From dd3c630b60b0c40a1ce70ca74ff911fd6a5a3600 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Sat, 15 Oct 2011 16:26:27 +0000
Subject: [PATCH] Rename PAC type constants to avoid conflicts

Since the PAC type constants are now exposed in krb5.h, give them a
KRB5_ prefix so they don't conflict with similar PAC type constants
in other packages, like Samba.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25352 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/include/krb5/krb5.hin   | 14 ++++-----
 src/lib/krb5/krb/pac.c      | 57 ++++++++++++++++++++++++-------------
 src/lib/krb5/krb/pac_sign.c | 18 ++++++------
 3 files changed, 53 insertions(+), 36 deletions(-)

diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin
index 3466fbf87..2e5acd43f 100644
--- a/src/include/krb5/krb5.hin
+++ b/src/include/krb5/krb5.hin
@@ -7355,13 +7355,13 @@ krb5_verify_authdata_kdc_issued(krb5_context context,
  */
 
 /* Microsoft defined types of data */
-#define PAC_LOGON_INFO        1  /**< Logon information */
-#define PAC_CREDENTIALS_INFO  2  /**< Credentials information */
-#define PAC_SERVER_CHECKSUM   6  /**< Server checksum */
-#define PAC_PRIVSVR_CHECKSUM  7  /**< KDC checksum */
-#define PAC_CLIENT_INFO       10 /**< Client name and ticket information */
-#define PAC_DELEGATION_INFO   11 /**< Constrained delegation information */
-#define PAC_UPN_DNS_INFO      12 /**< User principal name and DNS information */
+#define KRB5_PAC_LOGON_INFO        1  /**< Logon information */
+#define KRB5_PAC_CREDENTIALS_INFO  2  /**< Credentials information */
+#define KRB5_PAC_SERVER_CHECKSUM   6  /**< Server checksum */
+#define KRB5_PAC_PRIVSVR_CHECKSUM  7  /**< KDC checksum */
+#define KRB5_PAC_CLIENT_INFO       10 /**< Client name and ticket info */
+#define KRB5_PAC_DELEGATION_INFO   11 /**< Constrained delegation info */
+#define KRB5_PAC_UPN_DNS_INFO      12 /**< User principal name and DNS info */
 
 struct krb5_pac_data;
 /** PAC data structure to convey authorization information */
diff --git a/src/lib/krb5/krb/pac.c b/src/lib/krb5/krb/pac.c
index 0864d701c..f173b042e 100644
--- a/src/lib/krb5/krb/pac.c
+++ b/src/lib/krb5/krb/pac.c
@@ -425,7 +425,8 @@ k5_pac_validate_client(krb5_context context,
     krb5_int64 pac_nt_authtime;
     krb5_principal pac_principal;
 
-    ret = k5_pac_locate_buffer(context, pac, PAC_CLIENT_INFO, &client_info);
+    ret = k5_pac_locate_buffer(context, pac, KRB5_PAC_CLIENT_INFO,
+                               &client_info);
     if (ret != 0)
         return ret;
 
@@ -481,7 +482,8 @@ k5_pac_zero_signature(krb5_context context,
     PAC_INFO_BUFFER *buffer = NULL;
     size_t i;
 
-    assert(type == PAC_SERVER_CHECKSUM || type == PAC_PRIVSVR_CHECKSUM);
+    assert(type == KRB5_PAC_SERVER_CHECKSUM ||
+           type == KRB5_PAC_PRIVSVR_CHECKSUM);
     assert(data->length >= pac->data.length);
 
     for (i = 0; i < pac->pac->cBuffers; i++) {
@@ -520,8 +522,8 @@ k5_pac_verify_server_checksum(krb5_context context,
     krb5_boolean valid;
     krb5_octet *p;
 
-    ret = k5_pac_locate_buffer(context, pac,
-                               PAC_SERVER_CHECKSUM, &checksum_data);
+    ret = k5_pac_locate_buffer(context, pac, KRB5_PAC_SERVER_CHECKSUM,
+                               &checksum_data);
     if (ret != 0)
         return ret;
 
@@ -543,15 +545,15 @@ k5_pac_verify_server_checksum(krb5_context context,
     memcpy(pac_data.data, pac->data.data, pac->data.length);
 
