static inline int krb5_free_keytab_entry_contents(krb5_context ctx, krb5_keytab_entry * ent) { krb5_free_principal(ctx, ent->principal); krb5_free_keyblock_contents(ctx, kte_keyblock(ent)); return 0; }
void _kdc_pk_free_client_param(krb5_context context, pk_client_params *cp) { if (cp == NULL) return; if (cp->cert) hx509_cert_free(cp->cert); if (cp->verify_ctx) hx509_verify_destroy_ctx(cp->verify_ctx); if (cp->keyex == USE_DH) { if (cp->u.dh.key) DH_free(cp->u.dh.key); if (cp->u.dh.public_key) BN_free(cp->u.dh.public_key); } #ifdef HAVE_OPENSSL if (cp->keyex == USE_ECDH) { if (cp->u.ecdh.key) EC_KEY_free(cp->u.ecdh.key); if (cp->u.ecdh.public_key) EC_KEY_free(cp->u.ecdh.public_key); } #endif krb5_free_keyblock_contents(context, &cp->reply_key); if (cp->dh_group_name) free(cp->dh_group_name); if (cp->peer) hx509_peer_info_free(cp->peer); if (cp->client_anchors) hx509_certs_free(&cp->client_anchors); memset(cp, 0, sizeof(*cp)); free(cp); }
static void tokey(krb5_context context, krb5_enctype enctype, const char *pw, krb5_salt salt, const char *label) { krb5_error_code ret; int i; krb5_keyblock key; char *e; ret = krb5_string_to_key_salt(context, enctype, pw, salt, &key); if (ret) krb5_err(context, 1, ret, "krb5_string_to_key_salt"); ret = krb5_enctype_to_string(context, enctype, &e); if (ret) krb5_err(context, 1, ret, "krb5_enctype_to_string"); printf(label, e); printf(": "); for(i = 0; i < key.keyvalue.length; i++) printf("%02x", ((unsigned char*)key.keyvalue.data)[i]); printf("\n"); krb5_free_keyblock_contents(context, &key); free(e); }
int filter_keys(krb5_context krbctx, struct keys_container *keys, ber_int_t *enctypes) { struct krb_key_salt *ksdata; int i, j, n; n = keys->nkeys; ksdata = keys->ksdata; for (i = 0; i < n; i++) { if (ksdata[i].enctype == enctypes[i]) continue; if (enctypes[i] == 0) { /* remove unsupported one */ krb5_free_keyblock_contents(krbctx, &ksdata[i].key); krb5_free_data_contents(krbctx, &ksdata[i].salt); for (j = i; j < n-1; j++) { ksdata[j] = ksdata[j + 1]; enctypes[j] = enctypes[j + 1]; } n--; /* new key has been moved to this position, make sure * we do not skip it, by neutralizing next i increment */ i--; } } if (n == 0) { fprintf(stderr, _("No keys accepted by KDC\n")); return 0; } keys->nkeys = n; return n; }
static int random_to_key(krb5_context context) { krb5_error_code ret; krb5_keyblock key; ret = krb5_random_to_key(context, ETYPE_DES3_CBC_SHA1, "\x21\x39\x04\x58\x6A\xBD\x7F" "\x21\x39\x04\x58\x6A\xBD\x7F" "\x21\x39\x04\x58\x6A\xBD\x7F", 21, &key); if (ret){ krb5_warn(context, ret, "random_to_key"); return 1; } if (key.keyvalue.length != 24) return 1; if (memcmp(key.keyvalue.data, "\x20\x38\x04\x58\x6b\xbc\x7f\xc7" "\x20\x38\x04\x58\x6b\xbc\x7f\xc7" "\x20\x38\x04\x58\x6b\xbc\x7f\xc7", 24) != 0) return 1; krb5_free_keyblock_contents(context, &key); return 0; }
int write_heimdal_enc_key(char **p, char *end, gss_ctx_id_t ctx) { krb5_keyblock enc_key, *key; krb5_context context; krb5_error_code ret; int i; char *skd, *dkd, *k5err = NULL; int code = -1; if ((ret = krb5_init_context(&context))) { k5err = gssd_k5_err_msg(NULL, ret); printerr(0, "ERROR: initializing krb5_context: %s\n", k5err); goto out_err; } if ((ret = krb5_auth_con_getlocalsubkey(context, ctx->auth_context, &key))){ k5err = gssd_k5_err_msg(context, ret); printerr(0, "ERROR: getting auth_context key: %s\n", k5err); goto out_err_free_context; } memset(&enc_key, 0, sizeof(enc_key)); enc_key.keytype = key->keytype; /* XXX current kernel code only handles des-cbc-raw (4) */ if (enc_key.keytype != 4) { printerr(1, "WARN: write_heimdal_enc_key: " "overriding heimdal