2N/A * The contents of this file are subject to the terms of the 2N/A * Common Development and Distribution License (the "License"). 2N/A * You may not use this file except in compliance with the License. 2N/A * See the License for the specific language governing permissions 2N/A * and limitations under the License. 2N/A * When distributing Covered Code, include this CDDL HEADER in each 2N/A * If applicable, add the following below this CDDL HEADER, with the 2N/A * fields enclosed by brackets "[]" replaced with your own identifying 2N/A * information: Portions Copyright [yyyy] [name of copyright owner] 2N/A * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. 2N/A * Lookup functions for various Kerberos types - errors, encryption types, 2N/A * message types etc. Lookup functions generally take an integer and return a 2N/A * string (pointer to static memory). They cannot fail returning only NULL if 2N/A * the value cannot be found. Types and their string representations were 2N/A * mainly taken from RFC4120 and the mech_krb5 source. 2N/A case 10:
return (
"KRB_AS_REQ(10)");
2N/A case 11:
return (
"KRB_AS_REP(11)");
2N/A case 12:
return (
"KRB_TGS_REQ(12)");
2N/A case 13:
return (
"KRB_TGS_REP(13)");
2N/A case 14:
return (
"KRB_AP_REQ(14)");
2N/A case 15:
return (
"KRB_AP_REP(15)");
2N/A case 16:
return (
"KRB_RESERVED(16)");
2N/A case 17:
return (
"KRB_RESERVED(17)");
2N/A case 20:
return (
"KRB_SAFE(20)");
2N/A case 21:
return (
"KRB_PRIV(21)");
2N/A case 22:
return (
"KRB_CRED(22)");
2N/A case 30:
return (
"KRB_ERROR(30)");
2N/A case 0:
return (
"KDC_ERR_NONE(0)");
2N/A case 1:
return (
"KDC_ERR_NAME_EXP(1)");
2N/A case 2:
return (
"KDC_ERR_SERVICE_EXP(2)");
2N/A case 3:
return (
"KDC_ERR_BAD_PVNO(3)");
2N/A case 4:
return (
"KDC_ERR_C_OLD_MAST_KVNO(4)");
2N/A case 5:
return (
"KDC_ERR_S_OLD_MAST_KVNO(5)");
2N/A case 6:
return (
"KDC_ERR_C_PRINCIPAL_UNKNOWN(6)");
2N/A case 7:
return (
"KDC_ERR_S_PRINCIPAL_UNKNOWN(7)");
2N/A case 8:
return (
"KDC_ERR_PRINCIPAL_NOT_UNIQUE(8)");
2N/A case 9:
return (
"KDC_ERR_NULL_KEY(9)");
2N/A case 10:
return (
"KDC_ERR_CANNOT_POSTDATE(10)");
2N/A case 11:
return (
"KDC_ERR_NEVER_VALID(11)");
2N/A case 12:
return (
"KDC_ERR_POLICY(12)");
2N/A case 13:
return (
"KDC_ERR_BADOPTION(13)");
2N/A case 14:
return (
"KDC_ERR_ENCTYPE_NOSUPP(14)");
2N/A case 15:
return (
"KDC_ERR_SUMTYPE_NOSUPP(15)");
2N/A case 16:
return (
"KDC_ERR_PADATA_TYPE_NOSUPP(16)");
2N/A case 17:
return (
"KDC_ERR_TRTYPE_NOSUPP(17)");
2N/A case 18:
return (
"KDC_ERR_CLIENT_REVOKED(18)");
2N/A case 19:
return (
"KDC_ERR_SERVICE_REVOKED(19)");
2N/A case 20:
return (
"KDC_ERR_TGT_REVOKED(20)");
2N/A case 21:
return (
"KDC_ERR_CLIENT_NOTYET(21)");
2N/A case 22:
return (
"KDC_ERR_SERVICE_NOTYET(22)");
2N/A case 23:
return (
"KDC_ERR_KEY_EXP(23)");
2N/A case 24:
return (
"KDC_ERR_PREAUTH_FAILED(24)");
2N/A case 25:
return (
"KDC_ERR_PREAUTH_REQUIRED(25)");
2N/A case 26:
return (
"KDC_ERR_SERVER_NOMATCH(26)");
