| 1 | /*************************************************************************** |
|---|---|
| 2 | * _ _ ____ _ |
| 3 | * Project ___| | | | _ \| | |
| 4 | * / __| | | | |_) | | |
| 5 | * | (__| |_| | _ <| |___ |
| 6 | * \___|\___/|_| \_\_____| |
| 7 | * |
| 8 | * Copyright (C) 2014 - 2019, Steve Holme, <steve_holme@hotmail.com>. |
| 9 | * |
| 10 | * This software is licensed as described in the file COPYING, which |
| 11 | * you should have received as part of this distribution. The terms |
| 12 | * are also available at https://curl.haxx.se/docs/copyright.html. |
| 13 | * |
| 14 | * You may opt to use, copy, modify, merge, publish, distribute and/or sell |
| 15 | * copies of the Software, and permit persons to whom the Software is |
| 16 | * furnished to do so, under the terms of the COPYING file. |
| 17 | * |
| 18 | * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY |
| 19 | * KIND, either express or implied. |
| 20 | * |
| 21 | * RFC4752 The Kerberos V5 ("GSSAPI") SASL Mechanism |
| 22 | * |
| 23 | ***************************************************************************/ |
| 24 | |
| 25 | #include "curl_setup.h" |
| 26 | |
| 27 | #if defined(USE_WINDOWS_SSPI) && defined(USE_KERBEROS5) |
| 28 | |
| 29 | #include <curl/curl.h> |
| 30 | |
| 31 | #include "vauth/vauth.h" |
| 32 | #include "urldata.h" |
| 33 | #include "curl_base64.h" |
| 34 | #include "warnless.h" |
| 35 | #include "curl_multibyte.h" |
| 36 | #include "sendf.h" |
| 37 | |
| 38 | /* The last #include files should be: */ |
| 39 | #include "curl_memory.h" |
| 40 | #include "memdebug.h" |
| 41 | |
| 42 | /* |
| 43 | * Curl_auth_is_gssapi_supported() |
| 44 | * |
| 45 | * This is used to evaluate if GSSAPI (Kerberos V5) is supported. |
| 46 | * |
| 47 | * Parameters: None |
| 48 | * |
| 49 | * Returns TRUE if Kerberos V5 is supported by Windows SSPI. |
| 50 | */ |
| 51 | bool Curl_auth_is_gssapi_supported(void) |
| 52 | { |
| 53 | PSecPkgInfo SecurityPackage; |
| 54 | SECURITY_STATUS status; |
| 55 | |
| 56 | /* Query the security package for Kerberos */ |
| 57 | status = s_pSecFn->QuerySecurityPackageInfo((TCHAR *) |
| 58 | TEXT(SP_NAME_KERBEROS), |
| 59 | &SecurityPackage); |
| 60 | |
| 61 | /* Release the package buffer as it is not required anymore */ |
| 62 | if(status == SEC_E_OK) { |
| 63 | s_pSecFn->FreeContextBuffer(SecurityPackage); |
| 64 | } |
| 65 | |
| 66 | return (status == SEC_E_OK ? TRUE : FALSE); |
| 67 | } |
| 68 | |
| 69 | /* |
| 70 | * Curl_auth_create_gssapi_user_message() |
| 71 | * |
| 72 | * This is used to generate an already encoded GSSAPI (Kerberos V5) user token |
| 73 | * message ready for sending to the recipient. |
| 74 | * |
| 75 | * Parameters: |
| 76 | * |
| 77 | * data [in] - The session handle. |
| 78 | * userp [in] - The user name in the format User or Domain\User. |
| 79 | * passwdp [in] - The user's password. |
| 80 | * service [in] - The service type such as http, smtp, pop or imap. |
| 81 | * host [in] - The host name. |
| 82 | * mutual_auth [in] - Flag specifying whether or not mutual authentication |
| 83 | * is enabled. |
| 84 | * chlg64 [in] - The optional base64 encoded challenge message. |
| 85 | * krb5 [in/out] - The Kerberos 5 data struct being used and modified. |
