auth_context.c revision 102644 
1259698Sdim/*
2259698Sdim * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
3259698Sdim * (Royal Institute of Technology, Stockholm, Sweden).
4259698Sdim * All rights reserved.
5259698Sdim *
6259698Sdim * Redistribution and use in source and binary forms, with or without
7259698Sdim * modification, are permitted provided that the following conditions
8259698Sdim * are met:
9259698Sdim *
10259698Sdim * 1. Redistributions of source code must retain the above copyright
11259698Sdim *    notice, this list of conditions and the following disclaimer.
12259698Sdim *
13259698Sdim * 2. Redistributions in binary form must reproduce the above copyright
14259698Sdim *    notice, this list of conditions and the following disclaimer in the
15259698Sdim *    documentation and/or other materials provided with the distribution.
16259698Sdim *
17259698Sdim * 3. Neither the name of the Institute nor the names of its contributors
18259698Sdim *    may be used to endorse or promote products derived from this software
19259698Sdim *    without specific prior written permission.
20259698Sdim *
21259698Sdim * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22259698Sdim * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23259698Sdim * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24259698Sdim * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25259698Sdim * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26259698Sdim * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27259698Sdim * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28259698Sdim * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29259698Sdim * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30259698Sdim * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31259698Sdim * SUCH DAMAGE.
32259698Sdim */
33259698Sdim
34259698Sdim#include "krb5_locl.h"
35259698Sdim
36259698SdimRCSID("$Id: auth_context.c,v 1.58 2002/08/15 08:23:07 joda Exp $");
37259698Sdim
38259698Sdimkrb5_error_code
39259698Sdimkrb5_auth_con_init(krb5_context context,
40259698Sdim		   krb5_auth_context *auth_context)
41259698Sdim{
42259698Sdim    krb5_auth_context p;
43259698Sdim
44259698Sdim    ALLOC(p, 1);
45259698Sdim    if(!p) {
46259698Sdim	krb5_set_error_string(context, "malloc: out of memory");
47259698Sdim	return ENOMEM;
48259698Sdim    }
49259698Sdim    memset(p, 0, sizeof(*p));
50259698Sdim    ALLOC(p->authenticator, 1);
51259698Sdim    if (!p->authenticator) {
52259698Sdim	krb5_set_error_string(context, "malloc: out of memory");
53259698Sdim	free(p);
54259698Sdim	return ENOMEM;
55259698Sdim    }
56259698Sdim    memset (p->authenticator, 0, sizeof(*p->authenticator));
57259698Sdim    p->flags = KRB5_AUTH_CONTEXT_DO_TIME;
58259698Sdim
59259698Sdim    p->local_address  = NULL;
60259698Sdim    p->remote_address = NULL;
61259698Sdim    p->local_port     = 0;
62259698Sdim    p->remote_port    = 0;
63259698Sdim    p->keytype        = KEYTYPE_NULL;
64259698Sdim    p->cksumtype      = CKSUMTYPE_NONE;
65259698Sdim    *auth_context     = p;
66259698Sdim    return 0;
67259698Sdim}
68259698Sdim
69259698Sdimkrb5_error_code
70259698Sdimkrb5_auth_con_free(krb5_context context,
71259698Sdim		   krb5_auth_context auth_context)
72259698Sdim{
73259698Sdim    if (auth_context != NULL) {
74259698Sdim	krb5_free_authenticator(context, &auth_context->authenticator);
75259698Sdim	if(auth_context->local_address){
76259698Sdim	    free_HostAddress(auth_context->local_address);
77259698Sdim	    free(auth_context->local_address);
78259698Sdim	}
79259698Sdim	if(auth_context->remote_address){
80259698Sdim	    free_HostAddress(auth_context->remote_address);
81259698Sdim	    free(auth_context->remote_address);
82259698Sdim	}
83259698Sdim	krb5_free_keyblock(context, auth_context->keyblock);
