summaryrefslogtreecommitdiffstats
path: root/util
diff options
context:
space:
mode:
authorSimo Sorce <ssorce@redhat.com>2011-06-20 11:55:13 -0400
committerSimo Sorce <ssorce@redhat.com>2011-08-26 08:24:49 -0400
commiteed401306c400ae938e2d328de22da6f729c8f3f (patch)
tree0d80aaf819a5d45a9ca1cb086f01624c35ddaa23 /util
parent49282290938c735c566c7d0abf57c67b69945cce (diff)
downloadfreeipa-eed401306c400ae938e2d328de22da6f729c8f3f.tar.gz
freeipa-eed401306c400ae938e2d328de22da6f729c8f3f.tar.xz
freeipa-eed401306c400ae938e2d328de22da6f729c8f3f.zip
ipa-pwd-extop: Move encoding in common too
Also to be used by ipa-kdb
Diffstat (limited to 'util')
-rw-r--r--util/ipa_krb5.c120
-rw-r--r--util/ipa_krb5.h4
2 files changed, 124 insertions, 0 deletions
diff --git a/util/ipa_krb5.c b/util/ipa_krb5.c
index b75da1e25..3cedbedb6 100644
--- a/util/ipa_krb5.c
+++ b/util/ipa_krb5.c
@@ -1,6 +1,8 @@
#include <string.h>
#include <stdlib.h>
#include <errno.h>
+#include <lber.h>
+#include <errno.h>
#include "ipa_krb5.h"
@@ -259,3 +261,121 @@ void ipa_krb5_free_key_data(krb5_key_data *keys, int num_keys)
free(keys);
}
+/* Novell key-format scheme:
+
+ KrbKeySet ::= SEQUENCE {
+ attribute-major-vno [0] UInt16,
+ attribute-minor-vno [1] UInt16,
+ kvno [2] UInt32,
+ mkvno [3] UInt32 OPTIONAL,
+ keys [4] SEQUENCE OF KrbKey,
+ ...
+ }
+
+ KrbKey ::= SEQUENCE {
+ salt [0] KrbSalt OPTIONAL,
+ key [1] EncryptionKey,
+ s2kparams [2] OCTET STRING OPTIONAL,
+ ...
+ }
+
+ KrbSalt ::= SEQUENCE {
+ type [0] Int32,
+ salt [1] OCTET STRING OPTIONAL
+ }
+
+ EncryptionKey ::= SEQUENCE {
+ keytype [0] Int32,
+ keyvalue [1] OCTET STRING
+ }
+
+ */
+
+int ber_encode_krb5_key_data(krb5_key_data *data,
+ int numk, int mkvno,
+ struct berval **encoded)
+{
+ BerElement *be = NULL;
+ ber_tag_t tag;
+ int ret, i;
+
+ be = ber_alloc_t(LBER_USE_DER);
+ if (!be) {
+ return ENOMEM;
+ }
+
+ tag = LBER_CONSTRUCTED | LBER_CLASS_CONTEXT;
+
+ ret = ber_printf(be, "{t[i]t[i]t[i]t[i]t[{",
+ tag | 0, 1, tag | 1, 1,
+ tag | 2, (ber_int_t)data[0].key_data_kvno,
+ tag | 3, (ber_int_t)mkvno, tag | 4);
+ if (ret == -1) {
+ ret = EFAULT;
+ goto done;
+ }
+
+ for (i = 0; i < numk; i++) {
+
+ ret = ber_printf(be, "{");
+ if (ret == -1) {
+ ret = EFAULT;
+ goto done;
+ }
+
+ if (data[i].key_data_length[1] != 0) {
+ ret = ber_printf(be, "t[{t[i]",
+ tag | 0,
+ tag | 0,
+ (ber_int_t)data[i].key_data_type[1]);
+ if (ret != -1) {
+ ret = ber_printf(be, "t[o]",
+ tag | 1,
+ data[i].key_data_contents[1],
+ (ber_len_t)data[i].key_data_length[1]);
+ }
+ if (ret != -1) {
+ ret = ber_printf(be, "}]");
+ }
+ if (ret == -1) {
+ ret = EFAULT;
+ goto done;
+ }
+ }
+
+ ret = ber_printf(be, "t[{t[i]t[o]}]",
+ tag | 1,
+ tag | 0,
+ (ber_int_t)data[i].key_data_type[0],
+ tag | 1,
+ data[i].key_data_contents[0],
+ (ber_len_t)data[i].key_data_length[0]);
+ if (ret == -1) {
+ ret = EFAULT;
+ goto done;
+ }
+
+ ret = ber_printf(be, "}");
+ if (ret == -1) {
+ ret = EFAULT;
+ goto done;
+ }
+ }
+
+ ret = ber_printf(be, "}]}");
+ if (ret == -1) {
+ ret = EFAULT;
+ goto done;
+ }
+
+ ret = ber_flatten(be, encoded);
+ if (ret == -1) {
+ ret = EFAULT;
+ goto done;
+ }
+
+done:
+ ber_free(be, 1);
+ return ret;
+}
+
diff --git a/util/ipa_krb5.h b/util/ipa_krb5.h
index 0bc667a93..ee6078db3 100644
--- a/util/ipa_krb5.h
+++ b/util/ipa_krb5.h
@@ -22,4 +22,8 @@ krb5_error_code ipa_krb5_generate_key_data(krb5_context krbctx,
void ipa_krb5_free_key_data(krb5_key_data *keys, int num_keys);
+int ber_encode_krb5_key_data(krb5_key_data *data,
+ int numk, int mkvno,
+ struct berval **encoded);
+
#endif /* __IPA_KRB5_H_ */