oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Rename gss_context_id_t and gss_cred_id_t to local names

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17699 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2006-06-28 08:58:17 +00:00
parent a1321d12ed
commit 534d628c29
7 changed files with 294 additions and 182 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
lib/gssapi/spnego/accept_sec_context.c
View File

@@ -62,7 +62,7 @@ _gss_spnego_encode_response(OM_uint32 *minor_status,
ret = der_put_length_and_tag(buf + buf_size - buf_len - 1,
buf_size - buf_len,
buf_len,
CONTEXT,
ASN1_C_CONTEXT,
CONS,
1,
&tmp);
@@ -137,7 +137,7 @@ send_reject (OM_uint32 *minor_status,
OM_uint32
_gss_spnego_indicate_mechtypelist (OM_uint32 *minor_status,
int includeMSCompatOID,
const gss_cred_id_t cred_handle,
const gssspnego_cred cred_handle,
MechTypeList *mechtypelist,
gss_OID *preferred_mech)
{
@@ -145,7 +145,7 @@ _gss_spnego_indicate_mechtypelist (OM_uint32 *minor_status,
gss_OID_set supported_mechs = GSS_C_NO_OID_SET;
int i, count;
if (cred_handle != GSS_C_NO_CREDENTIAL) {
if (cred_handle != NULL) {
ret = gss_inquire_cred(minor_status,
cred_handle->negotiated_cred_id,
NULL,
@@ -228,7 +228,7 @@ send_supported_mechs (OM_uint32 *minor_status,
ni.mechListMIC = NULL;
ret = _gss_spnego_indicate_mechtypelist(minor_status, 1,
GSS_C_NO_CREDENTIAL,
NULL,
&ni.mechTypes, NULL);
if (ret != GSS_S_COMPLETE) {
return ret;
@@ -320,7 +320,7 @@ send_supported_mechs (OM_uint32 *minor_status,
ret = der_put_length_and_tag(buf + buf_size - buf_len - 1,
buf_size - buf_len,
buf_len,
CONTEXT,
ASN1_C_CONTEXT,
CONS,
0,
&tmp);
@@ -368,7 +368,7 @@ send_supported_mechs (OM_uint32 *minor_status,
static OM_uint32
send_accept (OM_uint32 *minor_status,
gss_ctx_id_t context_handle,
gssspnego_ctx context_handle,
gss_buffer_t mech_token,
int initial_response,
gss_buffer_t mech_buf,
@@ -496,7 +496,7 @@ send_accept (OM_uint32 *minor_status,
static OM_uint32
verify_mechlist_mic
(OM_uint32 *minor_status,
gss_ctx_id_t context_handle,
gssspnego_ctx context_handle,
gss_buffer_t mech_buf,
heim_octet_string *mechListMIC
)
@@ -556,9 +556,10 @@ gss_spnego_accept_sec_context
unsigned int negResult = accept_incomplete;
gss_buffer_t mech_input_token = GSS_C_NO_BUFFER;
gss_buffer_t mech_output_token = GSS_C_NO_BUFFER;
gss_ctx_id_t ctx;
gss_buffer_desc mech_buf;
gss_OID preferred_mech_type = GSS_C_NO_OID;
gssspnego_ctx ctx;
gssspnego_cred acceptor_cred = (gssspnego_cred)acceptor_cred_handle;
*minor_status = 0;
@@ -594,7 +595,7 @@ gss_spnego_accept_sec_context
}
}
ctx = *context_handle;
ctx = (gssspnego_ctx)*context_handle;
/*
* The GSS-API encapsulation is only present on the initial
@@ -611,7 +612,7 @@ gss_spnego_accept_sec_context
}
ret = der_match_tag_and_length(data.value, data.length,
CONTEXT, CONS,
ASN1_C_CONTEXT, CONS,
initialToken ? 0 : 1,
&len, &taglen);
if (ret) {
@@ -625,11 +626,11 @@ gss_spnego_accept_sec_context
}
if (initialToken) {
ret = decode_NegTokenInit((const char *)data.value + taglen, len,
&ni, &ni_len);
ret = decode_NegTokenInit((const unsigned char *)data.value + taglen,
len, &ni, &ni_len);
} else {
ret = decode_NegTokenResp((const char *)data.value + taglen, len,
&na, &na_len);
ret = decode_NegTokenResp((const unsigned char *)data.value + taglen,
len, &na, &na_len);
}
if (ret) {
*minor_status = ret;
@@ -672,7 +673,6 @@ gss_spnego_accept_sec_context
{
gss_buffer_desc ibuf, obuf;
OM_uint32 minor;
int require_mic, verify_mic, get_mic;
int require_response;
heim_octet_string *mic;
@@ -696,8 +696,8 @@ gss_spnego_accept_sec_context
gss_cred_id_t mech_delegated_cred;
gss_cred_id_t *mech_delegated_cred_p;
if (acceptor_cred_handle != GSS_C_NO_CREDENTIAL)
mech_cred = acceptor_cred_handle->negotiated_cred_id;
if (acceptor_cred != NULL)
mech_cred = acceptor_cred->negotiated_cred_id;
else
mech_cred = GSS_C_NO_CREDENTIAL;

27
lib/gssapi/spnego/compat.c
View File

@@ -54,9 +54,9 @@ static gss_OID_desc gss_krb5_mechanism_oid_desc =
OM_uint32 _gss_spnego_alloc_sec_context (OM_uint32 * minor_status,
gss_ctx_id_t *context_handle)
{
gss_ctx_id_t ctx;
gssspnego_ctx ctx;
ctx = malloc(sizeof(gss_ctx_id_t_desc));
ctx = calloc(1, sizeof(*ctx));
if (ctx == NULL) {
*minor_status = ENOMEM;
