Exemple #1
0
krb5_error_code
krb5_auth_con_setaddrs(krb5_context context, krb5_auth_context auth_context, krb5_address *local_addr, krb5_address *remote_addr)
{
    krb5_error_code     retval;

    /* Free old addresses */
    if (auth_context->local_addr)
        (void) krb5_free_address(context, auth_context->local_addr);
    if (auth_context->remote_addr)
        (void) krb5_free_address(context, auth_context->remote_addr);

    retval = 0;
    if (local_addr)
        retval = krb5_copy_addr(context,
                                local_addr,
                                &auth_context->local_addr);
    else
        auth_context->local_addr = NULL;

    if (!retval && remote_addr)
        retval = krb5_copy_addr(context,
                                remote_addr,
                                &auth_context->remote_addr);
    else
        auth_context->remote_addr = NULL;

    return retval;
}
Exemple #2
0
krb5_error_code KRB5_CALLCONV
krb5_auth_con_setports(krb5_context context, krb5_auth_context auth_context, krb5_address *local_port, krb5_address *remote_port)
{
    krb5_error_code     retval;

    /* Free old addresses */
    if (auth_context->local_port)
        (void) krb5_free_address(context, auth_context->local_port);
    if (auth_context->remote_port)
        (void) krb5_free_address(context, auth_context->remote_port);

    retval = 0;
    if (local_port)
        retval = krb5_copy_addr(context,
                                local_port,
                                &auth_context->local_port);
    else
        auth_context->local_port = NULL;

    if (!retval && remote_port)
        retval = krb5_copy_addr(context,
                                remote_port,
                                &auth_context->remote_port);
    else
        auth_context->remote_port = NULL;

    return retval;
}
/*
 * Convert an IPv4 or IPv6 socket address to a newly allocated krb5_address.
 * There is similar code elsewhere in the tree, so this should possibly become
 * a libkrb5 API in the future.
 */
krb5_error_code
sockaddr2krbaddr(krb5_context context, int family, struct sockaddr *sa,
		 krb5_address **dest)
{
    krb5_address addr;

    addr.magic = KV5M_ADDRESS;
    if (family == AF_INET) {
	struct sockaddr_in *sa4 = (struct sockaddr_in *) sa;
	addr.addrtype = ADDRTYPE_INET;
	addr.length = sizeof(sa4->sin_addr);
	addr.contents = (krb5_octet *) &sa4->sin_addr;
    } else if (family == AF_INET6) {
	struct sockaddr_in6 *sa6 = (struct sockaddr_in6 *) sa;
        if (IN6_IS_ADDR_V4MAPPED(&sa6->sin6_addr)) {
            addr.addrtype = ADDRTYPE_INET;
            addr.contents = (krb5_octet *) &sa6->sin6_addr + 12;
            addr.length = 4;
        } else {
	    addr.addrtype = ADDRTYPE_INET6;
	    addr.length = sizeof(sa6->sin6_addr);
	    addr.contents = (krb5_octet *) &sa6->sin6_addr;
	}
    } else
	return KRB5_PROG_ATYPE_NOSUPP;

    return krb5_copy_addr(context, &addr, dest);
}
Exemple #4
0
/*
 * Copy an address array, with fresh allocation.
 */
krb5_error_code KRB5_CALLCONV
krb5_copy_addresses(krb5_context context, krb5_address *const *inaddr, krb5_address ***outaddr)
{
    krb5_error_code retval;
    krb5_address ** tempaddr;
    register unsigned int nelems = 0;

    if (!inaddr) {
        *outaddr = 0;
        return 0;
    }

    while (inaddr[nelems]) nelems++;

    /* one more for a null terminated list */
    if (!(tempaddr = (krb5_address **) calloc(nelems+1, sizeof(*tempaddr))))
        return ENOMEM;

    for (nelems = 0; inaddr[nelems]; nelems++) {
        retval = krb5_copy_addr(context, inaddr[nelems], &tempaddr[nelems]);
        if (retval) {
            krb5_free_addresses(context, tempaddr);
            return retval;
        }
    }

    *outaddr = tempaddr;
    return 0;
}
Exemple #5
0
krb5_error_code KRB5_CALLCONV
krb5_auth_con_getaddrs(krb5_context context, krb5_auth_context auth_context, krb5_address **local_addr, krb5_address **remote_addr)
{
    krb5_error_code     retval;

    retval = 0;
    if (local_addr && auth_context->local_addr) {
        retval = krb5_copy_addr(context,
                                auth_context->local_addr,
                                local_addr);
    }
    if (!retval && (remote_addr) && auth_context->remote_addr) {
        retval = krb5_copy_addr(context,
                                auth_context->remote_addr,
                                remote_addr);
    }
    return retval;
}
Exemple #6
0
static krb5_error_code
krb5_mk_ncred_basic(krb5_context context,
                    krb5_creds **ppcreds, krb5_int32 nppcreds,
                    krb5_key key, krb5_replay_data *replaydata,
                    krb5_address *local_addr, krb5_address *remote_addr,
                    krb5_cred *pcred)
{
    krb5_cred_enc_part    credenc;
    krb5_error_code       retval;
    size_t                size;
    int                   i;

    credenc.magic = KV5M_CRED_ENC_PART;

    credenc.s_address = 0;
    credenc.r_address = 0;
    if (local_addr) krb5_copy_addr(context, local_addr, &credenc.s_address);
    if (remote_addr) krb5_copy_addr(context, remote_addr, &credenc.r_address);

    credenc.nonce = replaydata->seq;
    credenc.usec = replaydata->usec;
    credenc.timestamp = replaydata->timestamp;

    /* Get memory for creds and initialize it */
    size = sizeof(krb5_cred_info *) * (nppcreds + 1);
    credenc.ticket_info = (krb5_cred_info **) calloc(1, size);
    if (credenc.ticket_info == NULL)
        return ENOMEM;

    /*
     * For each credential in the list, initialize a cred info
     * structure and copy the ticket into the ticket list.
     */
    for (i = 0; i < nppcreds; i++) {
        credenc.ticket_info[i] = calloc(1, sizeof(krb5_cred_info));
        if (credenc.ticket_info[i] == NULL) {
            retval = ENOMEM;
            goto cleanup;
        }
        credenc.ticket_info[i+1] = NULL;

        credenc.ticket_info[i]->magic = KV5M_CRED_INFO;
        credenc.ticket_info[i]->times = ppcreds[i]->times;
        credenc.ticket_info[i]->flags = ppcreds[i]->ticket_flags;

        if ((retval = decode_krb5_ticket(&ppcreds[i]->ticket,
                                         &pcred->tickets[i])))
            goto cleanup;

        if ((retval = krb5_copy_keyblock(context, &ppcreds[i]->keyblock,
                                         &credenc.ticket_info[i]->session)))
            goto cleanup;

        if ((retval = krb5_copy_principal(context, ppcreds[i]->client,
                                          &credenc.ticket_info[i]->client)))
            goto cleanup;

        if ((retval = krb5_copy_principal(context, ppcreds[i]->server,
                                          &credenc.ticket_info[i]->server)))
            goto cleanup;

        if ((retval = krb5_copy_addresses(context, ppcreds[i]->addresses,
                                          &credenc.ticket_info[i]->caddrs)))
            goto cleanup;
    }

    /*
     * NULL terminate the lists.
     */
    pcred->tickets[i] = NULL;

    /* encrypt the credential encrypted part */
    retval = encrypt_credencpart(context, &credenc, key, &pcred->enc_part);

cleanup:
    krb5_free_cred_enc_part(context, &credenc);
    return retval;
}