84259698Sdim	krb5_free_keyblock(context, auth_context->remote_subkey);
85259698Sdim	krb5_free_keyblock(context, auth_context->local_subkey);
86259698Sdim	free (auth_context);
87259698Sdim    }
88259698Sdim    return 0;
89259698Sdim}
90259698Sdim
91259698Sdimkrb5_error_code
92259698Sdimkrb5_auth_con_setflags(krb5_context context,
93259698Sdim		       krb5_auth_context auth_context,
94259698Sdim		       int32_t flags)
95259698Sdim{
96259698Sdim    auth_context->flags = flags;
97259698Sdim    return 0;
98259698Sdim}
99259698Sdim
100259698Sdim
101259698Sdimkrb5_error_code
102259698Sdimkrb5_auth_con_getflags(krb5_context context,
103259698Sdim		       krb5_auth_context auth_context,
104259698Sdim		       int32_t *flags)
105259698Sdim{
106259698Sdim    *flags = auth_context->flags;
107259698Sdim    return 0;
108259698Sdim}
109259698Sdim
110259698Sdim
111259698Sdimkrb5_error_code
112259698Sdimkrb5_auth_con_setaddrs(krb5_context context,
113259698Sdim		       krb5_auth_context auth_context,
114259698Sdim		       krb5_address *local_addr,
115259698Sdim		       krb5_address *remote_addr)
116259698Sdim{
117259698Sdim    if (local_addr) {
118	if (auth_context->local_address)
119	    krb5_free_address (context, auth_context->local_address);
120	else
121	    auth_context->local_address = malloc(sizeof(krb5_address));
122	krb5_copy_address(context, local_addr, auth_context->local_address);
123    }
124    if (remote_addr) {
125	if (auth_context->remote_address)
126	    krb5_free_address (context, auth_context->remote_address);
127	else
128	    auth_context->remote_address = malloc(sizeof(krb5_address));
129	krb5_copy_address(context, remote_addr, auth_context->remote_address);
130    }
131    return 0;
132}
133
134krb5_error_code
135krb5_auth_con_genaddrs(krb5_context context,
136		       krb5_auth_context auth_context,
137		       int fd, int flags)
138{
139    krb5_error_code ret;
140    krb5_address local_k_address, remote_k_address;
141    krb5_address *lptr = NULL, *rptr = NULL;
142    struct sockaddr_storage ss_local, ss_remote;
143    struct sockaddr *local  = (struct sockaddr *)&ss_local;
144    struct sockaddr *remote = (struct sockaddr *)&ss_remote;
145    socklen_t len;
146
147    if(flags & KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR) {
148	if (auth_context->local_address == NULL) {
149	    len = sizeof(ss_local);
150	    if(getsockname(fd, local, &len) < 0) {
151		ret = errno;
152		krb5_set_error_string (context, "getsockname: %s",
153				       strerror(ret));
154		goto out;
155	    }
156	    ret = krb5_sockaddr2address (context, local, &local_k_address);
157	    if(ret) goto out;
158	    if(flags & KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR) {
159		krb5_sockaddr2port (context, local, &auth_context->local_port);
160	    } else
161		auth_context->local_port = 0;
162	    lptr = &local_k_address;
163	}
164    }
165    if(flags & KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR) {
166	len = sizeof(ss_remote);
167	if(getpeername(fd, remote, &len) < 0) {
168	    ret = errno;
169	    krb5_set_error_string (context, "getpeername: %s", strerror(ret));
170	    goto out;
171	}
172	ret = krb5_sockaddr2address (context, remote, &remote_k_address);
173	if(ret) goto out;
174	if(flags & KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR) {
175	    krb5_sockaddr2port (context, remote, &auth_context->remote_port);
176	} else
177	    auth_context->remote_port = 0;
178	rptr = &remote_k_address;
179    }
180    ret = krb5_auth_con_setaddrs (context,
181				  auth_context,
182				  lptr,
183				  rptr);
184  out:
185    if (lptr)
186	krb5_free_address (context, lptr);
187    if (rptr)
188	krb5_free_address (context, rptr);
189    return ret;
190
191}
192
193krb5_error_code
194krb5_auth_con_setaddrs_from_fd (krb5_context context,
195				krb5_auth_context auth_context,
