first try

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@7913 ec53bebd-3082-4978-b11e-865c3cabbd6b

lib/gssapi/export_sec_context.c

@@ -0,0 +1,116 @@
+/*
+ * Copyright (c) 1999 - 2000 Kungliga Tekniska H<>gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#include "gssapi_locl.h"
+
+RCSID("$Id$");
+
+OM_uint32
+gss_export_sec_context (
+    OM_uint32 * minor_status,
+    gss_ctx_id_t * context_handle,
+    gss_buffer_t interprocess_token
+    )
+{
+    krb5_storage *sp;
+    krb5_auth_context ac;
+    unsigned char auth_buf[1024];
+    size_t sz;
+    int ret;
+    krb5_data data;
+    gss_buffer_desc buffer;
+
+    gssapi_krb5_init ();
+    if (!((*context_handle)->flags & GSS_C_TRANS_FLAG))
+	return GSS_S_UNAVAILABLE;
+
+    sp = krb5_storage_emem ();
+    if (sp == NULL) {
+	*minor_status = ENOMEM;
+	return GSS_S_FAILURE;
+    }
+    /* marshall auth context */
+
+    ac = (*context_handle)->auth_context;
+    krb5_store_int32 (sp, ac->flags);
+    krb5_store_address (sp, *ac->local_address);
+    krb5_store_address (sp, *ac->remote_address);
+    krb5_store_int16 (sp, ac->local_port);
+    krb5_store_int16 (sp, ac->remote_port);
+    krb5_store_keyblock (sp, *ac->keyblock);
+    krb5_store_keyblock (sp, *ac->local_subkey);
+    krb5_store_keyblock (sp, *ac->remote_subkey);
+    krb5_store_int32 (sp, ac->local_seqnumber);
+    krb5_store_int32 (sp, ac->remote_seqnumber);
+    ret = encode_Authenticator (auth_buf, sizeof(auth_buf),
+				ac->authenticator, &sz);
+    if (ret) {
+	krb5_storage_free (sp);
+	*minor_status = ret;
+	return GSS_S_FAILURE;
+    }
+    data.data   = auth_buf;
+    data.length = sz;
+    krb5_store_data (sp, data);
+    krb5_store_int32 (sp, ac->keytype);
+    krb5_store_int32 (sp, ac->cksumtype);
+
+    /* names */
+
+    gss_export_name (minor_status, (*context_handle)->source, &buffer);
+    data.data   = buffer.value;
+    data.length = buffer.length;
+    krb5_store_data (sp, data);
+
+    gss_export_name (minor_status, (*context_handle)->target, &buffer);
+    data.data   = buffer.value;
+    data.length = buffer.length;
+    krb5_store_data (sp, data);
+
+    krb5_store_int32 (sp, (*context_handle)->flags);
+    krb5_store_int32 (sp, (*context_handle)->more_flags);
+
+    ret = krb5_storage_to_data (sp, &data);
+    krb5_storage_free (sp);
+    if (ret) {
+	*minor_status = ret;
+	return GSS_S_FAILURE;
+    }
+    interprocess_token->length = data.length;
+    interprocess_token->value  = data.data;
+    ret = gss_delete_sec_context (minor_status, context_handle,
+				  GSS_C_NO_BUFFER);
+    if (ret != GSS_S_COMPLETE)
+	gss_release_buffer (NULL, interprocess_token);
+    return ret;
+}

