static
int error_kernel_key(key_serial_t keyid, int rpc_error, int gss_error)
{
int seqwin = 0;
char buf[32];
char *p, *end;
logmsg(LL_TRACE, "revoking kernel key %08x\n", keyid);
p = buf;
end = buf + sizeof(buf);
WRITE_BYTES(&p, end, seqwin);
WRITE_BYTES(&p, end, rpc_error);
WRITE_BYTES(&p, end, gss_error);
again:
if (keyctl_update(keyid, buf, p - buf)) {
if (errno != EAGAIN) {
logmsg(LL_ERR, "revoke key %08x: %s\n",
keyid, strerror(errno));
return -1;
}
logmsg(LL_WARN, "key %08x: revoking too soon, try again\n",
keyid);
sleep(2);
goto again;
}
logmsg(LL_INFO, "key %08x: revoked\n", keyid);
return 0;
}
void NetPacket::WriteInitHeaderBytes( const uint16_t& ackID, const Byte& connID ){
//unsigned short ackID = ackID;
WRITE_BYTES(connID);
WRITE_BYTES(ackID);
Byte messageCount = 0;
WRITE_BYTES(messageCount);
curSize += GetHeaderLength();
}
int writeTask(FILE *outputFile, void *task){
int endedTasks, metaSize, taskState;
Task *auxTask = (Task *)task;
pthread_mutex_lock(&dependsOnMeMutex);
writeTaskIdList(outputFile, (void *)auxTask->dependsOnMe);
pthread_mutex_unlock(&dependsOnMeMutex);
writeTaskIdList(outputFile, auxTask->myDeps);
HashIntVoid *children = auxTask->children;
hashIntVoidSerialize(outputFile, children);
int id = getTaskId(auxTask);
WRITE_NUM(outputFile, "id", id);
endedTasks = getTaskEndedTasks(auxTask);
WRITE_NUM(outputFile, "endedTasks", endedTasks);
metaSize = getTaskMetasize(auxTask);
WRITE_NUM(outputFile, "metaSize", metaSize);
WRITE_BYTES(outputFile, getTaskMetadata(auxTask), metaSize);
taskState = getTaskState(auxTask);
WRITE_NUM(outputFile, "taskState", taskState);
writeDataSpace(outputFile, getTaskDataSpace(task));
return 1;
}
void serialize_packet(uint8_t *dst, const stdr_msgs::RawScan *src)
{
for( int i=0; i<velodyne_rawdata::BLOCKS_PER_PACKET; ++i ) {
const stdr_msgs::RawScan & scan = *(src+i);
ROS_ASSERT(scan.stamp == src->stamp);
const uint16_t b = (scan.block_id==stdr_msgs::RawScan::BLOCK_LOWER) ?
velodyne_rawdata::LOWER_BANK : velodyne_rawdata::UPPER_BANK;
WRITE_BYTES(dst, b);
WRITE_BYTES(dst, scan.encoder);
for( int j=0; j<velodyne_rawdata::SCANS_PER_BLOCK; ++j ) {
WRITE_BYTES(dst, scan.range[j]);
WRITE_BYTES(dst, scan.intensity[j]);
}
}
}
static int
write_keyblock(char **p, char *end, struct _krb5_keyblock *arg)
{
gss_buffer_desc tmp;
if (WRITE_BYTES(p, end, arg->enctype)) return -1;
tmp.length = arg->length;
tmp.value = arg->contents;
if (write_buffer(p, end, &tmp)) return -1;
return 0;
}
static int
write_lucid_keyblock(char **p, char *end, gss_krb5_lucid_key_t *key)
{
gss_buffer_desc tmp;
if (WRITE_BYTES(p, end, key->type)) return -1;
tmp.length = key->length;
tmp.value = key->data;
if (write_buffer(p, end, &tmp)) return -1;
return 0;
}
static int
write_manifest(gzFile f, const struct manifest *mf)
{
uint16_t i, j;
WRITE_INT(4, MAGIC);
WRITE_INT(1, MANIFEST_VERSION);
WRITE_INT(1, 16);
WRITE_INT(2, 0);
WRITE_INT(4, mf->n_files);
for (i = 0; i < mf->n_files; i++) {
WRITE_STR(mf->files[i]);
}
WRITE_INT(4, mf->n_file_infos);
for (i = 0; i < mf->n_file_infos; i++) {
WRITE_INT(4, mf->file_infos[i].index);
WRITE_BYTES(mf->hash_size, mf->file_infos[i].hash);
WRITE_INT(4, mf->file_infos[i].size);
WRITE_INT(8, mf->file_infos[i].mtime);
WRITE_INT(8, mf->file_infos[i].ctime);
}
WRITE_INT(4, mf->n_objects);
for (i = 0; i < mf->n_objects; i++) {
