LCOV - code coverage report
Current view: top level - third_party/heimdal/kdc - kdc-plugin.c (source / functions) Hit Total Coverage
Test: coverage report for master 469b22b8 Lines: 138 251 55.0 %
Date: 2024-06-10 12:05:21 Functions: 24 51 47.1 %

          Line data    Source code
       1             : /*
       2             :  * Copyright (c) 2007 Kungliga Tekniska Högskolan
       3             :  * (Royal Institute of Technology, Stockholm, Sweden).
       4             :  * All rights reserved.
       5             :  *
       6             :  * Portions (c) 2021, 2022 PADL Software Pty Ltd.
       7             :  *
       8             :  * Redistribution and use in source and binary forms, with or without
       9             :  * modification, are permitted provided that the following conditions
      10             :  * are met:
      11             :  *
      12             :  * 1. Redistributions of source code must retain the above copyright
      13             :  *    notice, this list of conditions and the following disclaimer.
      14             :  *
      15             :  * 2. Redistributions in binary form must reproduce the above copyright
      16             :  *    notice, this list of conditions and the following disclaimer in the
      17             :  *    documentation and/or other materials provided with the distribution.
      18             :  *
      19             :  * 3. Neither the name of the Institute nor the names of its contributors
      20             :  *    may be used to endorse or promote products derived from this software
      21             :  *    without specific prior written permission.
      22             :  *
      23             :  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
      24             :  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
      25             :  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
      26             :  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
      27             :  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
      28             :  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
      29             :  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
      30             :  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
      31             :  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
      32             :  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
      33             :  * SUCH DAMAGE.
      34             :  */
      35             : 
      36             : #include "kdc_locl.h"
      37             : 
      38             : static int have_plugin = 0;
      39             : 
      40             : /*
      41             :  * Pick the first KDC plugin module that we find.
      42             :  */
      43             : 
      44             : static const char *kdc_plugin_deps[] = {
      45             :     "kdc",
      46             :     "krb5",
      47             :     "hdb",
      48             :     NULL
      49             : };
      50             : 
      51             : static struct heim_plugin_data kdc_plugin_data = {
      52             :     "krb5",
      53             :     "kdc",
      54             :     KRB5_PLUGIN_KDC_VERSION_12,
      55             :     kdc_plugin_deps,
      56             :     kdc_get_instance
      57             : };
      58             : 
      59             : static krb5_error_code KRB5_LIB_CALL
      60          93 : load(krb5_context context, const void *plug, void *plugctx, void *userctx)
      61             : {
      62          93 :     have_plugin = 1;
      63          93 :     return KRB5_PLUGIN_NO_HANDLE;
      64             : }
      65             : 
      66             : KDC_LIB_FUNCTION krb5_error_code KDC_LIB_CALL
      67          93 : krb5_kdc_plugin_init(krb5_context context)
      68             : {
      69          93 :     (void)_krb5_plugin_run_f(context, &kdc_plugin_data, 0, NULL, load);
      70             : 
      71          93 :     return 0;
      72             : }
      73             : 
      74             : struct generate_uc {
      75             :     astgs_request_t r;
      76             :     hdb_entry *client;
      77             :     hdb_entry *server;
      78             :     const krb5_keyblock *reply_key;
      79             :     uint64_t pac_attributes;
      80             :     krb5_pac *pac;
      81             : };
      82             : 
      83             : static krb5_error_code KRB5_LIB_CALL
      84       30353 : generate(krb5_context context, const void *plug, void *plugctx, void *userctx)
      85             : {
      86       30353 :     const krb5plugin_kdc_ftable *ft = (const krb5plugin_kdc_ftable *)plug;
      87       30353 :     struct generate_uc *uc = (struct generate_uc *)userctx;    
      88             : 
      89       30353 :     if (ft->pac_generate == NULL)
      90           0 :         return KRB5_PLUGIN_NO_HANDLE;
      91             : 
