summaryrefslogtreecommitdiff
path: root/source4/heimdal/lib/gssapi/spnego
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2009-06-08 19:06:16 +1000
committerAndrew Bartlett <abartlet@samba.org>2009-06-12 07:45:48 +1000
commit9b261c008a395a323e0516f4cd3f3134aa050577 (patch)
tree91cf543ba7ccd560313bea52fa8678f0456e8485 /source4/heimdal/lib/gssapi/spnego
parent5cef57ff7d899773a084d23838b7f18a83f6e79d (diff)
downloadsamba-9b261c008a395a323e0516f4cd3f3134aa050577.tar.gz
samba-9b261c008a395a323e0516f4cd3f3134aa050577.tar.bz2
samba-9b261c008a395a323e0516f4cd3f3134aa050577.zip
s4:heimdal: import lorikeet-heimdal-200906080040 (commit 904d0124b46eed7a8ad6e5b73e892ff34b6865ba)
Also including the supporting changes required to pass make test A number of heimdal functions and constants have changed since we last imported a tree (for the better, but inconvenient for us). Andrew Bartlett
Diffstat (limited to 'source4/heimdal/lib/gssapi/spnego')
-rw-r--r--source4/heimdal/lib/gssapi/spnego/accept_sec_context.c6
-rw-r--r--source4/heimdal/lib/gssapi/spnego/compat.c2
-rw-r--r--source4/heimdal/lib/gssapi/spnego/context_stubs.c127
-rw-r--r--source4/heimdal/lib/gssapi/spnego/cred_stubs.c2
-rw-r--r--source4/heimdal/lib/gssapi/spnego/external.c4
-rw-r--r--source4/heimdal/lib/gssapi/spnego/init_sec_context.c73
-rw-r--r--source4/heimdal/lib/gssapi/spnego/spnego_locl.h9
7 files changed, 48 insertions, 175 deletions
diff --git a/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c b/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c
index cabd806fbf..158126d99f 100644
--- a/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c
+++ b/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
-#include "spnego/spnego_locl.h"
+#include "spnego_locl.h"
RCSID("$Id$");
@@ -494,7 +494,7 @@ acceptor_complete(OM_uint32 * minor_status,
*get_mic = 1;
}
- if (verify_mic || get_mic) {
+ if (verify_mic || *get_mic) {
int eret;
size_t buf_len;
@@ -512,7 +512,7 @@ acceptor_complete(OM_uint32 * minor_status,
if (verify_mic) {
ret = verify_mechlist_mic(minor_status, ctx, mech_buf, mic);
if (ret) {
- if (get_mic)
+ if (*get_mic)
send_reject (minor_status, output_token);
if (buf.value)
free(buf.value);
diff --git a/source4/heimdal/lib/gssapi/spnego/compat.c b/source4/heimdal/lib/gssapi/spnego/compat.c
index 67d9b202a7..ee25b59435 100644
--- a/source4/heimdal/lib/gssapi/spnego/compat.c
+++ b/source4/heimdal/lib/gssapi/spnego/compat.c
@@ -30,7 +30,7 @@
* SUCH DAMAGE.
*/
-#include "spnego/spnego_locl.h"
+#include "spnego_locl.h"
RCSID("$Id$");
diff --git a/source4/heimdal/lib/gssapi/spnego/context_stubs.c b/source4/heimdal/lib/gssapi/spnego/context_stubs.c
index 5bc1a48656..1998c44edf 100644
--- a/source4/heimdal/lib/gssapi/spnego/context_stubs.c
+++ b/source4/heimdal/lib/gssapi/spnego/context_stubs.c
@@ -30,7 +30,7 @@
* SUCH DAMAGE.
