+Mon May 01 15:56:32 1995 Chris Provenzano (proven@mit.edu)
+
+ * auth_con.c (krb5_auth_con_free()) :
+ Free all the data associated with the auth_context.
+
+ * auth_con.c (krb5_auth_con_setkey()) : Removed.
+ * mk_rep.c (mk_rep()),
+ The krb5_mk_rep() routine must always encode the data in
+ the keyblock of the ticket, not the subkey.
+
+ * cleanup.h, auth_con.c (krb5_auth_con_setports()) : Added.
+ * auth_con.h, mk_cred.c (mk_cred()), mk_priv.c (mk_priv()),
+ * mk_safe.c (mk_safe()), rd_cred.c (rd_cred()),
+ * rd_priv.c (rd_priv()), rd_safe.c (rd_safe()) :
+ Changes to auth_context to better support full addresses.
+
Sat Apr 29 00:09:40 1995 Theodore Y. Ts'o <tytso@dcl>
* srv_rcache.c (krb5_get_server_rcache): Fix fencepost error which
krb5_context context;
krb5_auth_context * auth_context;
{
+ if (auth_context->local_addr)
+ free(auth_context->local_addr);
+ if (auth_context->remote_addr)
+ free(auth_context->remote_addr);
+ if (auth_context->local_port)
+ free(auth_context->local_port);
+ if (auth_context->remote_port)
+ free(auth_context->remote_port);
if (auth_context->authentp)
krb5_free_authenticator(context, auth_context->authentp);
if (auth_context->keyblock)
return 0 ;
}
-/* XXX this call is a hack. Fixed when I do the servers. */
krb5_error_code
-krb5_auth_con_setkey(context, auth_context, keyblock)
+krb5_auth_con_setports(context, auth_context, local_port, remote_port)
krb5_context context;
krb5_auth_context * auth_context;
- krb5_keyblock * keyblock;
+ krb5_address * local_port;
+ krb5_address * remote_port;
{
- if (auth_context->keyblock)
- krb5_free_keyblock(context, auth_context->keyblock);
- return(krb5_copy_keyblock(context, keyblock, &(auth_context->keyblock)));
+ /* Free old addresses */
+ if (auth_context->local_port)
+ free(auth_context->local_port);
+ if (auth_context->remote_port)
+ free(auth_context->remote_port);
+
+ if (local_port) {
+ if ((auth_context->local_port = (krb5_address *)
+ malloc(sizeof(krb5_address) + local_port->length)) == NULL) {
+ return ENOMEM;
+ }
+ auth_context->local_port->addrtype = local_port->addrtype;
+ auth_context->local_port->length = local_port->length;
+ auth_context->local_port->contents = (krb5_octet *)
+ auth_context->local_port + sizeof(krb5_address);
+ memcpy(auth_context->local_port->contents,
+ local_port->contents, local_port->length);
+ } else {
+ auth_context->local_port = NULL;
+ }
+
+ if (remote_port) {
+ if ((auth_context->remote_port = (krb5_address *)
+ malloc(sizeof(krb5_address) + remote_port->length)) == NULL) {
+ if (auth_context->local_port)
+ free(auth_context->local_port);
+ return ENOMEM;
+ }
+ auth_context->remote_port->addrtype = remote_port->addrtype;
+ auth_context->remote_port->length = remote_port->length;
+ auth_context->remote_port->contents = (krb5_octet *)
+ auth_context->remote_port + sizeof(krb5_address);
+ memcpy(auth_context->remote_port->contents,
+ remote_port->contents, remote_port->length);
+ } else {
+ auth_context->remote_port = NULL;
+ }
+ return 0;
}
+
/*
* This function overloads the keyblock field. It is only useful prior to
* a krb5_rd_req_decode() call for user to user authentication where the
struct _krb5_auth_context {
krb5_address * remote_addr;
+ krb5_address * remote_port;
krb5_address * local_addr;
+ krb5_address * local_port;
krb5_keyblock * keyblock;
krb5_keyblock * local_subkey;
krb5_keyblock * remote_subkey;
--- /dev/null
+
+#ifndef KRB5_CLEANUP
+#define KRB5_CLEANUP
+
+struct cleanup {
+ void * arg;
+ void (*func)();
+};
+
+#define CLEANUP_INIT(x) \
+ struct cleanup cleanup_data[x]; \
+ int cleanup_count = 0;
+
+#define CLEANUP_PUSH(x, y) \
+ cleanup_data[cleanup_count].arg = x; \
+ cleanup_data[cleanup_count].func = y; \
+ cleanup_count++;
+
+#define CLEANUP_POP(x) \
+ if ((--cleanup_count) && x && (cleanup_data[cleanup_count].func)) \
+ cleanup_data[cleanup_count].func(cleanup_data[cleanup_count].arg);
+
+#define CLEANUP_DONE() \
+ while(cleanup_count--) \
+ if (cleanup_data[cleanup_count].func) \
+ cleanup_data[cleanup_count].func(cleanup_data[cleanup_count].arg);
+
+
+#endif
*
* MODIFIED
* $Log$
+ * Revision 5.10 1995/05/01 20:49:45 proven
+ * * auth_con.c (krb5_auth_con_free()) :
+ * Free all the data associated with the auth_context.
