static int ipv4_mask_boundary(krb5_context context, const krb5_address *inaddr, unsigned long len, krb5_address *low, krb5_address *high) { unsigned long ia; uint32_t l, h, m = 0xffffffff; if (len > 32) { krb5_set_error_message(context, KRB5_PROG_ATYPE_NOSUPP, N_("IPv4 prefix too large (%ld)", "len"), len); return KRB5_PROG_ATYPE_NOSUPP; } m = m << (32 - len); _krb5_get_int(inaddr->address.data, &ia, inaddr->address.length); l = ia & m; h = l | ~m; low->addr_type = KRB5_ADDRESS_INET; if(krb5_data_alloc(&low->address, 4) != 0) return -1; _krb5_put_int(low->address.data, l, low->address.length); high->addr_type = KRB5_ADDRESS_INET; if(krb5_data_alloc(&high->address, 4) != 0) { krb5_free_address(context, low); return -1; } _krb5_put_int(high->address.data, h, high->address.length); return 0; }
static krb5_error_code AES_PRF(krb5_context context, krb5_crypto crypto, const krb5_data *in, krb5_data *out) { struct _krb5_checksum_type *ct = crypto->et->checksum; krb5_error_code ret; Checksum result; krb5_keyblock *derived; result.cksumtype = ct->type; ret = krb5_data_alloc(&result.checksum, ct->checksumsize); if (ret) { krb5_set_error_message(context, ret, N_("malloc: out memory", "")); return ret; } ret = (*ct->checksum)(context, NULL, in->data, in->length, 0, &result); if (ret) { krb5_data_free(&result.checksum); return ret; } if (result.checksum.length < crypto->et->blocksize) krb5_abortx(context, "internal prf error"); derived = NULL; ret = krb5_derive_key(context, crypto->key.key, crypto->et->type, "prf", 3, &derived); if (ret) krb5_abortx(context, "krb5_derive_key"); ret = krb5_data_alloc(out, crypto->et->blocksize); if (ret) krb5_abortx(context, "malloc failed"); { const EVP_CIPHER *c = (*crypto->et->keytype->evp)(); EVP_CIPHER_CTX *ctx; ctx = EVP_CIPHER_CTX_new(); /* ivec all zero */ if (ctx == NULL) krb5_abortx(context, "malloc failed"); EVP_CipherInit_ex(ctx, c, NULL, derived->keyvalue.data, NULL, 1); EVP_Cipher(ctx, out->data, result.checksum.data, crypto->et->blocksize); EVP_CIPHER_CTX_free(ctx); } krb5_data_free(&result.checksum); krb5_free_keyblock(context, derived); return ret; }
static int ipv6_mask_boundary(krb5_context context, const krb5_address *inaddr, unsigned long len, krb5_address *low, krb5_address *high) { struct in6_addr addr, laddr, haddr; uint32_t m; int i, sub_len; if (len > 128) { krb5_set_error_message(context, KRB5_PROG_ATYPE_NOSUPP, N_("IPv6 prefix too large (%ld)", "length"), len); return KRB5_PROG_ATYPE_NOSUPP; } if (inaddr->address.length != sizeof(addr)) { krb5_set_error_message(context, KRB5_PROG_ATYPE_NOSUPP, N_("IPv6 addr bad length", "")); return KRB5_PROG_ATYPE_NOSUPP; } memcpy(&addr, inaddr->address.data, inaddr->address.length); for (i = 0; i < 16; i++) { sub_len = min(8, len); m = 0xff << (8 - sub_len); laddr.s6_addr[i] = addr.s6_addr[i] & m; haddr.s6_addr[i] = (addr.s6_addr[i] & m) | ~m; if (len > 8) len -= 8; else len = 0; } low->addr_type = KRB5_ADDRESS_INET6; if (krb5_data_alloc(&low->address, sizeof(laddr.s6_addr)) != 0) return -1; memcpy(low->address.data, laddr.s6_addr, sizeof(laddr.s6_addr)); high->addr_type = KRB5_ADDRESS_INET6; if (krb5_data_alloc(&high->address, sizeof(haddr.s6_addr)) != 0) { krb5_free_address(context, low); return -1; } memcpy(high->address.data, haddr.s6_addr, sizeof(haddr.s6_addr)); return 0; }
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_data(krb5_storage *sp, krb5_data *data) { int ret; int32_t size; ret = krb5_ret_int32(sp, &size); if(ret) return ret; ret = size_too_large(sp, size); if (ret) return ret; ret = krb5_data_alloc (data, size); if (ret) return ret; if (size) { ret = sp->fetch(sp, data->data, size); if(ret != size) { krb5_data_free(data); return (ret < 0)? errno : sp->eof_code; } } return 0; }
