Fold in ISI changes for asn.1 fixes
authorTheodore Tso <tytso@mit.edu>
Tue, 29 Sep 1992 14:17:12 +0000 (14:17 +0000)
committerTheodore Tso <tytso@mit.edu>
Tue, 29 Sep 1992 14:17:12 +0000 (14:17 +0000)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@2435 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/krb5/asn.1/Imakefile
src/lib/krb5/asn.1/KRB5-asn.py
src/lib/krb5/asn.1/kdcr2kkdcr.c
src/lib/krb5/asn.1/kkdcr2kdcr.c

index 0da8f734f241aeb55d8774a10b37a7610090d6c6..12e4d7204979e076c5636d9add78b73e489bd514 100644 (file)
@@ -64,7 +64,6 @@ SRCS= \
        $(SRCDIR)kkdcr2kdcr.c   \
        $(SRCDIR)kkey2enck.c    \
        $(SRCDIR)klsrq2lsrq.c   \
-       $(SRCDIR)kpadt2padt.c   \
        $(SRCDIR)kprep2prep.c   \
        $(SRCDIR)kprin2prin.c   \
        $(SRCDIR)kpriv2priv.c   \
@@ -74,7 +73,6 @@ SRCS= \
        $(SRCDIR)ktgsr2kdcr.c   \
        $(SRCDIR)ktkt2tkt.c     \
        $(SRCDIR)lsrq2klsrq.c   \
-       $(SRCDIR)padt2kpadt.c   \
        $(SRCDIR)prep2kprep.c   \
        $(SRCDIR)prin2kprin.c   \
        $(SRCDIR)priv2kpriv.c   \
@@ -83,7 +81,12 @@ SRCS= \
        $(SRCDIR)tran2ktran.c   \
        $(SRCDIR)tgrq2ktgrq.c   \
        $(SRCDIR)tkt2ktkt.c     \
-       $(SRCDIR)u2gen.c
+       $(SRCDIR)u2gen.c        \
+       $(SRCDIR)ktgsr2kdcr.c   \
+       $(SRCDIR)kpwd2pwd.c     \
+       $(SRCDIR)kpwds2pwds.c   \
+       $(SRCDIR)pwd2kpwd.c     \
+       $(SRCDIR)pwds2kpwds.c
 
 OBJS= \
        KRB5_tables.o   \
@@ -121,7 +124,6 @@ OBJS= \
        kkdcr2kdcr.o    \
        kkey2enck.o     \
        klsrq2lsrq.o    \
-       kpadt2padt.o    \
        kprep2prep.o    \
        kprin2prin.o    \
        kpriv2priv.o    \
@@ -131,7 +133,6 @@ OBJS= \
        ktgsr2kdcr.o    \
        ktkt2tkt.o      \
        lsrq2klsrq.o    \
-       padt2kpadt.o    \
        prep2kprep.o    \
        prin2kprin.o    \
        priv2kpriv.o    \
@@ -140,7 +141,11 @@ OBJS= \
        tran2ktran.o    \
        tgrq2ktgrq.o    \
        tkt2ktkt.o      \
-       u2gen.o
+       u2gen.o         \
+       kpwd2pwd.o      \
+       kpwds2pwds.o    \
+       pwd2kpwd.o      \
+       pwds2kpwds.o
 
 all:: includes
 
index 647604291e90341797d634d0f86ad3692fd6f5cc..93692687ffd31c81121dee070ece9c5e1c81df5e 100644 (file)
 --
 -- ASN.1 definitions for the kerberos network objects
 --
+-- Do not change the order of any structure containing some
+-- element_KRB5_xx unless the corresponding translation code is also
+-- changed.
+--
 
 KRB5 DEFINITIONS ::=
 BEGIN
@@ -34,7 +38,6 @@ SECTIONS encode decode none
 -- the order of stuff in this file matches the order in the draft RFC
 
 Realm ::= GeneralString
-PrincipalName ::= SEQUENCE OF GeneralString
 
 HostAddress ::= SEQUENCE  {
        addr-type[0]                    INTEGER,
@@ -75,6 +78,11 @@ LastReq ::=  SEQUENCE OF SEQUENCE {
 
 KerberosTime ::=       GeneralizedTime -- Specifying UTC time zone (Z)
 
+PrincipalName ::= SEQUENCE{
+       name-type[0]    INTEGER,
+       name-string[1]  SEQUENCE OF GeneralString
+}
+
 Ticket ::=     [APPLICATION 1] SEQUENCE {
        tkt-vno[0]      INTEGER,
        realm[1]        Realm,
@@ -98,20 +106,21 @@ EncTicketPart ::=  [APPLICATION 3] SEQUENCE {
        starttime[6]    KerberosTime OPTIONAL,
        endtime[7]      KerberosTime,
        renew-till[8]   KerberosTime OPTIONAL,
-       caddr[9]        HostAddresses,
+       caddr[9]        HostAddresses OPTIONAL,
        authorization-data[10]  AuthorizationData OPTIONAL
 }
 
