err = gssint_mechglue_init();
if (err)
return err;
+#ifndef LEAN_CLIENT
err = k5_mutex_finish_init(&gssint_krb5_keytab_lock);
if (err)
return err;
+#endif /* LEAN_CLIENT */
err = k5_key_register(K5_KEY_GSS_KRB5_SET_CCACHE_OLD_NAME, free);
if (err)
return err;
#ifndef _WIN32
k5_mutex_destroy(&kg_kdc_flag_mutex);
#endif
+#ifndef LEAN_CLIENT
k5_mutex_destroy(&gssint_krb5_keytab_lock);
+#endif /* LEAN_CLIENT */
gssint_mecherrmap_destroy();
gssint_mechglue_fini();
}
/*
- * Copyright 2000, 2004, 2007 by the Massachusetts Institute of Technology.
+ * Copyright 2000, 2004, 2007, 2008 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
#endif
#include <assert.h>
+
#ifdef CFX_EXERCISE
#define CFX_ACCEPTOR_SUBKEY (time(0) & 1)
#else
#define CFX_ACCEPTOR_SUBKEY 1
#endif
+#ifndef LEAN_CLIENT
+
/* Decode, decrypt and store the forwarded creds in the local ccache. */
static krb5_error_code
rd_and_store_for_creds(context, auth_context, inbuf, out_cred)
return retval;
}
+
OM_uint32
krb5_gss_accept_sec_context(minor_status, context_handle,
verifier_cred_handle, input_token,
}
return (major_status);
}
+#endif /* LEAN_CLIENT */
+
/*
- * Copyright 2000, 2007 by the Massachusetts Institute of Technology.
+ * Copyright 2000, 2007, 2008 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
static HANDLE hLeashDLL = INVALID_HANDLE_VALUE;
#endif
+#ifndef LEAN_CLIENT
k5_mutex_t gssint_krb5_keytab_lock = K5_MUTEX_PARTIAL_INITIALIZER;
static char *krb5_gss_keytab = NULL;
return(GSS_S_COMPLETE);
}
+#endif /* LEAN_CLIENT */
/* get credentials corresponding to the default credential cache.
If the default name is requested, return the name in output_princ.
cred->prerfc_mech = req_old;
cred->rfc_mech = req_new;
+#ifndef LEAN_CLIENT
cred->keytab = NULL;
+#endif /* LEAN_CLIENT */
cred->ccache = NULL;
code = k5_mutex_init(&cred->lock);
/* if requested, acquire credentials for accepting */
/* this will fill in cred->princ if the desired_name is not specified */
-
+#ifndef LEAN_CLIENT
if ((cred_usage == GSS_C_ACCEPT) ||
(cred_usage == GSS_C_BOTH))
if ((ret = acquire_accept_cred(context, minor_status, desired_name,
krb5_free_context(context);
return(ret);
}
+#endif /* LEAN_CLIENT */
/* if requested, acquire credentials for initiation */
/* this will fill in cred->princ if it wasn't set above, and
cred->princ?(gss_name_t)cred->princ:desired_name,
&(cred->princ), cred))
!= GSS_S_COMPLETE) {
+#ifndef LEAN_CLIENT
if (cred->keytab)
krb5_kt_close(context, cred->keytab);
+#endif /* LEAN_CLIENT */
if (cred->princ)
krb5_free_principal(context, cred->princ);
k5_mutex_destroy(&cred->lock);
&(cred->princ)))) {
if (cred->ccache)
(void)krb5_cc_close(context, cred->ccache);
+#ifndef LEAN_CLIENT
if (cred->keytab)
(void)krb5_kt_close(context, cred->keytab);
+#endif /* LEAN_CLIENT */
k5_mutex_destroy(&cred->lock);
xfree(cred);
*minor_status = code;
if ((code = krb5_timeofday(context, &now))) {
if (cred->ccache)
(void)krb5_cc_close(context, cred->ccache);
+#ifndef LEAN_CLIENT
if (cred->keytab)
(void)krb5_kt_close(context, cred->keytab);
+#endif /* LEAN_CLIENT */
if (cred->princ)
krb5_free_principal(context, cred->princ);
k5_mutex_destroy(&cred->lock);
&ret_mechs)))) {
if (cred->ccache)
(void)krb5_cc_close(context, cred->ccache);
+#ifndef LEAN_CLIENT
if (cred->keytab)
(void)krb5_kt_close(context, cred->keytab);
+#endif /* LEAN_CLIENT */
if (cred->princ)
krb5_free_principal(context, cred->princ);
k5_mutex_destroy(&cred->lock);
free(ret_mechs);
if (cred->ccache)
(void)krb5_cc_close(context, cred->ccache);
+#ifndef LEAN_CLIENT
if (cred->keytab)
(void)krb5_kt_close(context, cred->keytab);
+#endif /* LEAN_CLIENT */
if (cred->princ)
krb5_free_principal(context, cred->princ);
k5_mutex_destroy(&cred->lock);
/*
- * Copyright 2000, 2007 by the Massachusetts Institute of Technology.
