oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Rename gss_context_id_t and gss_cred_id_t to local names

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17699 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2006-06-28 08:58:17 +00:00
parent a1321d12ed
commit 534d628c29
7 changed files with 294 additions and 182 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
lib/gssapi/spnego/accept_sec_context.c
View File

@@ -62,7 +62,7 @@ _gss_spnego_encode_response(OM_uint32 *minor_status,
ret = der_put_length_and_tag(buf + buf_size - buf_len - 1, ret = der_put_length_and_tag(buf + buf_size - buf_len - 1,
buf_size - buf_len, buf_size - buf_len,
buf_len, buf_len,
CONTEXT, ASN1_C_CONTEXT,
CONS, CONS,
1, 1,
&tmp); &tmp);
@@ -137,7 +137,7 @@ send_reject (OM_uint32 *minor_status,
OM_uint32 OM_uint32
_gss_spnego_indicate_mechtypelist (OM_uint32 *minor_status, _gss_spnego_indicate_mechtypelist (OM_uint32 *minor_status,
int includeMSCompatOID, int includeMSCompatOID,
const gss_cred_id_t cred_handle, const gssspnego_cred cred_handle,
MechTypeList *mechtypelist, MechTypeList *mechtypelist,
gss_OID *preferred_mech) gss_OID *preferred_mech)
{ {
@@ -145,7 +145,7 @@ _gss_spnego_indicate_mechtypelist (OM_uint32 *minor_status,
gss_OID_set supported_mechs = GSS_C_NO_OID_SET; gss_OID_set supported_mechs = GSS_C_NO_OID_SET;
int i, count; int i, count;
if (cred_handle != GSS_C_NO_CREDENTIAL) { if (cred_handle != NULL) {
ret = gss_inquire_cred(minor_status, ret = gss_inquire_cred(minor_status,
cred_handle->negotiated_cred_id, cred_handle->negotiated_cred_id,
NULL, NULL,
@@ -228,7 +228,7 @@ send_supported_mechs (OM_uint32 *minor_status,
ni.mechListMIC = NULL; ni.mechListMIC = NULL;
ret = _gss_spnego_indicate_mechtypelist(minor_status, 1, ret = _gss_spnego_indicate_mechtypelist(minor_status, 1,
GSS_C_NO_CREDENTIAL, NULL,
&ni.mechTypes, NULL); &ni.mechTypes, NULL);
if (ret != GSS_S_COMPLETE) { if (ret != GSS_S_COMPLETE) {
return ret; return ret;
@@ -320,7 +320,7 @@ send_supported_mechs (OM_uint32 *minor_status,
ret = der_put_length_and_tag(buf + buf_size - buf_len - 1, ret = der_put_length_and_tag(buf + buf_size - buf_len - 1,
buf_size - buf_len, buf_size - buf_len,
buf_len, buf_len,
CONTEXT, ASN1_C_CONTEXT,
CONS, CONS,
0, 0,
&tmp); &tmp);
@@ -368,7 +368,7 @@ send_supported_mechs (OM_uint32 *minor_status,
static OM_uint32 static OM_uint32
send_accept (OM_uint32 *minor_status, send_accept (OM_uint32 *minor_status,
gss_ctx_id_t context_handle, gssspnego_ctx context_handle,
gss_buffer_t mech_token, gss_buffer_t mech_token,
int initial_response, int initial_response,
gss_buffer_t mech_buf, gss_buffer_t mech_buf,
@@ -496,7 +496,7 @@ send_accept (OM_uint32 *minor_status,
static OM_uint32 static OM_uint32
verify_mechlist_mic verify_mechlist_mic
(OM_uint32 *minor_status, (OM_uint32 *minor_status,
gss_ctx_id_t context_handle, gssspnego_ctx context_handle,
gss_buffer_t mech_buf, gss_buffer_t mech_buf,
heim_octet_string *mechListMIC heim_octet_string *mechListMIC
) )
@@ -556,9 +556,10 @@ gss_spnego_accept_sec_context
unsigned int negResult = accept_incomplete; unsigned int negResult = accept_incomplete;
gss_buffer_t mech_input_token = GSS_C_NO_BUFFER; gss_buffer_t mech_input_token = GSS_C_NO_BUFFER;
gss_buffer_t mech_output_token = GSS_C_NO_BUFFER; gss_buffer_t mech_output_token = GSS_C_NO_BUFFER;
gss_ctx_id_t ctx;
gss_buffer_desc mech_buf; gss_buffer_desc mech_buf;
gss_OID preferred_mech_type = GSS_C_NO_OID; gss_OID preferred_mech_type = GSS_C_NO_OID;
gssspnego_ctx ctx;
gssspnego_cred acceptor_cred = (gssspnego_cred)acceptor_cred_handle;
*minor_status = 0; *minor_status = 0;
@@ -594,7 +595,7 @@ gss_spnego_accept_sec_context
} }
} }
ctx = *context_handle; ctx = (gssspnego_ctx)*context_handle;
/* /*
* The GSS-API encapsulation is only present on the initial * The GSS-API encapsulation is only present on the initial
@@ -611,7 +612,7 @@ gss_spnego_accept_sec_context
} }
ret = der_match_tag_and_length(data.value, data.length, ret = der_match_tag_and_length(data.value, data.length,
CONTEXT, CONS, ASN1_C_CONTEXT, CONS,
initialToken ? 0 : 1, initialToken ? 0 : 1,
&len, &taglen); &len, &taglen);
if (ret) { if (ret) {
@@ -625,11 +626,11 @@ gss_spnego_accept_sec_context
} }
if (initialToken) { if (initialToken) {
ret = decode_NegTokenInit((const char *)data.value + taglen, len, ret = decode_NegTokenInit((const unsigned char *)data.value + taglen,
&ni, &ni_len); len, &ni, &ni_len);
} else { } else {
ret = decode_NegTokenResp((const char *)data.value + taglen, len, ret = decode_NegTokenResp((const unsigned char *)data.value + taglen,
&na, &na_len); len, &na, &na_len);
} }
if (ret) { if (ret) {
*minor_status = ret; *minor_status = ret;
@@ -672,7 +673,6 @@ gss_spnego_accept_sec_context
{ {
gss_buffer_desc ibuf, obuf; gss_buffer_desc ibuf, obuf;
OM_uint32 minor;
int require_mic, verify_mic, get_mic; int require_mic, verify_mic, get_mic;
int require_response; int require_response;
heim_octet_string *mic; heim_octet_string *mic;
@@ -696,8 +696,8 @@ gss_spnego_accept_sec_context
gss_cred_id_t mech_delegated_cred; gss_cred_id_t mech_delegated_cred;
gss_cred_id_t *mech_delegated_cred_p; gss_cred_id_t *mech_delegated_cred_p;
if (acceptor_cred_handle != GSS_C_NO_CREDENTIAL) if (acceptor_cred != NULL)
mech_cred = acceptor_cred_handle->negotiated_cred_id; mech_cred = acceptor_cred->negotiated_cred_id;
else else
mech_cred = GSS_C_NO_CREDENTIAL; mech_cred = GSS_C_NO_CREDENTIAL;

27
lib/gssapi/spnego/compat.c
View File

@@ -54,9 +54,9 @@ static gss_OID_desc gss_krb5_mechanism_oid_desc =
OM_uint32 _gss_spnego_alloc_sec_context (OM_uint32 * minor_status, OM_uint32 _gss_spnego_alloc_sec_context (OM_uint32 * minor_status,
gss_ctx_id_t *context_handle) gss_ctx_id_t *context_handle)
{ {
gss_ctx_id_t ctx; gssspnego_ctx ctx;
ctx = malloc(sizeof(gss_ctx_id_t_desc)); ctx = calloc(1, sizeof(*ctx));