| 86 | * outptr [in/out] - The address where a pointer to newly allocated memory |
| 87 | * holding the result will be stored upon completion. |
| 88 | * outlen [out] - The length of the output message. |
| 89 | * |
| 90 | * Returns CURLE_OK on success. |
| 91 | */ |
| 92 | CURLcode Curl_auth_create_gssapi_user_message(struct Curl_easy *data, |
| 93 | const char *userp, |
| 94 | const char *passwdp, |
| 95 | const char *service, |
| 96 | const char *host, |
| 97 | const bool mutual_auth, |
| 98 | const char *chlg64, |
| 99 | struct kerberos5data *krb5, |
| 100 | char **outptr, size_t *outlen) |
| 101 | { |
| 102 | CURLcode result = CURLE_OK; |
| 103 | size_t chlglen = 0; |
| 104 | unsigned char *chlg = NULL; |
| 105 | CtxtHandle context; |
| 106 | PSecPkgInfo SecurityPackage; |
| 107 | SecBuffer chlg_buf; |
| 108 | SecBuffer resp_buf; |
| 109 | SecBufferDesc chlg_desc; |
| 110 | SecBufferDesc resp_desc; |
| 111 | SECURITY_STATUS status; |
| 112 | unsigned long attrs; |
| 113 | TimeStamp expiry; /* For Windows 9x compatibility of SSPI calls */ |
| 114 | |
| 115 | if(!krb5->spn) { |
| 116 | /* Generate our SPN */ |
| 117 | krb5->spn = Curl_auth_build_spn(service, host, NULL); |
| 118 | if(!krb5->spn) |
| 119 | return CURLE_OUT_OF_MEMORY; |
| 120 | } |
| 121 | |
| 122 | if(!krb5->output_token) { |
| 123 | /* Query the security package for Kerberos */ |
| 124 | status = s_pSecFn->QuerySecurityPackageInfo((TCHAR *) |
| 125 | TEXT(SP_NAME_KERBEROS), |
| 126 | &SecurityPackage); |
| 127 | if(status != SEC_E_OK) { |
| 128 | return CURLE_NOT_BUILT_IN; |
| 129 | } |
| 130 | |
| 131 | krb5->token_max = SecurityPackage->cbMaxToken; |
| 132 | |
| 133 | /* Release the package buffer as it is not required anymore */ |
| 134 | s_pSecFn->FreeContextBuffer(SecurityPackage); |
| 135 | |
| 136 | /* Allocate our response buffer */ |
| 137 | krb5->output_token = malloc(krb5->token_max); |
| 138 | if(!krb5->output_token) |
| 139 | return CURLE_OUT_OF_MEMORY; |
| 140 | } |
| 141 | |
| 142 | if(!krb5->credentials) { |
| 143 | /* Do we have credentials to use or are we using single sign-on? */ |
| 144 | if(userp && *userp) { |
| 145 | /* Populate our identity structure */ |
| 146 | result = Curl_create_sspi_identity(userp, passwdp, &krb5->identity); |
| 147 | if(result) |
| 148 | return result; |
| 149 | |
| 150 | /* Allow proper cleanup of the identity structure */ |
| 151 | krb5->p_identity = &krb5->identity; |
| 152 | } |
| 153 | else |
| 154 | /* Use the current Windows user */ |
| 155 | krb5->p_identity = NULL; |
| 156 | |
| 157 | /* Allocate our credentials handle */ |
| 158 | krb5->credentials = calloc(1, sizeof(CredHandle)); |
| 159 | if(!krb5->credentials) |
| 160 | return CURLE_OUT_OF_MEMORY; |
| 161 | |
| 162 | /* Acquire our credentials handle */ |
| 163 | status = s_pSecFn->AcquireCredentialsHandle(NULL, |
| 164 | (TCHAR *) |
| 165 | TEXT(SP_NAME_KERBEROS), |
| 166 | SECPKG_CRED_OUTBOUND, NULL, |
| 167 | krb5->p_identity, NULL, NULL, |
| 168 | krb5->credentials, &expiry); |
| 169 | if(status != SEC_E_OK) |
| 170 | return CURLE_LOGIN_DENIED; |
| 171 | |
| 172 | /* Allocate our new context handle */ |
| 173 | krb5->context = calloc(1, sizeof(CtxtHandle)); |
