oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

NETLOGON mechanism, for use in DCE-RPC

Browse Source
This commit is contained in:
Love Hornquist Astrand
2010-11-28 19:35:40 -08:00
parent 0a10f35897
commit edb2464ab9
32 changed files with 2874 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
lib/gssapi/gssapi/gssapi_oid.h
View File

@@ -109,12 +109,22 @@ extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_mech_name_oid_desc;
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_mech_description_oid_desc;
#define GSS_C_MA_MECH_DESCRIPTION (&__gss_c_ma_mech_description_oid_desc)
/*
* Digest mechanisms - 1.2.752.43.14
*/
/* Heimdal mechanisms - 1.2.752.43.14 */
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_sasl_digest_md5_mechanism_oid_desc;
#define GSS_SASL_DIGEST_MD5_MECHANISM (&__gss_sasl_digest_md5_mechanism_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_netlogon_mechanism_oid_desc;
#define GSS_NETLOGON_MECHANISM (&__gss_netlogon_mechanism_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_netlogon_set_session_key_x_oid_desc;
#define GSS_NETLOGON_SET_SESSION_KEY_X (&__gss_netlogon_set_session_key_x_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_netlogon_set_sign_algorithm_x_oid_desc;
#define GSS_NETLOGON_SET_SIGN_ALGORITHM_X (&__gss_netlogon_set_sign_algorithm_x_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_netlogon_nt_netbios_dns_name_oid_desc;
#define GSS_NETLOGON_NT_NETBIOS_DNS_NAME (&__gss_netlogon_nt_netbios_dns_name_oid_desc)
/*
* "Standard" mechs
*/

12
lib/gssapi/mech/gss_oid.c
View File

@@ -106,6 +106,18 @@ gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_description_oid_desc = { 6, "\x
/* GSS_SASL_DIGEST_MD5_MECHANISM - 1.2.752.43.14.1 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_sasl_digest_md5_mechanism_oid_desc = { 6, "\x2a\x85\x70\x2b\x0e\x01" };
/* GSS_NETLOGON_MECHANISM - 1.2.752.43.14.2 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_mechanism_oid_desc = { 6, "\x2a\x85\x70\x2b\x0e\x02" };
/* GSS_NETLOGON_SET_SESSION_KEY_X - 1.2.752.43.14.3 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_set_session_key_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0e\x03" };
/* GSS_NETLOGON_SET_SIGN_ALGORITHM_X - 1.2.752.43.14.4 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_set_sign_algorithm_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0e\x04" };
/* GSS_NETLOGON_NT_NETBIOS_DNS_NAME - 1.2.752.43.14.5 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_nt_netbios_dns_name_oid_desc = { 6, "\x2a\x85\x70\x2b\x0e\x05" };
/* GSS_KRB5_MECHANISM - 1.2.840.113554.1.2.2 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_mechanism_oid_desc = { 9, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02" };

89
lib/gssapi/netlogon/accept_sec_context.c Normal file
View File

@@ -0,0 +1,89 @@
/*
* Copyright (c) 2009 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "netlogon.h"
/*
* Not implemented: this is needed only by domain controllers.
*/
OM_uint32
_netlogon_accept_sec_context
(OM_uint32 * minor_status,
gss_ctx_id_t * context_handle,
const gss_cred_id_t acceptor_cred_handle,
const gss_buffer_t input_token_buffer,
const gss_channel_bindings_t input_chan_bindings,
gss_name_t * src_name,
gss_OID * mech_type,
gss_buffer_t output_token,
OM_uint32 * ret_flags,
OM_uint32 * time_rec,
gss_cred_id_t * delegated_cred_handle
)
{
output_token->value = NULL;
output_token->length = 0;
*minor_status = 0;
if (context_handle == NULL)
return GSS_S_FAILURE;
if (input_token_buffer == GSS_C_NO_BUFFER)
return GSS_S_FAILURE;
if (src_name)
*src_name = GSS_C_NO_NAME;
if (mech_type)
*mech_type = GSS_C_NO_OID;
if (ret_flags)
*ret_flags = 0;
if (time_rec)
*time_rec = 0;
if (delegated_cred_handle)
*delegated_cred_handle = GSS_C_NO_CREDENTIAL;
if (*context_handle == GSS_C_NO_CONTEXT) {
*minor_status = ENOMEM;
return GSS_S_FAILURE;
} else {
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
return GSS_S_UNAVAILABLE;
}

186
lib/gssapi/netlogon/acquire_cred.c Normal file
View File

@@ -0,0 +1,186 @@
/*
* Copyright (c) 2010 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Portions Copyright (c) 2010 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "netlogon.h"
#include <gssapi_spi.h>
OM_uint32
_netlogon_acquire_cred(OM_uint32 * min_stat,
const gss_name_t desired_name,
OM_uint32 time_req,
const gss_OID_set desired_mechs,
gss_cred_usage_t cred_usage,
gss_cred_id_t * output_cred_handle,
gss_OID_set * actual_mechs,
OM_uint32 * time_rec)
{
OM_uint32 ret;
gssnetlogon_cred cred;
/* only initiator support so far */
if (cred_usage != GSS_C_INITIATE)
return GSS_S_FAILURE;
if (desired_name == GSS_C_NO_NAME)
return GSS_S_BAD_NAME;
cred = (gssnetlogon_cred)calloc(1, sizeof(*cred));
if (cred == NULL) {
*min_stat = ENOMEM;
return GSS_S_FAILURE;
}
cred->SignatureAlgorithm = NL_SIGN_ALG_HMAC_MD5;
cred->SealAlgorithm = NL_SEAL_ALG_RC4;
ret = _netlogon_duplicate_name(min_stat, desired_name,
(gss_name_t *)&cred->Name);
if (GSS_ERROR(ret)) {
free(cred);
return ret;
}
*output_cred_handle = (gss_cred_id_t)cred;
if (actual_mechs != NULL)
*actual_mechs = GSS_C_NO_OID_SET;
if (time_rec != NULL)
*time_rec = GSS_C_INDEFINITE;
return GSS_S_COMPLETE;
}
OM_uint32
_netlogon_acquire_cred_ex(gss_status_id_t status,
const gss_name_t desired_name,
OM_uint32 flags,
OM_uint32 time_req,
gss_cred_usage_t cred_usage,
gss_auth_identity_t identity,
void *ctx,
void (*complete)(void *, OM_uint32, gss_status_id_t, gss_cred_id_t, OM_uint32))
{
return GSS_S_UNAVAILABLE;
}
/*
* value contains 16 byte session key
*/
static OM_uint32
_netlogon_set_session_key(OM_uint32 *minor_status,
gss_cred_id_t *cred_handle,
const gss_buffer_t value)
{
gssnetlogon_cred cred;
if (*cred_handle == GSS_C_NO_CREDENTIAL) {
*minor_status = EINVAL;
return GSS_S_FAILURE;
}
cred = (gssnetlogon_cred)*cred_handle;
if (value->length != sizeof(cred->SessionKey)) {
*minor_status = ERANGE;
return GSS_S_FAILURE;
}
memcpy(cred->SessionKey, value->value, value->length);
*minor_status = 0;
return GSS_S_COMPLETE;
}
/*
* value contains 16 bit little endian encoded seal algorithm
*/
static OM_uint32
_netlogon_set_sign_algorithm(OM_uint32 *minor_status,
gss_cred_id_t *cred_handle,
const gss_buffer_t value)
{
gssnetlogon_cred cred;
uint16_t alg;
const uint8_t *p;
if (*cred_handle == GSS_C_NO_CREDENTIAL) {
*minor_status = EINVAL;
return GSS_S_FAILURE;
}
cred = (gssnetlogon_cred)*cred_handle;
if (value->length != 2) {
*minor_status = ERANGE;
return GSS_S_FAILURE;
}
p = (const uint8_t *)value->value;
alg = (p[0] << 0) | (p[1] << 8);
if (alg != NL_SIGN_ALG_HMAC_MD5 && alg != NL_SIGN_ALG_SHA256) {
*minor_status = EINVAL;
return GSS_S_FAILURE;
}
cred->SignatureAlgorithm = alg;
if (alg == NL_SIGN_ALG_SHA256)
cred->SealAlgorithm = NL_SEAL_ALG_AES128;
else
cred->SealAlgorithm = NL_SEAL_ALG_RC4;
*minor_status = 0;
return GSS_S_COMPLETE;
}
OM_uint32
_netlogon_set_cred_option
(OM_uint32 *minor_status,
gss_cred_id_t *cred_handle,
const gss_OID desired_object,
const gss_buffer_t value)
{
if (value == GSS_C_NO_BUFFER) {
*minor_status = EINVAL;
return GSS_S_FAILURE;
}
if (gss_oid_equal(desired_object, GSS_NETLOGON_SET_SESSION_KEY_X))
return _netlogon_set_session_key(minor_status, cred_handle, value);
else if (gss_oid_equal(desired_object, GSS_NETLOGON_SET_SIGN_ALGORITHM_X))
return _netlogon_set_sign_algorithm(minor_status, cred_handle, value);
*minor_status = EINVAL;
return GSS_S_FAILURE;
}

