From 0ba5ccd7bb3ea15e44a87f84ca6feed8890f657d Mon Sep 17 00:00:00 2001 From: Sam Hartman Date: Sat, 3 Jan 2009 23:19:42 +0000 Subject: Merge mskrb-integ onto trunk The mskrb-integ branch includes support for the following projects: Projects/Aliases * Projects/PAC and principal APIs * Projects/AEAD encryption API * Projects/GSSAPI DCE * Projects/RFC 3244 In addition, it includes support for enctype negotiation, and a variety of GSS-API extensions. In the KDC it includes support for protocol transition, constrained delegation and a new authorization data interface. The old authorization data interface is also supported. This commit merges the mskrb-integ branch on to the trunk. Additional review and testing is required. Merge commit 'mskrb-integ' into trunk ticket: new status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21690 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/gssapi/krb5/ser_sctx.c | 82 +++++++++++++++++++++++++++++++++++++----- 1 file changed, 74 insertions(+), 8 deletions(-) (limited to 'src/lib/gssapi/krb5/ser_sctx.c') diff --git a/src/lib/gssapi/krb5/ser_sctx.c b/src/lib/gssapi/krb5/ser_sctx.c index 5babd7668..20cc6f9dd 100644 --- a/src/lib/gssapi/krb5/ser_sctx.c +++ b/src/lib/gssapi/krb5/ser_sctx.c @@ -99,7 +99,7 @@ kg_oid_internalize(kcontext, argp, buffer, lenremain) return EINVAL; } oid->length = ibuf; - oid->elements = malloc(ibuf); + oid->elements = malloc((size_t)ibuf); if (oid->elements == 0) { free(oid); return ENOMEM; @@ -263,7 +263,10 @@ kg_ctx_size(kcontext, arg, sizep) * krb5_int32 for sealalg. * ... for enc * ... for seq + * krb5_int32 for authtime. + * krb5_int32 for starttime. * krb5_int32 for endtime. + * krb5_int32 for renew_till. * krb5_int32 for flags. * krb5_int64 for seq_send. * krb5_int64 for seq_recv. @@ -275,11 +278,13 @@ kg_ctx_size(kcontext, arg, sizep) * ... for acceptor_subkey * krb5_int32 for acceptor_key_cksumtype * krb5_int32 for cred_rcache + * krb5_int32 for number of elements in authdata array + * ... for authdata array * krb5_int32 for trailer. */ kret = EINVAL; if ((ctx = (krb5_gss_ctx_id_rec *) arg)) { - required = 17*sizeof(krb5_int32); + required = 21*sizeof(krb5_int32); required += 2*sizeof(krb5_int64); required += sizeof(ctx->seed); @@ -337,6 +342,16 @@ kg_ctx_size(kcontext, arg, sizep) KV5M_KEYBLOCK, (krb5_pointer) ctx->acceptor_subkey, &required); + if (!kret && ctx->authdata) { + krb5_int32 i; + + for (i = 0; !kret && ctx->authdata[i]; i++) { + kret = krb5_size_opaque(kcontext, + KV5M_AUTHDATA, + (krb5_pointer)ctx->authdata[i], + &required); + } + } if (!kret) *sizep += required; } @@ -397,7 +412,13 @@ kg_ctx_externalize(kcontext, arg, buffer, lenremain) &bp, &remain); (void) krb5_ser_pack_int32((krb5_int32) ctx->sealalg, &bp, &remain); - (void) krb5_ser_pack_int32((krb5_int32) ctx->endtime, + (void) krb5_ser_pack_int32((krb5_int32) ctx->krb_times.authtime, + &bp, &remain); + (void) krb5_ser_pack_int32((krb5_int32) ctx->krb_times.starttime, + &bp, &remain); + (void) krb5_ser_pack_int32((krb5_int32) ctx->krb_times.endtime, + &bp, &remain); + (void) krb5_ser_pack_int32((krb5_int32) ctx->krb_times.renew_till, &bp, &remain); (void) krb5_ser_pack_int32((krb5_int32) ctx->krb_flags, &bp, &remain); @@ -477,6 +498,25 @@ kg_ctx_externalize(kcontext, arg, buffer, lenremain) if (!kret) kret = krb5_ser_pack_int32((krb5_int32) ctx->cred_rcache, &bp, &remain); + if (!kret) { + krb5_int32 i = 0; + + if (ctx->authdata) { + for (; ctx->authdata[i]; i++) + ; + } + /* authdata count */ + kret = krb5_ser_pack_int32(i, &bp, &remain); + if (!kret && ctx->authdata) { + /* authdata */ + for (i = 0; !kret && ctx->authdata[i]; i++) + kret = krb5_externalize_opaque(kcontext, + KV5M_AUTHDATA, + ctx->authdata[i], + &bp, + &remain); + } + } /* trailer */ if (!kret) kret = krb5_ser_pack_int32(KG_CONTEXT, &bp, &remain); @@ -552,11 +592,17 @@ kg_ctx_internalize(kcontext, argp, buffer, lenremain) (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); ctx->sealalg = (int) ibuf; (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); - ctx->endtime = (krb5_timestamp) ibuf; + ctx->krb_times.authtime = (krb5_timestamp) ibuf; + (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); + ctx->krb_times.starttime = (krb5_timestamp) ibuf; + (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); + ctx->krb_times.endtime = (krb5_timestamp) ibuf; + (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); + ctx->krb_times.renew_till = (krb5_timestamp) ibuf; (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); ctx->krb_flags = (krb5_flags) ibuf; - (void) (*kaccess.krb5_ser_unpack_int64)(&ctx->seq_send, &bp, &remain); - kret = (*kaccess.krb5_ser_unpack_int64)(&ctx->seq_recv, &bp, &remain); + (void) (*kaccess.krb5_ser_unpack_int64)((krb5_int64 *)&ctx->seq_send, &bp, &remain); + kret = (*kaccess.krb5_ser_unpack_int64)((krb5_int64 *)&ctx->seq_recv, &bp, &remain); if (kret) { free(ctx); return kret; @@ -645,13 +691,33 @@ kg_ctx_internalize(kcontext, argp, buffer, lenremain) if (kret == EINVAL) kret = 0; } + if (!kret) + kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain); + ctx->acceptor_subkey_cksumtype = ibuf; if (!kret) kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain); ctx->cred_rcache = ibuf; + /* authdata */ if (!kret) kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain); - ctx->acceptor_subkey_cksumtype = ibuf; - + if (!kret) { + krb5_int32 nadata = ibuf, i; + + if (nadata > 0) { + ctx->authdata = (krb5_authdata **)calloc((size_t)nadata + 1, + sizeof(krb5_authdata *)); + if (ctx->authdata == NULL) { + kret = ENOMEM; + } else { + for (i = 0; !kret && i < nadata; i++) + kret = krb5_internalize_opaque(kcontext, + KV5M_AUTHDATA, + (krb5_pointer *)&ctx->authdata[i], + &bp, + &remain); + } + } + } /* Get trailer */ if (!kret) kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain); -- cgit