From dac88c2b08c7c4cab30b842008dc6fd0f2b4f1ff Mon Sep 17 00:00:00 2001 From: Zhanna Tsitkov Date: Wed, 20 Aug 2008 21:09:14 +0000 Subject: [PATCH] lean client changes All changes are under LEAN_CLIENT macro. Application server functionality is disabled. Ticket:new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20680 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/gssapi/gss_libinit.c | 4 ++ src/lib/gssapi/krb5/accept_sec_context.c | 8 ++- src/lib/gssapi/krb5/acquire_cred.c | 19 +++++- src/lib/gssapi/krb5/add_cred.c | 15 ++++- src/lib/gssapi/krb5/export_sec_context.c | 5 +- src/lib/gssapi/krb5/gssapiP_krb5.h | 10 +++- src/lib/gssapi/krb5/krb5_gss_glue.c | 58 +++++++++++++++++-- src/lib/gssapi/krb5/rel_cred.c | 2 + .../gssapi/mechglue/g_accept_sec_context.c | 3 +- src/lib/gssapi/mechglue/g_exp_sec_context.c | 2 + src/lib/gssapi/mechglue/g_imp_sec_context.c | 3 + src/lib/gssapi/spnego/gssapiP_spnego.h | 5 +- src/lib/gssapi/spnego/spnego_mech.c | 24 ++++++-- src/lib/kdb/kdb_default.c | 15 ++++- src/lib/krb5/keytab/kt_file.c | 6 +- src/lib/krb5/keytab/kt_memory.c | 4 ++ src/lib/krb5/keytab/kt_srvtab.c | 6 +- src/lib/krb5/keytab/ktadd.c | 6 +- src/lib/krb5/keytab/ktbase.c | 6 +- src/lib/krb5/keytab/ktdefault.c | 5 +- src/lib/krb5/keytab/ktfns.c | 6 +- src/lib/krb5/keytab/ktfr_entry.c | 5 +- src/lib/krb5/keytab/ktremove.c | 5 +- src/lib/krb5/keytab/read_servi.c | 5 +- src/lib/krb5/krb/gic_keytab.c | 5 +- src/lib/krb5/krb/gic_pwd.c | 1 - src/lib/krb5/krb/in_tkt_sky.c | 4 +- src/lib/krb5/krb/rd_req.c | 10 +++- src/lib/krb5/krb/rd_req_dec.c | 4 ++ src/lib/krb5/krb/ser_ctx.c | 7 ++- src/lib/krb5/krb/srv_dec_tkt.c | 5 +- src/lib/krb5/krb5_libinit.c | 4 ++ src/lib/krb5/os/accessor.c | 10 +++- .../collected-client-lib/libcollected.exports | 8 --- src/util/profile/prof_init.c | 3 + 35 files changed, 237 insertions(+), 51 deletions(-) diff --git a/src/lib/gssapi/gss_libinit.c b/src/lib/gssapi/gss_libinit.c index bb9085713..4c1755fd2 100644 --- a/src/lib/gssapi/gss_libinit.c +++ b/src/lib/gssapi/gss_libinit.c @@ -31,9 +31,11 @@ int gssint_lib_init(void) err = gssint_mechglue_init(); if (err) return err; +#ifndef LEAN_CLIENT err = k5_mutex_finish_init(&gssint_krb5_keytab_lock); if (err) return err; +#endif /* LEAN_CLIENT */ err = k5_key_register(K5_KEY_GSS_KRB5_SET_CCACHE_OLD_NAME, free); if (err) return err; @@ -76,7 +78,9 @@ void gssint_lib_fini(void) #ifndef _WIN32 k5_mutex_destroy(&kg_kdc_flag_mutex); #endif +#ifndef LEAN_CLIENT k5_mutex_destroy(&gssint_krb5_keytab_lock); +#endif /* LEAN_CLIENT */ gssint_mecherrmap_destroy(); gssint_mechglue_fini(); } diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c index d7f122513..6b3e0bf0e 100644 --- a/src/lib/gssapi/krb5/accept_sec_context.c +++ b/src/lib/gssapi/krb5/accept_sec_context.c @@ -1,5 +1,5 @@ /* - * Copyright 2000, 2004, 2007 by the Massachusetts Institute of Technology. + * Copyright 2000, 2004, 2007, 2008 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -77,12 +77,15 @@ #endif #include + #ifdef CFX_EXERCISE #define CFX_ACCEPTOR_SUBKEY (time(0) & 1) #else #define CFX_ACCEPTOR_SUBKEY 1 #endif +#ifndef LEAN_CLIENT + /* Decode, decrypt and store the forwarded creds in the local ccache. */ static krb5_error_code rd_and_store_for_creds(context, auth_context, inbuf, out_cred) @@ -206,6 +209,7 @@ cleanup: return retval; } + OM_uint32 krb5_gss_accept_sec_context(minor_status, context_handle, verifier_cred_handle, input_token, @@ -1001,3 +1005,5 @@ krb5_gss_accept_sec_context(minor_status, context_handle, } return (major_status); } +#endif /* LEAN_CLIENT */ + diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c index 7754e2452..55d19fd5a 100644 --- a/src/lib/gssapi/krb5/acquire_cred.c +++ b/src/lib/gssapi/krb5/acquire_cred.c @@ -1,5 +1,5 @@ /* - * Copyright 2000, 2007 by the Massachusetts Institute of Technology. + * Copyright 2000, 2007, 2008 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -91,6 +91,7 @@ static void (*pLeash_AcquireInitialTicketsIfNeeded)(krb5_context,krb5_principal, static HANDLE hLeashDLL = INVALID_HANDLE_VALUE; #endif +#ifndef LEAN_CLIENT k5_mutex_t gssint_krb5_keytab_lock = K5_MUTEX_PARTIAL_INITIALIZER; static char *krb5_gss_keytab = NULL; @@ -204,6 +205,7 @@ acquire_accept_cred(context, minor_status, desired_name, output_princ, cred) return(GSS_S_COMPLETE); } +#endif /* LEAN_CLIENT */ /* get credentials corresponding to the default credential cache. If the default name is requested, return the name in output_princ. @@ -507,7 +509,9 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req, cred->prerfc_mech = req_old; cred->rfc_mech = req_new; +#ifndef LEAN_CLIENT cred->keytab = NULL; +#endif /* LEAN_CLIENT */ cred->ccache = NULL; code = k5_mutex_init(&cred->lock); @@ -532,7 +536,7 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req, /* if requested, acquire credentials for accepting */ /* this will fill in cred->princ if the desired_name is not specified */ - +#ifndef LEAN_CLIENT if ((cred_usage == GSS_C_ACCEPT) || (cred_usage == GSS_C_BOTH)) if ((ret = acquire_accept_cred(context, minor_status, desired_name, @@ -547,6 +551,7 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req, krb5_free_context(context); return(ret); } +#endif /* LEAN_CLIENT */ /* if requested, acquire credentials for initiation */ /* this will fill in cred->princ if it wasn't set above, and @@ -559,8 +564,10 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req, cred->princ?