Code modularity related updates
authorZhanna Tsitkov <tsitkova@mit.edu>
Wed, 23 Dec 2009 16:00:05 +0000 (16:00 +0000)
committerZhanna Tsitkov <tsitkova@mit.edu>
Wed, 23 Dec 2009 16:00:05 +0000 (16:00 +0000)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23484 dc483132-0cff-0310-8789-dd5450dbe970

13 files changed:
src/lib/krb5/krb/Makefile.in
src/lib/krb5/krb/gen_save_subkey.c [new file with mode: 0644]
src/lib/krb5/krb/get_in_tkt.c
src/lib/krb5/krb/gic_pwd.c
src/lib/krb5/krb/init_ctx.c
src/lib/krb5/krb/int-proto.h
src/lib/krb5/krb/libdef_parse.c [new file with mode: 0644]
src/lib/krb5/krb/mk_req_ext.c
src/lib/krb5/krb/vfy_increds.c
src/lib/krb5/libkrb5.exports
src/lib/krb5/os/dnsglue.c
src/lib/krb5/os/hst_realm.c
src/lib/krb5/os/init_os_ctx.c

index a8377971d58a4bc5e17d8c4cd7cdbd5eae0d88bc..507be6e805deea113b3cfa847d8f8b79beb0b440 100644 (file)
@@ -46,6 +46,7 @@ STLIBOBJS= \
        gc_via_tkt.o    \
        gen_seqnum.o    \
        gen_subkey.o    \
+       gen_save_subkey.o       \
        get_creds.o     \
        get_in_tkt.o    \
        gic_keytab.o    \
@@ -57,6 +58,7 @@ STLIBOBJS= \
        kdc_rep_dc.o    \
        kerrs.o         \
        kfree.o         \
+       libdef_parse.o  \
        mk_cred.o       \
        mk_error.o      \
        mk_priv.o       \
@@ -136,6 +138,7 @@ OBJS=       $(OUTPRE)addr_comp.$(OBJEXT)    \
        $(OUTPRE)gc_via_tkt.$(OBJEXT)   \
        $(OUTPRE)gen_seqnum.$(OBJEXT)   \
        $(OUTPRE)gen_subkey.$(OBJEXT)   \
+       $(OUTPRE)gen_save_subkey.$(OBJEXT)      \
        $(OUTPRE)get_creds.$(OBJEXT)    \
        $(OUTPRE)get_in_tkt.$(OBJEXT)   \
        $(OUTPRE)gic_keytab.$(OBJEXT)   \
@@ -145,8 +148,9 @@ OBJS=       $(OUTPRE)addr_comp.$(OBJEXT)    \
        $(OUTPRE)init_ctx.$(OBJEXT)     \
        $(OUTPRE)init_keyblock.$(OBJEXT) \
        $(OUTPRE)kdc_rep_dc.$(OBJEXT)   \
-       $(OUTPRE)kerrs.$(OBJEXT)                \
+       $(OUTPRE)kerrs.$(OBJEXT)        \
        $(OUTPRE)kfree.$(OBJEXT)        \
+       $(OUTPRE)libdef_parse.$(OBJEXT) \
        $(OUTPRE)mk_cred.$(OBJEXT)      \
        $(OUTPRE)mk_error.$(OBJEXT)     \
        $(OUTPRE)mk_priv.$(OBJEXT)      \
@@ -227,6 +231,7 @@ SRCS=       $(srcdir)/addr_comp.c   \
        $(srcdir)/gc_via_tkt.c  \
        $(srcdir)/gen_seqnum.c  \
        $(srcdir)/gen_subkey.c  \
+       $(srcdir)/gen_save_subkey.c     \
        $(srcdir)/get_creds.c   \
        $(srcdir)/get_in_tkt.c  \
        $(srcdir)/gic_keytab.c  \
@@ -238,6 +243,7 @@ SRCS=       $(srcdir)/addr_comp.c   \
        $(srcdir)/kdc_rep_dc.c  \
        $(srcdir)/kerrs.c       \
        $(srcdir)/kfree.c       \
+       $(srcdir)/libdef_parse.c \
        $(srcdir)/mk_cred.c     \
        $(srcdir)/mk_error.c    \
        $(srcdir)/mk_priv.c     \
diff --git a/src/lib/krb5/krb/gen_save_subkey.c b/src/lib/krb5/krb/gen_save_subkey.c
new file mode 100644 (file)
index 0000000..b7f63d2
--- /dev/null
@@ -0,0 +1,74 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * lib/krb5/krb/gen_save_subkey.c
+ *
+ * Copyright 2009 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ *
+ * krb5int_generate_and_save_subkey()
+ */
+
+#include "k5-int.h"
+#include "auth_con.h"
+
+krb5_error_code
+krb5int_generate_and_save_subkey(krb5_context context,
+                                 krb5_auth_context auth_context,
+                                 krb5_keyblock *keyblock,
+                                 krb5_enctype enctype)
+{
+    /* Provide some more fodder for random number code.
