EHDRDIR=$(BUILDTOP)/include/krb5/asn.1
STLIBOBJS= \
- asn1_decode.o\
- asn1_k_decode.o\
- asn1_k_decode_fast.o\
- asn1_k_decode_kdc.o\
- asn1_k_decode_sam.o\
asn1_encode.o\
- asn1_get.o\
asn1buf.o\
- krb5_decode.o\
- krb5_decode_kdc.o\
asn1_k_encode.o\
ldap_key_seq.o\
asn1_misc.o
SRCS= \
- $(srcdir)/asn1_decode.c\
- $(srcdir)/asn1_k_decode.c\
- $(srcdir)/asn1_k_decode_fast.c\
- $(srcdir)/asn1_k_decode_kdc.c\
- $(srcdir)/asn1_k_decode_sam.c\
$(srcdir)/asn1_encode.c\
- $(srcdir)/asn1_get.c\
$(srcdir)/asn1buf.c\
- $(srcdir)/krb5_decode.c\
- $(srcdir)/krb5_decode_kdc.c\
$(srcdir)/asn1_k_encode.c\
- $(srcdir)/ldap_key_seq.c\
- $(srcdir)/asn1_misc.c
+ $(srcdir)/ldap_key_seq.c
OBJS= \
- $(OUTPRE)asn1_decode.$(OBJEXT)\
- $(OUTPRE)asn1_k_decode.$(OBJEXT)\
- $(OUTPRE)asn1_k_decode_fast.$(OBJEXT)\
- $(OUTPRE)asn1_k_decode_kdc.$(OBJEXT)\
- $(OUTPRE)asn1_k_decode_sam.$(OBJEXT)\
$(OUTPRE)asn1_encode.$(OBJEXT)\
- $(OUTPRE)asn1_get.$(OBJEXT)\
$(OUTPRE)asn1buf.$(OBJEXT)\
- $(OUTPRE)krb5_decode.$(OBJEXT)\
- $(OUTPRE)krb5_decode_kdc.$(OBJEXT)\
$(OUTPRE)asn1_k_encode.$(OBJEXT)\
$(OUTPRE)ldap_key_seq.$(OBJEXT)\
$(OUTPRE)asn1_misc.$(OBJEXT)
+++ /dev/null
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-/* lib/krb5/asn.1/asn1_decode.c */
-/*
- * Copyright 1994, 2003 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-/* ASN.1 primitive decoders */
-#include "k5-int.h" /* for krb5int_gmt_mktime */
-#include "asn1_decode.h"
-#include "asn1_get.h"
-#include <stdio.h>
-#ifdef HAVE_SYS_TIME_H
-#include <sys/time.h>
-#ifdef TIME_WITH_SYS_TIME
-#include <time.h>
-#endif
-#else
-#include <time.h>
-#endif
-
-#define setup() \
- asn1_error_code retval; \
- taginfo tinfo
-
-#define asn1class (tinfo.asn1class)
-#define construction (tinfo.construction)
-#define tagnum (tinfo.tagnum)
-#define length (tinfo.length)
-
-#define tag(type) \
- retval = asn1_get_tag_2(buf,&tinfo); \
- if (retval) return retval; \
- if (asn1class != UNIVERSAL || construction != PRIMITIVE || tagnum != type) \
- return ASN1_BAD_ID
-
-#define cleanup() \
- return 0
-
-asn1_error_code
-asn1_decode_integer(asn1buf *buf, long int *val)
-{
- setup();
- asn1_octet o;
- long n = 0; /* initialize to keep gcc happy */
- unsigned int i;
-
- tag(ASN1_INTEGER);
-
- for (i = 0; i < length; i++) {
- retval = asn1buf_remove_octet(buf, &o);
- if (retval) return retval;
- if (!i) {
- n = (0x80 & o) ? -1 : 0; /* grab sign bit */
- if (n < 0 && length > sizeof (long))
- return ASN1_OVERFLOW;
- else if (length > sizeof (long) + 1) /* allow extra octet for positive */
- return ASN1_OVERFLOW;
- }
- n = (n << 8) | o;
- }
- *val = n;
- cleanup();
-}
-
-asn1_error_code
-asn1_decode_unsigned_integer(asn1buf *buf, long unsigned int *val)
-{
- setup();
- asn1_octet o;
- unsigned long n;
- unsigned int i;
-
- tag(ASN1_INTEGER);
-
- for (i = 0, n = 0; i < length; i++) {
- retval = asn1buf_remove_octet(buf, &o);
- if (retval) return retval;
- if (!i) {
- if (0x80 & o)
- return ASN1_OVERFLOW;
- else if (length > sizeof (long) + 1)
- return ASN1_OVERFLOW;
- }
- n = (n << 8) | o;
- }
- *val = n;
- cleanup();
-}
-
-/*
- * asn1_decode_maybe_unsigned
- *
- * This is needed because older releases of MIT krb5 have signed
- * sequence numbers. We want to accept both signed and unsigned
- * sequence numbers, in the range -2^31..2^32-1, mapping negative
- * numbers into their positive equivalents in the same way that C's
- * normal integer conversions do, i.e., would preserve bits on a
- * two's-complement architecture.
- */
-asn1_error_code
-asn1_decode_maybe_unsigned(asn1buf *buf, unsigned long *val)
-{
- setup();
- asn1_octet o;
- unsigned long n, bitsremain;
- unsigned int i;
-
- tag(ASN1_INTEGER);
- o = 0;
- n = 0;
- bitsremain = ~0UL;
- for (i = 0; i < length; i++) {
- /* Accounts for u_long width not being a multiple of 8. */
- if (bitsremain < 0xff) return ASN1_OVERFLOW;
- retval = asn1buf_remove_octet(buf, &o);
- if (retval) return retval;
- if (bitsremain == ~0UL) {
- if (i == 0)
- n = (o & 0x80) ? ~0UL : 0UL; /* grab sign bit */
- /*
- * Skip leading zero or 0xFF octets to humor non-compliant encoders.
- */
- if (n == 0 && o == 0)
- continue;
- if (n == ~0UL && o == 0xff)
- continue;
- }
- n = (n << 8) | o;
- bitsremain >>= 8;
- }
- *val = n;
- cleanup();
-}
-
-asn1_error_code
-asn1_decode_oid(asn1buf *buf, unsigned int *retlen, char **val)
-{
- setup();
- tag(ASN1_OBJECTIDENTIFIER);
- retval = asn1buf_remove_charstring(buf, length, val);
- if (retval) return retval;
- *retlen = length;
- cleanup();
-}
-
-asn1_error_code
-asn1_decode_octetstring(asn1buf *buf, unsigned int *retlen, asn1_octet **val)
-{
- setup();
- tag(ASN1_OCTETSTRING);
- retval = asn1buf_remove_octetstring(buf,length,val);
- if (retval) return retval;
- *retlen = length;
- cleanup();
-}
-
-asn1_error_code
-asn1_decode_charstring(asn1buf *buf, unsigned int *retlen, char **val)
-{
- setup();
- tag(ASN1_OCTETSTRING);
- retval = asn1buf_remove_charstring(buf,length,val);
- if (retval) return retval;
- *retlen = length;
- cleanup();
-}
-
-
-asn1_error_code
-asn1_decode_generalstring(asn1buf *buf, unsigned int *retlen, char **val)
-{
- setup();
- tag(ASN1_GENERALSTRING);
- retval = asn1buf_remove_charstring(buf,length,val);
- if (retval) return retval;
- *retlen = length;
- cleanup();
-}
-
-asn1_error_code
-asn1_decode_bitstring(asn1buf *buf, unsigned int *retlen, char **val)
-{
- setup();
- asn1_octet unused;
-
- tag(ASN1_BITSTRING);
-
- /* Get the number of unused bits in the last byte (0-7). */
- retval = asn1buf_remove_octet(buf, &unused);
- if (retval)
- return retval;
- if (unused > 7)
- return ASN1_BAD_FORMAT;
-
- retval = asn1buf_remove_charstring(buf, length - 1, val);
- if (retval)
- return retval;
-
- /* Mask out unused bits (unnecessary for correct DER, but be safe). */
- if (length > 1)
- (*val)[length - 2] &= (0xff << unused);
-
- *retlen = length - 1;
- return 0;
-}
-
-asn1_error_code
-asn1_decode_null(asn1buf *buf)
-{
- setup();
- tag(ASN1_NULL);
- if (length != 0) return ASN1_BAD_LENGTH;
- cleanup();
-}
-
-asn1_error_code
-asn1_decode_printablestring(asn1buf *buf, int *retlen, char **val)
-{
- setup();
- tag(ASN1_PRINTABLESTRING);
- retval = asn1buf_remove_charstring(buf,length,val);
- if (retval) return retval;
- *retlen = length;
- cleanup();
-}
-
-asn1_error_code
-asn1_decode_ia5string(asn1buf *buf, int *retlen, char **val)
-{
- setup();
- tag(ASN1_IA5STRING);
- retval = asn1buf_remove_charstring(buf,length,val);
- if (retval) return retval;
- *retlen = length;
- cleanup();
-}
-
-asn1_error_code
-asn1_decode_generaltime(asn1buf *buf, time_t *val)
-{
- setup();
- char *s;
- struct tm ts;
- time_t t;
-
- tag(ASN1_GENERALTIME);
-
- if (length != 15) return ASN1_BAD_LENGTH;
- retval = asn1buf_remove_charstring(buf,15,&s);
- if (retval) return retval;
- /* Time encoding: YYYYMMDDhhmmssZ */
- if (s[14] != 'Z') {
- free(s);
- return ASN1_BAD_FORMAT;
- }
- if (s[0] == '1' && !memcmp("19700101000000Z", s, 15)) {
- t = 0;
- free(s);
- goto done;
- }
-#define c2i(c) ((c)-'0')
- ts.tm_year = 1000*c2i(s[0]) + 100*c2i(s[1]) + 10*c2i(s[2]) + c2i(s[3])
- - 1900;
- ts.tm_mon = 10*c2i(s[4]) + c2i(s[5]) - 1;
- ts.tm_mday = 10*c2i(s[6]) + c2i(s[7]);
- ts.tm_hour = 10*c2i(s[8]) + c2i(s[9]);
- ts.tm_min = 10*c2i(s[10]) + c2i(s[11]);
- ts.tm_sec = 10*c2i(s[12]) + c2i(s[13]);
- ts.tm_isdst = -1;
- t = krb5int_gmt_mktime(&ts);
- free(s);
-
- if (t == -1) return ASN1_BAD_TIMEFORMAT;
-
-done:
- *val = t;
- cleanup();
-}
-
-asn1_error_code
-asn1_decode_boolean(asn1buf *buf, unsigned *val)
-{
- setup();
- asn1_octet bval;
-
- tag(ASN1_BOOLEAN);
-
- retval = asn1buf_remove_octet(buf, &bval);
- if (retval) return retval;
-
- *val = (bval != 0x00);
-
- cleanup();
-}
+++ /dev/null
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-/* lib/krb5/asn.1/asn1_decode.h */
-/*
- * Copyright 1994 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#ifndef __ASN1_DECODE_H__
-#define __ASN1_DECODE_H__
-
-#include "k5-int.h"
-#include "krbasn1.h"
-#include "asn1buf.h"
-
-/*
- * Overview
- *
- * These procedures take an asn1buf whose current position points
- * to the beginning of an ASN.1 primitive (<id><length><contents>).
- * The primitive is removed from the buffer and decoded.
- *
- * Operations
- *
- * asn1_decode_integer
- * asn1_decode_unsigned_integer
- * asn1_decode_octetstring
- * asn1_decode_charstring
- * asn1_decode_generalstring
- * asn1_decode_bitstring
- * asn1_decode_null
- * asn1_decode_printablestring
- * asn1_decode_ia5string
- * asn1_decode_generaltime
- */
-
-/* asn1_error_code asn1_decode_type(asn1buf *buf, ctype *val); */
-/*
- * requires *buf is allocated
- * modifies *buf, *len
- * effects Decodes the octet string in *buf into *val.
- * Returns ENOMEM if memory is exhausted.
- * Returns asn1 errors.
- */
-
-asn1_error_code asn1_decode_boolean(asn1buf *buf, unsigned int *val);
-asn1_error_code asn1_decode_integer(asn1buf *buf, long *val);
-asn1_error_code asn1_decode_unsigned_integer(asn1buf *buf, unsigned long *val);
-asn1_error_code asn1_decode_maybe_unsigned(asn1buf *buf, unsigned long *val);
-asn1_error_code asn1_decode_null(asn1buf *buf);
-
-asn1_error_code asn1_decode_oid(asn1buf *buf, unsigned int *retlen,
- char **val);
-asn1_error_code asn1_decode_octetstring(asn1buf *buf, unsigned int *retlen,
- asn1_octet **val);
-asn1_error_code asn1_decode_generalstring(asn1buf *buf, unsigned int *retlen,
- char **val);
-asn1_error_code asn1_decode_bitstring(asn1buf *buf, unsigned int *retlen,
- char **val);
-asn1_error_code asn1_decode_charstring(asn1buf *buf, unsigned int *retlen,
- char **val);
-/*
- * Note: A charstring is a special hack to account for the fact that
- * krb5 structures store some OCTET STRING values in krb5_octet
- * arrays and others in krb5_data structures
- * (which use char arrays).
- * From the ASN.1 point of view, the two string types are the same,
- * only the receptacles differ.
- */
-asn1_error_code asn1_decode_printablestring(asn1buf *buf, int *retlen,
- char **val);
-asn1_error_code asn1_decode_ia5string(asn1buf *buf, int *retlen, char **val);
-
-asn1_error_code asn1_decode_generaltime(asn1buf *buf, time_t *val);
-
-#endif
split_der(asn1buf *buf, unsigned char *const *der, size_t len,
taginfo *tag_out)
{
- asn1buf der_buf;
- krb5_data der_data = make_data(*der, len);
asn1_error_code ret;
+ const unsigned char *contents, *remainder;
+ size_t clen, rlen;
- ret = asn1buf_wrap_data(&der_buf, &der_data);
+ ret = get_tag(*der, len, tag_out, &contents, &clen, &remainder, &rlen);
if (ret)
return ret;
- ret = asn1_get_tag_2(&der_buf, tag_out);
- if (ret)
- return ret;
- if ((size_t)asn1buf_remains(&der_buf, 0) != tag_out->length)
- return EINVAL;
- return asn1buf_insert_bytestring(buf, tag_out->length,
- *der + len - tag_out->length);
+ if (rlen != 0)
+ return ASN1_BAD_LENGTH;
+ tag_out->length = clen;
+ return asn1buf_insert_bytestring(buf, clen, contents);
}
/*
#include "k5-int.h"
#include "krbasn1.h"
#include "asn1buf.h"
-#include "asn1_get.h"
#include <time.h>
+typedef struct {
+ asn1_class asn1class;
+ asn1_construction construction;
+ asn1_tagnum tagnum;
+ size_t length;
+
+ /* When decoding, stores the leading and trailing lengths of a tag. Used
+ * by store_der(). */
+ size_t tag_len;
+ size_t tag_end_len;
+} taginfo;
+
/* These functions are referenced by encoder structures. They handle the
* encoding of primitive ASN.1 types. */
asn1_error_code k5_asn1_encode_bool(asn1buf *buf, asn1_intmax val,
+++ /dev/null
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-/* lib/krb5/asn.1/asn1_get.c */
-/*
- * Copyright 1994 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include "asn1_get.h"
-
-asn1_error_code
-asn1_get_tag_2(asn1buf *buf, taginfo *t)
-{
- asn1_error_code retval;
-
- if (buf == NULL || buf->base == NULL ||
- buf->bound - buf->next + 1 <= 0) {
- t->tagnum = ASN1_TAGNUM_CEILING; /* emphatically not an EOC tag */
- t->asn1class = UNIVERSAL;
- t->construction = PRIMITIVE;
- t->length = 0;
- t->indef = 0;
- return 0;
- }
- {
- /* asn1_get_id(buf, t) */
- asn1_tagnum tn=0;
- asn1_octet o;
-
-#define ASN1_CLASS_MASK 0xC0
-#define ASN1_CONSTRUCTION_MASK 0x20
-#define ASN1_TAG_NUMBER_MASK 0x1F
-
- retval = asn1buf_remove_octet(buf,&o);
- if (retval)
- return retval;
-
- t->asn1class = (asn1_class)(o&ASN1_CLASS_MASK);
- t->construction = (asn1_construction)(o&ASN1_CONSTRUCTION_MASK);
- if ((o&ASN1_TAG_NUMBER_MASK) != ASN1_TAG_NUMBER_MASK) {
- /* low-tag-number form */
- t->tagnum = (asn1_tagnum)(o&ASN1_TAG_NUMBER_MASK);
- } else {
- /* high-tag-number form */
- do {
- retval = asn1buf_remove_octet(buf,&o);
- if (retval) return retval;
- tn = (tn<<7) + (asn1_tagnum)(o&0x7F);
- } while (o&0x80);
- t->tagnum = tn;
- }
- }
-
- {
- /* asn1_get_length(buf, t) */
- asn1_octet o;
-
- t->indef = 0;
- retval = asn1buf_remove_octet(buf,&o);
- if (retval) return retval;
- if ((o&0x80) == 0) {
- t->length = (int)(o&0x7F);
- } else {
- int num;
- int len=0;
-
- for (num = (int)(o&0x7F); num>0; num--) {
- retval = asn1buf_remove_octet(buf,&o);
- if (retval) return retval;
- len = (len<<8) + (int)o;
- }
- if (len < 0)
- return ASN1_OVERRUN;
- if (!len)
- t->indef = 1;
- t->length = len;
- }
- }
- if (t->indef && t->construction != CONSTRUCTED)
- return ASN1_MISMATCH_INDEF;
- return 0;
-}
-
-asn1_error_code
-asn1_get_sequence(asn1buf *buf, unsigned int *retlen, int *indef)
-{
- taginfo t;
- asn1_error_code retval;
-
- retval = asn1_get_tag_2(buf, &t);
- if (retval)
- return retval;
- if (t.asn1class != UNIVERSAL || t.construction != CONSTRUCTED ||
- t.tagnum != ASN1_SEQUENCE)
- return ASN1_BAD_ID;
- if (retlen)
- *retlen = t.length;
- if (indef)
- *indef = t.indef;
- return 0;
-}
+++ /dev/null
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-/* lib/krb5/asn.1/asn1_get.h */
-/*
- * Copyright 1994 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#ifndef __ASN1_GET_H__
-#define __ASN1_GET_H__
-
-/* ASN.1 substructure decoding procedures */
-
-#include "k5-int.h"
-#include "krbasn1.h"
-#include "asn1buf.h"
-
-typedef struct {
-#if 1
- /*
- * Smaller run-time storage, and on x86 the compiler can use byte
- * loads, stores, and compares, but on other platforms the compiler
- * may need to load and widen before comparing... see how this works
- * out.
- */
- unsigned int asn1class : 8, construction : 8;
-#else
- asn1_class asn1class;
- asn1_construction construction;
-#endif
- asn1_tagnum tagnum;
- size_t length;
- int indef;
-
- /* When decoding, stores the leading and trailing lengths of a tag. Used
- * by store_der(). */
- size_t tag_len;
- size_t tag_end_len;
-} taginfo;
-
-asn1_error_code asn1_get_tag_2 (asn1buf *buf, taginfo *tinfo);
-
-#if 0
-asn1_error_code asn1_get_tag_indef(asn1buf *buf,
- asn1_class *Class,
- asn1_construction *construction,
- asn1_tagnum *tagnum,
- unsigned int *retlen, int *indef);
-
-asn1_error_code asn1_get_tag(asn1buf *buf,
- asn1_class *Class,
- asn1_construction *construction,
- asn1_tagnum *tagnum,
- unsigned int *retlen);
-/*
- * requires *buf is allocated
- * effects Decodes the tag in *buf. If class != NULL, returns
- * the class in *Class. Similarly, the construction,
- * tag number, and length are returned in *construction,
- * *tagnum, and *retlen, respectively.
- *
- * If *buf is empty to begin with, *tagnum is set to
- * ASN1_TAGNUM_CEILING.
- *
- * Returns ASN1_OVERRUN if *buf is exhausted during the
- * parse.
- */
-#endif
-
-asn1_error_code asn1_get_sequence(asn1buf *buf, unsigned int *retlen,
- int *indef);
-/*
- * requires *buf is allocated
- * effects Decodes a tag from *buf and returns ASN1_BAD_ID if it
- * doesn't have a sequence ID. If retlen != NULL, the
- * associated length is returned in *retlen.