(gss_name_t)cred->princ:desired_name, &(cred->princ), cred)) != GSS_S_COMPLETE) { +#ifndef LEAN_CLIENT if (cred->keytab) krb5_kt_close(context, cred->keytab); +#endif /* LEAN_CLIENT */ if (cred->princ) krb5_free_principal(context, cred->princ); k5_mutex_destroy(&cred->lock); @@ -578,8 +585,10 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req, &(cred->princ)))) { if (cred->ccache) (void)krb5_cc_close(context, cred->ccache); +#ifndef LEAN_CLIENT if (cred->keytab) (void)krb5_kt_close(context, cred->keytab); +#endif /* LEAN_CLIENT */ k5_mutex_destroy(&cred->lock); xfree(cred); *minor_status = code; @@ -601,8 +610,10 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req, if ((code = krb5_timeofday(context, &now))) { if (cred->ccache) (void)krb5_cc_close(context, cred->ccache); +#ifndef LEAN_CLIENT if (cred->keytab) (void)krb5_kt_close(context, cred->keytab); +#endif /* LEAN_CLIENT */ if (cred->princ) krb5_free_principal(context, cred->princ); k5_mutex_destroy(&cred->lock); @@ -632,8 +643,10 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req, &ret_mechs)))) { if (cred->ccache) (void)krb5_cc_close(context, cred->ccache); +#ifndef LEAN_CLIENT if (cred->keytab) (void)krb5_kt_close(context, cred->keytab); +#endif /* LEAN_CLIENT */ if (cred->princ) krb5_free_principal(context, cred->princ); k5_mutex_destroy(&cred->lock); @@ -651,8 +664,10 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req, free(ret_mechs); if (cred->ccache) (void)krb5_cc_close(context, cred->ccache); +#ifndef LEAN_CLIENT if (cred->keytab) (void)krb5_kt_close(context, cred->keytab); +#endif /* LEAN_CLIENT */ if (cred->princ) krb5_free_principal(context, cred->princ); k5_mutex_destroy(&cred->lock); diff --git a/src/lib/gssapi/krb5/add_cred.c b/src/lib/gssapi/krb5/add_cred.c index 3ac32fc2e..fdcd9c0d3 100644 --- a/src/lib/gssapi/krb5/add_cred.c +++ b/src/lib/gssapi/krb5/add_cred.c @@ -1,5 +1,5 @@ /* - * Copyright 2000, 2007 by the Massachusetts Institute of Technology. + * Copyright 2000, 2008 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -209,7 +209,7 @@ krb5_gss_add_cred(minor_status, input_cred_handle, krb5_free_context(context); return(GSS_S_FAILURE); } - +#ifndef LEAN_CLIENT if (cred->keytab) { kttype = krb5_kt_get_type(context, cred->keytab); if ((strlen(kttype)+2) > sizeof(ktboth)) { @@ -252,16 +252,21 @@ krb5_gss_add_cred(minor_status, input_cred_handle, return(GSS_S_FAILURE); } } else { +#endif /* LEAN_CLIENT */ new_cred->keytab = NULL; +#ifndef LEAN_CLIENT } +#endif /* LEAN_CLIENT */ if (cred->rcache) { /* Open the replay cache for this principal. */ if ((code = krb5_get_server_rcache(context, krb5_princ_component(context, cred->princ, 0), &new_cred->rcache))) { +#ifndef LEAN_CLIENT if (new_cred->keytab) krb5_kt_close(context, new_cred->keytab); +#endif /* LEAN_CLIENT */ if (new_cred->princ) krb5_free_principal(context, new_cred->princ); xfree(new_cred); @@ -282,8 +287,10 @@ krb5_gss_add_cred(minor_status, input_cred_handle, if ((strlen(cctype)+strlen(ccname)+2) > sizeof(ccboth)) { if (new_cred->rcache) krb5_rc_close(context, new_cred->rcache); +#ifndef LEAN_CLIENT if (new_cred->keytab) krb5_kt_close(context, new_cred->keytab); +#endif /* LEAN_CLIENT */ if (new_cred->princ) krb5_free_principal(context, new_cred->princ); xfree(new_cred); @@ -302,8 +309,10 @@ krb5_gss_add_cred(minor_status, input_cred_handle, if (code) { if (new_cred->rcache) krb5_rc_close(context, new_cred->rcache); +#ifndef LEAN_CLIENT if (new_cred->keytab) krb5_kt_close(context, new_cred->keytab); +#endif /* LEAN_CLIENT */ if (new_cred->princ) krb5_free_principal(context, new_cred->princ); xfree(new_cred); @@ -324,8 +333,10 @@ krb5_gss_add_cred(minor_status, input_cred_handle, krb5_cc_close(context, new_cred->ccache); if (new_cred->rcache) krb5_rc_close(context, new_cred->rcache); +#ifndef LEAN_CLIENT if (new_cred->keytab) krb5_kt_close(context, new_cred->keytab); +#endif /* LEAN_CLIENT */ if (new_cred->princ) krb5_free_principal(context, new_cred->princ); xfree(new_cred); diff --git a/src/lib/gssapi/krb5/export_sec_context.c b/src/lib/gssapi/krb5/export_sec_context.c index 867d4d6f5..f20d853d0 100644 --- a/src/lib/gssapi/krb5/export_sec_context.c +++ b/src/lib/gssapi/krb5/export_sec_context.c @@ -1,7 +1,7 @@ /* * lib/gssapi/krb5/export_sec_context.c * - * Copyright 1995, 2007 by the Massachusetts Institute of Technology. + * Copyright 1995, 2008 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -29,7 +29,7 @@ * export_sec_context.c - Externalize the security context. */ #include "gssapiP_krb5.h" - +#ifndef LEAN_CLIENT OM_uint32 