static int
ipv4_mask_boundary(krb5_context context, const krb5_address *inaddr,
unsigned long len, krb5_address *low, krb5_address *high)
{
unsigned long ia;
uint32_t l, h, m = 0xffffffff;
if (len > 32) {
krb5_set_error_message(context, KRB5_PROG_ATYPE_NOSUPP,
N_("IPv4 prefix too large (%ld)", "len"), len);
return KRB5_PROG_ATYPE_NOSUPP;
}
m = m << (32 - len);
_krb5_get_int(inaddr->address.data, &ia, inaddr->address.length);
l = ia & m;
h = l | ~m;
low->addr_type = KRB5_ADDRESS_INET;
if(krb5_data_alloc(&low->address, 4) != 0)
return -1;
_krb5_put_int(low->address.data, l, low->address.length);
high->addr_type = KRB5_ADDRESS_INET;
if(krb5_data_alloc(&high->address, 4) != 0) {
krb5_free_address(context, low);
return -1;
}
_krb5_put_int(high->address.data, h, high->address.length);
return 0;
}
static krb5_error_code
AES_PRF(krb5_context context,
krb5_crypto crypto,
const krb5_data *in,
krb5_data *out)
{
struct _krb5_checksum_type *ct = crypto->et->checksum;
krb5_error_code ret;
Checksum result;
krb5_keyblock *derived;
result.cksumtype = ct->type;
ret = krb5_data_alloc(&result.checksum, ct->checksumsize);
if (ret) {
krb5_set_error_message(context, ret, N_("malloc: out memory", ""));
return ret;
}
ret = (*ct->checksum)(context, NULL, in->data, in->length, 0, &result);
if (ret) {
krb5_data_free(&result.checksum);
return ret;
}
if (result.checksum.length < crypto->et->blocksize)
krb5_abortx(context, "internal prf error");
derived = NULL;
ret = krb5_derive_key(context, crypto->key.key,
crypto->et->type, "prf", 3, &derived);
if (ret)
krb5_abortx(context, "krb5_derive_key");
ret = krb5_data_alloc(out, crypto->et->blocksize);
if (ret)
krb5_abortx(context, "malloc failed");
{
const EVP_CIPHER *c = (*crypto->et->keytype->evp)();
EVP_CIPHER_CTX *ctx;
ctx = EVP_CIPHER_CTX_new(); /* ivec all zero */
if (ctx == NULL)
krb5_abortx(context, "malloc failed");
EVP_CipherInit_ex(ctx, c, NULL, derived->keyvalue.data, NULL, 1);
EVP_Cipher(ctx, out->data, result.checksum.data,
crypto->et->blocksize);
EVP_CIPHER_CTX_free(ctx);
}
krb5_data_free(&result.checksum);
krb5_free_keyblock(context, derived);
return ret;
}
static int
ipv6_mask_boundary(krb5_context context, const krb5_address *inaddr,
unsigned long len, krb5_address *low, krb5_address *high)
{
struct in6_addr addr, laddr, haddr;
uint32_t m;
int i, sub_len;
if (len > 128) {
krb5_set_error_message(context, KRB5_PROG_ATYPE_NOSUPP,
N_("IPv6 prefix too large (%ld)", "length"), len);
return KRB5_PROG_ATYPE_NOSUPP;
}
if (inaddr->address.length != sizeof(addr)) {
krb5_set_error_message(context, KRB5_PROG_ATYPE_NOSUPP,
N_("IPv6 addr bad length", ""));
return KRB5_PROG_ATYPE_NOSUPP;
}
memcpy(&addr, inaddr->address.data, inaddr->address.length);
for (i = 0; i < 16; i++) {
sub_len = min(8, len);
m = 0xff << (8 - sub_len);
laddr.s6_addr[i] = addr.s6_addr[i] & m;
haddr.s6_addr[i] = (addr.s6_addr[i] & m) | ~m;
