17c478bd9Sstevel@tonic-gate /*
27c478bd9Sstevel@tonic-gate  * lib/krb5/krb/ser_auth.c
37c478bd9Sstevel@tonic-gate  *
47c478bd9Sstevel@tonic-gate  * Copyright 1995 by the Massachusetts Institute of Technology.
57c478bd9Sstevel@tonic-gate  * All Rights Reserved.
67c478bd9Sstevel@tonic-gate  *
77c478bd9Sstevel@tonic-gate  * Export of this software from the United States of America may
87c478bd9Sstevel@tonic-gate  *   require a specific license from the United States Government.
97c478bd9Sstevel@tonic-gate  *   It is the responsibility of any person or organization contemplating
107c478bd9Sstevel@tonic-gate  *   export to obtain such a license before exporting.
117c478bd9Sstevel@tonic-gate  *
127c478bd9Sstevel@tonic-gate  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
137c478bd9Sstevel@tonic-gate  * distribute this software and its documentation for any purpose and
147c478bd9Sstevel@tonic-gate  * without fee is hereby granted, provided that the above copyright
157c478bd9Sstevel@tonic-gate  * notice appear in all copies and that both that copyright notice and
167c478bd9Sstevel@tonic-gate  * this permission notice appear in supporting documentation, and that
177c478bd9Sstevel@tonic-gate  * the name of M.I.T. not be used in advertising or publicity pertaining
187c478bd9Sstevel@tonic-gate  * to distribution of the software without specific, written prior
19159d09a2SMark Phalan  * permission.  Furthermore if you modify this software you must label
20159d09a2SMark Phalan  * your software as modified software and not distribute it in such a
21159d09a2SMark Phalan  * fashion that it might be confused with the original M.I.T. software.
22159d09a2SMark Phalan  * M.I.T. makes no representations about the suitability of
237c478bd9Sstevel@tonic-gate  * this software for any purpose.  It is provided "as is" without express
247c478bd9Sstevel@tonic-gate  * or implied warranty.
257c478bd9Sstevel@tonic-gate  *
267c478bd9Sstevel@tonic-gate  */
277c478bd9Sstevel@tonic-gate 
287c478bd9Sstevel@tonic-gate /*
297c478bd9Sstevel@tonic-gate  * ser_auth.c - Serialize krb5_authenticator structure.
307c478bd9Sstevel@tonic-gate  */
31159d09a2SMark Phalan #include "k5-int.h"
32159d09a2SMark Phalan #include "int-proto.h"
337c478bd9Sstevel@tonic-gate 
347c478bd9Sstevel@tonic-gate /*
357c478bd9Sstevel@tonic-gate  * Routines to deal with externalizing the krb5_authenticator:
367c478bd9Sstevel@tonic-gate  *	krb5_authenticator_size();
377c478bd9Sstevel@tonic-gate  *	krb5_authenticator_externalize();
387c478bd9Sstevel@tonic-gate  *	krb5_authenticator_internalize();
397c478bd9Sstevel@tonic-gate  */
407c478bd9Sstevel@tonic-gate static krb5_error_code krb5_authenticator_size
41505d05c7Sgtb 	(krb5_context, krb5_pointer, size_t *);
427c478bd9Sstevel@tonic-gate static krb5_error_code krb5_authenticator_externalize
43505d05c7Sgtb 	(krb5_context, krb5_pointer, krb5_octet **, size_t *);
447c478bd9Sstevel@tonic-gate static krb5_error_code krb5_authenticator_internalize
45505d05c7Sgtb 	(krb5_context,krb5_pointer *, krb5_octet **, size_t *);
467c478bd9Sstevel@tonic-gate 
477c478bd9Sstevel@tonic-gate /* Local data */
487c478bd9Sstevel@tonic-gate static const krb5_ser_entry krb5_authenticator_ser_entry = {
497c478bd9Sstevel@tonic-gate     KV5M_AUTHENTICATOR,			/* Type			*/
507c478bd9Sstevel@tonic-gate     krb5_authenticator_size,		/* Sizer routine	*/
517c478bd9Sstevel@tonic-gate     krb5_authenticator_externalize,	/* Externalize routine	*/
527c478bd9Sstevel@tonic-gate     krb5_authenticator_internalize	/* Internalize routine	*/
537c478bd9Sstevel@tonic-gate };
547c478bd9Sstevel@tonic-gate 
557c478bd9Sstevel@tonic-gate /*
567c478bd9Sstevel@tonic-gate  * krb5_authenticator_size()	- Determine the size required to externalize
577c478bd9Sstevel@tonic-gate  *				  the krb5_authenticator.
