OM_uint32 gss_release_cred (OM_uint32 * minor_status, gss_cred_id_t * cred_handle ) { *minor_status = 0; if (*cred_handle == GSS_C_NO_CREDENTIAL) { return GSS_S_COMPLETE; } GSSAPI_KRB5_INIT (); HEIMDAL_MUTEX_lock(&(*cred_handle)->cred_id_mutex); if ((*cred_handle)->principal != NULL) krb5_free_principal(gssapi_krb5_context, (*cred_handle)->principal); if ((*cred_handle)->keytab != NULL) krb5_kt_close(gssapi_krb5_context, (*cred_handle)->keytab); if ((*cred_handle)->ccache != NULL) { const krb5_cc_ops *ops; ops = krb5_cc_get_ops(gssapi_krb5_context, (*cred_handle)->ccache); if (ops == &krb5_mcc_ops) krb5_cc_destroy(gssapi_krb5_context, (*cred_handle)->ccache); else krb5_cc_close(gssapi_krb5_context, (*cred_handle)->ccache); } gss_release_oid_set(NULL, &(*cred_handle)->mechanisms); HEIMDAL_MUTEX_unlock(&(*cred_handle)->cred_id_mutex); HEIMDAL_MUTEX_destroy(&(*cred_handle)->cred_id_mutex); memset(*cred_handle, 0, sizeof(**cred_handle)); free(*cred_handle); *cred_handle = GSS_C_NO_CREDENTIAL; return GSS_S_COMPLETE; }
OM_uint32 GSSAPI_CALLCONV _gsskrb5_context_time (OM_uint32 * minor_status, const gss_ctx_id_t context_handle, OM_uint32 * time_rec ) { krb5_context context; OM_uint32 lifetime; OM_uint32 major_status; const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle; GSSAPI_KRB5_INIT (&context); HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); lifetime = ctx->lifetime; HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); major_status = _gsskrb5_lifetime_left(minor_status, context, lifetime, time_rec); if (major_status != GSS_S_COMPLETE) return major_status; *minor_status = 0; if (*time_rec == 0) return GSS_S_CONTEXT_EXPIRED; return GSS_S_COMPLETE; }
OM_uint32 gss_context_time (OM_uint32 * minor_status, const gss_ctx_id_t context_handle, OM_uint32 * time_rec ) { OM_uint32 lifetime; OM_uint32 major_status; GSSAPI_KRB5_INIT (); HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); lifetime = context_handle->lifetime; HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); major_status = gssapi_lifetime_left(minor_status, lifetime, time_rec); if (major_status != GSS_S_COMPLETE) return major_status; *minor_status = 0; if (*time_rec == 0) return GSS_S_CONTEXT_EXPIRED; return GSS_S_COMPLETE; }
static OM_uint32 get_authtime(OM_uint32 *minor_status, gsskrb5_ctx ctx, gss_buffer_set_t *data_set) { gss_buffer_desc value; unsigned char buf[4]; OM_uint32 authtime; HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); if (ctx->ticket == NULL) { HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); _gsskrb5_set_status(EINVAL, "No ticket to obtain auth time from"); *minor_status = EINVAL; return GSS_S_FAILURE; } authtime = ctx->ticket->ticket.authtime; HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); _gsskrb5_encode_om_uint32(authtime, buf); value.length = sizeof(buf); value.value = buf; return gss_add_buffer_set_member(minor_status, &value, data_set); }
static OM_uint32 inquire_sec_context_tkt_flags (OM_uint32 *minor_status, const gsskrb5_ctx context_handle, gss_buffer_set_t *data_set) { OM_uint32 tkt_flags; unsigned char buf[4]; gss_buffer_desc value; HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); if (context_handle->ticket == NULL) { HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); _gsskrb5_set_status(EINVAL, "No ticket from which to obtain flags"); *minor_status = EINVAL; return GSS_S_BAD_MECH; } tkt_flags = TicketFlags2int(context_handle->ticket->ticket.flags); HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); _gsskrb5_encode_om_uint32(tkt_flags, buf); value.length = sizeof(buf); value.value = buf; return gss_add_buffer_set_member(minor_status, &value, data_set); }
