#include "k5-int.h"
#include "int-proto.h"
#include "auth_con.h"
#define TOKEN_RADDR 950916
#define TOKEN_RPORT 950917
#define TOKEN_LADDR 950918
#define TOKEN_LPORT 950919
#define TOKEN_KEYBLOCK 950920
#define TOKEN_LSKBLOCK 950921
#define TOKEN_RSKBLOCK 950922
static krb5_error_code krb5_auth_context_size
(krb5_context, krb5_pointer, size_t *);
static krb5_error_code krb5_auth_context_externalize
(krb5_context, krb5_pointer, krb5_octet **, size_t *);
static krb5_error_code krb5_auth_context_internalize
(krb5_context,krb5_pointer *, krb5_octet **, size_t *);
static const krb5_ser_entry krb5_auth_context_ser_entry = {
KV5M_AUTH_CONTEXT,
krb5_auth_context_size,
krb5_auth_context_externalize,
krb5_auth_context_internalize
};
static krb5_error_code
krb5_auth_context_size(krb5_context kcontext, krb5_pointer arg, size_t *sizep)
{
krb5_error_code kret;
krb5_auth_context auth_context;
size_t required;
kret = EINVAL;
if ((auth_context = (krb5_auth_context) arg)) {
kret = 0;
if (auth_context->i_vector && auth_context->keyblock) {
kret = krb5_c_block_size(kcontext, auth_context->keyblock->enctype,
&required);
} else {
required = 0;
}
required += sizeof(krb5_int32)*8;
if (!kret && auth_context->remote_addr) {
kret = krb5_size_opaque(kcontext,
KV5M_ADDRESS,
(krb5_pointer) auth_context->remote_addr,
&required);
if (!kret)
required += sizeof(krb5_int32);
}
if (!kret && auth_context->remote_port) {
kret = krb5_size_opaque(kcontext,
KV5M_ADDRESS,
(krb5_pointer) auth_context->remote_port,
&required);
if (!kret)
required += sizeof(krb5_int32);
}
if (!kret && auth_context->local_addr) {
kret = krb5_size_opaque(kcontext,
KV5M_ADDRESS,
(krb5_pointer) auth_context->local_addr,
&required);
if (!kret)
required += sizeof(krb5_int32);
}
if (!kret && auth_context->local_port) {
kret = krb5_size_opaque(kcontext,
KV5M_ADDRESS,
(krb5_pointer) auth_context->local_port,
&required);
if (!kret)
required += sizeof(krb5_int32);
}
if (!kret && auth_context->keyblock) {
kret = krb5_size_opaque(kcontext,
KV5M_KEYBLOCK,
(krb5_pointer) auth_context->keyblock,
&required);
if (!kret)
required += sizeof(krb5_int32);
}
if (!kret && auth_context->send_subkey) {
kret = krb5_size_opaque(kcontext,
KV5M_KEYBLOCK,
(krb5_pointer) auth_context->send_subkey,
&required);
if (!kret)
required += sizeof(krb5_int32);
}
if (!kret && auth_context->recv_subkey) {
kret = krb5_size_opaque(kcontext,
KV5M_KEYBLOCK,
(krb5_pointer) auth_context->recv_subkey,
&required);
if (!kret)
required += sizeof(krb5_int32);
}
if (!kret && auth_context->authentp)
kret = krb5_size_opaque(kcontext,
KV5M_AUTHENTICATOR,
(krb5_pointer) auth_context->authentp,
&required);
}
if (!kret)
*sizep += required;
return(kret);
}
static krb5_error_code
krb5_auth_context_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet **buffer, size_t *lenremain)
{
krb5_error_code kret;
krb5_auth_context auth_context;
size_t required;
krb5_octet *bp;
size_t remain;
size_t obuf;
krb5_int32 obuf32;
required = 0;
bp = *buffer;
remain = *lenremain;
kret = EINVAL;
if ((auth_context = (krb5_auth_context) arg)) {
kret = ENOMEM;
if (!krb5_auth_context_size(kcontext, arg, &required) &&
(required <= remain)) {
(void) krb5_ser_pack_int32(KV5M_AUTH_CONTEXT, &bp, &remain);