587c478bd9Sstevel@tonic-gate  */
597c478bd9Sstevel@tonic-gate static krb5_error_code
krb5_authenticator_size(krb5_context kcontext,krb5_pointer arg,size_t * sizep)60505d05c7Sgtb krb5_authenticator_size(krb5_context kcontext, krb5_pointer arg, size_t *sizep)
617c478bd9Sstevel@tonic-gate {
627c478bd9Sstevel@tonic-gate     krb5_error_code	kret;
637c478bd9Sstevel@tonic-gate     krb5_authenticator	*authenticator;
647c478bd9Sstevel@tonic-gate     size_t		required;
657c478bd9Sstevel@tonic-gate 
667c478bd9Sstevel@tonic-gate     /*
677c478bd9Sstevel@tonic-gate      * krb5_authenticator requires at minimum:
687c478bd9Sstevel@tonic-gate      *	krb5_int32		for KV5M_AUTHENTICATOR
697c478bd9Sstevel@tonic-gate      *	krb5_int32		for seconds
707c478bd9Sstevel@tonic-gate      *	krb5_int32		for cusec
717c478bd9Sstevel@tonic-gate      *	krb5_int32		for seq_number
727c478bd9Sstevel@tonic-gate      *	krb5_int32		for number in authorization_data array.
737c478bd9Sstevel@tonic-gate      *	krb5_int32		for KV5M_AUTHENTICATOR
747c478bd9Sstevel@tonic-gate      */
757c478bd9Sstevel@tonic-gate     kret = EINVAL;
76159d09a2SMark Phalan     /* Solaris Kerberos */
777c478bd9Sstevel@tonic-gate     authenticator = (krb5_authenticator *) arg;
787c478bd9Sstevel@tonic-gate     if (authenticator) {
797c478bd9Sstevel@tonic-gate 	required = sizeof(krb5_int32)*6;
807c478bd9Sstevel@tonic-gate 
817c478bd9Sstevel@tonic-gate 	/* Calculate size required by client, if appropriate */
827c478bd9Sstevel@tonic-gate 	if (authenticator->client)
837c478bd9Sstevel@tonic-gate 	    kret = krb5_size_opaque(kcontext,
847c478bd9Sstevel@tonic-gate 				    KV5M_PRINCIPAL,
857c478bd9Sstevel@tonic-gate 				    (krb5_pointer) authenticator->client,
867c478bd9Sstevel@tonic-gate 				    &required);
877c478bd9Sstevel@tonic-gate 	else
887c478bd9Sstevel@tonic-gate 	    kret = 0;
897c478bd9Sstevel@tonic-gate 
907c478bd9Sstevel@tonic-gate 	/* Calculate size required by checksum, if appropriate */
917c478bd9Sstevel@tonic-gate 	if (!kret && authenticator->checksum)
927c478bd9Sstevel@tonic-gate 	    kret = krb5_size_opaque(kcontext,
937c478bd9Sstevel@tonic-gate 				    KV5M_CHECKSUM,
947c478bd9Sstevel@tonic-gate 				    (krb5_pointer) authenticator->checksum,
957c478bd9Sstevel@tonic-gate 				    &required);
967c478bd9Sstevel@tonic-gate 
977c478bd9Sstevel@tonic-gate 	/* Calculate size required by subkey, if appropriate */
987c478bd9Sstevel@tonic-gate 	if (!kret && authenticator->subkey)
997c478bd9Sstevel@tonic-gate 	    kret = krb5_size_opaque(kcontext,
1007c478bd9Sstevel@tonic-gate 				    KV5M_KEYBLOCK,
1017c478bd9Sstevel@tonic-gate 				    (krb5_pointer) authenticator->subkey,
1027c478bd9Sstevel@tonic-gate 				    &required);
1037c478bd9Sstevel@tonic-gate 
1047c478bd9Sstevel@tonic-gate 	/* Calculate size required by authorization_data, if appropriate */
