9d642021d7
Stop building and packaging PDFs
1607 lines
63 KiB
Diff
1607 lines
63 KiB
Diff
From 34aa9b5889a48f05b4dec33d40e72e97390118a5 Mon Sep 17 00:00:00 2001
|
|
From: Robbie Harwood <rharwood@redhat.com>
|
|
Date: Thu, 4 Apr 2019 14:37:38 -0400
|
|
Subject: [PATCH] Remove Kerberos v4 support vestiges from ccapi
|
|
|
|
(cherry picked from commit 51395dc956ce9eef27c0d6843561d3d3828b03cd)
|
|
---
|
|
src/ccapi/common/cci_cred_union.c | 280 +------------------------
|
|
src/ccapi/lib/ccapi_v2.c | 34 +--
|
|
src/ccapi/lib/win/OldCC/ccapi.h | 20 --
|
|
src/ccapi/server/ccs_ccache.c | 69 +-----
|
|
src/ccapi/test/test_ccapi_ccache.c | 227 +++-----------------
|
|
src/ccapi/test/test_ccapi_constants.c | 2 -
|
|
src/ccapi/test/test_ccapi_context.c | 3 -
|
|
src/ccapi/test/test_ccapi_v2.c | 89 --------
|
|
src/include/CredentialsCache.h | 156 ++++----------
|
|
src/include/CredentialsCache2.h | 26 +--
|
|
src/lib/krb5/ccache/ccapi/stdcc.c | 2 -
|
|
src/lib/krb5/ccache/ccapi/stdcc_util.c | 8 +-
|
|
src/windows/kfwlogon/kfwlogon.h | 2 +-
|
|
src/windows/leashdll/leash-int.h | 2 +-
|
|
src/windows/lib/cacheapi.h | 53 +----
|
|
15 files changed, 100 insertions(+), 873 deletions(-)
|
|
|
|
diff --git a/src/ccapi/common/cci_cred_union.c b/src/ccapi/common/cci_cred_union.c
|
|
index 4c8981610..424a93dab 100644
|
|
--- a/src/ccapi/common/cci_cred_union.c
|
|
+++ b/src/ccapi/common/cci_cred_union.c
|
|
@@ -25,181 +25,6 @@
|
|
|
|
#include "cci_common.h"
|
|
|
|
-#ifdef TARGET_OS_MAC
|
|
-#pragma mark -
|
|
-#endif
|
|
-
|
|
-/* ------------------------------------------------------------------------ */
|
|
-
|
|
-static cc_uint32 cci_credentials_v4_release (cc_credentials_v4_t *io_v4creds)
|
|
-{
|
|
- cc_int32 err = ccNoError;
|
|
-
|
|
- if (!io_v4creds) { err = ccErrBadParam; }
|
|
-
|
|
- if (!err) {
|
|
- memset (io_v4creds, 0, sizeof (*io_v4creds));
|
|
- free (io_v4creds);
|
|
- }
|
|
-
|
|
- return err;
|
|
-}
|
|
-
|
|
-/* ------------------------------------------------------------------------ */
|
|
-
|
|
-static cc_uint32 cci_credentials_v4_read (cc_credentials_v4_t **out_v4creds,
|
|
- k5_ipc_stream io_stream)
|
|
-{
|
|
- cc_int32 err = ccNoError;
|
|
- cc_credentials_v4_t *v4creds = NULL;
|
|
-
|
|
- if (!io_stream ) { err = cci_check_error (ccErrBadParam); }
|
|
- if (!out_v4creds) { err = cci_check_error (ccErrBadParam); }
|
|
-
|
|
- if (!err) {
|
|
- v4creds = malloc (sizeof (*v4creds));
|
|
- if (!v4creds) { err = cci_check_error (ccErrNoMem); }
|
|
- }
|
|
-
|
|
- if (!err) {
|
|
- err = krb5int_ipc_stream_read_uint32 (io_stream, &v4creds->version);
|
|
- }
|
|
-
|
|
- if (!err) {
|
|
- err = krb5int_ipc_stream_read (io_stream, v4creds->principal, cc_v4_name_size);
|
|
- }
|
|
-
|
|
- if (!err) {
|
|
- err = krb5int_ipc_stream_read (io_stream, v4creds->principal_instance, cc_v4_instance_size);
|
|
- }
|
|
-
|
|
- if (!err) {
|
|
- err = krb5int_ipc_stream_read (io_stream, v4creds->service, cc_v4_name_size);
|
|
- }
|
|
-
|
|
- if (!err) {
|
|
- err = krb5int_ipc_stream_read (io_stream, v4creds->service_instance, cc_v4_instance_size);
|
|
- }
|
|
-
|
|
- if (!err) {
|
|
- err = krb5int_ipc_stream_read (io_stream, v4creds->realm, cc_v4_realm_size);
|
|
- }
|
|
-
|
|
- if (!err) {
|
|
- err = krb5int_ipc_stream_read (io_stream, v4creds->session_key, cc_v4_key_size);
|
|
- }
|
|
-
|
|
- if (!err) {
|
|
- err = krb5int_ipc_stream_read_int32 (io_stream, &v4creds->kvno);
|
|
- }
|
|
-
|
|
- if (!err) {
|
|
- err = krb5int_ipc_stream_read_int32 (io_stream, &v4creds->string_to_key_type);
|
|
- }
|
|
-
|
|
- if (!err) {
|
|
- err = krb5int_ipc_stream_read_time (io_stream, &v4creds->issue_date);
|
|
- }
|
|
-
|
|
- if (!err) {
|
|
- err = krb5int_ipc_stream_read_int32 (io_stream, &v4creds->lifetime);
|
|
- }
|
|
-
|
|
- if (!err) {
|
|
- err = krb5int_ipc_stream_read_uint32 (io_stream, &v4creds->address);
|
|
- }
|
|
-
|
|
- if (!err) {
|
|
- err = krb5int_ipc_stream_read_int32 (io_stream, &v4creds->ticket_size);
|
|
- }
|
|
-
|
|
- if (!err) {
|
|
- err = krb5int_ipc_stream_read (io_stream, v4creds->ticket, cc_v4_ticket_size);
|
|
- }
|
|
-
|
|
- if (!err) {
|
|
- *out_v4creds = v4creds;
|
|
- v4creds = NULL;
|
|
- }
|
|
-
|
|
- free (v4creds);
|
|
-
|
|
- return cci_check_error (err);
|
|
-}
|
|
-
|
|
-/* ------------------------------------------------------------------------ */
|
|
-
|
|
-static cc_uint32 cci_credentials_v4_write (cc_credentials_v4_t *in_v4creds,
|
|
- k5_ipc_stream io_stream)
|
|
-{
|
|
- cc_int32 err = ccNoError;
|
|
-
|
|
- if (!io_stream ) { err = cci_check_error (ccErrBadParam); }
|
|
- if (!in_v4creds) { err = cci_check_error (ccErrBadParam); }
|
|
-
|
|
- if (!err) {
|
|
- err = krb5int_ipc_stream_write_uint32 (io_stream, in_v4creds->version);
|
|
- }
|
|
-
|
|
- if (!err) {
|
|
- err = krb5int_ipc_stream_write (io_stream, in_v4creds->principal, cc_v4_name_size);
|
|
- }
|
|
-
|
|
- if (!err) {
|
|
- err = krb5int_ipc_stream_write (io_stream, in_v4creds->principal_instance, cc_v4_instance_size);
|
|
- }
|
|
-
|
|
- if (!err) {
|
|
- err = krb5int_ipc_stream_write (io_stream, in_v4creds->service, cc_v4_name_size);
|
|
- }
|
|
-
|
|
- if (!err) {
|
|
- err = krb5int_ipc_stream_write (io_stream, in_v4creds->service_instance, cc_v4_instance_size);
|
|
- }
|
|
-
|
|
- if (!err) {
|
|
- err = krb5int_ipc_stream_write (io_stream, in_v4creds->realm, cc_v4_realm_size);
|
|
- }
|
|
-
|
|
- if (!err) {
|
|
- err = krb5int_ipc_stream_write (io_stream, in_v4creds->session_key, cc_v4_key_size);
|
|
- }
|
|
-
|
|
- if (!err) {
|
|
- err = krb5int_ipc_stream_write_int32 (io_stream, in_v4creds->kvno);
|
|
- }
|
|
-
|
|
- if (!err) {
|
|
- err = krb5int_ipc_stream_write_int32 (io_stream, in_v4creds->string_to_key_type);
|
|
- }
|
|
-
|
|
- if (!err) {
|
|
- err = krb5int_ipc_stream_write_time (io_stream, in_v4creds->issue_date);
|
|
- }
|
|
-
|
|
- if (!err) {
|
|
- err = krb5int_ipc_stream_write_int32 (io_stream, in_v4creds->lifetime);
|
|
- }
|
|
-
|
|
- if (!err) {
|
|
- err = krb5int_ipc_stream_write_uint32 (io_stream, in_v4creds->address);
|
|
- }
|
|
-
|
|
- if (!err) {
|
|
- err = krb5int_ipc_stream_write_int32 (io_stream, in_v4creds->ticket_size);
|
|
- }
|
|
-
|
|
- if (!err) {
|
|
- err = krb5int_ipc_stream_write (io_stream, in_v4creds->ticket, cc_v4_ticket_size);
|
|
- }
|
|
-
|
|
- return cci_check_error (err);
|
|
-}
|
|
-
|
|
-#ifdef TARGET_OS_MAC
|
|
-#pragma mark -
|
|
-#endif
|
|
-
|
|
/* ------------------------------------------------------------------------ */
|
|
|
|
static cc_uint32 cci_cc_data_contents_release (cc_data *io_ccdata)
|
|
@@ -600,9 +425,7 @@ cc_uint32 cci_credentials_union_release (cc_credentials_union *io_cred_union)
|
|
if (!io_cred_union) { err = ccErrBadParam; }
|
|
|
|
if (!err) {
|
|
- if (io_cred_union->version == cc_credentials_v4) {
|
|
- cci_credentials_v4_release (io_cred_union->credentials.credentials_v4);
|
|
- } else if (io_cred_union->version == cc_credentials_v5) {
|
|
+ if (io_cred_union->version == cc_credentials_v5) {
|
|
cci_credentials_v5_release (io_cred_union->credentials.credentials_v5);
|
|
}
|
|
free (io_cred_union);
|
|
@@ -632,11 +455,7 @@ cc_uint32 cci_credentials_union_read (cc_credentials_union **out_credentials_uni
|
|
}
|
|
|
|
if (!err) {
|
|
- if (credentials_union->version == cc_credentials_v4) {
|
|
- err = cci_credentials_v4_read (&credentials_union->credentials.credentials_v4,
|
|
- io_stream);
|
|
-
|
|
- } else if (credentials_union->version == cc_credentials_v5) {
|
|
+ if (credentials_union->version == cc_credentials_v5) {
|
|
err = cci_credentials_v5_read (&credentials_union->credentials.credentials_v5,
|
|
io_stream);
|
|
|
|