krb5_gss_export_sec_context(minor_status, context_handle, interprocess_token) OM_uint32 *minor_status; @@ -103,3 +103,4 @@ error_out: *minor_status = (OM_uint32) kret; return(retval); } +#endif /* LEAN_CLIENT */ diff --git a/src/lib/gssapi/krb5/gssapiP_krb5.h b/src/lib/gssapi/krb5/gssapiP_krb5.h index 57c2ed9ea..33036fc53 100644 --- a/src/lib/gssapi/krb5/gssapiP_krb5.h +++ b/src/lib/gssapi/krb5/gssapiP_krb5.h @@ -1,5 +1,5 @@ /* - * Copyright 2000, 2007 by the Massachusetts Institute of Technology. + * Copyright 2000, 2008 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -211,7 +211,9 @@ typedef struct _krb5_gss_ctx_id_rec { extern g_set kg_vdb; +#ifndef LEAN_CLIENT extern k5_mutex_t gssint_krb5_keytab_lock; +#endif /* LEAN_CLIENT */ /* helper macros */ @@ -363,6 +365,7 @@ OM_uint32 krb5_gss_init_sec_context OM_uint32* /* time_rec */ ); +#ifndef LEAN_CLIENT OM_uint32 krb5_gss_accept_sec_context (OM_uint32*, /* minor_status */ gss_ctx_id_t*, /* context_handle */ @@ -377,6 +380,7 @@ OM_uint32 krb5_gss_accept_sec_context OM_uint32*, /* time_rec */ gss_cred_id_t* /* delegated_cred_handle */ ); +#endif /* LEAN_CLIENT */ OM_uint32 krb5_gss_process_context_token (OM_uint32*, /* minor_status */ @@ -459,6 +463,7 @@ OM_uint32 krb5_gss_display_name gss_OID* /* output_name_type */ ); + OM_uint32 krb5_gss_import_name (OM_uint32*, /* minor_status */ gss_buffer_t, /* input_name_buffer */ @@ -574,7 +579,7 @@ OM_uint32 krb5_gss_inquire_cred_by_mech OM_uint32 *, /* acceptor_lifetime */ gss_cred_usage_t * /* cred_usage */ ); - +#ifndef LEAN_CLIENT OM_uint32 krb5_gss_export_sec_context (OM_uint32 *, /* minor_status */ gss_ctx_id_t *, /* context_handle */ @@ -586,6 +591,7 @@ OM_uint32 krb5_gss_import_sec_context gss_buffer_t, /* interprocess_token */ gss_ctx_id_t * /* context_handle */ ); +#endif /* LEAN_CLIENT */ krb5_error_code krb5_gss_ser_init(krb5_context); diff --git a/src/lib/gssapi/krb5/krb5_gss_glue.c b/src/lib/gssapi/krb5/krb5_gss_glue.c index 77cf0da5e..3b2054bd6 100644 --- a/src/lib/gssapi/krb5/krb5_gss_glue.c +++ b/src/lib/gssapi/krb5/krb5_gss_glue.c @@ -27,6 +27,7 @@ #include "gssapiP_krb5.h" #include "mglueP.h" + /** mechglue wrappers **/ static OM_uint32 k5glue_acquire_cred @@ -61,7 +62,8 @@ static OM_uint32 k5glue_init_sec_context OM_uint32*, /* ret_flags */ OM_uint32* /* time_rec */ ); - + +#ifndef LEAN_CLIENT static OM_uint32 k5glue_accept_sec_context (void *, OM_uint32*, /* minor_status */ gss_ctx_id_t*, /* context_handle */ @@ -76,6 +78,7 @@ static OM_uint32 k5glue_accept_sec_context OM_uint32*, /* time_rec */ gss_cred_id_t* /* delegated_cred_handle */ ); +#endif /* LEAN_CLIENT */ static OM_uint32 k5glue_process_context_token (void *, OM_uint32*, /* minor_status */ @@ -94,7 +97,7 @@ static OM_uint32 k5glue_context_time gss_ctx_id_t, /* context_handle */ OM_uint32* /* time_rec */ ); - + static OM_uint32 k5glue_sign (void *, OM_uint32*, /* minor_status */ gss_ctx_id_t, /* context_handle */ @@ -156,7 +159,7 @@ static OM_uint32 k5glue_display_name gss_name_t, /* input_name */ gss_buffer_t, /* output_name_buffer */ gss_OID* /* output_name_type */ - ); + ); static OM_uint32 k5glue_import_name (void *, OM_uint32*, /* minor_status */ @@ -278,6 +281,7 @@ static OM_uint32 k5glue_inquire_cred_by_mech gss_cred_usage_t * /* cred_usage */ ); +#ifndef LEAN_CLIENT static OM_uint32 k5glue_export_sec_context (void *, OM_uint32 *, /* minor_status */ gss_ctx_id_t *, /* context_handle */ @@ -289,6 +293,7 @@ static OM_uint32 k5glue_import_sec_context gss_buffer_t, /* interprocess_token */ gss_ctx_id_t * /* context_handle */ ); +#endif /* LEAN_CLIENT */ krb5_error_code k5glue_ser_init(krb5_context); @@ -338,13 +343,14 @@ static OM_uint32 k5glue_validate_cred * ensure that both dispatch tables contain identical function * pointers. */ +#ifndef LEAN_CLIENT #define KRB5_GSS_CONFIG_INIT \ NULL, \ k5glue_acquire_cred, \ k5glue_release_cred, \ k5glue_init_sec_context, \ k5glue_accept_sec_context, \ - k5glue_process_context_token, \ + k5glue_process_context_token, \ k5glue_delete_sec_context, \ k5glue_context_time, \ k5glue_sign, \ @@ -369,6 +375,42 @@ static OM_uint32 k5glue_validate_cred k5glue_export_name, \ NULL /* store_cred */ +#else /* LEAN_CLIENT */ + +#define KRB5_GSS_CONFIG_INIT \ + NULL, \ + k5glue_acquire_cred, \ + k5glue_release_cred, \ + k5glue_init_sec_context, \ + NULL, \ + k5glue_process_context_token, \ + k5glue_delete_sec_context, \ + k5glue_context_time, \ + k5glue_sign, \ + k5glue_verify, \ + k5glue_seal, \ + k5glue_unseal, \ + k5glue_display_status, \ + k5glue_indicate_mechs, \ + k5glue_compare_name, \ + k5glue_display_name, \ + k5glue_import_name, \ + k5glue_release_name, \ + k5glue_inquire_cred, \ + k5glue_add_cred, \ + NULL, \ + NULL, \ + k5glue_inquire_cred_by_mech, \ + k5glue_inquire_names_for_mech, \ + k5glue_inquire_context, \ + k5glue_internal_release_oid, \ + k5glue_wrap_size_limit, \ + k5glue_export_name, \ + NULL /* store_cred */ + +#endif /* LEAN_CLIENT */ + + static struct gss_config krb5_mechanism = { 