/*
* Externalize a piece of arbitrary data.
*/
krb5_error_code
krb5_externalize_data(krb5_context kcontext, krb5_pointer arg, krb5_octet **bufpp, size_t *sizep)
{
krb5_error_code kret;
krb5_magic *mp;
krb5_octet *buffer, *bp;
size_t bufsize, bsize;
mp = (krb5_magic *) arg;
bufsize = 0;
if (!(kret = krb5_size_opaque(kcontext, *mp, arg, &bufsize))) {
if ((buffer = (krb5_octet *) malloc(bufsize))) {
bp = buffer;
bsize = bufsize;
if (!(kret = krb5_externalize_opaque(kcontext,
*mp,
arg,
&bp,
&bsize))) {
if (bsize != 0)
bufsize -= bsize;
*bufpp = buffer;
*sizep = bufsize;
}
}
else
kret = ENOMEM;
}
return(kret);
}
static krb5_error_code
s4u2proxy_externalize(krb5_context kcontext,
krb5_authdata_context context,
void *plugin_context,
void *request_context,
krb5_octet **buffer,
size_t *lenremain)
{
struct s4u2proxy_context *s4uctx = (struct s4u2proxy_context *)request_context;
krb5_error_code code = 0;
size_t required = 0;
krb5_octet *bp;
size_t remain;
int i = 0;
bp = *buffer;
remain = *lenremain;
s4u2proxy_size(kcontext, context, plugin_context,
request_context, &required);
if (required > remain)
return ENOMEM;
krb5_ser_pack_int32(1, &bp, &remain); /* version */
krb5_ser_pack_int32(s4uctx->count, &bp, &remain); /* princ count */
for (i = 0; i < s4uctx->count; i++) {
code = krb5_externalize_opaque(kcontext, KV5M_PRINCIPAL,
(krb5_pointer)s4uctx->delegated[i],
&bp, &remain);
if (code != 0)
return code;
}
krb5_ser_pack_int32(s4uctx->authenticated, &bp, &remain); /* authenticated */
*buffer = bp;
*lenremain = remain;
return 0;
}
/*
* krb5_auth_context_externalize() - Externalize the krb5_auth_context.
*/
static krb5_error_code
krb5_auth_context_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet **buffer, size_t *lenremain)
{
krb5_error_code kret;
krb5_auth_context auth_context;
size_t required;
krb5_octet *bp;
size_t remain;
size_t obuf;
krb5_int32 obuf32;
required = 0;
bp = *buffer;
remain = *lenremain;
kret = EINVAL;
if ((auth_context = (krb5_auth_context) arg)) {
kret = ENOMEM;
if (!krb5_auth_context_size(kcontext, arg, &required) &&
(required <= remain)) {
/* Write fixed portion */
(void) krb5_ser_pack_int32(KV5M_AUTH_CONTEXT, &bp, &remain);
(void) krb5_ser_pack_int32(auth_context->auth_context_flags,
&bp, &remain);
(void) krb5_ser_pack_int32(auth_context->remote_seq_number,
&bp, &remain);
(void) krb5_ser_pack_int32(auth_context->local_seq_number,
&bp, &remain);
(void) krb5_ser_pack_int32((krb5_int32) auth_context->req_cksumtype,
&bp, &remain);
(void) krb5_ser_pack_int32((krb5_int32) auth_context->safe_cksumtype,
&bp, &remain);
kret = 0;
/* Now figure out the number of bytes for i_vector and write it */
if (auth_context->i_vector) {
kret = krb5_c_block_size(kcontext,
auth_context->keyblock->enctype,
&obuf);
} else {
obuf = 0;
}
/* Convert to signed 32 bit integer */
obuf32 = obuf;
if (kret == 0 && obuf != obuf32)
kret = EINVAL;
if (!kret)
(void) krb5_ser_pack_int32(obuf32, &bp, &remain);
/* Now copy i_vector */
if (!kret && auth_context->i_vector)
(void) krb5_ser_pack_bytes(auth_context->i_vector,
obuf,
&bp, &remain);
/* Now handle remote_addr, if appropriate */
if (!kret && auth_context->remote_addr) {
(void) krb5_ser_pack_int32(TOKEN_RADDR, &bp, &remain);
kret = krb5_externalize_opaque(kcontext,
KV5M_ADDRESS,
(krb5_pointer)
auth_context->remote_addr,
&bp,
&remain);
}
/* Now handle remote_port, if appropriate */
if (!kret && auth_context->remote_port) {
(void) krb5_ser_pack_int32(TOKEN_RPORT, &bp, &remain);
kret = krb5_externalize_opaque(kcontext,
KV5M_ADDRESS,
(krb5_pointer)
auth_context->remote_addr,
&bp,
&remain);
}
/* Now handle local_addr, if appropriate */
if (!kret && auth_context->local_addr) {
(void) krb5_ser_pack_int32(TOKEN_LADDR, &bp, &remain);
kret = krb5_externalize_opaque(kcontext,
KV5M_ADDRESS,
(krb5_pointer)