kadm5_ret_t _kadm5_client_send(kadm5_client_context *context, krb5_storage *sp) { krb5_data msg, out; krb5_error_code ret; size_t len; krb5_storage *sock; assert(context->sock != -1); len = krb5_storage_seek(sp, 0, SEEK_CUR); ret = krb5_data_alloc(&msg, len); if (ret) return ret; krb5_storage_seek(sp, 0, SEEK_SET); krb5_storage_read(sp, msg.data, msg.length); ret = krb5_mk_priv(context->context, context->ac, &msg, &out, NULL); krb5_data_free(&msg); if(ret) return ret; sock = krb5_storage_from_fd(context->sock); if(sock == NULL) { krb5_data_free(&out); return ENOMEM; } ret = krb5_store_data(sock, out); krb5_storage_free(sock); krb5_data_free(&out); return ret; }
static int arange_copy (krb5_context context, const krb5_address *inaddr, krb5_address *outaddr) { krb5_error_code ret; struct arange *i, *o; outaddr->addr_type = KRB5_ADDRESS_ARANGE; ret = krb5_data_alloc(&outaddr->address, sizeof(*o)); if(ret) return ret; i = inaddr->address.data; o = outaddr->address.data; ret = krb5_copy_address(context, &i->low, &o->low); if(ret) { krb5_data_free(&outaddr->address); return ret; } ret = krb5_copy_address(context, &i->high, &o->high); if(ret) { krb5_free_address(context, &o->low); krb5_data_free(&outaddr->address); return ret; } return 0; }
static int ipv6_parse_addr (krb5_context context, const char *address, krb5_address *addr) { int ret; struct in6_addr in6; const char *p; p = strchr(address, ':'); if(p) { p++; if(strncasecmp(address, "ip6:", p - address) == 0 || strncasecmp(address, "ipv6:", p - address) == 0 || strncasecmp(address, "inet6:", p - address) == 0) address = p; } ret = inet_pton(AF_INET6, address, &in6.s6_addr); if(ret == 1) { addr->addr_type = KRB5_ADDRESS_INET6; ret = krb5_data_alloc(&addr->address, sizeof(in6.s6_addr)); if (ret) return -1; memcpy(addr->address.data, in6.s6_addr, sizeof(in6.s6_addr)); return 0; } return -1; }
/* * NIST guidance in Section 5.1 of [SP800-132] requires that a portion * of the salt of at least 128 bits shall be randomly generated. */ static krb5_error_code add_random_to_salt(krb5_context context, krb5_salt *in, krb5_salt *out) { krb5_error_code ret; char *p; unsigned char random[16]; char *s; int slen; krb5_generate_random_block(random, sizeof(random)); slen = rk_base64_encode(random, sizeof(random), &s); if (slen < 0) return ENOMEM; ret = krb5_data_alloc(&out->saltvalue, slen + in->saltvalue.length); if (ret) { free(s); return ret; } p = out->saltvalue.data; memcpy(p, s, slen); memcpy(&p[slen], in->saltvalue.data, in->saltvalue.length); out->salttype = in->salttype; free(s); return 0; }
static kadm5_ret_t kadm5_log_replay_create (kadm5_server_context *context, uint32_t ver, uint32_t len, krb5_storage *sp) { krb5_error_code ret; krb5_data data; hdb_entry_ex ent; memset(&ent, 0, sizeof(ent)); ret = krb5_data_alloc (&data, len); if (ret) { krb5_set_error_message(context->context, ret, "out of memory"); return ret; } krb5_storage_read (sp, data.data, len); ret = hdb_value2entry (context->context, &data, &ent.entry); krb5_data_free(&data); if (ret) { krb5_set_error_message(context->context, ret, "Unmarshaling hdb entry failed"); return ret; } ret = context->db->hdb_store(context->context, context->db, 0, &ent); hdb_free_entry (context->context, &ent); return ret; }
