|
Packit Service |
99d1c0 |
/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
|
|
Packit Service |
99d1c0 |
/* lib/krad/attr.c - RADIUS attribute functions for libkrad */
|
|
Packit Service |
99d1c0 |
/*
|
|
Packit Service |
99d1c0 |
* Copyright 2013 Red Hat, Inc. All rights reserved.
|
|
Packit Service |
99d1c0 |
*
|
|
Packit Service |
99d1c0 |
* Redistribution and use in source and binary forms, with or without
|
|
Packit Service |
99d1c0 |
* modification, are permitted provided that the following conditions are met:
|
|
Packit Service |
99d1c0 |
*
|
|
Packit Service |
99d1c0 |
* 1. Redistributions of source code must retain the above copyright
|
|
Packit Service |
99d1c0 |
* notice, this list of conditions and the following disclaimer.
|
|
Packit Service |
99d1c0 |
*
|
|
Packit Service |
99d1c0 |
* 2. Redistributions in binary form must reproduce the above copyright
|
|
Packit Service |
99d1c0 |
* notice, this list of conditions and the following disclaimer in
|
|
Packit Service |
99d1c0 |
* the documentation and/or other materials provided with the
|
|
Packit Service |
99d1c0 |
* distribution.
|
|
Packit Service |
99d1c0 |
*
|
|
Packit Service |
99d1c0 |
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
|
|
Packit Service |
99d1c0 |
* IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
|
|
Packit Service |
99d1c0 |
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
|
|
Packit Service |
99d1c0 |
* PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
|
|
Packit Service |
99d1c0 |
* OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
|
|
Packit Service |
99d1c0 |
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
|
Packit Service |
99d1c0 |
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
|
|
Packit Service |
99d1c0 |
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
|
Packit Service |
99d1c0 |
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
|
|
Packit Service |
99d1c0 |
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
|
Packit Service |
99d1c0 |
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
Packit Service |
99d1c0 |
*/
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
#include <k5-int.h>
|
|
Packit Service |
99d1c0 |
#include "internal.h"
|
|
Packit Service |
99d1c0 |
|
|
rpm-build |
490d66 |
#include <openssl/crypto.h>
|
|
Packit Service |
99d1c0 |
#include <string.h>
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
/* RFC 2865 */
|
|
Packit Service |
99d1c0 |
#define BLOCKSIZE 16
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
typedef krb5_error_code
|
|
Packit Service |
99d1c0 |
(*attribute_transform_fn)(krb5_context ctx, const char *secret,
|
|
Packit Service |
99d1c0 |
const unsigned char *auth, const krb5_data *in,
|
|
rpm-build |
490d66 |
unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen,
|
|
rpm-build |
490d66 |
krb5_boolean *is_fips);
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
typedef struct {
|
|
Packit Service |
99d1c0 |
const char *name;
|
|
Packit Service |
99d1c0 |
unsigned char minval;
|
|
Packit Service |
99d1c0 |
unsigned char maxval;
|
|
Packit Service |
99d1c0 |
attribute_transform_fn encode;
|
|
Packit Service |
99d1c0 |
attribute_transform_fn decode;
|
|
Packit Service |
99d1c0 |
} attribute_record;