+ * Copyright 2000, 2008 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
krb5_free_context(context);
return(GSS_S_FAILURE);
}
-
+#ifndef LEAN_CLIENT
if (cred->keytab) {
kttype = krb5_kt_get_type(context, cred->keytab);
if ((strlen(kttype)+2) > sizeof(ktboth)) {
return(GSS_S_FAILURE);
}
} else {
+#endif /* LEAN_CLIENT */
new_cred->keytab = NULL;
+#ifndef LEAN_CLIENT
}
+#endif /* LEAN_CLIENT */
if (cred->rcache) {
/* Open the replay cache for this principal. */
if ((code = krb5_get_server_rcache(context,
krb5_princ_component(context, cred->princ, 0),
&new_cred->rcache))) {
+#ifndef LEAN_CLIENT
if (new_cred->keytab)
krb5_kt_close(context, new_cred->keytab);
+#endif /* LEAN_CLIENT */
if (new_cred->princ)
krb5_free_principal(context, new_cred->princ);
xfree(new_cred);
if ((strlen(cctype)+strlen(ccname)+2) > sizeof(ccboth)) {
if (new_cred->rcache)
krb5_rc_close(context, new_cred->rcache);
+#ifndef LEAN_CLIENT
if (new_cred->keytab)
krb5_kt_close(context, new_cred->keytab);
+#endif /* LEAN_CLIENT */
if (new_cred->princ)
krb5_free_principal(context, new_cred->princ);
xfree(new_cred);
if (code) {
if (new_cred->rcache)
krb5_rc_close(context, new_cred->rcache);
+#ifndef LEAN_CLIENT
if (new_cred->keytab)
krb5_kt_close(context, new_cred->keytab);
+#endif /* LEAN_CLIENT */
if (new_cred->princ)
krb5_free_principal(context, new_cred->princ);
xfree(new_cred);
krb5_cc_close(context, new_cred->ccache);
if (new_cred->rcache)
krb5_rc_close(context, new_cred->rcache);
+#ifndef LEAN_CLIENT
if (new_cred->keytab)
krb5_kt_close(context, new_cred->keytab);
+#endif /* LEAN_CLIENT */
if (new_cred->princ)
krb5_free_principal(context, new_cred->princ);
xfree(new_cred);
/*
* lib/gssapi/krb5/export_sec_context.c
*
- * Copyright 1995, 2007 by the Massachusetts Institute of Technology.
+ * Copyright 1995, 2008 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
* export_sec_context.c - Externalize the security context.
*/
#include "gssapiP_krb5.h"
-
+#ifndef LEAN_CLIENT
OM_uint32
krb5_gss_export_sec_context(minor_status, context_handle, interprocess_token)
OM_uint32 *minor_status;
*minor_status = (OM_uint32) kret;
return(retval);
}
+#endif /* LEAN_CLIENT */
/*
- * Copyright 2000, 2007 by the Massachusetts Institute of Technology.
