summaryrefslogtreecommitdiffstats
path: root/src/lib/krb5/krb/pac.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/krb5/krb/pac.c')
-rw-r--r--src/lib/krb5/krb/pac.c954
1 files changed, 477 insertions, 477 deletions
diff --git a/src/lib/krb5/krb/pac.c b/src/lib/krb5/krb/pac.c
index 3fcdaea1cb..cda09b2555 100644
--- a/src/lib/krb5/krb/pac.c
+++ b/src/lib/krb5/krb/pac.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* lib/krb5/krb/pac.c
*
@@ -43,16 +44,16 @@ typedef struct _PAC_INFO_BUFFER {
krb5_ui_8 Offset;
} PAC_INFO_BUFFER;
-#define PAC_INFO_BUFFER_LENGTH 16
+#define PAC_INFO_BUFFER_LENGTH 16
/* ulType */
-#define PAC_LOGON_INFO 1
-#define PAC_CREDENTIALS_INFO 2
-#define PAC_SERVER_CHECKSUM 6
-#define PAC_PRIVSVR_CHECKSUM 7
-#define PAC_CLIENT_INFO 10
-#define PAC_DELEGATION_INFO 11
-#define PAC_UPN_DNS_INFO 12
+#define PAC_LOGON_INFO 1
+#define PAC_CREDENTIALS_INFO 2
+#define PAC_SERVER_CHECKSUM 6
+#define PAC_PRIVSVR_CHECKSUM 7
+#define PAC_CLIENT_INFO 10
+#define PAC_DELEGATION_INFO 11
+#define PAC_UPN_DNS_INFO 12
typedef struct _PACTYPE {
krb5_ui_4 cBuffers;
@@ -60,35 +61,35 @@ typedef struct _PACTYPE {
PAC_INFO_BUFFER Buffers[1];
} PACTYPE;
-#define PAC_ALIGNMENT 8
-#define PACTYPE_LENGTH 8U
+#define PAC_ALIGNMENT 8
+#define PACTYPE_LENGTH 8U
#define PAC_SIGNATURE_DATA_LENGTH 4U
-#define PAC_CLIENT_INFO_LENGTH 10U
+#define PAC_CLIENT_INFO_LENGTH 10U
-#define NT_TIME_EPOCH 11644473600LL
+#define NT_TIME_EPOCH 11644473600LL
struct krb5_pac_data {
- PACTYPE *pac; /* PAC header + info buffer array */
- krb5_data data; /* PAC data (including uninitialised header) */
+ PACTYPE *pac; /* PAC header + info buffer array */
+ krb5_data data; /* PAC data (including uninitialised header) */
krb5_boolean verified;
};
static krb5_error_code
k5_pac_locate_buffer(krb5_context context,
- const krb5_pac pac,
- krb5_ui_4 type,
- krb5_data *data);
+ const krb5_pac pac,
+ krb5_ui_4 type,
+ krb5_data *data);
/*
* Add a buffer to the provided PAC and update header.
*/
static krb5_error_code
k5_pac_add_buffer(krb5_context context,
- krb5_pac pac,
- krb5_ui_4 type,
- const krb5_data *data,
- krb5_boolean zerofill,
- krb5_data *out_data)
+ krb5_pac pac,
+ krb5_ui_4 type,
+ const krb5_data *data,
+ krb5_boolean zerofill,
+ krb5_data *out_data)
{
PACTYPE *header;
size_t header_len, i, pad = 0;
@@ -98,37 +99,37 @@ k5_pac_add_buffer(krb5_context context,
/* Check there isn't already a buffer of this type */
if (k5_pac_locate_buffer(context, pac, type, NULL) == 0) {
- return EEXIST;
+ return EEXIST;
}
header = (PACTYPE *)realloc(pac->pac,
- sizeof(PACTYPE) +
- (pac->pac->cBuffers * sizeof(PAC_INFO_BUFFER)));
+ sizeof(PACTYPE) +
+ (pac->pac->cBuffers * sizeof(PAC_INFO_BUFFER)));
if (header == NULL) {
- return ENOMEM;
+ return ENOMEM;
}
pac->pac = header;
header_len = PACTYPE_LENGTH + (pac->pac->cBuffers * PAC_INFO_BUFFER_LENGTH);
if (data->length % PAC_ALIGNMENT)
- pad = PAC_ALIGNMENT - (data->length % PAC_ALIGNMENT);
+ pad = PAC_ALIGNMENT - (data->length % PAC_ALIGNMENT);
pac_data = realloc(pac->data.data,
- pac->data.length + PAC_INFO_BUFFER_LENGTH + data->length + pad);
+ pac->data.length + PAC_INFO_BUFFER_LENGTH + data->length + pad);
if (pac_data == NULL) {
- return ENOMEM;
+ return ENOMEM;
}
pac->data.data = pac_data;
/* Update offsets of existing buffers */
for (i = 0; i < pac->pac->cBuffers; i++)
- pac->pac->Buffers[i].Offset += PAC_INFO_BUFFER_LENGTH;
+ pac->pac->Buffers[i].Offset += PAC_INFO_BUFFER_LENGTH;
/* Make room for new PAC_INFO_BUFFER */
memmove(pac->data.data + header_len + PAC_INFO_BUFFER_LENGTH,
- pac->data.data + header_len,
- pac->data.length - header_len);
+ pac->data.data + header_len,
+ pac->data.length - header_len);
memset(pac->data.data + header_len, 0, PAC_INFO_BUFFER_LENGTH);
/* Initialise new PAC_INFO_BUFFER */
@@ -139,9 +140,9 @@ k5_pac_add_buffer(krb5_context context,
/* Copy in new PAC data and zero padding bytes */
if (zerofill)
- memset(pac->data.data + pac->pac->Buffers[i].Offset, 0, data->length);
+ memset(pac->data.data + pac->pac->Buffers[i].Offset, 0, data->length);
else
- memcpy(pac->data.data + pac->pac->Buffers[i].Offset, data->data, data->length);
+ memcpy(pac->data.data + pac->pac->Buffers[i].Offset, data->data, data->length);
memset(pac->data.data + pac->pac->Buffers[i].Offset + data->length, 0, pad);
@@ -149,8 +150,8 @@ k5_pac_add_buffer(krb5_context context,
pac->data.length += PAC_INFO_BUFFER_LENGTH + data->length + pad;
if (out_data != NULL) {
- out_data->data = pac->data.data + pac->pac->Buffers[i].Offset;
- out_data->length = data->length;
+ out_data->data = pac->data.data + pac->pac->Buffers[i].Offset;
+ out_data->length = data->length;
}
pac->verified = FALSE;
@@ -160,9 +161,9 @@ k5_pac_add_buffer(krb5_context context,
krb5_error_code KRB5_CALLCONV
krb5_pac_add_buffer(krb5_context context,
- krb5_pac pac,
- krb5_ui_4 type,
- const krb5_data *data)
+ krb5_pac pac,
+ krb5_ui_4 type,
+ const krb5_data *data)
{
return k5_pac_add_buffer(context, pac, type, data, FALSE, NULL);
}
@@ -172,49 +173,49 @@ krb5_pac_add_buffer(krb5_context context,
*/
void KRB5_CALLCONV
krb5_pac_free(krb5_context context,
- krb5_pac pac)
+ krb5_pac pac)
{
if (pac != NULL) {
- if (pac->data.data != NULL) {
- memset(pac->data.data, 0, pac->data.length);
- free(pac->data.data);
- }
- if (pac->pac != NULL)
- free(pac->pac);
- memset(pac, 0, sizeof(*pac));
- free(pac);
+ if (pac->data.data != NULL) {
+ memset(pac->data.data, 0, pac->data.length);
+ free(pac->data.data);
+ }
+ if (pac->pac != NULL)
+ free(pac->pac);
+ memset(pac, 0, sizeof(*pac));
+ free(pac);
}
}
static krb5_error_code
k5_pac_locate_buffer(krb5_context context,
- const krb5_pac pac,
- krb5_ui_4 type,
- krb5_data *data)
+ const krb5_pac pac,
+ krb5_ui_4 type,
+ krb5_data *data)
{
