From: Greg Hudson Date: Mon, 3 Jun 2019 20:12:03 +0000 (-0400) Subject: Add new internal pa-data helpers X-Git-Tag: krb5-1.18-beta1~108 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2d2222850200fd74790aaffcc5b5ce3dbfdb0017;p=thirdparty%2Fkrb5.git Add new internal pa-data helpers Add a new file with five new internal libkrb5 functions to help manage pa-data lists. Move krb5int_find_pa_data() from fast.c into the new file and simplify it slightly. --- diff --git a/src/include/k5-int.h b/src/include/k5-int.h index 7833d9987b..3bef20c738 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -851,11 +851,35 @@ typedef struct _krb5_cammac { krb5_verifier_mac **other_verifiers; } krb5_cammac; +void krb5_free_etype_info(krb5_context, krb5_etype_info); + krb5_pa_data * krb5int_find_pa_data(krb5_context, krb5_pa_data *const *, krb5_preauthtype); /* Does not return a copy; original padata sequence responsible for freeing*/ -void krb5_free_etype_info(krb5_context, krb5_etype_info); +/* Allocate a pa-data object with uninitialized contents of size len. If len + * is 0, set the contents field to NULL. */ +krb5_error_code +k5_alloc_pa_data(krb5_preauthtype pa_type, size_t len, krb5_pa_data **out); + +/* Free a single pa-data object. */ +void +k5_free_pa_data_element(krb5_pa_data *pa); + +/* Without copying, add single element *pa to *list, reallocating as necessary. + * If *list is NULL, allocate a new list. Set *pa to NULL on success. */ +krb5_error_code +k5_add_pa_data_element(krb5_pa_data ***list, krb5_pa_data **pa); + +/* Without copying, add a pa-data element of type pa_type to *list with the + * contents in data. Set *data to empty_data() on success. */ +krb5_error_code +k5_add_pa_data_from_data(krb5_pa_data ***list, krb5_preauthtype pa_type, + krb5_data *data); + +/* Add an empty pa-data element of type pa_type to *list. */ +krb5_error_code +k5_add_empty_pa_data(krb5_pa_data ***list, krb5_preauthtype pa_type); #endif /* KRB5_PREAUTH__ */ /* diff --git a/src/lib/krb5/krb/Makefile.in b/src/lib/krb5/krb/Makefile.in index 69b9101a84..7734a4785b 100644 --- a/src/lib/krb5/krb/Makefile.in +++ b/src/lib/krb5/krb/Makefile.in @@ -77,6 +77,7 @@ STLIBOBJS= \ mk_safe.o \ pac.o \ pac_sign.o \ + padata.o \ parse.o \ parse_host_string.o \ plugin.o \ @@ -190,6 +191,7 @@ OBJS= $(OUTPRE)addr_comp.$(OBJEXT) \ $(OUTPRE)mk_safe.$(OBJEXT) \ $(OUTPRE)pac.$(OBJEXT) \ $(OUTPRE)pac_sign.$(OBJEXT) \ + $(OUTPRE)padata.$(OBJEXT) \ $(OUTPRE)parse.$(OBJEXT) \ $(OUTPRE)parse_host_string.$(OBJEXT) \ $(OUTPRE)plugin.$(OBJEXT) \ @@ -303,6 +305,7 @@ SRCS= $(srcdir)/addr_comp.c \ $(srcdir)/mk_safe.c \ $(srcdir)/pac.c \ $(srcdir)/pac_sign.c \ + $(srcdir)/padata.c \ $(srcdir)/parse.c \ $(srcdir)/parse_host_string.c \ $(srcdir)/plugin.c \ diff --git a/src/lib/krb5/krb/fast.c b/src/lib/krb5/krb/fast.c index 4f3e27e1bc..62c9f0841f 100644 --- a/src/lib/krb5/krb/fast.c +++ b/src/lib/krb5/krb/fast.c @@ -618,23 +618,6 @@ krb5int_fast_free_state(krb5_context context, free(state); } -krb5_pa_data * -krb5int_find_pa_data(krb5_context context, krb5_pa_data *const *padata, - krb5_preauthtype pa_type) -{ - krb5_pa_data * const *tmppa; - - if (padata == NULL) - return NULL; - - for (tmppa = padata; *tmppa != NULL; tmppa++) { - if ((*tmppa)->pa_type == pa_type) - break; - } - - return *tmppa; -} - /* * Implement FAST negotiation as specified in RFC 6806 section 11. If * the encrypted part of rep sets the enc-pa-rep flag, look for and diff --git a/src/lib/krb5/krb/padata.c b/src/lib/krb5/krb/padata.c new file mode 100644 index 0000000000..b307f8b24c --- /dev/null +++ b/src/lib/krb5/krb/padata.c @@ -0,0 +1,127 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +/* lib/krb5/krb/padata.c - utility functions for krb5_pa_data lists */ +/* + * Copyright (C) 2019 by the Massachusetts Institute of Technology. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "k5-int.h" + +krb5_pa_data * +krb5int_find_pa_data(krb5_context context, krb5_pa_data *const *pa_list, + krb5_preauthtype pa_type) +{ + krb5_pa_data *const *pa; + + for (pa = pa_list; pa != NULL && *pa != NULL; pa++) { + if ((*pa)->pa_type == pa_type) + return *pa; + } + return NULL; +} + +krb5_error_code +k5_alloc_pa_data(krb5_preauthtype pa_type, size_t len, krb5_pa_data **out) +{ + krb5_pa_data *pa; + uint8_t *buf = NULL; + + *out = NULL; + if (len > 0) { + buf = malloc(len); + if (buf == NULL) + return ENOMEM; + } + pa = malloc(sizeof(*pa)); + if (pa == NULL) { + free(buf); + return ENOMEM; + } + pa->magic = KV5M_PA_DATA; + pa->pa_type = pa_type; + pa->length = len; + pa->contents = buf; + *out = pa; + return 0; +} + +void +k5_free_pa_data_element(krb5_pa_data *pa) +{ + if (pa != NULL) { + free(pa->contents); + free(pa); + } +} + +krb5_error_code +k5_add_pa_data_element(krb5_pa_data ***list, krb5_pa_data **pa) +{ + size_t count; + krb5_pa_data **newlist; + + for (count = 0; *list != NULL && (*list)[count] != NULL; count++); + + newlist = realloc(*list, (count + 2) * sizeof(*newlist)); + if (newlist == NULL) + return ENOMEM; + newlist[count] = *pa; + newlist[count + 1] = NULL; + *pa = NULL; + *list = newlist; + return 0; +} + +krb5_error_code +k5_add_pa_data_from_data(krb5_pa_data ***list, krb5_preauthtype pa_type, + krb5_data *data) +{ + krb5_error_code ret; + krb5_pa_data *pa; + + ret = k5_alloc_pa_data(pa_type, 0, &pa); + if (ret) + return ret; + pa->contents = (uint8_t *)data->data; + pa->length = data->length; + ret = k5_add_pa_data_element(list, &pa); + if (ret) { + free(pa); + return ret; + } + *data = empty_data(); + return 0; +} + +krb5_error_code +k5_add_empty_pa_data(krb5_pa_data ***list, krb5_preauthtype pa_type) +{ + krb5_data empty = empty_data(); + + return k5_add_pa_data_from_data(list, pa_type, &empty); +} diff --git a/src/lib/krb5/libkrb5.exports b/src/lib/krb5/libkrb5.exports index a6d1389038..1d124a09fb 100644 --- a/src/lib/krb5/libkrb5.exports +++ b/src/lib/krb5/libkrb5.exports @@ -117,6 +117,10 @@ initialize_krb5_error_table initialize_k5e1_error_table initialize_kv5m_error_table initialize_prof_error_table +k5_add_empty_pa_data +k5_add_pa_data_element +k5_add_pa_data_from_data +k5_alloc_pa_data k5_authind_decode k5_build_conf_principals k5_ccselect_free_context @@ -129,6 +133,7 @@ k5_free_cammac k5_free_data_ptr_list k5_free_otp_tokeninfo k5_free_kkdcp_message +k5_free_pa_data_element k5_free_pa_otp_challenge k5_free_pa_otp_req k5_free_secure_cookie