return GSS_S_FAILURE;
@@ -85,7 +85,7 @@ OM_uint32 _gss_spnego_alloc_sec_context (OM_uint32 * minor_status,
HEIMDAL_MUTEX_init(&ctx->ctx_id_mutex);
*context_handle = ctx;
*context_handle = (gss_ctx_id_t)ctx;
return GSS_S_COMPLETE;
}
@@ -100,7 +100,7 @@ OM_uint32 _gss_spnego_delete_sec_context
gss_buffer_t output_token
)
{
gss_ctx_id_t ctx;
gssspnego_ctx ctx;
OM_uint32 ret, minor;
*minor_status = 0;
@@ -114,7 +114,9 @@ OM_uint32 _gss_spnego_delete_sec_context
output_token->value = NULL;
}
ctx = *context_handle;
ctx = (gssspnego_ctx)*context_handle;
*context_handle = GSS_C_NO_CONTEXT;
if (ctx == NULL) {
return GSS_S_NO_CONTEXT;
}
@@ -152,9 +154,10 @@ OM_uint32 _gss_spnego_delete_sec_context
* default is to ignore the mechListMIC unless CFX is used and
* a non-preferred mechanism was negotiated
*/
OM_uint32
_gss_spnego_require_mechlist_mic(OM_uint32 *minor_status,
gss_ctx_id_t ctx,
gssspnego_ctx ctx,
int *require_mic)
{
gss_buffer_set_t buffer_set = GSS_C_NO_BUFFER_SET;
@@ -163,7 +166,7 @@ _gss_spnego_require_mechlist_mic(OM_uint32 *minor_status,
*minor_status = 0;
*require_mic = 0;
if (ctx == GSS_C_NO_CONTEXT) {
if (ctx == NULL) {
return GSS_S_COMPLETE;
}
@@ -250,9 +253,8 @@ _gss_spnego_select_mech(OM_uint32 *minor_status,
size_t mech_len;
gss_OID_desc oid;
OM_uint32 ret;
gss_mechanism mech;
ret = der_put_oid (mechbuf + sizeof(mechbuf) - 1,
ret = der_put_oid ((unsigned char *)mechbuf + sizeof(mechbuf) - 1,
sizeof(mechbuf),
mechType,
&mech_len);
@@ -271,17 +273,20 @@ _gss_spnego_select_mech(OM_uint32 *minor_status,
/* Translate broken MS Kebreros OID */
if (gss_oid_equal(&oid, &gss_mskrb_mechanism_oid_desc)) {
gssapi_mech_interface mech;
mech = __gss_get_mechanism(&gss_krb5_mechanism_oid_desc);
if (mech == NULL)
return GSS_S_BAD_MECH;
*mech_p = &gss_mskrb_mechanism_oid_desc;
} else {
gssapi_mech_interface mech;
mech = __gss_get_mechanism(&oid);
if (mech == NULL)
return GSS_S_BAD_MECH;
*mech_p = &mech->mech_type;
*mech_p = &mech->gm_mech_oid;
}
return GSS_S_COMPLETE;

201
lib/gssapi/spnego/context_stubs.c
View File

@@ -40,26 +40,30 @@ OM_uint32 gss_spnego_process_context_token
const gss_buffer_t token_buffer
)
{
gss_ctx_id_t context ;
gssspnego_ctx ctx;
OM_uint32 ret;
if (context_handle == GSS_C_NO_CONTEXT) {
if (context_handle == GSS_C_NO_CONTEXT)
return GSS_S_NO_CONTEXT;
}
HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
context = context_handle;
ctx = (gssspnego_ctx)context_handle;
HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
ret = gss_process_context_token(minor_status,
context_handle->negotiated_ctx_id,
ctx->negotiated_ctx_id,
token_buffer);
if (ret != GSS_S_COMPLETE) {
HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
return ret;
}
context_handle->negotiated_ctx_id = GSS_C_NO_CONTEXT;
ctx->negotiated_ctx_id = GSS_C_NO_CONTEXT;
return _gss_spnego_delete_sec_context(minor_status,
(gss_ctx_id_t *)&context_handle,
&context,
GSS_C_NO_BUFFER);
}
@@ -69,10 +73,14 @@ OM_uint32 gss_spnego_delete_sec_context
gss_buffer_t output_token
)
{
gssspnego_ctx ctx;
if (context_handle == NULL || *context_handle == GSS_C_NO_CONTEXT)
return GSS_S_NO_CONTEXT;
HEIMDAL_MUTEX_lock(&(*context_handle)->ctx_id_mutex);
ctx = (gssspnego_ctx)*context_handle;
HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
return _gss_spnego_delete_sec_context(minor_status,
context_handle,
@@ -85,18 +93,21 @@ OM_uint32 gss_spnego_context_time
OM_uint32 *time_rec
)
{
gssspnego_ctx ctx;
*minor_status = 0;
if (context_handle == GSS_C_NO_CONTEXT) {
return GSS_S_NO_CONTEXT;
}
if (context_handle->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
ctx = (gssspnego_ctx)context_handle;
if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
return GSS_S_NO_CONTEXT;
}
return gss_context_time(minor_status,
context_handle->negotiated_ctx_id,
ctx->negotiated_ctx_id,
time_rec);
}
@@ -108,17 +119,21 @@ OM_uint32 gss_spnego_get_mic
gss_buffer_t message_token
)
{
gssspnego_ctx ctx;
*minor_status = 0;
if (context_handle == GSS_C_NO_CONTEXT) {
return GSS_S_NO_CONTEXT;
}
if (context_handle->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
ctx = (gssspnego_ctx)context_handle;
if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
return GSS_S_NO_CONTEXT;