89
lib/gssapi/netlogon/add_cred.c Normal file
View File

@@ -0,0 +1,89 @@
/*
* Copyright (c) 2010 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Portions Copyright (c) 2010 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "netlogon.h"
OM_uint32 _netlogon_add_cred (
OM_uint32 *minor_status,
const gss_cred_id_t input_cred_handle,
const gss_name_t desired_name,
const gss_OID desired_mech,
gss_cred_usage_t cred_usage,
OM_uint32 initiator_time_req,
OM_uint32 acceptor_time_req,
gss_cred_id_t *output_cred_handle,
gss_OID_set *actual_mechs,
OM_uint32 *initiator_time_rec,
OM_uint32 *acceptor_time_rec)
{
OM_uint32 ret;
int equal;
const gssnetlogon_cred src = (const gssnetlogon_cred)input_cred_handle;
gssnetlogon_cred dst;
if (desired_name != GSS_C_NO_NAME) {
if (input_cred_handle != GSS_C_NO_CREDENTIAL) {
ret = _netlogon_compare_name(minor_status, desired_name,
(gss_name_t)src->Name, &equal);
if (GSS_ERROR(ret))
return ret;
if (!equal)
return GSS_S_BAD_NAME;
}
}
ret = _netlogon_acquire_cred(minor_status,
input_cred_handle ? (gss_name_t)src->Name : desired_name,
initiator_time_req, GSS_C_NO_OID_SET, cred_usage,
output_cred_handle, actual_mechs, initiator_time_rec);
if (GSS_ERROR(ret))
return ret;
dst = (gssnetlogon_cred)*output_cred_handle;
if (src != NULL) {
dst->SignatureAlgorithm = src->SignatureAlgorithm;
dst->SealAlgorithm = src->SealAlgorithm;
memcpy(dst->SessionKey, src->SessionKey, sizeof(src->SessionKey));
}
if (acceptor_time_rec != NULL)
*acceptor_time_rec = 0;
return GSS_S_COMPLETE;
}

46
lib/gssapi/netlogon/canonicalize_name.c Normal file
View File

@@ -0,0 +1,46 @@
/*
* Copyright (c) 2009 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "netlogon.h"
OM_uint32 _netlogon_canonicalize_name (
OM_uint32 * minor_status,
const gss_name_t input_name,
const gss_OID mech_type,
gss_name_t * output_name
)
{
return _netlogon_duplicate_name(minor_status, input_name, output_name);
}

61
lib/gssapi/netlogon/compare_name.c Normal file
View File

@@ -0,0 +1,61 @@
/*
* Copyright (c) 2010 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Portions Copyright (c) 2010 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "netlogon.h"
OM_uint32 _netlogon_compare_name
(OM_uint32 * minor_status,
const gss_name_t name1,
const gss_name_t name2,
int * name_equal
)
{
const gssnetlogon_name n1 = (const gssnetlogon_name)name1;
const gssnetlogon_name n2 = (const gssnetlogon_name)name2;
*name_equal = 0;
if (n1->NetbiosName.value != NULL && n2->NetbiosName.value != NULL)
*name_equal = (strcasecmp((char *)n1->NetbiosName.value,
(char *)n2->NetbiosName.value) == 0);
if (n1->DnsName.value != NULL && n2->DnsName.value != NULL)
*name_equal = (strcasecmp((char *)n1->DnsName.value,
(char *)n2->DnsName.value) == 0);
*minor_status = 0;
return GSS_S_COMPLETE;
}

47
lib/gssapi/netlogon/context_time.c Normal file
View File

@@ -0,0 +1,47 @@
/*
* Copyright (c) 2009 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "netlogon.h"
OM_uint32 _netlogon_context_time
(OM_uint32 * minor_status,
const gss_ctx_id_t context_handle,
OM_uint32 * time_rec
)
{
if (time_rec != NULL)
*time_rec = GSS_C_INDEFINITE;
return GSS_S_COMPLETE;
}

