, */ -const char* KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_cc_get_type(krb5_context context, krb5_ccache id) { @@ -317,7 +338,7 @@ krb5_cc_get_type(krb5_context context, */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_full_name(krb5_context context, krb5_ccache id, char **str) @@ -368,6 +389,7 @@ krb5_cc_get_ops(krb5_context context, krb5_ccache id) krb5_error_code _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res) { +#ifndef KRB5_USE_PATH_TOKENS size_t tlen, len = 0; char *tmp, *tmp2, *append; @@ -385,7 +407,8 @@ _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res) } else if (tmp) { tmp2 = strchr(tmp, '}'); if (tmp2 == NULL) { - free(*res); + if (*res) + free(*res); *res = NULL; krb5_set_error_message(context, KRB5_CONFIG_BADFORMAT, "variable missing }"); @@ -396,7 +419,8 @@ _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res) else if (strncasecmp(tmp, "%{null}", 7) == 0) append = strdup(""); else { - free(*res); + if (*res) + free(*res); *res = NULL; krb5_set_error_message(context, KRB5_CONFIG_BADFORMAT, @@ -411,7 +435,8 @@ _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res) str = NULL; } if (append == NULL) { - free(*res); + if (*res) + free(*res); *res = NULL; krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); @@ -422,7 +447,8 @@ _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res) tmp = realloc(*res, len + tlen + 1); if (tmp == NULL) { free(append); - free(*res); + if (*res) + free(*res); *res = NULL; krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); @@ -434,6 +460,13 @@ _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res) free(append); } return 0; +#else /* _WIN32 */ + /* On Windows, we use the more generic _krb5_expand_path_tokens() + function which also handles path tokens in addition to %{uid} + and %{null} */ + + return _krb5_expand_path_tokens(context, str, res); +#endif } /* @@ -517,7 +550,7 @@ krb5_cc_support_switch(krb5_context context, const char *type) * @ingroup krb5_ccache */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_set_default_name(krb5_context context, const char *name) { krb5_error_code ret = 0; @@ -573,6 +606,20 @@ krb5_cc_set_default_name(krb5_context context, const char *name) return ENOMEM; } +#ifdef KRB5_USE_PATH_TOKENS + { + char * exp_p = NULL; + + if (_krb5_expand_path_tokens(context, p, &exp_p) == 0) { + free (p); + p = exp_p; + } else { + free (p); + return EINVAL; + } + } +#endif + if (context->default_cc_name) free(context->default_cc_name); @@ -591,7 +638,7 @@ krb5_cc_set_default_name(krb5_context context, const char *name) */ -const char* KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_cc_default_name(krb5_context context) { if (context->default_cc_name == NULL || environment_changed(context)) @@ -609,7 +656,7 @@ krb5_cc_default_name(krb5_context context) */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_default(krb5_context context, krb5_ccache *id) { @@ -631,7 +678,7 @@ krb5_cc_default(krb5_context context, */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_initialize(krb5_context context, krb5_ccache id, krb5_principal primary_principal) @@ -649,7 +696,7 @@ krb5_cc_initialize(krb5_context context, */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_destroy(krb5_context context, krb5_ccache id) { @@ -669,7 +716,7 @@ krb5_cc_destroy(krb5_context context, */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_close(krb5_context context, krb5_ccache id) { @@ -688,7 +735,7 @@ krb5_cc_close(krb5_context context, */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_store_cred(krb5_context context, krb5_ccache id, krb5_creds *creds) @@ -714,7 +761,7 @@ krb5_cc_store_cred(krb5_context context, */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_retrieve_cred(krb5_context context, krb5_ccache id, krb5_flags whichfields, @@ -752,7 +799,7 @@ krb5_cc_retrieve_cred(krb5_context context, */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_principal(krb5_context context, krb5_ccache id, krb5_principal *principal) @@ -770,7 +817,7 @@ krb5_cc_get_principal(krb5_context context, */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_start_seq_get (krb5_context context, const krb5_ccache id, krb5_cc_cursor *cursor) @@ -788,7 +835,7 @@ krb5_cc_start_seq_get (krb5_context context, */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_next_cred (krb5_context context, const krb5_ccache id, krb5_cc_cursor *cursor, @@ -804,7 +851,7 @@ krb5_cc_next_cred (krb5_context context, */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_end_seq_get (krb5_context context, const krb5_ccache id, krb5_cc_cursor *cursor) @@ -819,7 +866,7 @@ krb5_cc_end_seq_get (krb5_context context, */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_remove_cred(krb5_context context, krb5_ccache id, krb5_flags which, @@ -842,7 +889,7 @@ krb5_cc_remove_cred(krb5_context context, */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_set_flags(krb5_context context, krb5_ccache id, krb5_flags flags) @@ -856,7 +903,7 @@ krb5_cc_set_flags(krb5_context context, * @ingroup krb5_ccache */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_flags(krb5_context context, krb5_ccache id, krb5_flags *flags) @@ -881,7 +928,7 @@ krb5_cc_get_flags(krb5_context context, * @ingroup krb5_ccache */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_copy_match_f(krb5_context context, const krb5_ccache from, krb5_ccache to, @@ -934,7 +981,7 @@ krb5_cc_copy_match_f(krb5_context context, * @ingroup @krb5_ccache */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_copy_cache(krb5_context context, const krb5_ccache from, krb5_ccache to) @@ -949,7 +996,7 @@ krb5_cc_copy_cache(krb5_context context, */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_version(krb5_context context, const krb5_ccache id) { @@ -966,7 +1013,7 @@ krb5_cc_get_version(krb5_context context, */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_cc_clear_mcred(krb5_creds *mcred) { memset(mcred, 0, sizeof(*mcred)); @@ -1034,7 +1081,7 @@ struct krb5_cc_cache_cursor_data { */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_cache_get_first (krb5_context context, const char *type, krb5_cc_cache_cursor *cursor) @@ -1092,7 +1139,7 @@ krb5_cc_cache_get_first (krb5_context context, */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_cache_next (krb5_context context, krb5_cc_cache_cursor cursor, krb5_ccache *id) @@ -1109,7 +1156,7 @@ krb5_cc_cache_next (krb5_context context, */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_cache_end_seq_get (krb5_context context, krb5_cc_cache_cursor cursor) { @@ -1135,7 +1182,7 @@ krb5_cc_cache_end_seq_get (krb5_context context, */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_cache_match (krb5_context context, krb5_principal client, krb5_ccache *id) @@ -1269,7 +1316,7 @@ build_conf_principals(krb5_context context, krb5_ccache id, * @ingroup krb5_ccache */ -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_is_config_principal(krb5_context context, krb5_const_principal principal) { @@ -1297,7 +1344,7 @@ krb5_is_config_principal(krb5_context context, * @ingroup krb5_ccache */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_set_config(krb5_context context, krb5_ccache id, krb5_const_principal principal, const char *name, krb5_data *data) @@ -1345,7 +1392,7 @@ out: */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_config(krb5_context context, krb5_ccache id, krb5_const_principal principal, const char *name, krb5_data *data) @@ -1393,7 +1440,7 @@ struct krb5_cccol_cursor_data { * @ingroup krb5_ccache */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cccol_cursor_new(krb5_context context, krb5_cccol_cursor *cursor) { *cursor = calloc(1, sizeof(**cursor)); @@ -1425,7 +1472,7 @@ krb5_cccol_cursor_new(krb5_context context, krb5_cccol_cursor *cursor) */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cccol_cursor_next(krb5_context context, krb5_cccol_cursor cursor, krb5_ccache *cache) { @@ -1476,7 +1523,7 @@ krb5_cccol_cursor_next(krb5_context context, krb5_cccol_cursor cursor, * @ingroup krb5_ccache */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cccol_cursor_free(krb5_context context, krb5_cccol_cursor *cursor) { krb5_cccol_cursor c = *cursor; @@ -1503,7 +1550,7 @@ krb5_cccol_cursor_free(krb5_context context, krb5_cccol_cursor *cursor) */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_last_change_time(krb5_context context, krb5_ccache id, krb5_timestamp *mtime) @@ -1526,7 +1573,7 @@ krb5_cc_last_change_time(krb5_context context, * @ingroup krb5_ccache */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cccol_last_change_time(krb5_context context, const char *type, krb5_timestamp *mtime) @@ -1567,7 +1614,7 @@ krb5_cccol_last_change_time(krb5_context context, * @ingroup krb5_ccache */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_friendly_name(krb5_context context, krb5_ccache id, char **name) @@ -1604,7 +1651,7 @@ krb5_cc_get_friendly_name(krb5_context context, * @ingroup krb5_ccache */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_set_friendly_name(krb5_context context, krb5_ccache id, const char *name) @@ -1632,7 +1679,7 @@ krb5_cc_set_friendly_name(krb5_context context, * @ingroup krb5_ccache */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_lifetime(krb5_context context, krb5_ccache id, time_t *t) { krb5_cc_cursor cursor; diff --git a/lib/krb5/changepw.c b/lib/krb5/changepw.c index 5369dc929..a962f06f5 100644 --- a/lib/krb5/changepw.c +++ b/lib/krb5/changepw.c @@ -33,7 +33,7 @@ #define KRB5_DEPRECATED -#include +#include "krb5_locl.h" #undef __attribute__ #define __attribute__(X) @@ -602,7 +602,8 @@ change_password_loop (krb5_context context, goto out; } } - + +#ifndef NO_LIMIT_FD_SETSIZE if (sock >= FD_SETSIZE) { ret = ERANGE; krb5_set_error_message(context, ret, @@ -610,6 +611,7 @@ change_password_loop (krb5_context context, close (sock); goto out; } +#endif FD_ZERO(&fdset); FD_SET(sock, &fdset); @@ -684,14 +686,14 @@ find_chpw_proto(const char *name) * @ingroup @krb5_deprecated */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_DEPRECATED +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_change_password (krb5_context context, krb5_creds *creds, const char *newpw, int *result_code, krb5_data *result_code_string, krb5_data *result_string) - KRB5_DEPRECATED { struct kpwd_proc *p = find_chpw_proto("change password"); @@ -726,7 +728,7 @@ krb5_change_password (krb5_context context, * @ingroup @krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_password(krb5_context context, krb5_creds *creds, const char *newpw, @@ -769,7 +771,7 @@ krb5_set_password(krb5_context context, * */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_password_using_ccache(krb5_context context, krb5_ccache ccache, const char *newpw, @@ -834,7 +836,7 @@ krb5_set_password_using_ccache(krb5_context context, * */ -const char* KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_passwd_result_to_string (krb5_context context, int result) { diff --git a/lib/krb5/codec.c b/lib/krb5/codec.c index ebda3e51f..d73a71910 100644 --- a/lib/krb5/codec.c +++ b/lib/krb5/codec.c @@ -37,178 +37,178 @@ #ifndef HEIMDAL_SMALLER -krb5_error_code KRB5_LIB_FUNCTION +KRB5_DEPRECATED +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decode_EncTicketPart (krb5_context context, const void *data, size_t length, EncTicketPart *t, size_t *len) - KRB5_DEPRECATED { return decode_EncTicketPart(data, length, t, len); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_DEPRECATED +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_encode_EncTicketPart (krb5_context context, void *data, size_t length, EncTicketPart *t, size_t *len) - KRB5_DEPRECATED { return encode_EncTicketPart(data, length, t, len); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_DEPRECATED +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decode_EncASRepPart (krb5_context context, const void *data, size_t length, EncASRepPart *t, size_t *len) - KRB5_DEPRECATED { return decode_EncASRepPart(data, length, t, len); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_DEPRECATED +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_encode_EncASRepPart (krb5_context context, void *data, size_t length, EncASRepPart *t, size_t *len) - KRB5_DEPRECATED { return encode_EncASRepPart(data, length, t, len); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_DEPRECATED +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decode_EncTGSRepPart (krb5_context context, const void *data, size_t length, EncTGSRepPart *t, size_t *len) - KRB5_DEPRECATED { return decode_EncTGSRepPart(data, length, t, len); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_DEPRECATED +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_encode_EncTGSRepPart (krb5_context context, void *data, size_t length, EncTGSRepPart *t, size_t *len) - KRB5_DEPRECATED { return encode_EncTGSRepPart(data, length, t, len); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_DEPRECATED +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decode_EncAPRepPart (krb5_context context, const void *data, size_t length, EncAPRepPart *t, size_t *len) - KRB5_DEPRECATED { return decode_EncAPRepPart(data, length, t, len); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_DEPRECATED +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_encode_EncAPRepPart (krb5_context context, void *data, size_t length, EncAPRepPart *t, size_t *len) - KRB5_DEPRECATED { return encode_EncAPRepPart(data, length, t, len); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_DEPRECATED +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decode_Authenticator (krb5_context context, const void *data, size_t length, Authenticator *t, size_t *len) - KRB5_DEPRECATED { return decode_Authenticator(data, length, t, len); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_DEPRECATED +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_encode_Authenticator (krb5_context context, void *data, size_t length, Authenticator *t, size_t *len) - KRB5_DEPRECATED { return encode_Authenticator(data, length, t, len); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_DEPRECATED +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decode_EncKrbCredPart (krb5_context context, const void *data, size_t length, EncKrbCredPart *t, size_t *len) - KRB5_DEPRECATED { return decode_EncKrbCredPart(data, length, t, len); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_DEPRECATED +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_encode_EncKrbCredPart (krb5_context context, void *data, size_t length, EncKrbCredPart *t, size_t *len) - KRB5_DEPRECATED { return encode_EncKrbCredPart (data, length, t, len); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_DEPRECATED +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decode_ETYPE_INFO (krb5_context context, const void *data, size_t length, ETYPE_INFO *t, size_t *len) - KRB5_DEPRECATED { return decode_ETYPE_INFO(data, length, t, len); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_DEPRECATED +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_encode_ETYPE_INFO (krb5_context context, void *data, size_t length, ETYPE_INFO *t, size_t *len) - KRB5_DEPRECATED { return encode_ETYPE_INFO (data, length, t, len); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_DEPRECATED +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decode_ETYPE_INFO2 (krb5_context context, const void *data, size_t length, ETYPE_INFO2 *t, size_t *len) - KRB5_DEPRECATED { return decode_ETYPE_INFO2(data, length, t, len); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_DEPRECATED +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_encode_ETYPE_INFO2 (krb5_context context, void *data, size_t length, ETYPE_INFO2 *t, size_t *len) - KRB5_DEPRECATED { return encode_ETYPE_INFO2 (data, length, t, len); } diff --git a/lib/krb5/config_file.c b/lib/krb5/config_file.c index 821578dc9..674e2ebca 100644 --- a/lib/krb5/config_file.c +++ b/lib/krb5/config_file.c @@ -403,7 +403,7 @@ is_plist_file(const char *fname) * @ingroup krb5_support */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_config_parse_file_multi (krb5_context context, const char *fname, krb5_config_section **res) @@ -420,6 +420,7 @@ krb5_config_parse_file_multi (krb5_context context, * enabled by calling krb5_set_home_dir_access(). */ if (fname[0] == '~' && fname[1] == '/') { +#ifndef KRB5_USE_PATH_TOKENS const char *home = NULL; if (!_krb5_homedir_access(context)) { @@ -445,6 +446,15 @@ krb5_config_parse_file_multi (krb5_context context, } fname = newfname; } +#else /* KRB5_USE_PATH_TOKENS */ + asprintf(&newfname, "%%{USERCONFIG}/%s", &fname[1]); + if (newfname == NULL) { + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); + return ENOMEM; + } + fname = newfname; +#endif } if (is_plist_file(fname)) { @@ -489,7 +499,7 @@ krb5_config_parse_file_multi (krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_config_parse_file (krb5_context context, const char *fname, krb5_config_section **res) @@ -531,7 +541,7 @@ free_binding (krb5_context context, krb5_config_binding *b) * @ingroup krb5_support */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_config_file_free (krb5_context context, krb5_config_section *s) { free_binding (context, s); @@ -540,7 +550,7 @@ krb5_config_file_free (krb5_context context, krb5_config_section *s) #ifndef HEIMDAL_SMALLER -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_config_copy(krb5_context context, krb5_config_section *c, krb5_config_section **head) @@ -576,7 +586,7 @@ _krb5_config_copy(krb5_context context, #endif /* HEIMDAL_SMALLER */ -const void * +KRB5_LIB_FUNCTION const void * KRB5_LIB_CALL _krb5_config_get_next (krb5_context context, const krb5_config_section *c, const krb5_config_binding **pointer, @@ -615,7 +625,7 @@ vget_next(krb5_context context, return NULL; } -const void * +KRB5_LIB_FUNCTION const void * KRB5_LIB_CALL _krb5_config_vget_next (krb5_context context, const krb5_config_section *c, const krb5_config_binding **pointer, @@ -651,7 +661,7 @@ _krb5_config_vget_next (krb5_context context, return NULL; } -const void * +KRB5_LIB_FUNCTION const void * KRB5_LIB_CALL _krb5_config_get (krb5_context context, const krb5_config_section *c, int type, @@ -666,6 +676,7 @@ _krb5_config_get (krb5_context context, return ret; } + const void * _krb5_config_vget (krb5_context context, const krb5_config_section *c, @@ -689,7 +700,7 @@ _krb5_config_vget (krb5_context context, * @ingroup krb5_support */ -const krb5_config_binding * +KRB5_LIB_FUNCTION const krb5_config_binding * KRB5_LIB_CALL krb5_config_get_list (krb5_context context, const krb5_config_section *c, ...) @@ -715,7 +726,7 @@ krb5_config_get_list (krb5_context context, * @ingroup krb5_support */ -const krb5_config_binding * +KRB5_LIB_FUNCTION const krb5_config_binding * KRB5_LIB_CALL krb5_config_vget_list (krb5_context context, const krb5_config_section *c, va_list args) @@ -738,7 +749,7 @@ krb5_config_vget_list (krb5_context context, * @ingroup krb5_support */ -const char* KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_config_get_string (krb5_context context, const krb5_config_section *c, ...) @@ -764,7 +775,7 @@ krb5_config_get_string (krb5_context context, * @ingroup krb5_support */ -const char* KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_config_vget_string (krb5_context context, const krb5_config_section *c, va_list args) @@ -787,7 +798,7 @@ krb5_config_vget_string (krb5_context context, * @ingroup krb5_support */ -const char* KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_config_vget_string_default (krb5_context context, const krb5_config_section *c, const char *def_value, @@ -816,7 +827,7 @@ krb5_config_vget_string_default (krb5_context context, * @ingroup krb5_support */ -const char* KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_config_get_string_default (krb5_context context, const krb5_config_section *c, const char *def_value, @@ -844,7 +855,7 @@ krb5_config_get_string_default (krb5_context context, * @ingroup krb5_support */ -char ** KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION char ** KRB5_LIB_CALL krb5_config_vget_strings(krb5_context context, const krb5_config_section *c, va_list args) @@ -904,7 +915,7 @@ cleanup: * @ingroup krb5_support */ -char** +KRB5_LIB_FUNCTION char** KRB5_LIB_CALL krb5_config_get_strings(krb5_context context, const krb5_config_section *c, ...) @@ -926,7 +937,7 @@ krb5_config_get_strings(krb5_context context, * @ingroup krb5_support */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_config_free_strings(char **strings) { char **s = strings; @@ -955,7 +966,7 @@ krb5_config_free_strings(char **strings) * @ingroup krb5_support */ -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_config_vget_bool_default (krb5_context context, const krb5_config_section *c, krb5_boolean def_value, @@ -985,7 +996,7 @@ krb5_config_vget_bool_default (krb5_context context, * @ingroup krb5_support */ -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_config_vget_bool (krb5_context context, const krb5_config_section *c, va_list args) @@ -1009,7 +1020,7 @@ krb5_config_vget_bool (krb5_context context, * @ingroup krb5_support */ -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_config_get_bool_default (krb5_context context, const krb5_config_section *c, krb5_boolean def_value, @@ -1039,7 +1050,7 @@ krb5_config_get_bool_default (krb5_context context, * @ingroup krb5_support */ -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_config_get_bool (krb5_context context, const krb5_config_section *c, ...) @@ -1069,7 +1080,7 @@ krb5_config_get_bool (krb5_context context, * @ingroup krb5_support */ -int KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_config_vget_time_default (krb5_context context, const krb5_config_section *c, int def_value, @@ -1098,10 +1109,10 @@ krb5_config_vget_time_default (krb5_context context, * @ingroup krb5_support */ -int KRB5_LIB_FUNCTION -krb5_config_vget_time(krb5_context context, - const krb5_config_section *c, - va_list args) +KRB5_LIB_FUNCTION int KRB5_LIB_CALL +krb5_config_vget_time (krb5_context context, + const krb5_config_section *c, + va_list args) { return krb5_config_vget_time_default (context, c, -1, args); } @@ -1120,7 +1131,7 @@ krb5_config_vget_time(krb5_context context, * @ingroup krb5_support */ -int KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_config_get_time_default (krb5_context context, const krb5_config_section *c, int def_value, @@ -1146,7 +1157,7 @@ krb5_config_get_time_default (krb5_context context, * @ingroup krb5_support */ -int KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_config_get_time (krb5_context context, const krb5_config_section *c, ...) @@ -1160,7 +1171,7 @@ krb5_config_get_time (krb5_context context, } -int KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_config_vget_int_default (krb5_context context, const krb5_config_section *c, int def_value, @@ -1181,7 +1192,7 @@ krb5_config_vget_int_default (krb5_context context, } } -int KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_config_vget_int (krb5_context context, const krb5_config_section *c, va_list args) @@ -1189,7 +1200,7 @@ krb5_config_vget_int (krb5_context context, return krb5_config_vget_int_default (context, c, -1, args); } -int KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_config_get_int_default (krb5_context context, const krb5_config_section *c, int def_value, @@ -1203,7 +1214,7 @@ krb5_config_get_int_default (krb5_context context, return ret; } -int KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_config_get_int (krb5_context context, const krb5_config_section *c, ...) diff --git a/lib/krb5/constants.c b/lib/krb5/constants.c index 99ed686fd..b85f0cf60 100644 --- a/lib/krb5/constants.c +++ b/lib/krb5/constants.c @@ -41,8 +41,13 @@ KRB5_LIB_VARIABLE const char *krb5_config_file = "/Library/Preferences/com.apple.Kerberos.plist:" "~/Library/Preferences/edu.mit.Kerberos:" "/Library/Preferences/edu.mit.Kerberos:" +#endif /* __APPLE__ */ +SYSCONFDIR "/krb5.conf" +#ifndef _WIN32 +":/etc/krb5.conf" #endif -SYSCONFDIR "/krb5.conf:/etc/krb5.conf"; +; + KRB5_LIB_VARIABLE const char *krb5_defkeyname = KEYTAB_DEFAULT; KRB5_LIB_VARIABLE const char *krb5_cc_type_api = "API"; diff --git a/lib/krb5/context.c b/lib/krb5/context.c index 4141c090a..b725c8d3a 100644 --- a/lib/krb5/context.c +++ b/lib/krb5/context.c @@ -242,6 +242,29 @@ cc_ops_register(krb5_context context) return 0; } +static krb5_error_code +cc_ops_copy(krb5_context context, const krb5_context src_context) +{ + context->cc_ops = NULL; + context->num_cc_ops = 0; + + if (src_context->num_cc_ops == 0) + return 0; + + context->cc_ops = malloc(sizeof(context->cc_ops[0]) * src_context->num_cc_ops); + if (context->cc_ops == NULL) { + krb5_set_error_message(context, KRB5_CC_NOMEM, + N_("malloc: out of memory", "")); + return KRB5_CC_NOMEM; + } + + context->num_cc_ops = src_context->num_cc_ops; + memcpy(context->cc_ops, src_context->cc_ops, + sizeof(context->cc_ops[0]) * src_context->num_cc_ops); + + return 