/* * Internalize an authdata context. */ static krb5_error_code krb5_authdata_context_internalize(krb5_context kcontext, krb5_pointer *ptr, krb5_octet **buffer, size_t *lenremain) { krb5_error_code code; krb5_authdata_context context; krb5_int32 ibuf; krb5_octet *bp; size_t remain; bp = *buffer; remain = *lenremain; code = krb5_ser_unpack_int32(&ibuf, &bp, &remain); if (code != 0) return code; if (ibuf != KV5M_AUTHDATA_CONTEXT) return EINVAL; code = krb5_authdata_context_init(kcontext, &context); if (code != 0) return code; code = k5_ad_internalize(kcontext, context, AD_USAGE_MASK, &bp, &remain); if (code != 0) { krb5_authdata_context_free(kcontext, context); return code; } code = krb5_ser_unpack_int32(&ibuf, &bp, &remain); if (code != 0) return code; if (ibuf != KV5M_AUTHDATA_CONTEXT) { krb5_authdata_context_free(kcontext, context); return EINVAL; } *buffer = bp; *lenremain = remain; *ptr = context; return 0; }
/* * Import serialized authdata context */ static krb5_error_code import_name_composite(krb5_context context, unsigned char *enc_data, size_t enc_length, krb5_authdata_context *pad_context) { krb5_authdata_context ad_context; krb5_error_code code; krb5_data data; code = krb5_authdata_context_init(context, &ad_context); if (code != 0) return code; data.data = (char *)enc_data; data.length = enc_length; code = krb5_authdata_import_attributes(context, ad_context, AD_USAGE_MASK, &data); if (code != 0) { krb5_authdata_context_free(context, ad_context); return code; } *pad_context = ad_context; return 0; }
krb5_error_code KRB5_CALLCONV krb5_authdata_context_copy(krb5_context kcontext, krb5_authdata_context src, krb5_authdata_context *pdst) { int i; krb5_error_code code; krb5_authdata_context dst; /* XXX we need to init a new context because we can't copy plugins */ code = krb5_authdata_context_init(kcontext, &dst); if (code != 0) return code; for (i = 0; i < src->n_modules; i++) { struct _krb5_authdata_context_module *module = &src->modules[i]; code = k5_copy_ad_module_data(kcontext, src, module, dst); if (code != 0) break; } if (code != 0) { krb5_authdata_context_free(kcontext, dst); return code; } *pdst = dst; return 0; }
krb5_error_code KRB5_CALLCONV krb5_auth_con_free(krb5_context context, krb5_auth_context auth_context) { if (auth_context == NULL) return 0; if (auth_context->local_addr) krb5_free_address(context, auth_context->local_addr); if (auth_context->remote_addr) krb5_free_address(context, auth_context->remote_addr); if (auth_context->local_port) krb5_free_address(context, auth_context->local_port); if (auth_context->remote_port) krb5_free_address(context, auth_context->remote_port); if (auth_context->authentp) krb5_free_authenticator(context, auth_context->authentp); if (auth_context->key) krb5_k_free_key(context, auth_context->key); if (auth_context->send_subkey) krb5_k_free_key(context, auth_context->send_subkey); if (auth_context->recv_subkey) krb5_k_free_key(context, auth_context->recv_subkey); if (auth_context->rcache) krb5_rc_close(context, auth_context->rcache); if (auth_context->permitted_etypes) free(auth_context->permitted_etypes); if (auth_context->ad_context) krb5_authdata_context_free(context, auth_context->ad_context); free(auth_context); return 0; }
krb5_error_code kg_release_name(krb5_context context, krb5_gss_name_t *name) { if (*name != NULL) { krb5_free_principal(context, (*name)->princ); free((*name)->service); free((*name)->host); krb5_authdata_context_free(context, (*name)->ad_context); k5_mutex_destroy(&(*name)->lock); free(*name); *name = NULL; } return 0; }
krb5_error_code kg_release_name(krb5_context context, krb5_flags flags, krb5_gss_name_t *name) { if (*name != NULL) { if (flags & KG_INIT_NAME_INTERN) kg_delete_name((gss_name_t)*name); krb5_free_principal(context, (*name)->princ); krb5_authdata_context_free(context, (*name)->ad_context); k5_mutex_destroy(&(*name)->lock); free(*name); *name = NULL; } return 0; }
krb5_error_code KRB5_CALLCONV krb5_authdata_context_init(krb5_context kcontext, krb5_authdata_context *pcontext) { int n_modules, n_tables, i, k; void **tables = NULL; krb5plugin_authdata_client_ftable_v0 *table; krb5_authdata_context context = NULL; int internal_count = 0; struct plugin_dir_handle plugins; krb5_error_code code; *pcontext = NULL; memset(&plugins, 0, sizeof(plugins)); n_modules = 0; for (n_tables = 0; authdata_systems[n_tables] != NULL; n_tables++) { n_modules += k5_ad_module_count(authdata_systems[n_tables]); } internal_count = n_tables; if (PLUGIN_DIR_OPEN(&plugins) == 0 && krb5int_open_plugin_dirs(objdirs, NULL, &plugins, &kcontext->err) == 0 && krb5int_get_plugin_dir_data(&plugins, "authdata_client_0", &tables, &kcontext->err) == 0 && tables != NULL) { for (; tables[n_tables - internal_count] != NULL; n_tables++) { table = tables[n_tables - internal_count]; n_modules += k5_ad_module_count(table); } } context = calloc(1, sizeof(*context)); if (kcontext == NULL) { code = ENOMEM; goto cleanup; } context->magic = KV5M_AUTHDATA_CONTEXT; context->modules = calloc(n_modules, sizeof(context->modules[0])); if (context->modules == NULL) { code = ENOMEM; goto cleanup; } context->n_modules = n_modules; /* fill in the structure */ for (i = 0, k = 0, code = 0; i < n_tables - internal_count; i++) { code = k5_ad_init_modules(kcontext, context, tables[i], &k); if (code != 0) goto cleanup; } for (i = 0; i < internal_count; i++) { code = k5_ad_init_modules(kcontext, context, authdata_systems[i], &k); if (code != 0) goto cleanup; } context->plugins = plugins; cleanup: if (tables != NULL) krb5int_free_plugin_dir_data(tables); if (code != 0) { krb5int_close_plugin_dirs(&plugins); krb5_authdata_context_free(kcontext, context); } else { /* plugins is owned by context now */ *pcontext = context; } return code; }