1 /*
2  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
3  * Use is subject to license terms.
4  */
5 
6 
7 /*
8  * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
9  *
10  *	Openvision retains the copyright to derivative works of
11  *	this source code.  Do *NOT* create a derivative of this
12  *	source code before consulting with your legal department.
13  *	Do *NOT* integrate *ANY* of this source code into another
14  *	product before consulting with your legal department.
15  *
16  *	For further information, read the top-level Openvision
17  *	copyright which is contained in the top-level MIT Kerberos
18  *	copyright.
19  *
20  * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
21  *
22  */
23 
24 
25 /*
26  * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
27  */
28 
29 #include <rpc/rpc.h>
30 #include <errno.h>
31 #include <kadm5/admin.h>
32 #include <kadm5/kadm_rpc.h>
33 #include <krb5.h>
34 #include <stdlib.h>
35 #include <string.h>
36 
37 static bool_t
38 _xdr_kadm5_principal_ent_rec(XDR *xdrs, kadm5_principal_ent_rec *objp,
39 			     int v);
40 
41 bool_t
42 xdr_krb5_salttype(XDR *xdrs, krb5_int32 *objp); /* SUNWresync121 XXX */
43 /*
44  * Function: xdr_ui_4
45  *
46  * Purpose: XDR function which serves as a wrapper for xdr_u_int,
47  * to prevent compiler warnings about type clashes between u_int32
48  * and krb5_ui_4.
49  */
xdr_ui_4(XDR * xdrs,krb5_ui_4 * objp)50 bool_t xdr_ui_4(XDR *xdrs, krb5_ui_4 *objp)
51 {
52   /* Assumes that krb5_ui_4 and u_int32 are both four bytes long.
53      This should not be a harmful assumption. */
54   return xdr_u_int(xdrs, (uint32_t *) objp);
55 }
56 
57 
58 /*
59  * Function: xdr_nullstring
60  *
61  * Purpose: XDR function for "strings" that are either NULL-terminated
62  * or NULL.
63  */
xdr_nullstring(XDR * xdrs,char ** objp)64 bool_t xdr_nullstring(XDR *xdrs, char **objp)
65 {
66      u_int size;
67 
68      if (xdrs->x_op == XDR_ENCODE) {
69 	  if (*objp == NULL)
70 	       size = 0;
71 	  else
72 	       size = strlen(*objp) + 1;
73      }
74      if (! xdr_u_int(xdrs, &size)) {
75 	  return FALSE;
76 	}
77      switch (xdrs->x_op) {
78      case XDR_DECODE:
79 	  if (size == 0) {
80 	       *objp = NULL;
81 	       return TRUE;
82 	  } else if (*objp == NULL) {
83 	       *objp = (char *) mem_alloc(size);
84 	       if (*objp == NULL) {
85 		    errno = ENOMEM;
86 		    return FALSE;
87 	       }
88 	  }
89 	  return (xdr_opaque(xdrs, *objp, size));
90 
91      case XDR_ENCODE:
92 	  if (size != 0)
93 	       return (xdr_opaque(xdrs, *objp, size));
94 	  return TRUE;
95 
96      case XDR_FREE:
97 	  if (*objp != NULL)
98 	       mem_free(*objp, size);
99 	  *objp = NULL;
100 	  return TRUE;
101      }
102 
103      return FALSE;
104 }
105 
106 /*
107  * Function: xdr_nulltype
108  *
109  * Purpose: XDR function for arbitrary pointer types that are either
110  * NULL or contain data.
111  */
xdr_nulltype(XDR * xdrs,void ** objp,xdrproc_t proc)112 bool_t xdr_nulltype(XDR *xdrs, void **objp, xdrproc_t proc)
113 {
114      bool_t null;
115 
116      switch (xdrs->x_op) {
117      case XDR_DECODE:
118 	  if (!xdr_bool(xdrs, &null))
119 	      return FALSE;
120 	  if (null) {
121 	       *objp = NULL;
122 	       return TRUE;
123 	  }
124 	  return (*proc)(xdrs, objp);
125 
126      case XDR_ENCODE:
127 	  if (*objp == NULL)
128 	       null = TRUE;
129 	  else
130 	       null = FALSE;
131 	  if (!xdr_bool(xdrs, &null))
132 	       return FALSE;
133 	  if (null == FALSE)
134 	       return (*proc)(xdrs, objp);
135 	  return TRUE;
136 
137      case XDR_FREE:
138 	  if (*objp)
139 	       return (*proc)(xdrs, objp);
140 	  return TRUE;
141      }
142 
143      return FALSE;
144 }
145 
146 bool_t
xdr_krb5_timestamp(XDR * xdrs,krb5_timestamp * objp)147 xdr_krb5_timestamp(XDR *xdrs, krb5_timestamp *objp)
148 {
149   /* This assumes that int32 and krb5_timestamp are the same size.