0; +} + static krb5_error_code kt_ops_register(krb5_context context) { @@ -259,6 +282,28 @@ kt_ops_register(krb5_context context) return 0; } +static krb5_error_code +kt_ops_copy(krb5_context context, const krb5_context src_context) +{ + context->num_kt_types = 0; + context->kt_types = NULL; + + if (src_context->num_kt_types == 0) + return 0; + + context->kt_types = malloc(sizeof(context->kt_types[0]) * src_context->num_kt_types); + if (context->kt_types == NULL) { + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); + return ENOMEM; + } + + context->num_kt_types = src_context->num_kt_types; + memcpy(context->kt_types, src_context->kt_types, + sizeof(context->kt_types[0]) * src_context->num_kt_types); + + return 0; +} /** * Initializes the context structure and reads the configuration file @@ -275,7 +320,7 @@ kt_ops_register(krb5_context context) * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_context(krb5_context *context) { krb5_context p; @@ -318,6 +363,10 @@ krb5_init_context(krb5_context *context) if (ret) goto out; #endif +#ifdef NEED_SOCK_INIT + if (SOCK_INIT) + p->flags |= KRB5_CTX_F_SOCKETS_INITIALIZED; +#endif out: if(ret) { @@ -368,7 +417,7 @@ copy_etypes (krb5_context context, * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_context(krb5_context context, krb5_context *out) { krb5_error_code ret; @@ -420,8 +469,9 @@ krb5_copy_context(krb5_context context, krb5_context *out) /* XXX should copy */ krb5_init_ets(p); - cc_ops_register(p); - kt_ops_register(p); + + cc_ops_copy(p, context); + kt_ops_copy(p, context); #if 0 /* XXX */ if(context->warn_dest != NULL) @@ -460,7 +510,7 @@ krb5_copy_context(krb5_context context, krb5_context *out) * @ingroup krb5 */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_context(krb5_context context) { if (context->default_cc_name) @@ -489,6 +539,11 @@ krb5_free_context(krb5_context context) HEIMDAL_MUTEX_destroy(context->mutex); free(context->mutex); +#ifdef NEED_SOCK_INIT + if (context->flags & KRB5_CTX_F_SOCKETS_INITIALIZED) { + SOCK_EXIT; + } +#endif memset(context, 0, sizeof(*context)); free(context); @@ -506,7 +561,7 @@ krb5_free_context(krb5_context context) * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_config_files(krb5_context context, char **filenames) { krb5_error_code ret; @@ -561,7 +616,7 @@ add_file(char ***pfilenames, int *len, char *file) * `pq' isn't free, it's up the the caller */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_prepend_config_files(const char *filelist, char **pq, char ***ret_pp) { krb5_error_code ret; @@ -626,7 +681,7 @@ krb5_prepend_config_files(const char *filelist, char **pq, char ***ret_pp) * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_prepend_config_files_default(const char *filelist, char ***pfilenames) { krb5_error_code ret; @@ -656,7 +711,7 @@ krb5_prepend_config_files_default(const char *filelist, char ***pfilenames) * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_default_config_files(char ***pfilenames) { const char *files = NULL; @@ -683,7 +738,7 @@ krb5_get_default_config_files(char ***pfilenames) * @ingroup krb5 */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_config_files(char **filenames) { char **p; @@ -705,7 +760,7 @@ krb5_free_config_files(char **filenames) * @ingroup krb5 */ -const krb5_enctype * KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION const krb5_enctype * KRB5_LIB_CALL krb5_kerberos_enctypes(krb5_context context) { static const krb5_enctype p[] = { @@ -766,7 +821,7 @@ default_etypes(krb5_context context, krb5_enctype **etype) * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_default_in_tkt_etypes(krb5_context context, const krb5_enctype *etypes) { @@ -808,7 +863,7 @@ krb5_set_default_in_tkt_etypes(krb5_context context, * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_default_in_tkt_etypes(krb5_context context, krb5_enctype **etypes) { @@ -842,7 +897,7 @@ krb5_get_default_in_tkt_etypes(krb5_context context, * @ingroup krb5 */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_init_ets(krb5_context context) { if(context->et_list == NULL){ @@ -877,7 +932,7 @@ krb5_init_ets(krb5_context context) * @ingroup krb5 */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_set_use_admin_kdc (krb5_context context, krb5_boolean flag) { context->use_admin_kdc = flag; @@ -893,7 +948,7 @@ krb5_set_use_admin_kdc (krb5_context context, krb5_boolean flag) * @ingroup krb5 */ -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_get_use_admin_kdc (krb5_context context) { return context->use_admin_kdc; @@ -912,7 +967,7 @@ krb5_get_use_admin_kdc (krb5_context context) * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_add_extra_addresses(krb5_context context, krb5_addresses *addresses) { @@ -936,7 +991,7 @@ krb5_add_extra_addresses(krb5_context context, krb5_addresses *addresses) * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_extra_addresses(krb5_context context, const krb5_addresses *addresses) { if(context->extra_addresses) @@ -972,7 +1027,7 @@ krb5_set_extra_addresses(krb5_context context, const krb5_addresses *addresses) * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_extra_addresses(krb5_context context, krb5_addresses *addresses) { if(context->extra_addresses == NULL) { @@ -995,7 +1050,7 @@ krb5_get_extra_addresses(krb5_context context, krb5_addresses *addresses) * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_add_ignore_addresses(krb5_context context, krb5_addresses *addresses) { @@ -1019,7 +1074,7 @@ krb5_add_ignore_addresses(krb5_context context, krb5_addresses *addresses) * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_ignore_addresses(krb5_context context, const krb5_addresses *addresses) { if(context->ignore_addresses) @@ -1054,7 +1109,7 @@ krb5_set_ignore_addresses(krb5_context context, const krb5_addresses *addresses) * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_ignore_addresses(krb5_context context, krb5_addresses *addresses) { if(context->ignore_addresses == NULL) { @@ -1076,7 +1131,7 @@ krb5_get_ignore_addresses(krb5_context context, krb5_addresses *addresses) * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_fcache_version(krb5_context context, int version) { context->fcache_vno = version; @@ -1095,7 +1150,7 @@ krb5_set_fcache_version(krb5_context context, int version) * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_fcache_version(krb5_context context, int *version) { *version = context->fcache_vno; @@ -1111,7 +1166,7 @@ krb5_get_fcache_version(krb5_context context, int *version) */ -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_is_thread_safe(void) { #ifdef ENABLE_PTHREAD_SUPPORT @@ -1130,7 +1185,7 @@ krb5_is_thread_safe(void) * @ingroup krb5 */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_set_dns_canonicalize_hostname (krb5_context context, krb5_boolean flag) { if (flag) @@ -1149,7 +1204,7 @@ krb5_set_dns_canonicalize_hostname (krb5_context context, krb5_boolean flag) * @ingroup krb5 */ -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_get_dns_canonicalize_hostname (krb5_context context) { return (context->flags & KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME) ? 1 : 0; @@ -1167,7 +1222,7 @@ krb5_get_dns_canonicalize_hostname (krb5_context context) * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_kdc_sec_offset (krb5_context context, int32_t *sec, int32_t *usec) { if (sec) @@ -1189,7 +1244,7 @@ krb5_get_kdc_sec_offset (krb5_context context, int32_t *sec, int32_t *usec) * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_kdc_sec_offset (krb5_context context, int32_t sec, int32_t usec) { context->kdc_sec_offset = sec; @@ -1208,7 +1263,7 @@ krb5_set_kdc_sec_offset (krb5_context context, int32_t sec, int32_t usec) * @ingroup krb5 */ -time_t KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION time_t KRB5_LIB_CALL krb5_get_max_time_skew (krb5_context context) { return context->max_skew; @@ -1223,7 +1278,7 @@ krb5_get_max_time_skew (krb5_context context) * @ingroup krb5 */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_set_max_time_skew (krb5_context context, time_t t) { context->max_skew = t; @@ -1243,7 +1298,7 @@ krb5_set_max_time_skew (krb5_context context, time_t t) * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_etype (krb5_context context, unsigned *len, krb5_enctype **val, @@ -1291,9 +1346,11 @@ _krb5_homedir_access(krb5_context context) { krb5_boolean allow; +#ifdef HAVE_GETEUID /* is never allowed for root */ if (geteuid() == 0) return FALSE; +#endif if (context && (context->flags & KRB5_CTX_F_HOMEDIR_ACCESS) == 0) return FALSE; diff --git a/lib/krb5/convert_creds.c b/lib/krb5/convert_creds.c index 479e78a91..aff843e78 100644 --- a/lib/krb5/convert_creds.c +++ b/lib/krb5/convert_creds.c @@ -58,7 +58,7 @@ check_ticket_flags(TicketFlags f) * @ingroup krb5_v4compat */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb524_convert_creds_kdc(krb5_context context, krb5_creds *in_cred, struct credentials *v4creds) @@ -160,7 +160,7 @@ out2: * @ingroup krb5_v4compat */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb524_convert_creds_kdc_ccache(krb5_context context, krb5_ccache ccache, krb5_creds *in_cred, diff --git a/lib/krb5/copy_host_realm.c b/lib/krb5/copy_host_realm.c index 7f19ddd3d..73bc117f1 100644 --- a/lib/krb5/copy_host_realm.c +++ b/lib/krb5/copy_host_realm.c @@ -46,7 +46,7 @@ * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_host_realm(krb5_context context, const krb5_realm *from, krb5_realm **to) diff --git a/lib/krb5/creds.c b/lib/krb5/creds.c index 6cc271417..fd277148d 100644 --- a/lib/krb5/creds.c +++ b/lib/krb5/creds.c @@ -45,7 +45,7 @@ * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_cred_contents (krb5_context context, krb5_creds *c) { krb5_free_principal (context, c->client); @@ -74,7 +74,7 @@ krb5_free_cred_contents (krb5_context context, krb5_creds *c) * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_creds_contents (krb5_context context, const krb5_creds *incred, krb5_creds *c) @@ -131,7 +131,7 @@ fail: * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_creds (krb5_context context, const krb5_creds *incred, krb5_creds **outcred) @@ -161,7 +161,7 @@ krb5_copy_creds (krb5_context context, * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_creds (krb5_context context, krb5_creds *c) { krb5_free_cred_contents (context, c); @@ -205,7 +205,7 @@ krb5_times_equal(const krb5_times *a, const krb5_times *b) * @ingroup krb5 */ -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_compare_creds(krb5_context context, krb5_flags whichfields, const krb5_creds * mcreds, const krb5_creds * creds) { diff --git a/lib/krb5/crypto.c b/lib/krb5/crypto.c index 828ed2916..c641ddc60 100644 --- a/lib/krb5/crypto.c +++ b/lib/krb5/crypto.c @@ -874,7 +874,7 @@ static struct key_type keytype_arcfour = { EVP_rc4 }; -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_salttype_to_string (krb5_context context, krb5_enctype etype, krb5_salttype stype, @@ -906,7 +906,7 @@ krb5_salttype_to_string (krb5_context context, return HEIM_ERR_SALTTYPE_NOSUPP; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_string_to_salttype (krb5_context context, krb5_enctype etype, const char *string, @@ -933,7 +933,7 @@ krb5_string_to_salttype (krb5_context context, return HEIM_ERR_SALTTYPE_NOSUPP; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_pw_salt(krb5_context context, krb5_const_principal principal, krb5_salt *salt) @@ -962,7 +962,7 @@ krb5_get_pw_salt(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_salt(krb5_context context, krb5_salt salt) { @@ -970,7 +970,7 @@ krb5_free_salt(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_string_to_key_data (krb5_context context, krb5_enctype enctype, krb5_data password, @@ -988,7 +988,7 @@ krb5_string_to_key_data (krb5_context context, return ret; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_string_to_key (krb5_context context, krb5_enctype enctype, const char *password, @@ -1001,7 +1001,7 @@ krb5_string_to_key (krb5_context context, return krb5_string_to_key_data(context, enctype, pw, principal, key); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_string_to_key_data_salt (krb5_context context, krb5_enctype enctype, krb5_data password, @@ -1020,7 +1020,7 @@ krb5_string_to_key_data_salt (krb5_context context, * `opaque'), returning the resulting key in `key' */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_string_to_key_data_salt_opaque (krb5_context context, krb5_enctype enctype, krb5_data password, @@ -1052,7 +1052,7 @@ krb5_string_to_key_data_salt_opaque (krb5_context context, * in `key' */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_string_to_key_salt (krb5_context context, krb5_enctype enctype, const char *password, @@ -1065,7 +1065,7 @@ krb5_string_to_key_salt (krb5_context context, return krb5_string_to_key_data_salt(context, enctype, pw, salt, key); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_string_to_key_salt_opaque (krb5_context context, krb5_enctype enctype, const char *password, @@ -1080,7 +1080,7 @@ krb5_string_to_key_salt_opaque (krb5_context context, pw, salt, opaque, key); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_enctype_keysize(krb5_context context, krb5_enctype type, size_t *keysize) @@ -1096,7 +1096,7 @@ krb5_enctype_keysize(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_enctype_keybits(krb5_context context, krb5_enctype type, size_t *keybits) @@ -1112,7 +1112,7 @@ krb5_enctype_keybits(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_generate_random_keyblock(krb5_context context, krb5_enctype type, krb5_keyblock *key) @@ -1439,7 +1439,7 @@ hmac(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_hmac(krb5_context context, krb5_cksumtype cktype, const void *data, @@ -1785,7 +1785,7 @@ arcfour_checksum_p(struct checksum_type *ct, krb5_crypto crypto) (crypto->key.key->keytype == KEYTYPE_ARCFOUR); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_create_checksum(krb5_context context, krb5_crypto crypto, krb5_key_usage usage, @@ -1897,7 +1897,7 @@ verify_checksum(krb5_context context, return ret; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_verify_checksum(krb5_context context, krb5_crypto crypto, krb5_key_usage usage, @@ -1926,7 +1926,7 @@ krb5_verify_checksum(krb5_context context, data, len, cksum); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_get_checksum_type(krb5_context context, krb5_crypto crypto, krb5_cksumtype *type) @@ -1951,7 +1951,7 @@ krb5_crypto_get_checksum_type(krb5_context context, } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_checksumsize(krb5_context context, krb5_cksumtype type, size_t *size) @@ -1967,7 +1967,7 @@ krb5_checksumsize(krb5_context context, return 0; } -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_checksum_is_keyed(krb5_context context, krb5_cksumtype type) { @@ -1982,7 +1982,7 @@ krb5_checksum_is_keyed(krb5_context context, return ct->flags & F_KEYED; } -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_checksum_is_collision_proof(krb5_context context, krb5_cksumtype type) { @@ -1997,7 +1997,7 @@ krb5_checksum_is_collision_proof(krb5_context context, return ct->flags & F_CPROOF; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_checksum_disable(krb5_context context, krb5_cksumtype type) { @@ -2724,7 +2724,7 @@ _find_enctype(krb5_enctype type) } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_enctype_to_string(krb5_context context, krb5_enctype etype, char **string) @@ -2746,7 +2746,7 @@ krb5_enctype_to_string(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_string_to_enctype(krb5_context context, const char *string, krb5_enctype *etype) @@ -2763,7 +2763,7 @@ krb5_string_to_enctype(krb5_context context, return KRB5_PROG_ETYPE_NOSUPP; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_enctype_to_keytype(krb5_context context, krb5_enctype etype, krb5_keytype *keytype) @@ -2779,7 +2779,7 @@ krb5_enctype_to_keytype(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_enctype_valid(krb5_context context, krb5_enctype etype) { @@ -2812,7 +2812,7 @@ krb5_enctype_valid(krb5_context context, */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cksumtype_to_enctype(krb5_context context, krb5_cksumtype ctype, krb5_enctype *etype) @@ -2837,7 +2837,7 @@ krb5_cksumtype_to_enctype(krb5_context context, } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cksumtype_valid(krb5_context context, krb5_cksumtype ctype) { @@ -3265,7 +3265,7 @@ find_iv(krb5_crypto_iov *data, int num_data, int type) * 4. KRB5_CRYPTO_TYPE_TRAILER */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_encrypt_iov_ivec(krb5_context context, krb5_crypto crypto, unsigned usage, @@ -3458,7 +3458,7 @@ krb5_encrypt_iov_ivec(krb5_context context, * size as the input data or shorter. */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decrypt_iov_ivec(krb5_context context, krb5_crypto crypto, unsigned usage, @@ -3606,7 +3606,7 @@ krb5_decrypt_iov_ivec(krb5_context context, * @ingroup krb5_crypto */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_create_checksum_iov(krb5_context context, krb5_crypto crypto, unsigned usage, @@ -3689,7 +3689,7 @@ krb5_create_checksum_iov(krb5_context context, * @ingroup krb5_crypto */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_verify_checksum_iov(krb5_context context, krb5_crypto crypto, unsigned usage, @@ -3751,7 +3751,7 @@ krb5_verify_checksum_iov(krb5_context context, } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_length(krb5_context context, krb5_crypto crypto, int type, @@ -3795,7 +3795,7 @@ krb5_crypto_length(krb5_context context, } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_length_iov(krb5_context context, krb5_crypto crypto, krb5_crypto_iov *data, @@ -3815,7 +3815,7 @@ krb5_crypto_length_iov(krb5_context context, } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_encrypt_ivec(krb5_context context, krb5_crypto crypto, unsigned usage, @@ -3834,7 +3834,7 @@ krb5_encrypt_ivec(krb5_context context, return encrypt_internal(context, crypto, data, len, result, ivec); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_encrypt(krb5_context context, krb5_crypto crypto, unsigned usage, @@ -3845,7 +3845,7 @@ krb5_encrypt(krb5_context context, return krb5_encrypt_ivec(context, crypto, usage, data, len, result, NULL); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_encrypt_EncryptedData(krb5_context context, krb5_crypto crypto, unsigned usage, @@ -3863,7 +3863,7 @@ krb5_encrypt_EncryptedData(krb5_context context, return krb5_encrypt(context, crypto, usage, data, len, &result->cipher); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decrypt_ivec(krb5_context context, krb5_crypto crypto, unsigned usage, @@ -3882,7 +3882,7 @@ krb5_decrypt_ivec(krb5_context context, return decrypt_internal(context, crypto, data, len, result, ivec); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decrypt(krb5_context context, krb5_crypto crypto, unsigned usage, @@ -3894,7 +3894,7 @@ krb5_decrypt(krb5_context context, NULL); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decrypt_EncryptedData(krb5_context context, krb5_crypto crypto, unsigned usage, @@ -3936,6 +3936,7 @@ seed_something(void) /* Calling RAND_status() will try to use /dev/urandom if it exists so we do not have to deal with it. */ if (RAND_status() != 1) { +#ifndef _WIN32 krb5_context context; const char *p; @@ -3947,6 +3948,10 @@ seed_something(void) RAND_egd_bytes(p, ENTROPY_NEEDED); krb5_free_context(context); } +#else + /* TODO: Once a Windows CryptoAPI RAND method is defined, we + can use that and failover to another method. */ +#endif } if (RAND_status() == 1) { @@ -3959,7 +3964,7 @@ seed_something(void) return -1; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_generate_random_block(void *buf, size_t len) { static int rng_initialized = 0; @@ -4083,7 +4088,7 @@ _new_derived_key(krb5_crypto crypto, unsigned usage) return &d->key; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_derive_key(krb5_context context, const krb5_keyblock *key, krb5_enctype etype, @@ -4162,7 +4167,7 @@ _get_derived_key(krb5_context context, * @ingroup krb5_crypto */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_init(krb5_context context, const krb5_keyblock *key, krb5_enctype etype, @@ -4244,7 +4249,7 @@ free_key_usage(krb5_context context, struct key_usage *ku, * @ingroup krb5_crypto */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_destroy(krb5_context context, krb5_crypto crypto) { @@ -4270,7 +4275,7 @@ krb5_crypto_destroy(krb5_context context, * @ingroup krb5_crypto */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_getblocksize(krb5_context context, krb5_crypto crypto, size_t *blocksize) @@ -4291,7 +4296,7 @@ krb5_crypto_getblocksize(krb5_context context, * @ingroup krb5_crypto */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_getenctype(krb5_context context, krb5_crypto crypto, krb5_enctype *enctype) @@ -4312,7 +4317,7 @@ krb5_crypto_getenctype(krb5_context context, * @ingroup krb5_crypto */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_getpadsize(krb5_context context, krb5_crypto crypto, size_t *padsize) @@ -4333,7 +4338,7 @@ krb5_crypto_getpadsize(krb5_context context, * @ingroup krb5_crypto */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_getconfoundersize(krb5_context context, krb5_crypto crypto, size_t *confoundersize) @@ -4354,7 +4359,7 @@ krb5_crypto_getconfoundersize(krb5_context context, * @ingroup krb5_crypto */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_enctype_disable(krb5_context context, krb5_enctype enctype) { @@ -4381,7 +4386,7 @@ krb5_enctype_disable(krb5_context context, * @ingroup krb5_crypto */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_enctype_enable(krb5_context context, krb5_enctype enctype) { @@ -4398,7 +4403,7 @@ krb5_enctype_enable(krb5_context context, } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_string_to_key_derived(krb5_context context, const void *str, size_t len, @@ -4570,7 +4575,7 @@ krb5_crypto_overhead (krb5_context context, krb5_crypto crypto) * @ingroup krb5_crypto */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_random_to_key(krb5_context context, krb5_enctype type, const void *data, @@ -4862,7 +4867,7 @@ _krb5_pk_kdf(krb5_context context, } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_prf_length(krb5_context context, krb5_enctype type, size_t *length) @@ -4880,7 +4885,7 @@ krb5_crypto_prf_length(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_prf(krb5_context context, const krb5_crypto crypto, const krb5_data *input, @@ -4971,7 +4976,7 @@ krb5_crypto_prfplus(krb5_context context, * @ingroup krb5_crypto */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_fx_cf2(krb5_context context, const krb5_crypto crypto1, const krb5_crypto crypto2, @@ -5025,12 +5030,12 @@ krb5_crypto_fx_cf2(krb5_context context, * @ingroup krb5_deprecated */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_DEPRECATED +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_keytype_to_enctypes (krb5_context context, krb5_keytype keytype, unsigned *len, krb5_enctype **val) - KRB5_DEPRECATED { int i; unsigned n = 0; @@ -5072,11 +5077,11 @@ krb5_keytype_to_enctypes (krb5_context context, */ /* if two enctypes have compatible keys */ -krb5_boolean KRB5_LIB_FUNCTION +KRB5_DEPRECATED +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_enctypes_compatible_keys(krb5_context context, krb5_enctype etype1, krb5_enctype etype2) - KRB5_DEPRECATED { struct encryption_type *e1 = _find_enctype(etype1); struct encryption_type *e2 = _find_enctype(etype2); diff --git a/lib/krb5/data.c b/lib/krb5/data.c index 993d6058b..838135ffa 100644 --- a/lib/krb5/data.c +++ b/lib/krb5/data.c @@ -41,7 +41,7 @@ * @ingroup krb5 */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_data_zero(krb5_data *p) { p->length = 0; @@ -59,7 +59,7 @@ krb5_data_zero(krb5_data *p) * @ingroup krb5 */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_data_free(krb5_data *p) { if(p->data != NULL) @@ -76,7 +76,7 @@ krb5_data_free(krb5_data *p) * @ingroup krb5 */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_data(krb5_context context, krb5_data *p) { @@ -96,7 +96,7 @@ krb5_free_data(krb5_context context, * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_data_alloc(krb5_data *p, int len) { p->data = malloc(len); @@ -118,7 +118,7 @@ krb5_data_alloc(krb5_data *p, int len) * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_data_realloc(krb5_data *p, int len) { void *tmp; @@ -143,7 +143,7 @@ krb5_data_realloc(krb5_data *p, int len) * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_data_copy(krb5_data *p, const void *data, size_t len) { if (len) { @@ -169,7 +169,7 @@ krb5_data_copy(krb5_data *p, const void *data, size_t len) * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_data(krb5_context context, const krb5_data *indata, krb5_data **outdata) @@ -200,7 +200,7 @@ krb5_copy_data(krb5_context context, * @ingroup krb5 */ -int KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_data_cmp(const krb5_data *data1, const