diff options
author | assar <assar@FreeBSD.org> | 2001-06-21 02:12:07 +0000 |
---|---|---|
committer | assar <assar@FreeBSD.org> | 2001-06-21 02:12:07 +0000 |
commit | 0c8fa354358381b3f1b92598e7f1b46f8cf744cc (patch) | |
tree | ed28ffb73cc0ae48a9892dab3f10b09bc36436d5 /crypto/heimdal/lib/krb5/get_cred.c | |
parent | 06c859ecf534f468a52f24a3eb14409d73a4907c (diff) | |
download | FreeBSD-src-0c8fa354358381b3f1b92598e7f1b46f8cf744cc.zip FreeBSD-src-0c8fa354358381b3f1b92598e7f1b46f8cf744cc.tar.gz |
import of heimdal 0.3f
Diffstat (limited to 'crypto/heimdal/lib/krb5/get_cred.c')
-rw-r--r-- | crypto/heimdal/lib/krb5/get_cred.c | 139 |
1 files changed, 105 insertions, 34 deletions
diff --git a/crypto/heimdal/lib/krb5/get_cred.c b/crypto/heimdal/lib/krb5/get_cred.c index e649cfe..2af940c 100644 --- a/crypto/heimdal/lib/krb5/get_cred.c +++ b/crypto/heimdal/lib/krb5/get_cred.c @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: get_cred.c,v 1.82 2001/01/19 04:29:44 assar Exp $"); +RCSID("$Id: get_cred.c,v 1.85 2001/05/14 06:14:46 assar Exp $"); /* * Take the `body' and encode it into `padata' using the credentials @@ -45,7 +45,8 @@ make_pa_tgs_req(krb5_context context, krb5_auth_context ac, KDC_REQ_BODY *body, PA_DATA *padata, - krb5_creds *creds) + krb5_creds *creds, + krb5_key_usage usage) { u_char *buf; size_t buf_size; @@ -55,8 +56,10 @@ make_pa_tgs_req(krb5_context context, buf_size = 1024; buf = malloc (buf_size); - if (buf == NULL) + if (buf == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } do { ret = encode_KDC_REQ_BODY(buf + buf_size - 1, buf_size, @@ -68,6 +71,7 @@ make_pa_tgs_req(krb5_context context, buf_size *= 2; tmp = realloc (buf, buf_size); if (tmp == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; goto out; } @@ -83,7 +87,8 @@ make_pa_tgs_req(krb5_context context, ret = krb5_mk_req_internal(context, &ac, 0, &in_data, creds, &padata->padata_value, KRB5_KU_TGS_REQ_AUTH_CKSUM, - KRB5_KU_TGS_REQ_AUTH); + usage + /* KRB5_KU_TGS_REQ_AUTH */); out: free (buf); if(ret) @@ -110,8 +115,10 @@ set_auth_data (krb5_context context, len = length_AuthorizationData(authdata); buf = malloc(len); - if (buf == NULL) + if (buf == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } ret = encode_AuthorizationData(buf + len - 1, len, authdata, &len); if (ret) { @@ -122,7 +129,8 @@ set_auth_data (krb5_context context, ALLOC(req_body->enc_authorization_data, 1); if (req_body->enc_authorization_data == NULL) { free (buf); - return ret; + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; } ret = krb5_crypto_init(context, key, 0, &crypto); if (ret) { @@ -162,7 +170,8 @@ init_tgs_req (krb5_context context, krb5_creds *krbtgt, unsigned nonce, krb5_keyblock **subkey, - TGS_REQ *t) + TGS_REQ *t, + krb5_key_usage usage) { krb5_error_code ret; @@ -190,6 +199,7 @@ init_tgs_req (krb5_context context, ALLOC(t->req_body.sname, 1); if (t->req_body.sname == NULL) { ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); goto fail; } @@ -205,6 +215,7 @@ init_tgs_req (krb5_context context, ALLOC(t->req_body.till, 1); if(t->req_body.till == NULL){ ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); goto fail; } *t->req_body.till = in_creds->times.endtime; @@ -214,11 +225,13 @@ init_tgs_req (krb5_context