558 lines
15 KiB
C
558 lines
15 KiB
C
|
/*
|
|||
|
* Copyright (c) 1997 - 1999 Kungliga Tekniska H<EFBFBD>gskolan
|
|||
|
* (Royal Institute of Technology, Stockholm, Sweden).
|
|||
|
* All rights reserved.
|
|||
|
*
|
|||
|
* Redistribution and use in source and binary forms, with or without
|
|||
|
* modification, are permitted provided that the following conditions
|
|||
|
* are met:
|
|||
|
*
|
|||
|
* 1. Redistributions of source code must retain the above copyright
|
|||
|
* notice, this list of conditions and the following disclaimer.
|
|||
|
*
|
|||
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|||
|
* notice, this list of conditions and the following disclaimer in the
|
|||
|
* documentation and/or other materials provided with the distribution.
|
|||
|
*
|
|||
|
* 3. Neither the name of the Institute nor the names of its contributors
|
|||
|
* may be used to endorse or promote products derived from this software
|
|||
|
* without specific prior written permission.
|
|||
|
*
|
|||
|
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
|||
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|||
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|||
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
|||
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|||
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|||
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|||
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|||
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|||
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|||
|
* SUCH DAMAGE.
|
|||
|
*/
|
|||
|
|
|||
|
#include "kdc_locl.h"
|
|||
|
|
|||
|
RCSID("$Id: kerberos4.c,v 1.24 1999/12/02 17:04:59 joda Exp $");
|
|||
|
|
|||
|
#ifdef KRB4
|
|||
|
|
|||
|
#include "kerberos4.h"
|
|||
|
|
|||
|
#ifndef swap32
|
|||
|
static u_int32_t
|
|||
|
swap32(u_int32_t x)
|
|||
|
{
|
|||
|
return ((x << 24) & 0xff000000) |
|
|||
|
((x << 8) & 0xff0000) |
|
|||
|
((x >> 8) & 0xff00) |
|
|||
|
((x >> 24) & 0xff);
|
|||
|
}
|
|||
|
#endif /* swap32 */
|
|||
|
|
|||
|
int
|
|||
|
maybe_version4(unsigned char *buf, int len)
|
|||
|
{
|
|||
|
return len > 0 && *buf == 4;
|
|||
|
}
|
|||
|
|
|||
|
static void
|
|||
|
make_err_reply(krb5_data *reply, int code, const char *msg)
|
|||
|
{
|
|||
|
KTEXT_ST er;
|
|||
|
|
|||
|
/* name, instance and realm is not checked in most (all?) version
|
|||
|
implementations; msg is also never used, but we send it anyway
|
|||
|
(for debugging purposes) */
|
|||
|
|
|||
|
if(msg == NULL)
|
|||
|
msg = krb_get_err_text(code);
|
|||
|
cr_err_reply(&er, "", "", "", kdc_time, code, (char*)msg);
|
|||
|
krb5_data_copy(reply, er.dat, er.length);
|
|||
|
}
|
|||
|
|
|||
|
static krb5_boolean
|
|||
|
valid_princ(krb5_context context, krb5_principal princ)
|
|||
|
{
|
|||
|
char *s;
|
|||
|
hdb_entry *ent;
|
|||
|
krb5_unparse_name(context, princ, &s);
|
|||
|