if (ctx == NULL) { if (ctx == NULL) {
*minor_status = ENOMEM; *minor_status = ENOMEM;
return GSS_S_FAILURE; return GSS_S_FAILURE;
@@ -85,7 +85,7 @@ OM_uint32 _gss_spnego_alloc_sec_context (OM_uint32 * minor_status,
HEIMDAL_MUTEX_init(&ctx->ctx_id_mutex); HEIMDAL_MUTEX_init(&ctx->ctx_id_mutex);
*context_handle = ctx; *context_handle = (gss_ctx_id_t)ctx;
return GSS_S_COMPLETE; return GSS_S_COMPLETE;
} }
@@ -100,7 +100,7 @@ OM_uint32 _gss_spnego_delete_sec_context
gss_buffer_t output_token gss_buffer_t output_token
) )
{ {
gss_ctx_id_t ctx; gssspnego_ctx ctx;
OM_uint32 ret, minor; OM_uint32 ret, minor;
*minor_status = 0; *minor_status = 0;
@@ -114,7 +114,9 @@ OM_uint32 _gss_spnego_delete_sec_context
output_token->value = NULL; output_token->value = NULL;
} }
ctx = *context_handle; ctx = (gssspnego_ctx)*context_handle;
*context_handle = GSS_C_NO_CONTEXT;
if (ctx == NULL) { if (ctx == NULL) {
return GSS_S_NO_CONTEXT; return GSS_S_NO_CONTEXT;
} }
@@ -152,9 +154,10 @@ OM_uint32 _gss_spnego_delete_sec_context
* default is to ignore the mechListMIC unless CFX is used and * default is to ignore the mechListMIC unless CFX is used and
* a non-preferred mechanism was negotiated * a non-preferred mechanism was negotiated
*/ */
OM_uint32 OM_uint32
_gss_spnego_require_mechlist_mic(OM_uint32 *minor_status, _gss_spnego_require_mechlist_mic(OM_uint32 *minor_status,
gss_ctx_id_t ctx, gssspnego_ctx ctx,
int *require_mic) int *require_mic)
{ {
gss_buffer_set_t buffer_set = GSS_C_NO_BUFFER_SET; gss_buffer_set_t buffer_set = GSS_C_NO_BUFFER_SET;
@@ -163,7 +166,7 @@ _gss_spnego_require_mechlist_mic(OM_uint32 *minor_status,
*minor_status = 0; *minor_status = 0;
*require_mic = 0; *require_mic = 0;
if (ctx == GSS_C_NO_CONTEXT) { if (ctx == NULL) {
return GSS_S_COMPLETE; return GSS_S_COMPLETE;
} }
@@ -250,9 +253,8 @@ _gss_spnego_select_mech(OM_uint32 *minor_status,
size_t mech_len; size_t mech_len;
gss_OID_desc oid; gss_OID_desc oid;
OM_uint32 ret; OM_uint32 ret;
gss_mechanism mech;
ret = der_put_oid (mechbuf + sizeof(mechbuf) - 1, ret = der_put_oid ((unsigned char *)mechbuf + sizeof(mechbuf) - 1,
sizeof(mechbuf), sizeof(mechbuf),
mechType, mechType,
&mech_len); &mech_len);
@@ -271,17 +273,20 @@ _gss_spnego_select_mech(OM_uint32 *minor_status,
/* Translate broken MS Kebreros OID */ /* Translate broken MS Kebreros OID */
if (gss_oid_equal(&oid, &gss_mskrb_mechanism_oid_desc)) { if (gss_oid_equal(&oid, &gss_mskrb_mechanism_oid_desc)) {
gssapi_mech_interface mech;
mech = __gss_get_mechanism(&gss_krb5_mechanism_oid_desc); mech = __gss_get_mechanism(&gss_krb5_mechanism_oid_desc);
if (mech == NULL) if (mech == NULL)
return GSS_S_BAD_MECH; return GSS_S_BAD_MECH;
*mech_p = &gss_mskrb_mechanism_oid_desc; *mech_p = &gss_mskrb_mechanism_oid_desc;
} else { } else {
gssapi_mech_interface mech;
mech = __gss_get_mechanism(&oid); mech = __gss_get_mechanism(&oid);
if (mech == NULL) if (mech == NULL)
return GSS_S_BAD_MECH; return GSS_S_BAD_MECH;
*mech_p = &mech->gm_mech_oid;
*mech_p = &mech->mech_type;
} }
return GSS_S_COMPLETE; return GSS_S_COMPLETE;

201
lib/gssapi/spnego/context_stubs.c
View File

@@ -40,26 +40,30 @@ OM_uint32 gss_spnego_process_context_token
const gss_buffer_t token_buffer const gss_buffer_t token_buffer
) )
{ {
gss_ctx_id_t context ;
gssspnego_ctx ctx;
OM_uint32 ret; OM_uint32 ret;
if (context_handle == GSS_C_NO_CONTEXT) { if (context_handle == GSS_C_NO_CONTEXT)
return GSS_S_NO_CONTEXT; return GSS_S_NO_CONTEXT;
}
HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); context = context_handle;
ctx = (gssspnego_ctx)context_handle;
HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
ret = gss_process_context_token(minor_status, ret = gss_process_context_token(minor_status,
context_handle->negotiated_ctx_id, ctx->negotiated_ctx_id,
token_buffer); token_buffer);
if (ret != GSS_S_COMPLETE) { if (ret != GSS_S_COMPLETE) {
HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
return ret; return ret;
} }
context_handle->negotiated_ctx_id = GSS_C_NO_CONTEXT; ctx->negotiated_ctx_id = GSS_C_NO_CONTEXT;
return _gss_spnego_delete_sec_context(minor_status, return _gss_spnego_delete_sec_context(minor_status,
(gss_ctx_id_t *)&context_handle, &context,
GSS_C_NO_BUFFER); GSS_C_NO_BUFFER);
} }
@@ -69,10 +73,14 @@ OM_uint32 gss_spnego_delete_sec_context
gss_buffer_t output_token gss_buffer_t output_token
) )
{ {
gssspnego_ctx ctx;
if (context_handle == NULL || *context_handle == GSS_C_NO_CONTEXT) if (context_handle == NULL || *context_handle == GSS_C_NO_CONTEXT)
return GSS_S_NO_CONTEXT; return GSS_S_NO_CONTEXT;
HEIMDAL_MUTEX_lock(&(*context_handle)->ctx_id_mutex); ctx = (gssspnego_ctx)*context_handle;
HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
return _gss_spnego_delete_sec_context(minor_status, return _gss_spnego_delete_sec_context(minor_status,
context_handle, context_handle,
@@ -85,18 +93,21 @@ OM_uint32 gss_spnego_context_time
OM_uint32 *time_rec OM_uint32 *time_rec
) )
{ {
gssspnego_ctx ctx;
*minor_status = 0; *minor_status = 0;
if (context_handle == GSS_C_NO_CONTEXT) { if (context_handle == GSS_C_NO_CONTEXT) {
return GSS_S_NO_CONTEXT; return GSS_S_NO_CONTEXT;
} }
if (context_handle->negotiated_ctx_id == GSS_C_NO_CONTEXT) { ctx = (gssspnego_ctx)context_handle;
if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
return GSS_S_NO_CONTEXT; return GSS_S_NO_CONTEXT;
} }
return gss_context_time(minor_status, return gss_context_time(minor_status,
context_handle->negotiated_ctx_id, ctx->negotiated_ctx_id,
time_rec); time_rec);
} }
@@ -108,17 +119,21 @@ OM_uint32 gss_spnego_get_mic
gss_buffer_t message_token gss_buffer_t message_token
) )
{ {
gssspnego_ctx ctx;
*minor_status = 0; *minor_status = 0;
if (context_handle == GSS_C_NO_CONTEXT) { if (context_handle == GSS_C_NO_CONTEXT) {
return GSS_S_NO_CONTEXT; return GSS_S_NO_CONTEXT;
} }
if (context_handle->negotiated_ctx_id == GSS_C_NO_CONTEXT) { ctx = (gssspnego_ctx)context_handle;