733
lib/gssapi/netlogon/crypto.c Normal file
View File

@@ -0,0 +1,733 @@
/*
* Copyright (c) 2010 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Portions Copyright (c) 2010 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "netlogon.h"
static uint8_t zeros[4];
static void
_netlogon_encode_sequence_number(uint64_t SequenceNumber, uint8_t *p,
int initiatorFlag)
{
uint32_t LowPart, HighPart;
LowPart = (SequenceNumber >> 0 ) & 0xFFFFFFFF;
HighPart = (SequenceNumber >> 32) & 0xFFFFFFFF;
_gss_mg_encode_be_uint32(LowPart, &p[0]);
_gss_mg_encode_be_uint32(HighPart, &p[4]);
if (initiatorFlag)
p[4] |= 0x80;
}
static int
_netlogon_decode_sequence_number(void *ptr, uint64_t *n,
int initiatorFlag)
{
uint8_t *p = ptr;
uint32_t LowPart, HighPart;
int gotInitiatorFlag;
gotInitiatorFlag = (p[4] & 0x80) != 0;
if (gotInitiatorFlag != initiatorFlag)
return -1;
p[4] &= 0x7F; /* clear initiator bit */
_gss_mg_decode_be_uint32(&p[0], &LowPart);
_gss_mg_decode_be_uint32(&p[4], &HighPart);
*n = (LowPart << 0) | ((uint64_t)HighPart << 32);
return 0;
}
static inline size_t
_netlogon_checksum_length(NL_AUTH_SIGNATURE *sig)
{
#if 0
return (sig->SignatureAlgorithm == NL_SIGN_ALG_SHA256) ? 32 : 8;
#else
/* Owing to a bug in Windows it always uses the old value */
return 8;
#endif
}
static inline size_t
_netlogon_signature_length(uint16_t alg, int conf_req_flag)
{
return NL_AUTH_SIGNATURE_COMMON_LENGTH +
(alg == NL_SIGN_ALG_SHA256 ? 32 : 8) +
(conf_req_flag ? 8 : 0);
}
static inline uint8_t *
_netlogon_confounder(NL_AUTH_SIGNATURE *sig)
{
size_t cksumlen = _netlogon_checksum_length(sig);
return &sig->Checksum[cksumlen];
}
static int
_netlogon_encode_NL_AUTH_SIGNATURE(NL_AUTH_SIGNATURE *sig,
uint8_t *p, size_t len)
{
*p++ = (sig->SignatureAlgorithm >> 0) & 0xFF;
*p++ = (sig->SignatureAlgorithm >> 8) & 0xFF;
*p++ = (sig->SealAlgorithm >> 0) & 0xFF;
*p++ = (sig->SealAlgorithm >> 8) & 0xFF;
*p++ = (sig->Pad >> 0) & 0xFF;
*p++ = (sig->Pad >> 8) & 0xFF;
*p++ = (sig->Flags >> 0) & 0xFF;
*p++ = (sig->Flags >> 8) & 0xFF;
if (len > NL_AUTH_SIGNATURE_HEADER_LENGTH) {
memcpy(p, sig->SequenceNumber, 8);
p += 8;
}
if (len > NL_AUTH_SIGNATURE_COMMON_LENGTH) {
size_t cksumlen = _netlogon_checksum_length(sig);
memcpy(p, sig->Checksum, cksumlen);
p += cksumlen;
/* Confounder, if present, is immediately after checksum */
if (sig->SealAlgorithm != NL_SEAL_ALG_NONE) {
memcpy(p, &sig->Checksum[cksumlen], 8);
}
}
return 0;
}
static int
_netlogon_decode_NL_AUTH_SIGNATURE(const uint8_t *ptr,
size_t len,
NL_AUTH_SIGNATURE *sig)
{
const uint8_t *p = ptr;
size_t cksumlen;
if (len < NL_AUTH_SIGNATURE_COMMON_LENGTH)
return KRB5_BAD_MSIZE;
sig->SignatureAlgorithm = (p[0] << 0) | (p[1] << 8);
sig->SealAlgorithm = (p[2] << 0) | (p[3] << 8);
sig->Pad = (p[4] << 0) | (p[5] << 8);
sig->Flags = (p[6] << 0) | (p[7] << 8);
p += 8;
memcpy(sig->SequenceNumber, p, 8);
p += 8;
/* Validate signature algorithm is known and matches enctype */
switch (sig->SignatureAlgorithm) {
case NL_SIGN_ALG_HMAC_MD5:
cksumlen = NL_AUTH_SIGNATURE_LENGTH;
break;
case NL_SIGN_ALG_SHA256:
cksumlen = NL_AUTH_SHA2_SIGNATURE_LENGTH;
break;
default:
return EINVAL;
break;
}
if (sig->SealAlgorithm == NL_SEAL_ALG_NONE)
cksumlen -= 8; /* confounder is optional if no sealing */
if (len < cksumlen)
return KRB5_BAD_MSIZE;
/* Copy variable length checksum */
cksumlen = _netlogon_checksum_length(sig);
memcpy(sig->Checksum, p, cksumlen);
p += cksumlen;
/* Copy confounder in past checksum */
if (sig->SealAlgorithm != NL_SEAL_ALG_NONE)
memcpy(&sig->Checksum[cksumlen], p, 8);
return 0;
}
static void
_netlogon_derive_rc4_hmac_key(uint8_t key[16],
uint8_t *salt,
size_t saltLength,
EVP_CIPHER_CTX *rc4Key,
int enc)
{
uint8_t tmpData[MD5_DIGEST_LENGTH];
uint8_t derivedKey[MD5_DIGEST_LENGTH];
unsigned int len = MD5_DIGEST_LENGTH;
HMAC(EVP_md5(), key, 16, zeros, sizeof(zeros), tmpData, &len);
HMAC(EVP_md5(), tmpData, MD5_DIGEST_LENGTH,
salt, saltLength, derivedKey, &len);
assert(len == MD5_DIGEST_LENGTH);
EVP_CipherInit_ex(rc4Key, EVP_rc4(), NULL, derivedKey, NULL, enc);
memset(derivedKey, 0, sizeof(derivedKey));
}
static void
_netlogon_derive_rc4_seal_key(gssnetlogon_ctx ctx,
NL_AUTH_SIGNATURE *sig,
EVP_CIPHER_CTX *sealkey,
int enc)
{
uint8_t xorKey[16];
int i;
for (i = 0; i < sizeof(xorKey); i++) {
xorKey[i] = ctx->SessionKey[i] ^ 0xF0;
}
_netlogon_derive_rc4_hmac_key(xorKey,
sig->SequenceNumber, sizeof(sig->SequenceNumber), sealkey, enc);
memset(xorKey, 0, sizeof(xorKey));
}
static void
_netlogon_derive_rc4_seq_key(gssnetlogon_ctx ctx,
NL_AUTH_SIGNATURE *sig,
EVP_CIPHER_CTX *seqkey,
int enc)
{
_netlogon_derive_rc4_hmac_key(ctx->SessionKey,
sig->Checksum, sizeof(sig->Checksum), seqkey, enc);
}
static void
_netlogon_derive_aes_seal_key(gssnetlogon_ctx ctx,
NL_AUTH_SIGNATURE *sig,
EVP_CIPHER_CTX *sealkey,
int enc)
{
uint8_t encryptionKey[16];
uint8_t ivec[16];
int i;
for (i = 0; i < sizeof(encryptionKey); i++) {
encryptionKey[i] = ctx->SessionKey[i] ^ 0xF0;
}
memcpy(&ivec[0], sig->SequenceNumber, 8);
memcpy(&ivec[8], sig->SequenceNumber, 8);
EVP_CipherInit_ex(sealkey, EVP_aes_128_cfb8(),
NULL, encryptionKey, ivec, enc);
memset(encryptionKey, 0, sizeof(encryptionKey));
}
static void
_netlogon_derive_aes_seq_key(gssnetlogon_ctx ctx,
NL_AUTH_SIGNATURE *sig,
EVP_CIPHER_CTX *seqkey,
int enc)
{
uint8_t ivec[16];
memcpy(&ivec[0], sig->Checksum, 8);
memcpy(&ivec[8], sig->Checksum, 8);
EVP_CipherInit_ex(seqkey, EVP_aes_128_cfb8(),
NULL, ctx->SessionKey, ivec, enc);
}
static void
_netlogon_seal(gssnetlogon_ctx ctx,
NL_AUTH_SIGNATURE *sig,
gss_iov_buffer_desc *iov,
int iov_count,
int enc)
{
EVP_CIPHER_CTX sealkey;
int i;
uint8_t *confounder = _netlogon_confounder(sig);
EVP_CIPHER_CTX_init(&sealkey);
if (sig->SealAlgorithm == NL_SEAL_ALG_AES128)
_netlogon_derive_aes_seal_key(ctx, sig, &sealkey, enc);
else
_netlogon_derive_rc4_seal_key(ctx, sig, &sealkey, enc);
EVP_Cipher(&sealkey, confounder, confounder, 8);
/*
* For RC4, Windows resets the cipherstate after encrypting
* the confounder, thus defeating the purpose of the confounder
*/
if (sig->SealAlgorithm == NL_SEAL_ALG_RC4) {
EVP_CipherFinal_ex(&sealkey, NULL, &i);
_netlogon_derive_rc4_seal_key(ctx, sig, &sealkey, enc);
}
for (i = 0; i < iov_count; i++) {
gss_iov_buffer_t iovp = &iov[i];
switch (GSS_IOV_BUFFER_TYPE(iovp->type)) {
case GSS_IOV_BUFFER_TYPE_DATA:
case GSS_IOV_BUFFER_TYPE_PADDING:
EVP_Cipher(&sealkey, iovp->buffer.value, iovp->buffer.value,
iovp->buffer.length);
break;
default:
break;
}
}
EVP_CipherFinal_ex(&sealkey, NULL, &i);
EVP_CIPHER_CTX_cleanup(&sealkey);
}
static void
_netlogon_seq(gssnetlogon_ctx ctx,
NL_AUTH_SIGNATURE *sig,
int enc)
{
EVP_CIPHER_CTX seqkey;
EVP_CIPHER_CTX_init(&seqkey);
if (sig->SignatureAlgorithm == NL_SIGN_ALG_SHA256)
_netlogon_derive_aes_seq_key(ctx, sig, &seqkey, enc);
else
_netlogon_derive_rc4_seq_key(ctx, sig, &seqkey, enc);
EVP_Cipher(&seqkey, sig->SequenceNumber, sig->SequenceNumber, 8);
EVP_CIPHER_CTX_cleanup(&seqkey);
}
static void
_netlogon_digest_md5(gssnetlogon_ctx ctx,
NL_AUTH_SIGNATURE *sig,
gss_iov_buffer_desc *iov,
int iov_count,
uint8_t *md)
{
EVP_MD_CTX *md5;
uint8_t header[NL_AUTH_SIGNATURE_HEADER_LENGTH];
uint8_t digest[MD5_DIGEST_LENGTH];
unsigned int md_len = MD5_DIGEST_LENGTH;
int i;
_netlogon_encode_NL_AUTH_SIGNATURE(sig, header, sizeof(header));
md5 = EVP_MD_CTX_create();
EVP_DigestInit_ex(md5, EVP_md5(), NULL);
EVP_DigestUpdate(md5, zeros, sizeof(zeros));
EVP_DigestUpdate(md5, header, sizeof(header));
if (sig->SealAlgorithm != NL_SEAL_ALG_NONE) {
EVP_DigestUpdate(md5, sig->Confounder, sizeof(sig->Confounder));
}
for (i = 0; i < iov_count; i++) {
gss_iov_buffer_t iovp = &iov[i];
switch (GSS_IOV_BUFFER_TYPE(iovp->type)) {
case GSS_IOV_BUFFER_TYPE_DATA:
case GSS_IOV_BUFFER_TYPE_PADDING:
case GSS_IOV_BUFFER_TYPE_SIGN_ONLY:
EVP_DigestUpdate(md5, iovp->buffer.value, iovp->buffer.length);
break;
default:
break;
}
}
EVP_DigestFinal_ex(md5, digest, NULL);
EVP_MD_CTX_destroy(md5);
HMAC(EVP_md5(), ctx->SessionKey, sizeof(ctx->SessionKey),
digest, sizeof(digest), digest, &md_len);
memcpy(md, digest, 8);
}
static void
_netlogon_digest_sha256(gssnetlogon_ctx ctx,
NL_AUTH_SIGNATURE *sig,
gss_iov_buffer_desc *iov,
int iov_count,
uint8_t *md)
{
HMAC_CTX hmac;
uint8_t header[NL_AUTH_SIGNATURE_HEADER_LENGTH];
uint8_t digest[SHA256_DIGEST_LENGTH];