      92       30353 :     return ft->pac_generate((void *)plug,
      93             :                             uc->r,
      94             :                             uc->client,
      95             :                             uc->server,
      96             :                             uc->reply_key,
      97             :                             uc->pac_attributes,
      98             :                             uc->pac);
      99             : }
     100             : 
     101             : 
     102             : krb5_error_code
     103       30353 : _kdc_pac_generate(astgs_request_t r,
     104             :                   hdb_entry *client,
     105             :                   hdb_entry *server,
     106             :                   const krb5_keyblock *reply_key,
     107             :                   uint64_t pac_attributes,
     108             :                   krb5_pac *pac)
     109             : {
     110       30353 :     krb5_error_code ret = 0;
     111        1184 :     struct generate_uc uc;
     112             : 
     113       30353 :     *pac = NULL;
     114             : 
     115       30353 :     if (krb5_config_get_bool_default(r->context, NULL, FALSE, "realms",
     116       30353 :                                      client->principal->realm,
     117             :                                      "disable_pac", NULL))
     118           0 :         return 0;
     119             : 
     120       30353 :     if (have_plugin) {
     121       30353 :         uc.r = r;
     122       30353 :         uc.client = client;
     123       30353 :         uc.server = server;
     124       30353 :         uc.reply_key = reply_key;
     125       30353 :         uc.pac = pac;
     126       30353 :         uc.pac_attributes = pac_attributes;
     127             : 
     128       30353 :         ret = _krb5_plugin_run_f(r->context, &kdc_plugin_data,
     129             :                                  0, &uc, generate);
     130       30353 :         if (ret != KRB5_PLUGIN_NO_HANDLE)
     131       29169 :             return ret;
     132           0 :         ret = 0;
     133             :     }
     134             : 
     135           0 :     if (*pac == NULL)
     136           0 :         ret = krb5_pac_init(r->context, pac);
     137             : 
     138           0 :     return ret;
     139             : }
     140             : 
     141             : struct verify_uc {
     142             :     astgs_request_t r;
     143             :     krb5_const_principal client_principal;
     144             :     hdb_entry *delegated_proxy;
     145             :     hdb_entry *client;
     146             :     hdb_entry *server;
     147             :     hdb_entry *krbtgt;
     148             :     EncTicketPart *ticket;
     149             :     krb5_pac pac;
     150             : };
     151             : 
     152             : static krb5_error_code KRB5_LIB_CALL
     153       50597 : verify(krb5_context context, const void *plug, void *plugctx, void *userctx)
     154             : {
     155       50597 :     const krb5plugin_kdc_ftable *ft = (const krb5plugin_kdc_ftable *)plug;
     156       50597 :     struct verify_uc *uc = (struct verify_uc *)userctx;
     157        1672 :     krb5_error_code ret;
     158             : 
     159       50597 :     if (ft->pac_verify == NULL)
     160           0 :         return KRB5_PLUGIN_NO_HANDLE;
     161             : 
     162       50597 :     ret = ft->pac_verify((void *)plug,
     163             :                          uc->r,
     164             :                          uc->client_principal,
     165             :                          uc->delegated_proxy,
     166             :                          uc->client, uc->server, uc->krbtgt,
     167             :                          uc->ticket, uc->pac);
     168       50597 :     return ret;
     169             : }
     170             : 
     171             : krb5_error_code
     172       50597 : _kdc_pac_verify(astgs_request_t r,
     173             :                 krb5_const_principal client_principal,
     174             :                 hdb_entry *delegated_proxy,
     175             :                 hdb_entry *client,
     176             :                 hdb_entry *server,
     177             :                 hdb_entry *krbtgt,
     178             :                 EncTicketPart *ticket,
     179             :                 krb5_pac pac)
     180             : {
     181        1672 :     struct verify_uc uc;
     182             : 
     183       50597 :     if (!have_plugin)
     184           0 :         return KRB5_PLUGIN_NO_HANDLE;
     185             : 
     186       50597 :     uc.r = r;
     187       50597 :     uc.client_principal = client_principal;
     188       50597 :     uc.delegated_proxy = delegated_proxy;
     189       50597 :     uc.client = client;
     190       50597 :     uc.server = server;
     191       50597 :     uc.krbtgt = krbtgt;
     192       50597 :     uc.ticket = ticket,