}
return gss_get_mic(minor_status, context_handle->negotiated_ctx_id,
return gss_get_mic(minor_status, ctx->negotiated_ctx_id,
qop_req, message_buffer, message_token);
}
@@ -130,18 +145,22 @@ OM_uint32 gss_spnego_verify_mic
gss_qop_t * qop_state
)
{
gssspnego_ctx ctx;
*minor_status = 0;
if (context_handle == GSS_C_NO_CONTEXT) {
return GSS_S_NO_CONTEXT;
}
if (context_handle->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
ctx = (gssspnego_ctx)context_handle;
if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
return GSS_S_NO_CONTEXT;
}
return gss_verify_mic(minor_status,
context_handle->negotiated_ctx_id,
ctx->negotiated_ctx_id,
message_buffer,
token_buffer,
qop_state);
@@ -157,18 +176,22 @@ OM_uint32 gss_spnego_wrap
gss_buffer_t output_message_buffer
)
{
gssspnego_ctx ctx;
*minor_status = 0;
if (context_handle == GSS_C_NO_CONTEXT) {
return GSS_S_NO_CONTEXT;
}
if (context_handle->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
ctx = (gssspnego_ctx)context_handle;
if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
return GSS_S_NO_CONTEXT;
}
return gss_wrap(minor_status,
context_handle->negotiated_ctx_id,
ctx->negotiated_ctx_id,
conf_req_flag,
qop_req,
input_message_buffer,
@@ -185,25 +208,28 @@ OM_uint32 gss_spnego_unwrap
gss_qop_t * qop_state
)
{
gssspnego_ctx ctx;
*minor_status = 0;
if (context_handle == GSS_C_NO_CONTEXT) {
return GSS_S_NO_CONTEXT;
}
if (context_handle->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
ctx = (gssspnego_ctx)context_handle;
if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
return GSS_S_NO_CONTEXT;
}
return gss_unwrap(minor_status,
context_handle->negotiated_ctx_id,
ctx->negotiated_ctx_id,
input_message_buffer,
output_message_buffer,
conf_state,
qop_state);
}
#if 0
OM_uint32 gss_spnego_display_status
(OM_uint32 * minor_status,
OM_uint32 status_value,
@@ -215,7 +241,6 @@ OM_uint32 gss_spnego_display_status
{
return GSS_S_FAILURE;
}
#endif
OM_uint32 gss_spnego_indicate_mechs
(OM_uint32 * minor_status,
@@ -299,18 +324,22 @@ OM_uint32 gss_spnego_inquire_context (
int * open_context
)
{
gssspnego_ctx ctx;
*minor_status = 0;
if (context_handle == GSS_C_NO_CONTEXT) {
return GSS_S_NO_CONTEXT;
}
if (context_handle->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
ctx = (gssspnego_ctx)context_handle;
if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
return GSS_S_NO_CONTEXT;
}
return gss_inquire_context(minor_status,
context_handle->negotiated_ctx_id,
ctx->negotiated_ctx_id,
src_name,
targ_name,
lifetime_rec,
@@ -329,18 +358,22 @@ OM_uint32 gss_spnego_wrap_size_limit (
OM_uint32 * max_input_size
)
{
gssspnego_ctx ctx;
*minor_status = 0;
if (context_handle == GSS_C_NO_CONTEXT) {
return GSS_S_NO_CONTEXT;
}
if (context_handle->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
ctx = (gssspnego_ctx)context_handle;
if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
return GSS_S_NO_CONTEXT;
}
return gss_wrap_size_limit(minor_status,
context_handle->negotiated_ctx_id,
ctx->negotiated_ctx_id,
conf_req_flag,
qop_req,
req_output_size,
@@ -353,7 +386,7 @@ OM_uint32 gss_spnego_export_sec_context (
gss_buffer_t interprocess_token
)
{
gss_ctx_id_t ctx;
gssspnego_ctx ctx;
OM_uint32 ret;
*minor_status = 0;
@@ -362,11 +395,10 @@ OM_uint32 gss_spnego_export_sec_context (
return GSS_S_NO_CONTEXT;
}
ctx = *context_handle;
ctx = (gssspnego_ctx)*context_handle;
if (ctx == GSS_C_NO_CONTEXT) {
if (ctx == NULL)
return GSS_S_NO_CONTEXT;
}
HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
@@ -380,12 +412,10 @@ OM_uint32 gss_spnego_export_sec_context (
interprocess_token);
if (ret == GSS_S_COMPLETE) {
ret = _gss_spnego_delete_sec_context(minor_status,
&ctx,
context_handle,
GSS_C_NO_BUFFER);
if (ret == GSS_S_COMPLETE) {
*context_handle = GSS_C_NO_CONTEXT;
if (ret == GSS_S_COMPLETE)
return GSS_S_COMPLETE;
}
}
HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
@@ -400,12 +430,14 @@ OM_uint32 gss_spnego_import_sec_context (
)
{
OM_uint32 ret, minor;
gss_ctx_id_t ctx;
gss_ctx_id_t context;
gssspnego_ctx ctx;
ret = _gss_spnego_alloc_sec_context(minor_status, &ctx);
ret = _gss_spnego_alloc_sec_context(minor_status, &context);
if (ret != GSS_S_COMPLETE) {
return ret;
}