150      This shouldn't be a problem, since we've got a unit test which
151      checks for this. */
152 	if (!xdr_int(xdrs, (int32_t *) objp)) {
153 		return (FALSE);
154 	}
155 	return (TRUE);
156 }
157 
158 bool_t
xdr_krb5_kvno(XDR * xdrs,krb5_kvno * objp)159 xdr_krb5_kvno(XDR *xdrs, krb5_kvno *objp)
160 {
161 	unsigned char tmp;
162 
163 	tmp = '\0'; /* for purify, else xdr_u_char performs a umr */
164 
165 	if (xdrs->x_op == XDR_ENCODE)
166 		tmp = (unsigned char) *objp;
167 
168 	if (!xdr_u_char(xdrs, &tmp))
169 		return (FALSE);
170 
171 	if (xdrs->x_op == XDR_DECODE)
172 		*objp = (krb5_kvno) tmp;
173 
174 	return (TRUE);
175 }
176 
177 bool_t
xdr_krb5_deltat(XDR * xdrs,krb5_deltat * objp)178 xdr_krb5_deltat(XDR *xdrs, krb5_deltat *objp)
179 {
180   /* This assumes that int32 and krb5_deltat are the same size.
181      This shouldn't be a problem, since we've got a unit test which
182      checks for this. */
183 	if (!xdr_int(xdrs, (int32_t *) objp)) {
184 		return (FALSE);
185 	}
186 	return (TRUE);
187 }
188 
189 bool_t
xdr_krb5_flags(XDR * xdrs,krb5_flags * objp)190 xdr_krb5_flags(XDR *xdrs, krb5_flags *objp)
191 {
192   /* This assumes that int32 and krb5_flags are the same size.
193      This shouldn't be a problem, since we've got a unit test which
194      checks for this. */
195 	if (!xdr_int(xdrs, (int32_t *) objp)) {
196 		return (FALSE);
197 	}
198 	return (TRUE);
199 }
200 
201 bool_t
xdr_krb5_ui_4(XDR * xdrs,krb5_ui_4 * objp)202 xdr_krb5_ui_4(XDR *xdrs, krb5_ui_4 *objp)
203 {
204 	if (!xdr_u_int(xdrs, (uint32_t *) objp)) {
205 		return (FALSE);
206 	}
207 	return (TRUE);
208 }
209 
210 bool_t
xdr_krb5_int16(XDR * xdrs,krb5_int16 * objp)211 xdr_krb5_int16(XDR *xdrs, krb5_int16 *objp)
212 {
213     int tmp;
214 
215     tmp = (int) *objp;
216 
217     if (!xdr_int(xdrs, &tmp))
218 	return(FALSE);
219 
220     *objp = (krb5_int16) tmp;
221 
222     return(TRUE);
223 }
224 
225 /*
226  * Function: xdr_krb5_ui_2
227  *
228  * Purpose: XDR function which serves as a wrapper for xdr_u_int,
229  * to prevent compiler warnings about type clashes between u_int
230  * and krb5_ui_2.
231  */
232 bool_t
xdr_krb5_ui_2(XDR * xdrs,krb5_ui_2 * objp)233 xdr_krb5_ui_2(XDR *xdrs, krb5_ui_2 *objp)
234 {
235     unsigned int tmp;
236 
237     tmp = (unsigned int) *objp;
238 
239     if (!xdr_u_int(xdrs, &tmp))
240 	return(FALSE);
241 
242     *objp = (krb5_ui_2) tmp;
243 
244     return(TRUE);
245 }
246 
247 
248 
xdr_krb5_key_data_nocontents(XDR * xdrs,krb5_key_data * objp)249 bool_t xdr_krb5_key_data_nocontents(XDR *xdrs, krb5_key_data *objp)
250 {
251      /*
252       * Note that this function intentionally DOES NOT tranfer key
253       * length or contents!  xdr_krb5_key_data in adb_xdr.c does, but
254       * that is only for use within the server-side library.
255       */
256      unsigned int tmp;
257 
258      if (xdrs->x_op == XDR_DECODE)
259 	  memset((char *) objp, 0, sizeof(krb5_key_data));
260 
261      if (!xdr_krb5_int16(xdrs, &objp->key_data_ver)) {
262 	  return (FALSE);
263      }
264      if (!xdr_krb5_int16(xdrs, &objp->key_data_kvno)) {
265 	  return (FALSE);
266      }
267      if (!xdr_krb5_int16(xdrs, &objp->key_data_type[0])) {
268 	  return (FALSE);
269      }
270      if (objp->key_data_ver > 1) {
271 	  if (!xdr_krb5_int16(xdrs, &objp->key_data_type[1])) {
272 	       return (FALSE);
273 	  }
274      }
275      /*
276       * kadm5_get_principal on the server side allocates and returns
277       * key contents when asked.  Even though this function refuses to
278       * transmit that data, it still has to *free* the data at the
279       * appropriate time to avoid a memory leak.
