/*
* krb5_oscontext_externalize() - Externalize the krb5_os_context.
*/
static krb5_error_code
krb5_oscontext_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet **buffer, size_t *lenremain)
{
krb5_error_code kret;
krb5_os_context os_ctx;
size_t required;
krb5_octet *bp;
size_t remain;
required = 0;
bp = *buffer;
remain = *lenremain;
kret = EINVAL;
os_ctx = (krb5_os_context) arg;
if (os_ctx) {
kret = ENOMEM;
if (!krb5_oscontext_size(kcontext, arg, &required) &&
(required <= remain)) {
(void) krb5_ser_pack_int32(KV5M_OS_CONTEXT, &bp, &remain);
(void) krb5_ser_pack_int32(os_ctx->time_offset, &bp, &remain);
(void) krb5_ser_pack_int32(os_ctx->usec_offset, &bp, &remain);
(void) krb5_ser_pack_int32(os_ctx->os_flags, &bp, &remain);
(void) krb5_ser_pack_int32(KV5M_OS_CONTEXT, &bp, &remain);
/* Handle any other OS context here */
kret = 0;
if (!kret) {
*buffer = bp;
*lenremain = remain;
}
}
}
return(kret);
}
/*
* krb5_principal_externalize() - Externalize the krb5_principal.
*/
static krb5_error_code
krb5_principal_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet **buffer, size_t *lenremain)
{
krb5_error_code kret;
krb5_principal principal;
size_t required;
krb5_octet *bp;
size_t remain;
char *fname;
required = 0;
bp = *buffer;
remain = *lenremain;
kret = EINVAL;
if ((principal = (krb5_principal) arg)) {
kret = ENOMEM;
if (!krb5_principal_size(kcontext, arg, &required) &&
(required <= remain)) {
if (!(kret = krb5_unparse_name(kcontext, principal, &fname))) {
(void) krb5_ser_pack_int32(KV5M_PRINCIPAL, &bp, &remain);
(void) krb5_ser_pack_int32((krb5_int32) strlen(fname),
&bp, &remain);
(void) krb5_ser_pack_bytes((krb5_octet *) fname,
strlen(fname), &bp, &remain);
(void) krb5_ser_pack_int32(KV5M_PRINCIPAL, &bp, &remain);
*buffer = bp;
*lenremain = remain;
krb5_xfree(fname);
}
}
}
return(kret);
}
/*
* Externalize an authdata context.
*/
static krb5_error_code
krb5_authdata_context_externalize(krb5_context kcontext,
krb5_pointer ptr,
krb5_octet **buffer,
size_t *lenremain)
{
krb5_error_code code;
krb5_authdata_context context = (krb5_authdata_context)ptr;
krb5_octet *bp;
size_t remain;
bp = *buffer;
remain = *lenremain;
/* Our identifier */
code = krb5_ser_pack_int32(KV5M_AUTHDATA_CONTEXT, &bp, &remain);
if (code != 0)
return code;
/* The actual context data */
code = k5_ad_externalize(kcontext, context, AD_USAGE_MASK,
&bp, &remain);
if (code != 0)
return code;
/* Our trailer */
code = krb5_ser_pack_int32(KV5M_AUTHDATA_CONTEXT, &bp, &remain);
if (code != 0)
return code;
*buffer = bp;
*lenremain = remain;
return 0;
}
/*
* krb5_rcache_externalize() - Externalize the krb5_rcache.
*/
static krb5_error_code
krb5_rcache_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet **buffer, size_t *lenremain)
{
krb5_error_code kret;
krb5_rcache rcache;
size_t required;
krb5_octet *bp;
size_t remain;
char *rcname;
size_t namelen;
char *fnamep;
required = 0;
bp = *buffer;
remain = *lenremain;
kret = EINVAL;
if ((rcache = (krb5_rcache) arg) != NULL) {
kret = ENOMEM;
if (!krb5_rcache_size(kcontext, arg, &required) &&
(required <= remain)) {
/* Our identifier */
(void) krb5_ser_pack_int32(KV5M_RCACHE, &bp, &remain);
/* Calculate the length of the name */
namelen = (rcache->ops && rcache->ops->type) ?
