+Fri Jan 13 15:23:47 1995 Chris Provenzano (proven@mit.edu)
+
+ * Added krb5_context to all krb5_routines
+
Thu Nov 3 18:29:10 1994 Mark Eichin (eichin@cygnus.com)
* pcbc_encrypt.c: moved from f_pcbc.c in lib/crypto/des, and
strcpy(prompt2, "Verifying, please re-enter ");
strncat(prompt2, prompt, sizeof(prompt2)-(strlen(prompt2)+1));
}
- ok = krb5_read_password(prompt, verify ? prompt2 : 0,
+ ok = krb5_read_password(global_context, prompt, verify ? prompt2 : 0,
key_string, &string_size);
if (ok == 0)
returns: errors
*/
-krb5_error_code mit_des_string_to_key (DECLARG(const krb5_keytype, keytype),
- DECLARG(krb5_keyblock *,keyblock),
- DECLARG(const krb5_data *,data),
- DECLARG(krb5_const_principal, princ))
-OLDDECLARG(const krb5_keytype, keytype)
-OLDDECLARG(krb5_keyblock *,keyblock)
-OLDDECLARG(const krb5_data *,data)
-OLDDECLARG(krb5_const_principal, princ)
+krb5_error_code mit_des_string_to_key (keytype, keyblock, data, princ)
+ const krb5_keytype keytype;
+ krb5_keyblock * keyblock;
+ const krb5_data * data;
+ krb5_const_principal princ;
{
char copystr[512];
+Fri Jan 13 15:23:47 1995 Chris Provenzano (proven@mit.edu)
+
+ * Added krb5_context to all krb5_routines
+
Mon Jan 9 19:27:55 1995 Theodore Y. Ts'o (tytso@dcl)
* display_name.c (krb5_gss_display_name): gss_display_name()
#include <memory.h>
#include <krb5/widen.h>
-static krb5_error_code rd_req_keyproc(keyprocarg, server, kvno, keyblock)
+static krb5_error_code
+rd_req_keyproc(context, keyprocarg, server, kvno, keyblock)
+ krb5_context context;
krb5_pointer keyprocarg;
krb5_principal server;
krb5_kvno kvno;
krb5_error_code code;
krb5_keytab_entry ktentry;
- if (code = krb5_kt_get_entry((krb5_keytab) keyprocarg, server, kvno,
- &ktentry))
+ if (code = krb5_kt_get_entry(context, (krb5_keytab) keyprocarg, server,
+ kvno, &ktentry))
return(code);
- code = krb5_copy_keyblock(&ktentry.key, keyblock);
+ code = krb5_copy_keyblock(context, &ktentry.key, keyblock);
- (void) krb5_kt_free_entry(&ktentry);
+ (void) krb5_kt_free_entry(context, &ktentry);
return(code);
}
-static krb5_error_code make_ap_rep(authdat, subkey, seq_send, token)
+static krb5_error_code
+make_ap_rep(context, authdat, subkey, seq_send, token)
+ krb5_context context;
krb5_tkt_authent *authdat;
krb5_keyblock *subkey;
krb5_int32 *seq_send;
ap_rep_data.cusec = authdat->authenticator->cusec;
ap_rep_data.subkey = authdat->authenticator->subkey;
- if (code = krb5_generate_seq_number(authdat->ticket->enc_part2->session,
+ if (code = krb5_generate_seq_number(context,
+ authdat->ticket->enc_part2->session,
&ap_rep_data.seq_number))
return(code);
- if (code = krb5_mk_rep(&ap_rep_data, subkey, &ap_rep))
+ if (code = krb5_mk_rep(context, &ap_rep_data, subkey, &ap_rep))
return(code);
/* build up the token */
return(0);
}
-OM_uint32 krb5_gss_accept_sec_context(minor_status, context_handle,
- verifier_cred_handle, input_token,
- input_chan_bindings, src_name, mech_type,
- output_token, ret_flags, time_rec,
- delegated_cred_handle)
+OM_uint32
+krb5_gss_accept_sec_context(context, minor_status, context_handle,
+ verifier_cred_handle, input_token,
+ input_chan_bindings, src_name, mech_type,
+ output_token, ret_flags, time_rec,
+ delegated_cred_handle)
+ krb5_context context;
OM_uint32 *minor_status;
gss_ctx_id_t *context_handle;
gss_cred_id_t verifier_cred_handle;
/* get the rcache pointer */
if (code =
- krb5_get_server_rcache(krb5_princ_component(cred->princ,
- ((krb5_princ_size(cred->princ)>1)?1:0)),
+ krb5_get_server_rcache(context,
+ krb5_princ_component(context, cred->princ,
+ ((krb5_princ_size(context, cred->princ)>1)?1:0)),
&rcache)) {
*minor_status = code;
return(GSS_S_FAILURE);
/* decode the message */
- if (code = krb5_rd_req(&ap_req, cred->princ, paddr, NULL, &rd_req_keyproc,
- (krb5_pointer) cred->keytab, rcache, &authdat)) {
- (void) krb5_rc_close(rcache);
+ if (code = krb5_rd_req(context, &ap_req, cred->princ, paddr, NULL,
+ &rd_req_keyproc, (krb5_pointer) cred->keytab,
+ rcache, &authdat)) {
+ (void) krb5_rc_close(context, rcache);
*minor_status = code;
return(GSS_S_FAILURE);
}
/* close and free the rcache */
- krb5_rc_close(rcache);
+ krb5_rc_close(context, rcache);
/* make sure the necessary parts of the authdat are present */
if ((authdat->authenticator->subkey == NULL) ||
(authdat->ticket->enc_part2 == NULL)) {
- krb5_free_tkt_authent(authdat);
+ krb5_free_tkt_authent(context, authdat);
*minor_status = KG_NO_SUBKEY;
return(GSS_S_FAILURE);
}
can interoperate with an implementation whcih supports negotiation */
if ((authdat->authenticator->checksum->checksum_type != CKSUMTYPE_KG_CB) ||
(authdat->authenticator->checksum->length < 24)) {
- krb5_free_tkt_authent(authdat);
+ krb5_free_tkt_authent(context, authdat);
*minor_status = 0;
return(GSS_S_BAD_BINDINGS);
}
if (tmp != RSA_MD5_CKSUM_LENGTH) {
xfree(md5.contents);
- krb5_free_tkt_authent(authdat);
+ krb5_free_tkt_authent(context, authdat);
*minor_status = KG_BAD_LENGTH;
return(GSS_S_FAILURE);
}
if (code = kg_checksum_channel_bindings(input_chan_bindings, &md5,
bigend)) {
- krb5_free_tkt_authent(authdat);
+ krb5_free_tkt_authent(context, authdat);
*minor_status = code;
return(GSS_S_FAILURE);
}
TREAD_STR(ptr, ptr2, md5.length);
if (memcmp(ptr2, md5.contents, md5.length) != 0) {
xfree(md5.contents);
- krb5_free_tkt_authent(authdat);
+ krb5_free_tkt_authent(context, authdat);
*minor_status = 0;
return(GSS_S_BAD_BINDINGS);
}
ctx->cred = cred;
ctx->big_endian = bigend;
- if (code = krb5_copy_principal(cred->princ, &ctx->here)) {
+ if (code = krb5_copy_principal(context, cred->princ, &ctx->here)) {
xfree(ctx);
- krb5_free_tkt_authent(authdat);
+ krb5_free_tkt_authent(context, authdat);
*minor_status = code;
return(GSS_S_FAILURE);
}
- if (code = krb5_copy_principal(authdat->authenticator->client,
+ if (code = krb5_copy_principal(context, authdat->authenticator->client,
&ctx->there)) {
- krb5_free_principal(ctx->here);
+ krb5_free_principal(context, ctx->here);
xfree(ctx);
- krb5_free_tkt_authent(authdat);
+ krb5_free_tkt_authent(context, authdat);
*minor_status = code;
return(GSS_S_FAILURE);
}
- if (code = krb5_copy_keyblock(authdat->authenticator->subkey,
+ if (code = krb5_copy_keyblock(context, authdat->authenticator->subkey,
&ctx->subkey)) {
- krb5_free_principal(ctx->there);
- krb5_free_principal(ctx->here);
+ krb5_free_principal(context, ctx->there);
+ krb5_free_principal(context, ctx->here);
xfree(ctx);
- krb5_free_tkt_authent(authdat);
+ krb5_free_tkt_authent(context, authdat);
*minor_status = code;
return(GSS_S_FAILURE);
}
/* fill in the encryption descriptors */
- krb5_use_cstype(&ctx->enc.eblock, ETYPE_RAW_DES_CBC);
+ krb5_use_cstype(context, &ctx->enc.eblock, ETYPE_RAW_DES_CBC);
ctx->enc.processed = 0;
- if (code = krb5_copy_keyblock(ctx->subkey, &ctx->enc.key))
+ if (code = krb5_copy_keyblock(context, ctx->subkey, &ctx->enc.key))
return(code);
for (i=0; i<ctx->enc.key->length; i++)
/*SUPPRESS 113*/
ctx->enc.key->contents[i] ^= 0xf0;
- krb5_use_cstype(&ctx->seq.eblock, ETYPE_RAW_DES_CBC);
+ krb5_use_cstype(context, &ctx->seq.eblock, ETYPE_RAW_DES_CBC);
ctx->seq.processed = 0;
ctx->seq.key = ctx->subkey;
if (ctx->mutual) {
if (code = make_ap_rep(authdat, ctx->subkey, &ctx->seq_send, &token)) {
- (void)krb5_gss_delete_sec_context(minor_status, (gss_ctx_id_t *) &ctx,
- NULL);
- krb5_free_tkt_authent(authdat);
+ (void)krb5_gss_delete_sec_context(context, minor_status,
+ (gss_ctx_id_t *) &ctx, NULL);
+ krb5_free_tkt_authent(context, authdat);
*minor_status = code;
return(GSS_S_FAILURE);
}
}
/* done with authdat! */
- krb5_free_tkt_authent(authdat);
+ krb5_free_tkt_authent(context, authdat);
/* set the return arguments */
if (src_name) {
- if (code = krb5_copy_principal(ctx->there, &name)) {
+ if (code = krb5_copy_principal(context, ctx->there, &name)) {
if (token.value)
xfree(token.value);
- (void)krb5_gss_delete_sec_context(minor_status, (gss_ctx_id_t *) &ctx,
- NULL);
+ (void)krb5_gss_delete_sec_context(context, minor_status,
+ (gss_ctx_id_t *) &ctx, NULL);
*minor_status = code;
return(GSS_S_FAILURE);
}
*mech_type = (gss_OID) gss_mech_krb5;
if (time_rec) {
- if (code = krb5_timeofday(&now)) {
+ if (code = krb5_timeofday(context, &now)) {
if (src_name)
- krb5_free_principal(name);
+ krb5_free_principal(context, name);
xfree(token.value);
- (void)krb5_gss_delete_sec_context(minor_status, (gss_ctx_id_t *) &ctx,
- NULL);
+ (void)krb5_gss_delete_sec_context(context, minor_status,
+ (gss_ctx_id_t *) &ctx, NULL);
*minor_status = code;
return(GSS_S_FAILURE);
}
if (src_name)
if (! kg_save_name((gss_name_t) name)) {
- krb5_free_principal(name);
+ krb5_free_principal(context, name);
if (token.value)
xfree(token.value);
- (void)krb5_gss_delete_sec_context(minor_status,
+ (void)krb5_gss_delete_sec_context(context, minor_status,
(gss_ctx_id_t *) &ctx, NULL);
*minor_status = G_VALIDATE_FAILED;
return(GSS_S_FAILURE);
if (! kg_save_ctx_id((gss_ctx_id_t) ctx)) {
if (src_name) {
(void) kg_delete_name((gss_name_t) name);
- krb5_free_principal(name);
+ krb5_free_principal(context, name);
}
if (token.value)
xfree(token.value);
- (void)krb5_gss_delete_sec_context(minor_status, (gss_ctx_id_t *) &ctx,
- NULL);
+ (void)krb5_gss_delete_sec_context(context, minor_status,
+ (gss_ctx_id_t *) &ctx, NULL);
*minor_status = G_VALIDATE_FAILED;
return(GSS_S_FAILURE);
}
If successful, set the keytab-specific fields in cred
*/
-static OM_uint32 acquire_accept_cred(minor_status, desired_name, output_princ,
- cred)
+static OM_uint32
+acquire_accept_cred(context, minor_status, desired_name, output_princ, cred)
+ krb5_context context;
OM_uint32 *minor_status;
gss_name_t desired_name;
krb5_principal *output_princ;
/* open the default keytab */
- if (code = krb5_kt_default(&kt)) {
+ if (code = krb5_kt_default(context, &kt)) {
*minor_status = code;
return(GSS_S_CRED_UNAVAIL);
}
/* iterate over the keytab searching for the principal */
- if (code = krb5_kt_start_seq_get(kt, &cur)) {
+ if (code = krb5_kt_start_seq_get(context, kt, &cur)) {
*minor_status = code;
return(GSS_S_FAILURE);
}
- while (!(code = krb5_kt_next_entry(kt, &entry, &cur))) {
- if (krb5_principal_compare(entry.principal, princ)) {
+ while (!(code = krb5_kt_next_entry(context, kt, &entry, &cur))) {
+ if (krb5_principal_compare(context, entry.principal, princ)) {
code = 0;
- krb5_kt_free_entry(&entry);
+ krb5_kt_free_entry(context, &entry);
break;
}
- krb5_kt_free_entry(&entry);
+ krb5_kt_free_entry(context, &entry);
}
if (code == KRB5_KT_END) {
/* this means that the principal wasn't in the keytab */
- (void)krb5_kt_end_seq_get(kt, &cur);
+ (void)krb5_kt_end_seq_get(context, kt, &cur);
*minor_status = KG_KEYTAB_NOMATCH;
return(GSS_S_CRED_UNAVAIL);
} else if (code) {
/* this means some error occurred reading the keytab */
- (void)krb5_kt_end_seq_get(kt, &cur);
+ (void)krb5_kt_end_seq_get(context, kt, &cur);
*minor_status = code;
return(GSS_S_FAILURE);
} else {
/* this means that we found a matching entry */
- if (code = krb5_kt_end_seq_get(kt, &cur)) {
+ if (code = krb5_kt_end_seq_get(context, kt, &cur)) {
*minor_status = code;
return(GSS_S_FAILURE);
}
If successful, set the ccache-specific fields in cred.