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
static krb5_error_code
|
|
Packit Service |
99d1c0 |
user_password_encode(krb5_context ctx, const char *secret,
|
|
Packit Service |
99d1c0 |
const unsigned char *auth, const krb5_data *in,
|
|
rpm-build |
490d66 |
unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen,
|
|
rpm-build |
490d66 |
krb5_boolean *is_fips);
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
static krb5_error_code
|
|
Packit Service |
99d1c0 |
user_password_decode(krb5_context ctx, const char *secret,
|
|
Packit Service |
99d1c0 |
const unsigned char *auth, const krb5_data *in,
|
|
rpm-build |
490d66 |
unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen,
|
|
rpm-build |
490d66 |
krb5_boolean *ignored);
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
static const attribute_record attributes[UCHAR_MAX] = {
|
|
Packit Service |
99d1c0 |
{"User-Name", 1, MAX_ATTRSIZE, NULL, NULL},
|
|
Packit Service |
99d1c0 |
{"User-Password", 1, 128, user_password_encode, user_password_decode},
|
|
Packit Service |
99d1c0 |
{"CHAP-Password", 17, 17, NULL, NULL},
|
|
Packit Service |
99d1c0 |
{"NAS-IP-Address", 4, 4, NULL, NULL},
|
|
Packit Service |
99d1c0 |
{"NAS-Port", 4, 4, NULL, NULL},
|
|
Packit Service |
99d1c0 |
{"Service-Type", 4, 4, NULL, NULL},
|
|
Packit Service |
99d1c0 |
{"Framed-Protocol", 4, 4, NULL, NULL},
|
|
Packit Service |
99d1c0 |
{"Framed-IP-Address", 4, 4, NULL, NULL},
|
|
Packit Service |
99d1c0 |
{"Framed-IP-Netmask", 4, 4, NULL, NULL},
|
|
Packit Service |
99d1c0 |
{"Framed-Routing", 4, 4, NULL, NULL},
|
|
Packit Service |
99d1c0 |
{"Filter-Id", 1, MAX_ATTRSIZE, NULL, NULL},
|
|
Packit Service |
99d1c0 |
{"Framed-MTU", 4, 4, NULL, NULL},
|
|
Packit Service |
99d1c0 |
{"Framed-Compression", 4, 4, NULL, NULL},
|
|
Packit Service |
99d1c0 |
{"Login-IP-Host", 4, 4, NULL, NULL},
|
|
Packit Service |
99d1c0 |
{"Login-Service", 4, 4, NULL, NULL},
|
|
Packit Service |
99d1c0 |
{"Login-TCP-Port", 4, 4, NULL, NULL},
|
|
Packit Service |
99d1c0 |
{NULL, 0, 0, NULL, NULL}, /* Unassigned */
|
|
Packit Service |
99d1c0 |
{"Reply-Message", 1, MAX_ATTRSIZE, NULL, NULL},
|
|
Packit Service |
99d1c0 |
{"Callback-Number", 1, MAX_ATTRSIZE, NULL, NULL},
|
|
Packit Service |
99d1c0 |
{"Callback-Id", 1, MAX_ATTRSIZE, NULL, NULL},
|
|
Packit Service |
99d1c0 |
{NULL, 0, 0, NULL, NULL}, /* Unassigned */
|
|
Packit Service |
99d1c0 |
{"Framed-Route", 1, MAX_ATTRSIZE, NULL, NULL},
|
|
Packit Service |
99d1c0 |
{"Framed-IPX-Network", 4, 4, NULL, NULL},
|
|
Packit Service |
99d1c0 |
{"State", 1, MAX_ATTRSIZE, NULL, NULL},
|
|
Packit Service |
99d1c0 |
{"Class", 1, MAX_ATTRSIZE, NULL, NULL},
|
|
Packit Service |
99d1c0 |
{"Vendor-Specific", 5, MAX_ATTRSIZE, NULL, NULL},
|
|
Packit Service |
99d1c0 |
{"Session-Timeout", 4, 4, NULL, NULL},
|
|
Packit Service |
99d1c0 |
{"Idle-Timeout", 4, 4, NULL, NULL},
|
|
Packit Service |
99d1c0 |
{"Termination-Action", 4, 4, NULL, NULL},
|
|
Packit Service |
99d1c0 |
{"Called-Station-Id", 1, MAX_ATTRSIZE, NULL, NULL},
|
|
Packit Service |
99d1c0 |
{"Calling-Station-Id", 1, MAX_ATTRSIZE, NULL, NULL},
|
|
Packit Service |
99d1c0 |
{"NAS-Identifier", 1, MAX_ATTRSIZE, NULL, NULL},
|
|
Packit Service |
99d1c0 |
{"Proxy-State", 1, MAX_ATTRSIZE, NULL, NULL},
|
|
Packit Service |
99d1c0 |