- */
-#endif
+++ /dev/null
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-/* lib/krb5/asn.1/asn1_k_decode.c */
-/*
- * Copyright 1994, 2007, 2008 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include "asn1_k_decode.h"
-#include "asn1_k_decode_macros.h"
-#include "asn1_decode.h"
-#include "asn1_get.h"
-#include "asn1_misc.h"
-
-integer_convert(asn1_decode_int,int)
-integer_convert(asn1_decode_int32,krb5_int32)
-integer_convert(asn1_decode_kvno,krb5_kvno)
-integer_convert(asn1_decode_enctype,krb5_enctype)
-integer_convert(asn1_decode_cksumtype,krb5_cksumtype)
-integer_convert(asn1_decode_octet,krb5_octet)
-integer_convert(asn1_decode_addrtype,krb5_addrtype)
-integer_convert(asn1_decode_authdatatype,krb5_authdatatype)
-unsigned_integer_convert(asn1_decode_ui_2,krb5_ui_2)
-unsigned_integer_convert(asn1_decode_ui_4,krb5_ui_4)
-
-/* scalars */
-asn1_error_code
-asn1_decode_kerberos_time(asn1buf *buf, krb5_timestamp *val)
-{
- time_t t;
- asn1_error_code retval;
-
- retval = asn1_decode_generaltime(buf,&t);
- if (retval)
- return retval;
-
- *val = t;
- return 0;
-}
-
-asn1_error_code
-asn1_decode_seqnum(asn1buf *buf, krb5_ui_4 *val)
-{
- asn1_error_code retval;
- unsigned long n;
-
- retval = asn1_decode_maybe_unsigned(buf, &n);
- if (retval) return retval;
- *val = (krb5_ui_4)n & 0xffffffff;
- return 0;
-}
-
-asn1_error_code
-asn1_decode_msgtype(asn1buf *buf, krb5_msgtype *val)
-{
- asn1_error_code retval;
- unsigned long n;
-
- retval = asn1_decode_unsigned_integer(buf,&n);
- if (retval) return retval;
-
- *val = (krb5_msgtype) n;
- return 0;
-}
-
-
-/* structures */
-asn1_error_code
-asn1_decode_realm(asn1buf *buf, krb5_principal *val)
-{
- return asn1_decode_generalstring(buf,
- &((*val)->realm.length),
- &((*val)->realm.data));
-}
-
-asn1_error_code
-asn1_decode_principal_name(asn1buf *buf, krb5_principal *val)
-{
- int size = 0, i;
- krb5_data *array = NULL, *new_array;
-
- setup();
- { begin_structure();
- get_field((*val)->type,0,asn1_decode_int32);
-
- { sequence_of_no_tagvars(&subbuf);
- while (asn1buf_remains(&seqbuf,seqofindef) > 0) {
- unsigned int len;
- char *str;
-
- new_array = realloc(array, (size + 1) * sizeof(krb5_data));
- if (new_array == NULL) clean_return(ENOMEM);
- array = new_array;
- retval = asn1_decode_generalstring(&seqbuf, &len, &str);
- if (retval) clean_return(retval);
- array[size].data = str;
- array[size].length = len;
- size++;
- }
- end_sequence_of_no_tagvars(&subbuf);
- }
- if (indef) {
- get_eoc();
- }
- next_tag();
- end_structure();
- }
- (*val)->data = array;
- (*val)->length = size;
- (*val)->magic = KV5M_PRINCIPAL;
- return 0;
-error_out:
- for (i = 0; i < size; i++)
- free(array[i].data);
- free(array);
- return retval;
-}
-
-asn1_error_code
-asn1_decode_checksum(asn1buf *buf, krb5_checksum *val)
-{
- setup();
- val->contents = NULL;
- { begin_structure();
- get_field(val->checksum_type,0,asn1_decode_cksumtype);
- get_lenfield(val->length,val->contents,1,asn1_decode_octetstring);
- end_structure();
- val->magic = KV5M_CHECKSUM;
- }
- return 0;
-error_out:
- free(val->contents);
- return retval;
-}
-
-asn1_error_code
-asn1_decode_checksum_ptr(asn1buf *buf, krb5_checksum **valptr)
-{
- decode_ptr(krb5_checksum *, asn1_decode_checksum);
-}
-
-asn1_error_code
-asn1_decode_encryption_key(asn1buf *buf, krb5_keyblock *val)
-{
- setup();
- val->contents = NULL;
- { begin_structure();
- get_field(val->enctype,0,asn1_decode_enctype);
- get_lenfield(val->length,val->contents,1,asn1_decode_octetstring);
- end_structure();
- val->magic = KV5M_KEYBLOCK;
- }
- return 0;
-error_out:
- free(val->contents);
- return retval;
-}
-
-asn1_error_code
-asn1_decode_encryption_key_ptr(asn1buf *buf, krb5_keyblock **valptr)
-{
- decode_ptr(krb5_keyblock *, asn1_decode_encryption_key);
-}
-
-asn1_error_code
-asn1_decode_encrypted_data(asn1buf *buf, krb5_enc_data *val)
-{
- setup();
- val->ciphertext.data = NULL;
- { begin_structure();
- get_field(val->enctype,0,asn1_decode_enctype);
- opt_field(val->kvno,1,asn1_decode_kvno,0);
- get_lenfield(val->ciphertext.length,val->ciphertext.data,2,asn1_decode_charstring);
- end_structure();
- val->magic = KV5M_ENC_DATA;
- }
- return 0;
-error_out:
- free(val->ciphertext.data);
- val->ciphertext.data = NULL;
- return retval;
-}
-
-asn1_error_code
-asn1_decode_krb5_flags(asn1buf *buf, krb5_flags *val)
-{
- asn1_error_code retval;
- asn1_octet unused, o;
- taginfo t;
- unsigned int i;
- krb5_flags f=0;
- unsigned int length;
-
- retval = asn1_get_tag_2(buf, &t);
- if (retval) return retval;
- if (t.asn1class != UNIVERSAL || t.construction != PRIMITIVE ||
- t.tagnum != ASN1_BITSTRING)
- return ASN1_BAD_ID;
- length = t.length;
-
- retval = asn1buf_remove_octet(buf,&unused); /* # of padding bits */
- if (retval) return retval;
-
- /* Number of unused bits must be between 0 and 7. */
- if (unused > 7) return ASN1_BAD_FORMAT;
- length--;
-
- for (i = 0; i < length; i++) {
- retval = asn1buf_remove_octet(buf,&o);
- if (retval) return retval;
- /* ignore bits past number 31 */
- if (i < 4)
- f = (f<<8) | ((krb5_flags)o&0xFF);
- }
- if (length <= 4) {
- /* Mask out unused bits, but only if necessary. */
- f &= ~(krb5_flags)0 << unused;
- }
- /* left-justify */
- if (length < 4)
- f <<= (4 - length) * 8;
- *val = f;
- return 0;
-}
-
-asn1_error_code
-asn1_decode_ticket_flags(asn1buf *buf, krb5_flags *val)
-{ return asn1_decode_krb5_flags(buf,val); }
-
-asn1_error_code
-asn1_decode_ap_options(asn1buf *buf, krb5_flags *val)
-{ return asn1_decode_krb5_flags(buf,val); }
-
-asn1_error_code
-asn1_decode_kdc_options(asn1buf *buf, krb5_flags *val)
-{ return asn1_decode_krb5_flags(buf,val); }
-
-asn1_error_code
-asn1_decode_transited_encoding(asn1buf *buf, krb5_transited *val)
-{
- setup();
- val->tr_contents.data = NULL;
- { begin_structure();
- get_field(val->tr_type,0,asn1_decode_octet);
- get_lenfield(val->tr_contents.length,val->tr_contents.data,1,asn1_decode_charstring);
- end_structure();
- val->magic = KV5M_TRANSITED;
- }
- return 0;
-error_out:
- krb5_free_data_contents(NULL, &val->tr_contents);
- return retval;
-}
-
-asn1_error_code
-asn1_decode_enc_kdc_rep_part(asn1buf *buf, krb5_enc_kdc_rep_part *val)
-{
- setup();
- val->session = NULL;
- val->last_req = NULL;
- val->server = NULL;
- val->caddrs = NULL;
- val->enc_padata = NULL;
- { begin_structure();
- get_field(val->session,0,asn1_decode_encryption_key_ptr);
- get_field(val->last_req,1,asn1_decode_last_req);
- get_field(val->nonce,2,asn1_decode_int32);
- opt_field(val->key_exp,3,asn1_decode_kerberos_time,0);
- get_field(val->flags,4,asn1_decode_ticket_flags);
- get_field(val->times.authtime,5,asn1_decode_kerberos_time);
- /* Set to authtime if missing */
- opt_field(val->times.starttime,6,asn1_decode_kerberos_time,val->times.authtime);
- get_field(val->times.endtime,7,asn1_decode_kerberos_time);
- opt_field(val->times.renew_till,8,asn1_decode_kerberos_time,0);
- alloc_principal(val->server);
- get_field(val->server,9,asn1_decode_realm);
- get_field(val->server,10,asn1_decode_principal_name);
- opt_field(val->caddrs,11,asn1_decode_host_addresses,NULL);
- opt_field(val->enc_padata,12,asn1_decode_sequence_of_pa_data,NULL);
- end_structure();
- val->magic = KV5M_ENC_KDC_REP_PART;
- }
- return 0;
-error_out:
- krb5_free_keyblock(NULL, val->session);
- krb5_free_last_req(NULL, val->last_req);
- krb5_free_principal(NULL, val->server);
- krb5_free_addresses(NULL, val->caddrs);
- krb5_free_pa_data(NULL, val->enc_padata);
- val->session = NULL;
- val->last_req = NULL;
- val->server = NULL;
- val->caddrs = NULL;
- return retval;
-}
-
-asn1_error_code
-asn1_decode_ticket(asn1buf *buf, krb5_ticket *val)
-{
- setup();
- unsigned int applen;
- apptag(1);
- val->server = NULL;
- val->enc_part.ciphertext.data = NULL;
- val->enc_part2 = NULL;
- { begin_structure();
- { krb5_kvno vno;
- get_field(vno,0,asn1_decode_kvno);
- if (vno != KVNO) clean_return(KRB5KDC_ERR_BAD_PVNO); }
- alloc_principal(val->server);
- get_field(val->server,1,asn1_decode_realm);
- get_field(val->server,2,asn1_decode_principal_name);
- get_field(val->enc_part,3,asn1_decode_encrypted_data);
- end_structure();
- val->magic = KV5M_TICKET;
- }
- if (!applen) {
- taginfo t;
- retval = asn1_get_tag_2(buf, &t);
- if (retval) clean_return(retval);
- }
- return 0;
-error_out:
- krb5_free_principal(NULL, val->server);
- krb5_free_data_contents(NULL, &val->enc_part.ciphertext);
- val->server = NULL;
- return retval;
-}
-
-asn1_error_code
-asn1_decode_ticket_ptr(asn1buf *buf, krb5_ticket **valptr)
-{
- decode_ptr(krb5_ticket *, asn1_decode_ticket);
-}
-
-asn1_error_code
-asn1_decode_krb_safe_body(asn1buf *buf, krb5_safe *val)
-{
- setup();
- val->user_data.data = NULL;
- val->r_address = NULL;
- val->s_address = NULL;
- val->checksum = NULL;
- { begin_structure();
- get_lenfield(val->user_data.length,val->user_data.data,0,asn1_decode_charstring);
- opt_field(val->timestamp,1,asn1_decode_kerberos_time,0);
- opt_field(val->usec,2,asn1_decode_int32,0);
- opt_field(val->seq_number,3,asn1_decode_seqnum,0);
- get_field(val->s_address,4,asn1_decode_host_address_ptr);
- if (tagnum == 5) {
- get_field(val->r_address,5,asn1_decode_host_address_ptr);
- }
- end_structure();
- val->magic = KV5M_SAFE;
- }
- return 0;
-error_out:
- krb5_free_data_contents(NULL, &val->user_data);
- krb5_free_address(NULL, val->r_address);
- krb5_free_address(NULL, val->s_address);
- val->r_address = NULL;
- val->s_address = NULL;
- return retval;
-}
-
-asn1_error_code
-asn1_decode_host_address(asn1buf *buf, krb5_address *val)
-{
- setup();
- val->contents = NULL;
- { begin_structure();
- get_field(val->addrtype,0,asn1_decode_addrtype);
- get_lenfield(val->length,val->contents,1,asn1_decode_octetstring);
- end_structure();
- val->magic = KV5M_ADDRESS;
- }
- return 0;
-error_out:
- free(val->contents);
- val->contents = NULL;
- return retval;
-}
-
-asn1_error_code
-asn1_decode_host_address_ptr(asn1buf *buf, krb5_address **valptr)
-{
- decode_ptr(krb5_address *, asn1_decode_host_address);
-}
-
-asn1_error_code
-asn1_decode_kdc_rep(asn1buf *buf, krb5_kdc_rep *val)
-{
- setup();
- val->padata = NULL;
- val->client = NULL;
- val->ticket = NULL;
- val->enc_part.ciphertext.data = NULL;
- val->enc_part2 = NULL;
- { begin_structure();
- { krb5_kvno pvno;
- get_field(pvno,0,asn1_decode_kvno);
- if (pvno != KVNO) clean_return(KRB5KDC_ERR_BAD_PVNO); }
- get_field(val->msg_type,1,asn1_decode_msgtype);
- opt_field(val->padata,2,asn1_decode_sequence_of_pa_data,NULL);
- alloc_principal(val->client);
- get_field(val->client,3,asn1_decode_realm);
- get_field(val->client,4,asn1_decode_principal_name);
- get_field(val->ticket,5,asn1_decode_ticket_ptr);
- get_field(val->enc_part,6,asn1_decode_encrypted_data);
- end_structure();
- val->magic = KV5M_KDC_REP;
- }
- return 0;
-error_out:
- krb5_free_pa_data(NULL, val->padata);
- krb5_free_principal(NULL, val->client);
- krb5_free_ticket(NULL, val->ticket);
- krb5_free_data_contents(NULL, &val->enc_part.ciphertext);
- val->padata = NULL;
- val->client = NULL;
- val->ticket = NULL;
- val->enc_part.ciphertext.data = NULL;
- return retval;
-}
-
-
-/* arrays */
-#define get_element(element,decoder) \
- retval = decoder(&seqbuf,&element); \
- if (retval) clean_return(retval)
-
-/*
- * Function body for array decoders. freefn is expected to look like
- * a krb5_free_ function, so we pass a null first argument.
- */
-#define decode_array_body(type,decoder,freefn) \
- asn1_error_code retval; \
- type *elt = NULL, **array; \
- int size = 0, i; \
- \
- array = *val = NULL; \
- { sequence_of(buf); \
- while (asn1buf_remains(&seqbuf,seqofindef) > 0) { \
- get_element(elt,decoder); \
- array_append(&array,size,elt,type); \
- elt = NULL; \
- } \
- if (array == NULL) \
- array = malloc(sizeof(type*)); \
- array[size] = NULL; \
- end_sequence_of(buf); \
- } \
- *val = array; \
- return 0; \
-error_out: \
-if (elt) \
- freefn(NULL,elt); \
-for (i = 0; i < size; i++) \
- freefn(NULL,array[i]); \
-free(array); \
-return retval
-
-static void *
-array_expand (void *array, int n_elts, size_t elt_size)
-{
- size_t new_size;
-
- if (n_elts <= 0)
- return NULL;
- if ((unsigned int) n_elts > SIZE_MAX / elt_size)
- return NULL;
- new_size = n_elts * elt_size;
- if (new_size == 0)
- return NULL;
- if (new_size / elt_size != (unsigned int) n_elts)
- return NULL;
- return realloc(array, new_size);
-}
-
-#define array_append(array,size,element,type) \
- { \
- void *new_array = array_expand(*(array), (size)+2, sizeof(type*)); \
- if (new_array == NULL) clean_return(ENOMEM); \
- *(array) = new_array; \
- (*(array))[(size)++] = elt; \
- }
-
-
-static void
-free_authdata_elt(void *dummy, krb5_authdata *val)
-{
- free(val->contents);
- free(val);
-}
-
-asn1_error_code
-asn1_decode_authorization_data(asn1buf *buf, krb5_authdata ***val)
-{
- decode_array_body(krb5_authdata,asn1_decode_authdata_elt_ptr,
- free_authdata_elt);
-}
-
-asn1_error_code
-asn1_decode_authdata_elt(asn1buf *buf, krb5_authdata *val)
-{
- setup();
- val->contents = NULL;
- { begin_structure();
- get_field(val->ad_type,0,asn1_decode_authdatatype);
- get_lenfield(val->length,val->contents,1,asn1_decode_octetstring);
- end_structure();
- val->magic = KV5M_AUTHDATA;
- }
- return 0;
-error_out:
- free(val->contents);
- val->contents = NULL;
- return retval;
-}
-
-static asn1_error_code
-asn1_peek_authdata_elt(asn1buf *buf, krb5_authdatatype *val)
-{
- setup();
- *val = 0;
- { begin_structure();
- get_field(*val, 0, asn1_decode_authdatatype);
- end_structure();
- }
- return 0;
-error_out:
- return retval;
-}
-
-asn1_error_code
-asn1_peek_authorization_data(asn1buf *buf, unsigned int *num,
- krb5_authdatatype **val)
-{
- int size = 0;
- krb5_authdatatype *array = NULL, *new_array;
-
- asn1_error_code retval;
- { sequence_of(buf);
- while (asn1buf_remains(&seqbuf,seqofindef) > 0) {
- size++;
- new_array = realloc(array,size*sizeof(krb5_authdatatype));
- if (new_array == NULL) clean_return(ENOMEM);
- array = new_array;
- retval = asn1_peek_authdata_elt(&seqbuf,&array[size-1]);
- if (retval) clean_return(retval);
- }
- end_sequence_of(buf);
- }
- *num = size;
- *val = array;
- return 0;
-error_out:
- free(array);
- return retval;
-}
-
-asn1_error_code
-asn1_decode_authdata_elt_ptr(asn1buf *buf, krb5_authdata **valptr)
-{
- decode_ptr(krb5_authdata *, asn1_decode_authdata_elt);
-}
-
-asn1_error_code
-asn1_decode_host_addresses(asn1buf *buf, krb5_address ***val)
-{
- decode_array_body(krb5_address,asn1_decode_host_address_ptr,
- krb5_free_address);
-}
-
-asn1_error_code
-asn1_decode_sequence_of_ticket(asn1buf *buf, krb5_ticket ***val)
-{
- decode_array_body(krb5_ticket,asn1_decode_ticket_ptr,krb5_free_ticket);
-}
-
-static void
-free_cred_info(void *dummy, krb5_cred_info *val)
-{
- krb5_free_keyblock(NULL, val->session);
- krb5_free_principal(NULL, val->client);
- krb5_free_principal(NULL, val->server);
- krb5_free_addresses(NULL, val->caddrs);
- free(val);
-}
-
-asn1_error_code
-asn1_decode_sequence_of_krb_cred_info(asn1buf *buf, krb5_cred_info ***val)
-{
- decode_array_body(krb5_cred_info,asn1_decode_krb_cred_info_ptr,
- free_cred_info);
-}
-
-asn1_error_code
-asn1_decode_krb_cred_info(asn1buf *buf, krb5_cred_info *val)
-{
- setup();
- val->session = NULL;
- val->client = NULL;
- val->server = NULL;
- val->caddrs = NULL;
- { begin_structure();
- get_field(val->session,0,asn1_decode_encryption_key_ptr);
- if (tagnum == 1) {
- alloc_principal(val->client);
- opt_field(val->client,1,asn1_decode_realm,NULL);
- opt_field(val->client,2,asn1_decode_principal_name,NULL); }
- opt_field(val->flags,3,asn1_decode_ticket_flags,0);
- opt_field(val->times.authtime,4,asn1_decode_kerberos_time,0);
- opt_field(val->times.starttime,5,asn1_decode_kerberos_time,0);
- opt_field(val->times.endtime,6,asn1_decode_kerberos_time,0);
- opt_field(val->times.renew_till,7,asn1_decode_kerberos_time,0);
- if (tagnum == 8) {
- alloc_principal(val->server);
- opt_field(val->server,8,asn1_decode_realm,NULL);
- opt_field(val->server,9,asn1_decode_principal_name,NULL); }
- opt_field(val->caddrs,10,asn1_decode_host_addresses,NULL);
- end_structure();
- val->magic = KV5M_CRED_INFO;
- }
- return 0;
-error_out:
- krb5_free_keyblock(NULL, val->session);
- krb5_free_principal(NULL, val->client);
- krb5_free_principal(NULL, val->server);
- krb5_free_addresses(NULL, val->caddrs);
- val->session = NULL;
- val->client = NULL;
- val->server = NULL;
- val->caddrs = NULL;
- return retval;
-}
-
-asn1_error_code
-asn1_decode_krb_cred_info_ptr(asn1buf *buf, krb5_cred_info **valptr)
-{
- decode_ptr(krb5_cred_info *, asn1_decode_krb_cred_info);
-}
-
-static void
-free_pa_data(void *dummy, krb5_pa_data *val)
-{
- free(val->contents);
- free(val);
-}
-
-asn1_error_code
-asn1_decode_sequence_of_pa_data(asn1buf *buf, krb5_pa_data ***val)
-{
- decode_array_body(krb5_pa_data,asn1_decode_pa_data_ptr,free_pa_data);
-}
-
-asn1_error_code
-asn1_decode_pa_data(asn1buf *buf, krb5_pa_data *val)
-{
- setup();
- val->contents = NULL;
- { begin_structure();
- get_field(val->pa_type,1,asn1_decode_int32);
- get_lenfield(val->length,val->contents,2,asn1_decode_octetstring);
- end_structure();
- val->magic = KV5M_PA_DATA;
- }
- return 0;
-error_out:
- free(val->contents);
- val->contents = NULL;
- return retval;
-}
-
-asn1_error_code
-asn1_decode_pa_data_ptr(asn1buf *buf, krb5_pa_data **valptr)
-{
- decode_ptr(krb5_pa_data *, asn1_decode_pa_data);
-}
-
-static void
-free_last_req_entry(void *dummy, krb5_last_req_entry *val)
-{
- free(val);
-}
-
-asn1_error_code
-asn1_decode_last_req(asn1buf *buf, krb5_last_req_entry ***val)
-{
- decode_array_body(krb5_last_req_entry,asn1_decode_last_req_entry_ptr,
- free_last_req_entry);
-}
-
-asn1_error_code
-asn1_decode_last_req_entry(asn1buf *buf, krb5_last_req_entry *val)
-{
- setup();
- { begin_structure();
- get_field(val->lr_type,0,asn1_decode_int32);
- get_field(val->value,1,asn1_decode_kerberos_time);
- end_structure();
- val->magic = KV5M_LAST_REQ_ENTRY;
-#ifdef KRB5_GENEROUS_LR_TYPE
- /* If we are only a single byte wide and negative - fill in the
- other bits */
- if ((val->lr_type & 0xffffff80U) == 0x80) val->lr_type |= 0xffffff00U;
-#endif
- }
- return 0;
-error_out:
- return retval;
-}
-
-asn1_error_code
-asn1_decode_last_req_entry_ptr(asn1buf *buf, krb5_last_req_entry **valptr)
-{
- decode_ptr(krb5_last_req_entry *, asn1_decode_last_req_entry);
-}
-
-asn1_error_code
-asn1_decode_sequence_of_enctype(asn1buf *buf, int *num, krb5_enctype **val)
-{
- int size = 0;
- krb5_enctype *array = NULL, *new_array;
-
- asn1_error_code retval;
- { sequence_of(buf);
- while (asn1buf_remains(&seqbuf,seqofindef) > 0) {
- size++;
- new_array = realloc(array,size*sizeof(krb5_enctype));
- if (new_array == NULL) clean_return(ENOMEM);
- array = new_array;
- retval = asn1_decode_enctype(&seqbuf,&array[size-1]);
- if (retval) clean_return(retval);
- }
- end_sequence_of(buf);
- }
- *num = size;
- *val = array;
- return 0;
-error_out:
- free(array);
- return retval;
-}
-
-asn1_error_code
-asn1_decode_sequence_of_checksum(asn1buf *buf, krb5_checksum ***val)
-{
- decode_array_body(krb5_checksum, asn1_decode_checksum_ptr,
- krb5_free_checksum);
-}
-
-static void
-free_etype_info_entry(void *dummy, krb5_etype_info_entry *val)
-{
- krb5_free_data_contents(NULL, &val->s2kparams);
- free(val->salt);
- free(val);
-}
-
-static asn1_error_code
-asn1_decode_etype_info2_entry(asn1buf *buf, krb5_etype_info_entry *val)
-{
- char *salt = NULL;
- krb5_octet *params = NULL;
- setup();
- val->salt = NULL;
- val->s2kparams.data = NULL;
- { begin_structure();
- get_field(val->etype,0,asn1_decode_enctype);
- if (tagnum == 1) {
- get_lenfield(val->length,salt,1,asn1_decode_generalstring);
- val->salt = (krb5_octet *) salt;
- salt = NULL;
- } else
- val->length = KRB5_ETYPE_NO_SALT;
- if ( tagnum ==2) {
- get_lenfield( val->s2kparams.length, params,
- 2, asn1_decode_octetstring);
- val->s2kparams.data = ( char *) params;
- params = NULL;
- } else
- val->s2kparams.length = 0;
- end_structure();
- val->magic = KV5M_ETYPE_INFO_ENTRY;
- }
- return 0;
-error_out:
- free(salt);
- free(params);
- krb5_free_data_contents(NULL, &val->s2kparams);