strlen(rcache->ops->type)+1 : 0;
fnamep = krb5_rc_get_name(kcontext, rcache);
namelen += (strlen(fnamep)+1);
if ((rcname = (char *) malloc(namelen))) {
/* Format the rcache name. */
if (rcache->ops && rcache->ops->type)
sprintf(rcname, "%s:%s", rcache->ops->type, fnamep);
else
strcpy(rcname, fnamep);
/* Put the length of the file name */
(void) krb5_ser_pack_int32((krb5_int32) strlen(rcname),
&bp, &remain);
/* Put the name */
(void) krb5_ser_pack_bytes((krb5_octet *) rcname,
strlen(rcname),
&bp, &remain);
/* Put the trailer */
(void) krb5_ser_pack_int32(KV5M_RCACHE, &bp, &remain);
kret = 0;
*buffer = bp;
*lenremain = remain;
free(rcname);
}
}
}
return(kret);
}
/*
* krb5_rcache_externalize() - Externalize the krb5_rcache.
*/
static krb5_error_code
krb5_rcache_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet **buffer, size_t *lenremain)
{
krb5_error_code kret;
krb5_rcache rcache;
size_t required;
krb5_octet *bp;
size_t remain;
char *rcname;
char *fnamep;
required = 0;
bp = *buffer;
remain = *lenremain;
kret = EINVAL;
if ((rcache = (krb5_rcache) arg)) {
kret = ENOMEM;
if (!krb5_rcache_size(kcontext, arg, &required) &&
(required <= remain)) {
/* Our identifier */
(void) krb5_ser_pack_int32(KV5M_RCACHE, &bp, &remain);
fnamep = krb5_rc_get_name(kcontext, rcache);
if (rcache->ops->type) {
if (asprintf(&rcname, "%s:%s", rcache->ops->type, fnamep) < 0)
rcname = NULL;
} else
rcname = strdup(fnamep);
if (rcname) {
/* Put the length of the file name */
(void) krb5_ser_pack_int32((krb5_int32) strlen(rcname),
&bp, &remain);
/* Put the name */
(void) krb5_ser_pack_bytes((krb5_octet *) rcname,
strlen(rcname),
&bp, &remain);
/* Put the trailer */
(void) krb5_ser_pack_int32(KV5M_RCACHE, &bp, &remain);
kret = 0;
*buffer = bp;
*lenremain = remain;
free(rcname);
}
}
}
return(kret);
}
/*
* krb5_address_externalize() - Externalize the krb5_address.
*/
static krb5_error_code
krb5_address_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet **buffer, size_t *lenremain)
{
krb5_error_code kret;
krb5_address *address;
size_t required;
krb5_octet *bp;
size_t remain;
required = 0;
bp = *buffer;
remain = *lenremain;
kret = EINVAL;
/* Solaris Kerberos */
address = (krb5_address *) arg;
if (address) {
kret = ENOMEM;
if (!krb5_address_size(kcontext, arg, &required) &&
(required <= remain)) {
/* Our identifier */
(void) krb5_ser_pack_int32(KV5M_ADDRESS, &bp, &remain);
/* Our addrtype */
(void) krb5_ser_pack_int32((krb5_int32) address->addrtype,
&bp, &remain);
/* Our length */
(void) krb5_ser_pack_int32((krb5_int32) address->length,
&bp, &remain);
/* Our contents */
(void) krb5_ser_pack_bytes(address->contents,
(size_t) address->length,
&bp, &remain);
/* Finally, our trailer */
(void) krb5_ser_pack_int32(KV5M_ADDRESS, &bp, &remain);
kret = 0;
*buffer = bp;
*lenremain = remain;
}
}
return(kret);
}
/*
* krb5_checksum_externalize() - Externalize the krb5_checksum.