{"Login-LAT-Service", 1, MAX_ATTRSIZE, NULL, NULL},
|
|
Packit Service |
99d1c0 |
{"Login-LAT-Node", 1, MAX_ATTRSIZE, NULL, NULL},
|
|
Packit Service |
99d1c0 |
{"Login-LAT-Group", 32, 32, NULL, NULL},
|
|
Packit Service |
99d1c0 |
{"Framed-AppleTalk-Link", 4, 4, NULL, NULL},
|
|
Packit Service |
99d1c0 |
{"Framed-AppleTalk-Network", 4, 4, NULL, NULL},
|
|
Packit Service |
99d1c0 |
{"Framed-AppleTalk-Zone", 1, MAX_ATTRSIZE, NULL, NULL},
|
|
Packit Service |
99d1c0 |
{NULL, 0, 0, NULL, NULL}, /* Reserved for accounting */
|
|
Packit Service |
99d1c0 |
{NULL, 0, 0, NULL, NULL}, /* Reserved for accounting */
|
|
Packit Service |
99d1c0 |
{NULL, 0, 0, NULL, NULL}, /* Reserved for accounting */
|
|
Packit Service |
99d1c0 |
{NULL, 0, 0, NULL, NULL}, /* Reserved for accounting */
|
|
Packit Service |
99d1c0 |
{NULL, 0, 0, NULL, NULL}, /* Reserved for accounting */
|
|
Packit Service |
99d1c0 |
{NULL, 0, 0, NULL, NULL}, /* Reserved for accounting */
|
|
Packit Service |
99d1c0 |
{NULL, 0, 0, NULL, NULL}, /* Reserved for accounting */
|
|
Packit Service |
99d1c0 |
{NULL, 0, 0, NULL, NULL}, /* Reserved for accounting */
|
|
Packit Service |
99d1c0 |
{NULL, 0, 0, NULL, NULL}, /* Reserved for accounting */
|
|
Packit Service |
99d1c0 |
{NULL, 0, 0, NULL, NULL}, /* Reserved for accounting */
|
|
Packit Service |
99d1c0 |
{NULL, 0, 0, NULL, NULL}, /* Reserved for accounting */
|
|
Packit Service |
99d1c0 |
{NULL, 0, 0, NULL, NULL}, /* Reserved for accounting */
|
|
Packit Service |
99d1c0 |
{NULL, 0, 0, NULL, NULL}, /* Reserved for accounting */
|
|
Packit Service |
99d1c0 |
{NULL, 0, 0, NULL, NULL}, /* Reserved for accounting */
|
|
Packit Service |
99d1c0 |
{NULL, 0, 0, NULL, NULL}, /* Reserved for accounting */
|
|
Packit Service |
99d1c0 |
{NULL, 0, 0, NULL, NULL}, /* Reserved for accounting */
|
|
Packit Service |
99d1c0 |
{NULL, 0, 0, NULL, NULL}, /* Reserved for accounting */
|
|
Packit Service |
99d1c0 |
{NULL, 0, 0, NULL, NULL}, /* Reserved for accounting */
|
|
Packit Service |
99d1c0 |
{NULL, 0, 0, NULL, NULL}, /* Reserved for accounting */
|
|
Packit Service |
99d1c0 |
{NULL, 0, 0, NULL, NULL}, /* Reserved for accounting */
|
|
Packit Service |
99d1c0 |
{"CHAP-Challenge", 5, MAX_ATTRSIZE, NULL, NULL},
|
|
Packit Service |
99d1c0 |
{"NAS-Port-Type", 4, 4, NULL, NULL},
|
|
Packit Service |
99d1c0 |
{"Port-Limit", 4, 4, NULL, NULL},
|
|
Packit Service |
99d1c0 |
{"Login-LAT-Port", 1, MAX_ATTRSIZE, NULL, NULL},
|
|
Packit Service |
99d1c0 |
};
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
/* Encode User-Password attribute. */
|
|
Packit Service |
99d1c0 |
static krb5_error_code
|
|
Packit Service |
99d1c0 |
user_password_encode(krb5_context ctx, const char *secret,
|
|
Packit Service |
99d1c0 |
const unsigned char *auth, const krb5_data *in,
|
|
rpm-build |
490d66 |
unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen,
|
|
rpm-build |
490d66 |
krb5_boolean *is_fips)
|
|
Packit Service |
99d1c0 |
{
|
|
Packit Service |
99d1c0 |
const unsigned char *indx;
|
|
Packit Service |
99d1c0 |
krb5_error_code retval;
|
|
Packit Service |
99d1c0 |
unsigned int seclen;
|
|
Packit Service |
99d1c0 |
krb5_checksum sum;
|
|
Packit Service |
99d1c0 |
size_t blck, len, i;
|
|
Packit Service |
99d1c0 |
krb5_data tmp;
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