static krb5_error_code mcc_get_cache_next(krb5_context context, krb5_cc_cursor cursor, krb5_ccache *id) { struct mcache_iter *iter = cursor; krb5_error_code ret; krb5_mcache *m; if (iter->cache == NULL) return KRB5_CC_END; HEIMDAL_MUTEX_lock(&mcc_mutex); m = iter->cache; if (m->next) m->next->refcnt++; iter->cache = m->next; HEIMDAL_MUTEX_unlock(&mcc_mutex); ret = _krb5_cc_allocate(context, &krb5_mcc_ops, id); if (ret) return ret; (*id)->data.data = m; (*id)->data.length = sizeof(*m); return 0; }
static krb5_error_code kcm_op_get_kdc_offset(krb5_context context, kcm_client *client, kcm_operation opcode, krb5_storage *request, krb5_storage *response) { krb5_error_code ret; kcm_ccache ccache; char *name; ret = krb5_ret_stringz(request, &name); if (ret) return ret; KCM_LOG_REQUEST_NAME(context, client, opcode, name); ret = kcm_ccache_resolve_client(context, client, opcode, name, &ccache); free(name); if (ret) return ret; HEIMDAL_MUTEX_lock(&ccache->mutex); ret = krb5_store_int32(response, ccache->kdc_offset); HEIMDAL_MUTEX_unlock(&ccache->mutex); kcm_release_ccache(context, ccache); return ret; }
static krb5_error_code KRB5_CALLCONV mkt_close(krb5_context context, krb5_keytab id) { struct mkt_data *d = id->data, **dp; int i; HEIMDAL_MUTEX_lock(&mkt_mutex); if (d->refcount < 1) krb5_abortx(context, "krb5 internal error, memory keytab refcount < 1 on close"); if (--d->refcount > 0) { HEIMDAL_MUTEX_unlock(&mkt_mutex); return 0; } for (dp = &mkt_head; *dp != NULL; dp = &(*dp)->next) { if (*dp == d) { *dp = d->next; break; } } HEIMDAL_MUTEX_unlock(&mkt_mutex); free(d->name); for(i = 0; i < d->num_entries; i++) krb5_kt_free_entry(context, &d->entries[i]); free(d->entries); free(d); return 0; }
krb5_error_code _gsskrb5_init (krb5_context *context) { krb5_error_code ret = 0; HEIMDAL_MUTEX_lock(&context_mutex); if (!created_key) { HEIMDAL_key_create(&context_key, destroy_context, ret); if (ret) { HEIMDAL_MUTEX_unlock(&context_mutex); return ret; } created_key = 1; } HEIMDAL_MUTEX_unlock(&context_mutex); *context = HEIMDAL_getspecific(context_key); if (*context == NULL) { ret = krb5_init_context(context); if (ret == 0) { HEIMDAL_setspecific(context_key, *context, ret); if (ret) { krb5_free_context(*context); *context = NULL; } } } return ret; }
krb5_error_code kcm_ccache_resolve(krb5_context context, const char *name, kcm_ccache *ccache) { kcm_ccache p; krb5_error_code ret; *ccache = NULL; ret = KRB5_FCC_NOFILE; HEIMDAL_MUTEX_lock(&ccache_mutex); for (p = ccache_head; p != NULL; p = p->next) { if ((p->flags & KCM_FLAGS_VALID) == 0) continue; if (strcmp(p->name, name) == 0) { ret = 0; break; } } if (ret == 0) { kcm_retain_ccache(context, p); *ccache = p; } HEIMDAL_MUTEX_unlock(&ccache_mutex); return ret; }
krb5_error_code kcm_ccache_resolve_by_uuid(krb5_context context, kcmuuid_t uuid, kcm_ccache *ccache) { kcm_ccache p; krb5_error_code ret; *ccache = NULL; ret = KRB5_FCC_NOFILE; HEIMDAL_MUTEX_lock(&ccache_mutex); for (p = ccache_head; p != NULL; p = p->next) { if ((p->flags & KCM_FLAGS_VALID) == 0) continue; if (memcmp(p->uuid, uuid, sizeof(kcmuuid_t)) == 0) { ret = 0; break; } } if (ret == 0) { kcm_retain_ccache(context, p); *ccache = p; } HEIMDAL_MUTEX_unlock(&ccache_mutex); return ret; }
