summaryrefslogtreecommitdiffstats
path: root/src/lib/gssapi/krb5/ser_sctx.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/gssapi/krb5/ser_sctx.c')
-rw-r--r--src/lib/gssapi/krb5/ser_sctx.c305
1 files changed, 71 insertions, 234 deletions
diff --git a/src/lib/gssapi/krb5/ser_sctx.c b/src/lib/gssapi/krb5/ser_sctx.c
index 36e70d742..36a16d426 100644
--- a/src/lib/gssapi/krb5/ser_sctx.c
+++ b/src/lib/gssapi/krb5/ser_sctx.c
@@ -40,192 +40,6 @@
* still be done. --marc
*/
-/*
- * Determine the size required for this krb5_gss_enc_desc.
- */
-static krb5_error_code
-kg_enc_desc_size(kcontext, arg, sizep)
- krb5_context kcontext;
- krb5_pointer arg;
- size_t *sizep;
-{
- krb5_error_code kret;
- krb5_gss_enc_desc *edescp;
- size_t required;
-
- /*
- * krb5_gss_cred_id_t requires:
- * krb5_int32 for KG_ENC_DESC
- * krb5_int32 for processed.
- * krb5_int32 for trailer.
- */
- kret = EINVAL;
- if ((edescp = (krb5_gss_enc_desc *) arg)) {
- required = 3*sizeof(krb5_int32);
- if (edescp->key)
- kret = krb5_size_opaque(kcontext,
- KV5M_KEYBLOCK,
- (krb5_pointer) edescp->key,
- &required);
- else
- kret = 0;
-
- /*
- * We need to use size_opaque here because we're not sure as to the
- * ancestry of this eblock, and we can't be sure that the magic number
- * is set in it, so we ASSuME that it's ok.
- */
- if (!kret)
- kret = krb5_size_opaque(kcontext,
- KV5M_ENCRYPT_BLOCK,
- (krb5_pointer) &edescp->eblock,
- &required);
-
- if (!kret)
- *sizep += required;
- }
- return(kret);
-}
-
-/*
- * Externalize this krb5_gss_enc_desc.
- */
-static krb5_error_code
-kg_enc_desc_externalize(kcontext, arg, buffer, lenremain)
- krb5_context kcontext;
- krb5_pointer arg;
- krb5_octet **buffer;
- size_t *lenremain;
-{
- krb5_error_code kret;
- krb5_gss_enc_desc *enc_desc;
- size_t required;
- krb5_octet *bp;
- size_t remain;
-
- required = 0;
- bp = *buffer;
- remain = *lenremain;
- kret = EINVAL;
- if ((enc_desc = (krb5_gss_enc_desc *) arg)) {
- kret = ENOMEM;
- if (!kg_enc_desc_size(kcontext, arg, &required) &&
- (required <= remain)) {
- /* Our identifier */
- (void) krb5_ser_pack_int32(KG_ENC_DESC, &bp, &remain);
-
- /* Now static data */
- (void) krb5_ser_pack_int32((krb5_int32) enc_desc->processed,
- &bp, &remain);
-
- /* Now pack up dynamic data */
- if (enc_desc->key)
- kret = krb5_externalize_opaque(kcontext,
- KV5M_KEYBLOCK,
- (krb5_pointer) enc_desc->key,
- &bp, &remain);
- else
- kret = 0;
-
- if (!kret)
- kret = krb5_externalize_opaque(kcontext,
- KV5M_ENCRYPT_BLOCK,
- (krb5_pointer)&enc_desc->eblock,
- &bp, &remain);
- if (!kret) {
- (void) krb5_ser_pack_int32(KG_ENC_DESC, &bp, &remain);
- *buffer = bp;
- *lenremain = remain;
- }
- }
- }
- return(kret);
-}
-
-/*
- * Internalize this krb5_gss_enc_desc.