+ * Copyright 2000, 2008 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
extern g_set kg_vdb;
+#ifndef LEAN_CLIENT
extern k5_mutex_t gssint_krb5_keytab_lock;
+#endif /* LEAN_CLIENT */
/* helper macros */
OM_uint32* /* time_rec */
);
+#ifndef LEAN_CLIENT
OM_uint32 krb5_gss_accept_sec_context
(OM_uint32*, /* minor_status */
gss_ctx_id_t*, /* context_handle */
OM_uint32*, /* time_rec */
gss_cred_id_t* /* delegated_cred_handle */
);
+#endif /* LEAN_CLIENT */
OM_uint32 krb5_gss_process_context_token
(OM_uint32*, /* minor_status */
gss_OID* /* output_name_type */
);
+
OM_uint32 krb5_gss_import_name
(OM_uint32*, /* minor_status */
gss_buffer_t, /* input_name_buffer */
OM_uint32 *, /* acceptor_lifetime */
gss_cred_usage_t * /* cred_usage */
);
-
+#ifndef LEAN_CLIENT
OM_uint32 krb5_gss_export_sec_context
(OM_uint32 *, /* minor_status */
gss_ctx_id_t *, /* context_handle */
gss_buffer_t, /* interprocess_token */
gss_ctx_id_t * /* context_handle */
);
+#endif /* LEAN_CLIENT */
krb5_error_code krb5_gss_ser_init(krb5_context);
#include "gssapiP_krb5.h"
#include "mglueP.h"
+
/** mechglue wrappers **/
static OM_uint32 k5glue_acquire_cred
OM_uint32*, /* ret_flags */
OM_uint32* /* time_rec */
);
-
+
+#ifndef LEAN_CLIENT
static OM_uint32 k5glue_accept_sec_context
(void *, OM_uint32*, /* minor_status */
gss_ctx_id_t*, /* context_handle */
OM_uint32*, /* time_rec */
gss_cred_id_t* /* delegated_cred_handle */
);
+#endif /* LEAN_CLIENT */
static OM_uint32 k5glue_process_context_token
(void *, OM_uint32*, /* minor_status */
gss_ctx_id_t, /* context_handle */
OM_uint32* /* time_rec */
);
-
+
static OM_uint32 k5glue_sign
(void *, OM_uint32*, /* minor_status */
gss_ctx_id_t, /* context_handle */
gss_name_t, /* input_name */
gss_buffer_t, /* output_name_buffer */
gss_OID* /* output_name_type */
- );
+ );
static OM_uint32 k5glue_import_name
(void *, OM_uint32*, /* minor_status */
gss_cred_usage_t * /* cred_usage */
);
+#ifndef LEAN_CLIENT
static OM_uint32 k5glue_export_sec_context
(void *, OM_uint32 *, /* minor_status */
gss_ctx_id_t *, /* context_handle */
gss_buffer_t, /* interprocess_token */
gss_ctx_id_t * /* context_handle */
);
+#endif /* LEAN_CLIENT */
krb5_error_code k5glue_ser_init(krb5_context);
* ensure that both dispatch tables contain identical function
* pointers.
*/
+#ifndef LEAN_CLIENT
#define KRB5_GSS_CONFIG_INIT \
NULL, \
k5glue_acquire_cred, \
k5glue_release_cred, \
k5glue_init_sec_context, \
k5glue_accept_sec_context, \
- k5glue_process_context_token, \
+ k5glue_process_context_token, \
k5glue_delete_sec_context, \
k5glue_context_time, \
k5glue_sign, \
k5glue_export_name, \
NULL /* store_cred */
+#else /* LEAN_CLIENT */
+
+#define KRB5_GSS_CONFIG_INIT \
+ NULL, \
+ k5glue_acquire_cred, \
+ k5glue_release_cred, \
+ k5glue_init_sec_context, \
+ NULL, \
+ k5glue_process_context_token, \
+ k5glue_delete_sec_context, \
+ k5glue_context_time, \
+ k5glue_sign, \
+ k5glue_verify, \
+ k5glue_seal, \
+ k5glue_unseal, \