krb5_error_code kcm_ccache_destroy(krb5_context context, const char *name) { kcm_ccache *p, ccache; krb5_error_code ret; ret = KRB5_FCC_NOFILE; HEIMDAL_MUTEX_lock(&ccache_mutex); for (p = &ccache_head; *p != NULL; p = &(*p)->next) { if (((*p)->flags & KCM_FLAGS_VALID) == 0) continue; if (strcmp((*p)->name, name) == 0) { ret = 0; break; } } if (ret) goto out; if ((*p)->refcnt != 1) { ret = EAGAIN; goto out; } ccache = *p; *p = (*p)->next; kcm_free_ccache_data_internal(context, ccache); free(ccache); out: HEIMDAL_MUTEX_unlock(&ccache_mutex); return ret; }
krb5_error_code kcm_ccache_get_uuids(krb5_context context, kcm_client *client, kcm_operation opcode, krb5_storage *sp) { krb5_error_code ret; kcm_ccache p; ret = KRB5_FCC_NOFILE; HEIMDAL_MUTEX_lock(&ccache_mutex); for (p = ccache_head; p != NULL; p = p->next) { if ((p->flags & KCM_FLAGS_VALID) == 0) continue; ret = kcm_access(context, client, opcode, p); if (ret) { ret = 0; continue; } krb5_storage_write(sp, p->uuid, sizeof(p->uuid)); } HEIMDAL_MUTEX_unlock(&ccache_mutex); return ret; }
OM_uint32 gss_krb5_copy_ccache(OM_uint32 *minor_status, krb5_context context, gss_cred_id_t cred, krb5_ccache out) { krb5_error_code kret; HEIMDAL_MUTEX_lock(&cred->cred_id_mutex); if (cred->ccache == NULL) { HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex); *minor_status = EINVAL; return GSS_S_FAILURE; } kret = krb5_cc_copy_cache(context, cred->ccache, out); HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex); if (kret) { *minor_status = kret; return GSS_S_FAILURE; } *minor_status = 0; return GSS_S_COMPLETE; }
OM_uint32 _gss_spnego_process_context_token (OM_uint32 *minor_status, const gss_ctx_id_t context_handle, const gss_buffer_t token_buffer ) { gss_ctx_id_t context ; gssspnego_ctx ctx; OM_uint32 ret; if (context_handle == GSS_C_NO_CONTEXT) return GSS_S_NO_CONTEXT; context = context_handle; ctx = (gssspnego_ctx)context_handle; HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); ret = gss_process_context_token(minor_status, ctx->negotiated_ctx_id, token_buffer); if (ret != GSS_S_COMPLETE) { HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); return ret; } ctx->negotiated_ctx_id = GSS_C_NO_CONTEXT; return _gss_spnego_internal_delete_sec_context(minor_status, &context, GSS_C_NO_BUFFER); }
krb5_error_code kcm_chown(krb5_context context, kcm_client *client, kcm_ccache ccache, uid_t uid, gid_t gid) { KCM_ASSERT_VALID(ccache); /* System cache owner can only be set at startup */ if (ccache->flags & KCM_FLAGS_OWNER_IS_SYSTEM) return KRB5_FCC_PERM; if (ccache->uid != client->uid) return KRB5_FCC_PERM; if (ccache->gid != client->gid) return KRB5_FCC_PERM; HEIMDAL_MUTEX_lock(&ccache->mutex); ccache->uid = uid; ccache->gid = gid; HEIMDAL_MUTEX_unlock(&ccache->mutex); return 0; }
static krb5_error_code mcc_resolve(krb5_context context, krb5_ccache *id, const char *res) { krb5_mcache *m; HEIMDAL_MUTEX_lock(&mcc_mutex); for (m = mcc_head; m != NULL; m = m->next) if (strcmp(m->name, res) == 0) break; HEIMDAL_MUTEX_unlock(&mcc_mutex); if (m != NULL) { m->refcnt++; (*id)->data.data = m; (*id)->data.length = sizeof(*m); return 0; } m = mcc_alloc(res); if (m == NULL) { krb5_set_error_string (context, "malloc: out of memory"); return KRB5_CC_NOMEM; } (*id)->data.data = m; (*id)->data.length = sizeof(*m); return 0; }
static OM_uint32 inquire_sec_context_has_updated_spnego (OM_uint32 *minor_status, const gsskrb5_ctx context_handle, gss_buffer_set_t *data_set) { int is_updated = 0; *minor_status = 0; *data_set = GSS_C_NO_BUFFER_SET; /* * For Windows SPNEGO implementations, both the initiator and the * acceptor are assumed to have been updated if a "newer" [CLAR] or * different enctype is negotiated for use by the Kerberos GSS-API * mechanism. */ HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); is_updated = (context_handle->more_flags & IS_CFX); if (is_updated == 0) { krb5_keyblock *acceptor_subkey; if (context_handle->more_flags & LOCAL) acceptor_subkey = context_handle->auth_context->remote_subkey; else acceptor_subkey = context_handle->auth_context->local_subkey; if (acceptor_subkey != NULL) is_updated = (acceptor_subkey->keytype != context_handle->auth_context->keyblock->keytype); } HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); return is_updated ? GSS_S_COMPLETE : GSS_S_FAILURE; }