unsigned int md_len = SHA256_DIGEST_LENGTH;
int i;
/* Encode first 8 bytes of signature into header */
_netlogon_encode_NL_AUTH_SIGNATURE(sig, header, sizeof(header));
HMAC_CTX_init(&hmac);
HMAC_Init_ex(&hmac, ctx->SessionKey, sizeof(ctx->SessionKey),
EVP_sha256(), NULL);
HMAC_Update(&hmac, header, sizeof(header));
if (sig->SealAlgorithm != NL_SEAL_ALG_NONE) {
/*
* If the checksum length bug is ever fixed, then be sure to
* update this code to point to &sig->Checksum[32] as that is
* where the confounder is supposed to be.
*/
HMAC_Update(&hmac, sig->Confounder, 8);
}
for (i = 0; i < iov_count; i++) {
gss_iov_buffer_t iovp = &iov[i];
switch (GSS_IOV_BUFFER_TYPE(iovp->type)) {
case GSS_IOV_BUFFER_TYPE_DATA:
case GSS_IOV_BUFFER_TYPE_PADDING:
case GSS_IOV_BUFFER_TYPE_SIGN_ONLY:
HMAC_Update(&hmac, iovp->buffer.value, iovp->buffer.length);
break;
default:
break;
}
}
HMAC_Final(&hmac, digest, &md_len);
HMAC_CTX_cleanup(&hmac);
memcpy(md, digest, 8);
}
static void
_netlogon_digest(gssnetlogon_ctx ctx,
NL_AUTH_SIGNATURE *sig,
gss_iov_buffer_desc *iov,
int iov_count,
uint8_t *md)
{
if (sig->SignatureAlgorithm == NL_SIGN_ALG_SHA256)
_netlogon_digest_sha256(ctx, sig, iov, iov_count, md);
else
_netlogon_digest_md5(ctx, sig, iov, iov_count, md);
}
OM_uint32
_netlogon_wrap_iov(OM_uint32 * minor_status,
gss_ctx_id_t context_handle,
int conf_req_flag,
gss_qop_t qop_req,
int *conf_state,
gss_iov_buffer_desc *iov,
int iov_count)
{
OM_uint32 ret;
gss_iov_buffer_t header;
NL_AUTH_SIGNATURE_U sigbuf = { { 0 } };
NL_AUTH_SIGNATURE *sig = NL_AUTH_SIGNATURE_P(&sigbuf);
gssnetlogon_ctx ctx = (gssnetlogon_ctx)context_handle;
size_t size;
uint8_t *seqdata;
if (ctx->State != NL_AUTH_ESTABLISHED) {
*minor_status = EINVAL;
return GSS_S_FAILURE;
}
header = _gss_mg_find_buffer(iov, iov_count, GSS_IOV_BUFFER_TYPE_HEADER);
if (header == NULL) {
*minor_status = EINVAL;
return GSS_S_FAILURE;
}
size = _netlogon_signature_length(ctx->SignatureAlgorithm, conf_req_flag);
if (GSS_IOV_BUFFER_FLAGS(header->type) & GSS_IOV_BUFFER_TYPE_FLAG_ALLOCATE) {
ret = _gss_mg_allocate_buffer(minor_status, header, size);
if (GSS_ERROR(ret))
return ret;
} else if (header->buffer.length < size) {
*minor_status = KRB5_BAD_MSIZE;
return GSS_S_FAILURE;
} else {
header->buffer.length = size;
}
memset(header->buffer.value, 0, header->buffer.length);
sig->SignatureAlgorithm = ctx->SignatureAlgorithm;
sig->SealAlgorithm = conf_req_flag ? ctx->SealAlgorithm : NL_SEAL_ALG_NONE;
if (conf_req_flag)
krb5_generate_random_block(_netlogon_confounder(sig), 8);
sig->Pad = 0xFFFF; /* [MS-NRPC] 3.3.4.2.1.3 */
sig->Flags = 0; /* [MS-NRPC] 3.3.4.2.1.4 */
HEIMDAL_MUTEX_lock(&ctx->Mutex);
_netlogon_encode_sequence_number(ctx->SequenceNumber, sig->SequenceNumber,
ctx->LocallyInitiated);
ctx->SequenceNumber++;
HEIMDAL_MUTEX_unlock(&ctx->Mutex);
/* [MS-NRPC] 3.3.4.2.1.7: sign header, optional confounder and data */
_netlogon_digest(ctx, sig, iov, iov_count, sig->Checksum);
/* [MS-NRPC] 3.3.4.2.1.8: optionally encrypt confounder and data */
if (conf_req_flag)
_netlogon_seal(ctx, sig, iov, iov_count, 1);
/* [MS-NRPC] 3.3.4.2.1.9: encrypt sequence number */
_netlogon_seq(ctx, sig, 1);
_netlogon_encode_NL_AUTH_SIGNATURE(sig, header->buffer.value,
header->buffer.length);
if (conf_state != NULL)
*conf_state = conf_req_flag;
*minor_status = 0;
return GSS_S_COMPLETE;
}
OM_uint32
_netlogon_unwrap_iov(OM_uint32 *minor_status,
gss_ctx_id_t context_handle,
int *conf_state,
gss_qop_t *qop_state,
gss_iov_buffer_desc *iov,
int iov_count)
{
OM_uint32 ret;
gss_iov_buffer_t header;
NL_AUTH_SIGNATURE_U sigbuf;
NL_AUTH_SIGNATURE *sig = NL_AUTH_SIGNATURE_P(&sigbuf);
gssnetlogon_ctx ctx = (gssnetlogon_ctx)context_handle;
uint8_t checksum[SHA256_DIGEST_LENGTH];
uint64_t SequenceNumber;
if (ctx->State != NL_AUTH_ESTABLISHED) {
*minor_status = EINVAL;
return GSS_S_FAILURE;
}
header = _gss_mg_find_buffer(iov, iov_count, GSS_IOV_BUFFER_TYPE_HEADER);
if (header == NULL) {
*minor_status = EINVAL;
return GSS_S_FAILURE;
}
ret = _netlogon_decode_NL_AUTH_SIGNATURE(header->buffer.value,
header->buffer.length,
sig);
if (ret != 0) {
*minor_status = ret;
return GSS_S_DEFECTIVE_TOKEN;
}
/* [MS-NRPC] 3.3.4.2.2.1: verify signature algorithm selection */
if (sig->SignatureAlgorithm != ctx->SignatureAlgorithm)
return GSS_S_BAD_SIG;
/* [MS-NRPC] 3.3.4.2.2.2: verify encryption algorithm selection */
if (sig->SealAlgorithm != NL_SEAL_ALG_NONE &&
sig->SealAlgorithm != ctx->SealAlgorithm)
return GSS_S_DEFECTIVE_TOKEN;
/* [MS-NRPC] 3.3.4.2.2.3: verify Pad bytes */
if (sig->Pad != 0xFFFF)
return GSS_S_DEFECTIVE_TOKEN;
/* [MS-NRPC] 3.3.4.2.2.5: decrypt sequence number */
_netlogon_seq(ctx, sig, 0);
/* [MS-NRPC] 3.3.4.2.2.6: decode sequence number */
if (_netlogon_decode_sequence_number(sig->SequenceNumber, &SequenceNumber,
!ctx->LocallyInitiated) != 0)
return GSS_S_UNSEQ_TOKEN;
/* [MS-NRPC] 3.3.4.2.2.9: decrypt confounder and data */
if (sig->SealAlgorithm != NL_SEAL_ALG_NONE)
_netlogon_seal(ctx, sig, iov, iov_count, 0);
/* [MS-NRPC] 3.3.4.2.2.10: verify signature */
_netlogon_digest(ctx, sig, iov, iov_count, checksum);
if (memcmp(sig->Checksum, checksum, _netlogon_checksum_length(sig)) != 0)
return GSS_S_BAD_SIG;
HEIMDAL_MUTEX_lock(&ctx->Mutex);
if (SequenceNumber != ctx->SequenceNumber) {
/* [MS-NRPC] 3.3.4.2.2.7: check sequence number */
ret = GSS_S_UNSEQ_TOKEN;
} else {
/* [MS-NRPC] 3.3.4.2.2.8: increment sequence number */
ctx->SequenceNumber++;
ret = GSS_S_COMPLETE;
}
HEIMDAL_MUTEX_unlock(&ctx->Mutex);
if (conf_state != NULL)
*conf_state = (sig->SealAlgorithm != NL_SEAL_ALG_NONE);
if (qop_state != NULL)
*qop_state = GSS_C_QOP_DEFAULT;
*minor_status = 0;
return ret;
}
OM_uint32
_netlogon_wrap_iov_length(OM_uint32 * minor_status,
gss_ctx_id_t context_handle,
int conf_req_flag,
gss_qop_t qop_req,
int *conf_state,
gss_iov_buffer_desc *iov,
int iov_count)
{
OM_uint32 ret;
gss_iov_buffer_t iovp;
gssnetlogon_ctx ctx = (gssnetlogon_ctx)context_handle;
size_t len;
iovp = _gss_mg_find_buffer(iov, iov_count, GSS_IOV_BUFFER_TYPE_HEADER);
if (iovp == NULL) {
*minor_status = EINVAL;
return GSS_S_FAILURE;
}
len = NL_AUTH_SIGNATURE_COMMON_LENGTH;
if (ctx->SignatureAlgorithm == NL_SIGN_ALG_SHA256)
len += 32; /* SHA2 checksum size */
else
len += 8; /* HMAC checksum size */
if (conf_req_flag)
len += 8; /* counfounder */
iovp->buffer.length = len;
iovp = _gss_mg_find_buffer(iov, iov_count, GSS_IOV_BUFFER_TYPE_PADDING);
if (iovp != NULL)
iovp->buffer.length = 0;
iovp = _gss_mg_find_buffer(iov, iov_count, GSS_IOV_BUFFER_TYPE_TRAILER);
if (iovp != NULL)
iovp->buffer.length = 0;
if (conf_state != NULL)
*conf_state = conf_req_flag;
*minor_status = 0;
return GSS_S_COMPLETE;
}
OM_uint32 _netlogon_get_mic
(OM_uint32 * minor_status,
const gss_ctx_id_t context_handle,
gss_qop_t qop_req,
const gss_buffer_t message_buffer,
gss_buffer_t message_token
)
{
gss_iov_buffer_desc iov[2];
OM_uint32 ret;
iov[0].type = GSS_IOV_BUFFER_TYPE_DATA;
iov[0].buffer = *message_buffer;
iov[1].type = GSS_IOV_BUFFER_TYPE_HEADER | GSS_IOV_BUFFER_TYPE_FLAG_ALLOCATE;
iov[1].buffer.length = 0;
iov[1].buffer.value = NULL;
ret = _netlogon_wrap_iov(minor_status, context_handle, 0,
qop_req, NULL, iov, 2);
if (ret == GSS_S_COMPLETE)
*message_token = iov[1].buffer;
return ret;
}
OM_uint32
_netlogon_verify_mic
(OM_uint32 * minor_status,
const gss_ctx_id_t context_handle,
const gss_buffer_t message_buffer,
const gss_buffer_t token_buffer,
gss_qop_t * qop_state
)
{
gss_iov_buffer_desc iov[2];
iov[0].type = GSS_IOV_BUFFER_TYPE_DATA;
iov[0].buffer = *message_buffer;
iov[1].type = GSS_IOV_BUFFER_TYPE_HEADER;
iov[1].buffer = *token_buffer;
return _netlogon_unwrap_iov(minor_status, context_handle,
NULL, qop_state, iov, 2);
}
OM_uint32
_netlogon_wrap_size_limit (
OM_uint32 * minor_status,
const gss_ctx_id_t context_handle,
int conf_req_flag,
gss_qop_t qop_req,
OM_uint32 req_output_size,
OM_uint32 *max_input_size
)
{
gss_iov_buffer_desc iov[1];
OM_uint32 ret;
iov[0].type = GSS_IOV_BUFFER_TYPE_HEADER;
iov[0].buffer.length = 0;
ret = _netlogon_wrap_iov_length(minor_status, context_handle,
conf_req_flag, qop_req, NULL,
iov, sizeof(iov)/sizeof(iov[0]));
if (GSS_ERROR(ret))
return ret;
if (req_output_size < iov[0].buffer.length)
*max_input_size = 0;
else
*max_input_size = req_output_size - iov[0].buffer.length;
return GSS_S_COMPLETE;
}

