From ce58eb90817e89aedb25cfbe62b085f570c7cc7e Mon Sep 17 00:00:00 2001 From: Luke Howard Date: Tue, 4 Jan 2022 12:26:21 +1100 Subject: [PATCH] kdc: annotate libkdc Windows function annotations Annotate libkdc APIs with KDC_LIB_{CALL,FUNCTION} to ensure correct calling convention and optimized DLL importing on Windows. Ensure Windows and libtool export tables are consistent. --- include/config.h.w32 | 18 ++++++++++++++++++ kdc/Makefile.am | 2 ++ kdc/NTMakefile | 2 +- kdc/ca.c | 2 +- kdc/csr_authorizer.c | 2 +- kdc/default_config.c | 4 ++-- kdc/kdc-plugin.c | 4 ++-- kdc/kdc.h | 10 ++++++++++ kdc/kerberos5.c | 2 +- kdc/libkdc-exports.def | 10 ++++++++-- kdc/log.c | 10 +++++----- kdc/misc.c | 4 ++-- kdc/pkinit.c | 2 +- kdc/process.c | 38 +++++++++++++++++++------------------- kdc/set_dbinfo.c | 2 +- kdc/token_validator.c | 2 +- kdc/version-script.map | 8 +++++--- 17 files changed, 80 insertions(+), 42 deletions(-) diff --git a/include/config.h.w32 b/include/config.h.w32 index 4ce38b76e..c3a06b2c6 100644 --- a/include/config.h.w32 +++ b/include/config.h.w32 @@ -122,6 +122,24 @@ static const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } #endif #endif + +#ifdef BUILD_KDC_LIB +#ifndef KDC_LIB +#ifdef _WIN32 +#define KDC_LIB_FUNCTION +#define KDC_LIB_NORETURN_FUNCTION __declspec(noreturn) +#define KDC_LIB_CALL __stdcall +#define KDC_LIB_VARIABLE +#else +#define KDC_LIB_FUNCTION +#define KDC_LIB_NORETURN_FUNCTION +#define KDC_LIB_CALL +#define KDC_LIB_VARIABLE +#endif +#endif +#endif + + /* Feature macros */ @FEATURE_DEFS@ diff --git a/kdc/Makefile.am b/kdc/Makefile.am index c4bed6e02..e6b738fce 100644 --- a/kdc/Makefile.am +++ b/kdc/Makefile.am @@ -112,6 +112,8 @@ altsecid_gss_preauth_authorizer_la_LDFLAGS = -module \ $(LIB_openldap) endif +libkdc_la_CPPFLAGS = -DBUILD_KDC_LIB $(AM_CPPFLAGS) + libkdc_la_SOURCES = \ default_config.c \ ca.c \ diff --git a/kdc/NTMakefile b/kdc/NTMakefile index 9c1810eb0..1d01e2a18 100644 --- a/kdc/NTMakefile +++ b/kdc/NTMakefile @@ -33,7 +33,7 @@ RELDIR=kdc !include ../windows/NTMakefile.w32 -intcflags=-I$(OBJ) -I$(SRC)\lib\gssapi -I$(OBJDIR)\lib\gssapi -I$(OBJDIR)\lib\gss_preauth +intcflags=-I$(OBJ) -I$(SRC)\lib\gssapi -I$(OBJDIR)\lib\gssapi -I$(OBJDIR)\lib\gss_preauth -DBUILD_KDC_LIB BINPROGRAMS=$(BINDIR)\string2key.exe diff --git a/kdc/ca.c b/kdc/ca.c index 0d92ca7fc..78a1c65cc 100644 --- a/kdc/ca.c +++ b/kdc/ca.c @@ -97,7 +97,7 @@ get_cf(krb5_context context, /* * Build a certifate for `principal' and its CSR. */ -krb5_error_code +KDC_LIB_FUNCTION krb5_error_code KDC_LIB_CALL kdc_issue_certificate(krb5_context context, const char *app_name, krb5_log_facility *logf, diff --git a/kdc/csr_authorizer.c b/kdc/csr_authorizer.c index fa20519d7..52bc37c42 100644 --- a/kdc/csr_authorizer.c +++ b/kdc/csr_authorizer.c @@ -65,7 +65,7 @@ static struct heim_plugin_data csr_authorizer_data = { * Invoke a plugin to validate a JWT/SAML/OIDC token and partially-evaluate * access control. */ -krb5_error_code +KDC_LIB_FUNCTION krb5_error_code KDC_LIB_CALL kdc_authorize_csr(krb5_context context, const char *app, hx509_request csr, diff --git a/kdc/default_config.c b/kdc/default_config.c index c460dce5a..01f8f7b54 100644 --- a/kdc/default_config.c +++ b/kdc/default_config.c @@ -69,7 +69,7 @@ load_kdc_plugins_once(void *ctx) #endif } -krb5_error_code +KDC_LIB_FUNCTION krb5_error_code KDC_LIB_CALL krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config) { static heim_base_once_t load_kdc_plugins = HEIM_BASE_ONCE_INIT; @@ -391,7 +391,7 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config) return 0; } -krb5_error_code +KDC_LIB_FUNCTION krb5_error_code KDC_LIB_CALL krb5_kdc_pkinit_config(krb5_context context, krb5_kdc_configuration *config) { #ifdef PKINIT diff --git a/kdc/kdc-plugin.c b/kdc/kdc-plugin.c index 27b6b6232..8c07e4083 100644 --- a/kdc/kdc-plugin.c +++ b/kdc/kdc-plugin.c @@ -61,7 +61,7 @@ load(krb5_context context, const void *plug, void *plugctx, void *userctx) return KRB5_PLUGIN_NO_HANDLE; } -krb5_error_code +KDC_LIB_FUNCTION krb5_error_code KDC_LIB_CALL krb5_kdc_plugin_init(krb5_context context) { (void)_krb5_plugin_run_f(context, &kdc_plugin_data, 0, NULL, load); @@ -279,7 +279,7 @@ _kdc_plugin_audit(astgs_request_t r) return ret; } -uintptr_t KRB5_CALLCONV +KDC_LIB_FUNCTION uintptr_t KDC_LIB_CALL kdc_get_instance(const char *libname) { static const char *instance = "libkdc"; diff --git a/kdc/kdc.h b/kdc/kdc.h index d7ea673a0..6ccdde17c 100644 --- a/kdc/kdc.h +++ b/kdc/kdc.h @@ -46,6 +46,16 @@ #include #include +#if !defined(BUILD_KDC_LIB) && defined(_WIN32) +# define KDC_LIB_FUNCTION __declspec(dllimport) +# define KDC_LIB_CALL __stdcall +# define KDC_LIB_VARIABLE __declspec(dllimport) +#else +# define KDC_LIB_FUNCTION +# define KDC_LIB_CALL +# define KDC_LIB_VARIABLE +#endif + #define heim_pcontext krb5_context #define heim_pconfig krb5_kdc_configuration * #include diff --git a/kdc/kerberos5.c b/kdc/kerberos5.c index 88c34f32d..e83fecba3 100644 --- a/kdc/kerberos5.c +++ b/kdc/kerberos5.c @@ -1612,7 +1612,7 @@ _log_astgs_req(astgs_request_t r, krb5_enctype setype) * and error code otherwise. */ -krb5_error_code +KDC_LIB_FUNCTION krb5_error_code KDC_LIB_CALL kdc_check_flags(astgs_request_t r, krb5_boolean is_as_req, hdb_entry_ex *client_ex, diff --git a/kdc/libkdc-exports.def b/kdc/libkdc-exports.def index d7813e42a..faad14ec8 100644 --- a/kdc/libkdc-exports.def +++ b/kdc/libkdc-exports.def @@ -6,6 +6,7 @@ EXPORTS kdc_log_msg kdc_log_msg_va kdc_openlog + kdc_check_flags kdc_validate_token krb5_kdc_plugin_init krb5_kdc_get_config @@ -22,11 +23,16 @@ EXPORTS krb5_kdc_request_delete_attribute _kdc_audit_addkv _kdc_audit_addkv_timediff + _kdc_audit_addaddrs + _kdc_audit_addreason _kdc_audit_getkv _kdc_audit_setkv_bool _kdc_audit_setkv_number _kdc_audit_setkv_object - _kdc_audit_addreason + _kdc_audit_trail _kdc_audit_vaddkv _kdc_audit_vaddreason - _kdc_audit_trail + + ; needed for digest-service + _kdc_db_fetch + _kdc_free_ent diff --git a/kdc/log.c b/kdc/log.c index 895f1c9c6..bfb0f54ff 100644 --- a/kdc/log.c +++ b/kdc/log.c @@ -35,7 +35,7 @@ #include "kdc_locl.h" -void +KDC_LIB_FUNCTION void KDC_LIB_CALL kdc_openlog(krb5_context context, const char *service, krb5_kdc_configuration *config) @@ -63,7 +63,7 @@ kdc_openlog(krb5_context context, #undef __attribute__ #define __attribute__(X) -char* +KDC_LIB_FUNCTION char * KDC_LIB_CALL kdc_log_msg_va(krb5_context context, krb5_kdc_configuration *config, int level, const char *fmt, va_list ap) @@ -74,7 +74,7 @@ kdc_log_msg_va(krb5_context context, return msg; } -char* +KDC_LIB_FUNCTION char * KDC_LIB_CALL kdc_log_msg(krb5_context context, krb5_kdc_configuration *config, int level, const char *fmt, ...) @@ -88,7 +88,7 @@ kdc_log_msg(krb5_context context, return s; } -void +KDC_LIB_FUNCTION void KDC_LIB_CALL kdc_vlog(krb5_context context, krb5_kdc_configuration *config, int level, const char *fmt, va_list ap) @@ -97,7 +97,7 @@ kdc_vlog(krb5_context context, free(kdc_log_msg_va(context, config, level, fmt, ap)); } -void +KDC_LIB_FUNCTION void KDC_LIB_CALL kdc_log(krb5_context context, krb5_kdc_configuration *config, int level, const char *fmt, ...) diff --git a/kdc/misc.c b/kdc/misc.c index 8dbed3aa9..1880731bc 100644 --- a/kdc/misc.c +++ b/kdc/misc.c @@ -122,7 +122,7 @@ synthesize_client(krb5_context context, return ret; } -krb5_error_code +KDC_LIB_FUNCTION krb5_error_code KDC_LIB_CALL _kdc_db_fetch(krb5_context context, krb5_kdc_configuration *config, krb5_const_principal principal, @@ -245,7 +245,7 @@ out: return ret; } -void +KDC_LIB_FUNCTION void KDC_LIB_CALL _kdc_free_ent(krb5_context context, hdb_entry_ex *ent) { hdb_free_entry (context, ent); diff --git a/kdc/pkinit.c b/kdc/pkinit.c index b355e4c88..c7f2a40fd 100644 --- a/kdc/pkinit.c +++ b/kdc/pkinit.c @@ -1926,7 +1926,7 @@ load_mappings(krb5_context context, const char *fn) * */ -krb5_error_code +KDC_LIB_FUNCTION krb5_error_code KDC_LIB_CALL krb5_kdc_pk_initialize(krb5_context context, krb5_kdc_configuration *config, const char *user_id, diff --git a/kdc/process.c b/kdc/process.c index 34bd16dcd..c186441a1 100644 --- a/kdc/process.c +++ b/kdc/process.c @@ -42,14 +42,14 @@ #undef __attribute__ #define __attribute__(x) -void +KDC_LIB_FUNCTION void KDC_LIB_CALL _kdc_audit_vaddreason(kdc_request_t r, const char *fmt, va_list ap) __attribute__ ((__format__ (__printf__, 2, 0))) { heim_audit_vaddreason((heim_svc_req_desc)r, fmt, ap); } -void +KDC_LIB_FUNCTION void KDC_LIB_CALL _kdc_audit_addreason(kdc_request_t r, const char *fmt, ...) __attribute__ ((__format__ (__printf__, 2, 3))) { @@ -66,7 +66,7 @@ _kdc_audit_addreason(kdc_request_t r, const char *fmt, ...) * not a kv-pair. */ -void +KDC_LIB_FUNCTION void KDC_LIB_CALL _kdc_audit_vaddkv(kdc_request_t r, int flags, const char *k, const char *fmt, va_list ap) __attribute__ ((__format__ (__printf__, 4, 0))) @@ -74,7 +74,7 @@ _kdc_audit_vaddkv(kdc_request_t r, int flags, const char *k, heim_audit_vaddkv((heim_svc_req_desc)r, flags, k, fmt, ap); } -void +KDC_LIB_FUNCTION void KDC_LIB_CALL _kdc_audit_addkv(kdc_request_t r, int flags, const char *k, const char *fmt, ...) __attribute__ ((__format__ (__printf__, 4, 5))) @@ -86,7 +86,7 @@ _kdc_audit_addkv(kdc_request_t r, int flags, const char *k, va_end(ap); } -void +KDC_LIB_FUNCTION void KDC_LIB_CALL _kdc_audit_addkv_timediff(kdc_request_t r, const char *k, const struct timeval *start, const struct timeval *end) @@ -94,25 +94,25 @@ _kdc_audit_addkv_timediff(kdc_request_t r, const char *k, heim_audit_addkv_timediff((heim_svc_req_desc)r,k, start, end); } -void +KDC_LIB_FUNCTION void KDC_LIB_CALL _kdc_audit_setkv_bool(kdc_request_t r, const char *k, krb5_boolean v) { heim_audit_setkv_bool((heim_svc_req_desc)r, k, (int)v); } -void +KDC_LIB_FUNCTION void KDC_LIB_CALL _kdc_audit_setkv_number(kdc_request_t r, const char *k, int64_t v) { heim_audit_setkv_number((heim_svc_req_desc)r, k, v); } -void +KDC_LIB_FUNCTION void KDC_LIB_CALL _kdc_audit_setkv_object(kdc_request_t r, const char *k, heim_object_t obj) { heim_audit_setkv_object((heim_svc_req_desc)r, k, obj); } -heim_object_t +KDC_LIB_FUNCTION heim_object_t KDC_LIB_CALL _kdc_audit_getkv(kdc_request_t r, const char *k) { return heim_audit_getkv((heim_svc_req_desc)r, k); @@ -122,7 +122,7 @@ _kdc_audit_getkv(kdc_request_t r, const char *k) * Add up to 3 key value pairs to record HostAddresses from request body or * PA-TGS ticket or whatever. */ -void +KDC_LIB_FUNCTION void KDC_LIB_CALL _kdc_audit_addaddrs(kdc_request_t r, HostAddresses *a, const char *key) { size_t i; @@ -142,7 +142,7 @@ _kdc_audit_addaddrs(kdc_request_t r, HostAddresses *a, const char *key) } } -void +KDC_LIB_FUNCTION void KDC_LIB_CALL _kdc_audit_trail(kdc_request_t r, krb5_error_code ret) { const char *retname = NULL; @@ -195,7 +195,7 @@ _kdc_audit_trail(kdc_request_t r, krb5_error_code ret) heim_audit_trail((heim_svc_req_desc)r, ret, retname); } -void +KDC_LIB_FUNCTION void KDC_LIB_CALL krb5_kdc_update_time(struct timeval *tv) { if (tv == NULL) @@ -406,7 +406,7 @@ process_request(krb5_context context, * sending a reply in `reply'. */ -int +KDC_LIB_FUNCTION int KDC_LIB_CALL