(void) krb5_ser_pack_int32(auth_context->auth_context_flags,
&bp, &remain);
(void) krb5_ser_pack_int32(auth_context->remote_seq_number,
&bp, &remain);
(void) krb5_ser_pack_int32(auth_context->local_seq_number,
&bp, &remain);
(void) krb5_ser_pack_int32((krb5_int32) auth_context->req_cksumtype,
&bp, &remain);
(void) krb5_ser_pack_int32((krb5_int32) auth_context->safe_cksumtype,
&bp, &remain);
kret = 0;
if (auth_context->i_vector) {
kret = krb5_c_block_size(kcontext,
auth_context->keyblock->enctype,
&obuf);
} else {
obuf = 0;
}
obuf32 = obuf;
if (kret == 0 && obuf != obuf32)
kret = EINVAL;
if (!kret)
(void) krb5_ser_pack_int32(obuf32, &bp, &remain);
if (!kret && auth_context->i_vector)
(void) krb5_ser_pack_bytes(auth_context->i_vector,
obuf,
&bp, &remain);
if (!kret && auth_context->remote_addr) {
(void) krb5_ser_pack_int32(TOKEN_RADDR, &bp, &remain);
kret = krb5_externalize_opaque(kcontext,
KV5M_ADDRESS,
(krb5_pointer)
auth_context->remote_addr,
&bp,
&remain);
}
if (!kret && auth_context->remote_port) {
(void) krb5_ser_pack_int32(TOKEN_RPORT, &bp, &remain);
kret = krb5_externalize_opaque(kcontext,
KV5M_ADDRESS,
(krb5_pointer)
auth_context->remote_addr,
&bp,
&remain);
}
if (!kret && auth_context->local_addr) {
(void) krb5_ser_pack_int32(TOKEN_LADDR, &bp, &remain);
kret = krb5_externalize_opaque(kcontext,
KV5M_ADDRESS,
(krb5_pointer)
auth_context->local_addr,
&bp,
&remain);
}
if (!kret && auth_context->local_port) {
(void) krb5_ser_pack_int32(TOKEN_LPORT, &bp, &remain);
kret = krb5_externalize_opaque(kcontext,
KV5M_ADDRESS,
(krb5_pointer)
auth_context->local_addr,
&bp,
&remain);
}
if (!kret && auth_context->keyblock) {
(void) krb5_ser_pack_int32(TOKEN_KEYBLOCK, &bp, &remain);
kret = krb5_externalize_opaque(kcontext,
KV5M_KEYBLOCK,
(krb5_pointer)
auth_context->keyblock,
&bp,
&remain);
}
if (!kret && auth_context->send_subkey) {
(void) krb5_ser_pack_int32(TOKEN_LSKBLOCK, &bp, &remain);
kret = krb5_externalize_opaque(kcontext,
KV5M_KEYBLOCK,
(krb5_pointer)
auth_context->send_subkey,
&bp,
&remain);
}
if (!kret && auth_context->recv_subkey) {
(void) krb5_ser_pack_int32(TOKEN_RSKBLOCK, &bp, &remain);
kret = krb5_externalize_opaque(kcontext,
KV5M_KEYBLOCK,
(krb5_pointer)
auth_context->recv_subkey,
&bp,
&remain);
}
if (!kret && auth_context->authentp)
kret = krb5_externalize_opaque(kcontext,
KV5M_AUTHENTICATOR,
(krb5_pointer)
auth_context->authentp,
&bp,
&remain);
if (!kret) {
(void) krb5_ser_pack_int32(KV5M_AUTH_CONTEXT, &bp, &remain);
*buffer = bp;
*lenremain = remain;
}
}
}
return(kret);
}
static krb5_error_code
krb5_auth_context_internalize(krb5_context kcontext, krb5_pointer *argp, krb5_octet **buffer, size_t *lenremain)
{
krb5_error_code kret;
krb5_auth_context auth_context;
krb5_int32 ibuf;
krb5_octet *bp;
size_t remain;
krb5_int32 ivlen;
krb5_int32 tag;
bp = *buffer;
remain = *lenremain;
kret = EINVAL;
if (krb5_ser_unpack_int32(&ibuf, &bp, &remain))
ibuf = 0;
if (ibuf == KV5M_AUTH_CONTEXT) {
kret = ENOMEM;
if ((remain >= (5*sizeof(krb5_int32))) &&
(auth_context = (krb5_auth_context)
malloc(sizeof(struct _krb5_auth_context)))) {
memset(auth_context, 0, sizeof(struct _krb5_auth_context));
(void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
auth_context->auth_context_flags = ibuf;
