lib/krb5: let krb5_init_creds_step() return an out_realm
This matches krb5_init_creds_step() from MIT. The only
difference is the type 'krb5_realm' (Heimdal) vs. 'krb5_data' (MIT).
    krb5_error_code KRB5_CALLCONV
    krb5_init_creds_step(krb5_context context,
                         krb5_init_creds_context ctx,
                         krb5_data *in,
                         krb5_data *out,
                         krb5_data *realm,
                         unsigned int *flags);
NOTE: commit 1cdc9d5f3c
"krb5: export krb5_init_creds_step()" exported
krb5_init_creds_step() the first time, but that's
not in any released version, so it should be fine
to fix up the prototype in order to make the
function actually useful for external callers.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
			
			
This commit is contained in:
		 Stefan Metzmacher
					Stefan Metzmacher
				
			
				
					committed by
					
						 Jeffrey Altman
						Jeffrey Altman
					
				
			
			
				
	
			
			
			 Jeffrey Altman
						Jeffrey Altman
					
				
			
						parent
						
							b0bc54c921
						
					
				
				
					commit
					fd75c3e23c
				
			| @@ -856,7 +856,7 @@ _krb5_fast_anon_pkinit_step(krb5_context context, | ||||
| 			    struct krb5_fast_state *state, | ||||
| 			    krb5_data *in, | ||||
| 			    krb5_data *out, | ||||
| 			    const void *_unused, | ||||
| 			    krb5_realm *out_realm, | ||||
| 			    unsigned int *flags) | ||||
| { | ||||
|     krb5_error_code ret; | ||||
| @@ -867,6 +867,9 @@ _krb5_fast_anon_pkinit_step(krb5_context context, | ||||
|     krb5_creds cred; | ||||
|     krb5_data data = { 3, rk_UNCONST("yes") }; | ||||
|  | ||||
|     krb5_data_zero(out); | ||||
|     *out_realm = NULL; | ||||
|  | ||||
|     memset(&cred, 0, sizeof(cred)); | ||||
|  | ||||
|     if (state->anon_pkinit_opt == NULL) { | ||||
| @@ -902,7 +905,7 @@ _krb5_fast_anon_pkinit_step(krb5_context context, | ||||
|  | ||||
|     anon_pk_ctx = state->anon_pkinit_ctx; | ||||
|  | ||||
|     ret = krb5_init_creds_step(context, anon_pk_ctx, in, out, NULL, flags); | ||||
|     ret = krb5_init_creds_step(context, anon_pk_ctx, in, out, out_realm, flags); | ||||
|     if (ret || | ||||
| 	(*flags & KRB5_INIT_CREDS_STEP_FLAG_CONTINUE)) | ||||
| 	goto out; | ||||
|   | ||||
| @@ -2966,7 +2966,7 @@ init_creds_step(krb5_context context, | ||||
| 		krb5_init_creds_context ctx, | ||||
| 		krb5_data *in, | ||||
| 		krb5_data *out, | ||||
| 		const void *_unused, | ||||
| 		krb5_realm *out_realm, | ||||
| 		unsigned int *flags) | ||||
| { | ||||
|     struct timeval start_time, end_time; | ||||
| @@ -2979,6 +2979,7 @@ init_creds_step(krb5_context context, | ||||
|     gettimeofday(&start_time, NULL); | ||||
|  | ||||
|     krb5_data_zero(out); | ||||
|     *out_realm = NULL; | ||||
|     krb5_data_zero(&checksum_data); | ||||
|  | ||||
|     if (ctx->as_req.req_body.cname == NULL) { | ||||
| @@ -3417,6 +3418,13 @@ init_creds_step(krb5_context context, | ||||
|     if (ret) | ||||
| 	goto out; | ||||
|  | ||||
|     *out_realm = strdup(ctx->cred.client->realm); | ||||