ctx = (gssspnego_ctx)context;
HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
@@ -413,7 +445,7 @@ OM_uint32 gss_spnego_import_sec_context (
interprocess_token,
&ctx->negotiated_ctx_id);
if (ret != GSS_S_COMPLETE) {
_gss_spnego_delete_sec_context(&minor, &ctx, GSS_C_NO_BUFFER);
_gss_spnego_delete_sec_context(&minor, context_handle, GSS_C_NO_BUFFER);
return ret;
}
@@ -422,6 +454,8 @@ OM_uint32 gss_spnego_import_sec_context (
HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
*context_handle = (gss_ctx_id_t)ctx;
return GSS_S_COMPLETE;
}
@@ -434,6 +468,27 @@ OM_uint32 gss_spnego_inquire_names_for_mech (
return gss_create_empty_oid_set(minor_status, name_types);
}
OM_uint32 gss_spnego_inquire_mechs_for_name (
OM_uint32 * minor_status,
const gss_name_t input_name,
gss_OID_set * mech_types
)
{
OM_uint32 ret, junk;
ret = gss_create_empty_oid_set(minor_status, mech_types);
if (ret)
return ret;
ret = gss_add_oid_set_member(minor_status,
GSS_SPNEGO_MECHANISM,
mech_types);
if (ret)
gss_release_oid_set(&junk, mech_types);
return ret;
}
OM_uint32 gss_spnego_canonicalize_name (
OM_uint32 * minor_status,
const gss_name_t input_name,
@@ -464,18 +519,22 @@ OM_uint32 gss_spnego_sign
gss_buffer_t message_token
)
{
gssspnego_ctx ctx;
*minor_status = 0;
if (context_handle == GSS_C_NO_CONTEXT) {
return GSS_S_NO_CONTEXT;
}
if (context_handle->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
ctx = (gssspnego_ctx)context_handle;
if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
return GSS_S_NO_CONTEXT;
}
return gss_sign(minor_status,
context_handle->negotiated_ctx_id,
ctx->negotiated_ctx_id,
qop_req,
message_buffer,
message_token);
@@ -489,18 +548,22 @@ OM_uint32 gss_spnego_verify
int * qop_state
)
{
gssspnego_ctx ctx;
*minor_status = 0;
if (context_handle == GSS_C_NO_CONTEXT) {
return GSS_S_NO_CONTEXT;
}
if (context_handle->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
ctx = (gssspnego_ctx)context_handle;
if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
return GSS_S_NO_CONTEXT;
}
return gss_verify(minor_status,
context_handle->negotiated_ctx_id,
ctx->negotiated_ctx_id,
message_buffer,
token_buffer,
qop_state);
@@ -516,18 +579,22 @@ OM_uint32 gss_spnego_seal
gss_buffer_t output_message_buffer
)
{
gssspnego_ctx ctx;
*minor_status = 0;
if (context_handle == GSS_C_NO_CONTEXT) {
return GSS_S_NO_CONTEXT;
}
if (context_handle->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
ctx = (gssspnego_ctx)context_handle;
if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
return GSS_S_NO_CONTEXT;
}
return gss_seal(minor_status,
context_handle->negotiated_ctx_id,
ctx->negotiated_ctx_id,
conf_req_flag,
qop_req,
input_message_buffer,
@@ -544,24 +611,29 @@ OM_uint32 gss_spnego_unseal
int * qop_state
)
{
gssspnego_ctx ctx;
*minor_status = 0;
if (context_handle == GSS_C_NO_CONTEXT) {
return GSS_S_NO_CONTEXT;
}
if (context_handle->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
ctx = (gssspnego_ctx)context_handle;
if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
return GSS_S_NO_CONTEXT;
}
return gss_unseal(minor_status,
context_handle->negotiated_ctx_id,
ctx->negotiated_ctx_id,
input_message_buffer,
output_message_buffer,
conf_state,
qop_state);
}
#if 0
OM_uint32 gss_spnego_unwrap_ex
(OM_uint32 * minor_status,
const gss_ctx_id_t context_handle,
@@ -572,18 +644,22 @@ OM_uint32 gss_spnego_unwrap_ex
int * conf_state,
gss_qop_t * qop_state)
{
gssspnego_ctx ctx;
*minor_status = 0;
if (context_handle == GSS_C_NO_CONTEXT) {
return GSS_S_NO_CONTEXT;
}
if (context_handle->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
ctx = (gssspnego_ctx)context_handle;
if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
return GSS_S_NO_CONTEXT;
}
return gss_unwrap_ex(minor_status,
context_handle->negotiated_ctx_id,
ctx->negotiated_ctx_id,
token_header_buffer,
associated_data_buffer,
input_message_buffer,
@@ -604,24 +680,28 @@ OM_uint32 gss_spnego_wrap_ex
gss_buffer_t output_message_buffer
)
{
gssspnego_ctx ctx;
*minor_status = 0;
if (context_handle == GSS_C_NO_CONTEXT) {
return GSS_S_NO_CONTEXT;
}
if (context_handle->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
ctx = (gssspnego_ctx)context_handle;
if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
