From 50d60c3dc739be77574cbf80bc24d7fbd2ff41be Mon Sep 17 00:00:00 2001
From: David Benjamin <davidben@mit.edu>
Date: Thu, 18 Apr 2013 19:45:17 -0400
Subject: Add internal Z_MakeZcodeAuthentication function

Explicitly takes a krb5_creds as input.
---
 h/internal.h  |  4 ++++
 lib/ZMkAuth.c | 44 +++++++++++++++++++++++++++++---------------
 2 files changed, 33 insertions(+), 15 deletions(-)

diff --git a/h/internal.h b/h/internal.h
index 93d76ab..f87c8a2 100644
--- a/h/internal.h
+++ b/h/internal.h
@@ -144,6 +144,10 @@ Code_t Z_ExtractEncCksum(krb5_keyblock *keyblock, krb5_enctype *enctype,
 int Z_krb5_verify_cksum(krb5_keyblock *keyblock, krb5_data *cksumbuf,
 			krb5_cksumtype cksumtype, krb5_keyusage cksumusage,
 			unsigned char *asn1_data, int asn1_len);
+Code_t Z_MakeZcodeAuthentication(register ZNotice_t *notice,
+				 char *buffer, int buffer_len,
+				 int *phdr_len,
+				 krb5_creds *creds);
 Code_t Z_InsertZcodeChecksum(krb5_keyblock *keyblock, ZNotice_t *notice,
                              char *buffer,
                              char *cksum_start, int cksum_len,
diff --git a/lib/ZMkAuth.c b/lib/ZMkAuth.c
index 8d7ea0c..f837a1e 100644
--- a/lib/ZMkAuth.c
+++ b/lib/ZMkAuth.c
@@ -111,14 +111,36 @@ ZMakeZcodeAuthentication(register ZNotice_t *notice,
 
 Code_t
 ZMakeZcodeRealmAuthentication(register ZNotice_t *notice,
-			       char *buffer,
-			       int buffer_len,
-			       int *phdr_len,
-			       char *realm)
+			      char *buffer,
+			      int buffer_len,
+			      int *phdr_len,
+			      char *realm)
 {
 #ifdef HAVE_KRB5
-    krb5_error_code result;
-    krb5_creds *creds = 0;
+    Code_t result;
+    krb5_creds *creds = NULL;
+
+    result = ZGetCredsRealm(&creds, realm);
+    if (!result)
+	result = Z_MakeZcodeAuthentication(notice, buffer, buffer_len, phdr_len,
+					   creds);
+    if (creds != NULL)
+	krb5_free_creds(Z_krb5_ctx, creds);
+    return result;
+#else /* HAVE_KRB5 */
+    return ZERR_INTERNAL;
+#endif
+}
+
+#ifdef HAVE_KRB5
+Code_t
+Z_MakeZcodeAuthentication(register ZNotice_t *notice,
+			  char *buffer,
+			  int buffer_len,
+			  int *phdr_len,
+			  krb5_creds *creds)
+{
+    krb5_error_code result = 0;
     krb5_keyblock *keyblock;
     krb5_auth_context authctx;
     krb5_data *authent;
@@ -127,8 +149,6 @@ ZMakeZcodeRealmAuthentication(register ZNotice_t *notice,
 
     notice->z_ascii_authent = NULL;
 
-    result = ZGetCredsRealm(&creds, realm);
-
     keyblock = Z_credskey(creds);
 
     authent = (krb5_data *)malloc(sizeof(krb5_data));
@@ -167,7 +187,7 @@ ZMakeZcodeRealmAuthentication(register ZNotice_t *notice,
 	result = Z_NewFormatRawHeader(notice, buffer, buffer_len, phdr_len,
 				      &cksum_start, &cksum_len, &cstart, &cend);
     notice->z_authent_len = 0;
-    if (!result && creds != NULL)
+    if (!result)
 	result = Z_InsertZcodeChecksum(keyblock, notice, buffer, cksum_start,
 				       cksum_len, cstart, cend, buffer_len,
 				       &phdr_adj, 0);
@@ -179,15 +199,9 @@ ZMakeZcodeRealmAuthentication(register ZNotice_t *notice,
     krb5_free_data_contents(Z_krb5_ctx, authent);
     if (authent != NULL)
 	free(authent);
-    if (creds != NULL)
-	krb5_free_creds(Z_krb5_ctx, creds);
     return result;
-#else /* HAVE_KRB5 */
-    return ZERR_INTERNAL;
-#endif
 }
 
-#ifdef HAVE_KRB5
 int
 ZGetCreds(krb5_creds **creds_out)
 {
-- 
cgit v1.2.3