mirror of
https://github.com/samba-team/samba.git
synced 2024-12-24 21:34:56 +03:00
heimdal: update to lorikeet-heimdal rev 801
metze
This commit is contained in:
parent
8bd30a7b43
commit
d6c54a66fb
@ -1,6 +1,19 @@
|
||||
This directory contains a copy of portions of a project known as
|
||||
'lorikeet-heimdal', a branch of the Heimdal Kerberos distribution.
|
||||
$Id: README 8839 2000-07-27 02:33:54Z assar $
|
||||
|
||||
The purpose of these files is to provide kerberos support to Samba4 in
|
||||
a predicatable manner, without reliance on the system kerberos
|
||||
libraries.
|
||||
Heimdal is a Kerberos 5 implementation.
|
||||
|
||||
Please see the manual in doc, by default installed in
|
||||
/usr/heimdal/info/heimdal.info for information on how to install.
|
||||
There are also briefer man pages for most of the commands.
|
||||
|
||||
Bug reports and bugs are appreciated, see more under Bug reports in
|
||||
the manual on how we prefer them.
|
||||
|
||||
For more information see the web-page at
|
||||
<http://www.pdc.kth.se/heimdal/> or the mailing lists:
|
||||
|
||||
heimdal-announce@sics.se low-volume announcement
|
||||
heimdal-discuss@sics.se high-volume discussion
|
||||
|
||||
send a mail to heimdal-announce-request@sics.se and
|
||||
heimdal-discuss-request@sics.se respectively to subscribe.
|
||||
|
@ -1,4 +1,4 @@
|
||||
dnl $Id: check-var.m4,v 1.12 2005/06/16 18:59:10 lha Exp $
|
||||
dnl $Id: check-var.m4 15422 2005-06-16 18:59:29Z lha $
|
||||
dnl
|
||||
dnl rk_CHECK_VAR(variable, includes)
|
||||
AC_DEFUN([rk_CHECK_VAR], [
|
||||
@ -23,4 +23,5 @@ if test "$ac_foo" = yes; then
|
||||
fi
|
||||
])
|
||||
|
||||
dnl AC_WARNING_ENABLE([obsolete])
|
||||
AU_DEFUN([AC_CHECK_VAR], [rk_CHECK_VAR([$2], [$1])], [foo])
|
||||
|
@ -1,4 +1,4 @@
|
||||
dnl $Id: find-func-no-libs.m4,v 1.6 2004/02/12 14:20:45 lha Exp $
|
||||
dnl $Id: find-func-no-libs.m4 13338 2004-02-12 14:21:14Z lha $
|
||||
dnl
|
||||
dnl
|
||||
dnl Look for function in any of the specified libraries
|
||||
|
@ -1,4 +1,4 @@
|
||||
dnl $Id: find-func-no-libs2.m4,v 1.9 2004/08/26 12:35:42 joda Exp $
|
||||
dnl $Id: find-func-no-libs2.m4 14166 2004-08-26 12:35:42Z joda $
|
||||
dnl
|
||||
dnl
|
||||
dnl Look for function in any of the specified libraries
|
||||
|
@ -1,4 +1,4 @@
|
||||
dnl $Id: find-func.m4,v 1.2 2004/02/12 14:20:47 lha Exp $
|
||||
dnl $Id: find-func.m4 13338 2004-02-12 14:21:14Z lha $
|
||||
dnl
|
||||
dnl AC_FIND_FUNC(func, libraries, includes, arguments)
|
||||
AC_DEFUN([AC_FIND_FUNC], [
|
||||
|
@ -1,6 +1,6 @@
|
||||
dnl stuff used by DNS resolv code in roken
|
||||
dnl
|
||||
dnl $Id: resolv.m4,v 1.1 2005/09/02 10:17:38 lha Exp $
|
||||
dnl $Id: resolv.m4 16009 2005-09-02 10:17:38Z lha $
|
||||
dnl
|
||||
|
||||
AC_DEFUN([rk_RESOLV],[
|
||||
|
@ -36,7 +36,7 @@
|
||||
#include <getarg.h>
|
||||
#include <parse_bytes.h>
|
||||
|
||||
RCSID("$Id: default_config.c 21405 2007-07-04 10:35:45Z lha $");
|
||||
RCSID("$Id: default_config.c 23316 2008-06-23 04:32:32Z lha $");
|
||||
|
||||
krb5_error_code
|
||||
krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
|
||||
@ -45,7 +45,7 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
|
||||
|
||||
c = calloc(1, sizeof(*c));
|
||||
if (c == NULL) {
|
||||
krb5_set_error_string(context, "malloc: out of memory");
|
||||
krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
|
||||
return ENOMEM;
|
||||
}
|
||||
|
||||
|
@ -34,7 +34,7 @@
|
||||
#include "kdc_locl.h"
|
||||
#include <hex.h>
|
||||
|
||||
RCSID("$Id: digest.c 22374 2007-12-28 18:36:52Z lha $");
|
||||
RCSID("$Id: digest.c 23316 2008-06-23 04:32:32Z lha $");
|
||||
|
||||
#define MS_CHAP_V2 0x20
|
||||
#define CHAP_MD5 0x10
|
||||
@ -186,7 +186,7 @@ get_password_entry(krb5_context context,
|
||||
if (ret || password == NULL) {
|
||||
if (ret == 0) {
|
||||
ret = EINVAL;
|
||||
krb5_set_error_string(context, "password missing");
|
||||
krb5_set_error_message(context, ret, "password missing");
|
||||
}
|
||||
memset(user, 0, sizeof(*user));
|
||||
}
|
||||
@ -263,7 +263,7 @@ _kdc_do_digest(krb5_context context,
|
||||
goto out;
|
||||
|
||||
ret = EINVAL;
|
||||
krb5_set_error_string(context, "Wrong digest server principal used");
|
||||
krb5_set_error_message(context, ret, "Wrong digest server principal used");
|
||||
p = krb5_principal_get_comp_string(context, principal, 0);
|
||||
if (p == NULL) {
|
||||
krb5_free_principal(context, principal);
|
||||
@ -323,9 +323,9 @@ _kdc_do_digest(krb5_context context,
|
||||
"Client %s tried to use digest "
|
||||
"but is not allowed to",
|
||||
client_name);
|
||||
krb5_set_error_string(context,
|
||||
"Client is not permitted to use digest");
|
||||
ret = KRB5KDC_ERR_POLICY;
|
||||
krb5_set_error_message(context, ret,
|
||||
"Client is not permitted to use digest");
|
||||
goto out;
|
||||
}
|
||||
}
|
||||
@ -338,8 +338,8 @@ _kdc_do_digest(krb5_context context,
|
||||
if (ret)
|
||||
goto out;
|
||||
if (key == NULL) {
|
||||
krb5_set_error_string(context, "digest: remote subkey not found");
|
||||
ret = EINVAL;
|
||||
krb5_set_error_message(context, ret, "digest: remote subkey not found");
|
||||
goto out;
|
||||
}
|
||||
|
||||
@ -359,7 +359,7 @@ _kdc_do_digest(krb5_context context,
|
||||
ret = decode_DigestReqInner(buf.data, buf.length, &ireq, NULL);
|
||||
krb5_data_free(&buf);
|
||||
if (ret) {
|
||||
krb5_set_error_string(context, "Failed to decode digest inner request");
|
||||
krb5_set_error_message(context, ret, "Failed to decode digest inner request");
|
||||
goto out;
|
||||
}
|
||||
|
||||
@ -386,15 +386,15 @@ _kdc_do_digest(krb5_context context,
|
||||
|
||||
hex_encode(server_nonce, sizeof(server_nonce), &r.u.initReply.nonce);
|
||||
if (r.u.initReply.nonce == NULL) {
|
||||
krb5_set_error_string(context, "Failed to decode server nonce");
|
||||
ret = ENOMEM;
|
||||
krb5_set_error_message(context, ret, "Failed to decode server nonce");
|
||||
goto out;
|
||||
}
|
||||
|
||||
sp = krb5_storage_emem();
|
||||
if (sp == NULL) {
|
||||
ret = ENOMEM;
|
||||
krb5_set_error_string(context, "out of memory");
|
||||
krb5_set_error_message(context, ret, "malloc: out of memory");
|
||||
goto out;
|
||||
}
|
||||
ret = krb5_store_stringz(sp, ireq.u.init.type);
|
||||
@ -410,9 +410,9 @@ _kdc_do_digest(krb5_context context,
|
||||
ireq.u.init.channel->cb_type,
|
||||
ireq.u.init.channel->cb_binding);
|
||||
if (s == NULL) {
|
||||
krb5_set_error_string(context, "Failed to allocate "
|
||||
"channel binding");
|
||||
ret = ENOMEM;
|
||||
krb5_set_error_message(context, ret,
|
||||
"Failed to allocate channel binding");
|
||||
goto out;
|
||||
}
|
||||
free(r.u.initReply.nonce);
|
||||
@ -429,15 +429,15 @@ _kdc_do_digest(krb5_context context,
|
||||
r.u.initReply.identifier =
|
||||
malloc(sizeof(*r.u.initReply.identifier));
|
||||
if (r.u.initReply.identifier == NULL) {
|
||||
krb5_set_error_string(context, "out of memory");
|
||||
ret = ENOMEM;
|
||||
krb5_set_error_message(context, ret, "malloc: out of memory");
|
||||
goto out;
|
||||
}
|
||||
|
||||
asprintf(r.u.initReply.identifier, "%02X", identifier & 0xff);
|
||||
if (*r.u.initReply.identifier == NULL) {
|
||||
krb5_set_error_string(context, "out of memory");
|
||||
ret = ENOMEM;
|
||||
krb5_set_error_message(context, ret, "malloc: out of memory");
|
||||
goto out;
|
||||
}
|
||||
|
||||
@ -478,7 +478,7 @@ _kdc_do_digest(krb5_context context,
|
||||
ASN1_MALLOC_ENCODE(Checksum, buf.data, buf.length, &res, &size, ret);
|
||||
free_Checksum(&res);
|
||||
if (ret) {
|
||||
krb5_set_error_string(context, "Failed to encode "
|
||||
krb5_set_error_message(context, ret, "Failed to encode "
|
||||
"checksum in digest request");
|
||||
goto out;
|
||||
}
|
||||
@ -502,7 +502,7 @@ _kdc_do_digest(krb5_context context,
|
||||
sp = krb5_storage_emem();
|
||||
if (sp == NULL) {
|
||||
ret = ENOMEM;
|
||||
krb5_set_error_string(context, "out of memory");
|
||||
krb5_set_error_message(context, ret, "malloc: out of memory");
|
||||
goto out;
|
||||
}
|
||||
ret = krb5_store_stringz(sp, ireq.u.digestRequest.type);
|
||||
@ -524,15 +524,15 @@ _kdc_do_digest(krb5_context context,
|
||||
buf.length = strlen(ireq.u.digestRequest.opaque);
|
||||
buf.data = malloc(buf.length);
|
||||
if (buf.data == NULL) {
|
||||
krb5_set_error_string(context, "out of memory");
|
||||
ret = ENOMEM;
|
||||
krb5_set_error_message(context, ret, "malloc: out of memory");
|
||||
goto out;
|
||||
}
|
||||
|
||||
ret = hex_decode(ireq.u.digestRequest.opaque, buf.data, buf.length);
|
||||
if (ret <= 0) {
|
||||
krb5_set_error_string(context, "Failed to decode opaque");
|
||||
ret = ENOMEM;
|
||||
krb5_set_error_message(context, ret, "Failed to decode opaque");
|
||||
goto out;
|
||||
}
|
||||
buf.length = ret;
|
||||
@ -540,7 +540,7 @@ _kdc_do_digest(krb5_context context,
|
||||
ret = decode_Checksum(buf.data, buf.length, &res, NULL);
|
||||
free(buf.data);
|
||||
if (ret) {
|
||||
krb5_set_error_string(context, "Failed to decode digest Checksum");
|
||||
krb5_set_error_message(context, ret, "Failed to decode digest Checksum");
|
||||
goto out;
|
||||
}
|
||||
|
||||
@ -553,8 +553,8 @@ _kdc_do_digest(krb5_context context,
|
||||
serverNonce.length = strlen(ireq.u.digestRequest.serverNonce);
|
||||
serverNonce.data = malloc(serverNonce.length);
|
||||
if (serverNonce.data == NULL) {
|
||||
krb5_set_error_string(context, "out of memory");
|
||||
ret = ENOMEM;
|
||||
krb5_set_error_message(context, ret, "malloc: out of memory");
|
||||
goto out;
|
||||
}
|
||||
|
||||
@ -568,8 +568,8 @@ _kdc_do_digest(krb5_context context,
|
||||
ssize = hex_decode(ireq.u.digestRequest.serverNonce,
|
||||
serverNonce.data, serverNonce.length);
|
||||
if (ssize <= 0) {
|
||||
krb5_set_error_string(context, "Failed to decode serverNonce");
|
||||
ret = ENOMEM;
|
||||
krb5_set_error_message(context, ret, "Failed to decode serverNonce");
|
||||
goto out;
|
||||
}
|
||||
serverNonce.length = ssize;
|
||||
@ -593,15 +593,15 @@ _kdc_do_digest(krb5_context context,
|
||||
uint32_t t;
|
||||
|
||||
if (serverNonce.length < 4) {
|
||||
krb5_set_error_string(context, "server nonce too short");
|
||||
ret = EINVAL;
|
||||
krb5_set_error_message(context, ret, "server nonce too short");
|
||||
goto out;
|
||||
}
|
||||
t = p[0] | (p[1] << 8) | (p[2] << 16) | (p[3] << 24);
|
||||
|
||||
if (abs((kdc_time & 0xffffffff) - t) > context->max_skew) {
|
||||
krb5_set_error_string(context, "time screw in server nonce ");
|
||||
ret = EINVAL;
|
||||
krb5_set_error_message(context, ret, "time screw in server nonce ");
|
||||
goto out;
|
||||
}
|
||||
}
|
||||
@ -618,15 +618,15 @@ _kdc_do_digest(krb5_context context,
|
||||
}
|
||||
|
||||
if (ireq.u.digestRequest.identifier == NULL) {
|
||||
krb5_set_error_string(context, "Identifier missing "
|
||||
"from CHAP request");
|
||||
ret = EINVAL;
|
||||
krb5_set_error_message(context, ret, "Identifier missing "
|
||||
"from CHAP request");
|
||||
goto out;
|
||||
}
|
||||
|
||||
if (hex_decode(*ireq.u.digestRequest.identifier, &id, 1) != 1) {
|
||||
krb5_set_error_string(context, "failed to decode identifier");
|
||||
ret = EINVAL;
|
||||
krb5_set_error_message(context, ret, "failed to decode identifier");
|
||||
goto out;
|
||||
}
|
||||
|
||||
@ -714,8 +714,8 @@ _kdc_do_digest(krb5_context context,
|
||||
MD5_Final(md, &ctx);
|
||||
hex_encode(md, sizeof(md), &A1);
|
||||
if (A1 == NULL) {
|
||||
krb5_set_error_string(context, "out of memory");
|
||||
ret = ENOMEM;
|
||||
krb5_set_error_message(context, ret, "malloc: out of memory");
|
||||
goto failed;
|
||||
}
|
||||
|
||||
@ -733,8 +733,8 @@ _kdc_do_digest(krb5_context context,
|
||||
MD5_Final(md, &ctx);
|
||||
hex_encode(md, sizeof(md), &A2);
|
||||
if (A2 == NULL) {
|
||||
krb5_set_error_string(context, "out of memory");
|
||||
ret = ENOMEM;
|
||||
krb5_set_error_message(context, ret, "malloc: out of memory");
|
||||
free(A1);
|
||||
goto failed;
|
||||
}
|
||||
@ -795,15 +795,15 @@ _kdc_do_digest(krb5_context context,
|
||||
}
|
||||
|
||||
if (ireq.u.digestRequest.clientNonce == NULL) {
|
||||
krb5_set_error_string(context,
|
||||
"MS-CHAP-V2 clientNonce missing");
|
||||
ret = EINVAL;
|
||||
krb5_set_error_message(context, ret,
|
||||
"MS-CHAP-V2 clientNonce missing");
|
||||
goto failed;
|
||||
}
|
||||
if (serverNonce.length != 16) {
|
||||
krb5_set_error_string(context,
|
||||
"MS-CHAP-V2 serverNonce wrong length");
|
||||
ret = EINVAL;
|
||||
krb5_set_error_message(context, ret,
|
||||
"MS-CHAP-V2 serverNonce wrong length");
|
||||
goto failed;
|
||||
}
|
||||
|
||||
@ -824,16 +824,16 @@ _kdc_do_digest(krb5_context context,
|
||||
clientNonce.data = malloc(clientNonce.length);
|
||||
if (clientNonce.data == NULL) {
|
||||
ret = ENOMEM;
|
||||
krb5_set_error_string(context, "out of memory");
|
||||
krb5_set_error_message(context, ret, "malloc: out of memory");
|
||||
goto out;
|
||||
}
|
||||
|
||||
ssize = hex_decode(*ireq.u.digestRequest.clientNonce,
|
||||
clientNonce.data, clientNonce.length);
|
||||
if (ssize != 16) {
|
||||
krb5_set_error_string(context,
|
||||
"Failed to decode clientNonce");
|
||||
ret = ENOMEM;
|
||||
krb5_set_error_message(context, ret,
|
||||
"Failed to decode clientNonce");
|
||||
goto out;
|
||||
}
|
||||
SHA1_Update(&ctx, clientNonce.data, ssize);