(void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
auth_context->remote_seq_number = ibuf;
(void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
auth_context->local_seq_number = ibuf;
(void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
auth_context->req_cksumtype = (krb5_cksumtype) ibuf;
(void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
auth_context->safe_cksumtype = (krb5_cksumtype) ibuf;
(void) krb5_ser_unpack_int32(&ivlen, &bp, &remain);
if (ivlen) {
if ((auth_context->i_vector =
(krb5_pointer) malloc((size_t)ivlen)))
kret = krb5_ser_unpack_bytes(auth_context->i_vector,
(size_t) ivlen,
&bp,
&remain);
else
kret = ENOMEM;
}
else
kret = 0;
tag = 0;
if (!kret)
kret = krb5_ser_unpack_int32(&tag, &bp, &remain);
if (!kret && (tag == TOKEN_RADDR)) {
if (!(kret = krb5_internalize_opaque(kcontext,
KV5M_ADDRESS,
(krb5_pointer *)
&auth_context->
remote_addr,
&bp,
&remain)))
kret = krb5_ser_unpack_int32(&tag, &bp, &remain);
}
if (!kret && (tag == TOKEN_RPORT)) {
if (!(kret = krb5_internalize_opaque(kcontext,
KV5M_ADDRESS,
(krb5_pointer *)
&auth_context->
remote_port,
&bp,
&remain)))
kret = krb5_ser_unpack_int32(&tag, &bp, &remain);
}
if (!kret && (tag == TOKEN_LADDR)) {
if (!(kret = krb5_internalize_opaque(kcontext,
KV5M_ADDRESS,
(krb5_pointer *)
&auth_context->
local_addr,
&bp,
&remain)))
kret = krb5_ser_unpack_int32(&tag, &bp, &remain);
}
if (!kret && (tag == TOKEN_LPORT)) {
if (!(kret = krb5_internalize_opaque(kcontext,
KV5M_ADDRESS,
(krb5_pointer *)
&auth_context->
local_port,
&bp,
&remain)))
kret = krb5_ser_unpack_int32(&tag, &bp, &remain);
}
if (!kret && (tag == TOKEN_KEYBLOCK)) {
if (!(kret = krb5_internalize_opaque(kcontext,
KV5M_KEYBLOCK,
(krb5_pointer *)
&auth_context->keyblock,
&bp,
&remain)))
kret = krb5_ser_unpack_int32(&tag, &bp, &remain);
}
if (!kret && (tag == TOKEN_LSKBLOCK)) {
if (!(kret = krb5_internalize_opaque(kcontext,
KV5M_KEYBLOCK,
(krb5_pointer *)
&auth_context->
send_subkey,
&bp,
&remain)))
kret = krb5_ser_unpack_int32(&tag, &bp, &remain);
}
if (!kret) {
if (tag == TOKEN_RSKBLOCK) {
kret = krb5_internalize_opaque(kcontext,
KV5M_KEYBLOCK,
(krb5_pointer *)
&auth_context->
recv_subkey,
&bp,
&remain);
}
else {
bp -= sizeof(krb5_int32);
remain += sizeof(krb5_int32);
}
}
if (!kret) {
if ((kret = krb5_internalize_opaque(kcontext,
KV5M_AUTHENTICATOR,
(krb5_pointer *)
&auth_context->authentp,
&bp,
&remain))) {
if (kret == EINVAL)
kret = 0;
}
}
if (!kret) {
kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
if (!kret && (ibuf != KV5M_AUTH_CONTEXT))
kret = EINVAL;
}
if (!kret) {
*buffer = bp;
*lenremain = remain;
auth_context->magic = KV5M_AUTH_CONTEXT;
*argp = (krb5_pointer) auth_context;
}
else
krb5_auth_con_free(kcontext, auth_context);
}
}
return(kret);
}
krb5_error_code KRB5_CALLCONV
krb5_ser_auth_context_init(krb5_context kcontext)
{
krb5_error_code kret;
kret = krb5_register_serializer(kcontext, &krb5_auth_context_ser_entry);
if (!kret)
kret = krb5_ser_authdata_init(kcontext);
if (!kret)
kret = krb5_ser_address_init(kcontext);
if (!kret)
kret = krb5_ser_authenticator_init(kcontext);
if (!kret)
kret = krb5_ser_checksum_init(kcontext);
if (!kret)
kret = krb5_ser_keyblock_init(kcontext);
if (!kret)
kret = krb5_ser_principal_init(kcontext);
return(kret);
}