krb5_error_code KRB5_CALLCONV
krb5_copy_authenticator(krb5_context context, const krb5_authenticator *authfrom, krb5_authenticator **authto)
{
krb5_error_code retval;
krb5_authenticator *tempto;
if (!(tempto = (krb5_authenticator *)MALLOC(sizeof(*tempto))))
return ENOMEM;
#ifdef HAVE_C_STRUCTURE_ASSIGNMENT
*tempto = *authfrom;
#else
(void) memcpy(tempto, authfrom, sizeof(krb5_authenticator));
#endif
retval = krb5_copy_principal(context, authfrom->client, &tempto->client);
if (retval) {
krb5_xfree_wrap(tempto, sizeof(*tempto));
return retval;
}
if (authfrom->checksum &&
(retval = krb5_copy_checksum(context, authfrom->checksum, &tempto->checksum))) {
krb5_free_principal(context, tempto->client);
krb5_xfree_wrap(tempto, sizeof(*tempto));
return retval;
}
if (authfrom->subkey) {
retval = krb5_copy_keyblock(context, authfrom->subkey, &tempto->subkey);
if (retval) {
krb5_xfree_wrap(tempto->subkey, sizeof(krb5_keyblock));
krb5_free_checksum(context, tempto->checksum);
krb5_free_principal(context, tempto->client);
krb5_xfree_wrap(tempto, sizeof(*tempto));
return retval;
}
}
if (authfrom->authorization_data) {
retval = krb5_copy_authdata(context, authfrom->authorization_data,
&tempto->authorization_data);
if (retval) {
krb5_xfree_wrap(tempto->subkey, sizeof(krb5_keyblock));
krb5_free_checksum(context, tempto->checksum);
krb5_free_principal(context, tempto->client);
krb5_free_authdata(context, tempto->authorization_data);
krb5_xfree_wrap(tempto, sizeof(*tempto));
return retval;
}
}
*authto = tempto;
return 0;
}
krb5_error_code KRB5_CALLCONV
krb5_copy_authenticator(krb5_context context, const krb5_authenticator *authfrom,
krb5_authenticator **authto)
{
krb5_error_code retval;
krb5_authenticator *tempto;
if (!(tempto = (krb5_authenticator *)malloc(sizeof(*tempto))))
return ENOMEM;
*tempto = *authfrom;
retval = krb5_copy_principal(context, authfrom->client, &tempto->client);
if (retval) {
free(tempto);
return retval;
}
if (authfrom->checksum &&
(retval = krb5_copy_checksum(context, authfrom->checksum, &tempto->checksum))) {
krb5_free_principal(context, tempto->client);
free(tempto);
return retval;
}
if (authfrom->subkey) {
retval = krb5_copy_keyblock(context, authfrom->subkey, &tempto->subkey);
if (retval) {
free(tempto->subkey);
krb5_free_checksum(context, tempto->checksum);
krb5_free_principal(context, tempto->client);
free(tempto);
return retval;
}
}
if (authfrom->authorization_data) {
retval = krb5_copy_authdata(context, authfrom->authorization_data,
&tempto->authorization_data);
if (retval) {
free(tempto->subkey);
krb5_free_checksum(context, tempto->checksum);
krb5_free_principal(context, tempto->client);
krb5_free_authdata(context, tempto->authorization_data);
free(tempto);
return retval;
}
}
*authto = tempto;
return 0;
}
void KRB5_CALLCONV
krb5_free_safe(krb5_context context, register krb5_safe *val)
{
if (val == NULL)
return;
free(val->user_data.data);
krb5_free_address(context, val->r_address);
krb5_free_address(context, val->s_address);
krb5_free_checksum(context, val->checksum);
free(val);
}
void KRB5_CALLCONV
krb5_free_authenticator_contents(krb5_context context, krb5_authenticator *val)
{
if (val == NULL)
return;
krb5_free_checksum(context, val->checksum);
val->checksum = 0;
krb5_free_principal(context, val->client);
val->client = 0;
krb5_free_keyblock(context, val->subkey);
val->subkey = 0;
krb5_free_authdata(context, val->authorization_data);
val->authorization_data = 0;
}
krb5_error_code
krb5int_fast_verify_nego(krb5_context context,
struct krb5int_fast_request_state *state,
krb5_kdc_rep *rep, krb5_data *request,
krb5_keyblock *decrypting_key,
krb5_boolean *fast_avail)
{
krb5_error_code retval = 0;
krb5_checksum *checksum = NULL;
krb5_pa_data *pa;
krb5_data scratch;
krb5_boolean valid;
*fast_avail = FALSE;
if (rep->enc_part2->flags& TKT_FLG_ENC_PA_REP) {
pa = krb5int_find_pa_data(context, rep->enc_part2->enc_padata,
KRB5_ENCPADATA_REQ_ENC_PA_REP);
if (pa == NULL)
retval = KRB5_KDCREP_MODIFIED;
else {
scratch.data = (char *) pa->contents;
scratch.length = pa->length;
}
if (retval == 0)
retval = decode_krb5_checksum(&scratch, &checksum);
if (retval == 0)
retval = krb5_c_verify_checksum(context, decrypting_key,
KRB5_KEYUSAGE_AS_REQ,
request, checksum, &valid);
if (retval == 0 &&valid == 0)
retval = KRB5_KDCREP_MODIFIED;
if (retval == 0) {
pa = krb5int_find_pa_data(context, rep->enc_part2->enc_padata,
KRB5_PADATA_FX_FAST);
*fast_avail = (pa != NULL);
}
}
TRACE_FAST_NEGO(context, *fast_avail);
if (checksum)
krb5_free_checksum(context, checksum);
return retval;
}
void KRB5_CALLCONV
krb5_free_sam_challenge_2_contents(krb5_context ctx,
krb5_sam_challenge_2 *sc2)
{
krb5_checksum **cksump;
if (!sc2)
return;
if (sc2->sam_challenge_2_body.data)
krb5_free_data_contents(ctx, &sc2->sam_challenge_2_body);
if (sc2->sam_cksum) {
cksump = sc2->sam_cksum;
while (*cksump) {
krb5_free_checksum(ctx, *cksump);
cksump++;
}
free(sc2->sam_cksum);
sc2->sam_cksum = 0;
}
}
/*
* Do a serialization test.
