From: Zhanna Tsitkov Date: Wed, 6 Jan 2010 21:56:02 +0000 (+0000) Subject: Divide copy_auth.c into three files based on the functionality. Namely, X-Git-Tag: krb5-1.9-beta1~405 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=cbfcc90dcf60d332109929d2039535dc5da1ce8a;p=krb5.git Divide copy_auth.c into three files based on the functionality. Namely, 1. copy/merge authdata 2. KDC related encode authdata 3. decode authdata git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23593 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/lib/krb5/krb/Makefile.in b/src/lib/krb5/krb/Makefile.in index d7a4a2da4..7b640f1ca 100644 --- a/src/lib/krb5/krb/Makefile.in +++ b/src/lib/krb5/krb/Makefile.in @@ -17,6 +17,8 @@ STLIBOBJS= \ appdefault.o \ auth_con.o \ authdata.o \ + authdata_enc.o \ + authdata_dec.o \ bld_pr_ext.o \ bld_princ.o \ chk_trans.o \ @@ -111,6 +113,8 @@ OBJS= $(OUTPRE)addr_comp.$(OBJEXT) \ $(OUTPRE)appdefault.$(OBJEXT) \ $(OUTPRE)auth_con.$(OBJEXT) \ $(OUTPRE)authdata.$(OBJEXT) \ + $(OUTPRE)authdata_enc.$(OBJEXT) \ + $(OUTPRE)authdata_dec.$(OBJEXT) \ $(OUTPRE)bld_pr_ext.$(OBJEXT) \ $(OUTPRE)bld_princ.$(OBJEXT) \ $(OUTPRE)chk_trans.$(OBJEXT) \ @@ -205,6 +209,8 @@ SRCS= $(srcdir)/addr_comp.c \ $(srcdir)/appdefault.c \ $(srcdir)/auth_con.c \ $(srcdir)/authdata.c \ + $(srcdir)/authdata_enc.c \ + $(srcdir)/authdata_dec.c \ $(srcdir)/bld_pr_ext.c \ $(srcdir)/bld_princ.c \ $(srcdir)/brand.c \ diff --git a/src/lib/krb5/krb/authdata.c b/src/lib/krb5/krb/authdata.c index 5430127eb..62e08d0f9 100644 --- a/src/lib/krb5/krb/authdata.c +++ b/src/lib/krb5/krb/authdata.c @@ -1244,3 +1244,35 @@ krb5_ser_authdata_context_init(krb5_context kcontext) return krb5_register_serializer(kcontext, &krb5_authdata_context_ser_entry); } + +krb5_error_code +krb5int_copy_authdatum(krb5_context context, + const krb5_authdata *inad, krb5_authdata **outad) +{ + krb5_authdata *tmpad; + + if (!(tmpad = (krb5_authdata *)malloc(sizeof(*tmpad)))) + return ENOMEM; + *tmpad = *inad; + if (!(tmpad->contents = (krb5_octet *)malloc(inad->length))) { + free(tmpad); + return ENOMEM; + } + memcpy(tmpad->contents, inad->contents, inad->length); + *outad = tmpad; + return 0; +} + +void KRB5_CALLCONV +krb5_free_authdata(krb5_context context, krb5_authdata **val) +{ + register krb5_authdata **temp; + + if (val == NULL) + return; + for (temp = val; *temp; temp++) { + free((*temp)->contents); + free(*temp); + } + free(val); +} diff --git a/src/lib/krb5/krb/copy_auth.c b/src/lib/krb5/krb/copy_auth.c index ca1c07718..2accc3423 100644 --- a/src/lib/krb5/krb/copy_auth.c +++ b/src/lib/krb5/krb/copy_auth.c @@ -24,7 +24,7 @@ * this software for any purpose. It is provided "as is" without express * or implied warranty. * - * + * krb5_merge_authdata() * krb5_copy_authdata() */ /* @@ -56,24 +56,7 @@ */ #include "k5-int.h" - -static krb5_error_code -copy_authdatum(krb5_context context, - const krb5_authdata *inad, krb5_authdata **outad) -{ - krb5_authdata *tmpad; - - if (!