1057c478bd9Sstevel@tonic-gate 	if (!kret && authenticator->authorization_data) {
1067c478bd9Sstevel@tonic-gate 	    int i;
1077c478bd9Sstevel@tonic-gate 
1087c478bd9Sstevel@tonic-gate 	    for (i=0; !kret && authenticator->authorization_data[i]; i++) {
1097c478bd9Sstevel@tonic-gate 		kret = krb5_size_opaque(kcontext,
1107c478bd9Sstevel@tonic-gate 					KV5M_AUTHDATA,
1117c478bd9Sstevel@tonic-gate 					(krb5_pointer) authenticator->
1127c478bd9Sstevel@tonic-gate 					authorization_data[i],
1137c478bd9Sstevel@tonic-gate 					&required);
1147c478bd9Sstevel@tonic-gate 	    }
1157c478bd9Sstevel@tonic-gate 	}
1167c478bd9Sstevel@tonic-gate     }
1177c478bd9Sstevel@tonic-gate     if (!kret)
1187c478bd9Sstevel@tonic-gate 	*sizep += required;
1197c478bd9Sstevel@tonic-gate     return(kret);
1207c478bd9Sstevel@tonic-gate }
1217c478bd9Sstevel@tonic-gate 
1227c478bd9Sstevel@tonic-gate /*
1237c478bd9Sstevel@tonic-gate  * krb5_authenticator_externalize()	- Externalize the krb5_authenticator.
1247c478bd9Sstevel@tonic-gate  */
1257c478bd9Sstevel@tonic-gate static krb5_error_code
krb5_authenticator_externalize(krb5_context kcontext,krb5_pointer arg,krb5_octet ** buffer,size_t * lenremain)126505d05c7Sgtb krb5_authenticator_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet **buffer, size_t *lenremain)
1277c478bd9Sstevel@tonic-gate {
1287c478bd9Sstevel@tonic-gate     krb5_error_code	kret;
1297c478bd9Sstevel@tonic-gate     krb5_authenticator	*authenticator;
1307c478bd9Sstevel@tonic-gate     size_t		required;
1317c478bd9Sstevel@tonic-gate     krb5_octet		*bp;
1327c478bd9Sstevel@tonic-gate     size_t		remain;
1337c478bd9Sstevel@tonic-gate     int			i;
1347c478bd9Sstevel@tonic-gate 
1357c478bd9Sstevel@tonic-gate     required = 0;
1367c478bd9Sstevel@tonic-gate     bp = *buffer;
1377c478bd9Sstevel@tonic-gate     remain = *lenremain;
1387c478bd9Sstevel@tonic-gate     kret = EINVAL;
139159d09a2SMark Phalan     /* Solaris Kerberos */
1407c478bd9Sstevel@tonic-gate     authenticator = (krb5_authenticator *) arg;
1417c478bd9Sstevel@tonic-gate     if (authenticator) {
1427c478bd9Sstevel@tonic-gate 	kret = ENOMEM;
1437c478bd9Sstevel@tonic-gate 	if (!krb5_authenticator_size(kcontext, arg, &required) &&
1447c478bd9Sstevel@tonic-gate 	    (required <= remain)) {
1457c478bd9Sstevel@tonic-gate 	    /* First write our magic number */
1467c478bd9Sstevel@tonic-gate 	    (void) krb5_ser_pack_int32(KV5M_AUTHENTICATOR, &bp, &remain);
147*55fea89dSDan Cross 
1487c478bd9Sstevel@tonic-gate 	    /* Now ctime */
1497c478bd9Sstevel@tonic-gate 	    (void) krb5_ser_pack_int32((krb5_int32) authenticator->ctime,
1507c478bd9Sstevel@tonic-gate 				       &bp, &remain);
1517c478bd9Sstevel@tonic-gate 
1527c478bd9Sstevel@tonic-gate 	    /* Now cusec */
1537c478bd9Sstevel@tonic-gate 	    (void) krb5_ser_pack_int32((krb5_int32) authenticator->cusec,
