Move mk_cred and rd_cred to libkrb.a
authorTheodore Tso <tytso@mit.edu>
Mon, 14 Nov 1994 21:36:09 +0000 (21:36 +0000)
committerTheodore Tso <tytso@mit.edu>
Mon, 14 Nov 1994 21:36:09 +0000 (21:36 +0000)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@4660 dc483132-0cff-0310-8789-dd5450dbe970

src/appl/bsd/ChangeLog
src/appl/bsd/forward.c

index 281492994f10bc725e8b33d84e512483291b200d..f24494fd6867a1eaca1201754c5aec4c4d336705 100644 (file)
@@ -1,3 +1,8 @@
+Fri Nov 11 00:53:57 1994  Theodore Y. Ts'o  (tytso@dcl)
+
+       * forward.c (mk_cred, rd_cred): Move mk_cred and rd_cred to
+               libkrb.a.
+
 Tue Nov  8 23:52:58 1994  Theodore Y. Ts'o  (tytso@dcl)
 
        * krshd.c (setpgrp): Defining setpgrp(a,b) to setpgrp() if
index 47dd2adaa1eedfd8a82b826f6cf9db8a8fc223ce..0819dee99cd072a71761a0e616f7c0dc7fbe32ba 100644 (file)
@@ -19,7 +19,6 @@
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  */
 
-
 /* General-purpose forwarding routines. These routines may be put into */
 /* libkrb5.a to allow widespread use */ 
 
@@ -38,8 +37,6 @@
 /* helper function: convert flags to necessary KDC options */
 #define flags2options(flags) (flags & KDC_TKT_COMMON_MASK)
 
-
-
 /* Get a TGT for use at the remote host */
 krb5_error_code
 get_for_creds(etype, sumtype, rhost, client, enc_key, forwardable, outbuf)
@@ -226,150 +223,6 @@ errout:
 }
 
