Ejemplo n.º 1
0
static krb5_error_code
krb5_kt_store_principal(krb5_context context,
			krb5_storage *sp,
			krb5_principal p)
{
    size_t i;
    int ret;

    if(krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS))
	ret = krb5_store_int16(sp, p->name.name_string.len + 1);
    else
	ret = krb5_store_int16(sp, p->name.name_string.len);
    if(ret) return ret;
    ret = krb5_kt_store_string(sp, p->realm);
    if(ret) return ret;
    for(i = 0; i < p->name.name_string.len; i++){
	ret = krb5_kt_store_string(sp, p->name.name_string.val[i]);
	if(ret)
	    return ret;
    }
    if(!krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE)) {
	ret = krb5_store_int32(sp, p->name.name_type);
	if(ret)
	    return ret;
    }

    return 0;
}
Ejemplo n.º 2
0
static krb5_error_code
fcc_initialize(krb5_context context,
	       krb5_ccache id,
	       krb5_principal primary_principal)
{
    krb5_fcache *f = FCACHE(id);
    int ret = 0;
    int fd;
    char *filename = f->filename;

    unlink (filename);

    ret = fcc_open(context, id, &fd, O_RDWR | O_CREAT | O_EXCL | O_BINARY | O_CLOEXEC, 0600);
    if(ret)
	return ret;
    {
	krb5_storage *sp;
	sp = krb5_storage_emem();
	krb5_storage_set_eof_code(sp, KRB5_CC_END);
	if(context->fcache_vno != 0)
	    f->version = context->fcache_vno;
	else
	    f->version = KRB5_FCC_FVNO_4;
	ret |= krb5_store_int8(sp, 5);
	ret |= krb5_store_int8(sp, f->version);
	storage_set_flags(context, sp, f->version);
	if(f->version == KRB5_FCC_FVNO_4 && ret == 0) {
	    /* V4 stuff */
	    if (context->kdc_sec_offset) {
		ret |= krb5_store_int16 (sp, 12); /* length */
		ret |= krb5_store_int16 (sp, FCC_TAG_DELTATIME); /* Tag */
		ret |= krb5_store_int16 (sp, 8); /* length of data */
		ret |= krb5_store_int32 (sp, context->kdc_sec_offset);
		ret |= krb5_store_int32 (sp, context->kdc_usec_offset);
	    } else {
		ret |= krb5_store_int16 (sp, 0);
	    }
	}
	ret |= krb5_store_principal(sp, primary_principal);
	
	ret |= write_storage(context, sp, fd);

	krb5_storage_free(sp);
    }
    fcc_unlock(context, fd);
    if (close(fd) < 0)
	if (ret == 0) {
	    ret = errno;
	    krb5_set_error_message (context, ret, N_("close %s: %s", ""),
				    FILENAME(id), strerror(ret));
	}
    return ret;
}
Ejemplo n.º 3
0
/*
 * Request:
 *      NameZ
 *      Mode
 *
 * Response:
 *
 */
krb5_error_code
_krb5_kcm_chmod(krb5_context context,
		krb5_ccache id,
		u_int16_t mode)
{
    krb5_error_code ret;
    krb5_kcmcache *k = KCMCACHE(id);
    krb5_storage *request;

    ret = kcm_storage_request(context, KCM_OP_CHMOD, &request);
    if (ret)
	return ret;

    ret = krb5_store_stringz(request, k->name);
    if (ret) {
	krb5_storage_free(request);
	return ret;
    }

    ret = krb5_store_int16(request, mode);
    if (ret) {
	krb5_storage_free(request);
	return ret;
    }

    ret = kcm_call(context, k, request, NULL, NULL);

    krb5_storage_free(request);
    return ret;
}
Ejemplo n.º 4
0
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_store_keyblock(krb5_storage *sp, krb5_keyblock p)
{
    int ret;
    ret = krb5_store_int16(sp, p.keytype);
    if(ret) return ret;

    if(krb5_storage_is_flags(sp, KRB5_STORAGE_KEYBLOCK_KEYTYPE_TWICE)){
	/* this should really be enctype, but it is the same as
           keytype nowadays */
    ret = krb5_store_int16(sp, p.keytype);
    if(ret) return ret;
    }