@@ -671,11 +490,7 @@ cc_uint32 cci_credentials_union_write (const cc_credentials_union *in_credential
|
|
}
|
|
|
|
if (!err) {
|
|
- if (in_credentials_union->version == cc_credentials_v4) {
|
|
- err = cci_credentials_v4_write (in_credentials_union->credentials.credentials_v4,
|
|
- io_stream);
|
|
-
|
|
- } else if (in_credentials_union->version == cc_credentials_v5) {
|
|
+ if (in_credentials_union->version == cc_credentials_v5) {
|
|
err = cci_credentials_v5_write (in_credentials_union->credentials.credentials_v5,
|
|
io_stream);
|
|
|
|
@@ -714,11 +529,7 @@ cc_uint32 cci_cred_union_release (cred_union *io_cred_union)
|
|
if (!io_cred_union) { err = ccErrBadParam; }
|
|
|
|
if (!err) {
|
|
- if (io_cred_union->cred_type == CC_CRED_V4) {
|
|
- memset (io_cred_union->cred.pV4Cred, 0, sizeof (cc_credentials_v4_compat));
|
|
- free (io_cred_union->cred.pV4Cred);
|
|
-
|
|
- } else if (io_cred_union->cred_type == CC_CRED_V5) {
|
|
+ if (io_cred_union->cred_type == CC_CRED_V5) {
|
|
free (io_cred_union->cred.pV5Cred->client);
|
|
free (io_cred_union->cred.pV5Cred->server);
|
|
cci_cc_data_contents_release (&io_cred_union->cred.pV5Cred->keyblock);
|
|
@@ -829,36 +640,7 @@ cc_uint32 cci_credentials_union_to_cred_union (const cc_credentials_union *in_c
|
|
}
|
|
|
|
if (!err) {
|
|
- if (in_credentials_union->version == cc_credentials_v4) {
|
|
- cc_credentials_v4_compat *compat_v4creds = NULL;
|
|
-
|
|
- compat_v4creds = malloc (sizeof (*compat_v4creds));
|
|
- if (!compat_v4creds) { err = cci_check_error (ccErrNoMem); }
|
|
-
|
|
- if (!err) {
|
|
- cc_credentials_v4_t *v4creds = in_credentials_union->credentials.credentials_v4;
|
|
-
|
|
- compat_cred_union->cred_type = CC_CRED_V4;
|
|
- compat_cred_union->cred.pV4Cred = compat_v4creds;
|
|
-
|
|
- compat_v4creds->kversion = v4creds->version;
|
|
- strncpy (compat_v4creds->principal, v4creds->principal, KRB_NAME_SZ+1);
|
|
- strncpy (compat_v4creds->principal_instance, v4creds->principal_instance, KRB_INSTANCE_SZ+1);
|
|
- strncpy (compat_v4creds->service, v4creds->service, KRB_NAME_SZ+1);
|
|
- strncpy (compat_v4creds->service_instance, v4creds->service_instance, KRB_INSTANCE_SZ+1);
|
|
- strncpy (compat_v4creds->realm, v4creds->realm, KRB_REALM_SZ+1);
|
|
- memcpy (compat_v4creds->session_key, v4creds->session_key, 8);
|
|
- compat_v4creds->kvno = v4creds->kvno;
|
|
- compat_v4creds->str_to_key = v4creds->string_to_key_type;
|
|
- compat_v4creds->issue_date = v4creds->issue_date;
|
|
- compat_v4creds->lifetime = v4creds->lifetime;
|
|
- compat_v4creds->address = v4creds->address;
|
|
- compat_v4creds->ticket_sz = v4creds->ticket_size;
|
|
- memcpy (compat_v4creds->ticket, v4creds->ticket, MAX_V4_CRED_LEN);
|
|
- compat_v4creds->oops = 0;
|
|
- }
|
|
-
|
|
- } else if (in_credentials_union->version == cc_credentials_v5) {
|
|
+ if (in_credentials_union->version == cc_credentials_v5) {
|
|
cc_credentials_v5_t *v5creds = in_credentials_union->credentials.credentials_v5;
|
|
cc_credentials_v5_compat *compat_v5creds = NULL;
|
|
|
|
@@ -951,36 +733,7 @@ cc_uint32 cci_cred_union_to_credentials_union (const cred_union *in_cred_un
|
|
}
|
|
|
|
if (!err) {
|
|
- if (in_cred_union->cred_type == CC_CRED_V4) {
|
|
- cc_credentials_v4_compat *compat_v4creds = in_cred_union->cred.pV4Cred;
|
|
- cc_credentials_v4_t *v4creds = NULL;
|
|
-
|
|
- if (!err) {
|
|
- v4creds = malloc (sizeof (*v4creds));
|
|
- if (!v4creds) { err = cci_check_error (ccErrNoMem); }
|
|
- }
|
|
-
|
|
- if (!err) {
|
|
- creds_union->version = cc_credentials_v4;
|
|
- creds_union->credentials.credentials_v4 = v4creds;
|
|
-
|
|
- v4creds->version = compat_v4creds->kversion;
|
|
- strncpy (v4creds->principal, compat_v4creds->principal, KRB_NAME_SZ);
|
|
- strncpy (v4creds->principal_instance, compat_v4creds->principal_instance, KRB_INSTANCE_SZ);
|
|
- strncpy (v4creds->service, compat_v4creds->service, KRB_NAME_SZ);
|
|
- strncpy (v4creds->service_instance, compat_v4creds->service_instance, KRB_INSTANCE_SZ);
|
|
- strncpy (v4creds->realm, compat_v4creds->realm, KRB_REALM_SZ);
|
|
- memcpy (v4creds->session_key, compat_v4creds->session_key, 8);
|
|
- v4creds->kvno = compat_v4creds->kvno;
|
|
- v4creds->string_to_key_type = compat_v4creds->str_to_key;
|
|
- v4creds->issue_date = compat_v4creds->issue_date;
|
|
- v4creds->lifetime = compat_v4creds->lifetime;
|
|
- v4creds->address = compat_v4creds->address;
|
|
- v4creds->ticket_size = compat_v4creds->ticket_sz;
|
|
- memcpy (v4creds->ticket, compat_v4creds->ticket, MAX_V4_CRED_LEN);
|
|
- }
|
|
-
|
|
- } else if (in_cred_union->cred_type == CC_CRED_V5) {
|
|
+ if (in_cred_union->cred_type == CC_CRED_V5) {
|
|
cc_credentials_v5_compat *compat_v5creds = in_cred_union->cred.pV5Cred;
|
|
cc_credentials_v5_t *v5creds = NULL;
|
|
|
|
@@ -1072,26 +825,7 @@ cc_uint32 cci_cred_union_compare_to_credentials_union (const cred_union
|
|
if (!out_equal ) { err = cci_check_error (ccErrBadParam); }
|
|
|
|
if (!err) {
|
|
- if (in_cred_union_compat->cred_type == CC_CRED_V4 &&
|
|
- in_credentials_union->version == cc_credentials_v4) {
|
|
- cc_credentials_v4_compat *old_creds_v4 = in_cred_union_compat->cred.pV4Cred;
|
|
- cc_credentials_v4_t *new_creds_v4 = in_credentials_union->credentials.credentials_v4;
|
|
-
|
|
- if (old_creds_v4 && new_creds_v4 &&
|
|
- !strcmp (old_creds_v4->principal,
|
|
- new_creds_v4->principal) &&
|
|
- !strcmp (old_creds_v4->principal_instance,
|
|
- new_creds_v4->principal_instance) &&
|
|
- !strcmp (old_creds_v4->service,
|
|
- new_creds_v4->service) &&
|
|
- !strcmp (old_creds_v4->service_instance,
|
|
- new_creds_v4->service_instance) &&
|
|
- !strcmp (old_creds_v4->realm, new_creds_v4->realm) &&
|
|
- (old_creds_v4->issue_date == (long) new_creds_v4->issue_date)) {
|
|
- equal = 1;
|
|
- }
|
|
-
|
|
- } else if (in_cred_union_compat->cred_type == CC_CRED_V5 &&
|
|
+ if (in_cred_union_compat->cred_type == CC_CRED_V5 &&
|
|
in_credentials_union->version == cc_credentials_v5) {
|
|
cc_credentials_v5_compat *old_creds_v5 = in_cred_union_compat->cred.pV5Cred;
|
|
cc_credentials_v5_t *new_creds_v5 = in_credentials_union->credentials.credentials_v5;
|
|
diff --git a/src/ccapi/lib/ccapi_v2.c b/src/ccapi/lib/ccapi_v2.c
|
|
index 8a831d796..ae9b790b0 100644
|
|
--- a/src/ccapi/lib/ccapi_v2.c
|
|
+++ b/src/ccapi/lib/ccapi_v2.c
|
|
@@ -44,10 +44,7 @@ static cc_int32 cci_remap_version (cc_int32 in_v2_version,
|
|
if (!out_v3_version) { err = cci_check_error (ccErrBadParam); }
|
|
|
|
if (!err) {
|
|
- if (in_v2_version == CC_CRED_V4) {
|
|
- *out_v3_version = cc_credentials_v4;
|
|
-
|
|
- } else if (in_v2_version == CC_CRED_V5) {
|
|
+ if (in_v2_version == CC_CRED_V5) {
|
|
*out_v3_version = cc_credentials_v5;
|
|
|
|
} else {
|
|
@@ -450,10 +447,7 @@ cc_result cc_get_cred_version (apiCB *in_context,
|
|
}
|
|
|
|
if (!err) {
|
|
- if (compat_version == cc_credentials_v4) {
|
|
- *out_version = CC_CRED_V4;
|
|
-
|
|
- } else if (compat_version == cc_credentials_v5) {
|
|
+ if (compat_version == cc_credentials_v5) {
|
|
*out_version = CC_CRED_V5;
|
|
|
|
} else {
|
|
@@ -642,10 +636,6 @@ cc_result cc_seq_fetch_NCs_next (apiCB *in_context,
|
|
if (!out_ccache ) { err = cci_check_error (ccErrBadParam); }
|
|
if (!in_iterator) { err = cci_check_error (ccErrBadParam); }
|
|
|
|
- /* CCache iterators need to return some ccaches twice (when v3 ccache has
|
|
- * two kinds of credentials). To do that, we return such ccaches twice
|
|
- * v4 first, then v5. */
|
|
-
|
|
if (!err) {
|
|
err = cci_ccache_iterator_get_saved_ccache_name (iterator,
|
|
&saved_ccache_name);
|
|
@@ -674,25 +664,7 @@ cc_result cc_seq_fetch_NCs_next (apiCB *in_context,
|
|
}
|
|
|
|
if (!err) {
|
|
- if (version == cc_credentials_v4_v5) {
|
|
- cc_string_t name = NULL;
