diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2007-06-13 05:44:24 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 14:53:18 -0500 |
| commit | 91adebe749beb0dc23cacaea316cb2b724776aad (patch) | |
| tree | 133d480f5b23b99fcf1149861136103dc4525cb1 /source4/heimdal/lib/gssapi/krb5 | |
| parent | f7110d928afd61cee203d07fd85968af993a327f (diff) | |
| download | samba-91adebe749beb0dc23cacaea316cb2b724776aad.tar.gz samba-91adebe749beb0dc23cacaea316cb2b724776aad.tar.bz2 samba-91adebe749beb0dc23cacaea316cb2b724776aad.zip | |
r23456: Update Samba4 to current lorikeet-heimdal.
Andrew Bartlett
(This used to be commit ae0f81ab235c72cceb120bcdeb051a483cf3cc4f)
Diffstat (limited to 'source4/heimdal/lib/gssapi/krb5')
52 files changed, 411 insertions, 392 deletions
diff --git a/source4/heimdal/lib/gssapi/krb5/8003.c b/source4/heimdal/lib/gssapi/krb5/8003.c index 0123f67e09..619cbf97fc 100644 --- a/source4/heimdal/lib/gssapi/krb5/8003.c +++ b/source4/heimdal/lib/gssapi/krb5/8003.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: 8003.c,v 1.20 2006/10/07 22:13:51 lha Exp $"); +RCSID("$Id: 8003.c 18334 2006-10-07 22:16:04Z lha $"); krb5_error_code _gsskrb5_encode_om_uint32(OM_uint32 n, u_char *p) diff --git a/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c b/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c index 434fbee352..73b93ceba4 100644 --- a/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c +++ b/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: accept_sec_context.c,v 1.66 2006/11/13 18:00:54 lha Exp $"); +RCSID("$Id: accept_sec_context.c 20199 2007-02-07 22:36:39Z lha $"); HEIMDAL_MUTEX gssapi_keytab_mutex = HEIMDAL_MUTEX_INITIALIZER; krb5_keytab _gsskrb5_keytab; @@ -187,6 +187,7 @@ gsskrb5_accept_delegated_token out: if (ccache) { + /* Don't destroy the default cred cache */ if (delegated_cred_handle == NULL) krb5_cc_close(context, ccache); else diff --git a/source4/heimdal/lib/gssapi/krb5/acquire_cred.c b/source4/heimdal/lib/gssapi/krb5/acquire_cred.c index e811a99a8b..42b57cdadd 100644 --- a/source4/heimdal/lib/gssapi/krb5/acquire_cred.c +++ b/source4/heimdal/lib/gssapi/krb5/acquire_cred.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: acquire_cred.c,v 1.33 2006/11/20 18:09:30 lha Exp $"); +RCSID("$Id: acquire_cred.c 20688 2007-05-17 18:44:31Z lha $"); OM_uint32 __gsskrb5_ccache_lifetime(OM_uint32 *minor_status, @@ -301,8 +301,8 @@ OM_uint32 _gsskrb5_acquire_cred if (desired_mechs) { int present = 0; - ret = _gsskrb5_test_oid_set_member(minor_status, GSS_KRB5_MECHANISM, - desired_mechs, &present); + ret = gss_test_oid_set_member(minor_status, GSS_KRB5_MECHANISM, + desired_mechs, &present); if (ret) return ret; if (!present) { @@ -352,16 +352,16 @@ OM_uint32 _gsskrb5_acquire_cred return (ret); } } - ret = _gsskrb5_create_empty_oid_set(minor_status, &handle->mechanisms); + ret = gss_create_empty_oid_set(minor_status, &handle->mechanisms); if (ret == GSS_S_COMPLETE) - ret = _gsskrb5_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM, - &handle->mechanisms); + ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM, + &handle->mechanisms); if (ret == GSS_S_COMPLETE) ret = _gsskrb5_inquire_cred(minor_status, (gss_cred_id_t)handle, NULL, time_rec, NULL, actual_mechs); if (ret != GSS_S_COMPLETE) { if (handle->mechanisms != NULL) - _gsskrb5_release_oid_set(NULL, &handle->mechanisms); + gss_release_oid_set(NULL, &handle->mechanisms); HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex); krb5_free_principal(context, handle->principal); free(handle); diff --git a/source4/heimdal/lib/gssapi/krb5/add_cred.c b/source4/heimdal/lib/gssapi/krb5/add_cred.c index 3b0272af80..9a1045a889 100644 --- a/source4/heimdal/lib/gssapi/krb5/add_cred.c +++ b/source4/heimdal/lib/gssapi/krb5/add_cred.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: add_cred.c,v 1.10 2006/11/13 18:01:01 lha Exp $"); +RCSID("$Id: add_cred.c 20688 2007-05-17 18:44:31Z lha $"); OM_uint32 _gsskrb5_add_cred ( OM_uint32 *minor_status, @@ -204,12 +204,12 @@ OM_uint32 _gsskrb5_add_cred ( } } } - ret = _gsskrb5_create_empty_oid_set(minor_status, &handle->mechanisms); + ret = gss_create_empty_oid_set(minor_status, &handle->mechanisms); if (ret) goto failure; - ret = _gsskrb5_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM, - &handle->mechanisms); + ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM, + &handle->mechanisms); if (ret) goto failure; } @@ -243,7 +243,7 @@ OM_uint32 _gsskrb5_add_cred ( if (handle->ccache) krb5_cc_destroy(context, handle->ccache); if (handle->mechanisms) - _gsskrb5_release_oid_set(NULL, &handle->mechanisms); + gss_release_oid_set(NULL, &handle->mechanisms); free(handle); } if (output_cred_handle) diff --git a/source4/heimdal/lib/gssapi/krb5/add_oid_set_member.c b/source4/heimdal/lib/gssapi/krb5/add_oid_set_member.c deleted file mode 100644 index b0ec2c60d8..0000000000 --- a/source4/heimdal/lib/gssapi/krb5/add_oid_set_member.c +++ /dev/null @@ -1,70 +0,0 @@ -/* - * Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "krb5/gsskrb5_locl.h" - -RCSID("$Id: add_oid_set_member.c,v 1.10 2006/10/07 22:14:00 lha Exp $"); - -OM_uint32 _gsskrb5_add_oid_set_member ( - OM_uint32 * minor_status, - const gss_OID member_oid, - gss_OID_set * oid_set - ) -{ - gss_OID tmp; - size_t n; - OM_uint32 res; - int present; - - res = _gsskrb5_test_oid_set_member(minor_status, member_oid, - *oid_set, &present); - if (res != GSS_S_COMPLETE) - return res; - - if (present) { - *minor_status = 0; - return GSS_S_COMPLETE; - } - - n = (*oid_set)->count + 1; - tmp = realloc ((*oid_set)->elements, n * sizeof(gss_OID_desc)); - if (tmp == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - (*oid_set)->elements = tmp; - (*oid_set)->count = n; - (*oid_set)->elements[n-1] = *member_oid; - *minor_status = 0; - return GSS_S_COMPLETE; -} diff --git a/source4/heimdal/lib/gssapi/krb5/arcfour.c b/source4/heimdal/lib/gssapi/krb5/arcfour.c index d1bdbb641f..032da36ebc 100644 --- a/source4/heimdal/lib/gssapi/krb5/arcfour.c +++ b/source4/heimdal/lib/gssapi/krb5/arcfour.