WRITE_INT(4, mf->objects[i].n_file_info_indexes);
for (j = 0; j < mf->objects[i].n_file_info_indexes; j++) {
WRITE_INT(4, mf->objects[i].file_info_indexes[j]);
}
WRITE_BYTES(mf->hash_size, mf->objects[i].hash.hash);
WRITE_INT(4, mf->objects[i].hash.size);
}
return 1;
error:
cc_log("Error writing to manifest file");
return 0;
}
static
int update_kernel_key(key_serial_t keyid,
struct lgss_nego_data *lnd,
gss_buffer_desc *ctx_token)
{
char *buf = NULL, *p = NULL, *end = NULL;
unsigned int buf_size = 0;
int rc;
logmsg(LL_TRACE, "updating kernel key %08x\n", keyid);
buf_size = sizeof(lnd->lnd_seq_win) +
sizeof(lnd->lnd_rmt_ctx.length) + lnd->lnd_rmt_ctx.length +
sizeof(ctx_token->length) + ctx_token->length;
buf = malloc(buf_size);
if (buf == NULL) {
logmsg(LL_ERR, "key %08x: can't alloc update buf: size %d\n",
keyid, buf_size);
return 1;
}
p = buf;
end = buf + buf_size;
rc = -1;
if (WRITE_BYTES(&p, end, lnd->lnd_seq_win))
goto out;
if (write_buffer(&p, end, &lnd->lnd_rmt_ctx))
goto out;
if (write_buffer(&p, end, ctx_token))
goto out;
again:
if (keyctl_update(keyid, buf, p - buf)) {
if (errno != EAGAIN) {
logmsg(LL_ERR, "update key %08x: %s\n",
keyid, strerror(errno));
goto out;
}
logmsg(LL_DEBUG, "key %08x: updating too soon, try again\n",
keyid);
sleep(2);
goto again;
}
rc = 0;
logmsg(LL_DEBUG, "key %08x: updated\n", keyid);
out:
free(buf);
return rc;
}
int write_heimdal_keyblock(char **p, char *end, krb5_keyblock *key)
{
gss_buffer_desc tmp;
int code = -1;
if (WRITE_BYTES(p, end, key->keytype)) goto out_err;
tmp.length = key->keyvalue.length;
tmp.value = key->keyvalue.data;
if (write_buffer(p, end, &tmp)) goto out_err;
code = 0;
out_err:
return(code);
}
static void
do_downcall(int k5_fd, uid_t uid, struct authgss_private_data *pd,
gss_buffer_desc *context_token, OM_uint32 lifetime_rec,
gss_buffer_desc *acceptor)
{
char *buf = NULL, *p = NULL, *end = NULL;
unsigned int timeout = context_timeout;
unsigned int buf_size = 0;
printerr(2, "doing downcall: lifetime_rec=%u acceptor=%.*s\n",
lifetime_rec, acceptor->length, acceptor->value);
buf_size = sizeof(uid) + sizeof(timeout) + sizeof(pd->pd_seq_win) +
sizeof(pd->pd_ctx_hndl.length) + pd->pd_ctx_hndl.length +
sizeof(context_token->length) + context_token->length +
sizeof(acceptor->length) + acceptor->length;
p = buf = malloc(buf_size);
if (!buf)
goto out_err;
end = buf + buf_size;
/* context_timeout set by -t option overrides context lifetime */
if (timeout == 0)
timeout = lifetime_rec;
if (WRITE_BYTES(&p, end, uid)) goto out_err;
if (WRITE_BYTES(&p, end, timeout)) goto out_err;
if (WRITE_BYTES(&p, end, pd->pd_seq_win)) goto out_err;
if (write_buffer(&p, end, &pd->pd_ctx_hndl)) goto out_err;
if (write_buffer(&p, end, context_token)) goto out_err;
if (write_buffer(&p, end, acceptor)) goto out_err;
if (write(k5_fd, buf, p - buf) < p - buf) goto out_err;
free(buf);
return;
out_err:
free(buf);
printerr(1, "Failed to write downcall!\n");
return;
}
static int
do_error_downcall(int k5_fd, uid_t uid, int err)
{
char buf[1024];
char *p = buf, *end = buf + 1024;
unsigned int timeout = 0;
int zero = 0;
printerr(2, "doing error downcall\n");
if (WRITE_BYTES(&p, end, uid)) goto out_err;
if (WRITE_BYTES(&p, end, timeout)) goto out_err;
/* use seq_win = 0 to indicate an error: */
if (WRITE_BYTES(&p, end, zero)) goto out_err;
if (WRITE_BYTES(&p, end, err)) goto out_err;