+       This isn't strong cryptographically; the point here is not
+       to guarantee randomness, but to make it less likely that multiple
+       sessions could pick the same subkey.  */
+    struct {
+        krb5_int32 sec, usec;
+    } rnd_data;
+    krb5_data d;
+    krb5_error_code retval;
+    krb5_keyblock *kb = NULL;
+
+    if (krb5_crypto_us_timeofday(&rnd_data.sec, &rnd_data.usec) == 0) {
+        d.length = sizeof(rnd_data);
+        d.data = (char *) &rnd_data;
+        krb5_c_random_add_entropy(context, KRB5_C_RANDSOURCE_TIMING, &d);
+    }
+
+    retval = krb5_generate_subkey_extended(context, keyblock, enctype, &kb);
+    if (retval)
+        return retval;
+    retval = krb5_auth_con_setsendsubkey(context, auth_context, kb);
+    if (retval)
+        goto cleanup;
+    retval = krb5_auth_con_setrecvsubkey(context, auth_context, kb);
+    if (retval)
+        goto cleanup;
+
+cleanup:
+    if (retval) {
+        (void) krb5_auth_con_setsendsubkey(context, auth_context, NULL);
+        (void) krb5_auth_con_setrecvsubkey(context, auth_context, NULL);
+    }
+    krb5_free_keyblock(context, kb);
+    return retval;
+}
index 15c67b85e44e1fd3f9a4cfde20b4cd617c74ccff..06b3c3874a9cf1a17a25f19f37c4ed13a2e6c665 100644 (file)
@@ -839,130 +839,6 @@ cleanup:
     return (retval);
 }
 
-/* begin libdefaults parsing code.  This should almost certainly move
-   somewhere else, but I don't know where the correct somewhere else
-   is yet. */
-
-/* XXX Duplicating this is annoying; try to work on a better way.*/
-static const char *const conf_yes[] = {
-    "y", "yes", "true", "t", "1", "on",
-    0,
-};
-
-static const char *const conf_no[] = {
-    "n", "no", "false", "nil", "0", "off",
-    0,
-};
-
-int
-_krb5_conf_boolean(const char *s)
-{
-    const char *const *p;
-
-    for(p=conf_yes; *p; p++) {
-        if (!strcasecmp(*p,s))
-            return 1;
-    }
-
-    for(p=conf_no; *p; p++) {
-        if (!strcasecmp(*p,s))
-            return 0;
-    }
-
-    /* Default to "no" */
-    return 0;
-}
-
-static krb5_error_code
-krb5_libdefault_string(krb5_context context, const krb5_data *realm,
-                       const char *option, char **ret_value)
-{
-    profile_t profile;
-    const char *names[5];
-    char **nameval = NULL;
-    krb5_error_code retval;
-    char realmstr[1024];
-
-    if (realm->length > sizeof(realmstr)-1)
-        return(EINVAL);
-
-    strncpy(realmstr, realm->data, realm->length);
-    realmstr[realm->length] = '\0';
-
-    if (!context || (context->magic != KV5M_CONTEXT))
-        return KV5M_CONTEXT;
-
-    profile = context->profile;
-
-    names[0] = KRB5_CONF_LIBDEFAULTS;
-
-    /*
-     * Try number one:
-     *
-     * [libdefaults]
-     *          REALM = {
-     *                  option = <boolean>
-     *          }
-     */
-
-    names[1] = realmstr;
-    names[2] = option;
-    names[3] = 0;
-    retval = profile_get_values(profile, names, &nameval);
-    if (retval == 0 && nameval && nameval[0])
-        goto goodbye;
-
-    /*
-     * Try number two:
-     *
-     * [libdefaults]
-     *          option = <boolean>
-     */
-
-    names[1] = option;
-    names[2] = 0;
-    retval = profile_get_values(profile, names, &nameval);
-    if (retval == 0 && nameval && nameval[0])
