xref: /freebsd/crypto/krb5/src/kdc/authind.c (revision 7f2fe78b9dd5f51c821d771b63d2e096f6fd49e9) 
1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
2 /* kdc/authind.c - Functions for manipulating authentication indicator lists */
3 /*
4  * Copyright (C) 2015 by the Massachusetts Institute of Technology.
5  * All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  *
11  * * Redistributions of source code must retain the above copyright
12  *   notice, this list of conditions and the following disclaimer.
13  *
14  * * Redistributions in binary form must reproduce the above copyright
15  *   notice, this list of conditions and the following disclaimer in
16  *   the documentation and/or other materials provided with the
17  *   distribution.
18  *
19  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
20  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
21  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
22  * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
23  * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
24  * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
25  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
26  * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
28  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
30  * OF THE POSSIBILITY OF SUCH DAMAGE.
31  */
32 
33 #include "k5-int.h"
34 #include "kdc_util.h"
35 
36 /* Return true if ind matches an entry in indicators. */
37 krb5_boolean
authind_contains(krb5_data * const * indicators,const char * ind)38 authind_contains(krb5_data *const *indicators, const char *ind)
39 {
40     for (; indicators != NULL && *indicators != NULL; indicators++) {
41         if (data_eq_string(**indicators, ind))
42             return TRUE;
43     }
44     return FALSE;
45 }
46 
47 /* Add ind to *indicators, reallocating as necessary. */
48 krb5_error_code
authind_add(krb5_context context,const char * ind,krb5_data *** indicators)49 authind_add(krb5_context context, const char *ind, krb5_data ***indicators)
50 {
51     size_t count;
52     krb5_data **list = *indicators, *dptr, d;
53 
54     /* Count the number of existing indicators and check for duplicates. */
55     for (count = 0; list != NULL && list[count] != NULL; count++) {
56         if (data_eq_string(*list[count], ind))
57             return 0;
58     }
59 
60     /* Allocate space for a new entry. */
61     list = realloc(list, (count + 2) * sizeof(*list));
62     if (list == NULL)
63         return ENOMEM;
64     *indicators = list;
65 
66     /* Add a copy of ind (as a krb5_data object) to the list. */
67     d = string2data((char *)ind);
68     if (krb5_copy_data(context, &d, &dptr) != 0)
69         return ENOMEM;
70     list[count++] = dptr;
71     list[count] = NULL;
72     return 0;
73 }
74 
75 /* Add all auth indicators from authdata to *indicators, reallocating as
76  * necessary.  (Currently does not compress duplicates.) */
77 krb5_error_code
authind_extract(krb5_context context,krb5_authdata ** authdata,krb5_data *** indicators)78 authind_extract(krb5_context context, krb5_authdata **authdata,
79                 krb5_data ***indicators)
80 {
81     krb5_error_code ret;
82     size_t count, scount;
83     krb5_authdata **ind_authdata = NULL, **adp;
84     krb5_data der_indicators, **strings = NULL, **list = *indicators;
85 
86     for (count = 0; list != NULL && list[count] != NULL; count++);
87 
88     ret = krb5_find_authdata(context, authdata, NULL,
89                              KRB5_AUTHDATA_AUTH_INDICATOR, &ind_authdata);
90     if (ret)
91         goto cleanup;
92 
93     for (adp = ind_authdata; adp != NULL && *adp != NULL; adp++) {
94         /* Decode this authdata element into an auth indicator list. */
95         der_indicators = make_data((*adp)->contents, (*adp)->length);
96         ret = decode_utf8_strings(&der_indicators, &strings);
97         if (ret == ENOMEM)
98             goto cleanup;
99         if (ret)
100             continue;
101 
102         /* Count the entries in strings and allocate space in list. */
103         for (scount = 0; strings != NULL && strings[scount] != NULL; scount++);
104         list = realloc(list, (count + scount + 1) * sizeof(*list));
105         if (list == NULL) {
106             ret = ENOMEM;
107             goto cleanup;
108         }
109         *indicators = list;
110 
111         /* Steal the krb5_data pointers from strings and free the array. */
112         memcpy(list + count, strings, scount * sizeof(*strings));
113         count += scount;
114         list[count] = NULL;
115         free(strings);
116         strings = NULL;
117     }
118 
119 cleanup:
120     krb5_free_authdata(context, ind_authdata);
121     k5_free_data_ptr_list(strings);
122     return ret;
123 }
124