r12026 - in /branches/upstream/libauthen-krb5-perl/current: Changes Krb5.pm Krb5.xs Makefile.PL
ghostbar-guest at users.alioth.debian.org
ghostbar-guest at users.alioth.debian.org
Sat Jan 5 02:12:14 UTC 2008
Author: ghostbar-guest
Date: Sat Jan 5 02:12:14 2008
New Revision: 12026
URL: http://svn.debian.org/wsvn/?sc=1&rev=12026
Log:
[svn-upgrade] Integrating new upstream version, libauthen-krb5-perl (1.7)
Modified:
branches/upstream/libauthen-krb5-perl/current/Changes
branches/upstream/libauthen-krb5-perl/current/Krb5.pm
branches/upstream/libauthen-krb5-perl/current/Krb5.xs
branches/upstream/libauthen-krb5-perl/current/Makefile.PL
Modified: branches/upstream/libauthen-krb5-perl/current/Changes
URL: http://svn.debian.org/wsvn/branches/upstream/libauthen-krb5-perl/current/Changes?rev=12026&op=diff
==============================================================================
--- branches/upstream/libauthen-krb5-perl/current/Changes (original)
+++ branches/upstream/libauthen-krb5-perl/current/Changes Sat Jan 5 02:12:14 2008
@@ -1,30 +1,42 @@
Revision history for Perl extension Krb5.
-1.6 Add methods for iterating through credentials cache
- (mbrown at fensystems.co.uk)
- Deprecated init_ets
- Fix some compiler warnings
+1.7 Use standard search paths for includes and libs
+ Add get_init_creds_password (rra at debian.org)
+ Add get_init_creds_keytab (rra at debian.org)
+ Add a destructor for Authen::Krb5::Creds (rra at debian.org)
+ Add store_cred() method to Authen::Krb5::Ccache (rra at debian.org)
+ Reimplement deprecated get_in_tkt_with_password and
+ get_in_tkt_with_keytab functions to use the the more current
+ get_init_creds_{password,keytab}, krb5_cc_initialize, and
+ krb5_cc_store_cred (rra at debian.org)
+ Set context to NULL after calling krb5_free_context
+ (Wolfgang.Friebel at desy.de)
-1.5 Fix broken compile for Authen::Krb5::Keytab::get_name()
+1.6 Add methods for iterating through credentials cache
+ (mbrown at fensystems.co.uk)
+ Deprecated init_ets
+ Fix some compiler warnings
-1.4 Added methods for manipulating keytabs (ajk at iu.edu)
- Added keyblock accessor functions to allow use of the session key.
+1.5 Fix broken compile for Authen::Krb5::Keytab::get_name()
-1.3 Added get_in_tkt_with_keytab() function (jorgen at greytower.net)
+1.4 Added methods for manipulating keytabs (ajk at iu.edu)
+ Added keyblock accessor functions to allow use of the session key.
+
+1.3 Added get_in_tkt_with_keytab() function (jorgen at greytower.net)
1.2 Minor fix to support building for Perl 5.6.
1.1 Corrected logic in freed() (internal memory management)
Fixed segfault on Linux when calling Authen::Krb5::Ccache::DESTROY
- after calling Authen::Krb5::Ccache::destroy()
- Changed Makefile.PL to support auto-detection of crypto libraries.
- Added support for building with MIT Kerberos 5 Version 1.1.1
-
-1.0 Moved module into the Authen:: namespace.
- Changed return syntax for some functions. Compilation was failing
- on certain platforms.
- Fixed some minor bugs.
+ after calling Authen::Krb5::Ccache::destroy()
+ Changed Makefile.PL to support auto-detection of crypto libraries.
+ Added support for building with MIT Kerberos 5 Version 1.1.1
+
+1.0 Moved module into the Authen:: namespace.
+ Changed return syntax for some functions. Compilation was failing
+ on certain platforms.
+ Fixed some minor bugs.