if (write(k5_fd, buf, p - buf) < p - buf) goto out_err;
return 0;
out_err:
printerr(1, "Failed to write error downcall!\n");
return -1;
}
bool NetPacket::AddMessage(NetMessage& msgToAdd) {
//write this to the end of the buffer and update message count
//ConsolePrintString(msgToAdd.ToString());
msgToAdd.owner = this;
unsigned short messageLen = msgToAdd.GetMessageLength() + (unsigned short)msgToAdd.GetHeaderLength();
if (GetBufferLength() + messageLen < maxSize) {
//write length
WRITE_BYTES(messageLen);
//write ID
Byte messageID = msgToAdd.GetMessageID();
WRITE_BYTES(messageID);
//new bit: reliable id
if (msgToAdd.IsReliable()) {
WRITE_BYTES(msgToAdd.reliableID);
}
//new bits: order id
if (msgToAdd.IsInOrder()) {
WRITE_BYTES(msgToAdd.orderID);
}
//write message buffer data to my buffer
WriteBytes((void*)msgToAdd.messageBuffer, msgToAdd.GetMessageLength());
IncrementMessageCount();
return true;
}
return false;
}
/// writeChildTask() writes only the necessary to
int writeChildTask(FILE *outputFile, void *task){
int metaSize = 0;
Task *auxTask = (Task *)task;
pthread_mutex_lock(&dependsOnMeMutex);
writeTaskIdList(outputFile, (void *)auxTask->dependsOnMe);
pthread_mutex_unlock(&dependsOnMeMutex);
writeTaskIdList(outputFile, auxTask->myDeps);
int id = getTaskId(auxTask);
WRITE_NUM(outputFile, "id", id);
metaSize = getTaskMetasize(auxTask);
WRITE_NUM(outputFile, "metaSize", metaSize);
WRITE_BYTES(outputFile, getTaskMetadata(auxTask), metaSize);
return 1;
}
int
serialize_krb5_ctx(gss_ctx_id_t *ctx, gss_buffer_desc *buf, int32_t *endtime)
{
krb5_gss_ctx_id_t kctx = ((gss_union_ctx_id_t)(*ctx))->internal_ctx_id;
char *p, *end;
static int constant_zero = 0;
static int constant_one = 1;
static int constant_two = 2;
uint32_t word_seq_send;
u_int64_t seq_send_64bit;
uint32_t v2_flags = 0;
if (!(buf->value = calloc(1, MAX_CTX_LEN)))
goto out_err;
p = buf->value;
end = buf->value + MAX_CTX_LEN;
switch (kctx->enc->enctype) {
case ENCTYPE_DES_CBC_CRC:
case ENCTYPE_DES_CBC_MD4:
case ENCTYPE_DES_CBC_MD5:
case ENCTYPE_DES_CBC_RAW:
/* Old format of context to the kernel */
if (kctx->initiate) {
if (WRITE_BYTES(&p, end, constant_one)) goto out_err;
}
else {
if (WRITE_BYTES(&p, end, constant_zero)) goto out_err;
}
if (kctx->seed_init) {
if (WRITE_BYTES(&p, end, constant_one)) goto out_err;
}
else {
if (WRITE_BYTES(&p, end, constant_zero)) goto out_err;
}
if (write_bytes(&p, end, &kctx->seed, sizeof(kctx->seed)))
goto out_err;
if (WRITE_BYTES(&p, end, kctx->signalg)) goto out_err;
if (WRITE_BYTES(&p, end, kctx->sealalg)) goto out_err;
if (WRITE_BYTES(&p, end, kctx->endtime)) goto out_err;
if (endtime)
*endtime = kctx->endtime;
word_seq_send = kctx->seq_send;
if (WRITE_BYTES(&p, end, word_seq_send)) goto out_err;
if (write_oid(&p, end, kctx->mech_used)) goto out_err;
printerr(2, "serialize_krb5_ctx: serializing keys with "
"enctype %d and length %d\n",
kctx->enc->enctype, kctx->enc->length);
if (write_keyblock(&p, end, kctx->enc)) goto out_err;
if (write_keyblock(&p, end, kctx->seq)) goto out_err;
break;
case ENCTYPE_DES3_CBC_RAW:
case ENCTYPE_DES3_CBC_SHA1:
case ENCTYPE_ARCFOUR_HMAC:
case ENCTYPE_ARCFOUR_HMAC_EXP:
case ENCTYPE_AES128_CTS_HMAC_SHA1_96:
case ENCTYPE_AES256_CTS_HMAC_SHA1_96:
/* New format of context to the kernel */
/* u32 flags;
* #define KRB5_CTX_FLAG_INITIATOR 0x00000001
* #define KRB5_CTX_FLAG_CFX 0x00000002