     193       50597 :     uc.pac = pac;
     194             : 
     195       50597 :     return _krb5_plugin_run_f(r->context, &kdc_plugin_data,
     196             :                              0, &uc, verify);
     197             : }
     198             : 
     199             : struct update_uc {
     200             :     astgs_request_t r;
     201             :     krb5_const_principal client_principal;
     202             :     hdb_entry *delegated_proxy;
     203             :     krb5_const_pac delegated_proxy_pac;
     204             :     hdb_entry *client;
     205             :     hdb_entry *server;
     206             :     hdb_entry *krbtgt;
     207             :     krb5_pac *pac;
     208             : };
     209             : 
     210             : static krb5_error_code KRB5_LIB_CALL
     211       48748 : update(krb5_context context, const void *plug, void *plugctx, void *userctx)
     212             : {
     213       48748 :     const krb5plugin_kdc_ftable *ft = (const krb5plugin_kdc_ftable *)plug;
     214       48748 :     struct update_uc *uc = (struct update_uc *)userctx;
     215        1672 :     krb5_error_code ret;
     216             : 
     217       48748 :     if (ft->pac_update == NULL)
     218           0 :         return KRB5_PLUGIN_NO_HANDLE;
     219             : 
     220       48748 :     ret = ft->pac_update((void *)plug,
     221             :                          uc->r,
     222             :                          uc->client_principal,
     223             :                          uc->delegated_proxy,
     224             :                          uc->delegated_proxy_pac,
     225             :                          uc->client, uc->server, uc->krbtgt, uc->pac);
     226       48748 :     return ret;
     227             : }
     228             : 
     229             : krb5_error_code
     230       48748 : _kdc_pac_update(astgs_request_t r,
     231             :                 krb5_const_principal client_principal,
     232             :                 hdb_entry *delegated_proxy,
     233             :                 krb5_const_pac delegated_proxy_pac,
     234             :                 hdb_entry *client,
     235             :                 hdb_entry *server,
     236             :                 hdb_entry *krbtgt,
     237             :                 krb5_pac *pac)
     238             : {
     239        1672 :     struct update_uc uc;
     240             : 
     241       48748 :     if (!have_plugin)
     242           0 :         return KRB5_PLUGIN_NO_HANDLE;
     243             : 
     244       48748 :     uc.r = r;
     245       48748 :     uc.client_principal = client_principal;
     246       48748 :     uc.delegated_proxy = delegated_proxy;
     247       48748 :     uc.delegated_proxy_pac = delegated_proxy_pac;
     248       48748 :     uc.client = client;
     249       48748 :     uc.server = server;
     250       48748 :     uc.krbtgt = krbtgt;
     251       48748 :     uc.pac = pac;
     252             : 
     253       48748 :     return _krb5_plugin_run_f(r->context, &kdc_plugin_data,
     254             :                              0, &uc, update);
     255             : }
     256             : 
     257             : static krb5_error_code KRB5_LIB_CALL
     258       48632 : check(krb5_context context, const void *plug, void *plugctx, void *userctx)
     259             : {
     260       48632 :     const krb5plugin_kdc_ftable *ft = (const krb5plugin_kdc_ftable *)plug;
     261             : 
     262       48632 :     if (ft->client_access == NULL)
     263           0 :         return KRB5_PLUGIN_NO_HANDLE;
     264       48632 :     return ft->client_access((void *)plug, userctx);
     265             : }
     266             : 
     267             : krb5_error_code
     268       48632 : _kdc_check_access(astgs_request_t r)
     269             : {
     270       48632 :     krb5_error_code ret = KRB5_PLUGIN_NO_HANDLE;
     271             : 
     272       48632 :     if (have_plugin) {
     273       48632 :         ret = _krb5_plugin_run_f(r->context, &kdc_plugin_data,
     274             :                                  0, r, check);
     275             :     }
     276             : 
     277       48632 :     if (ret == KRB5_PLUGIN_NO_HANDLE)
     278       48323 :         return kdc_check_flags(r, r->req.msg_type == krb_as_req,
     279             :                                r->client, r->server);
     280         309 :     return ret;
     281             : }
     282             : 
     283             : static krb5_error_code KRB5_LIB_CALL
     284        1246 : referral_policy(krb5_context context, const void *plug, void *plugctx, void *userctx)
     285             : {
     286        1246 :     const krb5plugin_kdc_ftable *ft = (const krb5plugin_kdc_ftable *)plug;
     287             : 
     288        1246 :     if (ft->referral_policy == NULL)
     289           0 :         return KRB5_PLUGIN_NO_HANDLE;
