-: 0:Source:ser_sctx.c -: 0:Graph:/var/tsitkova/Sources/v10/trunk/src/lib/gssapi/krb5/ser_sctx.so.gcno -: 0:Data:/var/tsitkova/Sources/v10/trunk/src/lib/gssapi/krb5/ser_sctx.so.gcda -: 0:Runs:1069 -: 0:Programs:1 -: 1:/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -: 2:/* lib/gssapi/krb5/ser_sctx.c - [De]serialization of security context */ -: 3:/* -: 4: * Copyright 1995, 2004, 2008 by the Massachusetts Institute of Technology. -: 5: * All Rights Reserved. -: 6: * -: 7: * Export of this software from the United States of America may -: 8: * require a specific license from the United States Government. -: 9: * It is the responsibility of any person or organization contemplating -: 10: * export to obtain such a license before exporting. -: 11: * -: 12: * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and -: 13: * distribute this software and its documentation for any purpose and -: 14: * without fee is hereby granted, provided that the above copyright -: 15: * notice appear in all copies and that both that copyright notice and -: 16: * this permission notice appear in supporting documentation, and that -: 17: * the name of M.I.T. not be used in advertising or publicity pertaining -: 18: * to distribution of the software without specific, written prior -: 19: * permission. Furthermore if you modify this software you must label -: 20: * your software as modified software and not distribute it in such a -: 21: * fashion that it might be confused with the original M.I.T. software. -: 22: * M.I.T. makes no representations about the suitability of -: 23: * this software for any purpose. It is provided "as is" without express -: 24: * or implied warranty. -: 25: */ -: 26: -: 27:#include "k5-int.h" -: 28:#include "gssapiP_krb5.h" -: 29: -: 30:/* -: 31: * This module contains routines to [de]serialize -: 32: * krb5_gss_enc_desc and krb5_gss_ctx_id_t. -: 33: * XXX This whole serialization abstraction is unnecessary in a -: 34: * non-messaging environment, which krb5 is. Someday, this should -: 35: * all get redone without the extra level of indirection. I've done -: 36: * some of this work here, since adding new serializers is an internal -: 37: * krb5 interface, and I won't use those. There is some more -: 38: * deobfuscation (no longer anonymizing pointers, mostly) which could -: 39: * still be done. --marc -: 40: */ -: 41: -: 42:static krb5_error_code #####: 43:kg_oid_externalize(kcontext, arg, buffer, lenremain) -: 44: krb5_context kcontext; -: 45: krb5_pointer arg; -: 46: krb5_octet **buffer; -: 47: size_t *lenremain; -: 48:{ #####: 49: gss_OID oid = (gss_OID) arg; -: 50: krb5_error_code err; -: 51: #####: 52: err = krb5_ser_pack_int32(KV5M_GSS_OID, buffer, lenremain); #####: 53: if (err) #####: 54: return err; #####: 55: err = krb5_ser_pack_int32((krb5_int32) oid->length, -: 56: buffer, lenremain); #####: 57: if (err) #####: 58: return err; #####: 59: err = krb5_ser_pack_bytes((krb5_octet *) oid->elements, -: 60: oid->length, buffer, lenremain); #####: 61: if (err) #####: 62: return err; #####: 63: err = krb5_ser_pack_int32(KV5M_GSS_OID, buffer, lenremain); #####: 64: return err; -: 65:} -: 66: -: 67:static krb5_error_code #####: 68:kg_oid_internalize(kcontext, argp, buffer, lenremain) -: 69: krb5_context kcontext; -: 70: krb5_pointer *argp; -: 71: krb5_octet **buffer; -: 72: size_t *lenremain; -: 73:{ -: 74: gss_OID oid; -: 75: krb5_int32 ibuf; -: 76: krb5_octet *bp; -: 77: size_t remain; -: 78: #####: 79: bp = *buffer; #####: 80: remain = *lenremain; -: 81: -: 82: /* Read in and check our magic number */ #####: 83: if (krb5_ser_unpack_int32(&ibuf, &bp, &remain)) #####: 84: return (EINVAL); -: 85: #####: 86: if (ibuf != KV5M_GSS_OID) #####: 87: return (EINVAL); -: 88: #####: 89: oid = (gss_OID) malloc(sizeof(gss_OID_desc)); #####: 90: if (oid == NULL) #####: 91: return ENOMEM; #####: 92: if (krb5_ser_unpack_int32(&ibuf, &bp, &remain)) { #####: 93: free(oid); #####: 94: return EINVAL; -: 95: } #####: 96: oid->length = ibuf; #####: 97: oid->elements = malloc((size_t)ibuf); #####: 98: if (oid->elements == 0) { #####: 99: free(oid); #####: 100: return ENOMEM; -: 101: } #####: 102: if (krb5_ser_unpack_bytes((krb5_octet *) oid->elements, -: 103: oid->length, &bp, &remain)) { #####: 104: free(oid->elements); #####: 105: free(oid); #####: 106: return EINVAL; -: 107: } -: 108: -: 109: /* Read in and check our trailing magic number */ #####: 110: if (krb5_ser_unpack_int32(&ibuf, &bp, &remain)) { #####: 111: free(oid->elements); #####: 112: free(oid); #####: 113: return (EINVAL); -: 114: } -: 115: #####: 116: if (ibuf != KV5M_GSS_OID) { #####: 117: free(oid->elements); #####: 118: free(oid); #####: 119: return (EINVAL); -: 120: } -: 121: #####: 122: *buffer = bp; #####: 123: *lenremain = remain; #####: 124: *argp = (krb5_pointer) oid; #####: 125: return 0; -: 126:} -: 127: -: 128:static krb5_error_code #####: 129:kg_oid_size(kcontext, arg, sizep) -: 130: krb5_context kcontext; -: 131: krb5_pointer arg; -: 132: size_t *sizep; -: 133:{ -: 134: krb5_error_code kret; -: 135: gss_OID oid; -: 136: size_t required; -: 137: #####: 138: kret = EINVAL; #####: 139: if ((oid = (gss_OID) arg)) { #####: 140: required = 2*sizeof(krb5_int32); /* For the header and trailer */ #####: 141: required += sizeof(krb5_int32); #####: 142: required += oid->length; -: 143: #####: 144: kret = 0; -: 145: #####: 146: *sizep += required; -: 147: } -: 148: #####: 149: return(kret); -: 150:} -: 151: -: 152:static krb5_error_code #####: 153:kg_queue_externalize(kcontext, arg, buffer, lenremain) -: 154: krb5_context kcontext; -: 155: krb5_pointer arg; -: 156: krb5_octet **buffer; -: 157: size_t *lenremain; -: 158:{ -: 159: krb5_error_code err; #####: 160: err = krb5_ser_pack_int32(KV5M_GSS_QUEUE, buffer, lenremain); #####: 161: if (err == 0) #####: 162: err = g_queue_externalize(arg, buffer, lenremain); #####: 163: if (err == 0) #####: 164: err = krb5_ser_pack_int32(KV5M_GSS_QUEUE, buffer, lenremain); #####: 165: return err; -: 166:} -: 167: -: 168:static krb5_error_code #####: 169:kg_queue_internalize(kcontext, argp, buffer, lenremain) -: 170: krb5_context kcontext; -: 171: krb5_pointer *argp; -: 172: krb5_octet **buffer; -: 173: size_t *lenremain; -: 174:{ -: 175: krb5_int32 ibuf; -: 176: krb5_octet *bp; -: 177: size_t remain; -: 178: krb5_error_code err; -: 179: #####: 180: bp = *buffer; #####: 181: remain = *lenremain; -: 182: -: 183: /* Read in and check our magic number */ #####: 184: if (krb5_ser_unpack_int32(&ibuf, &bp, &remain)) #####: 185: return (EINVAL); -: 186: #####: 187: if (ibuf != KV5M_GSS_QUEUE) #####: 188: return (EINVAL); -: 189: #####: 190: err = g_queue_internalize(argp, &bp, &remain); #####: 191: