From 239b0304339ff42143553fbf15321c0fe37d0553 Mon Sep 17 00:00:00 2001 From: Theodore Tso Date: Tue, 29 Sep 1992 14:17:12 +0000 Subject: [PATCH] Fold in ISI changes for asn.1 fixes git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@2435 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/krb5/asn.1/Imakefile | 17 +++++--- src/lib/krb5/asn.1/KRB5-asn.py | 70 +++++++++++++++++++++------------ src/lib/krb5/asn.1/kdcr2kkdcr.c | 51 +++++++++++++++++++++++- src/lib/krb5/asn.1/kkdcr2kdcr.c | 18 ++++----- 4 files changed, 114 insertions(+), 42 deletions(-) diff --git a/src/lib/krb5/asn.1/Imakefile b/src/lib/krb5/asn.1/Imakefile index 0da8f734f..12e4d7204 100644 --- a/src/lib/krb5/asn.1/Imakefile +++ b/src/lib/krb5/asn.1/Imakefile @@ -64,7 +64,6 @@ SRCS= \ $(SRCDIR)kkdcr2kdcr.c \ $(SRCDIR)kkey2enck.c \ $(SRCDIR)klsrq2lsrq.c \ - $(SRCDIR)kpadt2padt.c \ $(SRCDIR)kprep2prep.c \ $(SRCDIR)kprin2prin.c \ $(SRCDIR)kpriv2priv.c \ @@ -74,7 +73,6 @@ SRCS= \ $(SRCDIR)ktgsr2kdcr.c \ $(SRCDIR)ktkt2tkt.c \ $(SRCDIR)lsrq2klsrq.c \ - $(SRCDIR)padt2kpadt.c \ $(SRCDIR)prep2kprep.c \ $(SRCDIR)prin2kprin.c \ $(SRCDIR)priv2kpriv.c \ @@ -83,7 +81,12 @@ SRCS= \ $(SRCDIR)tran2ktran.c \ $(SRCDIR)tgrq2ktgrq.c \ $(SRCDIR)tkt2ktkt.c \ - $(SRCDIR)u2gen.c + $(SRCDIR)u2gen.c \ + $(SRCDIR)ktgsr2kdcr.c \ + $(SRCDIR)kpwd2pwd.c \ + $(SRCDIR)kpwds2pwds.c \ + $(SRCDIR)pwd2kpwd.c \ + $(SRCDIR)pwds2kpwds.c OBJS= \ KRB5_tables.o \ @@ -121,7 +124,6 @@ OBJS= \ kkdcr2kdcr.o \ kkey2enck.o \ klsrq2lsrq.o \ - kpadt2padt.o \ kprep2prep.o \ kprin2prin.o \ kpriv2priv.o \ @@ -131,7 +133,6 @@ OBJS= \ ktgsr2kdcr.o \ ktkt2tkt.o \ lsrq2klsrq.o \ - padt2kpadt.o \ prep2kprep.o \ prin2kprin.o \ priv2kpriv.o \ @@ -140,7 +141,11 @@ OBJS= \ tran2ktran.o \ tgrq2ktgrq.o \ tkt2ktkt.o \ - u2gen.o + u2gen.o \ + kpwd2pwd.o \ + kpwds2pwds.o \ + pwd2kpwd.o \ + pwds2kpwds.o all:: includes diff --git a/src/lib/krb5/asn.1/KRB5-asn.py b/src/lib/krb5/asn.1/KRB5-asn.py index 647604291..93692687f 100644 --- a/src/lib/krb5/asn.1/KRB5-asn.py +++ b/src/lib/krb5/asn.1/KRB5-asn.py @@ -22,6 +22,10 @@ -- -- ASN.1 definitions for the kerberos network objects -- +-- Do not change the order of any structure containing some +-- element_KRB5_xx unless the corresponding translation code is also +-- changed. +-- KRB5 DEFINITIONS ::= BEGIN @@ -34,7 +38,6 @@ SECTIONS encode decode none -- the order of stuff in this file matches the order in the draft RFC Realm ::= GeneralString -PrincipalName ::= SEQUENCE OF GeneralString HostAddress ::= SEQUENCE { addr-type[0] INTEGER, @@ -75,6 +78,11 @@ LastReq ::= SEQUENCE OF SEQUENCE { KerberosTime ::= GeneralizedTime -- Specifying UTC time zone (Z) +PrincipalName ::= SEQUENCE{ + name-type[0] INTEGER, + name-string[1] SEQUENCE OF GeneralString +} + Ticket ::= [APPLICATION 1] SEQUENCE { tkt-vno[0] INTEGER, realm[1] Realm, @@ -98,20 +106,21 @@ EncTicketPart ::= [APPLICATION 3] SEQUENCE { starttime[6] KerberosTime OPTIONAL, endtime[7] KerberosTime, renew-till[8] KerberosTime OPTIONAL, - caddr[9] HostAddresses, + caddr[9] HostAddresses OPTIONAL, authorization-data[10] AuthorizationData