From 239b0304339ff42143553fbf15321c0fe37d0553 Mon Sep 17 00:00:00 2001
From: Theodore Tso <tytso@mit.edu>
Date: Tue, 29 Sep 1992 14:17:12 +0000
Subject: [PATCH] Fold in ISI changes for asn.1 fixes

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@2435 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/lib/krb5/asn.1/Imakefile    | 17 +++++---
 src/lib/krb5/asn.1/KRB5-asn.py  | 70 +++++++++++++++++++++------------
 src/lib/krb5/asn.1/kdcr2kkdcr.c | 51 +++++++++++++++++++++++-
 src/lib/krb5/asn.1/kkdcr2kdcr.c | 18 ++++-----
 4 files changed, 114 insertions(+), 42 deletions(-)

diff --git a/src/lib/krb5/asn.1/Imakefile b/src/lib/krb5/asn.1/Imakefile
index 0da8f734f..12e4d7204 100644
--- a/src/lib/krb5/asn.1/Imakefile
+++ b/src/lib/krb5/asn.1/Imakefile
@@ -64,7 +64,6 @@ SRCS= \
 	$(SRCDIR)kkdcr2kdcr.c	\
 	$(SRCDIR)kkey2enck.c	\
 	$(SRCDIR)klsrq2lsrq.c	\
-	$(SRCDIR)kpadt2padt.c	\
 	$(SRCDIR)kprep2prep.c	\
 	$(SRCDIR)kprin2prin.c	\
 	$(SRCDIR)kpriv2priv.c	\
@@ -74,7 +73,6 @@ SRCS= \
 	$(SRCDIR)ktgsr2kdcr.c	\
 	$(SRCDIR)ktkt2tkt.c	\
 	$(SRCDIR)lsrq2klsrq.c	\
-	$(SRCDIR)padt2kpadt.c	\
 	$(SRCDIR)prep2kprep.c	\
 	$(SRCDIR)prin2kprin.c	\
 	$(SRCDIR)priv2kpriv.c	\
@@ -83,7 +81,12 @@ SRCS= \
 	$(SRCDIR)tran2ktran.c	\
 	$(SRCDIR)tgrq2ktgrq.c	\
 	$(SRCDIR)tkt2ktkt.c	\
-	$(SRCDIR)u2gen.c
+	$(SRCDIR)u2gen.c 	\
+	$(SRCDIR)ktgsr2kdcr.c	\
+	$(SRCDIR)kpwd2pwd.c	\
+	$(SRCDIR)kpwds2pwds.c	\
+	$(SRCDIR)pwd2kpwd.c	\
+	$(SRCDIR)pwds2kpwds.c
 
 OBJS= \
 	KRB5_tables.o	\
@@ -121,7 +124,6 @@ OBJS= \
 	kkdcr2kdcr.o	\
 	kkey2enck.o	\
 	klsrq2lsrq.o	\
-	kpadt2padt.o	\
 	kprep2prep.o	\
 	kprin2prin.o	\
 	kpriv2priv.o	\
@@ -131,7 +133,6 @@ OBJS= \
 	ktgsr2kdcr.o	\
 	ktkt2tkt.o	\
 	lsrq2klsrq.o	\
-	padt2kpadt.o	\
 	prep2kprep.o	\
 	prin2kprin.o	\
 	priv2kpriv.o	\
@@ -140,7 +141,11 @@ OBJS= \
 	tran2ktran.o	\
 	tgrq2ktgrq.o	\
 	tkt2ktkt.o	\
-	u2gen.o
+	u2gen.o		\
+	kpwd2pwd.o	\
+	kpwds2pwds.o	\
+	pwd2kpwd.o	\
+	pwds2kpwds.o
 
 all:: includes
 
diff --git a/src/lib/krb5/asn.1/KRB5-asn.py b/src/lib/krb5/asn.1/KRB5-asn.py
index 647604291..93692687f 100644
--- a/src/lib/krb5/asn.1/KRB5-asn.py
+++ b/src/lib/krb5/asn.1/KRB5-asn.py
@@ -22,6 +22,10 @@
 --
 -- ASN.1 definitions for the kerberos network objects
 --
+-- Do not change the order of any structure containing some
+-- element_KRB5_xx unless the corresponding translation code is also
+-- changed.
+--
 
