rpms/krb5
7
0
Fork 0
Code Issues Pull Requests Releases Activity

don't need this backport any more

Browse Source
This commit is contained in:
Nalin Dahyabhai 2011-11-09 14:35:19 -05:00
parent 0709f21db5
commit 2a0db84775
1 changed files with 0 additions and 150 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

150
krb5-trunk-ext_pac_sign.patch
View File

@ -1,150 +0,0 @@
* dropped hunk that modified src/lib/krb5_32.def
* adjusted to apply to 1.9.1
* try to keep the old symbol name around in case someone's basing which one
they use on a version check (a wild guess, but it's inexpensive to do it)
commit 297cb47b92892daa52092c932bc5345b2fcb9285
Author: ghudson <ghudson@dc483132-0cff-0310-8789-dd5450dbe970>
Date: Wed Oct 12 16:34:07 2011 +0000
ticket: 6974
subject: Make krb5_pac_sign public
krb5int_pac_sign was created as a private API because it is only
needed by the KDC. But it is actually used by DAL or authdata plugin
modules, not the core KDC code. Since plugin modules should not need
to consume internal libkrb5 functions, rename krb5int_pac_sign to
krb5_pac_sign and make it public.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25325 dc483132-0cff-0310-8789-dd5450dbe970
diff --git a/src/include/k5-int.h b/src/include/k5-int.h
index 1682a34..d2498a8 100644
--- a/src/include/k5-int.h
+++ b/src/include/k5-int.h
@@ -2786,15 +2786,6 @@ k5alloc(size_t len, krb5_error_code *code)
}
krb5_error_code KRB5_CALLCONV
-krb5int_pac_sign(krb5_context context,
- krb5_pac pac,
- krb5_timestamp authtime,
- krb5_const_principal principal,
- const krb5_keyblock *server_key,
- const krb5_keyblock *privsvr_key,
- krb5_data *data);
-
-krb5_error_code KRB5_CALLCONV
krb5_get_credentials_for_user(krb5_context context, krb5_flags options,
krb5_ccache ccache,
krb5_creds *in_creds,
diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin
index 3d9dbbf..3327977 100644
--- a/src/include/krb5/krb5.hin
+++ b/src/include/krb5/krb5.hin
@@ -7495,6 +7495,27 @@ krb5_pac_verify(krb5_context context, const krb5_pac pac,
krb5_timestamp authtime, krb5_const_principal principal,
const krb5_keyblock *server, const krb5_keyblock *privsvr);
+/**
+ * Sign a PAC.
+ *
+ * @param [in] context Library context
+ * @param [in] pac PAC handle
+ * @param [in] authtime Expected timestamp
+ * @param [in] principal Expected principal name (or NULL)
+ * @param [in] server Key for server checksum
+ * @param [in] privsvr Key for KDC checksum
+ * @param [out] data Signed PAC encoding
+ *
+ * This function signs @a pac using the keys @a server and @a privsvr and
+ * returns the signed encoding in @a data. @a pac is modified to include the
+ * server and KDC checksum buffers. Use krb5_free_data_contents() to free @a
+ * data when it is no longer needed.
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_pac_sign(krb5_context context, krb5_pac pac, krb5_timestamp authtime,
+ krb5_const_principal principal, const krb5_keyblock *server_key,
+ const krb5_keyblock *privsvr_key, krb5_data *data);
+
/* Allows the appplication to override the profile's allow_weak_crypto setting.
* Primarily for use by aklog. */
krb5_error_code KRB5_CALLCONV
diff --git a/src/lib/krb5/krb/pac_sign.c b/src/lib/krb5/krb/pac_sign.c
index ae11a0c..26b1f13 100644
--- a/src/lib/krb5/krb/pac_sign.c
+++ b/src/lib/krb5/krb/pac_sign.c
@@ -190,6 +190,15 @@ k5_pac_encode_header(krb5_context context, krb5_pac pac)
const krb5_keyblock *server_key,
const krb5_keyblock *privsvr_key,
krb5_data *data)
+{
+ return krb5_pac_sign(context, pac, authtime, principal,
+ server_key, privsvr_key, data);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_pac_sign(krb5_context context, krb5_pac pac, krb5_timestamp authtime,
+ krb5_const_principal principal, const krb5_keyblock *server_key,
+ const krb5_keyblock *privsvr_key, krb5_data *data)
{
krb5_error_code ret;
krb5_data server_cksum, privsvr_cksum;
diff --git a/src/lib/krb5/krb/t_pac.c b/src/lib/krb5/krb/t_pac.c
index 9e96b69..61fb51a 100644
--- a/src/lib/krb5/krb/t_pac.c
+++ b/src/lib/krb5/krb/t_pac.c
@@ -149,10 +149,10 @@ main(int argc, char **argv)
if (ret)
err(context, ret, "krb5_pac_verify");
- ret = krb5int_pac_sign(context, pac, authtime, p,
- &member_keyblock, &kdc_keyblock, &data);
+ ret = krb5_pac_sign(context, pac, authtime, p,
+ &member_keyblock, &kdc_keyblock, &data);
if (ret)
- err(context, ret, "krb5int_pac_sign");
+ err(context, ret, "krb5_pac_sign");
krb5_pac_free(context, pac);
@@ -204,10 +204,10 @@ main(int argc, char **argv)
}
free(list);
- ret = krb5int_pac_sign(context, pac2, authtime, p,
- &member_keyblock, &kdc_keyblock, &data);
+ ret = krb5_pac_sign(context, pac2, authtime, p,
+ &member_keyblock, &kdc_keyblock, &data);
if (ret)
- err(context, ret, "krb5int_pac_sign 4");
+ err(context, ret, "krb5_pac_sign 4");
krb5_pac_free(context, pac2);
@@ -283,10 +283,10 @@ main(int argc, char **argv)
krb5_free_data_contents(context, &data);
}
- ret = krb5int_pac_sign(context, pac, authtime, p,
- &member_keyblock, &kdc_keyblock, &data);
+ ret = krb5_pac_sign(context, pac, authtime, p,
+ &member_keyblock, &kdc_keyblock, &data);
if (ret)
- err(context, ret, "krb5int_pac_sign");
+ err(context, ret, "krb5_pac_sign");
krb5_pac_free(context, pac);
diff --git a/src/lib/krb5/libkrb5.exports b/src/lib/krb5/libkrb5.exports
index e31ebb9..c4a0015 100644
--- a/src/lib/krb5/libkrb5.exports
+++ b/src/lib/krb5/libkrb5.exports
@@ -465,6 +465,7 @@ krb5_pac_get_buffer
krb5_pac_get_types
krb5_pac_init
krb5_pac_parse
+krb5_pac_sign
krb5_pac_verify
krb5_parse_name
krb5_parse_name_flags