From 534d628c29ef5ca0af61137082a78f9621856c09 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= Date: Wed, 28 Jun 2006 08:58:17 +0000 Subject: [PATCH] Rename gss_context_id_t and gss_cred_id_t to local names git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17699 ec53bebd-3082-4978-b11e-865c3cabbd6b --- lib/gssapi/spnego/accept_sec_context.c | 34 ++--- lib/gssapi/spnego/compat.c | 27 ++-- lib/gssapi/spnego/context_stubs.c | 201 ++++++++++++++++++------- lib/gssapi/spnego/cred_stubs.c | 45 ++++-- lib/gssapi/spnego/external.c | 90 +++++------ lib/gssapi/spnego/init_sec_context.c | 60 ++++---- lib/gssapi/spnego/spnego_locl.h | 19 +-- 7 files changed, 294 insertions(+), 182 deletions(-) diff --git a/lib/gssapi/spnego/accept_sec_context.c b/lib/gssapi/spnego/accept_sec_context.c index 89319306d..28e1a34ae 100644 --- a/lib/gssapi/spnego/accept_sec_context.c +++ b/lib/gssapi/spnego/accept_sec_context.c @@ -62,7 +62,7 @@ _gss_spnego_encode_response(OM_uint32 *minor_status, ret = der_put_length_and_tag(buf + buf_size - buf_len - 1, buf_size - buf_len, buf_len, - CONTEXT, + ASN1_C_CONTEXT, CONS, 1, &tmp); @@ -137,7 +137,7 @@ send_reject (OM_uint32 *minor_status, OM_uint32 _gss_spnego_indicate_mechtypelist (OM_uint32 *minor_status, int includeMSCompatOID, - const gss_cred_id_t cred_handle, + const gssspnego_cred cred_handle, MechTypeList *mechtypelist, gss_OID *preferred_mech) { @@ -145,7 +145,7 @@ _gss_spnego_indicate_mechtypelist (OM_uint32 *minor_status, gss_OID_set supported_mechs = GSS_C_NO_OID_SET; int i, count; - if (cred_handle != GSS_C_NO_CREDENTIAL) { + if (cred_handle != NULL) { ret = gss_inquire_cred(minor_status, cred_handle->negotiated_cred_id, NULL, @@ -228,7 +228,7 @@ send_supported_mechs (OM_uint32 *minor_status, ni.mechListMIC = NULL; ret = _gss_spnego_indicate_mechtypelist(minor_status, 1, - GSS_C_NO_CREDENTIAL, + NULL, &ni.mechTypes, NULL); if (ret != GSS_S_COMPLETE) { return ret; @@ -320,7 +320,7 @@ send_supported_mechs (OM_uint32 *minor_status, ret = der_put_length_and_tag(buf + buf_size - buf_len - 1, buf_size - buf_len, buf_len, - CONTEXT, + ASN1_C_CONTEXT, CONS, 0, &tmp); @@ -368,7 +368,7 @@ send_supported_mechs (OM_uint32 *minor_status, static OM_uint32 send_accept (OM_uint32 *minor_status, - gss_ctx_id_t context_handle, + gssspnego_ctx context_handle, gss_buffer_t mech_token, int initial_response, gss_buffer_t mech_buf, @@ -496,7 +496,7 @@ send_accept (OM_uint32 *minor_status, static OM_uint32 verify_mechlist_mic (OM_uint32 *minor_status, - gss_ctx_id_t context_handle, + gssspnego_ctx context_handle, gss_buffer_t mech_buf, heim_octet_string *mechListMIC ) @@ -556,9 +556,10 @@ gss_spnego_accept_sec_context unsigned int negResult = accept_incomplete; gss_buffer_t mech_input_token = GSS_C_NO_BUFFER; gss_buffer_t mech_output_token = GSS_C_NO_BUFFER; - gss_ctx_id_t ctx; gss_buffer_desc mech_buf; gss_OID preferred_mech_type = GSS_C_NO_OID; + gssspnego_ctx ctx; + gssspnego_cred acceptor_cred = (gssspnego_cred)acceptor_cred_handle; *minor_status = 0; @@ -594,7 +595,7 @@ gss_spnego_accept_sec_context } } - ctx = *context_handle; + ctx = (gssspnego_ctx)*context_handle; /* * The GSS-API encapsulation is only present on the initial @@ -611,7 +612,7 @@ gss_spnego_accept_sec_context } ret = der_match_tag_and_length(data.value, data.length, - CONTEXT, CONS, + ASN1_C_CONTEXT, CONS, initialToken ? 0 : 1, &len, &taglen); if (ret) { @@ -625,11 +626,11 @@ gss_spnego_accept_sec_context } if (initialToken) { - ret = decode_NegTokenInit((const char *)data.value + taglen, len, - &ni, &ni_len); + ret = decode_NegTokenInit((const unsigned char *)data.value + taglen, + len, &ni, &ni_len); } else { - ret = decode_NegTokenResp((const char *)data.value + taglen, len, - &na, &na_len); + ret = decode_NegTokenResp((const unsigned char *)data.value + taglen, + len, &na, &na_len); } if (ret) { *minor_status = ret; @@ -672,7 +673,6 @@ gss_spnego_accept_sec_context { gss_buffer_desc ibuf, obuf; - OM_uint32 minor; int require_mic, verify_mic, get_mic; int require_response; heim_octet_string *mic; @@ -696,8 +696,8 @@ gss_spnego_accept_sec_context gss_cred_id_t mech_delegated_cred; gss_cred_id_t *mech_delegated_cred_p; - if (acceptor_cred_handle != GSS_C_NO_CREDENTIAL) - mech_cred = acceptor_cred_handle->negotiated_cred_id; + if (acceptor_cred != NULL) + mech_cred = acceptor_cred->negotiated_cred_id; else mech_cred = GSS_C_NO_CREDENTIAL; diff --git a/lib/gssapi/spnego/compat.c