static krb5_error_code mcc_move(krb5_context context, krb5_ccache from, krb5_ccache to) { krb5_mcache *mfrom = MCACHE(from), *mto = MCACHE(to); struct link *creds; krb5_principal principal; krb5_mcache **n; HEIMDAL_MUTEX_lock(&mcc_mutex); /* drop the from cache from the linked list to avoid lookups */ for(n = &mcc_head; n && *n; n = &(*n)->next) { if(mfrom == *n) { *n = mfrom->next; break; } } /* swap creds */ creds = mto->creds; mto->creds = mfrom->creds; mfrom->creds = creds; /* swap principal */ principal = mto->primary_principal; mto->primary_principal = mfrom->primary_principal; mfrom->primary_principal = principal; HEIMDAL_MUTEX_unlock(&mcc_mutex); mcc_destroy(context, from); return 0; }
OM_uint32 _gss_spnego_import_sec_context ( OM_uint32 * minor_status, const gss_buffer_t interprocess_token, gss_ctx_id_t *context_handle ) { OM_uint32 ret, minor; gss_ctx_id_t context; gssspnego_ctx ctx; ret = _gss_spnego_alloc_sec_context(minor_status, &context); if (ret != GSS_S_COMPLETE) { return ret; } ctx = (gssspnego_ctx)context; HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); ret = gss_import_sec_context(minor_status, interprocess_token, &ctx->negotiated_ctx_id); if (ret != GSS_S_COMPLETE) { _gss_spnego_internal_delete_sec_context(&minor, context_handle, GSS_C_NO_BUFFER); return ret; } ctx->open = 1; /* don't bother filling in the rest of the fields */ HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); *context_handle = (gss_ctx_id_t)ctx; return GSS_S_COMPLETE; }
/** heim_db_register * @brief Registers a DB type for use with heim_db_create(). * * @param dbtype Name of DB type * @param data Private data argument to the dbtype's openf method * @param plugin Structure with DB type methods (function pointers) * * Backends that provide begin/commit/rollback methods must provide ACID * semantics. * * The registered DB type will have ACID semantics for backends that do * not provide begin/commit/rollback methods but do provide lock/unlock * and rdjournal/wrjournal methods (using a replay log journalling * scheme). * * If the registered DB type does not natively provide read vs. write * transaction isolation but does provide a lock method then the DB will * provide read/write transaction isolation. * * @return ENOMEM on failure, else 0. * * @addtogroup heimbase */ int heim_db_register(const char *dbtype, void *data, struct heim_db_type *plugin) { heim_dict_t plugins; heim_string_t s; db_plugin plug, plug2; int ret = 0; if ((plugin->beginf != NULL && plugin->commitf == NULL) || (plugin->beginf != NULL && plugin->rollbackf == NULL) || (plugin->lockf != NULL && plugin->unlockf == NULL) || plugin->copyf == NULL) heim_abort("Invalid DB plugin; make sure methods are paired"); /* Initialize */ plugins = heim_dict_create(11); if (plugins == NULL) return ENOMEM; heim_base_once_f(&db_plugin_init_once, plugins, db_init_plugins_once); heim_release(plugins); heim_assert(db_plugins != NULL, "heim_db plugin table initialized"); s = heim_string_create(dbtype); if (s == NULL) return ENOMEM; plug = heim_alloc(sizeof (*plug), "db_plug", plugin_dealloc); if (plug == NULL) { heim_release(s); return ENOMEM; } plug->name = heim_retain(s); plug->openf = plugin->openf; plug->clonef = plugin->clonef; plug->closef = plugin->closef; plug->lockf = plugin->lockf; plug->unlockf = plugin->unlockf; plug->syncf = plugin->syncf; plug->beginf = plugin->beginf; plug->commitf = plugin->commitf; plug->rollbackf = plugin->rollbackf; plug->copyf = plugin->copyf; plug->setf = plugin->setf; plug->delf = plugin->delf; plug->iterf = plugin->iterf; plug->data = data; HEIMDAL_MUTEX_lock(&db_type_mutex); plug2 = heim_dict_get_value(db_plugins, s); if (plug2 == NULL) ret = heim_dict_set_value(db_plugins, s, plug); HEIMDAL_MUTEX_unlock(&db_type_mutex); heim_release(plug); heim_release(s); return ret; }
krb5_error_code kcm_chmod(krb5_context context, kcm_client *client, kcm_ccache ccache, uint16_t mode) { KCM_ASSERT_VALID(ccache); /* System cache mode can only be set at startup */ if (ccache->flags & KCM_FLAGS_OWNER_IS_SYSTEM) return KRB5_FCC_PERM; if (ccache->uid != client->uid) return KRB5_FCC_PERM; if (ccache->gid != client->gid) return KRB5_FCC_PERM; HEIMDAL_MUTEX_lock(&ccache->mutex); ccache->mode = mode; HEIMDAL_MUTEX_unlock(&ccache->mutex); return 0; }
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_context_flags(unsigned int flags, krb5_context *context) { static heim_base_once_t init_context = HEIM_BASE_ONCE_INIT; krb5_context p; krb5_error_code ret; char **files = NULL; *context = NULL; p = calloc(1, sizeof(*p)); if (!p) return ENOMEM; p->mutex = malloc(sizeof(HEIMDAL_MUTEX)); if (p->mutex == NULL) { free(p); return ENOMEM; } HEIMDAL_MUTEX_init(p->mutex); HEIMDAL_MUTEX_lock(&homedir_mutex); if (allow_homedir) p->flags |= KRB5_CTX_F_HOMEDIR_ACCESS; HEIMDAL_MUTEX_unlock(&homedir_mutex); if ((flags & KRB5_CONTEXT_FLAG_NO_CONFIG) == 0) { ret = krb5_get_default_config_files(&files); if (ret) goto out; } ret = krb5_set_config_files(p, files); krb5_free_config_files(files); if (ret) goto out; heim_base_once_f(&init_context, p, init_context_once); /* init error tables */ krb5_init_ets(p); cc_ops_register(p); kt_ops_register(p); #ifdef PKINIT ret = hx509_context_init(&p->hx509ctx); if (ret) goto out; #endif if (rk_SOCK_INIT()) p->flags |= KRB5_CTX_F_SOCKETS_INITIALIZED; out: if (ret) { krb5_free_context(p); p = NULL; } *context = p; return ret; }
static krb5_error_code kcm_send_request(krb5_context context, krb5_storage *request, krb5_data *response_data) { krb5_error_code ret = 0; krb5_data request_data; HEIMDAL_MUTEX_lock(&kcm_mutex); if (kcm_ipc == NULL) ret = heim_ipc_init_context(kcm_ipc_name, &kcm_ipc); HEIMDAL_MUTEX_unlock(&kcm_mutex); if (ret) return KRB5_CC_NOSUPP; ret = krb5_storage_to_data(request, &request_data); if (ret) { krb5_clear_error_message(context); return KRB5_CC_NOMEM; } ret = heim_ipc_call(kcm_ipc, &request_data, response_data, NULL); krb5_data_free(&request_data); if (ret) { krb5_clear_error_message(context); ret = KRB5_CC_NOSUPP; } return ret; }
static struct mg_thread_ctx * _gss_mechglue_thread(void) { struct mg_thread_ctx *ctx; int ret = 0; HEIMDAL_MUTEX_lock(&context_mutex); if (!created_key) { HEIMDAL_key_create(&context_key, destroy_context, ret); if (ret) { HEIMDAL_MUTEX_unlock(&context_mutex); return NULL; } created_key = 1; } HEIMDAL_MUTEX_unlock(&context_mutex); ctx = HEIMDAL_getspecific(context_key); if (ctx == NULL) { ctx = calloc(1, sizeof(*ctx)); if (ctx == NULL) return NULL; HEIMDAL_setspecific(context_key, ctx, ret); if (ret) { free(ctx); return NULL; } } return ctx; }
