static int error_kernel_key(key_serial_t keyid, int rpc_error, int gss_error) { int seqwin = 0; char buf[32]; char *p, *end; logmsg(LL_TRACE, "revoking kernel key %08x\n", keyid); p = buf; end = buf + sizeof(buf); WRITE_BYTES(&p, end, seqwin); WRITE_BYTES(&p, end, rpc_error); WRITE_BYTES(&p, end, gss_error); again: if (keyctl_update(keyid, buf, p - buf)) { if (errno != EAGAIN) { logmsg(LL_ERR, "revoke key %08x: %s\n", keyid, strerror(errno)); return -1; } logmsg(LL_WARN, "key %08x: revoking too soon, try again\n", keyid); sleep(2); goto again; } logmsg(LL_INFO, "key %08x: revoked\n", keyid); return 0; }
void NetPacket::WriteInitHeaderBytes( const uint16_t& ackID, const Byte& connID ){ //unsigned short ackID = ackID; WRITE_BYTES(connID); WRITE_BYTES(ackID); Byte messageCount = 0; WRITE_BYTES(messageCount); curSize += GetHeaderLength(); }
int writeTask(FILE *outputFile, void *task){ int endedTasks, metaSize, taskState; Task *auxTask = (Task *)task; pthread_mutex_lock(&dependsOnMeMutex); writeTaskIdList(outputFile, (void *)auxTask->dependsOnMe); pthread_mutex_unlock(&dependsOnMeMutex); writeTaskIdList(outputFile, auxTask->myDeps); HashIntVoid *children = auxTask->children; hashIntVoidSerialize(outputFile, children); int id = getTaskId(auxTask); WRITE_NUM(outputFile, "id", id); endedTasks = getTaskEndedTasks(auxTask); WRITE_NUM(outputFile, "endedTasks", endedTasks); metaSize = getTaskMetasize(auxTask); WRITE_NUM(outputFile, "metaSize", metaSize); WRITE_BYTES(outputFile, getTaskMetadata(auxTask), metaSize); taskState = getTaskState(auxTask); WRITE_NUM(outputFile, "taskState", taskState); writeDataSpace(outputFile, getTaskDataSpace(task)); return 1; }
void serialize_packet(uint8_t *dst, const stdr_msgs::RawScan *src) { for( int i=0; i<velodyne_rawdata::BLOCKS_PER_PACKET; ++i ) { const stdr_msgs::RawScan & scan = *(src+i); ROS_ASSERT(scan.stamp == src->stamp); const uint16_t b = (scan.block_id==stdr_msgs::RawScan::BLOCK_LOWER) ? velodyne_rawdata::LOWER_BANK : velodyne_rawdata::UPPER_BANK; WRITE_BYTES(dst, b); WRITE_BYTES(dst, scan.encoder); for( int j=0; j<velodyne_rawdata::SCANS_PER_BLOCK; ++j ) { WRITE_BYTES(dst, scan.range[j]); WRITE_BYTES(dst, scan.intensity[j]); } } }
static int write_keyblock(char **p, char *end, struct _krb5_keyblock *arg) { gss_buffer_desc tmp; if (WRITE_BYTES(p, end, arg->enctype)) return -1; tmp.length = arg->length; tmp.value = arg->contents; if (write_buffer(p, end, &tmp)) return -1; return 0; }
static int write_lucid_keyblock(char **p, char *end, gss_krb5_lucid_key_t *key) { gss_buffer_desc tmp; if (WRITE_BYTES(p, end, key->type)) return -1; tmp.length = key->length; tmp.value = key->data; if (write_buffer(p, end, &tmp)) return -1; return 0; }