/* Copy the input buffer to the (zero-padded) output buffer. */
|
|
Packit Service |
99d1c0 |
len = (in->length + BLOCKSIZE - 1) / BLOCKSIZE * BLOCKSIZE;
|
|
Packit Service |
99d1c0 |
if (len > MAX_ATTRSIZE)
|
|
Packit Service |
99d1c0 |
return ENOBUFS;
|
|
Packit Service |
99d1c0 |
memset(outbuf, 0, len);
|
|
Packit Service |
99d1c0 |
memcpy(outbuf, in->data, in->length);
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
/* Create our temporary space for processing each block. */
|
|
Packit Service |
99d1c0 |
seclen = strlen(secret);
|
|
Packit Service |
99d1c0 |
retval = alloc_data(&tmp, seclen + BLOCKSIZE);
|
|
Packit Service |
99d1c0 |
if (retval != 0)
|
|
Packit Service |
99d1c0 |
return retval;
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
memcpy(tmp.data, secret, seclen);
|
|
Packit Service |
99d1c0 |
for (blck = 0, indx = auth; blck * BLOCKSIZE < len; blck++) {
|
|
Packit Service |
99d1c0 |
memcpy(tmp.data + seclen, indx, BLOCKSIZE);
|
|
Packit Service |
99d1c0 |
|
|
rpm-build |
490d66 |
if (FIPS_mode()) {
|
|
rpm-build |
490d66 |
/* Skip encryption here. Taint so that we won't pass it out of
|
|
rpm-build |
490d66 |
* the machine by accident. */
|
|
rpm-build |
490d66 |
*is_fips = TRUE;
|
|
rpm-build |
490d66 |
sum.contents = calloc(1, BLOCKSIZE);
|
|
rpm-build |
490d66 |
} else
|
|
rpm-build |
490d66 |
retval = krb5_c_make_checksum(ctx, CKSUMTYPE_RSA_MD5, NULL, 0, &tmp,
|
|
rpm-build |
490d66 |
&sum);
|
|
Packit Service |
99d1c0 |
if (retval != 0) {
|
|
Packit Service |
99d1c0 |
zap(tmp.data, tmp.length);
|
|
Packit Service |
99d1c0 |
zap(outbuf, len);
|
|
Packit Service |
99d1c0 |
krb5_free_data_contents(ctx, &tmp);
|
|
Packit Service |
99d1c0 |
return retval;
|
|
Packit Service |
99d1c0 |
}
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
for (i = 0; i < BLOCKSIZE; i++)
|
|
Packit Service |
99d1c0 |
outbuf[blck * BLOCKSIZE + i] ^= sum.contents[i];
|
|
Packit Service |
99d1c0 |
krb5_free_checksum_contents(ctx, &sum);
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
indx = &outbuf[blck * BLOCKSIZE];
|
|
Packit Service |
99d1c0 |
}
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
zap(tmp.data, tmp.length);
|
|
Packit Service |
99d1c0 |
krb5_free_data_contents(ctx, &tmp);
|
|
Packit Service |
99d1c0 |
*outlen = len;
|
|
Packit Service |
99d1c0 |
return 0;
|
|
Packit Service |
99d1c0 |
}
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
/* Decode User-Password attribute. */
|
|
Packit Service |
99d1c0 |
static krb5_error_code
|
|
Packit Service |
99d1c0 |
user_password_decode(krb5_context ctx, const char *secret,
|
|
Packit Service |
99d1c0 |
const unsigned char *auth, const krb5_data *in,
|
|
rpm-build |
490d66 |
unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen,
|
|
rpm-build |
490d66 |
krb5_boolean *is_fips)
|
|
Packit Service |
99d1c0 |
{
|
|
Packit Service |
99d1c0 |
const unsigned char *indx;
|
|
Packit Service |
99d1c0 |
krb5_error_code retval;
|
|
Packit Service |
99d1c0 |
unsigned int seclen;
|
|
Packit Service |
99d1c0 |
krb5_checksum sum;
|
|
Packit Service |
99d1c0 |
ssize_t blck, i;
|
|
Packit Service |
99d1c0 |
krb5_data tmp;
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
if (in->length % BLOCKSIZE != 0)
|
|
Packit Service |
99d1c0 |
return EINVAL;