|
|
-
|
|
- err = cci_ccache_set_compat_version (ccache, cc_credentials_v4);
|
|
-
|
|
- if (!err) {
|
|
- err = ccapi_ccache_get_name (ccache, &name);
|
|
- }
|
|
-
|
|
- if (!err) {
|
|
- err = cci_ccache_iterator_set_saved_ccache_name (iterator,
|
|
- name->data);
|
|
- }
|
|
-
|
|
- if (name) { ccapi_string_release (name); }
|
|
-
|
|
- } else {
|
|
- err = cci_ccache_set_compat_version (ccache, version);
|
|
- }
|
|
+ err = cci_ccache_set_compat_version (ccache, version);
|
|
}
|
|
}
|
|
}
|
|
diff --git a/src/ccapi/lib/win/OldCC/ccapi.h b/src/ccapi/lib/win/OldCC/ccapi.h
|
|
index 82512771a..4d6f3faaf 100644
|
|
--- a/src/ccapi/lib/win/OldCC/ccapi.h
|
|
+++ b/src/ccapi/lib/win/OldCC/ccapi.h
|
|
@@ -80,7 +80,6 @@ enum __MIDL_ccapi_0003
|
|
{ KRB_NAME_SZ = 40,
|
|
KRB_INSTANCE_SZ = 40,
|
|
KRB_REALM_SZ = 40,
|
|
- MAX_V4_CRED_LEN = 1250
|
|
} ;
|
|
typedef struct _NC_INFO
|
|
{
|
|
@@ -95,24 +94,6 @@ typedef struct _NC_INFO_LIST
|
|
/* [size_is] */ NC_INFO *info;
|
|
} NC_INFO_LIST;
|
|
|
|
-typedef struct _V4_CRED
|
|
- {
|
|
- CC_UCHAR kversion;
|
|
- CC_CHAR principal[ 41 ];
|
|
- CC_CHAR principal_instance[ 41 ];
|
|
- CC_CHAR service[ 41 ];
|
|
- CC_CHAR service_instance[ 41 ];
|
|
- CC_CHAR realm[ 41 ];
|
|
- CC_UCHAR session_key[ 8 ];
|
|
- CC_INT32 kvno;
|
|
- CC_INT32 str_to_key;
|
|
- CC_INT32 issue_date;
|
|
- CC_INT32 lifetime;
|
|
- CC_UINT32 address;
|
|
- CC_INT32 ticket_sz;
|
|
- CC_UCHAR ticket[ 1250 ];
|
|
- } V4_CRED;
|
|
-
|
|
typedef struct _CC_DATA
|
|
{
|
|
CC_UINT32 type;
|
|
@@ -145,7 +126,6 @@ typedef struct _V5_CRED
|
|
|
|
typedef /* [switch_type] */ union _CRED_PTR_UNION
|
|
{
|
|
- /* [case()] */ V4_CRED *pV4Cred;
|
|
/* [case()] */ V5_CRED *pV5Cred;
|
|
} CRED_PTR_UNION;
|
|
|
|
diff --git a/src/ccapi/server/ccs_ccache.c b/src/ccapi/server/ccs_ccache.c
|
|
index 65c59e4be..645380a7b 100644
|
|
--- a/src/ccapi/server/ccs_ccache.c
|
|
+++ b/src/ccapi/server/ccs_ccache.c
|
|
@@ -31,19 +31,16 @@ struct ccs_ccache_d {
|
|
ccs_lock_state_t lock_state;
|
|
cc_uint32 creds_version;
|
|
char *name;
|
|
- char *v4_principal;
|
|
char *v5_principal;
|
|
cc_time_t last_default_time;
|
|
cc_time_t last_changed_time;
|
|
- cc_uint32 kdc_time_offset_v4_valid;
|
|
- cc_time_t kdc_time_offset_v4;
|
|
cc_uint32 kdc_time_offset_v5_valid;
|
|
cc_time_t kdc_time_offset_v5;
|
|
ccs_credentials_list_t credentials;
|
|
ccs_callback_array_t change_callbacks;
|
|
};
|
|
|
|
-struct ccs_ccache_d ccs_ccache_initializer = { NULL, NULL, 0, NULL, NULL, NULL, 0, 0, 0, 0, 0, 0, NULL, NULL };
|
|
+struct ccs_ccache_d ccs_ccache_initializer = { NULL, NULL, 0, NULL, NULL, 0, 0, 0, 0, NULL, NULL };
|
|
|
|
/* ------------------------------------------------------------------------ */
|
|
|
|
@@ -88,11 +85,7 @@ cc_int32 ccs_ccache_new (ccs_ccache_t *out_ccache,
|
|
if (!err) {
|
|
ccache->creds_version = in_creds_version;
|
|
|
|
- if (ccache->creds_version == cc_credentials_v4) {
|
|
- ccache->v4_principal = strdup (in_principal);
|
|
- if (!ccache->v4_principal) { err = cci_check_error (ccErrNoMem); }
|
|
-
|
|
- } else if (ccache->creds_version == cc_credentials_v5) {
|
|
+ if (ccache->creds_version == cc_credentials_v5) {
|
|
ccache->v5_principal = strdup (in_principal);
|
|
if (!ccache->v5_principal) { err = cci_check_error (ccErrNoMem); }
|
|
|
|
@@ -147,7 +140,6 @@ cc_int32 ccs_ccache_reset (ccs_ccache_t io_ccache,
|
|
const char *in_principal)
|
|
{
|
|
cc_int32 err = ccNoError;
|
|
- char *v4_principal = NULL;
|
|
char *v5_principal = NULL;
|
|
ccs_credentials_list_t credentials = NULL;
|
|
|
|
@@ -158,11 +150,7 @@ cc_int32 ccs_ccache_reset (ccs_ccache_t io_ccache,
|
|
if (!err) {
|
|
io_ccache->creds_version = in_creds_version;
|
|
|
|
- if (io_ccache->creds_version == cc_credentials_v4) {
|
|
- v4_principal = strdup (in_principal);
|
|
- if (!v4_principal) { err = cci_check_error (ccErrNoMem); }
|
|
-
|
|
- } else if (io_ccache->creds_version == cc_credentials_v5) {
|
|
+ if (io_ccache->creds_version == cc_credentials_v5) {
|
|
v5_principal = strdup (in_principal);
|
|
if (!v5_principal) { err = cci_check_error (ccErrNoMem); }
|
|
|
|
@@ -176,15 +164,9 @@ cc_int32 ccs_ccache_reset (ccs_ccache_t io_ccache,
|
|
}
|
|
|
|
if (!err) {
|
|
- io_ccache->kdc_time_offset_v4 = 0;
|
|
- io_ccache->kdc_time_offset_v4_valid = 0;
|
|
io_ccache->kdc_time_offset_v5 = 0;
|
|
io_ccache->kdc_time_offset_v5_valid = 0;
|
|
|
|
- if (io_ccache->v4_principal) { free (io_ccache->v4_principal); }
|
|
- io_ccache->v4_principal = v4_principal;
|
|
- v4_principal = NULL; /* take ownership */
|
|
-
|
|
if (io_ccache->v5_principal) { free (io_ccache->v5_principal); }
|
|
io_ccache->v5_principal = v5_principal;
|
|
v5_principal = NULL; /* take ownership */
|
|
@@ -196,7 +178,6 @@ cc_int32 ccs_ccache_reset (ccs_ccache_t io_ccache,
|
|
err = ccs_ccache_changed (io_ccache, io_cache_collection);
|
|
}
|
|
|
|
- free (v4_principal);
|
|
free (v5_principal);
|
|
ccs_credentials_list_release (credentials);
|
|
|
|
@@ -250,7 +231,6 @@ cc_int32 ccs_ccache_release (ccs_ccache_t io_ccache)
|
|
cci_identifier_release (io_ccache->identifier);
|
|
ccs_lock_state_release (io_ccache->lock_state);
|
|
free (io_ccache->name);
|
|
- free (io_ccache->v4_principal);
|
|
free (io_ccache->v5_principal);
|
|
ccs_credentials_list_release (io_ccache->credentials);
|
|
ccs_callback_array_release (io_ccache->change_callbacks);
|
|
@@ -607,15 +587,8 @@ static cc_int32 ccs_ccache_get_principal (ccs_ccache_t io_ccache,
|
|
err = krb5int_ipc_stream_read_uint32 (in_request_data, &version);
|
|
}
|
|
|
|
- if (!err && version == cc_credentials_v4_v5) {
|
|
- err = cci_check_error (ccErrBadCredentialsVersion);
|
|
- }
|
|
-
|
|
if (!err) {
|
|
- if (version == cc_credentials_v4) {
|
|
- err = krb5int_ipc_stream_write_string (io_reply_data, io_ccache->v4_principal);
|
|
-
|
|
- } else if (version == cc_credentials_v5) {
|
|
+ if (version == cc_credentials_v5) {
|
|
err = krb5int_ipc_stream_write_string (io_reply_data, io_ccache->v5_principal);
|
|
|
|
} else {
|
|
@@ -652,16 +625,7 @@ static cc_int32 ccs_ccache_set_principal (ccs_ccache_t io_ccache,
|
|
|
|
if (!err) {
|
|
/* reset KDC time offsets because they are per-KDC */
|
|
- if (version == cc_credentials_v4) {
|
|
- io_ccache->kdc_time_offset_v4 = 0;
|
|
- io_ccache->kdc_time_offset_v4_valid = 0;
|
|
-
|
|
- if (io_ccache->v4_principal) { free (io_ccache->v4_principal); }
|
|
- io_ccache->v4_principal = principal;
|
|
- principal = NULL; /* take ownership */
|
|
-
|
|
-
|
|
- } else if (version == cc_credentials_v5) {
|
|
+ if (version == cc_credentials_v5) {
|
|
io_ccache->kdc_time_offset_v5 = 0;
|
|
io_ccache->kdc_time_offset_v5_valid = 0;
|
|
|
|
@@ -998,14 +962,7 @@ static cc_int32 ccs_ccache_get_kdc_time_offset (ccs_ccache_t io_ccache
|
|
}
|
|
|
|
if (!err) {
|
|
- if (cred_vers == cc_credentials_v4) {
|
|
- if (io_ccache->kdc_time_offset_v4_valid) {
|
|
- err = krb5int_ipc_stream_write_time (io_reply_data, io_ccache->kdc_time_offset_v4);
|
|
- } else {
|
|
- err = cci_check_error (ccErrTimeOffsetNotSet);
|
|
- }
|
|
-
|
|
- } else if (cred_vers == cc_credentials_v5) {
|
|
+ if (cred_vers == cc_credentials_v5) {
|
|
if (io_ccache->kdc_time_offset_v5_valid) {
|
|
err = krb5int_ipc_stream_write_time (io_reply_data, io_ccache->kdc_time_offset_v5);
|
|
} else {
|
|
@@ -1040,13 +997,7 @@ static cc_int32 ccs_ccache_set_kdc_time_offset (ccs_ccache_t io_ccache
|
|
}
|
|
|
|
if (!err) {
|
|
- if (cred_vers == cc_credentials_v4) {
|
|
- err = krb5int_ipc_stream_read_time (in_request_data, &io_ccache->kdc_time_offset_v4);
|
|
-
|
|
- if (!err) {
|
|
- io_ccache->kdc_time_offset_v4_valid = 1;
|
|
- }
|
|
- } else if (cred_vers == cc_credentials_v5) {
