oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Rename local include file, remove global files.

Browse Source 
Stop exposing global gssapi symbols.
Rename gss_context_id_t and gss_cred_id_t to local names.
Remove SPNEGO code, its now in its own gssapi module.
Add mechglue inquire functions.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17697 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2006-06-28 08:54:04 +00:00
parent 2baa7e7d61
commit ee09f98c15
66 changed files with 1727 additions and 6039 deletions
Download Patch File Download Diff File Expand all files Collapse all files

168
lib/gssapi/krb5/cfx.c
View File

@@ -30,7 +30,7 @@
* SUCH DAMAGE.
*/
#include "gssapi_locl.h"
#include "gsskrb5_locl.h"
RCSID("$Id$");
@@ -57,12 +57,12 @@ wrap_length_cfx(krb5_crypto crypto,
*output_length = sizeof(gss_cfx_wrap_token_desc);
*padlength = 0;
ret = krb5_crypto_get_checksum_type(gssapi_krb5_context, crypto, &type);
ret = krb5_crypto_get_checksum_type(_gsskrb5_context, crypto, &type);
if (ret) {
return ret;
}
ret = krb5_checksumsize(gssapi_krb5_context, type, cksumsize);
ret = krb5_checksumsize(_gsskrb5_context, type, cksumsize);
if (ret) {
return ret;
}
@@ -73,7 +73,7 @@ wrap_length_cfx(krb5_crypto crypto,
/* Header is concatenated with data before encryption */
input_length += sizeof(gss_cfx_wrap_token_desc);
ret = krb5_crypto_getpadsize(gssapi_krb5_context, crypto, &padsize);
ret = krb5_crypto_getpadsize(_gsskrb5_context, crypto, &padsize);
if (ret) {
return ret;
}
@@ -85,7 +85,7 @@ wrap_length_cfx(krb5_crypto crypto,
/* We add the pad ourselves (noted here for completeness only) */
input_length += *padlength;
*output_length += krb5_get_wrapped_length(gssapi_krb5_context,
*output_length += krb5_get_wrapped_length(_gsskrb5_context,
crypto, input_length);
} else {
/* Checksum is concatenated with data */
@@ -98,7 +98,7 @@ wrap_length_cfx(krb5_crypto crypto,
}
OM_uint32 _gssapi_wrap_size_cfx(OM_uint32 *minor_status,
const gss_ctx_id_t context_handle,
const gsskrb5_ctx context_handle,
int conf_req_flag,
gss_qop_t qop_req,
OM_uint32 req_output_size,
@@ -110,9 +110,9 @@ OM_uint32 _gssapi_wrap_size_cfx(OM_uint32 *minor_status,
uint16_t padlength;
size_t output_length, cksumsize;
ret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto);
ret = krb5_crypto_init(_gsskrb5_context, key, 0, &crypto);
if (ret != 0) {
gssapi_krb5_set_error_string();
_gsskrb5_set_error_string();
*minor_status = ret;
return GSS_S_FAILURE;
}
@@ -121,9 +121,9 @@ OM_uint32 _gssapi_wrap_size_cfx(OM_uint32 *minor_status,
req_output_size,
&output_length, &cksumsize, &padlength);
if (ret != 0) {
gssapi_krb5_set_error_string();
_gsskrb5_set_error_string();
*minor_status = ret;
krb5_crypto_destroy(gssapi_krb5_context, crypto);
krb5_crypto_destroy(_gsskrb5_context, crypto);
return GSS_S_FAILURE;
}
@@ -135,7 +135,7 @@ OM_uint32 _gssapi_wrap_size_cfx(OM_uint32 *minor_status,
*max_input_size = 0;
}
krb5_crypto_destroy(gssapi_krb5_context, crypto);
krb5_crypto_destroy(_gsskrb5_context, crypto);
return GSS_S_COMPLETE;
}
@@ -185,7 +185,7 @@ rrc_rotate(void *data, size_t len, uint16_t rrc, krb5_boolean unrotate)
}
OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status,
const gss_ctx_id_t context_handle,
const gsskrb5_ctx context_handle,
int conf_req_flag,
gss_qop_t qop_req,
const gss_buffer_t input_message_buffer,
@@ -203,9 +203,9 @@ OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status,
int32_t seq_number;
u_char *p;
