2N/A/*
2N/A * CDDL HEADER START
2N/A *
2N/A * The contents of this file are subject to the terms of the
2N/A * Common Development and Distribution License (the "License").
2N/A * You may not use this file except in compliance with the License.
2N/A *
2N/A * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
2N/A * or http://www.opensolaris.org/os/licensing.
2N/A * See the License for the specific language governing permissions
2N/A * and limitations under the License.
2N/A *
2N/A * When distributing Covered Code, include this CDDL HEADER in each
2N/A * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
2N/A * If applicable, add the following below this CDDL HEADER, with the
2N/A * fields enclosed by brackets "[]" replaced with your own identifying
2N/A * information: Portions Copyright [yyyy] [name of copyright owner]
2N/A *
2N/A * CDDL HEADER END
2N/A */
2N/A
2N/A/*
2N/A * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
2N/A */
2N/A
2N/A#include <sys/types.h>
2N/A#include <sys/socket.h>
2N/A#include <netinet/in.h>
2N/A#include <arpa/inet.h>
2N/A#include <libintl.h>
2N/A
2N/A#include "k5-int.h"
2N/A#include "krb5.h"
2N/A#include "kerberos_dtrace.h"
2N/A
2N/A/*
2N/A * Lookup functions for various Kerberos types - errors, encryption types,
2N/A * message types etc. Lookup functions generally take an integer and return a
2N/A * string (pointer to static memory). They cannot fail returning only NULL if
2N/A * the value cannot be found. Types and their string representations were
2N/A * mainly taken from RFC4120 and the mech_krb5 source.
2N/A */
2N/A
2N/Astatic const char *
2N/Ak5_msgtype_lookup(const int type) {
2N/A switch (type) {
2N/A case 10: return ("KRB_AS_REQ(10)");
2N/A case 11: return ("KRB_AS_REP(11)");
2N/A case 12: return ("KRB_TGS_REQ(12)");
2N/A case 13: return ("KRB_TGS_REP(13)");
2N/A case 14: return ("KRB_AP_REQ(14)");
2N/A case 15: return ("KRB_AP_REP(15)");
2N/A case 16: return ("KRB_RESERVED(16)");
2N/A case 17: return ("KRB_RESERVED(17)");
2N/A case 20: return ("KRB_SAFE(20)");
2N/A case 21: return ("KRB_PRIV(21)");
2N/A case 22: return ("KRB_CRED(22)");
2N/A case 30: return ("KRB_ERROR(30)");
2N/A default: return (NULL);
2N/A }
2N/A}
2N/A
2N/Astatic const char *
2N/Ak5_errtype_lookup(const int type) {
2N/A switch (type) {
2N/A case 0: return ("KDC_ERR_NONE(0)");
2N/A case 1: return ("KDC_ERR_NAME_EXP(1)");
2N/A case 2: return ("KDC_ERR_SERVICE_EXP(2)");
2N/A case 3: return ("KDC_ERR_BAD_PVNO(3)");
2N/A case 4: return ("KDC_ERR_C_OLD_MAST_KVNO(4)");
2N/A case 5: return ("KDC_ERR_S_OLD_MAST_KVNO(5)");
2N/A case 6: return ("KDC_ERR_C_PRINCIPAL_UNKNOWN(6)");
2N/A case 7: return ("KDC_ERR_S_PRINCIPAL_UNKNOWN(7)");
2N/A case 8: return ("KDC_ERR_PRINCIPAL_NOT_UNIQUE(8)");
2N/A case 9: return ("KDC_ERR_NULL_KEY(9)");
2N/A case 10: return ("KDC_ERR_CANNOT_POSTDATE(10)");
2N/A case 11: return ("KDC_ERR_NEVER_VALID(11)");
2N/A case 12: return ("KDC_ERR_POLICY(12)");
2N/A case 13: return ("KDC_ERR_BADOPTION(13)");
2N/A case 14: return ("KDC_ERR_ENCTYPE_NOSUPP(14)");
2N/A case 15: return ("KDC_ERR_SUMTYPE_NOSUPP(15)");
2N/A case 16: return ("KDC_ERR_PADATA_TYPE_NOSUPP(16)");
2N/A case 17: return ("KDC_ERR_TRTYPE_NOSUPP(17)");
2N/A case 18: return ("KDC_ERR_CLIENT_REVOKED(18)");
2N/A case 19: return ("KDC_ERR_SERVICE_REVOKED(19)");
2N/A case 20: return ("KDC_ERR_TGT_REVOKED(20)");
2N/A case 21: return ("KDC_ERR_CLIENT_NOTYET(21)");
2N/A case 22: return ("KDC_ERR_SERVICE_NOTYET(22)");
2N/A case 23: return ("KDC_ERR_KEY_EXP(23)");
2N/A case 24: return ("KDC_ERR_PREAUTH_FAILED(24)");
2N/A case 25: return ("KDC_ERR_PREAUTH_REQUIRED(25)");
2N/A case 26: return ("KDC_ERR_SERVER_NOMATCH(26)");
2N/A case 27: return ("KDC_ERR_MUST_USE_USER2USER(27)");
2N/A case 28: return ("KDC_ERR_PATH_NOT_ACCEPTED(28)");
2N/A case 29: return ("KDC_ERR_SVC_UNAVAILABLE(29)");
2N/A case 31: return ("KRB_AP_ERR_BAD_INTEGRITY(31)");
2N/A case 32: return ("KRB_AP_ERR_TKT_EXPIRED(32)");
2N/A case 33: return ("KRB_AP_ERR_TKT_NYV(33)");
2N/A case 34: return ("KRB_AP_ERR_REPEAT(34)");
2N/A case 35: return ("KRB_AP_ERR_NOT_US(35)");
2N/A case 36: return ("KRB_AP_ERR_BADMATCH(36)");
2N/A case 37: return ("KRB_AP_ERR_SKEW(37)");
2N/A case 38: return ("KRB_AP_ERR_BADADDR(38)");
2N/A case 39: return ("KRB_AP_ERR_BADVERSION(39)");
2N/A case 40: return ("KRB_AP_ERR_MSG_TYPE(40)");
2N/A case 41: return ("KRB_AP_ERR_MODIFIED(41)");
2N/A case 42: return ("KRB_AP_ERR_BADORDER(42)");
2N/A case 44: return ("KRB_AP_ERR_BADKEYVER(44)");
2N/A case 45: return ("KRB_AP_ERR_NOKEY(45)");
2N/A case 46: return ("KRB_AP_ERR_MUT_FAIL(46)");
2N/A case 47: return ("KRB_AP_ERR_BADDIRECTION(47)");
2N/A case 48: return ("KRB_AP_ERR_METHOD(48)");
2N/A case 49: return ("KRB_AP_ERR_BADSEQ(49)");
2N/A case 50: return ("KRB_AP_ERR_INAPP_CKSUM(50)");
2N/A case 51: return ("KRB_AP_PATH_NOT_ACCEPTED(51)");
2N/A case 52: return ("KRB_ERR_RESPONSE_TOO_BIG(52)");
