Lines Matching defs:pac
1 /* $NetBSD: pac.c,v 1.4 2023/06/19 21:41:44 christos Exp $ */
53 struct PACTYPE *pac;
81 * HMAC-MD5 checksum over any key (needed for the PAC routines)
127 krb5_set_error_message(context, ret, "PAC has too many buffers");
135 krb5_set_error_message(context, ret, "PAC has too many buffers");
173 krb5_pac *pac)
197 krb5_set_error_message(context, ret, N_("PAC have too few buffer", ""));
203 N_("PAC have wrong version %d", ""),
213 p->pac = calloc(1, header_end);
214 if (p->pac == NULL) {
219 p->pac->numbuffers = tmp;
220 p->pac->version = tmp2;
227 for (i = 0; i < p->pac->numbuffers; i++) {
228 CHECK(ret, krb5_ret_uint32(sp, &p->pac->buffers[i].type), out);
229 CHECK(ret, krb5_ret_uint32(sp, &p->pac->buffers[i].buffersize), out);
230 CHECK(ret, krb5_ret_uint32(sp, &p->pac->buffers[i].offset_lo), out);
231 CHECK(ret, krb5_ret_uint32(sp, &p->pac->buffers[i].offset_hi), out);
234 if (p->pac->buffers[i].offset_lo & (PAC_ALIGNMENT - 1)) {
237 N_("PAC out of allignment", ""));
240 if (p->pac->buffers[i].offset_hi) {
243 N_("PAC high offset set", ""));
246 if (p->pac->buffers[i].offset_lo > len) {
249 N_("PAC offset off end", ""));
252 if (p->pac->buffers[i].offset_lo < header_end) {
255 N_("PAC offset inside header: %lu %lu", ""),
256 (unsigned long)p->pac->buffers[i].offset_lo,
260 if (p->pac->buffers[i].buffersize > len - p->pac->buffers[i].offset_lo){
262 krb5_set_error_message(context, ret, N_("PAC length off end", ""));
267 if (p->pac->buffers[i].type == PAC_SERVER_CHECKSUM) {
271 N_("PAC have two server checksums", ""));
274 p->server_checksum = &p->pac->buffers[i];
275 } else if (p->pac->buffers[i].type == PAC_PRIVSVR_CHECKSUM) {
279 N_("PAC have two KDC checksums", ""));
282 p->privsvr_checksum = &p->pac->buffers[i];
283 } else if (p->pac->buffers[i].type == PAC_LOGON_NAME) {
287 N_("PAC have two logon names", ""));
290 p->logon_name = &p->pac->buffers[i];
300 *pac = p;
307 if (p->pac)
308 free(p->pac);
311 *pac = NULL;
317 krb5_pac_init(krb5_context context, krb5_pac *pac)
327 p->pac = calloc(1, sizeof(*p->pac));
328 if (p->pac == NULL) {
335 free (p->pac);
340 *pac = p;
359 num_buffers = p->pac->numbuffers;
371 ptr = realloc(p->pac, header_end);
375 p->pac = ptr;
378 if (p->pac->buffers[i].offset_lo > UINT32_MAX - PAC_INFO_BUFFER_SIZE) {
384 p->pac->buffers[i].offset_lo += PAC_INFO_BUFFER_SIZE;
394 p->pac->buffers[num_buffers].type = type;
395 p->pac->buffers[num_buffers].buffersize = data->length;
396 p->pac->buffers[num_buffers].offset_lo = offset;
397 p->pac->buffers[num_buffers].offset_hi = 0;
417 * make place for new PAC INFO BUFFER header
434 p->pac->numbuffers += 1;
440 * Get the PAC buffer of specific type from the pac.
443 * @param p the pac structure returned by krb5_pac_parse().
