usr/src/uts/common/gssapi/mechs/krb5/krb5/krb/ser_auth.c

root/usr/src/uts/common/gssapi/mechs/krb5/krb5/krb/ser_auth.c
/*
 * lib/krb5/krb/ser_auth.c
 *
 * Copyright 1995 by the Massachusetts Institute of Technology.
 * All Rights Reserved.
 *
 * Export of this software from the United States of America may
 *   require a specific license from the United States Government.
 *   It is the responsibility of any person or organization contemplating
 *   export to obtain such a license before exporting.
 *
 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
 * distribute this software and its documentation for any purpose and
 * without fee is hereby granted, provided that the above copyright
 * notice appear in all copies and that both that copyright notice and
 * this permission notice appear in supporting documentation, and that
 * the name of M.I.T. not be used in advertising or publicity pertaining
 * to distribution of the software without specific, written prior
 * permission.  Furthermore if you modify this software you must label
 * your software as modified software and not distribute it in such a
 * fashion that it might be confused with the original M.I.T. software.
 * M.I.T. makes no representations about the suitability of
 * this software for any purpose.  It is provided "as is" without express
 * or implied warranty.
 *
 */

/*
 * ser_auth.c - Serialize krb5_authenticator structure.
 */
#include "k5-int.h"
#include "int-proto.h"

/*
 * Routines to deal with externalizing the krb5_authenticator:
 *      krb5_authenticator_size();
 *      krb5_authenticator_externalize();
 *      krb5_authenticator_internalize();
 */
static krb5_error_code krb5_authenticator_size
        (krb5_context, krb5_pointer, size_t *);
static krb5_error_code krb5_authenticator_externalize
        (krb5_context, krb5_pointer, krb5_octet **, size_t *);
static krb5_error_code krb5_authenticator_internalize
        (krb5_context,krb5_pointer *, krb5_octet **, size_t *);

/* Local data */
static const krb5_ser_entry krb5_authenticator_ser_entry = {
    KV5M_AUTHENTICATOR,                 /* Type                 */
    krb5_authenticator_size,            /* Sizer routine        */
    krb5_authenticator_externalize,     /* Externalize routine  */
    krb5_authenticator_internalize      /* Internalize routine  */
};

/*
 * krb5_authenticator_size()    - Determine the size required to externalize
 *                                the krb5_authenticator.
 */
static krb5_error_code
krb5_authenticator_size(krb5_context kcontext, krb5_pointer arg, size_t *sizep)
{
    krb5_error_code     kret;
    krb5_authenticator  *authenticator;
    size_t              required;

    /*
     * krb5_authenticator requires at minimum:
     *  krb5_int32              for KV5M_AUTHENTICATOR
     *  krb5_int32              for seconds
     *  krb5_int32              for cusec
     *  krb5_int32              for seq_number
     *  krb5_int32              for number in authorization_data array.
     *  krb5_int32              for KV5M_AUTHENTICATOR
     */
    kret = EINVAL;
    /* Solaris Kerberos */
    authenticator = (krb5_authenticator *) arg;
    if (authenticator) {
        required = sizeof(krb5_int32)*6;

        /* Calculate size required by client, if appropriate */
        if (authenticator->client)
            kret = krb5_size_opaque(kcontext,
                                    KV5M_PRINCIPAL,
                                    (krb5_pointer) authenticator->client,
                                    &required);
        else
            kret = 0;

        /* Calculate size required by checksum, if appropriate */
        if (!kret && authenticator->checksum)
            kret = krb5_size_opaque(kcontext,
                                    KV5M_CHECKSUM,
                                    (krb5_pointer) authenticator->checksum,
                                    &required);

        /* Calculate size required by subkey, if appropriate */
        if (!kret && authenticator->subkey)
            kret = krb5_size_opaque(kcontext,
                                    KV5M_KEYBLOCK,
                                    (krb5_pointer) authenticator->subkey,
                                    &required);

        /* Calculate size required by authorization_data, if appropriate */
        if (!kret && authenticator->authorization_data) {
            int i;

            for (i=0; !kret && authenticator->authorization_data[i]; i++) {
                kret = krb5_size_opaque(kcontext,
                                        KV5M_AUTHDATA,
                                        (krb5_pointer) authenticator->
                                        authorization_data[i],
                                        &required);
            }
        }
    }
    if (!kret)
        *sizep += required;
    return(kret);
}

/*
 * krb5_authenticator_externalize()     - Externalize the krb5_authenticator.
 */
static krb5_error_code
krb5_authenticator_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet **buffer, size_t *lenremain)
{
    krb5_error_code     kret;
    krb5_authenticator  *authenticator;
    size_t              required;
    krb5_octet          *bp;
    size_t              remain;
    int                 i;

    required = 0;
    bp = *buffer;
    remain = *lenremain;
    kret = EINVAL;
    /* Solaris Kerberos */
    authenticator = (krb5_authenticator *) arg;
    if (authenticator) {
        kret = ENOMEM;
        if (!krb5_authenticator_size(kcontext, arg, &required) &&
            (required <= remain)) {
            /* First write our magic number */
            (void) krb5_ser_pack_int32(KV5M_AUTHENTICATOR, &bp, &remain);

            /* Now ctime */
            (void) krb5_ser_pack_int32((krb5_int32) authenticator->ctime,
                                       &bp, &remain);

            /* Now cusec */
            (void) krb5_ser_pack_int32((krb5_int32) authenticator->cusec,
                                       &bp, &remain);

            /* Now seq_number */
            (void) krb5_ser_pack_int32(authenticator->seq_number,
                                       &bp, &remain);