280       */
281      if (xdrs->x_op == XDR_FREE) {
282 	  tmp = (unsigned int) objp->key_data_length[0];
283 	  if (!xdr_bytes(xdrs, (char **) &objp->key_data_contents[0],
284 			 &tmp, ~0))
285 	       return FALSE;
286 
287 	  tmp = (unsigned int) objp->key_data_length[1];
288 	  if (!xdr_bytes(xdrs, (char **) &objp->key_data_contents[1],
289 			 &tmp, ~0))
290 	       return FALSE;
291      }
292 
293      return (TRUE);
294 }
295 
296 
297 bool_t
xdr_krb5_key_salt_tuple(XDR * xdrs,krb5_key_salt_tuple * objp)298 xdr_krb5_key_salt_tuple(XDR *xdrs, krb5_key_salt_tuple *objp)
299 {
300     if (!xdr_krb5_enctype(xdrs, &objp->ks_enctype))
301 	return FALSE;
302     if (!xdr_krb5_salttype(xdrs, &objp->ks_salttype))
303 	return FALSE;
304     return TRUE;
305 }
306 
xdr_krb5_tl_data(XDR * xdrs,krb5_tl_data ** tl_data_head)307 bool_t xdr_krb5_tl_data(XDR *xdrs, krb5_tl_data **tl_data_head)
308 {
309      krb5_tl_data *tl, *tl2;
310      bool_t more;
311      unsigned int len;
312 
313      switch (xdrs->x_op) {
314      case XDR_FREE:
315 	  tl = tl2 = *tl_data_head;
316 	  while (tl) {
317 	       tl2 = tl->tl_data_next;
318 	       free(tl->tl_data_contents);
319 	       free(tl);
320 	       tl = tl2;
321 	  }
322 	  break;
323 
324      case XDR_ENCODE:
325 	  tl = *tl_data_head;
326 	  while (1) {
327 	       more = (tl != NULL);
328 	       if (!xdr_bool(xdrs, &more))
329 		    return FALSE;
330 	       if (tl == NULL)
331 		    break;
332 	       if (!xdr_krb5_int16(xdrs, &tl->tl_data_type))
333 		    return FALSE;
334 	       len = tl->tl_data_length;
335 	       if (!xdr_bytes(xdrs, (char **) &tl->tl_data_contents, &len, ~0))
336 		    return FALSE;
337 	       tl = tl->tl_data_next;
338 	  }
339 	  break;
340 
341      case XDR_DECODE:
342 	  tl = NULL;
343 	  while (1) {
344 	       if (!xdr_bool(xdrs, &more))
345 		    return FALSE;
346 	       if (more == FALSE)
347 		    break;
348 	       tl2 = (krb5_tl_data *) malloc(sizeof(krb5_tl_data));
349 	       if (tl2 == NULL)
350 		    return FALSE;
351 	       memset((char *) tl2, 0, sizeof(krb5_tl_data));
352 	       if (!xdr_krb5_int16(xdrs, &tl2->tl_data_type))
353 		    return FALSE;
354 	       if (!xdr_bytes(xdrs, (char **)&tl2->tl_data_contents, &len, ~0))
355 		    return FALSE;
356 	       tl2->tl_data_length = len;
357 
358 	       tl2->tl_data_next = tl;
359 	       tl = tl2;
360 	  }
361 
362 	  *tl_data_head = tl;
363 	  break;
364      }
365 
366      return TRUE;
367 }
368 
369 bool_t
xdr_kadm5_ret_t(XDR * xdrs,kadm5_ret_t * objp)370 xdr_kadm5_ret_t(XDR *xdrs, kadm5_ret_t *objp)
371 {
372 	uint32_t tmp;
373 
374 	if (xdrs->x_op == XDR_ENCODE)
375 		tmp = (uint32_t) *objp;
376 
377 	if (!xdr_u_int(xdrs, &tmp))
378 		return (FALSE);
379 
380 	if (xdrs->x_op == XDR_DECODE)
381 		*objp = (kadm5_ret_t) tmp;
382 
383 	return (TRUE);
384 }
385 
xdr_kadm5_principal_ent_rec_v1(XDR * xdrs,kadm5_principal_ent_rec * objp)386 bool_t xdr_kadm5_principal_ent_rec_v1(XDR *xdrs,
387 				      kadm5_principal_ent_rec *objp)
388 {
389      return _xdr_kadm5_principal_ent_rec(xdrs, objp, KADM5_API_VERSION_1);
390 }
391 
xdr_kadm5_principal_ent_rec(XDR * xdrs,kadm5_principal_ent_rec * objp)392 bool_t xdr_kadm5_principal_ent_rec(XDR *xdrs,
393 				   kadm5_principal_ent_rec *objp)
394 {
395      return _xdr_kadm5_principal_ent_rec(xdrs, objp, KADM5_API_VERSION_2);
396 }
397 
398 static bool_t
_xdr_kadm5_principal_ent_rec(XDR * xdrs,kadm5_principal_ent_rec * objp,int v)399 _xdr_kadm5_principal_ent_rec(XDR *xdrs, kadm5_principal_ent_rec *objp,
400 			     int v)
401 {
402      unsigned int n;
403 
404 	if (!xdr_krb5_principal(xdrs, &objp->principal)) {
405 		return (FALSE);
