From 83b7075228f44782ffef65810e9b7dfb92218e6f Mon Sep 17 00:00:00 2001 From: Ken Raeburn Date: Fri, 5 Sep 2008 20:39:19 +0000 Subject: [PATCH] Whitespace changes, mostly horizontal, for consistency with current style: indentation levels, spacing around if/else/for/while and braces. Still plenty of inconsistency with current coding standards, especially for when line breaks are to be used. Didn't touch multi-line macro definitions, or .h function declarations. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20707 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/krb5/asn.1/asn1_decode.c | 270 ++--- src/lib/krb5/asn.1/asn1_encode.c | 360 +++---- src/lib/krb5/asn.1/asn1_get.c | 6 +- src/lib/krb5/asn.1/asn1_k_decode.c | 1518 ++++++++++++++-------------- src/lib/krb5/asn.1/asn1_k_encode.c | 1514 +++++++++++++-------------- src/lib/krb5/asn.1/asn1_make.c | 176 ++-- src/lib/krb5/asn.1/asn1_misc.c | 12 +- src/lib/krb5/asn.1/asn1buf.c | 436 ++++---- src/lib/krb5/asn.1/asn1buf.h | 12 +- src/lib/krb5/asn.1/krb5_decode.c | 1116 ++++++++++---------- src/lib/krb5/asn.1/krb5_encode.c | 1024 +++++++++---------- src/lib/krb5/asn.1/ldap_key_seq.c | 3 +- 12 files changed, 3224 insertions(+), 3223 deletions(-) diff --git a/src/lib/krb5/asn.1/asn1_decode.c b/src/lib/krb5/asn.1/asn1_decode.c index 5fc1cc3ec..dffd93b44 100644 --- a/src/lib/krb5/asn.1/asn1_decode.c +++ b/src/lib/krb5/asn.1/asn1_decode.c @@ -49,8 +49,8 @@ taginfo tinfo #define tag(type)\ retval = asn1_get_tag_2(buf,&tinfo);\ -if(retval) return retval;\ -if(asn1class != UNIVERSAL || construction != PRIMITIVE || tagnum != type)\ +if (retval) return retval;\ +if (asn1class != UNIVERSAL || construction != PRIMITIVE || tagnum != type)\ return ASN1_BAD_ID #define cleanup()\ @@ -58,51 +58,51 @@ return 0 asn1_error_code asn1_decode_integer(asn1buf *buf, long int *val) { - setup(); - asn1_octet o; - long n = 0; /* initialize to keep gcc happy */ - unsigned int i; + setup(); + asn1_octet o; + long n = 0; /* initialize to keep gcc happy */ + unsigned int i; - tag(ASN1_INTEGER); + tag(ASN1_INTEGER); - for (i = 0; i < length; i++) { - retval = asn1buf_remove_octet(buf, &o); - if (retval) return retval; - if (!i) { - n = (0x80 & o) ? -1 : 0; /* grab sign bit */ - if (n < 0 && length > sizeof (long)) - return ASN1_OVERFLOW; - else if (length > sizeof (long) + 1) /* allow extra octet for positive */ - return ASN1_OVERFLOW; + for (i = 0; i < length; i++) { + retval = asn1buf_remove_octet(buf, &o); + if (retval) return retval; + if (!i) { + n = (0x80 & o) ? -1 : 0; /* grab sign bit */ + if (n < 0 && length > sizeof (long)) + return ASN1_OVERFLOW; + else if (length > sizeof (long) + 1) /* allow extra octet for positive */ + return ASN1_OVERFLOW; + } + n = (n << 8) | o; } - n = (n << 8) | o; - } - *val = n; - cleanup(); + *val = n; + cleanup(); } asn1_error_code asn1_decode_unsigned_integer(asn1buf *buf, long unsigned int *val) { - setup(); - asn1_octet o; - unsigned long n; - unsigned int i; + setup(); + asn1_octet o; + unsigned long n; + unsigned int i; - tag(ASN1_INTEGER); + tag(ASN1_INTEGER); - for (i = 0, n = 0; i < length; i++) { - retval = asn1buf_remove_octet(buf, &o); - if(retval) return retval; - if (!i) { - if (0x80 & o) - return ASN1_OVERFLOW; - else if (length > sizeof (long) + 1) - return ASN1_OVERFLOW; + for (i = 0, n = 0; i < length; i++) { + retval = asn1buf_remove_octet(buf, &o); + if (retval) return retval; + if (!i) { + if (0x80 & o) + return ASN1_OVERFLOW; + else if (length > sizeof (long) + 1) + return ASN1_OVERFLOW; + } + n = (n << 8) | o; } - n = (n << 8) | o; - } - *val = n; - cleanup(); + *val = n; + cleanup(); } /* @@ -117,144 +117,144 @@ asn1_error_code asn1_decode_unsigned_integer(asn1buf *buf, long unsigned int *va */ asn1_error_code asn1_decode_maybe_unsigned(asn1buf *buf, unsigned long *val) { - setup(); - asn1_octet o; - unsigned long n, bitsremain; - unsigned int i; + setup(); + asn1_octet o; + unsigned long n, bitsremain; + unsigned int i; - tag(ASN1_INTEGER); - o = 0; - n = 0; - bitsremain = ~0UL; - for (i = 0; i < length; i++) { - /* Accounts for u_long width not being a multiple of 8. */ - if (bitsremain < 0xff) return ASN1_OVERFLOW; - retval = asn1buf_remove_octet(buf, &o); - if (retval) return retval; - if (bitsremain == ~0UL) { - if (i == 0) - n = (o & 0x80) ? ~0UL : 0UL; /* grab sign bit */ - /* - * Skip leading zero or 0xFF octets to humor non-compliant encoders. - */ - if (n == 0 && o == 0) - continue; - if (n == ~0UL && o == 0xff) - continue; + tag(ASN1_INTEGER); + o = 0; + n = 0; + bitsremain = ~0UL; + for (i = 0; i < length; i++) { + /* Accounts for u_long width not being a multiple of 8. */ + if (bitsremain < 0xff) return ASN1_OVERFLOW; + retval = asn1buf_remove_octet(buf, &o); + if (retval) return retval; + if (bitsremain == ~0UL) { + if (i == 0) + n = (o & 0x80) ? ~0UL : 0UL; /* grab sign bit */ + /* + * Skip leading zero or 0xFF octets to humor non-compliant encoders. + */ + if (n == 0 && o == 0) + continue; + if (n == ~0UL && o == 0xff) + continue; + } + n = (n << 8) | o; + bitsremain >>= 8; } - n = (n << 8) | o; - bitsremain >>= 8; - } - *val = n; - cleanup(); + *val = n; + cleanup(); } asn1_error_code asn1_decode_oid(asn1buf *buf, unsigned int *retlen, asn1_octet **val) { - setup(); - tag(ASN1_OBJECTIDENTIFIER); - retval = asn1buf_remove_octetstring(buf, length, val); - if (retval) return retval; - *retlen = length; - cleanup(); + setup(); + tag(ASN1_OBJECTIDENTIFIER); + retval = asn1buf_remove_octetstring(buf, length, val); + if (retval) return retval; + *retlen = length; + cleanup(); } asn1_error_code asn1_decode_octetstring(asn1buf *buf, unsigned int *retlen, asn1_octet **val) { - setup(); - tag(ASN1_OCTETSTRING); - retval = asn1buf_remove_octetstring(buf,length,val); - if(retval) return retval; - *retlen = length; - cleanup(); + setup(); + tag(ASN1_OCTETSTRING); + retval = asn1buf_remove_octetstring(buf,length,val); + if (retval) return retval; + *retlen = length; + cleanup(); } asn1_error_code asn1_decode_charstring(asn1buf *buf, unsigned int *retlen, char **val) { - setup(); - tag(ASN1_OCTETSTRING); - retval = asn1buf_remove_charstring(buf,length,val); - if(retval) return retval; - *retlen = length; - cleanup(); + setup(); + tag(ASN1_OCTETSTRING); + retval = asn1buf_remove_charstring(buf,length,val); + if (retval) return retval; + *retlen = length; + cleanup(); } asn1_error_code asn1_decode_generalstring(asn1buf *buf, unsigned int *retlen, char **val) { - setup(); - tag(ASN1_GENERALSTRING); - retval = asn1buf_remove_charstring(buf,length,val); - if(retval) return retval; - *retlen = length; - cleanup(); + setup(); + tag(ASN1_GENERALSTRING); + retval = asn1buf_remove_charstring(buf,length,val); + if (retval) return retval; + *retlen = length; + cleanup(); } asn1_error_code asn1_decode_null(asn1buf *buf) { - setup(); - tag(ASN1_NULL); - if(length != 0) return ASN1_BAD_LENGTH; - cleanup(); + setup(); + tag(ASN1_NULL); + if (length != 0) return ASN1_BAD_LENGTH; + cleanup(); } asn1_error_code asn1_decode_printablestring(asn1buf *buf, int *retlen, char **val) { - setup(); - tag(ASN1_PRINTABLESTRING); - retval = asn1buf_remove_charstring(buf,length,val); - if(retval) return retval; - *retlen = length; - cleanup(); + setup(); + tag(ASN1_PRINTABLESTRING); + retval = asn1buf_remove_charstring(buf,length,val); + if (retval) return retval; + *retlen = length; + cleanup(); } asn1_error_code asn1_decode_ia5string(asn1buf *buf, int *retlen, char **val) { - setup(); - tag(ASN1_IA5STRING); - retval = asn1buf_remove_charstring(buf,length,val); - if(retval) return retval; - *retlen = length; - cleanup(); + setup(); + tag(ASN1_IA5STRING); + retval = asn1buf_remove_charstring(buf,length,val); + if (retval) return retval; + *retlen = length; + cleanup(); } asn1_error_code asn1_decode_generaltime(asn1buf *buf, time_t *val) { - setup(); - char *s; - struct tm ts; - time_t t; + setup(); + char *s; + struct tm ts; + time_t t; - tag(ASN1_GENERALTIME); + tag(ASN1_GENERALTIME); - if(length != 15) return ASN1_BAD_LENGTH; - retval = asn1buf_remove_charstring(buf,15,&s); - /* Time encoding: YYYYMMDDhhmmssZ */ - if(s[14] != 'Z') { - free(s); - return ASN1_BAD_FORMAT; - } - if(s[0] == '1' && !memcmp("19700101000000Z", s, 15)) { - t = 0; - free(s); - goto done; - } + if (length != 15) return ASN1_BAD_LENGTH; + retval = asn1buf_remove_charstring(buf,15,&s); + /* Time encoding: YYYYMMDDhhmmssZ */ + if (s[14] != 'Z') { + free(s); + return ASN1_BAD_FORMAT; + } + if (s[0] == '1' && !memcmp("19700101000000Z", s, 15)) { + t = 0; + free(s); + goto done; + } #define c2i(c) ((c)-'0') - ts.tm_year = 1000*c2i(s[0]) + 100*c2i(s[1]) + 10*c2i(s[2]) + c2i(s[3]) - - 1900; - ts.tm_mon = 10*c2i(s[4]) + c2i(s[5]) - 1; - ts.tm_mday = 10*c2i(s[6]) + c2i(s[7]); - ts.tm_hour = 10*c2i(s[8]) + c2i(s[9]); - ts.tm_min = 10*c2i(s[10]) + c2i(s[11]); - ts.tm_sec = 10*c2i(s[12]) + c2i(s[13]); - ts.tm_isdst = -1; - t = krb5int_gmt_mktime(&ts); - free(s); + ts.tm_year = 1000*c2i(s[0]) + 100*c2i(s[1]) + 10*c2i(s[2]) + c2i(s[3]) + - 1900; + ts.tm_mon = 10*c2i(s[4]) + c2i(s[5]) - 1; + ts.tm_mday = 10*c2i(s[6]) + c2i(s[7]); + ts.tm_hour = 10*c2i(s[8]) + c2i(s[9]); + ts.tm_min = 10*c2i(s[10]) + c2i(s[11]); + ts.tm_sec = 10*c2i(s[12]) + c2i(s[13]); + ts.tm_isdst = -1; + t = krb5int_gmt_mktime(&ts); + free(s); - if(t == -1) return ASN1_BAD_TIMEFORMAT; + if (t == -1) return ASN1_BAD_TIMEFORMAT; done: - *val = t; - cleanup(); + *val = t; + cleanup(); } diff --git a/src/lib/krb5/asn.1/asn1_encode.c b/src/lib/krb5/asn.1/asn1_encode.c index 5ef2a3efa..add932ecb 100644 --- a/src/lib/krb5/asn.1/asn1_encode.c +++ b/src/lib/krb5/asn.1/asn1_encode.c @@ -32,269 +32,269 @@ static asn1_error_code asn1_encode_integer_internal(asn1buf *buf, long val, unsigned int *retlen) { - asn1_error_code retval; - unsigned int length = 0; - long valcopy; - int digit; + asn1_error_code retval; + unsigned int length = 0; + long valcopy; + int digit; - valcopy = val; - do { - digit = (int) (valcopy&0xFF); - retval = asn1buf_insert_octet(buf,(asn1_octet) digit); - if(retval) return retval; - length++; - valcopy = valcopy >> 8; - } while (valcopy != 0 && valcopy != ~0); - - if((val > 0) && ((digit&0x80) == 0x80)) { /* make sure the high bit is */ - retval = asn1buf_insert_octet(buf,0); /* of the proper signed-ness */ - if(retval) return retval; - length++; - }else if((val < 0) && ((digit&0x80) != 0x80)){ - retval = asn1buf_insert_octet(buf,0xFF); - if(retval) return retval; - length++; - } - - - *retlen = length; - return 0; + valcopy = val; + do { + digit = (int) (valcopy&0xFF); + retval = asn1buf_insert_octet(buf,(asn1_octet) digit); + if (retval) return retval; + length++; + valcopy = valcopy >> 8; + } while (valcopy != 0 && valcopy != ~0); + + if ((val > 0) && ((digit&0x80) == 0x80)) { /* make sure the high bit is */ + retval = asn1buf_insert_octet(buf,0); /* of the proper signed-ness */ + if (retval) return retval; + length++; + } else if ((val < 0) && ((digit&0x80) != 0x80)) { + retval = asn1buf_insert_octet(buf,0xFF); + if (retval) return retval; + length++; + } + + + *retlen = length; + return 0; } asn1_error_code asn1_encode_integer(asn1buf * buf, long val, - unsigned int *retlen) + unsigned int *retlen) { - asn1_error_code retval; - unsigned int length = 0; - unsigned int partlen; - retval = asn1_encode_integer_internal(buf, val, &partlen); - if (retval) return retval; + asn1_error_code retval; + unsigned int length = 0; + unsigned int partlen; + retval = asn1_encode_integer_internal(buf, val, &partlen); + if (retval) return retval; - length = partlen; + length = partlen; retval = asn1_make_tag(buf,UNIVERSAL,PRIMITIVE,ASN1_INTEGER,length, &partlen); - if(retval) return retval; - length += partlen; + if (retval) return retval; + length += partlen; - *retlen = length; - return 0; + *retlen = length; + return 0; } asn1_error_code asn1_encode_enumerated(asn1buf * buf, long val, unsigned int *retlen) { - asn1_error_code retval; - unsigned int length = 0; - unsigned int partlen; - retval = asn1_encode_integer_internal(buf, val, &partlen); - if (retval) return retval; + asn1_error_code retval; + unsigned int length = 0; + unsigned int partlen; + retval = asn1_encode_integer_internal(buf, val, &partlen); + if (retval) return retval; - length = partlen; + length = partlen; retval = asn1_make_tag(buf,UNIVERSAL,PRIMITIVE,ASN1_ENUMERATED,length, &partlen); - if(retval) return retval; - length += partlen; + if (retval) return retval; + length += partlen; - *retlen = length; - return 0; + *retlen = length; + return 0; } asn1_error_code asn1_encode_unsigned_integer(asn1buf *buf, unsigned long val, unsigned int *retlen) { - asn1_error_code retval; - unsigned int length = 0; - unsigned int partlen; - unsigned long valcopy; - int digit; + asn1_error_code retval; + unsigned int length = 0; + unsigned int partlen; + unsigned long valcopy; + int digit; - valcopy = val; - do { - digit = (int) (valcopy&0xFF); - retval = asn1buf_insert_octet(buf,(asn1_octet) digit); - if(retval) return retval; - length++; - valcopy = valcopy >> 8; - } while (valcopy != 0 && valcopy != ~0); - - if(digit&0x80) { /* make sure the high bit is */ - retval = asn1buf_insert_octet(buf,0); /* of the proper signed-ness */ - if(retval) return retval; - length++; - } - - retval = asn1_make_tag(buf,UNIVERSAL,PRIMITIVE,ASN1_INTEGER,length, &partlen); - if(retval) return retval; - length += partlen; - - *retlen = length; - return 0; + valcopy = val; + do { + digit = (int) (valcopy&0xFF); + retval = asn1buf_insert_octet(buf,(asn1_octet) digit); + if (retval) return retval; + length++; + valcopy = valcopy >> 8; + } while (valcopy != 0 && valcopy != ~0); + + if (digit&0x80) { /* make sure the high bit is */ + retval = asn1buf_insert_octet(buf,0); /* of the proper signed-ness */ + if (retval) return retval; + length++; + } + + retval = asn1_make_tag(buf,UNIVERSAL,PRIMITIVE,ASN1_INTEGER,length, &partlen); + if (retval) return retval; + length += partlen; + + *retlen = length; + return 0; } asn1_error_code asn1_encode_oid(asn1buf *buf, unsigned int len, const asn1_octet *val, unsigned int *retlen) { - asn1_error_code retval; - unsigned int length; + asn1_error_code retval; + unsigned int length; - retval = asn1buf_insert_octetstring(buf, len, val); - if (retval) return retval; - retval = asn1_make_tag(buf, UNIVERSAL, PRIMITIVE, ASN1_OBJECTIDENTIFIER, - len, &length); - if (retval) return retval; + retval = asn1buf_insert_octetstring(buf, len, val); + if (retval) return retval; + retval = asn1_make_tag(buf, UNIVERSAL, PRIMITIVE, ASN1_OBJECTIDENTIFIER, + len, &length); + if (retval) return retval; - *retlen = len + length; - return 0; + *retlen = len + length; + return 0; } asn1_error_code asn1_encode_octetstring(asn1buf *buf, unsigned int len, const asn1_octet *val, unsigned int *retlen) { - asn1_error_code retval; - unsigned int length; + asn1_error_code retval; + unsigned int length; - retval = asn1buf_insert_octetstring(buf,len,val); - if(retval) return retval; - retval = asn1_make_tag(buf,UNIVERSAL,PRIMITIVE,ASN1_OCTETSTRING,len,&length); - if(retval) return retval; + retval = asn1buf_insert_octetstring(buf,len,val); + if (retval) return retval; + retval = asn1_make_tag(buf,UNIVERSAL,PRIMITIVE,ASN1_OCTETSTRING,len,&length); + if (retval) return retval; - *retlen = len + length; - return 0; + *retlen = len + length; + return 0; } asn1_error_code asn1_encode_charstring(asn1buf *buf, unsigned int len, const char *val, unsigned int *retlen) { - asn1_error_code retval; - unsigned int length; + asn1_error_code retval; + unsigned int length; - retval = asn1buf_insert_charstring(buf,len,val); - if(retval) return retval; - retval = asn1_make_tag(buf,UNIVERSAL,PRIMITIVE,ASN1_OCTETSTRING,len,&length); - if(retval) return retval; + retval = asn1buf_insert_charstring(buf,len,val); + if (retval) return retval; + retval = asn1_make_tag(buf,UNIVERSAL,PRIMITIVE,ASN1_OCTETSTRING,len,&length); + if (retval) return retval; - *retlen = len + length; - return 0; + *retlen = len + length; + return 0; } asn1_error_code asn1_encode_null(asn1buf *buf, int *retlen) { - asn1_error_code retval; + asn1_error_code retval; - retval = asn1buf_insert_octet(buf,0x00); - if(retval) return retval; - retval = asn1buf_insert_octet(buf,0x05); - if(retval) return retval; + retval = asn1buf_insert_octet(buf,0x00); + if (retval) return retval; + retval = asn1buf_insert_octet(buf,0x05); + if (retval) return retval; - *retlen = 2; - return 0; + *retlen = 2; + return 0; } asn1_error_code asn1_encode_printablestring(asn1buf *buf, unsigned int len, const char *val, int *retlen) { - asn1_error_code retval; - unsigned int length; + asn1_error_code retval; + unsigned int length; - retval = asn1buf_insert_charstring(buf,len,val); - if(retval) return retval; - retval = asn1_make_tag(buf,UNIVERSAL,PRIMITIVE,ASN1_PRINTABLESTRING,len, &length); - if(retval) return retval; + retval = asn1buf_insert_charstring(buf,len,val); + if (retval) return retval; + retval = asn1_make_tag(buf,UNIVERSAL,PRIMITIVE,ASN1_PRINTABLESTRING,len, &length); + if (retval) return retval; - *retlen = len + length; - return 0; + *retlen = len + length; + return 0; } asn1_error_code asn1_encode_ia5string(asn1buf *buf, unsigned int len, const char *val, int *retlen) { - asn1_error_code retval; - unsigned int length; + asn1_error_code retval; + unsigned int length; - retval = asn1buf_insert_charstring(buf,len,val); - if(retval) return retval; - retval = asn1_make_tag(buf,UNIVERSAL,PRIMITIVE,ASN1_IA5STRING,len, &length); - if(retval) return retval; + retval = asn1buf_insert_charstring(buf,len,val); + if (retval) return retval; + retval = asn1_make_tag(buf,UNIVERSAL,PRIMITIVE,ASN1_IA5STRING,len, &length); + if (retval) return retval; - *retlen = len + length; - return 0; + *retlen = len + length; + return 0; } asn1_error_code asn1_encode_generaltime(asn1buf *buf, time_t val, unsigned int *retlen) { - asn1_error_code retval; - struct tm *gtime, gtimebuf; - char s[16], *sp; - unsigned int length, sum=0; - time_t gmt_time = val; - - /* - * Time encoding: YYYYMMDDhhmmssZ - */ - if (gmt_time == 0) { - sp = "19700101000000Z"; - } else { - - /* - * Sanity check this just to be paranoid, as gmtime can return NULL, - * and some bogus implementations might overrun on the sprintf. - */ + asn1_error_code retval; + struct tm *gtime, gtimebuf; + char s[16], *sp; + unsigned int length, sum=0; + time_t gmt_time = val; + + /* + * Time encoding: YYYYMMDDhhmmssZ + */ + if (gmt_time == 0) { + sp = "19700101000000Z"; + } else { + + /* + * Sanity check this just to be paranoid, as gmtime can return NULL, + * and some bogus implementations might overrun on the sprintf. + */ #ifdef HAVE_GMTIME_R # ifdef GMTIME_R_RETURNS_INT - if (gmtime_r(&gmt_time, >imebuf) != 0) - return ASN1_BAD_GMTIME; + if (gmtime_r(&gmt_time, >imebuf) != 0) + return ASN1_BAD_GMTIME; # else - if (gmtime_r(&gmt_time, >imebuf) == NULL) - return ASN1_BAD_GMTIME; + if (gmtime_r(&gmt_time, >imebuf) == NULL) + return ASN1_BAD_GMTIME; # endif #else - gtime = gmtime(&gmt_time); - if (gtime == NULL) - return ASN1_BAD_GMTIME; - memcpy(>imebuf, gtime, sizeof(gtimebuf)); + gtime = gmtime(&gmt_time); + if (gtime == NULL) + return ASN1_BAD_GMTIME; + memcpy(>imebuf, gtime, sizeof(gtimebuf)); #endif - gtime = >imebuf; - - if (gtime->tm_year > 8099 || gtime->tm_mon > 11 || - gtime->tm_mday > 31 || gtime->tm_hour > 23 || - gtime->tm_min > 59 || gtime->tm_sec > 59) - return ASN1_BAD_GMTIME; - if (snprintf(s, sizeof(s), "%04d%02d%02d%02d%02d%02dZ", - 1900+gtime->tm_year, gtime->tm_mon+1, gtime->tm_mday, - gtime->tm_hour, gtime->tm_min, gtime->tm_sec) - >= sizeof(s)) - /* Shouldn't be possible given above tests. */ - return ASN1_BAD_GMTIME; - sp = s; - } - - retval = asn1buf_insert_charstring(buf,15,sp); - if(retval) return retval; - sum = 15; - - retval = asn1_make_tag(buf,UNIVERSAL,PRIMITIVE,ASN1_GENERALTIME,sum,&length); - if(retval) return retval; - sum += length; - - *retlen = sum; - return 0; + gtime = >imebuf; + + if (gtime->tm_year > 8099 || gtime->tm_mon > 11 || + gtime->tm_mday > 31 || gtime->tm_hour > 23 || + gtime->tm_min > 59 || gtime->tm_sec > 59) + return ASN1_BAD_GMTIME; + if (snprintf(s, sizeof(s), "%04d%02d%02d%02d%02d%02dZ", + 1900+gtime->tm_year, gtime->tm_mon+1, gtime->tm_mday, + gtime->tm_hour, gtime->tm_min, gtime->tm_sec) + >= sizeof(s)) + /* Shouldn't be possible given above tests. */ + return ASN1_BAD_GMTIME; + sp = s; + } + + retval = asn1buf_insert_charstring(buf,15,sp); + if (retval) return retval; + sum = 15; + + retval = asn1_make_tag(buf,UNIVERSAL,PRIMITIVE,ASN1_GENERALTIME,sum,&length); + if (retval) return retval; + sum += length; + + *retlen = sum; + return 0; } asn1_error_code asn1_encode_generalstring(asn1buf *buf, unsigned int len, const char *val, unsigned int *retlen) { - asn1_error_code retval; - unsigned int length; + asn1_error_code retval; + unsigned int length; - retval = asn1buf_insert_charstring(buf,len,val); - if(retval) return retval; - retval = asn1_make_tag(buf,UNIVERSAL,PRIMITIVE,ASN1_GENERALSTRING,len, - &length); - if(retval) return retval; + retval = asn1buf_insert_charstring(buf,len,val); + if (retval) return retval; + retval = asn1_make_tag(buf,UNIVERSAL,PRIMITIVE,ASN1_GENERALSTRING,len, + &length); + if (retval) return retval; - *retlen = len + length; - return 0; + *retlen = len + length; + return 0; } diff --git a/src/lib/krb5/asn.1/asn1_get.c b/src/lib/krb5/asn.1/asn1_get.c index 8da5fd880..66fd1b6cb 100644 --- a/src/lib/krb5/asn.1/asn1_get.c +++ b/src/lib/krb5/asn.1/asn1_get.c @@ -55,7 +55,7 @@ asn1_get_tag_2(asn1buf *buf, taginfo *t) t->asn1class = (asn1_class)(o&ASN1_CLASS_MASK); t->construction = (asn1_construction)(o&ASN1_CONSTRUCTION_MASK); - if ((o&ASN1_TAG_NUMBER_MASK) != ASN1_TAG_NUMBER_MASK){ + if ((o&ASN1_TAG_NUMBER_MASK) != ASN1_TAG_NUMBER_MASK) { /* low-tag-number form */ t->tagnum = (asn1_tagnum)(o&ASN1_TAG_NUMBER_MASK); } else { @@ -64,7 +64,7 @@ asn1_get_tag_2(asn1buf *buf, taginfo *t) retval = asn1buf_remove_octet(buf,&o); if (retval) return retval; tn = (tn<<7) + (asn1_tagnum)(o&0x7F); - }while(o&0x80); + } while (o&0x80); t->tagnum = tn; } } @@ -84,7 +84,7 @@ asn1_get_tag_2(asn1buf *buf, taginfo *t) for (num = (int)(o&0x7F); num>0; num--) { retval = asn1buf_remove_octet(buf,&o); - if(retval) return retval; + if (retval) return retval; len = (len<<8) + (int)o; } if (len < 0) diff --git a/src/lib/krb5/asn.1/asn1_k_decode.c b/src/lib/krb5/asn.1/asn1_k_decode.c index b332e1392..4290561d7 100644 --- a/src/lib/krb5/asn.1/asn1_k_decode.c +++ b/src/lib/krb5/asn.1/asn1_k_decode.c @@ -70,7 +70,7 @@ asn1_get_eoc_tag (asn1buf *buf) #define get_eoc() \ { \ retval = asn1_get_eoc_tag(&subbuf); \ - if(retval) return retval; \ + if (retval) return retval; \ } #define alloc_field(var, type) \ @@ -370,7 +370,7 @@ asn1_error_code fname(asn1buf * buf, ktype * val)\ asn1_error_code retval;\ long n;\ retval = asn1_decode_integer(buf,&n);\ - if(retval) return retval;\ + if (retval) return retval;\ *val = (ktype)n;\ return 0;\ } @@ -380,7 +380,7 @@ asn1_error_code fname(asn1buf * buf, ktype * val)\ asn1_error_code retval;\ unsigned long n;\ retval = asn1_decode_unsigned_integer(buf,&n);\ - if(retval) return retval;\ + if (retval) return retval;\ *val = (ktype)n;\ return 0;\ } @@ -397,145 +397,145 @@ unsigned_integer_convert(asn1_decode_ui_4,krb5_ui_4) asn1_error_code asn1_decode_seqnum(asn1buf *buf, krb5_ui_4 *val) { - asn1_error_code retval; - unsigned long n; + asn1_error_code retval; + unsigned long n; - retval = asn1_decode_maybe_unsigned(buf, &n); - if (retval) return retval; - *val = (krb5_ui_4)n & 0xffffffff; - return 0; + retval = asn1_decode_maybe_unsigned(buf, &n); + if (retval) return retval; + *val = (krb5_ui_4)n & 0xffffffff; + return 0; } asn1_error_code asn1_decode_msgtype(asn1buf *buf, krb5_msgtype *val) { - asn1_error_code retval; - unsigned long n; + asn1_error_code retval; + unsigned long n; - retval = asn1_decode_unsigned_integer(buf,&n); - if(retval) return retval; + retval = asn1_decode_unsigned_integer(buf,&n); + if (retval) return retval; - *val = (krb5_msgtype) n; - return 0; + *val = (krb5_msgtype) n; + return 0; } /* structures */ asn1_error_code asn1_decode_realm(asn1buf *buf, krb5_principal *val) { - return asn1_decode_generalstring(buf, - &((*val)->realm.length), - &((*val)->realm.data)); + return asn1_decode_generalstring(buf, + &((*val)->realm.length), + &((*val)->realm.data)); } asn1_error_code asn1_decode_principal_name(asn1buf *buf, krb5_principal *val) { - setup(); - { begin_structure(); - get_field((*val)->type,0,asn1_decode_int32); + setup(); + { begin_structure(); + get_field((*val)->type,0,asn1_decode_int32); - { sequence_of_no_tagvars(&subbuf); - while(asn1buf_remains(&seqbuf,seqofindef) > 0){ - size++; - if ((*val)->data == NULL) - (*val)->data = (krb5_data*)malloc(size*sizeof(krb5_data)); - else - (*val)->data = (krb5_data*)realloc((*val)->data, - size*sizeof(krb5_data)); - if((*val)->data == NULL) return ENOMEM; - retval = asn1_decode_generalstring(&seqbuf, - &((*val)->data[size-1].length), - &((*val)->data[size-1].data)); - if(retval) return retval; - } - (*val)->length = size; - end_sequence_of_no_tagvars(&subbuf); - } - if (indef) { - get_eoc(); + { sequence_of_no_tagvars(&subbuf); + while (asn1buf_remains(&seqbuf,seqofindef) > 0) { + size++; + if ((*val)->data == NULL) + (*val)->data = (krb5_data*)malloc(size*sizeof(krb5_data)); + else + (*val)->data = (krb5_data*)realloc((*val)->data, + size*sizeof(krb5_data)); + if ((*val)->data == NULL) return ENOMEM; + retval = asn1_decode_generalstring(&seqbuf, + &((*val)->data[size-1].length), + &((*val)->data[size-1].data)); + if (retval) return retval; + } + (*val)->length = size; + end_sequence_of_no_tagvars(&subbuf); + } + if (indef) { + get_eoc(); + } + next_tag(); + end_structure(); + (*val)->magic = KV5M_PRINCIPAL; } - next_tag(); - end_structure(); - (*val)->magic = KV5M_PRINCIPAL; - } - cleanup(); + cleanup(); } asn1_error_code asn1_decode_checksum(asn1buf *buf, krb5_checksum *val) { - setup(); - { begin_structure(); - get_field(val->checksum_type,0,asn1_decode_cksumtype); - get_lenfield(val->length,val->contents,1,asn1_decode_octetstring); - end_structure(); - val->magic = KV5M_CHECKSUM; - } - cleanup(); + setup(); + { begin_structure(); + get_field(val->checksum_type,0,asn1_decode_cksumtype); + get_lenfield(val->length,val->contents,1,asn1_decode_octetstring); + end_structure(); + val->magic = KV5M_CHECKSUM; + } + cleanup(); } asn1_error_code asn1_decode_encryption_key(asn1buf *buf, krb5_keyblock *val) { - setup(); - { begin_structure(); - get_field(val->enctype,0,asn1_decode_enctype); - get_lenfield(val->length,val->contents,1,asn1_decode_octetstring); - end_structure(); - val->magic = KV5M_KEYBLOCK; - } - cleanup(); + setup(); + { begin_structure(); + get_field(val->enctype,0,asn1_decode_enctype); + get_lenfield(val->length,val->contents,1,asn1_decode_octetstring); + end_structure(); + val->magic = KV5M_KEYBLOCK; + } + cleanup(); } asn1_error_code asn1_decode_encrypted_data(asn1buf *buf, krb5_enc_data *val) { - setup(); - { begin_structure(); - get_field(val->enctype,0,asn1_decode_enctype); - opt_field(val->kvno,1,asn1_decode_kvno,0); - get_lenfield(val->ciphertext.length,val->ciphertext.data,2,asn1_decode_charstring); - end_structure(); - val->magic = KV5M_ENC_DATA; - } - cleanup(); + setup(); + { begin_structure(); + get_field(val->enctype,0,asn1_decode_enctype); + opt_field(val->kvno,1,asn1_decode_kvno,0); + get_lenfield(val->ciphertext.length,val->ciphertext.data,2,asn1_decode_charstring); + end_structure(); + val->magic = KV5M_ENC_DATA; + } + cleanup(); } asn1_error_code asn1_decode_krb5_flags(asn1buf *buf, krb5_flags *val) { - asn1_error_code retval; - asn1_octet unused, o; - taginfo t; - unsigned int i; - krb5_flags f=0; - unsigned int length; + asn1_error_code retval; + asn1_octet unused, o; + taginfo t; + unsigned int i; + krb5_flags f=0; + unsigned int length; - retval = asn1_get_tag_2(buf, &t); - if (retval) return retval; - if (t.asn1class != UNIVERSAL || t.construction != PRIMITIVE || - t.tagnum != ASN1_BITSTRING) - return ASN1_BAD_ID; - length = t.length; - - retval = asn1buf_remove_octet(buf,&unused); /* # of padding bits */ - if(retval) return retval; - - /* Number of unused bits must be between 0 and 7. */ - if (unused > 7) return ASN1_BAD_FORMAT; - length--; - - for(i = 0; i < length; i++) { - retval = asn1buf_remove_octet(buf,&o); - if(retval) return retval; - /* ignore bits past number 31 */ - if (i < 4) - f = (f<<8) | ((krb5_flags)o&0xFF); - } - if (length <= 4) { - /* Mask out unused bits, but only if necessary. */ - f &= ~(krb5_flags)0 << unused; - } - /* left-justify */ - if (length < 4) - f <<= (4 - length) * 8; - *val = f; - return 0; + retval = asn1_get_tag_2(buf, &t); + if (retval) return retval; + if (t.asn1class != UNIVERSAL || t.construction != PRIMITIVE || + t.tagnum != ASN1_BITSTRING) + return ASN1_BAD_ID; + length = t.length; + + retval = asn1buf_remove_octet(buf,&unused); /* # of padding bits */ + if (retval) return retval; + + /* Number of unused bits must be between 0 and 7. */ + if (unused > 7) return ASN1_BAD_FORMAT; + length--; + + for (i = 0; i < length; i++) { + retval = asn1buf_remove_octet(buf,&o); + if (retval) return retval; + /* ignore bits past number 31 */ + if (i < 4) + f = (f<<8) | ((krb5_flags)o&0xFF); + } + if (length <= 4) { + /* Mask out unused bits, but only if necessary. */ + f &= ~(krb5_flags)0 << unused; + } + /* left-justify */ + if (length < 4) + f <<= (4 - length) * 8; + *val = f; + return 0; } asn1_error_code asn1_decode_ticket_flags(asn1buf *buf, krb5_flags *val) @@ -549,188 +549,188 @@ asn1_error_code asn1_decode_kdc_options(asn1buf *buf, krb5_flags *val) asn1_error_code asn1_decode_transited_encoding(asn1buf *buf, krb5_transited *val) { - setup(); - { begin_structure(); - get_field(val->tr_type,0,asn1_decode_octet); - get_lenfield(val->tr_contents.length,val->tr_contents.data,1,asn1_decode_charstring); - end_structure(); - val->magic = KV5M_TRANSITED; - } - cleanup(); + setup(); + { begin_structure(); + get_field(val->tr_type,0,asn1_decode_octet); + get_lenfield(val->tr_contents.length,val->tr_contents.data,1,asn1_decode_charstring); + end_structure(); + val->magic = KV5M_TRANSITED; + } + cleanup(); } asn1_error_code asn1_decode_enc_kdc_rep_part(asn1buf *buf, krb5_enc_kdc_rep_part *val) { - setup(); - { begin_structure(); - alloc_field(val->session,krb5_keyblock); - get_field(*(val->session),0,asn1_decode_encryption_key); - get_field(val->last_req,1,asn1_decode_last_req); - get_field(val->nonce,2,asn1_decode_int32); - opt_field(val->key_exp,3,asn1_decode_kerberos_time,0); - get_field(val->flags,4,asn1_decode_ticket_flags); - get_field(val->times.authtime,5,asn1_decode_kerberos_time); - /* Set to authtime if missing */ - opt_field(val->times.starttime,6,asn1_decode_kerberos_time,val->times.authtime); - get_field(val->times.endtime,7,asn1_decode_kerberos_time); - opt_field(val->times.renew_till,8,asn1_decode_kerberos_time,0); - alloc_field(val->server,krb5_principal_data); - get_field(val->server,9,asn1_decode_realm); - get_field(val->server,10,asn1_decode_principal_name); - opt_field(val->caddrs,11,asn1_decode_host_addresses,NULL); - end_structure(); - val->magic = KV5M_ENC_KDC_REP_PART; - } - cleanup(); + setup(); + { begin_structure(); + alloc_field(val->session,krb5_keyblock); + get_field(*(val->session),0,asn1_decode_encryption_key); + get_field(val->last_req,1,asn1_decode_last_req); + get_field(val->nonce,2,asn1_decode_int32); + opt_field(val->key_exp,3,asn1_decode_kerberos_time,0); + get_field(val->flags,4,asn1_decode_ticket_flags); + get_field(val->times.authtime,5,asn1_decode_kerberos_time); + /* Set to authtime if missing */ + opt_field(val->times.starttime,6,asn1_decode_kerberos_time,val->times.authtime); + get_field(val->times.endtime,7,asn1_decode_kerberos_time); + opt_field(val->times.renew_till,8,asn1_decode_kerberos_time,0); + alloc_field(val->server,krb5_principal_data); + get_field(val->server,9,asn1_decode_realm); + get_field(val->server,10,asn1_decode_principal_name); + opt_field(val->caddrs,11,asn1_decode_host_addresses,NULL); + end_structure(); + val->magic = KV5M_ENC_KDC_REP_PART; + } + cleanup(); } asn1_error_code asn1_decode_ticket(asn1buf *buf, krb5_ticket *val) { - setup(); - unsigned int applen; - apptag(1); - { begin_structure(); - { krb5_kvno vno; - get_field(vno,0,asn1_decode_kvno); - if(vno != KVNO) return KRB5KDC_ERR_BAD_PVNO; } - alloc_field(val->server,krb5_principal_data); - get_field(val->server,1,asn1_decode_realm); - get_field(val->server,2,asn1_decode_principal_name); - get_field(val->enc_part,3,asn1_decode_encrypted_data); - end_structure(); - val->magic = KV5M_TICKET; - } - if (!applen) { - taginfo t; - retval = asn1_get_tag_2(buf, &t); - if (retval) return retval; - } - cleanup(); + setup(); + unsigned int applen; + apptag(1); + { begin_structure(); + { krb5_kvno vno; + get_field(vno,0,asn1_decode_kvno); + if (vno != KVNO) return KRB5KDC_ERR_BAD_PVNO; } + alloc_field(val->server,krb5_principal_data); + get_field(val->server,1,asn1_decode_realm); + get_field(val->server,2,asn1_decode_principal_name); + get_field(val->enc_part,3,asn1_decode_encrypted_data); + end_structure(); + val->magic = KV5M_TICKET; + } + if (!applen) { + taginfo t; + retval = asn1_get_tag_2(buf, &t); + if (retval) return retval; + } + cleanup(); } asn1_error_code asn1_decode_kdc_req(asn1buf *buf, krb5_kdc_req *val) { - setup(); - { begin_structure(); - { krb5_kvno kvno; - get_field(kvno,1,asn1_decode_kvno); - if(kvno != KVNO) return KRB5KDC_ERR_BAD_PVNO; } - get_field(val->msg_type,2,asn1_decode_msgtype); - opt_field(val->padata,3,asn1_decode_sequence_of_pa_data,NULL); - get_field(*val,4,asn1_decode_kdc_req_body); - end_structure(); - val->magic = KV5M_KDC_REQ; - } - cleanup(); + setup(); + { begin_structure(); + { krb5_kvno kvno; + get_field(kvno,1,asn1_decode_kvno); + if (kvno != KVNO) return KRB5KDC_ERR_BAD_PVNO; } + get_field(val->msg_type,2,asn1_decode_msgtype); + opt_field(val->padata,3,asn1_decode_sequence_of_pa_data,NULL); + get_field(*val,4,asn1_decode_kdc_req_body); + end_structure(); + val->magic = KV5M_KDC_REQ; + } + cleanup(); } asn1_error_code asn1_decode_kdc_req_body(asn1buf *buf, krb5_kdc_req *val) { - setup(); - { - krb5_principal psave; - begin_structure(); - get_field(val->kdc_options,0,asn1_decode_kdc_options); - if(tagnum == 1){ alloc_field(val->client,krb5_principal_data); } - opt_field(val->client,1,asn1_decode_principal_name,NULL); - alloc_field(val->server,krb5_principal_data); - get_field(val->server,2,asn1_decode_realm); - if(val->client != NULL){ - retval = asn1_krb5_realm_copy(val->client,val->server); - if(retval) return retval; } - - /* If opt_field server is missing, memory reference to server is - lost and results in memory leak */ - psave = val->server; - opt_field(val->server,3,asn1_decode_principal_name,NULL); - if(val->server == NULL){ - if(psave->realm.data) { - free(psave->realm.data); - psave->realm.data = NULL; - psave->realm.length=0; - } - free(psave); - } - opt_field(val->from,4,asn1_decode_kerberos_time,0); - get_field(val->till,5,asn1_decode_kerberos_time); - opt_field(val->rtime,6,asn1_decode_kerberos_time,0); - get_field(val->nonce,7,asn1_decode_int32); - get_lenfield(val->nktypes,val->ktype,8,asn1_decode_sequence_of_enctype); - opt_field(val->addresses,9,asn1_decode_host_addresses,0); - if(tagnum == 10){ - get_field(val->authorization_data,10,asn1_decode_encrypted_data); } - else{ - val->authorization_data.magic = KV5M_ENC_DATA; - val->authorization_data.enctype = 0; - val->authorization_data.kvno = 0; - val->authorization_data.ciphertext.data = NULL; - val->authorization_data.ciphertext.length = 0; + setup(); + { + krb5_principal psave; + begin_structure(); + get_field(val->kdc_options,0,asn1_decode_kdc_options); + if (tagnum == 1) { alloc_field(val->client,krb5_principal_data); } + opt_field(val->client,1,asn1_decode_principal_name,NULL); + alloc_field(val->server,krb5_principal_data); + get_field(val->server,2,asn1_decode_realm); + if (val->client != NULL) { + retval = asn1_krb5_realm_copy(val->client,val->server); + if (retval) return retval; } + + /* If opt_field server is missing, memory reference to server is + lost and results in memory leak */ + psave = val->server; + opt_field(val->server,3,asn1_decode_principal_name,NULL); + if (val->server == NULL) { + if (psave->realm.data) { + free(psave->realm.data); + psave->realm.data = NULL; + psave->realm.length=0; + } + free(psave); + } + opt_field(val->from,4,asn1_decode_kerberos_time,0); + get_field(val->till,5,asn1_decode_kerberos_time); + opt_field(val->rtime,6,asn1_decode_kerberos_time,0); + get_field(val->nonce,7,asn1_decode_int32); + get_lenfield(val->nktypes,val->ktype,8,asn1_decode_sequence_of_enctype); + opt_field(val->addresses,9,asn1_decode_host_addresses,0); + if (tagnum == 10) { + get_field(val->authorization_data,10,asn1_decode_encrypted_data); } + else { + val->authorization_data.magic = KV5M_ENC_DATA; + val->authorization_data.enctype = 0; + val->authorization_data.kvno = 0; + val->authorization_data.ciphertext.data = NULL; + val->authorization_data.ciphertext.length = 0; + } + opt_field(val->second_ticket,11,asn1_decode_sequence_of_ticket,NULL); + end_structure(); + val->magic = KV5M_KDC_REQ; } - opt_field(val->second_ticket,11,asn1_decode_sequence_of_ticket,NULL); - end_structure(); - val->magic = KV5M_KDC_REQ; - } - cleanup(); + cleanup(); } asn1_error_code asn1_decode_krb_safe_body(asn1buf *buf, krb5_safe *val) { - setup(); - { begin_structure(); - get_lenfield(val->user_data.length,val->user_data.data,0,asn1_decode_charstring); - opt_field(val->timestamp,1,asn1_decode_kerberos_time,0); - opt_field(val->usec,2,asn1_decode_int32,0); - opt_field(val->seq_number,3,asn1_decode_seqnum,0); - alloc_field(val->s_address,krb5_address); - get_field(*(val->s_address),4,asn1_decode_host_address); - if(tagnum == 5){ - alloc_field(val->r_address,krb5_address); - get_field(*(val->r_address),5,asn1_decode_host_address); - } else val->r_address = NULL; - end_structure(); - val->magic = KV5M_SAFE; - } - cleanup(); + setup(); + { begin_structure(); + get_lenfield(val->user_data.length,val->user_data.data,0,asn1_decode_charstring); + opt_field(val->timestamp,1,asn1_decode_kerberos_time,0); + opt_field(val->usec,2,asn1_decode_int32,0); + opt_field(val->seq_number,3,asn1_decode_seqnum,0); + alloc_field(val->s_address,krb5_address); + get_field(*(val->s_address),4,asn1_decode_host_address); + if (tagnum == 5) { + alloc_field(val->r_address,krb5_address); + get_field(*(val->r_address),5,asn1_decode_host_address); + } else val->r_address = NULL; + end_structure(); + val->magic = KV5M_SAFE; + } + cleanup(); } asn1_error_code asn1_decode_host_address(asn1buf *buf, krb5_address *val) { - setup(); - { begin_structure(); - get_field(val->addrtype,0,asn1_decode_addrtype); - get_lenfield(val->length,val->contents,1,asn1_decode_octetstring); - end_structure(); - val->magic = KV5M_ADDRESS; - } - cleanup(); + setup(); + { begin_structure(); + get_field(val->addrtype,0,asn1_decode_addrtype); + get_lenfield(val->length,val->contents,1,asn1_decode_octetstring); + end_structure(); + val->magic = KV5M_ADDRESS; + } + cleanup(); } asn1_error_code asn1_decode_kdc_rep(asn1buf *buf, krb5_kdc_rep *val) { - setup(); - { begin_structure(); - { krb5_kvno pvno; - get_field(pvno,0,asn1_decode_kvno); - if(pvno != KVNO) return KRB5KDC_ERR_BAD_PVNO; } - get_field(val->msg_type,1,asn1_decode_msgtype); - opt_field(val->padata,2,asn1_decode_sequence_of_pa_data,NULL); - alloc_field(val->client,krb5_principal_data); - get_field(val->client,3,asn1_decode_realm); - get_field(val->client,4,asn1_decode_principal_name); - alloc_field(val->ticket,krb5_ticket); - get_field(*(val->ticket),5,asn1_decode_ticket); - get_field(val->enc_part,6,asn1_decode_encrypted_data); - end_structure(); - val->magic = KV5M_KDC_REP; - } - cleanup(); + setup(); + { begin_structure(); + { krb5_kvno pvno; + get_field(pvno,0,asn1_decode_kvno); + if (pvno != KVNO) return KRB5KDC_ERR_BAD_PVNO; } + get_field(val->msg_type,1,asn1_decode_msgtype); + opt_field(val->padata,2,asn1_decode_sequence_of_pa_data,NULL); + alloc_field(val->client,krb5_principal_data); + get_field(val->client,3,asn1_decode_realm); + get_field(val->client,4,asn1_decode_principal_name); + alloc_field(val->ticket,krb5_ticket); + get_field(*(val->ticket),5,asn1_decode_ticket); + get_field(val->enc_part,6,asn1_decode_encrypted_data); + end_structure(); + val->magic = KV5M_KDC_REP; + } + cleanup(); } /* arrays */ #define get_element(element,decoder)\ retval = decoder(&seqbuf,element);\ -if(retval) return retval +if (retval) return retval static void * array_expand (void *array, int n_elts, size_t elt_size) @@ -754,7 +754,7 @@ array_expand (void *array, int n_elts, size_t elt_size) #define array_append(array,size,element,type)\ size++;\ *(array) = array_expand(*(array), (size+1), sizeof(type*));\ -if(*(array) == NULL) return ENOMEM;\ +if (*(array) == NULL) return ENOMEM;\ (*(array))[(size)-1] = elt #define decode_array_body(type,decoder)\ @@ -762,7 +762,7 @@ if(*(array) == NULL) return ENOMEM;\ type *elt;\ \ { sequence_of(buf);\ - while(asn1buf_remains(&seqbuf,seqofindef) > 0){\ + while (asn1buf_remains(&seqbuf,seqofindef) > 0) {\ alloc_field(elt,type);\ get_element(elt,decoder);\ array_append(val,size,elt,type);\ @@ -777,204 +777,204 @@ if(*(array) == NULL) return ENOMEM;\ asn1_error_code asn1_decode_authorization_data(asn1buf *buf, krb5_authdata ***val) { - decode_array_body(krb5_authdata,asn1_decode_authdata_elt); + decode_array_body(krb5_authdata,asn1_decode_authdata_elt); } asn1_error_code asn1_decode_authdata_elt(asn1buf *buf, krb5_authdata *val) { - setup(); - { begin_structure(); - get_field(val->ad_type,0,asn1_decode_authdatatype); - get_lenfield(val->length,val->contents,1,asn1_decode_octetstring); - end_structure(); - val->magic = KV5M_AUTHDATA; - } - cleanup(); + setup(); + { begin_structure(); + get_field(val->ad_type,0,asn1_decode_authdatatype); + get_lenfield(val->length,val->contents,1,asn1_decode_octetstring); + end_structure(); + val->magic = KV5M_AUTHDATA; + } + cleanup(); } asn1_error_code asn1_decode_host_addresses(asn1buf *buf, krb5_address ***val) { - decode_array_body(krb5_address,asn1_decode_host_address); + decode_array_body(krb5_address,asn1_decode_host_address); } asn1_error_code asn1_decode_sequence_of_ticket(asn1buf *buf, krb5_ticket ***val) { - decode_array_body(krb5_ticket,asn1_decode_ticket); + decode_array_body(krb5_ticket,asn1_decode_ticket); } asn1_error_code asn1_decode_sequence_of_krb_cred_info(asn1buf *buf, krb5_cred_info ***val) { - decode_array_body(krb5_cred_info,asn1_decode_krb_cred_info); + decode_array_body(krb5_cred_info,asn1_decode_krb_cred_info); } asn1_error_code asn1_decode_krb_cred_info(asn1buf *buf, krb5_cred_info *val) { - setup(); - { begin_structure(); - alloc_field(val->session,krb5_keyblock); - get_field(*(val->session),0,asn1_decode_encryption_key); - if(tagnum == 1){ - alloc_field(val->client,krb5_principal_data); - opt_field(val->client,1,asn1_decode_realm,NULL); - opt_field(val->client,2,asn1_decode_principal_name,NULL); } - opt_field(val->flags,3,asn1_decode_ticket_flags,0); - opt_field(val->times.authtime,4,asn1_decode_kerberos_time,0); - opt_field(val->times.starttime,5,asn1_decode_kerberos_time,0); - opt_field(val->times.endtime,6,asn1_decode_kerberos_time,0); - opt_field(val->times.renew_till,7,asn1_decode_kerberos_time,0); - if(tagnum == 8){ - alloc_field(val->server,krb5_principal_data); - opt_field(val->server,8,asn1_decode_realm,NULL); - opt_field(val->server,9,asn1_decode_principal_name,NULL); } - opt_field(val->caddrs,10,asn1_decode_host_addresses,NULL); - end_structure(); - val->magic = KV5M_CRED_INFO; - } - cleanup(); + setup(); + { begin_structure(); + alloc_field(val->session,krb5_keyblock); + get_field(*(val->session),0,asn1_decode_encryption_key); + if (tagnum == 1) { + alloc_field(val->client,krb5_principal_data); + opt_field(val->client,1,asn1_decode_realm,NULL); + opt_field(val->client,2,asn1_decode_principal_name,NULL); } + opt_field(val->flags,3,asn1_decode_ticket_flags,0); + opt_field(val->times.authtime,4,asn1_decode_kerberos_time,0); + opt_field(val->times.starttime,5,asn1_decode_kerberos_time,0); + opt_field(val->times.endtime,6,asn1_decode_kerberos_time,0); + opt_field(val->times.renew_till,7,asn1_decode_kerberos_time,0); + if (tagnum == 8) { + alloc_field(val->server,krb5_principal_data); + opt_field(val->server,8,asn1_decode_realm,NULL); + opt_field(val->server,9,asn1_decode_principal_name,NULL); } + opt_field(val->caddrs,10,asn1_decode_host_addresses,NULL); + end_structure(); + val->magic = KV5M_CRED_INFO; + } + cleanup(); } asn1_error_code asn1_decode_sequence_of_pa_data(asn1buf *buf, krb5_pa_data ***val) { - decode_array_body(krb5_pa_data,asn1_decode_pa_data); + decode_array_body(krb5_pa_data,asn1_decode_pa_data); } asn1_error_code asn1_decode_pa_data(asn1buf *buf, krb5_pa_data *val) { - setup(); - { begin_structure(); - get_field(val->pa_type,1,asn1_decode_int32); - get_lenfield(val->length,val->contents,2,asn1_decode_octetstring); - end_structure(); - val->magic = KV5M_PA_DATA; - } - cleanup(); + setup(); + { begin_structure(); + get_field(val->pa_type,1,asn1_decode_int32); + get_lenfield(val->length,val->contents,2,asn1_decode_octetstring); + end_structure(); + val->magic = KV5M_PA_DATA; + } + cleanup(); } asn1_error_code asn1_decode_last_req(asn1buf *buf, krb5_last_req_entry ***val) { - decode_array_body(krb5_last_req_entry,asn1_decode_last_req_entry); + decode_array_body(krb5_last_req_entry,asn1_decode_last_req_entry); } asn1_error_code asn1_decode_last_req_entry(asn1buf *buf, krb5_last_req_entry *val) { - setup(); - { begin_structure(); - get_field(val->lr_type,0,asn1_decode_int32); - get_field(val->value,1,asn1_decode_kerberos_time); - end_structure(); - val->magic = KV5M_LAST_REQ_ENTRY; + setup(); + { begin_structure(); + get_field(val->lr_type,0,asn1_decode_int32); + get_field(val->value,1,asn1_decode_kerberos_time); + end_structure(); + val->magic = KV5M_LAST_REQ_ENTRY; #ifdef KRB5_GENEROUS_LR_TYPE - /* If we are only a single byte wide and negative - fill in the - other bits */ - if((val->lr_type & 0xffffff80U) == 0x80) val->lr_type |= 0xffffff00U; + /* If we are only a single byte wide and negative - fill in the + other bits */ + if ((val->lr_type & 0xffffff80U) == 0x80) val->lr_type |= 0xffffff00U; #endif - } - cleanup(); + } + cleanup(); } asn1_error_code asn1_decode_sequence_of_enctype(asn1buf *buf, int *num, krb5_enctype **val) { - asn1_error_code retval; - { sequence_of(buf); - while(asn1buf_remains(&seqbuf,seqofindef) > 0){ - size++; - if (*val == NULL) - *val = (krb5_enctype*)malloc(size*sizeof(krb5_enctype)); - else - *val = (krb5_enctype*)realloc(*val,size*sizeof(krb5_enctype)); - if(*val == NULL) return ENOMEM; - retval = asn1_decode_enctype(&seqbuf,&((*val)[size-1])); - if(retval) return retval; + asn1_error_code retval; + { sequence_of(buf); + while (asn1buf_remains(&seqbuf,seqofindef) > 0) { + size++; + if (*val == NULL) + *val = (krb5_enctype*)malloc(size*sizeof(krb5_enctype)); + else + *val = (krb5_enctype*)realloc(*val,size*sizeof(krb5_enctype)); + if (*val == NULL) return ENOMEM; + retval = asn1_decode_enctype(&seqbuf,&((*val)[size-1])); + if (retval) return retval; + } + *num = size; + end_sequence_of(buf); } - *num = size; - end_sequence_of(buf); - } - cleanup(); + cleanup(); } asn1_error_code asn1_decode_sequence_of_checksum(asn1buf *buf, krb5_checksum ***val) { - decode_array_body(krb5_checksum, asn1_decode_checksum); + decode_array_body(krb5_checksum, asn1_decode_checksum); } static asn1_error_code asn1_decode_etype_info2_entry(asn1buf *buf, krb5_etype_info_entry *val ) { - setup(); - { begin_structure(); - get_field(val->etype,0,asn1_decode_enctype); - if (tagnum == 1) { - char *salt; - get_lenfield(val->length,salt,1,asn1_decode_generalstring); - val->salt = (krb5_octet *) salt; - } else { + setup(); + { begin_structure(); + get_field(val->etype,0,asn1_decode_enctype); + if (tagnum == 1) { + char *salt; + get_lenfield(val->length,salt,1,asn1_decode_generalstring); + val->salt = (krb5_octet *) salt; + } else { val->length = KRB5_ETYPE_NO_SALT; val->salt = 0; + } + if ( tagnum ==2) { + krb5_octet *params ; + get_lenfield( val->s2kparams.length, params, + 2, asn1_decode_octetstring); + val->s2kparams.data = ( char *) params; + } else { + val->s2kparams.data = NULL; + val->s2kparams.length = 0; + } + end_structure(); + val->magic = KV5M_ETYPE_INFO_ENTRY; } - if ( tagnum ==2) { - krb5_octet *params ; - get_lenfield( val->s2kparams.length, params, - 2, asn1_decode_octetstring); - val->s2kparams.data = ( char *) params; - } else { - val->s2kparams.data = NULL; - val->s2kparams.length = 0; - } - end_structure(); - val->magic = KV5M_ETYPE_INFO_ENTRY; - } - cleanup(); + cleanup(); } static asn1_error_code asn1_decode_etype_info2_entry_1_3(asn1buf *buf, krb5_etype_info_entry *val ) { - setup(); - { begin_structure(); - get_field(val->etype,0,asn1_decode_enctype); - if (tagnum == 1) { + setup(); + { begin_structure(); + get_field(val->etype,0,asn1_decode_enctype); + if (tagnum == 1) { get_lenfield(val->length,val->salt,1,asn1_decode_octetstring); - } else { + } else { val->length = KRB5_ETYPE_NO_SALT; val->salt = 0; + } + if ( tagnum ==2) { + krb5_octet *params ; + get_lenfield( val->s2kparams.length, params, + 2, asn1_decode_octetstring); + val->s2kparams.data = ( char *) params; + } else { + val->s2kparams.data = NULL; + val->s2kparams.length = 0; + } + end_structure(); + val->magic = KV5M_ETYPE_INFO_ENTRY; } - if ( tagnum ==2) { - krb5_octet *params ; - get_lenfield( val->s2kparams.length, params, - 2, asn1_decode_octetstring); - val->s2kparams.data = ( char *) params; - } else { - val->s2kparams.data = NULL; - val->s2kparams.length = 0; - } - end_structure(); - val->magic = KV5M_ETYPE_INFO_ENTRY; - } - cleanup(); + cleanup(); } static asn1_error_code asn1_decode_etype_info_entry(asn1buf *buf, krb5_etype_info_entry *val ) { - setup(); - { begin_structure(); - get_field(val->etype,0,asn1_decode_enctype); - if (tagnum == 1) { + setup(); + { begin_structure(); + get_field(val->etype,0,asn1_decode_enctype); + if (tagnum == 1) { get_lenfield(val->length,val->salt,1,asn1_decode_octetstring); - } else { + } else { val->length = KRB5_ETYPE_NO_SALT; val->salt = 0; - } - val->s2kparams.data = NULL; - val->s2kparams.length = 0; + } + val->s2kparams.data = NULL; + val->s2kparams.length = 0; - end_structure(); - val->magic = KV5M_ETYPE_INFO_ENTRY; - } - cleanup(); + end_structure(); + val->magic = KV5M_ETYPE_INFO_ENTRY; + } + cleanup(); } asn1_error_code asn1_decode_etype_info(asn1buf *buf, krb5_etype_info_entry ***val ) { - decode_array_body(krb5_etype_info_entry,asn1_decode_etype_info_entry); + decode_array_body(krb5_etype_info_entry,asn1_decode_etype_info_entry); } asn1_error_code asn1_decode_etype_info2(asn1buf *buf, krb5_etype_info_entry ***val , @@ -991,25 +991,25 @@ asn1_error_code asn1_decode_etype_info2(asn1buf *buf, krb5_etype_info_entry ***v asn1_error_code asn1_decode_passwdsequence(asn1buf *buf, passwd_phrase_element *val) { - setup(); - { begin_structure(); - alloc_field(val->passwd,krb5_data); - get_lenfield(val->passwd->length,val->passwd->data, - 0,asn1_decode_charstring); - val->passwd->magic = KV5M_DATA; - alloc_field(val->phrase,krb5_data); - get_lenfield(val->phrase->length,val->phrase->data, - 1,asn1_decode_charstring); - val->phrase->magic = KV5M_DATA; - end_structure(); - val->magic = KV5M_PASSWD_PHRASE_ELEMENT; - } - cleanup(); + setup(); + { begin_structure(); + alloc_field(val->passwd,krb5_data); + get_lenfield(val->passwd->length,val->passwd->data, + 0,asn1_decode_charstring); + val->passwd->magic = KV5M_DATA; + alloc_field(val->phrase,krb5_data); + get_lenfield(val->phrase->length,val->phrase->data, + 1,asn1_decode_charstring); + val->phrase->magic = KV5M_DATA; + end_structure(); + val->magic = KV5M_PASSWD_PHRASE_ELEMENT; + } + cleanup(); } asn1_error_code asn1_decode_sequence_of_passwdsequence(asn1buf *buf, passwd_phrase_element ***val) { - decode_array_body(passwd_phrase_element,asn1_decode_passwdsequence); + decode_array_body(passwd_phrase_element,asn1_decode_passwdsequence); } asn1_error_code asn1_decode_sam_flags(asn1buf *buf, krb5_flags *val) @@ -1017,116 +1017,116 @@ asn1_error_code asn1_decode_sam_flags(asn1buf *buf, krb5_flags *val) #define opt_string(val,n,fn) opt_lenfield((val).length,(val).data,n,fn) #define opt_cksum(var,tagexpect,decoder)\ -if(tagnum == (tagexpect)){\ +if (tagnum == (tagexpect)) {\ get_field_body(var,decoder); }\ else var.length = 0 asn1_error_code asn1_decode_sam_challenge(asn1buf *buf, krb5_sam_challenge *val) { - setup(); - { begin_structure(); - get_field(val->sam_type,0,asn1_decode_int32); - get_field(val->sam_flags,1,asn1_decode_sam_flags); - opt_string(val->sam_type_name,2,asn1_decode_charstring); - opt_string(val->sam_track_id,3,asn1_decode_charstring); - opt_string(val->sam_challenge_label,4,asn1_decode_charstring); - opt_string(val->sam_challenge,5,asn1_decode_charstring); - opt_string(val->sam_response_prompt,6,asn1_decode_charstring); - opt_string(val->sam_pk_for_sad,7,asn1_decode_charstring); - opt_field(val->sam_nonce,8,asn1_decode_int32,0); - opt_cksum(val->sam_cksum,9,asn1_decode_checksum); - end_structure(); - val->magic = KV5M_SAM_CHALLENGE; - } - cleanup(); + setup(); + { begin_structure(); + get_field(val->sam_type,0,asn1_decode_int32); + get_field(val->sam_flags,1,asn1_decode_sam_flags); + opt_string(val->sam_type_name,2,asn1_decode_charstring); + opt_string(val->sam_track_id,3,asn1_decode_charstring); + opt_string(val->sam_challenge_label,4,asn1_decode_charstring); + opt_string(val->sam_challenge,5,asn1_decode_charstring); + opt_string(val->sam_response_prompt,6,asn1_decode_charstring); + opt_string(val->sam_pk_for_sad,7,asn1_decode_charstring); + opt_field(val->sam_nonce,8,asn1_decode_int32,0); + opt_cksum(val->sam_cksum,9,asn1_decode_checksum); + end_structure(); + val->magic = KV5M_SAM_CHALLENGE; + } + cleanup(); } asn1_error_code asn1_decode_sam_challenge_2(asn1buf *buf, krb5_sam_challenge_2 *val) { - setup(); - { char *save, *end; - size_t alloclen; - begin_structure(); - if (tagnum != 0) return ASN1_MISSING_FIELD; - if (asn1class != CONTEXT_SPECIFIC || construction != CONSTRUCTED) - return ASN1_BAD_ID; - save = subbuf.next; - { sequence_of_no_tagvars(&subbuf); - unused_var(size); - end_sequence_of_no_tagvars(&subbuf); + setup(); + { char *save, *end; + size_t alloclen; + begin_structure(); + if (tagnum != 0) return ASN1_MISSING_FIELD; + if (asn1class != CONTEXT_SPECIFIC || construction != CONSTRUCTED) + return ASN1_BAD_ID; + save = subbuf.next; + { sequence_of_no_tagvars(&subbuf); + unused_var(size); + end_sequence_of_no_tagvars(&subbuf); + } + end = subbuf.next; + alloclen = end - save; + if ((val->sam_challenge_2_body.data = (char *) malloc(alloclen)) == NULL) + return ENOMEM; + val->sam_challenge_2_body.length = alloclen; + memcpy(val->sam_challenge_2_body.data, save, alloclen); + next_tag(); + get_field(val->sam_cksum, 1, asn1_decode_sequence_of_checksum); + end_structure(); } - end = subbuf.next; - alloclen = end - save; - if ((val->sam_challenge_2_body.data = (char *) malloc(alloclen)) == NULL) - return ENOMEM; - val->sam_challenge_2_body.length = alloclen; - memcpy(val->sam_challenge_2_body.data, save, alloclen); - next_tag(); - get_field(val->sam_cksum, 1, asn1_decode_sequence_of_checksum); - end_structure(); - } - cleanup(); + cleanup(); } asn1_error_code asn1_decode_sam_challenge_2_body(asn1buf *buf, krb5_sam_challenge_2_body *val) { - setup(); - { begin_structure(); - get_field(val->sam_type,0,asn1_decode_int32); - get_field(val->sam_flags,1,asn1_decode_sam_flags); - opt_string(val->sam_type_name,2,asn1_decode_charstring); - opt_string(val->sam_track_id,3,asn1_decode_charstring); - opt_string(val->sam_challenge_label,4,asn1_decode_charstring); - opt_string(val->sam_challenge,5,asn1_decode_charstring); - opt_string(val->sam_response_prompt,6,asn1_decode_charstring); - opt_string(val->sam_pk_for_sad,7,asn1_decode_charstring); - get_field(val->sam_nonce,8,asn1_decode_int32); - get_field(val->sam_etype, 9, asn1_decode_int32); - end_structure(); - val->magic = KV5M_SAM_CHALLENGE; - } - cleanup(); + setup(); + { begin_structure(); + get_field(val->sam_type,0,asn1_decode_int32); + get_field(val->sam_flags,1,asn1_decode_sam_flags); + opt_string(val->sam_type_name,2,asn1_decode_charstring); + opt_string(val->sam_track_id,3,asn1_decode_charstring); + opt_string(val->sam_challenge_label,4,asn1_decode_charstring); + opt_string(val->sam_challenge,5,asn1_decode_charstring); + opt_string(val->sam_response_prompt,6,asn1_decode_charstring); + opt_string(val->sam_pk_for_sad,7,asn1_decode_charstring); + get_field(val->sam_nonce,8,asn1_decode_int32); + get_field(val->sam_etype, 9, asn1_decode_int32); + end_structure(); + val->magic = KV5M_SAM_CHALLENGE; + } + cleanup(); } asn1_error_code asn1_decode_enc_sam_key(asn1buf *buf, krb5_sam_key *val) { - setup(); - { begin_structure(); - /* alloc_field(val->sam_key,krb5_keyblock); */ - get_field(val->sam_key,0,asn1_decode_encryption_key); - end_structure(); - val->magic = KV5M_SAM_KEY; - } - cleanup(); + setup(); + { begin_structure(); + /* alloc_field(val->sam_key,krb5_keyblock); */ + get_field(val->sam_key,0,asn1_decode_encryption_key); + end_structure(); + val->magic = KV5M_SAM_KEY; + } + cleanup(); } asn1_error_code asn1_decode_enc_sam_response_enc(asn1buf *buf, krb5_enc_sam_response_enc *val) { - setup(); - { begin_structure(); - opt_field(val->sam_nonce,0,asn1_decode_int32,0); - opt_field(val->sam_timestamp,1,asn1_decode_kerberos_time,0); - opt_field(val->sam_usec,2,asn1_decode_int32,0); - opt_string(val->sam_sad,3,asn1_decode_charstring); - end_structure(); - val->magic = KV5M_ENC_SAM_RESPONSE_ENC; - } - cleanup(); + setup(); + { begin_structure(); + opt_field(val->sam_nonce,0,asn1_decode_int32,0); + opt_field(val->sam_timestamp,1,asn1_decode_kerberos_time,0); + opt_field(val->sam_usec,2,asn1_decode_int32,0); + opt_string(val->sam_sad,3,asn1_decode_charstring); + end_structure(); + val->magic = KV5M_ENC_SAM_RESPONSE_ENC; + } + cleanup(); } asn1_error_code asn1_decode_enc_sam_response_enc_2(asn1buf *buf, krb5_enc_sam_response_enc_2 *val) { - setup(); - { begin_structure(); - get_field(val->sam_nonce,0,asn1_decode_int32); - opt_string(val->sam_sad,1,asn1_decode_charstring); - end_structure(); - val->magic = KV5M_ENC_SAM_RESPONSE_ENC_2; - } - cleanup(); + setup(); + { begin_structure(); + get_field(val->sam_nonce,0,asn1_decode_int32); + opt_string(val->sam_sad,1,asn1_decode_charstring); + end_structure(); + val->magic = KV5M_ENC_SAM_RESPONSE_ENC_2; + } + cleanup(); } #define opt_encfield(fld,tag,fn) \ - if(tagnum == tag){ \ + if (tagnum == tag) { \ get_field(fld,tag,fn); } \ - else{\ + else {\ fld.magic = 0;\ fld.enctype = 0;\ fld.kvno = 0;\ @@ -1136,53 +1136,53 @@ asn1_error_code asn1_decode_enc_sam_response_enc_2(asn1buf *buf, krb5_enc_sam_re asn1_error_code asn1_decode_sam_response(asn1buf *buf, krb5_sam_response *val) { - setup(); - { begin_structure(); - get_field(val->sam_type,0,asn1_decode_int32); - get_field(val->sam_flags,1,asn1_decode_sam_flags); - opt_string(val->sam_track_id,2,asn1_decode_charstring); - opt_encfield(val->sam_enc_key,3,asn1_decode_encrypted_data); - get_field(val->sam_enc_nonce_or_ts,4,asn1_decode_encrypted_data); - opt_field(val->sam_nonce,5,asn1_decode_int32,0); - opt_field(val->sam_patimestamp,6,asn1_decode_kerberos_time,0); - end_structure(); - val->magic = KV5M_SAM_RESPONSE; - } - cleanup(); + setup(); + { begin_structure(); + get_field(val->sam_type,0,asn1_decode_int32); + get_field(val->sam_flags,1,asn1_decode_sam_flags); + opt_string(val->sam_track_id,2,asn1_decode_charstring); + opt_encfield(val->sam_enc_key,3,asn1_decode_encrypted_data); + get_field(val->sam_enc_nonce_or_ts,4,asn1_decode_encrypted_data); + opt_field(val->sam_nonce,5,asn1_decode_int32,0); + opt_field(val->sam_patimestamp,6,asn1_decode_kerberos_time,0); + end_structure(); + val->magic = KV5M_SAM_RESPONSE; + } + cleanup(); } asn1_error_code asn1_decode_sam_response_2(asn1buf *buf, krb5_sam_response_2 *val) { - setup(); - { begin_structure(); - get_field(val->sam_type,0,asn1_decode_int32); - get_field(val->sam_flags,1,asn1_decode_sam_flags); - opt_string(val->sam_track_id,2,asn1_decode_charstring); - get_field(val->sam_enc_nonce_or_sad,3,asn1_decode_encrypted_data); - get_field(val->sam_nonce,4,asn1_decode_int32); - end_structure(); - val->magic = KV5M_SAM_RESPONSE; - } - cleanup(); + setup(); + { begin_structure(); + get_field(val->sam_type,0,asn1_decode_int32); + get_field(val->sam_flags,1,asn1_decode_sam_flags); + opt_string(val->sam_track_id,2,asn1_decode_charstring); + get_field(val->sam_enc_nonce_or_sad,3,asn1_decode_encrypted_data); + get_field(val->sam_nonce,4,asn1_decode_int32); + end_structure(); + val->magic = KV5M_SAM_RESPONSE; + } + cleanup(); } asn1_error_code asn1_decode_predicted_sam_response(asn1buf *buf, krb5_predicted_sam_response *val) { - setup(); - { begin_structure(); - get_field(val->sam_key,0,asn1_decode_encryption_key); - get_field(val->sam_flags,1,asn1_decode_sam_flags); - get_field(val->stime,2,asn1_decode_kerberos_time); - get_field(val->susec,3,asn1_decode_int32); - alloc_field(val->client,krb5_principal_data); - get_field(val->client,4,asn1_decode_realm); - get_field(val->client,5,asn1_decode_principal_name); - opt_string(val->msd,6,asn1_decode_charstring); /* should be octet */ - end_structure(); - val->magic = KV5M_PREDICTED_SAM_RESPONSE; - } - cleanup(); + setup(); + { begin_structure(); + get_field(val->sam_key,0,asn1_decode_encryption_key); + get_field(val->sam_flags,1,asn1_decode_sam_flags); + get_field(val->stime,2,asn1_decode_kerberos_time); + get_field(val->susec,3,asn1_decode_int32); + alloc_field(val->client,krb5_principal_data); + get_field(val->client,4,asn1_decode_realm); + get_field(val->client,5,asn1_decode_principal_name); + opt_string(val->msd,6,asn1_decode_charstring); /* should be octet */ + end_structure(); + val->magic = KV5M_PREDICTED_SAM_RESPONSE; + } + cleanup(); } #ifndef DISABLE_PKINIT @@ -1192,11 +1192,11 @@ asn1_error_code asn1_decode_external_principal_identifier(asn1buf *buf, krb5_ext { setup(); { - begin_structure(); - opt_implicit_octet_string(val->subjectName.length, val->subjectName.data, 0); - opt_implicit_octet_string(val->issuerAndSerialNumber.length, val->issuerAndSerialNumber.data, 1); - opt_implicit_octet_string(val->subjectKeyIdentifier.length, val->subjectKeyIdentifier.data, 2); - end_structure(); + begin_structure(); + opt_implicit_octet_string(val->subjectName.length, val->subjectName.data, 0); + opt_implicit_octet_string(val->issuerAndSerialNumber.length, val->issuerAndSerialNumber.data, 1); + opt_implicit_octet_string(val->subjectKeyIdentifier.length, val->subjectKeyIdentifier.data, 2); + end_structure(); } cleanup(); } @@ -1208,15 +1208,15 @@ asn1_error_code asn1_decode_sequence_of_external_principal_identifier(asn1buf *b asn1_error_code asn1_decode_pa_pk_as_req(asn1buf *buf, krb5_pa_pk_as_req *val) { - setup(); - { - begin_structure(); - get_implicit_octet_string(val->signedAuthPack.length, val->signedAuthPack.data, 0); - opt_field(val->trustedCertifiers, 1, asn1_decode_sequence_of_external_principal_identifier, NULL); - opt_implicit_octet_string(val->kdcPkId.length, val->kdcPkId.data, 2); - end_structure(); - } - cleanup(); + setup(); + { + begin_structure(); + get_implicit_octet_string(val->signedAuthPack.length, val->signedAuthPack.data, 0); + opt_field(val->trustedCertifiers, 1, asn1_decode_sequence_of_external_principal_identifier, NULL); + opt_implicit_octet_string(val->kdcPkId.length, val->kdcPkId.data, 2); + end_structure(); + } + cleanup(); } #if 0 /* XXX This