62
lib/gssapi/netlogon/delete_sec_context.c Normal file
View File

@@ -0,0 +1,62 @@
/*
* Copyright (c) 2010 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Portions Copyright (c) 2010 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "netlogon.h"
OM_uint32
_netlogon_delete_sec_context(OM_uint32 * minor_status,
gss_ctx_id_t * context_handle,
gss_buffer_t output_token)
{
if (context_handle != NULL && *context_handle != GSS_C_NO_CONTEXT) {
gssnetlogon_ctx ctx = (gssnetlogon_ctx)*context_handle;
*context_handle = GSS_C_NO_CONTEXT;
_netlogon_release_name(minor_status, (gss_name_t *)&ctx->SourceName);
_netlogon_release_name(minor_status, (gss_name_t *)&ctx->TargetName);
HEIMDAL_MUTEX_destroy(&ctx->Mutex);
memset(ctx, 0, sizeof(*ctx));
free(ctx);
}
if (output_token != GSS_C_NO_BUFFER) {
output_token->length = 0;
output_token->value = NULL;
}
*minor_status = 0;
return GSS_S_COMPLETE;
}

67
lib/gssapi/netlogon/display_name.c Normal file
View File

@@ -0,0 +1,67 @@
/*
* Copyright (c) 2010 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Portions Copyright (c) 2010 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "netlogon.h"
OM_uint32 _netlogon_display_name
(OM_uint32 * minor_status,
const gss_name_t input_name,
gss_buffer_t output_name_buffer,
gss_OID * output_name_type
)
{
const gssnetlogon_name name = (const gssnetlogon_name)input_name;
gss_buffer_t namebuf;
if (output_name_type != NULL)
*output_name_type = GSS_C_NO_OID;
if (output_name_buffer != NULL) {
namebuf = name->DnsName.length ? &name->DnsName : &name->NetbiosName;
output_name_buffer->value = malloc(namebuf->length + 1);
if (output_name_buffer->value == NULL) {
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
memcpy(output_name_buffer->value, namebuf->value, namebuf->length);
((char *)output_name_buffer->value)[namebuf->length] = '\0';
output_name_buffer->length = namebuf->length;
}
*minor_status = 0;
return GSS_S_COMPLETE;
}

55
lib/gssapi/netlogon/display_status.c Normal file
View File

@@ -0,0 +1,55 @@
/*
* Copyright (c) 2009 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "netlogon.h"
OM_uint32 _netlogon_display_status
(OM_uint32 *minor_status,
OM_uint32 status_value,
int status_type,
const gss_OID mech_type,
OM_uint32 *message_context,
gss_buffer_t status_string)
{
if (minor_status)
*minor_status = 0;
if (status_string) {
status_string->length = 0;
status_string->value = NULL;
}
if (message_context)
*message_context = 0;
return GSS_S_COMPLETE;
}

77
lib/gssapi/netlogon/duplicate_name.c Normal file
View File

@@ -0,0 +1,77 @@
/*
* Copyright (c) 2010 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Portions Copyright (c) 2010 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "netlogon.h"
OM_uint32 _netlogon_duplicate_name (
OM_uint32 * minor_status,
const gss_name_t src_name,
gss_name_t * dest_name
)
{
const gssnetlogon_name src = (const gssnetlogon_name)src_name;
gssnetlogon_name dst = NULL;
dst = calloc(1, sizeof(*dst));
if (dst == NULL)
goto fail;
dst->NetbiosName.value = malloc(src->NetbiosName.length + 1);
if (dst->NetbiosName.value == NULL)
goto fail;
memcpy(dst->NetbiosName.value, src->NetbiosName.value,
src->NetbiosName.length);
dst->NetbiosName.length = src->NetbiosName.length;
((char *)dst->NetbiosName.value)[dst->NetbiosName.length] = '\0';
if (src->DnsName.length != 0) {
dst->DnsName.value = malloc(src->DnsName.length + 1);
if (dst->DnsName.value == NULL)
goto fail;
memcpy(dst->DnsName.value, src->DnsName.value, src->DnsName.length);
dst->DnsName.length = src->DnsName.length;
((char *)dst->DnsName.value)[dst->DnsName.length] = '\0';
}
*minor_status = 0;
*dest_name = (gss_name_t)dst;
return GSS_S_COMPLETE;
fail:
_netlogon_release_name(minor_status, (gss_name_t *)&dst);
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}

45
lib/gssapi/netlogon/export_name.c Normal file
View File

@@ -0,0 +1,45 @@
/*
* Copyright (c) 2009 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "netlogon.h"
OM_uint32 _netlogon_export_name
(OM_uint32 * minor_status,
const gss_name_t input_name,
gss_buffer_t exported_name
)
{
return GSS_S_UNAVAILABLE;
}