406 	}
407 	if (!xdr_krb5_timestamp(xdrs, &objp->princ_expire_time)) {
408 		return (FALSE);
409 	}
410 	if (!xdr_krb5_timestamp(xdrs, &objp->last_pwd_change)) {
411 		return (FALSE);
412 	}
413 	if (!xdr_krb5_timestamp(xdrs, &objp->pw_expiration)) {
414 		return (FALSE);
415 	}
416 	if (!xdr_krb5_deltat(xdrs, &objp->max_life)) {
417 		return (FALSE);
418 	}
419         if (v == KADM5_API_VERSION_1) {
420 	     if (!xdr_krb5_principal(xdrs, &objp->mod_name)) {
421 		  return (FALSE);
422 	     }
423 	} else {
424 	     if (!xdr_nulltype(xdrs, (void **) &objp->mod_name,
425 			       xdr_krb5_principal)) {
426 		  return (FALSE);
427 	     }
428 	}
429 	if (!xdr_krb5_timestamp(xdrs, &objp->mod_date)) {
430 		return (FALSE);
431 	}
432 	if (!xdr_krb5_flags(xdrs, &objp->attributes)) {
433 		return (FALSE);
434 	}
435 	if (!xdr_krb5_kvno(xdrs, &objp->kvno)) {
436 		return (FALSE);
437 	}
438 	if (!xdr_krb5_kvno(xdrs, &objp->mkvno)) {
439 		return (FALSE);
440 	}
441 	if (!xdr_nullstring(xdrs, &objp->policy)) {
442 		return (FALSE);
443 	}
444 	if (!xdr_long(xdrs, &objp->aux_attributes)) {
445 		return (FALSE);
446 	}
447 	if (v != KADM5_API_VERSION_1) {
448 	     if (!xdr_krb5_deltat(xdrs, &objp->max_renewable_life)) {
449 		  return (FALSE);
450 	     }
451 	     if (!xdr_krb5_timestamp(xdrs, &objp->last_success)) {
452 		  return (FALSE);
453 	     }
454 	     if (!xdr_krb5_timestamp(xdrs, &objp->last_failed)) {
455 		  return (FALSE);
456 	     }
457 	     if (!xdr_krb5_kvno(xdrs, &objp->fail_auth_count)) {
458 		  return (FALSE);
459 	     }
460 	     if (!xdr_krb5_int16(xdrs, &objp->n_key_data)) {
461 		  return (FALSE);
462 	     }
463 	     if (!xdr_krb5_int16(xdrs, &objp->n_tl_data)) {
464 		  return (FALSE);
465 	     }
466 	     if (!xdr_nulltype(xdrs, (void **) &objp->tl_data,
467 			       xdr_krb5_tl_data)) {
468 		  return FALSE;
469 	     }
470 	     n = objp->n_key_data;
471 	     if (!xdr_array(xdrs, (caddr_t *) &objp->key_data,
472 			    &n, ~0, sizeof(krb5_key_data),
473 			    xdr_krb5_key_data_nocontents)) {
474 		  return (FALSE);
475 	     }
476 	}
477 	return (TRUE);
478 }
479 
480 bool_t
xdr_kadm5_policy_ent_rec(XDR * xdrs,kadm5_policy_ent_rec * objp)481 xdr_kadm5_policy_ent_rec(XDR *xdrs, kadm5_policy_ent_rec *objp)
482 {
483 	if (!xdr_nullstring(xdrs, &objp->policy)) {
484 		return (FALSE);
485 	}
486 	/* these all used to be u_int32, but it's stupid for sized types
487 	   to be exposed at the api, and they're the same as longs on the
488 	   wire. */
489 	if (!xdr_long(xdrs, &objp->pw_min_life)) {
490 		return (FALSE);
491 	}
492 	if (!xdr_long(xdrs, &objp->pw_max_life)) {
493 		return (FALSE);
494 	}
495 	if (!xdr_long(xdrs, &objp->pw_min_length)) {
496 		return (FALSE);
497 	}
498 	if (!xdr_long(xdrs, &objp->pw_min_classes)) {
499 		return (FALSE);
500 	}
501 	if (!xdr_long(xdrs, &objp->pw_history_num)) {
502 		return (FALSE);
503 	}
504 	if (!xdr_long(xdrs, &objp->policy_refcnt)) {
505 		return (FALSE);
506 	}
507 	return (TRUE);
508 }
509 
510 bool_t
xdr_cprinc_arg(XDR * xdrs,cprinc_arg * objp)511 xdr_cprinc_arg(XDR *xdrs, cprinc_arg *objp)
512 {
513 	if (!xdr_ui_4(xdrs, &objp->api_version)) {
514 		return (FALSE);
515 	}
516 	if (objp->api_version == KADM5_API_VERSION_1) {
517 	     if (!xdr_kadm5_principal_ent_rec_v1(xdrs, &objp->rec)) {
518 		  return (FALSE);
519 	     }
520 	} else {
521 	     if (!xdr_kadm5_principal_ent_rec(xdrs, &objp->rec)) {
522 		  return (FALSE);
523 	     }
524 	}
525 	if (!xdr_long(xdrs, &objp->mask)) {
526 		return (FALSE);
527 	}
528 	if (!xdr_nullstring(xdrs, &objp->passwd)) {
529 		return (FALSE);
530 	}
531 	return (TRUE);
532 }
533 
534 bool_t