(tmpad = (krb5_authdata *)malloc(sizeof(*tmpad)))) - return ENOMEM; - *tmpad = *inad; - if (!(tmpad->contents = (krb5_octet *)malloc(inad->length))) { - free(tmpad); - return ENOMEM; - } - memcpy(tmpad->contents, inad->contents, inad->length); - *outad = tmpad; - return 0; -} +#include "int-proto.h" /* * Copy an authdata array, with fresh allocation. @@ -106,7 +89,7 @@ krb5_merge_authdata(krb5_context context, if (inauthdat1) { for (nelems = 0; inauthdat1[nelems]; nelems++) { - retval = copy_authdatum(context, inauthdat1[nelems], + retval = krb5int_copy_authdatum(context, inauthdat1[nelems], &tempauthdat[nelems]); if (retval) { krb5_free_authdata(context, tempauthdat); @@ -117,7 +100,7 @@ krb5_merge_authdata(krb5_context context, if (inauthdat2) { for (nelems2 = 0; inauthdat2[nelems2]; nelems2++) { - retval = copy_authdatum(context, inauthdat2[nelems2], + retval = krb5int_copy_authdatum(context, inauthdat2[nelems2], &tempauthdat[nelems++]); if (retval) { krb5_free_authdata(context, tempauthdat); @@ -136,289 +119,3 @@ krb5_copy_authdata(krb5_context context, { return krb5_merge_authdata(context, in_authdat, NULL, out); } - -krb5_error_code KRB5_CALLCONV -krb5_decode_authdata_container(krb5_context context, - krb5_authdatatype type, - const krb5_authdata *container, - krb5_authdata ***authdata) -{ - krb5_error_code code; - krb5_data data; - - *authdata = NULL; - - if ((container->ad_type & AD_TYPE_FIELD_TYPE_MASK) != type) - return EINVAL; - - data.length = container->length; - data.data = (char *)container->contents; - - code = decode_krb5_authdata(&data, authdata); - if (code) - return code; - - return 0; -} - -krb5_error_code KRB5_CALLCONV -krb5_encode_authdata_container(krb5_context context, - krb5_authdatatype type, - krb5_authdata *const*authdata, - krb5_authdata ***container) -{ - krb5_error_code code; - krb5_data *data; - krb5_authdata ad_datum; - krb5_authdata *ad_data[2]; - - *container = NULL; - - code = encode_krb5_authdata((krb5_authdata * const *)authdata, &data); - if (code) - return code; - - ad_datum.ad_type = type & AD_TYPE_FIELD_TYPE_MASK; - ad_datum.length = data->length; - ad_datum.contents = (unsigned char *)data->data; - - ad_data[0] = &ad_datum; - ad_data[1] = NULL; - - code = krb5_copy_authdata(context, ad_data, container); - - krb5_free_data(context, data); - - return code; -} - -struct find_authdata_context { - krb5_authdata **out; - size_t space; - size_t length; -}; - -static krb5_error_code -grow_find_authdata(krb5_context context, struct find_authdata_context *fctx, - krb5_authdata *elem) -{ - krb5_error_code retval = 0; - if (fctx->length == fctx->space) { - krb5_authdata **new; - if (fctx->space >= 256) { - krb5_set_error_message(context, ERANGE, - "More than 256 authdata matched a query"); - return ERANGE; - } - new = realloc(fctx->out, - sizeof (krb5_authdata *)*(2*fctx->space+1)); - if (new == NULL) - return ENOMEM; - fctx->out = new; - fctx->space *=2; - } - fctx->out[fctx->length+1] = NULL; - retval = copy_authdatum(context, elem, - &fctx->out[fctx->length]); - if (retval == 0) - fctx->length++; - return retval; -} - -static krb5_error_code -find_authdata_1(krb5_context context, krb5_authdata *const *in_authdat, - krb5_authdatatype ad_type, struct find_authdata_context *fctx, - int from_ap_req) -{ - int i = 0; - krb5_error_code retval = 0; - - for (i = 0; in_authdat[i] && retval == 0; i++) { - krb5_authdata *ad = in_authdat[i]; - krb5_authdata **decoded_container; - - switch (ad->ad_type) { - case KRB5_AUTHDATA_IF_RELEVANT: - if (retval == 0) - retval = krb5_decode_authdata_container(context, - ad->ad_type, - ad, - &decoded_container); - if (retval == 0) { - retval = find_authdata_1(context, - decoded_container, - ad_type, - fctx, - from_ap_req); - krb5_free_authdata(context, decoded_container); - } - break; - case KRB5_AUTHDATA_SIGNTICKET: - case KRB5_AUTHDATA_KDC_ISSUED: - case KRB5_AUTHDATA_WIN2K_PAC: - if (from_ap_req) - continue; - default: - if (ad->ad_type == ad_type && retval == 0) - retval = grow_find_authdata(context, fctx, ad); - break; - } - } - - return retval; -} - -krb5_error_code -krb5int_find_authdata(krb5_context context, - krb5_authdata *const *ticket_authdata, - krb5_authdata *const *ap_req_authdata, - krb5_authdatatype ad_type, krb5_authdata ***results) -{ - krb5_error_code retval = 0; - struct find_authdata_context fctx; - fctx.length = 0; - fctx.space = 2; - fctx.out = calloc(fctx.space+1, sizeof (krb5_authdata *)); - *results = NULL; - if (fctx.out == NULL) - return ENOMEM; - if (ticket_authdata) - retval = find_authdata_1( context, ticket_authdata, ad_type, &fctx, 0); - if ((retval==0) && ap_req_authdata) - retval = find_authdata_1( context, ap_req_authdata, ad_type, &fctx, 1); - if ((retval== 0) && fctx.length) - *results = fctx.out; - else krb5_free_authdata(context, fctx.out); - return retval; -} - -krb5_error_code KRB5_CALLCONV -krb5_make_authdata_kdc_issued(krb5_context context, - const krb5_keyblock *key, - krb5_const_principal issuer, - krb5_authdata *const *authdata, - krb5_authdata ***ad_kdcissued) -{ - krb5_error_code code; - krb5_ad_kdcissued ad_kdci; - krb5_data *data; - krb5_cksumtype cksumtype; - krb5_authdata ad_datum; - krb5_authdata *ad_data[2]; - - *ad_kdcissued = NULL; - - ad_kdci.ad_checksum.contents = NULL; - ad_kdci.i_principal = (krb5_principal)issuer; - ad_kdci.elements = (krb5_authdata **)authdata; - - code = krb5int_c_mandatory_cksumtype(context, key->enctype, - &cksumtype); - if (code != 0) - return code; - - if (!krb5_c_is_keyed_cksum(cksumtype)) - return KRB5KRB_AP_ERR_INAPP_CKSUM; - - code = encode_krb5_authdata(ad_kdci.elements, &data); - if (code != 0) - return code; - - code = krb5_c_make_checksum(context, cksumtype, - key, KRB5_KEYUSAGE_AD_KDCISSUED_CKSUM, - data, &ad_kdci.ad_checksum); - if (code != 0) { - krb5_free_data(context, data); - return code; - } - - krb5_free_data(context, data); - - code = encode_krb5_ad_kdcissued(&ad_kdci, &data); - if (code != 0) - return code; - - ad_datum.ad_type = KRB5_AUTHDATA_KDC_ISSUED; - ad_datum.length = data->length; - ad_datum.contents = (unsigned char *)data->data; - - ad_data[0] = &ad_datum; - ad_data[1] = NULL; - - code = krb5_copy_authdata(context, ad_data, ad_kdcissued); - - krb5_free_data(context, data); - krb5_free_checksum_contents(context, &ad_kdci.ad_checksum); - - return code; -} - -krb5_error_code KRB5_CALLCONV -krb5_verify_authdata_kdc_issued(krb5_context context, - const krb5_keyblock *key, - const krb5_authdata *ad_kdcissued, - krb5_principal *issuer, - krb5_authdata ***authdata) -{ - krb5_error_code code; - krb5_ad_kdcissued *ad_kdci; - krb5_data data, *data2; - krb5_boolean valid = FALSE; - - if ((ad_kdcissued->ad_type & AD_TYPE_FIELD_TYPE_MASK) != - KRB5_AUTHDATA_KDC_ISSUED) - return EINVAL; - - if (issuer != NULL) - *issuer = NULL; - if (authdata != NULL) - *authdata = NULL; - - data.length = ad_kdcissued->length; - data.data = (char *)ad_kdcissued->contents; - - code = decode_krb5_ad_kdcissued(&data, &ad_kdci); - if (code != 0) - return code; - - if (!krb5_c_is_keyed_cksum(ad_kdci->ad_checksum.checksum_type)) { - krb5_free_ad_kdcissued(context, ad_kdci); - return KRB5KRB_AP_ERR_INAPP_CKSUM; - } - - code = encode_krb5_authdata(ad_kdci->elements, &data2); - if (code != 0) { - krb5_free_ad_kdcissued(context, ad_kdci); - return code; - } - - code = krb5_c_verify_checksum(context, key, - KRB5_KEYUSAGE_AD_KDCISSUED_CKSUM, - data2, &ad_kdci->ad_checksum, &valid); - if (code != 0) { - krb5_free_ad_kdcissued(context, ad_kdci); - krb5_free_data(context, data2); - return code; - } - - krb5_free_data(context, data2); - - if (valid == FALSE) { - krb5_free_ad_kdcissued(context, ad_kdci); - return KRB5KRB_AP_ERR_BAD_INTEGRITY; - } - - if (issuer != NULL) { - *issuer = ad_kdci->i_principal; - ad_kdci->i_principal = NULL; - } - - if (authdata != NULL) { - *authdata = ad_kdci->elements; - ad_kdci->elements = NULL; - } - - krb5_free_ad_kdcissued(context, ad_kdci); - - return 0; -} diff --git a/src/lib/krb5/krb/int-proto.h b/src/lib/krb5/krb/int-proto.h index 4a8449d54..c5f1243d0 100644 --- a/src/lib/krb5/krb/int-proto.h +++ b/src/lib/krb5/krb/int-proto.h @@ -172,4 +172,7 @@ krb5_error_code krb5int_copy_etypes(const krb5_enctype *old_list, krb5_error_code krb5int_validate_times(krb5_context, krb5_ticket_times *); +krb5_error_code +krb5int_copy_authdatum(krb5_context, const krb5_authdata *, krb5_authdata **); + #endif /* KRB5_INT_FUNC_PROTO__ */ diff --git a/src/lib/krb5/krb/kfree.c b/src/lib/krb5/krb/kfree.c index 6af36019b..2adaa4101 100644 --- a/src/lib/krb5/krb/kfree.c +++ b/src/lib/krb5/krb/kfree.c @@ -133,20 +133,6 @@ krb5_free_authenticator_contents(krb5_context context, krb5_authenticator *val) val->authorization_data = 0; } -void KRB5_CALLCONV -krb5_free_authdata(krb5_context context, krb5_authdata **val) -{ - register krb5_authdata **temp; - - if (val == NULL) - return; - for (temp = val; *temp; temp++) { - free((*temp)->contents); - free(*temp); - } - free(val); -} - void KRB5_CALLCONV krb5_free_authenticator(krb5_context context, krb5_authenticator *val) {