PAC_INFO_BUFFER *buffer = NULL;
size_t i;
if (pac == NULL)
- return EINVAL;
+ return EINVAL;
for (i = 0; i < pac->pac->cBuffers; i++) {
- if (pac->pac->Buffers[i].ulType == type) {
- if (buffer == NULL)
- buffer = &pac->pac->Buffers[i];
- else
- return EINVAL;
- }
+ if (pac->pac->Buffers[i].ulType == type) {
+ if (buffer == NULL)
+ buffer = &pac->pac->Buffers[i];
+ else
+ return EINVAL;
+ }
}
if (buffer == NULL)
- return ENOENT;
+ return ENOENT;
assert(buffer->Offset + buffer->cbBufferSize <= pac->data.length);
if (data != NULL) {
- data->length = buffer->cbBufferSize;
- data->data = pac->data.data + buffer->Offset;
+ data->length = buffer->cbBufferSize;
+ data->data = pac->data.data + buffer->Offset;
}
return 0;
@@ -225,20 +226,20 @@ k5_pac_locate_buffer(krb5_context context,
*/
krb5_error_code KRB5_CALLCONV
krb5_pac_get_buffer(krb5_context context,
- krb5_pac pac,
- krb5_ui_4 type,
- krb5_data *data)
+ krb5_pac pac,
+ krb5_ui_4 type,
+ krb5_data *data)
{
krb5_data d;
krb5_error_code ret;
ret = k5_pac_locate_buffer(context, pac, type, &d);
if (ret != 0)
- return ret;
+ return ret;
data->data = malloc(d.length);
if (data->data == NULL)
- return ENOMEM;
+ return ENOMEM;
data->length = d.length;
memcpy(data->data, d.data, d.length);
@@ -251,20 +252,20 @@ krb5_pac_get_buffer(krb5_context context,
*/
krb5_error_code KRB5_CALLCONV
krb5_pac_get_types(krb5_context context,
- krb5_pac pac,
- size_t *len,
- krb5_ui_4 **types)
+ krb5_pac pac,
+ size_t *len,
+ krb5_ui_4 **types)
{
size_t i;
*types = (krb5_ui_4 *)malloc(pac->pac->cBuffers * sizeof(krb5_ui_4));
if (*types == NULL)
- return ENOMEM;
+ return ENOMEM;
*len = pac->pac->cBuffers;
for (i = 0; i < pac->pac->cBuffers; i++)
- (*types)[i] = pac->pac->Buffers[i].ulType;
+ (*types)[i] = pac->pac->Buffers[i].ulType;
return 0;
}
@@ -274,18 +275,18 @@ krb5_pac_get_types(krb5_context context,
*/
krb5_error_code KRB5_CALLCONV
krb5_pac_init(krb5_context context,
- krb5_pac *ppac)
+ krb5_pac *ppac)
{
krb5_pac pac;
pac = (krb5_pac)malloc(sizeof(*pac));
if (pac == NULL)
- return ENOMEM;
+ return ENOMEM;
pac->pac = (PACTYPE *)malloc(sizeof(PACTYPE));
if (pac->pac == NULL) {
- free(pac);
- return ENOMEM;
+ free(pac);
+ return ENOMEM;
}
pac->pac->cBuffers = 0;
@@ -294,8 +295,8 @@ krb5_pac_init(krb5_context context,
pac->data.length = PACTYPE_LENGTH;
pac->data.data = calloc(1, pac->data.length);
if (pac->data.data == NULL) {
- krb5_pac_free(context, pac);
- return ENOMEM;
+ krb5_pac_free(context, pac);
+ return ENOMEM;
}
pac->verified = FALSE;
@@ -307,8 +308,8 @@ krb5_pac_init(krb5_context context,
static krb5_error_code
k5_pac_copy(krb5_context context,
- krb5_pac src,
- krb5_pac *dst)
+ krb5_pac src,
+ krb5_pac *dst)
{
size_t header_len;
krb5_ui_4 cbuffers;
@@ -317,27 +318,27 @@ k5_pac_copy(krb5_context context,
cbuffers = src->pac->cBuffers;
if (cbuffers != 0)
- cbuffers--;
+ cbuffers--;
header_len = sizeof(PACTYPE) + cbuffers * sizeof(PAC_INFO_BUFFER);
pac = (krb5_pac)malloc(sizeof(*pac));
if (pac == NULL)
- return ENOMEM;
+ return ENOMEM;
pac->pac = (PACTYPE *)malloc(header_len);
if (pac->pac == NULL) {
- free(pac);
- return ENOMEM;
+ free(pac);
+ return ENOMEM;
}
memcpy(pac->pac, src->pac, header_len);
code = krb5int_copy_data_contents(context, &src->data, &pac->data);
if (code != 0) {
- free(pac->pac);
- free(pac);
- return ENOMEM;
+ free(pac->pac);
+ free(pac);
+ return ENOMEM;
}
pac->verified = src->verified;
@@ -351,9 +352,9 @@ k5_pac_copy(krb5_context context,
*/
krb5_error_code KRB5_CALLCONV
krb5_pac_parse(krb5_context context,
- const void *ptr,
- size_t len,
- krb5_pac *ppac)
+ const void *ptr,
+ size_t len,
+ krb5_pac *ppac)
{
krb5_error_code ret;
size_t i;
@@ -365,7 +366,7 @@ krb5_pac_parse(krb5_context context,
*ppac = NULL;
if (len < PACTYPE_LENGTH)
- return ERANGE;
+ return ERANGE;
cbuffers = load_32_le(p);
p += 4;
@@ -373,51 +374,51 @@ krb5_pac_parse(krb5_context context,
p += 4;
if (version != 0)
- return EINVAL;
+ return EINVAL;
header_len = PACTYPE_LENGTH + (cbuffers * PAC_INFO_BUFFER_LENGTH);
if (len < header_len)
- return ERANGE;
+ return ERANGE;
ret = krb5_pac_init(context, &pac);
if (ret != 0)
- return ret;
+ return ret;
pac->pac = (PACTYPE *)realloc(pac->pac,
- sizeof(PACTYPE) + ((cbuffers - 1) * sizeof(PAC_INFO_BUFFER)));
+ sizeof(PACTYPE) + ((cbuffers - 1) * sizeof(PAC_INFO_BUFFER)));
if (pac->pac == NULL) {
- krb5_pac_free(context, pac);
- return ENOMEM;
+ krb5_pac_free(context, pac);
+ return ENOMEM;
}
pac->pac->cBuffers = cbuffers;
pac->pac->Version = version;
for (i = 0; i < pac->pac->cBuffers; i++) {
- PAC_INFO_BUFFER *buffer = &pac->pac->Buffers[i];
-
- buffer->ulType = load_32_le(p);
- p += 4;
- buffer->cbBufferSize = load_32_le(p);
- p += 4;
- buffer->Offset = load_64_le(p);
- p += 8;
-
- if (buffer->Offset % PAC_ALIGNMENT) {
- krb5_pac_free(context, pac);
- return EINVAL;
- }
- if (buffer->Offset < header_len ||
- buffer->Offset + buffer->cbBufferSize > len) {
- krb5_pac_free(context, pac);
- return ERANGE;
- }
+ PAC_INFO_BUFFER *buffer = &pac->pac->Buffers[i];
+
+ buffer->ulType = load_32_le(p);
+ p += 4;
+ buffer->cbBufferSize = load_32_le(p);
+ p += 4;
+ buffer->Offset = load_64_le(p);
+ p += 8;
+
+ if (buffer->Offset % PAC_ALIGNMENT) {
+ krb5_pac_free(context, pac);
+ return EINVAL;
+ }
+ if (buffer->Offset < header_len ||
+ buffer->Offset + buffer->cbBufferSize > len) {
+ krb5_pac_free(context, pac);
+ return ERANGE;
+ }
}
pac->data.data = realloc(pac->data.data, len);
if (pac->data.data == NULL) {
- krb5_pac_free(context, pac);
- return ENOMEM;
+ krb5_pac_free(context, pac);
+ return ENOMEM;
}
memcpy(pac->data.data, ptr, len);
@@ -430,7 +431,7 @@ krb5_pac_parse(krb5_context context,
static krb5_error_code
k5_time_to_seconds_since_1970(krb5_int64 ntTime,
- krb5_timestamp *elapsedSeconds)