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: arcfour.c,v 1.31 2006/11/13 18:01:08 lha Exp $"); +RCSID("$Id: arcfour.c 19031 2006-11-13 18:02:57Z lha $"); /* * Implements draft-brezak-win2k-krb-rc4-hmac-04.txt diff --git a/source4/heimdal/lib/gssapi/krb5/canonicalize_name.c b/source4/heimdal/lib/gssapi/krb5/canonicalize_name.c index f69300b590..c1744abd3b 100644 --- a/source4/heimdal/lib/gssapi/krb5/canonicalize_name.c +++ b/source4/heimdal/lib/gssapi/krb5/canonicalize_name.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: canonicalize_name.c,v 1.4 2006/10/07 22:14:08 lha Exp $"); +RCSID("$Id: canonicalize_name.c 18334 2006-10-07 22:16:04Z lha $"); OM_uint32 _gsskrb5_canonicalize_name ( OM_uint32 * minor_status, diff --git a/source4/heimdal/lib/gssapi/krb5/cfx.c b/source4/heimdal/lib/gssapi/krb5/cfx.c index e75fe5da9d..6452f802ab 100755 --- a/source4/heimdal/lib/gssapi/krb5/cfx.c +++ b/source4/heimdal/lib/gssapi/krb5/cfx.c @@ -32,7 +32,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: cfx.c,v 1.25 2006/11/13 18:01:14 lha Exp $"); +RCSID("$Id: cfx.c 19031 2006-11-13 18:02:57Z lha $"); /* * Implementation of draft-ietf-krb-wg-gssapi-cfx-06.txt diff --git a/source4/heimdal/lib/gssapi/krb5/cfx.h b/source4/heimdal/lib/gssapi/krb5/cfx.h index ce021aa099..672704a841 100755 --- a/source4/heimdal/lib/gssapi/krb5/cfx.h +++ b/source4/heimdal/lib/gssapi/krb5/cfx.h @@ -30,7 +30,7 @@ * SUCH DAMAGE. */ -/* $Id: cfx.h,v 1.8 2006/11/13 18:01:17 lha Exp $ */ +/* $Id: cfx.h 19031 2006-11-13 18:02:57Z lha $ */ #ifndef GSSAPI_CFX_H_ #define GSSAPI_CFX_H_ 1 diff --git a/source4/heimdal/lib/gssapi/krb5/compare_name.c b/source4/heimdal/lib/gssapi/krb5/compare_name.c index 6b537468df..3f3b59d116 100644 --- a/source4/heimdal/lib/gssapi/krb5/compare_name.c +++ b/source4/heimdal/lib/gssapi/krb5/compare_name.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: compare_name.c,v 1.8 2006/11/13 18:01:20 lha Exp $"); +RCSID("$Id: compare_name.c 19031 2006-11-13 18:02:57Z lha $"); OM_uint32 _gsskrb5_compare_name (OM_uint32 * minor_status, diff --git a/source4/heimdal/lib/gssapi/krb5/compat.c b/source4/heimdal/lib/gssapi/krb5/compat.c index 3e64df03db..a0f075621a 100644 --- a/source4/heimdal/lib/gssapi/krb5/compat.c +++ b/source4/heimdal/lib/gssapi/krb5/compat.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: compat.c,v 1.14 2006/11/13 18:01:23 lha Exp $"); +RCSID("$Id: compat.c 19031 2006-11-13 18:02:57Z lha $"); static krb5_error_code diff --git a/source4/heimdal/lib/gssapi/krb5/context_time.c b/source4/heimdal/lib/gssapi/krb5/context_time.c index 9012dd0b7f..b57ac7854e 100644 --- a/source4/heimdal/lib/gssapi/krb5/context_time.c +++ b/source4/heimdal/lib/gssapi/krb5/context_time.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: context_time.c,v 1.14 2006/11/13 18:01:26 lha Exp $"); +RCSID("$Id: context_time.c 19031 2006-11-13 18:02:57Z lha $"); OM_uint32 _gsskrb5_lifetime_left(OM_uint32 *minor_status, diff --git a/source4/heimdal/lib/gssapi/krb5/copy_ccache.c b/source4/heimdal/lib/gssapi/krb5/copy_ccache.c index 4387a4e6ef..66d797c199 100644 --- a/source4/heimdal/lib/gssapi/krb5/copy_ccache.c +++ b/source4/heimdal/lib/gssapi/krb5/copy_ccache.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: copy_ccache.c,v 1.17 2006/11/13 18:01:29 lha Exp $"); +RCSID("$Id: copy_ccache.c 20688 2007-05-17 18:44:31Z lha $"); #if 0 OM_uint32 @@ -166,10 +166,10 @@ _gsskrb5_import_cred(OM_uint32 *minor_status, if (id || keytab) { - ret = _gsskrb5_create_empty_oid_set(minor_status, &handle->mechanisms); + ret = gss_create_empty_oid_set(minor_status, &handle->mechanisms); if (ret == GSS_S_COMPLETE) - ret = _gsskrb5_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM, - &handle->mechanisms); + ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM, + &handle->mechanisms); if (ret != GSS_S_COMPLETE) { kret = *minor_status; goto out; @@ -181,6 +181,11 @@ _gsskrb5_import_cred(OM_uint32 *minor_status, return GSS_S_COMPLETE; out: + gss_release_oid_set(minor_status, &handle->mechanisms); + if (handle->ccache) + krb5_cc_close(context, handle->ccache); + if (handle->keytab) + krb5_kt_close(context, handle->keytab); if (handle->principal) krb5_free_principal(context, handle->principal); HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex); diff --git a/source4/heimdal/lib/gssapi/krb5/create_emtpy_oid_set.c b/source4/heimdal/lib/gssapi/krb5/create_emtpy_oid_set.c deleted file mode 100644 index 550995125a..0000000000 --- a/source4/heimdal/lib/gssapi/krb5/create_emtpy_oid_set.c +++ /dev/null @@ -1,52 +0,0 @@ -/* - * Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "krb5/gsskrb5_locl.h" - -RCSID("$Id: create_emtpy_oid_set.c,v 1.7 2006/10/07 22:14:24 lha Exp $"); - -OM_uint32 _gsskrb5_create_empty_oid_set ( - OM_uint32 * minor_status, - gss_OID_set * oid_set - ) -{ - *oid_set = malloc(sizeof(**oid_set)); - if (*oid_set == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - (*oid_set)->count = 0; - (*oid_set)->elements = NULL; - *minor_status = 0; - return GSS_S_COMPLETE; -} diff --git a/source4/heimdal/lib/gssapi/krb5/decapsulate.c b/source4/heimdal/lib/gssapi/krb5/decapsulate.c index eadec1ef03..39176faff4 100644 --- a/source4/heimdal/lib/gssapi/krb5/decapsulate.c +++ b/source4/heimdal/lib/gssapi/krb5/decapsulate.