if (err) #####: 192: return err; -: 193: -: 194: /* Read in and check our trailing magic number */ #####: 195: if (krb5_ser_unpack_int32(&ibuf, &bp, &remain)) { #####: 196: g_order_free(argp); #####: 197: return (EINVAL); -: 198: } -: 199: #####: 200: if (ibuf != KV5M_GSS_QUEUE) { #####: 201: g_order_free(argp); #####: 202: return (EINVAL); -: 203: } -: 204: #####: 205: *buffer = bp; #####: 206: *lenremain = remain; #####: 207: return 0; -: 208:} -: 209: -: 210:static krb5_error_code #####: 211:kg_queue_size(kcontext, arg, sizep) -: 212: krb5_context kcontext; -: 213: krb5_pointer arg; -: 214: size_t *sizep; -: 215:{ -: 216: krb5_error_code kret; -: 217: size_t required; -: 218: #####: 219: kret = EINVAL; #####: 220: if (arg) { #####: 221: required = 2*sizeof(krb5_int32); /* For the header and trailer */ #####: 222: g_queue_size(arg, &required); -: 223: #####: 224: kret = 0; #####: 225: *sizep += required; -: 226: } #####: 227: return(kret); -: 228:} -: 229: -: 230:/* -: 231: * Determine the size required for this krb5_gss_ctx_id_rec. -: 232: */ -: 233:krb5_error_code #####: 234:kg_ctx_size(kcontext, arg, sizep) -: 235: krb5_context kcontext; -: 236: krb5_pointer arg; -: 237: size_t *sizep; -: 238:{ -: 239: krb5_error_code kret; -: 240: krb5_gss_ctx_id_rec *ctx; -: 241: size_t required; -: 242: -: 243: /* -: 244: * krb5_gss_ctx_id_rec requires: -: 245: * krb5_int32 for KG_CONTEXT -: 246: * krb5_int32 for initiate. -: 247: * krb5_int32 for established. -: 248: * krb5_int32 for big_endian. -: 249: * krb5_int32 for have_acceptor_subkey. -: 250: * krb5_int32 for seed_init. -: 251: * krb5_int32 for gss_flags. -: 252: * sizeof(seed) for seed -: 253: * ... for here -: 254: * ... for there -: 255: * ... for subkey -: 256: * krb5_int32 for signalg. -: 257: * krb5_int32 for cksum_size. -: 258: * krb5_int32 for sealalg. -: 259: * ... for enc -: 260: * ... for seq -: 261: * krb5_int32 for authtime. -: 262: * krb5_int32 for starttime. -: 263: * krb5_int32 for endtime. -: 264: * krb5_int32 for renew_till. -: 265: * krb5_int32 for flags. -: 266: * krb5_int64 for seq_send. -: 267: * krb5_int64 for seq_recv. -: 268: * ... for seqstate -: 269: * ... for auth_context -: 270: * ... for mech_used -: 271: * krb5_int32 for proto -: 272: * krb5_int32 for cksumtype -: 273: * ... for acceptor_subkey -: 274: * krb5_int32 for acceptor_key_cksumtype -: 275: * krb5_int32 for cred_rcache -: 276: * krb5_int32 for number of elements in authdata array -: 277: * ... for authdata array -: 278: * krb5_int32 for trailer. -: 279: */ #####: 280: kret = EINVAL; #####: 281: if ((ctx = (krb5_gss_ctx_id_rec *) arg)) { #####: 282: required = 21*sizeof(krb5_int32); #####: 283: required += 2*sizeof(krb5_int64); #####: 284: required += sizeof(ctx->seed); -: 285: #####: 286: kret = 0; #####: 287: if (!kret && ctx->here) #####: 288: kret = krb5_size_opaque(kcontext, -: 289: KV5M_PRINCIPAL, #####: 290: (krb5_pointer) ctx->here->princ, -: 291: &required); -: 292: #####: 293: if (!kret && ctx->there) #####: 294: kret = krb5_size_opaque(kcontext, -: 295: KV5M_PRINCIPAL, #####: 296: (krb5_pointer) ctx->there->princ, -: 297: &required); -: 298: #####: 299: if (!kret && ctx->subkey) #####: 300: kret = krb5_size_opaque(kcontext, -: 301: KV5M_KEYBLOCK, #####: 302: (krb5_pointer) &ctx->subkey->keyblock, -: 303: &required); -: 304: #####: 305: if (!kret && ctx->enc) #####: 306: kret = krb5_size_opaque(kcontext, -: 307: KV5M_KEYBLOCK, #####: 308: (krb5_pointer) &ctx->enc->keyblock, -: 309: &required); -: 310: #####: 311: if (!kret && ctx->seq) #####: 312: kret = krb5_size_opaque(kcontext, -: 313: KV5M_KEYBLOCK, #####: 314: (krb5_pointer) &ctx->seq->keyblock, -: 315: &required); -: 316: #####: 317: if (!kret) #####: 318: kret = kg_oid_size(kcontext, -: 319: (krb5_pointer) ctx->mech_used, -: 320: &required); -: 321: #####: 322: if (!kret && ctx->seqstate) #####: 323: kret = kg_queue_size(kcontext, ctx->seqstate, &required); -: 324: #####: 325: if (!kret) #####: 326: kret = krb5_size_opaque(kcontext, -: 327: KV5M_CONTEXT, -: 328: (krb5_pointer) ctx->k5_context, -: 329: &required); #####: 330: if (!kret) #####: 331: kret = krb5_size_opaque(kcontext, -: 332: KV5M_AUTH_CONTEXT, -: 333: (krb5_pointer) ctx->auth_context, -: 334: &required); #####: 335: if (!kret && ctx->acceptor_subkey) #####: 336: kret = krb5_size_opaque(kcontext, -: 337: KV5M_KEYBLOCK, (krb5_pointer) #####: 338: &ctx->acceptor_subkey->keyblock, -: 339: &required); #####: 340: if (!kret && ctx->authdata) { -: 341: krb5_int32 i; -: 342: #####: 343: for (i = 0; !kret && ctx->authdata[i]; i++) { #####: 344: kret = krb5_size_opaque(kcontext, -: 345: KV5M_AUTHDATA, #####: 346: (krb5_pointer)ctx->authdata[i], -: 347: &required); -: 348: } -: 349: } #####: 350: if (!kret) { -: 351: krb5_gss_name_t initiator_name; -: 352: #####: 353: initiator_name = ctx->initiate ? ctx->here : ctx->there; -: 354: #####: 355: if (initiator_name && initiator_name->ad_context) { #####: 356: kret = krb5_size_opaque(kcontext, -: 357: KV5M_AUTHDATA_CONTEXT, #####: 358: initiator_name->ad_context, -: 359: &required); -: 360: } -: 361: } #####: 362: *sizep += required; -: 363: } #####: 364: return(kret); -: 365:} -: 366: -: 367:/* -: 368: * Externalize this krb5_gss_ctx_id_ret. -: 369: */ -: 370:krb5_error_code #####: 371:kg_ctx_externalize(kcontext, arg, buffer, lenremain) -: 372: krb5_context kcontext; -: 373: krb5_pointer arg; -: 374: krb5_octet **buffer; -: 375: size_t *lenremain; -: 376:{ -: 377: krb5_error_code kret; -: 378: krb5_gss_ctx_id_rec *ctx; -: 379: size_t required; -: 380: krb5_octet *bp; -: 381: size_t remain; -: 382: krb5int_access kaccess; -: 383: #####: 384: kret = krb5int_accessor (&kaccess, KRB5INT_ACCESS_VERSION); #####: 385: if (kret) #####: 386: return(kret); -: 387: #####: 388: required = 0; #####: 389: bp = *buffer; #####: 390: remain = *lenremain; #####: 391: kret = EINVAL; #####: 392: if ((ctx = (krb5_gss_ctx_id_rec *) arg)) { #####: 393: kret = ENOMEM; #####: 394: if (!kg_ctx_size(kcontext, arg, &required) && #####: 395: (required <= remain)) { -: 396: /* Our identifier */ #####: 397: (void) krb5_ser_pack_int32(KG_CONTEXT, &bp, &remain); -: 398: -: 399: /* Now static data */ #####: 400: (void) krb5_ser_pack_int32((krb5_int32) ctx->initiate, -: 401: &bp, &remain); #####: 402: (void) krb5_ser_pack_int32((krb5_int32) ctx->established, -: 403: &bp, &remain); #####: 404: (void) krb5_ser_pack_int32((krb5_int32) ctx->big_endian, -: 405: &bp, &remain); #####: 406: (void) krb5_ser_pack_int32((krb5_int32) ctx->have_acceptor_subkey, -: 407: &bp, &remain); #####: 408: (void) krb5_ser_pack_int32((krb5_int32) ctx->seed_init, -: 409: &bp, &remain); #####: 410: (void) krb5_ser_pack_int32((krb5_int32) ctx->gss_flags, -: 