From 2c37608ead53685da16599f888beec2d612b065f Mon Sep 17 00:00:00 2001 From: Tom Yu Date: Tue, 14 Apr 2009 21:07:46 +0000 Subject: [PATCH] pull up r22096, r22097 from trunk ------------------------------------------------------------------------ r22097 | hartmans | 2009-03-16 12:50:30 -0400 (Mon, 16 Mar 2009) | 6 lines Changed paths: M /trunk/src/include/k5-int.h M /trunk/src/lib/krb5/krb/Makefile.in A /trunk/src/lib/krb5/krb/t_authdata.c ticket: 6422 Implement tests for authdata functions Implement some test cases for krb5_merge_authdata and krb5int_find_authdata ------------------------------------------------------------------------ r22096 | hartmans | 2009-03-16 12:50:26 -0400 (Mon, 16 Mar 2009) | 5 lines Changed paths: M /trunk/src/lib/krb5/krb/copy_auth.c subject: Implement krb5int_find_authdata ticket: 6422 Implement a function to find all instances of a particular ad_type in ticket or authenticator authdata. ticket: 6422 version_fixed: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22229 dc483132-0cff-0310-8789-dd5450dbe970 --- src/include/k5-int.h | 5 ++ src/lib/krb5/krb/Makefile.in | 9 ++- src/lib/krb5/krb/copy_auth.c | 89 +++++++++++++++++++++++++++++ src/lib/krb5/krb/t_authdata.c | 102 ++++++++++++++++++++++++++++++++++ 4 files changed, 203 insertions(+), 2 deletions(-) create mode 100644 src/lib/krb5/krb/t_authdata.c diff --git a/src/include/k5-int.h b/src/include/k5-int.h index 7dae8cfc9..5ee39549e 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -2570,6 +2570,11 @@ krb5_error_code krb5_decode_kdc_rep krb5_data *, const krb5_keyblock *, krb5_kdc_rep ** ); +krb5_error_code krb5int_find_authdata +(krb5_context context, krb5_authdata *const * ticket_authdata, + krb5_authdata * const *ap_req_authdata, + krb5_authdatatype ad_type, + krb5_authdata ***results); krb5_error_code krb5_rd_req_decoded (krb5_context, diff --git a/src/lib/krb5/krb/Makefile.in b/src/lib/krb5/krb/Makefile.in index 4e60b0405..5c8fb3d88 100644 --- a/src/lib/krb5/krb/Makefile.in +++ b/src/lib/krb5/krb/Makefile.in @@ -308,6 +308,8 @@ T_DELTAT_OBJS= t_deltat.o deltat.o t_walk_rtree: $(T_WALK_RTREE_OBJS) $(KRB5_BASE_DEPLIBS) $(CC_LINK) -o t_walk_rtree $(T_WALK_RTREE_OBJS) $(KRB5_BASE_LIBS) +t_authdata: t_authdata.o copy_auth.o + $(CC_LINK) -o $@ $< copy_auth.o $(KRB5_BASE_LIBS) t_kerb: $(T_KERB_OBJS) $(KRB5_BASE_DEPLIBS) $(CC_LINK) -o t_kerb $(T_KERB_OBJS) $(KRB5_BASE_LIBS) @@ -323,7 +325,7 @@ t_expand.o : t_expand.c t_expand : $(T_EXPAND_OBJS) $(KRB5_BASE_DEPLIBS) $(CC_LINK) -o t_expand $(T_EXPAND_OBJS) $(KRB5_BASE_LIBS) -TEST_PROGS= t_walk_rtree t_kerb t_ser t_deltat t_expand +TEST_PROGS= t_walk_rtree t_kerb t_ser t_deltat t_expand t_authdata check-unix:: $(TEST_PROGS) KRB5_CONFIG=$(srcdir)/t_krb5.conf ; export KRB5_CONFIG ;\ @@ -356,13 +358,16 @@ check-unix:: $(TEST_PROGS) $(RUN_SETUP) $(VALGRIND) sh $(srcdir)/transit-tests KRB5_CONFIG=$(srcdir)/t_krb5.conf ; export KRB5_CONFIG ;\ $(RUN_SETUP) $(VALGRIND) sh $(srcdir)/walktree-tests + KRB5_CONFIG=$(srcdir)/t_krb5.conf ; export KRB5_CONFIG ;\ + $(RUN_SETUP) $(VALGRIND) ./t_authdata clean:: $(RM) $(OUTPRE)t_walk_rtree$(EXEEXT) $(OUTPRE)t_walk_rtree.$(OBJEXT) \ $(OUTPRE)t_kerb$(EXEEXT) $(OUTPRE)t_kerb.$(OBJEXT) \ $(OUTPRE)t_ser$(EXEEXT) $(OUTPRE)t_ser.$(OBJEXT) \ $(OUTPRE)t_deltat$(EXEEXT) $(OUTPRE)t_deltat.$(OBJEXT) \ - $(OUTPRE)t_expand$(EXEEXT) $(OUTPRE)t_expand.$(OBJEXT) + $(OUTPRE)t_expand$(EXEEXT) $(OUTPRE)t_expand.$(OBJEXT) \ + $(OUTPRE)t_authdata$(EXEEXT) $(OUTPRE)t_authdata.$(OBJEXT) @libobj_frag@ diff --git a/src/lib/krb5/krb/copy_auth.c b/src/lib/krb5/krb/copy_auth.c index 19cd09b90..ca3fb0366 100644 --- a/src/lib/krb5/krb/copy_auth.c +++ b/src/lib/krb5/krb/copy_auth.c @@ -187,3 +187,92 @@ krb5_encode_authdata_container(krb5_context context, return code; } + +struct find_authdata_context { + krb5_authdata **out; + size_t space; + size_t length; +}; + +static krb5_error_code grow_find_authdata +(krb5_context context, struct find_authdata_context *fctx, + krb5_authdata *elem) +{ + krb5_error_code retval = 0; + if (fctx->length == fctx->space) { + krb5_authdata **new; + if (fctx->space >= 256) { + krb5_set_error_message(context, ERANGE, "More