svn commit: lorikeet r760 - in trunk/heimdal: . lib/hx509 lib/krb5

lha at samba.org lha at samba.org
Tue Jun 26 11:15:09 GMT 2007 

Author: lha
Date: 2007-06-26 11:15:08 +0000 (Tue, 26 Jun 2007)
New Revision: 760

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=lorikeet&rev=760

Log:
Merged with Heimdal svn revision 21332
Modified:
   trunk/heimdal/ChangeLog
   trunk/heimdal/lib/hx509/ChangeLog
   trunk/heimdal/lib/hx509/hxtool.c
   trunk/heimdal/lib/hx509/version-script.map
   trunk/heimdal/lib/krb5/get_cred.c
   trunk/heimdal/lib/krb5/krb5_get_credentials.3


Changeset:
Modified: trunk/heimdal/ChangeLog
===================================================================
--- trunk/heimdal/ChangeLog	2007-06-26 10:27:40 UTC (rev 759)
+++ trunk/heimdal/ChangeLog	2007-06-26 11:15:08 UTC (rev 760)
@@ -1,3 +1,11 @@
+2007-06-26  Love Hörnquist Åstrand  <lha at it.su.se>
+
+	* lib/krb5/get_cred.c: Add krb5_get_renewed_creds.
+
+	* lib/krb5/krb5_get_credentials.3: add krb5_get_renewed_creds
+
+	* lib/krb5/pkinit.c: Use hx509_cms_unwrap_ContentInfo.
+	
 2007-06-25  Love Hörnquist Åstrand  <lha at it.su.se>
 
 	* doc/setup.texi: Add example for pkinit_win2k_require_binding

Modified: trunk/heimdal/lib/hx509/ChangeLog
===================================================================
--- trunk/heimdal/lib/hx509/ChangeLog	2007-06-26 10:27:40 UTC (rev 759)
+++ trunk/heimdal/lib/hx509/ChangeLog	2007-06-26 11:15:08 UTC (rev 760)
@@ -1,3 +1,11 @@
+2007-06-26  Love Hörnquist Åstrand  <lha at it.su.se>
+
+	* version-script.map: Export more crap^W semiprivate functions.
+
+	* hxtool.c: don't _hx509_abort
+
+	* version-script.map: add missing ;
+
 2007-06-25  Love Hörnquist Åstrand  <lha at it.su.se>
 
 	* cms.c: Use hx509_crypto_random_iv.

Modified: trunk/heimdal/lib/hx509/hxtool.c
===================================================================
--- trunk/heimdal/lib/hx509/hxtool.c	2007-06-26 10:27:40 UTC (rev 759)
+++ trunk/heimdal/lib/hx509/hxtool.c	2007-06-26 11:15:08 UTC (rev 760)
@@ -32,7 +32,7 @@
  */
 
 #include "hx_locl.h"
-RCSID("$Id: hxtool.c 21312 2007-06-25 18:27:28Z lha $");
+RCSID("$Id: hxtool.c 21330 2007-06-26 11:09:55Z lha $");
 
 #include <hxtool-commands.h>
 #include <sl.h>
@@ -1917,7 +1917,8 @@
     lock_strings(lock, &opt->pass_strings);
 
     ret = hx509_crl_alloc(context, &crl);
-    if (ret) _hx509_abort("hx509_crl_alloc");
+    if (ret)
+	errx(1, "crl alloc");
 
     if (opt->signer_string == NULL)
 	errx(1, "signer missing");

Modified: trunk/heimdal/lib/hx509/version-script.map
===================================================================
--- trunk/heimdal/lib/hx509/version-script.map	2007-06-26 10:27:40 UTC (rev 759)
+++ trunk/heimdal/lib/hx509/version-script.map	2007-06-26 11:15:08 UTC (rev 760)
@@ -183,10 +183,36 @@
 		hx509_verify_set_time;
 		hx509_verify_signature;
 		hx509_pem_write;
+		hx509_pem_add_header;
+		hx509_pem_find_header;
+		hx509_pem_free_header;
+		_hx509_write_file;
 		_hx509_map_file;
 		_hx509_map_file_os;
 		_hx509_unmap_file;
 		_hx509_unmap_file_os;
+		_hx509_certs_keys_free;
+		_hx509_certs_keys_get;
+		_hx509_request_init;
+		_hx509_request_set_name;
+		_hx509_request_set_email;
+		_hx509_request_set_SubjectPublicKeyInfo;
+		_hx509_request_to_pkcs10;
+		_hx509_request_to_pkcs10;
+		_hx509_request_free;
+		_hx509_private_key_ref;
+		_hx509_private_key_free;
+		_hx509_private_key2SPKI;
+		_hx509_generate_private_key_init;
+		_hx509_generate_private_key_is_ca;
+		_hx509_generate_private_key_bits;
+		_hx509_generate_private_key;
+		_hx509_generate_private_key_free;
+		_hx509_cert_assign_key;
+		_hx509_cert_private_key;
+		_hx509_name_from_Name;
+		decode_CertificationRequest;
+		free_CertificationRequest;
 	local:
 		*;
 };