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: decapsulate.c,v 1.16 2006/10/07 22:14:26 lha Exp $"); +RCSID("$Id: decapsulate.c 18334 2006-10-07 22:16:04Z lha $"); /* * return the length of the mechanism in token or -1 diff --git a/source4/heimdal/lib/gssapi/krb5/delete_sec_context.c b/source4/heimdal/lib/gssapi/krb5/delete_sec_context.c index c7f2ee262d..abad986550 100644 --- a/source4/heimdal/lib/gssapi/krb5/delete_sec_context.c +++ b/source4/heimdal/lib/gssapi/krb5/delete_sec_context.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: delete_sec_context.c,v 1.20 2006/11/13 18:01:32 lha Exp $"); +RCSID("$Id: delete_sec_context.c 19031 2006-11-13 18:02:57Z lha $"); OM_uint32 _gsskrb5_delete_sec_context(OM_uint32 * minor_status, diff --git a/source4/heimdal/lib/gssapi/krb5/display_name.c b/source4/heimdal/lib/gssapi/krb5/display_name.c index 4956c2d77f..93fac8d67b 100644 --- a/source4/heimdal/lib/gssapi/krb5/display_name.c +++ b/source4/heimdal/lib/gssapi/krb5/display_name.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: display_name.c,v 1.13 2006/11/13 18:01:36 lha Exp $"); +RCSID("$Id: display_name.c 19031 2006-11-13 18:02:57Z lha $"); OM_uint32 _gsskrb5_display_name (OM_uint32 * minor_status, diff --git a/source4/heimdal/lib/gssapi/krb5/display_status.c b/source4/heimdal/lib/gssapi/krb5/display_status.c index b0155a7fdf..c0192522a7 100644 --- a/source4/heimdal/lib/gssapi/krb5/display_status.c +++ b/source4/heimdal/lib/gssapi/krb5/display_status.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: display_status.c,v 1.17 2006/11/13 18:01:38 lha Exp $"); +RCSID("$Id: display_status.c 19031 2006-11-13 18:02:57Z lha $"); static const char * calling_error(OM_uint32 v) diff --git a/source4/heimdal/lib/gssapi/krb5/duplicate_name.c b/source4/heimdal/lib/gssapi/krb5/duplicate_name.c index 8375257180..7337f1ab72 100644 --- a/source4/heimdal/lib/gssapi/krb5/duplicate_name.c +++ b/source4/heimdal/lib/gssapi/krb5/duplicate_name.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: duplicate_name.c,v 1.11 2006/11/13 18:01:42 lha Exp $"); +RCSID("$Id: duplicate_name.c 19031 2006-11-13 18:02:57Z lha $"); OM_uint32 _gsskrb5_duplicate_name ( OM_uint32 * minor_status, diff --git a/source4/heimdal/lib/gssapi/krb5/encapsulate.c b/source4/heimdal/lib/gssapi/krb5/encapsulate.c index a015a95103..58dcb5c9c4 100644 --- a/source4/heimdal/lib/gssapi/krb5/encapsulate.c +++ b/source4/heimdal/lib/gssapi/krb5/encapsulate.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: encapsulate.c,v 1.12 2006/10/14 10:02:56 lha Exp $"); +RCSID("$Id: encapsulate.c 18459 2006-10-14 10:12:16Z lha $"); void _gssapi_encap_length (size_t data_len, diff --git a/source4/heimdal/lib/gssapi/krb5/export_name.c b/source4/heimdal/lib/gssapi/krb5/export_name.c index 646fdafb7c..efa45a2638 100644 --- a/source4/heimdal/lib/gssapi/krb5/export_name.c +++ b/source4/heimdal/lib/gssapi/krb5/export_name.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: export_name.c,v 1.9 2006/11/13 18:01:50 lha Exp $"); +RCSID("$Id: export_name.c 19031 2006-11-13 18:02:57Z lha $"); OM_uint32 _gsskrb5_export_name (OM_uint32 * minor_status, diff --git a/source4/heimdal/lib/gssapi/krb5/export_sec_context.c b/source4/heimdal/lib/gssapi/krb5/export_sec_context.c index ffa671a4a1..00218617a0 100644 --- a/source4/heimdal/lib/gssapi/krb5/export_sec_context.c +++ b/source4/heimdal/lib/gssapi/krb5/export_sec_context.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: export_sec_context.c,v 1.12 2006/11/13 18:01:55 lha Exp $"); +RCSID("$Id: export_sec_context.c 19031 2006-11-13 18:02:57Z lha $"); OM_uint32 _gsskrb5_export_sec_context ( diff --git a/source4/heimdal/lib/gssapi/krb5/external.c b/source4/heimdal/lib/gssapi/krb5/external.c index bf7f64cf20..d4c1bc4db2 100644 --- a/source4/heimdal/lib/gssapi/krb5/external.c +++ b/source4/heimdal/lib/gssapi/krb5/external.c @@ -34,7 +34,7 @@ #include "krb5/gsskrb5_locl.h" #include <gssapi_mech.h> -RCSID("$Id: external.c,v 1.23 2006/11/13 18:01:57 lha Exp $"); +RCSID("$Id: external.c 20386 2007-04-18 08:52:08Z lha $"); /* * The implementation must reserve static storage for a @@ -358,6 +358,11 @@ static gss_OID_desc gss_krb5_set_default_realm_x_desc = gss_OID GSS_KRB5_SET_DEFAULT_REALM_X = &gss_krb5_set_default_realm_x_desc; +/* 1.2.752.43.13.16 */ +static gss_OID_desc gss_krb5_ccache_name_x_desc = +{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x10")}; + +gss_OID GSS_KRB5_CCACHE_NAME_X = &gss_krb5_ccache_name_x_desc; /* 1.2.752.43.14.1 */ static gss_OID_desc gss_sasl_digest_md5_mechanism_desc = @@ -411,7 +416,8 @@ static gssapi_mech_interface_desc krb5_mech = { _gsskrb5_inquire_sec_context_by_oid, _gsskrb5_inquire_cred_by_oid, _gsskrb5_set_sec_context_option, - _gsskrb5_set_cred_option + _gsskrb5_set_cred_option, + _gsskrb5_pseudo_random }; gssapi_mech_interface diff --git a/source4/heimdal/lib/gssapi/krb5/get_mic.c b/source4/heimdal/lib/gssapi/krb5/get_mic.c index 790c9b6166..133481ffe1 100644 --- a/source4/heimdal/lib/gssapi/krb5/get_mic.c +++ b/source4/heimdal/lib/gssapi/krb5/get_mic.