196				void *p_fd)
197{
198    int fd = *(int*)p_fd;
199    int flags = 0;
200    if(auth_context->local_address == NULL)
201	flags |= KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR;
202    if(auth_context->remote_address == NULL)
203	flags |= KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR;
204    return krb5_auth_con_genaddrs(context, auth_context, fd, flags);
205}
206
207krb5_error_code
208krb5_auth_con_getaddrs(krb5_context context,
209		       krb5_auth_context auth_context,
210		       krb5_address **local_addr,
211		       krb5_address **remote_addr)
212{
213    if(*local_addr)
214	krb5_free_address (context, *local_addr);
215    *local_addr = malloc (sizeof(**local_addr));
216    if (*local_addr == NULL) {
217	krb5_set_error_string(context, "malloc: out of memory");
218	return ENOMEM;
219    }
220    krb5_copy_address(context,
221		      auth_context->local_address,
222		      *local_addr);
223
224    if(*remote_addr)
225	krb5_free_address (context, *remote_addr);
226    *remote_addr = malloc (sizeof(**remote_addr));
227    if (*remote_addr == NULL) {
228	krb5_set_error_string(context, "malloc: out of memory");
229	krb5_free_address (context, *local_addr);
230	*local_addr = NULL;
231	return ENOMEM;
232    }
233    krb5_copy_address(context,
234		      auth_context->remote_address,
235		      *remote_addr);
236    return 0;
237}
238
239static krb5_error_code
240copy_key(krb5_context context,
241	 krb5_keyblock *in,
242	 krb5_keyblock **out)
243{
244    if(in)
245	return krb5_copy_keyblock(context, in, out);
246    *out = NULL; /* is this right? */
247    return 0;
248}
249
250krb5_error_code
251krb5_auth_con_getkey(krb5_context context,
252		     krb5_auth_context auth_context,
253		     krb5_keyblock **keyblock)
254{
255    return copy_key(context, auth_context->keyblock, keyblock);
256}
257
258krb5_error_code
259krb5_auth_con_getlocalsubkey(krb5_context context,
260			     krb5_auth_context auth_context,
261			     krb5_keyblock **keyblock)
262{
263    return copy_key(context, auth_context->local_subkey, keyblock);
264}
265
266krb5_error_code
267krb5_auth_con_getremotesubkey(krb5_context context,
268			      krb5_auth_context auth_context,
269			      krb5_keyblock **keyblock)
270{
271    return copy_key(context, auth_context->remote_subkey, keyblock);
272}
273
274krb5_error_code
275krb5_auth_con_setkey(krb5_context context,
276		     krb5_auth_context auth_context,
277		     krb5_keyblock *keyblock)
278{
279    if(auth_context->keyblock)
280	krb5_free_keyblock(context, auth_context->keyblock);
281    return copy_key(context, keyblock, &auth_context->keyblock);
282}
283
284krb5_error_code
285krb5_auth_con_setlocalsubkey(krb5_context context,
286			     krb5_auth_context auth_context,
287			     krb5_keyblock *keyblock)
288{
289    if(auth_context->local_subkey)
290	krb5_free_keyblock(context, auth_context->local_subkey);
291    return copy_key(context, keyblock, &auth_context->local_subkey);
292}
293
294krb5_error_code
295krb5_auth_con_setremotesubkey(krb5_context context,
296			      krb5_auth_context auth_context,
297			      krb5_keyblock *keyblock)
298{
299    if(auth_context->remote_subkey)
300	krb5_free_keyblock(context, auth_context->remote_subkey);
301    return copy_key(context, keyblock, &auth_context->remote_subkey);
302}
303
304krb5_error_code
305krb5_auth_con_setcksumtype(krb5_context context,
306			   krb5_auth_context auth_context,
307			   krb5_cksumtype cksumtype)
308{
309    auth_context->cksumtype = cksumtype;
310    return 0;
311}
312
313krb5_error_code
314krb5_auth_con_getcksumtype(krb5_context context,
315			   krb5_auth_context auth_context,
316			   krb5_cksumtype *cksumtype)
317{
318    *cksumtype = auth_context->cksumtype;
319    return 0;
320}
321
322krb5_error_code
323krb5_auth_con_setkeytype (krb5_context context,
