From: Chris Provenzano Date: Fri, 13 Jan 1995 21:13:02 +0000 (+0000) Subject: Removed all references to DECLARG and OLDDECLARG. X-Git-Tag: krb5-1.0-beta5~847 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=76b4a6c8894254b2e1e71442c1a7cd21e56aa7d3;p=krb5.git Removed all references to DECLARG and OLDDECLARG. Added krb5_context to all krb5_routines git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@4808 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/lib/des425/ChangeLog b/src/lib/des425/ChangeLog index cf76d7637..6f73c5aad 100644 --- a/src/lib/des425/ChangeLog +++ b/src/lib/des425/ChangeLog @@ -1,3 +1,7 @@ +Fri Jan 13 15:23:47 1995 Chris Provenzano (proven@mit.edu) + + * Added krb5_context to all krb5_routines + Thu Nov 3 18:29:10 1994 Mark Eichin (eichin@cygnus.com) * pcbc_encrypt.c: moved from f_pcbc.c in lib/crypto/des, and diff --git a/src/lib/des425/read_passwd.c b/src/lib/des425/read_passwd.c index c1b6c3ebe..a618859e3 100644 --- a/src/lib/des425/read_passwd.c +++ b/src/lib/des425/read_passwd.c @@ -49,7 +49,7 @@ des_read_password/*_v4_compat_crock*/(k,prompt,verify) strcpy(prompt2, "Verifying, please re-enter "); strncat(prompt2, prompt, sizeof(prompt2)-(strlen(prompt2)+1)); } - ok = krb5_read_password(prompt, verify ? prompt2 : 0, + ok = krb5_read_password(global_context, prompt, verify ? prompt2 : 0, key_string, &string_size); if (ok == 0) diff --git a/src/lib/des425/string2key.c b/src/lib/des425/string2key.c index a42476f72..826065c2b 100644 --- a/src/lib/des425/string2key.c +++ b/src/lib/des425/string2key.c @@ -51,14 +51,11 @@ extern int des_debug; returns: errors */ -krb5_error_code mit_des_string_to_key (DECLARG(const krb5_keytype, keytype), - DECLARG(krb5_keyblock *,keyblock), - DECLARG(const krb5_data *,data), - DECLARG(krb5_const_principal, princ)) -OLDDECLARG(const krb5_keytype, keytype) -OLDDECLARG(krb5_keyblock *,keyblock) -OLDDECLARG(const krb5_data *,data) -OLDDECLARG(krb5_const_principal, princ) +krb5_error_code mit_des_string_to_key (keytype, keyblock, data, princ) + const krb5_keytype keytype; + krb5_keyblock * keyblock; + const krb5_data * data; + krb5_const_principal princ; { char copystr[512]; diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog index f96624871..2f29814c5 100644 --- a/src/lib/gssapi/krb5/ChangeLog +++ b/src/lib/gssapi/krb5/ChangeLog @@ -1,3 +1,7 @@ +Fri Jan 13 15:23:47 1995 Chris Provenzano (proven@mit.edu) + + * Added krb5_context to all krb5_routines + Mon Jan 9 19:27:55 1995 Theodore Y. Ts'o (tytso@dcl) * display_name.c (krb5_gss_display_name): gss_display_name() diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c index e76bc1b5a..f703da86d 100644 --- a/src/lib/gssapi/krb5/accept_sec_context.c +++ b/src/lib/gssapi/krb5/accept_sec_context.c @@ -25,7 +25,9 @@ #include #include -static krb5_error_code rd_req_keyproc(keyprocarg, server, kvno, keyblock) +static krb5_error_code +rd_req_keyproc(context, keyprocarg, server, kvno, keyblock) + krb5_context context; krb5_pointer keyprocarg; krb5_principal server; krb5_kvno kvno; @@ -35,18 +37,20 @@ static krb5_error_code rd_req_keyproc(keyprocarg, server, kvno, keyblock) krb5_error_code code; krb5_keytab_entry ktentry; - if (code = krb5_kt_get_entry((krb5_keytab) keyprocarg, server, kvno, - &ktentry)) + if (code = krb5_kt_get_entry(context, (krb5_keytab) keyprocarg, server, + kvno, &ktentry)) return(code); - code = krb5_copy_keyblock(&ktentry.key, keyblock); + code = krb5_copy_keyblock(context, &ktentry.key, keyblock); - (void) krb5_kt_free_entry(&ktentry); + (void) krb5_kt_free_entry(context, &ktentry); return(code); } -static krb5_error_code make_ap_rep(authdat, subkey, seq_send, token) +static krb5_error_code +make_ap_rep(context, authdat, subkey, seq_send, token) + krb5_context context; krb5_tkt_authent *authdat; krb5_keyblock *subkey; krb5_int32 *seq_send; @@ -64,11 +68,12 @@ static krb5_error_code make_ap_rep(authdat, subkey, seq_send, token) ap_rep_data.cusec = authdat->authenticator->cusec; ap_rep_data.subkey = authdat->authenticator->subkey; - if (code = krb5_generate_seq_number(authdat->ticket->enc_part2->session, + if (code = krb5_generate_seq_number(context, + authdat->ticket->enc_part2->session, &ap_rep_data.seq_number)) return(code); - if (code = krb5_mk_rep(&ap_rep_data, subkey, &ap_rep)) + if (code = krb5_mk_rep(context, &ap_rep_data, subkey, &ap_rep)) return(code); /* build up the token */ @@ -104,11 +109,13 @@ static krb5_error_code make_ap_rep(authdat, subkey, seq_send, token) return(0); } -OM_uint32 krb5_gss_accept_sec_context(minor_status, context_handle, - verifier_cred_handle, input_token, - input_chan_bindings, src_name, mech_type, - output_token, ret_flags, time_rec, - delegated_cred_handle) +OM_uint32 +krb5_gss_accept_sec_context(context, minor_status, context_handle, + verifier_cred_handle, input_token, + input_chan_bindings, src_name, mech_type, + output_token, ret_flags, time_rec, + delegated_cred_handle) + krb5_context context; OM_uint32 *minor_status; gss_ctx_id_t *context_handle; gss_cred_id_t verifier_cred_handle; @@ -212,8 +219,9 @@ OM_uint32 krb5_gss_accept_sec_context(minor_status, context_handle, /* get the rcache pointer */ if (code = - krb5_get_server_rcache(krb5_princ_component(cred->princ, - ((krb5_princ_size(cred->princ)>1)?1:0)), + krb5_get_server_rcache(context, + krb5_princ_component(context, cred->princ, + ((krb5_princ_size(context, cred->princ)>1)?1:0)), &rcache)) { *minor_status = code; return(GSS_S_FAILURE); @@ -221,22 +229,23 @@ OM_uint32 krb5_gss_accept_sec_context(minor_status, context_handle, /* decode the message */ - if (code = krb5_rd_req(&ap_req, cred->princ, paddr, NULL, &rd_req_keyproc, - (krb5_pointer) cred->keytab, rcache, &authdat)) { - (void) krb5_rc_close(rcache); + if (code = krb5_rd_req(context, &ap_req, cred->princ, paddr, NULL, + &rd_req_keyproc, (krb5_pointer) cred->keytab, + rcache, &authdat)) { + (void) krb5_rc_close(context, rcache); *minor_status = code; return(GSS_S_FAILURE); } /* close and free the rcache */ - krb5_rc_close(rcache); + krb5_rc_close(context, rcache); /* make sure the necessary parts of the authdat are present */ if ((authdat->authenticator->subkey == NULL) || (authdat->ticket->enc_part2 == NULL)) { - krb5_free_tkt_authent(authdat); + krb5_free_tkt_authent(context, authdat); *minor_status = KG_NO_SUBKEY; return(GSS_S_FAILURE); } @@ -248,7 +257,7 @@ OM_uint32 krb5_gss_accept_sec_context(minor_status, context_handle, can interoperate with an implementation whcih supports negotiation */ if ((authdat->authenticator->checksum->checksum_type != CKSUMTYPE_KG_CB) || (authdat->authenticator->checksum->length < 24)) { - krb5_free_tkt_authent(authdat); + krb5_free_tkt_authent(context, authdat); *minor_status = 0; return(GSS_S_BAD_BINDINGS); } @@ -275,7 +284,7 @@ OM_uint32 krb5_gss_accept_sec_context(minor_status, context_handle, if (tmp != RSA_MD5_CKSUM_LENGTH) { xfree(md5.contents); - krb5_free_tkt_authent(authdat); + krb5_free_tkt_authent(context, authdat); *minor_status = KG_BAD_LENGTH; return(GSS_S_FAILURE); } @@ -285,7 +294,7 @@ OM_uint32 krb5_gss_accept_sec_context(minor_status, context_handle, if (code = kg_checksum_channel_bindings(input_chan_bindings, &md5, bigend)) { - krb5_free_tkt_authent(authdat); + krb5_free_tkt_authent(context, authdat); *minor_status = code; return(GSS_S_FAILURE); } @@ -293,7 +302,7 @@ OM_uint32 krb5_gss_accept_sec_context(minor_status, context_handle, TREAD_STR(ptr, ptr2, md5.length); if (memcmp(ptr2, md5.contents, md5.length) != 0) { xfree(md5.contents); - krb5_free_tkt_authent(authdat); + krb5_free_tkt_authent(context, authdat); *minor_status = 0; return(GSS_S_BAD_BINDINGS); } @@ -316,43 +325,43 @@ OM_uint32 krb5_gss_accept_sec_context(minor_status, context_handle, ctx->cred = cred; ctx->big_endian = bigend; - if (code = krb5_copy_principal(cred->princ, &ctx->here)) { + if (code = krb5_copy_principal(context, cred->princ, &ctx->here)) { xfree(ctx); - krb5_free_tkt_authent(authdat); + krb5_free_tkt_authent(context, authdat); *minor_status = code; return(GSS_S_FAILURE); } - if (code = krb5_copy_principal(authdat->authenticator->client, + if (code = krb5_copy_principal(context, authdat->authenticator->client, &ctx->there)) { - krb5_free_principal(ctx->here); + krb5_free_principal(context, ctx->here); xfree(ctx); - krb5_free_tkt_authent(authdat); + krb5_free_tkt_authent(context, authdat); *minor_status = code; return(GSS_S_FAILURE); } - if (code = krb5_copy_keyblock(authdat->authenticator->subkey, + if (code = krb5_copy_keyblock(context, authdat->authenticator->subkey, &ctx->subkey)) { - krb5_free_principal(ctx->there); - krb5_free_principal(ctx->here); + krb5_free_principal(context, ctx->there); + krb5_free_principal(context, ctx->here); xfree(ctx); - krb5_free_tkt_authent(authdat); + krb5_free_tkt_authent(context, authdat); *minor_status = code; return(GSS_S_FAILURE); } /* fill in the encryption descriptors */ - krb5_use_cstype(&ctx->enc.eblock, ETYPE_RAW_DES_CBC); + krb5_use_cstype(context, &ctx->enc.eblock, ETYPE_RAW_DES_CBC); ctx->enc.processed = 0; - if (code = krb5_copy_keyblock(ctx->subkey, &ctx->enc.key)) + if (code = krb5_copy_keyblock(context, ctx->subkey, &ctx->enc.key)) return(code); for (i=0; ienc.key->length; i++) /*SUPPRESS 113*/ ctx->enc.key->contents[i] ^= 0xf0; - krb5_use_cstype(&ctx->seq.eblock, ETYPE_RAW_DES_CBC); + krb5_use_cstype(context, &ctx->seq.eblock, ETYPE_RAW_DES_CBC); ctx->seq.processed = 0; ctx->seq.key = ctx->subkey; @@ -369,9 +378,9 @@ OM_uint32 krb5_gss_accept_sec_context(minor_status, context_handle, if (ctx->mutual) { if (code = make_ap_rep(authdat, ctx->subkey, &ctx->seq_send, &token)) { - (void)krb5_gss_delete_sec_context(minor_status, (gss_ctx_id_t *) &ctx, - NULL); - krb5_free_tkt_authent(authdat); + (void)krb5_gss_delete_sec_context(context, minor_status, + (gss_ctx_id_t *) &ctx, NULL); + krb5_free_tkt_authent(context, authdat); *minor_status = code; return(GSS_S_FAILURE); } @@ -382,16 +391,16 @@ OM_uint32 krb5_gss_accept_sec_context(minor_status, context_handle, } /* done with authdat! */ - krb5_free_tkt_authent(authdat); + krb5_free_tkt_authent(context, authdat); /* set the return arguments */ if (src_name) { - if (code = krb5_copy_principal(ctx->there, &name)) { + if (code = krb5_copy_principal(context, ctx->there, &name)) { if (token.value) xfree(token.value); - (void)krb5_gss_delete_sec_context(minor_status, (gss_ctx_id_t *) &ctx, - NULL); + (void)krb5_gss_delete_sec_context(context, minor_status, + (gss_ctx_id_t *) &ctx, NULL); *minor_status = code; return(GSS_S_FAILURE); } @@ -401,12 +410,12 @@ OM_uint32 krb5_gss_accept_sec_context(minor_status, context_handle, *mech_type = (gss_OID) gss_mech_krb5; if (time_rec) { - if (code = krb5_timeofday(&now)) { + if (code = krb5_timeofday(context, &now)) { if (src_name) - krb5_free_principal(name); + krb5_free_principal(context, name); xfree(token.value); - (void)krb5_gss_delete_sec_context(minor_status, (gss_ctx_id_t *) &ctx, - NULL); + (void)krb5_gss_delete_sec_context(context, minor_status, + (gss_ctx_id_t *) &ctx, NULL); *minor_status = code; return(GSS_S_FAILURE); } @@ -422,10 +431,10 @@ OM_uint32 krb5_gss_accept_sec_context(minor_status, context_handle, if (src_name) if (! kg_save_name((gss_name_t) name)) { - krb5_free_principal(name); + krb5_free_principal(context, name); if (token.value) xfree(token.value); - (void)krb5_gss_delete_sec_context(minor_status, + (void)krb5_gss_delete_sec_context(context, minor_status, (gss_ctx_id_t *) &ctx, NULL); *minor_status = G_VALIDATE_FAILED; return(GSS_S_FAILURE); @@ -436,12 +445,12 @@ OM_uint32 krb5_gss_accept_sec_context(minor_status, context_handle, if (! kg_save_ctx_id((gss_ctx_id_t) ctx)) { if (src_name) { (void) kg_delete_name((gss_name_t) name); - krb5_free_principal(name); + krb5_free_principal(context, name); } if (token.value) xfree(token.value); - (void)krb5_gss_delete_sec_context(minor_status, (gss_ctx_id_t *) &ctx, - NULL); + (void)krb5_gss_delete_sec_context(context, minor_status, + (gss_ctx_id_t *) &ctx, NULL); *minor_status = G_VALIDATE_FAILED; return(GSS_S_FAILURE); } diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c index e951131fa..0bcf10c6e 100644 --- a/src/lib/gssapi/krb5/acquire_cred.c +++ b/src/lib/gssapi/krb5/acquire_cred.c @@ -29,8 +29,9 @@ If successful, set the keytab-specific fields in cred */ -static OM_uint32 acquire_accept_cred(minor_status, desired_name, output_princ, - cred) +static OM_uint32 +acquire_accept_cred(context, minor_status, desired_name, output_princ, cred) + krb5_context context; OM_uint32 *minor_status; gss_name_t desired_name; krb5_principal *output_princ; @@ -47,7 +48,7 @@ static OM_uint32 acquire_accept_cred(minor_status, desired_name, output_princ, /* open the default keytab */ - if (code = krb5_kt_default(&kt)) { + if (code = krb5_kt_default(context, &kt)) { *minor_status = code; return(GSS_S_CRED_UNAVAIL); } @@ -68,33 +69,33 @@ static OM_uint32 acquire_accept_cred(minor_status, desired_name, output_princ, /* iterate over the keytab searching for the principal */ - if (code = krb5_kt_start_seq_get(kt, &cur)) { + if (code = krb5_kt_start_seq_get(context, kt, &cur)) { *minor_status = code; return(GSS_S_FAILURE); } - while (!