Add asn1c generated code for keytab controls

Instead of manually encoding controls, use an actual asn1 compiler.
The file asn1/asn1c/ipa.asn1 will contain ipa modules. The generated code
is committed to the tree and built into a static library that is linked
to the code that uses it.

The first module implements the GetKeytabControl control.

Related:
https://fedorahosted.org/freeipa/ticket/4718
https://fedorahosted.org/freeipa/ticket/4728

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>

1 files changed, 76 insertions, 0 deletions

diff --git a/asn1/ipa_asn1.h b/asn1/ipa_asn1.h
new file mode 100644
index 000000000..6ffcc5cc8
--- /dev/null
+++ b/asn1/ipa_asn1.h
@@ -0,0 +1,76 @@
+#ifndef __IPA_ASN1_H_
+#define __IPA_ASN1_H_
+
+#include "ipa_krb5.h"
+
+/**
+ * @brief Encodes a Get Keytab Request Control
+ *
+ * @param newkt     Whether this is a New Key request or a Current Key one
+ * @param princ     The principal the keys belong to (this is required)
+ * @param pwd       Optional, only for New Key reqs, the password to use to
+ *                  create the new keys
+ * @param etypes    Optional, only for New Key reqs, list of desired
+ *                  enctypes
+ * @param numtypes  Optional, Number of desired enctypes in etypes
+ * @param buf       A void pointer wil lcontain pointer to an allocated
+ *                  buffer with the serialized control, must be freed
+ * @param len       Length of the returned buffer
+ *
+ * @return          True on success or False on failure
+ */
+bool ipaasn1_enc_getkt(bool newkt, const char *princ, const char *pwd,
+                       long *etypes, int numtypes, void **buf, size_t *len);
+
+/**
+ * @brief Encodes a Get Keytab Reply Control
+ *
+ * @param kvno      The new key version number
+ * @param keys      A set of keys to return to the caller
+ * @param buf       A void pointer wil lcontain pointer to an allocated
+ *                  buffer with the serialized control, must be freed
+ * @param len       Length of the returned buffer
+ *
+ * @return          True on success or False on failure
+ */
+bool ipaasn1_enc_getktreply(int kvno, struct keys_container *keys,
+                            void **buf, size_t *len);
+
+/**
+ * @brief Decodes a Get Keytab Requst Control
+ *
+ * @param buf       A pointer to the serialized buffer
+ * @param len       The lenght of the buffer
+ * @param newkt     Returns whether this is a New Key or Current Key request
+ * @param princ     Returns the principal the keys belong to.
+ * @param pwd       Optional: The password to use to create keys
+ * @param etypes    Optional: The desired enctypes
+ * @param numtypes  Optional: Number of desired enctypes in etypes
+ *
+ * @return          True on success or False on failure
+ *
+ * NOTE: princ, pwd, etypes and numtypes should be zeroed before being
+ *       passed in input, and the caller may need to free them even in
+ *       case of failure.
+ */
+bool ipaasn1_dec_getkt(void *buf, size_t len, bool *newkt,
+                       char **princ, char **pwd,
+                       long **etypes, int *numtypes);
+
+/**
+ * @brief Decodes a Get Keytab Reply Control
+ *
+ * @param buf       A pointer to the serialized buffer
+ * @param len       The lenght of the buffer
+ * @param kvno      The new key version number
+ * @param keys      A set of keys generated by the server
+ *
+ * @return          True on success or False on failure
+ *
+ * NOTE: keys should be a zeroed structure and the caller may need to free
+ *       it even in case of failure.
+ */
+bool ipaasn1_dec_getktreply(void *buf, size_t len,
+                            int *kvno, struct keys_container *keys);
+
+#endif /* __IPA_ASN1_H_ */