krb5 commit: Add minimal KDC MS-RPCE (NDR) encoder/decoder

Greg Hudson ghudson at mit.edu
Wed Jan 12 14:38:39 EST 2022


https://github.com/krb5/krb5/commit/c85894cfb784257a6acb4d77d8c75137d2508f5e
commit c85894cfb784257a6acb4d77d8c75137d2508f5e
Author: Greg Hudson <ghudson at mit.edu>
Date:   Fri Jan 7 19:58:42 2022 -0500

    Add minimal KDC MS-RPCE (NDR) encoder/decoder
    
    Add NDR marshalling functions for S4U_DELEGATION_INFO PAC buffers.
    
    [ghudson at mit.edu: added safety checks; made minor style changes;
    edited commit message]

 .gitignore          |    1 +
 src/kdc/Makefile.in |   10 ++-
 src/kdc/deps        |   14 ++
 src/kdc/ndr.c       |  332 +++++++++++++++++++++++++++++++++++++++++++++++++++
 src/kdc/t_ndr.c     |  161 +++++++++++++++++++++++++
 5 files changed, 516 insertions(+), 2 deletions(-)

diff --git a/.gitignore b/.gitignore
index 8a10057..00e42ad 100644
--- a/.gitignore
+++ b/.gitignore
@@ -256,6 +256,7 @@ local.properties
 /src/kdc/kdc5_err.[ch]
 /src/kdc/krb5kdc
 /src/kdc/rtest
+/src/kdc/t_ndr
 /src/kdc/t_replay
 
 /src/lib/k5sprt32.def
diff --git a/src/kdc/Makefile.in b/src/kdc/Makefile.in
index c560741..ed85ca8 100644
--- a/src/kdc/Makefile.in
+++ b/src/kdc/Makefile.in
@@ -20,6 +20,7 @@ SRCS= \
 	$(srcdir)/kdc_preauth_ec.c \
 	$(srcdir)/kdc_preauth_encts.c \
 	$(srcdir)/main.c \
+	$(srcdir)/ndr.c \
 	$(srcdir)/policy.c \
 	$(srcdir)/extern.c \
 	$(srcdir)/replay.c \
@@ -43,6 +44,7 @@ OBJS= \
 	kdc_preauth_ec.o \
 	kdc_preauth_encts.o \
 	main.o \
+	ndr.o \
 	policy.o \
 	extern.o \
 	replay.o \
@@ -69,10 +71,14 @@ krb5kdc: $(OBJS) $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIBS) $(APPUTILS_DEPLIB) $(VE
 rtest: $(RT_OBJS) $(KDB5_DEPLIBS) $(KADM_COMM_DEPLIBS) $(KRB5_BASE_DEPLIBS)
 	$(CC_LINK) -o rtest $(RT_OBJS) $(KDB5_LIBS) $(KADM_COMM_LIBS) $(KRB5_BASE_LIBS)
 
-check-unix: rtest runenv.sh
+t_ndr: t_ndr.o ndr.o $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ t_ndr.o ndr.o $(KRB5_BASE_LIBS)
+
+check-unix: rtest runenv.sh t_ndr
 	$(RUN_TEST) $(srcdir)/rtscript > test.out
 	cmp test.out $(srcdir)/rtest.good
 	$(RM) test.out
+	$(RUN_TEST) ./t_ndr > /dev/null
 
 T_REPLAY_OBJS=t_replay.o
 
@@ -92,4 +98,4 @@ install:
 