2N/A case 27:
return (
"KDC_ERR_MUST_USE_USER2USER(27)");
2N/A case 28:
return (
"KDC_ERR_PATH_NOT_ACCEPTED(28)");
2N/A case 29:
return (
"KDC_ERR_SVC_UNAVAILABLE(29)");
2N/A case 31:
return (
"KRB_AP_ERR_BAD_INTEGRITY(31)");
2N/A case 32:
return (
"KRB_AP_ERR_TKT_EXPIRED(32)");
2N/A case 33:
return (
"KRB_AP_ERR_TKT_NYV(33)");
2N/A case 34:
return (
"KRB_AP_ERR_REPEAT(34)");
2N/A case 35:
return (
"KRB_AP_ERR_NOT_US(35)");
2N/A case 36:
return (
"KRB_AP_ERR_BADMATCH(36)");
2N/A case 37:
return (
"KRB_AP_ERR_SKEW(37)");
2N/A case 38:
return (
"KRB_AP_ERR_BADADDR(38)");
2N/A case 39:
return (
"KRB_AP_ERR_BADVERSION(39)");
2N/A case 40:
return (
"KRB_AP_ERR_MSG_TYPE(40)");
2N/A case 41:
return (
"KRB_AP_ERR_MODIFIED(41)");
2N/A case 42:
return (
"KRB_AP_ERR_BADORDER(42)");
2N/A case 44:
return (
"KRB_AP_ERR_BADKEYVER(44)");
2N/A case 45:
return (
"KRB_AP_ERR_NOKEY(45)");
2N/A case 46:
return (
"KRB_AP_ERR_MUT_FAIL(46)");
2N/A case 47:
return (
"KRB_AP_ERR_BADDIRECTION(47)");
2N/A case 48:
return (
"KRB_AP_ERR_METHOD(48)");
2N/A case 49:
return (
"KRB_AP_ERR_BADSEQ(49)");
2N/A case 50:
return (
"KRB_AP_ERR_INAPP_CKSUM(50)");
2N/A case 51:
return (
"KRB_AP_PATH_NOT_ACCEPTED(51)");
2N/A case 52:
return (
"KRB_ERR_RESPONSE_TOO_BIG(52)");
2N/A case 60:
return (
"KRB_ERR_GENERIC(60)");
2N/A case 61:
return (
"KRB_ERR_FIELD_TOOLONG(61)");
2N/A case 62:
return (
"KDC_ERR_CLIENT_NOT_TRUSTED(62)");
2N/A case 63:
return (
"KDC_ERR_KDC_NOT_TRUSTED(63)");
2N/A case 64:
return (
"KDC_ERR_INVALID_SIG(64)");
2N/A case 65:
return (
"KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED(65)");
2N/A case 66:
return (
"KDC_ERR_CERTIFICATE_MISMATCH(66)");
2N/A case 67:
return (
"KRB_AP_ERR_NO_TGT(67)");
2N/A case 68:
return (
"KDC_ERR_WRONG_REALM(68)");
2N/A case 69:
return (
"KRB_AP_ERR_USER_TO_USER_REQUIRED(69)");
2N/A case 70:
return (
"KDC_ERR_CANT_VERIFY_CERTIFICATE(70)");
2N/A case 71:
return (
"KDC_ERR_INVALID_CERTIFICATE(71)");
2N/A case 72:
return (
"KDC_ERR_REVOKED_CERTIFICATE(72)");
2N/A case 73:
return (
"KDC_ERR_REVOCATION_STATUS_UNKNOWN(73)");
2N/A case 74:
return (
"KDC_ERR_REVOCATION_STATUS_UNAVAILABLE(74)");
2N/A case 75:
return (
"KDC_ERR_CLIENT_NAME_MISMATCH(75)");
2N/A case 76:
return (
"KDC_ERR_KDC_NAME_MISMATCH(76)");
2N/A case 77:
return (
"KDC_ERR_INCONSISTENT_KEY_PURPOSE(77)");
2N/A case 78:
return (
"KDC_ERR_DIGEST_IN_CERT_NOT_ACCEPTED(78)");
2N/A case 79:
return (
"KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED(79)");
2N/A "KDC_ERR_DIGEST_IN_SIGNED_DATA_NOT_ACCEPTED(80)");
2N/A "KDC_ERR_PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED(81)");
2N/A case 0:
return (
"NONE(0)");
2N/A case 1:
return (
"AP_REQ(1)");
2N/A case 2:
return (
"ENC_TIMESTAMP(2)");
2N/A case 3:
return (
"PW_SALT(3)");
2N/A case 4:
return (
"ENC_ENCKEY(4)");
2N/A case 5:
return (
"ENC_UNIX_TIME(5)");
2N/A case 6:
return (
"ENC_SANDIA_SECURID(6)");
2N/A case 7:
return (
"SESAME(7)");
2N/A case 8:
return (
