/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* kdc/authind.c - Functions for manipulating authentication indicator lists */ /* * Copyright (C) 2015 by the Massachusetts Institute of Technology. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "k5-int.h" #include "kdc_util.h" /* Return true if ind matches an entry in indicators. */ krb5_boolean authind_contains(krb5_data *const *indicators, const char *ind) { for (; indicators != NULL && *indicators != NULL; indicators++) { if (data_eq_string(**indicators, ind)) return TRUE; } return FALSE; } /* Add ind to *indicators, reallocating as necessary. */ krb5_error_code authind_add(krb5_context context, const char *ind, krb5_data ***indicators) { size_t count; krb5_data **list = *indicators, *dptr, d; /* Count the number of existing indicators and check for duplicates. */ for (count = 0; list != NULL && list[count] != NULL; count++) { if (data_eq_string(*list[count], ind)) return 0; } /* Allocate space for a new entry. */ list = realloc(list, (count + 2) * sizeof(*list)); if (list == NULL) return ENOMEM; *indicators = list; /* Add a copy of ind (as a krb5_data object) to the list. */ d = string2data((char *)ind); if (krb5_copy_data(context, &d, &dptr) != 0) return ENOMEM; list[count++] = dptr; list[count] = NULL; return 0; } /* Add all auth indicators from authdata to *indicators, reallocating as * necessary. (Currently does not compress duplicates.) */ krb5_error_code authind_extract(krb5_context context, krb5_authdata **authdata, krb5_data ***indicators) { krb5_error_code ret; size_t count, scount; krb5_authdata **ind_authdata = NULL, **adp; krb5_data der_indicators, **strings = NULL, **list = *indicators; for (count = 0; list != NULL && list[count] != NULL; count++); ret = krb5_find_authdata(context, authdata, NULL, KRB5_AUTHDATA_AUTH_INDICATOR, &ind_authdata); if (ret) goto cleanup; for (adp = ind_authdata; adp != NULL && *adp != NULL; adp++) { /* Decode this authdata element into an auth indicator list. */ der_indicators = make_data((*adp)->contents, (*adp)->length); ret = decode_utf8_strings(&der_indicators, &strings); if (ret == ENOMEM) goto cleanup; if (ret) continue; /* Count the entries in strings and allocate space in list. */ for (scount = 0; strings != NULL && strings[scount] != NULL; scount++); list = realloc(list, (count + scount + 1) * sizeof(*list)); if (list == NULL) { ret = ENOMEM; goto cleanup; } *indicators = list; /* Steal the krb5_data pointers from strings and free the array. */ memcpy(list + count, strings, scount * sizeof(*strings)); count += scount; list[count] = NULL; free(strings); strings = NULL; } cleanup: krb5_free_authdata(context, ind_authdata); k5_free_data_ptr_list(strings); return ret; }