*/
-static OM_uint32 acquire_init_cred(minor_status, desired_name, output_princ,
- cred)
+static OM_uint32
+acquire_init_cred(context, minor_status, desired_name, output_princ, cred)
+ krb5_context context;
OM_uint32 *minor_status;
gss_name_t desired_name;
krb5_principal *output_princ;
/* open the default credential cache */
- if (code = krb5_cc_default(&ccache)) {
+ if (code = krb5_cc_default(context, &ccache)) {
*minor_status = code;
return(GSS_S_CRED_UNAVAIL);
}
/* turn off OPENCLOSE mode while extensive frobbing is going on */
flags = 0; /* turns off OPENCLOSE mode */
- if (code = krb5_cc_set_flags(ccache, flags)) {
+ if (code = krb5_cc_set_flags(context, ccache, flags)) {
*minor_status = code;
return(GSS_S_FAILURE);
}
/* get out the principal name and see if it matches */
- if (code = krb5_cc_get_principal(ccache, &princ)) {
- (void)krb5_cc_close(ccache);
+ if (code = krb5_cc_get_principal(context, ccache, &princ)) {
+ (void)krb5_cc_close(context, ccache);
*minor_status = code;
return(GSS_S_FAILURE);
}
if (desired_name != GSS_C_NO_NAME) {
- if (! krb5_principal_compare(princ, (krb5_principal) desired_name)) {
- (void)krb5_free_principal(princ);
- (void)krb5_cc_close(ccache);
+ if (! krb5_principal_compare(context, princ, (krb5_principal) desired_name)) {
+ (void)krb5_free_principal(context, princ);
+ (void)krb5_cc_close(context, ccache);
*minor_status = KG_CCACHE_NOMATCH;
return(GSS_S_CRED_UNAVAIL);
}
- (void)krb5_free_principal(princ);
+ (void)krb5_free_principal(context, princ);
princ = (krb5_principal) desired_name;
} else {
*output_princ = princ;
/* iterate over the ccache, find the tgt */
- if (code = krb5_cc_start_seq_get(ccache, &cur)) {
- (void)krb5_cc_close(ccache);
+ if (code = krb5_cc_start_seq_get(context, ccache, &cur)) {
+ (void)krb5_cc_close(context, ccache);
*minor_status = code;
return(GSS_S_FAILURE);
}
got_endtime = 0;
- while (!(code = krb5_cc_next_cred(ccache, &cur, &creds))) {
+ while (!(code = krb5_cc_next_cred(context, ccache, &cur, &creds))) {
if ((creds.server->length == 2) &&
(strcmp(creds.server->realm.data, princ->realm.data) == 0) &&
(strcmp((char *) creds.server->data[0].data, "krbtgt") == 0) &&
got_endtime = 1;
*minor_status = 0;
code = 0;
- krb5_free_cred_contents(&creds);
+ krb5_free_cred_contents(context, &creds);
break;
}
if (got_endtime == 0) {
got_endtime = 1;
*minor_status = KG_TGT_MISSING;
}
- krb5_free_cred_contents(&creds);
+ krb5_free_cred_contents(context, &creds);
}
if (code && code != KRB5_CC_END) {
/* this means some error occurred reading the ccache */
- (void)krb5_cc_end_seq_get(ccache, &cur);
- (void)krb5_cc_close(ccache);
+ (void)krb5_cc_end_seq_get(context, ccache, &cur);
+ (void)krb5_cc_close(context, ccache);
*minor_status = code;
return(GSS_S_FAILURE);
} else {
/* this means that we found an endtime to use. */
- if (code = krb5_cc_end_seq_get(ccache, &cur)) {
- (void)krb5_cc_close(ccache);
+ if (code = krb5_cc_end_seq_get(context, ccache, &cur)) {
+ (void)krb5_cc_close(context, ccache);
*minor_status = code;
return(GSS_S_FAILURE);
}
flags = KRB5_TC_OPENCLOSE; /* turns on OPENCLOSE mode */
- if (code = krb5_cc_set_flags(ccache, flags)) {
- (void)krb5_cc_close(ccache);
+ if (code = krb5_cc_set_flags(context, ccache, flags)) {
+ (void)krb5_cc_close(context, ccache);
*minor_status = code;
return(GSS_S_FAILURE);
}
}
/*ARGSUSED*/
-OM_uint32 krb5_gss_acquire_cred(minor_status, desired_name, time_req,
- desired_mechs, cred_usage, output_cred_handle,
- actual_mechs, time_rec)
+OM_uint32
+krb5_gss_acquire_cred(context, minor_status, desired_name, time_req,
+ desired_mechs, cred_usage, output_cred_handle,
+ actual_mechs, time_rec)
+ krb5_context context;
OM_uint32 *minor_status;
gss_name_t desired_name;
OM_uint32 time_req;
&(cred->princ), cred))
!= GSS_S_COMPLETE) {
if (cred->princ)
- krb5_free_principal(cred->princ);
+ krb5_free_principal(context, cred->princ);
xfree(cred);
/* minor_status set by acquire_accept_cred() */
return(ret);
&(cred->princ), cred))
!= GSS_S_COMPLETE) {
if (cred->keytab)
- krb5_kt_close(cred->keytab);
+ krb5_kt_close(context, cred->keytab);
if (cred->princ)
- krb5_free_principal(cred->princ);
+ krb5_free_principal(context, cred->princ);
xfree(cred);
/* minor_status set by acquire_init_cred() */
return(ret);
/* if the princ wasn't filled in already, fill it in now */
if (!cred->princ)
- if (code = krb5_copy_principal((krb5_principal) desired_name,
+ if (code = krb5_copy_principal(context, (krb5_principal) desired_name,
&(cred->princ))) {
if (cred->ccache)
- (void)krb5_cc_close(cred->ccache);
+ (void)krb5_cc_close(context, cred->ccache);
if (cred->keytab)
- (void)krb5_kt_close(cred->keytab);
+ (void)krb5_kt_close(context, cred->keytab);
xfree(cred);
*minor_status = code;
return(GSS_S_FAILURE);
} else {
krb5_timestamp now;
- if (code = krb5_timeofday(&now)) {
+ if (code = krb5_timeofday(context, &now)) {
if (cred->ccache)
- (void)krb5_cc_close(cred->ccache);
+ (void)krb5_cc_close(context, cred->ccache);
if (cred->keytab)
- (void)krb5_kt_close(cred->keytab);
+ (void)krb5_kt_close(context, cred->keytab);
if (cred->princ)
- krb5_free_principal(cred->princ);
+ krb5_free_principal(context, cred->princ);
xfree(cred);
*minor_status = code;
return(GSS_S_FAILURE);
if (actual_mechs) {
if (! g_copy_OID_set(gss_mech_set_krb5, &mechs)) {
if (cred->ccache)
- (void)krb5_cc_close(cred->ccache);
+ (void)krb5_cc_close(context, cred->ccache);
if (cred->keytab)
- (void)krb5_kt_close(cred->keytab);
+ (void)krb5_kt_close(context, cred->keytab);
if (cred->princ)
- krb5_free_principal(cred->princ);
+ krb5_free_principal(context, cred->princ);
xfree(cred);
*minor_status = ENOMEM;
return(GSS_S_FAILURE);
free(mechs->elements);
free(mechs);
if (cred->ccache)
- (void)krb5_cc_close(cred->ccache);
+ (void)krb5_cc_close(context, cred->ccache);
if (cred->keytab)
- (void)krb5_kt_close(cred->keytab);
+ (void)krb5_kt_close(context, cred->keytab);
if (cred->princ)
- krb5_free_principal(cred->princ);
+ krb5_free_principal(context, cred->princ);
xfree(cred);
*minor_status = G_VALIDATE_FAILED;
return(GSS_S_FAILURE);
#include "gssapiP_krb5.h"
OM_uint32
-krb5_gss_compare_name(minor_status, name1, name2, name_equal)
+krb5_gss_compare_name(context, minor_status, name1, name2, name_equal)
+ krb5_context context;
OM_uint32 *minor_status;
gss_name_t name1;
gss_name_t name2;
}
*minor_status = 0;
- *name_equal = krb5_principal_compare((krb5_principal) name1,
+ *name_equal = krb5_principal_compare(context, (krb5_principal) name1,
(krb5_principal) name2);
return(GSS_S_COMPLETE);
}
#include "gssapiP_krb5.h"
OM_uint32
-krb5_gss_context_time(minor_status, context_handle, time_rec)
+krb5_gss_context_time(context, minor_status, context_handle, time_rec)
+ krb5_context context;
OM_uint32 *minor_status;
gss_ctx_id_t context_handle;
OM_uint32 *time_rec;
return(GSS_S_NO_CONTEXT);
}
- if (code = krb5_timeofday(&now)) {
+ if (code = krb5_timeofday(context, &now)) {
*minor_status = code;
return(GSS_S_FAILURE);
}
#include "gssapiP_krb5.h"
OM_uint32
-krb5_gss_delete_sec_context(minor_status, context_handle, output_token)
+krb5_gss_delete_sec_context(context, minor_status, context_handle, output_token)
+ krb5_context context;
OM_uint32 *minor_status;
gss_ctx_id_t *context_handle;
gss_buffer_t output_token;
ctx = (gss_ctx_id_t) *context_handle;
if (ctx->enc.processed)
- krb5_finish_key(&ctx->enc.eblock);
- krb5_free_keyblock(ctx->enc.key);
+ krb5_finish_key(context, &ctx->enc.eblock);
+ krb5_free_keyblock(context, ctx->enc.key);
if (ctx->seq.processed)
- krb5_finish_key(&ctx->seq.eblock);
+ krb5_finish_key(context, &ctx->seq.eblock);
- krb5_free_principal(ctx->here);
- krb5_free_principal(ctx->there);
- krb5_free_keyblock(ctx->subkey);
+ krb5_free_principal(context, ctx->here);
+ krb5_free_principal(context, ctx->there);
+ krb5_free_keyblock(context, ctx->subkey);
xfree(ctx);
#include "gssapiP_krb5.h"
OM_uint32
-krb5_gss_display_name(minor_status, input_name, output_name_buffer,
+krb5_gss_display_name(context, minor_status, input_name, output_name_buffer,
output_name_type)
+ krb5_context context;
OM_uint32 *minor_status;
gss_name_t input_name;
gss_buffer_t output_name_buffer;
return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME);
}
- if (code = krb5_unparse_name((krb5_principal) input_name, &str)) {
+ if (code = krb5_unparse_name(context, (krb5_principal) input_name, &str)) {
*minor_status = code;
return(GSS_S_FAILURE);
}
/**/
OM_uint32
-krb5_gss_display_status(minor_status, status_value, status_type,
+krb5_gss_display_status(context, minor_status, status_value, status_type,
mech_type, message_context, status_string)
+ krb5_context context;
OM_uint32 *minor_status;
OM_uint32 status_value;
int status_type;
message_context, status_string));
} else if (status_type == GSS_C_MECH_CODE) {
if (!init_et) {
- krb5_init_ets();
+ krb5_init_ets(context);
initialize_k5g_error_table();
init_et = 1;
}
krb5_int32 seq_recv;
int established;
int big_endian;
+ krb5_context context;
} krb5_gss_ctx_id_rec, krb5_gss_ctx_id_t;
extern void *kg_vdb;
/** helper functions **/
-OM_uint32 kg_get_defcred PROTOTYPE((OM_uint32 *minor_status, gss_cred_id_t *cred));
+OM_uint32 kg_get_defcred
+ PROTOTYPE((OM_uint32 *minor_status,
+ gss_cred_id_t *cred));
OM_uint32 kg_release_defcred PROTOTYPE((OM_uint32 *minor_status));
/** declarations of internal name mechanism functions **/
OM_uint32 krb5_gss_acquire_cred
-PROTOTYPE( (OM_uint32*, /* minor_status */
+PROTOTYPE( (krb5_context,
+ OM_uint32*, /* minor_status */
gss_name_t, /* desired_name */
OM_uint32, /* time_req */
gss_OID_set, /* desired_mechs */
));
OM_uint32 krb5_gss_release_cred
-PROTOTYPE( (OM_uint32*, /* minor_status */
+PROTOTYPE( (krb5_context,
+ OM_uint32*, /* minor_status */
gss_cred_id_t* /* cred_handle */
));
OM_uint32 krb5_gss_init_sec_context
-PROTOTYPE( (OM_uint32*, /* minor_status */
+PROTOTYPE( (krb5_context,
+ OM_uint32*, /* minor_status */
gss_cred_id_t, /* claimant_cred_handle */
gss_ctx_id_t*, /* context_handle */
gss_name_t, /* target_name */
));
OM_uint32 krb5_gss_accept_sec_context
-PROTOTYPE( (OM_uint32*, /* minor_status */