|
||||
@ -852,7 +852,7 @@ _kdc_do_digest(krb5_context context,
|
||||
HDB_F_GET_CLIENT, NULL, &user);
|
||||
krb5_free_principal(context, clientprincipal);
|
||||
if (ret) {
|
||||
krb5_set_error_string(context,
|
||||
krb5_set_error_message(context, ret,
|
||||
"MS-CHAP-V2 user %s not in database",
|
||||
username);
|
||||
goto failed;
|
||||
@ -861,7 +861,7 @@ _kdc_do_digest(krb5_context context,
|
||||
ret = hdb_enctype2key(context, &user->entry,
|
||||
ETYPE_ARCFOUR_HMAC_MD5, &key);
|
||||
if (ret) {
|
||||
krb5_set_error_string(context,
|
||||
krb5_set_error_message(context, ret,
|
||||
"MS-CHAP-V2 missing arcfour key %s",
|
||||
username);
|
||||
goto failed;
|
||||
@ -872,7 +872,7 @@ _kdc_do_digest(krb5_context context,
|
||||
key->key.keyvalue.length,
|
||||
challange, &answer);
|
||||
if (ret) {
|
||||
krb5_set_error_string(context, "NTLM missing arcfour key");
|
||||
krb5_set_error_message(context, ret, "NTLM missing arcfour key");
|
||||
goto failed;
|
||||
}
|
||||
|
||||
@ -967,8 +967,8 @@ _kdc_do_digest(krb5_context context,
|
||||
asprintf(&r.u.error.reason, "Unsupported digest type %s",
|
||||
ireq.u.digestRequest.type);
|
||||
if (r.u.error.reason == NULL) {
|
||||
krb5_set_error_string(context, "out of memory");
|
||||
ret = ENOMEM;
|
||||
krb5_set_error_message(context, ret, "malloc: out of memory");
|
||||
goto out;
|
||||
}
|
||||
r.u.error.code = EINVAL;
|
||||
@ -1021,29 +1021,29 @@ _kdc_do_digest(krb5_context context,
|
||||
r.u.ntlmInitReply.targetname =
|
||||
get_ntlm_targetname(context, client);
|
||||
if (r.u.ntlmInitReply.targetname == NULL) {
|
||||
krb5_set_error_string(context, "out of memory");
|
||||
ret = ENOMEM;
|
||||
krb5_set_error_message(context, ret, "malloc: out of memory");
|
||||
goto out;
|
||||
}
|
||||
r.u.ntlmInitReply.challange.data = malloc(8);
|
||||
if (r.u.ntlmInitReply.challange.data == NULL) {
|
||||
krb5_set_error_string(context, "out of memory");
|
||||
ret = ENOMEM;
|
||||
krb5_set_error_message(context, ret, "malloc: out of memory");
|
||||
goto out;
|
||||
}
|
||||
r.u.ntlmInitReply.challange.length = 8;
|
||||
if (RAND_bytes(r.u.ntlmInitReply.challange.data,
|
||||
r.u.ntlmInitReply.challange.length) != 1)
|
||||
{
|
||||
krb5_set_error_string(context, "out of random error");
|
||||
ret = ENOMEM;
|
||||
krb5_set_error_message(context, ret, "out of random error");
|
||||
goto out;
|
||||
}
|
||||
/* XXX fix targetinfo */
|
||||
ALLOC(r.u.ntlmInitReply.targetinfo);
|
||||
if (r.u.ntlmInitReply.targetinfo == NULL) {
|
||||
krb5_set_error_string(context, "out of memory");
|
||||
ret = ENOMEM;
|
||||
krb5_set_error_message(context, ret, "malloc: out of memory");
|
||||
goto out;
|
||||
}
|
||||
|
||||
@ -1052,8 +1052,8 @@ _kdc_do_digest(krb5_context context,
|
||||
client,
|
||||
r.u.ntlmInitReply.targetinfo);
|
||||
if (ret) {
|
||||
krb5_set_error_string(context, "out of memory");
|
||||
ret = ENOMEM;
|
||||
krb5_set_error_message(context, ret, "malloc: out of memory");
|
||||
goto out;
|
||||
}
|
||||
|
||||
@ -1064,14 +1064,14 @@ _kdc_do_digest(krb5_context context,
|
||||
sp = krb5_storage_emem();
|
||||
if (sp == NULL) {
|
||||
ret = ENOMEM;
|
||||
krb5_set_error_string(context, "out of memory");
|
||||
krb5_set_error_message(context, ret, "malloc: out of memory");
|
||||
goto out;
|
||||
}
|
||||
|
||||
ret = krb5_storage_write(sp, r.u.ntlmInitReply.challange.data, 8);
|
||||
if (ret != 8) {
|
||||
ret = ENOMEM;
|
||||
krb5_set_error_string(context, "storage write challange");
|
||||
krb5_set_error_message(context, ret, "storage write challange");
|
||||
goto out;
|
||||
}
|
||||
ret = krb5_store_uint32(sp, r.u.ntlmInitReply.flags);
|
||||
@ -1127,7 +1127,7 @@ _kdc_do_digest(krb5_context context,
|
||||
HDB_F_GET_CLIENT, NULL, &user);
|
||||
krb5_free_principal(context, clientprincipal);
|
||||
if (ret) {
|
||||
krb5_set_error_string(context, "NTLM user %s not in database",
|
||||
krb5_set_error_message(context, ret, "NTLM user %s not in database",
|
||||
ireq.u.ntlmRequest.username);
|
||||
goto failed;
|
||||
}
|
||||
@ -1150,33 +1150,33 @@ _kdc_do_digest(krb5_context context,
|
||||
sp = krb5_storage_from_data(&buf);
|
||||
if (sp == NULL) {
|
||||
ret = ENOMEM;
|
||||
krb5_set_error_string(context, "out of memory");
|
||||
krb5_set_error_message(context, ret, "malloc: out of memory");
|
||||
goto out;
|
||||
}
|
||||
|
||||
ret = krb5_storage_read(sp, challange, sizeof(challange));
|
||||
if (ret != sizeof(challange)) {
|
||||
krb5_set_error_string(context, "NTLM storage read challange");
|
||||
ret = ENOMEM;
|
||||
krb5_set_error_message(context, ret, "NTLM storage read challange");
|
||||
goto out;
|
||||
}
|
||||
ret = krb5_ret_uint32(sp, &flags);
|
||||
if (ret) {
|
||||
krb5_set_error_string(context, "NTLM storage read flags");
|
||||
krb5_set_error_message(context, ret, "NTLM storage read flags");
|
||||
goto out;
|
||||
}
|
||||
krb5_data_free(&buf);
|
||||
|
||||
if ((flags & NTLM_NEG_NTLM) == 0) {
|
||||
ret = EINVAL;
|
||||
krb5_set_error_string(context, "NTLM not negotiated");
|
||||
krb5_set_error_message(context, ret, "NTLM not negotiated");
|
||||
goto out;
|
||||
}
|
||||
|
||||
ret = hdb_enctype2key(context, &user->entry,
|
||||
ETYPE_ARCFOUR_HMAC_MD5, &key);
|
||||
if (ret) {
|
||||
krb5_set_error_string(context, "NTLM missing arcfour key");
|
||||
krb5_set_error_message(context, ret, "NTLM missing arcfour key");
|
||||
goto out;
|
||||
}
|
||||
|
||||
@ -1194,8 +1194,8 @@ _kdc_do_digest(krb5_context context,
|
||||
|
||||
targetname = get_ntlm_targetname(context, client);
|
||||
if (targetname == NULL) {
|
||||
krb5_set_error_string(context, "out of memory");
|
||||
ret = ENOMEM;
|
||||
krb5_set_error_message(context, ret, "malloc: out of memory");
|
||||
goto out;
|
||||
}
|
||||
|
||||
@ -1213,7 +1213,7 @@ _kdc_do_digest(krb5_context context,
|
||||
sessionkey);
|
||||
free(targetname);
|
||||
if (ret) {
|
||||
krb5_set_error_string(context, "NTLM v2 verify failed");
|
||||
krb5_set_error_message(context, ret, "NTLM v2 verify failed");
|
||||
goto failed;
|
||||
}
|
||||
|
||||
@ -1238,9 +1238,9 @@ _kdc_do_digest(krb5_context context,
|
||||
}
|
||||
|
||||
if (ireq.u.ntlmRequest.lm.length != 24) {
|
||||
krb5_set_error_string(context, "LM hash have wrong length "
|
||||
"for NTLM session key");
|
||||
ret = EINVAL;
|
||||
krb5_set_error_message(context, ret, "LM hash have wrong length "
|
||||
"for NTLM session key");
|
||||
goto failed;
|
||||
}
|
||||
|
||||
@ -1260,7 +1260,7 @@ _kdc_do_digest(krb5_context context,
|
||||
key->key.keyvalue.length,
|
||||
challange, &answer);
|
||||
if (ret) {
|
||||
krb5_set_error_string(context, "NTLM missing arcfour key");
|
||||
krb5_set_error_message(context, ret, "NTLM missing arcfour key");
|
||||
goto failed;
|
||||
}
|
||||
|
||||
@ -1269,7 +1269,7 @@ _kdc_do_digest(krb5_context context,
|
||||
{
|
||||
free(answer.data);
|
||||
ret = EINVAL;
|
||||
krb5_set_error_string(context, "NTLM hash mismatch");
|
||||
krb5_set_error_message(context, ret, "NTLM hash mismatch");
|
||||
goto failed;
|
||||
}
|
||||
free(answer.data);
|
||||
@ -1290,16 +1290,17 @@ _kdc_do_digest(krb5_context context,
|
||||
size_t len;
|
||||
|
||||
if ((flags & NTLM_NEG_KEYEX) == 0) {
|
||||
krb5_set_error_string(context,
|
||||
ret = EINVAL;
|
||||
krb5_set_error_message(context, ret,
|
||||
"NTLM client failed to neg key "
|
||||
"exchange but still sent key");
|
||||
ret = EINVAL;
|
||||
goto failed;
|
||||
}
|
||||
|
||||
len = ireq.u.ntlmRequest.sessionkey->length;
|
||||
if (len != sizeof(masterkey)){
|
||||
krb5_set_error_string(context,
|
||||
ret = EINVAL;
|
||||
krb5_set_error_message(context, ret,
|
||||
"NTLM master key wrong length: %lu",
|
||||
(unsigned long)len);
|
||||
goto failed;
|
||||
@ -1315,14 +1316,15 @@ _kdc_do_digest(krb5_context context,
|
||||
r.u.ntlmResponse.sessionkey =
|
||||
malloc(sizeof(*r.u.ntlmResponse.sessionkey));
|
||||
if (r.u.ntlmResponse.sessionkey == NULL) {
|
||||
krb5_set_error_string(context, "out of memory");
|
||||
ret = EINVAL;
|
||||
krb5_set_error_message(context, ret, "malloc: out of memory");
|
||||
goto out;
|
||||
}
|
||||
|
||||
ret = krb5_data_copy(r.u.ntlmResponse.sessionkey,
|
||||
masterkey, sizeof(masterkey));
|
||||
if (ret) {
|
||||
krb5_set_error_string(context, "out of memory");
|
||||
krb5_set_error_message(context, ret, "malloc: out of memory");
|
||||
goto out;
|
||||
}
|
||||
}
|
||||
@ -1354,9 +1356,9 @@ _kdc_do_digest(krb5_context context,
|
||||
break;
|
||||
|
||||
default: {
|
||||
char *s;
|
||||
krb5_set_error_string(context, "unknown operation to digest");
|
||||
const char *s;
|
||||
ret = EINVAL;
|
||||
krb5_set_error_message(context, ret, "unknown operation to digest");
|
||||
|
||||
failed:
|
||||
|
||||
@ -1370,10 +1372,10 @@ _kdc_do_digest(krb5_context context,
|
||||
|
||||
r.element = choice_DigestRepInner_error;
|
||||
r.u.error.reason = strdup("unknown error");
|
||||
krb5_free_error_string(context, s);
|
||||
krb5_free_error_message(context, s);
|
||||
if (r.u.error.reason == NULL) {
|
||||
krb5_set_error_string(context, "out of memory");
|
||||
ret = ENOMEM;
|
||||
krb5_set_error_message(context, ret, "malloc: out of memory");
|
||||
goto out;
|
||||
}
|
||||
r.u.error.code = EINVAL;
|
||||
@ -1383,7 +1385,7 @@ _kdc_do_digest(krb5_context context,
|
||||
|
||||
ASN1_MALLOC_ENCODE(DigestRepInner, buf.data, buf.length, &r, &size, ret);
|
||||
if (ret) {
|
||||
krb5_set_error_string(context, "Failed to encode inner digest reply");
|
||||
krb5_set_error_message(context, ret, "Failed to encode inner digest reply");
|
||||
goto out;
|
||||
}
|
||||
if (size != buf.length)
|
||||
@ -1414,14 +1416,14 @@ _kdc_do_digest(krb5_context context,
|
||||
|
||||
ASN1_MALLOC_ENCODE(DigestREP, reply->data, reply->length, &rep, &size, ret);
|
||||
if (ret) {
|
||||
krb5_set_error_string(context, "Failed to encode digest reply");
|
||||
krb5_set_error_message(context, ret, "Failed to encode digest reply");
|
||||
goto out;
|
||||
}
|
||||
if (size != reply->length)
|
||||
krb5_abortx(context, "ASN1 internal error");
|
||||
|
||||
|
||||
out:
|
||||
out:
|
||||
if (ac)
|
||||
krb5_auth_con_free(context, ac);
|
||||
if (ret)
|
||||
|
@ -33,7 +33,7 @@
|
||||
|
||||
#include "kdc_locl.h"
|
||||
|
||||
RCSID("$Id: kaserver.c 21654 2007-07-21 17:30:18Z lha $");
|
||||
RCSID("$Id: kaserver.c 23110 2008-04-27 18:51:17Z lha $");
|
||||
|
||||
#include <krb5-v4compat.h>
|
||||
#include <rx.h>
|
||||
@ -366,7 +366,7 @@ create_reply_ticket (krb5_context context,
|
||||
DES_cblock deskey;
|
||||
|
||||
memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
|
||||
DES_set_key (&deskey, &schedule);
|
||||
DES_set_key_unchecked (&deskey, &schedule);
|
||||
DES_pcbc_encrypt (enc_data.data,
|
||||
enc_data.data,
|
||||
enc_data.length,
|
||||
@ -524,7 +524,7 @@ do_authenticate (krb5_context context,
|
||||
|
||||
/* try to decode the `request' */
|
||||
memcpy (&key, ckey->key.keyvalue.data, sizeof(key));
|
||||
DES_set_key (&key, &schedule);
|
||||
DES_set_key_unchecked (&key, &schedule);
|
||||
DES_pcbc_encrypt (request.data,
|
||||
request.data,
|
||||
request.length,
|
||||
@ -801,7 +801,7 @@ do_getticket (krb5_context context,
|
||||
|
||||
/* decrypt the times */
|
||||
memcpy(&session, ad.session.keyvalue.data, sizeof(session));
|
||||
DES_set_key (&session, &schedule);
|
||||
DES_set_key_unchecked (&session, &schedule);
|
||||
DES_ecb_encrypt (times.data,
|
||||
times.data,
|
||||
&schedule,
|
||||
|
@ -33,7 +33,7 @@
|
||||
|
||||
#include "kdc_locl.h"
|
||||
|
||||
RCSID("$Id: kerberos5.c 22071 2007-11-14 20:04:50Z lha $");
|
||||
RCSID("$Id: kerberos5.c 23316 2008-06-23 04:32:32Z lha $");
|
||||
|
||||
#define MAX_TIME ((time_t)((1U << 31) - 1))
|
||||
|
||||
@ -1648,7 +1648,7 @@ _kdc_as_rep(krb5_context context,
|
||||
memset(&canon, 0, sizeof(canon));
|
||||
|
||||
canon.names.requested_name = *b->cname;
|
||||
canon.names.real_name = client->entry.principal->name;
|
||||
canon.names.mapped_name = client->entry.principal->name;
|
||||
|
||||
ASN1_MALLOC_ENCODE(PA_ClientCanonicalizedNames, data.data, data.length,
|
||||
&canon.names, &len, ret);
|
||||
@ -1807,7 +1807,7 @@ _kdc_tkt_add_if_relevant_ad(krb5_context context,
|
||||
if (tkt->authorization_data == NULL) {
|
||||
tkt->authorization_data = calloc(1, sizeof(*tkt->authorization_data));
|
||||
if (tkt->authorization_data == NULL) {
|
||||
krb5_set_error_string(context, "out of memory");
|
||||
krb5_set_error_message(context, ENOMEM, "out of memory");
|
||||
return ENOMEM;
|
||||
}
|
||||
}
|
||||
@ -1822,7 +1822,7 @@ _kdc_tkt_add_if_relevant_ad(krb5_context context,
|
||||
|
||||
ret = add_AuthorizationData(&ad, &ade);
|
||||
if (ret) {
|
||||
krb5_set_error_string(context, "add AuthorizationData failed");
|
||||
krb5_set_error_message(context, ret, "add AuthorizationData failed");
|
||||
return ret;
|
||||
}
|
||||
|
||||
@ -1833,7 +1833,7 @@ _kdc_tkt_add_if_relevant_ad(krb5_context context,
|
||||
&ad, &size, ret);
|
||||
free_AuthorizationData(&ad);
|
||||
if (ret) {
|
||||
krb5_set_error_string(context, "ASN.1 encode of "
|
||||
krb5_set_error_message(context, ret, "ASN.1 encode of "
|
||||
"AuthorizationData failed");
|
||||
return ret;
|
||||
}
|
||||