- free(val->salt);
- val->salt = NULL;
- return retval;
-}
-
-static asn1_error_code
-asn1_decode_etype_info2_entry_ptr(asn1buf *buf, krb5_etype_info_entry **valptr)
-{
- decode_ptr(krb5_etype_info_entry *, asn1_decode_etype_info2_entry);
-}
-
-static asn1_error_code
-asn1_decode_etype_info2_entry_1_3(asn1buf *buf, krb5_etype_info_entry *val)
-{
- krb5_octet *params = NULL;
-
- setup();
- val->salt = NULL;
- val->s2kparams.data = NULL;
- { begin_structure();
- get_field(val->etype,0,asn1_decode_enctype);
- if (tagnum == 1) {
- get_lenfield(val->length,val->salt,1,asn1_decode_octetstring);
- } else
- val->length = KRB5_ETYPE_NO_SALT;
- if ( tagnum ==2) {
- get_lenfield( val->s2kparams.length, params,
- 2, asn1_decode_octetstring);
- val->s2kparams.data = ( char *) params;
- params = NULL;
- } else
- val->s2kparams.length = 0;
- end_structure();
- val->magic = KV5M_ETYPE_INFO_ENTRY;
- }
- return 0;
-error_out:
- krb5_free_data_contents(NULL, &val->s2kparams);
- free(params);
- free(val->salt);
- val->salt = NULL;
- return retval;
-}
-
-static asn1_error_code
-asn1_decode_etype_info2_entry_1_3_ptr(asn1buf *buf,
- krb5_etype_info_entry **valptr)
-{
- decode_ptr(krb5_etype_info_entry *, asn1_decode_etype_info2_entry_1_3);
-}
-
-static asn1_error_code
-asn1_decode_etype_info_entry(asn1buf *buf, krb5_etype_info_entry *val)
-{
- setup();
- val->salt = NULL;
- val->s2kparams.data = NULL;
- { begin_structure();
- get_field(val->etype,0,asn1_decode_enctype);
- if (tagnum == 1) {
- get_lenfield(val->length,val->salt,1,asn1_decode_octetstring);
- } else
- val->length = KRB5_ETYPE_NO_SALT;
- val->s2kparams.length = 0;
-
- end_structure();
- val->magic = KV5M_ETYPE_INFO_ENTRY;
- }
- return 0;
-error_out:
- free(val->salt);
- val->salt = NULL;
- return retval;
-}
-
-static asn1_error_code
-asn1_decode_etype_info_entry_ptr(asn1buf *buf, krb5_etype_info_entry **valptr)
-{
- decode_ptr(krb5_etype_info_entry *, asn1_decode_etype_info_entry);
-}
-
-asn1_error_code
-asn1_decode_etype_info(asn1buf *buf, krb5_etype_info_entry ***val )
-{
- decode_array_body(krb5_etype_info_entry,asn1_decode_etype_info_entry_ptr,
- free_etype_info_entry);
-}
-
-static asn1_error_code
-decode_etype_info2_13(asn1buf *buf, krb5_etype_info_entry ***val)
-{
- decode_array_body(krb5_etype_info_entry,
- asn1_decode_etype_info2_entry_1_3_ptr,
- free_etype_info_entry);
-}
-
-asn1_error_code
-asn1_decode_etype_info2(asn1buf *buf, krb5_etype_info_entry ***val ,
- krb5_boolean v1_3_behavior)
-{
- if (v1_3_behavior)
- return decode_etype_info2_13(buf, val);
- else {
- decode_array_body(krb5_etype_info_entry,
- asn1_decode_etype_info2_entry_ptr,
- free_etype_info_entry);
- }
-}
-
-asn1_error_code
-asn1_decode_setpw_req(asn1buf *buf, krb5_data *newpasswd,
- krb5_principal *principal)
-{
- krb5_principal princ = NULL;
- setup();
- *principal = NULL;
-
- newpasswd->data = NULL;
- { begin_structure();
- get_lenfield(newpasswd->length, newpasswd->data, 0, asn1_decode_charstring);
- if (tagnum == 1) {
- alloc_principal(princ);
- opt_field(princ, 1, asn1_decode_principal_name, 0);
- opt_field(princ, 2, asn1_decode_realm, 0);
- }
- end_structure();
- }
- *principal = princ;
- return 0;
-error_out:
- krb5_free_data_contents(NULL, newpasswd);
- krb5_free_principal(NULL, princ);
- return retval;
-}
-
-asn1_error_code
-asn1_decode_pa_for_user(asn1buf *buf, krb5_pa_for_user *val)
-{
- setup();
- val->user = NULL;
- val->cksum.contents = NULL;
- val->auth_package.data = NULL;
- { begin_structure();
- alloc_principal(val->user);
- get_field(val->user,0,asn1_decode_principal_name);
- get_field(val->user,1,asn1_decode_realm);
- get_field(val->cksum,2,asn1_decode_checksum);
- get_lenfield(val->auth_package.length,val->auth_package.data,3,asn1_decode_generalstring);
- end_structure();
- }
- return 0;
-error_out:
- krb5_free_principal(NULL, val->user);
- krb5_free_checksum_contents(NULL, &val->cksum);
- krb5_free_data_contents(NULL, &val->auth_package);
- val->user = NULL;
- return retval;
-}
-
-asn1_error_code
-asn1_decode_s4u_userid(asn1buf *buf, krb5_s4u_userid *val)
-{
- setup();
- val->nonce = 0;
- val->user = NULL;
- val->subject_cert.data = NULL;
- val->options = 0;
- { begin_structure();
- get_field(val->nonce,0,asn1_decode_int32);
- alloc_principal(val->user);
- opt_field(val->user,1,asn1_decode_principal_name,0);
- get_field(val->user,2,asn1_decode_realm);
- opt_lenfield(val->subject_cert.length,val->subject_cert.data,3,asn1_decode_charstring);
- opt_field(val->options,4,asn1_decode_krb5_flags,0);
- end_structure();
- }
- return 0;
-error_out:
- krb5_free_principal(NULL, val->user);
- krb5_free_data_contents(NULL, &val->subject_cert);
- val->user = NULL;
- val->subject_cert.data = NULL;
- return retval;
-}
-
-asn1_error_code
-asn1_decode_pa_s4u_x509_user(asn1buf *buf, krb5_pa_s4u_x509_user *val)
-{
- setup();
- val->cksum.contents = NULL;
- { begin_structure();
- get_field(val->user_id,0,asn1_decode_s4u_userid);
- get_field(val->cksum,1,asn1_decode_checksum);
- end_structure();
- }
- return 0;
-error_out:
- krb5_free_s4u_userid_contents(NULL, &val->user_id);
- krb5_free_checksum_contents(NULL, &val->cksum);
- return retval;
-}
-
-asn1_error_code
-asn1_decode_pa_pac_req(asn1buf *buf, krb5_pa_pac_req *val)
-{
- setup();
- { begin_structure();
- get_field(val->include_pac,0,asn1_decode_boolean);
- end_structure();
- }
- return 0;
-error_out:
- return retval;
-}
-
-asn1_error_code
-asn1_decode_ad_kdcissued(asn1buf *buf, krb5_ad_kdcissued *val)
-{
- setup();
- val->ad_checksum.contents = NULL;
- val->i_principal = NULL;
- val->elements = NULL;
- {begin_structure();
- get_field(val->ad_checksum, 0, asn1_decode_checksum);
- if (tagnum == 1) {
- alloc_principal(val->i_principal);
- opt_field(val->i_principal, 1, asn1_decode_realm, 0);
- opt_field(val->i_principal, 2, asn1_decode_principal_name, 0);
- }
- get_field(val->elements, 3, asn1_decode_authorization_data);
- end_structure();
- }
- return 0;
-error_out:
- krb5_free_checksum_contents(NULL, &val->ad_checksum);
- krb5_free_principal(NULL, val->i_principal);
- krb5_free_authdata(NULL, val->elements);
- return retval;
-}
-
-static asn1_error_code asn1_decode_princ_plus_realm
-(asn1buf *buf, krb5_principal *valptr)
-{
- setup();
- alloc_principal((*valptr));
- { begin_structure();
- get_field((*valptr), 0, asn1_decode_principal_name);
- get_field((*valptr), 1, asn1_decode_realm);
- end_structure();
- }
- return 0;
-error_out:
- krb5_free_principal(NULL, *valptr);
- *valptr = NULL;
- return retval;
-}
-
-static asn1_error_code
-asn1_decode_sequence_of_princ_plus_realm(asn1buf *buf, krb5_principal **val)
-{
- decode_array_body(krb5_principal_data,asn1_decode_princ_plus_realm,krb5_free_principal);
-}
-
-asn1_error_code
-asn1_decode_ad_signedpath(asn1buf *buf, krb5_ad_signedpath *val)
-{
- setup();
- val->enctype = ENCTYPE_NULL;
- val->checksum.contents = NULL;
- val->delegated = NULL;
- {
- begin_structure();
- get_field(val->enctype, 0, asn1_decode_enctype);
- get_field(val->checksum, 1, asn1_decode_checksum);
- opt_field(val->delegated, 2, asn1_decode_sequence_of_princ_plus_realm,
- NULL);
- opt_field(val->method_data, 3, asn1_decode_sequence_of_pa_data, NULL);
- end_structure();
- }
- return 0;
-error_out:
- krb5_free_checksum_contents(NULL, &val->checksum);
- return retval;
-}
-
-asn1_error_code asn1_decode_iakerb_header
-(asn1buf *buf, krb5_iakerb_header *val)
-{
- setup();
- val->target_realm.data = NULL;
- val->target_realm.length = 0;
- val->cookie = NULL;
- {
- begin_structure();
- get_lenfield(val->target_realm.length, val->target_realm.data,
- 1, asn1_decode_charstring);
- if (tagnum == 2) {
- alloc_data(val->cookie);
- get_lenfield(val->cookie->length, val->cookie->data,
- 2, asn1_decode_charstring);
- }
- end_structure();
- }
- return 0;
-error_out:
- krb5_free_data_contents(NULL, &val->target_realm);
- krb5_free_data(NULL, val->cookie);
- return retval;
-}
-
-asn1_error_code asn1_decode_iakerb_finished
-(asn1buf *buf, krb5_iakerb_finished *val)
-{
- setup();
- val->checksum.contents = NULL;
- {
- begin_structure();
- get_field(val->checksum, 1, asn1_decode_checksum);
- end_structure();
- }
- return 0;
-error_out:
- krb5_free_checksum_contents(NULL, &val->checksum);
- return retval;
-}
-
-#ifndef DISABLE_PKINIT
-/* PKINIT */
-
-asn1_error_code
-asn1_decode_external_principal_identifier(
- asn1buf *buf,
- krb5_external_principal_identifier *val)
-{
- setup();
- val->subjectName.data = NULL;
- val->issuerAndSerialNumber.data = NULL;
- val->subjectKeyIdentifier.data = NULL;
- {
- begin_structure();
- opt_implicit_charstring(val->subjectName.length, val->subjectName.data,
- 0);
- opt_implicit_charstring(val->issuerAndSerialNumber.length,
- val->issuerAndSerialNumber.data, 1);
- opt_implicit_charstring(val->subjectKeyIdentifier.length,
- val->subjectKeyIdentifier.data, 2);
- end_structure();
- }
- return 0;
-error_out:
- free(val->subjectName.data);
- free(val->issuerAndSerialNumber.data);
- free(val->subjectKeyIdentifier.data);
- val->subjectName.data = NULL;
- val->issuerAndSerialNumber.data = NULL;
- val->subjectKeyIdentifier.data = NULL;
- return retval;
-}
-
-asn1_error_code
-asn1_decode_external_principal_identifier_ptr(
- asn1buf *buf,
- krb5_external_principal_identifier **valptr)
-{
- decode_ptr(krb5_external_principal_identifier *,
- asn1_decode_external_principal_identifier);
-}
-
-static void
-free_external_principal_identifier(void *dummy,
- krb5_external_principal_identifier *val)
-{
- free(val->subjectName.data);
- free(val->issuerAndSerialNumber.data);
- free(val->subjectKeyIdentifier.data);
- free(val);
-}
-
-asn1_error_code
-asn1_decode_sequence_of_external_principal_identifier(
- asn1buf *buf,
- krb5_external_principal_identifier ***val)
-{
- decode_array_body(krb5_external_principal_identifier,
- asn1_decode_external_principal_identifier_ptr,
- free_external_principal_identifier);
-}
-
-static asn1_error_code
-asn1_decode_kdf_alg_id_ptr(asn1buf *buf, krb5_data **valptr)
-{
- decode_ptr(krb5_data *, asn1_decode_kdf_alg_id);
-}
-
-asn1_error_code
-asn1_decode_dh_rep_info(asn1buf *buf, krb5_dh_rep_info *val)
-{
- setup();
- val->dhSignedData.data = NULL;
- val->serverDHNonce.data = NULL;
- val->kdfID = NULL;
- { begin_structure();
- get_implicit_charstring(val->dhSignedData.length,
- val->dhSignedData.data, 0);
-
- opt_lenfield(val->serverDHNonce.length, val->serverDHNonce.data, 1,
- asn1_decode_charstring);
- opt_field(val->kdfID, 2, asn1_decode_kdf_alg_id_ptr, NULL);
- end_structure();
- }
- return 0;
-error_out:
- free(val->dhSignedData.data);
- free(val->serverDHNonce.data);
- krb5_free_data(NULL, val->kdfID);
- val->kdfID = NULL;
- val->dhSignedData.data = NULL;
- val->serverDHNonce.data = NULL;
- return retval;
-}
-
-asn1_error_code
-asn1_decode_pk_authenticator(asn1buf *buf, krb5_pk_authenticator *val)
-{
- setup();
- val->paChecksum.contents = NULL;
- { begin_structure();
- get_field(val->cusec, 0, asn1_decode_int32);
- get_field(val->ctime, 1, asn1_decode_kerberos_time);
- get_field(val->nonce, 2, asn1_decode_int32);
- opt_lenfield(val->paChecksum.length, val->paChecksum.contents, 3, asn1_decode_octetstring);
- end_structure();
- }
- return 0;
-error_out:
- krb5_free_checksum_contents(NULL, &val->paChecksum);
- return retval;
-}
-
-asn1_error_code
-asn1_decode_pk_authenticator_draft9(asn1buf *buf,
- krb5_pk_authenticator_draft9 *val)
-{
- setup();
- val->kdcName = NULL;
- { begin_structure();
- alloc_principal(val->kdcName);
- get_field(val->kdcName, 0, asn1_decode_principal_name);
- get_field(val->kdcName, 1, asn1_decode_realm);
- get_field(val->cusec, 2, asn1_decode_int32);
- get_field(val->ctime, 3, asn1_decode_kerberos_time);
- get_field(val->nonce, 4, asn1_decode_int32);
- end_structure();
- }
- return 0;
-error_out:
- krb5_free_principal(NULL, val->kdcName);
- return retval;
-}
-
-asn1_error_code
-asn1_decode_algorithm_identifier(asn1buf *buf, krb5_algorithm_identifier *val)
-{
- setup();
- val->algorithm.data = NULL;
- val->parameters.data = NULL;
- { begin_structure_no_tag();
- /*
- * Forbid indefinite encoding because we don't read enough tag
- * information from the trailing octets ("ANY DEFINED BY") to
- * synchronize EOC tags, etc.
- */
- if (seqindef) clean_return(ASN1_BAD_FORMAT);
- /*
- * Set up tag variables because we don't actually call anything
- * that fetches tag info for us; it's all buried in the decoder
- * primitives.
- */
- tagnum = ASN1_TAGNUM_CEILING;
- asn1class = UNIVERSAL;
- construction = PRIMITIVE;
- taglen = 0;
- indef = 0;
- retval = asn1_decode_oid(&subbuf, &val->algorithm.length,
- &val->algorithm.data);
- if (retval) clean_return(retval);
- val->parameters.length = 0;
- val->parameters.data = NULL;
-
- assert(subbuf.next >= subbuf.base);
- if (length > (size_t)(subbuf.next - subbuf.base)) {
- unsigned int size = length - (subbuf.next - subbuf.base);
- retval = asn1buf_remove_charstring(&subbuf, size,
- &val->parameters.data);
- if (retval) clean_return(retval);
- val->parameters.length = size;
- }
-
- end_structure();
- }
- return 0;
-error_out:
- free(val->algorithm.data);
- free(val->parameters.data);
- val->algorithm.data = NULL;
- val->parameters.data = NULL;
- return retval;
-}
-
-asn1_error_code
-asn1_decode_algorithm_identifier_ptr(asn1buf *buf,
- krb5_algorithm_identifier **valptr)
-{
- decode_ptr(krb5_algorithm_identifier *, asn1_decode_algorithm_identifier);
-}
-
-asn1_error_code
-asn1_decode_subject_pk_info(asn1buf *buf, krb5_subject_pk_info *val)
-{
- asn1_octet unused;
- setup();
- val->algorithm.algorithm.data = NULL;
- val->algorithm.parameters.data = NULL;
- val->subjectPublicKey.data = NULL;
- { begin_structure_no_tag();
-
- retval = asn1_decode_algorithm_identifier(&subbuf, &val->algorithm);
- if (retval) clean_return(retval);
-
- /* SubjectPublicKey encoded as a BIT STRING */
- next_tag();
- if (asn1class != UNIVERSAL || construction != PRIMITIVE ||
- tagnum != ASN1_BITSTRING)
- clean_return(ASN1_BAD_ID);
-
- retval = asn1buf_remove_octet(&subbuf, &unused);
- if (retval) clean_return(retval);
-
- /* Number of unused bits must be between 0 and 7. */
- /* What to do if unused is not zero? */
- if (unused > 7) clean_return(ASN1_BAD_FORMAT);
- taglen--;
-
- val->subjectPublicKey.length = 0;
- val->subjectPublicKey.data = NULL;
- retval = asn1buf_remove_charstring(&subbuf, taglen,
- &val->subjectPublicKey.data);
- if (retval) clean_return(retval);
- val->subjectPublicKey.length = taglen;
- /*
- * We didn't call any macro that does next_tag(); do so now to
- * preload tag of any trailing encodings.
- */
- next_tag();
- end_structure();
- }
- return 0;
-error_out:
- free(val->algorithm.algorithm.data);
- free(val->algorithm.parameters.data);
- free(val->subjectPublicKey.data);
- val->algorithm.algorithm.data = NULL;
- val->algorithm.parameters.data = NULL;
- val->subjectPublicKey.data = NULL;
- return 0;
-}
-
-static void
-free_algorithm_identifier(void *dummy, krb5_algorithm_identifier *val)
-{
- free(val->algorithm.data);
- free(val->parameters.data);
- free(val);
-}
-
-asn1_error_code
-asn1_decode_sequence_of_algorithm_identifier(asn1buf *buf,
- krb5_algorithm_identifier ***val)
-{
- decode_array_body(krb5_algorithm_identifier,
- asn1_decode_algorithm_identifier_ptr,
- free_algorithm_identifier);
-}
-
-asn1_error_code
-asn1_decode_kdc_dh_key_info(asn1buf *buf, krb5_kdc_dh_key_info *val)
-{
- setup();
- val->subjectPublicKey.data = NULL;
- { begin_structure();
- get_lenfield(val->subjectPublicKey.length, val->subjectPublicKey.data,
- 0, asn1_decode_bitstring);
- get_field(val->nonce, 1, asn1_decode_int32);
- opt_field(val->dhKeyExpiration, 2, asn1_decode_kerberos_time, 0);
- end_structure();
- }
- return 0;
-error_out:
- free(val->subjectPublicKey.data);
- val->subjectPublicKey.data = NULL;
- return retval;
-}
-
-asn1_error_code
-asn1_decode_reply_key_pack (asn1buf *buf, krb5_reply_key_pack *val)
-{
- setup();
- val->replyKey.contents = NULL;
- val->asChecksum.contents = NULL;
- { begin_structure();
- get_field(val->replyKey, 0, asn1_decode_encryption_key);
- get_field(val->asChecksum, 1, asn1_decode_checksum);
- end_structure();
- }
- return 0;
-error_out:
- free(val->replyKey.contents);
- free(val->asChecksum.contents);
- val->replyKey.contents = NULL;
- val->asChecksum.contents = NULL;
- return retval;
-}
-
-asn1_error_code
-asn1_decode_reply_key_pack_draft9 (asn1buf *buf,
- krb5_reply_key_pack_draft9 *val)
-{
- setup();
- val->replyKey.contents = NULL;
- { begin_structure();
- get_field(val->replyKey, 0, asn1_decode_encryption_key);
- get_field(val->nonce, 1, asn1_decode_int32);
- end_structure();
- }
- return 0;
-error_out:
- free(val->replyKey.contents);
- val->replyKey.contents = NULL;
- return retval;
-}
-
-asn1_error_code
-asn1_decode_krb5_principal_name (asn1buf *buf, krb5_principal *val)
-{
- int i;
- setup();
- (*val)->realm.data = NULL;
- (*val)->data = NULL;
- { begin_structure();
- get_field(*val, 0, asn1_decode_realm);
- get_field(*val, 1, asn1_decode_principal_name);
- end_structure();
- }
- return 0;
-error_out:
- krb5_free_data_contents(NULL, &(*val)->realm);
- if ((*val)->data) {
- for (i = 0; i < (*val)->length; i++)
- krb5_free_data_contents(NULL, &(*val)->data[i]);
- free((*val)->data);
- }
- (*val)->realm.data = NULL;
- (*val)->data = NULL;
- return retval;
-}
-
-asn1_error_code
-asn1_decode_pa_pk_as_rep(asn1buf *buf, krb5_pa_pk_as_rep *val)
-{
- setup();
- val->choice = choice_pa_pk_as_rep_UNKNOWN;
- { begin_choice();
- if (tagnum == choice_pa_pk_as_rep_dhInfo) {
- val->choice = choice_pa_pk_as_rep_dhInfo;
- val->u.dh_Info.dhSignedData.data = NULL;
- val->u.dh_Info.serverDHNonce.data = NULL;
- get_field_body(val->u.dh_Info, asn1_decode_dh_rep_info);
- } else if (tagnum == choice_pa_pk_as_rep_encKeyPack) {
- val->choice = choice_pa_pk_as_rep_encKeyPack;
- val->u.encKeyPack.data = NULL;
- get_implicit_charstring(val->u.encKeyPack.length,
- val->u.encKeyPack.data,
- choice_pa_pk_as_rep_encKeyPack);
- } else {
- val->choice = choice_pa_pk_as_rep_UNKNOWN;
- }
- end_choice();
- }
- return 0;
-error_out:
- if (val->choice == choice_pa_pk_as_rep_dhInfo) {
- free(val->u.dh_Info.dhSignedData.data);
- free(val->u.dh_Info.serverDHNonce.data);
- } else if (val->choice == choice_pa_pk_as_rep_encKeyPack) {
- free(val->u.encKeyPack.data);
- }
- val->choice = choice_pa_pk_as_rep_UNKNOWN;
- return retval;
-}
-
-asn1_error_code
-asn1_decode_kdf_alg_id( asn1buf *buf, krb5_data *val)
-{
- setup();
- val->data = NULL;
- { begin_structure();
- get_lenfield(val->length,val->data,0,asn1_decode_oid);
- end_structure();
- }
- return 0;
-error_out:
- free(val->data);
- return retval;
-}
-
-asn1_error_code
-asn1_decode_sequence_of_kdf_alg_id(asn1buf *buf, krb5_data ***val)
-{
- decode_array_body(krb5_data, asn1_decode_kdf_alg_id_ptr, krb5_free_data);
-}
-
-#endif /* DISABLE_PKINIT */
-
-asn1_error_code
-asn1_decode_sequence_of_typed_data(asn1buf *buf, krb5_pa_data ***val)
-{
- decode_array_body(krb5_pa_data,asn1_decode_typed_data_ptr,
- free_pa_data);
-}
-
-asn1_error_code
-asn1_decode_typed_data(asn1buf *buf, krb5_pa_data *val)
-{
- setup();
- val->contents = NULL;
- { begin_structure();
- get_field(val->pa_type,0,asn1_decode_int32);
- get_lenfield(val->length,val->contents,1,asn1_decode_octetstring);
- end_structure();
- }
- return 0;
-error_out:
- free(val->contents);
- val->contents = NULL;
- return retval;
-}
-
-asn1_error_code
-asn1_decode_typed_data_ptr(asn1buf *buf, krb5_pa_data **valptr)
-{
- decode_ptr(krb5_pa_data *, asn1_decode_typed_data);
-}
+++ /dev/null
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-/* lib/krb5/asn.1/asn1_k_decode.h */
-/*
- * Copyright 1994 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#ifndef __ASN1_DECODE_KRB5_H__
-#define __ASN1_DECODE_KRB5_H__
-
-#include "k5-int.h"
-#include "krbasn1.h"
-#include "asn1buf.h"
-
-/* asn1_error_code asn1_decode_scalar_type(asn1buf *buf, krb5_scalar *val); */
-/*
- * requires *buf is allocated, *buf's current position points to the
- * beginning of an encoding (<id> <len> <contents>),
- * *val is allocated
- *
- * effects Decodes the encoding in *buf, returning the result in *val.
