oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Merge branch 'master' of github.com:heimdal/heimdal

Browse Source 
Conflicts:
	lib/gssapi/gssapi/gssapi.h
	lib/gssapi/gssapi_mech.h
	lib/gssapi/mech/gss_mech_switch.c
This commit is contained in:
Luke Howard
2011-03-20 19:08:10 +11:00
parent 65ebfb5712 596cb33805
commit 9455577b65
142 changed files with 80509 additions and 3010 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/gssapi/Makefile.am
View File

@@ -170,6 +170,7 @@ ntlmsrc = \
ntlm/canonicalize_name.c \
ntlm/compare_name.c \
ntlm/context_time.c \
ntlm/creds.c \
ntlm/crypto.c \
ntlm/delete_sec_context.c \
ntlm/display_name.c \
@@ -185,10 +186,11 @@ ntlmsrc = \
ntlm/indicate_mechs.c \
ntlm/init_sec_context.c \
ntlm/inquire_context.c \
ntlm/inquire_cred.c \
ntlm/inquire_cred_by_mech.c \
ntlm/inquire_mechs_for_name.c \
ntlm/inquire_names_for_mech.c \
ntlm/inquire_sec_context_by_oid.c \
ntlm/iter_cred.c \
ntlm/process_context_token.c \
ntlm/release_cred.c \
ntlm/release_name.c \

31
lib/gssapi/gssapi/gssapi.h
View File

@@ -1025,9 +1025,23 @@ GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_add_cred_with_password (
OM_uint32 * /*acceptor_time_rec*/
);
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_pname_to_uid(
OM_uint32 *minor,
const gss_name_t name,
const gss_OID mech_type,
uid_t *uidOut);
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_userok(OM_uint32 *minor,
const gss_name_t name,
const char *user,
int *user_ok);
/*
* Naming extensions
*/
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_display_name_ext (
OM_uint32 *, /* minor_status */
gss_name_t, /* name */
@@ -1074,23 +1088,6 @@ GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_export_name_composite (
gss_buffer_t /* exp_composite_name */
);
typedef struct gss_any *gss_any_t;
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_map_name_to_any (
OM_uint32 *, /* minor_status */
gss_name_t, /* name */
int, /* authenticated */
gss_buffer_t, /* type_id */
gss_any_t * /* output */
);
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_release_any_name_mapping (
OM_uint32 *, /* minor_status */
gss_name_t, /* name */
gss_buffer_t, /* type_id */
gss_any_t * /* input */
);
/*
*
*/

50
lib/gssapi/gssapi/gssapi_netlogon.h Normal file
View File

@@ -0,0 +1,50 @@
/*
* Copyright (c) 2006 - 2009 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/* $Id$ */
#ifndef GSSAPI_NETLOGON_H_
#define GSSAPI_NETLOGON_H_
#include <gssapi.h>
GSSAPI_CPP_START
extern GSSAPI_LIB_VARIABLE gss_OID GSS_NETLOGON_MECHANISM;
extern GSSAPI_LIB_VARIABLE gss_OID GSS_NETLOGON_NT_NETBIOS_DNS_NAME;
extern GSSAPI_LIB_VARIABLE gss_OID GSS_NETLOGON_SET_SESSION_KEY_X;
extern GSSAPI_LIB_VARIABLE gss_OID GSS_NETLOGON_SET_SIGN_ALGORITHM_X;
GSSAPI_CPP_END
#endif /* GSSAPI_NETLOGON_H_ */

7
lib/gssapi/gssapi/gssapi_oid.h
View File

@@ -125,6 +125,13 @@ extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_netlogon_set_sign_algorithm_x_oid_
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_netlogon_nt_netbios_dns_name_oid_desc;
#define GSS_NETLOGON_NT_NETBIOS_DNS_NAME (&__gss_netlogon_nt_netbios_dns_name_oid_desc)
/* GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X.128 */
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_inq_win2k_pac_x_oid_desc;
#define GSS_C_INQ_WIN2K_PAC_X (&__gss_c_inq_win2k_pac_x_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_inq_sspi_session_key_oid_desc;
#define GSS_C_INQ_SSPI_SESSION_KEY (&__gss_c_inq_sspi_session_key_oid_desc)
/*
* "Standard" mechs
*/

