Author: lha Date: 2007-06-26 11:15:08 +0000 (Tue, 26 Jun 2007) New Revision: 760
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=lorikeet&rev=760 Log: Merged with Heimdal svn revision 21332 Modified: trunk/heimdal/ChangeLog trunk/heimdal/lib/hx509/ChangeLog trunk/heimdal/lib/hx509/hxtool.c trunk/heimdal/lib/hx509/version-script.map trunk/heimdal/lib/krb5/get_cred.c trunk/heimdal/lib/krb5/krb5_get_credentials.3 Changeset: Modified: trunk/heimdal/ChangeLog =================================================================== --- trunk/heimdal/ChangeLog 2007-06-26 10:27:40 UTC (rev 759) +++ trunk/heimdal/ChangeLog 2007-06-26 11:15:08 UTC (rev 760) @@ -1,3 +1,11 @@ +2007-06-26 Love H�rnquist �strand <[EMAIL PROTECTED]> + + * lib/krb5/get_cred.c: Add krb5_get_renewed_creds. + + * lib/krb5/krb5_get_credentials.3: add krb5_get_renewed_creds + + * lib/krb5/pkinit.c: Use hx509_cms_unwrap_ContentInfo. + 2007-06-25 Love H�rnquist �strand <[EMAIL PROTECTED]> * doc/setup.texi: Add example for pkinit_win2k_require_binding Modified: trunk/heimdal/lib/hx509/ChangeLog =================================================================== --- trunk/heimdal/lib/hx509/ChangeLog 2007-06-26 10:27:40 UTC (rev 759) +++ trunk/heimdal/lib/hx509/ChangeLog 2007-06-26 11:15:08 UTC (rev 760) @@ -1,3 +1,11 @@ +2007-06-26 Love H�rnquist �strand <[EMAIL PROTECTED]> + + * version-script.map: Export more crap^W semiprivate functions. + + * hxtool.c: don't _hx509_abort + + * version-script.map: add missing ; + 2007-06-25 Love H�rnquist �strand <[EMAIL PROTECTED]> * cms.c: Use hx509_crypto_random_iv. Modified: trunk/heimdal/lib/hx509/hxtool.c =================================================================== --- trunk/heimdal/lib/hx509/hxtool.c 2007-06-26 10:27:40 UTC (rev 759) +++ trunk/heimdal/lib/hx509/hxtool.c 2007-06-26 11:15:08 UTC (rev 760) @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: hxtool.c 21312 2007-06-25 18:27:28Z lha $"); +RCSID("$Id: hxtool.c 21330 2007-06-26 11:09:55Z lha $"); #include <hxtool-commands.h> #include <sl.h> @@ -1917,7 +1917,8 @@ lock_strings(lock, &opt->pass_strings); ret = hx509_crl_alloc(context, &crl); - if (ret) _hx509_abort("hx509_crl_alloc"); + if (ret) + errx(1, "crl alloc"); if (opt->signer_string == NULL) errx(1, "signer missing"); Modified: trunk/heimdal/lib/hx509/version-script.map =================================================================== --- trunk/heimdal/lib/hx509/version-script.map 2007-06-26 10:27:40 UTC (rev 759) +++ trunk/heimdal/lib/hx509/version-script.map 2007-06-26 11:15:08 UTC (rev 760) @@ -183,10 +183,36 @@ hx509_verify_set_time; hx509_verify_signature; hx509_pem_write; + hx509_pem_add_header; + hx509_pem_find_header; + hx509_pem_free_header; + _hx509_write_file; _hx509_map_file; _hx509_map_file_os; _hx509_unmap_file; _hx509_unmap_file_os; + _hx509_certs_keys_free; + _hx509_certs_keys_get; + _hx509_request_init; + _hx509_request_set_name; + _hx509_request_set_email; + _hx509_request_set_SubjectPublicKeyInfo; + _hx509_request_to_pkcs10; + _hx509_request_to_pkcs10; + _hx509_request_free; + _hx509_private_key_ref; + _hx509_private_key_free; + _hx509_private_key2SPKI; + _hx509_generate_private_key_init; + _hx509_generate_private_key_is_ca; + _hx509_generate_private_key_bits; + _hx509_generate_private_key; + _hx509_generate_private_key_free; + _hx509_cert_assign_key; + _hx509_cert_private_key; + _hx509_name_from_Name; + decode_CertificationRequest; + free_CertificationRequest; local: *; }; Modified: trunk/heimdal/lib/krb5/get_cred.c =================================================================== --- trunk/heimdal/lib/krb5/get_cred.c 2007-06-26 10:27:40 UTC (rev 759) +++ trunk/heimdal/lib/krb5/get_cred.c 2007-06-26 11:15:08 UTC (rev 760) @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: get_cred.c 21253 2007-06-21 04:24:24Z lha $"); +RCSID("$Id: get_cred.c 21327 2007-06-26 10:54:15Z lha $"); /* * Take the `body' and encode it into `padata' using the credentials @@ -1210,3 +1210,62 @@ krb5_cc_store_cred(context, ccache, *out_creds); return ret; } + +/* + * + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_renewed_creds(krb5_context context, + krb5_creds *creds, + krb5_const_principal client, + krb5_ccache ccache, + const char *in_tkt_service) +{ + krb5_error_code ret; + krb5_kdc_flags flags; + krb5_creds in, *template; + + memset(&in, 0, sizeof(in)); + + ret = krb5_copy_principal(context, client, &in.client); + if (ret) + return ret; + + if (in_tkt_service) { + ret = krb5_parse_name(context, in_tkt_service, &in.server); + if (ret) { + krb5_free_principal(context, in.client); + return ret; + } + } else { + const char *realm = krb5_principal_get_realm(context, client); + + ret = krb5_make_principal(context, &in.server, realm, KRB5_TGS_NAME, + realm, NULL); + if (ret) { + krb5_free_principal(context, in.client); + return ret; + } + } + + flags.i = 0; + flags.b.renewable = flags.b.renew = 1; + + /* + * Get template from old credential cache for the same entry, if + * this failes, no worries. + */ + ret = krb5_get_credentials(context, KRB5_GC_CACHED, ccache, &in, &template); + if (ret == 0) { + flags.b.forwardable = template->flags.b.forwardable; + flags.b.proxiable = template->flags.b.proxiable; + krb5_free_creds (context, template); + } + + ret = krb5_get_kdc_cred(context, ccache, flags, NULL, NULL, &in, &creds); + krb5_free_principal(context, in.client); + krb5_free_principal(context, in.server); + + return ret; +} Modified: trunk/heimdal/lib/krb5/krb5_get_credentials.3 =================================================================== --- trunk/heimdal/lib/krb5/krb5_get_credentials.3 2007-06-26 10:27:40 UTC (rev 759) +++ trunk/heimdal/lib/krb5/krb5_get_credentials.3 2007-06-26 11:15:08 UTC (rev 760) @@ -29,7 +29,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $Id: krb5_get_credentials.3 20340 2007-04-15 17:57:00Z lha $ +.\" $Id: krb5_get_credentials.3 21328 2007-06-26 10:58:10Z lha $ .\" .Dd July 26, 2004 .Dt KRB5_GET_CREDENTIALS 3 @@ -39,7 +39,8 @@ .Nm krb5_get_credentials_with_flags , .Nm krb5_get_cred_from_kdc , .Nm krb5_get_cred_from_kdc_opt , -.Nm krb5_get_kdc_cred +.Nm krb5_get_kdc_cred , +.Nm krb5_get_renewed_creds .Nd get credentials from the KDC using krbtgt .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) @@ -89,6 +90,14 @@ .Fa "krb5_creds *in_creds" .Fa "krb5_creds **out_creds" .Fc +.Ft krb5_error_code +.Fo krb5_get_renewed_creds +.Fa "krb5_context context" +.Fa "krb5_creds *creds" +.Fa "krb5_const_principal client" +.Fa "krb5_ccache ccache" +.Fa "const char *in_tkt_service" +.Fc .Sh DESCRIPTION .Fn krb5_get_credentials_with_flags get credentials specified by @@ -149,6 +158,20 @@ .Fn krb5_get_kdc_cred does the same as the functions above, but the caller must fill in all the information andits closer to the wire protocol. +.Pp +.Fn krb5_get_renewed_creds +renews a credential given by +.Fa in_tkt_service +(if +.Dv NULL +the default +.Li krbtgt ) +using the credential cache +.Fa ccache . +The result is stored in +.Fa creds +and should be freed using +.Fa krb5_free_creds . .Sh EXAMPLES Here is a example function that get a credential from a credential cache .Fa id
