From 46bf914e3e87c0a3adaaa7ee06f839878619c1a7 Mon Sep 17 00:00:00 2001 From: Theodore Tso Date: Wed, 22 Sep 1993 00:43:22 +0000 Subject: [PATCH] Merged in ISI's modified CRED-INFO patches git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@2647 dc483132-0cff-0310-8789-dd5450dbe970 --- src/appl/bsd/forward.c | 69 +++++------ src/include/krb5/krb5.h | 19 +-- src/lib/krb5/asn.1/KRB5-asn.py | 37 +++--- src/lib/krb5/asn.1/crep2kcrep.c | 190 +++++++++++++++--------------- src/lib/krb5/asn.1/kcrep2crep.c | 197 +++++++++++++++++--------------- src/lib/krb5/asn.1/kpwds2pwds.c | 8 +- src/lib/krb5/asn.1/pwds2kpwds.c | 2 +- src/lib/krb5/free/f_cred_enc.c | 13 ++- 8 files changed, 284 insertions(+), 251 deletions(-) diff --git a/src/appl/bsd/forward.c b/src/appl/bsd/forward.c index cdeb87873..cef8ec6fa 100644 --- a/src/appl/bsd/forward.c +++ b/src/appl/bsd/forward.c @@ -30,7 +30,7 @@ static char *rcsid_forward_c = /* General-purpose forwarding routines. These routines may be put into */ /* libkrb5.a to allow widespread use */ -#ifdef KERBEROS +#if defined(KERBEROS) || defined(KRB5) #include #include #include @@ -76,9 +76,9 @@ get_for_creds(etype, sumtype, rhost, client, enc_key, forwardable, outbuf) if (!rhost || !(hp = gethostbyname(rhost))) return KRB5_ERR_BAD_HOSTNAME; - remote_host = malloc(strlen(hp->h_name)+1); + remote_host = (char *) malloc(strlen(hp->h_name)+1); if (!remote_host) - return ENOMEM; + return ENOMEM; strcpy(remote_host, hp->h_name); if (retval = krb5_get_host_realm(remote_host, &hrealms)) { @@ -266,35 +266,36 @@ krb5_data *outbuf; ret_cred.enc_part.etype = etype; ret_cred.enc_part.kvno = 0; - cred_enc_part.creds = (krb5_cred_enc_struct **) - calloc(2, sizeof(*cred_enc_part.creds)); - if (!cred_enc_part.creds) { + cred_enc_part.ticket_info = (krb5_cred_info **) + calloc(2, sizeof(*cred_enc_part.ticket_info)); + if (!cred_enc_part.ticket_info) { krb5_free_tickets(ret_cred.tickets); return ENOMEM; } - cred_enc_part.creds[0] = (krb5_cred_enc_struct *) - malloc(sizeof(*cred_enc_part.creds[0])); - if (!cred_enc_part.creds[0]) { + cred_enc_part.ticket_info[0] = (krb5_cred_info *) + malloc(sizeof(*cred_enc_part.ticket_info[0])); + if (!cred_enc_part.ticket_info[0]) { krb5_free_tickets(ret_cred.tickets); krb5_free_cred_enc_part(cred_enc_part); return ENOMEM; } - cred_enc_part.creds[0]->session = dec_rep->enc_part2->session; - cred_enc_part.creds[0]->nonce = 0; + cred_enc_part.nonce = 0; - if (retval = krb5_us_timeofday(&cred_enc_part.creds[0]->timestamp, - &cred_enc_part.creds[0]->usec)) + if (retval = krb5_us_timeofday(&cred_enc_part.timestamp, + &cred_enc_part.usec)) return retval; - cred_enc_part.creds[0]->s_address = (krb5_address *)sender_addr; - cred_enc_part.creds[0]->r_address = (krb5_address *)recv_addr; - cred_enc_part.creds[0]->client = dec_rep->client; - cred_enc_part.creds[0]->server = dec_rep->enc_part2->server; - cred_enc_part.creds[0]->flags = dec_rep->enc_part2->flags; - cred_enc_part.creds[0]->times = dec_rep->enc_part2->times; - cred_enc_part.creds[0]->caddrs = dec_rep->enc_part2->caddrs; + cred_enc_part.s_address = (krb5_address *)sender_addr; + cred_enc_part.r_address = (krb5_address *)recv_addr; + + cred_enc_part.ticket_info[0]->session = dec_rep->enc_part2->session; + cred_enc_part.ticket_info[0]->client = dec_rep->client; + cred_enc_part.ticket_info[0]->server = dec_rep->enc_part2->server; + cred_enc_part.ticket_info[0]->flags = dec_rep->enc_part2->flags; + cred_enc_part.ticket_info[0]->times = dec_rep->enc_part2->times; + cred_enc_part.ticket_info[0]->caddrs = dec_rep->enc_part2->caddrs; - cred_enc_part.creds[1] = 0; + cred_enc_part.ticket_info[1] = 0; /* start by encoding to-be-encrypted part of the message */ @@ -535,32 +536,32 @@ const krb5_address *recv_addr; /* optional */ cleanup_mesg(); return retval; } - if (!in_clock_skew(credmsg_enc_part->creds[0]->timestamp)) { + if (!in_clock_skew(credmsg_enc_part->timestamp)) { cleanup_mesg(); return KRB5KRB_AP_ERR_SKEW; } - if (sender_addr && credmsg_enc_part->creds[0]->s_address && + if (sender_addr && credmsg_enc_part->s_address && !krb5_address_compare(sender_addr, - credmsg_enc_part->creds[0]->s_address)) { + credmsg_enc_part->s_address)) { cleanup_mesg(); return KRB5KRB_AP_ERR_BADADDR; } - if (recv_addr && credmsg_enc_part->creds[0]->r_address && + if (recv_addr && credmsg_enc_part->r_address && !krb5_address_compare(recv_addr, - credmsg_enc_part->creds[0]->r_address)) { + credmsg_enc_part->r_address)) { cleanup_mesg(); return KRB5KRB_AP_ERR_BADADDR; } - if (credmsg_enc_part->creds[0]->r_address) { + if (credmsg_enc_part->r_address) { krb5_address **our_addrs; if (retval = krb5_os_localaddr(&our_addrs)) { cleanup_mesg(); return retval; } - if (!krb5_address_search(credmsg_enc_part->creds[0]->r_address, + if (!krb5_address_search(credmsg_enc_part->r_address, our_addrs)) { krb5_free_addresses(our_addrs); cleanup_mesg(); @@ -569,18 +570,18 @@ const krb5_address *recv_addr; /* optional */ krb5_free_addresses(our_addrs); } - if (retval = krb5_copy_principal(credmsg_enc_part->creds[0]->client, + if (retval = krb5_copy_principal(credmsg_enc_part->ticket_info[0]->client, &creds->client)) { return(retval); } - if (retval = krb5_copy_principal(credmsg_enc_part->creds[0]->server, + if (retval = krb5_copy_principal(credmsg_enc_part->ticket_info[0]->server, &creds->server)) { return(retval); } if (retval = - krb5_copy_keyblock_contents(credmsg_enc_part->creds[0]->session, + krb5_copy_keyblock_contents(credmsg_enc_part->ticket_info[0]->session, &creds->keyblock)) { return(retval); } @@ -589,11 +590,11 @@ const krb5_address *recv_addr; /* optional */ #define clean() {\ memset((char *)creds->keyblock.contents, 0, creds->keyblock.length);} - creds->times = credmsg_enc_part->creds[0]->times; + creds->times = credmsg_enc_part->ticket_info[0]->times; creds->is_skey = FALSE; - creds->ticket_flags = credmsg_enc_part->creds[0]->flags; + creds->ticket_flags = credmsg_enc_part->ticket_info[0]->flags; - if (retval = krb5_copy_addresses(credmsg_enc_part->creds[0]->caddrs, + if (retval = krb5_copy_addresses(credmsg_enc_part->ticket_info[0]->caddrs, &creds->addresses)) { clean(); return(retval); diff --git a/src/include/krb5/krb5.h b/src/include/krb5/krb5.h index c7c082cc9..15a4bddcc 100644 --- a/src/include/krb5/krb5.h +++ b/src/include/krb5/krb5.h @@ -47,7 +47,8 @@ /* Time set */ typedef struct _krb5_ticket_times { - krb5_timestamp authtime; + krb5_timestamp authtime; /* XXX ? should ktime in KDC_REP == authtime + in ticket? otherwise client can't get this */ krb5_timestamp starttime; /* optional in ticket, if not present, use authtime */ krb5_timestamp endtime; @@ -245,24 +246,24 @@ typedef struct _krb5_cred { krb5_enc_data enc_part; /* encrypted part */ } krb5_cred; -typedef struct _krb5_cred_enc_struct { +typedef struct _krb5_cred_info { krb5_keyblock* session; /* session key used to encrypt */ /* ticket */ - krb5_int32 nonce; /* nonce, optional */ - krb5_timestamp timestamp; /* client time */ - krb5_int32 usec; /* microsecond portion of time */ - krb5_address *s_address; /* sender address, optional */ - krb5_address *r_address; /* recipient address, optional */ krb5_principal client; /* client name/realm, optional */ krb5_principal server; /* server name/realm, optional */ krb5_flags flags; /* ticket flags, optional */ krb5_ticket_times times; /* auth, start, end, renew_till, */ /* optional */ krb5_address **caddrs; /* array of ptrs to addresses */ -} krb5_cred_enc_struct; +} krb5_cred_info; typedef struct _krb5_cred_enc_part { - krb5_cred_enc_struct **creds; + krb5_int32 nonce; /* nonce, optional */ + krb5_timestamp timestamp; /* client time */ + krb5_int32 usec; /* microsecond portion of time */ + krb5_address *s_address; /* sender address, optional */ + krb5_address *r_address; /* recipient address, optional */ + krb5_cred_info **ticket_info; } krb5_cred_enc_part; /* these need to be here so the typedefs are available for the prototypes */ diff --git a/src/lib/krb5/asn.1/KRB5-asn.py b/src/lib/krb5/asn.1/KRB5-asn.py index 6f42b9d9d..60a66f6f9 100644 --- a/src/lib/krb5/asn.1/KRB5-asn.py +++ b/src/lib/krb5/asn.1/KRB5-asn.py @@ -255,8 +255,7 @@ EncKrbPrivPart ::= [APPLICATION 28] SEQUENCE { r-address[5] HostAddress OPTIONAL -- recip's addr } --- These two definitions are added to allow easy forwarding of --- credentials. +-- The KRB-CRED message allows easy forwarding of credentials. KRB-CRED ::= [APPLICATION 22] SEQUENCE { pvno[0] INTEGER, @@ -265,23 +264,27 @@ KRB-CRED ::= [APPLICATION 22] SEQUENCE { enc-part[3] EncryptedData -- EncKrbCredPart } -EncKrbCredPart ::= [APPLICATION 29] SEQUENCE OF SEQUENCE { - key[0] EncryptionKey, +EncKrbCredPart ::= [APPLICATION 29] SEQUENCE { + ticket-info[0] SEQUENCE OF KRB-CRED-INFO, nonce[1] INTEGER OPTIONAL, - timestamp[2] KerberosTime, - usec[3] INTEGER, + timestamp[2] KerberosTime OPTIONAL, + usec[3] INTEGER OPTIONAL, s-address[4] HostAddress OPTIONAL, - r-address[5] HostAddress OPTIONAL, - prealm[6] Realm OPTIONAL, - pname[7] PrincipalName OPTIONAL, - flags[8] TicketFlags OPTIONAL, - authtime[9] KerberosTime OPTIONAL, - starttime[10] KerberosTime OPTIONAL, - endtime[11] KerberosTime OPTIONAL, - renew-till[12] KerberosTime OPTIONAL, - srealm[13] Realm OPTIONAL, - sname[14] PrincipalName OPTIONAL, - caddr[15] HostAddresses OPTIONAL + r-address[5] HostAddress OPTIONAL +} + +KRB-CRED-INFO ::= SEQUENCE { + key[0] EncryptionKey, + prealm[1] Realm OPTIONAL, + pname[2] PrincipalName OPTIONAL, + flags[3] TicketFlags OPTIONAL, + authtime[4] KerberosTime OPTIONAL, + starttime[5] KerberosTime