From 2b0b4dc0444a88de1df925032e77d0e57392b2c1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= Date: Tue, 8 Mar 2005 22:17:46 +0000 Subject: [PATCH] update to the asn1 structures used in -25's git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14625 ec53bebd-3082-4978-b11e-865c3cabbd6b --- kdc/pkinit.c | 67 ++++++++++++++++++++++++----------------------- lib/krb5/pkinit.c | 58 ++++++++++++++++++++-------------------- 2 files changed, 63 insertions(+), 62 deletions(-) diff --git a/kdc/pkinit.c b/kdc/pkinit.c index 972d8fa23..013e7c554 100644 --- a/kdc/pkinit.c +++ b/kdc/pkinit.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003 - 2004 Kungliga Tekniska Högskolan + * Copyright (c) 2003 - 2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -123,9 +123,9 @@ static struct pk_principal_mapping principal_mappings; */ static krb5_error_code -pk_check_pkauthenticator(krb5_context context, - PKAuthenticator *a, - KDC_REQ *req) +pk_check_pkauthenticator_19(krb5_context context, + PKAuthenticator_19 *a, + KDC_REQ *req) { u_char *buf = NULL; size_t buf_size; @@ -386,8 +386,8 @@ pk_rd_padata(krb5_context context, { pk_client_params *client_params; krb5_error_code ret; - PA_PK_AS_REQ r; - AuthPack ap; + PA_PK_AS_REQ_19 r; + AuthPack_19 ap; heim_oid eContentType = { 0, NULL }; krb5_data eContent; int i; @@ -417,10 +417,10 @@ pk_rd_padata(krb5_context context, goto out; } - ret = decode_PA_PK_AS_REQ(pa->padata_value.data, - pa->padata_value.length, - &r, - NULL); + ret = decode_PA_PK_AS_REQ_19(pa->padata_value.data, + pa->padata_value.length, + &r, + NULL); if (ret) { krb5_set_error_string(context, "Can't decode PK-AS-REQ: %d", ret); return ret; @@ -455,18 +455,18 @@ pk_rd_padata(krb5_context context, goto out; } - ret = decode_AuthPack(eContent.data, - eContent.length, - &ap, - NULL); + ret = decode_AuthPack_19(eContent.data, + eContent.length, + &ap, + NULL); if (ret) { krb5_set_error_string(context, "can't decode AuthPack: %d", ret); goto out; } - ret = pk_check_pkauthenticator(context, - &ap.pkAuthenticator, - req); + ret = pk_check_pkauthenticator_19(context, + &ap.pkAuthenticator, + req); if (ret) goto out; @@ -495,10 +495,10 @@ pk_rd_padata(krb5_context context, ret = KRB5_KDC_ERR_KDC_NOT_TRUSTED; for (i = 0; i < r.trustedCertifiers->len; i++) { - TrustedCAs *ca = &r.trustedCertifiers->val[i]; + TrustedCA_19 *ca = &r.trustedCertifiers->val[i]; switch (ca->element) { - case choice_TrustedCAs_caName: { + case choice_TrustedCA_19_caName: { X509_NAME *name; unsigned char *p; @@ -511,7 +511,7 @@ pk_rd_padata(krb5_context context, X509_NAME_free(name); break; } - case choice_TrustedCAs_issuerAndSerial: + case choice_TrustedCA_19_issuerAndSerial: /* IssuerAndSerialNumber issuerAndSerial */ break; default: @@ -536,8 +536,8 @@ pk_rd_padata(krb5_context context, pk_free_client_param(context, client_params); else *ret_params = client_params; - free_PA_PK_AS_REQ(&r); - free_AuthPack(&ap); + free_PA_PK_AS_REQ_19(&r); + free_AuthPack_19(&ap); return ret; } @@ -640,7 +640,7 @@ pk_mk_pa_reply_enckey(krb5_context context, enc_alg->parameters->length = params.length; { - ReplyKeyPack kp; + ReplyKeyPack_19 kp; memset(&kp, 0, sizeof(kp)); ret = copy_EncryptionKey(reply_key, &kp.replyKey); @@ -650,8 +650,8 @@ pk_mk_pa_reply_enckey(krb5_context context, } kp.nonce = client_params->nonce; - ASN1_MALLOC_ENCODE(ReplyKeyPack, buf.data, buf.length, &kp, &size,ret); - free_ReplyKeyPack(&kp); + ASN1_MALLOC_ENCODE(ReplyKeyPack_19, buf.data, buf.length, &kp, &size,ret); + free_ReplyKeyPack_19(&kp); } if (ret) { krb5_set_error_string(context, "ASN.1 encoding of ReplyKeyPack " @@ -889,7 +889,7 @@ pk_mk_pa_reply(krb5_context context, METHOD_DATA *md) { krb5_error_code ret; - PA_PK_AS_REP rep; + PA_PK_AS_REP_19 rep; void *buf; size_t len, size; krb5_enctype enctype; @@ -918,7 +918,7 @@ pk_mk_pa_reply(krb5_context context, enctype = req->req_body.etype.val[i]; if (client_params->dh == NULL) { - rep.element = choice_PA_PK_AS_REP_encKeyPack; + rep.element = choice_PA_PK_AS_REP_19_encKeyPack; krb5_generate_random_keyblock(context, enctype, &client_params->reply_key); @@ -929,7 +929,7 @@ pk_mk_pa_reply(krb5_context context, &client_params->reply_key, &rep.u.encKeyPack); } else { - rep.element = choice_PA_PK_AS_REP_dhSignedData; + rep.element = choice_PA_PK_AS_REP_19_dhSignedData; ret = check_dh_params(client_params->dh); if (ret) @@ -948,7 +948,7 @@ pk_mk_pa_reply(krb5_context context, if (ret) goto out; - ASN1_MALLOC_ENCODE(PA_PK_AS_REP, buf, len, &rep, &size, ret); + ASN1_MALLOC_ENCODE(PA_PK_AS_REP_19, buf, len, &rep, &size, ret); if (ret) { krb5_set_error_string(context, "encode PA-PK-AS-REP failed %d", ret); goto out; @@ -958,13 +958,14 @@ pk_mk_pa_reply(krb5_context context, ret = krb5_padata_add(context, md, KRB5_PADATA_PK_AS_REP, buf, len); if (ret) { - krb5_set_error_string(context, "failed adding PA-PK-AS-REP %d", ret); + krb5_set_error_string(context, "failed adding " + "PA-PK-AS-REP-19 %d", ret); free(buf); } out: if (ret == 0) *reply_key = &client_params->reply_key; - free_PA_PK_AS_REP(&rep); + free_PA_PK_AS_REP_19(&rep); return ret; } @@ -989,7 +990,7 @@ pk_principal_from_X509(krb5_context context, return 1; for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) { - KerberosName kn; + KRB5PrincipalName kn; size_t len, size; void *p; @@ -1003,7 +1004,7 @@ pk_principal_from_X509(krb5_context context, p = ASN1_STRING_data(gen->d.otherName->value->value.sequence); len = ASN1_STRING_length(gen->d.otherName->value->value.sequence); - ret = decode_KerberosName(p, len, &kn, &size); + ret = decode_KRB5PrincipalName(p, len, &kn, &size); if (ret) { kdc_log(0, "Decoding kerberos name in certificate failed: %s", krb5_get_err_text(context, ret)); diff --git a/lib/krb5/pkinit.c b/lib/krb5/pkinit.c index f7f773ffd..220a2a9eb 100644 --- a/lib/krb5/pkinit.c +++ b/lib/krb5/pkinit.c @@ -416,7 +416,7 @@ build_auth_pack(krb5_context context, unsigned nonce, DH *dh, const KDC_REQ_BODY *body, - AuthPack *a) + AuthPack_19 *a) { size_t buf_size, len; krb5_cksumtype cksum; @@ -590,7 +590,7 @@ pk_mk_padata(krb5_context context, { krb5_error_code ret; const heim_oid *oid; - PA_PK_AS_REQ req; + PA_PK_AS_REQ_19 req; size_t size; krb5_data buf, sd_buf; int pa_type; @@ -622,20 +622,20 @@ pk_mk_padata(krb5_context context, oid = &pkcs7_data_oid; } else { - AuthPack ap; + AuthPack_19 ap; memset(&ap, 0, sizeof(ap)); ret = build_auth_pack(context, nonce, ctx->dh, req_body, &ap); if (ret) { - free_AuthPack(&ap); + free_AuthPack_19(&ap); goto out; } - ASN1_MALLOC_ENCODE(AuthPack, buf.data, buf.length, &ap, &size, ret); - free_AuthPack(&ap); + ASN1_MALLOC_ENCODE(AuthPack_19, buf.data, buf.length, &ap, &size, ret); + free_AuthPack_19(&ap); if (ret) { - krb5_set_error_string(context, "AuthPack: %d", ret); + krb5_set_error_string(context, "AuthPack_19: %d", ret); goto out; } if (buf.length != size) @@ -686,7 +686,7 @@ pk_mk_padata(krb5_context