+ k5glue_display_status, \
+ k5glue_indicate_mechs, \
+ k5glue_compare_name, \
+ k5glue_display_name, \
+ k5glue_import_name, \
+ k5glue_release_name, \
+ k5glue_inquire_cred, \
+ k5glue_add_cred, \
+ NULL, \
+ NULL, \
+ k5glue_inquire_cred_by_mech, \
+ k5glue_inquire_names_for_mech, \
+ k5glue_inquire_context, \
+ k5glue_internal_release_oid, \
+ k5glue_wrap_size_limit, \
+ k5glue_export_name, \
+ NULL /* store_cred */
+
+#endif /* LEAN_CLIENT */
+
+
static struct gss_config krb5_mechanism = {
100, "kerberos_v5",
{ GSS_MECH_KRB5_OID_LENGTH, GSS_MECH_KRB5_OID },
return krb5_mech_configs;
}
+#ifndef LEAN_CLIENT
static OM_uint32
k5glue_accept_sec_context(ctx, minor_status, context_handle, verifier_cred_handle,
input_token, input_chan_bindings, src_name, mech_type,
time_rec,
delegated_cred_handle));
}
+#endif /* LEAN_CLIENT */
static OM_uint32
k5glue_acquire_cred(ctx, minor_status, desired_name, time_req, desired_mechs,
status_type, mech_type, message_context,
status_string));
}
-
+#ifndef LEAN_CLIENT
/* V2 */
static OM_uint32
k5glue_export_sec_context(ctx, minor_status, context_handle, interprocess_token)
context_handle,
interprocess_token));
}
-
+#endif /* LEAN_CLIENT */
#if 0
/* V2 */
static OM_uint32
input_name_type, output_name));
}
+#ifndef LEAN_CLIENT
/* V2 */
static OM_uint32
k5glue_import_sec_context(ctx, minor_status, interprocess_token, context_handle)
interprocess_token,
context_handle));
}
+#endif /* LEAN_CLIENT */
static OM_uint32
k5glue_indicate_mechs(ctx, minor_status, mech_set)
else
code1 = 0;
+#ifndef LEAN_CLIENT
if (cred->keytab)
code2 = krb5_kt_close(context, cred->keytab);
else
+#endif /* LEAN_CLIENT */
code2 = 0;
if (cred->rcache)
#include <string.h>
#include <errno.h>
+#ifndef LEAN_CLIENT
static OM_uint32
val_acc_sec_ctx_args(
OM_uint32 *minor_status,
return (GSS_S_COMPLETE);
}
-
OM_uint32 KRB5_CALLCONV
gss_accept_sec_context (minor_status,
context_handle,
return (status);
}
+#endif /* LEAN_CLIENT */
/*
* glue routine for gss_export_sec_context
*/
+#ifndef LEAN_CLIENT
#include "mglueP.h"
#include <stdio.h>
return(GSS_S_COMPLETE);
}
+#endif /*LEAN_CLIENT */
* glue routine gss_export_sec_context
*/
+#ifndef LEAN_CLIENT
+
#include "mglueP.h"
#include <stdio.h>
#include <errno.h>
}
return status;
}
+#endif /* LEAN_CLIENT */
OM_uint32 * /* time_rec */
);
+#ifndef LEAN_CLIENT
OM_uint32 spnego_gss_accept_sec_context
(
void *, /* spnego context */
/* CSTYLED */
gss_cred_id_t * /* delegated_cred_handle */
);
+#endif /* LEAN_CLIENT */
OM_uint32 spnego_gss_display_name
(
const gss_ctx_id_t context_handle,
OM_uint32 *time_rec
);
-
+#ifndef LEAN_CLIENT
OM_uint32 spnego_gss_export_sec_context
(
void *context,
const gss_buffer_t interprocess_token,
gss_ctx_id_t *context_handle
);
+#endif /* LEAN_CLIENT */
OM_uint32 spnego_gss_inquire_context
(
/*
- * Copyright (C) 2006,2007 by the Massachusetts Institute of Technology.
+ * Copyright (C) 2006,2008 by the Massachusetts Institute of Technology.
* All rights reserved.
