本文整理汇总了C++中ASN1_MALLOC_ENCODE函数的典型用法代码示例。如果您正苦于以下问题:C++ ASN1_MALLOC_ENCODE函数的具体用法?C++ ASN1_MALLOC_ENCODE怎么用?C++ ASN1_MALLOC_ENCODE使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了ASN1_MALLOC_ENCODE函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: i2d_DHparams
int
i2d_DHparams(DH *dh, unsigned char **pp)
{
DHParameter data;
size_t size = 0;
int ret;
memset(&data, 0, sizeof(data));
if (bn2heim_int(dh->p, &data.prime) ||
bn2heim_int(dh->g, &data.base))
{
free_DHParameter(&data);
return -1;
}
if (pp == NULL) {
size = length_DHParameter(&data);
free_DHParameter(&data);
} else {
void *p;
size_t len;
ASN1_MALLOC_ENCODE(DHParameter, p, len, &data, &size, ret);
free_DHParameter(&data);
if (ret)
return -1;
if (len != size) {
abort();
}
memcpy((char *)*pp, p, size);
free(p);
*pp += size;
}
return (int)size;
}
示例2: hx509_cms_wrap_ContentInfo
int
hx509_cms_wrap_ContentInfo(const heim_oid *oid,
const heim_octet_string *buf,
heim_octet_string *res)
{
ContentInfo ci;
size_t size;
int ret;
memset(res, 0, sizeof(*res));
memset(&ci, 0, sizeof(ci));
ret = der_copy_oid(oid, &ci.contentType);
if (ret)
return ret;
if (buf) {
ALLOC(ci.content, 1);
if (ci.content == NULL) {
free_ContentInfo(&ci);
return ENOMEM;
}
ci.content->data = malloc(buf->length);
if (ci.content->data == NULL) {
free_ContentInfo(&ci);
return ENOMEM;
}
memcpy(ci.content->data, buf->data, buf->length);
ci.content->length = buf->length;
}
ASN1_MALLOC_ENCODE(ContentInfo, res->data, res->length, &ci, &size, ret);
free_ContentInfo(&ci);
if (ret)
return ret;
if (res->length != size)
_hx509_abort("internal ASN.1 encoder error");
return 0;
}
示例3: add_pkinit_acl
static void
add_pkinit_acl(krb5_context contextp, kadm5_principal_ent_rec *princ,
struct getarg_strings *strings)
{
krb5_error_code ret;
HDB_extension ext;
krb5_data buf;
size_t size = 0;
int i;
memset(&ext, 0, sizeof(ext));
ext.mandatory = FALSE;
ext.data.element = choice_HDB_extension_data_pkinit_acl;
ext.data.u.aliases.case_insensitive = 0;
if (strings->num_strings == 1 && strings->strings[0][0] == '\0') {
ext.data.u.pkinit_acl.val = NULL;
ext.data.u.pkinit_acl.len = 0;
} else {
ext.data.u.pkinit_acl.val =
calloc(strings->num_strings,
sizeof(ext.data.u.pkinit_acl.val[0]));
ext.data.u.pkinit_acl.len = strings->num_strings;
for (i = 0; i < strings->num_strings; i++) {
ext.data.u.pkinit_acl.val[i].subject = estrdup(strings->strings[i]);
}
}
ASN1_MALLOC_ENCODE(HDB_extension, buf.data, buf.length,
&ext, &size, ret);
free_HDB_extension(&ext);
if (ret)
abort();
if (buf.length != size)
abort();