225
lib/gssapi/gssapi_mech.h
View File

@@ -393,47 +393,6 @@ _gss_cred_label_get_t(OM_uint32 * /* minor_status */,
const char * /* label */,
gss_buffer_t /* value */);
typedef struct gss_mo_desc_struct gss_mo_desc;
struct gss_mo_desc_struct {
gss_OID option;
OM_uint32 flags;
#define GSS_MO_MA 1
#define GSS_MO_MA_CRITICAL 2
const char *name;
void *ctx;
int (*get)(gss_const_OID, gss_mo_desc *, gss_buffer_t);
int (*set)(gss_const_OID, gss_mo_desc *, int, gss_buffer_t);
};
typedef OM_uint32 GSSAPI_CALLCONV _gss_acquire_cred_with_password_t
(OM_uint32 *, /* minor_status */
const gss_name_t, /* desired_name */
const gss_buffer_t, /* password */
OM_uint32, /* time_req */
const gss_OID_set, /* desired_mechs */
gss_cred_usage_t, /* cred_usage */
gss_cred_id_t *, /* output_cred_handle */
gss_OID_set *, /* actual_mechs */
OM_uint32 * /* time_rec */
);
typedef OM_uint32 GSSAPI_CALLCONV _gss_add_cred_with_password_t (
OM_uint32 *, /* minor_status */
const gss_cred_id_t, /* input_cred_handle */
const gss_name_t, /* desired_name */
const gss_OID, /* desired_mech */
const gss_buffer_t, /* password */
gss_cred_usage_t, /* cred_usage */
OM_uint32, /* initiator_time_req */
OM_uint32, /* acceptor_time_req */
gss_cred_id_t *, /* output_cred_handle */
gss_OID_set *, /* actual_mechs */
OM_uint32 *, /* initiator_time_rec */
OM_uint32 * /* acceptor_time_rec */
);
typedef OM_uint32 GSSAPI_CALLCONV _gss_display_name_ext_t (
OM_uint32 *, /* minor_status */
gss_name_t, /* name */
@@ -480,20 +439,54 @@ typedef OM_uint32 GSSAPI_CALLCONV _gss_export_name_composite_t (
gss_buffer_t /* exp_composite_name */
);
typedef OM_uint32 GSSAPI_CALLCONV _gss_map_name_to_any_t (
OM_uint32 *, /* minor_status */
gss_name_t, /* name */
int, /* authenticated */
gss_buffer_t, /* type_id */
gss_any_t * /* output */
);
/*
*
*/
typedef OM_uint32 GSSAPI_CALLCONV _gss_release_any_name_mapping_t (
OM_uint32 *, /* minor_status */
gss_name_t, /* name */
gss_buffer_t, /* type_id */
gss_any_t * /* input */
);
typedef struct gss_mo_desc_struct gss_mo_desc;
typedef OM_uint32 GSSAPI_CALLCONV
_gss_mo_init (OM_uint32 *, gss_OID, gss_mo_desc **, size_t *);
struct gss_mo_desc_struct {
gss_OID option;
OM_uint32 flags;
#define GSS_MO_MA 1
#define GSS_MO_MA_CRITICAL 2
const char *name;
void *ctx;
int (*get)(gss_const_OID, gss_mo_desc *, gss_buffer_t);
int (*set)(gss_const_OID, gss_mo_desc *, int, gss_buffer_t);
};
typedef OM_uint32 GSSAPI_CALLCONV _gss_acquire_cred_with_password_t
(OM_uint32 *, /* minor_status */
const gss_name_t, /* desired_name */
const gss_buffer_t, /* password */
OM_uint32, /* time_req */
const gss_OID_set, /* desired_mechs */
gss_cred_usage_t, /* cred_usage */
gss_cred_id_t *, /* output_cred_handle */
gss_OID_set *, /* actual_mechs */
OM_uint32 * /* time_rec */
);
typedef OM_uint32 GSSAPI_CALLCONV _gss_add_cred_with_password_t (
OM_uint32 *, /* minor_status */
const gss_cred_id_t, /* input_cred_handle */