static int write_manifest(gzFile f, const struct manifest *mf) { uint16_t i, j; WRITE_INT(4, MAGIC); WRITE_INT(1, MANIFEST_VERSION); WRITE_INT(1, 16); WRITE_INT(2, 0); WRITE_INT(4, mf->n_files); for (i = 0; i < mf->n_files; i++) { WRITE_STR(mf->files[i]); } WRITE_INT(4, mf->n_file_infos); for (i = 0; i < mf->n_file_infos; i++) { WRITE_INT(4, mf->file_infos[i].index); WRITE_BYTES(mf->hash_size, mf->file_infos[i].hash); WRITE_INT(4, mf->file_infos[i].size); WRITE_INT(8, mf->file_infos[i].mtime); WRITE_INT(8, mf->file_infos[i].ctime); } WRITE_INT(4, mf->n_objects); for (i = 0; i < mf->n_objects; i++) { WRITE_INT(4, mf->objects[i].n_file_info_indexes); for (j = 0; j < mf->objects[i].n_file_info_indexes; j++) { WRITE_INT(4, mf->objects[i].file_info_indexes[j]); } WRITE_BYTES(mf->hash_size, mf->objects[i].hash.hash); WRITE_INT(4, mf->objects[i].hash.size); } return 1; error: cc_log("Error writing to manifest file"); return 0; }
static int update_kernel_key(key_serial_t keyid, struct lgss_nego_data *lnd, gss_buffer_desc *ctx_token) { char *buf = NULL, *p = NULL, *end = NULL; unsigned int buf_size = 0; int rc; logmsg(LL_TRACE, "updating kernel key %08x\n", keyid); buf_size = sizeof(lnd->lnd_seq_win) + sizeof(lnd->lnd_rmt_ctx.length) + lnd->lnd_rmt_ctx.length + sizeof(ctx_token->length) + ctx_token->length; buf = malloc(buf_size); if (buf == NULL) { logmsg(LL_ERR, "key %08x: can't alloc update buf: size %d\n", keyid, buf_size); return 1; } p = buf; end = buf + buf_size; rc = -1; if (WRITE_BYTES(&p, end, lnd->lnd_seq_win)) goto out; if (write_buffer(&p, end, &lnd->lnd_rmt_ctx)) goto out; if (write_buffer(&p, end, ctx_token)) goto out; again: if (keyctl_update(keyid, buf, p - buf)) { if (errno != EAGAIN) { logmsg(LL_ERR, "update key %08x: %s\n", keyid, strerror(errno)); goto out; } logmsg(LL_DEBUG, "key %08x: updating too soon, try again\n", keyid); sleep(2); goto again; } rc = 0; logmsg(LL_DEBUG, "key %08x: updated\n", keyid); out: free(buf); return rc; }
int write_heimdal_keyblock(char **p, char *end, krb5_keyblock *key) { gss_buffer_desc tmp; int code = -1; if (WRITE_BYTES(p, end, key->keytype)) goto out_err; tmp.length = key->keyvalue.length; tmp.value = key->keyvalue.data; if (write_buffer(p, end, &tmp)) goto out_err; code = 0; out_err: return(code); }
static void do_downcall(int k5_fd, uid_t uid, struct authgss_private_data *pd, gss_buffer_desc *context_token, OM_uint32 lifetime_rec, gss_buffer_desc *acceptor) { char *buf = NULL, *p = NULL, *end = NULL; unsigned int timeout = context_timeout; unsigned int buf_size = 0; printerr(2, "doing downcall: lifetime_rec=%u acceptor=%.*s\n", lifetime_rec, acceptor->length, acceptor->value); buf_size = sizeof(uid) + sizeof(timeout) + sizeof(pd->pd_seq_win) + sizeof(pd->pd_ctx_hndl.length) + pd->pd_ctx_hndl.length + sizeof(context_token->length) + context_token->length + sizeof(acceptor->length) + acceptor->length; p = buf = malloc(buf_size); if (!buf) goto out_err; end = buf + buf_size; /* context_timeout set by -t option overrides context lifetime */ if (timeout == 0) timeout = lifetime_rec; if (WRITE_BYTES(&p, end, uid)) goto out_err; if (WRITE_BYTES(&p, end, timeout)) goto out_err; if (WRITE_BYTES(&p, end, pd->pd_seq_win)) goto out_err; if (write_buffer(&p, end, &pd->pd_ctx_hndl)) goto out_err; if (write_buffer(&p, end, context_token)) goto out_err; if (write_buffer(&p, end, acceptor)) goto out_err; if (write(k5_fd, buf, p - buf) < p - buf) goto out_err; free(buf); return; out_err: free(buf); printerr(1, "Failed to write downcall!\n"); return; }
