1*7c478bd9Sstevel@tonic-gate /* 2*7c478bd9Sstevel@tonic-gate * Copyright 2004 Sun Microsystems, Inc. All rights reserved. 3*7c478bd9Sstevel@tonic-gate * Use is subject to license terms. 4*7c478bd9Sstevel@tonic-gate */ 5*7c478bd9Sstevel@tonic-gate 6*7c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 7*7c478bd9Sstevel@tonic-gate 8*7c478bd9Sstevel@tonic-gate /* 9*7c478bd9Sstevel@tonic-gate * lib/gssapi/krb5/ser_sctx.c 10*7c478bd9Sstevel@tonic-gate * 11*7c478bd9Sstevel@tonic-gate * Copyright 1995 by the Massachusetts Institute of Technology. 12*7c478bd9Sstevel@tonic-gate * All Rights Reserved. 13*7c478bd9Sstevel@tonic-gate * 14*7c478bd9Sstevel@tonic-gate * Export of this software from the United States of America may 15*7c478bd9Sstevel@tonic-gate * require a specific license from the United States Government. 16*7c478bd9Sstevel@tonic-gate * It is the responsibility of any person or organization contemplating 17*7c478bd9Sstevel@tonic-gate * export to obtain such a license before exporting. 18*7c478bd9Sstevel@tonic-gate * 19*7c478bd9Sstevel@tonic-gate * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 20*7c478bd9Sstevel@tonic-gate * distribute this software and its documentation for any purpose and 21*7c478bd9Sstevel@tonic-gate * without fee is hereby granted, provided that the above copyright 22*7c478bd9Sstevel@tonic-gate * notice appear in all copies and that both that copyright notice and 23*7c478bd9Sstevel@tonic-gate * this permission notice appear in supporting documentation, and that 24*7c478bd9Sstevel@tonic-gate * the name of M.I.T. not be used in advertising or publicity pertaining 25*7c478bd9Sstevel@tonic-gate * to distribution of the software without specific, written prior 26*7c478bd9Sstevel@tonic-gate * permission. Furthermore if you modify this software you must label 27*7c478bd9Sstevel@tonic-gate * your software as modified software and not distribute it in such a 28*7c478bd9Sstevel@tonic-gate * fashion that it might be confused with the original M.I.T. software. 29*7c478bd9Sstevel@tonic-gate * M.I.T. makes no representations about the suitability of 30*7c478bd9Sstevel@tonic-gate * this software for any purpose. It is provided "as is" without express 31*7c478bd9Sstevel@tonic-gate * or implied warranty. 32*7c478bd9Sstevel@tonic-gate * 33*7c478bd9Sstevel@tonic-gate */ 34*7c478bd9Sstevel@tonic-gate 35*7c478bd9Sstevel@tonic-gate /* 36*7c478bd9Sstevel@tonic-gate * ser_sctx.c - Handle [de]serialization of GSSAPI security context. 37*7c478bd9Sstevel@tonic-gate */ 38*7c478bd9Sstevel@tonic-gate 39*7c478bd9Sstevel@tonic-gate /* Solaris Kerberos: order is important here. include gssapiP_krb5.h 40*7c478bd9Sstevel@tonic-gate * before all others, otherwise we get a LINT error from MALLOC macro 41*7c478bd9Sstevel@tonic-gate * being redefined in mechglueP.h */ 42*7c478bd9Sstevel@tonic-gate #include <gssapiP_krb5.h> 43*7c478bd9Sstevel@tonic-gate #include <k5-int.h> 44*7c478bd9Sstevel@tonic-gate 45*7c478bd9Sstevel@tonic-gate /* 46*7c478bd9Sstevel@tonic-gate * This module contains routines to [de]serialize 47*7c478bd9Sstevel@tonic-gate * krb5_gss_enc_desc and krb5_gss_ctx_id_t. 48*7c478bd9Sstevel@tonic-gate * XXX This whole serialization abstraction is unnecessary in a 49*7c478bd9Sstevel@tonic-gate * non-messaging environment, which krb5 is. Someday, this should 50*7c478bd9Sstevel@tonic-gate * all get redone without the extra level of indirection. I've done 51*7c478bd9Sstevel@tonic-gate * some of this work here, since adding new serializers is an internal 52*7c478bd9Sstevel@tonic-gate * krb5 interface, and I won't use those. There is some more 53*7c478bd9Sstevel@tonic-gate * deobfuscation (no longer anonymizing pointers, mostly) which could 54*7c478bd9Sstevel@tonic-gate * still be done. --marc 55*7c478bd9Sstevel@tonic-gate */ 56*7c478bd9Sstevel@tonic-gate 57*7c478bd9Sstevel@tonic-gate /*ARGSUSED*/ 58*7c478bd9Sstevel@tonic-gate static krb5_error_code 59*7c478bd9Sstevel@tonic-gate kg_oid_externalize(kcontext, arg, buffer, lenremain) 60*7c478bd9Sstevel@tonic-gate krb5_context kcontext; 61*7c478bd9Sstevel@tonic-gate krb5_pointer arg; 62*7c478bd9Sstevel@tonic-gate krb5_octet **buffer; 63*7c478bd9Sstevel@tonic-gate size_t *lenremain; 64*7c478bd9Sstevel@tonic-gate { 65*7c478bd9Sstevel@tonic-gate gss_OID oid = (gss_OID) arg; 66*7c478bd9Sstevel@tonic-gate krb5_error_code err; 67*7c478bd9Sstevel@tonic-gate 68*7c478bd9Sstevel@tonic-gate err = krb5_ser_pack_int32(KV5M_GSS_OID, buffer, lenremain); 69*7c478bd9Sstevel@tonic-gate if (err) 70*7c478bd9Sstevel@tonic-gate return err; 71*7c478bd9Sstevel@tonic-gate err = krb5_ser_pack_int32((krb5_int32) oid->length, 72*7c478bd9Sstevel@tonic-gate buffer, lenremain); 73*7c478bd9Sstevel@tonic-gate if (err) 74*7c478bd9Sstevel@tonic-gate return err; 75*7c478bd9Sstevel@tonic-gate err = krb5_ser_pack_bytes((krb5_octet *) oid->elements, 76*7c478bd9Sstevel@tonic-gate oid->length, buffer, lenremain); 77*7c478bd9Sstevel@tonic-gate if (err) 78*7c478bd9Sstevel@tonic-gate return err; 79*7c478bd9Sstevel@tonic-gate err = krb5_ser_pack_int32(KV5M_GSS_OID, buffer, lenremain); 80*7c478bd9Sstevel@tonic-gate return err; 81*7c478bd9Sstevel@tonic-gate } 82*7c478bd9Sstevel@tonic-gate 83*7c478bd9Sstevel@tonic-gate /*ARGSUSED*/ 84*7c478bd9Sstevel@tonic-gate static krb5_error_code 85*7c478bd9Sstevel@tonic-gate kg_oid_internalize(kcontext, argp, buffer, lenremain) 86*7c478bd9Sstevel@tonic-gate krb5_context kcontext; 87*7c478bd9Sstevel@tonic-gate krb5_pointer *argp; 88*7c478bd9Sstevel@tonic-gate krb5_octet **buffer; 89*7c478bd9Sstevel@tonic-gate size_t *lenremain; 90*7c478bd9Sstevel@tonic-gate { 91*7c478bd9Sstevel@tonic-gate /* Solaris Kerberos: note that by copying the argp pointer directly here, 92*7c478bd9Sstevel@tonic-gate * we avoid doing all the MALLOC and FREE calls later. 93*7c478bd9Sstevel@tonic-gate * Don't forget that when argp is ctx->mech_used, then this memory was 94*7c478bd9Sstevel@tonic-gate * already allocated. 95*7c478bd9Sstevel@tonic-gate */ 96*7c478bd9Sstevel@tonic-gate gss_OID oid = (gss_OID)argp; 97*7c478bd9Sstevel@tonic-gate krb5_int32 ibuf; 98*7c478bd9Sstevel@tonic-gate krb5_octet *bp; 99*7c478bd9Sstevel@tonic-gate size_t remain; 100*7c478bd9Sstevel@tonic-gate 101*7c478bd9Sstevel@tonic-gate bp = *buffer; 102*7c478bd9Sstevel@tonic-gate remain = *lenremain; 103*7c478bd9Sstevel@tonic-gate 104*7c478bd9Sstevel@tonic-gate /* Read in and check our magic number */ 105*7c478bd9Sstevel@tonic-gate if (krb5_ser_unpack_int32(&ibuf, &bp, &remain)) 106*7c478bd9Sstevel@tonic-gate return (EINVAL); 107*7c478bd9Sstevel@tonic-gate 108*7c478bd9Sstevel@tonic-gate if (ibuf != KV5M_GSS_OID) 109*7c478bd9Sstevel@tonic-gate return (EINVAL); 110*7c478bd9Sstevel@tonic-gate /* oid = (gss_OID) MALLOC(sizeof(gss_OID_desc)); 111*7c478bd9Sstevel@tonic-gate if (oid == NULL) 112*7c478bd9Sstevel@tonic-gate return ENOMEM; 113*7c478bd9Sstevel@tonic-gate */ 114*7c478bd9Sstevel@tonic-gate 115*7c478bd9Sstevel@tonic-gate if (krb5_ser_unpack_int32(&ibuf, &bp, &remain)) { 116*7c478bd9Sstevel@tonic-gate return EINVAL; 117*7c478bd9Sstevel@tonic-gate } 118*7c478bd9Sstevel@tonic-gate oid->length = ibuf; 119*7c478bd9Sstevel@tonic-gate oid->elements = MALLOC(ibuf); 120*7c478bd9Sstevel@tonic-gate if (oid->elements == NULL) { 121*7c478bd9Sstevel@tonic-gate oid->length = 0; 122*7c478bd9Sstevel@tonic-gate return (ENOMEM); 123*7c478bd9Sstevel@tonic-gate } 124*7c478bd9Sstevel@tonic-gate 125*7c478bd9Sstevel@tonic-gate if (krb5_ser_unpack_bytes((krb5_octet *) oid->elements, 126*7c478bd9Sstevel@tonic-gate oid->length, &bp, &remain)) { 127*7c478bd9Sstevel@tonic-gate FREE(oid->elements, oid->length); 128*7c478bd9Sstevel@tonic-gate oid->length = 0; 129*7c478bd9Sstevel@tonic-gate return (EINVAL); 130*7c478bd9Sstevel@tonic-gate } 131*7c478bd9Sstevel@tonic-gate 132*7c478bd9Sstevel@tonic-gate /* Read in and check our trailing magic number */ 133*7c478bd9Sstevel@tonic-gate if (krb5_ser_unpack_int32(&ibuf, &bp, &remain)) { 134*7c478bd9Sstevel@tonic-gate FREE (oid->elements, oid->length); 135*7c478bd9Sstevel@tonic-gate oid->length = 0; 136*7c478bd9Sstevel@tonic-gate return (EINVAL); 137*7c478bd9Sstevel@tonic-gate } 138*7c478bd9Sstevel@tonic-gate 139*7c478bd9Sstevel@tonic-gate if (ibuf != KV5M_GSS_OID) { 140*7c478bd9Sstevel@tonic-gate FREE (oid->elements, oid->length); 141*7c478bd9Sstevel@tonic-gate oid->length = 0; 142*7c478bd9Sstevel@tonic-gate return (EINVAL); 143*7c478bd9Sstevel@tonic-gate } 144*7c478bd9Sstevel@tonic-gate 145*7c478bd9Sstevel@tonic-gate *buffer = bp; 146*7c478bd9Sstevel@tonic-gate *lenremain = remain; 147*7c478bd9Sstevel@tonic-gate /* *argp = (krb5_pointer) oid; */ 148*7c478bd9Sstevel@tonic-gate return 0; 149*7c478bd9Sstevel@tonic-gate } 150*7c478bd9Sstevel@tonic-gate /*ARGSUSED*/ 151*7c478bd9Sstevel@tonic-gate krb5_error_code 152*7c478bd9Sstevel@tonic-gate kg_oid_size(kcontext, arg, sizep) 153*7c478bd9Sstevel@tonic-gate krb5_context kcontext; 154*7c478bd9Sstevel@tonic-gate krb5_pointer arg; 155*7c478bd9Sstevel@tonic-gate size_t *sizep; 156*7c478bd9Sstevel@tonic-gate { 157*7c478bd9Sstevel@tonic-gate krb5_error_code kret; 158*7c478bd9Sstevel@tonic-gate gss_OID oid; 159*7c478bd9Sstevel@tonic-gate size_t required; 160*7c478bd9Sstevel@tonic-gate 