 clean:
 	$(RM) kdc5_err.h kdc5_err.c krb5kdc rtest.o rtest t_replay.o t_replay
-
+	$(RM) t_ndr.o t_ndr
diff --git a/src/kdc/deps b/src/kdc/deps
index 9bf1db1..70d557f 100644
--- a/src/kdc/deps
+++ b/src/kdc/deps
@@ -173,6 +173,20 @@ $(OUTPRE)main.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(top_srcdir)/include/socket-utils.h extern.h kdc5_err.h \
   kdc_audit.h kdc_util.h main.c policy.h realm_data.h \
   reqstate.h
+$(OUTPRE)ndr.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(VERTO_DEPS) \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-input.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/k5-utf8.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/kdcpreauth_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/net-server.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h kdc_util.h ndr.c \
+  realm_data.h reqstate.h
 $(OUTPRE)policy.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
   $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(VERTO_DEPS) \
diff --git a/src/kdc/ndr.c b/src/kdc/ndr.c
new file mode 100644
index 0000000..2d16e6a
--- /dev/null
+++ b/src/kdc/ndr.c
@@ -0,0 +1,332 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* kdc/ndr.c - NDR encoding and decoding functions */
+/*
+ * Copyright (C) 2021 by Red Hat, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+#include "k5-input.h"
+#include "k5-buf.h"
+#include "k5-utf8.h"
+#include "kdc_util.h"
+
+struct encoded_wchars {
+    uint16_t bytes_len;
+    uint16_t num_wchars;
+    uint8_t *encoded;
+};
+
+/*
+ * MS-DTYP 2.3.10:
+ *
+ * typedef struct _RPC_UNICODE_STRING {
+ *     unsigned short Length;
+ *     unsigned short MaximumLength;
+ *     [size_is(MaximumLength/2), length_is(Length/2)] WCHAR* Buffer;
+ * } RPC_UNICODE_STRING, *PRPC_UNICODE_STRING;
+ *
+ * Note that Buffer is not a String - there's no termination.
+ *
+ * We don't actually decode Length and MaximumLength here - this is a
+ * conformant-varying array, which means that (per DCE-1.1-RPC 14.3.7.2) where
+ * those actually appear in the serialized data is variable depending on
+ * whether the string is at top level of the struct or not.  (This also
+ * affects where the pointer identifier appears.)
+ *
+ * See MS-RPCE 4.7 for what an RPC_UNICODE_STRING looks like when not at
+ * top-level.
+ */
+static krb5_error_code
+dec_wchar_pointer(struct k5input *in, char **out)
+{
+    const uint8_t *bytes;
+    uint32_t actual_count;
+
+    /* Maximum count. */
+    (void)k5_input_get_uint32_le(in);
+    /* Offset - all zeroes, "should" not be checked. */
+    (void)k5_input_get_uint32_le(in);
+
+    actual_count = k5_input_get_uint32_le(in);
+    if (actual_count > UINT32_MAX / 2)
+        return ERANGE;
+
+    bytes = k5_input_get_bytes(in, actual_count * 2);
+    if (bytes == NULL || k5_utf16le_to_utf8(bytes, actual_count * 2, out) != 0)
+        return EINVAL;
+
+    /* Always align on 4. */
+    if (actual_count % 2 == 1)
+        (void)k5_input_get_uint16_le(in);
+
+    return 0;
+}
+
+static krb5_error_code
+enc_wchar_pointer(const char *utf8, struct encoded_wchars *encoded_out)
+{
+    krb5_error_code ret;
+    struct k5buf b;
+    size_t utf16len, num_wchars;
+    uint8_t *utf16;
+
+    k5_buf_init_dynamic(&b);
+
+    ret = k5_utf8_to_utf16le(utf8, &utf16, &utf16len);
+    if (ret)
+        return ret;
+