static int do_error_downcall(int k5_fd, uid_t uid, int err) { char buf[1024]; char *p = buf, *end = buf + 1024; unsigned int timeout = 0; int zero = 0; printerr(2, "doing error downcall\n"); if (WRITE_BYTES(&p, end, uid)) goto out_err; if (WRITE_BYTES(&p, end, timeout)) goto out_err; /* use seq_win = 0 to indicate an error: */ if (WRITE_BYTES(&p, end, zero)) goto out_err; if (WRITE_BYTES(&p, end, err)) goto out_err; if (write(k5_fd, buf, p - buf) < p - buf) goto out_err; return 0; out_err: printerr(1, "Failed to write error downcall!\n"); return -1; }
bool NetPacket::AddMessage(NetMessage& msgToAdd) { //write this to the end of the buffer and update message count //ConsolePrintString(msgToAdd.ToString()); msgToAdd.owner = this; unsigned short messageLen = msgToAdd.GetMessageLength() + (unsigned short)msgToAdd.GetHeaderLength(); if (GetBufferLength() + messageLen < maxSize) { //write length WRITE_BYTES(messageLen); //write ID Byte messageID = msgToAdd.GetMessageID(); WRITE_BYTES(messageID); //new bit: reliable id if (msgToAdd.IsReliable()) { WRITE_BYTES(msgToAdd.reliableID); } //new bits: order id if (msgToAdd.IsInOrder()) { WRITE_BYTES(msgToAdd.orderID); } //write message buffer data to my buffer WriteBytes((void*)msgToAdd.messageBuffer, msgToAdd.GetMessageLength()); IncrementMessageCount(); return true; } return false; }
/// writeChildTask() writes only the necessary to int writeChildTask(FILE *outputFile, void *task){ int metaSize = 0; Task *auxTask = (Task *)task; pthread_mutex_lock(&dependsOnMeMutex); writeTaskIdList(outputFile, (void *)auxTask->dependsOnMe); pthread_mutex_unlock(&dependsOnMeMutex); writeTaskIdList(outputFile, auxTask->myDeps); int id = getTaskId(auxTask); WRITE_NUM(outputFile, "id", id); metaSize = getTaskMetasize(auxTask); WRITE_NUM(outputFile, "metaSize", metaSize); WRITE_BYTES(outputFile, getTaskMetadata(auxTask), metaSize); return 1; }
int serialize_krb5_ctx(gss_ctx_id_t *ctx, gss_buffer_desc *buf, int32_t *endtime) { krb5_gss_ctx_id_t kctx = ((gss_union_ctx_id_t)(*ctx))->internal_ctx_id; char *p, *end; static int constant_zero = 0; static int constant_one = 1; static int constant_two = 2; uint32_t word_seq_send; u_int64_t seq_send_64bit; uint32_t v2_flags = 0; if (!(buf->value = calloc(1, MAX_CTX_LEN))) goto out_err; p = buf->value; end = buf->value + MAX_CTX_LEN; switch (kctx->enc->enctype) { case ENCTYPE_DES_CBC_CRC: case ENCTYPE_DES_CBC_MD4: case ENCTYPE_DES_CBC_MD5: case ENCTYPE_DES_CBC_RAW: /* Old format of context to the kernel */ if (kctx->initiate) { if (WRITE_BYTES(&p, end, constant_one)) goto out_err; } else { if (WRITE_BYTES(&p, end, constant_zero)) goto out_err; } if (kctx->seed_init) { if (WRITE_BYTES(&p, end, constant_one)) goto out_err; } else { if (WRITE_BYTES(&p, end, constant_zero)) goto out_err; } if (write_bytes(&p, end, &kctx->seed, sizeof(kctx->seed))) goto out_err; if (WRITE_BYTES(&p, end, kctx->signalg)) goto out_err; if (WRITE_BYTES(&p, end, kctx->sealalg)) goto out_err; if (WRITE_BYTES(&p, end, kctx->endtime)) goto out_err; if (endtime) *endtime = kctx->endtime; word_seq_send = kctx->seq_send; if (WRITE_BYTES(&p, end, word_seq_send)) goto out_err; if (write_oid(&p, end, kctx->mech_used)) goto out_err; printerr(2, "serialize_krb5_ctx: serializing