     /* Zero out both checksum buffers */
-    ret = k5_pac_zero_signature(context, pac,
-                                PAC_SERVER_CHECKSUM, &pac_data);
+    ret = k5_pac_zero_signature(context, pac, KRB5_PAC_SERVER_CHECKSUM,
+                                &pac_data);
     if (ret != 0) {
         free(pac_data.data);
         return ret;
     }
 
-    ret = k5_pac_zero_signature(context, pac,
-                                PAC_PRIVSVR_CHECKSUM, &pac_data);
+    ret = k5_pac_zero_signature(context, pac, KRB5_PAC_PRIVSVR_CHECKSUM,
+                                &pac_data);
     if (ret != 0) {
         free(pac_data.data);
         return ret;
@@ -584,16 +586,16 @@ k5_pac_verify_kdc_checksum(krb5_context context,
     krb5_boolean valid;
     krb5_octet *p;
 
-    ret = k5_pac_locate_buffer(context, pac,
-                               PAC_PRIVSVR_CHECKSUM, &privsvr_checksum);
+    ret = k5_pac_locate_buffer(context, pac, KRB5_PAC_PRIVSVR_CHECKSUM,
+                               &privsvr_checksum);
     if (ret != 0)
         return ret;
 
     if (privsvr_checksum.length < PAC_SIGNATURE_DATA_LENGTH)
         return KRB5_BAD_MSIZE;
 
-    ret = k5_pac_locate_buffer(context, pac,
-                               PAC_SERVER_CHECKSUM, &server_checksum);
+    ret = k5_pac_locate_buffer(context, pac, KRB5_PAC_SERVER_CHECKSUM,
+                               &server_checksum);
     if (ret != 0)
         return ret;
 
@@ -832,14 +834,29 @@ static struct {
     krb5_ui_4 type;
     krb5_data attribute;
 } mspac_attribute_types[] = {
-    { (krb5_ui_4)-1,            { KV5M_DATA, STRLENOF("urn:mspac:"), "urn:mspac:" } },
-    { PAC_LOGON_INFO,           { KV5M_DATA, STRLENOF("urn:mspac:logon-info"), "urn:mspac:logon-info" } },
-    { PAC_CREDENTIALS_INFO,     { KV5M_DATA, STRLENOF("urn:mspac:credentials-info"), "urn:mspac:credentials-info" } },
-    { PAC_SERVER_CHECKSUM,      { KV5M_DATA, STRLENOF("urn:mspac:server-checksum"), "urn:mspac:server-checksum" } },
-    { PAC_PRIVSVR_CHECKSUM,     { KV5M_DATA, STRLENOF("urn:mspac:privsvr-checksum"), "urn:mspac:privsvr-checksum" } },
-    { PAC_CLIENT_INFO,          { KV5M_DATA, STRLENOF("urn:mspac:client-info"), "urn:mspac:client-info" } },
-    { PAC_DELEGATION_INFO,      { KV5M_DATA, STRLENOF("urn:mspac:delegation-info"), "urn:mspac:delegation-info" } },
-    { PAC_UPN_DNS_INFO,         { KV5M_DATA, STRLENOF("urn:mspac:upn-dns-info"), "urn:mspac:upn-dns-info" } },
+    { (krb5_ui_4)-1,            { KV5M_DATA, STRLENOF("urn:mspac:"),
+                                  "urn:mspac:" } },
+    { KRB5_PAC_LOGON_INFO,       { KV5M_DATA,
+                                   STRLENOF("urn:mspac:logon-info"),
+                                   "urn:mspac:logon-info" } },
+    { KRB5_PAC_CREDENTIALS_INFO, { KV5M_DATA,
+                                   STRLENOF("urn:mspac:credentials-info"),
+                                   "urn:mspac:credentials-info" } },
+    { KRB5_PAC_SERVER_CHECKSUM,  { KV5M_DATA,
+                                   STRLENOF("urn:mspac:server-checksum"),
+                                   "urn:mspac:server-checksum" } },
+    { KRB5_PAC_PRIVSVR_CHECKSUM, { KV5M_DATA,
+                                   STRLENOF("urn:mspac:privsvr-checksum"),
+                                   "urn:mspac:privsvr-checksum" } },
+    { KRB5_PAC_CLIENT_INFO,      { KV5M_DATA,
+                                   STRLENOF("urn:mspac:client-info"),
+                                   "urn:mspac:client-info" } },
+    { KRB5_PAC_DELEGATION_INFO,  { KV5M_DATA,
+                                   STRLENOF("urn:mspac:delegation-info"),
+                                   "urn:mspac:delegation-info" } },
+    { KRB5_PAC_UPN_DNS_INFO,     { KV5M_DATA,
+                                   STRLENOF("urn:mspac:upn-dns-info"),
+                                   "urn:mspac:upn-dns-info" } },
 };
 
