krb5 commit: Add new internal pa-data helpers
Greg Hudson
ghudson at mit.edu
Mon Jun 10 13:27:59 EDT 2019
https://github.com/krb5/krb5/commit/2d2222850200fd74790aaffcc5b5ce3dbfdb0017
commit 2d2222850200fd74790aaffcc5b5ce3dbfdb0017
Author: Greg Hudson <ghudson at mit.edu>
Date: Mon Jun 3 16:12:03 2019 -0400
Add new internal pa-data helpers
Add a new file with five new internal libkrb5 functions to help manage
pa-data lists. Move krb5int_find_pa_data() from fast.c into the new
file and simplify it slightly.
src/include/k5-int.h | 26 ++++++++-
src/lib/krb5/krb/Makefile.in | 3 +
src/lib/krb5/krb/fast.c | 17 ------
src/lib/krb5/krb/padata.c | 127 ++++++++++++++++++++++++++++++++++++++++++
src/lib/krb5/libkrb5.exports | 5 ++
5 files changed, 160 insertions(+), 18 deletions(-)
diff --git a/src/include/k5-int.h b/src/include/k5-int.h
index 7833d99..3bef20c 100644
--- a/src/include/k5-int.h
+++ b/src/include/k5-int.h
@@ -851,11 +851,35 @@ typedef struct _krb5_cammac {
krb5_verifier_mac **other_verifiers;
} krb5_cammac;
+void krb5_free_etype_info(krb5_context, krb5_etype_info);
+
krb5_pa_data *
krb5int_find_pa_data(krb5_context, krb5_pa_data *const *, krb5_preauthtype);
/* Does not return a copy; original padata sequence responsible for freeing*/
-void krb5_free_etype_info(krb5_context, krb5_etype_info);
+/* Allocate a pa-data object with uninitialized contents of size len. If len
+ * is 0, set the contents field to NULL. */
+krb5_error_code
+k5_alloc_pa_data(krb5_preauthtype pa_type, size_t len, krb5_pa_data **out);
+
+/* Free a single pa-data object. */
+void
+k5_free_pa_data_element(krb5_pa_data *pa);
+
+/* Without copying, add single element *pa to *list, reallocating as necessary.
+ * If *list is NULL, allocate a new list. Set *pa to NULL on success. */
+krb5_error_code
+k5_add_pa_data_element(krb5_pa_data ***list, krb5_pa_data **pa);
+
+/* Without copying, add a pa-data element of type pa_type to *list with the
+ * contents in data. Set *data to empty_data() on success. */
+krb5_error_code
+k5_add_pa_data_from_data(krb5_pa_data ***list, krb5_preauthtype pa_type,
+ krb5_data *data);
+
+/* Add an empty pa-data element of type pa_type to *list. */
+krb5_error_code
+k5_add_empty_pa_data(krb5_pa_data ***list, krb5_preauthtype pa_type);
#endif /* KRB5_PREAUTH__ */
/*
diff --git a/src/lib/krb5/krb/Makefile.in b/src/lib/krb5/krb/Makefile.in
index 69b9101..7734a47 100644
--- a/src/lib/krb5/krb/Makefile.in
+++ b/src/lib/krb5/krb/Makefile.in
@@ -77,6 +77,7 @@ STLIBOBJS= \
mk_safe.o \
pac.o \
pac_sign.o \
+ padata.o \
parse.o \
parse_host_string.o \
plugin.o \
@@ -190,6 +191,7 @@ OBJS= $(OUTPRE)addr_comp.$(OBJEXT) \
$(OUTPRE)mk_safe.$(OBJEXT) \
$(OUTPRE)pac.$(OBJEXT) \
$(OUTPRE)pac_sign.$(OBJEXT) \
+ $(OUTPRE)padata.$(OBJEXT) \
$(OUTPRE)parse.$(OBJEXT) \
$(OUTPRE)parse_host_string.$(OBJEXT) \
$(OUTPRE)plugin.$(OBJEXT) \
@@ -303,6 +305,7 @@ SRCS= $(srcdir)/addr_comp.c \
$(srcdir)/mk_safe.c \
$(srcdir)/pac.c \
$(srcdir)/pac_sign.c \
+ $(srcdir)/padata.c \
$(srcdir)/parse.c \
$(srcdir)/parse_host_string.c \
$(srcdir)/plugin.c \
diff --git a/src/lib/krb5/krb/fast.c b/src/lib/krb5/krb/fast.c
index 4f3e27e..62c9f08 100644
--- a/src/lib/krb5/krb/fast.c
+++ b/src/lib/krb5/krb/fast.c
@@ -618,23 +618,6 @@ krb5int_fast_free_state(krb5_context context,
free(state);
}
-krb5_pa_data *
