krb5_error_code
krb5_ldap_parse_principal_name(char *i_princ_name, char **o_princ_name)
{
const char *at_rlm_name, *p;
struct k5buf buf;
at_rlm_name = strrchr(i_princ_name, '@');
if (!at_rlm_name) {
*o_princ_name = strdup(i_princ_name);
if (!*o_princ_name)
return ENOMEM;
} else {
k5_buf_init_dynamic(&buf);
for (p = i_princ_name; p < at_rlm_name; p++) {
if (*p == '@')
k5_buf_add(&buf, "\\");
k5_buf_add_len(&buf, p, 1);
}
k5_buf_add(&buf, at_rlm_name);
*o_princ_name = k5_buf_data(&buf);
if (!*o_princ_name)
return ENOMEM;
}
return 0;
}
static krb5_error_code
read_principal(krb5_context context, krb5_ccache id, krb5_principal *princ)
{
krb5_error_code ret;
struct k5buf buf;
size_t maxsize;
unsigned char *bytes;
*princ = NULL;
k5_cc_mutex_assert_locked(context, &((fcc_data *)id->data)->lock);
k5_buf_init_dynamic(&buf);
/* Read the principal representation into memory. */
ret = get_size(context, id, &maxsize);
if (ret)
goto cleanup;
ret = load_principal(context, id, maxsize, &buf);
if (ret)
goto cleanup;
bytes = (unsigned char *)k5_buf_data(&buf);
if (bytes == NULL) {
ret = ENOMEM;
goto cleanup;
}
/* Unmarshal it from buf into princ. */
ret = k5_unmarshal_princ(bytes, k5_buf_len(&buf), version(id), princ);
cleanup:
k5_free_buf(&buf);
return ret;
}
/* Get the next credential from the cache file. */
static krb5_error_code KRB5_CALLCONV
fcc_next_cred(krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor,
krb5_creds *creds)
{
krb5_error_code ret;
krb5_fcc_cursor *fcursor = *cursor;
fcc_data *data = id->data;
struct k5buf buf;
size_t maxsize;
unsigned char *bytes;
memset(creds, 0, sizeof(*creds));
k5_cc_mutex_lock(context, &data->lock);
MAYBE_OPEN(context, id, FCC_OPEN_RDONLY);
k5_buf_init_dynamic(&buf);
if (fcc_lseek(data, fcursor->pos, SEEK_SET) == -1) {
ret = interpret_errno(context, errno);
goto cleanup;
}
/* Load a marshalled cred into memory. */
ret = get_size(context, id, &maxsize);
if (ret)
return ret;
ret = load_cred(context, id, maxsize, &buf);
if (ret)
goto cleanup;
bytes = (unsigned char *)k5_buf_data(&buf);
if (bytes == NULL) {
ret = ENOMEM;
goto cleanup;
}
/* Unmarshal it from buf into creds. */
fcursor->pos = fcc_lseek(data, 0, SEEK_CUR);
ret = k5_unmarshal_cred(bytes, k5_buf_len(&buf), version(id), creds);
cleanup:
k5_free_buf(&buf);
MAYBE_CLOSE(context, id, ret);
k5_cc_mutex_unlock(context, &data->lock);
return ret;
}
static krb5_error_code
krb5_rc_io_store(krb5_context context, struct dfl_data *t,
krb5_donot_replay *rep)
{
size_t clientlen, serverlen;
ssize_t buflen;
unsigned int len;
krb5_error_code ret;
struct k5buf buf, extbuf;
char *bufptr, *extstr;
clientlen = strlen(rep->client);
serverlen = strlen(rep->server);
if (rep->msghash) {
/*
* Write a hash extension record, to be followed by a record
* in regular format (without the message hash) for the
* benefit of old implementations.
*/
/* Format the extension value so we know its length. */
k5_buf_init_dynamic(&extbuf);
k5_buf_add_fmt(&extbuf, "HASH:%s %lu:%s %lu:%s", rep->msghash,
(unsigned long)clientlen, rep->client,
(unsigned long)serverlen, rep->server);
extstr = k5_buf_data(&extbuf);
if (!extstr)
return KRB5_RC_MALLOC;
/*
* Put the extension value into the server field of a
* regular-format record, with an empty client field.