| 174 | if(!krb5->context) |
| 175 | return CURLE_OUT_OF_MEMORY; |
| 176 | } |
| 177 | |
| 178 | if(chlg64 && *chlg64) { |
| 179 | /* Decode the base-64 encoded challenge message */ |
| 180 | if(*chlg64 != '=') { |
| 181 | result = Curl_base64_decode(chlg64, &chlg, &chlglen); |
| 182 | if(result) |
| 183 | return result; |
| 184 | } |
| 185 | |
| 186 | /* Ensure we have a valid challenge message */ |
| 187 | if(!chlg) { |
| 188 | infof(data, "GSSAPI handshake failure (empty challenge message)\n"); |
| 189 | |
| 190 | return CURLE_BAD_CONTENT_ENCODING; |
| 191 | } |
| 192 | |
| 193 | /* Setup the challenge "input" security buffer */ |
| 194 | chlg_desc.ulVersion = SECBUFFER_VERSION; |
| 195 | chlg_desc.cBuffers = 1; |
| 196 | chlg_desc.pBuffers = &chlg_buf; |
| 197 | chlg_buf.BufferType = SECBUFFER_TOKEN; |
| 198 | chlg_buf.pvBuffer = chlg; |
| 199 | chlg_buf.cbBuffer = curlx_uztoul(chlglen); |
| 200 | } |
| 201 | |
| 202 | /* Setup the response "output" security buffer */ |
| 203 | resp_desc.ulVersion = SECBUFFER_VERSION; |
| 204 | resp_desc.cBuffers = 1; |
| 205 | resp_desc.pBuffers = &resp_buf; |
| 206 | resp_buf.BufferType = SECBUFFER_TOKEN; |
| 207 | resp_buf.pvBuffer = krb5->output_token; |
| 208 | resp_buf.cbBuffer = curlx_uztoul(krb5->token_max); |
| 209 | |
| 210 | /* Generate our challenge-response message */ |
| 211 | status = s_pSecFn->InitializeSecurityContext(krb5->credentials, |
| 212 | chlg ? krb5->context : NULL, |
| 213 | krb5->spn, |
| 214 | (mutual_auth ? |
| 215 | ISC_REQ_MUTUAL_AUTH : 0), |
| 216 | 0, SECURITY_NATIVE_DREP, |
| 217 | chlg ? &chlg_desc : NULL, 0, |
| 218 | &context, |
| 219 | &resp_desc, &attrs, |
| 220 | &expiry); |
| 221 | |
| 222 | /* Free the decoded challenge as it is not required anymore */ |
| 223 | free(chlg); |
| 224 | |
| 225 | if(status == SEC_E_INSUFFICIENT_MEMORY) { |
| 226 | return CURLE_OUT_OF_MEMORY; |
| 227 | } |
| 228 | |
| 229 | if(status != SEC_E_OK && status != SEC_I_CONTINUE_NEEDED) { |
| 230 | return CURLE_AUTH_ERROR; |
| 231 | } |
| 232 | |
| 233 | if(memcmp(&context, krb5->context, sizeof(context))) { |
| 234 | s_pSecFn->DeleteSecurityContext(krb5->context); |
| 235 | |
| 236 | memcpy(krb5->context, &context, sizeof(context)); |
| 237 | } |
| 238 | |
| 239 | if(resp_buf.cbBuffer) { |
| 240 | /* Base64 encode the response */ |
| 241 | result = Curl_base64_encode(data, (char *) resp_buf.pvBuffer, |
| 242 | resp_buf.cbBuffer, outptr, outlen); |
| 243 | } |
| 244 | else if(mutual_auth) { |
| 245 | *outptr = strdup(""); |
| 246 | if(!*outptr) |
| 247 | result = CURLE_OUT_OF_MEMORY; |
| 248 | } |
| 249 | |
| 250 | return result; |
| 251 | } |
| 252 | |
| 253 | /* |
| 254 | * Curl_auth_create_gssapi_security_message() |
| 255 | * |
| 256 | * This is used to generate an already encoded GSSAPI (Kerberos V5) security |
| 257 | * token message ready for sending to the recipient. |
| 258 | * |
| 259 | * Parameters: |
| 260 | * |
| 261 | * data [in] - The session handle. |
| 262 | * chlg64 [in] - The optional base64 encoded challenge message. |
| 263 | * krb5 [in/out] - The Kerberos 5 data struct being used and modified. |
| 264 | * outptr [in/out] - The address where a pointer to newly allocated memory |