xdr_cprinc3_arg(XDR * xdrs,cprinc3_arg * objp)535 xdr_cprinc3_arg(XDR *xdrs, cprinc3_arg *objp)
536 {
537 	if (!xdr_ui_4(xdrs, &objp->api_version)) {
538 		return (FALSE);
539 	}
540 	if (objp->api_version == KADM5_API_VERSION_1) {
541 		if (!xdr_kadm5_principal_ent_rec_v1(xdrs, &objp->rec)) {
542 			return (FALSE);
543 		}
544 	} else {
545 		if (!xdr_kadm5_principal_ent_rec(xdrs, &objp->rec)) {
546 			return (FALSE);
547 		}
548 	}
549 	if (!xdr_long(xdrs, &objp->mask)) {
550 		return (FALSE);
551 	}
552 	if (!xdr_array(xdrs, (caddr_t *)&objp->ks_tuple,
553 		       (unsigned int *)&objp->n_ks_tuple, ~0,
554 		       sizeof(krb5_key_salt_tuple),
555 		       xdr_krb5_key_salt_tuple)) {
556 		return (FALSE);
557 	}
558 	if (!xdr_nullstring(xdrs, &objp->passwd)) {
559 		return (FALSE);
560 	}
561 	return (TRUE);
562 }
563 
564 bool_t
xdr_generic_ret(XDR * xdrs,generic_ret * objp)565 xdr_generic_ret(XDR *xdrs, generic_ret *objp)
566 {
567 	if (!xdr_ui_4(xdrs, &objp->api_version)) {
568 		return (FALSE);
569 	}
570 	if (!xdr_kadm5_ret_t(xdrs, &objp->code)) {
571 		return (FALSE);
572 	}
573 
574 	return(TRUE);
575 }
576 
577 bool_t
xdr_dprinc_arg(XDR * xdrs,dprinc_arg * objp)578 xdr_dprinc_arg(XDR *xdrs, dprinc_arg *objp)
579 {
580 	if (!xdr_ui_4(xdrs, &objp->api_version)) {
581 		return (FALSE);
582 	}
583 	if (!xdr_krb5_principal(xdrs, &objp->princ)) {
584 		return (FALSE);
585 	}
586 	return (TRUE);
587 }
588 
589 bool_t
xdr_mprinc_arg(XDR * xdrs,mprinc_arg * objp)590 xdr_mprinc_arg(XDR *xdrs, mprinc_arg *objp)
591 {
592 	if (!xdr_ui_4(xdrs, &objp->api_version)) {
593 		return (FALSE);
594 	}
595 	if (objp->api_version == KADM5_API_VERSION_1) {
596 	     if (!xdr_kadm5_principal_ent_rec_v1(xdrs, &objp->rec)) {
597 		  return (FALSE);
598 	     }
599 	} else {
600 	     if (!xdr_kadm5_principal_ent_rec(xdrs, &objp->rec)) {
601 		  return (FALSE);
602 	     }
603 	}
604 	if (!xdr_long(xdrs, &objp->mask)) {
605 		return (FALSE);
606 	}
607 	return (TRUE);
608 }
609 
610 bool_t
xdr_rprinc_arg(XDR * xdrs,rprinc_arg * objp)611 xdr_rprinc_arg(XDR *xdrs, rprinc_arg *objp)
612 {
613 	if (!xdr_ui_4(xdrs, &objp->api_version)) {
614 		return (FALSE);
615 	}
616 	if (!xdr_krb5_principal(xdrs, &objp->src)) {
617 		return (FALSE);
618 	}
619 	if (!xdr_krb5_principal(xdrs, &objp->dest)) {
620 		return (FALSE);
621 	}
622 	return (TRUE);
623 }
624 
625 bool_t
xdr_gprincs_arg(XDR * xdrs,gprincs_arg * objp)626 xdr_gprincs_arg(XDR *xdrs, gprincs_arg *objp)
627 {
628      if (!xdr_ui_4(xdrs, &objp->api_version)) {
629 	  return (FALSE);
630      }
631      if (!xdr_nullstring(xdrs, &objp->exp)) {
632 	  return (FALSE);
633      }
634      return (TRUE);
635 }
636 
637 bool_t
xdr_gprincs_ret(XDR * xdrs,gprincs_ret * objp)638 xdr_gprincs_ret(XDR *xdrs, gprincs_ret *objp)
639 {
640      if (!xdr_ui_4(xdrs, &objp->api_version)) {
641 	  return (FALSE);
642      }
643      if (!xdr_kadm5_ret_t(xdrs, &objp->code)) {
644 	  return (FALSE);
645      }
646      if (objp->code == KADM5_OK) {
647 	  if (!xdr_int(xdrs, &objp->count)) {
648 	       return (FALSE);
649 	  }
650 	  if (!xdr_array(xdrs, (caddr_t *) &objp->princs,
651 			 (unsigned int *) &objp->count, ~0,
652 			 sizeof(char *), xdr_nullstring)) {
653 	       return (FALSE);
654 	  }
655      }
656 
657      return (TRUE);
658 }
659 
660 bool_t
xdr_chpass_arg(XDR * xdrs,chpass_arg * objp)661 xdr_chpass_arg(XDR *xdrs, chpass_arg *objp)
662 {
663 	if (!xdr_ui_4(xdrs, &objp->api_version)) {
664 		return (FALSE);
665 	}
666 	if (!xdr_krb5_principal(xdrs, &objp->princ)) {
667 		return (FALSE);
668 	}
669 	if (!xdr_nullstring(xdrs, &objp->pass)) {
670 		return (FALSE);
671 	}
672 	return (TRUE);