krb5_data *data2) { if (data1->length != data2->length) diff --git a/lib/krb5/deprecated.c b/lib/krb5/deprecated.c index 00ba92b9a..ce755cdb8 100644 --- a/lib/krb5/deprecated.c +++ b/lib/krb5/deprecated.c @@ -51,9 +51,9 @@ * @ingroup krb5_deprecated */ -void KRB5_LIB_FUNCTION +KRB5_DEPRECATED +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_data_contents(krb5_context context, krb5_data *data) - KRB5_DEPRECATED { krb5_data_free(data); } @@ -64,12 +64,12 @@ krb5_free_data_contents(krb5_context context, krb5_data *data) * @ingroup krb5_deprecated */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_DEPRECATED +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_keytype_to_enctypes_default (krb5_context context, krb5_keytype keytype, unsigned *len, krb5_enctype **val) - KRB5_DEPRECATED { unsigned int i, n; krb5_enctype *ret; @@ -114,11 +114,11 @@ static int num_keys = sizeof(keys) / sizeof(keys[0]); * @ingroup krb5_deprecated */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_DEPRECATED +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_keytype_to_string(krb5_context context, krb5_keytype keytype, char **string) - KRB5_DEPRECATED { const char *name; int i; @@ -151,11 +151,11 @@ krb5_keytype_to_string(krb5_context context, * @ingroup krb5_deprecated */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_DEPRECATED +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_string_to_keytype(krb5_context context, const char *string, krb5_keytype *keytype) - KRB5_DEPRECATED { char *end; int i; @@ -184,13 +184,13 @@ krb5_string_to_keytype(krb5_context context, * @ingroup krb5_deprecated */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_DEPRECATED +KRB5_LIB_FUNCTION krb5_error_code krb5_password_key_proc (krb5_context context, krb5_enctype type, krb5_salt salt, krb5_const_pointer keyseed, krb5_keyblock **key) - KRB5_DEPRECATED { krb5_error_code ret; const char *password = (const char *)keyseed; @@ -220,7 +220,8 @@ krb5_password_key_proc (krb5_context context, * @ingroup krb5_deprecated */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_DEPRECATED +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_in_tkt_with_password (krb5_context context, krb5_flags options, krb5_addresses *addrs, @@ -230,7 +231,6 @@ krb5_get_in_tkt_with_password (krb5_context context, krb5_ccache ccache, krb5_creds *creds, krb5_kdc_rep *ret_as_reply) - KRB5_DEPRECATED { return krb5_get_in_tkt (context, options, @@ -262,7 +262,8 @@ krb5_skey_key_proc (krb5_context context, * @ingroup krb5_deprecated */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_DEPRECATED +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_in_tkt_with_skey (krb5_context context, krb5_flags options, krb5_addresses *addrs, @@ -272,7 +273,6 @@ krb5_get_in_tkt_with_skey (krb5_context context, krb5_ccache ccache, krb5_creds *creds, krb5_kdc_rep *ret_as_reply) - KRB5_DEPRECATED { if(key == NULL) return krb5_get_in_tkt_with_keytab (context, @@ -305,13 +305,13 @@ krb5_get_in_tkt_with_skey (krb5_context context, * @ingroup krb5_deprecated */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_DEPRECATED +KRB5_LIB_FUNCTION krb5_error_code krb5_keytab_key_proc (krb5_context context, krb5_enctype enctype, krb5_salt salt, krb5_const_pointer keyseed, krb5_keyblock **key) - KRB5_DEPRECATED { krb5_keytab_key_proc_args *args = rk_UNCONST(keyseed); krb5_keytab keytab = args->keytab; @@ -345,7 +345,8 @@ krb5_keytab_key_proc (krb5_context context, * @ingroup krb5_deprecated */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_DEPRECATED +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_in_tkt_with_keytab (krb5_context context, krb5_flags options, krb5_addresses *addrs, @@ -355,7 +356,6 @@ krb5_get_in_tkt_with_keytab (krb5_context context, krb5_ccache ccache, krb5_creds *creds, krb5_kdc_rep *ret_as_reply) - KRB5_DEPRECATED { krb5_keytab_key_proc_args a; @@ -376,6 +376,8 @@ krb5_get_in_tkt_with_keytab (krb5_context context, ret_as_reply); } +#ifdef KRB4 + static krb5_boolean convert_func(krb5_context conxtext, void *funcctx, krb5_principal principal) { @@ -389,7 +391,8 @@ convert_func(krb5_context conxtext, void *funcctx, krb5_principal principal) * @ingroup krb5_deprecated */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_DEPRECATED +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_425_conv_principal_ext(krb5_context context, const char *name, const char *instance, @@ -397,7 +400,6 @@ krb5_425_conv_principal_ext(krb5_context context, krb5_boolean (*func)(krb5_context, krb5_principal), krb5_boolean resolve, krb5_principal *principal) - KRB5_DEPRECATED { return krb5_425_conv_principal_ext2(context, name, @@ -415,13 +417,13 @@ krb5_425_conv_principal_ext(krb5_context context, * @ingroup krb5_deprecated */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_DEPRECATED +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_425_conv_principal(krb5_context context, const char *name, const char *instance, const char *realm, krb5_principal *princ) - KRB5_DEPRECATED { krb5_boolean resolve = krb5_config_get_bool(context, NULL, @@ -433,6 +435,8 @@ krb5_425_conv_principal(krb5_context context, NULL, resolve, princ); } +#endif + /** * Generate a new ccache of type `ops' in `id'. * @@ -444,11 +448,11 @@ krb5_425_conv_principal(krb5_context context, */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_DEPRECATED +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_gen_new(krb5_context context, const krb5_cc_ops *ops, krb5_ccache *id) - KRB5_DEPRECATED { return krb5_cc_new_unique(context, ops->prefix, NULL, id); } @@ -459,10 +463,10 @@ krb5_cc_gen_new(krb5_context context, * @ingroup krb5_deprecated */ -krb5_realm * KRB5_LIB_FUNCTION +KRB5_DEPRECATED +KRB5_LIB_FUNCTION krb5_realm * KRB5_LIB_CALL krb5_princ_realm(krb5_context context, krb5_principal principal) - KRB5_DEPRECATED { return &principal->realm; } @@ -474,11 +478,11 @@ krb5_princ_realm(krb5_context context, * @ingroup krb5_deprecated */ -void KRB5_LIB_FUNCTION +KRB5_DEPRECATED +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_princ_set_realm(krb5_context context, krb5_principal principal, krb5_realm *realm) - KRB5_DEPRECATED { principal->realm = *realm; } @@ -490,9 +494,9 @@ krb5_princ_set_realm(krb5_context context, */ /* keep this for compatibility with older code */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_DEPRECATED +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_creds_contents (krb5_context context, krb5_creds *c) - KRB5_DEPRECATED { return krb5_free_cred_contents (context, c); } @@ -508,9 +512,9 @@ krb5_free_creds_contents (krb5_context context, krb5_creds *c) * @ingroup krb5_deprecated */ -void KRB5_LIB_FUNCTION +KRB5_DEPRECATED +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_error_string(krb5_context context, char *str) - KRB5_DEPRECATED { krb5_free_error_message(context, str); } @@ -528,9 +532,10 @@ krb5_free_error_string(krb5_context context, char *str) * @ingroup krb5_deprecated */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_DEPRECATED +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_error_string(krb5_context context, const char *fmt, ...) - __attribute__((format (printf, 2, 3))) KRB5_DEPRECATED + __attribute__((format (printf, 2, 3))) { va_list ap; @@ -554,9 +559,10 @@ krb5_set_error_string(krb5_context context, const char *fmt, ...) * @ingroup krb5_deprecated */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_DEPRECATED +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_vset_error_string(krb5_context context, const char *fmt, va_list args) - __attribute__ ((format (printf, 2, 0))) KRB5_DEPRECATED + __attribute__ ((format (printf, 2, 0))) { krb5_vset_error_message(context, 0, fmt, args); return 0; @@ -572,9 +578,9 @@ krb5_vset_error_string(krb5_context context, const char *fmt, va_list args) * @ingroup krb5_deprecated */ -void KRB5_LIB_FUNCTION +KRB5_DEPRECATED +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_clear_error_string(krb5_context context) - KRB5_DEPRECATED { krb5_clear_error_message(context); } @@ -585,13 +591,14 @@ krb5_clear_error_string(krb5_context context) * @ingroup krb5_deprecated */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_DEPRECATED +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_cred_from_kdc_opt(krb5_context context, krb5_ccache ccache, krb5_creds *in_creds, krb5_creds **out_creds, krb5_creds ***ret_tgts, - krb5_flags flags) KRB5_DEPRECATED + krb5_flags flags) { krb5_kdc_flags f; f.i = flags; @@ -606,12 +613,13 @@ krb5_get_cred_from_kdc_opt(krb5_context context, * @ingroup krb5_deprecated */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_DEPRECATED +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_cred_from_kdc(krb5_context context, krb5_ccache ccache, krb5_creds *in_creds, krb5_creds **out_creds, - krb5_creds ***ret_tgts) KRB5_DEPRECATED + krb5_creds ***ret_tgts) { return krb5_get_cred_from_kdc_opt(context, ccache, in_creds, out_creds, ret_tgts, 0); diff --git a/lib/krb5/derived-key-test.c b/lib/krb5/derived-key-test.c index fe85ff257..a67c95a54 100644 --- a/lib/krb5/derived-key-test.c +++ b/lib/krb5/derived-key-test.c @@ -75,7 +75,7 @@ static struct testcase { {0} }; -int KRB5_LIB_FUNCTION +int main(int argc, char **argv) { struct testcase *t; diff --git a/lib/krb5/dll.c b/lib/krb5/dll.c new file mode 100644 index 000000000..d6ee48eb9 --- /dev/null +++ b/lib/krb5/dll.c @@ -0,0 +1,58 @@ +/*********************************************************************** + * Copyright (c) 2009, Secure Endpoints Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * - Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * - Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + **********************************************************************/ + +#include + +HINSTANCE _krb5_hInstance = NULL; + +BOOL WINAPI DllMain(HINSTANCE hinstDLL, + DWORD fdwReason, + LPVOID lpvReserved) +{ + switch (fdwReason) { + case DLL_PROCESS_ATTACH: + + _krb5_hInstance = hinstDLL; + return TRUE; + + case DLL_PROCESS_DETACH: + return FALSE; + + case DLL_THREAD_ATTACH: + return FALSE; + + case DLL_THREAD_DETACH: + return FALSE; + } + + return FALSE; +} + diff --git a/lib/krb5/eai_to_heim_errno.c b/lib/krb5/eai_to_heim_errno.c index 499150f46..ef11e370f 100644 --- a/lib/krb5/eai_to_heim_errno.c +++ b/lib/krb5/eai_to_heim_errno.c @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -#include +#include "krb5_locl.h" /** * Convert the getaddrinfo() error code to a Kerberos et error code. @@ -44,7 +44,7 @@ * @ingroup krb5_error */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_eai_to_heim_errno(int eai_errno, int system_error) { switch(eai_errno) { @@ -74,8 +74,10 @@ krb5_eai_to_heim_errno(int eai_errno, int system_error) return HEIM_EAI_SERVICE; case EAI_SOCKTYPE: return HEIM_EAI_SOCKTYPE; +#ifdef EAI_SYSTEM case EAI_SYSTEM: return system_error; +#endif default: return HEIM_EAI_UNKNOWN; /* XXX */ } @@ -92,7 +94,7 @@ krb5_eai_to_heim_errno(int eai_errno, int system_error) * @ingroup krb5_error */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_h_errno_to_heim_errno(int eai_errno) { switch(eai_errno) { diff --git a/lib/krb5/error_string.c b/lib/krb5/error_string.c index c524c4b52..076b7781d 100644 --- a/lib/krb5/error_string.c +++ b/lib/krb5/error_string.c @@ -44,7 +44,7 @@ * @ingroup krb5_error */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_clear_error_message(krb5_context context) { HEIMDAL_MUTEX_lock(context->mutex); @@ -67,7 +67,7 @@ krb5_clear_error_message(krb5_context context) * @ingroup krb5_error */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_set_error_message(krb5_context context, krb5_error_code ret, const char *fmt, ...) __attribute__ ((format (printf, 3, 4))) @@ -91,7 +91,7 @@ krb5_set_error_message(krb5_context context, krb5_error_code ret, */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_vset_error_message (krb5_context context, krb5_error_code ret, const char *fmt, va_list args) __attribute__ ((format (printf, 3, 0))) @@ -179,7 +179,7 @@ krb5_vprepend_error_message(krb5_context context, krb5_error_code ret, * @ingroup krb5_error */ -char * KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION char * KRB5_LIB_CALL krb5_get_error_string(krb5_context context) { char *ret = NULL; @@ -191,7 +191,7 @@ krb5_get_error_string(krb5_context context) return ret; } -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_have_error_string(krb5_context context) { char *str; @@ -214,7 +214,7 @@ krb5_have_error_string(krb5_context context) * @ingroup krb5_error */ -const char * KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL krb5_get_error_message(krb5_context context, krb5_error_code code) { char *str; @@ -258,7 +258,7 @@ krb5_get_error_message(krb5_context context, krb5_error_code code) * @ingroup krb5_error */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_error_message(krb5_context context, const char *msg) { free(rk_UNCONST(msg)); @@ -279,7 +279,7 @@ krb5_free_error_message(krb5_context context, const char *msg) * @ingroup krb5 */ -const char* KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_get_err_text(krb5_context context, krb5_error_code code) KRB5_DEPRECATED { const char *p = NULL; diff --git a/lib/krb5/expand_hostname.c b/lib/krb5/expand_hostname.c index 67988d0d7..7b638d5f0 100644 --- a/lib/krb5/expand_hostname.c +++ b/lib/krb5/expand_hostname.c @@ -63,7 +63,7 @@ copy_hostname(krb5_context context, * @ingroup krb5_support */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_expand_hostname (krb5_context context, const char *orig_hostname, char **new_hostname) @@ -140,7 +140,7 @@ vanilla_hostname (krb5_context context, * @ingroup krb5_support */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_expand_hostname_realms (krb5_context context, const char *orig_hostname, char **new_hostname, diff --git a/lib/krb5/expand_path_w32.c b/lib/krb5/expand_path_w32.c new file mode 100644 index 000000000..784ce64fe --- /dev/null +++ b/lib/krb5/expand_path_w32.c @@ -0,0 +1,484 @@ +/*********************************************************************** + * Copyright (c) 2009, Secure Endpoints Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * - Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * - Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + **********************************************************************/ + +#include "krb5_locl.h" +#include +#include + +typedef int PTYPE; + +/** + * Expand a %{TEMP} token + * + * The %{TEMP} token expands to the temporary path for the current + * user as returned by GetTempPath(). + * + * @note: Since the GetTempPath() function relies on the TMP or TEMP + * environment variables, this function will failover to the system + * temporary directory until the user profile is loaded. In addition, + * the returned path may or may not exist. + */ +static int +_expand_temp_folder(krb5_context context, PTYPE param, const char * postfix, char ** ret) +{ + TCHAR tpath[MAX_PATH]; + size_t len; + + if (!GetTempPath(sizeof(tpath)/sizeof(tpath[0]), tpath)) { + if (context) + krb5_set_error_string(context, "Failed to get temporary path (GLE=%d)", + GetLastError()); + return EINVAL; + } + + len = strlen(tpath); + + if (len > 0 && tpath[len - 1] == '\\') + tpath[len - 1] = '\0'; + + *ret = strdup(tpath); + + if (*ret == NULL) { + if (context) + krb5_set_error_string(context, "strdup - Out of memory"); + return ENOMEM; + } + + return 0; +} + +extern HINSTANCE _krb5_hInstance; + +/** + * Expand a %{BINDIR} token + * + * This is also used to expand a few other tokens on Windows, since + * most of the executable binaries end up in the same directory. The + * "bin" directory is considered to be the directory in which the + * krb5.dll is located. + */ +static int +_expand_bin_dir(krb5_context context, PTYPE param, const char * postfix, char ** ret) +{ + TCHAR path[MAX_PATH]; + TCHAR *lastSlash; + DWORD nc; + + nc = GetModuleFileName(_krb5_hInstance, path, sizeof(path)/sizeof(path[0])); + if (nc == 0 || + nc == sizeof(path)/sizeof(path[0])) { + return EINVAL; + } + + lastSlash = strrchr(path, '\\'); + if (lastSlash != NULL) { + TCHAR *fslash = strrchr(lastSlash, '/'); + + if (fslash != NULL) + lastSlash = fslash; + + *lastSlash = '\0'; + } + + if (postfix) { + if (strlcat(path, postfix, sizeof(path)/sizeof(path[0])) >= sizeof(path)/sizeof(path[0])) + return EINVAL; + } + + *ret = strdup(path); + if (*ret == NULL) + return ENOMEM; + + return 0; +} + +/** + * Expand a %{USERID} token + * + * The %{USERID} token expands to the string representation of the + * user's SID. The user account that will be used is the account + * corresponding to the current thread's security token. This means + * that: + * + * - If the current thread token has the anonymous impersonation + * level, the call will fail. + * + * - If the current thread is impersonating a token at + * SecurityIdentification level the call will fail. + * + */ +static int +_expand_userid(krb5_context context, PTYPE param, const char * postfix, char ** ret) +{ + int rv = EINVAL; + HANDLE hThread = NULL; + HANDLE hToken = NULL; + PTOKEN_OWNER pOwner = NULL; + DWORD len = 0; + LPTSTR strSid = NULL; + + hThread = GetCurrentThread(); + + if (!OpenThreadToken(hThread, TOKEN_QUERY, + FALSE, /* Open the thread token as the + current thread user. */ + &hToken)) { + + DWORD le = GetLastError(); + + if (le == ERROR_NO_TOKEN) { + HANDLE hProcess = GetCurrentProcess(); + + le = 0; + if (!OpenProcessToken(hProcess, TOKEN_QUERY, &hToken)) + le = GetLastError(); + } + + if (le != 0) { + if (context) + krb5_set_error_string(context, "Can't open thread token (GLE=%d)", le); + goto _exit; + } + } + + if (!GetTokenInformation(hToken, TokenOwner, NULL, 0, &len)) { + if (GetLastError() != ERROR_INSUFFICIENT_BUFFER) { + if (context) + krb5_set_error_string(context, "Unexpected error reading token information (GLE=%d)", + GetLastError()); + goto _exit; + } + + if (len == 0) { + if (context) + krb5_set_error_string(context, "GetTokenInformation() returned truncated buffer"); + goto _exit; + } + + pOwner = malloc(len); + if (pOwner == NULL) { + if (context) + krb5_set_error_string(context, "Out of memory"); + goto _exit; + } + } else { + if (context) + krb5_set_error_string(context, "GetTokenInformation() returned truncated buffer"); + goto _exit; + } + + if (!GetTokenInformation(hToken, TokenOwner, pOwner, len, &len)) { + if (context) + krb5_set_error_string(context, "GetTokenInformation() failed. GLE=%d", GetLastError()); + goto _exit; + } + + if (!ConvertSidToStringSid(pOwner->Owner, &strSid)) { + if (context) + krb5_set_error_string(context, "Can't convert SID to string. GLE=%d", GetLastError()); + goto _exit; + } + + *ret = strdup(strSid); + if (*ret == NULL && context) + krb5_set_error_string(context, "Out of memory"); + + rv = 0; + + _exit: + if (hToken != NULL) + CloseHandle(hToken); + + if (pOwner != NULL) + free (pOwner); + + if (strSid != NULL) + LocalFree(strSid); + + return rv; +} + +/** + * Expand a %{null} token + * + * The expansion of a %{null} token is always the empty string. + */ +static int +_expand_null(krb5_context context, PTYPE param, const char * postfix, char ** ret) +{ + *ret = strdup(""); + if (*ret == NULL) { + if (context) + krb5_set_error_string(context, "Out of memory"); + return ENOMEM; + } + return 0; +} + + +/** + * Expand a folder identified by a CSIDL + * + * Parameters: + * + * @param[in] folder A CSIDL value identifying the folder to be + * returned. + */ +static int +_expand_csidl(krb5_context context, PTYPE folder, const char * postfix, char ** ret) +{ + TCHAR path[MAX_PATH]; + size_t len; + + if (SHGetFolderPath(NULL, folder, NULL, SHGFP_TYPE_CURRENT, path) != S_OK) { + if (context) + krb5_set_error_string(context, "Unable to determine folder path"); + return 1; + } + + len = strlen(path); + + if (len > 0 && path[len - 1] == '\\') + path[len - 1] = '\0'; + + if (postfix && + strlcat(path, postfix, sizeof(path)/sizeof(path[0])) >= sizeof(path)/sizeof(path[0])) { + return ENOMEM; + } + + *ret = strdup(path); + if (*ret == NULL) { + if (context) + krb5_set_error_string(context, "Out of memory"); + return ENOMEM; + } + return 0; +} + +static const struct token { + const char * tok; + int ftype; +#define FTYPE_CSIDL 0 +#define FTYPE_SPECIAL 1 + + PTYPE param; + const char * postfix; + + int (*exp_func)(krb5_context, PTYPE, const char *, char **); + +#define CSIDLP(C,P) FTYPE_CSIDL, C, P, _expand_csidl +#define CSIDL(C) CSIDLP(C, NULL) + +#define SPECIALP(f, P) FTYPE_SPECIAL, 0, P, f +#define SPECIAL(f) SPECIALP(f, NULL) + +} tokens[] = { + /* Windows only -- */ + {"APPDATA", CSIDL(CSIDL_APPDATA)}, + /* Roaming application data (for current user) */ + + {"COMMON_APPDATA", CSIDL(CSIDL_COMMON_APPDATA)}, + /* Application data (all users) */ + + {"LOCAL_APPDATA", CSIDL(CSIDL_LOCAL_APPDATA)}, + /* Local application data (for current user) */ + + {"SYSTEM", CSIDL(CSIDL_SYSTEM)}, + /* Windows System folder (e.g. %WINDIR%\System32) */ + + {"WINDOWS", CSIDL(CSIDL_WINDOWS)}, + /* Windows folder */ + /* -- end Windows only */ + + {"USERCONFIG", CSIDLP(CSIDL_APPDATA, "\\" PACKAGE)}, + /* Per user Heimdal configuration file path */ + + {"COMMONCONFIG", CSIDLP(CSIDL_COMMON_APPDATA, "\\" PACKAGE)}, + /* Common Heimdal configuration file path */ + + {"LIBDIR", SPECIAL(_expand_bin_dir)}, + /* Expands to the "lib" directory. On + Windows this is treated the same as + the "bin" directory. */ + + {"BINDIR", SPECIAL(_expand_bin_dir)}, + /* Expands to the "bin" directory. On + Windows this is treated the same as + the "bin" directory. */ + + {"LIBEXEC", SPECIAL(_expand_bin_dir)}, + /* Expands to the "libexec" + directory. On Windows, this is + treated the same as the "bin" + directory. */ + + {"SBINDIR", SPECIAL(_expand_bin_dir)}, + /* Expands to the "sbin" directory. + On Windows, this is treated the + same as the "bin" directory. */ + + {"TEMP", SPECIAL(_expand_temp_folder)}, + /* Temporary files folder */ + + {"USERID", SPECIAL(_expand_userid)}, + /* User ID (On Windows, this expands + to the user's string SID */ + + {"uid", SPECIAL(_expand_userid)}, + /* Alias for USERID */ + + {"null", SPECIAL(_expand_null)}, + /* Empty string. For compatibility. */ + +}; + +static int +_expand_token(krb5_context context, const char * token, const char * token_end, + char ** ret) +{ + int i; + + *ret = NULL; + + if (token[0] != '%' || token[1] != '{' || token_end[0] != '}' || + token_end - token <= 2) { + if (context) + krb5_set_error_string(context, "Invalid token."); + return EINVAL; + } + + for (i=0; i < sizeof(tokens)/sizeof(tokens[0]); i++) { + if (!strncmp(token+2, tokens[i].tok, (token_end - token) - 2)) + return tokens[i].exp_func(context, tokens[i].param, tokens[i].postfix, ret); + } + + if (context) + krb5_set_error_string(context, "Invalid token."); + return EINVAL; +} + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_free_path(krb5_context context, + char * path) +{ + if (path == NULL) + return EINVAL; + + free(path); + return 0; +} + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_expand_path_tokens(krb5_context context, + const char * path_in, + char ** ppath_out) +{ + size_t len = 0; + char *tok_begin, *tok_end, *append; + const char *path_left; + + *ppath_out = NULL; + + for (path_left = path_in; path_left && *path_left; ) { + + tok_begin = strstr(path_left, "%{"); + + if (tok_begin && tok_begin != path_left) { + + append = malloc((tok_begin - path_left) + 1); + if (append) { + memcpy(append, path_left, tok_begin - path_left); + append[tok_begin - path_left] = '\0'; + } + path_left = tok_begin; + + } else if (tok_begin) { + + tok_end = strchr(tok_begin, '}'); + if (tok_end == NULL) { + if (*ppath_out) + free(*ppath_out); + *ppath_out = NULL; + if (context) + krb5_set_error_string(context, "variable missing }"); + return EINVAL; + } + + if (_expand_token(context, tok_begin, tok_end, &append)) { + if (*ppath_out) + free(*ppath_out); + *ppath_out = NULL; + return EINVAL; + } + + path_left = tok_end + 1; + } else { + + append = strdup(path_left); + path_left = NULL; + + } + + if (append == NULL) { + + if (*ppath_out) + free(*ppath_out); + *ppath_out = NULL; + if (context) + krb5_set_error_string(context, "malloc - out of memory"); + return ENOMEM; + + } + + { + size_t append_len = strlen(append); + char * new_str = realloc(*ppath_out, len + append_len + 1); + + if (new_str == NULL) { + free(append); + if (*ppath_out) + free(*ppath_out); + *ppath_out = NULL; + if (context) + krb5_set_error_string(context, "malloc - out of memory"); + return ENOMEM; + } + + *ppath_out = new_str; + memcpy(*ppath_out + len, append, append_len + 1); + len = len + append_len; + free(append); + } + } + + return 0; +} + diff --git a/lib/krb5/fcache.c b/lib/krb5/fcache.c index 9528d5419..67c4c7444 100644 --- a/lib/krb5/fcache.c +++ b/lib/krb5/fcache.c @@ -226,7 +226,11 @@ scrub_file (int fd) return errno; pos -= tmp; } +#ifdef _MSC_VER + _commit (fd); +#else fsync (fd); +#endif return 0; } @@ -320,6 +324,22 @@ fcc_gen_new(krb5_context context, krb5_ccache *id) N_("malloc: out of memory", "")); return KRB5_CC_NOMEM; } +#ifdef KRB5_USE_PATH_TOKENS + { + char * exp_file = NULL; + krb5_error_code ec; + + ec = _krb5_expand_path_tokens(context, file, &exp_file); + + if (ec == 0) { + free(file); + file = exp_file; + } else { + free(file); + return ec; + } + } +#endif fd = mkstemp(file); if(fd < 0) { int ret = errno; @@ -898,6 +918,15 @@ fcc_move(krb5_context context, krb5_ccache from, krb5_ccache to) krb5_error_code ret = 0; ret = rename(FILENAME(from), FILENAME(to)); +#ifdef RENAME_DOES_NOT_UNLINK + if (ret && (errno == EEXIST || errno == EACCES)) { + ret = unlink(FILENAME(to)); + if (ret == 0) { + ret = rename(FILENAME(from), FILENAME(to)); + } + } +#endif + if (ret && errno != EXDEV) { char buf[128]; ret = errno; diff --git a/lib/krb5/free.c b/lib/krb5/free.c index 7f4374374..5bb33b443 100644 --- a/lib/krb5/free.c +++ b/lib/krb5/free.