460 for (i = 0; i < p->pac->numbuffers; i++) {
461 const uint32_t len = p->pac->buffers[i].buffersize;
462 const uint32_t offset = p->pac->buffers[i].offset_lo;
464 if (p->pac->buffers[i].type != type)
474 krb5_set_error_message(context, ENOENT, "No PAC buffer of type %lu was found",
491 *types = calloc(p->pac->numbuffers, sizeof(**types));
496 for (i = 0; i < p->pac->numbuffers; i++)
497 (*types)[i] = p->pac->buffers[i].type;
498 *len = p->pac->numbuffers;
508 krb5_pac_free(krb5_context context, krb5_pac pac)
510 krb5_data_free(&pac->data);
511 free(pac->pac);
512 free(pac);
552 krb5_set_error_message(context, ret, "PAC checksum missing checksum");
583 N_("PAC integrity check failed for "
649 krb5_set_error_message(context, EINVAL, "pac checksum wrong length");
705 * When neither the ticket nor the PAC set an explicit authtime,
712 krb5_set_error_message(context, EINVAL, "PAC timestamp mismatch");
719 krb5_set_error_message(context, EINVAL, "PAC logon name length missing");
731 krb5_set_error_message(context, EINVAL, "Failed to read PAC logon name");
784 krb5_set_error_message(context, ret, "PAC logon name [%s] mismatch principal name [%s]",
901 * Verify the PAC.
904 * @param pac the pac structure returned by krb5_pac_parse().
905 * @param authtime The time of the ticket the PAC belongs to.
918 const krb5_pac pac,
926 if (pac->server_checksum == NULL) {
927 krb5_set_error_message(context, EINVAL, "PAC missing server checksum");
930 if (pac->privsvr_checksum == NULL) {
931 krb5_set_error_message(context, EINVAL, "PAC missing kdc checksum");
934 if (pac->logon_name == NULL) {
935 krb5_set_error_message(context, EINVAL, "PAC missing logon name");
940 pac->logon_name,
941 &pac->data,
954 if (pac->server_checksum->buffersize < 4 ||
955 pac->privsvr_checksum->buffersize < 4)
958 ret = krb5_copy_data(context, &pac->data, ©);
962 memset((char *)copy->data + pac->server_checksum->offset_lo + 4,
964 pac->server_checksum->buffersize - 4);
966 memset((char *)copy->data + pac->privsvr_checksum->offset_lo + 4,
968 pac->privsvr_checksum->buffersize - 4);
971 pac->server_checksum,
972 &pac->data,
983 pac->privsvr_checksum,
984 &pac->data,
985 (char *)pac->data.data
986 + pac->server_checksum->offset_lo + 4,
987 pac->server_checksum->buffersize - 4,
1073 for (i = 0; i < p->pac->numbuffers; i++) {
1074 if (p->pac->buffers[i].type == PAC_SERVER_CHECKSUM) {
1076 p->server_checksum = &p->pac->buffers[i];
1078 if (p->server_checksum != &p->pac->buffers[i]) {
1081 N_("PAC have two server checksums", ""));
1084 } else if (p->pac->buffers[i].type == PAC_PRIVSVR_CHECKSUM) {
1086 p->privsvr_checksum = &p->pac->buffers[i];
1088 if (p->privsvr_checksum != &p->pac->buffers[i]) {
1091 N_("PAC have two KDC checksums", ""));
1094 } else if (p->pac->buffers[i].type == PAC_LOGON_NAME) {
1096 p->logon_name = &p->pac->buffers[i];
1098 if (p->logon_name != &p->pac->buffers[i]) {
1101 N_("PAC have two logon names", ""));
1118 if (p->pac->numbuffers > UINT32_MAX - num) {
1123 ret = pac_header_size(context, p->pac->numbuffers + num, &len);
1127 ptr = realloc(p->pac, len);
1131 p->pac = ptr;
1134 p->logon_name = &p->pac->buffers[p->pac->numbuffers++];
1139 p->server_checksum = &p->pac->buffers[p->pac->numbuffers++];
1144 p->privsvr_checksum = &p->pac->buffers[p->pac->numbuffers++];
1163 /* Encode PAC */
1177 CHECK(ret, krb5_store_uint32(sp, p->pac->numbuffers), out);
1178 CHECK(ret, krb5_store_uint32(sp, p->pac->version), out);
1180 ret = pac_header_size(context, p->pac->numbuffers, &end);
1184 for (i = 0; i < p->pac->numbuffers; i++) {
1191 if (p->pac->buffers[i].type == PAC_SERVER_CHECKSUM) {
1206 } else if (p->pac->buffers[i].type == PAC_PRIVSVR_CHECKSUM) {
1221 } else if (p->pac->buffers[i].type == PAC_LOGON_NAME) {
1228 len = p->pac->buffers[i].buffersize;
1229 ptr = (char *)p->data.data + p->pac->buffers[i].offset_lo;
1240 CHECK(ret, krb5_store_uint32(sp, p->pac->buffers[i].type), out);
1270 /* export PAC */
Indexes created Sun Mar 01 05:31:48 UTC 2026