2N/A case 60: return ("KRB_ERR_GENERIC(60)");
2N/A case 61: return ("KRB_ERR_FIELD_TOOLONG(61)");
2N/A case 62: return ("KDC_ERR_CLIENT_NOT_TRUSTED(62)");
2N/A case 63: return ("KDC_ERR_KDC_NOT_TRUSTED(63)");
2N/A case 64: return ("KDC_ERR_INVALID_SIG(64)");
2N/A case 65: return ("KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED(65)");
2N/A case 66: return ("KDC_ERR_CERTIFICATE_MISMATCH(66)");
2N/A case 67: return ("KRB_AP_ERR_NO_TGT(67)");
2N/A case 68: return ("KDC_ERR_WRONG_REALM(68)");
2N/A case 69: return ("KRB_AP_ERR_USER_TO_USER_REQUIRED(69)");
2N/A case 70: return ("KDC_ERR_CANT_VERIFY_CERTIFICATE(70)");
2N/A case 71: return ("KDC_ERR_INVALID_CERTIFICATE(71)");
2N/A case 72: return ("KDC_ERR_REVOKED_CERTIFICATE(72)");
2N/A case 73: return ("KDC_ERR_REVOCATION_STATUS_UNKNOWN(73)");
2N/A case 74: return ("KDC_ERR_REVOCATION_STATUS_UNAVAILABLE(74)");
2N/A case 75: return ("KDC_ERR_CLIENT_NAME_MISMATCH(75)");
2N/A case 76: return ("KDC_ERR_KDC_NAME_MISMATCH(76)");
2N/A case 77: return ("KDC_ERR_INCONSISTENT_KEY_PURPOSE(77)");
2N/A case 78: return ("KDC_ERR_DIGEST_IN_CERT_NOT_ACCEPTED(78)");
2N/A case 79: return ("KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED(79)");
2N/A case 80: return (
2N/A "KDC_ERR_DIGEST_IN_SIGNED_DATA_NOT_ACCEPTED(80)");
2N/A case 81: return (
2N/A "KDC_ERR_PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED(81)");
2N/A default: return (NULL);
2N/A }
2N/A}
2N/A
2N/Astatic const char *
2N/Ak5_patype_lookup(const krb5_preauthtype type) {
2N/A switch (type) {
2N/A case 0: return ("NONE(0)");
2N/A case 1: return ("AP_REQ(1)");
2N/A case 2: return ("ENC_TIMESTAMP(2)");
2N/A case 3: return ("PW_SALT(3)");
2N/A case 4: return ("ENC_ENCKEY(4)");
2N/A case 5: return ("ENC_UNIX_TIME(5)");
2N/A case 6: return ("ENC_SANDIA_SECURID(6)");
2N/A case 7: return ("SESAME(7)");
2N/A case 8: return ("OSF_DCE(8)");
2N/A case 9: return ("CYBERSAFE_SECUREID(9)");
2N/A case 10: return ("AFS3_SALT(10)");
2N/A case 11: return ("ETYPE_INFO(11)");
2N/A case 12: return ("SAM_CHALLENGE(12)");
2N/A case 13: return ("SAM_RESPONSE(13)");
2N/A case 14: return ("PK_AS_REQ_OLD(14)");
2N/A case 15: return ("PK_AS_REP_OLD(15)");
2N/A case 16: return ("PK_AS_REQ(16)");
2N/A case 17: return ("PK_AS_REP(17)");
2N/A case 19: return ("PK_ETYPE_INFO2(19)");
2N/A case 25: return ("REFERRAL(25)");
2N/A case 30: return ("SAM_CHALLENGE_2(30)");
2N/A case 31: return ("SAM_RESPONSE_2(31)");
2N/A case 128: return ("PAC_REQUEST(128)");
2N/A case 129: return ("FOR_USER(129)");
2N/A case 130: return ("S4U_X509_USER(130)");
2N/A case 133: return ("FX_COOKIE(133)");
2N/A case 136: return ("FX_FAST(136)");
2N/A case 137: return ("FX_ERROR(137)");
2N/A case 138: return ("ENCRYPTED_CHALLENGE(138)");
2N/A case 147: return ("PKINIT_KX(147)");
2N/A case 149: return ("REQ_ENC_PA_REP(149)");
2N/A default: return (NULL);
2N/A }
2N/A}
2N/A
2N/Astatic const char *
2N/Ak5_etype_lookup(const krb5_enctype type) {
2N/A switch (type) {
2N/A case 0x18 : return ("arcfour-hmac-md5-exp(0x18)");
2N/A case 0x17 : return ("arcfour-hmac-md5(0x17)");
2N/A case 0x12 : return ("aes256-cts-hmac-sha1-96(0x12)");
2N/A case 0x11 : return ("aes128-cts-hmac-sha1-96(0x11)");
2N/A case 0x10 : return ("des3-cbc-sha1(0x10)");
2N/A case 0x8 : return ("des-hmac-sha1(0x8)");
2N/A case 0x6 : return ("des3-cbc-raw(0x6)");
2N/A case 0x5 : return ("des3-cbc-sha(0x5)");
2N/A case 0x4 : return ("des-cbc-raw(0x4)");
2N/A case 0x3 : return ("des-cbc-md5(0x3)");
2N/A case 0x2 : return ("des-cbc-md4(0x2)");
2N/A case 0x1 : return ("des-cbc-crc(0x1)");
2N/A case 0x0 : return ("null(0x0)");
2N/A default: return (NULL);
2N/A }
2N/A}
2N/A
2N/Astatic const char *
2N/Ak5_cktype_lookup(const krb5_cksumtype type) {
2N/A switch (type) {
2N/A case -138 : return ("hmac-md5-arcfour(-138)");
2N/A case 0x8003 : return ("gssapi(0x8003)");
2N/A case 0x10 : return ("hmac-sha1-96-aes256(0x10)");
2N/A case 0xf : return ("hmac-sha1-96-aes128(0xf)");
2N/A case 0xc : return ("hmac-sha1-des3(0xc)");
2N/A case 0x9 : return ("sha(0x9)");
2N/A case 0x8 : return ("md5-des(0x8)");
2N/A case 0x7 : return ("md5(0x7)");
2N/A case 0x4 : return ("des-cbc(0x4)");
2N/A case 0x3 : return ("md4-des(0x3)");
2N/A case 0x2 : return ("md4(0x2)");
2N/A case 0x1 : return ("crc32(0x1)");
2N/A default: return (NULL);
2N/A }
2N/A}
2N/A
2N/Astatic const char *
2N/Ak5_adtype_lookup(const krb5_authdatatype type) {
2N/A switch (type) {
2N/A case 0 : return ("NONE(0)");
2N/A case 1 : return ("AD-IF-RELEVANT(1)");
2N/A case 4 : return ("AD-KDCIssued(4)");
2N/A case 5 : return ("AD-AND-OR(5)");
2N/A case 8 : return ("AD-MANDATORY-FOR-KDC(8)");
2N/A case 9 : return ("AD_INITIAL_VERIFIED_CAS(9)");
2N/A case 64: return ("AD_OSF_DCE(64)");
2N/A case 65: return ("AD_SESAME(65");
2N/A case 71: return ("AD_FX_ARMOR(71)");
2N/A case 128: return ("AD_WIN2K_PAC(128)");
2N/A case 129: return ("AD_ETYPE_NEGOTIATION(129)");
