OpenVAS Scanner 23.40.3
openvas-krb5.h File Reference
#include <stdbool.h>
#include <stddef.h>
Include dependency graph for openvas-krb5.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  OKrb5Slice
struct  OKrb5User
struct  OKrb5Target
struct  OKrb5Credential

Macros

#define OPENVAS_KRB5_CACHED   1
#define okrb5_slice_from_str(str)
#define okrb5_set_slice_from_str(slice, str)

Typedefs

typedef struct OKrb5GSSContext OKrb5GSSContext

Enumerations

enum  OKrb5ErrorCode {
  O_KRB5_SUCCESS , O_KRB5_CONF_NOT_FOUND , O_KRB5_CONF_NOT_CREATED , O_KRB5_TMP_CONF_NOT_CREATED ,
  O_KRB5_TMP_CONF_NOT_MOVED , O_KRB5_REALM_NOT_FOUND , O_KRB5_EXPECTED_NULL , O_KRB5_EXPECTED_NOT_NULL ,
  O_KRB5_UNABLE_TO_WRITE , O_KRB5_NOMEM , O_KRB5_ERROR
}

Functions

OKrb5ErrorCode o_krb5_find_kdc (const OKrb5Credential *creds, char **kdc)
OKrb5ErrorCode o_krb5_add_realm (const OKrb5Credential *creds, const char *kdc)
OKrb5ErrorCode o_krb5_gss_session_key_context (struct OKrb5GSSContext *gss_context, struct OKrb5Slice **out)
struct OKrb5GSSContextokrb5_gss_init_context (void)
void okrb5_gss_free_context (struct OKrb5GSSContext *context)
OKrb5ErrorCode o_krb5_gss_prepare_context (const OKrb5Credential *creds, struct OKrb5GSSContext *gss_context)
OKrb5ErrorCode o_krb5_gss_update_context (struct OKrb5GSSContext *gss_context, const struct OKrb5Slice *in_data, struct OKrb5Slice **out_data, bool *more)
char * okrb5_error_code_to_string (const OKrb5ErrorCode code)

Macro Definition Documentation

◆ okrb5_set_slice_from_str

#define okrb5_set_slice_from_str ( slice,
str )
Value:
do \
{ \
slice.data = (void *) str; \
slice.len = str == NULL ? 0 : strlen (str); \
} \
while (0)

Definition at line 86 of file openvas-krb5.h.

86#define okrb5_set_slice_from_str(slice, str) \
87 do \
88 { \
89 slice.data = (void *) str; \
90 slice.len = str == NULL ? 0 : strlen (str); \
91 } \
92 while (0)

Referenced by build_krb5_credential().

◆ okrb5_slice_from_str

#define okrb5_slice_from_str ( str)
Value:
(struct OKrb5Slice) \
{ \
.data = (void *) str, .len = str == NULL ? 0 : strlen (str) \
}
len
uint8_t len
Definition nasl_packet_forgery.c:1

Definition at line 80 of file openvas-krb5.h.

80#define okrb5_slice_from_str(str) \
81 (struct OKrb5Slice) \
82 { \
83 .data = (void *) str, .len = str == NULL ? 0 : strlen (str) \
84 }

◆ OPENVAS_KRB5_CACHED

#define OPENVAS_KRB5_CACHED   1

Definition at line 14 of file openvas-krb5.h.

Typedef Documentation

◆ OKrb5GSSContext

typedef struct OKrb5GSSContext OKrb5GSSContext

Definition at line 94 of file openvas-krb5.h.

Enumeration Type Documentation

◆ OKrb5ErrorCode

enum OKrb5ErrorCode
Enumerator
O_KRB5_SUCCESS 
O_KRB5_CONF_NOT_FOUND 
O_KRB5_CONF_NOT_CREATED 
O_KRB5_TMP_CONF_NOT_CREATED 
O_KRB5_TMP_CONF_NOT_MOVED 
O_KRB5_REALM_NOT_FOUND 
O_KRB5_EXPECTED_NULL 
O_KRB5_EXPECTED_NOT_NULL 
O_KRB5_UNABLE_TO_WRITE 
O_KRB5_NOMEM 
O_KRB5_ERROR 

Definition at line 16 of file openvas-krb5.h.