 KRB5 DEFINITIONS ::=
 BEGIN
@@ -34,7 +38,6 @@ SECTIONS encode decode none
 -- the order of stuff in this file matches the order in the draft RFC
 
 Realm ::= GeneralString
-PrincipalName ::= SEQUENCE OF GeneralString
 
 HostAddress ::= SEQUENCE  {
 	addr-type[0]			INTEGER,
@@ -75,6 +78,11 @@ LastReq ::=	SEQUENCE OF SEQUENCE {
 
 KerberosTime ::=	GeneralizedTime -- Specifying UTC time zone (Z)
 
+PrincipalName ::= SEQUENCE{
+	name-type[0]	INTEGER,
+	name-string[1]	SEQUENCE OF GeneralString
+}
+
 Ticket ::=	[APPLICATION 1] SEQUENCE {
 	tkt-vno[0]	INTEGER,
 	realm[1]	Realm,
@@ -98,20 +106,21 @@ EncTicketPart ::=	[APPLICATION 3] SEQUENCE {
 	starttime[6]	KerberosTime OPTIONAL,
 	endtime[7]	KerberosTime,
 	renew-till[8]	KerberosTime OPTIONAL,
-	caddr[9]	HostAddresses,
+	caddr[9]	HostAddresses OPTIONAL,
 	authorization-data[10]	AuthorizationData OPTIONAL
 }
 
 -- Unencrypted authenticator
 Authenticator ::=	[APPLICATION 2] SEQUENCE  {
 	authenticator-vno[0]	INTEGER,
-	crealm[1]	Realm,
-	cname[2]	PrincipalName,
-	cksum[3]	Checksum OPTIONAL,
-	cusec[4]	INTEGER,
-	ctime[5]	KerberosTime,
-	subkey[6]	EncryptionKey OPTIONAL,
-	seq-number[7]	INTEGER OPTIONAL
+	crealm[1]		Realm,
+	cname[2]		PrincipalName,
+	cksum[3]		Checksum OPTIONAL,
+	cusec[4]		INTEGER,
+	ctime[5]		KerberosTime,
+	subkey[6]		EncryptionKey OPTIONAL,
+	seq-number[7]		INTEGER OPTIONAL,
+	authorization-data[8]	AuthorizationData OPTIONAL
 }
 
 TicketFlags ::= BIT STRING {
@@ -131,22 +140,13 @@ AS-REQ ::= [APPLICATION 10] KDC-REQ
 TGS-REQ ::= [APPLICATION 12] KDC-REQ
 
 KDC-REQ ::= SEQUENCE {
-	pvno[1]	INTEGER,
+	pvno[1]		INTEGER,
 	msg-type[2]	INTEGER,
-	padata[3]	PA-DATA OPTIONAL, -- encoded AP-REQ, not optional
-					  -- in the TGS-REQ
+	padata[3]	SEQUENCE OF PA-DATA OPTIONAL,
 	req-body[4]	KDC-REQ-BODY
 }
 