100, "kerberos_v5", { GSS_MECH_KRB5_OID_LENGTH, GSS_MECH_KRB5_OID }, @@ -414,6 +456,7 @@ gssint_get_mech_configs(void) return krb5_mech_configs; } +#ifndef LEAN_CLIENT static OM_uint32 k5glue_accept_sec_context(ctx, minor_status, context_handle, verifier_cred_handle, input_token, input_chan_bindings, src_name, mech_type, @@ -443,6 +486,7 @@ k5glue_accept_sec_context(ctx, minor_status, context_handle, verifier_cred_handl time_rec, delegated_cred_handle)); } +#endif /* LEAN_CLIENT */ static OM_uint32 k5glue_acquire_cred(ctx, minor_status, desired_name, time_req, desired_mechs, @@ -579,7 +623,7 @@ k5glue_display_status(ctx, minor_status, status_value, status_type, status_type, mech_type, message_context, status_string)); } - +#ifndef LEAN_CLIENT /* V2 */ static OM_uint32 k5glue_export_sec_context(ctx, minor_status, context_handle, interprocess_token) @@ -592,7 +636,7 @@ k5glue_export_sec_context(ctx, minor_status, context_handle, interprocess_token) context_handle, interprocess_token)); } - +#endif /* LEAN_CLIENT */ #if 0 /* V2 */ static OM_uint32 @@ -630,6 +674,7 @@ k5glue_import_name(ctx, minor_status, input_name_buffer, input_name_type, output input_name_type, output_name)); } +#ifndef LEAN_CLIENT /* V2 */ static OM_uint32 k5glue_import_sec_context(ctx, minor_status, interprocess_token, context_handle) @@ -642,6 +687,7 @@ k5glue_import_sec_context(ctx, minor_status, interprocess_token, context_handle) interprocess_token, context_handle)); } +#endif /* LEAN_CLIENT */ static OM_uint32 k5glue_indicate_mechs(ctx, minor_status, mech_set) diff --git a/src/lib/gssapi/krb5/rel_cred.c b/src/lib/gssapi/krb5/rel_cred.c index efd9a4f4d..1b4a6ce55 100644 --- a/src/lib/gssapi/krb5/rel_cred.c +++ b/src/lib/gssapi/krb5/rel_cred.c @@ -59,9 +59,11 @@ krb5_gss_release_cred(minor_status, cred_handle) else code1 = 0; +#ifndef LEAN_CLIENT if (cred->keytab) code2 = krb5_kt_close(context, cred->keytab); else +#endif /* LEAN_CLIENT */ code2 = 0; if (cred->rcache) diff --git a/src/lib/gssapi/mechglue/g_accept_sec_context.c b/src/lib/gssapi/mechglue/g_accept_sec_context.c index c12e2bf4f..9527895ee 100644 --- a/src/lib/gssapi/mechglue/g_accept_sec_context.c +++ b/src/lib/gssapi/mechglue/g_accept_sec_context.c @@ -33,6 +33,7 @@ #include #include +#ifndef LEAN_CLIENT static OM_uint32 val_acc_sec_ctx_args( OM_uint32 *minor_status, @@ -84,7 +85,6 @@ val_acc_sec_ctx_args( return (GSS_S_COMPLETE); } - OM_uint32 KRB5_CALLCONV gss_accept_sec_context (minor_status, context_handle, @@ -361,4 +361,5 @@ error_out: return (status); } +#endif /* LEAN_CLIENT */ diff --git a/src/lib/gssapi/mechglue/g_exp_sec_context.c b/src/lib/gssapi/mechglue/g_exp_sec_context.c index 28e25b325..cf9905f83 100644 --- a/src/lib/gssapi/mechglue/g_exp_sec_context.c +++ b/src/lib/gssapi/mechglue/g_exp_sec_context.c @@ -25,6 +25,7 @@ /* * glue routine for gss_export_sec_context */ +#ifndef LEAN_CLIENT #include "mglueP.h" #include @@ -135,3 +136,4 @@ gss_buffer_t interprocess_token; return(GSS_S_COMPLETE); } +#endif /*LEAN_CLIENT */ diff --git a/src/lib/gssapi/mechglue/g_imp_sec_context.c b/src/lib/gssapi/mechglue/g_imp_sec_context.c index f83d86170..2b7aacf10 100644 --- a/src/lib/gssapi/mechglue/g_imp_sec_context.c +++ b/src/lib/gssapi/mechglue/g_imp_sec_context.c @@ -26,6 +26,8 @@ * glue routine gss_export_sec_context */ +#ifndef LEAN_CLIENT + #include "mglueP.h" #include #include @@ -162,3 +164,4 @@ error_out: } return status; } +#endif /* LEAN_CLIENT */ diff --git a/src/lib/gssapi/spnego/gssapiP_spnego.h b/src/lib/gssapi/spnego/gssapiP_spnego.h index 1c8fd7a7b..717181c6b 100644 --- a/src/lib/gssapi/spnego/gssapiP_spnego.h +++ b/src/lib/gssapi/spnego/gssapiP_spnego.h @@ -167,6 +167,7 @@ OM_uint32 spnego_gss_init_sec_context OM_uint32 * /* time_rec */ ); +#ifndef LEAN_CLIENT OM_uint32 spnego_gss_accept_sec_context ( void *, /* spnego context */ @@ -183,6 +184,7 @@ OM_uint32 spnego_gss_accept_sec_context /* CSTYLED */ gss_cred_id_t * /* delegated_cred_handle */ ); +#endif /* LEAN_CLIENT */ OM_uint32 spnego_gss_display_name ( @@ -276,7 +278,7 @@ OM_uint32 spnego_gss_context_time const gss_ctx_id_t context_handle, OM_uint32 *time_rec ); - +#ifndef LEAN_CLIENT OM_uint32 spnego_gss_export_sec_context ( void *context, @@ -292,6 +294,7 @@ OM_uint32 spnego_gss_import_sec_context const gss_buffer_t interprocess_token, gss_ctx_id_t *context_handle ); +#endif /* LEAN_CLIENT */ OM_uint32 spnego_gss_inquire_context ( diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c index 9f68a6ccd..775306f0b 100644 --- a/src/lib/gssapi/spnego/spnego_mech.c +++ b/src/lib/gssapi/spnego/spnego_mech.