-krb5int_find_pa_data(krb5_context context, krb5_pa_data *const *padata,
- krb5_preauthtype pa_type)
-{
- krb5_pa_data * const *tmppa;
-
- if (padata == NULL)
- return NULL;
-
- for (tmppa = padata; *tmppa != NULL; tmppa++) {
- if ((*tmppa)->pa_type == pa_type)
- break;
- }
-
- return *tmppa;
-}
-
/*
* Implement FAST negotiation as specified in RFC 6806 section 11. If
* the encrypted part of rep sets the enc-pa-rep flag, look for and
diff --git a/src/lib/krb5/krb/padata.c b/src/lib/krb5/krb/padata.c
new file mode 100644
index 0000000..b307f8b
--- /dev/null
+++ b/src/lib/krb5/krb/padata.c
@@ -0,0 +1,127 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/padata.c - utility functions for krb5_pa_data lists */
+/*
+ * Copyright (C) 2019 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+
+krb5_pa_data *
+krb5int_find_pa_data(krb5_context context, krb5_pa_data *const *pa_list,
+ krb5_preauthtype pa_type)
+{
+ krb5_pa_data *const *pa;
+
+ for (pa = pa_list; pa != NULL && *pa != NULL; pa++) {
+ if ((*pa)->pa_type == pa_type)
+ return *pa;
+ }
+ return NULL;
+}
+
+krb5_error_code
+k5_alloc_pa_data(krb5_preauthtype pa_type, size_t len, krb5_pa_data **out)
+{
+ krb5_pa_data *pa;
+ uint8_t *buf = NULL;
+
+ *out = NULL;
+ if (len > 0) {
+ buf = malloc(len);
+ if (buf == NULL)
+ return ENOMEM;
+ }
+ pa = malloc(sizeof(*pa));
+ if (pa == NULL) {
+ free(buf);
+ return ENOMEM;
+ }
+ pa->magic = KV5M_PA_DATA;
+ pa->pa_type = pa_type;
+ pa->length = len;
+ pa->contents = buf;
+ *out = pa;
+ return 0;
+}
+
+void
+k5_free_pa_data_element(krb5_pa_data *pa)
+{
+ if (pa != NULL) {
+ free(pa->contents);
+ free(pa);
+ }
+}
+
+krb5_error_code
+k5_add_pa_data_element(krb5_pa_data ***list, krb5_pa_data **pa)
+{
+ size_t count;
+ krb5_pa_data **newlist;
+
+ for (count = 0; *list != NULL && (*list)[count] != NULL; count++);
+
+ newlist = realloc(*list, (count + 2) * sizeof(*newlist));
+ if (newlist == NULL)
+ return ENOMEM;
+ newlist[count] = *pa;
+ newlist[count + 1] = NULL;
+ *pa = NULL;
+ *list = newlist;
+ return 0;
+}
+
+krb5_error_code
+k5_add_pa_data_from_data(krb5_pa_data ***list, krb5_preauthtype pa_type,
+ krb5_data *data)
+{
+ krb5_error_code ret;
+ krb5_pa_data *pa;
+
+ ret = k5_alloc_pa_data(pa_type, 0, &pa);
+ if (ret)
+ return ret;
+ pa->contents = (uint8_t *)data->data;
+ pa->length = data->length;
+ ret = k5_add_pa_data_element(list, &pa);
+ if (ret) {
+ free(pa);
+ return ret;
+ }
+ *data = empty_data();
+ return 0;
+}
+
+krb5_error_code
+k5_add_empty_pa_data(krb5_pa_data ***list, krb5_preauthtype pa_type)
+{
+ krb5_data empty = empty_data();
+
+ return k5_add_pa_data_from_data(list, pa_type, &empty);
+}
diff --git a/src/lib/krb5/libkrb5.exports b/src/lib/krb5/libkrb5.exports
index a6d1389..1d124a0 100644
--- a/src/lib/krb5/libkrb5.exports
+++ b/src/lib/krb5/libkrb5.exports
@@ -117,6 +117,10 @@ initialize_krb5_error_table
initialize_k5e1_error_table
initialize_kv5m_error_table
initialize_prof_error_table
+k5_add_empty_pa_data
+k5_add_pa_data_element
+k5_add_pa_data_from_data
+k5_alloc_pa_data
k5_authind_decode
k5_build_conf_principals
k5_ccselect_free_context
@@ -129,6 +133,7 @@ k5_free_cammac
k5_free_data_ptr_list
k5_free_otp_tokeninfo
k5_free_kkdcp_message
+k5_free_pa_data_element
k5_free_pa_otp_challenge
k5_free_pa_otp_req
k5_free_secure_cookie
More information about the cvs-krb5
mailing list