+ *
+ * * auth_con.c (krb5_auth_con_setkey()) : Removed.
+ * * mk_rep.c (mk_rep()),
+ * The krb5_mk_rep() routine must always encode the data in
+ * the keyblock of the ticket, not the subkey.
+ *
+ * * cleanup.h, auth_con.c (krb5_auth_con_setports()) : Added.
+ * * auth_con.h, mk_cred.c (mk_cred()), mk_priv.c (mk_priv()),
+ * * mk_safe.c (mk_safe()), rd_cred.c (rd_cred()),
+ * * rd_priv.c (rd_priv()), rd_safe.c (rd_safe()) :
+ * Changes to auth_context to better support full addresses.
+ *
* Revision 5.9 1995/04/28 01:18:18 keithv
* Fixes so that the Unix changes no longer breaks on the PC.
*
*
*/
#include <k5-int.h>
+#include "cleanup.h"
#include "auth_con.h"
#include <stddef.h> /* NULL */
}
}
+{
+ krb5_address * premote_fulladdr = NULL;
+ krb5_address * plocal_fulladdr = NULL;
+ krb5_address remote_fulladdr;
+ krb5_address local_fulladdr;
+ CLEANUP_INIT(2);
+
+ if (auth_context->local_addr) {
+ if (!(retval = krb5_make_fulladdr(context, auth_context->local_addr,
+ auth_context->local_port, &local_fulladdr))) {
+ CLEANUP_PUSH(&local_fulladdr.contents, free);
+ plocal_fulladdr = &local_fulladdr;
+ } else {
+ goto error;
+ }
+ }
+
+ if (auth_context->remote_addr) {
+ if (!(retval = krb5_make_fulladdr(context, auth_context->remote_addr,
+ auth_context->remote_port, &remote_fulladdr))){
+ CLEANUP_PUSH(&remote_fulladdr.contents, free);
+ premote_fulladdr = &remote_fulladdr;
+ } else {
+ CLEANUP_DONE();
+ goto error;
+ }
+ }
+
/* Setup creds structure */
if (retval = krb5_mk_ncred_basic(context, ppcreds, ncred, keyblock,
- &replaydata, auth_context->local_addr,
- auth_context->remote_addr, pcred))
- goto cleanup_tickets;
+ &replaydata, plocal_fulladdr,
+ premote_fulladdr, pcred)) {
+ CLEANUP_DONE();
+ goto error;
+ }
+
+ CLEANUP_DONE();
+}
if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) {
krb5_donot_replay replay;
if (retval = krb5_gen_replay_name(context, auth_context->local_addr,
"_forw", &replay.client))
- goto cleanup_tickets;
+ goto error;
replay.server = ""; /* XXX */
replay.cusec = replaydata.usec;
if (retval = krb5_rc_store(context, auth_context->rcache, &replay)) {
/* should we really error out here? XXX */
krb5_xfree(replay.client);
- goto cleanup_tickets;
+ goto error;
}
krb5_xfree(replay.client);
}
/* Encode creds structure */
retval = encode_krb5_cred(pcred, ppdata);
-cleanup_tickets:
+error:
if (retval) {
if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE)
|| (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE))
*/
#include "k5-int.h"
+#include "cleanup.h"
#include "auth_con.h"
static krb5_error_code
}
}
+{
+ krb5_address * premote_fulladdr = NULL;
+ krb5_address * plocal_fulladdr = NULL;
+ krb5_address remote_fulladdr;
+ krb5_address local_fulladdr;
+ CLEANUP_INIT(2);
+
+ if (auth_context->local_addr) {
+ if (!(retval = krb5_make_fulladdr(context, auth_context->local_addr,
+ auth_context->local_port, &local_fulladdr))){
+ CLEANUP_PUSH(&local_fulladdr.contents, free);
+ plocal_fulladdr = &local_fulladdr;
+ } else {
+ goto error;
+ }
+ }
+
+ if (auth_context->remote_addr) {
+ if (!(retval = krb5_make_fulladdr(context, auth_context->remote_addr,
+ auth_context->remote_port, &remote_fulladdr))){
+ CLEANUP_PUSH(&remote_fulladdr.contents, free);
+ premote_fulladdr = &remote_fulladdr;
+ } else {
+ CLEANUP_DONE();
+ goto error;
+ }
+ }
+
if (retval = krb5_mk_priv_basic(context, userdata, keyblock, &replaydata,
- auth_context->local_addr,
- auth_context->remote_addr,
- auth_context->i_vector, outbuf))
+ plocal_fulladdr, premote_fulladdr,
