From: Greg Hudson Date: Sun, 12 Feb 2012 06:00:24 +0000 (+0000) Subject: Remove unneeded ASN.1 code X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=d975d7caeb063e1410ca9551b81a820bb9b65a4d;p=krb5.git Remove unneeded ASN.1 code Get rid of a whole bunch of ASN.1 decoder infrastructure now that we're using the data-driven decoder for everything. Define taginfo in asn1_encode.h since asn1_get.h is going away. Rewrite split_der() to use get_tag() since it still had an unintended dependency on the previous generation of decoder infrastructure. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25695 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/lib/krb5/asn.1/Makefile.in b/src/lib/krb5/asn.1/Makefile.in index 223a00f64..f55c5be17 100644 --- a/src/lib/krb5/asn.1/Makefile.in +++ b/src/lib/krb5/asn.1/Makefile.in @@ -9,46 +9,21 @@ DEFS= EHDRDIR=$(BUILDTOP)/include/krb5/asn.1 STLIBOBJS= \ - asn1_decode.o\ - asn1_k_decode.o\ - asn1_k_decode_fast.o\ - asn1_k_decode_kdc.o\ - asn1_k_decode_sam.o\ asn1_encode.o\ - asn1_get.o\ asn1buf.o\ - krb5_decode.o\ - krb5_decode_kdc.o\ asn1_k_encode.o\ ldap_key_seq.o\ asn1_misc.o SRCS= \ - $(srcdir)/asn1_decode.c\ - $(srcdir)/asn1_k_decode.c\ - $(srcdir)/asn1_k_decode_fast.c\ - $(srcdir)/asn1_k_decode_kdc.c\ - $(srcdir)/asn1_k_decode_sam.c\ $(srcdir)/asn1_encode.c\ - $(srcdir)/asn1_get.c\ $(srcdir)/asn1buf.c\ - $(srcdir)/krb5_decode.c\ - $(srcdir)/krb5_decode_kdc.c\ $(srcdir)/asn1_k_encode.c\ - $(srcdir)/ldap_key_seq.c\ - $(srcdir)/asn1_misc.c + $(srcdir)/ldap_key_seq.c OBJS= \ - $(OUTPRE)asn1_decode.$(OBJEXT)\ - $(OUTPRE)asn1_k_decode.$(OBJEXT)\ - $(OUTPRE)asn1_k_decode_fast.$(OBJEXT)\ - $(OUTPRE)asn1_k_decode_kdc.$(OBJEXT)\ - $(OUTPRE)asn1_k_decode_sam.$(OBJEXT)\ $(OUTPRE)asn1_encode.$(OBJEXT)\ - $(OUTPRE)asn1_get.$(OBJEXT)\ $(OUTPRE)asn1buf.$(OBJEXT)\ - $(OUTPRE)krb5_decode.$(OBJEXT)\ - $(OUTPRE)krb5_decode_kdc.$(OBJEXT)\ $(OUTPRE)asn1_k_encode.$(OBJEXT)\ $(OUTPRE)ldap_key_seq.$(OBJEXT)\ $(OUTPRE)asn1_misc.$(OBJEXT) diff --git a/src/lib/krb5/asn.1/asn1_decode.c b/src/lib/krb5/asn.1/asn1_decode.c deleted file mode 100644 index 1ded579b8..000000000 --- a/src/lib/krb5/asn.1/asn1_decode.c +++ /dev/null @@ -1,314 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* lib/krb5/asn.1/asn1_decode.c */ -/* - * Copyright 1994, 2003 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -/* ASN.1 primitive decoders */ -#include "k5-int.h" /* for krb5int_gmt_mktime */ -#include "asn1_decode.h" -#include "asn1_get.h" -#include -#ifdef HAVE_SYS_TIME_H -#include -#ifdef TIME_WITH_SYS_TIME -#include -#endif -#else -#include -#endif - -#define setup() \ - asn1_error_code retval; \ - taginfo tinfo - -#define asn1class (tinfo.asn1class) -#define construction (tinfo.construction) -#define tagnum (tinfo.tagnum) -#define length (tinfo.length) - -#define tag(type) \ - retval = asn1_get_tag_2(buf,&tinfo); \ - if (retval) return retval; \ - if (asn1class != UNIVERSAL || construction != PRIMITIVE || tagnum != type) \ - return ASN1_BAD_ID - -#define cleanup() \ - return 0 - -asn1_error_code -asn1_decode_integer(asn1buf *buf, long int *val) -{ - setup(); - asn1_octet o; - long n = 0; /* initialize to keep gcc happy */ - unsigned int i; - - tag(ASN1_INTEGER); - - for (i = 0; i < length; i++) { - retval = asn1buf_remove_octet(buf, &o); - if (retval) return retval; - if (!i) { - n = (0x80 & o) ? -1 : 0; /* grab sign bit */ - if (n < 0 && length > sizeof (long)) - return ASN1_OVERFLOW; - else if (length > sizeof (long) + 1) /* allow extra octet for positive */ - return ASN1_OVERFLOW; - } - n = (n << 8) | o; - } - *val = n; - cleanup(); -} - -asn1_error_code -asn1_decode_unsigned_integer(asn1buf *buf, long unsigned int *val) -{ - setup(); - asn1_octet o; - unsigned long n; - unsigned int i; - - tag(ASN1_INTEGER); - - for (i = 0, n = 0; i < length; i++) { - retval = asn1buf_remove_octet(buf, &o); - if (retval) return retval; - if (!i) { - if (0x80 & o) - return ASN1_OVERFLOW; - else if (length > sizeof (long) + 1) - return ASN1_OVERFLOW; - } - n = (n << 8) | o; - } - *val = n; - cleanup(); -} - -/* - * asn1_decode_maybe_unsigned - * - * This is needed because older releases of MIT krb5 have signed - * sequence numbers. We want to accept both signed and unsigned - * sequence numbers, in the range -2^31..2^32-1, mapping negative - * numbers into their positive equivalents in the same way that C's - * normal integer conversions do, i.e., would preserve bits on a - * two's-complement architecture. - */ -asn1_error_code -asn1_decode_maybe_unsigned(asn1buf *buf, unsigned long *val) -{ - setup(); - asn1_octet o; - unsigned long n, bitsremain; - unsigned int i; - - tag(ASN1_INTEGER); - o = 0; - n = 0; - bitsremain = ~0UL; - for (i = 0; i < length; i++) { - /* Accounts for u_long width not being a multiple of 8. */ - if (bitsremain < 0xff) return ASN1_OVERFLOW; - retval = asn1buf_remove_octet(buf, &o); - if (retval) return retval; - if (bitsremain == ~0UL) { - if (i == 0) - n = (o & 0x80) ? ~0UL : 0UL; /* grab sign bit */ - /* - * Skip leading zero or 0xFF octets to humor non-compliant encoders. - */ - if (n == 0 && o == 0) - continue; - if (n == ~0UL && o == 0xff) - continue; - } - n = (n << 8) | o; - bitsremain >>= 8; - } - *val = n; - cleanup(); -} - -asn1_error_code -asn1_decode_oid(asn1buf *buf, unsigned int *retlen, char **val) -{ - setup(); - tag(ASN1_OBJECTIDENTIFIER); - retval = asn1buf_remove_charstring(buf, length, val); - if (retval) return retval; - *retlen = length; - cleanup(); -} - -asn1_error_code -asn1_decode_octetstring(asn1buf *buf, unsigned int *retlen, asn1_octet **val) -{ - setup(); - tag(ASN1_OCTETSTRING); - retval = asn1buf_remove_octetstring(buf,length,val); - if (retval) return retval; - *retlen = length; - cleanup(); -} - -asn1_error_code -asn1_decode_charstring(asn1buf *buf, unsigned int *retlen, char **val) -{ - setup(); - tag(ASN1_OCTETSTRING); - retval = asn1buf_remove_charstring(buf,length,val); - if (retval) return retval; - *retlen = length; - cleanup(); -} - - -asn1_error_code -asn1_decode_generalstring(asn1buf *buf, unsigned int *retlen, char **val) -{ - setup(); - tag(ASN1_GENERALSTRING); - retval = asn1buf_remove_charstring(buf,length,val); - if (retval) return retval; - *retlen = length; - cleanup(); -} - -asn1_error_code -asn1_decode_bitstring(asn1buf *buf, unsigned int *retlen, char **val) -{ - setup(); - asn1_octet unused; - - tag(ASN1_BITSTRING); - - /* Get the number of unused bits in the last byte (0-7). */ - retval = asn1buf_remove_octet(buf, &unused); - if (retval) - return retval; - if (unused > 7) - return ASN1_BAD_FORMAT; - - retval = asn1buf_remove_charstring(buf, length - 1, val); - if (retval) - return retval; - - /* Mask out unused bits (unnecessary for correct DER, but be safe). */ - if (length > 1) - (*val)[length - 2] &= (0xff << unused); - - *retlen = length - 1; - return 0; -} - -asn1_error_code -asn1_decode_null(asn1buf *buf) -{ - setup(); - tag(ASN1_NULL); - if (length != 0) return ASN1_BAD_LENGTH; - cleanup(); -} - -asn1_error_code -asn1_decode_printablestring(asn1buf *buf, int *retlen, char **val) -{ - setup(); - tag(ASN1_PRINTABLESTRING); - retval = asn1buf_remove_charstring(buf,length,val); - if (retval) return retval; - *retlen = length; - cleanup(); -} - -asn1_error_code -asn1_decode_ia5string(asn1buf *buf, int *retlen, char **val) -{ - setup(); - tag(ASN1_IA5STRING); - retval = asn1buf_remove_charstring(buf,length,val); - if (retval) return retval; - *retlen = length; - cleanup(); -} - -asn1_error_code -asn1_decode_generaltime(asn1buf *buf, time_t *val) -{ - setup(); - char *s; - struct tm ts; - time_t t; - - tag(ASN1_GENERALTIME); - - if (length != 15) return ASN1_BAD_LENGTH; - retval = asn1buf_remove_charstring(buf,15,&s); - if (retval) return retval; - /* Time encoding: YYYYMMDDhhmmssZ */ - if (s[14] != 'Z') { - free(s); - return ASN1_BAD_FORMAT; - } - if (s[0] == '1' && !memcmp("19700101000000Z", s, 15)) { - t = 0; - free(s); - goto done; - } -#define c2i(c) ((c)-'0') - ts.tm_year = 1000*c2i(s[0]) + 100*c2i(s[1]) + 10*c2i(s[2]) + c2i(s[3]) - - 1900; - ts.tm_mon = 10*c2i(s[4]) + c2i(s[5]) - 1; - ts.tm_mday = 10*c2i(s[6]) + c2i(s[7]); - ts.tm_hour = 10*c2i(s[8]) + c2i(s[9]); - ts.tm_min = 10*c2i(s[10]) + c2i(s[11]); - ts.tm_sec = 10*c2i(s[12]) + c2i(s[13]); - ts.tm_isdst = -1; - t = krb5int_gmt_mktime(&ts); - free(s); - - if (t == -1) return ASN1_BAD_TIMEFORMAT; - -done: - *val = t; - cleanup(); -} - -asn1_error_code -asn1_decode_boolean(asn1buf *buf, unsigned *val) -{ - setup(); - asn1_octet bval; - - tag(ASN1_BOOLEAN); - - retval = asn1buf_remove_octet(buf, &bval); - if (retval) return retval; - - *val = (bval != 0x00); - - cleanup(); -} diff --git a/src/lib/krb5/asn.1/asn1_decode.h b/src/lib/krb5/asn.1/asn1_decode.h deleted file mode 100644 index 7573b4fb7..000000000 --- a/src/lib/krb5/asn.1/asn1_decode.h +++ /dev/null @@ -1,94 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* lib/krb5/asn.1/asn1_decode.h */ -/* - * Copyright 1994 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#ifndef __ASN1_DECODE_H__ -#define __ASN1_DECODE_H__ - -#include "k5-int.h" -#include "krbasn1.h" -#include "asn1buf.h" - -/* - * Overview - * - * These procedures take an asn1buf whose current position points - * to the beginning of an ASN.1 primitive (). - * The primitive is removed from the buffer and decoded. - * - * Operations - * - * asn1_decode_integer - * asn1_decode_unsigned_integer - * asn1_decode_octetstring - * asn1_decode_charstring - * asn1_decode_generalstring - * asn1_decode_bitstring - * asn1_decode_null - * asn1_decode_printablestring - * asn1_decode_ia5string - * asn1_decode_generaltime - */ - -/* asn1_error_code asn1_decode_type(asn1buf *buf, ctype *val); */ -/* - * requires *buf is allocated - * modifies *buf, *len - * effects Decodes the octet string in *buf into *val. - * Returns ENOMEM if memory is exhausted. - * Returns asn1 errors. - */ - -asn1_error_code asn1_decode_boolean(asn1buf *buf, unsigned int *val); -asn1_error_code asn1_decode_integer(asn1buf *buf, long *val); -asn1_error_code asn1_decode_unsigned_integer(asn1buf *buf, unsigned long *val); -asn1_error_code asn1_decode_maybe_unsigned(asn1buf *buf, unsigned long *val); -asn1_error_code asn1_decode_null(asn1buf *buf); - -asn1_error_code asn1_decode_oid(asn1buf *buf, unsigned int *retlen, - char **val); -asn1_error_code asn1_decode_octetstring(asn1buf *buf, unsigned int *retlen, - asn1_octet **val); -asn1_error_code asn1_decode_generalstring(asn1buf *buf, unsigned int *retlen, - char **val); -asn1_error_code asn1_decode_bitstring(asn1buf *buf, unsigned int *retlen, - char **val); -asn1_error_code asn1_decode_charstring(asn1buf *buf, unsigned int *retlen, - char **val); -/* - * Note: A charstring is a special hack to account for the fact that - * krb5 structures store some OCTET STRING values in krb5_octet - * arrays and others in krb5_data structures - * (which use char arrays). - * From the ASN.1 point of view, the two string types are the same, - * only the receptacles differ. - */ -asn1_error_code asn1_decode_printablestring(asn1buf *buf, int *retlen, - char **val); -asn1_error_code asn1_decode_ia5string(asn1buf *buf, int *retlen, char **val); - -asn1_error_code asn1_decode_generaltime(asn1buf *buf, time_t *val); - -#endif diff --git a/src/lib/krb5/asn.1/asn1_encode.c b/src/lib/krb5/asn.1/asn1_encode.c index 62ca9c015..ef201a99e 100644 --- a/src/lib/krb5/asn.1/asn1_encode.c +++ b/src/lib/krb5/asn.1/asn1_encode.c @@ -646,20 +646,17 @@ static asn1_error_code split_der(asn1buf *buf, unsigned char *const *der, size_t len, taginfo *tag_out) { - asn1buf der_buf; - krb5_data der_data = make_data(*der, len); asn1_error_code ret; + const unsigned char *contents, *remainder; + size_t clen, rlen; - ret = asn1buf_wrap_data(&der_buf, &der_data); + ret = get_tag(*der, len, tag_out, &contents, &clen, &remainder, &rlen); if (ret) return ret; - ret = asn1_get_tag_2(&der_buf, tag_out); - if (ret) - return ret; - if ((size_t)asn1buf_remains(&der_buf, 0) != tag_out->length) - return EINVAL; - return asn1buf_insert_bytestring(buf, tag_out->length, - *der + len - tag_out->length); + if (rlen != 0) + return ASN1_BAD_LENGTH; + tag_out->length = clen; + return asn1buf_insert_bytestring(buf, clen, contents); } /* diff --git a/src/lib/krb5/asn.1/asn1_encode.h b/src/lib/krb5/asn.1/asn1_encode.h index b7ae1704c..51d2a9400 100644 --- a/src/lib/krb5/asn.1/asn1_encode.h +++ b/src/lib/krb5/asn.1/asn1_encode.h @@ -30,9 +30,20 @@ #include "k5-int.h" #include "krbasn1.h" #include "asn1buf.h" -#include "asn1_get.h" #include +typedef struct { + asn1_class asn1class; + asn1_construction construction; + asn1_tagnum tagnum; + size_t length; + + /* When decoding, stores the leading and trailing lengths of a tag. Used + * by store_der(). */ + size_t tag_len; + size_t tag_end_len; +} taginfo; + /* These functions are referenced by encoder structures. They handle the * encoding of primitive ASN.1 types. */ asn1_error_code k5_asn1_encode_bool(asn1buf *buf, asn1_intmax val, diff --git a/src/lib/krb5/asn.1/asn1_get.c b/src/lib/krb5/asn.1/asn1_get.c deleted file mode 100644 index 11934c31c..000000000 --- a/src/lib/krb5/asn.1/asn1_get.c +++ /dev/null @@ -1,119 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* lib/krb5/asn.1/asn1_get.c */ -/* - * Copyright 1994 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include "asn1_get.h" - -asn1_error_code -asn1_get_tag_2(asn1buf *buf, taginfo *t) -{ - asn1_error_code retval; - - if (buf == NULL || buf->base == NULL || - buf->bound - buf->next + 1 <= 0) { - t->tagnum = ASN1_TAGNUM_CEILING; /* emphatically not an EOC tag */ - t->asn1class = UNIVERSAL; - t->construction = PRIMITIVE; - t->length = 0; - t->indef = 0; - return 0; - } - { - /* asn1_get_id(buf, t) */ - asn1_tagnum tn=0; - asn1_octet o; - -#define ASN1_CLASS_MASK 0xC0 -#define ASN1_CONSTRUCTION_MASK 0x20 -#define ASN1_TAG_NUMBER_MASK 0x1F - - retval = asn1buf_remove_octet(buf,&o); - if (retval) - return retval; - - t->asn1class = (asn1_class)(o&ASN1_CLASS_MASK); - t->construction = (asn1_construction)(o&ASN1_CONSTRUCTION_MASK); - if ((o&ASN1_TAG_NUMBER_MASK) != ASN1_TAG_NUMBER_MASK) { - /* low-tag-number form */ - t->tagnum = (asn1_tagnum)(o&ASN1_TAG_NUMBER_MASK); - } else { - /* high-tag-number form */ - do { - retval = asn1buf_remove_octet(buf,&o); - if (retval) return retval; - tn = (tn<<7) + (asn1_tagnum)(o&0x7F); - } while (o&0x80); - t->tagnum = tn; - } - } - - { - /* asn1_get_length(buf, t) */ - asn1_octet o; - - t->indef = 0; - retval = asn1buf_remove_octet(buf,&o); - if (retval) return retval; - if ((o&0x80) == 0) { - t->length = (int)(o&0x7F); - } else { - int num; - int len=0; - - for (num = (int)(o&0x7F); num>0; num--) { - retval = asn1buf_remove_octet(buf,&o); - if (retval) return retval; - len = (len<<8) + (int)o; - } - if (len < 0) - return ASN1_OVERRUN; - if (!len) - t->indef = 1; - t->length = len; - } - } - if (t->indef && t->construction != CONSTRUCTED) - return ASN1_MISMATCH_INDEF; - return 0; -} - -asn1_error_code -asn1_get_sequence(asn1buf *buf, unsigned int *retlen, int *indef) -{ - taginfo t; - asn1_error_code retval; - - retval = asn1_get_tag_2(buf, &t); - if (retval) - return retval; - if (t.asn1class != UNIVERSAL || t.construction != CONSTRUCTED || - t.tagnum != ASN1_SEQUENCE) - return ASN1_BAD_ID; - if (retlen) - *retlen = t.length; - if (indef) - *indef = t.indef; - return 0; -} diff --git a/src/lib/krb5/asn.1/asn1_get.h b/src/lib/krb5/asn.1/asn1_get.h deleted file mode 100644 index e4c6107e6..000000000 --- a/src/lib/krb5/asn.1/asn1_get.h +++ /dev/null @@ -1,96 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* lib/krb5/asn.1/asn1_get.h */ -/* - * Copyright 1994 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#ifndef __ASN1_GET_H__ -#define __ASN1_GET_H__ - -/* ASN.1 substructure decoding procedures */ - -#include "k5-int.h" -#include "krbasn1.h" -#include "asn1buf.h" - -typedef struct { -#if 1 - /* - * Smaller run-time storage, and on x86 the compiler can use byte - * loads, stores, and compares, but on other platforms the compiler - * may need to load and widen before comparing... see how this works - * out. - */ - unsigned int asn1class : 8, construction : 8; -#else - asn1_class asn1class; - asn1_construction construction; -#endif - asn1_tagnum tagnum; - size_t length; - int indef; - - /* When decoding, stores the leading and trailing lengths of a tag. Used - * by store_der(). */ - size_t tag_len; - size_t tag_end_len; -} taginfo; - -asn1_error_code asn1_get_tag_2 (asn1buf *buf, taginfo *tinfo); - -#if 0 -asn1_error_code asn1_get_tag_indef(asn1buf *buf, - asn1_class *Class, - asn1_construction *construction, - asn1_tagnum *tagnum, - unsigned int *retlen, int *indef); - -asn1_error_code asn1_get_tag(asn1buf *buf, - asn1_class *Class, - asn1_construction *construction, - asn1_tagnum *tagnum, - unsigned int *retlen); -/* - * requires *buf is allocated - * effects Decodes the tag in *buf. If class != NULL, returns - * the class in *Class. Similarly, the construction, - * tag number, and length are returned in *construction, - * *tagnum, and *retlen, respectively. - * - * If *buf is empty to begin with, *tagnum is set to - * ASN1_TAGNUM_CEILING. - * - * Returns ASN1_OVERRUN if *buf is exhausted during the - * parse. - */ -#endif - -asn1_error_code asn1_get_sequence(asn1buf *buf, unsigned int *retlen, - int *indef); -/* - * requires *buf is allocated - * effects Decodes a tag from *buf and returns ASN1_BAD_ID if it - * doesn't have a sequence ID. If retlen != NULL, the - * associated length is returned in *retlen. - */ -#endif diff --git a/src/lib/krb5/asn.1/asn1_k_decode.c b/src/lib/krb5/asn.1/asn1_k_decode.c deleted file mode 100644 index f58bf39b1..000000000 --- a/src/lib/krb5/asn.1/asn1_k_decode.c +++ /dev/null @@ -1,1561 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* lib/krb5/asn.1/asn1_k_decode.c */ -/* - * Copyright 1994, 2007, 2008 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include "asn1_k_decode.h" -#include "asn1_k_decode_macros.h" -#include "asn1_decode.h" -#include "asn1_get.h" -#include "asn1_misc.h" - -integer_convert(asn1_decode_int,int) -integer_convert(asn1_decode_int32,krb5_int32) -integer_convert(asn1_decode_kvno,krb5_kvno) -integer_convert(asn1_decode_enctype,krb5_enctype) -integer_convert(asn1_decode_cksumtype,krb5_cksumtype) -integer_convert(asn1_decode_octet,krb5_octet) -integer_convert(asn1_decode_addrtype,krb5_addrtype) -integer_convert(asn1_decode_authdatatype,krb5_authdatatype) -unsigned_integer_convert(asn1_decode_ui_2,krb5_ui_2) -unsigned_integer_convert(asn1_decode_ui_4,krb5_ui_4) - -/* scalars */ -asn1_error_code -asn1_decode_kerberos_time(asn1buf *buf, krb5_timestamp *val) -{ - time_t t; - asn1_error_code retval; - - retval = asn1_decode_generaltime(buf,&t); - if (retval) - return retval; - - *val = t; - return 0; -} - -asn1_error_code -asn1_decode_seqnum(asn1buf *buf, krb5_ui_4 *val) -{ - asn1_error_code retval; - unsigned long n; - - retval = asn1_decode_maybe_unsigned(buf, &n); - if (retval) return retval; - *val = (krb5_ui_4)n & 0xffffffff; - return 0; -} - -asn1_error_code -asn1_decode_msgtype(asn1buf *buf, krb5_msgtype *val) -{ - asn1_error_code retval; - unsigned long n; - - retval = asn1_decode_unsigned_integer(buf,&n); - if (retval) return retval; - - *val = (krb5_msgtype) n; - return 0; -} - - -/* structures */ -asn1_error_code -asn1_decode_realm(asn1buf *buf, krb5_principal *val) -{ - return