ent = db_fetch(princ);
|
|||
|
if(ent == NULL){
|
|||
|
kdc_log(7, "Lookup %s failed", s);
|
|||
|
free(s);
|
|||
|
return 0;
|
|||
|
}
|
|||
|
kdc_log(7, "Lookup %s succeeded", s);
|
|||
|
free(s);
|
|||
|
hdb_free_entry(context, ent);
|
|||
|
free(ent);
|
|||
|
return 1;
|
|||
|
}
|
|||
|
|
|||
|
hdb_entry*
|
|||
|
db_fetch4(const char *name, const char *instance, const char *realm)
|
|||
|
{
|
|||
|
krb5_principal p;
|
|||
|
hdb_entry *ent;
|
|||
|
krb5_error_code ret;
|
|||
|
|
|||
|
ret = krb5_425_conv_principal_ext(context, name, instance, realm,
|
|||
|
valid_princ, 0, &p);
|
|||
|
if(ret)
|
|||
|
return NULL;
|
|||
|
ent = db_fetch(p);
|
|||
|
krb5_free_principal(context, p);
|
|||
|
return ent;
|
|||
|
}
|
|||
|
|
|||
|
krb5_error_code
|
|||
|
get_des_key(hdb_entry *principal, Key **key)
|
|||
|
{
|
|||
|
krb5_error_code ret;
|
|||
|
|
|||
|
ret = hdb_enctype2key(context, principal, ETYPE_DES_CBC_MD5, key);
|
|||
|
if(ret)
|
|||
|
ret = hdb_enctype2key(context, principal, ETYPE_DES_CBC_MD4, key);
|
|||
|
if(ret)
|
|||
|
ret = hdb_enctype2key(context, principal, ETYPE_DES_CBC_CRC, key);
|
|||
|
if(ret)
|
|||
|
return ret;
|
|||
|
if ((*key)->key.keyvalue.length == 0)
|
|||
|
return KERB_ERR_NULL_KEY;
|
|||
|
return 0;
|
|||
|
}
|
|||
|
|
|||
|
#define RCHECK(X, L) if(X){make_err_reply(reply, KFAILURE, "Packet too short"); goto L;}
|
|||
|
|
|||
|
krb5_error_code
|
|||
|
do_version4(unsigned char *buf,
|
|||
|
size_t len,
|
|||
|
krb5_data *reply,
|
|||
|
const char *from,
|
|||
|
struct sockaddr_in *addr)
|
|||
|
{
|
|||
|
krb5_storage *sp;
|
|||
|
krb5_error_code ret;
|
|||
|
hdb_entry *client = NULL, *server = NULL;
|
|||
|
Key *ckey, *skey;
|
|||
|
int8_t pvno;
|
|||
|
int8_t msg_type;
|
|||
|
int lsb;
|
|||
|
char *name = NULL, *inst = NULL, *realm = NULL;
|
|||
|
char *sname = NULL, *sinst = NULL;
|
|||
|
int32_t req_time;
|
|||
|
time_t max_life;
|
|||
|
u_int8_t life;
|
|||
|
|
|||
|
sp = krb5_storage_from_mem(buf, len);
|
|||
|
RCHECK(krb5_ret_int8(sp, &pvno), out);
|
|||
|
if(pvno != 4){
|
|||
|
kdc_log(0, "Protocol version mismatch (%d)", pvno);
|
|||
|
make_err_reply(reply, KDC_PKT_VER, NULL);
|
|||
|
goto out;
|
|||
|
}
|
|||
|
RCHECK(krb5_ret_int8(sp, &msg_type), out);
|
|||
|
lsb = msg_type & 1;
|
|||
|
msg_type &= ~1;
|
|||
|
switch(msg_type){
|
|||
|
case AUTH_MSG_KDC_REQUEST:
|
|||
|
RCHECK(krb5_ret_stringz(sp, &name), out1);
|
|||
|
RCHECK(krb5_ret_stringz(sp, &inst), out1);
|
|||
|
RCHECK(krb5_ret_stringz(sp, &realm), out1);
|
|||
|
RCHECK(krb5_ret_int32(sp, &req_time), out1);
|
|||
|
if(lsb)
|
|||
|
req_time = swap32(req_time);
|
|||
|
RCHECK(krb5_ret_int8(sp, &life), out1);
|
|||
|
RCHECK(krb5_ret_stringz(sp, &sname), out1);
|
|||
|
RCHECK(krb5_ret_stringz(sp, &sinst), out1);
|
|||
|
kdc_log(0, "AS-REQ %s.%s@%s from %s for %s.%s",
|
|||
|
name, inst, realm, from, sname, sinst);
|
|||
|
|
|||
|
client = db_fetch4(name, inst, realm);
|
|||
|