- *
- * Returns ASN1_BAD_ID if the encoded id does not indicate
- * the proper type.
- *
- * Returns ASN1_OVERRUN if the encoded length exceeds
- * the bounds of *buf
- */
-
-
-/*
- * asn1_error_code asn1_decode_structure_type(asn1buf *buf,
- * krb5_structure *val);
- */
-/*
- * requires *buf is allocated, *buf's current position points to the
- * beginning of an encoding (<id> <len> <contents>),
- * *val is allocated
- *
- * Assumes that *val is a freshly-allocated structure (i.e.
- * does not attempt to clean up or free *val).
- * effects Decodes the encoding in *buf, returning the result in *val.
- *
- * Returns ASN1_BAD_ID if the encoded id does not indicate
- * the proper type.
- *
- * Returns ASN1_OVERRUN if the encoded length exceeds the
- * bounds of *buf
- */
-
-/* asn1_error_code asn1_decode_array_type(asn1buf *buf, krb5_scalar ***val); */
-/*
- * requires *buf is allocated, *buf's current position points to the
- * beginning of an encoding (<id> <len> <contents>)
- *
- * Assumes that *val is empty (i.e. does not attempt to
- * clean up or free *val).
- *
- * effects Decodes the encoding in *buf, returning the result in *val.
- *
- * Returns ASN1_BAD_ID if the encoded id does not indicate
- * the proper type.
- *
- * Returns ASN1_OVERRUN if the encoded length exceeds the
- * bounds of *buf
- */
-
-/* scalars */
-asn1_error_code asn1_decode_int(asn1buf *buf, int *val);
-asn1_error_code asn1_decode_int32(asn1buf *buf, krb5_int32 *val);
-asn1_error_code asn1_decode_kvno(asn1buf *buf, krb5_kvno *val);
-asn1_error_code asn1_decode_enctype(asn1buf *buf, krb5_enctype *val);
-asn1_error_code asn1_decode_msgtype(asn1buf *buf, krb5_msgtype *val);
-asn1_error_code asn1_decode_cksumtype(asn1buf *buf, krb5_cksumtype *val);
-asn1_error_code asn1_decode_octet(asn1buf *buf, krb5_octet *val);
-asn1_error_code asn1_decode_addrtype(asn1buf *buf, krb5_addrtype *val);
-asn1_error_code asn1_decode_authdatatype(asn1buf *buf, krb5_authdatatype *val);
-asn1_error_code asn1_decode_ui_2(asn1buf *buf, krb5_ui_2 *val);
-asn1_error_code asn1_decode_ui_4(asn1buf *buf, krb5_ui_4 *val);
-asn1_error_code asn1_decode_seqnum(asn1buf *buf, krb5_ui_4 *val);
-asn1_error_code asn1_decode_kerberos_time(asn1buf *buf, krb5_timestamp *val);
-asn1_error_code asn1_decode_sam_flags(asn1buf *buf, krb5_flags *val);
-
-/* structures */
-asn1_error_code asn1_decode_realm(asn1buf *buf, krb5_principal *val);
-asn1_error_code asn1_decode_principal_name(asn1buf *buf, krb5_principal *val);
-asn1_error_code asn1_decode_checksum(asn1buf *buf, krb5_checksum *val);
-asn1_error_code asn1_decode_checksum_ptr(asn1buf *buf, krb5_checksum **valptr);
-asn1_error_code asn1_decode_encryption_key(asn1buf *buf, krb5_keyblock *val);
-asn1_error_code asn1_decode_encryption_key_ptr(asn1buf *buf,
- krb5_keyblock **valptr);
-asn1_error_code asn1_decode_encrypted_data(asn1buf *buf, krb5_enc_data *val);
-asn1_error_code asn1_decode_ticket_flags(asn1buf *buf, krb5_flags *val);
-asn1_error_code asn1_decode_transited_encoding(asn1buf *buf,
- krb5_transited *val);
-asn1_error_code asn1_decode_enc_kdc_rep_part(asn1buf *buf,
- krb5_enc_kdc_rep_part *val);
-asn1_error_code asn1_decode_krb5_flags(asn1buf *buf, krb5_flags *val);
-asn1_error_code asn1_decode_ap_options(asn1buf *buf, krb5_flags *val);
-asn1_error_code asn1_decode_kdc_options(asn1buf *buf, krb5_flags *val);
-asn1_error_code asn1_decode_ticket(asn1buf *buf, krb5_ticket *val);
-asn1_error_code asn1_decode_ticket_ptr(asn1buf *buf, krb5_ticket **valptr);
-asn1_error_code asn1_decode_kdc_req(asn1buf *buf, krb5_kdc_req *val);
-asn1_error_code asn1_decode_kdc_req_body(asn1buf *buf, krb5_kdc_req *val);
-asn1_error_code asn1_decode_krb_safe_body(asn1buf *buf, krb5_safe *val);
-asn1_error_code asn1_decode_host_address(asn1buf *buf, krb5_address *val);
-asn1_error_code asn1_decode_host_address_ptr(asn1buf *buf,
- krb5_address **valptr);
-asn1_error_code asn1_decode_kdc_rep(asn1buf *buf, krb5_kdc_rep *val);
-asn1_error_code asn1_decode_last_req_entry(asn1buf *buf,
- krb5_last_req_entry *val);
-asn1_error_code asn1_decode_last_req_entry_ptr(asn1buf *buf,
- krb5_last_req_entry **valptr);
-asn1_error_code asn1_decode_authdata_elt(asn1buf *buf, krb5_authdata *val);
-asn1_error_code asn1_decode_authdata_elt_ptr(asn1buf *buf,
- krb5_authdata **valptr);
-asn1_error_code asn1_peek_authorization_data(asn1buf *buf,
- unsigned int *num,
- krb5_authdatatype **val);
-asn1_error_code asn1_decode_krb_cred_info(asn1buf *buf, krb5_cred_info *val);
-asn1_error_code asn1_decode_krb_cred_info_ptr(asn1buf *buf,
- krb5_cred_info **valptr);
-asn1_error_code asn1_decode_pa_data(asn1buf *buf, krb5_pa_data *val);
-asn1_error_code asn1_decode_pa_data_ptr(asn1buf *buf, krb5_pa_data **valptr);
-asn1_error_code asn1_decode_sam_challenge_2(asn1buf *buf,
- krb5_sam_challenge_2 *val);
-asn1_error_code
-asn1_decode_sam_challenge_2_body(asn1buf *buf,
- krb5_sam_challenge_2_body *val);
-asn1_error_code
-asn1_decode_enc_sam_response_enc_2(asn1buf *buf,
- krb5_enc_sam_response_enc_2 *val);
-asn1_error_code asn1_decode_sam_response_2(asn1buf *buf,
- krb5_sam_response_2 *val);
-asn1_error_code asn1_decode_external_principal_identifier(
- asn1buf *buf, krb5_external_principal_identifier *val);
-asn1_error_code asn1_decode_external_principal_identifier_ptr(
- asn1buf *buf, krb5_external_principal_identifier **valptr);
-asn1_error_code asn1_decode_pa_pk_as_req(asn1buf *buf, krb5_pa_pk_as_req *val);
-asn1_error_code asn1_decode_pa_pk_as_req_draft9(asn1buf *buf,
- krb5_pa_pk_as_req_draft9 *val);
-asn1_error_code asn1_decode_dh_rep_info(asn1buf *buf, krb5_dh_rep_info *val);
-asn1_error_code asn1_decode_pk_authenticator(asn1buf *buf,
- krb5_pk_authenticator *val);
-asn1_error_code
-asn1_decode_pk_authenticator_draft9(asn1buf *buf,
- krb5_pk_authenticator_draft9 *val);
-asn1_error_code asn1_decode_subject_pk_info(asn1buf *buf,
- krb5_subject_pk_info *val);
-asn1_error_code
-asn1_decode_algorithm_identifier(asn1buf *buf, krb5_algorithm_identifier *val);
-asn1_error_code
-asn1_decode_algorithm_identifier_ptr(asn1buf *buf,
- krb5_algorithm_identifier **valptr);
-asn1_error_code asn1_decode_auth_pack(asn1buf *buf, krb5_auth_pack *val);
-asn1_error_code asn1_decode_auth_pack_draft9(asn1buf *buf,
- krb5_auth_pack_draft9 *val);
-asn1_error_code asn1_decode_pa_pk_as_rep(asn1buf *buf,
- krb5_pa_pk_as_rep *val);
-asn1_error_code asn1_decode_kdc_dh_key_info(asn1buf *buf,
- krb5_kdc_dh_key_info *val);
-asn1_error_code asn1_decode_krb5_principal_name(asn1buf *buf,
- krb5_principal *val);
-asn1_error_code asn1_decode_reply_key_pack(asn1buf *buf,
- krb5_reply_key_pack *val);
-asn1_error_code
-asn1_decode_reply_key_pack_draft9(asn1buf *buf,
- krb5_reply_key_pack_draft9 *val);
-asn1_error_code
-asn1_decode_sequence_of_typed_data(asn1buf *buf, krb5_pa_data ***val);
-asn1_error_code asn1_decode_typed_data(asn1buf *buf, krb5_pa_data *val);
-asn1_error_code asn1_decode_typed_data_ptr(asn1buf *buf,
- krb5_pa_data **valptr);
-
-/* arrays */
-asn1_error_code asn1_decode_authorization_data(asn1buf *buf,
- krb5_authdata ***val);
-asn1_error_code asn1_decode_host_addresses(asn1buf *buf, krb5_address ***val);
-asn1_error_code asn1_decode_sequence_of_ticket(asn1buf *buf,
- krb5_ticket ***val);
-asn1_error_code asn1_decode_sequence_of_krb_cred_info(asn1buf *buf,
- krb5_cred_info ***val);
-asn1_error_code asn1_decode_sequence_of_pa_data(asn1buf *buf,
- krb5_pa_data ***val);
-asn1_error_code asn1_decode_last_req(asn1buf *buf, krb5_last_req_entry ***val);
-
-asn1_error_code asn1_decode_sequence_of_enctype(asn1buf *buf, int *num,
- krb5_enctype **val);
-
-asn1_error_code asn1_decode_sequence_of_checksum(asn1buf *buf,
- krb5_checksum ***val);
-
-asn1_error_code asn1_decode_etype_info(asn1buf *buf,
- krb5_etype_info_entry ***val);
-asn1_error_code asn1_decode_etype_info2(asn1buf *buf,
- krb5_etype_info_entry ***val,
- krb5_boolean v1_3_behavior);
-asn1_error_code asn1_decode_sequence_of_external_principal_identifier(
- asn1buf *buf, krb5_external_principal_identifier ***val);
-asn1_error_code asn1_decode_sequence_of_algorithm_identifier(
- asn1buf *buf, krb5_algorithm_identifier ***val);
-
-asn1_error_code asn1_decode_setpw_req(asn1buf *buf, krb5_data *rep,
- krb5_principal *principal);
-asn1_error_code asn1_decode_pa_for_user(asn1buf *buf, krb5_pa_for_user *val);
-asn1_error_code asn1_decode_s4u_userid(asn1buf *buf, krb5_s4u_userid *val);
-asn1_error_code asn1_decode_pa_s4u_x509_user(asn1buf *buf,
- krb5_pa_s4u_x509_user *val);
-asn1_error_code asn1_decode_pa_pac_req(asn1buf *buf, krb5_pa_pac_req *val);
-
-asn1_error_code asn1_decode_fast_armor(asn1buf *buf, krb5_fast_armor *val);
-
-asn1_error_code asn1_decode_fast_armor_ptr(asn1buf *buf,
- krb5_fast_armor **val);
-
-asn1_error_code asn1_decode_fast_finished(asn1buf *buf,
- krb5_fast_finished *val);
-
-asn1_error_code asn1_decode_fast_finished_ptr(asn1buf *buf,
- krb5_fast_finished **val);
-
-asn1_error_code asn1_decode_ad_kdcissued(asn1buf *buf, krb5_ad_kdcissued *val);
-
-asn1_error_code asn1_decode_ad_kdcissued_ptr(asn1buf *buf,
- krb5_ad_kdcissued **val);
-
-asn1_error_code asn1_decode_ad_signedpath(asn1buf *buf,
- krb5_ad_signedpath *val);
-
-asn1_error_code asn1_decode_iakerb_header(asn1buf *buf,
- krb5_iakerb_header *val);
-
-asn1_error_code asn1_decode_iakerb_finished(asn1buf *buf,
- krb5_iakerb_finished *val);
-
-asn1_error_code
-asn1_decode_kdf_alg_id(asn1buf *buf, krb5_data *val);
-
-asn1_error_code
-asn1_decode_sequence_of_kdf_alg_id(asn1buf *buf, krb5_data ***val);
-
-#endif
+++ /dev/null
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-/* lib/krb5/asn.1/asn1_k_decode_fast.c */
-/*
- * Copyright 1994, 2007, 2008, 2010 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include "asn1_k_decode_macros.h"
-
-asn1_error_code
-asn1_decode_fast_armor(asn1buf *buf, krb5_fast_armor *val)
-{
- setup();
- val->armor_value.data = NULL;
- {begin_structure();
- get_field(val->armor_type, 0, asn1_decode_int32);
- get_lenfield(val->armor_value.length, val->armor_value.data,
- 1, asn1_decode_charstring);
- end_structure();
- }
- return 0;
-error_out:
- krb5_free_data_contents( NULL, &val->armor_value);
- return retval;
-}
-
-asn1_error_code
-asn1_decode_fast_armor_ptr(asn1buf *buf, krb5_fast_armor **valptr)
-{
- decode_ptr(krb5_fast_armor *, asn1_decode_fast_armor);
-}
-
-asn1_error_code
-asn1_decode_fast_finished(asn1buf *buf, krb5_fast_finished *val)
-{
- setup();
- val->client = NULL;
- val->ticket_checksum.contents = NULL;
- {begin_structure();
- get_field(val->timestamp, 0, asn1_decode_kerberos_time);
- get_field(val->usec, 1, asn1_decode_int32);
- alloc_field(val->client);
- get_field(val->client, 2, asn1_decode_realm);
- get_field(val->client, 3, asn1_decode_principal_name);
- get_field(val->ticket_checksum, 4, asn1_decode_checksum);
- end_structure();
- }
- return 0;
-error_out:
- krb5_free_principal(NULL, val->client);
- krb5_free_checksum_contents( NULL, &val->ticket_checksum);
- return retval;
-}
-
-asn1_error_code
-asn1_decode_fast_finished_ptr(asn1buf *buf, krb5_fast_finished **valptr)
-{
- decode_ptr( krb5_fast_finished *, asn1_decode_fast_finished);
-}
+++ /dev/null
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-/* lib/krb5/asn.1/asn1_k_decode_kdc.c */
-/*
- * Copyright 1994, 2007, 2008, 2010 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include "asn1_k_decode_macros.h"
-
-asn1_error_code
-asn1_decode_kdc_req(asn1buf *buf, krb5_kdc_req *val)
-{
- setup();
- val->padata = NULL;
- { begin_structure();
- { krb5_kvno kvno;
- get_field(kvno,1,asn1_decode_kvno);
- if (kvno != KVNO) clean_return(KRB5KDC_ERR_BAD_PVNO); }
- get_field(val->msg_type,2,asn1_decode_msgtype);
- opt_field(val->padata,3,asn1_decode_sequence_of_pa_data,NULL);
- get_field(*val,4,asn1_decode_kdc_req_body);
- end_structure();
- val->magic = KV5M_KDC_REQ;
- }
- return 0;
-error_out:
- krb5_free_pa_data(NULL, val->padata);
- val->padata = NULL;
- return retval;
-}
-
-asn1_error_code
-asn1_decode_kdc_req_body(asn1buf *buf, krb5_kdc_req *val)
-{
- setup();
- val->client = NULL;
- val->server = NULL;
- val->ktype = NULL;
- val->addresses = NULL;
- val->authorization_data.ciphertext.data = NULL;
- val->unenc_authdata = NULL;
- val->second_ticket = NULL;
- {
- krb5_principal psave;
- begin_structure();
- get_field(val->kdc_options,0,asn1_decode_kdc_options);
- if (tagnum == 1) { alloc_principal(val->client); }
- opt_field(val->client,1,asn1_decode_principal_name,NULL);
- alloc_principal(val->server);
- get_field(val->server,2,asn1_decode_realm);
- if (val->client != NULL) {
- retval = asn1_krb5_realm_copy(val->client,val->server);
- if (retval) clean_return(retval); }
-
- /* If opt_field server is missing, memory reference to server is
- * lost and results in memory leak
- */
- psave = val->server;
- opt_field(val->server,3,asn1_decode_principal_name,NULL);
- if (val->server == NULL) {
- if (psave->realm.data) {
- free(psave->realm.data);
- psave->realm.data = NULL;
- psave->realm.length=0;
- }
- free(psave);
- }
- opt_field(val->from,4,asn1_decode_kerberos_time,0);
- get_field(val->till,5,asn1_decode_kerberos_time);
- opt_field(val->rtime,6,asn1_decode_kerberos_time,0);
- get_field(val->nonce,7,asn1_decode_int32);
- get_lenfield(val->nktypes,val->ktype,8,asn1_decode_sequence_of_enctype);
- opt_field(val->addresses,9,asn1_decode_host_addresses,0);
- if (tagnum == 10) {
- get_field(val->authorization_data,10,asn1_decode_encrypted_data); }
- else {
- val->authorization_data.magic = KV5M_ENC_DATA;
- val->authorization_data.enctype = 0;
- val->authorization_data.kvno = 0;
- val->authorization_data.ciphertext.data = NULL;
- val->authorization_data.ciphertext.length = 0;
- }
- opt_field(val->second_ticket,11,asn1_decode_sequence_of_ticket,NULL);
- end_structure();
- val->magic = KV5M_KDC_REQ;
- }
- return 0;
-error_out:
- krb5_free_principal(NULL, val->client);
- krb5_free_principal(NULL, val->server);
- free(val->ktype);
- krb5_free_addresses(NULL, val->addresses);
- krb5_free_data_contents(NULL, &val->authorization_data.ciphertext);
- krb5_free_tickets(NULL, val->second_ticket);
- val->client = NULL;
- val->server = NULL;
- val->ktype = NULL;
- val->addresses = NULL;
- val->unenc_authdata = NULL;
- val->second_ticket = NULL;
- return retval;
-}
-
-#ifndef DISABLE_PKINIT
-/* PKINIT */
-asn1_error_code
-asn1_decode_pa_pk_as_req(asn1buf *buf, krb5_pa_pk_as_req *val)
-{
- setup();
- val->signedAuthPack.data = NULL;
- val->trustedCertifiers = NULL;
- val->kdcPkId.data = NULL;
- {
- begin_structure();
- get_implicit_charstring(val->signedAuthPack.length, val->signedAuthPack.data, 0);
- opt_field(val->trustedCertifiers, 1, asn1_decode_sequence_of_external_principal_identifier, NULL);
- opt_implicit_charstring(val->kdcPkId.length, val->kdcPkId.data, 2);
- end_structure();
- }
- return 0;
-error_out:
- free(val->signedAuthPack.data);
- free(val->trustedCertifiers);
- free(val->kdcPkId.data);
- val->signedAuthPack.data = NULL;
- val->trustedCertifiers = NULL;
- val->kdcPkId.data = NULL;
- return retval;
-}
-
-asn1_error_code
-asn1_decode_pa_pk_as_req_draft9(asn1buf *buf, krb5_pa_pk_as_req_draft9 *val)
-{
- int i;
- setup();
- val->signedAuthPack.data = NULL;
- val->kdcCert.data = NULL;
- { begin_structure();
- /* PA-PK-AS-REQ in draft9 has four fields, but we only care about the
- * first one. */
- get_implicit_charstring(val->signedAuthPack.length, val->signedAuthPack.data, 0);
- end_structure();
- }
- return 0;
-error_out:
- free(val->signedAuthPack.data);
- val->signedAuthPack.data = NULL;
- return retval;
-}
-
-static void
-free_algorithm_identifier(krb5_algorithm_identifier *val)
-{
- free(val->algorithm.data);
- free(val->parameters.data);
- free(val);
-}
-
-asn1_error_code
-asn1_decode_auth_pack(asn1buf *buf, krb5_auth_pack *val)
-{
- int i;
- setup();
- val->clientPublicValue = NULL;
- val->pkAuthenticator.paChecksum.contents = NULL;
- val->supportedCMSTypes = NULL;
- val->clientDHNonce.data = NULL;
- val->supportedKDFs = NULL;
- { begin_structure();
- get_field(val->pkAuthenticator, 0, asn1_decode_pk_authenticator);
- if (tagnum == 1) {
- alloc_field(val->clientPublicValue);
- val->clientPublicValue->algorithm.algorithm.data = NULL;
- val->clientPublicValue->algorithm.parameters.data = NULL;
- val->clientPublicValue->subjectPublicKey.data = NULL;
- }
- /* can't call opt_field because it does decoder(&subbuf, &(val)); */
- if (asn1buf_remains(&subbuf, seqindef)) {
- if ((asn1class != CONTEXT_SPECIFIC || construction != CONSTRUCTED)
- && (tagnum || taglen || asn1class != UNIVERSAL))
- clean_return(ASN1_BAD_ID);
- if (tagnum == 1) {
- retval = asn1_decode_subject_pk_info(&subbuf,
- val->clientPublicValue);
- if (retval) clean_return(retval);
- if (!taglen && indef) { get_eoc(); }
- next_tag();
- } else val->clientPublicValue = NULL;
- }
- /* can't call opt_field because it does decoder(&subbuf, &(val)); */
- if (asn1buf_remains(&subbuf, seqindef)) {
- if (tagnum == 2) {
- retval = asn1_decode_sequence_of_algorithm_identifier(&subbuf, &val->supportedCMSTypes);
- if (retval) clean_return(retval);
- if (!taglen && indef) { get_eoc(); }
- next_tag();
- } else val->supportedCMSTypes = NULL;
- }
- opt_lenfield(val->clientDHNonce.length, val->clientDHNonce.data, 3, asn1_decode_charstring);
- opt_field(val->supportedKDFs, 4, asn1_decode_sequence_of_kdf_alg_id, NULL);
- end_structure();
- }
- return 0;
-error_out:
- if (val->clientPublicValue) {
- free(val->clientPublicValue->algorithm.algorithm.data);
- free(val->clientPublicValue->algorithm.parameters.data);
- free(val->clientPublicValue->subjectPublicKey.data);
- free(val->clientPublicValue);
- }
- free(val->pkAuthenticator.paChecksum.contents);
- if (val->supportedCMSTypes) {
- for (i = 0; val->supportedCMSTypes[i]; i++)
- free_algorithm_identifier(val->supportedCMSTypes[i]);
- free(val->supportedCMSTypes);
- }
- free(val->clientDHNonce.data);
- if (val->supportedKDFs) {
- for (i = 0; val->supportedKDFs[i]; i++)
- krb5_free_data(NULL, val->supportedKDFs[i]);
- free(val->supportedKDFs);
- val->supportedKDFs = NULL;
- }
- val->clientPublicValue = NULL;
- val->pkAuthenticator.paChecksum.contents = NULL;
- val->supportedCMSTypes = NULL;
- val->clientDHNonce.data = NULL;
- return retval;
-}
-
-asn1_error_code
-asn1_decode_auth_pack_draft9(asn1buf *buf, krb5_auth_pack_draft9 *val)
-{
- setup();
- val->pkAuthenticator.kdcName = NULL;
- val->clientPublicValue = NULL;
- { begin_structure();
- get_field(val->pkAuthenticator, 0, asn1_decode_pk_authenticator_draft9);
- if (tagnum == 1) {
- alloc_field(val->clientPublicValue);
- val->clientPublicValue->algorithm.algorithm.data = NULL;
- val->clientPublicValue->algorithm.parameters.data = NULL;
- val->clientPublicValue->subjectPublicKey.data = NULL;
- /* can't call opt_field because it does decoder(&subbuf, &(val)); */
- if (asn1buf_remains(&subbuf, seqindef)) {
- if ((asn1class != CONTEXT_SPECIFIC || construction != CONSTRUCTED)
- && (tagnum || taglen || asn1class != UNIVERSAL))
- clean_return(ASN1_BAD_ID);
- if (tagnum == 1) {
- retval = asn1_decode_subject_pk_info(&subbuf,
- val->clientPublicValue);
- if (retval) clean_return(retval);
- if (!taglen && indef) { get_eoc(); }
- next_tag();
- } else val->clientPublicValue = NULL;
- }
- }
- end_structure();
- }
- return 0;
-error_out:
- free(val->pkAuthenticator.kdcName);
- if (val->clientPublicValue) {
- free(val->clientPublicValue->algorithm.algorithm.data);
- free(val->clientPublicValue->algorithm.parameters.data);
- free(val->clientPublicValue->subjectPublicKey.data);
- free(val->clientPublicValue);
- }
- val->pkAuthenticator.kdcName = NULL;
- val->clientPublicValue = NULL;
- return retval;
-}
-
-#endif /* DISABLE_PKINIT */
+++ /dev/null
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-/* lib/krb5/asn.1/asn1_k_decode_macros.h */
-/*
- * Copyright 1994, 2007, 2008, 2010 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#ifndef ASN1_DECODE_KRB5_MACROS_H
-#define ASN1_DECODE_KRB5_MACROS_H
-
-#include "asn1_k_decode.h"
-#include "asn1_decode.h"
-#include "asn1_get.h"
-#include "asn1_misc.h"
-
-#if __GNUC__ >= 3
-#define KRB5_ATTR_UNUSED __attribute__((unused))
-#else
-#define KRB5_ATTR_UNUSED
-#endif
-
-#define clean_return(val) { retval = val; goto error_out; }
-
-/* Declare useful decoder variables. */
-#define setup() \
- asn1_error_code retval; \
- asn1_class asn1class; \
- asn1_construction construction KRB5_ATTR_UNUSED; \
- asn1_tagnum tagnum; \
- unsigned int length, taglen KRB5_ATTR_UNUSED
-
-#define unused_var(x) if (0) { x = 0; x = x - x; }
-
-/* This is used for prefetch of next tag in sequence. */
-#define next_tag() \
- { taginfo t2; \
- retval = asn1_get_tag_2(&subbuf, &t2); \
- if (retval) clean_return(retval); \
- /* Copy out to match previous functionality, until better integrated. */ \
- asn1class = t2.asn1class; \
- construction = t2.construction; \
- tagnum = t2.tagnum; \
- taglen = t2.length; \
- indef = t2.indef; \
- }
-
-static asn1_error_code
-asn1_get_eoc_tag (asn1buf *buf)
-{
- asn1_error_code retval;
- taginfo t;
-
- retval = asn1_get_tag_2(buf, &t);
- if (retval)
- return retval;
- if (t.asn1class != UNIVERSAL || t.tagnum || t.indef)
- return ASN1_MISSING_EOC;
- return 0;
-}
-
-/* Force check for EOC tag. */
-#define get_eoc() \
- { \
- retval = asn1_get_eoc_tag(&subbuf); \
- if (retval) clean_return(retval); \
- }
-
-#define alloc_field(var) \
- var = calloc(1, sizeof(*var)); \
- if ((var) == NULL) clean_return(ENOMEM)
-
-/*
- * Allocate a principal and initialize enough fields for
- * krb5_free_principal to have defined behavior.