- */
-static krb5_error_code
-kg_enc_desc_internalize(kcontext, argp, buffer, lenremain)
- krb5_context kcontext;
- krb5_pointer *argp;
- krb5_octet **buffer;
- size_t *lenremain;
-{
- krb5_error_code kret;
- krb5_gss_enc_desc *edescp;
- krb5_int32 ibuf;
- krb5_octet *bp;
- krb5_encrypt_block *eblockp;
- size_t remain;
-
- bp = *buffer;
- remain = *lenremain;
- kret = EINVAL;
- /* Read our magic number */
- if (krb5_ser_unpack_int32(&ibuf, &bp, &remain))
- ibuf = 0;
- if (ibuf == KG_ENC_DESC) {
- kret = ENOMEM;
-
- /* Get an enc_desc */
- if ((remain >= (2*sizeof(krb5_int32))) &&
- (edescp = (krb5_gss_enc_desc *)
- xmalloc(sizeof(krb5_gss_enc_desc)))) {
- memset(edescp, 0, sizeof(krb5_gss_enc_desc));
-
- /* Get the static data */
- (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
- edescp->processed = (int) ibuf;
-
- /* edescp->key */
- if ((kret = krb5_internalize_opaque(kcontext,
- KV5M_KEYBLOCK,
- (krb5_pointer *) &edescp->key,
- &bp, &remain))) {
- if (kret == EINVAL)
- kret = 0;
- }
-
- /* edescp->eblock */
- if (!kret &&
- (kret = krb5_internalize_opaque(kcontext,
- KV5M_ENCRYPT_BLOCK,
- (krb5_pointer *) &eblockp,
- &bp, &remain))) {
- if (kret == EINVAL)
- kret = 0;
- }
- else {
- /* Successful, copy in allocated eblock to our structure */
- memcpy(&edescp->eblock, eblockp, sizeof(edescp->eblock));
- krb5_xfree(eblockp);
- }
-
- /* trailer */
- if (!kret &&
- !(kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain)) &&
- (ibuf == KG_ENC_DESC)) {
- *buffer = bp;
- *lenremain = remain;
- *argp = (krb5_pointer) edescp;
- }
- else {
- if (!kret && (ibuf != KG_ENC_DESC))
- kret = EINVAL;
- if (edescp->eblock.key)
- krb5_free_keyblock(kcontext, edescp->eblock.key);
- if (edescp->eblock.priv && edescp->eblock.priv_size)
- krb5_xfree(edescp->eblock.priv);
- if (edescp->key)
- krb5_free_keyblock(kcontext, edescp->key);
- xfree(edescp);
- }
- }
- }
- return(kret);
-}
-
static krb5_error_code
kg_oid_externalize(kcontext, arg, buffer, lenremain)
krb5_context kcontext;
@@ -416,12 +230,15 @@ kg_ctx_size(kcontext, arg, sizep)
* krb5_int32 for seq_recv.
* krb5_int32 for established.
* krb5_int32 for big_endian.
+ * krb5_int32 for gsskrb5_version.
+ * krb5_int32 for nctypes.
* krb5_int32 for trailer.
*/
kret = EINVAL;
if ((ctx = (krb5_gss_ctx_id_rec *) arg)) {
- required = 14*sizeof(krb5_int32);
+ required = 16*sizeof(krb5_int32);
required += sizeof(ctx->seed);
+ required += ctx->nctypes*sizeof(krb5_int32);
kret = 0;
if (!kret && ctx->here)
@@ -442,14 +259,16 @@ kg_ctx_size(kcontext, arg, sizep)
(krb5_pointer) ctx->subkey,
&required);
- if (!kret)
- kret = kg_enc_desc_size(kcontext,
- (krb5_pointer) &ctx->enc,
+ if (!kret && ctx->enc)
+ kret = krb5_size_opaque(kcontext,
+ KV5M_KEYBLOCK,
+ (krb5_pointer) ctx->enc,
&required);
- if (!kret)
- kret = kg_enc_desc_size(kcontext,
- (krb5_pointer) &ctx->seq,
+ if (!kret && ctx->seq)
+ kret = krb5_size_opaque(kcontext,
+ KV5M_KEYBLOCK,
+ (krb5_pointer) ctx->seq,
&required);
if (!kret)
@@ -486,6 +305,7 @@ kg_ctx_externalize(kcontext, arg, buffer, lenremain)
size_t required;
krb5_octet *bp;
size_t remain;
+ int i;
required = 0;
bp = *buffer;
@@ -526,6 +346,10 @@ kg_ctx_externalize(kcontext, arg, buffer, lenremain)
&bp, &remain);
(void) krb5_ser_pack_int32((krb5_int32) ctx->big_endian,
&bp, &remain);
+ (void) krb5_ser_pack_int32((krb5_int32) ctx->gsskrb5_version,
+ &bp, &remain);
+ (void) krb5_ser_pack_int32((krb5_int32) ctx->nctypes,
+ &bp, &remain);
/* Now dynamic data */
kret = 0;
@@ -552,14 +376,16 @@ kg_ctx_externalize(kcontext, arg, buffer, lenremain)
(krb5_pointer) ctx->subkey,
&bp, &remain);
- if (!kret)
- kret = kg_enc_desc_externalize(kcontext,