if (len > 8)
len -= 8;
else
len = 0;
}
low->addr_type = KRB5_ADDRESS_INET6;
if (krb5_data_alloc(&low->address, sizeof(laddr.s6_addr)) != 0)
return -1;
memcpy(low->address.data, laddr.s6_addr, sizeof(laddr.s6_addr));
high->addr_type = KRB5_ADDRESS_INET6;
if (krb5_data_alloc(&high->address, sizeof(haddr.s6_addr)) != 0) {
krb5_free_address(context, low);
return -1;
}
memcpy(high->address.data, haddr.s6_addr, sizeof(haddr.s6_addr));
return 0;
}
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_ret_data(krb5_storage *sp,
krb5_data *data)
{
int ret;
int32_t size;
ret = krb5_ret_int32(sp, &size);
if(ret)
return ret;
ret = size_too_large(sp, size);
if (ret)
return ret;
ret = krb5_data_alloc (data, size);
if (ret)
return ret;
if (size) {
ret = sp->fetch(sp, data->data, size);
if(ret != size) {
krb5_data_free(data);
return (ret < 0)? errno : sp->eof_code;
}
}
return 0;
}
kadm5_ret_t
_kadm5_client_send(kadm5_client_context *context, krb5_storage *sp)
{
krb5_data msg, out;
krb5_error_code ret;
size_t len;
krb5_storage *sock;
assert(context->sock != -1);
len = krb5_storage_seek(sp, 0, SEEK_CUR);
ret = krb5_data_alloc(&msg, len);
if (ret)
return ret;
krb5_storage_seek(sp, 0, SEEK_SET);
krb5_storage_read(sp, msg.data, msg.length);
ret = krb5_mk_priv(context->context, context->ac, &msg, &out, NULL);
krb5_data_free(&msg);
if(ret)
return ret;
sock = krb5_storage_from_fd(context->sock);
if(sock == NULL) {
krb5_data_free(&out);
return ENOMEM;
}
ret = krb5_store_data(sock, out);
krb5_storage_free(sock);
krb5_data_free(&out);
return ret;
}
static int
arange_copy (krb5_context context, const krb5_address *inaddr,
krb5_address *outaddr)
{
krb5_error_code ret;
struct arange *i, *o;
outaddr->addr_type = KRB5_ADDRESS_ARANGE;
ret = krb5_data_alloc(&outaddr->address, sizeof(*o));
if(ret)
return ret;
i = inaddr->address.data;
o = outaddr->address.data;
ret = krb5_copy_address(context, &i->low, &o->low);
if(ret) {
krb5_data_free(&outaddr->address);
return ret;
}
ret = krb5_copy_address(context, &i->high, &o->high);
if(ret) {
krb5_free_address(context, &o->low);
krb5_data_free(&outaddr->address);
return ret;
}
return 0;
}
static int
ipv6_parse_addr (krb5_context context, const char *address, krb5_address *addr)
{
int ret;
struct in6_addr in6;
const char *p;
p = strchr(address, ':');
if(p) {
p++;
if(strncasecmp(address, "ip6:", p - address) == 0 ||
strncasecmp(address, "ipv6:", p - address) == 0 ||
strncasecmp(address, "inet6:", p - address) == 0)
address = p;
}
ret = inet_pton(AF_INET6, address, &in6.s6_addr);
if(ret == 1) {
addr->addr_type = KRB5_ADDRESS_INET6;
ret = krb5_data_alloc(&addr->address, sizeof(in6.s6_addr));
if (ret)
return -1;
memcpy(addr->address.data, in6.s6_addr, sizeof(in6.s6_addr));
return 0;
}
return -1;
}
/*
* NIST guidance in Section 5.1 of [SP800-132] requires that a portion
* of the salt of at least 128 bits shall be randomly generated.