 #define MSPAC_ATTRIBUTE_COUNT   (sizeof(mspac_attribute_types)/sizeof(mspac_attribute_types[0]))
diff --git a/src/lib/krb5/krb/pac_sign.c b/src/lib/krb5/krb/pac_sign.c
index 26b1f133e..49e3862b7 100644
--- a/src/lib/krb5/krb/pac_sign.c
+++ b/src/lib/krb5/krb/pac_sign.c
@@ -43,8 +43,8 @@ k5_insert_client_info(krb5_context context,
     krb5_ui_8 nt_authtime;
 
     /* If we already have a CLIENT_INFO buffer, then just validate it */
-    if (k5_pac_locate_buffer(context, pac,
-                             PAC_CLIENT_INFO, &client_info) == 0) {
+    if (k5_pac_locate_buffer(context, pac, KRB5_PAC_CLIENT_INFO,
+                             &client_info) == 0) {
         return k5_pac_validate_client(context, pac, authtime, principal);
     }
 
@@ -63,7 +63,7 @@ k5_insert_client_info(krb5_context context,
     client_info.length = PAC_CLIENT_INFO_LENGTH + princ_name_ucs2_len;
     client_info.data = NULL;
 
-    ret = k5_pac_add_buffer(context, pac, PAC_CLIENT_INFO,
+    ret = k5_pac_add_buffer(context, pac, KRB5_PAC_CLIENT_INFO,
                             &client_info, TRUE, &client_info);
     if (ret != 0)
         goto cleanup;
@@ -199,12 +199,12 @@ krb5_pac_sign(krb5_context context, krb5_pac pac, krb5_timestamp authtime,
     }
 
     /* Create zeroed buffers for both checksums */
-    ret = k5_insert_checksum(context, pac, PAC_SERVER_CHECKSUM,
+    ret = k5_insert_checksum(context, pac, KRB5_PAC_SERVER_CHECKSUM,
                              server_key, &server_cksumtype);
     if (ret != 0)
         return ret;
 
-    ret = k5_insert_checksum(context, pac, PAC_PRIVSVR_CHECKSUM,
+    ret = k5_insert_checksum(context, pac, KRB5_PAC_PRIVSVR_CHECKSUM,
                              privsvr_key, &privsvr_cksumtype);
     if (ret != 0)
         return ret;
@@ -215,8 +215,8 @@ krb5_pac_sign(krb5_context context, krb5_pac pac, krb5_timestamp authtime,
         return ret;
 
     /* Generate the server checksum over the entire PAC */
-    ret = k5_pac_locate_buffer(context, pac,
-                               PAC_SERVER_CHECKSUM, &server_cksum);
+    ret = k5_pac_locate_buffer(context, pac, KRB5_PAC_SERVER_CHECKSUM,
+                               &server_cksum);
     if (ret != 0)
         return ret;
 
@@ -236,8 +236,8 @@ krb5_pac_sign(krb5_context context, krb5_pac pac, krb5_timestamp authtime,
         return ret;
 
     /* Generate the privsvr checksum over the server checksum buffer */
-    ret = k5_pac_locate_buffer(context, pac,
-                               PAC_PRIVSVR_CHECKSUM, &privsvr_cksum);
+    ret = k5_pac_locate_buffer(context, pac, KRB5_PAC_PRIVSVR_CHECKSUM,
+                               &privsvr_cksum);
     if (ret != 0)
         return ret;
 
-- 
2.26.2