Implement GSS naming extensions and authdata verification

Merge Luke's users/lhoward/authdata branch to trunk.  Implements GSS naming
extensions and verification of authorization data.

ticket: 6572

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22875 dc483132-0cff-0310-8789-dd5450dbe970

9 files changed, 94 insertions, 2 deletions

diff --git a/src/tests/asn.1/krb5_decode_leak.c b/src/tests/asn.1/krb5_decode_leak.c
index be0a536e92..3eb6f3c66e 100644
--- a/src/tests/asn.1/krb5_decode_leak.c
+++ b/src/tests/asn.1/krb5_decode_leak.c
@@ -662,7 +662,6 @@ main(int argc, char **argv)
     /* encode_krb5_pa_s4u_x509_user */
     {
         krb5_pa_s4u_x509_user s4u, *tmp;
-
         setup(s4u, "pa_s4u_x509_user",
               ktest_make_sample_pa_s4u_x509_user);
         leak_test(s4u, encode_krb5_pa_s4u_x509_user,
@@ -670,6 +669,17 @@ main(int argc, char **argv)
                   krb5_free_pa_s4u_x509_user);
         ktest_empty_pa_s4u_x509_user(&s4u);
     }
+    /****************************************************************/
+    /* encode_krb5_ad_kdcissued */
+    {
+        krb5_ad_kdcissued kdci, *tmp;
+        setup(kdci, "ad_kdcissued",
+              ktest_make_sample_ad_kdcissued);
+        leak_test(kdci, encode_krb5_ad_kdcissued,
+                  decode_krb5_ad_kdcissued,
+                  krb5_free_ad_kdcissued);
+        ktest_empty_ad_kdcissued(&kdci);
+    }
     krb5_free_context(test_context);
     return 0;
 }
diff --git a/src/tests/asn.1/krb5_decode_test.c b/src/tests/asn.1/krb5_decode_test.c
index 2d20004220..401b26240e 100644
--- a/src/tests/asn.1/krb5_decode_test.c
+++ b/src/tests/asn.1/krb5_decode_test.c
@@ -891,12 +891,22 @@ int main(argc, argv)
 	ktest_empty_sam_response(&ref);
     }
 
+    /****************************************************************/
+    /* decode_pa_s4u_x509_user */
     {
 	setup(krb5_pa_s4u_x509_user,"krb5_pa_s4u_x509_user",ktest_make_sample_pa_s4u_x509_user);
 	decode_run("pa_s4u_x509_user","","30 68 A0 55 30 53 A0 06 02 04 00 CA 14 9A A1 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 12 04 10 70 61 5F 73 34 75 5F 78 35 30 39 5F 75 73 65 72 A4 07 03 05 00 80 00 00 00 A1 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34",decode_krb5_pa_s4u_x509_user,ktest_equal_pa_s4u_x509_user,krb5_free_pa_s4u_x509_user);
 	ktest_empty_pa_s4u_x509_user(&ref);
     }
 
+    /****************************************************************/
+    /* decode_ad_kdcissued */
+    {
+	setup(krb5_ad_kdcissued,"krb5_ad_kdcissued",ktest_make_sample_ad_kdcissued);
+	decode_run("ad_kdcissued","","30 65 A0 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 24 30 22 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72",decode_krb5_ad_kdcissued,ktest_equal_ad_kdcissued,krb5_free_ad_kdcissued);
+	ktest_empty_ad_kdcissued(&ref);
+    }
+
 #ifdef ENABLE_LDAP
     /* ldap sequence_of_keys */
     {
diff --git a/src/tests/asn.1/krb5_encode_test.c b/src/tests/asn.1/krb5_encode_test.c
index 7ae32ec757..c010af9ab6 100644
--- a/src/tests/asn.1/krb5_encode_test.c
+++ b/src/tests/asn.1/krb5_encode_test.c
@@ -706,7 +706,17 @@ main(argc, argv)
 		   encode_krb5_pa_s4u_x509_user);
 	ktest_empty_pa_s4u_x509_user(&s4u);
     }
-
+    /****************************************************************/
+    /* encode_krb5_ad_kdcissued */
+    {
+	krb5_ad_kdcissued kdci;
+	setup(kdci,krb5_ad_kdcissued,"ad_kdcissued",
+	      ktest_make_sample_ad_kdcissued);
+	encode_run(kdci,krb5_ad_kdcissued,
+		   "ad_kdcissued","",
+		   encode_krb5_ad_kdcissued);
+	ktest_empty_ad_kdcissued(&kdci);
+    }
 #ifdef ENABLE_LDAP
     {
 	ldap_seqof_key_data skd;
diff --git a/src/tests/asn.1/ktest.c b/src/tests/asn.1/ktest.c
index 8b6367918c..f41347c0f8 100644
--- a/src/tests/asn.1/ktest.c
+++ b/src/tests/asn.1/ktest.c
@@ -842,6 +842,19 @@ krb5_error_code ktest_make_sample_pa_s4u_x509_user(p)
     return 0;
 }
 