*/
static krb5_error_code
add_random_to_salt(krb5_context context, krb5_salt *in, krb5_salt *out)
{
krb5_error_code ret;
char *p;
unsigned char random[16];
char *s;
int slen;
krb5_generate_random_block(random, sizeof(random));
slen = rk_base64_encode(random, sizeof(random), &s);
if (slen < 0)
return ENOMEM;
ret = krb5_data_alloc(&out->saltvalue, slen + in->saltvalue.length);
if (ret) {
free(s);
return ret;
}
p = out->saltvalue.data;
memcpy(p, s, slen);
memcpy(&p[slen], in->saltvalue.data, in->saltvalue.length);
out->salttype = in->salttype;
free(s);
return 0;
}
static kadm5_ret_t
kadm5_log_replay_create (kadm5_server_context *context,
uint32_t ver,
uint32_t len,
krb5_storage *sp)
{
krb5_error_code ret;
krb5_data data;
hdb_entry_ex ent;
memset(&ent, 0, sizeof(ent));
ret = krb5_data_alloc (&data, len);
if (ret) {
krb5_set_error_message(context->context, ret, "out of memory");
return ret;
}
krb5_storage_read (sp, data.data, len);
ret = hdb_value2entry (context->context, &data, &ent.entry);
krb5_data_free(&data);
if (ret) {
krb5_set_error_message(context->context, ret,
"Unmarshaling hdb entry failed");
return ret;
}
ret = context->db->hdb_store(context->context, context->db, 0, &ent);
hdb_free_entry (context->context, &ent);
return ret;
}
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_storage_to_data(krb5_storage *sp, krb5_data *data)
{
off_t pos, size;
krb5_error_code ret;
pos = sp->seek(sp, 0, SEEK_CUR);
if (pos < 0)
return HEIM_ERR_NOT_SEEKABLE;
size = sp->seek(sp, 0, SEEK_END);
ret = size_too_large(sp, size);
if (ret)
return ret;
ret = krb5_data_alloc(data, size);
if (ret) {
sp->seek(sp, pos, SEEK_SET);
return ret;
}
if (size) {
sp->seek(sp, 0, SEEK_SET);
sp->fetch(sp, data->data, data->length);
sp->seek(sp, pos, SEEK_SET);
}
return 0;
}
static krb5_error_code
AES_SHA2_PRF(krb5_context context,
krb5_crypto crypto,
const krb5_data *in,
krb5_data *out)
{
krb5_error_code ret;
krb5_data label;
const EVP_MD *md = NULL;
ret = _krb5_aes_sha2_md_for_enctype(context, crypto->et->type, &md);
if (ret)
return ret;
label.data = "prf";
label.length = 3;
ret = krb5_data_alloc(out, EVP_MD_size(md));
if (ret)
return ret;
ret = _krb5_SP800_108_HMAC_KDF(context, &crypto->key.key->keyvalue,
&label, in, md, out);
if (ret)
krb5_data_free(out);
return ret;
}
static krb5_error_code
HMAC_MD5_any_checksum(krb5_context context,
const krb5_keyblock *key,
const void *data,
size_t len,
unsigned usage,
Checksum *result)
{
struct key_data local_key;
krb5_error_code ret;
memset(&local_key, 0, sizeof(local_key));
ret = krb5_copy_keyblock(context, key, &local_key.key);
if (ret)
return ret;
ret = krb5_data_alloc (&result->checksum, 16);
if (ret) {
krb5_free_keyblock(context, local_key.key);
return ret;
}
result->cksumtype = CKSUMTYPE_HMAC_MD5;
ret = _krb5_HMAC_MD5_checksum(context, &local_key, data, len, usage, result);
if (ret)
krb5_data_free(&result->checksum);
krb5_free_keyblock(context, local_key.key);
return ret;
}
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_pw_salt(krb5_context context,
krb5_const_principal principal,
krb5_salt *salt)
{
size_t len;
size_t i;
krb5_error_code ret;
char *p;
salt->salttype = KRB5_PW_SALT;
len = strlen(principal->realm);
