Permalink
Browse files

ticket: 6974

subject: Make krb5_pac_sign public

krb5int_pac_sign was created as a private API because it is only
needed by the KDC.  But it is actually used by DAL or authdata plugin
modules, not the core KDC code.  Since plugin modules should not need
to consume internal libkrb5 functions, rename krb5int_pac_sign to
krb5_pac_sign and make it public.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25325 dc483132-0cff-0310-8789-dd5450dbe970
  • Loading branch information...
1 parent 3f6703d commit 297cb47b92892daa52092c932bc5345b2fcb9285 ghudson committed Oct 12, 2011
@@ -2786,15 +2786,6 @@ k5alloc(size_t len, krb5_error_code *code)
}
krb5_error_code KRB5_CALLCONV
-krb5int_pac_sign(krb5_context context,
- krb5_pac pac,
- krb5_timestamp authtime,
- krb5_const_principal principal,
- const krb5_keyblock *server_key,
- const krb5_keyblock *privsvr_key,
- krb5_data *data);
-
-krb5_error_code KRB5_CALLCONV
krb5_get_credentials_for_user(krb5_context context, krb5_flags options,
krb5_ccache ccache,
krb5_creds *in_creds,
@@ -7495,6 +7495,27 @@ krb5_pac_verify(krb5_context context, const krb5_pac pac,
const krb5_keyblock *server, const krb5_keyblock *privsvr);
/**
+ * Sign a PAC.
+ *
+ * @param [in] context Library context
+ * @param [in] pac PAC handle
+ * @param [in] authtime Expected timestamp
+ * @param [in] principal Expected principal name (or NULL)
+ * @param [in] server Key for server checksum
+ * @param [in] privsvr Key for KDC checksum
+ * @param [out] data Signed PAC encoding
+ *
+ * This function signs @a pac using the keys @a server and @a privsvr and
+ * returns the signed encoding in @a data. @a pac is modified to include the
+ * server and KDC checksum buffers. Use krb5_free_data_contents() to free @a
+ * data when it is no longer needed.
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_pac_sign(krb5_context context, krb5_pac pac, krb5_timestamp authtime,
+ krb5_const_principal principal, const krb5_keyblock *server_key,
+ const krb5_keyblock *privsvr_key, krb5_data *data);
+
+/**
* Allow the appplication to override the profile's allow_weak_crypto setting.
*
* @param [in] context Library context
@@ -180,13 +180,9 @@ k5_pac_encode_header(krb5_context context, krb5_pac pac)
}
krb5_error_code KRB5_CALLCONV
-krb5int_pac_sign(krb5_context context,
- krb5_pac pac,
- krb5_timestamp authtime,
- krb5_const_principal principal,
- const krb5_keyblock *server_key,
- const krb5_keyblock *privsvr_key,
- krb5_data *data)
+krb5_pac_sign(krb5_context context, krb5_pac pac, krb5_timestamp authtime,
+ krb5_const_principal principal, const krb5_keyblock *server_key,
+ const krb5_keyblock *privsvr_key, krb5_data *data)
{
krb5_error_code ret;
krb5_data server_cksum, privsvr_cksum;
@@ -149,10 +149,10 @@ main(int argc, char **argv)
if (ret)
err(context, ret, "krb5_pac_verify");
- ret = krb5int_pac_sign(context, pac, authtime, p,
- &member_keyblock, &kdc_keyblock, &data);
+ ret = krb5_pac_sign(context, pac, authtime, p,
+ &member_keyblock, &kdc_keyblock, &data);
if (ret)
- err(context, ret, "krb5int_pac_sign");
+ err(context, ret, "krb5_pac_sign");
krb5_pac_free(context, pac);
@@ -204,10 +204,10 @@ main(int argc, char **argv)
}
free(list);
- ret = krb5int_pac_sign(context, pac2, authtime, p,
- &member_keyblock, &kdc_keyblock, &data);
+ ret = krb5_pac_sign(context, pac2, authtime, p,
+ &member_keyblock, &kdc_keyblock, &data);
if (ret)
- err(context, ret, "krb5int_pac_sign 4");
+ err(context, ret, "krb5_pac_sign 4");
krb5_pac_free(context, pac2);
@@ -283,10 +283,10 @@ main(int argc, char **argv)
krb5_free_data_contents(context, &data);
}
- ret = krb5int_pac_sign(context, pac, authtime, p,
- &member_keyblock, &kdc_keyblock, &data);
+ ret = krb5_pac_sign(context, pac, authtime, p,
+ &member_keyblock, &kdc_keyblock, &data);
if (ret)
- err(context, ret, "krb5int_pac_sign");
+ err(context, ret, "krb5_pac_sign");
krb5_pac_free(context, pac);
@@ -465,6 +465,7 @@ krb5_pac_get_buffer
krb5_pac_get_types
krb5_pac_init
krb5_pac_parse
+krb5_pac_sign
krb5_pac_verify
krb5_parse_name
krb5_parse_name_flags
@@ -617,7 +618,6 @@ krb5int_get_authdata_containee_types
krb5int_init_context_kdc
krb5int_init_trace
krb5int_initialize_library
-krb5int_pac_sign
krb5int_sendtokdc_debug_handler
krb5int_trace
profile_abandon
View
@@ -418,3 +418,4 @@ EXPORTS
krb5_cc_switch @392
krb5_free_string @393
krb5_cc_select @394
+ krb5_pac_sign @395

0 comments on commit 297cb47

Please sign in to comment.