static int corner_tag(void) { struct { int ok; const char *ptr; size_t len; } tests[] = { { 1, "\x00", 1 }, { 0, "\xff", 1 }, { 0, "\xff\xff\xff\xff\xff\xff\xff\xff", 8 } }; int i, ret; Der_class cl; Der_type ty; unsigned int tag; size_t size; for (i = 0; i < sizeof(tests)/sizeof(tests[0]); i++) { ret = der_get_tag((const unsigned char*)tests[i].ptr, tests[i].len, &cl, &ty, &tag, &size); if (ret) { if (tests[i].ok) errx(1, "failed while shouldn't"); } else { if (!tests[i].ok) errx(1, "passed while shouldn't"); } } return 0; }
int decode_heim_any(const unsigned char *p, size_t len, heim_any *data, size_t *size) { size_t len_len, length, l; Der_class thisclass; Der_type thistype; unsigned int thistag; int e; memset(data, 0, sizeof(*data)); e = der_get_tag (p, len, &thisclass, &thistype, &thistag, &l); if (e) return e; if (l > len) return ASN1_OVERFLOW; e = der_get_length(p + l, len - l, &length, &len_len); if (e) return e; if (length + len_len + l > len) return ASN1_OVERFLOW; data->data = malloc(length + len_len + l); if (data->data == NULL) return ENOMEM; data->length = length + len_len + l; memcpy(data->data, p, length + len_len + l); if (size) *size = length + len_len + l; return 0; }
krb5_error_code hdb_replace_extension(krb5_context context, hdb_entry *entry, const HDB_extension *ext) { HDB_extension *ext2; HDB_extension *es; int ret; ext2 = NULL; if (entry->extensions == NULL) { entry->extensions = calloc(1, sizeof(*entry->extensions)); if (entry->extensions == NULL) { krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; } } else if (ext->data.element != choice_HDB_extension_data_asn1_ellipsis) { ext2 = hdb_find_extension(entry, ext->data.element); } else { /* * This is an unknown extention, and we are asked to replace a * possible entry in `entry' that is of the same type. This * might seem impossible, but ASN.1 CHOICE comes to our * rescue. The first tag in each branch in the CHOICE is * unique, so just find the element in the list that have the * same tag was we are putting into the list. */ Der_class replace_class, list_class; Der_type replace_type, list_type; unsigned int replace_tag, list_tag; size_t size; int i; ret = der_get_tag(ext->data.u.asn1_ellipsis.data, ext->data.u.asn1_ellipsis.length, &replace_class, &replace_type, &replace_tag, &size); if (ret) { krb5_set_error_string(context, "hdb: failed to decode " "replacement hdb extention"); return ret; } for (i = 0; i < entry->extensions->len; i++) { HDB_extension *ext3 = &entry->extensions->val[i]; if (ext3->data.element != choice_HDB_extension_data_asn1_ellipsis) continue; ret = der_get_tag(ext3->data.u.asn1_ellipsis.data, ext3->data.u.asn1_ellipsis.length, &list_class, &list_type, &list_tag, &size); if (ret) { krb5_set_error_string(context, "hdb: failed to decode " "present hdb extention"); return ret; } if (MAKE_TAG(replace_class,replace_type,replace_type) == MAKE_TAG(list_class,list_type,list_type)) { ext2 = ext3; break; } } } if (ext2) { free_HDB_extension(ext2); ret = copy_HDB_extension(ext, ext2); if (ret) krb5_set_error_string(context, "hdb: failed to copy replacement " "hdb extention"); return ret; } es = realloc(entry->extensions->val, (entry->extensions->len+1)*sizeof(entry->extensions->val[0])); if (es == NULL) { krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; } entry->extensions->val = es; ret = copy_HDB_extension(ext, &entry->extensions->val[entry->extensions->len]); if (ret == 0) entry->extensions->len++; else krb5_set_error_string(context, "hdb: failed to copy new extension"); return ret; }