|
|
Packit Service |
99d1c0 |
if (in->length > MAX_ATTRSIZE)
|
|
Packit Service |
99d1c0 |
return ENOBUFS;
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
/* Create our temporary space for processing each block. */
|
|
Packit Service |
99d1c0 |
seclen = strlen(secret);
|
|
Packit Service |
99d1c0 |
retval = alloc_data(&tmp, seclen + BLOCKSIZE);
|
|
Packit Service |
99d1c0 |
if (retval != 0)
|
|
Packit Service |
99d1c0 |
return retval;
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
memcpy(tmp.data, secret, seclen);
|
|
Packit Service |
99d1c0 |
for (blck = 0, indx = auth; blck * BLOCKSIZE < in->length; blck++) {
|
|
Packit Service |
99d1c0 |
memcpy(tmp.data + seclen, indx, BLOCKSIZE);
|
|
Packit Service |
99d1c0 |
|
|
rpm-build |
490d66 |
if (FIPS_mode()) {
|
|
rpm-build |
490d66 |
/* Skip encryption here. Taint so that we won't pass it out of
|
|
rpm-build |
490d66 |
* the machine by accident. */
|
|
rpm-build |
490d66 |
*is_fips = TRUE;
|
|
rpm-build |
490d66 |
sum.contents = calloc(1, BLOCKSIZE);
|
|
rpm-build |
490d66 |
} else
|
|
rpm-build |
490d66 |
retval = krb5_c_make_checksum(ctx, CKSUMTYPE_RSA_MD5, NULL, 0,
|
|
rpm-build |
490d66 |
&tmp, &sum);
|
|
Packit Service |
99d1c0 |
if (retval != 0) {
|
|
Packit Service |
99d1c0 |
zap(tmp.data, tmp.length);
|
|
Packit Service |
99d1c0 |
zap(outbuf, in->length);
|
|
Packit Service |
99d1c0 |
krb5_free_data_contents(ctx, &tmp);
|
|
Packit Service |
99d1c0 |
return retval;
|
|
Packit Service |
99d1c0 |
}
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
for (i = 0; i < BLOCKSIZE; i++) {
|
|
Packit Service |
99d1c0 |
outbuf[blck * BLOCKSIZE + i] = in->data[blck * BLOCKSIZE + i] ^
|
|
Packit Service |
99d1c0 |
sum.contents[i];
|
|
Packit Service |
99d1c0 |
}
|
|
Packit Service |
99d1c0 |
krb5_free_checksum_contents(ctx, &sum);
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
indx = (const unsigned char *)&in->data[blck * BLOCKSIZE];
|
|
Packit Service |
99d1c0 |
}
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
/* Strip off trailing NULL bytes. */
|
|
Packit Service |
99d1c0 |
*outlen = in->length;
|
|
Packit Service |
99d1c0 |
while (*outlen > 0 && outbuf[*outlen - 1] == '\0')
|
|
Packit Service |
99d1c0 |
(*outlen)--;
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
krb5_free_data_contents(ctx, &tmp);
|
|
Packit Service |
99d1c0 |
return 0;
|
|
Packit Service |
99d1c0 |
}
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
krb5_error_code
|
|
Packit Service |
99d1c0 |
kr_attr_valid(krad_attr type, const krb5_data *data)
|
|
Packit Service |
99d1c0 |
{
|
|
Packit Service |
99d1c0 |
const attribute_record *ar;
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
if (type == 0)
|
|
Packit Service |
99d1c0 |
return EINVAL;
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
ar = &attributes[type - 1];
|
|
Packit Service |
99d1c0 |
return (data->length >= ar->minval && data->length <= ar->maxval) ? 0 :
|
|
Packit Service |
99d1c0 |
EMSGSIZE;
|
|
Packit Service |
99d1c0 |
}
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
krb5_error_code
|
|
Packit Service |
99d1c0 |
kr_attr_encode(krb5_context ctx, const char *secret,
|
|
Packit Service |
99d1c0 |
const unsigned char *auth, krad_attr type,
|
|
Packit Service |
99d1c0 |