1547c478bd9Sstevel@tonic-gate 				       &bp, &remain);
1557c478bd9Sstevel@tonic-gate 
1567c478bd9Sstevel@tonic-gate 	    /* Now seq_number */
1577c478bd9Sstevel@tonic-gate 	    (void) krb5_ser_pack_int32(authenticator->seq_number,
1587c478bd9Sstevel@tonic-gate 				       &bp, &remain);
1597c478bd9Sstevel@tonic-gate 
1607c478bd9Sstevel@tonic-gate 	    /* Now handle client, if appropriate */
1617c478bd9Sstevel@tonic-gate 	    if (authenticator->client)
1627c478bd9Sstevel@tonic-gate 		kret = krb5_externalize_opaque(kcontext,
1637c478bd9Sstevel@tonic-gate 					       KV5M_PRINCIPAL,
1647c478bd9Sstevel@tonic-gate 					       (krb5_pointer)
1657c478bd9Sstevel@tonic-gate 					       authenticator->client,
1667c478bd9Sstevel@tonic-gate 					       &bp,
1677c478bd9Sstevel@tonic-gate 					       &remain);
1687c478bd9Sstevel@tonic-gate 	    else
1697c478bd9Sstevel@tonic-gate 		kret = 0;
1707c478bd9Sstevel@tonic-gate 
1717c478bd9Sstevel@tonic-gate 	    /* Now handle checksum, if appropriate */
1727c478bd9Sstevel@tonic-gate 	    if (!kret && authenticator->checksum)
1737c478bd9Sstevel@tonic-gate 		kret = krb5_externalize_opaque(kcontext,
1747c478bd9Sstevel@tonic-gate 					       KV5M_CHECKSUM,
1757c478bd9Sstevel@tonic-gate 					       (krb5_pointer)
1767c478bd9Sstevel@tonic-gate 					       authenticator->checksum,
1777c478bd9Sstevel@tonic-gate 					       &bp,
1787c478bd9Sstevel@tonic-gate 					       &remain);
1797c478bd9Sstevel@tonic-gate 
1807c478bd9Sstevel@tonic-gate 	    /* Now handle subkey, if appropriate */
1817c478bd9Sstevel@tonic-gate 	    if (!kret && authenticator->subkey)
1827c478bd9Sstevel@tonic-gate 		kret = krb5_externalize_opaque(kcontext,
1837c478bd9Sstevel@tonic-gate 					       KV5M_KEYBLOCK,
1847c478bd9Sstevel@tonic-gate 					       (krb5_pointer)
1857c478bd9Sstevel@tonic-gate 					       authenticator->subkey,
1867c478bd9Sstevel@tonic-gate 					       &bp,
1877c478bd9Sstevel@tonic-gate 					       &remain);
1887c478bd9Sstevel@tonic-gate 
1897c478bd9Sstevel@tonic-gate 	    /* Now handle authorization_data, if appropriate */
1907c478bd9Sstevel@tonic-gate 	    if (!kret) {
1917c478bd9Sstevel@tonic-gate 		if (authenticator->authorization_data)
1927c478bd9Sstevel@tonic-gate 		    for (i=0; authenticator->authorization_data[i]; i++);
1937c478bd9Sstevel@tonic-gate 		else
1947c478bd9Sstevel@tonic-gate 		    i = 0;
1957c478bd9Sstevel@tonic-gate 		(void) krb5_ser_pack_int32((krb5_int32) i, &bp, &remain);
1967c478bd9Sstevel@tonic-gate 
1977c478bd9Sstevel@tonic-gate 		/* Now pound out the authorization_data */
1987c478bd9Sstevel@tonic-gate 		if (authenticator->authorization_data) {
1997c478bd9Sstevel@tonic-gate 		    for (i=0; !kret && authenticator->authorization_data[i];
2007c478bd9Sstevel@tonic-gate 			 i++)
2017c478bd9Sstevel@tonic-gate 			kret = krb5_externalize_opaque(kcontext,
2027c478bd9Sstevel@tonic-gate 						       KV5M_AUTHDATA,
