static
char *handle_sam_labels(krb5_sam_challenge *sc)
{
char *label = sc->sam_challenge_label.data;
unsigned int label_len = sc->sam_challenge_label.length;
char *prompt = sc->sam_response_prompt.data;
unsigned int prompt_len = sc->sam_response_prompt.length;
char *challenge = sc->sam_challenge.data;
unsigned int challenge_len = sc->sam_challenge.length;
struct k5buf buf;
if (sc->sam_cksum.length == 0) {
/* or invalid -- but lets just handle presence now XXX */
switch (sc->sam_type) {
case PA_SAM_TYPE_ENIGMA: /* Enigma Logic */
label = "Challenge for Enigma Logic mechanism";
break;
case PA_SAM_TYPE_DIGI_PATH: /* Digital Pathways */
case PA_SAM_TYPE_DIGI_PATH_HEX: /* Digital Pathways */
label = "Challenge for Digital Pathways mechanism";
break;
case PA_SAM_TYPE_ACTIVCARD_DEC: /* Digital Pathways */
case PA_SAM_TYPE_ACTIVCARD_HEX: /* Digital Pathways */
label = "Challenge for Activcard mechanism";
break;
case PA_SAM_TYPE_SKEY_K0: /* S/key where KDC has key 0 */
label = "Challenge for Enhanced S/Key mechanism";
break;
case PA_SAM_TYPE_SKEY: /* Traditional S/Key */
label = "Challenge for Traditional S/Key mechanism";
break;
case PA_SAM_TYPE_SECURID: /* Security Dynamics */
label = "Challenge for Security Dynamics mechanism";
break;
case PA_SAM_TYPE_SECURID_PREDICT: /* predictive Security Dynamics */
label = "Challenge for Security Dynamics mechanism";
break;
}
prompt = "Passcode";
label_len = strlen(label);
prompt_len = strlen(prompt);
}
/* example:
Challenge for Digital Pathways mechanism: [134591]
Passcode:
*/
krb5int_buf_init_dynamic(&buf);
if (challenge_len) {
krb5int_buf_add_len(&buf, label, label_len);
krb5int_buf_add(&buf, ": [");
krb5int_buf_add_len(&buf, challenge, challenge_len);
krb5int_buf_add(&buf, "]\n");
}
krb5int_buf_add_len(&buf, prompt, prompt_len);
krb5int_buf_add(&buf, ": ");
return krb5int_buf_data(&buf);
}
krb5_error_code
krb5_ldap_parse_principal_name(char *i_princ_name, char **o_princ_name)
{
const char *at_rlm_name, *p;
struct k5buf buf;
at_rlm_name = strrchr(i_princ_name, '@');
if (!at_rlm_name) {
*o_princ_name = strdup(i_princ_name);
if (!o_princ_name)
return ENOMEM;
} else {
krb5int_buf_init_dynamic(&buf);
for (p = i_princ_name; p < at_rlm_name; p++) {
if (*p == '@')
krb5int_buf_add(&buf, "\\");
krb5int_buf_add_len(&buf, p, 1);
}
krb5int_buf_add(&buf, at_rlm_name);
*o_princ_name = krb5int_buf_data(&buf);
if (!*o_princ_name)
return ENOMEM;
}
return 0;
}
static void
buf_add_printable_len(struct k5buf *buf, const char *p, size_t len)
{
char text[5];
size_t i;
if (buf_is_printable(p, len)) {
krb5int_buf_add_len(buf, p, len);
} else {
for (i = 0; i < len; i++) {
if (buf_is_printable(p + i, 1)) {
krb5int_buf_add_len(buf, p + i, 1);
} else {
snprintf(text, sizeof(text), "\\x%02x",
(unsigned)(p[i] & 0xff));
krb5int_buf_add_len(buf, text, 4);
}
}
}
}
/* Return a copy of in, quoting all characters which are special in an LDAP
* filter (RFC 4515) or DN string (RFC 4514). Return NULL on failure. */
char *
ldap_filter_correct (char *in)
{
size_t count;
const char special[] = "*()\\ #\"+,;<>";
struct k5buf buf;
krb5int_buf_init_dynamic(&buf);
while (TRUE) {
count = strcspn(in, special);