50
lib/gssapi/netlogon/export_sec_context.c Normal file
View File

@@ -0,0 +1,50 @@
/*
* Copyright (c) 2010 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Portions Copyright (c) 2010 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "netlogon.h"
OM_uint32
_netlogon_export_sec_context (
OM_uint32 * minor_status,
gss_ctx_id_t * context_handle,
gss_buffer_t interprocess_token
)
{
if (interprocess_token != GSS_C_NO_BUFFER) {
interprocess_token->length = 0;
interprocess_token->value = NULL;
}
return GSS_S_UNAVAILABLE;
}

91
lib/gssapi/netlogon/external.c Normal file
View File

@@ -0,0 +1,91 @@
/*
* Copyright (c) 2010 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Portions Copyright (c) 2010 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "netlogon.h"
static gssapi_mech_interface_desc netlogon_mech = {
GMI_VERSION,
"netlogon",
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0e\x02") },
0,
_netlogon_acquire_cred,
_netlogon_release_cred,
_netlogon_init_sec_context,
_netlogon_accept_sec_context,
_netlogon_process_context_token,
_netlogon_delete_sec_context,
_netlogon_context_time,
_netlogon_get_mic,
_netlogon_verify_mic,
NULL,
NULL,
_netlogon_display_status,
NULL,
_netlogon_compare_name,
_netlogon_display_name,
_netlogon_import_name,
_netlogon_export_name,
_netlogon_release_name,
_netlogon_inquire_cred,
_netlogon_inquire_context,
_netlogon_wrap_size_limit,
_netlogon_add_cred,
_netlogon_inquire_cred_by_mech,
_netlogon_export_sec_context,
_netlogon_import_sec_context,
_netlogon_inquire_names_for_mech,
_netlogon_inquire_mechs_for_name,
_netlogon_canonicalize_name,
_netlogon_duplicate_name,
NULL,
NULL,
NULL,
_netlogon_set_cred_option,
NULL,
_netlogon_wrap_iov,
_netlogon_unwrap_iov,
_netlogon_wrap_iov_length,
NULL,
NULL,
NULL,
NULL,
NULL
};
gssapi_mech_interface
__gss_netlogon_initialize(void)
{
return &netlogon_mech;
}

94
lib/gssapi/netlogon/import_name.c Normal file
View File

@@ -0,0 +1,94 @@
/*
* Copyright (c) 2010 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Portions Copyright (c) 2010 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "netlogon.h"
#include <ctype.h>
OM_uint32 _netlogon_import_name
(OM_uint32 * minor_status,
const gss_buffer_t input_name_buffer,
const gss_OID input_name_type,
gss_name_t * output_name
)
{
gssnetlogon_name name;
const char *netbiosName;
const char *dnsName = NULL;
size_t len, i;
if (!gss_oid_equal(input_name_type, GSS_NETLOGON_NT_NETBIOS_DNS_NAME)) {
return GSS_S_BAD_NAME;
}
/* encoding is NetBIOS name \0 DNS name \0 */
netbiosName = input_name_buffer->value;
len = strlen(netbiosName);
if (len < input_name_buffer->length)
dnsName = netbiosName + len + 1;
name = (gssnetlogon_name)calloc(1, sizeof(*name));
if (name == NULL)
goto cleanup;
name->NetbiosName.value = malloc(len + 1);
if (name->NetbiosName.value == NULL)
goto cleanup;
memcpy(name->NetbiosName.value, netbiosName, len + 1);
name->NetbiosName.length = len;
/* normalise name to uppercase XXX UTF-8 OK? */
for (i = 0; i < len; i++) {
((char *)name->NetbiosName.value)[i] =
toupper(((char *)name->NetbiosName.value)[i]);
}
if (dnsName != NULL && dnsName[0] != '\0') {
name->DnsName.value = strdup(dnsName);
if (name->DnsName.value == NULL)
goto cleanup;
name->DnsName.length = strlen(dnsName);
}
*output_name = (gss_name_t)name;
*minor_status = 0;
return GSS_S_COMPLETE;
cleanup:
_netlogon_release_name(minor_status, (gss_name_t *)&name);
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}

50
lib/gssapi/netlogon/import_sec_context.c Normal file
View File

@@ -0,0 +1,50 @@
/*
* Copyright (c) 2010 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Portions Copyright (c) 2010 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "netlogon.h"
OM_uint32
_netlogon_import_sec_context (
OM_uint32 * minor_status,
const gss_buffer_t interprocess_token,
gss_ctx_id_t * context_handle
)
{
*minor_status = 0;
if (context_handle != NULL)
*context_handle = GSS_C_NO_CONTEXT;
return GSS_S_UNAVAILABLE;
}

48
lib/gssapi/netlogon/indicate_mechs.c Normal file
View File

@@ -0,0 +1,48 @@
/*
* Copyright (c) 2010 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Portions Copyright (c) 2010 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "netlogon.h"
OM_uint32 _netlogon_indicate_mechs
(OM_uint32 * minor_status,
gss_OID_set * mech_set
)
{
*minor_status = 0;
if (mech_set != NULL)
*mech_set = GSS_C_NO_OID_SET;
return GSS_S_COMPLETE;
}