*/
static krb5_error_code
krb5_checksum_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet **buffer, size_t *lenremain)
{
krb5_error_code kret;
krb5_checksum *checksum;
size_t required;
krb5_octet *bp;
size_t remain;
required = 0;
bp = *buffer;
remain = *lenremain;
kret = EINVAL;
/* Solaris Kerberos */
checksum = (krb5_checksum *) arg;
if (checksum) {
kret = ENOMEM;
if (!krb5_checksum_esize(kcontext, arg, &required) &&
(required <= remain)) {
/* Our identifier */
(void) krb5_ser_pack_int32(KV5M_CHECKSUM, &bp, &remain);
/* Our checksum_type */
(void) krb5_ser_pack_int32((krb5_int32) checksum->checksum_type,
&bp, &remain);
/* Our length */
(void) krb5_ser_pack_int32((krb5_int32) checksum->length,
&bp, &remain);
/* Our contents */
(void) krb5_ser_pack_bytes(checksum->contents,
(size_t) checksum->length,
&bp, &remain);
/* Finally, our trailer */
(void) krb5_ser_pack_int32(KV5M_CHECKSUM, &bp, &remain);
kret = 0;
*buffer = bp;
*lenremain = remain;
}
}
return(kret);
}
/*
* krb5_keyblock_externalize() - Externalize the krb5_keyblock.
*/
static krb5_error_code
krb5_keyblock_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet **buffer, size_t *lenremain)
{
krb5_error_code kret;
krb5_keyblock *keyblock;
size_t required;
krb5_octet *bp;
size_t remain;
required = 0;
bp = *buffer;
remain = *lenremain;
kret = EINVAL;
if ((keyblock = (krb5_keyblock *) arg)) {
kret = ENOMEM;
if (!krb5_keyblock_size(kcontext, arg, &required) &&
(required <= remain)) {
/* Our identifier */
(void) krb5_ser_pack_int32(KV5M_KEYBLOCK, &bp, &remain);
/* Our enctype */
(void) krb5_ser_pack_int32((krb5_int32) keyblock->enctype,
&bp, &remain);
/* Our length */
(void) krb5_ser_pack_int32((krb5_int32) keyblock->length,
&bp, &remain);
/* Our contents */
(void) krb5_ser_pack_bytes(keyblock->contents,
(size_t) keyblock->length,
&bp, &remain);
/* Finally, our trailer */
(void) krb5_ser_pack_int32(KV5M_KEYBLOCK, &bp, &remain);
kret = 0;
*buffer = bp;
*lenremain = remain;
}
}
return(kret);
}
static krb5_error_code
s4u2proxy_externalize(krb5_context kcontext,
krb5_authdata_context context,
void *plugin_context,
void *request_context,
krb5_octet **buffer,
size_t *lenremain)
{
struct s4u2proxy_context *s4uctx = (struct s4u2proxy_context *)request_context;
krb5_error_code code = 0;
size_t required = 0;
krb5_octet *bp;
size_t remain;
int i = 0;
bp = *buffer;
remain = *lenremain;
s4u2proxy_size(kcontext, context, plugin_context,
request_context, &required);
if (required > remain)
return ENOMEM;
krb5_ser_pack_int32(1, &bp, &remain); /* version */
krb5_ser_pack_int32(s4uctx->count, &bp, &remain); /* princ count */
for (i = 0; i < s4uctx->count; i++) {
code = krb5_externalize_opaque(kcontext, KV5M_PRINCIPAL,
(krb5_pointer)s4uctx->delegated[i],
&bp, &remain);
if (code != 0)
return code;
}
krb5_ser_pack_int32(s4uctx->authenticated, &bp, &remain); /* authenticated */
*buffer = bp;
*lenremain = remain;
return 0;
}
/*
* krb5_authdata_externalize() - Externalize the krb5_authdata.