324			  krb5_auth_context auth_context,
325			  krb5_keytype keytype)
326{
327    auth_context->keytype = keytype;
328    return 0;
329}
330
331krb5_error_code
332krb5_auth_con_getkeytype (krb5_context context,
333			  krb5_auth_context auth_context,
334			  krb5_keytype *keytype)
335{
336    *keytype = auth_context->keytype;
337    return 0;
338}
339
340#if 0
341krb5_error_code
342krb5_auth_con_setenctype(krb5_context context,
343			 krb5_auth_context auth_context,
344			 krb5_enctype etype)
345{
346    if(auth_context->keyblock)
347	krb5_free_keyblock(context, auth_context->keyblock);
348    ALLOC(auth_context->keyblock, 1);
349    if(auth_context->keyblock == NULL)
350	return ENOMEM;
351    auth_context->keyblock->keytype = etype;
352    return 0;
353}
354
355krb5_error_code
356krb5_auth_con_getenctype(krb5_context context,
357			 krb5_auth_context auth_context,
358			 krb5_enctype *etype)
359{
360    krb5_abortx(context, "unimplemented krb5_auth_getenctype called");
361}
362#endif
363
364krb5_error_code
365krb5_auth_con_getlocalseqnumber(krb5_context context,
366			    krb5_auth_context auth_context,
367			    int32_t *seqnumber)
368{
369  *seqnumber = auth_context->local_seqnumber;
370  return 0;
371}
372
373krb5_error_code
374krb5_auth_con_setlocalseqnumber (krb5_context context,
375			     krb5_auth_context auth_context,
376			     int32_t seqnumber)
377{
378  auth_context->local_seqnumber = seqnumber;
379  return 0;
380}
381
382krb5_error_code
383krb5_auth_getremoteseqnumber(krb5_context context,
384			     krb5_auth_context auth_context,
385			     int32_t *seqnumber)
386{
387  *seqnumber = auth_context->remote_seqnumber;
388  return 0;
389}
390
391krb5_error_code
392krb5_auth_con_setremoteseqnumber (krb5_context context,
393			      krb5_auth_context auth_context,
394			      int32_t seqnumber)
395{
396  auth_context->remote_seqnumber = seqnumber;
397  return 0;
398}
399
400
401krb5_error_code
402krb5_auth_con_getauthenticator(krb5_context context,
403			   krb5_auth_context auth_context,
404			   krb5_authenticator *authenticator)
405{
406    *authenticator = malloc(sizeof(**authenticator));
407    if (*authenticator == NULL) {
408	krb5_set_error_string(context, "malloc: out of memory");
409	return ENOMEM;
410    }
411
412    copy_Authenticator(auth_context->authenticator,
413		       *authenticator);
414    return 0;
415}
416
417
418void
419krb5_free_authenticator(krb5_context context,
420			krb5_authenticator *authenticator)
421{
422    free_Authenticator (*authenticator);
423    free (*authenticator);
424    *authenticator = NULL;
425}
426
427
428krb5_error_code
429krb5_auth_con_setuserkey(krb5_context context,
430			 krb5_auth_context auth_context,
431			 krb5_keyblock *keyblock)
432{
433    if(auth_context->keyblock)
434	krb5_free_keyblock(context, auth_context->keyblock);
435    return krb5_copy_keyblock(context, keyblock, &auth_context->keyblock);
436}
437
438krb5_error_code
439krb5_auth_con_getrcache(krb5_context context,
440			krb5_auth_context auth_context,
441			krb5_rcache *rcache)
442{
443    *rcache = auth_context->rcache;
444    return 0;
445}
446
447krb5_error_code
448krb5_auth_con_setrcache(krb5_context context,
449			krb5_auth_context auth_context,
450			krb5_rcache rcache)
451{
452    auth_context->rcache = rcache;
453    return 0;
454}
455
456#if 0 /* not implemented */
457
458krb5_error_code
459krb5_auth_con_initivector(krb5_context context,
460			  krb5_auth_context auth_context)
461{
462    krb5_abortx(context, "unimplemented krb5_auth_con_initivector called");
463}
464
465
466krb5_error_code
467krb5_auth_con_setivector(krb5_context context,
468			 krb5_auth_context auth_context,
469			 krb5_pointer ivector)
470{
471    krb5_abortx(context, "unimplemented krb5_auth_con_setivector called");
472}
473
474#endif /* not implemented */
475