krb5_error_code KRB5_CALLCONV krb5_copy_authenticator(krb5_context context, const krb5_authenticator *authfrom, krb5_authenticator **authto) { krb5_error_code retval; krb5_authenticator *tempto; if (!(tempto = (krb5_authenticator *)MALLOC(sizeof(*tempto)))) return ENOMEM; #ifdef HAVE_C_STRUCTURE_ASSIGNMENT *tempto = *authfrom; #else (void) memcpy(tempto, authfrom, sizeof(krb5_authenticator)); #endif retval = krb5_copy_principal(context, authfrom->client, &tempto->client); if (retval) { krb5_xfree_wrap(tempto, sizeof(*tempto)); return retval; } if (authfrom->checksum && (retval = krb5_copy_checksum(context, authfrom->checksum, &tempto->checksum))) { krb5_free_principal(context, tempto->client); krb5_xfree_wrap(tempto, sizeof(*tempto)); return retval; } if (authfrom->subkey) { retval = krb5_copy_keyblock(context, authfrom->subkey, &tempto->subkey); if (retval) { krb5_xfree_wrap(tempto->subkey, sizeof(krb5_keyblock)); krb5_free_checksum(context, tempto->checksum); krb5_free_principal(context, tempto->client); krb5_xfree_wrap(tempto, sizeof(*tempto)); return retval; } } if (authfrom->authorization_data) { retval = krb5_copy_authdata(context, authfrom->authorization_data, &tempto->authorization_data); if (retval) { krb5_xfree_wrap(tempto->subkey, sizeof(krb5_keyblock)); krb5_free_checksum(context, tempto->checksum); krb5_free_principal(context, tempto->client); krb5_free_authdata(context, tempto->authorization_data); krb5_xfree_wrap(tempto, sizeof(*tempto)); return retval; } } *authto = tempto; return 0; }
krb5_error_code KRB5_CALLCONV krb5_copy_authenticator(krb5_context context, const krb5_authenticator *authfrom, krb5_authenticator **authto) { krb5_error_code retval; krb5_authenticator *tempto; if (!(tempto = (krb5_authenticator *)malloc(sizeof(*tempto)))) return ENOMEM; *tempto = *authfrom; retval = krb5_copy_principal(context, authfrom->client, &tempto->client); if (retval) { free(tempto); return retval; } if (authfrom->checksum && (retval = krb5_copy_checksum(context, authfrom->checksum, &tempto->checksum))) { krb5_free_principal(context, tempto->client); free(tempto); return retval; } if (authfrom->subkey) { retval = krb5_copy_keyblock(context, authfrom->subkey, &tempto->subkey); if (retval) { free(tempto->subkey); krb5_free_checksum(context, tempto->checksum); krb5_free_principal(context, tempto->client); free(tempto); return retval; } } if (authfrom->authorization_data) { retval = krb5_copy_authdata(context, authfrom->authorization_data, &tempto->authorization_data); if (retval) { free(tempto->subkey); krb5_free_checksum(context, tempto->checksum); krb5_free_principal(context, tempto->client); krb5_free_authdata(context, tempto->authorization_data); free(tempto); return retval; } } *authto = tempto; return 0; }
void KRB5_CALLCONV krb5_free_safe(krb5_context context, register krb5_safe *val) { if (val == NULL) return; free(val->user_data.data); krb5_free_address(context, val->r_address); krb5_free_address(context, val->s_address); krb5_free_checksum(context, val->checksum); free(val); }
void KRB5_CALLCONV krb5_free_authenticator_contents(krb5_context context, krb5_authenticator *val) { if (val == NULL) return; krb5_free_checksum(context, val->checksum); val->checksum = 0; krb5_free_principal(context, val->client); val->client = 0; krb5_free_keyblock(context, val->subkey); val->subkey = 0; krb5_free_authdata(context, val->authorization_data); val->authorization_data = 0; }