asn1_decode_generalstring(buf, - &((*val)->realm.length), - &((*val)->realm.data)); -} - -asn1_error_code -asn1_decode_principal_name(asn1buf *buf, krb5_principal *val) -{ - int size = 0, i; - krb5_data *array = NULL, *new_array; - - setup(); - { begin_structure(); - get_field((*val)->type,0,asn1_decode_int32); - - { sequence_of_no_tagvars(&subbuf); - while (asn1buf_remains(&seqbuf,seqofindef) > 0) { - unsigned int len; - char *str; - - new_array = realloc(array, (size + 1) * sizeof(krb5_data)); - if (new_array == NULL) clean_return(ENOMEM); - array = new_array; - retval = asn1_decode_generalstring(&seqbuf, &len, &str); - if (retval) clean_return(retval); - array[size].data = str; - array[size].length = len; - size++; - } - end_sequence_of_no_tagvars(&subbuf); - } - if (indef) { - get_eoc(); - } - next_tag(); - end_structure(); - } - (*val)->data = array; - (*val)->length = size; - (*val)->magic = KV5M_PRINCIPAL; - return 0; -error_out: - for (i = 0; i < size; i++) - free(array[i].data); - free(array); - return retval; -} - -asn1_error_code -asn1_decode_checksum(asn1buf *buf, krb5_checksum *val) -{ - setup(); - val->contents = NULL; - { begin_structure(); - get_field(val->checksum_type,0,asn1_decode_cksumtype); - get_lenfield(val->length,val->contents,1,asn1_decode_octetstring); - end_structure(); - val->magic = KV5M_CHECKSUM; - } - return 0; -error_out: - free(val->contents); - return retval; -} - -asn1_error_code -asn1_decode_checksum_ptr(asn1buf *buf, krb5_checksum **valptr) -{ - decode_ptr(krb5_checksum *, asn1_decode_checksum); -} - -asn1_error_code -asn1_decode_encryption_key(asn1buf *buf, krb5_keyblock *val) -{ - setup(); - val->contents = NULL; - { begin_structure(); - get_field(val->enctype,0,asn1_decode_enctype); - get_lenfield(val->length,val->contents,1,asn1_decode_octetstring); - end_structure(); - val->magic = KV5M_KEYBLOCK; - } - return 0; -error_out: - free(val->contents); - return retval; -} - -asn1_error_code -asn1_decode_encryption_key_ptr(asn1buf *buf, krb5_keyblock **valptr) -{ - decode_ptr(krb5_keyblock *, asn1_decode_encryption_key); -} - -asn1_error_code -asn1_decode_encrypted_data(asn1buf *buf, krb5_enc_data *val) -{ - setup(); - val->ciphertext.data = NULL; - { begin_structure(); - get_field(val->enctype,0,asn1_decode_enctype); - opt_field(val->kvno,1,asn1_decode_kvno,0); - get_lenfield(val->ciphertext.length,val->ciphertext.data,2,asn1_decode_charstring); - end_structure(); - val->magic = KV5M_ENC_DATA; - } - return 0; -error_out: - free(val->ciphertext.data); - val->ciphertext.data = NULL; - return retval; -} - -asn1_error_code -asn1_decode_krb5_flags(asn1buf *buf, krb5_flags *val) -{ - asn1_error_code retval; - asn1_octet unused, o; - taginfo t; - unsigned int i; - krb5_flags f=0; - unsigned int length; - - retval = asn1_get_tag_2(buf, &t); - if (retval) return retval; - if (t.asn1class != UNIVERSAL || t.construction != PRIMITIVE || - t.tagnum != ASN1_BITSTRING) - return ASN1_BAD_ID; - length = t.length; - - retval = asn1buf_remove_octet(buf,&unused); /* # of padding bits */ - if (retval) return retval; - - /* Number of unused bits must be between 0 and 7. */ - if (unused > 7) return ASN1_BAD_FORMAT; - length--; - - for (i = 0; i < length; i++) { - retval = asn1buf_remove_octet(buf,&o); - if (retval) return retval; - /* ignore bits past number 31 */ - if (i < 4) - f = (f<<8) | ((krb5_flags)o&0xFF); - } - if (length <= 4) { - /* Mask out unused bits, but only if necessary. */ - f &= ~(krb5_flags)0 << unused; - } - /* left-justify */ - if (length < 4) - f <<= (4 - length) * 8; - *val = f; - return 0; -} - -asn1_error_code -asn1_decode_ticket_flags(asn1buf *buf, krb5_flags *val) -{ return asn1_decode_krb5_flags(buf,val); } - -asn1_error_code -asn1_decode_ap_options(asn1buf *buf, krb5_flags *val) -{ return asn1_decode_krb5_flags(buf,val); } - -asn1_error_code -asn1_decode_kdc_options(asn1buf *buf, krb5_flags *val) -{ return asn1_decode_krb5_flags(buf,val); } - -asn1_error_code -asn1_decode_transited_encoding(asn1buf *buf, krb5_transited *val) -{ - setup(); - val->tr_contents.data = NULL; - { begin_structure(); - get_field(val->tr_type,0,asn1_decode_octet); - get_lenfield(val->tr_contents.length,val->tr_contents.data,1,asn1_decode_charstring); - end_structure(); - val->magic = KV5M_TRANSITED; - } - return 0; -error_out: - krb5_free_data_contents(NULL, &val->tr_contents); - return retval; -} - -asn1_error_code -asn1_decode_enc_kdc_rep_part(asn1buf *buf, krb5_enc_kdc_rep_part *val) -{ - setup(); - val->session = NULL; - val->last_req = NULL; - val->server = NULL; - val->caddrs = NULL; - val->enc_padata = NULL; - { begin_structure(); - get_field(val->session,0,asn1_decode_encryption_key_ptr); - get_field(val->last_req,1,asn1_decode_last_req); - get_field(val->nonce,2,asn1_decode_int32); - opt_field(val->key_exp,3,asn1_decode_kerberos_time,0); - get_field(val->flags,4,asn1_decode_ticket_flags); - get_field(val->times.authtime,5,asn1_decode_kerberos_time); - /* Set to authtime if missing */ - opt_field(val->times.starttime,6,asn1_decode_kerberos_time,val->times.authtime); - get_field(val->times.endtime,7,asn1_decode_kerberos_time); - opt_field(val->times.renew_till,8,asn1_decode_kerberos_time,0); - alloc_principal(val->server); - get_field(val->server,9,asn1_decode_realm); - get_field(val->server,10,asn1_decode_principal_name); - opt_field(val->caddrs,11,asn1_decode_host_addresses,NULL); - opt_field(val->enc_padata,12,asn1_decode_sequence_of_pa_data,NULL); - end_structure(); - val->magic = KV5M_ENC_KDC_REP_PART; - } - return 0; -error_out: - krb5_free_keyblock(NULL, val->session); - krb5_free_last_req(NULL, val->last_req); - krb5_free_principal(NULL, val->server); - krb5_free_addresses(NULL, val->caddrs); - krb5_free_pa_data(NULL, val->enc_padata); - val->session = NULL; - val->last_req = NULL; - val->server = NULL; - val->caddrs = NULL; - return retval; -} - -asn1_error_code -asn1_decode_ticket(asn1buf *buf, krb5_ticket *val) -{ - setup(); - unsigned int applen; - apptag(1); - val->server = NULL; - val->enc_part.ciphertext.data = NULL; - val->enc_part2 = NULL; - { begin_structure(); - { krb5_kvno vno; - get_field(vno,0,asn1_decode_kvno); - if (vno != KVNO) clean_return(KRB5KDC_ERR_BAD_PVNO); } - alloc_principal(val->server); - get_field(val->server,1,asn1_decode_realm); - get_field(val->server,2,asn1_decode_principal_name); - get_field(val->enc_part,3,asn1_decode_encrypted_data); - end_structure(); - val->magic = KV5M_TICKET; - } - if (!applen) { - taginfo t; - retval = asn1_get_tag_2(buf, &t); - if (retval) clean_return(retval); - } - return 0; -error_out: - krb5_free_principal(NULL, val->server); - krb5_free_data_contents(NULL, &val->enc_part.ciphertext); - val->server = NULL; - return retval; -} - -asn1_error_code -asn1_decode_ticket_ptr(asn1buf *buf, krb5_ticket **valptr) -{ - decode_ptr(krb5_ticket *, asn1_decode_ticket); -} - -asn1_error_code -asn1_decode_krb_safe_body(asn1buf *buf, krb5_safe *val) -{ - setup(); - val->user_data.data = NULL; - val->r_address = NULL; - val->s_address = NULL; - val->checksum = NULL; - { begin_structure(); - get_lenfield(val->user_data.length,val->user_data.data,0,asn1_decode_charstring); - opt_field(val->timestamp,1,asn1_decode_kerberos_time,0); - opt_field(val->usec,2,asn1_decode_int32,0); - opt_field(val->seq_number,3,asn1_decode_seqnum,0); - get_field(val->s_address,4,asn1_decode_host_address_ptr); - if (tagnum == 5) { - get_field(val->r_address,5,asn1_decode_host_address_ptr); - } - end_structure(); - val->magic = KV5M_SAFE; - } - return 0; -error_out: - krb5_free_data_contents(NULL, &val->user_data); - krb5_free_address(NULL, val->r_address); - krb5_free_address(NULL, val->s_address); - val->r_address = NULL; - val->s_address = NULL; - return retval; -} - -asn1_error_code -asn1_decode_host_address(asn1buf *buf, krb5_address *val) -{ - setup(); - val->contents = NULL; - { begin_structure(); - get_field(val->addrtype,0,asn1_decode_addrtype); - get_lenfield(val->length,val->contents,1,asn1_decode_octetstring); - end_structure(); - val->magic = KV5M_ADDRESS; - } - return 0; -error_out: - free(val->contents); - val->contents = NULL; - return retval; -} - -asn1_error_code -asn1_decode_host_address_ptr(asn1buf *buf, krb5_address **valptr) -{ - decode_ptr(krb5_address *, asn1_decode_host_address); -} - -asn1_error_code -asn1_decode_kdc_rep(asn1buf *buf, krb5_kdc_rep *val) -{ - setup(); - val->padata = NULL; - val->client = NULL; - val->ticket = NULL; - val->enc_part.ciphertext.data = NULL; - val->enc_part2 = NULL; - { begin_structure(); - { krb5_kvno pvno; - get_field(pvno,0,asn1_decode_kvno); - if (pvno != KVNO) clean_return(KRB5KDC_ERR_BAD_PVNO); } - get_field(val->msg_type,1,asn1_decode_msgtype); - opt_field(val->padata,2,asn1_decode_sequence_of_pa_data,NULL); - alloc_principal(val->client); - get_field(val->client,3,asn1_decode_realm); - get_field(val->client,4,asn1_decode_principal_name); - get_field(val->ticket,5,asn1_decode_ticket_ptr); - get_field(val->enc_part,6,asn1_decode_encrypted_data); - end_structure(); - val->magic = KV5M_KDC_REP; - } - return 0; -error_out: - krb5_free_pa_data(NULL, val->padata); - krb5_free_principal(NULL, val->client); - krb5_free_ticket(NULL, val->ticket); - krb5_free_data_contents(NULL, &val->enc_part.ciphertext); - val->padata = NULL; - val->client = NULL; - val->ticket = NULL; - val->enc_part.ciphertext.data = NULL; - return retval; -} - - -/* arrays */ -#define get_element(element,decoder) \ - retval = decoder(&seqbuf,&element); \ - if (retval) clean_return(retval) - -/* - * Function body for array decoders. freefn is expected to look like - * a krb5_free_ function, so we pass a null first argument. - */ -#define decode_array_body(type,decoder,freefn) \ - asn1_error_code retval; \ - type *elt = NULL, **array; \ - int size = 0, i; \ - \ - array = *val = NULL; \ - { sequence_of(buf); \ - while (asn1buf_remains(&seqbuf,seqofindef) > 0) { \ - get_element(elt,decoder); \ - array_append(&array,size,elt,type); \ - elt = NULL; \ - } \ - if (array == NULL) \ - array = malloc(sizeof(type*)); \ - array[size] = NULL; \ - end_sequence_of(buf); \ - } \ - *val = array; \ - return 0; \ -error_out: \ -if (elt) \ - freefn(NULL,elt); \ -for (i = 0; i < size; i++) \ - freefn(NULL,array[i]); \ -free(array); \ -return retval - -static void * -array_expand (void *array, int n_elts, size_t elt_size) -{ - size_t new_size; - - if (n_elts <= 0) - return NULL; - if ((unsigned int) n_elts > SIZE_MAX / elt_size) - return NULL; - new_size = n_elts * elt_size; - if (new_size == 0) - return NULL; - if (new_size / elt_size != (unsigned int) n_elts) - return NULL; - return realloc(array, new_size); -} - -#define array_append(array,size,element,type) \ - { \ - void *new_array = array_expand(*(array), (size)+2, sizeof(type*)); \ - if (new_array == NULL) clean_return(ENOMEM); \ - *(array) = new_array; \ - (*(array))[(size)++] = elt; \ - } - - -static void -free_authdata_elt(void *dummy, krb5_authdata *val) -{ - free(val->contents); - free(val); -} - -asn1_error_code -asn1_decode_authorization_data(asn1buf *buf, krb5_authdata ***val) -{ - decode_array_body(krb5_authdata,asn1_decode_authdata_elt_ptr, - free_authdata_elt); -} - -asn1_error_code -asn1_decode_authdata_elt(asn1buf *buf, krb5_authdata *val) -{ - setup(); - val->contents = NULL; - { begin_structure(); - get_field(val->ad_type,0,asn1_decode_authdatatype); - get_lenfield(val->length,val->contents,1,asn1_decode_octetstring); - end_structure(); - val->magic = KV5M_AUTHDATA; - } - return 0; -error_out: - free(val->contents); - val->contents = NULL; - return retval; -} - -static asn1_error_code -asn1_peek_authdata_elt(asn1buf *buf, krb5_authdatatype *val) -{ - setup(); - *val = 0; - { begin_structure(); - get_field(*val, 0, asn1_decode_authdatatype); - end_structure(); - } - return 0; -error_out: - return retval; -} - -asn1_error_code -asn1_peek_authorization_data(asn1buf *buf, unsigned int *num, - krb5_authdatatype **val) -{ - int size = 0; - krb5_authdatatype *array = NULL, *new_array; - - asn1_error_code retval; - { sequence_of(buf); - while (asn1buf_remains(&seqbuf,seqofindef) > 0) { - size++; - new_array = realloc(array,size*sizeof(krb5_authdatatype)); - if (new_array == NULL) clean_return(ENOMEM); - array = new_array; - retval = asn1_peek_authdata_elt(&seqbuf,&array[size-1]); - if (retval) clean_return(retval); - } - end_sequence_of(buf); - } - *num = size; - *val = array; - return 0; -error_out: - free(array); - return retval; -} - -asn1_error_code -asn1_decode_authdata_elt_ptr(asn1buf *buf, krb5_authdata **valptr) -{ - decode_ptr(krb5_authdata *, asn1_decode_authdata_elt); -} - -asn1_error_code -asn1_decode_host_addresses(asn1buf *buf, krb5_address ***val) -{ - decode_array_body(krb5_address,asn1_decode_host_address_ptr, - krb5_free_address); -} - -asn1_error_code -asn1_decode_sequence_of_ticket(asn1buf *buf, krb5_ticket ***val) -{ - decode_array_body(krb5_ticket,asn1_decode_ticket_ptr,krb5_free_ticket); -} - -static void -free_cred_info(void *dummy, krb5_cred_info *val) -{ - krb5_free_keyblock(NULL, val->session); - krb5_free_principal(NULL, val->client); - krb5_free_principal(NULL, val->server); - krb5_free_addresses(NULL, val->caddrs); - free(val); -} - -asn1_error_code -asn1_decode_sequence_of_krb_cred_info(asn1buf *buf, krb5_cred_info ***val) -{ - decode_array_body(krb5_cred_info,asn1_decode_krb_cred_info_ptr, - free_cred_info); -} - -asn1_error_code -asn1_decode_krb_cred_info(asn1buf *buf, krb5_cred_info *val) -{ - setup(); - val->session = NULL; - val->client = NULL; - val->server = NULL; - val->caddrs = NULL; - { begin_structure(); - get_field(val->session,0,asn1_decode_encryption_key_ptr); - if (tagnum == 1) { - alloc_principal(val->client); - opt_field(val->client,1,asn1_decode_realm,NULL); - opt_field(val->client,2,asn1_decode_principal_name,NULL); } - opt_field(val->flags,3,asn1_decode_ticket_flags,0); - opt_field(val->times.authtime,4,asn1_decode_kerberos_time,0); - opt_field(val->times.starttime,5,asn1_decode_kerberos_time,0); - opt_field(val->times.endtime,6,asn1_decode_kerberos_time,0); - opt_field(val->times.renew_till,7,asn1_decode_kerberos_time,0); - if (tagnum == 8) { - alloc_principal(val->server); - opt_field(val->server,8,asn1_decode_realm,NULL); - opt_field(val->server,9,asn1_decode_principal_name,NULL); } - opt_field(val->caddrs,10,asn1_decode_host_addresses,NULL); - end_structure(); - val->magic = KV5M_CRED_INFO; - } - return 0; -error_out: - krb5_free_keyblock(NULL, val->session); - krb5_free_principal(NULL, val->client); - krb5_free_principal(NULL, val->server); - krb5_free_addresses(NULL, val->caddrs); - val->session = NULL; - val->client = NULL; - val->server = NULL; - val->caddrs = NULL; - return retval; -} - -asn1_error_code -asn1_decode_krb_cred_info_ptr(asn1buf *buf, krb5_cred_info **valptr) -{ - decode_ptr(krb5_cred_info *, asn1_decode_krb_cred_info); -} - -static void -free_pa_data(void *dummy, krb5_pa_data *val) -{ - free(val->contents); - free(val); -} - -asn1_error_code -asn1_decode_sequence_of_pa_data(asn1buf *buf, krb5_pa_data ***val) -{ - decode_array_body(krb5_pa_data,asn1_decode_pa_data_ptr,free_pa_data); -} - -asn1_error_code -asn1_decode_pa_data(asn1buf *buf, krb5_pa_data *val) -{ - setup(); - val->contents = NULL; - { begin_structure(); - get_field(val->pa_type,1,asn1_decode_int32); - get_lenfield(val->length,val->contents,2,asn1_decode_octetstring); - end_structure(); - val->magic = KV5M_PA_DATA; - } - return 0; -error_out: - free(val->contents); - val->contents = NULL; - return retval; -} - -asn1_error_code -asn1_decode_pa_data_ptr(asn1buf *buf, krb5_pa_data **valptr) -{ - decode_ptr(krb5_pa_data *, asn1_decode_pa_data); -} - -static void -free_last_req_entry(void *dummy, krb5_last_req_entry *val) -{ - free(val); -} - -asn1_error_code -asn1_decode_last_req(asn1buf *buf, krb5_last_req_entry ***val) -{ - decode_array_body(krb5_last_req_entry,asn1_decode_last_req_entry_ptr, - free_last_req_entry); -} - -asn1_error_code -asn1_decode_last_req_entry(asn1buf *buf, krb5_last_req_entry *val) -{ - setup(); - { begin_structure(); - get_field(val->lr_type,0,asn1_decode_int32); - get_field(val->value,1,asn1_decode_kerberos_time); - end_structure(); - val->magic = KV5M_LAST_REQ_ENTRY; -#ifdef KRB5_GENEROUS_LR_TYPE - /* If we are only a single byte wide and negative - fill in the - other bits */ - if ((val->lr_type & 0xffffff80U) == 0x80) val->lr_type |= 0xffffff00U; -#endif - } - return 0; -error_out: - return retval; -} - -asn1_error_code -asn1_decode_last_req_entry_ptr(asn1buf *buf, krb5_last_req_entry **valptr) -{ - decode_ptr(krb5_last_req_entry *, asn1_decode_last_req_entry); -} - -asn1_error_code -asn1_decode_sequence_of_enctype(asn1buf *buf, int *num, krb5_enctype **val) -{ - int size = 0; - krb5_enctype *array = NULL, *new_array; - - asn1_error_code retval; - { sequence_of(buf); - while (asn1buf_remains(&seqbuf,seqofindef) > 0) { - size++; - new_array = realloc(array,size*sizeof(krb5_enctype)); - if (new_array == NULL) clean_return(ENOMEM); - array = new_array; - retval = asn1_decode_enctype(&seqbuf,&array[size-1]); - if (retval) clean_return(retval); - } - end_sequence_of(buf); - } - *num = size; - *val = array; - return 0; -error_out: - free(array); - return retval; -} - -asn1_error_code -asn1_decode_sequence_of_checksum(asn1buf *buf, krb5_checksum ***val) -{ - decode_array_body(krb5_checksum, asn1_decode_checksum_ptr, - krb5_free_checksum); -} - -static void -free_etype_info_entry(void *dummy, krb5_etype_info_entry *val) -{ - krb5_free_data_contents(NULL, &val->s2kparams); - free(val->salt); - free(val); -} - -static asn1_error_code -asn1_decode_etype_info2_entry(asn1buf *buf, krb5_etype_info_entry *val) -{ - char *salt = NULL; - krb5_octet *params = NULL; - setup(); - val->salt = NULL; - val->s2kparams.data = NULL; - { begin_structure(); - get_field(val->etype,0,asn1_decode_enctype); - if (tagnum == 1) { - get_lenfield(val->length,salt,1,asn1_decode_generalstring); - val->salt = (krb5_octet *) salt; - salt = NULL; - } else - val->length = KRB5_ETYPE_NO_SALT; - if ( tagnum ==2) { - get_lenfield( val->s2kparams.length, params, - 2, asn1_decode_octetstring); - val->s2kparams.data = ( char *) params; - params = NULL; - } else - val->s2kparams.length = 0; - end_structure(); - val->magic = KV5M_ETYPE_INFO_ENTRY; - } - return 0; -error_out: - free(salt); - free(params); - krb5_free_data_contents(NULL, &val->s2kparams); - free(val->salt); - val->salt = NULL; - return retval; -} - -static asn1_error_code -asn1_decode_etype_info2_entry_ptr(asn1buf *buf, krb5_etype_info_entry **valptr) -{ - decode_ptr(krb5_etype_info_entry *, asn1_decode_etype_info2_entry); -} - -static asn1_error_code -asn1_decode_etype_info2_entry_1_3(asn1buf *buf, krb5_etype_info_entry *val) -{ - krb5_octet *params = NULL; - - setup(); - val->salt = NULL; - val->s2kparams.data = NULL; - { begin_structure(); - get_field(val->etype,0,asn1_decode_enctype); - if (tagnum == 1) { - get_lenfield(val->length,val->salt,1,asn1_decode_octetstring); - } else - val->length = KRB5_ETYPE_NO_SALT; - if ( tagnum ==2) { - get_lenfield( val->s2kparams.length, params, - 2, asn1_decode_octetstring); - val->s2kparams.data = ( char *) params; - params = NULL; - } else - val->s2kparams.length = 0; - end_structure(); - val->magic = KV5M_ETYPE_INFO_ENTRY; - } - return 0; -error_out: - krb5_free_data_contents(NULL, &val->s2kparams); - free(params); - free(val->salt); - val->salt = NULL; - return retval; -} - -static asn1_error_code -asn1_decode_etype_info2_entry_1_3_ptr(asn1buf *buf, - krb5_etype_info_entry **valptr) -{ - decode_ptr(krb5_etype_info_entry *, asn1_decode_etype_info2_entry_1_3); -} - -static asn1_error_code -asn1_decode_etype_info_entry(asn1buf *buf, krb5_etype_info_entry *val) -{ - setup(); - val->salt = NULL; - val->s2kparams.data = NULL; - { begin_structure(); - get_field(val->etype,0,asn1_decode_enctype); - if (tagnum == 1) { - get_lenfield(val->length,val->salt,1,asn1_decode_octetstring); - } else - val->length = KRB5_ETYPE_NO_SALT; - val->s2kparams.length = 0; - - end_structure(); - val->magic = KV5M_ETYPE_INFO_ENTRY; - } - return 0; -error_out: - free(val->salt); - val->salt = NULL; - return retval; -} - -static asn1_error_code -asn1_decode_etype_info_entry_ptr(asn1buf *buf, krb5_etype_info_entry **valptr) -{ - decode_ptr(krb5_etype_info_entry *, asn1_decode_etype_info_entry); -} - -asn1_error_code -asn1_decode_etype_info(asn1buf *buf, krb5_etype_info_entry ***val ) -{ - decode_array_body(krb5_etype_info_entry,asn1_decode_etype_info_entry_ptr, - free_etype_info_entry); -} - -static asn1_error_code -decode_etype_info2_13(asn1buf *buf, krb5_etype_info_entry ***val) -{ - decode_array_body(krb5_etype_info_entry, - asn1_decode_etype_info2_entry_1_3_ptr, - free_etype_info_entry); -} - -asn1_error_code -asn1_decode_etype_info2(asn1buf *buf, krb5_etype_info_entry ***val , - krb5_boolean v1_3_behavior) -{ - if (v1_3_behavior) - return decode_etype_info2_13(buf, val); - else { - decode_array_body(krb5_etype_info_entry, - asn1_decode_etype_info2_entry_ptr, - free_etype_info_entry); - } -} - -asn1_error_code -asn1_decode_setpw_req(asn1buf *buf, krb5_data *newpasswd, - krb5_principal *principal) -{ - krb5_principal princ = NULL; - setup(); - *principal = NULL; - - newpasswd->data = NULL; - { begin_structure(); - get_lenfield(newpasswd->length, newpasswd->data, 0, asn1_decode_charstring); - if (tagnum == 1) { - alloc_principal(princ); - opt_field(princ, 1, asn1_decode_principal_name, 0); - opt_field(princ, 2, asn1_decode_realm, 0); - } - end_structure(); - } - *principal = princ; - return 0; -error_out: - krb5_free_data_contents(NULL, newpasswd); - krb5_free_principal(NULL, princ); - return retval; -} - -asn1_error_code -asn1_decode_pa_for_user(asn1buf *buf, krb5_pa_for_user *val) -{ - setup(); - val->user = NULL; - val->cksum.contents = NULL; - val->auth_package.data = NULL; - { begin_structure(); - alloc_principal(val->user); - get_field(val->user,0,asn1_decode_principal_name); - get_field(val->user,1,asn1_decode_realm); - get_field(val->cksum,2,asn1_decode_checksum); - get_lenfield(val->auth_package.length,val->auth_package.data,3,asn1_decode_generalstring); - end_structure(); - } - return 0; -error_out: - krb5_free_principal(NULL, val->user); - krb5_free_checksum_contents(NULL, &val->cksum); - krb5_free_data_contents(NULL, &val->auth_package); - val->user = NULL; - return retval; -} - -asn1_error_code -asn1_decode_s4u_userid(asn1buf *buf, krb5_s4u_userid *val) -{ - setup(); - val->nonce = 0; - val->user = NULL; - val->subject_cert.data = NULL; - val->options = 0; - { begin_structure(); - get_field(val->nonce,0,asn1_decode_int32); - alloc_principal(val->user); - opt_field(val->user,1,asn1_decode_principal_name,0); - get_field(val->user,2,asn1_decode_realm); - opt_lenfield(val->subject_cert.length,val->subject_cert.data,3,asn1_decode_charstring); - opt_field(val->options,4,asn1_decode_krb5_flags,0); - end_structure(); - } - return 0; -error_out: - krb5_free_principal(NULL, val->user); - krb5_free_data_contents(NULL, &val->subject_cert); - val->user = NULL; - val->subject_cert.data = NULL; - return retval; -} - -asn1_error_code -asn1_decode_pa_s4u_x509_user(asn1buf *buf, krb5_pa_s4u_x509_user *val) -{ - setup(); - val->cksum.contents = NULL; - { begin_structure(); - get_field(val->user_id,0,asn1_decode_s4u_userid); - get_field(val->cksum,1,asn1_decode_checksum); - end_structure(); - } - return 0; -error_out: - krb5_free_s4u_userid_contents(NULL, &val->user_id); - krb5_free_checksum_contents(NULL, &val->cksum); - return retval; -} - -asn1_error_code -asn1_decode_pa_pac_req(asn1buf *buf, krb5_pa_pac_req *val) -{ - setup(); - { begin_structure(); - get_field(val->include_pac,0,asn1_decode_boolean); - end_structure(); - } - return 0; -error_out: - return retval; -} - -asn1_error_code -asn1_decode_ad_kdcissued(asn1buf *buf, krb5_ad_kdcissued *val) -{ - setup(); - val->ad_checksum.contents = NULL; - val->i_principal = NULL; - val->elements = NULL; - {begin_structure(); - get_field(val->ad_checksum, 0, asn1_decode_checksum); - if (tagnum == 1) { - alloc_principal(val->i_principal); - opt_field(val->i_principal, 1, asn1_decode_realm, 0); - opt_field(val->i_principal, 2, asn1_decode_principal_name, 0); - } - get_field(val->elements, 3, asn1_decode_authorization_data); - end_structure(); - } - return 0; -error_out: - krb5_free_checksum_contents(NULL, &val->ad_checksum); - krb5_free_principal(NULL, val->i_principal); - krb5_free_authdata(NULL, val->elements); - return retval; -} - -static asn1_error_code asn1_decode_princ_plus_realm -(asn1buf *buf, krb5_principal *valptr) -{ - setup(); - alloc_principal((*valptr)); - { begin_structure(); - get_field((*valptr), 0, asn1_decode_principal_name); - get_field((*valptr), 1, asn1_decode_realm); - end_structure(); - } - return 0; -error_out: - krb5_free_principal(NULL, *valptr); - *valptr = NULL; - return retval; -} - -static asn1_error_code -asn1_decode_sequence_of_princ_plus_realm(asn1buf *buf, krb5_principal **val) -{ - decode_array_body(krb5_principal_data,asn1_decode_princ_plus_realm,krb5_free_principal); -} - -asn1_error_code -asn1_decode_ad_signedpath(asn1buf *buf, krb5_ad_signedpath *val) -{ - setup(); - val->enctype = ENCTYPE_NULL; - val->checksum.contents = NULL; - val->delegated = NULL; - { - begin_structure(); - get_field(val->enctype, 0, asn1_decode_enctype); - get_field(val->checksum, 1, asn1_decode_checksum); - opt_field(val->delegated, 2, asn1_decode_sequence_of_princ_plus_realm, - NULL); - opt_field(val->method_data, 3, asn1_decode_sequence_of_pa_data, NULL); - end_structure(); - } - return 0; -error_out: - krb5_free_checksum_contents(NULL, &val->checksum); - return retval; -} - -asn1_error_code asn1_decode_iakerb_header -(asn1buf *buf, krb5_iakerb_header *val) -{ - setup(); - val->target_realm.data = NULL; - val->target_realm.length = 0; - val->cookie = NULL; - { - begin_structure(); - get_lenfield(val->target_realm.length, val->target_realm.data, - 1, asn1_decode_charstring); - if (tagnum == 2) { - alloc_data(val->cookie); - get_lenfield(val->cookie->length, val->cookie->data, - 2, asn1_decode_charstring); - } - end_structure(); - } - return 0; -error_out: - krb5_free_data_contents(NULL, &val->target_realm); - krb5_free_data(NULL, val->cookie); - return retval; -} - -asn1_error_code asn1_decode_iakerb_finished -(asn1buf *buf, krb5_iakerb_finished *val) -{ - setup(); - val->checksum.contents = NULL; - { - begin_structure(); - get_field(val->checksum, 1, asn1_decode_checksum); - end_structure(); - } - return 0; -error_out: - krb5_free_checksum_contents(NULL, &val->checksum); - return retval; -} - -#ifndef DISABLE_PKINIT -/* PKINIT */ - -asn1_error_code -asn1_decode_external_principal_identifier( - asn1buf *buf, - krb5_external_principal_identifier *val) -{ - setup(); - val->subjectName.data = NULL; - val->issuerAndSerialNumber.data = NULL; - val->subjectKeyIdentifier.data = NULL; - { - begin_structure(); - opt_implicit_charstring(val->subjectName.length, val->subjectName.data, - 0); - opt_implicit_charstring(val->issuerAndSerialNumber.length, - val->issuerAndSerialNumber.data, 1); - opt_implicit_charstring(val->subjectKeyIdentifier.length, - val->subjectKeyIdentifier.data, 2); - end_structure(); - } - return 0; -error_out: - free(val->subjectName.data); - free(val->issuerAndSerialNumber.data); - free(val->subjectKeyIdentifier.data); - val->subjectName.data = NULL; - val->issuerAndSerialNumber.data = NULL; - val->subjectKeyIdentifier.data = NULL; - return retval; -} - -asn1_error_code -asn1_decode_external_principal_identifier_ptr( - asn1buf *buf, - krb5_external_principal_identifier **valptr) -{ - decode_ptr(krb5_external_principal_identifier *, - asn1_decode_external_principal_identifier); -} - -static void -free_external_principal_identifier(void *dummy, - krb5_external_principal_identifier *val) -{ - free(val->subjectName.data); - free(val->issuerAndSerialNumber.data); - free(val->subjectKeyIdentifier.data); - free(val); -} - -asn1_error_code -asn1_decode_sequence_of_external_principal_identifier( - asn1buf *buf, - krb5_external_principal_identifier ***val) -{ - decode_array_body(krb5_external_principal_identifier, - asn1_decode_external_principal_identifier_ptr, - free_external_principal_identifier); -} - -static asn1_error_code -asn1_decode_kdf_alg_id_ptr(asn1buf *buf, krb5_data **valptr) -{ - decode_ptr(krb5_data *, asn1_decode_kdf_alg_id); -} - -asn1_error_code -asn1_decode_dh_rep_info(asn1buf *buf, krb5_dh_rep_info *val) -{ - setup(); - val->dhSignedData.data = NULL; - val->serverDHNonce.data = NULL; - val->kdfID = NULL; - { begin_structure(); - get_implicit_charstring(val->dhSignedData.length, - val->dhSignedData.data, 0); - - opt_lenfield(val->serverDHNonce.length, val->serverDHNonce.data, 1, - asn1_decode_charstring); - opt_field(val->kdfID, 2, asn1_decode_kdf_alg_id_ptr, NULL); - end_structure(); - } - return 0; -error_out: - free(val->dhSignedData.data); - free(val->serverDHNonce.data); - krb5_free_data(NULL, val->kdfID); - val->kdfID = NULL; - val->dhSignedData.data = NULL; - val->serverDHNonce.data = NULL; - return retval; -} - -asn1_error_code -asn1_decode_pk_authenticator(asn1buf *buf, krb5_pk_authenticator *val) -{ - setup(); - val->paChecksum.contents = NULL; - { begin_structure(); - get_field(val->cusec, 0, asn1_decode_int32); - get_field(val->ctime, 1, asn1_decode_kerberos_time); - get_field(val->nonce, 2, asn1_decode_int32); - opt_lenfield(val->paChecksum.length, val->paChecksum.contents, 3, asn1_decode_octetstring); - end_structure(); - } - return 0; -error_out: - krb5_free_checksum_contents(NULL, &val->paChecksum); - return retval; -} - -asn1_error_code -asn1_decode_pk_authenticator_draft9(asn1buf *buf, - krb5_pk_authenticator_draft9 *val) -{ - setup(); - val->kdcName = NULL; - { begin_structure(); - alloc_principal(val->kdcName); - get_field(val->kdcName, 0, asn1_decode_principal_name); - get_field(val->kdcName, 1, asn1_decode_realm); - get_field(val->cusec, 2, asn1_decode_int32); - get_field(val->ctime, 3, asn1_decode_kerberos_time); - get_field(val->nonce, 4, asn1_decode_int32); - end_structure(); - } - return 0; -error_out: - krb5_free_principal(NULL, val->kdcName); - return retval; -} - -asn1_error_code -asn1_decode_algorithm_identifier(asn1buf *buf, krb5_algorithm_identifier *val) -{ - setup(); - val->algorithm.data = NULL; - val->parameters.data = NULL; - { begin_structure_no_tag(); - /* - * Forbid indefinite encoding because we don't read enough tag - * information from the trailing octets ("ANY DEFINED BY") to - * synchronize EOC tags, etc. - */ - if (seqindef) clean_return(ASN1_BAD_FORMAT); - /* - * Set up tag variables because we don't actually call anything - * that fetches tag info for us; it's all buried in the decoder - * primitives. - */ - tagnum = ASN1_TAGNUM_CEILING; - asn1class = UNIVERSAL; - construction = PRIMITIVE; - taglen = 0; - indef = 0; - retval = asn1_decode_oid(&subbuf, &val->algorithm.length, - &val->algorithm.data); - if (retval) clean_return(retval); - val->parameters.length = 0; - val->parameters.data = NULL; - - assert(subbuf.next >= subbuf.base); - if (length > (size_t)(subbuf.next - subbuf.base)) { - unsigned int size = length - (subbuf.next - subbuf.base); - retval = asn1buf_remove_charstring(&subbuf, size, - &val->parameters.data); - if (retval) clean_return(retval); - val->parameters.length = size; - } - - end_structure(); - } - return 0; -error_out: - free(val->algorithm.data); - free(val->parameters.data); - val->algorithm.data = NULL; - val->parameters.data = NULL; - return retval; -} - -asn1_error_code -asn1_decode_algorithm_identifier_ptr(asn1buf *buf, - krb5_algorithm_identifier **valptr) -{ - decode_ptr(krb5_algorithm_identifier *, asn1_decode_algorithm_identifier); -} - -asn1_error_code -asn1_decode_subject_pk_info(asn1buf *buf, krb5_subject_pk_info *val) -{ - asn1_octet unused; - setup(); - val->algorithm.algorithm.data = NULL; - val->algorithm.parameters.data = NULL; - val->subjectPublicKey.data = NULL; - { begin_structure_no_tag(); - - retval = asn1_decode_algorithm_identifier(&subbuf, &val->algorithm); - if (retval) clean_return(retval); - - /* SubjectPublicKey encoded as a BIT STRING */ - next_tag(); - if (asn1class != UNIVERSAL || construction != PRIMITIVE || - tagnum != ASN1_BITSTRING) - clean_return(ASN1_BAD_ID); - - retval = asn1buf_remove_octet(&subbuf, &unused); - if (retval) clean_return(retval); - - /* Number of unused bits must be between 0 and 7. */ - /* What to do if unused is not zero? */ - if (unused > 7) clean_return(ASN1_BAD_FORMAT); - taglen--; - - val->subjectPublicKey.length = 0; - val->subjectPublicKey.data = NULL; - retval = asn1buf_remove_charstring(&subbuf, taglen, - &val->subjectPublicKey.data); - if (retval) clean_return(retval); - val->subjectPublicKey.length = taglen; - /* - * We didn't call any macro that does next_tag(); do so now to - * preload tag of any trailing encodings. - */ - next_tag(); - end_structure(); - } - return 0; -error_out: - free(val->algorithm.algorithm.data); - free(val->algorithm.parameters.data); - free(val->subjectPublicKey.data); - val->algorithm.algorithm.data = NULL; - val->algorithm.parameters.data = NULL; - val->subjectPublicKey.data = NULL; - return 0; -} - -static void -free_algorithm_identifier(void *dummy, krb5_algorithm_identifier *val) -{ - free(val->algorithm.data); - free(val->parameters.data); - free(val); -} - -asn1_error_code -asn1_decode_sequence_of_algorithm_identifier(asn1buf *buf, - krb5_algorithm_identifier ***val) -{ - decode_array_body(krb5_algorithm_identifier, - asn1_decode_algorithm_identifier_ptr, - free_algorithm_identifier); -} - -asn1_error_code -asn1_decode_kdc_dh_key_info(asn1buf *buf, krb5_kdc_dh_key_info *val) -{ - setup(); - val->subjectPublicKey.data = NULL; - { begin_structure(); - get_lenfield(val->subjectPublicKey.length, val->subjectPublicKey.data, - 0, asn1_decode_bitstring); - get_field(val->nonce, 1, asn1_decode_int32); - opt_field(val->dhKeyExpiration, 2, asn1_decode_kerberos_time, 0); - end_structure(); - } - return 0; -error_out: - free(val->subjectPublicKey.data); - val->subjectPublicKey.data = NULL; - return retval; -} - -asn1_error_code -asn1_decode_reply_key_pack (asn1buf *buf, krb5_reply_key_pack *val) -{ - setup(); - val->replyKey.contents = NULL; - val->asChecksum.contents = NULL; - { begin_structure(); - get_field(val->replyKey, 0, asn1_decode_encryption_key); - get_field(val->asChecksum, 1, asn1_decode_checksum); - end_structure(); - } - return 0; -error_out: - free(val->replyKey.contents); - free(val->asChecksum.contents); - val->replyKey.contents = NULL; - val->asChecksum.contents = NULL; - return retval; -} - -asn1_error_code -asn1_decode_reply_key_pack_draft9 (asn1buf *buf, - krb5_reply_key_pack_draft9 *val) -{ - setup(); - val->replyKey.contents = NULL; - { begin_structure(); - get_field(val->replyKey, 0, asn1_decode_encryption_key); - get_field(val->nonce, 1, asn1_decode_int32); - end_structure(); - } - return 0; -error_out: - free(val->replyKey.contents); - val->replyKey.contents = NULL; - return retval; -} - -asn1_error_code -asn1_decode_krb5_principal_name (asn1buf *buf, krb5_principal *val) -{ - int i; - setup(); - (*val)->realm.data = NULL; - (*val)->data = NULL; - { begin_structure(); - get_field(*val, 0, asn1_decode_realm); - get_field(*val, 1, asn1_decode_principal_name); - end_structure(); - } - return 0; -error_out: - krb5_free_data_contents(NULL, &(*val)->realm); - if ((*val)->data) { - for (i = 0; i < (*val)->length; i++) - krb5_free_data_contents(NULL, &(*val)->data[i]); - free((*val)->data); - } - (*val)->realm.data = NULL; - (*val)->data = NULL; - return retval; -} - -asn1_error_code -asn1_decode_pa_pk_as_rep(asn1buf *buf, krb5_pa_pk_as_rep *val) -{ - setup(); - val->choice = choice_pa_pk_as_rep_UNKNOWN; - { begin_choice(); - if (tagnum == choice_pa_pk_as_rep_dhInfo) { - val->choice = choice_pa_pk_as_rep_dhInfo; - val->u.dh_Info.dhSignedData.data = NULL; - val->u.dh_Info.serverDHNonce.data = NULL; - get_field_body(val->u.dh_Info, asn1_decode_dh_rep_info); - } else if (tagnum == choice_pa_pk_as_rep_encKeyPack) { - val->choice = choice_pa_pk_as_rep_encKeyPack; - val->u.encKeyPack.data = NULL; - get_implicit_charstring(val->u.encKeyPack.length, - val->u.encKeyPack.data, - choice_pa_pk_as_rep_encKeyPack); - } else { - val->choice = choice_pa_pk_as_rep_UNKNOWN; - } - end_choice(); - } - return 0; -error_out: - if (val->choice == choice_pa_pk_as_rep_dhInfo) { - free(val->u.dh_Info.dhSignedData.data); - free(val->u.dh_Info.serverDHNonce.data); - } else if (val->choice == choice_pa_pk_as_rep_encKeyPack) { - free(val->u.encKeyPack.data); - } - val->choice = choice_pa_pk_as_rep_UNKNOWN; - return retval; -} - -asn1_error_code -asn1_decode_kdf_alg_id( asn1buf *buf, krb5_data *val) -{ - setup(); - val->data = NULL; - { begin_structure(); - get_lenfield(val->length,val->data,0,asn1_decode_oid); - end_structure(); - } - return 0; -error_out: - free(val->data); - return retval; -} - -asn1_error_code -asn1_decode_sequence_of_kdf_alg_id(asn1buf *buf, krb5_data ***val) -{ - decode_array_body(krb5_data, asn1_decode_kdf_alg_id_ptr, krb5_free_data); -} - -#endif /* DISABLE_PKINIT */ - -asn1_error_code -asn1_decode_sequence_of_typed_data(asn1buf *buf, krb5_pa_data ***val) -{ - decode_array_body(krb5_pa_data,asn1_decode_typed_data_ptr, - free_pa_data); -} - -asn1_error_code -asn1_decode_typed_data(asn1buf *buf, krb5_pa_data *val) -{ - setup(); - val->contents = NULL; - { begin_structure(); - get_field(val->pa_type,0,asn1_decode_int32); - get_lenfield(val->length,val->contents,1,asn1_decode_octetstring); - end_structure(); - } - return 0; -error_out: - free(val->contents); - val->contents = NULL; - return retval; -} - -asn1_error_code -asn1_decode_typed_data_ptr(asn1buf *buf, krb5_pa_data **valptr) -{ - decode_ptr(krb5_pa_data *, asn1_decode_typed_data); -} diff --git a/src/lib/krb5/asn.1/asn1_k_decode.h b/src/lib/krb5/asn.1/asn1_k_decode.h deleted file mode 100644 index 03a923512..000000000 --- a/src/lib/krb5/asn.1/asn1_k_decode.h +++ /dev/null @@ -1,261 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* lib/krb5/asn.1/asn1_k_decode.h */ -/* - * Copyright 1994 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#ifndef __ASN1_DECODE_KRB5_H__ -#define __ASN1_DECODE_KRB5_H__ - -#include "k5-int.h" -#include "krbasn1.h" -#include "asn1buf.h" - -/* asn1_error_code asn1_decode_scalar_type(asn1buf *buf, krb5_scalar *val); */ -/* - * requires *buf is allocated, *buf's current position points to the - * beginning of an encoding ( ), - * *val is allocated - * - * effects Decodes the encoding in *buf, returning the result in *val. - * - * Returns ASN1_BAD_ID if the encoded id does not indicate - * the proper type. - * - * Returns ASN1_OVERRUN if the encoded length exceeds - * the bounds of *buf - */ - - -/* - * asn1_error_code asn1_decode_structure_type(asn1buf *buf, - * krb5_structure *val); - */ -/* - * requires *buf is allocated, *buf's current position points to the - * beginning