 -- Unencrypted authenticator
 Authenticator ::=      [APPLICATION 2] SEQUENCE  {
        authenticator-vno[0]    INTEGER,
-       crealm[1]       Realm,
-       cname[2]        PrincipalName,
-       cksum[3]        Checksum OPTIONAL,
-       cusec[4]        INTEGER,
-       ctime[5]        KerberosTime,
-       subkey[6]       EncryptionKey OPTIONAL,
-       seq-number[7]   INTEGER OPTIONAL
+       crealm[1]               Realm,
+       cname[2]                PrincipalName,
+       cksum[3]                Checksum OPTIONAL,
+       cusec[4]                INTEGER,
+       ctime[5]                KerberosTime,
+       subkey[6]               EncryptionKey OPTIONAL,
+       seq-number[7]           INTEGER OPTIONAL,
+       authorization-data[8]   AuthorizationData OPTIONAL
 }
 
 TicketFlags ::= BIT STRING {
@@ -131,22 +140,13 @@ AS-REQ ::= [APPLICATION 10] KDC-REQ
 TGS-REQ ::= [APPLICATION 12] KDC-REQ
 
 KDC-REQ ::= SEQUENCE {
-       pvno[1] INTEGER,
+       pvno[1]         INTEGER,
        msg-type[2]     INTEGER,
-       padata[3]       PA-DATA OPTIONAL, -- encoded AP-REQ, not optional
-                                         -- in the TGS-REQ
+       padata[3]       SEQUENCE OF PA-DATA OPTIONAL,
        req-body[4]     KDC-REQ-BODY
 }
 
--- Note that the RFC specifies that PA-DATA is just a SEQUENCE, and when
--- it appears in the messages, it's a SEQUENCE OF PA-DATA.
--- However, this has an identical encoding to the data defined here,
--- which has PA-DATA as SEQUENCE OF SEQUENCE, and the messages use a
--- straight PA-DATA. This has the advantage (at least under ISODE) of
--- giving a "known" name to the PA-DATA array, making it more easily
--- manipulated by "glue code".
-
-PA-DATA ::=    SEQUENCE OF SEQUENCE {
+PA-DATA ::= SEQUENCE {
        padata-type[1]  INTEGER,
        pa-data[2]      OCTET STRING -- might be encoded AP-REQ
 }
@@ -160,9 +160,11 @@ KDC-REQ-BODY ::=   SEQUENCE {
         till[5]        KerberosTime,
         rtime[6]       KerberosTime OPTIONAL,
         nonce[7]       INTEGER,
-        etype[8]       SEQUENCE OF INTEGER, -- EncryptionType, in preference order
+        etype[8]       SEQUENCE OF INTEGER, -- EncryptionType, 
+                       -- in preference order
         addresses[9]   HostAddresses OPTIONAL,
-        enc-authorization-data[10]     EncryptedData OPTIONAL, -- AuthorizationData
+        enc-authorization-data[10]     EncryptedData OPTIONAL, 
+                       -- AuthorizationData
         additional-tickets[11] SEQUENCE OF Ticket OPTIONAL
 }
 
@@ -171,7 +173,7 @@ TGS-REP ::= [APPLICATION 13] KDC-REP
 KDC-REP ::= SEQUENCE {
        pvno[0]                         INTEGER,
        msg-type[1]                     INTEGER,
-       padata[2]                       PA-DATA OPTIONAL,
+       padata[2]                       SEQUENCE OF PA-DATA OPTIONAL,
        crealm[3]                       Realm,
        cname[4]                        PrincipalName,
        ticket[5]                       Ticket,         -- Ticket
@@ -181,7 +183,7 @@ KDC-REP ::= SEQUENCE {
 EncASRepPart ::= [APPLICATION 25] EncKDCRepPart
 EncTGSRepPart ::= [APPLICATION 26] EncKDCRepPart
 EncKDCRepPart ::=  SEQUENCE {
-       key[0]  EncryptionKey,
+       key[0]          EncryptionKey,
        last-req[1]     LastReq,
        nonce[2]        INTEGER,
        key-expiration[3]       KerberosTime OPTIONAL,
@@ -229,7 +231,7 @@ KRB-SAFE ::= [APPLICATION 20] SEQUENCE {
        cksum[3]                        Checksum                        
 }
 