- */
-#define alloc_principal(var) \
- alloc_field(var); \
- var->realm.data = NULL; \
- var->data = NULL
-
-/*
- * Allocate a data structure and initialize enough fields for
- * krb5_free_data to have defined behavior.
- */
-#define alloc_data(var) \
- alloc_field(var); \
- var->data = NULL
-
-/* Fetch an expected APPLICATION class tag and verify. */
-#define apptag(tagexpect) \
- { \
- taginfo t1; \
- retval = asn1_get_tag_2(buf, &t1); \
- if (retval) clean_return(retval); \
- if (t1.asn1class != APPLICATION || t1.construction != CONSTRUCTED || \
- t1.tagnum != (tagexpect)) clean_return(ASN1_BAD_ID); \
- /* Copy out to match previous functionality, until better integrated. */ \
- asn1class = t1.asn1class; \
- construction = t1.construction; \
- tagnum = t1.tagnum; \
- applen = t1.length; \
- }
-
-/**** normal fields ****/
-
-/*
- * get_field_body
- *
- * Get bare field. This also prefetches the next tag. The call to
- * get_eoc() assumes that any values fetched by this macro are
- * enclosed in a context-specific tag.
- */
-#define get_field_body(var, decoder) \
- retval = decoder(&subbuf, &(var)); \
- if (retval) clean_return(retval); \
- if (!taglen && indef) { get_eoc(); } \
- next_tag()
-
-/*
- * error_if_bad_tag
- *
- * Checks that the next tag is the expected one; returns with an error
- * if not.
- */
-#define error_if_bad_tag(tagexpect) \
- if (tagnum != (tagexpect)) { clean_return((tagnum < (tagexpect)) ? ASN1_MISPLACED_FIELD : ASN1_MISSING_FIELD); }
-
-/*
- * get_field
- *
- * Get field having an expected context specific tag. This assumes
- * that context-specific tags are monotonically increasing in its
- * verification of tag numbers.
- */
-#define get_field(var, tagexpect, decoder) \
- error_if_bad_tag(tagexpect); \
- if ((asn1class != CONTEXT_SPECIFIC || construction != CONSTRUCTED) \
- && (tagnum || taglen || asn1class != UNIVERSAL)) \
- clean_return(ASN1_BAD_ID); \
- get_field_body(var,decoder)
-
-/*
- * opt_field
- *
- * Get an optional field with an expected context specific tag.
- * Assumes that OPTVAL will have the default value, thus failing to
- * distinguish between absent optional values and present optional
- * values that happen to have the value of OPTVAL.
- */
-#define opt_field(var, tagexpect, decoder, optvalue) \
- if (asn1buf_remains(&subbuf, seqindef)) { \
- if ((asn1class != CONTEXT_SPECIFIC || construction != CONSTRUCTED) \
- && (tagnum || taglen || asn1class != UNIVERSAL)) \
- clean_return(ASN1_BAD_ID); \
- if (tagnum == (tagexpect)) { \
- get_field_body(var, decoder); \
- } else var = optvalue; \
- }
-
-/**** fields w/ length ****/
-
-/* similar to get_field_body */
-#define get_lenfield_body(len, var, decoder) \
- retval = decoder(&subbuf, &(len), &(var)); \
- if (retval) clean_return(retval); \
- if (!taglen && indef) { get_eoc(); } \
- next_tag()
-
-/* similar to get_field_body */
-#define get_lenfield(len, var, tagexpect, decoder) \
- error_if_bad_tag(tagexpect); \
- if ((asn1class != CONTEXT_SPECIFIC || construction != CONSTRUCTED) \
- && (tagnum || taglen || asn1class != UNIVERSAL)) \
- clean_return(ASN1_BAD_ID); \
- get_lenfield_body(len, var, decoder)
-
-/* similar to opt_field */
-#define opt_lenfield(len, var, tagexpect, decoder) \
- if (tagnum == (tagexpect)) { \
- get_lenfield_body(len, var, decoder); \
- } else { len = 0; var = 0; }
-
-/*
- * Deal with implicitly tagged fields
- */
-#define get_implicit_charstring(len, var, tagexpect) \
- if (tagnum != (tagexpect)) clean_return(ASN1_MISSING_FIELD); \
- if (asn1class != CONTEXT_SPECIFIC || construction != PRIMITIVE) \
- clean_return(ASN1_BAD_ID); \
- retval = asn1buf_remove_charstring(&subbuf, taglen, &(var)); \
- if (retval) clean_return(retval); \
- (len) = taglen; \
- next_tag()
-
-#define opt_implicit_charstring(len, var, tagexpect) \
- if (tagnum == (tagexpect)) { \
- if (asn1class != CONTEXT_SPECIFIC || construction != PRIMITIVE) \
- clean_return(ASN1_BAD_ID); \
- retval = asn1buf_remove_charstring(&subbuf, taglen, &(var)); \
- if (retval) clean_return(retval); \
- (len) = taglen; \
- next_tag(); \
- } else { (len) = 0; (var) = NULL; }
-
-/*
- * begin_structure
- *
- * Declares some variables for decoding SEQUENCE types. This is meant
- * to be called in an inner block that ends with a call to
- * end_structure().
- */
-#define begin_structure() \
- asn1buf subbuf; \
- int seqindef; \
- int indef; \
- retval = asn1_get_sequence(buf, &length, &seqindef); \
- if (retval) clean_return(retval); \
- retval = asn1buf_imbed(&subbuf, buf, length, seqindef); \
- if (retval) clean_return(retval); \
- next_tag()
-
-/*
- * This is used for structures which have no tagging.
- * It is the same as begin_structure() except next_tag()
- * is not called.
- */
-#define begin_structure_no_tag() \
- asn1buf subbuf; \
- int seqindef; \
- int indef; \
- retval = asn1_get_sequence(buf, &length, &seqindef); \
- if (retval) clean_return(retval); \
- retval = asn1buf_imbed(&subbuf, buf, length, seqindef); \
- if (retval) clean_return(retval)
-
-/* skip trailing garbage */
-#define end_structure() \
- retval = asn1buf_sync(buf, &subbuf, asn1class, tagnum, \
- length, indef, seqindef); \
- if (retval) clean_return(retval)
-
-/*
- * begin_choice
- *
- * Declares some variables for decoding CHOICE types. This is meant
- * to be called in an inner block that ends with a call to
- * end_choice().
- */
-#define begin_choice() \
- asn1buf subbuf; \
- int seqindef; \
- int indef KRB5_ATTR_UNUSED; \
- taginfo t; \
- retval = asn1_get_tag_2(buf, &t); \
- if (retval) clean_return(retval); \
- tagnum = t.tagnum; \
- taglen = t.length; \
- indef = t.indef; \
- length = t.length; \
- seqindef = t.indef; \
- asn1class = t.asn1class; \
- construction = t.construction; \
- retval = asn1buf_imbed(&subbuf, buf, length, seqindef); \
- if (retval) clean_return(retval)
-
-/* skip trailing garbage */
-#define end_choice() \
- length -= t.length; \
- retval = asn1buf_sync(buf, &subbuf, t.asn1class, t.tagnum, \
- length, t.indef, seqindef); \
- if (retval) clean_return(retval)
-
-/*
- * sequence_of
- *
- * Declares some variables for decoding SEQUENCE OF types. This is
- * meant to be called in an inner block that ends with a call to
- * end_sequence_of().
- */
-#define sequence_of(buf) \
- unsigned int length, taglen KRB5_ATTR_UNUSED ; \
- asn1_class asn1class; \
- asn1_construction construction KRB5_ATTR_UNUSED ; \
- asn1_tagnum tagnum; \
- int indef; \
- sequence_of_common(buf)
-
-/*
- * sequence_of_no_tagvars
- *
- * This is meant for use inside decoder functions that have an outer
- * sequence structure and thus declares variables of different names
- * than does sequence_of() to avoid shadowing.
- */
-#define sequence_of_no_tagvars(buf) \
- sequence_of_common(buf)
-
-/*
- * sequence_of_common
- *
- * Fetches the outer SEQUENCE OF length info into {length,seqofindef}
- * and imbeds an inner buffer seqbuf. Unlike begin_structure(), it
- * does not prefetch the next tag.
- */
-#define sequence_of_common(buf) \
- asn1buf seqbuf; \
- int seqofindef; \
- retval = asn1_get_sequence(buf, &length, &seqofindef); \
- if (retval) clean_return(retval); \
- retval = asn1buf_imbed(&seqbuf, buf, length, seqofindef); \
- if (retval) clean_return(retval)
-
-/*
- * end_sequence_of
- *
- * Attempts to fetch an EOC tag, if any, and to sync over trailing
- * garbage, if any.
- */
-#define end_sequence_of(buf) \
- { \
- taginfo t4; \
- retval = asn1_get_tag_2(&seqbuf, &t4); \
- if (retval) clean_return(retval); \
- /* Copy out to match previous functionality, until better integrated. */ \
- asn1class = t4.asn1class; \
- construction = t4.construction; \
- tagnum = t4.tagnum; \
- taglen = t4.length; \
- indef = t4.indef; \
- } \
- retval = asn1buf_sync(buf, &seqbuf, asn1class, tagnum, \
- length, indef, seqofindef); \
- if (retval) clean_return(retval);
-
-/*
- * end_sequence_of_no_tagvars
- *
- * Like end_sequence_of(), but uses the different (non-shadowing)
- * variable names.
- */
-static inline asn1_error_code
-end_sequence_of_no_tagvars_helper(asn1buf *buf, asn1buf *seqbufp,
- int seqofindef)
-{
- taginfo t;
- asn1_error_code retval;
-
- retval = asn1_get_tag_2(seqbufp, &t);
- if (retval)
- return retval;
- retval = asn1buf_sync(buf, seqbufp, t.asn1class, t.tagnum,
- t.length, t.indef, seqofindef);
- return retval;
-}
-#define end_sequence_of_no_tagvars(buf) \
- retval = end_sequence_of_no_tagvars_helper(buf, &seqbuf, seqofindef); \
- if (retval) clean_return(retval)
-
-/*
- * Function body for a pointer decoder, which allocates a pointer
- * field and invokes a structure decoder to fill it in. Pointer
- * decoders always fill in their output parameters with NULL (on
- * error) or a valid constructed structure, making cleanup easier on
- * callers.
- */
-#define decode_ptr(type, structure_decoder) \
- type val; \
- asn1_error_code retval; \
- \
- *valptr = NULL; \
- val = calloc(1, sizeof(*val)); \
- if (!val) \
- return ENOMEM; \
- retval = structure_decoder(buf, val); \
- if (retval) { \
- free(val); \
- return retval; \
- } \
- *valptr = val; \
- return 0;
-#define integer_convert(fname,ktype) \
- asn1_error_code fname(asn1buf * buf, ktype * val) \
- { \
- asn1_error_code retval; \
- long n; \
- retval = asn1_decode_integer(buf,&n); \
- if (retval) return retval; \
- *val = (ktype)n; \
- return 0; \
- }
-#define unsigned_integer_convert(fname,ktype) \
- asn1_error_code fname(asn1buf * buf, ktype * val) \
- { \
- asn1_error_code retval; \
- unsigned long n; \
- retval = asn1_decode_unsigned_integer(buf,&n); \
- if (retval) return retval; \
- *val = (ktype)n; \
- return 0; \
- }
-#endif
+++ /dev/null
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-/* lib/krb5/asn.1/asn1_k_decode_sam.c */
-/*
- * Copyright 1994, 2007, 2008, 2010 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include "asn1_k_decode_macros.h"
-
-asn1_error_code
-asn1_decode_sam_flags(asn1buf *buf, krb5_flags *val)
-{
- return asn1_decode_krb5_flags(buf,val);
-}
-
-#define opt_string(val,n,fn) opt_lenfield((val).length,(val).data,n,fn)
-#define opt_cksum(var,tagexpect,decoder) \
- if (tagnum == (tagexpect)) { \
- get_field_body(var,decoder); } \
- else var.length = 0
-
-asn1_error_code
-asn1_decode_sam_challenge_2(asn1buf *buf, krb5_sam_challenge_2 *val)
-{
- krb5_checksum **cksump;
- setup();
- val->sam_challenge_2_body.data = NULL;
- val->sam_cksum = NULL;
- { char *save, *end;
- size_t alloclen;
- begin_structure();
- if (tagnum != 0) clean_return(ASN1_MISSING_FIELD);
- if (asn1class != CONTEXT_SPECIFIC || construction != CONSTRUCTED)
- clean_return(ASN1_BAD_ID);
- save = subbuf.next;
- { sequence_of_no_tagvars(&subbuf);
- end_sequence_of_no_tagvars(&subbuf);
- }
- end = subbuf.next;
- alloclen = end - save;
- val->sam_challenge_2_body.data = malloc(alloclen);
- if (!val->sam_challenge_2_body.data)
- clean_return(ENOMEM);
- val->sam_challenge_2_body.length = alloclen;
- memcpy(val->sam_challenge_2_body.data, save, alloclen);
- next_tag();
- get_field(val->sam_cksum, 1, asn1_decode_sequence_of_checksum);
- end_structure();
- }
- return 0;
-error_out:
- krb5_free_data_contents(NULL, &val->sam_challenge_2_body);
- if (val->sam_cksum) {
- for (cksump = val->sam_cksum; *cksump; cksump++)
- krb5_free_checksum(NULL, *cksump);
- free(val->sam_cksum);
- val->sam_cksum = NULL;
- }
- return retval;
-}
-
-asn1_error_code
-asn1_decode_sam_challenge_2_body(asn1buf *buf, krb5_sam_challenge_2_body *val)
-{
- setup();
- val->sam_type_name.data = NULL;
- val->sam_track_id.data = NULL;
- val->sam_challenge_label.data = NULL;
- val->sam_challenge.data = NULL;
- val->sam_response_prompt.data = NULL;
- val->sam_pk_for_sad.data = NULL;
- { begin_structure();
- get_field(val->sam_type,0,asn1_decode_int32);
- get_field(val->sam_flags,1,asn1_decode_sam_flags);
- opt_string(val->sam_type_name,2,asn1_decode_charstring);
- opt_string(val->sam_track_id,3,asn1_decode_charstring);
- opt_string(val->sam_challenge_label,4,asn1_decode_charstring);
- opt_string(val->sam_challenge,5,asn1_decode_charstring);
- opt_string(val->sam_response_prompt,6,asn1_decode_charstring);
- opt_string(val->sam_pk_for_sad,7,asn1_decode_charstring);
- get_field(val->sam_nonce,8,asn1_decode_int32);
- get_field(val->sam_etype, 9, asn1_decode_int32);
- end_structure();
- val->magic = KV5M_SAM_CHALLENGE;
- }
- return 0;
-error_out:
- krb5_free_sam_challenge_2_body_contents(NULL, val);
- return retval;
-}
-
-asn1_error_code
-asn1_decode_enc_sam_response_enc_2(asn1buf *buf, krb5_enc_sam_response_enc_2 *val)
-{
- setup();
- val->sam_sad.data = NULL;
- { begin_structure();
- get_field(val->sam_nonce,0,asn1_decode_int32);
- opt_string(val->sam_sad,1,asn1_decode_charstring);
- end_structure();
- val->magic = KV5M_ENC_SAM_RESPONSE_ENC_2;
- }
- return 0;
-error_out:
- krb5_free_enc_sam_response_enc_2_contents(NULL, val);
- return retval;
-}
-
-#define opt_encfield(fld,tag,fn) \
- if (tagnum == tag) { \
- get_field(fld,tag,fn); } \
- else { \
- fld.magic = 0; \
- fld.enctype = 0; \
- fld.kvno = 0; \
- fld.ciphertext.data = NULL; \
- fld.ciphertext.length = 0; \
- }
-
-asn1_error_code
-asn1_decode_sam_response_2(asn1buf *buf, krb5_sam_response_2 *val)
-{
- setup();
- val->sam_track_id.data = NULL;
- val->sam_enc_nonce_or_sad.ciphertext.data = NULL;
- { begin_structure();
- get_field(val->sam_type,0,asn1_decode_int32);
- get_field(val->sam_flags,1,asn1_decode_sam_flags);
- opt_string(val->sam_track_id,2,asn1_decode_charstring);
- get_field(val->sam_enc_nonce_or_sad,3,asn1_decode_encrypted_data);
- get_field(val->sam_nonce,4,asn1_decode_int32);
- end_structure();
- val->magic = KV5M_SAM_RESPONSE;
- }
- return 0;
-error_out:
- krb5_free_sam_response_2_contents(NULL, val);
- return retval;
-}
+++ /dev/null
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-/* lib/krb5/asn.1/asn1_misc.c */
-/*
- * Copyright 1994 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include "asn1_misc.h"
-
-asn1_error_code
-asn1_krb5_realm_copy(krb5_principal target, krb5_principal source)
-{
- target->realm.length = source->realm.length;
- target->realm.data = (char*)malloc(target->realm.length); /* copy realm */
- if (target->realm.data == NULL) return ENOMEM;
- memcpy(target->realm.data,source->realm.data, /* to client */
- target->realm.length);
- return 0;
-}
+++ /dev/null
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-/* lib/krb5/asn.1/asn1_misc.h */
-/*
- * Copyright 1994 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#ifndef __ASN1_MISC_H__
-#define __ASN1_MISC_H__
-
-#include "k5-int.h"
-#include "krbasn1.h"
-
-asn1_error_code asn1_krb5_realm_copy(krb5_principal target,
- krb5_principal source);
-/*
- * requires target, source, and source->realm are allocated
- * effects Copies source->realm into target->realm.
- * Returns ENOMEM if memory is exhausted.
