krb5_error_code krb5_auth_con_setaddrs(krb5_context context, krb5_auth_context auth_context, krb5_address *local_addr, krb5_address *remote_addr) { krb5_error_code retval; /* Free old addresses */ if (auth_context->local_addr) (void) krb5_free_address(context, auth_context->local_addr); if (auth_context->remote_addr) (void) krb5_free_address(context, auth_context->remote_addr); retval = 0; if (local_addr) retval = krb5_copy_addr(context, local_addr, &auth_context->local_addr); else auth_context->local_addr = NULL; if (!retval && remote_addr) retval = krb5_copy_addr(context, remote_addr, &auth_context->remote_addr); else auth_context->remote_addr = NULL; return retval; }
krb5_error_code KRB5_CALLCONV krb5_auth_con_setports(krb5_context context, krb5_auth_context auth_context, krb5_address *local_port, krb5_address *remote_port) { krb5_error_code retval; /* Free old addresses */ if (auth_context->local_port) (void) krb5_free_address(context, auth_context->local_port); if (auth_context->remote_port) (void) krb5_free_address(context, auth_context->remote_port); retval = 0; if (local_port) retval = krb5_copy_addr(context, local_port, &auth_context->local_port); else auth_context->local_port = NULL; if (!retval && remote_port) retval = krb5_copy_addr(context, remote_port, &auth_context->remote_port); else auth_context->remote_port = NULL; return retval; }
/* * Convert an IPv4 or IPv6 socket address to a newly allocated krb5_address. * There is similar code elsewhere in the tree, so this should possibly become * a libkrb5 API in the future. */ krb5_error_code sockaddr2krbaddr(krb5_context context, int family, struct sockaddr *sa, krb5_address **dest) { krb5_address addr; addr.magic = KV5M_ADDRESS; if (family == AF_INET) { struct sockaddr_in *sa4 = (struct sockaddr_in *) sa; addr.addrtype = ADDRTYPE_INET; addr.length = sizeof(sa4->sin_addr); addr.contents = (krb5_octet *) &sa4->sin_addr; } else if (family == AF_INET6) { struct sockaddr_in6 *sa6 = (struct sockaddr_in6 *) sa; if (IN6_IS_ADDR_V4MAPPED(&sa6->sin6_addr)) { addr.addrtype = ADDRTYPE_INET; addr.contents = (krb5_octet *) &sa6->sin6_addr + 12; addr.length = 4; } else { addr.addrtype = ADDRTYPE_INET6; addr.length = sizeof(sa6->sin6_addr); addr.contents = (krb5_octet *) &sa6->sin6_addr; } } else return KRB5_PROG_ATYPE_NOSUPP; return krb5_copy_addr(context, &addr, dest); }
/* * Copy an address array, with fresh allocation. */ krb5_error_code KRB5_CALLCONV krb5_copy_addresses(krb5_context context, krb5_address *const *inaddr, krb5_address ***outaddr) { krb5_error_code retval; krb5_address ** tempaddr; register unsigned int nelems = 0; if (!inaddr) { *outaddr = 0; return 0; } while (inaddr[nelems]) nelems++; /* one more for a null terminated list */ if (!(tempaddr = (krb5_address **) calloc(nelems+1, sizeof(*tempaddr)))) return ENOMEM; for (nelems = 0; inaddr[nelems]; nelems++) { retval = krb5_copy_addr(context, inaddr[nelems], &tempaddr[nelems]); if (retval) { krb5_free_addresses(context, tempaddr); return retval; } } *outaddr = tempaddr; return 0; }
krb5_error_code KRB5_CALLCONV krb5_auth_con_getaddrs(krb5_context context, krb5_auth_context auth_context, krb5_address **local_addr, krb5_address **remote_addr) { krb5_error_code retval; retval = 0; if (local_addr && auth_context->local_addr) { retval = krb5_copy_addr(context, auth_context->local_addr, local_addr); } if (!retval && (remote_addr) && auth_context->remote_addr) { retval = krb5_copy_addr(context, auth_context->remote_addr, remote_addr); } return retval; }
static krb5_error_code krb5_mk_ncred_basic(krb5_context context, krb5_creds **ppcreds, krb5_int32 nppcreds, krb5_key key, krb5_replay_data *replaydata, krb5_address *local_addr, krb5_address *remote_addr, krb5_cred *pcred) { krb5_cred_enc_part credenc; krb5_error_code retval; size_t size; int i; credenc.magic = KV5M_CRED_ENC_PART; credenc.s_address = 0; credenc.r_address = 0; if (local_addr) krb5_copy_addr(context, local_addr, &credenc.s_address); if (remote_addr) krb5_copy_addr(context, remote_addr, &credenc.r_address); credenc.nonce = replaydata->seq; credenc.usec = replaydata->usec; credenc.timestamp = replaydata->timestamp; /* Get memory for creds and initialize it */ size = sizeof(krb5_cred_info *) * (nppcreds + 1); credenc.ticket_info = (krb5_cred_info **) calloc(1, size); if (credenc.ticket_info == NULL) return ENOMEM; /* * For each credential in the list, initialize a cred info * structure and copy the ticket into the ticket list. */ for (i = 0; i < nppcreds; i++) { credenc.ticket_info[i] = calloc(1, sizeof(krb5_cred_info)); if (credenc.ticket_info[i] == NULL) { retval = ENOMEM; goto cleanup; } credenc.ticket_info[i+1] = NULL; credenc.ticket_info[i]->magic = KV5M_CRED_INFO; credenc.ticket_info[i]->times = ppcreds[i]->times; credenc.ticket_info[i]->flags = ppcreds[i]->ticket_flags; if ((retval = decode_krb5_ticket(&ppcreds[i]->ticket, &pcred->tickets[i]))) goto cleanup; if ((retval = krb5_copy_keyblock(context, &ppcreds[i]->keyblock, &credenc.ticket_info[i]->session))) goto cleanup; if ((retval = krb5_copy_principal(context, ppcreds[i]->client, &credenc.ticket_info[i]->client))) goto cleanup; if ((retval = krb5_copy_principal(context, ppcreds[i]->server, &credenc.ticket_info[i]->server))) goto cleanup; if ((retval = krb5_copy_addresses(context, ppcreds[i]->addresses, &credenc.ticket_info[i]->caddrs))) goto cleanup; } /* * NULL terminate the lists. */ pcred->tickets[i] = NULL; /* encrypt the credential encrypted part */ retval = encrypt_credencpart(context, &credenc, key, &pcred->enc_part); cleanup: krb5_free_cred_enc_part(context, &credenc); return retval; }