2 * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include "krb5_locl.h"
37 struct PAC_INFO_BUFFER
{
47 struct PAC_INFO_BUFFER buffers
[1];
50 struct krb5_pac_data
{
53 struct PAC_INFO_BUFFER
*server_checksum
;
54 struct PAC_INFO_BUFFER
*privsvr_checksum
;
55 struct PAC_INFO_BUFFER
*logon_name
;
58 #define PAC_ALIGNMENT 8
60 #define PACTYPE_SIZE 8
61 #define PAC_INFO_BUFFER_SIZE 16
63 #define PAC_SERVER_CHECKSUM 6
64 #define PAC_PRIVSVR_CHECKSUM 7
65 #define PAC_LOGON_NAME 10
66 #define PAC_CONSTRAINED_DELEGATION 11
68 #define CHECK(r,f,l) \
70 if (((r) = f ) != 0) { \
71 krb5_clear_error_message(context); \
76 static const char zeros
[PAC_ALIGNMENT
] = { 0 };
83 krb5_pac_parse(krb5_context context
, const void *ptr
, size_t len
,
88 krb5_storage
*sp
= NULL
;
89 uint32_t i
, tmp
, tmp2
, header_end
;
91 p
= calloc(1, sizeof(*p
));
94 krb5_set_error_message(context
, ret
, N_("malloc: out of memory", ""));
98 sp
= krb5_storage_from_readonly_mem(ptr
, len
);
101 krb5_set_error_message(context
, ret
, N_("malloc: out of memory", ""));
104 krb5_storage_set_flags(sp
, KRB5_STORAGE_BYTEORDER_LE
);
106 CHECK(ret
, krb5_ret_uint32(sp
, &tmp
), out
);
107 CHECK(ret
, krb5_ret_uint32(sp
, &tmp2
), out
);
109 ret
= EINVAL
; /* Too few buffers */
110 krb5_set_error_message(context
, ret
, N_("PAC have too few buffer", ""));
114 ret
= EINVAL
; /* Wrong version */
115 krb5_set_error_message(context
, ret
,
116 N_("PAC have wrong version %d", ""),
122 sizeof(*p
->pac
) + (sizeof(p
->pac
->buffers
[0]) * (tmp
- 1)));
123 if (p
->pac
== NULL
) {
125 krb5_set_error_message(context
, ret
, N_("malloc: out of memory", ""));
129 p
->pac
->numbuffers
= tmp
;
130 p
->pac
->version
= tmp2
;
132 header_end
= PACTYPE_SIZE
+ (PAC_INFO_BUFFER_SIZE
* p
->pac
->numbuffers
);
133 if (header_end
> len
) {
138 for (i
= 0; i
< p
->pac
->numbuffers
; i
++) {
139 CHECK(ret
, krb5_ret_uint32(sp
, &p
->pac
->buffers
[i
].type
), out
);
140 CHECK(ret
, krb5_ret_uint32(sp
, &p
->pac
->buffers
[i
].buffersize
), out
);
141 CHECK(ret
, krb5_ret_uint32(sp
, &p
->pac
->buffers
[i
].offset_lo
), out
);
142 CHECK(ret
, krb5_ret_uint32(sp
, &p
->pac
->buffers
[i
].offset_hi
), out
);
144 /* consistency checks */
145 if (p
->pac
->buffers
[i
].offset_lo
& (PAC_ALIGNMENT
- 1)) {
147 krb5_set_error_message(context
, ret
,
148 N_("PAC out of allignment", ""));
151 if (p
->pac
->buffers
[i
].offset_hi
) {
153 krb5_set_error_message(context
, ret
,
154 N_("PAC high offset set", ""));
157 if (p
->pac
->buffers
[i
].offset_lo
> len
) {
159 krb5_set_error_message(context
, ret
,
160 N_("PAC offset off end", ""));
163 if (p
->pac
->buffers
[i
].offset_lo
< header_end
) {
165 krb5_set_error_message(context
, ret
,
166 N_("PAC offset inside header: %lu %lu", ""),
167 (unsigned long)p
->pac
->buffers
[i
].offset_lo
,
168 (unsigned long)header_end
);
171 if (p
->pac
->buffers
[i
].buffersize
> len
- p
->pac
->buffers
[i
].offset_lo
){
173 krb5_set_error_message(context
, ret
, N_("PAC length off end", ""));
177 /* let save pointer to data we need later */