keys with " "enctype %d and length %d\n", kctx->enc->enctype, kctx->enc->length); if (write_keyblock(&p, end, kctx->enc)) goto out_err; if (write_keyblock(&p, end, kctx->seq)) goto out_err; break; case ENCTYPE_DES3_CBC_RAW: case ENCTYPE_DES3_CBC_SHA1: case ENCTYPE_ARCFOUR_HMAC: case ENCTYPE_ARCFOUR_HMAC_EXP: case ENCTYPE_AES128_CTS_HMAC_SHA1_96: case ENCTYPE_AES256_CTS_HMAC_SHA1_96: /* New format of context to the kernel */ /* u32 flags; * #define KRB5_CTX_FLAG_INITIATOR 0x00000001 * #define KRB5_CTX_FLAG_CFX 0x00000002 * #define KRB5_CTX_FLAG_ACCEPTOR_SUBKEY 0x00000004 * s32 endtime; * u64 seq_send; * u32 enctype; * rawkey data */ if (kctx->initiate) v2_flags |= KRB5_CTX_FLAG_INITIATOR; if (kctx->proto == 1) v2_flags |= KRB5_CTX_FLAG_CFX; if (kctx->have_acceptor_subkey) v2_flags |= KRB5_CTX_FLAG_ACCEPTOR_SUBKEY; if (WRITE_BYTES(&p, end, v2_flags)) goto out_err; if (WRITE_BYTES(&p, end, kctx->endtime)) goto out_err; seq_send_64bit = kctx->seq_send; if (WRITE_BYTES(&p, end, seq_send_64bit)) goto out_err; if (kctx->have_acceptor_subkey) { if (WRITE_BYTES(&p, end, kctx->acceptor_subkey->enctype)) goto out_err; printerr(2, "serialize_krb5_ctx: serializing subkey " "with enctype %d and size %d\n", kctx->acceptor_subkey->enctype, kctx->acceptor_subkey->length); if (write_bytes(&p, end, kctx->acceptor_subkey->contents, kctx->acceptor_subkey->length)) goto out_err; } else { if (WRITE_BYTES(&p, end, kctx->enc->enctype)) goto out_err; printerr(2, "serialize_krb5_ctx: serializing key " "with enctype %d and size %d\n", kctx->enc->enctype, kctx->enc->length); if (write_bytes(&p, end, kctx->enc->contents, kctx->enc->length)) goto out_err; } break; default: printerr(0, "ERROR: serialize_krb5_ctx: unsupported encryption " "algorithm %d\n", kctx->enc->enctype); goto out_err; } buf->length = p - (char *)buf->value; return 0; out_err: printerr(0, "ERROR: failed serializing krb5 context for kernel\n"); if (buf->value) { free(buf->value); } buf->value = NULL; buf->length = 0; return -1; }
/* * Prepare a new-style buffer, as defined in rfc4121 (a.k.a. cfx), * to send to the kernel for newer encryption types -- or for DES3. * * The new format is: * * u32 initiate; ( whether we are the initiator or not ) * s32 endtime; * u32 flags; * #define KRB5_CTX_FLAG_INITIATOR 0x00000001 * #define KRB5_CTX_FLAG_CFX 0x00000002 * #define KRB5_CTX_FLAG_ACCEPTOR_SUBKEY 0x00000004 * u64 seq_send; * u32 enctype; ( encrption type of keys ) * u32 size_of_each_key; ( size of each key in bytes ) * u32 number_of_keys; ( N -- should always be 3 for now ) * keydata-1; ( Ke ) * keydata-2; ( Ki ) * keydata-3; ( Kc ) * */ static int prepare_krb5_rfc4121_buffer(gss_krb5_lucid_context_v1_t *lctx, gss_buffer_desc *buf) { static int constant_two = 2; char *p, *end; uint32_t v2_flags = 0; gss_krb5_lucid_key_t enc_key; gss_krb5_lucid_key_t derived_key; gss_buffer_desc fakeoid; uint32_t enctype; uint32_t keysize; uint32_t numkeys; memset(&enc_key, 0, sizeof(enc_key)); memset(&fakeoid, 0, sizeof(fakeoid)); if (!