needs to be tested!!! XXX */ @@ -1224,46 +1224,46 @@ asn1_error_code asn1_decode_trusted_ca(asn1buf *buf, krb5_trusted_ca *val) { setup(); { - char *start, *end; - size_t alloclen; - - begin_explicit_choice(); - if (t.tagnum == choice_trusted_cas_principalName) { - val->choice = choice_trusted_cas_principalName; - } else if (t.tagnum == choice_trusted_cas_caName) { - val->choice = choice_trusted_cas_caName; - start = subbuf.next; - { - sequence_of_no_tagvars(&subbuf); - unused_var(size); - end_sequence_of_no_tagvars(&subbuf); - } - end = subbuf.next; - alloclen = end - start; - val->u.caName.data = malloc(alloclen); - if (val->u.caName.data == NULL) - return ENOMEM; - memcpy(val->u.caName.data, start, alloclen); - val->u.caName.length = alloclen; - next_tag(); - } else if (t.tagnum == choice_trusted_cas_issuerAndSerial) { - val->choice = choice_trusted_cas_issuerAndSerial; - start = subbuf.next; - { - sequence_of_no_tagvars(&subbuf); - unused_var(size); - end_sequence_of_no_tagvars(&subbuf); - } - end = subbuf.next; - alloclen = end - start; - val->u.issuerAndSerial.data = malloc(alloclen); - if (val->u.issuerAndSerial.data == NULL) - return ENOMEM; - memcpy(val->u.issuerAndSerial.data, start, alloclen); - val->u.issuerAndSerial.length = alloclen; - next_tag(); - } else return ASN1_BAD_ID; - end_explicit_choice(); + char *start, *end; + size_t alloclen; + + begin_explicit_choice(); + if (t.tagnum == choice_trusted_cas_principalName) { + val->choice = choice_trusted_cas_principalName; + } else if (t.tagnum == choice_trusted_cas_caName) { + val->choice = choice_trusted_cas_caName; + start = subbuf.next; + { + sequence_of_no_tagvars(&subbuf); + unused_var(size); + end_sequence_of_no_tagvars(&subbuf); + } + end = subbuf.next; + alloclen = end - start; + val->u.caName.data = malloc(alloclen); + if (val->u.caName.data == NULL) + return ENOMEM; + memcpy(val->u.caName.data, start, alloclen); + val->u.caName.length = alloclen; + next_tag(); + } else if (t.tagnum == choice_trusted_cas_issuerAndSerial) { + val->choice = choice_trusted_cas_issuerAndSerial; + start = subbuf.next; + { + sequence_of_no_tagvars(&subbuf); + unused_var(size); + end_sequence_of_no_tagvars(&subbuf); + } + end = subbuf.next; + alloclen = end - start; + val->u.issuerAndSerial.data = malloc(alloclen); + if (val->u.issuerAndSerial.data == NULL) + return ENOMEM; + memcpy(val->u.issuerAndSerial.data, start, alloclen); + val->u.issuerAndSerial.length = alloclen; + next_tag(); + } else return ASN1_BAD_ID; + end_explicit_choice(); } cleanup(); } @@ -1272,18 +1272,18 @@ asn1_error_code asn1_decode_trusted_ca(asn1buf *buf, krb5_trusted_ca *val) { setup(); { begin_choice(); - if (tagnum == choice_trusted_cas_principalName) { - val->choice = choice_trusted_cas_principalName; - asn1_decode_krb5_principal_name(&subbuf, &(val->u.principalName)); - } else if (tagnum == choice_trusted_cas_caName) { - val->choice = choice_trusted_cas_caName; - get_implicit_octet_string(val->u.caName.length, val->u.caName.data, choice_trusted_cas_caName); - } else if (tagnum == choice_trusted_cas_issuerAndSerial) { - val->choice = choice_trusted_cas_issuerAndSerial; - get_implicit_octet_string(val->u.issuerAndSerial.length, val->u.issuerAndSerial.data, - choice_trusted_cas_issuerAndSerial); - } else return ASN1_BAD_ID; - end_choice(); + if (tagnum == choice_trusted_cas_principalName) { + val->choice = choice_trusted_cas_principalName; + asn1_decode_krb5_principal_name(&subbuf, &(val->u.principalName)); + } else if (tagnum == choice_trusted_cas_caName) { + val->choice = choice_trusted_cas_caName; + get_implicit_octet_string(val->u.caName.length, val->u.caName.data, choice_trusted_cas_caName); + } else if (tagnum == choice_trusted_cas_issuerAndSerial) { + val->choice = choice_trusted_cas_issuerAndSerial; + get_implicit_octet_string(val->u.issuerAndSerial.length, val->u.issuerAndSerial.data, + choice_trusted_cas_issuerAndSerial); + } else return ASN1_BAD_ID; + end_choice(); } cleanup(); } @@ -1296,25 +1296,25 @@ asn1_error_code asn1_decode_sequence_of_trusted_ca(asn1buf *buf, krb5_trusted_ca asn1_error_code asn1_decode_pa_pk_as_req_draft9(asn1buf *buf, krb5_pa_pk_as_req_draft9 *val) { - setup(); - { begin_structure(); - get_implicit_octet_string(val->signedAuthPack.length, val->signedAuthPack.data, 0); - opt_field(val->trustedCertifiers, 1, asn1_decode_sequence_of_trusted_ca, NULL); - opt_lenfield(val->kdcCert.length, val->kdcCert.data, 2, asn1_decode_octetstring); - opt_lenfield(val->encryptionCert.length, val->encryptionCert.data, 2, asn1_decode_octetstring); - end_structure(); - } - cleanup(); + setup(); + { begin_structure(); + get_implicit_octet_string(val->signedAuthPack.length, val->signedAuthPack.data, 0); + opt_field(val->trustedCertifiers, 1, asn1_decode_sequence_of_trusted_ca, NULL); + opt_lenfield(val->kdcCert.length, val->kdcCert.data, 2, asn1_decode_octetstring); + opt_lenfield(val->encryptionCert.length, val->encryptionCert.data, 2, asn1_decode_octetstring); + end_structure(); + } + cleanup(); } asn1_error_code asn1_decode_dh_rep_info(asn1buf *buf, krb5_dh_rep_info *val) { setup(); { begin_structure(); - get_implicit_octet_string(val->dhSignedData.length, val->dhSignedData.data, 0); + get_implicit_octet_string(val->dhSignedData.length, val->dhSignedData.data, 0); - opt_lenfield(val->serverDHNonce.length, val->serverDHNonce.data, 1, asn1_decode_octetstring); - end_structure(); + opt_lenfield(val->serverDHNonce.length, val->serverDHNonce.data, 1, asn1_decode_octetstring); + end_structure(); } cleanup(); } @@ -1323,11 +1323,11 @@ asn1_error_code asn1_decode_pk_authenticator(asn1buf *buf, krb5_pk_authenticator { setup(); { begin_structure(); - get_field(val->cusec, 0, asn1_decode_int32); - get_field(val->ctime, 1, asn1_decode_kerberos_time); - get_field(val->nonce, 2, asn1_decode_int32); - opt_lenfield(val->paChecksum.length, val->paChecksum.contents, 3, asn1_decode_octetstring); - end_structure(); + get_field(val->cusec, 0, asn1_decode_int32); + get_field(val->ctime, 1, asn1_decode_kerberos_time); + get_field(val->nonce, 2, asn1_decode_int32); + opt_lenfield(val->paChecksum.length, val->paChecksum.contents, 3, asn1_decode_octetstring); + end_structure(); } cleanup(); } @@ -1336,54 +1336,54 @@ asn1_error_code asn1_decode_pk_authenticator_draft9(asn1buf *buf, krb5_pk_authen { setup(); { begin_structure(); - alloc_field(val->kdcName,krb5_principal_data); - get_field(val->kdcName, 0, asn1_decode_principal_name); - get_field(val->kdcName, 1, asn1_decode_realm); - get_field(val->cusec, 2, asn1_decode_int32); - get_field(val->ctime, 3, asn1_decode_kerberos_time); - get_field(val->nonce, 4, asn1_decode_int32); - end_structure(); + alloc_field(val->kdcName,krb5_principal_data); + get_field(val->kdcName, 0, asn1_decode_principal_name); + get_field(val->kdcName, 1, asn1_decode_realm); + get_field(val->cusec, 2, asn1_decode_int32); + get_field(val->ctime, 3, asn1_decode_kerberos_time); + get_field(val->nonce, 4, asn1_decode_int32); + end_structure(); } cleanup(); } asn1_error_code asn1_decode_algorithm_identifier(asn1buf *buf, krb5_algorithm_identifier *val) { - setup(); - { begin_structure_no_tag(); - /* - * Forbid indefinite encoding because we don't read enough tag - * information from the trailing octets ("ANY DEFINED BY") to - * synchronize EOC tags, etc. - */ - if (seqindef) return ASN1_BAD_FORMAT; - /* - * Set up tag variables because we don't actually call anything - * that fetches tag info for us; it's all buried in the decoder - * primitives. - */ - tagnum = ASN1_TAGNUM_CEILING; - asn1class = UNIVERSAL; - construction = PRIMITIVE; - taglen = 0; - indef = 0; - retval = asn1_decode_oid(&subbuf, &val->algorithm.length, - &val->algorithm.data); - if(retval) return retval; - val->parameters.length = 0; - val->parameters.data = NULL; - - if(length > subbuf.next - subbuf.base) { - unsigned int size = length - (subbuf.next - subbuf.base); - retval = asn1buf_remove_octetstring(&subbuf, size, - &val->parameters.data); - if(retval) return retval; - val->parameters.length = size; - } + setup(); + { begin_structure_no_tag(); + /* + * Forbid indefinite encoding because we don't read enough tag + * information from the trailing octets ("ANY DEFINED BY") to + * synchronize EOC tags, etc. + */ + if (seqindef) return ASN1_BAD_FORMAT; + /* + * Set up tag variables because we don't actually call anything + * that fetches tag info for us; it's all buried in the decoder + * primitives. + */ + tagnum = ASN1_TAGNUM_CEILING; + asn1class = UNIVERSAL; + construction = PRIMITIVE; + taglen = 0; + indef = 0; + retval = asn1_decode_oid(&subbuf, &val->algorithm.length, + &val->algorithm.data); + if (retval) return retval; + val->parameters.length = 0; + val->parameters.data = NULL; + + if (length > subbuf.next - subbuf.base) { + unsigned int size = length - (subbuf.next - subbuf.base); + retval = asn1buf_remove_octetstring(&subbuf, size, + &val->parameters.data); + if (retval) return retval; + val->parameters.length = size; + } - end_structure(); - } - cleanup(); + end_structure(); + } + cleanup(); } asn1_error_code asn1_decode_subject_pk_info(asn1buf *buf, krb5_subject_pk_info *val) @@ -1392,35 +1392,35 @@ asn1_error_code asn1_decode_subject_pk_info(asn1buf *buf, krb5_subject_pk_info * setup(); { begin_structure_no_tag(); - retval = asn1_decode_algorithm_identifier(&subbuf, &val->algorithm); - if (retval) return retval; - - /* SubjectPublicKey encoded as a BIT STRING */ - next_tag(); - if (asn1class != UNIVERSAL || construction != PRIMITIVE || - tagnum != ASN1_BITSTRING) - return ASN1_BAD_ID; - - retval = asn1buf_remove_octet(&subbuf, &unused); - if(retval) return retval; - - /* Number of unused bits must be between 0 and 7. */ - /* What to do if unused is not zero? */ - if (unused > 7) return ASN1_BAD_FORMAT; - taglen--; - - val->subjectPublicKey.length = 0; - val->subjectPublicKey.data = NULL; - retval = asn1buf_remove_octetstring(&subbuf, taglen, - &val->subjectPublicKey.data); - if(retval) return retval; - val->subjectPublicKey.length = taglen; - /* - * We didn't call any macro that does next_tag(); do so now to - * preload tag of any trailing encodings. - */ - next_tag(); - end_structure(); + retval = asn1_decode_algorithm_identifier(&subbuf, &val->algorithm); + if (retval) return retval; + + /* SubjectPublicKey encoded as a BIT STRING */ + next_tag(); + if (asn1class != UNIVERSAL || construction != PRIMITIVE || + tagnum != ASN1_BITSTRING) + return ASN1_BAD_ID; + + retval = asn1buf_remove_octet(&subbuf, &unused); + if (retval) return retval; + + /* Number of unused bits must be between 0 and 7. */ + /* What to do if unused is not zero? */ + if (unused > 7) return ASN1_BAD_FORMAT; + taglen--; + + val->subjectPublicKey.length = 0; + val->subjectPublicKey.data = NULL; + retval = asn1buf_remove_octetstring(&subbuf, taglen, + &val->subjectPublicKey.data); + if (retval) return retval; + val->subjectPublicKey.length = taglen; + /* + * We didn't call any macro that does next_tag(); do so now to + * preload tag of any trailing encodings. + */ + next_tag(); + end_structure(); } cleanup(); } @@ -1434,13 +1434,13 @@ asn1_error_code asn1_decode_kdc_dh_key_info (asn1buf *buf, krb5_kdc_dh_key_info { setup(); { begin_structure(); - retval = asn1buf_remove_octetstring(&subbuf, taglen, &val->subjectPublicKey.data); - if(retval) return retval; - val->subjectPublicKey.length = taglen; - next_tag(); - get_field(val->nonce, 1, asn1_decode_int32); - opt_field(val->dhKeyExpiration, 2, asn1_decode_kerberos_time, 0); - end_structure(); + retval = asn1buf_remove_octetstring(&subbuf, taglen, &val->subjectPublicKey.data); + if (retval) return retval; + val->subjectPublicKey.length = taglen; + next_tag(); + get_field(val->nonce, 1, asn1_decode_int32); + opt_field(val->dhKeyExpiration, 2, asn1_decode_kerberos_time, 0); + end_structure(); } cleanup(); } @@ -1449,9 +1449,9 @@ asn1_error_code asn1_decode_reply_key_pack (asn1buf *buf, krb5_reply_key_pack *v { setup(); { begin_structure(); - get_field(val->replyKey, 0, asn1_decode_encryption_key); - get_field(val->asChecksum, 1, asn1_decode_checksum); - end_structure(); + get_field(val->replyKey, 0, asn1_decode_encryption_key); + get_field(val->asChecksum, 1, asn1_decode_checksum); + end_structure(); } cleanup(); } @@ -1460,9 +1460,9 @@ asn1_error_code asn1_decode_reply_key_pack_draft9 (asn1buf *buf, krb5_reply_key_ { setup(); { begin_structure(); - get_field(val->replyKey, 0, asn1_decode_encryption_key); - get_field(val->nonce, 1, asn1_decode_int32); - end_structure(); + get_field(val->replyKey, 0, asn1_decode_encryption_key); + get_field(val->nonce, 1, asn1_decode_int32); + end_structure(); } cleanup(); } @@ -1472,9 +1472,9 @@ asn1_error_code asn1_decode_krb5_principal_name (asn1buf *buf, krb5_principal *v { setup(); { begin_structure(); - get_field(*val, 0, asn1_decode_realm); - get_field(*val, 1, asn1_decode_principal_name); - end_structure(); + get_field(*val, 0, asn1_decode_realm); + get_field(*val, 1, asn1_decode_principal_name); + end_structure(); } cleanup(); } @@ -1483,30 +1483,30 @@ asn1_error_code asn1_decode_auth_pack(asn1buf *buf, krb5_auth_pack *val) { setup(); { begin_structure(); - get_field(val->pkAuthenticator, 0, asn1_decode_pk_authenticator); - if (tagnum == 1) { alloc_field(val->clientPublicValue, krb5_subject_pk_info); } - /* can't call opt_field because it does decoder(&subbuf, &(val)); */ - if (asn1buf_remains(&subbuf, seqindef)) { - if ((asn1class != CONTEXT_SPECIFIC || construction != CONSTRUCTED) - && (tagnum || taglen || asn1class != UNIVERSAL)) - return ASN1_BAD_ID; - if (tagnum == 1) { - retval = asn1_decode_subject_pk_info(&subbuf, - val->clientPublicValue); - if (!taglen && indef) { get_eoc(); } - next_tag(); - } else val->clientPublicValue = NULL; - } - /* can't call opt_field because it does decoder(&subbuf, &(val)); */ - if (asn1buf_remains(&subbuf, seqindef)) { - if (tagnum == 2) { - asn1_decode_sequence_of_algorithm_identifier(&subbuf, &val->supportedCMSTypes); - if (!taglen && indef) { get_eoc(); } - next_tag(); - } else val->supportedCMSTypes = NULL; - } - opt_lenfield(val->clientDHNonce.length, val->clientDHNonce.data, 3, asn1_decode_octetstring); - end_structure(); + get_field(val->pkAuthenticator, 0, asn1_decode_pk_authenticator); + if (tagnum == 1) { alloc_field(val->clientPublicValue, krb5_subject_pk_info); } + /* can't call opt_field because it does decoder(&subbuf, &(val)); */ + if (asn1buf_remains(&subbuf, seqindef)) { + if ((asn1class != CONTEXT_SPECIFIC || construction != CONSTRUCTED) + && (tagnum || taglen || asn1class != UNIVERSAL)) + return ASN1_BAD_ID; + if (tagnum == 1) { + retval = asn1_decode_subject_pk_info(&subbuf, + val->clientPublicValue); + if (!taglen && indef) { get_eoc(); } + next_tag(); + } else val->clientPublicValue = NULL; + } + /* can't call opt_field because it does decoder(&subbuf, &(val)); */ + if (asn1buf_remains(&subbuf, seqindef)) { + if (tagnum == 2) { + asn1_decode_sequence_of_algorithm_identifier(&subbuf, &val->supportedCMSTypes); + if (!taglen && indef) { get_eoc(); } + next_tag(); + } else val->supportedCMSTypes = NULL; + } + opt_lenfield(val->clientDHNonce.length, val->clientDHNonce.data, 3, asn1_decode_octetstring); + end_structure(); } cleanup(); } @@ -1515,64 +1515,64 @@ asn1_error_code asn1_decode_auth_pack_draft9(asn1buf *buf, krb5_auth_pack_draft9 { setup(); { begin_structure(); - get_field(val->pkAuthenticator, 0, asn1_decode_pk_authenticator_draft9); - if (tagnum == 1) { - alloc_field(val->clientPublicValue, krb5_subject_pk_info); - /* can't call opt_field because it does decoder(&subbuf, &(val)); */ - if (asn1buf_remains(&subbuf, seqindef)) { - if ((asn1class != CONTEXT_SPECIFIC || construction != CONSTRUCTED) - && (tagnum || taglen || asn1class != UNIVERSAL)) - return ASN1_BAD_ID; - if (tagnum == 1) { - retval = asn1_decode_subject_pk_info(&subbuf, - val->clientPublicValue); - if (!taglen && indef) { get_eoc(); } - next_tag(); - } else val->clientPublicValue = NULL; + get_field(val->pkAuthenticator, 0, asn1_decode_pk_authenticator_draft9); + if (tagnum == 1) { + alloc_field(val->clientPublicValue, krb5_subject_pk_info); + /* can't call opt_field because it does decoder(&subbuf, &(val)); */ + if (asn1buf_remains(&subbuf, seqindef)) { + if ((asn1class != CONTEXT_SPECIFIC || construction != CONSTRUCTED) + && (tagnum || taglen || asn1class != UNIVERSAL)) + return ASN1_BAD_ID; + if (tagnum == 1) { + retval = asn1_decode_subject_pk_info(&subbuf, + val->clientPublicValue); + if (!taglen && indef) { get_eoc(); } + next_tag(); + } else val->clientPublicValue = NULL; + } } - } - end_structure(); + end_structure(); } cleanup(); } asn1_error_code asn1_decode_pa_pk_as_rep(asn1buf *buf, krb5_pa_pk_as_rep *val) { - setup(); - { begin_choice(); - if (tagnum == choice_pa_pk_as_rep_dhInfo) { - val->choice = choice_pa_pk_as_rep_dhInfo; - get_field_body(val->u.dh_Info, asn1_decode_dh_rep_info); - } else if (tagnum == choice_pa_pk_as_rep_encKeyPack) { - val->choice = choice_pa_pk_as_rep_encKeyPack; - get_implicit_octet_string(val->u.encKeyPack.length, val->u.encKeyPack.data, - choice_pa_pk_as_rep_encKeyPack); - } else { - val->choice = choice_pa_pk_as_rep_UNKNOWN; + setup(); + { begin_choice(); + if (tagnum == choice_pa_pk_as_rep_dhInfo) { + val->choice = choice_pa_pk_as_rep_dhInfo; + get_field_body(val->u.dh_Info, asn1_decode_dh_rep_info); + } else if (tagnum == choice_pa_pk_as_rep_encKeyPack) { + val->choice = choice_pa_pk_as_rep_encKeyPack; + get_implicit_octet_string(val->u.encKeyPack.length, val->u.encKeyPack.data, + choice_pa_pk_as_rep_encKeyPack); + } else { + val->choice = choice_pa_pk_as_rep_UNKNOWN; + } + end_choice(); } - end_choice(); - } - cleanup(); + cleanup(); } asn1_error_code asn1_decode_pa_pk_as_rep_draft9(asn1buf *buf, krb5_pa_pk_as_rep_draft9 *val) { - setup(); - { begin_structure(); - if (tagnum == choice_pa_pk_as_rep_draft9_dhSignedData) { - val->choice = choice_pa_pk_as_rep_draft9_dhSignedData; - get_lenfield(val->u.dhSignedData.length, val->u.dhSignedData.data, - choice_pa_pk_as_rep_draft9_dhSignedData, asn1_decode_octetstring); - } else if (tagnum == choice_pa_pk_as_rep_draft9_encKeyPack) { - val->choice = choice_pa_pk_as_rep_draft9_encKeyPack; - get_lenfield(val->u.encKeyPack.length, val->u.encKeyPack.data, - choice_pa_pk_as_rep_draft9_encKeyPack, asn1_decode_octetstring); - } else { - val->choice = choice_pa_pk_as_rep_draft9_UNKNOWN; + setup(); + { begin_structure(); + if (tagnum == choice_pa_pk_as_rep_draft9_dhSignedData) { + val->choice = choice_pa_pk_as_rep_draft9_dhSignedData; + get_lenfield(val->u.dhSignedData.length, val->u.dhSignedData.data, + choice_pa_pk_as_rep_draft9_dhSignedData, asn1_decode_octetstring); + } else if (tagnum == choice_pa_pk_as_rep_draft9_encKeyPack) { + val->choice = choice_pa_pk_as_rep_draft9_encKeyPack; + get_lenfield(val->u.encKeyPack.length, val->u.encKeyPack.data, + choice_pa_pk_as_rep_draft9_encKeyPack, asn1_decode_octetstring); + } else { + val->choice = choice_pa_pk_as_rep_draft9_UNKNOWN; + } + end_structure(); } - end_structure(); - } - cleanup(); + cleanup(); } asn1_error_code asn1_decode_sequence_of_typed_data(asn1buf *buf, krb5_typed_data ***val) @@ -1582,12 +1582,12 @@ asn1_error_code asn1_decode_sequence_of_typed_data(asn1buf *buf, krb5_typed_data asn1_error_code asn1_decode_typed_data(asn1buf *buf, krb5_typed_data *val) { - setup(); - { begin_structure(); - get_field(val->type,0,asn1_decode_int32); - get_lenfield(val->length,val->data,1,asn1_decode_octetstring); - end_structure(); - } - cleanup(); + setup(); + { begin_structure(); + get_field(val->type,0,asn1_decode_int32); + get_lenfield(val->length,val->data,1,asn1_decode_octetstring); + end_structure(); + } + cleanup(); } #endif /* DISABLE_PKINIT */ diff --git a/src/lib/krb5/asn.1/asn1_k_encode.c b/src/lib/krb5/asn.1/asn1_k_encode.c index 4cd9f0572..de5c60180 100644 --- a/src/lib/krb5/asn.1/asn1_k_encode.c +++ b/src/lib/krb5/asn.1/asn1_k_encode.c @@ -44,7 +44,7 @@ ... /* for OPTIONAL fields */ - if(rep->field_i == should_not_be_omitted) + if (rep->field_i == should_not_be_omitted) asn1_addfield(rep->field_i, i, asn1_type); /* for string fields (these encoders take an additional argument, @@ -53,11 +53,11 @@ /* if you really have to do things yourself... */ retval = asn1_encode_asn1_type(buf,rep->field,&length); - if(retval) return retval; + if (retval) return retval; sum += length; retval = asn1_make_etag(buf, CONTEXT_SPECIFIC, tag_number, length, &length); - if(retval) return retval; + if (retval) return retval; sum += length; ... @@ -80,12 +80,12 @@ /* asn1_addfield -- add a field, or component, to the encoding */ #define asn1_addfield(value,tag,encoder)\ { retval = encoder(buf,value,&length);\ - if(retval){\ + if (retval) {\ asn1buf_destroy(&buf);\ return retval; }\ sum += length;\ retval = asn1_make_etag(buf,CONTEXT_SPECIFIC,tag,length,&length);\ - if(retval){\ + if (retval) {\ asn1buf_destroy(&buf);\ return retval; }\ sum += length; } @@ -93,12 +93,12 @@ /* asn1_addlenfield -- add a field whose length must be separately specified */ #define asn1_addlenfield(len,value,tag,encoder)\ { retval = encoder(buf,len,value,&length);\ - if(retval){\ + if (retval) {\ asn1buf_destroy(&buf);\ return retval; }\ sum += length;\ retval = asn1_make_etag(buf,CONTEXT_SPECIFIC,tag,length,&length);\ - if(retval){\ + if (retval) {\ asn1buf_destroy(&buf);\ return retval; }\ sum += length; } @@ -106,12 +106,12 @@ /* asn1_addfield_implicit -- add an implicitly tagged field, or component, to the encoding */ #define asn1_addfield_implicit(value,tag,encoder)\ { retval = encoder(buf,value,&length);\ - if(retval){\ + if (retval) {\ asn1buf_destroy(&buf);\ return retval; }\ sum += length;\ retval = asn1_make_tag(buf,CONTEXT_SPECIFIC,PRIMITIVE,tag,length,&length); \ - if(retval){\ + if (retval) {\ asn1buf_destroy(&buf);\ return retval; }\ sum += length; } @@ -119,12 +119,12 @@ /* asn1_insert_implicit_octetstring -- add an octet string with implicit tagging */ #define asn1_insert_implicit_octetstring(len,value,tag)\ { retval = asn1buf_insert_octetstring(buf,len,value);\ - if(retval){\ + if (retval) {\ asn1buf_destroy(&buf);\ return retval; }\ sum += len;\ retval = asn1_make_tag(buf,CONTEXT_SPECIFIC,PRIMITIVE,tag,len,&length); \ - if(retval){\ + if (retval) {\ asn1buf_destroy(&buf);\ return retval; }\ sum += length; } @@ -132,17 +132,17 @@ /* asn1_insert_implicit_bitstring -- add a bitstring with implicit tagging */ #define asn1_insert_implicit_bitstring(len,value,tag)\ { retval = asn1buf_insert_octetstring(buf,len,value);\ - if(retval){\ + if (retval) {\ asn1buf_destroy(&buf);\ return retval; }\ sum += len;\ retval = asn1buf_insert_octet(buf, 0);\ - if(retval){\ + if (retval) {\ asn1buf_destroy(&buf);\ return retval; }\ sum++;\ retval = asn1_make_tag(buf,UNIVERSAL,PRIMITIVE,tag,len+1,&length); \ - if(retval){\ + if (retval) {\ asn1buf_destroy(&buf);\ return retval; }\ sum += length; } @@ -150,7 +150,7 @@ /* form a sequence (by adding a sequence header to the current encoding) */ #define asn1_makeseq()\ retval = asn1_make_sequence(buf,sum,&length);\ - if(retval){\ + if (retval) {\ asn1buf_destroy(&buf);\ return retval; }\ sum += length @@ -158,7 +158,7 @@ /* add an APPLICATION class tag to the current encoding */ #define asn1_apptag(num)\ retval = asn1_make_etag(buf,APPLICATION,num,sum,&length);\ - if(retval){\ + if (retval) {\ asn1buf_destroy(&buf);\ return retval; }\ sum += length @@ -170,612 +170,612 @@ asn1_error_code asn1_encode_ui_4(asn1buf *buf, const krb5_ui_4 val, unsigned int *retlen) { - return asn1_encode_unsigned_integer(buf,val,retlen); + return asn1_encode_unsigned_integer(buf,val,retlen); } asn1_error_code asn1_encode_realm(asn1buf *buf, const krb5_principal val, unsigned int *retlen) { - if (val == NULL || - (val->realm.length && val->realm.data == NULL)) - return ASN1_MISSING_FIELD; - return asn1_encode_generalstring(buf,val->realm.length,val->realm.data, - retlen); + if (val == NULL || + (val->realm.length && val->realm.data == NULL)) + return ASN1_MISSING_FIELD; + return asn1_encode_generalstring(buf,val->realm.length,val->realm.data, + retlen); } asn1_error_code asn1_encode_principal_name(asn1buf *buf, const krb5_principal val, unsigned int *retlen) { - asn1_setup(); - int n; + asn1_setup(); + int n; - if (val == NULL || val->data == NULL) return ASN1_MISSING_FIELD; + if (val == NULL || val->data == NULL) return ASN1_MISSING_FIELD; - for(n = (int) ((val->length)-1); n >= 0; n--){ - if (val->data[n].length && - val->data[n].data == NULL) + for (n = (int) ((val->length)-1); n >= 0; n--) { + if (val->data[n].length && + val->data[n].data == NULL) return ASN1_MISSING_FIELD; - retval = asn1_encode_generalstring(buf, - (val->data)[n].length, - (val->data)[n].data, - &length); - if(retval) return retval; + retval = asn1_encode_generalstring(buf, + (val->data)[n].length, + (val->data)[n].data, + &length); + if (retval) return retval; + sum += length; + } + asn1_makeseq(); + retval = asn1_make_etag(buf,CONTEXT_SPECIFIC,1,sum,&length); + if (retval) return retval; sum += length; - } - asn1_makeseq(); - retval = asn1_make_etag(buf,CONTEXT_SPECIFIC,1,sum,&length); - if(retval) return retval; - sum += length; - asn1_addfield(val->type,0,asn1_encode_integer); + asn1_addfield(val->type,0,asn1_encode_integer); - asn1_makeseq(); + asn1_makeseq(); - asn1_cleanup(); + asn1_cleanup(); } asn1_error_code asn1_encode_kerberos_time(asn1buf *buf, const krb5_timestamp val, unsigned int *retlen) { - return asn1_encode_generaltime(buf,val,retlen); + return asn1_encode_generaltime(buf,val,retlen); } asn1_error_code asn1_encode_host_address(asn1buf *buf, const krb5_address *val, unsigned int *retlen) { - asn1_setup(); + asn1_setup(); - if (val == NULL || val->contents == NULL) return ASN1_MISSING_FIELD; + if (val == NULL || val->contents == NULL) return ASN1_MISSING_FIELD; - asn1_addlenfield(val->length,val->contents,1,asn1_encode_octetstring); - asn1_addfield(val->addrtype,0,asn1_encode_integer); - asn1_makeseq(); + asn1_addlenfield(val->length,val->contents,1,asn1_encode_octetstring); + asn1_addfield(val->addrtype,0,asn1_encode_integer); + asn1_makeseq(); - asn1_cleanup(); + asn1_cleanup(); } asn1_error_code asn1_encode_host_addresses(asn1buf *buf, const krb5_address **val, unsigned int *retlen) { - asn1_setup(); - int i; + asn1_setup(); + int i; - if(val == NULL || val[0] == NULL) return ASN1_MISSING_FIELD; + if (val == NULL || val[0] == NULL) return ASN1_MISSING_FIELD; - for(i=0; val[i] != NULL; i++); /* go to end of array */ - for(i--; i>=0; i--){ - retval = asn1_encode_host_address(buf,val[i],&length); - if(retval) return retval; - sum += length; - } - asn1_makeseq(); + for (i=0; val[i] != NULL; i++); /* go to end of array */ + for (i--; i>=0; i--) { + retval = asn1_encode_host_address(buf,val[i],&length); + if (retval) return retval; + sum += length; + } + asn1_makeseq(); - asn1_cleanup(); + asn1_cleanup(); } asn1_error_code asn1_encode_encrypted_data(asn1buf *buf, const krb5_enc_data *val, unsigned int *retlen) { - asn1_setup(); + asn1_setup(); - if(val == NULL || - (val->ciphertext.length && val->ciphertext.data == NULL)) - return ASN1_MISSING_FIELD; + if (val == NULL || + (val->ciphertext.length && val->ciphertext.data == NULL)) + return ASN1_MISSING_FIELD; - asn1_addlenfield(val->ciphertext.length,val->ciphertext.data,2,asn1_encode_charstring); - /* krb5_kvno should be int */ - if(val->kvno) - asn1_addfield((int) val->kvno,1,asn1_encode_integer); - asn1_addfield(val->enctype,0,asn1_encode_integer); + asn1_addlenfield(val->ciphertext.length,val->ciphertext.data,2,asn1_encode_charstring); + /* krb5_kvno should be int */ + if (val->kvno) + asn1_addfield((int) val->kvno,1,asn1_encode_integer); + asn1_addfield(val->enctype,0,asn1_encode_integer); - asn1_makeseq(); + asn1_makeseq(); - asn1_cleanup(); + asn1_cleanup(); } asn1_error_code asn1_encode_krb5_flags(asn1buf *buf, const krb5_flags val, unsigned int *retlen) { - asn1_setup(); - krb5_flags valcopy = val; - int i; + asn1_setup(); + krb5_flags valcopy = val; + int i; - for(i=0; i<4; i++){ - retval = asn1buf_insert_octet(buf,(asn1_octet) (valcopy&0xFF)); - if(retval) return retval; - valcopy >>= 8; - } - retval = asn1buf_insert_octet(buf,0); /* 0 padding bits */ - if(retval) return retval; - sum = 5; + for (i=0; i<4; i++) { + retval = asn1buf_insert_octet(buf,(asn1_octet) (valcopy&0xFF)); + if (retval) return retval; + valcopy >>= 8; + } + retval = asn1buf_insert_octet(buf,0); /* 0 padding bits */ + if (retval) return retval; + sum = 5; - retval = asn1_make_tag(buf,UNIVERSAL,PRIMITIVE,ASN1_BITSTRING,sum, - &length); - if(retval) return retval; - sum += length; + retval = asn1_make_tag(buf,UNIVERSAL,PRIMITIVE,ASN1_BITSTRING,sum, + &length); + if (retval) return retval; + sum += length; - *retlen = sum; - return 0; + *retlen = sum; + return 0; } asn1_error_code asn1_encode_ap_options(asn1buf *buf, const krb5_flags val, unsigned int *retlen) { - return asn1_encode_krb5_flags(buf,val,retlen); + return asn1_encode_krb5_flags(buf,val,retlen); } asn1_error_code asn1_encode_ticket_flags(asn1buf *buf, const krb5_flags val, unsigned int *retlen) { - return asn1_encode_krb5_flags(buf,val,retlen); + return asn1_encode_krb5_flags(buf,val,retlen); } asn1_error_code asn1_encode_kdc_options(asn1buf *buf, const krb5_flags val, unsigned int *retlen) { - return asn1_encode_krb5_flags(buf,val,retlen); + return asn1_encode_krb5_flags(buf,val,retlen); } asn1_error_code asn1_encode_authorization_data(asn1buf *buf, const krb5_authdata **val, unsigned int *retlen) { - asn1_setup(); - int i; + asn1_setup(); + int i; - if(val == NULL || val[0] == NULL) return ASN1_MISSING_FIELD; + if (val == NULL || val[0] == NULL) return ASN1_MISSING_FIELD; - for(i=0; val[i] != NULL; i++); /* get to the end of the array */ - for(i--; i>=0; i--){ - retval = asn1_encode_krb5_authdata_elt(buf,val[i],&length); - if(retval) return retval; - sum += length; - } - asn1_makeseq(); + for (i=0; val[i] != NULL; i++); /* get to the end of the array */ + for (i--; i>=0; i--) { + retval = asn1_encode_krb5_authdata_elt(buf,val[i],&length); + if (retval) return retval; + sum += length; + } + asn1_makeseq(); - asn1_cleanup(); + asn1_cleanup(); } asn1_error_code asn1_encode_krb5_authdata_elt(asn1buf *buf, const krb5_authdata *val, unsigned int *retlen) { - asn1_setup(); + asn1_setup(); - if (val == NULL || - (val->length && val->contents == NULL)) - return ASN1_MISSING_FIELD; + if (val == NULL || + (val->length && val->contents == NULL)) + return ASN1_MISSING_FIELD; - /* ad-data[1] OCTET STRING */ - asn1_addlenfield(val->length,val->contents,1,asn1_encode_octetstring); - /* ad-type[0] INTEGER */ - asn1_addfield(val->ad_type,0,asn1_encode_integer); - /* SEQUENCE */ - asn1_makeseq(); + /* ad-data[1] OCTET STRING */ + asn1_addlenfield(val->length,val->contents,1,asn1_encode_octetstring); + /* ad-type[0] INTEGER */ + asn1_addfield(val->ad_type,0,asn1_encode_integer); + /* SEQUENCE */ + asn1_makeseq(); - asn1_cleanup(); + asn1_cleanup(); } asn1_error_code asn1_encode_kdc_rep(int msg_type, asn1buf *buf, const krb5_kdc_rep *val, unsigned int *retlen) { - asn1_setup(); + asn1_setup(); - if(val == NULL) return ASN1_MISSING_FIELD; + if (val == NULL) return ASN1_MISSING_FIELD; - asn1_addfield(&(val->enc_part),6,asn1_encode_encrypted_data); - asn1_addfield(val->ticket,5,asn1_encode_ticket); - asn1_addfield(val->client,4,asn1_encode_principal_name); - asn1_addfield(val->client,3,asn1_encode_realm); - if(val->padata != NULL && val->padata[0] != NULL) - asn1_addfield((const krb5_pa_data**)val->padata,2,asn1_encode_sequence_of_pa_data); - if (msg_type != KRB5_AS_REP && msg_type != KRB5_TGS_REP) - return KRB5_BADMSGTYPE; - asn1_addfield(msg_type,1,asn1_encode_integer); - asn1_addfield(KVNO,0,asn1_encode_integer); - asn1_makeseq(); + asn1_addfield(&(val->enc_part),6,asn1_encode_encrypted_data); + asn1_addfield(val->ticket,5,asn1_encode_ticket); + asn1_addfield(val->client,4,asn1_encode_principal_name); + asn1_addfield(val->client,3,asn1_encode_realm); + if (val->padata != NULL && val->padata[0] != NULL) + asn1_addfield((const krb5_pa_data**)val->padata,2,asn1_encode_sequence_of_pa_data); + if (msg_type != KRB5_AS_REP && msg_type != KRB5_TGS_REP) + return KRB5_BADMSGTYPE; + asn1_addfield(msg_type,1,asn1_encode_integer); + asn1_addfield(KVNO,0,asn1_encode_integer); + asn1_makeseq(); - asn1_cleanup(); + asn1_cleanup(); } asn1_error_code asn1_encode_enc_kdc_rep_part(asn1buf *buf, const krb5_enc_kdc_rep_part *val, unsigned int *retlen) { - asn1_setup(); + asn1_setup(); - if(val == NULL) return ASN1_MISSING_FIELD; + if (val == NULL) return ASN1_MISSING_FIELD; - /* caddr[11] HostAddresses OPTIONAL */ - if(val->caddrs != NULL && val->caddrs[0] != NULL) - asn1_addfield((const krb5_address**)(val->caddrs),11,asn1_encode_host_addresses); + /* caddr[11] HostAddresses OPTIONAL */ + if (val->caddrs != NULL && val->caddrs[0] != NULL) + asn1_addfield((const krb5_address**)(val->caddrs),11,asn1_encode_host_addresses); - /* sname[10] PrincipalName */ - asn1_addfield(val->server,10,asn1_encode_principal_name); + /* sname[10] PrincipalName */ + asn1_addfield(val->server,10,asn1_encode_principal_name); - /* srealm[9] Realm */ - asn1_addfield(val->server,9,asn1_encode_realm); + /* srealm[9] Realm */ + asn1_addfield(val->server,9,asn1_encode_realm); - /* renew-till[8] KerberosTime OPTIONAL */ - if(val->flags & TKT_FLG_RENEWABLE) - asn1_addfield(val->times.renew_till,8,asn1_encode_kerberos_time); + /* renew-till[8] KerberosTime OPTIONAL */ + if (val->flags & TKT_FLG_RENEWABLE) + asn1_addfield(val->times.renew_till,8,asn1_encode_kerberos_time); - /* endtime[7] KerberosTime */ - asn1_addfield(val->times.endtime,7,asn1_encode_kerberos_time); + /* endtime[7] KerberosTime */ + asn1_addfield(val->times.endtime,7,asn1_encode_kerberos_time); - /* starttime[6] KerberosTime OPTIONAL */ - if(val->times.starttime) - asn1_addfield(val->times.starttime,6,asn1_encode_kerberos_time); + /* starttime[6] KerberosTime OPTIONAL */ + if (val->times.starttime) + asn1_addfield(val->times.starttime,6,asn1_encode_kerberos_time); - /* authtime[5] KerberosTime */ - asn1_addfield(val->times.authtime,5,asn1_encode_kerberos_time); + /* authtime[5] KerberosTime */ + asn1_addfield(val->times.authtime,5,asn1_encode_kerberos_time); - /* flags[4] TicketFlags */ - asn1_addfield(val->flags,4,asn1_encode_ticket_flags); + /* flags[4] TicketFlags */ + asn1_addfield(val->flags,4,asn1_encode_ticket_flags); - /* key-expiration[3] KerberosTime OPTIONAL */ - if(val->key_exp) - asn1_addfield(val->key_exp,3,asn1_encode_kerberos_time); + /* key-expiration[3] KerberosTime OPTIONAL */ + if (val->key_exp) + asn1_addfield(val->key_exp,3,asn1_encode_kerberos_time); - /* nonce[2] INTEGER */ - asn1_addfield(val->nonce,2,asn1_encode_integer); + /* nonce[2] INTEGER */ + asn1_addfield(val->nonce,2,asn1_encode_integer); - /* last-req[1] LastReq */ - asn1_addfield((const krb5_last_req_entry**)val->last_req,1,asn1_encode_last_req); + /* last-req[1] LastReq */ + asn1_addfield((const krb5_last_req_entry**)val->last_req,1,asn1_encode_last_req); - /* key[0] EncryptionKey */ - asn1_addfield(val->session,0,asn1_encode_encryption_key); + /* key[0] EncryptionKey */ + asn1_addfield(val->session,0,asn1_encode_encryption_key); - /* EncKDCRepPart ::= SEQUENCE */ - asn1_makeseq(); + /* EncKDCRepPart ::= SEQUENCE */ + asn1_makeseq(); - asn1_cleanup(); + asn1_cleanup(); } asn1_error_code asn1_encode_sequence_of_checksum(asn1buf *buf, const krb5_checksum ** val, unsigned int *retlen) { - asn1_setup(); - int i; + asn1_setup(); + int i; - if(val == NULL) return ASN1_MISSING_FIELD; + if (val == NULL) return ASN1_MISSING_FIELD; - for (i=0; val[i] != NULL; i++); - for (i--; i>=0; i--){ - retval = asn1_encode_checksum(buf,val[i],&length); - if(retval) return retval; - sum += length; - } - asn1_makeseq(); + for (i=0; val[i] != NULL; i++); + for (i--; i>=0; i--) { + retval = asn1_encode_checksum(buf,val[i],&length); + if (retval) return retval; + sum += length; + } + asn1_makeseq(); - asn1_cleanup(); + asn1_cleanup(); } asn1_error_code asn1_encode_kdc_req_body(asn1buf *buf, const krb5_kdc_req *rep, unsigned int *retlen) { - asn1_setup(); + asn1_setup(); - if(rep == NULL) return ASN1_MISSING_FIELD; - - /* additional-tickets[11] SEQUENCE OF Ticket OPTIONAL */ - if(rep->second_ticket != NULL && rep->second_ticket[0] != NULL) - asn1_addfield((const krb5_ticket**)rep->second_ticket, - 11,asn1_encode_sequence_of_ticket); - - /* enc-authorization-data[10] EncryptedData OPTIONAL, */ - /* -- Encrypted AuthorizationData encoding */ - if(rep->authorization_data.ciphertext.data != NULL) - asn1_addfield(&(rep->authorization_data),10,asn1_encode_encrypted_data); - - /* addresses[9] HostAddresses OPTIONAL, */ - if(rep->addresses != NULL && rep->addresses[0] != NULL) - asn1_addfield((const krb5_address**)rep->addresses,9,asn1_encode_host_addresses); - - /* etype[8] SEQUENCE OF INTEGER, -- EncryptionType, */ - /* -- in preference order */ - asn1_addlenfield(rep->nktypes,rep->ktype,8,asn1_encode_sequence_of_enctype); - - /* nonce[7] INTEGER, */ - asn1_addfield(rep->nonce,7,asn1_encode_integer); - - /* rtime[6] KerberosTime OPTIONAL, */ - if(rep->rtime) - asn1_addfield(rep->rtime,6,asn1_encode_kerberos_time); - - /* till[5] KerberosTime, */ - asn1_addfield(rep->till,5,asn1_encode_kerberos_time); - - /* from[4] KerberosTime OPTIONAL, */ - if(rep->from) - asn1_addfield(rep->from,4,asn1_encode_kerberos_time); - - /* sname[3] PrincipalName OPTIONAL, */ - if(rep->server != NULL) - asn1_addfield(rep->server,3,asn1_encode_principal_name); - - /* realm[2] Realm, -- Server's realm */ - /* -- Also client's in AS-REQ */ - if(rep->kdc_options & KDC_OPT_ENC_TKT_IN_SKEY){ - if(rep->second_ticket != NULL && rep->second_ticket[0] != NULL){ - asn1_addfield(rep->second_ticket[0]->server,2,asn1_encode_realm) + if (rep == NULL) return ASN1_MISSING_FIELD; + + /* additional-tickets[11] SEQUENCE OF Ticket OPTIONAL */ + if (rep->second_ticket != NULL && rep->second_ticket[0] != NULL) + asn1_addfield((const krb5_ticket**)rep->second_ticket, + 11,asn1_encode_sequence_of_ticket); + + /* enc-authorization-data[10] EncryptedData OPTIONAL, */ + /* -- Encrypted AuthorizationData encoding */ + if (rep->authorization_data.ciphertext.data != NULL) + asn1_addfield(&(rep->authorization_data),10,asn1_encode_encrypted_data); + + /* addresses[9] HostAddresses OPTIONAL, */ + if (rep->addresses != NULL && rep->addresses[0] != NULL) + asn1_addfield((const krb5_address**)rep->addresses,9,asn1_encode_host_addresses); + + /* etype[8] SEQUENCE OF INTEGER, -- EncryptionType, */ + /* -- in preference order */ + asn1_addlenfield(rep->nktypes,rep->ktype,8,asn1_encode_sequence_of_enctype); + + /* nonce[7] INTEGER, */ + asn1_addfield(rep->nonce,7,asn1_encode_integer); + + /* rtime[6] KerberosTime OPTIONAL, */ + if (rep->rtime) + asn1_addfield(rep->rtime,6,asn1_encode_kerberos_time); + + /* till[5] KerberosTime, */ + asn1_addfield(rep->till,5,asn1_encode_kerberos_time); + + /* from[4] KerberosTime OPTIONAL, */ + if (rep->from) + asn1_addfield(rep->from,4,asn1_encode_kerberos_time); + + /* sname[3] PrincipalName OPTIONAL, */ + if (rep->server != NULL) + asn1_addfield(rep->server,3,asn1_encode_principal_name); + + /* realm[2] Realm, -- Server's realm */ + /* -- Also client's in AS-REQ */ + if (rep->kdc_options & KDC_OPT_ENC_TKT_IN_SKEY) { + if (rep->second_ticket != NULL && rep->second_ticket[0] != NULL) { + asn1_addfield(rep->second_ticket[0]->server,2,asn1_encode_realm) + } else return ASN1_MISSING_FIELD; + } else if (rep->server != NULL) { + asn1_addfield(rep->server,2,asn1_encode_realm); } else return ASN1_MISSING_FIELD; - }else if(rep->server != NULL){ - asn1_addfield(rep->server,2,asn1_encode_realm); - }else return ASN1_MISSING_FIELD; - /* cname[1] PrincipalName OPTIONAL, */ - /* -- Used only in AS-REQ */ - if(rep->client != NULL) - asn1_addfield(rep->client,1,asn1_encode_principal_name); + /* cname[1] PrincipalName OPTIONAL, */ + /* -- Used only in AS-REQ */ + if (rep->client != NULL) + asn1_addfield(rep->client,1,asn1_encode_principal_name); - /* kdc-options[0] KDCOptions, */ - asn1_addfield(rep->kdc_options,0,asn1_encode_kdc_options); + /* kdc-options[0] KDCOptions, */ + asn1_addfield(rep->kdc_options,0,asn1_encode_kdc_options); - /* KDC-REQ-BODY ::= SEQUENCE */ - asn1_makeseq(); + /* KDC-REQ-BODY ::= SEQUENCE */ + asn1_makeseq(); - asn1_cleanup(); + asn1_cleanup(); } asn1_error_code asn1_encode_encryption_key(asn1buf *buf, const krb5_keyblock *val, unsigned int *retlen) { - asn1_setup(); + asn1_setup(); - if (val == NULL || - (val->length && val->contents == NULL)) - return ASN1_MISSING_FIELD; + if (val == NULL || + (val->length && val->contents == NULL)) + return ASN1_MISSING_FIELD; - asn1_addlenfield(val->length,val->contents,1,asn1_encode_octetstring); - asn1_addfield(val->enctype,0,asn1_encode_integer); - asn1_makeseq(); + asn1_addlenfield(val->length,val->contents,1,asn1_encode_octetstring); + asn1_addfield(val->enctype,0,asn1_encode_integer); + asn1_makeseq(); - asn1_cleanup(); + asn1_cleanup(); } asn1_error_code asn1_encode_checksum(asn1buf *buf, const krb5_checksum *val, unsigned int *retlen) { - asn1_setup(); + asn1_setup(); - if (val == NULL || - (val->length && val->contents == NULL)) - return ASN1_MISSING_FIELD; + if (val == NULL || + (val->length && val->contents == NULL)) + return ASN1_MISSING_FIELD; - asn1_addlenfield(val->length,val->contents,1,asn1_encode_octetstring); - asn1_addfield(val->checksum_type,0,asn1_encode_integer); - asn1_makeseq(); + asn1_addlenfield(val->length,val->contents,1,asn1_encode_octetstring); + asn1_addfield(val->checksum_type,0,asn1_encode_integer); + asn1_makeseq(); - asn1_cleanup(); + asn1_cleanup(); } asn1_error_code asn1_encode_transited_encoding(asn1buf *buf, const krb5_transited *val, unsigned int *retlen) { - asn1_setup(); + asn1_setup(); - if(val == NULL || - (val->tr_contents.length != 0 && val->tr_contents.data == NULL)) - return ASN1_MISSING_FIELD; + if (val == NULL || + (val->tr_contents.length != 0 && val->tr_contents.data == NULL)) + return ASN1_MISSING_FIELD; - asn1_addlenfield(val->tr_contents.length,val->tr_contents.data, - 1,asn1_encode_charstring); - asn1_addfield(val->tr_type,0,asn1_encode_integer); - asn1_makeseq(); + asn1_addlenfield(val->tr_contents.length,val->tr_contents.data, + 1,asn1_encode_charstring); + asn1_addfield(val->tr_type,0,asn1_encode_integer); + asn1_makeseq(); - asn1_cleanup(); + asn1_cleanup(); } asn1_error_code asn1_encode_last_req(asn1buf *buf, const krb5_last_req_entry **val, unsigned int *retlen) { - asn1_setup(); - int i; + asn1_setup(); + int i; - if(val == NULL || val[0] == NULL) return ASN1_MISSING_FIELD; + if (val == NULL || val[0] == NULL) return ASN1_MISSING_FIELD; - for(i=0; val[i] != NULL; i++); /* go to end of array */ - for(i--; i>=0; i--){ - retval = asn1_encode_last_req_entry(buf,val[i],&length); - if(retval) return retval; - sum += length; - } - asn1_makeseq(); + for (i=0; val[i] != NULL; i++); /* go to end of array */ + for (i--; i>=0; i--) { + retval = asn1_encode_last_req_entry(buf,val[i],&length); + if (retval) return retval; + sum += length; + } + asn1_makeseq(); - asn1_cleanup(); + asn1_cleanup(); } asn1_error_code asn1_encode_last_req_entry(asn1buf *buf, const krb5_last_req_entry *val, unsigned int *retlen) { - asn1_setup(); + asn1_setup(); - if(val == NULL) return ASN1_MISSING_FIELD; + if (val == NULL) return ASN1_MISSING_FIELD; - asn1_addfield(val->value,1,asn1_encode_kerberos_time); - asn1_addfield(val->lr_type,0,asn1_encode_integer); - asn1_makeseq(); + asn1_addfield(val->value,1,asn1_encode_kerberos_time); + asn1_addfield(val->lr_type,0,asn1_encode_integer); + asn1_makeseq(); - asn1_cleanup(); + asn1_cleanup(); } asn1_error_code asn1_encode_sequence_of_pa_data(asn1buf *buf, const krb5_pa_data **val, unsigned int *retlen) { - asn1_setup(); - int i; + asn1_setup(); + int i; - if (val == NULL) return ASN1_MISSING_FIELD; + if (val == NULL) return ASN1_MISSING_FIELD; - for(i=0; val[i] != NULL; i++); - for(i--; i>=0; i--){ - retval = asn1_encode_pa_data(buf,val[i],&length); - if(retval) return retval; - sum += length; - } - asn1_makeseq(); + for (i=0; val[i] != NULL; i++); + for (i--; i>=0; i--) { + retval = asn1_encode_pa_data(buf,val[i],&length); + if (retval) return retval; + sum += length; + } + asn1_makeseq(); - asn1_cleanup(); + asn1_cleanup(); } asn1_error_code asn1_encode_pa_data(asn1buf *buf, const krb5_pa_data *val, unsigned int *retlen) { - asn1_setup(); + asn1_setup(); - if(val == NULL || (val->length != 0 && val->contents == NULL)) - return ASN1_MISSING_FIELD; + if (val == NULL || (val->length != 0 && val->contents == NULL)) + return ASN1_MISSING_FIELD; - asn1_addlenfield(val->length,val->contents,2,asn1_encode_octetstring); - asn1_addfield(val->pa_type,1,asn1_encode_integer); - asn1_makeseq(); + asn1_addlenfield(val->length,val->contents,2,asn1_encode_octetstring); + asn1_addfield(val->pa_type,1,asn1_encode_integer); + asn1_makeseq(); - asn1_cleanup(); + asn1_cleanup(); } asn1_error_code asn1_encode_sequence_of_ticket(asn1buf *buf, const krb5_ticket **val, unsigned int *retlen) { - asn1_setup(); - int i; + asn1_setup(); + int i; - if(val == NULL || val[0] == NULL) return ASN1_MISSING_FIELD; + if (val == NULL || val[0] == NULL) return ASN1_MISSING_FIELD; - for(i=0; val[i] != NULL; i++); - for(i--; i>=0; i--){ - retval = asn1_encode_ticket(buf,val[i],&length); - if(retval) return retval; - sum += length; - } - asn1_makeseq(); + for (i=0; val[i] != NULL; i++); + for (i--; i>=0; i--) { + retval = asn1_encode_ticket(buf,val[i],&length); + if (retval) return retval; + sum += length; + } + asn1_makeseq(); - asn1_cleanup(); + asn1_cleanup(); } asn1_error_code asn1_encode_ticket(asn1buf *buf, const krb5_ticket *val, unsigned int *retlen) { - asn1_setup(); + asn1_setup(); - if(val == NULL) return ASN1_MISSING_FIELD; + if (val == NULL) return ASN1_MISSING_FIELD; - asn1_addfield(&(val->enc_part),3,asn1_encode_encrypted_data); - asn1_addfield(val->server,2,asn1_encode_principal_name); - asn1_addfield(val->server,1,asn1_encode_realm); - asn1_addfield(KVNO,0,asn1_encode_integer); - asn1_makeseq(); - asn1_apptag(1); + asn1_addfield(&(val->enc_part),3,asn1_encode_encrypted_data); + asn1_addfield(val->server,2,asn1_encode_principal_name); + asn1_addfield(val->server,1,asn1_encode_realm); + asn1_addfield(KVNO,0,asn1_encode_integer); + asn1_makeseq(); + asn1_apptag(1); - asn1_cleanup(); + asn1_cleanup(); } asn1_error_code asn1_encode_sequence_of_enctype(asn1buf *buf, const int len, const krb5_enctype *val, unsigned int *retlen) { - asn1_setup(); - int i; + asn1_setup(); + int i; - if(val == NULL) return ASN1_MISSING_FIELD; + if (val == NULL) return ASN1_MISSING_FIELD; - for(i=len-1; i>=0; i--){ - retval = asn1_encode_integer(buf,val[i],&length); - if(retval) return retval; - sum += length; - } - asn1_makeseq(); + for (i=len-1; i>=0; i--) { + retval = asn1_encode_integer(buf,val[i],&length); + if (retval) return retval; + sum += length; + } + asn1_makeseq(); - asn1_cleanup(); + asn1_cleanup(); } asn1_error_code asn1_encode_kdc_req(int msg_type, asn1buf *buf, const krb5_kdc_req *val, unsigned int *retlen) { - asn1_setup(); + asn1_setup(); - if(val == NULL) return ASN1_MISSING_FIELD; + if (val == NULL) return ASN1_MISSING_FIELD; - asn1_addfield(val,4,asn1_encode_kdc_req_body); - if(val->padata != NULL && val->padata[0] != NULL) - asn1_addfield((const krb5_pa_data**)val->padata,3,asn1_encode_sequence_of_pa_data); - if (msg_type != KRB5_AS_REQ && msg_type != KRB5_TGS_REQ) - return KRB5_BADMSGTYPE; - asn1_addfield(msg_type,2,asn1_encode_integer); - asn1_addfield(KVNO,1,asn1_encode_integer); - asn1_makeseq(); + asn1_addfield(val,4,asn1_encode_kdc_req_body); + if (val->padata != NULL && val->padata[0] != NULL) + asn1_addfield((const krb5_pa_data**)val->padata,3,asn1_encode_sequence_of_pa_data); + if (msg_type != KRB5_AS_REQ && msg_type != KRB5_TGS_REQ) + return KRB5_BADMSGTYPE; + asn1_addfield(msg_type,2,asn1_encode_integer); + asn1_addfield(KVNO,1,asn1_encode_integer); + asn1_makeseq(); - asn1_cleanup(); + asn1_cleanup(); } asn1_error_code asn1_encode_krb_safe_body(asn1buf *buf, const krb5_safe *val, unsigned int *retlen) { - asn1_setup(); + asn1_setup(); - if(val == NULL) return ASN1_MISSING_FIELD; + if (val == NULL) return ASN1_MISSING_FIELD; - if(val->r_address != NULL) - asn1_addfield(val->r_address,5,asn1_encode_host_address); - asn1_addfield(val->s_address,4,asn1_encode_host_address); - if(val->seq_number) - asn1_addfield(val->seq_number,3,asn1_encode_unsigned_integer); - if(val->timestamp){ - asn1_addfield(val->usec,2,asn1_encode_integer); - asn1_addfield(val->timestamp,1,asn1_encode_kerberos_time); - } - if (val->user_data.length && val->user_data.data == NULL) - return ASN1_MISSING_FIELD; - asn1_addlenfield(val->user_data.length,val->user_data.data,0,asn1_encode_charstring) -; + if (val->r_address != NULL) + asn1_addfield(val->r_address,5,asn1_encode_host_address); + asn1_addfield(val->s_address,4,asn1_encode_host_address); + if (val->seq_number) + asn1_addfield(val->seq_number,3,asn1_encode_unsigned_integer); + if (val->timestamp) { + asn1_addfield(val->usec,2,asn1_encode_integer); + asn1_addfield(val->timestamp,1,asn1_encode_kerberos_time); + } + if (val->user_data.length && val->user_data.data == NULL) + return ASN1_MISSING_FIELD; + asn1_addlenfield(val->user_data.length,val->user_data.data,0,asn1_encode_charstring) + ; - asn1_makeseq(); - asn1_cleanup(); + asn1_makeseq(); + asn1_cleanup(); } asn1_error_code asn1_encode_sequence_of_krb_cred_info(asn1buf *buf, const krb5_cred_info **val, unsigned int *retlen) { - asn1_setup(); - int i; + asn1_setup(); + int i; - if(val == NULL) return ASN1_MISSING_FIELD; + if (val == NULL) return ASN1_MISSING_FIELD; - for(i=0; val[i] != NULL; i++); - for(i--; i>=0; i--){ - retval = asn1_encode_krb_cred_info(buf,val[i],&length); - if(retval) return retval; - sum += length; - } - asn1_makeseq(); + for (i=0; val[i] != NULL; i++); + for (i--; i>=0; i--) { + retval = asn1_encode_krb_cred_info(buf,val[i],&length); + if (retval) return retval; + sum += length; + } + asn1_makeseq(); - asn1_cleanup(); + asn1_cleanup(); } asn1_error_code asn1_encode_krb_cred_info(asn1buf *buf, const krb5_cred_info *val, unsigned int *retlen) { - asn1_setup(); - - if(val == NULL) return ASN1_MISSING_FIELD; - - if(val->caddrs != NULL && val->caddrs[0] != NULL) - asn1_addfield((const krb5_address**)val->caddrs,10,asn1_encode_host_addresses); - if(val->server != NULL){ - asn1_addfield(val->server,9,asn1_encode_principal_name); - asn1_addfield(val->server,8,asn1_encode_realm); - } - if(val->times.renew_till) - asn1_addfield(val->times.renew_till,7,asn1_encode_kerberos_time); - if(val->times.endtime) - asn1_addfield(val->times.endtime,6,asn1_encode_kerberos_time); - if(val->times.starttime) - asn1_addfield(val->times.starttime,5,asn1_encode_kerberos_time); - if(val->times.authtime) - asn1_addfield(val->times.authtime,4,asn1_encode_kerberos_time); - if(val->flags) - asn1_addfield(val->flags,3,asn1_encode_ticket_flags); - if(val->client != NULL){ - asn1_addfield(val->client,2,asn1_encode_principal_name); - asn1_addfield(val->client,1,asn1_encode_realm); - } - asn1_addfield(val->session,0,asn1_encode_encryption_key); - - asn1_makeseq(); - - asn1_cleanup(); + asn1_setup(); + + if (val == NULL) return ASN1_MISSING_FIELD; + + if (val->caddrs != NULL && val->caddrs[0] != NULL) + asn1_addfield((const krb5_address**)val->caddrs,10,asn1_encode_host_addresses); + if (val->server != NULL) { + asn1_addfield(val->server,9,asn1_encode_principal_name); + asn1_addfield(val->server,8,asn1_encode_realm); + } + if (val->times.renew_till) + asn1_addfield(val->times.renew_till,7,asn1_encode_kerberos_time); + if (val->times.endtime) + asn1_addfield(val->times.endtime,6,asn1_encode_kerberos_time); + if (val->times.starttime) + asn1_addfield(val->times.starttime,5,asn1_encode_kerberos_time); + if (val->times.authtime) + asn1_addfield(val->times.authtime,4,asn1_encode_kerberos_time); + if (val->flags) + asn1_addfield(val->flags,3,asn1_encode_ticket_flags); + if (val->client != NULL) { + asn1_addfield(val->client,2,asn1_encode_principal_name); + asn1_addfield(val->client,1,asn1_encode_realm); + } + asn1_addfield(val->session,0,asn1_encode_encryption_key); + + asn1_makeseq(); + + asn1_cleanup(); } asn1_error_code asn1_encode_etype_info_entry(asn1buf *buf, const krb5_etype_info_entry *val, unsigned int *retlen, int etype_info2) { - asn1_setup(); + asn1_setup(); - assert(val->s2kparams.data == NULL || etype_info2); - if(val == NULL || (val->length > 0 && val->length != KRB5_ETYPE_NO_SALT && - val->salt == NULL)) - return ASN1_MISSING_FIELD; - if(val->s2kparams.data != NULL) - asn1_addlenfield(val->s2kparams.length, val->s2kparams.data, 2, - asn1_encode_octetstring); - if (val->length >= 0 && val->length != KRB5_ETYPE_NO_SALT){ - if (etype_info2) - asn1_addlenfield(val->length,val->salt,1, - asn1_encode_generalstring) - else asn1_addlenfield(val->length,val->salt,1, - asn1_encode_octetstring); - } -asn1_addfield(val->etype,0,asn1_encode_integer); - asn1_makeseq(); + assert(val->s2kparams.data == NULL || etype_info2); + if (val == NULL || (val->length > 0 && val->length != KRB5_ETYPE_NO_SALT && + val->salt == NULL)) + return ASN1_MISSING_FIELD; + if (val->s2kparams.data != NULL) + asn1_addlenfield(val->s2kparams.length, val->s2kparams.data, 2, + asn1_encode_octetstring); + if (val->length >= 0 && val->length != KRB5_ETYPE_NO_SALT) { + if (etype_info2) + asn1_addlenfield(val->length,val->salt,1, + asn1_encode_generalstring) + else asn1_addlenfield(val->length,val->salt,1, + asn1_encode_octetstring); + } + asn1_addfield(val->etype,0,asn1_encode_integer); + asn1_makeseq(); - asn1_cleanup(); + asn1_cleanup(); } asn1_error_code asn1_encode_etype_info(asn1buf *buf, const krb5_etype_info_entry **val, @@ -786,10 +786,10 @@ asn1_error_code asn1_encode_etype_info(asn1buf *buf, const krb5_etype_info_entry if (val == NULL) return ASN1_MISSING_FIELD; - for(i=0; val[i] != NULL; i++); /* get to the end of the array */ - for(i--; i>=0; i--){ + for (i=0; val[i] != NULL; i++); /* get to the end of the array */ + for (i--; i>=0; i--) { retval = asn1_encode_etype_info_entry(buf,val[i],&length, etype_info2); - if(retval) return retval; + if (retval) return retval; sum += length; } asn1_makeseq(); @@ -798,193 +798,193 @@ asn1_error_code asn1_encode_etype_info(asn1buf *buf, const krb5_etype_info_entry asn1_error_code asn1_encode_sequence_of_passwdsequence(asn1buf *buf, const passwd_phrase_element **val, unsigned int *retlen) { - asn1_setup(); - int i; + asn1_setup(); + int i; - if(val == NULL || val[0] == NULL) return ASN1_MISSING_FIELD; + if (val == NULL || val[0] == NULL) return ASN1_MISSING_FIELD; - for(i=0; val[i] != NULL; i++); /* get to the end of the array */ - for(i--; i>=0; i--){ - retval = asn1_encode_passwdsequence(buf,val[i],&length); - if(retval) return retval; - sum += length; - } - asn1_makeseq(); - asn1_cleanup(); + for (i=0; val[i] != NULL; i++); /* get to the end of the array */ + for (i--; i>=0; i--) { + retval = asn1_encode_passwdsequence(buf,val[i],&length); + if (retval) return retval; + sum += length; + } + asn1_makeseq(); + asn1_cleanup(); } asn1_error_code asn1_encode_passwdsequence(asn1buf *buf, const passwd_phrase_element *val, unsigned int *retlen) { - asn1_setup(); - asn1_addlenfield(val->phrase->length,val->phrase->data,1,asn1_encode_charstring); - asn1_addlenfield(val->passwd->length,val->passwd->data,0,asn1_encode_charstring); - asn1_makeseq(); - asn1_cleanup(); + asn1_setup(); + asn1_addlenfield(val->phrase->length,val->phrase->data,1,asn1_encode_charstring); + asn1_addlenfield(val->passwd->length,val->passwd->data,0,asn1_encode_charstring); + asn1_makeseq(); + asn1_cleanup(); } asn1_error_code asn1_encode_sam_flags(asn1buf *buf, const krb5_flags val, unsigned int *retlen) { - return asn1_encode_krb5_flags(buf,val,retlen); + return asn1_encode_krb5_flags(buf,val,retlen); } -#define add_optstring(val,n,fn) \ - if ((val).length > 0) {asn1_addlenfield((val).length,(val).data,n,fn);} +#define add_optstring(val,n,fn) \ + if ((val).length > 0) {asn1_addlenfield((val).length,(val).data,n,fn);} asn1_error_code asn1_encode_sam_challenge(asn1buf *buf, const krb5_sam_challenge *val, unsigned int *retlen) { - asn1_setup(); - /* possibly wrong */ - if (val->sam_cksum.length) - asn1_addfield(&(val->sam_cksum),9,asn1_encode_checksum); + asn1_setup(); + /* possibly wrong */ + if (val->sam_cksum.length) + asn1_addfield(&(val->sam_cksum),9,asn1_encode_checksum); - if (val->sam_nonce) - asn1_addfield(val->sam_nonce,8,asn1_encode_integer); + if (val->sam_nonce) + asn1_addfield(val->sam_nonce,8,asn1_encode_integer); - add_optstring(val->sam_pk_for_sad,7,asn1_encode_charstring); - add_optstring(val->sam_response_prompt,6,asn1_encode_charstring); - add_optstring(val->sam_challenge,5,asn1_encode_charstring); - add_optstring(val->sam_challenge_label,4,asn1_encode_charstring); - add_optstring(val->sam_track_id,3,asn1_encode_charstring); - add_optstring(val->sam_type_name,2,asn1_encode_charstring); + add_optstring(val->sam_pk_for_sad,7,asn1_encode_charstring); + add_optstring(val->sam_response_prompt,6,asn1_encode_charstring); + add_optstring(val->sam_challenge,5,asn1_encode_charstring); + add_optstring(val->sam_challenge_label,4,asn1_encode_charstring); + add_optstring(val->sam_track_id,3,asn1_encode_charstring); + add_optstring(val->sam_type_name,2,asn1_encode_charstring); - asn1_addfield(val->sam_flags,1,asn1_encode_sam_flags); - asn1_addfield(val->sam_type,0,asn1_encode_integer); + asn1_addfield(val->sam_flags,1,asn1_encode_sam_flags); + asn1_addfield(val->sam_type,0,asn1_encode_integer); - asn1_makeseq(); - asn1_cleanup(); + asn1_makeseq(); + asn1_cleanup(); } asn1_error_code asn1_encode_sam_challenge_2(asn1buf *buf, const krb5_sam_challenge_2 *val, unsigned int *retlen) { - asn1_setup(); - if ( (!val) || (!val->sam_cksum) || (!val->sam_cksum[0])) - return ASN1_MISSING_FIELD; - - asn1_addfield((const krb5_checksum **) val->sam_cksum, 1, asn1_encode_sequence_of_checksum); - retval = asn1buf_insert_octetstring(buf, val->sam_challenge_2_body.length, - (unsigned char *)val->sam_challenge_2_body.data); - if(retval){ - asn1buf_destroy(&buf); - return retval; - } - sum += val->sam_challenge_2_body.length; - retval = asn1_make_etag(buf, CONTEXT_SPECIFIC, 0, - val->sam_challenge_2_body.length, &length); - if(retval) { - asn1buf_destroy(&buf); - return retval; - } - sum += length; + asn1_setup(); + if ( (!val) || (!val->sam_cksum) || (!val->sam_cksum[0])) + return ASN1_MISSING_FIELD; + + asn1_addfield((const krb5_checksum **) val->sam_cksum, 1, asn1_encode_sequence_of_checksum); + retval = asn1buf_insert_octetstring(buf, val->sam_challenge_2_body.length, + (unsigned char *)val->sam_challenge_2_body.data); + if (retval) { + asn1buf_destroy(&buf); + return retval; + } + sum += val->sam_challenge_2_body.length; + retval = asn1_make_etag(buf, CONTEXT_SPECIFIC, 0, + val->sam_challenge_2_body.length, &length); + if (retval) { + asn1buf_destroy(&buf); + return retval; + } + sum += length; - asn1_makeseq(); - asn1_cleanup(); + asn1_makeseq(); + asn1_cleanup(); } asn1_error_code asn1_encode_sam_challenge_2_body(asn1buf *buf, const krb5_sam_challenge_2_body *val, unsigned int *retlen) { - asn1_setup(); + asn1_setup(); - asn1_addfield(val->sam_etype, 9, asn1_encode_integer); - asn1_addfield(val->sam_nonce,8,asn1_encode_integer); - add_optstring(val->sam_pk_for_sad,7,asn1_encode_charstring); - add_optstring(val->sam_response_prompt,6,asn1_encode_charstring); - add_optstring(val->sam_challenge,5,asn1_encode_charstring); - add_optstring(val->sam_challenge_label,4,asn1_encode_charstring); - add_optstring(val->sam_track_id,3,asn1_encode_charstring); - add_optstring(val->sam_type_name,2,asn1_encode_charstring); + asn1_addfield(val->sam_etype, 9, asn1_encode_integer); + asn1_addfield(val->sam_nonce,8,asn1_encode_integer); + add_optstring(val->sam_pk_for_sad,7,asn1_encode_charstring); + add_optstring(val->sam_response_prompt,6,asn1_encode_charstring); + add_optstring(val->sam_challenge,5,asn1_encode_charstring); + add_optstring(val->sam_challenge_label,4,asn1_encode_charstring); + add_optstring(val->sam_track_id,3,asn1_encode_charstring); + add_optstring(val->sam_type_name,2,asn1_encode_charstring); - asn1_addfield(val->sam_flags,1,asn1_encode_sam_flags); - asn1_addfield(val->sam_type,0,asn1_encode_integer); + asn1_addfield(val->sam_flags,1,asn1_encode_sam_flags); + asn1_addfield(val->sam_type,0,asn1_encode_integer); - asn1_makeseq(); - asn1_cleanup(); + asn1_makeseq(); + asn1_cleanup(); } asn1_error_code asn1_encode_sam_key(asn1buf *buf, const krb5_sam_key *val, unsigned int *retlen) { - asn1_setup(); - asn1_addfield(&(val->sam_key),0,asn1_encode_encryption_key); + asn1_setup(); + asn1_addfield(&(val->sam_key),0,asn1_encode_encryption_key); - asn1_makeseq(); + asn1_makeseq(); - asn1_cleanup(); + asn1_cleanup(); } asn1_error_code asn1_encode_enc_sam_response_enc(asn1buf *buf, const krb5_enc_sam_response_enc *val, unsigned int *retlen) { - asn1_setup(); - add_optstring(val->sam_sad,3,asn1_encode_charstring); - asn1_addfield(val->sam_usec,2,asn1_encode_integer); - asn1_addfield(val->sam_timestamp,1,asn1_encode_kerberos_time); - asn1_addfield(val->sam_nonce,0,asn1_encode_integer); + asn1_setup(); + add_optstring(val->sam_sad,3,asn1_encode_charstring); + asn1_addfield(val->sam_usec,2,asn1_encode_integer); + asn1_addfield(val->sam_timestamp,1,asn1_encode_kerberos_time); + asn1_addfield(val->sam_nonce,0,asn1_encode_integer); - asn1_makeseq(); + asn1_makeseq(); - asn1_cleanup(); + asn1_cleanup(); } asn1_error_code asn1_encode_enc_sam_response_enc_2(asn1buf *buf, const krb5_enc_sam_response_enc_2 *val, unsigned int *retlen) { - asn1_setup(); - add_optstring(val->sam_sad,1,asn1_encode_charstring); - asn1_addfield(val->sam_nonce,0,asn1_encode_integer); + asn1_setup(); + add_optstring(val->sam_sad,1,asn1_encode_charstring); + asn1_addfield(val->sam_nonce,0,asn1_encode_integer); - asn1_makeseq(); + asn1_makeseq(); - asn1_cleanup(); + asn1_cleanup(); } asn1_error_code asn1_encode_sam_response(asn1buf *buf, const krb5_sam_response *val, unsigned int *retlen) { - asn1_setup(); + asn1_setup(); - if (val->sam_patimestamp) - asn1_addfield(val->sam_patimestamp,6,asn1_encode_kerberos_time); - if (val->sam_nonce) - asn1_addfield(val->sam_nonce,5,asn1_encode_integer); - asn1_addfield(&(val->sam_enc_nonce_or_ts),4,asn1_encode_encrypted_data); - if (val->sam_enc_key.ciphertext.length) - asn1_addfield(&(val->sam_enc_key),3,asn1_encode_encrypted_data); - add_optstring(val->sam_track_id,2,asn1_encode_charstring); - asn1_addfield(val->sam_flags,1,asn1_encode_sam_flags); - asn1_addfield(val->sam_type,0,asn1_encode_integer); + if (val->sam_patimestamp) + asn1_addfield(val->sam_patimestamp,6,asn1_encode_kerberos_time); + if (val->sam_nonce) + asn1_addfield(val->sam_nonce,5,asn1_encode_integer); + asn1_addfield(&(val->sam_enc_nonce_or_ts),4,asn1_encode_encrypted_data); + if (val->sam_enc_key.ciphertext.length) + asn1_addfield(&(val->sam_enc_key),3,asn1_encode_encrypted_data); + add_optstring(val->sam_track_id,2,asn1_encode_charstring); + asn1_addfield(val->sam_flags,1,asn1_encode_sam_flags); + asn1_addfield(val->sam_type,0,asn1_encode_integer); - asn1_makeseq(); + asn1_makeseq(); - asn1_cleanup(); + asn1_cleanup(); } asn1_error_code asn1_encode_sam_response_2(asn1buf *buf, const krb5_sam_response_2 *val, unsigned int *retlen) { - asn1_setup(); + asn1_setup(); - asn1_addfield(val->sam_nonce,4,asn1_encode_integer); - asn1_addfield(&(val->sam_enc_nonce_or_sad),3,asn1_encode_encrypted_data); - add_optstring(val->sam_track_id,2,asn1_encode_charstring); - asn1_addfield(val->sam_flags,1,asn1_encode_sam_flags); - asn1_addfield(val->sam_type,0,asn1_encode_integer); + asn1_addfield(val->sam_nonce,4,asn1_encode_integer); + asn1_addfield(&(val->sam_enc_nonce_or_sad),3,asn1_encode_encrypted_data); + add_optstring(val->sam_track_id,2,asn1_encode_charstring); + asn1_addfield(val->sam_flags,1,asn1_encode_sam_flags); + asn1_addfield(val->sam_type,0,asn1_encode_integer); - asn1_makeseq(); + asn1_makeseq(); - asn1_cleanup(); + asn1_cleanup(); } asn1_error_code