search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
HEIMDAL: move code from source4/heimdal* to third_party/heimdal*
[Samba.git] / third_party / heimdal / lib / gssapi / krb5 / sequence.c
blob2e0e7b20f922565ca6f4a4bf2b1efff2a74d56a1
1 /*
2 * Copyright (c) 2003 - 2006 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "gsskrb5_locl.h"
35
36 #define DEFAULT_JITTER_WINDOW 20
37
38 struct gss_msg_order {
39 OM_uint32 flags;
40 OM_uint32 start;
41 OM_uint32 length;
42 OM_uint32 jitter_window;
43 OM_uint32 first_seq;
44 OM_uint32 elem[1];
45 };
46
47
48 /*
49 *
50 */
51
52 static OM_uint32
53 msg_order_alloc(OM_uint32 *minor_status,
54 struct gss_msg_order **o,
55 OM_uint32 jitter_window)
56 {
57 size_t len;
58
59 len = jitter_window * sizeof((*o)->elem[0]);
60 len += sizeof(**o);
61 len -= sizeof((*o)->elem[0]);
62
63 *o = calloc(1, len);
64 if (*o == NULL) {
65 *minor_status = ENOMEM;
66 return GSS_S_FAILURE;
67 }
68
69 *minor_status = 0;
70 return GSS_S_COMPLETE;
71 }
72
73 /*
74 *
75 */
76
77 OM_uint32
78 _gssapi_msg_order_create(OM_uint32 *minor_status,
79 struct gss_msg_order **o,
80 OM_uint32 flags,
81 OM_uint32 seq_num,
82 OM_uint32 jitter_window,
83 int use_64)
84 {
85 OM_uint32 ret;
86
87 if (jitter_window == 0)
88 jitter_window = DEFAULT_JITTER_WINDOW;
89
90 ret = msg_order_alloc(minor_status, o, jitter_window);
91 if(ret != GSS_S_COMPLETE)
92 return ret;
93
94 (*o)->flags = flags;
95 (*o)->length = 0;
96 (*o)->first_seq = seq_num;
97 (*o)->jitter_window = jitter_window;
98 (*o)->elem[0] = seq_num - 1;
99
100 *minor_status = 0;
101 return GSS_S_COMPLETE;
102 }
103
104 OM_uint32
105 _gssapi_msg_order_destroy(struct gss_msg_order **m)
106 {
107 free(*m);
108 *m = NULL;
109 return GSS_S_COMPLETE;
110 }
111
112 static void
113 elem_set(struct gss_msg_order *o, unsigned int slot, OM_uint32 val)
114 {
115 o->elem[slot % o->jitter_window] = val;
116 }
117
118 static void
119 elem_insert(struct gss_msg_order *o,
120 unsigned int after_slot,
121 OM_uint32 seq_num)
122 {
123 assert(o->jitter_window > after_slot);
124
125 if (o->length > after_slot)
126 memmove(&o->elem[after_slot + 1], &o->elem[after_slot],
127 (o->length - after_slot - 1) * sizeof(o->elem[0]));
128
129 elem_set(o, after_slot, seq_num);
130
131 if (o->length < o->jitter_window)
132 o->length++;
133 }
134
135 /* rule 1: expected sequence number */
136 /* rule 2: > expected sequence number */
137 /* rule 3: seqnum < seqnum(first) */
138 /* rule 4+5: seqnum in [seqnum(first),seqnum(last)] */
139
140 OM_uint32
141 _gssapi_msg_order_check(struct gss_msg_order *o, OM_uint32 seq_num)
142 {
143 OM_uint32 r;
144 size_t i;
145
146 if (o == NULL)
147 return GSS_S_COMPLETE;
148
149 if ((o->flags & (GSS_C_REPLAY_FLAG|GSS_C_SEQUENCE_FLAG)) == 0)
150 return GSS_S_COMPLETE;
151
152 /* check if the packet is the next in order */
153 if (o->elem[0] == seq_num - 1) {
154 elem_insert(o, 0, seq_num);
155 return GSS_S_COMPLETE;
156 }
157
158 r = (o->flags & (GSS_C_REPLAY_FLAG|GSS_C_SEQUENCE_FLAG))==GSS_C_REPLAY_FLAG;
159