161*7c478bd9Sstevel@tonic-gate kret = EINVAL; 162*7c478bd9Sstevel@tonic-gate oid = (gss_OID) arg; 163*7c478bd9Sstevel@tonic-gate if (oid) { 164*7c478bd9Sstevel@tonic-gate required = 2*sizeof(krb5_int32); /* For the header and trailer */ 165*7c478bd9Sstevel@tonic-gate required += sizeof(krb5_int32); 166*7c478bd9Sstevel@tonic-gate required += oid->length; 167*7c478bd9Sstevel@tonic-gate 168*7c478bd9Sstevel@tonic-gate kret = 0; 169*7c478bd9Sstevel@tonic-gate 170*7c478bd9Sstevel@tonic-gate *sizep += required; 171*7c478bd9Sstevel@tonic-gate } 172*7c478bd9Sstevel@tonic-gate 173*7c478bd9Sstevel@tonic-gate return(kret); 174*7c478bd9Sstevel@tonic-gate } 175*7c478bd9Sstevel@tonic-gate 176*7c478bd9Sstevel@tonic-gate /*ARGSUSED*/ 177*7c478bd9Sstevel@tonic-gate static krb5_error_code 178*7c478bd9Sstevel@tonic-gate kg_queue_externalize(kcontext, arg, buffer, lenremain) 179*7c478bd9Sstevel@tonic-gate krb5_context kcontext; 180*7c478bd9Sstevel@tonic-gate krb5_pointer arg; 181*7c478bd9Sstevel@tonic-gate krb5_octet **buffer; 182*7c478bd9Sstevel@tonic-gate size_t *lenremain; 183*7c478bd9Sstevel@tonic-gate { 184*7c478bd9Sstevel@tonic-gate krb5_error_code err; 185*7c478bd9Sstevel@tonic-gate err = krb5_ser_pack_int32(KV5M_GSS_QUEUE, buffer, lenremain); 186*7c478bd9Sstevel@tonic-gate if (err == 0) 187*7c478bd9Sstevel@tonic-gate err = g_queue_externalize(arg, buffer, lenremain); 188*7c478bd9Sstevel@tonic-gate if (err == 0) 189*7c478bd9Sstevel@tonic-gate err = krb5_ser_pack_int32(KV5M_GSS_QUEUE, buffer, lenremain); 190*7c478bd9Sstevel@tonic-gate return err; 191*7c478bd9Sstevel@tonic-gate } 192*7c478bd9Sstevel@tonic-gate 193*7c478bd9Sstevel@tonic-gate /*ARGSUSED*/ 194*7c478bd9Sstevel@tonic-gate static krb5_error_code 195*7c478bd9Sstevel@tonic-gate kg_queue_internalize(kcontext, argp, buffer, lenremain) 196*7c478bd9Sstevel@tonic-gate krb5_context kcontext; 197*7c478bd9Sstevel@tonic-gate krb5_pointer *argp; 198*7c478bd9Sstevel@tonic-gate krb5_octet **buffer; 199*7c478bd9Sstevel@tonic-gate size_t *lenremain; 200*7c478bd9Sstevel@tonic-gate { 201*7c478bd9Sstevel@tonic-gate krb5_int32 ibuf; 202*7c478bd9Sstevel@tonic-gate krb5_octet *bp; 203*7c478bd9Sstevel@tonic-gate size_t remain; 204*7c478bd9Sstevel@tonic-gate krb5_error_code err; 205*7c478bd9Sstevel@tonic-gate 206*7c478bd9Sstevel@tonic-gate bp = *buffer; 207*7c478bd9Sstevel@tonic-gate remain = *lenremain; 208*7c478bd9Sstevel@tonic-gate 209*7c478bd9Sstevel@tonic-gate /* Read in and check our magic number */ 210*7c478bd9Sstevel@tonic-gate if (krb5_ser_unpack_int32(&ibuf, &bp, &remain)) 211*7c478bd9Sstevel@tonic-gate return (EINVAL); 212*7c478bd9Sstevel@tonic-gate 213*7c478bd9Sstevel@tonic-gate if (ibuf != KV5M_GSS_QUEUE) 214*7c478bd9Sstevel@tonic-gate return (EINVAL); 215*7c478bd9Sstevel@tonic-gate 216*7c478bd9Sstevel@tonic-gate err = g_queue_internalize(argp, &bp, &remain); 217*7c478bd9Sstevel@tonic-gate if (err) 218*7c478bd9Sstevel@tonic-gate return err; 219*7c478bd9Sstevel@tonic-gate 220*7c478bd9Sstevel@tonic-gate /* Read in and check our trailing magic number */ 221*7c478bd9Sstevel@tonic-gate if (krb5_ser_unpack_int32(&ibuf, &bp, &remain)) 222*7c478bd9Sstevel@tonic-gate return (EINVAL); 223*7c478bd9Sstevel@tonic-gate 224*7c478bd9Sstevel@tonic-gate if (ibuf != KV5M_GSS_QUEUE) 225*7c478bd9Sstevel@tonic-gate return (EINVAL); 226*7c478bd9Sstevel@tonic-gate 227*7c478bd9Sstevel@tonic-gate *buffer = bp; 228*7c478bd9Sstevel@tonic-gate *lenremain = remain; 229*7c478bd9Sstevel@tonic-gate return 0; 230*7c478bd9Sstevel@tonic-gate } 231*7c478bd9Sstevel@tonic-gate /*ARGSUSED*/ 232*7c478bd9Sstevel@tonic-gate krb5_error_code 233*7c478bd9Sstevel@tonic-gate kg_queue_size(kcontext, arg, sizep) 234*7c478bd9Sstevel@tonic-gate krb5_context kcontext; 235*7c478bd9Sstevel@tonic-gate krb5_pointer arg; 236*7c478bd9Sstevel@tonic-gate size_t *sizep; 237*7c478bd9Sstevel@tonic-gate { 238*7c478bd9Sstevel@tonic-gate krb5_error_code kret; 239*7c478bd9Sstevel@tonic-gate size_t required; 240*7c478bd9Sstevel@tonic-gate 241*7c478bd9Sstevel@tonic-gate kret = EINVAL; 242*7c478bd9Sstevel@tonic-gate if (arg) { 243*7c478bd9Sstevel@tonic-gate required = 2*sizeof(krb5_int32); /* For the header and trailer */ 244*7c478bd9Sstevel@tonic-gate (void) g_queue_size(arg, &required); 245*7c478bd9Sstevel@tonic-gate 246*7c478bd9Sstevel@tonic-gate kret = 0; 247*7c478bd9Sstevel@tonic-gate *sizep += required; 248*7c478bd9Sstevel@tonic-gate } 249*7c478bd9Sstevel@tonic-gate return(kret); 250*7c478bd9Sstevel@tonic-gate } 251*7c478bd9Sstevel@tonic-gate 252*7c478bd9Sstevel@tonic-gate /* 253*7c478bd9Sstevel@tonic-gate * Determine the size required