*
* Export of this software from the United States of America may
#include "gssapiP_spnego.h"
#include <gssapi_err_generic.h>
+
#undef g_token_size
#undef g_verify_token_header
#undef g_make_token_header
spnego_gss_acquire_cred,
spnego_gss_release_cred,
spnego_gss_init_sec_context,
+#ifndef LEAN_CLIENT
spnego_gss_accept_sec_context,
+#else
+ NULL,
+#endif /* LEAN_CLIENT */
NULL, /* gss_process_context_token */
spnego_gss_delete_sec_context, /* gss_delete_sec_context */
spnego_gss_context_time, /* gss_context_time */
spnego_gss_release_name,
NULL, /* gss_inquire_cred */
NULL, /* gss_add_cred */
- spnego_gss_export_sec_context, /* gss_export_sec_context */
- spnego_gss_import_sec_context, /* gss_import_sec_context */
+#ifndef LEAN_CLIENT
+ spnego_gss_export_sec_context, /* gss_export_sec_context */
+ spnego_gss_import_sec_context, /* gss_import_sec_context */
+#else
+ NULL, /* gss_export_sec_context */
+ NULL, /* gss_import_sec_context */
+#endif /* LEAN_CLIENT */
NULL, /* gss_inquire_cred_by_mech */
spnego_gss_inquire_names_for_mech,
spnego_gss_inquire_context, /* gss_inquire_context */
gss_release_oid_set(&tmpmin, &mech_set);
return ret;
}
-
+#ifndef LEAN_CLIENT
/*
* Wrap call to gss_accept_sec_context() and update state
* accordingly.
}
return ret;
}
+#endif /* LEAN_CLIENT */
/*ARGSUSED*/
return (GSS_S_COMPLETE);
}
+
/*ARGSUSED*/
OM_uint32
spnego_gss_import_name(void *ctx,
return (status);
}
+
/*ARGSUSED*/
OM_uint32
spnego_gss_inquire_names_for_mech(void *ctx,
time_rec);
return (ret);
}
-
+#ifndef LEAN_CLIENT
OM_uint32
spnego_gss_export_sec_context(void *context,
OM_uint32 *minor_status,
context_handle);
return (ret);
}
+#endif /* LEAN_CLIENT */
OM_uint32
spnego_gss_inquire_context(void *context,
/*
* lib/kdb/kdb_helper.c
*
- * Copyright 1995, 2007 by the Massachusetts Institute of Technology.
+ * Copyright 1995, 2008 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
char defkeyfile[MAXPATHLEN+1];
char *tmp_ktname = NULL, *tmp_ktpath;
krb5_data *realm = krb5_princ_realm(context, mname);
+#ifndef LEAN_CLIENT
krb5_keytab kt;
krb5_keytab_entry new_entry;
+#endif /* LEAN_CLIENT */
struct stat stb;
int statrc;
goto out;
}
+#ifndef LEAN_CLIENT
/* create new stash keytab using temp file name */
retval = krb5_kt_resolve(context, tmp_ktname, &kt);
if (retval != 0)
new_entry.principal = mname;
new_entry.key = *key;
new_entry.vno = kvno;
-
+#endif /* LEAN_CLIENT */
/*
* Set tmp_ktpath to point to the keyfile path (skip WRFILE:). Subtracting
* 1 to account for NULL terminator in sizeof calculation of a string
*/
tmp_ktpath = tmp_ktname + (sizeof("WRFILE:") - 1);
+#ifndef LEAN_CLIENT
retval = krb5_kt_add_entry(context, kt, &new_entry);
if (retval != 0) {
/* delete tmp keyfile if it exists and an error occurrs */
tmp_ktpath, keyfile, error_message(errno));
}
}
+#endif /* LEAN_CLIENT */
out:
if (tmp_ktname != NULL)
return retval;
}
+#ifndef LEAN_CLIENT
static krb5_error_code
krb5_db_def_fetch_mkey_keytab(krb5_context context,
const char *keyfile,
errout:
return retval;
}
+#endif /* LEAN_CLIENT */
krb5_error_code
krb5_db_def_fetch_mkey(krb5_context context,
/* null terminate no matter what */
keyfile[sizeof(keyfile) - 1] = '\0';
+#ifndef LEAN_CLIENT
/* assume the master key is in a keytab */
retval_kt = krb5_db_def_fetch_mkey_keytab(context, keyfile, mname, key, kvno);
if (retval_kt != 0) {
+#endif /* LEAN_CLIENT */
/*
* If it's not in a keytab, fall back and try getting the mkey from the
* older stash file format.