*/
-#include "spnego/spnego_locl.h"
+#include "spnego_locl.h"
RCSID("$Id$");
@@ -62,6 +62,7 @@ spnego_supported_mechs(OM_uint32 *minor_status, gss_OID_set *mechs)
return ret;
}
}
+ gss_release_oid_set(&junk, &m);
return ret;
}
@@ -598,7 +599,7 @@ out:
gss_release_oid_set(&junk, &mechs);
- return GSS_S_COMPLETE;
+ return ret;
}
OM_uint32 _gss_spnego_inquire_mechs_for_name (
@@ -642,128 +643,6 @@ OM_uint32 _gss_spnego_duplicate_name (
return gss_duplicate_name(minor_status, src_name, dest_name);
}
-OM_uint32 _gss_spnego_sign
- (OM_uint32 * minor_status,
- gss_ctx_id_t context_handle,
- int qop_req,
- gss_buffer_t message_buffer,
- gss_buffer_t message_token
- )
-{
- gssspnego_ctx ctx;
-
- *minor_status = 0;
-
- if (context_handle == GSS_C_NO_CONTEXT) {
- return GSS_S_NO_CONTEXT;
- }
-
- ctx = (gssspnego_ctx)context_handle;
-
- if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
- return GSS_S_NO_CONTEXT;
- }
-
- return gss_sign(minor_status,
- ctx->negotiated_ctx_id,
- qop_req,
- message_buffer,
- message_token);
-}
-
-OM_uint32 _gss_spnego_verify
- (OM_uint32 * minor_status,
- gss_ctx_id_t context_handle,
- gss_buffer_t message_buffer,
- gss_buffer_t token_buffer,
- int * qop_state
- )
-{
- gssspnego_ctx ctx;
-
- *minor_status = 0;
-
- if (context_handle == GSS_C_NO_CONTEXT) {
- return GSS_S_NO_CONTEXT;
- }
-
- ctx = (gssspnego_ctx)context_handle;
-
- if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
- return GSS_S_NO_CONTEXT;
- }
-
- return gss_verify(minor_status,
- ctx->negotiated_ctx_id,
- message_buffer,
- token_buffer,
- qop_state);
-}
-
-OM_uint32 _gss_spnego_seal
- (OM_uint32 * minor_status,
- gss_ctx_id_t context_handle,
- int conf_req_flag,
- int qop_req,
- gss_buffer_t input_message_buffer,
- int * conf_state,
- gss_buffer_t output_message_buffer
- )
-{
- gssspnego_ctx ctx;
-
- *minor_status = 0;
-
- if (context_handle == GSS_C_NO_CONTEXT) {
- return GSS_S_NO_CONTEXT;
- }
-
- ctx = (gssspnego_ctx)context_handle;
-
- if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
- return GSS_S_NO_CONTEXT;
- }
-
- return gss_seal(minor_status,
- ctx->negotiated_ctx_id,
- conf_req_flag,
- qop_req,
- input_message_buffer,
- conf_state,
- output_message_buffer);
-}
-
-OM_uint32 _gss_spnego_unseal
- (OM_uint32 * minor_status,
- gss_ctx_id_t context_handle,
- gss_buffer_t input_message_buffer,
- gss_buffer_t output_message_buffer,
- int * conf_state,
- int * qop_state
- )
-{
- gssspnego_ctx ctx;
-
- *minor_status = 0;
-
- if (context_handle == GSS_C_NO_CONTEXT) {
- return GSS_S_NO_CONTEXT;
- }
-
- ctx = (gssspnego_ctx)context_handle;
-
- if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
- return GSS_S_NO_CONTEXT;
- }
-
- return gss_unseal(minor_status,
- ctx->negotiated_ctx_id,
- input_message_buffer,
- output_message_buffer,
- conf_state,
- qop_state);
-}
-
#if 0
OM_uint32 _gss_spnego_unwrap_ex
(OM_uint32 * minor_status,
diff --git a/source4/heimdal/lib/gssapi/spnego/cred_stubs.c b/source4/heimdal/lib/gssapi/spnego/cred_stubs.c
index f6b3fecaa0..a3a984e22c 100644
--- a/source4/heimdal/lib/gssapi/spnego/cred_stubs.c
+++ b/source4/heimdal/lib/gssapi/spnego/cred_stubs.c
@@ -30,7 +30,7 @@
* SUCH DAMAGE.
*/
-#include "spnego/spnego_locl.h"
+#include "spnego_locl.h"
RCSID("$Id$");
diff --git a/source4/heimdal/lib/gssapi/spnego/external.c b/source4/heimdal/lib/gssapi/spnego/external.c
index 02404237a7..2dc809bbba 100644
--- a/source4/heimdal/lib/gssapi/spnego/external.c
+++ b/source4/heimdal/lib/gssapi/spnego/external.c
@@ -30,7 +30,7 @@
* SUCH DAMAGE.