*/
static krb5_error_code
krb5_authdata_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet **buffer, size_t *lenremain)
{
krb5_error_code kret;
krb5_authdata *authdata;
size_t required;
krb5_octet *bp;
size_t remain;
required = 0;
bp = *buffer;
remain = *lenremain;
kret = EINVAL;
if ((authdata = (krb5_authdata *) arg)) {
kret = ENOMEM;
if (!krb5_authdata_size(kcontext, arg, &required) &&
(required <= remain)) {
/* Our identifier */
(void) krb5_ser_pack_int32(KV5M_AUTHDATA, &bp, &remain);
/* Our ad_type */
(void) krb5_ser_pack_int32((krb5_int32) authdata->ad_type,
&bp, &remain);
/* Our length */
(void) krb5_ser_pack_int32((krb5_int32) authdata->length,
&bp, &remain);
/* Our contents */
(void) krb5_ser_pack_bytes(authdata->contents,
(size_t) authdata->length,
&bp, &remain);
/* Finally, our trailer */
(void) krb5_ser_pack_int32(KV5M_AUTHDATA, &bp, &remain);
kret = 0;
*buffer = bp;
*lenremain = remain;
}
}
return(kret);
}
static krb5_error_code
mspac_externalize(krb5_context kcontext,
krb5_authdata_context context,
void *plugin_context,
void *request_context,
krb5_octet **buffer,
size_t *lenremain)
{
krb5_error_code code = 0;
struct mspac_context *pacctx = (struct mspac_context *)request_context;
size_t required = 0;
krb5_octet *bp;
size_t remain;
bp = *buffer;
remain = *lenremain;
if (pacctx->pac != NULL) {
mspac_size(kcontext, context, plugin_context,
request_context, &required);
if (required <= remain) {
krb5_ser_pack_int32((krb5_int32)pacctx->pac->data.length,
&bp, &remain);
krb5_ser_pack_bytes((krb5_octet *)pacctx->pac->data.data,
(size_t)pacctx->pac->data.length,
&bp, &remain);
krb5_ser_pack_int32((krb5_int32)pacctx->pac->verified,
&bp, &remain);
} else {
code = ENOMEM;
}
} else {
krb5_ser_pack_int32(0, &bp, &remain); /* length */
krb5_ser_pack_int32(0, &bp, &remain); /* verified */
}
*buffer = bp;
*lenremain = remain;
return code;
}
/*
* krb5_auth_context_externalize() - Externalize the krb5_auth_context.
*/
static krb5_error_code
krb5_auth_context_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet **buffer, size_t *lenremain)
{
krb5_error_code kret;
krb5_auth_context auth_context;
size_t required;
krb5_octet *bp;
size_t remain;
size_t obuf;
krb5_int32 obuf32;
required = 0;
bp = *buffer;
remain = *lenremain;
kret = EINVAL;
if ((auth_context = (krb5_auth_context) arg)) {
kret = ENOMEM;
if (!krb5_auth_context_size(kcontext, arg, &required) &&
(required <= remain)) {
/* Write fixed portion */
(void) krb5_ser_pack_int32(KV5M_AUTH_CONTEXT, &bp, &remain);
(void) krb5_ser_pack_int32(auth_context->auth_context_flags,
&bp, &remain);
(void) krb5_ser_pack_int32(auth_context->remote_seq_number,
&bp, &remain);
(void) krb5_ser_pack_int32(auth_context->local_seq_number,
&bp, &remain);
(void) krb5_ser_pack_int32((krb5_int32) auth_context->req_cksumtype,
&bp, &remain);
(void) krb5_ser_pack_int32((krb5_int32) auth_context->safe_cksumtype,
&bp, &remain);
kret = 0;
/* Now figure out the number of bytes for i_vector and write it */
if (auth_context->i_vector) {
kret = krb5_c_block_size(kcontext,
auth_context->keyblock->enctype,
&obuf);
} else {
obuf = 0;
}
/* Convert to signed 32 bit integer */
obuf32 = obuf;
if (kret == 0 && obuf != obuf32)
kret = EINVAL;
if (!kret)
(void) krb5_ser_pack_int32(obuf32, &bp, &remain);
/* Now copy i_vector */
if (!kret && auth_context->i_vector)
(void) krb5_ser_pack_bytes(auth_context->i_vector,