b/lib/gssapi/spnego/compat.c index a31257f0d..4016f9d02 100644 --- a/lib/gssapi/spnego/compat.c +++ b/lib/gssapi/spnego/compat.c @@ -54,9 +54,9 @@ static gss_OID_desc gss_krb5_mechanism_oid_desc = OM_uint32 _gss_spnego_alloc_sec_context (OM_uint32 * minor_status, gss_ctx_id_t *context_handle) { - gss_ctx_id_t ctx; + gssspnego_ctx ctx; - ctx = malloc(sizeof(gss_ctx_id_t_desc)); + ctx = calloc(1, sizeof(*ctx)); if (ctx == NULL) { *minor_status = ENOMEM; return GSS_S_FAILURE; @@ -85,7 +85,7 @@ OM_uint32 _gss_spnego_alloc_sec_context (OM_uint32 * minor_status, HEIMDAL_MUTEX_init(&ctx->ctx_id_mutex); - *context_handle = ctx; + *context_handle = (gss_ctx_id_t)ctx; return GSS_S_COMPLETE; } @@ -100,7 +100,7 @@ OM_uint32 _gss_spnego_delete_sec_context gss_buffer_t output_token ) { - gss_ctx_id_t ctx; + gssspnego_ctx ctx; OM_uint32 ret, minor; *minor_status = 0; @@ -114,7 +114,9 @@ OM_uint32 _gss_spnego_delete_sec_context output_token->value = NULL; } - ctx = *context_handle; + ctx = (gssspnego_ctx)*context_handle; + *context_handle = GSS_C_NO_CONTEXT; + if (ctx == NULL) { return GSS_S_NO_CONTEXT; } @@ -152,9 +154,10 @@ OM_uint32 _gss_spnego_delete_sec_context * default is to ignore the mechListMIC unless CFX is used and * a non-preferred mechanism was negotiated */ + OM_uint32 _gss_spnego_require_mechlist_mic(OM_uint32 *minor_status, - gss_ctx_id_t ctx, + gssspnego_ctx ctx, int *require_mic) { gss_buffer_set_t buffer_set = GSS_C_NO_BUFFER_SET; @@ -163,7 +166,7 @@ _gss_spnego_require_mechlist_mic(OM_uint32 *minor_status, *minor_status = 0; *require_mic = 0; - if (ctx == GSS_C_NO_CONTEXT) { + if (ctx == NULL) { return GSS_S_COMPLETE; } @@ -250,9 +253,8 @@ _gss_spnego_select_mech(OM_uint32 *minor_status, size_t mech_len; gss_OID_desc oid; OM_uint32 ret; - gss_mechanism mech; - ret = der_put_oid (mechbuf + sizeof(mechbuf) - 1, + ret = der_put_oid ((unsigned char *)mechbuf + sizeof(mechbuf) - 1, sizeof(mechbuf), mechType, &mech_len); @@ -271,17 +273,20 @@ _gss_spnego_select_mech(OM_uint32 *minor_status, /* Translate broken MS Kebreros OID */ if (gss_oid_equal(&oid, &gss_mskrb_mechanism_oid_desc)) { + gssapi_mech_interface mech; + mech = __gss_get_mechanism(&gss_krb5_mechanism_oid_desc); if (mech == NULL) return GSS_S_BAD_MECH; *mech_p = &gss_mskrb_mechanism_oid_desc; } else { + gssapi_mech_interface mech; + mech = __gss_get_mechanism(&oid); if (mech == NULL) return GSS_S_BAD_MECH; - - *mech_p = &mech->mech_type; + *mech_p = &mech->gm_mech_oid; } return GSS_S_COMPLETE; diff --git a/lib/gssapi/spnego/context_stubs.c b/lib/gssapi/spnego/context_stubs.c index 9149ec552..1faf26799 100644 --- a/lib/gssapi/spnego/context_stubs.c +++ b/lib/gssapi/spnego/context_stubs.c @@ -40,26 +40,30 @@ OM_uint32 gss_spnego_process_context_token const gss_buffer_t token_buffer ) { + gss_ctx_id_t context ; + gssspnego_ctx ctx; OM_uint32 ret; - if (context_handle == GSS_C_NO_CONTEXT) { + if (context_handle == GSS_C_NO_CONTEXT) return GSS_S_NO_CONTEXT; - } - HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); + context = context_handle; + ctx = (gssspnego_ctx)context_handle; + + HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); ret = gss_process_context_token(minor_status, - context_handle->negotiated_ctx_id, + ctx->negotiated_ctx_id, token_buffer); if (ret != GSS_S_COMPLETE) { - HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); return ret; } - context_handle->negotiated_ctx_id = GSS_C_NO_CONTEXT; + ctx->negotiated_ctx_id = GSS_C_NO_CONTEXT; return _gss_spnego_delete_sec_context(minor_status, - (gss_ctx_id_t *)&context_handle, + &context, GSS_C_NO_BUFFER); } @@ -69,10 +73,14 @@ OM_uint32 gss_spnego_delete_sec_context gss_buffer_t output_token ) { + gssspnego_ctx ctx; + if (context_handle == NULL || *context_handle == GSS_C_NO_CONTEXT) return GSS_S_NO_CONTEXT; - HEIMDAL_MUTEX_lock(&(*context_handle)->ctx_id_mutex); + ctx = (gssspnego_ctx)*context_handle; + + HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); return _gss_spnego_delete_sec_context(minor_status, context_handle, @@ -85,18 +93,21 @@ OM_uint32 gss_spnego_context_time OM_uint32 *time_rec ) { + gssspnego_ctx ctx; *minor_status = 0; if (context_handle == GSS_C_NO_CONTEXT) { return GSS_S_NO_CONTEXT; } - if (context_handle->negotiated_ctx_id == GSS_C_NO_CONTEXT) { + ctx = (gssspnego_ctx)context_handle; + + if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) { return GSS_S_NO_CONTEXT; } return