-        goto goodbye;
-
-goodbye:
-    if (!nameval)
-        return(ENOENT);
-
-    if (!nameval[0]) {
-        retval = ENOENT;
-    } else {
-        *ret_value = strdup(nameval[0]);
-        if (!*ret_value)
-            retval = ENOMEM;
-    }
-
-    profile_free_list(nameval);
-
-    return retval;
-}
-
-/* not static so verify_init_creds() can call it */
-/* as well as the DNS code */
-
-krb5_error_code
-krb5_libdefault_boolean(krb5_context context, const krb5_data *realm,
-                        const char *option, int *ret_value)
-{
-    char *string = NULL;
-    krb5_error_code retval;
-
-    retval = krb5_libdefault_string(context, realm, option, &string);
-
-    if (retval)
-        return(retval);
-
-    *ret_value = _krb5_conf_boolean(string);
-    free(string);
-
-    return(0);
-}
-
 /* Sort a pa_data sequence so that types named in the "preferred_preauth_types"
  * libdefaults entry are listed before any others. */
 static krb5_error_code
@@ -981,8 +857,8 @@ sort_krb5_padata_sequence(krb5_context context, krb5_data *realm,
         return 0;
     }
 
-    ret = krb5_libdefault_string(context, realm, KRB5_CONF_PREFERRED_PREAUTH_TYPES,
-                                 &preauth_types);
+    ret = krb5int_libdefault_string(context, realm, KRB5_CONF_PREFERRED_PREAUTH_TYPES,
+                                    &preauth_types);
     if ((ret != 0) || (preauth_types == NULL)) {
         /* Try to use PKINIT first. */
         preauth_types = "17, 16, 15, 14";
@@ -1408,8 +1284,8 @@ krb5_init_creds_init(krb5_context context,
     /* forwaradble */
     if (opte->flags & KRB5_GET_INIT_CREDS_OPT_FORWARDABLE)
         tmp = opte->forwardable;
-    else if (krb5_libdefault_boolean(context, &ctx->request->client->realm,
-                                     KRB5_CONF_FORWARDABLE, &tmp) == 0)
+    else if (krb5int_libdefault_boolean(context, &ctx->request->client->realm,
+                                        KRB5_CONF_FORWARDABLE, &tmp) == 0)
         ;
     else
         tmp = 0;
@@ -1419,8 +1295,8 @@ krb5_init_creds_init(krb5_context context,
     /* proxiable */
     if (opte->flags & KRB5_GET_INIT_CREDS_OPT_PROXIABLE)
         tmp = opte->proxiable;
-    else if (krb5_libdefault_boolean(context, &ctx->request->client->realm,
-                                     KRB5_CONF_PROXIABLE, &tmp) == 0)
+    else if (krb5int_libdefault_boolean(context, &ctx->request->client->realm,
+                                        KRB5_CONF_PROXIABLE, &tmp) == 0)
         ;
     else
         tmp = 0;
@@ -1430,8 +1306,8 @@ krb5_init_creds_init(krb5_context context,
     /* canonicalize */
     if (opte->flags & KRB5_GET_INIT_CREDS_OPT_CANONICALIZE)
         tmp = 1;
-    else if (krb5_libdefault_boolean(context, &ctx->request->client->realm,
-                                     KRB5_CONF_CANONICALIZE, &tmp) == 0)
+    else if (krb5int_libdefault_boolean(context, &ctx->request->client->realm,
+                                        KRB5_CONF_CANONICALIZE, &tmp) == 0)
         ;
     else
         tmp = 0;
@@ -1445,8 +1321,8 @@ krb5_init_creds_init(krb5_context context,
     /* ticket lifetime */
     if (opte->flags & KRB5_GET_INIT_CREDS_OPT_TKT_LIFE)
         ctx->tkt_life = options->tkt_life;