|
|
+ if (cred_vers == cc_credentials_v5) {
|
|
err = krb5int_ipc_stream_read_time (in_request_data, &io_ccache->kdc_time_offset_v5);
|
|
|
|
if (!err) {
|
|
@@ -1084,11 +1035,7 @@ static cc_int32 ccs_ccache_clear_kdc_time_offset (ccs_ccache_t io_ccac
|
|
}
|
|
|
|
if (!err) {
|
|
- if (cred_vers == cc_credentials_v4) {
|
|
- io_ccache->kdc_time_offset_v4 = 0;
|
|
- io_ccache->kdc_time_offset_v4_valid = 0;
|
|
-
|
|
- } else if (cred_vers == cc_credentials_v5) {
|
|
+ if (cred_vers == cc_credentials_v5) {
|
|
io_ccache->kdc_time_offset_v5 = 0;
|
|
io_ccache->kdc_time_offset_v5_valid = 0;
|
|
|
|
diff --git a/src/ccapi/test/test_ccapi_ccache.c b/src/ccapi/test/test_ccapi_ccache.c
|
|
index a0fd84af1..fe63e6710 100644
|
|
--- a/src/ccapi/test/test_ccapi_ccache.c
|
|
+++ b/src/ccapi/test/test_ccapi_ccache.c
|
|
@@ -303,18 +303,6 @@ int check_cc_ccache_get_credentials_version(void) {
|
|
failure_count++;
|
|
}
|
|
|
|
- // try it with added v4 creds
|
|
- if (!err) {
|
|
- err = cc_ccache_set_principal(ccache, cc_credentials_v4, "foo@BAR.ORG");
|
|
- }
|
|
- if (!err) {
|
|
- check_once_cc_ccache_get_credentials_version(ccache, cc_credentials_v4_v5, ccNoError, "v5 with v4 creds added");
|
|
- }
|
|
- else {
|
|
- log_error("cc_ccache_set_principal failed, can't complete test");
|
|
- failure_count++;
|
|
- }
|
|
-
|
|
if (ccache) {
|
|
cc_ccache_destroy(ccache);
|
|
ccache = NULL;
|
|
@@ -322,35 +310,6 @@ int check_cc_ccache_get_credentials_version(void) {
|
|
|
|
err = ccNoError;
|
|
|
|
- // try one created with v4 creds
|
|
- if (!err) {
|
|
- err = cc_context_create_new_ccache(context, cc_credentials_v4, "foo@BAR.ORG", &ccache);
|
|
- }
|
|
- if (!err) {
|
|
- check_once_cc_ccache_get_credentials_version(ccache, cc_credentials_v4, ccNoError, "v4 creds");
|
|
- }
|
|
- else {
|
|
- log_error("cc_context_create_new_ccache failed, can't complete test");
|
|
- failure_count++;
|
|
- }
|
|
-
|
|
- // try it with added v5 creds
|
|
- if (!err) {
|
|
- err = cc_ccache_set_principal(ccache, cc_credentials_v5, "foo@BAR.ORG");
|
|
- }
|
|
- if (!err) {
|
|
- check_once_cc_ccache_get_credentials_version(ccache, cc_credentials_v4_v5, ccNoError, "v4 with v5 creds added");
|
|
- }
|
|
- else {
|
|
- log_error("cc_ccache_set_principal failed, can't complete test");
|
|
- failure_count++;
|
|
- }
|
|
-
|
|
- if (ccache) {
|
|
- cc_ccache_destroy(ccache);
|
|
- ccache = NULL;
|
|
- }
|
|
-
|
|
if (context) { cc_context_release(context); }
|
|
|
|
#endif /* cc_ccache_get_credentials_version */
|
|
@@ -582,31 +541,13 @@ int check_cc_ccache_get_principal(void) {
|
|
log_error("cc_context_create_new_ccache failed, can't complete test");
|
|
failure_count++;
|
|
}
|
|
- if (ccache) {
|
|
- cc_ccache_release(ccache);
|
|
- ccache = NULL;
|
|
- }
|
|
|
|
- // try with krb4 principal
|
|
- if (!err) {
|
|
- err = cc_context_create_new_ccache(context, cc_credentials_v4, "foo.BAR@BAZ.ORG", &ccache);
|
|
- }
|
|
- if (!err) {
|
|
- check_once_cc_ccache_get_principal(ccache, cc_credentials_v4, "foo.BAR@BAZ.ORG", ccNoError, "trying to get krb4 princ for krb4 ccache");
|
|
- }
|
|
- else {
|
|
- log_error("cc_context_create_new_ccache failed, can't complete test");
|
|
- failure_count++;
|
|
- }
|
|
-
|
|
- // try with bad param
|
|
- if (!err) {
|
|
- // cc_ccache_t doesn't have any concept of the difference between a v4 and v5 principal
|
|
- check_once_cc_ccache_get_principal(ccache, cc_credentials_v4_v5, "foo.BAR@BAZ.ORG",
|
|
- ccErrBadCredentialsVersion,
|
|
- "passing cc_credentials_v4_v5 (shouldn't be allowed)");
|
|
- check_once_cc_ccache_get_principal(ccache, cc_credentials_v5, NULL, ccErrBadParam, "passed null out param");
|
|
- }
|
|
+ // try with bad param
|
|
+ if (!err) {
|
|
+ check_once_cc_ccache_get_principal(ccache, cc_credentials_v5,
|
|
+ NULL, ccErrBadParam,
|
|
+ "passed null out param");
|
|
+ }
|
|
|
|
if (ccache) {
|
|
cc_ccache_release(ccache);
|
|
@@ -643,99 +584,33 @@ int check_cc_ccache_set_principal(void) {
|
|
err = destroy_all_ccaches(context);
|
|
}
|
|
|
|
- // bad params
|
|
- if (!err) {
|
|
- err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo@BAZ.ORG", &ccache);
|
|
- }
|
|
- if (!err) {
|
|
- check_once_cc_ccache_set_principal(ccache, cc_credentials_v4_v5, "foo/BAZ@BAR.ORG", ccErrBadCredentialsVersion, "cc_credentials_v4_v5 (not allowed)");
|
|
- check_once_cc_ccache_set_principal(ccache, cc_credentials_v5, NULL, ccErrBadParam, "NULL principal");
|
|
- }
|
|
- else {
|
|
- log_error("cc_context_create_new_ccache failed, can't complete test");
|
|
- failure_count++;
|
|
- }
|
|
- if (ccache) {
|
|
- cc_ccache_destroy(ccache);
|
|
- ccache = NULL;
|
|
- }
|
|
-
|
|
-
|
|
- // empty ccache
|
|
-
|
|
- // replace v5 only ccache's principal
|
|
- if (!err) {
|
|
- err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo@BAZ.ORG", &ccache);
|
|
- }
|
|
- if (!err) {
|
|
- check_once_cc_ccache_set_principal(ccache, cc_credentials_v5, "foo/BAZ@BAR.ORG", ccNoError, "replace v5 only ccache's principal (empty ccache)");
|
|
- }
|
|
- else {
|
|
- log_error("cc_context_create_new_ccache failed, can't complete test");
|
|
- failure_count++;
|
|
- }
|
|
- if (ccache) {
|
|
- cc_ccache_destroy(ccache);
|
|
- ccache = NULL;
|
|
- }
|
|
-
|
|
- // add v4 principal to v5 only ccache
|
|
- if (!err) {
|
|
- err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo@BAZ.ORG", &ccache);
|
|
- }
|
|
- if (!err) {
|
|
- check_once_cc_ccache_set_principal(ccache, cc_credentials_v4, "foo.BAZ@BAR.ORG", ccNoError, "add v4 principal to v5 only ccache (empty ccache)");
|
|
- }
|
|
- else {
|
|
- log_error("cc_context_create_new_ccache failed, can't complete test");
|
|
- failure_count++;
|
|
- }
|
|
- if (ccache) {
|
|
- cc_ccache_destroy(ccache);
|
|
- ccache = NULL;
|
|
- }
|
|
-
|
|
- // replace v4 only ccache's principal
|
|
- if (!err) {
|
|
- err = cc_context_create_new_ccache(context, cc_credentials_v4, "foo@BAZ.ORG", &ccache);
|
|
- }
|
|
- if (!err) {
|
|
- check_once_cc_ccache_set_principal(ccache, cc_credentials_v4, "foo.BAZ@BAR.ORG", ccNoError, "replace v4 only ccache's principal (empty ccache)");
|
|
- }
|
|
- else {
|
|
- log_error("cc_context_create_new_ccache failed, can't complete test");
|
|
- failure_count++;
|
|
- }
|
|
- if (ccache) {
|
|
- cc_ccache_destroy(ccache);
|
|
- ccache = NULL;
|
|
- }
|
|
-
|
|
- // add v5 principal to v4 only ccache
|
|
- if (!err) {
|
|
- err = cc_context_create_new_ccache(context, cc_credentials_v4, "foo@BAZ.ORG", &ccache);
|
|
- }
|
|
- if (!err) {
|
|
- check_once_cc_ccache_set_principal(ccache, cc_credentials_v5, "foo/BAZ@BAR.ORG", ccNoError, "add v5 principal to v4 only ccache (empty ccache)");
|
|
- }
|
|
- else {
|
|
- log_error("cc_context_create_new_ccache failed, can't complete test");
|
|
- failure_count++;
|
|
- }
|
|
- if (ccache) {
|
|
- cc_ccache_destroy(ccache);
|
|
- ccache = NULL;
|
|
- }
|
|
-
|
|
- // with credentials
|
|
-
|
|
- // replace v5 only ccache's principal
|
|
-
|
|
- // add v4 principal to v5 only ccache
|
|
-
|
|
- // replace v4 only ccache's principal
|
|
-
|
|
- // add v5 principal to v4 only ccache
|
|
+ // replace v5 only ccache's principal
|
|
+ if (!err) {
|
|
+ err = cc_context_create_new_ccache(context, cc_credentials_v5,
|
|
+ "foo@BAZ.ORG", &ccache);
|
|
+ }
|
|
+ if (!err) {
|
|
+ check_once_cc_ccache_set_principal(
|
|
+ ccache, cc_credentials_v5, "foo/BAZ@BAR.ORG", ccNoError,
|
|
+ "replace v5 only ccache's principal (empty ccache)");
|
|
+ }
|
|
+ else {
|
|
+ log_error(
|
|
+ "cc_context_create_new_ccache failed, can't complete test");
|
|
+ failure_count++;
|
|
+ }
|
|
+
|
|
+ // bad params
|
|
+ if (!err) {
|
|
+ check_once_cc_ccache_set_principal(ccache, cc_credentials_v5,