* #define KRB5_CTX_FLAG_ACCEPTOR_SUBKEY 0x00000004
* s32 endtime;
* u64 seq_send;
* u32 enctype;
* rawkey data
*/
if (kctx->initiate)
v2_flags |= KRB5_CTX_FLAG_INITIATOR;
if (kctx->proto == 1)
v2_flags |= KRB5_CTX_FLAG_CFX;
if (kctx->have_acceptor_subkey)
v2_flags |= KRB5_CTX_FLAG_ACCEPTOR_SUBKEY;
if (WRITE_BYTES(&p, end, v2_flags)) goto out_err;
if (WRITE_BYTES(&p, end, kctx->endtime)) goto out_err;
seq_send_64bit = kctx->seq_send;
if (WRITE_BYTES(&p, end, seq_send_64bit)) goto out_err;
if (kctx->have_acceptor_subkey) {
if (WRITE_BYTES(&p, end, kctx->acceptor_subkey->enctype))
goto out_err;
printerr(2, "serialize_krb5_ctx: serializing subkey "
"with enctype %d and size %d\n",
kctx->acceptor_subkey->enctype,
kctx->acceptor_subkey->length);
if (write_bytes(&p, end,
kctx->acceptor_subkey->contents,
kctx->acceptor_subkey->length))
goto out_err;
} else {
if (WRITE_BYTES(&p, end, kctx->enc->enctype))
goto out_err;
printerr(2, "serialize_krb5_ctx: serializing key "
"with enctype %d and size %d\n",
kctx->enc->enctype, kctx->enc->length);
if (write_bytes(&p, end, kctx->enc->contents,
kctx->enc->length))
goto out_err;
}
break;
default:
printerr(0, "ERROR: serialize_krb5_ctx: unsupported encryption "
"algorithm %d\n", kctx->enc->enctype);
goto out_err;
}
buf->length = p - (char *)buf->value;
return 0;
out_err:
printerr(0, "ERROR: failed serializing krb5 context for kernel\n");
if (buf->value) {
free(buf->value);
}
buf->value = NULL;
buf->length = 0;
return -1;
}
/*
* Prepare a new-style buffer, as defined in rfc4121 (a.k.a. cfx),
* to send to the kernel for newer encryption types -- or for DES3.
*
* The new format is:
*
* u32 initiate; ( whether we are the initiator or not )
* s32 endtime;
* u32 flags;
* #define KRB5_CTX_FLAG_INITIATOR 0x00000001
* #define KRB5_CTX_FLAG_CFX 0x00000002
* #define KRB5_CTX_FLAG_ACCEPTOR_SUBKEY 0x00000004
* u64 seq_send;
* u32 enctype; ( encrption type of keys )
* u32 size_of_each_key; ( size of each key in bytes )
* u32 number_of_keys; ( N -- should always be 3 for now )
* keydata-1; ( Ke )
* keydata-2; ( Ki )
* keydata-3; ( Kc )
*
*/
static int
prepare_krb5_rfc4121_buffer(gss_krb5_lucid_context_v1_t *lctx,
gss_buffer_desc *buf)
{
static int constant_two = 2;
char *p, *end;
uint32_t v2_flags = 0;
gss_krb5_lucid_key_t enc_key;
gss_krb5_lucid_key_t derived_key;
gss_buffer_desc fakeoid;
uint32_t enctype;
uint32_t keysize;
uint32_t numkeys;
memset(&enc_key, 0, sizeof(enc_key));
memset(&fakeoid, 0, sizeof(fakeoid));
if (!(buf->value = calloc(1, MAX_CTX_LEN)))
goto out_err;
p = buf->value;
end = buf->value + MAX_CTX_LEN;
/* Version 2 */
if (WRITE_BYTES(&p, end, constant_two)) goto out_err;
if (WRITE_BYTES(&p, end, lctx->endtime)) goto out_err;
if (lctx->initiate)
v2_flags |= KRB5_CTX_FLAG_INITIATOR;
if (lctx->protocol != 0)
v2_flags |= KRB5_CTX_FLAG_CFX;
if (lctx->protocol != 0 && lctx->cfx_kd.have_acceptor_subkey == 1)
v2_flags |= KRB5_CTX_FLAG_ACCEPTOR_SUBKEY;
if (WRITE_BYTES(&p, end, v2_flags)) goto out_err;
if (WRITE_BYTES(&p, end, lctx->send_seq)) goto out_err;
/* Protocol 0 here implies DES3 or RC4 */
printerr(3, "protocol %d\n", lctx->protocol);
if (lctx->protocol == 0) {
enctype = lctx->rfc1964_kd.ctx_key.type;
#ifdef HAVE_HEIMDAL
/*
* The kernel gss code expects ENCTYPE_DES3_CBC_RAW (6) for
* 3des keys, but Heimdal key has ENCTYPE_DES3_CBC_SHA1 (16).