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_storage_to_data(krb5_storage *sp, krb5_data *data) { off_t pos, size; krb5_error_code ret; pos = sp->seek(sp, 0, SEEK_CUR); if (pos < 0) return HEIM_ERR_NOT_SEEKABLE; size = sp->seek(sp, 0, SEEK_END); ret = size_too_large(sp, size); if (ret) return ret; ret = krb5_data_alloc(data, size); if (ret) { sp->seek(sp, pos, SEEK_SET); return ret; } if (size) { sp->seek(sp, 0, SEEK_SET); sp->fetch(sp, data->data, data->length); sp->seek(sp, pos, SEEK_SET); } return 0; }
static krb5_error_code AES_SHA2_PRF(krb5_context context, krb5_crypto crypto, const krb5_data *in, krb5_data *out) { krb5_error_code ret; krb5_data label; const EVP_MD *md = NULL; ret = _krb5_aes_sha2_md_for_enctype(context, crypto->et->type, &md); if (ret) return ret; label.data = "prf"; label.length = 3; ret = krb5_data_alloc(out, EVP_MD_size(md)); if (ret) return ret; ret = _krb5_SP800_108_HMAC_KDF(context, &crypto->key.key->keyvalue, &label, in, md, out); if (ret) krb5_data_free(out); return ret; }
static krb5_error_code HMAC_MD5_any_checksum(krb5_context context, const krb5_keyblock *key, const void *data, size_t len, unsigned usage, Checksum *result) { struct key_data local_key; krb5_error_code ret; memset(&local_key, 0, sizeof(local_key)); ret = krb5_copy_keyblock(context, key, &local_key.key); if (ret) return ret; ret = krb5_data_alloc (&result->checksum, 16); if (ret) { krb5_free_keyblock(context, local_key.key); return ret; } result->cksumtype = CKSUMTYPE_HMAC_MD5; ret = _krb5_HMAC_MD5_checksum(context, &local_key, data, len, usage, result); if (ret) krb5_data_free(&result->checksum); krb5_free_keyblock(context, local_key.key); return ret; }
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_pw_salt(krb5_context context, krb5_const_principal principal, krb5_salt *salt) { size_t len; size_t i; krb5_error_code ret; char *p; salt->salttype = KRB5_PW_SALT; len = strlen(principal->realm); for (i = 0; i < principal->name.name_string.len; ++i) len += strlen(principal->name.name_string.val[i]); ret = krb5_data_alloc (&salt->saltvalue, len); if (ret) return ret; p = salt->saltvalue.data; memcpy (p, principal->realm, strlen(principal->realm)); p += strlen(principal->realm); for (i = 0; i < principal->name.name_string.len; ++i) { memcpy (p, principal->name.name_string.val[i], strlen(principal->name.name_string.val[i])); p += strlen(principal->name.name_string.val[i]); } return 0; }
static krb5_error_code calculate_reply_hash(krb5_context context, krb5_keyblock *key, Kx509Response *rep) { krb5_error_code ret; HMAC_CTX ctx; HMAC_CTX_init(&ctx); HMAC_Init_ex(&ctx, key->keyvalue.data, key->keyvalue.length, EVP_sha1(), NULL); ret = krb5_data_alloc(rep->hash, HMAC_size(&ctx)); if (ret) { HMAC_CTX_cleanup(&ctx); krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } HMAC_Update(&ctx, version_2_0, sizeof(version_2_0)); if (rep->error_code) { int32_t t = *rep->error_code; do { unsigned char p = (t & 0xff); HMAC_Update(&ctx, &p, 1); t >>= 8; } while (t); }
static int ipv4_parse_addr (krb5_context context, const char *address, krb5_address *addr) { const char *p; struct in_addr a; p = strchr(address, ':'); if(p) { p++; if(strncasecmp(address, "ip:", p - address) != 0 && strncasecmp(address, "ip4:", p - address) != 0 && strncasecmp(address, "ipv4:", p - address) != 0 && strncasecmp(address, "inet:", p - address) != 0) return -1; } else p = address; #ifdef HAVE_INET_ATON if(inet_aton(p, &a) == 0) return -1; #elif defined(HAVE_INET_ADDR) a.s_addr = inet_addr(p); if(a.s_addr == INADDR_NONE) return -1; #else return -1; #endif addr->addr_type = KRB5_ADDRESS_INET; if(krb5_data_alloc(&addr->address, 4) != 0) return -1; _krb5_put_int(addr->address.data, ntohl(a.s_addr), addr->address.length); return 0; }