if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
return GSS_S_NO_CONTEXT; return GSS_S_NO_CONTEXT;
} }
return gss_get_mic(minor_status, context_handle->negotiated_ctx_id, return gss_get_mic(minor_status, ctx->negotiated_ctx_id,
qop_req, message_buffer, message_token); qop_req, message_buffer, message_token);
} }
@@ -130,18 +145,22 @@ OM_uint32 gss_spnego_verify_mic
gss_qop_t * qop_state gss_qop_t * qop_state
) )
{ {
gssspnego_ctx ctx;
*minor_status = 0; *minor_status = 0;
if (context_handle == GSS_C_NO_CONTEXT) { if (context_handle == GSS_C_NO_CONTEXT) {
return GSS_S_NO_CONTEXT; return GSS_S_NO_CONTEXT;
} }
if (context_handle->negotiated_ctx_id == GSS_C_NO_CONTEXT) { ctx = (gssspnego_ctx)context_handle;
if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
return GSS_S_NO_CONTEXT; return GSS_S_NO_CONTEXT;
} }
return gss_verify_mic(minor_status, return gss_verify_mic(minor_status,
context_handle->negotiated_ctx_id, ctx->negotiated_ctx_id,
message_buffer, message_buffer,
token_buffer, token_buffer,
qop_state); qop_state);
@@ -157,18 +176,22 @@ OM_uint32 gss_spnego_wrap
gss_buffer_t output_message_buffer gss_buffer_t output_message_buffer
) )
{ {
gssspnego_ctx ctx;
*minor_status = 0; *minor_status = 0;
if (context_handle == GSS_C_NO_CONTEXT) { if (context_handle == GSS_C_NO_CONTEXT) {
return GSS_S_NO_CONTEXT; return GSS_S_NO_CONTEXT;
} }
if (context_handle->negotiated_ctx_id == GSS_C_NO_CONTEXT) { ctx = (gssspnego_ctx)context_handle;
if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
return GSS_S_NO_CONTEXT; return GSS_S_NO_CONTEXT;
} }
return gss_wrap(minor_status, return gss_wrap(minor_status,
context_handle->negotiated_ctx_id, ctx->negotiated_ctx_id,
conf_req_flag, conf_req_flag,
qop_req, qop_req,
input_message_buffer, input_message_buffer,
@@ -185,25 +208,28 @@ OM_uint32 gss_spnego_unwrap
gss_qop_t * qop_state gss_qop_t * qop_state
) )
{ {
gssspnego_ctx ctx;
*minor_status = 0; *minor_status = 0;
if (context_handle == GSS_C_NO_CONTEXT) { if (context_handle == GSS_C_NO_CONTEXT) {
return GSS_S_NO_CONTEXT; return GSS_S_NO_CONTEXT;
} }
if (context_handle->negotiated_ctx_id == GSS_C_NO_CONTEXT) { ctx = (gssspnego_ctx)context_handle;
if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
return GSS_S_NO_CONTEXT; return GSS_S_NO_CONTEXT;
} }
return gss_unwrap(minor_status, return gss_unwrap(minor_status,
context_handle->negotiated_ctx_id, ctx->negotiated_ctx_id,
input_message_buffer, input_message_buffer,
output_message_buffer, output_message_buffer,
conf_state, conf_state,
qop_state); qop_state);
} }
#if 0
OM_uint32 gss_spnego_display_status OM_uint32 gss_spnego_display_status
(OM_uint32 * minor_status, (OM_uint32 * minor_status,
OM_uint32 status_value, OM_uint32 status_value,
@@ -215,7 +241,6 @@ OM_uint32 gss_spnego_display_status
{ {
return GSS_S_FAILURE; return GSS_S_FAILURE;
} }
#endif
OM_uint32 gss_spnego_indicate_mechs OM_uint32 gss_spnego_indicate_mechs
(OM_uint32 * minor_status, (OM_uint32 * minor_status,
@@ -299,18 +324,22 @@ OM_uint32 gss_spnego_inquire_context (
int * open_context int * open_context
) )
{ {
gssspnego_ctx ctx;
*minor_status = 0; *minor_status = 0;
if (context_handle == GSS_C_NO_CONTEXT) { if (context_handle == GSS_C_NO_CONTEXT) {
return GSS_S_NO_CONTEXT; return GSS_S_NO_CONTEXT;
} }
if (context_handle->negotiated_ctx_id == GSS_C_NO_CONTEXT) { ctx = (gssspnego_ctx)context_handle;
if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
return GSS_S_NO_CONTEXT; return GSS_S_NO_CONTEXT;
} }
return gss_inquire_context(minor_status, return gss_inquire_context(minor_status,
context_handle->negotiated_ctx_id, ctx->negotiated_ctx_id,
src_name, src_name,
targ_name, targ_name,
lifetime_rec, lifetime_rec,
@@ -329,18 +358,22 @@ OM_uint32 gss_spnego_wrap_size_limit (
OM_uint32 * max_input_size OM_uint32 * max_input_size
) )
{ {
gssspnego_ctx ctx;
*minor_status = 0; *minor_status = 0;
if (context_handle == GSS_C_NO_CONTEXT) { if (context_handle == GSS_C_NO_CONTEXT) {
return GSS_S_NO_CONTEXT; return GSS_S_NO_CONTEXT;
} }
if (context_handle->negotiated_ctx_id == GSS_C_NO_CONTEXT) { ctx = (gssspnego_ctx)context_handle;
if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
return GSS_S_NO_CONTEXT; return GSS_S_NO_CONTEXT;
} }
return gss_wrap_size_limit(minor_status, return gss_wrap_size_limit(minor_status,
context_handle->negotiated_ctx_id, ctx->negotiated_ctx_id,
conf_req_flag, conf_req_flag,
qop_req, qop_req,
req_output_size, req_output_size,
@@ -353,7 +386,7 @@ OM_uint32 gss_spnego_export_sec_context (
gss_buffer_t interprocess_token gss_buffer_t interprocess_token
) )
{ {
gss_ctx_id_t ctx; gssspnego_ctx ctx;
OM_uint32 ret; OM_uint32 ret;
*minor_status = 0; *minor_status = 0;
@@ -362,11 +395,10 @@ OM_uint32 gss_spnego_export_sec_context (
return GSS_S_NO_CONTEXT; return GSS_S_NO_CONTEXT;
} }
ctx = *context_handle; ctx = (gssspnego_ctx)*context_handle;
if (ctx == GSS_C_NO_CONTEXT) { if (ctx == NULL)
return GSS_S_NO_CONTEXT; return GSS_S_NO_CONTEXT;
}
HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
@@ -380,12 +412,10 @@ OM_uint32 gss_spnego_export_sec_context (
interprocess_token); interprocess_token);
if (ret == GSS_S_COMPLETE) { if (ret == GSS_S_COMPLETE) {
ret = _gss_spnego_delete_sec_context(minor_status, ret = _gss_spnego_delete_sec_context(minor_status,
&ctx, context_handle,
GSS_C_NO_BUFFER); GSS_C_NO_BUFFER);
if (ret == GSS_S_COMPLETE) { if (ret == GSS_S_COMPLETE)
*context_handle = GSS_C_NO_CONTEXT;
return GSS_S_COMPLETE; return GSS_S_COMPLETE;
}
} }
HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
@@ -400,12 +430,14 @@ OM_uint32 gss_spnego_import_sec_context (
) )
{ {
OM_uint32 ret, minor; OM_uint32 ret, minor;
gss_ctx_id_t ctx; gss_ctx_id_t context;
gssspnego_ctx ctx;
ret = _gss_spnego_alloc_sec_context(minor_status, &ctx); ret = _gss_spnego_alloc_sec_context(minor_status, &context);
