From: Greg Hudson Date: Wed, 25 Nov 2009 23:09:07 +0000 (+0000) Subject: Defer the conversion of the gic options structure to the extended form X-Git-Tag: krb5-1.8-alpha1~145 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=1ea7f1d6b0d7a51468f2258b33ba7b9b657f962e;p=krb5.git Defer the conversion of the gic options structure to the extended form until we reach krb5_get_init_creds. Rename that function to krb5int_get_init_creds since it isn't public. Also stop exporting it. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23357 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/include/k5-int.h b/src/include/k5-int.h index 3d5268836..743484fe1 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -1242,15 +1242,15 @@ typedef krb5_error_code krb5_keyblock *as_key, void *gak_data); krb5_error_code KRB5_CALLCONV -krb5_get_init_creds(krb5_context context, krb5_creds *creds, - krb5_principal client, krb5_prompter_fct prompter, - void *prompter_data, krb5_deltat start_time, - char *in_tkt_service, krb5_gic_opt_ext *gic_options, - krb5_gic_get_as_key_fct gak, void *gak_data, - int *master, krb5_kdc_rep **as_reply); +krb5int_get_init_creds(krb5_context context, krb5_creds *creds, + krb5_principal client, krb5_prompter_fct prompter, + void *prompter_data, krb5_deltat start_time, + char *in_tkt_service, krb5_get_init_creds_opt *options, + krb5_gic_get_as_key_fct gak, void *gak_data, + int *master, krb5_kdc_rep **as_reply); krb5_error_code -krb5int_populate_gic_opt (krb5_context, krb5_gic_opt_ext **, +krb5int_populate_gic_opt (krb5_context, krb5_get_init_creds_opt **, krb5_flags options, krb5_address *const *addrs, krb5_enctype *ktypes, krb5_preauthtype *pre_auth_types, krb5_creds *creds); diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c index 15da288bf..d8849ecf4 100644 --- a/src/lib/krb5/krb/get_in_tkt.c +++ b/src/lib/krb5/krb/get_in_tkt.c @@ -1058,18 +1058,18 @@ build_in_tkt_name(krb5_context context, } krb5_error_code KRB5_CALLCONV -krb5_get_init_creds(krb5_context context, - krb5_creds *creds, - krb5_principal client, - krb5_prompter_fct prompter, - void *prompter_data, - krb5_deltat start_time, - char *in_tkt_service, - krb5_gic_opt_ext *options, - krb5_gic_get_as_key_fct gak_fct, - void *gak_data, - int *use_master, - krb5_kdc_rep **as_reply) +krb5int_get_init_creds(krb5_context context, + krb5_creds *creds, + krb5_principal client, + krb5_prompter_fct prompter, + void *prompter_data, + krb5_deltat start_time, + char *in_tkt_service, + krb5_get_init_creds_opt *opts, + krb5_gic_get_as_key_fct gak_fct, + void *gak_data, + int *use_master, + krb5_kdc_rep **as_reply) { krb5_error_code ret; krb5_kdc_req request; @@ -1094,7 +1094,7 @@ krb5_get_init_creds(krb5_context context, krb5_boolean retry = 0; struct krb5int_fast_request_state *fast_state = NULL; krb5_pa_data **out_padata = NULL; - + krb5_gic_opt_ext *options = NULL; /* initialize everything which will be freed at cleanup */ @@ -1129,6 +1129,11 @@ krb5_get_init_creds(krb5_context context, if (ret) goto cleanup; + ret = krb5int_gic_opt_to_opte(context, opts, &options, 1, + "krb5int_get_init_creds"); + if (ret) + goto cleanup; + /* * Set up the basic request structure */ @@ -1644,6 +1649,10 @@ cleanup: krb5_free_kdc_rep(context, local_as_reply); if (referred_client.realm.data) krb5_free_data_contents(context, &referred_client.realm); + if (krb5_gic_opt_is_shadowed(options)) { + krb5_get_init_creds_opt_free(context, + (krb5_get_init_creds_opt *)options); + } return(ret); } diff --git