for (i = 0; i < principal->name.name_string.len; ++i)
len += strlen(principal->name.name_string.val[i]);
ret = krb5_data_alloc (&salt->saltvalue, len);
if (ret)
return ret;
p = salt->saltvalue.data;
memcpy (p, principal->realm, strlen(principal->realm));
p += strlen(principal->realm);
for (i = 0; i < principal->name.name_string.len; ++i) {
memcpy (p,
principal->name.name_string.val[i],
strlen(principal->name.name_string.val[i]));
p += strlen(principal->name.name_string.val[i]);
}
return 0;
}
static krb5_error_code
calculate_reply_hash(krb5_context context,
krb5_keyblock *key,
Kx509Response *rep)
{
krb5_error_code ret;
HMAC_CTX ctx;
HMAC_CTX_init(&ctx);
HMAC_Init_ex(&ctx, key->keyvalue.data, key->keyvalue.length,
EVP_sha1(), NULL);
ret = krb5_data_alloc(rep->hash, HMAC_size(&ctx));
if (ret) {
HMAC_CTX_cleanup(&ctx);
krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM;
}
HMAC_Update(&ctx, version_2_0, sizeof(version_2_0));
if (rep->error_code) {
int32_t t = *rep->error_code;
do {
unsigned char p = (t & 0xff);
HMAC_Update(&ctx, &p, 1);
t >>= 8;
} while (t);
}
static int
ipv4_parse_addr (krb5_context context, const char *address, krb5_address *addr)
{
const char *p;
struct in_addr a;
p = strchr(address, ':');
if(p) {
p++;
if(strncasecmp(address, "ip:", p - address) != 0 &&
strncasecmp(address, "ip4:", p - address) != 0 &&
strncasecmp(address, "ipv4:", p - address) != 0 &&
strncasecmp(address, "inet:", p - address) != 0)
return -1;
} else
p = address;
#ifdef HAVE_INET_ATON
if(inet_aton(p, &a) == 0)
return -1;
#elif defined(HAVE_INET_ADDR)
a.s_addr = inet_addr(p);
if(a.s_addr == INADDR_NONE)
return -1;
#else
return -1;
#endif
addr->addr_type = KRB5_ADDRESS_INET;
if(krb5_data_alloc(&addr->address, 4) != 0)
return -1;
_krb5_put_int(addr->address.data, ntohl(a.s_addr), addr->address.length);
return 0;
}
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_read_message (krb5_context context,
krb5_pointer p_fd,
krb5_data *data)
{
krb5_error_code ret;
uint32_t len;
uint8_t buf[4];
krb5_data_zero(data);
ret = krb5_net_read (context, p_fd, buf, 4);
if(ret == -1) {
ret = errno;
krb5_clear_error_message (context);
return ret;
}
if(ret < 4) {
krb5_clear_error_message(context);
return HEIM_ERR_EOF;
}
len = (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3];
ret = krb5_data_alloc (data, len);
if (ret) {
krb5_clear_error_message(context);
return ret;
}
if (krb5_net_read (context, p_fd, data->data, len) != len) {
ret = errno;
krb5_data_free (data);
krb5_clear_error_message (context);
return ret;
}
return 0;
}
krb5_data *hex2krb5data(const char *str, krb5_data *data)
{
size_t len = 0;
unsigned char *p;
const char *q;
int hi, lo;
len = strlen(str);
len = len/2 + len%2;
krb5_data_zero(data);
krb5_data_alloc(data, len);
p = data->data;
q = str;
for (;;) {
if (*q == '\0' || *q == '\n') {
*p = '\0';
break;
}
hi = val(*q++);
if (*q == '\0' || *q == '\n') {
lo = 0;
}
else {
lo = val(*q++);
}
*p++ = (hi << 4) | lo;
}
return(data);
}
static krb5_error_code KRB5_CALLCONV
acc_alloc(krb5_context context, krb5_ccache *id)
{
krb5_error_code ret;
cc_int32 error;
krb5_acc *a;
ret = init_ccapi(context);
if (ret)
return ret;
ret = krb5_data_alloc(&(*id)->data, sizeof(*a));
if (ret) {