* Force the Heimdal enctype to 6.
*/
if (enctype == ENCTYPE_DES3_CBC_SHA1) {
printerr(2, "%s: overriding heimdal keytype (%d => %d)\n",
__FUNCTION__, enctype, 6);
enctype = 6;
}
#endif
keysize = lctx->rfc1964_kd.ctx_key.length;
numkeys = 3; /* XXX is always gonna be three? */
} else {
if (lctx->cfx_kd.have_acceptor_subkey) {
enctype = lctx->cfx_kd.acceptor_subkey.type;
keysize = lctx->cfx_kd.acceptor_subkey.length;
} else {
enctype = lctx->cfx_kd.ctx_key.type;
keysize = lctx->cfx_kd.ctx_key.length;
}
numkeys = 3;
}
printerr(3, "serializing %d keys with enctype %d and size %d\n",
numkeys, enctype, keysize);
if (WRITE_BYTES(&p, end, enctype)) goto out_err;
if (WRITE_BYTES(&p, end, keysize)) goto out_err;
if (WRITE_BYTES(&p, end, numkeys)) goto out_err;
if (lctx->protocol == 0) {
/* derive and send down: Ke, Ki, and Kc */
/* Ke */
if (write_bytes(&p, end, lctx->rfc1964_kd.ctx_key.data,
lctx->rfc1964_kd.ctx_key.length))
goto out_err;
/* Ki */
if (write_bytes(&p, end, lctx->rfc1964_kd.ctx_key.data,
lctx->rfc1964_kd.ctx_key.length))
goto out_err;
/* Kc */
/*
* RC4 is special, it dosen't need key derivation. Actually
* the Ke is based on plain text. Here we just let all three
* key identical, kernel will handle everything. --ericm
*/
if (lctx->rfc1964_kd.ctx_key.type == ENCTYPE_ARCFOUR_HMAC) {
if (write_bytes(&p, end, lctx->rfc1964_kd.ctx_key.data,
lctx->rfc1964_kd.ctx_key.length))
goto out_err;
} else {
if (derive_key_lucid(&lctx->rfc1964_kd.ctx_key,
&derived_key,
KG_USAGE_SIGN, KEY_USAGE_SEED_CHECKSUM))
goto out_err;
if (write_bytes(&p, end, derived_key.data,
derived_key.length))
goto out_err;
free(derived_key.data);
}
} else {
gss_krb5_lucid_key_t *keyptr;
uint32_t sign_usage, seal_usage;
if (lctx->cfx_kd.have_acceptor_subkey)
keyptr = &lctx->cfx_kd.acceptor_subkey;
else
keyptr = &lctx->cfx_kd.ctx_key;
#if 0
if (lctx->initiate == 1) {
sign_usage = KG_USAGE_INITIATOR_SIGN;
seal_usage = KG_USAGE_INITIATOR_SEAL;
} else {
sign_usage = KG_USAGE_ACCEPTOR_SIGN;
seal_usage = KG_USAGE_ACCEPTOR_SEAL;
}
#else
/* FIXME
* These are from rfc4142, but I don't understand: if we supply
* different 'usage' value for client & server, then the peers
* will have different derived keys. How could this work?