@ -1843,7 +1843,7 @@ _kdc_tkt_add_if_relevant_ad(krb5_context context,
|
||||
ret = add_AuthorizationData(tkt->authorization_data, &ade);
|
||||
der_free_octet_string(&ade.ad_data);
|
||||
if (ret) {
|
||||
krb5_set_error_string(context, "add AuthorizationData failed");
|
||||
krb5_set_error_message(context, ret, "add AuthorizationData failed");
|
||||
return ret;
|
||||
}
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1997-2007 Kungliga Tekniska Högskolan
|
||||
* Copyright (c) 1997-2008 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
@ -33,7 +33,7 @@
|
||||
|
||||
#include "kdc_locl.h"
|
||||
|
||||
RCSID("$Id: krb5tgs.c 22071 2007-11-14 20:04:50Z lha $");
|
||||
RCSID("$Id: krb5tgs.c 23316 2008-06-23 04:32:32Z lha $");
|
||||
|
||||
/*
|
||||
* return the realm of a krbtgt-ticket or NULL
|
||||
@ -80,7 +80,7 @@ find_KRB5SignedPath(krb5_context context,
|
||||
&child,
|
||||
NULL);
|
||||
if (ret) {
|
||||
krb5_set_error_string(context, "Failed to decode "
|
||||
krb5_set_error_message(context, ret, "Failed to decode "
|
||||
"IF_RELEVANT with %d", ret);
|
||||
return ret;
|
||||
}
|
||||
@ -187,12 +187,13 @@ check_KRB5SignedPath(krb5_context context,
|
||||
hdb_entry_ex *krbtgt,
|
||||
EncTicketPart *tkt,
|
||||
KRB5SignedPathPrincipals **delegated,
|
||||
int require_signedpath)
|
||||
int *signedpath)
|
||||
{
|
||||
krb5_error_code ret;
|
||||
krb5_data data;
|
||||
krb5_crypto crypto = NULL;
|
||||
|
||||
if (delegated)
|
||||
*delegated = NULL;
|
||||
|
||||
ret = find_KRB5SignedPath(context, tkt->authorization_data, &data);
|
||||
@ -246,7 +247,7 @@ check_KRB5SignedPath(krb5_context context,
|
||||
return ret;
|
||||
}
|
||||
|
||||
if (sp.delegated) {
|
||||
if (delegated && sp.delegated) {
|
||||
|
||||
*delegated = malloc(sizeof(*sp.delegated));
|
||||
if (*delegated == NULL) {
|
||||
@ -264,9 +265,7 @@ check_KRB5SignedPath(krb5_context context,
|
||||
}
|
||||
free_KRB5SignedPath(&sp);
|
||||
|
||||
} else {
|
||||
if (require_signedpath)
|
||||
return KRB5KDC_ERR_BADOPTION;
|
||||
*signedpath = 1;
|
||||
}
|
||||
|
||||
return 0;
|
||||
@ -286,7 +285,7 @@ check_PAC(krb5_context context,
|
||||
const EncryptionKey *krbtgt_key,
|
||||
EncTicketPart *tkt,
|
||||
krb5_data *rspac,
|
||||
int *require_signedpath)
|
||||
int *signedpath)
|
||||
{
|
||||
AuthorizationData *ad = tkt->authorization_data;
|
||||
unsigned i, j;
|
||||
@ -306,7 +305,7 @@ check_PAC(krb5_context context,
|
||||
&child,
|
||||
NULL);
|
||||
if (ret) {
|
||||
krb5_set_error_string(context, "Failed to decode "
|
||||
krb5_set_error_message(context, ret, "Failed to decode "
|
||||
"IF_RELEVANT with %d", ret);
|
||||
return ret;
|
||||
}
|
||||
@ -338,7 +337,7 @@ check_PAC(krb5_context context,
|
||||
krb5_pac_free(context, pac);
|
||||
return ret;
|
||||
}
|
||||
*require_signedpath = 0;
|
||||
*signedpath = 1;
|
||||
|
||||
ret = _krb5_pac_sign(context, pac, tkt->authtime,
|
||||
client_principal,
|
||||
@ -554,7 +553,7 @@ fix_transited_encoding(krb5_context context,
|
||||
{
|
||||
krb5_error_code ret = 0;
|
||||
char **realms, **tmp;
|
||||
int num_realms;
|
||||
unsigned int num_realms;
|
||||
int i;
|
||||
|
||||
switch (tr->tr_type) {
|
||||
@ -589,7 +588,7 @@ fix_transited_encoding(krb5_context context,
|
||||
}
|
||||
if(strcmp(client_realm, tgt_realm) && strcmp(server_realm, tgt_realm)) {
|
||||
/* not us, so add the previous realm to transited set */
|
||||
if (num_realms < 0 || num_realms + 1 > UINT_MAX/sizeof(*realms)) {
|
||||
if (num_realms + 1 > UINT_MAX/sizeof(*realms)) {
|
||||
ret = ERANGE;
|
||||
goto free_realms;
|
||||
}
|
||||
@ -670,6 +669,7 @@ tgs_make_reply(krb5_context context,
|
||||
krb5_enctype krbtgt_etype,
|
||||
KRB5SignedPathPrincipals *spp,
|
||||
const krb5_data *rspac,
|
||||
const METHOD_DATA *enc_pa_data,
|
||||
const char **e_text,
|
||||
krb5_data *reply)
|
||||
{
|
||||
@ -874,6 +874,17 @@ tgs_make_reply(krb5_context context,
|
||||
}
|
||||
}
|
||||
|
||||
if (enc_pa_data->len) {
|
||||
rep.padata = calloc(1, sizeof(*rep.padata));
|
||||
if (rep.padata == NULL) {
|
||||
ret = ENOMEM;
|
||||
goto out;
|
||||
}
|
||||
ret = copy_METHOD_DATA(enc_pa_data, rep.padata);
|
||||
if (ret)
|
||||
goto out;
|
||||
}
|
||||
|
||||
/* It is somewhat unclear where the etype in the following
|
||||
encryption should come from. What we have is a session
|
||||
key in the passed tgt, and a list of preferred etypes
|
||||
@ -1000,14 +1011,25 @@ find_rpath(krb5_context context, Realm crealm, Realm srealm)
|
||||
|
||||
|
||||
static krb5_boolean
|
||||
need_referral(krb5_context context, krb5_principal server, krb5_realm **realms)
|
||||
need_referral(krb5_context context, krb5_kdc_configuration *config,
|
||||
const KDCOptions * const options, krb5_principal server,
|
||||
krb5_realm **realms)
|
||||
{
|
||||
if(server->name.name_type != KRB5_NT_SRV_INST ||
|
||||
server->name.name_string.len != 2)
|
||||
const char *name;
|
||||
|
||||
if(!options->canonicalize && server->name.name_type != KRB5_NT_SRV_INST)
|
||||
return FALSE;
|
||||
|
||||
return _krb5_get_host_realm_int(context, server->name.name_string.val[1],
|
||||
FALSE, realms) == 0;
|
||||
if (server->name.name_string.len == 1)
|
||||
name = server->name.name_string.val[0];
|
||||
if (server->name.name_string.len > 1)
|
||||
name = server->name.name_string.val[1];
|
||||
else
|
||||
return FALSE;
|
||||
|
||||
kdc_log(context, config, 0, "Searching referral for %s", name);
|
||||
|
||||
return _krb5_get_host_realm_int(context, name, FALSE, realms) == 0;
|
||||
}
|
||||
|
||||
static krb5_error_code
|
||||
@ -1242,6 +1264,84 @@ out:
|
||||
return ret;
|
||||
}
|
||||
|
||||
static krb5_error_code
|
||||
build_server_referral(krb5_context context,
|
||||
krb5_kdc_configuration *config,
|
||||
krb5_crypto session,
|
||||
krb5_const_realm referred_realm,
|
||||
const PrincipalName *true_principal_name,
|
||||
const PrincipalName *requested_principal,
|
||||
krb5_data *outdata)
|
||||
{
|
||||
PA_ServerReferralData ref;
|
||||
krb5_error_code ret;
|
||||
EncryptedData ed;
|
||||
krb5_data data;
|
||||
size_t size;
|
||||
|
||||
memset(&ref, 0, sizeof(ref));
|
||||
|
||||
if (referred_realm) {
|
||||
ref.referred_realm = malloc(sizeof(ref.referred_realm));
|
||||
if (ref.referred_realm == NULL)
|
||||
goto eout;
|
||||
*ref.referred_realm = strdup(referred_realm);
|
||||
if (*ref.referred_realm == NULL)
|
||||
goto eout;
|
||||
}
|
||||
if (true_principal_name) {
|
||||
ref.true_principal_name =
|
||||
malloc(sizeof(ref.true_principal_name));
|
||||
if (ref.true_principal_name == NULL)
|
||||
goto eout;
|
||||
ret = copy_PrincipalName(true_principal_name, ref.true_principal_name);
|
||||
if (ret)
|
||||
goto eout;
|
||||
}
|
||||
if (requested_principal) {
|
||||
ref.requested_principal_name =
|
||||
malloc(sizeof(ref.requested_principal_name));
|
||||
if (ref.requested_principal_name == NULL)
|
||||
goto eout;
|
||||
ret = copy_PrincipalName(requested_principal,
|
||||
ref.requested_principal_name);
|
||||
if (ret)
|
||||
goto eout;
|
||||
}
|
||||
|
||||
ASN1_MALLOC_ENCODE(PA_ServerReferralData,
|
||||
data.data, data.length,
|
||||
&ref, &size, ret);
|
||||
free_PA_ServerReferralData(&ref);
|
||||
if (ret)
|
||||
return ret;
|
||||
if (data.length != size)
|
||||
krb5_abortx(context, "internal asn.1 encoder error");
|
||||
|
||||
ret = krb5_encrypt_EncryptedData(context, session,
|
||||
KRB5_KU_PA_SERVER_REFERRAL,
|
||||
data.data, data.length,
|
||||
0 /* kvno */, &ed);
|
||||
free(data.data);
|
||||
if (ret)
|
||||
return ret;
|
||||
|
||||
ASN1_MALLOC_ENCODE(EncryptedData,
|
||||
outdata->data, outdata->length,
|
||||
&ed, &size, ret);
|
||||
free_EncryptedData(&ed);
|
||||
if (ret)
|
||||
return ret;
|
||||
if (outdata->length != size)
|
||||
krb5_abortx(context, "internal asn.1 encoder error");
|
||||
|
||||
return 0;
|
||||
eout:
|
||||
free_PA_ServerReferralData(&ref);
|
||||
krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
|
||||
return ENOMEM;
|
||||
}
|
||||
|
||||
static krb5_error_code
|
||||
tgs_build_reply(krb5_context context,
|
||||
krb5_kdc_configuration *config,
|
||||
@ -1253,7 +1353,7 @@ tgs_build_reply(krb5_context context,
|
||||
krb5_data *reply,
|
||||
const char *from,
|
||||
const char **e_text,
|
||||
AuthorizationData *auth_data,
|
||||
AuthorizationData **auth_data,
|
||||
const struct sockaddr *from_addr,
|
||||
int datagram_reply)
|
||||
{
|
||||
@ -1262,6 +1362,7 @@ tgs_build_reply(krb5_context context,
|
||||
krb5_principal client_principal = NULL;
|
||||
char *spn = NULL, *cpn = NULL;
|
||||
hdb_entry_ex *server = NULL, *client = NULL;
|
||||
krb5_realm ref_realm = NULL;
|
||||
EncTicketPart *tgt = &ticket->ticket;
|
||||
KRB5SignedPathPrincipals *spp = NULL;
|
||||
const EncryptionKey *ekey;
|
||||
@ -1270,16 +1371,19 @@ tgs_build_reply(krb5_context context,
|
||||
krb5_data rspac;
|
||||
int cross_realm = 0;
|
||||
|
||||
METHOD_DATA enc_pa_data;
|
||||
|
||||
PrincipalName *s;
|
||||
Realm r;
|
||||
int nloop = 0;
|
||||
EncTicketPart adtkt;
|
||||
char opt_str[128];
|
||||
int require_signedpath = 0;
|
||||
int signedpath = 0;
|
||||
|
||||
memset(&sessionkey, 0, sizeof(sessionkey));
|
||||
memset(&adtkt, 0, sizeof(adtkt));
|
||||
krb5_data_zero(&rspac);
|
||||
memset(&enc_pa_data, 0, sizeof(enc_pa_data));
|
||||
|
||||
s = b->sname;
|
||||
r = b->realm;
|
||||
@ -1379,11 +1483,14 @@ server_lookup:
|
||||
ret = krb5_unparse_name(context, sp, &spn);
|
||||
if (ret)
|
||||
goto out;
|
||||
auth_data = NULL; /* ms don't handle AD in referals */
|
||||
|
||||
if (ref_realm)
|
||||
free(ref_realm);
|
||||
ref_realm = strdup(new_rlm);
|
||||
goto server_lookup;
|
||||
}
|
||||
}
|
||||
} else if(need_referral(context, sp, &realms)) {
|
||||
} else if(need_referral(context, config, &b->kdc_options, sp, &realms)) {
|
||||
if (strcmp(realms[0], sp->realm) != 0) {
|
||||
kdc_log(context, config, 5,
|
||||
"Returning a referral to realm %s for "
|
||||
@ -1396,8 +1503,12 @@ server_lookup:
|
||||
ret = krb5_unparse_name(context, sp, &spn);
|
||||
if (ret)
|
||||
goto out;
|
||||
|
||||
if (ref_realm)
|
||||
free(ref_realm);
|
||||
ref_realm = strdup(realms[0]);
|
||||
|
||||
krb5_free_host_realm(context, realms);
|
||||
auth_data = NULL; /* ms don't handle AD in referals */
|
||||
goto server_lookup;
|
||||
}
|
||||
krb5_free_host_realm(context, realms);
|
||||
@ -1438,6 +1549,50 @@ server_lookup:
|
||||
cross_realm = 1;
|
||||
}
|
||||
|
||||
/*
|
||||
* Select enctype, return key and kvno.
|
||||
*/
|
||||
|
||||
{
|
||||
krb5_enctype etype;
|
||||
|
||||
if(b->kdc_options.enc_tkt_in_skey) {
|
||||
int i;
|
||||
ekey = &adtkt.key;
|
||||
for(i = 0; i < b->etype.len; i++)
|
||||
if (b->etype.val[i] == adtkt.key.keytype)
|
||||
break;
|
||||
if(i == b->etype.len) {
|
||||
kdc_log(context, config, 0,
|
||||
"Addition ticket have not matching etypes", spp);
|
||||
krb5_clear_error_string(context);
|
||||
return KRB5KDC_ERR_ETYPE_NOSUPP;
|
||||
}
|
||||
etype = b->etype.val[i];
|
||||
kvno = 0;
|
||||
} else {
|
||||
Key *skey;
|
||||
|
||||
ret = _kdc_find_etype(context, server, b->etype.val, b->etype.len,
|
||||
&skey, &etype);
|
||||
if(ret) {
|
||||
kdc_log(context, config, 0,
|
||||
"Server (%s) has no support for etypes", spn);
|
||||
return ret;
|
||||
}
|
||||
ekey = &skey->key;
|
||||
kvno = server->entry.kvno;
|
||||
}
|
||||
|
||||
ret = krb5_generate_random_keyblock(context, etype, &sessionkey);
|
||||
if (ret)
|
||||
goto out;
|
||||
}
|
||||
|
||||
/*
|
||||
* Validate authoriation data
|
||||
*/
|
||||
|
||||
/*
|
||||
* Check that service is in the same realm as the krbtgt. If it's
|
||||
* not the same, it's someone that is using a uni-directional trust
|
||||
@ -1459,8 +1614,45 @@ server_lookup:
|
||||
goto out;
|
||||
}
|
||||
|
||||
/* check PAC if not cross realm and if there is one */
|
||||
if (!cross_realm) {
|
||||
Key *tkey;
|
||||
|
||||
ret = hdb_enctype2key(context, &krbtgt->entry,
|
||||
krbtgt_etype, &tkey);
|
||||
if(ret) {
|
||||
kdc_log(context, config, 0,
|
||||
"Failed to find key for krbtgt PAC check");
|
||||
goto out;
|
||||
}
|
||||
|
||||
ret = check_PAC(context, config, cp,
|
||||
client, server, ekey, &tkey->key,
|
||||
tgt, &rspac, &signedpath);
|
||||
if (ret) {
|
||||
kdc_log(context, config, 0,
|
||||
"Verify PAC failed for %s (%s) from %s with %s",
|
||||
spn, cpn, from, krb5_get_err_text(context, ret));
|
||||
goto out;
|
||||
}
|
||||
}
|
||||
|
||||
/* also check the krbtgt for signature */
|
||||
ret = check_KRB5SignedPath(context,
|
||||
config,
|
||||
krbtgt,
|
||||
tgt,
|
||||
&spp,
|
||||
&signedpath);
|
||||
if (ret) {
|
||||
kdc_log(context, config, 0,
|
||||
"KRB5SignedPath check failed for %s (%s) from %s with %s",
|
||||
spn, cpn, from, krb5_get_err_text(context, ret));
|
||||
goto out;
|
||||
}
|
||||
|
||||
/*
|
||||
*
|
||||
* Process request
|
||||
*/
|
||||
|
||||
client_principal = cp;
|
||||
@ -1566,10 +1758,23 @@ server_lookup:
|
||||
&& b->additional_tickets->len != 0
|
||||
&& b->kdc_options.enc_tkt_in_skey == 0)
|
||||
{
|
||||
int ad_signedpath = 0;
|
||||
Key *clientkey;
|
||||
Ticket *t;
|
||||
char *str;
|
||||
|
||||
/*
|
||||
* Require that the KDC have issued the service's krbtgt (not
|
||||
* self-issued ticket with kimpersonate(1).