"OSF_DCE(8)");
2N/A case 9:
return (
"CYBERSAFE_SECUREID(9)");
2N/A case 10:
return (
"AFS3_SALT(10)");
2N/A case 11:
return (
"ETYPE_INFO(11)");
2N/A case 12:
return (
"SAM_CHALLENGE(12)");
2N/A case 13:
return (
"SAM_RESPONSE(13)");
2N/A case 14:
return (
"PK_AS_REQ_OLD(14)");
2N/A case 15:
return (
"PK_AS_REP_OLD(15)");
2N/A case 16:
return (
"PK_AS_REQ(16)");
2N/A case 17:
return (
"PK_AS_REP(17)");
2N/A case 19:
return (
"PK_ETYPE_INFO2(19)");
2N/A case 25:
return (
"REFERRAL(25)");
2N/A case 30:
return (
"SAM_CHALLENGE_2(30)");
2N/A case 31:
return (
"SAM_RESPONSE_2(31)");
2N/A case 128:
return (
"PAC_REQUEST(128)");
2N/A case 129:
return (
"FOR_USER(129)");
2N/A case 130:
return (
"S4U_X509_USER(130)");
2N/A case 133:
return (
"FX_COOKIE(133)");
2N/A case 136:
return (
"FX_FAST(136)");
2N/A case 137:
return (
"FX_ERROR(137)");
2N/A case 138:
return (
"ENCRYPTED_CHALLENGE(138)");
2N/A case 147:
return (
"PKINIT_KX(147)");
2N/A case 149:
return (
"REQ_ENC_PA_REP(149)");
2N/A case 0x18 :
return (
"arcfour-hmac-md5-exp(0x18)");
2N/A case 0x17 :
return (
"arcfour-hmac-md5(0x17)");
2N/A case 0x12 :
return (
"aes256-cts-hmac-sha1-96(0x12)");
2N/A case 0x11 :
return (
"aes128-cts-hmac-sha1-96(0x11)");
2N/A case 0x10 :
return (
"des3-cbc-sha1(0x10)");
2N/A case 0x8 :
return (
"des-hmac-sha1(0x8)");
2N/A case 0x6 :
return (
"des3-cbc-raw(0x6)");
2N/A case 0x5 :
return (
"des3-cbc-sha(0x5)");
2N/A case 0x4 :
return (
"des-cbc-raw(0x4)");
2N/A case 0x3 :
return (
"des-cbc-md5(0x3)");
2N/A case 0x2 :
return (
"des-cbc-md4(0x2)");
2N/A case 0x1 :
return (
"des-cbc-crc(0x1)");
2N/A case 0x0 :
return (
"null(0x0)");
2N/A case -
138 :
return (
"hmac-md5-arcfour(-138)");
2N/A case 0x8003 :
return (
"gssapi(0x8003)");
2N/A case 0x10 :
return (
"hmac-sha1-96-aes256(0x10)");
2N/A case 0xf :
return (
"hmac-sha1-96-aes128(0xf)");
2N/A case 0xc :
return (
"hmac-sha1-des3(0xc)");
2N/A case 0x9 :
return (
"sha(0x9)");
2N/A case 0x8 :
return (
"md5-des(0x8)");
2N/A case 0x7 :
return (
"md5(0x7)");
2N/A case 0x4 :
return (
"des-cbc(0x4)");
2N/A case 0x3 :
return (
"md4-des(0x3)");
2N/A case 0x2 :
return (
"md4(0x2)");
2N/A case 0x1 :
return (
"crc32(0x1)");
2N/A case 0 :
return (
"NONE(0)");
2N/A case 1 :
return (
"AD-IF-RELEVANT(1)");
2N/A case 4 :
return (
"AD-KDCIssued(4)");
2N/A case 5 :
return (
"AD-AND-OR(5)");
2N/A case 8 :
return (
"AD-MANDATORY-FOR-KDC(8)");
2N/A case 9 :
return (
"AD_INITIAL_VERIFIED_CAS(9)");
2N/A case 64:
return (
"AD_OSF_DCE(64)");
2N/A case 65:
return (
"AD_SESAME(65");
2N/A case 71:
return (
"AD_FX_ARMOR(71)");
2N/A case 128:
return (
"AD_WIN2K_PAC(128)");
2N/A case 129:
return (
"AD_ETYPE_NEGOTIATION(129)");
2N/A case 512:
return (
"AD_SIGNTICKET(512)");
2N/A case 0 :
return (
"NONE(0)");
2N/A case 1 :
return (
"ALL_LAST_TGT(1)");
2N/A case -
1 :
return (
"ONE_LAST_TGT(-1)");
2N/A case 2 :
return (
"ALL_LAST_INITIAL(2)");
2N/A case -
2 :
return (
"ONE_LAST_INITIAL(-2)");
2N/A case 3 :
