2 * Copyright (c) 1997 - 2009 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #define KRB5_DEPRECATED
36 #include "krb5_locl.h"
39 #define __attribute__(x)
41 #ifndef HEIMDAL_SMALLER
44 * Same as krb5_data_free(). MIT compat.
46 * @param context Kerberos 5 context.
47 * @param data krb5_data to free.
52 void KRB5_LIB_FUNCTION
53 krb5_free_data_contents(krb5_context context
, krb5_data
*data
)
60 * First take the configured list of etypes for `keytype' if available,
61 * else, do `krb5_keytype_to_enctypes'.
64 krb5_error_code KRB5_LIB_FUNCTION
65 krb5_keytype_to_enctypes_default (krb5_context context
,
74 if (keytype
!= KEYTYPE_DES
|| context
->etypes_des
== NULL
)
75 return krb5_keytype_to_enctypes (context
, keytype
, len
, val
);
77 for (n
= 0; context
->etypes_des
[n
]; ++n
)
79 ret
= malloc (n
* sizeof(*ret
));
80 if (ret
== NULL
&& n
!= 0) {
81 krb5_set_error_message(context
, ENOMEM
, N_("malloc: out of memory", ""));
84 for (i
= 0; i
< n
; ++i
)
85 ret
[i
] = context
->etypes_des
[i
];
96 { "null", ENCTYPE_NULL
},
97 { "des", ETYPE_DES_CBC_CRC
},
98 { "des3", ETYPE_OLD_DES3_CBC_SHA1
},
99 { "aes-128", ETYPE_AES128_CTS_HMAC_SHA1_96
},
100 { "aes-256", ETYPE_AES256_CTS_HMAC_SHA1_96
},
101 { "arcfour", ETYPE_ARCFOUR_HMAC_MD5
},
102 { "arcfour-56", ETYPE_ARCFOUR_HMAC_MD5_56
}
105 static int num_keys
= sizeof(keys
) / sizeof(keys
[0]);
107 krb5_error_code KRB5_LIB_FUNCTION
108 krb5_keytype_to_string(krb5_context context
,
109 krb5_keytype keytype
,
116 for(i
= 0; i
< num_keys
; i
++) {
117 if(keys
[i
].type
== keytype
) {
124 krb5_set_error_message(context
, KRB5_PROG_KEYTYPE_NOSUPP
,
125 "key type %d not supported", keytype
);
126 return KRB5_PROG_KEYTYPE_NOSUPP
;
128 *string
= strdup(name
);
129 if(*string
== NULL
) {
130 krb5_set_error_message(context
, ENOMEM
,
131 N_("malloc: out of memory", ""));
137 krb5_error_code KRB5_LIB_FUNCTION
138 krb5_string_to_keytype(krb5_context context
,
140 krb5_keytype
*keytype
)
146 for(i
= 0; i
< num_keys
; i
++)
147 if(strcasecmp(keys
[i
].name
, string
) == 0){
148 *keytype
= keys
[i
].type
;
152 /* check if the enctype is a number */
153 *keytype
= strtol(string
, &end
, 0);
154 if(*end
== '\0' && *keytype
!= 0) {
155 if (krb5_enctype_valid(context
, *keytype
) == 0)
159 krb5_set_error_message(context
, KRB5_PROG_KEYTYPE_NOSUPP
,
160 "key type %s not supported", string
);
161 return KRB5_PROG_KEYTYPE_NOSUPP
;
164 krb5_error_code KRB5_LIB_FUNCTION
165 krb5_password_key_proc (krb5_context context
,
168 krb5_const_pointer keyseed
,
173 const char *password
= (const char *)keyseed
;
176 *key
= malloc (sizeof (**key
));
178 krb5_set_error_message(context
, ENOMEM
, "malloc: out of memory");
181 if (password
== NULL
) {
182 if(UI_UTIL_read_pw_string (buf
, sizeof(buf
), "Password: ", 0)) {
184 krb5_clear_error_message(context
);
185 return KRB5_LIBOS_PWDINTR
;
189 ret
= krb5_string_to_key_salt (context
, type
, password
, salt