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_read_message (krb5_context context, krb5_pointer p_fd, krb5_data *data) { krb5_error_code ret; uint32_t len; uint8_t buf[4]; krb5_data_zero(data); ret = krb5_net_read (context, p_fd, buf, 4); if(ret == -1) { ret = errno; krb5_clear_error_message (context); return ret; } if(ret < 4) { krb5_clear_error_message(context); return HEIM_ERR_EOF; } len = (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3]; ret = krb5_data_alloc (data, len); if (ret) { krb5_clear_error_message(context); return ret; } if (krb5_net_read (context, p_fd, data->data, len) != len) { ret = errno; krb5_data_free (data); krb5_clear_error_message (context); return ret; } return 0; }
krb5_data *hex2krb5data(const char *str, krb5_data *data) { size_t len = 0; unsigned char *p; const char *q; int hi, lo; len = strlen(str); len = len/2 + len%2; krb5_data_zero(data); krb5_data_alloc(data, len); p = data->data; q = str; for (;;) { if (*q == '\0' || *q == '\n') { *p = '\0'; break; } hi = val(*q++); if (*q == '\0' || *q == '\n') { lo = 0; } else { lo = val(*q++); } *p++ = (hi << 4) | lo; } return(data); }
static krb5_error_code KRB5_CALLCONV acc_alloc(krb5_context context, krb5_ccache *id) { krb5_error_code ret; cc_int32 error; krb5_acc *a; ret = init_ccapi(context); if (ret) return ret; ret = krb5_data_alloc(&(*id)->data, sizeof(*a)); if (ret) { krb5_clear_error_message(context); return ret; } a = ACACHE(*id); error = (*init_func)(&a->context, ccapi_version_3, NULL, NULL); if (error) { krb5_data_free(&(*id)->data); return translate_cc_error(context, error); } a->cache_name = NULL; return 0; }
static void send_im_here(krb5_context context, int fd, krb5_auth_context auth_context) { krb5_storage *sp; krb5_data data; krb5_error_code ret; ret = krb5_data_alloc(&data, 4); if (ret) krb5_err(context, IPROPD_RESTART, ret, "send_im_here"); sp = krb5_storage_from_data (&data); if (sp == NULL) krb5_errx(context, IPROPD_RESTART, "krb5_storage_from_data"); ret = krb5_store_uint32(sp, I_AM_HERE); krb5_storage_free(sp); if (ret == 0) { ret = krb5_write_priv_message(context, auth_context, &fd, &data); krb5_data_free(&data); if (ret) krb5_err(context, IPROPD_RESTART, ret, "krb5_write_priv_message"); if (verbose) krb5_warnx(context, "pinged master"); } return; }
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_pac_init(krb5_context context, krb5_pac *pac) { krb5_error_code ret; krb5_pac p; p = calloc(1, sizeof(*p)); if (p == NULL) { return krb5_enomem(context); } p->pac = calloc(1, sizeof(*p->pac)); if (p->pac == NULL) { free(p); return krb5_enomem(context); } ret = krb5_data_alloc(&p->data, PACTYPE_SIZE); if (ret) { free (p->pac); free(p); return krb5_enomem(context); } *pac = p; return 0; }
static krb5_error_code AES_SHA1_string_to_key(krb5_context context, krb5_enctype enctype, krb5_data password, krb5_salt salt, krb5_data opaque, krb5_keyblock *key) { krb5_error_code ret; uint32_t iter; struct _krb5_encryption_type *et; struct _krb5_key_data kd; if (opaque.length == 0) iter = _krb5_AES_SHA1_string_to_default_iterator; else if (opaque.length == 4) { unsigned long v; _krb5_get_int(opaque.data, &v, 4); iter = ((uint32_t)v); } else return KRB5_PROG_KEYTYPE_NOSUPP; /* XXX */ et = _krb5_find_enctype(enctype); if (et == NULL) return KRB5_PROG_KEYTYPE_NOSUPP; kd.schedule = NULL; ALLOC(kd.key, 1); if (kd.key == NULL) return krb5_enomem(context); kd.key->keytype = enctype; ret = krb5_data_alloc(&kd.key->keyvalue, et->keytype->size); if (ret) { krb5_set_error_message (context, ret, N_("malloc: out of memory", "")); return ret; } ret = PKCS5_PBKDF2_HMAC(password.data, password.length, salt.saltvalue.data, salt.saltvalue.length, iter, EVP_sha1(), et->keytype->size, kd.key->keyvalue.data); if (ret != 1) { _krb5_free_key_data(context, &kd, et); krb5_set_error_message(context, KRB5_PROG_KEYTYPE_NOSUPP, "Error calculating s2k"); return KRB5_PROG_KEYTYPE_NOSUPP; } ret = _krb5_derive_key(context, et, &kd, "kerberos", strlen("kerberos")); if (ret == 0) ret = krb5_copy_keyblock_contents(context, kd.key, key); _krb5_free_key_data(context, &kd, et); return ret; }