than 256 authdata matched a query"); + return ERANGE; + } + new = realloc(fctx->out, + sizeof (krb5_authdata *)*(2*fctx->space+1)); + if (new == NULL) + return ENOMEM; + fctx->out = new; + fctx->space *=2; + } + fctx->out[fctx->length+1] = NULL; + retval = krb5_copy_authdatum(context, elem, + &fctx->out[fctx->length]); + if (retval == 0) + fctx->length++; + return retval; +} + + + + +static krb5_error_code find_authdata_1 +(krb5_context context, krb5_authdata *const *in_authdat, krb5_authdatatype ad_type, + struct find_authdata_context *fctx) +{ + int i = 0; + krb5_error_code retval=0; + + for (i = 0; in_authdat[i]; i++) { + krb5_authdata *ad = in_authdat[i]; + if (ad->ad_type == ad_type && retval ==0) + retval = grow_find_authdata(context, fctx, ad); + else switch (ad->ad_type) { + krb5_authdata **decoded_container; + case KRB5_AUTHDATA_IF_RELEVANT: + if (retval == 0) + retval = krb5_decode_authdata_container( context, ad->ad_type, ad, &decoded_container); + if (retval == 0) { + retval = find_authdata_1(context, + decoded_container, ad_type, fctx); + krb5_free_authdata(context, decoded_container); + } + break; + default: + break; + } + } + return retval; +} + + +krb5_error_code krb5int_find_authdata +(krb5_context context, krb5_authdata *const * ticket_authdata, + krb5_authdata * const *ap_req_authdata, + krb5_authdatatype ad_type, + krb5_authdata ***results) +{ + krb5_error_code retval = 0; + struct find_authdata_context fctx; + fctx.length = 0; + fctx.space = 2; + fctx.out = calloc(fctx.space+1, sizeof (krb5_authdata *)); + *results = NULL; + if (fctx.out == NULL) + return ENOMEM; + if (ticket_authdata) + retval = find_authdata_1( context, ticket_authdata, ad_type, &fctx); + if ((retval==0) && ap_req_authdata) + retval = find_authdata_1( context, ap_req_authdata, ad_type, &fctx); + if ((retval== 0) && fctx.length) + *results = fctx.out; + else krb5_free_authdata(context, fctx.out); + return retval; +} diff --git a/src/lib/krb5/krb/t_authdata.c b/src/lib/krb5/krb/t_authdata.c new file mode 100644 index 000000000..5bacf5f64 --- /dev/null +++ b/src/lib/krb5/krb/t_authdata.c @@ -0,0 +1,102 @@ +/* + * lib/krb5/krb/t_authdata.c + * + * Copyright (C) 2009 by the Massachusetts Institute of Technology. + * All rights reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * + * + * Test authorization data search + */ + +#include +#include +#include +#include + +krb5_authdata ad1 = { + KV5M_AUTHDATA, + 22, + 4, + (unsigned char *) "abcd"}; +krb5_authdata ad2 = { + KV5M_AUTHDATA, + 23, + 5, + (unsigned char *) "abcde" +}; + +krb5_authdata ad3= { + KV5M_AUTHDATA, + 22, + 3, + (unsigned char *) "ab" +}; +/* we want three results in the return from krb5int_find_authdata so +it has to grow its list. +*/ +krb5_authdata ad4 = { + KV5M_AUTHDATA, + 22, + 5, + (unsigned char *)"abcd" +}; + +krb5_authdata *adseq1[] = {&ad1, &ad2, &ad4, NULL}; + +krb5_authdata *adseq2[] = {&ad3, NULL}; + +static void compare_authdata(const krb5_authdata *adc1, krb5_authdata *adc2) { + assert(adc1->ad_type == adc2->ad_type); + assert(adc1->length == adc2->length); + assert(memcmp(adc1->contents, adc2->contents, adc1->length) == 0); +} + +int main() +{ + krb5_context context; + krb5_authdata **results; + krb5_authdata *container[2]; + krb5_authdata **container_out; + + + assert(krb5_init_context(&context) == 0); + assert(krb5_merge_authdata(context, adseq1, adseq2, &results) == 0); + compare_authdata(results[0], &ad1); + compare_authdata( results[1], &ad2); + compare_authdata(results[2], &ad4); + compare_authdata( results[3], &ad3); + assert(results[4] == NULL); + krb5_free_authdata(context, results); + container[0] = &ad3; + container[1] = NULL; + assert(krb5_encode_authdata_container( context, KRB5_AUTHDATA_IF_RELEVANT, container, &container_out) == 0); + assert(krb5int_find_authdata(context, + adseq1, container_out, 22, &results) == 0); + compare_authdata(&ad1, results[0]); + compare_authdata( results[1], &ad4); + compare_authdata( results[2], &ad3); + assert( results[3] == NULL); + krb5_free_authdata(context, results); + krb5_free_authdata(context, container_out); + return 0; +} -- 2.26.2