for this krb5_gss_ctx_id_rec. 254*7c478bd9Sstevel@tonic-gate */ 255*7c478bd9Sstevel@tonic-gate krb5_error_code 256*7c478bd9Sstevel@tonic-gate kg_ctx_size(kcontext, arg, sizep) 257*7c478bd9Sstevel@tonic-gate krb5_context kcontext; 258*7c478bd9Sstevel@tonic-gate krb5_pointer arg; 259*7c478bd9Sstevel@tonic-gate size_t *sizep; 260*7c478bd9Sstevel@tonic-gate { 261*7c478bd9Sstevel@tonic-gate krb5_error_code kret; 262*7c478bd9Sstevel@tonic-gate krb5_gss_ctx_id_rec *ctx; 263*7c478bd9Sstevel@tonic-gate size_t required; 264*7c478bd9Sstevel@tonic-gate 265*7c478bd9Sstevel@tonic-gate KRB5_LOG0(KRB5_INFO, "kg_ctx_size() start \n"); 266*7c478bd9Sstevel@tonic-gate 267*7c478bd9Sstevel@tonic-gate /* 268*7c478bd9Sstevel@tonic-gate * krb5_gss_ctx_id_rec requires: 269*7c478bd9Sstevel@tonic-gate * krb5_int32 for KG_CONTEXT 270*7c478bd9Sstevel@tonic-gate * krb5_int32 for initiate. 271*7c478bd9Sstevel@tonic-gate * krb5_int32 for established. 272*7c478bd9Sstevel@tonic-gate * krb5_int32 for big_endian. 273*7c478bd9Sstevel@tonic-gate * krb5_int32 for have_acceptor_subkey. 274*7c478bd9Sstevel@tonic-gate * krb5_int32 for seed_init. 275*7c478bd9Sstevel@tonic-gate * krb5_int32 for gss_flags. 276*7c478bd9Sstevel@tonic-gate * sizeof(seed) for seed 277*7c478bd9Sstevel@tonic-gate * krb5_int32 for signalg. 278*7c478bd9Sstevel@tonic-gate * krb5_int32 for cksum_size. 279*7c478bd9Sstevel@tonic-gate * krb5_int32 for sealalg. 280*7c478bd9Sstevel@tonic-gate * krb5_int32 for endtime. 281*7c478bd9Sstevel@tonic-gate * krb5_int32 for flags. 282*7c478bd9Sstevel@tonic-gate * krb5_int64 for seq_send. 283*7c478bd9Sstevel@tonic-gate * krb5_int64 for seq_recv. 284*7c478bd9Sstevel@tonic-gate * ... for mech_used 285*7c478bd9Sstevel@tonic-gate * ... for here 286*7c478bd9Sstevel@tonic-gate * ... for there 287*7c478bd9Sstevel@tonic-gate * ... for subkey 288*7c478bd9Sstevel@tonic-gate * ... for enc 289*7c478bd9Sstevel@tonic-gate * ... for seq 290*7c478bd9Sstevel@tonic-gate * ... for seqstate 291*7c478bd9Sstevel@tonic-gate * ... for auth_context 292*7c478bd9Sstevel@tonic-gate * krb5_int32 for proto 293*7c478bd9Sstevel@tonic-gate * krb5_int32 for cksumtype 294*7c478bd9Sstevel@tonic-gate * ... for acceptor_subkey 295*7c478bd9Sstevel@tonic-gate * krb5_int32 for acceptor_key_cksumtype 296*7c478bd9Sstevel@tonic-gate * krb5_int32 for trailer. 297*7c478bd9Sstevel@tonic-gate */ 298*7c478bd9Sstevel@tonic-gate 299*7c478bd9Sstevel@tonic-gate kret = EINVAL; 300*7c478bd9Sstevel@tonic-gate ctx = (krb5_gss_ctx_id_rec *) arg; 301*7c478bd9Sstevel@tonic-gate if (ctx) { 302*7c478bd9Sstevel@tonic-gate required = 16*sizeof(krb5_int32); 303*7c478bd9Sstevel@tonic-gate required += 2*sizeof(krb5_int64); 304*7c478bd9Sstevel@tonic-gate required += sizeof(ctx->seed); 305*7c478bd9Sstevel@tonic-gate 306*7c478bd9Sstevel@tonic-gate kret = 0; 307*7c478bd9Sstevel@tonic-gate if (!kret && ctx->here) 308*7c478bd9Sstevel@tonic-gate kret = krb5_size_opaque(kcontext, 309*7c478bd9Sstevel@tonic-gate KV5M_PRINCIPAL, 310*7c478bd9Sstevel@tonic-gate (krb5_pointer) ctx->here, 311*7c478bd9Sstevel@tonic-gate &required); 312*7c478bd9Sstevel@tonic-gate 313*7c478bd9Sstevel@tonic-gate if (!kret && ctx->there) 314*7c478bd9Sstevel@tonic-gate kret = krb5_size_opaque(kcontext, 315*7c478bd9Sstevel@tonic-gate KV5M_PRINCIPAL, 316*7c478bd9Sstevel@tonic-gate (krb5_pointer) ctx->there, 317*7c478bd9Sstevel@tonic-gate &required); 318*7c478bd9Sstevel@tonic-gate 319*7c478bd9Sstevel@tonic-gate if (!kret && ctx->subkey) 320*7c478bd9Sstevel@tonic-gate kret = krb5_size_opaque(kcontext, 321*7c478bd9Sstevel@tonic-gate KV5M_KEYBLOCK, 322*7c478bd9Sstevel@tonic-gate (krb5_pointer) ctx->subkey, 323*7c478bd9Sstevel@tonic-gate &required); 324*7c478bd9Sstevel@tonic-gate 325*7c478bd9Sstevel@tonic-gate if (!kret && ctx->enc) 326*7c478bd9Sstevel@tonic-gate kret = krb5_size_opaque(kcontext, 327*7c478bd9Sstevel@tonic-gate KV5M_KEYBLOCK, 328*7c478bd9Sstevel@tonic-gate (krb5_pointer) ctx->enc, 329*7c478bd9Sstevel@tonic-gate &required); 330*7c478bd9Sstevel@tonic-gate 331*7c478bd9Sstevel@tonic-gate if (!kret && ctx->seq) 332*7c478bd9Sstevel@tonic-gate kret = krb5_size_opaque(kcontext, 333*7c478bd9Sstevel@tonic-gate KV5M_KEYBLOCK, 334*7c478bd9Sstevel@tonic-gate (krb5_pointer) ctx->seq, 335*7c478bd9Sstevel@tonic-gate &required); 336*7c478bd9Sstevel@tonic-gate 337*7c478bd9Sstevel@tonic-gate if (!kret) 338*7c478bd9Sstevel@tonic-gate kret = kg_oid_size(kcontext, 339*7c478bd9Sstevel@tonic-gate (krb5_pointer) &ctx->mech_used, 340*7c478bd9Sstevel@tonic-gate &required); 341*7c478bd9Sstevel@tonic-gate 342*7c478bd9Sstevel@tonic-gate if (!kret && ctx->seqstate) 