-0.90 Tue Mar 17 10:25:43 1998
- - original version; created by h2xs 1.18
+0.90 Tue Mar 17 10:25:43 1998
+ - original version; created by h2xs 1.18
Modified: branches/upstream/libauthen-krb5-perl/current/Krb5.pm
URL: http://svn.debian.org/wsvn/branches/upstream/libauthen-krb5-perl/current/Krb5.pm?rev=12026&op=diff
==============================================================================
--- branches/upstream/libauthen-krb5-perl/current/Krb5.pm (original)
+++ branches/upstream/libauthen-krb5-perl/current/Krb5.pm Sat Jan 5 02:12:14 2008
@@ -52,7 +52,7 @@
KRB5_NT_UNKNOWN
KRB5_TGS_NAME
);
-$VERSION = '1.6';
+$VERSION = '1.7';
sub KRB5_TGS_NAME() { return "krbtgt"; }
@@ -188,21 +188,48 @@
I<kvno> and I<enctype>) and returns the key in the form of an
Authen::Krb5::Keyblock object.
+=item get_init_creds_password(client, password[, service])
+
+Attempt to get an initial ticket for the client. 'client' is a principal
+object for which you want an initial ticket. 'password' is the password for
+the client. 'service', if given, is the string representation (not a
+principal object) for the ticket to acquire. If not given, it defaults to
+krbtgt/REALM at REALM for the local realm. Returns an Authen::Krb5::Creds
+object or undef on failure.
+
+=item get_init_creds_keytab(client, keytab[, service])
+
+Attempt to get an inintial ticket for the client using a keytab. 'client'
+is a principal object for which you want an initial ticket. 'keytab' is a
+keytab object created with kt_resolve. 'service', if given, is the string
+representation (not a principal object) for the ticket to acquire. If not
+given, it defaults to krbtgt/REALM at REALM for the local realm. Returns an
+Authen::Krb5::Creds object or undef on failure.
+
=item get_in_tkt_with_password(client,server,password,cc)
Attempt to get an initial ticket for the client. 'client' is a principal
object for which you want an initial ticket. 'server' is a principal object
-for the service (usually krbtgt/REALM at REALM). 'password' is the password for
-the client, and 'cc' is a Authen::Krb5::Ccache object representing the current
-credentials cache. Returns a Kerberos error code.
+for the service (usually krbtgt/REALM at REALM). 'password' is the password
+for the client, and 'cc' is a Authen::Krb5::Ccache object representing the
+current credentials cache. Returns a Kerberos error code.
+
+Although this interface is deprecated in the Kerberos C libraries, it's
+supported in the Perl module. In this module, it's implemented in terms of
+krb5_get_init_creds_password, krb5_cc_initialize, and krb5_cc_store_cred.
=item get_in_tkt_with_keytab(client,server,keytab,cc)
Obtain an initial ticket for the client using a keytab. 'client' is a
-principal object for which you want an initial ticket. 'server' is a principal
-object for the service (usually krbtgt/REALM at REALM). 'keytab' is a keytab
-object createed with kt_resolve. 'cc' is a Authen::Krb5::Ccache object
-representing the current credentials cache. Returns a Kerberos error code.
+principal object for which you want an initial ticket. 'server' is a
+principal object for the service (usually krbtgt/REALM at REALM). 'keytab' is
+a keytab object createed with kt_resolve. 'cc' is a Authen::Krb5::Ccache
+object representing the current credentials cache. Returns a Kerberos error
+code.
+
+Although this interface is deprecated in the Kerberos C libraries, it's
+supported in the Perl module. In this module, it's implemented in terms of
+krb5_get_init_creds_keytab, krb5_cc_initialize, and krb5_cc_store_cred.
=item mk_req(auth_context,ap_req_options,service,hostname,in,cc)
@@ -322,6 +349,12 @@
Creates/refreshes a credentials cache for the primary principal 'p'. If the
cache already exists, its contents are destroyed.
+=item o store_cred(creds)
+
+Stores the given credentials, which should be an Authen::Krb5::Creds object
+as returned from get_init_creds_password() or get_init_creds_keytab(), in
+the cache.
+
=item o get_name
Returns the name of the credentials cache.