add_tl(princ, KRB5_TL_EXTENSION, &buf);
}
示例4: krb5_build_ap_req
krb5_error_code KRB5_LIB_FUNCTION
krb5_build_ap_req (krb5_context context,
krb5_enctype enctype,
krb5_creds *cred,
krb5_flags ap_options,
krb5_data authenticator,
krb5_data *retdata)
{
krb5_error_code ret = 0;
AP_REQ ap;
Ticket t;
size_t len;
ap.pvno = 5;
ap.msg_type = krb_ap_req;
memset(&ap.ap_options, 0, sizeof(ap.ap_options));
ap.ap_options.use_session_key = (ap_options & AP_OPTS_USE_SESSION_KEY) > 0;
ap.ap_options.mutual_required = (ap_options & AP_OPTS_MUTUAL_REQUIRED) > 0;
ap.ticket.tkt_vno = 5;
copy_Realm(&cred->server->realm, &ap.ticket.realm);
copy_PrincipalName(&cred->server->name, &ap.ticket.sname);
decode_Ticket(cred->ticket.data, cred->ticket.length, &t, &len);
copy_EncryptedData(&t.enc_part, &ap.ticket.enc_part);
free_Ticket(&t);
ap.authenticator.etype = enctype;
ap.authenticator.kvno = NULL;
ap.authenticator.cipher = authenticator;
ASN1_MALLOC_ENCODE(AP_REQ, retdata->data, retdata->length,
&ap, &len, ret);
if(ret == 0 && retdata->length != len)
krb5_abortx(context, "internal error in ASN.1 encoder");
free_AP_REQ(&ap);
return ret;
}
示例5: i2d_RSAPublicKey
int
i2d_RSAPublicKey(RSA *rsa, unsigned char **pp)
{
RSAPublicKey data;
size_t size;
int ret;
memset(&data, 0, sizeof(data));
if (_hc_BN_to_integer(rsa->n, &data.modulus) ||
_hc_BN_to_integer(rsa->e, &data.publicExponent))
{
free_RSAPublicKey(&data);
return -1;
}
if (pp == NULL) {
size = length_RSAPublicKey(&data);
free_RSAPublicKey(&data);
} else {
void *p;
size_t len;
ASN1_MALLOC_ENCODE(RSAPublicKey, p, len, &data, &size, ret);
free_RSAPublicKey(&data);
if (ret)
return -1;
if (len != size)
abort();
memcpy(*pp, p, size);
free(p);
*pp += size;
}
return size;
}
示例6: get_pa_etype_info
static krb5_error_code
get_pa_etype_info(krb5_context context,
krb5_kdc_configuration *config,
METHOD_DATA *md, Key *ckey)
{
krb5_error_code ret = 0;
ETYPE_INFO pa;
unsigned char *buf;
size_t len;
pa.len = 1;
pa.val = calloc(1, sizeof(pa.val[0]));
if(pa.val == NULL)
return ENOMEM;
ret = make_etype_info_entry(context, &pa.val[0], ckey);
if (ret) {
free_ETYPE_INFO(&pa);
return ret;
}
ASN1_MALLOC_ENCODE(ETYPE_INFO, buf, len, &pa, &len, ret);
free_ETYPE_INFO(&pa);
if(ret)
return ret;
ret = realloc_method_data(md);
if(ret) {
free(buf);
return ret;
}
md->val[md->len - 1].padata_type = KRB5_PADATA_ETYPE_INFO;
md->val[md->len - 1].padata_value.length = len;
md->val[md->len - 1].padata_value.data = buf;
return 0;
}
示例7: _kdc_encode_reply
krb5_error_code
_kdc_encode_reply(krb5_context context,
krb5_kdc_configuration *config,
