krb5_error_code
krb5_auth_con_setaddrs(krb5_context context, krb5_auth_context auth_context, krb5_address *local_addr, krb5_address *remote_addr)
{
krb5_error_code retval;
/* Free old addresses */
if (auth_context->local_addr)
(void) krb5_free_address(context, auth_context->local_addr);
if (auth_context->remote_addr)
(void) krb5_free_address(context, auth_context->remote_addr);
retval = 0;
if (local_addr)
retval = krb5_copy_addr(context,
local_addr,
&auth_context->local_addr);
else
auth_context->local_addr = NULL;
if (!retval && remote_addr)
retval = krb5_copy_addr(context,
remote_addr,
&auth_context->remote_addr);
else
auth_context->remote_addr = NULL;
return retval;
}
krb5_error_code KRB5_CALLCONV
krb5_auth_con_setports(krb5_context context, krb5_auth_context auth_context, krb5_address *local_port, krb5_address *remote_port)
{
krb5_error_code retval;
/* Free old addresses */
if (auth_context->local_port)
(void) krb5_free_address(context, auth_context->local_port);
if (auth_context->remote_port)
(void) krb5_free_address(context, auth_context->remote_port);
retval = 0;
if (local_port)
retval = krb5_copy_addr(context,
local_port,
&auth_context->local_port);
else
auth_context->local_port = NULL;
if (!retval && remote_port)
retval = krb5_copy_addr(context,
remote_port,
&auth_context->remote_port);
else
auth_context->remote_port = NULL;
return retval;
}
/*
* Convert an IPv4 or IPv6 socket address to a newly allocated krb5_address.
* There is similar code elsewhere in the tree, so this should possibly become
* a libkrb5 API in the future.
*/
krb5_error_code
sockaddr2krbaddr(krb5_context context, int family, struct sockaddr *sa,
krb5_address **dest)
{
krb5_address addr;
addr.magic = KV5M_ADDRESS;
if (family == AF_INET) {
struct sockaddr_in *sa4 = (struct sockaddr_in *) sa;
addr.addrtype = ADDRTYPE_INET;
addr.length = sizeof(sa4->sin_addr);
addr.contents = (krb5_octet *) &sa4->sin_addr;
} else if (family == AF_INET6) {
struct sockaddr_in6 *sa6 = (struct sockaddr_in6 *) sa;
if (IN6_IS_ADDR_V4MAPPED(&sa6->sin6_addr)) {
addr.addrtype = ADDRTYPE_INET;
addr.contents = (krb5_octet *) &sa6->sin6_addr + 12;
addr.length = 4;
} else {
addr.addrtype = ADDRTYPE_INET6;
addr.length = sizeof(sa6->sin6_addr);
addr.contents = (krb5_octet *) &sa6->sin6_addr;
}
} else
return KRB5_PROG_ATYPE_NOSUPP;
return krb5_copy_addr(context, &addr, dest);
}
/*
* Copy an address array, with fresh allocation.
*/
krb5_error_code KRB5_CALLCONV
krb5_copy_addresses(krb5_context context, krb5_address *const *inaddr, krb5_address ***outaddr)
{
krb5_error_code retval;
krb5_address ** tempaddr;
register unsigned int nelems = 0;
if (!inaddr) {
*outaddr = 0;
return 0;
}
while (inaddr[nelems]) nelems++;
/* one more for a null terminated list */
if (!(tempaddr = (krb5_address **) calloc(nelems+1, sizeof(*tempaddr))))
return ENOMEM;
for (nelems = 0; inaddr[nelems]; nelems++) {
retval = krb5_copy_addr(context, inaddr[nelems], &tempaddr[nelems]);
if (retval) {
krb5_free_addresses(context, tempaddr);
return retval;
}
}
*outaddr = tempaddr;
return 0;
}
krb5_error_code KRB5_CALLCONV
krb5_auth_con_getaddrs(krb5_context context, krb5_auth_context auth_context, krb5_address **local_addr, krb5_address **remote_addr)
{
krb5_error_code retval;
retval = 0;
if (local_addr && auth_context->local_addr) {
retval = krb5_copy_addr(context,
auth_context->local_addr,
local_addr);
}
if (!retval && (remote_addr) && auth_context->remote_addr) {
retval = krb5_copy_addr(context,
auth_context->remote_addr,
remote_addr);
}
return retval;
}
static krb5_error_code
krb5_mk_ncred_basic(krb5_context context,
krb5_creds **ppcreds, krb5_int32 nppcreds,
krb5_key key, krb5_replay_data *replaydata,
krb5_address *local_addr, krb5_address *remote_addr,
krb5_cred *pcred)
{
krb5_cred_enc_part credenc;
krb5_error_code retval;
size_t size;
int i;
credenc.magic = KV5M_CRED_ENC_PART;
credenc.s_address = 0;
credenc.r_address = 0;
if (local_addr) krb5_copy_addr(context, local_addr, &credenc.s_address);
if (remote_addr) krb5_copy_addr(context, remote_addr, &credenc.r_address);
credenc.nonce = replaydata->seq;
credenc.usec = replaydata->usec;
credenc.timestamp = replaydata->timestamp;
/* Get memory for creds and initialize it */
size = sizeof(krb5_cred_info *) * (nppcreds + 1);
credenc.ticket_info = (krb5_cred_info **) calloc(1, size);
if (credenc.ticket_info == NULL)
return ENOMEM;
/*
* For each credential in the list, initialize a cred info
* structure and copy the ticket into the ticket list.
*/
for (i = 0; i < nppcreds; i++) {
credenc.ticket_info[i] = calloc(1, sizeof(krb5_cred_info));
if (credenc.ticket_info[i] == NULL) {
retval = ENOMEM;
goto cleanup;
}
credenc.ticket_info[i+1] = NULL;
credenc.ticket_info[i]->magic = KV5M_CRED_INFO;
credenc.ticket_info[i]->times = ppcreds[i]->times;
credenc.ticket_info[i]->flags = ppcreds[i]->ticket_flags;
if ((retval = decode_krb5_ticket(&ppcreds[i]->ticket,
&pcred->tickets[i])))
goto cleanup;
if ((retval = krb5_copy_keyblock(context, &ppcreds[i]->keyblock,
&credenc.ticket_info[i]->session)))
goto cleanup;
if ((retval = krb5_copy_principal(context, ppcreds[i]->client,
&credenc.ticket_info[i]->client)))
goto cleanup;
if ((retval = krb5_copy_principal(context, ppcreds[i]->server,
&credenc.ticket_info[i]->server)))
goto cleanup;
if ((retval = krb5_copy_addresses(context, ppcreds[i]->addresses,
&credenc.ticket_info[i]->caddrs)))
goto cleanup;
}
/*
* NULL terminate the lists.
*/
pcred->tickets[i] = NULL;
/* encrypt the credential encrypted part */
retval = encrypt_credencpart(context, &credenc, key, &pcred->enc_part);
cleanup:
krb5_free_cred_enc_part(context, &credenc);
return retval;
}