- */
-
-#endif
#define ASN1BUF_OMIT_INLINE_FUNCS
#include "asn1buf.h"
#include <stdio.h>
-#include "asn1_get.h"
#ifdef USE_VALGRIND
#include <valgrind/memcheck.h>
return 0;
}
-asn1_error_code
-asn1buf_wrap_data(asn1buf *buf, const krb5_data *code)
-{
- if (code == NULL || code->data == NULL) return ASN1_MISSING_FIELD;
- buf->next = buf->base = code->data;
- buf->bound = code->data + code->length - 1;
- return 0;
-}
-
-asn1_error_code
-asn1buf_imbed(asn1buf *subbuf, const asn1buf *buf, const unsigned int length, const int indef)
-{
- if (buf->next > buf->bound + 1) return ASN1_OVERRUN;
- subbuf->base = subbuf->next = buf->next;
- if (!indef) {
- if (length > (size_t)(buf->bound + 1 - buf->next)) return ASN1_OVERRUN;
- subbuf->bound = subbuf->base + length - 1;
- } else /* constructed indefinite */
- subbuf->bound = buf->bound;
- return 0;
-}
-
-asn1_error_code
-asn1buf_sync(asn1buf *buf, asn1buf *subbuf,
- asn1_class asn1class, asn1_tagnum lasttag,
- unsigned int length, int indef, int seqindef)
-{
- asn1_error_code retval;
-
- if (!seqindef) {
- /* sequence was encoded as definite length */
- buf->next = subbuf->bound + 1;
- } else if (!asn1_is_eoc(asn1class, lasttag, indef)) {
- retval = asn1buf_skiptail(subbuf, length, indef);
- if (retval)
- return retval;
- } else {
- /* We have just read the EOC octets. */
- buf->next = subbuf->next;
- }
- return 0;
-}
-
-asn1_error_code
-asn1buf_skiptail(asn1buf *buf, const unsigned int length, const int indef)
-{
- asn1_error_code retval;
- taginfo t;
- int nestlevel;
-
- nestlevel = 1 + indef;
- if (!indef) {
- if (length <= (size_t)(buf->bound - buf->next + 1))
- buf->next += length;
- else
- return ASN1_OVERRUN;
- }
- while (nestlevel > 0) {
- if (buf->bound - buf->next + 1 <= 0)
- return ASN1_OVERRUN;
- retval = asn1_get_tag_2(buf, &t);
- if (retval) return retval;
- if (!t.indef) {
- if (t.length <= (size_t)(buf->bound - buf->next + 1))
- buf->next += t.length;
- else
- return ASN1_OVERRUN;
- }
- if (t.indef)
- nestlevel++;
- if (asn1_is_eoc(t.asn1class, t.tagnum, t.indef))
- nestlevel--; /* got an EOC encoding */
- }
- return 0;
-}
-
void
asn1buf_destroy(asn1buf **buf)
{
return 0;
}
-
-#undef asn1buf_remove_octet
-asn1_error_code asn1buf_remove_octet(asn1buf *buf, asn1_octet *o)
-{
- if (buf->next > buf->bound) return ASN1_OVERRUN;
- *o = (asn1_octet)(*((buf->next)++));
- return 0;
-}
-
-asn1_error_code
-asn1buf_remove_octetstring(asn1buf *buf, const unsigned int len, asn1_octet **s)
-{
- unsigned int i;
-
- if (buf->next > buf->bound + 1) return ASN1_OVERRUN;
- if (len > (size_t)(buf->bound + 1 - buf->next)) return ASN1_OVERRUN;
- if (len == 0) {
- *s = 0;
- return 0;
- }
- *s = (asn1_octet*)malloc(len*sizeof(asn1_octet));
- if (*s == NULL)
- return ENOMEM;
- for (i=0; i<len; i++)
- (*s)[i] = (asn1_octet)(buf->next)[i];
- buf->next += len;
- return 0;
-}
-
-asn1_error_code
-asn1buf_remove_charstring(asn1buf *buf, const unsigned int len, char **s)
-{
- unsigned int i;
-
- if (buf->next > buf->bound + 1) return ASN1_OVERRUN;
- if (len > (size_t)(buf->bound + 1 - buf->next)) return ASN1_OVERRUN;
- if (len == 0) {
- *s = 0;
- return 0;
- }
- *s = (char*)malloc(len*sizeof(char));
- if (*s == NULL) return ENOMEM;
- for (i=0; i<len; i++)
- (*s)[i] = (char)(buf->next)[i];
- buf->next += len;
- return 0;
-}
-
-int
-asn1buf_remains(asn1buf *buf, int indef)
-{
- int remain;
- if (buf == NULL || buf->base == NULL) return 0;
- remain = buf->bound - buf->next +1;
- if (remain <= 0) return remain;
- /*
- * Two 0 octets means the end of an indefinite encoding.
- */
- if (indef && remain >= 2 && !*(buf->next) && !*(buf->next + 1))
- return 0;
- else return remain;
-}
-
asn1_error_code
asn12krb5_buf(const asn1buf *buf, krb5_data **code)
{
return 0;
}
-
-
-/*
- * These parse and unparse procedures should be moved out. They're
- * useful only for debugging and superfluous in the production
- * version.
- */
-
-asn1_error_code
-asn1buf_unparse(const asn1buf *buf, char **s)
-{
- free(*s);
- if (buf == NULL) {
- *s = strdup("<NULL>");
- if (*s == NULL) return ENOMEM;
- } else if (buf->base == NULL) {
- *s = strdup("<EMPTY>");
- if (*s == NULL) return ENOMEM;
- } else {
- unsigned int length = asn1buf_len(buf);
- unsigned int i;
-
- *s = calloc(length+1, sizeof(char));
- if (*s == NULL) return ENOMEM;
- (*s)[length] = '\0';
- for (i=0; i<length; i++) ;
-/* OLDDECLARG( (*s)[i] = , (buf->base)[length-i-1]) */
- }
- return 0;
-}
-
-asn1_error_code
-asn1buf_hex_unparse(const asn1buf *buf, char **s)
-{
-#define hexchar(d) ((d)<=9 ? ('0'+(d)) : \
- ((d)<=15 ? ('A'+(d)-10) : \
- 'X'))
-
- free(*s);
-
- if (buf == NULL) {
- *s = strdup("<NULL>");
- if (*s == NULL) return ENOMEM;
- } else if (buf->base == NULL) {
- *s = strdup("<EMPTY>");
- if (*s == NULL) return ENOMEM;
- } else {
- unsigned int length = asn1buf_len(buf);
- int i;
-
- *s = malloc(3*length);
- if (*s == NULL) return ENOMEM;
- for (i = length-1; i >= 0; i--) {
- (*s)[3*(length-i-1)] = hexchar(((buf->base)[i]&0xF0)>>4);
- (*s)[3*(length-i-1)+1] = hexchar((buf->base)[i]&0x0F);
- (*s)[3*(length-i-1)+2] = ' ';
- }
- (*s)[3*length-1] = '\0';
- }
- return 0;
-}
-
/****************************************************************/
/* Private Procedures */
* Returns ENOMEM if the buffer can't be created.
*/
-asn1_error_code asn1buf_wrap_data(asn1buf *buf, const krb5_data *code);
-/*
- * requires *buf has already been allocated
- * effects Turns *buf into a "wrapper" for *code. i.e. *buf is set up
- * such that its bottom is the beginning of *code, and its top
- * is the top of *code.
- * Returns ASN1_MISSING_FIELD if code is empty.
- */
-
-asn1_error_code asn1buf_imbed(asn1buf *subbuf, const asn1buf *buf,
- const unsigned int length,
- const int indef);
-/*
- * requires *subbuf and *buf are allocated
- * effects *subbuf becomes a sub-buffer of *buf. *subbuf begins
- * at *buf's current position and is length octets long.
- * (Unless this would exceed the bounds of *buf -- in
- * that case, ASN1_OVERRUN is returned) *subbuf's current
- * position starts at the beginning of *subbuf.
- */
-
-asn1_error_code asn1buf_sync(asn1buf *buf, asn1buf *subbuf, asn1_class Class,
- asn1_tagnum lasttag,
- unsigned int length, int indef,
- int seqindef);
-/*
- * requires *subbuf is a sub-buffer of *buf, as created by asn1buf_imbed.
- * lasttag is the last tagnumber read.
- * effects Synchronizes *buf's current position to match that of *subbuf.
- */
-
-asn1_error_code asn1buf_skiptail(asn1buf *buf, const unsigned int length,
- const int indef);
-/*
- * requires *buf is a subbuffer used in a decoding of a
- * constructed indefinite sequence.
- * effects skips trailing fields.
- */
-
void asn1buf_destroy(asn1buf **buf);
/* effects Deallocates **buf, sets *buf to NULL. */
*/
#define asn1buf_insert_octetstring asn1buf_insert_bytestring
-#define asn1buf_insert_charstring asn1buf_insert_bytestring
-
-asn1_error_code asn1buf_remove_octet(asn1buf *buf, asn1_octet *o);
-/*
- * requires *buf is allocated
- * effects Returns *buf's current octet in *o and advances to
- * the next octet.
- * Returns ASN1_OVERRUN if *buf has already been exhausted.
- */
-#define asn1buf_remove_octet(buf,o) \
- (((buf)->next > (buf)->bound) \
- ? ASN1_OVERRUN \
- : ((*(o) = (asn1_octet)(*(((buf)->next)++))),0))
-
-asn1_error_code
-asn1buf_remove_octetstring(
- asn1buf *buf,
- const unsigned int len,
- asn1_octet **s);
-/*
- * requires *buf is allocated
- * effects Removes the next len octets of *buf and returns them in **s.
- * Returns ASN1_OVERRUN if there are fewer than len unread octets
- * left in *buf.
- * Returns ENOMEM if *s could not be allocated.
- */
-
-asn1_error_code
-asn1buf_remove_charstring(asn1buf *buf, const unsigned int len, char **s);
-/*
- * requires *buf is allocated
- * effects Removes the next len octets of *buf and returns them in **s.
- * Returns ASN1_OVERRUN if there are fewer than len unread octets
- * left in *buf.
- * Returns ENOMEM if *s could not be allocated.
- */
-
-asn1_error_code asn1buf_unparse(const asn1buf *buf, char **s);
-/*
- * modifies *s
- * effects Returns a human-readable representation of *buf in *s,
- * where each octet in *buf is represented by a character in *s.
- */
-
-asn1_error_code asn1buf_hex_unparse(const asn1buf *buf, char **s);
-/*
- * modifies *s
- * effects Returns a human-readable representation of *buf in *s,
- * where each octet in *buf is represented by a 2-digit
- * hexadecimal number in *s.
- */
asn1_error_code asn12krb5_buf(const asn1buf *buf, krb5_data **code);
/*
* effects Instantiates **code with the krb5_data representation of **buf.
*/
-int asn1buf_remains(asn1buf *buf, int indef);
-/*
- * requires *buf is a buffer containing an asn.1 structure or array
- * modifies *buf
- * effects Returns the number of unprocessed octets remaining in *buf.
- */
-
#endif
+++ /dev/null
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-/* lib/krb5/asn.1/asn1glue.h */
-/*
- * Copyright 1989,1990 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-/*
- *
- * Header file for some glue functions (macros, mostly)
- */
-
-
-#ifndef __KRB5_GLUE_H__
-#define __KRB5_GLUE_H__
-
-#define krb5_data2qbuf(val) str2qb((val)->data, (val)->length, 1)
-
-#define krb5_kdcoptions2KRB5_KDCOptions(val, err) (struct type_KRB5_KDCOptions *)krb5_flags2KRB5_TicketFlags(val, err)
-#define KRB5_KDCOptions2krb5_kdcoptions(val, err) KRB5_TicketFlags2krb5_flags((struct type_KRB5_TicketFlags *) (val), err)
-#define krb5_apoptions2KRB5_APOptions(val, err) (struct type_KRB5_APOptions *)krb5_flags2KRB5_TicketFlags(val, err)
-#define KRB5_APOptions2krb5_apoptions(val, err) KRB5_TicketFlags2krb5_flags((struct type_KRB5_APOptions *) (val), err)
-
-/* to keep lint happy */
-#define xmalloc(n) malloc((unsigned) (n))
-#define xcalloc(n,s) calloc((unsigned)(n), (unsigned)(s))
-
-#endif /* __KRB5_GLUE_H__ */
#
# Generated makefile dependencies follow.
#
-asn1_decode.so asn1_decode.po $(OUTPRE)asn1_decode.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
- $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
- $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
- $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
- $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
- $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
- $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
- $(top_srcdir)/include/socket-utils.h asn1_decode.c \
- asn1_decode.h asn1_get.h asn1buf.h krbasn1.h
-asn1_k_decode.so asn1_k_decode.po $(OUTPRE)asn1_k_decode.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
- $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
- $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
- $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
- $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
- $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
- $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
- $(top_srcdir)/include/socket-utils.h asn1_decode.h \
- asn1_get.h asn1_k_decode.c asn1_k_decode.h asn1_k_decode_macros.h \
- asn1_misc.h asn1buf.h krbasn1.h
-asn1_k_decode_fast.so asn1_k_decode_fast.po $(OUTPRE)asn1_k_decode_fast.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
- $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
- $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
- $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
- $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
- $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
- $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
- $(top_srcdir)/include/socket-utils.h asn1_decode.h \
- asn1_get.h asn1_k_decode.h asn1_k_decode_fast.c asn1_k_decode_macros.h \
- asn1_misc.h asn1buf.h krbasn1.h
-asn1_k_decode_kdc.so asn1_k_decode_kdc.po $(OUTPRE)asn1_k_decode_kdc.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
- $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
- $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
- $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
- $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
- $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
- $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
- $(top_srcdir)/include/socket-utils.h asn1_decode.h \
- asn1_get.h asn1_k_decode.h asn1_k_decode_kdc.c asn1_k_decode_macros.h \
- asn1_misc.h asn1buf.h krbasn1.h
-asn1_k_decode_sam.so asn1_k_decode_sam.po $(OUTPRE)asn1_k_decode_sam.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
- $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
- $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
- $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
- $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
- $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
- $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
- $(top_srcdir)/include/socket-utils.h asn1_decode.h \
- asn1_get.h asn1_k_decode.h asn1_k_decode_macros.h asn1_k_decode_sam.c \
- asn1_misc.h asn1buf.h krbasn1.h
asn1_encode.so asn1_encode.po $(OUTPRE)asn1_encode.$(OBJEXT): \
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
$(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
$(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
$(top_srcdir)/include/socket-utils.h asn1_encode.c \
- asn1_encode.h asn1_get.h asn1buf.h krbasn1.h
-asn1_get.so asn1_get.po $(OUTPRE)asn1_get.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
- $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
- $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
- $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
- $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
- $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
- $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
- $(top_srcdir)/include/socket-utils.h asn1_get.c asn1_get.h \
- asn1buf.h krbasn1.h
+ asn1_encode.h asn1buf.h krbasn1.h
asn1buf.so asn1buf.po $(OUTPRE)asn1buf.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
$(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
$(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
$(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
- asn1_get.h asn1buf.c asn1buf.h krbasn1.h
-krb5_decode.so krb5_decode.po $(OUTPRE)krb5_decode.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
- $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
- $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
- $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
- $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
- $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
- $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
- $(top_srcdir)/include/socket-utils.h asn1_decode.h \
- asn1_get.h asn1_k_decode.h asn1_misc.h asn1buf.h krb5_decode.c \
- krb5_decode_macros.h krbasn1.h
-krb5_decode_kdc.so krb5_decode_kdc.po $(OUTPRE)krb5_decode_kdc.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
- $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
- $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
- $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
- $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
- $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
- $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
- $(top_srcdir)/include/socket-utils.h asn1_decode.h \
- asn1_get.h asn1_k_decode.h asn1_misc.h asn1buf.h krb5_decode_kdc.c \
- krb5_decode_macros.h krbasn1.h
+ asn1buf.c asn1buf.h krbasn1.h
asn1_k_encode.so asn1_k_encode.po $(OUTPRE)asn1_k_encode.$(OBJEXT): \
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
$(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
$(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
$(top_srcdir)/include/socket-utils.h asn1_encode.h \
- asn1_get.h asn1_k_encode.c asn1buf.h krbasn1.h
+ asn1_k_encode.c asn1buf.h krbasn1.h
ldap_key_seq.so ldap_key_seq.po $(OUTPRE)ldap_key_seq.$(OBJEXT): \
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
$(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
$(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
$(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
- asn1_decode.h asn1_encode.h asn1_get.h asn1buf.h krbasn1.h \
- ldap_key_seq.c
-asn1_misc.so asn1_misc.po $(OUTPRE)asn1_misc.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
- $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
- $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
- $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
- $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
- $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
- $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
- $(top_srcdir)/include/socket-utils.h asn1_misc.c asn1_misc.h \
- krbasn1.h
+ asn1_encode.h asn1buf.h krbasn1.h ldap_key_seq.c
+++ /dev/null
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-/* lib/krb5/asn.1/krb5_decode.c */
-/*
- * Copyright 1994, 2008 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include "k5-int.h"
-#include "krbasn1.h"
-#include "asn1_k_decode.h"
-#include "asn1_decode.h"
-#include "asn1_get.h"
-#include "krb5_decode_macros.h"
-
-#if 0
-#ifndef LEAN_CLIENT
-krb5_error_code
-decode_krb5_authenticator(const krb5_data *code, krb5_authenticator **repptr)
-{
- setup(krb5_authenticator *);
- alloc_field(rep);
- clear_field(rep,subkey);
- clear_field(rep,checksum);
- clear_field(rep,client);
- clear_field(rep,authorization_data);
-
- check_apptag(2);
- { begin_structure();
- { krb5_kvno kvno;
- get_field(kvno,0,asn1_decode_kvno);
- if (kvno != KVNO) clean_return(KRB5KDC_ERR_BAD_PVNO); }
- alloc_principal(rep->client);
- get_field(rep->client,1,asn1_decode_realm);
- get_field(rep->client,2,asn1_decode_principal_name);
- opt_field(rep->checksum,3,asn1_decode_checksum_ptr);
- get_field(rep->cusec,4,asn1_decode_int32);
- get_field(rep->ctime,5,asn1_decode_kerberos_time);
- opt_field(rep->subkey,6,asn1_decode_encryption_key_ptr);
- opt_field(rep->seq_number,7,asn1_decode_seqnum);
- opt_field(rep->authorization_data,8,asn1_decode_authorization_data);
- rep->magic = KV5M_AUTHENTICATOR;
- end_structure();
- }
- cleanup_manual();
-error_out:
- krb5_free_authenticator(NULL, rep);
- return retval;
-}
-#endif
-
-krb5_error_code KRB5_CALLCONV
-krb5_decode_ticket(const krb5_data *code, krb5_ticket **repptr)
-{
- return decode_krb5_ticket(code, repptr);
-}
-
-krb5_error_code
-decode_krb5_ticket(const krb5_data *code, krb5_ticket **repptr)
-{
- setup(krb5_ticket *);
- alloc_field(rep);
- clear_field(rep,server);
- clear_field(rep,enc_part.ciphertext.data);
- clear_field(rep,enc_part2);
-
- check_apptag(1);
- { begin_structure();
- { krb5_kvno kvno;
- get_field(kvno,0,asn1_decode_kvno);
- if (kvno != KVNO) clean_return(KRB5KDC_ERR_BAD_PVNO);
- }
- alloc_principal(rep->server);
- get_field(rep->server,1,asn1_decode_realm);
- get_field(rep->server,2,asn1_decode_principal_name);
- get_field(rep->enc_part,3,asn1_decode_encrypted_data);
- rep->magic = KV5M_TICKET;
- end_structure();
- }
- cleanup_manual();
-error_out:
- krb5_free_ticket(NULL, rep);
- return retval;
-}
-
-krb5_error_code
-decode_krb5_encryption_key(const krb5_data *code, krb5_keyblock **repptr)
-{
- setup(krb5_keyblock *);
- alloc_field(rep);
- clear_field(rep,contents);
-
- { begin_structure();
- get_field(rep->enctype,0,asn1_decode_enctype);
- get_lenfield(rep->length,rep->contents,1,asn1_decode_octetstring);
- end_structure();
- rep->magic = KV5M_KEYBLOCK;
- }
- cleanup_manual();
-error_out:
- krb5_free_keyblock(NULL, rep);
- return retval;
-}
-
-krb5_error_code
-decode_krb5_enc_tkt_part(const krb5_data *code, krb5_enc_tkt_part **repptr)
-{
- setup(krb5_enc_tkt_part *);
- alloc_field(rep);
- clear_field(rep,session);
- clear_field(rep,client);
- clear_field(rep,transited.tr_contents.data);
- clear_field(rep,caddrs);
- clear_field(rep,authorization_data);
-
- check_apptag(3);
- { begin_structure();
- get_field(rep->flags,0,asn1_decode_ticket_flags);
- get_field(rep->session,1,asn1_decode_encryption_key_ptr);
- alloc_principal(rep->client);
- get_field(rep->client,2,asn1_decode_realm);
- get_field(rep->client,3,asn1_decode_principal_name);
- get_field(rep->transited,4,asn1_decode_transited_encoding);
- get_field(rep->times.authtime,5,asn1_decode_kerberos_time);
- if (tagnum == 6)
- { get_field(rep->times.starttime,6,asn1_decode_kerberos_time); }
- else
- rep->times.starttime=rep->times.authtime;
- get_field(rep->times.endtime,7,asn1_decode_kerberos_time);
- opt_field(rep->times.renew_till,8,asn1_decode_kerberos_time);
- opt_field(rep->caddrs,9,asn1_decode_host_addresses);
- opt_field(rep->authorization_data,10,asn1_decode_authorization_data);
- rep->magic = KV5M_ENC_TKT_PART;
- end_structure();
- }
- cleanup_manual();
-error_out:
- krb5_free_enc_tkt_part(NULL, rep);
- return retval;
-}
-
-krb5_error_code
-decode_krb5_enc_kdc_rep_part(const krb5_data *code,
- krb5_enc_kdc_rep_part **repptr)
-{
- taginfo t4;
- setup_buf_only(krb5_enc_kdc_rep_part *);
- alloc_field(rep);
-
- retval = asn1_get_tag_2(&buf, &t4);
- if (retval) clean_return(retval);
- if (t4.asn1class != APPLICATION || t4.construction != CONSTRUCTED) clean_return(ASN1_BAD_ID);
- if (t4.tagnum == 25) rep->msg_type = KRB5_AS_REP;
- else if (t4.tagnum == 26) rep->msg_type = KRB5_TGS_REP;
- else clean_return(KRB5_BADMSGTYPE);
-
- retval = asn1_decode_enc_kdc_rep_part(&buf,rep);
- if (retval) clean_return(retval);
-
- cleanup(free);
-}
-
-krb5_error_code
-decode_krb5_as_rep(const krb5_data *code, krb5_kdc_rep **repptr)
-{
- setup_no_length(krb5_kdc_rep *);
- alloc_field(rep);
- clear_field(rep,padata);
- clear_field(rep,client);
- clear_field(rep,ticket);
- clear_field(rep,enc_part.ciphertext.data);
- clear_field(rep,enc_part2);
-
- check_apptag(11);
- retval = asn1_decode_kdc_rep(&buf,rep);
- if (retval) clean_return(retval);
-#ifdef KRB5_MSGTYPE_STRICT
- if (rep->msg_type != KRB5_AS_REP)
- clean_return(KRB5_BADMSGTYPE);
-#endif
-
- cleanup_manual();
-error_out:
- krb5_free_kdc_rep(NULL, rep);
- return retval;
-}
-
-krb5_error_code
-decode_krb5_tgs_rep(const krb5_data *code, krb5_kdc_rep **repptr)
-{
- setup_no_length(krb5_kdc_rep *);
- alloc_field(rep);
- clear_field(rep,padata);
- clear_field(rep,client);
- clear_field(rep,ticket);
- clear_field(rep,enc_part.ciphertext.data);
- clear_field(rep,enc_part2);
-
- check_apptag(13);
- retval = asn1_decode_kdc_rep(&buf,rep);
- if (retval) clean_return(retval);
-#ifdef KRB5_MSGTYPE_STRICT
- if (rep->msg_type != KRB5_TGS_REP) clean_return(KRB5_BADMSGTYPE);
-#endif
-
- cleanup_manual();
-error_out:
- krb5_free_kdc_rep(NULL, rep);
- return retval;
-}
-
-krb5_error_code
-decode_krb5_ap_req(const krb5_data *code, krb5_ap_req **repptr)
-{
- setup(krb5_ap_req *);
- alloc_field(rep);
- clear_field(rep,ticket);
- clear_field(rep,authenticator.ciphertext.data);
-
- check_apptag(14);
- { begin_structure();
- { krb5_kvno kvno;
- get_field(kvno,0,asn1_decode_kvno);
- if (kvno != KVNO) clean_return(KRB5KDC_ERR_BAD_PVNO); }
- { krb5_msgtype msg_type;
- get_field(msg_type,1,asn1_decode_msgtype);
-#ifdef KRB5_MSGTYPE_STRICT
- if (msg_type != KRB5_AP_REQ) clean_return(KRB5_BADMSGTYPE);
-#endif
- }
- get_field(rep->ap_options,2,asn1_decode_ap_options);
- get_field(rep->ticket,3,asn1_decode_ticket_ptr);
- get_field(rep->authenticator,4,asn1_decode_encrypted_data);
- end_structure();
- rep->magic = KV5M_AP_REQ;
- }
- cleanup_manual();
-error_out:
- krb5_free_ap_req(NULL, rep);
- return retval;
-}
-
-krb5_error_code
-decode_krb5_ap_rep(const krb5_data *code, krb5_ap_rep **repptr)
-{
- setup(krb5_ap_rep *);
- alloc_field(rep);
- clear_field(rep,enc_part.ciphertext.data);
-
- check_apptag(15);
- { begin_structure();
- { krb5_kvno kvno;
- get_field(kvno,0,asn1_decode_kvno);
- if (kvno != KVNO) clean_return(KRB5KDC_ERR_BAD_PVNO); }
- { krb5_msgtype msg_type;
- get_field(msg_type,1,asn1_decode_msgtype);
-#ifdef KRB5_MSGTYPE_STRICT
- if (msg_type != KRB5_AP_REP) clean_return(KRB5_BADMSGTYPE);
-#endif
- }
- get_field(rep->enc_part,2,asn1_decode_encrypted_data);
- end_structure();
- rep->magic = KV5M_AP_REP;
- }
- cleanup_manual();
-error_out:
- krb5_free_ap_rep(NULL, rep);
- return retval;
-}
-
-krb5_error_code
-decode_krb5_ap_rep_enc_part(const krb5_data *code,
- krb5_ap_rep_enc_part **repptr)
-{
- setup(krb5_ap_rep_enc_part *);
- alloc_field(rep);
- clear_field(rep,subkey);
-
- check_apptag(27);
- { begin_structure();
- get_field(rep->ctime,0,asn1_decode_kerberos_time);
- get_field(rep->cusec,1,asn1_decode_int32);
- opt_field(rep->subkey,2,asn1_decode_encryption_key_ptr);
- opt_field(rep->seq_number,3,asn1_decode_seqnum);
- end_structure();
- rep->magic = KV5M_AP_REP_ENC_PART;
- }
- cleanup_manual();
-error_out:
- krb5_free_ap_rep_enc_part(NULL, rep);
- return retval;
-}
-
-/*
- * decode_krb5_safe_with_body
- *
- * Like decode_krb5_safe(), but grabs the encoding of the
- * KRB-SAFE-BODY as well, in case re-encoding would produce a
- * different encoding. (Yes, we're using DER, but there's this
- * annoying problem with pre-1.3.x code using signed sequence numbers,
- * which we permissively decode and cram into unsigned 32-bit numbers.
