/* * Copyright 2008 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ /* * Copyright 1990-1998 by the Massachusetts Institute of Technology. * * Export of this software from the United States of America may * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright * notice appear in all copies and that both that copyright notice and * this permission notice appear in supporting documentation, and that * the name of M.I.T. not be used in advertising or publicity pertaining * to distribution of the software without specific, written prior * permission. Furthermore if you modify this software you must label * your software as modified software and not distribute it in such a * fashion that it might be confused with the original M.I.T. software. * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. * * * krb5_free_address() */ #include "k5-int.h" static void cleanup_dk_list(krb5_context, krb5_keyblock *); /* ARGSUSED */ void KRB5_CALLCONV krb5_free_address(krb5_context context, krb5_address *val) { if (val->contents) krb5_xfree_wrap(val->contents, val->length); krb5_xfree_wrap(val, sizeof(krb5_address)); } #ifndef _KERNEL void KRB5_CALLCONV krb5_free_addresses(krb5_context context, krb5_address **val) { register krb5_address **temp; for (temp = val; *temp; temp++) { if ((*temp)->contents) krb5_xfree((*temp)->contents); krb5_xfree(*temp); } krb5_xfree(val); } void KRB5_CALLCONV krb5_free_ap_rep(krb5_context context, register krb5_ap_rep *val) { if (val->enc_part.ciphertext.data) { krb5_xfree(val->enc_part.ciphertext.data); val->enc_part.ciphertext.data = 0; } krb5_xfree(val); } void KRB5_CALLCONV krb5_free_ap_req(krb5_context context, register krb5_ap_req *val) { if (val->ticket) { krb5_free_ticket(context, val->ticket); val->ticket = 0; } if (val->authenticator.ciphertext.data) { krb5_xfree(val->authenticator.ciphertext.data); val->authenticator.ciphertext.data = 0; } krb5_xfree(val); } void KRB5_CALLCONV krb5_free_ap_rep_enc_part(krb5_context context, krb5_ap_rep_enc_part *val) { if (val->subkey) krb5_free_keyblock(context, val->subkey); krb5_xfree(val); } #endif /* !_KERNEL */ void KRB5_CALLCONV krb5_free_authenticator_contents(krb5_context context, krb5_authenticator *val) { if (val->checksum) { krb5_free_checksum(context, val->checksum); val->checksum = 0; } if (val->client) { krb5_free_principal(context, val->client); val->client = 0; } if (val->subkey) { krb5_free_keyblock(context, val->subkey); val->subkey = 0; } if (val->authorization_data) { krb5_free_authdata(context, val->authorization_data); val->authorization_data = 0; } } /* ARGSUSED */ void KRB5_CALLCONV krb5_free_authdata(krb5_context context, krb5_authdata **val) { register krb5_authdata **temp; for (temp = val; *temp; temp++) { if ((*temp)->contents) krb5_xfree_wrap((*temp)->contents, (*temp)->length); krb5_xfree_wrap(*temp, sizeof(krb5_authdata)); } /* Note val points to an array of pointers and (++temp - val) is # of bytes * in that array. */ krb5_xfree_wrap(val, (++temp - val)); } void KRB5_CALLCONV krb5_free_authenticator(krb5_context context, krb5_authenticator *val) { krb5_free_authenticator_contents(context, val); krb5_xfree_wrap(val, sizeof(krb5_authenticator)); } void KRB5_CALLCONV krb5_free_checksum(krb5_context context, register krb5_checksum *val) { krb5_free_checksum_contents(context, val); krb5_xfree_wrap(val, sizeof(krb5_checksum)); } /* ARGSUSED */ void KRB5_CALLCONV krb5_free_checksum_contents(krb5_context context, register krb5_checksum *val) { if (val->contents) { krb5_xfree_wrap(val->contents, val->length); val->length = 0; val->contents = 0; } } #ifndef _KERNEL void KRB5_CALLCONV krb5_free_cred(krb5_context context, register krb5_cred *val) { if (val->tickets) { krb5_free_tickets(context, val->tickets); val->tickets = 0; } if (val->enc_part.ciphertext.data) { krb5_xfree(val->enc_part.ciphertext.data); val->enc_part.ciphertext.data = 0; } krb5_xfree(val); } /* * krb5_free_cred_contents zeros out the session key, and then frees * the credentials structures */ void KRB5_CALLCONV krb5_free_cred_contents(krb5_context context, krb5_creds *val) { if (val->client) { krb5_free_principal(context, val->client); val->client = 0; } if (val->server) { krb5_free_principal(context, val->server); val->server = 0; } krb5_free_keyblock_contents(context, &val->keyblock); if (val->ticket.data) { krb5_xfree(val->ticket.data); val->ticket.data = 0; } if (val->second_ticket.data) { krb5_xfree(val->second_ticket.data); val->second_ticket.data = 0; } if (val->addresses) { krb5_free_addresses(context, val->addresses); val->addresses = 0; } if (val->authdata) { krb5_free_authdata(context, val->authdata); val->authdata = 0; } } void KRB5_CALLCONV krb5_free_cred_enc_part(krb5_context context, register krb5_cred_enc_part *val) { register krb5_cred_info **temp; if (val->r_address) { krb5_free_address(context, val->r_address); val->r_address = 0; } if (val->s_address) { krb5_free_address(context, val->s_address); val->s_address = 0; } if (val->ticket_info) { for (temp = val->ticket_info; *temp; temp++) { if ((*temp)->session) krb5_free_keyblock(context, (*temp)->session); if ((*temp)->client) krb5_free_principal(context, (*temp)->client); if ((*temp)->server) krb5_free_principal(context, (*temp)->server); if ((*temp)->caddrs) krb5_free_addresses(context, (*temp)->caddrs); krb5_xfree((*temp)); } krb5_xfree(val->ticket_info); val->ticket_info = 0; } } void KRB5_CALLCONV krb5_free_creds(krb5_context context, krb5_creds *val) { krb5_free_cred_contents(context, val); krb5_xfree(val); } /* ARGSUSED */ void KRB5_CALLCONV krb5_free_data(krb5_context context, krb5_data *val) { if (val->data) { krb5_xfree(val->data); val->data = 0; } krb5_xfree(val); } #endif /* !_KERNEL */ /* ARGSUSED */ void KRB5_CALLCONV krb5_free_data_contents(krb5_context context, krb5_data *val) { if (val->data) { krb5_xfree_wrap(val->data, val->length); val->length = 0; val->data = 0; } } #ifndef _KERNEL void krb5_free_etype_info(krb5_context context, krb5_etype_info info) { int i; for(i=0; info[i] != NULL; i++) { if (info[i]->salt) free(info[i]->salt); krb5_free_data_contents(context, &info[i]->s2kparams); free(info[i]); } free(info); } void KRB5_CALLCONV krb5_free_enc_kdc_rep_part(krb5_context context, register krb5_enc_kdc_rep_part *val) { if (val->session) krb5_free_keyblock(context, val->session); if (val->last_req) krb5_free_last_req(context, val->last_req); if (val->server) krb5_free_principal(context, val->server); if (val->caddrs) krb5_free_addresses(context, val->caddrs); krb5_xfree(val); } void KRB5_CALLCONV krb5_free_enc_tkt_part(krb5_context context, krb5_enc_tkt_part *val) { if (val->session) { krb5_free_keyblock(context, val->session); val->session = 0; } if (val->client) krb5_free_principal(context, val->client); if (val->transited.tr_contents.data) { krb5_xfree(val->transited.tr_contents.data); val->transited.tr_contents.data = 0; } if (val->caddrs) krb5_free_addresses(context, val->caddrs); if (val->authorization_data) { krb5_free_authdata(context, val->authorization_data); val->authorization_data = 0; } krb5_xfree(val); } #endif /* !