From bb89afd7c59deea855d2818fe36ef7472b4abf2e Mon Sep 17 00:00:00 2001
From: Nathaniel McCallum <npmccallum@redhat.com>
Date: Mon, 9 Sep 2013 14:23:56 -0400
Subject: Add ASN.1 codec for KKDCP's KDC-PROXY-MESSAGE

Handle encoding and decoding [MS-KKDCP] proxy messages, including
handling of the additional length bytes.  Early versions of [MS-KKDCP]
incorrectly omit that the size of the proxied message is prepended to
the proxied message, as it is when we're using plain TCP, before
encoding the proxy-message structure.  This is fixed at least as of
version 2.1 of the spec.

[nalin@redhat.com: add tests]

ticket: 7929
---
 src/include/k5-int.h | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'src/include')

diff --git a/src/include/k5-int.h b/src/include/k5-int.h
index 096cd14f5..8f039ee53 100644
--- a/src/include/k5-int.h
+++ b/src/include/k5-int.h
@@ -518,6 +518,12 @@ typedef struct _krb5_pa_otp_req {
     krb5_data vendor;
 } krb5_pa_otp_req;
 
+typedef struct _krb5_kkdcp_message {
+    krb5_data kerb_message;
+    krb5_data target_domain;
+    krb5_int32 dclocator_hint;
+} krb5_kkdcp_message;
+
 #include <stdlib.h>
 #include <string.h>
 
@@ -898,6 +904,7 @@ void k5_free_otp_tokeninfo(krb5_context context, krb5_otp_tokeninfo *val);
 void k5_free_pa_otp_challenge(krb5_context context,
                               krb5_pa_otp_challenge *val);
 void k5_free_pa_otp_req(krb5_context context, krb5_pa_otp_req *val);
+void k5_free_kkdcp_message(krb5_context context, krb5_kkdcp_message *val);
 
 /* #include "krb5/wordsize.h" -- comes in through base-defs.h. */
 #include "com_err.h"
@@ -1438,6 +1445,9 @@ encode_krb5_pa_otp_req(const krb5_pa_otp_req *, krb5_data **);
 krb5_error_code
 encode_krb5_pa_otp_enc_req(const krb5_data *, krb5_data **);
 
+krb5_error_code
+encode_krb5_kkdcp_message(const krb5_kkdcp_message *, krb5_data **);
+
 /*************************************************************************
  * End of prototypes for krb5_encode.c
  *************************************************************************/
@@ -1608,6 +1618,9 @@ decode_krb5_pa_otp_req(const krb5_data *, krb5_pa_otp_req **);
 krb5_error_code
 decode_krb5_pa_otp_enc_req(const krb5_data *, krb5_data **);
 
+krb5_error_code
+decode_krb5_kkdcp_message(const krb5_data *, krb5_kkdcp_message **);
+
 struct _krb5_key_data;          /* kdb.h */
 
 struct ldap_seqof_key_data {
-- 
cgit