*
* Here we simply use old SIGN/SEAL values until we find the
* answer. --ericm
* FIXME
*/
sign_usage = KG_USAGE_SIGN;
seal_usage = KG_USAGE_SEAL;
#endif
/* derive and send down: Ke, Ki, and Kc */
/* Ke */
if (derive_key_lucid(keyptr, &derived_key,
seal_usage, KEY_USAGE_SEED_ENCRYPTION))
goto out_err;
if (write_bytes(&p, end, derived_key.data,
derived_key.length))
goto out_err;
free(derived_key.data);
/* Ki */
if (derive_key_lucid(keyptr, &derived_key,
seal_usage, KEY_USAGE_SEED_INTEGRITY))
goto out_err;
if (write_bytes(&p, end, derived_key.data,
derived_key.length))
goto out_err;
free(derived_key.data);
/* Kc */
if (derive_key_lucid(keyptr, &derived_key,
sign_usage, KEY_USAGE_SEED_CHECKSUM))
goto out_err;
if (write_bytes(&p, end, derived_key.data,
derived_key.length))
goto out_err;
free(derived_key.data);
}
buf->length = p - (char *)buf->value;
return 0;
out_err:
printerr(0, "ERROR: %s: failed serializing krb5 context for kernel\n",
__FUNCTION__);
if (buf->value) {
free(buf->value);
buf->value = NULL;
}
buf->length = 0;
if (enc_key.data) {
free(enc_key.data);
enc_key.data = NULL;
}
return -1;
}
int
serialize_krb5_ctx(gss_ctx_id_t *_ctx, gss_buffer_desc *buf, int32_t *endtime)
{
gss_ctx_id_t ctx = *_ctx;
char *p, *end;
static int constant_one = 1;
static int constant_zero = 0;
unsigned char fakeseed[16];
uint32_t algorithm;
if (!(buf->value = calloc(1, MAX_CTX_LEN)))
goto out_err;
p = buf->value;
end = buf->value + MAX_CTX_LEN;
/* initiate: 1 => initiating 0 => accepting */
if (ctx->more_flags & LOCAL) {
if (WRITE_BYTES(&p, end, constant_one)) goto out_err;
}
else {
if (WRITE_BYTES(&p, end, constant_zero)) goto out_err;
}
/* seed_init: not used by kernel code */
if (WRITE_BYTES(&p, end, constant_zero)) goto out_err;
/* seed: not used by kernel code */
memset(&fakeseed, 0, sizeof(fakeseed));
if (write_bytes(&p, end, &fakeseed, 16)) goto out_err;
/* signalg */
algorithm = 0; /* SGN_ALG_DES_MAC_MD5 XXX */
if (WRITE_BYTES(&p, end, algorithm)) goto out_err;
/* sealalg */
algorithm = 0; /* SEAL_ALG_DES XXX */
if (WRITE_BYTES(&p, end, algorithm)) goto out_err;
/* endtime */
if (WRITE_BYTES(&p, end, ctx->lifetime)) goto out_err;
if (endtime)
*endtime = ctx->lifetime;
/* seq_send */
if (WRITE_BYTES(&p, end, ctx->auth_context->local_seqnumber))
goto out_err;
/* mech_used */
if (write_buffer(&p, end, (gss_buffer_desc*)&krb5oid)) goto out_err;
/* enc: derive the encryption key and copy it into buffer */
if (write_heimdal_enc_key(&p, end, ctx)) goto out_err;
/* seq: get the sequence number key and copy it into buffer */
if (write_heimdal_seq_key(&p, end, ctx)) goto out_err;
buf->length = p - (char *)buf->value;
printerr(2, "serialize_krb5_ctx: returning buffer "
"with %d bytes\n", buf->length);
return 0;
out_err:
printerr(0, "ERROR: failed exporting Heimdal krb5 ctx to kernel\n");
if (buf->value) free(buf->value);
buf->length = 0;
return -1;
}
static int
prepare_krb5_rfc1964_buffer(gss_krb5_lucid_context_v1_t *lctx,
gss_buffer_desc *buf)
{
char *p, *end;
static int constant_zero = 0;
unsigned char fakeseed[16] = { 0 };
uint32_t word_send_seq;
gss_krb5_lucid_key_t enc_key;
int i;
char *skd, *dkd;
gss_buffer_desc fakeoid;
/*
* The new Kerberos interface to get the gss context
* does not include the seed or seed_init fields
* because we never really use them. But for now,
* send down a fake buffer so we can use the same
* interface to the kernel.