289
lib/gssapi/netlogon/init_sec_context.c Normal file
View File

@@ -0,0 +1,289 @@
/*
* Copyright (c) 2010 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Portions Copyright (c) 2010 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "netlogon.h"
#include <nameser.h>
static OM_uint32
_netlogon_encode_dns_string(OM_uint32 *minor_status,
const gss_buffer_t str,
gss_buffer_t buffer)
{
int ret;
memset(buffer->value, 0, buffer->length);
ret = ns_name_compress((const char *)str->value,
(uint8_t *)buffer->value, buffer->length,
NULL, NULL);
if (ret < 0) {
*minor_status = errno;
return GSS_S_FAILURE;
}
buffer->length = ret;
*minor_status = 0;
return GSS_S_COMPLETE;
}
static OM_uint32
_netlogon_make_initial_auth_message(OM_uint32 *minor_status,
gssnetlogon_ctx ctx,
gss_buffer_t output_token)
{
uint32_t flags = 0;
#define MAX_NL_NAMES 5
gss_buffer_desc names[MAX_NL_NAMES];
uint8_t comp_names[3][MAXHOSTNAMELEN * 2];
size_t n = 0, i = 0, len;
OM_uint32 ret;
uint8_t *p;
if (ctx->TargetName->NetbiosName.length) {
flags |= NL_FLAG_NETBIOS_DOMAIN_NAME;
names[n] = ctx->TargetName->NetbiosName; /* OEM encoding */
names[n].length++;
n++;
}
if (ctx->SourceName->NetbiosName.length) {
flags |= NL_FLAG_NETBIOS_COMPUTER_NAME;
names[n] = ctx->SourceName->NetbiosName; /* OEM encoding */
names[n].length++;
n++;
}
if (ctx->TargetName->DnsName.length) {
flags |= NL_FLAG_DNS_DOMAIN_NAME;
names[n].value = comp_names[i++];
names[n].length = MAXHOSTNAMELEN * 2;
ret = _netlogon_encode_dns_string(minor_status,
&ctx->TargetName->DnsName,
&names[n]);
if (GSS_ERROR(ret))
return ret;
n++;
}
if (ctx->SourceName->DnsName.length) {
flags |= NL_FLAG_DNS_HOST_NAME;
names[n].value = comp_names[i++];
names[n].length = MAXHOSTNAMELEN * 2;
ret = _netlogon_encode_dns_string(minor_status,
&ctx->SourceName->DnsName,
&names[n]);
if (GSS_ERROR(ret))
return ret;
n++;
}
if (ctx->SourceName->NetbiosName.length) {
flags |= NL_FLAG_UTF8_COMPUTER_NAME;
names[n].value = comp_names[i++];
names[n].length = MAXHOSTNAMELEN * 2;
ret = _netlogon_encode_dns_string(minor_status,
&ctx->SourceName->NetbiosName,
&names[n]);
if (GSS_ERROR(ret))
return ret;
n++;
}
for (i = 0, len = NL_AUTH_MESSAGE_LENGTH; i < n; i++) {
len += names[i].length;
}
output_token->value = malloc(len);
if (output_token->value == NULL) {
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
p = (uint8_t *)output_token->value;
_gss_mg_encode_le_uint32(NL_NEGOTIATE_REQUEST_MESSAGE, p);
_gss_mg_encode_le_uint32(flags, p + 4);
p += 8;
for (i = 0; i < n; i++) {
assert(names[i].length != 0);
assert(((char *)names[i].value)[names[i].length - 1] == '\0');
memcpy(p, names[i].value, names[i].length);
p += names[i].length;
}
output_token->length = len;
assert(p == (uint8_t *)output_token->value + len);
*minor_status = 0;
return GSS_S_CONTINUE_NEEDED;
}
static OM_uint32
_netlogon_read_initial_auth_message(OM_uint32 *minor_status,
gssnetlogon_ctx ctx,
const gss_buffer_t input_token)
{
NL_AUTH_MESSAGE msg;
const uint8_t *p = (const uint8_t *)input_token->value;
if (ctx->State != NL_AUTH_NEGOTIATE) {
*minor_status = EINVAL;
return GSS_S_FAILURE;
}
if (input_token->length < NL_AUTH_MESSAGE_LENGTH)
return GSS_S_DEFECTIVE_TOKEN;
_gss_mg_decode_le_uint32(&p[0], &msg.MessageType);
_gss_mg_decode_le_uint32(&p[4], &msg.Flags);
if (msg.MessageType != NL_NEGOTIATE_RESPONSE_MESSAGE ||
msg.Flags != 0)
return GSS_S_DEFECTIVE_TOKEN;
ctx->State = NL_AUTH_ESTABLISHED;
*minor_status = 0;
return GSS_S_COMPLETE;
}
static OM_uint32
_netlogon_alloc_context(OM_uint32 *minor_status,
gssnetlogon_ctx *pContext)
{
gssnetlogon_ctx ctx;
ctx = (gssnetlogon_ctx)calloc(1, sizeof(*ctx));
if (ctx == NULL) {
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
ctx->State = NL_AUTH_NEGOTIATE;
ctx->LocallyInitiated = 1;
ctx->MessageBlockSize = 1;
HEIMDAL_MUTEX_init(&ctx->Mutex);
*pContext = ctx;
return GSS_S_COMPLETE;
}
OM_uint32
_netlogon_init_sec_context(OM_uint32 * minor_status,
const gss_cred_id_t initiator_cred_handle,
gss_ctx_id_t * context_handle,
const gss_name_t target_name,
const gss_OID mech_type,
OM_uint32 req_flags,
OM_uint32 time_req,
const gss_channel_bindings_t input_chan_bindings,
const gss_buffer_t input_token,
gss_OID * actual_mech_type,
gss_buffer_t output_token,
OM_uint32 * ret_flags,
OM_uint32 * time_rec)
{
const gssnetlogon_cred cred = (const gssnetlogon_cred)initiator_cred_handle;
gssnetlogon_ctx ctx = (gssnetlogon_ctx)*context_handle;
const gssnetlogon_name target = (const gssnetlogon_name)target_name;
OM_uint32 ret;
*minor_status = 0;
output_token->value = NULL;
output_token->length = 0;
/* Validate arguments */
if (cred == NULL)
return GSS_S_NO_CRED;
else if (target == NULL)
return GSS_S_BAD_NAME;
if (ctx == NULL) {
if (input_token->length != 0)
return GSS_S_DEFECTIVE_TOKEN;
ret = _netlogon_alloc_context(minor_status, &ctx);
if (GSS_ERROR(ret))
goto cleanup;
HEIMDAL_MUTEX_lock(&ctx->Mutex);
*context_handle = (gss_ctx_id_t)ctx;
ctx->GssFlags = req_flags & (GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG |
GSS_C_SEQUENCE_FLAG | GSS_C_CONF_FLAG |
GSS_C_INTEG_FLAG | GSS_C_DCE_STYLE);
ctx->SignatureAlgorithm = cred->SignatureAlgorithm;
ctx->SealAlgorithm = cred->SealAlgorithm;
ret = _netlogon_duplicate_name(minor_status, (gss_name_t)cred->Name,
(gss_name_t *)&ctx->SourceName);
if (GSS_ERROR(ret))
goto cleanup;
ret = _netlogon_duplicate_name(minor_status, (gss_name_t)target,
(gss_name_t *)&ctx->TargetName);
if (GSS_ERROR(ret))
goto cleanup;
memcpy(ctx->SessionKey, cred->SessionKey, sizeof(cred->SessionKey));
ret = _netlogon_make_initial_auth_message(minor_status, ctx,
output_token);
if (GSS_ERROR(ret))
goto cleanup;
} else {
HEIMDAL_MUTEX_lock(&ctx->Mutex);
ret = _netlogon_read_initial_auth_message(minor_status, ctx,
input_token);
}
if (ret_flags != NULL)
*ret_flags = ctx->GssFlags;
if (time_rec != NULL)
*time_rec = GSS_C_INDEFINITE;
if (actual_mech_type != NULL)
*actual_mech_type = GSS_NETLOGON_MECHANISM;
cleanup:
HEIMDAL_MUTEX_unlock(&ctx->Mutex);
if (ret != GSS_S_COMPLETE && ret != GSS_S_CONTINUE_NEEDED) {
OM_uint32 tmp;
_netlogon_delete_sec_context(&tmp, context_handle, NULL);
}
return ret;
}

76
lib/gssapi/netlogon/inquire_context.c Normal file
View File

@@ -0,0 +1,76 @@
/*
* Copyright (c) 2010 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Portions Copyright (c) 2010 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "netlogon.h"
OM_uint32 _netlogon_inquire_context (
OM_uint32 * minor_status,
const gss_ctx_id_t context_handle,
gss_name_t * src_name,
gss_name_t * targ_name,
OM_uint32 * lifetime_rec,
gss_OID * mech_type,
OM_uint32 * ctx_flags,
int * locally_initiated,
int * open_context
)
{
const gssnetlogon_ctx ctx = (const gssnetlogon_ctx)context_handle;
OM_uint32 ret;
if (src_name != NULL) {
ret = _netlogon_duplicate_name(minor_status, (gss_name_t)ctx->SourceName,
(gss_name_t *)src_name);
if (GSS_ERROR(ret))
return ret;
}
if (targ_name != NULL) {
ret = _netlogon_duplicate_name(minor_status, (gss_name_t)ctx->TargetName,
(gss_name_t *)targ_name);
if (GSS_ERROR(ret))
return ret;
}
if (mech_type != NULL)
*mech_type = GSS_NETLOGON_MECHANISM;
if (ctx_flags != NULL)
*ctx_flags = ctx->GssFlags;
if (locally_initiated != NULL)
*locally_initiated = ctx->LocallyInitiated;
if (open_context != NULL)
*open_context = (ctx->State == NL_AUTH_ESTABLISHED);
return GSS_S_COMPLETE;
}

68
lib/gssapi/netlogon/inquire_cred.c Normal file
View File

@@ -0,0 +1,68 @@
/*
* Copyright (c) 2010 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Portions Copyright (c) 2010 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "netlogon.h"
OM_uint32 _netlogon_inquire_cred
(OM_uint32 * minor_status,
const gss_cred_id_t cred_handle,
gss_name_t * name,
OM_uint32 * lifetime,
gss_cred_usage_t * cred_usage,
gss_OID_set * mechanisms
)
{
OM_uint32 ret;
const gssnetlogon_cred cred = (const gssnetlogon_cred)cred_handle;
*minor_status = 0;
if (cred == NULL)
return GSS_S_NO_CRED;
if (name != NULL) {
ret = _netlogon_duplicate_name(minor_status,
(const gss_name_t)cred->Name, name);
if (GSS_ERROR(ret))
return ret;
}
if (lifetime != NULL)
*lifetime = GSS_C_INDEFINITE;
if (cred_usage != NULL)
*cred_usage = GSS_C_INITIATE;
if (mechanisms != NULL)
*mechanisms = GSS_C_NO_OID_SET;
return GSS_S_COMPLETE;
}

66
lib/gssapi/netlogon/inquire_cred_by_mech.c Normal file
View File

@@ -0,0 +1,66 @@
/*
* Copyright (c) 2010 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Portions Copyright (c) 2010 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "netlogon.h"
OM_uint32 _netlogon_inquire_cred_by_mech (
OM_uint32 * minor_status,
const gss_cred_id_t cred_handle,
const gss_OID mech_type,
gss_name_t * name,
OM_uint32 * initiator_lifetime,
OM_uint32 * acceptor_lifetime,
gss_cred_usage_t * cred_usage
)
{
OM_uint32 ret;
const gssnetlogon_cred cred = (const gssnetlogon_cred)cred_handle;
if (name != NULL) {
ret = _netlogon_duplicate_name(minor_status,
(const gss_name_t)cred->Name, name);
if (GSS_ERROR(ret))
return ret;
}
if (initiator_lifetime != NULL)
*initiator_lifetime = GSS_C_INDEFINITE;
if (acceptor_lifetime != NULL)
*acceptor_lifetime = GSS_C_INDEFINITE;
if (cred_usage != NULL)
*cred_usage = GSS_C_INITIATE;
*minor_status = 0;
return GSS_S_COMPLETE;
}

