is a program for interoperability with Active Directory.
| krb5wrap.cpp (msktutil-1.1.tar.bz2) | : | krb5wrap.cpp (msktutil-1.2.1) |
|---|
| | |
| skipping to change at line 34 | | skipping to change at line 34 |
|---|
| | |
| You should have received a copy of the GNU General Public License | | You should have received a copy of the GNU General Public License |
| along with this program; if not, write to the Free Software | | along with this program; if not, write to the Free Software |
| Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA | | Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA |
| * | | * |
| *----------------------------------------------------------------------------- | | *----------------------------------------------------------------------------- |
| */ | | */ |
| #include "msktutil.h" | | #include "msktutil.h" |
| | |
| void krb5_error_exit( const char *func, int err_code) { | | void krb5_error_exit( const char *func, int err_code) { |
|
| v_error_exit("error_exit: krb func %s failed: (%s)", func, error_message(err_
code)); | | v_error_exit("error_exit: krb5 function %s failed: %s", func, error_message(e
rr_code)); |
| } | | } |
| | |
| void krb5_warn( const char *func, int err_code) { | | void krb5_warn( const char *func, int err_code) { |
|
| fprintf( stderr, "Warning: krb func %s failed: (%s)", func, error_message(err
_code)); | | fprintf( stderr, "Warning: krb5 function %s failed: %s", func, error_message(
err_code)); |
| } | | } |
| | |
| #ifdef HEIMDAL | | #ifdef HEIMDAL |
| krb5_error_code krb5_free_keytab_entry_contents(krb5_context context, | | krb5_error_code krb5_free_keytab_entry_contents(krb5_context context, |
| krb5_keytab_entry *entry) | | krb5_keytab_entry *entry) |
| { | | { |
| if (entry) { | | if (entry) { |
| krb5_free_principal(context, entry->principal); | | krb5_free_principal(context, entry->principal); |
| if (entry->keyblock.keyvalue.data) { | | if (entry->keyblock.keyvalue.data) { |
| memset(entry->keyblock.keyvalue.data, | | memset(entry->keyblock.keyvalue.data, |
| | |
| skipping to change at line 61 | | skipping to change at line 61 |
|---|
| free(entry->keyblock.keyvalue.data); | | free(entry->keyblock.keyvalue.data); |
| } | | } |
| return 0; | | return 0; |
| } | | } |
| return -1; | | return -1; |
| } | | } |
| #endif | | #endif |
| | |
| void | | void |
| initialize_g_context() { | | initialize_g_context() { |
|
| VERBOSE("Creating Kerberos Context"); | | VERBOSE("Creating Kerberos context"); |
| krb5_error_code ret = krb5_init_context(&g_context); | | krb5_error_code ret = krb5_init_context(&g_context); |
| if (ret) { | | if (ret) { |
| krb5_error_exit("krb5_init_context", ret); | | krb5_error_exit("krb5_init_context", ret); |
| } | | } |
| } | | } |
| | |
| void | | void |
| destroy_g_context() { | | destroy_g_context() { |
|
| VERBOSE("Destroying Kerberos Context"); | | VERBOSE("Destroying Kerberos context"); |
| krb5_free_context(g_context); | | krb5_free_context(g_context); |
| g_context = 0; | | g_context = 0; |
| } | | } |
| | |
| void KRB5CCache::initialize(KRB5Principal &principal) | | void KRB5CCache::initialize(KRB5Principal &principal) |
| { | | { |
| krb5_error_code ret = krb5_cc_initialize(g_context, | | krb5_error_code ret = krb5_cc_initialize(g_context, |
| m_ccache, | | m_ccache, |
| principal.get()); | | principal.get()); |
| if (ret) { | | if (ret) { |
| | |
| skipping to change at line 173 | | skipping to change at line 173 |
|---|
| #endif | | #endif |
| // avoid duplicate entries | | // avoid duplicate entries |
| (void) krb5_kt_remove_entry(g_context, | | (void) krb5_kt_remove_entry(g_context, |
| m_keytab, | | m_keytab, |
| &entry); | | &entry); |
| krb5_error_code ret = krb5_kt_add_entry(g_context, | | krb5_error_code ret = krb5_kt_add_entry(g_context, |
| m_keytab, | | m_keytab, |
| &entry); | | &entry); |
| if (ret) { | | if (ret) { |
| if (errno != 0) { | | if (errno != 0) { |
|
| fprintf(stderr,"Error: Keytab write error: %s!\n", strerror(errno)); | | fprintf(stderr,"Error: keytab write error: %s\n", strerror(errno)); |
| } | | } |
| throw KRB5Exception("krb5_kt_add_entry failed", ret); | | throw KRB5Exception("krb5_kt_add_entry failed", ret); |
| } | | } |
| } | | } |
| | |
| void KRB5Keytab::addEntry(const KRB5Principal &princ, | | void KRB5Keytab::addEntry(const KRB5Principal &princ, |
| krb5_kvno kvno, | | krb5_kvno kvno, |
| krb5_enctype enctype, | | krb5_enctype enctype, |
| const std::string &password, | | const std::string &password, |
| const std::string &salt) | | const std::string &salt) |
| | |
| skipping to change at line 207 | | skipping to change at line 207 |
|---|
| | |
