/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
*/
/*
* COPYRIGHT (C) 2007
* THE REGENTS OF THE UNIVERSITY OF MICHIGAN
* ALL RIGHTS RESERVED
*
* Permission is granted to use, copy, create derivative works
* and redistribute this software and such derivative works
* for any purpose, so long as the name of The University of
* Michigan is not used in any advertising or publicity
* pertaining to the use of distribution of this software
* without specific, written prior authorization. If the
* above copyright notice or any other identification of the
* University of Michigan is included in any copy of any
* portion of this software, then the disclaimer below must
* also be included.
*
* THIS SOFTWARE IS PROVIDED AS IS, WITHOUT REPRESENTATION
* FROM THE UNIVERSITY OF MICHIGAN AS TO ITS FITNESS FOR ANY
* PURPOSE, AND WITHOUT WARRANTY BY THE UNIVERSITY OF
* MICHIGAN OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING
* WITHOUT LIMITATION THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE
* REGENTS OF THE UNIVERSITY OF MICHIGAN SHALL NOT BE LIABLE
* FOR ANY DAMAGES, INCLUDING SPECIAL, INDIRECT, INCIDENTAL, OR
* CONSEQUENTIAL DAMAGES, WITH RESPECT TO ANY CLAIM ARISING
* OUT OF OR IN CONNECTION WITH THE USE OF THE SOFTWARE, EVEN
* IF IT HAS BEEN OR IS HEREAFTER ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGES.
*/
#include <errno.h>
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
#include <dlfcn.h>
#include <unistd.h>
#include <dirent.h>
#include "pkinit.h"
/* Solaris Kerberos */
#include <libintl.h>
static void
{
int i;
return;
}
static krb5_error_code
{
int i;
char **newlist;
return EINVAL;
return 0;
return ENOMEM;
goto cleanup;
}
return 0;
return ENOMEM;
}
char *
{
switch(idtype) {
case IDTYPE_FILE: return "FILE"; break;
case IDTYPE_DIR: return "DIR"; break;
case IDTYPE_PKCS11: return "PKCS11"; break;
case IDTYPE_PKCS12: return "PKCS12"; break;
case IDTYPE_ENVVAR: return "ENV"; break;
default: return "INVALID"; break;
}
}
char *
{
switch(catype) {
case CATYPE_ANCHORS: return "ANCHORS"; break;
case CATYPE_INTERMEDIATES: return "INTERMEDIATES"; break;
case CATYPE_CRLS: return "CRLS"; break;
default: return "INVALID"; break;
}
}
{
return ENOMEM;
#ifndef WITHOUT_PKCS11
#endif
return 0;
}
{
if (retval)
return retval;
goto cleanup;
}
if (retval)
goto cleanup;
if (retval)
goto cleanup;
if (retval)
goto cleanup;
goto cleanup;
}
goto cleanup;
}
goto cleanup;
}
#ifndef WITHOUT_PKCS11
goto cleanup;
}
goto cleanup;
}
goto cleanup;
}
goto cleanup;
}
#endif
return 0;
return retval;
}
void
{
return;
#ifndef WITHOUT_PKCS11
#endif
}
#ifndef WITHOUT_PKCS11
static krb5_error_code
const char *residual)
{
return 0;
/* Split string into attr=value substrings */
if (s == NULL)
return retval;
/* If there is no "=", this is a pkcs11 module name */
goto cleanup;
continue;
}
*vp++ = '\0';
goto cleanup;
goto cleanup;
}
goto cleanup;
}
goto cleanup;
goto cleanup;
goto cleanup;
}
}
retval = 0;
free(s);
return retval;
}
#endif
static krb5_error_code
const char *residual)
{
return 0;
goto cleanup;
goto cleanup;
goto cleanup;
retval = 0;
return retval;
}
static krb5_error_code
const char *residual)
{
return 0;
goto cleanup;
goto cleanup;
pkiDebug("%s: cert_filename '%s' key_filename '%s'\n",
retval = 0;
return retval;
}
static krb5_error_code
const char *value)
{
const char *residual;
int idtype;
pkiDebug("%s: processing value '%s'\n",
return EINVAL;
unsigned int typelen;
residual++; /* skip past colon */
#ifndef WITHOUT_PKCS11
#endif
idtype = IDTYPE_DIR;
} else {
pkiDebug("%s: Unsupported type while processing '%s'\n",
"Unsupported type while processing '%s'\n",
value);
return KRB5_PREAUTH_FAILED;
}
} else {
}
switch (idtype) {
case IDTYPE_ENVVAR: {
/* Solaris Kerberos: Improved error messages */
gettext("failed to find environmental variable \'%s\'"),
residual);
return EINVAL;
}
envvar);
/* Solaris Kerberos: not reached */
}
case IDTYPE_FILE:
break;
case IDTYPE_PKCS12:
break;
#ifndef WITHOUT_PKCS11
case IDTYPE_PKCS11:
break;
#endif
case IDTYPE_DIR:
break;
default:
"Internal error parsing X509_user_identity\n");
break;
}
return retval;
}
static krb5_error_code
const char *value,
int catype)
{
char *residual;
unsigned int typelen;
int idtype;
pkiDebug("%s: processing catype %s, value '%s'\n",
return EINVAL;
}
residual++; /* skip past colon */
idtype = IDTYPE_DIR;
} else {
return ENOTSUP;
}
return crypto_load_cas_and_crls(context,
}
int do_matching,
{
int i;
goto errout;
/*
* If identity was specified, use that. (For the kdc, this
* is specified as pkinit_identity in the kdc.conf. For users,
* this is specified on the command line via X509_user_identity.)
* If a user did not specify identity on the command line,
* then we will try alternatives which may have been specified
* in the config file.
*/
idopts->identity_alt[i]);
}
} else {
goto errout;
}
if (retval)
goto errout;
/* Solaris Kerberos 183resync: 1? */
1);
if (retval)
goto errout;
if (do_matching) {
TRUE);
if (retval) {
goto errout;
}
} else {
/* Tell crypto code to use the "default" */
if (retval) {
pkiDebug("%s: Failed while selecting default certificate\n",
goto errout;
}
}
if (retval)
goto errout;
} /* Not anonymous principal */
if (retval)
goto errout;
}
idopts->intermediates[i],
if (retval)
goto errout;
}
if (retval)
goto errout;
}
goto errout;
}
return retval;
}