if (ret != GSS_S_COMPLETE) { if (ret != GSS_S_COMPLETE) {
return ret; return ret;
} }
ctx = (gssspnego_ctx)context;
HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
@@ -413,7 +445,7 @@ OM_uint32 gss_spnego_import_sec_context (
interprocess_token, interprocess_token,
&ctx->negotiated_ctx_id); &ctx->negotiated_ctx_id);
if (ret != GSS_S_COMPLETE) { if (ret != GSS_S_COMPLETE) {
_gss_spnego_delete_sec_context(&minor, &ctx, GSS_C_NO_BUFFER); _gss_spnego_delete_sec_context(&minor, context_handle, GSS_C_NO_BUFFER);
return ret; return ret;
} }
@@ -422,6 +454,8 @@ OM_uint32 gss_spnego_import_sec_context (
HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
*context_handle = (gss_ctx_id_t)ctx;
return GSS_S_COMPLETE; return GSS_S_COMPLETE;
} }
@@ -434,6 +468,27 @@ OM_uint32 gss_spnego_inquire_names_for_mech (
return gss_create_empty_oid_set(minor_status, name_types); return gss_create_empty_oid_set(minor_status, name_types);
} }
OM_uint32 gss_spnego_inquire_mechs_for_name (
OM_uint32 * minor_status,
const gss_name_t input_name,
gss_OID_set * mech_types
)
{
OM_uint32 ret, junk;
ret = gss_create_empty_oid_set(minor_status, mech_types);
if (ret)
return ret;
ret = gss_add_oid_set_member(minor_status,
GSS_SPNEGO_MECHANISM,
mech_types);
if (ret)
gss_release_oid_set(&junk, mech_types);
return ret;
}
OM_uint32 gss_spnego_canonicalize_name ( OM_uint32 gss_spnego_canonicalize_name (
OM_uint32 * minor_status, OM_uint32 * minor_status,
const gss_name_t input_name, const gss_name_t input_name,
@@ -464,18 +519,22 @@ OM_uint32 gss_spnego_sign
gss_buffer_t message_token gss_buffer_t message_token
) )
{ {
gssspnego_ctx ctx;
*minor_status = 0; *minor_status = 0;
if (context_handle == GSS_C_NO_CONTEXT) { if (context_handle == GSS_C_NO_CONTEXT) {
return GSS_S_NO_CONTEXT; return GSS_S_NO_CONTEXT;
} }
if (context_handle->negotiated_ctx_id == GSS_C_NO_CONTEXT) { ctx = (gssspnego_ctx)context_handle;
if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
return GSS_S_NO_CONTEXT; return GSS_S_NO_CONTEXT;
} }
return gss_sign(minor_status, return gss_sign(minor_status,
context_handle->negotiated_ctx_id, ctx->negotiated_ctx_id,
qop_req, qop_req,
message_buffer, message_buffer,
message_token); message_token);
@@ -489,18 +548,22 @@ OM_uint32 gss_spnego_verify
int * qop_state int * qop_state
) )
{ {
gssspnego_ctx ctx;
*minor_status = 0; *minor_status = 0;
if (context_handle == GSS_C_NO_CONTEXT) { if (context_handle == GSS_C_NO_CONTEXT) {
return GSS_S_NO_CONTEXT; return GSS_S_NO_CONTEXT;
} }
if (context_handle->negotiated_ctx_id == GSS_C_NO_CONTEXT) { ctx = (gssspnego_ctx)context_handle;
if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
return GSS_S_NO_CONTEXT; return GSS_S_NO_CONTEXT;
} }
return gss_verify(minor_status, return gss_verify(minor_status,
context_handle->negotiated_ctx_id, ctx->negotiated_ctx_id,
message_buffer, message_buffer,
token_buffer, token_buffer,
qop_state); qop_state);
@@ -516,18 +579,22 @@ OM_uint32 gss_spnego_seal
gss_buffer_t output_message_buffer gss_buffer_t output_message_buffer
) )
{ {
gssspnego_ctx ctx;
*minor_status = 0; *minor_status = 0;
if (context_handle == GSS_C_NO_CONTEXT) { if (context_handle == GSS_C_NO_CONTEXT) {
return GSS_S_NO_CONTEXT; return GSS_S_NO_CONTEXT;
} }
if (context_handle->negotiated_ctx_id == GSS_C_NO_CONTEXT) { ctx = (gssspnego_ctx)context_handle;
if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
return GSS_S_NO_CONTEXT; return GSS_S_NO_CONTEXT;
} }
return gss_seal(minor_status, return gss_seal(minor_status,
context_handle->negotiated_ctx_id, ctx->negotiated_ctx_id,
conf_req_flag, conf_req_flag,
qop_req, qop_req,
input_message_buffer, input_message_buffer,
@@ -544,24 +611,29 @@ OM_uint32 gss_spnego_unseal
int * qop_state int * qop_state
) )
{ {
gssspnego_ctx ctx;
*minor_status = 0; *minor_status = 0;
if (context_handle == GSS_C_NO_CONTEXT) { if (context_handle == GSS_C_NO_CONTEXT) {
return GSS_S_NO_CONTEXT; return GSS_S_NO_CONTEXT;
} }
if (context_handle->negotiated_ctx_id == GSS_C_NO_CONTEXT) { ctx = (gssspnego_ctx)context_handle;
if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
return GSS_S_NO_CONTEXT; return GSS_S_NO_CONTEXT;
} }
return gss_unseal(minor_status, return gss_unseal(minor_status,
context_handle->negotiated_ctx_id, ctx->negotiated_ctx_id,
input_message_buffer, input_message_buffer,
output_message_buffer, output_message_buffer,
conf_state, conf_state,
qop_state); qop_state);
} }
#if 0
OM_uint32 gss_spnego_unwrap_ex OM_uint32 gss_spnego_unwrap_ex
(OM_uint32 * minor_status, (OM_uint32 * minor_status,
const gss_ctx_id_t context_handle, const gss_ctx_id_t context_handle,
@@ -572,18 +644,22 @@ OM_uint32 gss_spnego_unwrap_ex
int * conf_state, int * conf_state,
gss_qop_t * qop_state) gss_qop_t * qop_state)
{ {
gssspnego_ctx ctx;
*minor_status = 0; *minor_status = 0;
if (context_handle == GSS_C_NO_CONTEXT) { if (context_handle == GSS_C_NO_CONTEXT) {
return GSS_S_NO_CONTEXT; return GSS_S_NO_CONTEXT;
} }
if (context_handle->negotiated_ctx_id == GSS_C_NO_CONTEXT) { ctx = (gssspnego_ctx)context_handle;
if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
return GSS_S_NO_CONTEXT; return GSS_S_NO_CONTEXT;
} }
return gss_unwrap_ex(minor_status, return gss_unwrap_ex(minor_status,
context_handle->negotiated_ctx_id, ctx->negotiated_ctx_id,
token_header_buffer, token_header_buffer,
associated_data_buffer, associated_data_buffer,
input_message_buffer, input_message_buffer,
@@ -604,24 +680,28 @@ OM_uint32 gss_spnego_wrap_ex
gss_buffer_t output_message_buffer gss_buffer_t output_message_buffer
) )
{ {
gssspnego_ctx ctx;
*minor_status = 0; *minor_status = 0;
if (context_handle == GSS_C_NO_CONTEXT) { if (context_handle == GSS_C_NO_CONTEXT) {
return GSS_S_NO_CONTEXT; return GSS_S_NO_CONTEXT;
} }
if (context_handle->negotiated_ctx_id == GSS_C_NO_CONTEXT) { ctx = (gssspnego_ctx)context_handle;