*/
retval_ofs = krb5_db_def_fetch_mkey_stash(context, keyfile, key, kvno);
+#ifndef LEAN_CLIENT
}
+#endif /* LEAN_CLIENT */
if (retval_kt != 0 && retval_ofs != 0) {
/*
/*
* lib/krb5/keytab/kt_file.c
*
- * Copyright 1990,1991,1995,2007 by the Massachusetts Institute of Technology.
+ * Copyright 1990,1991,1995,2007,2008 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
*
*/
+#ifndef LEAN_CLIENT
+
#include "k5-int.h"
#include <stdio.h>
return 0;
}
+#endif /* LEAN_CLIENT */
+
#include "kt-int.h"
#include <stdio.h>
+#ifndef LEAN_CLIENT
+
#define HEIMDAL_COMPATIBLE
/*
NULL
};
+#endif /* LEAN_CLIENT */
+
/*
* lib/krb5/keytab/srvtab/kts_resolv.c
*
- * Copyright 1990,1991,2002,2007 by the Massachusetts Institute of Technology.
+ * Copyright 1990,1991,2002,2007,2008 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
#include "k5-int.h"
#include <stdio.h>
+#ifndef LEAN_CLIENT
+
/*
* Constants
*/
return 0;
}
+#endif /* LEAN_CLIENT */
+
/*
* lib/krb5/keytab/ktadd.c
*
- * Copyright 1990 by the Massachusetts Institute of Technology.
+ * Copyright 1990,2008 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
#include "k5-int.h"
+#ifndef LEAN_CLIENT
+
krb5_error_code KRB5_CALLCONV
krb5_kt_add_entry (krb5_context context, krb5_keytab id, krb5_keytab_entry *entry)
{
else
return KRB5_KT_NOWRITE;
}
+#endif /* LEAN_CLIENT */
+
/*
* lib/krb5/keytab/ktbase.c
*
- * Copyright 1990 by the Massachusetts Institute of Technology.
+ * Copyright 1990,2008 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
#include "k5-thread.h"
#include "kt-int.h"
+#ifndef LEAN_CLIENT
+
extern const krb5_kt_ops krb5_ktf_ops;
extern const krb5_kt_ops krb5_ktf_writable_ops;
extern const krb5_kt_ops krb5_kts_ops;
{
return(krb5_register_serializer(kcontext, &krb5_keytab_ser_entry));
}
+#endif /* LEAN_CLIENT */
+
/*
* lib/krb5/keytab/ktdefault.c
*
- * Copyright 1990 by the Massachusetts Institute of Technology.
+ * Copyright 1990,2008 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
#include "k5-int.h"
#include <stdio.h>
+#ifndef LEAN_CLIENT
krb5_error_code KRB5_CALLCONV
krb5_kt_default(krb5_context context, krb5_keytab *id)
{
return krb5_kt_resolve(context, defname, id);
}
-
+#endif /* LEAN_CLIENT */
/*
* lib/krb5/keytab/ktfns.c
*
- * Copyright 2001 by the Massachusetts Institute of Technology.
+ * Copyright 2001,2008 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
* Dispatch methods for keytab code.
*/
+#ifndef LEAN_CLIENT
+
#include "k5-int.h"
const char * KRB5_CALLCONV
{
return krb5_x((keytab)->ops->end_get,(context, keytab, cursor));
}
+#endif /* LEAN_CLIENT */
+
/*
* lib/krb5/keytab/ktfr_entry.c
*
- * Copyright 1990 by the Massachusetts Institute of Technology.
+ * Copyright 1990, 2008 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
*
* krb5_kt_free_entry()
*/
+#ifndef LEAN_CLIENT
#include "k5-int.h"
{
return krb5_free_keytab_entry_contents (context, entry);
}
+#endif /* LEAN_CLIENT */
+
/*
* lib/krb5/keytab/ktremove.c
*
- * Copyright 1990 by the Massachusetts Institute of Technology.