+ krb5_timestamp *elapsedSeconds)
{
krb5_ui_8 abstime;
@@ -439,7 +440,7 @@ k5_time_to_seconds_since_1970(krb5_int64 ntTime,
abstime = ntTime > 0 ? ntTime - NT_TIME_EPOCH : -ntTime;
if (abstime > KRB5_INT32_MAX)
- return ERANGE;
+ return ERANGE;
*elapsedSeconds = abstime;
@@ -448,12 +449,12 @@ k5_time_to_seconds_since_1970(krb5_int64 ntTime,
static krb5_error_code
k5_seconds_since_1970_to_time(krb5_timestamp elapsedSeconds,
- krb5_ui_8 *ntTime)
+ krb5_ui_8 *ntTime)
{
*ntTime = elapsedSeconds;
if (elapsedSeconds > 0)
- *ntTime += NT_TIME_EPOCH;
+ *ntTime += NT_TIME_EPOCH;
*ntTime *= 10000000;
@@ -462,9 +463,9 @@ k5_seconds_since_1970_to_time(krb5_timestamp elapsedSeconds,
static krb5_error_code
k5_pac_validate_client(krb5_context context,
- const krb5_pac pac,
- krb5_timestamp authtime,
- krb5_const_principal principal)
+ const krb5_pac pac,
+ krb5_timestamp authtime,
+ krb5_const_principal principal)
{
krb5_error_code ret;
krb5_data client_info;
@@ -477,10 +478,10 @@ k5_pac_validate_client(krb5_context context,
ret = k5_pac_locate_buffer(context, pac, PAC_CLIENT_INFO, &client_info);
if (ret != 0)
- return ret;
+ return ret;
if (client_info.length < PAC_CLIENT_INFO_LENGTH)
- return ERANGE;
+ return ERANGE;
p = (unsigned char *)client_info.data;
pac_nt_authtime = load_64_le(p);
@@ -490,31 +491,31 @@ k5_pac_validate_client(krb5_context context,
ret = k5_time_to_seconds_since_1970(pac_nt_authtime, &pac_authtime);
if (ret != 0)
- return ret;
+ return ret;
if (client_info.length < PAC_CLIENT_INFO_LENGTH + pac_princname_length ||
- pac_princname_length % 2)
- return ERANGE;
+ pac_princname_length % 2)
+ return ERANGE;
ret = krb5int_ucs2lecs_to_utf8s(p, (size_t)pac_princname_length / 2,
- &pac_princname, NULL);
+ &pac_princname, NULL);
if (ret != 0)
- return ret;
+ return ret;
ret = krb5_parse_name_flags(context, pac_princname, 0, &pac_principal);
if (ret != 0) {
- free(pac_princname);
- return ret;
+ free(pac_princname);
+ return ret;
}
free(pac_princname);
if (pac_authtime != authtime ||
- !krb5_principal_compare_flags(context,
- pac_principal,
- principal,
- KRB5_PRINCIPAL_COMPARE_IGNORE_REALM))
- ret = KRB5KRB_AP_WRONG_PRINC;
+ !krb5_principal_compare_flags(context,
+ pac_principal,
+ principal,
+ KRB5_PRINCIPAL_COMPARE_IGNORE_REALM))
+ ret = KRB5KRB_AP_WRONG_PRINC;
krb5_free_principal(context, pac_principal);
@@ -523,9 +524,9 @@ k5_pac_validate_client(krb5_context context,
static krb5_error_code
k5_pac_zero_signature(krb5_context context,
- const krb5_pac pac,
- krb5_ui_4 type,
- krb5_data *data)
+ const krb5_pac pac,
+ krb5_ui_4 type,
+ krb5_data *data)
{
PAC_INFO_BUFFER *buffer = NULL;
size_t i;
@@ -534,33 +535,33 @@ k5_pac_zero_signature(krb5_context context,
assert(data->length >= pac->data.length);
for (i = 0; i < pac->pac->cBuffers; i++) {
- if (pac->pac->Buffers[i].ulType == type) {
- buffer = &pac->pac->Buffers[i];
- break;
- }
+ if (pac->pac->Buffers[i].ulType == type) {
+ buffer = &pac->pac->Buffers[i];
+ break;
+ }
}
if (buffer == NULL)
- return ENOENT;
+ return ENOENT;
if (buffer->Offset + buffer->cbBufferSize > pac->data.length)
- return ERANGE;
+ return ERANGE;
if (buffer->cbBufferSize < PAC_SIGNATURE_DATA_LENGTH)
- return KRB5_BAD_MSIZE;
+ return KRB5_BAD_MSIZE;
/* Zero out the data portion of the checksum only */
memset(data->data + buffer->Offset + PAC_SIGNATURE_DATA_LENGTH,
- 0,
- buffer->cbBufferSize - PAC_SIGNATURE_DATA_LENGTH);
+ 0,
+ buffer->cbBufferSize - PAC_SIGNATURE_DATA_LENGTH);
return 0;
}
static krb5_error_code
k5_pac_verify_server_checksum(krb5_context context,
- const krb5_pac pac,
- const krb5_keyblock *server)
+ const krb5_pac pac,
+ const krb5_keyblock *server)
{
krb5_error_code ret;
krb5_data pac_data; /* PAC with zeroed checksums */
@@ -570,12 +571,12 @@ k5_pac_verify_server_checksum(krb5_context context,
krb5_octet *p;
ret = k5_pac_locate_buffer(context, pac,
- PAC_SERVER_CHECKSUM, &checksum_data);
+ PAC_SERVER_CHECKSUM, &checksum_data);
if (ret != 0)
- return ret;
+ return ret;
if (checksum_data.length < PAC_SIGNATURE_DATA_LENGTH)
- return KRB5_BAD_MSIZE;
+ return KRB5_BAD_MSIZE;
p = (krb5_octet *)checksum_data.data;
checksum.checksum_type = load_32_le(p);
@@ -585,45 +586,45 @@ k5_pac_verify_server_checksum(krb5_context context,
pac_data.length = pac->data.length;
pac_data.data = malloc(pac->data.length);
if (pac_data.data == NULL)
- return ENOMEM;
+ return ENOMEM;
memcpy(pac_data.data, pac->data.data, pac->data.length);
/* Zero out both checksum buffers */
ret = k5_pac_zero_signature(context, pac,
- PAC_SERVER_CHECKSUM, &pac_data);
+ PAC_SERVER_CHECKSUM, &pac_data);
if (ret != 0) {
- free(pac_data.data);
- return ret;
+ free(pac_data.data);
+ return ret;
}
ret = k5_pac_zero_signature(context, pac,
- PAC_PRIVSVR_CHECKSUM, &pac_data);
+ PAC_PRIVSVR_CHECKSUM, &pac_data);
if (ret != 0) {
- free(pac_data.data);
- return ret;
+ free(pac_data.data);
+ return ret;
}
ret = krb5_c_verify_checksum(context, server,
- KRB5_KEYUSAGE_APP_DATA_CKSUM,
- &pac_data, &checksum, &valid);
+ KRB5_KEYUSAGE_APP_DATA_CKSUM,
+ &pac_data, &checksum, &valid);
free(pac_data.data);
if (ret != 0) {
- return ret;
+ return ret;
}
if (valid == FALSE)
- ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
+ ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
return ret;
}
static krb5_error_code
k5_pac_verify_kdc_checksum(krb5_context context,
- const krb5_pac pac,
- const krb5_keyblock *privsvr)
+ const krb5_pac pac,
+ const krb5_keyblock *privsvr)
{
krb5_error_code ret;
krb5_data server_checksum, privsvr_checksum;
@@ -632,20 +633,20 @@ k5_pac_verify_kdc_checksum(krb5_context context,
krb5_octet *p;
ret = k5_pac_locate_buffer(context, pac,
- PAC_PRIVSVR_CHECKSUM, &privsvr_checksum);
+ PAC_PRIVSVR_CHECKSUM, &privsvr_checksum);
if (ret != 0)
- return ret;
+ return ret;