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_kdc_rep(krb5_context context, krb5_kdc_rep *rep) { free_KDC_REP(&rep->kdc_rep); @@ -43,7 +43,7 @@ krb5_free_kdc_rep(krb5_context context, krb5_kdc_rep *rep) return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_xfree (void *ptr) { free (ptr); diff --git a/lib/krb5/free_host_realm.c b/lib/krb5/free_host_realm.c index f6e9f6e24..0932674e9 100644 --- a/lib/krb5/free_host_realm.c +++ b/lib/krb5/free_host_realm.c @@ -44,7 +44,7 @@ * @ingroup krb5_support */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_host_realm(krb5_context context, krb5_realm *realmlist) { diff --git a/lib/krb5/generate_seq_number.c b/lib/krb5/generate_seq_number.c index b7bd8b99f..575f842d8 100644 --- a/lib/krb5/generate_seq_number.c +++ b/lib/krb5/generate_seq_number.c @@ -31,9 +31,9 @@ * SUCH DAMAGE. */ -#include +#include "krb5_locl.h" -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_generate_seq_number(krb5_context context, const krb5_keyblock *key, uint32_t *seqno) diff --git a/lib/krb5/generate_subkey.c b/lib/krb5/generate_subkey.c index 003a66ac0..e09dc2a91 100644 --- a/lib/krb5/generate_subkey.c +++ b/lib/krb5/generate_subkey.c @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -#include +#include "krb5_locl.h" /** * Generate subkey, from keyblock @@ -46,7 +46,7 @@ * @ingroup krb5_crypto */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_generate_subkey_extended(krb5_context context, const krb5_keyblock *key, krb5_enctype etype, diff --git a/lib/krb5/get_addrs.c b/lib/krb5/get_addrs.c index 8f366fa14..829b2acc1 100644 --- a/lib/krb5/get_addrs.c +++ b/lib/krb5/get_addrs.c @@ -266,7 +266,7 @@ get_addrs_int (krb5_context context, krb5_addresses *res, int flags) * Only include loopback address if there are no other. */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_all_client_addrs (krb5_context context, krb5_addresses *res) { int flags = LOOP_IF_NONE | EXTRA_ADDRESSES; @@ -282,7 +282,7 @@ krb5_get_all_client_addrs (krb5_context context, krb5_addresses *res) * If that fails, we return the address corresponding to `hostname'. */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_all_server_addrs (krb5_context context, krb5_addresses *res) { return get_addrs_int (context, res, LOOP | SCAN_INTERFACES); diff --git a/lib/krb5/get_cred.c b/lib/krb5/get_cred.c index 23bd06f80..3d76391fa 100644 --- a/lib/krb5/get_cred.c +++ b/lib/krb5/get_cred.c @@ -33,7 +33,7 @@ * SUCH DAMAGE. */ -#include +#include "krb5_locl.h" #include /* @@ -608,7 +608,7 @@ get_cred_kdc_address(krb5_context context, return ret; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_kdc_cred(krb5_context context, krb5_ccache id, krb5_kdc_flags flags, @@ -1068,7 +1068,7 @@ _krb5_get_cred_kdc_any(krb5_context context, } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_credentials_with_flags(krb5_context context, krb5_flags options, krb5_kdc_flags flags, @@ -1154,7 +1154,7 @@ krb5_get_credentials_with_flags(krb5_context context, return ret; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_credentials(krb5_context context, krb5_flags options, krb5_ccache ccache, @@ -1175,7 +1175,7 @@ struct krb5_get_creds_opt_data { }; -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_creds_opt_alloc(krb5_context context, krb5_get_creds_opt *opt) { *opt = calloc(1, sizeof(**opt)); @@ -1187,7 +1187,7 @@ krb5_get_creds_opt_alloc(krb5_context context, krb5_get_creds_opt *opt) return 0; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_creds_opt_free(krb5_context context, krb5_get_creds_opt opt) { if (opt->self) @@ -1200,7 +1200,7 @@ krb5_get_creds_opt_free(krb5_context context, krb5_get_creds_opt opt) free(opt); } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_creds_opt_set_options(krb5_context context, krb5_get_creds_opt opt, krb5_flags options) @@ -1208,7 +1208,7 @@ krb5_get_creds_opt_set_options(krb5_context context, opt->options = options; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_creds_opt_add_options(krb5_context context, krb5_get_creds_opt opt, krb5_flags options) @@ -1216,7 +1216,7 @@ krb5_get_creds_opt_add_options(krb5_context context, opt->options |= options; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_creds_opt_set_enctype(krb5_context context, krb5_get_creds_opt opt, krb5_enctype enctype) @@ -1224,7 +1224,7 @@ krb5_get_creds_opt_set_enctype(krb5_context context, opt->enctype = enctype; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_creds_opt_set_impersonate(krb5_context context, krb5_get_creds_opt opt, krb5_const_principal self) @@ -1234,7 +1234,7 @@ krb5_get_creds_opt_set_impersonate(krb5_context context, return krb5_copy_principal(context, self, &opt->self); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_creds_opt_set_ticket(krb5_context context, krb5_get_creds_opt opt, const Ticket *ticket) @@ -1267,7 +1267,7 @@ krb5_get_creds_opt_set_ticket(krb5_context context, -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_creds(krb5_context context, krb5_get_creds_opt opt, krb5_ccache ccache, @@ -1395,7 +1395,7 @@ krb5_get_creds(krb5_context context, * */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_renewed_creds(krb5_context context, krb5_creds *creds, krb5_const_principal client, diff --git a/lib/krb5/get_default_principal.c b/lib/krb5/get_default_principal.c index 82d064293..539dedfa4 100644 --- a/lib/krb5/get_default_principal.c +++ b/lib/krb5/get_default_principal.c @@ -48,6 +48,8 @@ get_env_user(void) return user; } +#ifndef _WIN32 + /* * Will only use operating-system dependant operation to get the * default principal, for use of functions that in ccache layer to @@ -93,7 +95,58 @@ _krb5_get_default_principal_local (krb5_context context, return ret; } -krb5_error_code KRB5_LIB_FUNCTION +#else /* _WIN32 */ + +#define SECURITY_WIN32 +#include + +krb5_error_code +_krb5_get_default_principal_local(krb5_context context, + krb5_principal *princ) +{ + krb5_error_code ret = 0; + + /* See if we can get the principal first. We only expect this to + work if logged into a domain. */ + { + char username[1024]; + ULONG sz = sizeof(username); + + if (GetUserNameEx(NameUserPrincipal, username, &sz)) { + return krb5_parse_name_flags(context, username, + KRB5_PRINCIPAL_PARSE_ENTERPRISE, + princ); + } + } + + /* Just get the Windows username. This should pretty much always + work. */ + { + char username[1024]; + DWORD dsz = sizeof(username); + + if (GetUserName(username, &dsz)) { + return krb5_make_principal(context, princ, NULL, username, NULL); + } + } + + /* Failing that, we look at the environment */ + { + const char * username = get_env_user(); + + if (username == NULL) { + krb5_set_error_string(context, + "unable to figure out current principal"); + return ENOTTY; /* Really? */ + } + + return krb5_make_principal(context, princ, NULL, username, NULL); + } +} + +#endif + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_default_principal (krb5_context context, krb5_principal *princ) { diff --git a/lib/krb5/get_default_realm.c b/lib/krb5/get_default_realm.c index f09df264c..2a4933a62 100644 --- a/lib/krb5/get_default_realm.c +++ b/lib/krb5/get_default_realm.c @@ -38,7 +38,7 @@ * Free this memory with krb5_free_host_realm. */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_default_realms (krb5_context context, krb5_realm **realms) { @@ -57,7 +57,7 @@ krb5_get_default_realms (krb5_context context, * Return the first default realm. For compatibility. */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_default_realm(krb5_context context, krb5_realm *realm) { diff --git a/lib/krb5/get_for_creds.c b/lib/krb5/get_for_creds.c index 8c58dae18..a109c7132 100644 --- a/lib/krb5/get_for_creds.c +++ b/lib/krb5/get_for_creds.c @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -#include +#include "krb5_locl.h" static krb5_error_code add_addrs(krb5_context context, @@ -100,7 +100,7 @@ fail: * @ingroup krb5_credential */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_fwd_tgt_creds (krb5_context context, krb5_auth_context auth_context, const char *hostname, @@ -183,7 +183,7 @@ krb5_fwd_tgt_creds (krb5_context context, * @ingroup krb5_credential */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_forwarded_creds (krb5_context context, krb5_auth_context auth_context, krb5_ccache ccache, diff --git a/lib/krb5/get_host_realm.c b/lib/krb5/get_host_realm.c index 7d7fef6e1..7aee02734 100644 --- a/lib/krb5/get_host_realm.c +++ b/lib/krb5/get_host_realm.c @@ -158,7 +158,7 @@ config_find_realm(krb5_context context, * fall back to guessing */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_get_host_realm_int (krb5_context context, const char *host, krb5_boolean use_dns, @@ -215,7 +215,7 @@ _krb5_get_host_realm_int (krb5_context context, * `realms'. Free `realms' with krb5_free_host_realm(). */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_host_realm(krb5_context context, const char *targethost, krb5_realm **realms) diff --git a/lib/krb5/get_in_tkt.c b/lib/krb5/get_in_tkt.c index 1ab3dc91b..15cbfba89 100644 --- a/lib/krb5/get_in_tkt.c +++ b/lib/krb5/get_in_tkt.c @@ -361,7 +361,8 @@ set_ptypes(krb5_context context, return(1); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_DEPRECATED +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_in_cred(krb5_context context, krb5_flags options, const krb5_addresses *addrs, @@ -374,7 +375,6 @@ krb5_get_in_cred(krb5_context context, krb5_const_pointer decryptarg, krb5_creds *creds, krb5_kdc_rep *ret_as_reply) - KRB5_DEPRECATED { krb5_error_code ret; AS_REQ a; @@ -526,7 +526,8 @@ out: return ret; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_DEPRECATED +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_in_tkt(krb5_context context, krb5_flags options, const krb5_addresses *addrs, @@ -539,7 +540,6 @@ krb5_get_in_tkt(krb5_context context, krb5_creds *creds, krb5_ccache ccache, krb5_kdc_rep *ret_as_reply) - KRB5_DEPRECATED { krb5_error_code ret; diff --git a/lib/krb5/get_port.c b/lib/krb5/get_port.c index 5d0361b81..93d9433cd 100644 --- a/lib/krb5/get_port.c +++ b/lib/krb5/get_port.c @@ -31,9 +31,9 @@ * SUCH DAMAGE. */ -#include +#include "krb5_locl.h" -int KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_getportbyname (krb5_context context, const char *service, const char *proto, diff --git a/lib/krb5/init_creds.c b/lib/krb5/init_creds.c index 743212d26..f555c724e 100644 --- a/lib/krb5/init_creds.c +++ b/lib/krb5/init_creds.c @@ -52,7 +52,7 @@ * @ingroup krb5_credential */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_opt_alloc(krb5_context context, krb5_get_init_creds_opt **opt) { @@ -84,7 +84,7 @@ krb5_get_init_creds_opt_alloc(krb5_context context, * @ingroup krb5_credential */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_free(krb5_context context, krb5_get_init_creds_opt *opt) { @@ -150,7 +150,7 @@ get_config_bool (krb5_context context, * [realms] or [libdefaults] for some of the values. */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_set_default_flags(krb5_context context, const char *appname, krb5_const_realm realm, @@ -201,7 +201,7 @@ krb5_get_init_creds_opt_set_default_flags(krb5_context context, } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_set_tkt_life(krb5_get_init_creds_opt *opt, krb5_deltat tkt_life) { @@ -209,7 +209,7 @@ krb5_get_init_creds_opt_set_tkt_life(krb5_get_init_creds_opt *opt, opt->tkt_life = tkt_life; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_set_renew_life(krb5_get_init_creds_opt *opt, krb5_deltat renew_life) { @@ -217,7 +217,7 @@ krb5_get_init_creds_opt_set_renew_life(krb5_get_init_creds_opt *opt, opt->renew_life = renew_life; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_set_forwardable(krb5_get_init_creds_opt *opt, int forwardable) { @@ -225,7 +225,7 @@ krb5_get_init_creds_opt_set_forwardable(krb5_get_init_creds_opt *opt, opt->forwardable = forwardable; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_set_proxiable(krb5_get_init_creds_opt *opt, int proxiable) { @@ -233,7 +233,7 @@ krb5_get_init_creds_opt_set_proxiable(krb5_get_init_creds_opt *opt, opt->proxiable = proxiable; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_set_etype_list(krb5_get_init_creds_opt *opt, krb5_enctype *etype_list, int etype_list_length) @@ -243,7 +243,7 @@ krb5_get_init_creds_opt_set_etype_list(krb5_get_init_creds_opt *opt, opt->etype_list_length = etype_list_length; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_set_address_list(krb5_get_init_creds_opt *opt, krb5_addresses *addresses) { @@ -251,7 +251,7 @@ krb5_get_init_creds_opt_set_address_list(krb5_get_init_creds_opt *opt, opt->address_list = addresses; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_set_preauth_list(krb5_get_init_creds_opt *opt, krb5_preauthtype *preauth_list, int preauth_list_length) @@ -261,7 +261,7 @@ krb5_get_init_creds_opt_set_preauth_list(krb5_get_init_creds_opt *opt, opt->preauth_list = preauth_list; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_set_salt(krb5_get_init_creds_opt *opt, krb5_data *salt) { @@ -269,7 +269,7 @@ krb5_get_init_creds_opt_set_salt(krb5_get_init_creds_opt *opt, opt->salt = salt; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_set_anonymous(krb5_get_init_creds_opt *opt, int anonymous) { @@ -290,7 +290,7 @@ require_ext_opt(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_opt_set_pa_password(krb5_context context, krb5_get_init_creds_opt *opt, const char *password, @@ -305,7 +305,7 @@ krb5_get_init_creds_opt_set_pa_password(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_opt_set_pac_request(krb5_context context, krb5_get_init_creds_opt *opt, krb5_boolean req_pac) @@ -320,7 +320,7 @@ krb5_get_init_creds_opt_set_pac_request(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_opt_set_addressless(krb5_context context, krb5_get_init_creds_opt *opt, krb5_boolean addressless) @@ -336,7 +336,7 @@ krb5_get_init_creds_opt_set_addressless(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_opt_set_canonicalize(krb5_context context, krb5_get_init_creds_opt *opt, krb5_boolean req) @@ -352,7 +352,7 @@ krb5_get_init_creds_opt_set_canonicalize(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_opt_set_win2k(krb5_context context, krb5_get_init_creds_opt *opt, krb5_boolean req) @@ -372,7 +372,7 @@ krb5_get_init_creds_opt_set_win2k(krb5_context context, } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_opt_set_process_last_req(krb5_context context, krb5_get_init_creds_opt *opt, krb5_gic_process_last_req func, @@ -402,9 +402,9 @@ krb5_get_init_creds_opt_set_process_last_req(krb5_context context, * @ingroup krb5_deprecated */ -void KRB5_LIB_FUNCTION +KRB5_DEPRECATED +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_init(krb5_get_init_creds_opt *opt) - KRB5_DEPRECATED { memset (opt, 0, sizeof(*opt)); } @@ -416,11 +416,11 @@ krb5_get_init_creds_opt_init(krb5_get_init_creds_opt *opt) * @ingroup krb5_deprecated */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_DEPRECATED +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_opt_get_error(krb5_context context, krb5_get_init_creds_opt *opt, KRB_ERROR **error) - KRB5_DEPRECATED { *error = calloc(1, sizeof(**error)); if (*error == NULL) { diff --git a/lib/krb5/init_creds_pw.c b/lib/krb5/init_creds_pw.c index eb3373494..906f926eb 100644 --- a/lib/krb5/init_creds_pw.c +++ b/lib/krb5/init_creds_pw.c @@ -586,7 +586,7 @@ out: } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_keyblock_key_proc (krb5_context context, krb5_keytype type, krb5_data *salt, @@ -1332,7 +1332,7 @@ process_pa_data_to_key(krb5_context context, * @ingroup krb5_credential */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_init(krb5_context context, krb5_principal client, krb5_prompter_fct prompter, @@ -1386,7 +1386,7 @@ krb5_init_creds_init(krb5_context context, * @ingroup krb5_credential */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_set_service(krb5_context context, krb5_init_creds_context ctx, const char *service) @@ -1426,7 +1426,7 @@ krb5_init_creds_set_service(krb5_context context, * @ingroup krb5_credential */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_set_password(krb5_context context, krb5_init_creds_context ctx, const char *password) @@ -1492,7 +1492,7 @@ keytab_key_proc(krb5_context context, krb5_enctype enctype, * @ingroup krb5_credential */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_set_keytab(krb5_context context, krb5_init_creds_context ctx, krb5_keytab keytab) @@ -1584,7 +1584,7 @@ keyblock_key_proc(krb5_context context, krb5_enctype enctype, return krb5_copy_keyblock (context, keyseed, key); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_set_keyblock(krb5_context context, krb5_init_creds_context ctx, krb5_keyblock *keyblock) @@ -1615,7 +1615,7 @@ krb5_init_creds_set_keyblock(krb5_context context, * @ingroup krb5_credential */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_step(krb5_context context, krb5_init_creds_context ctx, krb5_data *in, @@ -1828,7 +1828,7 @@ krb5_init_creds_step(krb5_context context, * @return 0 for sucess or An Kerberos error code, see krb5_get_error_message(). */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_get_creds(krb5_context context, krb5_init_creds_context ctx, krb5_creds *cred) @@ -1844,7 +1844,7 @@ krb5_init_creds_get_creds(krb5_context context, * @ingroup krb5_credential */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_get_error(krb5_context context, krb5_init_creds_context ctx, KRB_ERROR *error) @@ -1867,7 +1867,7 @@ krb5_init_creds_get_error(krb5_context context, * @ingroup krb5_credential */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_init_creds_free(krb5_context context, krb5_init_creds_context ctx) { @@ -1884,7 +1884,7 @@ krb5_init_creds_free(krb5_context context, * @ingroup krb5_credential */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_get(krb5_context context, krb5_init_creds_context ctx) { krb5_sendto_ctx stctx = NULL; @@ -1932,7 +1932,7 @@ krb5_init_creds_get(krb5_context context, krb5_init_creds_context ctx) */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_password(krb5_context context, krb5_creds *creds, krb5_principal client, @@ -2038,7 +2038,7 @@ krb5_get_init_creds_password(krb5_context context, * @ingroup krb5_credential */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_keyblock(krb5_context context, krb5_creds *creds, krb5_principal client, @@ -2085,7 +2085,7 @@ krb5_get_init_creds_keyblock(krb5_context context, * @ingroup krb5_credential */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_keytab(krb5_context context, krb5_creds *creds, krb5_principal client, diff --git a/lib/krb5/keyblock.c b/lib/krb5/keyblock.c index 046caee6d..2d57e301d 100644 --- a/lib/krb5/keyblock.c +++ b/lib/krb5/keyblock.c @@ -41,7 +41,7 @@ * @ingroup krb5_crypto */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_keyblock_zero(krb5_keyblock *keyblock) { keyblock->keytype = 0; @@ -57,7 +57,7 @@ krb5_keyblock_zero(krb5_keyblock *keyblock) * @ingroup krb5_crypto */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_keyblock_contents(krb5_context context, krb5_keyblock *keyblock) { @@ -79,7 +79,7 @@ krb5_free_keyblock_contents(krb5_context context, * @ingroup krb5_crypto */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_keyblock(krb5_context context, krb5_keyblock *keyblock) { @@ -102,7 +102,7 @@ krb5_free_keyblock(krb5_context context, * @ingroup krb5_crypto */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_keyblock_contents (krb5_context context, const krb5_keyblock *inblock, krb5_keyblock *to) @@ -124,7 +124,7 @@ krb5_copy_keyblock_contents (krb5_context context, */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_keyblock (krb5_context context, const krb5_keyblock *inblock, krb5_keyblock **to) @@ -170,7 +170,7 @@ krb5_keyblock_get_enctype(const krb5_keyblock *block) * @ingroup krb5_crypto */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_keyblock_init(krb5_context context, krb5_enctype type, const void *data, diff --git a/lib/krb5/keytab.c b/lib/krb5/keytab.c index fcc74e847..79b079a05 100644 --- a/lib/krb5/keytab.c +++ b/lib/krb5/keytab.c @@ -143,7 +143,7 @@ main (int argc, char **argv) * @ingroup krb5_keytab */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_register(krb5_context context, const krb5_kt_ops *ops) { @@ -183,7 +183,7 @@ krb5_kt_register(krb5_context context, */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_resolve(krb5_context context, const char *name, krb5_keytab *id) @@ -244,7 +244,7 @@ krb5_kt_resolve(krb5_context context, * @ingroup krb5_keytab */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_default_name(krb5_context context, char *name, size_t namesize) { if (strlcpy (name, context->default_keytab, namesize) >= namesize) { @@ -266,7 +266,7 @@ krb5_kt_default_name(krb5_context context, char *name, size_t namesize) * @ingroup krb5_keytab */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_default_modify_name(krb5_context context, char *name, size_t namesize) { const char *kt = NULL; @@ -303,7 +303,7 @@ krb5_kt_default_modify_name(krb5_context context, char *name, size_t namesize) * @ingroup krb5_keytab */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_default(krb5_context context, krb5_keytab *id) { return krb5_kt_resolve (context, context->default_keytab, id); @@ -325,7 +325,7 @@ krb5_kt_default(krb5_context context, krb5_keytab *id) * @ingroup krb5_keytab */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_read_service_key(krb5_context context, krb5_pointer keyprocarg, krb5_principal principal, @@ -368,7 +368,7 @@ krb5_kt_read_service_key(krb5_context context, * @ingroup krb5_keytab */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_get_type(krb5_context context, krb5_keytab keytab, char *prefix, @@ -391,7 +391,7 @@ krb5_kt_get_type(krb5_context context, * @ingroup krb5_keytab */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_get_name(krb5_context context, krb5_keytab keytab, char *name, @@ -414,7 +414,7 @@ krb5_kt_get_name(krb5_context context, * @ingroup krb5_keytab */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_get_full_name(krb5_context context, krb5_keytab keytab, char **str) @@ -454,7 +454,7 @@ krb5_kt_get_full_name(krb5_context context, * @ingroup krb5_keytab */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_close(krb5_context context, krb5_keytab id) { @@ -478,7 +478,7 @@ krb5_kt_close(krb5_context context, * @ingroup krb5_keytab */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_destroy(krb5_context context, krb5_keytab id) { @@ -523,7 +523,7 @@ compare_aliseses(krb5_context context, * @ingroup krb5_keytab */ -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_kt_compare(krb5_context context, krb5_keytab_entry *entry, krb5_const_principal principal, @@ -590,7 +590,7 @@ _krb5_kt_principal_not_found(krb5_context context, * @ingroup krb5_keytab */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_get_entry(krb5_context context, krb5_keytab id, krb5_const_principal principal, @@ -651,7 +651,7 @@ krb5_kt_get_entry(krb5_context context, * @ingroup krb5_keytab */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_copy_entry_contents(krb5_context context, const krb5_keytab_entry *in, krb5_keytab_entry *out) @@ -687,7 +687,7 @@ fail: * @ingroup krb5_keytab */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_free_entry(krb5_context context, krb5_keytab_entry *entry) { @@ -709,7 +709,7 @@ krb5_kt_free_entry(krb5_context context, * @ingroup krb5_keytab */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_start_seq_get(krb5_context context, krb5_keytab id, krb5_kt_cursor *cursor) @@ -738,7 +738,7 @@ krb5_kt_start_seq_get(krb5_context context, * @ingroup krb5_keytab */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_next_entry(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry, @@ -766,7 +766,7 @@ krb5_kt_next_entry(krb5_context context, * @ingroup krb5_keytab */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_end_seq_get(krb5_context context, krb5_keytab id, krb5_kt_cursor *cursor) @@ -792,7 +792,7 @@ krb5_kt_end_seq_get(krb5_context context, * @ingroup krb5_keytab */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_add_entry(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry) @@ -820,7 +820,7 @@ krb5_kt_add_entry(krb5_context context, * @ingroup krb5_keytab */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_remove_entry(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry) diff --git a/lib/krb5/krb5-v4compat.h b/lib/krb5/krb5-v4compat.h index dde5fa9ca..324c8c1d3 100644 --- a/lib/krb5/krb5-v4compat.h +++ b/lib/krb5/krb5-v4compat.h @@ -105,8 +105,12 @@ struct credentials { #define CLOCK_SKEW 5*60 #ifndef TKT_ROOT +#ifdef KRB5_USE_PATH_TOKENS +#define TKT_ROOT "%{TEMP}/tkt" +#else #define TKT_ROOT "/tmp/tkt" #endif +#endif struct _krb5_krb_auth_data { int8_t k_flags; /* Flags from ticket */ @@ -120,11 +124,18 @@ struct _krb5_krb_auth_data { uint32_t address; /* Address in ticket */ }; -time_t _krb5_krb_life_to_time (int, int); -int _krb5_krb_time_to_life (time_t, time_t); -krb5_error_code _krb5_krb_tf_setup (krb5_context, struct credentials *, - const char *, int); -krb5_error_code _krb5_krb_dest_tkt(krb5_context, const char *); +KRB5_LIB_FUNCTION time_t KRB5_LIB_CALL +_krb5_krb_life_to_time (int, int); + +KRB5_LIB_FUNCTION int KRB5_LIB_CALL +_krb5_krb_time_to_life (time_t, time_t); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_krb_tf_setup (krb5_context, struct credentials *, + const char *, int); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_krb_dest_tkt(krb5_context, const char *); #define krb_time_to_life _krb5_krb_time_to_life #define krb_life_to_time _krb5_krb_life_to_time diff --git a/lib/krb5/krb5.h b/lib/krb5/krb5.h index 8fda34051..c810b8bc7 100644 --- a/lib/krb5/krb5.h +++ b/lib/krb5/krb5.h @@ -303,7 +303,15 @@ typedef AP_REQ krb5_ap_req; struct krb5_cc_ops; +#ifdef _WIN32 +#define KRB5_USE_PATH_TOKENS 1 +#endif + +#ifdef KRB5_USE_PATH_TOKENS +#define KRB5_DEFAULT_CCFILE_ROOT "%{TEMP}/krb5cc_" +#else #define KRB5_DEFAULT_CCFILE_ROOT "/tmp/krb5cc_" +#endif #define KRB5_DEFAULT_CCROOT "FILE:" KRB5_DEFAULT_CCFILE_ROOT diff --git a/lib/krb5/krb5_locl.h b/lib/krb5/krb5_locl.h index 147d795ab..6acaa2c66 100644 --- a/lib/krb5/krb5_locl.h +++ b/lib/krb5/krb5_locl.h @@ -47,6 +47,8 @@ #include #include +#include + #ifdef HAVE_SYS_TYPES_H #include #endif @@ -185,6 +187,7 @@ struct _krb5_krb_auth_data; #define KEYTAB_DEFAULT "FILE:" SYSCONFDIR "/krb5.keytab" #define KEYTAB_DEFAULT_MODIFY "FILE:" SYSCONFDIR "/krb5.keytab" + #define MODULI_FILE SYSCONFDIR "/krb5.moduli" #ifndef O_BINARY @@ -270,13 +273,18 @@ typedef struct krb5_context_data { #define KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME 1 #define KRB5_CTX_F_CHECK_PAC 2 #define KRB5_CTX_F_HOMEDIR_ACCESS 4 +#define KRB5_CTX_F_SOCKETS_INITIALIZED 8 struct send_to_kdc *send_to_kdc; #ifdef PKINIT hx509_context hx509ctx; #endif } krb5_context_data; +#ifndef KRB5_USE_PATH_TOKENS #define KRB5_DEFAULT_CCNAME_FILE "FILE:/tmp/krb5cc_%{uid}" +#else +#define KRB5_DEFAULT_CCNAME_FILE "FILE:%{TEMP}/krb5cc_%{uid}" +#endif #define KRB5_DEFAULT_CCNAME_API "API:" #define KRB5_DEFAULT_CCNAME_KCM_KCM "KCM:%{uid}" #define KRB5_DEFAULT_CCNAME_KCM_API "API:%{uid}" diff --git a/lib/krb5/krbhst.c b/lib/krb5/krbhst.c index 4e4b4562e..3bb00d287 100644 --- a/lib/krb5/krbhst.c +++ b/lib/krb5/krbhst.c @@ -320,7 +320,7 @@ append_host_string(krb5_context context, struct krb5_krbhst_data *kd, * return a readable representation of `host' in `hostname, hostlen' */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_krbhst_format_string(krb5_context context, const krb5_krbhst_info *host, char *hostname, size_t hostlen) { @@ -361,7 +361,7 @@ make_hints(struct addrinfo *hints, int proto) * in `host'. free:ing is handled by krb5_krbhst_free. */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_krbhst_get_addrinfo(krb5_context context, krb5_krbhst_info *host, struct addrinfo **ai) { @@ -857,7 +857,7 @@ common_init(krb5_context context, * initialize `handle' to look for hosts of type `type' in realm `realm' */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_krbhst_init(krb5_context context, const char *realm, unsigned int type, @@ -866,7 +866,7 @@ krb5_krbhst_init(krb5_context context, return krb5_krbhst_init_flags(context, realm, type, 0, handle); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_krbhst_init_flags(krb5_context context, const char *realm, unsigned int type, @@ -919,7 +919,7 @@ krb5_krbhst_init_flags(krb5_context context, * return the next host information from `handle' in `host' */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_krbhst_next(krb5_context context, krb5_krbhst_handle handle, krb5_krbhst_info **host) @@ -935,7 +935,7 @@ krb5_krbhst_next(krb5_context context, * in `hostname' (or length `hostlen) */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_krbhst_next_as_string(krb5_context context, krb5_krbhst_handle handle, char *hostname, @@ -950,13 +950,13 @@ krb5_krbhst_next_as_string(krb5_context context, } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_krbhst_reset(krb5_context context, krb5_krbhst_handle handle) { handle->index = &handle->hosts; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_krbhst_free(krb5_context context, krb5_krbhst_handle handle) { krb5_krbhst_info *h, *next; @@ -1021,7 +1021,7 @@ gethostlist(krb5_context context, const char *realm, * return an malloced list of kadmin-hosts for `realm' in `hostlist' */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_krb_admin_hst (krb5_context context, const krb5_realm *realm, char ***hostlist) @@ -1033,7 +1033,7 @@ krb5_get_krb_admin_hst (krb5_context context, * return an malloced list of changepw-hosts for `realm' in `hostlist' */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_krb_changepw_hst (krb5_context context, const krb5_realm *realm, char ***hostlist) @@ -1045,7 +1045,7 @@ krb5_get_krb_changepw_hst (krb5_context context, * return an malloced list of 524-hosts for `realm' in `hostlist' */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_krb524hst (krb5_context context, const krb5_realm *realm, char ***hostlist) @@ -1058,7 +1058,7 @@ krb5_get_krb524hst (krb5_context context, * return an malloced list of KDC's for `realm' in `hostlist' */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_krbhst (krb5_context context, const krb5_realm *realm, char ***hostlist) @@ -1070,7 +1070,7 @@ krb5_get_krbhst (krb5_context context, * free all the memory allocated in `hostlist' */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_krbhst (krb5_context context, char **hostlist) { diff --git a/lib/krb5/kuserok.c b/lib/krb5/kuserok.c index ccfe28130..ccedfcd71 100644 --- a/lib/krb5/kuserok.c +++ b/lib/krb5/kuserok.c @@ -65,6 +65,7 @@ check_one_file(krb5_context context, fclose (f); return EISDIR; } +#ifndef _WIN32 if (st.st_uid != pwd->pw_uid && st.st_uid != 0) { fclose (f); return EACCES; @@ -73,6 +74,7 @@ check_one_file(krb5_context context, fclose (f); return EACCES; } +#endif while (fgets (buf, sizeof(buf), f) != NULL) { krb5_principal tmp; @@ -124,10 +126,12 @@ check_directory(krb5_context context, if (!S_ISDIR(st.st_mode)) return ENOTDIR; +#ifndef _WIN32 if (st.st_uid != pwd->pw_uid && st.st_uid != 0) return EACCES; if ((st.st_mode & (S_IWGRP | S_IWOTH)) != 0) return EACCES; +#endif if((d = opendir(dirname)) == NULL) return errno; @@ -217,6 +221,9 @@ match_local_principals(krb5_context context, * ignored. Subdirectories are not traversed. Note that this directory * may not be checked by other Kerberos implementations. * + * If no configuration file exists, match user against local domains, + * ie luser@LOCAL-REALMS-IN-CONFIGURATION-FILES. + * * @param context Kerberos 5 context. * @param principal principal to check if allowed to login * @param luser local user id @@ -226,14 +233,15 @@ match_local_principals(krb5_context context, * @ingroup krb5_support */ -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_kuserok (krb5_context context, krb5_principal principal, const char *luser) { +#ifndef _WIN32 char *buf; size_t buflen; - struct passwd *pwd; + struct passwd *pwd = NULL; krb5_error_code ret; krb5_boolean result = FALSE; @@ -284,4 +292,10 @@ krb5_kuserok (krb5_context context, return match_local_principals(context, principal, luser); return FALSE; +#else + /* The .k5login file may be on a remote profile and we don't have + access to the profile until we have a token handle for the + user's credentials. */ + return match_local_principals(context, principal, luser); +#endif } diff --git a/lib/krb5/libkrb5-exports.def.in b/lib/krb5/libkrb5-exports.def.in new file mode 100644 index 000000000..d6056e2db --- /dev/null +++ b/lib/krb5/libkrb5-exports.def.in @@ -0,0 +1,758 @@ +EXPORTS + krb524_convert_creds_kdc + krb524_convert_creds_kdc_ccache +#ifdef KRB4 + krb5_425_conv_principal + krb5_425_conv_principal_ext2 + krb5_425_conv_principal_ext + krb5_524_conv_principal +#endif + krb5_abort + krb5_abortx + krb5_acl_match_file + krb5_acl_match_string + krb5_add_et_list + krb5_add_extra_addresses + krb5_add_ignore_addresses + krb5_addlog_dest + krb5_addlog_func + krb5_addr2sockaddr + krb5_address_compare + krb5_address_order + krb5_address_prefixlen_boundary + krb5_address_search + krb5_aname_to_localname + krb5_anyaddr + krb5_appdefault_boolean + krb5_appdefault_string + krb5_appdefault_time + krb5_append_addresses + krb5_auth_con_addflags + krb5_auth_con_free + krb5_auth_con_genaddrs + krb5_auth_con_generatelocalsubkey + krb5_auth_con_getaddrs + krb5_auth_con_getauthenticator + krb5_auth_con_getcksumtype + krb5_auth_con_getflags + krb5_auth_con_getkey + krb5_auth_con_getkeytype + krb5_auth_con_getlocalseqnumber + krb5_auth_con_getlocalsubkey + krb5_auth_con_getrcache + krb5_auth_con_getremotesubkey + krb5_auth_con_init + krb5_auth_con_removeflags + krb5_auth_con_setaddrs + krb5_auth_con_setaddrs_from_fd + krb5_auth_con_setcksumtype + krb5_auth_con_setflags + krb5_auth_con_setkey + krb5_auth_con_setkeytype + krb5_auth_con_setlocalseqnumber + krb5_auth_con_setlocalsubkey + krb5_auth_con_setrcache + krb5_auth_con_setremoteseqnumber + krb5_auth_con_setremotesubkey + krb5_auth_con_setuserkey + krb5_auth_getremoteseqnumber + krb5_build_ap_req + krb5_build_authenticator + krb5_build_principal + krb5_build_principal_ext + krb5_build_principal_va + krb5_build_principal_va_ext + krb5_c_block_size + krb5_c_checksum_length + krb5_c_decrypt + krb5_c_encrypt + krb5_c_encrypt_length + krb5_c_enctype_compare + krb5_c_get_checksum + krb5_c_is_coll_proof_cksum + krb5_c_is_keyed_cksum + krb5_c_keylengths + krb5_c_make_checksum + krb5_c_make_random_key + krb5_c_prf + krb5_c_prf_length + krb5_c_set_checksum + krb5_c_valid_cksumtype + krb5_c_valid_enctype + krb5_c_verify_checksum + krb5_cc_cache_end_seq_get + krb5_cc_cache_get_first + krb5_cc_cache_match + krb5_cc_cache_next + krb5_cc_clear_mcred + krb5_cc_close + krb5_cc_copy_cache + krb5_cc_copy_match_f + krb5_cc_default + krb5_cc_default_name + krb5_cc_destroy + krb5_cc_end_seq_get + krb5_cc_gen_new + krb5_cc_get_config + krb5_cc_get_friendly_name + krb5_cc_get_full_name + krb5_cc_get_lifetime + krb5_cc_get_name + krb5_cc_get_ops + krb5_cc_get_prefix_ops + krb5_cc_get_principal + krb5_cc_get_type + krb5_cc_get_version + krb5_cc_initialize + krb5_cc_move + krb5_cc_new_unique + krb5_cc_next_cred +; krb5_cc_next_cred_match + krb5_cc_register + krb5_cc_remove_cred + krb5_cc_resolve + krb5_cc_retrieve_cred + krb5_cc_set_config + krb5_cc_set_default_name + krb5_cc_set_flags + krb5_cc_start_seq_get + krb5_cc_store_cred + krb5_cc_switch + krb5_cc_set_friendly_name + krb5_change_password + krb5_check_transited + krb5_check_transited_realms + krb5_checksum_disable + krb5_checksum_free + krb5_checksum_is_collision_proof + krb5_checksum_is_keyed + krb5_checksumsize + krb5_cksumtype_to_enctype + krb5_cksumtype_valid + krb5_clear_error_string + krb5_clear_error_message + krb5_closelog + krb5_compare_creds + krb5_config_file_free + krb5_config_free_strings + krb5_config_get + krb5_config_get_bool + krb5_config_get_bool_default + krb5_config_get_int + krb5_config_get_int_default + krb5_config_get_list + krb5_config_get_next + krb5_config_get_string + krb5_config_get_string_default + krb5_config_get_strings + krb5_config_get_time + krb5_config_get_time_default + krb5_config_parse_file + krb5_config_parse_file_multi + krb5_config_parse_string_multi + krb5_config_vget + krb5_config_vget_bool + krb5_config_vget_bool_default + krb5_config_vget_int + krb5_config_vget_int_default + krb5_config_vget_list + krb5_config_vget_next + krb5_config_vget_string + krb5_config_vget_string_default + krb5_config_vget_strings + krb5_config_vget_time + krb5_config_vget_time_default + krb5_copy_address + krb5_copy_addresses + krb5_copy_checksum + krb5_copy_creds + krb5_copy_creds_contents + krb5_copy_data + krb5_copy_host_realm + krb5_copy_keyblock + krb5_copy_keyblock_contents + krb5_copy_principal + krb5_copy_ticket + krb5_create_checksum + krb5_create_checksum_iov + krb5_crypto_destroy + krb5_crypto_get_checksum_type + krb5_crypto_getblocksize + krb5_crypto_getconfoundersize + krb5_crypto_getenctype + krb5_crypto_getpadsize + krb5_crypto_init + krb5_crypto_overhead + krb5_crypto_prf + krb5_crypto_prf_length + krb5_crypto_length + krb5_crypto_length_iov + krb5_decrypt_iov_ivec + krb5_encrypt_iov_ivec + krb5_data_alloc + krb5_data_cmp + krb5_data_copy + krb5_data_free + krb5_data_realloc + krb5_data_zero + krb5_decode_Authenticator + krb5_decode_ETYPE_INFO2 + krb5_decode_ETYPE_INFO + krb5_decode_EncAPRepPart + krb5_decode_EncASRepPart + krb5_decode_EncKrbCredPart + krb5_decode_EncTGSRepPart + krb5_decode_EncTicketPart + krb5_decode_ap_req + krb5_decrypt + krb5_decrypt_EncryptedData + krb5_decrypt_ivec + krb5_decrypt_ticket + krb5_derive_key + krb5_digest_alloc + krb5_digest_free + krb5_digest_get_client_binding + krb5_digest_get_identifier + krb5_digest_get_opaque + krb5_digest_get_rsp + krb5_digest_get_server_nonce + krb5_digest_get_session_key + krb5_digest_get_tickets + krb5_digest_init_request + krb5_digest_probe + krb5_digest_rep_get_status + krb5_digest_request + krb5_digest_set_authentication_user + krb5_digest_set_authid + krb5_digest_set_client_nonce + krb5_digest_set_digest + krb5_digest_set_hostname + krb5_digest_set_identifier + krb5_digest_set_method + krb5_digest_set_nonceCount + krb5_digest_set_opaque + krb5_digest_set_qop + krb5_digest_set_realm + krb5_digest_set_responseData + krb5_digest_set_server_cb + krb5_digest_set_server_nonce + krb5_digest_set_type + krb5_digest_set_uri + krb5_digest_set_username + krb5_domain_x500_decode + krb5_domain_x500_encode + krb5_eai_to_heim_errno + krb5_encode_Authenticator + krb5_encode_ETYPE_INFO2 + krb5_encode_ETYPE_INFO + krb5_encode_EncAPRepPart + krb5_encode_EncASRepPart + krb5_encode_EncKrbCredPart + krb5_encode_EncTGSRepPart + krb5_encode_EncTicketPart + krb5_encrypt + krb5_encrypt_EncryptedData + krb5_encrypt_ivec + krb5_enctype_enable + krb5_enctype_disable + krb5_enctype_keybits + krb5_enctype_keysize + krb5_enctype_to_keytype + krb5_enctype_to_string + krb5_enctype_valid + krb5_enctypes_compatible_keys + krb5_err + krb5_error_from_rd_error + krb5_errx + krb5_expand_hostname + krb5_expand_hostname_realms + krb5_find_padata + krb5_format_time + krb5_free_address + krb5_free_addresses + krb5_free_ap_rep_enc_part + krb5_free_authenticator + krb5_free_checksum + krb5_free_checksum_contents + krb5_free_config_files + krb5_free_context + krb5_free_cred_contents + krb5_free_creds + krb5_free_creds_contents + krb5_free_data + krb5_free_data_contents + krb5_free_error + krb5_free_error_contents + krb5_free_error_string + krb5_free_error_message + krb5_free_host_realm + krb5_free_kdc_rep + krb5_free_keyblock + krb5_free_keyblock_contents + krb5_free_krbhst + krb5_free_principal + krb5_free_salt + krb5_free_ticket + krb5_fwd_tgt_creds + krb5_generate_random_block + krb5_generate_random_keyblock + krb5_generate_seq_number + krb5_generate_subkey + krb5_generate_subkey_extended + krb5_get_all_client_addrs + krb5_get_all_server_addrs + krb5_get_cred_from_kdc + krb5_get_cred_from_kdc_opt + krb5_get_credentials + krb5_get_credentials_with_flags + krb5_get_creds + krb5_get_creds_opt_add_options + krb5_get_creds_opt_alloc + krb5_get_creds_opt_free + krb5_get_creds_opt_set_enctype + krb5_get_creds_opt_set_impersonate + krb5_get_creds_opt_set_options + krb5_get_creds_opt_set_ticket + krb5_get_default_config_files + krb5_get_default_in_tkt_etypes + krb5_get_default_principal + krb5_get_default_realm + krb5_get_default_realms + krb5_get_dns_canonicalize_hostname + krb5_get_err_text + krb5_get_error_message + krb5_get_error_string + krb5_get_extra_addresses + krb5_get_fcache_version + krb5_get_forwarded_creds + krb5_get_host_realm + krb5_get_ignore_addresses + krb5_get_in_cred + krb5_get_in_tkt + krb5_get_in_tkt_with_keytab + krb5_get_in_tkt_with_password + krb5_get_in_tkt_with_skey +; krb5_get_init_creds + krb5_get_init_creds_keyblock + krb5_get_init_creds_keytab + krb5_get_init_creds_opt_alloc + krb5_get_init_creds_opt_free + krb5_get_init_creds_opt_get_error + krb5_get_init_creds_opt_init + krb5_get_init_creds_opt_set_address_list + krb5_get_init_creds_opt_set_addressless + krb5_get_init_creds_opt_set_anonymous + krb5_get_init_creds_opt_set_canonicalize + krb5_get_init_creds_opt_set_default_flags + krb5_get_init_creds_opt_set_etype_list + krb5_get_init_creds_opt_set_forwardable + krb5_get_init_creds_opt_set_pa_password + krb5_get_init_creds_opt_set_pac_request + krb5_get_init_creds_opt_set_pkinit + krb5_get_init_creds_opt_set_preauth_list + krb5_get_init_creds_opt_set_process_last_req + krb5_get_init_creds_opt_set_proxiable + krb5_get_init_creds_opt_set_renew_life + krb5_get_init_creds_opt_set_salt + krb5_get_init_creds_opt_set_tkt_life + krb5_get_init_creds_opt_set_win2k + krb5_get_init_creds_password + krb5_get_kdc_cred + krb5_get_kdc_sec_offset + krb5_get_krb524hst + krb5_get_krb_admin_hst + krb5_get_krb_changepw_hst + krb5_get_krbhst + krb5_get_max_time_skew + krb5_get_pw_salt + krb5_get_renewed_creds + krb5_get_server_rcache + krb5_get_use_admin_kdc + krb5_get_warn_dest + krb5_get_wrapped_length + krb5_getportbyname + krb5_h_addr2addr + krb5_h_addr2sockaddr + krb5_h_errno_to_heim_errno + krb5_have_error_string + krb5_hmac + krb5_init_context + krb5_init_ets + krb5_init_etype + krb5_initlog + krb5_is_thread_safe + krb5_is_config_principal + krb5_kerberos_enctypes + krb5_keyblock_get_enctype + krb5_keyblock_init + krb5_keyblock_key_proc + krb5_keyblock_zero + krb5_keytab_key_proc + krb5_keytype_to_enctypes + krb5_keytype_to_enctypes_default + krb5_keytype_to_string + krb5_krbhst_format_string + krb5_krbhst_free + krb5_krbhst_get_addrinfo + krb5_krbhst_init + krb5_krbhst_init_flags + krb5_krbhst_next + krb5_krbhst_next_as_string + krb5_krbhst_reset + krb5_kt_add_entry + krb5_kt_close + krb5_kt_compare + krb5_kt_copy_entry_contents + krb5_kt_destroy + krb5_kt_default + krb5_kt_default_modify_name + krb5_kt_default_name + krb5_kt_end_seq_get + krb5_kt_free_entry + krb5_kt_get_entry + krb5_kt_get_full_name + krb5_kt_get_name + krb5_kt_get_type + krb5_kt_next_entry + krb5_kt_read_service_key + krb5_kt_register + krb5_kt_remove_entry + krb5_kt_resolve + krb5_kt_start_seq_get + krb5_kuserok + krb5_log + krb5_log_msg + krb5_make_addrport + krb5_make_principal + krb5_max_sockaddr_size + krb5_mk_error + krb5_mk_priv + krb5_mk_rep + krb5_mk_req + krb5_mk_req_exact + krb5_mk_req_extended + krb5_mk_safe + krb5_net_read + krb5_net_write + krb5_net_write_block + krb5_ntlm_alloc + krb5_ntlm_free + krb5_ntlm_init_get_challange + krb5_ntlm_init_get_flags + krb5_ntlm_init_get_opaque + krb5_ntlm_init_get_targetinfo + krb5_ntlm_init_get_targetname + krb5_ntlm_init_request + krb5_ntlm_rep_get_sessionkey + krb5_ntlm_rep_get_status + krb5_ntlm_req_set_flags + krb5_ntlm_req_set_lm + krb5_ntlm_req_set_ntlm + krb5_ntlm_req_set_opaque + krb5_ntlm_req_set_session + krb5_ntlm_req_set_targetname + krb5_ntlm_req_set_username + krb5_ntlm_request + krb5_openlog + krb5_pac_add_buffer + krb5_pac_free + krb5_pac_get_buffer + krb5_pac_get_types + krb5_pac_init + krb5_pac_parse + krb5_pac_verify + krb5_padata_add + krb5_parse_address + krb5_parse_name + krb5_parse_name_flags + krb5_parse_nametype + krb5_passwd_result_to_string + krb5_password_key_proc + krb5_plugin_register + krb5_prepend_config_files + krb5_prepend_config_files_default + krb5_princ_realm + krb5_princ_set_realm + krb5_principal_compare + krb5_principal_compare_any_realm + krb5_principal_get_comp_string + krb5_principal_get_realm + krb5_principal_get_type + krb5_principal_match + krb5_principal_set_realm + krb5_principal_set_type + krb5_print_address + krb5_program_setup + krb5_prompter_posix + krb5_random_to_key + krb5_rc_close + krb5_rc_default + krb5_rc_default_name + krb5_rc_default_type + krb5_rc_destroy + krb5_rc_expunge + krb5_rc_get_lifespan + krb5_rc_get_name + krb5_rc_get_type + krb5_rc_initialize + krb5_rc_recover + krb5_rc_resolve + krb5_rc_resolve_full + krb5_rc_resolve_type + krb5_rc_store + krb5_rd_cred2 + krb5_rd_cred + krb5_rd_error + krb5_rd_priv + krb5_rd_rep + krb5_rd_req + krb5_rd_req_ctx + krb5_rd_req_in_ctx_alloc + krb5_rd_req_in_ctx_free + krb5_rd_req_in_set_keyblock + krb5_rd_req_in_set_keytab + krb5_rd_req_in_set_pac_check + krb5_rd_req_out_ctx_free + krb5_rd_req_out_get_ap_req_options + krb5_rd_req_out_get_keyblock + krb5_rd_req_out_get_ticket + krb5_rd_req_with_keyblock + krb5_rd_safe + krb5_read_message + krb5_read_priv_message + krb5_read_safe_message + krb5_realm_compare + krb5_recvauth + krb5_recvauth_match_version + krb5_ret_address + krb5_ret_addrs + krb5_ret_authdata + krb5_ret_creds + krb5_ret_creds_tag + krb5_ret_data + krb5_ret_int16 + krb5_ret_int32 + krb5_ret_int8 + krb5_ret_keyblock + krb5_ret_principal + krb5_ret_string + krb5_ret_stringnl + krb5_ret_stringz + krb5_ret_times + krb5_ret_uint16 + krb5_ret_uint32 + krb5_ret_uint8 + krb5_salttype_to_string + krb5_sendauth + krb5_sendto + krb5_sendto_context + krb5_sendto_ctx_add_flags + krb5_sendto_ctx_alloc + krb5_sendto_ctx_free + krb5_sendto_ctx_get_flags + krb5_sendto_ctx_set_func + krb5_sendto_ctx_set_type + krb5_sendto_kdc + krb5_sendto_kdc_flags + krb5_set_home_dir_access + krb5_set_config_files + krb5_set_default_in_tkt_etypes + krb5_set_default_realm + krb5_set_dns_canonicalize_hostname + krb5_set_error_string + krb5_set_error_message + krb5_set_extra_addresses + krb5_set_fcache_version + krb5_set_ignore_addresses + krb5_set_kdc_sec_offset + krb5_set_max_time_skew + krb5_set_password + krb5_set_password_using_ccache + krb5_set_real_time + krb5_set_send_to_kdc_func + krb5_set_use_admin_kdc + krb5_set_warn_dest + krb5_sname_to_principal + krb5_sock_to_principal + krb5_sockaddr2address + krb5_sockaddr2port + krb5_sockaddr_uninteresting + krb5_std_usage + krb5_storage_clear_flags + krb5_storage_emem + krb5_storage_free + krb5_storage_from_data + krb5_storage_from_fd + krb5_storage_from_mem + krb5_storage_from_readonly_mem + krb5_storage_get_byteorder + krb5_storage_get_eof_code + krb5_storage_is_flags + krb5_storage_read + krb5_storage_seek + krb5_storage_set_byteorder + krb5_storage_set_eof_code + krb5_storage_set_flags + krb5_storage_to_data + krb5_storage_truncate + krb5_storage_write + krb5_store_address + krb5_store_addrs + krb5_store_authdata + krb5_store_creds + krb5_store_creds_tag + krb5_store_data + krb5_store_int16 + krb5_store_int32 + krb5_store_int8 + krb5_store_keyblock + krb5_store_principal + krb5_store_string + krb5_store_stringnl + krb5_store_stringz + krb5_store_times + krb5_store_uint16 + krb5_store_uint32 + krb5_store_uint8 + krb5_string_to_deltat + krb5_string_to_enctype + krb5_string_to_key + krb5_string_to_key_data + krb5_string_to_key_data_salt + krb5_string_to_key_data_salt_opaque + krb5_string_to_key_derived + krb5_string_to_key_salt + krb5_string_to_key_salt_opaque + krb5_string_to_keytype + krb5_string_to_salttype + krb5_ticket_get_authorization_data_type + krb5_ticket_get_client + krb5_ticket_get_endtime + krb5_ticket_get_server + krb5_timeofday + krb5_unparse_name + krb5_unparse_name_fixed + krb5_unparse_name_fixed_flags + krb5_unparse_name_fixed_short + krb5_unparse_name_flags + krb5_unparse_name_short + krb5_us_timeofday + krb5_vabort + krb5_vabortx + krb5_verify_ap_req2 + krb5_verify_ap_req + krb5_verify_authenticator_checksum + krb5_verify_checksum + krb5_verify_checksum_iov + krb5_verify_init_creds + krb5_verify_init_creds_opt_init + krb5_verify_init_creds_opt_set_ap_req_nofail + krb5_verify_opt_alloc + krb5_verify_opt_free + krb5_verify_opt_init + krb5_verify_opt_set_ccache + krb5_verify_opt_set_flags + krb5_verify_opt_set_keytab + krb5_verify_opt_set_secure + krb5_verify_opt_set_service + krb5_verify_user + krb5_verify_user_lrealm + krb5_verify_user_opt + krb5_verr + krb5_verrx + krb5_vlog + krb5_vlog_msg + krb5_vset_error_string + krb5_vset_error_message + krb5_vwarn + krb5_vwarnx + krb5_warn + krb5_warnx + krb5_write_message + krb5_write_priv_message + krb5_write_safe_message + krb5_xfree + krb5_cccol_last_change_time + krb5_cccol_cursor_new + krb5_cccol_cursor_next + krb5_cccol_cursor_free + + ; com_err error tables + initialize_krb5_error_table_r + initialize_krb5_error_table + initialize_krb_error_table_r + initialize_krb_error_table + initialize_heim_error_table_r + initialize_heim_error_table + initialize_k524_error_table_r + initialize_k524_error_table + + ; variables + krb5_mcc_ops DATA + krb5_acc_ops DATA + krb5_fcc_ops DATA + krb5_scc_ops DATA +#ifdef HAVE_KCM + krb5_kcm_ops DATA +#endif +#ifdef KRB4 +; krb4_fkt_ops DATA +#endif + krb5_wrfkt_ops DATA + krb5_mkt_ops DATA + krb5_akf_ops DATA + krb5_any_ops DATA + __heimdal_version DATA + __heimdal_long_version DATA + krb5_config_file DATA + krb5_defkeyname DATA + krb5_cc_type_api DATA + krb5_cc_type_file DATA + krb5_cc_type_memory DATA + krb5_cc_type_kcm DATA + krb5_cc_type_scc DATA + + ; Shared with GSSAPI krb5 + _krb5_crc_init_table; + _krb5_crc_update; + + ; V4 compat glue + _krb5_krb_tf_setup + _krb5_krb_dest_tkt + _krb5_krb_life_to_time + _krb5_krb_decomp_ticket + _krb5_krb_decomp_ticket + _krb5_krb_create_ticket + _krb5_krb_create_ciph + _krb5_krb_create_auth_reply + _krb5_krb_rd_req + _krb5_krb_free_auth_data + _krb5_krb_time_to_life + _krb5_krb_cr_err_reply + + ; Shared with libkdc + _krb5_AES_string_to_default_iterator + _krb5_dh_group_ok + _krb5_get_host_realm_int + _krb5_get_int + _krb5_pac_sign + _krb5_parse_moduli + _krb5_pk_enterprise_cert + _krb5_pk_kdf + _krb5_pk_load_id + _krb5_pk_mk_ContentInfo + _krb5_pk_octetstring2key + _krb5_plugin_find + _krb5_plugin_free + _krb5_plugin_get_next + _krb5_plugin_get_symbol + _krb5_principal2principalname + _krb5_principalname2krb5_principal + _krb5_put_int + _krb5_s4u2self_to_checksumdata + _krb5_expand_path_tokens + + ; testing +; _krb5_aes_cts_encrypt + _krb5_n_fold + _krb5_expand_default_cc_name diff --git a/lib/krb5/log.c b/lib/krb5/log.c index ac1cb2b2b..55c70fc96 100644 --- a/lib/krb5/log.c +++ b/lib/krb5/log.c @@ -115,7 +115,7 @@ find_value(const char *s, struct s2i *table) return table->val; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_initlog(krb5_context context, const char *program, krb5_log_facility **fac) @@ -137,7 +137,7 @@ krb5_initlog(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_addlog_func(krb5_context context, krb5_log_facility *fac, int min, @@ -270,7 +270,7 @@ open_file(krb5_context context, krb5_log_facility *fac, int min, int max, -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *orig) { krb5_error_code ret = 0; @@ -361,7 +361,7 @@ krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *orig) } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_openlog(krb5_context context, const char *program, krb5_log_facility **fac) @@ -385,7 +385,7 @@ krb5_openlog(krb5_context context, return ret; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_closelog(krb5_context context, krb5_log_facility *fac) { @@ -404,7 +404,7 @@ krb5_closelog(krb5_context context, #undef __attribute__ #define __attribute__(X) -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_vlog_msg(krb5_context context, krb5_log_facility *fac, char **reply, @@ -443,7 +443,7 @@ krb5_vlog_msg(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_vlog(krb5_context context, krb5_log_facility *fac, int level, @@ -454,7 +454,7 @@ krb5_vlog(krb5_context context, return krb5_vlog_msg(context, fac, NULL, level, fmt, ap); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_log_msg(krb5_context context, krb5_log_facility *fac, int level, @@ -473,7 +473,7 @@ krb5_log_msg(krb5_context context, } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_log(krb5_context context, krb5_log_facility *fac, int level, diff --git a/lib/krb5/misc.c b/lib/krb5/misc.c index e47383880..b76c1b584 100644 --- a/lib/krb5/misc.c +++ b/lib/krb5/misc.