|
||||
*/
|
||||
if (!signedpath) {
|
||||
ret = KRB5KDC_ERR_BADOPTION;
|
||||
kdc_log(context, config, 0,
|
||||
"Constrained delegation done on service ticket %s/%s",
|
||||
cpn, spn);
|
||||
goto out;
|
||||
}
|
||||
|
||||
t = &b->additional_tickets->val[0];
|
||||
|
||||
ret = hdb_enctype2key(context, &client->entry,
|
||||
@ -1588,12 +1793,11 @@ server_lookup:
|
||||
}
|
||||
|
||||
/* check that ticket is valid */
|
||||
|
||||
if (adtkt.flags.forwardable == 0) {
|
||||
kdc_log(context, config, 0,
|
||||
"Missing forwardable flag on ticket for "
|
||||
"constrained delegation from %s to %s ", spn, cpn);
|
||||
ret = KRB5KDC_ERR_ETYPE_NOSUPP; /* XXX */
|
||||
ret = KRB5KDC_ERR_BADOPTION;
|
||||
goto out;
|
||||
}
|
||||
|
||||
@ -1623,16 +1827,16 @@ server_lookup:
|
||||
}
|
||||
|
||||
/*
|
||||
* Check KRB5SignedPath in authorization data and add new entry to
|
||||
* make sure servers can't fake a ticket to us.
|
||||
* Check that the KDC issued the user's ticket.
|
||||
*/
|
||||
|
||||
ret = check_KRB5SignedPath(context,
|
||||
config,
|
||||
krbtgt,
|
||||
&adtkt,
|
||||
&spp,
|
||||
1);
|
||||
NULL,
|
||||
&ad_signedpath);
|
||||
if (ret == 0 && !ad_signedpath)
|
||||
ret = KRB5KDC_ERR_BADOPTION;
|
||||
if (ret) {
|
||||
kdc_log(context, config, 0,
|
||||
"KRB5SignedPath check from service %s failed "
|
||||
@ -1646,12 +1850,6 @@ server_lookup:
|
||||
kdc_log(context, config, 0, "constrained delegation for %s "
|
||||
"from %s to %s", str, cpn, spn);
|
||||
free(str);
|
||||
|
||||
/*
|
||||
* Also require that the KDC have issue the service's krbtgt
|
||||
* used to do the request.
|
||||
*/
|
||||
require_signedpath = 1;
|
||||
}
|
||||
|
||||
/*
|
||||
@ -1682,79 +1880,38 @@ server_lookup:
|
||||
}
|
||||
|
||||
/*
|
||||
* Select enctype, return key and kvno.
|
||||
* If this is an referral, add server referral data to the
|
||||
* auth_data reply .
|
||||
*/
|
||||
if (ref_realm) {
|
||||
PA_DATA pa;
|
||||
krb5_crypto crypto;
|
||||
|
||||
{
|
||||
krb5_enctype etype;
|
||||
|
||||
if(b->kdc_options.enc_tkt_in_skey) {
|
||||
int i;
|
||||
ekey = &adtkt.key;
|
||||
for(i = 0; i < b->etype.len; i++)
|
||||
if (b->etype.val[i] == adtkt.key.keytype)
|
||||
break;
|
||||
if(i == b->etype.len) {
|
||||
krb5_clear_error_string(context);
|
||||
return KRB5KDC_ERR_ETYPE_NOSUPP;
|
||||
}
|
||||
etype = b->etype.val[i];
|
||||
kvno = 0;
|
||||
} else {
|
||||
Key *skey;
|
||||
|
||||
ret = _kdc_find_etype(context, server, b->etype.val, b->etype.len,
|
||||
&skey, &etype);
|
||||
if(ret) {
|
||||
kdc_log(context, config, 0,
|
||||
"Server (%s) has no support for etypes", spp);
|
||||
return ret;
|
||||
}
|
||||
ekey = &skey->key;
|
||||
kvno = server->entry.kvno;
|
||||
}
|
||||
"Adding server referral to %s", ref_realm);
|
||||
|
||||
ret = krb5_generate_random_keyblock(context, etype, &sessionkey);
|
||||
ret = krb5_crypto_init(context, &sessionkey, 0, &crypto);
|
||||
if (ret)
|
||||
goto out;
|
||||
}
|
||||
|
||||
/* check PAC if not cross realm and if there is one */
|
||||
if (!cross_realm) {
|
||||
Key *tkey;
|
||||
|
||||
ret = hdb_enctype2key(context, &krbtgt->entry,
|
||||
krbtgt_etype, &tkey);
|
||||
if(ret) {
|
||||
kdc_log(context, config, 0,
|
||||
"Failed to find key for krbtgt PAC check");
|
||||
goto out;
|
||||
}
|
||||
|
||||
ret = check_PAC(context, config, client_principal,
|
||||
client, server, ekey, &tkey->key,
|
||||
tgt, &rspac, &require_signedpath);
|
||||
ret = build_server_referral(context, config, crypto, ref_realm,
|
||||
NULL, s, &pa.padata_value);
|
||||
krb5_crypto_destroy(context, crypto);
|
||||
if (ret) {
|
||||
kdc_log(context, config, 0,
|
||||
"Verify PAC failed for %s (%s) from %s with %s",
|
||||
spn, cpn, from, krb5_get_err_text(context, ret));
|
||||
"Failed building server referral");
|
||||
goto out;
|
||||
}
|
||||
}
|
||||
pa.padata_type = KRB5_PADATA_SERVER_REFERRAL;
|
||||
|
||||
/* also check the krbtgt for signature */
|
||||
ret = check_KRB5SignedPath(context,
|
||||
config,
|
||||
krbtgt,
|
||||
tgt,
|
||||
&spp,
|
||||
require_signedpath);
|
||||
ret = add_METHOD_DATA(&enc_pa_data, &pa);
|
||||
krb5_data_free(&pa.padata_value);
|
||||
if (ret) {
|
||||
kdc_log(context, config, 0,
|
||||
"KRB5SignedPath check failed for %s (%s) from %s with %s",
|
||||
spn, cpn, from, krb5_get_err_text(context, ret));
|
||||
"Add server referral METHOD-DATA failed");
|
||||
goto out;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
*
|
||||
@ -1768,7 +1925,7 @@ server_lookup:
|
||||
ekey,
|
||||
&sessionkey,
|
||||
kvno,
|
||||
auth_data,
|
||||
*auth_data,
|
||||
server,
|
||||
spn,
|
||||
client,
|
||||
@ -1777,6 +1934,7 @@ server_lookup:
|
||||
krbtgt_etype,
|
||||
spp,
|
||||
&rspac,
|
||||
&enc_pa_data,
|
||||
e_text,
|
||||
reply);
|
||||
|
||||
@ -1797,6 +1955,9 @@ out:
|
||||
krb5_free_principal(context, cp);
|
||||
if (sp)
|
||||
krb5_free_principal(context, sp);
|
||||
if (ref_realm)
|
||||
free(ref_realm);
|
||||
free_METHOD_DATA(&enc_pa_data);
|
||||
|
||||
free_EncTicketPart(&adtkt);
|
||||
|
||||
@ -1870,7 +2031,7 @@ _kdc_tgs_rep(krb5_context context,
|
||||
data,
|
||||
from,
|
||||
&e_text,
|
||||
auth_data,
|
||||
&auth_data,
|
||||
from_addr,
|
||||
datagram_reply);
|
||||
if (ret) {
|
||||
|
@ -36,7 +36,7 @@
|
||||
#include <rfc2459_asn1.h>
|
||||
#include <hx509.h>
|
||||
|
||||
RCSID("$Id: kx509.c 21607 2007-07-17 07:04:52Z lha $");
|
||||
RCSID("$Id: kx509.c 23316 2008-06-23 04:32:32Z lha $");
|
||||
|
||||
/*
|
||||
*
|
||||
@ -67,7 +67,8 @@ verify_req_hash(krb5_context context,
|
||||
HMAC_CTX ctx;
|
||||
|
||||
if (req->pk_hash.length != sizeof(digest)) {
|
||||
krb5_set_error_string(context, "pk-hash have wrong length: %lu",
|
||||
krb5_set_error_message(context, KRB5KDC_ERR_PREAUTH_FAILED,
|
||||
"pk-hash have wrong length: %lu",
|
||||
(unsigned long)req->pk_hash.length);
|
||||
return KRB5KDC_ERR_PREAUTH_FAILED;
|
||||
}
|
||||
@ -84,7 +85,8 @@ verify_req_hash(krb5_context context,
|
||||
HMAC_CTX_cleanup(&ctx);
|
||||
|
||||
if (memcmp(req->pk_hash.data, digest, sizeof(digest)) != 0) {
|
||||
krb5_set_error_string(context, "pk-hash is not correct");
|
||||
krb5_set_error_message(context, KRB5KDC_ERR_PREAUTH_FAILED,
|
||||
"pk-hash is not correct");
|
||||
return KRB5KDC_ERR_PREAUTH_FAILED;
|
||||
}
|
||||
return 0;
|
||||
@ -106,7 +108,7 @@ calculate_reply_hash(krb5_context context,
|
||||
rep->hash->data = malloc(rep->hash->length);
|
||||
if (rep->hash->data == NULL) {
|
||||
HMAC_CTX_cleanup(&ctx);
|
||||
krb5_set_error_string(context, "out of memory");
|
||||
krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
|
||||
return ENOMEM;
|
||||
}
|
||||
|
||||
@ -158,11 +160,7 @@ build_certificate(krb5_context context,
|
||||
if (ret)
|
||||
goto out;
|
||||
|
||||
ret = hx509_env_init(hxctx, &env);
|
||||
if (ret)
|
||||
goto out;
|
||||
|
||||
ret = hx509_env_add(hxctx, env, "principal-name",
|
||||
ret = hx509_env_add(hxctx, &env, "principal-name",
|
||||
krb5_principal_get_comp_string(context, principal, 0));
|
||||
if (ret)
|
||||
goto out;
|
||||
@ -280,7 +278,7 @@ out:
|
||||
hx509_cert_free(signer);
|
||||
if (hxctx)
|
||||
hx509_context_free(&hxctx);
|
||||
krb5_set_error_string(context, "cert creation failed");
|
||||
krb5_set_error_message(context, ret, "cert creation failed");
|
||||
return ret;
|
||||
}
|
||||
|
||||
@ -358,7 +356,7 @@ _kdc_do_kx509(krb5_context context,
|
||||
krb5_free_principal(context, principal);
|
||||
if (ret != TRUE) {
|
||||
ret = KRB5KDC_ERR_SERVER_NOMATCH;
|
||||
krb5_set_error_string(context,
|
||||
krb5_set_error_message(context, ret,
|
||||
"User %s used wrong Kx509 service principal",
|
||||
cname);
|
||||
goto out;
|
||||
@ -366,8 +364,10 @@ _kdc_do_kx509(krb5_context context,
|
||||
}
|
||||
|
||||
ret = krb5_auth_con_getkey(context, ac, &key);
|
||||
if (ret || key == NULL) {
|
||||
krb5_set_error_string(context, "Kx509 can't get session key");
|
||||
if (ret == 0 && key == NULL)
|
||||
ret = KRB5KDC_ERR_NULL_KEY;
|
||||
if (ret) {
|
||||
krb5_set_error_message(context, ret, "Kx509 can't get session key");
|
||||
goto out;
|
||||
}
|
||||
|
||||
@ -418,7 +418,7 @@ _kdc_do_kx509(krb5_context context,
|
||||
ASN1_MALLOC_ENCODE(Kx509Response, data.data, data.length, &rep,
|
||||
&size, ret);
|
||||
if (ret) {
|
||||
krb5_set_error_string(context, "Failed to encode kx509 reply");
|
||||
krb5_set_error_message(context, ret, "Failed to encode kx509 reply");
|
||||
goto out;
|
||||
}
|
||||
if (size != data.length)
|
||||
|
@ -33,7 +33,7 @@
|
||||
|
||||
#include "kdc_locl.h"
|
||||
|
||||
RCSID("$Id: misc.c 21106 2007-06-18 10:18:11Z lha $");
|
||||
RCSID("$Id: misc.c 23316 2008-06-23 04:32:32Z lha $");
|
||||
|
||||
struct timeval _kdc_now;
|
||||
|
||||
@ -51,7 +51,7 @@ _kdc_db_fetch(krb5_context context,
|
||||
|
||||
ent = calloc (1, sizeof (*ent));
|
||||
if (ent == NULL) {
|
||||
krb5_set_error_string(context, "out of memory");
|
||||
krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
|
||||
return ENOMEM;
|
||||
}
|
||||
|
||||
@ -76,7 +76,7 @@ _kdc_db_fetch(krb5_context context,
|
||||
}
|
||||
}
|
||||
free(ent);
|
||||
krb5_set_error_string(context, "no such entry found in hdb");
|
||||
krb5_set_error_message(context, HDB_ERR_NOENTRY, "no such entry found in hdb");
|
||||
return HDB_ERR_NOENTRY;
|
||||
}
|
||||
|
||||
@ -116,7 +116,8 @@ _kdc_get_preferred_key(krb5_context context,
|
||||
}
|
||||
}
|
||||
|
||||
krb5_set_error_string(context, "No valid kerberos key found for %s", name);
|
||||
krb5_set_error_message(context, EINVAL,
|
||||
"No valid kerberos key found for %s", name);
|
||||
return EINVAL;
|
||||
}
|
||||
|
||||
|
@ -33,7 +33,7 @@
|
||||
|
||||
#include "kdc_locl.h"
|
||||
|
||||
RCSID("$Id: pkinit.c 22243 2007-12-08 23:39:30Z lha $");
|
||||
RCSID("$Id: pkinit.c 23316 2008-06-23 04:32:32Z lha $");
|
||||
|
||||
#ifdef PKINIT
|
||||
|
||||
@ -45,23 +45,8 @@ RCSID("$Id: pkinit.c 22243 2007-12-08 23:39:30Z lha $");
|
||||
#include <hx509.h>
|
||||
#include "crypto-headers.h"
|
||||
|
||||
/* XXX copied from lib/krb5/pkinit.c */
|
||||
struct krb5_pk_identity {
|
||||
hx509_context hx509ctx;
|
||||
hx509_verify_ctx verify_ctx;
|
||||
hx509_certs certs;
|
||||
hx509_certs anchors;
|
||||
hx509_certs certpool;
|
||||
hx509_revoke_ctx revoke;
|
||||
};
|
||||
|
||||
enum pkinit_type {
|
||||
PKINIT_COMPAT_WIN2K = 1,
|
||||
PKINIT_COMPAT_27 = 3
|
||||
};
|
||||
|
||||
struct pk_client_params {
|
||||
enum pkinit_type type;
|
||||
enum krb5_pk_type type;
|
||||
BIGNUM *dh_public_key;
|
||||
hx509_cert cert;
|
||||
unsigned nonce;
|
||||
@ -202,13 +187,13 @@ generate_dh_keyblock(krb5_context context, pk_client_params *client_params,
|
||||
memset(&key, 0, sizeof(key));
|
||||
|
||||
if (!DH_generate_key(client_params->dh)) {
|
||||
krb5_set_error_string(context, "Can't generate Diffie-Hellman keys");
|
||||
ret = KRB5KRB_ERR_GENERIC;
|
||||
krb5_set_error_message(context, ret, "Can't generate Diffie-Hellman keys");
|
||||
goto out;
|
||||
}
|
||||
if (client_params->dh_public_key == NULL) {
|
||||
krb5_set_error_string(context, "dh_public_key");
|
||||
ret = KRB5KRB_ERR_GENERIC;
|
||||
krb5_set_error_message(context, ret, "dh_public_key");
|
||||
goto out;
|
||||
}
|
||||
|
||||
@ -219,8 +204,8 @@ generate_dh_keyblock(krb5_context context, pk_client_params *client_params,
|
||||
|
||||
dh_gen_key = malloc(size);
|
||||
if (dh_gen_key == NULL) {
|
||||
krb5_set_error_string(context, "malloc: out of memory");
|
||||
ret = ENOMEM;
|
||||
krb5_set_error_message(context, ret, "malloc: out of memory");
|
||||
goto out;
|
||||
}
|
||||
memset(dh_gen_key, 0, size - dh_gen_keylen);
|
||||
@ -229,8 +214,8 @@ generate_dh_keyblock(krb5_context context, pk_client_params *client_params,
|
||||
client_params->dh_public_key,
|
||||
client_params->dh);
|
||||
if (dh_gen_keylen == -1) {
|
||||
krb5_set_error_string(context, "Can't compute Diffie-Hellman key");
|
||||
ret = KRB5KRB_ERR_GENERIC;
|
||||