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_data_copy(krb5_data *p, const void *data, size_t len) { if (len) { if(krb5_data_alloc(p, len)) return ENOMEM; memmove(p->data, data, len); } else p->data = NULL; p->length = len; return 0; }
krb5_error_code KRB5_LIB_FUNCTION krb5_make_addrport (krb5_context context, krb5_address **res, const krb5_address *addr, int16_t port) { krb5_error_code ret; size_t len = addr->address.length + 2 + 4 * 4; u_char *p; *res = malloc (sizeof(**res)); if (*res == NULL) { krb5_set_error_message (context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } (*res)->addr_type = KRB5_ADDRESS_ADDRPORT; ret = krb5_data_alloc (&(*res)->address, len); if (ret) { krb5_set_error_message (context, ret, N_("malloc: out of memory", "")); free (*res); *res = NULL; return ret; } p = (*res)->address.data; *p++ = 0; *p++ = 0; *p++ = (addr->addr_type ) & 0xFF; *p++ = (addr->addr_type >> 8) & 0xFF; *p++ = (addr->address.length ) & 0xFF; *p++ = (addr->address.length >> 8) & 0xFF; *p++ = (addr->address.length >> 16) & 0xFF; *p++ = (addr->address.length >> 24) & 0xFF; memcpy (p, addr->address.data, addr->address.length); p += addr->address.length; *p++ = 0; *p++ = 0; *p++ = (KRB5_ADDRESS_IPPORT ) & 0xFF; *p++ = (KRB5_ADDRESS_IPPORT >> 8) & 0xFF; *p++ = (2 ) & 0xFF; *p++ = (2 >> 8) & 0xFF; *p++ = (2 >> 16) & 0xFF; *p++ = (2 >> 24) & 0xFF; memcpy (p, &port, 2); return 0; }
static kadm5_ret_t kadm5_log_replay_rename (kadm5_server_context *context, uint32_t ver, uint32_t len, krb5_storage *sp) { krb5_error_code ret; krb5_principal source; hdb_entry_ex target_ent; krb5_data value; off_t off; size_t princ_len, data_len; memset(&target_ent, 0, sizeof(target_ent)); off = krb5_storage_seek(sp, 0, SEEK_CUR); ret = krb5_ret_principal (sp, &source); if (ret) { krb5_set_error_message(context->context, ret, "Failed to read renamed " "principal in log, version: %ld", (long)ver); return ret; } princ_len = krb5_storage_seek(sp, 0, SEEK_CUR) - off; data_len = len - princ_len; ret = krb5_data_alloc (&value, data_len); if (ret) { krb5_free_principal (context->context, source); return ret; } krb5_storage_read (sp, value.data, data_len); ret = hdb_value2entry (context->context, &value, &target_ent.entry); krb5_data_free(&value); if (ret) { krb5_free_principal (context->context, source); return ret; } ret = context->db->hdb_store (context->context, context->db, 0, &target_ent); hdb_free_entry (context->context, &target_ent); if (ret) { krb5_free_principal (context->context, source); return ret; } ret = context->db->hdb_remove (context->context, context->db, source); krb5_free_principal (context->context, source); return ret; }
kadm5_ret_t kadm5_log_replay_rename (kadm5_server_context *context, u_int32_t ver, u_int32_t len, krb5_storage *sp) { krb5_error_code ret; krb5_principal source; hdb_entry source_ent, target_ent; krb5_data value; off_t off; size_t princ_len, data_len; off = krb5_storage_seek(sp, 0, SEEK_CUR); krb5_ret_principal (sp, &source); princ_len = krb5_storage_seek(sp, 0, SEEK_CUR) - off; data_len = len - princ_len; ret = krb5_data_alloc (&value, data_len); if (ret) { krb5_free_principal (context->context, source); return ret; } krb5_storage_read (sp, value.data, data_len); ret = hdb_value2entry (context->context, &value, &target_ent); krb5_data_free(&value); if (ret) { krb5_free_principal (context->context, source); return ret; } ret = context->db->hdb_store (context->context, context->db, 0, &target_ent); hdb_free_entry (context->context, &target_ent); if (ret) { krb5_free_principal (context->context, source); return ret; } source_ent.principal = source; ret = context->db->hdb_remove (context->context, context->db, &source_ent); krb5_free_principal (context->context, source); return ret; }