+    num_wchars = utf16len / 2;
+
+    k5_buf_add_uint32_le(&b, num_wchars + 1);
+    k5_buf_add_uint32_le(&b, 0);
+    k5_buf_add_uint32_le(&b, num_wchars);
+    k5_buf_add_len(&b, utf16, utf16len);
+
+    free(utf16);
+
+    if (num_wchars % 2 == 1)
+        k5_buf_add_uint16_le(&b, 0);
+
+    ret = k5_buf_status(&b);
+    if (ret)
+        return ret;
+
+    encoded_out->bytes_len = b.len;
+    encoded_out->num_wchars = num_wchars;
+    encoded_out->encoded = b.data;
+    return 0;
+}
+
+/*
+ * Decode a delegation info structure, leaving room to add an additional
+ * service.
+ *
+ * MS-PAC 2.9:
+ *
+ * typedef struct _S4U_DELEGATION_INFO {
+ *     RPC_UNICODE_STRING S4U2proxyTarget;
+ *     ULONG TransitedListSize;
+ *     [size_is(TransitedListSize)] PRPC_UNICODE_STRING S4UTransitedServices;
+ * } S4U_DELEGATION_INFO, *PS4U_DELEGATION_INFO;
+ */
+krb5_error_code
+ndr_dec_delegation_info(krb5_data *data, struct pac_s4u_delegation_info **out)
+{
+    krb5_error_code ret;
+    struct pac_s4u_delegation_info *di = NULL;
+    struct k5input in;
+    uint32_t i, object_buffer_length;
+    uint8_t version, endianness, common_header_length;
+
+    *out = NULL;
+
+    di = k5alloc(sizeof(*di), &ret);
+    if (di == NULL)
+        return ret;
+
+    k5_input_init(&in, data->data, data->length);
+
+    /* Common Type Header - MS-RPCE 2.2.6.1 */
+    version = k5_input_get_byte(&in);
+    endianness = k5_input_get_byte(&in);
+    common_header_length = k5_input_get_uint16_le(&in);
+    (void)k5_input_get_uint32_le(&in); /* Filler - 0xcccccccc. */
+    if (version != 1 || endianness != 0x10 || common_header_length != 8) {
+        ret = EINVAL;
+        goto error;
+    }
+
+    /* Private Header for Constructed Type - MS-RPCE 2.2.6.2 */
+    object_buffer_length = k5_input_get_uint32_le(&in);
+    if (data->length < 16 || object_buffer_length != data->length - 16) {
+        ret = EINVAL;
+        goto error;
+    }
+
+    (void)k5_input_get_uint32_le(&in); /* Filler - 0. */
+
+    /* This code doesn't handle re-used pointers, which could come into play in
+     * the unlikely case of a delegation loop. */
+
+    /* Pointer.  Microsoft always starts at 00 00 02 00 */
+    (void)k5_input_get_uint32_le(&in);
+    /* Length of proxy target - 2 */
+    (void)k5_input_get_uint16_le(&in);
+    /* Length of proxy target */
+    (void)k5_input_get_uint16_le(&in);
+    /* Another pointer - 04 00 02 00.  Microsoft increments by 4 (le). */
+    (void)k5_input_get_uint32_le(&in);
+
+    /* Transited services length - header version. */
+    (void)k5_input_get_uint32_le(&in);
+
+    /* More pointer: 08 00 02 00 */
+    (void)k5_input_get_uint32_le(&in);
+
+    ret = dec_wchar_pointer(&in, &di->proxy_target);
+    if (ret)
+        goto error;
+    di->transited_services_length = k5_input_get_uint32_le(&in);
+
+    /* Here, we have encoded 2 bytes of length, 2 bytes of (length + 2), and 4
+     * bytes of pointer, for each element (deferred pointers). */
+    if (di->transited_services_length > UINT32_MAX / 8) {
+        ret = ERANGE;
+        goto error;
+    }
+    (void)k5_input_get_bytes(&in, 8 * di->transited_services_length);
+
+    /* Since we're likely to add another entry, leave a blank at the end. */
+    di->transited_services = k5calloc(di->transited_services_length + 1,
