oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

code for token delegation. From Daniel Kouril <kouril@ics.muni.cz> and Miroslav Ruda <ruda@ics.muni.cz>

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@8429 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Assar Westerlund
2000-06-21 02:32:38 +00:00
parent 23490da719
commit 7d7194da08
14 changed files with 828 additions and 66 deletions
Download Patch File Download Diff File Expand all files Collapse all files

114
lib/gssapi/accept_sec_context.c
View File

@@ -75,9 +75,11 @@ gss_accept_sec_context
OM_uint32 flags;
krb5_ticket *ticket = NULL;
krb5_keytab keytab = NULL;
krb5_data fwd_data;
gssapi_krb5_init ();
krb5_data_zero (&fwd_data);
output_token->length = 0;
output_token->value = NULL;
@@ -103,6 +105,70 @@ gss_accept_sec_context
goto failure;
}
if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS
&& input_chan_bindings->application_data.length ==
2 * sizeof((*context_handle)->auth_context->local_port)
) {
/* Port numbers are expected to be in application_data.value,
* initator's port first */
krb5_address initiator_addr, acceptor_addr;
memset(&initiator_addr, 0, sizeof(initiator_addr));
memset(&acceptor_addr, 0, sizeof(acceptor_addr));
(*context_handle)->auth_context->remote_port =
*(int16_t *) input_chan_bindings->application_data.value;
(*context_handle)->auth_context->local_port =
*((int16_t *) input_chan_bindings->application_data.value + 1);
kret = gss_address_to_krb5addr(input_chan_bindings->acceptor_addrtype,
&input_chan_bindings->acceptor_address,
(*context_handle)->auth_context->local_port,
&acceptor_addr);
if (kret) {
*minor_status = kret;
ret = GSS_S_BAD_BINDINGS;
goto failure;
}
kret = gss_address_to_krb5addr(input_chan_bindings->initiator_addrtype,
&input_chan_bindings->initiator_address,
(*context_handle)->auth_context->remote_port,
&initiator_addr);
if (kret) {
krb5_free_address (gssapi_krb5_context, &acceptor_addr);
*minor_status = kret;
ret = GSS_S_BAD_BINDINGS;
goto failure;
}
kret = krb5_auth_con_setaddrs(gssapi_krb5_context,
(*context_handle)->auth_context,
&acceptor_addr, /* local address */
&initiator_addr); /* remote address */
krb5_free_address (gssapi_krb5_context, &initiator_addr);
krb5_free_address (gssapi_krb5_context, &acceptor_addr);
#if 0
free(input_chan_bindings->application_data.value);
input_chan_bindings->application_data.value = NULL;
input_chan_bindings->application_data.length = 0;
#endif
if (kret) {
*minor_status = kret;
ret = GSS_S_BAD_BINDINGS;
goto failure;
}
}
{
int32_t tmp;
@@ -183,7 +249,8 @@ gss_accept_sec_context
kret = gssapi_krb5_verify_8003_checksum(input_chan_bindings,
authenticator->cksum,
&flags);
&flags,
&fwd_data);
krb5_free_authenticator(gssapi_krb5_context, &authenticator);
if (kret) {
ret = GSS_S_FAILURE;
@@ -191,6 +258,49 @@ gss_accept_sec_context
}
}
if (fwd_data.length > 0 && (flags & GSS_C_DELEG_FLAG)) {
krb5_ccache ccache;
if (delegated_cred_handle == NULL || *delegated_cred_handle == NULL)
/* XXX Create a new delegated_cred_handle? */
kret = krb5_cc_default (gssapi_krb5_context, &ccache);
else {
if ((*delegated_cred_handle)->ccache == NULL)
kret = krb5_cc_gen_new (gssapi_krb5_context,
&krb5_mcc_ops,
&(*delegated_cred_handle)->ccache);
ccache = (*delegated_cred_handle)->ccache;
}
if (kret) {
flags &= ~GSS_C_DELEG_FLAG;
goto end_fwd;
}
kret = krb5_cc_initialize(gssapi_krb5_context,
ccache,
*src_name);
if (kret) {
flags &= ~GSS_C_DELEG_FLAG;
goto end_fwd;
}
kret = krb5_rd_cred(gssapi_krb5_context,
(*context_handle)->auth_context,
ccache,
&fwd_data);
if (kret) {
flags &= ~GSS_C_DELEG_FLAG;
goto end_fwd;
}
end_fwd:
free(fwd_data.data);
}
flags |= GSS_C_TRANS_FLAG;
if (ret_flags)
@@ -236,6 +346,8 @@ gss_accept_sec_context
return GSS_S_COMPLETE;
failure:
if (fwd_data.length > 0)
free(fwd_data.data);
if (ticket != NULL)
krb5_free_ticket (gssapi_krb5_context, ticket);
krb5_auth_con_free (gssapi_krb5_context,