krb5_set_error_message(context, ret, "Can't compute Diffie-Hellman key");
|
||||
goto out;
|
||||
}
|
||||
|
||||
@ -256,7 +241,8 @@ integer_to_BN(krb5_context context, const char *field, heim_integer *f)
|
||||
|
||||
bn = BN_bin2bn((const unsigned char *)f->data, f->length, NULL);
|
||||
if (bn == NULL) {
|
||||
krb5_set_error_string(context, "PKINIT: parsing BN failed %s", field);
|
||||
krb5_set_error_message(context, KRB5_BADMSGTYPE,
|
||||
"PKINIT: parsing BN failed %s", field);
|
||||
return NULL;
|
||||
}
|
||||
BN_set_negative(bn, f->negative);
|
||||
@ -276,13 +262,14 @@ get_dh_param(krb5_context context,
|
||||
memset(&dhparam, 0, sizeof(dhparam));
|
||||
|
||||
if (der_heim_oid_cmp(&dh_key_info->algorithm.algorithm, oid_id_dhpublicnumber())) {
|
||||
krb5_set_error_string(context,
|
||||
krb5_set_error_message(context, KRB5_BADMSGTYPE,
|
||||
"PKINIT invalid oid in clientPublicValue");
|
||||
return KRB5_BADMSGTYPE;
|
||||
}
|
||||
|
||||
if (dh_key_info->algorithm.parameters == NULL) {
|
||||
krb5_set_error_string(context, "PKINIT missing algorithm parameter "
|
||||
krb5_set_error_message(context, KRB5_BADMSGTYPE,
|
||||
"PKINIT missing algorithm parameter "
|
||||
"in clientPublicValue");
|
||||
return KRB5_BADMSGTYPE;
|
||||
}
|
||||
@ -292,14 +279,15 @@ get_dh_param(krb5_context context,
|
||||
&dhparam,
|
||||
NULL);
|
||||
if (ret) {
|
||||
krb5_set_error_string(context, "Can't decode algorithm "
|
||||
krb5_set_error_message(context, ret, "Can't decode algorithm "
|
||||
"parameters in clientPublicValue");
|
||||
goto out;
|
||||
}
|
||||
|
||||
if ((dh_key_info->subjectPublicKey.length % 8) != 0) {
|
||||
ret = KRB5_BADMSGTYPE;
|
||||
krb5_set_error_string(context, "PKINIT: subjectPublicKey not aligned "
|
||||
krb5_set_error_message(context, ret,
|
||||
"PKINIT: subjectPublicKey not aligned "
|
||||
"to 8 bit boundary");
|
||||
goto out;
|
||||
}
|
||||
@ -315,8 +303,8 @@ get_dh_param(krb5_context context,
|
||||
|
||||
dh = DH_new();
|
||||
if (dh == NULL) {
|
||||
krb5_set_error_string(context, "Cannot create DH structure");
|
||||
ret = ENOMEM;
|
||||
krb5_set_error_message(context, ret, "Cannot create DH structure");
|
||||
goto out;
|
||||
}
|
||||
ret = KRB5_BADMSGTYPE;
|
||||
@ -347,9 +335,11 @@ get_dh_param(krb5_context context,
|
||||
"subjectPublicKey",
|
||||
&glue);
|
||||
der_free_heim_integer(&glue);
|
||||
if (client_params->dh_public_key == NULL)
|
||||
if (client_params->dh_public_key == NULL) {
|
||||
ret = KRB5_BADMSGTYPE;
|
||||
goto out;
|
||||
}
|
||||
}
|
||||
|
||||
client_params->dh = dh;
|
||||
dh = NULL;
|
||||
@ -385,7 +375,7 @@ _kdc_pk_rd_padata(krb5_context context,
|
||||
return 0;
|
||||
}
|
||||
|
||||
hx509_verify_set_time(kdc_identity->verify_ctx, _kdc_now.tv_sec);
|
||||
hx509_verify_set_time(kdc_identity->verify_ctx, kdc_time);
|
||||
|
||||
client_params = calloc(1, sizeof(*client_params));
|
||||
if (client_params == NULL) {
|
||||
@ -404,7 +394,7 @@ _kdc_pk_rd_padata(krb5_context context,
|
||||
&r,
|
||||
NULL);
|
||||
if (ret) {
|
||||
krb5_set_error_string(context, "Can't decode "
|
||||
krb5_set_error_message(context, ret, "Can't decode "
|
||||
"PK-AS-REQ-Win2k: %d", ret);
|
||||
goto out;
|
||||
}
|
||||
@ -415,7 +405,8 @@ _kdc_pk_rd_padata(krb5_context context,
|
||||
&have_data);
|
||||
free_PA_PK_AS_REQ_Win2k(&r);
|
||||
if (ret) {
|
||||
krb5_set_error_string(context, "Can't decode PK-AS-REQ: %d", ret);
|
||||
krb5_set_error_message(context, ret,
|
||||
"Can't decode PK-AS-REQ: %d", ret);
|
||||
goto out;
|
||||
}
|
||||
|
||||
@ -429,7 +420,7 @@ _kdc_pk_rd_padata(krb5_context context,
|
||||
&r,
|
||||
NULL);
|
||||
if (ret) {
|
||||
krb5_set_error_string(context, "Can't decode PK-AS-REQ: %d", ret);
|
||||
krb5_set_error_message(context, ret, "Can't decode PK-AS-REQ: %d", ret);
|
||||
goto out;
|
||||
}
|
||||
|
||||
@ -443,7 +434,7 @@ _kdc_pk_rd_padata(krb5_context context,
|
||||
0, NULL,
|
||||
&client_params->client_anchors);
|
||||
if (ret) {
|
||||
krb5_set_error_string(context, "Can't allocate client anchors: %d", ret);
|
||||
krb5_set_error_message(context, ret, "Can't allocate client anchors: %d", ret);
|
||||
goto out;
|
||||
|
||||
}
|
||||
@ -458,7 +449,7 @@ _kdc_pk_rd_padata(krb5_context context,
|
||||
|
||||
ret = hx509_query_alloc(kdc_identity->hx509ctx, &q);
|
||||
if (ret) {
|
||||
krb5_set_error_string(context,
|
||||
krb5_set_error_message(context, ret,
|
||||
"Failed to allocate hx509_query");
|
||||
goto out;
|
||||
}
|
||||
@ -495,7 +486,8 @@ _kdc_pk_rd_padata(krb5_context context,
|
||||
&have_data);
|
||||
free_PA_PK_AS_REQ(&r);
|
||||
if (ret) {
|
||||
krb5_set_error_string(context, "Can't unwrap ContentInfo: %d", ret);
|
||||
krb5_set_error_message(context, ret,
|
||||
"Can't unwrap ContentInfo: %d", ret);
|
||||
goto out;
|
||||
}
|
||||
|
||||
@ -507,16 +499,16 @@ _kdc_pk_rd_padata(krb5_context context,
|
||||
|
||||
ret = der_heim_oid_cmp(&contentInfoOid, oid_id_pkcs7_signedData());
|
||||
if (ret != 0) {
|
||||
krb5_set_error_string(context, "PK-AS-REQ-Win2k invalid content "
|
||||
"type oid");
|
||||
ret = KRB5KRB_ERR_GENERIC;
|
||||
krb5_set_error_message(context, ret,
|
||||
"PK-AS-REQ-Win2k invalid content type oid");
|
||||
goto out;
|
||||
}
|
||||
|
||||
if (!have_data) {
|
||||
krb5_set_error_string(context,
|
||||
"PK-AS-REQ-Win2k no signed auth pack");
|
||||
ret = KRB5KRB_ERR_GENERIC;
|
||||
krb5_set_error_message(context, ret,
|
||||
"PK-AS-REQ-Win2k no signed auth pack");
|
||||
goto out;
|
||||
}
|
||||
|
||||
@ -551,8 +543,8 @@ _kdc_pk_rd_padata(krb5_context context,
|
||||
if (der_heim_oid_cmp(&eContentType, oid_id_pkcs7_data()) != 0 &&
|
||||
der_heim_oid_cmp(&eContentType, oid_id_pkauthdata()) != 0)
|
||||
{
|
||||
krb5_set_error_string(context, "got wrong oid for pkauthdata");
|
||||
ret = KRB5_BADMSGTYPE;
|
||||
krb5_set_error_message(context, ret, "got wrong oid for pkauthdata");
|
||||
goto out;
|
||||
}
|
||||
|
||||
@ -564,7 +556,7 @@ _kdc_pk_rd_padata(krb5_context context,
|
||||
&ap,
|
||||
NULL);
|
||||
if (ret) {
|
||||
krb5_set_error_string(context, "can't decode AuthPack: %d", ret);
|
||||
krb5_set_error_message(context, ret, "can't decode AuthPack: %d", ret);
|
||||
goto out;
|
||||
}
|
||||
|
||||
@ -576,12 +568,12 @@ _kdc_pk_rd_padata(krb5_context context,
|
||||
goto out;
|
||||
}
|
||||
|
||||
client_params->type = PKINIT_COMPAT_WIN2K;
|
||||
client_params->type = PKINIT_WIN2K;
|
||||
client_params->nonce = ap.pkAuthenticator.nonce;
|
||||
|
||||
if (ap.clientPublicValue) {
|
||||
krb5_set_error_string(context, "DH not supported for windows");
|
||||
ret = KRB5KRB_ERR_GENERIC;
|
||||
krb5_set_error_message(context, ret, "DH not supported for windows");
|
||||
goto out;
|
||||
}
|
||||
free_AuthPack_Win2k(&ap);
|
||||
@ -594,7 +586,7 @@ _kdc_pk_rd_padata(krb5_context context,
|
||||
&ap,
|
||||
NULL);
|
||||
if (ret) {
|
||||
krb5_set_error_string(context, "can't decode AuthPack: %d", ret);
|
||||
krb5_set_error_message(context, ret, "can't decode AuthPack: %d", ret);
|
||||
free_AuthPack(&ap);
|
||||
goto out;
|
||||
}
|
||||
@ -607,7 +599,7 @@ _kdc_pk_rd_padata(krb5_context context,
|
||||
goto out;
|
||||
}
|
||||
|
||||
client_params->type = PKINIT_COMPAT_27;
|
||||
client_params->type = PKINIT_27;
|
||||
client_params->nonce = ap.pkAuthenticator.nonce;
|
||||
|
||||
if (ap.clientPublicValue) {
|
||||
@ -700,7 +692,7 @@ pk_mk_pa_reply_enckey(krb5_context context,
|
||||
*/
|
||||
|
||||
switch (client_params->type) {
|
||||
case PKINIT_COMPAT_WIN2K: {
|
||||
case PKINIT_WIN2K: {
|
||||
int i = 0;
|
||||
if (_kdc_find_padata(req, &i, KRB5_PADATA_PK_AS_09_BINDING) == NULL
|
||||
&& config->pkinit_require_binding == 0)
|
||||
@ -709,7 +701,7 @@ pk_mk_pa_reply_enckey(krb5_context context,
|
||||
}
|
||||
break;
|
||||
}
|
||||
case PKINIT_COMPAT_27:
|
||||
case PKINIT_27:
|
||||
break;
|
||||
default:
|
||||
krb5_abortx(context, "internal pkinit error");
|
||||
@ -769,7 +761,7 @@ pk_mk_pa_reply_enckey(krb5_context context,
|
||||
free_ReplyKeyPack(&kp);
|
||||
}
|
||||
if (ret) {
|
||||
krb5_set_error_string(context, "ASN.1 encoding of ReplyKeyPack "
|
||||
krb5_set_error_message(context, ret, "ASN.1 encoding of ReplyKeyPack "
|
||||
"failed (%d)", ret);
|
||||
goto out;
|
||||
}
|
||||
@ -813,7 +805,7 @@ pk_mk_pa_reply_enckey(krb5_context context,
|
||||
if (ret)
|
||||
goto out;
|
||||
|
||||
if (client_params->type == PKINIT_COMPAT_WIN2K) {
|
||||
if (client_params->type == PKINIT_WIN2K) {
|
||||
ret = hx509_cms_wrap_ContentInfo(oid_id_pkcs7_signedData(),
|
||||
&signed_data,
|
||||
&buf);
|
||||
@ -874,9 +866,8 @@ pk_mk_pa_reply_dh(krb5_context context,
|
||||
|
||||
ASN1_MALLOC_ENCODE(DHPublicKey, buf.data, buf.length, &i, &size, ret);
|
||||
if (ret) {
|
||||
krb5_set_error_string(context, "ASN.1 encoding of "
|
||||
krb5_set_error_message(context, ret, "ASN.1 encoding of "
|
||||
"DHPublicKey failed (%d)", ret);
|
||||
krb5_clear_error_string(context);
|
||||
return ret;
|
||||
}
|
||||
if (buf.length != size)
|
||||
@ -890,7 +881,7 @@ pk_mk_pa_reply_dh(krb5_context context,
|
||||
ASN1_MALLOC_ENCODE(KDCDHKeyInfo, buf.data, buf.length, &dh_info, &size,
|
||||
ret);
|
||||
if (ret) {
|
||||
krb5_set_error_string(context, "ASN.1 encoding of "
|
||||
krb5_set_error_message(context, ret, "ASN.1 encoding of "
|
||||
"KdcDHKeyInfo failed (%d)", ret);
|
||||
goto out;
|
||||
}
|
||||
@ -990,7 +981,7 @@ _kdc_pk_mk_pa_reply(krb5_context context,
|
||||
break;
|
||||
if (req->req_body.etype.len <= i) {
|
||||
ret = KRB5KRB_ERR_GENERIC;
|
||||
krb5_set_error_string(context,
|
||||
krb5_set_error_message(context, ret,
|
||||
"No valid enctype available from client");
|
||||
goto out;
|
||||
}
|
||||
@ -998,7 +989,7 @@ _kdc_pk_mk_pa_reply(krb5_context context,
|
||||
} else
|
||||
enctype = ETYPE_DES3_CBC_SHA1;
|
||||
|
||||
if (client_params->type == PKINIT_COMPAT_27) {
|
||||
if (client_params->type == PKINIT_27) {
|
||||
PA_PK_AS_REP rep;
|
||||
const char *type, *other = "";
|
||||
|
||||
@ -1035,7 +1026,7 @@ _kdc_pk_mk_pa_reply(krb5_context context,
|
||||
ret);
|
||||
free_ContentInfo(&info);
|
||||
if (ret) {
|
||||
krb5_set_error_string(context, "encoding of Key ContentInfo "
|
||||
krb5_set_error_message(context, ret, "encoding of Key ContentInfo "
|
||||
"failed %d", ret);
|
||||
free_PA_PK_AS_REP(&rep);
|
||||
goto out;
|
||||
@ -1068,7 +1059,7 @@ _kdc_pk_mk_pa_reply(krb5_context context,
|
||||
ret);
|
||||
free_ContentInfo(&info);
|
||||
if (ret) {
|
||||
krb5_set_error_string(context, "encoding of Key ContentInfo "
|
||||
krb5_set_error_message(context, ret, "encoding of Key ContentInfo "
|
||||
"failed %d", ret);
|
||||
free_PA_PK_AS_REP(&rep);
|
||||
goto out;
|
||||
@ -1085,7 +1076,7 @@ _kdc_pk_mk_pa_reply(krb5_context context,
|
||||
ASN1_MALLOC_ENCODE(PA_PK_AS_REP, buf, len, &rep, &size, ret);
|
||||
free_PA_PK_AS_REP(&rep);
|
||||
if (ret) {
|
||||
krb5_set_error_string(context, "encode PA-PK-AS-REP failed %d",
|
||||
krb5_set_error_message(context, ret, "encode PA-PK-AS-REP failed %d",
|
||||
ret);
|
||||
goto out;
|
||||
}
|
||||
@ -1094,13 +1085,13 @@ _kdc_pk_mk_pa_reply(krb5_context context,
|
||||
|
||||
kdc_log(context, config, 0, "PK-INIT using %s %s", type, other);
|
||||
|
||||
} else if (client_params->type == PKINIT_COMPAT_WIN2K) {
|
||||
} else if (client_params->type == PKINIT_WIN2K) {
|
||||
PA_PK_AS_REP_Win2k rep;
|
||||
ContentInfo info;
|
||||
|
||||
if (client_params->dh) {
|
||||
krb5_set_error_string(context, "Windows PK-INIT doesn't support DH");
|
||||
ret = KRB5KRB_ERR_GENERIC;
|
||||
krb5_set_error_message(context, ret, "Windows PK-INIT doesn't support DH");
|
||||
goto out;
|
||||
}
|
||||
|
||||
@ -1131,7 +1122,7 @@ _kdc_pk_mk_pa_reply(krb5_context context,
|
||||
ret);
|
||||
free_ContentInfo(&info);
|
||||
if (ret) {
|
||||
krb5_set_error_string(context, "encoding of Key ContentInfo "
|
||||
krb5_set_error_message(context, ret, "encoding of Key ContentInfo "
|
||||
"failed %d", ret);
|
||||