+                                      sizeof(char *), &ret);
+    if (di->transited_services == NULL)
+        goto error;
+
+    for (i = 0; i < di->transited_services_length; i++) {
+        ret = dec_wchar_pointer(&in, &di->transited_services[i]);
+        if (ret)
+            goto error;
+    }
+
+    ret = in.status;
+    if (ret)
+        goto error;
+
+    *out = di;
+    return 0;
+
+error:
+    ndr_free_delegation_info(di);
+    return ret;
+}
+
+/* Empirically, Microsoft starts pointers at 00 00 02 00, and if treated little
+ * endian, they increase by 4. */
+static inline void
+write_ptr(struct k5buf *buf, uint32_t *pointer)
+{
+    if (*pointer == 0)
+        *pointer = 0x00020000;
+    k5_buf_add_uint32_le(buf, *pointer);
+    *pointer += 4;
+}
+
+krb5_error_code
+ndr_enc_delegation_info(struct pac_s4u_delegation_info *in, krb5_data *out)
+{
+    krb5_error_code ret;
+    size_t i;
+    struct k5buf b;
+    struct encoded_wchars pt_encoded = { 0 }, *tss_encoded = NULL;
+    uint32_t pointer = 0;
+
+    /* Encode ahead of time since we need the lengths. */
+    ret = enc_wchar_pointer(in->proxy_target, &pt_encoded);
+    if (ret)
+        goto cleanup;
+
+    tss_encoded = k5calloc(in->transited_services_length, sizeof(*tss_encoded),
+                           &ret);
+    if (tss_encoded == NULL)
+        goto cleanup;
+
+    k5_buf_init_dynamic(&b);
+
+    /* Common Type Header - MS-RPCE 2.2.6.1 */
+    k5_buf_add_len(&b, "\x01\x10\x08\x00", 4);
+    k5_buf_add_uint32_le(&b, 0xcccccccc);
+
+    /* Private Header for Constructed Type - MS-RPCE 2.2.6.2 */
+    k5_buf_add_uint32_le(&b, 0); /* Skip over where payload length goes. */
+    k5_buf_add_uint32_le(&b, 0); /* Filler - all zeroes. */
+
+    write_ptr(&b, &pointer);
+    k5_buf_add_uint16_le(&b, 2 * pt_encoded.num_wchars);
+    k5_buf_add_uint16_le(&b, 2 * (pt_encoded.num_wchars + 1));
+    write_ptr(&b, &pointer);
+
+    k5_buf_add_uint32_le(&b, in->transited_services_length);
+    write_ptr(&b, &pointer);
+
+    k5_buf_add_len(&b, pt_encoded.encoded, pt_encoded.bytes_len);
+
+    k5_buf_add_uint32_le(&b, in->transited_services_length);
+
+    /* Deferred pointers. */
+    for (i = 0; i < in->transited_services_length; i++) {
+        ret = enc_wchar_pointer(in->transited_services[i], &tss_encoded[i]);
+        if (ret)
+            goto cleanup;
+
+        k5_buf_add_uint16_le(&b, 2 * tss_encoded[i].num_wchars);
+        k5_buf_add_uint16_le(&b, 2 * (tss_encoded[i].num_wchars + 1));
+        write_ptr(&b, &pointer);
+    }
+
+    for (i = 0; i < in->transited_services_length; i++)
+        k5_buf_add_len(&b, tss_encoded[i].encoded, tss_encoded[i].bytes_len);
+
+    /* Now, pad to 8 bytes.  RPC_UNICODE_STRING is aligned on 4 bytes. */
+    if (b.len % 8 != 0)
+        k5_buf_add_uint32_le(&b, 0);
+
+    /* Record the payload length where we skipped over it previously. */
+    if (b.data != NULL)
+        store_32_le(b.len - 0x10, ((uint8_t *)b.data) + 8);
+
+    ret = k5_buf_status(&b);
+    if (ret)
+        goto cleanup;
+
+    *out = make_data(b.data, b.len);
+    b.data = NULL;
+
+cleanup:
+    free(b.data);
+    free(pt_encoded.encoded);
+    for (i = 0; tss_encoded != NULL && i < in->transited_services_length; i++)
+        free(tss_encoded[i].encoded);
+    free(tss_encoded);
+    return ret;
+}
+
+void