*/
static krb5_error_code
ser_data(int verbose, char *msg, krb5_pointer ctx, krb5_magic dtype)
{
krb5_error_code kret;
krb5_context ser_ctx;
krb5_pointer nctx;
krb5_octet *outrep, *ibuf, *outrep2;
size_t outlen, ilen, outlen2;
/* Initialize context and initialize all Kerberos serializers */
if ((kret = krb5_init_context(&ser_ctx))) {
printf("Couldn't initialize krb5 library: %s\n",
error_message(kret));
exit(1);
}
krb5_ser_context_init(ser_ctx);
krb5_ser_auth_context_init(ser_ctx);
krb5_ser_ccache_init(ser_ctx);
krb5_ser_rcache_init(ser_ctx);
krb5_ser_keytab_init(ser_ctx);
/* Externalize the data */
kret = krb5_externalize_data(ser_ctx, ctx, &outrep, &outlen);
if (!kret) {
if (verbose) {
printf("%s: externalized in %d bytes\n", msg, outlen);
print_erep(outrep, outlen);
}
/* Now attempt to re-constitute it */
ibuf = outrep;
ilen = outlen;
kret = krb5_internalize_opaque(ser_ctx,
dtype,
(krb5_pointer *) &nctx,
&ibuf,
&ilen);
if (!kret) {
if (ilen)
printf("%s: %d bytes left over after internalize\n",
msg, ilen);
/* Now attempt to re-externalize it */
kret = krb5_externalize_data(ser_ctx, nctx, &outrep2, &outlen2);
if (!kret) {
/* Compare the results. */
if ((outlen2 != outlen) ||
memcmp(outrep, outrep2, outlen)) {
printf("%s: comparison failed\n", msg);
print_erep(outrep2, outlen2);
}
else {
if (verbose)
printf("%s: compare succeeded\n", msg);
}
krb5_xfree(outrep2);
}
else
printf("%s: second externalize returned %d\n", msg, kret);
/* Free the data */
switch (dtype) {
case KV5M_CONTEXT:
krb5_free_context((krb5_context) nctx);
break;
case KV5M_AUTH_CONTEXT:
if (nctx) {
krb5_auth_context actx;
actx = (krb5_auth_context) nctx;
if (actx->i_vector)
krb5_xfree(actx->i_vector);
}
krb5_auth_con_free(ser_ctx, (krb5_auth_context) nctx);
break;
case KV5M_CCACHE:
krb5_cc_close(ser_ctx, (krb5_ccache) nctx);
break;
case KV5M_RCACHE:
krb5_rc_close(ser_ctx, (krb5_rcache) nctx);
break;
case KV5M_KEYTAB:
krb5_kt_close(ser_ctx, (krb5_keytab) nctx);
break;
case KV5M_ENCRYPT_BLOCK:
if (nctx) {
krb5_encrypt_block *eblock;
eblock = (krb5_encrypt_block *) nctx;
#if 0
if (eblock->priv && eblock->priv_size)
krb5_xfree(eblock->priv);
#endif
if (eblock->key)
krb5_free_keyblock(ser_ctx, eblock->key);
krb5_xfree(eblock);
}
break;
case KV5M_PRINCIPAL:
krb5_free_principal(ser_ctx, (krb5_principal) nctx);
break;
case KV5M_CHECKSUM:
krb5_free_checksum(ser_ctx, (krb5_checksum *) nctx);
break;
default:
printf("don't know how to free %d\n", dtype);
break;
}
}
else
printf("%s: internalize returned %d\n", msg, kret);
krb5_xfree(outrep);
}
else
printf("%s: externalize_data returned %d\n", msg, kret);
krb5_free_context(ser_ctx);
return(kret);
}