- (krb5_pointer) &ctx->enc,
+ if (!kret && ctx->enc)
+ kret = krb5_externalize_opaque(kcontext,
+ KV5M_KEYBLOCK,
+ (krb5_pointer) ctx->enc,
&bp, &remain);
- if (!kret)
- kret = kg_enc_desc_externalize(kcontext,
- (krb5_pointer) &ctx->seq,
+ if (!kret && ctx->seq)
+ kret = krb5_externalize_opaque(kcontext,
+ KV5M_KEYBLOCK,
+ (krb5_pointer) ctx->seq,
&bp, &remain);
if (!kret && ctx->seqstate)
@@ -571,6 +397,13 @@ kg_ctx_externalize(kcontext, arg, buffer, lenremain)
KV5M_AUTH_CONTEXT,
(krb5_pointer) ctx->auth_context,
&bp, &remain);
+
+ for (i=0; i<ctx->nctypes; i++) {
+ if (!kret) {
+ kret = krb5_ser_pack_int32((krb5_int32) ctx->ctypes[i],
+ &bp, &remain);
+ }
+ }
if (!kret) {
(void) krb5_ser_pack_int32(KG_CONTEXT, &bp, &remain);
@@ -597,7 +430,7 @@ kg_ctx_internalize(kcontext, argp, buffer, lenremain)
krb5_int32 ibuf;
krb5_octet *bp;
size_t remain;
- krb5_gss_enc_desc *edp;
+ int i;
bp = *buffer;
remain = *lenremain;
@@ -640,6 +473,10 @@ kg_ctx_internalize(kcontext, argp, buffer, lenremain)
ctx->established = (int) ibuf;
(void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
ctx->big_endian = (int) ibuf;
+ (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+ ctx->gsskrb5_version = (int) ibuf;
+ (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+ ctx->nctypes = (int) ibuf;
if ((kret = kg_oid_internalize(kcontext, &ctx->mech_used, &bp,
&remain))) {
@@ -670,29 +507,21 @@ kg_ctx_internalize(kcontext, argp, buffer, lenremain)
if (kret == EINVAL)
kret = 0;
}
- if (!kret) {
- if ((kret = kg_enc_desc_internalize(kcontext,
- (krb5_pointer *) &edp,
- &bp, &remain))) {
- if (kret == EINVAL)
- kret = 0;
- }
- else {
- memcpy(&ctx->enc, edp, sizeof(ctx->enc));
- xfree(edp);
- }
+ if (!kret &&
+ (kret = krb5_internalize_opaque(kcontext,
+ KV5M_KEYBLOCK,
+ (krb5_pointer *) &ctx->enc,
+ &bp, &remain))) {
+ if (kret == EINVAL)
+ kret = 0;
}
- if (!kret) {
- if ((kret = kg_enc_desc_internalize(kcontext,
- (krb5_pointer *) &edp,
- &bp, &remain))) {
- if (kret == EINVAL)
- kret = 0;
- }
- else {
- memcpy(&ctx->seq, edp, sizeof(ctx->seq));
- xfree(edp);
- }
+ if (!kret &&
+ (kret = krb5_internalize_opaque(kcontext,
+ KV5M_KEYBLOCK,
+ (krb5_pointer *) &ctx->seq,
+ &bp, &remain))) {
+ if (kret == EINVAL)
+ kret = 0;
}
if (!kret) {
@@ -708,6 +537,22 @@ kg_ctx_internalize(kcontext, argp, buffer, lenremain)
(krb5_pointer *) &ctx->auth_context,
&bp, &remain);
+ if (!kret) {
+ if (ctx->nctypes) {
+ if ((ctx->ctypes = (krb5_cksumtype *)
+ malloc(ctx->nctypes*sizeof(krb5_cksumtype))) == NULL){
+ kret = ENOMEM;
+ }
+
+ for (i=0; i<ctx->nctypes; i++) {
+ if (!kret) {
+ kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+ ctx->ctypes[i] = (krb5_cksumtype) ibuf;
+ }
+ }
+ }
+ }
+
/* Get trailer */
if (!kret &&
!(kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain)) &&
@@ -719,18 +564,10 @@ kg_ctx_internalize(kcontext, argp, buffer, lenremain)
else {
if (!kret && (ibuf != KG_CONTEXT))
kret = EINVAL;
- if (ctx->seq.eblock.key)
- krb5_free_keyblock(kcontext, ctx->seq.eblock.key);
- if (ctx->seq.eblock.priv && ctx->seq.eblock.priv_size)
- krb5_xfree(ctx->seq.eblock.priv);
- if (ctx->seq.key)
- krb5_free_keyblock(kcontext, ctx->seq.key);
- if (ctx->enc.eblock.key)
- krb5_free_keyblock(kcontext, ctx->enc.eblock.key);
- if (ctx->enc.eblock.priv && ctx->enc.eblock.priv_size)
- krb5_xfree(ctx->enc.eblock.priv);
- if (ctx->enc.key)
- krb5_free_keyblock(kcontext, ctx->enc.key);
+ if (ctx->seq)
+ krb5_free_keyblock(kcontext, ctx->seq);
+ if (ctx->enc)
+ krb5_free_keyblock(kcontext, ctx->enc);
if (ctx->subkey)
krb5_free_keyblock(kcontext, ctx->subkey);
if (ctx->there)
generated by cgit (git 2.34.1) at 2025-06-14 19:37:06 +0000