diff options
-rw-r--r-- | src/include/k5-int.h | 17 | ||||
-rw-r--r-- | src/include/krb5/krb5.hin | 17 | ||||
-rw-r--r-- | src/lib/krb5/krb/gc_frm_kdc.c | 50 | ||||
-rw-r--r-- | src/lib/krb5/krb/gc_via_tkt.c | 8 | ||||
-rw-r--r-- | src/lib/krb5/krb/princ_comp.c | 20 | ||||
-rw-r--r-- | src/lib/krb5/krb/walk_rtree.c | 4 | ||||
-rw-r--r-- | src/lib/krb5/libkrb5.exports | 1 | ||||
-rw-r--r-- | src/lib/krb5/os/hst_realm.c | 10 | ||||
-rw-r--r-- | src/lib/krb5/os/sn2princ.c | 2 | ||||
-rw-r--r-- | src/lib/krb5_32.def | 1 |
10 files changed, 67 insertions, 63 deletions
diff --git a/src/include/k5-int.h b/src/include/k5-int.h index a55fea7..46f4e03 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -1893,4 +1893,21 @@ extern int krb5int_prng_init(void); #define krb5_copy_error_state(CTX, OCTX) \ krb5int_set_error(&(CTX)->errinfo, (OCTX)->errinfo.code, "%s", (OCTX)->errinfo.msg) +/* + * Referral definitions, debugging hooks, and subfunctions. + */ +#define KRB5_REFERRAL_MAXHOPS 5 +/* #define DEBUG_REFERRALS */ + +#ifdef DEBUG_REFERRALS +void krb5int_dbgref_dump_principal(char *, krb5_principal); +#endif + +/* Common hostname-parsing code. */ +krb5_error_code KRB5_CALLCONV krb5int_clean_hostname + (krb5_context, + const char *, + char *, + size_t); + #endif /* _KRB5_INT_H */ diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin index a04b630..418a21c 100644 --- a/src/include/krb5/krb5.hin +++ b/src/include/krb5/krb5.hin @@ -263,21 +263,11 @@ typedef const krb5_principal_data *krb5_const_principal; * Constants for realm referrals. */ #define KRB5_REFERRAL_REALM "" -#define KRB5_REFERRAL_MAXHOPS 5 /* * Referral-specific functions. */ -krb5_boolean krb5_is_referral_realm(krb5_data *); - -/* - * Referral debugging hooks. - */ -/* #define DEBUG_REFERRALS */ - -#ifdef DEBUG_REFERRALS -void dbgref_dump_principal(char *, krb5_principal); -#endif +krb5_boolean KRB5_CALLCONV krb5_is_referral_realm(krb5_data *); /* * end "base-defs.h" @@ -2270,11 +2260,6 @@ krb5_error_code KRB5_CALLCONV krb5_get_fallback_host_realm (krb5_context, krb5_data *, char *** ); -krb5_error_code KRB5_CALLCONV krb5_clean_hostname - (krb5_context, - const char *, - char *, - size_t); krb5_error_code KRB5_CALLCONV krb5_free_host_realm (krb5_context, char * const * ); diff --git a/src/lib/krb5/krb/gc_frm_kdc.c b/src/lib/krb5/krb/gc_frm_kdc.c index 036ab32..44e1b6c 100644 --- a/src/lib/krb5/krb/gc_frm_kdc.c +++ b/src/lib/krb5/krb/gc_frm_kdc.c @@ -790,8 +790,8 @@ krb5_get_cred_from_kdc_opt(krb5_context context, krb5_ccache ccache, #ifdef DEBUG_REFERRALS - dbgref_dump_principal("gc_from_kdc initial client", client); - dbgref_dump_principal("gc_from_kdc initial server", server); + krb5int_dbgref_dump_principal("gc_from_kdc initial client", client); + krb5int_dbgref_dump_principal("gc_from_kdc initial server", server); #endif memset(&cc_tgt, 0, sizeof(cc_tgt)); memset(&tgtq, 0, sizeof(tgtq)); @@ -845,7 +845,7 @@ krb5_get_cred_from_kdc_opt(krb5_context context, krb5_ccache ccache, } #ifdef DEBUG_REFERRALS - dbgref_dump_principal("gc_from_kdc: server as requested", supplied_server); + krb5int_dbgref_dump_principal("gc_from_kdc: server as requested", supplied_server); #endif /* @@ -857,8 +857,8 @@ krb5_get_cred_from_kdc_opt(krb5_context context, krb5_ccache ccache, for (referral_count=0;referral_count<KRB5_REFERRAL_MAXHOPS;referral_count++) { #ifdef DEBUG_REFERRALS #if 0 - dbgref_dump_principal("gc_from_kdc: referral loop: tgt in