| 265 | * holding the result will be stored upon completion. |
| 266 | * outlen [out] - The length of the output message. |
| 267 | * |
| 268 | * Returns CURLE_OK on success. |
| 269 | */ |
| 270 | CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data, |
| 271 | const char *chlg64, |
| 272 | struct kerberos5data *krb5, |
| 273 | char **outptr, |
| 274 | size_t *outlen) |
| 275 | { |
| 276 | CURLcode result = CURLE_OK; |
| 277 | size_t offset = 0; |
| 278 | size_t chlglen = 0; |
| 279 | size_t messagelen = 0; |
| 280 | size_t appdatalen = 0; |
| 281 | unsigned char *chlg = NULL; |
| 282 | unsigned char *trailer = NULL; |
| 283 | unsigned char *message = NULL; |
| 284 | unsigned char *padding = NULL; |
| 285 | unsigned char *appdata = NULL; |
| 286 | SecBuffer input_buf[2]; |
| 287 | SecBuffer wrap_buf[3]; |
| 288 | SecBufferDesc input_desc; |
| 289 | SecBufferDesc wrap_desc; |
| 290 | unsigned long indata = 0; |
| 291 | unsigned long outdata = 0; |
| 292 | unsigned long qop = 0; |
| 293 | unsigned long sec_layer = 0; |
| 294 | unsigned long max_size = 0; |
| 295 | SecPkgContext_Sizes sizes; |
| 296 | SecPkgCredentials_Names names; |
| 297 | SECURITY_STATUS status; |
| 298 | char *user_name; |
| 299 | |
| 300 | /* Decode the base-64 encoded input message */ |
| 301 | if(strlen(chlg64) && *chlg64 != '=') { |
| 302 | result = Curl_base64_decode(chlg64, &chlg, &chlglen); |
| 303 | if(result) |
| 304 | return result; |
| 305 | } |
| 306 | |
| 307 | /* Ensure we have a valid challenge message */ |
| 308 | if(!chlg) { |
| 309 | infof(data, "GSSAPI handshake failure (empty security message)\n"); |
| 310 | |
| 311 | return CURLE_BAD_CONTENT_ENCODING; |
| 312 | } |
| 313 | |
| 314 | /* Get our response size information */ |
| 315 | status = s_pSecFn->QueryContextAttributes(krb5->context, |
| 316 | SECPKG_ATTR_SIZES, |
| 317 | &sizes); |
| 318 | if(status != SEC_E_OK) { |
| 319 | free(chlg); |
| 320 | |
| 321 | if(status == SEC_E_INSUFFICIENT_MEMORY) |
| 322 | return CURLE_OUT_OF_MEMORY; |
| 323 | |
| 324 | return CURLE_AUTH_ERROR; |
| 325 | } |
| 326 | |
| 327 | /* Get the fully qualified username back from the context */ |
| 328 | status = s_pSecFn->QueryCredentialsAttributes(krb5->credentials, |
| 329 | SECPKG_CRED_ATTR_NAMES, |
| 330 | &names); |
| 331 | if(status != SEC_E_OK) { |
| 332 | free(chlg); |
| 333 | |
| 334 | if(status == SEC_E_INSUFFICIENT_MEMORY) |
| 335 | return CURLE_OUT_OF_MEMORY; |
| 336 | |
| 337 | return CURLE_AUTH_ERROR; |
| 338 | } |
| 339 | |
| 340 | /* Setup the "input" security buffer */ |
| 341 | input_desc.ulVersion = SECBUFFER_VERSION; |
| 342 | input_desc.cBuffers = 2; |
| 343 | input_desc.pBuffers = input_buf; |
| 344 | input_buf[0].BufferType = SECBUFFER_STREAM; |
| 345 | input_buf[0].pvBuffer = chlg; |
| 346 | input_buf[0].cbBuffer = curlx_uztoul(chlglen); |
| 347 | input_buf[1].BufferType = SECBUFFER_DATA; |
| 348 | input_buf[1].pvBuffer = NULL; |
| 349 | input_buf[1].cbBuffer = 0; |
| 350 | |
| 351 | /* Decrypt the inbound challenge and obtain the qop */ |
| 352 | status = s_pSecFn->DecryptMessage(krb5->context, &input_desc, 0, &qop); |
| 353 | if(status != SEC_E_OK) { |
| 354 | infof(data, "GSSAPI handshake failure (empty security message)\n"); |
