diff options
| author | Nathaniel McCallum <npmccallum@redhat.com> | 2013-09-09 14:23:56 -0400 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2014-06-02 17:58:26 -0400 |
| commit | bb89afd7c59deea855d2818fe36ef7472b4abf2e (patch) | |
| tree | d5e010a26e547c0fdd45ae3608ac3066bfb15f7f /src/lib/krb5 | |
| parent | d0be57ac45ea639baa3cff0dd2108c34e834bfa7 (diff) | |
| download | krb5-bb89afd7c59deea855d2818fe36ef7472b4abf2e.tar.gz krb5-bb89afd7c59deea855d2818fe36ef7472b4abf2e.tar.xz krb5-bb89afd7c59deea855d2818fe36ef7472b4abf2e.zip | |
Add ASN.1 codec for KKDCP's KDC-PROXY-MESSAGE
Handle encoding and decoding [MS-KKDCP] proxy messages, including
handling of the additional length bytes. Early versions of [MS-KKDCP]
incorrectly omit that the size of the proxied message is prepended to
the proxied message, as it is when we're using plain TCP, before
encoding the proxy-message structure. This is fixed at least as of
version 2.1 of the spec.
[nalin@redhat.com: add tests]
ticket: 7929
Diffstat (limited to 'src/lib/krb5')
| -rw-r--r-- | src/lib/krb5/asn.1/asn1_k_encode.c | 14 | ||||
| -rw-r--r-- | src/lib/krb5/krb/kfree.c | 10 | ||||
| -rw-r--r-- | src/lib/krb5/libkrb5.exports | 3 |
3 files changed, 27 insertions, 0 deletions
diff --git a/src/lib/krb5/asn.1/asn1_k_encode.c b/src/lib/krb5/asn.1/asn1_k_encode.c index 7b9179d93..4dc49c2e1 100644 --- a/src/lib/krb5/asn.1/asn1_k_encode.c +++ b/src/lib/krb5/asn.1/asn1_k_encode.c @@ -1711,3 +1711,17 @@ static const struct atype_info *pa_otp_enc_req_fields[] = { }; DEFSEQTYPE(pa_otp_enc_req, krb5_data, pa_otp_enc_req_fields); MAKE_CODEC(krb5_pa_otp_enc_req, pa_otp_enc_req); + +DEFFIELD(kkdcp_message_0, krb5_kkdcp_message, + kerb_message, 0, ostring_data); +DEFFIELD(kkdcp_message_1, krb5_kkdcp_message, + target_domain, 1, opt_gstring_data); +DEFFIELD(kkdcp_message_2, krb5_kkdcp_message, + dclocator_hint, 2, opt_int32); +static const struct atype_info *kkdcp_message_fields[] = { + &k5_atype_kkdcp_message_0, &k5_atype_kkdcp_message_1, + &k5_atype_kkdcp_message_2 +}; +DEFSEQTYPE(kkdcp_message, krb5_kkdcp_message, + kkdcp_message_fields); +MAKE_CODEC(krb5_kkdcp_message, kkdcp_message); diff --git a/src/lib/krb5/krb/kfree.c b/src/lib/krb5/krb/kfree.c index 32b215182..f86c619b2 100644 --- a/src/lib/krb5/krb/kfree.c +++ b/src/lib/krb5/krb/kfree.c @@ -821,3 +821,13 @@ k5_free_pa_otp_req(krb5_context context, krb5_pa_otp_req *val) free(val->vendor.data); free(val); } + +void +k5_free_kkdcp_message(krb5_context context, krb5_kkdcp_message *val) +{ + if (val == NULL) + return; + free(val->target_domain.data); + free(val->kerb_message.data); + free(val); +} diff --git a/src/lib/krb5/libkrb5.exports b/src/lib/krb5/libkrb5.exports index 863ec029d..2d0852def 100644 --- a/src/lib/krb5/libkrb5.exports +++ b/src/lib/krb5/libkrb5.exports @@ -25,6 +25,7 @@ decode_krb5_iakerb_finished decode_krb5_iakerb_header decode_krb5_kdc_req_body decode_krb5_otp_tokeninfo +decode_krb5_kkdcp_message decode_krb5_pa_enc_ts decode_krb5_pa_for_user decode_krb5_pa_fx_fast_reply @@ -72,6 +73,7 @@ encode_krb5_iakerb_finished encode_krb5_iakerb_header encode_krb5_kdc_req_body encode_krb5_otp_tokeninfo +encode_krb5_kkdcp_message encode_krb5_pa_enc_ts encode_krb5_pa_for_user encode_krb5_pa_fx_fast_reply @@ -113,6 +115,7 @@ k5_expand_path_tokens k5_expand_path_tokens_extra k5_free_algorithm_identifier k5_free_otp_tokeninfo +k5_free_kkdcp_message k5_free_pa_otp_challenge k5_free_pa_otp_req k5_free_serverlist |