*/
k5_buf_init_dynamic(&buf);
len = 1;
k5_buf_add_len(&buf, (char *)&len, sizeof(len));
k5_buf_add_len(&buf, "", 1);
len = strlen(extstr) + 1;
k5_buf_add_len(&buf, (char *)&len, sizeof(len));
k5_buf_add_len(&buf, extstr, len);
k5_buf_add_len(&buf, (char *)&rep->cusec, sizeof(rep->cusec));
k5_buf_add_len(&buf, (char *)&rep->ctime, sizeof(rep->ctime));
free(extstr);
} else /* No extension record needed. */
k5_buf_init_dynamic(&buf);
len = clientlen + 1;
k5_buf_add_len(&buf, (char *)&len, sizeof(len));
k5_buf_add_len(&buf, rep->client, len);
len = serverlen + 1;
k5_buf_add_len(&buf, (char *)&len, sizeof(len));
k5_buf_add_len(&buf, rep->server, len);
k5_buf_add_len(&buf, (char *)&rep->cusec, sizeof(rep->cusec));
k5_buf_add_len(&buf, (char *)&rep->ctime, sizeof(rep->ctime));
bufptr = k5_buf_data(&buf);
buflen = k5_buf_len(&buf);
if (bufptr == NULL || buflen < 0)
return KRB5_RC_MALLOC;
ret = krb5_rc_io_write(context, &t->d, bufptr, buflen);
k5_free_buf(&buf);
return ret;
}
static void test_hmac()
{
krb5_keyblock key;
krb5_data in, out;
char outbuf[20];
char stroutbuf[80];
krb5_error_code err;
unsigned int i, j;
int lose = 0;
struct k5buf buf;
/* RFC 2202 test vector. */
static const struct hmac_test md5tests[] = {
{
16, {
0xb, 0xb, 0xb, 0xb, 0xb, 0xb, 0xb, 0xb,
0xb, 0xb, 0xb, 0xb, 0xb, 0xb, 0xb, 0xb,
},
8, "Hi There",
"0x9294727a3638bb1c13f48ef8158bfc9d"
},
{
4, "Jefe",
28, "what do ya want for nothing?",
"0x750c783e6ab0b503eaa86e310a5db738"
},
{
16, {
0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa
},
50, {
0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
},
"0x56be34521d144c88dbb8c733f0e8b3f6"
},
{
25, {
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a,
0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14,
0x15, 0x16, 0x17, 0x18, 0x19
},
50, {
0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
},
"0x697eaf0aca3a3aea3a75164746ffaa79"
},
{
16, {
0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c
},
20, "Test With Truncation",
"0x56461ef2342edc00f9bab995690efd4c"
},
{
80, {
0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
},
54, "Test Using Larger Than Block-Size Key - Hash Key First",
"0x6b1ab7fe4bd7bf8f0b62e6ce61b9d0cd"
},
{
80, {
0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
},
73,
"Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data",
"0x6f630fad67cda0ee1fb1f562db3aa53e"
},
};
for (i = 0; i < sizeof(md5tests)/sizeof(md5tests[0]); i++) {
key.contents = md5tests[i].key;
key.length = md5tests[i].key_len;
in.data = md5tests[i].data;
in.length = md5tests[i].data_len;
out.data = outbuf;
out.length = 20;
printf("\nTest #%d:\n", i+1);
err = hmac1(&krb5int_hash_md5, &key, &in, &out);
if (err) {
com_err(whoami, err, "computing hmac");
exit(1);
}
k5_buf_init_fixed(&buf, stroutbuf, sizeof(stroutbuf));
k5_buf_add(&buf, "0x");
for (j = 0; j < out.length; j++)
k5_buf_add_fmt(&buf, "%02x", 0xff & outbuf[j]);
if (k5_buf_data(&buf) == NULL)
abort();
if (strcmp(stroutbuf, md5tests[i].hexdigest)) {
printf("*** CHECK FAILED!\n"
"\tReturned: %s.\n"
"\tExpected: %s.\n", stroutbuf, md5tests[i].hexdigest);
lose++;
} else
printf("Matches expected result.\n");
}
/* Do again with SHA-1 tests.... */
if (lose) {
printf("%d failures; exiting.\n", lose);
exit(1);
}
}