+ auth_context->i_vector, outbuf)) {
+ CLEANUP_DONE();
goto error;
+ }
+
+ CLEANUP_DONE();
+}
if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) {
krb5_donot_replay replay;
krb5_data * outbuf;
{
krb5_error_code retval;
- krb5_keyblock * keyblock;
krb5_keytype keytype;
krb5_enctype etype;
krb5_ap_rep_enc_part repl;
krb5_data * scratch;
krb5_data * toutbuf;
- if (auth_context->remote_subkey)
- keyblock = auth_context->remote_subkey;
- else
- keyblock = auth_context->keyblock;
-
/* verify a valid etype is available */
- if (!valid_keytype(keytype = keyblock->keytype))
+ if (!valid_keytype(keytype = auth_context->keyblock->keytype))
return KRB5_PROG_KEYTYPE_NOSUPP;
etype = krb5_keytype_array[keytype]->system->proto_enctype;
if (((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) ||
(auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
(auth_context->local_seq_number == 0)) {
- if (retval = krb5_generate_seq_number(context, keyblock,
+ if (retval = krb5_generate_seq_number(context, auth_context->keyblock,
&auth_context->local_seq_number))
return(retval);
}
}
/* do any necessary key pre-processing */
- if (retval = krb5_process_key(context, &eblock, keyblock))
+ if (retval = krb5_process_key(context, &eblock, auth_context->keyblock))
goto cleanup_encpart;
/* call the encryption routine */
* krb5_mk_safe()
*/
-#include "k5-int.h"
+#include <k5-int.h>
+#include "cleanup.h"
#include "auth_con.h"
/*
}
}
+{
+ krb5_address * premote_fulladdr = NULL;
+ krb5_address * plocal_fulladdr = NULL;
+ krb5_address remote_fulladdr;
+ krb5_address local_fulladdr;
+
+ CLEANUP_INIT(2);
+
+ if (auth_context->local_addr) {
+ if (!(retval = krb5_make_fulladdr(context, auth_context->local_addr,
+ auth_context->local_port, &local_fulladdr))){
+ CLEANUP_PUSH(&local_fulladdr.contents, free);
+ plocal_fulladdr = &local_fulladdr;
+ } else {
+ goto error;
+ }
+ }
+
+ if (auth_context->remote_addr) {
+ if (!(retval = krb5_make_fulladdr(context, auth_context->remote_addr,
+ auth_context->remote_port, &remote_fulladdr))){
+ CLEANUP_PUSH(&remote_fulladdr.contents, free);
+ premote_fulladdr = &remote_fulladdr;
+ } else {
+ CLEANUP_DONE();
+ goto error;
+ }
+ }
+
if (retval = krb5_mk_safe_basic(context, userdata, keyblock, &replaydata,
- auth_context->local_addr,
- auth_context->remote_addr,
- auth_context->cksumtype, outbuf))
+ plocal_fulladdr, premote_fulladdr,
+ auth_context->cksumtype, outbuf)) {
+ CLEANUP_DONE();
goto error;
+ }
+
+ CLEANUP_DONE();
+}
if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) {
krb5_donot_replay replay;
#include <k5-int.h>
+#include "cleanup.h"
#include "auth_con.h"
#include <stddef.h> /* NULL */
(auth_context->rcache == NULL))
return KRB5_RC_REQUIRED;
+{
+ krb5_address * premote_fulladdr = NULL;
+ krb5_address * plocal_fulladdr = NULL;
+ krb5_address remote_fulladdr;
+ krb5_address local_fulladdr;
+ CLEANUP_INIT(2);
+
+ if (auth_context->local_addr) {
+ if (!(retval = krb5_make_fulladdr(context, auth_context->local_addr,
+ auth_context->local_port, &local_fulladdr))){
+ CLEANUP_PUSH(&local_fulladdr.contents, free);
+ plocal_fulladdr = &local_fulladdr;
+ } else {
+ return retval;
+ }
+ }
+
+ if (auth_context->remote_addr) {
+ if (!(retval = krb5_make_fulladdr(context, auth_context->remote_addr,
+ auth_context->remote_port, &remote_fulladdr))){
+ CLEANUP_PUSH(&remote_fulladdr.contents, free);
+ premote_fulladdr = &remote_fulladdr;
+ } else {
+ CLEANUP_DONE();
+ return retval;
+ }
+ }
+
if (retval = krb5_rd_cred_basic(context, pcreddata, keyblock,
- auth_context->local_addr, auth_context->remote_addr,