     290        1246 :     return ft->referral_policy((void *)plug, userctx);
     291             : }
     292             : 
     293             : krb5_error_code
     294        1246 : _kdc_referral_policy(astgs_request_t r)
     295             : {
     296        1246 :     krb5_error_code ret = KRB5_PLUGIN_NO_HANDLE;
     297             : 
     298        1246 :     if (have_plugin)
     299        1246 :         ret = _krb5_plugin_run_f(r->context, &kdc_plugin_data, 0, r, referral_policy);
     300             : 
     301        1246 :     return ret;
     302             : }
     303             : 
     304             : static krb5_error_code KRB5_LIB_CALL
     305       30067 : hwauth_policy(krb5_context context, const void *plug, void *plugctx, void *userctx)
     306             : {
     307       30067 :     const krb5plugin_kdc_ftable *ft = plug;
     308             : 
     309       30067 :     if (ft->hwauth_policy == NULL) {
     310           0 :         return KRB5_PLUGIN_NO_HANDLE;
     311             :     }
     312       30067 :     return ft->hwauth_policy((void *)plug, userctx);
     313             : }
     314             : 
     315             : krb5_error_code
     316       30067 : _kdc_hwauth_policy(astgs_request_t r)
     317             : {
     318       30067 :     krb5_error_code ret = KRB5_PLUGIN_NO_HANDLE;
     319             : 
     320       30067 :     if (have_plugin) {
     321       30067 :         ret = _krb5_plugin_run_f(r->context, &kdc_plugin_data, 0, r, hwauth_policy);
     322             :     }
     323             : 
     324       30067 :     if (ret == KRB5_PLUGIN_NO_HANDLE) {
     325           0 :         ret = 0;
     326             :     }
     327             : 
     328       30067 :     return ret;
     329             : }
     330             : 
     331             : static krb5_error_code KRB5_LIB_CALL
     332       79031 : finalize_reply(krb5_context context, const void *plug, void *plugctx, void *userctx)
     333             : {
     334       79031 :     const krb5plugin_kdc_ftable *ft = (const krb5plugin_kdc_ftable *)plug;
     335             : 
     336       79031 :     if (ft->finalize_reply == NULL)
     337           0 :         return KRB5_PLUGIN_NO_HANDLE;
     338       79031 :     return ft->finalize_reply((void *)plug, userctx);
     339             : }
     340             : 
     341             : krb5_error_code
     342       79031 : _kdc_finalize_reply(astgs_request_t r)
     343             : {
     344       79031 :     krb5_error_code ret = KRB5_PLUGIN_NO_HANDLE;
     345             : 
     346       79031 :     if (have_plugin)
     347       79031 :         ret = _krb5_plugin_run_f(r->context, &kdc_plugin_data, 0, r, finalize_reply);
     348             : 
     349       79031 :     if (ret == KRB5_PLUGIN_NO_HANDLE)
     350           0 :         ret = 0;
     351             : 
     352       79031 :     return ret;
     353             : }
     354             : 
     355             : static krb5_error_code KRB5_LIB_CALL
     356      103828 : audit(krb5_context context, const void *plug, void *plugctx, void *userctx)
     357             : {
     358      103828 :     const krb5plugin_kdc_ftable *ft = (const krb5plugin_kdc_ftable *)plug;
     359             : 
     360      103828 :     if (ft->audit == NULL)
     361      100380 :         return KRB5_PLUGIN_NO_HANDLE;
     362           0 :     return ft->audit((void *)plug, userctx);
     363             : }
     364             : 
     365             : krb5_error_code
     366      103828 : _kdc_plugin_audit(astgs_request_t r)
     367             : {
     368      103828 :     krb5_error_code ret = KRB5_PLUGIN_NO_HANDLE;
     369             : 
     370      103828 :     if (have_plugin)
     371      103828 :         ret = _krb5_plugin_run_f(r->context, &kdc_plugin_data, 0, r, audit);
     372             : 
     373      103828 :     if (ret == KRB5_PLUGIN_NO_HANDLE)
     374      100380 :         ret = 0;
     375             : 
     376      103828 :     return ret;
     377             : }
     378             : 
     379             : KDC_LIB_FUNCTION uintptr_t KDC_LIB_CALL
     380           0 : kdc_get_instance(const char *libname)
     381             : {
     382           0 :     static const char *instance = "libkdc";
     383             : 
     384           0 :     if (strcmp(libname, "kdc") == 0)
     385           0 :         return (uintptr_t)instance;
     386           0 :     else if (strcmp(libname, "hdb") == 0)
     387           0 :         return hdb_get_instance(libname);
     388           0 :     else if (strcmp(libname, "krb5") == 0)
     389           0 :         return krb5_get_instance(libname);
     390             : 
     391           0 :     return 0;
     392             : }
     393             : 
     394             : /*
     395             :  * Minimum API surface wrapper for libheimbase object types so it
     396             :  * may remain a private interface, yet plugins can interact with
     397             :  * objects.