return GSS_S_NO_CONTEXT;
}
if ((context_handle->mech_flags & GSS_C_DCE_STYLE) == 0 &&
if ((ctx->mech_flags & GSS_C_DCE_STYLE) == 0 &&
associated_data_buffer->length != input_message_buffer->length) {
*minor_status = EINVAL;
return GSS_S_BAD_QOP;
}
return gss_wrap_ex(minor_status,
context_handle->negotiated_ctx_id,
ctx->negotiated_ctx_id,
conf_req_flag,
qop_req,
associated_data_buffer,
@@ -636,20 +716,25 @@ OM_uint32 gss_spnego_complete_auth_token
const gss_ctx_id_t context_handle,
gss_buffer_t input_message_buffer)
{
gssspnego_ctx ctx;
*minor_status = 0;
if (context_handle == GSS_C_NO_CONTEXT) {
return GSS_S_NO_CONTEXT;
}
if (context_handle->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
ctx = (gssspnego_ctx)context_handle;
if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
return GSS_S_NO_CONTEXT;
}
return gss_complete_auth_token(minor_status,
context_handle->negotiated_ctx_id,
ctx->negotiated_ctx_id,
input_message_buffer);
}
#endif
OM_uint32 gss_spnego_inquire_sec_context_by_oid
(OM_uint32 * minor_status,
@@ -657,18 +742,22 @@ OM_uint32 gss_spnego_inquire_sec_context_by_oid
const gss_OID desired_object,
gss_buffer_set_t *data_set)
{
gssspnego_ctx ctx;
*minor_status = 0;
if (context_handle == GSS_C_NO_CONTEXT) {
return GSS_S_NO_CONTEXT;
}
if (context_handle->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
ctx = (gssspnego_ctx)context_handle;
if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
return GSS_S_NO_CONTEXT;
}
return gss_inquire_sec_context_by_oid(minor_status,
context_handle->negotiated_ctx_id,
ctx->negotiated_ctx_id,
desired_object,
data_set);
}
@@ -679,18 +768,22 @@ OM_uint32 gss_spnego_set_sec_context_option
const gss_OID desired_object,
const gss_buffer_t value)
{
gssspnego_ctx ctx;
*minor_status = 0;
if (context_handle == NULL || *context_handle == GSS_C_NO_CONTEXT) {
return GSS_S_NO_CONTEXT;
}
if ((*context_handle)->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
ctx = (gssspnego_ctx)context_handle;
if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
return GSS_S_NO_CONTEXT;
}
return gss_set_sec_context_option(minor_status,
&(*context_handle)->negotiated_ctx_id,
&ctx->negotiated_ctx_id,
desired_object,
value);
}

45
lib/gssapi/spnego/cred_stubs.c
View File

@@ -37,6 +37,7 @@ RCSID("$Id$");
OM_uint32
_gss_spnego_release_cred(OM_uint32 *minor_status, gss_cred_id_t *cred_handle)
{
gssspnego_cred cred;
OM_uint32 ret;
*minor_status = 0;
@@ -44,10 +45,11 @@ _gss_spnego_release_cred(OM_uint32 *minor_status, gss_cred_id_t *cred_handle)
if (*cred_handle == GSS_C_NO_CREDENTIAL) {
return GSS_S_COMPLETE;
}
cred = (gssspnego_cred)*cred_handle;
ret = gss_release_cred(minor_status, &(*cred_handle)->negotiated_cred_id);
ret = gss_release_cred(minor_status, &cred->negotiated_cred_id);
free(*cred_handle);
free(cred);
*cred_handle = GSS_C_NO_CREDENTIAL;
return ret;
@@ -58,18 +60,23 @@ _gss_spnego_alloc_cred(OM_uint32 *minor_status,
gss_cred_id_t mech_cred_handle,
gss_cred_id_t *cred_handle)
{
gssspnego_cred cred;
if (*cred_handle != GSS_C_NO_CREDENTIAL) {
*minor_status = EINVAL;
return GSS_S_FAILURE;
}
*cred_handle = (gss_cred_id_t)malloc(sizeof(*cred_handle));
if (*cred_handle == GSS_C_NO_CREDENTIAL) {
cred = calloc(1, sizeof(*cred));
if (cred == NULL) {
*cred_handle = GSS_C_NO_CREDENTIAL;
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
(*cred_handle)->negotiated_cred_id = mech_cred_handle;
cred->negotiated_cred_id = mech_cred_handle;
*cred_handle = (gss_cred_id_t)cred;
return GSS_S_COMPLETE;
}
@@ -94,6 +101,7 @@ OM_uint32 gss_spnego_acquire_cred
gss_OID_set_desc actual_desired_mechs;
int i, j;
gss_cred_id_t cred_handle = GSS_C_NO_CREDENTIAL;
gssspnego_cred cred;
*output_cred_handle = GSS_C_NO_CREDENTIAL;
@@ -126,15 +134,16 @@ OM_uint32 gss_spnego_acquire_cred
if (ret != GSS_S_COMPLETE)
goto out;
cred = (gssspnego_cred)cred_handle;
ret = gss_acquire_cred(minor_status, desired_name,
time_req, &actual_desired_mechs,
cred_usage,
&cred_handle->negotiated_cred_id,
&cred->negotiated_cred_id,
actual_mechs, time_rec);
if (ret != GSS_S_COMPLETE)
goto out;
*output_cred_handle = (gss_cred_id_t)cred_handle;
*output_cred_handle = cred_handle;
out:
if (actual_desired_mechs.elements != NULL) {