use", tgtptr->server); - dbgref_dump_principal("gc_from_kdc: referral loop: request is for", server); + krb5int_dbgref_dump_principal("gc_from_kdc: referral loop: tgt in use", tgtptr->server); + krb5int_dbgref_dump_principal("gc_from_kdc: referral loop: request is for", server); #endif #endif retval = krb5_get_cred_via_tkt(context, tgtptr, @@ -901,21 +901,21 @@ krb5_get_cred_from_kdc_opt(krb5_context context, krb5_ccache ccache, if (krb5_principal_compare(context, in_cred->server, (*out_cred)->server)) { #ifdef DEBUG_REFERRALS printf("gc_from_kdc: request generated ticket for requested server principal\n"); - dbgref_dump_principal("gc_from_kdc final referred reply",in_cred->server); + krb5int_dbgref_dump_principal("gc_from_kdc final referred reply",in_cred->server); #endif goto cleanup; } else { #ifdef DEBUG_REFERRALS printf("gc_from_kdc: request generated referral tgt\n"); - dbgref_dump_principal("gc_from_kdc credential received", (*out_cred)->server); + krb5int_dbgref_dump_principal("gc_from_kdc credential received", (*out_cred)->server); #endif /* Check for referral routing loop. */ for (i=0;i<referral_count;i++) { #ifdef DEBUG_REFERRALS #if 0 - dbgref_dump_principal("gc_from_kdc: loop compare #1", (*out_cred)->server); - dbgref_dump_principal("gc_from_kdc: loop compare #2", referral_tgts[i]->server); + krb5int_dbgref_dump_principal("gc_from_kdc: loop compare #1", (*out_cred)->server); + krb5int_dbgref_dump_principal("gc_from_kdc: loop compare #2", referral_tgts[i]->server); #endif #endif if (krb5_principal_compare(context, (*out_cred)->server, referral_tgts[i]->server)) { @@ -940,8 +940,8 @@ krb5_get_cred_from_kdc_opt(krb5_context context, krb5_ccache ccache, } #ifdef DEBUG_REFERRALS - dbgref_dump_principal("gc_from_kdc client at fallback", client); - dbgref_dump_principal("gc_from_kdc server at fallback", server); + krb5int_dbgref_dump_principal("gc_from_kdc client at fallback", client); + krb5int_dbgref_dump_principal("gc_from_kdc server at fallback", server); #endif /* @@ -979,7 +979,7 @@ krb5_get_cred_from_kdc_opt(krb5_context context, krb5_ccache ccache, } #ifdef DEBUG_REFERRALS - dbgref_dump_principal("gc_from_kdc server at fallback after fallback rewrite", server); + krb5int_dbgref_dump_principal("gc_from_kdc server at fallback after fallback rewrite", server); #endif /* @@ -1032,7 +1032,7 @@ cleanup: /* Drop the original principal back into in_cred so that it's cached in the expected format. */ #ifdef DEBUG_REFERRALS - dbgref_dump_principal("gc_from_kdc: final hacked server principal at cleanup",server); + krb5int_dbgref_dump_principal("gc_from_kdc: final hacked server principal at cleanup",server); #endif krb5_free_principal(context, server); in_cred->server = supplied_server; @@ -1050,7 +1050,7 @@ cleanup: krb5_free_principal (context, out_supplied_server); } #ifdef DEBUG_REFERRALS - dbgref_dump_principal("gc_from_kdc: final server after reversion",in_cred->server); + krb5int_dbgref_dump_principal("gc_from_kdc: final server after reversion",in_cred->server); #endif /* * Deal with ccache TGT management: If tgts has been set from @@ -1082,7 +1082,7 @@ cleanup: return subretval; (*tgts)[1]=NULL; #ifdef DEBUG_REFERRALS - dbgref_dump_principal("gc_from_kdc: returning referral TGT for ccache",(*tgts)[0]->server); + krb5int_dbgref_dump_principal("gc_from_kdc: returning referral TGT for ccache",(*tgts)[0]->server); #endif #if 0 } @@ -1128,23 +1128,3 @@ krb5_get_cred_from_kdc_renew(krb5_context context, krb5_ccache ccache, return