178 if (p
->pac
->buffers
[i
].type
== PAC_SERVER_CHECKSUM
) {
179 if (p
->server_checksum
) {
181 krb5_set_error_message(context
, ret
,
182 N_("PAC have two server checksums", ""));
185 p
->server_checksum
= &p
->pac
->buffers
[i
];
186 } else if (p
->pac
->buffers
[i
].type
== PAC_PRIVSVR_CHECKSUM
) {
187 if (p
->privsvr_checksum
) {
189 krb5_set_error_message(context
, ret
,
190 N_("PAC have two KDC checksums", ""));
193 p
->privsvr_checksum
= &p
->pac
->buffers
[i
];
194 } else if (p
->pac
->buffers
[i
].type
== PAC_LOGON_NAME
) {
197 krb5_set_error_message(context
, ret
,
198 N_("PAC have two logon names", ""));
201 p
->logon_name
= &p
->pac
->buffers
[i
];
205 ret
= krb5_data_copy(&p
->data
, ptr
, len
);
209 krb5_storage_free(sp
);
216 krb5_storage_free(sp
);
228 krb5_pac_init(krb5_context context
, krb5_pac
*pac
)
233 p
= calloc(1, sizeof(*p
));
235 krb5_set_error_message(context
, ENOMEM
, N_("malloc: out of memory", ""));
239 p
->pac
= calloc(1, sizeof(*p
->pac
));
240 if (p
->pac
== NULL
) {
242 krb5_set_error_message(context
, ENOMEM
, N_("malloc: out of memory", ""));
246 ret
= krb5_data_alloc(&p
->data
, PACTYPE_SIZE
);
250 krb5_set_error_message(context
, ret
, N_("malloc: out of memory", ""));
260 krb5_pac_add_buffer(krb5_context context
, krb5_pac p
,
261 uint32_t type
, const krb5_data
*data
)
265 size_t len
, offset
, header_end
, old_end
;
268 len
= p
->pac
->numbuffers
;
270 ptr
= realloc(p
->pac
,
271 sizeof(*p
->pac
) + (sizeof(p
->pac
->buffers
[0]) * len
));
273 krb5_set_error_message(context
, ENOMEM
, N_("malloc: out of memory", ""));
278 for (i
= 0; i
< len
; i
++)
279 p
->pac
->buffers
[i
].offset_lo
+= PAC_INFO_BUFFER_SIZE
;
281 offset
= p
->data
.length
+ PAC_INFO_BUFFER_SIZE
;
283 p
->pac
->buffers
[len
].type
= type
;
284 p
->pac
->buffers
[len
].buffersize
= data
->length
;
285 p
->pac
->buffers
[len
].offset_lo
= offset
;
286 p
->pac
->buffers
[len
].offset_hi
= 0;
288 old_end
= p
->data
.length
;
289 len
= p
->data
.length
+ data
->length
+ PAC_INFO_BUFFER_SIZE
;
290 if (len
< p
->data
.length
) {
291 krb5_set_error_message(context
, EINVAL
, "integer overrun");
295 /* align to PAC_ALIGNMENT */
296 len
= ((len
+ PAC_ALIGNMENT
- 1) / PAC_ALIGNMENT
) * PAC_ALIGNMENT
;
298 ret
= krb5_data_realloc(&p
->data
, len
);
300 krb5_set_error_message(context
, ret
, N_("malloc: out of memory", ""));
305 * make place for new PAC INFO BUFFER header
307 header_end
= PACTYPE_SIZE
+ (PAC_INFO_BUFFER_SIZE
* p
->pac
->numbuffers
);
308 memmove((unsigned char *)p
->data
.data
+ header_end
+ PAC_INFO_BUFFER_SIZE
,
309 (unsigned char *)p
->data
.data
+ header_end
,
310 old_end
- header_end
);
311 memset((unsigned char *)p
->data
.data
+ header_end
, 0, PAC_INFO_BUFFER_SIZE
);
314 * copy in new data part
317 memcpy((unsigned char *)p
->data
.data
+ offset
,
318 data
->data
, data
->length
);
319 memset((unsigned char *)p
->data
.data
+ offset
+ data
->length
,
320 0, p
->data
.length
- offset
- data
->length
);
322 p
->pac
->numbuffers
+= 1;
328 * Get the PAC buffer of specific type from the pac.