auth_context->local_addr,
&bp,
&remain);
}
/* Now handle local_port, if appropriate */
if (!kret && auth_context->local_port) {
(void) krb5_ser_pack_int32(TOKEN_LPORT, &bp, &remain);
kret = krb5_externalize_opaque(kcontext,
KV5M_ADDRESS,
(krb5_pointer)
auth_context->local_addr,
&bp,
&remain);
}
/* Now handle keyblock, if appropriate */
if (!kret && auth_context->keyblock) {
(void) krb5_ser_pack_int32(TOKEN_KEYBLOCK, &bp, &remain);
kret = krb5_externalize_opaque(kcontext,
KV5M_KEYBLOCK,
(krb5_pointer)
auth_context->keyblock,
&bp,
&remain);
}
/* Now handle subkey, if appropriate */
if (!kret && auth_context->send_subkey) {
(void) krb5_ser_pack_int32(TOKEN_LSKBLOCK, &bp, &remain);
kret = krb5_externalize_opaque(kcontext,
KV5M_KEYBLOCK,
(krb5_pointer)
auth_context->send_subkey,
&bp,
&remain);
}
/* Now handle subkey, if appropriate */
if (!kret && auth_context->recv_subkey) {
(void) krb5_ser_pack_int32(TOKEN_RSKBLOCK, &bp, &remain);
kret = krb5_externalize_opaque(kcontext,
KV5M_KEYBLOCK,
(krb5_pointer)
auth_context->recv_subkey,
&bp,
&remain);
}
/* Now handle authentp, if appropriate */
if (!kret && auth_context->authentp)
kret = krb5_externalize_opaque(kcontext,
KV5M_AUTHENTICATOR,
(krb5_pointer)
auth_context->authentp,
&bp,
&remain);
/*
* If we were successful, write trailer then update the pointer and
* remaining length;
*/
if (!kret) {
/* Write our trailer */
(void) krb5_ser_pack_int32(KV5M_AUTH_CONTEXT, &bp, &remain);
*buffer = bp;
*lenremain = remain;
}
}
}
return(kret);
}
/*
* krb5_authenticator_externalize() - Externalize the krb5_authenticator.
*/
static krb5_error_code
krb5_authenticator_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet **buffer, size_t *lenremain)
{
krb5_error_code kret;
krb5_authenticator *authenticator;
size_t required;
krb5_octet *bp;
size_t remain;
int i;
required = 0;
bp = *buffer;
remain = *lenremain;
kret = EINVAL;
if ((authenticator = (krb5_authenticator *) arg)) {
kret = ENOMEM;
if (!krb5_authenticator_size(kcontext, arg, &required) &&
(required <= remain)) {
/* First write our magic number */
(void) krb5_ser_pack_int32(KV5M_AUTHENTICATOR, &bp, &remain);
/* Now ctime */
(void) krb5_ser_pack_int32((krb5_int32) authenticator->ctime,
&bp, &remain);
/* Now cusec */
(void) krb5_ser_pack_int32((krb5_int32) authenticator->cusec,
&bp, &remain);
/* Now seq_number */
(void) krb5_ser_pack_int32(authenticator->seq_number,
&bp, &remain);
/* Now handle client, if appropriate */
if (authenticator->client)
kret = krb5_externalize_opaque(kcontext,
KV5M_PRINCIPAL,
(krb5_pointer)
authenticator->client,
&bp,
&remain);
else
kret = 0;
/* Now handle checksum, if appropriate */
if (!kret && authenticator->checksum)
kret = krb5_externalize_opaque(kcontext,
KV5M_CHECKSUM,
(krb5_pointer)
authenticator->checksum,
&bp,
&remain);
/* Now handle subkey, if appropriate */
if (!kret && authenticator->subkey)
kret = krb5_externalize_opaque(kcontext,
KV5M_KEYBLOCK,
(krb5_pointer)
authenticator->subkey,
&bp,
&remain);
/* Now handle authorization_data, if appropriate */
if (!kret) {
if (authenticator->authorization_data)
for (i=0; authenticator->authorization_data[i]; i++);
else
i = 0;
(void) krb5_ser_pack_int32((krb5_int32) i, &bp, &remain);
/* Now pound out the authorization_data */
if (authenticator->authorization_data) {
for (i=0; !kret && authenticator->authorization_data[i];
i++)
kret = krb5_externalize_opaque(kcontext,
KV5M_AUTHDATA,
(krb5_pointer)
authenticator->
authorization_data[i],
&bp,
&remain);
}
}
/*
* If we were successful, write trailer then update the pointer and
* remaining length;
*/
if (!kret) {
/* Write our trailer */
(void) krb5_ser_pack_int32(KV5M_AUTHENTICATOR, &bp, &remain);
*buffer = bp;
*lenremain = remain;
}
}
}
return(kret);
}
/*
* krb5_context_externalize() - Externalize the krb5_context.
