RT RT/krbdev.mit.edu: Ticket #1702 krb5_get_host_realm / krb5_free_host_realm marked KRB5_PRIVATE Signed in as guest.
[Logout]

[Home] [Search] [Configuration]

[Display] [History] [Basics] [Dates] [People] [Links] [Jumbo]

 
 

 The Basics  
Id
1702
Status
resolved
Worked
0 min
Priority
0/0
Queue
krb5
 

 Keyword Selections  
Component
  • krb5-libs
Tags
Version_reported
  • 1.3
Version_Fixed
  • 1.3.2
Target_Version
  • 1.3.2
 

 Relationships  
Depends on:
Depended on by:
Parents:
Children:

Refers to:
Referred to by:
 
 Dates  
Created: Thu Jul 31 11:24:10 2003
Starts: Not set
Started: Thu Jul 31 15:09:09 2003
Last Contact: Thu Jul 31 18:26:28 2003
Due: Not set
Updated: Wed Dec 16 18:02:41 2015 by tlyu
 

 People  
Owner
 jaltman
Requestors
 jaltman@mit.edu
Cc
 
AdminCc
 
 

 More about Jeffrey Altman  
Comments about this user:
No comment entered about this user
This user's 25 highest priority tickets:
 

History   Display mode: [Brief headers] [Full headers]
      Thu Jul 31 11:24:11 2003  jaltman - Ticket created    
     
Subject: krb5_get_host_realm / krb5_free_host_realm marked KRB5_PRIVATE

 

     
The functions krb5_get_host_realm and krb5_free_host_realm are listed as
KRB5_PRIVATE in the 1.3.x krb5.h file.  In looking through the previous
versions on my system it appears that in cleaning up the API around
1.2.7 these functions were marked private in both the branch and the
trunk.  Before final release the private marking was removed from the
1.2.7 branch but not the trunk.  1.2.8 also removed the private marking.
 However, the trunk was never updated and for 1.3.x the Private marking
returned.

It appears that these functions should be public in the 1.3.x distribution.

Required changes must be made to krb5.h and krb5_32.def


Download (untitled) 646b
     
Return-Path: <jaltman@columbia.edu>
Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.7.7.76])
	by dewberry.cc.columbia.edu (8.12.8p1/8.12.8) with ESMTP id h6VEicdf020635
	(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NOT)
	for <jaltman@columbia.edu>; Thu, 31 Jul 2003 10:44:39 -0400 (EDT)
Received: from marionberry.cc.columbia.edu (marionberry.cc.columbia.edu
[128.59.59.100])
	by fort-point-station.mit.edu (8.12.4/8.9.2) with ESMTP id h6VEiT2B012505
	for <krbcore@mit.edu>; Thu, 31 Jul 2003 10:44:30 -0400 (EDT)
Received: from columbia.edu (CPE000795055540-CM00e06f242d02.cpe.net.cable.rogers.com
[63.139.255.152])
	(user=jaltman mech=PLAIN bits=0)
	by marionberry.cc.columbia.edu (8.12.8p1/8.12.8) with ESMTP id h6VEiS1s004299
	(version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT)
	for <krbcore@mit.edu>; Thu, 31 Jul 2003 10:44:29 -0400 (EDT)
Message-ID: <3F292B47.4040209@columbia.edu>
Date: Thu, 31 Jul 2003 10:44:23 -0400
From: Jeffrey Altman <jaltman@columbia.edu>
Reply-To: krbcore@MIT.EDU
Organization: Columbia University in the City of New York
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: krbcore@MIT.EDU
Subject: [Fwd: Re: krb5_get_host_realm & krb5_free_host_realm in kfw]
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature";
micalg=sha1; boundary="------------ms030305060700030002040900"
X-No-Spam-Score: Local
X-Scanned-By: MIMEDefang 2.35
X-Spam-Score: 0 () USER_AGENT

This is a cryptographically signed message in MIME format.