17{
18 O_KRB5_SUCCESS,
19 // Is returned when the krb5.conf was not found
20 O_KRB5_CONF_NOT_FOUND,
21 O_KRB5_CONF_NOT_CREATED,
22 O_KRB5_TMP_CONF_NOT_CREATED,
23 O_KRB5_TMP_CONF_NOT_MOVED,
24 O_KRB5_REALM_NOT_FOUND,
25 O_KRB5_EXPECTED_NULL,
26 O_KRB5_EXPECTED_NOT_NULL,
27 O_KRB5_UNABLE_TO_WRITE,
28 // can only happen when GFP_ATOMIC is set on the kernel.
29 O_KRB5_NOMEM,
30
31 // Is an transitive error code to indicate an error originating from the
32 // underlying krb5 implementation. It must be last and can not check by equals
33 // operation as each krb5 error return will be added with that number
34 // representation,
35 O_KRB5_ERROR,
36} OKrb5ErrorCode;
OKrb5ErrorCode
OKrb5ErrorCode
Definition openvas-krb5.h:17
O_KRB5_EXPECTED_NULL
@ O_KRB5_EXPECTED_NULL
Definition openvas-krb5.h:25
O_KRB5_SUCCESS
@ O_KRB5_SUCCESS
Definition openvas-krb5.h:18
O_KRB5_EXPECTED_NOT_NULL
@ O_KRB5_EXPECTED_NOT_NULL
Definition openvas-krb5.h:26
O_KRB5_ERROR
@ O_KRB5_ERROR
Definition openvas-krb5.h:35
O_KRB5_UNABLE_TO_WRITE
@ O_KRB5_UNABLE_TO_WRITE
Definition openvas-krb5.h:27
O_KRB5_NOMEM
@ O_KRB5_NOMEM
Definition openvas-krb5.h:29
O_KRB5_CONF_NOT_CREATED
@ O_KRB5_CONF_NOT_CREATED
Definition openvas-krb5.h:21
O_KRB5_REALM_NOT_FOUND
@ O_KRB5_REALM_NOT_FOUND
Definition openvas-krb5.h:24
O_KRB5_TMP_CONF_NOT_MOVED
@ O_KRB5_TMP_CONF_NOT_MOVED
Definition openvas-krb5.h:23
O_KRB5_TMP_CONF_NOT_CREATED
@ O_KRB5_TMP_CONF_NOT_CREATED
Definition openvas-krb5.h:22
O_KRB5_CONF_NOT_FOUND
@ O_KRB5_CONF_NOT_FOUND
Definition openvas-krb5.h:20

Function Documentation

◆ o_krb5_add_realm()

OKrb5ErrorCode o_krb5_add_realm ( const OKrb5Credential * creds,
const char * kdc )

Definition at line 247 of file openvas-krb5.c.

248{
249 OKrb5ErrorCode result = O_KRB5_SUCCESS;
250 FILE *file = NULL, *tmp = NULL;
251 char line[MAX_LINE_LENGTH] = {0};
252 char tmpfn[MAX_LINE_LENGTH] = {0};
253 int state, i;
254 char *cp = (char *) creds->config_path.data;
255
256 if ((file = fopen (cp, "r")) == NULL)
257 {
258 if ((file = fopen (cp, "w")) == NULL)
259 {
260 result = O_KRB5_CONF_NOT_CREATED;
261 goto result;
262 }
263 CHECK_FPRINT (result, file, "[realms]\n");
264 o_krb5_write_realm (file, creds, kdc);
265 goto result;
266 }
267 snprintf (tmpfn, MAX_LINE_LENGTH, "%s.tmp", cp);
268 if ((tmp = fopen (tmpfn, "w")) == NULL)
269 {
270 result = O_KRB5_TMP_CONF_NOT_CREATED;
271 goto result;
272 }
273 state = 0;
274 while (fgets (line, MAX_LINE_LENGTH, file))
275 {
276 fputs (line, tmp);
277 if (state == 0)
278 {
279 SKIP_WS (line, MAX_LINE_LENGTH, 0, i);
280 if (IS_STR_EQUAL (line, MAX_LINE_LENGTH, i, "[realms]", 8) == 1)
281 {
282 o_krb5_write_realm (file, creds, kdc);
283
284 state = 1;
285 }
286 }
287 }
288
289 if (rename (tmpfn, cp) != 0)
290 {
291 result = O_KRB5_TMP_CONF_NOT_MOVED;
292 }
293
294result:
295 if (tmp != NULL)
296 fclose (tmp);
297 if (file != NULL)
298 fclose (file);
299 return result;
300}
IS_STR_EQUAL
#define IS_STR_EQUAL(line, line_len, start, cmp, cmp_len)
Definition openvas-krb5.c:64
CHECK_FPRINT
#define CHECK_FPRINT(result, writer, fmt)
Definition openvas-krb5.c:187
SKIP_WS
#define SKIP_WS(line, line_len, start, i)
Definition openvas-krb5.c:51
MAX_LINE_LENGTH
#define MAX_LINE_LENGTH
Definition openvas-krb5.c:82
o_krb5_write_realm
static OKrb5ErrorCode o_krb5_write_realm(FILE *file, const OKrb5Credential *creds, const char *kdc)
Definition openvas-krb5.c:215
OKrb5Credential::config_path
struct OKrb5Slice config_path
Definition openvas-krb5.h:59
OKrb5Slice::data
void * data
Definition openvas-krb5.h:40