330 * @param context Kerberos 5 context.
331 * @param p the pac structure returned by krb5_pac_parse().
332 * @param type type of buffer to get
333 * @param data return data, free with krb5_data_free().
335 * @return Returns 0 to indicate success. Otherwise an kerberos et
336 * error code is returned, see krb5_get_error_message().
342 krb5_pac_get_buffer(krb5_context context
, krb5_pac p
,
343 uint32_t type
, krb5_data
*data
)
348 for (i
= 0; i
< p
->pac
->numbuffers
; i
++) {
349 const size_t len
= p
->pac
->buffers
[i
].buffersize
;
350 const size_t offset
= p
->pac
->buffers
[i
].offset_lo
;
352 if (p
->pac
->buffers
[i
].type
!= type
)
355 ret
= krb5_data_copy(data
, (unsigned char *)p
->data
.data
+ offset
, len
);
357 krb5_set_error_message(context
, ret
, N_("malloc: out of memory", ""));
362 krb5_set_error_message(context
, ENOENT
, "No PAC buffer of type %lu was found",
363 (unsigned long)type
);
372 krb5_pac_get_types(krb5_context context
,
379 *types
= calloc(p
->pac
->numbuffers
, sizeof(*types
));
380 if (*types
== NULL
) {
382 krb5_set_error_message(context
, ENOMEM
, N_("malloc: out of memory", ""));
385 for (i
= 0; i
< p
->pac
->numbuffers
; i
++)
386 (*types
)[i
] = p
->pac
->buffers
[i
].type
;
387 *len
= p
->pac
->numbuffers
;
397 krb5_pac_free(krb5_context context
, krb5_pac pac
)
399 krb5_data_free(&pac
->data
);
408 static krb5_error_code
409 verify_checksum(krb5_context context
,
410 const struct PAC_INFO_BUFFER
*sig
,
411 const krb5_data
*data
,
412 void *ptr
, size_t len
,
413 const krb5_keyblock
*key
)
415 krb5_storage
*sp
= NULL
;
420 memset(&cksum
, 0, sizeof(cksum
));
422 sp
= krb5_storage_from_mem((char *)data
->data
+ sig
->offset_lo
,
425 krb5_set_error_message(context
, ENOMEM
, N_("malloc: out of memory", ""));
428 krb5_storage_set_flags(sp
, KRB5_STORAGE_BYTEORDER_LE
);
430 CHECK(ret
, krb5_ret_uint32(sp
, &type
), out
);
431 cksum
.cksumtype
= type
;
432 cksum
.checksum
.length
=
433 sig
->buffersize
- krb5_storage_seek(sp
, 0, SEEK_CUR
);
434 cksum
.checksum
.data
= malloc(cksum
.checksum
.length
);
435 if (cksum
.checksum
.data
== NULL
) {
437 krb5_set_error_message(context
, ret
, N_("malloc: out of memory", ""));
440 ret
= krb5_storage_read(sp
, cksum
.checksum
.data
, cksum
.checksum
.length
);
441 if (ret
!= cksum
.checksum
.length
) {
443 krb5_set_error_message(context
, ret
, "PAC checksum missing checksum");
447 if (!krb5_checksum_is_keyed(context
, cksum
.cksumtype
)) {
449 krb5_set_error_message(context
, ret
, "Checksum type %d not keyed",
454 /* If the checksum is HMAC-MD5, the checksum type is not tied to
455 * the key type, instead the HMAC-MD5 checksum is applied blindly
456 * on whatever key is used for this connection, avoiding issues
457 * with unkeyed checksums on des-cbc-md5 and des-cbc-crc. See
458 * http://comments.gmane.org/gmane.comp.encryption.kerberos.devel/8743
459 * for the same issue in MIT, and
460 * http://blogs.msdn.com/b/openspecification/archive/2010/01/01/verifying-the-server-signature-in-kerberos-privilege-account-certificate.aspx
461 * for Microsoft's explaination */
462 if (cksum
.cksumtype
== CKSUMTYPE_HMAC_MD5
) {
463 Checksum local_checksum
;
465 ret
= HMAC_MD5_any_checksum(context
, key
, ptr
, len
, KRB5_KU_OTHER_CKSUM