asn1_encode_predicted_sam_response(asn1buf *buf, const krb5_predicted_sam_response *val, unsigned int *retlen) { - asn1_setup(); + asn1_setup(); - add_optstring(val->msd,6,asn1_encode_charstring); - asn1_addfield(val->client,5,asn1_encode_principal_name); - asn1_addfield(val->client,4,asn1_encode_realm); - asn1_addfield(val->susec,3,asn1_encode_integer); - asn1_addfield(val->stime,2,asn1_encode_kerberos_time); - asn1_addfield(val->sam_flags,1,asn1_encode_sam_flags); - asn1_addfield(&(val->sam_key),0,asn1_encode_encryption_key); + add_optstring(val->msd,6,asn1_encode_charstring); + asn1_addfield(val->client,5,asn1_encode_principal_name); + asn1_addfield(val->client,4,asn1_encode_realm); + asn1_addfield(val->susec,3,asn1_encode_integer); + asn1_addfield(val->stime,2,asn1_encode_kerberos_time); + asn1_addfield(val->sam_flags,1,asn1_encode_sam_flags); + asn1_addfield(&(val->sam_key),0,asn1_encode_encryption_key); - asn1_makeseq(); + asn1_makeseq(); - asn1_cleanup(); + asn1_cleanup(); } /* @@ -992,16 +992,16 @@ asn1_error_code asn1_encode_predicted_sam_response(asn1buf *buf, const krb5_pred */ asn1_error_code asn1_encode_krb_saved_safe_body(asn1buf *buf, const krb5_data *body, unsigned int *retlen) { - asn1_error_code retval; + asn1_error_code retval; - retval = asn1buf_insert_octetstring(buf, body->length, - (krb5_octet *)body->data); - if (retval){ - asn1buf_destroy(&buf); - return retval; - } - *retlen = body->length; - return 0; + retval = asn1buf_insert_octetstring(buf, body->length, + (krb5_octet *)body->data); + if (retval) { + asn1buf_destroy(&buf); + return retval; + } + *retlen = body->length; + return 0; } #ifndef DISABLE_PKINIT @@ -1011,387 +1011,387 @@ asn1_error_code asn1_encode_krb_saved_safe_body(asn1buf *buf, const krb5_data *b asn1_error_code asn1_encode_pk_authenticator(asn1buf *buf, const krb5_pk_authenticator *val, unsigned int *retlen) { - asn1_setup(); - asn1_addlenfield(val->paChecksum.length, val->paChecksum.contents, 3, asn1_encode_octetstring); - asn1_addfield(val->nonce, 2, asn1_encode_integer); - asn1_addfield(val->ctime, 1, asn1_encode_kerberos_time); - asn1_addfield(val->cusec, 0, asn1_encode_integer); + asn1_setup(); + asn1_addlenfield(val->paChecksum.length, val->paChecksum.contents, 3, asn1_encode_octetstring); + asn1_addfield(val->nonce, 2, asn1_encode_integer); + asn1_addfield(val->ctime, 1, asn1_encode_kerberos_time); + asn1_addfield(val->cusec, 0, asn1_encode_integer); - asn1_makeseq(); - asn1_cleanup(); + asn1_makeseq(); + asn1_cleanup(); } asn1_error_code asn1_encode_pk_authenticator_draft9(asn1buf *buf, const krb5_pk_authenticator_draft9 *val, unsigned int *retlen) { - asn1_setup(); + asn1_setup(); - asn1_addfield(val->nonce, 4, asn1_encode_integer); - asn1_addfield(val->ctime, 3, asn1_encode_kerberos_time); - asn1_addfield(val->cusec, 2, asn1_encode_integer); - asn1_addfield(val->kdcName, 1, asn1_encode_realm); - asn1_addfield(val->kdcName, 0, asn1_encode_principal_name); + asn1_addfield(val->nonce, 4, asn1_encode_integer); + asn1_addfield(val->ctime, 3, asn1_encode_kerberos_time); + asn1_addfield(val->cusec, 2, asn1_encode_integer); + asn1_addfield(val->kdcName, 1, asn1_encode_realm); + asn1_addfield(val->kdcName, 0, asn1_encode_principal_name); - asn1_makeseq(); - asn1_cleanup(); + asn1_makeseq(); + asn1_cleanup(); } asn1_error_code asn1_encode_algorithm_identifier(asn1buf *buf, const krb5_algorithm_identifier *val, unsigned int *retlen) { - asn1_setup(); + asn1_setup(); - if (val->parameters.length != 0) { - retval = asn1buf_insert_octetstring(buf, val->parameters.length, - val->parameters.data); - if(retval) { - asn1buf_destroy(&buf); - return retval; + if (val->parameters.length != 0) { + retval = asn1buf_insert_octetstring(buf, val->parameters.length, + val->parameters.data); + if (retval) { + asn1buf_destroy(&buf); + return retval; + } + sum += val->parameters.length; } - sum += val->parameters.length; - } - retval = asn1_encode_oid(buf, val->algorithm.length, - val->algorithm.data, - &length); + retval = asn1_encode_oid(buf, val->algorithm.length, + val->algorithm.data, + &length); - if(retval) { - asn1buf_destroy(&buf); - return retval; - } - sum += length; + if (retval) { + asn1buf_destroy(&buf); + return retval; + } + sum += length; - asn1_makeseq(); - asn1_cleanup(); + asn1_makeseq(); + asn1_cleanup(); } asn1_error_code asn1_encode_subject_pk_info(asn1buf *buf, const krb5_subject_pk_info *val, unsigned int *retlen) { - asn1_setup(); + asn1_setup(); - asn1_insert_implicit_bitstring(val->subjectPublicKey.length,val->subjectPublicKey.data,ASN1_BITSTRING); + asn1_insert_implicit_bitstring(val->subjectPublicKey.length,val->subjectPublicKey.data,ASN1_BITSTRING); - if (val->algorithm.parameters.length != 0) { - retval = asn1buf_insert_octetstring(buf, val->algorithm.parameters.length, - val->algorithm.parameters.data); - if(retval) { - asn1buf_destroy(&buf); - return retval; + if (val->algorithm.parameters.length != 0) { + retval = asn1buf_insert_octetstring(buf, val->algorithm.parameters.length, + val->algorithm.parameters.data); + if (retval) { + asn1buf_destroy(&buf); + return retval; + } + sum += val->algorithm.parameters.length; } - sum += val->algorithm.parameters.length; - } - retval = asn1_encode_oid(buf, val->algorithm.algorithm.length, - val->algorithm.algorithm.data, - &length); + retval = asn1_encode_oid(buf, val->algorithm.algorithm.length, + val->algorithm.algorithm.data, + &length); - if(retval) { - asn1buf_destroy(&buf); - return retval; - } - sum += length; + if (retval) { + asn1buf_destroy(&buf); + return retval; + } + sum += length; - retval = asn1_make_etag(buf, UNIVERSAL, ASN1_SEQUENCE, - val->algorithm.parameters.length + length, - &length); + retval = asn1_make_etag(buf, UNIVERSAL, ASN1_SEQUENCE, + val->algorithm.parameters.length + length, + &length); - if(retval) { - asn1buf_destroy(&buf); - return retval; - } - sum += length; + if (retval) { + asn1buf_destroy(&buf); + return retval; + } + sum += length; - asn1_makeseq(); - asn1_cleanup(); + asn1_makeseq(); + asn1_cleanup(); } asn1_error_code asn1_encode_sequence_of_algorithm_identifier(asn1buf *buf, const krb5_algorithm_identifier **val, unsigned int *retlen) { - asn1_setup(); - int i; + asn1_setup(); + int i; - if(val == NULL || val[0] == NULL) return ASN1_MISSING_FIELD; + if (val == NULL || val[0] == NULL) return ASN1_MISSING_FIELD; - for(i=0; val[i] != NULL; i++); - for(i--; i>=0; i--){ - retval = asn1_encode_algorithm_identifier(buf,val[i],&length); - if(retval) return retval; - sum += length; - } - asn1_makeseq(); + for (i=0; val[i] != NULL; i++); + for (i--; i>=0; i--) { + retval = asn1_encode_algorithm_identifier(buf,val[i],&length); + if (retval) return retval; + sum += length; + } + asn1_makeseq(); - asn1_cleanup(); + asn1_cleanup(); } asn1_error_code asn1_encode_auth_pack(asn1buf *buf, const krb5_auth_pack *val, unsigned int *retlen) { - asn1_setup(); + asn1_setup(); - if (val->clientDHNonce.length != 0) - asn1_addlenfield(val->clientDHNonce.length, val->clientDHNonce.data, 3, asn1_encode_octetstring); - if (val->supportedCMSTypes != NULL) - asn1_addfield((const krb5_algorithm_identifier **)val->supportedCMSTypes,2,asn1_encode_sequence_of_algorithm_identifier); - if (val->clientPublicValue != NULL) - asn1_addfield(val->clientPublicValue,1,asn1_encode_subject_pk_info); - asn1_addfield(&(val->pkAuthenticator),0,asn1_encode_pk_authenticator); + if (val->clientDHNonce.length != 0) + asn1_addlenfield(val->clientDHNonce.length, val->clientDHNonce.data, 3, asn1_encode_octetstring); + if (val->supportedCMSTypes != NULL) + asn1_addfield((const krb5_algorithm_identifier **)val->supportedCMSTypes,2,asn1_encode_sequence_of_algorithm_identifier); + if (val->clientPublicValue != NULL) + asn1_addfield(val->clientPublicValue,1,asn1_encode_subject_pk_info); + asn1_addfield(&(val->pkAuthenticator),0,asn1_encode_pk_authenticator); - asn1_makeseq(); - asn1_cleanup(); + asn1_makeseq(); + asn1_cleanup(); } asn1_error_code asn1_encode_auth_pack_draft9(asn1buf *buf, const krb5_auth_pack_draft9 *val, unsigned int *retlen) { - asn1_setup(); + asn1_setup(); - if (val->clientPublicValue != NULL) - asn1_addfield(val->clientPublicValue, 1, asn1_encode_subject_pk_info); - asn1_addfield(&(val->pkAuthenticator), 0, asn1_encode_pk_authenticator_draft9); + if (val->clientPublicValue != NULL) + asn1_addfield(val->clientPublicValue, 1, asn1_encode_subject_pk_info); + asn1_addfield(&(val->pkAuthenticator), 0, asn1_encode_pk_authenticator_draft9); - asn1_makeseq(); - asn1_cleanup(); + asn1_makeseq(); + asn1_cleanup(); } asn1_error_code asn1_encode_external_principal_identifier(asn1buf *buf, const krb5_external_principal_identifier *val, unsigned int *retlen) { - asn1_setup(); + asn1_setup(); - /* Verify there is something to encode */ - if (val->subjectKeyIdentifier.length == 0 && val->issuerAndSerialNumber.length == 0 && val->subjectName.length == 0) - return ASN1_MISSING_FIELD; + /* Verify there is something to encode */ + if (val->subjectKeyIdentifier.length == 0 && val->issuerAndSerialNumber.length == 0 && val->subjectName.length == 0) + return ASN1_MISSING_FIELD; - if (val->subjectKeyIdentifier.length != 0) - asn1_insert_implicit_octetstring(val->subjectKeyIdentifier.length,val->subjectKeyIdentifier.data,2); + if (val->subjectKeyIdentifier.length != 0) + asn1_insert_implicit_octetstring(val->subjectKeyIdentifier.length,val->subjectKeyIdentifier.data,2); - if (val->issuerAndSerialNumber.length != 0) - asn1_insert_implicit_octetstring(val->issuerAndSerialNumber.length,val->issuerAndSerialNumber.data,1); + if (val->issuerAndSerialNumber.length != 0) + asn1_insert_implicit_octetstring(val->issuerAndSerialNumber.length,val->issuerAndSerialNumber.data,1); - if (val->subjectName.length != 0) - asn1_insert_implicit_octetstring(val->subjectName.length,val->subjectName.data,0); + if (val->subjectName.length != 0) + asn1_insert_implicit_octetstring(val->subjectName.length,val->subjectName.data,0); - asn1_makeseq(); - asn1_cleanup(); + asn1_makeseq(); + asn1_cleanup(); } asn1_error_code asn1_encode_sequence_of_external_principal_identifier(asn1buf *buf, const krb5_external_principal_identifier **val, unsigned int *retlen) { - asn1_setup(); - int i; + asn1_setup(); + int i; - if(val == NULL || val[0] == NULL) return ASN1_MISSING_FIELD; + if (val == NULL || val[0] == NULL) return ASN1_MISSING_FIELD; - for(i=0; val[i] != NULL; i++); - for(i--; i>=0; i--){ - retval = asn1_encode_external_principal_identifier(buf,val[i],&length); - if(retval) return retval; - sum += length; - } - asn1_makeseq(); + for (i=0; val[i] != NULL; i++); + for (i--; i>=0; i--) { + retval = asn1_encode_external_principal_identifier(buf,val[i],&length); + if (retval) return retval; + sum += length; + } + asn1_makeseq(); - asn1_cleanup(); + asn1_cleanup(); } asn1_error_code asn1_encode_pa_pk_as_req(asn1buf *buf, const krb5_pa_pk_as_req *val, unsigned int *retlen) { - asn1_setup(); + asn1_setup(); - if (val->kdcPkId.length != 0) - asn1_insert_implicit_octetstring(val->kdcPkId.length,val->kdcPkId.data,2); + if (val->kdcPkId.length != 0) + asn1_insert_implicit_octetstring(val->kdcPkId.length,val->kdcPkId.data,2); - if (val->trustedCertifiers != NULL) - asn1_addfield((const krb5_external_principal_identifier **)val->trustedCertifiers,1,asn1_encode_sequence_of_external_principal_identifier); + if (val->trustedCertifiers != NULL) + asn1_addfield((const krb5_external_principal_identifier **)val->trustedCertifiers,1,asn1_encode_sequence_of_external_principal_identifier); - asn1_insert_implicit_octetstring(val->signedAuthPack.length,val->signedAuthPack.data,0); + asn1_insert_implicit_octetstring(val->signedAuthPack.length,val->signedAuthPack.data,0); - asn1_makeseq(); - asn1_cleanup(); + asn1_makeseq(); + asn1_cleanup(); } asn1_error_code asn1_encode_trusted_ca(asn1buf *buf, const krb5_trusted_ca *val, unsigned int *retlen) { - asn1_setup(); + asn1_setup(); - switch (val->choice) { + switch (val->choice) { case choice_trusted_cas_issuerAndSerial: - asn1_insert_implicit_octetstring(val->u.issuerAndSerial.length,val->u.issuerAndSerial.data,2); - break; + asn1_insert_implicit_octetstring(val->u.issuerAndSerial.length,val->u.issuerAndSerial.data,2); + break; case choice_trusted_cas_caName: - asn1_insert_implicit_octetstring(val->u.caName.length,val->u.caName.data,1); - break; + asn1_insert_implicit_octetstring(val->u.caName.length,val->u.caName.data,1); + break; case choice_trusted_cas_principalName: - asn1_addfield_implicit(val->u.principalName,0,asn1_encode_principal_name); - break; + asn1_addfield_implicit(val->u.principalName,0,asn1_encode_principal_name); + break; default: - return ASN1_MISSING_FIELD; - } + return ASN1_MISSING_FIELD; + } - asn1_cleanup(); + asn1_cleanup(); } asn1_error_code asn1_encode_sequence_of_trusted_ca(asn1buf *buf, const krb5_trusted_ca **val, unsigned int *retlen) { - asn1_setup(); - int i; + asn1_setup(); + int i; - if(val == NULL || val[0] == NULL) return ASN1_MISSING_FIELD; + if (val == NULL || val[0] == NULL) return ASN1_MISSING_FIELD; - for(i=0; val[i] != NULL; i++); - for(i--; i>=0; i--){ - retval = asn1_encode_trusted_ca(buf,val[i],&length); - if(retval) return retval; - sum += length; - } - asn1_makeseq(); - asn1_cleanup(); + for (i=0; val[i] != NULL; i++); + for (i--; i>=0; i--) { + retval = asn1_encode_trusted_ca(buf,val[i],&length); + if (retval) return retval; + sum += length; + } + asn1_makeseq(); + asn1_cleanup(); } asn1_error_code asn1_encode_pa_pk_as_req_draft9(asn1buf *buf, const krb5_pa_pk_as_req_draft9 *val, unsigned int *retlen) { - asn1_setup(); + asn1_setup(); - if (val->encryptionCert.length != 0) - asn1_insert_implicit_octetstring(val->encryptionCert.length,val->encryptionCert.data,3); + if (val->encryptionCert.length != 0) + asn1_insert_implicit_octetstring(val->encryptionCert.length,val->encryptionCert.data,3); - if (val->kdcCert.length != 0) - asn1_insert_implicit_octetstring(val->kdcCert.length,val->kdcCert.data,2); + if (val->kdcCert.length != 0) + asn1_insert_implicit_octetstring(val->kdcCert.length,val->kdcCert.data,2); - if (val->trustedCertifiers != NULL) - asn1_addfield((const krb5_trusted_ca **)val->trustedCertifiers,1,asn1_encode_sequence_of_trusted_ca); + if (val->trustedCertifiers != NULL) + asn1_addfield((const krb5_trusted_ca **)val->trustedCertifiers,1,asn1_encode_sequence_of_trusted_ca); - asn1_insert_implicit_octetstring(val->signedAuthPack.length,val->signedAuthPack.data,0); + asn1_insert_implicit_octetstring(val->signedAuthPack.length,val->signedAuthPack.data,0); - asn1_makeseq(); - asn1_cleanup(); + asn1_makeseq(); + asn1_cleanup(); } asn1_error_code asn1_encode_dh_rep_info(asn1buf *buf, const krb5_dh_rep_info *val, unsigned int *retlen) { - asn1_setup(); + asn1_setup(); - if (val->serverDHNonce.length != 0) - asn1_insert_implicit_octetstring(val->serverDHNonce.length,val->serverDHNonce.data,1); + if (val->serverDHNonce.length != 0) + asn1_insert_implicit_octetstring(val->serverDHNonce.length,val->serverDHNonce.data,1); - asn1_insert_implicit_octetstring(val->dhSignedData.length,val->dhSignedData.data,0); + asn1_insert_implicit_octetstring(val->dhSignedData.length,val->dhSignedData.data,0); - asn1_makeseq(); - asn1_cleanup(); + asn1_makeseq(); + asn1_cleanup(); } asn1_error_code asn1_encode_kdc_dh_key_info(asn1buf *buf, const krb5_kdc_dh_key_info *val, unsigned int *retlen) { - asn1_setup(); - - if (val->dhKeyExpiration != 0) - asn1_addfield(val->dhKeyExpiration, 2, asn1_encode_kerberos_time); - asn1_addfield(val->nonce, 1, asn1_encode_integer); + asn1_setup(); - asn1_insert_implicit_bitstring(val->subjectPublicKey.length,val->subjectPublicKey.data,3); - retval = asn1_make_etag(buf, CONTEXT_SPECIFIC, 0, - val->subjectPublicKey.length + 1 + length, - &length); - if(retval) { - asn1buf_destroy(&buf); - return retval; - } - sum += length; + if (val->dhKeyExpiration != 0) + asn1_addfield(val->dhKeyExpiration, 2, asn1_encode_kerberos_time); + asn1_addfield(val->nonce, 1, asn1_encode_integer); + + asn1_insert_implicit_bitstring(val->subjectPublicKey.length,val->subjectPublicKey.data,3); + retval = asn1_make_etag(buf, CONTEXT_SPECIFIC, 0, + val->subjectPublicKey.length + 1 + length, + &length); + if (retval) { + asn1buf_destroy(&buf); + return retval; + } + sum += length; - asn1_makeseq(); - asn1_cleanup(); + asn1_makeseq(); + asn1_cleanup(); } asn1_error_code asn1_encode_reply_key_pack(asn1buf *buf, const krb5_reply_key_pack *val, unsigned int *retlen) { - asn1_setup(); + asn1_setup(); - asn1_addfield(&(val->asChecksum), 1, asn1_encode_checksum); - asn1_addfield(&(val->replyKey), 0, asn1_encode_encryption_key); + asn1_addfield(&(val->asChecksum), 1, asn1_encode_checksum); + asn1_addfield(&(val->replyKey), 0, asn1_encode_encryption_key); - asn1_makeseq(); - asn1_cleanup(); + asn1_makeseq(); + asn1_cleanup(); } asn1_error_code asn1_encode_reply_key_pack_draft9(asn1buf *buf, const krb5_reply_key_pack_draft9 *val, unsigned int *retlen) { - asn1_setup(); + asn1_setup(); - asn1_addfield(val->nonce, 1, asn1_encode_integer); - asn1_addfield(&(val->replyKey), 0, asn1_encode_encryption_key); + asn1_addfield(val->nonce, 1, asn1_encode_integer); + asn1_addfield(&(val->replyKey), 0, asn1_encode_encryption_key); - asn1_makeseq(); - asn1_cleanup(); + asn1_makeseq(); + asn1_cleanup(); } asn1_error_code asn1_encode_pa_pk_as_rep(asn1buf *buf, const krb5_pa_pk_as_rep *val, unsigned int *retlen) { - asn1_setup(); + asn1_setup(); - switch (val->choice) - { + switch (val->choice) + { case choice_pa_pk_as_rep_dhInfo: - asn1_addfield(&(val->u.dh_Info), choice_pa_pk_as_rep_dhInfo, asn1_encode_dh_rep_info); - break; + asn1_addfield(&(val->u.dh_Info), choice_pa_pk_as_rep_dhInfo, asn1_encode_dh_rep_info); + break; case choice_pa_pk_as_rep_encKeyPack: - asn1_insert_implicit_octetstring(val->u.encKeyPack.length,val->u.encKeyPack.data,1); - break; + asn1_insert_implicit_octetstring(val->u.encKeyPack.length,val->u.encKeyPack.data,1); + break; default: - return ASN1_MISSING_FIELD; - } + return ASN1_MISSING_FIELD; + } - asn1_cleanup(); + asn1_cleanup(); } asn1_error_code asn1_encode_pa_pk_as_rep_draft9(asn1buf *buf, const krb5_pa_pk_as_rep_draft9 *val, unsigned int *retlen) { - asn1_setup(); + asn1_setup(); - switch (val->choice) - { + switch (val->choice) + { case choice_pa_pk_as_rep_draft9_dhSignedData: - asn1_insert_implicit_octetstring(val->u.dhSignedData.length,val->u.dhSignedData.data,0); - break; + asn1_insert_implicit_octetstring(val->u.dhSignedData.length,val->u.dhSignedData.data,0); + break; case choice_pa_pk_as_rep_encKeyPack: - asn1_insert_implicit_octetstring(val->u.encKeyPack.length,val->u.encKeyPack.data,1); - break; + asn1_insert_implicit_octetstring(val->u.encKeyPack.length,val->u.encKeyPack.data,1); + break; default: - return ASN1_MISSING_FIELD; - } + return ASN1_MISSING_FIELD; + } - asn1_cleanup(); + asn1_cleanup(); } asn1_error_code asn1_encode_td_trusted_certifiers(asn1buf *buf, const krb5_external_principal_identifier **val, unsigned int *retlen) { - asn1_setup(); - retval = asn1_encode_sequence_of_external_principal_identifier(buf, val, &length); - if (retval) { - asn1buf_destroy(&buf); - return retval; - } - asn1_cleanup(); + asn1_setup(); + retval = asn1_encode_sequence_of_external_principal_identifier(buf, val, &length); + if (retval) { + asn1buf_destroy(&buf); + return retval; + } + asn1_cleanup(); } asn1_error_code asn1_encode_sequence_of_typed_data(asn1buf *buf, const krb5_typed_data **val, unsigned int *retlen) { - asn1_setup(); - int i; + asn1_setup(); + int i; - if(val == NULL || val[0] == NULL) return ASN1_MISSING_FIELD; + if (val == NULL || val[0] == NULL) return ASN1_MISSING_FIELD; - for(i=0; val[i] != NULL; i++); - for(i--; i>=0; i--){ - retval = asn1_encode_typed_data(buf,val[i],&length); - if(retval) return retval; - sum += length; - } - asn1_makeseq(); + for (i=0; val[i] != NULL; i++); + for (i--; i>=0; i--) { + retval = asn1_encode_typed_data(buf,val[i],&length); + if (retval) return retval; + sum += length; + } + asn1_makeseq(); - asn1_cleanup(); + asn1_cleanup(); } asn1_error_code asn1_encode_typed_data(asn1buf *buf, const krb5_typed_data *val, unsigned int *retlen) { - asn1_setup(); - asn1_addlenfield(val->length, val->data, 1, asn1_encode_octetstring); - asn1_addfield(val->type, 0, asn1_encode_integer); - asn1_makeseq(); - asn1_cleanup(); + asn1_setup(); + asn1_addlenfield(val->length, val->data, 1, asn1_encode_octetstring); + asn1_addfield(val->type, 0, asn1_encode_integer); + asn1_makeseq(); + asn1_cleanup(); } #endif /* DISABLE_PKINIT */ diff --git a/src/lib/krb5/asn.1/asn1_make.c b/src/lib/krb5/asn.1/asn1_make.c index dddf2da8f..5c13c035a 100644 --- a/src/lib/krb5/asn.1/asn1_make.c +++ b/src/lib/krb5/asn.1/asn1_make.c @@ -30,7 +30,7 @@ asn1_error_code asn1_make_etag(asn1buf *buf, asn1_class asn1class, asn1_tagnum tagnum, unsigned int in_len, unsigned int *retlen) { - return asn1_make_tag(buf,asn1class,CONSTRUCTED,tagnum,in_len,retlen); + return asn1_make_tag(buf,asn1class,CONSTRUCTED,tagnum,in_len,retlen); } @@ -39,122 +39,122 @@ asn1_error_code asn1_make_tag(asn1buf *buf, asn1_class asn1class, asn1_tagnum tagnum, unsigned int in_len, unsigned int *retlen) { - asn1_error_code retval; - unsigned int sumlen=0, length; + asn1_error_code retval; + unsigned int sumlen=0, length; - if(tagnum > ASN1_TAGNUM_MAX) return ASN1_OVERFLOW; + if (tagnum > ASN1_TAGNUM_MAX) return ASN1_OVERFLOW; - retval = asn1_make_length(buf,in_len, &length); - if(retval) return retval; - sumlen += length; - retval = asn1_make_id(buf,asn1class,construction,tagnum,&length); - if(retval) return retval; - sumlen += length; + retval = asn1_make_length(buf,in_len, &length); + if (retval) return retval; + sumlen += length; + retval = asn1_make_id(buf,asn1class,construction,tagnum,&length); + if (retval) return retval; + sumlen += length; - *retlen = sumlen; - return 0; + *retlen = sumlen; + return 0; } asn1_error_code asn1_make_length(asn1buf *buf, const unsigned int in_len, unsigned int *retlen) { - asn1_error_code retval; - - if(in_len < 128){ - retval = asn1buf_insert_octet(buf, (asn1_octet)(in_len&0x7F)); - if(retval) return retval; - *retlen = 1; - }else{ - int in_copy=in_len, length=0; - - while(in_copy != 0){ - retval = asn1buf_insert_octet(buf, (asn1_octet)(in_copy&0xFF)); - if(retval) return retval; - in_copy = in_copy >> 8; - length++; + asn1_error_code retval; + + if (in_len < 128) { + retval = asn1buf_insert_octet(buf, (asn1_octet)(in_len&0x7F)); + if (retval) return retval; + *retlen = 1; + } else { + int in_copy=in_len, length=0; + + while (in_copy != 0) { + retval = asn1buf_insert_octet(buf, (asn1_octet)(in_copy&0xFF)); + if (retval) return retval; + in_copy = in_copy >> 8; + length++; + } + retval = asn1buf_insert_octet(buf, (asn1_octet) (0x80 | (asn1_octet)(length&0x7F))); + if (retval) return retval; + length++; + *retlen = length; } - retval = asn1buf_insert_octet(buf, (asn1_octet) (0x80 | (asn1_octet)(length&0x7F))); - if(retval) return retval; - length++; - *retlen = length; - } - return 0; + return 0; } asn1_error_code asn1_make_id(asn1buf *buf, asn1_class asn1class, asn1_construction construction, asn1_tagnum tagnum, unsigned int *retlen) { - asn1_error_code retval; - - if(tagnum < 31) { - retval = asn1buf_insert_octet(buf, (asn1_octet) (asn1class | construction | - (asn1_octet)tagnum)); - if(retval) return retval; - *retlen = 1; - }else{ - asn1_tagnum tagcopy = tagnum; - int length = 0; - - retval = asn1buf_insert_octet(buf, (asn1_octet)(tagcopy&0x7F)); - if(retval) return retval; - tagcopy >>= 7; - length++; - - for(; tagcopy != 0; tagcopy >>= 7){ - retval = asn1buf_insert_octet(buf, (asn1_octet) (0x80 | (asn1_octet)(tagcopy&0x7F))); - if(retval) return retval; - length++; + asn1_error_code retval; + + if (tagnum < 31) { + retval = asn1buf_insert_octet(buf, (asn1_octet) (asn1class | construction | + (asn1_octet)tagnum)); + if (retval) return retval; + *retlen = 1; + } else { + asn1_tagnum tagcopy = tagnum; + int length = 0; + + retval = asn1buf_insert_octet(buf, (asn1_octet)(tagcopy&0x7F)); + if (retval) return retval; + tagcopy >>= 7; + length++; + + for (; tagcopy != 0; tagcopy >>= 7) { + retval = asn1buf_insert_octet(buf, (asn1_octet) (0x80 | (asn1_octet)(tagcopy&0x7F))); + if (retval) return retval; + length++; + } + + retval = asn1buf_insert_octet(buf, (asn1_octet) (asn1class | construction | 0x1F)); + if (retval) return retval; + length++; + *retlen = length; } - retval = asn1buf_insert_octet(buf, (asn1_octet) (asn1class | construction | 0x1F)); - if(retval) return retval; - length++; - *retlen = length; - } - - return 0; + return 0; } asn1_error_code asn1_make_sequence(asn1buf *buf, const unsigned int seq_len, unsigned int *retlen) { - asn1_error_code retval; - unsigned int len, sum=0; - - retval = asn1_make_length(buf,seq_len,&len); - if(retval) return retval; - sum += len; - retval = asn1_make_id(buf,UNIVERSAL,CONSTRUCTED,ASN1_SEQUENCE,&len); - if(retval) return retval; - sum += len; - - *retlen = sum; - return 0; + asn1_error_code retval; + unsigned int len, sum=0; + + retval = asn1_make_length(buf,seq_len,&len); + if (retval) return retval; + sum += len; + retval = asn1_make_id(buf,UNIVERSAL,CONSTRUCTED,ASN1_SEQUENCE,&len); + if (retval) return retval; + sum += len; + + *retlen = sum; + return 0; } asn1_error_code asn1_make_set(asn1buf *buf, const unsigned int set_len, unsigned int *retlen) { - asn1_error_code retval; - unsigned int len, sum=0; - - retval = asn1_make_length(buf,set_len,&len); - if(retval) return retval; - sum += len; - retval = asn1_make_id(buf,UNIVERSAL,CONSTRUCTED,ASN1_SET,&len); - if(retval) return retval; - sum += len; - - *retlen = sum; - return 0; + asn1_error_code retval; + unsigned int len, sum=0; + + retval = asn1_make_length(buf,set_len,&len); + if (retval) return retval; + sum += len; + retval = asn1_make_id(buf,UNIVERSAL,CONSTRUCTED,ASN1_SET,&len); + if (retval) return retval; + sum += len; + + *retlen = sum; + return 0; } asn1_error_code asn1_make_string(asn1buf *buf, const unsigned int length, const char *string, int *retlen) { - asn1_error_code retval; + asn1_error_code retval; - retval = asn1buf_insert_charstring(buf,length,string); - if(retval) return retval; + retval = asn1buf_insert_charstring(buf,length,string); + if (retval) return retval; - *retlen = length; - return 0; + *retlen = length; + return 0; } diff --git a/src/lib/krb5/asn.1/asn1_misc.c b/src/lib/krb5/asn.1/asn1_misc.c index 62412ae6e..54ed273ce 100644 --- a/src/lib/krb5/asn.1/asn1_misc.c +++ b/src/lib/krb5/asn.1/asn1_misc.c @@ -28,10 +28,10 @@ asn1_error_code asn1_krb5_realm_copy(krb5_principal target, krb5_principal source) { - target->realm.length = source->realm.length; - target->realm.data = (char*)malloc(target->realm.length); /* copy realm */ - if (target->realm.data == NULL) return ENOMEM; - memcpy(target->realm.data,source->realm.data, /* to client */ - target->realm.length); - return 0; + target->realm.length = source->realm.length; + target->realm.data = (char*)malloc(target->realm.length); /* copy realm */ + if (target->realm.data == NULL) return ENOMEM; + memcpy(target->realm.data,source->realm.data, /* to client */ + target->realm.length); + return 0; } diff --git a/src/lib/krb5/asn.1/asn1buf.c b/src/lib/krb5/asn.1/asn1buf.c index 43ef97ca8..5320e184e 100644 --- a/src/lib/krb5/asn.1/asn1buf.c +++ b/src/lib/krb5/asn.1/asn1buf.c @@ -60,94 +60,94 @@ asn1_error_code asn1buf_create(asn1buf **buf) { - *buf = (asn1buf*)malloc(sizeof(asn1buf)); - if (*buf == NULL) return ENOMEM; - (*buf)->base = NULL; - (*buf)->bound = NULL; - (*buf)->next = NULL; - return 0; + *buf = (asn1buf*)malloc(sizeof(asn1buf)); + if (*buf == NULL) return ENOMEM; + (*buf)->base = NULL; + (*buf)->bound = NULL; + (*buf)->next = NULL; + return 0; } asn1_error_code asn1buf_wrap_data(asn1buf *buf, const krb5_data *code) { - if(code == NULL || code->data == NULL) return ASN1_MISSING_FIELD; - buf->next = buf->base = code->data; - buf->bound = code->data + code->length - 1; - return 0; + if (code == NULL || code->data == NULL) return ASN1_MISSING_FIELD; + buf->next = buf->base = code->data; + buf->bound = code->data + code->length - 1; + return 0; } asn1_error_code asn1buf_imbed(asn1buf *subbuf, const asn1buf *buf, const unsigned int length, const int indef) { - subbuf->base = subbuf->next = buf->next; - if (!indef) { - subbuf->bound = subbuf->base + length - 1; - if (subbuf->bound > buf->bound) - return ASN1_OVERRUN; - } else /* constructed indefinite */ - subbuf->bound = buf->bound; - return 0; + subbuf->base = subbuf->next = buf->next; + if (!indef) { + subbuf->bound = subbuf->base + length - 1; + if (subbuf->bound > buf->bound) + return ASN1_OVERRUN; + } else /* constructed indefinite */ + subbuf->bound = buf->bound; + return 0; } asn1_error_code asn1buf_sync(asn1buf *buf, asn1buf *subbuf, asn1_class asn1class, asn1_tagnum lasttag, unsigned int length, int indef, int seqindef) { - asn1_error_code retval; - - if (!seqindef) { - /* sequence was encoded as definite length */ - buf->next = subbuf->bound + 1; - } else if (!asn1_is_eoc(asn1class, lasttag, indef)) { - retval = asn1buf_skiptail(subbuf, length, indef); - if (retval) - return retval; - } else { - /* We have just read the EOC octets. */ - buf->next = subbuf->next; - } - return 0; + asn1_error_code retval; + + if (!seqindef) { + /* sequence was encoded as definite length */ + buf->next = subbuf->bound + 1; + } else if (!asn1_is_eoc(asn1class, lasttag, indef)) { + retval = asn1buf_skiptail(subbuf, length, indef); + if (retval) + return retval; + } else { + /* We have just read the EOC octets. */ + buf->next = subbuf->next; + } + return 0; } asn1_error_code asn1buf_skiptail(asn1buf *buf, const unsigned int length, const int indef) { - asn1_error_code retval; - taginfo t; - int nestlevel; - - nestlevel = 1 + indef; - if (!indef) { - if (length <= buf->bound - buf->next + 1) - buf->next += length; - else - return ASN1_OVERRUN; - } - while (nestlevel > 0) { - if (buf->bound - buf->next + 1 <= 0) - return ASN1_OVERRUN; - retval = asn1_get_tag_2(buf, &t); - if (retval) return retval; - if (!t.indef) { - if (t.length <= buf->bound - buf->next + 1) - buf->next += t.length; - else - return ASN1_OVERRUN; + asn1_error_code retval; + taginfo t; + int nestlevel; + + nestlevel = 1 + indef; + if (!indef) { + if (length <= buf->bound - buf->next + 1) + buf->next += length; + else + return ASN1_OVERRUN; + } + while (nestlevel > 0) { + if (buf->bound - buf->next + 1 <= 0) + return ASN1_OVERRUN; + retval = asn1_get_tag_2(buf, &t); + if (retval) return retval; + if (!t.indef) { + if (t.length <= buf->bound - buf->next + 1) + buf->next += t.length; + else + return ASN1_OVERRUN; + } + if (t.indef) + nestlevel++; + if (asn1_is_eoc(t.asn1class, t.tagnum, t.indef)) + nestlevel--; /* got an EOC encoding */ } - if (t.indef) - nestlevel++; - if (asn1_is_eoc(t.asn1class, t.tagnum, t.indef)) - nestlevel--; /* got an EOC encoding */ - } - return 0; + return 0; } asn1_error_code asn1buf_destroy(asn1buf **buf) { - if (*buf != NULL) { - free((*buf)->base); - free(*buf); - *buf = NULL; - } - return 0; + if (*buf != NULL) { + free((*buf)->base); + free(*buf); + *buf = NULL; + } + return 0; } #ifdef asn1buf_insert_octet @@ -155,115 +155,115 @@ asn1_error_code asn1buf_destroy(asn1buf **buf) #endif asn1_error_code asn1buf_insert_octet(asn1buf *buf, const int o) { - asn1_error_code retval; + asn1_error_code retval; - retval = asn1buf_ensure_space(buf,1U); - if(retval) return retval; - *(buf->next) = (char)o; - (buf->next)++; - return 0; + retval = asn1buf_ensure_space(buf,1U); + if (retval) return retval; + *(buf->next) = (char)o; + (buf->next)++; + return 0; } asn1_error_code asn1buf_insert_octetstring(asn1buf *buf, const unsigned int len, const krb5_octet *s) { - asn1_error_code retval; - unsigned int length; - - retval = asn1buf_ensure_space(buf,len); - if(retval) return retval; - for(length=1; length<=len; length++,(buf->next)++) - *(buf->next) = (char)(s[len-length]); - return 0; + asn1_error_code retval; + unsigned int length; + + retval = asn1buf_ensure_space(buf,len); + if (retval) return retval; + for (length=1; length<=len; length++,(buf->next)++) + *(buf->next) = (char)(s[len-length]); + return 0; } asn1_error_code asn1buf_insert_charstring(asn1buf *buf, const unsigned int len, const char *s) { - asn1_error_code retval; - unsigned int length; - - retval = asn1buf_ensure_space(buf,len); - if(retval) return retval; - for(length=1; length<=len; length++,(buf->next)++) - *(buf->next) = (char)(s[len-length]); - return 0; + asn1_error_code retval; + unsigned int length; + + retval = asn1buf_ensure_space(buf,len); + if (retval) return retval; + for (length=1; length<=len; length++,(buf->next)++) + *(buf->next) = (char)(s[len-length]); + return 0; } #undef asn1buf_remove_octet asn1_error_code asn1buf_remove_octet(asn1buf *buf, asn1_octet *o) { - if(buf->next > buf->bound) return ASN1_OVERRUN; - *o = (asn1_octet)(*((buf->next)++)); - return 0; + if (buf->next > buf->bound) return ASN1_OVERRUN; + *o = (asn1_octet)(*((buf->next)++)); + return 0; } asn1_error_code asn1buf_remove_octetstring(asn1buf *buf, const unsigned int len, asn1_octet **s) { - unsigned int i; - - if (len > buf->bound + 1 - buf->next) return ASN1_OVERRUN; - if (len == 0) { - *s = 0; - return 0; - } - *s = (asn1_octet*)malloc(len*sizeof(asn1_octet)); - if (*s == NULL) - return ENOMEM; - for(i=0; inext)[i]; - buf->next += len; - return 0; + unsigned int i; + + if (len > buf->bound + 1 - buf->next) return ASN1_OVERRUN; + if (len == 0) { + *s = 0; + return 0; + } + *s = (asn1_octet*)malloc(len*sizeof(asn1_octet)); + if (*s == NULL) + return ENOMEM; + for (i=0; inext)[i]; + buf->next += len; + return 0; } asn1_error_code asn1buf_remove_charstring(asn1buf *buf, const unsigned int len, char **s) { - unsigned int i; - - if (len > buf->bound + 1 - buf->next) return ASN1_OVERRUN; - if (len == 0) { - *s = 0; - return 0; - } - *s = (char*)malloc(len*sizeof(char)); - if (*s == NULL) return ENOMEM; - for(i=0; inext)[i]; - buf->next += len; - return 0; + unsigned int i; + + if (len > buf->bound + 1 - buf->next) return ASN1_OVERRUN; + if (len == 0) { + *s = 0; + return 0; + } + *s = (char*)malloc(len*sizeof(char)); + if (*s == NULL) return ENOMEM; + for (i=0; inext)[i]; + buf->next += len; + return 0; } int asn1buf_remains(asn1buf *buf, int indef) { - int remain; - if(buf == NULL || buf->base == NULL) return 0; - remain = buf->bound - buf->next +1; - if (remain <= 0) return remain; - /* - * Two 0 octets means the end of an indefinite encoding. - */ - if (indef && remain >= 2 && !