free_PA_PK_AS_REP_Win2k(&rep);
|
||||
goto out;
|
||||
@ -1142,7 +1133,7 @@ _kdc_pk_mk_pa_reply(krb5_context context,
|
||||
ASN1_MALLOC_ENCODE(PA_PK_AS_REP_Win2k, buf, len, &rep, &size, ret);
|
||||
free_PA_PK_AS_REP_Win2k(&rep);
|
||||
if (ret) {
|
||||
krb5_set_error_string(context,
|
||||
krb5_set_error_message(context, ret,
|
||||
"encode PA-PK-AS-REP-Win2k failed %d", ret);
|
||||
goto out;
|
||||
}
|
||||
@ -1155,7 +1146,7 @@ _kdc_pk_mk_pa_reply(krb5_context context,
|
||||
|
||||
ret = krb5_padata_add(context, md, pa_type, buf, len);
|
||||
if (ret) {
|
||||
krb5_set_error_string(context, "failed adding PA-PK-AS-REP %d", ret);
|
||||
krb5_set_error_message(context, ret, "failed adding PA-PK-AS-REP %d", ret);
|
||||
free(buf);
|
||||
goto out;
|
||||
}
|
||||
@ -1229,7 +1220,7 @@ _kdc_pk_mk_pa_reply(krb5_context context,
|
||||
KRB5_PADATA_PA_PK_OCSP_RESPONSE,
|
||||
ocsp.data.data, ocsp.data.length);
|
||||
if (ret) {
|
||||
krb5_set_error_string(context,
|
||||
krb5_set_error_message(context, ret,
|
||||
"Failed adding OCSP response %d", ret);
|
||||
goto out;
|
||||
}
|
||||
@ -1453,7 +1444,8 @@ _kdc_pk_check_client(krb5_context context,
|
||||
return 0;
|
||||
}
|
||||
|
||||
krb5_set_error_string(context,
|
||||
ret = KRB5_KDC_ERR_CLIENT_NAME_MISMATCH;
|
||||
krb5_set_error_message(context, ret,
|
||||
"PKINIT no matching principals for %s",
|
||||
*subject_name);
|
||||
|
||||
@ -1464,7 +1456,7 @@ _kdc_pk_check_client(krb5_context context,
|
||||
free(*subject_name);
|
||||
*subject_name = NULL;
|
||||
|
||||
return KRB5_KDC_ERR_CLIENT_NAME_MISMATCH;
|
||||
return ret;
|
||||
}
|
||||
|
||||
static krb5_error_code
|
||||
|
@ -34,7 +34,7 @@
|
||||
|
||||
#include "kdc_locl.h"
|
||||
|
||||
RCSID("$Id: process.c 20959 2007-06-07 04:46:06Z lha $");
|
||||
RCSID("$Id: process.c 23316 2008-06-23 04:32:32Z lha $");
|
||||
|
||||
/*
|
||||
*
|
||||
@ -177,14 +177,15 @@ krb5_kdc_save_request(krb5_context context,
|
||||
|
||||
fd = open(fn, O_WRONLY|O_CREAT|O_APPEND, 0600);
|
||||
if (fd < 0) {
|
||||
krb5_set_error_string(context, "Failed to open: %s", fn);
|
||||
return errno;
|
||||
int saved_errno = errno;
|
||||
krb5_set_error_message(context, saved_errno, "Failed to open: %s", fn);
|
||||
return saved_errno;
|
||||
}
|
||||
|
||||
sp = krb5_storage_from_fd(fd);
|
||||
close(fd);
|
||||
if (sp == NULL) {
|
||||
krb5_set_error_string(context, "Storage failed to open fd");
|
||||
krb5_set_error_message(context, ENOMEM, "Storage failed to open fd");
|
||||
return ENOMEM;
|
||||
}
|
||||
|
||||
|
@ -33,7 +33,7 @@
|
||||
|
||||
#include "kdc_locl.h"
|
||||
|
||||
RCSID("$Id: windc.c 20559 2007-04-24 16:00:07Z lha $");
|
||||
RCSID("$Id: windc.c 23316 2008-06-23 04:32:32Z lha $");
|
||||
|
||||
static krb5plugin_windc_ftable *windcft;
|
||||
static void *windcctx;
|
||||
@ -63,7 +63,7 @@ krb5_kdc_windc_init(krb5_context context)
|
||||
}
|
||||
if (e == NULL) {
|
||||
_krb5_plugin_free(list);
|
||||
krb5_set_error_string(context, "Did not find any WINDC plugin");
|
||||
krb5_set_error_message(context, ENOENT, "Did not find any WINDC plugin");
|
||||
windcft = NULL;
|
||||
return ENOENT;
|
||||
}
|
||||
@ -91,7 +91,7 @@ _kdc_pac_verify(krb5_context context,
|
||||
krb5_pac *pac)
|
||||
{
|
||||
if (windcft == NULL) {
|
||||
krb5_set_error_string(context, "Can't verify PAC, no function");
|
||||
krb5_set_error_message(context, EINVAL, "Can't verify PAC, no function");
|
||||
return EINVAL;
|
||||
}
|
||||
return (windcft->pac_verify)(windcctx, context,
|
||||
|
@ -31,7 +31,7 @@
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
/* $Id: windc_plugin.h 19798 2007-01-10 15:24:51Z lha $ */
|
||||
/* $Id: windc_plugin.h 22693 2008-03-19 08:57:49Z lha $ */
|
||||
|
||||
#ifndef HEIMDAL_KRB5_PAC_PLUGIN_H
|
||||
#define HEIMDAL_KRB5_PAC_PLUGIN_H 1
|
||||
@ -67,7 +67,7 @@ typedef krb5_error_code
|
||||
void *, krb5_context, struct hdb_entry_ex *, KDC_REQ *, krb5_data *);
|
||||
|
||||
|
||||
#define KRB5_WINDC_PLUGING_MINOR 2
|
||||
#define KRB5_WINDC_PLUGING_MINOR 3
|
||||
|
||||
typedef struct krb5plugin_windc_ftable {
|
||||
int minor_version;
|
||||
|
@ -32,7 +32,7 @@
|
||||
*/
|
||||
|
||||
#include "kuser_locl.h"
|
||||
RCSID("$Id: kinit.c 22116 2007-12-03 21:22:58Z lha $");
|
||||
RCSID("$Id: kinit.c 23418 2008-07-26 18:36:48Z lha $");
|
||||
|
||||
#include "krb5-v4compat.h"
|
||||
|
||||
@ -66,6 +66,8 @@ char *pk_user_id = NULL;
|
||||
char *pk_x509_anchors = NULL;
|
||||
int pk_use_enckey = 0;
|
||||
static int canonicalize_flag = 0;
|
||||
static int ok_as_delegate_flag = 0;
|
||||
static int windows_flag = 0;
|
||||
static char *ntlm_domain;
|
||||
|
||||
static char *krb4_cc_name;
|
||||
@ -161,6 +163,12 @@ static struct getargs args[] = {
|
||||
{ "ntlm-domain", 0, arg_string, &ntlm_domain,
|
||||
"NTLM domain", "domain" },
|
||||
|
||||
{ "ok-as-delegate", 0, arg_flag, &ok_as_delegate_flag,
|
||||
"honor ok-as-delegate on tickets" },
|
||||
|
||||
{ "windows", 0, arg_flag, &windows_flag,
|
||||
"get windows behavior" },
|
||||
|
||||
{ "version", 0, arg_flag, &version_flag },
|
||||
{ "help", 0, arg_flag, &help_flag }
|
||||
};
|
||||
@ -330,35 +338,24 @@ out:
|
||||
|
||||
static krb5_error_code
|
||||
store_ntlmkey(krb5_context context, krb5_ccache id,
|
||||
const char *domain, krb5_const_principal client,
|
||||
struct ntlm_buf *buf)
|
||||
const char *domain, struct ntlm_buf *buf)
|
||||
{
|
||||
krb5_error_code ret;
|
||||
krb5_creds cred;
|
||||
krb5_data data;
|
||||
char *name;
|
||||
|
||||
memset(&cred, 0, sizeof(cred));
|
||||
asprintf(&name, "ntlm-key-%s", domain);
|
||||
if (name == NULL) {
|
||||
krb5_clear_error_string(context);
|
||||
return ENOMEM;
|
||||
}
|
||||
|
||||
ret = krb5_make_principal(context, &cred.server,
|
||||
krb5_principal_get_realm(context, client),
|
||||
"@ntlm-key", domain, NULL);
|
||||
if (ret)
|
||||
goto out;
|
||||
ret = krb5_copy_principal(context, client, &cred.client);
|
||||
if (ret)
|
||||
goto out;
|
||||
data.length = buf->length;
|
||||
data.data = buf->data;
|
||||
|
||||
cred.times.authtime = time(NULL);
|
||||
cred.times.endtime = time(NULL) + 3600 * 24 * 30; /* XXX */
|
||||
cred.session.keytype = ENCTYPE_ARCFOUR_HMAC_MD5;
|
||||
ret = krb5_data_copy(&cred.session.keyvalue, buf->data, buf->length);
|
||||
if (ret)
|
||||
goto out;
|
||||
|
||||
ret = krb5_cc_store_cred(context, id, &cred);
|
||||
|
||||
out:
|
||||
krb5_free_cred_contents (context, &cred);
|
||||
return 0;
|
||||
ret = krb5_cc_set_config(context, id, NULL, name, &data);
|
||||
free(name);
|
||||
return ret;
|
||||
}
|
||||
|
||||
static krb5_error_code
|
||||
@ -598,7 +595,17 @@ get_new_tickets(krb5_context context,
|
||||
krb5_err (context, 1, ret, "krb5_cc_move");
|
||||
|
||||
if (ntlm_domain && ntlmkey.data)
|
||||
store_ntlmkey(context, ccache, ntlm_domain, principal, &ntlmkey);
|
||||
store_ntlmkey(context, ccache, ntlm_domain, &ntlmkey);
|
||||
|
||||
if (ok_as_delegate_flag || windows_flag) {
|
||||
krb5_data data;
|
||||
|
||||
data.length = 1;
|
||||
data.data = "\x01";
|
||||
|
||||
krb5_cc_set_config(context, ccache, NULL, "realm-config", &data);
|
||||
}
|
||||
|
||||
|
||||
if (enctype)
|
||||
free(enctype);
|
||||
|
@ -31,7 +31,7 @@
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
/* $Id: der.h 18437 2006-10-14 05:16:08Z lha $ */
|
||||
/* $Id: der.h 23183 2008-05-22 09:56:51Z lha $ */
|
||||
|
||||
#ifndef __DER_H__
|
||||
#define __DER_H__
|
||||
|
@ -33,7 +33,7 @@
|
||||
|
||||
#include "der_locl.h"
|
||||
|
||||
RCSID("$Id: der_free.c 19539 2006-12-28 17:15:05Z lha $");
|
||||
RCSID("$Id: der_free.c 23182 2008-05-22 02:59:04Z lha $");
|
||||
|
||||
void
|
||||
der_free_general_string (heim_general_string *str)
|
||||
|
@ -33,7 +33,7 @@
|
||||
|
||||
#include "gen_locl.h"
|
||||
|
||||
RCSID("$Id: gen.c 22429 2008-01-13 10:25:50Z lha $");
|
||||
RCSID("$Id: gen.c 22896 2008-04-07 18:52:24Z lha $");
|
||||
|
||||
FILE *headerfile, *codefile, *logfile;
|
||||
|
||||
@ -294,13 +294,18 @@ generate_constant (const Symbol *s)
|
||||
break;
|
||||
case objectidentifiervalue: {
|
||||
struct objid *o, **list;
|
||||
int i, len;
|
||||
unsigned int i, len;
|
||||
|
||||
generate_header_of_codefile(s->gen_name);
|
||||
|
||||
len = 0;
|
||||
for (o = s->value->u.objectidentifiervalue; o != NULL; o = o->next)
|
||||
len++;
|
||||
if (len == 0) {
|
||||
printf("s->gen_name: %s",s->gen_name);
|
||||
fflush(stdout);
|
||||
break;
|
||||
}
|
||||
list = emalloc(sizeof(*list) * len);
|
||||
|
||||
i = 0;
|
||||
@ -308,8 +313,8 @@ generate_constant (const Symbol *s)
|
||||
list[i++] = o;
|
||||
|
||||
fprintf (headerfile, "/* OBJECT IDENTIFIER %s ::= { ", s->name);
|
||||
for (i = len - 1 ; i >= 0; i--) {
|
||||
o = list[i];
|
||||
for (i = len ; i > 0; i--) {
|
||||
o = list[i - 1];
|
||||
fprintf(headerfile, "%s(%d) ",
|
||||
o->label ? o->label : "label-less", o->value);
|
||||
}
|
||||
@ -320,8 +325,8 @@ generate_constant (const Symbol *s)
|
||||
|
||||
fprintf (codefile, "static unsigned oid_%s_variable_num[%d] = {",
|
||||
s->gen_name, len);
|
||||
for (i = len - 1 ; i >= 0; i--) {
|
||||
fprintf(codefile, "%d%s ", list[i]->value, i > 0 ? "," : "");
|
||||
for (i = len ; i > 0; i--) {
|
||||
fprintf(codefile, "%d%s ", list[i - 1]->value, i > 1 ? "," : "");
|
||||
}
|
||||
fprintf(codefile, "};\n");
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
-- $Id: k5.asn1 21965 2007-10-18 18:24:36Z lha $
|
||||
-- $Id: k5.asn1 22745 2008-03-24 12:07:54Z lha $
|
||||
|
||||
KERBEROS5 DEFINITIONS ::=
|
||||
BEGIN
|
||||
@ -635,7 +635,7 @@ KRB5SignedPath ::= SEQUENCE {
|
||||
|
||||
PA-ClientCanonicalizedNames ::= SEQUENCE{
|
||||
requested-name [0] PrincipalName,
|
||||
real-name [1] PrincipalName
|
||||
mapped-name [1] PrincipalName
|
||||
}
|
||||
|
||||
PA-ClientCanonicalized ::= SEQUENCE {
|
||||
@ -654,6 +654,16 @@ PA-SvrReferralData ::= SEQUENCE {
|
||||
referred-realm [0] Realm
|
||||
}
|
||||
|
||||
PA-SERVER-REFERRAL-DATA ::= EncryptedData
|
||||
|
||||
PA-ServerReferralData ::= SEQUENCE {
|
||||
referred-realm [0] Realm OPTIONAL,
|
||||
true-principal-name [1] PrincipalName OPTIONAL,
|
||||
requested-principal-name [2] PrincipalName OPTIONAL,
|
||||
referral-valid-until [3] KerberosTime OPTIONAL,
|
||||
...
|
||||
}
|
||||
|
||||
END
|
||||
|
||||
-- etags -r '/\([A-Za-z][-A-Za-z0-9]*\).*::=/\1/' k5.asn1
|
||||
|
@ -1,5 +1,6 @@
|
||||
#include "config.h"
|
||||
|
||||
#line 3 "lex.c"
|
||||
#line 3 "heimdal/lib/asn1/lex.c"
|
||||
|
||||
#define YY_INT_ALIGNED short int
|
||||
|
||||
@ -8,7 +9,7 @@
|
||||
#define FLEX_SCANNER
|
||||
#define YY_FLEX_MAJOR_VERSION 2
|
||||
#define YY_FLEX_MINOR_VERSION 5
|
||||
#define YY_FLEX_SUBMINOR_VERSION 33
|
||||
#define YY_FLEX_SUBMINOR_VERSION 34
|
||||
#if YY_FLEX_SUBMINOR_VERSION > 0
|
||||
#define FLEX_BETA
|
||||
#endif
|
||||
@ -30,7 +31,7 @@
|
||||
|
||||
/* C99 systems have <inttypes.h>. Non-C99 systems may or may not. */
|
||||
|
||||
#if __STDC_VERSION__ >= 199901L
|
||||
#if defined (__STDC_VERSION__) && __STDC_VERSION__ >= 199901L
|
||||
|
||||
/* C99 says to define __STDC_LIMIT_MACROS before including stdint.h,
|
||||
* if you want the limit (max/min) macros for int types.
|
||||
@ -93,11 +94,12 @@ typedef unsigned int flex_uint32_t;
|
||||
|
||||
#else /* ! __cplusplus */
|
||||
|
||||
#if __STDC__
|
||||
/* C99 requires __STDC__ to be defined as 1. */
|
||||
#if defined (__STDC__)
|
||||
|
||||
#define YY_USE_CONST
|
||||
|
||||
#endif /* __STDC__ */
|
||||
#endif /* defined (__STDC__) */
|
||||
#endif /* ! __cplusplus */
|
||||
|
||||
#ifdef YY_USE_CONST
|
||||
@ -180,11 +182,13 @@ extern FILE *yyin, *yyout;
|
||||
/* The following is because we cannot portably get our hands on size_t
|
||||
* (without autoconf's help, which isn't available because we want
|
||||
* flex-generated scanners to compile on their own).
|
||||
* Given that the standard has decreed that size_t exists since 1989,
|
||||
* I guess we can afford to depend on it. Manoj.