const gss_name_t, /* desired_name */
const gss_OID, /* desired_mech */
const gss_buffer_t, /* password */
gss_cred_usage_t, /* cred_usage */
OM_uint32, /* initiator_time_req */
OM_uint32, /* acceptor_time_req */
gss_cred_id_t *, /* output_cred_handle */
gss_OID_set *, /* actual_mechs */
OM_uint32 *, /* initiator_time_rec */
OM_uint32 * /* acceptor_time_rec */
);
/* mechglue internal */
struct gss_mech_compat_desc_struct;
@@ -504,70 +497,68 @@ struct gss_mech_compat_desc_struct;
#define GM_USE_MG_CRED 1 /* uses mech glue credentials */
typedef struct gssapi_mech_interface_desc {
unsigned gm_version;
const char *gm_name;
gss_OID_desc gm_mech_oid;
unsigned gm_flags;
_gss_acquire_cred_t *gm_acquire_cred;
_gss_release_cred_t *gm_release_cred;
_gss_init_sec_context_t *gm_init_sec_context;
_gss_accept_sec_context_t *gm_accept_sec_context;
_gss_process_context_token_t *gm_process_context_token;
_gss_delete_sec_context_t *gm_delete_sec_context;
_gss_context_time_t *gm_context_time;
_gss_get_mic_t *gm_get_mic;
_gss_verify_mic_t *gm_verify_mic;
_gss_wrap_t *gm_wrap;
_gss_unwrap_t *gm_unwrap;
_gss_display_status_t *gm_display_status;
_gss_indicate_mechs_t *gm_indicate_mechs;
_gss_compare_name_t *gm_compare_name;
_gss_display_name_t *gm_display_name;
_gss_import_name_t *gm_import_name;
_gss_export_name_t *gm_export_name;
_gss_release_name_t *gm_release_name;
_gss_inquire_cred_t *gm_inquire_cred;
_gss_inquire_context_t *gm_inquire_context;
_gss_wrap_size_limit_t *gm_wrap_size_limit;
_gss_add_cred_t *gm_add_cred;
_gss_inquire_cred_by_mech_t *gm_inquire_cred_by_mech;
_gss_export_sec_context_t *gm_export_sec_context;
_gss_import_sec_context_t *gm_import_sec_context;
_gss_inquire_names_for_mech_t *gm_inquire_names_for_mech;
_gss_inquire_mechs_for_name_t *gm_inquire_mechs_for_name;
_gss_canonicalize_name_t *gm_canonicalize_name;
_gss_duplicate_name_t *gm_duplicate_name;
_gss_inquire_sec_context_by_oid *gm_inquire_sec_context_by_oid;
_gss_inquire_cred_by_oid *gm_inquire_cred_by_oid;
_gss_set_sec_context_option *gm_set_sec_context_option;
_gss_set_cred_option *gm_set_cred_option;
_gss_pseudo_random *gm_pseudo_random;
_gss_wrap_iov_t *gm_wrap_iov;
_gss_unwrap_iov_t *gm_unwrap_iov;
_gss_wrap_iov_length_t *gm_wrap_iov_length;
_gss_store_cred_t *gm_store_cred;
_gss_export_cred_t *gm_export_cred;
_gss_import_cred_t *gm_import_cred;
_gss_acquire_cred_ex_t *gm_acquire_cred_ex;
_gss_iter_creds_t *gm_iter_creds;
_gss_destroy_cred_t *gm_destroy_cred;
_gss_cred_hold_t *gm_cred_hold;
_gss_cred_unhold_t *gm_cred_unhold;
_gss_cred_label_get_t *gm_cred_label_get;
_gss_cred_label_set_t *gm_cred_label_set;
gss_mo_desc *gm_mo;
size_t gm_mo_num;
struct gss_mech_compat_desc_struct *gm_compat;
_gss_display_name_ext_t *gm_display_name_ext;
_gss_inquire_name_t *gm_inquire_name;
_gss_get_name_attribute_t *gm_get_name_attribute;
_gss_set_name_attribute_t *gm_set_name_attribute;