*/
static krb5_error_code
krb5_context_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet **buffer, size_t *lenremain)
{
krb5_error_code kret;
krb5_context context;
size_t required;
krb5_octet *bp;
size_t remain;
int i;
required = 0;
bp = *buffer;
remain = *lenremain;
context = (krb5_context) arg;
if (!context)
return (EINVAL);
KRB5_VERIFY_MAGIC(context, KV5M_CONTEXT);
if ((kret = krb5_context_size(kcontext, arg, &required)))
return (kret);
if (required > remain)
return (ENOMEM);
/* First write our magic number */
kret = krb5_ser_pack_int32(KV5M_CONTEXT, &bp, &remain);
if (kret)
return (kret);
/* Now sizeof default realm */
kret = krb5_ser_pack_int32((context->default_realm) ?
(krb5_int32) strlen(context->default_realm) : 0,
&bp, &remain);
if (kret)
return (kret);
/* Now default_realm bytes */
if (context->default_realm) {
kret = krb5_ser_pack_bytes((krb5_octet *) context->default_realm,
strlen(context->default_realm),
&bp, &remain);
if (kret)
return (kret);
}
/* Now number of initial ticket ktypes */
kret = krb5_ser_pack_int32((krb5_int32) context->in_tkt_ktype_count,
&bp, &remain);
if (kret)
return (kret);
/* Now serialize ktypes */
for (i=0; i<context->in_tkt_ktype_count; i++) {
kret = krb5_ser_pack_int32((krb5_int32) context->in_tkt_ktypes[i],
&bp, &remain);
if (kret)
return (kret);
}
/* Now number of default ktypes */
kret = krb5_ser_pack_int32((krb5_int32) context->tgs_ktype_count,
&bp, &remain);
if (kret)
return (kret);
/* Now serialize ktypes */
for (i=0; i<context->tgs_ktype_count; i++) {
kret = krb5_ser_pack_int32((krb5_int32) context->tgs_ktypes[i],
&bp, &remain);
if (kret)
return (kret);
}
/* Now allowable clockskew */
kret = krb5_ser_pack_int32((krb5_int32) context->clockskew,
&bp, &remain);
if (kret)
return (kret);
/* Now kdc_req_sumtype */
kret = krb5_ser_pack_int32((krb5_int32) context->kdc_req_sumtype,
&bp, &remain);
if (kret)
return (kret);
/* Now default ap_req_sumtype */
kret = krb5_ser_pack_int32((krb5_int32) context->default_ap_req_sumtype,
&bp, &remain);
if (kret)
return (kret);
/* Now default safe_sumtype */
kret = krb5_ser_pack_int32((krb5_int32) context->default_safe_sumtype,
&bp, &remain);
if (kret)
return (kret);
/* Now kdc_default_options */
kret = krb5_ser_pack_int32((krb5_int32) context->kdc_default_options,
&bp, &remain);
if (kret)
return (kret);
/* Now library_options */
kret = krb5_ser_pack_int32((krb5_int32) context->library_options,
&bp, &remain);
if (kret)
return (kret);
/* Now profile_secure */
kret = krb5_ser_pack_int32((krb5_int32) context->profile_secure,
&bp, &remain);
if (kret)
return (kret);
/* Now fcc_default_format */
kret = krb5_ser_pack_int32((krb5_int32) context->fcc_default_format,
&bp, &remain);
if (kret)
return (kret);
/* Now scc_default_format */
kret = krb5_ser_pack_int32((krb5_int32) context->scc_default_format,
&bp, &remain);
if (kret)
return (kret);
/* Now handle os_context, if appropriate */
if (context->os_context) {
kret = krb5_externalize_opaque(kcontext, KV5M_OS_CONTEXT,
(krb5_pointer) context->os_context,
&bp, &remain);
if (kret)
return (kret);
}
/* Now handle database context, if appropriate */
if (context->db_context) {
kret = krb5_externalize_opaque(kcontext, KV5M_DB_CONTEXT,
(krb5_pointer) context->db_context,
&bp, &remain);
if (kret)
return (kret);
}
/* Finally, handle profile, if appropriate */
if (context->profile) {
kret = krb5_externalize_opaque(kcontext, PROF_MAGIC_PROFILE,
(krb5_pointer) context->profile,
&bp, &remain);
if (kret)
return (kret);
}
/*
* If we were successful, write trailer then update the pointer and
* remaining length;
*/
kret = krb5_ser_pack_int32(KV5M_CONTEXT, &bp, &remain);
if (kret)
return (kret);
*buffer = bp;
*lenremain = remain;
return (0);
}
/*
* krb5_auth_context_externalize() - Externalize the krb5_auth_context.
