svn rev #22229: branches/krb5-1-7/src/ include/ lib/krb5/krb/

tlyu@MIT.EDU tlyu at MIT.EDU
Tue Apr 14 17:07:47 EDT 2009 

http://src.mit.edu/fisheye/changelog/krb5/?cs=22229
Commit By: tlyu
Log Message:
ticket: 6422
version_fixed: 1.7

pull up r22096, r22097 from trunk

 ------------------------------------------------------------------------
 r22097 | hartmans | 2009-03-16 12:50:30 -0400 (Mon, 16 Mar 2009) | 6 lines
 Changed paths:
    M /trunk/src/include/k5-int.h
    M /trunk/src/lib/krb5/krb/Makefile.in
    A /trunk/src/lib/krb5/krb/t_authdata.c

 ticket: 6422

 Implement tests for authdata functions

 Implement some test cases for krb5_merge_authdata and
 krb5int_find_authdata
 ------------------------------------------------------------------------
 r22096 | hartmans | 2009-03-16 12:50:26 -0400 (Mon, 16 Mar 2009) | 5 lines
 Changed paths:
    M /trunk/src/lib/krb5/krb/copy_auth.c

 subject: Implement krb5int_find_authdata
 ticket: 6422

 Implement a function to find all instances of a particular ad_type in
 ticket or authenticator authdata.


Changed Files:
U   branches/krb5-1-7/src/include/k5-int.h
U   branches/krb5-1-7/src/lib/krb5/krb/Makefile.in
U   branches/krb5-1-7/src/lib/krb5/krb/copy_auth.c
A   branches/krb5-1-7/src/lib/krb5/krb/t_authdata.c
Modified: branches/krb5-1-7/src/include/k5-int.h
===================================================================
--- branches/krb5-1-7/src/include/k5-int.h	2009-04-14 21:07:42 UTC (rev 22228)
+++ branches/krb5-1-7/src/include/k5-int.h	2009-04-14 21:07:46 UTC (rev 22229)
@@ -2570,6 +2570,11 @@
 		krb5_data *,
 	  const krb5_keyblock *,
 		krb5_kdc_rep ** );
+krb5_error_code krb5int_find_authdata
+(krb5_context context, krb5_authdata *const * ticket_authdata,
+ krb5_authdata * const *ap_req_authdata,
+ krb5_authdatatype ad_type,
+ krb5_authdata ***results);
 
 krb5_error_code krb5_rd_req_decoded
 	(krb5_context,

Modified: branches/krb5-1-7/src/lib/krb5/krb/Makefile.in
===================================================================
--- branches/krb5-1-7/src/lib/krb5/krb/Makefile.in	2009-04-14 21:07:42 UTC (rev 22228)
+++ branches/krb5-1-7/src/lib/krb5/krb/Makefile.in	2009-04-14 21:07:46 UTC (rev 22229)
@@ -308,6 +308,8 @@
 
 t_walk_rtree: $(T_WALK_RTREE_OBJS) $(KRB5_BASE_DEPLIBS)
 	$(CC_LINK) -o t_walk_rtree $(T_WALK_RTREE_OBJS) $(KRB5_BASE_LIBS)
+t_authdata: t_authdata.o copy_auth.o
+	$(CC_LINK) -o $@ $< copy_auth.o $(KRB5_BASE_LIBS)
 
 t_kerb: $(T_KERB_OBJS) $(KRB5_BASE_DEPLIBS)
 	$(CC_LINK) -o t_kerb $(T_KERB_OBJS) $(KRB5_BASE_LIBS)
@@ -323,7 +325,7 @@
 t_expand : $(T_EXPAND_OBJS) $(KRB5_BASE_DEPLIBS)
 	$(CC_LINK) -o t_expand $(T_EXPAND_OBJS) $(KRB5_BASE_LIBS)
 