_gss_delete_name_attribute_t *gm_delete_name_attribute;
_gss_export_name_composite_t *gm_export_name_composite;
_gss_map_name_to_any_t *gm_map_name_to_any;
_gss_release_any_name_mapping_t *gm_release_any_name_mapping;
unsigned gm_version;
const char *gm_name;
gss_OID_desc gm_mech_oid;
unsigned gm_flags;
_gss_acquire_cred_t *gm_acquire_cred;
_gss_release_cred_t *gm_release_cred;
_gss_init_sec_context_t *gm_init_sec_context;
_gss_accept_sec_context_t *gm_accept_sec_context;
_gss_process_context_token_t *gm_process_context_token;
_gss_delete_sec_context_t *gm_delete_sec_context;
_gss_context_time_t *gm_context_time;
_gss_get_mic_t *gm_get_mic;
_gss_verify_mic_t *gm_verify_mic;
_gss_wrap_t *gm_wrap;
_gss_unwrap_t *gm_unwrap;
_gss_display_status_t *gm_display_status;
_gss_indicate_mechs_t *gm_indicate_mechs;
_gss_compare_name_t *gm_compare_name;
_gss_display_name_t *gm_display_name;
_gss_import_name_t *gm_import_name;
_gss_export_name_t *gm_export_name;
_gss_release_name_t *gm_release_name;
_gss_inquire_cred_t *gm_inquire_cred;
_gss_inquire_context_t *gm_inquire_context;
_gss_wrap_size_limit_t *gm_wrap_size_limit;
_gss_add_cred_t *gm_add_cred;
_gss_inquire_cred_by_mech_t *gm_inquire_cred_by_mech;
_gss_export_sec_context_t *gm_export_sec_context;
_gss_import_sec_context_t *gm_import_sec_context;
_gss_inquire_names_for_mech_t *gm_inquire_names_for_mech;
_gss_inquire_mechs_for_name_t *gm_inquire_mechs_for_name;
_gss_canonicalize_name_t *gm_canonicalize_name;
_gss_duplicate_name_t *gm_duplicate_name;
_gss_inquire_sec_context_by_oid *gm_inquire_sec_context_by_oid;
_gss_inquire_cred_by_oid *gm_inquire_cred_by_oid;
_gss_set_sec_context_option *gm_set_sec_context_option;
_gss_set_cred_option *gm_set_cred_option;
_gss_pseudo_random *gm_pseudo_random;
_gss_wrap_iov_t *gm_wrap_iov;
_gss_unwrap_iov_t *gm_unwrap_iov;
_gss_wrap_iov_length_t *gm_wrap_iov_length;
_gss_store_cred_t *gm_store_cred;
_gss_export_cred_t *gm_export_cred;
_gss_import_cred_t *gm_import_cred;
_gss_acquire_cred_ex_t *gm_acquire_cred_ex;
_gss_iter_creds_t *gm_iter_creds;
_gss_destroy_cred_t *gm_destroy_cred;
_gss_cred_hold_t *gm_cred_hold;
_gss_cred_unhold_t *gm_cred_unhold;
_gss_cred_label_get_t *gm_cred_label_get;
_gss_cred_label_set_t *gm_cred_label_set;
gss_mo_desc *gm_mo;
size_t gm_mo_num;
_gss_display_name_ext_t *gm_display_name_ext;
_gss_inquire_name_t *gm_inquire_name;
_gss_get_name_attribute_t *gm_get_name_attribute;
_gss_set_name_attribute_t *gm_set_name_attribute;
_gss_delete_name_attribute_t *gm_delete_name_attribute;
_gss_export_name_composite_t *gm_export_name_composite;
_gss_acquire_cred_with_password_t *gm_acquire_cred_with_password;
_gss_add_cred_with_password_t *gm_add_cred_with_password;
_gss_add_cred_with_password_t *gm_add_cred_with_password;
gss_mech_compat_desc_struct *gm_compat;
} gssapi_mech_interface_desc, *gssapi_mech_interface;
gssapi_mech_interface