Modified: branches/upstream/libauthen-krb5-perl/current/Krb5.xs
URL: http://svn.debian.org/wsvn/branches/upstream/libauthen-krb5-perl/current/Krb5.xs?rev=12026&op=diff
==============================================================================
--- branches/upstream/libauthen-krb5-perl/current/Krb5.xs (original)
+++ branches/upstream/libauthen-krb5-perl/current/Krb5.xs Sat Jan 5 02:12:14 2008
@@ -6,6 +6,7 @@
#include "XSUB.h"
#include <krb5.h>
#include <com_err.h>
+#include <errno.h>
#include "krb5_constants.c"
#ifdef __cplusplus
@@ -32,7 +33,7 @@
typedef krb5_cc_cursor *Authen__Krb5__CcacheCursor;
typedef krb5_keyblock *Authen__Krb5__KeyBlock;
-static krb5_context context = 0;
+static krb5_context context = NULL;
static krb5_error_code err;
static krb5_keytab_entry keytab_entry_init;
@@ -119,6 +120,7 @@
CODE:
if (!context) croak("Authen::Krb5 not yet initialized");
krb5_free_context(context);
+ context = NULL;
void
krb5_init_ets()
@@ -310,6 +312,68 @@
OUTPUT:
RETVAL
+Authen::Krb5::Creds
+krb5_get_init_creds_password(client, password, service = NULL)
+ Authen::Krb5::Principal client
+ char *password
+ char *service
+
+ PREINIT:
+ krb5_get_init_creds_opt opt;
+
+ CODE:
+ if (service != NULL && service[0] == '\0') service = NULL;
+ RETVAL = calloc(1, sizeof(krb5_creds));
+ if (RETVAL == NULL) {
+ err = errno;
+ XSRETURN_UNDEF;
+ }
+ krb5_get_init_creds_opt_init(&opt);
+
+ err = krb5_get_init_creds_password(context, RETVAL, client, password,
+ NULL, NULL, 0, service, &opt);
+ if (err) {
+ free(RETVAL);
+ XSRETURN_UNDEF;
+ }
+ can_free((SV *)RETVAL);
+
+ OUTPUT:
+ RETVAL
+
+Authen::Krb5::Creds
+krb5_get_init_creds_keytab(client, keytab, service = NULL)
+ Authen::Krb5::Principal client
+ Authen::Krb5::Keytab keytab
+ char *service
+
+ PREINIT:
+ krb5_get_init_creds_opt opt;
+
+ CODE:
+ if (service != NULL && service[0] == '\0') service = NULL;
+ RETVAL = calloc(1, sizeof(krb5_creds));
+ if (RETVAL == NULL) {
+ err = errno;
+ XSRETURN_UNDEF;
+ }
+ krb5_get_init_creds_opt_init(&opt);
+
+ err = krb5_get_init_creds_keytab(context, RETVAL, client, keytab, 0,
+ service, &opt);
+ if (err) {
+ free(RETVAL);
+ XSRETURN_UNDEF;
+ }
+ can_free((SV *)RETVAL);
+
+ OUTPUT:
+ RETVAL
+
+
+ # These are legacy interfaces which are deprecated in the current MIT
+ # Kerberos. Reimplement them in terms of the new get_init_creds
+ # interfaces rather than call the deprecated functions.
void
krb5_get_in_tkt_with_password(client, server, password, cc)
Authen::Krb5::Principal client
@@ -319,49 +383,69 @@
PREINIT:
krb5_creds cr;
- krb5_timestamp now;
- krb5_deltat lifetime = 0;
+ krb5_get_init_creds_opt opt;
+ char *service;
CODE:
memset((char *)&cr,0,sizeof(krb5_creds));
- krb5_timeofday(context, &now);
- cr.client = client;
- cr.server = server;
- cr.times.starttime = now;
- cr.times.endtime = now + KRB5_DEFAULT_LIFE;
- cr.times.renew_till = 0;
-
- err = krb5_get_in_tkt_with_password(context, 0, 0, NULL, NULL,
- password, cc, &cr, 0);
-
- if (err) XSRETURN_UNDEF;
+ krb5_get_init_creds_opt_init(&opt);
+ err = krb5_unparse_name(context, server, &service);
+ if (err) XSRETURN_UNDEF;
+
+ err = krb5_get_in_tkt_with_password(context, &cr, client, password,