     398             :  */
     399             : 
     400             : KDC_LIB_FUNCTION kdc_object_t KDC_LIB_CALL
     401         694 : kdc_object_alloc(size_t size, const char *name, kdc_type_dealloc dealloc)
     402             : {
     403         694 :     return heim_alloc(size, name, dealloc);
     404             : }
     405             : 
     406             : KDC_LIB_FUNCTION kdc_object_t KDC_LIB_CALL
     407           0 : kdc_object_retain(kdc_object_t o)
     408             : {
     409           0 :     return heim_retain(o);
     410             : }
     411             : 
     412             : KDC_LIB_FUNCTION void KDC_LIB_CALL
     413           0 : kdc_object_release(kdc_object_t o)
     414             : {
     415           0 :     heim_release(o);
     416           0 : }
     417             : 
     418             : KDC_LIB_FUNCTION kdc_object_t KDC_LIB_CALL
     419           0 : kdc_bool_create(krb5_boolean v)
     420             : {
     421           0 :     return heim_bool_create(v);
     422             : }
     423             : 
     424             : KDC_LIB_FUNCTION krb5_boolean KDC_LIB_CALL
     425           0 : kdc_bool_get_value(kdc_object_t o)
     426             : {
     427           0 :     return heim_bool_val(o);
     428             : }
     429             : 
     430             : struct kdc_array_iterator_trampoline_data {
     431             :     kdc_array_iterator_t iter;
     432             :     void *data;
     433             : };
     434             : 
     435             : /*
     436             :  * Calling convention shim to avoid needing to update all internal
     437             :  * consumers of heim_array_iterate_f()
     438             :  */
     439             : static void
     440           0 : _kdc_array_iterator_trampoline(kdc_object_t o, void *data, int *stop)
     441             : {
     442           0 :     struct kdc_array_iterator_trampoline_data *t = data;
     443             : 
     444           0 :     t->iter(o, t->data, stop);
     445           0 : }
     446             : 
     447             : KDC_LIB_FUNCTION void KDC_LIB_CALL
     448           0 : kdc_array_iterate(kdc_array_t a, void *d, kdc_array_iterator_t iter)
     449             : {
     450           0 :     struct kdc_array_iterator_trampoline_data t;
     451             : 
     452           0 :     t.iter = iter;
     453           0 :     t.data = d;
     454             : 
     455           0 :     heim_array_iterate_f((heim_array_t)a, &t, _kdc_array_iterator_trampoline);
     456           0 : }
     457             : 
     458             : KDC_LIB_FUNCTION size_t KDC_LIB_CALL
     459           0 : kdc_array_get_length(kdc_array_t a)
     460             : {
     461           0 :     return heim_array_get_length((heim_array_t)a);
     462             : }
     463             : 
     464             : KDC_LIB_FUNCTION kdc_object_t KDC_LIB_CALL
     465           0 : kdc_array_get_value(heim_array_t a, size_t i)
     466             : {
     467           0 :     return heim_array_get_value((heim_array_t)a, i);
     468             : }
     469             : 
     470             : KDC_LIB_FUNCTION kdc_object_t KDC_LIB_CALL
     471           0 : kdc_array_copy_value(heim_array_t a, size_t i)
     472             : {
     473           0 :     return heim_array_copy_value((heim_array_t)a, i);
     474             : }
     475             : 
     476             : KDC_LIB_FUNCTION kdc_string_t KDC_LIB_CALL
     477           0 : kdc_string_create(const char *s)
     478             : {
     479           0 :     return (kdc_string_t)heim_string_create(s);
     480             : }
     481             : 
     482             : KDC_LIB_FUNCTION const char * KDC_LIB_CALL