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_s4u2self_to_checksumdata(krb5_context context, const PA_S4U2Self *self, krb5_data *data) diff --git a/lib/krb5/mit_glue.c b/lib/krb5/mit_glue.c index ea14b2100..2de98c966 100644 --- a/lib/krb5/mit_glue.c +++ b/lib/krb5/mit_glue.c @@ -41,7 +41,7 @@ * Glue for MIT API */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_make_checksum(krb5_context context, krb5_cksumtype cksumtype, const krb5_keyblock *key, @@ -63,7 +63,7 @@ krb5_c_make_checksum(krb5_context context, return ret ; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_verify_checksum(krb5_context context, const krb5_keyblock *key, krb5_keyusage usage, const krb5_data *data, const krb5_checksum *cksum, krb5_boolean *valid) @@ -88,7 +88,7 @@ krb5_c_verify_checksum(krb5_context context, const krb5_keyblock *key, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_get_checksum(krb5_context context, const krb5_checksum *cksum, krb5_cksumtype *type, krb5_data **data) { @@ -111,7 +111,7 @@ krb5_c_get_checksum(krb5_context context, const krb5_checksum *cksum, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_set_checksum(krb5_context context, krb5_checksum *cksum, krb5_cksumtype type, const krb5_data *data) { @@ -119,51 +119,51 @@ krb5_c_set_checksum(krb5_context context, krb5_checksum *cksum, return der_copy_octet_string(data, &cksum->checksum); } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_checksum (krb5_context context, krb5_checksum *cksum) { krb5_checksum_free(context, cksum); free(cksum); } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_checksum_contents(krb5_context context, krb5_checksum *cksum) { krb5_checksum_free(context, cksum); memset(cksum, 0, sizeof(*cksum)); } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_checksum_free(krb5_context context, krb5_checksum *cksum) { free_Checksum(cksum); } -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_c_valid_enctype (krb5_enctype etype) { return krb5_enctype_valid(NULL, etype); } -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_c_valid_cksumtype(krb5_cksumtype ctype) { return krb5_cksumtype_valid(NULL, ctype); } -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_c_is_coll_proof_cksum(krb5_cksumtype ctype) { return krb5_checksum_is_collision_proof(NULL, ctype); } -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_c_is_keyed_cksum(krb5_cksumtype ctype) { return krb5_checksum_is_keyed(NULL, ctype); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_checksum (krb5_context context, const krb5_checksum *old, krb5_checksum **new) @@ -174,14 +174,14 @@ krb5_copy_checksum (krb5_context context, return copy_Checksum(old, *new); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_checksum_length (krb5_context context, krb5_cksumtype cksumtype, size_t *length) { return krb5_checksumsize(context, cksumtype, length); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_block_size(krb5_context context, krb5_enctype enctype, size_t *blocksize) @@ -204,7 +204,7 @@ krb5_c_block_size(krb5_context context, return ret; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_decrypt(krb5_context context, const krb5_keyblock key, krb5_keyusage usage, @@ -244,7 +244,7 @@ krb5_c_decrypt(krb5_context context, return ret ; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_encrypt(krb5_context context, const krb5_keyblock *key, krb5_keyusage usage, @@ -286,7 +286,7 @@ krb5_c_encrypt(krb5_context context, return ret ; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_encrypt_length(krb5_context context, krb5_enctype enctype, size_t inputlen, @@ -317,18 +317,18 @@ krb5_c_encrypt_length(krb5_context context, * @ingroup krb5_deprecated */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_DEPRECATED +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_enctype_compare(krb5_context context, krb5_enctype e1, krb5_enctype e2, krb5_boolean *similar) - KRB5_DEPRECATED { *similar = (e1 == e2); return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_make_random_key(krb5_context context, krb5_enctype enctype, krb5_keyblock *random_key) @@ -336,7 +336,7 @@ krb5_c_make_random_key(krb5_context context, return krb5_generate_random_keyblock(context, enctype, random_key); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_keylengths(krb5_context context, krb5_enctype enctype, size_t *ilen, @@ -351,7 +351,7 @@ krb5_c_keylengths(krb5_context context, return krb5_enctype_keysize(context, enctype, keylen); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_prf_length(krb5_context context, krb5_enctype type, size_t *length) @@ -359,7 +359,7 @@ krb5_c_prf_length(krb5_context context, return krb5_crypto_prf_length(context, type, length); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_prf(krb5_context context, const krb5_keyblock *key, const krb5_data *input, @@ -384,7 +384,7 @@ krb5_c_prf(krb5_context context, * @ingroup krb5_ccache */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_copy_creds(krb5_context context, const krb5_ccache from, krb5_ccache to) diff --git a/lib/krb5/mk_error.c b/lib/krb5/mk_error.c index 0de30e4dd..a837b5e29 100644 --- a/lib/krb5/mk_error.c +++ b/lib/krb5/mk_error.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_mk_error(krb5_context context, krb5_error_code error_code, const char *e_text, diff --git a/lib/krb5/mk_priv.c b/lib/krb5/mk_priv.c index 40f09ae33..833821341 100644 --- a/lib/krb5/mk_priv.c +++ b/lib/krb5/mk_priv.c @@ -31,9 +31,9 @@ * SUCH DAMAGE. */ -#include +#include "krb5_locl.h" -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_mk_priv(krb5_context context, krb5_auth_context auth_context, const krb5_data *userdata, diff --git a/lib/krb5/mk_rep.c b/lib/krb5/mk_rep.c index 8eef0ea65..2b9c3fbdb 100644 --- a/lib/krb5/mk_rep.c +++ b/lib/krb5/mk_rep.c @@ -31,9 +31,9 @@ * SUCH DAMAGE. */ -#include +#include "krb5_locl.h" -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_mk_rep(krb5_context context, krb5_auth_context auth_context, krb5_data *outbuf) diff --git a/lib/krb5/mk_req.c b/lib/krb5/mk_req.c index c87fa6129..44e6c8b68 100644 --- a/lib/krb5/mk_req.c +++ b/lib/krb5/mk_req.c @@ -31,9 +31,9 @@ * SUCH DAMAGE. */ -#include +#include "krb5_locl.h" -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_mk_req_exact(krb5_context context, krb5_auth_context *auth_context, const krb5_flags ap_req_options, @@ -77,7 +77,7 @@ krb5_mk_req_exact(krb5_context context, return ret; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_mk_req(krb5_context context, krb5_auth_context *auth_context, const krb5_flags ap_req_options, diff --git a/lib/krb5/mk_req_ext.c b/lib/krb5/mk_req_ext.c index 03fc93b02..af68e4e19 100644 --- a/lib/krb5/mk_req_ext.c +++ b/lib/krb5/mk_req_ext.c @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -#include +#include "krb5_locl.h" krb5_error_code _krb5_mk_req_internal(krb5_context context, @@ -143,7 +143,7 @@ out: return ret; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_mk_req_extended(krb5_context context, krb5_auth_context *auth_context, const krb5_flags ap_req_options, diff --git a/lib/krb5/mk_safe.c b/lib/krb5/mk_safe.c index 5b7580d8a..b2858acf8 100644 --- a/lib/krb5/mk_safe.c +++ b/lib/krb5/mk_safe.c @@ -31,9 +31,9 @@ * SUCH DAMAGE. */ -#include +#include "krb5_locl.h" -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_mk_safe(krb5_context context, krb5_auth_context auth_context, const krb5_data *userdata, diff --git a/lib/krb5/n-fold.c b/lib/krb5/n-fold.c index 0623f6aae..f94a1ea12 100644 --- a/lib/krb5/n-fold.c +++ b/lib/krb5/n-fold.c @@ -96,7 +96,7 @@ add1(unsigned char *a, unsigned char *b, size_t len) } } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_n_fold(const void *str, size_t len, void *key, size_t size) { /* if len < size we need at most N * len bytes, ie < 2 * size; diff --git a/lib/krb5/net_read.c b/lib/krb5/net_read.c index eeb97a483..f6d781c27 100644 --- a/lib/krb5/net_read.c +++ b/lib/krb5/net_read.c @@ -33,13 +33,12 @@ #include "krb5_locl.h" -krb5_ssize_t KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL krb5_net_read (krb5_context context, void *p_fd, void *buf, size_t len) { - int fd = *((int *)p_fd); - - return net_read (fd, buf, len); + krb5_socket_t fd = *((krb5_socket_t *)p_fd); + return net_read(fd, buf, len); } diff --git a/lib/krb5/net_write.c b/lib/krb5/net_write.c index d39a9b17f..6f1145e71 100644 --- a/lib/krb5/net_write.c +++ b/lib/krb5/net_write.c @@ -33,25 +33,24 @@ #include "krb5_locl.h" -krb5_ssize_t KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL krb5_net_write (krb5_context context, void *p_fd, const void *buf, size_t len) { - int fd = *((int *)p_fd); - - return net_write (fd, buf, len); + krb5_socket_t fd = *((krb5_socket_t *)p_fd); + return net_write(fd, buf, len); } -krb5_ssize_t KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL krb5_net_write_block(krb5_context context, void *p_fd, const void *buf, size_t len, time_t timeout) { - int fd = *((int *)p_fd); + krb5_socket_t fd = *((krb5_socket_t *)p_fd); int ret; struct timeval tv, *tvp; const char *cbuf = (const char *)buf; @@ -71,29 +70,45 @@ krb5_net_write_block(krb5_context context, tvp = NULL; ret = select(fd + 1, NULL, &wfds, NULL, tvp); - if (ret < 0) { - if (errno == EINTR) + if (IS_SOCKET_ERROR(ret)) { + if (SOCK_ERRNO == EINTR) continue; return -1; - } else if (ret == 0) + } + +#ifdef HAVE_WINSOCK + if (ret == 0) { + WSASetLastError( WSAETIMEDOUT ); return 0; + } + + count = send (fd, cbuf, rem, 0); + + if (IS_SOCKET_ERROR(count)) { + return -1; + } + +#else + if (ret == 0) { + return 0; + } if (!FD_ISSET(fd, &wfds)) { errno = ETIMEDOUT; return -1; } -#ifdef WIN32 - count = send (fd, cbuf, rem, 0); -#else count = write (fd, cbuf, rem); -#endif + if (count < 0) { if (errno == EINTR) continue; else return count; } + +#endif + cbuf += count; rem -= count; diff --git a/lib/krb5/padata.c b/lib/krb5/padata.c index aa08248ed..283a857df 100644 --- a/lib/krb5/padata.c +++ b/lib/krb5/padata.c @@ -42,7 +42,7 @@ krb5_find_padata(PA_DATA *val, unsigned len, int type, int *idx) return NULL; } -int KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_padata_add(krb5_context context, METHOD_DATA *md, int type, void *buf, size_t len) { diff --git a/lib/krb5/parse-name-test.c b/lib/krb5/parse-name-test.c index a03d9764b..bb2fc024e 100644 --- a/lib/krb5/parse-name-test.c +++ b/lib/krb5/parse-name-test.c @@ -61,7 +61,7 @@ static struct testcase { {"a/b/c", "a/b/c@", "", 3, {"a", "b", "c"}, FALSE}, {NULL, NULL, "", 0, { NULL }, FALSE}}; -int KRB5_LIB_FUNCTION +int main(int argc, char **argv) { struct testcase *t; diff --git a/lib/krb5/pkinit.c b/lib/krb5/pkinit.c index 28ba8183d..1d3845435 100644 --- a/lib/krb5/pkinit.c +++ b/lib/krb5/pkinit.c @@ -91,7 +91,7 @@ pk_copy_error(krb5_context context, * */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL _krb5_pk_cert_free(struct krb5_pk_cert *cert) { if (cert->cert) { @@ -617,7 +617,7 @@ build_auth_pack(krb5_context context, return ret; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_pk_mk_ContentInfo(krb5_context context, const krb5_data *buf, const heim_oid *oid, @@ -807,7 +807,7 @@ pk_mk_padata(krb5_context context, } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_pk_mk_padata(krb5_context context, void *c, int ic_flags, @@ -1534,7 +1534,7 @@ pk_rd_pa_reply_dh(krb5_context context, return ret; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_pk_rd_pa_reply(krb5_context context, const char *realm, void *c, @@ -1826,7 +1826,7 @@ _krb5_pk_set_user_id(krb5_context context, return ret; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_pk_load_id(krb5_context context, struct krb5_pk_identity **ret_id, const char *user_id, @@ -2291,7 +2291,7 @@ _krb5_dh_group_ok(krb5_context context, unsigned long bits, } #endif /* PKINIT */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL _krb5_get_init_creds_opt_free_pkinit(krb5_get_init_creds_opt *opt) { #ifdef PKINIT @@ -2335,7 +2335,7 @@ _krb5_get_init_creds_opt_free_pkinit(krb5_get_init_creds_opt *opt) #endif } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_opt_set_pkinit(krb5_context context, krb5_get_init_creds_opt *opt, krb5_principal principal, @@ -2528,7 +2528,7 @@ find_ms_san(hx509_context context, hx509_cert cert, void *ctx) * Private since it need to be redesigned using krb5_get_init_creds() */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_pk_enterprise_cert(krb5_context context, const char *user_id, krb5_const_realm realm, diff --git a/lib/krb5/plugin.c b/lib/krb5/plugin.c index 027f2a72a..9118ade67 100644 --- a/lib/krb5/plugin.c +++ b/lib/krb5/plugin.c @@ -205,7 +205,9 @@ load_plugins(krb5_context context) d = opendir(*di); if (d == NULL) continue; +#ifdef HAVE_DIRFD rk_cloexec(dirfd(d)); +#endif while ((entry = readdir(d)) != NULL) { char *n = entry->d_name; diff --git a/lib/krb5/principal.c b/lib/krb5/principal.c index d854113a4..00c967a72 100644 --- a/lib/krb5/principal.c +++ b/lib/krb5/principal.c @@ -76,7 +76,7 @@ host/admin@H5L.ORG * @ingroup krb5_principal */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_principal(krb5_context context, krb5_principal p) { @@ -98,7 +98,7 @@ krb5_free_principal(krb5_context context, * @ingroup krb5_principal */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_principal_set_type(krb5_context context, krb5_principal principal, int type) @@ -117,7 +117,7 @@ krb5_principal_set_type(krb5_context context, * @ingroup krb5_principal */ -int KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_principal_get_type(krb5_context context, krb5_const_principal principal) { @@ -135,14 +135,14 @@ krb5_principal_get_type(krb5_context context, * @ingroup krb5_principal */ -const char* KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_principal_get_realm(krb5_context context, krb5_const_principal principal) { return princ_realm(principal); } -const char* KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_principal_get_comp_string(krb5_context context, krb5_const_principal principal, unsigned int component) @@ -163,7 +163,7 @@ krb5_principal_get_comp_string(krb5_context context, * @ingroup krb5_principal */ -unsigned int KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION unsigned int KRB5_LIB_CALL krb5_principal_get_num_comp(krb5_context context, krb5_const_principal principal) { @@ -183,7 +183,7 @@ krb5_principal_get_num_comp(krb5_context context, * @ingroup krb5_principal */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_parse_name_flags(krb5_context context, const char *name, int flags, @@ -384,7 +384,7 @@ exit: * @ingroup krb5_principal */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_parse_name(krb5_context context, const char *name, krb5_principal *principal) @@ -485,7 +485,7 @@ unparse_name_fixed(krb5_context context, * @ingroup krb5_principal */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_unparse_name_fixed(krb5_context context, krb5_const_principal principal, char *name, @@ -508,7 +508,7 @@ krb5_unparse_name_fixed(krb5_context context, * @ingroup krb5_principal */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_unparse_name_fixed_short(krb5_context context, krb5_const_principal principal, char *name, @@ -532,7 +532,7 @@ krb5_unparse_name_fixed_short(krb5_context context, * @ingroup krb5_principal */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_unparse_name_fixed_flags(krb5_context context, krb5_const_principal principal, int flags, @@ -596,7 +596,7 @@ unparse_name(krb5_context context, * @ingroup krb5_principal */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_unparse_name(krb5_context context, krb5_const_principal principal, char **name) @@ -617,7 +617,7 @@ krb5_unparse_name(krb5_context context, * @ingroup krb5_principal */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_unparse_name_flags(krb5_context context, krb5_const_principal principal, int flags, @@ -639,7 +639,7 @@ krb5_unparse_name_flags(krb5_context context, * @ingroup krb5_principal */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_unparse_name_short(krb5_context context, krb5_const_principal principal, char **name) @@ -660,7 +660,7 @@ krb5_unparse_name_short(krb5_context context, * @ingroup krb5_principal */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_principal_set_realm(krb5_context context, krb5_principal principal, krb5_const_realm realm) @@ -692,7 +692,7 @@ krb5_principal_set_realm(krb5_context context, * @ingroup krb5_principal */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_build_principal(krb5_context context, krb5_principal *principal, int rlen, @@ -828,8 +828,7 @@ build_principal(krb5_context context, return 0; } - -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_build_principal_va(krb5_context context, krb5_principal *principal, int rlen, @@ -839,7 +838,7 @@ krb5_build_principal_va(krb5_context context, return build_principal(context, principal, rlen, realm, va_princ, ap); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_build_principal_va_ext(krb5_context context, krb5_principal *principal, int rlen, @@ -850,7 +849,7 @@ krb5_build_principal_va_ext(krb5_context context, } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_build_principal_ext(krb5_context context, krb5_principal *principal, int rlen, @@ -878,7 +877,7 @@ krb5_build_principal_ext(krb5_context context, */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_principal(krb5_context context, krb5_const_principal inprinc, krb5_principal *outprinc) @@ -913,7 +912,7 @@ krb5_copy_principal(krb5_context context, * @see krb5_realm_compare() */ -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_principal_compare_any_realm(krb5_context context, krb5_const_principal princ1, krb5_const_principal princ2) @@ -928,7 +927,7 @@ krb5_principal_compare_any_realm(krb5_context context, return TRUE; } -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL _krb5_principal_compare_PrincipalName(krb5_context context, krb5_const_principal princ1, PrincipalName *princ2) @@ -961,7 +960,7 @@ _krb5_principal_compare_PrincipalName(krb5_context context, * return TRUE iff princ1 == princ2 */ -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_principal_compare(krb5_context context, krb5_const_principal princ1, krb5_const_principal princ2) @@ -983,7 +982,7 @@ krb5_principal_compare(krb5_context context, * @see krb5_principal_compare() */ -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_realm_compare(krb5_context context, krb5_const_principal princ1, krb5_const_principal princ2) @@ -997,7 +996,7 @@ krb5_realm_compare(krb5_context context, * @ingroup krb5_principal */ -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_principal_match(krb5_context context, krb5_const_principal princ, krb5_const_principal pattern) @@ -1083,7 +1082,7 @@ get_name_conversion(krb5_context context, const char *realm, const char *name) * if `func', use that function for validating the conversion */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_425_conv_principal_ext2(krb5_context context, const char *name, const char *instance, @@ -1375,7 +1374,7 @@ name_convert(krb5_context context, const char *name, const char *realm, * three parameters. They have to be 40 bytes each (ANAME_SZ). */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_524_conv_principal(krb5_context context, const krb5_principal principal, char *name, @@ -1461,7 +1460,7 @@ krb5_524_conv_principal(krb5_context context, * @ingroup krb5_principal */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_sname_to_principal (krb5_context context, const char *hostname, const char *sname, diff --git a/lib/krb5/prog_setup.c b/lib/krb5/prog_setup.c index 4c060973d..21afbf8d1 100644 --- a/lib/krb5/prog_setup.c +++ b/lib/krb5/prog_setup.c @@ -35,17 +35,17 @@ #include #include -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_std_usage(int code, struct getargs *args, int num_args) { arg_printusage(args, num_args, NULL, ""); exit(code); } -int KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_program_setup(krb5_context *context, int argc, char **argv, struct getargs *args, int num_args, - void (*usage)(int, struct getargs*, int)) + void (KRB5_LIB_CALL *usage)(int, struct getargs*, int)) { krb5_error_code ret; int optidx = 0; diff --git a/lib/krb5/prompter_posix.c b/lib/krb5/prompter_posix.c index 05deaff52..875fd99c4 100644 --- a/lib/krb5/prompter_posix.c +++ b/lib/krb5/prompter_posix.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -int KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION int krb5_prompter_posix (krb5_context context, void *data, const char *name, diff --git a/lib/krb5/rd_cred.c b/lib/krb5/rd_cred.c index f41edfa2b..094f748b9 100644 --- a/lib/krb5/rd_cred.c +++ b/lib/krb5/rd_cred.c @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -#include +#include "krb5_locl.h" static krb5_error_code compare_addrs(krb5_context context, @@ -52,7 +52,7 @@ compare_addrs(krb5_context context, return KRB5KRB_AP_ERR_BADADDR; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_cred(krb5_context context, krb5_auth_context auth_context, krb5_data *in_data, @@ -322,7 +322,7 @@ krb5_rd_cred(krb5_context context, return ret; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_cred2 (krb5_context context, krb5_auth_context auth_context, krb5_ccache ccache, diff --git a/lib/krb5/rd_error.c b/lib/krb5/rd_error.c index 1561188fa..d778c68cd 100644 --- a/lib/krb5/rd_error.c +++ b/lib/krb5/rd_error.