|
|
+ NULL, ccErrBadParam,
|
|
+ "NULL principal");
|
|
+ }
|
|
+
|
|
+ if (ccache) {
|
|
+ cc_ccache_destroy(ccache);
|
|
+ ccache = NULL;
|
|
+ }
|
|
|
|
if (context) {
|
|
err = destroy_all_ccaches(context);
|
|
@@ -847,21 +722,6 @@ int check_cc_ccache_store_credentials(void) {
|
|
|
|
if (&creds_union) { release_v5_creds_union(&creds_union); }
|
|
|
|
- // bad creds version
|
|
- if (!err) {
|
|
- err = new_v5_creds_union(&creds_union, "BAR.ORG");
|
|
- }
|
|
-
|
|
- if (!err) {
|
|
- creds_union.version = cc_credentials_v4_v5;
|
|
- check_once_cc_ccache_store_credentials(ccache, &creds_union, ccErrBadCredentialsVersion, "v4_v5 creds (invalid) into a ccache with only v5 princ");
|
|
- creds_union.version = cc_credentials_v4;
|
|
- check_once_cc_ccache_store_credentials(ccache, &creds_union, ccErrBadCredentialsVersion, "v4 creds into a ccache with only v5 princ");
|
|
- creds_union.version = cc_credentials_v5;
|
|
- }
|
|
-
|
|
- if (&creds_union) { release_v5_creds_union(&creds_union); }
|
|
-
|
|
// non-existent ccache
|
|
if (ccache) {
|
|
err = cc_ccache_get_name(ccache, &name);
|
|
@@ -1809,21 +1669,10 @@ int check_cc_ccache_get_kdc_time_offset(void) {
|
|
err = cc_ccache_set_kdc_time_offset(ccache, cc_credentials_v5, time_offset);
|
|
}
|
|
if (!err) {
|
|
- check_once_cc_ccache_get_kdc_time_offset(ccache, cc_credentials_v5, &time_offset, ccNoError, "offset set for v5 but not v4");
|
|
- }
|
|
- if (!err) {
|
|
- check_once_cc_ccache_get_kdc_time_offset(ccache, cc_credentials_v4, &time_offset, ccErrTimeOffsetNotSet, "asking for v4 offset when only v5 is set");
|
|
- }
|
|
- if (!err) {
|
|
- err = cc_ccache_set_kdc_time_offset(ccache, cc_credentials_v4, time_offset);
|
|
- }
|
|
- if (!err) {
|
|
- check_once_cc_ccache_get_kdc_time_offset(ccache, cc_credentials_v4, &time_offset, ccNoError, "asking for v4 offset when v4 and v5 are set");
|
|
+ check_once_cc_ccache_get_kdc_time_offset(ccache, cc_credentials_v5, &time_offset, ccNoError, "offset set for v5");
|
|
}
|
|
|
|
-
|
|
check_once_cc_ccache_get_kdc_time_offset(ccache, cc_credentials_v5, NULL, ccErrBadParam, "NULL time_offset out param");
|
|
- check_once_cc_ccache_get_kdc_time_offset(ccache, cc_credentials_v4_v5, &time_offset, ccErrBadCredentialsVersion, "v4_v5 creds_vers in param (invalid)");
|
|
|
|
if (ccache) { cc_ccache_release(ccache); }
|
|
|
|
@@ -1900,9 +1749,6 @@ int check_cc_ccache_set_kdc_time_offset(void) {
|
|
}
|
|
|
|
check_once_cc_ccache_set_kdc_time_offset(ccache, cc_credentials_v5, 0, ccNoError, "first time setting offset (v5)");
|
|
- check_once_cc_ccache_set_kdc_time_offset(ccache, cc_credentials_v4, 0, ccNoError, "first time setting offset (v4)");
|
|
-
|
|
- check_once_cc_ccache_set_kdc_time_offset(ccache, cc_credentials_v4_v5, 0, ccErrBadCredentialsVersion, "invalid creds_vers (v4_v5)");
|
|
|
|
if (ccache) { cc_ccache_release(ccache); }
|
|
|
|
@@ -1978,15 +1824,10 @@ int check_cc_ccache_clear_kdc_time_offset(void) {
|
|
}
|
|
|
|
check_once_cc_ccache_clear_kdc_time_offset(ccache, cc_credentials_v5, ccNoError, "clearing an offset that was never set (v5)");
|
|
- check_once_cc_ccache_clear_kdc_time_offset(ccache, cc_credentials_v4, ccNoError, "clearing an offset that was never set (v4)");
|
|
|
|
err = cc_ccache_set_kdc_time_offset(ccache, cc_credentials_v5, 0);
|
|
- err = cc_ccache_set_kdc_time_offset(ccache, cc_credentials_v4, 0);
|
|
|
|
check_once_cc_ccache_clear_kdc_time_offset(ccache, cc_credentials_v5, ccNoError, "clearing v5");
|
|
- check_once_cc_ccache_clear_kdc_time_offset(ccache, cc_credentials_v4, ccNoError, "clearing v4");
|
|
-
|
|
- check_once_cc_ccache_clear_kdc_time_offset(ccache, cc_credentials_v4_v5, ccErrBadCredentialsVersion, "bad in param creds vers (v4_v5)");
|
|
|
|
if (ccache) { cc_ccache_release(ccache); }
|
|
|
|
diff --git a/src/ccapi/test/test_ccapi_constants.c b/src/ccapi/test/test_ccapi_constants.c
|
|
index 9f2aecbc2..57377262e 100644
|
|
--- a/src/ccapi/test/test_ccapi_constants.c
|
|
+++ b/src/ccapi/test/test_ccapi_constants.c
|
|
@@ -46,9 +46,7 @@ int check_constants(void) {
|
|
|
|
/* Credentials versions */
|
|
|
|
- check_int(cc_credentials_v4, 1);
|
|
check_int(cc_credentials_v5, 2);
|
|
- check_int(cc_credentials_v4_v5, (cc_credentials_v4 | cc_credentials_v5));
|
|
|
|
/* Lock types */
|
|
|
|
diff --git a/src/ccapi/test/test_ccapi_context.c b/src/ccapi/test/test_ccapi_context.c
|
|
index 09feebee5..2dc348ea0 100644
|
|
--- a/src/ccapi/test/test_ccapi_context.c
|
|
+++ b/src/ccapi/test/test_ccapi_context.c
|
|
@@ -583,7 +583,6 @@ int check_cc_context_create_ccache(void) {
|
|
|
|
// try bad parameters
|
|
err = check_once_cc_context_create_ccache(context, NULL, cc_credentials_v5, "foo@BAR.ORG", &ccache, ccErrBadParam, "NULL name"); // NULL name
|
|
- err = check_once_cc_context_create_ccache(context, "name", cc_credentials_v4_v5, "foo@BAR.ORG", &ccache, ccErrBadCredentialsVersion, "invalid creds_vers"); // invalid creds_vers
|
|
err = check_once_cc_context_create_ccache(context, "name", cc_credentials_v5, NULL, &ccache, ccErrBadParam, "NULL principal"); // NULL principal
|
|
err = check_once_cc_context_create_ccache(context, "name", cc_credentials_v5, "foo@BAR.ORG", NULL, ccErrBadParam, "NULL ccache"); // NULL ccache
|
|
}
|
|
@@ -681,7 +680,6 @@ int check_cc_context_create_default_ccache(void) {
|
|
}
|
|
|
|
// try bad parameters
|
|
- err = check_once_cc_context_create_default_ccache(context, cc_credentials_v4_v5, "foo@BAR.ORG", &ccache, ccErrBadCredentialsVersion, "invalid creds_vers"); // invalid creds_vers
|
|
err = check_once_cc_context_create_default_ccache(context, cc_credentials_v5, NULL, &ccache, ccErrBadParam, "NULL principal"); // NULL principal
|
|
err = check_once_cc_context_create_default_ccache(context, cc_credentials_v5, "foo@BAR.ORG", NULL, ccErrBadParam, "NULL ccache"); // NULL ccache
|
|
}
|
|
@@ -773,7 +771,6 @@ int check_cc_context_create_new_ccache(void) {
|
|
if (ccache) { cc_ccache_release(ccache); }
|
|
|
|
// try bad parameters
|
|
- err = check_once_cc_context_create_new_ccache(context, 1, cc_credentials_v4_v5, "foo@BAR.ORG", &ccache, ccErrBadCredentialsVersion, "invalid creds_vers"); // invalid creds_vers
|
|
err = check_once_cc_context_create_new_ccache(context, 1, cc_credentials_v5, NULL, &ccache, ccErrBadParam, "NULL principal"); // NULL principal
|
|
err = check_once_cc_context_create_new_ccache(context, 1, cc_credentials_v5, "foo@BAR.ORG", NULL, ccErrBadParam, "NULL ccache"); // NULL ccache
|
|
}
|
|
diff --git a/src/ccapi/test/test_ccapi_v2.c b/src/ccapi/test/test_ccapi_v2.c
|
|
index e0205ce46..c71bb45a8 100644
|
|
--- a/src/ccapi/test/test_ccapi_v2.c
|
|
+++ b/src/ccapi/test/test_ccapi_v2.c
|
|
@@ -45,20 +45,6 @@ static int compare_v5_creds_unions_compat(const cred_union *a, const cred_union
|
|
a->cred.pV5Cred->starttime == b->cred.pV5Cred->starttime) {
|
|
retval = 0;
|
|
}
|
|
- } else if (a->cred_type == CC_CRED_V4) {
|
|
- if (!strcmp (a->cred.pV4Cred->principal,
|
|
- b->cred.pV4Cred->principal) &&
|
|
- !strcmp (a->cred.pV4Cred->principal_instance,
|
|
- b->cred.pV4Cred->principal_instance) &&
|
|
- !strcmp (a->cred.pV4Cred->service,
|
|
- b->cred.pV4Cred->service) &&
|
|
- !strcmp (a->cred.pV4Cred->service_instance,
|
|
- b->cred.pV4Cred->service_instance) &&
|
|
- !strcmp (a->cred.pV4Cred->realm,
|
|
- b->cred.pV4Cred->realm) &&
|
|
- a->cred.pV4Cred->issue_date == b->cred.pV4Cred->issue_date) {
|
|
- retval = 0;
|
|
- }
|
|
}
|
|
}
|
|
|
|
@@ -361,10 +347,6 @@ int check_cc_open(void) {
|
|
err = check_once_cc_open(context, name, CC_CRED_V5, &ccache, CC_NOERROR, NULL);
|
|
}
|
|
|
|
- // check version
|
|
- if (!err) {
|
|