     483           0 : kdc_string_get_utf8(kdc_string_t s)
     484             : {
     485           0 :     return heim_string_get_utf8((heim_string_t)s);
     486             : }
     487             : 
     488             : KDC_LIB_FUNCTION kdc_data_t
     489           0 : kdc_data_create(const void *d, size_t len)
     490             : {
     491           0 :     return (kdc_data_t)heim_data_create(d, len);
     492             : }
     493             : 
     494             : KDC_LIB_FUNCTION const krb5_data * KDC_LIB_CALL
     495           0 : kdc_data_get_data(kdc_data_t d)
     496             : {
     497           0 :     return heim_data_get_data((heim_data_t)d);
     498             : }
     499             : 
     500             : KDC_LIB_FUNCTION kdc_number_t KDC_LIB_CALL
     501           0 : kdc_number_create(int64_t v)
     502             : {
     503           0 :     return (kdc_number_t)heim_number_create(v);
     504             : }
     505             : 
     506             : KDC_LIB_FUNCTION int64_t KDC_LIB_CALL
     507           0 : kdc_number_get_value(kdc_number_t n)
     508             : {
     509           0 :     return heim_number_get_long((heim_number_t)n);
     510             : }
     511             : 
     512             : /*
     513             :  * Plugin accessors
     514             :  */
     515             : 
     516             : KDC_LIB_FUNCTION krb5_error_code KDC_LIB_CALL
     517           0 : kdc_request_add_reply_padata(astgs_request_t r, PA_DATA *md)
     518             : {
     519           0 :     heim_assert(r->rep.padata != NULL, "reply padata not allocated");
     520           0 :     return add_METHOD_DATA(r->rep.padata, md);
     521             : }
     522             : 
     523             : KDC_LIB_FUNCTION krb5_error_code KDC_LIB_CALL
     524       36054 : kdc_request_add_encrypted_padata(astgs_request_t r, PA_DATA *md)
     525             : {
     526       36054 :     if (r->ek.encrypted_pa_data == NULL) {
     527       10772 :         r->ek.encrypted_pa_data = calloc(1, sizeof *(r->ek.encrypted_pa_data));
     528       10772 :         if (r->ek.encrypted_pa_data == NULL) {
     529           0 :             return ENOMEM;
     530             :         }
     531             :     }
     532             : 
     533       36054 :     return add_METHOD_DATA(r->ek.encrypted_pa_data, md);
     534             : }
     535             : 
     536             : KDC_LIB_FUNCTION krb5_error_code KDC_LIB_CALL
     537           0 : kdc_request_add_pac_buffer(astgs_request_t r,
     538             :                            uint32_t pactype,
     539             :                            const krb5_data *d)
     540             : {
     541           0 :     krb5_error_code ret;
     542           0 :     krb5_pac pac;
     543             : 
     544           0 :     if (r->pac == NULL) {
     545           0 :         ret = krb5_pac_init(r->context, &pac);
     546           0 :         if (ret)
     547           0 :             return ret;
     548             :     } else
     549           0 :         pac = heim_retain(r->pac);
     550             : 
     551           0 :     ret = krb5_pac_add_buffer(r->context, pac, pactype, d);
     552           0 :     if (ret == 0 && r->pac == NULL)
     553           0 :         r->pac = pac;
     554             :     else
     555           0 :         heim_release(pac);
     556             : 
     557           0 :     return ret;
     558             : }
     559             : 
     560             : /*
     561             :  * Override the e-data field to be returned in an error reply. The data will be
     562             :  * owned by the KDC and eventually will be freed with krb5_data_free().