, *key
);
190 memset (buf
, 0, sizeof(buf
));
194 krb5_error_code KRB5_LIB_FUNCTION
195 krb5_get_in_tkt_with_password (krb5_context context
,
197 krb5_addresses
*addrs
,
198 const krb5_enctype
*etypes
,
199 const krb5_preauthtype
*pre_auth_types
,
200 const char *password
,
203 krb5_kdc_rep
*ret_as_reply
)
206 return krb5_get_in_tkt (context
,
211 krb5_password_key_proc
,
220 static krb5_error_code
221 krb5_skey_key_proc (krb5_context context
,
224 krb5_const_pointer keyseed
,
227 return krb5_copy_keyblock (context
, keyseed
, key
);
230 krb5_error_code KRB5_LIB_FUNCTION
231 krb5_get_in_tkt_with_skey (krb5_context context
,
233 krb5_addresses
*addrs
,
234 const krb5_enctype
*etypes
,
235 const krb5_preauthtype
*pre_auth_types
,
236 const krb5_keyblock
*key
,
239 krb5_kdc_rep
*ret_as_reply
)
243 return krb5_get_in_tkt_with_keytab (context
,
253 return krb5_get_in_tkt (context
,
267 krb5_error_code KRB5_LIB_FUNCTION
268 krb5_keytab_key_proc (krb5_context context
,
269 krb5_enctype enctype
,
271 krb5_const_pointer keyseed
,
275 krb5_keytab_key_proc_args
*args
= rk_UNCONST(keyseed
);
276 krb5_keytab keytab
= args
->keytab
;
277 krb5_principal principal
= args
->principal
;
279 krb5_keytab real_keytab
;
280 krb5_keytab_entry entry
;
283 krb5_kt_default(context
, &real_keytab
);
285 real_keytab
= keytab
;
287 ret
= krb5_kt_get_entry (context
, real_keytab
, principal
,
291 krb5_kt_close (context
, real_keytab
);
296 ret
= krb5_copy_keyblock (context
, &entry
.keyblock
, key
);
297 krb5_kt_free_entry(context
, &entry
);
301 krb5_error_code KRB5_LIB_FUNCTION
302 krb5_get_in_tkt_with_keytab (krb5_context context
,
304 krb5_addresses
*addrs
,
305 const krb5_enctype
*etypes
,
306 const krb5_preauthtype
*pre_auth_types
,
310 krb5_kdc_rep
*ret_as_reply
)
313 krb5_keytab_key_proc_args a
;
315 a
.principal
= creds
->client
;
318 return krb5_get_in_tkt (context
,
323 krb5_keytab_key_proc
,
333 convert_func(krb5_context conxtext
, void *funcctx
, krb5_principal principal
)
335 krb5_boolean (*func
)(krb5_context
, krb5_principal
) = funcctx
;
336 return (*func
)(conxtext
, principal
);
339 krb5_error_code KRB5_LIB_FUNCTION
340 krb5_425_conv_principal_ext(krb5_context context
,
342 const char *instance
,
344 krb5_boolean (*func
)(krb5_context
, krb5_principal
),
345 krb5_boolean resolve
,
346 krb5_principal
*principal
)
349 return krb5_425_conv_principal_ext2(context
,
353 func
? convert_func
: NULL
,
360 krb5_error_code KRB5_LIB_FUNCTION
361 krb5_425_conv_principal(krb5_context context
,
363 const char *instance
,
365 krb5_principal
*princ
)
368 krb5_boolean resolve
= krb5_config_get_bool(context
,
371 "v4_instance_resolve",
374 return krb5_425_conv_principal_ext(context
, name
, instance
, realm
,
375 NULL
, resolve
, princ
);
379 * Generate a new ccache of type `ops' in `id'.
381 * Use krb5_cc_new_unique() instead.
383 * @return Return an error code or 0, see krb5_get_error_message().