KDC_REP *rep, const EncTicketPart *et, EncKDCRepPart *ek,
krb5_enctype etype,
int skvno, const EncryptionKey *skey,
int ckvno, const EncryptionKey *reply_key,
int rk_is_subkey,
const char **e_text,
krb5_data *reply)
{
unsigned char *buf;
size_t buf_size;
size_t len = 0;
krb5_error_code ret;
krb5_crypto crypto;
ASN1_MALLOC_ENCODE(EncTicketPart, buf, buf_size, et, &len, ret);
if(ret) {
const char *msg = krb5_get_error_message(context, ret);
kdc_log(context, config, 0, "Failed to encode ticket: %s", msg);
krb5_free_error_message(context, msg);
return ret;
}
if(buf_size != len) {
free(buf);
kdc_log(context, config, 0, "Internal error in ASN.1 encoder");
*e_text = "KDC internal error";
return KRB5KRB_ERR_GENERIC;
}
ret = krb5_crypto_init(context, skey, etype, &crypto);
if (ret) {
const char *msg;
free(buf);
msg = krb5_get_error_message(context, ret);
kdc_log(context, config, 0, "krb5_crypto_init failed: %s", msg);
krb5_free_error_message(context, msg);
return ret;
}
ret = krb5_encrypt_EncryptedData(context,
crypto,
KRB5_KU_TICKET,
buf,
len,
skvno,
&rep->ticket.enc_part);
free(buf);
krb5_crypto_destroy(context, crypto);
if(ret) {
const char *msg = krb5_get_error_message(context, ret);
kdc_log(context, config, 0, "Failed to encrypt data: %s", msg);
krb5_free_error_message(context, msg);
return ret;
}
if(rep->msg_type == krb_as_rep && !config->encode_as_rep_as_tgs_rep)
ASN1_MALLOC_ENCODE(EncASRepPart, buf, buf_size, ek, &len, ret);
else
ASN1_MALLOC_ENCODE(EncTGSRepPart, buf, buf_size, ek, &len, ret);
if(ret) {
const char *msg = krb5_get_error_message(context, ret);
kdc_log(context, config, 0, "Failed to encode KDC-REP: %s", msg);
krb5_free_error_message(context, msg);
return ret;
}
if(buf_size != len) {
free(buf);
kdc_log(context, config, 0, "Internal error in ASN.1 encoder");
*e_text = "KDC internal error";
return KRB5KRB_ERR_GENERIC;
}
ret = krb5_crypto_init(context, reply_key, 0, &crypto);
if (ret) {
const char *msg = krb5_get_error_message(context, ret);
free(buf);
kdc_log(context, config, 0, "krb5_crypto_init failed: %s", msg);
krb5_free_error_message(context, msg);
return ret;
}
if(rep->msg_type == krb_as_rep) {
krb5_encrypt_EncryptedData(context,
crypto,
KRB5_KU_AS_REP_ENC_PART,
buf,
len,
ckvno,
&rep->enc_part);
free(buf);
ASN1_MALLOC_ENCODE(AS_REP, buf, buf_size, rep, &len, ret);
} else {
krb5_encrypt_EncryptedData(context,
crypto,
rk_is_subkey ? KRB5_KU_TGS_REP_ENC_PART_SUB_KEY : KRB5_KU_TGS_REP_ENC_PART_SESSION,
buf,
len,
ckvno,
&rep->enc_part);
free(buf);
//.........这里部分代码省略.........
示例8: ca_sign
//.........这里部分代码省略.........