if (privsvr_checksum.length < PAC_SIGNATURE_DATA_LENGTH)
- return KRB5_BAD_MSIZE;
+ return KRB5_BAD_MSIZE;
ret = k5_pac_locate_buffer(context, pac,
- PAC_SERVER_CHECKSUM, &server_checksum);
+ PAC_SERVER_CHECKSUM, &server_checksum);
if (ret != 0)
- return ret;
+ return ret;
if (server_checksum.length < PAC_SIGNATURE_DATA_LENGTH)
- return KRB5_BAD_MSIZE;
+ return KRB5_BAD_MSIZE;
p = (krb5_octet *)privsvr_checksum.data;
checksum.checksum_type = load_32_le(p);
@@ -656,44 +657,44 @@ k5_pac_verify_kdc_checksum(krb5_context context,
server_checksum.length -= PAC_SIGNATURE_DATA_LENGTH;
ret = krb5_c_verify_checksum(context, privsvr,
- KRB5_KEYUSAGE_APP_DATA_CKSUM,
- &server_checksum, &checksum, &valid);
+ KRB5_KEYUSAGE_APP_DATA_CKSUM,
+ &server_checksum, &checksum, &valid);
if (ret != 0)
- return ret;
+ return ret;
if (valid == FALSE)
- ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
+ ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
return ret;
}
krb5_error_code KRB5_CALLCONV
krb5_pac_verify(krb5_context context,
- const krb5_pac pac,
- krb5_timestamp authtime,
- krb5_const_principal principal,
- const krb5_keyblock *server,
- const krb5_keyblock *privsvr)
+ const krb5_pac pac,
+ krb5_timestamp authtime,
+ krb5_const_principal principal,
+ const krb5_keyblock *server,
+ const krb5_keyblock *privsvr)
{
krb5_error_code ret;
if (server == NULL)
- return EINVAL;
+ return EINVAL;
ret = k5_pac_verify_server_checksum(context, pac, server);
if (ret != 0)
- return ret;
+ return ret;
if (privsvr != NULL) {
- ret = k5_pac_verify_kdc_checksum(context, pac, privsvr);
- if (ret != 0)
- return ret;
+ ret = k5_pac_verify_kdc_checksum(context, pac, privsvr);
+ if (ret != 0)
+ return ret;
}
if (principal != NULL) {
- ret = k5_pac_validate_client(context, pac, authtime, principal);
- if (ret != 0)
- return ret;
+ ret = k5_pac_validate_client(context, pac, authtime, principal);
+ if (ret != 0)
+ return ret;
}
pac->verified = TRUE;
@@ -703,9 +704,9 @@ krb5_pac_verify(krb5_context context,
static krb5_error_code
k5_insert_client_info(krb5_context context,
- krb5_pac pac,
- krb5_timestamp authtime,
- krb5_const_principal principal)
+ krb5_pac pac,
+ krb5_timestamp authtime,
+ krb5_const_principal principal)
{
krb5_error_code ret;
krb5_data client_info;
@@ -716,29 +717,29 @@ k5_insert_client_info(krb5_context context,
/* If we already have a CLIENT_INFO buffer, then just validate it */
if (k5_pac_locate_buffer(context, pac,
- PAC_CLIENT_INFO, &client_info) == 0) {
- return k5_pac_validate_client(context, pac, authtime, principal);
+ PAC_CLIENT_INFO, &client_info) == 0) {
+ return k5_pac_validate_client(context, pac, authtime, principal);
}
ret = krb5_unparse_name_flags(context, principal,
- KRB5_PRINCIPAL_UNPARSE_NO_REALM,
- &princ_name_utf8);
+ KRB5_PRINCIPAL_UNPARSE_NO_REALM,
+ &princ_name_utf8);
if (ret != 0)
- goto cleanup;
+ goto cleanup;
ret = krb5int_utf8s_to_ucs2les(princ_name_utf8,
- &princ_name_ucs2,
- &princ_name_ucs2_len);
+ &princ_name_ucs2,
+ &princ_name_ucs2_len);
if (ret != 0)
- goto cleanup;
+ goto cleanup;
client_info.length = PAC_CLIENT_INFO_LENGTH + princ_name_ucs2_len;
client_info.data = NULL;
ret = k5_pac_add_buffer(context, pac, PAC_CLIENT_INFO,
- &client_info, TRUE, &client_info);
+ &client_info, TRUE, &client_info);
if (ret != 0)
- goto cleanup;
+ goto cleanup;
p = (unsigned char *)client_info.data;
@@ -756,7 +757,7 @@ k5_insert_client_info(krb5_context context,
cleanup:
if (princ_name_ucs2 != NULL)
- free(princ_name_ucs2);
+ free(princ_name_ucs2);
krb5_free_unparsed_name(context, princ_name_utf8);
return ret;
@@ -764,10 +765,10 @@ cleanup:
static krb5_error_code
k5_insert_checksum(krb5_context context,
- krb5_pac pac,
- krb5_ui_4 type,
- const krb5_keyblock *key,
- krb5_cksumtype *cksumtype)
+ krb5_pac pac,
+ krb5_ui_4 type,
+ const krb5_keyblock *key,
+ krb5_cksumtype *cksumtype)
{
krb5_error_code ret;
size_t len;
@@ -775,32 +776,32 @@ k5_insert_checksum(krb5_context context,
ret = krb5int_c_mandatory_cksumtype(context, key->enctype, cksumtype);
if (ret != 0)
- return ret;
+ return ret;
ret = krb5_c_checksum_length(context, *cksumtype, &len);
if (ret != 0)
- return ret;
+ return ret;
ret = k5_pac_locate_buffer(context, pac, type, &cksumdata);
if (ret == 0) {
- /*
- * If we're resigning PAC, make sure we can fit checksum
- * into existing buffer
- */
- if (cksumdata.length != PAC_SIGNATURE_DATA_LENGTH + len)
- return ERANGE;
-
- memset(cksumdata.data, 0, cksumdata.length);
+ /*
+ * If we're resigning PAC, make sure we can fit checksum
+ * into existing buffer
+ */
+ if (cksumdata.length != PAC_SIGNATURE_DATA_LENGTH + len)
+ return ERANGE;
+
+ memset(cksumdata.data, 0, cksumdata.length);
} else {
- /* Add a zero filled buffer */
- cksumdata.length = PAC_SIGNATURE_DATA_LENGTH + len;
- cksumdata.data = NULL;
-
- ret = k5_pac_add_buffer(context, pac,
- type, &cksumdata,
- TRUE, &cksumdata);
- if (ret != 0)
- return ret;
+ /* Add a zero filled buffer */
+ cksumdata.length = PAC_SIGNATURE_DATA_LENGTH + len;
+ cksumdata.data = NULL;
+
+ ret = k5_pac_add_buffer(context, pac,
+ type, &cksumdata,
+ TRUE, &cksumdata);
+ if (ret != 0)
+ return ret;
}
/* Encode checksum type into buffer */
@@ -818,7 +819,7 @@ k5_pac_encode_header(krb5_context context, krb5_pac pac)
size_t header_len;
header_len = PACTYPE_LENGTH +
- (pac->pac->cBuffers * PAC_INFO_BUFFER_LENGTH);
+ (pac->pac->cBuffers * PAC_INFO_BUFFER_LENGTH);
assert(pac->data.length >= header_len);
p = (unsigned char *)pac->data.data;
@@ -829,23 +830,23 @@ k5_pac_encode_header(krb5_context context, krb5_pac pac)
p += 4;
for (i = 0; i < pac->pac->cBuffers; i++) {
- PAC_INFO_BUFFER *buffer = &pac->pac->Buffers[i];
-
- store_32_le(buffer->ulType, p);
- p += 4;
- store_32_le(buffer->cbBufferSize, p);
- p += 4;
- store_64_le(buffer->Offset, p);