if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
return GSS_S_NO_CONTEXT; return GSS_S_NO_CONTEXT;
} }
if ((context_handle->mech_flags & GSS_C_DCE_STYLE) == 0 && if ((ctx->mech_flags & GSS_C_DCE_STYLE) == 0 &&
associated_data_buffer->length != input_message_buffer->length) { associated_data_buffer->length != input_message_buffer->length) {
*minor_status = EINVAL; *minor_status = EINVAL;
return GSS_S_BAD_QOP; return GSS_S_BAD_QOP;
} }
return gss_wrap_ex(minor_status, return gss_wrap_ex(minor_status,
context_handle->negotiated_ctx_id, ctx->negotiated_ctx_id,
conf_req_flag, conf_req_flag,
qop_req, qop_req,
associated_data_buffer, associated_data_buffer,
@@ -636,20 +716,25 @@ OM_uint32 gss_spnego_complete_auth_token
const gss_ctx_id_t context_handle, const gss_ctx_id_t context_handle,
gss_buffer_t input_message_buffer) gss_buffer_t input_message_buffer)
{ {
gssspnego_ctx ctx;
*minor_status = 0; *minor_status = 0;
if (context_handle == GSS_C_NO_CONTEXT) { if (context_handle == GSS_C_NO_CONTEXT) {
return GSS_S_NO_CONTEXT; return GSS_S_NO_CONTEXT;
} }
if (context_handle->negotiated_ctx_id == GSS_C_NO_CONTEXT) { ctx = (gssspnego_ctx)context_handle;
if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
return GSS_S_NO_CONTEXT; return GSS_S_NO_CONTEXT;
} }
return gss_complete_auth_token(minor_status, return gss_complete_auth_token(minor_status,
context_handle->negotiated_ctx_id, ctx->negotiated_ctx_id,
input_message_buffer); input_message_buffer);
} }
#endif
OM_uint32 gss_spnego_inquire_sec_context_by_oid OM_uint32 gss_spnego_inquire_sec_context_by_oid
(OM_uint32 * minor_status, (OM_uint32 * minor_status,
@@ -657,18 +742,22 @@ OM_uint32 gss_spnego_inquire_sec_context_by_oid
const gss_OID desired_object, const gss_OID desired_object,
gss_buffer_set_t *data_set) gss_buffer_set_t *data_set)
{ {
gssspnego_ctx ctx;
*minor_status = 0; *minor_status = 0;
if (context_handle == GSS_C_NO_CONTEXT) { if (context_handle == GSS_C_NO_CONTEXT) {
return GSS_S_NO_CONTEXT; return GSS_S_NO_CONTEXT;
} }
if (context_handle->negotiated_ctx_id == GSS_C_NO_CONTEXT) { ctx = (gssspnego_ctx)context_handle;
if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
return GSS_S_NO_CONTEXT; return GSS_S_NO_CONTEXT;
} }
return gss_inquire_sec_context_by_oid(minor_status, return gss_inquire_sec_context_by_oid(minor_status,
context_handle->negotiated_ctx_id, ctx->negotiated_ctx_id,
desired_object, desired_object,
data_set); data_set);
} }
@@ -679,18 +768,22 @@ OM_uint32 gss_spnego_set_sec_context_option
const gss_OID desired_object, const gss_OID desired_object,
const gss_buffer_t value) const gss_buffer_t value)
{ {
gssspnego_ctx ctx;
*minor_status = 0; *minor_status = 0;
if (context_handle == NULL || *context_handle == GSS_C_NO_CONTEXT) { if (context_handle == NULL || *context_handle == GSS_C_NO_CONTEXT) {
return GSS_S_NO_CONTEXT; return GSS_S_NO_CONTEXT;
} }
if ((*context_handle)->negotiated_ctx_id == GSS_C_NO_CONTEXT) { ctx = (gssspnego_ctx)context_handle;
if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
return GSS_S_NO_CONTEXT; return GSS_S_NO_CONTEXT;
} }
return gss_set_sec_context_option(minor_status, return gss_set_sec_context_option(minor_status,
&(*context_handle)->negotiated_ctx_id, &ctx->negotiated_ctx_id,
desired_object, desired_object,
value); value);
} }

45
lib/gssapi/spnego/cred_stubs.c
View File

@@ -37,6 +37,7 @@ RCSID("$Id$");
OM_uint32 OM_uint32
_gss_spnego_release_cred(OM_uint32 *minor_status, gss_cred_id_t *cred_handle) _gss_spnego_release_cred(OM_uint32 *minor_status, gss_cred_id_t *cred_handle)
{ {
gssspnego_cred cred;
OM_uint32 ret; OM_uint32 ret;
*minor_status = 0; *minor_status = 0;
@@ -44,10 +45,11 @@ _gss_spnego_release_cred(OM_uint32 *minor_status, gss_cred_id_t *cred_handle)
if (*cred_handle == GSS_C_NO_CREDENTIAL) { if (*cred_handle == GSS_C_NO_CREDENTIAL) {
return GSS_S_COMPLETE; return GSS_S_COMPLETE;
} }
cred = (gssspnego_cred)*cred_handle;
ret = gss_release_cred(minor_status, &(*cred_handle)->negotiated_cred_id); ret = gss_release_cred(minor_status, &cred->negotiated_cred_id);
free(*cred_handle); free(cred);
*cred_handle = GSS_C_NO_CREDENTIAL; *cred_handle = GSS_C_NO_CREDENTIAL;
return ret; return ret;
@@ -58,18 +60,23 @@ _gss_spnego_alloc_cred(OM_uint32 *minor_status,
gss_cred_id_t mech_cred_handle, gss_cred_id_t mech_cred_handle,
gss_cred_id_t *cred_handle) gss_cred_id_t *cred_handle)
{ {
gssspnego_cred cred;
if (*cred_handle != GSS_C_NO_CREDENTIAL) { if (*cred_handle != GSS_C_NO_CREDENTIAL) {
*minor_status = EINVAL; *minor_status = EINVAL;
return GSS_S_FAILURE; return GSS_S_FAILURE;
} }
*cred_handle = (gss_cred_id_t)malloc(sizeof(*cred_handle)); cred = calloc(1, sizeof(*cred));
if (*cred_handle == GSS_C_NO_CREDENTIAL) { if (cred == NULL) {
*cred_handle = GSS_C_NO_CREDENTIAL;
*minor_status = ENOMEM; *minor_status = ENOMEM;
return GSS_S_FAILURE; return GSS_S_FAILURE;
} }
(*cred_handle)->negotiated_cred_id = mech_cred_handle; cred->negotiated_cred_id = mech_cred_handle;
*cred_handle = (gss_cred_id_t)cred;
return GSS_S_COMPLETE; return GSS_S_COMPLETE;
} }
@@ -94,6 +101,7 @@ OM_uint32 gss_spnego_acquire_cred
gss_OID_set_desc actual_desired_mechs; gss_OID_set_desc actual_desired_mechs;
int i, j; int i, j;
gss_cred_id_t cred_handle = GSS_C_NO_CREDENTIAL; gss_cred_id_t cred_handle = GSS_C_NO_CREDENTIAL;
gssspnego_cred cred;
*output_cred_handle = GSS_C_NO_CREDENTIAL; *output_cred_handle = GSS_C_NO_CREDENTIAL;
@@ -126,15 +134,16 @@ OM_uint32 gss_spnego_acquire_cred
if (ret != GSS_S_COMPLETE) if (ret != GSS_S_COMPLETE)
goto out; goto out;
cred = (gssspnego_cred)cred_handle;
ret = gss_acquire_cred(minor_status, desired_name, ret = gss_acquire_cred(minor_status, desired_name,
time_req, &actual_desired_mechs, time_req, &actual_desired_mechs,
cred_usage, cred_usage,
&cred_handle->negotiated_cred_id, &cred->negotiated_cred_id,
actual_mechs, time_rec); actual_mechs, time_rec);