krb5_get_cred_from_kdc_opt(context, ccache, in_cred, out_cred, tgts, KDC_OPT_RENEW); } - -krb5_boolean krb5_is_referral_realm(krb5_data *r) -{ - /* - * Check for a match with KRB5_REFERRAL_REALM. Currently this relies - * on that string constant being zero-length. (Unlike principal realm - * names, KRB5_REFERRAL_REALM is known to be a string.) - */ -#ifdef DEBUG_REFERRALS -#if 0 - printf("krb5_is_ref_realm: checking <%s> for referralness: %s\n", - r->data,(r->length==0)?"true":"false"); -#endif -#endif - assert(strlen(KRB5_REFERRAL_REALM)==0); - if (r->length==0) - return TRUE; - else - return FALSE; -} diff --git a/src/lib/krb5/krb/gc_via_tkt.c b/src/lib/krb5/krb/gc_via_tkt.c index c36d29b..d96f84a 100644 --- a/src/lib/krb5/krb/gc_via_tkt.c +++ b/src/lib/krb5/krb/gc_via_tkt.c @@ -109,8 +109,8 @@ krb5_get_cred_via_tkt (krb5_context context, krb5_creds *tkt, #ifdef DEBUG_REFERRALS printf("krb5_get_cred_via_tkt starting; referral flag is %s\n", kdcoptions&KDC_OPT_CANONICALIZE?"on":"off"); - dbgref_dump_principal("krb5_get_cred_via_tkt requested ticket", in_cred->server); - dbgref_dump_principal("krb5_get_cred_via_tkt TGT in use", tkt->server); + krb5int_dbgref_dump_principal("krb5_get_cred_via_tkt requested ticket", in_cred->server); + krb5int_dbgref_dump_principal("krb5_get_cred_via_tkt TGT in use", tkt->server); #endif /* tkt->client must be equal to in_cred->client */ @@ -238,8 +238,8 @@ krb5_get_cred_via_tkt (krb5_context context, krb5_creds *tkt, #if 0 #ifdef DEBUG_REFERRALS printf("gc_via_tkt: in_cred and encoding don't match but referrals requested\n"); - dbgref_dump_principal("gc_via_tkt: in_cred",in_cred->server); - dbgref_dump_principal("gc_via_tkt: encoded server",dec_rep->enc_part2->server); + krb5int_dbgref_dump_principal("gc_via_tkt: in_cred",in_cred->server); + krb5int_dbgref_dump_principal("gc_via_tkt: encoded server",dec_rep->enc_part2->server); #endif #endif } diff --git a/src/lib/krb5/krb/princ_comp.c b/src/lib/krb5/krb/princ_comp.c index b61f525..8b52330 100644 --- a/src/lib/krb5/krb/princ_comp.c +++ b/src/lib/krb5/krb/princ_comp.c @@ -65,3 +65,23 @@ krb5_principal_compare(krb5_context context, krb5_const_principal princ1, krb5_c } return TRUE; } + +krb5_boolean KRB5_CALLCONV krb5_is_referral_realm(krb5_data *r) +{ + /* + * Check for a match with KRB5_REFERRAL_REALM. Currently this relies + * on that string constant being zero-length. (Unlike principal realm + * names, KRB5_REFERRAL_REALM is known to be a string.) + */ +#ifdef DEBUG_REFERRALS +#if 0 + printf("krb5_is_ref_realm: checking <%s> for referralness: %s\n", + r->data,(r->length==0)?"true":"false"); +#endif +#endif + assert(strlen(KRB5_REFERRAL_REALM)==0); + if (r->length==0) + return TRUE; + else + return FALSE; +} diff --git a/src/lib/krb5/krb/walk_rtree.c b/src/lib/krb5/krb/walk_rtree.c index cb76fb2..7210be7 100644 --- a/src/lib/krb5/krb/walk_rtree.c +++ b/src/lib/krb5/krb/walk_rtree.c @@ -392,7 +392,7 @@ krb5_walk_realm_tree(krb5_context context, const krb5_data *client, const krb5_d printf("krb5_walk_realm_tree ending; tree (length %d) is:\n",links); for(i=0;i<links+2;i++) { if ((*tree)[i]) - dbgref_dump_principal("krb5_walk_realm_tree tree",(*tree)[i]); + krb5int_dbgref_dump_principal("krb5_walk_realm_tree tree",(*tree)[i]); else printf("tree element %i null\n"); } @@ -401,7 +401,7 @@ krb5_walk_realm_tree(krb5_context context, const krb5_data *client, const krb5_d } #ifdef DEBUG_REFERRALS -void dbgref_dump_principal(char *d, krb5_principal p) +void krb5int_dbgref_dump_principal(char *d, krb5_principal p) { int n; diff --git a/src/lib/krb5/libkrb5.exports b/src/lib/krb5/libkrb5.exports index 94e94e4..952ab2f 100644 --- a/src/lib/krb5/libkrb5.exports +++ b/src/lib/krb5/libkrb5.exports @@ -458,6 +458,7 @@ krb5_init_keyblock krb5_init_secure_context krb5_internalize_opaque krb5_is_permitted_enctype +krb5_is_referral_realm krb5_is_thread_safe krb5_kdc_rep_decrypt_proc krb5_kt_add_entry diff --git a/src/lib/krb5/os/hst_realm.c b/src/lib/krb5/os/hst_realm.c index 9d6dfd7..6646d2d 100644 --- a/src/lib/krb5/os/hst_realm.c +++ b/src/lib/krb5/os/hst_realm.c @@ -204,7 +204,7 @@ krb5_get_host_realm(krb5_context context, const char *host, char ***realmsp) printf("get_host_realm(host:%s) called\n",host); #endif - krb5_clean_hostname(context, host, local_host, sizeof local_host); + krb5int_clean_hostname(context, host, local_host, sizeof local_host); /* Search for the best match for the host or domain. @@ -344,7 +344,7 @@ krb5_get_fallback_host_realm(krb5_context context, krb5_data *hdata, char ***rea printf("get_fallback_host_realm(host >%s<) called\n",host); #endif - krb5_clean_hostname(context, host, local_host, sizeof local_host); + krb5int_clean_hostname(context, host, local_host, sizeof local_host); /* Scan hostname for DNS realm, and save as last-ditch realm assumption. */ @@ -430,7 +430,7 @@ krb5_get_fallback_host_realm(krb5_context context, krb5_data *hdata, char ***rea * to do basic sanity checks on supplied hostname. */ krb5_error_code KRB5_CALLCONV -krb5_clean_hostname(krb5_context context, const char *host, char *local_host, size_t lhsize) +krb5int_clean_hostname(krb5_context context, const char *host, char *local_host, size_t lhsize) { char **retrealms; char *realm, *cp, *temp_realm; @@ -439,7 +439,7 @@ krb5_clean_hostname(krb5_context context, const char *host, char *local_host, si local_host[0]=0; #ifdef DEBUG_REFERRALS - printf("krb5_clean_hostname called: host<%s>, local_host<%s>, size %d\n",host,local_host,lhsize); + printf("krb5int_clean_hostname called: host<%s>, local_host<%s>, size %d\n",host,local_host,lhsize); #endif if (host) { /* Filter out numeric addresses if the caller utterly failed to @@ -484,7 +484,7 @@ krb5_clean_hostname(krb5_context context, const char *host, char *local_host, si local_host[l-1] = 0; #ifdef DEBUG_REFERRALS - printf("krb5_clean_hostname ending: host<%s>, local_host<%s>, size %d\n",host,local_host,lhsize); + printf("krb5int_clean_hostname ending: host<%s>, local_host<%s>, size %d\n",host,local_host,lhsize); #endif return 0; } diff --git a/src/lib/krb5/os/sn2princ.c b/src/lib/krb5/os/sn2princ.c index fba5597..683cc10 100644 --- a/src/lib/krb5/os/sn2princ.c +++ b/src/lib/krb5/os/sn2princ.c @@ -201,7 +201,7 @@ krb5_sname_to_principal(krb5_context context, const char *hostname, const char * printf("krb5_sname_to_principal returning\n"); printf("realm: <%s>, sname: <%s>, remote_host: <%s>\n", realm,sname,remote_host); - dbgref_dump_principal("krb5_sname_to_principal",*ret_princ); + krb5int_dbgref_dump_principal("krb5_sname_to_principal",*ret_princ); #endif free(remote_host); diff --git a/src/lib/krb5_32.def b/src/lib/krb5_32.def index 9785df5..b2a8361 100644 --- a/src/lib/krb5_32.def +++ b/src/lib/krb5_32.def @@ -171,6 +171,7 @@ krb5_c_string_to_key_with_params krb5_init_keyblock krb5_init_random_key krb5_init_secure_context + krb5_is_referral_realm krb5_is_thread_safe krb5_kt_add_entry krb5_kt_close |