     563             :  */
     564             : KDC_LIB_FUNCTION krb5_error_code KDC_LIB_CALL
     565         129 : kdc_request_set_e_data(astgs_request_t r, heim_octet_string e_data)
     566             : {
     567         129 :     krb5_data_free(&r->e_data);
     568         129 :     r->e_data = e_data;
     569             : 
     570         129 :     return 0;
     571             : }
     572             : 
     573             : #undef _KDC_REQUEST_GET_ACCESSOR
     574             : #define _KDC_REQUEST_GET_ACCESSOR(R, T, f)                  \
     575             :     KDC_LIB_FUNCTION T KDC_LIB_CALL                         \
     576             :     kdc_request_get_ ## f(R r)                              \
     577             :     {                                                       \
     578             :         return r->f;                                     \
     579             :     }
     580             : 
     581             : #undef _KDC_REQUEST_SET_ACCESSOR
     582             : #define _KDC_REQUEST_SET_ACCESSOR(R, T, f)                  \
     583             :     KDC_LIB_FUNCTION void KDC_LIB_CALL                      \
     584             :     kdc_request_set_ ## f(R r, T v)                         \
     585             :     {                                                       \
     586             :         r->f = v;                                        \
     587             :     }
     588             : 
     589             : #undef _KDC_REQUEST_GET_ACCESSOR_PTR
     590             : #define _KDC_REQUEST_GET_ACCESSOR_PTR(R, T,  f)             \
     591             :     KDC_LIB_FUNCTION const T KDC_LIB_CALL                   \
     592             :     kdc_request_get_ ## f(R r)                              \
     593             :     {                                                       \
     594             :         return r->f;                                     \
     595             :     }
     596             : 
     597             : #undef _KDC_REQUEST_SET_ACCESSOR_PTR
     598             : #define _KDC_REQUEST_SET_ACCESSOR_PTR(R, T, t, f)           \
     599             :     KDC_LIB_FUNCTION krb5_error_code KDC_LIB_CALL           \
     600             :     kdc_request_set_ ## f(R r, const T v)                   \
     601             :     {                                                       \
     602             :         krb5_error_code ret;                                \
     603             :         T tmp;                                              \
     604             :                                                             \
     605             :         if (v == r->f)                                           \
     606             :             return 0;                                       \
     607             :         else if (v) {                                       \
     608             :             ret = copy_##t(v, &tmp);                            \
     609             :             if (ret)                                        \
     610             :                 return ret;                                 \
     611             :         } else                                              \
     612             :             tmp = NULL;                                     \
     613             :                                                             \
     614             :         free_##t(r->f);                                          \
     615             :         r->f = tmp;                                      \
     616             :                                                             \
     617             :         return 0;                                           \
     618             :     }
     619             : 
     620             : #undef _KDC_REQUEST_GET_ACCESSOR_STRUCT
     621             : #define _KDC_REQUEST_GET_ACCESSOR_STRUCT(R, T, f)           \
     622             :     KDC_LIB_FUNCTION const T * KDC_LIB_CALL                 \
     623             :     kdc_request_get_ ## f(R r)                              \
     624             :     {                                                       \
     625             :         return &r->f;                                        \
     626             :     }
     627             : 
     628             : #undef _KDC_REQUEST_SET_ACCESSOR_STRUCT
     629             : #define _KDC_REQUEST_SET_ACCESSOR_STRUCT(R, T, t, f)        \
     630             :     KDC_LIB_FUNCTION krb5_error_code KDC_LIB_CALL           \
     631             :     kdc_request_set_ ## f(R r, const T *v)                  \
     632             :     {                                                       \
     633             :         krb5_error_code ret;                                \
     634             :         T tmp;                                              \
     635             :                                                             \
     636             :         if (v == NULL)                                      \
     637             :             return EINVAL;                                  \
     638             :         else if (v == &r->f)                                 \
     639             :             return 0;                                       \
     640             :                                                             \
     641             :         ret = copy_##t(v, &tmp);                        \
     642             :         if (ret)                                            \
     643             :             return ret;                                     \
     644             :                                                             \
     645             :         free_##t(&r->f);                             \
     646             :         r->f = tmp;                                      \
     647             :                                                             \
     648             :         return 0;                                           \
     649             :     }
     650             : 
     651             : static krb5_error_code
     652           0 : copy_string_ptr(const char *src, char **dst)