if (ret != GSS_S_COMPLETE) if (ret != GSS_S_COMPLETE)
goto out; goto out;
*output_cred_handle = (gss_cred_id_t)cred_handle; *output_cred_handle = cred_handle;
out: out:
if (actual_desired_mechs.elements != NULL) { if (actual_desired_mechs.elements != NULL) {
@@ -164,6 +173,7 @@ OM_uint32 gss_spnego_inquire_cred
gss_OID_set * mechanisms gss_OID_set * mechanisms
) )
{ {
gssspnego_cred cred;
OM_uint32 ret; OM_uint32 ret;
if (cred_handle == GSS_C_NO_CREDENTIAL) { if (cred_handle == GSS_C_NO_CREDENTIAL) {
@@ -171,8 +181,10 @@ OM_uint32 gss_spnego_inquire_cred
return GSS_S_NO_CRED; return GSS_S_NO_CRED;
} }
cred = (gssspnego_cred)cred_handle;
ret = gss_inquire_cred(minor_status, ret = gss_inquire_cred(minor_status,
cred_handle->negotiated_cred_id, cred->negotiated_cred_id,
name, name,
lifetime, lifetime,
cred_usage, cred_usage,
@@ -197,6 +209,7 @@ OM_uint32 gss_spnego_add_cred (
{ {
gss_cred_id_t spnego_output_cred_handle = GSS_C_NO_CREDENTIAL; gss_cred_id_t spnego_output_cred_handle = GSS_C_NO_CREDENTIAL;
OM_uint32 ret, tmp; OM_uint32 ret, tmp;
gssspnego_cred input_cred, output_cred;
*output_cred_handle = GSS_C_NO_CREDENTIAL; *output_cred_handle = GSS_C_NO_CREDENTIAL;
@@ -205,14 +218,17 @@ OM_uint32 gss_spnego_add_cred (
if (ret) if (ret)
return ret; return ret;
input_cred = (gssspnego_cred)input_cred_handle;
output_cred = (gssspnego_cred)spnego_output_cred_handle;
ret = gss_add_cred(minor_status, ret = gss_add_cred(minor_status,
input_cred_handle->negotiated_cred_id, input_cred->negotiated_cred_id,
desired_name, desired_name,
desired_mech, desired_mech,
cred_usage, cred_usage,
initiator_time_req, initiator_time_req,
acceptor_time_req, acceptor_time_req,
&spnego_output_cred_handle->negotiated_cred_id, &output_cred->negotiated_cred_id,
actual_mechs, actual_mechs,
initiator_time_rec, initiator_time_rec,
acceptor_time_rec); acceptor_time_rec);
@@ -236,6 +252,7 @@ OM_uint32 gss_spnego_inquire_cred_by_mech (
gss_cred_usage_t * cred_usage gss_cred_usage_t * cred_usage
) )
{ {
gssspnego_cred cred;
OM_uint32 ret; OM_uint32 ret;
if (cred_handle == GSS_C_NO_CREDENTIAL) { if (cred_handle == GSS_C_NO_CREDENTIAL) {
@@ -243,8 +260,10 @@ OM_uint32 gss_spnego_inquire_cred_by_mech (
return GSS_S_NO_CRED; return GSS_S_NO_CRED;
} }
cred = (gssspnego_cred)cred_handle;
ret = gss_inquire_cred_by_mech(minor_status, ret = gss_inquire_cred_by_mech(minor_status,
cred_handle->negotiated_cred_id, cred->negotiated_cred_id,
mech_type, mech_type,
name, name,
initiator_lifetime, initiator_lifetime,
@@ -260,15 +279,17 @@ OM_uint32 gss_spnego_inquire_cred_by_oid
const gss_OID desired_object, const gss_OID desired_object,
gss_buffer_set_t *data_set) gss_buffer_set_t *data_set)
{ {
gssspnego_cred cred;
OM_uint32 ret; OM_uint32 ret;
if (cred_handle == GSS_C_NO_CREDENTIAL) { if (cred_handle == GSS_C_NO_CREDENTIAL) {
*minor_status = 0; *minor_status = 0;
return GSS_S_NO_CRED; return GSS_S_NO_CRED;
} }
cred = (gssspnego_cred)cred_handle;
ret = gss_inquire_cred_by_oid(minor_status, ret = gss_inquire_cred_by_oid(minor_status,
cred_handle->negotiated_cred_id, cred->negotiated_cred_id,
desired_object, desired_object,
data_set); data_set);

90
lib/gssapi/spnego/external.c
View File

@@ -31,6 +31,7 @@
*/ */
#include "spnego_locl.h" #include "spnego_locl.h"
#include <gssapi_mech.h>
RCSID("$Id$"); RCSID("$Id$");
@@ -41,59 +42,48 @@ RCSID("$Id$");
* iso.org.dod.internet.security.mechanism.snego (1.3.6.1.5.5.2). * iso.org.dod.internet.security.mechanism.snego (1.3.6.1.5.5.2).
*/ */
static struct gss_config spnego_mech = { static gssapi_mech_interface_desc spnego_mech = {
{6, (void *)"\x2b\x06\x01\x05\x05\x02"}, GMI_VERSION,
NULL, "spnego",
gss_spnego_acquire_cred, {6, (void *)"\x2b\x06\x01\x05\x05\x02"},
gss_spnego_release_cred, gss_spnego_acquire_cred,
gss_spnego_init_sec_context, gss_spnego_release_cred,
gss_spnego_accept_sec_context, gss_spnego_init_sec_context,
gss_spnego_process_context_token, gss_spnego_accept_sec_context,
gss_spnego_delete_sec_context, gss_spnego_process_context_token,
gss_spnego_context_time, gss_spnego_delete_sec_context,
gss_spnego_sign, gss_spnego_context_time,
gss_spnego_verify, gss_spnego_get_mic,
gss_spnego_seal, gss_spnego_verify_mic,
gss_spnego_unseal, gss_spnego_wrap,
NULL, /*gss_spnego_display_status,*/ gss_spnego_unwrap,
gss_spnego_indicate_mechs, gss_spnego_display_status,
gss_spnego_compare_name, gss_spnego_indicate_mechs,
gss_spnego_display_name, gss_spnego_compare_name,
gss_spnego_import_name, gss_spnego_display_name,
gss_spnego_release_name, gss_spnego_import_name,
gss_spnego_inquire_cred, gss_spnego_export_name,
gss_spnego_add_cred, gss_spnego_release_name,
gss_spnego_export_sec_context, gss_spnego_inquire_cred,
gss_spnego_import_sec_context, gss_spnego_inquire_context,
gss_spnego_inquire_cred_by_mech, gss_spnego_wrap_size_limit,
gss_spnego_inquire_names_for_mech, gss_spnego_add_cred,
gss_spnego_inquire_context, gss_spnego_inquire_cred_by_mech,
gss_spnego_internal_release_oid, gss_spnego_export_sec_context,
gss_spnego_wrap_size_limit, gss_spnego_import_sec_context,
NULL, /*gss_spnego_pname_to_uid,*/ gss_spnego_inquire_names_for_mech,
gss_spnego_duplicate_name, gss_spnego_inquire_mechs_for_name,
NULL, /*gss_spnego_set_allowable_enctypes */ gss_spnego_canonicalize_name,
gss_spnego_verify_mic, gss_spnego_duplicate_name
gss_spnego_get_mic,
gss_spnego_wrap,
gss_spnego_unwrap,
gss_spnego_canonicalize_name,
gss_spnego_export_name,
gss_spnego_wrap_ex,
gss_spnego_unwrap_ex,
gss_spnego_complete_auth_token,
NULL, /*gss_spnego_set_neg_mechs*/
NULL, /*gss_spnego_get_neg_mechs*/
gss_spnego_inquire_sec_context_by_oid,
gss_spnego_inquire_cred_by_oid,
gss_spnego_set_sec_context_option,
NULL /*gss_spnego_userok*/
}; };
gss_OID GSS_SPNEGO_MECHANISM = &spnego_mech.mech_type; gssapi_mech_interface
__gss_spnego_initialize(void)
gss_mechanism gss_spnego_initialize(void)
{ {
return &spnego_mech; return &spnego_mech;