keytype (%d => %d)\n", enc_key.keytype, 4); enc_key.keytype = 4; } enc_key.keyvalue.length = key->keyvalue.length; if ((enc_key.keyvalue.data = calloc(1, enc_key.keyvalue.length)) == NULL) { k5err = gssd_k5_err_msg(context, ENOMEM); printerr(0, "ERROR: allocating memory for enc key: %s\n", k5err); goto out_err_free_key; } skd = (char *) key->keyvalue.data; dkd = (char *) enc_key.keyvalue.data; for (i = 0; i < enc_key.keyvalue.length; i++) dkd[i] = skd[i] ^ 0xf0; if (write_heimdal_keyblock(p, end, &enc_key)) { goto out_err_free_enckey; } code = 0; out_err_free_enckey: krb5_free_keyblock_contents(context, &enc_key); out_err_free_key: krb5_free_keyblock(context, key); out_err_free_context: krb5_free_context(context); out_err: free(k5err); printerr(2, "write_heimdal_enc_key: %s\n", code ? "FAILED" : "SUCCESS"); return(code); }
static void test_dh2key(int i, krb5_context context, const heim_octet_string *dh, const heim_octet_string *c_n, const heim_octet_string *k_n, krb5_enctype etype, const heim_octet_string *result) { krb5_error_code ret; krb5_keyblock key; ret = _krb5_pk_octetstring2key(context, etype, dh->data, dh->length, c_n, k_n, &key); if (ret != 0) krb5_err(context, 1, ret, "_krb5_pk_octetstring2key: %d", i); if (key.keyvalue.length != result->length || memcmp(key.keyvalue.data, result->data, result->length) != 0) krb5_errx(context, 1, "resulting key wrong: %d", i); krb5_free_keyblock_contents(context, &key); }
static krb5_error_code set_as_key(krb5_context context, krb5_clpreauth_rock rock, const krb5_keyblock *keyblock) { krb5_free_keyblock_contents(context, rock->as_key); return krb5_copy_keyblock_contents(context, keyblock, rock->as_key); }
static krb5_error_code generate_dh_keyblock(krb5_context context, pk_client_params *client_params, krb5_enctype enctype, krb5_keyblock *reply_key) { unsigned char *dh_gen_key = NULL; krb5_keyblock key; krb5_error_code ret; size_t dh_gen_keylen, size; memset(&key, 0, sizeof(key)); if (!DH_generate_key(client_params->dh)) { ret = KRB5KRB_ERR_GENERIC; krb5_set_error_message(context, ret, "Can't generate Diffie-Hellman keys"); goto out; } if (client_params->dh_public_key == NULL) { ret = KRB5KRB_ERR_GENERIC; krb5_set_error_message(context, ret, "dh_public_key"); goto out; } dh_gen_keylen = DH_size(client_params->dh); size = BN_num_bytes(client_params->dh->p); if (size < dh_gen_keylen) size = dh_gen_keylen; dh_gen_key = malloc(size); if (dh_gen_key == NULL) { ret = ENOMEM; krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } memset(dh_gen_key, 0, size - dh_gen_keylen); dh_gen_keylen = DH_compute_key(dh_gen_key + (size - dh_gen_keylen), client_params->dh_public_key, client_params->dh); if (dh_gen_keylen == -1) { ret = KRB5KRB_ERR_GENERIC; krb5_set_error_message(context, ret, "Can't compute Diffie-Hellman key"); goto out; } ret = _krb5_pk_octetstring2key(context, enctype, dh_gen_key, dh_gen_keylen, NULL, NULL, reply_key); out: if (dh_gen_key) free(dh_gen_key); if (key.keyvalue.data) krb5_free_keyblock_contents(context, &key); return ret; }
static void test_wrapping(krb5_context context, size_t min_size, size_t max_size, size_t step, krb5_enctype etype) { krb5_error_code ret; krb5_keyblock key; krb5_crypto crypto; krb5_data data; char *etype_name; void *buf; size_t size; ret = krb5_generate_random_keyblock(context, etype, &key); if (ret) krb5_err(context, 1, ret, "krb5_generate_random_keyblock"); ret = krb5_enctype_to_string(context, etype, &etype_name); if (ret) krb5_err(context, 1, ret, "krb5_enctype_to_string"); buf = malloc(max_size); if (buf == NULL) krb5_errx(context, 1, "out of memory"); memset(buf, 0, max_size); ret = krb5_crypto_init(context, &key, 0, &crypto); if (ret) krb5_err(context, 1, ret, "krb5_crypto_init"); for (size = min_size; size < max_size; size += step) { size_t wrapped_size; ret = krb5_encrypt(context, crypto, 0, buf, size, &data); if (ret) krb5_err(context, 1, ret, "encrypt size %lu using %s", (unsigned long)size, etype_name); wrapped_size = krb5_get_wrapped_length(context, crypto, size); if (wrapped_size != data.length) krb5_errx(context, 1, "calculated wrapped length %lu != " "real wrapped length %lu for data length %lu using " "enctype %s", (unsigned long)wrapped_size, (unsigned long)data.length, (unsigned long)size, etype_name); krb5_data_free(&data); } free(etype_name); free(buf); krb5_crypto_destroy(context, crypto); krb5_free_keyblock_contents(context, &key); }
krb5_error_code KRB5_LIB_FUNCTION krb5_kt_free_entry(krb5_context context, krb5_keytab_entry *entry) { krb5_free_principal (context, entry->principal); krb5_free_keyblock_contents (context, &entry->keyblock); memset(entry, 0, sizeof(*entry)); return 0; }
KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_keyblock(krb5_context context, krb5_keyblock *keyblock) { if(keyblock){ krb5_free_keyblock_contents(context, keyblock); free(keyblock); } }
/* Obtain and return any preauthentication data (which is destined for the * client) which matches type data->pa_type. */ static krb5_error_code server_get_edata(krb5_context kcontext, krb5_kdc_req *request, struct _krb5_db_entry_new *client, struct _krb5_db_entry_new *server, preauth_get_entry_data_proc server_get_entry_data, void *pa_module_context, krb5_pa_data *data) { krb5_data *key_data; krb5_keyblock *keys, *key; krb5_int32 *enctypes, enctype; int i; /* Retrieve the client's keys. */ key_data = NULL; if ((*server_get_entry_data)(kcontext, request, client, krb5plugin_preauth_keys, &key_data) != 0) { #ifdef DEBUG fprintf(stderr, "Error retrieving client keys.\n"); #endif return KRB5KDC_ERR_PADATA_TYPE_NOSUPP; } /* Count which types of keys we've got, freeing the contents, which we * don't need at this point. */ keys = (krb5_keyblock *) key_data->data; key = NULL; for (i = 0; keys[i].enctype != 0; i++) krb5_free_keyblock_contents(kcontext, &keys[i]); /* Return the list of encryption types. */ enctypes = malloc((unsigned)i * 4); if (enctypes == NULL) { krb5_free_data(kcontext, key_data); return ENOMEM; } #ifdef DEBUG fprintf(stderr, "Supported enctypes = {"); #endif for (i = 0; keys[i].enctype != 0; i++) { #ifdef DEBUG fprintf(stderr, "%s%d", (i > 0) ? ", " : "", keys[i].enctype); #endif enctype = htonl(keys[i].enctype); memcpy(&enctypes[i], &enctype, 4); } #ifdef DEBUG fprintf(stderr, "}.\n"); #endif data->pa_type = KRB5_PADATA_CKSUM_BODY_REQ; data->length = (i * 4); data->contents = (unsigned char *) enctypes; krb5_free_data(kcontext, key_data); return 0; }
/* Free all keyblocks in a list (terminated by a keyblock with enctype 0). */ void kdb_free_keyblocks(kadm5_server_handle_t handle, krb5_keyblock *keyblocks) { krb5_keyblock *kb; if (keyblocks == NULL) return; for (kb = keyblocks; kb->enctype != 0; kb++) krb5_free_keyblock_contents(handle->context, kb); free(keyblocks); }
static mit_krb5_error_code krb5_kt_free_entry(mit_krb5_context context, mit_krb5_keytab_entry *entry) { LOG_ENTRY(); krb5_free_principal (context, entry->principal); krb5_free_keyblock_contents (context, &entry->key); memset(entry, 0, sizeof(*entry)); return 0; }