obuf,
&bp, &remain);
/* Now handle remote_addr, if appropriate */
if (!kret && auth_context->remote_addr) {
(void) krb5_ser_pack_int32(TOKEN_RADDR, &bp, &remain);
kret = krb5_externalize_opaque(kcontext,
KV5M_ADDRESS,
(krb5_pointer)
auth_context->remote_addr,
&bp,
&remain);
}
/* Now handle remote_port, if appropriate */
if (!kret && auth_context->remote_port) {
(void) krb5_ser_pack_int32(TOKEN_RPORT, &bp, &remain);
kret = krb5_externalize_opaque(kcontext,
KV5M_ADDRESS,
(krb5_pointer)
auth_context->remote_addr,
&bp,
&remain);
}
/* Now handle local_addr, if appropriate */
if (!kret && auth_context->local_addr) {
(void) krb5_ser_pack_int32(TOKEN_LADDR, &bp, &remain);
kret = krb5_externalize_opaque(kcontext,
KV5M_ADDRESS,
(krb5_pointer)
auth_context->local_addr,
&bp,
&remain);
}
/* Now handle local_port, if appropriate */
if (!kret && auth_context->local_port) {
(void) krb5_ser_pack_int32(TOKEN_LPORT, &bp, &remain);
kret = krb5_externalize_opaque(kcontext,
KV5M_ADDRESS,
(krb5_pointer)
auth_context->local_addr,
&bp,
&remain);
}
/* Now handle keyblock, if appropriate */
if (!kret && auth_context->keyblock) {
(void) krb5_ser_pack_int32(TOKEN_KEYBLOCK, &bp, &remain);
kret = krb5_externalize_opaque(kcontext,
KV5M_KEYBLOCK,
(krb5_pointer)
auth_context->keyblock,
&bp,
&remain);
}
/* Now handle subkey, if appropriate */
if (!kret && auth_context->send_subkey) {
(void) krb5_ser_pack_int32(TOKEN_LSKBLOCK, &bp, &remain);
kret = krb5_externalize_opaque(kcontext,
KV5M_KEYBLOCK,
(krb5_pointer)
auth_context->send_subkey,
&bp,
&remain);
}
/* Now handle subkey, if appropriate */
if (!kret && auth_context->recv_subkey) {
(void) krb5_ser_pack_int32(TOKEN_RSKBLOCK, &bp, &remain);
kret = krb5_externalize_opaque(kcontext,
KV5M_KEYBLOCK,
(krb5_pointer)
auth_context->recv_subkey,
&bp,
&remain);
}
/* Now handle authentp, if appropriate */
if (!kret && auth_context->authentp)
kret = krb5_externalize_opaque(kcontext,
KV5M_AUTHENTICATOR,
(krb5_pointer)
auth_context->authentp,
&bp,
&remain);
/*
* If we were successful, write trailer then update the pointer and
* remaining length;
*/
if (!kret) {
/* Write our trailer */
(void) krb5_ser_pack_int32(KV5M_AUTH_CONTEXT, &bp, &remain);
*buffer = bp;
*lenremain = remain;
}
}
}
return(kret);
}
/*
* krb5_authenticator_externalize() - Externalize the krb5_authenticator.
*/
static krb5_error_code
krb5_authenticator_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet **buffer, size_t *lenremain)
{
krb5_error_code kret;
krb5_authenticator *authenticator;
size_t required;
krb5_octet *bp;
size_t remain;
int i;
required = 0;
bp = *buffer;
remain = *lenremain;
kret = EINVAL;
if ((authenticator = (krb5_authenticator *) arg)) {
kret = ENOMEM;
if (!krb5_authenticator_size(kcontext, arg, &required) &&
(required <= remain)) {
/* First write our magic number */
(void) krb5_ser_pack_int32(KV5M_AUTHENTICATOR, &bp, &remain);
/* Now ctime */
(void) krb5_ser_pack_int32((krb5_int32) authenticator->ctime,
&bp, &remain);
/* Now cusec */
(void) krb5_ser_pack_int32((krb5_int32) authenticator->cusec,
&bp, &remain);
/* Now seq_number */
(void) krb5_ser_pack_int32(authenticator->seq_number,
&bp, &remain);
/* Now handle client, if appropriate */
if (authenticator->client)
kret = krb5_externalize_opaque(kcontext,
KV5M_PRINCIPAL,
(krb5_pointer)
authenticator->client,
&bp,
&remain);
else
kret = 0;
