2 Sdiff usr/src/lib/gss_mechs/mech_krb5/krb5/krb/gic

Print this page

11528 Makefile.noget can get gone
11529 Use -Wno-maybe-initialized

   1 /*
   2  * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved. */
   3 




   4 #include "k5-int.h"
   5 #include "com_err.h"
   6 #include <admin.h>
   7 #include <locale.h>
   8 #include <syslog.h>
   9 
  10 /* Solaris Kerberos:
  11  *
  12  * Change Password functionality is handled by the libkadm5clnt.so.1 library in
  13  * Solaris Kerberos. In order to avoid a circular dependency between that lib
  14  * and the kerberos mech lib, we use the #pragma weak compiler directive.
  15  * This way, when applications link with the libkadm5clnt.so.1 lib the circular
  16  * dependancy between the two libs will be resolved.
  17  */
  18 
  19 #pragma weak kadm5_get_cpw_host_srv_name
  20 #pragma weak kadm5_init_with_password
  21 #pragma weak kadm5_chpass_principal_util
  22 
  23 extern kadm5_ret_t kadm5_get_cpw_host_srv_name(krb5_context, const char *,

 502    /*
 503     * Solaris Kerberos:
 504     * Argument, ptr_as_reply, being returned to caller if success and non-NULL.
 505     */
 506    if (as_reply != NULL) {
 507         if (ptr_as_reply == NULL)
 508            krb5_free_kdc_rep(context, as_reply);
 509         else
 510            *ptr_as_reply = as_reply;
 511    }
 512 
 513    return(ret);
 514 }
 515 krb5_error_code krb5int_populate_gic_opt (
 516     krb5_context context, krb5_gic_opt_ext **opte,
 517     krb5_flags options, krb5_address * const *addrs, krb5_enctype *ktypes,
 518     krb5_preauthtype *pre_auth_types, krb5_creds *creds)
 519 {
 520   int i;
 521   krb5_int32 starttime;
 522   krb5_get_init_creds_opt *opt;
 523 
 524 
 525     krb5_get_init_creds_opt_init(opt);
 526     if (addrs)
 527       krb5_get_init_creds_opt_set_address_list(opt, (krb5_address **) addrs);
 528     if (ktypes) {
 529         for (i=0; ktypes[i]; i++);
 530         if (i)
 531             krb5_get_init_creds_opt_set_etype_list(opt, ktypes, i);
 532     }
 533     if (pre_auth_types) {
 534         for (i=0; pre_auth_types[i]; i++);
 535         if (i)
 536             krb5_get_init_creds_opt_set_preauth_list(opt, pre_auth_types, i);
 537     }
 538     if (options&KDC_OPT_FORWARDABLE)
 539         krb5_get_init_creds_opt_set_forwardable(opt, 1);
 540     else krb5_get_init_creds_opt_set_forwardable(opt, 0);
 541     if (options&KDC_OPT_PROXIABLE)
 542         krb5_get_init_creds_opt_set_proxiable(opt, 1);
 543     else krb5_get_init_creds_opt_set_proxiable(opt, 0);
 544     if (creds && creds->times.endtime) {
 545         krb5_timeofday(context, &starttime);
 546         if (creds->times.starttime) starttime = creds->times.starttime;
 547         krb5_get_init_creds_opt_set_tkt_life(opt, creds->times.endtime - starttime);
 548     }
 549     return krb5int_gic_opt_to_opte(context, opt, opte, 0,
 550                                    "krb5int_populate_gic_opt");
 551 }
 552 
 553 /*
 554   Rewrites get_in_tkt in terms of newer get_init_creds API.
 555  Attempts to get an initial ticket for creds->client to use server
 556  creds->server, (realm is taken from creds->client), with options
 557  options, and using creds->times.starttime, creds->times.endtime,
 558  creds->times.renew_till as from, till, and rtime.  
 559  creds->times.renew_till is ignored unless the RENEWABLE option is requested.
 560 
 561  If addrs is non-NULL, it is used for the addresses requested.  If it is
 562  null, the system standard addresses are used.
 563 
 564  If password is non-NULL, it is converted using the cryptosystem entry
 565  point for a string conversion routine, seeded with the client's name.
 566  If password is passed as NULL, the password is read from the terminal,
 567  and then converted into a key.
 568 
 569  A succesful call will place the ticket in the credentials cache ccache.