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: get_mic.c,v 1.35 2006/11/13 18:02:00 lha Exp $"); +RCSID("$Id: get_mic.c 19031 2006-11-13 18:02:57Z lha $"); static OM_uint32 mic_des diff --git a/source4/heimdal/lib/gssapi/krb5/gkrb5_err.et b/source4/heimdal/lib/gssapi/krb5/gkrb5_err.et index 97e98c5e1e..dbfdbdf2f1 100644 --- a/source4/heimdal/lib/gssapi/krb5/gkrb5_err.et +++ b/source4/heimdal/lib/gssapi/krb5/gkrb5_err.et @@ -2,7 +2,7 @@ # extended gss krb5 error messages # -id "$Id: gkrb5_err.et,v 1.1 2006/11/09 23:52:17 lha Exp $" +id "$Id: gkrb5_err.et 20049 2007-01-24 00:14:24Z lha $" error_table gk5 @@ -28,3 +28,4 @@ error_code KG_CONTEXT_ESTABLISHED, "Context is already fully established" error_code KG_BAD_SIGN_TYPE, "Unknown signature type in token" error_code KG_BAD_LENGTH, "Invalid field length in token" error_code KG_CTX_INCOMPLETE, "Attempt to use incomplete security context" +error_code KG_INPUT_TOO_LONG, "Input too long" diff --git a/source4/heimdal/lib/gssapi/krb5/gsskrb5-private.h b/source4/heimdal/lib/gssapi/krb5/gsskrb5-private.h index 15bd5c77da..c2239f1346 100644 --- a/source4/heimdal/lib/gssapi/krb5/gsskrb5-private.h +++ b/source4/heimdal/lib/gssapi/krb5/gsskrb5-private.h @@ -240,12 +240,6 @@ _gsskrb5_add_cred ( OM_uint32 */*acceptor_time_rec*/); OM_uint32 -_gsskrb5_add_oid_set_member ( - OM_uint32 * /*minor_status*/, - const gss_OID /*member_oid*/, - gss_OID_set * oid_set ); - -OM_uint32 _gsskrb5_canonicalize_name ( OM_uint32 * /*minor_status*/, const gss_name_t /*input_name*/, @@ -285,11 +279,6 @@ _gsskrb5_create_ctx ( enum gss_ctx_id_t_state /*state*/); OM_uint32 -_gsskrb5_create_empty_oid_set ( - OM_uint32 * /*minor_status*/, - gss_OID_set * oid_set ); - -OM_uint32 _gsskrb5_decapsulate ( OM_uint32 */*minor_status*/, gss_buffer_t /*input_token_buffer*/, @@ -521,6 +510,15 @@ _gsskrb5_process_context_token ( const gss_buffer_t token_buffer ); OM_uint32 +_gsskrb5_pseudo_random ( + OM_uint32 */*minor_status*/, + gss_ctx_id_t /*context_handle*/, + int /*prf_key*/, + const gss_buffer_t /*prf_in*/, + ssize_t /*desired_output_len*/, + gss_buffer_t /*prf_out*/); + +OM_uint32 _gsskrb5_register_acceptor_identity (const char */*identity*/); OM_uint32 @@ -539,11 +537,6 @@ _gsskrb5_release_name ( gss_name_t * input_name ); OM_uint32 -_gsskrb5_release_oid_set ( - OM_uint32 * /*minor_status*/, - gss_OID_set * set ); - -OM_uint32 _gsskrb5_seal ( OM_uint32 * /*minor_status*/, gss_ctx_id_t /*context_handle*/, @@ -581,13 +574,6 @@ _gsskrb5_sign ( gss_buffer_t message_token ); OM_uint32 -_gsskrb5_test_oid_set_member ( - OM_uint32 * /*minor_status*/, - const gss_OID /*member*/, - const gss_OID_set /*set*/, - int * present ); - -OM_uint32 _gsskrb5_unseal ( OM_uint32 * /*minor_status*/, gss_ctx_id_t /*context_handle*/, diff --git a/source4/heimdal/lib/gssapi/krb5/gsskrb5_locl.h b/source4/heimdal/lib/gssapi/krb5/gsskrb5_locl.h index 1983a9b8e4..6ffb607035 100644 --- a/source4/heimdal/lib/gssapi/krb5/gsskrb5_locl.h +++ b/source4/heimdal/lib/gssapi/krb5/gsskrb5_locl.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: gsskrb5_locl.h,v 1.9 2006/11/13 18:02:03 lha Exp $ */ +/* $Id: gsskrb5_locl.h 20324 2007-04-12 16:46:01Z lha $ */ #ifndef GSSKRB5_LOCL_H #define GSSKRB5_LOCL_H @@ -92,6 +92,7 @@ typedef struct { gss_OID_set mechanisms; struct krb5_ccache_data *ccache; HEIMDAL_MUTEX cred_id_mutex; + krb5_enctype *enctypes; } *gsskrb5_cred; typedef struct Principal *gsskrb5_name; diff --git a/source4/heimdal/lib/gssapi/krb5/import_name.c b/source4/heimdal/lib/gssapi/krb5/import_name.c index 15311b4614..bf31db9232 100644 --- a/source4/heimdal/lib/gssapi/krb5/import_name.c +++ b/source4/heimdal/lib/gssapi/krb5/import_name.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: import_name.c,v 1.18 2006/11/13 18:02:06 lha Exp $"); +RCSID("$Id: import_name.c 19031 2006-11-13 18:02:57Z lha $"); static OM_uint32 parse_krb5_name (OM_uint32 *minor_status, diff --git a/source4/heimdal/lib/gssapi/krb5/import_sec_context.c b/source4/heimdal/lib/gssapi/krb5/import_sec_context.c index bbdc1d36d0..3300036a81 100644 --- a/source4/heimdal/lib/gssapi/krb5/import_sec_context.c +++ b/source4/heimdal/lib/gssapi/krb5/import_sec_context.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: import_sec_context.c,v 1.18 2006/11/13 18:02:09 lha Exp $"); +RCSID("$Id: import_sec_context.c 19031 2006-11-13 18:02:57Z lha $"); OM_uint32 _gsskrb5_import_sec_context ( diff --git a/source4/heimdal/lib/gssapi/krb5/indicate_mechs.c b/source4/heimdal/lib/gssapi/krb5/indicate_mechs.c index 3827533219..eb886c24d3 100644 --- a/source4/heimdal/lib/gssapi/krb5/indicate_mechs.c +++ b/source4/heimdal/lib/gssapi/krb5/indicate_mechs.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: indicate_mechs.c,v 1.9 2006/10/07 22:14:56 lha Exp $"); +RCSID("$Id: indicate_mechs.c 20688 2007-05-17 18:44:31Z lha $"); OM_uint32 _gsskrb5_indicate_mechs (OM_uint32 * minor_status, @@ -42,14 +42,13 @@ OM_uint32 _gsskrb5_indicate_mechs { OM_uint32 ret, junk; - ret = _gsskrb5_create_empty_oid_set(minor_status, mech_set); + ret = gss_create_empty_oid_set(minor_status, mech_set); if (ret) return ret; - ret = _gsskrb5_add_oid_set_member(minor_status, - GSS_KRB5_MECHANISM, mech_set); + ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM, mech_set); if (ret) { - _gsskrb5_release_oid_set(&junk, mech_set); + gss_release_oid_set(&junk, mech_set); return ret; } diff --git a/source4/heimdal/lib/gssapi/krb5/init.c b/source4/heimdal/lib/gssapi/krb5/init.c index 3eece8e086..3bbdcc8ff1 100644 --- a/source4/heimdal/lib/gssapi/krb5/init.c +++ b/source4/heimdal/lib/gssapi/krb5/init.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: init.c,v 1.10 2006/11/13 18:02:12 lha Exp $"); +RCSID("$Id: init.c 19031 2006-11-13 18:02:57Z lha $"); static HEIMDAL_MUTEX context_mutex = HEIMDAL_MUTEX_INITIALIZER; static int created_key; diff --git a/source4/heimdal/lib/gssapi/krb5/init_sec_context.c b/source4/heimdal/lib/gssapi/krb5/init_sec_context.c index d5f183b0ba..4d1ae0daa9 100644 --- a/source4/heimdal/lib/gssapi/krb5/init_sec_context.c +++ b/source4/heimdal/lib/gssapi/krb5/init_sec_context.