--- Note that the RFC specifies that PA-DATA is just a SEQUENCE, and when
--- it appears in the messages, it's a SEQUENCE OF PA-DATA.
--- However, this has an identical encoding to the data defined here,
--- which has PA-DATA as SEQUENCE OF SEQUENCE, and the messages use a
--- straight PA-DATA. This has the advantage (at least under ISODE) of
--- giving a "known" name to the PA-DATA array, making it more easily
--- manipulated by "glue code".
-
-PA-DATA ::=	SEQUENCE OF SEQUENCE {
+PA-DATA ::= SEQUENCE {
 	padata-type[1]	INTEGER,
 	pa-data[2]	OCTET STRING -- might be encoded AP-REQ
 }
@@ -160,9 +160,11 @@ KDC-REQ-BODY ::=	SEQUENCE {
 	 till[5]	KerberosTime,
 	 rtime[6]	KerberosTime OPTIONAL,
 	 nonce[7]	INTEGER,
-	 etype[8]	SEQUENCE OF INTEGER, -- EncryptionType, in preference order
+	 etype[8]	SEQUENCE OF INTEGER, -- EncryptionType, 
+			-- in preference order
 	 addresses[9]	HostAddresses OPTIONAL,
-	 enc-authorization-data[10]	EncryptedData OPTIONAL, -- AuthorizationData
+	 enc-authorization-data[10]	EncryptedData OPTIONAL, 
+			-- AuthorizationData
 	 additional-tickets[11]	SEQUENCE OF Ticket OPTIONAL
 }
 
@@ -171,7 +173,7 @@ TGS-REP ::= [APPLICATION 13] KDC-REP
 KDC-REP ::= SEQUENCE {
 	pvno[0]				INTEGER,
 	msg-type[1]			INTEGER,
-	padata[2]			PA-DATA OPTIONAL,
+	padata[2]			SEQUENCE OF PA-DATA OPTIONAL,
 	crealm[3]			Realm,
 	cname[4]			PrincipalName,
 	ticket[5]			Ticket,		-- Ticket
@@ -181,7 +183,7 @@ KDC-REP ::= SEQUENCE {
 EncASRepPart ::= [APPLICATION 25] EncKDCRepPart
 EncTGSRepPart ::= [APPLICATION 26] EncKDCRepPart
 EncKDCRepPart ::=  SEQUENCE {
-	key[0]	EncryptionKey,
+	key[0]		EncryptionKey,
 	last-req[1]	LastReq,
 	nonce[2]	INTEGER,
 	key-expiration[3]	KerberosTime OPTIONAL,
@@ -229,7 +231,7 @@ KRB-SAFE ::= [APPLICATION 20] SEQUENCE {
 	cksum[3]			Checksum			
 }
 
-KRB-SAFE-BODY ::=	SEQUENCE {
+KRB-SAFE-BODY ::= SEQUENCE {
 	user-data[0]			OCTET STRING,
 	timestamp[1]			KerberosTime OPTIONAL,
 	usec[2]				INTEGER OPTIONAL,
@@ -289,4 +291,20 @@ METHOD-DATA ::= SEQUENCE {
 	method-type[0]	INTEGER,
 	method-data[1]	OCTET STRING OPTIONAL
 }
+
+-- These ASN.1 definitions are NOT part of the official Kerberos protocol... 
+
+-- New ASN.1 definitions for the kadmin protocol.
+-- Originally contributed from the Sandia modifications
+
+PasswdSequence ::= SEQUENCE {
+	passwd[0]			OCTET STRING,
+	phrase[1]			OCTET STRING
+}
+
+PasswdData ::= SEQUENCE {
+	passwd-sequence-count[0]	INTEGER,
+	passwd-sequence[1]		SEQUENCE OF PasswdSequence
+}
+
 END
diff --git a/src/lib/krb5/asn.1/kdcr2kkdcr.c b/src/lib/krb5/asn.1/kdcr2kkdcr.c
index 85284bbc6..0e3cf5f4d 100644
--- a/src/lib/krb5/asn.1/kdcr2kkdcr.c
+++ b/src/lib/krb5/asn.1/kdcr2kkdcr.c
@@ -41,6 +41,55 @@ static char rcsid_kdcr2kkdcr_c[] =
 