2037c478bd9Sstevel@tonic-gate 						       (krb5_pointer)
2047c478bd9Sstevel@tonic-gate 						       authenticator->
2057c478bd9Sstevel@tonic-gate 						       authorization_data[i],
2067c478bd9Sstevel@tonic-gate 						       &bp,
2077c478bd9Sstevel@tonic-gate 						       &remain);
2087c478bd9Sstevel@tonic-gate 		}
2097c478bd9Sstevel@tonic-gate 	    }
2107c478bd9Sstevel@tonic-gate 
2117c478bd9Sstevel@tonic-gate 	    /*
2127c478bd9Sstevel@tonic-gate 	     * If we were successful, write trailer then update the pointer and
2137c478bd9Sstevel@tonic-gate 	     * remaining length;
2147c478bd9Sstevel@tonic-gate 	     */
2157c478bd9Sstevel@tonic-gate 	    if (!kret) {
2167c478bd9Sstevel@tonic-gate 		/* Write our trailer */
2177c478bd9Sstevel@tonic-gate 		(void) krb5_ser_pack_int32(KV5M_AUTHENTICATOR, &bp, &remain);
2187c478bd9Sstevel@tonic-gate 		*buffer = bp;
2197c478bd9Sstevel@tonic-gate 		*lenremain = remain;
2207c478bd9Sstevel@tonic-gate 	    }
2217c478bd9Sstevel@tonic-gate 	}
2227c478bd9Sstevel@tonic-gate     }
2237c478bd9Sstevel@tonic-gate     return(kret);
2247c478bd9Sstevel@tonic-gate }
2257c478bd9Sstevel@tonic-gate 
2267c478bd9Sstevel@tonic-gate /*
2277c478bd9Sstevel@tonic-gate  * krb5_authenticator_internalize()	- Internalize the krb5_authenticator.
2287c478bd9Sstevel@tonic-gate  */
2297c478bd9Sstevel@tonic-gate static krb5_error_code
krb5_authenticator_internalize(krb5_context kcontext,krb5_pointer * argp,krb5_octet ** buffer,size_t * lenremain)230505d05c7Sgtb krb5_authenticator_internalize(krb5_context kcontext, krb5_pointer *argp, krb5_octet **buffer, size_t *lenremain)
2317c478bd9Sstevel@tonic-gate {
2327c478bd9Sstevel@tonic-gate     krb5_error_code	kret;
2337c478bd9Sstevel@tonic-gate     krb5_authenticator	*authenticator;
2347c478bd9Sstevel@tonic-gate     krb5_int32		ibuf;
2357c478bd9Sstevel@tonic-gate     krb5_octet		*bp;
2367c478bd9Sstevel@tonic-gate     size_t		remain;
2377c478bd9Sstevel@tonic-gate     int			i;
2387c478bd9Sstevel@tonic-gate     krb5_int32		nadata;
2397c478bd9Sstevel@tonic-gate     size_t		len;
2407c478bd9Sstevel@tonic-gate 
2417c478bd9Sstevel@tonic-gate     bp = *buffer;
2427c478bd9Sstevel@tonic-gate     remain = *lenremain;
2437c478bd9Sstevel@tonic-gate     kret = EINVAL;
2447c478bd9Sstevel@tonic-gate     /* Read our magic number */
2457c478bd9Sstevel@tonic-gate     if (krb5_ser_unpack_int32(&ibuf, &bp, &remain))
2467c478bd9Sstevel@tonic-gate 	ibuf = 0;
2477c478bd9Sstevel@tonic-gate     if (ibuf == KV5M_AUTHENTICATOR) {
2487c478bd9Sstevel@tonic-gate 	kret = ENOMEM;
2497c478bd9Sstevel@tonic-gate 
2507c478bd9Sstevel@tonic-gate 	/* Get memory for the authenticator */
2517c478bd9Sstevel@tonic-gate 	if ((remain >= (3*sizeof(krb5_int32))) &&
252*55fea89dSDan Cross 	    (authenticator = (krb5_authenticator *)
2537c478bd9Sstevel@tonic-gate 	     MALLOC(sizeof(krb5_authenticator)))) {