of an encoding ( ), - * *val is allocated - * - * Assumes that *val is a freshly-allocated structure (i.e. - * does not attempt to clean up or free *val). - * effects Decodes the encoding in *buf, returning the result in *val. - * - * Returns ASN1_BAD_ID if the encoded id does not indicate - * the proper type. - * - * Returns ASN1_OVERRUN if the encoded length exceeds the - * bounds of *buf - */ - -/* asn1_error_code asn1_decode_array_type(asn1buf *buf, krb5_scalar ***val); */ -/* - * requires *buf is allocated, *buf's current position points to the - * beginning of an encoding ( ) - * - * Assumes that *val is empty (i.e. does not attempt to - * clean up or free *val). - * - * effects Decodes the encoding in *buf, returning the result in *val. - * - * Returns ASN1_BAD_ID if the encoded id does not indicate - * the proper type. - * - * Returns ASN1_OVERRUN if the encoded length exceeds the - * bounds of *buf - */ - -/* scalars */ -asn1_error_code asn1_decode_int(asn1buf *buf, int *val); -asn1_error_code asn1_decode_int32(asn1buf *buf, krb5_int32 *val); -asn1_error_code asn1_decode_kvno(asn1buf *buf, krb5_kvno *val); -asn1_error_code asn1_decode_enctype(asn1buf *buf, krb5_enctype *val); -asn1_error_code asn1_decode_msgtype(asn1buf *buf, krb5_msgtype *val); -asn1_error_code asn1_decode_cksumtype(asn1buf *buf, krb5_cksumtype *val); -asn1_error_code asn1_decode_octet(asn1buf *buf, krb5_octet *val); -asn1_error_code asn1_decode_addrtype(asn1buf *buf, krb5_addrtype *val); -asn1_error_code asn1_decode_authdatatype(asn1buf *buf, krb5_authdatatype *val); -asn1_error_code asn1_decode_ui_2(asn1buf *buf, krb5_ui_2 *val); -asn1_error_code asn1_decode_ui_4(asn1buf *buf, krb5_ui_4 *val); -asn1_error_code asn1_decode_seqnum(asn1buf *buf, krb5_ui_4 *val); -asn1_error_code asn1_decode_kerberos_time(asn1buf *buf, krb5_timestamp *val); -asn1_error_code asn1_decode_sam_flags(asn1buf *buf, krb5_flags *val); - -/* structures */ -asn1_error_code asn1_decode_realm(asn1buf *buf, krb5_principal *val); -asn1_error_code asn1_decode_principal_name(asn1buf *buf, krb5_principal *val); -asn1_error_code asn1_decode_checksum(asn1buf *buf, krb5_checksum *val); -asn1_error_code asn1_decode_checksum_ptr(asn1buf *buf, krb5_checksum **valptr); -asn1_error_code asn1_decode_encryption_key(asn1buf *buf, krb5_keyblock *val); -asn1_error_code asn1_decode_encryption_key_ptr(asn1buf *buf, - krb5_keyblock **valptr); -asn1_error_code asn1_decode_encrypted_data(asn1buf *buf, krb5_enc_data *val); -asn1_error_code asn1_decode_ticket_flags(asn1buf *buf, krb5_flags *val); -asn1_error_code asn1_decode_transited_encoding(asn1buf *buf, - krb5_transited *val); -asn1_error_code asn1_decode_enc_kdc_rep_part(asn1buf *buf, - krb5_enc_kdc_rep_part *val); -asn1_error_code asn1_decode_krb5_flags(asn1buf *buf, krb5_flags *val); -asn1_error_code asn1_decode_ap_options(asn1buf *buf, krb5_flags *val); -asn1_error_code asn1_decode_kdc_options(asn1buf *buf, krb5_flags *val); -asn1_error_code asn1_decode_ticket(asn1buf *buf, krb5_ticket *val); -asn1_error_code asn1_decode_ticket_ptr(asn1buf *buf, krb5_ticket **valptr); -asn1_error_code asn1_decode_kdc_req(asn1buf *buf, krb5_kdc_req *val); -asn1_error_code asn1_decode_kdc_req_body(asn1buf *buf, krb5_kdc_req *val); -asn1_error_code asn1_decode_krb_safe_body(asn1buf *buf, krb5_safe *val); -asn1_error_code asn1_decode_host_address(asn1buf *buf, krb5_address *val); -asn1_error_code asn1_decode_host_address_ptr(asn1buf *buf, - krb5_address **valptr); -asn1_error_code asn1_decode_kdc_rep(asn1buf *buf, krb5_kdc_rep *val); -asn1_error_code asn1_decode_last_req_entry(asn1buf *buf, - krb5_last_req_entry *val); -asn1_error_code asn1_decode_last_req_entry_ptr(asn1buf *buf, - krb5_last_req_entry **valptr); -asn1_error_code asn1_decode_authdata_elt(asn1buf *buf, krb5_authdata *val); -asn1_error_code asn1_decode_authdata_elt_ptr(asn1buf *buf, - krb5_authdata **valptr); -asn1_error_code asn1_peek_authorization_data(asn1buf *buf, - unsigned int *num, - krb5_authdatatype **val); -asn1_error_code asn1_decode_krb_cred_info(asn1buf *buf, krb5_cred_info *val); -asn1_error_code asn1_decode_krb_cred_info_ptr(asn1buf *buf, - krb5_cred_info **valptr); -asn1_error_code asn1_decode_pa_data(asn1buf *buf, krb5_pa_data *val); -asn1_error_code asn1_decode_pa_data_ptr(asn1buf *buf, krb5_pa_data **valptr); -asn1_error_code asn1_decode_sam_challenge_2(asn1buf *buf, - krb5_sam_challenge_2 *val); -asn1_error_code -asn1_decode_sam_challenge_2_body(asn1buf *buf, - krb5_sam_challenge_2_body *val); -asn1_error_code -asn1_decode_enc_sam_response_enc_2(asn1buf *buf, - krb5_enc_sam_response_enc_2 *val); -asn1_error_code asn1_decode_sam_response_2(asn1buf *buf, - krb5_sam_response_2 *val); -asn1_error_code asn1_decode_external_principal_identifier( - asn1buf *buf, krb5_external_principal_identifier *val); -asn1_error_code asn1_decode_external_principal_identifier_ptr( - asn1buf *buf, krb5_external_principal_identifier **valptr); -asn1_error_code asn1_decode_pa_pk_as_req(asn1buf *buf, krb5_pa_pk_as_req *val); -asn1_error_code asn1_decode_pa_pk_as_req_draft9(asn1buf *buf, - krb5_pa_pk_as_req_draft9 *val); -asn1_error_code asn1_decode_dh_rep_info(asn1buf *buf, krb5_dh_rep_info *val); -asn1_error_code asn1_decode_pk_authenticator(asn1buf *buf, - krb5_pk_authenticator *val); -asn1_error_code -asn1_decode_pk_authenticator_draft9(asn1buf *buf, - krb5_pk_authenticator_draft9 *val); -asn1_error_code asn1_decode_subject_pk_info(asn1buf *buf, - krb5_subject_pk_info *val); -asn1_error_code -asn1_decode_algorithm_identifier(asn1buf *buf, krb5_algorithm_identifier *val); -asn1_error_code -asn1_decode_algorithm_identifier_ptr(asn1buf *buf, - krb5_algorithm_identifier **valptr); -asn1_error_code asn1_decode_auth_pack(asn1buf *buf, krb5_auth_pack *val); -asn1_error_code asn1_decode_auth_pack_draft9(asn1buf *buf, - krb5_auth_pack_draft9 *val); -asn1_error_code asn1_decode_pa_pk_as_rep(asn1buf *buf, - krb5_pa_pk_as_rep *val); -asn1_error_code asn1_decode_kdc_dh_key_info(asn1buf *buf, - krb5_kdc_dh_key_info *val); -asn1_error_code asn1_decode_krb5_principal_name(asn1buf *buf, - krb5_principal *val); -asn1_error_code asn1_decode_reply_key_pack(asn1buf *buf, - krb5_reply_key_pack *val); -asn1_error_code -asn1_decode_reply_key_pack_draft9(asn1buf *buf, - krb5_reply_key_pack_draft9 *val); -asn1_error_code -asn1_decode_sequence_of_typed_data(asn1buf *buf, krb5_pa_data ***val); -asn1_error_code asn1_decode_typed_data(asn1buf *buf, krb5_pa_data *val); -asn1_error_code asn1_decode_typed_data_ptr(asn1buf *buf, - krb5_pa_data **valptr); - -/* arrays */ -asn1_error_code asn1_decode_authorization_data(asn1buf *buf, - krb5_authdata ***val); -asn1_error_code asn1_decode_host_addresses(asn1buf *buf, krb5_address ***val); -asn1_error_code asn1_decode_sequence_of_ticket(asn1buf *buf, - krb5_ticket ***val); -asn1_error_code asn1_decode_sequence_of_krb_cred_info(asn1buf *buf, - krb5_cred_info ***val); -asn1_error_code asn1_decode_sequence_of_pa_data(asn1buf *buf, - krb5_pa_data ***val); -asn1_error_code asn1_decode_last_req(asn1buf *buf, krb5_last_req_entry ***val); - -asn1_error_code asn1_decode_sequence_of_enctype(asn1buf *buf, int *num, - krb5_enctype **val); - -asn1_error_code asn1_decode_sequence_of_checksum(asn1buf *buf, - krb5_checksum ***val); - -asn1_error_code asn1_decode_etype_info(asn1buf *buf, - krb5_etype_info_entry ***val); -asn1_error_code asn1_decode_etype_info2(asn1buf *buf, - krb5_etype_info_entry ***val, - krb5_boolean v1_3_behavior); -asn1_error_code asn1_decode_sequence_of_external_principal_identifier( - asn1buf *buf, krb5_external_principal_identifier ***val); -asn1_error_code asn1_decode_sequence_of_algorithm_identifier( - asn1buf *buf, krb5_algorithm_identifier ***val); - -asn1_error_code asn1_decode_setpw_req(asn1buf *buf, krb5_data *rep, - krb5_principal *principal); -asn1_error_code asn1_decode_pa_for_user(asn1buf *buf, krb5_pa_for_user *val); -asn1_error_code asn1_decode_s4u_userid(asn1buf *buf, krb5_s4u_userid *val); -asn1_error_code asn1_decode_pa_s4u_x509_user(asn1buf *buf, - krb5_pa_s4u_x509_user *val); -asn1_error_code asn1_decode_pa_pac_req(asn1buf *buf, krb5_pa_pac_req *val); - -asn1_error_code asn1_decode_fast_armor(asn1buf *buf, krb5_fast_armor *val); - -asn1_error_code asn1_decode_fast_armor_ptr(asn1buf *buf, - krb5_fast_armor **val); - -asn1_error_code asn1_decode_fast_finished(asn1buf *buf, - krb5_fast_finished *val); - -asn1_error_code asn1_decode_fast_finished_ptr(asn1buf *buf, - krb5_fast_finished **val); - -asn1_error_code asn1_decode_ad_kdcissued(asn1buf *buf, krb5_ad_kdcissued *val); - -asn1_error_code asn1_decode_ad_kdcissued_ptr(asn1buf *buf, - krb5_ad_kdcissued **val); - -asn1_error_code asn1_decode_ad_signedpath(asn1buf *buf, - krb5_ad_signedpath *val); - -asn1_error_code asn1_decode_iakerb_header(asn1buf *buf, - krb5_iakerb_header *val); - -asn1_error_code asn1_decode_iakerb_finished(asn1buf *buf, - krb5_iakerb_finished *val); - -asn1_error_code -asn1_decode_kdf_alg_id(asn1buf *buf, krb5_data *val); - -asn1_error_code -asn1_decode_sequence_of_kdf_alg_id(asn1buf *buf, krb5_data ***val); - -#endif diff --git a/src/lib/krb5/asn.1/asn1_k_decode_fast.c b/src/lib/krb5/asn.1/asn1_k_decode_fast.c deleted file mode 100644 index 57546ac93..000000000 --- a/src/lib/krb5/asn.1/asn1_k_decode_fast.c +++ /dev/null @@ -1,78 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* lib/krb5/asn.1/asn1_k_decode_fast.c */ -/* - * Copyright 1994, 2007, 2008, 2010 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include "asn1_k_decode_macros.h" - -asn1_error_code -asn1_decode_fast_armor(asn1buf *buf, krb5_fast_armor *val) -{ - setup(); - val->armor_value.data = NULL; - {begin_structure(); - get_field(val->armor_type, 0, asn1_decode_int32); - get_lenfield(val->armor_value.length, val->armor_value.data, - 1, asn1_decode_charstring); - end_structure(); - } - return 0; -error_out: - krb5_free_data_contents( NULL, &val->armor_value); - return retval; -} - -asn1_error_code -asn1_decode_fast_armor_ptr(asn1buf *buf, krb5_fast_armor **valptr) -{ - decode_ptr(krb5_fast_armor *, asn1_decode_fast_armor); -} - -asn1_error_code -asn1_decode_fast_finished(asn1buf *buf, krb5_fast_finished *val) -{ - setup(); - val->client = NULL; - val->ticket_checksum.contents = NULL; - {begin_structure(); - get_field(val->timestamp, 0, asn1_decode_kerberos_time); - get_field(val->usec, 1, asn1_decode_int32); - alloc_field(val->client); - get_field(val->client, 2, asn1_decode_realm); - get_field(val->client, 3, asn1_decode_principal_name); - get_field(val->ticket_checksum, 4, asn1_decode_checksum); - end_structure(); - } - return 0; -error_out: - krb5_free_principal(NULL, val->client); - krb5_free_checksum_contents( NULL, &val->ticket_checksum); - return retval; -} - -asn1_error_code -asn1_decode_fast_finished_ptr(asn1buf *buf, krb5_fast_finished **valptr) -{ - decode_ptr( krb5_fast_finished *, asn1_decode_fast_finished); -} diff --git a/src/lib/krb5/asn.1/asn1_k_decode_kdc.c b/src/lib/krb5/asn.1/asn1_k_decode_kdc.c deleted file mode 100644 index 1b79f2f18..000000000 --- a/src/lib/krb5/asn.1/asn1_k_decode_kdc.c +++ /dev/null @@ -1,293 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* lib/krb5/asn.1/asn1_k_decode_kdc.c */ -/* - * Copyright 1994, 2007, 2008, 2010 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include "asn1_k_decode_macros.h" - -asn1_error_code -asn1_decode_kdc_req(asn1buf *buf, krb5_kdc_req *val) -{ - setup(); - val->padata = NULL; - { begin_structure(); - { krb5_kvno kvno; - get_field(kvno,1,asn1_decode_kvno); - if (kvno != KVNO) clean_return(KRB5KDC_ERR_BAD_PVNO); } - get_field(val->msg_type,2,asn1_decode_msgtype); - opt_field(val->padata,3,asn1_decode_sequence_of_pa_data,NULL); - get_field(*val,4,asn1_decode_kdc_req_body); - end_structure(); - val->magic = KV5M_KDC_REQ; - } - return 0; -error_out: - krb5_free_pa_data(NULL, val->padata); - val->padata = NULL; - return retval; -} - -asn1_error_code -asn1_decode_kdc_req_body(asn1buf *buf, krb5_kdc_req *val) -{ - setup(); - val->client = NULL; - val->server = NULL; - val->ktype = NULL; - val->addresses = NULL; - val->authorization_data.ciphertext.data = NULL; - val->unenc_authdata = NULL; - val->second_ticket = NULL; - { - krb5_principal psave; - begin_structure(); - get_field(val->kdc_options,0,asn1_decode_kdc_options); - if (tagnum == 1) { alloc_principal(val->client); } - opt_field(val->client,1,asn1_decode_principal_name,NULL); - alloc_principal(val->server); - get_field(val->server,2,asn1_decode_realm); - if (val->client != NULL) { - retval = asn1_krb5_realm_copy(val->client,val->server); - if (retval) clean_return(retval); } - - /* If opt_field server is missing, memory reference to server is - * lost and results in memory leak - */ - psave = val->server; - opt_field(val->server,3,asn1_decode_principal_name,NULL); - if (val->server == NULL) { - if (psave->realm.data) { - free(psave->realm.data); - psave->realm.data = NULL; - psave->realm.length=0; - } - free(psave); - } - opt_field(val->from,4,asn1_decode_kerberos_time,0); - get_field(val->till,5,asn1_decode_kerberos_time); - opt_field(val->rtime,6,asn1_decode_kerberos_time,0); - get_field(val->nonce,7,asn1_decode_int32); - get_lenfield(val->nktypes,val->ktype,8,asn1_decode_sequence_of_enctype); - opt_field(val->addresses,9,asn1_decode_host_addresses,0); - if (tagnum == 10) { - get_field(val->authorization_data,10,asn1_decode_encrypted_data); } - else { - val->authorization_data.magic = KV5M_ENC_DATA; - val->authorization_data.enctype = 0; - val->authorization_data.kvno = 0; - val->authorization_data.ciphertext.data = NULL; - val->authorization_data.ciphertext.length = 0; - } - opt_field(val->second_ticket,11,asn1_decode_sequence_of_ticket,NULL); - end_structure(); - val->magic = KV5M_KDC_REQ; - } - return 0; -error_out: - krb5_free_principal(NULL, val->client); - krb5_free_principal(NULL, val->server); - free(val->ktype); - krb5_free_addresses(NULL, val->addresses); - krb5_free_data_contents(NULL, &val->authorization_data.ciphertext); - krb5_free_tickets(NULL, val->second_ticket); - val->client = NULL; - val->server = NULL; - val->ktype = NULL; - val->addresses = NULL; - val->unenc_authdata = NULL; - val->second_ticket = NULL; - return retval; -} - -#ifndef DISABLE_PKINIT -/* PKINIT */ -asn1_error_code -asn1_decode_pa_pk_as_req(asn1buf *buf, krb5_pa_pk_as_req *val) -{ - setup(); - val->signedAuthPack.data = NULL; - val->trustedCertifiers = NULL; - val->kdcPkId.data = NULL; - { - begin_structure(); - get_implicit_charstring(val->signedAuthPack.length, val->signedAuthPack.data, 0); - opt_field(val->trustedCertifiers, 1, asn1_decode_sequence_of_external_principal_identifier, NULL); - opt_implicit_charstring(val->kdcPkId.length, val->kdcPkId.data, 2); - end_structure(); - } - return 0; -error_out: - free(val->signedAuthPack.data); - free(val->trustedCertifiers); - free(val->kdcPkId.data); - val->signedAuthPack.data = NULL; - val->trustedCertifiers = NULL; - val->kdcPkId.data = NULL; - return retval; -} - -asn1_error_code -asn1_decode_pa_pk_as_req_draft9(asn1buf *buf, krb5_pa_pk_as_req_draft9 *val) -{ - int i; - setup(); - val->signedAuthPack.data = NULL; - val->kdcCert.data = NULL; - { begin_structure(); - /* PA-PK-AS-REQ in draft9 has four fields, but we only care about the - * first one. */ - get_implicit_charstring(val->signedAuthPack.length, val->signedAuthPack.data, 0); - end_structure(); - } - return 0; -error_out: - free(val->signedAuthPack.data); - val->signedAuthPack.data = NULL; - return retval; -} - -static void -free_algorithm_identifier(krb5_algorithm_identifier *val) -{ - free(val->algorithm.data); - free(val->parameters.data); - free(val); -} - -asn1_error_code -asn1_decode_auth_pack(asn1buf *buf, krb5_auth_pack *val) -{ - int i; - setup(); - val->clientPublicValue = NULL; - val->pkAuthenticator.paChecksum.contents = NULL; - val->supportedCMSTypes = NULL; - val->clientDHNonce.data = NULL; - val->supportedKDFs = NULL; - { begin_structure(); - get_field(val->pkAuthenticator, 0, asn1_decode_pk_authenticator); - if (tagnum == 1) { - alloc_field(val->clientPublicValue); - val->clientPublicValue->algorithm.algorithm.data = NULL; - val->clientPublicValue->algorithm.parameters.data = NULL; - val->clientPublicValue->subjectPublicKey.data = NULL; - } - /* can't call opt_field because it does decoder(&subbuf, &(val)); */ - if (asn1buf_remains(&subbuf, seqindef)) { - if ((asn1class != CONTEXT_SPECIFIC || construction != CONSTRUCTED) - && (tagnum || taglen || asn1class != UNIVERSAL)) - clean_return(ASN1_BAD_ID); - if (tagnum == 1) { - retval = asn1_decode_subject_pk_info(&subbuf, - val->clientPublicValue); - if (retval) clean_return(retval); - if (!taglen && indef) { get_eoc(); } - next_tag(); - } else val->clientPublicValue = NULL; - } - /* can't call opt_field because it does decoder(&subbuf, &(val)); */ - if (asn1buf_remains(&subbuf, seqindef)) { - if (tagnum == 2) { - retval = asn1_decode_sequence_of_algorithm_identifier(&subbuf, &val->supportedCMSTypes); - if (retval) clean_return(retval); - if (!taglen && indef) { get_eoc(); } - next_tag(); - } else val->supportedCMSTypes = NULL; - } - opt_lenfield(val->clientDHNonce.length, val->clientDHNonce.data, 3, asn1_decode_charstring); - opt_field(val->supportedKDFs, 4, asn1_decode_sequence_of_kdf_alg_id, NULL); - end_structure(); - } - return 0; -error_out: - if (val->clientPublicValue) { - free(val->clientPublicValue->algorithm.algorithm.data); - free(val->clientPublicValue->algorithm.parameters.data); - free(val->clientPublicValue->subjectPublicKey.data); - free(val->clientPublicValue); - } - free(val->pkAuthenticator.paChecksum.contents); - if (val->supportedCMSTypes) { - for (i = 0; val->supportedCMSTypes[i]; i++) - free_algorithm_identifier(val->supportedCMSTypes[i]); - free(val->supportedCMSTypes); - } - free(val->clientDHNonce.data); - if (val->supportedKDFs) { - for (i = 0; val->supportedKDFs[i]; i++) - krb5_free_data(NULL, val->supportedKDFs[i]); - free(val->supportedKDFs); - val->supportedKDFs = NULL; - } - val->clientPublicValue = NULL; - val->pkAuthenticator.paChecksum.contents = NULL; - val->supportedCMSTypes = NULL; - val->clientDHNonce.data = NULL; - return retval; -} - -asn1_error_code -asn1_decode_auth_pack_draft9(asn1buf *buf, krb5_auth_pack_draft9 *val) -{ - setup(); - val->pkAuthenticator.kdcName = NULL; - val->clientPublicValue = NULL; - { begin_structure(); - get_field(val->pkAuthenticator, 0, asn1_decode_pk_authenticator_draft9); - if (tagnum == 1) { - alloc_field(val->clientPublicValue); - val->clientPublicValue->algorithm.algorithm.data = NULL; - val->clientPublicValue->algorithm.parameters.data = NULL; - val->clientPublicValue->subjectPublicKey.data = NULL; - /* can't call opt_field because it does decoder(&subbuf, &(val)); */ - if (asn1buf_remains(&subbuf, seqindef)) { - if ((asn1class != CONTEXT_SPECIFIC || construction != CONSTRUCTED) - && (tagnum || taglen || asn1class != UNIVERSAL)) - clean_return(ASN1_BAD_ID); - if (tagnum == 1) { - retval = asn1_decode_subject_pk_info(&subbuf, - val->clientPublicValue); - if (retval) clean_return(retval); - if (!taglen && indef) { get_eoc(); } - next_tag(); - } else val->clientPublicValue = NULL; - } - } - end_structure(); - } - return 0; -error_out: - free(val->pkAuthenticator.kdcName); - if (val->clientPublicValue) { - free(val->clientPublicValue->algorithm.algorithm.data); - free(val->clientPublicValue->algorithm.parameters.data); - free(val->clientPublicValue->subjectPublicKey.data); - free(val->clientPublicValue); - } - val->pkAuthenticator.kdcName = NULL; - val->clientPublicValue = NULL; - return retval; -} - -#endif /* DISABLE_PKINIT */ diff --git a/src/lib/krb5/asn.1/asn1_k_decode_macros.h b/src/lib/krb5/asn.1/asn1_k_decode_macros.h deleted file mode 100644 index 60da045ce..000000000 --- a/src/lib/krb5/asn.1/asn1_k_decode_macros.h +++ /dev/null @@ -1,420 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* lib/krb5/asn.1/asn1_k_decode_macros.h */ -/* - * Copyright 1994, 2007, 2008, 2010 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#ifndef ASN1_DECODE_KRB5_MACROS_H -#define ASN1_DECODE_KRB5_MACROS_H - -#include "asn1_k_decode.h" -#include "asn1_decode.h" -#include "asn1_get.h" -#include "asn1_misc.h" - -#if __GNUC__ >= 3 -#define KRB5_ATTR_UNUSED __attribute__((unused)) -#else -#define KRB5_ATTR_UNUSED -#endif - -#define clean_return(val) { retval = val; goto error_out; } - -/* Declare useful decoder variables. */ -#define setup() \ - asn1_error_code retval; \ - asn1_class asn1class; \ - asn1_construction construction KRB5_ATTR_UNUSED; \ - asn1_tagnum tagnum; \ - unsigned int length, taglen KRB5_ATTR_UNUSED - -#define unused_var(x) if (0) { x = 0; x = x - x; } - -/* This is used for prefetch of next tag in sequence. */ -#define next_tag() \ - { taginfo t2; \ - retval = asn1_get_tag_2(&subbuf, &t2); \ - if (retval) clean_return(retval); \ - /* Copy out to match previous functionality, until better integrated. */ \ - asn1class = t2.asn1class; \ - construction = t2.construction; \ - tagnum = t2.tagnum; \ - taglen = t2.length; \ - indef = t2.indef; \ - } - -static asn1_error_code -asn1_get_eoc_tag (asn1buf *buf) -{ - asn1_error_code retval; - taginfo t; - - retval = asn1_get_tag_2(buf, &t); - if (retval) - return retval; - if (t.asn1class != UNIVERSAL || t.tagnum || t.indef) - return ASN1_MISSING_EOC; - return 0; -} - -/* Force check for EOC tag. */ -#define get_eoc() \ - { \ - retval = asn1_get_eoc_tag(&subbuf); \ - if (retval) clean_return(retval); \ - } - -#define alloc_field(var) \ - var = calloc(1, sizeof(*var)); \ - if ((var) == NULL) clean_return(ENOMEM) - -/* - * Allocate a principal and initialize enough fields for - * krb5_free_principal to have defined behavior. - */ -#define alloc_principal(var) \ - alloc_field(var); \ - var->realm.data = NULL; \ - var->data = NULL - -/* - * Allocate a data structure and initialize enough fields for - * krb5_free_data to have defined behavior. - */ -#define alloc_data(var) \ - alloc_field(var); \ - var->data = NULL - -/* Fetch an expected APPLICATION class tag and verify. */ -#define apptag(tagexpect) \ - { \ - taginfo t1; \ - retval = asn1_get_tag_2(buf, &t1); \ - if (retval) clean_return(retval); \ - if (t1.asn1class != APPLICATION || t1.construction != CONSTRUCTED || \ - t1.tagnum != (tagexpect)) clean_return(ASN1_BAD_ID); \ - /* Copy out to match previous functionality, until better integrated. */ \ - asn1class = t1.asn1class; \ - construction = t1.construction; \ - tagnum = t1.tagnum; \ - applen = t1.length; \ - } - -/**** normal fields ****/ - -/* - * get_field_body - * - * Get bare field. This also prefetches the next tag. The call to - * get_eoc() assumes that any values fetched by this macro are - * enclosed in a context-specific tag. - */ -#define get_field_body(var, decoder) \ - retval = decoder(&subbuf, &(var)); \ - if (retval) clean_return(retval); \ - if (!taglen && indef) { get_eoc(); } \ - next_tag() - -/* - * error_if_bad_tag - * - * Checks that the next tag is the expected one; returns with an error - * if not. - */ -#define error_if_bad_tag(tagexpect) \ - if (tagnum != (tagexpect)) { clean_return((tagnum < (tagexpect)) ? ASN1_MISPLACED_FIELD : ASN1_MISSING_FIELD); } - -/* - * get_field - * - * Get field having an expected context specific tag. This assumes - * that context-specific tags are monotonically increasing in its - * verification of tag numbers. - */ -#define get_field(var, tagexpect, decoder) \ - error_if_bad_tag(tagexpect); \ - if ((asn1class != CONTEXT_SPECIFIC || construction != CONSTRUCTED) \ - && (tagnum || taglen || asn1class != UNIVERSAL)) \ - clean_return(ASN1_BAD_ID); \ - get_field_body(var,decoder) - -/* - * opt_field - * - * Get an optional field with an expected context specific tag. - * Assumes that OPTVAL will have the default value, thus failing to - * distinguish between absent optional values and present optional - * values that happen to have the value of OPTVAL. - */ -#define opt_field(var, tagexpect, decoder, optvalue) \ - if (asn1buf_remains(&subbuf, seqindef)) { \ - if ((asn1class != CONTEXT_SPECIFIC || construction != CONSTRUCTED) \ - && (tagnum || taglen || asn1class != UNIVERSAL)) \ - clean_return(ASN1_BAD_ID); \ - if (tagnum == (tagexpect)) { \ - get_field_body(var, decoder); \ - } else var = optvalue; \ - } - -/**** fields w/ length ****/ - -/* similar to get_field_body */ -#define get_lenfield_body(len, var, decoder) \ - retval = decoder(&subbuf, &(len), &(var)); \ - if (retval) clean_return(retval); \ - if (!taglen && indef) { get_eoc(); } \ - next_tag() - -/* similar to get_field_body */ -#define get_lenfield(len, var, tagexpect, decoder) \ - error_if_bad_tag(tagexpect); \ - if ((asn1class != CONTEXT_SPECIFIC || construction != CONSTRUCTED) \ - && (tagnum || taglen || asn1class != UNIVERSAL)) \ - clean_return(ASN1_BAD_ID); \ - get_lenfield_body(len, var, decoder) - -/* similar to opt_field */ -#define opt_lenfield(len, var, tagexpect, decoder) \ - if (tagnum == (tagexpect)) { \ - get_lenfield_body(len, var, decoder); \ - } else { len = 0; var = 0; } - -/* - * Deal with implicitly tagged fields - */ -#define get_implicit_charstring(len, var, tagexpect) \ - if (tagnum != (tagexpect)) clean_return(ASN1_MISSING_FIELD); \ - if (asn1class != CONTEXT_SPECIFIC || construction != PRIMITIVE) \ - clean_return(ASN1_BAD_ID); \ - retval = asn1buf_remove_charstring(&subbuf, taglen, &(var)); \ - if (retval) clean_return(retval); \ - (len) = taglen; \ - next_tag() - -#define opt_implicit_charstring(len, var, tagexpect) \ - if (tagnum == (tagexpect)) { \ - if (asn1class != CONTEXT_SPECIFIC || construction != PRIMITIVE) \ - clean_return(ASN1_BAD_ID); \ - retval = asn1buf_remove_charstring(&subbuf, taglen, &(var)); \ - if (retval) clean_return(retval); \ - (len) = taglen; \ - next_tag(); \ - } else { (len) = 0; (var) = NULL; } - -/* - * begin_structure - * - * Declares some variables for decoding SEQUENCE types. This is meant - * to be called in an inner block that ends with a call to - * end_structure(). - */ -#define begin_structure() \ - asn1buf subbuf; \ - int seqindef; \ - int indef; \ - retval = asn1_get_sequence(buf, &length, &seqindef); \ - if (retval) clean_return(retval); \ - retval = asn1buf_imbed(&subbuf, buf, length, seqindef); \ - if (retval) clean_return(retval); \ - next_tag() - -/* - * This is used for structures which have no tagging. - * It is the same as begin_structure() except next_tag() - * is not called. - */ -#define begin_structure_no_tag() \ - asn1buf subbuf; \ - int seqindef; \ - int indef; \ - retval = asn1_get_sequence(buf, &length, &seqindef); \ - if (retval) clean_return(retval); \ - retval = asn1buf_imbed(&subbuf, buf, length, seqindef); \ - if (retval) clean_return(retval) - -/* skip trailing garbage */ -#define end_structure() \ - retval = asn1buf_sync(buf, &subbuf, asn1class, tagnum, \ - length, indef, seqindef); \ - if (retval) clean_return(retval) - -/* - * begin_choice - * - * Declares some variables for decoding CHOICE types. This is meant - * to be called in an inner block that ends with a call to - * end_choice(). - */ -#define begin_choice() \ - asn1buf subbuf; \ - int seqindef; \ - int indef KRB5_ATTR_UNUSED; \ - taginfo t; \ - retval = asn1_get_tag_2(buf, &t); \ - if (retval) clean_return(retval); \ - tagnum = t.tagnum; \ - taglen = t.length; \ - indef = t.indef; \ - length = t.length; \ - seqindef = t.indef; \ - asn1class = t.asn1class; \ - construction = t.construction; \ - retval = asn1buf_imbed(&subbuf, buf, length, seqindef); \ - if (retval) clean_return(retval) - -/* skip trailing garbage */ -#define end_choice() \ - length -= t.length; \ - retval = asn1buf_sync(buf, &subbuf, t.asn1class, t.tagnum, \ - length, t.indef, seqindef); \ - if (retval) clean_return(retval) - -/* - * sequence_of - * - * Declares some variables for decoding SEQUENCE OF types. This is - * meant to be called in an inner block that ends with a call to - * end_sequence_of(). - */ -#define sequence_of(buf) \ - unsigned int length, taglen KRB5_ATTR_UNUSED ; \ - asn1_class asn1class; \ - asn1_construction construction KRB5_ATTR_UNUSED ; \ - asn1_tagnum tagnum; \ - int indef; \ - sequence_of_common(buf) - -/* - * sequence_of_no_tagvars - * - * This is meant for use inside decoder functions that have an outer - * sequence structure and thus declares variables of different names - * than does sequence_of() to avoid shadowing. - */ -#define sequence_of_no_tagvars(buf) \ - sequence_of_common(buf) - -/* - * sequence_of_common - * - * Fetches the outer SEQUENCE OF length info into {length,seqofindef} - * and imbeds an inner buffer seqbuf. Unlike begin_structure(), it - * does not prefetch the next tag. - */ -#define sequence_of_common(buf) \ - asn1buf seqbuf; \ - int seqofindef; \ - retval = asn1_get_sequence(buf, &length, &seqofindef); \ - if (retval) clean_return(retval); \ - retval = asn1buf_imbed(&seqbuf, buf, length, seqofindef); \ - if (retval) clean_return(retval) - -/* - * end_sequence_of - * - * Attempts to fetch an EOC tag, if any, and to sync over trailing - * garbage, if any. - */ -#define end_sequence_of(buf) \ - { \ - taginfo t4; \ - retval = asn1_get_tag_2(&seqbuf, &t4); \ - if (retval) clean_return(retval); \ - /* Copy out to match previous functionality, until better integrated. */ \ - asn1class = t4.asn1class; \ - construction = t4.construction; \ - tagnum = t4.tagnum; \ - taglen = t4.length; \ - indef = t4.indef; \ - } \ - retval = asn1buf_sync(buf, &seqbuf, asn1class, tagnum, \ - length, indef, seqofindef); \ - if (retval) clean_return(retval); - -/* - * end_sequence_of_no_tagvars - * - * Like end_sequence_of(), but uses the different (non-shadowing) - * variable names. - */ -static inline asn1_error_code -end_sequence_of_no_tagvars_helper(asn1buf *buf, asn1buf *seqbufp, - int seqofindef) -{ - taginfo t; - asn1_error_code retval; - - retval = asn1_get_tag_2(seqbufp, &t); - if (retval) - return retval; - retval = asn1buf_sync(buf, seqbufp, t.asn1class, t.tagnum, - t.length, t.indef, seqofindef); - return retval; -} -#define end_sequence_of_no_tagvars(buf) \ - retval = end_sequence_of_no_tagvars_helper(buf, &seqbuf, seqofindef); \ - if (retval) clean_return(retval) - -/* - * Function body for a pointer decoder, which allocates a pointer - * field and invokes a structure decoder to fill it in. Pointer - * decoders always fill in their output parameters with NULL (on - * error) or a valid constructed structure, making cleanup easier on - * callers. - */ -#define decode_ptr(type, structure_decoder) \ - type val; \ - asn1_error_code retval; \ - \ - *valptr = NULL; \ - val = calloc(1, sizeof(*val)); \ - if (!val) \ - return ENOMEM; \ - retval = structure_decoder(buf, val); \ - if (retval) { \ - free(val); \ - return retval; \ - } \ - *valptr = val; \ - return 0; -#define integer_convert(fname,ktype) \ - asn1_error_code fname(asn1buf * buf, ktype * val) \ - { \ - asn1_error_code retval; \ - long n; \ - retval = asn1_decode_integer(buf,&n); \ - if (retval) return retval; \ - *val = (ktype)n; \ - return 0; \ - } -#define unsigned_integer_convert(fname,ktype) \ - asn1_error_code fname(asn1buf * buf, ktype * val) \ - { \ - asn1_error_code retval; \ - unsigned long n; \ - retval = asn1_decode_unsigned_integer(buf,&n); \ - if (retval) return retval; \ - *val = (ktype)n; \ - return 0; \ - } -#endif diff --git a/src/lib/krb5/asn.1/asn1_k_decode_sam.c b/src/lib/krb5/asn.1/asn1_k_decode_sam.c deleted file mode 100644 index c6a4daf69..000000000 --- a/src/lib/krb5/asn.1/asn1_k_decode_sam.c +++ /dev/null @@ -1,158 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* lib/krb5/asn.1/asn1_k_decode_sam.c */ -/* - * Copyright 1994, 2007, 2008, 2010 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include "asn1_k_decode_macros.h" - -asn1_error_code -asn1_decode_sam_flags(asn1buf *buf, krb5_flags *val) -{ - return asn1_decode_krb5_flags(buf,val); -} - -#define opt_string(val,n,fn) opt_lenfield((val).length,(val).data,n,fn) -#define opt_cksum(var,tagexpect,decoder) \ - if (tagnum == (tagexpect)) { \ - get_field_body(var,decoder); } \ - else var.length = 0 - -asn1_error_code -asn1_decode_sam_challenge_2(asn1buf *buf, krb5_sam_challenge_2 *val) -{ - krb5_checksum **cksump; - setup(); - val->sam_challenge_2_body.data = NULL; - val->sam_cksum = NULL; - { char *save, *end; - size_t alloclen; - begin_structure(); - if (tagnum != 0) clean_return(ASN1_MISSING_FIELD); - if (asn1class != CONTEXT_SPECIFIC || construction != CONSTRUCTED) - clean_return(ASN1_BAD_ID); - save = subbuf.next; - { sequence_of_no_tagvars(&subbuf); - end_sequence_of_no_tagvars(&subbuf); - } - end = subbuf.next; - alloclen = end - save; - val->sam_challenge_2_body.data = malloc(alloclen); - if (!val->sam_challenge_2_body.data) - clean_return(ENOMEM); - val->sam_challenge_2_body.length = alloclen; - memcpy(val->sam_challenge_2_body.data, save, alloclen); - next_tag(); - get_field(val->sam_cksum, 1, asn1_decode_sequence_of_checksum); - end_structure(); - } - return 0; -error_out: - krb5_free_data_contents(NULL, &val->sam_challenge_2_body); - if (val->sam_cksum) { - for (cksump = val->sam_cksum; *cksump; cksump++) - krb5_free_checksum(NULL, *cksump); - free(val->sam_cksum); - val->sam_cksum = NULL; - } - return retval; -} - -asn1_error_code -asn1_decode_sam_challenge_2_body(asn1buf *buf, krb5_sam_challenge_2_body *val) -{ - setup(); - val->sam_type_name.data = NULL; - val->sam_track_id.data = NULL; - val->sam_challenge_label.data = NULL; - val->sam_challenge.data = NULL; - val->sam_response_prompt.data = NULL; - val->sam_pk_for_sad.data = NULL; - { begin_structure(); - get_field(val->sam_type,0,asn1_decode_int32); - get_field(val->sam_flags,1,asn1_decode_sam_flags); - opt_string(val->sam_type_name,2,asn1_decode_charstring); - opt_string(val->sam_track_id,3,asn1_decode_charstring); - opt_string(val->sam_challenge_label,4,asn1_decode_charstring); - opt_string(val->sam_challenge,5,asn1_decode_charstring); - opt_string(val->sam_response_prompt,6,asn1_decode_charstring); - opt_string(val->sam_pk_for_sad,7,asn1_decode_charstring); - get_field(val->sam_nonce,8,asn1_decode_int32); - get_field(val->sam_etype, 9, asn1_decode_int32); - end_structure(); - val->magic = KV5M_SAM_CHALLENGE; - } - return 0; -error_out: - krb5_free_sam_challenge_2_body_contents(NULL, val); - return retval; -} - -asn1_error_code -asn1_decode_enc_sam_response_enc_2(asn1buf *buf, krb5_enc_sam_response_enc_2 *val) -{ - setup(); - val->sam_sad.data = NULL; - { begin_structure(); - get_field(val->sam_nonce,0,asn1_decode_int32); - opt_string(val->sam_sad,1,asn1_decode_charstring); - end_structure(); - val->magic = KV5M_ENC_SAM_RESPONSE_ENC_2; - } - return 0; -error_out: - krb5_free_enc_sam_response_enc_2_contents(NULL, val); - return retval; -} - -#define opt_encfield(fld,tag,fn) \ - if (tagnum == tag) { \ - get_field(fld,tag,fn); } \ - else { \ - fld.magic = 0; \ - fld.enctype = 0; \ - fld.kvno = 0; \ - fld.ciphertext.data = NULL; \ - fld.ciphertext.length = 0; \ - } - -asn1_error_code -asn1_decode_sam_response_2(asn1buf *buf, krb5_sam_response_2 *val) -{ - setup(); - val->sam_track_id.data = NULL; - val->sam_enc_nonce_or_sad.ciphertext.data = NULL; - { begin_structure(); - get_field(val->sam_type,0,asn1_decode_int32); - get_field(val->sam_flags,1,asn1_decode_sam_flags); - opt_string(val->sam_track_id,2,asn1_decode_charstring); - get_field(val->sam_enc_nonce_or_sad,3,asn1_decode_encrypted_data); - get_field(val->sam_nonce,4,asn1_decode_int32); - end_structure(); - val->magic = KV5M_SAM_RESPONSE; - } - return 0; -error_out: - krb5_free_sam_response_2_contents(NULL, val); - return retval; -} diff --git a/src/lib/krb5/asn.1/asn1_misc.c b/src/lib/krb5/asn.1/asn1_misc.c deleted file mode 100644 index cfe18a527..000000000 --- a/src/lib/krb5/asn.1/asn1_misc.c +++ /dev/null @@ -1,38 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* lib/krb5/asn.1/asn1_misc.c */ -/* - * Copyright 1994 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include "asn1_misc.h" - -asn1_error_code -asn1_krb5_realm_copy(krb5_principal target, krb5_principal source) -{ - target->realm.length = source->realm.length; - target->realm.data = (char*)malloc(target->realm.length); /* copy realm */ - if (target->realm.data == NULL) return ENOMEM; - memcpy(target->realm.data,source->realm.data, /* to client */ - target->realm.length); - return 0; -} diff --git a/src/lib/krb5/asn.1/asn1_misc.h b/src/lib/krb5/asn.1/asn1_misc.h deleted file mode 100644 index 88948d2a7..000000000 --- a/src/lib/krb5/asn.1/asn1_misc.h +++ /dev/null @@ -1,41 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* lib/krb5/asn.1/asn1_misc.h */ -/* - * Copyright 1994 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#ifndef __ASN1_MISC_H__ -#define __ASN1_MISC_H__ - -#include "k5-int.h" -#include "krbasn1.h" - -asn1_error_code asn1_krb5_realm_copy(krb5_principal target, - krb5_principal source); -/* - * requires target, source, and source->realm are allocated - * effects Copies source->realm into target->realm. - * Returns ENOMEM if memory is exhausted. - */ - -#endif diff --git a/src/lib/krb5/asn.1/asn1buf.c b/src/lib/krb5/asn.1/asn1buf.c index f73458ef0..b93753034 100644 --- a/src/lib/krb5/asn.1/asn1buf.c +++ b/src/lib/krb5/asn.1/asn1buf.c @@ -57,7 +57,6 @@ #define ASN1BUF_OMIT_INLINE_FUNCS #include "asn1buf.h" #include -#include "asn1_get.h" #ifdef USE_VALGRIND #include @@ -89,82 +88,6 @@ asn1buf_create(asn1buf **buf) return 0; } -asn1_error_code -asn1buf_wrap_data(asn1buf *buf, const krb5_data *code) -{ - if (code == NULL || code->data == NULL) return ASN1_MISSING_FIELD; - buf->next = buf->base = code->data; - buf->bound = code->data + code->length - 1; - return 0; -} - -asn1_error_code -asn1buf_imbed(asn1buf *subbuf, const asn1buf *buf, const unsigned int length, const int indef) -{ - if (buf->next > buf->bound + 1) return ASN1_OVERRUN; - subbuf->base = subbuf->next = buf->next; - if (!indef) { - if (length > (size_t)(buf->bound + 1 - buf->next)) return ASN1_OVERRUN; - subbuf->bound = subbuf->base + length - 1; - } else /* constructed indefinite */ - subbuf->bound = buf->bound; - return 0; -} - -asn1_error_code -asn1buf_sync(asn1buf *buf, asn1buf *subbuf, - asn1_class asn1class, asn1_tagnum lasttag, - unsigned int length, int indef, int seqindef) -{ - asn1_error_code retval; - - if (!seqindef) { - /* sequence was encoded as definite length */ - buf->next = subbuf->bound + 1; - } else if (!asn1_is_eoc(asn1class, lasttag, indef)) { - retval = asn1buf_skiptail(subbuf, length, indef); - if (retval) - return retval; - } else { - /* We have just read the EOC octets. */ - buf->next = subbuf->next; - } - return 0; -} - -asn1_error_code -asn1buf_skiptail(asn1buf *buf, const unsigned int length, const int indef) -{ - asn1_error_code retval; - taginfo t; - int nestlevel; - - nestlevel = 1 + indef; - if (!indef) { - if (length <= (size_t)(buf->bound - buf->next + 1)) - buf->next += length; - else - return ASN1_OVERRUN; - } - while (nestlevel > 0) { - if (buf->bound - buf->next + 1 <= 0) - return ASN1_OVERRUN; - retval = asn1_get_tag_2(buf, &t); - if (retval) return retval; - if (!t.indef) { - if (t.length <= (size_t)(buf->bound - buf->next + 1)) - buf->next += t.length; - else - return ASN1_OVERRUN; - } - if (t.indef) - nestlevel++; - if (asn1_is_eoc(t.asn1class, t.tagnum, t.indef)) - nestlevel--; /* got an EOC encoding */ - } - return 0; -} - void asn1buf_destroy(asn1buf **buf) { @@ -205,69 +128,6 @@ asn1buf_insert_bytestring(asn1buf *buf, const unsigned int len, const void *sv) return 0; } - -#undef asn1buf_remove_octet -asn1_error_code asn1buf_remove_octet(asn1buf *buf, asn1_octet *o) -{ - if (buf->next > buf->bound) return ASN1_OVERRUN; - *o = (asn1_octet)(*((buf->next)++)); - return 0; -} - -asn1_error_code -asn1buf_remove_octetstring(asn1buf *buf, const unsigned int len, asn1_octet **s) -{ - unsigned int i; - - if (buf->next > buf->bound + 1) return ASN1_OVERRUN; - if (len > (size_t)(buf->bound + 1 - buf->next)) return ASN1_OVERRUN; - if (len == 0) { - *s = 0; - return 0; - } - *s = (asn1_octet*)malloc(len*sizeof(asn1_octet)); - if (*s == NULL) - return ENOMEM; - for (i=0; inext)[i]; - buf->next += len; - return 0; -} - -asn1_error_code -asn1buf_remove_charstring(asn1buf *buf, const unsigned int len, char **s) -{ - unsigned int i; - - if (buf->next > buf->bound + 1) return ASN1_OVERRUN; - if (len > (size_t)(buf->bound + 1 - buf->next)) return ASN1_OVERRUN; - if (len == 0) { - *s = 0; - return 0; - } - *s = (char*)malloc(len*sizeof(char)); - if (*s == NULL) return ENOMEM; - for (i=0; inext)[i]; - buf->next += len; - return 0; -} - -int -asn1buf_remains(asn1buf *buf, int indef) -{ - int remain; - if (buf == NULL || buf->base == NULL) return 0; - remain = buf->bound - buf->next +1; - if (remain <= 0) return remain; - /* - * Two 0 octets means the end of an indefinite encoding. - */ - if (indef && remain >= 2 && !