|
||||
*/
|
||||
|
||||
#ifndef YY_TYPEDEF_YY_SIZE_T
|
||||
#define YY_TYPEDEF_YY_SIZE_T
|
||||
typedef unsigned int yy_size_t;
|
||||
typedef size_t yy_size_t;
|
||||
#endif
|
||||
|
||||
#ifndef YY_STRUCT_YY_BUFFER_STATE
|
||||
@ -851,7 +855,7 @@ static unsigned lineno = 1;
|
||||
static void unterminated(const char *, unsigned);
|
||||
|
||||
/* This is for broken old lexes (solaris 10 and hpux) */
|
||||
#line 855 "lex.c"
|
||||
#line 858 "heimdal/lib/asn1/lex.c"
|
||||
|
||||
#define INITIAL 0
|
||||
|
||||
@ -869,35 +873,6 @@ static void unterminated(const char *, unsigned);
|
||||
|
||||
static int yy_init_globals (void );
|
||||
|
||||
/* Accessor methods to globals.
|
||||
These are made visible to non-reentrant scanners for convenience. */
|
||||
|
||||
int yylex_destroy (void );
|
||||
|
||||
int yyget_debug (void );
|
||||
|
||||
void yyset_debug (int debug_flag );
|
||||
|
||||
YY_EXTRA_TYPE yyget_extra (void );
|
||||
|
||||
void yyset_extra (YY_EXTRA_TYPE user_defined );
|
||||
|
||||
FILE *yyget_in (void );
|
||||
|
||||
void yyset_in (FILE * in_str );
|
||||
|
||||
FILE *yyget_out (void );
|
||||
|
||||
void yyset_out (FILE * out_str );
|
||||
|
||||
int yyget_leng (void );
|
||||
|
||||
char *yyget_text (void );
|
||||
|
||||
int yyget_lineno (void );
|
||||
|
||||
void yyset_lineno (int line_number );
|
||||
|
||||
/* Macros after this point can all be overridden by user definitions in
|
||||
* section 1.
|
||||
*/
|
||||
@ -940,7 +915,7 @@ static int input (void );
|
||||
/* This used to be an fputs(), but since the string might contain NUL's,
|
||||
* we now use fwrite().
|
||||
*/
|
||||
#define ECHO (void) fwrite( yytext, yyleng, 1, yyout )
|
||||
#define ECHO fwrite( yytext, yyleng, 1, yyout )
|
||||
#endif
|
||||
|
||||
/* Gets input and stuffs it into "buf". number of characters read, or YY_NULL,
|
||||
@ -951,7 +926,7 @@ static int input (void );
|
||||
if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \
|
||||
{ \
|
||||
int c = '*'; \
|
||||
size_t n; \
|
||||
int n; \
|
||||
for ( n = 0; n < max_size && \
|
||||
(c = getc( yyin )) != EOF && c != '\n'; ++n ) \
|
||||
buf[n] = (char) c; \
|
||||
@ -1035,7 +1010,7 @@ YY_DECL
|
||||
|
||||
#line 68 "lex.l"
|
||||
|
||||
#line 1039 "lex.c"
|
||||
#line 1013 "heimdal/lib/asn1/lex.c"
|
||||
|
||||
if ( !(yy_init) )
|
||||
{
|
||||
@ -1704,7 +1679,7 @@ YY_RULE_SETUP
|
||||
#line 274 "lex.l"
|
||||
ECHO;
|
||||
YY_BREAK
|
||||
#line 1708 "lex.c"
|
||||
#line 1682 "heimdal/lib/asn1/lex.c"
|
||||
case YY_STATE_EOF(INITIAL):
|
||||
yyterminate();
|
||||
|
||||
@ -1935,7 +1910,7 @@ static int yy_get_next_buffer (void)
|
||||
|
||||
/* Read in more data. */
|
||||
YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]),
|
||||
(yy_n_chars), num_to_read );
|
||||
(yy_n_chars), (size_t) num_to_read );
|
||||
|
||||
YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars);
|
||||
}
|
||||
@ -1959,6 +1934,14 @@ static int yy_get_next_buffer (void)
|
||||
else
|
||||
ret_val = EOB_ACT_CONTINUE_SCAN;
|
||||
|
||||
if ((yy_size_t) ((yy_n_chars) + number_to_move) > YY_CURRENT_BUFFER_LVALUE->yy_buf_size) {
|
||||
/* Extend the array by 50%, plus the number we really need. */
|
||||
yy_size_t new_size = (yy_n_chars) + number_to_move + ((yy_n_chars) >> 1);
|
||||
YY_CURRENT_BUFFER_LVALUE->yy_ch_buf = (char *) yyrealloc((void *) YY_CURRENT_BUFFER_LVALUE->yy_ch_buf,new_size );
|
||||
if ( ! YY_CURRENT_BUFFER_LVALUE->yy_ch_buf )
|
||||
YY_FATAL_ERROR( "out of dynamic memory in yy_get_next_buffer()" );
|
||||
}
|
||||
|
||||
(yy_n_chars) += number_to_move;
|
||||
YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] = YY_END_OF_BUFFER_CHAR;
|
||||
YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] = YY_END_OF_BUFFER_CHAR;
|
||||
@ -2374,6 +2357,8 @@ static void yyensure_buffer_stack (void)
|
||||
(yy_buffer_stack) = (struct yy_buffer_state**)yyalloc
|
||||
(num_to_alloc * sizeof(struct yy_buffer_state*)
|
||||
);
|
||||
if ( ! (yy_buffer_stack) )
|
||||
YY_FATAL_ERROR( "out of dynamic memory in yyensure_buffer_stack()" );
|
||||
|
||||
memset((yy_buffer_stack), 0, num_to_alloc * sizeof(struct yy_buffer_state*));
|
||||
|
||||
@ -2392,6 +2377,8 @@ static void yyensure_buffer_stack (void)
|
||||
((yy_buffer_stack),
|
||||
num_to_alloc * sizeof(struct yy_buffer_state*)
|
||||
);
|
||||
if ( ! (yy_buffer_stack) )
|
||||
YY_FATAL_ERROR( "out of dynamic memory in yyensure_buffer_stack()" );
|
||||
|
||||
/* zero only the new slots.*/
|
||||
memset((yy_buffer_stack) + (yy_buffer_stack_max), 0, grow_size * sizeof(struct yy_buffer_state*));
|
||||
@ -2436,7 +2423,7 @@ YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size )
|
||||
|
||||
/** Setup the input buffer state to scan a string. The next call to yylex() will
|
||||
* scan from a @e copy of @a str.
|
||||
* @param str a NUL-terminated string to scan
|
||||
* @param yystr a NUL-terminated string to scan
|
||||
*
|
||||
* @return the newly allocated buffer state object.
|
||||
* @note If you want to scan bytes that may contain NUL values, then use
|
||||
|
@ -32,7 +32,7 @@
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
/* $Id: lex.l,v 1.31 2006/10/21 11:57:22 lha Exp $ */
|
||||
/* $Id: lex.l 18738 2006-10-21 11:57:22Z lha $ */
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include <config.h>
|
||||
|
@ -17,6 +17,11 @@ id-pkrkeydata OBJECT IDENTIFIER ::= { id-pkinit 3 }
|
||||
id-pkekuoid OBJECT IDENTIFIER ::= { id-pkinit 4 }
|
||||
id-pkkdcekuoid OBJECT IDENTIFIER ::= { id-pkinit 5 }
|
||||
|
||||
id-pkinit-kdf OBJECT IDENTIFIER ::= { id-pkinit 6 }
|
||||
id-pkinit-kdf-ah-sha1 OBJECT IDENTIFIER ::= { id-pkinit-kdf 1 }
|
||||
id-pkinit-kdf-ah-sha256 OBJECT IDENTIFIER ::= { id-pkinit-kdf 2 }
|
||||
id-pkinit-kdf-ah-sha512 OBJECT IDENTIFIER ::= { id-pkinit-kdf 3 }
|
||||
|
||||
id-pkinit-san OBJECT IDENTIFIER ::=
|
||||
{ iso(1) org(3) dod(6) internet(1) security(5) kerberosv5(2)
|
||||
x509-sanan(2) }
|
||||
@ -171,6 +176,14 @@ ReplyKeyPack-Win2k ::= SEQUENCE {
|
||||
...
|
||||
}
|
||||
|
||||
PkinitSP80056AOtherInfo ::= SEQUENCE {
|
||||
algorithmID AlgorithmIdentifier,
|
||||
partyUInfo [0] OCTET STRING,
|
||||
partyVInfo [1] OCTET STRING,
|
||||
suppPubInfo [2] OCTET STRING OPTIONAL,
|
||||
suppPrivInfo [3] OCTET STRING OPTIONAL
|
||||
}
|
||||
|
||||
PkinitSuppPubInfo ::= SEQUENCE {
|
||||
enctype [0] INTEGER (-2147483648..2147483647),
|
||||
as-REQ [1] OCTET STRING,
|
||||
|
@ -1,4 +1,4 @@
|
||||
# $Id: test.gen,v 1.2 2005/07/12 06:27:41 lha Exp $
|
||||
# $Id: test.gen 15617 2005-07-12 06:27:42Z lha $
|
||||
# Sample for TESTSeq in test.asn1
|
||||
#
|
||||
|
||||
|
@ -1,5 +1,6 @@
|
||||
#include "config.h"
|
||||
|
||||
#line 3 "lex.c"
|
||||
#line 3 "heimdal/lib/com_err/lex.c"
|
||||
|
||||
#define YY_INT_ALIGNED short int
|
||||
|
||||
@ -8,7 +9,7 @@
|
||||
#define FLEX_SCANNER
|
||||
#define YY_FLEX_MAJOR_VERSION 2
|
||||
#define YY_FLEX_MINOR_VERSION 5
|
||||
#define YY_FLEX_SUBMINOR_VERSION 33
|
||||
#define YY_FLEX_SUBMINOR_VERSION 34
|
||||
#if YY_FLEX_SUBMINOR_VERSION > 0
|
||||
#define FLEX_BETA
|
||||
#endif
|
||||
@ -30,7 +31,7 @@
|
||||
|
||||
/* C99 systems have <inttypes.h>. Non-C99 systems may or may not. */
|
||||
|
||||
#if __STDC_VERSION__ >= 199901L
|
||||
#if defined (__STDC_VERSION__) && __STDC_VERSION__ >= 199901L
|
||||
|
||||
/* C99 says to define __STDC_LIMIT_MACROS before including stdint.h,
|
||||
* if you want the limit (max/min) macros for int types.
|
||||
@ -93,11 +94,12 @@ typedef unsigned int flex_uint32_t;
|
||||
|
||||
#else /* ! __cplusplus */
|
||||
|
||||
#if __STDC__
|
||||
/* C99 requires __STDC__ to be defined as 1. */
|
||||
#if defined (__STDC__)
|
||||
|
||||
#define YY_USE_CONST
|
||||
|
||||
#endif /* __STDC__ */
|
||||
#endif /* defined (__STDC__) */
|
||||
#endif /* ! __cplusplus */
|
||||
|
||||
#ifdef YY_USE_CONST
|
||||
@ -180,11 +182,13 @@ extern FILE *yyin, *yyout;
|
||||
/* The following is because we cannot portably get our hands on size_t
|
||||
* (without autoconf's help, which isn't available because we want
|
||||
* flex-generated scanners to compile on their own).
|
||||
* Given that the standard has decreed that size_t exists since 1989,
|
||||
* I guess we can afford to depend on it. Manoj.
|
||||
*/
|
||||
|
||||
#ifndef YY_TYPEDEF_YY_SIZE_T
|
||||
#define YY_TYPEDEF_YY_SIZE_T
|
||||
typedef unsigned int yy_size_t;
|
||||
typedef size_t yy_size_t;
|
||||
#endif
|
||||
|
||||
#ifndef YY_STRUCT_YY_BUFFER_STATE
|
||||
@ -532,7 +536,7 @@ static int getstring(void);
|
||||
|
||||
#undef ECHO
|
||||
|
||||
#line 536 "lex.c"
|
||||
#line 539 "heimdal/lib/com_err/lex.c"
|
||||
|
||||
#define INITIAL 0
|
||||
|
||||
@ -550,35 +554,6 @@ static int getstring(void);
|
||||
|
||||
static int yy_init_globals (void );
|
||||
|
||||
/* Accessor methods to globals.
|
||||
These are made visible to non-reentrant scanners for convenience. */
|
||||
|
||||
int yylex_destroy (void );
|
||||
|
||||
int yyget_debug (void );
|
||||
|
||||
void yyset_debug (int debug_flag );
|
||||
|
||||
YY_EXTRA_TYPE yyget_extra (void );
|
||||
|
||||
void yyset_extra (YY_EXTRA_TYPE user_defined );
|
||||
|
||||
FILE *yyget_in (void );
|
||||
|
||||
void yyset_in (FILE * in_str );
|
||||
|
||||
FILE *yyget_out (void );
|
||||
|
||||
void yyset_out (FILE * out_str );
|
||||
|
||||
int yyget_leng (void );
|
||||
|
||||
char *yyget_text (void );
|
||||
|
||||
int yyget_lineno (void );
|
||||
|
||||
void yyset_lineno (int line_number );
|
||||
|
||||
/* Macros after this point can all be overridden by user definitions in
|
||||
* section 1.
|
||||
*/
|
||||
@ -621,7 +596,7 @@ static int input (void );
|
||||
/* This used to be an fputs(), but since the string might contain NUL's,
|
||||
* we now use fwrite().
|
||||
*/
|
||||
#define ECHO (void) fwrite( yytext, yyleng, 1, yyout )
|
||||
#define ECHO fwrite( yytext, yyleng, 1, yyout )
|
||||
#endif
|
||||
|
||||
/* Gets input and stuffs it into "buf". number of characters read, or YY_NULL,
|
||||
@ -632,7 +607,7 @@ static int input (void );
|
||||
if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \
|
||||
{ \
|
||||
int c = '*'; \
|
||||
size_t n; \
|
||||
int n; \
|
||||
for ( n = 0; n < max_size && \
|
||||
(c = getc( yyin )) != EOF && c != '\n'; ++n ) \
|
||||
buf[n] = (char) c; \
|
||||
@ -716,7 +691,7 @@ YY_DECL
|
||||
|
||||
#line 59 "lex.l"
|
||||
|
||||
#line 720 "lex.c"
|
||||
#line 694 "heimdal/lib/com_err/lex.c"
|
||||
|
||||
if ( !(yy_init) )
|
||||
{
|
||||
@ -880,7 +855,7 @@ YY_RULE_SETUP
|
||||
#line 75 "lex.l"
|
||||
ECHO;
|
||||
YY_BREAK
|
||||
#line 884 "lex.c"
|
||||
#line 858 "heimdal/lib/com_err/lex.c"
|
||||
case YY_STATE_EOF(INITIAL):
|
||||
yyterminate();
|
||||
|
||||
@ -1111,7 +1086,7 @@ static int yy_get_next_buffer (void)
|
||||
|
||||
/* Read in more data. */
|
||||
YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]),
|
||||
(yy_n_chars), num_to_read );
|
||||
(yy_n_chars), (size_t) num_to_read );
|
||||
|
||||
YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars);
|
||||
}
|
||||
@ -1135,6 +1110,14 @@ static int yy_get_next_buffer (void)
|
||||
else
|
||||
ret_val = EOB_ACT_CONTINUE_SCAN;
|
||||
|
||||
if ((yy_size_t) ((yy_n_chars) + number_to_move) > YY_CURRENT_BUFFER_LVALUE->yy_buf_size) {
|
||||
/* Extend the array by 50%, plus the number we really need. */
|
||||
yy_size_t new_size = (yy_n_chars) + number_to_move + ((yy_n_chars) >> 1);
|
||||
YY_CURRENT_BUFFER_LVALUE->yy_ch_buf = (char *) yyrealloc((void *) YY_CURRENT_BUFFER_LVALUE->yy_ch_buf,new_size );
|
||||
if ( ! YY_CURRENT_BUFFER_LVALUE->yy_ch_buf )
|
||||
YY_FATAL_ERROR( "out of dynamic memory in yy_get_next_buffer()" );
|
||||
}
|
||||
|
||||
(yy_n_chars) += number_to_move;
|
||||
YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] = YY_END_OF_BUFFER_CHAR;
|
||||
YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] = YY_END_OF_BUFFER_CHAR;
|
||||
@ -1550,6 +1533,8 @@ static void yyensure_buffer_stack (void)
|
||||
(yy_buffer_stack) = (struct yy_buffer_state**)yyalloc
|
||||
(num_to_alloc * sizeof(struct yy_buffer_state*)
|
||||
);
|
||||
if ( ! (yy_buffer_stack) )
|
||||
YY_FATAL_ERROR( "out of dynamic memory in yyensure_buffer_stack()" );
|
||||
|
||||
memset((yy_buffer_stack), 0, num_to_alloc * sizeof(struct yy_buffer_state*));
|
||||
|
||||
@ -1568,6 +1553,8 @@ static void yyensure_buffer_stack (void)
|
||||
((yy_buffer_stack),
|
||||
num_to_alloc * sizeof(struct yy_buffer_state*)
|
||||
);
|
||||
if ( ! (yy_buffer_stack) )
|
||||
YY_FATAL_ERROR( "out of dynamic memory in yyensure_buffer_stack()" );
|
||||
|
||||
/* zero only the new slots.*/
|
||||
memset((yy_buffer_stack) + (yy_buffer_stack_max), 0, grow_size * sizeof(struct yy_buffer_state*));
|
||||
@ -1612,7 +1599,7 @@ YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size )
|
||||
|
||||
/** Setup the input buffer state to scan a string. The next call to yylex() will
|
||||
* scan from a @e copy of @a str.