59
lib/gssapi/mech/gss_destroy_cred.c Normal file
View File

@@ -0,0 +1,59 @@
/*-
* Copyright (c) 2005 Doug Rabson
* All rights reserved.
*
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "mech_locl.h"
#include <heim_threads.h>
OM_uint32 GSSAPI_LIB_FUNCTION
gss_destroy_cred(void *status,
gss_cred_id_t *cred_handle)
{
struct _gss_cred *cred;
struct _gss_mechanism_cred *mc;
OM_uint32 junk;
if (cred_handle == NULL)
return GSS_S_CALL_INACCESSIBLE_READ;
if (*cred_handle == GSS_C_NO_CREDENTIAL)
return GSS_S_COMPLETE;
cred = (struct _gss_cred *)*cred_handle;
while (HEIM_SLIST_FIRST(&cred->gc_mc)) {
mc = HEIM_SLIST_FIRST(&cred->gc_mc);
HEIM_SLIST_REMOVE_HEAD(&cred->gc_mc, gmc_link);
if (mc->gmc_mech->gm_destroy_cred)
mc->gmc_mech->gm_destroy_cred(&junk, &mc->gmc_cred);
else
mc->gmc_mech->gm_release_cred(&junk, &mc->gmc_cred);
free(mc);
}
free(cred);
return GSS_S_COMPLETE;
}

4
lib/gssapi/mech/gss_mech_switch.c
View File

@@ -357,10 +357,10 @@ _gss_load_mech(void)
OPTSYM(set_name_attribute);
OPTSYM(delete_name_attribute);
OPTSYM(export_name_composite);
OPTSYM(map_name_to_any);
OPTSYM(release_any_name_mapping);
OPTSPISYM(acquire_cred_with_password);
OPTSYM(add_cred_with_password);
OPTSYM(pname_to_uid);
OPTSYM(user_ok);
mi = dlsym(so, "gss_mo_init");
if (mi != NULL) {

6
lib/gssapi/mech/gss_oid.c
View File

@@ -118,6 +118,12 @@ gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_set_sign_algorithm_x_oid_desc =
/* GSS_NETLOGON_NT_NETBIOS_DNS_NAME - 1.2.752.43.14.5 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_nt_netbios_dns_name_oid_desc = { 6, "\x2a\x85\x70\x2b\x0e\x05" };
/* GSS_C_INQ_WIN2K_PAC_X - 1.2.752.43.13.3.128 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_inq_win2k_pac_x_oid_desc = { 8, "\x2a\x85\x70\x2b\x0d\x03\x81\x00" };
/* GSS_C_INQ_SSPI_SESSION_KEY - 1.2.840.113554.1.2.2.5.5 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_inq_sspi_session_key_oid_desc = { 11, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x05" };
/* GSS_KRB5_MECHANISM - 1.2.840.113554.1.2.2 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_mechanism_oid_desc = { 9, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02" };