385 * @ingroup krb5_ccache
389 krb5_error_code KRB5_LIB_FUNCTION
390 krb5_cc_gen_new(krb5_context context
,
391 const krb5_cc_ops
*ops
,
395 return krb5_cc_new_unique(context
, ops
->prefix
, NULL
, id
);
400 krb5_realm
* KRB5_LIB_FUNCTION
401 krb5_princ_realm(krb5_context context
,
402 krb5_principal principal
)
405 return &principal
->realm
;
409 void KRB5_LIB_FUNCTION
410 krb5_princ_set_realm(krb5_context context
,
411 krb5_principal principal
,
415 principal
->realm
= *realm
;
418 /* keep this for compatibility with older code */
419 krb5_error_code KRB5_LIB_FUNCTION
420 krb5_free_creds_contents (krb5_context context
, krb5_creds
*c
)
423 return krb5_free_cred_contents (context
, c
);
427 * Free the error message returned by krb5_get_error_string(),
428 * deprecated, use krb5_free_error_message().
430 * @param context Kerberos context
431 * @param str error message to free
433 * @ingroup krb5_deprecated
436 void KRB5_LIB_FUNCTION
437 krb5_free_error_string(krb5_context context
, char *str
)
440 krb5_free_error_message(context
, str
);
444 * Set the error message returned by krb5_get_error_string(),
445 * deprecated, use krb5_set_error_message().
447 * @param context Kerberos context
448 * @param fmt error message to free
450 * @return Return an error code or 0.
452 * @ingroup krb5_deprecated
455 krb5_error_code KRB5_LIB_FUNCTION
456 krb5_set_error_string(krb5_context context
, const char *fmt
, ...)
457 __attribute__((format (printf
, 2, 3))) KRB5_DEPRECATED
462 krb5_vset_error_message (context
, 0, fmt
, ap
);
468 * Set the error message returned by krb5_get_error_string(),
469 * deprecated, use krb5_set_error_message().
471 * @param context Kerberos context
472 * @param msg error message to free
474 * @return Return an error code or 0.
476 * @ingroup krb5_deprecated
479 krb5_error_code KRB5_LIB_FUNCTION
480 krb5_vset_error_string(krb5_context context
, const char *fmt
, va_list args
)
481 __attribute__ ((format (printf
, 2, 0))) KRB5_DEPRECATED
483 krb5_vset_error_message(context
, 0, fmt
, args
);
488 * Clar the error message returned by krb5_get_error_string(),
489 * deprecated, use krb5_clear_error_message().
491 * @param context Kerberos context
493 * @ingroup krb5_deprecated
496 void KRB5_LIB_FUNCTION
497 krb5_clear_error_string(krb5_context context
)
500 krb5_clear_error_message(context
);
503 krb5_error_code KRB5_LIB_FUNCTION
504 krb5_get_cred_from_kdc_opt(krb5_context context
,
506 krb5_creds
*in_creds
,
507 krb5_creds
**out_creds
,
508 krb5_creds
***ret_tgts
,
509 krb5_flags flags
) KRB5_DEPRECATED
513 return _krb5_get_cred_kdc_any(context
, f
, ccache
,
514 in_creds
, NULL
, NULL
,
515 out_creds
, ret_tgts
);
518 krb5_error_code KRB5_LIB_FUNCTION
519 krb5_get_cred_from_kdc(krb5_context context
,
521 krb5_creds
*in_creds
,
522 krb5_creds
**out_creds
,
523 krb5_creds
***ret_tgts
) KRB5_DEPRECATED
525 return krb5_get_cred_from_kdc_opt(context
, ccache
,
526 in_creds
, out_creds
, ret_tgts
, 0);
529 void KRB5_LIB_FUNCTION
530 krb5_free_unparsed_name(krb5_context context
, char *str
) KRB5_DEPRECATED
535 krb5_error_code KRB5_LIB_FUNCTION
536 krb5_generate_subkey(krb5_context context
,
537 const krb5_keyblock
*key
,
538 krb5_keyblock
**subkey
) KRB5_DEPRECATED
540 return krb5_generate_subkey_extended(context
, key
, ETYPE_NULL
, subkey
);
543 #endif /* HEIMDAL_SMALLER */