ret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto);
ret = krb5_crypto_init(_gsskrb5_context, key, 0, &crypto);
if (ret != 0) {
gssapi_krb5_set_error_string();
_gsskrb5_set_error_string();
*minor_status = ret;
return GSS_S_FAILURE;
}
@@ -214,9 +214,9 @@ OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status,
input_message_buffer->length,
&wrapped_len, &cksumsize, &padlength);
if (ret != 0) {
gssapi_krb5_set_error_string();
_gsskrb5_set_error_string();
*minor_status = ret;
krb5_crypto_destroy(gssapi_krb5_context, crypto);
krb5_crypto_destroy(_gsskrb5_context, crypto);
return GSS_S_FAILURE;
}
@@ -227,7 +227,7 @@ OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status,
output_message_buffer->value = malloc(output_message_buffer->length);
if (output_message_buffer->value == NULL) {
*minor_status = ENOMEM;
krb5_crypto_destroy(gssapi_krb5_context, crypto);
krb5_crypto_destroy(_gsskrb5_context, crypto);
return GSS_S_FAILURE;
}
@@ -277,12 +277,12 @@ OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status,
token->RRC[1] = 0;
HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
krb5_auth_con_getlocalseqnumber(gssapi_krb5_context,
krb5_auth_con_getlocalseqnumber(_gsskrb5_context,
context_handle->auth_context,
&seq_number);
gssapi_encode_be_om_uint32(0, &token->SND_SEQ[0]);
gssapi_encode_be_om_uint32(seq_number, &token->SND_SEQ[4]);
krb5_auth_con_setlocalseqnumber(gssapi_krb5_context,
_gsskrb5_encode_be_om_uint32(0, &token->SND_SEQ[0]);
_gsskrb5_encode_be_om_uint32(seq_number, &token->SND_SEQ[4]);
krb5_auth_con_setlocalseqnumber(_gsskrb5_context,
context_handle->auth_context,
++seq_number);
HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
@@ -317,16 +317,16 @@ OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status,
memcpy(p + input_message_buffer->length + padlength,
token, sizeof(*token));
ret = krb5_encrypt(gssapi_krb5_context, crypto,
ret = krb5_encrypt(_gsskrb5_context, crypto,
usage, p,
input_message_buffer->length + padlength +
sizeof(*token),
&cipher);
if (ret != 0) {
gssapi_krb5_set_error_string();
_gsskrb5_set_error_string();
*minor_status = ret;
krb5_crypto_destroy(gssapi_krb5_context, crypto);
gss_release_buffer(minor_status, output_message_buffer);
krb5_crypto_destroy(_gsskrb5_context, crypto);
_gsskrb5_release_buffer(minor_status, output_message_buffer);
return GSS_S_FAILURE;
}
assert(sizeof(*token) + cipher.length == wrapped_len);
@@ -335,10 +335,10 @@ OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status,
ret = rrc_rotate(cipher.data, cipher.length, rrc, FALSE);
if (ret != 0) {
gssapi_krb5_set_error_string();
_gsskrb5_set_error_string();
*minor_status = ret;
krb5_crypto_destroy(gssapi_krb5_context, crypto);
gss_release_buffer(minor_status, output_message_buffer);
krb5_crypto_destroy(_gsskrb5_context, crypto);
_gsskrb5_release_buffer(minor_status, output_message_buffer);
return GSS_S_FAILURE;
}
memcpy(p, cipher.data, cipher.length);
@@ -350,23 +350,23 @@ OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status,
buf = malloc(input_message_buffer->length + sizeof(*token));
if (buf == NULL) {
*minor_status = ENOMEM;
krb5_crypto_destroy(gssapi_krb5_context, crypto);
gss_release_buffer(minor_status, output_message_buffer);
krb5_crypto_destroy(_gsskrb5_context, crypto);
_gsskrb5_release_buffer(minor_status, output_message_buffer);
return GSS_S_FAILURE;
}
memcpy(buf, input_message_buffer->value, input_message_buffer->length);
memcpy(buf + input_message_buffer->length, token, sizeof(*token));