(code = krb5_kt_next_entry(kt, &entry, &cur))) { - if (krb5_principal_compare(entry.principal, princ)) { + while (!(code = krb5_kt_next_entry(context, kt, &entry, &cur))) { + if (krb5_principal_compare(context, entry.principal, princ)) { code = 0; - krb5_kt_free_entry(&entry); + krb5_kt_free_entry(context, &entry); break; } - krb5_kt_free_entry(&entry); + krb5_kt_free_entry(context, &entry); } if (code == KRB5_KT_END) { /* this means that the principal wasn't in the keytab */ - (void)krb5_kt_end_seq_get(kt, &cur); + (void)krb5_kt_end_seq_get(context, kt, &cur); *minor_status = KG_KEYTAB_NOMATCH; return(GSS_S_CRED_UNAVAIL); } else if (code) { /* this means some error occurred reading the keytab */ - (void)krb5_kt_end_seq_get(kt, &cur); + (void)krb5_kt_end_seq_get(context, kt, &cur); *minor_status = code; return(GSS_S_FAILURE); } else { /* this means that we found a matching entry */ - if (code = krb5_kt_end_seq_get(kt, &cur)) { + if (code = krb5_kt_end_seq_get(context, kt, &cur)) { *minor_status = code; return(GSS_S_FAILURE); } @@ -113,8 +114,9 @@ static OM_uint32 acquire_accept_cred(minor_status, desired_name, output_princ, If successful, set the ccache-specific fields in cred. */ -static OM_uint32 acquire_init_cred(minor_status, desired_name, output_princ, - cred) +static OM_uint32 +acquire_init_cred(context, minor_status, desired_name, output_princ, cred) + krb5_context context; OM_uint32 *minor_status; gss_name_t desired_name; krb5_principal *output_princ; @@ -132,7 +134,7 @@ static OM_uint32 acquire_init_cred(minor_status, desired_name, output_princ, /* open the default credential cache */ - if (code = krb5_cc_default(&ccache)) { + if (code = krb5_cc_default(context, &ccache)) { *minor_status = code; return(GSS_S_CRED_UNAVAIL); } @@ -140,27 +142,27 @@ static OM_uint32 acquire_init_cred(minor_status, desired_name, output_princ, /* turn off OPENCLOSE mode while extensive frobbing is going on */ flags = 0; /* turns off OPENCLOSE mode */ - if (code = krb5_cc_set_flags(ccache, flags)) { + if (code = krb5_cc_set_flags(context, ccache, flags)) { *minor_status = code; return(GSS_S_FAILURE); } /* get out the principal name and see if it matches */ - if (code = krb5_cc_get_principal(ccache, &princ)) { - (void)krb5_cc_close(ccache); + if (code = krb5_cc_get_principal(context, ccache, &princ)) { + (void)krb5_cc_close(context, ccache); *minor_status = code; return(GSS_S_FAILURE); } if (desired_name != GSS_C_NO_NAME) { - if (! krb5_principal_compare(princ, (krb5_principal) desired_name)) { - (void)krb5_free_principal(princ); - (void)krb5_cc_close(ccache); + if (! krb5_principal_compare(context, princ, (krb5_principal) desired_name)) { + (void)krb5_free_principal(context, princ); + (void)krb5_cc_close(context, ccache); *minor_status = KG_CCACHE_NOMATCH; return(GSS_S_CRED_UNAVAIL); } - (void)krb5_free_principal(princ); + (void)krb5_free_principal(context, princ); princ = (krb5_principal) desired_name; } else { *output_princ = princ; @@ -168,8 +170,8 @@ static OM_uint32 acquire_init_cred(minor_status, desired_name, output_princ, /* iterate over the ccache, find the tgt */ - if (code = krb5_cc_start_seq_get(ccache, &cur)) { - (void)krb5_cc_close(ccache); + if (code = krb5_cc_start_seq_get(context, ccache, &cur)) { + (void)krb5_cc_close(context, ccache); *minor_status = code; return(GSS_S_FAILURE); } @@ -180,7 +182,7 @@ static OM_uint32 acquire_init_cred(minor_status, desired_name, output_princ, got_endtime = 0; - while (!(code = krb5_cc_next_cred(ccache, &cur, &creds))) { + while (!(code = krb5_cc_next_cred(context, ccache, &cur, &creds))) { if ((creds.server->length == 2) && (strcmp(creds.server->realm.data, princ->realm.data) == 0) && (strcmp((char *) creds.server->data[0].data, "krbtgt") == 0) && @@ -190,7 +192,7 @@ static OM_uint32 acquire_init_cred(minor_status, desired_name, output_princ, got_endtime = 1; *minor_status = 0; code = 0; - krb5_free_cred_contents(&creds); + krb5_free_cred_contents(context, &creds); break; } if (got_endtime == 0) { @@ -198,25 +200,25 @@ static OM_uint32 acquire_init_cred(minor_status, desired_name, output_princ, got_endtime = 1; *minor_status = KG_TGT_MISSING; } - krb5_free_cred_contents(&creds); + krb5_free_cred_contents(context, &creds); } if (code && code != KRB5_CC_END) { /* this means some error occurred reading the ccache */ - (void)krb5_cc_end_seq_get(ccache, &cur); - (void)krb5_cc_close(ccache); + (void)krb5_cc_end_seq_get(context, ccache, &cur); + (void)krb5_cc_close(context, ccache); *minor_status = code; return(GSS_S_FAILURE); } else { /* this means that we found an endtime to use. */ - if (code = krb5_cc_end_seq_get(ccache, &cur)) { - (void)krb5_cc_close(ccache); + if (code = krb5_cc_end_seq_get(context, ccache, &cur)) { + (void)krb5_cc_close(context, ccache); *minor_status = code; return(GSS_S_FAILURE); } flags = KRB5_TC_OPENCLOSE; /* turns on OPENCLOSE mode */ - if (code = krb5_cc_set_flags(ccache, flags)) { - (void)krb5_cc_close(ccache); + if (code = krb5_cc_set_flags(context, ccache, flags)) { + (void)krb5_cc_close(context, ccache); *minor_status = code; return(GSS_S_FAILURE); } @@ -230,9 +232,11 @@ static OM_uint32 acquire_init_cred(minor_status, desired_name, output_princ, } /*ARGSUSED*/ -OM_uint32 krb5_gss_acquire_cred(minor_status, desired_name, time_req, - desired_mechs, cred_usage, output_cred_handle, - actual_mechs, time_rec) +OM_uint32 +krb5_gss_acquire_cred(context, minor_status, desired_name, time_req, + desired_mechs, cred_usage, output_cred_handle, + actual_mechs, time_rec) + krb5_context context; OM_uint32 *minor_status; gss_name_t desired_name; OM_uint32 time_req; @@ -309,7 +313,7 @@ OM_uint32 krb5_gss_acquire_cred(minor_status, desired_name, time_req, &(cred->princ), cred)) != GSS_S_COMPLETE) { if (cred->princ) - krb5_free_principal(cred->princ); + krb5_free_principal(context, cred->princ); xfree(cred); /* minor_status set by acquire_accept_cred() */ return(ret); @@ -327,9 +331,9 @@ OM_uint32 krb5_gss_acquire_cred(minor_status, desired_name, time_req, &(cred->princ), cred)) != GSS_S_COMPLETE) { if (cred->keytab) - krb5_kt_close(cred->keytab); + krb5_kt_close(context, cred->keytab); if (cred->princ) - krb5_free_principal(cred->princ); + krb5_free_principal(context, cred->princ); xfree(cred); /* minor_status set by acquire_init_cred() */ return(ret); @@ -338,12 +342,12 @@ OM_uint32 krb5_gss_acquire_cred(minor_status, desired_name, time_req, /* if the princ wasn't filled in already, fill it in now */ if (!cred->princ) - if (code = krb5_copy_principal((krb5_principal) desired_name, + if (code = krb5_copy_principal(context, (krb5_principal) desired_name, &(cred->princ))) { if (cred->ccache) - (void)krb5_cc_close(cred->ccache); + (void)krb5_cc_close(context, cred->ccache); if (cred->keytab) - (void)krb5_kt_close(cred->keytab); + (void)krb5_kt_close(context, cred->keytab); xfree(cred); *minor_status = code; return(GSS_S_FAILURE); @@ -359,13 +363,13 @@ OM_uint32 krb5_gss_acquire_cred(minor_status, desired_name, time_req, } else { krb5_timestamp now; - if (code = krb5_timeofday(&now)) { + if (code = krb5_timeofday(context, &now)) { if (cred->ccache) - (void)krb5_cc_close(cred->ccache); + (void)krb5_cc_close(context, cred->ccache); if (cred->keytab) - (void)krb5_kt_close(cred->keytab); + (void)krb5_kt_close(context, cred->keytab); if (cred->princ) - krb5_free_principal(cred->princ); + krb5_free_principal(context, cred->princ); xfree(cred); *minor_status = code; return(GSS_S_FAILURE); @@ -380,11 +384,11 @@ OM_uint32 krb5_gss_acquire_cred(minor_status, desired_name, time_req, if (actual_mechs) { if (! g_copy_OID_set(gss_mech_set_krb5, &mechs)) { if (cred->ccache) - (void)krb5_cc_close(cred->ccache); + (void)krb5_cc_close(context, cred->ccache); if (cred->keytab) - (void)krb5_kt_close(cred->keytab); + (void)krb5_kt_close(context, cred->keytab); if (cred->princ) - krb5_free_principal(cred->princ); + krb5_free_principal(context, cred->princ); xfree(cred); *minor_status = ENOMEM; return(GSS_S_FAILURE); @@ -397,11 +401,11 @@ OM_uint32 krb5_gss_acquire_cred(minor_status, desired_name, time_req, free(mechs->elements); free(mechs); if (cred->ccache) - (void)krb5_cc_close(cred->ccache); + (void)krb5_cc_close(context, cred->ccache); if (cred->keytab) - (void)krb5_kt_close(cred->keytab); + (void)krb5_kt_close(context, cred->keytab); if (cred->princ) - krb5_free_principal(cred->princ); + krb5_free_principal(context, cred->princ); xfree(cred); *minor_status = G_VALIDATE_FAILED; return(GSS_S_FAILURE); diff --git a/src/lib/gssapi/krb5/compare_name.c b/src/lib/gssapi/krb5/compare_name.c index aac295c5a..932753600 100644 --- a/src/lib/gssapi/krb5/compare_name.c +++ b/src/lib/gssapi/krb5/compare_name.c @@ -23,7 +23,8 @@ #include "gssapiP_krb5.h" OM_uint32 -krb5_gss_compare_name(minor_status, name1, name2, name_equal) +krb5_gss_compare_name(context, minor_status, name1, name2, name_equal) + krb5_context context; OM_uint32 *minor_status; gss_name_t name1; gss_name_t name2; @@ -40,7 +41,7 @@ krb5_gss_compare_name(minor_status, name1, name2, name_equal) } *minor_status = 0; - *name_equal = krb5_principal_compare((krb5_principal) name1, + *name_equal = krb5_principal_compare(context, (krb5_principal) name1, (krb5_principal) name2); return(GSS_S_COMPLETE); } diff --git a/src/lib/gssapi/krb5/context_time.c b/src/lib/gssapi/krb5/context_time.c index 08cefda6a..02989ee31 100644 --- a/src/lib/gssapi/krb5/context_time.c +++ b/src/lib/gssapi/krb5/context_time.c @@ -23,7 +23,8 @@ #include "gssapiP_krb5.h" OM_uint32 -krb5_gss_context_time(minor_status, context_handle, time_rec) +krb5_gss_context_time(context, minor_status, context_handle, time_rec) + krb5_context context; OM_uint32 *minor_status; gss_ctx_id_t context_handle; OM_uint32 *time_rec; @@ -46,7 +47,7 @@ krb5_gss_context_time(minor_status, context_handle, time_rec) return(GSS_S_NO_CONTEXT); } - if (code = krb5_timeofday(&now)) { + if (code = krb5_timeofday(context, &now)) { *minor_status = code; return(GSS_S_FAILURE); } diff --git a/src/lib/gssapi/krb5/delete_sec_context.c b/src/lib/gssapi/krb5/delete_sec_context.c index 3e8d554e7..73bd9b05a 100644 --- a/src/lib/gssapi/krb5/delete_sec_context.c +++ b/src/lib/gssapi/krb5/delete_sec_context.c @@ -23,7 +23,8 @@ #include "gssapiP_krb5.h" OM_uint32 -krb5_gss_delete_sec_context(minor_status, context_handle, output_token) +krb5_gss_delete_sec_context(context, minor_status, context_handle, output_token) + krb5_context context; OM_uint32 *minor_status; gss_ctx_id_t *context_handle; gss_buffer_t output_token; @@ -69,15 +70,15 @@ krb5_gss_delete_sec_context(minor_status, context_handle, output_token) ctx = (gss_ctx_id_t) *context_handle; if (ctx->enc.processed) - krb5_finish_key(&ctx->enc.eblock); - krb5_free_keyblock(ctx->enc.key); + krb5_finish_key(context, &ctx->enc.eblock); + krb5_free_keyblock(context, ctx->enc.key); if (ctx->seq.processed) - krb5_finish_key(&ctx->seq.eblock); + krb5_finish_key(context, &ctx->seq.eblock); - krb5_free_principal(ctx->here); - krb5_free_principal(ctx->there); - krb5_free_keyblock(ctx->subkey); + krb5_free_principal(context, ctx->here); + krb5_free_principal(context, ctx->there); + krb5_free_keyblock(context, ctx->subkey); xfree(ctx); diff --git a/src/lib/gssapi/krb5/display_name.c b/src/lib/gssapi/krb5/display_name.c index c1f6eae36..badb61e18 100644 --- a/src/lib/gssapi/krb5/display_name.c +++ b/src/lib/gssapi/krb5/display_name.c @@ -23,8 +23,9 @@ #include "gssapiP_krb5.h" OM_uint32 -krb5_gss_display_name(minor_status, input_name, output_name_buffer, +krb5_gss_display_name(context, minor_status, input_name, output_name_buffer, output_name_type) + krb5_context