, &local_checksum
);
467 if(local_checksum
.checksum
.length
!= cksum
.checksum
.length
||
468 ct_memcmp(local_checksum
.checksum
.data
, cksum
.checksum
.data
, local_checksum
.checksum
.length
)) {
469 ret
= KRB5KRB_AP_ERR_BAD_INTEGRITY
;
470 krb5_set_error_message(context
, ret
,
471 N_("PAC integrity check failed for hmac-md5 checksum", ""));
475 krb5_data_free(&local_checksum
.checksum
);
477 krb5_crypto crypto
= NULL
;
479 ret
= krb5_crypto_init(context
, key
, 0, &crypto
);
483 ret
= krb5_verify_checksum(context
, crypto
, KRB5_KU_OTHER_CKSUM
,
485 krb5_crypto_destroy(context
, crypto
);
487 free(cksum
.checksum
.data
);
488 krb5_storage_free(sp
);
493 if (cksum
.checksum
.data
)
494 free(cksum
.checksum
.data
);
496 krb5_storage_free(sp
);
500 static krb5_error_code
501 create_checksum(krb5_context context
,
502 const krb5_keyblock
*key
,
504 void *data
, size_t datalen
,
505 void *sig
, size_t siglen
)
507 krb5_crypto crypto
= NULL
;
511 /* If the checksum is HMAC-MD5, the checksum type is not tied to
512 * the key type, instead the HMAC-MD5 checksum is applied blindly
513 * on whatever key is used for this connection, avoiding issues
514 * with unkeyed checksums on des-cbc-md5 and des-cbc-crc. See
515 * http://comments.gmane.org/gmane.comp.encryption.kerberos.devel/8743
516 * for the same issue in MIT, and
517 * http://blogs.msdn.com/b/openspecification/archive/2010/01/01/verifying-the-server-signature-in-kerberos-privilege-account-certificate.aspx
518 * for Microsoft's explaination */
519 if (cksumtype
== CKSUMTYPE_HMAC_MD5
) {
520 ret
= HMAC_MD5_any_checksum(context
, key
, data
, datalen
, KRB5_KU_OTHER_CKSUM
, &cksum
);
522 ret
= krb5_crypto_init(context
, key
, 0, &crypto
);
526 ret
= krb5_create_checksum(context
, crypto
, KRB5_KU_OTHER_CKSUM
, 0,
527 data
, datalen
, &cksum
);
528 krb5_crypto_destroy(context
, crypto
);
532 if (cksum
.checksum
.length
!= siglen
) {
533 krb5_set_error_message(context
, EINVAL
, "pac checksum wrong length");
534 free_Checksum(&cksum
);
538 memcpy(sig
, cksum
.checksum
.data
, siglen
);
539 free_Checksum(&cksum
);
549 #define NTTIME_EPOCH 0x019DB1DED53E8000LL
552 unix2nttime(time_t unix_time
)
555 wt
= unix_time
* (uint64_t)10000000 + (uint64_t)NTTIME_EPOCH
;
559 static krb5_error_code
560 verify_logonname(krb5_context context
,
561 const struct PAC_INFO_BUFFER
*logon_name
,
562 const krb5_data
*data
,
564 krb5_const_principal principal
)
568 uint32_t time1
, time2
;
573 sp
= krb5_storage_from_readonly_mem((const char *)data
->data
+ logon_name
->offset_lo
,
574 logon_name
->buffersize
);
576 krb5_set_error_message(context
, ENOMEM
, N_("malloc: out of memory", ""));
580 krb5_storage_set_flags(sp
, KRB5_STORAGE_BYTEORDER_LE
);
582 CHECK(ret
, krb5_ret_uint32(sp
, &time1
), out
);
583 CHECK(ret
, krb5_ret_uint32(sp
, &time2
), out
);
587 t1
= unix2nttime(authtime
);
588 t2
= ((uint64_t)time2
<< 32) | time1
;
590 krb5_storage_free(sp
);
591 krb5_set_error_message(context
, EINVAL
, "PAC timestamp mismatch");
595 CHECK(ret
, krb5_ret_uint16(sp
, &len
), out
);
597 krb5_storage_free(sp
);
598 krb5_set_error_message(context
, EINVAL
, "PAC logon name length missing");
604 krb5_storage_free(sp
);
605 krb5_set_error_message(context
, ENOMEM