ret = krb5_create_checksum(gssapi_krb5_context, crypto,
ret = krb5_create_checksum(_gsskrb5_context, crypto,
usage, 0, buf,
input_message_buffer->length +
sizeof(*token),
&cksum);
if (ret != 0) {
gssapi_krb5_set_error_string();
_gsskrb5_set_error_string();
*minor_status = ret;
krb5_crypto_destroy(gssapi_krb5_context, crypto);
gss_release_buffer(minor_status, output_message_buffer);
krb5_crypto_destroy(_gsskrb5_context, crypto);
_gsskrb5_release_buffer(minor_status, output_message_buffer);
free(buf);
return GSS_S_FAILURE;
}
@@ -387,17 +387,17 @@ OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status,
ret = rrc_rotate(p,
input_message_buffer->length + cksum.checksum.length, rrc, FALSE);
if (ret != 0) {
gssapi_krb5_set_error_string();
_gsskrb5_set_error_string();
*minor_status = ret;
krb5_crypto_destroy(gssapi_krb5_context, crypto);
gss_release_buffer(minor_status, output_message_buffer);
krb5_crypto_destroy(_gsskrb5_context, crypto);
_gsskrb5_release_buffer(minor_status, output_message_buffer);
free_Checksum(&cksum);
return GSS_S_FAILURE;
}
free_Checksum(&cksum);
}
krb5_crypto_destroy(gssapi_krb5_context, crypto);
krb5_crypto_destroy(_gsskrb5_context, crypto);
if (conf_state != NULL) {
*conf_state = conf_req_flag;
@@ -408,7 +408,7 @@ OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status,
}
OM_uint32 _gssapi_unwrap_cfx(OM_uint32 *minor_status,
const gss_ctx_id_t context_handle,
const gsskrb5_ctx context_handle,
const gss_buffer_t input_message_buffer,
gss_buffer_t output_message_buffer,
int *conf_state,
@@ -471,8 +471,8 @@ OM_uint32 _gssapi_unwrap_cfx(OM_uint32 *minor_status,
/*
* Check sequence number
*/
gssapi_decode_be_om_uint32(&token->SND_SEQ[0], &seq_number_hi);
gssapi_decode_be_om_uint32(&token->SND_SEQ[4], &seq_number_lo);
_gsskrb5_decode_be_om_uint32(&token->SND_SEQ[0], &seq_number_hi);
_gsskrb5_decode_be_om_uint32(&token->SND_SEQ[4], &seq_number_lo);
if (seq_number_hi) {
/* no support for 64-bit sequence numbers */
*minor_status = ERANGE;
@@ -484,7 +484,7 @@ OM_uint32 _gssapi_unwrap_cfx(OM_uint32 *minor_status,
if (ret != 0) {
*minor_status = 0;
HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
gss_release_buffer(minor_status, output_message_buffer);
_gsskrb5_release_buffer(minor_status, output_message_buffer);
return ret;
}
HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
@@ -492,9 +492,9 @@ OM_uint32 _gssapi_unwrap_cfx(OM_uint32 *minor_status,
/*
* Decrypt and/or verify checksum
*/
ret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto);
ret = krb5_crypto_init(_gsskrb5_context, key, 0, &crypto);
if (ret != 0) {
gssapi_krb5_set_error_string();
_gsskrb5_set_error_string();
*minor_status = ret;
return GSS_S_FAILURE;
}
@@ -512,23 +512,23 @@ OM_uint32 _gssapi_unwrap_cfx(OM_uint32 *minor_status,
/* Rotate by RRC; bogus to do this in-place XXX */
*minor_status = rrc_rotate(p, len, rrc, TRUE);
if (*minor_status != 0) {
krb5_crypto_destroy(gssapi_krb5_context, crypto);
krb5_crypto_destroy(_gsskrb5_context, crypto);
return GSS_S_FAILURE;
}
if (token_flags & CFXSealed) {
ret = krb5_decrypt(gssapi_krb5_context, crypto, usage,
ret = krb5_decrypt(_gsskrb5_context, crypto, usage,
p, len, &data);
if (ret != 0) {
gssapi_krb5_set_error_string();
_gsskrb5_set_error_string();
*minor_status = ret;
krb5_crypto_destroy(gssapi_krb5_context, crypto);
krb5_crypto_destroy(_gsskrb5_context, crypto);
return GSS_S_BAD_MIC;
}
/* Check that there is room for the pad and token header */