krb5_clear_error_message(context);
return ret;
}
a = ACACHE(*id);
error = (*init_func)(&a->context, ccapi_version_3, NULL, NULL);
if (error) {
krb5_data_free(&(*id)->data);
return translate_cc_error(context, error);
}
a->cache_name = NULL;
return 0;
}
static void
send_im_here(krb5_context context, int fd,
krb5_auth_context auth_context)
{
krb5_storage *sp;
krb5_data data;
krb5_error_code ret;
ret = krb5_data_alloc(&data, 4);
if (ret)
krb5_err(context, IPROPD_RESTART, ret, "send_im_here");
sp = krb5_storage_from_data (&data);
if (sp == NULL)
krb5_errx(context, IPROPD_RESTART, "krb5_storage_from_data");
ret = krb5_store_uint32(sp, I_AM_HERE);
krb5_storage_free(sp);
if (ret == 0) {
ret = krb5_write_priv_message(context, auth_context, &fd, &data);
krb5_data_free(&data);
if (ret)
krb5_err(context, IPROPD_RESTART, ret, "krb5_write_priv_message");
if (verbose)
krb5_warnx(context, "pinged master");
}
return;
}
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_pac_init(krb5_context context, krb5_pac *pac)
{
krb5_error_code ret;
krb5_pac p;
p = calloc(1, sizeof(*p));
if (p == NULL) {
return krb5_enomem(context);
}
p->pac = calloc(1, sizeof(*p->pac));
if (p->pac == NULL) {
free(p);
return krb5_enomem(context);
}
ret = krb5_data_alloc(&p->data, PACTYPE_SIZE);
if (ret) {
free (p->pac);
free(p);
return krb5_enomem(context);
}
*pac = p;
return 0;
}
static krb5_error_code
AES_SHA1_string_to_key(krb5_context context,
krb5_enctype enctype,
krb5_data password,
krb5_salt salt,
krb5_data opaque,
krb5_keyblock *key)
{
krb5_error_code ret;
uint32_t iter;
struct _krb5_encryption_type *et;
struct _krb5_key_data kd;
if (opaque.length == 0)
iter = _krb5_AES_SHA1_string_to_default_iterator;
else if (opaque.length == 4) {
unsigned long v;
_krb5_get_int(opaque.data, &v, 4);
iter = ((uint32_t)v);
} else
return KRB5_PROG_KEYTYPE_NOSUPP; /* XXX */
et = _krb5_find_enctype(enctype);
if (et == NULL)
return KRB5_PROG_KEYTYPE_NOSUPP;
kd.schedule = NULL;
ALLOC(kd.key, 1);
if (kd.key == NULL)
return krb5_enomem(context);
kd.key->keytype = enctype;
ret = krb5_data_alloc(&kd.key->keyvalue, et->keytype->size);
if (ret) {
krb5_set_error_message (context, ret, N_("malloc: out of memory", ""));
return ret;
}
ret = PKCS5_PBKDF2_HMAC(password.data, password.length,
salt.saltvalue.data, salt.saltvalue.length,
iter,
EVP_sha1(),
et->keytype->size, kd.key->keyvalue.data);
if (ret != 1) {
_krb5_free_key_data(context, &kd, et);
krb5_set_error_message(context, KRB5_PROG_KEYTYPE_NOSUPP,
"Error calculating s2k");
return KRB5_PROG_KEYTYPE_NOSUPP;
}
ret = _krb5_derive_key(context, et, &kd, "kerberos", strlen("kerberos"));
if (ret == 0)
ret = krb5_copy_keyblock_contents(context, kd.key, key);
_krb5_free_key_data(context, &kd, et);
return ret;
}
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_data_copy(krb5_data *p, const void *data, size_t len)
{
if (len) {
if(krb5_data_alloc(p, len))
return ENOMEM;
memmove(p->data, data, len);
} else
p->data = NULL;
p->length = len;
return 0;
}
krb5_error_code KRB5_LIB_FUNCTION
krb5_make_addrport (krb5_context context,
krb5_address **res, const krb5_address *addr, int16_t port)
{
krb5_error_code ret;
size_t len = addr->address.length + 2 + 4 * 4;
u_char *p;