2N/A case 512: return ("AD_SIGNTICKET(512)");
2N/A default: return (NULL);
2N/A }
2N/A}
2N/A
2N/Astatic const char *
2N/Ak5_lrtype_lookup(const krb5_int32 type) {
2N/A switch (type) {
2N/A case 0 : return ("NONE(0)");
2N/A case 1 : return ("ALL_LAST_TGT(1)");
2N/A case -1 : return ("ONE_LAST_TGT(-1)");
2N/A case 2 : return ("ALL_LAST_INITIAL(2)");
2N/A case -2 : return ("ONE_LAST_INITIAL(-2)");
2N/A case 3 : return ("ALL_LAST_TGT_ISSUED(3)");
2N/A case -3 : return ("ONE_LAST_TGT_ISSUED(-3)");
2N/A case 4 : return ("ALL_LAST_RENEWAL(4)");
2N/A case -4 : return ("ONE_LAST_RENEWAL(-4)");
2N/A case 5 : return ("ALL_LAST_REQ(5)");
2N/A case -5 : return ("ONE_LAST_REQ(-5)");
2N/A case 6 : return ("ALL_PW_EXPTIME(6)");
2N/A case -6 : return ("ONE_PW_EXPTIME(-6)");
2N/A case 7 : return ("ALL_ACCT_EXPTIME(7)");
2N/A case -7 : return ("ONE_ACCT_EXPTIME(-7)");
2N/A default: return (NULL);
2N/A }
2N/A}
2N/A
2N/Astatic const char *
2N/Ak5_trtype_lookup(const krb5_int32 type) {
2N/A switch (type) {
2N/A case 0 : return ("(0)");
2N/A case 1 : return ("DOMAIN-X500-COMPRESS(1)");
2N/A default: return (NULL);
2N/A }
2N/A}
2N/A
2N/Astatic const char *
2N/Ak5_flag_lookup(const unsigned int flag) {
2N/A switch (flag) {
2N/A case 0x00000000 : return ("");
2N/A case 0x40000000 : return ("forwardable(1)");
2N/A case 0x20000000 : return ("forwarded(2)");
2N/A case 0x10000000 : return ("proxiable(3)");
2N/A case 0x08000000 : return ("proxy(4)");
2N/A case 0x04000000 : return ("may-postdate(5)");
2N/A case 0x02000000 : return ("postdated(6)");
2N/A case 0x01000000 : return ("invalid(7)");
2N/A case 0x00800000 : return ("renewable(8)");
2N/A case 0x00400000 : return ("initial(9)");
2N/A case 0x00200000 : return ("pre-authent(10)");
2N/A case 0x00100000 : return ("hw-authent(11)");
2N/A case 0x00080000 : return ("transited-policy-checked(12)");
2N/A case 0x00040000 : return ("ok-as-delegate(13)");
2N/A case 0x00010000 : return ("canonicalize(15)");
2N/A case 0x00000020 : return ("disable-transited-check(26)");
2N/A case 0x00000010 : return ("renewable-ok(27)");
2N/A case 0x00000008 : return ("enc-tkt-in-skey(28)");
2N/A case 0x00000002 : return ("renew(30)");
2N/A case 0x00000001 : return ("validate(31)");
2N/A default: return (NULL);
2N/A }
2N/A}
2N/A
2N/A/*
2N/A * *_to_str functions are similar to the *_lookup functions however the returned
2N/A * string must be freed. NULL may be returned due to a memory allocation
2N/A * failure. The *to_str functions return a useful string when a *_lookup
2N/A * function would return NULL.
2N/A */
2N/A
2N/A/*
2N/A * A generic wrapper around *_lookup functions which returns a useful string
2N/A * when a type cannot be found.
2N/A * e.g. "<unknown(999)>"
2N/A * Takes a pointer to a lookup function which returns a string on sucess or NULL
2N/A * if the type cannot be found.
2N/A * Returned value must be freed.
2N/A */
2N/Astatic char *
2N/Ak5_type_to_str(const char *(*lookup)(const int), const int type) {
2N/A char *ret = NULL;
2N/A const char *str = (*lookup)(type);
2N/A
2N/A if (str == NULL)
2N/A (void) asprintf(&ret, "<%s(%d)>",
2N/A dgettext(TEXT_DOMAIN, "unknown"), type);
2N/A else
2N/A ret = strdup(str);
2N/A
2N/A return (ret);
2N/A}
2N/A
2N/A/*
2N/A * Given a NULL terminated array ("arr") build up a string by calling "to_str"
2N/A * for each element of the array. The returned string (like all *_to_str
2N/A * functions) should be freed.
2N/A * Returns NULL on memory allocation failure or empty array.
2N/A */
2N/Astatic char *
2N/Ak5_array_to_str(char *(*to_str)(const void *), const void **arr) {
2N/A char *t, *str = NULL;
2N/A unsigned int i;
2N/A
2N/A if (arr != NULL) {
2N/A for (i = 0; arr[i] != NULL; i++) {
2N/A t = (*to_str)(arr[i]);
2N/A if (t != NULL) {
2N/A if (str == NULL) {
2N/A str = t;
2N/A } else {
2N/A char *tmp;
2N/A (void) asprintf(&tmp, "%s %s", str, t);
2N/A if (tmp != NULL) {
2N/A free(str);
2N/A str = tmp;
2N/A }
2N/A free(t);
2N/A t = NULL;
2N/A }
2N/A }
2N/A }
2N/A }
2N/A
2N/A return (str);
2N/A}
2N/A
2N/A/*
2N/A * Kerberos flags are encoded in a single 32bit integer with each bit
2N/A * representing a flag. Each possible flag is tested for by applying a mask
2N/A * which is bit-shifted for each iteration.
2N/A * Returns a string representation of Kerberos flags which should be freed. Can
2N/A * return NULL on memory allocation error.
2N/A */
2N/Astatic char *
2N/Ak5_flags_to_str(const krb5_flags flags) {
2N/A const char *t = NULL;
2N/A char *tmp = NULL, *str = NULL;
2N/A unsigned int i, mask = 1;
2N/A
2N/A /* Print out "flags" in hex with leading zeros */
2N/A (void) asprintf(&str, "0x%.8x:", flags);
2N/A if (str != NULL) {
2N/A for (i = 0; i < sizeof (unsigned int) * 8; i++) {
2N/A t = k5_flag_lookup(flags & mask);
2N/A mask = mask << 1;
2N/A
2N/A /*
2N/A * k5_flag_lookup() returns "" when passed a zero
2N/A * indicating that there is no flag set at that bit.