+PROTOTYPE( (krb5_context,
+ OM_uint32*, /* minor_status */
gss_ctx_id_t*, /* context_handle */
gss_cred_id_t, /* verifier_cred_handle */
gss_buffer_t, /* input_token_buffer */
));
OM_uint32 krb5_gss_process_context_token
-PROTOTYPE( (OM_uint32*, /* minor_status */
+PROTOTYPE( (krb5_context,
+ OM_uint32*, /* minor_status */
gss_ctx_id_t, /* context_handle */
gss_buffer_t /* token_buffer */
));
OM_uint32 krb5_gss_delete_sec_context
-PROTOTYPE( (OM_uint32*, /* minor_status */
+PROTOTYPE( (krb5_context,
+ OM_uint32*, /* minor_status */
gss_ctx_id_t*, /* context_handle */
gss_buffer_t /* output_token */
));
OM_uint32 krb5_gss_context_time
-PROTOTYPE( (OM_uint32*, /* minor_status */
+PROTOTYPE( (krb5_context,
+ OM_uint32*, /* minor_status */
gss_ctx_id_t, /* context_handle */
OM_uint32* /* time_rec */
));
OM_uint32 krb5_gss_sign
-PROTOTYPE( (OM_uint32*, /* minor_status */
+PROTOTYPE( (krb5_context,
+ OM_uint32*, /* minor_status */
gss_ctx_id_t, /* context_handle */
int, /* qop_req */
gss_buffer_t, /* message_buffer */
));
OM_uint32 krb5_gss_verify
-PROTOTYPE( (OM_uint32*, /* minor_status */
+PROTOTYPE( (krb5_context,
+ OM_uint32*, /* minor_status */
gss_ctx_id_t, /* context_handle */
gss_buffer_t, /* message_buffer */
gss_buffer_t, /* token_buffer */
));
OM_uint32 krb5_gss_seal
-PROTOTYPE( (OM_uint32*, /* minor_status */
+PROTOTYPE( (krb5_context,
+ OM_uint32*, /* minor_status */
gss_ctx_id_t, /* context_handle */
int, /* conf_req_flag */
int, /* qop_req */
));
OM_uint32 krb5_gss_unseal
-PROTOTYPE( (OM_uint32*, /* minor_status */
+PROTOTYPE( (krb5_context,
+ OM_uint32*, /* minor_status */
gss_ctx_id_t, /* context_handle */
gss_buffer_t, /* input_message_buffer */
gss_buffer_t, /* output_message_buffer */
));
OM_uint32 krb5_gss_display_status
-PROTOTYPE( (OM_uint32*, /* minor_status */
+PROTOTYPE( (krb5_context,
+ OM_uint32*, /* minor_status */
OM_uint32, /* status_value */
int, /* status_type */
const_gss_OID, /* mech_type */
));
OM_uint32 krb5_gss_indicate_mechs
-PROTOTYPE( (OM_uint32*, /* minor_status */
+PROTOTYPE( (krb5_context,
+ OM_uint32*, /* minor_status */
gss_OID_set* /* mech_set */
));
OM_uint32 krb5_gss_compare_name
-PROTOTYPE( (OM_uint32*, /* minor_status */
+PROTOTYPE( (krb5_context,
+ OM_uint32*, /* minor_status */
gss_name_t, /* name1 */
gss_name_t, /* name2 */
int* /* name_equal */
));
OM_uint32 krb5_gss_display_name
-PROTOTYPE( (OM_uint32*, /* minor_status */
+PROTOTYPE( (krb5_context,
+ OM_uint32*, /* minor_status */
gss_name_t, /* input_name */
gss_buffer_t, /* output_name_buffer */
gss_OID* /* output_name_type */
));
OM_uint32 krb5_gss_import_name
-PROTOTYPE( (OM_uint32*, /* minor_status */
+PROTOTYPE( (krb5_context,
+ OM_uint32*, /* minor_status */
gss_buffer_t, /* input_name_buffer */
const_gss_OID, /* input_name_type */
gss_name_t* /* output_name */
));
OM_uint32 krb5_gss_release_name
-PROTOTYPE( (OM_uint32*, /* minor_status */
+PROTOTYPE( (krb5_context,
+ OM_uint32*, /* minor_status */
gss_name_t* /* input_name */
));
OM_uint32 krb5_gss_inquire_cred
-PROTOTYPE( (OM_uint32 *, /* minor_status */
+PROTOTYPE( (krb5_context,
+ OM_uint32 *, /* minor_status */
gss_cred_id_t, /* cred_handle */
gss_name_t *, /* name */
OM_uint32 *, /* lifetime */
));
OM_uint32 krb5_gss_inquire_context
-PROTOTYPE( (OM_uint32*, /* minor_status */
+PROTOTYPE( (krb5_context,
+ OM_uint32*, /* minor_status */
gss_ctx_id_t, /* context_handle */
gss_name_t*, /* initiator_name */
gss_name_t*, /* acceptor_name */
const gss_OID_set_desc * const gss_mech_set_krb5 = oidsets+0;
+krb5_context kg_context;
+
void *kg_vdb = NULL;
/** default credential support */
if (defcred == GSS_C_NO_CREDENTIAL) {
OM_uint32 major;
- if ((major = krb5_gss_acquire_cred(minor_status, GSS_C_NO_NAME,
- GSS_C_INDEFINITE, GSS_C_NULL_OID_SET,
- GSS_C_INITIATE, &defcred, NULL,
- NULL)) &&
+ if ((major = krb5_gss_acquire_cred(kg_context, minor_status,
+ GSS_C_NO_NAME, GSS_C_INDEFINITE,
+ GSS_C_NULL_OID_SET, GSS_C_INITIATE,
+ &defcred, NULL, NULL)) &&
GSS_ERROR(major)) {
defcred = GSS_C_NO_CREDENTIAL;
return(major);
return(GSS_S_COMPLETE);
}
- return(krb5_gss_release_cred(minor_status, &defcred));
+ return(krb5_gss_release_cred(kg_context, minor_status, &defcred));
}
#define gss_krb5_nt_machine_uid_name gss_nt_machine_uid_name
#define gss_krb5_nt_string_uid_name gss_nt_string_uid_name
-OM_uint32 gss_krb5_get_tkt_flags PROTOTYPE((OM_uint32 *minor_status,
- gss_ctx_id_t context_handle,
- krb5_flags *ticket_flags));
+OM_uint32 gss_krb5_get_tkt_flags
+ PROTOTYPE((OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle,
+ krb5_flags *ticket_flags));
#endif /* _GSSAPI_KRB5_H_ */
*/
OM_uint32
-krb5_gss_import_name(minor_status, input_name_buffer, input_name_type,
- output_name)
+krb5_gss_import_name(context, minor_status, input_name_buffer,
+ input_name_type, output_name)
+ krb5_context context;
OM_uint32 *minor_status;
gss_buffer_t input_name_buffer;
const_gss_OID input_name_type;
*host = '\0';
host++;
- code = krb5_sname_to_principal(host, service, KRB5_NT_SRV_HST,
+ code = krb5_sname_to_principal(context, host, service, KRB5_NT_SRV_HST,
&princ);
xfree(tmp);
input = *((krb5_principal *) input_name_buffer->value);
- if (code = krb5_copy_principal(input, &princ)) {
+ if (code = krb5_copy_principal(context, input, &princ)) {
*minor_status = code;
return(GSS_S_FAILURE);
}
/* at this point, stringrep is set, or if not, *minor_status is. */
if (stringrep)
- code = krb5_parse_name((char *) stringrep, &princ);
+ code = krb5_parse_name(context, (char *) stringrep, &princ);
else
return(GSS_S_BAD_NAME);
}
/* save the name in the validation database */
if (! kg_save_name((gss_name_t) princ)) {
- krb5_free_principal(princ);
+ krb5_free_principal(context, princ);
*minor_status = G_VALIDATE_FAILED;
return(GSS_S_FAILURE);
}
#include "gssapiP_krb5.h"
OM_uint32
-krb5_gss_indicate_mechs(minor_status, mech_set)
+krb5_gss_indicate_mechs(context, minor_status, mech_set)
+ krb5_context context;
OM_uint32 *minor_status;
gss_OID_set *mech_set;
{
#include <memory.h>
static krb5_error_code
-make_ap_req(cred, server, endtime, chan_bindings, do_mutual, subkey, flags,
- seqnum, token)
+make_ap_req(context, cred, server, endtime, chan_bindings, do_mutual,
+ subkey, flags, seqnum, token)
+ krb5_context context;
krb5_gss_cred_id_t cred;
krb5_principal server;
krb5_timestamp *endtime;
/* fill in the necessary fields in creds */
memset((char *) &creds, 0, sizeof(creds));
- if (code = krb5_copy_principal(cred->princ, &creds.client))
+ if (code = krb5_copy_principal(context, cred->princ, &creds.client))
return code;
- if (code = krb5_copy_principal(server, &creds.server)) {
- krb5_free_cred_contents(&creds);
+ if (code = krb5_copy_principal(context, server, &creds.server)) {
+ krb5_free_cred_contents(context, &creds);
return code;
}
creds.times.endtime = *endtime;
/* call mk_req. subkey and ap_req need to be used or destroyed */
- if (code = krb5_mk_req_extended(do_mutual?AP_OPTS_MUTUAL_REQUIRED:0,
+ if (code = krb5_mk_req_extended(context, do_mutual?AP_OPTS_MUTUAL_REQUIRED:0,
&checksum, 0, 0, subkey, cred->ccache,
&creds, &authent, &ap_req)) {
- krb5_free_cred_contents(&creds);
+ krb5_free_cred_contents(context, &creds);
return(code);
}
/* free stuff which was created */
- krb5_free_cred_contents(&creds);
+ krb5_free_cred_contents(context, &creds);
/* build up the token */
if ((t = (unsigned char *) xmalloc(tlen)) == NULL) {
xfree(ap_req.data);
- krb5_free_keyblock(*subkey);
+ krb5_free_keyblock(context, *subkey);
return(ENOMEM);
}
}
OM_uint32
-krb5_gss_init_sec_context(minor_status, claimant_cred_handle,
+krb5_gss_init_sec_context(context, minor_status, claimant_cred_handle,
context_handle, target_name, mech_type,
req_flags, time_req, input_chan_bindings,
input_token, actual_mech_type, output_token,
ret_flags, time_rec)
+ krb5_context context;
OM_uint32 *minor_status;
gss_cred_id_t claimant_cred_handle;
gss_ctx_id_t *context_handle;
if (time_req == 0 || time_req == GSS_C_INDEFINITE) {
ctx->endtime = 0;
} else {
- if (code = krb5_timeofday(&now)) {
+ if (code = krb5_timeofday(context, &now)) {
free(ctx);
*minor_status = code;
return(GSS_S_FAILURE);
ctx->endtime = now + time_req;
}
- if (code = krb5_copy_principal(cred->princ, &ctx->here)) {
+ if (code = krb5_copy_principal(context, cred->princ, &ctx->here)) {
xfree(ctx);
*minor_status = code;
return(GSS_S_FAILURE);
}
- if (code = krb5_copy_principal((krb5_principal) target_name,
+ if (code = krb5_copy_principal(context, (krb5_principal) target_name,
&ctx->there)) {
- krb5_free_principal(ctx->here);
+ krb5_free_principal(context, ctx->here);
xfree(ctx);
*minor_status = code;
return(GSS_S_FAILURE);
input_chan_bindings, ctx->mutual,
&ctx->subkey, &ctx->flags,
&ctx->seq_send, &token)) {
- krb5_free_principal(ctx->here);
- krb5_free_principal(ctx->there);
+ krb5_free_principal(context, ctx->here);
+ krb5_free_principal(context, ctx->there);
xfree(ctx);
*minor_status = code;
return(GSS_S_FAILURE);
/* the encryption key is the session key XOR 0xf0f0f0f0f0f0f0f0 */
- krb5_use_cstype(&ctx->enc.eblock, ETYPE_RAW_DES_CBC);
+ krb5_use_cstype(context, &ctx->enc.eblock, ETYPE_RAW_DES_CBC);
ctx->enc.processed = 0;
- if (code = krb5_copy_keyblock(ctx->subkey, &ctx->enc.key))
+ if (code = krb5_copy_keyblock(context, ctx->subkey, &ctx->enc.key))
return(code);
for (i=0; i<ctx->enc.key->length; i++)
/*SUPPRESS 113*/
ctx->enc.key->contents[i] ^= 0xf0;
- krb5_use_cstype(&ctx->seq.eblock, ETYPE_RAW_DES_CBC);
+ krb5_use_cstype(context, &ctx->seq.eblock, ETYPE_RAW_DES_CBC);
ctx->seq.processed = 0;
ctx->seq.key = ctx->subkey;
if (! kg_save_ctx_id((gss_ctx_id_t) ctx)) {
xfree(token.value);
- krb5_free_keyblock(ctx->subkey);
- krb5_free_principal(ctx->here);
- krb5_free_principal(ctx->there);
+ krb5_free_keyblock(context, ctx->subkey);
+ krb5_free_principal(context, ctx->here);
+ krb5_free_principal(context, ctx->there);
xfree(ctx);
*minor_status = G_VALIDATE_FAILED;
/* compute time_rec */
if (time_rec) {
- if (code = krb5_timeofday(&now)) {
+ if (code = krb5_timeofday(context, &now)) {
xfree(token.value);