References CHECK_FPRINT, OKrb5Credential::config_path, OKrb5Slice::data, IS_STR_EQUAL, MAX_LINE_LENGTH, O_KRB5_CONF_NOT_CREATED, O_KRB5_SUCCESS, O_KRB5_TMP_CONF_NOT_CREATED, O_KRB5_TMP_CONF_NOT_MOVED, o_krb5_write_realm(), and SKIP_WS.

Referenced by build_krb5_credential(), and nasl_okrb5_add_realm().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ o_krb5_find_kdc()

OKrb5ErrorCode o_krb5_find_kdc ( const OKrb5Credential * creds,
char ** kdc )

Definition at line 85 of file openvas-krb5.c.

86{
87 OKrb5ErrorCode result = O_KRB5_REALM_NOT_FOUND;
88 char line[MAX_LINE_LENGTH];
89 int state = 0;
90 size_t last_element;
91 size_t i, j;
92 FILE *file = NULL;
93
94 // we don't know if we should free it or just override it.
95 // aborting instead.
96 GUARD_NULL (*kdc, result);
97 if ((file = fopen ((char *) creds->config_path.data, "r")) == NULL)
98 {
99 result = O_KRB5_CONF_NOT_FOUND;
100 goto result;
101 }
102
103 while (fgets (line, MAX_LINE_LENGTH, file))
104 {
105 line[strcspn (line, "\n")] = 0;
106 last_element = strlen (line) - 1;
107 SKIP_WS (line, last_element, 0, i);
108 if (line[i] == '[' && line[last_element] == ']')
109 {
110 if (state != 0)
111 {
112 result = O_KRB5_REALM_NOT_FOUND;
113 goto result;
114 }
115 if (IS_STR_EQUAL (line, last_element + 1, i, "[realms]", 8) == 1)
116 {
117 state = 1;
118 }
119 }
120 else
121 {
122 if (line[i] == '}' || line[last_element] == '}')
123 {
124 state = 1;
125 }
126 else if (state == 1)
127 {
128 for (j = i; j <= last_element; j++)
129 {
130 if (line[j] != ((char *) creds->realm.data)[j - i])
131 {
132 state = 2;
133 break;
134 }
135 if (j - i >= creds->realm.len)
136 {
137 break;
138 }
139 }
140 if (j - i == creds->realm.len)
141 {
142 state = 3;
143 }
144 }
145 else if (state == 3)
146 {
147 if (IS_STR_EQUAL (line, last_element + 1, i, "kdc", 3))
148 {
149 SKIP_WS (line, last_element, i + 3, i);
150 if (line[i] == '=')
151 {
152 SKIP_WS (line, last_element, i + 1, i);
153 ALLOCATE_AND_CHECK (*kdc, char, (last_element - i) + 1,
154 result);
155 for (j = i; j <= last_element; j++)
156 {
157 (*kdc)[j - i] = line[j];
158 }
159
160 result = O_KRB5_SUCCESS;
161 goto result;
162 }
163 }
164 }
165 }
166 }
167
168result:
169 if (file != NULL)
170 {
171 fclose (file);
172 }
173 return result;
174}
GUARD_NULL
#define GUARD_NULL(var, return_var)
Definition openvas-krb5.c:17
ALLOCATE_AND_CHECK
#define ALLOCATE_AND_CHECK(var, type, n, return_var)
Definition openvas-krb5.c:39
OKrb5Credential::realm
struct OKrb5Slice realm
Definition openvas-krb5.h:60

References ALLOCATE_AND_CHECK, OKrb5Credential::config_path, OKrb5Slice::data, GUARD_NULL, IS_STR_EQUAL, OKrb5Slice::len, MAX_LINE_LENGTH, O_KRB5_CONF_NOT_FOUND, O_KRB5_REALM_NOT_FOUND, O_KRB5_SUCCESS, OKrb5Credential::realm, and SKIP_WS.