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2006,2007 by the Massachusetts Institute of Technology. + * Copyright (C) 2006,2008 by the Massachusetts Institute of Technology. * All rights reserved. * * Export of this software from the United States of America may @@ -45,6 +45,7 @@ #include "gssapiP_spnego.h" #include + #undef g_token_size #undef g_verify_token_header #undef g_make_token_header @@ -164,7 +165,11 @@ static struct gss_config spnego_mechanism = spnego_gss_acquire_cred, spnego_gss_release_cred, spnego_gss_init_sec_context, +#ifndef LEAN_CLIENT spnego_gss_accept_sec_context, +#else + NULL, +#endif /* LEAN_CLIENT */ NULL, /* gss_process_context_token */ spnego_gss_delete_sec_context, /* gss_delete_sec_context */ spnego_gss_context_time, /* gss_context_time */ @@ -180,8 +185,13 @@ static struct gss_config spnego_mechanism = spnego_gss_release_name, NULL, /* gss_inquire_cred */ NULL, /* gss_add_cred */ - spnego_gss_export_sec_context, /* gss_export_sec_context */ - spnego_gss_import_sec_context, /* gss_import_sec_context */ +#ifndef LEAN_CLIENT + spnego_gss_export_sec_context, /* gss_export_sec_context */ + spnego_gss_import_sec_context, /* gss_import_sec_context */ +#else + NULL, /* gss_export_sec_context */ + NULL, /* gss_import_sec_context */ +#endif /* LEAN_CLIENT */ NULL, /* gss_inquire_cred_by_mech */ spnego_gss_inquire_names_for_mech, spnego_gss_inquire_context, /* gss_inquire_context */ @@ -1091,7 +1101,7 @@ cleanup: gss_release_oid_set(&tmpmin, &mech_set); return ret; } - +#ifndef LEAN_CLIENT /* * Wrap call to gss_accept_sec_context() and update state * accordingly. @@ -1290,6 +1300,7 @@ cleanup: } return ret; } +#endif /* LEAN_CLIENT */ /*ARGSUSED*/ @@ -1336,6 +1347,7 @@ spnego_gss_display_status(void *ctx, return (GSS_S_COMPLETE); } + /*ARGSUSED*/ OM_uint32 spnego_gss_import_name(void *ctx, @@ -1389,6 +1401,7 @@ spnego_gss_display_name(void *ctx, return (status); } + /*ARGSUSED*/ OM_uint32 spnego_gss_inquire_names_for_mech(void *ctx, @@ -1529,7 +1542,7 @@ spnego_gss_context_time(void *context, time_rec); return (ret); } - +#ifndef LEAN_CLIENT OM_uint32 spnego_gss_export_sec_context(void *context, OM_uint32 *minor_status, @@ -1555,6 +1568,7 @@ spnego_gss_import_sec_context(void *context, context_handle); return (ret); } +#endif /* LEAN_CLIENT */ OM_uint32 spnego_gss_inquire_context(void *context, diff --git a/src/lib/kdb/kdb_default.c b/src/lib/kdb/kdb_default.c index bf4ba3584..b792b3846 100644 --- a/src/lib/kdb/kdb_default.c +++ b/src/lib/kdb/kdb_default.c @@ -1,7 +1,7 @@ /* * lib/kdb/kdb_helper.c * - * Copyright 1995, 2007 by the Massachusetts Institute of Technology. + * Copyright 1995, 2008 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -144,8 +144,10 @@ krb5_def_store_mkey(krb5_context context, char defkeyfile[MAXPATHLEN+1]; char *tmp_ktname = NULL, *tmp_ktpath; krb5_data *realm = krb5_princ_realm(context, mname); +#ifndef LEAN_CLIENT krb5_keytab kt; krb5_keytab_entry new_entry; +#endif /* LEAN_CLIENT */ struct stat stb; int statrc; @@ -190,6 +192,7 @@ krb5_def_store_mkey(krb5_context context, goto out; } +#ifndef LEAN_CLIENT /* create new stash keytab using temp file name */ retval = krb5_kt_resolve(context, tmp_ktname, &kt); if (retval != 0) @@ -199,7 +202,7 @@ krb5_def_store_mkey(krb5_context context, new_entry.principal = mname; new_entry.key = *key; new_entry.vno = kvno; - +#endif /* LEAN_CLIENT */ /* * Set tmp_ktpath to point to the keyfile path (skip WRFILE:). Subtracting * 1 to account for NULL terminator in sizeof calculation of a string @@ -207,6 +210,7 @@ krb5_def_store_mkey(krb5_context context, */ tmp_ktpath = tmp_ktname + (sizeof("WRFILE:") - 1); +#ifndef LEAN_CLIENT retval = krb5_kt_add_entry(context, kt, &new_entry); if (retval != 0) { /* delete tmp keyfile if it exists and an error occurrs */ @@ -221,6 +225,7 @@ krb5_def_store_mkey(krb5_context context, tmp_ktpath, keyfile, error_message(errno)); } } +#endif /* LEAN_CLIENT */ out: if (tmp_ktname != NULL) @@ -309,6 +314,7 @@ krb5_db_def_fetch_mkey_stash(krb5_context context, return retval; } +#ifndef LEAN_CLIENT static krb5_error_code krb5_db_def_fetch_mkey_keytab(krb5_context context, const char *keyfile, @@ -369,6 +375,7 @@ krb5_db_def_fetch_mkey_keytab(krb5_context context, errout: return retval; } +#endif /* LEAN_CLIENT */ krb5_error_code krb5_db_def_fetch_mkey(krb5_context context, @@ -394,15 +401,19 @@ krb5_db_def_fetch_mkey(krb5_context context, /* null terminate no matter what */ keyfile[sizeof(keyfile) - 1] = '\0'; +#ifndef LEAN_CLIENT /* assume the master key is in a keytab */ retval_kt = krb5_db_def_fetch_mkey_keytab(context, keyfile, mname, key, kvno); if (retval_kt != 0) { +#endif /* LEAN_CLIENT */ /* * If it's not in a keytab, fall back and try getting the mkey from the * older stash file format. */ retval_ofs = krb5_db_def_fetch_mkey_stash(context, keyfile, key, kvno); +#ifndef LEAN_CLIENT } +#endif /* LEAN_CLIENT */ if (retval_kt != 0 && retval_ofs != 0) { /* diff --git a/src/lib/krb5/keytab/kt_file.c b/src/lib/krb5/keytab/kt_file.c index 357bb1246..cd2298ba5 100644 --- a/src/lib/krb5/keytab/kt_file.c +++ b/src/lib/krb5/keytab/kt_file.c @@ -1,7 +1,7 @@ /* * lib/krb5/keytab/kt_file.c * - * Copyright 1990,1991,1995,2007 by the Massachusetts Institute of Technology. + * Copyright 1990,1991,1995,2007,2008 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -25,6 +25,8 @@ * */ +#ifndef LEAN_CLIENT + #include "k5-int.h" #include @@ -1768,3 +1770,5 @@ krb5_ktfileint_find_slot(krb5_context context, krb5_keytab id, krb5_int32 *size_ return 0; } +#endif /* LEAN_CLIENT */ + diff --git a/src/lib/krb5/keytab/kt_memory.c b/src/lib/krb5/keytab/kt_memory.c index bf9634e53..eb1dd77e0 100644 --- a/src/lib/krb5/keytab/kt_memory.c +++ b/src/lib/krb5/keytab/kt_memory.c @@ -28,6 +28,8 @@ #include "kt-int.h" #include +#ifndef LEAN_CLIENT + #define HEIMDAL_COMPATIBLE /* @@ -674,3 +676,5 @@ const struct _krb5_kt_ops krb5_mkt_ops = { NULL }; +#endif /* LEAN_CLIENT */ + diff --git a/src/lib/krb5/keytab/kt_srvtab.c b/src/lib/krb5/keytab/kt_srvtab.c index 77546446e..2bc460345 100644 --- a/src/lib/krb5/keytab/kt_srvtab.c +++ b/src/lib/krb5/keytab/kt_srvtab.c @@ -1,7 +1,7 @@ /* * lib/krb5/keytab/srvtab/kts_resolv.c * - * Copyright 1990,1991,2002,2007 by the Massachusetts Institute of Technology. + * Copyright 1990,1991,2002,2007,2008 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -27,6 +27,8 @@ #include "k5-int.h" #include +#ifndef LEAN_CLIENT + /* * Constants */ @@ -472,3 +474,5 @@ krb5_ktsrvint_read_entry(krb5_context context, krb5_keytab id, krb5_keytab_entry return 0; } +#endif /* LEAN_CLIENT */ + diff --git a/src/lib/krb5/keytab/ktadd.c b/src/lib/krb5/keytab/ktadd.c index b7c1b9216..360dd64cd 100644 --- a/src/lib/krb5/keytab/ktadd.c +++ b/src/lib/krb5/keytab/ktadd.c @@ -1,7 +1,7 @@ /* * lib/krb5/keytab/ktadd.c * - * Copyright 1990 by the Massachusetts Institute of Technology. + * Copyright 1990,2008 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -29,6 +29,8 @@ #include "k5-int.h" +#ifndef LEAN_CLIENT + krb5_error_code KRB5_CALLCONV krb5_kt_add_entry (krb5_context context, krb5_keytab id, krb5_keytab_entry *entry) { @@ -37,3 +39,5 @@ krb5_kt_add_entry (krb5_context context, krb5_keytab id, krb5_keytab_entry *entr else return KRB5_KT_NOWRITE; } +#endif /* LEAN_CLIENT */ + diff --git a/src/lib/krb5/keytab/ktbase.c b/src/lib/krb5/keytab/ktbase.c index 3e4f6a6be..b68b351c6 100644 --- a/src/lib/krb5/keytab/ktbase.c +++ b/src/lib/krb5/keytab/ktbase.c @@ -1,7 +1,7 @@ /* * lib/krb5/keytab/ktbase.c * - * Copyright 1990 by the Massachusetts Institute of Technology. + * Copyright 1990,2008 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -53,6 +53,8 @@ #include "k5-thread.h" #include "kt-int.h" +#ifndef LEAN_CLIENT + extern const krb5_kt_ops krb5_ktf_ops; extern const krb5_kt_ops krb5_ktf_writable_ops; extern const krb5_kt_ops krb5_kts_ops; @@ -283,3 +285,5 @@ krb5_ser_keytab_init(krb5_context kcontext) { return(krb5_register_serializer(kcontext, &krb5_keytab_ser_entry)); } +#endif /* LEAN_CLIENT */ + diff --git a/src/lib/krb5/keytab/ktdefault.c b/src/lib/krb5/keytab/ktdefault.c index 971f29f59..3d7ee0946 100644 --- a/src/lib/krb5/keytab/ktdefault.c +++ b/src/lib/krb5/keytab/ktdefault.c @@ -1,7 +1,7 @@ /* * lib/krb5/keytab/ktdefault.c * - * Copyright 1990 by the Massachusetts Institute of Technology. + * Copyright 1990,2008 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -30,6 +30,7 @@ #include "k5-int.h" #include +#ifndef LEAN_CLIENT krb5_error_code KRB5_CALLCONV krb5_kt_default(krb5_context context, krb5_keytab *id) { @@ -41,5 +42,5 @@ krb5_kt_default(krb5_context context, krb5_keytab *id) return krb5_kt_resolve(context, defname, id); } - +#endif /* LEAN_CLIENT */ diff --git a/src/lib/krb5/keytab/ktfns.c b/src/lib/krb5/keytab/ktfns.c index 24d8eb267..9239f3d16 100644 --- a/src/lib/krb5/keytab/ktfns.c +++ b/src/lib/krb5/keytab/ktfns.c @@ -1,7 +1,7 @@ /* * lib/krb5/keytab/ktfns.c * - * Copyright 2001 by the Massachusetts Institute of Technology. + * Copyright 2001,2008 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -28,6 +28,8 @@ * Dispatch methods for keytab code. */ +#ifndef LEAN_CLIENT + #include "k5-int.h" const char * KRB5_CALLCONV @@ -94,3 +96,5 @@ krb5_kt_end_seq_get(krb5_context context, krb5_keytab keytab, { return krb5_x((keytab)->ops->end_get,(context, keytab, cursor)); } +#endif /* LEAN_CLIENT */ + diff --git a/src/lib/krb5/keytab/ktfr_entry.c b/src/lib/krb5/keytab/ktfr_entry.c index b4305e21a..e04623254 100644 --- a/src/lib/krb5/keytab/ktfr_entry.c +++ b/src/lib/krb5/keytab/ktfr_entry.c @@ -1,7 +1,7 @@ /* * lib/krb5/keytab/ktfr_entry.c * - * Copyright 1990 by the Massachusetts Institute of Technology. + * Copyright 1990, 2008 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -26,6 +26,7 @@ * * krb5_kt_free_entry() */ +#ifndef LEAN_CLIENT #include "k5-int.h" @@ -48,3 +49,5 @@ krb5_kt_free_entry (krb5_context context, krb5_keytab_entry *entry) { return krb5_free_keytab_entry_contents (context, entry); } +#endif /* LEAN_CLIENT */ + diff --git a/src/lib/krb5/keytab/ktremove.c b/src/lib/krb5/keytab/ktremove.c index d101a7065..4ba6063f7 100644 --- a/src/lib/krb5/keytab/ktremove.c +++ b/src/lib/krb5/keytab/ktremove.c @@ -1,7 +1,7 @@ /* * lib/krb5/keytab/ktremove.c * - * Copyright 1990 by the Massachusetts Institute of Technology. + * Copyright 1990,2008 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -26,6 +26,7 @@ * * krb5_kt_remove_entry() */ +#ifndef LEAN_CLIENT #include "k5-int.h" @@ -37,3 +38,5 @@ krb5_kt_remove_entry (krb5_context context, krb5_keytab id, krb5_keytab_entry *e else return KRB5_KT_NOWRITE; } +#endif /* LEAN_CLIENT */ + diff --git a/src/lib/krb5/keytab/read_servi.c b/src/lib/krb5/keytab/read_servi.c index 3455300ab..6638a5a92 100644 --- a/src/lib/krb5/keytab/read_servi.c +++ b/src/lib/krb5/keytab/read_servi.c @@ -1,7 +1,7 @@ /* * lib/krb5/keytab/read_servi.c * - * Copyright 1990 by the Massachusetts Institute of Technology. + * Copyright 1990,2008 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -29,6 +29,7 @@ * It handles all of the opening and closing of the keytab * internally. */ +#ifndef LEAN_CLIENT #include "k5-int.h" @@ -79,3 +80,5 @@ krb5_kt_read_service_key(krb5_context context, krb5_pointer keyprocarg, krb5_pri return (KSUCCESS); } +#endif /* LEAN_CLIENT */ + diff --git a/src/lib/krb5/krb/gic_keytab.c b/src/lib/krb5/krb/gic_keytab.c index cae04955a..7e60b2d19 100644 --- a/src/lib/krb5/krb/gic_keytab.c +++ b/src/lib/krb5/krb/gic_keytab.c @@ -1,7 +1,7 @@ /* * lib/krb5/krb/gic_keytab.c * - * Copyright (C) 2002, 2003 by the Massachusetts Institute of Technology. + * Copyright (C) 2002, 2003, 2008 by the Massachusetts Institute of Technology. * All rights reserved. * * Export of this software from the United States of America may @@ -23,6 +23,7 @@ * this software for any purpose. It is provided "as is" without express * or implied warranty. */ +#ifndef LEAN_CLIENT #include "k5-int.h" @@ -217,3 +218,5 @@ krb5_get_in_tkt_with_keytab(krb5_context context, krb5_flags options, return retval; } +#endif /* LEAN_CLIENT */ + diff --git a/src/lib/krb5/krb/gic_pwd.c b/src/lib/krb5/krb/gic_pwd.c index dd3f011d9..094eb79f5 100644 --- a/src/lib/krb5/krb/gic_pwd.c +++ b/src/lib/krb5/krb/gic_pwd.c @@ -378,7 +378,6 @@ cleanup: break; delta = (*last_req)->value - now; - if (delta < 3600) snprintf(banner, sizeof(banner), "Warning: Your password will expire in less than one hour on %s", diff --git a/src/lib/krb5/krb/in_tkt_sky.c b/src/lib/krb5/krb/in_tkt_sky.c index 75edb55da..d98411fd7 100644 --- a/src/lib/krb5/krb/in_tkt_sky.c +++ b/src/lib/krb5/krb/in_tkt_sky.c @@ -1,7 +1,7 @@ /* * lib/krb5/krb/in_tkt_sky.c * - * Copyright 1990,1991 by the Massachusetts Institute of Technology. + * Copyright 1990,1991, 2008 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -98,8 +98,10 @@ krb5_get_in_tkt_with_skey(krb5_context context, krb5_flags options, skey_keyproc, (krb5_const_pointer)key, krb5_kdc_rep_decrypt_proc, 0, creds, ccache, ret_as_reply); +#ifndef LEAN_CLIENT else return krb5_get_in_tkt_with_keytab(context, options, addrs, ktypes, pre_auth_types, NULL, ccache, creds, ret_as_reply); +#endif /* LEAN_CLIENT */ } diff --git a/src/lib/krb5/krb/rd_req.c b/src/lib/krb5/krb/rd_req.c index 28f4f9364..6a479496f 100644 --- a/src/lib/krb5/krb/rd_req.c +++ b/src/lib/krb5/krb/rd_req.c @@ -1,7 +1,7 @@ /* * lib/krb5/krb/rd_req.c * - * Copyright 1990,1991 by the Massachusetts Institute of Technology. + * Copyright 1990,1991, 2008 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -58,14 +58,16 @@ krb5_rd_req(krb5_context context, krb5_auth_context *auth_context, if (!krb5_is_ap_req(inbuf)) return KRB5KRB_AP_ERR_MSG_TYPE; +#ifndef LEAN_CLIENT if ((retval = decode_krb5_ap_req(inbuf, &request))) { switch (retval) { case KRB5_BADMSGTYPE: return KRB5KRB_AP_ERR_BADVERSION; default: return(retval); - } + } } +#endif /* LEAN_CLIENT */ /* Get an auth context if necessary. */ new_auth_context = NULL; @@ -89,18 +91,22 @@ krb5_rd_req(krb5_context context, krb5_auth_context *auth_context, goto cleanup_auth_context; } +#ifndef LEAN_CLIENT /* Get a keytab if necessary. */ if (keytab == NULL) { if ((retval = krb5_kt_default(context, &new_keytab))) goto cleanup_auth_context; keytab = new_keytab; } +#endif /* LEAN_CLIENT */ retval = krb5_rd_req_decoded(context, auth_context, request, server, keytab, ap_req_options, ticket); +#ifndef LEAN_CLIENT if (new_keytab != NULL) (void) krb5_kt_close(context, new_keytab); +#endif /* LEAN_CLIENT */ cleanup_auth_context: if (new_auth_context && retval) { diff --git a/src/lib/krb5/krb/rd_req_dec.c b/src/lib/krb5/krb/rd_req_dec.c index d672b8b7e..ed707d11e 100644 --- a/src/lib/krb5/krb/rd_req_dec.c +++ b/src/lib/krb5/krb/rd_req_dec.c @@ -87,15 +87,19 @@ krb5_rd_req_decrypt_tkt_part(krb5_context context, const krb5_ap_req *req, enctype = req->ticket->enc_part.enctype; +#ifndef LEAN_CLIENT if ((retval = krb5_kt_get_entry(context, keytab, req->ticket->server, req->ticket->enc_part.kvno, enctype, &ktent))) return retval; +#endif /* LEAN_CLIENT */ retval = krb5_decrypt_tkt_part(context, &ktent.key, req->ticket); /* Upon error, Free keytab entry first, then return */ +#ifndef LEAN_CLIENT (void) krb5_kt_free_entry(context, &ktent); +#endif /* LEAN_CLIENT */ return retval; } diff --git a/src/lib/krb5/krb/ser_ctx.c b/src/lib/krb5/krb/ser_ctx.c index 322f1825b..6a1fb1b49 100644 --- a/src/lib/krb5/krb/ser_ctx.c +++ b/src/lib/krb5/krb/ser_ctx.c @@ -62,12 +62,14 @@ static krb5_error_code