gss_context_time(minor_status, - context_handle->negotiated_ctx_id, + ctx->negotiated_ctx_id, time_rec); } @@ -108,17 +119,21 @@ OM_uint32 gss_spnego_get_mic gss_buffer_t message_token ) { + gssspnego_ctx ctx; + *minor_status = 0; if (context_handle == GSS_C_NO_CONTEXT) { return GSS_S_NO_CONTEXT; } - if (context_handle->negotiated_ctx_id == GSS_C_NO_CONTEXT) { + ctx = (gssspnego_ctx)context_handle; + + if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) { return GSS_S_NO_CONTEXT; } - return gss_get_mic(minor_status, context_handle->negotiated_ctx_id, + return gss_get_mic(minor_status, ctx->negotiated_ctx_id, qop_req, message_buffer, message_token); } @@ -130,18 +145,22 @@ OM_uint32 gss_spnego_verify_mic gss_qop_t * qop_state ) { + gssspnego_ctx ctx; + *minor_status = 0; if (context_handle == GSS_C_NO_CONTEXT) { return GSS_S_NO_CONTEXT; } - if (context_handle->negotiated_ctx_id == GSS_C_NO_CONTEXT) { + ctx = (gssspnego_ctx)context_handle; + + if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) { return GSS_S_NO_CONTEXT; } return gss_verify_mic(minor_status, - context_handle->negotiated_ctx_id, + ctx->negotiated_ctx_id, message_buffer, token_buffer, qop_state); @@ -157,18 +176,22 @@ OM_uint32 gss_spnego_wrap gss_buffer_t output_message_buffer ) { + gssspnego_ctx ctx; + *minor_status = 0; if (context_handle == GSS_C_NO_CONTEXT) { return GSS_S_NO_CONTEXT; } - if (context_handle->negotiated_ctx_id == GSS_C_NO_CONTEXT) { + ctx = (gssspnego_ctx)context_handle; + + if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) { return GSS_S_NO_CONTEXT; } return gss_wrap(minor_status, - context_handle->negotiated_ctx_id, + ctx->negotiated_ctx_id, conf_req_flag, qop_req, input_message_buffer, @@ -185,25 +208,28 @@ OM_uint32 gss_spnego_unwrap gss_qop_t * qop_state ) { + gssspnego_ctx ctx; + *minor_status = 0; if (context_handle == GSS_C_NO_CONTEXT) { return GSS_S_NO_CONTEXT; } - if (context_handle->negotiated_ctx_id == GSS_C_NO_CONTEXT) { + ctx = (gssspnego_ctx)context_handle; + + if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) { return GSS_S_NO_CONTEXT; } return gss_unwrap(minor_status, - context_handle->negotiated_ctx_id, + ctx->negotiated_ctx_id, input_message_buffer, output_message_buffer, conf_state, qop_state); } -#if 0 OM_uint32 gss_spnego_display_status (OM_uint32 * minor_status, OM_uint32 status_value, @@ -215,7 +241,6 @@ OM_uint32 gss_spnego_display_status { return GSS_S_FAILURE; } -#endif OM_uint32 gss_spnego_indicate_mechs (OM_uint32 * minor_status, @@ -299,18 +324,22 @@ OM_uint32 gss_spnego_inquire_context ( int * open_context ) { + gssspnego_ctx ctx; + *minor_status = 0; if (context_handle == GSS_C_NO_CONTEXT) { return GSS_S_NO_CONTEXT; } - if (context_handle->negotiated_ctx_id == GSS_C_NO_CONTEXT) { + ctx = (gssspnego_ctx)context_handle; + + if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) { return GSS_S_NO_CONTEXT; } return gss_inquire_context(minor_status, - context_handle->negotiated_ctx_id, + ctx->negotiated_ctx_id, src_name, targ_name, lifetime_rec, @@ -329,18 +358,22 @@ OM_uint32 gss_spnego_wrap_size_limit ( OM_uint32 * max_input_size ) { + gssspnego_ctx ctx; + *minor_status = 0; if (context_handle == GSS_C_NO_CONTEXT) { return GSS_S_NO_CONTEXT; } - if (context_handle->negotiated_ctx_id == GSS_C_NO_CONTEXT) { + ctx = (gssspnego_ctx)context_handle; + + if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) { return GSS_S_NO_CONTEXT; } return gss_wrap_size_limit(minor_status, - context_handle->negotiated_ctx_id, + ctx->negotiated_ctx_id, conf_req_flag, qop_req, req_output_size, @@ -353,7 +386,7 @@ OM_uint32 gss_spnego_export_sec_context ( gss_buffer_t interprocess_token ) { - gss_ctx_id_t ctx; + gssspnego_ctx ctx; OM_uint32 ret; *minor_status = 0; @@ -362,11 +395,10 @@ OM_uint32 gss_spnego_export_sec_context ( return GSS_S_NO_CONTEXT; } - ctx = *context_handle; + ctx = (gssspnego_ctx)*context_handle; - if (ctx == GSS_C_NO_CONTEXT) { + if (ctx == NULL) return GSS_S_NO_CONTEXT; - } HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); @@ -380,12 +412,10 @@ OM_uint32 gss_spnego_export_sec_context ( interprocess_token); if (ret == GSS_S_COMPLETE) { ret = _gss_spnego_delete_sec_context(minor_status, - &ctx, + context_handle, GSS_C_NO_BUFFER); - if (ret == GSS_S_COMPLETE) { - *context_handle = GSS_C_NO_CONTEXT; + if (ret == GSS_S_COMPLETE) return GSS_S_COMPLETE; - } } HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); @@ -400,12 +430,14 @@ OM_uint32 gss_spnego_import_sec_context ( ) { OM_uint32 ret, minor; - gss_ctx_id_t ctx; + gss_ctx_id_t context; + gssspnego_ctx ctx; - ret = _gss_spnego_alloc_sec_context(minor_status, &ctx); + ret = _gss_spnego_alloc_sec_context(minor_status, &context); if (ret != GSS_S_COMPLETE) { return ret; } + ctx = (gssspnego_ctx)context; HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); @@ -413,7 +445,7 @@ OM_uint32 gss_spnego_import_sec_context ( interprocess_token, &ctx->negotiated_ctx_id); if (ret != GSS_S_COMPLETE) { - _gss_spnego_delete_sec_context(&minor, &ctx, GSS_C_NO_BUFFER); + _gss_spnego_delete_sec_context(&minor, context_handle, GSS_C_NO_BUFFER); return ret; } @@ -422,6 +454,8 @@ OM_uint32 gss_spnego_import_sec_context ( HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); + *context_handle = (gss_ctx_id_t)ctx; + return GSS_S_COMPLETE; } @@ -434,6 +468,27 @@ OM_uint32 gss_spnego_inquire_names_for_mech ( return gss_create_empty_oid_set(minor_status, name_types); } +OM_uint32 gss_spnego_inquire_mechs_for_name ( + OM_uint32 * minor_status, + const gss_name_t input_name, + gss_OID_set * mech_types + ) +{ + OM_uint32 ret, junk; + + ret = gss_create_empty_oid_set(minor_status, mech_types); + if (ret) + return ret; + + ret = gss_add_oid_set_member(minor_status, + GSS_SPNEGO_MECHANISM, + mech_types); + if (ret) + gss_release_oid_set(&junk, mech_types); + + return ret; +} + OM_uint32 gss_spnego_canonicalize_name ( OM_uint32 * minor_status, const gss_name_t input_name, @@ -464,18 +519,22 @@ OM_uint32 gss_spnego_sign gss_buffer_t message_token ) { + gssspnego_ctx ctx; + *minor_status = 0; if (context_handle == GSS_C_NO_CONTEXT) { return GSS_S_NO_CONTEXT; } - if (context_handle->negotiated_ctx_id == GSS_C_NO_CONTEXT) { + ctx = (gssspnego_ctx)context_handle; + + if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) { return GSS_S_NO_CONTEXT; } return gss_sign(minor_status, - context_handle->negotiated_ctx_id, + ctx->negotiated_ctx_id, qop_req, message_buffer, message_token); @@ -489,18 +548,22 @@ OM_uint32 gss_spnego_verify int * qop_state ) { + gssspnego_ctx ctx; + *minor_status = 0; if (context_handle == GSS_C_NO_CONTEXT) { return GSS_S_NO_CONTEXT; } - if (context_handle->negotiated_ctx_id == GSS_C_NO_CONTEXT) { + ctx = (gssspnego_ctx)context_handle; + + if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) { return GSS_S_NO_CONTEXT; } return gss_verify(minor_status, - context_handle->negotiated_ctx_id, + ctx->negotiated_ctx_id, message_buffer, token_buffer, qop_state); @@ -516,18 +579,22 @@ OM_uint32 gss_spnego_seal gss_buffer_t output_message_buffer ) { + gssspnego_ctx ctx; + *minor_status = 0; if (context_handle == GSS_C_NO_CONTEXT) { return GSS_S_NO_CONTEXT; } - if (context_handle->negotiated_ctx_id == GSS_C_NO_CONTEXT) { + ctx = (gssspnego_ctx)context_handle; + + if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) { return GSS_S_NO_CONTEXT; } return gss_seal(minor_status, - context_handle->negotiated_ctx_id, + ctx->negotiated_ctx_id, conf_req_flag, qop_req, input_message_buffer, @@ -544,24 +611,29 @@ OM_uint32 gss_spnego_unseal int * qop_state ) { + gssspnego_ctx ctx; + *minor_status = 0; if (context_handle == GSS_C_NO_CONTEXT) { return GSS_S_NO_CONTEXT; } - if (context_handle->negotiated_ctx_id == GSS_C_NO_CONTEXT) { + ctx = (gssspnego_ctx)context_handle; + + if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) { return GSS_S_NO_CONTEXT; } return gss_unseal(minor_status, - context_handle->negotiated_ctx_id, + ctx->negotiated_ctx_id, input_message_buffer, output_message_buffer, conf_state, qop_state); } +#if 0 OM_uint32 gss_spnego_unwrap_ex (OM_uint32 * minor_status, const gss_ctx_id_t context_handle, @@ -572,18 +644,22 @@ OM_uint32 gss_spnego_unwrap_ex int * conf_state, gss_qop_t * qop_state) { + gssspnego_ctx ctx; + *minor_status = 0; if (context_handle == GSS_C_NO_CONTEXT) { return GSS_S_NO_CONTEXT; } - if (context_handle->negotiated_ctx_id == GSS_C_NO_CONTEXT) { + ctx = (gssspnego_ctx)context_handle; + + if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) { return GSS_S_NO_CONTEXT; } return gss_unwrap_ex(minor_status, - context_handle->negotiated_ctx_id, + ctx->negotiated_ctx_id, token_header_buffer, associated_data_buffer, input_message_buffer, @@ -604,24 +680,28 @@ OM_uint32 gss_spnego_wrap_ex gss_buffer_t output_message_buffer ) { + gssspnego_ctx ctx; + *minor_status = 0; if (context_handle == GSS_C_NO_CONTEXT) { return GSS_S_NO_CONTEXT; } - if (context_handle->negotiated_ctx_id == GSS_C_NO_CONTEXT) { + ctx = (gssspnego_ctx)context_handle; + + if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) { return GSS_S_NO_CONTEXT; } - if ((context_handle->mech_flags & GSS_C_DCE_STYLE) == 0 && + if ((ctx->mech_flags & GSS_C_DCE_STYLE) == 0 && associated_data_buffer->length != input_message_buffer->length) { *minor_status = EINVAL; return GSS_S_BAD_QOP; } return gss_wrap_ex(minor_status, - context_handle->negotiated_ctx_id, + ctx->negotiated_ctx_id, conf_req_flag, qop_req, associated_data_buffer, @@ -636,20 +716,25 @@ OM_uint32 gss_spnego_complete_auth_token const gss_ctx_id_t context_handle, gss_buffer_t input_message_buffer) { + gssspnego_ctx ctx; + *minor_status = 0; if (context_handle == GSS_C_NO_CONTEXT) { return GSS_S_NO_CONTEXT; } - if (context_handle->negotiated_ctx_id == GSS_C_NO_CONTEXT) { + ctx = (gssspnego_ctx)context_handle; + + if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) { return GSS_S_NO_CONTEXT; } return gss_complete_auth_token(minor_status, - context_handle->negotiated_ctx_id, + ctx->negotiated_ctx_id, input_message_buffer); } +#endif OM_uint32 gss_spnego_inquire_sec_context_by_oid (OM_uint32 * minor_status, @@ -657,18 +742,22 @@ OM_uint32 gss_spnego_inquire_sec_context_by_oid const gss_OID desired_object, gss_buffer_set_t *data_set) { + gssspnego_ctx ctx; + *minor_status = 0; if (context_handle == GSS_C_NO_CONTEXT) { return GSS_S_NO_CONTEXT; } - if (context_handle->negotiated_ctx_id == GSS_C_NO_CONTEXT) { + ctx = (gssspnego_ctx)context_handle; + + if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) { return GSS_S_NO_CONTEXT; } return gss_inquire_sec_context_by_oid(minor_status, - context_handle->negotiated_ctx_id, + ctx->negotiated_ctx_id, desired_object, data_set); } @@ -679,18 +768,22 @@ OM_uint32 gss_spnego_set_sec_context_option const gss_OID desired_object, const gss_buffer_t value) { + gssspnego_ctx ctx; + *minor_status = 0; if (context_handle == NULL || *context_handle == GSS_C_NO_CONTEXT) { return GSS_S_NO_CONTEXT; } - if ((*context_handle)->negotiated_ctx_id == GSS_C_NO_CONTEXT) { + ctx = (gssspnego_ctx)context_handle; + + if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) { return GSS_S_NO_CONTEXT; } return gss_set_sec_context_option(minor_status, - &(*context_handle)->negotiated_ctx_id, + &ctx->negotiated_ctx_id, desired_object, value); } diff --git a/lib/gssapi/spnego/cred_stubs.c b/lib/gssapi/spnego/cred_stubs.c index 320fb0e24..3a83caf0c 100644 --- a/lib/gssapi/spnego/cred_stubs.c +++ b/lib/gssapi/spnego/cred_stubs.c @@ -37,6 +37,7 @@ RCSID("$Id$"); OM_uint32 _gss_spnego_release_cred(OM_uint32 *minor_status, gss_cred_id_t *cred_handle) { + gssspnego_cred cred; OM_uint32 ret; *minor_status = 0; @@ -44,10 +45,11 @@ _gss_spnego_release_cred(OM_uint32 *minor_status, gss_cred_id_t *cred_handle) if (*cred_handle == GSS_C_NO_CREDENTIAL) { return GSS_S_COMPLETE; } + cred = (gssspnego_cred)*cred_handle; - ret = gss_release_cred(minor_status, &(*cred_handle)->negotiated_cred_id); + ret = gss_release_cred(minor_status, &cred->negotiated_cred_id); - free(*cred_handle); + free(cred); *cred_handle = GSS_C_NO_CREDENTIAL; return ret; @@ -58,18 +60,23 @@ _gss_spnego_alloc_cred(OM_uint32 *minor_status, gss_cred_id_t mech_cred_handle, gss_cred_id_t *cred_handle) { + gssspnego_cred cred; + if (*cred_handle != GSS_C_NO_CREDENTIAL) { *minor_status = EINVAL; return GSS_S_FAILURE; } - *cred_handle = (gss_cred_id_t)malloc(sizeof(*cred_handle)); - if (*cred_handle == GSS_C_NO_CREDENTIAL) { + cred = calloc(1, sizeof(*cred)); + if (cred == NULL) { + *cred_handle = GSS_C_NO_CREDENTIAL; *minor_status = ENOMEM; return GSS_S_FAILURE; } - (*cred_handle)->negotiated_cred_id = mech_cred_handle; + cred->negotiated_cred_id = mech_cred_handle; + + *cred_handle = (gss_cred_id_t)cred; return GSS_S_COMPLETE; } @@ -94,6 +101,7 @@ OM_uint32 gss_spnego_acquire_cred gss_OID_set_desc actual_desired_mechs; int i, j; gss_cred_id_t cred_handle = GSS_C_NO_CREDENTIAL; + gssspnego_cred cred; *output_cred_handle = GSS_C_NO_CREDENTIAL; @@ -126,15 +134,16 @@ OM_uint32 gss_spnego_acquire_cred if (ret != GSS_S_COMPLETE) goto out; + cred = (gssspnego_cred)cred_handle; ret = gss_acquire_cred(minor_status, desired_name, time_req, &actual_desired_mechs, cred_usage, - &cred_handle->negotiated_cred_id, + &cred->negotiated_cred_id, actual_mechs, time_rec); if (ret != GSS_S_COMPLETE) goto out; - *output_cred_handle = (gss_cred_id_t)cred_handle; + *output_cred_handle = cred_handle; out: if (actual_desired_mechs.elements != NULL) { @@ -164,6 +173,7 @@ OM_uint32 gss_spnego_inquire_cred gss_OID_set * mechanisms ) { + gssspnego_cred cred; OM_uint32 ret; if (cred_handle == GSS_C_NO_CREDENTIAL) { @@ -171,8 +181,10 @@ OM_uint32 gss_spnego_inquire_cred return GSS_S_NO_CRED; } + cred = (gssspnego_cred)cred_handle; + ret = gss_inquire_cred(minor_status, - cred_handle->negotiated_cred_id, + cred->negotiated_cred_id, name, lifetime, cred_usage, @@ -197,6 +209,7 @@ OM_uint32 gss_spnego_add_cred ( { gss_cred_id_t spnego_output_cred_handle = GSS_C_NO_CREDENTIAL; OM_uint32 ret, tmp; + gssspnego_cred input_cred, output_cred; *output_cred_handle = GSS_C_NO_CREDENTIAL; @@ -205,14 +218,17 @@ OM_uint32 gss_spnego_add_cred ( if (ret) return ret; + input_cred = (gssspnego_cred)input_cred_handle; + output_cred = (gssspnego_cred)spnego_output_cred_handle; + ret = gss_add_cred(minor_status, - input_cred_handle->negotiated_cred_id, + input_cred->negotiated_cred_id, desired_name, desired_mech, cred_usage, initiator_time_req, acceptor_time_req, - &spnego_output_cred_handle->negotiated_cred_id, + &output_cred->negotiated_cred_id, actual_mechs, initiator_time_rec, acceptor_time_rec); @@ -236,6 +252,7 @@ OM_uint32 gss_spnego_inquire_cred_by_mech ( gss_cred_usage_t * cred_usage ) { + gssspnego_cred cred; OM_uint32 ret; if (cred_handle == GSS_C_NO_CREDENTIAL) { @@ -243,8 +260,10 @@ OM_uint32 gss_spnego_inquire_cred_by_mech ( return GSS_S_NO_CRED; } + cred = (gssspnego_cred)cred_handle; + ret = gss_inquire_cred_by_mech(minor_status, - cred_handle->negotiated_cred_id, + cred->negotiated_cred_id, mech_type, name, initiator_lifetime, @@ -260,15 +279,17 @@ OM_uint32 gss_spnego_inquire_cred_by_oid const gss_OID desired_object, gss_buffer_set_t *data_set) { + gssspnego_cred cred; OM_uint32 ret; if (cred_handle == GSS_C_NO_CREDENTIAL) { *minor_status = 0; return GSS_S_NO_CRED; } + cred = (gssspnego_cred)cred_handle; ret = gss_inquire_cred_by_oid(minor_status, - cred_handle->negotiated_cred_id, + cred->negotiated_cred_id, desired_object, data_set); diff --git a/lib/gssapi/spnego/external.c b/lib/gssapi/spnego/external.c index 9d2fd79c6..558ef3ac5 100644 --- a/lib/gssapi/spnego/external.c +++ b/lib/gssapi/spnego/external.c @@ -31,6 +31,7 @@ */ #include "spnego_locl.h" +#include RCSID("$Id$"); @@ -41,59 +42,48 @@ RCSID("$Id$"); * iso.org.dod.internet.security.mechanism.snego (1.3.6.1.5.5.2). */ -static struct gss_config spnego_mech = { - {6, (void *)"\x2b\x06\x01\x05\x05\x02"}, - NULL, - gss_spnego_acquire_cred, - gss_spnego_release_cred, - gss_spnego_init_sec_context, - gss_spnego_accept_sec_context, - gss_spnego_process_context_token, - gss_spnego_delete_sec_context, - gss_spnego_context_time, - gss_spnego_sign, - gss_spnego_verify, - gss_spnego_seal, - gss_spnego_unseal, - NULL, /*gss_spnego_display_status,*/ - gss_spnego_indicate_mechs, - gss_spnego_compare_name, - gss_spnego_display_name, - gss_spnego_import_name, - gss_spnego_release_name, - gss_spnego_inquire_cred, - gss_spnego_add_cred, - gss_spnego_export_sec_context, - gss_spnego_import_sec_context, - gss_spnego_inquire_cred_by_mech, - gss_spnego_inquire_names_for_mech, - gss_spnego_inquire_context, - gss_spnego_internal_release_oid, - gss_spnego_wrap_size_limit, - NULL, /*gss_spnego_pname_to_uid,*/ - gss_spnego_duplicate_name, - NULL, /*gss_spnego_set_allowable_enctypes */ - gss_spnego_verify_mic, - gss_spnego_get_mic, - gss_spnego_wrap, - gss_spnego_unwrap, - gss_spnego_canonicalize_name, - gss_spnego_export_name, - gss_spnego_wrap_ex, - gss_spnego_unwrap_ex, - gss_spnego_complete_auth_token, - NULL, /*gss_spnego_set_neg_mechs*/ - NULL, /*gss_spnego_get_neg_mechs*/ - gss_spnego_inquire_sec_context_by_oid, - gss_spnego_inquire_cred_by_oid, - gss_spnego_set_sec_context_option, - NULL /*gss_spnego_userok*/ +static gssapi_mech_interface_desc spnego_mech = { + GMI_VERSION, + "spnego", + {6, (void *)"\x2b\x06\x01\x05\x05\x02"}, + gss_spnego_acquire_cred, + gss_spnego_release_cred, + gss_spnego_init_sec_context, + gss_spnego_accept_sec_context, + gss_spnego_process_context_token, + gss_spnego_delete_sec_context, + gss_spnego_context_time, + gss_spnego_get_mic, + gss_spnego_verify_mic, + gss_spnego_wrap, + gss_spnego_unwrap, + gss_spnego_display_status, + gss_spnego_indicate_mechs, + gss_spnego_compare_name, + gss_spnego_display_name, + gss_spnego_import_name, + gss_spnego_export_name, + gss_spnego_release_name, + gss_spnego_inquire_cred, + gss_spnego_inquire_context, + gss_spnego_wrap_size_limit, + gss_spnego_add_cred, + gss_spnego_inquire_cred_by_mech, + gss_spnego_export_sec_context, + gss_spnego_import_sec_context, + gss_spnego_inquire_names_for_mech, + gss_spnego_inquire_mechs_for_name, + gss_spnego_canonicalize_name, + gss_spnego_duplicate_name }; -gss_OID GSS_SPNEGO_MECHANISM = &spnego_mech.mech_type; - -gss_mechanism gss_spnego_initialize(void) +gssapi_mech_interface +__gss_spnego_initialize(void) { return &spnego_mech; } +static gss_OID_desc gss_spnego_mechanism_desc = + {6, (void *)"\x2b\x06\x01\x05\x05\x02"}; + +gss_OID GSS_SPNEGO_MECHANISM = &gss_spnego_mechanism_desc; diff --git a/lib/gssapi/spnego/init_sec_context.c b/lib/gssapi/spnego/init_sec_context.c index 20b4c34d9..6f5b8c98a 100644 --- a/lib/gssapi/spnego/init_sec_context.c +++ b/lib/gssapi/spnego/init_sec_context.c @@ -45,7 +45,7 @@ RCSID("$Id$"); */ static OM_uint32 spnego_reply_internal(OM_uint32 *minor_status, - gss_ctx_id_t context_handle, + gssspnego_ctx context_handle, const gss_buffer_t mech_buf, gss_buffer_t mech_token, gss_buffer_t output_token) @@ -148,7 +148,7 @@ spnego_reply_internal(OM_uint32 *minor_status, static OM_uint32 spnego_initial (OM_uint32 * minor_status, - const gss_cred_id_t initiator_cred_handle, + gssspnego_cred cred, gss_ctx_id_t * context_handle, const gss_name_t target_name, const gss_OID mech_type, @@ -170,7 +170,8 @@ spnego_initial size_t buf_size, buf_len; gss_buffer_desc data; size_t ni_len; - gss_ctx_id_t ctx; + gss_ctx_id_t context; + gssspnego_ctx ctx; memset (&ni, 0, sizeof(ni)); @@ -178,23 +179,24 @@ spnego_initial *minor_status = 0; - sub = _gss_spnego_alloc_sec_context(&minor, &ctx); + sub = _gss_spnego_alloc_sec_context(&minor, &context); if (GSS_ERROR(sub)) { *minor_status = minor; return sub; } + ctx = (gssspnego_ctx)context; HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); ctx->local = 1; sub = _gss_spnego_indicate_mechtypelist(&minor, 0, - initiator_cred_handle, + cred, &ni.mechTypes, &ctx->preferred_mech_type); if (GSS_ERROR(sub)) { *minor_status = minor; - _gss_spnego_delete_sec_context(&minor, &ctx, GSS_C_NO_BUFFER); + _gss_spnego_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER); return sub; } @@ -207,9 +209,8 @@ spnego_initial /* generate optimistic token */ sub = gss_init_sec_context(&minor, - initiator_cred_handle ? - initiator_cred_handle->negotiated_cred_id : - GSS_C_NO_CREDENTIAL, + (cred != NULL) ? cred->negotiated_cred_id : + GSS_C_NO_CREDENTIAL, &ctx->negotiated_ctx_id, target_name, GSS_C_NO_OID, @@ -224,7 +225,7 @@ spnego_initial if (GSS_ERROR(sub)) { free_NegTokenInit(&ni); *minor_status = minor; - _gss_spnego_delete_sec_context(&minor, &ctx, GSS_C_NO_BUFFER); + _gss_spnego_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER); return sub; } @@ -233,7 +234,7 @@ spnego_initial if (ni.mechToken == NULL) { free_NegTokenInit(&ni); gss_release_buffer(&minor, &mech_token); - _gss_spnego_delete_sec_context(&minor, &ctx, GSS_C_NO_BUFFER); + _gss_spnego_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER); *minor_status = ENOMEM; return GSS_S_FAILURE; } @@ -243,7 +244,7 @@ spnego_initial free_NegTokenInit(&ni); gss_release_buffer(&minor, &mech_token); *minor_status = ENOMEM; - _gss_spnego_delete_sec_context(&minor, &ctx, GSS_C_NO_BUFFER); + _gss_spnego_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER); return GSS_S_FAILURE; } memcpy(ni.mechToken->data, mech_token.value, mech_token.length); @@ -260,7 +261,7 @@ spnego_initial if (buf == NULL) { free_NegTokenInit(&ni); *minor_status = ENOMEM; - _gss_spnego_delete_sec_context(&minor, &ctx, GSS_C_NO_BUFFER); + _gss_spnego_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER); return GSS_S_FAILURE; } @@ -276,7 +277,7 @@ spnego_initial ret = der_put_length_and_tag(buf + buf_size - buf_len - 1, buf_size - buf_len, buf_len, - CONTEXT, + ASN1_C_CONTEXT, CONS, 0, &tmp); @@ -287,7 +288,7 @@ spnego_initial *minor_status = ret; free(buf); free_NegTokenInit(&ni); - _gss_spnego_delete_sec_context(&minor, &ctx, GSS_C_NO_BUFFER); + _gss_spnego_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER); return GSS_S_FAILURE; } @@ -307,7 +308,7 @@ spnego_initial free (buf); if (sub) { - _gss_spnego_delete_sec_context(&minor, &ctx, GSS_C_NO_BUFFER); + _gss_spnego_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER); return sub; } @@ -320,7 +321,7 @@ spnego_initial HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); - *context_handle = ctx; + *context_handle = context; return GSS_S_CONTINUE_NEEDED; } @@ -328,7 +329,7 @@ spnego_initial static OM_uint32 spnego_reply (OM_uint32 * minor_status, - const gss_cred_id_t initiator_cred_handle, + const gssspnego_cred cred, gss_ctx_id_t * context_handle, const gss_name_t target_name, const gss_OID mech_type, @@ -343,7 +344,6 @@ spnego_reply ) { OM_uint32 ret, minor; - gss_buffer_desc indata; NegTokenResp resp; u_char oidbuf[17]; size_t oidlen; @@ -353,11 +353,11 @@ spnego_reply size_t buf_len; gss_buffer_desc mic_buf, mech_buf; gss_buffer_desc mech_output_token; - gss_ctx_id_t ctx; + gssspnego_ctx ctx; *minor_status = 0; - ctx = *context_handle; + ctx = (gssspnego_ctx)*context_handle; output_token->length = 0; output_token->value = NULL; @@ -369,14 +369,14 @@ spnego_reply mech_buf.length = 0; ret = der_match_tag_and_length(input_token->value, input_token->length, - CONTEXT, CONS, 1, &len, &taglen); + ASN1_C_CONTEXT, CONS, 1, &len, &taglen); if (ret) return ret; - if (len > indata.length - taglen) + if (len > input_token->length - taglen) return ASN1_OVERRUN; - ret = decode_NegTokenResp((const char *)input_token->value + taglen, + ret = decode_NegTokenResp((const unsigned char *)input_token->value+taglen, len, &resp, NULL); if (ret) { *minor_status = ENOMEM; @@ -414,10 +414,10 @@ spnego_reply mech.length = oidlen; mech.elements = oidbuf + sizeof(oidbuf) - oidlen; - /* Fall through as if the negotiated mechanism was requested explicitly */ + /* Fall through as if the negotiated mechanism + was requested explicitly */ ret = gss_init_sec_context(&minor, - initiator_cred_handle ? - initiator_cred_handle->negotiated_cred_id : + (cred != NULL) ? cred->negotiated_cred_id : GSS_C_NO_CREDENTIAL, &ctx->negotiated_ctx_id, target_name, @@ -544,9 +544,11 @@ OM_uint32 gss_spnego_init_sec_context OM_uint32 * time_rec ) { + gssspnego_cred cred = (gssspnego_cred)initiator_cred_handle; + if (*context_handle == GSS_C_NO_CONTEXT) return spnego_initial (minor_status, - initiator_cred_handle, + cred, context_handle, target_name, mech_type, @@ -560,7 +562,7 @@ OM_uint32 gss_spnego_init_sec_context time_rec); else return spnego_reply (minor_status, - initiator_cred_handle, + cred, context_handle, target_name, mech_type, diff --git a/lib/gssapi/spnego/spnego_locl.h b/lib/gssapi/spnego/spnego_locl.h index 80363bd9f..3ced74c4c 100644 --- a/lib/gssapi/spnego/spnego_locl.h +++ b/lib/gssapi/spnego/spnego_locl.h @@ -45,19 +45,18 @@ #include #include +#include #include #include -#include - #include "spnego_asn1.h" -gss_mechanism gss_spnego_initialize(void); +#include -typedef struct gss_cred_id_t_desc_struct { +typedef struct { gss_cred_id_t negotiated_cred_id; -} gss_cred_id_t_desc; +} *gssspnego_cred; -typedef struct gss_ctx_id_t_desc_struct { +typedef struct { MechTypeList initiator_mech_types; gss_OID preferred_mech_type; gss_OID negotiated_mech_type; @@ -71,14 +70,14 @@ typedef struct gss_ctx_id_t_desc_struct { int require_mic : 1; int verified_mic : 1; HEIMDAL_MUTEX ctx_id_mutex; -} gss_ctx_id_t_desc; +} *gssspnego_ctx; OM_uint32 _gss_spnego_encode_response(OM_uint32 *, const NegTokenResp *, gss_buffer_t, u_char **); OM_uint32 _gss_spnego_indicate_mechtypelist (OM_uint32 *, int, - const gss_cred_id_t cred_handle, + const gssspnego_cred cred_handle, MechTypeList *, gss_OID *preferred_mech); OM_uint32 _gss_spnego_alloc_sec_context (OM_uint32 *, @@ -89,7 +88,7 @@ OM_uint32 _gss_spnego_alloc_sec_context (OM_uint32 *, * calling _gss_spnego_delete_sec_context() */ OM_uint32 _gss_spnego_delete_sec_context (OM_uint32 *, gss_ctx_id_t *, gss_buffer_t); -OM_uint32 _gss_spnego_require_mechlist_mic(OM_uint32 *, gss_ctx_id_t, int *); +OM_uint32 _gss_spnego_require_mechlist_mic(OM_uint32 *, gssspnego_ctx, int *); OM_uint32 gss_spnego_internal_release_oid(OM_uint32 *minor_status, gss_OID *OID); int _gss_spnego_add_mech_type(gss_OID, int, MechTypeList *); OM_uint32 _gss_spnego_select_mech(OM_uint32 *, MechType *, gss_OID *); @@ -410,6 +409,7 @@ OM_uint32 gss_spnego_unseal int * /*qop_state*/ ); +#if 0 OM_uint32 gss_spnego_unwrap_ex (OM_uint32 * /*minor_status*/, const gss_ctx_id_t /*context_handle*/, @@ -436,6 +436,7 @@ OM_uint32 gss_spnego_complete_auth_token (OM_uint32 * /*minor_status*/, const gss_ctx_id_t /*context_handle*/, gss_buffer_t /*input_message_buffer*/); +#endif OM_uint32 gss_spnego_inquire_sec_context_by_oid (OM_uint32 * /*minor_status*/,