- p += 8;
-
- assert((buffer->Offset % PAC_ALIGNMENT) == 0);
- assert(buffer->Offset + buffer->cbBufferSize <= pac->data.length);
- assert(buffer->Offset >= header_len);
-
- if (buffer->Offset % PAC_ALIGNMENT ||
- buffer->Offset + buffer->cbBufferSize > pac->data.length ||
- buffer->Offset < header_len)
- return ERANGE;
+ PAC_INFO_BUFFER *buffer = &pac->pac->Buffers[i];
+
+ store_32_le(buffer->ulType, p);
+ p += 4;
+ store_32_le(buffer->cbBufferSize, p);
+ p += 4;
+ store_64_le(buffer->Offset, p);
+ p += 8;
+
+ assert((buffer->Offset % PAC_ALIGNMENT) == 0);
+ assert(buffer->Offset + buffer->cbBufferSize <= pac->data.length);
+ assert(buffer->Offset >= header_len);
+
+ if (buffer->Offset % PAC_ALIGNMENT ||
+ buffer->Offset + buffer->cbBufferSize > pac->data.length ||
+ buffer->Offset < header_len)
+ return ERANGE;
}
return 0;
@@ -853,12 +854,12 @@ k5_pac_encode_header(krb5_context context, krb5_pac pac)
krb5_error_code KRB5_CALLCONV
krb5int_pac_sign(krb5_context context,
- krb5_pac pac,
- krb5_timestamp authtime,
- krb5_const_principal principal,
- const krb5_keyblock *server_key,
- const krb5_keyblock *privsvr_key,
- krb5_data *data)
+ krb5_pac pac,
+ krb5_timestamp authtime,
+ krb5_const_principal principal,
+ const krb5_keyblock *server_key,
+ const krb5_keyblock *privsvr_key,
+ krb5_data *data)
{
krb5_error_code ret;
krb5_data server_cksum, privsvr_cksum;
@@ -869,32 +870,32 @@ krb5int_pac_sign(krb5_context context,
data->data = NULL;
if (principal != NULL) {
- ret = k5_insert_client_info(context, pac, authtime, principal);
- if (ret != 0)
- return ret;
+ ret = k5_insert_client_info(context, pac, authtime, principal);
+ if (ret != 0)
+ return ret;
}
/* Create zeroed buffers for both checksums */
ret = k5_insert_checksum(context, pac, PAC_SERVER_CHECKSUM,
- server_key, &server_cksumtype);
+ server_key, &server_cksumtype);
if (ret != 0)
- return ret;
+ return ret;
ret = k5_insert_checksum(context, pac, PAC_PRIVSVR_CHECKSUM,
- privsvr_key, &privsvr_cksumtype);
+ privsvr_key, &privsvr_cksumtype);
if (ret != 0)
- return ret;
+ return ret;
/* Now, encode the PAC header so that the checksums will include it */
ret = k5_pac_encode_header(context, pac);
if (ret != 0)
- return ret;
+ return ret;
/* Generate the server checksum over the entire PAC */
ret = k5_pac_locate_buffer(context, pac,
- PAC_SERVER_CHECKSUM, &server_cksum);
+ PAC_SERVER_CHECKSUM, &server_cksum);
if (ret != 0)
- return ret;
+ return ret;
assert(server_cksum.length > PAC_SIGNATURE_DATA_LENGTH);
@@ -906,16 +907,16 @@ krb5int_pac_sign(krb5_context context,
iov[1].data.length = server_cksum.length - PAC_SIGNATURE_DATA_LENGTH;
ret = krb5_c_make_checksum_iov(context, server_cksumtype,
- server_key, KRB5_KEYUSAGE_APP_DATA_CKSUM,
- iov, sizeof(iov)/sizeof(iov[0]));
+ server_key, KRB5_KEYUSAGE_APP_DATA_CKSUM,
+ iov, sizeof(iov)/sizeof(iov[0]));
if (ret != 0)
- return ret;
+ return ret;
/* Generate the privsvr checksum over the server checksum buffer */
ret = k5_pac_locate_buffer(context, pac,
- PAC_PRIVSVR_CHECKSUM, &privsvr_cksum);
+ PAC_PRIVSVR_CHECKSUM, &privsvr_cksum);
if (ret != 0)
- return ret;
+ return ret;
assert(privsvr_cksum.length > PAC_SIGNATURE_DATA_LENGTH);
@@ -928,20 +929,20 @@ krb5int_pac_sign(krb5_context context,
iov[1].data.length = privsvr_cksum.length - PAC_SIGNATURE_DATA_LENGTH;
ret = krb5_c_make_checksum_iov(context, privsvr_cksumtype,
- privsvr_key, KRB5_KEYUSAGE_APP_DATA_CKSUM,
- iov, sizeof(iov)/sizeof(iov[0]));
+ privsvr_key, KRB5_KEYUSAGE_APP_DATA_CKSUM,
+ iov, sizeof(iov)/sizeof(iov[0]));
if (ret != 0)
- return ret;
+ return ret;
data->data = malloc(pac->data.length);
if (data->data == NULL)
- return ENOMEM;
+ return ENOMEM;
data->length = pac->data.length;
memcpy(data->data, pac->data.data, pac->data.length);
memset(pac->data.data, 0,
- PACTYPE_LENGTH + (pac->pac->cBuffers * PAC_INFO_BUFFER_LENGTH));
+ PACTYPE_LENGTH + (pac->pac->cBuffers * PAC_INFO_BUFFER_LENGTH));
return 0;
}
@@ -962,9 +963,9 @@ mspac_init(krb5_context kcontext, void **plugin_context)
static void
mspac_flags(krb5_context kcontext,
- void *plugin_context,
- krb5_authdatatype ad_type,
- krb5_flags *flags)
+ void *plugin_context,
+ krb5_authdatatype ad_type,
+ krb5_flags *flags)
{
*flags = AD_USAGE_KDC_ISSUED;
}
@@ -977,15 +978,15 @@ mspac_fini(krb5_context kcontext, void *plugin_context)
static krb5_error_code
mspac_request_init(krb5_context kcontext,
- krb5_authdata_context context,
- void *plugin_context,
- void **request_context)
+ krb5_authdata_context context,
+ void *plugin_context,
+ void **request_context)
{
struct mspac_context *pacctx;
pacctx = (struct mspac_context *)malloc(sizeof(*pacctx));
if (pacctx == NULL)
- return ENOMEM;
+ return ENOMEM;
pacctx->pac = NULL;
@@ -996,41 +997,41 @@ mspac_request_init(krb5_context kcontext,
static krb5_error_code
mspac_import_authdata(krb5_context kcontext,
- krb5_authdata_context context,
- void *plugin_context,
- void *request_context,
- krb5_authdata **authdata,
- krb5_boolean kdc_issued,
- krb5_const_principal kdc_issuer)
+ krb5_authdata_context context,
+ void *plugin_context,
+ void *request_context,
+ krb5_authdata **authdata,
+ krb5_boolean kdc_issued,
+ krb5_const_principal kdc_issuer)
{
krb5_error_code code;
struct mspac_context *pacctx = (struct mspac_context *)request_context;
if (kdc_issued)
- return EINVAL;
+ return EINVAL;
if (pacctx->pac != NULL) {
- krb5_pac_free(kcontext, pacctx->pac);
- pacctx->pac = NULL;
+ krb5_pac_free(kcontext, pacctx->pac);
+ pacctx->pac = NULL;
}
assert(authdata[0] != NULL);
assert((authdata[0]->ad_type & AD_TYPE_FIELD_TYPE_MASK) ==
- KRB5_AUTHDATA_WIN2K_PAC);
+ KRB5_AUTHDATA_WIN2K_PAC);
code = krb5_pac_parse(kcontext, authdata[0]->contents,
- authdata[0]->length, &pacctx->pac);
+ authdata[0]->length, &pacctx->pac);