*(buf->next) && !*(buf->next + 1)) - return 0; - else return remain; -} - asn1_error_code asn12krb5_buf(const asn1buf *buf, krb5_data **code) { @@ -293,68 +153,6 @@ asn12krb5_buf(const asn1buf *buf, krb5_data **code) return 0; } - - -/* - * These parse and unparse procedures should be moved out. They're - * useful only for debugging and superfluous in the production - * version. - */ - -asn1_error_code -asn1buf_unparse(const asn1buf *buf, char **s) -{ - free(*s); - if (buf == NULL) { - *s = strdup(""); - if (*s == NULL) return ENOMEM; - } else if (buf->base == NULL) { - *s = strdup(""); - if (*s == NULL) return ENOMEM; - } else { - unsigned int length = asn1buf_len(buf); - unsigned int i; - - *s = calloc(length+1, sizeof(char)); - if (*s == NULL) return ENOMEM; - (*s)[length] = '\0'; - for (i=0; ibase)[length-i-1]) */ - } - return 0; -} - -asn1_error_code -asn1buf_hex_unparse(const asn1buf *buf, char **s) -{ -#define hexchar(d) ((d)<=9 ? ('0'+(d)) : \ - ((d)<=15 ? ('A'+(d)-10) : \ - 'X')) - - free(*s); - - if (buf == NULL) { - *s = strdup(""); - if (*s == NULL) return ENOMEM; - } else if (buf->base == NULL) { - *s = strdup(""); - if (*s == NULL) return ENOMEM; - } else { - unsigned int length = asn1buf_len(buf); - int i; - - *s = malloc(3*length); - if (*s == NULL) return ENOMEM; - for (i = length-1; i >= 0; i--) { - (*s)[3*(length-i-1)] = hexchar(((buf->base)[i]&0xF0)>>4); - (*s)[3*(length-i-1)+1] = hexchar((buf->base)[i]&0x0F); - (*s)[3*(length-i-1)+2] = ' '; - } - (*s)[3*length-1] = '\0'; - } - return 0; -} - /****************************************************************/ /* Private Procedures */ diff --git a/src/lib/krb5/asn.1/asn1buf.h b/src/lib/krb5/asn.1/asn1buf.h index 900b14a5a..44a4b7eeb 100644 --- a/src/lib/krb5/asn.1/asn1buf.h +++ b/src/lib/krb5/asn.1/asn1buf.h @@ -99,45 +99,6 @@ asn1_error_code asn1buf_create(asn1buf **buf); * Returns ENOMEM if the buffer can't be created. */ -asn1_error_code asn1buf_wrap_data(asn1buf *buf, const krb5_data *code); -/* - * requires *buf has already been allocated - * effects Turns *buf into a "wrapper" for *code. i.e. *buf is set up - * such that its bottom is the beginning of *code, and its top - * is the top of *code. - * Returns ASN1_MISSING_FIELD if code is empty. - */ - -asn1_error_code asn1buf_imbed(asn1buf *subbuf, const asn1buf *buf, - const unsigned int length, - const int indef); -/* - * requires *subbuf and *buf are allocated - * effects *subbuf becomes a sub-buffer of *buf. *subbuf begins - * at *buf's current position and is length octets long. - * (Unless this would exceed the bounds of *buf -- in - * that case, ASN1_OVERRUN is returned) *subbuf's current - * position starts at the beginning of *subbuf. - */ - -asn1_error_code asn1buf_sync(asn1buf *buf, asn1buf *subbuf, asn1_class Class, - asn1_tagnum lasttag, - unsigned int length, int indef, - int seqindef); -/* - * requires *subbuf is a sub-buffer of *buf, as created by asn1buf_imbed. - * lasttag is the last tagnumber read. - * effects Synchronizes *buf's current position to match that of *subbuf. - */ - -asn1_error_code asn1buf_skiptail(asn1buf *buf, const unsigned int length, - const int indef); -/* - * requires *buf is a subbuffer used in a decoding of a - * constructed indefinite sequence. - * effects skips trailing fields. - */ - void asn1buf_destroy(asn1buf **buf); /* effects Deallocates **buf, sets *buf to NULL. */ @@ -174,57 +135,6 @@ asn1buf_insert_bytestring( */ #define asn1buf_insert_octetstring asn1buf_insert_bytestring -#define asn1buf_insert_charstring asn1buf_insert_bytestring - -asn1_error_code asn1buf_remove_octet(asn1buf *buf, asn1_octet *o); -/* - * requires *buf is allocated - * effects Returns *buf's current octet in *o and advances to - * the next octet. - * Returns ASN1_OVERRUN if *buf has already been exhausted. - */ -#define asn1buf_remove_octet(buf,o) \ - (((buf)->next > (buf)->bound) \ - ? ASN1_OVERRUN \ - : ((*(o) = (asn1_octet)(*(((buf)->next)++))),0)) - -asn1_error_code -asn1buf_remove_octetstring( - asn1buf *buf, - const unsigned int len, - asn1_octet **s); -/* - * requires *buf is allocated - * effects Removes the next len octets of *buf and returns them in **s. - * Returns ASN1_OVERRUN if there are fewer than len unread octets - * left in *buf. - * Returns ENOMEM if *s could not be allocated. - */ - -asn1_error_code -asn1buf_remove_charstring(asn1buf *buf, const unsigned int len, char **s); -/* - * requires *buf is allocated - * effects Removes the next len octets of *buf and returns them in **s. - * Returns ASN1_OVERRUN if there are fewer than len unread octets - * left in *buf. - * Returns ENOMEM if *s could not be allocated. - */ - -asn1_error_code asn1buf_unparse(const asn1buf *buf, char **s); -/* - * modifies *s - * effects Returns a human-readable representation of *buf in *s, - * where each octet in *buf is represented by a character in *s. - */ - -asn1_error_code asn1buf_hex_unparse(const asn1buf *buf, char **s); -/* - * modifies *s - * effects Returns a human-readable representation of *buf in *s, - * where each octet in *buf is represented by a 2-digit - * hexadecimal number in *s. - */ asn1_error_code asn12krb5_buf(const asn1buf *buf, krb5_data **code); /* @@ -232,11 +142,4 @@ asn1_error_code asn12krb5_buf(const asn1buf *buf, krb5_data **code); * effects Instantiates **code with the krb5_data representation of **buf. */ -int asn1buf_remains(asn1buf *buf, int indef); -/* - * requires *buf is a buffer containing an asn.1 structure or array - * modifies *buf - * effects Returns the number of unprocessed octets remaining in *buf. - */ - #endif diff --git a/src/lib/krb5/asn.1/asn1glue.h b/src/lib/krb5/asn.1/asn1glue.h deleted file mode 100644 index 31839eac9..000000000 --- a/src/lib/krb5/asn.1/asn1glue.h +++ /dev/null @@ -1,47 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* lib/krb5/asn.1/asn1glue.h */ -/* - * Copyright 1989,1990 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -/* - * - * Header file for some glue functions (macros, mostly) - */ - - -#ifndef __KRB5_GLUE_H__ -#define __KRB5_GLUE_H__ - -#define krb5_data2qbuf(val) str2qb((val)->data, (val)->length, 1) - -#define krb5_kdcoptions2KRB5_KDCOptions(val, err) (struct type_KRB5_KDCOptions *)krb5_flags2KRB5_TicketFlags(val, err) -#define KRB5_KDCOptions2krb5_kdcoptions(val, err) KRB5_TicketFlags2krb5_flags((struct type_KRB5_TicketFlags *) (val), err) -#define krb5_apoptions2KRB5_APOptions(val, err) (struct type_KRB5_APOptions *)krb5_flags2KRB5_TicketFlags(val, err) -#define KRB5_APOptions2krb5_apoptions(val, err) KRB5_TicketFlags2krb5_flags((struct type_KRB5_APOptions *) (val), err) - -/* to keep lint happy */ -#define xmalloc(n) malloc((unsigned) (n)) -#define xcalloc(n,s) calloc((unsigned)(n), (unsigned)(s)) - -#endif /* __KRB5_GLUE_H__ */ diff --git a/src/lib/krb5/asn.1/deps b/src/lib/krb5/asn.1/deps index 300af80b5..c49c183ec 100644 --- a/src/lib/krb5/asn.1/deps +++ b/src/lib/krb5/asn.1/deps @@ -1,70 +1,6 @@ # # Generated makefile dependencies follow. # -asn1_decode.so asn1_decode.po $(OUTPRE)asn1_decode.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ - $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ - $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ - $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ - $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ - $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ - $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \ - $(top_srcdir)/include/socket-utils.h asn1_decode.c \ - asn1_decode.h asn1_get.h asn1buf.h krbasn1.h -asn1_k_decode.so asn1_k_decode.po $(OUTPRE)asn1_k_decode.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ - $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ - $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ - $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ - $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ - $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ - $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \ - $(top_srcdir)/include/socket-utils.h asn1_decode.h \ - asn1_get.h asn1_k_decode.c asn1_k_decode.h asn1_k_decode_macros.h \ - asn1_misc.h asn1buf.h krbasn1.h -asn1_k_decode_fast.so asn1_k_decode_fast.po $(OUTPRE)asn1_k_decode_fast.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ - $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ - $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ - $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ - $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ - $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ - $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \ - $(top_srcdir)/include/socket-utils.h asn1_decode.h \ - asn1_get.h asn1_k_decode.h asn1_k_decode_fast.c asn1_k_decode_macros.h \ - asn1_misc.h asn1buf.h krbasn1.h -asn1_k_decode_kdc.so asn1_k_decode_kdc.po $(OUTPRE)asn1_k_decode_kdc.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ - $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ - $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ - $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ - $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ - $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ - $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \ - $(top_srcdir)/include/socket-utils.h asn1_decode.h \ - asn1_get.h asn1_k_decode.h asn1_k_decode_kdc.c asn1_k_decode_macros.h \ - asn1_misc.h asn1buf.h krbasn1.h -asn1_k_decode_sam.so asn1_k_decode_sam.po $(OUTPRE)asn1_k_decode_sam.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ - $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ - $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ - $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ - $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ - $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ - $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \ - $(top_srcdir)/include/socket-utils.h asn1_decode.h \ - asn1_get.h asn1_k_decode.h asn1_k_decode_macros.h asn1_k_decode_sam.c \ - asn1_misc.h asn1buf.h krbasn1.h asn1_encode.so asn1_encode.po $(OUTPRE)asn1_encode.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ @@ -76,19 +12,7 @@ asn1_encode.so asn1_encode.po $(OUTPRE)asn1_encode.$(OBJEXT): \ $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \ $(top_srcdir)/include/socket-utils.h asn1_encode.c \ - asn1_encode.h asn1_get.h asn1buf.h krbasn1.h -asn1_get.so asn1_get.po $(OUTPRE)asn1_get.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ - $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ - $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ - $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ - $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ - $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ - $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \ - $(top_srcdir)/include/socket-utils.h asn1_get.c asn1_get.h \ - asn1buf.h krbasn1.h + asn1_encode.h asn1buf.h krbasn1.h asn1buf.so asn1buf.po $(OUTPRE)asn1buf.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \ @@ -99,33 +23,7 @@ asn1buf.so asn1buf.po $(OUTPRE)asn1buf.$(OBJEXT): $(BUILDTOP)/include/autoconf.h $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \ $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ - asn1_get.h asn1buf.c asn1buf.h krbasn1.h -krb5_decode.so krb5_decode.po $(OUTPRE)krb5_decode.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ - $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ - $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ - $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ - $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ - $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ - $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \ - $(top_srcdir)/include/socket-utils.h asn1_decode.h \ - asn1_get.h asn1_k_decode.h asn1_misc.h asn1buf.h krb5_decode.c \ - krb5_decode_macros.h krbasn1.h -krb5_decode_kdc.so krb5_decode_kdc.po $(OUTPRE)krb5_decode_kdc.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ - $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ - $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ - $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ - $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ - $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ - $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \ - $(top_srcdir)/include/socket-utils.h asn1_decode.h \ - asn1_get.h asn1_k_decode.h asn1_misc.h asn1buf.h krb5_decode_kdc.c \ - krb5_decode_macros.h krbasn1.h + asn1buf.c asn1buf.h krbasn1.h asn1_k_encode.so asn1_k_encode.po $(OUTPRE)asn1_k_encode.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ @@ -137,7 +35,7 @@ asn1_k_encode.so asn1_k_encode.po $(OUTPRE)asn1_k_encode.$(OBJEXT): \ $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \ $(top_srcdir)/include/socket-utils.h asn1_encode.h \ - asn1_get.h asn1_k_encode.c asn1buf.h krbasn1.h + asn1_k_encode.c asn1buf.h krbasn1.h ldap_key_seq.so ldap_key_seq.po $(OUTPRE)ldap_key_seq.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ @@ -149,17 +47,4 @@ ldap_key_seq.so ldap_key_seq.po $(OUTPRE)ldap_key_seq.$(OBJEXT): \ $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \ $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ - asn1_decode.h asn1_encode.h asn1_get.h asn1buf.h krbasn1.h \ - ldap_key_seq.c -asn1_misc.so asn1_misc.po $(OUTPRE)asn1_misc.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ - $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ - $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ - $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ - $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ - $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ - $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \ - $(top_srcdir)/include/socket-utils.h asn1_misc.c asn1_misc.h \ - krbasn1.h + asn1_encode.h asn1buf.h krbasn1.h ldap_key_seq.c diff --git a/src/lib/krb5/asn.1/krb5_decode.c b/src/lib/krb5/asn.1/krb5_decode.c deleted file mode 100644 index 2a665f215..000000000 --- a/src/lib/krb5/asn.1/krb5_decode.c +++ /dev/null @@ -1,963 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* lib/krb5/asn.1/krb5_decode.c */ -/* - * Copyright 1994, 2008 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include "k5-int.h" -#include "krbasn1.h" -#include "asn1_k_decode.h" -#include "asn1_decode.h" -#include "asn1_get.h" -#include "krb5_decode_macros.h" - -#if 0 -#ifndef LEAN_CLIENT -krb5_error_code -decode_krb5_authenticator(const krb5_data *code, krb5_authenticator **repptr) -{ - setup(krb5_authenticator *); - alloc_field(rep); - clear_field(rep,subkey); - clear_field(rep,checksum); - clear_field(rep,client); - clear_field(rep,authorization_data); - - check_apptag(2); - { begin_structure(); - { krb5_kvno kvno; - get_field(kvno,0,asn1_decode_kvno); - if (kvno != KVNO) clean_return(KRB5KDC_ERR_BAD_PVNO); } - alloc_principal(rep->client); - get_field(rep->client,1,asn1_decode_realm); - get_field(rep->client,2,asn1_decode_principal_name); - opt_field(rep->checksum,3,asn1_decode_checksum_ptr); - get_field(rep->cusec,4,asn1_decode_int32); - get_field(rep->ctime,5,asn1_decode_kerberos_time); - opt_field(rep->subkey,6,asn1_decode_encryption_key_ptr); - opt_field(rep->seq_number,7,asn1_decode_seqnum); - opt_field(rep->authorization_data,8,asn1_decode_authorization_data); - rep->magic = KV5M_AUTHENTICATOR; - end_structure(); - } - cleanup_manual(); -error_out: - krb5_free_authenticator(NULL, rep); - return retval; -} -#endif - -krb5_error_code KRB5_CALLCONV -krb5_decode_ticket(const krb5_data *code, krb5_ticket **repptr) -{ - return decode_krb5_ticket(code, repptr); -} - -krb5_error_code -decode_krb5_ticket(const krb5_data *code, krb5_ticket **repptr) -{ - setup(krb5_ticket *); - alloc_field(rep); - clear_field(rep,server); - clear_field(rep,enc_part.ciphertext.data); - clear_field(rep,enc_part2); - - check_apptag(1); - { begin_structure(); - { krb5_kvno kvno; - get_field(kvno,0,asn1_decode_kvno); - if (kvno != KVNO) clean_return(KRB5KDC_ERR_BAD_PVNO); - } - alloc_principal(rep->server); - get_field(rep->server,1,asn1_decode_realm); - get_field(rep->server,2,asn1_decode_principal_name); - get_field(rep->enc_part,3,asn1_decode_encrypted_data); - rep->magic = KV5M_TICKET; - end_structure(); - } - cleanup_manual(); -error_out: - krb5_free_ticket(NULL, rep); - return retval; -} - -krb5_error_code -decode_krb5_encryption_key(const krb5_data *code, krb5_keyblock **repptr) -{ - setup(krb5_keyblock *); - alloc_field(rep); - clear_field(rep,contents); - - { begin_structure(); - get_field(rep->enctype,0,asn1_decode_enctype); - get_lenfield(rep->length,rep->contents,1,asn1_decode_octetstring); - end_structure(); - rep->magic = KV5M_KEYBLOCK; - } - cleanup_manual(); -error_out: - krb5_free_keyblock(NULL, rep); - return retval; -} - -krb5_error_code -decode_krb5_enc_tkt_part(const krb5_data *code, krb5_enc_tkt_part **repptr) -{ - setup(krb5_enc_tkt_part *); - alloc_field(rep); - clear_field(rep,session); - clear_field(rep,client); - clear_field(rep,transited.tr_contents.data); - clear_field(rep,caddrs); - clear_field(rep,authorization_data); - - check_apptag(3); - { begin_structure(); - get_field(rep->flags,0,asn1_decode_ticket_flags); - get_field(rep->session,1,asn1_decode_encryption_key_ptr); - alloc_principal(rep->client); - get_field(rep->client,2,asn1_decode_realm); - get_field(rep->client,3,asn1_decode_principal_name); - get_field(rep->transited,4,asn1_decode_transited_encoding); - get_field(rep->times.authtime,5,asn1_decode_kerberos_time); - if (tagnum == 