-    else if (krb5_libdefault_string(context, &ctx->request->client->realm,
-                                    KRB5_CONF_TICKET_LIFETIME, &str) == 0) {
+    else if (krb5int_libdefault_string(context, &ctx->request->client->realm,
+                                       KRB5_CONF_TICKET_LIFETIME, &str) == 0) {
         code = krb5_string_to_deltat(str, &ctx->tkt_life);
         if (code != 0)
             goto cleanup;
@@ -1458,8 +1334,8 @@ krb5_init_creds_init(krb5_context context,
     /* renewable lifetime */
     if (opte->flags & KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE)
         ctx->renew_life = options->renew_life;
-    else if (krb5_libdefault_string(context, &ctx->request->client->realm,
-                                    KRB5_CONF_RENEW_LIFETIME, &str) == 0) {
+    else if (krb5int_libdefault_string(context, &ctx->request->client->realm,
+                                       KRB5_CONF_RENEW_LIFETIME, &str) == 0) {
         code = krb5_string_to_deltat(str, &ctx->renew_life);
         if (code != 0)
             goto cleanup;
@@ -1499,8 +1375,8 @@ krb5_init_creds_init(krb5_context context,
                                    &ctx->request->addresses);
         if (code != 0)
             goto cleanup;
-    } else if (krb5_libdefault_boolean(context, &ctx->request->client->realm,
-                                       KRB5_CONF_NOADDRESSES, &tmp) != 0
+    } else if (krb5int_libdefault_boolean(context, &ctx->request->client->realm,
+                                          KRB5_CONF_NOADDRESSES, &tmp) != 0
                || tmp) {
         ctx->request->addresses = NULL;
     } else {
@@ -2132,3 +2008,52 @@ cleanup:
 
     return code;
 }
+
+krb5_error_code
+krb5int_populate_gic_opt(krb5_context context, krb5_get_init_creds_opt **out,
+                         krb5_flags options, krb5_address *const *addrs,
+                         krb5_enctype *ktypes,
+                         krb5_preauthtype *pre_auth_types, krb5_creds *creds)
+{
+    int i;
+    krb5_int32 starttime;
+    krb5_get_init_creds_opt *opt;
+    krb5_error_code retval;
+
+    *out = NULL;
+    retval = krb5_get_init_creds_opt_alloc(context, &opt);
+    if (retval)
+        return(retval);
+
+    if (addrs)
+        krb5_get_init_creds_opt_set_address_list(opt, (krb5_address **) addrs);
+    if (ktypes) {
+        for (i=0; ktypes[i]; i++);
+        if (i)
+            krb5_get_init_creds_opt_set_etype_list(opt, ktypes, i);
+    }
+    if (pre_auth_types) {
+        for (i=0; pre_auth_types[i]; i++);
+        if (i)
+            krb5_get_init_creds_opt_set_preauth_list(opt, pre_auth_types, i);
+    }
+    if (options&KDC_OPT_FORWARDABLE)
+        krb5_get_init_creds_opt_set_forwardable(opt, 1);
+    else krb5_get_init_creds_opt_set_forwardable(opt, 0);
+    if (options&KDC_OPT_PROXIABLE)
+        krb5_get_init_creds_opt_set_proxiable(opt, 1);
+    else krb5_get_init_creds_opt_set_proxiable(opt, 0);
+    if (creds && creds->times.endtime) {
+        retval = krb5_timeofday(context, &starttime);
+        if (retval)
+            goto cleanup;
+        if (creds->times.starttime) starttime = creds->times.starttime;
+        krb5_get_init_creds_opt_set_tkt_life(opt, creds->times.endtime - starttime);
+    }
+    *out = opt;
+    return 0;
+
+cleanup:
+    krb5_get_init_creds_opt_free(context, opt);
+    return retval;
+}
index 4d2875f34e659528a1a51e4823e45cca5b316d35..cadd7ad35dc210cb2ea4b7536312e6a394deeccd 100644 (file)
@@ -419,54 +419,6 @@ cleanup:
     return(ret);
 }
 
-krb5_error_code
-krb5int_populate_gic_opt(krb5_context context, krb5_get_init_creds_opt **out,
-                         krb5_flags options, krb5_address *const *addrs,
-                         krb5_enctype *ktypes,
-                         krb5_preauthtype *pre_auth_types, krb5_creds *creds)
-{
-    int i;
-    krb5_int32 starttime;
-    krb5_get_init_creds_opt *opt;
-    krb5_error_code retval;
-
-    *out = NULL;
-    retval = krb5_get_init_creds_opt_alloc(context, &opt);
-    if (retval)
-        return(retval);
-
-    if (addrs)
-        krb5_get_init_creds_opt_set_address_list(opt, (krb5_address **) addrs);
-    if (ktypes) {
-        for (i=0; ktypes[i]; i++);
-        if (i)
-            krb5_get_init_creds_opt_set_etype_list(opt, ktypes, i);
-    }
-    if (pre_auth_types) {
-        for (i=0; pre_auth_types[i]; i++);
-        if (i)
-            krb5_get_init_creds_opt_set_preauth_list(opt, pre_auth_types, i);
-    }
-    if (options&KDC_OPT_FORWARDABLE)
-        krb5_get_init_creds_opt_set_forwardable(opt, 1);
-    else krb5_get_init_creds_opt_set_forwardable(opt, 0);
-    if (options&KDC_OPT_PROXIABLE)
-        krb5_get_init_creds_opt_set_proxiable(opt, 1);
-    else krb5_get_init_creds_opt_set_proxiable(opt, 0);
-    if (creds && creds->times.endtime) {
-        retval = krb5_timeofday(context, &starttime);
-        if (retval)
-            goto cleanup;
-        if (creds->times.starttime) starttime = creds->times.starttime;
-        krb5_get_init_creds_opt_set_tkt_life(opt, creds->times.endtime - starttime);
-    }
-    *out = opt;
-    return 0;
-cleanup:
-    krb5_get_init_creds_opt_free(context, opt);
-    return retval;
-}
-
 /*
   Rewrites get_in_tkt in terms of newer get_init_creds API.
   Attempts to get an initial ticket for creds->client to use server
index 6ffee90bb7d3847c3fdd6b22b119358025a2d0ca..3bdbdd5086f39bcaf44ed32aa40d59ed072f5827 100644 (file)
@@ -647,3 +647,9 @@ errout:
     }
     return ret;
 }
+
+krb5_error_code KRB5_CALLCONV
+krb5_get_profile (krb5_context ctx, profile_t *profile)
+{
+    return profile_copy (ctx->profile, profile);
+}
index 47555d678b6566a9b9624ee0bd838e5cedfecdcd..4450bfcf12bd9e57e8b187bd7b8db7e3f2c7a9b6 100644 (file)
@@ -37,8 +37,12 @@ krb5_tgtname(krb5_context context, const krb5_data *, const krb5_data *,
              krb5_principal *);
 
 krb5_error_code
-krb5_libdefault_boolean(krb5_context, const krb5_data *, const char *,
-                        int *);
+krb5int_libdefault_boolean(krb5_context, const krb5_data *, const char *,
+                           int *);
+krb5_error_code
+krb5int_libdefault_string(krb5_context context, const krb5_data *realm,
+                          const char *option, char **ret_value);
+
 
 krb5_error_code krb5_ser_authdata_init (krb5_context);
 krb5_error_code krb5_ser_address_init (krb5_context);
diff --git a/src/lib/krb5/krb/libdef_parse.c b/src/lib/krb5/krb/libdef_parse.c
new file mode 100644 (file)
index 0000000..84485a8
--- /dev/null
@@ -0,0 +1,149 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * lib/krb5/krb/libdef_parse.c