- err = check_once_cc_open(context, name, CC_CRED_V4, &ccache, CC_ERR_CRED_VERSION, NULL);
|
|
- }
|
|
// try bad parameters
|
|
err = check_once_cc_open(context, NULL, CC_CRED_V5, &ccache, CC_BAD_PARM, NULL);
|
|
err = check_once_cc_open(context, name, CC_CRED_V5, NULL, CC_BAD_PARM, NULL);
|
|
@@ -681,17 +663,6 @@ int check_cc_get_cred_version(void) {
|
|
|
|
err = CC_NOERROR;
|
|
|
|
- // try one created with v4 creds
|
|
- if (!err) {
|
|
- err = cc_create(context, name, "foo@BAR.ORG", CC_CRED_V4, 0, &ccache);
|
|
- }
|
|
- if (!err) {
|
|
- check_once_cc_get_cred_version(context, ccache, CC_CRED_V4, CC_NOERROR, "v4 creds");
|
|
- }
|
|
- else {
|
|
- log_error("cc_context_create_new_ccache failed, can't complete test");
|
|
- failure_count++;
|
|
- }
|
|
if (ccache) {
|
|
cc_destroy(context, &ccache);
|
|
ccache = NULL;
|
|
@@ -840,7 +811,6 @@ int check_cc_get_principal(void) {
|
|
apiCB *context = NULL;
|
|
ccache_p *ccache = NULL;
|
|
char *name_v5 = "TEST_CC_GET_PRINCIPAL_V5";
|
|
- char *name_v4 = "TEST_CC_GET_PRINCIPAL_V4";
|
|
|
|
BEGIN_TEST("cc_get_principal");
|
|
|
|
@@ -866,18 +836,6 @@ int check_cc_get_principal(void) {
|
|
ccache = NULL;
|
|
}
|
|
|
|
- // try with krb4 principal
|
|
- if (!err) {
|
|
- err = cc_create(context, name_v4, "foo.BAR@BAZ.ORG", CC_CRED_V4, 0, &ccache);
|
|
- }
|
|
- if (!err) {
|
|
- check_once_cc_get_principal(context, ccache, "foo.BAR@BAZ.ORG", CC_NOERROR, "trying to get krb4 princ for krb4 ccache");
|
|
- }
|
|
- else {
|
|
- log_error("cc_create failed, can't complete test");
|
|
- failure_count++;
|
|
- }
|
|
-
|
|
// try with bad param
|
|
if (!err) {
|
|
check_once_cc_get_principal(context, ccache, NULL, CC_BAD_PARM, "passed null out param");
|
|
@@ -945,7 +903,6 @@ int check_cc_set_principal(void) {
|
|
apiCB *context = NULL;
|
|
ccache_p *ccache = NULL;
|
|
char *name_v5 = "TEST_CC_GET_PRINCIPAL_V5";
|
|
- char *name_v4 = "TEST_CC_GET_PRINCIPAL_V4";
|
|
|
|
BEGIN_TEST("cc_set_principal");
|
|
|
|
@@ -972,37 +929,6 @@ int check_cc_set_principal(void) {
|
|
ccache = NULL;
|
|
}
|
|
|
|
- // empty ccache
|
|
-
|
|
- // replace v5 ccache's principal
|
|
- if (!err) {
|
|
- err = cc_create(context, name_v5, "foo@BAZ.ORG", CC_CRED_V5, 0, &ccache);
|
|
- }
|
|
- if (!err) {
|
|
- check_once_cc_set_principal(context, ccache, CC_CRED_V5, "foo/BAZ@BAR.ORG", CC_NOERROR, "replace v5 only ccache's principal (empty ccache)");
|
|
- check_once_cc_set_principal(context, ccache, CC_CRED_V4, "foo.BAZ@BAR.ORG", CC_ERR_CRED_VERSION, "replace v5 principal with v4");
|
|
- }
|
|
- else {
|
|
- log_error("cc_create failed, can't complete test");
|
|
- failure_count++;
|
|
- }
|
|
- if (ccache) {
|
|
- cc_destroy(context, &ccache);
|
|
- ccache = NULL;
|
|
- }
|
|
-
|
|
- // replace v4 ccache's principal
|
|
- if (!err) {
|
|
- err = cc_create(context, name_v4, "foo@BAZ.ORG", CC_CRED_V4, 0, &ccache);
|
|
- }
|
|
- if (!err) {
|
|
- check_once_cc_set_principal(context, ccache, CC_CRED_V4, "foo.BAZ@BAR.ORG", CC_NOERROR, "replace v4 only ccache's principal (empty ccache)");
|
|
- check_once_cc_set_principal(context, ccache, CC_CRED_V5, "foo/BAZ@BAR.ORG", CC_ERR_CRED_VERSION, "replace v4 principal with v5");
|
|
- }
|
|
- else {
|
|
- log_error("cc_create failed, can't complete test");
|
|
- failure_count++;
|
|
- }
|
|
if (ccache) {
|
|
cc_destroy(context, &ccache);
|
|
ccache = NULL;
|
|
@@ -1102,21 +1028,6 @@ int check_cc_store(void) {
|
|
}
|
|
}
|
|
|
|
- // bad creds version
|
|
- if (!err) {
|
|
- err = new_v5_creds_union_compat(&creds_union, "BAR.ORG");
|
|
-
|
|
- if (!err) {
|
|
- creds_union.cred_type = CC_CRED_MAX;
|
|
- check_once_cc_store(context, ccache, creds_union, CC_ERR_CRED_VERSION, "CC_CRED_MAX (invalid) into a ccache with only v5 princ");
|
|
- creds_union.cred_type = CC_CRED_V4;
|
|
- check_once_cc_store(context, ccache, creds_union, CC_ERR_CRED_VERSION, "v4 creds into a v5 ccache");
|
|
- creds_union.cred_type = CC_CRED_V5;
|
|
-
|
|
- release_v5_creds_union_compat(&creds_union);
|
|
- }
|
|
- }
|
|
-
|
|
// non-existent ccache
|
|
if (ccache) {
|
|
err = cc_get_name(context, ccache, &name);
|
|
diff --git a/src/include/CredentialsCache.h b/src/include/CredentialsCache.h
|
|
index 54f71a1a0..c18159639 100644
|
|
--- a/src/include/CredentialsCache.h
|
|
+++ b/src/include/CredentialsCache.h
|
|
@@ -104,19 +104,19 @@ extern "C" {
|
|
* \section introduction Introduction
|
|
*
|
|
* This is the specification for an API which provides Credentials Cache
|
|
- * services for both Kerberos v5 and v4. The idea behind this API is that
|
|
- * multiple Kerberos implementations can share a single collection of
|
|
- * credentials caches, mediated by this API specification. On the Mac OS
|
|
- * and Microsoft Windows platforms this will allow single-login, even when
|
|
- * more than one Kerberos shared library is in use on a particular system.
|
|
+ * services for Kerberos v5 (and previously v4). The idea behind this API is
|
|
+ * that multiple Kerberos implementations can share a single collection of
|
|
+ * credentials caches, mediated by this API specification. On the Mac OS and
|
|
+ * Microsoft Windows platforms this will allow single-login, even when more
|
|
+ * than one Kerberos shared library is in use on a particular system.
|
|
*
|
|
* Abstractly, a credentials cache collection contains one or more credentials
|
|
* caches, or ccaches. A ccache is uniquely identified by its name, which is
|
|
* a string internal to the API and not intended to be presented to users.
|
|
* The user presentable identifier of a ccache is its principal.
|
|
*
|
|
- * Unlike the previous versions of the API, version 3 of the API stores both
|
|
- * Kerberos v4 and v5 credentials in the same ccache.
|
|
+ * Unlike the previous versions of the API, version 3 of the API could store
|
|
+ * credentials for multiple Kerberos versions in the same ccache.
|
|
*
|
|
* At any given time, one ccache is the "default" ccache. The exact meaning
|
|
* of a default ccache is OS-specific; refer to implementation requirements
|
|
@@ -305,10 +305,9 @@ enum {
|
|
/*!
|
|
* Credentials versions
|
|
*
|
|
- * These constants are used in several places in the API to discern
|
|
- * between Kerberos v4 and Kerberos v5. Not all values are valid
|
|
- * inputs and outputs for all functions; function specifications
|
|
- * below detail the allowed values.
|
|
+ * These constants are used in several places in the API to discern Kerberos
|
|
+ * versions. Not all values are valid inputs and outputs for all functions;
|
|
+ * function specifications below detail the allowed values.
|
|
*
|
|
* Kerberos version constants will always be a bit-field, and can be
|
|
* tested as such; for example the following test will tell you if
|
|
@@ -317,9 +316,9 @@ enum {
|
|
* if ((ccacheVersion & cc_credentials_v5) != 0)
|
|
*/
|
|
enum cc_credential_versions {
|
|
- cc_credentials_v4 = 1,
|
|
+ /* cc_credentials_v4 = 1, */
|
|
cc_credentials_v5 = 2,
|
|
- cc_credentials_v4_v5 = 3
|
|
+ /* cc_credentials_v4_v5 = 3 */
|
|
};
|
|
|
|
/*!
|
|
@@ -353,29 +352,6 @@ enum cc_lock_modes {
|
|
cc_lock_block = 1
|
|
};
|
|
|
|
-/*!
|
|
- * Sizes of fields in cc_credentials_v4_t.
|
|
- */
|
|
-enum {
|
|
- /* Make sure all of these are multiples of four (for alignment sanity) */
|
|
- cc_v4_name_size = 40,
|
|
- cc_v4_instance_size = 40,
|
|
- cc_v4_realm_size = 40,
|
|
- cc_v4_ticket_size = 1254,
|
|
- cc_v4_key_size = 8
|
|
-};
|
|
-
|
|
-/*!
|
|
- * String to key type (Kerberos v4 only)
|
|
- */
|
|
-enum cc_string_to_key_type {
|
|
- cc_v4_stk_afs = 0,
|
|
- cc_v4_stk_des = 1,
|
|
- cc_v4_stk_columbia_special = 2,
|
|
- cc_v4_stk_krb5 = 3,
|
|
- cc_v4_stk_unknown = 4
|
|
-};
|
|
-
|
|
/*!@}*/
|
|
|
|
/*!