*/
memset(&enc_key, 0, sizeof(enc_key));
memset(&fakeoid, 0, sizeof(fakeoid));
if (!(buf->value = calloc(1, MAX_CTX_LEN)))
goto out_err;
p = buf->value;
end = buf->value + MAX_CTX_LEN;
if (WRITE_BYTES(&p, end, lctx->initiate)) goto out_err;
/* seed_init and seed not used by kernel anyway */
if (WRITE_BYTES(&p, end, constant_zero)) goto out_err;
if (write_bytes(&p, end, &fakeseed, 16)) goto out_err;
if (WRITE_BYTES(&p, end, lctx->rfc1964_kd.sign_alg)) goto out_err;
if (WRITE_BYTES(&p, end, lctx->rfc1964_kd.seal_alg)) goto out_err;
if (WRITE_BYTES(&p, end, lctx->endtime)) goto out_err;
word_send_seq = lctx->send_seq; /* XXX send_seq is 64-bit */
if (WRITE_BYTES(&p, end, word_send_seq)) goto out_err;
if (write_oid(&p, end, &krb5oid)) goto out_err;
#ifdef HAVE_HEIMDAL
/*
* The kernel gss code expects des-cbc-raw for all flavors of des.
* The keytype from MIT has this type, but Heimdal does not.
* Force the Heimdal keytype to 4 (des-cbc-raw).
* Note that the rfc1964 version only supports DES enctypes.
*/
if (lctx->rfc1964_kd.ctx_key.type != 4) {
printerr(2, "%s: overriding heimdal keytype (%d => %d)\n",
__FUNCTION__, lctx->rfc1964_kd.ctx_key.type, 4);
lctx->rfc1964_kd.ctx_key.type = 4;
}
#endif
printerr(2, "%s: serializing keys with enctype %d and length %d\n",
__FUNCTION__, lctx->rfc1964_kd.ctx_key.type,
lctx->rfc1964_kd.ctx_key.length);
/* derive the encryption key and copy it into buffer */
enc_key.type = lctx->rfc1964_kd.ctx_key.type;
enc_key.length = lctx->rfc1964_kd.ctx_key.length;
if ((enc_key.data = calloc(1, enc_key.length)) == NULL)
goto out_err;
skd = (char *) lctx->rfc1964_kd.ctx_key.data;
dkd = (char *) enc_key.data;
for (i = 0; i < enc_key.length; i++)
dkd[i] = skd[i] ^ 0xf0;
if (write_lucid_keyblock(&p, end, &enc_key)) {
free(enc_key.data);
goto out_err;
}
free(enc_key.data);
if (write_lucid_keyblock(&p, end, &lctx->rfc1964_kd.ctx_key))
goto out_err;
buf->length = p - (char *)buf->value;
return 0;
out_err:
printerr(0, "ERROR: failed serializing krb5 context for kernel\n");
if (buf->value) free(buf->value);
buf->length = 0;
if (enc_key.data) free(enc_key.data);
return -1;
}
int git_index__write(git_index *index, git_filelock *file)
{
static const char NULL_BYTES[] = {0, 0, 0, 0, 0, 0, 0, 0};
int error = 0;
unsigned int i;
git_hash_ctx *digest;
git_oid hash_final;
assert(index && file && file->is_locked);
if ((digest = git_hash_new_ctx()) == NULL)
return GIT_ENOMEM;
#define WRITE_WORD(_word) {\
uint32_t network_word = htonl((_word));\
git_filelock_write(file, &network_word, 4);\
git_hash_update(digest, &network_word, 4);\
}
#define WRITE_SHORT(_shrt) {\
uint16_t network_shrt = htons((_shrt));\
git_filelock_write(file, &network_shrt, 2);\
git_hash_update(digest, &network_shrt, 2);\
}
#define WRITE_BYTES(_bytes, _n) {\
git_filelock_write(file, _bytes, _n);\
git_hash_update(digest, _bytes, _n);\
}
WRITE_BYTES(INDEX_HEADER_SIG, 4);
WRITE_WORD(INDEX_VERSION_NUMBER);
WRITE_WORD(index->entry_count);
for (i = 0; i < index->entry_count; ++i) {
git_index_entry *entry;
size_t path_length, padding;
entry = &index->entries[i];
path_length = strlen(entry->path);
WRITE_WORD(entry->ctime.seconds);
WRITE_WORD(entry->ctime.nanoseconds);
WRITE_WORD(entry->mtime.seconds);
WRITE_WORD(entry->mtime.nanoseconds);
WRITE_WORD(entry->dev);
WRITE_WORD(entry->ino);
WRITE_WORD(entry->mode);
WRITE_WORD(entry->uid);
WRITE_WORD(entry->gid);
WRITE_WORD(entry->file_size);
WRITE_BYTES(entry->oid.id, GIT_OID_RAWSZ);
WRITE_SHORT(entry->flags);
if (entry->flags & GIT_IDXENTRY_EXTENDED) {
WRITE_SHORT(entry->flags_extended);
padding = long_entry_padding(path_length);
} else
padding = short_entry_padding(path_length);
WRITE_BYTES(entry->path, path_length);
WRITE_BYTES(NULL_BYTES, padding);
}
#undef WRITE_WORD
#undef WRITE_BYTES
#undef WRITE_SHORT
#undef WRITE_FLAGS
/* TODO: write extensions (tree cache) */
git_hash_final(&hash_final, digest);
git_hash_free_ctx(digest);
git_filelock_write(file, hash_final.id, GIT_OID_RAWSZ);
return error;
}
/*
* Prepare a new-style buffer, as defined in rfc4121 (a.k.a. cfx),
* to send to the kernel for newer encryption types -- or for DES3.