| 355 | |
| 356 | free(chlg); |
| 357 | |
| 358 | return CURLE_BAD_CONTENT_ENCODING; |
| 359 | } |
| 360 | |
| 361 | /* Not 4 octets long so fail as per RFC4752 Section 3.1 */ |
| 362 | if(input_buf[1].cbBuffer != 4) { |
| 363 | infof(data, "GSSAPI handshake failure (invalid security data)\n"); |
| 364 | |
| 365 | free(chlg); |
| 366 | |
| 367 | return CURLE_BAD_CONTENT_ENCODING; |
| 368 | } |
| 369 | |
| 370 | /* Copy the data out and free the challenge as it is not required anymore */ |
| 371 | memcpy(&indata, input_buf[1].pvBuffer, 4); |
| 372 | s_pSecFn->FreeContextBuffer(input_buf[1].pvBuffer); |
| 373 | free(chlg); |
| 374 | |
| 375 | /* Extract the security layer */ |
| 376 | sec_layer = indata & 0x000000FF; |
| 377 | if(!(sec_layer & KERB_WRAP_NO_ENCRYPT)) { |
| 378 | infof(data, "GSSAPI handshake failure (invalid security layer)\n"); |
| 379 | |
| 380 | return CURLE_BAD_CONTENT_ENCODING; |
| 381 | } |
| 382 | |
| 383 | /* Extract the maximum message size the server can receive */ |
| 384 | max_size = ntohl(indata & 0xFFFFFF00); |
| 385 | if(max_size > 0) { |
| 386 | /* The server has told us it supports a maximum receive buffer, however, as |
| 387 | we don't require one unless we are encrypting data, we tell the server |
| 388 | our receive buffer is zero. */ |
| 389 | max_size = 0; |
| 390 | } |
| 391 | |
| 392 | /* Allocate the trailer */ |
| 393 | trailer = malloc(sizes.cbSecurityTrailer); |
| 394 | if(!trailer) |
| 395 | return CURLE_OUT_OF_MEMORY; |
| 396 | |
| 397 | /* Convert the user name to UTF8 when operating with Unicode */ |
| 398 | user_name = Curl_convert_tchar_to_UTF8(names.sUserName); |
| 399 | if(!user_name) { |
| 400 | free(trailer); |
| 401 | |
| 402 | return CURLE_OUT_OF_MEMORY; |
| 403 | } |
| 404 | |
| 405 | /* Allocate our message */ |
| 406 | messagelen = sizeof(outdata) + strlen(user_name) + 1; |
| 407 | message = malloc(messagelen); |
| 408 | if(!message) { |
| 409 | free(trailer); |
| 410 | Curl_unicodefree(user_name); |
| 411 | |
| 412 | return CURLE_OUT_OF_MEMORY; |
| 413 | } |
| 414 | |
| 415 | /* Populate the message with the security layer, client supported receive |
| 416 | message size and authorization identity including the 0x00 based |
| 417 | terminator. Note: Despite RFC4752 Section 3.1 stating "The authorization |
| 418 | identity is not terminated with the zero-valued (%x00) octet." it seems |
| 419 | necessary to include it. */ |
| 420 | outdata = htonl(max_size) | sec_layer; |
| 421 | memcpy(message, &outdata, sizeof(outdata)); |
| 422 | strcpy((char *) message + sizeof(outdata), user_name); |
| 423 | Curl_unicodefree(user_name); |
| 424 | |
| 425 | /* Allocate the padding */ |
| 426 | padding = malloc(sizes.cbBlockSize); |
| 427 | if(!padding) { |
| 428 | free(message); |
| 429 | free(trailer); |
| 430 | |
| 431 | return CURLE_OUT_OF_MEMORY; |
| 432 | } |
| 433 | |
| 434 | /* Setup the "authentication data" security buffer */ |
| 435 | wrap_desc.ulVersion = SECBUFFER_VERSION; |
| 436 | wrap_desc.cBuffers = 3; |
| 437 | wrap_desc.pBuffers = wrap_buf; |
| 438 | wrap_buf[0].BufferType = SECBUFFER_TOKEN; |
| 439 | wrap_buf[0].pvBuffer = trailer; |
| 440 | wrap_buf[0].cbBuffer = sizes.cbSecurityTrailer; |