krb5_error_code krb5int_fast_verify_nego(krb5_context context, struct krb5int_fast_request_state *state, krb5_kdc_rep *rep, krb5_data *request, krb5_keyblock *decrypting_key, krb5_boolean *fast_avail) { krb5_error_code retval = 0; krb5_checksum *checksum = NULL; krb5_pa_data *pa; krb5_data scratch; krb5_boolean valid; *fast_avail = FALSE; if (rep->enc_part2->flags& TKT_FLG_ENC_PA_REP) { pa = krb5int_find_pa_data(context, rep->enc_part2->enc_padata, KRB5_ENCPADATA_REQ_ENC_PA_REP); if (pa == NULL) retval = KRB5_KDCREP_MODIFIED; else { scratch.data = (char *) pa->contents; scratch.length = pa->length; } if (retval == 0) retval = decode_krb5_checksum(&scratch, &checksum); if (retval == 0) retval = krb5_c_verify_checksum(context, decrypting_key, KRB5_KEYUSAGE_AS_REQ, request, checksum, &valid); if (retval == 0 &&valid == 0) retval = KRB5_KDCREP_MODIFIED; if (retval == 0) { pa = krb5int_find_pa_data(context, rep->enc_part2->enc_padata, KRB5_PADATA_FX_FAST); *fast_avail = (pa != NULL); } } TRACE_FAST_NEGO(context, *fast_avail); if (checksum) krb5_free_checksum(context, checksum); return retval; }
void KRB5_CALLCONV krb5_free_sam_challenge_2_contents(krb5_context ctx, krb5_sam_challenge_2 *sc2) { krb5_checksum **cksump; if (!sc2) return; if (sc2->sam_challenge_2_body.data) krb5_free_data_contents(ctx, &sc2->sam_challenge_2_body); if (sc2->sam_cksum) { cksump = sc2->sam_cksum; while (*cksump) { krb5_free_checksum(ctx, *cksump); cksump++; } free(sc2->sam_cksum); sc2->sam_cksum = 0; } }
/* * Do a serialization test. */ static krb5_error_code ser_data(int verbose, char *msg, krb5_pointer ctx, krb5_magic dtype) { krb5_error_code kret; krb5_context ser_ctx; krb5_pointer nctx; krb5_octet *outrep, *ibuf, *outrep2; size_t outlen, ilen, outlen2; /* Initialize context and initialize all Kerberos serializers */ if ((kret = krb5_init_context(&ser_ctx))) { printf("Couldn't initialize krb5 library: %s\n", error_message(kret)); exit(1); } krb5_ser_context_init(ser_ctx); krb5_ser_auth_context_init(ser_ctx); krb5_ser_ccache_init(ser_ctx); krb5_ser_rcache_init(ser_ctx); krb5_ser_keytab_init(ser_ctx); /* Externalize the data */ kret = krb5_externalize_data(ser_ctx, ctx, &outrep, &outlen); if (!kret) { if (verbose) { printf("%s: externalized in %d bytes\n", msg, outlen); print_erep(outrep, outlen); } /* Now attempt to re-constitute it */ ibuf = outrep; ilen = outlen; kret = krb5_internalize_opaque(ser_ctx, dtype, (krb5_pointer *) &nctx, &ibuf, &ilen); if (!kret) { if (ilen) printf("%s: %d bytes left over after internalize\n", msg, ilen); /* Now attempt to re-externalize it */ kret = krb5_externalize_data(ser_ctx, nctx, &outrep2, &outlen2); if (!kret) { /* Compare the results. */ if ((outlen2 != outlen) || memcmp(outrep, outrep2, outlen)) { printf("%s: comparison failed\n", msg); print_erep(outrep2, outlen2); } else { if (verbose) printf("%s: compare succeeded\n", msg); } krb5_xfree(outrep2); } else printf("%s: second externalize returned %d\n", msg, kret); /* Free the data */ switch (dtype) { case KV5M_CONTEXT: krb5_free_context((krb5_context) nctx); break; case KV5M_AUTH_CONTEXT: if (nctx) { krb5_auth_context actx; actx = (krb5_auth_context) nctx; if (actx->i_vector) krb5_xfree(actx->i_vector); } krb5_auth_con_free(ser_ctx, (krb5_auth_context) nctx); break; case KV5M_CCACHE: krb5_cc_close(ser_ctx, (krb5_ccache) nctx); break; case KV5M_RCACHE: krb5_rc_close(ser_ctx, (krb5_rcache) nctx); break; case KV5M_KEYTAB: krb5_kt_close(ser_ctx, (krb5_keytab) nctx); break; case KV5M_ENCRYPT_BLOCK: if (nctx) { krb5_encrypt_block *eblock; eblock = (krb5_encrypt_block *) nctx; #if 0 if (eblock->priv && eblock->priv_size) krb5_xfree(eblock->priv); #endif if (eblock->key) krb5_free_keyblock(ser_ctx, eblock->key); krb5_xfree(eblock); } break; case KV5M_PRINCIPAL: krb5_free_principal(ser_ctx, (krb5_principal) nctx); break; case KV5M_CHECKSUM: krb5_free_checksum(ser_ctx, (krb5_checksum *) nctx); break; default: printf("don't know how to free %d\n", dtype); break; } } else printf("%s: internalize returned %d\n", msg, kret); krb5_xfree(outrep); } else printf("%s: externalize_data returned %d\n", msg, kret); krb5_free_context(ser_ctx); return(kret); }