|     if (*out_realm == NULL) { | ||||
| 	krb5_data_free(out); | ||||
| 	ret = ENOMEM; | ||||
| 	goto out; | ||||
|     } | ||||
|  | ||||
|     *flags = KRB5_INIT_CREDS_STEP_FLAG_CONTINUE; | ||||
|  | ||||
|     gettimeofday(&end_time, NULL); | ||||
| @@ -3439,6 +3447,7 @@ init_creds_step(krb5_context context, | ||||
|  * @param ctx ctx krb5_init_creds_context context. | ||||
|  * @param in input data from KDC, first round it should be reset by krb5_data_zero(). | ||||
|  * @param out reply to KDC. The caller needs to call krb5_data_free() | ||||
|  * @param out_realm the destination realm for 'out', free with krb5_xfree() | ||||
|  * @param flags status of the round, if | ||||
|  *        KRB5_INIT_CREDS_STEP_FLAG_CONTINUE is set, continue one more round. | ||||
|  * | ||||
| @@ -3453,18 +3462,20 @@ krb5_init_creds_step(krb5_context context, | ||||
| 		     krb5_init_creds_context ctx, | ||||
| 		     krb5_data *in, | ||||
| 		     krb5_data *out, | ||||
| 		     const void *_unused, | ||||
| 		     krb5_realm *out_realm, | ||||
| 		     unsigned int *flags) | ||||
| { | ||||
|     krb5_error_code ret; | ||||
|     krb5_data empty; | ||||
|  | ||||
|     krb5_data_zero(&empty); | ||||
|     krb5_data_zero(out); | ||||
|     *out_realm = NULL; | ||||
|  | ||||
|     if ((ctx->fast_state.flags & KRB5_FAST_ANON_PKINIT_ARMOR) && | ||||
| 	ctx->fast_state.armor_ccache == NULL) { | ||||
| 	ret = _krb5_fast_anon_pkinit_step(context, ctx, &ctx->fast_state, | ||||
| 					  in, out, NULL, flags); | ||||
| 					  in, out, out_realm, flags); | ||||
|         if (ret && (ctx->fast_state.flags & KRB5_FAST_OPTIMISTIC)) { | ||||
|             _krb5_debug(context, 5, "Preauth failed with optimistic " | ||||
|                         "FAST, trying w/o FAST"); | ||||
| @@ -3478,7 +3489,7 @@ krb5_init_creds_step(krb5_context context, | ||||
| 	in = ∅ | ||||
|     } | ||||
|  | ||||
|     return init_creds_step(context, ctx, in, out, NULL, flags); | ||||
|     return init_creds_step(context, ctx, in, out, out_realm, flags); | ||||
| } | ||||
|  | ||||
| /** | ||||
| @@ -3690,9 +3701,10 @@ krb5_init_creds_get(krb5_context context, krb5_init_creds_context ctx) | ||||
|  | ||||
|     while (1) { | ||||
| 	struct timeval nstart, nend; | ||||
| 	krb5_realm realm = NULL; | ||||
|  | ||||
| 	flags = 0; | ||||
| 	ret = krb5_init_creds_step(context, ctx, &in, &out, NULL, &flags); | ||||
| 	ret = krb5_init_creds_step(context, ctx, &in, &out, &realm, &flags); | ||||
| 	krb5_data_free(&in); | ||||
| 	if (ret) | ||||
| 	    goto out; | ||||
| @@ -3702,9 +3714,9 @@ krb5_init_creds_get(krb5_context context, krb5_init_creds_context ctx) | ||||
|  | ||||
| 	gettimeofday(&nstart, NULL); | ||||
|  | ||||
| 	ret = krb5_sendto_context (context, stctx, &out, | ||||
| 				   ctx->cred.client->realm, &in); | ||||
| 	ret = krb5_sendto_context (context, stctx, &out, realm, &in); | ||||
| 	krb5_data_free(&out); | ||||
| 	free(realm); | ||||
|     	if (ret) | ||||
| 	    goto out; | ||||
|  | ||||
|   | ||||
		Reference in New Issue
	
	Block a user