+ * Copyright 1990,2008 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
*
* krb5_kt_remove_entry()
*/
+#ifndef LEAN_CLIENT
#include "k5-int.h"
else
return KRB5_KT_NOWRITE;
}
+#endif /* LEAN_CLIENT */
+
/*
* lib/krb5/keytab/read_servi.c
*
- * Copyright 1990 by the Massachusetts Institute of Technology.
+ * Copyright 1990,2008 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
* It handles all of the opening and closing of the keytab
* internally.
*/
+#ifndef LEAN_CLIENT
#include "k5-int.h"
return (KSUCCESS);
}
+#endif /* LEAN_CLIENT */
+
/*
* lib/krb5/krb/gic_keytab.c
*
- * Copyright (C) 2002, 2003 by the Massachusetts Institute of Technology.
+ * Copyright (C) 2002, 2003, 2008 by the Massachusetts Institute of Technology.
* All rights reserved.
*
* Export of this software from the United States of America may
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
*/
+#ifndef LEAN_CLIENT
#include "k5-int.h"
return retval;
}
+#endif /* LEAN_CLIENT */
+
break;
delta = (*last_req)->value - now;
-
if (delta < 3600)
snprintf(banner, sizeof(banner),
"Warning: Your password will expire in less than one hour on %s",
/*
* lib/krb5/krb/in_tkt_sky.c
*
- * Copyright 1990,1991 by the Massachusetts Institute of Technology.
+ * Copyright 1990,1991, 2008 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
skey_keyproc, (krb5_const_pointer)key,
krb5_kdc_rep_decrypt_proc, 0, creds,
ccache, ret_as_reply);
+#ifndef LEAN_CLIENT
else
return krb5_get_in_tkt_with_keytab(context, options, addrs, ktypes,
pre_auth_types, NULL, ccache,
creds, ret_as_reply);
+#endif /* LEAN_CLIENT */
}
/*
* lib/krb5/krb/rd_req.c
*
- * Copyright 1990,1991 by the Massachusetts Institute of Technology.
+ * Copyright 1990,1991, 2008 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
if (!krb5_is_ap_req(inbuf))
return KRB5KRB_AP_ERR_MSG_TYPE;
+#ifndef LEAN_CLIENT
if ((retval = decode_krb5_ap_req(inbuf, &request))) {
switch (retval) {
case KRB5_BADMSGTYPE:
return KRB5KRB_AP_ERR_BADVERSION;
default:
return(retval);
- }
+ }
}
+#endif /* LEAN_CLIENT */
/* Get an auth context if necessary. */
new_auth_context = NULL;
goto cleanup_auth_context;
}
+#ifndef LEAN_CLIENT
/* Get a keytab if necessary. */
if (keytab == NULL) {
if ((retval = krb5_kt_default(context, &new_keytab)))
goto cleanup_auth_context;
keytab = new_keytab;
}
+#endif /* LEAN_CLIENT */
retval = krb5_rd_req_decoded(context, auth_context, request, server,
keytab, ap_req_options, ticket);
+#ifndef LEAN_CLIENT
if (new_keytab != NULL)
(void) krb5_kt_close(context, new_keytab);
+#endif /* LEAN_CLIENT */
cleanup_auth_context:
if (new_auth_context && retval) {
enctype = req->ticket->enc_part.enctype;
+#ifndef LEAN_CLIENT
if ((retval = krb5_kt_get_entry(context, keytab, req->ticket->server,
req->ticket->enc_part.kvno,
enctype, &ktent)))
return retval;
+#endif /* LEAN_CLIENT */
retval = krb5_decrypt_tkt_part(context, &ktent.key, req->ticket);
/* Upon error, Free keytab entry first, then return */
+#ifndef LEAN_CLIENT
(void) krb5_kt_free_entry(context, &ktent);
+#endif /* LEAN_CLIENT */
return retval;
}
(krb5_context, krb5_pointer, krb5_octet **, size_t *);
static krb5_error_code krb5_oscontext_internalize
(krb5_context,krb5_pointer *, krb5_octet **, size_t *);
+#ifndef LEAN_CLIENT
krb5_error_code profile_ser_size
(krb5_context, krb5_pointer, size_t *);
krb5_error_code profile_ser_externalize
(krb5_context, krb5_pointer, krb5_octet **, size_t *);
krb5_error_code profile_ser_internalize
(krb5_context,krb5_pointer *, krb5_octet **, size_t *);
+#endif /* LEAN_CLIENT */
/* Local data */
static const krb5_ser_entry krb5_context_ser_entry = {
krb5_oscontext_externalize, /* Externalize routine */
krb5_oscontext_internalize /* Internalize routine */
};
+#ifndef LEAN_CLIENT
static const krb5_ser_entry krb5_profile_ser_entry = {
PROF_MAGIC_PROFILE, /* Type */
profile_ser_size, /* Sizer routine */
profile_ser_externalize, /* Externalize routine */
profile_ser_internalize /* Internalize routine */
};
-\f
+#endif /* LEAN_CLIENT */
/*
* krb5_context_size() - Determine the size required to externalize the
* krb5_context.