if (data.length < ec + sizeof(*token)) {
krb5_crypto_destroy(gssapi_krb5_context, crypto);
krb5_crypto_destroy(_gsskrb5_context, crypto);
krb5_data_free(&data);
return GSS_S_DEFECTIVE_TOKEN;
}
@@ -541,7 +541,7 @@ OM_uint32 _gssapi_unwrap_cfx(OM_uint32 *minor_status,
/* Check the integrity of the header */
if (memcmp(p, token, sizeof(*token)) != 0) {
krb5_crypto_destroy(gssapi_krb5_context, crypto);
krb5_crypto_destroy(_gsskrb5_context, crypto);
krb5_data_free(&data);
return GSS_S_BAD_MIC;
}
@@ -552,12 +552,12 @@ OM_uint32 _gssapi_unwrap_cfx(OM_uint32 *minor_status,
Checksum cksum;
/* Determine checksum type */
ret = krb5_crypto_get_checksum_type(gssapi_krb5_context,
ret = krb5_crypto_get_checksum_type(_gsskrb5_context,
crypto, &cksum.cksumtype);
if (ret != 0) {
gssapi_krb5_set_error_string();
_gsskrb5_set_error_string();
*minor_status = ret;
krb5_crypto_destroy(gssapi_krb5_context, crypto);
krb5_crypto_destroy(_gsskrb5_context, crypto);
return GSS_S_FAILURE;
}
@@ -566,7 +566,7 @@ OM_uint32 _gssapi_unwrap_cfx(OM_uint32 *minor_status,
/* Check we have at least as much data as the checksum */
if (len < cksum.checksum.length) {
*minor_status = ERANGE;
krb5_crypto_destroy(gssapi_krb5_context, crypto);
krb5_crypto_destroy(_gsskrb5_context, crypto);
return GSS_S_BAD_MIC;
}
@@ -578,7 +578,7 @@ OM_uint32 _gssapi_unwrap_cfx(OM_uint32 *minor_status,
output_message_buffer->value = malloc(len + sizeof(*token));
if (output_message_buffer->value == NULL) {
*minor_status = ENOMEM;
krb5_crypto_destroy(gssapi_krb5_context, crypto);
krb5_crypto_destroy(_gsskrb5_context, crypto);
return GSS_S_FAILURE;
}
@@ -595,21 +595,21 @@ OM_uint32 _gssapi_unwrap_cfx(OM_uint32 *minor_status,
token->RRC[0] = 0;
token->RRC[1] = 0;
ret = krb5_verify_checksum(gssapi_krb5_context, crypto,
ret = krb5_verify_checksum(_gsskrb5_context, crypto,
usage,
output_message_buffer->value,
len + sizeof(*token),
&cksum);
if (ret != 0) {
gssapi_krb5_set_error_string();
_gsskrb5_set_error_string();
*minor_status = ret;
krb5_crypto_destroy(gssapi_krb5_context, crypto);
gss_release_buffer(minor_status, output_message_buffer);
krb5_crypto_destroy(_gsskrb5_context, crypto);
_gsskrb5_release_buffer(minor_status, output_message_buffer);
return GSS_S_BAD_MIC;
}
}
krb5_crypto_destroy(gssapi_krb5_context, crypto);
krb5_crypto_destroy(_gsskrb5_context, crypto);
if (qop_state != NULL) {
*qop_state = GSS_C_QOP_DEFAULT;
@@ -620,7 +620,7 @@ OM_uint32 _gssapi_unwrap_cfx(OM_uint32 *minor_status,
}
OM_uint32 _gssapi_mic_cfx(OM_uint32 *minor_status,
const gss_ctx_id_t context_handle,
const gsskrb5_ctx context_handle,
gss_qop_t qop_req,
const gss_buffer_t message_buffer,
gss_buffer_t message_token,
@@ -635,9 +635,9 @@ OM_uint32 _gssapi_mic_cfx(OM_uint32 *minor_status,
size_t len;
int32_t seq_number;
ret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto);
ret = krb5_crypto_init(_gsskrb5_context, key, 0, &crypto);
if (ret != 0) {
gssapi_krb5_set_error_string();
_gsskrb5_set_error_string();
*minor_status = ret;
return GSS_S_FAILURE;
}
@@ -646,7 +646,7 @@ OM_uint32 _gssapi_mic_cfx(OM_uint32 *minor_status,
buf = malloc(len);
if (buf == NULL) {
*minor_status = ENOMEM;
krb5_crypto_destroy(gssapi_krb5_context, crypto);
krb5_crypto_destroy(_gsskrb5_context, crypto);
return GSS_S_FAILURE;
}
@@ -663,12 +663,12 @@ OM_uint32 _gssapi_mic_cfx(OM_uint32 *minor_status,
memset(token->Filler, 0xFF, 5);
HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
krb5_auth_con_getlocalseqnumber(gssapi_krb5_context,
