static krb5_error_code greet_kdc_sign(krb5_context context, krb5_enc_tkt_part *enc_tkt_reply, krb5_const_principal tgs, krb5_data *greeting) { krb5_error_code code; krb5_authdata ad_datum, *ad_data[2], **kdc_issued = NULL; krb5_authdata **if_relevant = NULL; krb5_authdata **tkt_authdata; ad_datum.ad_type = -42; ad_datum.contents = (krb5_octet *)greeting->data; ad_datum.length = greeting->length; ad_data[0] = &ad_datum; ad_data[1] = NULL; code = krb5_make_authdata_kdc_issued(context, enc_tkt_reply->session, tgs, ad_data, &kdc_issued); if (code != 0) return code; code = krb5_encode_authdata_container(context, KRB5_AUTHDATA_IF_RELEVANT, kdc_issued, &if_relevant); if (code != 0) { krb5_free_authdata(context, kdc_issued); return code; } code = krb5_merge_authdata(context, if_relevant, enc_tkt_reply->authorization_data, &tkt_authdata); if (code == 0) { krb5_free_authdata(context, enc_tkt_reply->authorization_data); enc_tkt_reply->authorization_data = tkt_authdata; } krb5_free_authdata(context, if_relevant); krb5_free_authdata(context, kdc_issued); return code; }
int main() { krb5_context context; krb5_authdata **results; krb5_authdata *container[2]; krb5_authdata **container_out; krb5_authdata **kdci; assert(krb5_init_context(&context) == 0); assert(krb5_merge_authdata(context, adseq1, adseq2, &results) == 0); compare_authdata(results[0], &ad1); compare_authdata( results[1], &ad2); compare_authdata(results[2], &ad4); compare_authdata( results[3], &ad3); assert(results[4] == NULL); krb5_free_authdata(context, results); container[0] = &ad3; container[1] = NULL; assert(krb5_encode_authdata_container( context, KRB5_AUTHDATA_IF_RELEVANT, container, &container_out) == 0); assert(krb5int_find_authdata(context, adseq1, container_out, 22, &results) == 0); compare_authdata(&ad1, results[0]); compare_authdata( results[1], &ad4); compare_authdata( results[2], &ad3); assert( results[3] == NULL); krb5_free_authdata(context, container_out); assert(krb5_make_authdata_kdc_issued(context, &key, NULL, results, &kdci) == 0); assert(krb5_verify_authdata_kdc_issued(context, &key, kdci[0], NULL, &container_out) == 0); compare_authdata(container_out[0], results[0]); compare_authdata(container_out[1], results[1]); compare_authdata(container_out[2], results[2]); krb5_free_authdata(context, kdci); krb5_free_authdata(context, results); krb5_free_authdata(context, container_out); krb5_free_context(context); return 0; }