Referenced by build_krb5_credential(), and nasl_okrb5_find_kdc().

Here is the caller graph for this function:

◆ o_krb5_gss_prepare_context()

OKrb5ErrorCode o_krb5_gss_prepare_context ( const OKrb5Credential * creds,
struct OKrb5GSSContext * gss_context )

Definition at line 445 of file openvas-krb5.c.

447{
448 char *target_principal_str = NULL;
449 OKrb5ErrorCode result = O_KRB5_SUCCESS;
450
451 gss_name_t gss_target = GSS_C_NO_NAME;
452 OM_uint32 maj_stat;
453 OM_uint32 min_stat;
454 gss_buffer_desc targetbuf = GSS_C_EMPTY_BUFFER;
455 const struct OKrb5Target *target = &creds->target;
456
457 if (gss_context->gss_creds == GSS_C_NO_CREDENTIAL)
458 {
459 if ((result = okrb5_gss_authenticate (creds, gss_context)))
460 {
461 goto result;
462 }
463 }
464
465 if (target->domain.len != 0)
466 {
467 ALLOCATE_AND_CHECK (target_principal_str, char,
468 target->host_name.len + target->domain.len
469 + target->service.len + creds->realm.len + 4,
470 result);
471 sprintf (target_principal_str, "%s/%s/%s@%s",
472 (char *) target->service.data, (char *) target->host_name.data,
473 (char *) target->domain.data, (char *) creds->realm.data);
474 }
475 else
476 {
477 ALLOCATE_AND_CHECK (target_principal_str, char,
478 target->host_name.len + target->service.len
479 + creds->realm.len + 3,
480 result);
481 sprintf (target_principal_str, "%s/%s@%s", (char *) target->service.data,
482 (char *) target->host_name.data, (char *) creds->realm.data);
483 }
484
485 targetbuf = (gss_buffer_desc){
486 .value = target_principal_str,
487 .length = strlen (target_principal_str),
488 };
489
490 maj_stat = gss_import_name (&min_stat, &targetbuf,
491 // might also be GSS_C_NT_HOSTBASED_SERVICE,
492 // but samba uses GSS_C_NT_USER_NAME
493 GSS_C_NT_USER_NAME, &gss_target);
494 if (maj_stat != GSS_S_COMPLETE)
495 {
496 result = O_KRB5_ERROR + maj_stat;
497 goto result;
498 }
499
500 gss_context->gss_target = gss_target;
501 // gss_set_neg_mechs() already specified that we want gss_mech_krb5
502 // and/or gss_mech_iakerb
503 // so we use spnego to do the negotiation
504 gss_context->gss_mech = gss_mech_spnego;
505 gss_context->gss_want_flags = GSS_C_MUTUAL_FLAG | GSS_C_DELEG_POLICY_FLAG
506 | GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG
507 | GSS_C_INTEG_FLAG | GSS_C_CONF_FLAG;
508 gss_context->gss_got_flags = 0;
509 gss_context->gss_channel_bindings = GSS_C_NO_CHANNEL_BINDINGS;
510 gss_context->gss_time_req = 0;
511 gss_context->gss_time_rec = 0;
512 gss_context->gss_actual_mech_type = NULL;
513result:
514 if (target_principal_str != NULL)
515 free (target_principal_str);
516
517 return result;
518}
free
void free(void *)
gss_mech_spnego
#define gss_mech_spnego
Definition openvas-krb5.c:77
okrb5_gss_authenticate
static OKrb5ErrorCode okrb5_gss_authenticate(const OKrb5Credential *creds, struct OKrb5GSSContext *gss_creds)
Definition openvas-krb5.c:322
OKrb5Credential::target
struct OKrb5Target target
Definition openvas-krb5.h:65
OKrb5GSSContext::gss_want_flags
OM_uint32 gss_want_flags
Definition openvas-krb5.c:313
OKrb5GSSContext::gss_creds
gss_cred_id_t gss_creds
Definition openvas-krb5.c:309
OKrb5GSSContext::gss_target
gss_name_t gss_target
Definition openvas-krb5.c:311
OKrb5GSSContext::gss_channel_bindings
gss_channel_bindings_t gss_channel_bindings
Definition openvas-krb5.c:315
OKrb5GSSContext::gss_time_req
OM_uint32 gss_time_req
Definition openvas-krb5.c:314
OKrb5GSSContext::gss_got_flags
OM_uint32 gss_got_flags
Definition openvas-krb5.c:317
OKrb5GSSContext::gss_time_rec
OM_uint32 gss_time_rec
Definition openvas-krb5.c:318
OKrb5GSSContext::gss_actual_mech_type
gss_OID gss_actual_mech_type
Definition openvas-krb5.c:316
OKrb5Target::service
struct OKrb5Slice service
Definition openvas-krb5.h:53
OKrb5Target::domain
struct OKrb5Slice domain
Definition openvas-krb5.h:54
OKrb5Target::host_name
struct OKrb5Slice host_name
Definition openvas-krb5.h:52