| krb5_error_code ret = krb5_string_to_key_data_salt(g_context, | | krb5_error_code ret = krb5_string_to_key_data_salt(g_context, |
| enctype, | | enctype, |
| pass_data, | | pass_data, |
| salt_data, | | salt_data, |
| &keyblock); | | &keyblock); |
| if (ret) { | | if (ret) { |
| throw KRB5Exception("krb5_string_to_key_data_salt", ret); | | throw KRB5Exception("krb5_string_to_key_data_salt", ret); |
| } | | } |
| #else | | #else |
|
| | krb5_error_code ret; |
| | |
| krb5_data salt_data, pass_data; | | krb5_data salt_data, pass_data; |
|
| | |
| | krb5_data *saltparam = &salt_data; |
| | krb5_data *s2kparams = NULL; |
| | |
| salt_data.data = const_cast<char *>(salt.c_str()); | | salt_data.data = const_cast<char *>(salt.c_str()); |
| salt_data.length = salt.length(); | | salt_data.length = salt.length(); |
| | |
| pass_data.data = const_cast<char *>(password.c_str()); | | pass_data.data = const_cast<char *>(password.c_str()); |
| pass_data.length = password.length(); | | pass_data.length = password.length(); |
| | |
|
| krb5_error_code ret = krb5_c_string_to_key(g_context, | | /* MIT Kerberos v1.17+ allows us to replace the supplied salt (guessed by |
| enctype, | | * heuristics) with proper salt info as returned by the KDC. We'll always |
| &pass_data, | | * fall back to the previous behaviour for backward compatibility. |
| &salt_data, | | */ |
| &keyblock); | | # if HAVE_KRB5_GET_ETYPE_INFO |
| | krb5_get_init_creds_opt *opt = NULL; |
| | ret = krb5_get_init_creds_opt_alloc(g_context, &opt); |
| | if (ret) { |
| | throw KRB5Exception("krb5_get_init_creds_opt_alloc", ret); |
| | } |
| | |
| | krb5_get_init_creds_opt_set_etype_list(opt, &enctype, 1); |
| | |
| | krb5_enctype kdc_enctype; |
| | krb5_data kdc_salt; |
| | krb5_data kdc_s2kparams; |
| | |
| | ret = krb5_get_etype_info(g_context, |
| | princ.get(), |
| | opt, |
| | &kdc_enctype, |
| | &kdc_salt, |
| | &kdc_s2kparams); |
| | |
| | krb5_get_init_creds_opt_free(g_context, opt); |
| | |
| | /* We query info for a single enctype, so this test should only ever fail |
| | * if the KDC returns ENCTYPE_NULL, indicating that the requested enctype |
| | * is not supported on its end. At this point, we could refuse to add |
| | * the requested enctype to the keytab. For consistency with previous |
| | * behaviour, though, we just keep going and add an entry with the salt |
| | * value supplied by the caller. |
| | */ |
| | if (!ret && kdc_enctype == enctype) { |
| | s2kparams = (kdc_s2kparams.length > 0) ? &kdc_s2kparams : NULL; |
| | saltparam = &kdc_salt; |
| | } |
| | # endif |
| | |
| | ret = krb5_c_string_to_key_with_params(g_context, |
| | enctype, |
| | &pass_data, |
| | saltparam, |
| | s2kparams, |
| | &keyblock); |
| | |
| | if (s2kparams) { |
| | krb5_free_data_contents(g_context, s2kparams); |
| | } |
| | if (saltparam != &salt_data) { |
| | krb5_free_data_contents(g_context, saltparam); |
| | } |
| if (ret) { | | if (ret) { |
|
| throw KRB5Exception("krb5_c_string_to_key", ret); | | throw KRB5Exception("krb5_c_string_to_key_with_params", ret); |
| } | | } |
| #endif | | #endif |
| | |
| addEntry(princ, kvno, keyblock); | | addEntry(princ, kvno, keyblock); |
| } | | } |
| | |
| void KRB5Keytab::removeEntry(const KRB5Principal &princ, | | void KRB5Keytab::removeEntry(const KRB5Principal &princ, |
| krb5_kvno kvno, | | krb5_kvno kvno, |
| krb5_enctype enctype) | | krb5_enctype enctype) |
| { | | { |
| | |
| skipping to change at line 246 | | skipping to change at line 299 |
|---|
| entry.keyblock.keytype = enctype; | | entry.keyblock.keytype = enctype; |
| #else | | #else |
| entry.key.enctype = enctype; | | entry.key.enctype = enctype; |
| #endif | | #endif |
| | |
| krb5_error_code ret = krb5_kt_remove_entry(g_context, | | krb5_error_code ret = krb5_kt_remove_entry(g_context, |
| m_keytab, | | m_keytab, |
| &entry); | | &entry); |
| if (ret) { | | if (ret) { |
| if (errno != 0) { | | if (errno != 0) { |
|
| fprintf(stderr,"Error: Keytab write error: %s!\n", strerror(errno)); | | fprintf(stderr,"Error: keytab write error: %s\n", strerror(errno)); |
| } | | } |
| throw KRB5Exception("krb5_kt_remove_entry", ret); | | throw KRB5Exception("krb5_kt_remove_entry", ret); |
| } | | } |
| } | | } |
| | |
| KRB5Keytab::cursor::cursor(KRB5Keytab &keytab) : m_keytab(keytab), | | KRB5Keytab::cursor::cursor(KRB5Keytab &keytab) : m_keytab(keytab), |
| m_cursor(), | | m_cursor(), |
| m_entry(), | | m_entry(), |
| m_princ(), | | m_princ(), |
| m_ok(true) | | m_ok(true) |
| | | |
| End of changes. 10 change blocks. |
|---|
| 12 lines changed or deleted | | 65 lines changed or added |
|---|
"Fossies" - the Fresh Open Source Software Archive 