2
* Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan
3
* (Royal Institute of Technology, Stockholm, Sweden).
6
* Redistribution and use in source and binary forms, with or without
7
* modification, are permitted provided that the following conditions
10
* 1. Redistributions of source code must retain the above copyright
11
* notice, this list of conditions and the following disclaimer.
13
* 2. Redistributions in binary form must reproduce the above copyright
14
* notice, this list of conditions and the following disclaimer in the
15
* documentation and/or other materials provided with the distribution.
17
* 3. Neither the name of the Institute nor the names of its contributors
18
* may be used to endorse or promote products derived from this software
19
* without specific prior written permission.
21
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34
#include "krb5_locl.h"
39
struct PAC_INFO_BUFFER {
49
struct PAC_INFO_BUFFER buffers[1];
52
struct krb5_pac_data {
55
struct PAC_INFO_BUFFER *server_checksum;
56
struct PAC_INFO_BUFFER *privsvr_checksum;
57
struct PAC_INFO_BUFFER *logon_name;
60
#define PAC_ALIGNMENT 8
62
#define PACTYPE_SIZE 8
63
#define PAC_INFO_BUFFER_SIZE 16
65
#define PAC_SERVER_CHECKSUM 6
66
#define PAC_PRIVSVR_CHECKSUM 7
67
#define PAC_LOGON_NAME 10
68
#define PAC_CONSTRAINED_DELEGATION 11
70
#define CHECK(r,f,l) \
72
if (((r) = f ) != 0) { \
73
krb5_clear_error_message(context); \
78
static const char zeros[PAC_ALIGNMENT] = { 0 };
85
krb5_pac_parse(krb5_context context, const void *ptr, size_t len,
90
krb5_storage *sp = NULL;
91
uint32_t i, tmp, tmp2, header_end;
93
p = calloc(1, sizeof(*p));
96
krb5_set_error_message(context, ret, N_("malloc: out of memory", ""));
100
sp = krb5_storage_from_readonly_mem(ptr, len);
103
krb5_set_error_message(context, ret, N_("malloc: out of memory", ""));
106
krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
108
CHECK(ret, krb5_ret_uint32(sp, &tmp), out);
109
CHECK(ret, krb5_ret_uint32(sp, &tmp2), out);
111
ret = EINVAL; /* Too few buffers */
112
krb5_set_error_message(context, ret, N_("PAC have too few buffer", ""));
116
ret = EINVAL; /* Wrong version */
117
krb5_set_error_message(context, ret,
118
N_("PAC have wrong version %d", ""),
124
sizeof(*p->pac) + (sizeof(p->pac->buffers[0]) * (tmp - 1)));
125
if (p->pac == NULL) {
127
krb5_set_error_message(context, ret, N_("malloc: out of memory", ""));
131
p->pac->numbuffers = tmp;
132
p->pac->version = tmp2;
134
header_end = PACTYPE_SIZE + (PAC_INFO_BUFFER_SIZE * p->pac->numbuffers);
135
if (header_end > len) {
140
for (i = 0; i < p->pac->numbuffers; i++) {
141
CHECK(ret, krb5_ret_uint32(sp, &p->pac->buffers[i].type), out);
142
CHECK(ret, krb5_ret_uint32(sp, &p->pac->buffers[i].buffersize), out);
143
CHECK(ret, krb5_ret_uint32(sp, &p->pac->buffers[i].offset_lo), out);
144
CHECK(ret, krb5_ret_uint32(sp, &p->pac->buffers[i].offset_hi), out);
146
/* consistency checks */
147
if (p->pac->buffers[i].offset_lo & (PAC_ALIGNMENT - 1)) {
149
krb5_set_error_message(context, ret,
150
N_("PAC out of allignment", ""));
153
if (p->pac->buffers[i].offset_hi) {
155
krb5_set_error_message(context, ret,
156
N_("PAC high offset set", ""));
159
if (p->pac->buffers[i].offset_lo > len) {
161
krb5_set_error_message(context, ret,
162