411: &bp, &remain); #####: 412: (void) krb5_ser_pack_bytes((krb5_octet *) ctx->seed, -: 413: sizeof(ctx->seed), -: 414: &bp, &remain); #####: 415: (void) krb5_ser_pack_int32((krb5_int32) ctx->signalg, -: 416: &bp, &remain); #####: 417: (void) krb5_ser_pack_int32((krb5_int32) ctx->cksum_size, -: 418: &bp, &remain); #####: 419: (void) krb5_ser_pack_int32((krb5_int32) ctx->sealalg, -: 420: &bp, &remain); #####: 421: (void) krb5_ser_pack_int32((krb5_int32) ctx->krb_times.authtime, -: 422: &bp, &remain); #####: 423: (void) krb5_ser_pack_int32((krb5_int32) ctx->krb_times.starttime, -: 424: &bp, &remain); #####: 425: (void) krb5_ser_pack_int32((krb5_int32) ctx->krb_times.endtime, -: 426: &bp, &remain); #####: 427: (void) krb5_ser_pack_int32((krb5_int32) ctx->krb_times.renew_till, -: 428: &bp, &remain); #####: 429: (void) krb5_ser_pack_int32((krb5_int32) ctx->krb_flags, -: 430: &bp, &remain); #####: 431: (void) (*kaccess.ser_pack_int64)((krb5_int64) ctx->seq_send, -: 432: &bp, &remain); #####: 433: (void) (*kaccess.ser_pack_int64)((krb5_int64) ctx->seq_recv, -: 434: &bp, &remain); -: 435: -: 436: /* Now dynamic data */ #####: 437: kret = 0; -: 438: #####: 439: if (!kret && ctx->mech_used) #####: 440: kret = kg_oid_externalize(kcontext, ctx->mech_used, -: 441: &bp, &remain); -: 442: #####: 443: if (!kret && ctx->here) #####: 444: kret = krb5_externalize_opaque(kcontext, -: 445: KV5M_PRINCIPAL, #####: 446: (krb5_pointer) ctx->here->princ, -: 447: &bp, &remain); -: 448: #####: 449: if (!kret && ctx->there) #####: 450: kret = krb5_externalize_opaque(kcontext, -: 451: KV5M_PRINCIPAL, #####: 452: (krb5_pointer) ctx->there->princ, -: 453: &bp, &remain); -: 454: #####: 455: if (!kret && ctx->subkey) #####: 456: kret = krb5_externalize_opaque(kcontext, -: 457: KV5M_KEYBLOCK, (krb5_pointer) #####: 458: &ctx->subkey->keyblock, -: 459: &bp, &remain); -: 460: #####: 461: if (!kret && ctx->enc) #####: 462: kret = krb5_externalize_opaque(kcontext, -: 463: KV5M_KEYBLOCK, (krb5_pointer) #####: 464: &ctx->enc->keyblock, -: 465: &bp, &remain); -: 466: #####: 467: if (!kret && ctx->seq) #####: 468: kret = krb5_externalize_opaque(kcontext, -: 469: KV5M_KEYBLOCK, (krb5_pointer) #####: 470: &ctx->seq->keyblock, -: 471: &bp, &remain); -: 472: #####: 473: if (!kret && ctx->seqstate) #####: 474: kret = kg_queue_externalize(kcontext, -: 475: ctx->seqstate, &bp, &remain); -: 476: #####: 477: if (!kret) #####: 478: kret = krb5_externalize_opaque(kcontext, -: 479: KV5M_CONTEXT, -: 480: (krb5_pointer) ctx->k5_context, -: 481: &bp, &remain); -: 482: #####: 483: if (!kret) #####: 484: kret = krb5_externalize_opaque(kcontext, -: 485: KV5M_AUTH_CONTEXT, -: 486: (krb5_pointer) ctx->auth_context, -: 487: &bp, &remain); -: 488: #####: 489: if (!kret) #####: 490: kret = krb5_ser_pack_int32((krb5_int32) ctx->proto, -: 491: &bp, &remain); #####: 492: if (!kret) #####: 493: kret = krb5_ser_pack_int32((krb5_int32) ctx->cksumtype, -: 494: &bp, &remain); #####: 495: if (!kret && ctx->acceptor_subkey) #####: 496: kret = krb5_externalize_opaque(kcontext, -: 497: KV5M_KEYBLOCK, (krb5_pointer) #####: 498: &ctx->acceptor_subkey->keyblock, -: 499: &bp, &remain); #####: 500: if (!kret) #####: 501: kret = krb5_ser_pack_int32((krb5_int32) ctx->acceptor_subkey_cksumtype, -: 502: &bp, &remain); -: 503: #####: 504: if (!kret) #####: 505: kret = krb5_ser_pack_int32((krb5_int32) ctx->cred_rcache, -: 506: &bp, &remain); #####: 507: if (!kret) { #####: 508: krb5_int32 i = 0; -: 509: #####: 510: if (ctx->authdata) { #####: 511: for (; ctx->authdata[i]; i++) -: 512: ; -: 513: } -: 514: /* authdata count */ #####: 515: kret = krb5_ser_pack_int32(i, &bp, &remain); #####: 516: if (!kret && ctx->authdata) { -: 517: /* authdata */ #####: 518: for (i = 0; !kret && ctx->authdata[i]; i++) #####: 519: kret = krb5_externalize_opaque(kcontext, -: 520: KV5M_AUTHDATA, #####: 521: ctx->authdata[i], -: 522: &bp, -: 523: &remain); -: 524: } -: 525: } -: 526: /* authdata context */ #####: 527: if (!kret) { -: 528: krb5_gss_name_t initiator_name; -: 529: #####: 530: initiator_name = ctx->initiate ? ctx->here : ctx->there; -: 531: #####: 532: if (initiator_name && initiator_name->ad_context) { #####: 533: kret = krb5_externalize_opaque(kcontext, -: 534: KV5M_AUTHDATA_CONTEXT, #####: 535: initiator_name->ad_context, -: 536: &bp, -: 537: &remain); -: 538: } -: 539: } -: 540: /* trailer */ #####: 541: if (!kret) #####: 542: kret = krb5_ser_pack_int32(KG_CONTEXT, &bp, &remain); #####: 543: if (!kret) { #####: 544: *buffer = bp; #####: 545: *lenremain = remain; -: 546: } -: 547: } -: 548: } #####: 549: return(kret); -: 550:} -: 551: -: 552:/* Internalize a keyblock and convert it to a key. */ -: 553:static krb5_error_code #####: 554:intern_key(krb5_context ctx, krb5_key *key, krb5_octet **bp, size_t *sp) -: 555:{ -: 556: krb5_keyblock *keyblock; -: 557: krb5_error_code ret; -: 558: #####: 559: ret = krb5_internalize_opaque(ctx, KV5M_KEYBLOCK, -: 560: (krb5_pointer *) &keyblock, bp, sp); #####: 561: if (ret != 0) #####: 562: return ret; #####: 563: ret = krb5_k_create_key(ctx, keyblock, key); #####: 564: krb5_free_keyblock(ctx, keyblock); #####: 565: return ret; -: 566:} -: 567: -: 568:/* -: 569: * Internalize this krb5_gss_ctx_id_t. -: 570: */ -: 571:krb5_error_code #####: 572:kg_ctx_internalize(kcontext, argp, buffer, lenremain) -: 573: krb5_context kcontext; -: 574: krb5_pointer *argp; -: 575: krb5_octet **buffer; -: 576: size_t *lenremain; -: 577:{ -: 578: krb5_error_code kret; -: 579: krb5_gss_ctx_id_rec *ctx; -: 580: krb5_int32 ibuf; -: 581: krb5_octet *bp; -: 582: size_t remain; -: 583: krb5int_access kaccess; -: 584: krb5_principal princ; -: 585: #####: 586: kret = krb5int_accessor (&kaccess, KRB5INT_ACCESS_VERSION); #####: 587: if (kret) #####: 588: return(kret); -: 589: #####: 590: bp = *buffer; #####: 591: remain = *lenremain; #####: 592: kret = EINVAL; #####: 593: princ = NULL; -: 594: /* Read our magic number */ #####: 595: if (krb5_ser_unpack_int32(&ibuf, &bp, &remain)) #####: 596: ibuf = 0; #####: 597: if (ibuf == KG_CONTEXT) { #####: 598: kret = ENOMEM; -: 599: -: 600: /* Get a context */ #####: 601: if ((remain >= (17*sizeof(krb5_int32) -: 602: + 2*sizeof(krb5_int64) -: 603: + sizeof(ctx->seed))) && #####: 604: (ctx = (krb5_gss_ctx_id_rec *) -: 605: xmalloc(sizeof(krb5_gss_ctx_id_rec)))) { #####: 606: memset(ctx, 0, sizeof(krb5_gss_ctx_id_rec)); -: 607: #####: 608: ctx->magic = ibuf; #####: 609: ctx->k5_context = kcontext; -: 610: -: 611: /* Get static data */ #####: 612: (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); #####: 613: ctx->initiate = (int) ibuf; #####: 614: (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); #####: 