int main(int argc, char **argv) { krb5_error_code ret; krb5_context context; krb5_kdc_configuration *config; krb5_storage *sp; int fd, optidx = 0; setprogname(argv[0]); if(getarg(args, num_args, argc, argv, &optidx)) usage(1); if(help_flag) usage(0); if(version_flag){ print_version(NULL); exit(0); } ret = krb5_init_context(&context); if (ret) errx (1, "krb5_init_context failed to parse configuration file"); ret = krb5_kdc_get_config(context, &config); if (ret) krb5_err(context, 1, ret, "krb5_kdc_default_config"); kdc_openlog(context, "kdc-replay", config); ret = krb5_kdc_set_dbinfo(context, config); if (ret) krb5_err(context, 1, ret, "krb5_kdc_set_dbinfo"); #ifdef PKINIT if (config->enable_pkinit) { if (config->pkinit_kdc_identity == NULL) krb5_errx(context, 1, "pkinit enabled but no identity"); if (config->pkinit_kdc_anchors == NULL) krb5_errx(context, 1, "pkinit enabled but no X509 anchors"); krb5_kdc_pk_initialize(context, config, config->pkinit_kdc_identity, config->pkinit_kdc_anchors, config->pkinit_kdc_cert_pool, config->pkinit_kdc_revoke); } #endif /* PKINIT */ if (argc != 2) errx(1, "argc != 2"); printf("kdc replay\n"); fd = open(argv[1], O_RDONLY); if (fd < 0) err(1, "open: %s", argv[1]); sp = krb5_storage_from_fd(fd); if (sp == NULL) krb5_errx(context, 1, "krb5_storage_from_fd"); while(1) { struct sockaddr_storage sa; krb5_socklen_t salen = sizeof(sa); struct timeval tv; krb5_address a; krb5_data d, r; uint32_t t, clty, tag; char astr[80]; ret = krb5_ret_uint32(sp, &t); if (ret == HEIM_ERR_EOF) break; else if (ret) krb5_errx(context, 1, "krb5_ret_uint32(version)"); if (t != 1) krb5_errx(context, 1, "version not 1"); ret = krb5_ret_uint32(sp, &t); if (ret) krb5_errx(context, 1, "krb5_ret_uint32(time)"); ret = krb5_ret_address(sp, &a); if (ret) krb5_errx(context, 1, "krb5_ret_address"); ret = krb5_ret_data(sp, &d); if (ret) krb5_errx(context, 1, "krb5_ret_data"); ret = krb5_ret_uint32(sp, &clty); if (ret) krb5_errx(context, 1, "krb5_ret_uint32(class|type)"); ret = krb5_ret_uint32(sp, &tag); if (ret) krb5_errx(context, 1, "krb5_ret_uint32(tag)"); ret = krb5_addr2sockaddr (context, &a, (struct sockaddr *)&sa, &salen, 88); if (ret == KRB5_PROG_ATYPE_NOSUPP) goto out; else if (ret) krb5_err(context, 1, ret, "krb5_addr2sockaddr"); ret = krb5_print_address(&a, astr, sizeof(astr), NULL); if (ret) krb5_err(context, 1, ret, "krb5_print_address"); printf("processing request from %s, %lu bytes\n", astr, (unsigned long)d.length); r.length = 0; r.data = NULL; tv.tv_sec = t; tv.tv_usec = 0; krb5_kdc_update_time(&tv); krb5_set_real_time(context, tv.tv_sec, 0); ret = krb5_kdc_process_request(context, config, d.data, d.length, &r, NULL, astr, (struct sockaddr *)&sa, 0); if (ret) krb5_err(context, 1, ret, "krb5_kdc_process_request"); if (r.length) { Der_class cl; Der_type ty; unsigned int tag2; ret = der_get_tag (r.data, r.length, &cl, &ty, &tag2, NULL); if (MAKE_TAG(cl, ty, 0) != clty) krb5_errx(context, 1, "class|type mismatch: %d != %d", (int)MAKE_TAG(cl, ty, 0), (int)clty); if (tag != tag2) krb5_errx(context, 1, "tag mismatch"); krb5_data_free(&r); } else { if (clty != 0xffffffff) krb5_errx(context, 1, "clty not invalid"); if (tag != 0xffffffff) krb5_errx(context, 1, "tag not invalid"); } out: krb5_data_free(&d); krb5_free_address(context, &a); } krb5_storage_free(sp); krb5_free_context(context); printf("done\n"); return 0; }
int krb5_kdc_save_request(krb5_context context, const char *fn, const unsigned char *buf, size_t len, const krb5_data *reply, const struct sockaddr *sa) { krb5_storage *sp; krb5_address a; int fd, ret; uint32_t t; krb5_data d; memset(&a, 0, sizeof(a)); d.data = rk_UNCONST(buf); d.length = len; t = _kdc_now.tv_sec; fd = open(fn, O_WRONLY|O_CREAT|O_APPEND, 0600); if (fd < 0) { int saved_errno = errno; krb5_set_error_message(context, saved_errno, "Failed to open: %s", fn); return saved_errno; } sp = krb5_storage_from_fd(fd); close(fd); if (sp == NULL) { krb5_set_error_message(context, ENOMEM, "Storage failed to open fd"); return ENOMEM; } ret = krb5_sockaddr2address(context, sa, &a); if (ret) goto out; krb5_store_uint32(sp, 1); krb5_store_uint32(sp, t); krb5_store_address(sp, a); krb5_store_data(sp, d); { Der_class cl; Der_type ty; unsigned int tag; ret = der_get_tag (reply->data, reply->length, &cl, &ty, &tag, NULL); if (ret) { krb5_store_uint32(sp, 0xffffffff); krb5_store_uint32(sp, 0xffffffff); } else { krb5_store_uint32(sp, MAKE_TAG(cl, ty, 0)); krb5_store_uint32(sp, tag); } } krb5_free_address(context, &a); out: krb5_storage_free(sp); return 0; }