343*7c478bd9Sstevel@tonic-gate kret = kg_queue_size(kcontext, ctx->seqstate, &required); 344*7c478bd9Sstevel@tonic-gate #ifndef PROVIDE_KERNEL_IMPORT 345*7c478bd9Sstevel@tonic-gate if (!kret) 346*7c478bd9Sstevel@tonic-gate kret = krb5_size_opaque(kcontext, 347*7c478bd9Sstevel@tonic-gate KV5M_AUTH_CONTEXT, 348*7c478bd9Sstevel@tonic-gate (krb5_pointer) ctx->auth_context, 349*7c478bd9Sstevel@tonic-gate &required); 350*7c478bd9Sstevel@tonic-gate #endif 351*7c478bd9Sstevel@tonic-gate if (!kret && ctx->acceptor_subkey) 352*7c478bd9Sstevel@tonic-gate kret = krb5_size_opaque(kcontext, 353*7c478bd9Sstevel@tonic-gate KV5M_KEYBLOCK, 354*7c478bd9Sstevel@tonic-gate (krb5_pointer) ctx->acceptor_subkey, 355*7c478bd9Sstevel@tonic-gate &required); 356*7c478bd9Sstevel@tonic-gate 357*7c478bd9Sstevel@tonic-gate if (!kret) 358*7c478bd9Sstevel@tonic-gate *sizep += required; 359*7c478bd9Sstevel@tonic-gate } 360*7c478bd9Sstevel@tonic-gate KRB5_LOG1(KRB5_INFO, "kg_ctx_size() end, kret = %d required = %lu\n", kret, required); 361*7c478bd9Sstevel@tonic-gate return(kret); 362*7c478bd9Sstevel@tonic-gate } 363*7c478bd9Sstevel@tonic-gate 364*7c478bd9Sstevel@tonic-gate /* 365*7c478bd9Sstevel@tonic-gate * Externalize this krb5_gss_ctx_id_ret. 366*7c478bd9Sstevel@tonic-gate */ 367*7c478bd9Sstevel@tonic-gate krb5_error_code 368*7c478bd9Sstevel@tonic-gate kg_ctx_externalize(kcontext, arg, buffer, lenremain) 369*7c478bd9Sstevel@tonic-gate krb5_context kcontext; 370*7c478bd9Sstevel@tonic-gate krb5_pointer arg; 371*7c478bd9Sstevel@tonic-gate krb5_octet **buffer; 372*7c478bd9Sstevel@tonic-gate size_t *lenremain; 373*7c478bd9Sstevel@tonic-gate { 374*7c478bd9Sstevel@tonic-gate krb5_error_code kret; 375*7c478bd9Sstevel@tonic-gate krb5_gss_ctx_id_rec *ctx; 376*7c478bd9Sstevel@tonic-gate size_t required; 377*7c478bd9Sstevel@tonic-gate krb5_octet *bp; 378*7c478bd9Sstevel@tonic-gate size_t remain; 379*7c478bd9Sstevel@tonic-gate /* SOLARIS KERBEROS: do not use accessor */ 380*7c478bd9Sstevel@tonic-gate 381*7c478bd9Sstevel@tonic-gate KRB5_LOG0(KRB5_INFO, "kg_ctx_externalize() start\n"); 382*7c478bd9Sstevel@tonic-gate 383*7c478bd9Sstevel@tonic-gate required = 0; 384*7c478bd9Sstevel@tonic-gate bp = *buffer; 385*7c478bd9Sstevel@tonic-gate remain = *lenremain; 386*7c478bd9Sstevel@tonic-gate kret = EINVAL; 387*7c478bd9Sstevel@tonic-gate ctx = (krb5_gss_ctx_id_rec *) arg; 388*7c478bd9Sstevel@tonic-gate if (ctx) { 389*7c478bd9Sstevel@tonic-gate kret = ENOMEM; 390*7c478bd9Sstevel@tonic-gate if (!kg_ctx_size(kcontext, arg, &required) && 391*7c478bd9Sstevel@tonic-gate (required <= remain)) { 392*7c478bd9Sstevel@tonic-gate /* Our identifier */ 393*7c478bd9Sstevel@tonic-gate (void) krb5_ser_pack_int32(KG_CONTEXT, &bp, &remain); 394*7c478bd9Sstevel@tonic-gate 395*7c478bd9Sstevel@tonic-gate /* Now static data */ 396*7c478bd9Sstevel@tonic-gate (void) krb5_ser_pack_int32((krb5_int32) ctx->initiate, 397*7c478bd9Sstevel@tonic-gate &bp, &remain); 398*7c478bd9Sstevel@tonic-gate (void) krb5_ser_pack_int32((krb5_int32) ctx->established, 399*7c478bd9Sstevel@tonic-gate &bp, &remain); 400*7c478bd9Sstevel@tonic-gate (void) krb5_ser_pack_int32((krb5_int32) ctx->big_endian, 401*7c478bd9Sstevel@tonic-gate &bp, &remain); 402*7c478bd9Sstevel@tonic-gate (void) krb5_ser_pack_int32((krb5_int32) ctx->have_acceptor_subkey, 403*7c478bd9Sstevel@tonic-gate &bp, &remain); 404*7c478bd9Sstevel@tonic-gate (void) krb5_ser_pack_int32((krb5_int32) ctx->seed_init, 405*7c478bd9Sstevel@tonic-gate &bp, &remain); 406*7c478bd9Sstevel@tonic-gate (void) krb5_ser_pack_int32((krb5_int32) ctx->gss_flags, 407*7c478bd9Sstevel@tonic-gate &bp, &remain); 408*7c478bd9Sstevel@tonic-gate (void) krb5_ser_pack_bytes((krb5_octet *) ctx->seed, 409*7c478bd9Sstevel@tonic-gate sizeof(ctx->seed), 410*7c478bd9Sstevel@tonic-gate &bp, &remain); 411*7c478bd9Sstevel@tonic-gate (void) krb5_ser_pack_int32((krb5_int32) ctx->signalg, 412*7c478bd9Sstevel@tonic-gate &bp, &remain); 413*7c478bd9Sstevel@tonic-gate (void) krb5_ser_pack_int32((krb5_int32) ctx->cksum_size, 414*7c478bd9Sstevel@tonic-gate &bp, &remain); 415*7c478bd9Sstevel@tonic-gate (void) krb5_ser_pack_int32((krb5_int32) ctx->sealalg, 416*7c478bd9Sstevel@tonic-gate &bp, &remain); 417*7c478bd9Sstevel@tonic-gate (void) krb5_ser_pack_int32((krb5_int32) ctx->endtime, 418*7c478bd9Sstevel@tonic-gate &bp, &remain); 419*7c478bd9Sstevel@tonic-gate (void) krb5_ser_pack_int32((krb5_int32) ctx->krb_flags, 420*7c478bd9Sstevel@tonic-gate &bp, &remain); 421*7c478bd9Sstevel@tonic-gate (void) krb5_ser_pack_int64((krb5_int64) ctx->seq_send, 422*7c478bd9Sstevel@tonic-gate &bp, &remain); 423*7c478bd9Sstevel@tonic-gate (void) krb5_ser_pack_int64((krb5_int64) ctx->seq_recv, 424*7c478bd9Sstevel@tonic-gate &bp, &remain); 425*7c478bd9Sstevel@tonic-gate 426*7c478bd9Sstevel@tonic-gate /* Now dynamic data */ 427*7c478bd9Sstevel@tonic-gate kret = 0; 428*7c478bd9Sstevel@tonic-gate 429*7c478bd9Sstevel@tonic-gate if (!kret && &(ctx->mech_used)) 430*7c478bd9Sstevel@tonic-gate kret = kg_oid_externalize(kcontext, &(ctx->mech_used), 431*7c478bd9Sstevel@tonic-gate &bp, &remain); 432*7c478bd9Sstevel@tonic-gate 433*7c478bd9Sstevel@tonic-gate if (!kret && ctx->here) 434*7c478bd9Sstevel@tonic-gate kret = krb5_externalize_opaque(kcontext, 435*7c478bd9Sstevel@tonic-gate KV5M_PRINCIPAL, 436*7c478bd9Sstevel@tonic-gate (krb5_pointer) ctx->here, 437*7c478bd9Sstevel@tonic-gate &bp, &remain); 438*7c478bd9Sstevel@tonic-gate 439*7c478bd9Sstevel@tonic-gate if (!kret && ctx->there) 440*7c478bd9Sstevel@tonic-gate kret = krb5_externalize_opaque(kcontext, 441*7c478bd9Sstevel@tonic-gate KV5M_PRINCIPAL, 442*7c478bd9Sstevel@tonic-gate (krb5_pointer) ctx->there, 443*7c478bd9Sstevel@tonic-gate &bp, &remain); 444*7c478bd9Sstevel@tonic-gate 445*7c478bd9Sstevel@tonic-gate if (!kret && ctx->subkey) 446*7c478bd9Sstevel@tonic-gate kret = krb5_externalize_opaque(kcontext, 447*7c478bd9Sstevel@tonic-gate KV5M_KEYBLOCK, 448*7c478bd9Sstevel@tonic-gate (krb5_pointer) ctx->subkey, 449*7c478bd9Sstevel@tonic-gate &bp, &remain); 450*7c478bd9Sstevel@tonic-gate 451*7c478bd9Sstevel@tonic-gate if (!kret && ctx->enc) 452*7c478bd9Sstevel@tonic-gate kret = krb5_externalize_opaque(kcontext, 453*7c478bd9Sstevel@tonic-gate KV5M_KEYBLOCK, 454*7c478bd9Sstevel@tonic-gate (krb5_pointer) ctx->enc, 455*7c478bd9Sstevel@tonic-gate &bp, &remain); 456*7c478bd9Sstevel@tonic-gate 457*7c478bd9Sstevel@tonic-gate if (!kret && ctx->seq) 458*7c478bd9Sstevel@tonic-gate kret = krb5_externalize_opaque(kcontext, 459*7c478bd9Sstevel@tonic-gate KV5M_KEYBLOCK, 460*7c478bd9Sstevel@tonic-gate (krb5_pointer) ctx->seq, 461*7c478bd9Sstevel@tonic-gate &bp, &remain); 462*7c478bd9Sstevel@tonic-gate 463*7c478bd9Sstevel@tonic-gate if (!kret && ctx->seqstate) 464*7c478bd9Sstevel@tonic-gate kret = kg_queue_externalize(kcontext, 465*7c478bd9Sstevel@tonic-gate ctx->seqstate, &bp, &remain); 466*7c478bd9Sstevel@tonic-gate 467*7c478bd9Sstevel@tonic-gate #ifndef PROVIDE_KERNEL_IMPORT 468*7c478bd9Sstevel@tonic-gate if (!kret) 469*7c478bd9Sstevel@tonic-gate kret = krb5_externalize_opaque(kcontext, 470*7c478bd9Sstevel@tonic-gate KV5M_AUTH_CONTEXT, 471*7c478bd9Sstevel@tonic-gate (krb5_pointer) ctx->auth_context, 472*7c478bd9Sstevel@tonic-gate &bp, &remain); 473*7c478bd9Sstevel@tonic-gate #endif 474*7c478bd9Sstevel@tonic-gate if (!kret) 475*7c478bd9Sstevel@tonic-gate kret = krb5_ser_pack_int32((krb5_int32) ctx->proto, 476*7c478bd9Sstevel@tonic-gate &bp, &remain); 477*7c478bd9Sstevel@tonic-gate if (!kret) 478*7c478bd9Sstevel@tonic-gate kret = krb5_ser_pack_int32((krb5_int32) ctx->cksumtype, 479*7c478bd9Sstevel@tonic-gate &bp, &remain); 480*7c478bd9Sstevel@tonic-gate if (!kret && ctx->acceptor_subkey) 481*7c478bd9Sstevel@tonic-gate kret = krb5_externalize_opaque(kcontext, 482*7c478bd9Sstevel@tonic-gate KV5M_KEYBLOCK, 483*7c478bd9Sstevel@tonic-gate (krb5_pointer) ctx->acceptor_subkey, 484*7c478bd9Sstevel@tonic-gate &bp, &remain); 485*7c478bd9Sstevel@tonic-gate if (!kret) 486*7c478bd9Sstevel@tonic-gate kret = krb5_ser_pack_int32((krb5_int32) ctx->acceptor_subkey_cksumtype, 487*7c478bd9Sstevel@tonic-gate &bp, &remain); 488*7c478bd9Sstevel@tonic-gate 489*7c478bd9Sstevel@tonic-gate if (!kret) 490*7c478bd9Sstevel@tonic-gate (void) krb5_ser_pack_int32(KG_CONTEXT, &bp, &remain); 491*7c478bd9Sstevel@tonic-gate if (!kret) { 492*7c478bd9Sstevel@tonic-gate *buffer = bp; 493*7c478bd9Sstevel@tonic-gate *lenremain = remain; 494*7c478bd9Sstevel@tonic-gate } 495*7c478bd9Sstevel@tonic-gate } 496*7c478bd9Sstevel@tonic-gate } 497*7c478bd9Sstevel@tonic-gate KRB5_LOG(KRB5_INFO, "kg_ctx_externalize() end, kret = %d\n", kret); 498*7c478bd9Sstevel@tonic-gate return(kret); 499*7c478bd9Sstevel@tonic-gate } 500*7c478bd9Sstevel@tonic-gate 501*7c478bd9Sstevel@tonic-gate /* 502*7c478bd9Sstevel@tonic-gate * Internalize this krb5_gss_ctx_id_t. 503*7c478bd9Sstevel@tonic-gate */ 504*7c478bd9Sstevel@tonic-gate krb5_error_code 505*7c478bd9Sstevel@tonic-gate kg_ctx_internalize(kcontext, argp, buffer, lenremain) 506*7c478bd9Sstevel@tonic-gate krb5_context kcontext; 507*7c478bd9Sstevel@tonic-gate krb5_pointer *argp; 508*7c478bd9Sstevel@tonic-gate krb5_octet **buffer; 509*7c478bd9Sstevel@tonic-gate size_t *lenremain; 510*7c478bd9Sstevel@tonic-gate { 