, N_("malloc: out of memory", ""));
608 ret
= krb5_storage_read(sp
, s
, len
);
610 krb5_storage_free(sp
);
611 krb5_set_error_message(context
, EINVAL
, "Failed to read PAC logon name");
614 krb5_storage_free(sp
);
616 size_t ucs2len
= len
/ 2;
619 unsigned int flags
= WIND_RW_LE
;
621 ucs2
= malloc(sizeof(ucs2
[0]) * ucs2len
);
623 krb5_set_error_message(context
, ENOMEM
, N_("malloc: out of memory", ""));
626 ret
= wind_ucs2read(s
, len
, &flags
, ucs2
, &ucs2len
);
630 krb5_set_error_message(context
, ret
, "Failed to convert string to UCS-2");
633 ret
= wind_ucs2utf8_length(ucs2
, ucs2len
, &u8len
);
636 krb5_set_error_message(context
, ret
, "Failed to count length of UCS-2 string");
639 u8len
+= 1; /* Add space for NUL */
643 krb5_set_error_message(context
, ENOMEM
, N_("malloc: out of memory", ""));
646 ret
= wind_ucs2utf8(ucs2
, ucs2len
, s
, &u8len
);
650 krb5_set_error_message(context
, ret
, "Failed to convert to UTF-8");
654 ret
= krb5_parse_name_flags(context
, s
, KRB5_PRINCIPAL_PARSE_NO_REALM
, &p2
);
659 if (krb5_principal_compare_any_realm(context
, principal
, p2
) != TRUE
) {
661 krb5_set_error_message(context
, ret
, "PAC logon name mismatch");
663 krb5_free_principal(context
, p2
);
673 static krb5_error_code
674 build_logon_name(krb5_context context
,
676 krb5_const_principal principal
,
685 t
= unix2nttime(authtime
);
687 krb5_data_zero(logon
);
689 sp
= krb5_storage_emem();
691 krb5_set_error_message(context
, ENOMEM
, N_("malloc: out of memory", ""));
694 krb5_storage_set_flags(sp
, KRB5_STORAGE_BYTEORDER_LE
);
696 CHECK(ret
, krb5_store_uint32(sp
, t
& 0xffffffff), out
);
697 CHECK(ret
, krb5_store_uint32(sp
, t
>> 32), out
);
699 ret
= krb5_unparse_name_flags(context
, principal
,
700 KRB5_PRINCIPAL_UNPARSE_NO_REALM
, &s
);
706 CHECK(ret
, krb5_store_uint16(sp
, len
* 2), out
);
708 #if 1 /* cheat for now */
709 s2
= malloc(len
* 2);
715 for (i
= 0; i
< len
; i
++) {
721 /* write libwind code here */
724 ret
= krb5_storage_write(sp
, s2
, len
* 2);
726 if (ret
!= len
* 2) {
730 ret
= krb5_storage_to_data(sp
, logon
);
733 krb5_storage_free(sp
);
737 krb5_storage_free(sp
);
745 * @param context Kerberos 5 context.
746 * @param pac the pac structure returned by krb5_pac_parse().
747 * @param authtime The time of the ticket the PAC belongs to.
748 * @param principal the principal to verify.
749 * @param server The service key, most always be given.
750 * @param privsvr The KDC key, may be given.
752 * @return Returns 0 to indicate success. Otherwise an kerberos et
753 * error code is returned, see krb5_get_error_message().
759 krb5_pac_verify(krb5_context context
,
762 krb5_const_principal principal
,
763 const krb5_keyblock
*server
,
764 const krb5_keyblock
*privsvr
)
768 if (pac
->server_checksum
== NULL
) {
769 krb5_set_error_message(context
, EINVAL
, "PAC missing server checksum");
772 if (pac
->privsvr_checksum
== NULL
) {
773 krb5_set_error_message(context
, EINVAL
, "PAC missing kdc checksum");
776 if (pac
->logon_name
== NULL
) {
777 krb5_set_error_message(context
, EINVAL
, "PAC missing logon name");
781 ret
= verify_logonname(context
,
790 * in the service case, clean out data option of the privsvr and
791 * server checksum before checking the checksum.