673 }
674 
675 bool_t
xdr_chpass3_arg(XDR * xdrs,chpass3_arg * objp)676 xdr_chpass3_arg(XDR *xdrs, chpass3_arg *objp)
677 {
678 	if (!xdr_ui_4(xdrs, &objp->api_version)) {
679 		return (FALSE);
680 	}
681 	if (!xdr_krb5_principal(xdrs, &objp->princ)) {
682 		return (FALSE);
683 	}
684 	if (!xdr_bool(xdrs, (bool_t *) &objp->keepold)) { /* SUNWresync121 XXX */
685 		return (FALSE);
686 	}
687 	if (!xdr_array(xdrs, (caddr_t *)&objp->ks_tuple,
688 		       (unsigned int*)&objp->n_ks_tuple, ~0,
689 		       sizeof(krb5_key_salt_tuple),
690 		       xdr_krb5_key_salt_tuple)) {
691 		return (FALSE);
692 	}
693 	if (!xdr_nullstring(xdrs, &objp->pass)) {
694 		return (FALSE);
695 	}
696 	return (TRUE);
697 }
698 
699 bool_t
xdr_setv4key_arg(XDR * xdrs,setv4key_arg * objp)700 xdr_setv4key_arg(XDR *xdrs, setv4key_arg *objp)
701 {
702 	unsigned int n_keys = 1;
703 
704 	if (!xdr_ui_4(xdrs, &objp->api_version)) {
705 		return (FALSE);
706 	}
707 	if (!xdr_krb5_principal(xdrs, &objp->princ)) {
708 		return (FALSE);
709 	}
710 	if (!xdr_array(xdrs, (caddr_t *) &objp->keyblock,
711 		       &n_keys, ~0,
712 		       sizeof(krb5_keyblock), xdr_krb5_keyblock)) {
713 	        return (FALSE);
714 	}
715 	return (TRUE);
716 }
717 
718 bool_t
xdr_setkey_arg(XDR * xdrs,setkey_arg * objp)719 xdr_setkey_arg(XDR *xdrs, setkey_arg *objp)
720 {
721 	if (!xdr_ui_4(xdrs, &objp->api_version)) {
722 		return (FALSE);
723 	}
724 	if (!xdr_krb5_principal(xdrs, &objp->princ)) {
725 		return (FALSE);
726 	}
727 	if (!xdr_array(xdrs, (caddr_t *) &objp->keyblocks,
728 		       (unsigned int *) &objp->n_keys, ~0,
729 		       sizeof(krb5_keyblock), xdr_krb5_keyblock)) {
730 	        return (FALSE);
731 	}
732 	return (TRUE);
733 }
734 
735 bool_t
xdr_setkey3_arg(XDR * xdrs,setkey3_arg * objp)736 xdr_setkey3_arg(XDR *xdrs, setkey3_arg *objp)
737 {
738 	if (!xdr_ui_4(xdrs, &objp->api_version)) {
739 		return (FALSE);
740 	}
741 	if (!xdr_krb5_principal(xdrs, &objp->princ)) {
742 		return (FALSE);
743 	}
744 	if (!xdr_bool(xdrs, (bool_t *) &objp->keepold)) { /* SUNWresync121 XXX */
745 		return (FALSE);
746 	}
747 	if (!xdr_array(xdrs, (caddr_t *) &objp->ks_tuple,
748 		       (unsigned int *) &objp->n_ks_tuple, ~0,
749 		       sizeof(krb5_key_salt_tuple), xdr_krb5_key_salt_tuple)) {
750 		return (FALSE);
751 	}
752 	if (!xdr_array(xdrs, (caddr_t *) &objp->keyblocks,
753 		       (unsigned int *) &objp->n_keys, ~0,
754 		       sizeof(krb5_keyblock), xdr_krb5_keyblock)) {
755 		return (FALSE);
756 	}
757 	return (TRUE);
758 }
759 
760 bool_t
xdr_chrand_arg(XDR * xdrs,chrand_arg * objp)761 xdr_chrand_arg(XDR *xdrs, chrand_arg *objp)
762 {
763 	if (!xdr_ui_4(xdrs, &objp->api_version)) {
764 		return (FALSE);
765 	}
766 	if (!xdr_krb5_principal(xdrs, &objp->princ)) {
767 		return (FALSE);
768 	}
769 	return (TRUE);
770 }
771 
772 bool_t
xdr_chrand3_arg(XDR * xdrs,chrand3_arg * objp)773 xdr_chrand3_arg(XDR *xdrs, chrand3_arg *objp)
774 {
775 	if (!xdr_ui_4(xdrs, &objp->api_version)) {
776 		return (FALSE);
777 	}
778 	if (!xdr_krb5_principal(xdrs, &objp->princ)) {
779 		return (FALSE);
780 	}
781 	if (!xdr_bool(xdrs, (bool_t *) &objp->keepold)) { /* SUNWresync121 XXX */
782 		return (FALSE);
783 	}
784 	if (!xdr_array(xdrs, (caddr_t *)&objp->ks_tuple,
785 		       (unsigned int*)&objp->n_ks_tuple, ~0,
786 		       sizeof(krb5_key_salt_tuple),
787 		       xdr_krb5_key_salt_tuple)) {
788 		return (FALSE);
789 	}
790 	return (TRUE);
791 }
792 
793 bool_t
xdr_chrand_ret(XDR * xdrs,chrand_ret * objp)794 xdr_chrand_ret(XDR *xdrs, chrand_ret *objp)
795 {
796 	if (!xdr_ui_4(xdrs, &objp->api_version)) {
797 		return (FALSE);
798 	}
799 	if (!xdr_kadm5_ret_t(xdrs, &objp->code)) {