context, free_PA_PK_AS_REQ_Win2k(&winreq); } else { pa_type = KRB5_PADATA_PK_AS_REQ; - ASN1_MALLOC_ENCODE(PA_PK_AS_REQ, buf.data, buf.length, + ASN1_MALLOC_ENCODE(PA_PK_AS_REQ_19, buf.data, buf.length, &req, &size, ret); } if (ret) { @@ -1174,36 +1174,36 @@ get_reply_key(krb5_context context, unsigned nonce, krb5_keyblock **key) { - ReplyKeyPack key_pack; + ReplyKeyPack_19 key_pack; krb5_error_code ret; size_t size; - ret = decode_ReplyKeyPack(content->data, - content->length, - &key_pack, - &size); + ret = decode_ReplyKeyPack_19(content->data, + content->length, + &key_pack, + &size); if (ret) { krb5_set_error_string(context, "PKINIT decoding reply key failed"); - free_ReplyKeyPack(&key_pack); + free_ReplyKeyPack_19(&key_pack); return ret; } if (key_pack.nonce != nonce) { krb5_set_error_string(context, "PKINIT enckey nonce is wrong"); - free_ReplyKeyPack(&key_pack); + free_ReplyKeyPack_19(&key_pack); return KRB5KRB_AP_ERR_MODIFIED; } *key = malloc (sizeof (**key)); if (*key == NULL) { krb5_set_error_string(context, "PKINIT failed allocating reply key"); - free_ReplyKeyPack(&key_pack); + free_ReplyKeyPack_19(&key_pack); krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; } ret = copy_EncryptionKey(&key_pack.replyKey, *key); - free_ReplyKeyPack(&key_pack); + free_ReplyKeyPack_19(&key_pack); if (ret) { krb5_set_error_string(context, "PKINIT failed copying reply key"); free(*key); @@ -1579,7 +1579,7 @@ pk_rd_pa_reply_dh(krb5_context context, static krb5_error_code _krb5_pk_convert_rep(krb5_context context, PA_PK_AS_REP_Win2k *r_win2k, - PA_PK_AS_REP *r) + PA_PK_AS_REP_19 *r) { krb5_error_code ret; ContentInfo ci; @@ -1587,7 +1587,7 @@ _krb5_pk_convert_rep(krb5_context context, switch (r_win2k->element) { case choice_PA_PK_AS_REP_Win2k_dhSignedData: - r->element = choice_PA_PK_AS_REP_dhSignedData; + r->element = choice_PA_PK_AS_REP_19_dhSignedData; ret = decode_ContentInfo(r_win2k->u.dhSignedData.data, r_win2k->u.dhSignedData.length, @@ -1603,7 +1603,7 @@ _krb5_pk_convert_rep(krb5_context context, break; case choice_PA_PK_AS_REP_Win2k_encKeyPack: - r->element = choice_PA_PK_AS_REP_encKeyPack; + r->element = choice_PA_PK_AS_REP_19_encKeyPack; ret = decode_ContentInfo(r_win2k->u.encKeyPack.data, r_win2k->u.encKeyPack.length, @@ -1635,20 +1635,20 @@ _krb5_pk_rd_pa_reply(krb5_context context, { krb5_pk_init_ctx ctx = c; krb5_error_code ret; - PA_PK_AS_REP rep; + PA_PK_AS_REP_19 rep; size_t size; int win2k_compat = 0; memset(&rep, 0, sizeof(rep)); - ret = decode_PA_PK_AS_REP(pa->padata_value.data, - pa->padata_value.length, - &rep, - &size); + ret = decode_PA_PK_AS_REP_19(pa->padata_value.data, + pa->padata_value.length, + &rep, + &size); if (ret != 0) { PA_PK_AS_REP_Win2k w2krep; - free_PA_PK_AS_REP(&rep); + free_PA_PK_AS_REP_19(&rep); memset(&rep, 0, sizeof(rep)); ret = decode_PA_PK_AS_REP_Win2k(pa->padata_value.data, @@ -1669,11 +1669,11 @@ _krb5_pk_rd_pa_reply(krb5_context context, } switch(rep.element) { - case choice_PA_PK_AS_REP_dhSignedData: + case choice_PA_PK_AS_REP_19_dhSignedData: ret = pk_rd_pa_reply_dh(context, &rep.u.dhSignedData, ctx, etype, nonce, pa, key); break; - case choice_PA_PK_AS_REP_encKeyPack: + case choice_PA_PK_AS_REP_19_encKeyPack: ret = pk_rd_pa_reply_enckey(context, win2k_compat, &rep.u.encKeyPack, ctx, etype, nonce, pa, key); @@ -1684,7 +1684,7 @@ _krb5_pk_rd_pa_reply(krb5_context context, break; } - free_PA_PK_AS_REP(&rep); + free_PA_PK_AS_REP_19(&rep); return ret; }