2547c478bd9Sstevel@tonic-gate 	    (void) memset(authenticator, 0, sizeof(krb5_authenticator));
2557c478bd9Sstevel@tonic-gate 
2567c478bd9Sstevel@tonic-gate 	    /* Get ctime */
2577c478bd9Sstevel@tonic-gate 	    (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
2587c478bd9Sstevel@tonic-gate 	    authenticator->ctime = (krb5_timestamp) ibuf;
2597c478bd9Sstevel@tonic-gate 
2607c478bd9Sstevel@tonic-gate 	    /* Get cusec */
2617c478bd9Sstevel@tonic-gate 	    (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
2627c478bd9Sstevel@tonic-gate 	    authenticator->cusec = ibuf;
2637c478bd9Sstevel@tonic-gate 
2647c478bd9Sstevel@tonic-gate 	    /* Get seq_number */
2657c478bd9Sstevel@tonic-gate 	    (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
2667c478bd9Sstevel@tonic-gate 	    authenticator->seq_number = ibuf;
267*55fea89dSDan Cross 
2687c478bd9Sstevel@tonic-gate 	    kret = 0;
2697c478bd9Sstevel@tonic-gate 
2707c478bd9Sstevel@tonic-gate 	    /* Attempt to read in the client */
2717c478bd9Sstevel@tonic-gate 	    kret = krb5_internalize_opaque(kcontext,
2727c478bd9Sstevel@tonic-gate 					   KV5M_PRINCIPAL,
2737c478bd9Sstevel@tonic-gate 					   (krb5_pointer *)
2747c478bd9Sstevel@tonic-gate 					   &authenticator->client,
2757c478bd9Sstevel@tonic-gate 					   &bp,
2767c478bd9Sstevel@tonic-gate 					   &remain);
2777c478bd9Sstevel@tonic-gate 	    if (kret == EINVAL)
2787c478bd9Sstevel@tonic-gate 		kret = 0;
2797c478bd9Sstevel@tonic-gate 
2807c478bd9Sstevel@tonic-gate 	    /* Attempt to read in the checksum */
2817c478bd9Sstevel@tonic-gate 	    if (!kret) {
2827c478bd9Sstevel@tonic-gate 		kret = krb5_internalize_opaque(kcontext,
2837c478bd9Sstevel@tonic-gate 					       KV5M_CHECKSUM,
2847c478bd9Sstevel@tonic-gate 					       (krb5_pointer *)
2857c478bd9Sstevel@tonic-gate 					       &authenticator->checksum,
2867c478bd9Sstevel@tonic-gate 					       &bp,
2877c478bd9Sstevel@tonic-gate 					       &remain);
2887c478bd9Sstevel@tonic-gate 		if (kret == EINVAL)
2897c478bd9Sstevel@tonic-gate 		    kret = 0;
2907c478bd9Sstevel@tonic-gate 	    }
2917c478bd9Sstevel@tonic-gate 
2927c478bd9Sstevel@tonic-gate 	    /* Attempt to read in the subkey */
2937c478bd9Sstevel@tonic-gate 	    if (!kret) {
2947c478bd9Sstevel@tonic-gate 		kret = krb5_internalize_opaque(kcontext,
2957c478bd9Sstevel@tonic-gate 					       KV5M_KEYBLOCK,
2967c478bd9Sstevel@tonic-gate 					       (krb5_pointer *)
2977c478bd9Sstevel@tonic-gate 					       &authenticator->subkey,
2987c478bd9Sstevel@tonic-gate 					       &bp,
2997c478bd9Sstevel@tonic-gate 					       &remain);
3007c478bd9Sstevel@tonic-gate 		if (kret == EINVAL)
3017c478bd9Sstevel@tonic-gate 		    kret = 0;
3027c478bd9Sstevel@tonic-gate 	    }
3037c478bd9Sstevel@tonic-gate 
3047c478bd9Sstevel@tonic-gate 	    /* Attempt to read in the authorization data count */