_KERNEL */ void KRB5_CALLCONV krb5_free_error(krb5_context context, register krb5_error *val) { if (val->client) krb5_free_principal(context, val->client); if (val->server) krb5_free_principal(context, val->server); if (val->text.data) krb5_xfree_wrap(val->text.data, val->text.length); if (val->e_data.data) krb5_xfree_wrap(val->e_data.data, val->e_data.length); krb5_xfree_wrap(val, sizeof (krb5_error)); } #ifndef _KERNEL void KRB5_CALLCONV krb5_free_kdc_rep(krb5_context context, krb5_kdc_rep *val) { if (val->padata) { krb5_free_pa_data(context, val->padata); val->padata = 0; } if (val->client) { krb5_free_principal(context, val->client); val->client = 0; } if (val->ticket) { krb5_free_ticket(context, val->ticket); val->ticket = 0; } if (val->enc_part.ciphertext.data) { krb5_xfree(val->enc_part.ciphertext.data); val->enc_part.ciphertext.data = 0; } if (val->enc_part2) { krb5_free_enc_kdc_rep_part(context, val->enc_part2); val->enc_part2 = 0; } krb5_xfree(val); } void KRB5_CALLCONV krb5_free_kdc_req(krb5_context context, krb5_kdc_req *val) { if (val->padata) { krb5_free_pa_data(context, val->padata); val->padata = 0; } if (val->client) { krb5_free_principal(context, val->client); val->client = 0; } if (val->server) { krb5_free_principal(context, val->server); val->server = 0; } if (val->ktype) { krb5_xfree(val->ktype); val->ktype = 0; } if (val->addresses) { krb5_free_addresses(context, val->addresses); val->addresses = 0; } if (val->authorization_data.ciphertext.data) { krb5_xfree(val->authorization_data.ciphertext.data); val->authorization_data.ciphertext.data = 0; } if (val->unenc_authdata) { krb5_free_authdata(context, val->unenc_authdata); val->unenc_authdata = 0; } if (val->second_ticket) { krb5_free_tickets(context, val->second_ticket); val->second_ticket = 0; } krb5_xfree(val); } #endif /* !_KERNEL */ /* * Delete a key's derived key list */ static void cleanup_dk_list(krb5_context context, krb5_keyblock *key) { krb5_dk_node *dn = key->dk_list; krb5_dk_node *nxt; while (dn != NULL) { nxt = dn->next; if (dn->derived_key != NULL) { /* * Some recursion here but its OK, * it stops when a NULL dk_list * is encountered. */ krb5_free_keyblock(context, dn->derived_key); dn->derived_key = NULL; } FREE(dn, sizeof(krb5_dk_node)); dn = nxt; } key->dk_list = NULL; } /* ARGSUSED */ void KRB5_CALLCONV krb5_free_keyblock_contents(krb5_context context, register krb5_keyblock *key) { if (key->contents) { (void) memset(key->contents, 0, key->length); krb5_xfree_wrap(key->contents, key->length); key->length = 0; key->contents = 0; } #ifdef _KERNEL if (key->key_tmpl != NULL) (void) crypto_destroy_ctx_template(key->key_tmpl); #else if (key->hKey != CK_INVALID_HANDLE) { CK_RV rv; rv = C_DestroyObject(krb_ctx_hSession(context), key->hKey); if (rv != CKR_OK) { KRB5_LOG(KRB5_ERR, "krb5_free_keyblock_contents: " "C_DestroyObject = %0x", rv); } key->hKey = CK_INVALID_HANDLE; } #endif /* _KERNEL */ /* * If the original key data is freed, we should also free * any keys derived from that data. * This saves us from making additional calls to "cleanup_dk_list" * in all of the many function which have keyblock structures * declared on the stack that re-use the keyblock data contents * without freeing the entire keyblock record. */ cleanup_dk_list(context, key); } void KRB5_CALLCONV krb5_free_keyblock(krb5_context context, register krb5_keyblock *val) { if (!val) return; krb5_free_keyblock_contents(context, val); krb5_xfree_wrap(val, sizeof(krb5_keyblock)); } #ifndef _KERNEL void KRB5_CALLCONV krb5_free_last_req(krb5_context context, krb5_last_req_entry **val) { register krb5_last_req_entry **temp; for (temp = val; *temp; temp++) krb5_xfree(*temp); krb5_xfree(val); } void KRB5_CALLCONV krb5_free_pa_data(krb5_context context, krb5_pa_data **val) { register krb5_pa_data **temp; for (temp = val; *temp; temp++) { if ((*temp)->contents) krb5_xfree((*temp)->contents); krb5_xfree(*temp); } krb5_xfree(val); } #endif /* !