511*7c478bd9Sstevel@tonic-gate krb5_error_code kret; 512*7c478bd9Sstevel@tonic-gate krb5_gss_ctx_id_rec *ctx; 513*7c478bd9Sstevel@tonic-gate krb5_int32 ibuf; 514*7c478bd9Sstevel@tonic-gate krb5_octet *bp; 515*7c478bd9Sstevel@tonic-gate size_t remain; 516*7c478bd9Sstevel@tonic-gate 517*7c478bd9Sstevel@tonic-gate KRB5_LOG0(KRB5_INFO, "kg_ctx_internalize() start\n"); 518*7c478bd9Sstevel@tonic-gate 519*7c478bd9Sstevel@tonic-gate bp = *buffer; 520*7c478bd9Sstevel@tonic-gate remain = *lenremain; 521*7c478bd9Sstevel@tonic-gate kret = EINVAL; 522*7c478bd9Sstevel@tonic-gate /* Read our magic number */ 523*7c478bd9Sstevel@tonic-gate if (krb5_ser_unpack_int32(&ibuf, &bp, &remain)) 524*7c478bd9Sstevel@tonic-gate ibuf = 0; 525*7c478bd9Sstevel@tonic-gate if (ibuf == KG_CONTEXT) { 526*7c478bd9Sstevel@tonic-gate kret = ENOMEM; 527*7c478bd9Sstevel@tonic-gate 528*7c478bd9Sstevel@tonic-gate /* Get a context */ 529*7c478bd9Sstevel@tonic-gate if ((remain >= (16*sizeof(krb5_int32) 530*7c478bd9Sstevel@tonic-gate + 2*sizeof(krb5_int64) 531*7c478bd9Sstevel@tonic-gate + sizeof(ctx->seed))) && 532*7c478bd9Sstevel@tonic-gate (ctx = (krb5_gss_ctx_id_rec *) 533*7c478bd9Sstevel@tonic-gate xmalloc(sizeof(krb5_gss_ctx_id_rec)))) { 534*7c478bd9Sstevel@tonic-gate (void) memset(ctx, 0, sizeof(krb5_gss_ctx_id_rec)); 535*7c478bd9Sstevel@tonic-gate 536*7c478bd9Sstevel@tonic-gate /* Get static data */ 537*7c478bd9Sstevel@tonic-gate (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); 538*7c478bd9Sstevel@tonic-gate ctx->initiate = (int) ibuf; 539*7c478bd9Sstevel@tonic-gate (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); 540*7c478bd9Sstevel@tonic-gate ctx->established = (int) ibuf; 541*7c478bd9Sstevel@tonic-gate (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); 542*7c478bd9Sstevel@tonic-gate ctx->big_endian = (int) ibuf; 543*7c478bd9Sstevel@tonic-gate (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); 544*7c478bd9Sstevel@tonic-gate ctx->have_acceptor_subkey = (int) ibuf; 545*7c478bd9Sstevel@tonic-gate (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); 546*7c478bd9Sstevel@tonic-gate ctx->seed_init = (int) ibuf; 547*7c478bd9Sstevel@tonic-gate (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); 548*7c478bd9Sstevel@tonic-gate ctx->gss_flags = (int) ibuf; 549*7c478bd9Sstevel@tonic-gate (void) krb5_ser_unpack_bytes((krb5_octet *) ctx->seed, 550*7c478bd9Sstevel@tonic-gate sizeof(ctx->seed), 551*7c478bd9Sstevel@tonic-gate &bp, &remain); 552*7c478bd9Sstevel@tonic-gate (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); 553*7c478bd9Sstevel@tonic-gate ctx->signalg = (int) ibuf; 554*7c478bd9Sstevel@tonic-gate (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); 555*7c478bd9Sstevel@tonic-gate ctx->cksum_size = (int) ibuf; 556*7c478bd9Sstevel@tonic-gate (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); 557*7c478bd9Sstevel@tonic-gate ctx->sealalg = (int) ibuf; 558*7c478bd9Sstevel@tonic-gate (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); 559*7c478bd9Sstevel@tonic-gate ctx->endtime = (krb5_timestamp) ibuf; 560*7c478bd9Sstevel@tonic-gate (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); 561*7c478bd9Sstevel@tonic-gate ctx->krb_flags = (krb5_flags) ibuf; 562*7c478bd9Sstevel@tonic-gate (void) krb5_ser_unpack_int64((krb5_int64 *) (&ctx->seq_send), &bp, &remain); 563*7c478bd9Sstevel@tonic-gate (void) krb5_ser_unpack_int64((krb5_int64 *) (&ctx->seq_recv), &bp, &remain); 564*7c478bd9Sstevel@tonic-gate if ((kret = kg_oid_internalize(kcontext, 565*7c478bd9Sstevel@tonic-gate (krb5_pointer)&ctx->mech_used, &bp, 566*7c478bd9Sstevel@tonic-gate &remain))) { 567*7c478bd9Sstevel@tonic-gate if (kret == EINVAL) 568*7c478bd9Sstevel@tonic-gate kret = 0; 569*7c478bd9Sstevel@tonic-gate } 570*7c478bd9Sstevel@tonic-gate /* Now get substructure data */ 571*7c478bd9Sstevel@tonic-gate if ((kret = krb5_internalize_opaque(kcontext, 572*7c478bd9Sstevel@tonic-gate KV5M_PRINCIPAL, 573*7c478bd9Sstevel@tonic-gate (krb5_pointer *) &ctx->here, 574*7c478bd9Sstevel@tonic-gate &bp, &remain))) { 575*7c478bd9Sstevel@tonic-gate if (kret == EINVAL) 576*7c478bd9Sstevel@tonic-gate kret = 0; 577*7c478bd9Sstevel@tonic-gate } 578*7c478bd9Sstevel@tonic-gate if (!kret && 579*7c478bd9Sstevel@tonic-gate (kret = krb5_internalize_opaque(kcontext, 580*7c478bd9Sstevel@tonic-gate KV5M_PRINCIPAL, 581*7c478bd9Sstevel@tonic-gate (krb5_pointer *) &ctx->there, 582*7c478bd9Sstevel@tonic-gate &bp, &remain))) { 583*7c478bd9Sstevel@tonic-gate if (kret == EINVAL) 584*7c478bd9Sstevel@tonic-gate kret = 0; 585*7c478bd9Sstevel@tonic-gate } 586*7c478bd9Sstevel@tonic-gate if (!kret && 587*7c478bd9Sstevel@tonic-gate (kret = krb5_internalize_opaque(kcontext, 588*7c478bd9Sstevel@tonic-gate KV5M_KEYBLOCK, 589*7c478bd9Sstevel@tonic-gate (krb5_pointer *) &ctx->subkey, 590*7c478bd9Sstevel@tonic-gate &bp, &remain))) { 591*7c478bd9Sstevel@tonic-gate if (kret == EINVAL) 592*7c478bd9Sstevel@tonic-gate kret = 0; 593*7c478bd9Sstevel@tonic-gate } 594*7c478bd9Sstevel@tonic-gate if (!kret && 595*7c478bd9Sstevel@tonic-gate (kret = krb5_internalize_opaque(kcontext, 596*7c478bd9Sstevel@tonic-gate KV5M_KEYBLOCK, 597*7c478bd9Sstevel@tonic-gate (krb5_pointer *) &ctx->enc, 598*7c478bd9Sstevel@tonic-gate &bp, &remain))) { 599*7c478bd9Sstevel@tonic-gate if (kret == EINVAL) 600*7c478bd9Sstevel@tonic-gate kret = 0; 601*7c478bd9Sstevel@tonic-gate } 602*7c478bd9Sstevel@tonic-gate if (!kret && 603*7c478bd9Sstevel@tonic-gate (kret = krb5_internalize_opaque(kcontext, 604*7c478bd9Sstevel@tonic-gate KV5M_KEYBLOCK, 605*7c478bd9Sstevel@tonic-gate (krb5_pointer *) &ctx->seq, 606*7c478bd9Sstevel@tonic-gate &bp, &remain))) { 607*7c478bd9Sstevel@tonic-gate if (kret == EINVAL) 608*7c478bd9Sstevel@tonic-gate kret = 0; 609*7c478bd9Sstevel@tonic-gate } 610*7c478bd9Sstevel@tonic-gate 611*7c478bd9Sstevel@tonic-gate if (!kret) { 612*7c478bd9Sstevel@tonic-gate kret = kg_queue_internalize(kcontext, &ctx->seqstate, 613*7c478bd9Sstevel@tonic-gate &bp, &remain); 614*7c478bd9Sstevel@tonic-gate if (kret == EINVAL) 615*7c478bd9Sstevel@tonic-gate kret = 0; 616*7c478bd9Sstevel@tonic-gate } 617*7c478bd9Sstevel@tonic-gate #ifndef PROVIDE_KERNEL_IMPORT 618*7c478bd9Sstevel@tonic-gate if (!kret) 619*7c478bd9Sstevel@tonic-gate kret = krb5_internalize_opaque(kcontext, 620*7c478bd9Sstevel@tonic-gate KV5M_AUTH_CONTEXT, 621*7c478bd9Sstevel@tonic-gate (krb5_pointer *) &ctx->auth_context, 622*7c478bd9Sstevel@tonic-gate &bp, &remain); 623*7c478bd9Sstevel@tonic-gate #endif 624*7c478bd9Sstevel@tonic-gate if (!kret) 625*7c478bd9Sstevel@tonic-gate kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain); 626*7c478bd9Sstevel@tonic-gate ctx->proto = ibuf; 627*7c478bd9Sstevel@tonic-gate if (!kret) 628*7c478bd9Sstevel@tonic-gate kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain); 629*7c478bd9Sstevel@tonic-gate ctx->cksumtype = ibuf; 630*7c478bd9Sstevel@tonic-gate if (!kret && 631*7c478bd9Sstevel@tonic-gate (kret = krb5_internalize_opaque(kcontext, 632*7c478bd9Sstevel@tonic-gate KV5M_KEYBLOCK, 633*7c478bd9Sstevel@tonic-gate (krb5_pointer *) &ctx->acceptor_subkey, 634*7c478bd9Sstevel@tonic-gate &bp, &remain))) { 635*7c478bd9Sstevel@tonic-gate if (kret == EINVAL) 636*7c478bd9Sstevel@tonic-gate kret = 0; 637*7c478bd9Sstevel@tonic-gate } 638*7c478bd9Sstevel@tonic-gate if (!kret) 639*7c478bd9Sstevel@tonic-gate kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain); 640*7c478bd9Sstevel@tonic-gate ctx->acceptor_subkey_cksumtype = ibuf; 641*7c478bd9Sstevel@tonic-gate done: 642*7c478bd9Sstevel@tonic-gate /* Get trailer */ 643*7c478bd9Sstevel@tonic-gate if (!kret) 644*7c478bd9Sstevel@tonic-gate kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain); 645*7c478bd9Sstevel@tonic-gate 646*7c478bd9Sstevel@tonic-gate if (!kret && ibuf != KG_CONTEXT) 647*7c478bd9Sstevel@tonic-gate kret = EINVAL; 648*7c478bd9Sstevel@tonic-gate 649*7c478bd9Sstevel@tonic-gate if (!kret) { 650*7c478bd9Sstevel@tonic-gate *buffer = bp; 651*7c478bd9Sstevel@tonic-gate *lenremain = remain; 652*7c478bd9Sstevel@tonic-gate *argp = (krb5_pointer) ctx; 653*7c478bd9Sstevel@tonic-gate } else { 654*7c478bd9Sstevel@tonic-gate if (!kret && (ibuf != KG_CONTEXT)) 655*7c478bd9Sstevel@tonic-gate kret = EINVAL; 656*7c478bd9Sstevel@tonic-gate if (ctx->seq) 657*7c478bd9Sstevel@tonic-gate krb5_free_keyblock(kcontext, ctx->seq); 658*7c478bd9Sstevel@tonic-gate if (ctx->enc) 659*7c478bd9Sstevel@tonic-gate krb5_free_keyblock(kcontext, ctx->enc); 660*7c478bd9Sstevel@tonic-gate if (ctx->subkey) 661*7c478bd9Sstevel@tonic-gate krb5_free_keyblock(kcontext, ctx->subkey); 662*7c478bd9Sstevel@tonic-gate if (ctx->there) 663*7c478bd9Sstevel@tonic-gate krb5_free_principal(kcontext, ctx->there); 664*7c478bd9Sstevel@tonic-gate if (ctx->here) 665*7c478bd9Sstevel@tonic-gate krb5_free_principal(kcontext, ctx->here); 666*7c478bd9Sstevel@tonic-gate xfree_wrap(ctx, sizeof (krb5_gss_ctx_id_rec)); 667*7c478bd9Sstevel@tonic-gate } 668*7c478bd9Sstevel@tonic-gate } 669*7c478bd9Sstevel@tonic-gate } 670*7c478bd9Sstevel@tonic-gate 671*7c478bd9Sstevel@tonic-gate KRB5_LOG(KRB5_INFO, "kg_ctx_internalize() end kret = %d\n", kret); 672*7c478bd9Sstevel@tonic-gate 673*7c478bd9Sstevel@tonic-gate return(kret); 674*7c478bd9Sstevel@tonic-gate } 675