+ *
+ * Copyright 2009 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * krb5int_libdefault_string()
+ * krb5int_libdefault_boolean()
+ *
+ */
+#include "k5-int.h"
+#include "int-proto.h"
+
+static const char *const conf_yes[] = {
+    "y", "yes", "true", "t", "1", "on",
+    0,
+};
+
+static const char *const conf_no[] = {
+    "n", "no", "false", "nil", "0", "off",
+    0,
+};
+
+int
+_krb5_conf_boolean(const char *s)
+{
+    const char *const *p;
+
+    for(p=conf_yes; *p; p++) {
+        if (!strcasecmp(*p,s))
+            return 1;
+    }
+
+    for(p=conf_no; *p; p++) {
+        if (!strcasecmp(*p,s))
+            return 0;
+    }
+
+    /* Default to "no" */
+    return 0;
+}
+
+krb5_error_code
+krb5int_libdefault_string(krb5_context context, const krb5_data *realm,
+                          const char *option, char **ret_value)
+{
+    profile_t profile;
+    const char *names[5];
+    char **nameval = NULL;
+    krb5_error_code retval;
+    char realmstr[1024];
+
+    if (realm->length > sizeof(realmstr)-1)
+        return(EINVAL);
+
+    strncpy(realmstr, realm->data, realm->length);
+    realmstr[realm->length] = '\0';
+
+    if (!context || (context->magic != KV5M_CONTEXT))
+        return KV5M_CONTEXT;
+
+    profile = context->profile;
+
+    names[0] = KRB5_CONF_LIBDEFAULTS;
+
+    /*
+     * Try number one:
+     *
+     * [libdefaults]
+     *          REALM = {
+     *                  option = <boolean>
+     *          }
+     */
+
+    names[1] = realmstr;
+    names[2] = option;
+    names[3] = 0;
+    retval = profile_get_values(profile, names, &nameval);
+    if (retval == 0 && nameval && nameval[0])
+        goto goodbye;
+
+
+    /*
+     * Try number two:
+     *
+     * [libdefaults]
+     *          option = <boolean>
+     */
+
+    names[1] = option;
+    names[2] = 0;
+    retval = profile_get_values(profile, names, &nameval);
+    if (retval == 0 && nameval && nameval[0])
+        goto goodbye;
+
+goodbye:
+    if (!nameval)
+        return(ENOENT);
+
+    if (!nameval[0]) {
+        retval = ENOENT;
+    } else {
+        *ret_value = strdup(nameval[0]);
+        if (!*ret_value)
+            retval = ENOMEM;
+    }
+
+    profile_free_list(nameval);
+
+    return retval;
+}
+
+krb5_error_code
+krb5int_libdefault_boolean(krb5_context context, const krb5_data *realm,
+                           const char *option, int *ret_value)
+{
+    char *string = NULL;
+    krb5_error_code retval;
+
+    retval = krb5int_libdefault_string(context, realm, option, &string);
+
+    if (retval)
+        return(retval);
+
+    *ret_value = _krb5_conf_boolean(string);
+    free(string);
+
+    return(0);
+}
index 17e05c805e766ebefe3d6f3ae46c58856cb22479..4eba016388b38de823ba51d544b5e9bb90c6d973 100644 (file)
@@ -80,48 +80,6 @@ generate_authenticator(krb5_context,
                        krb5_enctype *desired_etypes,
                        krb5_enctype tkt_enctype);
 
-krb5_error_code
-krb5int_generate_and_save_subkey(krb5_context context,
-                                 krb5_auth_context auth_context,
-                                 krb5_keyblock *keyblock,
-                                 krb5_enctype enctype)
-{
-    /* Provide some more fodder for random number code.