const krb5_data *in, unsigned char outbuf[MAX_ATTRSIZE],
|
|
rpm-build |
490d66 |
size_t *outlen, krb5_boolean *is_fips)
|
|
Packit Service |
99d1c0 |
{
|
|
Packit Service |
99d1c0 |
krb5_error_code retval;
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
retval = kr_attr_valid(type, in);
|
|
Packit Service |
99d1c0 |
if (retval != 0)
|
|
Packit Service |
99d1c0 |
return retval;
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
if (attributes[type - 1].encode == NULL) {
|
|
Packit Service |
99d1c0 |
if (in->length > MAX_ATTRSIZE)
|
|
Packit Service |
99d1c0 |
return ENOBUFS;
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
*outlen = in->length;
|
|
Packit Service |
99d1c0 |
memcpy(outbuf, in->data, in->length);
|
|
Packit Service |
99d1c0 |
return 0;
|
|
Packit Service |
99d1c0 |
}
|
|
Packit Service |
99d1c0 |
|
|
rpm-build |
490d66 |
return attributes[type - 1].encode(ctx, secret, auth, in, outbuf, outlen,
|
|
rpm-build |
490d66 |
is_fips);
|
|
Packit Service |
99d1c0 |
}
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
krb5_error_code
|
|
Packit Service |
99d1c0 |
kr_attr_decode(krb5_context ctx, const char *secret, const unsigned char *auth,
|
|
Packit Service |
99d1c0 |
krad_attr type, const krb5_data *in,
|
|
Packit Service |
99d1c0 |
unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen)
|
|
Packit Service |
99d1c0 |
{
|
|
Packit Service |
99d1c0 |
krb5_error_code retval;
|
|
rpm-build |
490d66 |
krb5_boolean ignored;
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
retval = kr_attr_valid(type, in);
|
|
Packit Service |
99d1c0 |
if (retval != 0)
|
|
Packit Service |
99d1c0 |
return retval;
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
if (attributes[type - 1].encode == NULL) {
|
|
Packit Service |
99d1c0 |
if (in->length > MAX_ATTRSIZE)
|
|
Packit Service |
99d1c0 |
return ENOBUFS;
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
*outlen = in->length;
|
|
Packit Service |
99d1c0 |
memcpy(outbuf, in->data, in->length);
|
|
Packit Service |
99d1c0 |
return 0;
|
|
Packit Service |
99d1c0 |
}
|
|
Packit Service |
99d1c0 |
|
|
rpm-build |
490d66 |
return attributes[type - 1].decode(ctx, secret, auth, in, outbuf, outlen,
|
|
rpm-build |
490d66 |
&ignored);
|
|
Packit Service |
99d1c0 |
}
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
krad_attr
|
|
Packit Service |
99d1c0 |
krad_attr_name2num(const char *name)
|
|
Packit Service |
99d1c0 |
{
|
|
Packit Service |
99d1c0 |
unsigned char i;
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
for (i = 0; i < UCHAR_MAX; i++) {
|
|
Packit Service |
99d1c0 |
if (attributes[i].name == NULL)
|
|
Packit Service |
99d1c0 |
continue;
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
if (strcmp(attributes[i].name, name) == 0)
|
|
Packit Service |
99d1c0 |
return i + 1;
|
|
Packit Service |
99d1c0 |
}
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
return 0;
|
|
Packit Service |
99d1c0 |
}
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
const char *
|
|
Packit Service |
99d1c0 |
krad_attr_num2name(krad_attr type)
|
|
Packit Service |
99d1c0 |
{
|
|
Packit Service |
99d1c0 |
if (type == 0)
|
|
Packit Service |
99d1c0 |
return NULL;
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
return attributes[type - 1].name;
|
|
Packit Service |
99d1c0 |
}
|