lib/gssapi/import_sec_context.c

@@ -0,0 +1,159 @@
+/*
+ * Copyright (c) 1999 - 2000 Kungliga Tekniska H<>gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#include "gssapi_locl.h"
+
+RCSID("$Id$");
+
+OM_uint32
+gss_import_sec_context (
+    OM_uint32 * minor_status,
+    const gss_buffer_t interprocess_token,
+    gss_ctx_id_t * context_handle
+    )
+{
+    OM_uint32 ret = GSS_S_FAILURE;
+    krb5_error_code kret;
+    krb5_storage *sp;
+    krb5_auth_context ac;
+    krb5_address local, remote;
+    krb5_data data;
+    gss_buffer_desc buffer;
+    krb5_keyblock keyblock;
+    size_t sz;
+    int32_t tmp;
+
+    gssapi_krb5_init ();
+
+    sp = krb5_storage_from_mem (interprocess_token->value,
+				interprocess_token->length);
+    if (sp == NULL) {
+	*minor_status = ENOMEM;
+	return GSS_S_FAILURE;
+    }
+
+    *context_handle = malloc(sizeof(**context_handle));
+    if (*context_handle == NULL) {
+	*minor_status = ENOMEM;
+	krb5_storage_free (sp);
+	return GSS_S_FAILURE;
+    }
+
+    kret = krb5_auth_con_init (gssapi_krb5_context,
+			       &(*context_handle)->auth_context);
+    if (kret) {
+	*minor_status = kret;
+	ret = GSS_S_FAILURE;
+	goto failure;
+    }
+
+    /* retrieve the auth context */
+
+    ac = (*context_handle)->auth_context;
+    krb5_ret_int32 (sp, &ac->flags);
+    krb5_ret_address (sp, &local);
+    krb5_ret_address (sp, &remote);
+    krb5_auth_con_setaddrs (gssapi_krb5_context, ac, &local, &remote);
+    krb5_free_address (gssapi_krb5_context, &local);
+    krb5_free_address (gssapi_krb5_context, &remote);
+    krb5_ret_int16 (sp, &ac->local_port);
+    krb5_ret_int16 (sp, &ac->remote_port);
+    krb5_ret_keyblock (sp, &keyblock);
+    krb5_auth_con_setkey (gssapi_krb5_context, ac, &keyblock);
+    krb5_free_keyblock_contents (gssapi_krb5_context, &keyblock);
+    krb5_ret_keyblock (sp, &keyblock);
+    krb5_auth_con_setlocalsubkey (gssapi_krb5_context, ac, &keyblock);
+    krb5_free_keyblock_contents (gssapi_krb5_context, &keyblock);
+    krb5_ret_keyblock (sp, &keyblock);
+    krb5_auth_con_setremotesubkey (gssapi_krb5_context, ac, &keyblock);
+    krb5_free_keyblock_contents (gssapi_krb5_context, &keyblock);
+    krb5_ret_int32 (sp, &ac->local_seqnumber);
+    krb5_ret_int32 (sp, &ac->remote_seqnumber);
+
+    krb5_ret_data (sp, &data);
+
+    ac->authenticator = malloc (sizeof (*ac->authenticator));
+    if (ac->authenticator == NULL) {
+	*minor_status = ENOMEM;
+	ret = GSS_S_FAILURE;
+	goto failure;
+    }
+
+    kret = decode_Authenticator (data.data, data.length,
+				 ac->authenticator, &sz);
+    krb5_data_free (&data);
+    if (kret) {
+	*minor_status = kret;
+	ret = GSS_S_FAILURE;
+	goto failure;
+    }
+
+    krb5_ret_int32 (sp, &tmp);
+    ac->keytype = tmp;
+    krb5_ret_int32 (sp, &tmp);
+    ac->cksumtype = tmp;
+
+    /* names */
+
+    krb5_ret_data (sp, &data);
+    buffer.value  = data.data;
+    buffer.length = data.length;
+
+    gss_import_name (minor_status, &buffer, GSS_C_NO_OID,
+		     &(*context_handle)->source);
+    krb5_data_free (&data);
+
+    krb5_ret_data (sp, &data);
+    buffer.value  = data.data;
+    buffer.length = data.length;
+
+    gss_import_name (minor_status, &buffer, GSS_C_NO_OID,
+		     &(*context_handle)->target);
+    krb5_data_free (&data);
+
+    krb5_ret_int32 (sp, &tmp);
+    (*context_handle)->flags = tmp;
+    krb5_ret_int32 (sp, &tmp);
+    (*context_handle)->more_flags = tmp;
+
+    (*context_handle)->ticket = NULL;
+
+    return GSS_S_COMPLETE;
+
+failure:
+    krb5_auth_con_free (gssapi_krb5_context,
+			(*context_handle)->auth_context);
+    free (*context_handle);
+    *context_handle = GSS_C_NO_CONTEXT;
+    return ret;
+}