OPTIONAL } -- Unencrypted authenticator Authenticator ::= [APPLICATION 2] SEQUENCE { authenticator-vno[0] INTEGER, - crealm[1] Realm, - cname[2] PrincipalName, - cksum[3] Checksum OPTIONAL, - cusec[4] INTEGER, - ctime[5] KerberosTime, - subkey[6] EncryptionKey OPTIONAL, - seq-number[7] INTEGER OPTIONAL + crealm[1] Realm, + cname[2] PrincipalName, + cksum[3] Checksum OPTIONAL, + cusec[4] INTEGER, + ctime[5] KerberosTime, + subkey[6] EncryptionKey OPTIONAL, + seq-number[7] INTEGER OPTIONAL, + authorization-data[8] AuthorizationData OPTIONAL } TicketFlags ::= BIT STRING { @@ -131,22 +140,13 @@ AS-REQ ::= [APPLICATION 10] KDC-REQ TGS-REQ ::= [APPLICATION 12] KDC-REQ KDC-REQ ::= SEQUENCE { - pvno[1] INTEGER, + pvno[1] INTEGER, msg-type[2] INTEGER, - padata[3] PA-DATA OPTIONAL, -- encoded AP-REQ, not optional - -- in the TGS-REQ + padata[3] SEQUENCE OF PA-DATA OPTIONAL, req-body[4] KDC-REQ-BODY } --- Note that the RFC specifies that PA-DATA is just a SEQUENCE, and when --- it appears in the messages, it's a SEQUENCE OF PA-DATA. --- However, this has an identical encoding to the data defined here, --- which has PA-DATA as SEQUENCE OF SEQUENCE, and the messages use a --- straight PA-DATA. This has the advantage (at least under ISODE) of --- giving a "known" name to the PA-DATA array, making it more easily --- manipulated by "glue code". - -PA-DATA ::= SEQUENCE OF SEQUENCE { +PA-DATA ::= SEQUENCE { padata-type[1] INTEGER, pa-data[2] OCTET STRING -- might be encoded AP-REQ } @@ -160,9 +160,11 @@ KDC-REQ-BODY ::= SEQUENCE { till[5] KerberosTime, rtime[6] KerberosTime OPTIONAL, nonce[7] INTEGER, - etype[8] SEQUENCE OF INTEGER, -- EncryptionType, in preference order + etype[8] SEQUENCE OF INTEGER, -- EncryptionType, + -- in preference order addresses[9] HostAddresses OPTIONAL, - enc-authorization-data[10] EncryptedData OPTIONAL, -- AuthorizationData + enc-authorization-data[10] EncryptedData OPTIONAL, + -- AuthorizationData additional-tickets[11] SEQUENCE OF Ticket OPTIONAL } @@ -171,7 +173,7 @@ TGS-REP ::= [APPLICATION 13] KDC-REP KDC-REP ::= SEQUENCE { pvno[0] INTEGER, msg-type[1] INTEGER, - padata[2] PA-DATA OPTIONAL, + padata[2] SEQUENCE OF PA-DATA OPTIONAL, crealm[3] Realm, cname[4] PrincipalName, ticket[5] Ticket, -- Ticket @@ -181,7 +183,7 @@ KDC-REP ::= SEQUENCE { EncASRepPart ::= [APPLICATION 25] EncKDCRepPart EncTGSRepPart ::= [APPLICATION 26] EncKDCRepPart EncKDCRepPart ::= SEQUENCE { - key[0] EncryptionKey, + key[0] EncryptionKey, last-req[1] LastReq, nonce[2] INTEGER, key-expiration[3] KerberosTime OPTIONAL, @@ -229,7 +231,7 @@ KRB-SAFE ::= [APPLICATION 20] SEQUENCE { cksum[3] Checksum } -KRB-SAFE-BODY ::= SEQUENCE { +KRB-SAFE-BODY ::= SEQUENCE { user-data[0] OCTET STRING, timestamp[1] KerberosTime OPTIONAL, usec[2] INTEGER OPTIONAL, @@ -289,4 +291,20 @@ METHOD-DATA ::= SEQUENCE { method-type[0] INTEGER, method-data[1] OCTET STRING OPTIONAL } + +-- These ASN.1 definitions are NOT part of the official Kerberos protocol... + +-- New ASN.1 definitions for the kadmin protocol. +-- Originally contributed