--------------ms030305060700030002040900
Content-Type: multipart/mixed;
 boundary="------------030301030306050908050307"

This is a multi-part message in MIME format.
--------------030301030306050908050307
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Michael is not the first person to complain about krb5_get_host_realm
and krb5_free_host_realm being considered private functions in the API.

OpenAFS also wants access to these functions.  Since they are not public
Doug Engert and Rodney Dyer are recommending the use of
KRB5_DEPRECATED=1 and KRB5_PRIVATE=1 preprocessor definitions.

   http://www.mail-archive.com/openafs-devel@openafs.org/msg04159.html

I also came across this archived announcement from Danilo stating that
these functions should in fact be exported as of KfW 2.2 Beta 2.

   http://diswww.mit.edu:8008/menelaus.mit.edu/krb5dev/7108

Somehow these did not stick or the declaration of the functions being
marked KRB5_PRIVATE were not removed from krb5.h.

So I must ask. Is there a good reason for these functions not to be
public?  Especially considering that krb_realmofhost() is public from
the Kerberos IV API.  It seems to me that they should be public.  (If so
it sucks that 1.3.1 got cut yesterday.)

Jeffrey Altman


--------------030301030306050908050307
Content-Type: message/rfc822;
 name="Re: krb5_get_host_realm & krb5_free_host_realm in kfw"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="Re: krb5_get_host_realm & krb5_free_host_realm in kfw"

Return-Path: <myke@terminator.rsug.itd.umich.edu>
Received: from terminator.rsug.itd.umich.edu (terminator.rsug.itd.umich.edu
[141.213.231.10])
	by jalapeno.cc.columbia.edu (8.12.8p1/8.12.8) with ESMTP id h6VAIVg5006007
	for <jaltman@columbia.edu>; Thu, 31 Jul 2003 06:18:31 -0400 (EDT)
Received: from terminator.rsug.itd.umich.edu (localhost [127.0.0.1])
	by terminator.rsug.itd.umich.edu (3.5t) with ESMTP id h6VAIUH12549
	for <jaltman@columbia.edu>; Thu, 31 Jul 2003 06:18:31 -0400 (EDT)
Message-Id: <200307311018.h6VAIUH12549@terminator.rsug.itd.umich.edu>
From: michael.dautermann@umich.edu
To: Jeffrey Altman <jaltman@columbia.edu>
Subject: Re: krb5_get_host_realm & krb5_free_host_realm in kfw
In-reply-to: Your message of "Thu, 31 Jul 2003 02:31:16 EDT."
             <3F28B7B4.1080003@columbia.edu>
Date: Thu, 31 Jul 2003 06:18:30 -0400
Sender: myke@terminator.rsug.itd.umich.edu
X-Spam-Score: 1 (*) NO_REAL_NAME
X-Scanned-By: MIMEDefang 2.35


> These are private functions which were removed from KfW as of the API
> cleanup which occurred for KfW 2.2 BETA and Krb5 1.2.8.
>
> Jeffrey Altman
>

Thanks for typing back to me Jeff.

The code I'm looking at is trying to extract the session key from
the ticket, which is why it does a

krb5_get_host_realm (now gone)
krb5_build_principal_ext (still around)
krb5_free_host_realm (gone)
krb5_cc_retrieve_cred(still around)

in this order.  Do you have any suggestions as to what I can do in place
of get|free_host_realm?

