static krb5_error_code k5_get_kdc_issued_authdata(krb5_context kcontext, const krb5_ap_req *ap_req, krb5_principal *kdc_issuer, krb5_authdata ***kdc_issued_authdata) { krb5_error_code code; krb5_authdata **authdata; krb5_authdata **ticket_authdata; *kdc_issuer = NULL; *kdc_issued_authdata = NULL; ticket_authdata = ap_req->ticket->enc_part2->authorization_data; code = krb5int_find_authdata(kcontext, ticket_authdata, NULL, KRB5_AUTHDATA_KDC_ISSUED, &authdata); if (code != 0 || authdata == NULL) return code; /* * Note: a module must still implement a verify_authdata * method, even it is a NOOP that simply records the value * of the kdc_issued_flag. */ code = krb5_verify_authdata_kdc_issued(kcontext, ap_req->ticket->enc_part2->session, authdata[0], kdc_issuer, kdc_issued_authdata); assert(code == 0 || *kdc_issued_authdata == NULL); krb5_free_authdata(kcontext, authdata); return code; }
int main() { krb5_context context; krb5_authdata **results; krb5_authdata *container[2]; krb5_authdata **container_out; krb5_authdata **kdci; assert(krb5_init_context(&context) == 0); assert(krb5_merge_authdata(context, adseq1, adseq2, &results) == 0); compare_authdata(results[0], &ad1); compare_authdata( results[1], &ad2); compare_authdata(results[2], &ad4); compare_authdata( results[3], &ad3); assert(results[4] == NULL); krb5_free_authdata(context, results); container[0] = &ad3; container[1] = NULL; assert(krb5_encode_authdata_container( context, KRB5_AUTHDATA_IF_RELEVANT, container, &container_out) == 0); assert(krb5int_find_authdata(context, adseq1, container_out, 22, &results) == 0); compare_authdata(&ad1, results[0]); compare_authdata( results[1], &ad4); compare_authdata( results[2], &ad3); assert( results[3] == NULL); krb5_free_authdata(context, container_out); assert(krb5_make_authdata_kdc_issued(context, &key, NULL, results, &kdci) == 0); assert(krb5_verify_authdata_kdc_issued(context, &key, kdci[0], NULL, &container_out) == 0); compare_authdata(container_out[0], results[0]); compare_authdata(container_out[1], results[1]); compare_authdata(container_out[2], results[2]); krb5_free_authdata(context, kdci); krb5_free_authdata(context, results); krb5_free_authdata(context, container_out); krb5_free_context(context); return 0; }