*res = malloc (sizeof(**res));
if (*res == NULL) {
krb5_set_error_message (context, ENOMEM,
N_("malloc: out of memory", ""));
return ENOMEM;
}
(*res)->addr_type = KRB5_ADDRESS_ADDRPORT;
ret = krb5_data_alloc (&(*res)->address, len);
if (ret) {
krb5_set_error_message (context, ret,
N_("malloc: out of memory", ""));
free (*res);
*res = NULL;
return ret;
}
p = (*res)->address.data;
*p++ = 0;
*p++ = 0;
*p++ = (addr->addr_type ) & 0xFF;
*p++ = (addr->addr_type >> 8) & 0xFF;
*p++ = (addr->address.length ) & 0xFF;
*p++ = (addr->address.length >> 8) & 0xFF;
*p++ = (addr->address.length >> 16) & 0xFF;
*p++ = (addr->address.length >> 24) & 0xFF;
memcpy (p, addr->address.data, addr->address.length);
p += addr->address.length;
*p++ = 0;
*p++ = 0;
*p++ = (KRB5_ADDRESS_IPPORT ) & 0xFF;
*p++ = (KRB5_ADDRESS_IPPORT >> 8) & 0xFF;
*p++ = (2 ) & 0xFF;
*p++ = (2 >> 8) & 0xFF;
*p++ = (2 >> 16) & 0xFF;
*p++ = (2 >> 24) & 0xFF;
memcpy (p, &port, 2);
return 0;
}
static kadm5_ret_t
kadm5_log_replay_rename (kadm5_server_context *context,
uint32_t ver,
uint32_t len,
krb5_storage *sp)
{
krb5_error_code ret;
krb5_principal source;
hdb_entry_ex target_ent;
krb5_data value;
off_t off;
size_t princ_len, data_len;
memset(&target_ent, 0, sizeof(target_ent));
off = krb5_storage_seek(sp, 0, SEEK_CUR);
ret = krb5_ret_principal (sp, &source);
if (ret) {
krb5_set_error_message(context->context, ret, "Failed to read renamed "
"principal in log, version: %ld", (long)ver);
return ret;
}
princ_len = krb5_storage_seek(sp, 0, SEEK_CUR) - off;
data_len = len - princ_len;
ret = krb5_data_alloc (&value, data_len);
if (ret) {
krb5_free_principal (context->context, source);
return ret;
}
krb5_storage_read (sp, value.data, data_len);
ret = hdb_value2entry (context->context, &value, &target_ent.entry);
krb5_data_free(&value);
if (ret) {
krb5_free_principal (context->context, source);
return ret;
}
ret = context->db->hdb_store (context->context, context->db,
0, &target_ent);
hdb_free_entry (context->context, &target_ent);
if (ret) {
krb5_free_principal (context->context, source);
return ret;
}
ret = context->db->hdb_remove (context->context, context->db, source);
krb5_free_principal (context->context, source);
return ret;
}
kadm5_ret_t
kadm5_log_replay_rename (kadm5_server_context *context,
u_int32_t ver,
u_int32_t len,
krb5_storage *sp)
{
krb5_error_code ret;
krb5_principal source;
hdb_entry source_ent, target_ent;
krb5_data value;
off_t off;
size_t princ_len, data_len;
off = krb5_storage_seek(sp, 0, SEEK_CUR);
krb5_ret_principal (sp, &source);
princ_len = krb5_storage_seek(sp, 0, SEEK_CUR) - off;
data_len = len - princ_len;
ret = krb5_data_alloc (&value, data_len);
if (ret) {
krb5_free_principal (context->context, source);
return ret;
}
krb5_storage_read (sp, value.data, data_len);
ret = hdb_value2entry (context->context, &value, &target_ent);
krb5_data_free(&value);
if (ret) {
krb5_free_principal (context->context, source);
return ret;
}
ret = context->db->hdb_store (context->context, context->db,
0, &target_ent);
hdb_free_entry (context->context, &target_ent);
if (ret) {
krb5_free_principal (context->context, source);
return ret;
}
source_ent.principal = source;
