Beispiel #1
0
krb5_error_code KRB5_CALLCONV
krb5_copy_authenticator(krb5_context context, const krb5_authenticator *authfrom, krb5_authenticator **authto)
{
    krb5_error_code retval;
    krb5_authenticator *tempto;

    if (!(tempto = (krb5_authenticator *)MALLOC(sizeof(*tempto))))
	return ENOMEM;
#ifdef HAVE_C_STRUCTURE_ASSIGNMENT
    *tempto = *authfrom;
#else
    (void) memcpy(tempto, authfrom, sizeof(krb5_authenticator));
#endif

    retval = krb5_copy_principal(context, authfrom->client, &tempto->client);
    if (retval) {
	krb5_xfree_wrap(tempto, sizeof(*tempto));
	return retval;
    }
    
    if (authfrom->checksum &&
	(retval = krb5_copy_checksum(context, authfrom->checksum, &tempto->checksum))) {
	    krb5_free_principal(context, tempto->client);    
	    krb5_xfree_wrap(tempto, sizeof(*tempto));
	    return retval;
    }
    
    if (authfrom->subkey) {
	    retval = krb5_copy_keyblock(context, authfrom->subkey, &tempto->subkey);
	    if (retval) {
		    krb5_xfree_wrap(tempto->subkey, sizeof(krb5_keyblock));
		    krb5_free_checksum(context, tempto->checksum);
		    krb5_free_principal(context, tempto->client);    
		    krb5_xfree_wrap(tempto, sizeof(*tempto));
		    return retval;
	    }
    }
    
    if (authfrom->authorization_data) {
		retval = krb5_copy_authdata(context, authfrom->authorization_data,
				    &tempto->authorization_data);
		if (retval) {
		    krb5_xfree_wrap(tempto->subkey, sizeof(krb5_keyblock));
		    krb5_free_checksum(context, tempto->checksum);
		    krb5_free_principal(context, tempto->client);    
		    krb5_free_authdata(context, tempto->authorization_data);
		    krb5_xfree_wrap(tempto, sizeof(*tempto));
		    return retval;
		}
    }

    *authto = tempto;
    return 0;
}
Beispiel #2
0
krb5_error_code KRB5_CALLCONV
krb5_copy_authenticator(krb5_context context, const krb5_authenticator *authfrom,
                        krb5_authenticator **authto)
{
    krb5_error_code retval;
    krb5_authenticator *tempto;

    if (!(tempto = (krb5_authenticator *)malloc(sizeof(*tempto))))
        return ENOMEM;
    *tempto = *authfrom;

    retval = krb5_copy_principal(context, authfrom->client, &tempto->client);
    if (retval) {
        free(tempto);
        return retval;
    }

    if (authfrom->checksum &&
        (retval = krb5_copy_checksum(context, authfrom->checksum, &tempto->checksum))) {
        krb5_free_principal(context, tempto->client);
        free(tempto);
        return retval;
    }

    if (authfrom->subkey) {
        retval = krb5_copy_keyblock(context, authfrom->subkey, &tempto->subkey);
        if (retval) {
            free(tempto->subkey);
            krb5_free_checksum(context, tempto->checksum);
            krb5_free_principal(context, tempto->client);
            free(tempto);
            return retval;
        }
    }

    if (authfrom->authorization_data) {
        retval = krb5_copy_authdata(context, authfrom->authorization_data,
                                    &tempto->authorization_data);
        if (retval) {
            free(tempto->subkey);
            krb5_free_checksum(context, tempto->checksum);
            krb5_free_principal(context, tempto->client);
            krb5_free_authdata(context, tempto->authorization_data);
            free(tempto);
            return retval;
        }
    }

    *authto = tempto;
    return 0;
}
Beispiel #3
0
void KRB5_CALLCONV
krb5_free_safe(krb5_context context, register krb5_safe *val)
{
    if (val == NULL)
        return;
    free(val->user_data.data);
    krb5_free_address(context, val->r_address);
    krb5_free_address(context, val->s_address);
    krb5_free_checksum(context, val->checksum);
    free(val);
}
Beispiel #4
0
void KRB5_CALLCONV
krb5_free_authenticator_contents(krb5_context context, krb5_authenticator *val)
{
    if (val == NULL)
        return;
    krb5_free_checksum(context, val->checksum);
    val->checksum = 0;
    krb5_free_principal(context, val->client);
    val->client = 0;
    krb5_free_keyblock(context, val->subkey);
    val->subkey = 0;
    krb5_free_authdata(context, val->authorization_data);
    val->authorization_data = 0;
}
Beispiel #5
0
krb5_error_code
krb5int_fast_verify_nego(krb5_context context,
                         struct krb5int_fast_request_state *state,
                         krb5_kdc_rep *rep, krb5_data *request,
                         krb5_keyblock *decrypting_key,
                         krb5_boolean *fast_avail)
{
    krb5_error_code retval = 0;
    krb5_checksum *checksum = NULL;
    krb5_pa_data *pa;
    krb5_data scratch;
    krb5_boolean valid;