67
lib/gssapi/ntlm/inquire_cred.c → lib/gssapi/ntlm/creds.c
View File

@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -33,7 +35,7 @@
#include "ntlm.h"
OM_uint32 GSSAPI_CALLCONV _gss_ntlm_inquire_cred
OM_uint32 _gss_ntlm_inquire_cred
(OM_uint32 * minor_status,
const gss_cred_id_t cred_handle,
gss_name_t * name,
@@ -46,8 +48,16 @@ OM_uint32 GSSAPI_CALLCONV _gss_ntlm_inquire_cred
*minor_status = 0;
if (name)
*name = GSS_C_NO_NAME;
if (cred_handle == NULL)
return GSS_S_NO_CRED;
if (name) {
ret = _gss_ntlm_duplicate_name(minor_status,
(gss_name_t)cred_handle,
name);
if (ret)
goto out;
}
if (lifetime)
*lifetime = GSS_C_INDEFINITE;
if (cred_usage)
@@ -74,3 +84,54 @@ out:
gss_release_oid_set(&junk, mechanisms);
return ret;
}
OM_uint32
_gss_ntlm_destroy_cred(OM_uint32 *minor_status,
gss_cred_id_t *cred_handle)
{
krb5_error_code ret;
krb5_storage *request, *response;
krb5_data response_data;
krb5_context context;
ntlm_cred cred;
if (cred_handle == NULL || *cred_handle == GSS_C_NO_CREDENTIAL)
return GSS_S_COMPLETE;
cred = (ntlm_cred)*cred_handle;
ret = krb5_init_context(&context);
if (ret) {
*minor_status = ret;
return GSS_S_FAILURE;
}
ret = krb5_kcm_storage_request(context, KCM_OP_DEL_NTLM_CRED, &request);
if (ret)
goto out;
ret = krb5_store_stringz(request, cred->username);
if (ret)
goto out;
ret = krb5_store_stringz(request, cred->domain);
if (ret)
goto out;
ret = krb5_kcm_call(context, request, &response, &response_data);
if (ret)
goto out;
krb5_storage_free(request);
krb5_storage_free(response);
krb5_data_free(&response_data);
out:
krb5_free_context(context);
if (ret) {
*minor_status = ret;
return GSS_S_FAILURE;
}
return _gss_ntlm_release_cred(minor_status, cred_handle);
}

6
lib/gssapi/ntlm/external.c
View File

@@ -94,6 +94,7 @@ static gssapi_mech_interface_desc ntlm_mech = {
_gss_ntlm_inquire_mechs_for_name,
_gss_ntlm_canonicalize_name,
_gss_ntlm_duplicate_name,
_gss_ntlm_inquire_sec_context_by_oid,
NULL,
NULL,
NULL,
@@ -105,9 +106,8 @@ static gssapi_mech_interface_desc ntlm_mech = {
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
_gss_ntlm_iter_creds_f,
_gss_ntlm_destroy_cred,
NULL,
NULL,
NULL,

90
lib/gssapi/ntlm/inquire_sec_context_by_oid.c Normal file
View File

@@ -0,0 +1,90 @@
/*
* Copyright (c) 2006 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "ntlm.h"
OM_uint32
_gss_ntlm_inquire_sec_context_by_oid(OM_uint32 *minor_status,
const gss_ctx_id_t context_handle,
const gss_OID desired_object,
gss_buffer_set_t *data_set)
{
ntlm_ctx ctx = (ntlm_ctx)context_handle;
if (ctx == NULL) {
*minor_status = 0;
return GSS_S_NO_CONTEXT;
}
if (gss_oid_equal(desired_object, GSS_NTLM_GET_SESSION_KEY_X) ||
gss_oid_equal(desired_object, GSS_C_INQ_SSPI_SESSION_KEY)) {
gss_buffer_desc value;
value.length = ctx->sessionkey.length;
value.value = ctx->sessionkey.data;
return gss_add_buffer_set_member(minor_status,
&value,
data_set);
} else if (gss_oid_equal(desired_object, GSS_C_INQ_WIN2K_PAC_X)) {
if (ctx->pac.length == 0) {
*minor_status = ENOENT;
return GSS_S_FAILURE;
}
return gss_add_buffer_set_member(minor_status,
&ctx->pac,
data_set);
} else if (gss_oid_equal(desired_object, GSS_C_NTLM_AVGUEST)) {
gss_buffer_desc value;
uint32_t num;
if (ctx->kcmflags & KCM_NTLM_FLAG_AV_GUEST)
num = 1;
else
num = 0;
value.length = sizeof(num);
value.value = &num;
return gss_add_buffer_set_member(minor_status,
&value,
data_set);
} else {
*minor_status = 0;
return GSS_S_FAILURE;
}
}