*/
-#include "spnego/spnego_locl.h"
+#include "spnego_locl.h"
#include <gssapi_mech.h>
RCSID("$Id$");
@@ -71,7 +71,7 @@ static gssapi_mech_interface_desc spnego_mech = {
_gss_spnego_inquire_cred_by_mech,
_gss_spnego_export_sec_context,
_gss_spnego_import_sec_context,
- _gss_spnego_inquire_names_for_mech,
+ NULL /* _gss_spnego_inquire_names_for_mech */,
_gss_spnego_inquire_mechs_for_name,
_gss_spnego_canonicalize_name,
_gss_spnego_duplicate_name,
diff --git a/source4/heimdal/lib/gssapi/spnego/init_sec_context.c b/source4/heimdal/lib/gssapi/spnego/init_sec_context.c
index 7a5814413b..ac32432d55 100644
--- a/source4/heimdal/lib/gssapi/spnego/init_sec_context.c
+++ b/source4/heimdal/lib/gssapi/spnego/init_sec_context.c
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
-#include "spnego/spnego_locl.h"
+#include "spnego_locl.h"
RCSID("$Id$");
@@ -392,8 +392,7 @@ spnego_reply
)
{
OM_uint32 ret, minor;
- NegTokenResp resp;
- size_t len, taglen;
+ NegotiationToken resp;
gss_OID_desc mech;
int require_mic;
size_t buf_len;
@@ -414,27 +413,23 @@ spnego_reply
mech_buf.value = NULL;
mech_buf.length = 0;
- ret = der_match_tag_and_length(input_token->value, input_token->length,
- ASN1_C_CONTEXT, CONS, 1, &len, &taglen);
+ ret = decode_NegotiationToken(input_token->value, input_token->length,
+ &resp, NULL);
if (ret)
- return ret;
+ return ret;
- if (len > input_token->length - taglen)
- return ASN1_OVERRUN;
-
- ret = decode_NegTokenResp((const unsigned char *)input_token->value+taglen,
- len, &resp, NULL);
- if (ret) {
- *minor_status = ENOMEM;
- return GSS_S_FAILURE;
+ if (resp.element != choice_NegotiationToken_negTokenResp) {
+ free_NegotiationToken(&resp);
+ *minor_status = 0;
+ return GSS_S_BAD_MECH;
}
- if (resp.negResult == NULL
- || *(resp.negResult) == reject
- /* || resp.supportedMech == NULL */
+ if (resp.u.negTokenResp.negResult == NULL
+ || *(resp.u.negTokenResp.negResult) == reject
+ /* || resp.u.negTokenResp.supportedMech == NULL */
)
{
- free_NegTokenResp(&resp);
+ free_NegotiationToken(&resp);
return GSS_S_BAD_MECH;
}
@@ -445,16 +440,16 @@ spnego_reply
HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
- if (resp.supportedMech) {
+ if (resp.u.negTokenResp.supportedMech) {
if (ctx->oidlen) {
- free_NegTokenResp(&resp);
+ free_NegotiationToken(&resp);
HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
return GSS_S_BAD_MECH;
}
ret = der_put_oid(ctx->oidbuf + sizeof(ctx->oidbuf) - 1,
sizeof(ctx->oidbuf),
- resp.supportedMech,
+ resp.u.negTokenResp.supportedMech,
&ctx->oidlen);
/* Avoid recursively embedded SPNEGO */
if (ret || (ctx->oidlen == GSS_SPNEGO_MECHANISM->length &&
@@ -462,7 +457,7 @@ spnego_reply
GSS_SPNEGO_MECHANISM->elements,
ctx->oidlen) == 0))
{
- free_NegTokenResp(&resp);
+ free_NegotiationToken(&resp);
HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
return GSS_S_BAD_MECH;
}
@@ -478,19 +473,19 @@ spnego_reply
ctx->negotiated_ctx_id = GSS_C_NO_CONTEXT;
}
} else if (ctx->oidlen == 0) {
- free_NegTokenResp(&resp);
+ free_NegotiationToken(&resp);
HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
return GSS_S_BAD_MECH;
}
/* if a token (of non zero length), or no context, pass to underlaying mech */
- if ((resp.responseToken != NULL && resp.responseToken->length) ||
+ if ((resp.u.negTokenResp.responseToken != NULL && resp.u.negTokenResp.responseToken->length) ||
ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
gss_buffer_desc mech_input_token;
- if (resp.responseToken) {
- mech_input_token.length = resp.responseToken->length;
- mech_input_token.value = resp.responseToken->data;
+ if (resp.u.negTokenResp.responseToken) {
+ mech_input_token.length = resp.u.negTokenResp.responseToken->length;