+ndr_free_delegation_info(struct pac_s4u_delegation_info *di)
+{
+    uint32_t i;
+
+    if (di == NULL)
+        return;
+    free(di->proxy_target);
+    for (i = 0; i < di->transited_services_length; i++)
+        free(di->transited_services[i]);
+    free(di->transited_services);
+    free(di);
+}
diff --git a/src/kdc/t_ndr.c b/src/kdc/t_ndr.c
new file mode 100644
index 0000000..6f1173f
--- /dev/null
+++ b/src/kdc/t_ndr.c
@@ -0,0 +1,161 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* kdc/t_ndr.c - tests for ndr.c */
+/*
+ * Copyright (C) 2021 by Red Hat, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Unit tests for the NDR marshalling/unmarshalling in ndr.c
+ */
+
+#include "k5-int.h"
+#include "kdc_util.h"
+
+/*
+ * Three S4U_DELEGATION_INFO buffers decoded from communication with AD 2019:
+ *
+ * - svc1/adserver.ad.test at AD.TEST to svc2/adserver.ad.test at AD.TEST
+ * - svc1/adserver.ad.test at AD.TEST to longsvc/adserver.ad.test at AD.TEST
+ * - svc1/adserver.ad.test at AD.TEST to svc2/adserver.ad.test at AD.TEST then
+ *                                 to longsvc/adserver.ad.test at AD.TEST
+ */
+static uint8_t s4u_di_short[] = {
+    0x01, 0x10, 0x08, 0x00, 0xcc, 0xcc, 0xcc, 0xcc, 0xa0, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x2a, 0x00, 0x2c, 0x00,
+    0x04, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x08, 0x00, 0x02, 0x00,
+    0x16, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x15, 0x00, 0x00, 0x00,
+    0x73, 0x00, 0x76, 0x00, 0x63, 0x00, 0x32, 0x00, 0x2f, 0x00, 0x61, 0x00,
+    0x64, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x76, 0x00, 0x65, 0x00,
+    0x72, 0x00, 0x2e, 0x00, 0x61, 0x00, 0x64, 0x00, 0x2e, 0x00, 0x74, 0x00,
+    0x65, 0x00, 0x73, 0x00, 0x74, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+    0x3a, 0x00, 0x3c, 0x00, 0x0c, 0x00, 0x02, 0x00, 0x1e, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x1d, 0x00, 0x00, 0x00, 0x73, 0x00, 0x76, 0x00,
+    0x63, 0x00, 0x31, 0x00, 0x2f, 0x00, 0x61, 0x00, 0x64, 0x00, 0x73, 0x00,
+    0x65, 0x00, 0x72, 0x00, 0x76, 0x00, 0x65, 0x00, 0x72, 0x00, 0x2e, 0x00,
+    0x61, 0x00, 0x64, 0x00, 0x2e, 0x00, 0x74, 0x00, 0x65, 0x00, 0x73, 0x00,
+    0x74, 0x00, 0x40, 0x00, 0x41, 0x00, 0x44, 0x00, 0x2e, 0x00, 0x54, 0x00,
+    0x45, 0x00, 0x53, 0x00, 0x54, 0x00, 0x00, 0x00,
+};
+
+static uint8_t s4u_di_long[] = {
+    0x01, 0x10, 0x08, 0x00, 0xcc, 0xcc, 0xcc, 0xcc, 0xa8, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x30, 0x00, 0x32, 0x00,
+    0x04, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x08, 0x00, 0x02, 0x00,
+    0x19, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x00, 0x00, 0x00,
+    0x6c, 0x00, 0x6f, 0x00, 0x6e, 0x00, 0x67, 0x00, 0x73, 0x00, 0x76, 0x00,
+    0x63, 0x00, 0x2f, 0x00, 0x61, 0x00, 0x64, 0x00, 0x73, 0x00, 0x65, 0x00,
+    0x72, 0x00, 0x76, 0x00, 0x65, 0x00, 0x72, 0x00, 0x2e, 0x00, 0x61, 0x00,
+    0x64, 0x00, 0x2e, 0x00, 0x74, 0x00, 0x65, 0x00, 0x73, 0x00, 0x74, 0x00,
+    0x01, 0x00, 0x00, 0x00, 0x3a, 0x00, 0x3c, 0x00, 0x0c, 0x00, 0x02, 0x00,
+    0x1e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1d, 0x00, 0x00, 0x00,
+    0x73, 0x00, 0x76, 0x00, 0x63, 0x00, 0x31, 0x00, 0x2f, 0x00, 0x61, 0x00,
+    0x64, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x76, 0x00, 0x65, 0x00,
+    0x72, 0x00, 0x2e, 0x00, 0x61, 0x00, 0x64, 0x00, 0x2e, 0x00, 0x74, 0x00,