- * When they're re-encoded, they're no longer negative if they started
- * out negative, so checksum verification fails.)
- *
- * This does *not* perform any copying; the returned pointer to the
- * encoded KRB-SAFE-BODY points into the input buffer.
- */
-krb5_error_code
-decode_krb5_safe_with_body(const krb5_data *code, krb5_safe **repptr,
- krb5_data *body)
-{
- krb5_data tmpbody;
- setup(krb5_safe *);
- alloc_field(rep);
- clear_field(rep,user_data.data);
- clear_field(rep,r_address);
- clear_field(rep,s_address);
- clear_field(rep,checksum);
- tmpbody.magic = 0;
-
- check_apptag(20);
- { begin_structure();
- { krb5_kvno kvno;
- get_field(kvno,0,asn1_decode_kvno);
- if (kvno != KVNO) clean_return(KRB5KDC_ERR_BAD_PVNO); }
- { krb5_msgtype msg_type;
- get_field(msg_type,1,asn1_decode_msgtype);
-#ifdef KRB5_MSGTYPE_STRICT
- if (msg_type != KRB5_SAFE) clean_return(KRB5_BADMSGTYPE);
-#endif
- }
- /*
- * Gross kludge to extract pointer to encoded safe-body. Relies
- * on tag prefetch done by next_tag(). Don't handle indefinite
- * encoding, as it's too much work.
- */
- if (!indef) {
- tmpbody.length = taglen;
- tmpbody.data = subbuf.next;
- } else {
- tmpbody.length = 0;
- tmpbody.data = NULL;
- }
- get_field(*rep,2,asn1_decode_krb_safe_body);
- get_field(rep->checksum,3,asn1_decode_checksum_ptr);
- rep->magic = KV5M_SAFE;
- end_structure();
- }
- if (body != NULL)
- *body = tmpbody;
- cleanup_manual();
-error_out:
- krb5_free_safe(NULL, rep);
- return retval;
-}
-
-krb5_error_code
-decode_krb5_safe(const krb5_data *code, krb5_safe **repptr)
-{
- return decode_krb5_safe_with_body(code, repptr, NULL);
-}
-
-krb5_error_code
-decode_krb5_priv(const krb5_data *code, krb5_priv **repptr)
-{
- setup(krb5_priv *);
- alloc_field(rep);
- clear_field(rep,enc_part.ciphertext.data);
-
- check_apptag(21);
- { begin_structure();
- { krb5_kvno kvno;
- get_field(kvno,0,asn1_decode_kvno);
- if (kvno != KVNO) clean_return(KRB5KDC_ERR_BAD_PVNO); }
- { krb5_msgtype msg_type;
- get_field(msg_type,1,asn1_decode_msgtype);
-#ifdef KRB5_MSGTYPE_STRICT
- if (msg_type != KRB5_PRIV) clean_return(KRB5_BADMSGTYPE);
-#endif
- }
- get_field(rep->enc_part,3,asn1_decode_encrypted_data);
- rep->magic = KV5M_PRIV;
- end_structure();
- }
- cleanup_manual();
-error_out:
- krb5_free_priv(NULL, rep);
- return retval;
-}
-
-krb5_error_code
-decode_krb5_enc_priv_part(const krb5_data *code, krb5_priv_enc_part **repptr)
-{
- setup(krb5_priv_enc_part *);
- alloc_field(rep);
- clear_field(rep,user_data.data);
- clear_field(rep,r_address);
- clear_field(rep,s_address);
-
- check_apptag(28);
- { begin_structure();
- get_lenfield(rep->user_data.length,rep->user_data.data,0,asn1_decode_charstring);
- opt_field(rep->timestamp,1,asn1_decode_kerberos_time);
- opt_field(rep->usec,2,asn1_decode_int32);
- opt_field(rep->seq_number,3,asn1_decode_seqnum);
- get_field(rep->s_address,4,asn1_decode_host_address_ptr);
- opt_field(rep->r_address,5,asn1_decode_host_address_ptr);
- rep->magic = KV5M_PRIV_ENC_PART;
- end_structure();
- }
- cleanup_manual();
-error_out:
- krb5_free_priv_enc_part(NULL, rep);
- return retval;
-}
-
-krb5_error_code
-decode_krb5_checksum(const krb5_data *code, krb5_checksum **repptr)
-{
- setup_buf_only(krb5_checksum *);
- alloc_field(rep);
- retval = asn1_decode_checksum(&buf, rep);
- if (retval) clean_return(retval);
- cleanup(free);
-}
-
-krb5_error_code
-decode_krb5_cred(const krb5_data *code, krb5_cred **repptr)
-{
- setup(krb5_cred *);
- alloc_field(rep);
- clear_field(rep,tickets);
- clear_field(rep,enc_part.ciphertext.data);
-
- check_apptag(22);
- { begin_structure();
- { krb5_kvno kvno;
- get_field(kvno,0,asn1_decode_kvno);
- if (kvno != KVNO) clean_return(KRB5KDC_ERR_BAD_PVNO); }
- { krb5_msgtype msg_type;
- get_field(msg_type,1,asn1_decode_msgtype);
-#ifdef KRB5_MSGTYPE_STRICT
- if (msg_type != KRB5_CRED) clean_return(KRB5_BADMSGTYPE);
-#endif
- }
- get_field(rep->tickets,2,asn1_decode_sequence_of_ticket);
- get_field(rep->enc_part,3,asn1_decode_encrypted_data);
- rep->magic = KV5M_CRED;
- end_structure();
- }
- cleanup_manual();
-error_out:
- krb5_free_cred(NULL, rep);
- return retval;
-}
-
-krb5_error_code
-decode_krb5_enc_cred_part(const krb5_data *code, krb5_cred_enc_part **repptr)
-{
- setup(krb5_cred_enc_part *);
- alloc_field(rep);
- clear_field(rep,r_address);
- clear_field(rep,s_address);
- clear_field(rep,ticket_info);
-
- check_apptag(29);
- { begin_structure();
- get_field(rep->ticket_info,0,asn1_decode_sequence_of_krb_cred_info);
- opt_field(rep->nonce,1,asn1_decode_int32);
- opt_field(rep->timestamp,2,asn1_decode_kerberos_time);
- opt_field(rep->usec,3,asn1_decode_int32);
- opt_field(rep->s_address,4,asn1_decode_host_address_ptr);
- opt_field(rep->r_address,5,asn1_decode_host_address_ptr);
- rep->magic = KV5M_CRED_ENC_PART;
- end_structure();
- }
- cleanup_manual();
-error_out:
- /* Despite the name, krb5_free_cred_enc_part is contents only. */
- krb5_free_cred_enc_part(NULL, rep);
- free(rep);
- return retval;
-}
-
-
-krb5_error_code
-decode_krb5_error(const krb5_data *code, krb5_error **repptr)
-{
- setup(krb5_error *);
- alloc_field(rep);
- clear_field(rep,server);
- clear_field(rep,client);
- clear_field(rep,text.data);
- clear_field(rep,e_data.data);
-
- check_apptag(30);
- { begin_structure();
- { krb5_kvno kvno;
- get_field(kvno,0,asn1_decode_kvno);
- if (kvno != KVNO) clean_return(KRB5KDC_ERR_BAD_PVNO); }
- { krb5_msgtype msg_type;
- get_field(msg_type,1,asn1_decode_msgtype);
-#ifdef KRB5_MSGTYPE_STRICT
- if (msg_type != KRB5_ERROR) clean_return(KRB5_BADMSGTYPE);
-#endif
- }
- opt_field(rep->ctime,2,asn1_decode_kerberos_time);
- opt_field(rep->cusec,3,asn1_decode_int32);
- get_field(rep->stime,4,asn1_decode_kerberos_time);
- get_field(rep->susec,5,asn1_decode_int32);
- get_field(rep->error,6,asn1_decode_ui_4);
- if (tagnum == 7) { alloc_principal(rep->client); }
- opt_field(rep->client,7,asn1_decode_realm);
- opt_field(rep->client,8,asn1_decode_principal_name);
- alloc_principal(rep->server);
- get_field(rep->server,9,asn1_decode_realm);
- get_field(rep->server,10,asn1_decode_principal_name);
- opt_lenfield(rep->text.length,rep->text.data,11,asn1_decode_generalstring);
- opt_lenfield(rep->e_data.length,rep->e_data.data,12,asn1_decode_charstring);
- rep->magic = KV5M_ERROR;
- end_structure();
- }
- cleanup_manual();
-error_out:
- krb5_free_error(NULL, rep);
- return retval;
-}
-
-krb5_error_code
-decode_krb5_authdata(const krb5_data *code, krb5_authdata ***repptr)
-{
- setup_buf_only(krb5_authdata **);
- retval = asn1_decode_authorization_data(&buf,&rep);
- if (retval) clean_return(retval);
- cleanup_none(); /* we're not allocating anything here... */
-}
-
-krb5_error_code
-decode_krb5_padata_sequence(const krb5_data *code, krb5_pa_data ***repptr)
-{
- setup_buf_only(krb5_pa_data **);
- retval = asn1_decode_sequence_of_pa_data(&buf,&rep);
- if (retval) clean_return(retval);
- cleanup_none(); /* we're not allocating anything here */
-}
-
-krb5_error_code
-decode_krb5_etype_info(const krb5_data *code, krb5_etype_info_entry ***repptr)
-{
- setup_buf_only(krb5_etype_info_entry **);
- retval = asn1_decode_etype_info(&buf,&rep);
- if (retval) clean_return(retval);
- cleanup_none(); /* we're not allocating anything here */
-}
-
-krb5_error_code
-decode_krb5_etype_info2(const krb5_data *code, krb5_etype_info_entry ***repptr)
-{
- setup_buf_only(krb5_etype_info_entry **);
- retval = asn1_decode_etype_info2(&buf,&rep, 0);
- if (retval == ASN1_BAD_ID) {
- retval = asn1buf_wrap_data(&buf,code);
- if (retval) clean_return(retval);
- retval = asn1_decode_etype_info2(&buf, &rep, 1);
- }
- if (retval) clean_return(retval);
- cleanup_none(); /* we're not allocating anything here */
-}
-
-
-krb5_error_code
-decode_krb5_enc_data(const krb5_data *code, krb5_enc_data **repptr)
-{
- setup_buf_only(krb5_enc_data *);
- alloc_field(rep);
-
- retval = asn1_decode_encrypted_data(&buf,rep);
- if (retval) clean_return(retval);
-
- cleanup(free);
-}
-
-krb5_error_code
-decode_krb5_pa_enc_ts(const krb5_data *code, krb5_pa_enc_ts **repptr)
-{
- setup(krb5_pa_enc_ts *);
- alloc_field(rep);
- { begin_structure();
- get_field(rep->patimestamp,0,asn1_decode_kerberos_time);
- if (tagnum == 1) {
- get_field(rep->pausec,1,asn1_decode_int32);
- } else
- rep->pausec = 0;
- end_structure (); }
- cleanup(free);
-}
-
-krb5_error_code
-decode_krb5_sam_challenge_2(const krb5_data *code,
- krb5_sam_challenge_2 **repptr)
-{
- setup_buf_only(krb5_sam_challenge_2 *);
- alloc_field(rep);
-
- retval = asn1_decode_sam_challenge_2(&buf,rep);
- if (retval) clean_return(retval);
-
- cleanup(free);
-}
-
-krb5_error_code
-decode_krb5_sam_challenge_2_body(const krb5_data *code,
- krb5_sam_challenge_2_body **repptr)
-{
- setup_buf_only(krb5_sam_challenge_2_body *);
- alloc_field(rep);
-
- retval = asn1_decode_sam_challenge_2_body(&buf, rep);
- if (retval) clean_return(retval);
-
- cleanup(free);
-}
-
-krb5_error_code
-decode_krb5_enc_sam_response_enc_2(const krb5_data *code,
- krb5_enc_sam_response_enc_2 **repptr)
-{
- setup_buf_only(krb5_enc_sam_response_enc_2 *);
- alloc_field(rep);
-
- retval = asn1_decode_enc_sam_response_enc_2(&buf,rep);
- if (retval) clean_return(retval);
-
- cleanup(free);
-}
-
-krb5_error_code
-decode_krb5_sam_response_2(const krb5_data *code,
- krb5_sam_response_2 **repptr)
-{
- setup_buf_only(krb5_sam_response_2 *);
- alloc_field(rep);
-
- retval = asn1_decode_sam_response_2(&buf,rep);
- if (retval) clean_return(retval);
-
- cleanup(free);
-}
-
-krb5_error_code
-decode_krb5_setpw_req(const krb5_data *code, krb5_data **repptr,
- krb5_principal *principal)
-{
- setup_buf_only(krb5_data *);
- alloc_field(rep);
- *principal = NULL;
-
- retval = asn1_decode_setpw_req(&buf, rep, principal);
- if (retval) clean_return(retval);
-
- cleanup(free);
-}
-
-krb5_error_code
-decode_krb5_pa_for_user(const krb5_data *code, krb5_pa_for_user **repptr)
-{
- setup_buf_only(krb5_pa_for_user *);
- alloc_field(rep);
-
- retval = asn1_decode_pa_for_user(&buf, rep);
- if (retval) clean_return(retval);
-
- cleanup(free);
-}
-
-krb5_error_code
-decode_krb5_pa_s4u_x509_user(const krb5_data *code, krb5_pa_s4u_x509_user **repptr)
-{
- setup_buf_only(krb5_pa_s4u_x509_user *);
- alloc_field(rep);
-
- retval = asn1_decode_pa_s4u_x509_user(&buf, rep);
- if (retval) clean_return(retval);
-
- cleanup(free);
-}
-
-krb5_error_code
-decode_krb5_pa_pac_req(const krb5_data *code, krb5_pa_pac_req **repptr)
-{
- setup_buf_only(krb5_pa_pac_req *);
- alloc_field(rep);
-
- retval = asn1_decode_pa_pac_req(&buf, rep);
- if (retval) clean_return(retval);
-
- cleanup(free);
-}
-
-krb5_error_code
-decode_krb5_etype_list(const krb5_data *code, krb5_etype_list **repptr)
-{
- setup_buf_only(krb5_etype_list *);
- alloc_field(rep);
-
- retval = asn1_decode_sequence_of_enctype(&buf, &rep->length, &rep->etypes);
- if (retval) clean_return(retval);
-
- cleanup(free);
-}
-
-krb5_error_code
-decode_krb5_fast_response(const krb5_data *code, krb5_fast_response **repptr)
-{
- setup(krb5_fast_response *);
-
- alloc_field(rep);
- clear_field(rep, finished);
- clear_field(rep, padata);
- clear_field(rep,strengthen_key);
- {begin_structure();
- get_field(rep->padata, 0, asn1_decode_sequence_of_pa_data);
- opt_field(rep->strengthen_key, 1, asn1_decode_encryption_key_ptr);
- opt_field(rep->finished, 2, asn1_decode_fast_finished_ptr);
- get_field(rep->nonce, 3, asn1_decode_int32);
- end_structure(); }
- rep->magic = KV5M_FAST_RESPONSE;
- cleanup(free);
-}
-
-krb5_error_code
-decode_krb5_pa_fx_fast_reply(const krb5_data *code, krb5_enc_data **repptr)
-{
- setup(krb5_enc_data *);
- alloc_field(rep);
- {
- int indef KRB5_ATTR_UNUSED;
- unsigned int taglen KRB5_ATTR_UNUSED;
- next_tag_from_buf(buf);
- if (tagnum != 0)
- clean_return(ASN1_BAD_ID);
- }
- {begin_structure();
- get_field(*rep, 0, asn1_decode_encrypted_data);
- end_structure();
- }
-
- cleanup(free);
-}
-
-krb5_error_code
-decode_krb5_ad_kdcissued(const krb5_data *code, krb5_ad_kdcissued **repptr)
-{
- setup_buf_only(krb5_ad_kdcissued *);
- alloc_field(rep);
-
- retval = asn1_decode_ad_kdcissued(&buf, rep);
- if (retval) clean_return(retval);
-
- cleanup(free);
-}
-
-krb5_error_code
-decode_krb5_ad_signedpath(const krb5_data *code, krb5_ad_signedpath **repptr)
-{
- setup_buf_only(krb5_ad_signedpath *);
- alloc_field(rep);
-
- retval = asn1_decode_ad_signedpath(&buf, rep);
- if (retval) clean_return(retval);
-
- cleanup(free);
-}
-
-krb5_error_code
-decode_krb5_iakerb_header(const krb5_data *code, krb5_iakerb_header **repptr)
-{
- setup_buf_only(krb5_iakerb_header *);
- alloc_field(rep);
-
- retval = asn1_decode_iakerb_header(&buf, rep);
- if (retval) clean_return(retval);
-
- cleanup(free);
-}
-
-krb5_error_code
-decode_krb5_iakerb_finished(const krb5_data *code, krb5_iakerb_finished **repptr)
-{
- setup_buf_only(krb5_iakerb_finished *);
- alloc_field(rep);
-
- retval = asn1_decode_iakerb_finished(&buf, rep);
- if (retval) clean_return(retval);
-
- cleanup(free);
-}
-
-krb5_error_code KRB5_CALLCONV
-krb5int_get_authdata_containee_types(krb5_context context,
- const krb5_authdata *authdata,
- unsigned int *num,
- krb5_authdatatype **repptr)
-{
- krb5_data data, *code = &data;
-
- data.data = (char *)authdata->contents;
- data.length = authdata->length;
-
- *num = 0;
-
- {
- setup_buf_only(krb5_authdatatype *);
-
- retval = asn1_peek_authorization_data(&buf, num, &rep);
- if (retval) clean_return(retval);
-
- cleanup_none();
- }
- assert(0); /* NOTREACHED */
-}
-
-#ifndef DISABLE_PKINIT
-
-krb5_error_code
-decode_krb5_pa_pk_as_rep(const krb5_data *code, krb5_pa_pk_as_rep **repptr)
-{
- setup_buf_only(krb5_pa_pk_as_rep *);
- alloc_field(rep);
-
- retval = asn1_decode_pa_pk_as_rep(&buf, rep);
- if (retval) clean_return(retval);
-
- cleanup(free);
-}
-
-krb5_error_code
-decode_krb5_auth_pack(const krb5_data *code, krb5_auth_pack **repptr)
-{
- setup_buf_only(krb5_auth_pack *);
- alloc_field(rep);
-
- retval = asn1_decode_auth_pack(&buf, rep);
- if (retval) clean_return(retval);
-
- cleanup(free);
-}
-
-krb5_error_code
-decode_krb5_auth_pack_draft9(const krb5_data *code,
- krb5_auth_pack_draft9 **repptr)
-{
- setup_buf_only(krb5_auth_pack_draft9 *);
- alloc_field(rep);
-
- retval = asn1_decode_auth_pack_draft9(&buf, rep);
- if (retval) clean_return(retval);
-
- cleanup(free);
-}
-
-krb5_error_code
-decode_krb5_kdc_dh_key_info(const krb5_data *code,
- krb5_kdc_dh_key_info **repptr)
-{
- setup_buf_only(krb5_kdc_dh_key_info *);
- alloc_field(rep);
-
- retval = asn1_decode_kdc_dh_key_info(&buf, rep);
- if (retval) clean_return(retval);
-
- cleanup(free);
-}
-
-krb5_error_code
-decode_krb5_principal_name(const krb5_data *code, krb5_principal_data **repptr)
-{
- setup_buf_only(krb5_principal_data *);
- alloc_field(rep);
-
- retval = asn1_decode_krb5_principal_name(&buf, &rep);
- if (retval) clean_return(retval);
-
- cleanup(free);
-}
-
-krb5_error_code
-decode_krb5_reply_key_pack(const krb5_data *code, krb5_reply_key_pack **repptr)
-{
- setup_buf_only(krb5_reply_key_pack *);
- alloc_field(rep);
-
- retval = asn1_decode_reply_key_pack(&buf, rep);
- if (retval)
- goto error_out;
-
- cleanup(free);
-}
-
-krb5_error_code
-decode_krb5_reply_key_pack_draft9(const krb5_data *code,
- krb5_reply_key_pack_draft9 **repptr)
-{
- setup_buf_only(krb5_reply_key_pack_draft9 *);
- alloc_field(rep);
-
- retval = asn1_decode_reply_key_pack_draft9(&buf, rep);
- if (retval) clean_return(retval);
-
- cleanup(free);
-}
-
-krb5_error_code
-decode_krb5_td_trusted_certifiers(const krb5_data *code,
- krb5_external_principal_identifier ***repptr)
-{
- setup_buf_only(krb5_external_principal_identifier **);
- retval = asn1_decode_sequence_of_external_principal_identifier(&buf, &rep);
- if (retval) clean_return(retval);
-
- cleanup(free);
-}
-
-krb5_error_code
-decode_krb5_td_dh_parameters(const krb5_data *code,
- krb5_algorithm_identifier ***repptr)
-{
- setup_buf_only(krb5_algorithm_identifier **);
- retval = asn1_decode_sequence_of_algorithm_identifier(&buf, &rep);
- if (retval) clean_return(retval);
-
- cleanup(free);
-}
-#endif /* DISABLE_PKINIT */
-
-krb5_error_code
-decode_krb5_typed_data(const krb5_data *code, krb5_pa_data ***repptr)
-{
- setup_buf_only(krb5_pa_data **);
- retval = asn1_decode_sequence_of_typed_data(&buf, &rep);
- if (retval) clean_return(retval);
-
- cleanup(free);
-}
-#endif
+++ /dev/null
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-/* lib/krb5/asn.1/krb5_decode_kdc.c */
-/*
- * Copyright 1994, 2008. 2010 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include "k5-int.h"
-#include "krbasn1.h"
-#include "krb5_decode_macros.h"
-
-#if 0
-krb5_error_code
-decode_krb5_as_req(const krb5_data *code, krb5_kdc_req **repptr)
-{
- setup_no_length(krb5_kdc_req *);
- alloc_field(rep);
- clear_field(rep,padata);