     653             : {
     654           0 :     *dst = strdup(src);
     655           0 :     if (*dst == NULL)
     656           0 :         return ENOMEM;
     657             : 
     658           0 :     return 0;
     659             : }
     660             : 
     661             : static void
     662         790 : free_string_ptr(char *s)
     663             : {
     664         790 :     free(s);
     665         790 : }
     666             : 
     667             : static krb5_error_code
     668           0 : copy_Principal_ptr(krb5_const_principal src, krb5_principal *dst)
     669             : {
     670           0 :     krb5_error_code ret;
     671           0 :     krb5_principal p;
     672             : 
     673           0 :     *dst = NULL;
     674             : 
     675           0 :     p = calloc(1, sizeof(*p));
     676           0 :     if (p == NULL)
     677           0 :         return ENOMEM;
     678             : 
     679           0 :     ret = copy_Principal(src, p);
     680           0 :     if (ret == 0)
     681           0 :         *dst = p;
     682             :     else
     683           0 :         free(p);
     684             : 
     685           0 :     return ret;
     686             : }
     687             : 
     688             : static void
     689        1580 : free_Principal_ptr(krb5_principal p)
     690             : {
     691        1580 :     if (p) {
     692        1580 :         free_Principal(p);
     693        1580 :         free(p);
     694             :     }
     695        1580 : }
     696             : 
     697             : static krb5_error_code
     698           0 : copy_pac(const struct krb5_pac_data *src, struct krb5_pac_data **dst)
     699             : {
     700             :     /* FIXME use heim_copy() when it exists */
     701           0 :     *dst = (krb5_pac)heim_retain((heim_object_t)src);
     702           0 :     return 0;
     703             : }
     704             : 
     705             : static void
     706         790 : free_pac(struct krb5_pac_data *o)
     707             : {
     708         790 :     heim_release(o);
     709         790 : }
     710             : 
     711             : static krb5_error_code
     712           0 : copy_keyblock(const EncryptionKey *src, EncryptionKey *dst)
     713             : {
     714           0 :     return copy_EncryptionKey(src, dst);
     715             : }
     716             : 
     717             : static void
     718           0 : free_keyblock(EncryptionKey *key)
     719             : {
     720           0 :     krb5_free_keyblock_contents(NULL, key);
     721           0 : }
     722             : 
     723             : #undef HEIMDAL_KDC_KDC_ACCESSORS_H
     724             : #include "kdc-accessors.h"
     725             : 
     726             : #undef _KDC_REQUEST_GET_ACCESSOR
     727             : #undef _KDC_REQUEST_SET_ACCESSOR
     728             : 
     729             : #undef _KDC_REQUEST_GET_ACCESSOR_PTR
     730             : #undef _KDC_REQUEST_SET_ACCESSOR_PTR
     731             : #define _KDC_REQUEST_SET_ACCESSOR_PTR(R, T, t, f)           \
     732             :     void                                                    \
     733             :     _kdc_request_set_ ## f ## _nocopy(R r, T *v)            \
     734             :     {                                                       \
     735             :         if (*v != r->f) {                                \
     736             :             free_##t(r->f);                              \
     737             :             r->f = *v;                                           \
     738             :         }                                                   \
     739             :         *v = NULL;                                          \
     740             :     }
     741             : 
     742             : #undef _KDC_REQUEST_GET_ACCESSOR_STRUCT
     743             : #undef _KDC_REQUEST_SET_ACCESSOR_STRUCT
     744             : #define _KDC_REQUEST_SET_ACCESSOR_STRUCT(R, T, t, f)        \
     745             :     void                                                    \
     746             :     _kdc_request_set_ ## f ## _nocopy(R r, T *v)            \
     747             :     {                                                       \
     748             :         if (v != &r->f) {                                    \
     749             :             free_##t(&r->f);                                 \
     750             :             r->f = *v;                                           \
     751             :         }                                                   \
     752             :         memset(v, 0, sizeof(*v));                           \
     753             :     }
     754             : 
     755             : #undef HEIMDAL_KDC_KDC_ACCESSORS_H
     756             : #include "kdc-accessors.h"
     757             : 
     758             : KDC_LIB_FUNCTION const HDB * KDC_LIB_CALL
     759           0 : kdc_request_get_explicit_armor_clientdb(astgs_request_t r)
     760             : {
     761           0 :     return r->explicit_armor_present ? r->armor_clientdb : NULL;
     762             : }
     763             : 
     764             : KDC_LIB_FUNCTION const hdb_entry * KDC_LIB_CALL
     765           0 : kdc_request_get_explicit_armor_client(astgs_request_t r)
     766             : {
     767           0 :     return r->explicit_armor_present ? r->armor_client : NULL;
     768             : }
     769             : 
     770             : KDC_LIB_FUNCTION const hdb_entry * KDC_LIB_CALL
     771           0 : kdc_request_get_explicit_armor_server(astgs_request_t r)
     772             : {
     773           0 :     return r->explicit_armor_present ? r->armor_server : NULL;
     774             : }
     775             : 
     776             : KDC_LIB_FUNCTION krb5_const_pac KDC_LIB_CALL
     777           0 : kdc_request_get_explicit_armor_pac(astgs_request_t r)
     778             : {
     779           0 :     return r->explicit_armor_present ? r->armor_pac : NULL;
     780             : }

Generated by: LCOV version 1.14