summaryrefslogtreecommitdiff
path: root/source4/heimdal/lib/gssapi/krb5/cfx.c
diff options
context:
space:
mode:
Diffstat (limited to 'source4/heimdal/lib/gssapi/krb5/cfx.c')
-rwxr-xr-xsource4/heimdal/lib/gssapi/krb5/cfx.c133
1 files changed, 62 insertions, 71 deletions
diff --git a/source4/heimdal/lib/gssapi/krb5/cfx.c b/source4/heimdal/lib/gssapi/krb5/cfx.c
index cb3f9ee5d3..e75fe5da9d 100755
--- a/source4/heimdal/lib/gssapi/krb5/cfx.c
+++ b/source4/heimdal/lib/gssapi/krb5/cfx.c
@@ -32,7 +32,7 @@
#include "krb5/gsskrb5_locl.h"
-RCSID("$Id: cfx.c,v 1.24 2006/10/24 21:13:22 lha Exp $");
+RCSID("$Id: cfx.c,v 1.25 2006/11/13 18:01:14 lha Exp $");
/*
* Implementation of draft-ietf-krb-wg-gssapi-cfx-06.txt
@@ -43,7 +43,8 @@ RCSID("$Id: cfx.c,v 1.24 2006/10/24 21:13:22 lha Exp $");
#define CFXAcceptorSubkey (1 << 2)
krb5_error_code
-_gsskrb5cfx_wrap_length_cfx(krb5_crypto crypto,
+_gsskrb5cfx_wrap_length_cfx(krb5_context context,
+ krb5_crypto crypto,
int conf_req_flag,
size_t input_length,
size_t *output_length,
@@ -57,11 +58,11 @@ _gsskrb5cfx_wrap_length_cfx(krb5_crypto crypto,
*output_length = sizeof(gss_cfx_wrap_token_desc);
*padlength = 0;
- ret = krb5_crypto_get_checksum_type(_gsskrb5_context, crypto, &type);
+ ret = krb5_crypto_get_checksum_type(context, crypto, &type);
if (ret)
return ret;
- ret = krb5_checksumsize(_gsskrb5_context, type, cksumsize);
+ ret = krb5_checksumsize(context, type, cksumsize);
if (ret)
return ret;
@@ -71,7 +72,7 @@ _gsskrb5cfx_wrap_length_cfx(krb5_crypto crypto,
/* Header is concatenated with data before encryption */
input_length += sizeof(gss_cfx_wrap_token_desc);
- ret = krb5_crypto_getpadsize(_gsskrb5_context, crypto, &padsize);
+ ret = krb5_crypto_getpadsize(context, crypto, &padsize);
if (ret) {
return ret;
}
@@ -83,7 +84,7 @@ _gsskrb5cfx_wrap_length_cfx(krb5_crypto crypto,
input_length += *padlength;
}
- *output_length += krb5_get_wrapped_length(_gsskrb5_context,
+ *output_length += krb5_get_wrapped_length(context,
crypto, input_length);
} else {
/* Checksum is concatenated with data */
@@ -96,7 +97,8 @@ _gsskrb5cfx_wrap_length_cfx(krb5_crypto crypto,
}
krb5_error_code
-_gsskrb5cfx_max_wrap_length_cfx(krb5_crypto crypto,
+_gsskrb5cfx_max_wrap_length_cfx(krb5_context context,
+ krb5_crypto crypto,
int conf_req_flag,
size_t input_length,
OM_uint32 *output_length)
@@ -116,7 +118,7 @@ _gsskrb5cfx_max_wrap_length_cfx(krb5_crypto crypto,
wrapped_size = input_length + 1;
do {
wrapped_size--;
- sz = krb5_get_wrapped_length(_gsskrb5_context,
+ sz = krb5_get_wrapped_length(context,
crypto, wrapped_size);
} while (wrapped_size && sz > input_length);
if (wrapped_size == 0) {
@@ -136,11 +138,11 @@ _gsskrb5cfx_max_wrap_length_cfx(krb5_crypto crypto,
krb5_cksumtype type;
size_t cksumsize;
- ret = krb5_crypto_get_checksum_type(_gsskrb5_context, crypto, &type);
+ ret = krb5_crypto_get_checksum_type(context, crypto, &type);
if (ret)
return ret;
- ret = krb5_checksumsize(_gsskrb5_context, type, &cksumsize);
+ ret = krb5_checksumsize(context, type, &cksumsize);
if (ret)
return ret;
@@ -157,6 +159,7 @@ _gsskrb5cfx_max_wrap_length_cfx(krb5_crypto crypto,
OM_uint32 _gssapi_wrap_size_cfx(OM_uint32 *minor_status,