N_("PAC offset off end", ""));
165
if (p->pac->buffers[i].offset_lo < header_end) {
167
krb5_set_error_message(context, ret,
168
N_("PAC offset inside header: %lu %lu", ""),
169
(unsigned long)p->pac->buffers[i].offset_lo,
170
(unsigned long)header_end);
173
if (p->pac->buffers[i].buffersize > len - p->pac->buffers[i].offset_lo){
175
krb5_set_error_message(context, ret, N_("PAC length off end", ""));
179
/* let save pointer to data we need later */
180
if (p->pac->buffers[i].type == PAC_SERVER_CHECKSUM) {
181
if (p->server_checksum) {
183
krb5_set_error_message(context, ret,
184
N_("PAC have two server checksums", ""));
187
p->server_checksum = &p->pac->buffers[i];
188
} else if (p->pac->buffers[i].type == PAC_PRIVSVR_CHECKSUM) {
189
if (p->privsvr_checksum) {
191
krb5_set_error_message(context, ret,
192
N_("PAC have two KDC checksums", ""));
195
p->privsvr_checksum = &p->pac->buffers[i];
196
} else if (p->pac->buffers[i].type == PAC_LOGON_NAME) {
199
krb5_set_error_message(context, ret,
200
N_("PAC have two logon names", ""));
203
p->logon_name = &p->pac->buffers[i];
207
ret = krb5_data_copy(&p->data, ptr, len);
211
krb5_storage_free(sp);
218
krb5_storage_free(sp);
230
krb5_pac_init(krb5_context context, krb5_pac *pac)
235
p = calloc(1, sizeof(*p));
237
krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
241
p->pac = calloc(1, sizeof(*p->pac));
242
if (p->pac == NULL) {
244
krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
248
ret = krb5_data_alloc(&p->data, PACTYPE_SIZE);
252
krb5_set_error_message(context, ret, N_("malloc: out of memory", ""));
262
krb5_pac_add_buffer(krb5_context context, krb5_pac p,
263
uint32_t type, const krb5_data *data)
267
size_t len, offset, header_end, old_end;
270
len = p->pac->numbuffers;
272
ptr = realloc(p->pac,
273
sizeof(*p->pac) + (sizeof(p->pac->buffers[0]) * len));
275
krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
280
for (i = 0; i < len; i++)
281
p->pac->buffers[i].offset_lo += PAC_INFO_BUFFER_SIZE;
283
offset = p->data.length + PAC_INFO_BUFFER_SIZE;
285
p->pac->buffers[len].type = type;
286
p->pac->buffers[len].buffersize = data->length;
287
p->pac->buffers[len].offset_lo = offset;
288
p->pac->buffers[len].offset_hi = 0;
290
old_end = p->data.length;
291
len = p->data.length + data->length + PAC_INFO_BUFFER_SIZE;
292
if (len < p->data.length) {
293
krb5_set_error_message(context, EINVAL, "integer overrun");
297
/* align to PAC_ALIGNMENT */
298
len = ((len + PAC_ALIGNMENT - 1) / PAC_ALIGNMENT) * PAC_ALIGNMENT;
300
ret = krb5_data_realloc(&p->data, len);
302
krb5_set_error_message(context, ret, N_("malloc: out of memory", ""));
307
* make place for new PAC INFO BUFFER header
309
header_end = PACTYPE_SIZE + (PAC_INFO_BUFFER_SIZE * p->pac->numbuffers);
310
memmove((unsigned char *)p->data.data + header_end + PAC_INFO_BUFFER_SIZE,
311
(unsigned char *)p->data.data + header_end ,
312
old_end - header_end);
313
memset((unsigned char *)p->data.data + header_end, 0, PAC_INFO_BUFFER_SIZE);
316
* copy in new data part
319
memcpy((unsigned char *)p->data.data + offset,
320
data->data, data->length);
321
memset((unsigned char *)p->data.data + offset + data->length,
322
0, p->data.length - offset - data->length);
324
p->pac->numbuffers += 1;
330
* Get the PAC buffer of specific type from the pac.