@@ -164,6 +173,7 @@ OM_uint32 gss_spnego_inquire_cred
gss_OID_set * mechanisms
)
{
gssspnego_cred cred;
OM_uint32 ret;
if (cred_handle == GSS_C_NO_CREDENTIAL) {
@@ -171,8 +181,10 @@ OM_uint32 gss_spnego_inquire_cred
return GSS_S_NO_CRED;
}
cred = (gssspnego_cred)cred_handle;
ret = gss_inquire_cred(minor_status,
cred_handle->negotiated_cred_id,
cred->negotiated_cred_id,
name,
lifetime,
cred_usage,
@@ -197,6 +209,7 @@ OM_uint32 gss_spnego_add_cred (
{
gss_cred_id_t spnego_output_cred_handle = GSS_C_NO_CREDENTIAL;
OM_uint32 ret, tmp;
gssspnego_cred input_cred, output_cred;
*output_cred_handle = GSS_C_NO_CREDENTIAL;
@@ -205,14 +218,17 @@ OM_uint32 gss_spnego_add_cred (
if (ret)
return ret;
input_cred = (gssspnego_cred)input_cred_handle;
output_cred = (gssspnego_cred)spnego_output_cred_handle;
ret = gss_add_cred(minor_status,
input_cred_handle->negotiated_cred_id,
input_cred->negotiated_cred_id,
desired_name,
desired_mech,
cred_usage,
initiator_time_req,
acceptor_time_req,
&spnego_output_cred_handle->negotiated_cred_id,
&output_cred->negotiated_cred_id,
actual_mechs,
initiator_time_rec,
acceptor_time_rec);
@@ -236,6 +252,7 @@ OM_uint32 gss_spnego_inquire_cred_by_mech (
gss_cred_usage_t * cred_usage
)
{
gssspnego_cred cred;
OM_uint32 ret;
if (cred_handle == GSS_C_NO_CREDENTIAL) {
@@ -243,8 +260,10 @@ OM_uint32 gss_spnego_inquire_cred_by_mech (
return GSS_S_NO_CRED;
}
cred = (gssspnego_cred)cred_handle;
ret = gss_inquire_cred_by_mech(minor_status,
cred_handle->negotiated_cred_id,
cred->negotiated_cred_id,
mech_type,
name,
initiator_lifetime,
@@ -260,15 +279,17 @@ OM_uint32 gss_spnego_inquire_cred_by_oid
const gss_OID desired_object,
gss_buffer_set_t *data_set)
{
gssspnego_cred cred;
OM_uint32 ret;
if (cred_handle == GSS_C_NO_CREDENTIAL) {
*minor_status = 0;
return GSS_S_NO_CRED;
}
cred = (gssspnego_cred)cred_handle;
ret = gss_inquire_cred_by_oid(minor_status,
cred_handle->negotiated_cred_id,
cred->negotiated_cred_id,
desired_object,
data_set);

90
lib/gssapi/spnego/external.c
View File

@@ -31,6 +31,7 @@
*/
#include "spnego_locl.h"
#include <gssapi_mech.h>
RCSID("$Id$");
@@ -41,59 +42,48 @@ RCSID("$Id$");
* iso.org.dod.internet.security.mechanism.snego (1.3.6.1.5.5.2).
*/
static struct gss_config spnego_mech = {
{6, (void *)"\x2b\x06\x01\x05\x05\x02"},
NULL,
gss_spnego_acquire_cred,
gss_spnego_release_cred,
gss_spnego_init_sec_context,
gss_spnego_accept_sec_context,
gss_spnego_process_context_token,
gss_spnego_delete_sec_context,
gss_spnego_context_time,
gss_spnego_sign,
gss_spnego_verify,
gss_spnego_seal,
gss_spnego_unseal,
NULL, /*gss_spnego_display_status,*/
gss_spnego_indicate_mechs,
gss_spnego_compare_name,
gss_spnego_display_name,
gss_spnego_import_name,
gss_spnego_release_name,
gss_spnego_inquire_cred,
gss_spnego_add_cred,
gss_spnego_export_sec_context,
gss_spnego_import_sec_context,
gss_spnego_inquire_cred_by_mech,
gss_spnego_inquire_names_for_mech,
gss_spnego_inquire_context,
gss_spnego_internal_release_oid,
gss_spnego_wrap_size_limit,
NULL, /*gss_spnego_pname_to_uid,*/
gss_spnego_duplicate_name,
NULL, /*gss_spnego_set_allowable_enctypes */
gss_spnego_verify_mic,
gss_spnego_get_mic,
gss_spnego_wrap,
gss_spnego_unwrap,
gss_spnego_canonicalize_name,
gss_spnego_export_name,
gss_spnego_wrap_ex,
gss_spnego_unwrap_ex,
gss_spnego_complete_auth_token,
NULL, /*gss_spnego_set_neg_mechs*/
NULL, /*gss_spnego_get_neg_mechs*/
gss_spnego_inquire_sec_context_by_oid,
gss_spnego_inquire_cred_by_oid,
gss_spnego_set_sec_context_option,
NULL /*gss_spnego_userok*/
static gssapi_mech_interface_desc spnego_mech = {
GMI_VERSION,
"spnego",
{6, (void *)"\x2b\x06\x01\x05\x05\x02"},
gss_spnego_acquire_cred,
gss_spnego_release_cred,
gss_spnego_init_sec_context,
gss_spnego_accept_sec_context,
gss_spnego_process_context_token,
gss_spnego_delete_sec_context,
gss_spnego_context_time,
gss_spnego_get_mic,
gss_spnego_verify_mic,
gss_spnego_wrap,
gss_spnego_unwrap,
gss_spnego_display_status,
gss_spnego_indicate_mechs,
gss_spnego_compare_name,
gss_spnego_display_name,
gss_spnego_import_name,
gss_spnego_export_name,
gss_spnego_release_name,
gss_spnego_inquire_cred,
gss_spnego_inquire_context,
gss_spnego_wrap_size_limit,
gss_spnego_add_cred,
