1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
|
/*
* Portability wrapper around krb5.h.
*
* This header includes krb5.h and then adjusts for various portability
* issues, primarily between MIT Kerberos and Heimdal, so that code can be
* written to a consistent API.
*
* Unfortunately, due to the nature of the differences between MIT Kerberos
* and Heimdal, it's not possible to write code to either one of the APIs and
* adjust for the other one. In general, this header tries to make available
* the Heimdal API and fix it for MIT Kerberos, but there are places where MIT
* Kerberos requires a more specific call. For those cases, it provides the
* most specific interface.
*
* For example, MIT Kerberos has krb5_free_unparsed_name() whereas Heimdal
* prefers the generic krb5_xfree(). In this case, this header provides
* krb5_free_unparsed_name() for both APIs since it's the most specific call.
*
* The canonical version of this file is maintained in the rra-c-util package,
* which can be found at <https://www.eyrie.org/~eagle/software/rra-c-util/>.
*
* Written by Russ Allbery <eagle@eyrie.org>
* Copyright 2015, 2017 Russ Allbery <eagle@eyrie.org>
* Copyright 2010-2014
* The Board of Trustees of the Leland Stanford Junior University
*
* Copying and distribution of this file, with or without modification, are
* permitted in any medium without royalty provided the copyright notice and
* this notice are preserved. This file is offered as-is, without any
* warranty.
*
* SPDX-License-Identifier: FSFAP
*/
#ifndef PORTABLE_KRB5_H
#define PORTABLE_KRB5_H 1
/*
* Allow inclusion of config.h to be skipped, since sometimes we have to use a
* stripped-down version of config.h with a different name.
*/
#ifndef CONFIG_H_INCLUDED
# include <config.h>
#endif
#include <portable/macros.h>
#if defined(HAVE_KRB5_H)
# include <krb5.h>
#elif defined(HAVE_KERBEROSV5_KRB5_H)
# include <kerberosv5/krb5.h>
#else
# include <krb5/krb5.h>
#endif
#include <stdlib.h>
BEGIN_DECLS
/* Default to a hidden visibility for all portability functions. */
#pragma GCC visibility push(hidden)
/*
* AIX included Kerberos includes the profile library but not the
* krb5_appdefault functions, so we provide replacements that we have to
* prototype.
*/
#ifndef HAVE_KRB5_APPDEFAULT_STRING
void krb5_appdefault_boolean(krb5_context, const char *, const krb5_data *,
const char *, int, int *);
void krb5_appdefault_string(krb5_context, const char *, const krb5_data *,
const char *, const char *, char **);
#endif
/*
* MIT-specific. The Heimdal documentation says to use free(), but that
* doesn't actually make sense since the memory is allocated inside the
* Kerberos library. Use krb5_xfree instead.
*/
#ifndef HAVE_KRB5_FREE_DEFAULT_REALM
# define krb5_free_default_realm(c, r) krb5_xfree(r)
#endif
/*
* krb5_{get,free}_error_message are the preferred APIs for both current MIT
* and current Heimdal, but there are tons of older APIs we may have to fall
* back on for earlier versions.
*
* This function should be called immediately after the corresponding error
* without any intervening Kerberos calls. Otherwise, the correct error
* message and supporting information may not be returned.
*/
#ifndef HAVE_KRB5_GET_ERROR_MESSAGE
const char *krb5_get_error_message(krb5_context, krb5_error_code);
#endif
#ifndef HAVE_KRB5_FREE_ERROR_MESSAGE
void krb5_free_error_message(krb5_context, const char *);
#endif
/*
* Both current MIT and current Heimdal prefer _opt_alloc and _opt_free, but
* older versions of both require allocating your own struct and calling
* _opt_init.
*/
#ifndef HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC
krb5_error_code krb5_get_init_creds_opt_alloc(krb5_context,
krb5_get_init_creds_opt **);
#endif
#ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_FREE
# ifndef HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_2_ARGS
# define krb5_get_init_creds_opt_free(c, o) krb5_get_init_creds_opt_free(o)
# endif
#else
# define krb5_get_init_creds_opt_free(c, o) free(o)
#endif
/* Heimdal-specific. */
#ifndef HAVE_KRB5_GET_INIT_CREDS_OPT_SET_DEFAULT_FLAGS
# define krb5_get_init_creds_opt_set_default_flags(c, p, r, o) /* empty */
#endif
/*
* Heimdal: krb5_kt_free_entry, MIT: krb5_free_keytab_entry_contents. We
* check for the declaration rather than the function since the function is
* present in older MIT Kerberos libraries but not prototyped.
*/
#if !HAVE_DECL_KRB5_KT_FREE_ENTRY
# define krb5_kt_free_entry(c, e) krb5_free_keytab_entry_contents((c), (e))
#endif
/*
* Heimdal provides a nice function that just returns a const char *. On MIT,
* there's an accessor macro that returns the krb5_data pointer, which
* requires more work to get at the underlying char *.
*/
#ifndef HAVE_KRB5_PRINCIPAL_GET_REALM
const char *krb5_principal_get_realm(krb5_context, krb5_const_principal);
#endif
/* Undo default visibility change. */
#pragma GCC visibility pop
END_DECLS
#endif /* !PORTABLE_KRB5_H */
|