References ALLOCATE_AND_CHECK, OKrb5Slice::data, OKrb5Target::domain, free(), OKrb5GSSContext::gss_actual_mech_type, OKrb5GSSContext::gss_channel_bindings, OKrb5GSSContext::gss_creds, OKrb5GSSContext::gss_got_flags, OKrb5GSSContext::gss_mech, gss_mech_spnego, OKrb5GSSContext::gss_target, OKrb5GSSContext::gss_time_rec, OKrb5GSSContext::gss_time_req, OKrb5GSSContext::gss_want_flags, OKrb5Target::host_name, OKrb5Slice::len, O_KRB5_ERROR, O_KRB5_SUCCESS, okrb5_gss_authenticate(), OKrb5Credential::realm, OKrb5Target::service, and OKrb5Credential::target.

Referenced by nasl_okrb5_gss_prepare_context().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ o_krb5_gss_session_key_context()

OKrb5ErrorCode o_krb5_gss_session_key_context ( struct OKrb5GSSContext * gss_context,
struct OKrb5Slice ** out )

Definition at line 563 of file openvas-krb5.c.

565{
566 OM_uint32 maj_stat;
567 OM_uint32 min_stat;
568 OKrb5ErrorCode result = O_KRB5_SUCCESS;
569 gss_OID_desc gse_sesskey_inq_oid = {
570 GSS_KRB5_INQ_SSPI_SESSION_KEY_OID_LENGTH,
571 (void *) GSS_KRB5_INQ_SSPI_SESSION_KEY_OID,
572 };
573 gss_buffer_set_t set = GSS_C_NO_BUFFER_SET;
574
575 maj_stat = gss_inquire_sec_context_by_oid (&min_stat, gss_context->gss_ctx,
576 &gse_sesskey_inq_oid, &set);
577 if (maj_stat != GSS_S_COMPLETE)
578 {
579 result = O_KRB5_ERROR + maj_stat;
580 goto result;
581 }
582
583 if ((set == GSS_C_NO_BUFFER_SET) || (set->count == 0)
584 || (set->elements[0].length == 0))
585 {
586 result = O_KRB5_ERROR + GSS_S_BAD_SIG;
587 goto result;
588 }
589
590 *out = calloc (1, sizeof (struct OKrb5Slice));
591 (*out)->data = malloc (set->elements[0].length);
592 memcpy ((*out)->data, set->elements[0].value, set->elements[0].length);
593 (*out)->len = set->elements[0].length;
594 gss_release_buffer_set (&min_stat, &set);
595result:
596 return result;
597}
malloc
void * malloc(YYSIZE_T)
GSS_KRB5_INQ_SSPI_SESSION_KEY_OID_LENGTH
#define GSS_KRB5_INQ_SSPI_SESSION_KEY_OID_LENGTH
Definition openvas-krb5.c:70
GSS_KRB5_INQ_SSPI_SESSION_KEY_OID
#define GSS_KRB5_INQ_SSPI_SESSION_KEY_OID
Definition openvas-krb5.c:72
OKrb5GSSContext::gss_ctx
gss_ctx_id_t gss_ctx
Definition openvas-krb5.c:310

References OKrb5GSSContext::gss_ctx, GSS_KRB5_INQ_SSPI_SESSION_KEY_OID, GSS_KRB5_INQ_SSPI_SESSION_KEY_OID_LENGTH, malloc(), O_KRB5_ERROR, and O_KRB5_SUCCESS.