gss_spnego_inquire_cred_by_mech,
gss_spnego_export_sec_context,
gss_spnego_import_sec_context,
gss_spnego_inquire_names_for_mech,
gss_spnego_inquire_mechs_for_name,
gss_spnego_canonicalize_name,
gss_spnego_duplicate_name
};
gss_OID GSS_SPNEGO_MECHANISM = &spnego_mech.mech_type;
gss_mechanism gss_spnego_initialize(void)
gssapi_mech_interface
__gss_spnego_initialize(void)
{
return &spnego_mech;
}
static gss_OID_desc gss_spnego_mechanism_desc =
{6, (void *)"\x2b\x06\x01\x05\x05\x02"};
gss_OID GSS_SPNEGO_MECHANISM = &gss_spnego_mechanism_desc;

60
lib/gssapi/spnego/init_sec_context.c
View File

@@ -45,7 +45,7 @@ RCSID("$Id$");
*/
static OM_uint32
spnego_reply_internal(OM_uint32 *minor_status,
gss_ctx_id_t context_handle,
gssspnego_ctx context_handle,
const gss_buffer_t mech_buf,
gss_buffer_t mech_token,
gss_buffer_t output_token)
@@ -148,7 +148,7 @@ spnego_reply_internal(OM_uint32 *minor_status,
static OM_uint32
spnego_initial
(OM_uint32 * minor_status,
const gss_cred_id_t initiator_cred_handle,
gssspnego_cred cred,
gss_ctx_id_t * context_handle,
const gss_name_t target_name,
const gss_OID mech_type,
@@ -170,7 +170,8 @@ spnego_initial
size_t buf_size, buf_len;
gss_buffer_desc data;
size_t ni_len;
gss_ctx_id_t ctx;
gss_ctx_id_t context;
gssspnego_ctx ctx;
memset (&ni, 0, sizeof(ni));
@@ -178,23 +179,24 @@ spnego_initial
*minor_status = 0;
sub = _gss_spnego_alloc_sec_context(&minor, &ctx);
sub = _gss_spnego_alloc_sec_context(&minor, &context);
if (GSS_ERROR(sub)) {
*minor_status = minor;
return sub;
}
ctx = (gssspnego_ctx)context;
HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
ctx->local = 1;
sub = _gss_spnego_indicate_mechtypelist(&minor, 0,
initiator_cred_handle,
cred,
&ni.mechTypes,
&ctx->preferred_mech_type);
if (GSS_ERROR(sub)) {
*minor_status = minor;
_gss_spnego_delete_sec_context(&minor, &ctx, GSS_C_NO_BUFFER);
_gss_spnego_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER);
return sub;
}
@@ -207,9 +209,8 @@ spnego_initial
/* generate optimistic token */
sub = gss_init_sec_context(&minor,
initiator_cred_handle ?
initiator_cred_handle->negotiated_cred_id :
GSS_C_NO_CREDENTIAL,
(cred != NULL) ? cred->negotiated_cred_id :
GSS_C_NO_CREDENTIAL,
&ctx->negotiated_ctx_id,
target_name,
GSS_C_NO_OID,
@@ -224,7 +225,7 @@ spnego_initial
if (GSS_ERROR(sub)) {
free_NegTokenInit(&ni);
*minor_status = minor;
_gss_spnego_delete_sec_context(&minor, &ctx, GSS_C_NO_BUFFER);
_gss_spnego_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER);
return sub;
}
@@ -233,7 +234,7 @@ spnego_initial
if (ni.mechToken == NULL) {
free_NegTokenInit(&ni);
gss_release_buffer(&minor, &mech_token);
_gss_spnego_delete_sec_context(&minor, &ctx, GSS_C_NO_BUFFER);
_gss_spnego_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER);
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
@@ -243,7 +244,7 @@ spnego_initial
free_NegTokenInit(&ni);
gss_release_buffer(&minor, &mech_token);
*minor_status = ENOMEM;
_gss_spnego_delete_sec_context(&minor, &ctx, GSS_C_NO_BUFFER);
_gss_spnego_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER);
return GSS_S_FAILURE;
}
memcpy(ni.mechToken->data, mech_token.value, mech_token.length);
@@ -260,7 +261,7 @@ spnego_initial
if (buf == NULL) {
free_NegTokenInit(&ni);
*minor_status = ENOMEM;
_gss_spnego_delete_sec_context(&minor, &ctx, GSS_C_NO_BUFFER);
_gss_spnego_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER);
return GSS_S_FAILURE;
}
@@ -276,7 +277,7 @@ spnego_initial
ret = der_put_length_and_tag(buf + buf_size - buf_len - 1,
buf_size - buf_len,
buf_len,
CONTEXT,
ASN1_C_CONTEXT,
CONS,
0,
&tmp);
@@ -287,7 +288,7 @@ spnego_initial
*minor_status = ret;
free(buf);
free_NegTokenInit(&ni);
_gss_spnego_delete_sec_context(&minor, &ctx, GSS_C_NO_BUFFER);
_gss_spnego_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER);
return GSS_S_FAILURE;
}
@@ -307,7 +308,7 @@ spnego_initial
free (buf);
if (sub) {
_gss_spnego_delete_sec_context(&minor, &ctx, GSS_C_NO_BUFFER);
_gss_spnego_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER);
return sub;
}
@@ -320,7 +321,7 @@ spnego_initial
HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
*context_handle = ctx;
*context_handle = context;
return GSS_S_CONTINUE_NEEDED;
}