    ret = krb5_store_data(sp, p.keyvalue);
    return ret;
}
Ejemplo n.º 5
0
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_store_address(krb5_storage *sp, krb5_address p)
{
    int ret;
    ret = krb5_store_int16(sp, p.addr_type);
    if(ret) return ret;
    ret = krb5_store_data(sp, p.address);
    return ret;
}
Ejemplo n.º 6
0
static krb5_error_code
krb5_kt_store_keyblock(krb5_context context,
		       krb5_storage *sp, 
		       krb5_keyblock *p)
{
    int ret;

    ret = krb5_store_int16(sp, p->keytype); /* keytype + etype */
    if(ret) return ret;
    ret = krb5_kt_store_data(context, sp, p->keyvalue);
    return ret;
}
Ejemplo n.º 7
0
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_store_authdata(krb5_storage *sp, krb5_authdata auth)
{
    krb5_error_code ret;
    size_t i;
    ret = krb5_store_int32(sp, auth.len);
    if(ret) return ret;
    for(i = 0; i < auth.len; i++){
	ret = krb5_store_int16(sp, auth.val[i].ad_type);
	if(ret) break;
	ret = krb5_store_data(sp, auth.val[i].ad_data);
	if(ret) break;
    }
    return 0;
}
Ejemplo n.º 8
0
krb5_error_code KRB5_LIB_FUNCTION
_krb5_krb_create_auth_reply(krb5_context context,
			    const char *pname,
			    const char *pinst,
			    const char *prealm,
			    int32_t time_ws,
			    int n,
			    uint32_t x_date,
			    unsigned char kvno,
			    const krb5_data *cipher,
			    krb5_data *data)
{
    krb5_error_code ret;
    krb5_storage *sp;

    krb5_data_zero(data);

    sp = krb5_storage_emem();
    if (sp == NULL) {
	krb5_set_error_string(context, "malloc: out of memory");
	return ENOMEM;
    }
    krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE);

    RCHECK(ret, krb5_store_int8(sp, KRB_PROT_VERSION), error);
    RCHECK(ret, krb5_store_int8(sp, AUTH_MSG_KDC_REPLY), error);
    RCHECK(ret, put_nir(sp, pname, pinst, prealm), error);
    RCHECK(ret, krb5_store_int32(sp, time_ws), error);
    RCHECK(ret, krb5_store_int8(sp, n), error);
    RCHECK(ret, krb5_store_int32(sp, x_date), error);
    RCHECK(ret, krb5_store_int8(sp, kvno), error);
    RCHECK(ret, krb5_store_int16(sp, cipher->length), error);
    ret = krb5_storage_write(sp, cipher->data, cipher->length);
    if (ret != cipher->length) {
	ret = EINVAL;
	goto error;
    }

    ret = krb5_storage_to_data(sp, data);

 error:
    krb5_storage_free(sp);
    if (ret)
	krb5_set_error_string(context, "Failed to encode kerberos 4 ticket");
	
    return ret;
}
Ejemplo n.º 9
0
static krb5_error_code
krb5_kt_store_data(krb5_context context,
		   krb5_storage *sp,
		   krb5_data data)
{
    int ret;
    ret = krb5_store_int16(sp, data.length);
    if(ret < 0)
	return ret;
    ret = krb5_storage_write(sp, data.data, data.length);
    if(ret != (int)data.length){
	if(ret < 0)
	    return errno;
	return KRB5_KT_END;
    }
    return 0;
}
Ejemplo n.º 10
0
static krb5_error_code
krb5_kt_store_string(krb5_storage *sp,
		     heim_general_string data)
{
    int ret;
    size_t len = strlen(data);
    ret = krb5_store_int16(sp, len);
    if(ret < 0)
	return ret;
    ret = krb5_storage_write(sp, data, len);
    if(ret != (int)len){
	if(ret < 0)
	    return errno;
	return KRB5_KT_END;
    }
    return 0;
}
Ejemplo n.º 11
0
static krb5_error_code
krb5_kt_store_keyblock(krb5_context context,
		       struct fkt_data *fkt,
		       krb5_storage *sp,
		       krb5_keyblock *p)
{
    int ret;

    ret = krb5_store_int16(sp, p->keytype); /* keytype + etype */
    if(ret) {
	krb5_set_error_message(context, ret,
			       N_("Cant store keyblock to file %s", ""),
			       fkt->filename);
	return ret;
    }
    ret = krb5_kt_store_data(context, sp, p->keyvalue);
    if (ret)
	krb5_set_error_message(context, ret,
			       N_("Cant store keyblock to file %s", ""),
			       fkt->filename);
    return ret;
}
Ejemplo n.º 12
0
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_kcm_storage_request(krb5_context context,
			 uint16_t opcode,
			 krb5_storage **storage_p)
{
    krb5_storage *sp;
    krb5_error_code ret;