return code;
}
static krb5_error_code
mspac_export_authdata(krb5_context kcontext,
- krb5_authdata_context context,
- void *plugin_context,
- void *request_context,
- krb5_flags usage,
- krb5_authdata ***out_authdata)
+ krb5_authdata_context context,
+ void *plugin_context,
+ void *request_context,
+ krb5_flags usage,
+ krb5_authdata ***out_authdata)
{
struct mspac_context *pacctx = (struct mspac_context *)request_context;
krb5_error_code code;
@@ -1038,23 +1039,23 @@ mspac_export_authdata(krb5_context kcontext,
krb5_data data;
if (pacctx->pac == NULL)
- return 0;
+ return 0;
authdata = calloc(2, sizeof(krb5_authdata *));
if (authdata == NULL)
- return ENOMEM;
+ return ENOMEM;
authdata[0] = calloc(1, sizeof(krb5_authdata));
if (authdata[0] == NULL) {
- free(authdata);
- return ENOMEM;
+ free(authdata);
+ return ENOMEM;
}
authdata[1] = NULL;
code = krb5int_copy_data_contents(kcontext, &pacctx->pac->data, &data);
if (code != 0) {
- krb5_free_authdata(kcontext, authdata);
- return code;
+ krb5_free_authdata(kcontext, authdata);
+ return code;
}
authdata[0]->magic = KV5M_AUTHDATA;
@@ -1071,25 +1072,25 @@ mspac_export_authdata(krb5_context kcontext,
static krb5_error_code
mspac_verify(krb5_context kcontext,
- krb5_authdata_context context,
- void *plugin_context,
- void *request_context,
- const krb5_auth_context *auth_context,
- const krb5_keyblock *key,
- const krb5_ap_req *req)
+ krb5_authdata_context context,
+ void *plugin_context,
+ void *request_context,
+ const krb5_auth_context *auth_context,
+ const krb5_keyblock *key,
+ const krb5_ap_req *req)
{
krb5_error_code code;
struct mspac_context *pacctx = (struct mspac_context *)request_context;
if (pacctx->pac == NULL)
- return EINVAL;
+ return EINVAL;
code = krb5_pac_verify(kcontext,
- pacctx->pac,
- req->ticket->enc_part2->times.authtime,
- req->ticket->enc_part2->client,
- key,
- NULL);
+ pacctx->pac,
+ req->ticket->enc_part2->times.authtime,
+ req->ticket->enc_part2->client,
+ key,
+ NULL);
#if 0
/*
@@ -1097,8 +1098,8 @@ mspac_verify(krb5_context kcontext,
* Thoughts?
*/
if (code == KRB5KRB_AP_ERR_BAD_INTEGRITY) {
- assert(pacctx->pac->verified == FALSE);
- code = 0;
+ assert(pacctx->pac->verified == FALSE);
+ code = 0;
}
#endif
@@ -1107,17 +1108,17 @@ mspac_verify(krb5_context kcontext,
static void
mspac_request_fini(krb5_context kcontext,
- krb5_authdata_context context,
- void *plugin_context,
- void *request_context)
+ krb5_authdata_context context,
+ void *plugin_context,
+ void *request_context)
{
struct mspac_context *pacctx = (struct mspac_context *)request_context;
if (pacctx != NULL) {
- if (pacctx->pac != NULL)
- krb5_pac_free(kcontext, pacctx->pac);
+ if (pacctx->pac != NULL)
+ krb5_pac_free(kcontext, pacctx->pac);
- free(pacctx);
+ free(pacctx);
}
}
@@ -1127,17 +1128,17 @@ static struct {
krb5_ui_4 type;
krb5_data attribute;
} mspac_attribute_types[] = {
- { (krb5_ui_4)-1, { KV5M_DATA, STRLENOF("urn:mspac:"), "urn:mspac:" } },
- { PAC_LOGON_INFO, { KV5M_DATA, STRLENOF("urn:mspac:logon-info"), "urn:mspac:logon-info" } },
- { PAC_CREDENTIALS_INFO, { KV5M_DATA, STRLENOF("urn:mspac:credentials-info"), "urn:mspac:credentials-info" } },
- { PAC_SERVER_CHECKSUM, { KV5M_DATA, STRLENOF("urn:mspac:server-checksum"), "urn:mspac:server-checksum" } },
- { PAC_PRIVSVR_CHECKSUM, { KV5M_DATA, STRLENOF("urn:mspac:privsvr-checksum"), "urn:mspac:privsvr-checksum" } },
- { PAC_CLIENT_INFO, { KV5M_DATA, STRLENOF("urn:mspac:client-info"), "urn:mspac:client-info" } },
- { PAC_DELEGATION_INFO, { KV5M_DATA, STRLENOF("urn:mspac:delegation-info"), "urn:mspac:delegation-info" } },
- { PAC_UPN_DNS_INFO, { KV5M_DATA, STRLENOF("urn:mspac:upn-dns-info"), "urn:mspac:upn-dns-info" } },
+ { (krb5_ui_4)-1, { KV5M_DATA, STRLENOF("urn:mspac:"), "urn:mspac:" } },
+ { PAC_LOGON_INFO, { KV5M_DATA, STRLENOF("urn:mspac:logon-info"), "urn:mspac:logon-info" } },
+ { PAC_CREDENTIALS_INFO, { KV5M_DATA, STRLENOF("urn:mspac:credentials-info"), "urn:mspac:credentials-info" } },
+ { PAC_SERVER_CHECKSUM, { KV5M_DATA, STRLENOF("urn:mspac:server-checksum"), "urn:mspac:server-checksum" } },
+ { PAC_PRIVSVR_CHECKSUM, { KV5M_DATA, STRLENOF("urn:mspac:privsvr-checksum"), "urn:mspac:privsvr-checksum" } },
+ { PAC_CLIENT_INFO, { KV5M_DATA, STRLENOF("urn:mspac:client-info"), "urn:mspac:client-info" } },
+ { PAC_DELEGATION_INFO, { KV5M_DATA, STRLENOF("urn:mspac:delegation-info"), "urn:mspac:delegation-info" } },
+ { PAC_UPN_DNS_INFO, { KV5M_DATA, STRLENOF("urn:mspac:upn-dns-info"), "urn:mspac:upn-dns-info" } },
};
-#define MSPAC_ATTRIBUTE_COUNT (sizeof(mspac_attribute_types)/sizeof(mspac_attribute_types[0]))
+#define MSPAC_ATTRIBUTE_COUNT (sizeof(mspac_attribute_types)/sizeof(mspac_attribute_types[0]))
static krb5_error_code
mspac_type2attr(krb5_ui_4 type, krb5_data *attr)
@@ -1145,10 +1146,10 @@ mspac_type2attr(krb5_ui_4 type, krb5_data *attr)
unsigned int i;
for (i = 0; i < MSPAC_ATTRIBUTE_COUNT; i++) {
- if (mspac_attribute_types[i].type == type) {
- *attr = mspac_attribute_types[i].attribute;
- return 0;
- }
+ if (mspac_attribute_types[i].type == type) {
+ *attr = mspac_attribute_types[i].attribute;
+ return 0;
+ }
}
return ENOENT;
@@ -1160,22 +1161,22 @@ mspac_attr2type(const krb5_data *attr, krb5_ui_4 *type)
unsigned int i;
for (i = 0; i < MSPAC_ATTRIBUTE_COUNT; i++) {
- if (attr->length == mspac_attribute_types[i].attribute.length &&
- strncasecmp(attr->data, mspac_attribute_types[i].attribute.data, attr->length) == 0) {
- *type = mspac_attribute_types[i].type;
- return 0;
- }
+ if (attr->length == mspac_attribute_types[i].attribute.length &&
+ strncasecmp(attr->data, mspac_attribute_types[i].attribute.data, attr->length) == 0) {
+ *type = mspac_attribute_types[i].type;
+ return 0;
+ }
}
if (attr->length > STRLENOF("urn:mspac:") &&