2N/A * Continue on to the next flag.
2N/A */
2N/A if (t != NULL && t[0] == '\0')
2N/A continue;
2N/A
2N/A if (t != NULL)
2N/A (void) asprintf(&tmp, "%s %s", str, t);
2N/A else
2N/A (void) asprintf(&tmp, "%s <%s(%d)>", str,
2N/A dgettext(TEXT_DOMAIN, "unknown"), i);
2N/A
2N/A /*
2N/A * Free the old string and make the memory pointed to by
2N/A * tmp the new string.
2N/A */
2N/A if (tmp != NULL) {
2N/A free(str);
2N/A str = tmp;
2N/A }
2N/A }
2N/A }
2N/A
2N/A return (str);
2N/A}
2N/A
2N/A/*
2N/A * Encryption types are stored in an array along with its size (unlike many
2N/A * other arrays seen in krb5 which are generally NULL terminated). Given an
2N/A * array of encryption types ("enctypes") and a count ("n") return a string
2N/A * representation.
2N/A * The returned string should be freed. Returns NULL on memory allocation
2N/A * failure or empty array
2N/A */
2N/Astatic char *
2N/Ak5_etypes_to_str(unsigned int n, const krb5_enctype *enctypes) {
2N/A char *t, *str = NULL;
2N/A unsigned int i;
2N/A
2N/A for (i = 0; i < n; i++) {
2N/A t = k5_type_to_str(k5_etype_lookup, enctypes[i]);
2N/A if (t != NULL) {
2N/A if (str == NULL) {
2N/A str = t;
2N/A } else {
2N/A char *tmp;
2N/A (void) asprintf(&tmp, "%s %s", str, t);
2N/A if (tmp != NULL) {
2N/A free(str);
2N/A str = tmp;
2N/A }
2N/A free(t);
2N/A t = NULL;
2N/A }
2N/A }
2N/A }
2N/A
2N/A return (str);
2N/A}
2N/A
2N/A/*
2N/A * Convert a krb5_data structure to string.
2N/A * Returned string should be freed. Returns NULL on memory allocation failure or
2N/A * NULL input.
2N/A */
2N/Astatic char *
2N/Ak5_data_to_str(const krb5_data *data) {
2N/A char *str = NULL;
2N/A
2N/A if (data != NULL) {
2N/A str = malloc(data->length + 1);
2N/A if (str != NULL) {
2N/A (void) memcpy(str, data->data, data->length);
2N/A str[data->length] = '\0';
2N/A }
2N/A }
2N/A
2N/A return (str);
2N/A}
2N/A
2N/A/*
2N/A * Returns a string representation of a krb5_pa_data type. Currently only
2N/A * returns type of krb5_pa_data. e.g. "ENC_TIMESTAMP(2)".
2N/A * Takes a void pointer "p" as this function is can be passed to
2N/A * k5_array_to_str().
2N/A * Returned string should be freed. Returns NULL on memory allocation failure or
2N/A * NULL input.
2N/A */
2N/Astatic char *
2N/Ak5_padata_to_str(const void *p) {
2N/A const krb5_pa_data *pa = p;
2N/A char *str = NULL;
2N/A
2N/A if (pa != NULL)
2N/A str = k5_type_to_str(k5_patype_lookup, pa->pa_type);
2N/A
2N/A return (str);
2N/A}
2N/A
2N/A/*
2N/A * Returns a string representation of a krb5_authdata type. Currently only
2N/A * returns type of krb5_authdata. e.g. "AD-IF-RELEVANT(1)".
2N/A * Takes a void pointer "p" as this function is can be passed to
2N/A * k5_array_to_str().
2N/A * Returned string should be freed. Returns NULL on memory allocation failure or
2N/A * NULL input.
2N/A */
2N/Astatic char *
2N/Ak5_authdata_to_str(const void *a) {
2N/A const krb5_authdata *ad = a;
2N/A char *str = NULL;
2N/A
2N/A if (ad != NULL)
2N/A str = k5_type_to_str(k5_adtype_lookup, ad->ad_type);
2N/A
2N/A return (str);
2N/A}
2N/A
2N/A/*
2N/A * Returns a string representation of a krb5_last_req type. Returns type and
2N/A * timestamp. e.g. "ALL_LAST_TGT(1):1283180754".
2N/A * Takes a void pointer "p" as this function is can be passed to
2N/A * k5_array_to_str().
2N/A * Returned string should be freed. Returns NULL on memory allocation failure or
2N/A * NULL input.
2N/A */
2N/Astatic char *
2N/Ak5_last_req_to_str(const void *l) {
2N/A const krb5_last_req_entry *lr = l;
2N/A char *str = NULL;
2N/A
2N/A if (lr != NULL) {
2N/A char *tmp;
2N/A tmp = k5_type_to_str(k5_lrtype_lookup, lr->lr_type);
2N/A if (tmp != NULL) {
2N/A (void) asprintf(&str, "%s:%u", tmp, lr->value);
2N/A free(tmp);
2N/A }
2N/A }
2N/A
2N/A return (str);
2N/A}
2N/A
2N/A/*
2N/A * Returns a string representation of a krb5_transited type. For
2N/A * KRB5_DOMAIN_X500_COMPRESS a string representation of the transited realms
2N/A * will be returned. e.g. "DOMAIN-X500-COMPRESS(1):ACME.COM,MIT."
2N/A * Takes a void pointer "p" as this function can be passed to
2N/A * k5_array_to_str().
2N/A * Returned string should be freed. Returns NULL on memory allocation failure or
2N/A * NULL input.
2N/A */
2N/Astatic char *
2N/Ak5_transited_to_str(const void *t) {
2N/A const krb5_transited *tr = t;
2N/A char *str = NULL;
2N/A
2N/A if (tr != NULL) {
2N/A if (tr->tr_type == KRB5_DOMAIN_X500_COMPRESS) {
2N/A char *s1 = k5_type_to_str(
2N/A k5_trtype_lookup, (tr->tr_type));
2N/A char *s2 = k5_data_to_str(&tr->tr_contents);
2N/A
2N/A (void) asprintf(&str, "%s:%s",
2N/A s1 != NULL ? s1 : "",
2N/A s2 != NULL ? s2 : "");
2N/A
2N/A free(s2);
2N/A free(s1);
2N/A } else {
2N/A str = k5_type_to_str(k5_trtype_lookup, tr->tr_type);
2N/A }
2N/A }
2N/A
2N/A return (str);
2N/A}
2N/A
2N/A/*
2N/A * Returns a string representation of a krb5_address type. IPv6 and IPv4
2N/A * addresses are supported. e.g. "10.10.10.10"
2N/A * Takes a void pointer "p" as this function can be passed to
2N/A * k5_array_to_str().