return (
"ALL_LAST_TGT_ISSUED(3)");
2N/A case -
3 :
return (
"ONE_LAST_TGT_ISSUED(-3)");
2N/A case 4 :
return (
"ALL_LAST_RENEWAL(4)");
2N/A case -
4 :
return (
"ONE_LAST_RENEWAL(-4)");
2N/A case 5 :
return (
"ALL_LAST_REQ(5)");
2N/A case -
5 :
return (
"ONE_LAST_REQ(-5)");
2N/A case 6 :
return (
"ALL_PW_EXPTIME(6)");
2N/A case -
6 :
return (
"ONE_PW_EXPTIME(-6)");
2N/A case 7 :
return (
"ALL_ACCT_EXPTIME(7)");
2N/A case -
7 :
return (
"ONE_ACCT_EXPTIME(-7)");
2N/A case 0 :
return (
"(0)");
2N/A case 1 :
return (
"DOMAIN-X500-COMPRESS(1)");
2N/A case 0x00000000 :
return (
"");
2N/A case 0x40000000 :
return (
"forwardable(1)");
2N/A case 0x20000000 :
return (
"forwarded(2)");
2N/A case 0x10000000 :
return (
"proxiable(3)");
2N/A case 0x08000000 :
return (
"proxy(4)");
2N/A case 0x04000000 :
return (
"may-postdate(5)");
2N/A case 0x02000000 :
return (
"postdated(6)");
2N/A case 0x01000000 :
return (
"invalid(7)");
2N/A case 0x00800000 :
return (
"renewable(8)");
2N/A case 0x00400000 :
return (
"initial(9)");
2N/A case 0x00200000 :
return (
"pre-authent(10)");
2N/A case 0x00100000 :
return (
"hw-authent(11)");
2N/A case 0x00080000 :
return (
"transited-policy-checked(12)");
2N/A case 0x00040000 :
return (
"ok-as-delegate(13)");
2N/A case 0x00010000 :
return (
"canonicalize(15)");
2N/A case 0x00000020 :
return (
"disable-transited-check(26)");
2N/A case 0x00000010 :
return (
"renewable-ok(27)");
2N/A case 0x00000008 :
return (
"enc-tkt-in-skey(28)");
2N/A case 0x00000002 :
return (
"renew(30)");
2N/A case 0x00000001 :
return (
"validate(31)");
2N/A * *_to_str functions are similar to the *_lookup functions however the returned 2N/A * string must be freed. NULL may be returned due to a memory allocation 2N/A * failure. The *to_str functions return a useful string when a *_lookup 2N/A * function would return NULL. 2N/A * A generic wrapper around *_lookup functions which returns a useful string 2N/A * when a type cannot be found. 2N/A * e.g. "<unknown(999)>" 2N/A * Takes a pointer to a lookup function which returns a string on sucess or NULL 2N/A * if the type cannot be found. 2N/A * Returned value must be freed. 2N/A * Given a NULL terminated array ("arr") build up a string by calling "to_str" 2N/A * for each element of the array. The returned string (like all *_to_str 2N/A * functions) should be freed. 2N/A * Returns NULL on memory allocation failure or empty array. 2N/A * Kerberos flags are encoded in a single 32bit integer with each bit 2N/A * representing a flag. Each possible flag is tested for by applying a mask 2N/A * which is bit-shifted for each iteration. 2N/A * Returns a string representation of Kerberos flags which should be freed. Can 2N/A * return NULL on memory allocation error. 2N/A /* Print out "flags" in hex with leading zeros */ 2N/A for (i = 0; i <
sizeof (
unsigned int) *
8; i++) {