| 441 | wrap_buf[1].BufferType = SECBUFFER_DATA; |
| 442 | wrap_buf[1].pvBuffer = message; |
| 443 | wrap_buf[1].cbBuffer = curlx_uztoul(messagelen); |
| 444 | wrap_buf[2].BufferType = SECBUFFER_PADDING; |
| 445 | wrap_buf[2].pvBuffer = padding; |
| 446 | wrap_buf[2].cbBuffer = sizes.cbBlockSize; |
| 447 | |
| 448 | /* Encrypt the data */ |
| 449 | status = s_pSecFn->EncryptMessage(krb5->context, KERB_WRAP_NO_ENCRYPT, |
| 450 | &wrap_desc, 0); |
| 451 | if(status != SEC_E_OK) { |
| 452 | free(padding); |
| 453 | free(message); |
| 454 | free(trailer); |
| 455 | |
| 456 | if(status == SEC_E_INSUFFICIENT_MEMORY) |
| 457 | return CURLE_OUT_OF_MEMORY; |
| 458 | |
| 459 | return CURLE_AUTH_ERROR; |
| 460 | } |
| 461 | |
| 462 | /* Allocate the encryption (wrap) buffer */ |
| 463 | appdatalen = wrap_buf[0].cbBuffer + wrap_buf[1].cbBuffer + |
| 464 | wrap_buf[2].cbBuffer; |
| 465 | appdata = malloc(appdatalen); |
| 466 | if(!appdata) { |
| 467 | free(padding); |
| 468 | free(message); |
| 469 | free(trailer); |
| 470 | |
| 471 | return CURLE_OUT_OF_MEMORY; |
| 472 | } |
| 473 | |
| 474 | /* Populate the encryption buffer */ |
| 475 | memcpy(appdata, wrap_buf[0].pvBuffer, wrap_buf[0].cbBuffer); |
| 476 | offset += wrap_buf[0].cbBuffer; |
| 477 | memcpy(appdata + offset, wrap_buf[1].pvBuffer, wrap_buf[1].cbBuffer); |
| 478 | offset += wrap_buf[1].cbBuffer; |
| 479 | memcpy(appdata + offset, wrap_buf[2].pvBuffer, wrap_buf[2].cbBuffer); |
| 480 | |
| 481 | /* Base64 encode the response */ |
| 482 | result = Curl_base64_encode(data, (char *) appdata, appdatalen, outptr, |
| 483 | outlen); |
| 484 | |
| 485 | /* Free all of our local buffers */ |
| 486 | free(appdata); |
| 487 | free(padding); |
| 488 | free(message); |
| 489 | free(trailer); |
| 490 | |
| 491 | return result; |
| 492 | } |
| 493 | |
| 494 | /* |
| 495 | * Curl_auth_cleanup_gssapi() |
| 496 | * |
| 497 | * This is used to clean up the GSSAPI (Kerberos V5) specific data. |
| 498 | * |
| 499 | * Parameters: |
| 500 | * |
| 501 | * krb5 [in/out] - The Kerberos 5 data struct being cleaned up. |
| 502 | * |
| 503 | */ |
| 504 | void Curl_auth_cleanup_gssapi(struct kerberos5data *krb5) |
| 505 | { |
| 506 | /* Free our security context */ |
| 507 | if(krb5->context) { |
| 508 | s_pSecFn->DeleteSecurityContext(krb5->context); |
| 509 | free(krb5->context); |
| 510 | krb5->context = NULL; |
| 511 | } |
| 512 | |
| 513 | /* Free our credentials handle */ |
| 514 | if(krb5->credentials) { |
| 515 | s_pSecFn->FreeCredentialsHandle(krb5->credentials); |
| 516 | free(krb5->credentials); |
| 517 | krb5->credentials = NULL; |
| 518 | } |
| 519 | |
| 520 | /* Free our identity */ |
| 521 | Curl_sspi_free_identity(krb5->p_identity); |
| 522 | krb5->p_identity = NULL; |
| 523 | |
| 524 | /* Free the SPN and output token */ |
| 525 | Curl_safefree(krb5->spn); |
| 526 | Curl_safefree(krb5->output_token); |
| 527 | |
| 528 | /* Reset any variables */ |
| 529 | krb5->token_max = 0; |
| 530 | } |
| 531 | |
| 532 | #endif /* USE_WINDOWS_SSPI && USE_KERBEROS5*/ |
| 533 |
Generated on 2020-Jan-04 from project ClickHouse revision 19.17.6
Powered by 
Code Browser 2.1
Generator usage only permitted with license.