diff options
| author | Greg Hudson <ghudson@mit.edu> | 2009-11-14 04:46:30 +0000 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2009-11-14 04:46:30 +0000 |
| commit | 0524889196c42d81dcc4c74277522b46f987cabb (patch) | |
| tree | 9f906eb1a4a32346ae94837c4fe199410e2dd10f /src/lib/krb5/asn.1/asn1_k_decode.c | |
| parent | 26044e2a3c3104b9c3f32a6ae58145e7e6394672 (diff) | |
| download | krb5-0524889196c42d81dcc4c74277522b46f987cabb.zip krb5-0524889196c42d81dcc4c74277522b46f987cabb.tar.gz krb5-0524889196c42d81dcc4c74277522b46f987cabb.tar.bz2 | |
Constrained delegation without PAC support
Merge Luke's users/lhoward/s4u2proxy branch to trunk. Implements a
Heimdal-compatible mechanism for allowing constrained delegation
without back-end support for PACs. Back-end support exists in LDAP
only (via a new krbAllowedToDelegateTo attribute), not DB2.
ticket: 6580
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23160 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/krb5/asn.1/asn1_k_decode.c')
| -rw-r--r-- | src/lib/krb5/asn.1/asn1_k_decode.c | 84 |
1 files changed, 84 insertions, 0 deletions
diff --git a/src/lib/krb5/asn.1/asn1_k_decode.c b/src/lib/krb5/asn.1/asn1_k_decode.c index 7653990..dd1a2ae 100644 --- a/src/lib/krb5/asn.1/asn1_k_decode.c +++ b/src/lib/krb5/asn.1/asn1_k_decode.c @@ -1007,6 +1007,45 @@ error_out: return retval; } +static asn1_error_code asn1_peek_authdata_elt(asn1buf *buf, krb5_authdatatype *val) +{ + setup(); + *val = 0; + { begin_structure(); + get_field(*val, 0, asn1_decode_authdatatype); + end_structure(); + } + return 0; +error_out: + return retval; +} + +asn1_error_code asn1_peek_authorization_data +(asn1buf *buf, unsigned int *num, krb5_authdatatype **val) +{ + int size = 0; + krb5_authdatatype *array = NULL, *new_array; + + asn1_error_code retval; + { sequence_of(buf); + while (asn1buf_remains(&seqbuf,seqofindef) > 0) { + size++; + new_array = realloc(array,size*sizeof(krb5_authdatatype)); + if (new_array == NULL) clean_return(ENOMEM); + array = new_array; + retval = asn1_peek_authdata_elt(&seqbuf,&array[size-1]); + if (retval) clean_return(retval); + } + end_sequence_of(buf); + } + *num = size; + *val = array; + return 0; +error_out: + free(array); + return retval; +} + asn1_error_code asn1_decode_authdata_elt_ptr(asn1buf *buf, krb5_authdata **valptr) { @@ -1812,6 +1851,51 @@ error_out: return retval; } +static asn1_error_code asn1_decode_princ_plus_realm +(asn1buf *buf, krb5_principal *valptr) +{ + setup(); + alloc_principal((*valptr)); + { begin_structure(); + get_field((*valptr), 0, asn1_decode_principal_name); + get_field((*valptr), 1, asn1_decode_realm); + end_structure(); + } + return 0; +error_out: + krb5_free_principal(NULL, *valptr); + *valptr = NULL; + return retval; +} + +static asn1_error_code asn1_decode_sequence_of_princ_plus_realm +(asn1buf *buf, krb5_principal **val) +{ + decode_array_body(krb5_principal_data,asn1_decode_princ_plus_realm,krb5_free_principal); +} + +asn1_error_code asn1_decode_ad_signedpath +(asn1buf *buf, krb5_ad_signedpath *val) +{ + setup(); + val->enctype = ENCTYPE_NULL; + val->checksum.contents = NULL; + val->delegated = NULL; + { + begin_structure(); + get_field(val->enctype, 0, asn1_decode_enctype); + get_field(val->checksum, 1, asn1_decode_checksum); + opt_field(val->delegated, 2, asn1_decode_sequence_of_princ_plus_realm, + NULL); + opt_field(val->method_data, 3, asn1_decode_sequence_of_pa_data, NULL); + end_structure(); + } + return 0; +error_out: + krb5_free_checksum_contents(NULL, &val->checksum); + return retval; +} + #ifndef DISABLE_PKINIT /* PKINIT */ |