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: init_sec_context.c,v 1.75 2006/12/13 10:33:20 lha Exp $"); +RCSID("$Id: init_sec_context.c 20326 2007-04-12 16:49:57Z lha $"); /* * copy the addresses from `input_chan_bindings' (if any) to @@ -391,6 +391,20 @@ init_auth goto failure; + /* + * This is hideous glue for (NFS) clients that wants to limit the + * available enctypes to what it can support (encryption in + * kernel). If there is no enctypes selected for this credential, + * reset it to the default set of enctypes. + */ + { + krb5_enctype *enctypes = NULL; + + if (initiator_cred_handle && initiator_cred_handle->enctypes) + enctypes = initiator_cred_handle->enctypes; + krb5_set_default_in_tkt_etypes(context, enctypes); + } + ret = gsskrb5_get_creds(minor_status, context, ccache, @@ -476,11 +490,8 @@ init_auth if (req_flags & GSS_C_EXTENDED_ERROR_FLAG) flags |= GSS_C_EXTENDED_ERROR_FLAG; - if (req_flags & GSS_C_CONF_FLAG) - flags |= GSS_C_CONF_FLAG; - if (req_flags & GSS_C_INTEG_FLAG) - flags |= GSS_C_INTEG_FLAG; - + flags |= GSS_C_CONF_FLAG; + flags |= GSS_C_INTEG_FLAG; flags |= GSS_C_TRANS_FLAG; if (ret_flags) diff --git a/source4/heimdal/lib/gssapi/krb5/inquire_context.c b/source4/heimdal/lib/gssapi/krb5/inquire_context.c index bdaa01b108..41430568b0 100644 --- a/source4/heimdal/lib/gssapi/krb5/inquire_context.c +++ b/source4/heimdal/lib/gssapi/krb5/inquire_context.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: inquire_context.c,v 1.11 2006/11/13 18:02:18 lha Exp $"); +RCSID("$Id: inquire_context.c 19031 2006-11-13 18:02:57Z lha $"); OM_uint32 _gsskrb5_inquire_context ( OM_uint32 * minor_status, diff --git a/source4/heimdal/lib/gssapi/krb5/inquire_cred.c b/source4/heimdal/lib/gssapi/krb5/inquire_cred.c index 74018559a0..47bf71e686 100644 --- a/source4/heimdal/lib/gssapi/krb5/inquire_cred.c +++ b/source4/heimdal/lib/gssapi/krb5/inquire_cred.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: inquire_cred.c,v 1.13 2006/11/13 18:02:21 lha Exp $"); +RCSID("$Id: inquire_cred.c 20688 2007-05-17 18:44:31Z lha $"); OM_uint32 _gsskrb5_inquire_cred (OM_uint32 * minor_status, @@ -80,7 +80,7 @@ OM_uint32 _gsskrb5_inquire_cred NULL, NULL); if (ret == GSS_S_COMPLETE) - acred = (gsskrb5_cred)aqcred_init; + icred = (gsskrb5_cred)aqcred_init; if (icred == NULL && acred == NULL) { *minor_status = 0; @@ -98,7 +98,7 @@ OM_uint32 _gsskrb5_inquire_cred if (icred && icred->principal != NULL) { gss_name_t name; - if (acred) + if (acred && acred->principal) name = (gss_name_t)acred->principal; else name = (gss_name_t)icred->principal; @@ -152,17 +152,17 @@ OM_uint32 _gsskrb5_inquire_cred } if (mechanisms != NULL) { - ret = _gsskrb5_create_empty_oid_set(minor_status, mechanisms); + ret = gss_create_empty_oid_set(minor_status, mechanisms); if (ret) goto out; if (acred) - ret = _gsskrb5_add_oid_set_member(minor_status, - &acred->mechanisms->elements[0], - mechanisms); + ret = gss_add_oid_set_member(minor_status, + &acred->mechanisms->elements[0], + mechanisms); if (ret == GSS_S_COMPLETE && icred) - ret = _gsskrb5_add_oid_set_member(minor_status, - &icred->mechanisms->elements[0], - mechanisms); + ret = gss_add_oid_set_member(minor_status, + &icred->mechanisms->elements[0], + mechanisms); if (ret) goto out; } diff --git a/source4/heimdal/lib/gssapi/krb5/inquire_cred_by_mech.c b/source4/heimdal/lib/gssapi/krb5/inquire_cred_by_mech.c index 954a5e3119..a8af2145be 100644 --- a/source4/heimdal/lib/gssapi/krb5/inquire_cred_by_mech.c +++ b/source4/heimdal/lib/gssapi/krb5/inquire_cred_by_mech.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003 Kungliga Tekniska Högskolan + * Copyright (c) 2003, 2006, 2007 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: inquire_cred_by_mech.c,v 1.4 2006/10/07 22:15:08 lha Exp $"); +RCSID("$Id: inquire_cred_by_mech.c 20634 2007-05-09 15:33:01Z lha $"); OM_uint32 _gsskrb5_inquire_cred_by_mech ( OM_uint32 * minor_status, @@ -45,39 +45,32 @@ OM_uint32 _gsskrb5_inquire_cred_by_mech ( gss_cred_usage_t * cred_usage ) { - OM_uint32 ret; + gss_cred_usage_t usage; + OM_uint32 maj_stat; OM_uint32 lifetime; - if (gss_oid_equal(mech_type, GSS_C_NO_OID) == 0 && - gss_oid_equal(mech_type, GSS_KRB5_MECHANISM) == 0) { - *minor_status = EINVAL; - return GSS_S_BAD_MECH; - } + maj_stat = + _gsskrb5_inquire_cred (minor_status, cred_handle, + name, &lifetime, &usage, NULL); + if (maj_stat) + return maj_stat; - ret = _gsskrb5_inquire_cred (minor_status, - cred_handle, - name, - &lifetime, - cred_usage, - NULL); - - if (ret == 0 && cred_handle != GSS_C_NO_CREDENTIAL) { - gsskrb5_cred cred = (gsskrb5_cred)cred_handle; - gss_cred_usage_t usage; - - HEIMDAL_MUTEX_lock(&cred->cred_id_mutex); - usage = cred->usage; - HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex); - - if (initiator_lifetime) { - if (usage == GSS_C_INITIATE || usage == GSS_C_BOTH) - *initiator_lifetime = lifetime; - } - if (acceptor_lifetime) { - if (usage == GSS_C_ACCEPT || usage == GSS_C_BOTH) - *acceptor_lifetime = lifetime; - } + if (initiator_lifetime) { + if (usage == GSS_C_INITIATE || usage == GSS_C_BOTH) + *initiator_lifetime = lifetime; + else + *initiator_lifetime = 0; } + + if (acceptor_lifetime) { + if (usage == GSS_C_ACCEPT || usage == GSS_C_BOTH) + *acceptor_lifetime = lifetime; + else + *acceptor_lifetime = 0; + } + + if (cred_usage) + *cred_usage = usage; - return ret; + return GSS_S_COMPLETE; } diff --git a/source4/heimdal/lib/gssapi/krb5/inquire_cred_by_oid.c b/source4/heimdal/lib/gssapi/krb5/inquire_cred_by_oid.c index 1a36896019..da50b11d93 100644 --- a/source4/heimdal/lib/gssapi/krb5/inquire_cred_by_oid.c +++ b/source4/heimdal/lib/gssapi/krb5/inquire_cred_by_oid.c @@ -32,7 +32,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: inquire_cred_by_oid.c,v 1.5 2006/11/13 18:02:24 lha Exp $"); +RCSID("$Id: inquire_cred_by_oid.c 19031 2006-11-13 18:02:57Z lha $"); OM_uint32 _gsskrb5_inquire_cred_by_oid (OM_uint32 * minor_status, diff --git a/source4/heimdal/lib/gssapi/krb5/inquire_mechs_for_name.c b/source4/heimdal/lib/gssapi/krb5/inquire_mechs_for_name.c index 5c1f082f45..0ce051f19c 100644 --- a/source4/heimdal/lib/gssapi/krb5/inquire_mechs_for_name.c +++ b/source4/heimdal/lib/gssapi/krb5/inquire_mechs_for_name.