 
-
-/* Create asn.1 encoded KRB-CRED message from the kdc reply. */
-krb5_error_code
-mk_cred(dec_rep, etype, key, sender_addr, recv_addr, outbuf)
-krb5_kdc_rep *dec_rep;
-krb5_enctype etype;
-krb5_keyblock *key;
-krb5_address *sender_addr;
-krb5_address *recv_addr;
-krb5_data *outbuf;
-{
-    krb5_error_code retval;
-    krb5_encrypt_block eblock;
-    krb5_cred ret_cred;
-    krb5_cred_enc_part cred_enc_part;
-    krb5_data *scratch;
-
-    if (!valid_etype(etype))
-      return KRB5_PROG_ETYPE_NOSUPP;
-
-    ret_cred.tickets = (krb5_ticket **) calloc(2, sizeof(*ret_cred.tickets));
-    if (!ret_cred.tickets)
-      return ENOMEM;
-    ret_cred.tickets[0] = dec_rep->ticket;
-    ret_cred.tickets[1] = 0;
-
-    ret_cred.enc_part.etype = etype; 
-    ret_cred.enc_part.kvno = 0;
-
-    cred_enc_part.ticket_info = (krb5_cred_info **) 
-      calloc(2, sizeof(*cred_enc_part.ticket_info));
-    if (!cred_enc_part.ticket_info) {
-       krb5_free_tickets(ret_cred.tickets);
-       return ENOMEM;
-    }
-    cred_enc_part.ticket_info[0] = (krb5_cred_info *) 
-      malloc(sizeof(*cred_enc_part.ticket_info[0]));
-    if (!cred_enc_part.ticket_info[0]) {
-       krb5_free_tickets(ret_cred.tickets);
-       krb5_free_cred_enc_part(cred_enc_part);
-       return ENOMEM;
-    }
-    cred_enc_part.nonce = 0;
-
-    if (retval = krb5_us_timeofday(&cred_enc_part.timestamp,
-                                  &cred_enc_part.usec))
-      return retval;
-
-    cred_enc_part.s_address = (krb5_address *)sender_addr;
-    cred_enc_part.r_address = (krb5_address *)recv_addr;
-
-    cred_enc_part.ticket_info[0]->session = dec_rep->enc_part2->session;
-    cred_enc_part.ticket_info[0]->client = dec_rep->client;
-    cred_enc_part.ticket_info[0]->server = dec_rep->enc_part2->server;
-    cred_enc_part.ticket_info[0]->flags  = dec_rep->enc_part2->flags;
-    cred_enc_part.ticket_info[0]->times  = dec_rep->enc_part2->times;
-    cred_enc_part.ticket_info[0]->caddrs = dec_rep->enc_part2->caddrs;
-
-    cred_enc_part.ticket_info[1] = 0;
-
-    /* start by encoding to-be-encrypted part of the message */
-
-    if (retval = encode_krb5_enc_cred_part(&cred_enc_part, &scratch))
-      return retval;
-
-#define cleanup_scratch() { (void) memset(scratch->data, 0, scratch->length); krb5_free_data(scratch); }
-
-    /* put together an eblock for this encryption */
-
-    krb5_use_cstype(&eblock, etype);
-    ret_cred.enc_part.ciphertext.length = krb5_encrypt_size(scratch->length,
-                                               eblock.crypto_entry);
-    /* add padding area, and zero it */
-    if (!(scratch->data = realloc(scratch->data,
-                                 ret_cred.enc_part.ciphertext.length))) {
-       /* may destroy scratch->data */
-       krb5_xfree(scratch);
-       return ENOMEM;
-    }
-    memset(scratch->data + scratch->length, 0,
-         ret_cred.enc_part.ciphertext.length - scratch->length);
-    if (!(ret_cred.enc_part.ciphertext.data =
-         malloc(ret_cred.enc_part.ciphertext.length))) {
-        retval = ENOMEM;
-        goto clean_scratch;
-    }
-
-#define cleanup_encpart() {\
-       (void) memset(ret_cred.enc_part.ciphertext.data, 0, \
-            ret_cred.enc_part.ciphertext.length); \
-       free(ret_cred.enc_part.ciphertext.data); \
-       ret_cred.enc_part.ciphertext.length = 0; \
-       ret_cred.enc_part.ciphertext.data = 0;}
-
-    /* do any necessary key pre-processing */
-    if (retval = krb5_process_key(&eblock, key)) {
-        goto clean_encpart;
-    }
-
-#define cleanup_prockey() {(void) krb5_finish_key(&eblock);}
-
-    /* call the encryption routine */
-    if (retval = krb5_encrypt((krb5_pointer) scratch->data,
-                             (krb5_pointer)
-                             ret_cred.enc_part.ciphertext.data, 
-                             scratch->length, &eblock,
-                             0)) {
-        goto clean_prockey;
-    }
-    
-    /* private message is now assembled-- do some cleanup */
-    cleanup_scratch();
-
-    if (retval = krb5_finish_key(&eblock)) {
-        cleanup_encpart();
-        return retval;
-    }
-    /* encode private message */
-    if (retval = encode_krb5_cred(&ret_cred, &scratch))  {
-        cleanup_encpart();
-       return retval;
-    }
-
-    cleanup_encpart();
-
-    *outbuf = *scratch;
-    krb5_xfree(scratch);
-    return 0;
-
- clean_prockey:
-    cleanup_prockey();
- clean_encpart:
-    cleanup_encpart();
- clean_scratch:
-    cleanup_scratch();
-
-    return retval;
-#undef cleanup_prockey
-#undef cleanup_encpart
-#undef cleanup_scratch
-}
-
-
-
 /* Decode, decrypt and store the forwarded creds in the local ccache. */
 krb5_error_code
 rd_and_store_for_creds(inbuf, ticket, lusername)
@@ -421,191 +274,4 @@ rd_and_store_for_creds(inbuf, ticket, lusername)
     return retval;
 }
 