(buf->value = calloc(1, MAX_CTX_LEN))) goto out_err; p = buf->value; end = buf->value + MAX_CTX_LEN; /* Version 2 */ if (WRITE_BYTES(&p, end, constant_two)) goto out_err; if (WRITE_BYTES(&p, end, lctx->endtime)) goto out_err; if (lctx->initiate) v2_flags |= KRB5_CTX_FLAG_INITIATOR; if (lctx->protocol != 0) v2_flags |= KRB5_CTX_FLAG_CFX; if (lctx->protocol != 0 && lctx->cfx_kd.have_acceptor_subkey == 1) v2_flags |= KRB5_CTX_FLAG_ACCEPTOR_SUBKEY; if (WRITE_BYTES(&p, end, v2_flags)) goto out_err; if (WRITE_BYTES(&p, end, lctx->send_seq)) goto out_err; /* Protocol 0 here implies DES3 or RC4 */ printerr(3, "protocol %d\n", lctx->protocol); if (lctx->protocol == 0) { enctype = lctx->rfc1964_kd.ctx_key.type; #ifdef HAVE_HEIMDAL /* * The kernel gss code expects ENCTYPE_DES3_CBC_RAW (6) for * 3des keys, but Heimdal key has ENCTYPE_DES3_CBC_SHA1 (16). * Force the Heimdal enctype to 6. */ if (enctype == ENCTYPE_DES3_CBC_SHA1) { printerr(2, "%s: overriding heimdal keytype (%d => %d)\n", __FUNCTION__, enctype, 6); enctype = 6; } #endif keysize = lctx->rfc1964_kd.ctx_key.length; numkeys = 3; /* XXX is always gonna be three? */ } else { if (lctx->cfx_kd.have_acceptor_subkey) { enctype = lctx->cfx_kd.acceptor_subkey.type; keysize = lctx->cfx_kd.acceptor_subkey.length; } else { enctype = lctx->cfx_kd.ctx_key.type; keysize = lctx->cfx_kd.ctx_key.length; } numkeys = 3; } printerr(3, "serializing %d keys with enctype %d and size %d\n", numkeys, enctype, keysize); if (WRITE_BYTES(&p, end, enctype)) goto out_err; if (WRITE_BYTES(&p, end, keysize)) goto out_err; if (WRITE_BYTES(&p, end, numkeys)) goto out_err; if (lctx->protocol == 0) { /* derive and send down: Ke, Ki, and Kc */ /* Ke */ if (write_bytes(&p, end, lctx->rfc1964_kd.ctx_key.data, lctx->rfc1964_kd.ctx_key.length)) goto out_err; /* Ki */ if (write_bytes(&p, end, lctx->rfc1964_kd.ctx_key.data, lctx->rfc1964_kd.ctx_key.length)) goto out_err; /* Kc */ /* * RC4 is special, it dosen't need key derivation. Actually * the Ke is based on plain text. Here we just let all three * key identical, kernel will handle everything. --ericm */ if (lctx->rfc1964_kd.ctx_key.type == ENCTYPE_ARCFOUR_HMAC) { if (write_bytes(&p, end, lctx->rfc1964_kd.ctx_key.data, lctx->rfc1964_kd.ctx_key.length)) goto out_err; } else { if (derive_key_lucid(&lctx->rfc1964_kd.ctx_key, &derived_key, KG_USAGE_SIGN, KEY_USAGE_SEED_CHECKSUM)) goto out_err; if (write_bytes(&p, end, derived_key.data, derived_key.length)) goto out_err; free(derived_key.data); } } else { gss_krb5_lucid_key_t *keyptr; uint32_t sign_usage, seal_usage; if (lctx->cfx_kd.have_acceptor_subkey) keyptr = &lctx->cfx_kd.acceptor_subkey; else keyptr = &lctx->cfx_kd.ctx_key; #if 0 if (lctx->initiate == 1) { sign_usage = KG_USAGE_INITIATOR_SIGN; seal_usage = KG_USAGE_INITIATOR_SEAL; } else { sign_usage = KG_USAGE_ACCEPTOR_SIGN; seal_usage = KG_USAGE_ACCEPTOR_SEAL; } #else /* FIXME * These are from rfc4142, but I don't understand: if we supply * different 'usage' value for client & server, then the peers * will have different derived keys. How could this work? * * Here we simply use old SIGN/SEAL values until we find the * answer. --ericm * FIXME */ sign_usage = KG_USAGE_SIGN; seal_usage = KG_USAGE_SEAL; #endif /* derive and send down: Ke, Ki, and Kc */ /* Ke */ if (derive_key_lucid(keyptr, &derived_key, seal_usage, KEY_USAGE_SEED_ENCRYPTION)) goto