@@ -328,7 +329,7 @@ spnego_initial
static OM_uint32
spnego_reply
(OM_uint32 * minor_status,
const gss_cred_id_t initiator_cred_handle,
const gssspnego_cred cred,
gss_ctx_id_t * context_handle,
const gss_name_t target_name,
const gss_OID mech_type,
@@ -343,7 +344,6 @@ spnego_reply
)
{
OM_uint32 ret, minor;
gss_buffer_desc indata;
NegTokenResp resp;
u_char oidbuf[17];
size_t oidlen;
@@ -353,11 +353,11 @@ spnego_reply
size_t buf_len;
gss_buffer_desc mic_buf, mech_buf;
gss_buffer_desc mech_output_token;
gss_ctx_id_t ctx;
gssspnego_ctx ctx;
*minor_status = 0;
ctx = *context_handle;
ctx = (gssspnego_ctx)*context_handle;
output_token->length = 0;
output_token->value = NULL;
@@ -369,14 +369,14 @@ spnego_reply
mech_buf.length = 0;
ret = der_match_tag_and_length(input_token->value, input_token->length,
CONTEXT, CONS, 1, &len, &taglen);
ASN1_C_CONTEXT, CONS, 1, &len, &taglen);
if (ret)
return ret;
if (len > indata.length - taglen)
if (len > input_token->length - taglen)
return ASN1_OVERRUN;
ret = decode_NegTokenResp((const char *)input_token->value + taglen,
ret = decode_NegTokenResp((const unsigned char *)input_token->value+taglen,
len, &resp, NULL);
if (ret) {
*minor_status = ENOMEM;
@@ -414,10 +414,10 @@ spnego_reply
mech.length = oidlen;
mech.elements = oidbuf + sizeof(oidbuf) - oidlen;
/* Fall through as if the negotiated mechanism was requested explicitly */
/* Fall through as if the negotiated mechanism
was requested explicitly */
ret = gss_init_sec_context(&minor,
initiator_cred_handle ?
initiator_cred_handle->negotiated_cred_id :
(cred != NULL) ? cred->negotiated_cred_id :
GSS_C_NO_CREDENTIAL,
&ctx->negotiated_ctx_id,
target_name,
@@ -544,9 +544,11 @@ OM_uint32 gss_spnego_init_sec_context
OM_uint32 * time_rec
)
{
gssspnego_cred cred = (gssspnego_cred)initiator_cred_handle;
if (*context_handle == GSS_C_NO_CONTEXT)
return spnego_initial (minor_status,
initiator_cred_handle,
cred,
context_handle,
target_name,
mech_type,
@@ -560,7 +562,7 @@ OM_uint32 gss_spnego_init_sec_context
time_rec);
else
return spnego_reply (minor_status,
initiator_cred_handle,
cred,
context_handle,
target_name,
mech_type,

19
lib/gssapi/spnego/spnego_locl.h
View File

@@ -45,19 +45,18 @@
#include <krb5_locl.h>
#include <gssapi_spnego.h>
#include <gssapi.h>
#include <assert.h>
#include <der.h>
#include <mechglue.h>
#include "spnego_asn1.h"
gss_mechanism gss_spnego_initialize(void);
#include <gssapi_mech.h>
typedef struct gss_cred_id_t_desc_struct {
typedef struct {
gss_cred_id_t negotiated_cred_id;
} gss_cred_id_t_desc;
} *gssspnego_cred;
typedef struct gss_ctx_id_t_desc_struct {
typedef struct {
MechTypeList initiator_mech_types;
gss_OID preferred_mech_type;
gss_OID negotiated_mech_type;
@@ -71,14 +70,14 @@ typedef struct gss_ctx_id_t_desc_struct {
int require_mic : 1;
int verified_mic : 1;
HEIMDAL_MUTEX ctx_id_mutex;
} gss_ctx_id_t_desc;
} *gssspnego_ctx;
OM_uint32
_gss_spnego_encode_response(OM_uint32 *, const NegTokenResp *,
gss_buffer_t, u_char **);
OM_uint32
_gss_spnego_indicate_mechtypelist (OM_uint32 *, int,
const gss_cred_id_t cred_handle,
const gssspnego_cred cred_handle,
MechTypeList *,
gss_OID *preferred_mech);
OM_uint32 _gss_spnego_alloc_sec_context (OM_uint32 *,
@@ -89,7 +88,7 @@ OM_uint32 _gss_spnego_alloc_sec_context (OM_uint32 *,
* calling _gss_spnego_delete_sec_context()
*/
OM_uint32 _gss_spnego_delete_sec_context (OM_uint32 *, gss_ctx_id_t *, gss_buffer_t);
OM_uint32 _gss_spnego_require_mechlist_mic(OM_uint32 *, gss_ctx_id_t, int *);
OM_uint32 _gss_spnego_require_mechlist_mic(OM_uint32 *, gssspnego_ctx, int *);
OM_uint32 gss_spnego_internal_release_oid(OM_uint32 *minor_status, gss_OID *OID);
int _gss_spnego_add_mech_type(gss_OID, int, MechTypeList *);
OM_uint32 _gss_spnego_select_mech(OM_uint32 *, MechType *, gss_OID *);
@@ -410,6 +409,7 @@ OM_uint32 gss_spnego_unseal
int * /*qop_state*/
);
#if 0
OM_uint32 gss_spnego_unwrap_ex
(OM_uint32 * /*minor_status*/,
const gss_ctx_id_t /*context_handle*/,
@@ -436,6 +436,7 @@ OM_uint32 gss_spnego_complete_auth_token
(OM_uint32 * /*minor_status*/,
const gss_ctx_id_t /*context_handle*/,
gss_buffer_t /*input_message_buffer*/);
#endif
OM_uint32 gss_spnego_inquire_sec_context_by_oid
(OM_uint32 * /*minor_status*/,