332
* @param context Kerberos 5 context.
333
* @param p the pac structure returned by krb5_pac_parse().
334
* @param type type of buffer to get
335
* @param data return data, free with krb5_data_free().
337
* @return Returns 0 to indicate success. Otherwise an kerberos et
338
* error code is returned, see krb5_get_error_message().
344
krb5_pac_get_buffer(krb5_context context, krb5_pac p,
345
uint32_t type, krb5_data *data)
350
for (i = 0; i < p->pac->numbuffers; i++) {
351
const size_t len = p->pac->buffers[i].buffersize;
352
const size_t offset = p->pac->buffers[i].offset_lo;
354
if (p->pac->buffers[i].type != type)
357
ret = krb5_data_copy(data, (unsigned char *)p->data.data + offset, len);
359
krb5_set_error_message(context, ret, N_("malloc: out of memory", ""));
364
krb5_set_error_message(context, ENOENT, "No PAC buffer of type %lu was found",
365
(unsigned long)type);
374
krb5_pac_get_types(krb5_context context,
381
*types = calloc(p->pac->numbuffers, sizeof(*types));
382
if (*types == NULL) {
384
krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
387
for (i = 0; i < p->pac->numbuffers; i++)
388
(*types)[i] = p->pac->buffers[i].type;
389
*len = p->pac->numbuffers;
399
krb5_pac_free(krb5_context context, krb5_pac pac)
401
krb5_data_free(&pac->data);
410
static krb5_error_code
411
verify_checksum(krb5_context context,
412
const struct PAC_INFO_BUFFER *sig,
413
const krb5_data *data,
414
void *ptr, size_t len,
415
const krb5_keyblock *key)
417
krb5_crypto crypto = NULL;
418
krb5_storage *sp = NULL;
423
memset(&cksum, 0, sizeof(cksum));
425
sp = krb5_storage_from_mem((char *)data->data + sig->offset_lo,
428
krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
431
krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
433
CHECK(ret, krb5_ret_uint32(sp, &type), out);
434
cksum.cksumtype = type;
435
cksum.checksum.length =
436
sig->buffersize - krb5_storage_seek(sp, 0, SEEK_CUR);
437
cksum.checksum.data = malloc(cksum.checksum.length);
438
if (cksum.checksum.data == NULL) {
440
krb5_set_error_message(context, ret, N_("malloc: out of memory", ""));
443
ret = krb5_storage_read(sp, cksum.checksum.data, cksum.checksum.length);
444
if (ret != cksum.checksum.length) {
446
krb5_set_error_message(context, ret, "PAC checksum missing checksum");
450
if (!krb5_checksum_is_keyed(context, cksum.cksumtype)) {
452
krb5_set_error_message(context, ret, "Checksum type %d not keyed",
457
ret = krb5_crypto_init(context, key, 0, &crypto);
461
ret = krb5_verify_checksum(context, crypto, KRB5_KU_OTHER_CKSUM,
463
free(cksum.checksum.data);
464
krb5_crypto_destroy(context, crypto);
465
krb5_storage_free(sp);
470
if (cksum.checksum.data)
471
free(cksum.checksum.data);
473
krb5_storage_free(sp);
475
krb5_crypto_destroy(context, crypto);
479
static krb5_error_code
480
create_checksum(krb5_context context,
481
const krb5_keyblock *key,
482
void *data, size_t datalen,
483
void *sig, size_t siglen)
485
krb5_crypto crypto = NULL;
489
ret = krb5_crypto_init(context, key, 0, &crypto);
493
ret = krb5_create_checksum(context, crypto, KRB5_KU_OTHER_CKSUM, 0,
494
data, datalen, &cksum);
495
krb5_crypto_destroy(context, crypto);
499
if (cksum.checksum.length != siglen) {
500
krb5_set_error_message(context, EINVAL, "pac checksum wrong length");
501
free_Checksum(&cksum);
505
memcpy(sig, cksum.checksum.data, siglen);
506
free_Checksum(&cksum);
516
#define NTTIME_EPOCH 0x019DB1DED53E8000LL
519
unix2nttime(time_t unix_time)
522
wt = unix_time * (uint64_t)10000000 + (uint64_t)NTTIME_EPOCH;
526
static krb5_error_code
527
verify_logonname(krb5_context context,
528
const struct PAC_INFO_BUFFER *logon_name,
529
const krb5_data *data,
531
krb5_const_principal principal)
535
uint32_t time1, time2;
540
sp = krb5_storage_from_readonly_mem((const char *)data->data + logon_name->offset_lo,
541
logon_name->buffersize);
543
krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
547
krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
549
CHECK(ret, krb5_ret_uint32(sp, &time1), out);
550
CHECK(ret, krb5_ret_uint32(sp, &time2), out);
554
t1 = unix2nttime(authtime);
555
t2 = ((uint64_t)time2 << 32) | time1;
557
krb5_storage_free(sp);
558
krb5_set_error_message(context, EINVAL, "PAC timestamp mismatch");
562
CHECK(ret, krb5_ret_uint16(sp, &len), out);
564
krb5_storage_free(sp);
565
krb5_set_error_message(context, EINVAL, "PAC logon name length missing");
571
krb5_storage_free(sp);
572
krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
575
ret = krb5_storage_read(sp, s, len);
577
krb5_storage_free(sp);
578
krb5_set_error_message(context, EINVAL, "Failed to read PAC logon name");
581
krb5_storage_free(sp);
583
size_t ucs2len = len / 2;
586
unsigned int flags = WIND_RW_LE;
588
ucs2 = malloc(sizeof(ucs2[0]) * ucs2len);
590
krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
593
ret = wind_ucs2read(s, len, &flags, ucs2, &ucs2len);
597
krb5_set_error_message(context, ret, "Failed to convert string to UCS-2");
600
ret = wind_ucs2utf8_length(ucs2, ucs2len, &u8len);
603
krb5_set_error_message(context, ret, "Failed to count length of UCS-2 string");
606
u8len += 1; /* Add space for NUL */
610
krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
613
ret = wind_ucs2utf8(ucs2, ucs2len, s, &u8len);
616
krb5_set_error_message(context, ret, "Failed to convert to UTF-8");
620
ret = krb5_parse_name_flags(context, s, KRB5_PRINCIPAL_PARSE_NO_REALM, &p2);
625
if (krb5_principal_compare_any_realm(context, principal, p2) != TRUE) {
627
krb5_set_error_message(context, ret, "PAC logon name mismatch");
629
krb5_free_principal(context, p2);
639
static krb5_error_code
640
build_logon_name(krb5_context context,
642
krb5_const_principal principal,
651
t = unix2nttime(authtime);
653
krb5_data_zero(logon);
655
sp = krb5_storage_emem();
657
krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
660
krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
662
CHECK(ret, krb5_store_uint32(sp, t & 0xffffffff), out);
663
CHECK(ret, krb5_store_uint32(sp, t >> 32), out);
665
ret = krb5_unparse_name_flags(context, principal,
666
KRB5_PRINCIPAL_UNPARSE_NO_REALM, &s);
672
CHECK(ret, krb5_store_uint16(sp, len * 2), out);
674
#if 1 /* cheat for now */
675
s2 = malloc(len * 2);
681
for (i = 0; i < len; i++) {
687
/* write libwind code here */
690
ret = krb5_storage_write(sp, s2, len * 2);
692
if (ret != len * 2) {
696
ret = krb5_storage_to_data(sp, logon);
699
krb5_storage_free(sp);
703
krb5_storage_free(sp);
711
* @param context Kerberos 5 context.
712
* @param pac the pac structure returned by krb5_pac_parse().
713
* @param authtime The time of the ticket the PAC belongs to.
714
* @param principal the principal to verify.
715
* @param server The service key, most always be given.
716
* @param privsvr The KDC key, may be given.