if(client == NULL){
|
|||
|
kdc_log(0, "Client not found in database: %s.%s@%s",
|
|||
|
name, inst, realm);
|
|||
|
make_err_reply(reply, KERB_ERR_PRINCIPAL_UNKNOWN, NULL);
|
|||
|
goto out1;
|
|||
|
}
|
|||
|
server = db_fetch4(sname, sinst, v4_realm);
|
|||
|
if(server == NULL){
|
|||
|
kdc_log(0, "Server not found in database: %s.%s@%s",
|
|||
|
sname, sinst, v4_realm);
|
|||
|
make_err_reply(reply, KERB_ERR_PRINCIPAL_UNKNOWN, NULL);
|
|||
|
goto out1;
|
|||
|
}
|
|||
|
|
|||
|
ret = get_des_key(client, &ckey);
|
|||
|
if(ret){
|
|||
|
kdc_log(0, "%s", krb5_get_err_text(context, ret));
|
|||
|
/* XXX */
|
|||
|
make_err_reply(reply, KDC_NULL_KEY,
|
|||
|
"No DES key in database (client)");
|
|||
|
goto out1;
|
|||
|
}
|
|||
|
|
|||
|
#if 0
|
|||
|
/* this is not necessary with the new code in libkrb */
|
|||
|
/* find a properly salted key */
|
|||
|
while(ckey->salt == NULL || ckey->salt->salt.length != 0)
|
|||
|
ret = hdb_next_keytype2key(context, client, KEYTYPE_DES, &ckey);
|
|||
|
if(ret){
|
|||
|
kdc_log(0, "No version-4 salted key in database -- %s.%s@%s",
|
|||
|
name, inst, realm);
|
|||
|
make_err_reply(reply, KDC_NULL_KEY,
|
|||
|
"No version-4 salted key in database");
|
|||
|
goto out1;
|
|||
|
}
|
|||
|
#endif
|
|||
|
|
|||
|
ret = get_des_key(server, &skey);
|
|||
|
if(ret){
|
|||
|
kdc_log(0, "%s", krb5_get_err_text(context, ret));
|
|||
|
/* XXX */
|
|||
|
make_err_reply(reply, KDC_NULL_KEY,
|
|||
|
"No DES key in database (server)");
|
|||
|
goto out1;
|
|||
|
}
|
|||
|
|
|||
|
max_life = krb_life_to_time(0, life);
|
|||
|
if(client->max_life)
|
|||
|
max_life = min(max_life, *client->max_life);
|
|||
|
if(server->max_life)
|
|||
|
max_life = min(max_life, *server->max_life);
|
|||
|
|
|||
|
life = krb_time_to_life(kdc_time, kdc_time + max_life);
|
|||
|
|
|||
|
{
|
|||
|
KTEXT_ST cipher, ticket;
|
|||
|
KTEXT r;
|
|||
|
des_cblock session;
|
|||
|
|
|||
|
des_new_random_key(&session);
|
|||
|
|
|||
|
krb_create_ticket(&ticket, 0, name, inst, v4_realm,
|
|||
|
addr->sin_addr.s_addr, session, life, kdc_time,
|
|||
|
sname, sinst, skey->key.keyvalue.data);
|
|||
|
|
|||
|
create_ciph(&cipher, session, sname, sinst, v4_realm,
|
|||
|
life, server->kvno, &ticket, kdc_time,
|
|||
|
ckey->key.keyvalue.data);
|
|||
|
memset(&session, 0, sizeof(session));
|
|||
|
r = create_auth_reply(name, inst, realm, req_time, 0,
|
|||
|
client->pw_end ? *client->pw_end : 0,
|
|||
|
client->kvno, &cipher);
|
|||
|
krb5_data_copy(reply, r->dat, r->length);
|
|||
|
memset(&cipher, 0, sizeof(cipher));
|
|||
|
memset(&ticket, 0, sizeof(ticket));
|
|||
|
}
|
|||
|
out1:
|
|||
|
break;
|
|||
|
case AUTH_MSG_APPL_REQUEST: {
|
|||
|
int8_t kvno;
|
|||
|
int8_t ticket_len;
|
|||
|
int8_t req_len;
|
|||
|
KTEXT_ST auth;
|
|||
|
AUTH_DAT ad;
|
|||
|
size_t pos;
|
|||
|
krb5_principal tgt_princ = NULL;
|
|||
|
hdb_entry *tgt = NULL;
|
|||
|
Key *tkey;
|
|||
|
|
|||
|