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_error(krb5_context context, const krb5_data *msg, KRB_ERROR *result) @@ -51,7 +51,7 @@ krb5_rd_error(krb5_context context, return 0; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_error_contents (krb5_context context, krb5_error *error) { @@ -59,7 +59,7 @@ krb5_free_error_contents (krb5_context context, memset(error, 0, sizeof(*error)); } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_error (krb5_context context, krb5_error *error) { @@ -67,7 +67,7 @@ krb5_free_error (krb5_context context, free (error); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_error_from_rd_error(krb5_context context, const krb5_error *error, const krb5_creds *creds) diff --git a/lib/krb5/rd_priv.c b/lib/krb5/rd_priv.c index fb6cfcee4..8a46195b6 100644 --- a/lib/krb5/rd_priv.c +++ b/lib/krb5/rd_priv.c @@ -31,9 +31,9 @@ * SUCH DAMAGE. */ -#include +#include "krb5_locl.h" -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_priv(krb5_context context, krb5_auth_context auth_context, const krb5_data *inbuf, diff --git a/lib/krb5/rd_rep.c b/lib/krb5/rd_rep.c index 2d5792cd4..f8963a53b 100644 --- a/lib/krb5/rd_rep.c +++ b/lib/krb5/rd_rep.c @@ -31,9 +31,9 @@ * SUCH DAMAGE. */ -#include +#include "krb5_locl.h" -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_rep(krb5_context context, krb5_auth_context auth_context, const krb5_data *inbuf, @@ -108,7 +108,7 @@ krb5_rd_rep(krb5_context context, return ret; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_ap_rep_enc_part (krb5_context context, krb5_ap_rep_enc_part *val) { diff --git a/lib/krb5/rd_req.c b/lib/krb5/rd_req.c index 784427fe4..9f6a85b1a 100644 --- a/lib/krb5/rd_req.c +++ b/lib/krb5/rd_req.c @@ -1,3 +1,4 @@ + /* * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). @@ -31,7 +32,7 @@ * SUCH DAMAGE. */ -#include +#include "krb5_locl.h" static krb5_error_code decrypt_tkt_enc_part (krb5_context context, @@ -102,7 +103,7 @@ decrypt_authenticator (krb5_context context, return ret; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decode_ap_req(krb5_context context, const krb5_data *inbuf, krb5_ap_req *ap_req) @@ -217,7 +218,7 @@ find_etypelist(krb5_context context, return ret; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decrypt_ticket(krb5_context context, Ticket *ticket, krb5_keyblock *key, @@ -266,7 +267,7 @@ krb5_decrypt_ticket(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_verify_authenticator_checksum(krb5_context context, krb5_auth_context ac, void *data, @@ -308,7 +309,7 @@ out: } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_verify_ap_req(krb5_context context, krb5_auth_context *auth_context, krb5_ap_req *ap_req, @@ -329,7 +330,7 @@ krb5_verify_ap_req(krb5_context context, KRB5_KU_AP_REQ_AUTH); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_verify_ap_req2(krb5_context context, krb5_auth_context *auth_context, krb5_ap_req *ap_req, @@ -538,7 +539,7 @@ struct krb5_rd_req_out_ctx_data { * @ingroup krb5_auth */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_in_ctx_alloc(krb5_context context, krb5_rd_req_in_ctx *ctx) { *ctx = calloc(1, sizeof(**ctx)); @@ -565,7 +566,7 @@ krb5_rd_req_in_ctx_alloc(krb5_context context, krb5_rd_req_in_ctx *ctx) * @ingroup krb5_auth */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_in_set_keytab(krb5_context context, krb5_rd_req_in_ctx in, krb5_keytab keytab) @@ -586,7 +587,7 @@ krb5_rd_req_in_set_keytab(krb5_context context, * @ingroup krb5_auth */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_in_set_pac_check(krb5_context context, krb5_rd_req_in_ctx in, krb5_boolean flag) @@ -596,7 +597,7 @@ krb5_rd_req_in_set_pac_check(krb5_context context, } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_in_set_keyblock(krb5_context context, krb5_rd_req_in_ctx in, krb5_keyblock *keyblock) @@ -605,7 +606,7 @@ krb5_rd_req_in_set_keyblock(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_out_get_ap_req_options(krb5_context context, krb5_rd_req_out_ctx out, krb5_flags *ap_req_options) @@ -614,7 +615,7 @@ krb5_rd_req_out_get_ap_req_options(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_out_get_ticket(krb5_context context, krb5_rd_req_out_ctx out, krb5_ticket **ticket) @@ -622,7 +623,7 @@ krb5_rd_req_out_get_ticket(krb5_context context, return krb5_copy_ticket(context, out->ticket, ticket); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_out_get_keyblock(krb5_context context, krb5_rd_req_out_ctx out, krb5_keyblock **keyblock) @@ -642,7 +643,7 @@ krb5_rd_req_out_get_keyblock(krb5_context context, * @ingroup krb5_auth */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_out_get_server(krb5_context context, krb5_rd_req_out_ctx out, krb5_principal *principal) @@ -650,7 +651,7 @@ krb5_rd_req_out_get_server(krb5_context context, return krb5_copy_principal(context, out->server, principal); } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_rd_req_in_ctx_free(krb5_context context, krb5_rd_req_in_ctx ctx) { free(ctx); @@ -665,7 +666,7 @@ krb5_rd_req_in_ctx_free(krb5_context context, krb5_rd_req_in_ctx ctx) * @ingroup krb5_auth */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_rd_req_out_ctx_free(krb5_context context, krb5_rd_req_out_ctx ctx) { if (ctx->ticket) @@ -681,7 +682,7 @@ krb5_rd_req_out_ctx_free(krb5_context context, krb5_rd_req_out_ctx ctx) * */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req(krb5_context context, krb5_auth_context *auth_context, const krb5_data *inbuf, @@ -726,7 +727,7 @@ out: * */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_with_keyblock(krb5_context context, krb5_auth_context *auth_context, const krb5_data *inbuf, @@ -834,7 +835,7 @@ out: * @ingroup krb5_auth */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_ctx(krb5_context context, krb5_auth_context *auth_context, const krb5_data *inbuf, diff --git a/lib/krb5/rd_safe.c b/lib/krb5/rd_safe.c index 16466e0c3..d37960ab4 100644 --- a/lib/krb5/rd_safe.c +++ b/lib/krb5/rd_safe.c @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -#include +#include "krb5_locl.h" static krb5_error_code verify_checksum(krb5_context context, @@ -80,7 +80,7 @@ out: return ret; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_safe(krb5_context context, krb5_auth_context auth_context, const krb5_data *inbuf, diff --git a/lib/krb5/read_message.c b/lib/krb5/read_message.c index be850b81c..4e9bd012d 100644 --- a/lib/krb5/read_message.c +++ b/lib/krb5/read_message.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_read_message (krb5_context context, krb5_pointer p_fd, krb5_data *data) @@ -69,7 +69,7 @@ krb5_read_message (krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_read_priv_message(krb5_context context, krb5_auth_context ac, krb5_pointer p_fd, @@ -86,7 +86,7 @@ krb5_read_priv_message(krb5_context context, return ret; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_read_safe_message(krb5_context context, krb5_auth_context ac, krb5_pointer p_fd, diff --git a/lib/krb5/recvauth.c b/lib/krb5/recvauth.c index a5e48bf35..78e98a10f 100644 --- a/lib/krb5/recvauth.c +++ b/lib/krb5/recvauth.c @@ -43,7 +43,7 @@ match_exact(const void *data, const char *appl_version) return strcmp(data, appl_version) == 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_recvauth(krb5_context context, krb5_auth_context *auth_context, krb5_pointer p_fd, @@ -59,7 +59,7 @@ krb5_recvauth(krb5_context context, keytab, ticket); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_recvauth_match_version(krb5_context context, krb5_auth_context *auth_context, krb5_pointer p_fd, diff --git a/lib/krb5/replay.c b/lib/krb5/replay.c index d6316febd..f4eb9032d 100644 --- a/lib/krb5/replay.c +++ b/lib/krb5/replay.c @@ -38,7 +38,7 @@ struct krb5_rcache_data { char *name; }; -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rc_resolve(krb5_context context, krb5_rcache id, const char *name) @@ -52,7 +52,7 @@ krb5_rc_resolve(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rc_resolve_type(krb5_context context, krb5_rcache *id, const char *type) @@ -73,7 +73,7 @@ krb5_rc_resolve_type(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rc_resolve_full(krb5_context context, krb5_rcache *id, const char *string_name) @@ -99,19 +99,19 @@ krb5_rc_resolve_full(krb5_context context, return ret; } -const char* KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_rc_default_name(krb5_context context) { return "FILE:/var/run/default_rcache"; } -const char* KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_rc_default_type(krb5_context context) { return "FILE"; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rc_default(krb5_context context, krb5_rcache *id) { @@ -123,7 +123,7 @@ struct rc_entry{ unsigned char data[16]; }; -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rc_initialize(krb5_context context, krb5_rcache id, krb5_deltat auth_lifespan) @@ -145,14 +145,14 @@ krb5_rc_initialize(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rc_recover(krb5_context context, krb5_rcache id) { return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rc_destroy(krb5_context context, krb5_rcache id) { @@ -168,7 +168,7 @@ krb5_rc_destroy(krb5_context context, return krb5_rc_close(context, id); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rc_close(krb5_context context, krb5_rcache id) { @@ -196,7 +196,7 @@ checksum_authenticator(Authenticator *auth, void *data) EVP_MD_CTX_destroy(m); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rc_store(krb5_context context, krb5_rcache id, krb5_donot_replay *rep) @@ -251,14 +251,14 @@ krb5_rc_store(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rc_expunge(krb5_context context, krb5_rcache id) { return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rc_get_lifespan(krb5_context context, krb5_rcache id, krb5_deltat *auth_lifespan) @@ -276,21 +276,21 @@ krb5_rc_get_lifespan(krb5_context context, return KRB5_RC_IO_UNKNOWN; } -const char* KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_rc_get_name(krb5_context context, krb5_rcache id) { return id->name; } -const char* KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_rc_get_type(krb5_context context, krb5_rcache id) { return "FILE"; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_server_rcache(krb5_context context, const krb5_data *piece, krb5_rcache *id) diff --git a/lib/krb5/scache.c b/lib/krb5/scache.c index a8eac41bf..7f4d51413 100644 --- a/lib/krb5/scache.c +++ b/lib/krb5/scache.c @@ -61,7 +61,11 @@ typedef struct krb5_scache { #define SCACHE(X) ((krb5_scache *)(X)->data.data) #define SCACHE_DEF_NAME "Default-cache" +#ifdef KRB5_USE_PATH_TOKENS +#define KRB5_SCACHE_DB "%{TEMP}/krb5scc_%{uid}" +#else #define KRB5_SCACHE_DB "/tmp/krb5scc_%{uid}" +#endif #define KRB5_SCACHE_NAME "SCC:" SCACHE_DEF_NAME ":" KRB5_SCACHE_DB #define SCACHE_INVALID_CID ((sqlite_uint64)-1) diff --git a/lib/krb5/send_to_kdc.c b/lib/krb5/send_to_kdc.c index 0efe14eb4..3723d98a6 100644 --- a/lib/krb5/send_to_kdc.c +++ b/lib/krb5/send_to_kdc.c @@ -47,7 +47,7 @@ struct send_to_kdc { */ static int -recv_loop (int fd, +recv_loop (krb5_socket_t fd, time_t tmout, int udp, size_t limit, @@ -58,9 +58,11 @@ recv_loop (int fd, int ret; int nbytes; +#ifndef NO_LIMIT_FD_SETSIZE if (fd >= FD_SETSIZE) { return -1; } +#endif krb5_data_zero(rep); do { @@ -78,7 +80,7 @@ recv_loop (int fd, } else { void *tmp; - if (ioctl (fd, FIONREAD, &nbytes) < 0) { + if (SOCK_IOCTL (fd, FIONREAD, &nbytes) < 0) { krb5_data_free (rep); return -1; } @@ -111,7 +113,7 @@ recv_loop (int fd, */ static int -send_and_recv_udp(int fd, +send_and_recv_udp(krb5_socket_t fd, time_t tmout, const krb5_data *req, krb5_data *rep) @@ -130,7 +132,7 @@ send_and_recv_udp(int fd, */ static int -send_and_recv_tcp(int fd, +send_and_recv_tcp(krb5_socket_t fd, time_t tmout, const krb5_data *req, krb5_data *rep) @@ -140,9 +142,9 @@ send_and_recv_tcp(int fd, krb5_data len_data; _krb5_put_int(len, req->length, 4); - if(net_write(fd, len, sizeof(len)) < 0) + if(net_write_s(fd, len, sizeof(len)) < 0) return -1; - if(net_write(fd, req->data, req->length) < 0) + if(net_write_s(fd, req->data, req->length) < 0) return -1; if (recv_loop (fd, tmout, 0, 4, &len_data) < 0) return -1; @@ -162,7 +164,7 @@ send_and_recv_tcp(int fd, } int -_krb5_send_and_recv_tcp(int fd, +_krb5_send_and_recv_tcp(krb5_socket_t fd, time_t tmout, const krb5_data *req, krb5_data *rep) @@ -175,7 +177,7 @@ _krb5_send_and_recv_tcp(int fd, */ static int -send_and_recv_http(int fd, +send_and_recv_http(krb5_socket_t fd, time_t tmout, const char *prefix, const krb5_data *req, @@ -192,7 +194,7 @@ send_and_recv_http(int fd, free(str); if (request == NULL) return -1; - ret = net_write (fd, request, strlen(request)); + ret = net_write_s (fd, request, strlen(request)); free (request); if (ret < 0) return ret; @@ -264,7 +266,7 @@ send_via_proxy (krb5_context context, struct addrinfo hints; struct addrinfo *ai, *a; int ret; - int s = -1; + krb5_socket_t s = INVALID_SOCKET; char portstr[NI_MAXSERV]; if (proxy == NULL) @@ -291,7 +293,7 @@ send_via_proxy (krb5_context context, continue; rk_cloexec(s); if (connect (s, a->ai_addr, a->ai_addrlen) < 0) { - close (s); + closesocket (s); continue; } break; @@ -309,7 +311,7 @@ send_via_proxy (krb5_context context, } ret = send_and_recv_http(s, context->kdc_timeout, prefix, send_data, receive); - close (s); + closesocket (s); free(prefix); if(ret == 0 && receive->length != 0) return 0; @@ -361,14 +363,14 @@ send_via_plugin(krb5_context context, * in `receive'. */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_sendto (krb5_context context, const krb5_data *send_data, krb5_krbhst_handle handle, krb5_data *receive) { krb5_error_code ret; - int fd; + krb5_socket_t fd; int i; krb5_data_zero(receive); @@ -414,11 +416,11 @@ krb5_sendto (krb5_context context, for (a = ai; a != NULL; a = a->ai_next) { fd = socket (a->ai_family, a->ai_socktype | SOCK_CLOEXEC, a->ai_protocol); - if (fd < 0) + if (IS_BAD_SOCKET(fd)) continue; rk_cloexec(fd); if (connect (fd, a->ai_addr, a->ai_addrlen) < 0) { - close (fd); + closesocket (fd); continue; } switch (hi->proto) { @@ -435,7 +437,7 @@ krb5_sendto (krb5_context context, send_data, receive); break; } - close (fd); + closesocket (fd); if(ret == 0 && receive->length != 0) goto out; } @@ -451,7 +453,7 @@ out: return ret; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_sendto_kdc(krb5_context context, const krb5_data *send_data, const krb5_realm *realm, @@ -460,7 +462,7 @@ krb5_sendto_kdc(krb5_context context, return krb5_sendto_kdc_flags(context, send_data, realm, receive, 0); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_sendto_kdc_flags(krb5_context context, const krb5_data *send_data, const krb5_realm *realm, @@ -481,7 +483,7 @@ krb5_sendto_kdc_flags(krb5_context context, return ret; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_send_to_kdc_func(krb5_context context, krb5_send_to_kdc_func func, void *data) @@ -504,7 +506,7 @@ krb5_set_send_to_kdc_func(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_copy_send_to_kdc_func(krb5_context context, krb5_context to) { if (context->send_to_kdc) @@ -524,7 +526,7 @@ struct krb5_sendto_ctx_data { void *data; }; -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_sendto_ctx_alloc(krb5_context context, krb5_sendto_ctx *ctx) { *ctx = calloc(1, sizeof(**ctx)); @@ -536,26 +538,26 @@ krb5_sendto_ctx_alloc(krb5_context context, krb5_sendto_ctx *ctx) return 0; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_sendto_ctx_add_flags(krb5_sendto_ctx ctx, int flags) { ctx->flags |= flags; } -int KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_sendto_ctx_get_flags(krb5_sendto_ctx ctx) { return ctx->flags; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_sendto_ctx_set_type(krb5_sendto_ctx ctx, int type) { ctx->type = type; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_sendto_ctx_set_func(krb5_sendto_ctx ctx, krb5_sendto_ctx_func func, void *data) @@ -564,14 +566,14 @@ krb5_sendto_ctx_set_func(krb5_sendto_ctx ctx, ctx->data = data; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_sendto_ctx_free(krb5_context context, krb5_sendto_ctx ctx) { memset(ctx, 0, sizeof(*ctx)); free(ctx); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_sendto_context(krb5_context context, krb5_sendto_ctx ctx, const krb5_data *send_data, diff --git a/lib/krb5/sendauth.c b/lib/krb5/sendauth.c index dca759437..0965008ec 100644 --- a/lib/krb5/sendauth.c +++ b/lib/krb5/sendauth.c @@ -60,7 +60,7 @@ * } */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_sendauth(krb5_context context, krb5_auth_context *auth_context, krb5_pointer p_fd, diff --git a/lib/krb5/set_default_realm.c b/lib/krb5/set_default_realm.c index 91201eeb5..ddce677c1 100644 --- a/lib/krb5/set_default_realm.c +++ b/lib/krb5/set_default_realm.c @@ -65,7 +65,7 @@ string_to_list (krb5_context context, const char *s, krb5_realm **list) * Otherwise, the realm(s) are figured out from configuration or DNS. */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_default_realm(krb5_context context, const char *realm) { diff --git a/lib/krb5/sock_principal.c b/lib/krb5/sock_principal.c index d65035684..a43546de3 100644 --- a/lib/krb5/sock_principal.c +++ b/lib/krb5/sock_principal.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_sock_to_principal (krb5_context context, int sock, const char *sname, diff --git a/lib/krb5/store.c b/lib/krb5/store.c index 6e1374adf..49e68ef17 100644 --- a/lib/krb5/store.c +++ b/lib/krb5/store.c @@ -49,7 +49,7 @@ * @ingroup krb5_storage */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_storage_set_flags(krb5_storage *sp, krb5_flags flags) { sp->flags |= flags; @@ -64,7 +64,7 @@ krb5_storage_set_flags(krb5_storage *sp, krb5_flags flags) * @ingroup krb5_storage */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_storage_clear_flags(krb5_storage *sp, krb5_flags flags) { sp->flags &= ~flags; @@ -82,7 +82,7 @@ krb5_storage_clear_flags(krb5_storage *sp, krb5_flags flags) * @ingroup krb5_storage */ -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_storage_is_flags(krb5_storage *sp, krb5_flags flags) { return (sp->flags & flags) == flags; @@ -100,7 +100,7 @@ krb5_storage_is_flags(krb5_storage *sp, krb5_flags flags) * @ingroup krb5_storage */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_storage_set_byteorder(krb5_storage *sp, krb5_flags byteorder) { sp->flags &= ~KRB5_STORAGE_BYTEORDER_MASK; @@ -113,7 +113,7 @@ krb5_storage_set_byteorder(krb5_storage *sp, krb5_flags byteorder) * @ingroup krb5_storage */ -krb5_flags KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_flags KRB5_LIB_CALL krb5_storage_get_byteorder(krb5_storage *sp) { return sp->flags & KRB5_STORAGE_BYTEORDER_MASK; @@ -132,7 +132,7 @@ krb5_storage_get_byteorder(krb5_storage *sp) * @ingroup krb5_storage */ -off_t KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION off_t KRB5_LIB_CALL krb5_storage_seek(krb5_storage *sp, off_t offset, int whence) { return (*sp->seek)(sp, offset, whence); @@ -149,7 +149,7 @@ krb5_storage_seek(krb5_storage *sp, off_t offset, int whence) * @ingroup krb5_storage */ -int KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_storage_truncate(krb5_storage *sp, off_t offset) { return (*sp->trunc)(sp, offset); @@ -167,7 +167,7 @@ krb5_storage_truncate(krb5_storage *sp, off_t offset) * @ingroup krb5_storage */ -krb5_ssize_t KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL krb5_storage_read(krb5_storage *sp, void *buf, size_t len) { return sp->fetch(sp, buf, len); @@ -185,7 +185,7 @@ krb5_storage_read(krb5_storage *sp, void *buf, size_t len) * @ingroup krb5_storage */ -krb5_ssize_t KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL krb5_storage_write(krb5_storage *sp, const void *buf, size_t len) { return sp->store(sp, buf, len); @@ -200,7 +200,7 @@ krb5_storage_write(krb5_storage *sp, const void *buf, size_t len) * @ingroup krb5_storage */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_storage_set_eof_code(krb5_storage *sp, int code) { sp->eof_code = code; @@ -216,13 +216,13 @@ krb5_storage_set_eof_code(krb5_storage *sp, int code) * @ingroup krb5_storage */ -int KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_storage_get_eof_code(krb5_storage *sp) { return sp->eof_code; } -krb5_ssize_t KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL _krb5_put_int(void *buffer, unsigned long value, size_t size) { unsigned char *p = buffer; @@ -234,7 +234,7 @@ _krb5_put_int(void *buffer, unsigned long value, size_t size) return size; } -krb5_ssize_t KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL _krb5_get_int(void *buffer, unsigned long *value, size_t size) { unsigned char *p = buffer; @@ -256,7 +256,7 @@ _krb5_get_int(void *buffer, unsigned long *value, size_t size) * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_storage_free(krb5_storage *sp) { if(sp->free) @@ -277,7 +277,7 @@ krb5_storage_free(krb5_storage *sp) * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_storage_to_data(krb5_storage *sp, krb5_data *data) { off_t pos, size; @@ -331,7 +331,7 @@ krb5_store_int(krb5_storage *sp, * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_int32(krb5_storage *sp, int32_t value) { @@ -354,7 +354,7 @@ krb5_store_int32(krb5_storage *sp, * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_uint32(krb5_storage *sp, uint32_t value) { @@ -389,7 +389,7 @@ krb5_ret_int(krb5_storage *sp, * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_int32(krb5_storage *sp, int32_t *value) { @@ -415,7 +415,7 @@ krb5_ret_int32(krb5_storage *sp, * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_uint32(krb5_storage *sp, uint32_t *value) { @@ -441,7 +441,7 @@ krb5_ret_uint32(krb5_storage *sp, * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_int16(krb5_storage *sp, int16_t value) { @@ -464,7 +464,7 @@ krb5_store_int16(krb5_storage *sp, * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_uint16(krb5_storage *sp, uint16_t value) { @@ -482,7 +482,8 @@ krb5_store_uint16(krb5_storage *sp, * * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_int16(krb5_storage *sp, int16_t *value) { @@ -511,7 +512,7 @@ krb5_ret_int16(krb5_storage *sp, * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_uint16(krb5_storage *sp, uint16_t *value) { @@ -536,7 +537,7 @@ krb5_ret_uint16(krb5_storage *sp, * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_int8(krb5_storage *sp, int8_t value) { @@ -559,7 +560,7 @@ krb5_store_int8(krb5_storage *sp, * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_uint8(krb5_storage *sp, uint8_t value) { @@ -577,7 +578,7 @@ krb5_store_uint8(krb5_storage *sp, * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_int8(krb5_storage *sp, int8_t *value) { @@ -600,7 +601,7 @@ krb5_ret_int8(krb5_storage *sp, * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_uint8(krb5_storage *sp, uint8_t *value) { @@ -626,7 +627,7 @@ krb5_ret_uint8(krb5_storage *sp, * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_data(krb5_storage *sp, krb5_data data) { @@ -654,7 +655,7 @@ krb5_store_data(krb5_storage *sp, * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_data(krb5_storage *sp, krb5_data *data) { @@ -687,7 +688,7 @@ krb5_ret_data(krb5_storage *sp, * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_string(krb5_storage *sp, const char *s) { krb5_data data; @@ -708,7 +709,7 @@ krb5_store_string(krb5_storage *sp, const char *s) */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_string(krb5_storage *sp, char **string) { @@ -738,7 +739,7 @@ krb5_ret_string(krb5_storage *sp, * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_stringz(krb5_storage *sp, const char *s) { size_t len = strlen(s) + 1; @@ -765,7 +766,7 @@ krb5_store_stringz(krb5_storage *sp, const char *s) * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_stringz(krb5_storage *sp, char **string) { @@ -798,7 +799,7 @@ krb5_ret_stringz(krb5_storage *sp, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_stringnl(krb5_storage *sp, const char *s) { size_t len = strlen(s); @@ -823,7 +824,7 @@ krb5_store_stringnl(krb5_storage *sp, const char *s) } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_stringnl(krb5_storage *sp, char **string) { @@ -879,7 +880,7 @@ krb5_ret_stringnl(krb5_storage *sp, * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_principal(krb5_storage *sp, krb5_const_principal p) { @@ -916,7 +917,7 @@ krb5_store_principal(krb5_storage *sp, * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_principal(krb5_storage *sp, krb5_principal *princ) { @@ -984,7 +985,7 @@ krb5_ret_principal(krb5_storage *sp, * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_keyblock(krb5_storage *sp, krb5_keyblock p) { int ret; @@ -1013,7 +1014,7 @@ krb5_store_keyblock(krb5_storage *sp, krb5_keyblock p) * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_keyblock(krb5_storage *sp, krb5_keyblock *p) { int ret; @@ -1043,7 +1044,7 @@ krb5_ret_keyblock(krb5_storage *sp, krb5_keyblock *p) * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_times(krb5_storage *sp, krb5_times times) { int ret; @@ -1068,7 +1069,7 @@ krb5_store_times(krb5_storage *sp, krb5_times times) * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_times(krb5_storage *sp, krb5_times *times) { int ret; @@ -1098,7 +1099,7 @@ krb5_ret_times(krb5_storage *sp, krb5_times *times) * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_address(krb5_storage *sp, krb5_address p) { int ret; @@ -1119,7 +1120,7 @@ krb5_store_address(krb5_storage *sp, krb5_address p) * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_address(krb5_storage *sp, krb5_address *adr) { int16_t t; @@ -1142,7 +1143,7 @@ krb5_ret_address(krb5_storage *sp, krb5_address *adr) * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_addrs(krb5_storage *sp, krb5_addresses p) { int i; @@ -1167,7 +1168,7 @@ krb5_store_addrs(krb5_storage *sp, krb5_addresses p) * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_addrs(krb5_storage *sp, krb5_addresses *adr) { int i; @@ -1198,7 +1199,7 @@ krb5_ret_addrs(krb5_storage *sp, krb5_addresses *adr) * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_authdata(krb5_storage *sp, krb5_authdata auth) { krb5_error_code ret; @@ -1225,7 +1226,7 @@ krb5_store_authdata(krb5_storage *sp, krb5_authdata auth) * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_authdata(krb5_storage *sp, krb5_authdata *auth) { krb5_error_code ret; @@ -1270,7 +1271,7 @@ bitswap32(int32_t b) * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_creds(krb5_storage *sp, krb5_creds *creds) { int ret; @@ -1322,7 +1323,7 @@ krb5_store_creds(krb5_storage *sp, krb5_creds *creds) * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_creds(krb5_storage *sp, krb5_creds *creds) { krb5_error_code ret; @@ -1394,7 +1395,7 @@ cleanup: * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_creds_tag(krb5_storage *sp, krb5_creds *creds) { int ret; @@ -1486,7 +1487,7 @@ krb5_store_creds_tag(krb5_storage *sp, krb5_creds *creds) * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_creds_tag(krb5_storage *sp, krb5_creds *creds) { diff --git a/lib/krb5/store_emem.c b/lib/krb5/store_emem.c index acf984280..ccda751af 100644 --- a/lib/krb5/store_emem.c +++ b/lib/krb5/store_emem.c @@ -158,7 +158,7 @@ emem_free(krb5_storage *sp) * @sa krb5_storage_from_data() */ -krb5_storage * KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_storage * KRB5_LIB_CALL krb5_storage_emem(void) { krb5_storage *sp; diff --git a/lib/krb5/store_fd.c b/lib/krb5/store_fd.c index 415017592..bd357dbe3 100644 --- a/lib/krb5/store_fd.c +++ b/lib/krb5/store_fd.c @@ -85,12 +85,26 @@ fd_free(krb5_storage * sp) * @sa krb5_storage_from_data() */ -krb5_storage * KRB5_LIB_FUNCTION -krb5_storage_from_fd(int fd) +KRB5_LIB_FUNCTION krb5_storage * KRB5_LIB_CALL +krb5_storage_from_fd(krb5_socket_t fd_in) { krb5_storage *sp; + int fd; + +#ifdef SOCKET_IS_NOT_AN_FD +#ifdef _MSC_VER + if (_get_osfhandle(fd_in) != -1) { + fd = dup(fd_in); + } else { + fd = _open_osfhandle(fd_in, 0); + } +#else +#error Dont know how to deal with fd that may or may not be a socket. +#endif +#else /* SOCKET_IS_NOT_AN_FD */ + fd = dup(fd_in); +#endif - fd = dup(fd); if (fd < 0) return NULL; diff --git a/lib/krb5/store_mem.c b/lib/krb5/store_mem.c index a913e182d..b79bc1915 100644 --- a/lib/krb5/store_mem.c +++ b/lib/krb5/store_mem.c @@ -122,7 +122,7 @@ mem_no_trunc(krb5_storage *sp, off_t offset) * @sa krb5_storage_from_fd() */ -krb5_storage * KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_storage * KRB5_LIB_CALL krb5_storage_from_mem(void *buf, size_t len) { krb5_storage *sp = malloc(sizeof(krb5_storage)); @@ -161,7 +161,7 @@ krb5_storage_from_mem(void *buf, size_t len) * @sa krb5_storage_from_fd() */ -krb5_storage * KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_storage * KRB5_LIB_CALL krb5_storage_from_data(krb5_data *data) { return krb5_storage_from_mem(data->data, data->length); @@ -180,7 +180,7 @@ krb5_storage_from_data(krb5_data *data) * @sa krb5_storage_from_fd() */ -krb5_storage * KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_storage * KRB5_LIB_CALL krb5_storage_from_readonly_mem(const void *buf, size_t len) { krb5_storage *sp = malloc(sizeof(krb5_storage)); diff --git a/lib/krb5/test_addr.c b/lib/krb5/test_addr.c index 622fa78f7..6e972c949 100644 --- a/lib/krb5/test_addr.c +++ b/lib/krb5/test_addr.c @@ -155,12 +155,41 @@ match_addr(krb5_context context, const char *range_addr, krb5_free_addresses(context, &one); } +#ifdef _MSC_VER + +/* For the truncation tests, calling strcpy_s() or strcat_s() with a + size of 0 results in the invalid parameter handler being invoked. + For the debug version, the runtime also throws an assert. */ + +static void +inv_param_handler(const wchar_t* expression, + const wchar_t* function, + const wchar_t* file, + unsigned int line, + uintptr_t pReserved) +{ + printf("Invalid parameter handler invoked for: %S in %S(%d) [%S]\n", + function, file, line, expression); +} + +static _invalid_parameter_handler _inv_old = NULL; + +#define SET_INVALID_PARAM_HANDLER _inv_old = _set_invalid_parameter_handler(inv_param_handler) + +#else + +#define SET_INVALID_PARAM_HANDLER ((void) 0) + +#endif + int main(int argc, char **argv) { krb5_context context; krb5_error_code ret; + SET_INVALID_PARAM_HANDLER; + setprogname(argv[0]); ret = krb5_init_context(&context); diff --git a/lib/krb5/test_cc.c b/lib/krb5/test_cc.c index bc420b431..8d561b691 100644 --- a/lib/krb5/test_cc.c +++ b/lib/krb5/test_cc.c @@ -38,11 +38,17 @@ static int debug_flag = 0; static int version_flag = 0; static int help_flag = 0; +#ifdef KRB5_USE_PATH_TOKENS +#define TEST_CC_NAME "%{TEMP}/krb5-cc-test-foo" +#else +#define TEST_CC_NAME "/tmp/krb5-cc-test-foo" +#endif + static void test_default_name(krb5_context context) { krb5_error_code ret; - const char *p, *test_cc_name = "/tmp/krb5-cc-test-foo"; + const char *p, *test_cc_name = TEST_CC_NAME; char *p1, *p2, *p3; p = krb5_cc_default_name(context); @@ -71,8 +77,13 @@ test_default_name(krb5_context context) krb5_errx (context, 1, "krb5_cc_default_name 2 failed"); p3 = estrdup(p); +#ifndef KRB5_USE_PATH_TOKENS + /* If we are using path tokens, we don't expect the p3 and + test_cc_name to match since p3 is going to have expanded + tokens. */ if (strcmp(p3, test_cc_name) != 0) krb5_errx (context, 1, "krb5_cc_set_default_name 1 failed"); +#endif free(p1); free(p2); @@ -278,12 +289,33 @@ struct { char *res; } cc_names[] = { { "foo", 0, "foo" }, + { "foo%}", 0, "foo%}" }, { "%{uid}", 0 }, { "foo%{null}", 0, "foo" }, { "foo%{null}bar", 0, "foobar" }, { "%{", 1 }, { "%{foo %{", 1 }, { "%{{", 1 }, + { "%{{}", 1 }, + { "%{nulll}", 1 }, + { "%{does not exist}", 1 }, + { "%{}", 1 }, +#ifdef KRB5_USE_PATH_TOKENS + { "%{APPDATA}", 0 }, + { "%{COMMON_APPDATA}", 0}, + { "%{LOCAL_APPDATA}", 0}, + { "%{SYSTEM}", 0}, + { "%{WINDOWS}", 0}, + { "%{TEMP}", 0}, + { "%{USERID}", 0}, + { "%{uid}", 0}, + { "%{USERCONFIG}", 0}, + { "%{COMMONCONFIG}", 0}, + { "%{LIBDIR}", 0}, + { "%{BINDIR}", 0}, + { "%{LIBEXEC}", 0}, + { "%{SBINDIR}", 0}, +#endif }; static void @@ -671,7 +703,9 @@ main(int argc, char **argv) test_move(context, krb5_cc_type_file); test_move(context, krb5_cc_type_memory); +#ifdef HAVE_KCM test_move(context, krb5_cc_type_kcm); +#endif test_move(context, krb5_cc_type_scc); test_prefix_ops(context, "FILE:/tmp/foo", &krb5_fcc_ops); @@ -691,7 +725,9 @@ main(int argc, char **argv) krb5_free_context(context); +#if 0 sleep(60); +#endif return 0; } diff --git a/lib/krb5/ticket.c b/lib/krb5/ticket.c index 19ca1bc3b..22963369a 100644 --- a/lib/krb5/ticket.c +++ b/lib/krb5/ticket.c @@ -47,7 +47,7 @@ * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_ticket(krb5_context context, krb5_ticket *ticket) { @@ -71,7 +71,7 @@ krb5_free_ticket(krb5_context context, * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_ticket(krb5_context context, const krb5_ticket *from, krb5_ticket **to) @@ -120,7 +120,7 @@ krb5_copy_ticket(krb5_context context, * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ticket_get_client(krb5_context context, const krb5_ticket *ticket, krb5_principal *client) @@ -141,7 +141,7 @@ krb5_ticket_get_client(krb5_context context, * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ticket_get_server(krb5_context context, const krb5_ticket *ticket, krb5_principal *server) @@ -160,7 +160,7 @@ krb5_ticket_get_server(krb5_context context, * @ingroup krb5 */ -time_t KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION time_t KRB5_LIB_CALL krb5_ticket_get_endtime(krb5_context context, const krb5_ticket *ticket) { @@ -338,7 +338,7 @@ out: * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ticket_get_authorization_data_type(krb5_context context, krb5_ticket *ticket, int type, diff --git a/lib/krb5/time.c b/lib/krb5/time.c index ed235783a..247549ba2 100644 --- a/lib/krb5/time.c +++ b/lib/krb5/time.c @@ -47,7 +47,7 @@ * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_real_time (krb5_context context, krb5_timestamp sec, int32_t usec) @@ -79,7 +79,7 @@ krb5_set_real_time (krb5_context context, * return ``corrected'' time in `timeret'. */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_timeofday (krb5_context context, krb5_timestamp *timeret) { @@ -91,7 +91,7 @@ krb5_timeofday (krb5_context context, * like gettimeofday but with time correction to the KDC */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_us_timeofday (krb5_context context, krb5_timestamp *sec, int32_t *usec) @@ -105,7 +105,7 @@ krb5_us_timeofday (krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_format_time(krb5_context context, time_t t, char *s, size_t len, krb5_boolean include_time) { @@ -120,7 +120,7 @@ krb5_format_time(krb5_context context, time_t t, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_string_to_deltat(const char *string, krb5_deltat *deltat) { if((*deltat = parse_time(string, "s")) == -1) diff --git a/lib/krb5/transited.c b/lib/krb5/transited.c index 1ff4ce165..a72adc035 100644 --- a/lib/krb5/transited.c +++ b/lib/krb5/transited.c @@ -328,7 +328,7 @@ decode_realms(krb5_context context, } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_domain_x500_decode(krb5_context context, krb5_data tr, char ***realms, unsigned int *num_realms, const char *client_realm, const char *server_realm) @@ -389,7 +389,7 @@ krb5_domain_x500_decode(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_domain_x500_encode(char **realms, unsigned int num_realms, krb5_data *encoding) { @@ -421,7 +421,7 @@ krb5_domain_x500_encode(char **realms, unsigned int num_realms, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_check_transited(krb5_context context, krb5_const_realm client_realm, krb5_const_realm server_realm, @@ -461,7 +461,7 @@ krb5_check_transited(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_check_transited_realms(krb5_context context, const char *const *realms, unsigned int num_realms, diff --git a/lib/krb5/v4_glue.c b/lib/krb5/v4_glue.c index 168268cea..01cf323d3 100644 --- a/lib/krb5/v4_glue.c +++ b/lib/krb5/v4_glue.c @@ -58,7 +58,7 @@ static const int _tkt_lifetimes[TKTLIFENUMFIXED] = { 1623226, 1735464, 1855462, 1983758, 2120925, 2267576, 2424367, 2592000 }; -int KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION int KRB5_LIB_CALL _krb5_krb_time_to_life(time_t start, time_t end) { int i; @@ -82,7 +82,7 @@ _krb5_krb_time_to_life(time_t start, time_t end) } -time_t KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION time_t KRB5_LIB_CALL _krb5_krb_life_to_time(int start, int life_) { unsigned char life = (unsigned char) life_; @@ -118,9 +118,15 @@ get_krb4_cc_name(const char *tkfile, char **cc) if (path) *cc = strdup(path); } +#ifdef HAVE_GETUID if(*cc == NULL) if (asprintf(cc, "%s%u", TKT_ROOT, (unsigned)getuid()) < 0) return errno; +#elif defined(KRB5_USE_PATH_TOKENS) + if(*cc == NULL) + if (_krb5_expand_path_tokens(NULL, TKT_ROOT "%{uid}", cc)) + return ENOMEM; +#endif } else { *cc = strdup(tkfile); if (*cc == NULL) @@ -232,7 +238,7 @@ write_v4_cc(krb5_context context, const char *tkfile, * */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_krb_tf_setup(krb5_context context, struct credentials *v4creds, const char *tkfile, @@ -288,7 +294,7 @@ _krb5_krb_tf_setup(krb5_context context, * */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_krb_dest_tkt(krb5_context context, const char *tkfile) { krb5_error_code ret; @@ -405,7 +411,7 @@ put_nir(krb5_storage *sp, const char *name, * */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_krb_create_ticket(krb5_context context, unsigned char flags, const char *pname, @@ -464,7 +470,7 @@ _krb5_krb_create_ticket(krb5_context context, * */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_krb_create_ciph(krb5_context context, const krb5_keyblock *session, const char *service, @@ -524,7 +530,7 @@ _krb5_krb_create_ciph(krb5_context context, * */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_krb_create_auth_reply(krb5_context context, const char *pname, const char *pinst, @@ -577,7 +583,7 @@ _krb5_krb_create_auth_reply(krb5_context context, * */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_krb_cr_err_reply(krb5_context context, const char *name, const char *inst, @@ -644,7 +650,7 @@ get_v4_stringz(krb5_storage *sp, char **str, size_t max_len) * */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_krb_decomp_ticket(krb5_context context, const krb5_data *enc_ticket, const krb5_keyblock *key, @@ -738,7 +744,7 @@ _krb5_krb_decomp_ticket(krb5_context context, * */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_krb_rd_req(krb5_context context, krb5_data *authent, const char *service, @@ -938,7 +944,7 @@ _krb5_krb_rd_req(krb5_context context, * */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL _krb5_krb_free_auth_data(krb5_context context, struct _krb5_krb_auth_data *ad) { if (ad->pname) diff --git a/lib/krb5/verify_init.c b/lib/krb5/verify_init.c index 363bb4677..300cef007 100644 --- a/lib/krb5/verify_init.c +++ b/lib/krb5/verify_init.c @@ -33,13 +33,13 @@ #include "krb5_locl.h" -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_verify_init_creds_opt_init(krb5_verify_init_creds_opt *options) { memset (options, 0, sizeof(*options)); } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_verify_init_creds_opt_set_ap_req_nofail(krb5_verify_init_creds_opt *options, int ap_req_nofail) { @@ -67,7 +67,7 @@ fail_verify_is_ok (krb5_context context, return TRUE; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_verify_init_creds(krb5_context context, krb5_creds *creds, krb5_principal ap_req_server, @@ -211,7 +211,7 @@ cleanup: * @ingroup krb5_ccache */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_validated_creds(krb5_context context, krb5_creds *creds, krb5_principal client, diff --git a/lib/krb5/verify_user.c b/lib/krb5/verify_user.c index 8cc109f0a..14f010137 100644 --- a/lib/krb5/verify_user.c +++ b/lib/krb5/verify_user.c @@ -88,7 +88,7 @@ verify_common (krb5_context context, * As a side effect, fresh tickets are obtained and stored in `ccache'. */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_verify_opt_init(krb5_verify_opt *opt) { memset(opt, 0, sizeof(*opt)); @@ -96,7 +96,7 @@ krb5_verify_opt_init(krb5_verify_opt *opt) opt->service = "host"; } -int KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_verify_opt_alloc(krb5_context context, krb5_verify_opt **opt) { *opt = calloc(1, sizeof(**opt)); @@ -109,37 +109,37 @@ krb5_verify_opt_alloc(krb5_context context, krb5_verify_opt **opt) return 0; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_verify_opt_free(krb5_verify_opt *opt) { free(opt); } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_verify_opt_set_ccache(krb5_verify_opt *opt, krb5_ccache ccache) { opt->ccache = ccache; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_verify_opt_set_keytab(krb5_verify_opt *opt, krb5_keytab keytab) { opt->keytab = keytab; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_verify_opt_set_secure(krb5_verify_opt *opt, krb5_boolean secure) { opt->secure = secure; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_verify_opt_set_service(krb5_verify_opt *opt, const char *service) { opt->service = service; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_verify_opt_set_flags(krb5_verify_opt *opt, unsigned int flags) { opt->flags |= flags; @@ -181,7 +181,7 @@ verify_user_opt_int(krb5_context context, #undef OPT } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_verify_user_opt(krb5_context context, krb5_principal principal, const char *password, @@ -215,7 +215,7 @@ krb5_verify_user_opt(krb5_context context, /* compat function that calls above */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_verify_user(krb5_context context, krb5_principal principal, krb5_ccache ccache, @@ -239,7 +239,7 @@ krb5_verify_user(krb5_context context, * ignored and all the local realms are tried. */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_verify_user_lrealm(krb5_context context, krb5_principal principal, krb5_ccache ccache, diff --git a/lib/krb5/warn.c b/lib/krb5/warn.c index 886a1fe98..a4c633936 100644 --- a/lib/krb5/warn.c +++ b/lib/krb5/warn.c @@ -100,7 +100,7 @@ _warnerr(krb5_context context, int do_errtext, * @ingroup krb5_error */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_vwarn(krb5_context context, krb5_error_code code, const char *fmt, va_list ap) __attribute__ ((format (printf, 3, 0))) @@ -119,7 +119,7 @@ krb5_vwarn(krb5_context context, krb5_error_code code, * @ingroup krb5_error */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_warn(krb5_context context, krb5_error_code code, const char *fmt, ...) __attribute__ ((format (printf, 3, 4))) { @@ -137,7 +137,7 @@ krb5_warn(krb5_context context, krb5_error_code code, const char *fmt, ...) * @ingroup krb5_error */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_vwarnx(krb5_context context, const char *fmt, va_list ap) __attribute__ ((format (printf, 2, 0))) { @@ -153,7 +153,7 @@ krb5_vwarnx(krb5_context context, const char *fmt, va_list ap) * @ingroup krb5_error */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_warnx(krb5_context context, const char *fmt, ...) __attribute__ ((format (printf, 2, 3))) { @@ -174,7 +174,7 @@ krb5_warnx(krb5_context context, const char *fmt, ...) * @ingroup krb5_error */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_verr(krb5_context context, int eval, krb5_error_code code, const char *fmt, va_list ap) __attribute__ ((noreturn, format (printf, 4, 0))) @@ -195,7 +195,7 @@ krb5_verr(krb5_context context, int eval, krb5_error_code code, * @ingroup krb5_error */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_err(krb5_context context, int eval, krb5_error_code code, const char *fmt, ...) __attribute__ ((noreturn, format (printf, 4, 5))) @@ -215,7 +215,7 @@ krb5_err(krb5_context context, int eval, krb5_error_code code, * @ingroup krb5_error */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_verrx(krb5_context context, int eval, const char *fmt, va_list ap) __attribute__ ((noreturn, format (printf, 3, 0))) { @@ -233,7 +233,7 @@ krb5_verrx(krb5_context context, int eval, const char *fmt, va_list ap) * @ingroup krb5_error */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_errx(krb5_context context, int eval, const char *fmt, ...) __attribute__ ((noreturn, format (printf, 3, 4))) { @@ -253,7 +253,7 @@ krb5_errx(krb5_context context, int eval, const char *fmt, ...) * @ingroup krb5_error */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_vabort(krb5_context context, krb5_error_code code, const char *fmt, va_list ap) __attribute__ ((noreturn, format (printf, 3, 0))) @@ -273,7 +273,7 @@ krb5_vabort(krb5_context context, krb5_error_code code, * @ingroup krb5_error */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_abort(krb5_context context, krb5_error_code code, const char *fmt, ...) __attribute__ ((noreturn, format (printf, 3, 4))) { @@ -281,7 +281,7 @@ krb5_abort(krb5_context context, krb5_error_code code, const char *fmt, ...) abort(); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_vabortx(krb5_context context, const char *fmt, va_list ap) __attribute__ ((noreturn, format (printf, 2, 0))) { @@ -299,7 +299,7 @@ krb5_vabortx(krb5_context context, const char *fmt, va_list ap) * @ingroup krb5_error */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_abortx(krb5_context context, const char *fmt, ...) __attribute__ ((noreturn, format (printf, 2, 3))) { @@ -316,7 +316,7 @@ krb5_abortx(krb5_context context, const char *fmt, ...) * @ingroup krb5_error */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_warn_dest(krb5_context context, krb5_log_facility *fac) { context->warn_dest = fac; @@ -331,7 +331,7 @@ krb5_set_warn_dest(krb5_context context, krb5_log_facility *fac) * @ingroup krb5_error */ -krb5_log_facility * KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_log_facility * KRB5_LIB_CALL krb5_get_warn_dest(krb5_context context) { return context->warn_dest; diff --git a/lib/krb5/write_message.c b/lib/krb5/write_message.c index a824e08fd..841004614 100644 --- a/lib/krb5/write_message.c +++ b/lib/krb5/write_message.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_write_message (krb5_context context, krb5_pointer p_fd, krb5_data *data) @@ -53,7 +53,7 @@ krb5_write_message (krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_write_priv_message(krb5_context context, krb5_auth_context ac, krb5_pointer p_fd, @@ -70,7 +70,7 @@ krb5_write_priv_message(krb5_context context, return ret; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_write_safe_message(krb5_context context, krb5_auth_context ac, krb5_pointer p_fd, From d1d0de730d263ec641471a14554c186c000c6357 Mon Sep 17 00:00:00 2001 From: Love Hornquist Astrand Date: Mon, 21 Dec 2009 08:50:46 +0100 Subject: [PATCH 64/64] refix socket wrappers with rk_ --- lib/krb5/auth_context.c | 8 ++++---- lib/krb5/net_write.c | 6 +++--- lib/krb5/send_to_kdc.c | 12 ++++++------ 3 files changed, 13 insertions(+), 13 deletions(-) diff --git a/lib/krb5/auth_context.c b/lib/krb5/auth_context.c index 846d71578..a5dc66bf3 100644 --- a/lib/krb5/auth_context.c +++ b/lib/krb5/auth_context.c @@ -170,9 +170,9 @@ krb5_auth_con_genaddrs(krb5_context context, if(flags & KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR) { if (auth_context->local_address == NULL) { len = sizeof(ss_local); - if(IS_SOCKET_ERROR(getsockname(fd, local, &len))) { + if(rk_IS_SOCKET_ERROR(getsockname(fd, local, &len))) { char buf[128]; - ret = errno; + ret = rk_SOCK_ERRNO; rk_strerror_r(ret, buf, sizeof(buf)); krb5_set_error_message(context, ret, "getsockname: %s", buf); goto out; @@ -188,9 +188,9 @@ krb5_auth_con_genaddrs(krb5_context context, } if(flags & KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR) { len = sizeof(ss_remote); - if(IS_SOCKET_ERROR(getpeername(fd, remote, &len))) { + if(rk_IS_SOCKET_ERROR(getpeername(fd, remote, &len))) { char buf[128]; - ret = errno; + ret = rk_SOCK_ERRNO; rk_strerror_r(ret, buf, sizeof(buf)); krb5_set_error_message(context, ret, "getpeername: %s", buf); goto out; diff --git a/lib/krb5/net_write.c b/lib/krb5/net_write.c index 6f1145e71..52d6eb457 100644 --- a/lib/krb5/net_write.c +++ b/lib/krb5/net_write.c @@ -70,8 +70,8 @@ krb5_net_write_block(krb5_context context, tvp = NULL; ret = select(fd + 1, NULL, &wfds, NULL, tvp); - if (IS_SOCKET_ERROR(ret)) { - if (SOCK_ERRNO == EINTR) + if (rk_IS_SOCKET_ERROR(ret)) { + if (rk_SOCK_ERRNO == EINTR) continue; return -1; } @@ -84,7 +84,7 @@ krb5_net_write_block(krb5_context context, count = send (fd, cbuf, rem, 0); - if (IS_SOCKET_ERROR(count)) { + if (rk_IS_SOCKET_ERROR(count)) { return -1; } diff --git a/lib/krb5/send_to_kdc.c b/lib/krb5/send_to_kdc.c index 3723d98a6..87e6fb24f 100644 --- a/lib/krb5/send_to_kdc.c +++ b/lib/krb5/send_to_kdc.c @@ -80,7 +80,7 @@ recv_loop (krb5_socket_t fd, } else { void *tmp; - if (SOCK_IOCTL (fd, FIONREAD, &nbytes) < 0) { + if (rk_SOCK_IOCTL (fd, FIONREAD, &nbytes) < 0) { krb5_data_free (rep); return -1; } @@ -142,9 +142,9 @@ send_and_recv_tcp(krb5_socket_t fd, krb5_data len_data; _krb5_put_int(len, req->length, 4); - if(net_write_s(fd, len, sizeof(len)) < 0) + if(net_write (fd, len, sizeof(len)) < 0) return -1; - if(net_write_s(fd, req->data, req->length) < 0) + if(net_write (fd, req->data, req->length) < 0) return -1; if (recv_loop (fd, tmout, 0, 4, &len_data) < 0) return -1; @@ -194,7 +194,7 @@ send_and_recv_http(krb5_socket_t fd, free(str); if (request == NULL) return -1; - ret = net_write_s (fd, request, strlen(request)); + ret = net_write (fd, request, strlen(request)); free (request); if (ret < 0) return ret; @@ -266,7 +266,7 @@ send_via_proxy (krb5_context context, struct addrinfo hints; struct addrinfo *ai, *a; int ret; - krb5_socket_t s = INVALID_SOCKET; + krb5_socket_t s = rk_INVALID_SOCKET; char portstr[NI_MAXSERV]; if (proxy == NULL) @@ -416,7 +416,7 @@ krb5_sendto (krb5_context context, for (a = ai; a != NULL; a = a->ai_next) { fd = socket (a->ai_family, a->ai_socktype | SOCK_CLOEXEC, a->ai_protocol); - if (IS_BAD_SOCKET(fd)) + if (rk_IS_BAD_SOCKET(fd)) continue; rk_cloexec(fd); if (connect (fd, a->ai_addr, a->ai_addrlen) < 0) {