2N/A * Returned string should be freed. Returns NULL on memory allocation failure or
2N/A * NULL input.
2N/A */
2N/Astatic char *
2N/Ak5_address_to_str(const void *a) {
2N/A const krb5_address *addr = a;
2N/A char *str = NULL;
2N/A
2N/A if (addr != NULL) {
2N/A switch (addr->addrtype) {
2N/A case ADDRTYPE_INET:
2N/A str = malloc(INET_ADDRSTRLEN);
2N/A if (str != NULL)
2N/A (void) inet_ntop(AF_INET,
2N/A addr->contents, str,
2N/A INET_ADDRSTRLEN);
2N/A break;
2N/A
2N/A case ADDRTYPE_INET6:
2N/A str = malloc(INET6_ADDRSTRLEN);
2N/A if (str != NULL)
2N/A (void) inet_ntop(AF_INET6,
2N/A addr->contents, str,
2N/A INET6_ADDRSTRLEN);
2N/A break;
2N/A
2N/A default:
2N/A (void) asprintf(&str, "<%s(%d)>",
2N/A dgettext(TEXT_DOMAIN,
2N/A "unknown address type"),
2N/A addr->addrtype);
2N/A }
2N/A }
2N/A
2N/A return (str);
2N/A}
2N/A
2N/A/*
2N/A * Count the number of elements in a NULL terminated array.
2N/A */
2N/Astatic int
2N/Ak5_count_array(const void **ptr) {
2N/A unsigned int i = 0;
2N/A for (; ptr && ptr[i]; )
2N/A i++;
2N/A
2N/A return (i);
2N/A}
2N/A
2N/A/*
2N/A * The following functions consist of "build" and "free" functions for each
2N/A * argument passed from the Kerberos mech to DTrace.
2N/A * These functions support the build-fire-free macros in kerberos_dtrace.h. The
2N/A * k5_*info arguments are flat structures closely mimicking their *info DTrace
2N/A * counter-parts. They are generally made up of strings and integers.
2N/A */
2N/A
2N/Ak5_krbinfo_t *
2N/Ak5_krbinfo_build(const krb5_data *data) {
2N/A k5_krbinfo_t *ki = NULL;
2N/A
2N/A if (data != NULL) {
2N/A ki = malloc(sizeof (k5_krbinfo_t));
2N/A if (ki != NULL) {
2N/A (void) memset(ki, 0, sizeof (k5_krbinfo_t));
2N/A ki->version = 5;
2N/A if (data->data != NULL) {
2N/A ki->message_type =
2N/A k5_type_to_str(k5_msgtype_lookup,
2N/A data->data[0] & 0x1f);
2N/A }
2N/A ki->message_id = data->data;
2N/A ki->message_length = data->length;
2N/A ki->message = data->data;
2N/A }
2N/A }
2N/A
2N/A return (ki);
2N/A}
2N/A
2N/Avoid
2N/Ak5_krbinfo_free(k5_krbinfo_t *ki) {
2N/A if (ki != NULL) {
2N/A free(ki->message_type);
2N/A free(ki);
2N/A }
2N/A}
2N/A
2N/Ak5_kerrorinfo_t *
2N/Ak5_kerrorinfo_build(const krb5_error *error) {
2N/A k5_kerrorinfo_t *ke = NULL;
2N/A
2N/A if (error != NULL) {
2N/A ke = malloc(sizeof (k5_kerrorinfo_t));
2N/A if (ke != NULL) {
2N/A (void) memset(ke, 0, sizeof (k5_kerrorinfo_t));
2N/A ke->ctime = error->ctime;
2N/A ke->cusec = error->cusec;
2N/A ke->stime = error->stime;
2N/A ke->susec = error->susec;
2N/A ke->error_code = k5_type_to_str(
2N/A k5_errtype_lookup, error->error);
2N/A (void) krb5_unparse_name_no_ctx(error->client,
2N/A &ke->client);
2N/A (void) krb5_unparse_name_no_ctx(error->server,
2N/A &ke->server);
2N/A ke->e_text = k5_data_to_str(&error->text);
2N/A ke->e_data = NULL;
2N/A
2N/A /*
2N/A * When preauth is required we can treat e_data as a
2N/A * list of supported pre-authentication types.
2N/A */
2N/A if (error->error == KDC_ERR_PREAUTH_REQUIRED &&
2N/A error->e_data.length > 0) {
2N/A krb5_pa_data **pa = NULL;
2N/A if (decode_krb5_padata_sequence(
2N/A &error->e_data, &pa) == 0) {
2N/A ke->e_data = k5_array_to_str(
2N/A k5_padata_to_str,
2N/A (const void **)pa);
2N/A krb5_free_pa_data_no_ctx(pa);
2N/A }
2N/A }
2N/A }
2N/A }
2N/A
2N/A return (ke);
2N/A}
2N/A
2N/Avoid
2N/Ak5_kerrorinfo_free(k5_kerrorinfo_t *ke) {
2N/A if (ke != NULL) {
2N/A free(ke->error_code);
2N/A free(ke->e_data);
2N/A free(ke->e_text);
2N/A free(ke->server);
2N/A free(ke->client);
2N/A free(ke);
2N/A }
2N/A}
2N/A
2N/Ak5_kdcreqinfo_t *
2N/Ak5_kdcreqinfo_build(const krb5_kdc_req *req) {
2N/A k5_kdcreqinfo_t *kr = NULL;
2N/A if (req != NULL) {
2N/A kr = malloc(sizeof (k5_kdcreqinfo_t));
2N/A if (kr != NULL) {
2N/A (void) memset(kr, 0, sizeof (k5_kdcreqinfo_t));
2N/A kr->padata_types = k5_array_to_str(k5_padata_to_str,
2N/A (const void **)req->padata);
2N/A kr->kdc_options = k5_flags_to_str(req->kdc_options);
2N/A
2N/A (void) krb5_unparse_name_no_ctx(req->client,
2N/A &kr->client);
2N/A (void) krb5_unparse_name_no_ctx(req->server,
2N/A &kr->server);
2N/A kr->from = req->from;
2N/A kr->till = req->till;
2N/A kr->rtime = req->rtime;
2N/A kr->nonce = req->nonce;
2N/A kr->etype = k5_etypes_to_str(req->nktypes, req->ktype);
2N/A kr->addresses = k5_array_to_str(k5_address_to_str,
2N/A (const void **)req->addresses);
2N/A kr->authorization_data =
2N/A k5_array_to_str(k5_authdata_to_str,
2N/A (const void **)req->unenc_authdata);
2N/A kr->num_additional_tickets = k5_count_array(