Referenced by nasl_okrb5_gss_session_key_context().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ o_krb5_gss_update_context()

OKrb5ErrorCode o_krb5_gss_update_context ( struct OKrb5GSSContext * gss_context,
const struct OKrb5Slice * in_data,
struct OKrb5Slice ** out_data,
bool * more )

Definition at line 521 of file openvas-krb5.c.

524{
525 OM_uint32 maj_stat;
526 OM_uint32 min_stat;
527 OKrb5ErrorCode result = O_KRB5_SUCCESS;
528 gss_buffer_desc in_buf = {
529 .length = in_data->len,
530 .value = in_data->data,
531 };
532 gss_buffer_desc out_buf = GSS_C_EMPTY_BUFFER;
533
534 maj_stat = gss_init_sec_context (
535 &min_stat, gss_context->gss_creds, &gss_context->gss_ctx,
536 gss_context->gss_target, gss_context->gss_mech, gss_context->gss_want_flags,
537 gss_context->gss_time_req, gss_context->gss_channel_bindings, &in_buf,
538 &gss_context->gss_actual_mech_type, &out_buf, &gss_context->gss_got_flags,
539 &gss_context->gss_time_rec);
540 if (maj_stat != GSS_S_COMPLETE && maj_stat != GSS_S_CONTINUE_NEEDED)
541 {
542 result = O_KRB5_ERROR + maj_stat;
543 goto result;
544 }
545 if ((*out_data = malloc (sizeof (struct OKrb5Slice))) == NULL)
546 {
547 result = O_KRB5_NOMEM;
548 gss_release_buffer (&min_stat, &out_buf);
549 goto result;
550 }
551 // transfers ownership of out_buf.value into out_data->data.
552 // This simplifies the code as we don't have to alloc and check if the system
553 // had sufficient memory and don't have to memcpy.
554 (*out_data)->data = out_buf.value;
555 (*out_data)->len = out_buf.length;
556
557 *more = maj_stat == GSS_S_CONTINUE_NEEDED;
558result:
559 return result;
560}

References OKrb5Slice::data, OKrb5GSSContext::gss_actual_mech_type, OKrb5GSSContext::gss_channel_bindings, OKrb5GSSContext::gss_creds, OKrb5GSSContext::gss_ctx, OKrb5GSSContext::gss_got_flags, OKrb5GSSContext::gss_mech, OKrb5GSSContext::gss_target, OKrb5GSSContext::gss_time_rec, OKrb5GSSContext::gss_time_req, OKrb5GSSContext::gss_want_flags, OKrb5Slice::len, malloc(), O_KRB5_ERROR, O_KRB5_NOMEM, and O_KRB5_SUCCESS.

Referenced by nasl_okrb5_gss_update_context().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ okrb5_error_code_to_string()

char * okrb5_error_code_to_string ( const OKrb5ErrorCode code)

Definition at line 600 of file openvas-krb5.c.

601{
602#define HEAP_STRING(var, s) \
603 do \
604 { \
605 var = calloc (1, strlen (s) + 1); \
606 snprintf (var, strlen (s) + 1, s); \
607 goto result; \
608 } \
609 while (0)
610
611 char *result = NULL;
612 switch (code)
613 {
614 case O_KRB5_SUCCESS:
615 HEAP_STRING (result, "success");
616 case O_KRB5_CONF_NOT_FOUND:
617 HEAP_STRING (result, "krb5.conf not found");
618 case O_KRB5_CONF_NOT_CREATED:
619 HEAP_STRING (result, "krb5.conf not created");
620 case O_KRB5_TMP_CONF_NOT_CREATED:
621 HEAP_STRING (result, "tmp krb5.conf not created");
622 case O_KRB5_TMP_CONF_NOT_MOVED:
623 HEAP_STRING (result, "tmp krb5.conf not moved");
624 case O_KRB5_REALM_NOT_FOUND:
625 HEAP_STRING (result, "realm not found");
626 case O_KRB5_EXPECTED_NULL:
627 HEAP_STRING (result, "expected null");
628 case O_KRB5_EXPECTED_NOT_NULL:
629 HEAP_STRING (result, "expected not null");
630 case O_KRB5_UNABLE_TO_WRITE:
631 HEAP_STRING (result, "unable to write");
632 case O_KRB5_NOMEM:
633 HEAP_STRING (result, "no memory");
634 default:
635 if (code >= O_KRB5_ERROR)
636 {
637 int maj_stat = code - O_KRB5_ERROR;
638 OM_uint32 min_stat;
639 gss_buffer_desc msg;
640 OM_uint32 msg_ctx = 0;
641
642 (void) gss_display_status (&min_stat, maj_stat, GSS_C_GSS_CODE,
643 GSS_C_NULL_OID, &msg_ctx, &msg);
644 // Instead of calling gss_release_buffer, we transfer ownership of
645 // msg.value (a heap-allocated string) directly to result.
646 // The caller is responsible for freeing result later, this conforms
647 // to other values as well.
648 //
649 // msg itself is stack-allocated, but msg.value is dynamically
650 // allocated, so we must not call gss_release_buffer on msg after
651 // ownership transfer.
652 result = msg.value;
653 }
654 else
655 {
656 goto result;
657 }
658 }
659result:
660 return result;
661}
code
#define code
HEAP_STRING
#define HEAP_STRING(var, s)