static krb5_error_code libnet_keytab_add_entry(krb5_context context, krb5_keytab keytab, krb5_kvno kvno, const char *princ_s, krb5_enctype enctype, krb5_data password) { krb5_keyblock *keyp; krb5_keytab_entry kt_entry; krb5_error_code ret; /* remove duplicates first ... */ ret = libnet_keytab_remove_entries(context, keytab, princ_s, kvno, enctype, false); if (ret) { DEBUG(1, ("libnet_keytab_remove_entries failed: %s\n", error_message(ret))); } ZERO_STRUCT(kt_entry); kt_entry.vno = kvno; ret = smb_krb5_parse_name(context, princ_s, &kt_entry.principal); if (ret) { DEBUG(1, ("smb_krb5_parse_name(%s) failed (%s)\n", princ_s, error_message(ret))); return ret; } keyp = KRB5_KT_KEY(&kt_entry); if (create_kerberos_key_from_string(context, kt_entry.principal, &password, keyp, enctype, true)) { ret = KRB5KRB_ERR_GENERIC; goto done; } ret = krb5_kt_add_entry(context, keytab, &kt_entry); if (ret) { DEBUG(1, ("adding entry to keytab failed (%s)\n", error_message(ret))); } done: krb5_free_keyblock_contents(context, keyp); krb5_free_principal(context, kt_entry.principal); ZERO_STRUCT(kt_entry); smb_krb5_kt_free_entry(context, &kt_entry); return ret; }
void KRB5_LIB_FUNCTION _krb5_krb_free_auth_data(krb5_context context, struct _krb5_krb_auth_data *ad) { if (ad->pname) free(ad->pname); if (ad->pinst) free(ad->pinst); if (ad->prealm) free(ad->prealm); krb5_free_keyblock_contents(context, &ad->session); memset(ad, 0, sizeof(*ad)); }
static krb5_error_code get_as_key_keytab(krb5_context context, krb5_principal client, krb5_enctype etype, krb5_prompter_fct prompter, void *prompter_data, krb5_data *salt, krb5_data *params, krb5_keyblock *as_key, void *gak_data, k5_response_items *ritems) { krb5_keytab keytab = (krb5_keytab) gak_data; krb5_error_code ret; krb5_keytab_entry kt_ent; krb5_keyblock *kt_key; /* We don't need the password from the responder to create the AS key. */ if (as_key == NULL) return 0; /* if there's already a key of the correct etype, we're done. if the etype is wrong, free the existing key, and make a new one. */ if (as_key->length) { if (as_key->enctype == etype) return(0); krb5_free_keyblock_contents(context, as_key); as_key->length = 0; } if (!krb5_c_valid_enctype(etype)) return(KRB5_PROG_ETYPE_NOSUPP); if ((ret = krb5_kt_get_entry(context, keytab, client, 0, /* don't have vno available */ etype, &kt_ent))) return(ret); ret = krb5_copy_keyblock(context, &kt_ent.key, &kt_key); /* again, krb5's memory management is lame... */ *as_key = *kt_key; free(kt_key); (void) krb5_kt_free_entry(context, &kt_ent); return(ret); }
static void time_encryption(krb5_context context, size_t size, krb5_enctype etype, int iterations) { struct timeval tv1, tv2; krb5_error_code ret; krb5_keyblock key; krb5_crypto crypto; krb5_data data; char *etype_name; void *buf; int i; ret = krb5_generate_random_keyblock(context, etype, &key); if (ret) krb5_err(context, 1, ret, "krb5_generate_random_keyblock"); ret = krb5_enctype_to_string(context, etype, &etype_name); if (ret) krb5_err(context, 1, ret, "krb5_enctype_to_string"); buf = malloc(size); if (buf == NULL) krb5_errx(context, 1, "out of memory"); memset(buf, 0, size); ret = krb5_crypto_init(context, &key, 0, &crypto); if (ret) krb5_err(context, 1, ret, "krb5_crypto_init"); gettimeofday(&tv1, NULL); for (i = 0; i < iterations; i++) { ret = krb5_encrypt(context, crypto, 0, buf, size, &data); if (ret) krb5_err(context, 1, ret, "encrypt: %d", i); krb5_data_free(&data); } gettimeofday(&tv2, NULL); timevalsub(&tv2, &tv1); printf("%s size: %7lu iterations: %d time: %3ld.%06ld\n", etype_name, (unsigned long)size, iterations, (long)tv2.tv_sec, (long)tv2.tv_usec); free(buf); free(etype_name); krb5_crypto_destroy(context, crypto); krb5_free_keyblock_contents(context, &key); }