krb5_error_code KRB5_LIB_FUNCTION krb5_storage_to_data(krb5_storage *sp, krb5_data *data) { off_t pos; size_t size; krb5_error_code ret; pos = sp->seek(sp, 0, SEEK_CUR); size = (size_t)sp->seek(sp, 0, SEEK_END); ret = krb5_data_alloc (data, size); if (ret) { sp->seek(sp, pos, SEEK_SET); return ret; } if (size) { sp->seek(sp, 0, SEEK_SET); sp->fetch(sp, data->data, data->length); sp->seek(sp, pos, SEEK_SET); } return 0; }
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_read_message (krb5_context context, krb5_pointer p_fd, krb5_data *data) { krb5_error_code ret; krb5_ssize_t sret; uint32_t len; uint8_t buf[4]; krb5_data_zero(data); sret = krb5_net_read (context, p_fd, buf, 4); if(sret == -1) { ret = errno; krb5_clear_error_message (context); return ret; } if(sret < 4) { krb5_clear_error_message(context); return HEIM_ERR_EOF; } len = (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3]; if (len > UINT_MAX / 16) { krb5_set_error_message(context, ERANGE, N_("packet to large", "")); return ERANGE; } ret = krb5_data_alloc (data, len); if (ret) { krb5_clear_error_message(context); return ret; } if (krb5_net_read (context, p_fd, data->data, len) != (ssize_t)len) { ret = errno; krb5_data_free (data); krb5_clear_error_message (context); return ret; } return 0; }
kadm5_ret_t kadm5_log_replay_create (kadm5_server_context *context, u_int32_t ver, u_int32_t len, krb5_storage *sp) { krb5_error_code ret; krb5_data data; hdb_entry ent; ret = krb5_data_alloc (&data, len); if (ret) return ret; krb5_storage_read (sp, data.data, len); ret = hdb_value2entry (context->context, &data, &ent); krb5_data_free(&data); if (ret) return ret; ret = context->db->hdb_store(context->context, context->db, 0, &ent); hdb_free_entry (context->context, &ent); return ret; }
static krb5_error_code HMAC_MD5_any_checksum(krb5_context context, const krb5_keyblock *key, const void *data, size_t len, unsigned usage, Checksum *result) { struct _krb5_key_data local_key; struct krb5_crypto_iov iov; krb5_error_code ret; memset(&local_key, 0, sizeof(local_key)); ret = krb5_copy_keyblock(context, key, &local_key.key); if (ret) return ret; ret = krb5_data_alloc (&result->checksum, 16); if (ret) { krb5_free_keyblock(context, local_key.key); return ret; } result->cksumtype = CKSUMTYPE_HMAC_MD5; iov.data.data = (void *)data; iov.data.length = len; iov.flags = KRB5_CRYPTO_TYPE_DATA; ret = _krb5_HMAC_MD5_checksum(context, NULL, &local_key, usage, &iov, 1, result); if (ret) krb5_data_free(&result->checksum); krb5_free_keyblock(context, local_key.key); return ret; }
static void send_im_here (krb5_context context, int fd, krb5_auth_context auth_context) { krb5_storage *sp; krb5_data data; int ret; ret = krb5_data_alloc (&data, 4); if (ret) krb5_err (context, 1, ret, "send_im_here"); sp = krb5_storage_from_data (&data); if (sp == NULL) krb5_errx (context, 1, "krb5_storage_from_data"); krb5_store_int32(sp, I_AM_HERE); krb5_storage_free(sp); ret = krb5_write_priv_message(context, auth_context, &fd, &data); krb5_data_free(&data); if (ret) krb5_err (context, 1, ret, "krb5_write_priv_message"); }