References code, HEAP_STRING, O_KRB5_CONF_NOT_CREATED, O_KRB5_CONF_NOT_FOUND, O_KRB5_ERROR, O_KRB5_EXPECTED_NOT_NULL, O_KRB5_EXPECTED_NULL, O_KRB5_NOMEM, O_KRB5_REALM_NOT_FOUND, O_KRB5_SUCCESS, O_KRB5_TMP_CONF_NOT_CREATED, O_KRB5_TMP_CONF_NOT_MOVED, and O_KRB5_UNABLE_TO_WRITE.

Referenced by nasl_okrb5_error_code_to_string().

Here is the caller graph for this function:

◆ okrb5_gss_free_context()

void okrb5_gss_free_context ( struct OKrb5GSSContext * context)

Definition at line 405 of file openvas-krb5.c.

406{
407 OM_uint32 min_stat;
408 if (context != NULL)
409 {
410 if (context->gss_creds != GSS_C_NO_CREDENTIAL)
411 {
412 gss_release_cred (&min_stat, &context->gss_creds);
413 }
414 if (context->gss_ctx != GSS_C_NO_CONTEXT)
415 {
416 gss_delete_sec_context (&min_stat, &context->gss_ctx, GSS_C_NO_BUFFER);
417 }
418 if (context->gss_target != GSS_C_NO_NAME)
419 {
420 gss_release_name (&min_stat, &context->gss_target);
421 }
422 if (context->gss_mech != NULL)
423 {
424 gss_release_oid (&min_stat, &context->gss_mech);
425 }
426 if (context->gss_channel_bindings != GSS_C_NO_CHANNEL_BINDINGS)
427 {
428 gss_release_buffer (
429 NULL, &context->gss_channel_bindings->initiator_address);
430 gss_release_buffer (&min_stat,
431 &context->gss_channel_bindings->acceptor_address);
432 gss_release_buffer (&min_stat,
433 &context->gss_channel_bindings->application_data);
434 free (context->gss_channel_bindings);
435 }
436 if (context->gss_actual_mech_type != NULL)
437 {
438 gss_release_oid (&min_stat, &context->gss_actual_mech_type);
439 }
440 free (context);
441 }
442}

References free(), OKrb5GSSContext::gss_actual_mech_type, OKrb5GSSContext::gss_channel_bindings, OKrb5GSSContext::gss_creds, OKrb5GSSContext::gss_ctx, OKrb5GSSContext::gss_mech, and OKrb5GSSContext::gss_target.

Referenced by nasl_okrb5_clean().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ okrb5_gss_init_context()

struct OKrb5GSSContext * okrb5_gss_init_context ( void )

Definition at line 392 of file openvas-krb5.c.

393{
394 struct OKrb5GSSContext *context = calloc (1, sizeof (struct OKrb5GSSContext));
395 if (context == NULL)
396 {
397 return NULL;
398 }
399 context->gss_creds = GSS_C_NO_CREDENTIAL;
400 context->gss_ctx = GSS_C_NO_CONTEXT;
401 return context;
402}

References OKrb5GSSContext::gss_creds, and OKrb5GSSContext::gss_ctx.

Referenced by nasl_okrb5_gss_init(), and nasl_okrb5_gss_prepare_context().

Here is the caller graph for this function: