From: Theodore Tso Date: Mon, 14 Nov 1994 21:36:09 +0000 (+0000) Subject: Move mk_cred and rd_cred to libkrb.a X-Git-Tag: krb5-1.0-beta5~988 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=f96c916f5bd6ca590b6d139b07eacc8d782efcce;p=krb5.git Move mk_cred and rd_cred to libkrb.a git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@4660 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/appl/bsd/ChangeLog b/src/appl/bsd/ChangeLog index 281492994..f24494fd6 100644 --- a/src/appl/bsd/ChangeLog +++ b/src/appl/bsd/ChangeLog @@ -1,3 +1,8 @@ +Fri Nov 11 00:53:57 1994 Theodore Y. Ts'o (tytso@dcl) + + * forward.c (mk_cred, rd_cred): Move mk_cred and rd_cred to + libkrb.a. + Tue Nov 8 23:52:58 1994 Theodore Y. Ts'o (tytso@dcl) * krshd.c (setpgrp): Defining setpgrp(a,b) to setpgrp() if diff --git a/src/appl/bsd/forward.c b/src/appl/bsd/forward.c index 47dd2adaa..0819dee99 100644 --- a/src/appl/bsd/forward.c +++ b/src/appl/bsd/forward.c @@ -19,7 +19,6 @@ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ - /* General-purpose forwarding routines. These routines may be put into */ /* libkrb5.a to allow widespread use */ @@ -38,8 +37,6 @@ /* helper function: convert flags to necessary KDC options */ #define flags2options(flags) (flags & KDC_TKT_COMMON_MASK) - - /* Get a TGT for use at the remote host */ krb5_error_code get_for_creds(etype, sumtype, rhost, client, enc_key, forwardable, outbuf) @@ -226,150 +223,6 @@ errout: } - -/* Create asn.1 encoded KRB-CRED message from the kdc reply. */ -krb5_error_code -mk_cred(dec_rep, etype, key, sender_addr, recv_addr, outbuf) -krb5_kdc_rep *dec_rep; -krb5_enctype etype; -krb5_keyblock *key; -krb5_address *sender_addr; -krb5_address *recv_addr; -krb5_data *outbuf; -{ - krb5_error_code retval; - krb5_encrypt_block eblock; - krb5_cred ret_cred; - krb5_cred_enc_part cred_enc_part; - krb5_data *scratch; - - if (!valid_etype(etype)) - return KRB5_PROG_ETYPE_NOSUPP; - - ret_cred.tickets = (krb5_ticket **) calloc(2, sizeof(*ret_cred.tickets)); - if (!ret_cred.tickets) - return ENOMEM; - ret_cred.tickets[0] = dec_rep->ticket; - ret_cred.tickets[1] = 0; - - ret_cred.enc_part.etype = etype; - ret_cred.enc_part.kvno = 0; - - cred_enc_part.ticket_info = (krb5_cred_info **) - calloc(2, sizeof(*cred_enc_part.ticket_info)); - if (!cred_enc_part.ticket_info) { - krb5_free_tickets(ret_cred.tickets); - return ENOMEM; - } - cred_enc_part.ticket_info[0] = (krb5_cred_info *) - malloc(sizeof(*cred_enc_part.ticket_info[0])); - if (!cred_enc_part.ticket_info[0]) { - krb5_free_tickets(ret_cred.tickets); - krb5_free_cred_enc_part(cred_enc_part); - return ENOMEM; - } - cred_enc_part.nonce = 0; - - if (retval = krb5_us_timeofday(&cred_enc_part.timestamp, - &cred_enc_part.usec)) - return retval; - - cred_enc_part.s_address = (krb5_address *)sender_addr; - cred_enc_part.r_address = (krb5_address *)recv_addr; - - cred_enc_part.ticket_info[0]->session = dec_rep->enc_part2->session; - cred_enc_part.ticket_info[0]->client = dec_rep->client; - cred_enc_part.ticket_info[0]->server = dec_rep->enc_part2->server; - cred_enc_part.ticket_info[0]->flags = dec_rep->enc_part2->flags; - cred_enc_part.ticket_info[0]->times = dec_rep->enc_part2->times; - cred_enc_part.ticket_info[0]->caddrs = dec_rep->enc_part2->caddrs; - - cred_enc_part.ticket_info[1] = 0; - - /* start by encoding to-be-encrypted part of the message */ - - if (retval = encode_krb5_enc_cred_part(&cred_enc_part, &scratch)) - return retval; - -#define cleanup_scratch() { (void) memset(scratch->data, 0, scratch->length); krb5_free_data(scratch); } - - /* put together an eblock for this encryption */ - - krb5_use_cstype(&eblock, etype); - ret_cred.enc_part.ciphertext.length = krb5_encrypt_size(scratch->length, - eblock.crypto_entry); - /* add padding area, and zero it */ - if (!(scratch->data = realloc(scratch->data, - ret_cred.enc_part.ciphertext.length))) { - /* may destroy scratch->data */ - krb5_xfree(scratch); - return ENOMEM; - } - memset(scratch->data + scratch->length, 0, - ret_cred.enc_part.ciphertext.length - scratch->length); - if (!(ret_cred.enc_part.ciphertext.data = - malloc(ret_cred.enc_part.ciphertext.length))) { - retval = ENOMEM; - goto clean_scratch; - } - -#define cleanup_encpart() {\ - (void) memset(ret_cred.enc_part.ciphertext.data, 0, \ - ret_cred.enc_part.ciphertext.length); \ - free(ret_cred.enc_part.ciphertext.data); \ - ret_cred.enc_part.ciphertext.length = 0; \ - ret_cred.enc_part.ciphertext.data = 0;} - - /* do any necessary key pre-processing */ - if (retval = krb5_process_key(&eblock, key)) { - goto clean_encpart; - } - -#define cleanup_prockey() {(void) krb5_finish_key(&eblock);} - - /* call the encryption routine */ - if (retval = krb5_encrypt((krb5_pointer) scratch->data, - (krb5_pointer) - ret_cred.enc_part.ciphertext.data, - scratch->length, &eblock, - 0)) { - goto clean_prockey; - } - - /* private message is now assembled-- do some cleanup */ - cleanup_scratch(); - - if (retval = krb5_finish_key(&eblock)) { - cleanup_encpart(); - return retval; - } - /* encode private message */ - if (retval = encode_krb5_cred(&ret_cred, &scratch)) { - cleanup_encpart(); - return retval; - } - - cleanup_encpart(); - - *outbuf = *scratch; - krb5_xfree(scratch); - return 0; - - clean_prockey: - cleanup_prockey(); - clean_encpart: - cleanup_encpart(); - clean_scratch: - cleanup_scratch(); - - return retval; -#undef cleanup_prockey -#undef cleanup_encpart -#undef cleanup_scratch -} - - - /* Decode, decrypt and store the forwarded creds in the local ccache. */ krb5_error_code rd_and_store_for_creds(inbuf, ticket, lusername) @@ -421,191 +274,4 @@ rd_and_store_for_creds(inbuf, ticket, lusername) return retval; } - - -extern krb5_deltat krb5_clockskew; -#define in_clock_skew(date) (abs((date)-currenttime) < krb5_clockskew) - -/* Decode the KRB-CRED message, and return creds */ -krb5_error_code -rd_cred(inbuf, key, creds, sender_addr, recv_addr) -const krb5_data *inbuf; -const krb5_keyblock *key; -krb5_creds *creds; /* Filled in */ -const krb5_address *sender_addr; /* optional */ -const krb5_address *recv_addr; /* optional */ -{ - krb5_error_code retval; - krb5_encrypt_block eblock; - krb5_cred *credmsg; - krb5_cred_enc_part *credmsg_enc_part; - krb5_data *scratch; - krb5_timestamp currenttime; - - if (!krb5_is_krb_cred(inbuf)) - return KRB5KRB_AP_ERR_MSG_TYPE; - - /* decode private message */ - if (retval = decode_krb5_cred(inbuf, &credmsg)) { - return retval; - } - -#define cleanup_credmsg() {(void)krb5_xfree(credmsg->enc_part.ciphertext.data); (void)krb5_xfree(credmsg);} - - if (!(scratch = (krb5_data *) malloc(sizeof(*scratch)))) { - cleanup_credmsg(); - return ENOMEM; - } - -#define cleanup_scratch() {(void)memset(scratch->data, 0, scratch->length); (void)krb5_xfree(scratch->data);} - - if (retval = encode_krb5_ticket(credmsg->tickets[0], &scratch)) { - cleanup_credmsg(); - cleanup_scratch(); - return(retval); - } - - creds->ticket = *scratch; - if (!(creds->ticket.data = malloc(scratch->length))) { - krb5_xfree(creds->ticket.data); - return ENOMEM; - } - memcpy((char *)creds->ticket.data, (char *) scratch->data, scratch->length); - - cleanup_scratch(); - - if (!valid_etype(credmsg->enc_part.etype)) { - cleanup_credmsg(); - return KRB5_PROG_ETYPE_NOSUPP; - } - - /* put together an eblock for this decryption */ - - krb5_use_cstype(&eblock, credmsg->enc_part.etype); - scratch->length = credmsg->enc_part.ciphertext.length; - - if (!(scratch->data = malloc(scratch->length))) { - cleanup_credmsg(); - return ENOMEM; - } - - /* do any necessary key pre-processing */ - if (retval = krb5_process_key(&eblock, key)) { - cleanup_credmsg(); - cleanup_scratch(); - return retval; - } - -#define cleanup_prockey() {(void) krb5_finish_key(&eblock);} - - /* call the decryption routine */ - if (retval = krb5_decrypt((krb5_pointer) credmsg->enc_part.ciphertext.data, - (krb5_pointer) scratch->data, - scratch->length, &eblock, - 0)) { - cleanup_credmsg(); - cleanup_scratch(); - cleanup_prockey(); - return retval; - } - - /* cred message is now decrypted -- do some cleanup */ - - cleanup_credmsg(); - - if (retval = krb5_finish_key(&eblock)) { - cleanup_scratch(); - return retval; - } - - /* now decode the decrypted stuff */ - if (retval = decode_krb5_enc_cred_part(scratch, &credmsg_enc_part)) { - cleanup_scratch(); - return retval; - } - cleanup_scratch(); - -#define cleanup_mesg() {(void)krb5_xfree(credmsg_enc_part);} - - if (retval = krb5_timeofday(¤ttime)) { - cleanup_mesg(); - return retval; - } - if (!in_clock_skew(credmsg_enc_part->timestamp)) { - cleanup_mesg(); - return KRB5KRB_AP_ERR_SKEW; - } - - if (sender_addr && credmsg_enc_part->s_address && - !krb5_address_compare(sender_addr, - credmsg_enc_part->s_address)) { - cleanup_mesg(); - return KRB5KRB_AP_ERR_BADADDR; - } - if (recv_addr && credmsg_enc_part->r_address && - !krb5_address_compare(recv_addr, - credmsg_enc_part->r_address)) { - cleanup_mesg(); - return KRB5KRB_AP_ERR_BADADDR; - } - - if (credmsg_enc_part->r_address) { - krb5_address **our_addrs; - - if (retval = krb5_os_localaddr(&our_addrs)) { - cleanup_mesg(); - return retval; - } - if (!krb5_address_search(credmsg_enc_part->r_address, - our_addrs)) { - krb5_free_addresses(our_addrs); - cleanup_mesg(); - return KRB5KRB_AP_ERR_BADADDR; - } - krb5_free_addresses(our_addrs); - } - - if (retval = krb5_copy_principal(credmsg_enc_part->ticket_info[0]->client, - &creds->client)) { - return(retval); - } - - if (retval = krb5_copy_principal(credmsg_enc_part->ticket_info[0]->server, - &creds->server)) { - return(retval); - } - - if (retval = - krb5_copy_keyblock_contents(credmsg_enc_part->ticket_info[0]->session, - &creds->keyblock)) { - return(retval); - } - -#undef clean -#define clean() {\ - memset((char *)creds->keyblock.contents, 0, creds->keyblock.length);} - - creds->times = credmsg_enc_part->ticket_info[0]->times; - creds->is_skey = FALSE; - creds->ticket_flags = credmsg_enc_part->ticket_info[0]->flags; - - if (retval = krb5_copy_addresses(credmsg_enc_part->ticket_info[0]->caddrs, - &creds->addresses)) { - clean(); - return(retval); - } - - creds->second_ticket.length = 0; - - creds->authdata = 0; - - cleanup_mesg(); - return 0; -#undef clean -#undef cleanup_credmsg -#undef cleanup_scratch -#undef cleanup_prockey -#undef cleanup_mesg -} - #endif /* KERBEROS */