struct gssapi_thr_context * gssapi_get_thread_context(int createp) { struct gssapi_thr_context *ctx; int ret; HEIMDAL_MUTEX_lock(&gssapi_krb5_context_mutex); if (!created_key) abort(); ctx = HEIMDAL_getspecific(gssapi_context_key); if (ctx == NULL) { if (!createp) goto fail; ctx = malloc(sizeof(*ctx)); if (ctx == NULL) goto fail; ctx->error_string = NULL; HEIMDAL_MUTEX_init(&ctx->mutex); HEIMDAL_setspecific(gssapi_context_key, ctx, ret); if (ret) goto fail; } HEIMDAL_MUTEX_unlock(&gssapi_krb5_context_mutex); return ctx; fail: HEIMDAL_MUTEX_unlock(&gssapi_krb5_context_mutex); if (ctx) free(ctx); return NULL; }
OM_uint32 _gsskrb5_unwrap (OM_uint32 * minor_status, const gss_ctx_id_t context_handle, const gss_buffer_t input_message_buffer, gss_buffer_t output_message_buffer, int * conf_state, gss_qop_t * qop_state ) { krb5_keyblock *key; krb5_context context; OM_uint32 ret; krb5_keytype keytype; gsskrb5_ctx ctx = (gsskrb5_ctx) context_handle; output_message_buffer->value = NULL; output_message_buffer->length = 0; GSSAPI_KRB5_INIT (&context); if (qop_state != NULL) *qop_state = GSS_C_QOP_DEFAULT; HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); ret = _gsskrb5i_get_token_key(ctx, context, &key); HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); if (ret) { *minor_status = ret; return GSS_S_FAILURE; } krb5_enctype_to_keytype (context, key->keytype, &keytype); *minor_status = 0; switch (keytype) { case KEYTYPE_DES : ret = unwrap_des (minor_status, ctx, input_message_buffer, output_message_buffer, conf_state, qop_state, key); break; case KEYTYPE_DES3 : ret = unwrap_des3 (minor_status, ctx, context, input_message_buffer, output_message_buffer, conf_state, qop_state, key); break; case KEYTYPE_ARCFOUR: case KEYTYPE_ARCFOUR_56: ret = _gssapi_unwrap_arcfour (minor_status, ctx, context, input_message_buffer, output_message_buffer, conf_state, qop_state, key); break; default : ret = _gssapi_unwrap_cfx (minor_status, ctx, context, input_message_buffer, output_message_buffer, conf_state, qop_state, key); break; } krb5_free_keyblock (context, key); return ret; }
void KRB5_LIB_FUNCTION krb5_free_error_string(krb5_context context, char *str) { HEIMDAL_MUTEX_lock(context->mutex); if (str != context->error_buf) free(str); HEIMDAL_MUTEX_unlock(context->mutex); }
void _krb5_unload_plugins(krb5_context context, const char *name) { HEIMDAL_MUTEX_lock(&plugin_mutex); heim_release(modules); modules = NULL; HEIMDAL_MUTEX_unlock(&plugin_mutex); }
OM_uint32 _gsskrb5_verify_mic_internal (OM_uint32 * minor_status, const gsskrb5_ctx ctx, krb5_context context, const gss_buffer_t message_buffer, const gss_buffer_t token_buffer, gss_qop_t * qop_state, char * type ) { krb5_keyblock *key; OM_uint32 ret; krb5_keytype keytype; if (ctx->more_flags & IS_CFX) return _gssapi_verify_mic_cfx (minor_status, ctx, context, message_buffer, token_buffer, qop_state); HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); ret = _gsskrb5i_get_token_key(ctx, context, &key); HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); if (ret) { *minor_status = ret; return GSS_S_FAILURE; } *minor_status = 0; krb5_enctype_to_keytype (context, key->keytype, &keytype); switch (keytype) { case KEYTYPE_DES : #ifdef HEIM_WEAK_CRYPTO ret = verify_mic_des (minor_status, ctx, context, message_buffer, token_buffer, qop_state, key, type); #else ret = GSS_S_FAILURE; #endif break; case KEYTYPE_DES3 : ret = verify_mic_des3 (minor_status, ctx, context, message_buffer, token_buffer, qop_state, key, type); break; case KEYTYPE_ARCFOUR : case KEYTYPE_ARCFOUR_56 : ret = _gssapi_verify_mic_arcfour (minor_status, ctx, context, message_buffer, token_buffer, qop_state, key, type); break; default : abort(); } krb5_free_keyblock (context, key); return ret; }