2N/A (const void **)req->second_ticket);
2N/A }
2N/A }
2N/A
2N/A return (kr);
2N/A}
2N/A
2N/Avoid
2N/Ak5_kdcreqinfo_free(k5_kdcreqinfo_t *kr) {
2N/A if (kr != NULL) {
2N/A free(kr->authorization_data);
2N/A free(kr->addresses);
2N/A free(kr->etype);
2N/A free(kr->server);
2N/A free(kr->client);
2N/A free(kr->kdc_options);
2N/A free(kr->padata_types);
2N/A free(kr);
2N/A }
2N/A}
2N/A
2N/Ak5_kdcrepinfo_t *
2N/Ak5_kdcrepinfo_build(const krb5_kdc_rep *rep,
2N/A const krb5_enc_kdc_rep_part *encp) {
2N/A
2N/A k5_kdcrepinfo_t *kr = NULL;
2N/A if (rep != NULL) {
2N/A kr = malloc(sizeof (k5_kdcrepinfo_t));
2N/A if (kr != NULL) {
2N/A (void) memset(kr, 0, sizeof (k5_kdcrepinfo_t));
2N/A kr->padata_types = k5_array_to_str(k5_padata_to_str,
2N/A (const void **)rep->padata);
2N/A (void) krb5_unparse_name_no_ctx(rep->client,
2N/A &kr->client);
2N/A kr->enc_part_kvno = rep->enc_part.kvno;
2N/A kr->enc_part_etype = k5_type_to_str(k5_etype_lookup,
2N/A rep->enc_part.enctype);
2N/A }
2N/A if (encp != NULL) {
2N/A if (encp->session != NULL) {
2N/A kr->enc_key_type =
2N/A k5_type_to_str(k5_etype_lookup,
2N/A encp->session->enctype);
2N/A kr->enc_key_length = encp->session->length;
2N/A kr->enc_key_value = encp->session->contents;
2N/A }
2N/A kr->enc_last_req = k5_array_to_str(k5_last_req_to_str,
2N/A (const void **)encp->last_req);
2N/A kr->enc_nonce = encp->nonce;
2N/A kr->enc_key_expiration = encp->key_exp;
2N/A kr->enc_flags = k5_flags_to_str(encp->flags);
2N/A kr->enc_authtime = encp->times.authtime;
2N/A kr->enc_starttime = encp->times.starttime;
2N/A kr->enc_starttime = encp->times.endtime;
2N/A kr->enc_renew_till = encp->times.renew_till;
2N/A (void) krb5_unparse_name_no_ctx(encp->server,
2N/A &kr->enc_server);
2N/A kr->enc_caddr = k5_array_to_str(k5_address_to_str,
2N/A (const void **)encp->caddrs);
2N/A }
2N/A }
2N/A
2N/A return (kr);
2N/A}
2N/A
2N/Avoid
2N/Ak5_kdcrepinfo_free(k5_kdcrepinfo_t *kr) {
2N/A if (kr != NULL) {
2N/A free(kr->enc_caddr);
2N/A free(kr->enc_server);
2N/A free(kr->enc_flags);
2N/A free(kr->enc_last_req);
2N/A free(kr->enc_key_type);
2N/A free(kr->enc_part_etype);
2N/A free(kr->client);
2N/A free(kr->padata_types);
2N/A free(kr);
2N/A }
2N/A}
2N/A
2N/Ak5_kticketinfo_t *
2N/Ak5_kticketinfo_build(const krb5_ticket *tkt) {
2N/A k5_kticketinfo_t *kt = NULL;
2N/A if (tkt != NULL) {
2N/A kt = malloc(sizeof (k5_kticketinfo_t));
2N/A if (kt != NULL) {
2N/A (void) memset(kt, 0, sizeof (k5_kticketinfo_t));
2N/A (void) krb5_unparse_name_no_ctx(tkt->server,
2N/A &kt->server);
2N/A kt->enc_part_kvno = tkt->enc_part.kvno;
2N/A kt->enc_part_etype = k5_type_to_str(k5_etype_lookup,
2N/A tkt->enc_part.enctype);
2N/A if (tkt->enc_part2 != NULL) {
2N/A krb5_enc_tkt_part *encp = tkt->enc_part2;
2N/A
2N/A kt->enc_flags = k5_flags_to_str(encp->flags);
2N/A if (encp->session != NULL) {
2N/A kt->enc_key_type = k5_type_to_str(
2N/A k5_etype_lookup,
2N/A encp->session->enctype);
2N/A kt->enc_key_length =
2N/A encp->session->length;
2N/A kt->enc_key_value =
2N/A encp->session->contents;
2N/A }
2N/A
2N/A (void) krb5_unparse_name_no_ctx(encp->client,
2N/A &kt->enc_client);
2N/A kt->enc_transited = k5_transited_to_str(
2N/A &encp->transited);
2N/A kt->enc_transited_type = k5_type_to_str(
2N/A k5_trtype_lookup, encp->transited.tr_type);
2N/A kt->enc_authtime = encp->times.authtime;
2N/A kt->enc_starttime = encp->times.starttime;
2N/A kt->enc_endtime = encp->times.endtime;
2N/A kt->enc_renew_till = encp->times.renew_till;
2N/A kt->enc_addresses = k5_array_to_str
2N/A (k5_address_to_str,
2N/A (const void **)encp->caddrs);
2N/A kt->enc_authorization_data = k5_array_to_str
2N/A (k5_authdata_to_str,
2N/A (const void **)encp->authorization_data);
2N/A }
2N/A }
2N/A }
2N/A
2N/A return (kt);
2N/A}
2N/A
2N/Avoid
2N/Ak5_kticketinfo_free(k5_kticketinfo_t *kt) {
2N/A if (kt != NULL) {
2N/A free(kt->enc_authorization_data);
2N/A free(kt->enc_addresses);
2N/A free(kt->enc_transited_type);
2N/A free(kt->enc_transited);
2N/A free(kt->enc_client);
2N/A free(kt->enc_key_type);
2N/A free(kt->enc_flags);
2N/A free(kt->enc_part_etype);
2N/A free(kt->server);
2N/A free(kt);
2N/A }
2N/A}
2N/A
2N/A
2N/Ak5_kaprepinfo_t *
2N/Ak5_kaprepinfo_build(const krb5_ap_rep *rep, const krb5_ap_rep_enc_part *encp) {
2N/A k5_kaprepinfo_t *ka = NULL;
2N/A
2N/A if (rep != NULL) {
2N/A ka = malloc(sizeof (k5_kaprepinfo_t));
2N/A if (ka != NULL) {
2N/A (void) memset(ka, 0, sizeof (k5_kaprepinfo_t));
2N/A ka->enc_part_kvno = rep->enc_part.kvno;