const gsskrb5_ctx context_handle,
+ krb5_context context,
int conf_req_flag,
gss_qop_t qop_req,
OM_uint32 req_output_size,
@@ -166,23 +169,21 @@ OM_uint32 _gssapi_wrap_size_cfx(OM_uint32 *minor_status,
krb5_error_code ret;
krb5_crypto crypto;
- ret = krb5_crypto_init(_gsskrb5_context, key, 0, &crypto);
+ ret = krb5_crypto_init(context, key, 0, &crypto);
if (ret != 0) {
- _gsskrb5_set_error_string();
*minor_status = ret;
return GSS_S_FAILURE;
}
- ret = _gsskrb5cfx_max_wrap_length_cfx(crypto, conf_req_flag,
+ ret = _gsskrb5cfx_max_wrap_length_cfx(context, crypto, conf_req_flag,
req_output_size, max_input_size);
if (ret != 0) {
- _gsskrb5_set_error_string();
*minor_status = ret;
- krb5_crypto_destroy(_gsskrb5_context, crypto);
+ krb5_crypto_destroy(context, crypto);
return GSS_S_FAILURE;
}
- krb5_crypto_destroy(_gsskrb5_context, crypto);
+ krb5_crypto_destroy(context, crypto);
return GSS_S_COMPLETE;
}
@@ -233,6 +234,7 @@ rrc_rotate(void *data, size_t len, uint16_t rrc, krb5_boolean unrotate)
OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status,
const gsskrb5_ctx context_handle,
+ krb5_context context,
int conf_req_flag,
gss_qop_t qop_req,
const gss_buffer_t input_message_buffer,
@@ -250,20 +252,19 @@ OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status,
int32_t seq_number;
u_char *p;
- ret = krb5_crypto_init(_gsskrb5_context, key, 0, &crypto);
+ ret = krb5_crypto_init(context, key, 0, &crypto);
if (ret != 0) {
- _gsskrb5_set_error_string();
*minor_status = ret;
return GSS_S_FAILURE;
}
- ret = _gsskrb5cfx_wrap_length_cfx(crypto, conf_req_flag,
+ ret = _gsskrb5cfx_wrap_length_cfx(context,
+ crypto, conf_req_flag,
input_message_buffer->length,
&wrapped_len, &cksumsize, &padlength);
if (ret != 0) {
- _gsskrb5_set_error_string();
*minor_status = ret;
- krb5_crypto_destroy(_gsskrb5_context, crypto);
+ krb5_crypto_destroy(context, crypto);
return GSS_S_FAILURE;
}
@@ -274,7 +275,7 @@ OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status,
output_message_buffer->value = malloc(output_message_buffer->length);
if (output_message_buffer->value == NULL) {
*minor_status = ENOMEM;
- krb5_crypto_destroy(_gsskrb5_context, crypto);
+ krb5_crypto_destroy(context, crypto);
return GSS_S_FAILURE;
}
@@ -324,12 +325,12 @@ OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status,
token->RRC[1] = 0;
HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
- krb5_auth_con_getlocalseqnumber(_gsskrb5_context,
+ krb5_auth_con_getlocalseqnumber(context,
context_handle->auth_context,
&seq_number);
_gsskrb5_encode_be_om_uint32(0, &token->SND_SEQ[0]);
_gsskrb5_encode_be_om_uint32(seq_number, &token->SND_SEQ[4]);
- krb5_auth_con_setlocalseqnumber(_gsskrb5_context,
+ krb5_auth_con_setlocalseqnumber(context,
context_handle->auth_context,
++seq_number);
HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
@@ -364,15 +365,14 @@ OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status,
memcpy(p + input_message_buffer->length + padlength,
token, sizeof(*token));
- ret = krb5_encrypt(_gsskrb5_context, crypto,
+ ret = krb5_encrypt(context, crypto,
usage, p,
input_message_buffer->length + padlength +
sizeof(*token),
&cipher);