int main(int argc, char **argv) { krb5_context context; krb5_error_code ret; krb5_keyblock key; krb5_crypto crypto; size_t length; krb5_data input, output, output2; krb5_enctype etype = ETYPE_AES256_CTS_HMAC_SHA1_96; ret = krb5_init_context(&context); if (ret) errx(1, "krb5_init_context %d", ret); ret = krb5_generate_random_keyblock(context, etype, &key); if (ret) krb5_err(context, 1, ret, "krb5_generate_random_keyblock"); ret = krb5_crypto_prf_length(context, etype, &length); if (ret) krb5_err(context, 1, ret, "krb5_crypto_prf_length"); ret = krb5_crypto_init(context, &key, 0, &crypto); if (ret) krb5_err(context, 1, ret, "krb5_crypto_init"); input.data = rk_UNCONST("foo"); input.length = 3; ret = krb5_crypto_prf(context, crypto, &input, &output); if (ret) krb5_err(context, 1, ret, "krb5_crypto_prf"); ret = krb5_crypto_prf(context, crypto, &input, &output2); if (ret) krb5_err(context, 1, ret, "krb5_crypto_prf"); if (krb5_data_cmp(&output, &output2) != 0) krb5_errx(context, 1, "krb5_data_cmp"); krb5_data_free(&output); krb5_data_free(&output2); krb5_crypto_destroy(context, crypto); krb5_free_keyblock_contents(context, &key); krb5_free_context(context); return 0; }
krb5_error_code KRB5_CALLCONV krb5_mkt_add(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry) { krb5_error_code err = 0; krb5_mkt_cursor cursor; err = KTLOCK(id); if (err) return err; cursor = (krb5_mkt_cursor)malloc(sizeof(krb5_mkt_link)); if (cursor == NULL) { err = ENOMEM; goto done; } cursor->entry = (krb5_keytab_entry *)malloc(sizeof(krb5_keytab_entry)); if (cursor->entry == NULL) { free(cursor); err = ENOMEM; goto done; } cursor->entry->magic = entry->magic; cursor->entry->timestamp = entry->timestamp; cursor->entry->vno = entry->vno; err = krb5_copy_keyblock_contents(context, &(entry->key), &(cursor->entry->key)); if (err) { free(cursor->entry); free(cursor); goto done; } err = krb5_copy_principal(context, entry->principal, &(cursor->entry->principal)); if (err) { krb5_free_keyblock_contents(context, &(cursor->entry->key)); free(cursor->entry); free(cursor); goto done; } if (KTLINK(id) == NULL) { cursor->next = NULL; KTLINK(id) = cursor; } else { cursor->next = KTLINK(id); KTLINK(id) = cursor; } done: KTUNLOCK(id); return err; }
/* take a v5 keyblock, masquerading as a v4 key, * decrypt it, and convert the resulting v5 keyblock * to a real v4 key. * this is ugly, but it saves changing more v4 code. * * Also, keep old krb5_keyblock around in case we want to use it later. */ static int compat_decrypt_key (krb5_key_data *in5, unsigned char *out4, krb5_keyblock *out5, int issrv) { krb5_error_code retval; out5->contents = NULL; memset(out4, 0, sizeof(out4)); retval = krb5_dbekd_decrypt_key_data(kdc_context, &master_keyblock, in5, out5, NULL); if (retval) { lt = klog(L_DEATH_REQ, "KDC can't decrypt principal's key."); out5->contents = NULL; return(retval); } if (K4KDC_ENCTYPE_OK(out5->enctype)) { if (out5->length == KRB5_MIT_DES_KEYSIZE) memcpy(out4, out5->contents, out5->length); else { lt = klog(L_DEATH_REQ, "internal keysize error in kdc"); krb5_free_keyblock_contents(kdc_context, out5); out5->contents = NULL; retval = -1; } } else { if (!issrv) { lt = klog(L_DEATH_REQ, "incompatible principal key type."); krb5_free_keyblock_contents(kdc_context, out5); out5->contents = NULL; retval = -1; } else { /* KLUDGE! If it's a non-raw des3 key, bash its enctype */ if (out5->enctype == ENCTYPE_DES3_CBC_SHA1 ) out5->enctype = ENCTYPE_DES3_CBC_RAW; } } return(retval); }
void ZSetSession(krb5_keyblock *keyblock) { krb5_error_code result; if (__Zephyr_keyblock) { krb5_free_keyblock_contents(Z_krb5_ctx, __Zephyr_keyblock); result = krb5_copy_keyblock_contents(Z_krb5_ctx, keyblock, __Zephyr_keyblock); } else { result = krb5_copy_keyblock(Z_krb5_ctx, keyblock, &__Zephyr_keyblock); } if (result) /*XXX we're out of memory? */ return; }