Modified: trunk/heimdal/lib/krb5/get_cred.c
===================================================================
--- trunk/heimdal/lib/krb5/get_cred.c	2007-06-26 10:27:40 UTC (rev 759)
+++ trunk/heimdal/lib/krb5/get_cred.c	2007-06-26 11:15:08 UTC (rev 760)
@@ -33,7 +33,7 @@
 
 #include <krb5_locl.h>
 
-RCSID("$Id: get_cred.c 21253 2007-06-21 04:24:24Z lha $");
+RCSID("$Id: get_cred.c 21327 2007-06-26 10:54:15Z lha $");
 
 /*
  * Take the `body' and encode it into `padata' using the credentials
@@ -1210,3 +1210,62 @@
 	krb5_cc_store_cred(context, ccache, *out_creds);
     return ret;
 }
+
+/*
+ *
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_renewed_creds(krb5_context context,
+		       krb5_creds *creds,
+		       krb5_const_principal client,
+		       krb5_ccache ccache,
+		       const char *in_tkt_service)
+{
+    krb5_error_code ret;
+    krb5_kdc_flags flags;
+    krb5_creds in, *template;
+
+    memset(&in, 0, sizeof(in));
+
+    ret = krb5_copy_principal(context, client, &in.client);
+    if (ret)
+	return ret;
+
+    if (in_tkt_service) {
+	ret = krb5_parse_name(context, in_tkt_service, &in.server);
+	if (ret) {
+	    krb5_free_principal(context, in.client);
+	    return ret;
+	}
+    } else {
+	const char *realm = krb5_principal_get_realm(context, client);
+	
+	ret = krb5_make_principal(context, &in.server, realm, KRB5_TGS_NAME,
+				  realm, NULL);
+	if (ret) {
+	    krb5_free_principal(context, in.client);
+	    return ret;
+	}
+    }
+
+    flags.i = 0;
+    flags.b.renewable = flags.b.renew = 1;
+
+    /*
+     * Get template from old credential cache for the same entry, if
+     * this failes, no worries.
+     */
+    ret = krb5_get_credentials(context, KRB5_GC_CACHED, ccache, &in, &template);
+    if (ret == 0) {
+	flags.b.forwardable = template->flags.b.forwardable;
+	flags.b.proxiable = template->flags.b.proxiable;
+	krb5_free_creds (context, template);
+    }
+
+    ret = krb5_get_kdc_cred(context, ccache, flags, NULL, NULL, &in, &creds);
+    krb5_free_principal(context, in.client);
+    krb5_free_principal(context, in.server);
+
+    return ret;
+}

Modified: trunk/heimdal/lib/krb5/krb5_get_credentials.3
===================================================================
--- trunk/heimdal/lib/krb5/krb5_get_credentials.3	2007-06-26 10:27:40 UTC (rev 759)
+++ trunk/heimdal/lib/krb5/krb5_get_credentials.3	2007-06-26 11:15:08 UTC (rev 760)
@@ -29,7 +29,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $Id: krb5_get_credentials.3 20340 2007-04-15 17:57:00Z lha $
+.\" $Id: krb5_get_credentials.3 21328 2007-06-26 10:58:10Z lha $
 .\"
 .Dd July 26, 2004
 .Dt KRB5_GET_CREDENTIALS 3
@@ -39,7 +39,8 @@
 .Nm krb5_get_credentials_with_flags ,
 .Nm krb5_get_cred_from_kdc ,
 .Nm krb5_get_cred_from_kdc_opt ,
-.Nm krb5_get_kdc_cred
+.Nm krb5_get_kdc_cred ,
+.Nm krb5_get_renewed_creds
 .Nd get credentials from the KDC using krbtgt
 .Sh LIBRARY
 Kerberos 5 Library (libkrb5, -lkrb5)
@@ -89,6 +90,14 @@
 .Fa "krb5_creds *in_creds"
 .Fa "krb5_creds **out_creds"
 .Fc
+.Ft krb5_error_code
+.Fo krb5_get_renewed_creds
+.Fa "krb5_context context"
+.Fa "krb5_creds *creds"
+.Fa "krb5_const_principal client"
+.Fa "krb5_ccache ccache"
+.Fa "const char *in_tkt_service"
+.Fc
 .Sh DESCRIPTION
 .Fn krb5_get_credentials_with_flags
 get credentials specified by
@@ -149,6 +158,20 @@
 .Fn krb5_get_kdc_cred
 does the same as the functions above, but the caller must fill in all
 the information andits closer to the wire protocol.
+.Pp
+.Fn krb5_get_renewed_creds
+renews a credential given by
+.Fa in_tkt_service
+(if
+.Dv NULL
+the default
+.Li krbtgt )
+using the credential cache
+.Fa ccache .
+The result is stored in
+.Fa creds
+and should be freed using
+.Fa krb5_free_creds .
 .Sh EXAMPLES
 Here is a example function that get a credential from a credential cache
 .Fa id

More information about the samba-cvs mailing list