- &replaydata, pppcreds))
+ plocal_fulladdr, premote_fulladdr,
+ &replaydata, pppcreds)) {
+ CLEANUP_DONE();
return retval;
+ }
+
+ CLEANUP_DONE();
+}
+
if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) {
krb5_donot_replay replay;
* krb5_rd_priv()
*/
-#include "k5-int.h"
+#include <k5-int.h>
+#include "cleanup.h"
#include "auth_con.h"
extern krb5_deltat krb5_clockskew;
(auth_context->rcache == NULL))
return KRB5_RC_REQUIRED;
- if (retval = krb5_rd_priv_basic(context, inbuf, keyblock,
- auth_context->local_addr, auth_context->remote_addr,
- auth_context->i_vector, &replaydata, outbuf))
+{
+ krb5_address * premote_fulladdr = NULL;
+ krb5_address * plocal_fulladdr = NULL;
+ krb5_address remote_fulladdr;
+ krb5_address local_fulladdr;
+ CLEANUP_INIT(2);
+
+ if (auth_context->local_addr) {
+ if (!(retval = krb5_make_fulladdr(context, auth_context->local_addr,
+ auth_context->local_port, &local_fulladdr))){
+ CLEANUP_PUSH(&local_fulladdr.contents, free);
+ plocal_fulladdr = &local_fulladdr;
+ } else {
+ return retval;
+ }
+ }
+
+ if (auth_context->remote_addr) {
+ if (!(retval = krb5_make_fulladdr(context, auth_context->remote_addr,
+ auth_context->remote_port, &remote_fulladdr))){
+ CLEANUP_PUSH(&remote_fulladdr.contents, free);
+ premote_fulladdr = &remote_fulladdr;
+ } else {
+ CLEANUP_DONE();
+ return retval;
+ }
+ }
+
+ if (retval = krb5_rd_priv_basic(context, inbuf, keyblock, plocal_fulladdr,
+ premote_fulladdr, auth_context->i_vector,
+ &replaydata, outbuf)) {
+ CLEANUP_DONE();
return retval;
+ }
+
+ CLEANUP_DONE();
+}
if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) {
krb5_donot_replay replay;
{
krb5_error_code retval;
krb5_ap_rep * reply;
- krb5_keyblock * keyblock;
krb5_encrypt_block eblock;
krb5_data scratch;
return(ENOMEM);
}
- if (auth_context->local_subkey)
- keyblock = auth_context->local_subkey;
- else
- keyblock = auth_context->keyblock;
-
/* do any necessary key pre-processing */
- if (retval = krb5_process_key(context, &eblock, keyblock)) {
+ if (retval = krb5_process_key(context, &eblock, auth_context->keyblock)) {
goto errout;
}
* krb5_rd_safe()
*/
-#include "k5-int.h"
+#include <k5-int.h>
+#include "cleanup.h"
#include "auth_con.h"
extern krb5_deltat krb5_clockskew;
if ((keyblock = auth_context->remote_subkey) == NULL)
keyblock = auth_context->keyblock;
- if (retval = krb5_rd_safe_basic(context, inbuf, keyblock,
- auth_context->local_addr, auth_context->remote_addr,
- &replaydata, outbuf))
+{
+ krb5_address * premote_fulladdr = NULL;
+ krb5_address * plocal_fulladdr = NULL;
+ krb5_address remote_fulladdr;
+ krb5_address local_fulladdr;
+ CLEANUP_INIT(2);
+
+ if (auth_context->local_addr) {
+ if (!(retval = krb5_make_fulladdr(context, auth_context->local_addr,
+ auth_context->local_port, &local_fulladdr))){
+ CLEANUP_PUSH(&local_fulladdr.contents, free);
+ plocal_fulladdr = &local_fulladdr;
+ } else {
+ return retval;
+ }
+ }
+
+ if (auth_context->remote_addr) {
+ if (!(retval = krb5_make_fulladdr(context, auth_context->remote_addr,
+ auth_context->remote_port, &remote_fulladdr))){
+ CLEANUP_PUSH(&remote_fulladdr.contents, free);
+ premote_fulladdr = &remote_fulladdr;
+ } else {
+ CLEANUP_DONE();
+ return retval;
+ }
+ }
+
+ if (retval = krb5_rd_safe_basic(context, inbuf, keyblock, plocal_fulladdr,
+ premote_fulladdr, &replaydata, outbuf)) {
+ CLEANUP_DONE();
return retval;
+ }
+
+ CLEANUP_DONE();
+}
+
if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) {
krb5_donot_replay replay;
projects / krb5.git / commitdiff