- strncasecmp(attr->data, "urn:mspac:", STRLENOF("urn:mspac:")) == 0)
+ strncasecmp(attr->data, "urn:mspac:", STRLENOF("urn:mspac:")) == 0)
{
- char *p = &attr->data[STRLENOF("urn:mspac:")];
- char *endptr;
+ char *p = &attr->data[STRLENOF("urn:mspac:")];
+ char *endptr;
- *type = strtoul(p, &endptr, 10);
- if (*type != 0 && *endptr == '\0')
- return 0;
+ *type = strtoul(p, &endptr, 10);
+ if (*type != 0 && *endptr == '\0')
+ return 0;
}
return ENOENT;
@@ -1183,10 +1184,10 @@ mspac_attr2type(const krb5_data *attr, krb5_ui_4 *type)
static krb5_error_code
mspac_get_attribute_types(krb5_context kcontext,
- krb5_authdata_context context,
- void *plugin_context,
- void *request_context,
- krb5_data **out_attrs)
+ krb5_authdata_context context,
+ void *plugin_context,
+ void *request_context,
+ krb5_data **out_attrs)
{
struct mspac_context *pacctx = (struct mspac_context *)request_context;
unsigned int i, j;
@@ -1194,45 +1195,45 @@ mspac_get_attribute_types(krb5_context kcontext,
krb5_error_code code;
if (pacctx->pac == NULL)
- return ENOENT;
+ return ENOENT;
attrs = calloc(1 + pacctx->pac->pac->cBuffers + 1, sizeof(krb5_data));
if (attrs == NULL)
- return ENOMEM;
+ return ENOMEM;
j = 0;
/* The entire PAC */
code = krb5int_copy_data_contents(kcontext,
- &mspac_attribute_types[0].attribute,
- &attrs[j++]);
+ &mspac_attribute_types[0].attribute,
+ &attrs[j++]);
if (code != 0) {
- free(attrs);
- return code;
+ free(attrs);
+ return code;
}
/* PAC buffers */
for (i = 0; i < pacctx->pac->pac->cBuffers; i++) {
- krb5_data attr;
-
- code = mspac_type2attr(pacctx->pac->pac->Buffers[i].ulType, &attr);
- if (code == 0) {
- code = krb5int_copy_data_contents(kcontext, &attr, &attrs[j++]);
- if (code != 0) {
- krb5int_free_data_list(kcontext, attrs);
- return code;
- }
- } else {
- int length;
-
- length = asprintf(&attrs[j].data, "urn:mspac:%d",
- pacctx->pac->pac->Buffers[i].ulType);
- if (length < 0) {
- krb5int_free_data_list(kcontext, attrs);
- return ENOMEM;
- }
- attrs[j++].length = length;
- }
+ krb5_data attr;
+
+ code = mspac_type2attr(pacctx->pac->pac->Buffers[i].ulType, &attr);
+ if (code == 0) {
+ code = krb5int_copy_data_contents(kcontext, &attr, &attrs[j++]);
+ if (code != 0) {
+ krb5int_free_data_list(kcontext, attrs);
+ return code;
+ }
+ } else {
+ int length;
+
+ length = asprintf(&attrs[j].data, "urn:mspac:%d",
+ pacctx->pac->pac->Buffers[i].ulType);
+ if (length < 0) {
+ krb5int_free_data_list(kcontext, attrs);
+ return ENOMEM;
+ }
+ attrs[j++].length = length;
+ }
}
attrs[j].data = NULL;
attrs[j].length = 0;
@@ -1244,49 +1245,49 @@ mspac_get_attribute_types(krb5_context kcontext,
static krb5_error_code
mspac_get_attribute(krb5_context kcontext,
- krb5_authdata_context context,
- void *plugin_context,
- void *request_context,
- const krb5_data *attribute,
- krb5_boolean *authenticated,
- krb5_boolean *complete,
- krb5_data *value,
- krb5_data *display_value,
- int *more)
+ krb5_authdata_context context,
+ void *plugin_context,
+ void *request_context,
+ const krb5_data *attribute,
+ krb5_boolean *authenticated,
+ krb5_boolean *complete,
+ krb5_data *value,
+ krb5_data *display_value,
+ int *more)
{
struct mspac_context *pacctx = (struct mspac_context *)request_context;
krb5_error_code code;
krb5_ui_4 type;
if (display_value != NULL) {
- display_value->data = NULL;
- display_value->length = 0;
+ display_value->data = NULL;
+ display_value->length = 0;
}
if (*more != -1 || pacctx->pac == NULL)
- return ENOENT;
+ return ENOENT;
code = mspac_attr2type(attribute, &type);
if (code != 0)
- return code;
+ return code;
/* -1 is a magic type that refers to the entire PAC */
if (type == (krb5_ui_4)-1) {
- if (value != NULL)
- code = krb5int_copy_data_contents(kcontext,
- &pacctx->pac->data,
- value);
- else
- code = 0;
+ if (value != NULL)
+ code = krb5int_copy_data_contents(kcontext,
+ &pacctx->pac->data,
+ value);
+ else
+ code = 0;
} else {
- if (value != NULL)
- code = krb5_pac_get_buffer(kcontext, pacctx->pac, type, value);
- else
- code = k5_pac_locate_buffer(kcontext, pacctx->pac, type, NULL);
+ if (value != NULL)
+ code = krb5_pac_get_buffer(kcontext, pacctx->pac, type, value);
+ else
+ code = k5_pac_locate_buffer(kcontext, pacctx->pac, type, NULL);
}
if (code == 0) {
- *authenticated = pacctx->pac->verified;
- *complete = TRUE;
+ *authenticated = pacctx->pac->verified;
+ *complete = TRUE;
}
*more = 0;
@@ -1296,36 +1297,36 @@ mspac_get_attribute(krb5_context kcontext,
static krb5_error_code
mspac_set_attribute(krb5_context kcontext,
- krb5_authdata_context context,
- void *plugin_context,
- void *request_context,
- krb5_boolean complete,
- const krb5_data *attribute,
- const krb5_data *value)
+ krb5_authdata_context context,
+ void *plugin_context,
+ void *request_context,
+ krb5_boolean complete,
+ const krb5_data *attribute,
+ const krb5_data *value)
{
struct mspac_context *pacctx = (struct mspac_context *)request_context;
krb5_error_code code;
krb5_ui_4 type;
if (pacctx->pac == NULL)
- return ENOENT;
+ return ENOENT;
code = mspac_attr2type(attribute, &type);
if (code != 0)
- return code;
+ return code;
/* -1 is a magic type that refers to the entire PAC */
if (type == (krb5_ui_4)-1) {
- krb5_pac newpac;
+ krb5_pac newpac;
- code = krb5_pac_parse(kcontext, value->data, value->length, &newpac);
- if (code != 0)
- return code;
+ code = krb5_pac_parse(kcontext, value->data, value->length, &newpac);
+ if (code != 0)
+ return code;
- krb5_pac_free(kcontext, pacctx->pac);
- pacctx->pac = newpac;
+ krb5_pac_free(kcontext, pacctx->pac);
+ pacctx->pac = newpac;
} else {
- code = krb5_pac_add_buffer(kcontext, pacctx->pac, type, value);
+ code = krb5_pac_add_buffer(kcontext, pacctx->pac, type, value);
}
return code;
@@ -1333,11 +1334,11 @@ mspac_set_attribute(krb5_context kcontext,