ret = context->db->hdb_remove (context->context, context->db, &source_ent);
krb5_free_principal (context->context, source);
return ret;
}
krb5_error_code KRB5_LIB_FUNCTION
krb5_storage_to_data(krb5_storage *sp, krb5_data *data)
{
off_t pos;
size_t size;
krb5_error_code ret;
pos = sp->seek(sp, 0, SEEK_CUR);
size = (size_t)sp->seek(sp, 0, SEEK_END);
ret = krb5_data_alloc (data, size);
if (ret) {
sp->seek(sp, pos, SEEK_SET);
return ret;
}
if (size) {
sp->seek(sp, 0, SEEK_SET);
sp->fetch(sp, data->data, data->length);
sp->seek(sp, pos, SEEK_SET);
}
return 0;
}
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_read_message (krb5_context context,
krb5_pointer p_fd,
krb5_data *data)
{
krb5_error_code ret;
krb5_ssize_t sret;
uint32_t len;
uint8_t buf[4];
krb5_data_zero(data);
sret = krb5_net_read (context, p_fd, buf, 4);
if(sret == -1) {
ret = errno;
krb5_clear_error_message (context);
return ret;
}
if(sret < 4) {
krb5_clear_error_message(context);
return HEIM_ERR_EOF;
}
len = (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3];
if (len > UINT_MAX / 16) {
krb5_set_error_message(context, ERANGE, N_("packet to large", ""));
return ERANGE;
}
ret = krb5_data_alloc (data, len);
if (ret) {
krb5_clear_error_message(context);
return ret;
}
if (krb5_net_read (context, p_fd, data->data, len) != (ssize_t)len) {
ret = errno;
krb5_data_free (data);
krb5_clear_error_message (context);
return ret;
}
return 0;
}
kadm5_ret_t
kadm5_log_replay_create (kadm5_server_context *context,
u_int32_t ver,
u_int32_t len,
krb5_storage *sp)
{
krb5_error_code ret;
krb5_data data;
hdb_entry ent;
ret = krb5_data_alloc (&data, len);
if (ret)
return ret;
krb5_storage_read (sp, data.data, len);
ret = hdb_value2entry (context->context, &data, &ent);
krb5_data_free(&data);
if (ret)
return ret;
ret = context->db->hdb_store(context->context, context->db, 0, &ent);
hdb_free_entry (context->context, &ent);
return ret;
}
static krb5_error_code
HMAC_MD5_any_checksum(krb5_context context,
const krb5_keyblock *key,
const void *data,
size_t len,
unsigned usage,
Checksum *result)
{
struct _krb5_key_data local_key;
struct krb5_crypto_iov iov;
krb5_error_code ret;
memset(&local_key, 0, sizeof(local_key));
ret = krb5_copy_keyblock(context, key, &local_key.key);
if (ret)
return ret;
ret = krb5_data_alloc (&result->checksum, 16);
if (ret) {
krb5_free_keyblock(context, local_key.key);
return ret;
}
result->cksumtype = CKSUMTYPE_HMAC_MD5;
iov.data.data = (void *)data;
iov.data.length = len;
iov.flags = KRB5_CRYPTO_TYPE_DATA;
ret = _krb5_HMAC_MD5_checksum(context, NULL, &local_key, usage, &iov, 1,
result);
if (ret)
krb5_data_free(&result->checksum);
krb5_free_keyblock(context, local_key.key);
return ret;
}
static void
send_im_here (krb5_context context, int fd,
krb5_auth_context auth_context)
{
krb5_storage *sp;
krb5_data data;
int ret;
ret = krb5_data_alloc (&data, 4);
if (ret)
krb5_err (context, 1, ret, "send_im_here");
sp = krb5_storage_from_data (&data);
if (sp == NULL)
krb5_errx (context, 1, "krb5_storage_from_data");
krb5_store_int32(sp, I_AM_HERE);
krb5_storage_free(sp);
ret = krb5_write_priv_message(context, auth_context, &fd, &data);
krb5_data_free(&data);
if (ret)
krb5_err (context, 1, ret, "krb5_write_priv_message");
}