|
|
@@ -482,15 +458,13 @@ typedef cc_ccache_iterator_d *cc_ccache_iterator_t;
|
|
* \defgroup cc_credentials_reference cc_credentials_t Overview
|
|
* @{
|
|
*
|
|
- * The cc_credentials_t type is used to store a single set of
|
|
- * credentials for either Kerberos v4 or Kerberos v5. In addition
|
|
- * to its only function, release(), it contains a pointer to a
|
|
- * cc_credentials_union structure. A cc_credentials_union
|
|
+ * The cc_credentials_t type is used to store a single set of credentials for
|
|
+ * Kerberos v5. In addition to its only function, release(), it contains a
|
|
+ * pointer to a cc_credentials_union structure. A cc_credentials_union
|
|
* structure contains an integer of the enumerator type
|
|
- * cc_credentials_version, which is either #cc_credentials_v4 or
|
|
- * #cc_credentials_v5, and a pointer union, which contains either a
|
|
- * cc_credentials_v4_t pointer or a cc_credentials_v5_t pointer,
|
|
- * depending on the value in version.
|
|
+ * cc_credentials_version, which is #cc_credentials_v5, and a pointer union,
|
|
+ * which contains a cc_credentials_v5_t pointer, depending on the value in
|
|
+ * version.
|
|
*
|
|
* Variables of the type cc_credentials_t are allocated by the CCAPI
|
|
* implementation, and should be released with their release()
|
|
@@ -501,43 +475,6 @@ typedef cc_ccache_iterator_d *cc_ccache_iterator_t;
|
|
* For API functions see \ref cc_credentials_f.
|
|
*/
|
|
|
|
-/*!
|
|
- * If a cc_credentials_t variable is used to store Kerberos v4
|
|
- * credentials, then credentials.credentials_v4 points to a v4
|
|
- * credentials structure. This structure is similar to a
|
|
- * krb4 API CREDENTIALS structure.
|
|
- */
|
|
-struct cc_credentials_v4_t {
|
|
- cc_uint32 version;
|
|
- /*! A properly quoted string representation of the first component of the client principal */
|
|
- char principal [cc_v4_name_size];
|
|
- /*! A properly quoted string representation of the second component of the client principal */
|
|
- char principal_instance [cc_v4_instance_size];
|
|
- /*! A properly quoted string representation of the first component of the service principal */
|
|
- char service [cc_v4_name_size];
|
|
- /*! A properly quoted string representation of the second component of the service principal */
|
|
- char service_instance [cc_v4_instance_size];
|
|
- /*! A properly quoted string representation of the realm */
|
|
- char realm [cc_v4_realm_size];
|
|
- /*! Ticket session key */
|
|
- unsigned char session_key [cc_v4_key_size];
|
|
- /*! Key version number */
|
|
- cc_int32 kvno;
|
|
- /*! String to key type used. See cc_string_to_key_type for valid values */
|
|
- cc_int32 string_to_key_type;
|
|
- /*! Time when the ticket was issued */
|
|
- cc_time_t issue_date;
|
|
- /*! Ticket lifetime in 5 minute units */
|
|
- cc_int32 lifetime;
|
|
- /*! IPv4 address of the client the ticket was issued for */
|
|
- cc_uint32 address;
|
|
- /*! Ticket size (no greater than cc_v4_ticket_size) */
|
|
- cc_int32 ticket_size;
|
|
- /*! Ticket data */
|
|
- unsigned char ticket [cc_v4_ticket_size];
|
|
-};
|
|
-typedef struct cc_credentials_v4_t cc_credentials_v4_t;
|
|
-
|
|
/*!
|
|
* The CCAPI data structure. This structure is similar to a krb5_data structure.
|
|
* In a v5 credentials structure, cc_data structures are used
|
|
@@ -602,8 +539,6 @@ struct cc_credentials_union {
|
|
cc_uint32 version;
|
|
/*! The credentials. */
|
|
union {
|
|
- /*! If \a version is #cc_credentials_v4, a pointer to a cc_credentials_v4_t. */
|
|
- cc_credentials_v4_t* credentials_v4;
|
|
/*! If \a version is #cc_credentials_v5, a pointer to a cc_credentials_v5_t. */
|
|
cc_credentials_v5_t* credentials_v5;
|
|
} credentials;
|
|
@@ -781,13 +716,11 @@ struct cc_context_f {
|
|
* \return On success, #ccNoError. On failure, an error code representing the failure.
|
|
* \brief \b cc_context_create_ccache(): Create a new ccache.
|
|
*
|
|
- * Create a new credentials cache. The ccache is uniquely identified by its name.
|
|
- * The principal given is also associated with the ccache and the credentials
|
|
- * version specified. A NULL name is not allowed (and ccErrBadName is returned
|
|
- * if one is passed in). Only cc_credentials_v4 and cc_credentials_v5 are valid
|
|
- * input values for cred_vers. If you want to create a new ccache that will hold
|
|
- * both versions of credentials, call cc_context_create_ccache() with one version,
|
|
- * and then cc_ccache_set_principal() with the other version.
|
|
+ * Create a new credentials cache. The ccache is uniquely identified by
|
|
+ * its name. The principal given is also associated with the ccache and
|
|
+ * the credentials version specified. A NULL name is not allowed (and
|
|
+ * ccErrBadName is returned if one is passed in). Only cc_credentials_v5
|
|
+ * can be an input value for cred_vers.
|
|
*
|
|
* If you want to create a new ccache (with a unique name), you should use
|
|
* cc_context_create_new_ccache() instead. If you want to create or reinitialize
|
|
@@ -814,10 +747,9 @@ struct cc_context_f {
|
|
* cc_context_get_default_ccache_name()); see the description of
|
|
* cc_context_get_default_ccache_name() for details.
|
|
*
|
|
- * The principal should be a C string containing an unparsed Kerberos principal
|
|
- * in the format of the appropriate Kerberos version, i.e. \verbatim foo.bar/@BAZ
|
|
- * \endverbatim for Kerberos v4 and \verbatim foo/bar/@BAZ \endverbatim
|
|
- * for Kerberos v5.
|
|
+ * The principal should be a C string containing an unparsed Kerberos
|
|
+ * principal in the format of the appropriate Kerberos version,
|
|
+ * i.e. \verbatim foo/bar/@BAZ \endverbatim for Kerberos v5.
|
|
*/
|
|
cc_int32 (*create_ccache) (cc_context_t in_context,
|
|
const char *in_name,
|
|
@@ -1014,14 +946,11 @@ struct cc_ccache_f {
|
|
* \return On success, #ccNoError. On failure, an error code representing the failure.
|
|
* \brief \b cc_ccache_get_credentials_version(): Get the credentials version of a ccache.
|
|
*
|
|
- * cc_ccache_get_credentials_version() returns one value of the enumerated type
|
|
- * cc_credentials_vers. The possible return values are #cc_credentials_v4
|
|
- * (if ccache's v4 principal has been set), #cc_credentials_v5
|
|
- * (if ccache's v5 principal has been set), or #cc_credentials_v4_v5
|
|
- * (if both ccache's v4 and v5 principals have been set). A ccache's
|
|
- * principal is set with one of cc_context_create_ccache(),
|
|
- * cc_context_create_new_ccache(), cc_context_create_default_ccache(), or
|
|
- * cc_ccache_set_principal().
|
|
+ * cc_ccache_get_credentials_version() returns one value of the enumerated
|
|
+ * type cc_credentials_vers. The return value is #cc_credentials_v5 (if
|
|
+ * ccache's v5 principal has been set). A ccache's principal is set with
|
|
+ * one of cc_context_create_ccache(), cc_context_create_new_ccache(),
|
|
+ * cc_context_create_default_ccache(), or cc_ccache_set_principal().
|
|
*/
|
|
cc_int32 (*get_credentials_version) (cc_ccache_t in_ccache,
|
|
cc_uint32 *out_credentials_version);
|
|
@@ -1046,10 +975,7 @@ struct cc_ccache_f {
|
|
*
|
|
* Return the principal for the ccache that was set via cc_context_create_ccache(),
|
|
* cc_context_create_default_ccache(), cc_context_create_new_ccache(), or
|
|
- * cc_ccache_set_principal(). Principals for v4 and v5 are separate, but
|
|
- * should be kept synchronized for each ccache; they can be retrieved by
|
|
- * passing cc_credentials_v4 or cc_credentials_v5 in cred_vers. Passing
|
|
- * cc_credentials_v4_v5 will result in the error ccErrBadCredentialsVersion.
|
|
+ * cc_ccache_set_principal().
|
|
*/
|
|
cc_int32 (*get_principal) (cc_ccache_t in_ccache,
|
|
cc_uint32 in_credentials_version,
|
|
@@ -1063,10 +989,7 @@ struct cc_ccache_f {
|
|
* \return On success, #ccNoError. On failure, an error code representing the failure.
|
|
* \brief \b cc_ccache_set_principal(): Set the principal of a ccache.
|
|
*
|
|
- * Set the a principal for ccache. The v4 and v5 principals can be set
|
|
- * independently, but they should always be kept equal, up to differences in
|
|
- * string representation between v4 and v5. Passing cc_credentials_v4_v5 in
|
|
- * cred_vers will result in the error ccErrBadCredentialsVersion.
|
|
+ * Set the a principal for ccache.
|
|
*/
|
|
cc_int32 (*set_principal) (cc_ccache_t io_ccache,
|
|
cc_uint32 in_credentials_version,
|
|
@@ -1083,12 +1006,13 @@ struct cc_ccache_f {
|
|
* See the description of the credentials types for the meaning of
|
|
* cc_credentials_union fields.
|
|
*
|
|
- * Before credentials of a specific credential type can be stored in a ccache,
|
|
- * the corresponding principal version has to be set. For example, before you can
|
|
- * store Kerberos v4 credentials in a ccache, the Kerberos v4 principal has to be set
|
|
- * either by cc_context_create_ccache(), cc_context_create_default_ccache(),
|
|
- * cc_context_create_new_ccache(), or cc_ccache_set_principal(); likewise for
|
|
- * Kerberos v5. Otherwise, ccErrBadCredentialsVersion is returned.
|
|
+ * Before credentials of a specific credential type can be stored in a
|
|
+ * ccache, the corresponding principal version has to be set. That is,
|
|
+ * before you can store Kerberos v5 credentials in a ccache, the Kerberos
|
|
+ * v5 principal has to be set either by cc_context_create_ccache(),
|
|
+ * cc_context_create_default_ccache(), cc_context_create_new_ccache(), or
|
|
+ * cc_ccache_set_principal(); otherwise, ccErrBadCredentialsVersion is
|
|
+ * returned.