RCHECK(krb5_ret_int8(sp, &kvno), out2);
|
|||
|
RCHECK(krb5_ret_stringz(sp, &realm), out2);
|
|||
|
|
|||
|
ret = krb5_425_conv_principal(context, "krbtgt", realm, v4_realm,
|
|||
|
&tgt_princ);
|
|||
|
if(ret){
|
|||
|
kdc_log(0, "Converting krbtgt principal: %s",
|
|||
|
krb5_get_err_text(context, ret));
|
|||
|
make_err_reply(reply, KFAILURE,
|
|||
|
"Failed to convert v4 principal (krbtgt)");
|
|||
|
goto out2;
|
|||
|
}
|
|||
|
|
|||
|
tgt = db_fetch(tgt_princ);
|
|||
|
if(tgt == NULL){
|
|||
|
char *s;
|
|||
|
s = kdc_log_msg(0, "Ticket-granting ticket not "
|
|||
|
"found in database: krbtgt.%s@%s",
|
|||
|
realm, v4_realm);
|
|||
|
make_err_reply(reply, KFAILURE, s);
|
|||
|
free(s);
|
|||
|
goto out2;
|
|||
|
}
|
|||
|
|
|||
|
if(tgt->kvno != kvno){
|
|||
|
goto out2;
|
|||
|
}
|
|||
|
|
|||
|
ret = get_des_key(tgt, &tkey);
|
|||
|
if(ret){
|
|||
|
kdc_log(0, "%s", krb5_get_err_text(context, ret));
|
|||
|
/* XXX */
|
|||
|
make_err_reply(reply, KDC_NULL_KEY,
|
|||
|
"No DES key in database (krbtgt)");
|
|||
|
goto out2;
|
|||
|
}
|
|||
|
|
|||
|
RCHECK(krb5_ret_int8(sp, &ticket_len), out2);
|
|||
|
RCHECK(krb5_ret_int8(sp, &req_len), out2);
|
|||
|
|
|||
|
pos = sp->seek(sp, ticket_len + req_len, SEEK_CUR);
|
|||
|
|
|||
|
memset(&auth, 0, sizeof(auth));
|
|||
|
memcpy(&auth.dat, buf, pos);
|
|||
|
auth.length = pos;
|
|||
|
krb_set_key(tkey->key.keyvalue.data, 0);
|
|||
|
ret = krb_rd_req(&auth, "krbtgt", realm,
|
|||
|
addr->sin_addr.s_addr, &ad, 0);
|
|||
|
if(ret){
|
|||
|
kdc_log(0, "krb_rd_req: %s", krb_get_err_text(ret));
|
|||
|
make_err_reply(reply, ret, NULL);
|
|||
|
goto out2;
|
|||
|
}
|
|||
|
|
|||
|
RCHECK(krb5_ret_int32(sp, &req_time), out2);
|
|||
|
if(lsb)
|
|||
|
req_time = swap32(req_time);
|
|||
|
RCHECK(krb5_ret_int8(sp, &life), out2);
|
|||
|
RCHECK(krb5_ret_stringz(sp, &sname), out2);
|
|||
|
RCHECK(krb5_ret_stringz(sp, &sinst), out2);
|
|||
|
kdc_log(0, "TGS-REQ %s.%s@%s from %s for %s.%s",
|
|||
|
ad.pname, ad.pinst, ad.prealm, from, sname, sinst);
|
|||
|
|
|||
|
if(strcmp(ad.prealm, realm)){
|
|||
|
kdc_log(0, "Can't hop realms %s -> %s", realm, ad.prealm);
|
|||
|
make_err_reply(reply, KERB_ERR_PRINCIPAL_UNKNOWN,
|
|||
|
"Can't hop realms");
|
|||
|
goto out2;
|
|||
|
}
|
|||
|
|
|||
|
if(strcmp(sname, "changepw") == 0){
|
|||
|
kdc_log(0, "Bad request for changepw ticket");
|
|||
|
make_err_reply(reply, KERB_ERR_PRINCIPAL_UNKNOWN,
|
|||
|
"Can't authorize password change based on TGT");
|
|||
|
goto out2;
|
|||
|
}
|
|||
|
|
|||
|
#if 0
|
|||
|
client = db_fetch4(ad.pname, ad.pinst, ad.prealm);
|
|||
|
if(client == NULL){
|
|||
|
char *s;
|
|||
|
s = kdc_log_msg(0, "Client not found in database: %s.%s@%s",
|
|||
|
ad.pname, ad.pinst, ad.prealm);
|
|||
|
make_err_reply(reply, KERB_ERR_PRINCIPAL_UNKNOWN, s);
|
|||
|
free(s);
|
|||
|
goto out2;
|
|||
|
}
|
|||
|
#endif
|
|||
|
|
|||
|
server = db_fetch4(sname, sinst, v4_realm);
|
|||