a/src/lib/krb5/krb/gic_keytab.c b/src/lib/krb5/krb/gic_keytab.c index 43b9fb760..b6341778d 100644 --- a/src/lib/krb5/krb/gic_keytab.c +++ b/src/lib/krb5/krb/gic_keytab.c @@ -88,7 +88,6 @@ krb5_get_init_creds_keytab(krb5_context context, krb5_error_code ret, ret2; int use_master; krb5_keytab keytab; - krb5_gic_opt_ext *opte = NULL; if (arg_keytab == NULL) { if ((ret = krb5_kt_default(context, &keytab))) @@ -97,19 +96,14 @@ krb5_get_init_creds_keytab(krb5_context context, keytab = arg_keytab; } - ret = krb5int_gic_opt_to_opte(context, options, &opte, 1, - "krb5_get_init_creds_keytab"); - if (ret) - return ret; - use_master = 0; /* first try: get the requested tkt from any kdc */ - ret = krb5_get_init_creds(context, creds, client, NULL, NULL, - start_time, in_tkt_service, opte, - get_as_key_keytab, (void *) keytab, - &use_master,NULL); + ret = krb5int_get_init_creds(context, creds, client, NULL, NULL, + start_time, in_tkt_service, options, + get_as_key_keytab, (void *) keytab, + &use_master,NULL); /* check for success */ @@ -127,10 +121,10 @@ krb5_get_init_creds_keytab(krb5_context context, if (!use_master) { use_master = 1; - ret2 = krb5_get_init_creds(context, creds, client, NULL, NULL, - start_time, in_tkt_service, opte, - get_as_key_keytab, (void *) keytab, - &use_master, NULL); + ret2 = krb5int_get_init_creds(context, creds, client, NULL, NULL, + start_time, in_tkt_service, options, + get_as_key_keytab, (void *) keytab, + &use_master, NULL); if (ret2 == 0) { ret = 0; @@ -152,8 +146,6 @@ krb5_get_init_creds_keytab(krb5_context context, do any prompting or changing for keytabs, that's it. */ cleanup: - if (opte && krb5_gic_opt_is_shadowed(opte)) - krb5_get_init_creds_opt_free(context, (krb5_get_init_creds_opt *)opte); if (arg_keytab == NULL) krb5_kt_close(context, keytab); @@ -167,13 +159,13 @@ krb5_get_in_tkt_with_keytab(krb5_context context, krb5_flags options, krb5_creds *creds, krb5_kdc_rep **ret_as_reply) { krb5_error_code retval; - krb5_gic_opt_ext *opte; + krb5_get_init_creds_opt *opts; char * server = NULL; krb5_keytab keytab; krb5_principal client_princ, server_princ; int use_master = 0; - retval = krb5int_populate_gic_opt(context, &opte, + retval = krb5int_populate_gic_opt(context, &opts, options, addrs, ktypes, pre_auth_types, creds); if (retval) @@ -191,14 +183,13 @@ krb5_get_in_tkt_with_keytab(krb5_context context, krb5_flags options, goto cleanup; server_princ = creds->server; client_princ = creds->client; - retval = krb5_get_init_creds (context, - creds, creds->client, - krb5_prompter_posix, NULL, - 0, server, opte, - get_as_key_keytab, (void *)keytab, - &use_master, ret_as_reply); + retval = krb5int_get_init_creds(context, creds, creds->client, + krb5_prompter_posix, NULL, + 0, server, opts, + get_as_key_keytab, (void *)keytab, + &use_master, ret_as_reply); krb5_free_unparsed_name( context, server); - krb5_get_init_creds_opt_free(context, (krb5_get_init_creds_opt *)opte); + krb5_get_init_creds_opt_free(context, opts); if (retval) { goto cleanup; } diff --git a/src/lib/krb5/krb/gic_pwd.c b/src/lib/krb5/krb/gic_pwd.c index 84e5b4965..aad0a4162 100644 --- a/src/lib/krb5/krb/gic_pwd.c +++ b/src/lib/krb5/krb/gic_pwd.c @@ -103,8 +103,6 @@ krb5_get_init_creds_password(krb5_context context, char banner[1024], pw0array[1024], pw1array[1024]; krb5_prompt prompt[2]; krb5_prompt_type prompt_types[sizeof(prompt)/sizeof(prompt[0])]; - krb5_gic_opt_ext *opte = NULL; - krb5_gic_opt_ext *chpw_opte = NULL; use_master = 0; as_reply = NULL; @@ -127,17 +125,12 @@ krb5_get_init_creds_password(krb5_context context, pw1.data[0] = '\0'; pw1.length = sizeof(pw1array); - ret = krb5int_gic_opt_to_opte(context, options, &opte, 1, - "krb5_get_init_creds_password"); - if (ret) - goto cleanup; - /* first try: get the requested tkt from any kdc */ - ret = krb5_get_init_creds(context, creds, client, prompter, data, - start_time, in_tkt_service, opte, - krb5_get_as_key_password, (void *) &pw0, - &use_master, &as_reply); + ret = krb5int_get_init_creds(context, creds, client, prompter, data, + start_time, in_tkt_service, options, + krb5_get_as_key_password, (void *) &pw0, + &use_master, &as_reply); /* check for success */ @@ -162,10 +155,10 @@ krb5_get_init_creds_password(krb5_context context, krb5_free_kdc_rep( context, as_reply); as_reply = NULL; } - ret2 = krb5_get_init_creds(context, creds, client, prompter, data, - start_time, in_tkt_service, opte, - krb5_get_as_key_password, (void *) &pw0, - &use_master, &as_reply); + ret2 = krb5int_get_init_creds(context, creds, client, prompter, data, + start_time, in_tkt_service, options, + krb5_get_as_key_password, (void *) &pw0, + &use_master, &as_reply); if (ret2 == 0) { ret = 0; @@ -216,16 +209,12 @@ krb5_get_init_creds_password(krb5_context context, krb5_get_init_creds_opt_set_renew_life(chpw_opts, 0); krb5_get_init_creds_opt_set_forwardable(chpw_opts, 0); krb5_get_init_creds_opt_set_proxiable(chpw_opts, 0); - ret = krb5int_gic_opt_to_opte(context, chpw_opts, &chpw_opte, 0, - "krb5_get_init_creds_password (changing password)"); - if (ret) - goto cleanup; - if ((ret = krb5_get_init_creds(context, &chpw_creds, client, - prompter, data, - start_time, "kadmin/changepw", chpw_opte, - krb5_get_as_key_password, (void *) &pw0, - &use_master, NULL))) + if ((ret = krb5int_get_init_creds(context, &chpw_creds, client, + prompter, data, + start_time, "kadmin/changepw", chpw_opts, + krb5_get_as_key_password, (void *) &pw0, + &use_master, NULL))) goto cleanup; prompt[0].prompt = "Enter new password"; @@ -313,10 +302,10 @@ krb5_get_init_creds_password(krb5_context context, from the master. this is the last try. the return from this is final. */ - ret = krb5_get_init_creds(context, creds, client, prompter, data, - start_time, in_tkt_service, opte, - krb5_get_as_key_password, (void *) &pw0, - &use_master, &as_reply); + ret = krb5int_get_init_creds(context, creds, client, prompter, data, + start_time, in_tkt_service, options, + krb5_get_as_key_password, (void *) &pw0, + &use_master, &as_reply); cleanup: krb5int_set_prompt_types(context, 0); @@ -397,8 +386,6 @@ cleanup: if (chpw_opts) krb5_get_init_creds_opt_free(context, chpw_opts); - if (opte && krb5_gic_opt_is_shadowed(opte)) - krb5_get_init_creds_opt_free(context, (krb5_get_init_creds_opt *)opte); memset(pw0array, 0, sizeof(pw0array)); memset(pw1array, 0, sizeof(pw1array)); krb5_free_cred_contents(context, &chpw_creds); @@ -409,7 +396,7 @@ cleanup: } krb5_error_code -krb5int_populate_gic_opt(krb5_context context, krb5_gic_opt_ext **opte, +krb5int_populate_gic_opt(krb5_context context, krb5_get_init_creds_opt **out, krb5_flags options, krb5_address *const *addrs, krb5_enctype *ktypes, krb5_preauthtype *pre_auth_types, krb5_creds *creds) @@ -419,7 +406,7 @@ krb5int_populate_gic_opt(krb5_context context, krb5_gic_opt_ext **opte, krb5_get_init_creds_opt *opt; krb5_error_code retval; - *opte = NULL; + *out = NULL; retval = krb5_get_init_creds_opt_alloc(context, &opt); if (retval) return(retval); @@ -449,8 +436,8 @@ krb5int_populate_gic_opt(krb5_context context, krb5_gic_opt_ext **opte, if (creds->times.starttime) starttime = creds->times.starttime; krb5_get_init_creds_opt_set_tkt_life(opt, creds->times.endtime - starttime); } - return krb5int_gic_opt_to_opte(context, opt, opte, 0, - "krb5int_populate_gic_opt"); + *out = opt; + return 0; cleanup: krb5_get_init_creds_opt_free(context, opt); return retval; @@ -489,7 +476,7 @@ krb5_get_in_tkt_with_password(krb5_context context, krb5_flags options, char * server; krb5_principal server_princ, client_princ; int use_master = 0; - krb5_gic_opt_ext *opte = NULL; + krb5_get_init_creds_opt *opts = NULL; pw0.data = pw0array; if (password && password[0]) { @@ -500,26 +487,25 @@ krb5_get_in_tkt_with_password(krb5_context context, krb5_flags options, pw0.data[0] = '\0'; pw0.length = sizeof(pw0array); } - retval = krb5int_populate_gic_opt(context, &opte, + retval = krb5int_populate_gic_opt(context, &opts, options, addrs, ktypes, pre_auth_types, creds); if (retval) return (retval); retval = krb5_unparse_name( context, creds->server, &server); if (retval) { - krb5_get_init_creds_opt_free(context, (krb5_get_init_creds_opt *)opte); + krb5_get_init_creds_opt_free(context, opts); return (retval); } server_princ = creds->server; client_princ = creds->client; - retval = krb5_get_init_creds (context, - creds, creds->client, - krb5_prompter_posix, NULL, - 0, server, opte, - krb5_get_as_key_password, &pw0, - &use_master, ret_as_reply); + retval = krb5int_get_init_creds(context, creds, creds->client, + krb5_prompter_posix, NULL, + 0, server, opts, + krb5_get_as_key_password, &pw0, + &use_master, ret_as_reply); krb5_free_unparsed_name( context, server); - krb5_get_init_creds_opt_free(context, (krb5_get_init_creds_opt *)opte); + krb5_get_init_creds_opt_free(context, opts); if (retval) { return (retval); } diff --git a/src/lib/krb5/krb/s4u_creds.c b/src/lib/krb5/krb/s4u_creds.c index 473386576..c0c9fe269 100644 --- a/src/lib/krb5/krb/s4u_creds.c +++ b/src/lib/krb5/krb/s4u_creds.c @@ -66,7 +66,6 @@ s4u_identify_user(krb5_context context, krb5_creds creds; int use_master = 0; krb5_get_init_creds_opt *opts = NULL; - krb5_gic_opt_ext *opte = NULL; krb5_principal_data client_data; krb5_principal client; krb5_s4u_userid userid; @@ -98,10 +97,6 @@ s4u_identify_user(krb5_context context, krb5_get_init_creds_opt_set_proxiable(opts, 0); krb5_get_init_creds_opt_set_canonicalize(opts, 1); krb5_get_init_creds_opt_set_preauth_list(opts, ptypes, 1); - code = krb5int_gic_opt_to_opte(context, opts, &opte, - 0, "s4u_identify_user"); - if (code != 0) - goto cleanup; if (in_creds->client != NULL) client = in_creds->client; @@ -115,10 +110,10 @@ s4u_identify_user(krb5_context context, client = &client_data; } - code = krb5_get_init_creds(context, &creds, client, - NULL, NULL, 0, NULL, opte, - krb5_get_as_key_noop, &userid, - &use_master, NULL); + code = krb5int_get_init_creds(context, &creds, client, + NULL, NULL, 0, NULL, opts, + krb5_get_as_key_noop, &userid, + &use_master, NULL); if (code == 0 || code == KDC_ERR_PREAUTH_REQUIRED || code == KDC_ERR_PREAUTH_FAILED) { diff --git a/src/lib/krb5/libkrb5.exports b/src/lib/krb5/libkrb5.exports index 8ef3a9dc0..26b3da61d 100644 --- a/src/lib/krb5/libkrb5.exports +++ b/src/lib/krb5/libkrb5.exports @@ -323,7 +323,6 @@ krb5_get_in_tkt krb5_get_in_tkt_with_keytab krb5_get_in_tkt_with_password krb5_get_in_tkt_with_skey -krb5_get_init_creds krb5_get_init_creds_keytab krb5_get_init_creds_opt_alloc krb5_get_init_creds_opt_free