diff options
author | Andrew Bartlett <abartlet@samba.org> | 2009-07-16 09:53:14 +1000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2009-07-16 11:31:36 +1000 |
commit | e25325539a86912ce620875ef07beff5bcde6060 (patch) | |
tree | 26bcb5125a5e8a698f35995f0dde892a8c0846d6 /source4/heimdal/lib/gssapi/krb5/aeap.c | |
parent | 05bec77e00cc0f974d8521f781dce9dcff897f76 (diff) | |
download | samba-e25325539a86912ce620875ef07beff5bcde6060.tar.gz samba-e25325539a86912ce620875ef07beff5bcde6060.tar.bz2 samba-e25325539a86912ce620875ef07beff5bcde6060.zip |
s4:heimdal: import lorikeet-heimdal-200907152325 (commit 2bef9cd5378c01e9c2a74d6221761883bd11a5c5)
Diffstat (limited to 'source4/heimdal/lib/gssapi/krb5/aeap.c')
-rw-r--r-- | source4/heimdal/lib/gssapi/krb5/aeap.c | 219 |
1 files changed, 24 insertions, 195 deletions
diff --git a/source4/heimdal/lib/gssapi/krb5/aeap.c b/source4/heimdal/lib/gssapi/krb5/aeap.c index 7dab7877d7..38a5ac2dbe 100644 --- a/source4/heimdal/lib/gssapi/krb5/aeap.c +++ b/source4/heimdal/lib/gssapi/krb5/aeap.c @@ -35,66 +35,6 @@ #include <roken.h> -static OM_uint32 -iov_allocate(OM_uint32 *minor_status, gss_iov_buffer_desc *iov, int iov_count) -{ - unsigned int i; - - for (i = 0; i < iov_count; i++) { - if (GSS_IOV_BUFFER_FLAGS(iov[i].type) & GSS_IOV_BUFFER_TYPE_FLAG_ALLOCATE){ - void *ptr = malloc(iov[i].buffer.length); - if (ptr == NULL) - abort(); - if (iov[i].buffer.value) - memcpy(ptr, iov[i].buffer.value, iov[i].buffer.length); - iov[i].buffer.value = ptr; - iov[i].type |= GSS_IOV_BUFFER_TYPE_FLAG_ALLOCATED; - } - } - return GSS_S_COMPLETE; -} - -static OM_uint32 -iov_map(OM_uint32 *minor_status, - const gss_iov_buffer_desc *iov, - int iov_count, - krb5_crypto_iov *data) -{ - unsigned int i; - - for (i = 0; i < iov_count; i++) { - switch(GSS_IOV_BUFFER_TYPE(iov[i].type)) { - case GSS_IOV_BUFFER_TYPE_EMPTY: - data[i].flags = KRB5_CRYPTO_TYPE_EMPTY; - break; - case GSS_IOV_BUFFER_TYPE_DATA: - data[i].flags = KRB5_CRYPTO_TYPE_DATA; - break; - case GSS_IOV_BUFFER_TYPE_SIGN_ONLY: - data[i].flags = KRB5_CRYPTO_TYPE_SIGN_ONLY; - break; - case GSS_IOV_BUFFER_TYPE_HEADER: - data[i].flags = KRB5_CRYPTO_TYPE_HEADER; - break; - case GSS_IOV_BUFFER_TYPE_TRAILER: - data[i].flags = KRB5_CRYPTO_TYPE_TRAILER; - break; - case GSS_IOV_BUFFER_TYPE_PADDING: - data[i].flags = KRB5_CRYPTO_TYPE_PADDING; - break; - case GSS_IOV_BUFFER_TYPE_STREAM: - abort(); - break; - default: - *minor_status = EINVAL; - return GSS_S_FAILURE; - } - data[i].data.data = iov[i].buffer.value; - data[i].data.length = iov[i].buffer.length; - } - return GSS_S_COMPLETE; -} - OM_uint32 GSSAPI_LIB_FUNCTION _gk_wrap_iov(OM_uint32 * minor_status, gss_ctx_id_t context_handle, @@ -104,50 +44,17 @@ _gk_wrap_iov(OM_uint32 * minor_status, gss_iov_buffer_desc *iov, int iov_count) { - gsskrb5_ctx ctx = (gsskrb5_ctx) context_handle; - krb5_context context; - OM_uint32 major_status, junk; - krb5_crypto_iov *data; - krb5_error_code ret; - unsigned usage; - - GSSAPI_KRB5_INIT (&context); - - major_status = iov_allocate(minor_status, iov, iov_count); - if (major_status != GSS_S_COMPLETE) - return major_status; - - data = calloc(iov_count, sizeof(data[0])); - if (data == NULL) { - gss_release_iov_buffer(&junk, iov, iov_count); - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - - major_status = iov_map(minor_status, iov, iov_count, data); - if (major_status != GSS_S_COMPLETE) { - gss_release_iov_buffer(&junk, iov, iov_count); - free(data); - return major_status; - } + const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle; + krb5_context context; - if (ctx->more_flags & LOCAL) { - usage = KRB5_KU_USAGE_ACCEPTOR_SIGN; - } else { - usage = KRB5_KU_USAGE_INITIATOR_SIGN; - } + GSSAPI_KRB5_INIT (&context); - ret = krb5_encrypt_iov_ivec(context, ctx->crypto, usage, - data, iov_count, NULL); - free(data); - if (ret) { - gss_release_iov_buffer(&junk, iov, iov_count); - *minor_status = ret; - return GSS_S_FAILURE; - } + if (ctx->more_flags & IS_CFX) + return _gssapi_wrap_cfx_iov(minor_status, ctx, context, + conf_req_flag, conf_state, + iov, iov_count); - *minor_status = 0; - return GSS_S_COMPLETE; + return GSS_S_FAILURE; } OM_uint32 GSSAPI_LIB_FUNCTION @@ -158,50 +65,16 @@ _gk_unwrap_iov(OM_uint32 *minor_status, gss_iov_buffer_desc *iov, int iov_count) { - gsskrb5_ctx ctx = (gsskrb5_ctx) context_handle; + const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle; krb5_context context; - krb5_error_code ret; - OM_uint32 major_status, junk; - krb5_crypto_iov *data; - unsigned usage; GSSAPI_KRB5_INIT (&context); - - major_status = iov_allocate(minor_status, iov, iov_count); - if (major_status != GSS_S_COMPLETE) - return major_status; - - data = calloc(iov_count, sizeof(data[0])); - if (data == NULL) { - gss_release_iov_buffer(&junk, iov, iov_count); - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - - major_status = iov_map(minor_status, iov, iov_count, data); - if (major_status != GSS_S_COMPLETE) { - gss_release_iov_buffer(&junk, iov, iov_count); - free(data); - return major_status; - } - - if (ctx->more_flags & LOCAL) { - usage = KRB5_KU_USAGE_INITIATOR_SIGN; - } else { - usage = KRB5_KU_USAGE_ACCEPTOR_SIGN; - } - - ret = krb5_decrypt_iov_ivec(context, ctx->crypto, usage, - data, iov_count, NULL); - free(data); - if (ret) { - *minor_status = ret; - gss_release_iov_buffer(&junk, iov, iov_count); - return GSS_S_FAILURE; - } - - *minor_status = 0; - return GSS_S_COMPLETE; + + if (ctx->more_flags & IS_CFX) + return _gssapi_unwrap_cfx_iov(minor_status, ctx, context, + conf_state, qop_state, iov, iov_count); + + return GSS_S_FAILURE; } OM_uint32 GSSAPI_LIB_FUNCTION @@ -213,59 +86,15 @@ _gk_wrap_iov_length(OM_uint32 * minor_status, gss_iov_buffer_desc *iov, int iov_count) { - gsskrb5_ctx ctx = (gsskrb5_ctx) context_handle; + const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle; krb5_context context; - unsigned int i; - size_t size; - size_t *padding = NULL; - + GSSAPI_KRB5_INIT (&context); - *minor_status = 0; - - for (size = 0, i = 0; i < iov_count; i++) { - switch(GSS_IOV_BUFFER_TYPE(iov[i].type)) { - case GSS_IOV_BUFFER_TYPE_EMPTY: - break; - case GSS_IOV_BUFFER_TYPE_DATA: - size += iov[i].buffer.length; - break; - case GSS_IOV_BUFFER_TYPE_HEADER: - iov[i].buffer.length = - krb5_crypto_length(context, ctx->crypto, KRB5_CRYPTO_TYPE_HEADER); - size += iov[i].buffer.length; - break; - case GSS_IOV_BUFFER_TYPE_TRAILER: - iov[i].buffer.length = - krb5_crypto_length(context, ctx->crypto, KRB5_CRYPTO_TYPE_TRAILER); - size += iov[i].buffer.length; - break; - case GSS_IOV_BUFFER_TYPE_PADDING: - if (padding != NULL) { - *minor_status = 0; - return GSS_S_FAILURE; - } - padding = &iov[i].buffer.length; - break; - case GSS_IOV_BUFFER_TYPE_STREAM: - size += iov[i].buffer.length; - break; - case GSS_IOV_BUFFER_TYPE_SIGN_ONLY: - break; - default: - *minor_status = EINVAL; - return GSS_S_FAILURE; - } - } - if (padding) { - size_t pad = krb5_crypto_length(context, ctx->crypto, - KRB5_CRYPTO_TYPE_PADDING); - if (pad > 1) { - *padding = pad - (size % pad); - if (*padding == pad) - *padding = 0; - } else - *padding = 0; - } - - return GSS_S_COMPLETE; + + if (ctx->more_flags & IS_CFX) + return _gssapi_wrap_iov_length_cfx(minor_status, ctx, context, + conf_req_flag, qop_req, conf_state, + iov, iov_count); + + return GSS_S_FAILURE; } |