diff options
author | Greg Hudson <ghudson@mit.edu> | 2009-09-13 02:52:23 +0000 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2009-09-13 02:52:23 +0000 |
commit | 0e39f8a3ad915eeb0131fb4a87b0fef304101cfd (patch) | |
tree | 6c6d7fd4b23f4724156300b5505433b13cfe9fb6 /src/lib/krb5/asn.1 | |
parent | f89b62fe9fd7b0cb10d7e2ff542fb18c1b56d35d (diff) | |
download | krb5-0e39f8a3ad915eeb0131fb4a87b0fef304101cfd.tar.gz krb5-0e39f8a3ad915eeb0131fb4a87b0fef304101cfd.tar.xz krb5-0e39f8a3ad915eeb0131fb4a87b0fef304101cfd.zip |
Implement s4u extensions
Merge Luke's users/lhoward/s4u branch to trunk. Implements S4U2Self
and S4U2Proxy extensions.
ticket: 6563
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22736 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/krb5/asn.1')
-rw-r--r-- | src/lib/krb5/asn.1/asn1_k_decode.c | 41 | ||||
-rw-r--r-- | src/lib/krb5/asn.1/asn1_k_decode.h | 4 | ||||
-rw-r--r-- | src/lib/krb5/asn.1/asn1_k_encode.c | 34 | ||||
-rw-r--r-- | src/lib/krb5/asn.1/krb5_decode.c | 12 |
4 files changed, 91 insertions, 0 deletions
diff --git a/src/lib/krb5/asn.1/asn1_k_decode.c b/src/lib/krb5/asn.1/asn1_k_decode.c index 1917d89743..b1b09371bc 100644 --- a/src/lib/krb5/asn.1/asn1_k_decode.c +++ b/src/lib/krb5/asn.1/asn1_k_decode.c @@ -1616,6 +1616,47 @@ error_out: return retval; } +asn1_error_code asn1_decode_s4u_userid(asn1buf *buf, krb5_s4u_userid *val) +{ + setup(); + val->nonce = 0; + val->user = NULL; + val->subject_cert.data = NULL; + val->options = 0; + { begin_structure(); + get_field(val->nonce,0,asn1_decode_int32); + alloc_principal(val->user); + opt_field(val->user,1,asn1_decode_principal_name,0); + get_field(val->user,2,asn1_decode_realm); + opt_lenfield(val->subject_cert.length,val->subject_cert.data,3,asn1_decode_charstring); + opt_field(val->options,4,asn1_decode_krb5_flags,0); + end_structure(); + } + return 0; +error_out: + krb5_free_principal(NULL, val->user); + krb5_free_data_contents(NULL, &val->subject_cert); + val->user = NULL; + val->subject_cert.data = NULL; + return retval; +} + +asn1_error_code asn1_decode_pa_s4u_x509_user(asn1buf *buf, krb5_pa_s4u_x509_user *val) +{ + setup(); + val->cksum.contents = NULL; + { begin_structure(); + get_field(val->user_id,0,asn1_decode_s4u_userid); + get_field(val->cksum,1,asn1_decode_checksum); + end_structure(); + } + return 0; +error_out: + krb5_free_s4u_userid_contents(NULL, &val->user_id); + krb5_free_checksum_contents(NULL, &val->cksum); + return retval; +} + asn1_error_code asn1_decode_pa_pac_req(asn1buf *buf, krb5_pa_pac_req *val) { setup(); diff --git a/src/lib/krb5/asn.1/asn1_k_decode.h b/src/lib/krb5/asn.1/asn1_k_decode.h index 7444443ba5..fc62c8f4ec 100644 --- a/src/lib/krb5/asn.1/asn1_k_decode.h +++ b/src/lib/krb5/asn.1/asn1_k_decode.h @@ -263,6 +263,10 @@ asn1_error_code asn1_decode_setpw_req (asn1buf *buf, krb5_data *rep, krb5_principal *principal); asn1_error_code asn1_decode_pa_for_user (asn1buf *buf, krb5_pa_for_user *val); +asn1_error_code asn1_decode_s4u_userid + (asn1buf *buf, krb5_s4u_userid *val); +asn1_error_code asn1_decode_pa_s4u_x509_user + (asn1buf *buf, krb5_pa_s4u_x509_user *val); asn1_error_code asn1_decode_pa_pac_req (asn1buf *buf, krb5_pa_pac_req *val); diff --git a/src/lib/krb5/asn.1/asn1_k_encode.c b/src/lib/krb5/asn.1/asn1_k_encode.c index ed01b7560d..cd63ffbb95 100644 --- a/src/lib/krb5/asn.1/asn1_k_encode.c +++ b/src/lib/krb5/asn.1/asn1_k_encode.c @@ -263,6 +263,8 @@ static unsigned int optional_enc_kdc_rep_part(const void *p) optional |= (1u << 8); if (val->caddrs != NULL && val->caddrs[0] != NULL) optional |= (1u << 11); + if (val->enc_padata != NULL) + optional |= (1u << 12); return optional; } @@ -1147,6 +1149,36 @@ static const struct field_info pa_for_user_fields[] = { DEFSEQTYPE(pa_for_user, krb5_pa_for_user, pa_for_user_fields, 0); +/* [MS-SFU] Section 2.2.2. */ +static const struct field_info s4u_userid_fields[] = { + FIELDOF_NORM(krb5_s4u_userid, int32, nonce, 0), + FIELDOF_OPT(krb5_s4u_userid, principal, user, 1, 1), + FIELDOF_NORM(krb5_s4u_userid, realm_of_principal, user, 2), + FIELDOF_OPT(krb5_s4u_userid, ostring_data, subject_cert, 3, 3), + FIELDOF_OPT(krb5_s4u_userid, krb5_flags, options, 4, 4), +}; + +static unsigned int s4u_userid_optional (const void *p) { + const krb5_s4u_userid *val = p; + unsigned int optional = 0; + if (val->user != NULL && val->user->length != 0) + optional |= (1u)<<1; + if (val->subject_cert.length != 0) + optional |= (1u)<<3; + if (val->options != 0) + optional |= (1u)<<4; + return optional; +} + +DEFSEQTYPE(s4u_userid, krb5_s4u_userid, s4u_userid_fields, s4u_userid_optional); + +static const struct field_info pa_s4u_x509_user_fields[] = { + FIELDOF_NORM(krb5_pa_s4u_x509_user, s4u_userid, user_id, 0), + FIELDOF_NORM(krb5_pa_s4u_x509_user, checksum, cksum, 1), +}; + +DEFSEQTYPE(pa_s4u_x509_user, krb5_pa_s4u_x509_user, pa_s4u_x509_user_fields, 0); + /* draft-ietf-krb-wg-kerberos-referrals Appendix A. */ static const struct field_info pa_svr_referral_data_fields[] = { FIELDOF_NORM(krb5_pa_svr_referral_data, realm_of_principal, principal, 0), @@ -1323,6 +1355,8 @@ MAKE_FULL_ENCODER(encode_krb5_predicted_sam_response, predicted_sam_response); MAKE_FULL_ENCODER(encode_krb5_setpw_req, setpw_req); MAKE_FULL_ENCODER(encode_krb5_pa_for_user, pa_for_user); +MAKE_FULL_ENCODER(encode_krb5_s4u_userid, s4u_userid); +MAKE_FULL_ENCODER(encode_krb5_pa_s4u_x509_user, pa_s4u_x509_user); MAKE_FULL_ENCODER(encode_krb5_pa_svr_referral_data, pa_svr_referral_data); MAKE_FULL_ENCODER(encode_krb5_pa_server_referral_data, pa_server_referral_data); MAKE_FULL_ENCODER(encode_krb5_etype_list, etype_list); diff --git a/src/lib/krb5/asn.1/krb5_decode.c b/src/lib/krb5/asn.1/krb5_decode.c index 7a08ec8884..a2e9c0a4dd 100644 --- a/src/lib/krb5/asn.1/krb5_decode.c +++ b/src/lib/krb5/asn.1/krb5_decode.c @@ -1061,6 +1061,18 @@ decode_krb5_pa_for_user(const krb5_data *code, krb5_pa_for_user **repptr) } krb5_error_code +decode_krb5_pa_s4u_x509_user(const krb5_data *code, krb5_pa_s4u_x509_user **repptr) +{ + setup_buf_only(krb5_pa_s4u_x509_user *); + alloc_field(rep); + + retval = asn1_decode_pa_s4u_x509_user(&buf, rep); + if (retval) clean_return(retval); + + cleanup(free); +} + +krb5_error_code decode_krb5_pa_pac_req(const krb5_data *code, krb5_pa_pac_req **repptr) { setup_buf_only(krb5_pa_pac_req *); |