    *storage_p = NULL;

    sp = krb5_storage_emem();
    if (sp == NULL) {
	krb5_set_error_message(context, KRB5_CC_NOMEM, N_("malloc: out of memory", ""));
	return KRB5_CC_NOMEM;
    }

    /* Send MAJOR | VERSION | OPCODE */
    ret  = krb5_store_int8(sp, KCM_PROTOCOL_VERSION_MAJOR);
    if (ret)
	goto fail;
    ret = krb5_store_int8(sp, KCM_PROTOCOL_VERSION_MINOR);
    if (ret)
	goto fail;
    ret = krb5_store_int16(sp, opcode);
    if (ret)
	goto fail;

    *storage_p = sp;
 fail:
    if (ret) {
	krb5_set_error_message(context, ret,
			       N_("Failed to encode KCM request", ""));
	krb5_storage_free(sp);
    }

    return ret;
}
Ejemplo n.º 13
0
static void
test_int16(krb5_context context, krb5_storage *sp)
{
    krb5_error_code ret;
    int i;
    int16_t val[] = {
	0, 1, -1, 32768, -32767
    }, v;

    krb5_storage_truncate(sp, 0);

    for (i = 0; i < sizeof(val[0])/sizeof(val); i++) {

	ret = krb5_store_int16(sp, val[i]);
	if (ret)
	    krb5_err(context, 1, ret, "krb5_store_int16");
	krb5_storage_seek(sp, 0, SEEK_SET);
	ret = krb5_ret_int16(sp, &v);
	if (ret)
	    krb5_err(context, 1, ret, "krb5_ret_int16");
	if (v != val[i])
	    krb5_errx(context, 1, "store and ret mismatch");
    }
}
Ejemplo n.º 14
0
static krb5_error_code
kcm_storage_request(krb5_context context,
		    kcm_operation opcode,
		    krb5_storage **storage_p)
{
    krb5_storage *sp;
    krb5_error_code ret;

    *storage_p = NULL;

    sp = krb5_storage_emem();
    if (sp == NULL) {
	krb5_set_error_string(context, "malloc: out of memory");
	return KRB5_CC_NOMEM;
    }

    /* Send MAJOR | VERSION | OPCODE */
    ret  = krb5_store_int8(sp, KCM_PROTOCOL_VERSION_MAJOR);
    if (ret)
	goto fail;
    ret = krb5_store_int8(sp, KCM_PROTOCOL_VERSION_MINOR);
    if (ret)
	goto fail;
    ret = krb5_store_int16(sp, opcode);
    if (ret)
	goto fail;

    *storage_p = sp;
 fail:
    if (ret) {
	krb5_set_error_string(context, "Failed to encode request");
	krb5_storage_free(sp);
    }
   
    return ret; 
}
Ejemplo n.º 15
0
OM_uint32 GSSAPI_CALLCONV
_gsskrb5_export_sec_context (
    OM_uint32 * minor_status,
    gss_ctx_id_t * context_handle,
    gss_buffer_t interprocess_token
)
{
    krb5_context context;
    const gsskrb5_ctx ctx = (const gsskrb5_ctx) *context_handle;
    krb5_storage *sp;
    krb5_auth_context ac;
    OM_uint32 ret = GSS_S_COMPLETE;
    krb5_data data;
    gss_buffer_desc buffer;
    int flags;
    OM_uint32 minor;
    krb5_error_code kret;

    GSSAPI_KRB5_INIT (&context);

    HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);

    if (!(ctx->flags & GSS_C_TRANS_FLAG)) {
        HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
        *minor_status = 0;
        return GSS_S_UNAVAILABLE;
    }

    sp = krb5_storage_emem ();
    if (sp == NULL) {
        HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
        *minor_status = ENOMEM;
        return GSS_S_FAILURE;
    }
    ac = ctx->auth_context;

    /* flagging included fields */

    flags = 0;
    if (ac->local_address)
        flags |= SC_LOCAL_ADDRESS;
    if (ac->remote_address)
        flags |= SC_REMOTE_ADDRESS;
    if (ac->keyblock)
        flags |= SC_KEYBLOCK;
    if (ac->local_subkey)
        flags |= SC_LOCAL_SUBKEY;
    if (ac->remote_subkey)
        flags |= SC_REMOTE_SUBKEY;

    kret = krb5_store_int32 (sp, flags);
    if (kret) {
        *minor_status = kret;
        goto failure;
    }