_KERNEL */ /* ARGSUSED */ void KRB5_CALLCONV krb5_free_principal(krb5_context context, krb5_principal val) { register krb5_int32 i; if (!val) return; if (val->data) { i = krb5_princ_size(context, val); while(--i >= 0) FREE(krb5_princ_component(context, val, i)->data, krb5_princ_component(context, val, i)->length+1); krb5_xfree_wrap(val->data, sizeof(krb5_data) * krb5_princ_size(context, val)); } if (val->realm.data) krb5_xfree_wrap(val->realm.data, val->realm.length+1); krb5_xfree_wrap(val, sizeof (krb5_principal_data)); } #ifndef _KERNEL void KRB5_CALLCONV krb5_free_priv(krb5_context context, register krb5_priv *val) { if (val->enc_part.ciphertext.data) { krb5_xfree(val->enc_part.ciphertext.data); val->enc_part.ciphertext.data = 0; } krb5_xfree(val); } void KRB5_CALLCONV krb5_free_priv_enc_part(krb5_context context, register krb5_priv_enc_part *val) { if (val->user_data.data) { krb5_xfree(val->user_data.data); val->user_data.data = 0; } if (val->r_address) { krb5_free_address(context, val->r_address); val->r_address = 0; } if (val->s_address) { krb5_free_address(context, val->s_address); val->s_address = 0; } krb5_xfree(val); } void KRB5_CALLCONV krb5_free_pwd_data(krb5_context context, krb5_pwd_data *val) { if (val->element) krb5_free_pwd_sequences(context, val->element); krb5_xfree(val); } void KRB5_CALLCONV krb5_free_pwd_sequences(krb5_context context, passwd_phrase_element **val) { register passwd_phrase_element **temp; for (temp = val; *temp; temp++) { if ((*temp)->passwd) { krb5_free_data(context, (*temp)->passwd); (*temp)->passwd = 0; } if ((*temp)->phrase) { krb5_free_data(context, (*temp)->phrase); (*temp)->phrase = 0; } krb5_xfree(*temp); } krb5_xfree(val); } void KRB5_CALLCONV krb5_free_safe(krb5_context context, register krb5_safe *val) { if (val->user_data.data) { krb5_xfree(val->user_data.data); val->user_data.data = 0; } if (val->r_address) { krb5_free_address(context, val->r_address); val->r_address = 0; } if (val->s_address) { krb5_free_address(context, val->s_address); val->s_address = 0; } if (val->checksum) { krb5_free_checksum(context, val->checksum); val->checksum = 0; } krb5_xfree(val); } void KRB5_CALLCONV krb5_free_ticket(krb5_context context, krb5_ticket *val) { if (val->server) krb5_free_principal(context, val->server); if (val->enc_part.ciphertext.data) { krb5_xfree(val->enc_part.ciphertext.data); val->enc_part.ciphertext.data = 0; } if (val->enc_part2) krb5_free_enc_tkt_part(context, val->enc_part2); krb5_xfree(val); } void KRB5_CALLCONV krb5_free_tickets(krb5_context context, krb5_ticket **val) { register krb5_ticket **temp; for (temp = val; *temp; temp++) krb5_free_ticket(context, *temp); krb5_xfree(val); } void KRB5_CALLCONV krb5_free_tgt_creds(krb5_context context, krb5_creds **tgts) { register krb5_creds **tgtpp; for (tgtpp = tgts; *tgtpp; tgtpp++) krb5_free_creds(context, *tgtpp); krb5_xfree(tgts); } void KRB5_CALLCONV krb5_free_tkt_authent(krb5_context context, krb5_tkt_authent *val) { if (val->ticket) { krb5_free_ticket(context, val->ticket); val->ticket = 0; } if (val->authenticator) { krb5_free_authenticator(context, val->authenticator); val->authenticator = 0; } krb5_xfree(val); } void KRB5_CALLCONV krb5_free_unparsed_name(krb5_context context, char *val) { if (val) { krb5_xfree(val); } } void KRB5_CALLCONV krb5_free_sam_challenge(krb5_context ctx, krb5_sam_challenge *sc) { if (!sc) return; krb5_free_sam_challenge_contents(ctx, sc); krb5_xfree(sc); } void KRB5_CALLCONV krb5_free_sam_challenge_2(krb5_context ctx, krb5_sam_challenge_2 *sc2) { if (!sc2) return; krb5_free_sam_challenge_2_contents(ctx, sc2); krb5_xfree(sc2); } void KRB5_CALLCONV krb5_free_sam_challenge_contents(krb5_context ctx, krb5_sam_challenge *sc) { if (!sc) return; if (sc->sam_type_name.data) krb5_free_data_contents(ctx, &sc->sam_type_name); if (sc->sam_track_id.data) krb5_free_data_contents(ctx, &sc->sam_track_id); if (sc->sam_challenge_label.data) krb5_free_data_contents(ctx, &sc->sam_challenge_label); if (sc->sam_challenge.data) krb5_free_data_contents(ctx, &sc->sam_challenge); if (sc->sam_response_prompt.data) krb5_free_data_contents(ctx, &sc->sam_response_prompt); if (sc->sam_pk_for_sad.data) krb5_free_data_contents(ctx, &sc->sam_pk_for_sad); if (sc->sam_cksum.contents) { krb5_xfree(sc->sam_cksum.contents); sc->sam_cksum.contents = 0; } } void KRB5_CALLCONV krb5_free_sam_challenge_2_contents(krb5_context ctx, krb5_sam_challenge_2 *sc2) { krb5_checksum **cksump; if (!sc2) return; if (sc2->sam_challenge_2_body.data) krb5_free_data_contents(ctx, &sc2->sam_challenge_2_body); if (sc2->sam_cksum) { cksump = sc2->sam_cksum; while (*cksump) { krb5_free_checksum(ctx, *cksump); cksump++; } krb5_xfree(sc2->sam_cksum); sc2->sam_cksum = 0; } } void KRB5_CALLCONV krb5_free_sam_challenge_2_body(krb5_context ctx, krb5_sam_challenge_2_body *sc2) { if (!sc2) return; krb5_free_sam_challenge_2_body_contents(ctx, sc2); krb5_xfree(sc2); } void KRB5_CALLCONV krb5_free_sam_challenge_2_body_contents(krb5_context ctx, krb5_sam_challenge_2_body *sc2) { if (!sc2) return; if (sc2->sam_type_name.data) krb5_free_data_contents(ctx, &sc2->sam_type_name); if (sc2->sam_track_id.data) krb5_free_data_contents(ctx, &sc2->sam_track_id); if (sc2->sam_challenge_label.data) krb5_free_data_contents(ctx, &sc2->sam_challenge_label); if (sc2->sam_challenge.data) krb5_free_data_contents(ctx, &sc2->sam_challenge); if (sc2->sam_response_prompt.data) krb5_free_data_contents(ctx, &sc2->sam_response_prompt); if (sc2->sam_pk_for_sad.data) krb5_free_data_contents(ctx, &sc2->sam_pk_for_sad); } void KRB5_CALLCONV krb5_free_sam_response(krb5_context ctx, krb5_sam_response *sr) { if (!sr) return; krb5_free_sam_response_contents(ctx, sr); krb5_xfree(sr); } void KRB5_CALLCONV krb5_free_sam_response_2(krb5_context ctx, krb5_sam_response_2 *sr2) { if (!sr2) return; krb5_free_sam_response_2_contents(ctx, sr2); krb5_xfree(sr2); } void KRB5_CALLCONV krb5_free_sam_response_contents(krb5_context ctx, krb5_sam_response *sr) { if (!sr) return; if (sr->sam_track_id.data) krb5_free_data_contents(ctx, &sr->sam_track_id); if (sr->sam_enc_key.ciphertext.data) krb5_free_data_contents(ctx, &sr->sam_enc_key.ciphertext); if (sr->sam_enc_nonce_or_ts.ciphertext.data) krb5_free_data_contents(ctx, &sr->sam_enc_nonce_or_ts.ciphertext); } void KRB5_CALLCONV krb5_free_sam_response_2_contents(krb5_context ctx, krb5_sam_response_2 *sr2) { if (!sr2) return; if (sr2->sam_track_id.data) krb5_free_data_contents(ctx, &sr2->sam_track_id); if (sr2->sam_enc_nonce_or_sad.ciphertext.data) krb5_free_data_contents(ctx, &sr2->sam_enc_nonce_or_sad.ciphertext); } void KRB5_CALLCONV krb5_free_predicted_sam_response(krb5_context ctx, krb5_predicted_sam_response *psr) { if (!psr) return; krb5_free_predicted_sam_response_contents(ctx, psr); krb5_xfree(psr); } void KRB5_CALLCONV krb5_free_predicted_sam_response_contents(krb5_context ctx, krb5_predicted_sam_response *psr) { if (!psr) return; if (psr->sam_key.contents) krb5_free_keyblock_contents(ctx, &psr->sam_key); if (psr->client) { krb5_free_principal(ctx, psr->client); psr->client = 0; } if (psr->msd.data) krb5_free_data_contents(ctx, &psr->msd); } void KRB5_CALLCONV krb5_free_enc_sam_response_enc(krb5_context ctx, krb5_enc_sam_response_enc *esre) { if (!esre) return; krb5_free_enc_sam_response_enc_contents(ctx, esre); krb5_xfree(esre); } void KRB5_CALLCONV krb5_free_enc_sam_response_enc_2(krb5_context ctx, krb5_enc_sam_response_enc_2 *esre2) { if (!esre2) return; krb5_free_enc_sam_response_enc_2_contents(ctx, esre2); krb5_xfree(esre2); } void KRB5_CALLCONV krb5_free_enc_sam_response_enc_contents(krb5_context ctx, krb5_enc_sam_response_enc *esre) { if (!esre) return; if (esre->sam_sad.data) krb5_free_data_contents(ctx, &esre->sam_sad); } void KRB5_CALLCONV krb5_free_enc_sam_response_enc_2_contents(krb5_context ctx, krb5_enc_sam_response_enc_2 *esre2) { if (!esre2) return; if (esre2->sam_sad.data) krb5_free_data_contents(ctx, &esre2->sam_sad); } void KRB5_CALLCONV krb5_free_pa_enc_ts(krb5_context ctx, krb5_pa_enc_ts *pa_enc_ts) { if (!pa_enc_ts) return; krb5_xfree(pa_enc_ts); } #endif /* !_KERNEL */