OPTIONAL, + endtime[6] KerberosTime OPTIONAL, + renew-till[7] KerberosTime OPTIONAL, + srealm[8] Realm OPTIONAL, + sname[9] PrincipalName OPTIONAL, + caddr[10] HostAddresses OPTIONAL } KRB-ERROR ::= [APPLICATION 30] SEQUENCE { diff --git a/src/lib/krb5/asn.1/crep2kcrep.c b/src/lib/krb5/asn.1/crep2kcrep.c index 8428eb512..11cae366d 100644 --- a/src/lib/krb5/asn.1/crep2kcrep.c +++ b/src/lib/krb5/asn.1/crep2kcrep.c @@ -48,8 +48,7 @@ register int *error; { register krb5_cred_enc_part *retval; register int i; - register const struct type_KRB5_EncKrbCredPart *rv; - register const struct element_KRB5_14 *rv2; + register const struct element_KRB5_13 *rv; retval = (krb5_cred_enc_part *)xmalloc(sizeof(*retval)); if (!retval) { @@ -58,122 +57,133 @@ register int *error; } xbzero((char *)retval, sizeof(*retval)); - for (i = 0, rv = val; rv; i++, rv = rv->next); + /* Count ticket_info */ + for (i = 0, rv = val->ticket__info; rv; i++, rv = rv->next); /* plus one for null terminator */ - retval->creds = (krb5_cred_enc_struct **) xcalloc(i + 1, sizeof(*retval->creds)); - if (!retval->creds) { + retval->ticket_info = (krb5_cred_info **) + xcalloc(i + 1, sizeof(*retval->ticket_info)); + if (!retval->ticket_info) { nomem: *error = ENOMEM; return(0); } - - for (i = 0, rv = val; rv; rv = rv->next, i++) { - rv2 = rv->element_KRB5_13; - retval->creds[i] = (krb5_cred_enc_struct *) xmalloc(sizeof(*retval->creds[i])); - if (!retval->creds[i]) { - krb5_free_cred_enc_part(retval); - goto nomem; - } - xbzero((char *)retval->creds[i], sizeof(*retval->creds[i])); - - retval->creds[i]->session = KRB5_EncryptionKey2krb5_keyblock(rv2->key, error); - if (!retval->creds[i]->session) { - xfree(retval->creds[i]); - return(0); - } - - if (rv2->optionals & opt_KRB5_element_KRB5_14_nonce) - retval->creds[i]->nonce = rv2->nonce; - else - retval->creds[i]->nonce = 0; - - retval->creds[i]->timestamp = gentime2unix(rv2->timestamp, error); + + if (val->optionals & opt_KRB5_EncKrbCredPart_nonce) + retval->nonce = val->nonce; + else + retval->nonce = 0; + + if (val->timestamp) { + retval->timestamp = gentime2unix(val->timestamp, error); if (*error) { errout: - krb5_free_cred_enc_part(retval->creds[i]); + krb5_free_cred_enc_part(retval); return(0); } - retval->creds[i]->usec = rv2->usec; - - if (rv2->s__address) { - retval->creds[i]->s_address = KRB5_HostAddress2krb5_addr(rv2->s__address, - error); - if (!retval->creds[i]->s_address) { - goto errout; - } + } + + if (val->optionals & opt_KRB5_EncKrbCredPart_usec) + retval->usec = val->usec; + else + retval->timestamp = 0; + + if (val->s__address) { + retval->s_address = + KRB5_HostAddress2krb5_addr(val->s__address, + error); + if (!retval->s_address) { + goto errout; } - - if (rv2->r__address) { - retval->creds[i]->r_address = KRB5_HostAddress2krb5_addr(rv2->r__address, - error); - if (!retval->creds[i]->r_address) { - goto errout; - } + } + + if (val->r__address) { + retval->r_address = + KRB5_HostAddress2krb5_addr(val->r__address, + error); + if (!retval->r_address) { + goto errout; + } + } + + for (i = 0, rv = val->ticket__info; rv; rv = rv->next, i++) { + retval->ticket_info[i] = (krb5_cred_info *) + xmalloc(sizeof(*retval->ticket_info[i])); + if (!retval->ticket_info[i]) { + krb5_free_cred_enc_part(retval); + goto nomem; } + xbzero((char *)retval->ticket_info[i], + sizeof(*retval->ticket_info[i])); + + retval->ticket_info[i]->session = + KRB5_EncryptionKey2krb5_keyblock(rv->KRB__CRED__INFO->key, error); + if (!retval->ticket_info[i]->session) + goto errout; - if (rv2->pname && rv2->prealm) { - retval->creds[i]->client = KRB5_PrincipalName2krb5_principal(rv2->pname, - rv2->prealm, - error); - if (!retval->creds[i]->client) { - goto errout; - } + if (rv->KRB__CRED__INFO->pname && rv->KRB__CRED__INFO->prealm) { + retval->ticket_info[i]->client = + KRB5_PrincipalName2krb5_principal(rv->KRB__CRED__INFO->pname, + rv->KRB__CRED__INFO->prealm, + error); + if (!retval->ticket_info[i]->client) + goto errout; } - if (rv2->sname && rv2->srealm) { - retval->creds[i]->server = KRB5_PrincipalName2krb5_principal(rv2->sname, - rv2->srealm, - error); - if (!retval->creds[i]->server) { - goto errout; - } + if (rv->KRB__CRED__INFO->sname && rv->KRB__CRED__INFO->srealm) { + retval->ticket_info[i]->server = + KRB5_PrincipalName2krb5_principal(rv->KRB__CRED__INFO->sname, + rv->KRB__CRED__INFO->srealm, + error); + if (!retval->ticket_info[i]->server) + goto errout; } - if (rv2->flags) { - retval->creds[i]->flags = KRB5_TicketFlags2krb5_flags(rv2->flags, error); - if (*error) { - xfree(retval->creds[i]); - return(0); - } + if (rv->KRB__CRED__INFO->flags) { + retval->ticket_info[i]->flags = + KRB5_TicketFlags2krb5_flags(rv->KRB__CRED__INFO->flags, error); + if (*error) + goto errout; } - if (rv2->authtime) { - retval->creds[i]->times.authtime = gentime2unix(rv2->authtime, error); - if (*error) { - goto errout; - } + if (rv->KRB__CRED__INFO->authtime) { + retval->ticket_info[i]->times.authtime = + gentime2unix(rv->KRB__CRED__INFO->authtime, error); + if (*error) + goto errout; } - if (rv2->starttime) { - retval->creds[i]->times.starttime = gentime2unix(rv2->starttime, error); - if (*error) { - goto errout; - } + if (rv->KRB__CRED__INFO->starttime) { + retval->ticket_info[i]->times.starttime = + gentime2unix(rv->KRB__CRED__INFO->starttime, error); + if (*error) + goto errout; } - if (rv2->endtime) { - retval->creds[i]->times.endtime = gentime2unix(rv2->endtime, error); - if (*error) { - goto errout; - } + if (rv->KRB__CRED__INFO->endtime) { + retval->ticket_info[i]->times.endtime = + gentime2unix(rv->KRB__CRED__INFO->endtime, error); + if (*error) + goto errout; } - if ((retval->creds[i]->flags & TKT_FLG_RENEWABLE) && rv2->renew__till) { - retval->creds[i]->times.renew_till = gentime2unix(rv2->renew__till, error); - if (*error) { - goto errout; - } + if ((retval->ticket_info[i]->flags & TKT_FLG_RENEWABLE) && + rv->KRB__CRED__INFO->renew__till) { + retval->ticket_info[i]->times.renew_till = + gentime2unix(rv->KRB__CRED__INFO->renew__till, error); + if (*error) + goto errout; } - if (rv2->caddr) { - retval->creds[i]->caddrs = KRB5_HostAddresses2krb5_address(rv2->caddr, - error); - if (!retval->creds[i]->caddrs) { - goto errout; - } + if (rv->KRB__CRED__INFO->caddr) { + retval->ticket_info[i]->caddrs = + KRB5_HostAddresses2krb5_address(rv->KRB__CRED__INFO->caddr, + error); + if (!retval->ticket_info[i]->caddrs) + goto