2 * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include "krb5_locl.h"
36 RCSID("$Id: auth_context.c 23273 2008-06-23 03:25:00Z lha $");
38 krb5_error_code KRB5_LIB_FUNCTION
39 krb5_auth_con_init(krb5_context context,
40 krb5_auth_context *auth_context)
46 krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
49 memset(p, 0, sizeof(*p));
50 ALLOC(p->authenticator, 1);
51 if (!p->authenticator) {
52 krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
56 memset (p->authenticator, 0, sizeof(*p->authenticator));
57 p->flags = KRB5_AUTH_CONTEXT_DO_TIME;
59 p->local_address = NULL;
60 p->remote_address = NULL;
63 p->keytype = KEYTYPE_NULL;
64 p->cksumtype = CKSUMTYPE_NONE;
69 krb5_error_code KRB5_LIB_FUNCTION
70 krb5_auth_con_free(krb5_context context,
71 krb5_auth_context auth_context)
73 if (auth_context != NULL) {
74 krb5_free_authenticator(context, &auth_context->authenticator);
75 if(auth_context->local_address){
76 free_HostAddress(auth_context->local_address);
77 free(auth_context->local_address);
79 if(auth_context->remote_address){
80 free_HostAddress(auth_context->remote_address);
81 free(auth_context->remote_address);
83 krb5_free_keyblock(context, auth_context->keyblock);
84 krb5_free_keyblock(context, auth_context->remote_subkey);
85 krb5_free_keyblock(context, auth_context->local_subkey);
91 krb5_error_code KRB5_LIB_FUNCTION
92 krb5_auth_con_setflags(krb5_context context,
93 krb5_auth_context auth_context,
96 auth_context->flags = flags;
101 krb5_error_code KRB5_LIB_FUNCTION
102 krb5_auth_con_getflags(krb5_context context,
103 krb5_auth_context auth_context,
106 *flags = auth_context->flags;
110 krb5_error_code KRB5_LIB_FUNCTION
111 krb5_auth_con_addflags(krb5_context context,
112 krb5_auth_context auth_context,
117 *flags = auth_context->flags;
118 auth_context->flags |= addflags;
122 krb5_error_code KRB5_LIB_FUNCTION
123 krb5_auth_con_removeflags(krb5_context context,
124 krb5_auth_context auth_context,
129 *flags = auth_context->flags;
130 auth_context->flags &= ~removeflags;
134 krb5_error_code KRB5_LIB_FUNCTION
135 krb5_auth_con_setaddrs(krb5_context context,
136 krb5_auth_context auth_context,
137 krb5_address *local_addr,
138 krb5_address *remote_addr)
141 if (auth_context->local_address)
142 krb5_free_address (context, auth_context->local_address);
144 if ((auth_context->local_address = malloc(sizeof(krb5_address))) == NULL)
146 krb5_copy_address(context, local_addr, auth_context->local_address);
149 if (auth_context->remote_address)
150 krb5_free_address (context, auth_context->remote_address);
152 if ((auth_context->remote_address = malloc(sizeof(krb5_address))) == NULL)
154 krb5_copy_address(context, remote_addr, auth_context->remote_address);
159 krb5_error_code KRB5_LIB_FUNCTION
160 krb5_auth_con_genaddrs(krb5_context context,
161 krb5_auth_context auth_context,
165 krb5_address local_k_address, remote_k_address;
166 krb5_address *lptr = NULL, *rptr = NULL;
167 struct sockaddr_storage ss_local, ss_remote;
168 struct sockaddr *local = (struct sockaddr *)&ss_local;
169 struct sockaddr *remote = (struct sockaddr *)&ss_remote;
172 if(flags & KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR) {
173 if (auth_context->local_address == NULL) {
174 len = sizeof(ss_local);
175 if(getsockname(fd, local, &len) < 0) {
177 krb5_set_error_message(context, ret,
182 ret = krb5_sockaddr2address (context, local, &local_k_address);
184 if(flags & KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR) {
185 krb5_sockaddr2port (context, local, &auth_context->local_port);
187 auth_context->local_port = 0;
188 lptr = &local_k_address;
191 if(flags & KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR) {
192 len = sizeof(ss_remote);
193 if(getpeername(fd, remote, &len) < 0) {
195 krb5_set_error_message(context, ret,
196 "getpeername: %s", strerror(ret));
199 ret = krb5_sockaddr2address (context, remote, &remote_k_address);
201 if(flags & KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR) {
202 krb5_sockaddr2port (context, remote, &auth_context->remote_port);
204 auth_context->remote_port = 0;
205 rptr = &remote_k_address;
207 ret = krb5_auth_con_setaddrs (context,
213 krb5_free_address (context, lptr);
215 krb5_free_address (context, rptr);
220 krb5_error_code KRB5_LIB_FUNCTION
221 krb5_auth_con_setaddrs_from_fd (krb5_context context,
222 krb5_auth_context auth_context,
225 int fd = *(int*)p_fd;
227 if(auth_context->local_address == NULL)
228 flags |= KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR;
229 if(auth_context->remote_address == NULL)
230 flags |= KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR;
231 return krb5_auth_con_genaddrs(context, auth_context, fd, flags);
234 krb5_error_code KRB5_LIB_FUNCTION
235 krb5_auth_con_getaddrs(krb5_context context,
236 krb5_auth_context auth_context,
237 krb5_address **local_addr,
238 krb5_address **remote_addr)
241 krb5_free_address (context, *local_addr);
242 *local_addr = malloc (sizeof(**local_addr));
243 if (*local_addr == NULL) {
244 krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
247 krb5_copy_address(context,
248 auth_context->local_address,
252 krb5_free_address (context, *remote_addr);
253 *remote_addr = malloc (sizeof(**remote_addr));
254 if (*remote_addr == NULL) {
255 krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
256 krb5_free_address (context, *local_addr);
260 krb5_copy_address(context,
261 auth_context->remote_address,
266 static krb5_error_code
267 copy_key(krb5_context context,
272 return krb5_copy_keyblock(context, in, out);
273 *out = NULL; /* is this right? */
277 krb5_error_code KRB5_LIB_FUNCTION
278 krb5_auth_con_getkey(krb5_context context,
279 krb5_auth_context auth_context,
280 krb5_keyblock **keyblock)
282 return copy_key(context, auth_context->keyblock, keyblock);
285 krb5_error_code KRB5_LIB_FUNCTION
286 krb5_auth_con_getlocalsubkey(krb5_context context,
287 krb5_auth_context auth_context,
288 krb5_keyblock **keyblock)
290 return copy_key(context, auth_context->local_subkey, keyblock);
293 krb5_error_code KRB5_LIB_FUNCTION
294 krb5_auth_con_getremotesubkey(krb5_context context,
295 krb5_auth_context auth_context,
296 krb5_keyblock **keyblock)
298 return copy_key(context, auth_context->remote_subkey, keyblock);
301 krb5_error_code KRB5_LIB_FUNCTION
302 krb5_auth_con_setkey(krb5_context context,
303 krb5_auth_context auth_context,
304 krb5_keyblock *keyblock)
306 if(auth_context->keyblock)
307 krb5_free_keyblock(context, auth_context->keyblock);
308 return copy_key(context, keyblock, &auth_context->keyblock);
311 krb5_error_code KRB5_LIB_FUNCTION
312 krb5_auth_con_setlocalsubkey(krb5_context context,
313 krb5_auth_context auth_context,
314 krb5_keyblock *keyblock)
316 if(auth_context->local_subkey)
317 krb5_free_keyblock(context, auth_context->local_subkey);
318 return copy_key(context, keyblock, &auth_context->local_subkey);
321 krb5_error_code KRB5_LIB_FUNCTION
322 krb5_auth_con_generatelocalsubkey(krb5_context context,
323 krb5_auth_context auth_context,
327 krb5_keyblock *subkey;
329 ret = krb5_generate_subkey_extended (context, key,
330 auth_context->keytype,
334 if(auth_context->local_subkey)
335 krb5_free_keyblock(context, auth_context->local_subkey);
336 auth_context->local_subkey = subkey;
341 krb5_error_code KRB5_LIB_FUNCTION
342 krb5_auth_con_setremotesubkey(krb5_context context,
343 krb5_auth_context auth_context,
344 krb5_keyblock *keyblock)
346 if(auth_context->remote_subkey)
347 krb5_free_keyblock(context, auth_context->remote_subkey);