- clear_field(rep,client);
- clear_field(rep,server);
- clear_field(rep,ktype);
- clear_field(rep,addresses);
- clear_field(rep,authorization_data.ciphertext.data);
- clear_field(rep,unenc_authdata);
- clear_field(rep,second_ticket);
-
- check_apptag(10);
- retval = asn1_decode_kdc_req(&buf,rep);
- if (retval) clean_return(retval);
-#ifdef KRB5_MSGTYPE_STRICT
- if (rep->msg_type != KRB5_AS_REQ) clean_return(KRB5_BADMSGTYPE);
-#endif
-
- cleanup_manual();
-error_out:
- krb5_free_kdc_req(NULL, rep);
- return retval;
-}
-
-krb5_error_code
-decode_krb5_tgs_req(const krb5_data *code, krb5_kdc_req **repptr)
-{
- setup_no_length(krb5_kdc_req *);
- alloc_field(rep);
- clear_field(rep,padata);
- clear_field(rep,client);
- clear_field(rep,server);
- clear_field(rep,ktype);
- clear_field(rep,addresses);
- clear_field(rep,authorization_data.ciphertext.data);
- clear_field(rep,unenc_authdata);
- clear_field(rep,second_ticket);
-
- check_apptag(12);
- retval = asn1_decode_kdc_req(&buf,rep);
- if (retval) clean_return(retval);
-#ifdef KRB5_MSGTYPE_STRICT
- if (rep->msg_type != KRB5_TGS_REQ) clean_return(KRB5_BADMSGTYPE);
-#endif
-
- cleanup_manual();
-error_out:
- krb5_free_kdc_req(NULL, rep);
- return retval;
-}
-
-krb5_error_code
-decode_krb5_kdc_req_body(const krb5_data *code, krb5_kdc_req **repptr)
-{
- setup_buf_only(krb5_kdc_req *);
- alloc_field(rep);
-
- retval = asn1_decode_kdc_req_body(&buf,rep);
- if (retval) clean_return(retval);
-
- cleanup(free);
-}
-
-krb5_error_code
-decode_krb5_fast_req(const krb5_data *code, krb5_fast_req **repptr)
-{
- setup(krb5_fast_req *);
- alloc_field(rep);
- alloc_field(rep->req_body);
- clear_field(rep, req_body->padata);
- {begin_structure();
- get_field(rep->fast_options, 0, asn1_decode_krb5_flags);
- opt_field(rep->req_body->padata, 1, asn1_decode_sequence_of_pa_data);
- get_field(*(rep->req_body), 2, asn1_decode_kdc_req_body);
- end_structure(); }
- rep->magic = KV5M_FAST_REQ;
- cleanup_manual();
-error_out:
- if (rep) {
- if (rep->req_body)
- krb5_free_kdc_req(0, rep->req_body);
- free(rep);
- }
- return retval;
-}
-
-krb5_error_code
-decode_krb5_pa_fx_fast_request(const krb5_data *code, krb5_fast_armored_req **repptr)
-{
- setup(krb5_fast_armored_req *);
- alloc_field(rep);
- clear_field(rep, armor);
- {
- int indef KRB5_ATTR_UNUSED;
- unsigned int taglen KRB5_ATTR_UNUSED;
- next_tag_from_buf(buf);
- if (tagnum != 0)
- clean_return(ASN1_BAD_ID);
- }
- {begin_structure();
- opt_field(rep->armor, 0, asn1_decode_fast_armor_ptr);
- get_field(rep->req_checksum, 1, asn1_decode_checksum);
- get_field(rep->enc_part, 2, asn1_decode_encrypted_data);
- end_structure();}
- rep->magic = KV5M_FAST_ARMORED_REQ;
- cleanup(free);
-}
-
-#ifndef DISABLE_PKINIT
-krb5_error_code
-decode_krb5_pa_pk_as_req(const krb5_data *code, krb5_pa_pk_as_req **repptr)
-{
- setup_buf_only(krb5_pa_pk_as_req *);
- alloc_field(rep);
-
- retval = asn1_decode_pa_pk_as_req(&buf, rep);
- if (retval) clean_return(retval);
-
- cleanup(free);
-}
-
-krb5_error_code
-decode_krb5_pa_pk_as_req_draft9(const krb5_data *code,
- krb5_pa_pk_as_req_draft9 **repptr)
-{
- setup_buf_only(krb5_pa_pk_as_req_draft9 *);
- alloc_field(rep);
-
- retval = asn1_decode_pa_pk_as_req_draft9(&buf, rep);
- if (retval) clean_return(retval);
-
- cleanup(free);
-}
-#endif /* DISABLE_PKINIT */
-#endif
+++ /dev/null
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-/* lib/krb5/asn.1/krb5_decode_macros.h */
-/*
- * Copyright 1994, 2008 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#ifndef KRB5_DECODE_MACROS_H
-#define KRB5_DECODE_MACROS_H
-
-#include "asn1_k_decode.h"
-#include "asn1_decode.h"
-#include "asn1_get.h"
-#include "asn1_misc.h"
-
-#if __GNUC__ >= 3
-#define KRB5_ATTR_UNUSED __attribute__((unused))
-#else
-#define KRB5_ATTR_UNUSED
-#endif
-
-/* setup *********************************************************/
-/* set up variables */
-/*
- * the setup* macros can return, but are always used at function start
- * and thus need no malloc cleanup
- */
-#define setup_buf_only(type) \
- asn1_error_code retval; \
- asn1buf buf; \
- type rep = NULL; \
- \
- *repptr = NULL; \
- retval = asn1buf_wrap_data(&buf,code); \
- if (retval) return retval
-
-#define setup_no_tagnum(type) \
- asn1_class asn1class KRB5_ATTR_UNUSED; \
- asn1_construction construction KRB5_ATTR_UNUSED; \
- setup_buf_only(type)
-
-#define setup_no_length(type) \
- asn1_tagnum tagnum KRB5_ATTR_UNUSED; \
- setup_no_tagnum(type)
-
-#define setup(type) \
- unsigned int length; \
- setup_no_length(type)
-
-/* helper macros for cleanup */
-#define clean_return(val) { retval = val; goto error_out; }
-
-/* alloc_field is the first thing to allocate storage that may need cleanup */
-#define alloc_field(var) \
- var = calloc(1,sizeof(*var)); \
- if ((var) == NULL) clean_return(ENOMEM)
-
-/*
- * Allocate a principal and initialize enough fields for
- * krb5_free_principal to have defined behavior.
- */
-#define alloc_principal(var) \
- alloc_field(var); \
- var->realm.data = NULL; \
- var->data = NULL
-
-/* process encoding header ***************************************/
-/* decode tag and check that it == [APPLICATION tagnum] */
-#define check_apptag(tagexpect) \
- { \
- taginfo t1; \
- retval = asn1_get_tag_2(&buf, &t1); \
- if (retval) clean_return (retval); \
- if (t1.asn1class != APPLICATION || t1.construction != CONSTRUCTED) \
- clean_return(ASN1_BAD_ID); \
- if (t1.tagnum != (tagexpect)) clean_return(KRB5_BADMSGTYPE); \
- asn1class = t1.asn1class; \
- construction = t1.construction; \
- tagnum = t1.tagnum; \
- }
-
-
-
-/* process a structure *******************************************/
-
-/* decode an explicit tag and place the number in tagnum */
-#define next_tag_from_buf(buf) \
- { taginfo t2; \
- retval = asn1_get_tag_2(&(buf), &t2); \
- if (retval) clean_return(retval); \
- asn1class = t2.asn1class; \
- construction = t2.construction; \
- tagnum = t2.tagnum; \
- indef = t2.indef; \
- taglen = t2.length; \
- }
-#define next_tag() next_tag_from_buf(subbuf)
-
-
-static asn1_error_code
-asn1_get_eoc_tag (asn1buf *buf)
-{
- asn1_error_code retval;
- taginfo t;
-
- retval = asn1_get_tag_2(buf, &t);
- if (retval)
- return retval;
- if (t.asn1class != UNIVERSAL || t.tagnum || t.indef)
- return ASN1_MISSING_EOC;
- return 0;
-}
-
-#define get_eoc() \
- { \
- retval = asn1_get_eoc_tag(&subbuf); \
- if (retval) clean_return(retval); \
- }
-
-/* decode sequence header and initialize tagnum with the first field */
-#define begin_structure() \
- unsigned int taglen KRB5_ATTR_UNUSED; \
- asn1buf subbuf; \
- int seqindef; \
- int indef; \
- retval = asn1_get_sequence(&buf,&length,&seqindef); \
- if (retval) clean_return(retval); \
- retval = asn1buf_imbed(&subbuf,&buf,length,seqindef); \
- if (retval) clean_return(retval); \
- next_tag()
-
-#define end_structure() \
- retval = asn1buf_sync(&buf,&subbuf,asn1class, \
- tagnum,length,indef,seqindef); \
- if (retval) clean_return(retval)
-
-/* process fields *******************************************/
-/* normal fields ************************/
-#define get_field_body(var,decoder) \
- retval = decoder(&subbuf,&(var)); \
- if (retval) clean_return(retval); \
- if (indef) { get_eoc(); } \
- next_tag()
-
-/*
- * error_if_bad_tag
- *
- * Checks that the next tag is the expected one; returns with an error
- * if not.
- */
-#define error_if_bad_tag(tagexpect) \
- if (tagnum != (tagexpect)) { clean_return ((tagnum < (tagexpect)) ? ASN1_MISPLACED_FIELD : ASN1_MISSING_FIELD); }
-
-/*
- * decode a field (<[UNIVERSAL id]> <length> <contents>)
- * check that the id number == tagexpect then
- * decode into var
- * get the next tag
- */
-#define get_field(var,tagexpect,decoder) \
- error_if_bad_tag(tagexpect); \
- if (asn1class != CONTEXT_SPECIFIC || construction != CONSTRUCTED) \
- clean_return(ASN1_BAD_ID); \
- get_field_body(var,decoder)
-
-/* decode (or skip, if not present) an optional field */
-#define opt_field(var,tagexpect,decoder) \
- if (asn1buf_remains(&subbuf, seqindef)) { \
- if (asn1class != CONTEXT_SPECIFIC || construction != CONSTRUCTED) \
- clean_return(ASN1_BAD_ID); \
- if (tagnum == (tagexpect)) { \
- get_field_body(var,decoder); \
- } \
- }
-
-/* field w/ accompanying length *********/
-#define get_lenfield_body(len,var,decoder) \
- retval = decoder(&subbuf,&(len),&(var)); \
- if (retval) clean_return(retval); \
- if (indef) { get_eoc(); } \
- next_tag()
-
-/* decode a field w/ its length (for string types) */
-#define get_lenfield(len,var,tagexpect,decoder) \
- error_if_bad_tag(tagexpect); \
- if (asn1class != CONTEXT_SPECIFIC || construction != CONSTRUCTED) \
- clean_return(ASN1_BAD_ID); \
- get_lenfield_body(len,var,decoder)
-
-/* decode an optional field w/ length */
-#define opt_lenfield(len,var,tagexpect,decoder) \
- if (asn1buf_remains(&subbuf, seqindef)) { \
- if (asn1class != CONTEXT_SPECIFIC || construction != CONSTRUCTED) \
- clean_return(ASN1_BAD_ID); \
- if (tagnum == (tagexpect)) { \
- get_lenfield_body(len,var,decoder); \
- } \
- }
-
-
-/* clean up ******************************************************/
-/* finish up */
-/* to make things less painful, assume the cleanup is passed rep */
-#define cleanup(cleanup_routine) \
- *repptr = rep; \
- return 0; \
-error_out: \
-if (rep) \
- cleanup_routine(rep); \
-return retval;
-
-#define cleanup_none() \
- *repptr = rep; \
- return 0; \
-error_out: \
-return retval;
-
-#define cleanup_manual() \
- *repptr = rep; \
- return 0;
-
-#define free_field(rep,f) free((rep)->f)
-#define clear_field(rep,f) (rep)->f = 0
-
-#endif
#include "krbasn1.h"
#include "asn1_encode.h"
-#include "asn1_decode.h"
-#include "asn1_get.h"
#ifdef ENABLE_LDAP
MAKE_ENCODER(krb5int_ldap_encode_sequence_of_keys, ldap_key_seq);
MAKE_DECODER(krb5int_ldap_decode_sequence_of_keys, ldap_key_seq);
-#if 0
-/************************************************************************/
-/* Decode the Principal's keys */
-/************************************************************************/
-
-#define cleanup(err) \
- { \
- ret = err; \
- goto last; \
- }
-
-#define checkerr \
- if (ret != 0) \
- goto last
-
-#define safe_syncbuf(outer,inner,buflen) \
- if (! ((inner)->next == (inner)->bound + 1 && \
- (inner)->next == (outer)->next + buflen)) \
- cleanup (ASN1_BAD_LENGTH); \
- asn1buf_sync((outer), (inner), 0, 0, 0, 0, 0);
-
-static asn1_error_code
-decode_tagged_integer (asn1buf *buf, asn1_tagnum expectedtag, long *val)
-{
- int buflen;
- asn1_error_code ret = 0;
- asn1buf tmp, subbuf;
- taginfo t;
-
- /* Work on a copy of 'buf' */
- ret = asn1buf_imbed(&tmp, buf, 0, 1); checkerr;
- ret = asn1_get_tag_2(&tmp, &t); checkerr;
- if (t.tagnum != expectedtag)
- cleanup (ASN1_MISSING_FIELD);
-
- buflen = t.length;
- ret = asn1buf_imbed(&subbuf, &tmp, t.length, 0); checkerr;
- ret = asn1_decode_integer(&subbuf, val); checkerr;
-
- safe_syncbuf(&tmp, &subbuf, buflen);
- *buf = tmp;
-
-last:
- return ret;
-}
-
-#if 0 /* not currently used */
-static asn1_error_code
-decode_tagged_unsigned_integer (asn1buf *buf, int expectedtag, unsigned long *val)
-{
- int buflen;
- asn1_error_code ret = 0;
- asn1buf tmp, subbuf;
- taginfo t;
-
- /* Work on a copy of 'buf' */
- ret = asn1buf_imbed(&tmp, buf, 0, 1); checkerr;
- ret = asn1_get_tag_2(&tmp, &t); checkerr;
- if (t.tagnum != expectedtag)
- cleanup (ASN1_MISSING_FIELD);
-
- buflen = t.length;
- ret = asn1buf_imbed(&subbuf, &tmp, t.length, 0); checkerr;
- ret = asn1_decode_unsigned_integer(&subbuf, val); checkerr;
-
- safe_syncbuf(&tmp, &subbuf, buflen);
- *buf = tmp;
-
-last:
- return ret;
-}
-#endif
-
-static asn1_error_code
-decode_tagged_octetstring (asn1buf *buf, asn1_tagnum expectedtag,
- unsigned int *len,
- asn1_octet **val)
-{
- int buflen;
- asn1_error_code ret = 0;
- asn1buf tmp, subbuf;
- taginfo t;
-
- *val = NULL;
-
- /* Work on a copy of 'buf' */
- ret = asn1buf_imbed(&tmp, buf, 0, 1); checkerr;
- ret = asn1_get_tag_2(&tmp, &t); checkerr;
- if (t.tagnum != expectedtag)
- cleanup (ASN1_MISSING_FIELD);
-
- buflen = t.length;
- ret = asn1buf_imbed(&subbuf, &tmp, t.length, 0); checkerr;
- ret = asn1_decode_octetstring (&subbuf, len, val); checkerr;
-
- safe_syncbuf(&tmp, &subbuf, buflen);
- *buf = tmp;
-
-last:
- if (ret != 0)
- free (*val);
- return ret;
-}
-
-static asn1_error_code
-asn1_decode_key(asn1buf *buf, krb5_key_data *key)
-{
- int full_buflen, seqindef;
- unsigned int length;
- asn1_error_code ret;
- asn1buf subbuf;
- taginfo t;
-
- key->key_data_contents[0] = NULL;
- key->key_data_contents[1] = NULL;
-
- ret = asn1_get_sequence(buf, &length, &seqindef); checkerr;
- full_buflen = length;
- ret = asn1buf_imbed(&subbuf, buf, length, seqindef); checkerr;
-
- asn1_get_tag_2(&subbuf, &t);
- /* Salt */
- if (t.tagnum == 0) {
- int salt_buflen;
- asn1buf slt;
- long keytype;
- unsigned int keylen;
-
- key->key_data_ver = 2;
- asn1_get_sequence(&subbuf, &length, &seqindef);
- salt_buflen = length;
- asn1buf_imbed(&slt, &subbuf, length, seqindef);
-
- ret = decode_tagged_integer (&slt, 0, &keytype);
- key->key_data_type[1] = keytype; /* XXX range check?? */
- checkerr;
-
- if (asn1buf_remains(&slt, 0) != 0) { /* Salt value is optional */
- ret = decode_tagged_octetstring (&slt, 1, &keylen,
- &key->key_data_contents[1]);
- checkerr;
- } else
- keylen = 0;
- safe_syncbuf (&subbuf, &slt, salt_buflen);
- key->key_data_length[1] = keylen; /* XXX range check?? */
-
- ret = asn1_get_tag_2(&subbuf, &t); checkerr;
- } else
- key->key_data_ver = 1;
-
- /* Key */
- {
- int key_buflen;
- asn1buf kbuf;
- long lval;
- unsigned int ival;
-
- if (t.tagnum != 1)
- cleanup (ASN1_MISSING_FIELD);
-
- ret = asn1_get_sequence(&subbuf, &length, &seqindef); checkerr;
- key_buflen = length;
- ret = asn1buf_imbed(&kbuf, &subbuf, length, seqindef); checkerr;
-
- ret = decode_tagged_integer (&kbuf, 0, &lval);
- checkerr;
- key->key_data_type[0] = lval; /* XXX range check? */
-
- ret = decode_tagged_octetstring (&kbuf, 1, &ival,
- &key->key_data_contents[0]); checkerr;
- key->key_data_length[0] = ival; /* XXX range check? */
-
- safe_syncbuf (&subbuf, &kbuf, key_buflen);
- }
-
- safe_syncbuf (buf, &subbuf, full_buflen);
-
-last:
- if (ret != 0) {
- free (key->key_data_contents[0]);
- key->key_data_contents[0] = NULL;
- free (key->key_data_contents[1]);
- key->key_data_contents[1] = NULL;
- }
- return ret;
-}
-
-krb5_error_code
-krb5int_ldap_decode_sequence_of_keys (krb5_data *in, ldap_seqof_key_data **rep)
-{
- ldap_seqof_key_data *repval;
- krb5_key_data **out;
- krb5_int16 *n_key_data;
- int *mkvno;
-
- asn1_error_code ret;
- asn1buf buf, subbuf;
- int seqindef;
- unsigned int length;
- taginfo t;
- int kvno, maj, min;
- long lval;
-
- repval = calloc(1,sizeof(ldap_seqof_key_data));
- *rep = repval;
- out = &repval->key_data;
- n_key_data = &repval->n_key_data;
- mkvno = &repval->mkvno;
-
- *n_key_data = 0;
- *out = NULL;
-
- ret = asn1buf_wrap_data(&buf, in); checkerr;
-
- ret = asn1_get_sequence(&buf, &length, &seqindef); checkerr;
- ret = asn1buf_imbed(&subbuf, &buf, length, seqindef); checkerr;
-
- /* attribute-major-vno */
- ret = decode_tagged_integer (&subbuf, 0, &lval); checkerr;
- maj = lval; /* XXX range check? */
-
- /* attribute-minor-vno */
- ret = decode_tagged_integer (&subbuf, 1, &lval); checkerr;
- min = lval; /* XXX range check? */
-
- if (maj != 1 || min != 1)
- cleanup (ASN1_BAD_FORMAT);
-
- /* kvno (assuming all keys in array have same version) */
- ret = decode_tagged_integer (&subbuf, 2, &lval); checkerr;
- kvno = lval; /* XXX range check? */
-
- /* mkvno (optional) */
- ret = decode_tagged_integer (&subbuf, 3, &lval); checkerr;
- *mkvno = lval; /* XXX range check? */
-
- ret = asn1_get_tag_2(&subbuf, &t); checkerr;
-
- /* Sequence of keys */
- {
- int i, seq_buflen;
- asn1buf keyseq;
- if (t.tagnum != 4)
- cleanup (ASN1_MISSING_FIELD);
- ret = asn1_get_sequence(&subbuf, &length, &seqindef); checkerr;
- seq_buflen = length;
- ret = asn1buf_imbed(&keyseq, &subbuf, length, seqindef); checkerr;
- for (i = 1, *out = NULL; ; i++) {
- krb5_key_data *tmp;
- tmp = (krb5_key_data *) realloc (*out, i * sizeof (krb5_key_data));
- if (tmp == NULL)
- cleanup (ENOMEM);
- *out = tmp;
- (*out)[i - 1].key_data_kvno = kvno;
- ret = asn1_decode_key(&keyseq, &(*out)[i - 1]); checkerr;
- (*n_key_data)++;
- if (asn1buf_remains(&keyseq, 0) == 0)
- break; /* Not freeing the last key structure */
- }
- safe_syncbuf (&subbuf, &keyseq, seq_buflen);
- }
-
- /*
- * There could be other data inside the outermost sequence ... tags we don't
- * know about. So, not invoking "safe_syncbuf(&buf,&subbuf)"
- */
-
-last:
- if (ret != 0) {
- int i;
- for (i = 0; i < *n_key_data; i++) {
- free ((*out)[i].key_data_contents[0]);
- free ((*out)[i].key_data_contents[1]);
- }
- free (*out);
- *out = NULL;
- }
-
- return ret;
-}
-#endif
#endif
projects / krb5.git / commitdiff