errout; } } - retval->creds[i] = 0; + + retval->ticket_info[i] = 0; return(retval); } diff --git a/src/lib/krb5/asn.1/kcrep2crep.c b/src/lib/krb5/asn.1/kcrep2crep.c index 4ab1d666f..3c48216a0 100644 --- a/src/lib/krb5/asn.1/kcrep2crep.c +++ b/src/lib/krb5/asn.1/kcrep2crep.c @@ -46,143 +46,160 @@ krb5_cred_enc_part2KRB5_EncKrbCredPart(val, error) const register krb5_cred_enc_part *val; register int *error; { - register struct type_KRB5_EncKrbCredPart *retval = 0, *rv1 = 0, *rv2; - register krb5_cred_enc_struct * const *temp; + struct type_KRB5_EncKrbCredPart *retval = 0; + register struct element_KRB5_13 *rv1 = 0, *rv2; + register krb5_cred_info * const *temp; register int i; - for (i = 0, temp = val->creds; *temp; temp++, i++, rv1 = rv2) { - - rv2 = (struct type_KRB5_EncKrbCredPart *) xmalloc(sizeof(*rv2)); - if (!rv2) { + retval = (struct type_KRB5_EncKrbCredPart *) xmalloc(sizeof(*retval)); + if (!retval) { + *error = ENOMEM; + return(0); + } + xbzero((char *)retval, sizeof (*retval)); + + if (val->nonce) { + retval->nonce = val->nonce; + retval->optionals |= opt_KRB5_EncKrbCredPart_nonce; + } + + if (val->timestamp) { + retval->timestamp = unix2gentime(val->timestamp, error); + if (!retval->timestamp) { + errout: if (retval) - free_KRB5_EncKrbCredPart(retval); + free_KRB5_EncKrbCredPart(retval); *error = ENOMEM; return(0); } + } + + if (val->usec) { + retval->usec = val->usec; + retval->optionals |= opt_KRB5_EncKrbCredPart_usec; + } + + if (val->s_address) { + retval->s__address = + krb5_addr2KRB5_HostAddress(val->s_address, error); + if (!retval->s__address) { + goto errout; + } + } + + if (val->r_address) { + retval->r__address = + krb5_addr2KRB5_HostAddress(val->r_address, error); + if (!retval->r__address) { + goto errout; + } + } + + for (i = 0, temp = val->ticket_info; *temp; temp++, i++, rv1 = rv2) { + + rv2 = (struct element_KRB5_13 *) xmalloc(sizeof(*rv2)); + if (!rv2) + goto errout; + xbzero((char *)rv2, sizeof (*rv2)); if (rv1) rv1->next = rv2; - if (!retval) - retval = rv2; + if (!retval->ticket__info) + retval->ticket__info = rv2; - rv2->element_KRB5_13 = (struct element_KRB5_14 *) - xmalloc(sizeof(*(rv2->element_KRB5_13))); - if (!rv2->element_KRB5_13) { - errout: - if (retval) - free_KRB5_EncKrbCredPart(retval); - *error = ENOMEM; - return(0); - } - xbzero((char *)rv2->element_KRB5_13, sizeof (*rv2->element_KRB5_13)); - - rv2->element_KRB5_13->key = - krb5_keyblock2KRB5_EncryptionKey(val->creds[i]->session, error); - if (!rv2->element_KRB5_13->key) { - goto errout; - } - - if (val->creds[i]->nonce) { - rv2->element_KRB5_13->nonce = val->creds[i]->nonce; - rv2->element_KRB5_13->optionals |= opt_KRB5_element_KRB5_14_nonce; - } - - rv2->element_KRB5_13->timestamp = unix2gentime(val->creds[i]->timestamp, error); - if (!rv2->element_KRB5_13->timestamp) { + rv2->KRB__CRED__INFO = (struct type_KRB5_KRB__CRED__INFO *) + xmalloc(sizeof(*(rv2->KRB__CRED__INFO))); + if (!rv2->KRB__CRED__INFO) + goto errout; + xbzero((char *)rv2->KRB__CRED__INFO, sizeof (*rv2->KRB__CRED__INFO)); + + rv2->KRB__CRED__INFO->key = + krb5_keyblock2KRB5_EncryptionKey(val->ticket_info[i]->session, + error); + if (!rv2->KRB__CRED__INFO->key) { goto