348 return copy_key(context, keyblock, &auth_context->remote_subkey);
351 krb5_error_code KRB5_LIB_FUNCTION
352 krb5_auth_con_setcksumtype(krb5_context context,
353 krb5_auth_context auth_context,
354 krb5_cksumtype cksumtype)
356 auth_context->cksumtype = cksumtype;
360 krb5_error_code KRB5_LIB_FUNCTION
361 krb5_auth_con_getcksumtype(krb5_context context,
362 krb5_auth_context auth_context,
363 krb5_cksumtype *cksumtype)
365 *cksumtype = auth_context->cksumtype;
369 krb5_error_code KRB5_LIB_FUNCTION
370 krb5_auth_con_setkeytype (krb5_context context,
371 krb5_auth_context auth_context,
372 krb5_keytype keytype)
374 auth_context->keytype = keytype;
378 krb5_error_code KRB5_LIB_FUNCTION
379 krb5_auth_con_getkeytype (krb5_context context,
380 krb5_auth_context auth_context,
381 krb5_keytype *keytype)
383 *keytype = auth_context->keytype;
388 krb5_error_code KRB5_LIB_FUNCTION
389 krb5_auth_con_setenctype(krb5_context context,
390 krb5_auth_context auth_context,
393 if(auth_context->keyblock)
394 krb5_free_keyblock(context, auth_context->keyblock);
395 ALLOC(auth_context->keyblock, 1);
396 if(auth_context->keyblock == NULL)
398 auth_context->keyblock->keytype = etype;
402 krb5_error_code KRB5_LIB_FUNCTION
403 krb5_auth_con_getenctype(krb5_context context,
404 krb5_auth_context auth_context,
407 krb5_abortx(context, "unimplemented krb5_auth_getenctype called");
411 krb5_error_code KRB5_LIB_FUNCTION
412 krb5_auth_con_getlocalseqnumber(krb5_context context,
413 krb5_auth_context auth_context,
416 *seqnumber = auth_context->local_seqnumber;
420 krb5_error_code KRB5_LIB_FUNCTION
421 krb5_auth_con_setlocalseqnumber (krb5_context context,
422 krb5_auth_context auth_context,
425 auth_context->local_seqnumber = seqnumber;
429 krb5_error_code KRB5_LIB_FUNCTION
430 krb5_auth_getremoteseqnumber(krb5_context context,
431 krb5_auth_context auth_context,
434 *seqnumber = auth_context->remote_seqnumber;
438 krb5_error_code KRB5_LIB_FUNCTION
439 krb5_auth_con_setremoteseqnumber (krb5_context context,
440 krb5_auth_context auth_context,
443 auth_context->remote_seqnumber = seqnumber;
448 krb5_error_code KRB5_LIB_FUNCTION
449 krb5_auth_con_getauthenticator(krb5_context context,
450 krb5_auth_context auth_context,
451 krb5_authenticator *authenticator)
453 *authenticator = malloc(sizeof(**authenticator));
454 if (*authenticator == NULL) {
455 krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
459 copy_Authenticator(auth_context->authenticator,
465 void KRB5_LIB_FUNCTION
466 krb5_free_authenticator(krb5_context context,
467 krb5_authenticator *authenticator)
469 free_Authenticator (*authenticator);
470 free (*authenticator);
471 *authenticator = NULL;
475 krb5_error_code KRB5_LIB_FUNCTION
476 krb5_auth_con_setuserkey(krb5_context context,
477 krb5_auth_context auth_context,
478 krb5_keyblock *keyblock)
480 if(auth_context->keyblock)
481 krb5_free_keyblock(context, auth_context->keyblock);
482 return krb5_copy_keyblock(context, keyblock, &auth_context->keyblock);
485 krb5_error_code KRB5_LIB_FUNCTION
486 krb5_auth_con_getrcache(krb5_context context,
487 krb5_auth_context auth_context,
490 *rcache = auth_context->rcache;
494 krb5_error_code KRB5_LIB_FUNCTION
495 krb5_auth_con_setrcache(krb5_context context,
496 krb5_auth_context auth_context,
499 auth_context->rcache = rcache;
503 #if 0 /* not implemented */
505 krb5_error_code KRB5_LIB_FUNCTION
506 krb5_auth_con_initivector(krb5_context context,
507 krb5_auth_context auth_context)
509 krb5_abortx(context, "unimplemented krb5_auth_con_initivector called");
513 krb5_error_code KRB5_LIB_FUNCTION
514 krb5_auth_con_setivector(krb5_context context,
515 krb5_auth_context auth_context,
516 krb5_pointer ivector)
518 krb5_abortx(context, "unimplemented krb5_auth_con_setivector called");
521 #endif /* not implemented */