goto out;
}
}
/* extensions [3] EXPLICIT Extensions OPTIONAL */
tbsc->extensions = calloc(1, sizeof(*tbsc->extensions));
if (tbsc->extensions == NULL) {
ret = ENOMEM;
hx509_set_error_string(context, 0, ret, "Out of memory");
goto out;
}
/* Add the text BMP string Domaincontroller to the cert */
if (tbs->flags.domaincontroller) {
data.data = rk_UNCONST("\x1e\x20\x00\x44\x00\x6f\x00\x6d"
"\x00\x61\x00\x69\x00\x6e\x00\x43"
"\x00\x6f\x00\x6e\x00\x74\x00\x72"
"\x00\x6f\x00\x6c\x00\x6c\x00\x65"
"\x00\x72");
data.length = 34;
ret = add_extension(context, tbsc, 0,
&asn1_oid_id_ms_cert_enroll_domaincontroller,
&data);
if (ret)
goto out;
}
/* add KeyUsage */
{
KeyUsage ku;
ku = int2KeyUsage(key_usage);
ASN1_MALLOC_ENCODE(KeyUsage, data.data, data.length, &ku, &size, ret);
if (ret) {
hx509_set_error_string(context, 0, ret, "Out of memory");
goto out;
}
if (size != data.length)
_hx509_abort("internal ASN.1 encoder error");
ret = add_extension(context, tbsc, 1,
&asn1_oid_id_x509_ce_keyUsage, &data);
free(data.data);
if (ret)
goto out;
}
/* add ExtendedKeyUsage */
if (tbs->eku.len > 0) {
ASN1_MALLOC_ENCODE(ExtKeyUsage, data.data, data.length,
&tbs->eku, &size, ret);
if (ret) {
hx509_set_error_string(context, 0, ret, "Out of memory");
goto out;
}
if (size != data.length)
_hx509_abort("internal ASN.1 encoder error");
ret = add_extension(context, tbsc, 0,
&asn1_oid_id_x509_ce_extKeyUsage, &data);
free(data.data);
if (ret)
goto out;
}
/* add Subject Alternative Name */
if (tbs->san.len > 0) {
示例9: hx509_ca_tbs_add_san_pkinit
int
hx509_ca_tbs_add_san_pkinit(hx509_context context,
hx509_ca_tbs tbs,
const char *principal)
{
heim_octet_string os;
KRB5PrincipalName p;
size_t size;
int ret;
char *s = NULL;
memset(&p, 0, sizeof(p));
/* parse principal */
{
const char *str;
char *q;
int n;
/* count number of component */
n = 1;
for(str = principal; *str != '\0' && *str != '@'; str++){
if(*str=='\\'){
if(str[1] == '\0' || str[1] == '@') {
ret = HX509_PARSING_NAME_FAILED;
hx509_set_error_string(context, 0, ret,
"trailing \\ in principal name");
goto out;
}
str++;
} else if(*str == '/')
n++;
}
p.principalName.name_string.val =
calloc(n, sizeof(*p.principalName.name_string.val));
if (p.principalName.name_string.val == NULL) {
ret = ENOMEM;
hx509_set_error_string(context, 0, ret, "malloc: out of memory");
goto out;
}
p.principalName.name_string.len = n;
p.principalName.name_type = KRB5_NT_PRINCIPAL;
q = s = strdup(principal);
if (q == NULL) {
ret = ENOMEM;
hx509_set_error_string(context, 0, ret, "malloc: out of memory");
goto out;
}
p.realm = strrchr(q, '@');
if (p.realm == NULL) {
ret = HX509_PARSING_NAME_FAILED;
hx509_set_error_string(context, 0, ret, "Missing @ in principal");
goto out;
};
*p.realm++ = '\0';
n = 0;
while (q) {
p.principalName.name_string.val[n++] = q;
q = strchr(q, '/');
if (q)
*q++ = '\0';
}
}
ASN1_MALLOC_ENCODE(KRB5PrincipalName, os.data, os.length, &p, &size, ret);
if (ret) {
hx509_set_error_string(context, 0, ret, "Out of memory");
goto out;
}
if (size != os.length)
_hx509_abort("internal ASN.1 encoder error");
ret = hx509_ca_tbs_add_san_otherName(context,
tbs,
&asn1_oid_id_pkinit_san,
&os);
free(os.data);
out:
if (p.principalName.name_string.val)
free (p.principalName.name_string.val);
if (s)
free(s);
return ret;
}
示例10: hx509_cms_create_signed
//.........这里部分代码省略.........
*/
if ((flags & HX509_CMS_SIGNATURE_NO_CERTS) == 0) {
ret = hx509_certs_init(context, "MEMORY:certs", 0, NULL, &sigctx.certs);
if (ret)
return ret;
}
sigctx.anchors = anchors;
sigctx.pool = pool;
sigctx.sd.version = CMSVersion_v3;
der_copy_oid(eContentType, &sigctx.sd.encapContentInfo.eContentType);
/**
* Use HX509_CMS_SIGNATURE_DETACHED to create detached signatures.