context; OM_uint32 *minor_status; gss_name_t input_name; gss_buffer_t output_name_buffer; @@ -41,7 +42,7 @@ krb5_gss_display_name(minor_status, input_name, output_name_buffer, return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME); } - if (code = krb5_unparse_name((krb5_principal) input_name, &str)) { + if (code = krb5_unparse_name(context, (krb5_principal) input_name, &str)) { *minor_status = code; return(GSS_S_FAILURE); } diff --git a/src/lib/gssapi/krb5/display_status.c b/src/lib/gssapi/krb5/display_status.c index bf3771321..1cedfe5ce 100644 --- a/src/lib/gssapi/krb5/display_status.c +++ b/src/lib/gssapi/krb5/display_status.c @@ -32,8 +32,9 @@ static int init_et = 0; /**/ OM_uint32 -krb5_gss_display_status(minor_status, status_value, status_type, +krb5_gss_display_status(context, minor_status, status_value, status_type, mech_type, message_context, status_string) + krb5_context context; OM_uint32 *minor_status; OM_uint32 status_value; int status_type; @@ -55,7 +56,7 @@ krb5_gss_display_status(minor_status, status_value, status_type, message_context, status_string)); } else if (status_type == GSS_C_MECH_CODE) { if (!init_et) { - krb5_init_ets(); + krb5_init_ets(context); initialize_k5g_error_table(); init_et = 1; } diff --git a/src/lib/gssapi/krb5/gssapiP_krb5.h b/src/lib/gssapi/krb5/gssapiP_krb5.h index 95fb7bc4e..822df1898 100644 --- a/src/lib/gssapi/krb5/gssapiP_krb5.h +++ b/src/lib/gssapi/krb5/gssapiP_krb5.h @@ -91,6 +91,7 @@ typedef struct _krb5_gss_ctx_id_rec { krb5_int32 seq_recv; int established; int big_endian; + krb5_context context; } krb5_gss_ctx_id_rec, krb5_gss_ctx_id_t; extern void *kg_vdb; @@ -111,7 +112,9 @@ extern void *kg_vdb; /** helper functions **/ -OM_uint32 kg_get_defcred PROTOTYPE((OM_uint32 *minor_status, gss_cred_id_t *cred)); +OM_uint32 kg_get_defcred + PROTOTYPE((OM_uint32 *minor_status, + gss_cred_id_t *cred)); OM_uint32 kg_release_defcred PROTOTYPE((OM_uint32 *minor_status)); @@ -157,7 +160,8 @@ OM_uint32 kg_unseal PROTOTYPE((OM_uint32 *minor_status, /** declarations of internal name mechanism functions **/ OM_uint32 krb5_gss_acquire_cred -PROTOTYPE( (OM_uint32*, /* minor_status */ +PROTOTYPE( (krb5_context, + OM_uint32*, /* minor_status */ gss_name_t, /* desired_name */ OM_uint32, /* time_req */ gss_OID_set, /* desired_mechs */ @@ -168,12 +172,14 @@ PROTOTYPE( (OM_uint32*, /* minor_status */ )); OM_uint32 krb5_gss_release_cred -PROTOTYPE( (OM_uint32*, /* minor_status */ +PROTOTYPE( (krb5_context, + OM_uint32*, /* minor_status */ gss_cred_id_t* /* cred_handle */ )); OM_uint32 krb5_gss_init_sec_context -PROTOTYPE( (OM_uint32*, /* minor_status */ +PROTOTYPE( (krb5_context, + OM_uint32*, /* minor_status */ gss_cred_id_t, /* claimant_cred_handle */ gss_ctx_id_t*, /* context_handle */ gss_name_t, /* target_name */ @@ -190,7 +196,8 @@ PROTOTYPE( (OM_uint32*, /* minor_status */ )); OM_uint32 krb5_gss_accept_sec_context -PROTOTYPE( (OM_uint32*, /* minor_status */ +PROTOTYPE( (krb5_context, + OM_uint32*, /* minor_status */ gss_ctx_id_t*, /* context_handle */ gss_cred_id_t, /* verifier_cred_handle */ gss_buffer_t, /* input_token_buffer */ @@ -205,25 +212,29 @@ PROTOTYPE( (OM_uint32*, /* minor_status */ )); OM_uint32 krb5_gss_process_context_token -PROTOTYPE( (OM_uint32*, /* minor_status */ +PROTOTYPE( (krb5_context, + OM_uint32*, /* minor_status */ gss_ctx_id_t, /* context_handle */ gss_buffer_t /* token_buffer */ )); OM_uint32 krb5_gss_delete_sec_context -PROTOTYPE( (OM_uint32*, /* minor_status */ +PROTOTYPE( (krb5_context, + OM_uint32*, /* minor_status */ gss_ctx_id_t*, /* context_handle */ gss_buffer_t /* output_token */ )); OM_uint32 krb5_gss_context_time -PROTOTYPE( (OM_uint32*, /* minor_status */ +PROTOTYPE( (krb5_context, + OM_uint32*, /* minor_status */ gss_ctx_id_t, /* context_handle */ OM_uint32* /* time_rec */ )); OM_uint32 krb5_gss_sign -PROTOTYPE( (OM_uint32*, /* minor_status */ +PROTOTYPE( (krb5_context, + OM_uint32*, /* minor_status */ gss_ctx_id_t, /* context_handle */ int, /* qop_req */ gss_buffer_t, /* message_buffer */ @@ -231,7 +242,8 @@ PROTOTYPE( (OM_uint32*, /* minor_status */ )); OM_uint32 krb5_gss_verify -PROTOTYPE( (OM_uint32*, /* minor_status */ +PROTOTYPE( (krb5_context, + OM_uint32*, /* minor_status */ gss_ctx_id_t, /* context_handle */ gss_buffer_t, /* message_buffer */ gss_buffer_t, /* token_buffer */ @@ -239,7 +251,8 @@ PROTOTYPE( (OM_uint32*, /* minor_status */ )); OM_uint32 krb5_gss_seal -PROTOTYPE( (OM_uint32*, /* minor_status */ +PROTOTYPE( (krb5_context, + OM_uint32*, /* minor_status */ gss_ctx_id_t, /* context_handle */ int, /* conf_req_flag */ int, /* qop_req */ @@ -249,7 +262,8 @@ PROTOTYPE( (OM_uint32*, /* minor_status */ )); OM_uint32 krb5_gss_unseal -PROTOTYPE( (OM_uint32*, /* minor_status */ +PROTOTYPE( (krb5_context, + OM_uint32*, /* minor_status */ gss_ctx_id_t, /* context_handle */ gss_buffer_t, /* input_message_buffer */ gss_buffer_t, /* output_message_buffer */ @@ -258,7 +272,8 @@ PROTOTYPE( (OM_uint32*, /* minor_status */ )); OM_uint32 krb5_gss_display_status -PROTOTYPE( (OM_uint32*, /* minor_status */ +PROTOTYPE( (krb5_context, + OM_uint32*, /* minor_status */ OM_uint32, /* status_value */ int, /* status_type */ const_gss_OID, /* mech_type */ @@ -267,38 +282,44 @@ PROTOTYPE( (OM_uint32*, /* minor_status */ )); OM_uint32 krb5_gss_indicate_mechs -PROTOTYPE( (OM_uint32*, /* minor_status */ +PROTOTYPE( (krb5_context, + OM_uint32*, /* minor_status */ gss_OID_set* /* mech_set */ )); OM_uint32 krb5_gss_compare_name -PROTOTYPE( (OM_uint32*, /* minor_status */ +PROTOTYPE( (krb5_context, + OM_uint32*, /* minor_status */ gss_name_t, /* name1 */ gss_name_t, /* name2 */ int* /* name_equal */ )); OM_uint32 krb5_gss_display_name -PROTOTYPE( (OM_uint32*, /* minor_status */ +PROTOTYPE( (krb5_context, + OM_uint32*, /* minor_status */ gss_name_t, /* input_name */ gss_buffer_t, /* output_name_buffer */ gss_OID* /* output_name_type */ )); OM_uint32 krb5_gss_import_name -PROTOTYPE( (OM_uint32*, /* minor_status */ +PROTOTYPE( (krb5_context, + OM_uint32*, /* minor_status */ gss_buffer_t, /* input_name_buffer */ const_gss_OID, /* input_name_type */ gss_name_t* /* output_name */ )); OM_uint32 krb5_gss_release_name -PROTOTYPE( (OM_uint32*, /* minor_status */ +PROTOTYPE( (krb5_context, + OM_uint32*, /* minor_status */ gss_name_t* /* input_name */ )); OM_uint32 krb5_gss_inquire_cred -PROTOTYPE( (OM_uint32 *, /* minor_status */ +PROTOTYPE( (krb5_context, + OM_uint32 *, /* minor_status */ gss_cred_id_t, /* cred_handle */ gss_name_t *, /* name */ OM_uint32 *, /* lifetime */ @@ -307,7 +328,8 @@ PROTOTYPE( (OM_uint32 *, /* minor_status */ )); OM_uint32 krb5_gss_inquire_context -PROTOTYPE( (OM_uint32*, /* minor_status */ +PROTOTYPE( (krb5_context, + OM_uint32*, /* minor_status */ gss_ctx_id_t, /* context_handle */ gss_name_t*, /* initiator_name */ gss_name_t*, /* acceptor_name */ diff --git a/src/lib/gssapi/krb5/gssapi_krb5.c b/src/lib/gssapi/krb5/gssapi_krb5.c index da88b706c..249c12562 100644 --- a/src/lib/gssapi/krb5/gssapi_krb5.c +++ b/src/lib/gssapi/krb5/gssapi_krb5.c @@ -61,6 +61,8 @@ static const gss_OID_set_desc oidsets[] = { const gss_OID_set_desc * const gss_mech_set_krb5 = oidsets+0; +krb5_context kg_context; + void *kg_vdb = NULL; /** default credential support */ @@ -79,10 +81,10 @@ kg_get_defcred(minor_status, cred) if (defcred == GSS_C_NO_CREDENTIAL) { OM_uint32 major; - if ((major = krb5_gss_acquire_cred(minor_status, GSS_C_NO_NAME, - GSS_C_INDEFINITE, GSS_C_NULL_OID_SET, - GSS_C_INITIATE, &defcred, NULL, - NULL)) && + if ((major = krb5_gss_acquire_cred(kg_context, minor_status, + GSS_C_NO_NAME, GSS_C_INDEFINITE, + GSS_C_NULL_OID_SET, GSS_C_INITIATE, + &defcred, NULL, NULL)) && GSS_ERROR(major)) { defcred = GSS_C_NO_CREDENTIAL; return(major); @@ -103,5 +105,5 @@ kg_release_defcred(minor_status) return(GSS_S_COMPLETE); } - return(krb5_gss_release_cred(minor_status, &defcred)); + return(krb5_gss_release_cred(kg_context, minor_status, &defcred)); } diff --git a/src/lib/gssapi/krb5/gssapi_krb5.h b/src/lib/gssapi/krb5/gssapi_krb5.h index 6a8c445d7..53f247583 100644 --- a/src/lib/gssapi/krb5/gssapi_krb5.h +++ b/src/lib/gssapi/krb5/gssapi_krb5.h @@ -39,9 +39,10 @@ extern const gss_OID_desc * const gss_nt_krb5_principal; #define gss_krb5_nt_machine_uid_name gss_nt_machine_uid_name #define gss_krb5_nt_string_uid_name gss_nt_string_uid_name -OM_uint32 gss_krb5_get_tkt_flags PROTOTYPE((OM_uint32 *minor_status, - gss_ctx_id_t context_handle, - krb5_flags *ticket_flags)); +OM_uint32 gss_krb5_get_tkt_flags + PROTOTYPE((OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + krb5_flags *ticket_flags)); #endif /* _GSSAPI_KRB5_H_ */ diff --git a/src/lib/gssapi/krb5/import_name.c b/src/lib/gssapi/krb5/import_name.c index 9a839361e..47417bb66 100644 --- a/src/lib/gssapi/krb5/import_name.c +++ b/src/lib/gssapi/krb5/import_name.c @@ -36,8 +36,9 @@ */ OM_uint32 -krb5_gss_import_name(minor_status, input_name_buffer, input_name_type, - output_name) +krb5_gss_import_name(context, minor_status, input_name_buffer, + input_name_type, output_name) + krb5_context context; OM_uint32 *minor_status; gss_buffer_t input_name_buffer; const_gss_OID input_name_type; @@ -76,7 +77,7 @@ krb5_gss_import_name(minor_status, input_name_buffer, input_name_type, *host = '\0'; host++; - code = krb5_sname_to_principal(host, service, KRB5_NT_SRV_HST, + code = krb5_sname_to_principal(context, host, service, KRB5_NT_SRV_HST, &princ); xfree(tmp); @@ -91,7 +92,7 @@ krb5_gss_import_name(minor_status, input_name_buffer, input_name_type, input = *((krb5_principal *) input_name_buffer->value); - if (code = krb5_copy_principal(input, &princ)) { + if (code = krb5_copy_principal(context, input, &princ)) { *minor_status = code; return(GSS_S_FAILURE); } @@ -119,7 +120,7 @@ krb5_gss_import_name(minor_status, input_name_buffer, input_name_type, /* at this point, stringrep is set, or if not, *minor_status is. */ if (stringrep) - code = krb5_parse_name((char *) stringrep, &princ); + code = krb5_parse_name(context, (char *) stringrep, &princ); else return(GSS_S_BAD_NAME); } @@ -135,7 +136,7 @@ krb5_gss_import_name(minor_status, input_name_buffer, input_name_type, /* save the name in the validation database */ if (! kg_save_name((gss_name_t) princ)) { - krb5_free_principal(princ); + krb5_free_principal(context, princ); *minor_status = G_VALIDATE_FAILED; return(GSS_S_FAILURE); } diff --git a/src/lib/gssapi/krb5/indicate_mechs.c b/src/lib/gssapi/krb5/indicate_mechs.c index d4dff7cd2..f10087345 100644 --- a/src/lib/gssapi/krb5/indicate_mechs.c +++ b/src/lib/gssapi/krb5/indicate_mechs.c @@ -23,7 +23,8 @@ #include "gssapiP_krb5.h" OM_uint32 -krb5_gss_indicate_mechs(minor_status, mech_set) +krb5_gss_indicate_mechs(context, minor_status, mech_set) + krb5_context context; OM_uint32 *minor_status; gss_OID_set *mech_set; { diff --git a/src/lib/gssapi/krb5/init_sec_context.c b/src/lib/gssapi/krb5/init_sec_context.c index fbdd7486b..63f277716 100644 --- a/src/lib/gssapi/krb5/init_sec_context.c +++ b/src/lib/gssapi/krb5/init_sec_context.c @@ -24,8 +24,9 @@ #include static krb5_error_code -make_ap_req(cred, server, endtime, chan_bindings, do_mutual, subkey, flags, - seqnum, token) +make_ap_req(context, cred, server, endtime, chan_bindings, do_mutual, + subkey, flags, seqnum, token) + krb5_context context; krb5_gss_cred_id_t cred; krb5_principal server; krb5_timestamp *endtime; @@ -70,20 +71,20 @@ make_ap_req(cred, server, endtime, chan_bindings, do_mutual, subkey, flags, /* fill in the necessary fields in creds */ memset((char *) &creds, 0, sizeof(creds)); - if (code = krb5_copy_principal(cred->princ, &creds.client)) + if (code = krb5_copy_principal(context, cred->princ, &creds.client)) return code; - if (code = krb5_copy_principal(server, &creds.server)) { - krb5_free_cred_contents(&creds); + if (code = krb5_copy_principal(context, server, &creds.server)) { + krb5_free_cred_contents(context, &creds); return code; } creds.times.endtime = *endtime; /* call mk_req. subkey and ap_req need to be used or destroyed */ - if (code = krb5_mk_req_extended(do_mutual?AP_OPTS_MUTUAL_REQUIRED:0, + if (code = krb5_mk_req_extended(context, do_mutual?AP_OPTS_MUTUAL_REQUIRED:0, &checksum, 0, 0, subkey, cred->ccache, &creds, &authent, &ap_req)) { - krb5_free_cred_contents(&creds); + krb5_free_cred_contents(context, &creds); return(code); } @@ -94,7 +95,7 @@ make_ap_req(cred, server, endtime, chan_bindings, do_mutual, subkey, flags, /* free stuff which was created */ - krb5_free_cred_contents(&creds); + krb5_free_cred_contents(context, &creds); /* build up the token */ @@ -103,7 +104,7 @@ make_ap_req(cred, server, endtime, chan_bindings, do_mutual, subkey, flags, if ((t = (unsigned char *) xmalloc(tlen)) == NULL) { xfree(ap_req.data); - krb5_free_keyblock(*subkey); + krb5_free_keyblock(context, *subkey); return(ENOMEM); } @@ -129,11 +130,12 @@ make_ap_req(cred, server, endtime, chan_bindings, do_mutual, subkey, flags, } OM_uint32 -krb5_gss_init_sec_context(minor_status, claimant_cred_handle, +krb5_gss_init_sec_context(context, minor_status, claimant_cred_handle, context_handle, target_name, mech_type, req_flags, time_req, input_chan_bindings, input_token, actual_mech_type, output_token, ret_flags, time_rec) + krb5_context context; OM_uint32 *minor_status; gss_cred_id_t claimant_cred_handle; gss_ctx_id_t *context_handle; @@ -233,7 +235,7 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle, if (time_req == 0 || time_req == GSS_C_INDEFINITE) { ctx->endtime = 0; } else { - if (code = krb5_timeofday(&now)) { + if (code = krb5_timeofday(context, &now)) { free(ctx); *minor_status = code; return(GSS_S_FAILURE); @@ -241,15 +243,15 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle, ctx->endtime = now + time_req; } - if (code = krb5_copy_principal(cred->princ, &ctx->here)) { + if (code = krb5_copy_principal(context, cred->princ, &ctx->here)) { xfree(ctx); *minor_status = code; return(GSS_S_FAILURE); } - if (code = krb5_copy_principal((krb5_principal) target_name, + if (code = krb5_copy_principal(context, (krb5_principal) target_name, &ctx->there)) { - krb5_free_principal(ctx->here); + krb5_free_principal(context, ctx->here); xfree(ctx); *minor_status = code; return(GSS_S_FAILURE); @@ -259,8 +261,8 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle, input_chan_bindings, ctx->mutual, &ctx->subkey, &ctx->flags, &ctx->seq_send, &token)) { - krb5_free_principal(ctx->here); - krb5_free_principal(ctx->there); + krb5_free_principal(context, ctx->here); + krb5_free_principal(context, ctx->there); xfree(ctx); *minor_status = code; return(GSS_S_FAILURE); @@ -270,15 +272,15 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle, /* the encryption key is the session key XOR 0xf0f0f0f0f0f0f0f0 */ - krb5_use_cstype(&ctx->enc.eblock, ETYPE_RAW_DES_CBC); + krb5_use_cstype(context, &ctx->enc.eblock, ETYPE_RAW_DES_CBC); ctx->enc.processed = 0; - if (code = krb5_copy_keyblock(ctx->subkey, &ctx->enc.key)) + if (code = krb5_copy_keyblock(context, ctx->subkey, &ctx->enc.key)) return(code); for (i=0; ienc.key->length; i++) /*SUPPRESS 113*/ ctx->enc.key->contents[i] ^= 0xf0; - krb5_use_cstype(&ctx->seq.eblock, ETYPE_RAW_DES_CBC); + krb5_use_cstype(context, &ctx->seq.eblock, ETYPE_RAW_DES_CBC); ctx->seq.processed = 0; ctx->seq.key = ctx->subkey; @@ -289,9 +291,9 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle, if (! kg_save_ctx_id((gss_ctx_id_t) ctx)) { xfree(token.value); - krb5_free_keyblock(ctx->subkey); - krb5_free_principal(ctx->here); - krb5_free_principal(ctx->there); + krb5_free_keyblock(context, ctx->subkey); + krb5_free_principal(context, ctx->here); + krb5_free_principal(context, ctx->there); xfree(ctx); *minor_status = G_VALIDATE_FAILED; @@ -301,10 +303,10 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle, /* compute time_rec */ if (time_rec) { - if (code = krb5_timeofday(&now)) { + if (code = krb5_timeofday(context, &now)) { xfree(token.value); - (void)krb5_gss_delete_sec_context(minor_status, (gss_ctx_id_t) ctx, - NULL); + (void)krb5_gss_delete_sec_context(context, minor_status, + (gss_ctx_id_t) ctx, NULL); *minor_status = code; return(GSS_S_FAILURE); } @@ -352,13 +354,16 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle, if ((ctx->established) || (((gss_cred_id_t) ctx->cred) != claimant_cred_handle) || ((req_flags & GSS_C_MUTUAL_FLAG) == 0)) { - (void)krb5_gss_delete_sec_context(minor_status, context_handle, NULL); + (void)krb5_gss_delete_sec_context(context, minor_status, + context_handle, NULL); *minor_status = KG_CONTEXT_ESTABLISHED; return(GSS_S_FAILURE); } - if (! krb5_principal_compare(ctx->there, (krb5_principal) target_name)) { - (void)krb5_gss_delete_sec_context(minor_status, context_handle, NULL); + if (! krb5_principal_compare(context, ctx->there, + (krb5_principal) target_name)) { + (void)krb5_gss_delete_sec_context(context, minor_status, + context_handle, NULL); *minor_status = 0; return(GSS_S_BAD_NAME); } @@ -366,7 +371,8 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle, /* verify the token and leave the AP_REP message in ap_rep */ if (input_token == GSS_C_NO_BUFFER) { - (void)krb5_gss_delete_sec_context(minor_status, context_handle, NULL); + (void)krb5_gss_delete_sec_context(context, minor_status, + context_handle, NULL); *minor_status = 0; return(GSS_S_DEFECTIVE_TOKEN); } @@ -383,8 +389,9 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle, TREAD_STR(ptr, ap_rep.data, ap_rep.length); /* decode the ap_rep */ - if (code = krb5_rd_rep(&ap_rep, ctx->subkey, &ap_rep_data)) { - (void)krb5_gss_delete_sec_context(minor_status, context_handle, NULL); + if (code = krb5_rd_rep(context, &ap_rep, ctx->subkey, &ap_rep_data)) { + (void)krb5_gss_delete_sec_context(context, minor_status, + context_handle, NULL); *minor_status = code; return(GSS_S_FAILURE); } @@ -393,7 +400,7 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle, ctx->seq_recv = ap_rep_data->seq_number; /* free the ap_rep_data */ - krb5_free_ap_rep_enc_part(ap_rep_data); + krb5_free_ap_rep_enc_part(context, ap_rep_data); /* set established */ ctx->established = 1; @@ -401,8 +408,9 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle, /* set returns */ if (time_rec) { - if (code = krb5_timeofday(&now)) { - (void)krb5_gss_delete_sec_context(minor_status, (gss_ctx_id_t) ctx, + if (code = krb5_timeofday(context, &now)) { + (void)krb5_gss_delete_sec_context(context, minor_status, + (gss_ctx_id_t) ctx, NULL); *minor_status = code; return(GSS_S_FAILURE); diff --git a/src/lib/gssapi/krb5/inquire_context.c b/src/lib/gssapi/krb5/inquire_context.c index aefea92de..3fd7abefa 100644 --- a/src/lib/gssapi/krb5/inquire_context.c +++ b/src/lib/gssapi/krb5/inquire_context.c @@ -23,9 +23,10 @@ #include "gssapiP_krb5.h" OM_uint32 -krb5_gss_inquire_context(minor_status, context_handle, initiator_name, +krb5_gss_inquire_context(context, minor_status, context_handle, initiator_name, acceptor_name, lifetime_rec, mech_type, ret_flags, locally_initiated) + krb5_context context; OM_uint32 *minor_status; gss_ctx_id_t context_handle; gss_name_t *initiator_name; @@ -62,7 +63,7 @@ krb5_gss_inquire_context(minor_status, context_handle, initiator_name, init = NULL; accept = NULL; - if (code = krb5_timeofday(&now)) { + if (code = krb5_timeofday(context, &now)) { *minor_status = code; return(GSS_S_FAILURE); } @@ -71,30 +72,32 @@ krb5_gss_inquire_context(minor_status, context_handle, initiator_name, lifetime = 0; if (initiator_name) { - if (code = krb5_copy_principal(ctx->initiate?ctx->here:ctx->there, + if (code = krb5_copy_principal(context, + ctx->initiate?ctx->here:ctx->there, &init)) { *minor_status = code; return(GSS_S_FAILURE); } if (! kg_save_name((gss_name_t) init)) { - krb5_free_principal(init); + krb5_free_principal(context, init); *minor_status = G_VALIDATE_FAILED; return(GSS_S_FAILURE); } } if (acceptor_name) { - if (code = krb5_copy_principal(ctx->initiate?ctx->there:ctx->here, + if (code = krb5_copy_principal(context, + ctx->initiate?ctx->there:ctx->here, &accept)) { - if (init) krb5_free_principal(init); + if (init) krb5_free_principal(context, init); *minor_status = code; return(GSS_S_FAILURE); } if (! kg_save_name((gss_name_t) accept)) { - krb5_free_principal(accept); + krb5_free_principal(context, accept); if (init) { kg_delete_name((gss_name_t) accept); - krb5_free_principal(init); + krb5_free_principal(context, init); } *minor_status = G_VALIDATE_FAILED; return(GSS_S_FAILURE); diff --git a/src/lib/gssapi/krb5/inquire_cred.c b/src/lib/gssapi/krb5/inquire_cred.c index ea8ed4b04..1101e14cb 100644 --- a/src/lib/gssapi/krb5/inquire_cred.c +++ b/src/lib/gssapi/krb5/inquire_cred.c @@ -23,8 +23,9 @@ #include "gssapiP_krb5.h" OM_uint32 -krb5_gss_inquire_cred(minor_status, cred_handle, name, lifetime_ret, +krb5_gss_inquire_cred(context, minor_status, cred_handle, name, lifetime_ret, cred_usage, mechanisms) + krb5_context context; OM_uint32 *minor_status; gss_cred_id_t cred_handle; gss_name_t *name; @@ -60,7 +61,7 @@ krb5_gss_inquire_cred(minor_status, cred_handle, name, lifetime_ret, cred = (krb5_gss_cred_id_t) cred_handle; - if (code = krb5_timeofday(&now)) { + if (code = krb5_timeofday(context, &now)) { *minor_status = code; return(GSS_S_FAILURE); } @@ -69,7 +70,7 @@ krb5_gss_inquire_cred(minor_status, cred_handle, name, lifetime_ret, lifetime = 0; if (name) { - if (code = krb5_copy_principal(cred->princ, &ret_name)) { + if (code = krb5_copy_principal(context, cred->princ, &ret_name)) { *minor_status = code; return(GSS_S_FAILURE); } @@ -77,7 +78,7 @@ krb5_gss_inquire_cred(minor_status, cred_handle, name, lifetime_ret, if (mechanisms) if (! g_copy_OID_set(gss_mech_set_krb5, &mechs)) { - krb5_free_principal(ret_name); + krb5_free_principal(context, ret_name); *minor_status = ENOMEM; return(GSS_S_FAILURE); } @@ -85,7 +86,7 @@ krb5_gss_inquire_cred(minor_status, cred_handle, name, lifetime_ret, if (name) { if (! kg_save_name((gss_name_t) ret_name)) { (void)gss_release_oid_set(minor_status, &mechs); - krb5_free_principal(ret_name); + krb5_free_principal(context, ret_name); *minor_status = G_VALIDATE_FAILED; return(GSS_S_FAILURE); } diff --git a/src/lib/gssapi/krb5/k5seal.c b/src/lib/gssapi/krb5/k5seal.c index d7f76bfd7..5cc622dad 100644 --- a/src/lib/gssapi/krb5/k5seal.c +++ b/src/lib/gssapi/krb5/k5seal.c @@ -25,8 +25,9 @@ #include static krb5_error_code -make_seal_token(enc_ed, seq_ed, seqnum, direction, text, token, +make_seal_token(context, enc_ed, seq_ed, seqnum, direction, text, token, encrypt, toktype, bigend) + krb5_context context; krb5_gss_enc_desc *enc_ed; krb5_gss_enc_desc *seq_ed; krb5_int32 *seqnum; @@ -145,7 +146,7 @@ make_seal_token(enc_ed, seq_ed, seqnum, direction, text, token, /* XXX this depends on the key being a single-des key, but that's all that kerberos supports right now */ - if (code = krb5_calculate_checksum(CKSUMTYPE_DESCBC, md5.digest, 16, + if (code = krb5_calculate_checksum(context, CKSUMTYPE_DESCBC, md5.digest, 16, seq_ed->key->contents, seq_ed->key->length, &desmac)) { @@ -217,7 +218,7 @@ kg_seal(minor_status, context_handle, conf_req_flag, qop_req, return(GSS_S_NO_CONTEXT); } - if (code = krb5_timeofday(&now)) { + if (code = krb5_timeofday(ctx->context, &now)) { *minor_status = code; return(GSS_S_FAILURE); } diff --git a/src/lib/gssapi/krb5/k5unseal.c b/src/lib/gssapi/krb5/k5unseal.c index 78d328d5a..ca0eca182 100644 --- a/src/lib/gssapi/krb5/k5unseal.c +++ b/src/lib/gssapi/krb5/k5unseal.c @@ -173,8 +173,8 @@ kg_unseal(minor_status, context_handle, input_token_buffer, message_buffer, /* XXX this depends on the key being a single-des key, but that's all that kerberos supports right now */ - if (code = krb5_calculate_checksum(CKSUMTYPE_DESCBC, md5.digest, 16, - ctx->seq.key->contents, + if (code = krb5_calculate_checksum(context, CKSUMTYPE_DESCBC, md5.digest, + 16, ctx->seq.key->contents, ctx->seq.key->length, &desmac)) { if (toktype == KG_TOK_SEAL_MSG) @@ -239,7 +239,7 @@ kg_unseal(minor_status, context_handle, input_token_buffer, message_buffer, if (qop_state) *qop_state = GSS_C_QOP_DEFAULT; - if (code = krb5_timeofday(&now)) { + if (code = krb5_timeofday(ctx->context, &now)) { *minor_status = code; return(GSS_S_FAILURE); } diff --git a/src/lib/gssapi/krb5/krb5_gss_glue.c b/src/lib/gssapi/krb5/krb5_gss_glue.c index ed31c9051..a1c0f7f6a 100644 --- a/src/lib/gssapi/krb5/krb5_gss_glue.c +++ b/src/lib/gssapi/krb5/krb5_gss_glue.c @@ -22,18 +22,12 @@ #include "gssapiP_krb5.h" +extern krb5_context kg_context; + OM_uint32 -gss_accept_sec_context(minor_status, - context_handle, - verifier_cred_handle, - input_token, - input_chan_bindings, - src_name, - mech_type, - output_token, - ret_flags, - time_rec, - delegated_cred_handle) +gss_accept_sec_context(minor_status, context_handle, verifier_cred_handle, + input_token, input_chan_bindings, src_name, mech_type, + output_token, ret_flags, time_rec, delegated_cred_handle) OM_uint32 *minor_status; gss_ctx_id_t *context_handle; gss_cred_id_t verifier_cred_handle; @@ -46,7 +40,17 @@ gss_accept_sec_context(minor_status, OM_uint32 *time_rec; gss_cred_id_t *delegated_cred_handle; { - return(krb5_gss_accept_sec_context(minor_status, + krb5_gss_ctx_id_t * ctx; + + /* validate the context handle */ + if (! kg_validate_ctx_id(context_handle)) { + *minor_status = G_VALIDATE_FAILED; + return(GSS_S_NO_CONTEXT); + } + + ctx = (krb5_gss_ctx_id_rec *) context_handle; + + return(krb5_gss_accept_sec_context(ctx->context, minor_status, context_handle, verifier_cred_handle, input_token, @@ -60,14 +64,8 @@ gss_accept_sec_context(minor_status, } OM_uint32 -gss_acquire_cred(minor_status, - desired_name, - time_req, - desired_mechs, - cred_usage, - output_cred_handle, - actual_mechs, - time_rec) +gss_acquire_cred(minor_status, desired_name, time_req, desired_mechs, + cred_usage, output_cred_handle, actual_mechs, time_rec) OM_uint32 *minor_status; gss_name_t desired_name; OM_uint32 time_req; @@ -77,7 +75,7 @@ gss_acquire_cred(minor_status, gss_OID_set *actual_mechs; OM_uint32 *time_rec; { - return(krb5_gss_acquire_cred(minor_status, + return(krb5_gss_acquire_cred(kg_context, minor_status, desired_name, time_req, desired_mechs, @@ -88,70 +86,70 @@ gss_acquire_cred(minor_status, } OM_uint32 -gss_compare_name(minor_status, - name1, - name2, - name_equal) +gss_compare_name(minor_status, name1, name2, name_equal) OM_uint32 *minor_status; gss_name_t name1; gss_name_t name2; int *name_equal; { - return(krb5_gss_compare_name(minor_status, - name1, - name2, - name_equal)); + return(krb5_gss_compare_name(kg_context, minor_status, name1, + name2, name_equal)); } OM_uint32 -gss_context_time(minor_status, - context_handle, - time_rec) +gss_context_time(minor_status, context_handle, time_rec) OM_uint32 *minor_status; gss_ctx_id_t context_handle; OM_uint32 *time_rec; { - return(krb5_gss_context_time(minor_status, - context_handle, + krb5_gss_ctx_id_t * ctx; + + /* validate the context handle */ + if (! kg_validate_ctx_id(context_handle)) { + *minor_status = G_VALIDATE_FAILED; + return(GSS_S_NO_CONTEXT); + } + + ctx = (krb5_gss_ctx_id_rec *) context_handle; + + return(krb5_gss_context_time(ctx->context, minor_status, context_handle, time_rec)); } OM_uint32 -gss_delete_sec_context(minor_status, - context_handle, - output_token) +gss_delete_sec_context(minor_status, context_handle, output_token) OM_uint32 *minor_status; gss_ctx_id_t *context_handle; gss_buffer_t output_token; { - return(krb5_gss_delete_sec_context(minor_status, - context_handle, - output_token)); + krb5_gss_ctx_id_t * ctx; + + /* validate the context handle */ + if (! kg_validate_ctx_id(context_handle)) { + *minor_status = G_VALIDATE_FAILED; + return(GSS_S_NO_CONTEXT); + } + + ctx = (krb5_gss_ctx_id_rec *) context_handle; + + return(krb5_gss_delete_sec_context(ctx->context, minor_status, + context_handle, output_token)); } OM_uint32 -gss_display_name(minor_status, - input_name, - output_name_buffer, - output_name_type) +gss_display_name(minor_status, input_name, output_name_buffer, output_name_type) OM_uint32 *minor_status; gss_name_t input_name; gss_buffer_t output_name_buffer; gss_OID *output_name_type; { - return(krb5_gss_display_name(minor_status, - input_name, - output_name_buffer, - output_name_type)); + return(krb5_gss_display_name(kg_context, minor_status, input_name, + output_name_buffer, output_name_type)); } OM_uint32 -gss_display_status(minor_status, - status_value, - status_type, - mech_type, - message_context, - status_string) +gss_display_status(minor_status, status_value, status_type, + mech_type, message_context, status_string) OM_uint32 *minor_status; OM_uint32 status_value; int status_type; @@ -159,28 +157,20 @@ gss_display_status(minor_status, int *message_context; gss_buffer_t status_string; { - return(krb5_gss_display_status(minor_status, - status_value, - status_type, - mech_type, - message_context, + return(krb5_gss_display_status(kg_context, minor_status, status_value, + status_type, mech_type, message_context, status_string)); } OM_uint32 -gss_import_name(minor_status, - input_name_buffer, - input_name_type, - output_name) +gss_import_name(minor_status, input_name_buffer, input_name_type, output_name) OM_uint32 *minor_status; gss_buffer_t input_name_buffer; const_gss_OID input_name_type; gss_name_t *output_name; { - return(krb5_gss_import_name(minor_status, - input_name_buffer, - input_name_type, - output_name)); + return(krb5_gss_import_name(kg_context, minor_status, input_name_buffer, + input_name_type, output_name)); } OM_uint32 @@ -188,24 +178,14 @@ gss_indicate_mechs(minor_status, mech_set) OM_uint32 *minor_status; gss_OID_set *mech_set; { - return(krb5_gss_indicate_mechs(minor_status, - mech_set)); + return(krb5_gss_indicate_mechs(kg_context, minor_status, mech_set)); } OM_uint32 -gss_init_sec_context(minor_status, - claimant_cred_handle, - context_handle, - target_name, - mech_type, - req_flags, - time_req, - input_chan_bindings, - input_token, - actual_mech_type, - output_token, - ret_flags, - time_rec) +gss_init_sec_context(minor_status, claimant_cred_handle, context_handle, + target_name, mech_type, req_flags, time_req, + input_chan_bindings, input_token, actual_mech_type, + output_token, ret_flags, time_rec) OM_uint32 *minor_status; gss_cred_id_t claimant_cred_handle; gss_ctx_id_t *context_handle; @@ -220,29 +200,17 @@ gss_init_sec_context(minor_status, int *ret_flags; OM_uint32 *time_rec; { - return(krb5_gss_init_sec_context(minor_status, - claimant_cred_handle, - context_handle, - target_name, - mech_type, - req_flags, - time_req, - input_chan_bindings, - input_token, - actual_mech_type, - output_token, - ret_flags, + return(krb5_gss_init_sec_context(kg_context, minor_status, + claimant_cred_handle, context_handle, + target_name, mech_type, req_flags, + time_req, input_chan_bindings, input_token, + actual_mech_type, output_token, ret_flags, time_rec)); } OM_uint32 -gss_inquire_context(minor_status, - context_handle, - initiator_name, - acceptor_name, - lifetime_rec, - mech_type, - ret_flags, +gss_inquire_context(minor_status, context_handle, initiator_name, acceptor_name, + lifetime_rec, mech_type, ret_flags, locally_initiated) OM_uint32 *minor_status; gss_ctx_id_t context_handle; @@ -253,23 +221,24 @@ gss_inquire_context(minor_status, int *ret_flags; int *locally_initiated; { - return(krb5_gss_inquire_context(minor_status, - context_handle, - initiator_name, - acceptor_name, - lifetime_rec, - mech_type, - ret_flags, - locally_initiated)); + krb5_gss_ctx_id_t * ctx; + + /* validate the context handle */ + if (! kg_validate_ctx_id(context_handle)) { + *minor_status = G_VALIDATE_FAILED; + return(GSS_S_NO_CONTEXT); + } + + ctx = (krb5_gss_ctx_id_rec *) context_handle; + + return(krb5_gss_inquire_context(ctx->context, minor_status, context_handle, + initiator_name, acceptor_name, lifetime_rec, + mech_type, ret_flags, locally_initiated)); } OM_uint32 -gss_inquire_cred(minor_status, - cred_handle, - name, - lifetime_ret, - cred_usage, - mechanisms) +gss_inquire_cred(minor_status, cred_handle, name, lifetime_ret, + cred_usage, mechanisms) OM_uint32 *minor_status; gss_cred_id_t cred_handle; gss_name_t *name; @@ -277,25 +246,28 @@ gss_inquire_cred(minor_status, int *cred_usage; gss_OID_set *mechanisms; { - return(krb5_gss_inquire_cred(minor_status, - cred_handle, - name, - lifetime_ret, - cred_usage, - mechanisms)); + return(krb5_gss_inquire_cred(kg_context, minor_status, cred_handle, + name, lifetime_ret, cred_usage, mechanisms)); } OM_uint32 -gss_process_context_token(minor_status, - context_handle, - token_buffer) +gss_process_context_token(minor_status, context_handle, token_buffer) OM_uint32 *minor_status; gss_ctx_id_t context_handle; gss_buffer_t token_buffer; { - return(krb5_gss_process_context_token(minor_status, - context_handle, - token_buffer)); + krb5_gss_ctx_id_t * ctx; + + /* validate the context handle */ + if (! kg_validate_ctx_id(context_handle)) { + *minor_status = G_VALIDATE_FAILED; + return(GSS_S_NO_CONTEXT); + } + + ctx = (krb5_gss_ctx_id_rec *) context_handle; + + return(krb5_gss_process_context_token(ctx->context, minor_status, + context_handle, token_buffer)); } OM_uint32 @@ -303,8 +275,7 @@ gss_release_cred(minor_status, cred_handle) OM_uint32 *minor_status; gss_cred_id_t *cred_handle; { - return(krb5_gss_release_cred(minor_status, - cred_handle)); + return(krb5_gss_release_cred(kg_context, minor_status, cred_handle)); } OM_uint32 @@ -312,8 +283,7 @@ gss_release_name(minor_status, input_name) OM_uint32 *minor_status; gss_name_t *input_name; { - return(krb5_gss_release_name(minor_status, - input_name)); + return(krb5_gss_release_name(kg_context, minor_status, input_name)); } OM_uint32 @@ -330,18 +300,12 @@ gss_release_oid_set(minor_status, set) OM_uint32* minor_status; gss_OID_set *set; { - return(generic_gss_release_oid_set(minor_status, - set)); + return(generic_gss_release_oid_set(minor_status, set)); } OM_uint32 -gss_seal(minor_status, - context_handle, - conf_req_flag, - qop_req, - input_message_buffer, - conf_state, - output_message_buffer) +gss_seal(minor_status, context_handle, conf_req_flag, qop_req, + input_message_buffer, conf_state, output_message_buffer) OM_uint32 *minor_status; gss_ctx_id_t context_handle; int conf_req_flag; @@ -350,41 +314,46 @@ gss_seal(minor_status, int *conf_state; gss_buffer_t output_message_buffer; { - return(krb5_gss_seal(minor_status, - context_handle, - conf_req_flag, - qop_req, - input_message_buffer, - conf_state, - output_message_buffer)); + krb5_gss_ctx_id_t * ctx; + + /* validate the context handle */ + if (! kg_validate_ctx_id(context_handle)) { + *minor_status = G_VALIDATE_FAILED; + return(GSS_S_NO_CONTEXT); + } + + ctx = (krb5_gss_ctx_id_rec *) context_handle; + + return(krb5_gss_seal(ctx->context, minor_status, context_handle, + conf_req_flag, qop_req, input_message_buffer, + conf_state, output_message_buffer)); } OM_uint32 -gss_sign(minor_status, - context_handle, - qop_req, - message_buffer, - message_token) +gss_sign(minor_status, context_handle, qop_req, message_buffer, message_token) OM_uint32 *minor_status; gss_ctx_id_t context_handle; int qop_req; gss_buffer_t message_buffer; gss_buffer_t message_token; { - return(krb5_gss_sign(minor_status, - context_handle, - qop_req, - message_buffer, - message_token)); + krb5_gss_ctx_id_t * ctx; + + /* validate the context handle */ + if (! kg_validate_ctx_id(context_handle)) { + *minor_status = G_VALIDATE_FAILED; + return(GSS_S_NO_CONTEXT); + } + + ctx = (krb5_gss_ctx_id_rec *) context_handle; + + return(krb5_gss_sign(ctx->context, minor_status, context_handle, + qop_req, message_buffer, message_token)); } OM_uint32 -gss_unseal(minor_status, - context_handle, - input_message_buffer, - output_message_buffer, - conf_state, - qop_state) +gss_unseal(minor_status, context_handle, input_message_buffer, + output_message_buffer, conf_state, qop_state) OM_uint32 *minor_status; gss_ctx_id_t context_handle; gss_buffer_t input_message_buffer; @@ -392,29 +361,40 @@ gss_unseal(minor_status, int *conf_state; int *qop_state; { - return(krb5_gss_unseal(minor_status, - context_handle, - input_message_buffer, - output_message_buffer, - conf_state, - qop_state)); + krb5_gss_ctx_id_t * ctx; + + /* validate the context handle */ + if (! kg_validate_ctx_id(context_handle)) { + *minor_status = G_VALIDATE_FAILED; + return(GSS_S_NO_CONTEXT); + } + + ctx = (krb5_gss_ctx_id_rec *) context_handle; + + return(krb5_gss_unseal(ctx->context, minor_status, context_handle, + input_message_buffer, output_message_buffer, + conf_state, qop_state)); } OM_uint32 -gss_verify(minor_status, - context_handle, - message_buffer, - token_buffer, - qop_state) +gss_verify(minor_status, context_handle, message_buffer, + token_buffer, qop_state) OM_uint32 *minor_status; gss_ctx_id_t context_handle; gss_buffer_t message_buffer; gss_buffer_t token_buffer; int *qop_state; { - return(krb5_gss_verify(minor_status, - context_handle, - message_buffer, - token_buffer, - qop_state)); + krb5_gss_ctx_id_t * ctx; + + /* validate the context handle */ + if (! kg_validate_ctx_id(context_handle)) { + *minor_status = G_VALIDATE_FAILED; + return(GSS_S_NO_CONTEXT); + } + + ctx = (krb5_gss_ctx_id_rec *) context_handle; + + return(krb5_gss_verify(ctx->context, minor_status, context_handle, + message_buffer, token_buffer, qop_state)); } diff --git a/src/lib/gssapi/krb5/process_context_token.c b/src/lib/gssapi/krb5/process_context_token.c index e5d142bc0..5a7a65215 100644 --- a/src/lib/gssapi/krb5/process_context_token.c +++ b/src/lib/gssapi/krb5/process_context_token.c @@ -23,7 +23,9 @@ #include "gssapiP_krb5.h" OM_uint32 -krb5_gss_process_context_token(minor_status, context_handle, token_buffer) +krb5_gss_process_context_token(context, minor_status, context_handle, + token_buffer) + krb5_context context; OM_uint32 *minor_status; gss_ctx_id_t context_handle; gss_buffer_t token_buffer; @@ -53,6 +55,6 @@ krb5_gss_process_context_token(minor_status, context_handle, token_buffer) /* that's it. delete the context */ - return(krb5_gss_delete_sec_context(minor_status, &context_handle, + return(krb5_gss_delete_sec_context(context, minor_status, &context_handle, GSS_C_NO_BUFFER)); } diff --git a/src/lib/gssapi/krb5/release_cred.c b/src/lib/gssapi/krb5/release_cred.c index 83ce7f101..21cfc5fba 100644 --- a/src/lib/gssapi/krb5/release_cred.c +++ b/src/lib/gssapi/krb5/release_cred.c @@ -23,7 +23,8 @@ #include "gssapiP_krb5.h" OM_uint32 -krb5_gss_release_cred(minor_status, cred_handle) +krb5_gss_release_cred(context, minor_status, cred_handle) + krb5_context context; OM_uint32 *minor_status; gss_cred_id_t *cred_handle; { @@ -41,17 +42,17 @@ krb5_gss_release_cred(minor_status, cred_handle) cred = *cred_handle; if (cred->ccache) - code1 = krb5_cc_close(cred->ccache); + code1 = krb5_cc_close(context, cred->ccache); else code1 = 0; if (cred->keytab) - code2 = krb5_kt_close(cred->keytab); + code2 = krb5_kt_close(context, cred->keytab); else code2 = 0; if (cred->princ) - krb5_free_principal(cred->princ); + krb5_free_principal(context, cred->princ); xfree(cred); *cred_handle = NULL; diff --git a/src/lib/gssapi/krb5/release_name.c b/src/lib/gssapi/krb5/release_name.c index 0371756ad..4756d08bd 100644 --- a/src/lib/gssapi/krb5/release_name.c +++ b/src/lib/gssapi/krb5/release_name.c @@ -23,7 +23,8 @@ #include "gssapiP_krb5.h" OM_uint32 -krb5_gss_release_name(minor_status, input_name) +krb5_gss_release_name(context, minor_status, input_name) + krb5_context context; OM_uint32 *minor_status; gss_name_t *input_name; { @@ -34,7 +35,7 @@ krb5_gss_release_name(minor_status, input_name) (void)kg_delete_name(*input_name); - krb5_free_principal((krb5_principal) *input_name); + krb5_free_principal(context, (krb5_principal) *input_name); *input_name = GSS_C_NO_NAME; diff --git a/src/lib/gssapi/krb5/seal.c b/src/lib/gssapi/krb5/seal.c index 691e9eea6..a0e06ebde 100644 --- a/src/lib/gssapi/krb5/seal.c +++ b/src/lib/gssapi/krb5/seal.c @@ -23,9 +23,10 @@ #include "gssapiP_krb5.h" OM_uint32 -krb5_gss_seal(minor_status, context_handle, conf_req_flag, - qop_req, input_message_buffer, conf_state, - output_message_buffer) +krb5_gss_seal(context, minor_status, context_handle, conf_req_flag, + qop_req, input_message_buffer, conf_state, + output_message_buffer) + krb5_context context; OM_uint32 *minor_status; gss_ctx_id_t context_handle; int conf_req_flag; diff --git a/src/lib/gssapi/krb5/sign.c b/src/lib/gssapi/krb5/sign.c index 7c139f18d..bafc0837d 100644 --- a/src/lib/gssapi/krb5/sign.c +++ b/src/lib/gssapi/krb5/sign.c @@ -23,9 +23,10 @@ #include "gssapiP_krb5.h" OM_uint32 -krb5_gss_sign(minor_status, context_handle, +krb5_gss_sign(context, minor_status, context_handle, qop_req, message_buffer, message_token) + krb5_context context; OM_uint32 *minor_status; gss_ctx_id_t context_handle; int qop_req; diff --git a/src/lib/gssapi/krb5/unseal.c b/src/lib/gssapi/krb5/unseal.c index a9c46c695..3449951af 100644 --- a/src/lib/gssapi/krb5/unseal.c +++ b/src/lib/gssapi/krb5/unseal.c @@ -23,9 +23,10 @@ #include "gssapiP_krb5.h" OM_uint32 -krb5_gss_unseal(minor_status, context_handle, +krb5_gss_unseal(context, minor_status, context_handle, input_message_buffer, output_message_buffer, conf_state, qop_state) + krb5_context context; OM_uint32 *minor_status; gss_ctx_id_t context_handle; gss_buffer_t input_message_buffer; diff --git a/src/lib/gssapi/krb5/util_cksum.c b/src/lib/gssapi/krb5/util_cksum.c index fab785ec3..691f6d754 100644 --- a/src/lib/gssapi/krb5/util_cksum.c +++ b/src/lib/gssapi/krb5/util_cksum.c @@ -23,7 +23,8 @@ #include "gssapiP_krb5.h" #include -krb5_error_code kg_checksum_channel_bindings(cb, cksum, bigend) +krb5_error_code +kg_checksum_channel_bindings(cb, cksum, bigend) gss_channel_bindings_t cb; krb5_checksum *cksum; int bigend; @@ -38,12 +39,12 @@ krb5_error_code kg_checksum_channel_bindings(cb, cksum, bigend) if (cb == GSS_C_NO_CHANNEL_BINDINGS) { /* allocate the cksum contents buffer */ if ((cksum->contents = (krb5_octet *) - xmalloc(krb5_checksum_size(CKSUMTYPE_RSA_MD5))) == NULL) + xmalloc(krb5_checksum_size(context, CKSUMTYPE_RSA_MD5))) == NULL) return(ENOMEM); cksum->checksum_type = CKSUMTYPE_RSA_MD5; memset(cksum->contents, '\0', - (cksum->length = krb5_checksum_size(CKSUMTYPE_RSA_MD5))); + (cksum->length = krb5_checksum_size(global_context, CKSUMTYPE_RSA_MD5))); return(0); } @@ -59,7 +60,7 @@ krb5_error_code kg_checksum_channel_bindings(cb, cksum, bigend) /* allocate the cksum contents buffer */ if ((cksum->contents = (krb5_octet *) - xmalloc(krb5_checksum_size(CKSUMTYPE_RSA_MD5))) == NULL) { + xmalloc(krb5_checksum_size(context, CKSUMTYPE_RSA_MD5))) == NULL) { free(buf); return(ENOMEM); } @@ -77,8 +78,8 @@ krb5_error_code kg_checksum_channel_bindings(cb, cksum, bigend) /* checksum the data */ - if (code = krb5_calculate_checksum(CKSUMTYPE_RSA_MD5, buf, len, - NULL, 0, cksum)) { + if (code = krb5_calculate_checksum(global_context, CKSUMTYPE_RSA_MD5, + buf, len, NULL, 0, cksum)) { xfree(cksum->contents); xfree(buf); return(code); diff --git a/src/lib/gssapi/krb5/util_crypt.c b/src/lib/gssapi/krb5/util_crypt.c index d58c3c56d..bee58ceee 100644 --- a/src/lib/gssapi/krb5/util_crypt.c +++ b/src/lib/gssapi/krb5/util_crypt.c @@ -25,6 +25,8 @@ static unsigned char zeros[8] = {0,0,0,0,0,0,0,0}; +extern krb5_context kg_context; + int kg_confounder_size(ed) krb5_gss_enc_desc *ed; { @@ -38,7 +40,8 @@ kg_make_confounder(ed, buf) krb5_gss_enc_desc *ed; unsigned char *buf; { - return(krb5_random_confounder(ed->eblock.crypto_entry->block_length, buf)); + return(krb5_random_confounder(kg_context, + ed->eblock.crypto_entry->block_length, buf)); } int kg_encrypt_size(ed, n) @@ -59,12 +62,13 @@ kg_encrypt(ed, iv, in, out, length) krb5_error_code code; if (! ed->processed) { - if (code = krb5_process_key(&ed->eblock, ed->key)) + if (code = krb5_process_key(kg_context, &ed->eblock, ed->key)) return(code); ed->processed = 1; } - if (code = krb5_encrypt(in, out, length, &ed->eblock, iv?iv:(krb5_pointer)zeros)) + if (code = krb5_encrypt(kg_context, in, out, length, &ed->eblock, + iv?iv:(krb5_pointer)zeros)) return(code); return(0); @@ -85,7 +89,7 @@ kg_decrypt(ed, iv, in, out, length) char *buf; if (! ed->processed) { - if (code = krb5_process_key(&ed->eblock, ed->key)) + if (code = krb5_process_key(kg_context, &ed->eblock, ed->key)) return(code); ed->processed = 1; } @@ -94,7 +98,8 @@ kg_decrypt(ed, iv, in, out, length) if ((buf = (char *) xmalloc(elen)) == NULL) return(ENOMEM); - if (code = krb5_decrypt(in, buf, elen, &ed->eblock, iv?iv:(krb5_pointer)zeros)) { + if (code = krb5_decrypt(kg_context, in, buf, elen, &ed->eblock, + iv?iv:(krb5_pointer)zeros)) { xfree(buf); return(code); } diff --git a/src/lib/gssapi/krb5/util_seed.c b/src/lib/gssapi/krb5/util_seed.c index 9586ff06d..cb7430179 100644 --- a/src/lib/gssapi/krb5/util_seed.c +++ b/src/lib/gssapi/krb5/util_seed.c @@ -25,6 +25,8 @@ static unsigned char zeros[16] = {0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0}; +extern krb5_context kg_context; + krb5_error_code kg_make_seed(key, seed) krb5_keyblock *key; @@ -34,7 +36,7 @@ kg_make_seed(key, seed) krb5_gss_enc_desc ed; int i; - if (code = krb5_copy_keyblock(key, &ed.key)) + if (code = krb5_copy_keyblock(kg_context, key, &ed.key)) return(code); /* reverse the key bytes, as per spec */ @@ -42,13 +44,13 @@ kg_make_seed(key, seed) for (i=0; ilength; i++) ed.key->contents[i] = key->contents[key->length - 1 - i]; - krb5_use_cstype(&ed.eblock, ETYPE_RAW_DES_CBC); + krb5_use_cstype(kg_context, &ed.eblock, ETYPE_RAW_DES_CBC); ed.processed = 0; code = kg_encrypt(&ed, NULL, zeros, seed, 16); - krb5_finish_key(&ed.eblock); - krb5_free_keyblock(ed.key); + krb5_finish_key(kg_context, &ed.eblock); + krb5_free_keyblock(kg_context, ed.key); return(code); } diff --git a/src/lib/gssapi/krb5/util_seqnum.c b/src/lib/gssapi/krb5/util_seqnum.c index 30877fa4f..47381f682 100644 --- a/src/lib/gssapi/krb5/util_seqnum.c +++ b/src/lib/gssapi/krb5/util_seqnum.c @@ -22,7 +22,8 @@ #include "gssapiP_krb5.h" -krb5_error_code kg_make_seq_num(ed, direction, seqnum, cksum, buf) +krb5_error_code +kg_make_seq_num(ed, direction, seqnum, cksum, buf) krb5_gss_enc_desc *ed; int direction; int seqnum; diff --git a/src/lib/gssapi/krb5/verify.c b/src/lib/gssapi/krb5/verify.c index c08ea25a2..398b1d771 100644 --- a/src/lib/gssapi/krb5/verify.c +++ b/src/lib/gssapi/krb5/verify.c @@ -23,9 +23,10 @@ #include "gssapiP_krb5.h" OM_uint32 -krb5_gss_verify(minor_status, context_handle, +krb5_gss_verify(context, minor_status, context_handle, message_buffer, token_buffer, qop_state) + krb5_context context; OM_uint32 *minor_status; gss_ctx_id_t context_handle; gss_buffer_t message_buffer; diff --git a/src/lib/kdb/ChangeLog b/src/lib/kdb/ChangeLog index 4b5cb2aa0..6bd53008b 100644 --- a/src/lib/kdb/ChangeLog +++ b/src/lib/kdb/ChangeLog @@ -1,3 +1,7 @@ +Fri Jan 13 15:23:47 1995 Chris Provenzano (proven@mit.edu) + + * Added krb5_context to all krb5_routines + Thu Nov 17 19:22:16 1994 Mark Eichin (eichin@cygnus.com) * kdb_dbm.c (krb5_dbm_db_unlock): Use krb5_lock_file. diff --git a/src/lib/kdb/decrypt_key.c b/src/lib/kdb/decrypt_key.c index a131bd66e..7f76d1d08 100644 --- a/src/lib/kdb/decrypt_key.c +++ b/src/lib/kdb/decrypt_key.c @@ -37,10 +37,11 @@ */ krb5_error_code -krb5_kdb_decrypt_key(eblock, in, out) -krb5_encrypt_block *eblock; -const krb5_encrypted_keyblock *in; -krb5_keyblock *out; +krb5_kdb_decrypt_key(context, eblock, in, out) + krb5_context context; + krb5_encrypt_block *eblock; + const krb5_encrypted_keyblock *in; + krb5_keyblock *out; { krb5_error_code retval; @@ -67,7 +68,8 @@ krb5_keyblock *out; /* remember the contents of the encrypted version has a 4 byte integer length of the real embedded key, followed by the encrypted key, so the offset here is needed */ - if (retval = krb5_decrypt((krb5_pointer) ((char *) in->contents + 4), + if (retval = krb5_decrypt(context, (krb5_pointer) ( + (char *) in->contents + 4), (krb5_pointer) out->contents, in->length-sizeof(in->length), eblock, 0)) { krb5_xfree(out->contents); diff --git a/src/lib/kdb/encrypt_key.c b/src/lib/kdb/encrypt_key.c index 91b456c6a..ebf8c17b9 100644 --- a/src/lib/kdb/encrypt_key.c +++ b/src/lib/kdb/encrypt_key.c @@ -36,10 +36,11 @@ */ krb5_error_code -krb5_kdb_encrypt_key(eblock, in, out) -krb5_encrypt_block *eblock; -const krb5_keyblock *in; -register krb5_encrypted_keyblock *out; +krb5_kdb_encrypt_key(context, eblock, in, out) + krb5_context context; + krb5_encrypt_block *eblock; + const krb5_keyblock *in; + register krb5_encrypted_keyblock *out; { /* Encrypted rep has the real (unencrypted) key length stored along with the encrypted key. The length is stored as a 4 @@ -77,7 +78,7 @@ register krb5_encrypted_keyblock *out; ((char *)out->contents)[2] = length >> 8; ((char *)out->contents)[3] = length; - retval = krb5_encrypt((krb5_pointer) tmpin.contents, + retval = krb5_encrypt(context, (krb5_pointer) tmpin.contents, (krb5_pointer) ((char *) out->contents + 4), tmpin.length, eblock, 0); krb5_xfree(tmpin.contents); diff --git a/src/lib/kdb/fetch_mkey.c b/src/lib/kdb/fetch_mkey.c index 3c9151a67..904d179ab 100644 --- a/src/lib/kdb/fetch_mkey.c +++ b/src/lib/kdb/fetch_mkey.c @@ -58,18 +58,14 @@ char *krb5_mkey_pwd_prompt2 = KRB5_KDC_MKEY_2; #endif krb5_error_code -krb5_db_fetch_mkey(DECLARG(krb5_principal, mname), - DECLARG(krb5_encrypt_block *, eblock), - DECLARG(krb5_boolean, fromkeyboard), - DECLARG(krb5_boolean, twice), - DECLARG(krb5_data *, salt), - DECLARG(krb5_keyblock *,key)) -OLDDECLARG(krb5_principal, mname) -OLDDECLARG(krb5_encrypt_block *, eblock) -OLDDECLARG(krb5_boolean, fromkeyboard) -OLDDECLARG(krb5_boolean, twice) -OLDDECLARG(krb5_data *, salt) -OLDDECLARG(krb5_keyblock *,key) +krb5_db_fetch_mkey(context, mname, eblock, fromkeyboard, twice, salt, key) + krb5_context context; + krb5_principal mname; + krb5_encrypt_block * eblock; + krb5_boolean fromkeyboard; + krb5_boolean twice; + krb5_data * salt; + krb5_keyblock * key; { krb5_error_code retval; char password[BUFSIZ]; @@ -80,7 +76,7 @@ OLDDECLARG(krb5_keyblock *,key) if (fromkeyboard) { krb5_data scratch; - if (retval = krb5_read_password(krb5_mkey_pwd_prompt1, + if (retval = krb5_read_password(context, krb5_mkey_pwd_prompt1, twice ? krb5_mkey_pwd_prompt2 : 0, password, &size)) @@ -89,11 +85,11 @@ OLDDECLARG(krb5_keyblock *,key) pwd.data = password; pwd.length = size; if (!salt) { - retval = krb5_principal2salt(mname, &scratch); + retval = krb5_principal2salt(context, mname, &scratch); if (retval) return retval; } - retval = krb5_string_to_key(eblock, key->keytype, key, &pwd, + retval = krb5_string_to_key(context, eblock, key->keytype, key, &pwd, salt ? salt : &scratch); if (!salt) krb5_xfree(scratch.data); @@ -104,7 +100,7 @@ OLDDECLARG(krb5_keyblock *,key) /* from somewhere else */ krb5_keytype keytype; char defkeyfile[MAXPATHLEN+1]; - krb5_data *realm = krb5_princ_realm(mname); + krb5_data *realm = krb5_princ_realm(context, mname); FILE *kf; retval = 0; diff --git a/src/lib/kdb/kdb_dbm.c b/src/lib/kdb/kdb_dbm.c index be6986e57..8092a3033 100644 --- a/src/lib/kdb/kdb_dbm.c +++ b/src/lib/kdb/kdb_dbm.c @@ -70,30 +70,50 @@ static DBM *current_db_ptr = 0; static krb5_boolean non_blocking = FALSE; -static char *gen_dbsuffix PROTOTYPE((char *, char * )); -static krb5_error_code krb5_dbm_db_start_update PROTOTYPE((char *, - time_t * )); -static krb5_error_code krb5_dbm_db_end_update PROTOTYPE((char *, - time_t )); -static krb5_error_code krb5_dbm_db_start_read PROTOTYPE((time_t * )); -static krb5_error_code krb5_dbm_db_end_read PROTOTYPE((time_t )); -static krb5_error_code encode_princ_dbmkey PROTOTYPE((datum *, - krb5_principal )); -static void free_encode_princ_dbmkey PROTOTYPE((datum * )); +static char *gen_dbsuffix + PROTOTYPE((char *, char * )); +static krb5_error_code krb5_dbm_db_start_update + PROTOTYPE((krb5_context, + char *, + time_t * )); +static krb5_error_code krb5_dbm_db_end_update + PROTOTYPE((krb5_context, + char *, + time_t )); +static krb5_error_code krb5_dbm_db_start_read + PROTOTYPE((krb5_context, + time_t * )); +static krb5_error_code krb5_dbm_db_end_read + PROTOTYPE((krb5_context, + time_t )); +static krb5_error_code encode_princ_dbmkey + PROTOTYPE((krb5_context, + datum *, + krb5_principal )); +static void free_encode_princ_dbmkey + PROTOTYPE((krb5_context, + datum * )); static krb5_error_code encode_princ_contents - PROTOTYPE((datum *, - krb5_db_entry * )); -static void free_encode_princ_contents PROTOTYPE((datum * )); + PROTOTYPE((krb5_context, + datum *, + krb5_db_entry * )); +static void free_encode_princ_contents + PROTOTYPE((datum * )); static krb5_error_code decode_princ_contents - PROTOTYPE((datum *, - krb5_db_entry * )); -static void free_decode_princ_contents PROTOTYPE((krb5_db_entry * )); + PROTOTYPE((krb5_context, + datum *, + krb5_db_entry * )); +static void free_decode_princ_contents + PROTOTYPE((krb5_context, + krb5_db_entry * )); #if 0 /* not used */ -static krb5_error_code decode_princ_dbmkey PROTOTYPE((datum *, - krb5_principal * )); -static void free_decode_princ_dbmkey PROTOTYPE((krb5_principal )); +static krb5_error_code decode_princ_dbmkey + PROTOTYPE((datum *, + krb5_principal * )); +static void free_decode_princ_dbmkey + PROTOTYPE((krb5_principal )); #endif /* @@ -178,7 +198,8 @@ char *sfx; */ krb5_error_code -krb5_dbm_db_init() +krb5_dbm_db_init(context) + krb5_context context; { char *filename = 0; @@ -215,7 +236,8 @@ err_out: * a krb5_dbm_db_init */ krb5_error_code -krb5_dbm_db_fini() +krb5_dbm_db_fini(context) + krb5_context context; { krb5_error_code retval; @@ -247,7 +269,8 @@ krb5_dbm_db_fini() * Open the database for update. */ krb5_error_code -krb5_dbm_db_open_database() +krb5_dbm_db_open_database(context) + krb5_context context; { if (!inited) return KRB5_KDB_DBNOTINITED; @@ -257,17 +280,18 @@ krb5_dbm_db_open_database() /* It is safe to ignore errors here because all function which write to the database try again to lock. */ - (void) krb5_dbm_db_lock(KRB5_DBM_EXCLUSIVE); + (void) krb5_dbm_db_lock(context, KRB5_DBM_EXCLUSIVE); return 0; } krb5_error_code -krb5_dbm_db_close_database() +krb5_dbm_db_close_database(context) + krb5_context context; { dbm_close(current_db_ptr); current_db_ptr = 0; - (void) krb5_dbm_db_unlock(); + (void) krb5_dbm_db_unlock(context); return 0; } @@ -279,8 +303,9 @@ krb5_dbm_db_close_database() */ krb5_error_code -krb5_dbm_db_set_name(name) -char *name; +krb5_dbm_db_set_name(context, name) + krb5_context context; + char *name; { DBM *db; @@ -301,9 +326,10 @@ char *name; */ krb5_error_code -krb5_dbm_db_get_age(db_name, age) -char *db_name; -time_t *age; +krb5_dbm_db_get_age(context, db_name, age) + krb5_context context; + char *db_name; + time_t *age; { struct stat st; char *okname; @@ -334,9 +360,10 @@ time_t *age; */ static krb5_error_code -krb5_dbm_db_start_update(db_name, age) -char *db_name; -time_t *age; +krb5_dbm_db_start_update(context, db_name, age) + krb5_context context; + char *db_name; + time_t *age; { char *okname; krb5_error_code retval; @@ -345,7 +372,7 @@ time_t *age; if (!okname) return ENOMEM; - retval = krb5_dbm_db_get_age(db_name, age); + retval = krb5_dbm_db_get_age(context, db_name, age); if (!retval && unlink(okname) < 0) { if (errno != ENOENT) retval = errno; @@ -355,9 +382,10 @@ time_t *age; } static krb5_error_code -krb5_dbm_db_end_update(db_name, age) -char *db_name; -time_t age; +krb5_dbm_db_end_update(context, db_name, age) + krb5_context context; + char *db_name; + time_t age; { int fd; krb5_error_code retval = 0; @@ -408,26 +436,28 @@ time_t age; /* Database readers call start_read(), do the reading, and then call end_read() with the value from start_read(). - If the value of krb5_dbm_db_get_age(NULL, age) changes while this is - going on, - then the reader has encountered a modified database and should retry. + If the value of krb5_dbm_db_get_age(context, NULL, age) changes while + this is going on, then the reader has encountered a modified database + and should retry. */ static krb5_error_code -krb5_dbm_db_start_read(age) -time_t *age; +krb5_dbm_db_start_read(context, age) + krb5_context context; + time_t *age; { - return (krb5_dbm_db_get_age(NULL, age)); + return (krb5_dbm_db_get_age(context, NULL, age)); } static krb5_error_code -krb5_dbm_db_end_read(age) -time_t age; +krb5_dbm_db_end_read(context, age) + krb5_context context; + time_t age; { time_t age2; krb5_error_code retval; - if (retval = krb5_dbm_db_get_age(NULL, &age2)) + if (retval = krb5_dbm_db_get_age(context, NULL, &age2)) return retval; if (age2 != age || age == -1) { return KRB5_KDB_DB_CHANGED; @@ -437,14 +467,15 @@ time_t age; static krb5_error_code -encode_princ_dbmkey(key, principal) -datum *key; -krb5_principal principal; +encode_princ_dbmkey(context, key, principal) + krb5_context context; + datum *key; + krb5_principal principal; { char *princ_name; krb5_error_code retval; - if (retval = krb5_unparse_name(principal, &princ_name)) + if (retval = krb5_unparse_name(context, principal, &princ_name)) return(retval); key->dptr = princ_name; key->dsize = strlen(princ_name)+1; /* need to store the NULL for @@ -453,8 +484,9 @@ krb5_principal principal; } static void -free_encode_princ_dbmkey(key) -datum *key; +free_encode_princ_dbmkey(context, key) + krb5_context context; + datum *key; { (void) free(key->dptr); key->dptr = 0; @@ -465,26 +497,28 @@ datum *key; #if 0 /* these aren't used, but if they ever should be... */ static krb5_error_code -decode_princ_dbmkey(key, principal) -datum *key; -krb5_principal *principal; +decode_princ_dbmkey(context, key, principal) + datum *key; + krb5_principal *principal; { - return(krb5_parse_name(key->dptr, principal)); + return(krb5_parse_name(context, key->dptr, principal)); } static void -free_decode_princ_dbmkey(principal) -krb5_principal principal; +free_decode_princ_dbmkey(context, principal) + krb5_context context; + krb5_principal principal; { - krb5_free_principal(principal); + krb5_free_principal(context, principal); return; } #endif static krb5_error_code -encode_princ_contents(contents, entry) -register datum *contents; -krb5_db_entry *entry; +encode_princ_contents(context, contents, entry) + krb5_context context; + register datum *contents; + krb5_db_entry *entry; { krb5_db_entry copy_princ; char *unparse_princ, *unparse_mod_princ; @@ -508,9 +542,9 @@ krb5_db_entry *entry; if (!entry->alt_salt) copy_princ.alt_salt_length = 0; - if (retval = krb5_unparse_name(entry->principal, &unparse_princ)) + if (retval = krb5_unparse_name(context, entry->principal, &unparse_princ)) return(retval); - if (retval = krb5_unparse_name(entry->mod_name, &unparse_mod_princ)) { + if (retval = krb5_unparse_name(context, entry->mod_name, &unparse_mod_princ)) { free(unparse_princ); return(retval); } @@ -569,7 +603,7 @@ krb5_db_entry *entry; static void free_encode_princ_contents(contents) -datum *contents; + datum *contents; { free(contents->dptr); contents->dsize = 0; @@ -578,9 +612,10 @@ datum *contents; } static krb5_error_code -decode_princ_contents(contents, entry) -datum *contents; -krb5_db_entry *entry; +decode_princ_contents(context, contents, entry) + krb5_context context; + datum *contents; + krb5_db_entry *entry; { register char *nextloc; krb5_principal princ, mod_princ; @@ -686,7 +721,7 @@ resume_processing: retval = KRB5_KDB_TRUNCATED_RECORD; goto error_out; } - retval = krb5_parse_name(nextloc, &princ); + retval = krb5_parse_name(context, nextloc, &princ); if (retval) goto error_out; entry->principal = princ; @@ -712,7 +747,7 @@ resume_processing: retval = KRB5_KDB_TRUNCATED_RECORD; goto error_out; } - retval = krb5_parse_name(nextloc, &mod_princ); + retval = krb5_parse_name(context, nextloc, &mod_princ); if (retval) goto error_out; entry->mod_name = mod_princ; @@ -794,13 +829,14 @@ resume_processing: return 0; error_out: - free_decode_princ_contents(entry); + free_decode_princ_contents(context, entry); return retval; } static void -free_decode_princ_contents(entry) -krb5_db_entry *entry; +free_decode_princ_contents(context, entry) + krb5_context context; + krb5_db_entry *entry; { /* erase the key */ if (entry->key.contents) { @@ -818,16 +854,17 @@ krb5_db_entry *entry; krb5_xfree(entry->alt_salt); if (entry->principal) - krb5_free_principal(entry->principal); + krb5_free_principal(context, entry->principal); if (entry->mod_name) - krb5_free_principal(entry->mod_name); + krb5_free_principal(context, entry->mod_name); (void) memset((char *)entry, 0, sizeof(*entry)); return; } krb5_error_code -krb5_dbm_db_lock(mode) -int mode; +krb5_dbm_db_lock(context, mode) + krb5_context context; + int mode; { int krb5_lock_mode; int error; @@ -849,7 +886,7 @@ int mode; if (non_blocking) krb5_lock_mode |= KRB5_LOCKMODE_DONTBLOCK; - error = krb5_lock_file(dblfp, dblfname, krb5_lock_mode); + error = krb5_lock_file(context, dblfp, dblfname, krb5_lock_mode); if (error == EBADF && mode == KRB5_DBM_EXCLUSIVE) return KRB5_KDB_CANTLOCK_DB; @@ -860,13 +897,14 @@ int mode; } krb5_error_code -krb5_dbm_db_unlock() +krb5_dbm_db_unlock(context) + krb5_context context; { if (!mylock) /* lock already unlocked */ return KRB5_KDB_NOTLOCKED; if (--mylock == 0) { - return krb5_lock_file(dblfp, dblfname, KRB5_LOCKMODE_UNLOCK); + return krb5_lock_file(context, dblfp, dblfname, KRB5_LOCKMODE_UNLOCK); } return 0; } @@ -876,8 +914,9 @@ krb5_dbm_db_unlock() */ krb5_error_code -krb5_dbm_db_create(db_name) -char *db_name; +krb5_dbm_db_create(context, db_name) + krb5_context context; + char *db_name; { char *okname; int fd; @@ -992,7 +1031,8 @@ destroy_file_suffix(dbname, suffix) } krb5_error_code -krb5_dbm_db_destroy(dbname) +krb5_dbm_db_destroy(context, dbname) + krb5_context context; char *dbname; { krb5_error_code retval; @@ -1015,7 +1055,8 @@ krb5_dbm_db_destroy(dbname) */ krb5_error_code -krb5_dbm_db_rename(from, to) +krb5_dbm_db_rename(context, from, to) + krb5_context