   1 /*
   2  * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved. */
   3 
   4 /*
   5  * Copyright 2019 Joyent, Inc.
   6  */
   7 
   8 #include "k5-int.h"
   9 #include "com_err.h"
  10 #include <admin.h>
  11 #include <locale.h>
  12 #include <syslog.h>
  13 
  14 /* Solaris Kerberos:
  15  *
  16  * Change Password functionality is handled by the libkadm5clnt.so.1 library in
  17  * Solaris Kerberos. In order to avoid a circular dependency between that lib
  18  * and the kerberos mech lib, we use the #pragma weak compiler directive.
  19  * This way, when applications link with the libkadm5clnt.so.1 lib the circular
  20  * dependancy between the two libs will be resolved.
  21  */
  22 
  23 #pragma weak kadm5_get_cpw_host_srv_name
  24 #pragma weak kadm5_init_with_password
  25 #pragma weak kadm5_chpass_principal_util
  26 
  27 extern kadm5_ret_t kadm5_get_cpw_host_srv_name(krb5_context, const char *,

 506    /*
 507     * Solaris Kerberos:
 508     * Argument, ptr_as_reply, being returned to caller if success and non-NULL.
 509     */
 510    if (as_reply != NULL) {
 511         if (ptr_as_reply == NULL)
 512            krb5_free_kdc_rep(context, as_reply);
 513         else
 514            *ptr_as_reply = as_reply;
 515    }
 516 
 517    return(ret);
 518 }
 519 krb5_error_code krb5int_populate_gic_opt (
 520     krb5_context context, krb5_gic_opt_ext **opte,
 521     krb5_flags options, krb5_address * const *addrs, krb5_enctype *ktypes,
 522     krb5_preauthtype *pre_auth_types, krb5_creds *creds)
 523 {
 524   int i;
 525   krb5_int32 starttime;
 526   krb5_get_init_creds_opt opt;
 527 
 528 
 529     krb5_get_init_creds_opt_init(&opt);
 530     if (addrs)
 531       krb5_get_init_creds_opt_set_address_list(&opt, (krb5_address **) addrs);
 532     if (ktypes) {
 533         for (i=0; ktypes[i]; i++);
 534         if (i)
 535             krb5_get_init_creds_opt_set_etype_list(&opt, ktypes, i);
 536     }
 537     if (pre_auth_types) {
 538         for (i=0; pre_auth_types[i]; i++);
 539         if (i)
 540             krb5_get_init_creds_opt_set_preauth_list(&opt, pre_auth_types, i);
 541     }
 542     if (options&KDC_OPT_FORWARDABLE)
 543         krb5_get_init_creds_opt_set_forwardable(&opt, 1);
 544     else krb5_get_init_creds_opt_set_forwardable(&opt, 0);
 545     if (options&KDC_OPT_PROXIABLE)
 546         krb5_get_init_creds_opt_set_proxiable(&opt, 1);
 547     else krb5_get_init_creds_opt_set_proxiable(&opt, 0);
 548     if (creds && creds->times.endtime) {
 549         krb5_timeofday(context, &starttime);
 550         if (creds->times.starttime) starttime = creds->times.starttime;
 551         krb5_get_init_creds_opt_set_tkt_life(&opt, creds->times.endtime - starttime);
 552     }
 553     return krb5int_gic_opt_to_opte(context, &opt, opte, 0,
 554                                    "krb5int_populate_gic_opt");
 555 }
 556 
 557 /*
 558   Rewrites get_in_tkt in terms of newer get_init_creds API.
 559  Attempts to get an initial ticket for creds->client to use server
 560  creds->server, (realm is taken from creds->client), with options
 561  options, and using creds->times.starttime, creds->times.endtime,
 562  creds->times.renew_till as from, till, and rtime.  
 563  creds->times.renew_till is ignored unless the RENEWABLE option is requested.
 564 
 565  If addrs is non-NULL, it is used for the addresses requested.  If it is
 566  null, the system standard addresses are used.
 567 
 568  If password is non-NULL, it is converted using the cryptosystem entry
 569  point for a string conversion routine, seeded with the client's name.
 570  If password is passed as NULL, the password is read from the terminal,
 571  and then converted into a key.
 572 
 573  A succesful call will place the ticket in the credentials cache ccache.