    *fast_avail = FALSE;
    if (rep->enc_part2->flags& TKT_FLG_ENC_PA_REP) {
        pa = krb5int_find_pa_data(context, rep->enc_part2->enc_padata,
                                  KRB5_ENCPADATA_REQ_ENC_PA_REP);
        if (pa == NULL)
            retval = KRB5_KDCREP_MODIFIED;
        else {
            scratch.data = (char *) pa->contents;
            scratch.length = pa->length;
        }
        if (retval == 0)
            retval = decode_krb5_checksum(&scratch, &checksum);
        if (retval == 0)
            retval = krb5_c_verify_checksum(context, decrypting_key,
                                            KRB5_KEYUSAGE_AS_REQ,
                                            request, checksum, &valid);
        if (retval == 0 &&valid == 0)
            retval = KRB5_KDCREP_MODIFIED;
        if (retval == 0) {
            pa = krb5int_find_pa_data(context, rep->enc_part2->enc_padata,
                                      KRB5_PADATA_FX_FAST);
            *fast_avail = (pa != NULL);
        }
    }
    TRACE_FAST_NEGO(context, *fast_avail);
    if (checksum)
        krb5_free_checksum(context, checksum);
    return retval;
}
Beispiel #6
0
void KRB5_CALLCONV
krb5_free_sam_challenge_2_contents(krb5_context ctx,
                                   krb5_sam_challenge_2 *sc2)
{
    krb5_checksum **cksump;

    if (!sc2)
        return;
    if (sc2->sam_challenge_2_body.data)
        krb5_free_data_contents(ctx, &sc2->sam_challenge_2_body);
    if (sc2->sam_cksum) {
        cksump = sc2->sam_cksum;
        while (*cksump) {
            krb5_free_checksum(ctx, *cksump);
            cksump++;
        }
        free(sc2->sam_cksum);
        sc2->sam_cksum = 0;
    }
}
Beispiel #7
0
/*
 * Do a serialization test.
 */
static krb5_error_code
ser_data(int verbose, char *msg, krb5_pointer ctx, krb5_magic dtype)
{
    krb5_error_code	kret;
    krb5_context	ser_ctx;
    krb5_pointer	nctx;
    krb5_octet		*outrep, *ibuf, *outrep2;
    size_t		outlen, ilen, outlen2;

    /* Initialize context and initialize all Kerberos serializers */
    if ((kret = krb5_init_context(&ser_ctx))) {
	    printf("Couldn't initialize krb5 library: %s\n",
		   error_message(kret));
	    exit(1);
    }
    krb5_ser_context_init(ser_ctx);
    krb5_ser_auth_context_init(ser_ctx);
    krb5_ser_ccache_init(ser_ctx);
    krb5_ser_rcache_init(ser_ctx);
    krb5_ser_keytab_init(ser_ctx);

    /* Externalize the data */
    kret = krb5_externalize_data(ser_ctx, ctx, &outrep, &outlen);
    if (!kret) {
	if (verbose) {
	    printf("%s: externalized in %d bytes\n", msg, outlen);
	    print_erep(outrep, outlen);
	}

	/* Now attempt to re-constitute it */
	ibuf = outrep;
	ilen = outlen;
	kret = krb5_internalize_opaque(ser_ctx,
				       dtype,
				       (krb5_pointer *) &nctx,
				       &ibuf,
				       &ilen);
	if (!kret) {
	    if (ilen)
		printf("%s: %d bytes left over after internalize\n",
		       msg, ilen);
	    /* Now attempt to re-externalize it */
	    kret = krb5_externalize_data(ser_ctx, nctx, &outrep2, &outlen2);
	    if (!kret) {
		/* Compare the results. */
		if ((outlen2 != outlen) ||
		    memcmp(outrep, outrep2, outlen)) {
		    printf("%s: comparison failed\n", msg);
		    print_erep(outrep2, outlen2);
		}
		else {
		    if (verbose)
			printf("%s: compare succeeded\n", msg);
		}
		krb5_xfree(outrep2);
	    }
	    else
		printf("%s: second externalize returned %d\n", msg, kret);

	    /* Free the data */
	    switch (dtype) {
	    case KV5M_CONTEXT:
		krb5_free_context((krb5_context) nctx);
		break;
	    case KV5M_AUTH_CONTEXT:
		if (nctx) {
		    krb5_auth_context	actx;

		    actx = (krb5_auth_context) nctx;
		    if (actx->i_vector)
			krb5_xfree(actx->i_vector);
		}
		krb5_auth_con_free(ser_ctx, (krb5_auth_context) nctx);
		break;
	    case KV5M_CCACHE:
		krb5_cc_close(ser_ctx, (krb5_ccache) nctx);
		break;
	    case KV5M_RCACHE:
		krb5_rc_close(ser_ctx, (krb5_rcache) nctx);
		break;
	    case KV5M_KEYTAB:
		krb5_kt_close(ser_ctx, (krb5_keytab) nctx);
		break;
	    case KV5M_ENCRYPT_BLOCK:
		if (nctx) {
		    krb5_encrypt_block *eblock;

		    eblock = (krb5_encrypt_block *) nctx;
#if 0
		    if (eblock->priv && eblock->priv_size)
			krb5_xfree(eblock->priv);
#endif
		    if (eblock->key)
			krb5_free_keyblock(ser_ctx, eblock->key);
		    krb5_xfree(eblock);
		}
		break;
	    case KV5M_PRINCIPAL:
		krb5_free_principal(ser_ctx, (krb5_principal) nctx);
		break;
	    case KV5M_CHECKSUM:
		krb5_free_checksum(ser_ctx, (krb5_checksum *) nctx);
		break;
	    default:
		printf("don't know how to free %d\n", dtype);
		break;
	    }
	}
	else
	    printf("%s: internalize returned %d\n", msg, kret);
	krb5_xfree(outrep);
    }
    else
	printf("%s: externalize_data returned %d\n", msg, kret);
    krb5_free_context(ser_ctx);
    return(kret);
}