if (ret != 0) {
- _gsskrb5_set_error_string();
*minor_status = ret;
- krb5_crypto_destroy(_gsskrb5_context, crypto);
+ krb5_crypto_destroy(context, crypto);
_gsskrb5_release_buffer(minor_status, output_message_buffer);
return GSS_S_FAILURE;
}
@@ -382,9 +382,8 @@ OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status,
ret = rrc_rotate(cipher.data, cipher.length, rrc, FALSE);
if (ret != 0) {
- _gsskrb5_set_error_string();
*minor_status = ret;
- krb5_crypto_destroy(_gsskrb5_context, crypto);
+ krb5_crypto_destroy(context, crypto);
_gsskrb5_release_buffer(minor_status, output_message_buffer);
return GSS_S_FAILURE;
}
@@ -397,22 +396,21 @@ OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status,
buf = malloc(input_message_buffer->length + sizeof(*token));
if (buf == NULL) {
*minor_status = ENOMEM;
- krb5_crypto_destroy(_gsskrb5_context, crypto);
+ krb5_crypto_destroy(context, crypto);
_gsskrb5_release_buffer(minor_status, output_message_buffer);
return GSS_S_FAILURE;
}
memcpy(buf, input_message_buffer->value, input_message_buffer->length);
memcpy(buf + input_message_buffer->length, token, sizeof(*token));
- ret = krb5_create_checksum(_gsskrb5_context, crypto,
+ ret = krb5_create_checksum(context, crypto,
usage, 0, buf,
input_message_buffer->length +
sizeof(*token),
&cksum);
if (ret != 0) {
- _gsskrb5_set_error_string();
*minor_status = ret;
- krb5_crypto_destroy(_gsskrb5_context, crypto);
+ krb5_crypto_destroy(context, crypto);
_gsskrb5_release_buffer(minor_status, output_message_buffer);
free(buf);
return GSS_S_FAILURE;
@@ -434,9 +432,8 @@ OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status,
ret = rrc_rotate(p,
input_message_buffer->length + cksum.checksum.length, rrc, FALSE);
if (ret != 0) {
- _gsskrb5_set_error_string();
*minor_status = ret;
- krb5_crypto_destroy(_gsskrb5_context, crypto);
+ krb5_crypto_destroy(context, crypto);
_gsskrb5_release_buffer(minor_status, output_message_buffer);
free_Checksum(&cksum);
return GSS_S_FAILURE;
@@ -444,7 +441,7 @@ OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status,
free_Checksum(&cksum);
}
- krb5_crypto_destroy(_gsskrb5_context, crypto);
+ krb5_crypto_destroy(context, crypto);
if (conf_state != NULL) {
*conf_state = conf_req_flag;
@@ -456,6 +453,7 @@ OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status,
OM_uint32 _gssapi_unwrap_cfx(OM_uint32 *minor_status,
const gsskrb5_ctx context_handle,
+ krb5_context context,
const gss_buffer_t input_message_buffer,
gss_buffer_t output_message_buffer,
int *conf_state,
@@ -539,9 +537,8 @@ OM_uint32 _gssapi_unwrap_cfx(OM_uint32 *minor_status,
/*
* Decrypt and/or verify checksum
*/
- ret = krb5_crypto_init(_gsskrb5_context, key, 0, &crypto);
+ ret = krb5_crypto_init(context, key, 0, &crypto);
if (ret != 0) {
- _gsskrb5_set_error_string();
*minor_status = ret;
return GSS_S_FAILURE;
}
@@ -559,23 +556,22 @@ OM_uint32 _gssapi_unwrap_cfx(OM_uint32 *minor_status,
/* Rotate by RRC; bogus to do this in-place XXX */
*minor_status = rrc_rotate(p, len, rrc, TRUE);
if (*minor_status != 0) {
- krb5_crypto_destroy(_gsskrb5_context, crypto);
+ krb5_crypto_destroy(context, crypto);
return GSS_S_FAILURE;
}
if (token_flags & CFXSealed) {