-
-
-extern krb5_deltat krb5_clockskew;   
-#define in_clock_skew(date) (abs((date)-currenttime) < krb5_clockskew)
-
-/* Decode the KRB-CRED message, and return creds */
-krb5_error_code
-rd_cred(inbuf, key, creds, sender_addr, recv_addr)
-const krb5_data *inbuf;
-const krb5_keyblock *key;
-krb5_creds *creds;                /* Filled in */
-const krb5_address *sender_addr;  /* optional */
-const krb5_address *recv_addr;    /* optional */
-{
-    krb5_error_code retval;
-    krb5_encrypt_block eblock;
-    krb5_cred *credmsg;
-    krb5_cred_enc_part *credmsg_enc_part;
-    krb5_data *scratch;
-    krb5_timestamp currenttime;
-
-    if (!krb5_is_krb_cred(inbuf))
-       return KRB5KRB_AP_ERR_MSG_TYPE;
-    
-    /* decode private message */
-    if (retval = decode_krb5_cred(inbuf, &credmsg))  {
-       return retval;
-    }
-    
-#define cleanup_credmsg() {(void)krb5_xfree(credmsg->enc_part.ciphertext.data); (void)krb5_xfree(credmsg);}
-
-    if (!(scratch = (krb5_data *) malloc(sizeof(*scratch)))) {
-       cleanup_credmsg();
-       return ENOMEM;
-    }
-
-#define cleanup_scratch() {(void)memset(scratch->data, 0, scratch->length); (void)krb5_xfree(scratch->data);}
-
-    if (retval = encode_krb5_ticket(credmsg->tickets[0], &scratch)) {
-       cleanup_credmsg();
-       cleanup_scratch();
-       return(retval);
-    }
-
-    creds->ticket = *scratch;
-    if (!(creds->ticket.data = malloc(scratch->length))) {
-       krb5_xfree(creds->ticket.data);
-       return ENOMEM;
-    }
-    memcpy((char *)creds->ticket.data, (char *) scratch->data, scratch->length);
-
-    cleanup_scratch();
-
-    if (!valid_etype(credmsg->enc_part.etype)) {
-       cleanup_credmsg();
-       return KRB5_PROG_ETYPE_NOSUPP;
-    }
-
-    /* put together an eblock for this decryption */
-
-    krb5_use_cstype(&eblock, credmsg->enc_part.etype);
-    scratch->length = credmsg->enc_part.ciphertext.length;
-    
-    if (!(scratch->data = malloc(scratch->length))) {
-       cleanup_credmsg();
-        return ENOMEM;
-    }
-
-    /* do any necessary key pre-processing */
-    if (retval = krb5_process_key(&eblock, key)) {
-        cleanup_credmsg();
-       cleanup_scratch();
-       return retval;
-    }
-    
-#define cleanup_prockey() {(void) krb5_finish_key(&eblock);}
-    
-    /* call the decryption routine */
-    if (retval = krb5_decrypt((krb5_pointer) credmsg->enc_part.ciphertext.data,
-                             (krb5_pointer) scratch->data,
-                             scratch->length, &eblock,
-                             0)) {
-       cleanup_credmsg();
-       cleanup_scratch();
-        cleanup_prockey();
-       return retval;
-    }
-
-    /* cred message is now decrypted -- do some cleanup */
-
-    cleanup_credmsg();
-
-    if (retval = krb5_finish_key(&eblock)) {
-        cleanup_scratch();
-        return retval;
-    }
-
-    /*  now decode the decrypted stuff */
-    if (retval = decode_krb5_enc_cred_part(scratch, &credmsg_enc_part)) {
-       cleanup_scratch();
-       return retval;
-    }
-    cleanup_scratch();
-
-#define cleanup_mesg() {(void)krb5_xfree(credmsg_enc_part);}
-
-    if (retval = krb5_timeofday(&currenttime)) {
-       cleanup_mesg();
-       return retval;
-    }
-    if (!in_clock_skew(credmsg_enc_part->timestamp)) {
-       cleanup_mesg();  
-       return KRB5KRB_AP_ERR_SKEW;
-    }
-
-    if (sender_addr && credmsg_enc_part->s_address &&
-       !krb5_address_compare(sender_addr, 
-                             credmsg_enc_part->s_address)) {
-       cleanup_mesg();
-       return KRB5KRB_AP_ERR_BADADDR;
-    }
-    if (recv_addr && credmsg_enc_part->r_address &&
-       !krb5_address_compare(recv_addr, 
-                             credmsg_enc_part->r_address)) {
-       cleanup_mesg();
-       return KRB5KRB_AP_ERR_BADADDR;
-    }      
-
-    if (credmsg_enc_part->r_address) {
-       krb5_address **our_addrs;
-       
-       if (retval = krb5_os_localaddr(&our_addrs)) {
-           cleanup_mesg();
-           return retval;
-       }
-       if (!krb5_address_search(credmsg_enc_part->r_address, 
-                                our_addrs)) {
-           krb5_free_addresses(our_addrs);
-           cleanup_mesg();
-           return KRB5KRB_AP_ERR_BADADDR;
-       }
-       krb5_free_addresses(our_addrs);
-    }
-
-    if (retval = krb5_copy_principal(credmsg_enc_part->ticket_info[0]->client,
-                                    &creds->client)) {
-       return(retval);
-    }
-
-    if (retval = krb5_copy_principal(credmsg_enc_part->ticket_info[0]->server,
-                                    &creds->server)) {
-       return(retval);
-    }  
-
-    if (retval =
-       krb5_copy_keyblock_contents(credmsg_enc_part->ticket_info[0]->session, 
-                                   &creds->keyblock)) {
-       return(retval);
-    }
-
-#undef clean
-#define clean() {\
-       memset((char *)creds->keyblock.contents, 0, creds->keyblock.length);}
-
-    creds->times = credmsg_enc_part->ticket_info[0]->times;
-    creds->is_skey = FALSE;
-    creds->ticket_flags = credmsg_enc_part->ticket_info[0]->flags;
-
-    if (retval = krb5_copy_addresses(credmsg_enc_part->ticket_info[0]->caddrs,
-                                    &creds->addresses)) {
-       clean();
-       return(retval);
-    }
-
-    creds->second_ticket.length = 0;
-
-    creds->authdata = 0;
-
-    cleanup_mesg();
-    return 0;
-#undef clean
-#undef cleanup_credmsg
-#undef cleanup_scratch
-#undef cleanup_prockey
-#undef cleanup_mesg
-}
-
 #endif /* KERBEROS */