krb5_auth_con_getlocalseqnumber(_gsskrb5_context,
context_handle->auth_context,
&seq_number);
gssapi_encode_be_om_uint32(0, &token->SND_SEQ[0]);
gssapi_encode_be_om_uint32(seq_number, &token->SND_SEQ[4]);
krb5_auth_con_setlocalseqnumber(gssapi_krb5_context,
_gsskrb5_encode_be_om_uint32(0, &token->SND_SEQ[0]);
_gsskrb5_encode_be_om_uint32(seq_number, &token->SND_SEQ[4]);
krb5_auth_con_setlocalseqnumber(_gsskrb5_context,
context_handle->auth_context,
++seq_number);
HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
@@ -679,16 +679,16 @@ OM_uint32 _gssapi_mic_cfx(OM_uint32 *minor_status,
usage = KRB5_KU_USAGE_ACCEPTOR_SIGN;
}
ret = krb5_create_checksum(gssapi_krb5_context, crypto,
ret = krb5_create_checksum(_gsskrb5_context, crypto,
usage, 0, buf, len, &cksum);
if (ret != 0) {
gssapi_krb5_set_error_string();
_gsskrb5_set_error_string();
*minor_status = ret;
krb5_crypto_destroy(gssapi_krb5_context, crypto);
krb5_crypto_destroy(_gsskrb5_context, crypto);
free(buf);
return GSS_S_FAILURE;
}
krb5_crypto_destroy(gssapi_krb5_context, crypto);
krb5_crypto_destroy(_gsskrb5_context, crypto);
/* Determine MIC length */
message_token->length = sizeof(*token) + cksum.checksum.length;
@@ -713,7 +713,7 @@ OM_uint32 _gssapi_mic_cfx(OM_uint32 *minor_status,
}
OM_uint32 _gssapi_verify_mic_cfx(OM_uint32 *minor_status,
const gss_ctx_id_t context_handle,
const gsskrb5_ctx context_handle,
const gss_buffer_t message_buffer,
const gss_buffer_t token_buffer,
gss_qop_t *qop_state,
@@ -764,8 +764,8 @@ OM_uint32 _gssapi_verify_mic_cfx(OM_uint32 *minor_status,
/*
* Check sequence number
*/
gssapi_decode_be_om_uint32(&token->SND_SEQ[0], &seq_number_hi);
gssapi_decode_be_om_uint32(&token->SND_SEQ[4], &seq_number_lo);
_gsskrb5_decode_be_om_uint32(&token->SND_SEQ[0], &seq_number_hi);
_gsskrb5_decode_be_om_uint32(&token->SND_SEQ[4], &seq_number_lo);
if (seq_number_hi) {
*minor_status = ERANGE;
return GSS_S_UNSEQ_TOKEN;
@@ -783,19 +783,19 @@ OM_uint32 _gssapi_verify_mic_cfx(OM_uint32 *minor_status,
/*
* Verify checksum
*/
ret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto);
ret = krb5_crypto_init(_gsskrb5_context, key, 0, &crypto);
if (ret != 0) {
gssapi_krb5_set_error_string();
_gsskrb5_set_error_string();
*minor_status = ret;
return GSS_S_FAILURE;
}
ret = krb5_crypto_get_checksum_type(gssapi_krb5_context, crypto,
ret = krb5_crypto_get_checksum_type(_gsskrb5_context, crypto,
&cksum.cksumtype);
if (ret != 0) {
gssapi_krb5_set_error_string();
_gsskrb5_set_error_string();
*minor_status = ret;
krb5_crypto_destroy(gssapi_krb5_context, crypto);
krb5_crypto_destroy(_gsskrb5_context, crypto);
return GSS_S_FAILURE;
}
@@ -811,21 +811,21 @@ OM_uint32 _gssapi_verify_mic_cfx(OM_uint32 *minor_status,
buf = malloc(message_buffer->length + sizeof(*token));
if (buf == NULL) {
*minor_status = ENOMEM;
krb5_crypto_destroy(gssapi_krb5_context, crypto);
krb5_crypto_destroy(_gsskrb5_context, crypto);
return GSS_S_FAILURE;
}
memcpy(buf, message_buffer->value, message_buffer->length);
memcpy(buf + message_buffer->length, token, sizeof(*token));
ret = krb5_verify_checksum(gssapi_krb5_context, crypto,
ret = krb5_verify_checksum(_gsskrb5_context, crypto,
usage,
buf,
sizeof(*token) + message_buffer->length,
&cksum);
if (ret != 0) {
gssapi_krb5_set_error_string();
_gsskrb5_set_error_string();
*minor_status = ret;
krb5_crypto_destroy(gssapi_krb5_context, crypto);
krb5_crypto_destroy(_gsskrb5_context, crypto);
free(buf);
return GSS_S_BAD_MIC;
}