615: ctx->established = (int) ibuf; #####: 616: (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); #####: 617: ctx->big_endian = (int) ibuf; #####: 618: (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); #####: 619: ctx->have_acceptor_subkey = (int) ibuf; #####: 620: (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); #####: 621: ctx->seed_init = (int) ibuf; #####: 622: (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); #####: 623: ctx->gss_flags = (int) ibuf; #####: 624: (void) krb5_ser_unpack_bytes((krb5_octet *) ctx->seed, -: 625: sizeof(ctx->seed), -: 626: &bp, &remain); #####: 627: (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); #####: 628: ctx->signalg = (int) ibuf; #####: 629: (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); #####: 630: ctx->cksum_size = (int) ibuf; #####: 631: (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); #####: 632: ctx->sealalg = (int) ibuf; #####: 633: (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); #####: 634: ctx->krb_times.authtime = (krb5_timestamp) ibuf; #####: 635: (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); #####: 636: ctx->krb_times.starttime = (krb5_timestamp) ibuf; #####: 637: (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); #####: 638: ctx->krb_times.endtime = (krb5_timestamp) ibuf; #####: 639: (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); #####: 640: ctx->krb_times.renew_till = (krb5_timestamp) ibuf; #####: 641: (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); #####: 642: ctx->krb_flags = (krb5_flags) ibuf; #####: 643: (void) (*kaccess.ser_unpack_int64)((krb5_int64 *)&ctx->seq_send, -: 644: &bp, &remain); #####: 645: kret = (*kaccess.ser_unpack_int64)((krb5_int64 *)&ctx->seq_recv, -: 646: &bp, &remain); #####: 647: if (kret) { #####: 648: free(ctx); #####: 649: return kret; -: 650: } -: 651: -: 652: { -: 653: krb5_pointer tmp; #####: 654: kret = kg_oid_internalize(kcontext, &tmp, &bp, -: 655: &remain); #####: 656: if (kret == 0) #####: 657: ctx->mech_used = tmp; #####: 658: else if (kret == EINVAL) #####: 659: kret = 0; -: 660: } -: 661: /* Now get substructure data */ #####: 662: kret = krb5_internalize_opaque(kcontext, -: 663: KV5M_PRINCIPAL, -: 664: (krb5_pointer *) &princ, -: 665: &bp, &remain); #####: 666: if (kret == 0) { #####: 667: kret = kg_init_name(kcontext, princ, NULL, NULL, NULL, -: 668: KG_INIT_NAME_NO_COPY, &ctx->here); #####: 669: if (kret) #####: 670: krb5_free_principal(kcontext, princ); #####: 671: } else if (kret == EINVAL) #####: 672: kret = 0; #####: 673: if (!kret) { #####: 674: kret = krb5_internalize_opaque(kcontext, -: 675: KV5M_PRINCIPAL, -: 676: (krb5_pointer *) &princ, -: 677: &bp, &remain); #####: 678: if (kret == 0) { #####: 679: kret = kg_init_name(kcontext, princ, NULL, NULL, NULL, -: 680: KG_INIT_NAME_NO_COPY, &ctx->there); #####: 681: if (kret) #####: 682: krb5_free_principal(kcontext, princ); #####: 683: } else if (kret == EINVAL) #####: 684: kret = 0; -: 685: } #####: 686: if (!kret && #####: 687: (kret = intern_key(kcontext, &ctx->subkey, &bp, &remain))) { #####: 688: if (kret == EINVAL) #####: 689: kret = 0; -: 690: } #####: 691: if (!kret && #####: 692: (kret = intern_key(kcontext, &ctx->enc, &bp, &remain))) { #####: 693: if (kret == EINVAL) #####: 694: kret = 0; -: 695: } #####: 696: if (!kret && #####: 697: (kret = intern_key(kcontext, &ctx->seq, &bp, &remain))) { #####: 698: if (kret == EINVAL) #####: 699: kret = 0; -: 700: } -: 701: #####: 702: if (!kret) { #####: 703: kret = kg_queue_internalize(kcontext, &ctx->seqstate, -: 704: &bp, &remain); #####: 705: if (kret == EINVAL) #####: 706: kret = 0; -: 707: } -: 708: #####: 709: if (!kret) #####: 710: kret = krb5_internalize_opaque(kcontext, -: 711: KV5M_CONTEXT, #####: 712: (krb5_pointer *) &ctx->k5_context, -: 713: &bp, &remain); -: 714: #####: 715: if (!kret) #####: 716: kret = krb5_internalize_opaque(kcontext, -: 717: KV5M_AUTH_CONTEXT, #####: 718: (krb5_pointer *) &ctx->auth_context, -: 719: &bp, &remain); -: 720: #####: 721: if (!kret) #####: 722: kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain); #####: 723: ctx->proto = ibuf; #####: 724: if (!kret) #####: 725: kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain); #####: 726: ctx->cksumtype = ibuf; #####: 727: if (!kret && #####: 728: (kret = intern_key(kcontext, &ctx->acceptor_subkey, -: 729: &bp, &remain))) { #####: 730: if (kret == EINVAL) #####: 731: kret = 0; -: 732: } #####: 733: if (!kret) #####: 734: kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain); #####: 735: ctx->acceptor_subkey_cksumtype = ibuf; #####: 736: if (!kret) #####: 737: kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain); #####: 738: ctx->cred_rcache = ibuf; -: 739: /* authdata */ #####: 740: if (!kret) #####: 741: kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain); #####: 742: if (!kret) { #####: 743: krb5_int32 nadata = ibuf, i; -: 744: #####: 745: if (nadata > 0) { #####: 746: ctx->authdata = (krb5_authdata **)calloc((size_t)nadata + 1, -: 747: sizeof(krb5_authdata *)); #####: 748: if (ctx->authdata == NULL) { #####: 749: kret = ENOMEM; -: 750: } else { #####: 751: for (i = 0; !kret && i < nadata; i++) #####: 752: kret = krb5_internalize_opaque(kcontext, -: 753: KV5M_AUTHDATA, #####: 754: (krb5_pointer *)&ctx->authdata[i], -: 755: &bp, -: 756: &remain); -: 757: } -: 758: } -: 759: } -: 760: /* authdata context */ #####: 761: if (!kret) { -: 762: krb5_gss_name_t initiator_name; -: 763: #####: 764: initiator_name = ctx->initiate ? ctx->here : ctx->there; #####: 765: if (initiator_name == NULL) { #####: 766: kret = EINVAL; -: 767: } else { #####: 768: kret = krb5_internalize_opaque(kcontext, -: 769: KV5M_AUTHDATA_CONTEXT, #####: 770: (krb5_pointer *)&initiator_name->ad_context, -: 771: &bp, -: 772: &remain); #####: 773: if (kret == EINVAL) #####: 774: kret = 0; -: 775: } -: 776: } -: 777: /* Get trailer */ #####: 778: if (!kret) #####: 779: kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain); #####: 780: if (!kret && ibuf != KG_CONTEXT) #####: 781: kret = EINVAL; -: 782: #####: 783: if (!kret) { #####: 784: *buffer = bp; #####: 785: *lenremain = remain; #####: 786: *argp = (krb5_pointer) ctx; -: 787: } else { #####: 788: if (ctx->seq) #####: 789: krb5_k_free_key(kcontext, ctx->seq); #####: 790: if (ctx->enc) #####: 791: krb5_k_free_key(kcontext, ctx->enc); #####: 792: if (ctx->subkey) #####: 793: krb5_k_free_key(kcontext, ctx->subkey); #####: 794: if (ctx->there) #####: 795: kg_release_name(kcontext, &ctx->there); #####: 796: if (ctx->here) #####: 797: kg_release_name(kcontext, &ctx->here); #####: 798: xfree(ctx); -: 799: } -: 800: } -: 801: } #####: 802: return(kret); -: 803:}