*/
if ((flags & HX509_CMS_SIGNATURE_DETACHED) == 0) {
ALLOC(sigctx.sd.encapContentInfo.eContent, 1);
if (sigctx.sd.encapContentInfo.eContent == NULL) {
hx509_clear_error_string(context);
ret = ENOMEM;
goto out;
}
sigctx.sd.encapContentInfo.eContent->data = malloc(length);
if (sigctx.sd.encapContentInfo.eContent->data == NULL) {
hx509_clear_error_string(context);
ret = ENOMEM;
goto out;
}
memcpy(sigctx.sd.encapContentInfo.eContent->data, data, length);
sigctx.sd.encapContentInfo.eContent->length = length;
}
/**
* Use HX509_CMS_SIGNATURE_NO_SIGNER to create no sigInfo (no
* signatures).
*/
if ((flags & HX509_CMS_SIGNATURE_NO_SIGNER) == 0) {
ret = hx509_certs_iter_f(context, certs, sig_process, &sigctx);
if (ret)
goto out;
}
if (sigctx.sd.signerInfos.len) {
/*
* For each signerInfo, collect all different digest types.
*/
for (i = 0; i < sigctx.sd.signerInfos.len; i++) {
AlgorithmIdentifier *di =
&sigctx.sd.signerInfos.val[i].digestAlgorithm;
for (j = 0; j < sigctx.sd.digestAlgorithms.len; j++)
if (cmp_AlgorithmIdentifier(di, &sigctx.sd.digestAlgorithms.val[j]) == 0)
break;
if (j == sigctx.sd.digestAlgorithms.len) {
ret = add_DigestAlgorithmIdentifiers(&sigctx.sd.digestAlgorithms, di);
if (ret) {
hx509_clear_error_string(context);
goto out;
}
}
}
}
/*
* Add certs we think are needed, build as part of sig_process
*/
if (sigctx.certs) {
ALLOC(sigctx.sd.certificates, 1);
if (sigctx.sd.certificates == NULL) {
hx509_clear_error_string(context);
ret = ENOMEM;
goto out;
}
ret = hx509_certs_iter_f(context, sigctx.certs, cert_process, &sigctx);
if (ret)
goto out;
}
ASN1_MALLOC_ENCODE(SignedData,
signed_data->data, signed_data->length,
&sigctx.sd, &size, ret);
if (ret) {
hx509_clear_error_string(context);
goto out;
}
if (signed_data->length != size)
_hx509_abort("internal ASN.1 encoder error");
out:
hx509_certs_free(&sigctx.certs);
free_SignedData(&sigctx.sd);
return ret;
}
示例11: krb5_mk_rep
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_mk_rep(krb5_context context,
krb5_auth_context auth_context,
krb5_data *outbuf)
{
krb5_error_code ret;
AP_REP ap;
EncAPRepPart body;
u_char *buf = NULL;
size_t buf_size;
size_t len = 0;
krb5_crypto crypto;
ap.pvno = 5;
ap.msg_type = krb_ap_rep;
memset (&body, 0, sizeof(body));
body.ctime = auth_context->authenticator->ctime;
body.cusec = auth_context->authenticator->cusec;
if (auth_context->flags & KRB5_AUTH_CONTEXT_USE_SUBKEY) {
if (auth_context->local_subkey == NULL) {
ret = krb5_auth_con_generatelocalsubkey(context,
auth_context,
auth_context->keyblock);
if(ret) {
free_EncAPRepPart(&body);
return ret;
}
}
ret = krb5_copy_keyblock(context, auth_context->local_subkey,
&body.subkey);
if (ret) {
free_EncAPRepPart(&body);
return krb5_enomem(context);
}
} else
body.subkey = NULL;
if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
if(auth_context->local_seqnumber == 0)
krb5_generate_seq_number (context,
auth_context->keyblock,
&auth_context->local_seqnumber);
ALLOC(body.seq_number, 1);
if (body.seq_number == NULL) {
free_EncAPRepPart(&body);
return krb5_enomem(context);
}
*(body.seq_number) = auth_context->local_seqnumber;
} else
body.seq_number = NULL;
ap.enc_part.etype = auth_context->keyblock->keytype;