    /* marshall auth context */

    kret = krb5_store_int32 (sp, ac->flags);
    if (kret) {
        *minor_status = kret;
        goto failure;
    }
    if (ac->local_address) {
        kret = krb5_store_address (sp, *ac->local_address);
        if (kret) {
            *minor_status = kret;
            goto failure;
        }
    }
    if (ac->remote_address) {
        kret = krb5_store_address (sp, *ac->remote_address);
        if (kret) {
            *minor_status = kret;
            goto failure;
        }
    }
    kret = krb5_store_int16 (sp, ac->local_port);
    if (kret) {
        *minor_status = kret;
        goto failure;
    }
    kret = krb5_store_int16 (sp, ac->remote_port);
    if (kret) {
        *minor_status = kret;
        goto failure;
    }
    if (ac->keyblock) {
        kret = krb5_store_keyblock (sp, *ac->keyblock);
        if (kret) {
            *minor_status = kret;
            goto failure;
        }
    }
    if (ac->local_subkey) {
        kret = krb5_store_keyblock (sp, *ac->local_subkey);
        if (kret) {
            *minor_status = kret;
            goto failure;
        }
    }
    if (ac->remote_subkey) {
        kret = krb5_store_keyblock (sp, *ac->remote_subkey);
        if (kret) {
            *minor_status = kret;
            goto failure;
        }
    }
    kret = krb5_store_int32 (sp, ac->local_seqnumber);
    if (kret) {
        *minor_status = kret;
        goto failure;
    }
    kret = krb5_store_int32 (sp, ac->remote_seqnumber);
    if (kret) {
        *minor_status = kret;
        goto failure;
    }

    kret = krb5_store_int32 (sp, ac->keytype);
    if (kret) {
        *minor_status = kret;
        goto failure;
    }
    kret = krb5_store_int32 (sp, ac->cksumtype);
    if (kret) {
        *minor_status = kret;
        goto failure;
    }

    /* names */

    ret = _gsskrb5_export_name (minor_status,
                                (gss_name_t)ctx->source, &buffer);
    if (ret)
        goto failure;
    data.data   = buffer.value;
    data.length = buffer.length;
    kret = krb5_store_data (sp, data);
    _gsskrb5_release_buffer (&minor, &buffer);
    if (kret) {
        *minor_status = kret;
        goto failure;
    }

    ret = _gsskrb5_export_name (minor_status,
                                (gss_name_t)ctx->target, &buffer);
    if (ret)
        goto failure;
    data.data   = buffer.value;
    data.length = buffer.length;

    ret = GSS_S_FAILURE;

    kret = krb5_store_data (sp, data);
    _gsskrb5_release_buffer (&minor, &buffer);
    if (kret) {
        *minor_status = kret;
        goto failure;
    }

    kret = krb5_store_int32 (sp, ctx->flags);
    if (kret) {
        *minor_status = kret;
        goto failure;
    }
    kret = krb5_store_int32 (sp, ctx->more_flags);
    if (kret) {
        *minor_status = kret;
        goto failure;
    }
    kret = krb5_store_int32 (sp, ctx->lifetime);
    if (kret) {
        *minor_status = kret;
        goto failure;
    }
    kret = _gssapi_msg_order_export(sp, ctx->order);
    if (kret ) {
        *minor_status = kret;
        goto failure;
    }

    kret = krb5_storage_to_data (sp, &data);
    krb5_storage_free (sp);
    if (kret) {
        HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
        *minor_status = kret;
        return GSS_S_FAILURE;
    }
    interprocess_token->length = data.length;
    interprocess_token->value  = data.data;
    HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
    ret = _gsskrb5_delete_sec_context (minor_status, context_handle,
                                       GSS_C_NO_BUFFER);
    if (ret != GSS_S_COMPLETE)
        _gsskrb5_release_buffer (NULL, interprocess_token);
    *minor_status = 0;
    return ret;
failure:
    HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
    krb5_storage_free (sp);
    return ret;
}
Ejemplo n.º 16
0
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_store_uint16(krb5_storage *sp,
		  uint16_t value)
{
    return krb5_store_int16(sp, (int16_t)value);
}