97
lib/gssapi/ntlm/iter_cred.c Normal file
View File

@@ -0,0 +1,97 @@
/*
* Copyright (c) 2006 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "ntlm.h"
void
_gss_ntlm_iter_creds_f(OM_uint32 flags,
void *userctx ,
void (*cred_iter)(void *, gss_OID, gss_cred_id_t))
{
krb5_error_code ret;
krb5_context context = NULL;
krb5_storage *request, *response;
krb5_data response_data;
ret = krb5_init_context(&context);
if (ret)
goto done;
ret = krb5_kcm_storage_request(context, KCM_OP_GET_NTLM_USER_LIST, &request);
if (ret)
goto done;
ret = krb5_kcm_call(context, request, &response, &response_data);
krb5_storage_free(request);
if (ret)
goto done;
while (1) {
uint32_t morep;
char *user = NULL, *domain = NULL;
ntlm_cred dn;
ret = krb5_ret_uint32(response, &morep);
if (ret) goto out;
if (!morep) goto out;
ret = krb5_ret_stringz(response, &user);
if (ret) goto out;
ret = krb5_ret_stringz(response, &domain);
if (ret) {
free(user);
goto out;
}
dn = calloc(1, sizeof(*dn));
if (dn == NULL) {
free(user);
free(domain);
goto out;
}
dn->username = user;
dn->domain = domain;
cred_iter(userctx, GSS_NTLM_MECHANISM, (gss_cred_id_t)dn);
}
out:
krb5_storage_free(response);
krb5_data_free(&response_data);
done:
if (context)
krb5_free_context(context);
(*cred_iter)(userctx, NULL, NULL);
}

5
lib/gssapi/ntlm/ntlm.h
View File

@@ -49,8 +49,10 @@
#include <gssapi.h>
#include <gssapi_ntlm.h>
#include <gssapi_mech.h>
#include <gssapi_oid.h>
#include <krb5.h>
#include <kcm.h>
#include <heim_threads.h>
#include <heimntlm.h>
@@ -109,6 +111,7 @@ typedef struct {
void *ictx;
ntlm_cred client;
OM_uint32 gssflags;
uint32_t kcmflags;
uint32_t flags;
uint32_t status;
#define STATUS_OPEN 1
@@ -116,6 +119,8 @@ typedef struct {
#define STATUS_SESSIONKEY 4
krb5_data sessionkey;
gss_buffer_desc pac;
union {
struct {
struct {

4
lib/gssapi/oid.txt
View File

@@ -49,6 +49,10 @@ oid base GSS_NETLOGON_SET_SESSION_KEY_X 1.2.752.43.14.3
oid base GSS_NETLOGON_SET_SIGN_ALGORITHM_X 1.2.752.43.14.4
oid base GSS_NETLOGON_NT_NETBIOS_DNS_NAME 1.2.752.43.14.5
#/* GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X.128 */
oid base GSS_C_INQ_WIN2K_PAC_X 1.2.752.43.13.3.128
oid base GSS_C_INQ_SSPI_SESSION_KEY 1.2.840.113554.1.2.2.5.5
#/*
# * "Standard" mechs
# */