- ret = krb5_decrypt(_gsskrb5_context, crypto, usage,
+ ret = krb5_decrypt(context, crypto, usage,
p, len, &data);
if (ret != 0) {
- _gsskrb5_set_error_string();
*minor_status = ret;
- krb5_crypto_destroy(_gsskrb5_context, crypto);
+ krb5_crypto_destroy(context, crypto);
return GSS_S_BAD_MIC;
}
/* Check that there is room for the pad and token header */
if (data.length < ec + sizeof(*token)) {
- krb5_crypto_destroy(_gsskrb5_context, crypto);
+ krb5_crypto_destroy(context, crypto);
krb5_data_free(&data);
return GSS_S_DEFECTIVE_TOKEN;
}
@@ -588,7 +584,7 @@ OM_uint32 _gssapi_unwrap_cfx(OM_uint32 *minor_status,
/* Check the integrity of the header */
if (memcmp(p, token, sizeof(*token)) != 0) {
- krb5_crypto_destroy(_gsskrb5_context, crypto);
+ krb5_crypto_destroy(context, crypto);
krb5_data_free(&data);
return GSS_S_BAD_MIC;
}
@@ -599,12 +595,11 @@ OM_uint32 _gssapi_unwrap_cfx(OM_uint32 *minor_status,
Checksum cksum;
/* Determine checksum type */
- ret = krb5_crypto_get_checksum_type(_gsskrb5_context,
+ ret = krb5_crypto_get_checksum_type(context,
crypto, &cksum.cksumtype);
if (ret != 0) {
- _gsskrb5_set_error_string();
*minor_status = ret;
- krb5_crypto_destroy(_gsskrb5_context, crypto);
+ krb5_crypto_destroy(context, crypto);
return GSS_S_FAILURE;
}
@@ -613,7 +608,7 @@ OM_uint32 _gssapi_unwrap_cfx(OM_uint32 *minor_status,
/* Check we have at least as much data as the checksum */
if (len < cksum.checksum.length) {
*minor_status = ERANGE;
- krb5_crypto_destroy(_gsskrb5_context, crypto);
+ krb5_crypto_destroy(context, crypto);
return GSS_S_BAD_MIC;
}
@@ -625,7 +620,7 @@ OM_uint32 _gssapi_unwrap_cfx(OM_uint32 *minor_status,
output_message_buffer->value = malloc(len + sizeof(*token));
if (output_message_buffer->value == NULL) {
*minor_status = ENOMEM;
- krb5_crypto_destroy(_gsskrb5_context, crypto);
+ krb5_crypto_destroy(context, crypto);
return GSS_S_FAILURE;
}
@@ -642,21 +637,20 @@ OM_uint32 _gssapi_unwrap_cfx(OM_uint32 *minor_status,
token->RRC[0] = 0;
token->RRC[1] = 0;
- ret = krb5_verify_checksum(_gsskrb5_context, crypto,
+ ret = krb5_verify_checksum(context, crypto,
usage,
output_message_buffer->value,
len + sizeof(*token),
&cksum);
if (ret != 0) {
- _gsskrb5_set_error_string();
*minor_status = ret;
- krb5_crypto_destroy(_gsskrb5_context, crypto);
+ krb5_crypto_destroy(context, crypto);
_gsskrb5_release_buffer(minor_status, output_message_buffer);
return GSS_S_BAD_MIC;
}
}
- krb5_crypto_destroy(_gsskrb5_context, crypto);
+ krb5_crypto_destroy(context, crypto);
if (qop_state != NULL) {
*qop_state = GSS_C_QOP_DEFAULT;
@@ -668,6 +662,7 @@ OM_uint32 _gssapi_unwrap_cfx(OM_uint32 *minor_status,
OM_uint32 _gssapi_mic_cfx(OM_uint32 *minor_status,
const gsskrb5_ctx context_handle,
+ krb5_context context,
gss_qop_t qop_req,
const gss_buffer_t message_buffer,
gss_buffer_t message_token,
@@ -682,9 +677,8 @@ OM_uint32 _gssapi_mic_cfx(OM_uint32 *minor_status,
size_t len;
int32_t seq_number;
- ret = krb5_crypto_init(_gsskrb5_context, key, 0, &crypto);
+ ret = krb5_crypto_init(context, key, 0, &crypto);
if (ret != 0) {
- _gsskrb5_set_error_string();
*minor_status = ret;
return GSS_S_FAILURE;
}