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: inquire_mechs_for_name.c,v 1.3 2006/10/07 22:15:13 lha Exp $"); +RCSID("$Id: inquire_mechs_for_name.c 20688 2007-05-17 18:44:31Z lha $"); OM_uint32 _gsskrb5_inquire_mechs_for_name ( OM_uint32 * minor_status, @@ -43,15 +43,15 @@ OM_uint32 _gsskrb5_inquire_mechs_for_name ( { OM_uint32 ret; - ret = _gsskrb5_create_empty_oid_set(minor_status, mech_types); + ret = gss_create_empty_oid_set(minor_status, mech_types); if (ret) return ret; - ret = _gsskrb5_add_oid_set_member(minor_status, - GSS_KRB5_MECHANISM, - mech_types); + ret = gss_add_oid_set_member(minor_status, + GSS_KRB5_MECHANISM, + mech_types); if (ret) - _gsskrb5_release_oid_set(NULL, mech_types); + gss_release_oid_set(NULL, mech_types); return ret; } diff --git a/source4/heimdal/lib/gssapi/krb5/inquire_names_for_mech.c b/source4/heimdal/lib/gssapi/krb5/inquire_names_for_mech.c index 5d8aefab1c..64abd3c34a 100644 --- a/source4/heimdal/lib/gssapi/krb5/inquire_names_for_mech.c +++ b/source4/heimdal/lib/gssapi/krb5/inquire_names_for_mech.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: inquire_names_for_mech.c,v 1.3 2006/10/07 22:15:15 lha Exp $"); +RCSID("$Id: inquire_names_for_mech.c 20688 2007-05-17 18:44:31Z lha $"); static gss_OID *name_list[] = { @@ -61,20 +61,20 @@ OM_uint32 _gsskrb5_inquire_names_for_mech ( return GSS_S_BAD_MECH; } - ret = _gsskrb5_create_empty_oid_set(minor_status, name_types); + ret = gss_create_empty_oid_set(minor_status, name_types); if (ret != GSS_S_COMPLETE) return ret; for (i = 0; name_list[i] != NULL; i++) { - ret = _gsskrb5_add_oid_set_member(minor_status, - *(name_list[i]), - name_types); + ret = gss_add_oid_set_member(minor_status, + *(name_list[i]), + name_types); if (ret != GSS_S_COMPLETE) break; } if (ret != GSS_S_COMPLETE) - _gsskrb5_release_oid_set(NULL, name_types); + gss_release_oid_set(NULL, name_types); return GSS_S_COMPLETE; } diff --git a/source4/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c b/source4/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c index 97e86a95c7..5ca7536e6a 100644 --- a/source4/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c +++ b/source4/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c @@ -32,7 +32,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: inquire_sec_context_by_oid.c,v 1.12 2006/11/13 18:02:27 lha Exp $"); +RCSID("$Id: inquire_sec_context_by_oid.c 19031 2006-11-13 18:02:57Z lha $"); static int oid_prefix_equal(gss_OID oid_enc, gss_OID prefix_enc, unsigned *suffix) diff --git a/source4/heimdal/lib/gssapi/krb5/prf.c b/source4/heimdal/lib/gssapi/krb5/prf.c new file mode 100644 index 0000000000..3eb90d279f --- /dev/null +++ b/source4/heimdal/lib/gssapi/krb5/prf.c @@ -0,0 +1,142 @@ +/* + * Copyright (c) 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5/gsskrb5_locl.h" + +RCSID("$Id: prf.c 20679 2007-05-14 03:12:05Z lha $"); + +OM_uint32 +_gsskrb5_pseudo_random(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + int prf_key, + const gss_buffer_t prf_in, + ssize_t desired_output_len, + gss_buffer_t prf_out) +{ + gsskrb5_ctx ctx = (gsskrb5_ctx)context_handle; + krb5_context context; + krb5_error_code ret; + krb5_crypto crypto; + krb5_data input, output; + uint32_t num; + unsigned char *p; + krb5_keyblock *key = NULL; + + if (ctx == NULL) { + *minor_status = 0; + return GSS_S_NO_CONTEXT; + } + + if (desired_output_len <= 0) { + *minor_status = 0; + return GSS_S_FAILURE; + } + + GSSAPI_KRB5_INIT (&context); + + switch(prf_key) { + case GSS_C_PRF_KEY_FULL: + _gsskrb5i_get_acceptor_subkey(ctx, context, &key); + case GSS_C_PRF_KEY_PARTIAL: + _gsskrb5i_get_initiator_subkey(ctx, context, &key); + break; + default: + _gsskrb5_set_status("unknown kerberos prf_key"); + *minor_status = 0; + return GSS_S_FAILURE; + } + + if (key == NULL) { + _gsskrb5_set_status("no prf_key found"); + *minor_status = 0; + return GSS_S_FAILURE; + } + + ret = krb5_crypto_init(context, key, 0, &crypto); + krb5_free_keyblock (context, key); + if (ret) { + *minor_status = ret; + return GSS_S_FAILURE; + } + + prf_out->value = malloc(desired_output_len); + if (prf_out->value == NULL) { + _gsskrb5_set_status("Out of memory"); + *minor_status = GSS_KRB5_S_KG_INPUT_TOO_LONG; + krb5_crypto_destroy(context, crypto); + return GSS_S_FAILURE; + } + prf_out->length = desired_output_len; + + HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); + + input.length = prf_in->length + 4; + input.data = malloc(prf_in->length + 4); + if (input.data == NULL) { + OM_uint32 junk; + _gsskrb5_set_status("Out of memory"); + *minor_status = GSS_KRB5_S_KG_INPUT_TOO_LONG; + gss_release_buffer(&junk, prf_out); + krb5_crypto_destroy(context, crypto); + HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); + return GSS_S_FAILURE; + } + memcpy(((unsigned char *)input.data) + 4, prf_in->value, prf_in->length); + + num = 0; + p = prf_out->value; + while(desired_output_len > 0) { + _gsskrb5_encode_om_uint32(num, input.data); + ret = krb5_crypto_prf(context, crypto, &input, &output); + if (ret) { + OM_uint32 junk; + *minor_status = ret; + free(input.data); + gss_release_buffer(&junk, prf_out); + krb5_crypto_destroy(context, crypto); + HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); + return GSS_S_FAILURE; + } + memcpy(p, output.data, min(desired_output_len, output.length)); + p += output.length; + desired_output_len -= output.length; + krb5_data_free(&output); + num++; + } + + krb5_crypto_destroy(context, crypto); + + HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); + + return GSS_S_COMPLETE; +} diff --git a/source4/heimdal/lib/gssapi/krb5/process_context_token.c b/source4/heimdal/lib/gssapi/krb5/process_context_token.c index 411d689635..15638f57fc 100644 --- a/source4/heimdal/lib/gssapi/krb5/process_context_token.c +++ b/source4/heimdal/lib/gssapi/krb5/process_context_token.