*(buf->next) && !*(buf->next + 1)) - return 0; - else return remain; + int remain; + if (buf == NULL || buf->base == NULL) return 0; + remain = buf->bound - buf->next +1; + if (remain <= 0) return remain; + /* + * Two 0 octets means the end of an indefinite encoding. + */ + if (indef && remain >= 2 && !*(buf->next) && !*(buf->next + 1)) + return 0; + else return remain; } asn1_error_code asn12krb5_buf(const asn1buf *buf, krb5_data **code) { - unsigned int i; - *code = (krb5_data*)calloc(1,sizeof(krb5_data)); - if(*code == NULL) return ENOMEM; - (*code)->magic = KV5M_DATA; - (*code)->data = NULL; - (*code)->length = 0; - (*code)->length = asn1buf_len(buf); - (*code)->data = (char*)malloc((((*code)->length)+1)*sizeof(char)); - if ((*code)->data == NULL) { - free(*code); - *code = NULL; - return ENOMEM; - } - for(i=0; i < (*code)->length; i++) - ((*code)->data)[i] = (buf->base)[((*code)->length)-i-1]; - ((*code)->data)[(*code)->length] = '\0'; - return 0; + unsigned int i; + *code = (krb5_data*)calloc(1,sizeof(krb5_data)); + if (*code == NULL) return ENOMEM; + (*code)->magic = KV5M_DATA; + (*code)->data = NULL; + (*code)->length = 0; + (*code)->length = asn1buf_len(buf); + (*code)->data = (char*)malloc((((*code)->length)+1)*sizeof(char)); + if ((*code)->data == NULL) { + free(*code); + *code = NULL; + return ENOMEM; + } + for (i=0; i < (*code)->length; i++) + ((*code)->data)[i] = (buf->base)[((*code)->length)-i-1]; + ((*code)->data)[(*code)->length] = '\0'; + return 0; } @@ -273,58 +273,58 @@ asn1_error_code asn12krb5_buf(const asn1buf *buf, krb5_data **code) asn1_error_code asn1buf_unparse(const asn1buf *buf, char **s) { - free(*s); - if(buf == NULL){ - *s = malloc(sizeof("")); - if(*s == NULL) return ENOMEM; - strcpy(*s,""); - }else if(buf->base == NULL){ - *s = malloc(sizeof("")); - if(*s == NULL) return ENOMEM; - strcpy(*s,""); - }else{ - unsigned int length = asn1buf_len(buf); - unsigned int i; - - *s = calloc(length+1, sizeof(char)); - if(*s == NULL) return ENOMEM; - (*s)[length] = '\0'; - for(i=0; i")); + if (*s == NULL) return ENOMEM; + strcpy(*s,""); + } else if (buf->base == NULL) { + *s = malloc(sizeof("")); + if (*s == NULL) return ENOMEM; + strcpy(*s,""); + } else { + unsigned int length = asn1buf_len(buf); + unsigned int i; + + *s = calloc(length+1, sizeof(char)); + if (*s == NULL) return ENOMEM; + (*s)[length] = '\0'; + for (i=0; ibase)[length-i-1]) */ - } - return 0; + } + return 0; } asn1_error_code asn1buf_hex_unparse(const asn1buf *buf, char **s) { -#define hexchar(d) ((d)<=9 ? ('0'+(d)) :\ - ((d)<=15 ? ('A'+(d)-10) :\ - 'X')) - - free(*s); - - if(buf == NULL){ - *s = malloc(sizeof("")); - if(*s == NULL) return ENOMEM; - strcpy(*s,""); - }else if(buf->base == NULL){ - *s = malloc(sizeof("")); - if(*s == NULL) return ENOMEM; - strcpy(*s,""); - }else{ - unsigned int length = asn1buf_len(buf); - int i; - - *s = malloc(3*length); - if(*s == NULL) return ENOMEM; - for(i = length-1; i >= 0; i--){ - (*s)[3*(length-i-1)] = hexchar(((buf->base)[i]&0xF0)>>4); - (*s)[3*(length-i-1)+1] = hexchar((buf->base)[i]&0x0F); - (*s)[3*(length-i-1)+2] = ' '; +#define hexchar(d) ((d)<=9 ? ('0'+(d)) : \ + ((d)<=15 ? ('A'+(d)-10) : \ + 'X')) + + free(*s); + + if (buf == NULL) { + *s = malloc(sizeof("")); + if (*s == NULL) return ENOMEM; + strcpy(*s,""); + } else if (buf->base == NULL) { + *s = malloc(sizeof("")); + if (*s == NULL) return ENOMEM; + strcpy(*s,""); + } else { + unsigned int length = asn1buf_len(buf); + int i; + + *s = malloc(3*length); + if (*s == NULL) return ENOMEM; + for (i = length-1; i >= 0; i--) { + (*s)[3*(length-i-1)] = hexchar(((buf->base)[i]&0xF0)>>4); + (*s)[3*(length-i-1)+1] = hexchar((buf->base)[i]&0x0F); + (*s)[3*(length-i-1)+2] = ' '; + } + (*s)[3*length-1] = '\0'; } - (*s)[3*length-1] = '\0'; - } - return 0; + return 0; } /****************************************************************/ @@ -333,52 +333,52 @@ asn1_error_code asn1buf_hex_unparse(const asn1buf *buf, char **s) #undef asn1buf_size int asn1buf_size(const asn1buf *buf) { - if(buf == NULL || buf->base == NULL) return 0; - return buf->bound - buf->base + 1; + if (buf == NULL || buf->base == NULL) return 0; + return buf->bound - buf->base + 1; } #undef asn1buf_free unsigned int asn1buf_free(const asn1buf *buf) { - if(buf == NULL || buf->base == NULL) return 0; - else return buf->bound - buf->next + 1; + if (buf == NULL || buf->base == NULL) return 0; + else return buf->bound - buf->next + 1; } #undef asn1buf_ensure_space asn1_error_code asn1buf_ensure_space(asn1buf *buf, const unsigned int amount) { - int avail = asn1buf_free(buf); - if(avail < amount){ - asn1_error_code retval = asn1buf_expand(buf, amount-avail); - if(retval) return retval; - } - return 0; + int avail = asn1buf_free(buf); + if (avail < amount) { + asn1_error_code retval = asn1buf_expand(buf, amount-avail); + if (retval) return retval; + } + return 0; } asn1_error_code asn1buf_expand(asn1buf *buf, unsigned int inc) { #define STANDARD_INCREMENT 200 - int next_offset = buf->next - buf->base; - int bound_offset; - if (buf->base == NULL) bound_offset = -1; - else bound_offset = buf->bound - buf->base; - - if (inc < STANDARD_INCREMENT) - inc = STANDARD_INCREMENT; - - if (buf->base == NULL) - buf->base = malloc((asn1buf_size(buf)+inc) * sizeof(asn1_octet)); - else - buf->base = realloc(buf->base, - (asn1buf_size(buf)+inc) * sizeof(asn1_octet)); - if (buf->base == NULL) return ENOMEM; - buf->bound = (buf->base) + bound_offset + inc; - buf->next = (buf->base) + next_offset; - return 0; + int next_offset = buf->next - buf->base; + int bound_offset; + if (buf->base == NULL) bound_offset = -1; + else bound_offset = buf->bound - buf->base; + + if (inc < STANDARD_INCREMENT) + inc = STANDARD_INCREMENT; + + if (buf->base == NULL) + buf->base = malloc((asn1buf_size(buf)+inc) * sizeof(asn1_octet)); + else + buf->base = realloc(buf->base, + (asn1buf_size(buf)+inc) * sizeof(asn1_octet)); + if (buf->base == NULL) return ENOMEM; + buf->bound = (buf->base) + bound_offset + inc; + buf->next = (buf->base) + next_offset; + return 0; } #undef asn1buf_len int asn1buf_len(const asn1buf *buf) { - return buf->next - buf->base; + return buf->next - buf->base; } diff --git a/src/lib/krb5/asn.1/asn1buf.h b/src/lib/krb5/asn.1/asn1buf.h index b24ce68a6..66daaba69 100644 --- a/src/lib/krb5/asn.1/asn1buf.h +++ b/src/lib/krb5/asn.1/asn1buf.h @@ -151,13 +151,13 @@ asn1_error_code asn1buf_insert_octet #if ((__GNUC__ >= 2) && !defined(ASN1BUF_OMIT_INLINE_FUNCS)) && !defined(CONFIG_SMALL) extern __inline__ asn1_error_code asn1buf_insert_octet(asn1buf *buf, const int o) { - asn1_error_code retval; + asn1_error_code retval; - retval = asn1buf_ensure_space(buf,1U); - if(retval) return retval; - *(buf->next) = (char)o; - (buf->next)++; - return 0; + retval = asn1buf_ensure_space(buf,1U); + if (retval) return retval; + *(buf->next) = (char)o; + (buf->next)++; + return 0; } #endif diff --git a/src/lib/krb5/asn.1/krb5_decode.c b/src/lib/krb5/asn.1/krb5_decode.c index d743a5317..22e42a336 100644 --- a/src/lib/krb5/asn.1/krb5_decode.c +++ b/src/lib/krb5/asn.1/krb5_decode.c @@ -39,7 +39,7 @@ asn1_error_code retval;\ asn1buf buf;\ \ retval = asn1buf_wrap_data(&buf,code);\ -if(retval) return retval +if (retval) return retval #define setup_no_tagnum()\ asn1_class asn1class;\ @@ -60,7 +60,7 @@ setup_no_length() /* alloc_field is the first thing to allocate storage that may need cleanup */ #define alloc_field(var,type)\ var = (type*)calloc(1,sizeof(type));\ -if((var) == NULL) clean_return(ENOMEM) +if ((var) == NULL) clean_return(ENOMEM) /* process encoding header ***************************************/ /* decode tag and check that it == [APPLICATION tagnum] */ @@ -85,7 +85,7 @@ if((var) == NULL) clean_return(ENOMEM) #define next_tag() \ { taginfo t2; \ retval = asn1_get_tag_2(&subbuf, &t2); \ - if(retval) clean_return(retval); \ + if (retval) clean_return(retval); \ asn1class = t2.asn1class; \ construction = t2.construction; \ tagnum = t2.tagnum; \ @@ -120,9 +120,9 @@ asn1buf subbuf;\ int seqindef;\ int indef;\ retval = asn1_get_sequence(&buf,&length,&seqindef);\ -if(retval) clean_return(retval);\ +if (retval) clean_return(retval);\ retval = asn1buf_imbed(&subbuf,&buf,length,seqindef);\ -if(retval) clean_return(retval);\ +if (retval) clean_return(retval);\ next_tag() #define end_structure()\ @@ -133,7 +133,7 @@ if (retval) clean_return(retval) /* normal fields ************************/ #define get_field_body(var,decoder)\ retval = decoder(&subbuf,&(var));\ -if(retval) clean_return(retval);\ +if (retval) clean_return(retval);\ if (indef) { get_eoc(); }\ next_tag() @@ -152,7 +152,7 @@ next_tag() get the next tag */ #define get_field(var,tagexpect,decoder)\ error_if_bad_tag(tagexpect);\ -if(asn1class != CONTEXT_SPECIFIC || construction != CONSTRUCTED)\ +if (asn1class != CONTEXT_SPECIFIC || construction != CONSTRUCTED)\ clean_return(ASN1_BAD_ID);\ get_field_body(var,decoder) @@ -169,14 +169,14 @@ get_field_body(var,decoder) /* field w/ accompanying length *********/ #define get_lenfield_body(len,var,decoder)\ retval = decoder(&subbuf,&(len),&(var));\ -if(retval) clean_return(retval);\ +if (retval) clean_return(retval);\ if (indef) { get_eoc(); }\ next_tag() /* decode a field w/ its length (for string types) */ #define get_lenfield(len,var,tagexpect,decoder)\ error_if_bad_tag(tagexpect);\ -if(asn1class != CONTEXT_SPECIFIC || construction != CONSTRUCTED)\ +if (asn1class != CONTEXT_SPECIFIC || construction != CONSTRUCTED)\ clean_return(ASN1_BAD_ID);\ get_lenfield_body(len,var,decoder) @@ -216,42 +216,42 @@ error_out: \ krb5_error_code decode_krb5_authenticator(const krb5_data *code, krb5_authenticator **rep) { - setup(); - alloc_field(*rep,krb5_authenticator); - clear_field(rep,subkey); - clear_field(rep,checksum); - clear_field(rep,client); - - check_apptag(2); - { begin_structure(); - { krb5_kvno kvno; - get_field(kvno,0,asn1_decode_kvno); - if(kvno != KVNO) clean_return(KRB5KDC_ERR_BAD_PVNO); } - alloc_field((*rep)->client,krb5_principal_data); - get_field((*rep)->client,1,asn1_decode_realm); - get_field((*rep)->client,2,asn1_decode_principal_name); - if(tagnum == 3){ - alloc_field((*rep)->checksum,krb5_checksum); - get_field(*((*rep)->checksum),3,asn1_decode_checksum); } - get_field((*rep)->cusec,4,asn1_decode_int32); - get_field((*rep)->ctime,5,asn1_decode_kerberos_time); - if(tagnum == 6){ alloc_field((*rep)->subkey,krb5_keyblock); } - opt_field(*((*rep)->subkey),6,asn1_decode_encryption_key); - opt_field((*rep)->seq_number,7,asn1_decode_seqnum); - opt_field((*rep)->authorization_data,8,asn1_decode_authorization_data); - (*rep)->magic = KV5M_AUTHENTICATOR; - end_structure(); - } - cleanup_manual(); + setup(); + alloc_field(*rep,krb5_authenticator); + clear_field(rep,subkey); + clear_field(rep,checksum); + clear_field(rep,client); + + check_apptag(2); + { begin_structure(); + { krb5_kvno kvno; + get_field(kvno,0,asn1_decode_kvno); + if (kvno != KVNO) clean_return(KRB5KDC_ERR_BAD_PVNO); } + alloc_field((*rep)->client,krb5_principal_data); + get_field((*rep)->client,1,asn1_decode_realm); + get_field((*rep)->client,2,asn1_decode_principal_name); + if (tagnum == 3) { + alloc_field((*rep)->checksum,krb5_checksum); + get_field(*((*rep)->checksum),3,asn1_decode_checksum); } + get_field((*rep)->cusec,4,asn1_decode_int32); + get_field((*rep)->ctime,5,asn1_decode_kerberos_time); + if (tagnum == 6) { alloc_field((*rep)->subkey,krb5_keyblock); } + opt_field(*((*rep)->subkey),6,asn1_decode_encryption_key); + opt_field((*rep)->seq_number,7,asn1_decode_seqnum); + opt_field((*rep)->authorization_data,8,asn1_decode_authorization_data); + (*rep)->magic = KV5M_AUTHENTICATOR; + end_structure(); + } + cleanup_manual(); error_out: - if (rep && *rep) { - free_field(*rep,subkey); - free_field(*rep,checksum); - free_field(*rep,client); - free(*rep); - *rep = NULL; - } - return retval; + if (rep && *rep) { + free_field(*rep,subkey); + free_field(*rep,checksum); + free_field(*rep,client); + free(*rep); + *rep = NULL; + } + return retval; } krb5_error_code @@ -263,258 +263,258 @@ krb5_decode_ticket(const krb5_data *code, krb5_ticket **rep) krb5_error_code decode_krb5_ticket(const krb5_data *code, krb5_ticket **rep) { - setup(); - alloc_field(*rep,krb5_ticket); - clear_field(rep,server); + setup(); + alloc_field(*rep,krb5_ticket); + clear_field(rep,server); - check_apptag(1); - { begin_structure(); - { krb5_kvno kvno; - get_field(kvno,0,asn1_decode_kvno); - if(kvno != KVNO) clean_return(KRB5KDC_ERR_BAD_PVNO); + check_apptag(1); + { begin_structure(); + { krb5_kvno kvno; + get_field(kvno,0,asn1_decode_kvno); + if (kvno != KVNO) clean_return(KRB5KDC_ERR_BAD_PVNO); + } + alloc_field((*rep)->server,krb5_principal_data); + get_field((*rep)->server,1,asn1_decode_realm); + get_field((*rep)->server,2,asn1_decode_principal_name); + get_field((*rep)->enc_part,3,asn1_decode_encrypted_data); + (*rep)->magic = KV5M_TICKET; + end_structure(); } - alloc_field((*rep)->server,krb5_principal_data); - get_field((*rep)->server,1,asn1_decode_realm); - get_field((*rep)->server,2,asn1_decode_principal_name); - get_field((*rep)->enc_part,3,asn1_decode_encrypted_data); - (*rep)->magic = KV5M_TICKET; - end_structure(); - } - cleanup_manual(); + cleanup_manual(); error_out: - if (rep && *rep) { - free_field(*rep,server); - free(*rep); - *rep = NULL; - } - return retval; + if (rep && *rep) { + free_field(*rep,server); + free(*rep); + *rep = NULL; + } + return retval; } krb5_error_code decode_krb5_encryption_key(const krb5_data *code, krb5_keyblock **rep) { - setup(); - alloc_field(*rep,krb5_keyblock); - - { begin_structure(); - get_field((*rep)->enctype,0,asn1_decode_enctype); - get_lenfield((*rep)->length,(*rep)->contents,1,asn1_decode_octetstring); - end_structure(); - (*rep)->magic = KV5M_KEYBLOCK; - } - cleanup(free); + setup(); + alloc_field(*rep,krb5_keyblock); + + { begin_structure(); + get_field((*rep)->enctype,0,asn1_decode_enctype); + get_lenfield((*rep)->length,(*rep)->contents,1,asn1_decode_octetstring); + end_structure(); + (*rep)->magic = KV5M_KEYBLOCK; + } + cleanup(free); } krb5_error_code decode_krb5_enc_tkt_part(const krb5_data *code, krb5_enc_tkt_part **rep) { - setup(); - alloc_field(*rep,krb5_enc_tkt_part); - clear_field(rep,session); - clear_field(rep,client); - - check_apptag(3); - { begin_structure(); - get_field((*rep)->flags,0,asn1_decode_ticket_flags); - alloc_field((*rep)->session,krb5_keyblock); - get_field(*((*rep)->session),1,asn1_decode_encryption_key); - alloc_field((*rep)->client,krb5_principal_data); - get_field((*rep)->client,2,asn1_decode_realm); - get_field((*rep)->client,3,asn1_decode_principal_name); - get_field((*rep)->transited,4,asn1_decode_transited_encoding); - get_field((*rep)->times.authtime,5,asn1_decode_kerberos_time); - if (tagnum == 6) - { get_field((*rep)->times.starttime,6,asn1_decode_kerberos_time); } - else - (*rep)->times.starttime=(*rep)->times.authtime; - get_field((*rep)->times.endtime,7,asn1_decode_kerberos_time); - opt_field((*rep)->times.renew_till,8,asn1_decode_kerberos_time); - opt_field((*rep)->caddrs,9,asn1_decode_host_addresses); - opt_field((*rep)->authorization_data,10,asn1_decode_authorization_data); - (*rep)->magic = KV5M_ENC_TKT_PART; - end_structure(); - } - cleanup_manual(); + setup(); + alloc_field(*rep,krb5_enc_tkt_part); + clear_field(rep,session); + clear_field(rep,client); + + check_apptag(3); + { begin_structure(); + get_field((*rep)->flags,0,asn1_decode_ticket_flags); + alloc_field((*rep)->session,krb5_keyblock); + get_field(*((*rep)->session),1,asn1_decode_encryption_key); + alloc_field((*rep)->client,krb5_principal_data); + get_field((*rep)->client,2,asn1_decode_realm); + get_field((*rep)->client,3,asn1_decode_principal_name); + get_field((*rep)->transited,4,asn1_decode_transited_encoding); + get_field((*rep)->times.authtime,5,asn1_decode_kerberos_time); + if (tagnum == 6) + { get_field((*rep)->times.starttime,6,asn1_decode_kerberos_time); } + else + (*rep)->times.starttime=(*rep)->times.authtime; + get_field((*rep)->times.endtime,7,asn1_decode_kerberos_time); + opt_field((*rep)->times.renew_till,8,asn1_decode_kerberos_time); + opt_field((*rep)->caddrs,9,asn1_decode_host_addresses); + opt_field((*rep)->authorization_data,10,asn1_decode_authorization_data); + (*rep)->magic = KV5M_ENC_TKT_PART; + end_structure(); + } + cleanup_manual(); error_out: - if (rep && *rep) { - free_field(*rep,session); - free_field(*rep,client); - free(*rep); - *rep = NULL; - } - return retval; + if (rep && *rep) { + free_field(*rep,session); + free_field(*rep,client); + free(*rep); + *rep = NULL; + } + return retval; } krb5_error_code decode_krb5_enc_kdc_rep_part(const krb5_data *code, krb5_enc_kdc_rep_part **rep) { - taginfo t4; - setup_buf_only(); - alloc_field(*rep,krb5_enc_kdc_rep_part); + taginfo t4; + setup_buf_only(); + alloc_field(*rep,krb5_enc_kdc_rep_part); - retval = asn1_get_tag_2(&buf, &t4); - if (retval) clean_return(retval); - if (t4.asn1class != APPLICATION || t4.construction != CONSTRUCTED) clean_return(ASN1_BAD_ID); - if (t4.tagnum == 25) (*rep)->msg_type = KRB5_AS_REP; - else if(t4.tagnum == 26) (*rep)->msg_type = KRB5_TGS_REP; - else clean_return(KRB5_BADMSGTYPE); + retval = asn1_get_tag_2(&buf, &t4); + if (retval) clean_return(retval); + if (t4.asn1class != APPLICATION || t4.construction != CONSTRUCTED) clean_return(ASN1_BAD_ID); + if (t4.tagnum == 25) (*rep)->msg_type = KRB5_AS_REP; + else if (t4.tagnum == 26) (*rep)->msg_type = KRB5_TGS_REP; + else clean_return(KRB5_BADMSGTYPE); - retval = asn1_decode_enc_kdc_rep_part(&buf,*rep); - if(retval) clean_return(retval); + retval = asn1_decode_enc_kdc_rep_part(&buf,*rep); + if (retval) clean_return(retval); - cleanup(free); + cleanup(free); } krb5_error_code decode_krb5_as_rep(const krb5_data *code, krb5_kdc_rep **rep) { - setup_no_length(); - alloc_field(*rep,krb5_kdc_rep); + setup_no_length(); + alloc_field(*rep,krb5_kdc_rep); - check_apptag(11); - retval = asn1_decode_kdc_rep(&buf,*rep); - if(retval) clean_return(retval); + check_apptag(11); + retval = asn1_decode_kdc_rep(&buf,*rep); + if (retval) clean_return(retval); #ifdef KRB5_MSGTYPE_STRICT - if((*rep)->msg_type != KRB5_AS_REP) - clean_return(KRB5_BADMSGTYPE); + if ((*rep)->msg_type != KRB5_AS_REP) + clean_return(KRB5_BADMSGTYPE); #endif - cleanup(free); + cleanup(free); } krb5_error_code decode_krb5_tgs_rep(const krb5_data *code, krb5_kdc_rep **rep) { - setup_no_length(); - alloc_field(*rep,krb5_kdc_rep); + setup_no_length(); + alloc_field(*rep,krb5_kdc_rep); - check_apptag(13); - retval = asn1_decode_kdc_rep(&buf,*rep); - if(retval) clean_return(retval); + check_apptag(13); + retval = asn1_decode_kdc_rep(&buf,*rep); + if (retval) clean_return(retval); #ifdef KRB5_MSGTYPE_STRICT - if((*rep)->msg_type != KRB5_TGS_REP) clean_return(KRB5_BADMSGTYPE); + if ((*rep)->msg_type != KRB5_TGS_REP) clean_return(KRB5_BADMSGTYPE); #endif - cleanup(free); + cleanup(free); } krb5_error_code decode_krb5_ap_req(const krb5_data *code, krb5_ap_req **rep) { - setup(); - alloc_field(*rep,krb5_ap_req); - clear_field(rep,ticket); - - check_apptag(14); - { begin_structure(); - { krb5_kvno kvno; - get_field(kvno,0,asn1_decode_kvno); - if(kvno != KVNO) clean_return(KRB5KDC_ERR_BAD_PVNO); } - { krb5_msgtype msg_type; - get_field(msg_type,1,asn1_decode_msgtype); + setup(); + alloc_field(*rep,krb5_ap_req); + clear_field(rep,ticket); + + check_apptag(14); + { begin_structure(); + { krb5_kvno kvno; + get_field(kvno,0,asn1_decode_kvno); + if (kvno != KVNO) clean_return(KRB5KDC_ERR_BAD_PVNO); } + { krb5_msgtype msg_type; + get_field(msg_type,1,asn1_decode_msgtype); #ifdef KRB5_MSGTYPE_STRICT - if(msg_type != KRB5_AP_REQ) clean_return(KRB5_BADMSGTYPE); + if (msg_type != KRB5_AP_REQ) clean_return(KRB5_BADMSGTYPE); #endif + } + get_field((*rep)->ap_options,2,asn1_decode_ap_options); + alloc_field((*rep)->ticket,krb5_ticket); + get_field(*((*rep)->ticket),3,asn1_decode_ticket); + get_field((*rep)->authenticator,4,asn1_decode_encrypted_data); + end_structure(); + (*rep)->magic = KV5M_AP_REQ; } - get_field((*rep)->ap_options,2,asn1_decode_ap_options); - alloc_field((*rep)->ticket,krb5_ticket); - get_field(*((*rep)->ticket),3,asn1_decode_ticket); - get_field((*rep)->authenticator,4,asn1_decode_encrypted_data); - end_structure(); - (*rep)->magic = KV5M_AP_REQ; - } - cleanup_manual(); + cleanup_manual(); error_out: - if (rep && *rep) { - free_field(*rep,ticket); - free(*rep); - *rep = NULL; - } - return retval; + if (rep && *rep) { + free_field(*rep,ticket); + free(*rep); + *rep = NULL; + } + return retval; } krb5_error_code decode_krb5_ap_rep(const krb5_data *code, krb5_ap_rep **rep) { - setup(); - alloc_field(*rep,krb5_ap_rep); - - check_apptag(15); - { begin_structure(); - { krb5_kvno kvno; - get_field(kvno,0,asn1_decode_kvno); - if(kvno != KVNO) clean_return(KRB5KDC_ERR_BAD_PVNO); } - { krb5_msgtype msg_type; - get_field(msg_type,1,asn1_decode_msgtype); + setup(); + alloc_field(*rep,krb5_ap_rep); + + check_apptag(15); + { begin_structure(); + { krb5_kvno kvno; + get_field(kvno,0,asn1_decode_kvno); + if (kvno != KVNO) clean_return(KRB5KDC_ERR_BAD_PVNO); } + { krb5_msgtype msg_type; + get_field(msg_type,1,asn1_decode_msgtype); #ifdef KRB5_MSGTYPE_STRICT - if(msg_type != KRB5_AP_REP) clean_return(KRB5_BADMSGTYPE); + if (msg_type != KRB5_AP_REP) clean_return(KRB5_BADMSGTYPE); #endif + } + get_field((*rep)->enc_part,2,asn1_decode_encrypted_data); + end_structure(); + (*rep)->magic = KV5M_AP_REP; } - get_field((*rep)->enc_part,2,asn1_decode_encrypted_data); - end_structure(); - (*rep)->magic = KV5M_AP_REP; - } - cleanup(free); + cleanup(free); } krb5_error_code decode_krb5_ap_rep_enc_part(const krb5_data *code, krb5_ap_rep_enc_part **rep) { - setup(); - alloc_field(*rep,krb5_ap_rep_enc_part); - clear_field(rep,subkey); - - check_apptag(27); - { begin_structure(); - get_field((*rep)->ctime,0,asn1_decode_kerberos_time); - get_field((*rep)->cusec,1,asn1_decode_int32); - if(tagnum == 2){ alloc_field((*rep)->subkey,krb5_keyblock); } - opt_field(*((*rep)->subkey),2,asn1_decode_encryption_key); - opt_field((*rep)->seq_number,3,asn1_decode_seqnum); - end_structure(); - (*rep)->magic = KV5M_AP_REP_ENC_PART; - } - cleanup_manual(); + setup(); + alloc_field(*rep,krb5_ap_rep_enc_part); + clear_field(rep,subkey); + + check_apptag(27); + { begin_structure(); + get_field((*rep)->ctime,0,asn1_decode_kerberos_time); + get_field((*rep)->cusec,1,asn1_decode_int32); + if (tagnum == 2) { alloc_field((*rep)->subkey,krb5_keyblock); } + opt_field(*((*rep)->subkey),2,asn1_decode_encryption_key); + opt_field((*rep)->seq_number,3,asn1_decode_seqnum); + end_structure(); + (*rep)->magic = KV5M_AP_REP_ENC_PART; + } + cleanup_manual(); error_out: - if (rep && *rep) { - free_field(*rep,subkey); - free(*rep); - *rep = NULL; - } - return retval; + if (rep && *rep) { + free_field(*rep,subkey); + free(*rep); + *rep = NULL; + } + return retval; } krb5_error_code decode_krb5_as_req(const krb5_data *code, krb5_kdc_req **rep) { - setup_no_length(); - alloc_field(*rep,krb5_kdc_req); + setup_no_length(); + alloc_field(*rep,krb5_kdc_req); - check_apptag(10); - retval = asn1_decode_kdc_req(&buf,*rep); - if(retval) clean_return(retval); + check_apptag(10); + retval = asn1_decode_kdc_req(&buf,*rep); + if (retval) clean_return(retval); #ifdef KRB5_MSGTYPE_STRICT - if((*rep)->msg_type != KRB5_AS_REQ) clean_return(KRB5_BADMSGTYPE); + if ((*rep)->msg_type != KRB5_AS_REQ) clean_return(KRB5_BADMSGTYPE); #endif - cleanup(free); + cleanup(free); } krb5_error_code decode_krb5_tgs_req(const krb5_data *code, krb5_kdc_req **rep) { - setup_no_length(); - alloc_field(*rep,krb5_kdc_req); + setup_no_length(); + alloc_field(*rep,krb5_kdc_req); - check_apptag(12); - retval = asn1_decode_kdc_req(&buf,*rep); - if(retval) clean_return(retval); + check_apptag(12); + retval = asn1_decode_kdc_req(&buf,*rep); + if (retval) clean_return(retval); #ifdef KRB5_MSGTYPE_STRICT - if((*rep)->msg_type != KRB5_TGS_REQ) clean_return(KRB5_BADMSGTYPE); + if ((*rep)->msg_type != KRB5_TGS_REQ) clean_return(KRB5_BADMSGTYPE); #endif - cleanup(free); + cleanup(free); } krb5_error_code decode_krb5_kdc_req_body(const krb5_data *code, krb5_kdc_req **rep) { - setup_buf_only(); - alloc_field(*rep,krb5_kdc_req); + setup_buf_only(); + alloc_field(*rep,krb5_kdc_req); - retval = asn1_decode_kdc_req_body(&buf,*rep); - if(retval) clean_return(retval); + retval = asn1_decode_kdc_req_body(&buf,*rep); + if (retval) clean_return(retval); - cleanup(free); + cleanup(free); } /* @@ -532,281 +532,281 @@ krb5_error_code decode_krb5_kdc_req_body(const krb5_data *code, krb5_kdc_req **r * encoded KRB-SAFE-BODY points into the input buffer. */ krb5_error_code decode_krb5_safe_with_body( - const krb5_data *code, - krb5_safe **rep, - krb5_data *body) + const krb5_data *code, + krb5_safe **rep, + krb5_data *body) { - krb5_data tmpbody; - setup(); - alloc_field(*rep,krb5_safe); - clear_field(rep,checksum); - tmpbody.magic = 0; - - check_apptag(20); - { begin_structure(); - { krb5_kvno kvno; - get_field(kvno,0,asn1_decode_kvno); - if(kvno != KVNO) clean_return(KRB5KDC_ERR_BAD_PVNO); } - { krb5_msgtype msg_type; - get_field(msg_type,1,asn1_decode_msgtype); + krb5_data tmpbody; + setup(); + alloc_field(*rep,krb5_safe); + clear_field(rep,checksum); + tmpbody.magic = 0; + + check_apptag(20); + { begin_structure(); + { krb5_kvno kvno; + get_field(kvno,0,asn1_decode_kvno); + if (kvno != KVNO) clean_return(KRB5KDC_ERR_BAD_PVNO); } + { krb5_msgtype msg_type; + get_field(msg_type,1,asn1_decode_msgtype); #ifdef KRB5_MSGTYPE_STRICT - if(msg_type != KRB5_SAFE) clean_return(KRB5_BADMSGTYPE); + if (msg_type != KRB5_SAFE) clean_return(KRB5_BADMSGTYPE); #endif + } + /* + * Gross kludge to extract pointer to encoded safe-body. Relies + * on tag prefetch done by next_tag(). Don't handle indefinite + * encoding, as it's too much work. + */ + if (!indef) { + tmpbody.length = taglen; + tmpbody.data = subbuf.next; + } else { + tmpbody.length = 0; + tmpbody.data = NULL; + } + get_field(**rep,2,asn1_decode_krb_safe_body); + alloc_field((*rep)->checksum,krb5_checksum); + get_field(*((*rep)->checksum),3,asn1_decode_checksum); + (*rep)->magic = KV5M_SAFE; + end_structure(); } - /* - * Gross kludge to extract pointer to encoded safe-body. Relies - * on tag prefetch done by next_tag(). Don't handle indefinite - * encoding, as it's too much work. - */ - if (!indef) { - tmpbody.length = taglen; - tmpbody.data = subbuf.next; - } else { - tmpbody.length = 0; - tmpbody.data = NULL; - } - get_field(**rep,2,asn1_decode_krb_safe_body); - alloc_field((*rep)->checksum,krb5_checksum); - get_field(*((*rep)->checksum),3,asn1_decode_checksum); - (*rep)->magic = KV5M_SAFE; - end_structure(); - } - if (body != NULL) - *body = tmpbody; - cleanup_manual(); + if (body != NULL) + *body = tmpbody; + cleanup_manual(); error_out: - if (rep && *rep) { - free_field(*rep,checksum); - free(*rep); - *rep = NULL; - } - return retval; + if (rep && *rep) { + free_field(*rep,checksum); + free(*rep); + *rep = NULL; + } + return retval; } krb5_error_code decode_krb5_safe(const krb5_data *code, krb5_safe **rep) { - return decode_krb5_safe_with_body(code, rep, NULL); + return decode_krb5_safe_with_body(code, rep, NULL); } krb5_error_code decode_krb5_priv(const krb5_data *code, krb5_priv **rep) { - setup(); - alloc_field(*rep,krb5_priv); - - check_apptag(21); - { begin_structure(); - { krb5_kvno kvno; - get_field(kvno,0,asn1_decode_kvno); - if(kvno != KVNO) clean_return(KRB5KDC_ERR_BAD_PVNO); } - { krb5_msgtype msg_type; - get_field(msg_type,1,asn1_decode_msgtype); + setup(); + alloc_field(*rep,krb5_priv); + + check_apptag(21); + { begin_structure(); + { krb5_kvno kvno; + get_field(kvno,0,asn1_decode_kvno); + if (kvno != KVNO) clean_return(KRB5KDC_ERR_BAD_PVNO); } + { krb5_msgtype msg_type; + get_field(msg_type,1,asn1_decode_msgtype); #ifdef KRB5_MSGTYPE_STRICT - if(msg_type != KRB5_PRIV) clean_return(KRB5_BADMSGTYPE); + if (msg_type != KRB5_PRIV) clean_return(KRB5_BADMSGTYPE); #endif + } + get_field((*rep)->enc_part,3,asn1_decode_encrypted_data); + (*rep)->magic = KV5M_PRIV; + end_structure(); } - get_field((*rep)->enc_part,3,asn1_decode_encrypted_data); - (*rep)->magic = KV5M_PRIV; - end_structure(); - } - cleanup(free); + cleanup(free); } krb5_error_code decode_krb5_enc_priv_part(const krb5_data *code, krb5_priv_enc_part **rep) { - setup(); - alloc_field(*rep,krb5_priv_enc_part); - clear_field(rep,r_address); - clear_field(rep,s_address); - - check_apptag(28); - { begin_structure(); - get_lenfield((*rep)->user_data.length,(*rep)->user_data.data,0,asn1_decode_charstring); - opt_field((*rep)->timestamp,1,asn1_decode_kerberos_time); - opt_field((*rep)->usec,2,asn1_decode_int32); - opt_field((*rep)->seq_number,3,asn1_decode_seqnum); - alloc_field((*rep)->s_address,krb5_address); - get_field(*((*rep)->s_address),4,asn1_decode_host_address); - if(tagnum == 5){ alloc_field((*rep)->r_address,krb5_address); } - opt_field(*((*rep)->r_address),5,asn1_decode_host_address); - (*rep)->magic = KV5M_PRIV_ENC_PART; - end_structure(); - } - cleanup_manual(); + setup(); + alloc_field(*rep,krb5_priv_enc_part); + clear_field(rep,r_address); + clear_field(rep,s_address); + + check_apptag(28); + { begin_structure(); + get_lenfield((*rep)->user_data.length,(*rep)->user_data.data,0,asn1_decode_charstring); + opt_field((*rep)->timestamp,1,asn1_decode_kerberos_time); + opt_field((*rep)->usec,2,asn1_decode_int32); + opt_field((*rep)->seq_number,3,asn1_decode_seqnum); + alloc_field((*rep)->s_address,krb5_address); + get_field(*((*rep)->s_address),4,asn1_decode_host_address); + if (tagnum == 5) { alloc_field((*rep)->r_address,krb5_address); } + opt_field(*((*rep)->r_address),5,asn1_decode_host_address); + (*rep)->magic = KV5M_PRIV_ENC_PART; + end_structure(); + } + cleanup_manual(); error_out: - if (rep && *rep) { - free_field(*rep,r_address); - free_field(*rep,s_address); - free(*rep); - *rep = NULL; - } - return retval; + if (rep && *rep) { + free_field(*rep,r_address); + free_field(*rep,s_address); + free(*rep); + *rep = NULL; + } + return retval; } krb5_error_code decode_krb5_cred(const krb5_data *code, krb5_cred **rep) { - setup(); - alloc_field(*rep,krb5_cred); - - check_apptag(22); - { begin_structure(); - { krb5_kvno kvno; - get_field(kvno,0,asn1_decode_kvno); - if(kvno != KVNO) clean_return(KRB5KDC_ERR_BAD_PVNO); } - { krb5_msgtype msg_type; - get_field(msg_type,1,asn1_decode_msgtype); + setup(); + alloc_field(*rep,krb5_cred); + + check_apptag(22); + { begin_structure(); + { krb5_kvno kvno; + get_field(kvno,0,asn1_decode_kvno); + if (kvno != KVNO) clean_return(KRB5KDC_ERR_BAD_PVNO); } + { krb5_msgtype msg_type; + get_field(msg_type,1,asn1_decode_msgtype); #ifdef KRB5_MSGTYPE_STRICT - if(msg_type != KRB5_CRED) clean_return(KRB5_BADMSGTYPE); + if (msg_type != KRB5_CRED) clean_return(KRB5_BADMSGTYPE); #endif + } + get_field((*rep)->tickets,2,asn1_decode_sequence_of_ticket); + get_field((*rep)->enc_part,3,asn1_decode_encrypted_data); + (*rep)->magic = KV5M_CRED; + end_structure(); } - get_field((*rep)->tickets,2,asn1_decode_sequence_of_ticket); - get_field((*rep)->enc_part,3,asn1_decode_encrypted_data); - (*rep)->magic = KV5M_CRED; - end_structure(); - } - cleanup(free); + cleanup(free); } krb5_error_code decode_krb5_enc_cred_part(const krb5_data *code, krb5_cred_enc_part **rep) { - setup(); - alloc_field(*rep,krb5_cred_enc_part); - clear_field(rep,r_address); - clear_field(rep,s_address); - - check_apptag(29); - { begin_structure(); - get_field((*rep)->ticket_info,0,asn1_decode_sequence_of_krb_cred_info); - opt_field((*rep)->nonce,1,asn1_decode_int32); - opt_field((*rep)->timestamp,2,asn1_decode_kerberos_time); - opt_field((*rep)->usec,3,asn1_decode_int32); - if(tagnum == 4){ alloc_field((*rep)->s_address,krb5_address); } - opt_field(*((*rep)->s_address),4,asn1_decode_host_address); - if(tagnum == 5){ alloc_field((*rep)->r_address,krb5_address); } - opt_field(*((*rep)->r_address),5,asn1_decode_host_address); - (*rep)->magic = KV5M_CRED_ENC_PART; - end_structure(); - } - cleanup_manual(); + setup(); + alloc_field(*rep,krb5_cred_enc_part); + clear_field(rep,r_address); + clear_field(rep,s_address); + + check_apptag(29); + { begin_structure(); + get_field((*rep)->ticket_info,0,asn1_decode_sequence_of_krb_cred_info); + opt_field((*rep)->nonce,1,asn1_decode_int32); + opt_field((*rep)->timestamp,2,asn1_decode_kerberos_time); + opt_field((*rep)->usec,3,asn1_decode_int32); + if (tagnum == 4) { alloc_field((*rep)->s_address,krb5_address); } + opt_field(*((*rep)->s_address),4,asn1_decode_host_address); + if (tagnum == 5) { alloc_field((*rep)->r_address,krb5_address); } + opt_field(*((*rep)->r_address),5,asn1_decode_host_address); + (*rep)->magic = KV5M_CRED_ENC_PART; + end_structure(); + } + cleanup_manual(); error_out: - if (rep && *rep) { - free_field(*rep,r_address); - free_field(*rep,s_address); - free(*rep); - *rep = NULL; - } - return retval; + if (rep && *rep) { + free_field(*rep,r_address); + free_field(*rep,s_address); + free(*rep); + *rep = NULL; + } + return retval; } krb5_error_code decode_krb5_error(const krb5_data *code, krb5_error **rep) { - setup(); - alloc_field(*rep,krb5_error); - clear_field(rep,server); - clear_field(rep,client); + setup(); + alloc_field(*rep,krb5_error); + clear_field(rep,server); + clear_field(rep,client); - check_apptag(30); - { begin_structure(); - { krb5_kvno kvno; - get_field(kvno,0,asn1_decode_kvno); - if(kvno != KVNO) clean_return(KRB5KDC_ERR_BAD_PVNO); } - { krb5_msgtype msg_type; - get_field(msg_type,1,asn1_decode_msgtype); + check_apptag(30); + { begin_structure(); + { krb5_kvno kvno; + get_field(kvno,0,asn1_decode_kvno); + if (kvno != KVNO) clean_return(KRB5KDC_ERR_BAD_PVNO); } + { krb5_msgtype msg_type; + get_field(msg_type,1,asn1_decode_msgtype); #ifdef KRB5_MSGTYPE_STRICT - if(msg_type != KRB5_ERROR) clean_return(KRB5_BADMSGTYPE); + if (msg_type != KRB5_ERROR) clean_return(KRB5_BADMSGTYPE); #endif + } + opt_field((*rep)->ctime,2,asn1_decode_kerberos_time); + opt_field((*rep)->cusec,3,asn1_decode_int32); + get_field((*rep)->stime,4,asn1_decode_kerberos_time); + get_field((*rep)->susec,5,asn1_decode_int32); + get_field((*rep)->error,6,asn1_decode_ui_4); + if (tagnum == 7) { alloc_field((*rep)->client,krb5_principal_data); } + opt_field((*rep)->client,7,asn1_decode_realm); + opt_field((*rep)->client,8,asn1_decode_principal_name); + alloc_field((*rep)->server,krb5_principal_data); + get_field((*rep)->server,9,asn1_decode_realm); + get_field((*rep)->server,10,asn1_decode_principal_name); + opt_lenfield((*rep)->text.length,(*rep)->text.data,11,asn1_decode_generalstring); + opt_lenfield((*rep)->e_data.length,(*rep)->e_data.data,12,asn1_decode_charstring); + (*rep)->magic = KV5M_ERROR; + end_structure(); } - opt_field((*rep)->ctime,2,asn1_decode_kerberos_time); - opt_field((*rep)->cusec,3,asn1_decode_int32); - get_field((*rep)->stime,4,asn1_decode_kerberos_time); - get_field((*rep)->susec,5,asn1_decode_int32); - get_field((*rep)->error,6,asn1_decode_ui_4); - if(tagnum == 7){ alloc_field((*rep)->client,krb5_principal_data); } - opt_field((*rep)->client,7,asn1_decode_realm); - opt_field((*rep)->client,8,asn1_decode_principal_name); - alloc_field((*rep)->server,krb5_principal_data); - get_field((*rep)->server,9,asn1_decode_realm); - get_field((*rep)->server,10,asn1_decode_principal_name); - opt_lenfield((*rep)->text.length,(*rep)->text.data,11,asn1_decode_generalstring); - opt_lenfield((*rep)->e_data.length,(*rep)->e_data.data,12,asn1_decode_charstring); - (*rep)->magic = KV5M_ERROR; - end_structure(); - } - cleanup_manual(); + cleanup_manual(); error_out: - if (rep && *rep) { - free_field(*rep,server); - free_field(*rep,client); - free(*rep); - *rep = NULL; - } - return retval; + if (rep && *rep) { + free_field(*rep,server); + free_field(*rep,client); + free(*rep); + *rep = NULL; + } + return retval; } krb5_error_code decode_krb5_authdata(const krb5_data *code, krb5_authdata ***rep) { - setup_buf_only(); - *rep = 0; - retval = asn1_decode_authorization_data(&buf,rep); - if(retval) clean_return(retval); - cleanup_none(); /* we're not allocating anything here... */ + setup_buf_only(); + *rep = 0; + retval = asn1_decode_authorization_data(&buf,rep); + if (retval) clean_return(retval); + cleanup_none(); /* we're not allocating anything here... */ } krb5_error_code decode_krb5_pwd_sequence(const krb5_data *code, passwd_phrase_element **rep) { - setup_buf_only(); - alloc_field(*rep,passwd_phrase_element); - retval = asn1_decode_passwdsequence(&buf,*rep); - if(retval) clean_return(retval); - cleanup(free); + setup_buf_only(); + alloc_field(*rep,passwd_phrase_element); + retval = asn1_decode_passwdsequence(&buf,*rep); + if (retval) clean_return(retval); + cleanup(free); } krb5_error_code decode_krb5_pwd_data(const krb5_data *code, krb5_pwd_data **rep) { - setup(); - alloc_field(*rep,krb5_pwd_data); - { begin_structure(); - get_field((*rep)->sequence_count,0,asn1_decode_int); - get_field((*rep)->element,1,asn1_decode_sequence_of_passwdsequence); - (*rep)->magic = KV5M_PWD_DATA; - end_structure (); } - cleanup(free); + setup(); + alloc_field(*rep,krb5_pwd_data); + { begin_structure(); + get_field((*rep)->sequence_count,0,asn1_decode_int); + get_field((*rep)->element,1,asn1_decode_sequence_of_passwdsequence); + (*rep)->magic = KV5M_PWD_DATA; + end_structure (); } + cleanup(free); } krb5_error_code decode_krb5_padata_sequence(const krb5_data *code, krb5_pa_data ***rep) { - setup_buf_only(); - *rep = 0; - retval = asn1_decode_sequence_of_pa_data(&buf,rep); - if(retval) clean_return(retval); - cleanup_none(); /* we're not allocating anything here */ + setup_buf_only(); + *rep = 0; + retval = asn1_decode_sequence_of_pa_data(&buf,rep); + if (retval) clean_return(retval); + cleanup_none(); /* we're not allocating anything here */ } krb5_error_code decode_krb5_alt_method(const krb5_data *code, krb5_alt_method **rep) { - setup(); - alloc_field(*rep,krb5_alt_method); - { begin_structure(); - get_field((*rep)->method,0,asn1_decode_int32); - if (tagnum == 1) { - get_lenfield((*rep)->length,(*rep)->data,1,asn1_decode_octetstring); - } else { - (*rep)->length = 0; - (*rep)->data = 0; + setup(); + alloc_field(*rep,krb5_alt_method); + { begin_structure(); + get_field((*rep)->method,0,asn1_decode_int32); + if (tagnum == 1) { + get_lenfield((*rep)->length,(*rep)->data,1,asn1_decode_octetstring); + } else { + (*rep)->length = 0; + (*rep)->data = 0; + } + (*rep)->magic = KV5M_ALT_METHOD; + end_structure(); } - (*rep)->magic = KV5M_ALT_METHOD; - end_structure(); - } - cleanup(free); + cleanup(free); } krb5_error_code decode_krb5_etype_info(const krb5_data *code, krb5_etype_info_entry ***rep) { - setup_buf_only(); - *rep = 0; - retval = asn1_decode_etype_info(&buf,rep); - if(retval) clean_return(retval); - cleanup_none(); /* we're not allocating anything here */ + setup_buf_only(); + *rep = 0; + retval = asn1_decode_etype_info(&buf,rep); + if (retval) clean_return(retval); + cleanup_none(); /* we're not allocating anything here */ } krb5_error_code decode_krb5_etype_info2(const krb5_data *code, krb5_etype_info_entry ***rep) @@ -816,282 +816,282 @@ krb5_error_code decode_krb5_etype_info2(const krb5_data *code, krb5_etype_info_e retval = asn1_decode_etype_info2(&buf,rep, 0); if (retval == ASN1_BAD_ID) { retval = asn1buf_wrap_data(&buf,code); - if(retval) clean_return(retval); + if (retval) clean_return(retval); retval = asn1_decode_etype_info2(&buf, rep, 1); } - if(retval) clean_return(retval); + if (retval) clean_return(retval); cleanup_none(); /* we're not allocating anything here */ } krb5_error_code decode_krb5_enc_data(const krb5_data *code, krb5_enc_data **rep) { - setup_buf_only(); - alloc_field(*rep,krb5_enc_data); + setup_buf_only(); + alloc_field(*rep,krb5_enc_data); - retval = asn1_decode_encrypted_data(&buf,*rep); - if(retval) clean_return(retval); + retval = asn1_decode_encrypted_data(&buf,*rep); + if (retval) clean_return(retval); - cleanup(free); + cleanup(free); } krb5_error_code decode_krb5_pa_enc_ts(const krb5_data *code, krb5_pa_enc_ts **rep) { - setup(); - alloc_field(*rep,krb5_pa_enc_ts); - { begin_structure(); - get_field((*rep)->patimestamp,0,asn1_decode_kerberos_time); - if (tagnum == 1) { - get_field((*rep)->pausec,1,asn1_decode_int32); - } else - (*rep)->pausec = 0; - end_structure (); } - cleanup(free); + setup(); + alloc_field(*rep,krb5_pa_enc_ts); + { begin_structure(); + get_field((*rep)->patimestamp,0,asn1_decode_kerberos_time); + if (tagnum == 1) { + get_field((*rep)->pausec,1,asn1_decode_int32); + } else + (*rep)->pausec = 0; + end_structure (); } + cleanup(free); } krb5_error_code decode_krb5_sam_challenge(const krb5_data *code, krb5_sam_challenge **rep) { - setup_buf_only(); - alloc_field(*rep,krb5_sam_challenge); + setup_buf_only(); + alloc_field(*rep,krb5_sam_challenge); - retval = asn1_decode_sam_challenge(&buf,*rep); - if(retval) clean_return(retval); + retval = asn1_decode_sam_challenge(&buf,*rep); + if (retval) clean_return(retval); - cleanup(free); + cleanup(free); } krb5_error_code decode_krb5_sam_challenge_2(const krb5_data *code, krb5_sam_challenge_2 **rep) { - setup_buf_only(); - alloc_field(*rep,krb5_sam_challenge_2); + setup_buf_only(); + alloc_field(*rep,krb5_sam_challenge_2); - retval = asn1_decode_sam_challenge_2(&buf,*rep); - if(retval) clean_return(retval); + retval = asn1_decode_sam_challenge_2(&buf,*rep); + if (retval) clean_return(retval); - cleanup(free); + cleanup(free); } krb5_error_code decode_krb5_sam_challenge_2_body(const krb5_data *code, krb5_sam_challenge_2_body **rep) { - setup_buf_only(); - alloc_field(*rep, krb5_sam_challenge_2_body); + setup_buf_only(); + alloc_field(*rep, krb5_sam_challenge_2_body); - retval = asn1_decode_sam_challenge_2_body(&buf, *rep); - if(retval) clean_return(retval); + retval = asn1_decode_sam_challenge_2_body(&buf, *rep); + if (retval) clean_return(retval); - cleanup(free); + cleanup(free); } krb5_error_code decode_krb5_enc_sam_key(const krb5_data *code, krb5_sam_key **rep) { - setup_buf_only(); - alloc_field(*rep,krb5_sam_key); + setup_buf_only(); + alloc_field(*rep,krb5_sam_key); - retval = asn1_decode_enc_sam_key(&buf,*rep); - if(retval) clean_return(retval); + retval = asn1_decode_enc_sam_key(&buf,*rep); + if (retval) clean_return(retval); - cleanup(free); + cleanup(free); } krb5_error_code decode_krb5_enc_sam_response_enc(const krb5_data *code, krb5_enc_sam_response_enc **rep) { - setup_buf_only(); - alloc_field(*rep,krb5_enc_sam_response_enc); + setup_buf_only(); + alloc_field(*rep,krb5_enc_sam_response_enc); - retval = asn1_decode_enc_sam_response_enc(&buf,*rep); - if(retval) clean_return(retval); + retval = asn1_decode_enc_sam_response_enc(&buf,*rep); + if (retval) clean_return(retval); - cleanup(free); + cleanup(free); } krb5_error_code decode_krb5_enc_sam_response_enc_2(const krb5_data *code, krb5_enc_sam_response_enc_2 **rep) { - setup_buf_only(); - alloc_field(*rep,krb5_enc_sam_response_enc_2); + setup_buf_only(); + alloc_field(*rep,krb5_enc_sam_response_enc_2); - retval = asn1_decode_enc_sam_response_enc_2(&buf,*rep); - if(retval) clean_return(retval); + retval = asn1_decode_enc_sam_response_enc_2(&buf,*rep); + if (retval) clean_return(retval); - cleanup(free); + cleanup(free); } krb5_error_code decode_krb5_sam_response(const krb5_data *code, krb5_sam_response **rep) { - setup_buf_only(); - alloc_field(*rep,krb5_sam_response); + setup_buf_only(); + alloc_field(*rep,krb5_sam_response); - retval = asn1_decode_sam_response(&buf,*rep); - if(retval) clean_return(retval); + retval = asn1_decode_sam_response(&buf,*rep); + if (retval) clean_return(retval); - cleanup(free); + cleanup(free); } krb5_error_code decode_krb5_sam_response_2(const krb5_data *code, krb5_sam_response_2 **rep) { - setup_buf_only(); - alloc_field(*rep,krb5_sam_response_2); + setup_buf_only(); + alloc_field(*rep,krb5_sam_response_2); - retval = asn1_decode_sam_response_2(&buf,*rep); - if(retval) clean_return(retval); + retval = asn1_decode_sam_response_2(&buf,*rep); + if (retval) clean_return(retval); - cleanup(free); + cleanup(free); } krb5_error_code decode_krb5_predicted_sam_response(const krb5_data *code, krb5_predicted_sam_response **rep) { - setup_buf_only(); /* preallocated */ - alloc_field(*rep,krb5_predicted_sam_response); + setup_buf_only(); /* preallocated */ + alloc_field(*rep,krb5_predicted_sam_response); - retval = asn1_decode_predicted_sam_response(&buf,*rep); - if(retval) clean_return(retval); + retval = asn1_decode_predicted_sam_response(&buf,*rep); + if (retval) clean_return(retval); - cleanup(free); + cleanup(free); } #ifndef DISABLE_PKINIT krb5_error_code decode_krb5_pa_pk_as_req(const krb5_data *code, krb5_pa_pk_as_req **rep) { - setup_buf_only(); - alloc_field(*rep, krb5_pa_pk_as_req); + setup_buf_only(); + alloc_field(*rep, krb5_pa_pk_as_req); - retval = asn1_decode_pa_pk_as_req(&buf, *rep); - if (retval) clean_return(retval); + retval = asn1_decode_pa_pk_as_req(&buf, *rep); + if (retval) clean_return(retval); - cleanup(free); + cleanup(free); } krb5_error_code decode_krb5_pa_pk_as_req_draft9(const krb5_data *code, krb5_pa_pk_as_req_draft9 **rep) { - setup_buf_only(); - alloc_field(*rep, krb5_pa_pk_as_req_draft9); + setup_buf_only(); + alloc_field(*rep, krb5_pa_pk_as_req_draft9); - retval = asn1_decode_pa_pk_as_req_draft9(&buf, *rep); - if (retval) clean_return(retval); + retval = asn1_decode_pa_pk_as_req_draft9(&buf, *rep); + if (retval) clean_return(retval); - cleanup(free); + cleanup(free); } krb5_error_code decode_krb5_pa_pk_as_rep(const krb5_data *code, krb5_pa_pk_as_rep **rep) { - setup_buf_only(); - alloc_field(*rep, krb5_pa_pk_as_rep); + setup_buf_only(); + alloc_field(*rep, krb5_pa_pk_as_rep); - retval = asn1_decode_pa_pk_as_rep(&buf, *rep); - if (retval) clean_return(retval); + retval = asn1_decode_pa_pk_as_rep(&buf, *rep); + if (retval) clean_return(retval); - cleanup(free); + cleanup(free); } krb5_error_code decode_krb5_pa_pk_as_rep_draft9(const krb5_data *code, krb5_pa_pk_as_rep_draft9 **rep) { - setup_buf_only(); - alloc_field(*rep, krb5_pa_pk_as_rep_draft9); + setup_buf_only(); + alloc_field(*rep, krb5_pa_pk_as_rep_draft9); - retval = asn1_decode_pa_pk_as_rep_draft9(&buf, *rep); - if (retval) clean_return(retval); + retval = asn1_decode_pa_pk_as_rep_draft9(&buf, *rep); + if (retval) clean_return(retval); - cleanup(free); + cleanup(free); } krb5_error_code decode_krb5_auth_pack(const krb5_data *code, krb5_auth_pack **rep) { - setup_buf_only(); - alloc_field(*rep, krb5_auth_pack); + setup_buf_only(); + alloc_field(*rep, krb5_auth_pack); - retval = asn1_decode_auth_pack(&buf, *rep); - if (retval) clean_return(retval); + retval = asn1_decode_auth_pack(&buf, *rep); + if (retval) clean_return(retval); - cleanup(free); + cleanup(free); } krb5_error_code decode_krb5_auth_pack_draft9(const krb5_data *code, krb5_auth_pack_draft9 **rep) { - setup_buf_only(); - alloc_field(*rep, krb5_auth_pack_draft9); + setup_buf_only(); + alloc_field(*rep, krb5_auth_pack_draft9); - retval = asn1_decode_auth_pack_draft9(&buf, *rep); - if (retval) clean_return(retval); + retval = asn1_decode_auth_pack_draft9(&buf, *rep); + if (retval) clean_return(retval); - cleanup(free); + cleanup(free); } krb5_error_code decode_krb5_kdc_dh_key_info(const krb5_data *code, krb5_kdc_dh_key_info **rep) { - setup_buf_only(); - alloc_field(*rep, krb5_kdc_dh_key_info); + setup_buf_only(); + alloc_field(*rep, krb5_kdc_dh_key_info); - retval = asn1_decode_kdc_dh_key_info(&buf, *rep); - if (retval) clean_return(retval); + retval = asn1_decode_kdc_dh_key_info(&buf, *rep); + if (retval) clean_return(retval); - cleanup(free); + cleanup(free); } krb5_error_code decode_krb5_principal_name(const krb5_data *code, krb5_principal_data **rep) { - setup_buf_only(); - alloc_field(*rep, krb5_principal_data); + setup_buf_only(); + alloc_field(*rep, krb5_principal_data); - retval = asn1_decode_krb5_principal_name(&buf, rep); - if (retval) clean_return(retval); + retval = asn1_decode_krb5_principal_name(&buf, rep); + if (retval) clean_return(retval); - cleanup(free); + cleanup(free); } krb5_error_code decode_krb5_reply_key_pack(const krb5_data *code, krb5_reply_key_pack **rep) { - setup_buf_only(); - alloc_field(*rep, krb5_reply_key_pack); + setup_buf_only(); + alloc_field(*rep, krb5_reply_key_pack); - retval = asn1_decode_reply_key_pack(&buf, *rep); - if (retval) - goto error_out; + retval = asn1_decode_reply_key_pack(&buf, *rep); + if (retval) + goto error_out; - cleanup_manual(); + cleanup_manual(); error_out: - if (rep && *rep) { - free((*rep)->replyKey.contents); - free((*rep)->asChecksum.contents); - free(*rep); - *rep = NULL; - } - return retval; + if (rep && *rep) { + free((*rep)->replyKey.contents); + free((*rep)->asChecksum.contents); + free(*rep); + *rep = NULL; + } + return retval; } krb5_error_code decode_krb5_reply_key_pack_draft9(const krb5_data *code, krb5_reply_key_pack_draft9 **rep) { - setup_buf_only(); - alloc_field(*rep, krb5_reply_key_pack_draft9); + setup_buf_only(); + alloc_field(*rep, krb5_reply_key_pack_draft9); - retval = asn1_decode_reply_key_pack_draft9(&buf, *rep); - if (retval) clean_return(retval); + retval = asn1_decode_reply_key_pack_draft9(&buf, *rep); + if (retval) clean_return(retval); - cleanup(free); + cleanup(free); } krb5_error_code decode_krb5_typed_data(const krb5_data *code, krb5_typed_data ***rep) { - setup_buf_only(); - retval = asn1_decode_sequence_of_typed_data(&buf, rep); - if (retval) clean_return(retval); + setup_buf_only(); + retval = asn1_decode_sequence_of_typed_data(&buf, rep); + if (retval) clean_return(retval); - cleanup(free); + cleanup(free); } krb5_error_code decode_krb5_td_trusted_certifiers(const krb5_data *code, krb5_external_principal_identifier ***rep) { - setup_buf_only(); - retval = asn1_decode_sequence_of_external_principal_identifier(&buf, rep); - if (retval) clean_return(retval); + setup_buf_only(); + retval = asn1_decode_sequence_of_external_principal_identifier(&buf, rep); + if (retval) clean_return(retval); - cleanup(free); + cleanup(free); } krb5_error_code decode_krb5_td_dh_parameters(const krb5_data *code, krb5_algorithm_identifier ***rep) { - setup_buf_only(); - retval = asn1_decode_sequence_of_algorithm_identifier(&buf, rep); - if (retval) clean_return(retval); + setup_buf_only(); + retval = asn1_decode_sequence_of_algorithm_identifier(&buf, rep); + if (retval) clean_return(retval); - cleanup(free); + cleanup(free); } #endif /* DISABLE_PKINIT */ diff --git a/src/lib/krb5/asn.1/krb5_encode.c b/src/lib/krb5/asn.1/krb5_encode.c index 68b95b9e5..d61201787 100644 --- a/src/lib/krb5/asn.1/krb5_encode.c +++ b/src/lib/krb5/asn.1/krb5_encode.c @@ -47,7 +47,7 @@ ... /* for OPTIONAL fields */ - if(rep->field_i == should_not_be_omitted) + if (rep->field_i == should_not_be_omitted) krb5_addfield(rep->field_i, i, asn1_type); /* for string fields (these encoders take an additional argument, @@ -56,12 +56,12 @@ /* if you really have to do things yourself... */ retval = asn1_encode_asn1_type(buf,rep->field,&length); - if(retval) return retval; + if (retval) return retval; sum += length; retval = asn1_make_etag(buf, [UNIVERSAL/APPLICATION/CONTEXT_SPECIFIC/PRIVATE], tag_number, length, &length); - if(retval) return retval; + if (retval) return retval; sum += length; ... @@ -84,20 +84,20 @@ asn1buf *buf=NULL;\ unsigned int length, sum=0;\ \ - if(rep == NULL) return ASN1_MISSING_FIELD;\ + if (rep == NULL) return ASN1_MISSING_FIELD;\ \ retval = asn1buf_create(&buf);\ - if(retval) return retval + if (retval) return retval /* krb5_addfield -- add a field, or component, to the encoding */ #define krb5_addfield(value,tag,encoder)\ { retval = encoder(buf,value,&length);\ - if(retval){\ + if (retval) {\ asn1buf_destroy(&buf);\ return retval; }\ sum += length;\ retval = asn1_make_etag(buf,CONTEXT_SPECIFIC,tag,length,&length);\ - if(retval){\ + if (retval) {\ asn1buf_destroy(&buf);\ return retval; }\ sum += length; } @@ -105,12 +105,12 @@ /* krb5_addlenfield -- add a field whose length must be separately specified */ #define krb5_addlenfield(len,value,tag,encoder)\ { retval = encoder(buf,len,value,&length);\ - if(retval){\ + if (retval) {\ asn1buf_destroy(&buf);\ return retval; }\ sum += length;\ retval = asn1_make_etag(buf,CONTEXT_SPECIFIC,tag,length,&length);\ - if(retval){\ + if (retval) {\ asn1buf_destroy(&buf);\ return retval; }\ sum += length; } @@ -118,7 +118,7 @@ /* form a sequence (by adding a sequence header to the current encoding) */ #define krb5_makeseq()\ retval = asn1_make_sequence(buf,sum,&length);\ - if(retval){\ + if (retval) {\ asn1buf_destroy(&buf);\ return retval; }\ sum += length @@ -126,7 +126,7 @@ /* add an APPLICATION class tag to the current encoding */ #define krb5_apptag(num)\ retval = asn1_make_etag(buf,APPLICATION,num,sum,&length);\ - if(retval){\ + if (retval) {\ asn1buf_destroy(&buf);\ return retval; }\ sum += length @@ -134,348 +134,348 @@ /* produce the final output and clean up the workspace */ #define krb5_cleanup()\ retval = asn12krb5_buf(buf,code);\ - if(retval){\ + if (retval) {\ asn1buf_destroy(&buf);\ return retval; }\ retval = asn1buf_destroy(&buf);\ - if(retval){\ + if (retval) {\ return retval; }\ \ return 0 krb5_error_code encode_krb5_authenticator(const krb5_authenticator *rep, krb5_data **code) { - krb5_setup(); + krb5_setup(); - /* authorization-data[8] AuthorizationData OPTIONAL */ - if(rep->authorization_data != NULL && - rep->authorization_data[0] != NULL){ - retval = asn1_encode_authorization_data(buf, (const krb5_authdata **) - rep->authorization_data, - &length); - if(retval){ - asn1buf_destroy(&buf); - return retval; } - sum += length; - retval = asn1_make_etag(buf,CONTEXT_SPECIFIC,8,length,&length); - if(retval){ - asn1buf_destroy(&buf); - return retval; } - sum += length; - } + /* authorization-data[8] AuthorizationData OPTIONAL */ + if (rep->authorization_data != NULL && + rep->authorization_data[0] != NULL) { + retval = asn1_encode_authorization_data(buf, (const krb5_authdata **) + rep->authorization_data, + &length); + if (retval) { + asn1buf_destroy(&buf); + return retval; } + sum += length; + retval = asn1_make_etag(buf,CONTEXT_SPECIFIC,8,length,&length); + if (retval) { + asn1buf_destroy(&buf); + return retval; } + sum += length; + } - /* seq-number[7] INTEGER OPTIONAL */ - if(rep->seq_number != 0) - krb5_addfield(rep->seq_number,7,asn1_encode_unsigned_integer); + /* seq-number[7] INTEGER OPTIONAL */ + if (rep->seq_number != 0) + krb5_addfield(rep->seq_number,7,asn1_encode_unsigned_integer); - /* subkey[6] EncryptionKey OPTIONAL */ - if(rep->subkey != NULL) - krb5_addfield(rep->subkey,6,asn1_encode_encryption_key); + /* subkey[6] EncryptionKey OPTIONAL */ + if (rep->subkey != NULL) + krb5_addfield(rep->subkey,6,asn1_encode_encryption_key); - /* ctime[5] KerberosTime */ - krb5_addfield(rep->ctime,5,asn1_encode_kerberos_time); + /* ctime[5] KerberosTime */ + krb5_addfield(rep->ctime,5,asn1_encode_kerberos_time); - /* cusec[4] INTEGER */ - krb5_addfield(rep->cusec,4,asn1_encode_integer); + /* cusec[4] INTEGER */ + krb5_addfield(rep->cusec,4,asn1_encode_integer); - /* cksum[3] Checksum OPTIONAL */ - if(rep->checksum != NULL) - krb5_addfield(rep->checksum,3,asn1_encode_checksum); + /* cksum[3] Checksum OPTIONAL */ + if (rep->checksum != NULL) + krb5_addfield(rep->checksum,3,asn1_encode_checksum); - /* cname[2] PrincipalName */ - krb5_addfield(rep->client,2,asn1_encode_principal_name); + /* cname[2] PrincipalName */ + krb5_addfield(rep->client,2,asn1_encode_principal_name); - /* crealm[1] Realm */ - krb5_addfield(rep->client,1,asn1_encode_realm); + /* crealm[1] Realm */ + krb5_addfield(rep->client,1,asn1_encode_realm); - /* authenticator-vno[0] INTEGER */ - krb5_addfield(KVNO,0,asn1_encode_integer); + /* authenticator-vno[0] INTEGER */ + krb5_addfield(KVNO,0,asn1_encode_integer); - /* Authenticator ::= [APPLICATION 2] SEQUENCE */ - krb5_makeseq(); - krb5_apptag(2); + /* Authenticator ::= [APPLICATION 2] SEQUENCE */ + krb5_makeseq(); + krb5_apptag(2); - krb5_cleanup(); + krb5_cleanup(); } krb5_error_code encode_krb5_ticket(const krb5_ticket *rep, krb5_data **code) { - krb5_setup(); + krb5_setup(); - /* enc-part[3] EncryptedData */ - krb5_addfield(&(rep->enc_part),3,asn1_encode_encrypted_data); + /* enc-part[3] EncryptedData */ + krb5_addfield(&(rep->enc_part),3,asn1_encode_encrypted_data); - /* sname [2] PrincipalName */ - krb5_addfield(rep->server,2,asn1_encode_principal_name); + /* sname [2] PrincipalName */ + krb5_addfield(rep->server,2,asn1_encode_principal_name); - /* realm [1] Realm */ - krb5_addfield(rep->server,1,asn1_encode_realm); + /* realm [1] Realm */ + krb5_addfield(rep->server,1,asn1_encode_realm); - /* tkt-vno [0] INTEGER */ - krb5_addfield(KVNO,0,asn1_encode_integer); + /* tkt-vno [0] INTEGER */ + krb5_addfield(KVNO,0,asn1_encode_integer); - /* Ticket ::= [APPLICATION 1] SEQUENCE */ - krb5_makeseq(); - krb5_apptag(1); + /* Ticket ::= [APPLICATION 1] SEQUENCE */ + krb5_makeseq(); + krb5_apptag(1); - krb5_cleanup(); + krb5_cleanup(); } krb5_error_code encode_krb5_encryption_key(const krb5_keyblock *rep, krb5_data **code) { - krb5_setup(); + krb5_setup(); - /* keyvalue[1] OCTET STRING */ - krb5_addlenfield(rep->length,rep->contents,1,asn1_encode_octetstring); + /* keyvalue[1] OCTET STRING */ + krb5_addlenfield(rep->length,rep->contents,1,asn1_encode_octetstring); - /* enctype[0] INTEGER */ - krb5_addfield(rep->enctype,0,asn1_encode_integer); + /* enctype[0] INTEGER */ + krb5_addfield(rep->enctype,0,asn1_encode_integer); - /* EncryptionKey ::= SEQUENCE */ - krb5_makeseq(); + /* EncryptionKey ::= SEQUENCE */ + krb5_makeseq(); - krb5_cleanup(); + krb5_cleanup(); } krb5_error_code encode_krb5_enc_tkt_part(const krb5_enc_tkt_part *rep, krb5_data **code) { - krb5_setup(); + krb5_setup(); - /* authorization-data[10] AuthorizationData OPTIONAL */ - if(rep->authorization_data != NULL && - rep->authorization_data[0] != NULL) - krb5_addfield((const krb5_authdata**)rep->authorization_data, - 10,asn1_encode_authorization_data); + /* authorization-data[10] AuthorizationData OPTIONAL */ + if (rep->authorization_data != NULL && + rep->authorization_data[0] != NULL) + krb5_addfield((const krb5_authdata**)rep->authorization_data, + 10,asn1_encode_authorization_data); - /* caddr[9] HostAddresses OPTIONAL */ - if(rep->caddrs != NULL && rep->caddrs[0] != NULL) - krb5_addfield((const krb5_address**)rep->caddrs,9,asn1_encode_host_addresses); + /* caddr[9] HostAddresses OPTIONAL */ + if (rep->caddrs != NULL && rep->caddrs[0] != NULL) + krb5_addfield((const krb5_address**)rep->caddrs,9,asn1_encode_host_addresses); - /* renew-till[8] KerberosTime OPTIONAL */ - if(rep->times.renew_till) - krb5_addfield(rep->times.renew_till,8,asn1_encode_kerberos_time); + /* renew-till[8] KerberosTime OPTIONAL */ + if (rep->times.renew_till) + krb5_addfield(rep->times.renew_till,8,asn1_encode_kerberos_time); - /* endtime[7] KerberosTime */ - krb5_addfield(rep->times.endtime,7,asn1_encode_kerberos_time); + /* endtime[7] KerberosTime */ + krb5_addfield(rep->times.endtime,7,asn1_encode_kerberos_time); - /* starttime[6] KerberosTime OPTIONAL */ - if(rep->times.starttime) - krb5_addfield(rep->times.starttime,6,asn1_encode_kerberos_time); + /* starttime[6] KerberosTime OPTIONAL */ + if (rep->times.starttime) + krb5_addfield(rep->times.starttime,6,asn1_encode_kerberos_time); - /* authtime[5] KerberosTime */ - krb5_addfield(rep->times.authtime,5,asn1_encode_kerberos_time); + /* authtime[5] KerberosTime */ + krb5_addfield(rep->times.authtime,5,asn1_encode_kerberos_time); - /* transited[4] TransitedEncoding */ - krb5_addfield(&(rep->transited),4,asn1_encode_transited_encoding); + /* transited[4] TransitedEncoding */ + krb5_addfield(&(rep->transited),4,asn1_encode_transited_encoding); - /* cname[3] PrincipalName */ - krb5_addfield(rep->client,3,asn1_encode_principal_name); + /* cname[3] PrincipalName */ + krb5_addfield(rep->client,3,asn1_encode_principal_name); - /* crealm[2] Realm */ - krb5_addfield(rep->client,2,asn1_encode_realm); + /* crealm[2] Realm */ + krb5_addfield(rep->client,2,asn1_encode_realm); - /* key[1] EncryptionKey */ - krb5_addfield(rep->session,1,asn1_encode_encryption_key); + /* key[1] EncryptionKey */ + krb5_addfield(rep->session,1,asn1_encode_encryption_key); - /* flags[0] TicketFlags */ - krb5_addfield(rep->flags,0,asn1_encode_ticket_flags); + /* flags[0] TicketFlags */ + krb5_addfield(rep->flags,0,asn1_encode_ticket_flags); - /* EncTicketPart ::= [APPLICATION 3] SEQUENCE */ - krb5_makeseq(); - krb5_apptag(3); + /* EncTicketPart ::= [APPLICATION 3] SEQUENCE */ + krb5_makeseq(); + krb5_apptag(3); - krb5_cleanup(); + krb5_cleanup(); } krb5_error_code encode_krb5_enc_kdc_rep_part(const krb5_enc_kdc_rep_part *rep, krb5_data **code) { - asn1_error_code retval; - asn1buf *buf=NULL; - unsigned int length, sum=0; + asn1_error_code retval; + asn1buf *buf=NULL; + unsigned int length, sum=0; - if(rep == NULL) return ASN1_MISSING_FIELD; + if (rep == NULL) return ASN1_MISSING_FIELD; - retval = asn1buf_create(&buf); - if(retval) return retval; + retval = asn1buf_create(&buf); + if (retval) return retval; - retval = asn1_encode_enc_kdc_rep_part(buf,rep,&length); - if(retval) return retval; - sum += length; + retval = asn1_encode_enc_kdc_rep_part(buf,rep,&length); + if (retval) return retval; + sum += length; #ifdef KRB5_ENCKRB5KDCREPPART_COMPAT - krb5_apptag(26); + krb5_apptag(26); #else - /* XXX WRONG!!! Should use 25 || 26, not the outer KDC_REP tags! */ - if (rep->msg_type == KRB5_AS_REP) { krb5_apptag(ASN1_KRB_AS_REP); } - else if (rep->msg_type == KRB5_TGS_REP) { krb5_apptag(ASN1_KRB_TGS_REP); } - else return KRB5_BADMSGTYPE; + /* XXX WRONG!!! Should use 25 || 26, not the outer KDC_REP tags! */ + if (rep->msg_type == KRB5_AS_REP) { krb5_apptag(ASN1_KRB_AS_REP); } + else if (rep->msg_type == KRB5_TGS_REP) { krb5_apptag(ASN1_KRB_TGS_REP); } + else return KRB5_BADMSGTYPE; #endif - krb5_cleanup(); + krb5_cleanup(); } /* yes, the translation is identical to that used for KDC__REP */ krb5_error_code encode_krb5_as_rep(const krb5_kdc_rep *rep, krb5_data **code) { - krb5_setup(); + krb5_setup(); - /* AS-REP ::= [APPLICATION 11] KDC-REP */ - retval = asn1_encode_kdc_rep(KRB5_AS_REP,buf,rep,&length); - if(retval) return retval; - sum += length; + /* AS-REP ::= [APPLICATION 11] KDC-REP */ + retval = asn1_encode_kdc_rep(KRB5_AS_REP,buf,rep,&length); + if (retval) return retval; + sum += length; - krb5_apptag(11); + krb5_apptag(11); - krb5_cleanup(); + krb5_cleanup(); } /* yes, the translation is identical to that used for KDC__REP */ krb5_error_code encode_krb5_tgs_rep(const krb5_kdc_rep *rep, krb5_data **code) { - krb5_setup(); + krb5_setup(); - /* TGS-REP ::= [APPLICATION 13] KDC-REP */ - retval = asn1_encode_kdc_rep(KRB5_TGS_REP,buf,rep,&length); - if(retval) return retval; - sum += length; + /* TGS-REP ::= [APPLICATION 13] KDC-REP */ + retval = asn1_encode_kdc_rep(KRB5_TGS_REP,buf,rep,&length); + if (retval) return retval; + sum += length; - krb5_apptag(13); + krb5_apptag(13); - krb5_cleanup(); + krb5_cleanup(); } krb5_error_code encode_krb5_ap_req(const krb5_ap_req *rep, krb5_data **code) { - krb5_setup(); + krb5_setup(); - /* authenticator[4] EncryptedData */ - krb5_addfield(&(rep->authenticator),4,asn1_encode_encrypted_data); + /* authenticator[4] EncryptedData */ + krb5_addfield(&(rep->authenticator),4,asn1_encode_encrypted_data); - /* ticket[3] Ticket */ - krb5_addfield(rep->ticket,3,asn1_encode_ticket); + /* ticket[3] Ticket */ + krb5_addfield(rep->ticket,3,asn1_encode_ticket); - /* ap-options[2] APOptions */ - krb5_addfield(rep->ap_options,2,asn1_encode_ap_options); + /* ap-options[2] APOptions */ + krb5_addfield(rep->ap_options,2,asn1_encode_ap_options); - /* msg-type[1] INTEGER */ - krb5_addfield(ASN1_KRB_AP_REQ,1,asn1_encode_integer); + /* msg-type[1] INTEGER */ + krb5_addfield(ASN1_KRB_AP_REQ,1,asn1_encode_integer); - /* pvno[0] INTEGER */ - krb5_addfield(KVNO,0,asn1_encode_integer); + /* pvno[0] INTEGER */ + krb5_addfield(KVNO,0,asn1_encode_integer); - /* AP-REQ ::= [APPLICATION 14] SEQUENCE */ - krb5_makeseq(); - krb5_apptag(14); + /* AP-REQ ::= [APPLICATION 14] SEQUENCE */ + krb5_makeseq(); + krb5_apptag(14); - krb5_cleanup(); + krb5_cleanup(); } krb5_error_code encode_krb5_ap_rep(const krb5_ap_rep *rep, krb5_data **code) { - krb5_setup(); + krb5_setup(); - /* enc-part[2] EncryptedData */ - krb5_addfield(&(rep->enc_part),2,asn1_encode_encrypted_data); + /* enc-part[2] EncryptedData */ + krb5_addfield(&(rep->enc_part),2,asn1_encode_encrypted_data); - /* msg-type[1] INTEGER */ - krb5_addfield(ASN1_KRB_AP_REP,1,asn1_encode_integer); + /* msg-type[1] INTEGER */ + krb5_addfield(ASN1_KRB_AP_REP,1,asn1_encode_integer); - /* pvno[0] INTEGER */ - krb5_addfield(KVNO,0,asn1_encode_integer); + /* pvno[0] INTEGER */ + krb5_addfield(KVNO,0,asn1_encode_integer); - /* AP-REP ::= [APPLICATION 15] SEQUENCE */ - krb5_makeseq(); - krb5_apptag(15); + /* AP-REP ::= [APPLICATION 15] SEQUENCE */ + krb5_makeseq(); + krb5_apptag(15); - krb5_cleanup(); + krb5_cleanup(); } krb5_error_code encode_krb5_ap_rep_enc_part(const krb5_ap_rep_enc_part *rep, krb5_data **code) { - krb5_setup(); + krb5_setup(); - /* seq-number[3] INTEGER OPTIONAL */ - if(rep->seq_number) - krb5_addfield(rep->seq_number,3,asn1_encode_unsigned_integer); + /* seq-number[3] INTEGER OPTIONAL */ + if (rep->seq_number) + krb5_addfield(rep->seq_number,3,asn1_encode_unsigned_integer); - /* subkey[2] EncryptionKey OPTIONAL */ - if(rep->subkey != NULL) - krb5_addfield(rep->subkey,2,asn1_encode_encryption_key); + /* subkey[2] EncryptionKey OPTIONAL */ + if (rep->subkey != NULL) + krb5_addfield(rep->subkey,2,asn1_encode_encryption_key); - /* cusec[1] INTEGER */ - krb5_addfield(rep->cusec,1,asn1_encode_integer); + /* cusec[1] INTEGER */ + krb5_addfield(rep->cusec,1,asn1_encode_integer); - /* ctime[0] KerberosTime */ - krb5_addfield(rep->ctime,0,asn1_encode_kerberos_time); + /* ctime[0] KerberosTime */ + krb5_addfield(rep->ctime,0,asn1_encode_kerberos_time); - /* EncAPRepPart ::= [APPLICATION 27] SEQUENCE */ - krb5_makeseq(); - krb5_apptag(27); + /* EncAPRepPart ::= [APPLICATION 27] SEQUENCE */ + krb5_makeseq(); + krb5_apptag(27); - krb5_cleanup(); + krb5_cleanup(); } krb5_error_code encode_krb5_as_req(const krb5_kdc_req *rep, krb5_data **code) { - krb5_setup(); + krb5_setup(); - /* AS-REQ ::= [APPLICATION 10] KDC-REQ */ - retval = asn1_encode_kdc_req(KRB5_AS_REQ,buf,rep,&length); - if(retval) return retval; - sum += length; + /* AS-REQ ::= [APPLICATION 10] KDC-REQ */ + retval = asn1_encode_kdc_req(KRB5_AS_REQ,buf,rep,&length); + if (retval) return retval; + sum += length; - krb5_apptag(10); + krb5_apptag(10); - krb5_cleanup(); + krb5_cleanup(); } krb5_error_code encode_krb5_tgs_req(const krb5_kdc_req *rep, krb5_data **code) { - krb5_setup(); + krb5_setup(); - /* TGS-REQ ::= [APPLICATION 12] KDC-REQ */ - retval = asn1_encode_kdc_req(KRB5_TGS_REQ,buf,rep,&length); - if(retval) return retval; - sum += length; + /* TGS-REQ ::= [APPLICATION 12] KDC-REQ */ + retval = asn1_encode_kdc_req(KRB5_TGS_REQ,buf,rep,&length); + if (retval) return retval; + sum += length; - krb5_apptag(12); + krb5_apptag(12); - krb5_cleanup(); + krb5_cleanup(); } krb5_error_code encode_krb5_kdc_req_body(const krb5_kdc_req *rep, krb5_data **code) { - krb5_setup(); + krb5_setup(); - retval = asn1_encode_kdc_req_body(buf,rep,&length); - if(retval) return retval; - sum += length; + retval = asn1_encode_kdc_req_body(buf,rep,&length); + if (retval) return retval; + sum += length; - krb5_cleanup(); + krb5_cleanup(); } krb5_error_code encode_krb5_safe(const krb5_safe *rep, krb5_data **code) { - krb5_setup(); + krb5_setup(); - /* cksum[3] Checksum */ - krb5_addfield(rep->checksum,3,asn1_encode_checksum); + /* cksum[3] Checksum */ + krb5_addfield(rep->checksum,3,asn1_encode_checksum); - /* safe-body[2] KRB-SAFE-BODY */ - krb5_addfield(rep,2,asn1_encode_krb_safe_body); + /* safe-body[2] KRB-SAFE-BODY */ + krb5_addfield(rep,2,asn1_encode_krb_safe_body); - /* msg-type[1] INTEGER */ - krb5_addfield(ASN1_KRB_SAFE,1,asn1_encode_integer); + /* msg-type[1] INTEGER */ + krb5_addfield(ASN1_KRB_SAFE,1,asn1_encode_integer); - /* pvno[0] INTEGER */ - krb5_addfield(KVNO,0,asn1_encode_integer); + /* pvno[0] INTEGER */ + krb5_addfield(KVNO,0,asn1_encode_integer); - /* KRB-SAFE ::= [APPLICATION 20] SEQUENCE */ - krb5_makeseq(); - krb5_apptag(20); + /* KRB-SAFE ::= [APPLICATION 20] SEQUENCE */ + krb5_makeseq(); + krb5_apptag(20); - krb5_cleanup(); + krb5_cleanup(); } /* @@ -485,532 +485,532 @@ krb5_error_code encode_krb5_safe(const krb5_safe *rep, krb5_data **code) * encoding to avoid problems with re-encoding. */ krb5_error_code encode_krb5_safe_with_body( - const krb5_safe *rep, - const krb5_data *body, - krb5_data **code) + const krb5_safe *rep, + const krb5_data *body, + krb5_data **code) { - krb5_setup(); + krb5_setup(); - if (body == NULL) { - asn1buf_destroy(&buf); - return ASN1_MISSING_FIELD; - } + if (body == NULL) { + asn1buf_destroy(&buf); + return ASN1_MISSING_FIELD; + } - /* cksum[3] Checksum */ - krb5_addfield(rep->checksum,3,asn1_encode_checksum); + /* cksum[3] Checksum */ + krb5_addfield(rep->checksum,3,asn1_encode_checksum); - /* safe-body[2] KRB-SAFE-BODY */ - krb5_addfield(body,2,asn1_encode_krb_saved_safe_body); + /* safe-body[2] KRB-SAFE-BODY */ + krb5_addfield(body,2,asn1_encode_krb_saved_safe_body); - /* msg-type[1] INTEGER */ - krb5_addfield(ASN1_KRB_SAFE,1,asn1_encode_integer); + /* msg-type[1] INTEGER */ + krb5_addfield(ASN1_KRB_SAFE,1,asn1_encode_integer); - /* pvno[0] INTEGER */ - krb5_addfield(KVNO,0,asn1_encode_integer); + /* pvno[0] INTEGER */ + krb5_addfield(KVNO,0,asn1_encode_integer); - /* KRB-SAFE ::= [APPLICATION 20] SEQUENCE */ - krb5_makeseq(); - krb5_apptag(20); + /* KRB-SAFE ::= [APPLICATION 20] SEQUENCE */ + krb5_makeseq(); + krb5_apptag(20); - krb5_cleanup(); + krb5_cleanup(); } krb5_error_code encode_krb5_priv(const krb5_priv *rep, krb5_data **code) { - krb5_setup(); + krb5_setup(); - /* enc-part[3] EncryptedData */ - krb5_addfield(&(rep->enc_part),3,asn1_encode_encrypted_data); + /* enc-part[3] EncryptedData */ + krb5_addfield(&(rep->enc_part),3,asn1_encode_encrypted_data); - /* msg-type[1] INTEGER */ - krb5_addfield(ASN1_KRB_PRIV,1,asn1_encode_integer); + /* msg-type[1] INTEGER */ + krb5_addfield(ASN1_KRB_PRIV,1,asn1_encode_integer); - /* pvno[0] INTEGER */ - krb5_addfield(KVNO,0,asn1_encode_integer); + /* pvno[0] INTEGER */ + krb5_addfield(KVNO,0,asn1_encode_integer); - /* KRB-PRIV ::= [APPLICATION 21] SEQUENCE */ - krb5_makeseq(); - krb5_apptag(21); + /* KRB-PRIV ::= [APPLICATION 21] SEQUENCE */ + krb5_makeseq(); + krb5_apptag(21); - krb5_cleanup(); + krb5_cleanup(); } krb5_error_code encode_krb5_enc_priv_part(const krb5_priv_enc_part *rep, krb5_data **code) { - krb5_setup(); + krb5_setup(); - /* r-address[5] HostAddress OPTIONAL -- recip's addr */ - if(rep->r_address) - krb5_addfield(rep->r_address,5,asn1_encode_host_address); + /* r-address[5] HostAddress OPTIONAL -- recip's addr */ + if (rep->r_address) + krb5_addfield(rep->r_address,5,asn1_encode_host_address); - /* s-address[4] HostAddress -- sender's addr */ - krb5_addfield(rep->s_address,4,asn1_encode_host_address); + /* s-address[4] HostAddress -- sender's addr */ + krb5_addfield(rep->s_address,4,asn1_encode_host_address); - /* seq-number[3] INTEGER OPTIONAL */ - if(rep->seq_number) - krb5_addfield(rep->seq_number,3,asn1_encode_unsigned_integer); + /* seq-number[3] INTEGER OPTIONAL */ + if (rep->seq_number) + krb5_addfield(rep->seq_number,3,asn1_encode_unsigned_integer); - /* usec[2] INTEGER OPTIONAL */ - if(rep->timestamp){ - krb5_addfield(rep->usec,2,asn1_encode_integer); - /* timestamp[1] KerberosTime OPTIONAL */ - krb5_addfield(rep->timestamp,1,asn1_encode_kerberos_time); - } + /* usec[2] INTEGER OPTIONAL */ + if (rep->timestamp) { + krb5_addfield(rep->usec,2,asn1_encode_integer); + /* timestamp[1] KerberosTime OPTIONAL */ + krb5_addfield(rep->timestamp,1,asn1_encode_kerberos_time); + } - /* user-data[0] OCTET STRING */ - krb5_addlenfield(rep->user_data.length,rep->user_data.data,0,asn1_encode_charstring); + /* user-data[0] OCTET STRING */ + krb5_addlenfield(rep->user_data.length,rep->user_data.data,0,asn1_encode_charstring); - /* EncKrbPrivPart ::= [APPLICATION 28] SEQUENCE */ - krb5_makeseq(); - krb5_apptag(28); + /* EncKrbPrivPart ::= [APPLICATION 28] SEQUENCE */ + krb5_makeseq(); + krb5_apptag(28); - krb5_cleanup(); + krb5_cleanup(); } krb5_error_code encode_krb5_cred(const krb5_cred *rep, krb5_data **code) { - krb5_setup(); + krb5_setup(); - /* enc-part[3] EncryptedData */ - krb5_addfield(&(rep->enc_part),3,asn1_encode_encrypted_data); + /* enc-part[3] EncryptedData */ + krb5_addfield(&(rep->enc_part),3,asn1_encode_encrypted_data); - /* tickets[2] SEQUENCE OF Ticket */ - krb5_addfield((const krb5_ticket**)rep->tickets,2,asn1_encode_sequence_of_ticket); + /* tickets[2] SEQUENCE OF Ticket */ + krb5_addfield((const krb5_ticket**)rep->tickets,2,asn1_encode_sequence_of_ticket); - /* msg-type[1] INTEGER, -- KRB_CRED */ - krb5_addfield(ASN1_KRB_CRED,1,asn1_encode_integer); + /* msg-type[1] INTEGER, -- KRB_CRED */ + krb5_addfield(ASN1_KRB_CRED,1,asn1_encode_integer); - /* pvno[0] INTEGER */ - krb5_addfield(KVNO,0,asn1_encode_integer); + /* pvno[0] INTEGER */ + krb5_addfield(KVNO,0,asn1_encode_integer); - /* KRB-CRED ::= [APPLICATION 22] SEQUENCE */ - krb5_makeseq(); - krb5_apptag(22); + /* KRB-CRED ::= [APPLICATION 22] SEQUENCE */ + krb5_makeseq(); + krb5_apptag(22); - krb5_cleanup(); + krb5_cleanup(); } krb5_error_code encode_krb5_enc_cred_part(const krb5_cred_enc_part *rep, krb5_data **code) { - krb5_setup(); + krb5_setup(); - /* r-address[5] HostAddress OPTIONAL */ - if(rep->r_address != NULL) - krb5_addfield(rep->r_address,5,asn1_encode_host_address); + /* r-address[5] HostAddress OPTIONAL */ + if (rep->r_address != NULL) + krb5_addfield(rep->r_address,5,asn1_encode_host_address); - /* s-address[4] HostAddress OPTIONAL */ - if(rep->s_address != NULL) - krb5_addfield(rep->s_address,4,asn1_encode_host_address); + /* s-address[4] HostAddress OPTIONAL */ + if (rep->s_address != NULL) + krb5_addfield(rep->s_address,4,asn1_encode_host_address); - /* usec[3] INTEGER OPTIONAL */ - if(rep->timestamp){ - krb5_addfield(rep->usec,3,asn1_encode_integer); - /* timestamp[2] KerberosTime OPTIONAL */ - krb5_addfield(rep->timestamp,2,asn1_encode_kerberos_time); - } + /* usec[3] INTEGER OPTIONAL */ + if (rep->timestamp) { + krb5_addfield(rep->usec,3,asn1_encode_integer); + /* timestamp[2] KerberosTime OPTIONAL */ + krb5_addfield(rep->timestamp,2,asn1_encode_kerberos_time); + } - /* nonce[1] INTEGER OPTIONAL */ - if(rep->nonce) - krb5_addfield(rep->nonce,1,asn1_encode_integer); + /* nonce[1] INTEGER OPTIONAL */ + if (rep->nonce) + krb5_addfield(rep->nonce,1,asn1_encode_integer); - /* ticket-info[0] SEQUENCE OF KrbCredInfo */ - krb5_addfield((const krb5_cred_info**)rep->ticket_info, - 0,asn1_encode_sequence_of_krb_cred_info); + /* ticket-info[0] SEQUENCE OF KrbCredInfo */ + krb5_addfield((const krb5_cred_info**)rep->ticket_info, + 0,asn1_encode_sequence_of_krb_cred_info); - /* EncKrbCredPart ::= [APPLICATION 29] SEQUENCE */ - krb5_makeseq(); - krb5_apptag(29); + /* EncKrbCredPart ::= [APPLICATION 29] SEQUENCE */ + krb5_makeseq(); + krb5_apptag(29); - krb5_cleanup(); + krb5_cleanup(); } krb5_error_code encode_krb5_error(const krb5_error *rep, krb5_data **code) { - krb5_setup(); + krb5_setup(); - /* e-data[12] OCTET STRING OPTIONAL */ - if(rep->e_data.data != NULL && rep->e_data.length > 0) - krb5_addlenfield(rep->e_data.length,rep->e_data.data,12,asn1_encode_charstring); + /* e-data[12] OCTET STRING OPTIONAL */ + if (rep->e_data.data != NULL && rep->e_data.length > 0) + krb5_addlenfield(rep->e_data.length,rep->e_data.data,12,asn1_encode_charstring); - /* e-text[11] GeneralString OPTIONAL */ - if(rep->text.data != NULL && rep->text.length > 0) - krb5_addlenfield(rep->text.length,rep->text.data,11,asn1_encode_generalstring); + /* e-text[11] GeneralString OPTIONAL */ + if (rep->text.data != NULL && rep->text.length > 0) + krb5_addlenfield(rep->text.length,rep->text.data,11,asn1_encode_generalstring); - /* sname[10] PrincipalName -- Correct name */ - krb5_addfield(rep->server,10,asn1_encode_principal_name); + /* sname[10] PrincipalName -- Correct name */ + krb5_addfield(rep->server,10,asn1_encode_principal_name); - /* realm[9] Realm -- Correct realm */ - krb5_addfield(rep->server,9,asn1_encode_realm); + /* realm[9] Realm -- Correct realm */ + krb5_addfield(rep->server,9,asn1_encode_realm); - /* cname[8] PrincipalName OPTIONAL */ - if(rep->client != NULL){ - krb5_addfield(rep->client,8,asn1_encode_principal_name); - /* crealm[7] Realm OPTIONAL */ - krb5_addfield(rep->client,7,asn1_encode_realm); - } + /* cname[8] PrincipalName OPTIONAL */ + if (rep->client != NULL) { + krb5_addfield(rep->client,8,asn1_encode_principal_name); + /* crealm[7] Realm OPTIONAL */ + krb5_addfield(rep->client,7,asn1_encode_realm); + } - /* error-code[6] INTEGER */ - krb5_addfield(rep->error,6,asn1_encode_ui_4); + /* error-code[6] INTEGER */ + krb5_addfield(rep->error,6,asn1_encode_ui_4); - /* susec[5] INTEGER */ - krb5_addfield(rep->susec,5,asn1_encode_integer); + /* susec[5] INTEGER */ + krb5_addfield(rep->susec,5,asn1_encode_integer); - /* stime[4] KerberosTime */ - krb5_addfield(rep->stime,4,asn1_encode_kerberos_time); + /* stime[4] KerberosTime */ + krb5_addfield(rep->stime,4,asn1_encode_kerberos_time); - /* cusec[3] INTEGER OPTIONAL */ - if(rep->cusec) - krb5_addfield(rep->cusec,3,asn1_encode_integer); + /* cusec[3] INTEGER OPTIONAL */ + if (rep->cusec) + krb5_addfield(rep->cusec,3,asn1_encode_integer); - /* ctime[2] KerberosTime OPTIONAL */ - if(rep->ctime) - krb5_addfield(rep->ctime,2,asn1_encode_kerberos_time); + /* ctime[2] KerberosTime OPTIONAL */ + if (rep->ctime) + krb5_addfield(rep->ctime,2,asn1_encode_kerberos_time); - /* msg-type[1] INTEGER */ - krb5_addfield(ASN1_KRB_ERROR,1,asn1_encode_integer); + /* msg-type[1] INTEGER */ + krb5_addfield(ASN1_KRB_ERROR,1,asn1_encode_integer); - /* pvno[0] INTEGER */ - krb5_addfield(KVNO,0,asn1_encode_integer); + /* pvno[0] INTEGER */ + krb5_addfield(KVNO,0,asn1_encode_integer); - /* KRB-ERROR ::= [APPLICATION 30] SEQUENCE */ - krb5_makeseq(); - krb5_apptag(30); + /* KRB-ERROR ::= [APPLICATION 30] SEQUENCE */ + krb5_makeseq(); + krb5_apptag(30); - krb5_cleanup(); + krb5_cleanup(); } krb5_error_code encode_krb5_authdata(const krb5_authdata **rep, krb5_data **code) { - asn1_error_code retval; - asn1buf *buf=NULL; - unsigned int length; + asn1_error_code retval; + asn1buf *buf=NULL; + unsigned int length; - if(rep == NULL) return ASN1_MISSING_FIELD; + if (rep == NULL) return ASN1_MISSING_FIELD; - retval = asn1buf_create(&buf); - if(retval) return retval; + retval = asn1buf_create(&buf); + if (retval) return retval; - retval = asn1_encode_authorization_data(buf,(const krb5_authdata**)rep, - &length); - if(retval) return retval; + retval = asn1_encode_authorization_data(buf,(const krb5_authdata**)rep, + &length); + if (retval) return retval; - krb5_cleanup(); + krb5_cleanup(); } krb5_error_code encode_krb5_authdata_elt(const krb5_authdata *rep, krb5_data **code) { - asn1_error_code retval; - asn1buf *buf=NULL; - unsigned int length; + asn1_error_code retval; + asn1buf *buf=NULL; + unsigned int length; - if(rep == NULL) return ASN1_MISSING_FIELD; + if (rep == NULL) return ASN1_MISSING_FIELD; - retval = asn1buf_create(&buf); - if(retval) return retval; + retval = asn1buf_create(&buf); + if (retval) return retval; - retval = asn1_encode_krb5_authdata_elt(buf,rep, &length); - if(retval) return retval; + retval = asn1_encode_krb5_authdata_elt(buf,rep, &length); + if (retval) return retval; - krb5_cleanup(); + krb5_cleanup(); } krb5_error_code encode_krb5_alt_method(const krb5_alt_method *rep, krb5_data **code) { - krb5_setup(); + krb5_setup(); - /* method-data[1] OctetString OPTIONAL */ - if(rep->data != NULL && rep->length > 0) - krb5_addlenfield(rep->length,rep->data,1,asn1_encode_octetstring); + /* method-data[1] OctetString OPTIONAL */ + if (rep->data != NULL && rep->length > 0) + krb5_addlenfield(rep->length,rep->data,1,asn1_encode_octetstring); - /* method-type[0] Integer */ - krb5_addfield(rep->method,0,asn1_encode_integer); + /* method-type[0] Integer */ + krb5_addfield(rep->method,0,asn1_encode_integer); - krb5_makeseq(); + krb5_makeseq(); - krb5_cleanup(); + krb5_cleanup(); } krb5_error_code encode_krb5_etype_info(const krb5_etype_info_entry **rep, krb5_data **code) { - krb5_setup(); - retval = asn1_encode_etype_info(buf,rep,&length, 0); - if(retval) return retval; - sum += length; - krb5_cleanup(); + krb5_setup(); + retval = asn1_encode_etype_info(buf,rep,&length, 0); + if (retval) return retval; + sum += length; + krb5_cleanup(); } krb5_error_code encode_krb5_etype_info2(const krb5_etype_info_entry **rep, krb5_data **code) { - krb5_setup(); - retval = asn1_encode_etype_info(buf,rep,&length, 1); - if(retval) return retval; - sum += length; - krb5_cleanup(); + krb5_setup(); + retval = asn1_encode_etype_info(buf,rep,&length, 1); + if (retval) return retval; + sum += length; + krb5_cleanup(); } krb5_error_code encode_krb5_enc_data(const krb5_enc_data *rep, krb5_data **code) { - krb5_setup(); + krb5_setup(); - retval = asn1_encode_encrypted_data(buf,rep,&length); - if(retval) return retval; - sum += length; + retval = asn1_encode_encrypted_data(buf,rep,&length); + if (retval) return retval; + sum += length; - krb5_cleanup(); + krb5_cleanup(); } krb5_error_code encode_krb5_pa_enc_ts(const krb5_pa_enc_ts *rep, krb5_data **code) { - krb5_setup(); + krb5_setup(); - /* pausec[1] INTEGER OPTIONAL */ - if (rep->pausec) - krb5_addfield(rep->pausec,1,asn1_encode_integer); + /* pausec[1] INTEGER OPTIONAL */ + if (rep->pausec) + krb5_addfield(rep->pausec,1,asn1_encode_integer); - /* patimestamp[0] KerberosTime, -- client's time */ - krb5_addfield(rep->patimestamp,0,asn1_encode_kerberos_time); + /* patimestamp[0] KerberosTime, -- client's time */ + krb5_addfield(rep->patimestamp,0,asn1_encode_kerberos_time); - krb5_makeseq(); + krb5_makeseq(); - krb5_cleanup(); + krb5_cleanup(); } /* Sandia Additions */ krb5_error_code encode_krb5_pwd_sequence(const passwd_phrase_element *rep, krb5_data **code) { - krb5_setup(); - retval = asn1_encode_passwdsequence(buf,rep,&length); - if(retval) return retval; - sum += length; - krb5_cleanup(); + krb5_setup(); + retval = asn1_encode_passwdsequence(buf,rep,&length); + if (retval) return retval; + sum += length; + krb5_cleanup(); } krb5_error_code encode_krb5_pwd_data(const krb5_pwd_data *rep, krb5_data **code) { - krb5_setup(); - krb5_addfield((const passwd_phrase_element**)rep->element,1,asn1_encode_sequence_of_passwdsequence); - krb5_addfield(rep->sequence_count,0,asn1_encode_integer); - krb5_makeseq(); - krb5_cleanup(); + krb5_setup(); + krb5_addfield((const passwd_phrase_element**)rep->element,1,asn1_encode_sequence_of_passwdsequence); + krb5_addfield(rep->sequence_count,0,asn1_encode_integer); + krb5_makeseq(); + krb5_cleanup(); } krb5_error_code encode_krb5_padata_sequence(const krb5_pa_data **rep, krb5_data **code) { - krb5_setup(); + krb5_setup(); - retval = asn1_encode_sequence_of_pa_data(buf,rep,&length); - if(retval) return retval; - sum += length; + retval = asn1_encode_sequence_of_pa_data(buf,rep,&length); + if (retval) return retval; + sum += length; - krb5_cleanup(); + krb5_cleanup(); } /* sam preauth additions */ krb5_error_code encode_krb5_sam_challenge(const krb5_sam_challenge *rep, krb5_data **code) { - krb5_setup(); - retval = asn1_encode_sam_challenge(buf,rep,&length); - if(retval) return retval; - sum += length; - krb5_cleanup(); + krb5_setup(); + retval = asn1_encode_sam_challenge(buf,rep,&length); + if (retval) return retval; + sum += length; + krb5_cleanup(); } krb5_error_code encode_krb5_sam_challenge_2(const krb5_sam_challenge_2 *rep, krb5_data **code) { - krb5_setup(); - retval = asn1_encode_sam_challenge_2(buf,rep,&length); - if(retval) return retval; - sum += length; - krb5_cleanup(); + krb5_setup(); + retval = asn1_encode_sam_challenge_2(buf,rep,&length); + if (retval) return retval; + sum += length; + krb5_cleanup(); } krb5_error_code encode_krb5_sam_challenge_2_body(const krb5_sam_challenge_2_body *rep, krb5_data **code) { - krb5_setup(); - retval = asn1_encode_sam_challenge_2_body(buf,rep,&length); - if(retval) return retval; - sum += length; - krb5_cleanup(); + krb5_setup(); + retval = asn1_encode_sam_challenge_2_body(buf,rep,&length); + if (retval) return retval; + sum += length; + krb5_cleanup(); } krb5_error_code encode_krb5_sam_key(const krb5_sam_key *rep, krb5_data **code) { - krb5_setup(); - retval = asn1_encode_sam_key(buf,rep,&length); - if(retval) return retval; - sum += length; - krb5_cleanup(); + krb5_setup(); + retval = asn1_encode_sam_key(buf,rep,&length); + if (retval) return retval; + sum += length; + krb5_cleanup(); } krb5_error_code encode_krb5_enc_sam_response_enc(const krb5_enc_sam_response_enc *rep, krb5_data **code) { - krb5_setup(); - retval = asn1_encode_enc_sam_response_enc(buf,rep,&length); - if(retval) return retval; - sum += length; - krb5_cleanup(); + krb5_setup(); + retval = asn1_encode_enc_sam_response_enc(buf,rep,&length); + if (retval) return retval; + sum += length; + krb5_cleanup(); } krb5_error_code encode_krb5_enc_sam_response_enc_2(const krb5_enc_sam_response_enc_2 *rep, krb5_data **code) { - krb5_setup(); - retval = asn1_encode_enc_sam_response_enc_2(buf,rep,&length); - if(retval) return retval; - sum += length; - krb5_cleanup(); + krb5_setup(); + retval = asn1_encode_enc_sam_response_enc_2(buf,rep,&length); + if (retval) return retval; + sum += length; + krb5_cleanup(); } krb5_error_code encode_krb5_sam_response(const krb5_sam_response *rep, krb5_data **code) { - krb5_setup(); - retval = asn1_encode_sam_response(buf,rep,&length); - if(retval) return retval; - sum += length; - krb5_cleanup(); + krb5_setup(); + retval = asn1_encode_sam_response(buf,rep,&length); + if (retval) return retval; + sum += length; + krb5_cleanup(); } krb5_error_code encode_krb5_sam_response_2(const krb5_sam_response_2 *rep, krb5_data **code) { - krb5_setup(); - retval = asn1_encode_sam_response_2(buf,rep,&length); - if(retval) return retval; - sum += length; - krb5_cleanup(); + krb5_setup(); + retval = asn1_encode_sam_response_2(buf,rep,&length); + if (retval) return retval; + sum += length; + krb5_cleanup(); } krb5_error_code encode_krb5_predicted_sam_response(const krb5_predicted_sam_response *rep, krb5_data **code) { - krb5_setup(); - retval = asn1_encode_predicted_sam_response(buf,rep,&length); - if(retval) return retval; - sum += length; - krb5_cleanup(); + krb5_setup(); + retval = asn1_encode_predicted_sam_response(buf,rep,&length); + if (retval) return retval; + sum += length; + krb5_cleanup(); } krb5_error_code encode_krb5_setpw_req(const krb5_principal target, char *password, krb5_data **code) { - /* Macros really want us to have a variable called rep which we do not need*/ - const char *rep = "dummy string"; + /* Macros really want us to have a variable called rep which we do not need*/ + const char *rep = "dummy string"; - krb5_setup(); + krb5_setup(); - krb5_addfield(target,2,asn1_encode_realm); - krb5_addfield(target,1,asn1_encode_principal_name); - krb5_addlenfield(strlen(password), password,0,asn1_encode_octetstring); - krb5_makeseq(); + krb5_addfield(target,2,asn1_encode_realm); + krb5_addfield(target,1,asn1_encode_principal_name); + krb5_addlenfield(strlen(password), password,0,asn1_encode_octetstring); + krb5_makeseq(); - krb5_cleanup(); + krb5_cleanup(); } #ifndef DISABLE_PKINIT krb5_error_code encode_krb5_pa_pk_as_req(const krb5_pa_pk_as_req *rep, krb5_data **code) { - krb5_setup(); - retval = asn1_encode_pa_pk_as_req(buf,rep,&length); - if(retval) return retval; - sum += length; - krb5_cleanup(); + krb5_setup(); + retval = asn1_encode_pa_pk_as_req(buf,rep,&length); + if (retval) return retval; + sum += length; + krb5_cleanup(); } krb5_error_code encode_krb5_pa_pk_as_req_draft9(const krb5_pa_pk_as_req_draft9 *rep, krb5_data **code) { - krb5_setup(); - retval = asn1_encode_pa_pk_as_req_draft9(buf,rep,&length); - if(retval) return retval; - sum += length; - krb5_cleanup(); + krb5_setup(); + retval = asn1_encode_pa_pk_as_req_draft9(buf,rep,&length); + if (retval) return retval; + sum += length; + krb5_cleanup(); } krb5_error_code encode_krb5_pa_pk_as_rep(const krb5_pa_pk_as_rep *rep, krb5_data **code) { - krb5_setup(); - retval = asn1_encode_pa_pk_as_rep(buf,rep,&length); - if(retval) return retval; - sum += length; - krb5_cleanup(); + krb5_setup(); + retval = asn1_encode_pa_pk_as_rep(buf,rep,&length); + if (retval) return retval; + sum += length; + krb5_cleanup(); } krb5_error_code encode_krb5_pa_pk_as_rep_draft9(const krb5_pa_pk_as_rep_draft9 *rep, krb5_data **code) { - krb5_setup(); - retval = asn1_encode_pa_pk_as_rep_draft9(buf,rep,&length); - if(retval) return retval; - sum += length; - krb5_cleanup(); + krb5_setup(); + retval = asn1_encode_pa_pk_as_rep_draft9(buf,rep,&length); + if (retval) return retval; + sum += length; + krb5_cleanup(); } krb5_error_code encode_krb5_auth_pack(const krb5_auth_pack *rep, krb5_data **code) { - krb5_setup(); - retval = asn1_encode_auth_pack(buf,rep,&length); - if(retval) return retval; - sum += length; - krb5_cleanup(); + krb5_setup(); + retval = asn1_encode_auth_pack(buf,rep,&length); + if (retval) return retval; + sum += length; + krb5_cleanup(); } krb5_error_code encode_krb5_auth_pack_draft9(const krb5_auth_pack_draft9 *rep, krb5_data **code) { - krb5_setup(); - retval = asn1_encode_auth_pack_draft9(buf,rep,&length); - if(retval) return retval; - sum += length; - krb5_cleanup(); + krb5_setup(); + retval = asn1_encode_auth_pack_draft9(buf,rep,&length); + if (retval) return retval; + sum += length; + krb5_cleanup(); } krb5_error_code encode_krb5_kdc_dh_key_info(const krb5_kdc_dh_key_info *rep, krb5_data **code) { - krb5_setup(); - retval = asn1_encode_kdc_dh_key_info(buf,rep,&length); - if(retval) return retval; - sum += length; - krb5_cleanup(); + krb5_setup(); + retval = asn1_encode_kdc_dh_key_info(buf,rep,&length); + if (retval) return retval; + sum += length; + krb5_cleanup(); } krb5_error_code encode_krb5_reply_key_pack(const krb5_reply_key_pack *rep, krb5_data **code) { - krb5_setup(); - retval = asn1_encode_reply_key_pack(buf,rep,&length); - if(retval) return retval; - sum += length; - krb5_cleanup(); + krb5_setup(); + retval = asn1_encode_reply_key_pack(buf,rep,&length); + if (retval) return retval; + sum += length; + krb5_cleanup(); } krb5_error_code encode_krb5_reply_key_pack_draft9(const krb5_reply_key_pack_draft9 *rep, krb5_data **code) { - krb5_setup(); - retval = asn1_encode_reply_key_pack_draft9(buf,rep,&length); - if(retval) return retval; - sum += length; - krb5_cleanup(); + krb5_setup(); + retval = asn1_encode_reply_key_pack_draft9(buf,rep,&length); + if (retval) return retval; + sum += length; + krb5_cleanup(); } krb5_error_code encode_krb5_td_trusted_certifiers(const krb5_external_principal_identifier **rep, krb5_data **code) { - krb5_setup(); - retval = asn1_encode_td_trusted_certifiers(buf,rep,&length); - if(retval) return retval; - sum += length; - krb5_cleanup(); + krb5_setup(); + retval = asn1_encode_td_trusted_certifiers(buf,rep,&length); + if (retval) return retval; + sum += length; + krb5_cleanup(); } krb5_error_code encode_krb5_typed_data(const krb5_typed_data **rep, krb5_data **code) { - krb5_setup(); - retval = asn1_encode_sequence_of_typed_data(buf,rep,&length); - if(retval) return retval; - sum += length; - krb5_cleanup(); + krb5_setup(); + retval = asn1_encode_sequence_of_typed_data(buf,rep,&length); + if (retval) return retval; + sum += length; + krb5_cleanup(); } krb5_error_code encode_krb5_td_dh_parameters(const krb5_algorithm_identifier **rep, krb5_data **code) { - krb5_setup(); - retval = asn1_encode_sequence_of_algorithm_identifier(buf,rep,&length); - if(retval) return retval; - sum += length; - krb5_cleanup(); + krb5_setup(); + retval = asn1_encode_sequence_of_algorithm_identifier(buf,rep,&length); + if (retval) return retval; + sum += length; + krb5_cleanup(); } #endif /* DISABLE_PKINIT */ diff --git a/src/lib/krb5/asn.1/ldap_key_seq.c b/src/lib/krb5/asn.1/ldap_key_seq.c index 7518b16e5..e18739cb5 100644 --- a/src/lib/krb5/asn.1/ldap_key_seq.c +++ b/src/lib/krb5/asn.1/ldap_key_seq.c @@ -341,7 +341,8 @@ static asn1_error_code asn1_decode_key(asn1buf *buf, krb5_key_data *key) if (asn1buf_remains(&slt, 0) != 0) { /* Salt value is optional */ ret = decode_tagged_octetstring (&slt, 1, &keylen, - &key->key_data_contents[1]); checkerr; + &key->key_data_contents[1]); + checkerr; } else keylen = 0; safe_syncbuf (&subbuf, &slt, salt_buflen); -- 2.26.2