*
* The new format is:
*
* u32 flags;
* #define KRB5_CTX_FLAG_INITIATOR 0x00000001
* #define KRB5_CTX_FLAG_CFX 0x00000002
* #define KRB5_CTX_FLAG_ACCEPTOR_SUBKEY 0x00000004
* s32 endtime;
* u64 seq_send;
* u32 enctype; ( encrption type of key )
* raw key; ( raw key bytes (kernel will derive))
*
*/
static int
prepare_krb5_rfc4121_buffer(gss_krb5_lucid_context_v1_t *lctx,
gss_buffer_desc *buf, int32_t *endtime)
{
char *p, *end;
uint32_t v2_flags = 0;
uint32_t enctype;
uint32_t keysize;
if (!(buf->value = calloc(1, MAX_CTX_LEN)))
goto out_err;
p = buf->value;
end = buf->value + MAX_CTX_LEN;
/* Version 2 */
if (lctx->initiate)
v2_flags |= KRB5_CTX_FLAG_INITIATOR;
if (lctx->protocol != 0)
v2_flags |= KRB5_CTX_FLAG_CFX;
if (lctx->protocol != 0 && lctx->cfx_kd.have_acceptor_subkey == 1)
v2_flags |= KRB5_CTX_FLAG_ACCEPTOR_SUBKEY;
if (WRITE_BYTES(&p, end, v2_flags)) goto out_err;
if (WRITE_BYTES(&p, end, lctx->endtime)) goto out_err;
if (endtime)
*endtime = lctx->endtime;
if (WRITE_BYTES(&p, end, lctx->send_seq)) goto out_err;
/* Protocol 0 here implies DES3 or RC4 */
printerr(2, "%s: protocol %d\n", __FUNCTION__, lctx->protocol);
if (lctx->protocol == 0) {
enctype = lctx->rfc1964_kd.ctx_key.type;
keysize = lctx->rfc1964_kd.ctx_key.length;
} else {
if (lctx->cfx_kd.have_acceptor_subkey) {
enctype = lctx->cfx_kd.acceptor_subkey.type;
keysize = lctx->cfx_kd.acceptor_subkey.length;
} else {
enctype = lctx->cfx_kd.ctx_key.type;
keysize = lctx->cfx_kd.ctx_key.length;
}
}
printerr(2, "%s: serializing key with enctype %d and size %d\n",
__FUNCTION__, enctype, keysize);
if (WRITE_BYTES(&p, end, enctype)) goto out_err;
if (lctx->protocol == 0) {
if (write_bytes(&p, end, lctx->rfc1964_kd.ctx_key.data,
lctx->rfc1964_kd.ctx_key.length))
goto out_err;
} else {
if (lctx->cfx_kd.have_acceptor_subkey) {
if (write_bytes(&p, end,
lctx->cfx_kd.acceptor_subkey.data,
lctx->cfx_kd.acceptor_subkey.length))
goto out_err;
} else {
if (write_bytes(&p, end, lctx->cfx_kd.ctx_key.data,
lctx->cfx_kd.ctx_key.length))
goto out_err;
}
}
buf->length = p - (char *)buf->value;
return 0;
out_err:
printerr(0, "ERROR: %s: failed serializing krb5 context for kernel\n",
__FUNCTION__);
if (buf->value) {
free(buf->value);
buf->value = NULL;
}
buf->length = 0;
return -1;
}