-       This isn't strong cryptographically; the point here is not
-       to guarantee randomness, but to make it less likely that multiple
-       sessions could pick the same subkey.  */
-    struct {
-        krb5_int32 sec, usec;
-    } rnd_data;
-    krb5_data d;
-    krb5_error_code retval;
-    krb5_keyblock *kb = NULL;
-
-    if (krb5_crypto_us_timeofday(&rnd_data.sec, &rnd_data.usec) == 0) {
-        d.length = sizeof(rnd_data);
-        d.data = (char *) &rnd_data;
-        krb5_c_random_add_entropy(context, KRB5_C_RANDSOURCE_TIMING, &d);
-    }
-
-    retval = krb5_generate_subkey_extended(context, keyblock, enctype, &kb);
-    if (retval)
-        return retval;
-    retval = krb5_auth_con_setsendsubkey(context, auth_context, kb);
-    if (retval)
-        goto cleanup;
-    retval = krb5_auth_con_setrecvsubkey(context, auth_context, kb);
-    if (retval)
-        goto cleanup;
-
-cleanup:
-    if (retval) {
-        (void) krb5_auth_con_setsendsubkey(context, auth_context, NULL);
-        (void) krb5_auth_con_setrecvsubkey(context, auth_context, NULL);
-    }
-    krb5_free_keyblock(context, kb);
-    return retval;
-}
-
 krb5_error_code KRB5_CALLCONV
 krb5_mk_req_extended(krb5_context context, krb5_auth_context *auth_context,
                      krb5_flags ap_req_options, krb5_data *in_data,
index f71e7a909b676a570132bf733e13819bef53229b..5eeda426b241dd2c2a2c510957ace118f24c26d0 100644 (file)
@@ -115,10 +115,10 @@ krb5_verify_init_creds(krb5_context context,
             (options->flags & KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL)) {
             if (options->ap_req_nofail)
                 goto cleanup;
-        } else if (krb5_libdefault_boolean(context,
-                                           &creds->client->realm,
-                                           KRB5_CONF_VERIFY_AP_REQ_NOFAIL,
-                                           &nofail) == 0) {
+        } else if (krb5int_libdefault_boolean(context,
+                                              &creds->client->realm,
+                                              KRB5_CONF_VERIFY_AP_REQ_NOFAIL,
+                                              &nofail) == 0) {
             if (nofail)
                 goto cleanup;
         }
index a1dfd940d38b98af3560c643de158adb9fc74fcd..1c35c459214a3f35ce123800a5f5b0231a8aa249 100644 (file)
@@ -401,7 +401,6 @@ krb5_ktf_ops
 krb5_ktf_writable_ops
 krb5_kts_ops
 krb5_kuserok
-krb5_libdefault_boolean
 krb5_locate_kdc
 krb5_lock_file
 krb5_make_authdata_kdc_issued
index 47b455a9650d88f9368db799dabb3d7b090142c8..4742c0a12d24e5e0b97fb3545a79f947597c2d16 100644 (file)
@@ -2,7 +2,7 @@
 /*
  * lib/krb5/os/dnsglue.c
  *
- * Copyright 2004 by the Massachusetts Institute of Technology.
+ * Copyright 2004, 2009 by the Massachusetts Institute of Technology.
  * All Rights Reserved.
  *
  * Export of this software from the United States of America may
@@ -333,4 +333,76 @@ out:
 
 #endif
 
+/*
+ * Try to look up a TXT record pointing to a Kerberos realm
+ */
+
+krb5_error_code
+krb5_try_realm_txt_rr(const char *prefix, const char *name, char **realm)
+{
+    krb5_error_code retval = KRB5_ERR_HOST_REALM_UNKNOWN;
+    const unsigned char *p, *base;
+    char host[MAXDNAME];
+    int ret, rdlen, len;
+    struct krb5int_dns_state *ds = NULL;
+    struct k5buf buf;
+
+    /*
+     * Form our query, and send it via DNS
+     */
+
+    krb5int_buf_init_fixed(&buf, host, sizeof(host));
+    if (name == NULL || name[0] == '\0') {
+        krb5int_buf_add(&buf, prefix);
+    } else {
+        krb5int_buf_add_fmt(&buf, "%s.%s", prefix, name);
+
+        /* Realm names don't (normally) end with ".", but if the query
+           doesn't end with "." and doesn't get an answer as is, the
+           resolv code will try appending the local domain.  Since the
+           realm names are absolutes, let's stop that.
+
+           But only if a name has been specified.  If we are performing
+           a search on the prefix alone then the intention is to allow
+           the local domain or domain search lists to be expanded.
+        */
+
+        len = krb5int_buf_len(&buf);
+        if (len > 0 && host[len - 1] != '.')