3057c478bd9Sstevel@tonic-gate 	    if (!(kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain))) {
3067c478bd9Sstevel@tonic-gate 		nadata = ibuf;
3077c478bd9Sstevel@tonic-gate 		len = (size_t) (nadata + 1);
3087c478bd9Sstevel@tonic-gate 
3097c478bd9Sstevel@tonic-gate 		/* Get memory for the authorization data pointers */
3107c478bd9Sstevel@tonic-gate 		if ((authenticator->authorization_data = (krb5_authdata **)
3117c478bd9Sstevel@tonic-gate 		     MALLOC(sizeof(krb5_authdata *) * len))) {
3127c478bd9Sstevel@tonic-gate 		    (void) memset(authenticator->authorization_data, 0,
3137c478bd9Sstevel@tonic-gate 			   sizeof(krb5_authdata *) * len);
3147c478bd9Sstevel@tonic-gate 
3157c478bd9Sstevel@tonic-gate 		    for (i=0; !kret && (i<nadata); i++) {
3167c478bd9Sstevel@tonic-gate 			kret = krb5_internalize_opaque(kcontext,
3177c478bd9Sstevel@tonic-gate 						       KV5M_AUTHDATA,
3187c478bd9Sstevel@tonic-gate 						       (krb5_pointer *)
3197c478bd9Sstevel@tonic-gate 						       &authenticator->
3207c478bd9Sstevel@tonic-gate 						       authorization_data[i],
3217c478bd9Sstevel@tonic-gate 						       &bp,
3227c478bd9Sstevel@tonic-gate 						       &remain);
3237c478bd9Sstevel@tonic-gate 		    }
3247c478bd9Sstevel@tonic-gate 
3257c478bd9Sstevel@tonic-gate 		    /* Finally, find the trailer */
3267c478bd9Sstevel@tonic-gate 		    if (!kret) {
3277c478bd9Sstevel@tonic-gate 			kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
3287c478bd9Sstevel@tonic-gate 			if (!kret && (ibuf == KV5M_AUTHENTICATOR))
3297c478bd9Sstevel@tonic-gate 			    authenticator->magic = KV5M_AUTHENTICATOR;
3307c478bd9Sstevel@tonic-gate 			else
3317c478bd9Sstevel@tonic-gate 			    kret = EINVAL;
3327c478bd9Sstevel@tonic-gate 		    }
3337c478bd9Sstevel@tonic-gate 		}
3347c478bd9Sstevel@tonic-gate 	    }
3357c478bd9Sstevel@tonic-gate 	    if (!kret) {
3367c478bd9Sstevel@tonic-gate 		*buffer = bp;
3377c478bd9Sstevel@tonic-gate 		*lenremain = remain;
3387c478bd9Sstevel@tonic-gate 		*argp = (krb5_pointer) authenticator;
3397c478bd9Sstevel@tonic-gate 	    }
3407c478bd9Sstevel@tonic-gate 	    else
3417c478bd9Sstevel@tonic-gate 		krb5_free_authenticator(kcontext, authenticator);
3427c478bd9Sstevel@tonic-gate 	}
3437c478bd9Sstevel@tonic-gate     }
3447c478bd9Sstevel@tonic-gate     return(kret);
3457c478bd9Sstevel@tonic-gate }
3467c478bd9Sstevel@tonic-gate 
3477c478bd9Sstevel@tonic-gate /*
3487c478bd9Sstevel@tonic-gate  * Register the authenticator serializer.
3497c478bd9Sstevel@tonic-gate  */
3507c478bd9Sstevel@tonic-gate krb5_error_code
krb5_ser_authenticator_init(krb5_context kcontext)351505d05c7Sgtb krb5_ser_authenticator_init(krb5_context kcontext)
3527c478bd9Sstevel@tonic-gate {
3537c478bd9Sstevel@tonic-gate     return(krb5_register_serializer(kcontext, &krb5_authenticator_ser_entry));
3547c478bd9Sstevel@tonic-gate }
355