} }
static gss_OID_desc gss_spnego_mechanism_desc =
{6, (void *)"\x2b\x06\x01\x05\x05\x02"};
gss_OID GSS_SPNEGO_MECHANISM = &gss_spnego_mechanism_desc;

60
lib/gssapi/spnego/init_sec_context.c
View File

@@ -45,7 +45,7 @@ RCSID("$Id$");
*/ */
static OM_uint32 static OM_uint32
spnego_reply_internal(OM_uint32 *minor_status, spnego_reply_internal(OM_uint32 *minor_status,
gss_ctx_id_t context_handle, gssspnego_ctx context_handle,
const gss_buffer_t mech_buf, const gss_buffer_t mech_buf,
gss_buffer_t mech_token, gss_buffer_t mech_token,
gss_buffer_t output_token) gss_buffer_t output_token)
@@ -148,7 +148,7 @@ spnego_reply_internal(OM_uint32 *minor_status,
static OM_uint32 static OM_uint32
spnego_initial spnego_initial
(OM_uint32 * minor_status, (OM_uint32 * minor_status,
const gss_cred_id_t initiator_cred_handle, gssspnego_cred cred,
gss_ctx_id_t * context_handle, gss_ctx_id_t * context_handle,
const gss_name_t target_name, const gss_name_t target_name,
const gss_OID mech_type, const gss_OID mech_type,
@@ -170,7 +170,8 @@ spnego_initial
size_t buf_size, buf_len; size_t buf_size, buf_len;
gss_buffer_desc data; gss_buffer_desc data;
size_t ni_len; size_t ni_len;
gss_ctx_id_t ctx; gss_ctx_id_t context;
gssspnego_ctx ctx;
memset (&ni, 0, sizeof(ni)); memset (&ni, 0, sizeof(ni));
@@ -178,23 +179,24 @@ spnego_initial
*minor_status = 0; *minor_status = 0;
sub = _gss_spnego_alloc_sec_context(&minor, &ctx); sub = _gss_spnego_alloc_sec_context(&minor, &context);
if (GSS_ERROR(sub)) { if (GSS_ERROR(sub)) {
*minor_status = minor; *minor_status = minor;
return sub; return sub;
} }
ctx = (gssspnego_ctx)context;
HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
ctx->local = 1; ctx->local = 1;
sub = _gss_spnego_indicate_mechtypelist(&minor, 0, sub = _gss_spnego_indicate_mechtypelist(&minor, 0,
initiator_cred_handle, cred,
&ni.mechTypes, &ni.mechTypes,
&ctx->preferred_mech_type); &ctx->preferred_mech_type);
if (GSS_ERROR(sub)) { if (GSS_ERROR(sub)) {
*minor_status = minor; *minor_status = minor;
_gss_spnego_delete_sec_context(&minor, &ctx, GSS_C_NO_BUFFER); _gss_spnego_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER);
return sub; return sub;
} }
@@ -207,9 +209,8 @@ spnego_initial
/* generate optimistic token */ /* generate optimistic token */
sub = gss_init_sec_context(&minor, sub = gss_init_sec_context(&minor,
initiator_cred_handle ? (cred != NULL) ? cred->negotiated_cred_id :
initiator_cred_handle->negotiated_cred_id : GSS_C_NO_CREDENTIAL,
GSS_C_NO_CREDENTIAL,
&ctx->negotiated_ctx_id, &ctx->negotiated_ctx_id,
target_name, target_name,
GSS_C_NO_OID, GSS_C_NO_OID,
@@ -224,7 +225,7 @@ spnego_initial
if (GSS_ERROR(sub)) { if (GSS_ERROR(sub)) {
free_NegTokenInit(&ni); free_NegTokenInit(&ni);
*minor_status = minor; *minor_status = minor;
_gss_spnego_delete_sec_context(&minor, &ctx, GSS_C_NO_BUFFER); _gss_spnego_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER);
return sub; return sub;
} }
@@ -233,7 +234,7 @@ spnego_initial
if (ni.mechToken == NULL) { if (ni.mechToken == NULL) {
free_NegTokenInit(&ni); free_NegTokenInit(&ni);
gss_release_buffer(&minor, &mech_token); gss_release_buffer(&minor, &mech_token);
_gss_spnego_delete_sec_context(&minor, &ctx, GSS_C_NO_BUFFER); _gss_spnego_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER);
*minor_status = ENOMEM; *minor_status = ENOMEM;
return GSS_S_FAILURE; return GSS_S_FAILURE;
} }
@@ -243,7 +244,7 @@ spnego_initial
free_NegTokenInit(&ni); free_NegTokenInit(&ni);
gss_release_buffer(&minor, &mech_token); gss_release_buffer(&minor, &mech_token);
*minor_status = ENOMEM; *minor_status = ENOMEM;
_gss_spnego_delete_sec_context(&minor, &ctx, GSS_C_NO_BUFFER); _gss_spnego_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER);
return GSS_S_FAILURE; return GSS_S_FAILURE;
} }
memcpy(ni.mechToken->data, mech_token.value, mech_token.length); memcpy(ni.mechToken->data, mech_token.value, mech_token.length);
@@ -260,7 +261,7 @@ spnego_initial
if (buf == NULL) { if (buf == NULL) {
free_NegTokenInit(&ni); free_NegTokenInit(&ni);
*minor_status = ENOMEM; *minor_status = ENOMEM;
_gss_spnego_delete_sec_context(&minor, &ctx, GSS_C_NO_BUFFER); _gss_spnego_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER);
return GSS_S_FAILURE; return GSS_S_FAILURE;
} }
@@ -276,7 +277,7 @@ spnego_initial
ret = der_put_length_and_tag(buf + buf_size - buf_len - 1, ret = der_put_length_and_tag(buf + buf_size - buf_len - 1,
buf_size - buf_len, buf_size - buf_len,
buf_len, buf_len,
CONTEXT, ASN1_C_CONTEXT,
CONS, CONS,
0, 0,
&tmp); &tmp);
@@ -287,7 +288,7 @@ spnego_initial
*minor_status = ret; *minor_status = ret;
free(buf); free(buf);
free_NegTokenInit(&ni); free_NegTokenInit(&ni);
_gss_spnego_delete_sec_context(&minor, &ctx, GSS_C_NO_BUFFER); _gss_spnego_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER);
return GSS_S_FAILURE; return GSS_S_FAILURE;
} }
@@ -307,7 +308,7 @@ spnego_initial
free (buf); free (buf);
if (sub) { if (sub) {
_gss_spnego_delete_sec_context(&minor, &ctx, GSS_C_NO_BUFFER); _gss_spnego_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER);
return sub; return sub;
} }
@@ -320,7 +321,7 @@ spnego_initial
HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
*context_handle = ctx; *context_handle = context;
return GSS_S_CONTINUE_NEEDED; return GSS_S_CONTINUE_NEEDED;
} }
@@ -328,7 +329,7 @@ spnego_initial
static OM_uint32 static OM_uint32
spnego_reply spnego_reply
(OM_uint32 * minor_status, (OM_uint32 * minor_status,
const gss_cred_id_t initiator_cred_handle, const gssspnego_cred cred,
gss_ctx_id_t * context_handle, gss_ctx_id_t * context_handle,
const gss_name_t target_name, const gss_name_t target_name,
const gss_OID mech_type, const gss_OID mech_type,
@@ -343,7 +344,6 @@ spnego_reply
) )
{ {
OM_uint32 ret, minor; OM_uint32 ret, minor;
gss_buffer_desc indata;
NegTokenResp resp; NegTokenResp resp;