- (void)krb5_gss_delete_sec_context(minor_status, (gss_ctx_id_t) ctx,
- NULL);
+ (void)krb5_gss_delete_sec_context(context, minor_status,
+ (gss_ctx_id_t) ctx, NULL);
*minor_status = code;
return(GSS_S_FAILURE);
}
if ((ctx->established) ||
(((gss_cred_id_t) ctx->cred) != claimant_cred_handle) ||
((req_flags & GSS_C_MUTUAL_FLAG) == 0)) {
- (void)krb5_gss_delete_sec_context(minor_status, context_handle, NULL);
+ (void)krb5_gss_delete_sec_context(context, minor_status,
+ context_handle, NULL);
*minor_status = KG_CONTEXT_ESTABLISHED;
return(GSS_S_FAILURE);
}
- if (! krb5_principal_compare(ctx->there, (krb5_principal) target_name)) {
- (void)krb5_gss_delete_sec_context(minor_status, context_handle, NULL);
+ if (! krb5_principal_compare(context, ctx->there,
+ (krb5_principal) target_name)) {
+ (void)krb5_gss_delete_sec_context(context, minor_status,
+ context_handle, NULL);
*minor_status = 0;
return(GSS_S_BAD_NAME);
}
/* verify the token and leave the AP_REP message in ap_rep */
if (input_token == GSS_C_NO_BUFFER) {
- (void)krb5_gss_delete_sec_context(minor_status, context_handle, NULL);
+ (void)krb5_gss_delete_sec_context(context, minor_status,
+ context_handle, NULL);
*minor_status = 0;
return(GSS_S_DEFECTIVE_TOKEN);
}
TREAD_STR(ptr, ap_rep.data, ap_rep.length);
/* decode the ap_rep */
- if (code = krb5_rd_rep(&ap_rep, ctx->subkey, &ap_rep_data)) {
- (void)krb5_gss_delete_sec_context(minor_status, context_handle, NULL);
+ if (code = krb5_rd_rep(context, &ap_rep, ctx->subkey, &ap_rep_data)) {
+ (void)krb5_gss_delete_sec_context(context, minor_status,
+ context_handle, NULL);
*minor_status = code;
return(GSS_S_FAILURE);
}
ctx->seq_recv = ap_rep_data->seq_number;
/* free the ap_rep_data */
- krb5_free_ap_rep_enc_part(ap_rep_data);
+ krb5_free_ap_rep_enc_part(context, ap_rep_data);
/* set established */
ctx->established = 1;
/* set returns */
if (time_rec) {
- if (code = krb5_timeofday(&now)) {
- (void)krb5_gss_delete_sec_context(minor_status, (gss_ctx_id_t) ctx,
+ if (code = krb5_timeofday(context, &now)) {
+ (void)krb5_gss_delete_sec_context(context, minor_status,
+ (gss_ctx_id_t) ctx,
NULL);
*minor_status = code;
return(GSS_S_FAILURE);
#include "gssapiP_krb5.h"
OM_uint32
-krb5_gss_inquire_context(minor_status, context_handle, initiator_name,
+krb5_gss_inquire_context(context, minor_status, context_handle, initiator_name,
acceptor_name, lifetime_rec, mech_type, ret_flags,
locally_initiated)
+ krb5_context context;
OM_uint32 *minor_status;
gss_ctx_id_t context_handle;
gss_name_t *initiator_name;
init = NULL;
accept = NULL;
- if (code = krb5_timeofday(&now)) {
+ if (code = krb5_timeofday(context, &now)) {
*minor_status = code;
return(GSS_S_FAILURE);
}
lifetime = 0;
if (initiator_name) {
- if (code = krb5_copy_principal(ctx->initiate?ctx->here:ctx->there,
+ if (code = krb5_copy_principal(context,
+ ctx->initiate?ctx->here:ctx->there,
&init)) {
*minor_status = code;
return(GSS_S_FAILURE);
}
if (! kg_save_name((gss_name_t) init)) {
- krb5_free_principal(init);
+ krb5_free_principal(context, init);
*minor_status = G_VALIDATE_FAILED;
return(GSS_S_FAILURE);
}
}
if (acceptor_name) {
- if (code = krb5_copy_principal(ctx->initiate?ctx->there:ctx->here,
+ if (code = krb5_copy_principal(context,
+ ctx->initiate?ctx->there:ctx->here,
&accept)) {
- if (init) krb5_free_principal(init);
+ if (init) krb5_free_principal(context, init);
*minor_status = code;
return(GSS_S_FAILURE);
}
if (! kg_save_name((gss_name_t) accept)) {
- krb5_free_principal(accept);
+ krb5_free_principal(context, accept);
if (init) {
kg_delete_name((gss_name_t) accept);
- krb5_free_principal(init);
+ krb5_free_principal(context, init);
}
*minor_status = G_VALIDATE_FAILED;
return(GSS_S_FAILURE);
#include "gssapiP_krb5.h"
OM_uint32
-krb5_gss_inquire_cred(minor_status, cred_handle, name, lifetime_ret,
+krb5_gss_inquire_cred(context, minor_status, cred_handle, name, lifetime_ret,
cred_usage, mechanisms)
+ krb5_context context;
OM_uint32 *minor_status;
gss_cred_id_t cred_handle;
gss_name_t *name;
cred = (krb5_gss_cred_id_t) cred_handle;
- if (code = krb5_timeofday(&now)) {
+ if (code = krb5_timeofday(context, &now)) {
*minor_status = code;
return(GSS_S_FAILURE);
}
lifetime = 0;
if (name) {
- if (code = krb5_copy_principal(cred->princ, &ret_name)) {
+ if (code = krb5_copy_principal(context, cred->princ, &ret_name)) {
*minor_status = code;
return(GSS_S_FAILURE);
}
if (mechanisms)
if (! g_copy_OID_set(gss_mech_set_krb5, &mechs)) {
- krb5_free_principal(ret_name);
+ krb5_free_principal(context, ret_name);
*minor_status = ENOMEM;
return(GSS_S_FAILURE);
}
if (name) {
if (! kg_save_name((gss_name_t) ret_name)) {
(void)gss_release_oid_set(minor_status, &mechs);
- krb5_free_principal(ret_name);
+ krb5_free_principal(context, ret_name);
*minor_status = G_VALIDATE_FAILED;
return(GSS_S_FAILURE);
}
#include <krb5/rsa-md5.h>
static krb5_error_code
-make_seal_token(enc_ed, seq_ed, seqnum, direction, text, token,
+make_seal_token(context, enc_ed, seq_ed, seqnum, direction, text, token,
encrypt, toktype, bigend)
+ krb5_context context;
krb5_gss_enc_desc *enc_ed;
krb5_gss_enc_desc *seq_ed;
krb5_int32 *seqnum;
/* XXX this depends on the key being a single-des key, but that's
all that kerberos supports right now */
- if (code = krb5_calculate_checksum(CKSUMTYPE_DESCBC, md5.digest, 16,
+ if (code = krb5_calculate_checksum(context, CKSUMTYPE_DESCBC, md5.digest, 16,
seq_ed->key->contents,
seq_ed->key->length,
&desmac)) {
return(GSS_S_NO_CONTEXT);
}
- if (code = krb5_timeofday(&now)) {
+ if (code = krb5_timeofday(ctx->context, &now)) {
*minor_status = code;
return(GSS_S_FAILURE);
}
/* XXX this depends on the key being a single-des key, but that's
all that kerberos supports right now */
- if (code = krb5_calculate_checksum(CKSUMTYPE_DESCBC, md5.digest, 16,
- ctx->seq.key->contents,
+ if (code = krb5_calculate_checksum(context, CKSUMTYPE_DESCBC, md5.digest,
+ 16, ctx->seq.key->contents,
ctx->seq.key->length,
&desmac)) {
if (toktype == KG_TOK_SEAL_MSG)
if (qop_state)
*qop_state = GSS_C_QOP_DEFAULT;
- if (code = krb5_timeofday(&now)) {
+ if (code = krb5_timeofday(ctx->context, &now)) {
*minor_status = code;
return(GSS_S_FAILURE);
}
#include "gssapiP_krb5.h"
+extern krb5_context kg_context;
+
OM_uint32
-gss_accept_sec_context(minor_status,
- context_handle,
- verifier_cred_handle,
- input_token,
- input_chan_bindings,
- src_name,
- mech_type,
- output_token,
- ret_flags,
- time_rec,
- delegated_cred_handle)
+gss_accept_sec_context(minor_status, context_handle, verifier_cred_handle,
+ input_token, input_chan_bindings, src_name, mech_type,
+ output_token, ret_flags, time_rec, delegated_cred_handle)
OM_uint32 *minor_status;
gss_ctx_id_t *context_handle;
gss_cred_id_t verifier_cred_handle;
OM_uint32 *time_rec;
gss_cred_id_t *delegated_cred_handle;
{
- return(krb5_gss_accept_sec_context(minor_status,
+ krb5_gss_ctx_id_t * ctx;
+
+ /* validate the context handle */
+ if (! kg_validate_ctx_id(context_handle)) {
+ *minor_status = G_VALIDATE_FAILED;
+ return(GSS_S_NO_CONTEXT);
+ }
+
+ ctx = (krb5_gss_ctx_id_rec *) context_handle;
+
+ return(krb5_gss_accept_sec_context(ctx->context, minor_status,
context_handle,
verifier_cred_handle,
input_token,
}
OM_uint32
-gss_acquire_cred(minor_status,
- desired_name,
- time_req,
- desired_mechs,
- cred_usage,
- output_cred_handle,
- actual_mechs,
- time_rec)
+gss_acquire_cred(minor_status, desired_name, time_req, desired_mechs,
+ cred_usage, output_cred_handle, actual_mechs, time_rec)
OM_uint32 *minor_status;
gss_name_t desired_name;
OM_uint32 time_req;
gss_OID_set *actual_mechs;
OM_uint32 *time_rec;
{
- return(krb5_gss_acquire_cred(minor_status,
+ return(krb5_gss_acquire_cred(kg_context, minor_status,
desired_name,
time_req,
desired_mechs,
}
OM_uint32
-gss_compare_name(minor_status,
- name1,
- name2,
- name_equal)
+gss_compare_name(minor_status, name1, name2, name_equal)
OM_uint32 *minor_status;
gss_name_t name1;
gss_name_t name2;
int *name_equal;
{
- return(krb5_gss_compare_name(minor_status,
- name1,
- name2,
- name_equal));
+ return(krb5_gss_compare_name(kg_context, minor_status, name1,
+ name2, name_equal));
}
OM_uint32
-gss_context_time(minor_status,
- context_handle,
- time_rec)
+gss_context_time(minor_status, context_handle, time_rec)
OM_uint32 *minor_status;
gss_ctx_id_t context_handle;
OM_uint32 *time_rec;
{
- return(krb5_gss_context_time(minor_status,
- context_handle,
+ krb5_gss_ctx_id_t * ctx;
+
+ /* validate the context handle */
+ if (! kg_validate_ctx_id(context_handle)) {
+ *minor_status = G_VALIDATE_FAILED;
+ return(GSS_S_NO_CONTEXT);
+ }
+
+ ctx = (krb5_gss_ctx_id_rec *) context_handle;
+
+ return(krb5_gss_context_time(ctx->context, minor_status, context_handle,
time_rec));
}
OM_uint32
-gss_delete_sec_context(minor_status,
- context_handle,
- output_token)
+gss_delete_sec_context(minor_status, context_handle, output_token)
OM_uint32 *minor_status;
gss_ctx_id_t *context_handle;
gss_buffer_t output_token;
{
- return(krb5_gss_delete_sec_context(minor_status,
- context_handle,
- output_token));
+ krb5_gss_ctx_id_t * ctx;
+
+ /* validate the context handle */
+ if (! kg_validate_ctx_id(context_handle)) {
+ *minor_status = G_VALIDATE_FAILED;
+ return(GSS_S_NO_CONTEXT);
+ }
+
+ ctx = (krb5_gss_ctx_id_rec *) context_handle;
+
+ return(krb5_gss_delete_sec_context(ctx->context, minor_status,
+ context_handle, output_token));
}
OM_uint32
-gss_display_name(minor_status,
- input_name,
- output_name_buffer,
- output_name_type)
+gss_display_name(minor_status, input_name, output_name_buffer, output_name_type)
OM_uint32 *minor_status;
gss_name_t input_name;
gss_buffer_t output_name_buffer;
gss_OID *output_name_type;
{
- return(krb5_gss_display_name(minor_status,
- input_name,
- output_name_buffer,
- output_name_type));
+ return(krb5_gss_display_name(kg_context, minor_status, input_name,
+ output_name_buffer, output_name_type));
}
OM_uint32
-gss_display_status(minor_status,
- status_value,
- status_type,
- mech_type,
- message_context,
- status_string)
+gss_display_status(minor_status, status_value, status_type,
+ mech_type, message_context, status_string)