718
* @return Returns 0 to indicate success. Otherwise an kerberos et
719
* error code is returned, see krb5_get_error_message().
725
krb5_pac_verify(krb5_context context,
728
krb5_const_principal principal,
729
const krb5_keyblock *server,
730
const krb5_keyblock *privsvr)
734
if (pac->server_checksum == NULL) {
735
krb5_set_error_message(context, EINVAL, "PAC missing server checksum");
738
if (pac->privsvr_checksum == NULL) {
739
krb5_set_error_message(context, EINVAL, "PAC missing kdc checksum");
742
if (pac->logon_name == NULL) {
743
krb5_set_error_message(context, EINVAL, "PAC missing logon name");
747
ret = verify_logonname(context,
756
* in the service case, clean out data option of the privsvr and
757
* server checksum before checking the checksum.
762
ret = krb5_copy_data(context, &pac->data, ©);
766
if (pac->server_checksum->buffersize < 4)
768
if (pac->privsvr_checksum->buffersize < 4)
771
memset((char *)copy->data + pac->server_checksum->offset_lo + 4,
773
pac->server_checksum->buffersize - 4);
775
memset((char *)copy->data + pac->privsvr_checksum->offset_lo + 4,
777
pac->privsvr_checksum->buffersize - 4);
779
ret = verify_checksum(context,
780
pac->server_checksum,
785
krb5_free_data(context, copy);
790
/* The priv checksum covers the server checksum */
791
ret = verify_checksum(context,
792
pac->privsvr_checksum,
794
(char *)pac->data.data
795
+ pac->server_checksum->offset_lo + 4,
796
pac->server_checksum->buffersize - 4,
809
static krb5_error_code
810
fill_zeros(krb5_context context, krb5_storage *sp, size_t len)
817
if (l > sizeof(zeros))
819
sret = krb5_storage_write(sp, zeros, l);
821
krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
829
static krb5_error_code
830
pac_checksum(krb5_context context,
831
const krb5_keyblock *key,
835
krb5_cksumtype cktype;
837
krb5_crypto crypto = NULL;
839
ret = krb5_crypto_init(context, key, 0, &crypto);
843
ret = krb5_crypto_get_checksum_type(context, crypto, &cktype);
844
krb5_crypto_destroy(context, crypto);
848
if (krb5_checksum_is_keyed(context, cktype) == FALSE) {
849
krb5_set_error_message(context, EINVAL, "PAC checksum type is not keyed");
853
ret = krb5_checksumsize(context, cktype, cksumsize);
857
*cksumtype = (uint32_t)cktype;
863
_krb5_pac_sign(krb5_context context,
866
krb5_principal principal,
867
const krb5_keyblock *server_key,
868
const krb5_keyblock *priv_key,
872
krb5_storage *sp = NULL, *spdata = NULL;
874
size_t server_size, priv_size;
875
uint32_t server_offset = 0, priv_offset = 0;
876
uint32_t server_cksumtype = 0, priv_cksumtype = 0;
880
krb5_data_zero(&logon);
882
if (p->logon_name == NULL)
884
if (p->server_checksum == NULL)
886
if (p->privsvr_checksum == NULL)
892
ptr = realloc(p->pac, sizeof(*p->pac) + (sizeof(p->pac->buffers[0]) * (p->pac->numbuffers + num - 1)));
894
krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
899
if (p->logon_name == NULL) {
900
p->logon_name = &p->pac->buffers[p->pac->numbuffers++];
901
memset(p->logon_name, 0, sizeof(*p->logon_name));
902
p->logon_name->type = PAC_LOGON_NAME;
904
if (p->server_checksum == NULL) {
905
p->server_checksum = &p->pac->buffers[p->pac->numbuffers++];
906
memset(p->server_checksum, 0, sizeof(*p->server_checksum));
907
p->server_checksum->type = PAC_SERVER_CHECKSUM;