+ NULL, NULL, 0, service, &opt);
+ free(service);
+ if (err) XSRETURN_UNDEF;
+
+ err = krb5_cc_initialize(context, cc, client);
+ if (err) {
+ krb5_free_cred_contents(context, &cr);
+ XSRETURN_UNDEF;
+ }
+ err = krb5_cc_store_cred(context, cc, &cr);
+ if (err) {
+ krb5_free_cred_contents(context, &cr);
+ XSRETURN_UNDEF;
+ }
+ krb5_free_cred_contents(context, &cr);
+
XSRETURN_YES;
void
krb5_get_in_tkt_with_keytab(client, server, keytab, cc)
Authen::Krb5::Principal client
Authen::Krb5::Principal server
- Authen::Krb5::Keytab keytab
+ Authen::Krb5::Keytab keytab
Authen::Krb5::Ccache cc
PREINIT:
krb5_creds cr;
- krb5_timestamp now;
- krb5_deltat lifetime = 0;
-
- CODE:
- memset((char *)&cr,0,sizeof(krb5_creds));
- krb5_timeofday(context, &now);
- cr.client = client;
- cr.server = server;
- cr.times.starttime = now;
- cr.times.endtime = now + KRB5_DEFAULT_LIFE;
- cr.times.renew_till = 0;
-
- err = krb5_get_in_tkt_with_keytab(context, 0, 0, NULL, NULL,
- keytab, cc, &cr, 0);
-
- if (err) XSRETURN_UNDEF;
+ krb5_get_init_creds_opt opt;
+ char *service;
+
+ CODE:
+ memset(&cr,0,sizeof(krb5_creds));
+ krb5_get_init_creds_opt_init(&opt);
+ err = krb5_unparse_name(context, server, &service);
+ if (err) XSRETURN_UNDEF;
+
+ err = krb5_get_init_creds_keytab(context, &cr, client, keytab, 0,
+ service, &opt);
+ free(service);
+ if (err) XSRETURN_UNDEF;
+
+ err = krb5_cc_initialize(context, cc, client);
+ if (err) {
+ krb5_free_cred_contents(context, &cr);
+ XSRETURN_UNDEF;
+ }
+ err = krb5_cc_store_cred(context, cc, &cr);
+ if (err) {
+ krb5_free_cred_contents(context, &cr);
+ XSRETURN_UNDEF;
+ }
+ krb5_free_cred_contents(context, &cr);
+
XSRETURN_YES;
SV *
@@ -602,6 +686,16 @@
XSRETURN_YES;
}
+void
+store_cred(cc, creds)
+ Authen::Krb5::Ccache cc
+ Authen::Krb5::Creds creds
+
+ CODE:
+ err = krb5_cc_store_cred(context, cc, creds);
+ if (err) XSRETURN_UNDEF;
+ XSRETURN_YES;
+
const char *
get_name(cc)
Authen::Krb5::Ccache cc
@@ -1177,3 +1271,16 @@
OUTPUT:
RETVAL
+
+MODULE = Authen::Krb5 PACKAGE = Authen::Krb5::Creds
+
+void
+DESTROY(creds)
+ Authen::Krb5::Creds creds
+
+ CODE:
+ if (creds && should_free((SV *)creds)) {
+ krb5_free_cred_contents(context, creds);
+ free(creds);
+ freed((SV *)creds);
+ }
Modified: branches/upstream/libauthen-krb5-perl/current/Makefile.PL
URL: http://svn.debian.org/wsvn/branches/upstream/libauthen-krb5-perl/current/Makefile.PL?rev=12026&op=diff
==============================================================================
--- branches/upstream/libauthen-krb5-perl/current/Makefile.PL (original)
+++ branches/upstream/libauthen-krb5-perl/current/Makefile.PL Sat Jan 5 02:12:14 2008
@@ -3,7 +3,7 @@
##### CHANGE THESE ACCORDING TO YOUR CONFIGURATION #####
# location of Kerberos 5 libraries
-my $KRB5_LIBDIR = '/usr/local/krb5/lib';
+my $KRB5_LIBDIR = '/usr/lib';
# any extra libraries?
# add -lresolv here if you get errors like the following (usually on linux):
@@ -11,7 +11,7 @@
my $KRB5_EXTRALIBS = '-lresolv';
# location of Kerberos 5 includes
-my $KRB5_INCDIR = '/usr/local/krb5/include';
+my $KRB5_INCDIR = '/usr/include';
# any extra include flags?
my $KRB5_EXTRAINCS = '';
More information about the Pkg-perl-cvs-commits
mailing list