2N/A ka->enc_part_etype = k5_type_to_str(k5_etype_lookup,
2N/A rep->enc_part.enctype);
2N/A if (encp != NULL) {
2N/A ka->enc_ctime = encp->ctime;
2N/A ka->enc_cusec = encp->cusec;
2N/A
2N/A if (encp->subkey != NULL) {
2N/A ka->enc_subkey_type = k5_type_to_str(
2N/A k5_etype_lookup,
2N/A encp->subkey->enctype);
2N/A ka->enc_subkey_length =
2N/A encp->subkey->length;
2N/A ka->enc_subkey_value =
2N/A encp->subkey->contents;
2N/A }
2N/A ka->enc_seq_number = encp->seq_number;
2N/A }
2N/A }
2N/A }
2N/A
2N/A return (ka);
2N/A}
2N/A
2N/Avoid
2N/Ak5_kaprepinfo_free(k5_kaprepinfo_t *ka) {
2N/A if (ka != NULL) {
2N/A free(ka->enc_subkey_type);
2N/A free(ka->enc_part_etype);
2N/A free(ka);
2N/A }
2N/A}
2N/A
2N/Ak5_kapreqinfo_t *
2N/Ak5_kapreqinfo_build(const krb5_ap_req *req) {
2N/A k5_kapreqinfo_t *ka = NULL;
2N/A
2N/A if (req != NULL) {
2N/A ka = malloc(sizeof (k5_kapreqinfo_t));
2N/A if (ka != NULL) {
2N/A (void) memset(ka, 0, sizeof (k5_kapreqinfo_t));
2N/A
2N/A ka->ap_options = k5_flags_to_str(req->ap_options);
2N/A ka->authenticator_kvno = req->authenticator.kvno;
2N/A ka->authenticator_etype =
2N/A k5_type_to_str(k5_etype_lookup,
2N/A req->authenticator.enctype);
2N/A }
2N/A }
2N/A
2N/A return (ka);
2N/A}
2N/A
2N/Avoid
2N/Ak5_kapreqinfo_free(k5_kapreqinfo_t *ka) {
2N/A if (ka != NULL) {
2N/A free(ka->authenticator_etype);
2N/A free(ka->ap_options);
2N/A free(ka);
2N/A }
2N/A}
2N/A
2N/Ak5_kauthenticatorinfo_t *
2N/Ak5_kauthenticatorinfo_build(const krb5_authenticator *auth) {
2N/A k5_kauthenticatorinfo_t *ka = NULL;
2N/A
2N/A if (auth != NULL) {
2N/A ka = malloc(sizeof (k5_kauthenticatorinfo_t));
2N/A if (ka != NULL) {
2N/A (void) memset(ka, 0, sizeof (k5_kauthenticatorinfo_t));
2N/A (void) krb5_unparse_name_no_ctx(auth->client,
2N/A &ka->client);
2N/A if (auth->checksum != NULL) {
2N/A ka->cksum_type =
2N/A k5_type_to_str(k5_cktype_lookup,
2N/A auth->checksum->checksum_type);
2N/A ka->cksum_length = auth->checksum->length;
2N/A ka->cksum_value = auth->checksum->contents;
2N/A }
2N/A ka->cusec = auth->cusec;
2N/A ka->ctime = auth->ctime;
2N/A
2N/A if (auth->subkey != NULL) {
2N/A ka->subkey_type = k5_type_to_str(
2N/A k5_etype_lookup, auth->subkey->enctype);
2N/A ka->subkey_length = auth->subkey->length;
2N/A ka->subkey_value = auth->subkey->contents;
2N/A }
2N/A ka->seq_number = auth->seq_number;
2N/A ka->authorization_data = k5_array_to_str(
2N/A k5_authdata_to_str,
2N/A (const void **)auth->authorization_data);
2N/A }
2N/A }
2N/A
2N/A return (ka);
2N/A}
2N/A
2N/Avoid
2N/Ak5_kauthenticatorinfo_free(k5_kauthenticatorinfo_t *ka) {
2N/A if (ka != NULL) {
2N/A free(ka->authorization_data);
2N/A free(ka->subkey_type);
2N/A free(ka->cksum_type);
2N/A free(ka->client);
2N/A free(ka);
2N/A }
2N/A}
2N/A
2N/Ak5_ksafeinfo_t *
2N/Ak5_ksafeinfo_build(const krb5_safe *safe) {
2N/A k5_ksafeinfo_t *ks = NULL;
2N/A
2N/A if (safe != NULL) {
2N/A ks = malloc(sizeof (k5_ksafeinfo_t));
2N/A if (ks != NULL) {
2N/A (void) memset(ks, 0, sizeof (k5_ksafeinfo_t));
2N/A ks->user_data = safe->user_data.data;
2N/A ks->user_data_length = safe->user_data.length;
2N/A ks->timestamp = safe->timestamp;
2N/A ks->usec = safe->usec;
2N/A ks->seq_number = safe->seq_number;
2N/A ks->s_address = k5_address_to_str(safe->s_address);
2N/A ks->r_address = k5_address_to_str(safe->r_address);
2N/A if (safe->checksum != NULL) {
2N/A ks->cksum_type =
2N/A k5_type_to_str(k5_cktype_lookup,
2N/A safe->checksum->checksum_type);
2N/A ks->cksum_length = safe->checksum->length;
2N/A ks->cksum_value = safe->checksum->contents;
2N/A }
2N/A }
2N/A }
2N/A
2N/A return (ks);
2N/A}
2N/A
2N/Avoid
2N/Ak5_ksafeinfo_free(k5_ksafeinfo_t *ks) {
2N/A if (ks != NULL) {
2N/A free(ks->cksum_type);
2N/A free(ks->r_address);
2N/A free(ks->s_address);
2N/A free(ks);
2N/A }
2N/A}
2N/A
2N/Ak5_kprivinfo_t *
2N/Ak5_kprivinfo_build(const krb5_priv *priv, const krb5_priv_enc_part *encp) {
2N/A k5_kprivinfo_t *kp = NULL;
2N/A
2N/A if (priv != NULL) {
2N/A kp = malloc(sizeof (k5_kprivinfo_t));
2N/A if (kp != NULL) {
2N/A (void) memset(kp, 0, sizeof (k5_kprivinfo_t));
2N/A kp->enc_part_kvno = priv->enc_part.kvno;
2N/A kp->enc_part_etype = k5_type_to_str(k5_etype_lookup,
2N/A priv->enc_part.enctype);
2N/A if (encp != NULL) {
2N/A kp->enc_user_data = encp->user_data.data;
2N/A kp->enc_user_data_length =
2N/A encp->user_data.length;
2N/A kp->enc_timestamp = encp->timestamp;
2N/A kp->enc_usec = encp->usec;
2N/A kp->enc_seq_number = encp->seq_number;
2N/A kp->enc_s_address =
2N/A k5_address_to_str(encp->s_address);