ap.enc_part.kvno = NULL;
ASN1_MALLOC_ENCODE(EncAPRepPart, buf, buf_size, &body, &len, ret);
free_EncAPRepPart (&body);
if(ret)
return ret;
if (buf_size != len)
krb5_abortx(context, "internal error in ASN.1 encoder");
ret = krb5_crypto_init(context, auth_context->keyblock,
0 /* ap.enc_part.etype */, &crypto);
if (ret) {
free (buf);
return ret;
}
ret = krb5_encrypt (context,
crypto,
KRB5_KU_AP_REQ_ENC_PART,
buf + buf_size - len,
len,
&ap.enc_part.cipher);
krb5_crypto_destroy(context, crypto);
free(buf);
if (ret)
return ret;
ASN1_MALLOC_ENCODE(AP_REP, outbuf->data, outbuf->length, &ap, &len, ret);
if (ret == 0 && outbuf->length != len)
krb5_abortx(context, "internal error in ASN.1 encoder");
free_AP_REP (&ap);
return ret;
}
示例12: decode_NegotiationToken
//.........这里部分代码省略.........
HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
free_NegotiationToken(&resp);
gss_mg_collect_error(&mech, ret, minor);
*minor_status = minor;
return ret;
}
if (ret == GSS_S_COMPLETE) {
ctx->open = 1;
}
} else if (*(resp.u.negTokenResp.negResult) == accept_completed) {
if (ctx->maybe_open)
ctx->open = 1;
}
if (*(resp.u.negTokenResp.negResult) == request_mic) {
ctx->require_mic = 1;
}
if (ctx->open) {
/*
* Verify the mechListMIC if one was provided or CFX was
* used and a non-preferred mechanism was selected
*/
if (resp.u.negTokenResp.mechListMIC != NULL) {
require_mic = 1;
} else {
ret = _gss_spnego_require_mechlist_mic(minor_status, ctx,
&require_mic);
if (ret) {
HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
free_NegotiationToken(&resp);
gss_release_buffer(&minor, &mech_output_token);
return ret;
}
}
} else {
require_mic = 0;
}
if (require_mic) {
ASN1_MALLOC_ENCODE(MechTypeList, mech_buf.value, mech_buf.length,
&ctx->initiator_mech_types, &buf_len, ret);
if (ret) {
HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
free_NegotiationToken(&resp);
gss_release_buffer(&minor, &mech_output_token);
*minor_status = ret;
return GSS_S_FAILURE;
}
if (mech_buf.length != buf_len)
abort();
if (resp.u.negTokenResp.mechListMIC == NULL) {
HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
free(mech_buf.value);
free_NegotiationToken(&resp);
*minor_status = 0;
return GSS_S_DEFECTIVE_TOKEN;
}
mic_buf.length = resp.u.negTokenResp.mechListMIC->length;
mic_buf.value = resp.u.negTokenResp.mechListMIC->data;
if (mech_output_token.length == 0) {
ret = gss_verify_mic(minor_status,
ctx->negotiated_ctx_id,
&mech_buf,
&mic_buf,
NULL);
if (ret) {
HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
free(mech_buf.value);
gss_release_buffer(&minor, &mech_output_token);
free_NegotiationToken(&resp);
return GSS_S_DEFECTIVE_TOKEN;
}
ctx->verified_mic = 1;
}
}
ret = spnego_reply_internal(minor_status, ctx,
require_mic ? &mech_buf : NULL,
&mech_output_token,
output_token);
if (mech_buf.value != NULL)
free(mech_buf.value);
free_NegotiationToken(&resp);
gss_release_buffer(&minor, &mech_output_token);
if (actual_mech_type)
*actual_mech_type = ctx->negotiated_mech_type;
if (ret_flags)
*ret_flags = ctx->mech_flags;
if (time_rec)
*time_rec = ctx->mech_time_rec;
HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
return ret;
}
示例13: kadm5_s_get_principal
//.........这里部分代码省略.........