909
if (p->privsvr_checksum == NULL) {
910
p->privsvr_checksum = &p->pac->buffers[p->pac->numbuffers++];
911
memset(p->privsvr_checksum, 0, sizeof(*p->privsvr_checksum));
912
p->privsvr_checksum->type = PAC_PRIVSVR_CHECKSUM;
916
/* Calculate LOGON NAME */
917
ret = build_logon_name(context, authtime, principal, &logon);
921
/* Set lengths for checksum */
922
ret = pac_checksum(context, server_key, &server_cksumtype, &server_size);
925
ret = pac_checksum(context, priv_key, &priv_cksumtype, &priv_size);
930
sp = krb5_storage_emem();
932
krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
935
krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
937
spdata = krb5_storage_emem();
938
if (spdata == NULL) {
939
krb5_storage_free(sp);
940
krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
943
krb5_storage_set_flags(spdata, KRB5_STORAGE_BYTEORDER_LE);
945
CHECK(ret, krb5_store_uint32(sp, p->pac->numbuffers), out);
946
CHECK(ret, krb5_store_uint32(sp, p->pac->version), out);
948
end = PACTYPE_SIZE + (PAC_INFO_BUFFER_SIZE * p->pac->numbuffers);
950
for (i = 0; i < p->pac->numbuffers; i++) {
957
if (p->pac->buffers[i].type == PAC_SERVER_CHECKSUM) {
958
len = server_size + 4;
959
server_offset = end + 4;
960
CHECK(ret, krb5_store_uint32(spdata, server_cksumtype), out);
961
CHECK(ret, fill_zeros(context, spdata, server_size), out);
962
} else if (p->pac->buffers[i].type == PAC_PRIVSVR_CHECKSUM) {
964
priv_offset = end + 4;
965
CHECK(ret, krb5_store_uint32(spdata, priv_cksumtype), out);
966
CHECK(ret, fill_zeros(context, spdata, priv_size), out);
967
} else if (p->pac->buffers[i].type == PAC_LOGON_NAME) {
968
len = krb5_storage_write(spdata, logon.data, logon.length);
969
if (logon.length != len) {
974
len = p->pac->buffers[i].buffersize;
975
ptr = (char *)p->data.data + p->pac->buffers[i].offset_lo;
977
sret = krb5_storage_write(spdata, ptr, len);
980
krb5_set_error_message(context, ret, N_("malloc: out of memory", ""));
983
/* XXX if not aligned, fill_zeros */
987
CHECK(ret, krb5_store_uint32(sp, p->pac->buffers[i].type), out);
988
CHECK(ret, krb5_store_uint32(sp, len), out);
989
CHECK(ret, krb5_store_uint32(sp, end), out);
990
CHECK(ret, krb5_store_uint32(sp, 0), out);
992
/* advance data endpointer and align */
997
e = ((end + PAC_ALIGNMENT - 1) / PAC_ALIGNMENT) * PAC_ALIGNMENT;
999
CHECK(ret, fill_zeros(context, spdata, e - end), out);
1006
/* assert (server_offset != 0 && priv_offset != 0); */
1009
ret = krb5_storage_to_data(spdata, &d);
1011
krb5_set_error_message(context, ret, N_("malloc: out of memory", ""));
1014
ret = krb5_storage_write(sp, d.data, d.length);
1015
if (ret != d.length) {
1018
krb5_set_error_message(context, ret, N_("malloc: out of memory", ""));
1023
ret = krb5_storage_to_data(sp, &d);
1025
krb5_set_error_message(context, ret, N_("malloc: out of memory", ""));
1031
ret = create_checksum(context, server_key,
1033
(char *)d.data + server_offset, server_size);
1039
ret = create_checksum(context, priv_key,
1040
(char *)d.data + server_offset, server_size,
1041
(char *)d.data + priv_offset, priv_size);
1050
krb5_data_free(&logon);
1051
krb5_storage_free(sp);
1052
krb5_storage_free(spdata);
1056
krb5_data_free(&logon);
1058
krb5_storage_free(sp);
1060
krb5_storage_free(spdata);