out_err; if (write_bytes(&p, end, derived_key.data, derived_key.length)) goto out_err; free(derived_key.data); /* Ki */ if (derive_key_lucid(keyptr, &derived_key, seal_usage, KEY_USAGE_SEED_INTEGRITY)) goto out_err; if (write_bytes(&p, end, derived_key.data, derived_key.length)) goto out_err; free(derived_key.data); /* Kc */ if (derive_key_lucid(keyptr, &derived_key, sign_usage, KEY_USAGE_SEED_CHECKSUM)) goto out_err; if (write_bytes(&p, end, derived_key.data, derived_key.length)) goto out_err; free(derived_key.data); } buf->length = p - (char *)buf->value; return 0; out_err: printerr(0, "ERROR: %s: failed serializing krb5 context for kernel\n", __FUNCTION__); if (buf->value) { free(buf->value); buf->value = NULL; } buf->length = 0; if (enc_key.data) { free(enc_key.data); enc_key.data = NULL; } return -1; }
int serialize_krb5_ctx(gss_ctx_id_t *_ctx, gss_buffer_desc *buf, int32_t *endtime) { gss_ctx_id_t ctx = *_ctx; char *p, *end; static int constant_one = 1; static int constant_zero = 0; unsigned char fakeseed[16]; uint32_t algorithm; if (!(buf->value = calloc(1, MAX_CTX_LEN))) goto out_err; p = buf->value; end = buf->value + MAX_CTX_LEN; /* initiate: 1 => initiating 0 => accepting */ if (ctx->more_flags & LOCAL) { if (WRITE_BYTES(&p, end, constant_one)) goto out_err; } else { if (WRITE_BYTES(&p, end, constant_zero)) goto out_err; } /* seed_init: not used by kernel code */ if (WRITE_BYTES(&p, end, constant_zero)) goto out_err; /* seed: not used by kernel code */ memset(&fakeseed, 0, sizeof(fakeseed)); if (write_bytes(&p, end, &fakeseed, 16)) goto out_err; /* signalg */ algorithm = 0; /* SGN_ALG_DES_MAC_MD5 XXX */ if (WRITE_BYTES(&p, end, algorithm)) goto out_err; /* sealalg */ algorithm = 0; /* SEAL_ALG_DES XXX */ if (WRITE_BYTES(&p, end, algorithm)) goto out_err; /* endtime */ if (WRITE_BYTES(&p, end, ctx->lifetime)) goto out_err; if (endtime) *endtime = ctx->lifetime; /* seq_send */ if (WRITE_BYTES(&p, end, ctx->auth_context->local_seqnumber)) goto out_err; /* mech_used */ if (write_buffer(&p, end, (gss_buffer_desc*)&krb5oid)) goto out_err; /* enc: derive the encryption key and copy it into buffer */ if (write_heimdal_enc_key(&p, end, ctx)) goto out_err; /* seq: get the sequence number key and copy it into buffer */ if (write_heimdal_seq_key(&p, end, ctx)) goto out_err; buf->length = p - (char *)buf->value; printerr(2, "serialize_krb5_ctx: returning buffer " "with %d bytes\n", buf->length); return 0; out_err: printerr(0, "ERROR: failed exporting Heimdal krb5 ctx to kernel\n"); if (buf->value) free(buf->value); buf->length = 0; return -1; }
static int prepare_krb5_rfc1964_buffer(gss_krb5_lucid_context_v1_t *lctx, gss_buffer_desc *buf) { char *p, *end; static int constant_zero = 0; unsigned char fakeseed[16] = { 0 }; uint32_t word_send_seq; gss_krb5_lucid_key_t enc_key; int i; char *skd, *dkd; gss_buffer_desc fakeoid; /* * The new Kerberos interface to get the gss context * does not include the seed or seed_init fields * because we never really use them. But for now, * send down a fake buffer so we can use the same * interface to the kernel. */ memset(&enc_key, 0, sizeof(enc_key)); memset(&fakeoid, 0, sizeof(fakeoid)); if (!