&salt, out);
if (ret)
goto out;
}
krb5_free_salt(context->context, salt);
assert( out->n_key_data == n_keys );
}
if(ret){
kadm5_free_principal_ent(context, out);
goto out;
}
if(mask & KADM5_TL_DATA) {
time_t last_pw_expire;
const HDB_Ext_PKINIT_acl *acl;
const HDB_Ext_Aliases *aliases;
ret = hdb_entry_get_pw_change_time(&ent.entry, &last_pw_expire);
if (ret == 0 && last_pw_expire) {
unsigned char buf[4];
_krb5_put_int(buf, last_pw_expire, sizeof(buf));
ret = add_tl_data(out, KRB5_TL_LAST_PWD_CHANGE, buf, sizeof(buf));
}
if(ret){
kadm5_free_principal_ent(context, out);
goto out;
}
/*
* If the client was allowed to get key data, let it have the
* password too.
*/
if(mask & KADM5_KEY_DATA) {
heim_utf8_string pw;
ret = hdb_entry_get_password(context->context,
context->db, &ent.entry, &pw);
if (ret == 0) {
ret = add_tl_data(out, KRB5_TL_PASSWORD, pw, strlen(pw) + 1);
free(pw);
}
krb5_clear_error_message(context->context);
}
ret = hdb_entry_get_pkinit_acl(&ent.entry, &acl);
if (ret == 0 && acl) {
krb5_data buf;
size_t len;
ASN1_MALLOC_ENCODE(HDB_Ext_PKINIT_acl, buf.data, buf.length,
acl, &len, ret);
if (ret) {
kadm5_free_principal_ent(context, out);
goto out;
}
if (len != buf.length)
krb5_abortx(context->context,
"internal ASN.1 encoder error");
ret = add_tl_data(out, KRB5_TL_PKINIT_ACL, buf.data, buf.length);
free(buf.data);
if (ret) {
kadm5_free_principal_ent(context, out);
goto out;
}
}
if(ret){
kadm5_free_principal_ent(context, out);
goto out;
}
ret = hdb_entry_get_aliases(&ent.entry, &aliases);
if (ret == 0 && aliases) {
krb5_data buf;
size_t len;
ASN1_MALLOC_ENCODE(HDB_Ext_Aliases, buf.data, buf.length,
aliases, &len, ret);
if (ret) {
kadm5_free_principal_ent(context, out);
goto out;
}
if (len != buf.length)
krb5_abortx(context->context,
"internal ASN.1 encoder error");
ret = add_tl_data(out, KRB5_TL_ALIASES, buf.data, buf.length);
free(buf.data);
if (ret) {
kadm5_free_principal_ent(context, out);
goto out;
}
}
if(ret){
kadm5_free_principal_ent(context, out);
goto out;
}
}
out:
hdb_free_entry(context->context, &ent);
return _kadm5_error_code(ret);
}
示例14: tkt_referral_send
static krb5_error_code
tkt_referral_send(krb5_context context,
krb5_tkt_creds_context ctx,
krb5_data *in,
krb5_data *out,
krb5_realm *realm,
unsigned int *flags)
{
krb5_error_code ret;
TGS_REQ req;
size_t len;
METHOD_DATA padata;
padata.val = NULL;
padata.len = 0;
krb5_generate_random_block(&ctx->nonce, sizeof(ctx->nonce));
ctx->nonce &= 0xffffffff;
if (_krb5_have_debug(context, 10)) {
char *sname, *tgtname;
krb5_unparse_name(context, ctx->tgt.server, &tgtname);
krb5_unparse_name(context, ctx->next.server, &sname);
_krb5_debugx(context, 10, "sending TGS-REQ for %s using %s", sname, tgtname);
}
ret = _krb5_init_tgs_req(context,