@@ -693,7 +687,7 @@ OM_uint32 _gssapi_mic_cfx(OM_uint32 *minor_status,
buf = malloc(len);
if (buf == NULL) {
*minor_status = ENOMEM;
- krb5_crypto_destroy(_gsskrb5_context, crypto);
+ krb5_crypto_destroy(context, crypto);
return GSS_S_FAILURE;
}
@@ -710,12 +704,12 @@ OM_uint32 _gssapi_mic_cfx(OM_uint32 *minor_status,
memset(token->Filler, 0xFF, 5);
HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
- krb5_auth_con_getlocalseqnumber(_gsskrb5_context,
+ krb5_auth_con_getlocalseqnumber(context,
context_handle->auth_context,
&seq_number);
_gsskrb5_encode_be_om_uint32(0, &token->SND_SEQ[0]);
_gsskrb5_encode_be_om_uint32(seq_number, &token->SND_SEQ[4]);
- krb5_auth_con_setlocalseqnumber(_gsskrb5_context,
+ krb5_auth_con_setlocalseqnumber(context,
context_handle->auth_context,
++seq_number);
HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
@@ -726,16 +720,15 @@ OM_uint32 _gssapi_mic_cfx(OM_uint32 *minor_status,
usage = KRB5_KU_USAGE_ACCEPTOR_SIGN;
}
- ret = krb5_create_checksum(_gsskrb5_context, crypto,
+ ret = krb5_create_checksum(context, crypto,
usage, 0, buf, len, &cksum);
if (ret != 0) {
- _gsskrb5_set_error_string();
*minor_status = ret;
- krb5_crypto_destroy(_gsskrb5_context, crypto);
+ krb5_crypto_destroy(context, crypto);
free(buf);
return GSS_S_FAILURE;
}
- krb5_crypto_destroy(_gsskrb5_context, crypto);
+ krb5_crypto_destroy(context, crypto);
/* Determine MIC length */
message_token->length = sizeof(*token) + cksum.checksum.length;
@@ -761,6 +754,7 @@ OM_uint32 _gssapi_mic_cfx(OM_uint32 *minor_status,
OM_uint32 _gssapi_verify_mic_cfx(OM_uint32 *minor_status,
const gsskrb5_ctx context_handle,
+ krb5_context context,
const gss_buffer_t message_buffer,
const gss_buffer_t token_buffer,
gss_qop_t *qop_state,
@@ -830,19 +824,17 @@ OM_uint32 _gssapi_verify_mic_cfx(OM_uint32 *minor_status,
/*
* Verify checksum
*/
- ret = krb5_crypto_init(_gsskrb5_context, key, 0, &crypto);
+ ret = krb5_crypto_init(context, key, 0, &crypto);
if (ret != 0) {
- _gsskrb5_set_error_string();
*minor_status = ret;
return GSS_S_FAILURE;
}
- ret = krb5_crypto_get_checksum_type(_gsskrb5_context, crypto,
+ ret = krb5_crypto_get_checksum_type(context, crypto,
&cksum.cksumtype);
if (ret != 0) {
- _gsskrb5_set_error_string();
*minor_status = ret;
- krb5_crypto_destroy(_gsskrb5_context, crypto);
+ krb5_crypto_destroy(context, crypto);
return GSS_S_FAILURE;
}
@@ -858,20 +850,19 @@ OM_uint32 _gssapi_verify_mic_cfx(OM_uint32 *minor_status,
buf = malloc(message_buffer->length + sizeof(*token));
if (buf == NULL) {
*minor_status = ENOMEM;
- krb5_crypto_destroy(_gsskrb5_context, crypto);
+ krb5_crypto_destroy(context, crypto);
return GSS_S_FAILURE;
}
memcpy(buf, message_buffer->value, message_buffer->length);
memcpy(buf + message_buffer->length, token, sizeof(*token));
- ret = krb5_verify_checksum(_gsskrb5_context, crypto,
+ ret = krb5_verify_checksum(context, crypto,
usage,
buf,
sizeof(*token) + message_buffer->length,
&cksum);
- krb5_crypto_destroy(_gsskrb5_context, crypto);
+ krb5_crypto_destroy(context, crypto);
if (ret != 0) {
- _gsskrb5_set_error_string();
*minor_status = ret;
free(buf);
return GSS_S_BAD_MIC;
generated by cgit (git 2.34.1) at 2025-01-12 21:51:12 +0000