800 		return (FALSE);
801 	}
802 	if (objp->api_version == KADM5_API_VERSION_1) {
803 	     if(objp->code == KADM5_OK) {
804 		  if (!xdr_krb5_keyblock(xdrs, &objp->key)) {
805 		       return (FALSE);
806 		  }
807 	     }
808 	} else {
809 	     if (objp->code == KADM5_OK) {
810 		  if (!xdr_array(xdrs, (char **)&objp->keys, (unsigned int *)&objp->n_keys, ~0,
811 				 sizeof(krb5_keyblock),
812 				 xdr_krb5_keyblock))
813 		       return FALSE;
814 	     }
815 	}
816 
817 	return (TRUE);
818 }
819 
820 bool_t
xdr_gprinc_arg(XDR * xdrs,gprinc_arg * objp)821 xdr_gprinc_arg(XDR *xdrs, gprinc_arg *objp)
822 {
823 	if (!xdr_ui_4(xdrs, &objp->api_version)) {
824 		return (FALSE);
825 	}
826 	if (!xdr_krb5_principal(xdrs, &objp->princ)) {
827 		return (FALSE);
828 	}
829 	if ((objp->api_version > KADM5_API_VERSION_1) &&
830 	    !xdr_long(xdrs, &objp->mask)) {
831 	     return FALSE;
832 	}
833 
834 	return (TRUE);
835 }
836 
837 bool_t
xdr_gprinc_ret(XDR * xdrs,gprinc_ret * objp)838 xdr_gprinc_ret(XDR *xdrs, gprinc_ret *objp)
839 {
840 	if (!xdr_ui_4(xdrs, &objp->api_version)) {
841 		return (FALSE);
842 	}
843 	if (!xdr_kadm5_ret_t(xdrs, &objp->code)) {
844 		return (FALSE);
845 	}
846 	if(objp->code == KADM5_OK)  {
847 	     if (objp->api_version == KADM5_API_VERSION_1) {
848 		  if (!xdr_kadm5_principal_ent_rec_v1(xdrs, &objp->rec)) {
849 		       return (FALSE);
850 		  }
851 	     } else {
852 		  if (!xdr_kadm5_principal_ent_rec(xdrs, &objp->rec)) {
853 		       return (FALSE);
854 		  }
855 	     }
856 	}
857 
858 	return (TRUE);
859 }
860 
861 bool_t
xdr_cpol_arg(XDR * xdrs,cpol_arg * objp)862 xdr_cpol_arg(XDR *xdrs, cpol_arg *objp)
863 {
864 	if (!xdr_ui_4(xdrs, &objp->api_version)) {
865 		return (FALSE);
866 	}
867 	if (!xdr_kadm5_policy_ent_rec(xdrs, &objp->rec)) {
868 		return (FALSE);
869 	}
870 	if (!xdr_long(xdrs, &objp->mask)) {
871 		return (FALSE);
872 	}
873 	return (TRUE);
874 }
875 
876 bool_t
xdr_dpol_arg(XDR * xdrs,dpol_arg * objp)877 xdr_dpol_arg(XDR *xdrs, dpol_arg *objp)
878 {
879 	if (!xdr_ui_4(xdrs, &objp->api_version)) {
880 		return (FALSE);
881 	}
882 	if (!xdr_nullstring(xdrs, &objp->name)) {
883 		return (FALSE);
884 	}
885 	return (TRUE);
886 }
887 
888 bool_t
xdr_mpol_arg(XDR * xdrs,mpol_arg * objp)889 xdr_mpol_arg(XDR *xdrs, mpol_arg *objp)
890 {
891 	if (!xdr_ui_4(xdrs, &objp->api_version)) {
892 		return (FALSE);
893 	}
894 	if (!xdr_kadm5_policy_ent_rec(xdrs, &objp->rec)) {
895 		return (FALSE);
896 	}
897 	if (!xdr_long(xdrs, &objp->mask)) {
898 		return (FALSE);
899 	}
900 	return (TRUE);
901 }
902 
903 bool_t
xdr_gpol_arg(XDR * xdrs,gpol_arg * objp)904 xdr_gpol_arg(XDR *xdrs, gpol_arg *objp)
905 {
906 	if (!xdr_ui_4(xdrs, &objp->api_version)) {
907 		return (FALSE);
908 	}
909 	if (!xdr_nullstring(xdrs, &objp->name)) {
910 		return (FALSE);
911 	}
912 	return (TRUE);
913 }
914 
915 bool_t
xdr_gpol_ret(XDR * xdrs,gpol_ret * objp)916 xdr_gpol_ret(XDR *xdrs, gpol_ret *objp)
917 {
918 	if (!xdr_ui_4(xdrs, &objp->api_version)) {
919 		return (FALSE);
920 	}
921 	if (!xdr_kadm5_ret_t(xdrs, &objp->code)) {
922 		return (FALSE);
923 	}
924 	if(objp->code == KADM5_OK) {
925 	    if (!xdr_kadm5_policy_ent_rec(xdrs, &objp->rec))
926 		return (FALSE);
927 	}
928 
929 	return (TRUE);
930 }
931 
932 bool_t
xdr_gpols_arg(XDR * xdrs,gpols_arg * objp)933 xdr_gpols_arg(XDR *xdrs, gpols_arg *objp)
934 {
935      if (!xdr_ui_4(xdrs, &objp->api_version)) {
936 	  return (FALSE);
937      }
938      if (!xdr_nullstring(xdrs, &objp->exp)) {
939 	  return (FALSE);
940      }
941      return (TRUE);
942 }
943 
944 bool_t
xdr_gpols_ret(XDR * xdrs,gpols_ret * objp)945 xdr_gpols_ret(XDR *xdrs, gpols_ret *objp)