I'm hoping to get familiar withthe Kerberos API's as quick as possible,
Is there a web page or PDF file usable as a reference for the API's?

thanks again,

m

--------------030301030306050908050307--

--------------ms030305060700030002040900
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJUDCC
AwYwggJvoAMCAQICAwpxijANBgkqhkiG9w0BAQQFADCBkjELMAkGA1UEBhMCWkExFTATBgNV
BAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMQ8wDQYDVQQKEwZUaGF3dGUx
HTAbBgNVBAsTFENlcnRpZmljYXRlIFNlcnZpY2VzMSgwJgYDVQQDEx9QZXJzb25hbCBGcmVl
bWFpbCBSU0EgMjAwMC44LjMwMB4XDTAzMDczMDAyMDkyOFoXDTA0MDcyOTAyMDkyOFowRjEf
MB0GA1UEAxMWVGhhd3RlIEZyZWVtYWlsIE1lbWJlcjEjMCEGCSqGSIb3DQEJARYUamFsdG1h
bkBjb2x1bWJpYS5lZHUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBtDG6ZyGA
sK+rZOfKPKGBn6oCTLYSLk/mpeX9QTmTG71qh308KUeN35qqoRXjLvscfw6NPOYXiuxE/RqL
sx7WKEnK3C4gzzpioCTX1b7o4M7YbpvCRBFPE9Jgsd0yz2EN+mk/pPuK1GP+iQNot2m4A56A
aPe6F5T25GqffU535GNIdAtWPao6wHcOm17se25ny/TNzb9mlA4UzYl9XP7MF1fkpJyaDDAy
DNNTSSjxBdPVs2EaYq1p/xadXbIpysQiySXAxoeiZusgJopRHLcBsBmmY9QVD4QnUqZVmfJ5
f1CiNri5vlexKCmdFSrxMLuoLr4EQZCECdusp6ZnIt75AgMBAAGjMTAvMB8GA1UdEQQYMBaB
FGphbHRtYW5AY29sdW1iaWEuZWR1MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEEBQADgYEA
DPKe/CuAgEUxsrPskJQx2fL6soAEG2iqrqOGIRREHDaXWDBNMEWEbOEMLvh3+yhqHOUc9x3r
2IfsP/XHnujaqsMVXLagokVTnpPN675wv8LZ8hLHblLnykaTCq6RZpVskh2iAiJwpYMcKNF6
jyYaQyGHBGT3PK8uVGVCG4Pp9k4wggMGMIICb6ADAgECAgMKcYowDQYJKoZIhvcNAQEEBQAw
gZIxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUg
VG93bjEPMA0GA1UEChMGVGhhd3RlMR0wGwYDVQQLExRDZXJ0aWZpY2F0ZSBTZXJ2aWNlczEo
MCYGA1UEAxMfUGVyc29uYWwgRnJlZW1haWwgUlNBIDIwMDAuOC4zMDAeFw0wMzA3MzAwMjA5
MjhaFw0wNDA3MjkwMjA5MjhaMEYxHzAdBgNVBAMTFlRoYXd0ZSBGcmVlbWFpbCBNZW1iZXIx
IzAhBgkqhkiG9w0BCQEWFGphbHRtYW5AY29sdW1iaWEuZWR1MIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAwbQxumchgLCvq2TnyjyhgZ+qAky2Ei5P5qXl/UE5kxu9aod9PClH
jd+aqqEV4y77HH8OjTzmF4rsRP0ai7Me1ihJytwuIM86YqAk19W+6ODO2G6bwkQRTxPSYLHd
Ms9hDfppP6T7itRj/okDaLdpuAOegGj3uheU9uRqn31Od+RjSHQLVj2qOsB3Dpte7HtuZ8v0
zc2/ZpQOFM2JfVz+zBdX5KScmgwwMgzTU0ko8QXT1bNhGmKtaf8WnV2yKcrEIsklwMaHombr
ICaKURy3AbAZpmPUFQ+EJ1KmVZnyeX9Qoja4ub5XsSgpnRUq8TC7qC6+BEGQhAnbrKemZyLe
+QIDAQABozEwLzAfBgNVHREEGDAWgRRqYWx0bWFuQGNvbHVtYmlhLmVkdTAMBgNVHRMBAf8E
AjAAMA0GCSqGSIb3DQEBBAUAA4GBAAzynvwrgIBFMbKz7JCUMdny+rKABBtoqq6jhiEURBw2
l1gwTTBFhGzhDC74d/soahzlHPcd69iH7D/1x57o2qrDFVy2oKJFU56Tzeu+cL/C2fISx25S
58pGkwqukWaVbJIdogIicKWDHCjReo8mGkMhhwRk9zyvLlRlQhuD6fZOMIIDODCCAqGgAwIB
AgIQZkVyt8x09c9jdkWE0C6RATANBgkqhkiG9w0BAQQFADCB0TELMAkGA1UEBhMCWkExFTAT
BgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMRowGAYDVQQKExFUaGF3
dGUgQ29uc3VsdGluZzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lv
bjEkMCIGA1UEAxMbVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIENBMSswKQYJKoZIhvcNAQkB
FhxwZXJzb25hbC1mcmVlbWFpbEB0aGF3dGUuY29tMB4XDTAwMDgzMDAwMDAwMFoXDTA0MDgy
NzIzNTk1OVowgZIxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNV
BAcTCUNhcGUgVG93bjEPMA0GA1UEChMGVGhhd3RlMR0wGwYDVQQLExRDZXJ0aWZpY2F0ZSBT
ZXJ2aWNlczEoMCYGA1UEAxMfUGVyc29uYWwgRnJlZW1haWwgUlNBIDIwMDAuOC4zMDCBnzAN
BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA3jMypmPHCSVFPtJueCdngcXaiBmClw7jRCmKYzUq
bXA8+tyu9+50bzC8M5B/+TRxoKNtmPHDT6Jl2w36S/HW3WGl+YXNVZo1Gp2Sdagnrthy+boC
9tewkd4c6avgGAOofENCUFGHgzzwObSbVIoTh/+zm51JZgAtCYnslGvpoWkCAwEAAaNOMEww
KQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVByaXZhdGVMYWJlbDEtMjk3MBIGA1UdEwEB/wQI
MAYBAf8CAQAwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBAUAA4GBADGxS0dd+QFx5fVTbF15
1j2YwCYTYoEipxL4IpXoG0m3J3sEObr85vIk65H6vewNKjj3UFWobPcNrUwbvAP0teuiR59s
ogxYjTFCCRFssBpp0SsSskBdavl50OouJd2K5PzbDR+dAvNa28o89kTqJmmHf0iezqWf54TY
yWJirQXGMYID1TCCA9ECAQEwgZowgZIxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJu
IENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEPMA0GA1UEChMGVGhhd3RlMR0wGwYDVQQLExRD
ZXJ0aWZpY2F0ZSBTZXJ2aWNlczEoMCYGA1UEAxMfUGVyc29uYWwgRnJlZW1haWwgUlNBIDIw
MDAuOC4zMAIDCnGKMAkGBSsOAwIaBQCgggIPMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEw
HAYJKoZIhvcNAQkFMQ8XDTAzMDczMTE0NDQyM1owIwYJKoZIhvcNAQkEMRYEFEjwJpt8WNJX
usXJ+4ww7x6C3DqCMFIGCSqGSIb3DQEJDzFFMEMwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwIC
AgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMIGrBgkrBgEEAYI3
EAQxgZ0wgZowgZIxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNV
BAcTCUNhcGUgVG93bjEPMA0GA1UEChMGVGhhd3RlMR0wGwYDVQQLExRDZXJ0aWZpY2F0ZSBT
ZXJ2aWNlczEoMCYGA1UEAxMfUGVyc29uYWwgRnJlZW1haWwgUlNBIDIwMDAuOC4zMAIDCnGK
MIGtBgsqhkiG9w0BCRACCzGBnaCBmjCBkjELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rl
cm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMQ8wDQYDVQQKEwZUaGF3dGUxHTAbBgNVBAsT
FENlcnRpZmljYXRlIFNlcnZpY2VzMSgwJgYDVQQDEx9QZXJzb25hbCBGcmVlbWFpbCBSU0Eg
MjAwMC44LjMwAgMKcYowDQYJKoZIhvcNAQEBBQAEggEAGDR004N+UgGc/DExzSu8wq3aohfe
QJ3v8MLaLKsXLVKnmdtlNL2S55CY6YBNeKlE59A2Bys8D3acnFyGvjGux5bERaEWys6lB0C3
N0jk8LWu8dOY4AcOFCYfJ3SN9F5YwmFG1Aj6x1NB988YxtTVMVYAr3snHmo/iQqmzbqvR3r/
Tn3k7UUlyiEYS831ONU1GkZPM0UK0uHW0m9uzo6hBpQTUMGuKqCPcUhbknLnnTWDqcYnw5eW
I1bC6c4puchBHHn9PxIM604Tseh4uOvCMRQx2k+SPy7nIybFZowMsrX67P1UbkHos8B9ECv7
GGRPqNsaIbA5iVUv/lCwF6CYiQAAAAAAAA==
--------------ms030305060700030002040900--