796 ret
= krb5_copy_data(context
, &pac
->data
, ©
);
800 if (pac
->server_checksum
->buffersize
< 4)
802 if (pac
->privsvr_checksum
->buffersize
< 4)
805 memset((char *)copy
->data
+ pac
->server_checksum
->offset_lo
+ 4,
807 pac
->server_checksum
->buffersize
- 4);
809 memset((char *)copy
->data
+ pac
->privsvr_checksum
->offset_lo
+ 4,
811 pac
->privsvr_checksum
->buffersize
- 4);
813 ret
= verify_checksum(context
,
814 pac
->server_checksum
,
819 krb5_free_data(context
, copy
);
824 /* The priv checksum covers the server checksum */
825 ret
= verify_checksum(context
,
826 pac
->privsvr_checksum
,
828 (char *)pac
->data
.data
829 + pac
->server_checksum
->offset_lo
+ 4,
830 pac
->server_checksum
->buffersize
- 4,
843 static krb5_error_code
844 fill_zeros(krb5_context context
, krb5_storage
*sp
, size_t len
)
851 if (l
> sizeof(zeros
))
853 sret
= krb5_storage_write(sp
, zeros
, l
);
855 krb5_set_error_message(context
, ENOMEM
, N_("malloc: out of memory", ""));
863 static krb5_error_code
864 pac_checksum(krb5_context context
,
865 const krb5_keyblock
*key
,
869 krb5_cksumtype cktype
;
871 krb5_crypto crypto
= NULL
;
873 ret
= krb5_crypto_init(context
, key
, 0, &crypto
);
877 ret
= krb5_crypto_get_checksum_type(context
, crypto
, &cktype
);
878 krb5_crypto_destroy(context
, crypto
);
882 if (krb5_checksum_is_keyed(context
, cktype
) == FALSE
) {
883 *cksumtype
= CKSUMTYPE_HMAC_MD5
;
887 ret
= krb5_checksumsize(context
, cktype
, cksumsize
);
891 *cksumtype
= (uint32_t)cktype
;
897 _krb5_pac_sign(krb5_context context
,
900 krb5_principal principal
,
901 const krb5_keyblock
*server_key
,
902 const krb5_keyblock
*priv_key
,
906 krb5_storage
*sp
= NULL
, *spdata
= NULL
;
908 size_t server_size
, priv_size
;
909 uint32_t server_offset
= 0, priv_offset
= 0;
910 uint32_t server_cksumtype
= 0, priv_cksumtype
= 0;
914 krb5_data_zero(&logon
);
916 if (p
->logon_name
== NULL
)
918 if (p
->server_checksum
== NULL
)
920 if (p
->privsvr_checksum
== NULL
)
926 ptr
= realloc(p
->pac
, sizeof(*p
->pac
) + (sizeof(p
->pac
->buffers
[0]) * (p
->pac
->numbuffers
+ num
- 1)));
928 krb5_set_error_message(context
, ENOMEM
, N_("malloc: out of memory", ""));
933 if (p
->logon_name
== NULL
) {
934 p
->logon_name
= &p
->pac
->buffers
[p
->pac
->numbuffers
++];
935 memset(p
->logon_name
, 0, sizeof(*p
->logon_name
));
936 p
->logon_name
->type
= PAC_LOGON_NAME
;
938 if (p
->server_checksum
== NULL
) {
939 p
->server_checksum
= &p
->pac
->buffers
[p
->pac
->numbuffers
++];
940 memset(p
->server_checksum
, 0, sizeof(*p
->server_checksum
));
941 p
->server_checksum
->type
= PAC_SERVER_CHECKSUM
;
943 if (p
->privsvr_checksum
== NULL
) {
944 p
->privsvr_checksum
= &p
->pac
->buffers
[p
->pac
->numbuffers
++];
945 memset(p
->privsvr_checksum
, 0, sizeof(*p
->privsvr_checksum
));
946 p
->privsvr_checksum
->type
= PAC_PRIVSVR_CHECKSUM
;
950 /* Calculate LOGON NAME */
951 ret
= build_logon_name(context
, authtime
, principal
, &logon
);
955 /* Set lengths for checksum */
956 ret
= pac_checksum(context
, server_key
, &server_cksumtype
, &server_size