krb5_kdc_process_request(krb5_context context, krb5_kdc_configuration *config, unsigned char *buf, @@ -428,7 +428,7 @@ krb5_kdc_process_request(krb5_context context, * This only processes krb5 requests */ -int +KDC_LIB_FUNCTION int KDC_LIB_CALL krb5_kdc_process_krb5_request(krb5_context context, krb5_kdc_configuration *config, unsigned char *buf, @@ -447,7 +447,7 @@ krb5_kdc_process_krb5_request(krb5_context context, * */ -int +KDC_LIB_FUNCTION int KDC_LIB_CALL krb5_kdc_save_request(krb5_context context, const char *fn, const unsigned char *buf, @@ -511,25 +511,25 @@ out: return 0; } -krb5_error_code +KDC_LIB_FUNCTION krb5_error_code KDC_LIB_CALL krb5_kdc_request_set_attribute(kdc_request_t r, heim_object_t key, heim_object_t value) { return heim_dict_set_value(r->attributes, key, value); } -heim_object_t +KDC_LIB_FUNCTION heim_object_t KDC_LIB_CALL krb5_kdc_request_get_attribute(kdc_request_t r, heim_object_t key) { return heim_dict_get_value(r->attributes, key); } -heim_object_t +KDC_LIB_FUNCTION heim_object_t KDC_LIB_CALL krb5_kdc_request_copy_attribute(kdc_request_t r, heim_object_t key) { return heim_dict_copy_value(r->attributes, key); } -void +KDC_LIB_FUNCTION void KDC_LIB_CALL krb5_kdc_request_delete_attribute(kdc_request_t r, heim_object_t key) { heim_dict_delete_key(r->attributes, key); diff --git a/kdc/set_dbinfo.c b/kdc/set_dbinfo.c index 93ded4ec2..683eaaf7b 100644 --- a/kdc/set_dbinfo.c +++ b/kdc/set_dbinfo.c @@ -64,7 +64,7 @@ add_db(krb5_context context, struct krb5_kdc_configuration *c, return 0; } -krb5_error_code +KDC_LIB_FUNCTION krb5_error_code KDC_LIB_CALL krb5_kdc_set_dbinfo(krb5_context context, struct krb5_kdc_configuration *c) { struct hdb_dbinfo *info, *d; diff --git a/kdc/token_validator.c b/kdc/token_validator.c index cdb50e477..858fdfa7b 100644 --- a/kdc/token_validator.c +++ b/kdc/token_validator.c @@ -78,7 +78,7 @@ static struct heim_plugin_data token_validator_data = { * Invoke a plugin to validate a JWT/SAML/OIDC token and partially-evaluate * access control. */ -krb5_error_code +KDC_LIB_FUNCTION krb5_error_code KDC_LIB_CALL kdc_validate_token(krb5_context context, const char *realm, const char *token_kind, diff --git a/kdc/version-script.map b/kdc/version-script.map index 8325adb53..745c98bee 100644 --- a/kdc/version-script.map +++ b/kdc/version-script.map @@ -25,14 +25,16 @@ HEIMDAL_KDC_1.0 { krb5_kdc_request_copy_attribute; krb5_kdc_request_delete_attribute; _kdc_audit_addkv; + _kdc_audit_addkv_timediff; + _kdc_audit_addaddrs; + _kdc_audit_addreason; + _kdc_audit_getkv; _kdc_audit_setkv_bool; _kdc_audit_setkv_number; _kdc_audit_setkv_object; - _kdc_audit_getkv; - _kdc_audit_addreason; + _kdc_audit_trail; _kdc_audit_vaddkv; _kdc_audit_vaddreason; - _kdc_audit_trail; # needed for digest-service _kdc_db_fetch;