-TEST_PROGS= t_walk_rtree t_kerb t_ser t_deltat t_expand
+TEST_PROGS= t_walk_rtree t_kerb t_ser t_deltat t_expand t_authdata
 
 check-unix:: $(TEST_PROGS)
 	KRB5_CONFIG=$(srcdir)/t_krb5.conf ; export KRB5_CONFIG ;\
@@ -356,13 +358,16 @@
 	$(RUN_SETUP) $(VALGRIND) sh $(srcdir)/transit-tests
 	KRB5_CONFIG=$(srcdir)/t_krb5.conf ; export KRB5_CONFIG ;\
 		$(RUN_SETUP) $(VALGRIND) sh $(srcdir)/walktree-tests
+	KRB5_CONFIG=$(srcdir)/t_krb5.conf ; export KRB5_CONFIG ;\
+	$(RUN_SETUP) $(VALGRIND) ./t_authdata
 
 clean::
 	$(RM) $(OUTPRE)t_walk_rtree$(EXEEXT) $(OUTPRE)t_walk_rtree.$(OBJEXT) \
 		$(OUTPRE)t_kerb$(EXEEXT) $(OUTPRE)t_kerb.$(OBJEXT)	\
 		$(OUTPRE)t_ser$(EXEEXT) $(OUTPRE)t_ser.$(OBJEXT)	\
 		$(OUTPRE)t_deltat$(EXEEXT) $(OUTPRE)t_deltat.$(OBJEXT) \
-		$(OUTPRE)t_expand$(EXEEXT) $(OUTPRE)t_expand.$(OBJEXT)
+		$(OUTPRE)t_expand$(EXEEXT) $(OUTPRE)t_expand.$(OBJEXT)  \
+	$(OUTPRE)t_authdata$(EXEEXT) $(OUTPRE)t_authdata.$(OBJEXT)
 
 @libobj_frag@
 

Modified: branches/krb5-1-7/src/lib/krb5/krb/copy_auth.c
===================================================================
--- branches/krb5-1-7/src/lib/krb5/krb/copy_auth.c	2009-04-14 21:07:42 UTC (rev 22228)
+++ branches/krb5-1-7/src/lib/krb5/krb/copy_auth.c	2009-04-14 21:07:46 UTC (rev 22229)
@@ -187,3 +187,92 @@
 
     return code;
 }
+
+struct find_authdata_context {
+  krb5_authdata **out;
+  size_t space;
+  size_t length;
+};
+
+static krb5_error_code grow_find_authdata
+(krb5_context context, struct find_authdata_context *fctx,
+ krb5_authdata *elem)
+{
+  krb5_error_code retval = 0;
+  if (fctx->length == fctx->space) {
+    krb5_authdata **new;
+    if (fctx->space >= 256) {
+      krb5_set_error_message(context, ERANGE, "More than 256 authdata matched a query");
+      return ERANGE;
+    }
+    new       = realloc(fctx->out,
+			sizeof (krb5_authdata *)*(2*fctx->space+1));
+    if (new == NULL)
+      return ENOMEM;
+    fctx->out = new;
+    fctx->space *=2;
+  }
+  fctx->out[fctx->length+1] = NULL;
+  retval = krb5_copy_authdatum(context, elem,
+			       &fctx->out[fctx->length]);
+  if (retval == 0)
+    fctx->length++;
+  return retval;
+}
+
+  
+  
+
+static krb5_error_code find_authdata_1
+(krb5_context context, krb5_authdata *const *in_authdat, krb5_authdatatype ad_type,
+ struct find_authdata_context *fctx)
+{
+  int i = 0;
+  krb5_error_code retval=0;
+  
+  for (i = 0; in_authdat[i]; i++) {
+    krb5_authdata *ad = in_authdat[i];
+    if (ad->ad_type == ad_type && retval ==0)
+      retval = grow_find_authdata(context, fctx, ad);
+    else switch (ad->ad_type) {
+      krb5_authdata **decoded_container;
+    case KRB5_AUTHDATA_IF_RELEVANT:
+      if (retval == 0)
+	retval = krb5_decode_authdata_container( context, ad->ad_type, ad, &decoded_container);
+      if (retval == 0) {
+	retval = find_authdata_1(context,
+				 decoded_container, ad_type, fctx);
+	krb5_free_authdata(context, decoded_container);
+      }
+      break;
+    default:
+      break;
+    }
+  }
+  return retval;
+}
+
+
+krb5_error_code krb5int_find_authdata
+(krb5_context context, krb5_authdata *const * ticket_authdata,
+ krb5_authdata * const *ap_req_authdata,
+ krb5_authdatatype ad_type,
+ krb5_authdata ***results)
+{
+  krb5_error_code retval = 0;
+  struct find_authdata_context fctx;
+  fctx.length = 0;
+  fctx.space = 2;
+  fctx.out = calloc(fctx.space+1, sizeof (krb5_authdata *));
+  *results = NULL;
+  if (fctx.out == NULL)
+    return ENOMEM;
+  if (ticket_authdata)
+      retval = find_authdata_1( context, ticket_authdata, ad_type, &fctx);
+  if ((retval==0) && ap_req_authdata)
+    retval = find_authdata_1( context, ap_req_authdata, ad_type, &fctx);
+  if ((retval== 0) && fctx.length)
+    *results = fctx.out;
+  else krb5_free_authdata(context, fctx.out);
+  return retval;
+}