Download message.eml 9.7k
      Thu Jul 31 15:02:52 2003  jaltman - Comments added    
     
Correction: krb5_32.def does not need to be modified.  The entry points
are already exported from the DLL.  The problem is only in krb5.hin.


Download (untitled) 140b
      Thu Jul 31 15:06:37 2003  jaltman - Status changed from new to resolved    
      Thu Jul 31 15:06:38 2003  jaltman - Given to jaltman    
      Thu Jul 31 15:06:38 2003  jaltman - Correspondence added    
     
From: jaltman@mit.edu
Subject: CVS Commit

krb5_get_host_realm and krb5_free_host_realm should not be labeled as KRB5_PRIVATE.
They are required for many applications including OpenAFS and UMich's Kx509.  1.2.8
had them public but the change was never reflected on the trunk.


To generate a diff of this commit:



	cvs diff -r1.166 -r1.167 krb5/src/include/krb5.hin


Download (untitled) 325b
      Thu Jul 31 15:06:58 2003  jaltman - Status changed from resolved to new    
      Thu Jul 31 15:06:59 2003  jaltman - Given to Nobody    
      Thu Jul 31 15:08:18 2003  jaltman - Taken    
      Thu Jul 31 15:09:09 2003  jaltman - Status changed from new to open    
      Thu Jul 31 15:09:10 2003  jaltman - Comments added    
     
This fix needs to be pulled in for KfM 5.0 and KfW 2.5


Download (untitled) 55b
      Thu Jul 31 15:20:06 2003  tlyu - Status changed from open to resolved    
      Thu Jul 31 15:20:06 2003  tlyu - Tags pullup added    
      Thu Jul 31 15:20:07 2003  tlyu - Target_Version 1.3.2 added    
      Thu Jul 31 15:20:07 2003  tlyu - Correspondence added    
     
From: tlyu@mit.edu
Subject: CVS Commit

add missing ChangeLog entry


To generate a diff of this commit:



	cvs diff -r1.379 -r1.380 krb5/src/include/ChangeLog


Download (untitled) 121b
      Thu Jul 31 18:26:20 2003  tlyu - Version_reported 1.3 added    
      Thu Jul 31 18:26:21 2003  tlyu - Version_Fixed 1.3.2 added    
      Thu Jul 31 18:26:23 2003  tlyu - Component krb5-libs added    
      Thu Jul 31 18:26:24 2003  tlyu - Correspondence added    
     
From: tlyu@mit.edu
Subject: CVS Commit

pullup from trunk


To generate a diff of this commit:



	cvs diff -r1.348.2.22 -r1.348.2.23 krb5/src/include/ChangeLog
	cvs diff -r1.154.2.10 -r1.154.2.11 krb5/src/include/krb5.hin


Download (untitled) 183b
      Wed Dec 16 18:02:41 2015  tlyu - Keyword pullup deleted