 /* ISODE defines max(a,b) */
 
+
+krb5_pa_data **
+element_KRB5_112krb5_pa_data(val, error)
+    struct element_KRB5_11 *val;
+    register int *error;
+{
+    register krb5_pa_data **retval;
+    register int i;
+    register struct element_KRB5_11 *rv;
+
+    for (i = 0, rv = val; rv; i++, rv = rv->next)
+	;
+
+    /* plus one for null terminator */
+    retval = (krb5_pa_data **) xcalloc(i + 1, sizeof(*retval));
+    if (!retval) {
+	*error = ENOMEM;
+	return(0);
+    }
+    for (i = 0, rv = val; rv; rv = rv->next, i++) {
+	if (qb_pullup(rv->PA__DATA->pa__data) != OK) {
+	    xfree(retval);
+	    *error = ENOMEM;
+	    return(0);
+	}
+	retval[i] = (krb5_pa_data *) xmalloc(sizeof(*retval[i]));
+	if (!retval[i]) {
+	    krb5_free_pa_data(retval);
+	    *error = ENOMEM;
+	    return(0);
+	}
+	retval[i]->contents = (unsigned char *)xmalloc(rv->PA__DATA->pa__data->qb_forw->qb_len);
+	if (!retval[i]->contents) {
+	    xfree(retval[i]);
+	    retval[i] = 0;
+	    krb5_free_pa_data(retval);
+	    *error = ENOMEM;
+	    return(0);
+	}
+	retval[i]->pa_type = rv->PA__DATA->padata__type;
+	retval[i]->length = rv->PA__DATA->pa__data->qb_forw->qb_len;
+	xbcopy(rv->PA__DATA->pa__data->qb_forw->qb_data,
+	      retval[i]->contents, retval[i]->length);
+    }
+    retval[i] = 0;
+    return(retval);
+}
+
+
 krb5_kdc_rep *
 KRB5_KDC__REP2krb5_kdc_rep(val, error)
 const register struct type_KRB5_TGS__REP *val;
@@ -59,7 +108,7 @@ register int *error;
     retval->msg_type = val->msg__type;
 
     if (val->padata) {
-	retval->padata = KRB5_PA__DATA2krb5_pa_data(val->padata, error);
+	retval->padata = element_KRB5_112krb5_pa_data(val->padata, error);
 	if (*error) {
 	    xfree(retval);
 	    return 0;
diff --git a/src/lib/krb5/asn.1/kkdcr2kdcr.c b/src/lib/krb5/asn.1/kkdcr2kdcr.c
index 4b2dfe1f0..b85f9e23f 100644
--- a/src/lib/krb5/asn.1/kkdcr2kdcr.c
+++ b/src/lib/krb5/asn.1/kkdcr2kdcr.c
@@ -58,8 +58,13 @@ struct element_KRB5_11 *krb5_pa_data2element_KRB5_11(val, error)
 
 	rv2 = (struct element_KRB5_11 *) xmalloc(sizeof(*rv2));
 	if (!rv2) {
-	    if (retval)
-		free_KRB5_PA__DATA(retval);
+	errout:
+	    while (retval) {
+		free_KRB5_PA__DATA(retval->PA__DATA);
+		rv1 = retval->next;
+		free(retval);
+		retval = rv1;
+	    }
 	    *error = ENOMEM;
 	    return(0);
 	}
@@ -71,13 +76,8 @@ struct element_KRB5_11 *krb5_pa_data2element_KRB5_11(val, error)
 
 	rv2->PA__DATA = (struct type_KRB5_PA__DATA *)
 	    xmalloc(sizeof(*(rv2->PA__DATA)));
-	if (!rv2->PA__DATA) {
-	errout:
-	    if (retval)
-		free_KRB5_PA__DATA(retval);
-	    *error = ENOMEM;
-	    return(0);
-	}    
+	if (!rv2->PA__DATA)
+	    goto errout;
 	rv2->PA__DATA->padata__type = val[i]->pa_type;
 	rv2->PA__DATA->pa__data = str2qb((char *)(val[i])->contents,
 					       (val[i])->length, 1);
-- 
2.26.2