6) - { get_field(rep->times.starttime,6,asn1_decode_kerberos_time); } - else - rep->times.starttime=rep->times.authtime; - get_field(rep->times.endtime,7,asn1_decode_kerberos_time); - opt_field(rep->times.renew_till,8,asn1_decode_kerberos_time); - opt_field(rep->caddrs,9,asn1_decode_host_addresses); - opt_field(rep->authorization_data,10,asn1_decode_authorization_data); - rep->magic = KV5M_ENC_TKT_PART; - end_structure(); - } - cleanup_manual(); -error_out: - krb5_free_enc_tkt_part(NULL, rep); - return retval; -} - -krb5_error_code -decode_krb5_enc_kdc_rep_part(const krb5_data *code, - krb5_enc_kdc_rep_part **repptr) -{ - taginfo t4; - setup_buf_only(krb5_enc_kdc_rep_part *); - alloc_field(rep); - - retval = asn1_get_tag_2(&buf, &t4); - if (retval) clean_return(retval); - if (t4.asn1class != APPLICATION || t4.construction != CONSTRUCTED) clean_return(ASN1_BAD_ID); - if (t4.tagnum == 25) rep->msg_type = KRB5_AS_REP; - else if (t4.tagnum == 26) rep->msg_type = KRB5_TGS_REP; - else clean_return(KRB5_BADMSGTYPE); - - retval = asn1_decode_enc_kdc_rep_part(&buf,rep); - if (retval) clean_return(retval); - - cleanup(free); -} - -krb5_error_code -decode_krb5_as_rep(const krb5_data *code, krb5_kdc_rep **repptr) -{ - setup_no_length(krb5_kdc_rep *); - alloc_field(rep); - clear_field(rep,padata); - clear_field(rep,client); - clear_field(rep,ticket); - clear_field(rep,enc_part.ciphertext.data); - clear_field(rep,enc_part2); - - check_apptag(11); - retval = asn1_decode_kdc_rep(&buf,rep); - if (retval) clean_return(retval); -#ifdef KRB5_MSGTYPE_STRICT - if (rep->msg_type != KRB5_AS_REP) - clean_return(KRB5_BADMSGTYPE); -#endif - - cleanup_manual(); -error_out: - krb5_free_kdc_rep(NULL, rep); - return retval; -} - -krb5_error_code -decode_krb5_tgs_rep(const krb5_data *code, krb5_kdc_rep **repptr) -{ - setup_no_length(krb5_kdc_rep *); - alloc_field(rep); - clear_field(rep,padata); - clear_field(rep,client); - clear_field(rep,ticket); - clear_field(rep,enc_part.ciphertext.data); - clear_field(rep,enc_part2); - - check_apptag(13); - retval = asn1_decode_kdc_rep(&buf,rep); - if (retval) clean_return(retval); -#ifdef KRB5_MSGTYPE_STRICT - if (rep->msg_type != KRB5_TGS_REP) clean_return(KRB5_BADMSGTYPE); -#endif - - cleanup_manual(); -error_out: - krb5_free_kdc_rep(NULL, rep); - return retval; -} - -krb5_error_code -decode_krb5_ap_req(const krb5_data *code, krb5_ap_req **repptr) -{ - setup(krb5_ap_req *); - alloc_field(rep); - clear_field(rep,ticket); - clear_field(rep,authenticator.ciphertext.data); - - check_apptag(14); - { begin_structure(); - { krb5_kvno kvno; - get_field(kvno,0,asn1_decode_kvno); - if (kvno != KVNO) clean_return(KRB5KDC_ERR_BAD_PVNO); } - { krb5_msgtype msg_type; - get_field(msg_type,1,asn1_decode_msgtype); -#ifdef KRB5_MSGTYPE_STRICT - if (msg_type != KRB5_AP_REQ) clean_return(KRB5_BADMSGTYPE); -#endif - } - get_field(rep->ap_options,2,asn1_decode_ap_options); - get_field(rep->ticket,3,asn1_decode_ticket_ptr); - get_field(rep->authenticator,4,asn1_decode_encrypted_data); - end_structure(); - rep->magic = KV5M_AP_REQ; - } - cleanup_manual(); -error_out: - krb5_free_ap_req(NULL, rep); - return retval; -} - -krb5_error_code -decode_krb5_ap_rep(const krb5_data *code, krb5_ap_rep **repptr) -{ - setup(krb5_ap_rep *); - alloc_field(rep); - clear_field(rep,enc_part.ciphertext.data); - - check_apptag(15); - { begin_structure(); - { krb5_kvno kvno; - get_field(kvno,0,asn1_decode_kvno); - if (kvno != KVNO) clean_return(KRB5KDC_ERR_BAD_PVNO); } - { krb5_msgtype msg_type; - get_field(msg_type,1,asn1_decode_msgtype); -#ifdef KRB5_MSGTYPE_STRICT - if (msg_type != KRB5_AP_REP) clean_return(KRB5_BADMSGTYPE); -#endif - } - get_field(rep->enc_part,2,asn1_decode_encrypted_data); - end_structure(); - rep->magic = KV5M_AP_REP; - } - cleanup_manual(); -error_out: - krb5_free_ap_rep(NULL, rep); - return retval; -} - -krb5_error_code -decode_krb5_ap_rep_enc_part(const krb5_data *code, - krb5_ap_rep_enc_part **repptr) -{ - setup(krb5_ap_rep_enc_part *); - alloc_field(rep); - clear_field(rep,subkey); - - check_apptag(27); - { begin_structure(); - get_field(rep->ctime,0,asn1_decode_kerberos_time); - get_field(rep->cusec,1,asn1_decode_int32); - opt_field(rep->subkey,2,asn1_decode_encryption_key_ptr); - opt_field(rep->seq_number,3,asn1_decode_seqnum); - end_structure(); - rep->magic = KV5M_AP_REP_ENC_PART; - } - cleanup_manual(); -error_out: - krb5_free_ap_rep_enc_part(NULL, rep); - return retval; -} - -/* - * decode_krb5_safe_with_body - * - * Like decode_krb5_safe(), but grabs the encoding of the - * KRB-SAFE-BODY as well, in case re-encoding would produce a - * different encoding. (Yes, we're using DER, but there's this - * annoying problem with pre-1.3.x code using signed sequence numbers, - * which we permissively decode and cram into unsigned 32-bit numbers. - * When they're re-encoded, they're no longer negative if they started - * out negative, so checksum verification fails.) - * - * This does *not* perform any copying; the returned pointer to the - * encoded KRB-SAFE-BODY points into the input buffer. - */ -krb5_error_code -decode_krb5_safe_with_body(const krb5_data *code, krb5_safe **repptr, - krb5_data *body) -{ - krb5_data tmpbody; - setup(krb5_safe *); - alloc_field(rep); - clear_field(rep,user_data.data); - clear_field(rep,r_address); - clear_field(rep,s_address); - clear_field(rep,checksum); - tmpbody.magic = 0; - - check_apptag(20); - { begin_structure(); - { krb5_kvno kvno; - get_field(kvno,0,asn1_decode_kvno); - if (kvno != KVNO) clean_return(KRB5KDC_ERR_BAD_PVNO); } - { krb5_msgtype msg_type; - get_field(msg_type,1,asn1_decode_msgtype); -#ifdef KRB5_MSGTYPE_STRICT - if (msg_type != KRB5_SAFE) clean_return(KRB5_BADMSGTYPE); -#endif - } - /* - * Gross kludge to extract pointer to encoded safe-body. Relies - * on tag prefetch done by next_tag(). Don't handle indefinite - * encoding, as it's too much work. - */ - if (!indef) { - tmpbody.length = taglen; - tmpbody.data = subbuf.next; - } else { - tmpbody.length = 0; - tmpbody.data = NULL; - } - get_field(*rep,2,asn1_decode_krb_safe_body); - get_field(rep->checksum,3,asn1_decode_checksum_ptr); - rep->magic = KV5M_SAFE; - end_structure(); - } - if (body != NULL) - *body = tmpbody; - cleanup_manual(); -error_out: - krb5_free_safe(NULL, rep); - return retval; -} - -krb5_error_code -decode_krb5_safe(const krb5_data *code, krb5_safe **repptr) -{ - return decode_krb5_safe_with_body(code, repptr, NULL); -} - -krb5_error_code -decode_krb5_priv(const krb5_data *code, krb5_priv **repptr) -{ - setup(krb5_priv *); - alloc_field(rep); - clear_field(rep,enc_part.ciphertext.data); - - check_apptag(21); - { begin_structure(); - { krb5_kvno kvno; - get_field(kvno,0,asn1_decode_kvno); - if (kvno != KVNO) clean_return(KRB5KDC_ERR_BAD_PVNO); } - { krb5_msgtype msg_type; - get_field(msg_type,1,asn1_decode_msgtype); -#ifdef KRB5_MSGTYPE_STRICT - if (msg_type != KRB5_PRIV) clean_return(KRB5_BADMSGTYPE); -#endif - } - get_field(rep->enc_part,3,asn1_decode_encrypted_data); - rep->magic = KV5M_PRIV; - end_structure(); - } - cleanup_manual(); -error_out: - krb5_free_priv(NULL, rep); - return retval; -} - -krb5_error_code -decode_krb5_enc_priv_part(const krb5_data *code, krb5_priv_enc_part **repptr) -{ - setup(krb5_priv_enc_part *); - alloc_field(rep); - clear_field(rep,user_data.data); - clear_field(rep,r_address); - clear_field(rep,s_address); - - check_apptag(28); - { begin_structure(); - get_lenfield(rep->user_data.length,rep->user_data.data,0,asn1_decode_charstring); - opt_field(rep->timestamp,1,asn1_decode_kerberos_time); - opt_field(rep->usec,2,asn1_decode_int32); - opt_field(rep->seq_number,3,asn1_decode_seqnum); - get_field(rep->s_address,4,asn1_decode_host_address_ptr); - opt_field(rep->r_address,5,asn1_decode_host_address_ptr); - rep->magic = KV5M_PRIV_ENC_PART; - end_structure(); - } - cleanup_manual(); -error_out: - krb5_free_priv_enc_part(NULL, rep); - return retval; -} - -krb5_error_code -decode_krb5_checksum(const krb5_data *code, krb5_checksum **repptr) -{ - setup_buf_only(krb5_checksum *); - alloc_field(rep); - retval = asn1_decode_checksum(&buf, rep); - if (retval) clean_return(retval); - cleanup(free); -} - -krb5_error_code -decode_krb5_cred(const krb5_data *code, krb5_cred **repptr) -{ - setup(krb5_cred *); - alloc_field(rep); - clear_field(rep,tickets); - clear_field(rep,enc_part.ciphertext.data); - - check_apptag(22); - { begin_structure(); - { krb5_kvno kvno; - get_field(kvno,0,asn1_decode_kvno); - if (kvno != KVNO) clean_return(KRB5KDC_ERR_BAD_PVNO); } - { krb5_msgtype msg_type; - get_field(msg_type,1,asn1_decode_msgtype); -#ifdef KRB5_MSGTYPE_STRICT - if (msg_type != KRB5_CRED) clean_return(KRB5_BADMSGTYPE); -#endif - } - get_field(rep->tickets,2,asn1_decode_sequence_of_ticket); - get_field(rep->enc_part,3,asn1_decode_encrypted_data); - rep->magic = KV5M_CRED; - end_structure(); - } - cleanup_manual(); -error_out: - krb5_free_cred(NULL, rep); - return retval; -} - -krb5_error_code -decode_krb5_enc_cred_part(const krb5_data *code, krb5_cred_enc_part **repptr) -{ - setup(krb5_cred_enc_part *); - alloc_field(rep); - clear_field(rep,r_address); - clear_field(rep,s_address); - clear_field(rep,ticket_info); - - check_apptag(29); - { begin_structure(); - get_field(rep->ticket_info,0,asn1_decode_sequence_of_krb_cred_info); - opt_field(rep->nonce,1,asn1_decode_int32); - opt_field(rep->timestamp,2,asn1_decode_kerberos_time); - opt_field(rep->usec,3,asn1_decode_int32); - opt_field(rep->s_address,4,asn1_decode_host_address_ptr); - opt_field(rep->r_address,5,asn1_decode_host_address_ptr); - rep->magic = KV5M_CRED_ENC_PART; - end_structure(); - } - cleanup_manual(); -error_out: - /* Despite the name, krb5_free_cred_enc_part is contents only. */ - krb5_free_cred_enc_part(NULL, rep); - free(rep); - return retval; -} - - -krb5_error_code -decode_krb5_error(const krb5_data *code, krb5_error **repptr) -{ - setup(krb5_error *); - alloc_field(rep); - clear_field(rep,server); - clear_field(rep,client); - clear_field(rep,text.data); - clear_field(rep,e_data.data); - - check_apptag(30); - { begin_structure(); - { krb5_kvno kvno; - get_field(kvno,0,asn1_decode_kvno); - if (kvno != KVNO) clean_return(KRB5KDC_ERR_BAD_PVNO); } - { krb5_msgtype msg_type; - get_field(msg_type,1,asn1_decode_msgtype); -#ifdef KRB5_MSGTYPE_STRICT - if (msg_type != KRB5_ERROR) clean_return(KRB5_BADMSGTYPE); -#endif - } - opt_field(rep->ctime,2,asn1_decode_kerberos_time); - opt_field(rep->cusec,3,asn1_decode_int32); - get_field(rep->stime,4,asn1_decode_kerberos_time); - get_field(rep->susec,5,asn1_decode_int32); - get_field(rep->error,6,asn1_decode_ui_4); - if (tagnum == 7) { alloc_principal(rep->client); } - opt_field(rep->client,7,asn1_decode_realm); - opt_field(rep->client,8,asn1_decode_principal_name); - alloc_principal(rep->server); - get_field(rep->server,9,asn1_decode_realm); - get_field(rep->server,10,asn1_decode_principal_name); - opt_lenfield(rep->text.length,rep->text.data,11,asn1_decode_generalstring); - opt_lenfield(rep->e_data.length,rep->e_data.data,12,asn1_decode_charstring); - rep->magic = KV5M_ERROR; - end_structure(); - } - cleanup_manual(); -error_out: - krb5_free_error(NULL, rep); - return retval; -} - -krb5_error_code -decode_krb5_authdata(const krb5_data *code, krb5_authdata ***repptr) -{ - setup_buf_only(krb5_authdata **); - retval = asn1_decode_authorization_data(&buf,&rep); - if (retval) clean_return(retval); - cleanup_none(); /* we're not allocating anything here... */ -} - -krb5_error_code -decode_krb5_padata_sequence(const krb5_data *code, krb5_pa_data ***repptr) -{ - setup_buf_only(krb5_pa_data **); - retval = asn1_decode_sequence_of_pa_data(&buf,&rep); - if (retval) clean_return(retval); - cleanup_none(); /* we're not allocating anything here */ -} - -krb5_error_code -decode_krb5_etype_info(const krb5_data *code, krb5_etype_info_entry ***repptr) -{ - setup_buf_only(krb5_etype_info_entry **); - retval = asn1_decode_etype_info(&buf,&rep); - if (retval) clean_return(retval); - cleanup_none(); /* we're not allocating anything here */ -} - -krb5_error_code -decode_krb5_etype_info2(const krb5_data *code, krb5_etype_info_entry ***repptr) -{ - setup_buf_only(krb5_etype_info_entry **); - retval = asn1_decode_etype_info2(&buf,&rep, 0); - if (retval == ASN1_BAD_ID) { - retval = asn1buf_wrap_data(&buf,code); - if (retval) clean_return(retval); - retval = asn1_decode_etype_info2(&buf, &rep, 1); - } - if (retval) clean_return(retval); - cleanup_none(); /* we're not allocating anything here */ -} - - -krb5_error_code -decode_krb5_enc_data(const krb5_data *code, krb5_enc_data **repptr) -{ - setup_buf_only(krb5_enc_data *); - alloc_field(rep); - - retval = asn1_decode_encrypted_data(&buf,rep); - if (retval) clean_return(retval); - - cleanup(free); -} - -krb5_error_code -decode_krb5_pa_enc_ts(const krb5_data *code, krb5_pa_enc_ts **repptr) -{ - setup(krb5_pa_enc_ts *); - alloc_field(rep); - { begin_structure(); - get_field(rep->patimestamp,0,asn1_decode_kerberos_time); - if (tagnum == 1) { - get_field(rep->pausec,1,asn1_decode_int32); - } else - rep->pausec = 0; - end_structure (); } - cleanup(free); -} - -krb5_error_code -decode_krb5_sam_challenge_2(const krb5_data *code, - krb5_sam_challenge_2 **repptr) -{ - setup_buf_only(krb5_sam_challenge_2 *); - alloc_field(rep); - - retval = asn1_decode_sam_challenge_2(&buf,rep); - if (retval) clean_return(retval); - - cleanup(free); -} - -krb5_error_code -decode_krb5_sam_challenge_2_body(const krb5_data *code, - krb5_sam_challenge_2_body **repptr) -{ - setup_buf_only(krb5_sam_challenge_2_body *); - alloc_field(rep); - - retval = asn1_decode_sam_challenge_2_body(&buf, rep); - if (retval) clean_return(retval); - - cleanup(free); -} - -krb5_error_code -decode_krb5_enc_sam_response_enc_2(const krb5_data *code, - krb5_enc_sam_response_enc_2 **repptr) -{ - setup_buf_only(krb5_enc_sam_response_enc_2 *); - alloc_field(rep); - - retval = asn1_decode_enc_sam_response_enc_2(&buf,rep); - if (retval) clean_return(retval); - - cleanup(free); -} - -krb5_error_code -decode_krb5_sam_response_2(const krb5_data *code, - krb5_sam_response_2 **repptr) -{ - setup_buf_only(krb5_sam_response_2 *); - alloc_field(rep); - - retval = asn1_decode_sam_response_2(&buf,rep); - if (retval) clean_return(retval); - - cleanup(free); -} - -krb5_error_code -decode_krb5_setpw_req(const krb5_data *code, krb5_data **repptr, - krb5_principal *principal) -{ - setup_buf_only(krb5_data *); - alloc_field(rep); - *principal = NULL; - - retval = asn1_decode_setpw_req(&buf, rep, principal); - if (retval) clean_return(retval); - - cleanup(free); -} - -krb5_error_code -decode_krb5_pa_for_user(const krb5_data *code, krb5_pa_for_user **repptr) -{ - setup_buf_only(krb5_pa_for_user *); - alloc_field(rep); - - retval = asn1_decode_pa_for_user(&buf, rep); - if (retval) clean_return(retval); - - cleanup(free); -} - -krb5_error_code -decode_krb5_pa_s4u_x509_user(const krb5_data *code, krb5_pa_s4u_x509_user **repptr) -{ - setup_buf_only(krb5_pa_s4u_x509_user *); - alloc_field(rep); - - retval = asn1_decode_pa_s4u_x509_user(&buf, rep); - if (retval) clean_return(retval); - - cleanup(free); -} - -krb5_error_code -decode_krb5_pa_pac_req(const krb5_data *code, krb5_pa_pac_req **repptr) -{ - setup_buf_only(krb5_pa_pac_req *); - alloc_field(rep); - - retval = asn1_decode_pa_pac_req(&buf, rep); - if (retval) clean_return(retval); - - cleanup(free); -} - -krb5_error_code -decode_krb5_etype_list(const krb5_data *code, krb5_etype_list **repptr) -{ - setup_buf_only(krb5_etype_list *); - alloc_field(rep); - - retval = asn1_decode_sequence_of_enctype(&buf, &rep->length, &rep->etypes); - if (retval) clean_return(retval); - - cleanup(free); -} - -krb5_error_code -decode_krb5_fast_response(const krb5_data *code, krb5_fast_response **repptr) -{ - setup(krb5_fast_response *); - - alloc_field(rep); - clear_field(rep, finished); - clear_field(rep, padata); - clear_field(rep,strengthen_key); - {begin_structure(); - get_field(rep->padata, 0, asn1_decode_sequence_of_pa_data); - opt_field(rep->strengthen_key, 1, asn1_decode_encryption_key_ptr); - opt_field(rep->finished, 2, asn1_decode_fast_finished_ptr); - get_field(rep->nonce, 3, asn1_decode_int32); - end_structure(); } - rep->magic = KV5M_FAST_RESPONSE; - cleanup(free); -} - -krb5_error_code -decode_krb5_pa_fx_fast_reply(const krb5_data *code, krb5_enc_data **repptr) -{ - setup(krb5_enc_data *); - alloc_field(rep); - { - int indef KRB5_ATTR_UNUSED; - unsigned int taglen KRB5_ATTR_UNUSED; - next_tag_from_buf(buf); - if (tagnum != 0) - clean_return(ASN1_BAD_ID); - } - {begin_structure(); - get_field(*rep, 0, asn1_decode_encrypted_data); - end_structure(); - } - - cleanup(free); -} - -krb5_error_code -decode_krb5_ad_kdcissued(const krb5_data *code, krb5_ad_kdcissued **repptr) -{ - setup_buf_only(krb5_ad_kdcissued *); - alloc_field(rep); - - retval = asn1_decode_ad_kdcissued(&buf, rep); - if (retval) clean_return(retval); - - cleanup(free); -} - -krb5_error_code -decode_krb5_ad_signedpath(const krb5_data *code, krb5_ad_signedpath **repptr) -{ - setup_buf_only(krb5_ad_signedpath *); - alloc_field(rep); - - retval = asn1_decode_ad_signedpath(&buf, rep); - if (retval) clean_return(retval); - - cleanup(free); -} - -krb5_error_code -decode_krb5_iakerb_header(const krb5_data *code, krb5_iakerb_header **repptr) -{ - setup_buf_only(krb5_iakerb_header *); - alloc_field(rep); - - retval = asn1_decode_iakerb_header(&buf, rep); - if (retval) clean_return(retval); - - cleanup(free); -} - -krb5_error_code -decode_krb5_iakerb_finished(const krb5_data *code, krb5_iakerb_finished **repptr) -{ - setup_buf_only(krb5_iakerb_finished *); - alloc_field(rep); - - retval = asn1_decode_iakerb_finished(&buf, rep); - if (retval) clean_return(retval); - - cleanup(free); -} - -krb5_error_code KRB5_CALLCONV -krb5int_get_authdata_containee_types(krb5_context context, - const krb5_authdata *authdata, - unsigned int *num, - krb5_authdatatype **repptr) -{ - krb5_data data, *code = &data; - - data.data = (char *)authdata->contents; - data.length = authdata->length; - - *num = 0; - - { - setup_buf_only(krb5_authdatatype *); - - retval = asn1_peek_authorization_data(&buf, num, &rep); - if (retval) clean_return(retval); - - cleanup_none(); - } - assert(0); /* NOTREACHED */ -} - -#ifndef DISABLE_PKINIT - -krb5_error_code -decode_krb5_pa_pk_as_rep(const krb5_data *code, krb5_pa_pk_as_rep **repptr) -{ - setup_buf_only(krb5_pa_pk_as_rep *); - alloc_field(rep); - - retval = asn1_decode_pa_pk_as_rep(&buf, rep); - if (retval) clean_return(retval); - - cleanup(free); -} - -krb5_error_code -decode_krb5_auth_pack(const krb5_data *code, krb5_auth_pack **repptr) -{ - setup_buf_only(krb5_auth_pack *); - alloc_field(rep); - - retval = asn1_decode_auth_pack(&buf, rep); - if (retval) clean_return(retval); - - cleanup(free); -} - -krb5_error_code -decode_krb5_auth_pack_draft9(const krb5_data *code, - krb5_auth_pack_draft9 **repptr) -{ - setup_buf_only(krb5_auth_pack_draft9 *); - alloc_field(rep); - - retval = asn1_decode_auth_pack_draft9(&buf, rep); - if (retval) clean_return(retval); - - cleanup(free); -} - -krb5_error_code -decode_krb5_kdc_dh_key_info(const krb5_data *code, - krb5_kdc_dh_key_info **repptr) -{ - setup_buf_only(krb5_kdc_dh_key_info *); - alloc_field(rep); - - retval = asn1_decode_kdc_dh_key_info(&buf, rep); - if (retval) clean_return(retval); - - cleanup(free); -} - -krb5_error_code -decode_krb5_principal_name(const krb5_data *code, krb5_principal_data **repptr) -{ - setup_buf_only(krb5_principal_data *); - alloc_field(rep); - - retval = asn1_decode_krb5_principal_name(&buf, &rep); - if (retval) clean_return(retval); - - cleanup(free); -} - -krb5_error_code -decode_krb5_reply_key_pack(const krb5_data *code, krb5_reply_key_pack **repptr) -{ - setup_buf_only(krb5_reply_key_pack *); - alloc_field(rep); - - retval = asn1_decode_reply_key_pack(&buf, rep); - if (retval) - goto error_out; - - cleanup(free); -} - -krb5_error_code -decode_krb5_reply_key_pack_draft9(const krb5_data *code, - krb5_reply_key_pack_draft9 **repptr) -{ - setup_buf_only(krb5_reply_key_pack_draft9 *); - alloc_field(rep); - - retval = asn1_decode_reply_key_pack_draft9(&buf, rep); - if (retval) clean_return(retval); - - cleanup(free); -} - -krb5_error_code -decode_krb5_td_trusted_certifiers(const krb5_data *code, - krb5_external_principal_identifier ***repptr) -{ - setup_buf_only(krb5_external_principal_identifier **); - retval = asn1_decode_sequence_of_external_principal_identifier(&buf, &rep); - if (retval) clean_return(retval); - - cleanup(free); -} - -krb5_error_code -decode_krb5_td_dh_parameters(const krb5_data *code, - krb5_algorithm_identifier ***repptr) -{ - setup_buf_only(krb5_algorithm_identifier **); - retval = asn1_decode_sequence_of_algorithm_identifier(&buf, &rep); - if (retval) clean_return(retval); - - cleanup(free); -} -#endif /* DISABLE_PKINIT */ - -krb5_error_code -decode_krb5_typed_data(const krb5_data *code, krb5_pa_data ***repptr) -{ - setup_buf_only(krb5_pa_data **); - retval = asn1_decode_sequence_of_typed_data(&buf, &rep); - if (retval) clean_return(retval); - - cleanup(free); -} -#endif diff --git a/src/lib/krb5/asn.1/krb5_decode_kdc.c b/src/lib/krb5/asn.1/krb5_decode_kdc.c deleted file mode 100644 index 56ce34e12..000000000 --- a/src/lib/krb5/asn.1/krb5_decode_kdc.c +++ /dev/null @@ -1,169 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* lib/krb5/asn.1/krb5_decode_kdc.c */ -/* - * Copyright 1994, 2008. 