160 /* sequence number larger then largest sequence number
161 * or smaller then the first sequence number */
162 if (seq_num > o->elem[0]
163 || seq_num < o->first_seq
164 || o->length == 0)
165 {
166 elem_insert(o, 0, seq_num);
167 if (r) {
168 return GSS_S_COMPLETE;
169 } else {
170 return GSS_S_GAP_TOKEN;
171 }
172 }
173
174 assert(o->length > 0);
175
176 /* sequence number smaller the first sequence number */
177 if (seq_num < o->elem[o->length - 1]) {
178 if (r)
179 return(GSS_S_OLD_TOKEN);
180 else
181 return(GSS_S_UNSEQ_TOKEN);
182 }
183
184 if (seq_num == o->elem[o->length - 1]) {
185 return GSS_S_DUPLICATE_TOKEN;
186 }
187
188 for (i = 0; i < o->length - 1; i++) {
189 if (o->elem[i] == seq_num)
190 return GSS_S_DUPLICATE_TOKEN;
191 if (o->elem[i + 1] < seq_num && o->elem[i] < seq_num) {
192 elem_insert(o, i, seq_num);
193 if (r)
194 return GSS_S_COMPLETE;
195 else
196 return GSS_S_UNSEQ_TOKEN;
197 }
198 }
199
200 return GSS_S_FAILURE;
201 }
202
203 OM_uint32
204 _gssapi_msg_order_f(OM_uint32 flags)
205 {
206 return flags & (GSS_C_SEQUENCE_FLAG|GSS_C_REPLAY_FLAG);
207 }
208
209 /*
210 * Translate `o` into inter-process format and export in to `sp'.
211 */
212
213 krb5_error_code
214 _gssapi_msg_order_export(krb5_storage *sp, struct gss_msg_order *o)
215 {
216 krb5_error_code kret;
217 OM_uint32 i;
218
219 kret = krb5_store_int32(sp, o->flags);
220 if (kret)
221 return kret;
222 kret = krb5_store_int32(sp, o->start);
223 if (kret)
224 return kret;
225 kret = krb5_store_int32(sp, o->length);
226 if (kret)
227 return kret;
228 kret = krb5_store_int32(sp, o->jitter_window);
229 if (kret)
230 return kret;
231 kret = krb5_store_int32(sp, o->first_seq);
232 if (kret)
233 return kret;
234
235 for (i = 0; i < o->jitter_window; i++) {
236 kret = krb5_store_int32(sp, o->elem[i]);
237 if (kret)
238 return kret;
239 }
240
241 return 0;
242 }
243
244 OM_uint32
245 _gssapi_msg_order_import(OM_uint32 *minor_status,
246 krb5_storage *sp,
247 struct gss_msg_order **o)
248 {
249 OM_uint32 ret;
250 krb5_error_code kret;
251 int32_t i, flags, start, length, jitter_window, first_seq;
252
253 kret = krb5_ret_int32(sp, &flags);
254 if (kret)
255 goto failed;
256 kret = krb5_ret_int32(sp, &start);
257 if (kret)
258 goto failed;
259 kret = krb5_ret_int32(sp, &length);
260 if (kret)
261 goto failed;
262 kret = krb5_ret_int32(sp, &jitter_window);
263 if (kret)
264 goto failed;
265 kret = krb5_ret_int32(sp, &first_seq);
266 if (kret)
267 goto failed;
268
269 ret = msg_order_alloc(minor_status, o, jitter_window);
270 if (ret != GSS_S_COMPLETE)
271 return ret;
272
273 (*o)->flags = flags;
274 (*o)->start = start;
275 (*o)->length = length;
276 (*o)->jitter_window = jitter_window;
277 (*o)->first_seq = first_seq;
278
279 for( i = 0; i < jitter_window; i++ ) {
280 kret = krb5_ret_int32(sp, (int32_t*)&((*o)->elem[i]));
281 if (kret)
282 goto failed;
283 }
284
285 *minor_status = 0;
286 return GSS_S_COMPLETE;
287
288 failed:
289 _gssapi_msg_order_destroy(o);
290 *minor_status = kret;
291 return GSS_S_FAILURE;
292 }
Samba GIT mirror