context; char *from; char *to; { @@ -1051,7 +1092,7 @@ krb5_dbm_db_rename(from, to) goto errout; } - if (retval = krb5_dbm_db_start_update(to, &trans)) + if (retval = krb5_dbm_db_start_update(context, to, &trans)) goto errout; if ((rename (fromdir, todir) == 0) @@ -1074,7 +1115,7 @@ errout: free_dbsuffix (fromdir); if (retval == 0) - return krb5_dbm_db_end_update(to, trans); + return krb5_dbm_db_end_update(context, to, trans); else return retval; } @@ -1086,7 +1127,8 @@ errout: */ krb5_error_code -krb5_dbm_db_get_principal(searchfor, entries, nentries, more) +krb5_dbm_db_get_principal(context, searchfor, entries, nentries, more) + krb5_context context; krb5_principal searchfor; krb5_db_entry *entries; /* filled in */ int *nentries; /* how much room/how many found */ @@ -1103,10 +1145,10 @@ krb5_boolean *more; /* are there more? */ return KRB5_KDB_DBNOTINITED; for (try = 0; try < KRB5_DBM_MAX_RETRY; try++) { - if (retval = krb5_dbm_db_start_read(&transaction)) + if (retval = krb5_dbm_db_start_read(context, &transaction)) return(retval); - if (retval = krb5_dbm_db_lock(KRB5_DBM_SHARED)) + if (retval = krb5_dbm_db_lock(context, KRB5_DBM_SHARED)) return(retval); if (current_db_ptr) @@ -1115,7 +1157,7 @@ krb5_boolean *more; /* are there more? */ db = dbm_open(current_db_name, O_RDONLY, 0600); if (db == NULL) { retval = errno; - (void) krb5_dbm_db_unlock(); + (void) krb5_dbm_db_unlock(context); return retval; } } @@ -1123,22 +1165,22 @@ krb5_boolean *more; /* are there more? */ *more = FALSE; /* XXX deal with wildcard lookups */ - if (retval = encode_princ_dbmkey(&key, searchfor)) + if (retval = encode_princ_dbmkey(context, &key, searchfor)) goto cleanup; contents = dbm_fetch(db, key); - free_encode_princ_dbmkey(&key); + free_encode_princ_dbmkey(context, &key); if (contents.dptr == NULL) found = 0; - else if (retval = decode_princ_contents(&contents, entries)) + else if (retval = decode_princ_contents(context, &contents, entries)) goto cleanup; else found = 1; if (current_db_ptr == 0) (void) dbm_close(db); - (void) krb5_dbm_db_unlock(); /* unlock read lock */ - if (krb5_dbm_db_end_read(transaction) == 0) + (void) krb5_dbm_db_unlock(context); /* unlock read lock */ + if (krb5_dbm_db_end_read(context, transaction) == 0) break; found = -1; if (!non_blocking) @@ -1154,7 +1196,7 @@ krb5_boolean *more; /* are there more? */ cleanup: if (current_db_ptr == 0) (void) dbm_close(db); - (void) krb5_dbm_db_unlock(); /* unlock read lock */ + (void) krb5_dbm_db_unlock(context); /* unlock read lock */ return retval; } @@ -1162,13 +1204,14 @@ krb5_boolean *more; /* are there more? */ Free stuff returned by krb5_dbm_db_get_principal. */ void -krb5_dbm_db_free_principal(entries, nentries) -krb5_db_entry *entries; -int nentries; +krb5_dbm_db_free_principal(context, entries, nentries) + krb5_context context; + krb5_db_entry *entries; + int nentries; { register int i; for (i = 0; i < nentries; i++) - free_decode_princ_contents(&entries[i]); + free_decode_princ_contents(context, &entries[i]); return; } @@ -1183,9 +1226,10 @@ int nentries; */ krb5_error_code -krb5_dbm_db_put_principal(entries, nentries) -krb5_db_entry *entries; -register int *nentries; /* number of entry structs to +krb5_dbm_db_put_principal(context, entries, nentries) + krb5_context context; + krb5_db_entry *entries; + register int *nentries; /* number of entry structs to * update */ { @@ -1199,7 +1243,7 @@ register int *nentries; /* number of entry structs to if (!inited) errout(KRB5_KDB_DBNOTINITED); - if (retval = krb5_dbm_db_lock(KRB5_DBM_EXCLUSIVE)) + if (retval = krb5_dbm_db_lock(context, KRB5_DBM_EXCLUSIVE)) errout(retval); if (current_db_ptr) @@ -1208,7 +1252,7 @@ register int *nentries; /* number of entry structs to db = dbm_open(current_db_name, O_RDWR, 0600); if (db == NULL) { retval = errno; - (void) krb5_dbm_db_unlock(); + (void) krb5_dbm_db_unlock(context); *nentries = 0; return retval; } @@ -1218,10 +1262,10 @@ register int *nentries; /* number of entry structs to /* for each one, stuff temps, and do replace/append */ for (i = 0; i < *nentries; i++) { - if (retval = encode_princ_contents(&contents, entries)) + if (retval = encode_princ_contents(context, &contents, entries)) break; - if (retval = encode_princ_dbmkey(&key, entries->principal)) { + if (retval = encode_princ_dbmkey(context, &key, entries->principal)) { free_encode_princ_contents(&contents); break; } @@ -1230,7 +1274,7 @@ register int *nentries; /* number of entry structs to else retval = 0; free_encode_princ_contents(&contents); - free_encode_princ_dbmkey(&key); + free_encode_princ_dbmkey(context, &key); if (retval) break; entries++; /* bump to next struct */ @@ -1238,7 +1282,7 @@ register int *nentries; /* number of entry structs to if (current_db_ptr == 0) (void) dbm_close(db); - (void) krb5_dbm_db_unlock(); /* unlock database */ + (void) krb5_dbm_db_unlock(context); /* unlock database */ *nentries = i; return (retval); } @@ -1249,7 +1293,8 @@ register int *nentries; /* number of entry structs to */ krb5_error_code -krb5_dbm_db_delete_principal(searchfor, nentries) +krb5_dbm_db_delete_principal(context, searchfor, nentries) + krb5_context context; krb5_principal searchfor; int *nentries; /* how many found & deleted */ { @@ -1262,7 +1307,7 @@ int *nentries; /* how many found & deleted */ if (!inited) return KRB5_KDB_DBNOTINITED; - if (retval = krb5_dbm_db_lock(KRB5_DBM_EXCLUSIVE)) + if (retval = krb5_dbm_db_lock(context, KRB5_DBM_EXCLUSIVE)) return(retval); if (current_db_ptr) @@ -1271,12 +1316,12 @@ int *nentries; /* how many found & deleted */ db = dbm_open(current_db_name, O_RDWR, 0600); if (db == NULL) { retval = errno; - (void) krb5_dbm_db_unlock(); + (void) krb5_dbm_db_unlock(context); return retval; } } - if (retval = encode_princ_dbmkey(&key, searchfor)) + if (retval = encode_princ_dbmkey(context, &key, searchfor)) goto cleanup; contents = dbm_fetch(db, key); @@ -1284,11 +1329,11 @@ int *nentries; /* how many found & deleted */ found = 0; retval = KRB5_KDB_NOENTRY; } else { - if (retval = decode_princ_contents(&contents, &entry)) + if (retval = decode_princ_contents(context, &contents, &entry)) goto cleankey; found = 1; memset((char *)entry.key.contents, 0, entry.key.length); - if (retval = encode_princ_contents(&contents2, &entry)) + if (retval = encode_princ_contents(context, &contents2, &entry)) goto cleancontents; if (dbm_store(db, key, contents2, DBM_REPLACE)) @@ -1301,23 +1346,24 @@ int *nentries; /* how many found & deleted */ } free_encode_princ_contents(&contents2); cleancontents: - free_decode_princ_contents(&entry); + free_decode_princ_contents(context, &entry); cleankey: - free_encode_princ_dbmkey(&key); + free_encode_princ_dbmkey(context, &key); } cleanup: if (current_db_ptr == 0) (void) dbm_close(db); - (void) krb5_dbm_db_unlock(); /* unlock write lock */ + (void) krb5_dbm_db_unlock(context); /* unlock write lock */ *nentries = found; return retval; } krb5_error_code -krb5_dbm_db_iterate (func, func_arg) -krb5_error_code (*func) PROTOTYPE((krb5_pointer, krb5_db_entry *)); -krb5_pointer func_arg; +krb5_dbm_db_iterate (context, func, func_arg) + krb5_context context; + krb5_error_code (*func) PROTOTYPE((krb5_pointer, krb5_db_entry *)); + krb5_pointer func_arg; { datum key, contents; krb5_db_entry entries; @@ -1327,7 +1373,7 @@ krb5_pointer func_arg; if (!inited) return KRB5_KDB_DBNOTINITED; - if (retval = krb5_dbm_db_lock(KRB5_DBM_SHARED)) + if (retval = krb5_dbm_db_lock(context, KRB5_DBM_SHARED)) return retval; if (current_db_ptr) @@ -1336,29 +1382,30 @@ krb5_pointer func_arg; db = dbm_open(current_db_name, O_RDONLY, 0600); if (db == NULL) { retval = errno; - (void) krb5_dbm_db_unlock(); + (void) krb5_dbm_db_unlock(context); return retval; } } for (key = dbm_firstkey (db); key.dptr != NULL; key = dbm_next(db, key)) { contents = dbm_fetch (db, key); - if (retval = decode_princ_contents(&contents, &entries)) + if (retval = decode_princ_contents(context, &contents, &entries)) break; retval = (*func)(func_arg, &entries); - free_decode_princ_contents(&entries); + free_decode_princ_contents(context, &entries); if (retval) break; } if (current_db_ptr == 0) (void) dbm_close(db); - (void) krb5_dbm_db_unlock(); + (void) krb5_dbm_db_unlock(context); return retval; } krb5_boolean -krb5_dbm_db_set_lockmode(DECLARG(krb5_boolean,mode)) -OLDDECLARG(krb5_boolean,mode) +krb5_dbm_db_set_lockmode(context, mode) + krb5_context context; + krb5_boolean mode; { krb5_boolean old = non_blocking; non_blocking = mode; diff --git a/src/lib/kdb/setup_mkey.c b/src/lib/kdb/setup_mkey.c index 09c7c50e2..bd619a57d 100644 --- a/src/lib/kdb/setup_mkey.c +++ b/src/lib/kdb/setup_mkey.c @@ -39,11 +39,12 @@ #define REALM_SEP_STRING "@" krb5_error_code -krb5_db_setup_mkey_name(keyname, realm, fullname, principal) -const char *keyname; -const char *realm; -char **fullname; -krb5_principal *principal; +krb5_db_setup_mkey_name(context, keyname, realm, fullname, principal) + krb5_context context; + const char *keyname; + const char *realm; + char **fullname; + krb5_principal *principal; { krb5_error_code retval; int keylen; @@ -63,7 +64,7 @@ krb5_principal *principal; strcat(fname, REALM_SEP_STRING); strcat(fname, realm); - if (retval = krb5_parse_name(fname, principal)) + if (retval = krb5_parse_name(context, fname, principal)) return retval; if (fullname) *fullname = fname; diff --git a/src/lib/kdb/store_mkey.c b/src/lib/kdb/store_mkey.c index a34afa64f..a6201db1f 100644 --- a/src/lib/kdb/store_mkey.c +++ b/src/lib/kdb/store_mkey.c @@ -50,15 +50,16 @@ #endif krb5_error_code -krb5_db_store_mkey(keyfile, mname, key) -char *keyfile; -krb5_principal mname; -krb5_keyblock *key; +krb5_db_store_mkey(context, keyfile, mname, key) + krb5_context context; + char *keyfile; + krb5_principal mname; + krb5_keyblock *key; { FILE *kf; krb5_error_code retval = 0; char defkeyfile[MAXPATHLEN+1]; - krb5_data *realm = krb5_princ_realm(mname); + krb5_data *realm = krb5_princ_realm(context, mname); #if defined(unix) || defined(__unix__) int oumask; #endif diff --git a/src/lib/kdb/verify_mky.c b/src/lib/kdb/verify_mky.c index a9457f08f..3d90fc3e4 100644 --- a/src/lib/kdb/verify_mky.c +++ b/src/lib/kdb/verify_mky.c @@ -37,10 +37,11 @@ */ krb5_error_code -krb5_db_verify_master_key(mprinc, mkey, eblock) -krb5_principal mprinc; -krb5_keyblock *mkey; -krb5_encrypt_block *eblock; +krb5_db_verify_master_key(context, mprinc, mkey, eblock) + krb5_context context; + krb5_principal mprinc; + krb5_keyblock *mkey; + krb5_encrypt_block *eblock; { krb5_error_code retval; krb5_db_entry master_entry; @@ -49,38 +50,38 @@ krb5_encrypt_block *eblock; krb5_keyblock tempkey; nprinc = 1; - if (retval = krb5_db_get_principal(mprinc, &master_entry, &nprinc, &more)) + if (retval = krb5_db_get_principal(context, mprinc, &master_entry, &nprinc, &more)) return(retval); if (nprinc != 1) { if (nprinc) - krb5_db_free_principal(&master_entry, nprinc); + krb5_db_free_principal(context, &master_entry, nprinc); return(KRB5_KDB_NOMASTERKEY); } else if (more) { - krb5_db_free_principal(&master_entry, nprinc); + krb5_db_free_principal(context, &master_entry, nprinc); return(KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE); } /* do any necessary key pre-processing */ - if (retval = krb5_process_key(eblock, mkey)) { - krb5_db_free_principal(&master_entry, nprinc); + if (retval = krb5_process_key(context, eblock, mkey)) { + krb5_db_free_principal(context, &master_entry, nprinc); return(retval); } - if (retval = krb5_kdb_decrypt_key(eblock, &master_entry.key, &tempkey)) { - (void) krb5_finish_key(eblock); - krb5_db_free_principal(&master_entry, nprinc); + if (retval = krb5_kdb_decrypt_key(context, eblock, &master_entry.key, &tempkey)) { + (void) krb5_finish_key(context, eblock); + krb5_db_free_principal(context, &master_entry, nprinc); return retval; } if (mkey->length != tempkey.length || memcmp((char *)mkey->contents, (char *)tempkey.contents,mkey->length)) { retval = KRB5_KDB_BADMASTERKEY; - (void) krb5_finish_key(eblock); + (void) krb5_finish_key(context, eblock); } else - retval = krb5_finish_key(eblock); + retval = krb5_finish_key(context, eblock); memset((char *)tempkey.contents, 0, tempkey.length); krb5_xfree(tempkey.contents); - krb5_db_free_principal(&master_entry, nprinc); + krb5_db_free_principal(context, &master_entry, nprinc); return retval; }