static krb5_error_code
mspac_export_internal(krb5_context kcontext,
- krb5_authdata_context context,
- void *plugin_context,
- void *request_context,
- krb5_boolean restrict_authenticated,
- void **ptr)
+ krb5_authdata_context context,
+ void *plugin_context,
+ void *request_context,
+ krb5_boolean restrict_authenticated,
+ void **ptr)
{
struct mspac_context *pacctx = (struct mspac_context *)request_context;
krb5_error_code code;
@@ -1346,16 +1347,16 @@ mspac_export_internal(krb5_context kcontext,
*ptr = NULL;
if (pacctx->pac == NULL)
- return 0;
+ return 0;
if (restrict_authenticated && (pacctx->pac->verified) == FALSE)
- return 0;
+ return 0;
code = krb5_pac_parse(kcontext, pacctx->pac->data.data,
- pacctx->pac->data.length, &pac);
+ pacctx->pac->data.length, &pac);
if (code == 0) {
- pac->verified = pacctx->pac->verified;
- *ptr = pac;
+ pac->verified = pacctx->pac->verified;
+ *ptr = pac;
}
return code;
@@ -1363,30 +1364,30 @@ mspac_export_internal(krb5_context kcontext,
static void
mspac_free_internal(krb5_context kcontext,
- krb5_authdata_context context,
- void *plugin_context,
- void *request_context,
- void *ptr)
+ krb5_authdata_context context,
+ void *plugin_context,
+ void *request_context,
+ void *ptr)
{
if (ptr != NULL)
- krb5_pac_free(kcontext, (krb5_pac)ptr);
+ krb5_pac_free(kcontext, (krb5_pac)ptr);
return;
}
static krb5_error_code
mspac_size(krb5_context kcontext,
- krb5_authdata_context context,
- void *plugin_context,
- void *request_context,
- size_t *sizep)
+ krb5_authdata_context context,
+ void *plugin_context,
+ void *request_context,
+ size_t *sizep)
{
struct mspac_context *pacctx = (struct mspac_context *)request_context;
*sizep += sizeof(krb5_int32);
if (pacctx->pac != NULL)
- *sizep += pacctx->pac->data.length;
+ *sizep += pacctx->pac->data.length;
*sizep += sizeof(krb5_int32);
@@ -1395,11 +1396,11 @@ mspac_size(krb5_context kcontext,
static krb5_error_code
mspac_externalize(krb5_context kcontext,
- krb5_authdata_context context,
- void *plugin_context,
- void *request_context,
- krb5_octet **buffer,
- size_t *lenremain)
+ krb5_authdata_context context,
+ void *plugin_context,
+ void *request_context,
+ krb5_octet **buffer,
+ size_t *lenremain)
{
krb5_error_code code = 0;
struct mspac_context *pacctx = (struct mspac_context *)request_context;
@@ -1411,23 +1412,23 @@ mspac_externalize(krb5_context kcontext,
remain = *lenremain;
if (pacctx->pac != NULL) {
- mspac_size(kcontext, context, plugin_context,
- request_context, &required);
-
- if (required <= remain) {
- krb5_ser_pack_int32((krb5_int32)pacctx->pac->data.length,
- &bp, &remain);
- krb5_ser_pack_bytes((krb5_octet *)pacctx->pac->data.data,
- (size_t)pacctx->pac->data.length,
- &bp, &remain);
- krb5_ser_pack_int32((krb5_int32)pacctx->pac->verified,
- &bp, &remain);
- } else {
- code = ENOMEM;
- }
+ mspac_size(kcontext, context, plugin_context,
+ request_context, &required);
+
+ if (required <= remain) {
+ krb5_ser_pack_int32((krb5_int32)pacctx->pac->data.length,
+ &bp, &remain);
+ krb5_ser_pack_bytes((krb5_octet *)pacctx->pac->data.data,
+ (size_t)pacctx->pac->data.length,
+ &bp, &remain);
+ krb5_ser_pack_int32((krb5_int32)pacctx->pac->verified,
+ &bp, &remain);
+ } else {
+ code = ENOMEM;
+ }
} else {
- krb5_ser_pack_int32(0, &bp, &remain); /* length */
- krb5_ser_pack_int32(0, &bp, &remain); /* verified */
+ krb5_ser_pack_int32(0, &bp, &remain); /* length */
+ krb5_ser_pack_int32(0, &bp, &remain); /* verified */
}
*buffer = bp;
@@ -1438,11 +1439,11 @@ mspac_externalize(krb5_context kcontext,
static krb5_error_code
mspac_internalize(krb5_context kcontext,
- krb5_authdata_context context,
- void *plugin_context,
- void *request_context,
- krb5_octet **buffer,
- size_t *lenremain)
+ krb5_authdata_context context,
+ void *plugin_context,
+ void *request_context,
+ krb5_octet **buffer,
+ size_t *lenremain)
{
struct mspac_context *pacctx = (struct mspac_context *)request_context;
krb5_error_code code;
@@ -1457,30 +1458,30 @@ mspac_internalize(krb5_context kcontext,
/* length */
code = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
if (code != 0)
- return code;
+ return code;
if (ibuf != 0) {
- code = krb5_pac_parse(kcontext, bp, ibuf, &pac);
- if (code != 0)
- return code;
+ code = krb5_pac_parse(kcontext, bp, ibuf, &pac);
+ if (code != 0)
+ return code;
- bp += ibuf;
- remain -= ibuf;
+ bp += ibuf;
+ remain -= ibuf;
}
/* verified */
code = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
if (code != 0) {
- krb5_pac_free(kcontext, pac);
- return code;
+ krb5_pac_free(kcontext, pac);
+ return code;
}
if (pac != NULL) {
- pac->verified = (ibuf != 0);
+ pac->verified = (ibuf != 0);
}
if (pacctx->pac != NULL) {
- krb5_pac_free(kcontext, pacctx->pac);
+ krb5_pac_free(kcontext, pacctx->pac);
}
pacctx->pac = pac;
@@ -1493,11 +1494,11 @@ mspac_internalize(krb5_context kcontext,
static krb5_error_code
mspac_copy(krb5_context kcontext,
- krb5_authdata_context context,
- void *plugin_context,
- void *request_context,
- void *dst_plugin_context,
- void *dst_request_context)
+ krb5_authdata_context context,
+ void *plugin_context,
+ void *request_context,
+ void *dst_plugin_context,
+ void *dst_request_context)
{
struct mspac_context *srcctx = (struct mspac_context *)request_context;
struct mspac_context *dstctx = (struct mspac_context *)dst_request_context;
@@ -1507,7 +1508,7 @@ mspac_copy(krb5_context kcontext,
assert(dstctx->pac == NULL);
if (srcctx->pac != NULL)
- code = k5_pac_copy(kcontext, srcctx->pac, &dstctx->pac);
+ code = k5_pac_copy(kcontext, srcctx->pac, &dstctx->pac);
return code;
}
@@ -1536,4 +1537,3 @@ krb5plugin_authdata_client_ftable_v0 krb5int_mspac_authdata_client_ftable = {
mspac_internalize,
mspac_copy
};
-
generated by cgit (git 2.34.1) at 2024-06-28 12:58:04 +0000