From: Greg Hudson Date: Wed, 12 Oct 2011 16:34:07 +0000 (+0000) Subject: Make krb5_pac_sign public X-Git-Tag: krb5-1.10-alpha1~50 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=ba2aac09eeb8bceeedb4f08460ff2926ad9b54f4;p=krb5.git Make krb5_pac_sign public krb5int_pac_sign was created as a private API because it is only needed by the KDC. But it is actually used by DAL or authdata plugin modules, not the core KDC code. Since plugin modules should not need to consume internal libkrb5 functions, rename krb5int_pac_sign to krb5_pac_sign and make it public. ticket: 6974 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25325 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/include/k5-int.h b/src/include/k5-int.h index 1682a345b..d2498a82c 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -2785,15 +2785,6 @@ k5alloc(size_t len, krb5_error_code *code) return ptr; } -krb5_error_code KRB5_CALLCONV -krb5int_pac_sign(krb5_context context, - krb5_pac pac, - krb5_timestamp authtime, - krb5_const_principal principal, - const krb5_keyblock *server_key, - const krb5_keyblock *privsvr_key, - krb5_data *data); - krb5_error_code KRB5_CALLCONV krb5_get_credentials_for_user(krb5_context context, krb5_flags options, krb5_ccache ccache, diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin index 3d9dbbfb7..33279774b 100644 --- a/src/include/krb5/krb5.hin +++ b/src/include/krb5/krb5.hin @@ -7494,6 +7494,27 @@ krb5_pac_verify(krb5_context context, const krb5_pac pac, krb5_timestamp authtime, krb5_const_principal principal, const krb5_keyblock *server, const krb5_keyblock *privsvr); +/** + * Sign a PAC. + * + * @param [in] context Library context + * @param [in] pac PAC handle + * @param [in] authtime Expected timestamp + * @param [in] principal Expected principal name (or NULL) + * @param [in] server Key for server checksum + * @param [in] privsvr Key for KDC checksum + * @param [out] data Signed PAC encoding + * + * This function signs @a pac using the keys @a server and @a privsvr and + * returns the signed encoding in @a data. @a pac is modified to include the + * server and KDC checksum buffers. Use krb5_free_data_contents() to free @a + * data when it is no longer needed. + */ +krb5_error_code KRB5_CALLCONV +krb5_pac_sign(krb5_context context, krb5_pac pac, krb5_timestamp authtime, + krb5_const_principal principal, const krb5_keyblock *server_key, + const krb5_keyblock *privsvr_key, krb5_data *data); + /** * Allow the appplication to override the profile's allow_weak_crypto setting. * diff --git a/src/lib/krb5/krb/pac_sign.c b/src/lib/krb5/krb/pac_sign.c index ae11a0c02..26b1f133e 100644 --- a/src/lib/krb5/krb/pac_sign.c +++ b/src/lib/krb5/krb/pac_sign.c @@ -180,13 +180,9 @@ k5_pac_encode_header(krb5_context context, krb5_pac pac) } krb5_error_code KRB5_CALLCONV -krb5int_pac_sign(krb5_context context, - krb5_pac pac, - krb5_timestamp authtime, - krb5_const_principal principal, - const krb5_keyblock *server_key, - const krb5_keyblock *privsvr_key, - krb5_data *data) +krb5_pac_sign(krb5_context context, krb5_pac pac, krb5_timestamp authtime, + krb5_const_principal principal, const krb5_keyblock *server_key, + const krb5_keyblock *privsvr_key, krb5_data *data) { krb5_error_code ret; krb5_data server_cksum, privsvr_cksum; diff --git a/src/lib/krb5/krb/t_pac.c b/src/lib/krb5/krb/t_pac.c index 9e96b692e..61fb51a98 100644 --- a/src/lib/krb5/krb/t_pac.c +++ b/src/lib/krb5/krb/t_pac.c @@ -149,10 +149,10 @@ main(int argc, char **argv) if (ret) err(context, ret, "krb5_pac_verify"); - ret = krb5int_pac_sign(context, pac, authtime, p, - &member_keyblock, &kdc_keyblock, &data); + ret = krb5_pac_sign(context, pac, authtime, p, + &member_keyblock, &kdc_keyblock, &data); if (ret) - err(context, ret, "krb5int_pac_sign"); + err(context, ret, "krb5_pac_sign"); krb5_pac_free(context, pac); @@ -204,10 +204,10 @@ main(int argc, char **argv) } free(list); - ret = krb5int_pac_sign(context, pac2, authtime, p, - &member_keyblock, &kdc_keyblock, &data); + ret = krb5_pac_sign(context, pac2, authtime, p, + &member_keyblock, &kdc_keyblock, &data); if (ret) - err(context, ret, "krb5int_pac_sign 4"); + err(context, ret, "krb5_pac_sign 4"); krb5_pac_free(context, pac2); @@ -283,10 +283,10 @@ main(int argc, char **argv) krb5_free_data_contents(context, &data); } - ret = krb5int_pac_sign(context, pac, authtime, p, - &member_keyblock, &kdc_keyblock, &data); + ret = krb5_pac_sign(context, pac, authtime, p, + &member_keyblock, &kdc_keyblock, &data); if (ret) - err(context, ret, "krb5int_pac_sign"); + err(context, ret, "krb5_pac_sign"); krb5_pac_free(context, pac); diff --git a/src/lib/krb5/libkrb5.exports b/src/lib/krb5/libkrb5.exports index e31ebb9cb..c4a0015f0 100644 --- a/src/lib/krb5/libkrb5.exports +++ b/src/lib/krb5/libkrb5.exports @@ -465,6 +465,7 @@ krb5_pac_get_buffer krb5_pac_get_types krb5_pac_init krb5_pac_parse +krb5_pac_sign krb5_pac_verify krb5_parse_name krb5_parse_name_flags @@ -617,7 +618,6 @@ krb5int_get_authdata_containee_types krb5int_init_context_kdc krb5int_init_trace krb5int_initialize_library -krb5int_pac_sign krb5int_sendtokdc_debug_handler krb5int_trace profile_abandon diff --git a/src/lib/krb5_32.def b/src/lib/krb5_32.def index 17d15b076..208b92b8f 100644 --- a/src/lib/krb5_32.def +++ b/src/lib/krb5_32.def @@ -418,3 +418,4 @@ EXPORTS krb5_cc_switch @392 krb5_free_string @393 krb5_cc_select @394 + krb5_pac_sign @395