-KRB-SAFE-BODY ::=      SEQUENCE {
+KRB-SAFE-BODY ::= SEQUENCE {
        user-data[0]                    OCTET STRING,
        timestamp[1]                    KerberosTime OPTIONAL,
        usec[2]                         INTEGER OPTIONAL,
@@ -289,4 +291,20 @@ METHOD-DATA ::= SEQUENCE {
        method-type[0]  INTEGER,
        method-data[1]  OCTET STRING OPTIONAL
 }
+
+-- These ASN.1 definitions are NOT part of the official Kerberos protocol... 
+
+-- New ASN.1 definitions for the kadmin protocol.
+-- Originally contributed from the Sandia modifications
+
+PasswdSequence ::= SEQUENCE {
+       passwd[0]                       OCTET STRING,
+       phrase[1]                       OCTET STRING
+}
+
+PasswdData ::= SEQUENCE {
+       passwd-sequence-count[0]        INTEGER,
+       passwd-sequence[1]              SEQUENCE OF PasswdSequence
+}
+
 END
index 85284bbc6517392b1cff8320dd6005a4dc1eb565..0e3cf5f4d4181136477fe06d4de97bd1d1925bb6 100644 (file)
@@ -41,6 +41,55 @@ static char rcsid_kdcr2kkdcr_c[] =
 
 /* ISODE defines max(a,b) */
 
+
+krb5_pa_data **
+element_KRB5_112krb5_pa_data(val, error)
+    struct element_KRB5_11 *val;
+    register int *error;
+{
+    register krb5_pa_data **retval;
+    register int i;
+    register struct element_KRB5_11 *rv;
+
+    for (i = 0, rv = val; rv; i++, rv = rv->next)
+       ;
+
+    /* plus one for null terminator */
+    retval = (krb5_pa_data **) xcalloc(i + 1, sizeof(*retval));
+    if (!retval) {
+       *error = ENOMEM;
+       return(0);
+    }
+    for (i = 0, rv = val; rv; rv = rv->next, i++) {
+       if (qb_pullup(rv->PA__DATA->pa__data) != OK) {
+           xfree(retval);
+           *error = ENOMEM;
+           return(0);
+       }
+       retval[i] = (krb5_pa_data *) xmalloc(sizeof(*retval[i]));
+       if (!retval[i]) {
+           krb5_free_pa_data(retval);
+           *error = ENOMEM;
+           return(0);
+       }
+       retval[i]->contents = (unsigned char *)xmalloc(rv->PA__DATA->pa__data->qb_forw->qb_len);
+       if (!retval[i]->contents) {
+           xfree(retval[i]);
+           retval[i] = 0;
+           krb5_free_pa_data(retval);
+           *error = ENOMEM;
+           return(0);
+       }
+       retval[i]->pa_type = rv->PA__DATA->padata__type;
+       retval[i]->length = rv->PA__DATA->pa__data->qb_forw->qb_len;
+       xbcopy(rv->PA__DATA->pa__data->qb_forw->qb_data,
+             retval[i]->contents, retval[i]->length);
+    }
+    retval[i] = 0;
+    return(retval);
+}
+
+
 krb5_kdc_rep *
 KRB5_KDC__REP2krb5_kdc_rep(val, error)
 const register struct type_KRB5_TGS__REP *val;
@@ -59,7 +108,7 @@ register int *error;
     retval->msg_type = val->msg__type;
 
     if (val->padata) {
-       retval->padata = KRB5_PA__DATA2krb5_pa_data(val->padata, error);
+       retval->padata = element_KRB5_112krb5_pa_data(val->padata, error);
        if (*error) {
            xfree(retval);
            return 0;
index 4b2dfe1f0a3d82b11d020186332f6eb010497749..b85f9e23fca5b7737b6a348651134d58bafaf96f 100644 (file)
@@ -58,8 +58,13 @@ struct element_KRB5_11 *krb5_pa_data2element_KRB5_11(val, error)
 
        rv2 = (struct element_KRB5_11 *) xmalloc(sizeof(*rv2));
        if (!rv2) {
-           if (retval)
-               free_KRB5_PA__DATA(retval);
+       errout:
+           while (retval) {
+               free_KRB5_PA__DATA(retval->PA__DATA);
+               rv1 = retval->next;
+               free(retval);
+               retval = rv1;
+           }
            *error = ENOMEM;
            return(0);
        }
@@ -71,13 +76,8 @@ struct element_KRB5_11 *krb5_pa_data2element_KRB5_11(val, error)
 
        rv2->PA__DATA = (struct type_KRB5_PA__DATA *)
            xmalloc(sizeof(*(rv2->PA__DATA)));
-       if (!rv2->PA__DATA) {
-       errout:
-           if (retval)
-               free_KRB5_PA__DATA(retval);
-           *error = ENOMEM;
-           return(0);
-       }    
+       if (!rv2->PA__DATA)
+           goto errout;
        rv2->PA__DATA->padata__type = val[i]->pa_type;
        rv2->PA__DATA->pa__data = str2qb((char *)(val[i])->contents,
                                               (val[i])->length, 1);