|
if(server == NULL){
|
|||
|
char *s;
|
|||
|
s = kdc_log_msg(0, "Server not found in database: %s.%s@%s",
|
|||
|
sname, sinst, v4_realm);
|
|||
|
make_err_reply(reply, KERB_ERR_PRINCIPAL_UNKNOWN, s);
|
|||
|
free(s);
|
|||
|
goto out2;
|
|||
|
}
|
|||
|
|
|||
|
ret = get_des_key(server, &skey);
|
|||
|
if(ret){
|
|||
|
kdc_log(0, "%s", krb5_get_err_text(context, ret));
|
|||
|
/* XXX */
|
|||
|
make_err_reply(reply, KDC_NULL_KEY,
|
|||
|
"No DES key in database (server)");
|
|||
|
goto out2;
|
|||
|
}
|
|||
|
|
|||
|
max_life = krb_life_to_time(ad.time_sec, ad.life);
|
|||
|
max_life = min(max_life, krb_life_to_time(kdc_time, life));
|
|||
|
life = min(life, krb_time_to_life(kdc_time, max_life));
|
|||
|
max_life = krb_life_to_time(0, life);
|
|||
|
#if 0
|
|||
|
if(client->max_life)
|
|||
|
max_life = min(max_life, *client->max_life);
|
|||
|
#endif
|
|||
|
if(server->max_life)
|
|||
|
max_life = min(max_life, *server->max_life);
|
|||
|
|
|||
|
{
|
|||
|
KTEXT_ST cipher, ticket;
|
|||
|
KTEXT r;
|
|||
|
des_cblock session;
|
|||
|
des_new_random_key(&session);
|
|||
|
krb_create_ticket(&ticket, 0, ad.pname, ad.pinst, ad.prealm,
|
|||
|
addr->sin_addr.s_addr, &session, life, kdc_time,
|
|||
|
sname, sinst, skey->key.keyvalue.data);
|
|||
|
|
|||
|
create_ciph(&cipher, session, sname, sinst, v4_realm,
|
|||
|
life, server->kvno, &ticket,
|
|||
|
kdc_time, &ad.session);
|
|||
|
|
|||
|
memset(&session, 0, sizeof(session));
|
|||
|
memset(ad.session, 0, sizeof(ad.session));
|
|||
|
|
|||
|
r = create_auth_reply(ad.pname, ad.pinst, ad.prealm,
|
|||
|
req_time, 0, 0, 0, &cipher);
|
|||
|
krb5_data_copy(reply, r->dat, r->length);
|
|||
|
memset(&cipher, 0, sizeof(cipher));
|
|||
|
memset(&ticket, 0, sizeof(ticket));
|
|||
|
}
|
|||
|
out2:
|
|||
|
if(tgt_princ)
|
|||
|
krb5_free_principal(context, tgt_princ);
|
|||
|
if(tgt){
|
|||
|
hdb_free_entry(context, tgt);
|
|||
|
free(tgt);
|
|||
|
}
|
|||
|
|
|||
|
break;
|
|||
|
}
|
|||
|
|
|||
|
case AUTH_MSG_ERR_REPLY:
|
|||
|
break;
|
|||
|
default:
|
|||
|
kdc_log(0, "Unknown message type: %d from %s",
|
|||
|
msg_type, from);
|
|||
|
|
|||
|
make_err_reply(reply, KFAILURE, "Unknown message type");
|
|||
|
}
|
|||
|
out:
|
|||
|
if(name)
|
|||
|
free(name);
|
|||
|
if(inst)
|
|||
|
free(inst);
|
|||
|
if(realm)
|
|||
|
free(realm);
|
|||
|
if(sname)
|
|||
|
free(sname);
|
|||
|
if(sinst)
|
|||
|
free(sinst);
|
|||
|
if(client){
|
|||
|
hdb_free_entry(context, client);
|
|||
|
free(client);
|
|||
|
}
|
|||
|
if(server){
|
|||
|
hdb_free_entry(context, server);
|
|||
|
free(server);
|
|||
|
}
|
|||
|
krb5_storage_free(sp);
|
|||
|
return 0;
|
|||
|
}
|
|||
|
|
|||
|
|
|||
|
#define ETYPE_DES_PCBC 17 /* XXX */
|
|||
|
|
|||
|
krb5_error_code
|
|||
|
encrypt_v4_ticket(void *buf, size_t len, des_cblock *key, EncryptedData *reply)
|
|||
|
{
|
|||
|
des_key_schedule schedule;
|
|||
|
|
|||
|
reply->etype = ETYPE_DES_PCBC;
|