(buf->value = calloc(1, MAX_CTX_LEN))) goto out_err; p = buf->value; end = buf->value + MAX_CTX_LEN; if (WRITE_BYTES(&p, end, lctx->initiate)) goto out_err; /* seed_init and seed not used by kernel anyway */ if (WRITE_BYTES(&p, end, constant_zero)) goto out_err; if (write_bytes(&p, end, &fakeseed, 16)) goto out_err; if (WRITE_BYTES(&p, end, lctx->rfc1964_kd.sign_alg)) goto out_err; if (WRITE_BYTES(&p, end, lctx->rfc1964_kd.seal_alg)) goto out_err; if (WRITE_BYTES(&p, end, lctx->endtime)) goto out_err; word_send_seq = lctx->send_seq; /* XXX send_seq is 64-bit */ if (WRITE_BYTES(&p, end, word_send_seq)) goto out_err; if (write_oid(&p, end, &krb5oid)) goto out_err; #ifdef HAVE_HEIMDAL /* * The kernel gss code expects des-cbc-raw for all flavors of des. * The keytype from MIT has this type, but Heimdal does not. * Force the Heimdal keytype to 4 (des-cbc-raw). * Note that the rfc1964 version only supports DES enctypes. */ if (lctx->rfc1964_kd.ctx_key.type != 4) { printerr(2, "%s: overriding heimdal keytype (%d => %d)\n", __FUNCTION__, lctx->rfc1964_kd.ctx_key.type, 4); lctx->rfc1964_kd.ctx_key.type = 4; } #endif printerr(2, "%s: serializing keys with enctype %d and length %d\n", __FUNCTION__, lctx->rfc1964_kd.ctx_key.type, lctx->rfc1964_kd.ctx_key.length); /* derive the encryption key and copy it into buffer */ enc_key.type = lctx->rfc1964_kd.ctx_key.type; enc_key.length = lctx->rfc1964_kd.ctx_key.length; if ((enc_key.data = calloc(1, enc_key.length)) == NULL) goto out_err; skd = (char *) lctx->rfc1964_kd.ctx_key.data; dkd = (char *) enc_key.data; for (i = 0; i < enc_key.length; i++) dkd[i] = skd[i] ^ 0xf0; if (write_lucid_keyblock(&p, end, &enc_key)) { free(enc_key.data); goto out_err; } free(enc_key.data); if (write_lucid_keyblock(&p, end, &lctx->rfc1964_kd.ctx_key)) goto out_err; buf->length = p - (char *)buf->value; return 0; out_err: printerr(0, "ERROR: failed serializing krb5 context for kernel\n"); if (buf->value) free(buf->value); buf->length = 0; if (enc_key.data) free(enc_key.data); return -1; }
int git_index__write(git_index *index, git_filelock *file) { static const char NULL_BYTES[] = {0, 0, 0, 0, 0, 0, 0, 0}; int error = 0; unsigned int i; git_hash_ctx *digest; git_oid hash_final; assert(index && file && file->is_locked); if ((digest = git_hash_new_ctx()) == NULL) return GIT_ENOMEM; #define WRITE_WORD(_word) {\ uint32_t network_word = htonl((_word));\ git_filelock_write(file, &network_word, 4);\ git_hash_update(digest, &network_word, 4);\ } #define WRITE_SHORT(_shrt) {\ uint16_t network_shrt = htons((_shrt));\ git_filelock_write(file, &network_shrt, 2);\ git_hash_update(digest, &network_shrt, 2);\ } #define WRITE_BYTES(_bytes, _n) {\ git_filelock_write(file, _bytes, _n);\ git_hash_update(digest, _bytes, _n);\ } WRITE_BYTES(INDEX_HEADER_SIG, 4); WRITE_WORD(INDEX_VERSION_NUMBER); WRITE_WORD(index->entry_count); for (i = 0; i < index->entry_count; ++i) { git_index_entry *entry; size_t path_length, padding; entry = &index->entries[i]; path_length = strlen(entry->path); WRITE_WORD(entry->ctime.seconds); WRITE_WORD(entry->ctime.nanoseconds); WRITE_WORD(entry->mtime.seconds); WRITE_WORD(entry->mtime.nanoseconds); WRITE_WORD(entry->dev); WRITE_WORD(entry->ino); WRITE_WORD(entry->mode); WRITE_WORD(entry->uid); WRITE_WORD(entry->gid); WRITE_WORD(entry->file_size); WRITE_BYTES(entry->oid.id, GIT_OID_RAWSZ); WRITE_SHORT(entry->flags); if (entry->flags & GIT_IDXENTRY_EXTENDED) { WRITE_SHORT(entry->flags_extended); padding = long_entry_padding(path_length); } else padding = short_entry_padding(path_length); WRITE_BYTES(entry->path, path_length); WRITE_BYTES(NULL_BYTES, padding); } #undef WRITE_WORD #undef WRITE_BYTES #undef WRITE_SHORT #undef WRITE_FLAGS /* TODO: write extensions (tree cache) */ git_hash_final(&hash_final, digest); git_hash_free_ctx(digest); git_filelock_write(file, hash_final.id, GIT_OID_RAWSZ); return error; }
/* * Prepare a new-style buffer, as defined in rfc4121 (a.k.a. cfx), * to send to the kernel for newer encryption types -- or for DES3. * * The new format is: * * u32 flags; * #define KRB5_CTX_FLAG_INITIATOR 0x00000001 * #define KRB5_CTX_FLAG_CFX 0x00000002 * #define KRB5_CTX_FLAG_ACCEPTOR_SUBKEY 0x00000004 * s32 endtime; * u64 seq_send; * u32 enctype; ( encrption type of key ) * raw key; ( raw key bytes (kernel will derive)) * */ static int prepare_krb5_rfc4121_buffer(gss_krb5_lucid_context_v1_t *lctx, gss_buffer_desc *buf, int32_t *endtime) { char *p, *end; uint32_t v2_flags = 0; uint32_t enctype; uint32_t keysize; if (!(buf->value = calloc(1, MAX_CTX_LEN))) goto out_err; p = buf->value; end = buf->value + MAX_CTX_LEN; /* Version 2 */ if (lctx->initiate) v2_flags |= KRB5_CTX_FLAG_INITIATOR; if (lctx->protocol != 0) v2_flags |= KRB5_CTX_FLAG_CFX; if (lctx->protocol != 0 && lctx->cfx_kd.have_acceptor_subkey == 1) v2_flags |= KRB5_CTX_FLAG_ACCEPTOR_SUBKEY; if (WRITE_BYTES(&p, end, v2_flags)) goto out_err; if (WRITE_BYTES(&p, end, lctx->endtime)) goto out_err; if (endtime) *endtime = lctx->endtime; if (WRITE_BYTES(&p, end, lctx->send_seq)) goto out_err; /* Protocol 0 here implies DES3 or RC4 */ printerr(2, "%s: protocol %d\n", __FUNCTION__, lctx->protocol); if (lctx->protocol == 0) { enctype = lctx->rfc1964_kd.ctx_key.type; keysize = lctx->rfc1964_kd.ctx_key.length; } else { if (lctx->cfx_kd.have_acceptor_subkey) { enctype = lctx->cfx_kd.acceptor_subkey.type; keysize = lctx->cfx_kd.acceptor_subkey.length; } else { enctype = lctx->cfx_kd.ctx_key.type; keysize = lctx->cfx_kd.ctx_key.length; } } printerr(2, "%s: serializing key with enctype %d and size %d\n", __FUNCTION__, enctype, keysize); if (WRITE_BYTES(&p, end, enctype)) goto out_err; if (lctx->protocol == 0) { if (write_bytes(&p, end, lctx->rfc1964_kd.ctx_key.data, lctx->rfc1964_kd.ctx_key.length)) goto out_err; } else { if (lctx->cfx_kd.have_acceptor_subkey) { if (write_bytes(&p, end, lctx->cfx_kd.acceptor_subkey.data, lctx->cfx_kd.acceptor_subkey.length)) goto out_err; } else { if (write_bytes(&p, end, lctx->cfx_kd.ctx_key.data, lctx->cfx_kd.ctx_key.length)) goto out_err; } } buf->length = p - (char *)buf->value; return 0; out_err: printerr(0, "ERROR: %s: failed serializing krb5 context for kernel\n", __FUNCTION__); if (buf->value) { free(buf->value); buf->value = NULL; } buf->length = 0; return -1; }