krb5_oscontext_externalize (krb5_context, krb5_pointer, krb5_octet **, size_t *); static krb5_error_code krb5_oscontext_internalize (krb5_context,krb5_pointer *, krb5_octet **, size_t *); +#ifndef LEAN_CLIENT krb5_error_code profile_ser_size (krb5_context, krb5_pointer, size_t *); krb5_error_code profile_ser_externalize (krb5_context, krb5_pointer, krb5_octet **, size_t *); krb5_error_code profile_ser_internalize (krb5_context,krb5_pointer *, krb5_octet **, size_t *); +#endif /* LEAN_CLIENT */ /* Local data */ static const krb5_ser_entry krb5_context_ser_entry = { @@ -82,13 +84,14 @@ static const krb5_ser_entry krb5_oscontext_ser_entry = { krb5_oscontext_externalize, /* Externalize routine */ krb5_oscontext_internalize /* Internalize routine */ }; +#ifndef LEAN_CLIENT static const krb5_ser_entry krb5_profile_ser_entry = { PROF_MAGIC_PROFILE, /* Type */ profile_ser_size, /* Sizer routine */ profile_ser_externalize, /* Externalize routine */ profile_ser_internalize /* Internalize routine */ }; - +#endif /* LEAN_CLIENT */ /* * krb5_context_size() - Determine the size required to externalize the * krb5_context. @@ -610,7 +613,9 @@ krb5_ser_context_init(krb5_context kcontext) kret = krb5_register_serializer(kcontext, &krb5_context_ser_entry); if (!kret) kret = krb5_register_serializer(kcontext, &krb5_oscontext_ser_entry); +#ifndef LEAN_CLIENT if (!kret) kret = krb5_register_serializer(kcontext, &krb5_profile_ser_entry); +#endif /* LEAN_CLIENT */ return(kret); } diff --git a/src/lib/krb5/krb/srv_dec_tkt.c b/src/lib/krb5/krb/srv_dec_tkt.c index e994ac995..b5cf260f2 100644 --- a/src/lib/krb5/krb/srv_dec_tkt.c +++ b/src/lib/krb5/krb/srv_dec_tkt.c @@ -1,7 +1,7 @@ /* * lib/krb5/krb/srv_dec_tkt.c * - * Copyright 2006 by the Massachusetts Institute of Technology. + * Copyright 2006, 2008 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -38,6 +38,7 @@ #include +#ifndef LEAN_CLIENT krb5_error_code KRB5_CALLCONV krb5int_server_decrypt_ticket_keyblock(krb5_context context, const krb5_keyblock *key, @@ -92,3 +93,5 @@ krb5_server_decrypt_ticket_keytab(krb5_context context, (void) krb5_kt_free_entry(context, &ktent); return retval; } +#endif /* LEAN_CLIENT */ + diff --git a/src/lib/krb5/krb5_libinit.c b/src/lib/krb5/krb5_libinit.c index e82891a57..94187781c 100644 --- a/src/lib/krb5/krb5_libinit.c +++ b/src/lib/krb5/krb5_libinit.c @@ -44,9 +44,11 @@ int krb5int_lib_init(void) err = krb5int_rc_finish_init(); if (err) return err; +#ifndef LEAN_CLIENT err = krb5int_kt_initialize(); if (err) return err; +#endif /* LEAN_CLIENT */ err = krb5int_cc_initialize(); if (err) return err; @@ -83,7 +85,9 @@ void krb5int_lib_fini(void) k5_mutex_destroy(&krb5int_us_time_mutex); krb5int_cc_finalize(); +#ifndef LEAN_CLIENT krb5int_kt_finalize(); +#endif /* LEAN_CLIENT */ krb5int_rc_terminate(); #if defined(_WIN32) || defined(USE_CCAPI) diff --git a/src/lib/krb5/os/accessor.c b/src/lib/krb5/os/accessor.c index c0cc495c6..1593468cd 100644 --- a/src/lib/krb5/os/accessor.c +++ b/src/lib/krb5/os/accessor.c @@ -79,8 +79,14 @@ krb5int_accessor(krb5int_access *internals, krb5_int32 version) #undef SC S (krb5int_c_mandatory_cksumtype, krb5int_c_mandatory_cksumtype), - S (krb5_ser_pack_int64, krb5_ser_pack_int64), - S (krb5_ser_unpack_int64, krb5_ser_unpack_int64), +#ifndef LEAN_CLIENT +#define SC(FIELD, VAL) S(FIELD, VAL) +#else /* disable */ +#define SC(FIELD, VAL) S(FIELD, 0) +#endif + SC (krb5_ser_pack_int64, krb5_ser_pack_int64), + SC (krb5_ser_unpack_int64, krb5_ser_unpack_int64), +#undef SC #ifdef ENABLE_LDAP #define SC(FIELD, VAL) S(FIELD, VAL) diff --git a/src/util/collected-client-lib/libcollected.exports b/src/util/collected-client-lib/libcollected.exports index f886fc5ca..fb91133fb 100644 --- a/src/util/collected-client-lib/libcollected.exports +++ b/src/util/collected-client-lib/libcollected.exports @@ -30,9 +30,6 @@ profile_update_relation profile_clear_relation profile_rename_section profile_add_relation -profile_ser_internalize -profile_ser_externalize -profile_ser_size krb5_is_referral_realm krb5_c_encrypt krb5_c_decrypt @@ -210,9 +207,6 @@ krb5_get_init_creds_opt_set_salt krb5_get_init_creds_opt_set_change_password_prompt krb5_get_init_creds_opt_set_pa krb5_get_init_creds_password -krb5_get_init_creds_keytab -krb5_verify_init_creds_opt_init -krb5_verify_init_creds krb5_get_validated_creds krb5_get_renewed_creds krb5_decode_ticket @@ -247,8 +241,6 @@ gss_add_cred gss_inquire_cred_by_mech gss_inquire_context gss_wrap_size_limit -gss_export_sec_context -gss_import_sec_context gss_release_oid gss_create_empty_oid_set gss_add_oid_set_member diff --git a/src/util/profile/prof_init.c b/src/util/profile/prof_init.c index 6d05ce79b..4048f88a9 100644 --- a/src/util/profile/prof_init.c +++ b/src/util/profile/prof_init.c @@ -252,6 +252,7 @@ profile_release(profile_t profile) free(profile); } +#ifndef LEAN_CLIENT /* * Here begins the profile serialization functions. */ @@ -397,3 +398,5 @@ cleanup: } return(retval); } +#endif /* LEAN_CLIENT */ + -- 2.26.2