|||
|
reply->kvno = NULL;
|
|||
|
reply->cipher.length = len;
|
|||
|
reply->cipher.data = malloc(len);
|
|||
|
if(len != 0 && reply->cipher.data == NULL)
|
|||
|
return ENOMEM;
|
|||
|
des_set_key(key, schedule);
|
|||
|
des_pcbc_encrypt(buf,
|
|||
|
reply->cipher.data,
|
|||
|
len,
|
|||
|
schedule,
|
|||
|
key,
|
|||
|
DES_ENCRYPT);
|
|||
|
memset(schedule, 0, sizeof(schedule));
|
|||
|
return 0;
|
|||
|
}
|
|||
|
|
|||
|
krb5_error_code
|
|||
|
encode_v4_ticket(void *buf, size_t len, EncTicketPart *et,
|
|||
|
PrincipalName *service, size_t *size)
|
|||
|
{
|
|||
|
krb5_storage *sp;
|
|||
|
krb5_error_code ret;
|
|||
|
char name[40], inst[40], realm[40];
|
|||
|
char sname[40], sinst[40];
|
|||
|
|
|||
|
{
|
|||
|
krb5_principal princ;
|
|||
|
principalname2krb5_principal(&princ,
|
|||
|
*service,
|
|||
|
et->crealm);
|
|||
|
ret = krb5_524_conv_principal(context,
|
|||
|
princ,
|
|||
|
sname,
|
|||
|
sinst,
|
|||
|
realm);
|
|||
|
krb5_free_principal(context, princ);
|
|||
|
if(ret)
|
|||
|
return ret;
|
|||
|
|
|||
|
principalname2krb5_principal(&princ,
|
|||
|
et->cname,
|
|||
|
et->crealm);
|
|||
|
|
|||
|
ret = krb5_524_conv_principal(context,
|
|||
|
princ,
|
|||
|
name,
|
|||
|
inst,
|
|||
|
realm);
|
|||
|
krb5_free_principal(context, princ);
|
|||
|
}
|
|||
|
if(ret)
|
|||
|
return ret;
|
|||
|
|
|||
|
sp = krb5_storage_emem();
|
|||
|
|
|||
|
krb5_store_int8(sp, 0); /* flags */
|
|||
|
krb5_store_stringz(sp, name);
|
|||
|
krb5_store_stringz(sp, inst);
|
|||
|
krb5_store_stringz(sp, realm);
|
|||
|
{
|
|||
|
unsigned char tmp[4] = { 0, 0, 0, 0 };
|
|||
|
int i;
|
|||
|
if(et->caddr){
|
|||
|
for(i = 0; i < et->caddr->len; i++)
|
|||
|
if(et->caddr->val[i].addr_type == AF_INET &&
|
|||
|
et->caddr->val[i].address.length == 4){
|
|||
|
memcpy(tmp, et->caddr->val[i].address.data, 4);
|
|||
|
break;
|
|||
|
}
|
|||
|
}
|
|||
|
sp->store(sp, tmp, sizeof(tmp));
|
|||
|
}
|
|||
|
|
|||
|
if((et->key.keytype != ETYPE_DES_CBC_MD5 &&
|
|||
|
et->key.keytype != ETYPE_DES_CBC_MD4 &&
|
|||
|
et->key.keytype != ETYPE_DES_CBC_CRC) ||
|
|||
|
et->key.keyvalue.length != 8)
|
|||
|
return -1;
|
|||
|
sp->store(sp, et->key.keyvalue.data, 8);
|
|||
|
|
|||
|
{
|
|||
|
time_t start = et->starttime ? *et->starttime : et->authtime;
|
|||
|
krb5_store_int8(sp, krb_time_to_life(start, et->endtime));
|
|||
|
krb5_store_int32(sp, start);
|
|||
|
}
|
|||
|
|
|||
|
krb5_store_stringz(sp, sname);
|
|||
|
krb5_store_stringz(sp, sinst);
|
|||
|
|
|||
|
{
|
|||
|
krb5_data data;
|
|||
|
krb5_storage_to_data(sp, &data);
|
|||
|
krb5_storage_free(sp);
|
|||
|
*size = (data.length + 7) & ~7; /* pad to 8 bytes */
|
|||
|
if(*size > len)
|
|||
|
return -1;
|
|||
|
memset((unsigned char*)buf - *size + 1, 0, *size);
|
|||
|
memcpy((unsigned char*)buf - *size + 1, data.data, data.length);
|
|||
|
krb5_data_free(&data);
|
|||
|
}
|
|||
|
return 0;
|
|||
|
}
|
|||
|
|
|||
|
#endif /* KRB4 */
|