Added: branches/krb5-1-7/src/lib/krb5/krb/t_authdata.c
===================================================================
--- branches/krb5-1-7/src/lib/krb5/krb/t_authdata.c	2009-04-14 21:07:42 UTC (rev 22228)
+++ branches/krb5-1-7/src/lib/krb5/krb/t_authdata.c	2009-04-14 21:07:46 UTC (rev 22229)
@@ -0,0 +1,102 @@
+/*
+ * lib/krb5/krb/t_authdata.c
+ *
+ * Copyright (C) 2009 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ * 
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ * 
+ * 
+ *
+ * Test authorization data search
+ */
+
+#include <k5-int.h>
+#include <krb5.h>
+#include <assert.h>
+#include <memory.h>
+
+krb5_authdata ad1 = {
+  KV5M_AUTHDATA,
+  22,
+  4,
+  (unsigned char *) "abcd"};
+krb5_authdata ad2 = {
+  KV5M_AUTHDATA,
+  23,
+  5,
+  (unsigned char *) "abcde"
+};
+
+krb5_authdata ad3= {
+  KV5M_AUTHDATA,
+  22,
+  3,
+  (unsigned char *) "ab"
+};
+/* we want three results in the return from krb5int_find_authdata so
+it has to grow its list.
+*/
+krb5_authdata ad4 = {
+    KV5M_AUTHDATA,
+    22,
+    5,
+    (unsigned char *)"abcd"
+};
+
+krb5_authdata *adseq1[] = {&ad1, &ad2, &ad4, NULL};
+
+krb5_authdata *adseq2[] = {&ad3, NULL};
+
+static void compare_authdata(const krb5_authdata *adc1, krb5_authdata *adc2) {
+  assert(adc1->ad_type == adc2->ad_type);
+  assert(adc1->length == adc2->length);
+  assert(memcmp(adc1->contents, adc2->contents, adc1->length) == 0);
+}
+
+int main() 
+{
+    krb5_context context;
+    krb5_authdata **results;
+    krb5_authdata *container[2];
+    krb5_authdata **container_out;
+  
+
+    assert(krb5_init_context(&context) == 0);
+    assert(krb5_merge_authdata(context, adseq1, adseq2, &results) == 0);
+    compare_authdata(results[0], &ad1);
+    compare_authdata( results[1], &ad2);
+    compare_authdata(results[2], &ad4);
+    compare_authdata( results[3], &ad3);
+    assert(results[4] == NULL);
+    krb5_free_authdata(context, results);
+    container[0] = &ad3;
+    container[1] = NULL;
+    assert(krb5_encode_authdata_container( context, KRB5_AUTHDATA_IF_RELEVANT, container, &container_out) == 0);
+    assert(krb5int_find_authdata(context,
+				 adseq1, container_out, 22, &results) == 0);
+    compare_authdata(&ad1, results[0]);
+    compare_authdata( results[1], &ad4);
+    compare_authdata( results[2], &ad3);
+    assert( results[3] == NULL);
+    krb5_free_authdata(context, results);
+    krb5_free_authdata(context, container_out);
+    return 0;
+}

More information about the cvs-krb5 mailing list