kret = krb5_register_serializer(kcontext, &krb5_context_ser_entry);
if (!kret)
kret = krb5_register_serializer(kcontext, &krb5_oscontext_ser_entry);
+#ifndef LEAN_CLIENT
if (!kret)
kret = krb5_register_serializer(kcontext, &krb5_profile_ser_entry);
+#endif /* LEAN_CLIENT */
return(kret);
}
/*
* lib/krb5/krb/srv_dec_tkt.c
*
- * Copyright 2006 by the Massachusetts Institute of Technology.
+ * Copyright 2006, 2008 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
#include <k5-int.h>
+#ifndef LEAN_CLIENT
krb5_error_code KRB5_CALLCONV
krb5int_server_decrypt_ticket_keyblock(krb5_context context,
const krb5_keyblock *key,
(void) krb5_kt_free_entry(context, &ktent);
return retval;
}
+#endif /* LEAN_CLIENT */
+
err = krb5int_rc_finish_init();
if (err)
return err;
+#ifndef LEAN_CLIENT
err = krb5int_kt_initialize();
if (err)
return err;
+#endif /* LEAN_CLIENT */
err = krb5int_cc_initialize();
if (err)
return err;
k5_mutex_destroy(&krb5int_us_time_mutex);
krb5int_cc_finalize();
+#ifndef LEAN_CLIENT
krb5int_kt_finalize();
+#endif /* LEAN_CLIENT */
krb5int_rc_terminate();
#if defined(_WIN32) || defined(USE_CCAPI)
#undef SC
S (krb5int_c_mandatory_cksumtype, krb5int_c_mandatory_cksumtype),
- S (krb5_ser_pack_int64, krb5_ser_pack_int64),
- S (krb5_ser_unpack_int64, krb5_ser_unpack_int64),
+#ifndef LEAN_CLIENT
+#define SC(FIELD, VAL) S(FIELD, VAL)
+#else /* disable */
+#define SC(FIELD, VAL) S(FIELD, 0)
+#endif
+ SC (krb5_ser_pack_int64, krb5_ser_pack_int64),
+ SC (krb5_ser_unpack_int64, krb5_ser_unpack_int64),
+#undef SC
#ifdef ENABLE_LDAP
#define SC(FIELD, VAL) S(FIELD, VAL)
profile_clear_relation
profile_rename_section
profile_add_relation
-profile_ser_internalize
-profile_ser_externalize
-profile_ser_size
krb5_is_referral_realm
krb5_c_encrypt
krb5_c_decrypt
krb5_get_init_creds_opt_set_change_password_prompt
krb5_get_init_creds_opt_set_pa
krb5_get_init_creds_password
-krb5_get_init_creds_keytab
-krb5_verify_init_creds_opt_init
-krb5_verify_init_creds
krb5_get_validated_creds
krb5_get_renewed_creds
krb5_decode_ticket
gss_inquire_cred_by_mech
gss_inquire_context
gss_wrap_size_limit
-gss_export_sec_context
-gss_import_sec_context
gss_release_oid
gss_create_empty_oid_set
gss_add_oid_set_member
free(profile);
}
+#ifndef LEAN_CLIENT
/*
* Here begins the profile serialization functions.
*/
}
return(retval);
}
+#endif /* LEAN_CLIENT */
+