ctx->ccache,
ctx->addreseses,
ctx->kdc_flags,
ctx->impersonate_principal,
NULL,
&ctx->next,
&ctx->tgt,
ctx->nonce,
&padata,
&ctx->subkey,
&req);
if (ret)
goto out;
ASN1_MALLOC_ENCODE(TGS_REQ, out->data, out->length, &req, &len, ret);
if (ret)
goto out;
if(out->length != len)
krb5_abortx(context, "internal error in ASN.1 encoder");
/* don't free addresses */
req.req_body.addresses = NULL;
free_TGS_REQ(&req);
*realm = ctx->tgt.server->name.name_string.val[1];
*flags |= KRB5_TKT_STATE_CONTINUE;
ctx->error = 0;
ctx->state = tkt_referral_recv;
return 0;
out:
ctx->error = ret;
ctx->state = NULL;
return ret;
}
示例15: _krb5_init_tgs_req
krb5_error_code
_krb5_init_tgs_req(krb5_context context,
krb5_ccache ccache,
krb5_addresses *addresses,
krb5_kdc_flags flags,
krb5_const_principal impersonate_principal,
Ticket *second_ticket,
krb5_creds *in_creds,
krb5_creds *krbtgt,
unsigned nonce,
METHOD_DATA *padata,
krb5_keyblock **subkey,
TGS_REQ *t)
{
krb5_auth_context ac = NULL;
krb5_error_code ret = 0;
/* inherit the forwardable/proxyable flags from the krbtgt */
flags.b.forwardable = krbtgt->flags.b.forwardable;
flags.b.proxiable = krbtgt->flags.b.proxiable;
if (ccache->ops->tgt_req) {
KERB_TGS_REQ_OUT out;
KERB_TGS_REQ_IN in;
memset(&in, 0, sizeof(in));
memset(&out, 0, sizeof(out));
ret = ccache->ops->tgt_req(context, ccache, &in, &out);
if (ret)
return ret;
free_KERB_TGS_REQ_OUT(&out);
return 0;
}
memset(t, 0, sizeof(*t));
if (impersonate_principal) {
krb5_crypto crypto;
PA_S4U2Self self;
krb5_data data;
void *buf;
size_t size, len;
self.name = impersonate_principal->name;
self.realm = impersonate_principal->realm;
self.auth = rk_UNCONST("Kerberos");
ret = _krb5_s4u2self_to_checksumdata(context, &self, &data);
if (ret)
goto fail;
ret = krb5_crypto_init(context, &krbtgt->session, 0, &crypto);
if (ret) {
krb5_data_free(&data);
goto fail;
}
ret = krb5_create_checksum(context,
crypto,
KRB5_KU_OTHER_CKSUM,
0,
data.data,
data.length,
&self.cksum);
krb5_crypto_destroy(context, crypto);
krb5_data_free(&data);
if (ret)
goto fail;
ASN1_MALLOC_ENCODE(PA_S4U2Self, buf, len, &self, &size, ret);
free_Checksum(&self.cksum);
if (ret)
goto fail;
if (len != size)
krb5_abortx(context, "internal asn1 error");
ret = krb5_padata_add(context, padata, KRB5_PADATA_FOR_USER, buf, len);
if (ret)
goto fail;
}
t->pvno = 5;
t->msg_type = krb_tgs_req;
if (in_creds->session.keytype) {
ALLOC_SEQ(&t->req_body.etype, 1);
if(t->req_body.etype.val == NULL) {
ret = ENOMEM;
krb5_set_error_message(context, ret,
N_("malloc: out of memory", ""));
goto fail;
}
t->req_body.etype.val[0] = in_creds->session.keytype;
} else {
ret = _krb5_init_etype(context,
KRB5_PDU_TGS_REQUEST,
&t->req_body.etype.len,
&t->req_body.etype.val,
//.........这里部分代码省略.........