krb5_error_code
krb5_encrypt_tkt_part(krb5_context context, const krb5_keyblock *srv_key,
krb5_ticket *dec_ticket)
{
krb5_data *scratch;
krb5_error_code retval;
krb5_enc_tkt_part *dec_tkt_part = dec_ticket->enc_part2;
/* start by encoding the to-be-encrypted part. */
if ((retval = encode_krb5_enc_tkt_part(dec_tkt_part, &scratch))) {
return retval;
}
#define cleanup_scratch() { (void) memset(scratch->data, 0, scratch->length); \
krb5_free_data(context, scratch); }
/* call the encryption routine */
retval = krb5_encrypt_helper(context, srv_key,
KRB5_KEYUSAGE_KDC_REP_TICKET, scratch,
&dec_ticket->enc_part);
cleanup_scratch();
return(retval);
}
/* due to argument promotion rules, we need to use the DECLARG/OLDDECLARG
stuff... */
krb5_error_code
krb5_encode_kdc_rep(krb5_context context, krb5_msgtype type,
const krb5_enc_kdc_rep_part *encpart,
int using_subkey, const krb5_keyblock *client_key,
krb5_kdc_rep *dec_rep, krb5_data **enc_rep)
{
krb5_data *scratch;
krb5_error_code retval;
krb5_enc_kdc_rep_part tmp_encpart;
krb5_keyusage usage;
if (!krb5_c_valid_enctype(dec_rep->enc_part.enctype))
return KRB5_PROG_ETYPE_NOSUPP;
switch (type) {
case KRB5_AS_REP:
usage = KRB5_KEYUSAGE_AS_REP_ENCPART;
break;
case KRB5_TGS_REP:
if (using_subkey)
usage = KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY;
else
usage = KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY;
break;
default:
return KRB5_BADMSGTYPE;
}
/*
* We don't want to modify encpart, but we need to be able to pass
* in the message type to the encoder, so it can set the ASN.1
* type correct.
*
* Although note that it may be doing nothing with the message
* type, to be compatible with old versions of Kerberos that always
* encode this as a TGS_REP regardly of what it really should be;
* also note that the reason why we are passing it in a structure
* instead of as an argument to encode_krb5_enc_kdc_rep_part (the
* way we should) is for compatibility with the ISODE version of
* this fuction. Ah, compatibility....
*/
tmp_encpart = *encpart;
tmp_encpart.msg_type = type;
retval = encode_krb5_enc_kdc_rep_part(&tmp_encpart, &scratch);
if (retval) {
return retval;
}
memset(&tmp_encpart, 0, sizeof(tmp_encpart));
#define cleanup_scratch() { (void) memset(scratch->data, 0, scratch->length); \
krb5_free_data(context, scratch); }
retval = krb5_encrypt_helper(context, client_key, usage, scratch,
&dec_rep->enc_part);
#define cleanup_encpart() { \
(void) memset(dec_rep->enc_part.ciphertext.data, 0, \
dec_rep->enc_part.ciphertext.length); \
free(dec_rep->enc_part.ciphertext.data); \
dec_rep->enc_part.ciphertext.length = 0; \
dec_rep->enc_part.ciphertext.data = 0;}
cleanup_scratch();
if (retval)
return(retval);
/* now it's ready to be encoded for the wire! */
switch (type) {
case KRB5_AS_REP:
retval = encode_krb5_as_rep(dec_rep, enc_rep);
break;
case KRB5_TGS_REP:
retval = encode_krb5_tgs_rep(dec_rep, enc_rep);
break;
}
if (retval)
cleanup_encpart();
return retval;
}
/**
* Clean up and then exit with the associated return code
*/
void cleanup(parallel_wrapper *par_wrapper, int return_code)
{
int i, j;
/* Try to lock the keep-alive mutex */
pthread_mutex_trylock(&keep_alive_mutex);
if (par_wrapper -> this_machine -> rank == MASTER &&
par_wrapper -> machines != (machine **)NULL)
{
/* Send the term signal (don't send to self) */
for (i = 1; i < par_wrapper -> num_procs; i++)
{
if (par_wrapper -> machines[i] == (machine *)NULL)
{
continue;
}
for (j = 0; j < 10; j++)
{
term(par_wrapper -> command_socket, return_code,
par_wrapper -> machines[i] -> ip_addr, par_wrapper -> machines[i] -> port);
usleep(100000); /* Sleep 1/10th second */
}
}
}
/* If we spawned subgroups, attempt to kill them all */
if (par_wrapper -> pgid > 0 && par_wrapper -> child_pid > 0)
{
int RC = killpg(par_wrapper -> child_pid, SIGTERM);
if (RC == EPERM)
{
print(PRNT_WARN, "Unable to kill child pid %d - permission denied\n");
}
else if (RC == 0)
{
debug(PRNT_INFO, "Sent SIGTERM to child group %d\n", par_wrapper -> child_pid);
}
}
/* Lock the parallel_wrapper structure */
pthread_mutex_trylock(&par_wrapper -> mutex);
/* Clean up the scratch directory */
cleanup_scratch(par_wrapper -> scratch_dir);
/* Unlink all softlinks */
if (is_valid_sll(par_wrapper -> symlinks))
{
struct sll_element *element = par_wrapper -> symlinks -> head -> next;
while (element != (struct sll_element *)NULL)
{
char *filename = (char *)element -> ptr;
if (filename != (char *)NULL)
{
if (unlink(filename) != 0)
{
print(PRNT_WARN, "Unable to unlink file %s\n", filename);
}
}
element = element -> next;
}
}
/* No need to unlock - we are exitting */
exit(return_code);
}