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: process_context_token.c,v 1.5 2006/11/13 18:02:30 lha Exp $"); +RCSID("$Id: process_context_token.c 19031 2006-11-13 18:02:57Z lha $"); OM_uint32 _gsskrb5_process_context_token ( OM_uint32 *minor_status, diff --git a/source4/heimdal/lib/gssapi/krb5/release_buffer.c b/source4/heimdal/lib/gssapi/krb5/release_buffer.c index b62ad02117..5dff62631a 100644 --- a/source4/heimdal/lib/gssapi/krb5/release_buffer.c +++ b/source4/heimdal/lib/gssapi/krb5/release_buffer.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: release_buffer.c,v 1.7 2006/10/07 22:15:22 lha Exp $"); +RCSID("$Id: release_buffer.c 18334 2006-10-07 22:16:04Z lha $"); OM_uint32 _gsskrb5_release_buffer (OM_uint32 * minor_status, diff --git a/source4/heimdal/lib/gssapi/krb5/release_cred.c b/source4/heimdal/lib/gssapi/krb5/release_cred.c index f6d98b29c6..ab5695b097 100644 --- a/source4/heimdal/lib/gssapi/krb5/release_cred.c +++ b/source4/heimdal/lib/gssapi/krb5/release_cred.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: release_cred.c,v 1.14 2006/11/13 18:02:34 lha Exp $"); +RCSID("$Id: release_cred.c 20753 2007-05-31 22:50:06Z lha $"); OM_uint32 _gsskrb5_release_cred (OM_uint32 * minor_status, @@ -42,6 +42,7 @@ OM_uint32 _gsskrb5_release_cred { krb5_context context; gsskrb5_cred cred; + OM_uint32 junk; *minor_status = 0; @@ -67,7 +68,9 @@ OM_uint32 _gsskrb5_release_cred else krb5_cc_close(context, cred->ccache); } - _gsskrb5_release_oid_set(NULL, &cred->mechanisms); + gss_release_oid_set(&junk, &cred->mechanisms); + if (cred->enctypes) + free(cred->enctypes); HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex); HEIMDAL_MUTEX_destroy(&cred->cred_id_mutex); memset(cred, 0, sizeof(*cred)); diff --git a/source4/heimdal/lib/gssapi/krb5/release_name.c b/source4/heimdal/lib/gssapi/krb5/release_name.c index cc9c0934f7..a01a9a2a62 100644 --- a/source4/heimdal/lib/gssapi/krb5/release_name.c +++ b/source4/heimdal/lib/gssapi/krb5/release_name.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: release_name.c,v 1.11 2006/11/13 18:02:37 lha Exp $"); +RCSID("$Id: release_name.c 19031 2006-11-13 18:02:57Z lha $"); OM_uint32 _gsskrb5_release_name (OM_uint32 * minor_status, diff --git a/source4/heimdal/lib/gssapi/krb5/release_oid_set.c b/source4/heimdal/lib/gssapi/krb5/release_oid_set.c deleted file mode 100644 index a9f79a3082..0000000000 --- a/source4/heimdal/lib/gssapi/krb5/release_oid_set.c +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Copyright (c) 1997 - 2000, 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "krb5/gsskrb5_locl.h" - -RCSID("$Id: release_oid_set.c,v 1.7 2006/10/07 22:15:30 lha Exp $"); - -OM_uint32 _gsskrb5_release_oid_set - (OM_uint32 * minor_status, - gss_OID_set * set - ) -{ - if (minor_status) - *minor_status = 0; - free ((*set)->elements); - free (*set); - *set = GSS_C_NO_OID_SET; - return GSS_S_COMPLETE; -} diff --git a/source4/heimdal/lib/gssapi/krb5/sequence.c b/source4/heimdal/lib/gssapi/krb5/sequence.c index 3014edd04d..677a3c8d07 100755 --- a/source4/heimdal/lib/gssapi/krb5/sequence.c +++ b/source4/heimdal/lib/gssapi/krb5/sequence.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: sequence.c,v 1.8 2006/10/07 22:15:32 lha Exp $"); +RCSID("$Id: sequence.c 18334 2006-10-07 22:16:04Z lha $"); #define DEFAULT_JITTER_WINDOW 20 diff --git a/source4/heimdal/lib/gssapi/krb5/set_cred_option.c b/source4/heimdal/lib/gssapi/krb5/set_cred_option.c index 849760ee4a..d0ca1c4d95 100644 --- a/source4/heimdal/lib/gssapi/krb5/set_cred_option.c +++ b/source4/heimdal/lib/gssapi/krb5/set_cred_option.c @@ -32,7 +32,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: set_cred_option.c,v 1.5 2006/11/13 18:02:39 lha Exp $"); +RCSID("$Id: set_cred_option.c 20325 2007-04-12 16:49:17Z lha $"); static gss_OID_desc gss_krb5_import_cred_x_oid_desc = {9, (void *)"\x2b\x06\x01\x04\x01\xa9\x4a\x13\x04"}; /* XXX */ @@ -130,6 +130,78 @@ out: } +static OM_uint32 +allowed_enctypes(OM_uint32 *minor_status, + krb5_context context, + gss_cred_id_t *cred_handle, + const gss_buffer_t value) +{ + OM_uint32 major_stat; + krb5_error_code ret; + size_t len, i; + krb5_enctype *enctypes = NULL; + krb5_storage *sp = NULL; + gsskrb5_cred cred; + + if (cred_handle == NULL || *cred_handle == GSS_C_NO_CREDENTIAL) { + *minor_status = 0; + return GSS_S_FAILURE; + } + + cred = (gsskrb5_cred)*cred_handle; + + if ((value->length % 4) != 0) { + *minor_status = 0; + major_stat = GSS_S_FAILURE; + goto out; + } + + len = value->length / 4; + enctypes = malloc((len + 1) * 4); + if (enctypes == NULL) { + *minor_status = ENOMEM; + major_stat = GSS_S_FAILURE; + goto out; + } + + sp = krb5_storage_from_mem(value->value, value->length); + if (sp == NULL) { + *minor_status = ENOMEM; + major_stat = GSS_S_FAILURE; + goto out; + } + + for (i = 0; i < len; i++) { + uint32_t e; + + ret = krb5_ret_uint32(sp, &e); + if (ret) { + *minor_status = ret; + major_stat = GSS_S_FAILURE; + goto out; + } + enctypes[i] = e; + } + enctypes[i] = 0; + + if (cred->enctypes) + free(cred->enctypes); + cred->enctypes = enctypes; + + krb5_storage_free(sp); + + return GSS_S_COMPLETE; + +out: + if (sp) + krb5_storage_free(sp); + if (enctypes) + free(enctypes); + + return major_stat; +} + + OM_uint32 _gsskrb5_set_cred_option (OM_uint32 *minor_status, @@ -146,9 +218,11 @@ _gsskrb5_set_cred_option return GSS_S_FAILURE; } - if (gss_oid_equal(desired_object, GSS_KRB5_IMPORT_CRED_X)) { + if (gss_oid_equal(desired_object, GSS_KRB5_IMPORT_CRED_X)) return import_cred(minor_status, context, cred_handle, value); - } + + if (gss_oid_equal(desired_object, GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X)) + return allowed_enctypes(minor_status, context, cred_handle, value); *minor_status = EINVAL; return GSS_S_FAILURE; diff --git a/source4/heimdal/lib/gssapi/krb5/set_sec_context_option.c b/source4/heimdal/lib/gssapi/krb5/set_sec_context_option.c index 4a5f60ce94..50441a11ad 100644 --- a/source4/heimdal/lib/gssapi/krb5/set_sec_context_option.c +++ b/source4/heimdal/lib/gssapi/krb5/set_sec_context_option.c @@ -36,7 +36,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: set_sec_context_option.c,v 1.10 2006/12/14 11:02:16 lha Exp $"); +RCSID("$Id: set_sec_context_option.c 20384 2007-04-18 08:51:06Z lha $"); static OM_uint32 get_bool(OM_uint32 *minor_status, @@ -51,6 +51,25 @@ get_bool(OM_uint32 *minor_status, return GSS_S_COMPLETE; } +static OM_uint32 +get_string(OM_uint32 *minor_status, + const gss_buffer_t value, + char **str) +{ + if (value == NULL || value->length == 0) { + *str = NULL; + } else { + *str = malloc(value->length + 1); + if (*str == NULL) { + *minor_status = 0; + return GSS_S_UNAVAILABLE; + } + memcpy(*str, value->value, value->length); + (*str)[value->length] = '\0'; + } + return GSS_S_COMPLETE; +} + OM_uint32 _gsskrb5_set_sec_context_option (OM_uint32 *minor_status, @@ -103,17 +122,9 @@ _gsskrb5_set_sec_context_option } else if (gss_oid_equal(desired_object, GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X)) { char *str; - if (value == NULL || value->length == 0) { - str = NULL; - } else { - str = malloc(value->length + 1); - if (str) { - *minor_status = 0; - return GSS_S_UNAVAILABLE; - } - memcpy(str, value->value, value->length); - str[value->length] = '\0'; - } + maj_stat = get_string(minor_status, value, &str); + if (maj_stat != GSS_S_COMPLETE) + return maj_stat; _gsskrb5_register_acceptor_identity(str); free(str); @@ -124,17 +135,13 @@ _gsskrb5_set_sec_context_option } else if (gss_oid_equal(desired_object, GSS_KRB5_SET_DEFAULT_REALM_X)) { char *str; - if (value == NULL || value->length == 0) { - *minor_status = 0; - return GSS_S_CALL_INACCESSIBLE_READ; - } - str = malloc(value->length + 1); + maj_stat = get_string(minor_status, value, &str); + if (maj_stat != GSS_S_COMPLETE) + return maj_stat; if (str == NULL) { *minor_status = 0; - return GSS_S_UNAVAILABLE; + return GSS_S_CALL_INACCESSIBLE_READ; } - memcpy(str, value->value, value->length); - str[value->length] = '\0'; krb5_set_default_realm(context, str); free(str); @@ -161,8 +168,24 @@ _gsskrb5_set_sec_context_option *minor_status = 0; return GSS_S_COMPLETE; - } + } else if (gss_oid_equal(desired_object, GSS_KRB5_CCACHE_NAME_X)) { + char *str; + + maj_stat = get_string(minor_status, value, &str); + if (maj_stat != GSS_S_COMPLETE) + return maj_stat; + if (str == NULL) { + *minor_status = 0; + return GSS_S_CALL_INACCESSIBLE_READ; + } + *minor_status = krb5_cc_set_default_name(context, str); + free(str); + if (*minor_status) + return GSS_S_FAILURE; + + return GSS_S_COMPLETE; + } *minor_status = EINVAL; return GSS_S_FAILURE; diff --git a/source4/heimdal/lib/gssapi/krb5/test_oid_set_member.c b/source4/heimdal/lib/gssapi/krb5/test_oid_set_member.c deleted file mode 100644 index 5a0ac4418f..0000000000 --- a/source4/heimdal/lib/gssapi/krb5/test_oid_set_member.c +++ /dev/null @@ -1,55 +0,0 @@ -/* - * Copyright (c) 1997, 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "krb5/gsskrb5_locl.h" - -RCSID("$Id: test_oid_set_member.c,v 1.7 2006/10/07 22:15:50 lha Exp $"); - -OM_uint32 _gsskrb5_test_oid_set_member - (OM_uint32 * minor_status, - const gss_OID member, - const gss_OID_set set, - int * present - ) -{ - size_t i; - - *minor_status = 0; - *present = 0; - for (i = 0; i < set->count; ++i) - if (gss_oid_equal(member, &set->elements[i]) != 0) { - *present = 1; - break; - } - return GSS_S_COMPLETE; -} diff --git a/source4/heimdal/lib/gssapi/krb5/unwrap.c b/source4/heimdal/lib/gssapi/krb5/unwrap.c index 3dd7618561..d0a33d86fb 100644 --- a/source4/heimdal/lib/gssapi/krb5/unwrap.c +++ b/source4/heimdal/lib/gssapi/krb5/unwrap.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: unwrap.c,v 1.39 2006/11/13 18:02:51 lha Exp $"); +RCSID("$Id: unwrap.c 19031 2006-11-13 18:02:57Z lha $"); static OM_uint32 unwrap_des diff --git a/source4/heimdal/lib/gssapi/krb5/verify_mic.c b/source4/heimdal/lib/gssapi/krb5/verify_mic.c index 29b3a7f4bb..52381afcc2 100644 --- a/source4/heimdal/lib/gssapi/krb5/verify_mic.c +++ b/source4/heimdal/lib/gssapi/krb5/verify_mic.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: verify_mic.c,v 1.37 2006/11/13 18:02:54 lha Exp $"); +RCSID("$Id: verify_mic.c 19031 2006-11-13 18:02:57Z lha $"); static OM_uint32 verify_mic_des diff --git a/source4/heimdal/lib/gssapi/krb5/wrap.c b/source4/heimdal/lib/gssapi/krb5/wrap.c index 79cfb48ed2..d41379870a 100644 --- a/source4/heimdal/lib/gssapi/krb5/wrap.c +++ b/source4/heimdal/lib/gssapi/krb5/wrap.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: wrap.c,v 1.39 2006/11/14 09:49:56 lha Exp $"); +RCSID("$Id: wrap.c 19035 2006-11-14 09:49:56Z lha $"); /* * Return initiator subkey, or if that doesn't exists, the subkey. |