OM_uint32 *minor_status;
OM_uint32 status_value;
int status_type;
int *message_context;
gss_buffer_t status_string;
{
- return(krb5_gss_display_status(minor_status,
- status_value,
- status_type,
- mech_type,
- message_context,
+ return(krb5_gss_display_status(kg_context, minor_status, status_value,
+ status_type, mech_type, message_context,
status_string));
}
OM_uint32
-gss_import_name(minor_status,
- input_name_buffer,
- input_name_type,
- output_name)
+gss_import_name(minor_status, input_name_buffer, input_name_type, output_name)
OM_uint32 *minor_status;
gss_buffer_t input_name_buffer;
const_gss_OID input_name_type;
gss_name_t *output_name;
{
- return(krb5_gss_import_name(minor_status,
- input_name_buffer,
- input_name_type,
- output_name));
+ return(krb5_gss_import_name(kg_context, minor_status, input_name_buffer,
+ input_name_type, output_name));
}
OM_uint32
OM_uint32 *minor_status;
gss_OID_set *mech_set;
{
- return(krb5_gss_indicate_mechs(minor_status,
- mech_set));
+ return(krb5_gss_indicate_mechs(kg_context, minor_status, mech_set));
}
OM_uint32
-gss_init_sec_context(minor_status,
- claimant_cred_handle,
- context_handle,
- target_name,
- mech_type,
- req_flags,
- time_req,
- input_chan_bindings,
- input_token,
- actual_mech_type,
- output_token,
- ret_flags,
- time_rec)
+gss_init_sec_context(minor_status, claimant_cred_handle, context_handle,
+ target_name, mech_type, req_flags, time_req,
+ input_chan_bindings, input_token, actual_mech_type,
+ output_token, ret_flags, time_rec)
OM_uint32 *minor_status;
gss_cred_id_t claimant_cred_handle;
gss_ctx_id_t *context_handle;
int *ret_flags;
OM_uint32 *time_rec;
{
- return(krb5_gss_init_sec_context(minor_status,
- claimant_cred_handle,
- context_handle,
- target_name,
- mech_type,
- req_flags,
- time_req,
- input_chan_bindings,
- input_token,
- actual_mech_type,
- output_token,
- ret_flags,
+ return(krb5_gss_init_sec_context(kg_context, minor_status,
+ claimant_cred_handle, context_handle,
+ target_name, mech_type, req_flags,
+ time_req, input_chan_bindings, input_token,
+ actual_mech_type, output_token, ret_flags,
time_rec));
}
OM_uint32
-gss_inquire_context(minor_status,
- context_handle,
- initiator_name,
- acceptor_name,
- lifetime_rec,
- mech_type,
- ret_flags,
+gss_inquire_context(minor_status, context_handle, initiator_name, acceptor_name,
+ lifetime_rec, mech_type, ret_flags,
locally_initiated)
OM_uint32 *minor_status;
gss_ctx_id_t context_handle;
int *ret_flags;
int *locally_initiated;
{
- return(krb5_gss_inquire_context(minor_status,
- context_handle,
- initiator_name,
- acceptor_name,
- lifetime_rec,
- mech_type,
- ret_flags,
- locally_initiated));
+ krb5_gss_ctx_id_t * ctx;
+
+ /* validate the context handle */
+ if (! kg_validate_ctx_id(context_handle)) {
+ *minor_status = G_VALIDATE_FAILED;
+ return(GSS_S_NO_CONTEXT);
+ }
+
+ ctx = (krb5_gss_ctx_id_rec *) context_handle;
+
+ return(krb5_gss_inquire_context(ctx->context, minor_status, context_handle,
+ initiator_name, acceptor_name, lifetime_rec,
+ mech_type, ret_flags, locally_initiated));
}
OM_uint32
-gss_inquire_cred(minor_status,
- cred_handle,
- name,
- lifetime_ret,
- cred_usage,
- mechanisms)
+gss_inquire_cred(minor_status, cred_handle, name, lifetime_ret,
+ cred_usage, mechanisms)
OM_uint32 *minor_status;
gss_cred_id_t cred_handle;
gss_name_t *name;
int *cred_usage;
gss_OID_set *mechanisms;
{
- return(krb5_gss_inquire_cred(minor_status,
- cred_handle,
- name,
- lifetime_ret,
- cred_usage,
- mechanisms));
+ return(krb5_gss_inquire_cred(kg_context, minor_status, cred_handle,
+ name, lifetime_ret, cred_usage, mechanisms));
}
OM_uint32
-gss_process_context_token(minor_status,
- context_handle,
- token_buffer)
+gss_process_context_token(minor_status, context_handle, token_buffer)
OM_uint32 *minor_status;
gss_ctx_id_t context_handle;
gss_buffer_t token_buffer;
{
- return(krb5_gss_process_context_token(minor_status,
- context_handle,
- token_buffer));
+ krb5_gss_ctx_id_t * ctx;
+
+ /* validate the context handle */
+ if (! kg_validate_ctx_id(context_handle)) {
+ *minor_status = G_VALIDATE_FAILED;
+ return(GSS_S_NO_CONTEXT);
+ }
+
+ ctx = (krb5_gss_ctx_id_rec *) context_handle;
+
+ return(krb5_gss_process_context_token(ctx->context, minor_status,
+ context_handle, token_buffer));
}
OM_uint32
OM_uint32 *minor_status;
gss_cred_id_t *cred_handle;
{
- return(krb5_gss_release_cred(minor_status,
- cred_handle));
+ return(krb5_gss_release_cred(kg_context, minor_status, cred_handle));
}
OM_uint32
OM_uint32 *minor_status;
gss_name_t *input_name;
{
- return(krb5_gss_release_name(minor_status,
- input_name));
+ return(krb5_gss_release_name(kg_context, minor_status, input_name));
}
OM_uint32
OM_uint32* minor_status;
gss_OID_set *set;
{
- return(generic_gss_release_oid_set(minor_status,
- set));
+ return(generic_gss_release_oid_set(minor_status, set));
}
OM_uint32
-gss_seal(minor_status,
- context_handle,
- conf_req_flag,
- qop_req,
- input_message_buffer,
- conf_state,
- output_message_buffer)
+gss_seal(minor_status, context_handle, conf_req_flag, qop_req,
+ input_message_buffer, conf_state, output_message_buffer)
OM_uint32 *minor_status;
gss_ctx_id_t context_handle;
int conf_req_flag;
int *conf_state;
gss_buffer_t output_message_buffer;
{
- return(krb5_gss_seal(minor_status,
- context_handle,
- conf_req_flag,
- qop_req,
- input_message_buffer,
- conf_state,
- output_message_buffer));
+ krb5_gss_ctx_id_t * ctx;
+
+ /* validate the context handle */
+ if (! kg_validate_ctx_id(context_handle)) {
+ *minor_status = G_VALIDATE_FAILED;
+ return(GSS_S_NO_CONTEXT);
+ }
+
+ ctx = (krb5_gss_ctx_id_rec *) context_handle;
+
+ return(krb5_gss_seal(ctx->context, minor_status, context_handle,
+ conf_req_flag, qop_req, input_message_buffer,
+ conf_state, output_message_buffer));
}
OM_uint32
-gss_sign(minor_status,
- context_handle,
- qop_req,
- message_buffer,
- message_token)
+gss_sign(minor_status, context_handle, qop_req, message_buffer, message_token)
OM_uint32 *minor_status;
gss_ctx_id_t context_handle;
int qop_req;
gss_buffer_t message_buffer;
gss_buffer_t message_token;
{
- return(krb5_gss_sign(minor_status,
- context_handle,
- qop_req,
- message_buffer,
- message_token));
+ krb5_gss_ctx_id_t * ctx;
+
+ /* validate the context handle */
+ if (! kg_validate_ctx_id(context_handle)) {
+ *minor_status = G_VALIDATE_FAILED;
+ return(GSS_S_NO_CONTEXT);
+ }
+
+ ctx = (krb5_gss_ctx_id_rec *) context_handle;
+
+ return(krb5_gss_sign(ctx->context, minor_status, context_handle,
+ qop_req, message_buffer, message_token));
}
OM_uint32
-gss_unseal(minor_status,
- context_handle,
- input_message_buffer,
- output_message_buffer,
- conf_state,
- qop_state)
+gss_unseal(minor_status, context_handle, input_message_buffer,
+ output_message_buffer, conf_state, qop_state)
OM_uint32 *minor_status;
gss_ctx_id_t context_handle;
gss_buffer_t input_message_buffer;
int *conf_state;
int *qop_state;
{
- return(krb5_gss_unseal(minor_status,
- context_handle,
- input_message_buffer,
- output_message_buffer,
- conf_state,
- qop_state));
+ krb5_gss_ctx_id_t * ctx;
+
+ /* validate the context handle */
+ if (! kg_validate_ctx_id(context_handle)) {
+ *minor_status = G_VALIDATE_FAILED;
+ return(GSS_S_NO_CONTEXT);
+ }
+
+ ctx = (krb5_gss_ctx_id_rec *) context_handle;
+
+ return(krb5_gss_unseal(ctx->context, minor_status, context_handle,
+ input_message_buffer, output_message_buffer,
+ conf_state, qop_state));
}
OM_uint32
-gss_verify(minor_status,
- context_handle,
- message_buffer,
- token_buffer,
- qop_state)
+gss_verify(minor_status, context_handle, message_buffer,
+ token_buffer, qop_state)
OM_uint32 *minor_status;
gss_ctx_id_t context_handle;
gss_buffer_t message_buffer;
gss_buffer_t token_buffer;
int *qop_state;
{
- return(krb5_gss_verify(minor_status,
- context_handle,
- message_buffer,
- token_buffer,
- qop_state));
+ krb5_gss_ctx_id_t * ctx;
+
+ /* validate the context handle */
+ if (! kg_validate_ctx_id(context_handle)) {
+ *minor_status = G_VALIDATE_FAILED;
+ return(GSS_S_NO_CONTEXT);
+ }
+
+ ctx = (krb5_gss_ctx_id_rec *) context_handle;
+
+ return(krb5_gss_verify(ctx->context, minor_status, context_handle,
+ message_buffer, token_buffer, qop_state));
}
#include "gssapiP_krb5.h"
OM_uint32
-krb5_gss_process_context_token(minor_status, context_handle, token_buffer)
+krb5_gss_process_context_token(context, minor_status, context_handle,
+ token_buffer)
+ krb5_context context;
OM_uint32 *minor_status;
gss_ctx_id_t context_handle;
gss_buffer_t token_buffer;
/* that's it. delete the context */
- return(krb5_gss_delete_sec_context(minor_status, &context_handle,
+ return(krb5_gss_delete_sec_context(context, minor_status, &context_handle,
GSS_C_NO_BUFFER));
}
#include "gssapiP_krb5.h"
OM_uint32
-krb5_gss_release_cred(minor_status, cred_handle)
+krb5_gss_release_cred(context, minor_status, cred_handle)
+ krb5_context context;
OM_uint32 *minor_status;
gss_cred_id_t *cred_handle;
{
cred = *cred_handle;
if (cred->ccache)
- code1 = krb5_cc_close(cred->ccache);
+ code1 = krb5_cc_close(context, cred->ccache);
else
code1 = 0;
if (cred->keytab)
- code2 = krb5_kt_close(cred->keytab);
+ code2 = krb5_kt_close(context, cred->keytab);
else
code2 = 0;
if (cred->princ)
- krb5_free_principal(cred->princ);
+ krb5_free_principal(context, cred->princ);
xfree(cred);
*cred_handle = NULL;
#include "gssapiP_krb5.h"
OM_uint32
-krb5_gss_release_name(minor_status, input_name)
+krb5_gss_release_name(context, minor_status, input_name)
+ krb5_context context;
OM_uint32 *minor_status;
gss_name_t *input_name;
{
(void)kg_delete_name(*input_name);
- krb5_free_principal((krb5_principal) *input_name);
+ krb5_free_principal(context, (krb5_principal) *input_name);
*input_name = GSS_C_NO_NAME;
#include "gssapiP_krb5.h"
OM_uint32
-krb5_gss_seal(minor_status, context_handle, conf_req_flag,
- qop_req, input_message_buffer, conf_state,
- output_message_buffer)
+krb5_gss_seal(context, minor_status, context_handle, conf_req_flag,
+ qop_req, input_message_buffer, conf_state,
+ output_message_buffer)
+ krb5_context context;
OM_uint32 *minor_status;