+krb5_error_code ktest_make_sample_ad_kdcissued(p)
+    krb5_ad_kdcissued *p;
+{
+    krb5_error_code retval;
+    retval = ktest_make_sample_checksum(&p->ad_checksum);
+    if (retval) return retval;
+    retval = ktest_make_sample_principal(&p->i_principal);
+    if (retval) return retval;
+    retval = ktest_make_sample_authorization_data(&p->elements);
+    if (retval) return retval;
+    return retval;
+}
+
 #ifdef ENABLE_LDAP
 static krb5_error_code ktest_make_sample_key_data(krb5_key_data *p, int i)
 {
@@ -1445,6 +1458,14 @@ void ktest_empty_pa_s4u_x509_user(p)
     if (p->cksum.contents) free(p->cksum.contents);
 }
 
+void ktest_empty_ad_kdcissued(p)
+    krb5_ad_kdcissued *p;
+{
+    if (p->ad_checksum.contents) free(p->ad_checksum.contents);
+    ktest_destroy_principal(&p->i_principal);
+    ktest_destroy_authorization_data(&p->elements);
+}
+
 #ifdef ENABLE_LDAP
 void ktest_empty_ldap_seqof_key_data(ctx, p)
     krb5_context ctx;
diff --git a/src/tests/asn.1/ktest.h b/src/tests/asn.1/ktest.h
index a2951d26f5..fa33ceffd4 100644
--- a/src/tests/asn.1/ktest.h
+++ b/src/tests/asn.1/ktest.h
@@ -106,6 +106,7 @@ krb5_error_code ktest_make_sample_enc_sam_response_enc
 krb5_error_code ktest_make_sample_predicted_sam_response(krb5_predicted_sam_response *p);
 krb5_error_code ktest_make_sample_enc_sam_response_enc_2(krb5_enc_sam_response_enc_2 *p);
 krb5_error_code ktest_make_sample_pa_s4u_x509_user(krb5_pa_s4u_x509_user *p);
+krb5_error_code ktest_make_sample_ad_kdcissued(krb5_ad_kdcissued *p);
 
 #ifdef ENABLE_LDAP
 krb5_error_code ktest_make_sample_ldap_seqof_key_data(ldap_seqof_key_data * p);
@@ -215,6 +216,7 @@ void ktest_empty_predicted_sam_response(krb5_predicted_sam_response *p);
 void ktest_empty_sam_response_2(krb5_sam_response_2 *p);
 void ktest_empty_enc_sam_response_enc_2(krb5_enc_sam_response_enc_2 *p);
 void ktest_empty_pa_s4u_x509_user(krb5_pa_s4u_x509_user *p);
+void ktest_empty_ad_kdcissued(krb5_ad_kdcissued *p);
 