/* Now handle checksum, if appropriate */
if (!kret && authenticator->checksum)
kret = krb5_externalize_opaque(kcontext,
KV5M_CHECKSUM,
(krb5_pointer)
authenticator->checksum,
&bp,
&remain);
/* Now handle subkey, if appropriate */
if (!kret && authenticator->subkey)
kret = krb5_externalize_opaque(kcontext,
KV5M_KEYBLOCK,
(krb5_pointer)
authenticator->subkey,
&bp,
&remain);
/* Now handle authorization_data, if appropriate */
if (!kret) {
if (authenticator->authorization_data)
for (i=0; authenticator->authorization_data[i]; i++);
else
i = 0;
(void) krb5_ser_pack_int32((krb5_int32) i, &bp, &remain);
/* Now pound out the authorization_data */
if (authenticator->authorization_data) {
for (i=0; !kret && authenticator->authorization_data[i];
i++)
kret = krb5_externalize_opaque(kcontext,
KV5M_AUTHDATA,
(krb5_pointer)
authenticator->
authorization_data[i],
&bp,
&remain);
}
}
/*
* If we were successful, write trailer then update the pointer and
* remaining length;
*/
if (!kret) {
/* Write our trailer */
(void) krb5_ser_pack_int32(KV5M_AUTHENTICATOR, &bp, &remain);
*buffer = bp;
*lenremain = remain;
}
}
}
return(kret);
}
/*
* Externalize authdata context, for modules that match given flags
* mask. Note that the magic identifier/trailer is not included.
*/
static krb5_error_code
k5_ad_externalize(krb5_context kcontext,
krb5_authdata_context context,
krb5_flags flags,
krb5_octet **buffer,
size_t *lenremain)
{
int i;
krb5_error_code code;
krb5_int32 ad_count = 0;
krb5_octet *bp;
size_t remain;
bp = *buffer;
remain = *lenremain;
/* placeholder for count */
code = krb5_ser_pack_int32(0, &bp, &remain);
if (code != 0)
return code;
for (i = 0; i < context->n_modules; i++) {
struct _krb5_authdata_context_module *module = &context->modules[i];
size_t namelen;
if ((module->flags & flags) == 0)
continue;
/* externalize request context for the first instance only */
if (!IS_PRIMARY_INSTANCE(module))
continue;
if (module->ftable->externalize == NULL)
continue;
/*
* We use the module name rather than the authdata type, because
* there may be multiple modules for a particular authdata type.
*/
namelen = strlen(module->name);
code = krb5_ser_pack_int32((krb5_int32)namelen, &bp, &remain);
if (code != 0)
break;
code = krb5_ser_pack_bytes((krb5_octet *)module->name,
namelen, &bp, &remain);
if (code != 0)
break;
code = (*module->ftable->externalize)(kcontext,
context,
module->plugin_context,
*(module->request_context_pp),
&bp,
&remain);
if (code != 0)
break;
ad_count++;
}
if (code == 0) {
/* store actual count */
krb5_ser_pack_int32(ad_count, buffer, lenremain);
*buffer = bp;
*lenremain = remain;
}
return code;
}
/*
* krb5_context_externalize() - Externalize the krb5_context.
*/
static krb5_error_code
krb5_context_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet **buffer, size_t *lenremain)
{
krb5_error_code kret;
krb5_context context;
size_t required;
krb5_octet *bp;
size_t remain;
int i;
required = 0;
bp = *buffer;
remain = *lenremain;
context = (krb5_context) arg;
if (!context)
return (EINVAL);
KRB5_VERIFY_MAGIC(context, KV5M_CONTEXT);
if ((kret = krb5_context_size(kcontext, arg, &required)))
return (kret);
if (required > remain)
return (ENOMEM);
/* First write our magic number */
kret = krb5_ser_pack_int32(KV5M_CONTEXT, &bp, &remain);
if (kret)
return (kret);
/* Now sizeof default realm */
kret = krb5_ser_pack_int32((context->default_realm) ?