946 {
947      if (!xdr_ui_4(xdrs, &objp->api_version)) {
948 	  return (FALSE);
949      }
950      if (!xdr_kadm5_ret_t(xdrs, &objp->code)) {
951 	  return (FALSE);
952      }
953      if (objp->code == KADM5_OK) {
954 	  if (!xdr_int(xdrs, &objp->count)) {
955 	       return (FALSE);
956 	  }
957 	  if (!xdr_array(xdrs, (caddr_t *) &objp->pols,
958 			 (unsigned int *) &objp->count, ~0,
959 			 sizeof(char *), xdr_nullstring)) {
960 	       return (FALSE);
961 	  }
962      }
963 
964      return (TRUE);
965 }
966 
xdr_getprivs_ret(XDR * xdrs,getprivs_ret * objp)967 bool_t xdr_getprivs_ret(XDR *xdrs, getprivs_ret *objp)
968 {
969 	if (!xdr_ui_4(xdrs, &objp->api_version)) {
970 		return (FALSE);
971 	}
972      if (! xdr_kadm5_ret_t(xdrs, &objp->code) ||
973 	 ! xdr_long(xdrs, &objp->privs))
974 	  return FALSE;
975 
976      return TRUE;
977 }
978 
979 bool_t
xdr_krb5_principal(XDR * xdrs,krb5_principal * objp)980 xdr_krb5_principal(XDR *xdrs, krb5_principal *objp)
981 {
982     int	    ret;
983     char	    *p = NULL;
984     krb5_principal  pr = NULL;
985     static krb5_context context = NULL;
986 
987     /* using a static context here is ugly, but should work
988        ok, and the other solutions are even uglier */
989 
990     if (!context &&
991 	kadm5_init_krb5_context(&context))
992        return(FALSE);
993 
994     switch(xdrs->x_op) {
995     case XDR_ENCODE:
996 	if (*objp) {
997 	     if((ret = krb5_unparse_name(context, *objp, &p)) != 0)
998 		  return FALSE;
999 	}
1000 	if(!xdr_nullstring(xdrs, &p))
1001 	    return FALSE;
1002 	if (p) free(p);
1003 	break;
1004     case XDR_DECODE:
1005 	if(!xdr_nullstring(xdrs, &p))
1006 	    return FALSE;
1007 	if (p) {
1008 	     ret = krb5_parse_name(context, p, &pr);
1009 	     if(ret != 0)
1010 		  return FALSE;
1011 	     *objp = pr;
1012 	     free(p);
1013 	} else
1014 	     *objp = NULL;
1015 	break;
1016     case XDR_FREE:
1017 	if(*objp != NULL)
1018 	    krb5_free_principal(context, *objp);
1019 	break;
1020     }
1021     return TRUE;
1022 }
1023 
1024 bool_t
xdr_krb5_octet(XDR * xdrs,krb5_octet * objp)1025 xdr_krb5_octet(XDR *xdrs, krb5_octet *objp)
1026 {
1027    if (!xdr_u_char(xdrs, objp))
1028 	return (FALSE);
1029    return (TRUE);
1030 }
1031 
1032 bool_t
xdr_krb5_enctype(XDR * xdrs,krb5_enctype * objp)1033 xdr_krb5_enctype(XDR *xdrs, krb5_enctype *objp)
1034 {
1035    /*
1036     * This used to be xdr_krb5_keytype, but keytypes and enctypes have
1037     * been merged into only enctypes.  However, randkey_principal
1038     * already ensures that only a key of ENCTYPE_DES_CBC_CRC will be
1039     * returned to v1 clients, and ENCTYPE_DES_CBC_CRC has the same
1040     * value as KEYTYPE_DES used too, which is what all v1 clients
1041     * expect.  Therefore, IMHO, just encoding whatever enctype we get
1042     * is safe.
1043     */
1044 
1045    if (!xdr_u_int(xdrs, (unsigned int *) objp))
1046 	return (FALSE);
1047    return (TRUE);
1048 }
1049 
1050 bool_t
xdr_krb5_salttype(XDR * xdrs,krb5_int32 * objp)1051 xdr_krb5_salttype(XDR *xdrs, krb5_int32 *objp)
1052 {
1053     if (!xdr_int(xdrs, (int32_t *) objp))
1054 	return FALSE;
1055     return TRUE;
1056 }
1057 
1058 bool_t
xdr_krb5_keyblock(XDR * xdrs,krb5_keyblock * objp)1059 xdr_krb5_keyblock(XDR *xdrs, krb5_keyblock *objp)
1060 {
1061    /* XXX This only works because free_keyblock assumes ->contents
1062       is allocated by malloc() */
1063 
1064    if(!xdr_krb5_enctype(xdrs, &objp->enctype))
1065       return FALSE;
1066    if(!xdr_bytes(xdrs, (char **) &objp->contents, (unsigned int *)
1067 		 &objp->length, ~0))
1068       return FALSE;
1069    return TRUE;
1070 }
1071