C++ (Cpp) krb5_kdcpreauth_callbacks::client_keys Exemples

Langage de programmation: C++ (Cpp)

Méthode/Fonction: client_keys

Exemples au hotexamples.com: 2

C++ (Cpp) krb5_kdcpreauth_callbacks::client_keys - 2 exemples trouvés. Ce sont les exemples réels les mieux notés de krb5_kdcpreauth_callbacks::client_keys extraits de projets open source. Vous pouvez noter les exemples pour nous aider à en améliorer la qualité.

Méthodes fréquemment utilisées

Afficher Cacher

fast_armor(7)

client_entry(2)

client_keys(2)

free_keys(2)

free_string(2)

get_string(2)

event_context(1)

have_client_keys(1)

Méthodes fréquemment utilisées

fast_armor (7)

client_entry (2)

client_keys (2)

free_keys (2)

free_string (2)

get_string (2)

event_context (1)

have_client_keys (1)

Exemple #1

0

Afficher le fichier

Fichier : securid_sam2_main.c Projet : Akasurde/krb5

static void kdc_include_padata(krb5_context context, krb5_kdc_req *request, krb5_kdcpreauth_callbacks cb, krb5_kdcpreauth_rock rock, krb5_kdcpreauth_moddata moddata, krb5_preauthtype pa_type, krb5_kdcpreauth_edata_respond_fn respond, void *arg) { krb5_error_code retval; krb5_keyblock *client_key = NULL; krb5_sam_challenge_2 sc2; int sam_type = 0; /* unknown */ krb5_db_entry *sam_db_entry = NULL, *client; krb5_data *encoded_challenge = NULL; krb5_pa_data *pa_data = NULL; memset(&sc2, 0, sizeof(sc2)); client = cb->client_entry(context, rock); retval = sam_get_db_entry(context, client->princ, &sam_type, &sam_db_entry); if (retval) goto cleanup; retval = cb->client_keys(context, rock, &client_key); if (retval) goto cleanup; if (client_key->enctype == 0) { retval = KRB5KDC_ERR_ETYPE_NOSUPP; com_err("krb5kdc", retval, "No client keys found in processing SAM2 challenge"); goto cleanup; } if (sam_type == 0) { retval = KRB5_PREAUTH_BAD_TYPE; goto cleanup; } /* * Defer getting the key for the SAM principal associated with the client * until the mechanism-specific code. The mechanism may want to get a * specific keytype. */ switch (sam_type) { #ifdef ARL_SECURID_PREAUTH case PA_SAM_TYPE_SECURID: retval = get_securid_edata_2(context, client, client_key, &sc2); if (retval) goto cleanup; break; #endif /* ARL_SECURID_PREAUTH */ #ifdef GRAIL_PREAUTH case PA_SAM_TYPE_GRAIL: retval = get_grail_edata(context, client, client_key, &sc2); if (retval) goto cleanup; break; #endif /* GRAIL_PREAUTH */ default: retval = KRB5_PREAUTH_BAD_TYPE; goto cleanup; } retval = encode_krb5_sam_challenge_2(&sc2, &encoded_challenge); if (retval) { com_err("krb5kdc", retval, "while encoding SECURID SAM_CHALLENGE_2"); goto cleanup; } pa_data = k5alloc(sizeof(*pa_data), &retval); if (pa_data == NULL) goto cleanup; pa_data->magic = KV5M_PA_DATA; pa_data->pa_type = KRB5_PADATA_SAM_CHALLENGE_2; pa_data->contents = (krb5_octet *)encoded_challenge->data; pa_data->length = encoded_challenge->length; encoded_challenge->data = NULL; cleanup: krb5_free_data(context, encoded_challenge); if (sam_db_entry) krb5_db_free_principal(context, sam_db_entry); cb->free_keys(context, rock, client_key); (*respond)(arg, retval, pa_data); }

Exemple #2

0

Afficher le fichier

Fichier : kdc_preauth_ec.c Projet : ln5/krb5-anonsvn

static void ec_verify(krb5_context context, krb5_data *req_pkt, krb5_kdc_req *request, krb5_enc_tkt_part *enc_tkt_reply, krb5_pa_data *data, krb5_kdcpreauth_callbacks cb, krb5_kdcpreauth_rock rock, krb5_kdcpreauth_moddata moddata, krb5_kdcpreauth_verify_respond_fn respond, void *arg) { krb5_error_code retval = 0; krb5_timestamp now; krb5_enc_data *enc = NULL; krb5_data scratch, plain; krb5_keyblock *armor_key = cb->fast_armor(context, rock); krb5_pa_enc_ts *ts = NULL; krb5_keyblock *client_keys = NULL; krb5_keyblock *challenge_key = NULL; krb5_keyblock *kdc_challenge_key; krb5_kdcpreauth_modreq modreq = NULL; int i = 0; plain.data = NULL; if (armor_key == NULL) { retval = ENOENT; krb5_set_error_message(context, ENOENT, _("Encrypted Challenge used outside of FAST " "tunnel")); } scratch.data = (char *) data->contents; scratch.length = data->length; if (retval == 0) retval = decode_krb5_enc_data(&scratch, &enc); if (retval == 0) { plain.data = malloc(enc->ciphertext.length); plain.length = enc->ciphertext.length; if (plain.data == NULL) retval = ENOMEM; } if (retval == 0) retval = cb->client_keys(context, rock, &client_keys); if (retval == 0) { for (i = 0; client_keys[i].enctype&& (retval == 0); i++ ) { retval = krb5_c_fx_cf2_simple(context, armor_key, "clientchallengearmor", &client_keys[i], "challengelongterm", &challenge_key); if (retval == 0) retval = krb5_c_decrypt(context, challenge_key, KRB5_KEYUSAGE_ENC_CHALLENGE_CLIENT, NULL, enc, &plain); if (challenge_key) krb5_free_keyblock(context, challenge_key); challenge_key = NULL; if (retval == 0) break; /*We failed to decrypt. Try next key*/ retval = 0; } if (client_keys[i].enctype == 0) { retval = KRB5KDC_ERR_PREAUTH_FAILED; krb5_set_error_message(context, retval, _("Incorrect password in encrypted " "challenge")); } } if (retval == 0) retval = decode_krb5_pa_enc_ts(&plain, &ts); if (retval == 0) retval = krb5_timeofday(context, &now); if (retval == 0) { if (labs(now-ts->patimestamp) < context->clockskew) { enc_tkt_reply->flags |= TKT_FLG_PRE_AUTH; /* * If this fails, we won't generate a reply to the client. That * may cause the client to fail, but at this point the KDC has * considered this a success, so the return value is ignored. */ if (krb5_c_fx_cf2_simple(context, armor_key, "kdcchallengearmor", &client_keys[i], "challengelongterm", &kdc_challenge_key) == 0) modreq = (krb5_kdcpreauth_modreq)kdc_challenge_key; } else { /*skew*/ retval = KRB5KRB_AP_ERR_SKEW; } } cb->free_keys(context, rock, client_keys); if (plain.data) free(plain.data); if (enc) krb5_free_enc_data(context, enc); if (ts) krb5_free_pa_enc_ts(context, ts); (*respond)(arg, retval, modreq, NULL, NULL); }