from the Sandia modifications + +PasswdSequence ::= SEQUENCE { + passwd[0] OCTET STRING, + phrase[1] OCTET STRING +} + +PasswdData ::= SEQUENCE { + passwd-sequence-count[0] INTEGER, + passwd-sequence[1] SEQUENCE OF PasswdSequence +} + END diff --git a/src/lib/krb5/asn.1/kdcr2kkdcr.c b/src/lib/krb5/asn.1/kdcr2kkdcr.c index 85284bbc6..0e3cf5f4d 100644 --- a/src/lib/krb5/asn.1/kdcr2kkdcr.c +++ b/src/lib/krb5/asn.1/kdcr2kkdcr.c @@ -41,6 +41,55 @@ static char rcsid_kdcr2kkdcr_c[] = /* ISODE defines max(a,b) */ + +krb5_pa_data ** +element_KRB5_112krb5_pa_data(val, error) + struct element_KRB5_11 *val; + register int *error; +{ + register krb5_pa_data **retval; + register int i; + register struct element_KRB5_11 *rv; + + for (i = 0, rv = val; rv; i++, rv = rv->next) + ; + + /* plus one for null terminator */ + retval = (krb5_pa_data **) xcalloc(i + 1, sizeof(*retval)); + if (!retval) { + *error = ENOMEM; + return(0); + } + for (i = 0, rv = val; rv; rv = rv->next, i++) { + if (qb_pullup(rv->PA__DATA->pa__data) != OK) { + xfree(retval); + *error = ENOMEM; + return(0); + } + retval[i] = (krb5_pa_data *) xmalloc(sizeof(*retval[i])); + if (!retval[i]) { + krb5_free_pa_data(retval); + *error = ENOMEM; + return(0); + } + retval[i]->contents = (unsigned char *)xmalloc(rv->PA__DATA->pa__data->qb_forw->qb_len); + if (!retval[i]->contents) { + xfree(retval[i]); + retval[i] = 0; + krb5_free_pa_data(retval); + *error = ENOMEM; + return(0); + } + retval[i]->pa_type = rv->PA__DATA->padata__type; + retval[i]->length = rv->PA__DATA->pa__data->qb_forw->qb_len; + xbcopy(rv->PA__DATA->pa__data->qb_forw->qb_data, + retval[i]->contents, retval[i]->length); + } + retval[i] = 0; + return(retval); +} + + krb5_kdc_rep * KRB5_KDC__REP2krb5_kdc_rep(val, error) const register struct type_KRB5_TGS__REP *val; @@ -59,7 +108,7 @@ register int *error; retval->msg_type = val->msg__type; if (val->padata) { - retval->padata = KRB5_PA__DATA2krb5_pa_data(val->padata, error); + retval->padata = element_KRB5_112krb5_pa_data(val->padata, error); if (*error) { xfree(retval); return 0; diff --git a/src/lib/krb5/asn.1/kkdcr2kdcr.c b/src/lib/krb5/asn.1/kkdcr2kdcr.c index 4b2dfe1f0..b85f9e23f 100644 --- a/src/lib/krb5/asn.1/kkdcr2kdcr.c +++ b/src/lib/krb5/asn.1/kkdcr2kdcr.c @@ -58,8 +58,13 @@ struct element_KRB5_11 *krb5_pa_data2element_KRB5_11(val, error) rv2 = (struct element_KRB5_11 *) xmalloc(sizeof(*rv2)); if (!rv2) { - if (retval) - free_KRB5_PA__DATA(retval); + errout: + while (retval) { + free_KRB5_PA__DATA(retval->PA__DATA); + rv1 = retval->next; + free(retval); + retval = rv1; + } *error = ENOMEM; return(0); } @@ -71,13 +76,8 @@ struct element_KRB5_11 *krb5_pa_data2element_KRB5_11(val, error) rv2->PA__DATA = (struct type_KRB5_PA__DATA *) xmalloc(sizeof(*(rv2->PA__DATA))); - if (!rv2->PA__DATA) { - errout: - if (retval) - free_KRB5_PA__DATA(retval); - *error = ENOMEM; - return(0); - } + if (!rv2->PA__DATA) + goto errout; rv2->PA__DATA->padata__type = val[i]->pa_type; rv2->PA__DATA->pa__data = str2qb((char *)(val[i])->contents, (val[i])->length, 1); -- 2.26.2