gss_ctx_id_t context_handle;
int conf_req_flag;
#include "gssapiP_krb5.h"
OM_uint32
-krb5_gss_sign(minor_status, context_handle,
+krb5_gss_sign(context, minor_status, context_handle,
qop_req, message_buffer,
message_token)
+ krb5_context context;
OM_uint32 *minor_status;
gss_ctx_id_t context_handle;
int qop_req;
#include "gssapiP_krb5.h"
OM_uint32
-krb5_gss_unseal(minor_status, context_handle,
+krb5_gss_unseal(context, minor_status, context_handle,
input_message_buffer, output_message_buffer,
conf_state, qop_state)
+ krb5_context context;
OM_uint32 *minor_status;
gss_ctx_id_t context_handle;
gss_buffer_t input_message_buffer;
#include "gssapiP_krb5.h"
#include <memory.h>
-krb5_error_code kg_checksum_channel_bindings(cb, cksum, bigend)
+krb5_error_code
+kg_checksum_channel_bindings(cb, cksum, bigend)
gss_channel_bindings_t cb;
krb5_checksum *cksum;
int bigend;
if (cb == GSS_C_NO_CHANNEL_BINDINGS) {
/* allocate the cksum contents buffer */
if ((cksum->contents = (krb5_octet *)
- xmalloc(krb5_checksum_size(CKSUMTYPE_RSA_MD5))) == NULL)
+ xmalloc(krb5_checksum_size(context, CKSUMTYPE_RSA_MD5))) == NULL)
return(ENOMEM);
cksum->checksum_type = CKSUMTYPE_RSA_MD5;
memset(cksum->contents, '\0',
- (cksum->length = krb5_checksum_size(CKSUMTYPE_RSA_MD5)));
+ (cksum->length = krb5_checksum_size(global_context, CKSUMTYPE_RSA_MD5)));
return(0);
}
/* allocate the cksum contents buffer */
if ((cksum->contents = (krb5_octet *)
- xmalloc(krb5_checksum_size(CKSUMTYPE_RSA_MD5))) == NULL) {
+ xmalloc(krb5_checksum_size(context, CKSUMTYPE_RSA_MD5))) == NULL) {
free(buf);
return(ENOMEM);
}
/* checksum the data */
- if (code = krb5_calculate_checksum(CKSUMTYPE_RSA_MD5, buf, len,
- NULL, 0, cksum)) {
+ if (code = krb5_calculate_checksum(global_context, CKSUMTYPE_RSA_MD5,
+ buf, len, NULL, 0, cksum)) {
xfree(cksum->contents);
xfree(buf);
return(code);
static unsigned char zeros[8] = {0,0,0,0,0,0,0,0};
+extern krb5_context kg_context;
+
int kg_confounder_size(ed)
krb5_gss_enc_desc *ed;
{
krb5_gss_enc_desc *ed;
unsigned char *buf;
{
- return(krb5_random_confounder(ed->eblock.crypto_entry->block_length, buf));
+ return(krb5_random_confounder(kg_context,
+ ed->eblock.crypto_entry->block_length, buf));
}
int kg_encrypt_size(ed, n)
krb5_error_code code;
if (! ed->processed) {
- if (code = krb5_process_key(&ed->eblock, ed->key))
+ if (code = krb5_process_key(kg_context, &ed->eblock, ed->key))
return(code);
ed->processed = 1;
}
- if (code = krb5_encrypt(in, out, length, &ed->eblock, iv?iv:(krb5_pointer)zeros))
+ if (code = krb5_encrypt(kg_context, in, out, length, &ed->eblock,
+ iv?iv:(krb5_pointer)zeros))
return(code);
return(0);
char *buf;
if (! ed->processed) {
- if (code = krb5_process_key(&ed->eblock, ed->key))
+ if (code = krb5_process_key(kg_context, &ed->eblock, ed->key))
return(code);
ed->processed = 1;
}
if ((buf = (char *) xmalloc(elen)) == NULL)
return(ENOMEM);
- if (code = krb5_decrypt(in, buf, elen, &ed->eblock, iv?iv:(krb5_pointer)zeros)) {
+ if (code = krb5_decrypt(kg_context, in, buf, elen, &ed->eblock,
+ iv?iv:(krb5_pointer)zeros)) {
xfree(buf);
return(code);
}
static unsigned char zeros[16] = {0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0};
+extern krb5_context kg_context;
+
krb5_error_code
kg_make_seed(key, seed)
krb5_keyblock *key;
krb5_gss_enc_desc ed;
int i;
- if (code = krb5_copy_keyblock(key, &ed.key))
+ if (code = krb5_copy_keyblock(kg_context, key, &ed.key))
return(code);
/* reverse the key bytes, as per spec */
for (i=0; i<ed.key->length; i++)
ed.key->contents[i] = key->contents[key->length - 1 - i];
- krb5_use_cstype(&ed.eblock, ETYPE_RAW_DES_CBC);
+ krb5_use_cstype(kg_context, &ed.eblock, ETYPE_RAW_DES_CBC);
ed.processed = 0;
code = kg_encrypt(&ed, NULL, zeros, seed, 16);
- krb5_finish_key(&ed.eblock);
- krb5_free_keyblock(ed.key);
+ krb5_finish_key(kg_context, &ed.eblock);
+ krb5_free_keyblock(kg_context, ed.key);
return(code);
}
#include "gssapiP_krb5.h"
-krb5_error_code kg_make_seq_num(ed, direction, seqnum, cksum, buf)
+krb5_error_code
+kg_make_seq_num(ed, direction, seqnum, cksum, buf)
krb5_gss_enc_desc *ed;
int direction;
int seqnum;
#include "gssapiP_krb5.h"
OM_uint32
-krb5_gss_verify(minor_status, context_handle,
+krb5_gss_verify(context, minor_status, context_handle,
message_buffer, token_buffer,
qop_state)
+ krb5_context context;
OM_uint32 *minor_status;
gss_ctx_id_t context_handle;
gss_buffer_t message_buffer;
+Fri Jan 13 15:23:47 1995 Chris Provenzano (proven@mit.edu)
+
+ * Added krb5_context to all krb5_routines
+
Thu Nov 17 19:22:16 1994 Mark Eichin (eichin@cygnus.com)
* kdb_dbm.c (krb5_dbm_db_unlock): Use krb5_lock_file.
*/
krb5_error_code
-krb5_kdb_decrypt_key(eblock, in, out)
-krb5_encrypt_block *eblock;
-const krb5_encrypted_keyblock *in;
-krb5_keyblock *out;
+krb5_kdb_decrypt_key(context, eblock, in, out)
+ krb5_context context;
+ krb5_encrypt_block *eblock;
+ const krb5_encrypted_keyblock *in;
+ krb5_keyblock *out;
{
krb5_error_code retval;
/* remember the contents of the encrypted version has a 4 byte
integer length of the real embedded key, followed by the
encrypted key, so the offset here is needed */
- if (retval = krb5_decrypt((krb5_pointer) ((char *) in->contents + 4),
+ if (retval = krb5_decrypt(context, (krb5_pointer) (
+ (char *) in->contents + 4),
(krb5_pointer) out->contents,
in->length-sizeof(in->length), eblock, 0)) {
krb5_xfree(out->contents);
*/
krb5_error_code
-krb5_kdb_encrypt_key(eblock, in, out)
-krb5_encrypt_block *eblock;
-const krb5_keyblock *in;
-register krb5_encrypted_keyblock *out;
+krb5_kdb_encrypt_key(context, eblock, in, out)
+ krb5_context context;
+ krb5_encrypt_block *eblock;
+ const krb5_keyblock *in;
+ register krb5_encrypted_keyblock *out;
{
/* Encrypted rep has the real (unencrypted) key length stored
along with the encrypted key. The length is stored as a 4
((char *)out->contents)[2] = length >> 8;
((char *)out->contents)[3] = length;
- retval = krb5_encrypt((krb5_pointer) tmpin.contents,
+ retval = krb5_encrypt(context, (krb5_pointer) tmpin.contents,
(krb5_pointer) ((char *) out->contents + 4),
tmpin.length, eblock, 0);
krb5_xfree(tmpin.contents);
#endif
krb5_error_code
-krb5_db_fetch_mkey(DECLARG(krb5_principal, mname),
- DECLARG(krb5_encrypt_block *, eblock),
- DECLARG(krb5_boolean, fromkeyboard),
- DECLARG(krb5_boolean, twice),
- DECLARG(krb5_data *, salt),
- DECLARG(krb5_keyblock *,key))
-OLDDECLARG(krb5_principal, mname)
-OLDDECLARG(krb5_encrypt_block *, eblock)
-OLDDECLARG(krb5_boolean, fromkeyboard)
-OLDDECLARG(krb5_boolean, twice)
-OLDDECLARG(krb5_data *, salt)
-OLDDECLARG(krb5_keyblock *,key)
+krb5_db_fetch_mkey(context, mname, eblock, fromkeyboard, twice, salt, key)
+ krb5_context context;
+ krb5_principal mname;
+ krb5_encrypt_block * eblock;
+ krb5_boolean fromkeyboard;
+ krb5_boolean twice;
+ krb5_data * salt;
+ krb5_keyblock * key;
{
krb5_error_code retval;
char password[BUFSIZ];
if (fromkeyboard) {
krb5_data scratch;
- if (retval = krb5_read_password(krb5_mkey_pwd_prompt1,
+ if (retval = krb5_read_password(context, krb5_mkey_pwd_prompt1,
twice ? krb5_mkey_pwd_prompt2 : 0,
password,
&size))
pwd.data = password;
pwd.length = size;
if (!salt) {
- retval = krb5_principal2salt(mname, &scratch);
+ retval = krb5_principal2salt(context, mname, &scratch);
if (retval)
return retval;
}
- retval = krb5_string_to_key(eblock, key->keytype, key, &pwd,
+ retval = krb5_string_to_key(context, eblock, key->keytype, key, &pwd,
salt ? salt : &scratch);
if (!salt)
krb5_xfree(scratch.data);
/* from somewhere else */
krb5_keytype keytype;
char defkeyfile[MAXPATHLEN+1];
- krb5_data *realm = krb5_princ_realm(mname);
+ krb5_data *realm = krb5_princ_realm(context, mname);
FILE *kf;
retval = 0;
static krb5_boolean non_blocking = FALSE;
-static char *gen_dbsuffix PROTOTYPE((char *, char * ));
-static krb5_error_code krb5_dbm_db_start_update PROTOTYPE((char *,
- time_t * ));
-static krb5_error_code krb5_dbm_db_end_update PROTOTYPE((char *,
- time_t ));
-static krb5_error_code krb5_dbm_db_start_read PROTOTYPE((time_t * ));
-static krb5_error_code krb5_dbm_db_end_read PROTOTYPE((time_t ));
-static krb5_error_code encode_princ_dbmkey PROTOTYPE((datum *,
- krb5_principal ));
-static void free_encode_princ_dbmkey PROTOTYPE((datum * ));
+static char *gen_dbsuffix
+ PROTOTYPE((char *, char * ));
+static krb5_error_code krb5_dbm_db_start_update
+ PROTOTYPE((krb5_context,
+ char *,
+ time_t * ));
+static krb5_error_code krb5_dbm_db_end_update
+ PROTOTYPE((krb5_context,
+ char *,
+ time_t ));
+static krb5_error_code krb5_dbm_db_start_read
+ PROTOTYPE((krb5_context,
+ time_t * ));
+static krb5_error_code krb5_dbm_db_end_read
+ PROTOTYPE((krb5_context,
+ time_t ));
+static krb5_error_code encode_princ_dbmkey
+ PROTOTYPE((krb5_context,
+ datum *,
+ krb5_principal ));
+static void free_encode_princ_dbmkey
+ PROTOTYPE((krb5_context,
+ datum * ));
static krb5_error_code encode_princ_contents
- PROTOTYPE((datum *,
- krb5_db_entry * ));
-static void free_encode_princ_contents PROTOTYPE((datum * ));
+ PROTOTYPE((krb5_context,
+ datum *,
+ krb5_db_entry * ));
+static void free_encode_princ_contents
+ PROTOTYPE((datum * ));
static krb5_error_code decode_princ_contents
- PROTOTYPE((datum *,
- krb5_db_entry * ));
-static void free_decode_princ_contents PROTOTYPE((krb5_db_entry * ));
+ PROTOTYPE((krb5_context,
+ datum *,
+ krb5_db_entry * ));
+static void free_decode_princ_contents
+ PROTOTYPE((krb5_context,
+ krb5_db_entry * ));
#if 0
/* not used */
-static krb5_error_code decode_princ_dbmkey PROTOTYPE((datum *,
- krb5_principal * ));
-static void free_decode_princ_dbmkey PROTOTYPE((krb5_principal ));
+static krb5_error_code decode_princ_dbmkey
+ PROTOTYPE((datum *,
+ krb5_principal * ));
+static void free_decode_princ_dbmkey
+ PROTOTYPE((krb5_principal ));
#endif
/*
*/
krb5_error_code
-krb5_dbm_db_init()
+krb5_dbm_db_init(context)
+ krb5_context context;
{
char *filename = 0;
* a krb5_dbm_db_init
*/
krb5_error_code
-krb5_dbm_db_fini()
+krb5_dbm_db_fini(context)
+ krb5_context context;
{
krb5_error_code retval;
* Open the database for update.