u_char oidbuf[17]; u_char oidbuf[17];
size_t oidlen; size_t oidlen;
@@ -353,11 +353,11 @@ spnego_reply
size_t buf_len; size_t buf_len;
gss_buffer_desc mic_buf, mech_buf; gss_buffer_desc mic_buf, mech_buf;
gss_buffer_desc mech_output_token; gss_buffer_desc mech_output_token;
gss_ctx_id_t ctx; gssspnego_ctx ctx;
*minor_status = 0; *minor_status = 0;
ctx = *context_handle; ctx = (gssspnego_ctx)*context_handle;
output_token->length = 0; output_token->length = 0;
output_token->value = NULL; output_token->value = NULL;
@@ -369,14 +369,14 @@ spnego_reply
mech_buf.length = 0; mech_buf.length = 0;
ret = der_match_tag_and_length(input_token->value, input_token->length, ret = der_match_tag_and_length(input_token->value, input_token->length,
CONTEXT, CONS, 1, &len, &taglen); ASN1_C_CONTEXT, CONS, 1, &len, &taglen);
if (ret) if (ret)
return ret; return ret;
if (len > indata.length - taglen) if (len > input_token->length - taglen)
return ASN1_OVERRUN; return ASN1_OVERRUN;
ret = decode_NegTokenResp((const char *)input_token->value + taglen, ret = decode_NegTokenResp((const unsigned char *)input_token->value+taglen,
len, &resp, NULL); len, &resp, NULL);
if (ret) { if (ret) {
*minor_status = ENOMEM; *minor_status = ENOMEM;
@@ -414,10 +414,10 @@ spnego_reply
mech.length = oidlen; mech.length = oidlen;
mech.elements = oidbuf + sizeof(oidbuf) - oidlen; mech.elements = oidbuf + sizeof(oidbuf) - oidlen;
/* Fall through as if the negotiated mechanism was requested explicitly */ /* Fall through as if the negotiated mechanism
was requested explicitly */
ret = gss_init_sec_context(&minor, ret = gss_init_sec_context(&minor,
initiator_cred_handle ? (cred != NULL) ? cred->negotiated_cred_id :
initiator_cred_handle->negotiated_cred_id :
GSS_C_NO_CREDENTIAL, GSS_C_NO_CREDENTIAL,
&ctx->negotiated_ctx_id, &ctx->negotiated_ctx_id,
target_name, target_name,
@@ -544,9 +544,11 @@ OM_uint32 gss_spnego_init_sec_context
OM_uint32 * time_rec OM_uint32 * time_rec
) )
{ {
gssspnego_cred cred = (gssspnego_cred)initiator_cred_handle;
if (*context_handle == GSS_C_NO_CONTEXT) if (*context_handle == GSS_C_NO_CONTEXT)
return spnego_initial (minor_status, return spnego_initial (minor_status,
initiator_cred_handle, cred,
context_handle, context_handle,
target_name, target_name,
mech_type, mech_type,
@@ -560,7 +562,7 @@ OM_uint32 gss_spnego_init_sec_context
time_rec); time_rec);
else else
return spnego_reply (minor_status, return spnego_reply (minor_status,
initiator_cred_handle, cred,
context_handle, context_handle,
target_name, target_name,
mech_type, mech_type,

19
lib/gssapi/spnego/spnego_locl.h
View File

@@ -45,19 +45,18 @@
#include <krb5_locl.h> #include <krb5_locl.h>
#include <gssapi_spnego.h> #include <gssapi_spnego.h>
#include <gssapi.h>
#include <assert.h> #include <assert.h>
#include <der.h> #include <der.h>
#include <mechglue.h>
#include "spnego_asn1.h" #include "spnego_asn1.h"
gss_mechanism gss_spnego_initialize(void); #include <gssapi_mech.h>
typedef struct gss_cred_id_t_desc_struct { typedef struct {
gss_cred_id_t negotiated_cred_id; gss_cred_id_t negotiated_cred_id;
} gss_cred_id_t_desc; } *gssspnego_cred;
typedef struct gss_ctx_id_t_desc_struct { typedef struct {
MechTypeList initiator_mech_types; MechTypeList initiator_mech_types;
gss_OID preferred_mech_type; gss_OID preferred_mech_type;
gss_OID negotiated_mech_type; gss_OID negotiated_mech_type;
@@ -71,14 +70,14 @@ typedef struct gss_ctx_id_t_desc_struct {
int require_mic : 1; int require_mic : 1;
int verified_mic : 1; int verified_mic : 1;
HEIMDAL_MUTEX ctx_id_mutex; HEIMDAL_MUTEX ctx_id_mutex;
} gss_ctx_id_t_desc; } *gssspnego_ctx;
OM_uint32 OM_uint32
_gss_spnego_encode_response(OM_uint32 *, const NegTokenResp *, _gss_spnego_encode_response(OM_uint32 *, const NegTokenResp *,
gss_buffer_t, u_char **); gss_buffer_t, u_char **);
OM_uint32 OM_uint32
_gss_spnego_indicate_mechtypelist (OM_uint32 *, int, _gss_spnego_indicate_mechtypelist (OM_uint32 *, int,
const gss_cred_id_t cred_handle, const gssspnego_cred cred_handle,
MechTypeList *, MechTypeList *,
gss_OID *preferred_mech); gss_OID *preferred_mech);
OM_uint32 _gss_spnego_alloc_sec_context (OM_uint32 *, OM_uint32 _gss_spnego_alloc_sec_context (OM_uint32 *,
@@ -89,7 +88,7 @@ OM_uint32 _gss_spnego_alloc_sec_context (OM_uint32 *,
* calling _gss_spnego_delete_sec_context() * calling _gss_spnego_delete_sec_context()
*/ */
OM_uint32 _gss_spnego_delete_sec_context (OM_uint32 *, gss_ctx_id_t *, gss_buffer_t); OM_uint32 _gss_spnego_delete_sec_context (OM_uint32 *, gss_ctx_id_t *, gss_buffer_t);
OM_uint32 _gss_spnego_require_mechlist_mic(OM_uint32 *, gss_ctx_id_t, int *); OM_uint32 _gss_spnego_require_mechlist_mic(OM_uint32 *, gssspnego_ctx, int *);
OM_uint32 gss_spnego_internal_release_oid(OM_uint32 *minor_status, gss_OID *OID); OM_uint32 gss_spnego_internal_release_oid(OM_uint32 *minor_status, gss_OID *OID);
int _gss_spnego_add_mech_type(gss_OID, int, MechTypeList *); int _gss_spnego_add_mech_type(gss_OID, int, MechTypeList *);
OM_uint32 _gss_spnego_select_mech(OM_uint32 *, MechType *, gss_OID *); OM_uint32 _gss_spnego_select_mech(OM_uint32 *, MechType *, gss_OID *);
@@ -410,6 +409,7 @@ OM_uint32 gss_spnego_unseal
int * /*qop_state*/ int * /*qop_state*/
); );
#if 0
OM_uint32 gss_spnego_unwrap_ex OM_uint32 gss_spnego_unwrap_ex
(OM_uint32 * /*minor_status*/, (OM_uint32 * /*minor_status*/,
const gss_ctx_id_t /*context_handle*/, const gss_ctx_id_t /*context_handle*/,
@@ -436,6 +436,7 @@ OM_uint32 gss_spnego_complete_auth_token
(OM_uint32 * /*minor_status*/, (OM_uint32 * /*minor_status*/,
const gss_ctx_id_t /*context_handle*/, const gss_ctx_id_t /*context_handle*/,
gss_buffer_t /*input_message_buffer*/); gss_buffer_t /*input_message_buffer*/);
#endif
OM_uint32 gss_spnego_inquire_sec_context_by_oid OM_uint32 gss_spnego_inquire_sec_context_by_oid
(OM_uint32 * /*minor_status*/, (OM_uint32 * /*minor_status*/,