48
lib/gssapi/netlogon/inquire_mechs_for_name.c Normal file
View File

@@ -0,0 +1,48 @@
/*
* Copyright (c) 2010 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Portions Copyright (c) 2010 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "netlogon.h"
OM_uint32 _netlogon_inquire_mechs_for_name (
OM_uint32 * minor_status,
const gss_name_t input_name,
gss_OID_set * mech_types
)
{
if (mech_types != NULL)
*mech_types = GSS_C_NO_OID_SET;
*minor_status = 0;
return GSS_S_COMPLETE;
}

58
lib/gssapi/netlogon/inquire_names_for_mech.c Normal file
View File

@@ -0,0 +1,58 @@
/*
* Copyright (c) 2010 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Portions Copyright (c) 2010 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "netlogon.h"
OM_uint32 _netlogon_inquire_names_for_mech (
OM_uint32 * minor_status,
const gss_OID mechanism,
gss_OID_set * name_types
)
{
OM_uint32 ret, tmp;
ret = gss_create_empty_oid_set(minor_status, name_types);
if (ret != GSS_S_COMPLETE)
return ret;
ret = gss_add_oid_set_member(minor_status, GSS_NETLOGON_NT_NETBIOS_DNS_NAME, name_types);
if (ret != GSS_S_COMPLETE) {
gss_release_oid_set(&tmp, name_types);
return ret;
}
*minor_status = 0;
return GSS_S_COMPLETE;
}

44
lib/gssapi/netlogon/iter_cred.c Normal file
View File

@@ -0,0 +1,44 @@
/*
* Copyright (c) 2009 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "netlogon.h"
#include <gssapi_spi.h>
void
_netlogon_iter_creds_f(OM_uint32 flags,
void *userctx ,
void (*cred_iter)(void *, gss_OID, gss_cred_id_t))
{
}

148
lib/gssapi/netlogon/netlogon.h Normal file
View File

@@ -0,0 +1,148 @@
/*
* Copyright (c) 2010 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Portions Copyright (c) 2010 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifndef NETLOGON_NETLOGON_H
#define NETLOGON_NETLOGON_H
#include <config.h>
#include <stdio.h>
#include <stdlib.h>
#include <assert.h>
#include <string.h>
#include <errno.h>
#include <gssapi.h>
#include <gssapi_mech.h>
#include <gssapi_netlogon.h>
#include <krb5.h>
#include <roken.h>
#include <heim_threads.h>
#define HC_DEPRECATED_CRYPTO
#include "crypto-headers.h"
/*
*
*/
typedef struct {
#define NL_NEGOTIATE_REQUEST_MESSAGE 0x00000000
#define NL_NEGOTIATE_RESPONSE_MESSAGE 0x00000001
uint32_t MessageType;
#define NL_FLAG_NETBIOS_DOMAIN_NAME 0x00000001
#define NL_FLAG_NETBIOS_COMPUTER_NAME 0x00000002
#define NL_FLAG_DNS_DOMAIN_NAME 0x00000004
#define NL_FLAG_DNS_HOST_NAME 0x00000008 /* not used */
#define NL_FLAG_UTF8_COMPUTER_NAME 0x00000010
uint32_t Flags;
char *Buffer[0];
} NL_AUTH_MESSAGE;
#define NL_AUTH_MESSAGE_LENGTH 8
/* SignatureAlgorithm */
#define NL_SIGN_ALG_HMAC_MD5 0x0077
#define NL_SIGN_ALG_SHA256 0x0013
/* SealAlgorithm */
#define NL_SEAL_ALG_RC4 0x007A
#define NL_SEAL_ALG_AES128 0x001A
#define NL_SEAL_ALG_NONE 0xFFFF
typedef struct {
uint16_t SignatureAlgorithm;
uint16_t SealAlgorithm;
uint16_t Pad;
uint16_t Flags;
uint8_t SequenceNumber[8];
uint8_t Checksum[8];
uint8_t Confounder[8];
} NL_AUTH_SIGNATURE;
#define NL_AUTH_SIGNATURE_HEADER_LENGTH 8
#define NL_AUTH_SIGNATURE_COMMON_LENGTH 16
#define NL_AUTH_SIGNATURE_LENGTH 32
typedef struct {
uint16_t SignatureAlgorithm;
uint16_t SealAlgorithm;
uint16_t Pad;
uint16_t Flags;
uint8_t SequenceNumber[8];
uint8_t Checksum[32];
uint8_t Confounder[8];
} NL_AUTH_SHA2_SIGNATURE;
#define NL_AUTH_SHA2_SIGNATURE_LENGTH 56
typedef union {
NL_AUTH_SIGNATURE Signature;
NL_AUTH_SHA2_SIGNATURE SHA2Signature;
} NL_AUTH_SIGNATURE_U;
#define NL_AUTH_SIGNATURE_P(_u) (&(_u)->Signature)
typedef struct gssnetlogon_name {
gss_buffer_desc NetbiosName;
gss_buffer_desc DnsName;
} *gssnetlogon_name;
typedef struct gssnetlogon_cred {
gssnetlogon_name *Name;
uint16_t SignatureAlgorithm;
uint16_t SealAlgorithm;
uint8_t SessionKey[16];
} *gssnetlogon_cred;
typedef struct gssnetlogon_ctx {
HEIMDAL_MUTEX Mutex;
enum { NL_AUTH_NEGOTIATE, NL_AUTH_ESTABLISHED } State;
OM_uint32 GssFlags;
uint8_t LocallyInitiated;
uint32_t MessageBlockSize;
uint16_t SignatureAlgorithm;
uint16_t SealAlgorithm;
uint64_t SequenceNumber;
gssnetlogon_name SourceName;
gssnetlogon_name TargetName;
uint8_t SessionKey[16];
} *gssnetlogon_ctx;
#include <netlogon-private.h>
#endif /* NETLOGON_NETLOGON_H */

46
lib/gssapi/netlogon/process_context_token.c Normal file
View File

@@ -0,0 +1,46 @@
/*
* Copyright (c) 2009 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "netlogon.h"
OM_uint32 _netlogon_process_context_token (
OM_uint32 *minor_status,
const gss_ctx_id_t context_handle,
const gss_buffer_t token_buffer
)
{
*minor_status = 0;
return GSS_S_COMPLETE;
}

3
lib/gssapi/netlogon/regen.sh Normal file
View File

@@ -0,0 +1,3 @@
#!/bin/sh
perl ../../../cf/make-proto.pl -q -P comment -p netlogon-private.h *.c

54
lib/gssapi/netlogon/release_cred.c Normal file
View File

@@ -0,0 +1,54 @@
/*
* Copyright (c) 2010 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Portions Copyright (c) 2010 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "netlogon.h"
OM_uint32 _netlogon_release_cred
(OM_uint32 * minor_status,
gss_cred_id_t * cred_handle
)
{
gssnetlogon_cred cred = (gssnetlogon_cred)*cred_handle;
if (cred != NULL) {
_netlogon_release_name(minor_status, (gss_name_t *)&cred->Name);
memset(cred, 0, sizeof(*cred));
free(cred);
*cred_handle = GSS_C_NO_CREDENTIAL;
}
return GSS_S_COMPLETE;
}

54
lib/gssapi/netlogon/release_name.c Normal file
View File

@@ -0,0 +1,54 @@
/*
* Copyright (c) 2010 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Portions Copyright (c) 2010 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "netlogon.h"
OM_uint32 _netlogon_release_name
(OM_uint32 * minor_status,
gss_name_t * input_name
)
{
gssnetlogon_name name = (gssnetlogon_name)*input_name;
if (name != NULL) {
gss_release_buffer(minor_status, &name->NetbiosName);
gss_release_buffer(minor_status, &name->DnsName);
free(name);
*input_name = GSS_C_NO_NAME;
}
*minor_status = 0;
return GSS_S_COMPLETE;
}

8
lib/gssapi/oid.txt
View File

@@ -41,11 +41,13 @@ oid base GSS_C_MA_SASL_MECH_NAME 1.2.752.43.13.100
oid base GSS_C_MA_MECH_NAME 1.2.752.43.13.101
oid base GSS_C_MA_MECH_DESCRIPTION 1.2.752.43.13.102
#/*
# * Digest mechanisms - 1.2.752.43.14
# */
#/* Heimdal mechanisms - 1.2.752.43.14 */
oid base GSS_SASL_DIGEST_MD5_MECHANISM 1.2.752.43.14.1
oid base GSS_NETLOGON_MECHANISM 1.2.752.43.14.2
oid base GSS_NETLOGON_SET_SESSION_KEY_X 1.2.752.43.14.3
oid base GSS_NETLOGON_SET_SIGN_ALGORITHM_X 1.2.752.43.14.4
oid base GSS_NETLOGON_NT_NETBIOS_DNS_NAME 1.2.752.43.14.5
#/*
# * "Standard" mechs