*/
krb5_error_code
-krb5_dbm_db_open_database()
+krb5_dbm_db_open_database(context)
+ krb5_context context;
{
if (!inited)
return KRB5_KDB_DBNOTINITED;
/* It is safe to ignore errors here because all function which write
to the database try again to lock. */
- (void) krb5_dbm_db_lock(KRB5_DBM_EXCLUSIVE);
+ (void) krb5_dbm_db_lock(context, KRB5_DBM_EXCLUSIVE);
return 0;
}
krb5_error_code
-krb5_dbm_db_close_database()
+krb5_dbm_db_close_database(context)
+ krb5_context context;
{
dbm_close(current_db_ptr);
current_db_ptr = 0;
- (void) krb5_dbm_db_unlock();
+ (void) krb5_dbm_db_unlock(context);
return 0;
}
*/
krb5_error_code
-krb5_dbm_db_set_name(name)
-char *name;
+krb5_dbm_db_set_name(context, name)
+ krb5_context context;
+ char *name;
{
DBM *db;
*/
krb5_error_code
-krb5_dbm_db_get_age(db_name, age)
-char *db_name;
-time_t *age;
+krb5_dbm_db_get_age(context, db_name, age)
+ krb5_context context;
+ char *db_name;
+ time_t *age;
{
struct stat st;
char *okname;
*/
static krb5_error_code
-krb5_dbm_db_start_update(db_name, age)
-char *db_name;
-time_t *age;
+krb5_dbm_db_start_update(context, db_name, age)
+ krb5_context context;
+ char *db_name;
+ time_t *age;
{
char *okname;
krb5_error_code retval;
if (!okname)
return ENOMEM;
- retval = krb5_dbm_db_get_age(db_name, age);
+ retval = krb5_dbm_db_get_age(context, db_name, age);
if (!retval && unlink(okname) < 0) {
if (errno != ENOENT)
retval = errno;
}
static krb5_error_code
-krb5_dbm_db_end_update(db_name, age)
-char *db_name;
-time_t age;
+krb5_dbm_db_end_update(context, db_name, age)
+ krb5_context context;
+ char *db_name;
+ time_t age;
{
int fd;
krb5_error_code retval = 0;
/* Database readers call start_read(), do the reading, and then call
end_read() with the value from start_read().
- If the value of krb5_dbm_db_get_age(NULL, age) changes while this is
- going on,
- then the reader has encountered a modified database and should retry.
+ If the value of krb5_dbm_db_get_age(context, NULL, age) changes while
+ this is going on, then the reader has encountered a modified database
+ and should retry.
*/
static krb5_error_code
-krb5_dbm_db_start_read(age)
-time_t *age;
+krb5_dbm_db_start_read(context, age)
+ krb5_context context;
+ time_t *age;
{
- return (krb5_dbm_db_get_age(NULL, age));
+ return (krb5_dbm_db_get_age(context, NULL, age));
}
static krb5_error_code
-krb5_dbm_db_end_read(age)
-time_t age;
+krb5_dbm_db_end_read(context, age)
+ krb5_context context;
+ time_t age;
{
time_t age2;
krb5_error_code retval;
- if (retval = krb5_dbm_db_get_age(NULL, &age2))
+ if (retval = krb5_dbm_db_get_age(context, NULL, &age2))
return retval;
if (age2 != age || age == -1) {
return KRB5_KDB_DB_CHANGED;
static krb5_error_code
-encode_princ_dbmkey(key, principal)
-datum *key;
-krb5_principal principal;
+encode_princ_dbmkey(context, key, principal)
+ krb5_context context;
+ datum *key;
+ krb5_principal principal;
{
char *princ_name;
krb5_error_code retval;
- if (retval = krb5_unparse_name(principal, &princ_name))
+ if (retval = krb5_unparse_name(context, principal, &princ_name))
return(retval);
key->dptr = princ_name;
key->dsize = strlen(princ_name)+1; /* need to store the NULL for
}
static void
-free_encode_princ_dbmkey(key)
-datum *key;
+free_encode_princ_dbmkey(context, key)
+ krb5_context context;
+ datum *key;
{
(void) free(key->dptr);
key->dptr = 0;
#if 0
/* these aren't used, but if they ever should be... */
static krb5_error_code
-decode_princ_dbmkey(key, principal)
-datum *key;
-krb5_principal *principal;
+decode_princ_dbmkey(context, key, principal)
+ datum *key;
+ krb5_principal *principal;
{
- return(krb5_parse_name(key->dptr, principal));
+ return(krb5_parse_name(context, key->dptr, principal));
}
static void
-free_decode_princ_dbmkey(principal)
-krb5_principal principal;
+free_decode_princ_dbmkey(context, principal)
+ krb5_context context;
+ krb5_principal principal;
{
- krb5_free_principal(principal);
+ krb5_free_principal(context, principal);
return;
}
#endif
static krb5_error_code
-encode_princ_contents(contents, entry)
-register datum *contents;
-krb5_db_entry *entry;
+encode_princ_contents(context, contents, entry)
+ krb5_context context;
+ register datum *contents;
+ krb5_db_entry *entry;
{
krb5_db_entry copy_princ;
char *unparse_princ, *unparse_mod_princ;
if (!entry->alt_salt)
copy_princ.alt_salt_length = 0;
- if (retval = krb5_unparse_name(entry->principal, &unparse_princ))
+ if (retval = krb5_unparse_name(context, entry->principal, &unparse_princ))
return(retval);
- if (retval = krb5_unparse_name(entry->mod_name, &unparse_mod_princ)) {
+ if (retval = krb5_unparse_name(context, entry->mod_name, &unparse_mod_princ)) {
free(unparse_princ);
return(retval);
}
static void
free_encode_princ_contents(contents)
-datum *contents;
+ datum *contents;
{
free(contents->dptr);
contents->dsize = 0;
}
static krb5_error_code
-decode_princ_contents(contents, entry)
-datum *contents;
-krb5_db_entry *entry;
+decode_princ_contents(context, contents, entry)
+ krb5_context context;
+ datum *contents;
+ krb5_db_entry *entry;
{
register char *nextloc;
krb5_principal princ, mod_princ;
retval = KRB5_KDB_TRUNCATED_RECORD;
goto error_out;
}
- retval = krb5_parse_name(nextloc, &princ);
+ retval = krb5_parse_name(context, nextloc, &princ);
if (retval)
goto error_out;
entry->principal = princ;
retval = KRB5_KDB_TRUNCATED_RECORD;
goto error_out;
}
- retval = krb5_parse_name(nextloc, &mod_princ);
+ retval = krb5_parse_name(context, nextloc, &mod_princ);
if (retval)
goto error_out;
entry->mod_name = mod_princ;
return 0;
error_out:
- free_decode_princ_contents(entry);
+ free_decode_princ_contents(context, entry);
return retval;
}
static void
-free_decode_princ_contents(entry)
-krb5_db_entry *entry;
+free_decode_princ_contents(context, entry)
+ krb5_context context;
+ krb5_db_entry *entry;
{
/* erase the key */
if (entry->key.contents) {
krb5_xfree(entry->alt_salt);
if (entry->principal)
- krb5_free_principal(entry->principal);
+ krb5_free_principal(context, entry->principal);
if (entry->mod_name)
- krb5_free_principal(entry->mod_name);
+ krb5_free_principal(context, entry->mod_name);
(void) memset((char *)entry, 0, sizeof(*entry));
return;
}
krb5_error_code
-krb5_dbm_db_lock(mode)
-int mode;
+krb5_dbm_db_lock(context, mode)
+ krb5_context context;
+ int mode;
{
int krb5_lock_mode;
int error;
if (non_blocking)
krb5_lock_mode |= KRB5_LOCKMODE_DONTBLOCK;
- error = krb5_lock_file(dblfp, dblfname, krb5_lock_mode);
+ error = krb5_lock_file(context, dblfp, dblfname, krb5_lock_mode);
if (error == EBADF && mode == KRB5_DBM_EXCLUSIVE)
return KRB5_KDB_CANTLOCK_DB;
}
krb5_error_code
-krb5_dbm_db_unlock()
+krb5_dbm_db_unlock(context)
+ krb5_context context;
{
if (!mylock) /* lock already unlocked */
return KRB5_KDB_NOTLOCKED;
if (--mylock == 0) {
- return krb5_lock_file(dblfp, dblfname, KRB5_LOCKMODE_UNLOCK);
+ return krb5_lock_file(context, dblfp, dblfname, KRB5_LOCKMODE_UNLOCK);
}
return 0;
}
*/
krb5_error_code
-krb5_dbm_db_create(db_name)
-char *db_name;
+krb5_dbm_db_create(context, db_name)
+ krb5_context context;
+ char *db_name;
{
char *okname;
int fd;
}
krb5_error_code
-krb5_dbm_db_destroy(dbname)
+krb5_dbm_db_destroy(context, dbname)
+ krb5_context context;
char *dbname;
{
krb5_error_code retval;
*/
krb5_error_code
-krb5_dbm_db_rename(from, to)
+krb5_dbm_db_rename(context, from, to)
+ krb5_context context;
char *from;
char *to;
{
goto errout;
}
- if (retval = krb5_dbm_db_start_update(to, &trans))
+ if (retval = krb5_dbm_db_start_update(context, to, &trans))
goto errout;
if ((rename (fromdir, todir) == 0)
free_dbsuffix (fromdir);
if (retval == 0)
- return krb5_dbm_db_end_update(to, trans);
+ return krb5_dbm_db_end_update(context, to, trans);
else
return retval;
}
*/
krb5_error_code
-krb5_dbm_db_get_principal(searchfor, entries, nentries, more)
+krb5_dbm_db_get_principal(context, searchfor, entries, nentries, more)
+ krb5_context context;
krb5_principal searchfor;
krb5_db_entry *entries; /* filled in */
int *nentries; /* how much room/how many found */
return KRB5_KDB_DBNOTINITED;
for (try = 0; try < KRB5_DBM_MAX_RETRY; try++) {
- if (retval = krb5_dbm_db_start_read(&transaction))
+ if (retval = krb5_dbm_db_start_read(context, &transaction))
return(retval);
- if (retval = krb5_dbm_db_lock(KRB5_DBM_SHARED))
+ if (retval = krb5_dbm_db_lock(context, KRB5_DBM_SHARED))
return(retval);
if (current_db_ptr)
db = dbm_open(current_db_name, O_RDONLY, 0600);
if (db == NULL) {
retval = errno;
- (void) krb5_dbm_db_unlock();
+ (void) krb5_dbm_db_unlock(context);
return retval;
}
}
*more = FALSE;
/* XXX deal with wildcard lookups */
- if (retval = encode_princ_dbmkey(&key, searchfor))
+ if (retval = encode_princ_dbmkey(context, &key, searchfor))
goto cleanup;
contents = dbm_fetch(db, key);
- free_encode_princ_dbmkey(&key);
+ free_encode_princ_dbmkey(context, &key);
if (contents.dptr == NULL)
found = 0;
- else if (retval = decode_princ_contents(&contents, entries))
+ else if (retval = decode_princ_contents(context, &contents, entries))
goto cleanup;
else found = 1;
if (current_db_ptr == 0)
(void) dbm_close(db);
- (void) krb5_dbm_db_unlock(); /* unlock read lock */
- if (krb5_dbm_db_end_read(transaction) == 0)
+ (void) krb5_dbm_db_unlock(context); /* unlock read lock */
+ if (krb5_dbm_db_end_read(context, transaction) == 0)
break;
found = -1;
if (!non_blocking)
cleanup:
if (current_db_ptr == 0)
(void) dbm_close(db);
- (void) krb5_dbm_db_unlock(); /* unlock read lock */
+ (void) krb5_dbm_db_unlock(context); /* unlock read lock */
return retval;
}
Free stuff returned by krb5_dbm_db_get_principal.