(krb5_int32) strlen(context->default_realm) : 0,
&bp, &remain);
if (kret)
return (kret);
/* Now default_realm bytes */
if (context->default_realm) {
kret = krb5_ser_pack_bytes((krb5_octet *) context->default_realm,
strlen(context->default_realm),
&bp, &remain);
if (kret)
return (kret);
}
/* Now number of initial ticket ktypes */
kret = krb5_ser_pack_int32((krb5_int32) context->in_tkt_ktype_count,
&bp, &remain);
if (kret)
return (kret);
/* Now serialize ktypes */
for (i=0; i<context->in_tkt_ktype_count; i++) {
kret = krb5_ser_pack_int32((krb5_int32) context->in_tkt_ktypes[i],
&bp, &remain);
if (kret)
return (kret);
}
/* Now number of default ktypes */
kret = krb5_ser_pack_int32((krb5_int32) context->tgs_ktype_count,
&bp, &remain);
if (kret)
return (kret);
/* Now serialize ktypes */
for (i=0; i<context->tgs_ktype_count; i++) {
kret = krb5_ser_pack_int32((krb5_int32) context->tgs_ktypes[i],
&bp, &remain);
if (kret)
return (kret);
}
/* Now allowable clockskew */
kret = krb5_ser_pack_int32((krb5_int32) context->clockskew,
&bp, &remain);
if (kret)
return (kret);
/* Now kdc_req_sumtype */
kret = krb5_ser_pack_int32((krb5_int32) context->kdc_req_sumtype,
&bp, &remain);
if (kret)
return (kret);
/* Now default ap_req_sumtype */
kret = krb5_ser_pack_int32((krb5_int32) context->default_ap_req_sumtype,
&bp, &remain);
if (kret)
return (kret);
/* Now default safe_sumtype */
kret = krb5_ser_pack_int32((krb5_int32) context->default_safe_sumtype,
&bp, &remain);
if (kret)
return (kret);
/* Now kdc_default_options */
kret = krb5_ser_pack_int32((krb5_int32) context->kdc_default_options,
&bp, &remain);
if (kret)
return (kret);
/* Now library_options */
kret = krb5_ser_pack_int32((krb5_int32) context->library_options,
&bp, &remain);
if (kret)
return (kret);
/* Now profile_secure */
kret = krb5_ser_pack_int32((krb5_int32) context->profile_secure,
&bp, &remain);
if (kret)
return (kret);
/* Now fcc_default_format */
kret = krb5_ser_pack_int32((krb5_int32) context->fcc_default_format,
&bp, &remain);
if (kret)
return (kret);
/* Now scc_default_format */
kret = krb5_ser_pack_int32((krb5_int32) context->scc_default_format,
&bp, &remain);
if (kret)
return (kret);
/* Now handle os_context, if appropriate */
if (context->os_context) {
kret = krb5_externalize_opaque(kcontext, KV5M_OS_CONTEXT,
(krb5_pointer) context->os_context,
&bp, &remain);
if (kret)
return (kret);
}
/* Now handle database context, if appropriate */
if (context->db_context) {
kret = krb5_externalize_opaque(kcontext, KV5M_DB_CONTEXT,
(krb5_pointer) context->db_context,
&bp, &remain);
if (kret)
return (kret);
}
/* Finally, handle profile, if appropriate */
if (context->profile) {
kret = krb5_externalize_opaque(kcontext, PROF_MAGIC_PROFILE,
(krb5_pointer) context->profile,
&bp, &remain);
if (kret)
return (kret);
}
/*
* If we were successful, write trailer then update the pointer and
* remaining length;
*/
kret = krb5_ser_pack_int32(KV5M_CONTEXT, &bp, &remain);
if (kret)
return (kret);
*buffer = bp;
*lenremain = remain;
return (0);
}
/*
* krb5_auth_context_externalize() - Externalize the krb5_auth_context.