/* A krb5_gic_get_as_key_fct shim for copying a caller-provided keyblock into * the AS keyblock. */ static krb5_error_code get_as_key_skey(krb5_context context, krb5_principal client, krb5_enctype etype, krb5_prompter_fct prompter, void *prompter_data, krb5_data *salt, krb5_data *params, krb5_keyblock *as_key, void *gak_data) { const krb5_keyblock *key = gak_data; if (!krb5_c_valid_enctype(etype)) return(KRB5_PROG_ETYPE_NOSUPP); if (as_key->length) krb5_free_keyblock_contents(context, as_key); return krb5int_c_copy_keyblock_contents(context, key, as_key); }
int main(int argc, char **argv) { struct testcase *t; krb5_context context; krb5_error_code ret; int val = 0; ret = krb5_init_context (&context); if (ret) errx (1, "krb5_init_context failed: %d", ret); /* to enable realm-less principal name above */ krb5_set_default_realm(context, ""); for (t = tests; t->principal_name; ++t) { krb5_keyblock key; krb5_principal principal; int i; ret = krb5_parse_name (context, t->principal_name, &principal); if (ret) krb5_err (context, 1, ret, "krb5_parse_name %s", t->principal_name); ret = krb5_string_to_key (context, t->enctype, t->password, principal, &key); if (ret) krb5_err (context, 1, ret, "krb5_string_to_key"); krb5_free_principal (context, principal); if (memcmp (key.keyvalue.data, t->res, key.keyvalue.length) != 0) { const unsigned char *p = key.keyvalue.data; printf ("string_to_key(%s, %s) failed\n", t->principal_name, t->password); printf ("should be: "); for (i = 0; i < key.keyvalue.length; ++i) printf ("%02x", t->res[i]); printf ("\nresult was: "); for (i = 0; i < key.keyvalue.length; ++i) printf ("%02x", p[i]); printf ("\n"); val = 1; } krb5_free_keyblock_contents(context, &key); } krb5_free_context(context); return val; }
void free_keys_contents(krb5_context krbctx, struct keys_container *keys) { struct krb_key_salt *ksdata; int i; ksdata = keys->ksdata; for (i = 0; i < keys->nkeys; i++) { krb5_free_keyblock_contents(krbctx, &ksdata[i].key); krb5_free_data_contents(krbctx, &ksdata[i].salt); } free(ksdata); keys->ksdata = NULL; keys->nkeys = 0; }
krb5_error_code KRB5_LIB_FUNCTION krb5_free_cred_contents (krb5_context context, krb5_creds *c) { krb5_free_principal (context, c->client); c->client = NULL; krb5_free_principal (context, c->server); c->server = NULL; krb5_free_keyblock_contents (context, &c->session); krb5_data_free (&c->ticket); krb5_data_free (&c->second_ticket); free_AuthorizationData (&c->authdata); krb5_free_addresses (context, &c->addresses); memset(c, 0, sizeof(*c)); return 0; }
void gp_free_creds_handle(struct gp_creds_handle **in) { struct gp_creds_handle *handle = *in; if (!handle) { return; } if (handle->context) { krb5_free_keyblock_contents(handle->context, &handle->key); krb5_free_context(handle->context); } free(handle); *in = NULL; return; }
void hdb_free_keys (krb5_context context, int len, Key *keys) { int i; for (i = 0; i < len; i++) { free(keys[i].mkvno); keys[i].mkvno = NULL; if (keys[i].salt != NULL) { free_Salt(keys[i].salt); free(keys[i].salt); keys[i].salt = NULL; } krb5_free_keyblock_contents(context, &keys[i].key); } free (keys); }
static int set_random_key (krb5_principal principal, int keepold) { krb5_error_code ret; int i; krb5_keyblock *keys; int num_keys; ret = kadm5_randkey_principal_3(kadm_handle, principal, keepold, 0, NULL, &keys, &num_keys); if(ret) return ret; for(i = 0; i < num_keys; i++) krb5_free_keyblock_contents(context, &keys[i]); free(keys); return 0; }