*/
static krb5_error_code
krb5_auth_context_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet **buffer, size_t *lenremain)
{
krb5_error_code kret;
krb5_auth_context auth_context;
size_t required;
krb5_octet *bp;
size_t remain;
required = 0;
bp = *buffer;
remain = *lenremain;
kret = EINVAL;
if ((auth_context = (krb5_auth_context) arg)) {
kret = ENOMEM;
if (!krb5_auth_context_size(kcontext, arg, &required) &&
(required <= remain)) {
/* Write fixed portion */
(void) krb5_ser_pack_int32(KV5M_AUTH_CONTEXT, &bp, &remain);
(void) krb5_ser_pack_int32(auth_context->auth_context_flags,
&bp, &remain);
(void) krb5_ser_pack_int32(auth_context->remote_seq_number,
&bp, &remain);
(void) krb5_ser_pack_int32(auth_context->local_seq_number,
&bp, &remain);
(void) krb5_ser_pack_int32((krb5_int32) auth_context->req_cksumtype,
&bp, &remain);
(void) krb5_ser_pack_int32((krb5_int32) auth_context->safe_cksumtype,
&bp, &remain);
/* Write the cipher state */
(void) krb5_ser_pack_int32(auth_context->cstate.length, &bp,
&remain);
(void) krb5_ser_pack_bytes((krb5_octet *)auth_context->cstate.data,
auth_context->cstate.length,
&bp, &remain);
kret = 0;
/* Now handle remote_addr, if appropriate */
if (!kret && auth_context->remote_addr) {
(void) krb5_ser_pack_int32(TOKEN_RADDR, &bp, &remain);
kret = krb5_externalize_opaque(kcontext,
KV5M_ADDRESS,
(krb5_pointer)
auth_context->remote_addr,
&bp,
&remain);
}
/* Now handle remote_port, if appropriate */
if (!kret && auth_context->remote_port) {
(void) krb5_ser_pack_int32(TOKEN_RPORT, &bp, &remain);
kret = krb5_externalize_opaque(kcontext,
KV5M_ADDRESS,
(krb5_pointer)
auth_context->remote_addr,
&bp,
&remain);
}
/* Now handle local_addr, if appropriate */
if (!kret && auth_context->local_addr) {
(void) krb5_ser_pack_int32(TOKEN_LADDR, &bp, &remain);
kret = krb5_externalize_opaque(kcontext,
KV5M_ADDRESS,
(krb5_pointer)
auth_context->local_addr,
&bp,
&remain);
}
/* Now handle local_port, if appropriate */
if (!kret && auth_context->local_port) {
(void) krb5_ser_pack_int32(TOKEN_LPORT, &bp, &remain);
kret = krb5_externalize_opaque(kcontext,
KV5M_ADDRESS,
(krb5_pointer)
auth_context->local_addr,
&bp,
&remain);
}
/* Now handle keyblock, if appropriate */
if (!kret && auth_context->key) {
(void) krb5_ser_pack_int32(TOKEN_KEYBLOCK, &bp, &remain);
kret = krb5_externalize_opaque(kcontext,
KV5M_KEYBLOCK,
(krb5_pointer)
&auth_context->key->keyblock,
&bp,
&remain);
}
/* Now handle subkey, if appropriate */
if (!kret && auth_context->send_subkey) {
(void) krb5_ser_pack_int32(TOKEN_LSKBLOCK, &bp, &remain);
kret = krb5_externalize_opaque(kcontext,
KV5M_KEYBLOCK,
(krb5_pointer) &auth_context->
send_subkey->keyblock,
&bp,
&remain);
}
/* Now handle subkey, if appropriate */
if (!kret && auth_context->recv_subkey) {
(void) krb5_ser_pack_int32(TOKEN_RSKBLOCK, &bp, &remain);
kret = krb5_externalize_opaque(kcontext,
KV5M_KEYBLOCK,
(krb5_pointer) &auth_context->
recv_subkey->keyblock,
&bp,
&remain);
}
/* Now handle authentp, if appropriate */
if (!kret && auth_context->authentp)
kret = krb5_externalize_opaque(kcontext,
KV5M_AUTHENTICATOR,
(krb5_pointer)
auth_context->authentp,
&bp,
&remain);
/*
* If we were successful, write trailer then update the pointer and
* remaining length;
*/
if (!kret) {
/* Write our trailer */
(void) krb5_ser_pack_int32(KV5M_AUTH_CONTEXT, &bp, &remain);
*buffer = bp;
*lenremain = remain;
}
}
}
return(kret);
}