*/
static krb5_error_code
krb5_auth_context_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet **buffer, size_t *lenremain)
{
krb5_error_code kret;
krb5_auth_context auth_context;
size_t required;
krb5_octet *bp;
size_t remain;
required = 0;
bp = *buffer;
remain = *lenremain;
kret = EINVAL;
if ((auth_context = (krb5_auth_context) arg)) {
kret = ENOMEM;
if (!krb5_auth_context_size(kcontext, arg, &required) &&
(required <= remain)) {
/* Write fixed portion */
(void) krb5_ser_pack_int32(KV5M_AUTH_CONTEXT, &bp, &remain);
(void) krb5_ser_pack_int32(auth_context->auth_context_flags,
&bp, &remain);
(void) krb5_ser_pack_int32(auth_context->remote_seq_number,
&bp, &remain);
(void) krb5_ser_pack_int32(auth_context->local_seq_number,
&bp, &remain);
(void) krb5_ser_pack_int32((krb5_int32) auth_context->req_cksumtype,
&bp, &remain);
(void) krb5_ser_pack_int32((krb5_int32) auth_context->safe_cksumtype,
&bp, &remain);
/* Write the cipher state */
(void) krb5_ser_pack_int32(auth_context->cstate.length, &bp,
&remain);
(void) krb5_ser_pack_bytes((krb5_octet *)auth_context->cstate.data,
auth_context->cstate.length,
&bp, &remain);
kret = 0;
/* Now handle remote_addr, if appropriate */
if (!kret && auth_context->remote_addr) {
(void) krb5_ser_pack_int32(TOKEN_RADDR, &bp, &remain);
kret = krb5_externalize_opaque(kcontext,
KV5M_ADDRESS,
(krb5_pointer)
auth_context->remote_addr,
&bp,
&remain);
}
/* Now handle remote_port, if appropriate */
if (!kret && auth_context->remote_port) {
(void) krb5_ser_pack_int32(TOKEN_RPORT, &bp, &remain);
kret = krb5_externalize_opaque(kcontext,
KV5M_ADDRESS,
(krb5_pointer)
auth_context->remote_addr,
&bp,
&remain);
}
/* Now handle local_addr, if appropriate */
if (!kret && auth_context->local_addr) {
(void) krb5_ser_pack_int32(TOKEN_LADDR, &bp, &remain);
kret = krb5_externalize_opaque(kcontext,
KV5M_ADDRESS,
(krb5_pointer)
auth_context->local_addr,
&bp,
&remain);
}
/* Now handle local_port, if appropriate */
if (!kret && auth_context->local_port) {
(void) krb5_ser_pack_int32(TOKEN_LPORT, &bp, &remain);
kret = krb5_externalize_opaque(kcontext,
KV5M_ADDRESS,
(krb5_pointer)
auth_context->local_addr,
&bp,
&remain);
}
/* Now handle keyblock, if appropriate */
if (!kret && auth_context->key) {
(void) krb5_ser_pack_int32(TOKEN_KEYBLOCK, &bp, &remain);
kret = krb5_externalize_opaque(kcontext,
KV5M_KEYBLOCK,
(krb5_pointer)
&auth_context->key->keyblock,
&bp,
&remain);
}
/* Now handle subkey, if appropriate */
if (!kret && auth_context->send_subkey) {
(void) krb5_ser_pack_int32(TOKEN_LSKBLOCK, &bp, &remain);
kret = krb5_externalize_opaque(kcontext,
KV5M_KEYBLOCK,
(krb5_pointer) &auth_context->
send_subkey->keyblock,
&bp,
&remain);
}
/* Now handle subkey, if appropriate */
if (!kret && auth_context->recv_subkey) {
(void) krb5_ser_pack_int32(TOKEN_RSKBLOCK, &bp, &remain);
kret = krb5_externalize_opaque(kcontext,
KV5M_KEYBLOCK,
(krb5_pointer) &auth_context->
recv_subkey->keyblock,
&bp,
&remain);
}
/* Now handle authentp, if appropriate */
if (!kret && auth_context->authentp)
kret = krb5_externalize_opaque(kcontext,
KV5M_AUTHENTICATOR,
(krb5_pointer)
auth_context->authentp,
&bp,
&remain);
/*
* If we were successful, write trailer then update the pointer and
* remaining length;
*/
if (!kret) {
/* Write our trailer */
(void) krb5_ser_pack_int32(KV5M_AUTH_CONTEXT, &bp, &remain);
*buffer = bp;
*lenremain = remain;
}
}
}
return(kret);
}