+    0x65, 0x00, 0x73, 0x00, 0x74, 0x00, 0x40, 0x00, 0x41, 0x00, 0x44, 0x00,
+    0x2e, 0x00, 0x54, 0x00, 0x45, 0x00, 0x53, 0x00, 0x54, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00,
+};
+
+static uint8_t s4u_di_double[] = {
+    0x01, 0x10, 0x08, 0x00, 0xcc, 0xcc, 0xcc, 0xcc, 0xf8, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x30, 0x00, 0x32, 0x00,
+    0x04, 0x00, 0x02, 0x00, 0x02, 0x00, 0x00, 0x00, 0x08, 0x00, 0x02, 0x00,
+    0x19, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x00, 0x00, 0x00,
+    0x6c, 0x00, 0x6f, 0x00, 0x6e, 0x00, 0x67, 0x00, 0x73, 0x00, 0x76, 0x00,
+    0x63, 0x00, 0x2f, 0x00, 0x61, 0x00, 0x64, 0x00, 0x73, 0x00, 0x65, 0x00,
+    0x72, 0x00, 0x76, 0x00, 0x65, 0x00, 0x72, 0x00, 0x2e, 0x00, 0x61, 0x00,
+    0x64, 0x00, 0x2e, 0x00, 0x74, 0x00, 0x65, 0x00, 0x73, 0x00, 0x74, 0x00,
+    0x02, 0x00, 0x00, 0x00, 0x3a, 0x00, 0x3c, 0x00, 0x0c, 0x00, 0x02, 0x00,
+    0x3a, 0x00, 0x3c, 0x00, 0x10, 0x00, 0x02, 0x00, 0x1e, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x1d, 0x00, 0x00, 0x00, 0x73, 0x00, 0x76, 0x00,
+    0x63, 0x00, 0x31, 0x00, 0x2f, 0x00, 0x61, 0x00, 0x64, 0x00, 0x73, 0x00,
+    0x65, 0x00, 0x72, 0x00, 0x76, 0x00, 0x65, 0x00, 0x72, 0x00, 0x2e, 0x00,
+    0x61, 0x00, 0x64, 0x00, 0x2e, 0x00, 0x74, 0x00, 0x65, 0x00, 0x73, 0x00,
+    0x74, 0x00, 0x40, 0x00, 0x41, 0x00, 0x44, 0x00, 0x2e, 0x00, 0x54, 0x00,
+    0x45, 0x00, 0x53, 0x00, 0x54, 0x00, 0x00, 0x00, 0x1e, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x1d, 0x00, 0x00, 0x00, 0x73, 0x00, 0x76, 0x00,
+    0x63, 0x00, 0x32, 0x00, 0x2f, 0x00, 0x61, 0x00, 0x64, 0x00, 0x73, 0x00,
+    0x65, 0x00, 0x72, 0x00, 0x76, 0x00, 0x65, 0x00, 0x72, 0x00, 0x2e, 0x00,
+    0x61, 0x00, 0x64, 0x00, 0x2e, 0x00, 0x74, 0x00, 0x65, 0x00, 0x73, 0x00,
+    0x74, 0x00, 0x40, 0x00, 0x41, 0x00, 0x44, 0x00, 0x2e, 0x00, 0x54, 0x00,
+    0x45, 0x00, 0x53, 0x00, 0x54, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+};
+
+static void
+test_dec_enc(uint8_t *blob, size_t len, char *name)
+{
+    krb5_data data_in, data_out;
+    struct pac_s4u_delegation_info *di = NULL;
+    krb5_error_code ret;
+    int eq;
+    size_t i;
+
+    printf("Checking blob %s...\n", name);
+
+    data_in = make_data(blob, len);
+    ret = ndr_dec_delegation_info(&data_in, &di);
+    if (ret) {
+        printf("%s: bad decode (%d): %s\n", name, ret, strerror(ret));
+        exit(1);
+    }
+
+    printf("%s, %d\n", di->proxy_target, di->transited_services_length);
+    for (i = 0; i < di->transited_services_length; i++)
+        printf("    %s\n", di->transited_services[i]);
+
+    ret = ndr_enc_delegation_info(di, &data_out);
+    ndr_free_delegation_info(di);
+    if (ret) {
+        printf("%s: bad encode (%d): %s\n", name, ret, strerror(ret));
+        exit(1);
+    }
+
+    eq = data_eq(data_in, data_out);
+    krb5_free_data_contents(NULL, &data_out);
+    if (!eq) {
+        printf("%s: re-encoding did not produce the same result\n", name);
+        exit(1);
+    }
+
+    printf("%s matched\n\n", name);
+}
+
+#define RUN_TEST(blob) test_dec_enc(blob, sizeof(blob), #blob)
+
+int
+main()
+{
+    printf("Running NDR tests...\n");
+
+    RUN_TEST(s4u_di_short);
+    RUN_TEST(s4u_di_long);
+    RUN_TEST(s4u_di_double);
+
+    printf("Passed NDR tests\n");
+}


More information about the cvs-krb5 mailing list