);
959 ret
= pac_checksum(context
, priv_key
, &priv_cksumtype
, &priv_size
);
964 sp
= krb5_storage_emem();
966 krb5_set_error_message(context
, ENOMEM
, N_("malloc: out of memory", ""));
969 krb5_storage_set_flags(sp
, KRB5_STORAGE_BYTEORDER_LE
);
971 spdata
= krb5_storage_emem();
972 if (spdata
== NULL
) {
973 krb5_storage_free(sp
);
974 krb5_set_error_message(context
, ENOMEM
, N_("malloc: out of memory", ""));
977 krb5_storage_set_flags(spdata
, KRB5_STORAGE_BYTEORDER_LE
);
979 CHECK(ret
, krb5_store_uint32(sp
, p
->pac
->numbuffers
), out
);
980 CHECK(ret
, krb5_store_uint32(sp
, p
->pac
->version
), out
);
982 end
= PACTYPE_SIZE
+ (PAC_INFO_BUFFER_SIZE
* p
->pac
->numbuffers
);
984 for (i
= 0; i
< p
->pac
->numbuffers
; i
++) {
991 if (p
->pac
->buffers
[i
].type
== PAC_SERVER_CHECKSUM
) {
992 len
= server_size
+ 4;
993 server_offset
= end
+ 4;
994 CHECK(ret
, krb5_store_uint32(spdata
, server_cksumtype
), out
);
995 CHECK(ret
, fill_zeros(context
, spdata
, server_size
), out
);
996 } else if (p
->pac
->buffers
[i
].type
== PAC_PRIVSVR_CHECKSUM
) {
998 priv_offset
= end
+ 4;
999 CHECK(ret
, krb5_store_uint32(spdata
, priv_cksumtype
), out
);
1000 CHECK(ret
, fill_zeros(context
, spdata
, priv_size
), out
);
1001 } else if (p
->pac
->buffers
[i
].type
== PAC_LOGON_NAME
) {
1002 len
= krb5_storage_write(spdata
, logon
.data
, logon
.length
);
1003 if (logon
.length
!= len
) {
1008 len
= p
->pac
->buffers
[i
].buffersize
;
1009 ptr
= (char *)p
->data
.data
+ p
->pac
->buffers
[i
].offset_lo
;
1011 sret
= krb5_storage_write(spdata
, ptr
, len
);
1014 krb5_set_error_message(context
, ret
, N_("malloc: out of memory", ""));
1017 /* XXX if not aligned, fill_zeros */
1021 CHECK(ret
, krb5_store_uint32(sp
, p
->pac
->buffers
[i
].type
), out
);
1022 CHECK(ret
, krb5_store_uint32(sp
, len
), out
);
1023 CHECK(ret
, krb5_store_uint32(sp
, end
), out
);
1024 CHECK(ret
, krb5_store_uint32(sp
, 0), out
);
1026 /* advance data endpointer and align */
1031 e
= ((end
+ PAC_ALIGNMENT
- 1) / PAC_ALIGNMENT
) * PAC_ALIGNMENT
;
1033 CHECK(ret
, fill_zeros(context
, spdata
, e
- end
), out
);
1040 /* assert (server_offset != 0 && priv_offset != 0); */
1043 ret
= krb5_storage_to_data(spdata
, &d
);
1045 krb5_set_error_message(context
, ret
, N_("malloc: out of memory", ""));
1048 ret
= krb5_storage_write(sp
, d
.data
, d
.length
);
1049 if (ret
!= d
.length
) {
1052 krb5_set_error_message(context
, ret
, N_("malloc: out of memory", ""));
1057 ret
= krb5_storage_to_data(sp
, &d
);
1059 krb5_set_error_message(context
, ret
, N_("malloc: out of memory", ""));
1064 ret
= create_checksum(context
, server_key
, server_cksumtype
,
1066 (char *)d
.data
+ server_offset
, server_size
);
1071 ret
= create_checksum(context
, priv_key
, priv_cksumtype
,
1072 (char *)d
.data
+ server_offset
, server_size
,
1073 (char *)d
.data
+ priv_offset
, priv_size
);
1082 krb5_data_free(&logon
);
1083 krb5_storage_free(sp
);
1084 krb5_storage_free(spdata
);
1088 krb5_data_free(&logon
);
1090 krb5_storage_free(sp
);
1092 krb5_storage_free(spdata
);