+            krb5int_buf_add(&buf, ".");
+    }
+    if (krb5int_buf_data(&buf) == NULL)
+        return KRB5_ERR_HOST_REALM_UNKNOWN;
+    ret = krb5int_dns_init(&ds, host, C_IN, T_TXT);
+    if (ret < 0)
+        goto errout;
+
+    ret = krb5int_dns_nextans(ds, &base, &rdlen);
+    if (ret < 0 || base == NULL)
+        goto errout;
+
+    p = base;
+    if (!INCR_OK(base, rdlen, p, 1))
+        goto errout;
+    len = *p++;
+    *realm = malloc((size_t)len + 1);
+    if (*realm == NULL) {
+        retval = ENOMEM;
+        goto errout;
+    }
+    strncpy(*realm, (const char *)p, (size_t)len);
+    (*realm)[len] = '\0';
+    /* Avoid a common error. */
+    if ( (*realm)[len-1] == '.' )
+        (*realm)[len-1] = '\0';
+    retval = 0;
+
+errout:
+    if (ds != NULL) {
+        krb5int_dns_fini(ds);
+        ds = NULL;
+    }
+    return retval;
+}
+
 #endif /* KRB5_DNS_LOOKUP */
index 208b9322357f859932439b9ca2715c0c6c1782a6..23c7893b624538ecbb1ddeb20d0b4e39357cb09e 100644 (file)
@@ -84,80 +84,8 @@ domain_heuristic(krb5_context context, const char *domain,
                  char **realm, int limit);
 
 #ifdef KRB5_DNS_LOOKUP
-
 #include "dnsglue.h"
-/*
- * Try to look up a TXT record pointing to a Kerberos realm
- */
-
-krb5_error_code
-krb5_try_realm_txt_rr(const char *prefix, const char *name, char **realm)
-{
-    krb5_error_code retval = KRB5_ERR_HOST_REALM_UNKNOWN;
-    const unsigned char *p, *base;
-    char host[MAXDNAME];
-    int ret, rdlen, len;
-    struct krb5int_dns_state *ds = NULL;
-    struct k5buf buf;
-
-    /*
-     * Form our query, and send it via DNS
-     */
-
-    krb5int_buf_init_fixed(&buf, host, sizeof(host));
-    if (name == NULL || name[0] == '\0') {
-        krb5int_buf_add(&buf, prefix);
-    } else {
-        krb5int_buf_add_fmt(&buf, "%s.%s", prefix, name);
-
-        /* Realm names don't (normally) end with ".", but if the query
-           doesn't end with "." and doesn't get an answer as is, the
-           resolv code will try appending the local domain.  Since the
-           realm names are absolutes, let's stop that.
-
-           But only if a name has been specified.  If we are performing
-           a search on the prefix alone then the intention is to allow
-           the local domain or domain search lists to be expanded.
-        */
-
-        len = krb5int_buf_len(&buf);
-        if (len > 0 && host[len - 1] != '.')
-            krb5int_buf_add(&buf, ".");
-    }
-    if (krb5int_buf_data(&buf) == NULL)
-        return KRB5_ERR_HOST_REALM_UNKNOWN;
-    ret = krb5int_dns_init(&ds, host, C_IN, T_TXT);
-    if (ret < 0)
-        goto errout;
-
-    ret = krb5int_dns_nextans(ds, &base, &rdlen);
-    if (ret < 0 || base == NULL)
-        goto errout;
-
-    p = base;
-    if (!INCR_OK(base, rdlen, p, 1))
-        goto errout;
-    len = *p++;
-    *realm = malloc((size_t)len + 1);
-    if (*realm == NULL) {
-        retval = ENOMEM;
-        goto errout;
-    }
-    strncpy(*realm, (const char *)p, (size_t)len);
-    (*realm)[len] = '\0';
-    /* Avoid a common error. */
-    if ( (*realm)[len-1] == '.' )
-        (*realm)[len-1] = '\0';
-    retval = 0;
-
-errout:
-    if (ds != NULL) {
-        krb5int_dns_fini(ds);
-        ds = NULL;
-    }
-    return retval;
-}
-#else /* KRB5_DNS_LOOKUP */
+#else
 #ifndef MAXDNAME
 #define MAXDNAME (16 * MAXHOSTNAMELEN)
 #endif /* MAXDNAME */
index 7f2110f8e4b1b699e7d330a456649eea73960d6d..0b89740ed1f9845278a7df19eb58053a64b731c3 100644 (file)
@@ -402,12 +402,6 @@ krb5_os_init_context(krb5_context ctx, krb5_boolean kdc)
     return retval;
 }
 
-krb5_error_code KRB5_CALLCONV
-krb5_get_profile (krb5_context ctx, profile_t *profile)
-{
-    return profile_copy (ctx->profile, profile);
-}
-
 krb5_error_code
 krb5_set_config_files(krb5_context ctx, const char **filenames)
 {