lib/gssapi/krb5/export_sec_context.c

@@ -0,0 +1,116 @@
+/*
+ * Copyright (c) 1999 - 2000 Kungliga Tekniska H<>gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#include "gssapi_locl.h"
+
+RCSID("$Id$");
+
+OM_uint32
+gss_export_sec_context (
+    OM_uint32 * minor_status,
+    gss_ctx_id_t * context_handle,
+    gss_buffer_t interprocess_token
+    )
+{
+    krb5_storage *sp;
+    krb5_auth_context ac;
+    unsigned char auth_buf[1024];
+    size_t sz;
+    int ret;
+    krb5_data data;
+    gss_buffer_desc buffer;
+
+    gssapi_krb5_init ();
+    if (!((*context_handle)->flags & GSS_C_TRANS_FLAG))
+	return GSS_S_UNAVAILABLE;
+
+    sp = krb5_storage_emem ();
+    if (sp == NULL) {
+	*minor_status = ENOMEM;
+	return GSS_S_FAILURE;
+    }
+    /* marshall auth context */
+
+    ac = (*context_handle)->auth_context;
+    krb5_store_int32 (sp, ac->flags);
+    krb5_store_address (sp, *ac->local_address);
+    krb5_store_address (sp, *ac->remote_address);
+    krb5_store_int16 (sp, ac->local_port);
+    krb5_store_int16 (sp, ac->remote_port);
+    krb5_store_keyblock (sp, *ac->keyblock);
+    krb5_store_keyblock (sp, *ac->local_subkey);
+    krb5_store_keyblock (sp, *ac->remote_subkey);
+    krb5_store_int32 (sp, ac->local_seqnumber);
+    krb5_store_int32 (sp, ac->remote_seqnumber);
+    ret = encode_Authenticator (auth_buf, sizeof(auth_buf),
+				ac->authenticator, &sz);
+    if (ret) {
+	krb5_storage_free (sp);
+	*minor_status = ret;
+	return GSS_S_FAILURE;
+    }
+    data.data   = auth_buf;
+    data.length = sz;
+    krb5_store_data (sp, data);
+    krb5_store_int32 (sp, ac->keytype);
+    krb5_store_int32 (sp, ac->cksumtype);
+
+    /* names */
+
+    gss_export_name (minor_status, (*context_handle)->source, &buffer);
+    data.data   = buffer.value;
+    data.length = buffer.length;
+    krb5_store_data (sp, data);
+
+    gss_export_name (minor_status, (*context_handle)->target, &buffer);
+    data.data   = buffer.value;
+    data.length = buffer.length;
+    krb5_store_data (sp, data);
+
+    krb5_store_int32 (sp, (*context_handle)->flags);
+    krb5_store_int32 (sp, (*context_handle)->more_flags);
+
+    ret = krb5_storage_to_data (sp, &data);
+    krb5_storage_free (sp);
+    if (ret) {
+	*minor_status = ret;
+	return GSS_S_FAILURE;
+    }
+    interprocess_token->length = data.length;
+    interprocess_token->value  = data.data;
+    ret = gss_delete_sec_context (minor_status, context_handle,
+				  GSS_C_NO_BUFFER);
+    if (ret != GSS_S_COMPLETE)
+	gss_release_buffer (NULL, interprocess_token);
+    return ret;
+}