2N/A kp->enc_r_address =
2N/A k5_address_to_str(encp->r_address);
2N/A }
2N/A }
2N/A }
2N/A
2N/A return (kp);
2N/A}
2N/A
2N/Avoid
2N/Ak5_kprivinfo_free(k5_kprivinfo_t *kp) {
2N/A if (kp != NULL) {
2N/A free(kp->enc_r_address);
2N/A free(kp->enc_s_address);
2N/A free(kp->enc_part_etype);
2N/A free(kp);
2N/A }
2N/A}
2N/A
2N/Ak5_kcredinfo_t *
2N/Ak5_kcredinfo_build(const krb5_cred *cred, const krb5_cred_enc_part *encp) {
2N/A k5_kcredinfo_t *kc = NULL;
2N/A
2N/A if (cred != NULL) {
2N/A kc = malloc(sizeof (k5_kcredinfo_t));
2N/A if (kc != NULL) {
2N/A (void) memset(kc, 0, sizeof (k5_kcredinfo_t));
2N/A kc->enc_part_kvno = cred->enc_part.kvno;
2N/A kc->enc_part_etype = k5_type_to_str(k5_etype_lookup,
2N/A cred->enc_part.enctype);
2N/A kc->tickets =
2N/A k5_count_array((const void **)(cred->tickets));
2N/A if (encp != NULL) {
2N/A kc->enc_nonce = encp->nonce;
2N/A kc->enc_timestamp = encp->timestamp;
2N/A kc->enc_usec = encp->usec;
2N/A kc->enc_s_address =
2N/A k5_address_to_str(encp->s_address);
2N/A kc->enc_r_address =
2N/A k5_address_to_str(encp->r_address);
2N/A }
2N/A }
2N/A }
2N/A
2N/A return (kc);
2N/A}
2N/A
2N/Avoid
2N/Ak5_kcredinfo_free(k5_kcredinfo_t *kc) {
2N/A if (kc != NULL) {
2N/A free(kc->enc_r_address);
2N/A free(kc->enc_s_address);
2N/A free(kc->enc_part_etype);
2N/A free(kc);
2N/A }
2N/A}
2N/A
2N/Ak5_kconninfo_t *
2N/Ak5_kconninfo_build(const int fd) {
2N/A k5_kconninfo_t *kc = malloc(sizeof (k5_kconninfo_t));
2N/A
2N/A if (kc != NULL) {
2N/A struct sockaddr_storage s;
2N/A socklen_t len = sizeof (struct sockaddr_storage);
2N/A int t;
2N/A
2N/A (void) memset(kc, 0, sizeof (k5_kconninfo_t));
2N/A
2N/A if (getsockname(fd, (struct sockaddr *)&s, &len) == 0) {
2N/A if (s.ss_family == AF_INET) {
2N/A kc->protocol = strdup("ipv4");
2N/A kc->local = malloc(INET_ADDRSTRLEN);
2N/A if (kc->local != NULL)
2N/A inet_ntop(s.ss_family,
2N/A &(ss2sin(&s)->sin_addr), kc->local,
2N/A INET_ADDRSTRLEN);
2N/A
2N/A kc->localport = htons(ss2sin(&s)->sin_port);
2N/A
2N/A } else if (s.ss_family == AF_INET6) {
2N/A kc->protocol = strdup("ipv6");
2N/A kc->local = malloc(INET6_ADDRSTRLEN);
2N/A if (kc->local != NULL)
2N/A inet_ntop(s.ss_family,
2N/A &(ss2sin6(&s)->sin6_addr),
2N/A kc->local, INET6_ADDRSTRLEN);
2N/A kc->localport = htons(ss2sin6(&s)->sin6_port);
2N/A
2N/A } else
2N/A (void) asprintf(&kc->protocol, "<%s(%d)>",
2N/A dgettext(TEXT_DOMAIN, "unknown"),
2N/A s.ss_family);
2N/A }
2N/A
2N/A if (getpeername(fd, (struct sockaddr *)&s, &len) == 0) {
2N/A if (s.ss_family == AF_INET) {
2N/A kc->remote = malloc(INET_ADDRSTRLEN);
2N/A if (kc->remote != NULL)
2N/A inet_ntop(s.ss_family,
2N/A &(ss2sin(&s)->sin_addr), kc->remote,
2N/A INET_ADDRSTRLEN);
2N/A kc->remoteport = htons(ss2sin(&s)->sin_port);
2N/A } else if (s.ss_family == AF_INET6) {
2N/A kc->remote = malloc(INET6_ADDRSTRLEN);
2N/A if (kc->remote != NULL)
2N/A inet_ntop(s.ss_family,
2N/A &(ss2sin6(&s)->sin6_addr),
2N/A kc->remote, INET6_ADDRSTRLEN);
2N/A kc->remoteport = htons(ss2sin6(&s)->sin6_port);
2N/A }
2N/A }
2N/A
2N/A len = sizeof (t);
2N/A if (getsockopt(fd, SOL_SOCKET, SO_TYPE, &t, &len) == 0) {
2N/A switch (t) {
2N/A case SOCK_STREAM:
2N/A kc->type = strdup("tcp");
2N/A break;
2N/A case SOCK_DGRAM:
2N/A kc->type = strdup("udp");
2N/A break;
2N/A default:
2N/A (void) asprintf(&kc->type, "<%s(%d)>",
2N/A dgettext(TEXT_DOMAIN, "unknown"),
2N/A t);
2N/A }
2N/A }
2N/A }
2N/A
2N/A return (kc);
2N/A}
2N/A
2N/Avoid
2N/Ak5_kconninfo_free(k5_kconninfo_t *kc) {
2N/A if (kc != NULL) {
2N/A free(kc->type);
2N/A free(kc->remote);
2N/A free(kc->local);
2N/A free(kc->protocol);
2N/A free(kc);
2N/A }
2N/A}
2N/A
2N/A/*
2N/A * Some probes should fire in multiple places. In order to ensure that each
2N/A * probe is only listed once by DTrace these probes are put into their own
2N/A * functions.
2N/A */
2N/Avoid k5_trace_kdc_rep_read(const krb5_data *msg, const krb5_kdc_rep *dec_rep) {
2N/A KERBEROS_PROBE_KRB_KDC_REP(READ, msg, dec_rep,
2N/A dec_rep == NULL ? NULL : dec_rep->enc_part2,
2N/A dec_rep == NULL ? NULL : dec_rep->ticket);
2N/A}
2N/A
2N/Avoid k5_trace_kdc_req_read(const krb5_data *msg, const krb5_kdc_req *req) {
2N/A KERBEROS_PROBE_KRB_KDC_REQ(READ, msg, req);
2N/A}
2N/A
2N/Avoid k5_trace_message_send(const int fd, char *data,
2N/A const unsigned int length) {
2N/A KERBEROS_PROBE_KRB_MESSAGE(SEND, fd, data, length);
2N/A}
2N/A
2N/Avoid k5_trace_message_recv(const int fd, char *data,
2N/A const unsigned int length) {
2N/A KERBEROS_PROBE_KRB_MESSAGE(RECV, fd, data, length);
2N/A}