2N/A * k5_flag_lookup() returns "" when passed a zero 2N/A * indicating that there is no flag set at that bit. 2N/A * Continue on to the next flag. 2N/A * Free the old string and make the memory pointed to by 2N/A * tmp the new string. 2N/A * Encryption types are stored in an array along with its size (unlike many 2N/A * other arrays seen in krb5 which are generally NULL terminated). Given an 2N/A * array of encryption types ("enctypes") and a count ("n") return a string 2N/A * The returned string should be freed. Returns NULL on memory allocation 2N/A * failure or empty array 2N/A for (i = 0; i < n; i++) {
2N/A * Convert a krb5_data structure to string. 2N/A * Returned string should be freed. Returns NULL on memory allocation failure or 2N/A * Returns a string representation of a krb5_pa_data type. Currently only 2N/A * returns type of krb5_pa_data. e.g. "ENC_TIMESTAMP(2)". 2N/A * Takes a void pointer "p" as this function is can be passed to 2N/A * k5_array_to_str(). 2N/A * Returned string should be freed. Returns NULL on memory allocation failure or 2N/A * Returns a string representation of a krb5_authdata type. Currently only 2N/A * returns type of krb5_authdata. e.g. "AD-IF-RELEVANT(1)". 2N/A * Takes a void pointer "p" as this function is can be passed to 2N/A * k5_array_to_str(). 2N/A * Returned string should be freed. Returns NULL on memory allocation failure or 2N/A * Returns a string representation of a krb5_last_req type. Returns type and 2N/A * timestamp. e.g. "ALL_LAST_TGT(1):1283180754". 2N/A * Takes a void pointer "p" as this function is can be passed to 2N/A * k5_array_to_str(). 2N/A * Returned string should be freed. Returns NULL on memory allocation failure or 2N/A * Returns a string representation of a krb5_transited type. For 2N/A * KRB5_DOMAIN_X500_COMPRESS a string representation of the transited realms 2N/A * will be returned. e.g. "DOMAIN-X500-COMPRESS(1):ACME.COM,MIT." 2N/A * Takes a void pointer "p" as this function can be passed to 2N/A * k5_array_to_str(). 2N/A * Returned string should be freed. Returns NULL on memory allocation failure or 2N/A * Returns a string representation of a krb5_address type. IPv6 and IPv4 2N/A * addresses are supported. e.g. "10.10.10.10" 2N/A * Takes a void pointer "p" as this function can be passed to 2N/A * k5_array_to_str(). 2N/A * Returned string should be freed. Returns NULL on memory allocation failure or 2N/A "unknown address type"),
2N/A * Count the number of elements in a NULL terminated array. 2N/A * The following functions consist of "build" and "free" functions for each 2N/A * argument passed from the Kerberos mech to DTrace. 2N/A * k5_*info arguments are flat structures closely mimicking their *info DTrace 2N/A * counter-parts. They are generally made up of strings and integers. 2N/A * When preauth is required we can treat e_data as a 2N/A * list of supported pre-authentication types. 2N/A * Some probes should fire in multiple places. In order to ensure that each 2N/A * probe is only listed once by DTrace these probes are put into their own