 #ifdef ENABLE_LDAP
 void ktest_empty_ldap_seqof_key_data(krb5_context, ldap_seqof_key_data *p);
diff --git a/src/tests/asn.1/ktest_equal.c b/src/tests/asn.1/ktest_equal.c
index da03249730..5479f8047a 100644
--- a/src/tests/asn.1/ktest_equal.c
+++ b/src/tests/asn.1/ktest_equal.c
@@ -556,6 +556,20 @@ int ktest_equal_pa_s4u_x509_user(ref, var)
     p=p&&struct_equal(cksum,ktest_equal_checksum);
     return p;
 }
+
+int ktest_equal_ad_kdcissued(ref, var)
+    krb5_ad_kdcissued *ref;
+    krb5_ad_kdcissued *var;
+{
+    int p = TRUE;
+    if (ref == var) return TRUE;
+    else if (ref == NULL || var == NULL) return FALSE;
+    p=p&&struct_equal(ad_checksum,ktest_equal_checksum);
+    p=p&&ptr_equal(i_principal,ktest_equal_principal_data);
+    p=p&&ptr_equal(elements,ktest_equal_authorization_data);
+    return p;
+}
+
 #ifdef ENABLE_LDAP
 static int equal_key_data(ref, var)
     krb5_key_data *ref;
diff --git a/src/tests/asn.1/ktest_equal.h b/src/tests/asn.1/ktest_equal.h
index 8a0641de52..1464ebb509 100644
--- a/src/tests/asn.1/ktest_equal.h
+++ b/src/tests/asn.1/ktest_equal.h
@@ -95,6 +95,10 @@ int ktest_equal_pa_s4u_x509_user
     (krb5_pa_s4u_x509_user *ref,
 		    krb5_pa_s4u_x509_user *var);
 
+int ktest_equal_ad_kdcissued
+    (krb5_ad_kdcissued *ref,
+		    krb5_ad_kdcissued *var);
+
 int ktest_equal_ldap_sequence_of_keys(ldap_seqof_key_data *ref,
 				      ldap_seqof_key_data *var);
 #endif
diff --git a/src/tests/asn.1/reference_encode.out b/src/tests/asn.1/reference_encode.out
index 0d913cdb24..952e69c771 100644
--- a/src/tests/asn.1/reference_encode.out
+++ b/src/tests/asn.1/reference_encode.out
@@ -57,3 +57,4 @@ encode_krb5_predicted_sam_response: 30 6D A0 13 30 11 A0 03 02 01 01 A1 0A 04 08
 encode_krb5_sam_response_2: 30 42 A0 03 02 01 2B A1 07 03 05 00 80 00 00 00 A2 0C 04 0A 74 72 61 63 6B 20 64 61 74 61 A3 1D 30 1B A0 03 02 01 01 A1 04 02 02 0D 36 A2 0E 04 0C 6E 6F 6E 63 65 20 6F 72 20 73 61 64 A4 05 02 03 54 32 10
 encode_krb5_enc_sam_response_enc_2: 30 1F A0 03 02 01 58 A1 18 04 16 65 6E 63 5F 73 61 6D 5F 72 65 73 70 6F 6E 73 65 5F 65 6E 63 5F 32
 encode_krb5_pa_s4u_x509_user: 30 68 A0 55 30 53 A0 06 02 04 00 CA 14 9A A1 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 12 04 10 70 61 5F 73 34 75 5F 78 35 30 39 5F 75 73 65 72 A4 07 03 05 00 80 00 00 00 A1 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34
+encode_krb5_ad_kdcissued: 30 65 A0 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 24 30 22 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72
diff --git a/src/tests/asn.1/trval_reference.out b/src/tests/asn.1/trval_reference.out
index c8aa48e3f9..b19ca747e7 100644
--- a/src/tests/asn.1/trval_reference.out
+++ b/src/tests/asn.1/trval_reference.out
@@ -1263,3 +1263,23 @@ encode_krb5_pa_s4u_x509_user:
 .  .  [0] [Integer] 1
 .  .  [1] [Octet String] "1234"
 
+encode_krb5_ad_kdcissued:
+
+[Sequence/Sequence Of] 
+.  [0] [Sequence/Sequence Of] 
+.  .  [0] [Integer] 1
+.  .  [1] [Octet String] "1234"
+.  [1] [General string] "ATHENA.MIT.EDU"
+.  [2] [Sequence/Sequence Of] 
+.  .  [0] [Integer] 1
+.  .  [1] [Sequence/Sequence Of] 
+.  .  .  [General string] "hftsai"
+.  .  .  [General string] "extra"
+.  [3] [Sequence/Sequence Of] 
+.  .  [Sequence/Sequence Of] 
+.  .  .  [0] [Integer] 1
+.  .  .  [1] [Octet String] "foobar"
+.  .  [Sequence/Sequence Of] 
+.  .  .  [0] [Integer] 1
+.  .  .  [1] [Octet String] "foobar"
+