errout; } - rv2->element_KRB5_13->usec = val->creds[i]->usec; - - if (val->creds[i]->s_address) { - rv2->element_KRB5_13->s__address = - krb5_addr2KRB5_HostAddress(val->creds[i]->s_address, error); - if (!rv2->element_KRB5_13->s__address) { + if (val->ticket_info[i]->client) { + rv2->KRB__CRED__INFO->prealm = + krb5_data2qbuf(krb5_princ_realm(val->ticket_info[i]->client)); + if (!rv2->KRB__CRED__INFO->prealm) { goto errout; } - } - - if (val->creds[i]->r_address) { - rv2->element_KRB5_13->r__address = - krb5_addr2KRB5_HostAddress(val->creds[i]->r_address, error); - if (!rv2->element_KRB5_13->r__address) { + rv2->KRB__CRED__INFO->pname = + krb5_principal2KRB5_PrincipalName(val->ticket_info[i]->client, + error); + if (!rv2->KRB__CRED__INFO->pname) { goto errout; } } - if (val->creds[i]->client) { - rv2->element_KRB5_13->prealm = - krb5_data2qbuf(krb5_princ_realm(val->creds[i]->client)); - if (!rv2->element_KRB5_13->prealm) { - goto errout; - } - rv2->element_KRB5_13->pname = - krb5_principal2KRB5_PrincipalName(val->creds[i]->client, error); - if (!rv2->element_KRB5_13->pname) { + if (val->ticket_info[i]->flags) { + rv2->KRB__CRED__INFO->flags = + krb5_flags2KRB5_TicketFlags(val->ticket_info[i]->flags, error); + if (!rv2->KRB__CRED__INFO->flags) { goto errout; } } - if (val->creds[i]->flags) { - rv2->element_KRB5_13->flags = - krb5_flags2KRB5_TicketFlags(val->creds[i]->flags, error); - if (!rv2->element_KRB5_13->flags) { + if (val->ticket_info[i]->times.authtime) { + rv2->KRB__CRED__INFO->authtime = + unix2gentime(val->ticket_info[i]->times.authtime, error); + if (!rv2->KRB__CRED__INFO->authtime) { goto errout; } } - - rv2->element_KRB5_13->authtime = - unix2gentime(val->creds[i]->times.authtime, error); - if (!rv2->element_KRB5_13->authtime) { - goto errout; - } - if (val->creds[i]->times.starttime) { - rv2->element_KRB5_13->starttime = - unix2gentime(val->creds[i]->times.starttime, error); - if (!rv2->element_KRB5_13->starttime) { + + if (val->ticket_info[i]->times.starttime) { + rv2->KRB__CRED__INFO->starttime = + unix2gentime(val->ticket_info[i]->times.starttime, error); + if (!rv2->KRB__CRED__INFO->starttime) { goto errout; } } - rv2->element_KRB5_13->endtime = - unix2gentime(val->creds[i]->times.endtime, error); - if (!rv2->element_KRB5_13->endtime) { - goto errout; + + if (val->ticket_info[i]->times.endtime) { + rv2->KRB__CRED__INFO->endtime = + unix2gentime(val->ticket_info[i]->times.endtime, error); + if (!rv2->KRB__CRED__INFO->endtime) { + goto errout; + } } - if (val->creds[i]->flags & TKT_FLG_RENEWABLE) { - rv2->element_KRB5_13->renew__till = - unix2gentime(val->creds[i]->times.renew_till, error); - if (!rv2->element_KRB5_13->renew__till) { + + if (val->ticket_info[i]->flags & TKT_FLG_RENEWABLE) { + rv2->KRB__CRED__INFO->renew__till = + unix2gentime(val->ticket_info[i]->times.renew_till, error); + if (!rv2->KRB__CRED__INFO->renew__till) { goto errout; } } - if (val->creds[i]->server) { - rv2->element_KRB5_13->srealm = - krb5_data2qbuf(krb5_princ_realm(val->creds[i]->server)); - if (!rv2->element_KRB5_13->srealm) { + if (val->ticket_info[i]->server) { + rv2->KRB__CRED__INFO->srealm = + krb5_data2qbuf(krb5_princ_realm(val->ticket_info[i]->server)); + if (!rv2->KRB__CRED__INFO->srealm) { *error = ENOMEM; goto errout; } - rv2->element_KRB5_13->sname = - krb5_principal2KRB5_PrincipalName(val->creds[i]->server, error); - if (!rv2->element_KRB5_13->sname) { + rv2->KRB__CRED__INFO->sname = + krb5_principal2KRB5_PrincipalName(val->ticket_info[i]->server, + error); + if (!rv2->KRB__CRED__INFO->sname) { goto errout; } } - if (val->creds[i]->caddrs) { - rv2->element_KRB5_13->caddr = - krb5_address2KRB5_HostAddresses(val->creds[i]->caddrs, error); - if (!rv2->element_KRB5_13->caddr) { + if (val->ticket_info[i]->caddrs) { + rv2->KRB__CRED__INFO->caddr = + krb5_address2KRB5_HostAddresses(val->ticket_info[i]->caddrs, + error); + if (!rv2->KRB__CRED__INFO->caddr) { goto errout; } } } - if (retval == 0) - *error = ISODE_LOCAL_ERR_MISSING_PART; - return(retval); } diff --git a/src/lib/krb5/asn.1/kpwds2pwds.c b/src/lib/krb5/asn.1/kpwds2pwds.c index 33559132c..473c8eca5 100644 --- a/src/lib/krb5/asn.1/kpwds2pwds.c +++ b/src/lib/krb5/asn.1/kpwds2pwds.c @@ -43,9 +43,9 @@ * struct type_KRB5_PasswdData { * integer passwd__sequence__count; * /* SEQUENCE OF */ - * struct element_KRB5_15 { + * struct element_KRB5_14 { * struct type_KRB5_PasswdSequence *PasswdSequence; - * struct element_KRB5_15 *next; + * struct element_KRB5_14 *next; * } *passwd__sequence; * }; * @@ -76,7 +76,7 @@ register const krb5_pwd_data *val; register int *error; { register struct type_KRB5_PasswdData *retval = 0; - register struct element_KRB5_15 *passwdseq = 0, *rv1 = 0, *rv2; + register struct element_KRB5_14 *passwdseq = 0, *rv1 = 0, *rv2; passwd_phrase_element **temp; register int i; @@ -93,7 +93,7 @@ register int *error; for ( i = 0, temp = (passwd_phrase_element **) val->element; *temp; temp++, i++, rv1 = rv2){ - if ((rv2 = (struct element_KRB5_15 *) xcalloc(1, + if ((rv2 = (struct element_KRB5_14 *) xcalloc(1, sizeof(*rv2))) == NULL) {; *error = ENOMEM; errout: diff --git a/src/lib/krb5/asn.1/pwds2kpwds.c b/src/lib/krb5/asn.1/pwds2kpwds.c index 4cbaeff44..9d408a10d 100644 --- a/src/lib/krb5/asn.1/pwds2kpwds.c +++ b/src/lib/krb5/asn.1/pwds2kpwds.c @@ -46,7 +46,7 @@ register int *error; { register krb5_pwd_data *retval; register passwd_phrase_element **element; - register struct element_KRB5_15 *seq_ptr, *rv; + register struct element_KRB5_14 *seq_ptr, *rv; register int i; diff --git a/src/lib/krb5/free/f_cred_enc.c b/src/lib/krb5/free/f_cred_enc.c index e7151c364..46a3df1d9 100644 --- a/src/lib/krb5/free/f_cred_enc.c +++ b/src/lib/krb5/free/f_cred_enc.c @@ -37,15 +37,16 @@ void krb5_free_cred_enc_part(val) register krb5_cred_enc_part *val; { - register krb5_cred_enc_struct **temp; + register krb5_cred_info **temp; - for (temp = val->creds; *temp; temp++) { + if (val->r_address) + krb5_free_address(val->r_address); + if (val->s_address) + krb5_free_address(val->s_address); + + for (temp = val->ticket_info; *temp; temp++) { if ((*temp)->session) krb5_free_keyblock((*temp)->session); - if ((*temp)->r_address) - krb5_free_address((*temp)->r_address); - if ((*temp)->s_address) - krb5_free_address((*temp)->s_address); if ((*temp)->client) krb5_free_principal((*temp)->client); if ((*temp)->server) -- 2.26.2