context, ALLOC(t->req_body.additional_tickets, 1); if (t->req_body.additional_tickets == NULL) { ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); goto fail; } ALLOC_SEQ(t->req_body.additional_tickets, 1); if (t->req_body.additional_tickets->val == NULL) { ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); goto fail; } ret = copy_Ticket(second_ticket, t->req_body.additional_tickets->val); @@ -228,11 +241,13 @@ init_tgs_req (krb5_context context, ALLOC(t->padata, 1); if (t->padata == NULL) { ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); goto fail; } ALLOC_SEQ(t->padata, 1); if (t->padata->val == NULL) { ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); goto fail; } @@ -266,7 +281,8 @@ init_tgs_req (krb5_context context, ac, &t->req_body, t->padata->val, - krbtgt); + krbtgt, + usage); if(ret) { krb5_free_keyblock (context, key); krb5_auth_con_free(context, ac); @@ -366,13 +382,14 @@ decrypt_tkt_with_subkey (krb5_context context, } static krb5_error_code -get_cred_kdc(krb5_context context, - krb5_ccache id, - krb5_kdc_flags flags, - krb5_addresses *addresses, - krb5_creds *in_creds, - krb5_creds *krbtgt, - krb5_creds *out_creds) +get_cred_kdc_usage(krb5_context context, + krb5_ccache id, + krb5_kdc_flags flags, + krb5_addresses *addresses, + krb5_creds *in_creds, + krb5_creds *krbtgt, + krb5_creds *out_creds, + krb5_key_usage usage) { TGS_REQ req; krb5_data enc; @@ -407,7 +424,8 @@ get_cred_kdc(krb5_context context, krbtgt, nonce, &subkey, - &req); + &req, + usage); if(flags.b.enc_tkt_in_skey) free_Ticket(&second_ticket); if (ret) @@ -416,6 +434,7 @@ get_cred_kdc(krb5_context context, buf_size = 1024; buf = malloc (buf_size); if (buf == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; goto out; } @@ -430,6 +449,7 @@ get_cred_kdc(krb5_context context, buf_size *= 2; tmp = realloc (buf, buf_size); if (tmp == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; goto out; } @@ -487,13 +507,16 @@ get_cred_kdc(krb5_context context, krb5_free_kdc_rep(context, &rep); if (ret) goto out; - }else if(krb5_rd_error(context, &resp, &error) == 0){ - ret = error.error_code; - free_KRB_ERROR(&error); - }else if(resp.data && ((char*)resp.data)[0] == 4) + } else if(krb5_rd_error(context, &resp, &error) == 0) { + ret = krb5_error_from_rd_error(context, &error, in_creds); + krb5_free_error_contents(context, &error); + } else if(resp.data && ((char*)resp.data)[0] == 4) { ret = KRB5KRB_AP_ERR_V4_REPLY; - else + krb5_clear_error_string(context); + } else { ret = KRB5KRB_AP_ERR_MSG_TYPE; + krb5_clear_error_string(context); + } krb5_data_free(&resp); out: if(subkey){ @@ -506,6 +529,27 @@ out: } +static krb5_error_code +get_cred_kdc(krb5_context context, + krb5_ccache id, + krb5_kdc_flags flags, + krb5_addresses *addresses, + krb5_creds *in_creds, + krb5_creds *krbtgt, + krb5_creds *out_creds) +{ + krb5_error_code ret; + + ret = get_cred_kdc_usage(context, id, flags, addresses, in_creds, + krbtgt, out_creds, KRB5_KU_TGS_REQ_AUTH); + if (ret == KRB5KRB_AP_ERR_BAD_INTEGRITY) { + krb5_clear_error_string (context); + ret = get_cred_kdc_usage(context, id, flags, addresses, in_creds, + krbtgt, out_creds, KRB5_KU_AP_REQ_AUTH); + } + return ret; +} + /* same as above, just get local addresses first */ static krb5_error_code @@ -535,9 +579,12 @@ krb5_get_kdc_cred(krb5_context context, { krb5_error_code ret; krb5_creds *krbtgt; + *out_creds = calloc(1, sizeof(**out_creds)); - if(*out_creds == NULL) + if(*out_creds == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } ret = get_krbtgt (context, id, in_creds->server->realm, @@ -577,6 +624,7 @@ find_cred(krb5_context context, } tgts++; } + krb5_clear_error_string(context); return KRB5_CC_NOTFOUND; } @@ -586,10 +634,13 @@ add_cred(krb5_context context, krb5_creds ***tgts, krb5_creds *tkt) int i; krb5_error_code ret; krb5_creds **tmp = *tgts; + for(i = 0; tmp && tmp[i]; i++); /* XXX */ tmp = realloc(tmp, (i+2)*sizeof(*tmp)); - if(tmp == NULL) + if(tmp == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } *tgts = tmp; ret = krb5_copy_creds(context, tkt, &tmp[i]); tmp[i+1] = NULL; @@ -654,9 +705,10 @@ get_cred_from_kdc_flags(krb5_context context, *ret_tgts, &tgts); if(ret == 0){ *out_creds = calloc(1, sizeof(**out_creds)); - if(*out_creds == NULL) + if(*out_creds == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; - else { + } else { ret = get_cred_kdc_la(context, ccache, flags, in_creds, &tgts, *out_creds); if (ret) { @@ -670,8 +722,10 @@ get_cred_from_kdc_flags(krb5_context context, return ret; } } - if(krb5_realm_compare(context, in_creds->client, in_creds->server)) + if(krb5_realm_compare(context, in_creds->client, in_creds->server)) { + krb5_clear_error_string (context); return KRB5_CC_NOTFOUND; + } /* XXX this can loop forever */ while(1){ general_string tgt_inst; @@ -711,9 +765,10 @@ get_cred_from_kdc_flags(krb5_context context, krb5_free_principal(context, tmp_creds.server); krb5_free_principal(context, tmp_creds.client); *out_creds = calloc(1, sizeof(**out_creds)); - if(*out_creds == NULL) + if(*out_creds == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; - else { + } else { ret = get_cred_kdc_la(context, ccache, flags, in_creds, tgt, *out_creds); if (ret) { @@ -726,16 +781,28 @@ get_cred_from_kdc_flags(krb5_context context, } krb5_error_code +krb5_get_cred_from_kdc_opt(krb5_context context, + krb5_ccache ccache, + krb5_creds *in_creds, + krb5_creds **out_creds, + krb5_creds ***ret_tgts, + krb5_flags flags) +{ + krb5_kdc_flags f; + f.i = flags; + return get_cred_from_kdc_flags(context, f, ccache, + in_creds, out_creds, ret_tgts); +} + +krb5_error_code krb5_get_cred_from_kdc(krb5_context context, krb5_ccache ccache, krb5_creds *in_creds, krb5_creds **out_creds, krb5_creds ***ret_tgts) { - krb5_kdc_flags f; - f.i = 0; - return get_cred_from_kdc_flags(context, f, ccache, - in_creds, out_creds, ret_tgts); + return krb5_get_cred_from_kdc_opt(context, ccache, + in_creds, out_creds, ret_tgts, 0); } @@ -754,8 +821,10 @@ krb5_get_credentials_with_flags(krb5_context context, *out_creds = NULL; res_creds = calloc(1, sizeof(*res_creds)); - if (res_creds == NULL) + if (res_creds == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } ret = krb5_cc_retrieve_cred(context, ccache, @@ -769,8 +838,10 @@ krb5_get_credentials_with_flags(krb5_context context, free(res_creds); if(ret != KRB5_CC_END) return ret; - if(options & KRB5_GC_CACHED) + if(options & KRB5_GC_CACHED) { + krb5_clear_error_string (context); return KRB5_CC_NOTFOUND; + } if(options & KRB5_GC_USER_USER) flags.b.enc_tkt_in_skey = 1; tgts = NULL; |