+ mech_input_token.value = resp.u.negTokenResp.responseToken->data;
} else {
mech_input_token.length = 0;
mech_input_token.value = NULL;
@@ -518,7 +513,7 @@ spnego_reply
&ctx->mech_time_rec);
if (GSS_ERROR(ret)) {
HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
- free_NegTokenResp(&resp);
+ free_NegotiationToken(&resp);
gss_mg_collect_error(&mech, ret, minor);
*minor_status = minor;
return ret;
@@ -526,12 +521,12 @@ spnego_reply
if (ret == GSS_S_COMPLETE) {
ctx->open = 1;
}
- } else if (*(resp.negResult) == accept_completed) {
+ } else if (*(resp.u.negTokenResp.negResult) == accept_completed) {
if (ctx->maybe_open)
ctx->open = 1;
}
- if (*(resp.negResult) == request_mic) {
+ if (*(resp.u.negTokenResp.negResult) == request_mic) {
ctx->require_mic = 1;
}
@@ -540,14 +535,14 @@ spnego_reply
* Verify the mechListMIC if one was provided or CFX was
* used and a non-preferred mechanism was selected
*/
- if (resp.mechListMIC != NULL) {
+ if (resp.u.negTokenResp.mechListMIC != NULL) {
require_mic = 1;
} else {
ret = _gss_spnego_require_mechlist_mic(minor_status, ctx,
&require_mic);
if (ret) {
HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
- free_NegTokenResp(&resp);
+ free_NegotiationToken(&resp);
gss_release_buffer(&minor, &mech_output_token);
return ret;
}
@@ -561,7 +556,7 @@ spnego_reply
&ctx->initiator_mech_types, &buf_len, ret);
if (ret) {
HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
- free_NegTokenResp(&resp);
+ free_NegotiationToken(&resp);
gss_release_buffer(&minor, &mech_output_token);
*minor_status = ret;
return GSS_S_FAILURE;
@@ -569,15 +564,15 @@ spnego_reply
if (mech_buf.length != buf_len)
abort();
- if (resp.mechListMIC == NULL) {
+ if (resp.u.negTokenResp.mechListMIC == NULL) {
HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
free(mech_buf.value);
- free_NegTokenResp(&resp);
+ free_NegotiationToken(&resp);
*minor_status = 0;
return GSS_S_DEFECTIVE_TOKEN;
}
- mic_buf.length = resp.mechListMIC->length;
- mic_buf.value = resp.mechListMIC->data;
+ mic_buf.length = resp.u.negTokenResp.mechListMIC->length;
+ mic_buf.value = resp.u.negTokenResp.mechListMIC->data;
if (mech_output_token.length == 0) {
ret = gss_verify_mic(minor_status,
@@ -589,7 +584,7 @@ spnego_reply
HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
free(mech_buf.value);
gss_release_buffer(&minor, &mech_output_token);
- free_NegTokenResp(&resp);
+ free_NegotiationToken(&resp);
return GSS_S_DEFECTIVE_TOKEN;
}
ctx->verified_mic = 1;
@@ -604,7 +599,7 @@ spnego_reply
if (mech_buf.value != NULL)
free(mech_buf.value);
- free_NegTokenResp(&resp);
+ free_NegotiationToken(&resp);
gss_release_buffer(&minor, &mech_output_token);
if (actual_mech_type)
diff --git a/source4/heimdal/lib/gssapi/spnego/spnego_locl.h b/source4/heimdal/lib/gssapi/spnego/spnego_locl.h
index 8344e750ae..44fa8b117d 100644
--- a/source4/heimdal/lib/gssapi/spnego/spnego_locl.h
+++ b/source4/heimdal/lib/gssapi/spnego/spnego_locl.h
@@ -35,9 +35,7 @@
#ifndef SPNEGO_LOCL_H
#define SPNEGO_LOCL_H
-#ifdef HAVE_CONFIG_H
#include <config.h>
-#endif
#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
@@ -50,8 +48,9 @@
#include <pthread.h>
#endif
-#include <gssapi/gssapi_spnego.h>
#include <gssapi.h>
+#include <gssapi_krb5.h>
+#include <gssapi_spnego.h>
#include <assert.h>
#include <stdlib.h>
#include <string.h>
@@ -67,7 +66,7 @@
#include <gssapi_mech.h>
#include "spnego_asn1.h"
-#include "mech/utils.h"
+#include "utils.h"
#include <der.h>
#include <roken.h>
@@ -109,6 +108,6 @@ typedef struct {
extern gss_OID_desc _gss_spnego_mskrb_mechanism_oid_desc;
extern gss_OID_desc _gss_spnego_krb5_mechanism_oid_desc;
-#include <spnego/spnego-private.h>
+#include <spnego-private.h>
#endif /* SPNEGO_LOCL_H */