2010 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include "k5-int.h" -#include "krbasn1.h" -#include "krb5_decode_macros.h" - -#if 0 -krb5_error_code -decode_krb5_as_req(const krb5_data *code, krb5_kdc_req **repptr) -{ - setup_no_length(krb5_kdc_req *); - alloc_field(rep); - clear_field(rep,padata); - clear_field(rep,client); - clear_field(rep,server); - clear_field(rep,ktype); - clear_field(rep,addresses); - clear_field(rep,authorization_data.ciphertext.data); - clear_field(rep,unenc_authdata); - clear_field(rep,second_ticket); - - check_apptag(10); - retval = asn1_decode_kdc_req(&buf,rep); - if (retval) clean_return(retval); -#ifdef KRB5_MSGTYPE_STRICT - if (rep->msg_type != KRB5_AS_REQ) clean_return(KRB5_BADMSGTYPE); -#endif - - cleanup_manual(); -error_out: - krb5_free_kdc_req(NULL, rep); - return retval; -} - -krb5_error_code -decode_krb5_tgs_req(const krb5_data *code, krb5_kdc_req **repptr) -{ - setup_no_length(krb5_kdc_req *); - alloc_field(rep); - clear_field(rep,padata); - clear_field(rep,client); - clear_field(rep,server); - clear_field(rep,ktype); - clear_field(rep,addresses); - clear_field(rep,authorization_data.ciphertext.data); - clear_field(rep,unenc_authdata); - clear_field(rep,second_ticket); - - check_apptag(12); - retval = asn1_decode_kdc_req(&buf,rep); - if (retval) clean_return(retval); -#ifdef KRB5_MSGTYPE_STRICT - if (rep->msg_type != KRB5_TGS_REQ) clean_return(KRB5_BADMSGTYPE); -#endif - - cleanup_manual(); -error_out: - krb5_free_kdc_req(NULL, rep); - return retval; -} - -krb5_error_code -decode_krb5_kdc_req_body(const krb5_data *code, krb5_kdc_req **repptr) -{ - setup_buf_only(krb5_kdc_req *); - alloc_field(rep); - - retval = asn1_decode_kdc_req_body(&buf,rep); - if (retval) clean_return(retval); - - cleanup(free); -} - -krb5_error_code -decode_krb5_fast_req(const krb5_data *code, krb5_fast_req **repptr) -{ - setup(krb5_fast_req *); - alloc_field(rep); - alloc_field(rep->req_body); - clear_field(rep, req_body->padata); - {begin_structure(); - get_field(rep->fast_options, 0, asn1_decode_krb5_flags); - opt_field(rep->req_body->padata, 1, asn1_decode_sequence_of_pa_data); - get_field(*(rep->req_body), 2, asn1_decode_kdc_req_body); - end_structure(); } - rep->magic = KV5M_FAST_REQ; - cleanup_manual(); -error_out: - if (rep) { - if (rep->req_body) - krb5_free_kdc_req(0, rep->req_body); - free(rep); - } - return retval; -} - -krb5_error_code -decode_krb5_pa_fx_fast_request(const krb5_data *code, krb5_fast_armored_req **repptr) -{ - setup(krb5_fast_armored_req *); - alloc_field(rep); - clear_field(rep, armor); - { - int indef KRB5_ATTR_UNUSED; - unsigned int taglen KRB5_ATTR_UNUSED; - next_tag_from_buf(buf); - if (tagnum != 0) - clean_return(ASN1_BAD_ID); - } - {begin_structure(); - opt_field(rep->armor, 0, asn1_decode_fast_armor_ptr); - get_field(rep->req_checksum, 1, asn1_decode_checksum); - get_field(rep->enc_part, 2, asn1_decode_encrypted_data); - end_structure();} - rep->magic = KV5M_FAST_ARMORED_REQ; - cleanup(free); -} - -#ifndef DISABLE_PKINIT -krb5_error_code -decode_krb5_pa_pk_as_req(const krb5_data *code, krb5_pa_pk_as_req **repptr) -{ - setup_buf_only(krb5_pa_pk_as_req *); - alloc_field(rep); - - retval = asn1_decode_pa_pk_as_req(&buf, rep); - if (retval) clean_return(retval); - - cleanup(free); -} - -krb5_error_code -decode_krb5_pa_pk_as_req_draft9(const krb5_data *code, - krb5_pa_pk_as_req_draft9 **repptr) -{ - setup_buf_only(krb5_pa_pk_as_req_draft9 *); - alloc_field(rep); - - retval = asn1_decode_pa_pk_as_req_draft9(&buf, rep); - if (retval) clean_return(retval); - - cleanup(free); -} -#endif /* DISABLE_PKINIT */ -#endif diff --git a/src/lib/krb5/asn.1/krb5_decode_macros.h b/src/lib/krb5/asn.1/krb5_decode_macros.h deleted file mode 100644 index aada1be62..000000000 --- a/src/lib/krb5/asn.1/krb5_decode_macros.h +++ /dev/null @@ -1,244 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* lib/krb5/asn.1/krb5_decode_macros.h */ -/* - * Copyright 1994, 2008 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#ifndef KRB5_DECODE_MACROS_H -#define KRB5_DECODE_MACROS_H - -#include "asn1_k_decode.h" -#include "asn1_decode.h" -#include "asn1_get.h" -#include "asn1_misc.h" - -#if __GNUC__ >= 3 -#define KRB5_ATTR_UNUSED __attribute__((unused)) -#else -#define KRB5_ATTR_UNUSED -#endif - -/* setup *********************************************************/ -/* set up variables */ -/* - * the setup* macros can return, but are always used at function start - * and thus need no malloc cleanup - */ -#define setup_buf_only(type) \ - asn1_error_code retval; \ - asn1buf buf; \ - type rep = NULL; \ - \ - *repptr = NULL; \ - retval = asn1buf_wrap_data(&buf,code); \ - if (retval) return retval - -#define setup_no_tagnum(type) \ - asn1_class asn1class KRB5_ATTR_UNUSED; \ - asn1_construction construction KRB5_ATTR_UNUSED; \ - setup_buf_only(type) - -#define setup_no_length(type) \ - asn1_tagnum tagnum KRB5_ATTR_UNUSED; \ - setup_no_tagnum(type) - -#define setup(type) \ - unsigned int length; \ - setup_no_length(type) - -/* helper macros for cleanup */ -#define clean_return(val) { retval = val; goto error_out; } - -/* alloc_field is the first thing to allocate storage that may need cleanup */ -#define alloc_field(var) \ - var = calloc(1,sizeof(*var)); \ - if ((var) == NULL) clean_return(ENOMEM) - -/* - * Allocate a principal and initialize enough fields for - * krb5_free_principal to have defined behavior. - */ -#define alloc_principal(var) \ - alloc_field(var); \ - var->realm.data = NULL; \ - var->data = NULL - -/* process encoding header ***************************************/ -/* decode tag and check that it == [APPLICATION tagnum] */ -#define check_apptag(tagexpect) \ - { \ - taginfo t1; \ - retval = asn1_get_tag_2(&buf, &t1); \ - if (retval) clean_return (retval); \ - if (t1.asn1class != APPLICATION || t1.construction != CONSTRUCTED) \ - clean_return(ASN1_BAD_ID); \ - if (t1.tagnum != (tagexpect)) clean_return(KRB5_BADMSGTYPE); \ - asn1class = t1.asn1class; \ - construction = t1.construction; \ - tagnum = t1.tagnum; \ - } - - - -/* process a structure *******************************************/ - -/* decode an explicit tag and place the number in tagnum */ -#define next_tag_from_buf(buf) \ - { taginfo t2; \ - retval = asn1_get_tag_2(&(buf), &t2); \ - if (retval) clean_return(retval); \ - asn1class = t2.asn1class; \ - construction = t2.construction; \ - tagnum = t2.tagnum; \ - indef = t2.indef; \ - taglen = t2.length; \ - } -#define next_tag() next_tag_from_buf(subbuf) - - -static asn1_error_code -asn1_get_eoc_tag (asn1buf *buf) -{ - asn1_error_code retval; - taginfo t; - - retval = asn1_get_tag_2(buf, &t); - if (retval) - return retval; - if (t.asn1class != UNIVERSAL || t.tagnum || t.indef) - return ASN1_MISSING_EOC; - return 0; -} - -#define get_eoc() \ - { \ - retval = asn1_get_eoc_tag(&subbuf); \ - if (retval) clean_return(retval); \ - } - -/* decode sequence header and initialize tagnum with the first field */ -#define begin_structure() \ - unsigned int taglen KRB5_ATTR_UNUSED; \ - asn1buf subbuf; \ - int seqindef; \ - int indef; \ - retval = asn1_get_sequence(&buf,&length,&seqindef); \ - if (retval) clean_return(retval); \ - retval = asn1buf_imbed(&subbuf,&buf,length,seqindef); \ - if (retval) clean_return(retval); \ - next_tag() - -#define end_structure() \ - retval = asn1buf_sync(&buf,&subbuf,asn1class, \ - tagnum,length,indef,seqindef); \ - if (retval) clean_return(retval) - -/* process fields *******************************************/ -/* normal fields ************************/ -#define get_field_body(var,decoder) \ - retval = decoder(&subbuf,&(var)); \ - if (retval) clean_return(retval); \ - if (indef) { get_eoc(); } \ - next_tag() - -/* - * error_if_bad_tag - * - * Checks that the next tag is the expected one; returns with an error - * if not. - */ -#define error_if_bad_tag(tagexpect) \ - if (tagnum != (tagexpect)) { clean_return ((tagnum < (tagexpect)) ? ASN1_MISPLACED_FIELD : ASN1_MISSING_FIELD); } - -/* - * decode a field (<[UNIVERSAL id]> ) - * check that the id number == tagexpect then - * decode into var - * get the next tag - */ -#define get_field(var,tagexpect,decoder) \ - error_if_bad_tag(tagexpect); \ - if (asn1class != CONTEXT_SPECIFIC || construction != CONSTRUCTED) \ - clean_return(ASN1_BAD_ID); \ - get_field_body(var,decoder) - -/* decode (or skip, if not present) an optional field */ -#define opt_field(var,tagexpect,decoder) \ - if (asn1buf_remains(&subbuf, seqindef)) { \ - if (asn1class != CONTEXT_SPECIFIC || construction != CONSTRUCTED) \ - clean_return(ASN1_BAD_ID); \ - if (tagnum == (tagexpect)) { \ - get_field_body(var,decoder); \ - } \ - } - -/* field w/ accompanying length *********/ -#define get_lenfield_body(len,var,decoder) \ - retval = decoder(&subbuf,&(len),&(var)); \ - if (retval) clean_return(retval); \ - if (indef) { get_eoc(); } \ - next_tag() - -/* decode a field w/ its length (for string types) */ -#define get_lenfield(len,var,tagexpect,decoder) \ - error_if_bad_tag(tagexpect); \ - if (asn1class != CONTEXT_SPECIFIC || construction != CONSTRUCTED) \ - clean_return(ASN1_BAD_ID); \ - get_lenfield_body(len,var,decoder) - -/* decode an optional field w/ length */ -#define opt_lenfield(len,var,tagexpect,decoder) \ - if (asn1buf_remains(&subbuf, seqindef)) { \ - if (asn1class != CONTEXT_SPECIFIC || construction != CONSTRUCTED) \ - clean_return(ASN1_BAD_ID); \ - if (tagnum == (tagexpect)) { \ - get_lenfield_body(len,var,decoder); \ - } \ - } - - -/* clean up ******************************************************/ -/* finish up */ -/* to make things less painful, assume the cleanup is passed rep */ -#define cleanup(cleanup_routine) \ - *repptr = rep; \ - return 0; \ -error_out: \ -if (rep) \ - cleanup_routine(rep); \ -return retval; - -#define cleanup_none() \ - *repptr = rep; \ - return 0; \ -error_out: \ -return retval; - -#define cleanup_manual() \ - *repptr = rep; \ - return 0; - -#define free_field(rep,f) free((rep)->f) -#define clear_field(rep,f) (rep)->f = 0 - -#endif diff --git a/src/lib/krb5/asn.1/ldap_key_seq.c b/src/lib/krb5/asn.1/ldap_key_seq.c index cd6a6ac5f..69ad847c2 100644 --- a/src/lib/krb5/asn.1/ldap_key_seq.c +++ b/src/lib/krb5/asn.1/ldap_key_seq.c @@ -37,8 +37,6 @@ #include "krbasn1.h" #include "asn1_encode.h" -#include "asn1_decode.h" -#include "asn1_get.h" #ifdef ENABLE_LDAP @@ -112,285 +110,4 @@ DEFSEQTYPE(ldap_key_seq, ldap_seqof_key_data, ldap_key_seq_fields); MAKE_ENCODER(krb5int_ldap_encode_sequence_of_keys, ldap_key_seq); MAKE_DECODER(krb5int_ldap_decode_sequence_of_keys, ldap_key_seq); -#if 0 -/************************************************************************/ -/* Decode the Principal's keys */ -/************************************************************************/ - -#define cleanup(err) \ - { \ - ret = err; \ - goto last; \ - } - -#define checkerr \ - if (ret != 0) \ - goto last - -#define safe_syncbuf(outer,inner,buflen) \ - if (! ((inner)->next == (inner)->bound + 1 && \ - (inner)->next == (outer)->next + buflen)) \ - cleanup (ASN1_BAD_LENGTH); \ - asn1buf_sync((outer), (inner), 0, 0, 0, 0, 0); - -static asn1_error_code -decode_tagged_integer (asn1buf *buf, asn1_tagnum expectedtag, long *val) -{ - int buflen; - asn1_error_code ret = 0; - asn1buf tmp, subbuf; - taginfo t; - - /* Work on a copy of 'buf' */ - ret = asn1buf_imbed(&tmp, buf, 0, 1); checkerr; - ret = asn1_get_tag_2(&tmp, &t); checkerr; - if (t.tagnum != expectedtag) - cleanup (ASN1_MISSING_FIELD); - - buflen = t.length; - ret = asn1buf_imbed(&subbuf, &tmp, t.length, 0); checkerr; - ret = asn1_decode_integer(&subbuf, val); checkerr; - - safe_syncbuf(&tmp, &subbuf, buflen); - *buf = tmp; - -last: - return ret; -} - -#if 0 /* not currently used */ -static asn1_error_code -decode_tagged_unsigned_integer (asn1buf *buf, int expectedtag, unsigned long *val) -{ - int buflen; - asn1_error_code ret = 0; - asn1buf tmp, subbuf; - taginfo t; - - /* Work on a copy of 'buf' */ - ret = asn1buf_imbed(&tmp, buf, 0, 1); checkerr; - ret = asn1_get_tag_2(&tmp, &t); checkerr; - if (t.tagnum != expectedtag) - cleanup (ASN1_MISSING_FIELD); - - buflen = t.length; - ret = asn1buf_imbed(&subbuf, &tmp, t.length, 0); checkerr; - ret = asn1_decode_unsigned_integer(&subbuf, val); checkerr; - - safe_syncbuf(&tmp, &subbuf, buflen); - *buf = tmp; - -last: - return ret; -} -#endif - -static asn1_error_code -decode_tagged_octetstring (asn1buf *buf, asn1_tagnum expectedtag, - unsigned int *len, - asn1_octet **val) -{ - int buflen; - asn1_error_code ret = 0; - asn1buf tmp, subbuf; - taginfo t; - - *val = NULL; - - /* Work on a copy of 'buf' */ - ret = asn1buf_imbed(&tmp, buf, 0, 1); checkerr; - ret = asn1_get_tag_2(&tmp, &t); checkerr; - if (t.tagnum != expectedtag) - cleanup (ASN1_MISSING_FIELD); - - buflen = t.length; - ret = asn1buf_imbed(&subbuf, &tmp, t.length, 0); checkerr; - ret = asn1_decode_octetstring (&subbuf, len, val); checkerr; - - safe_syncbuf(&tmp, &subbuf, buflen); - *buf = tmp; - -last: - if (ret != 0) - free (*val); - return ret; -} - -static asn1_error_code -asn1_decode_key(asn1buf *buf, krb5_key_data *key) -{ - int full_buflen, seqindef; - unsigned int length; - asn1_error_code ret; - asn1buf subbuf; - taginfo t; - - key->key_data_contents[0] = NULL; - key->key_data_contents[1] = NULL; - - ret = asn1_get_sequence(buf, &length, &seqindef); checkerr; - full_buflen = length; - ret = asn1buf_imbed(&subbuf, buf, length, seqindef); checkerr; - - asn1_get_tag_2(&subbuf, &t); - /* Salt */ - if (t.tagnum == 0) { - int salt_buflen; - asn1buf slt; - long keytype; - unsigned int keylen; - - key->key_data_ver = 2; - asn1_get_sequence(&subbuf, &length, &seqindef); - salt_buflen = length; - asn1buf_imbed(&slt, &subbuf, length, seqindef); - - ret = decode_tagged_integer (&slt, 0, &keytype); - key->key_data_type[1] = keytype; /* XXX range check?? */ - checkerr; - - if (asn1buf_remains(&slt, 0) != 0) { /* Salt value is optional */ - ret = decode_tagged_octetstring (&slt, 1, &keylen, - &key->key_data_contents[1]); - checkerr; - } else - keylen = 0; - safe_syncbuf (&subbuf, &slt, salt_buflen); - key->key_data_length[1] = keylen; /* XXX range check?? */ - - ret = asn1_get_tag_2(&subbuf, &t); checkerr; - } else - key->key_data_ver = 1; - - /* Key */ - { - int key_buflen; - asn1buf kbuf; - long lval; - unsigned int ival; - - if (t.tagnum != 1) - cleanup (ASN1_MISSING_FIELD); - - ret = asn1_get_sequence(&subbuf, &length, &seqindef); checkerr; - key_buflen = length; - ret = asn1buf_imbed(&kbuf, &subbuf, length, seqindef); checkerr; - - ret = decode_tagged_integer (&kbuf, 0, &lval); - checkerr; - key->key_data_type[0] = lval; /* XXX range check? */ - - ret = decode_tagged_octetstring (&kbuf, 1, &ival, - &key->key_data_contents[0]); checkerr; - key->key_data_length[0] = ival; /* XXX range check? */ - - safe_syncbuf (&subbuf, &kbuf, key_buflen); - } - - safe_syncbuf (buf, &subbuf, full_buflen); - -last: - if (ret != 0) { - free (key->key_data_contents[0]); - key->key_data_contents[0] = NULL; - free (key->key_data_contents[1]); - key->key_data_contents[1] = NULL; - } - return ret; -} - -krb5_error_code -krb5int_ldap_decode_sequence_of_keys (krb5_data *in, ldap_seqof_key_data **rep) -{ - ldap_seqof_key_data *repval; - krb5_key_data **out; - krb5_int16 *n_key_data; - int *mkvno; - - asn1_error_code ret; - asn1buf buf, subbuf; - int seqindef; - unsigned int length; - taginfo t; - int kvno, maj, min; - long lval; - - repval = calloc(1,sizeof(ldap_seqof_key_data)); - *rep = repval; - out = &repval->key_data; - n_key_data = &repval->n_key_data; - mkvno = &repval->mkvno; - - *n_key_data = 0; - *out = NULL; - - ret = asn1buf_wrap_data(&buf, in); checkerr; - - ret = asn1_get_sequence(&buf, &length, &seqindef); checkerr; - ret = asn1buf_imbed(&subbuf, &buf, length, seqindef); checkerr; - - /* attribute-major-vno */ - ret = decode_tagged_integer (&subbuf, 0, &lval); checkerr; - maj = lval; /* XXX range check? */ - - /* attribute-minor-vno */ - ret = decode_tagged_integer (&subbuf, 1, &lval); checkerr; - min = lval; /* XXX range check? */ - - if (maj != 1 || min != 1) - cleanup (ASN1_BAD_FORMAT); - - /* kvno (assuming all keys in array have same version) */ - ret = decode_tagged_integer (&subbuf, 2, &lval); checkerr; - kvno = lval; /* XXX range check? */ - - /* mkvno (optional) */ - ret = decode_tagged_integer (&subbuf, 3, &lval); checkerr; - *mkvno = lval; /* XXX range check? */ - - ret = asn1_get_tag_2(&subbuf, &t); checkerr; - - /* Sequence of keys */ - { - int i, seq_buflen; - asn1buf keyseq; - if (t.tagnum != 4) - cleanup (ASN1_MISSING_FIELD); - ret = asn1_get_sequence(&subbuf, &length, &seqindef); checkerr; - seq_buflen = length; - ret = asn1buf_imbed(&keyseq, &subbuf, length, seqindef); checkerr; - for (i = 1, *out = NULL; ; i++) { - krb5_key_data *tmp; - tmp = (krb5_key_data *) realloc (*out, i * sizeof (krb5_key_data)); - if (tmp == NULL) - cleanup (ENOMEM); - *out = tmp; - (*out)[i - 1].key_data_kvno = kvno; - ret = asn1_decode_key(&keyseq, &(*out)[i - 1]); checkerr; - (*n_key_data)++; - if (asn1buf_remains(&keyseq, 0) == 0) - break; /* Not freeing the last key structure */ - } - safe_syncbuf (&subbuf, &keyseq, seq_buflen); - } - - /* - * There could be other data inside the outermost sequence ... tags we don't - * know about. So, not invoking "safe_syncbuf(&buf,&subbuf)" - */ - -last: - if (ret != 0) { - int i; - for (i = 0; i < *n_key_data; i++) { - free ((*out)[i].key_data_contents[0]); - free ((*out)[i].key_data_contents[1]); - } - free (*out); - *out = NULL; - } - - return ret; -} -#endif #endif