krb5int_buf_add_len(&buf, in, count);
in += count;
if (*in == '\0')
break;
krb5int_buf_add_fmt(&buf, "\\%2x", (unsigned char)*in++);
}
return krb5int_buf_data(&buf);
}
static char *
trace_format(krb5_context context, const char *fmt, va_list ap)
{
struct k5buf buf;
krb5_error_code kerr;
size_t len, i;
int err;
struct conn_state *cs;
const krb5_data *d;
krb5_data data;
char addrbuf[NI_MAXHOST], portbuf[NI_MAXSERV], tmpbuf[200], *str;
const char *p;
krb5_const_principal princ;
const krb5_keyblock *keyblock;
krb5_key key;
const krb5_checksum *cksum;
krb5_pa_data **padata;
krb5_ccache ccache;
krb5_keytab keytab;
krb5_creds *creds;
krb5_enctype *etypes, etype;
krb5int_buf_init_dynamic(&buf);
while (TRUE) {
/* Advance to the next word in braces. */
len = strcspn(fmt, "{");
krb5int_buf_add_len(&buf, fmt, len);
if (fmt[len] == '\0')
break;
fmt += len + 1;
len = strcspn(fmt, "}");
if (fmt[len] == '\0' || len > sizeof(tmpbuf) - 1)
break;
memcpy(tmpbuf, fmt, len);
tmpbuf[len] = '\0';
fmt += len + 1;
/* Process the format word. */
if (strcmp(tmpbuf, "int") == 0) {
krb5int_buf_add_fmt(&buf, "%d", va_arg(ap, int));
} else if (strcmp(tmpbuf, "long") == 0) {
void krb5int_buf_add(struct k5buf *buf, const char *data)
{
krb5int_buf_add_len(buf, data, strlen(data));
}
static krb5_error_code
krb5_rc_io_store(krb5_context context, struct dfl_data *t,
krb5_donot_replay *rep)
{
size_t clientlen, serverlen;
unsigned int len;
krb5_error_code ret;
struct k5buf buf, extbuf;
char *ptr, *extstr;
clientlen = strlen(rep->client);
serverlen = strlen(rep->server);
if (rep->msghash) {
/*
* Write a hash extension record, to be followed by a record
* in regular format (without the message hash) for the
* benefit of old implementations.
*/
/* Format the extension value so we know its length. */
krb5int_buf_init_dynamic(&extbuf);
krb5int_buf_add_fmt(&extbuf, "HASH:%s %lu:%s %lu:%s", rep->msghash,
(unsigned long) clientlen, rep->client,
(unsigned long) serverlen, rep->server);
extstr = krb5int_buf_data(&extbuf);
if (!extstr)
return KRB5_RC_MALLOC;
/*
* Put the extension value into the server field of a
* regular-format record, with an empty client field.
*/
krb5int_buf_init_dynamic(&buf);
len = 1;
krb5int_buf_add_len(&buf, (char *) &len, sizeof(len));
krb5int_buf_add_len(&buf, "", 1);
len = strlen(extstr) + 1;
krb5int_buf_add_len(&buf, (char *) &len, sizeof(len));
krb5int_buf_add_len(&buf, extstr, len);
krb5int_buf_add_len(&buf, (char *) &rep->cusec, sizeof(rep->cusec));
krb5int_buf_add_len(&buf, (char *) &rep->ctime, sizeof(rep->ctime));
free(extstr);
} else /* No extension record needed. */
krb5int_buf_init_dynamic(&buf);
len = clientlen + 1;
krb5int_buf_add_len(&buf, (char *) &len, sizeof(len));
krb5int_buf_add_len(&buf, rep->client, len);
len = serverlen + 1;
krb5int_buf_add_len(&buf, (char *) &len, sizeof(len));
krb5int_buf_add_len(&buf, rep->server, len);
krb5int_buf_add_len(&buf, (char *) &rep->cusec, sizeof(rep->cusec));
krb5int_buf_add_len(&buf, (char *) &rep->ctime, sizeof(rep->ctime));
ptr = krb5int_buf_data(&buf);
if (ptr == NULL)
return KRB5_RC_MALLOC;
ret = krb5_rc_io_write(context, &t->d, ptr, krb5int_buf_len(&buf));
krb5int_free_buf(&buf);
return ret;
}