|
|
*/
|
|
cc_int32 (*store_credentials) (cc_ccache_t io_ccache,
|
|
const cc_credentials_union *in_credentials_union);
|
|
diff --git a/src/include/CredentialsCache2.h b/src/include/CredentialsCache2.h
|
|
index b3b48996d..9e5a346ac 100644
|
|
--- a/src/include/CredentialsCache2.h
|
|
+++ b/src/include/CredentialsCache2.h
|
|
@@ -85,36 +85,13 @@ typedef struct cc_credentials_v5_compat {
|
|
cc_data_compat** authdata;
|
|
} cc_credentials_v5_compat;
|
|
|
|
-enum {
|
|
- MAX_V4_CRED_LEN = 1250
|
|
-};
|
|
-
|
|
enum {
|
|
KRB_NAME_SZ = 40,
|
|
KRB_INSTANCE_SZ = 40,
|
|
KRB_REALM_SZ = 40
|
|
};
|
|
|
|
-typedef struct cc_credentials_v4_compat {
|
|
- unsigned char kversion;
|
|
- char principal[KRB_NAME_SZ+1];
|
|
- char principal_instance[KRB_INSTANCE_SZ+1];
|
|
- char service[KRB_NAME_SZ+1];
|
|
- char service_instance[KRB_INSTANCE_SZ+1];
|
|
- char realm[KRB_REALM_SZ+1];
|
|
- unsigned char session_key[8];
|
|
- cc_int32 kvno;
|
|
- cc_int32 str_to_key;
|
|
- long issue_date;
|
|
- cc_int32 lifetime;
|
|
- cc_uint32 address;
|
|
- cc_int32 ticket_sz;
|
|
- unsigned char ticket[MAX_V4_CRED_LEN];
|
|
- unsigned long oops;
|
|
-} cc_credentials_v4_compat;
|
|
-
|
|
typedef union cred_ptr_union_compat {
|
|
- cc_credentials_v4_compat* pV4Cred;
|
|
cc_credentials_v5_compat* pV5Cred;
|
|
} cred_ptr_union_compat;
|
|
|
|
@@ -135,7 +112,6 @@ typedef struct infoNC infoNC;
|
|
|
|
/* Some old type names */
|
|
|
|
-typedef cc_credentials_v4_compat V4Cred_type;
|
|
typedef cc_credentials_v5_compat cc_creds;
|
|
struct ccache_cit;
|
|
typedef struct ccache_cit ccache_cit;
|
|
@@ -166,7 +142,7 @@ enum {
|
|
|
|
enum {
|
|
CC_CRED_UNKNOWN,
|
|
- CC_CRED_V4,
|
|
+ /* CC_CRED_V4, */
|
|
CC_CRED_V5,
|
|
CC_CRED_MAX
|
|
};
|
|
diff --git a/src/lib/krb5/ccache/ccapi/stdcc.c b/src/lib/krb5/ccache/ccapi/stdcc.c
|
|
index db69eebb4..cac61e45c 100644
|
|
--- a/src/lib/krb5/ccache/ccapi/stdcc.c
|
|
+++ b/src/lib/krb5/ccache/ccapi/stdcc.c
|
|
@@ -589,7 +589,6 @@ krb5_stdccv3_next_cred (krb5_context context,
|
|
err = stdccv3_setup (context, ccapi_data);
|
|
}
|
|
|
|
- /* Note: CCAPI v3 ccaches can contain both v4 and v5 creds */
|
|
while (!err) {
|
|
err = cc_credentials_iterator_next (iterator, &credentials);
|
|
|
|
@@ -836,7 +835,6 @@ krb5_stdccv3_remove (krb5_context context,
|
|
&iterator);
|
|
}
|
|
|
|
- /* Note: CCAPI v3 ccaches can contain both v4 and v5 creds */
|
|
while (!err && !found) {
|
|
cc_credentials_t credentials = NULL;
|
|
|
|
diff --git a/src/lib/krb5/ccache/ccapi/stdcc_util.c b/src/lib/krb5/ccache/ccapi/stdcc_util.c
|
|
index 62d847c18..1f2a3865c 100644
|
|
--- a/src/lib/krb5/ccache/ccapi/stdcc_util.c
|
|
+++ b/src/lib/krb5/ccache/ccapi/stdcc_util.c
|
|
@@ -521,9 +521,6 @@ cred_union_release (cc_credentials_union *in_cred_union)
|
|
|
|
free (cv5);
|
|
|
|
- } else if (in_cred_union->version == cc_credentials_v4 &&
|
|
- in_cred_union->credentials.credentials_v4) {
|
|
- free (in_cred_union->credentials.credentials_v4);
|
|
}
|
|
free ((cc_credentials_union *) in_cred_union);
|
|
}
|
|
@@ -892,10 +889,7 @@ static void deep_free_cc_v5_creds (cc_creds* creds)
|
|
|
|
static void deep_free_cc_creds (cred_union creds)
|
|
{
|
|
- if (creds.cred_type == CC_CRED_V4) {
|
|
- /* we shouldn't get this, of course */
|
|
- free (creds.cred.pV4Cred);
|
|
- } else if (creds.cred_type == CC_CRED_V5) {
|
|
+ if (creds.cred_type == CC_CRED_V5) {
|
|
deep_free_cc_v5_creds (creds.cred.pV5Cred);
|
|
}
|
|
}
|
|
diff --git a/src/windows/kfwlogon/kfwlogon.h b/src/windows/kfwlogon/kfwlogon.h
|
|
index b2674573e..622d5665c 100644
|
|
--- a/src/windows/kfwlogon/kfwlogon.h
|
|
+++ b/src/windows/kfwlogon/kfwlogon.h
|
|
@@ -94,7 +94,7 @@ typedef int cc_int32;
|
|
|
|
enum {
|
|
CC_CRED_VUNKNOWN = 0, // For validation
|
|
- CC_CRED_V4 = 1,
|
|
+ /* CC_CRED_V4 = 1, */
|
|
CC_CRED_V5 = 2,
|
|
CC_CRED_VMAX = 3 // For validation
|
|
};
|
|
diff --git a/src/windows/leashdll/leash-int.h b/src/windows/leashdll/leash-int.h
|
|
index cb40c607c..bf6f6a08d 100644
|
|
--- a/src/windows/leashdll/leash-int.h
|
|
+++ b/src/windows/leashdll/leash-int.h
|
|
@@ -182,7 +182,7 @@ typedef int cc_int32;
|
|
|
|
enum {
|
|
CC_CRED_VUNKNOWN = 0, // For validation
|
|
- CC_CRED_V4 = 1,
|
|
+ /* CC_CRED_V4 = 1, */
|
|
CC_CRED_V5 = 2,
|
|
CC_CRED_VMAX = 3 // For validation
|
|
};
|
|
diff --git a/src/windows/lib/cacheapi.h b/src/windows/lib/cacheapi.h
|
|
index b30857810..9aab4a098 100644
|
|
--- a/src/windows/lib/cacheapi.h
|
|
+++ b/src/windows/lib/cacheapi.h
|
|
@@ -126,52 +126,8 @@ typedef struct _cc_creds {
|
|
cc_data ** authdata;
|
|
} cc_creds;
|
|
|
|
-// begin V4 stuff
|
|
-// use an enumerated type so all callers infer the same meaning
|
|
-// these values are what krbv4win uses internally.
|
|
-#define STK_AFS 0
|
|
-#define STK_DES 1
|
|
-
|
|
-// K4 uses a MAX_KTXT_LEN of 1250 to hold a ticket
|
|
-// K95 uses 256
|
|
-// To be safe I'll use the larger number, but a factor of 5!!!
|
|
-#define MAX_V4_CRED_LEN 1250
|
|
-
|
|
-// V4 Credentials
|
|
-
|
|
-enum {
|
|
- KRB_NAME_SZ = 40,
|
|
- KRB_INSTANCE_SZ = 40,
|
|
- KRB_REALM_SZ = 40
|
|
-};
|
|
-
|
|
-typedef struct cc_V4credential {
|
|
- unsigned char kversion;
|
|
- char principal[KRB_NAME_SZ + 1];
|
|
- char principal_instance[KRB_INSTANCE_SZ + 1];
|
|
- char service[KRB_NAME_SZ + 1];
|
|
- char service_instance[KRB_INSTANCE_SZ + 1];
|
|
- char realm[KRB_REALM_SZ + 1];
|
|
- unsigned char session_key[8];
|
|
- cc_int32 kvno; // k95 used BYTE skvno
|
|
- cc_int32 str_to_key; // k4 infers dynamically, k95 stores
|
|
- long issue_date; // k95 called this issue_time
|
|
- cc_int32 lifetime; // k95 used LONG expiration_time
|
|
- cc_uint32 address; // IP Address of local host
|
|
- cc_int32 ticket_sz; // k95 used BYTE, k4 ktext uses int to hold up to 1250
|
|
- unsigned char ticket[MAX_V4_CRED_LEN];
|
|
- unsigned long oops; // zero to catch runaways
|
|
-} V4Cred_type;
|
|
-
|
|
-enum {
|
|
- CC_CRED_VUNKNOWN = 0, // For validation
|
|
- CC_CRED_V4 = 1,
|
|
- CC_CRED_V5 = 2,
|
|
- CC_CRED_VMAX = 3 // For validation
|
|
-};
|
|
|
|
typedef union cred_ptr_union_type {
|
|
- V4Cred_type* pV4Cred;
|
|
cc_creds* pV5Cred;
|
|
} cred_ptr_union;
|
|
|
|
@@ -223,16 +179,15 @@ cc_get_change_time(
|
|
** create, open, close, destroy, get_principal, get_cred_version, &
|
|
** lock_request
|
|
**
|
|
-** Multiple NCs are allowed within the main cache. Each has a Name
|
|
-** and kerberos version # (V4 or V5). Caller gets "ccache_ptr"s for
|
|
-** NCs.
|
|
+** Multiple NCs are allowed within the main cache. Each has a Name and
|
|
+** kerberos version # (V5). Caller gets "ccache_ptr"s for NCs.
|
|
*/
|
|
CCACHE_API
|
|
cc_create(
|
|
apiCB* cc_ctx, // > DLL's primary control structure
|
|
const char* name, // > name of cache to be [destroyed if exists, then] created
|
|
const char* principal,
|
|
- cc_int32 vers, // > ticket version (CC_CRED_V4 or CC_CRED_V5)
|
|
+ cc_int32 vers, // > ticket version (CC_CRED_V5)
|
|
cc_uint32 cc_flags, // > options
|
|
ccache_p** ccache_ptr // < NC control structure
|
|
);
|
|
@@ -241,7 +196,7 @@ CCACHE_API
|
|
cc_open(
|
|
apiCB* cc_ctx, // > DLL's primary control structure
|
|
const char* name, // > name of pre-created cache
|
|
- cc_int32 vers, // > ticket version (CC_CRED_V4 or CC_CRED_V5)
|
|
+ cc_int32 vers, // > ticket version (CC_CRED_V5)
|
|
cc_uint32 cc_flags, // > options
|
|
ccache_p** ccache_ptr // < NC control structure
|
|
);
|