*/
void
-krb5_dbm_db_free_principal(entries, nentries)
-krb5_db_entry *entries;
-int nentries;
+krb5_dbm_db_free_principal(context, entries, nentries)
+ krb5_context context;
+ krb5_db_entry *entries;
+ int nentries;
{
register int i;
for (i = 0; i < nentries; i++)
- free_decode_princ_contents(&entries[i]);
+ free_decode_princ_contents(context, &entries[i]);
return;
}
*/
krb5_error_code
-krb5_dbm_db_put_principal(entries, nentries)
-krb5_db_entry *entries;
-register int *nentries; /* number of entry structs to
+krb5_dbm_db_put_principal(context, entries, nentries)
+ krb5_context context;
+ krb5_db_entry *entries;
+ register int *nentries; /* number of entry structs to
* update */
{
if (!inited)
errout(KRB5_KDB_DBNOTINITED);
- if (retval = krb5_dbm_db_lock(KRB5_DBM_EXCLUSIVE))
+ if (retval = krb5_dbm_db_lock(context, KRB5_DBM_EXCLUSIVE))
errout(retval);
if (current_db_ptr)
db = dbm_open(current_db_name, O_RDWR, 0600);
if (db == NULL) {
retval = errno;
- (void) krb5_dbm_db_unlock();
+ (void) krb5_dbm_db_unlock(context);
*nentries = 0;
return retval;
}
/* for each one, stuff temps, and do replace/append */
for (i = 0; i < *nentries; i++) {
- if (retval = encode_princ_contents(&contents, entries))
+ if (retval = encode_princ_contents(context, &contents, entries))
break;
- if (retval = encode_princ_dbmkey(&key, entries->principal)) {
+ if (retval = encode_princ_dbmkey(context, &key, entries->principal)) {
free_encode_princ_contents(&contents);
break;
}
else
retval = 0;
free_encode_princ_contents(&contents);
- free_encode_princ_dbmkey(&key);
+ free_encode_princ_dbmkey(context, &key);
if (retval)
break;
entries++; /* bump to next struct */
if (current_db_ptr == 0)
(void) dbm_close(db);
- (void) krb5_dbm_db_unlock(); /* unlock database */
+ (void) krb5_dbm_db_unlock(context); /* unlock database */
*nentries = i;
return (retval);
}
*/
krb5_error_code
-krb5_dbm_db_delete_principal(searchfor, nentries)
+krb5_dbm_db_delete_principal(context, searchfor, nentries)
+ krb5_context context;
krb5_principal searchfor;
int *nentries; /* how many found & deleted */
{
if (!inited)
return KRB5_KDB_DBNOTINITED;
- if (retval = krb5_dbm_db_lock(KRB5_DBM_EXCLUSIVE))
+ if (retval = krb5_dbm_db_lock(context, KRB5_DBM_EXCLUSIVE))
return(retval);
if (current_db_ptr)
db = dbm_open(current_db_name, O_RDWR, 0600);
if (db == NULL) {
retval = errno;
- (void) krb5_dbm_db_unlock();
+ (void) krb5_dbm_db_unlock(context);
return retval;
}
}
- if (retval = encode_princ_dbmkey(&key, searchfor))
+ if (retval = encode_princ_dbmkey(context, &key, searchfor))
goto cleanup;
contents = dbm_fetch(db, key);
found = 0;
retval = KRB5_KDB_NOENTRY;
} else {
- if (retval = decode_princ_contents(&contents, &entry))
+ if (retval = decode_princ_contents(context, &contents, &entry))
goto cleankey;
found = 1;
memset((char *)entry.key.contents, 0, entry.key.length);
- if (retval = encode_princ_contents(&contents2, &entry))
+ if (retval = encode_princ_contents(context, &contents2, &entry))
goto cleancontents;
if (dbm_store(db, key, contents2, DBM_REPLACE))
}
free_encode_princ_contents(&contents2);
cleancontents:
- free_decode_princ_contents(&entry);
+ free_decode_princ_contents(context, &entry);
cleankey:
- free_encode_princ_dbmkey(&key);
+ free_encode_princ_dbmkey(context, &key);
}
cleanup:
if (current_db_ptr == 0)
(void) dbm_close(db);
- (void) krb5_dbm_db_unlock(); /* unlock write lock */
+ (void) krb5_dbm_db_unlock(context); /* unlock write lock */
*nentries = found;
return retval;
}
krb5_error_code
-krb5_dbm_db_iterate (func, func_arg)
-krb5_error_code (*func) PROTOTYPE((krb5_pointer, krb5_db_entry *));
-krb5_pointer func_arg;
+krb5_dbm_db_iterate (context, func, func_arg)
+ krb5_context context;
+ krb5_error_code (*func) PROTOTYPE((krb5_pointer, krb5_db_entry *));
+ krb5_pointer func_arg;
{
datum key, contents;
krb5_db_entry entries;
if (!inited)
return KRB5_KDB_DBNOTINITED;
- if (retval = krb5_dbm_db_lock(KRB5_DBM_SHARED))
+ if (retval = krb5_dbm_db_lock(context, KRB5_DBM_SHARED))
return retval;
if (current_db_ptr)
db = dbm_open(current_db_name, O_RDONLY, 0600);
if (db == NULL) {
retval = errno;
- (void) krb5_dbm_db_unlock();
+ (void) krb5_dbm_db_unlock(context);
return retval;
}
}
for (key = dbm_firstkey (db); key.dptr != NULL; key = dbm_next(db, key)) {
contents = dbm_fetch (db, key);
- if (retval = decode_princ_contents(&contents, &entries))
+ if (retval = decode_princ_contents(context, &contents, &entries))
break;
retval = (*func)(func_arg, &entries);
- free_decode_princ_contents(&entries);
+ free_decode_princ_contents(context, &entries);
if (retval)
break;
}
if (current_db_ptr == 0)
(void) dbm_close(db);
- (void) krb5_dbm_db_unlock();
+ (void) krb5_dbm_db_unlock(context);
return retval;
}
krb5_boolean
-krb5_dbm_db_set_lockmode(DECLARG(krb5_boolean,mode))
-OLDDECLARG(krb5_boolean,mode)
+krb5_dbm_db_set_lockmode(context, mode)
+ krb5_context context;
+ krb5_boolean mode;
{
krb5_boolean old = non_blocking;
non_blocking = mode;
#define REALM_SEP_STRING "@"
krb5_error_code
-krb5_db_setup_mkey_name(keyname, realm, fullname, principal)
-const char *keyname;
-const char *realm;
-char **fullname;
-krb5_principal *principal;
+krb5_db_setup_mkey_name(context, keyname, realm, fullname, principal)
+ krb5_context context;
+ const char *keyname;
+ const char *realm;
+ char **fullname;
+ krb5_principal *principal;
{
krb5_error_code retval;
int keylen;
strcat(fname, REALM_SEP_STRING);
strcat(fname, realm);
- if (retval = krb5_parse_name(fname, principal))
+ if (retval = krb5_parse_name(context, fname, principal))
return retval;
if (fullname)
*fullname = fname;
#endif
krb5_error_code
-krb5_db_store_mkey(keyfile, mname, key)
-char *keyfile;
-krb5_principal mname;
-krb5_keyblock *key;
+krb5_db_store_mkey(context, keyfile, mname, key)
+ krb5_context context;
+ char *keyfile;
+ krb5_principal mname;
+ krb5_keyblock *key;
{
FILE *kf;
krb5_error_code retval = 0;
char defkeyfile[MAXPATHLEN+1];
- krb5_data *realm = krb5_princ_realm(mname);
+ krb5_data *realm = krb5_princ_realm(context, mname);
#if defined(unix) || defined(__unix__)
int oumask;
#endif
*/
krb5_error_code
-krb5_db_verify_master_key(mprinc, mkey, eblock)
-krb5_principal mprinc;
-krb5_keyblock *mkey;
-krb5_encrypt_block *eblock;
+krb5_db_verify_master_key(context, mprinc, mkey, eblock)
+ krb5_context context;
+ krb5_principal mprinc;
+ krb5_keyblock *mkey;
+ krb5_encrypt_block *eblock;
{
krb5_error_code retval;
krb5_db_entry master_entry;
krb5_keyblock tempkey;
nprinc = 1;
- if (retval = krb5_db_get_principal(mprinc, &master_entry, &nprinc, &more))
+ if (retval = krb5_db_get_principal(context, mprinc, &master_entry, &nprinc, &more))
return(retval);
if (nprinc != 1) {
if (nprinc)
- krb5_db_free_principal(&master_entry, nprinc);
+ krb5_db_free_principal(context, &master_entry, nprinc);
return(KRB5_KDB_NOMASTERKEY);
} else if (more) {
- krb5_db_free_principal(&master_entry, nprinc);
+ krb5_db_free_principal(context, &master_entry, nprinc);
return(KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE);
}
/* do any necessary key pre-processing */
- if (retval = krb5_process_key(eblock, mkey)) {
- krb5_db_free_principal(&master_entry, nprinc);
+ if (retval = krb5_process_key(context, eblock, mkey)) {
+ krb5_db_free_principal(context, &master_entry, nprinc);
return(retval);
}
- if (retval = krb5_kdb_decrypt_key(eblock, &master_entry.key, &tempkey)) {
- (void) krb5_finish_key(eblock);
- krb5_db_free_principal(&master_entry, nprinc);
+ if (retval = krb5_kdb_decrypt_key(context, eblock, &master_entry.key, &tempkey)) {
+ (void) krb5_finish_key(context, eblock);
+ krb5_db_free_principal(context, &master_entry, nprinc);
return retval;
}
if (mkey->length != tempkey.length ||
memcmp((char *)mkey->contents, (char *)tempkey.contents,mkey->length)) {
retval = KRB5_KDB_BADMASTERKEY;
- (void) krb5_finish_key(eblock);
+ (void) krb5_finish_key(context, eblock);
} else
- retval = krb5_finish_key(eblock);
+ retval = krb5_finish_key(context, eblock);
memset((char *)tempkey.contents, 0, tempkey.length);
krb5_xfree(tempkey.contents);
- krb5_db_free_principal(&master_entry, nprinc);
+ krb5_db_free_principal(context, &master_entry, nprinc);
return retval;
}
projects / krb5.git / commitdiff