-
Notifications
You must be signed in to change notification settings - Fork 0
/
k5drv.cpp
143 lines (111 loc) · 3.8 KB
/
k5drv.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
// MIT Licensed, see LICENSE file
// Copyright (c) 2021 Isaac Boukris <[email protected]>
#include <string>
#include <vector>
#include "k5drv.h"
using namespace std;
krb5_error_code
decode_kkdcp_message(krb5_context ctx, const string &msg, vector<uint8_t> &reply)
{
krb5_error_code ret;
vector<uint8_t> in;
krb5_data in_data = {};
krb5_kkdcp_message *pm = NULL;
if (msg.empty())
return 0;
in.assign(msg.begin(), msg.end());
in_data.data = (char *) in.data();
in_data.length = in.size();
ret = decode_krb5_kkdcp_message(&in_data, &pm);
if (ret) {
log_k5err(ctx, "decode_krb5_kkdcp_message", ret);
return ret;
}
if (pm->kerb_message.length < 4 ||
load_32_be(pm->kerb_message.data) != pm->kerb_message.length - 4) {
fprintf(stderr, "decode: invalid KKDCP message");
k5_free_kkdcp_message(NULL, pm);
return -1;
}
reply.assign(pm->kerb_message.data + 4,
pm->kerb_message.data + pm->kerb_message.length);
k5_free_kkdcp_message(NULL, pm);
return 0;
}
krb5_error_code
encode_kkdcp_message(krb5_context ctx, vector<uint8_t> &in_data,
vector<uint8_t> &realm, string &out_data)
{
krb5_error_code ret;
uint32_t msg_len;
krb5_kkdcp_message pm;
krb5_data *encoded_pm = NULL;
if (in_data.size() == 0)
return 0;
store_32_be(in_data.size(), &msg_len);
in_data.insert(in_data.begin(), (uint8_t*)&msg_len, (uint8_t*)&msg_len + 4);
pm.kerb_message.length = in_data.size();
pm.kerb_message.data = (char *) in_data.data();
pm.target_domain.length = realm.size();
pm.target_domain.data = (char *) realm.data();
ret = encode_krb5_kkdcp_message(&pm, &encoded_pm);
if (ret) {
log_k5err(ctx, "encode_krb5_kkdcp_message", ret);
return ret;
}
out_data = string(encoded_pm->data, encoded_pm->length);
krb5_free_data(NULL, encoded_pm);
return 0;
}
krb5_error_code
ccache_to_buffer(string &ccache, string &out_buffer)
{
OM_uint32 maj, min;
OM_uint32 time_rec; // XXX
gss_cred_id_t creds = GSS_C_NO_CREDENTIAL;
gss_key_value_element_desc element = { "ccache", ccache.c_str() };
gss_key_value_set_desc store = { 1, &element };
gss_buffer_desc buffer = GSS_C_EMPTY_BUFFER;
maj = gss_acquire_cred_from(&min, GSS_C_NO_NAME, GSS_C_INDEFINITE,
GSS_C_NO_OID_SET, GSS_C_INITIATE, &store,
&creds, NULL, &time_rec);
if (GSS_ERROR(maj)) {
log_gsserr("gss_acquire_cred_from()", maj, min);
return ENOMEM;
}
maj = gss_export_cred(&min, creds, &buffer);
gss_release_cred(&min, &creds);
if (GSS_ERROR(maj)) {
log_gsserr("gss_export_cred()", maj, min);
return ENOMEM;
}
out_buffer = string((const char *) buffer.value, buffer.length);
gss_release_buffer(&min, &buffer);
return 0;
}
krb5_error_code
buffer_to_ccache(string &in_buffer, string &ccache)
{
OM_uint32 maj, min;
gss_cred_id_t creds = GSS_C_NO_CREDENTIAL;
gss_key_value_element_desc store_elm = { "ccache", ccache.c_str() };
gss_key_value_set_desc store = { 1, &store_elm };
gss_buffer_desc buffer = GSS_C_EMPTY_BUFFER;
vector<uint8_t> data;
data.assign(in_buffer.begin(), in_buffer.end());
buffer.value = (void *) data.data();
buffer.length = data.size();
maj = gss_import_cred(&min, &buffer, &creds);
if (GSS_ERROR(maj)) {
log_gsserr("gss_import_cred()", maj, min);
return ENOMEM;
}
maj = gss_store_cred_into(&min, creds, GSS_C_INITIATE, GSS_C_NO_OID,
1, 1, &store, NULL, NULL);
gss_release_cred(&min, &creds);
if (GSS_ERROR(maj)) {
log_gsserr("gss_store_cred_into()", maj, min);
return ENOMEM;
}
return 0;
}