            /* Now handle client, if appropriate */
            if (authenticator->client)
                kret = krb5_externalize_opaque(kcontext,
                                               KV5M_PRINCIPAL,
                                               (krb5_pointer)
                                               authenticator->client,
                                               &bp,
                                               &remain);
            else
                kret = 0;

            /* Now handle checksum, if appropriate */
            if (!kret && authenticator->checksum)
                kret = krb5_externalize_opaque(kcontext,
                                               KV5M_CHECKSUM,
                                               (krb5_pointer)
                                               authenticator->checksum,
                                               &bp,
                                               &remain);

            /* Now handle subkey, if appropriate */
            if (!kret && authenticator->subkey)
                kret = krb5_externalize_opaque(kcontext,
                                               KV5M_KEYBLOCK,
                                               (krb5_pointer)
                                               authenticator->subkey,
                                               &bp,
                                               &remain);

            /* Now handle authorization_data, if appropriate */
            if (!kret) {
                if (authenticator->authorization_data)
                    for (i=0; authenticator->authorization_data[i]; i++);
                else
                    i = 0;
                (void) krb5_ser_pack_int32((krb5_int32) i, &bp, &remain);

                /* Now pound out the authorization_data */
                if (authenticator->authorization_data) {
                    for (i=0; !kret && authenticator->authorization_data[i];
                         i++)
                        kret = krb5_externalize_opaque(kcontext,
                                                       KV5M_AUTHDATA,
                                                       (krb5_pointer)
                                                       authenticator->
                                                       authorization_data[i],
                                                       &bp,
                                                       &remain);
                }
            }

            /*
             * If we were successful, write trailer then update the pointer and
             * remaining length;
             */
            if (!kret) {
                /* Write our trailer */
                (void) krb5_ser_pack_int32(KV5M_AUTHENTICATOR, &bp, &remain);
                *buffer = bp;
                *lenremain = remain;
            }
        }
    }
    return(kret);
}

/*
 * krb5_authenticator_internalize()     - Internalize the krb5_authenticator.
 */
static krb5_error_code
krb5_authenticator_internalize(krb5_context kcontext, krb5_pointer *argp, krb5_octet **buffer, size_t *lenremain)
{
    krb5_error_code     kret;
    krb5_authenticator  *authenticator;
    krb5_int32          ibuf;
    krb5_octet          *bp;
    size_t              remain;
    int                 i;
    krb5_int32          nadata;
    size_t              len;

    bp = *buffer;
    remain = *lenremain;
    kret = EINVAL;
    /* Read our magic number */
    if (krb5_ser_unpack_int32(&ibuf, &bp, &remain))
        ibuf = 0;
    if (ibuf == KV5M_AUTHENTICATOR) {
        kret = ENOMEM;

        /* Get memory for the authenticator */
        if ((remain >= (3*sizeof(krb5_int32))) &&
            (authenticator = (krb5_authenticator *)
             MALLOC(sizeof(krb5_authenticator)))) {
            (void) memset(authenticator, 0, sizeof(krb5_authenticator));

            /* Get ctime */
            (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
            authenticator->ctime = (krb5_timestamp) ibuf;

            /* Get cusec */
            (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
            authenticator->cusec = ibuf;

            /* Get seq_number */
            (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
            authenticator->seq_number = ibuf;

            kret = 0;

            /* Attempt to read in the client */
            kret = krb5_internalize_opaque(kcontext,
                                           KV5M_PRINCIPAL,
                                           (krb5_pointer *)
                                           &authenticator->client,
                                           &bp,
                                           &remain);
            if (kret == EINVAL)
                kret = 0;

            /* Attempt to read in the checksum */
            if (!kret) {
                kret = krb5_internalize_opaque(kcontext,
                                               KV5M_CHECKSUM,
                                               (krb5_pointer *)
                                               &authenticator->checksum,
                                               &bp,
                                               &remain);
                if (kret == EINVAL)
                    kret = 0;
            }

            /* Attempt to read in the subkey */
            if (!kret) {
                kret = krb5_internalize_opaque(kcontext,
                                               KV5M_KEYBLOCK,
                                               (krb5_pointer *)
                                               &authenticator->subkey,
                                               &bp,
                                               &remain);
                if (kret == EINVAL)
                    kret = 0;
            }

            /* Attempt to read in the authorization data count */
            if (!(kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain))) {
                nadata = ibuf;
                len = (size_t) (nadata + 1);

                /* Get memory for the authorization data pointers */
                if ((authenticator->authorization_data = (krb5_authdata **)
                     MALLOC(sizeof(krb5_authdata *) * len))) {
                    (void) memset(authenticator->authorization_data, 0,
                           sizeof(krb5_authdata *) * len);

                    for (i=0; !kret && (i<nadata); i++) {
                        kret = krb5_internalize_opaque(kcontext,
                                                       KV5M_AUTHDATA,
                                                       (krb5_pointer *)
                                                       &authenticator->
                                                       authorization_data[i],
                                                       &bp,
                                                       &remain);
                    }

                    /* Finally, find the trailer */
                    if (!kret) {
                        kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
                        if (!kret && (ibuf == KV5M_AUTHENTICATOR))
                            authenticator->magic = KV5M_AUTHENTICATOR;
                        else
                            kret = EINVAL;
                    }
                }
            }
            if (!kret) {
                *buffer = bp;
                *lenremain = remain;
                *argp = (krb5_pointer) authenticator;
            }
            else
                krb5_free_authenticator(kcontext, authenticator);
        }
    }
    return(kret);
}

/*
 * Register the authenticator serializer.
 */
krb5_error_code
krb5_ser_authenticator_init(krb5_context kcontext)
{
    return(krb5_register_serializer(kcontext, &krb5_authenticator_ser_entry));
}
Illumos