lib/gssapi/krb5/import_sec_context.c

@@ -0,0 +1,159 @@
+/*
+ * Copyright (c) 1999 - 2000 Kungliga Tekniska H<>gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#include "gssapi_locl.h"
+
+RCSID("$Id$");
+
+OM_uint32
+gss_import_sec_context (
+    OM_uint32 * minor_status,
+    const gss_buffer_t interprocess_token,
+    gss_ctx_id_t * context_handle
+    )
+{
+    OM_uint32 ret = GSS_S_FAILURE;
+    krb5_error_code kret;
+    krb5_storage *sp;
+    krb5_auth_context ac;
+    krb5_address local, remote;
+    krb5_data data;
+    gss_buffer_desc buffer;
+    krb5_keyblock keyblock;
+    size_t sz;
+    int32_t tmp;
+
+    gssapi_krb5_init ();
+
+    sp = krb5_storage_from_mem (interprocess_token->value,
+				interprocess_token->length);
+    if (sp == NULL) {
+	*minor_status = ENOMEM;
+	return GSS_S_FAILURE;
+    }
+
+    *context_handle = malloc(sizeof(**context_handle));
+    if (*context_handle == NULL) {
+	*minor_status = ENOMEM;
+	krb5_storage_free (sp);
+	return GSS_S_FAILURE;
+    }
+
+    kret = krb5_auth_con_init (gssapi_krb5_context,
+			       &(*context_handle)->auth_context);
+    if (kret) {
+	*minor_status = kret;
+	ret = GSS_S_FAILURE;
+	goto failure;
+    }
+
+    /* retrieve the auth context */
+
+    ac = (*context_handle)->auth_context;
+    krb5_ret_int32 (sp, &ac->flags);
+    krb5_ret_address (sp, &local);
+    krb5_ret_address (sp, &remote);
+    krb5_auth_con_setaddrs (gssapi_krb5_context, ac, &local, &remote);
+    krb5_free_address (gssapi_krb5_context, &local);
+    krb5_free_address (gssapi_krb5_context, &remote);
+    krb5_ret_int16 (sp, &ac->local_port);
+    krb5_ret_int16 (sp, &ac->remote_port);
+    krb5_ret_keyblock (sp, &keyblock);
+    krb5_auth_con_setkey (gssapi_krb5_context, ac, &keyblock);
+    krb5_free_keyblock_contents (gssapi_krb5_context, &keyblock);
+    krb5_ret_keyblock (sp, &keyblock);
+    krb5_auth_con_setlocalsubkey (gssapi_krb5_context, ac, &keyblock);
+    krb5_free_keyblock_contents (gssapi_krb5_context, &keyblock);
+    krb5_ret_keyblock (sp, &keyblock);
+    krb5_auth_con_setremotesubkey (gssapi_krb5_context, ac, &keyblock);
+    krb5_free_keyblock_contents (gssapi_krb5_context, &keyblock);
+    krb5_ret_int32 (sp, &ac->local_seqnumber);
+    krb5_ret_int32 (sp, &ac->remote_seqnumber);
+
+    krb5_ret_data (sp, &data);
+
+    ac->authenticator = malloc (sizeof (*ac->authenticator));
+    if (ac->authenticator == NULL) {
+	*minor_status = ENOMEM;
+	ret = GSS_S_FAILURE;
+	goto failure;
+    }
+
+    kret = decode_Authenticator (data.data, data.length,
+				 ac->authenticator, &sz);
+    krb5_data_free (&data);
+    if (kret) {
+	*minor_status = kret;
+	ret = GSS_S_FAILURE;
+	goto failure;
+    }
+
+    krb5_ret_int32 (sp, &tmp);
+    ac->keytype = tmp;
+    krb5_ret_int32 (sp, &tmp);
+    ac->cksumtype = tmp;
+
+    /* names */
+
+    krb5_ret_data (sp, &data);
+    buffer.value  = data.data;
+    buffer.length = data.length;
+
+    gss_import_name (minor_status, &buffer, GSS_C_NO_OID,
+		     &(*context_handle)->source);
+    krb5_data_free (&data);
+
+    krb5_ret_data (sp, &data);
+    buffer.value  = data.data;
+    buffer.length = data.length;
+
+    gss_import_name (minor_status, &buffer, GSS_C_NO_OID,
+		     &(*context_handle)->target);
+    krb5_data_free (&data);
+
+    krb5_ret_int32 (sp, &tmp);
+    (*context_handle)->flags = tmp;
+    krb5_ret_int32 (sp, &tmp);
+    (*context_handle)->more_flags = tmp;
+
+    (*context_handle)->ticket = NULL;
+
+    return GSS_S_COMPLETE;
+
+failure:
+    krb5_auth_con_free (gssapi_krb5_context,
+			(*context_handle)->auth_context);
+    free (*context_handle);
+    *context_handle = GSS_C_NO_CONTEXT;
+    return ret;
+}