|
||||
* @param str a NUL-terminated string to scan
|
||||
* @param yystr a NUL-terminated string to scan
|
||||
*
|
||||
* @return the newly allocated buffer state object.
|
||||
* @note If you want to scan bytes that may contain NUL values, then use
|
||||
|
@ -44,7 +44,7 @@
|
||||
#include "parse.h"
|
||||
#include "lex.h"
|
||||
|
||||
RCSID("$Id: lex.l,v 1.8 2005/05/16 08:52:54 lha Exp $");
|
||||
RCSID("$Id: lex.l 15143 2005-05-16 08:52:54Z lha $");
|
||||
|
||||
static unsigned lineno = 1;
|
||||
static int getstring(void);
|
||||
|
@ -31,7 +31,7 @@
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
/* $Id: gssapi.h 21004 2007-06-08 01:53:10Z lha $ */
|
||||
/* $Id: gssapi.h 23025 2008-04-17 10:01:57Z lha $ */
|
||||
|
||||
#ifndef GSSAPI_GSSAPI_H_
|
||||
#define GSSAPI_GSSAPI_H_
|
||||
@ -43,6 +43,16 @@
|
||||
|
||||
#include <krb5-types.h>
|
||||
|
||||
#ifndef BUILD_GSSAPI_LIB
|
||||
#if defined(_WIN32)
|
||||
#define GSSAPI_LIB_FUNCTION _stdcall __declspec(dllimport)
|
||||
#define GSSAPI_LIB_VARIABLE __declspec(dllimport)
|
||||
#else
|
||||
#define GSSAPI_LIB_FUNCTION
|
||||
#define GSSAPI_LIB_VARIABLE
|
||||
#endif
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Now define the three implementation-dependent types.
|
||||
*/
|
||||
@ -210,7 +220,7 @@ extern "C" {
|
||||
* GSS_C_NT_USER_NAME should be initialized to point
|
||||
* to that gss_OID_desc.
|
||||
*/
|
||||
extern gss_OID GSS_C_NT_USER_NAME;
|
||||
extern GSSAPI_LIB_VARIABLE gss_OID GSS_C_NT_USER_NAME;
|
||||
|
||||
/*
|
||||
* The implementation must reserve static storage for a
|
||||
@ -223,7 +233,7 @@ extern gss_OID GSS_C_NT_USER_NAME;
|
||||
* The constant GSS_C_NT_MACHINE_UID_NAME should be
|
||||
* initialized to point to that gss_OID_desc.
|
||||
*/
|
||||
extern gss_OID GSS_C_NT_MACHINE_UID_NAME;
|
||||
extern GSSAPI_LIB_VARIABLE gss_OID GSS_C_NT_MACHINE_UID_NAME;
|
||||
|
||||
/*
|
||||
* The implementation must reserve static storage for a
|
||||
@ -236,7 +246,7 @@ extern gss_OID GSS_C_NT_MACHINE_UID_NAME;
|
||||
* The constant GSS_C_NT_STRING_UID_NAME should be
|
||||
* initialized to point to that gss_OID_desc.
|
||||
*/
|
||||
extern gss_OID GSS_C_NT_STRING_UID_NAME;
|
||||
extern GSSAPI_LIB_VARIABLE gss_OID GSS_C_NT_STRING_UID_NAME;
|
||||
|
||||
/*
|
||||
* The implementation must reserve static storage for a
|
||||
@ -255,7 +265,7 @@ extern gss_OID GSS_C_NT_STRING_UID_NAME;
|
||||
* parameter, but should not be emitted by GSS-API
|
||||
* implementations
|
||||
*/
|
||||
extern gss_OID GSS_C_NT_HOSTBASED_SERVICE_X;
|
||||
extern GSSAPI_LIB_VARIABLE gss_OID GSS_C_NT_HOSTBASED_SERVICE_X;
|
||||
|
||||
/*
|
||||
* The implementation must reserve static storage for a
|
||||
@ -268,7 +278,7 @@ extern gss_OID GSS_C_NT_HOSTBASED_SERVICE_X;
|
||||
* GSS_C_NT_HOSTBASED_SERVICE should be initialized
|
||||
* to point to that gss_OID_desc.
|
||||
*/
|
||||
extern gss_OID GSS_C_NT_HOSTBASED_SERVICE;
|
||||
extern GSSAPI_LIB_VARIABLE gss_OID GSS_C_NT_HOSTBASED_SERVICE;
|
||||
|
||||
/*
|
||||
* The implementation must reserve static storage for a
|
||||
@ -280,7 +290,7 @@ extern gss_OID GSS_C_NT_HOSTBASED_SERVICE;
|
||||
* and GSS_C_NT_ANONYMOUS should be initialized to point
|
||||
* to that gss_OID_desc.
|
||||
*/
|
||||
extern gss_OID GSS_C_NT_ANONYMOUS;
|
||||
extern GSSAPI_LIB_VARIABLE gss_OID GSS_C_NT_ANONYMOUS;
|
||||
|
||||
/*
|
||||
* The implementation must reserve static storage for a
|
||||
@ -292,19 +302,19 @@ extern gss_OID GSS_C_NT_ANONYMOUS;
|
||||
* GSS_C_NT_EXPORT_NAME should be initialized to point
|
||||
* to that gss_OID_desc.
|
||||
*/
|
||||
extern gss_OID GSS_C_NT_EXPORT_NAME;
|
||||
extern GSSAPI_LIB_VARIABLE gss_OID GSS_C_NT_EXPORT_NAME;
|
||||
|
||||
/*
|
||||
* Digest mechanism
|
||||
*/
|
||||
|
||||
extern gss_OID GSS_SASL_DIGEST_MD5_MECHANISM;
|
||||
extern GSSAPI_LIB_VARIABLE gss_OID GSS_SASL_DIGEST_MD5_MECHANISM;
|
||||
|
||||
/*
|
||||
* NTLM mechanism
|
||||
*/
|
||||
|
||||
extern gss_OID GSS_NTLM_MECHANISM;
|
||||
extern GSSAPI_LIB_VARIABLE gss_OID GSS_NTLM_MECHANISM;
|
||||
|
||||
/* Major status codes */
|
||||
|
||||
@ -387,7 +397,7 @@ extern gss_OID GSS_NTLM_MECHANISM;
|
||||
* Finally, function prototypes for the GSS-API routines.
|
||||
*/
|
||||
|
||||
OM_uint32 gss_acquire_cred
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION gss_acquire_cred
|
||||
(OM_uint32 * /*minor_status*/,
|
||||
const gss_name_t /*desired_name*/,
|
||||
OM_uint32 /*time_req*/,
|
||||
@ -398,12 +408,12 @@ OM_uint32 gss_acquire_cred
|
||||
OM_uint32 * /*time_rec*/
|
||||
);
|
||||
|
||||
OM_uint32 gss_release_cred
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION gss_release_cred
|
||||
(OM_uint32 * /*minor_status*/,
|
||||
gss_cred_id_t * /*cred_handle*/
|
||||
);
|
||||
|
||||
OM_uint32 gss_init_sec_context
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION gss_init_sec_context
|
||||
(OM_uint32 * /*minor_status*/,
|
||||
const gss_cred_id_t /*initiator_cred_handle*/,
|
||||
gss_ctx_id_t * /*context_handle*/,
|
||||
@ -419,7 +429,7 @@ OM_uint32 gss_init_sec_context
|
||||
OM_uint32 * /*time_rec*/
|
||||
);
|
||||
|
||||
OM_uint32 gss_accept_sec_context
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION gss_accept_sec_context
|
||||
(OM_uint32 * /*minor_status*/,
|
||||
gss_ctx_id_t * /*context_handle*/,
|
||||
const gss_cred_id_t /*acceptor_cred_handle*/,
|
||||
@ -433,25 +443,25 @@ OM_uint32 gss_accept_sec_context
|
||||
gss_cred_id_t * /*delegated_cred_handle*/
|
||||
);
|
||||
|
||||
OM_uint32 gss_process_context_token
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION gss_process_context_token
|
||||
(OM_uint32 * /*minor_status*/,
|
||||
const gss_ctx_id_t /*context_handle*/,
|
||||
const gss_buffer_t /*token_buffer*/
|
||||
);
|
||||
|
||||
OM_uint32 gss_delete_sec_context
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION gss_delete_sec_context
|
||||
(OM_uint32 * /*minor_status*/,
|
||||
gss_ctx_id_t * /*context_handle*/,
|
||||
gss_buffer_t /*output_token*/
|
||||
);
|
||||
|
||||
OM_uint32 gss_context_time
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION gss_context_time
|
||||
(OM_uint32 * /*minor_status*/,
|
||||
const gss_ctx_id_t /*context_handle*/,
|
||||
OM_uint32 * /*time_rec*/
|
||||
);
|
||||
|
||||
OM_uint32 gss_get_mic
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION gss_get_mic
|
||||
(OM_uint32 * /*minor_status*/,
|
||||
const gss_ctx_id_t /*context_handle*/,
|
||||
gss_qop_t /*qop_req*/,
|
||||
@ -459,7 +469,7 @@ OM_uint32 gss_get_mic
|
||||
gss_buffer_t /*message_token*/
|
||||
);
|
||||
|
||||
OM_uint32 gss_verify_mic
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION gss_verify_mic
|
||||
(OM_uint32 * /*minor_status*/,
|
||||
const gss_ctx_id_t /*context_handle*/,
|
||||
const gss_buffer_t /*message_buffer*/,
|
||||
@ -467,7 +477,7 @@ OM_uint32 gss_verify_mic
|
||||
gss_qop_t * /*qop_state*/
|
||||
);
|
||||
|
||||
OM_uint32 gss_wrap
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION gss_wrap
|
||||
(OM_uint32 * /*minor_status*/,
|
||||
const gss_ctx_id_t /*context_handle*/,
|
||||
int /*conf_req_flag*/,
|
||||
@ -477,7 +487,7 @@ OM_uint32 gss_wrap
|
||||
gss_buffer_t /*output_message_buffer*/
|
||||
);
|
||||
|
||||
OM_uint32 gss_unwrap
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION gss_unwrap
|
||||
(OM_uint32 * /*minor_status*/,
|
||||
const gss_ctx_id_t /*context_handle*/,
|
||||
const gss_buffer_t /*input_message_buffer*/,
|
||||
@ -486,7 +496,7 @@ OM_uint32 gss_unwrap
|
||||
gss_qop_t * /*qop_state*/
|
||||
);
|
||||
|
||||
OM_uint32 gss_display_status
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION gss_display_status
|
||||
(OM_uint32 * /*minor_status*/,
|
||||
OM_uint32 /*status_value*/,
|
||||
int /*status_type*/,
|
||||
@ -495,54 +505,54 @@ OM_uint32 gss_display_status
|
||||
gss_buffer_t /*status_string*/
|
||||
);
|
||||
|
||||
OM_uint32 gss_indicate_mechs
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION gss_indicate_mechs
|
||||
(OM_uint32 * /*minor_status*/,
|
||||
gss_OID_set * /*mech_set*/
|
||||
);
|
||||
|
||||
OM_uint32 gss_compare_name
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION gss_compare_name
|
||||
(OM_uint32 * /*minor_status*/,
|
||||
const gss_name_t /*name1*/,
|
||||
const gss_name_t /*name2*/,
|
||||
int * /*name_equal*/
|
||||
);
|
||||
|
||||
OM_uint32 gss_display_name
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION gss_display_name
|
||||
(OM_uint32 * /*minor_status*/,
|
||||
const gss_name_t /*input_name*/,
|
||||
gss_buffer_t /*output_name_buffer*/,
|
||||
gss_OID * /*output_name_type*/
|
||||
);
|
||||
|
||||
OM_uint32 gss_import_name
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION gss_import_name
|
||||
(OM_uint32 * /*minor_status*/,
|
||||
const gss_buffer_t /*input_name_buffer*/,
|
||||
const gss_OID /*input_name_type*/,
|
||||
gss_name_t * /*output_name*/
|
||||
);
|
||||
|
||||
OM_uint32 gss_export_name
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION gss_export_name
|
||||
(OM_uint32 * /*minor_status*/,
|
||||
const gss_name_t /*input_name*/,
|
||||
gss_buffer_t /*exported_name*/
|
||||
);
|
||||
|
||||
OM_uint32 gss_release_name
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION gss_release_name
|
||||
(OM_uint32 * /*minor_status*/,
|
||||
gss_name_t * /*input_name*/
|
||||
);
|
||||
|
||||
OM_uint32 gss_release_buffer
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION gss_release_buffer
|
||||
(OM_uint32 * /*minor_status*/,
|
||||
gss_buffer_t /*buffer*/
|
||||
);
|
||||
|
||||
OM_uint32 gss_release_oid_set
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION gss_release_oid_set
|
||||
(OM_uint32 * /*minor_status*/,
|
||||
gss_OID_set * /*set*/
|
||||
);
|
||||
|
||||
OM_uint32 gss_inquire_cred
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION gss_inquire_cred
|
||||
(OM_uint32 * /*minor_status*/,
|
||||
const gss_cred_id_t /*cred_handle*/,
|
||||
gss_name_t * /*name*/,
|
||||
@ -551,7 +561,7 @@ OM_uint32 gss_inquire_cred
|
||||
gss_OID_set * /*mechanisms*/
|
||||
);
|
||||
|
||||
OM_uint32 gss_inquire_context (
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION gss_inquire_context (
|
||||
OM_uint32 * /*minor_status*/,
|
||||
const gss_ctx_id_t /*context_handle*/,
|
||||
gss_name_t * /*src_name*/,
|
||||
@ -563,7 +573,7 @@ OM_uint32 gss_inquire_context (
|
||||
int * /*open_context*/
|
||||
);
|
||||
|
||||
OM_uint32 gss_wrap_size_limit (
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION gss_wrap_size_limit (
|
||||
OM_uint32 * /*minor_status*/,
|
||||
const gss_ctx_id_t /*context_handle*/,
|
||||
int /*conf_req_flag*/,
|
||||
@ -572,7 +582,7 @@ OM_uint32 gss_wrap_size_limit (
|
||||
OM_uint32 * /*max_input_size*/
|
||||
);
|
||||
|
||||
OM_uint32 gss_add_cred (
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION gss_add_cred (
|
||||
OM_uint32 * /*minor_status*/,
|
||||
const gss_cred_id_t /*input_cred_handle*/,
|
||||
const gss_name_t /*desired_name*/,
|
||||
@ -586,7 +596,7 @@ OM_uint32 gss_add_cred (
|
||||
OM_uint32 * /*acceptor_time_rec*/
|
||||
);
|
||||
|
||||
OM_uint32 gss_inquire_cred_by_mech (
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION gss_inquire_cred_by_mech (
|
||||
OM_uint32 * /*minor_status*/,
|
||||
const gss_cred_id_t /*cred_handle*/,
|
||||
const gss_OID /*mech_type*/,
|
||||
@ -596,80 +606,81 @@ OM_uint32 gss_inquire_cred_by_mech (
|
||||
gss_cred_usage_t * /*cred_usage*/
|
||||
);
|
||||
|
||||
OM_uint32 gss_export_sec_context (
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION gss_export_sec_context (
|
||||
OM_uint32 * /*minor_status*/,
|
||||
gss_ctx_id_t * /*context_handle*/,
|
||||
gss_buffer_t /*interprocess_token*/
|
||||
);
|
||||
|
||||
OM_uint32 gss_import_sec_context (
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION gss_import_sec_context (
|
||||
OM_uint32 * /*minor_status*/,
|
||||
const gss_buffer_t /*interprocess_token*/,
|
||||
gss_ctx_id_t * /*context_handle*/
|
||||
);
|
||||
|
||||
OM_uint32 gss_create_empty_oid_set (
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION gss_create_empty_oid_set (
|
||||
OM_uint32 * /*minor_status*/,
|
||||
gss_OID_set * /*oid_set*/
|
||||
);
|
||||
|
||||
OM_uint32 gss_add_oid_set_member (
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION gss_add_oid_set_member (
|
||||
OM_uint32 * /*minor_status*/,
|
||||
const gss_OID /*member_oid*/,
|
||||
gss_OID_set * /*oid_set*/
|
||||
);
|
||||
|
||||
OM_uint32 gss_test_oid_set_member (
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION gss_test_oid_set_member (
|
||||
OM_uint32 * /*minor_status*/,
|
||||
const gss_OID /*member*/,
|
||||
const gss_OID_set /*set*/,
|
||||
int * /*present*/
|
||||
);
|
||||
|
||||
OM_uint32 gss_inquire_names_for_mech (
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION gss_inquire_names_for_mech (
|
||||
OM_uint32 * /*minor_status*/,
|
||||
const gss_OID /*mechanism*/,
|
||||
gss_OID_set * /*name_types*/
|
||||
);
|
||||
|
||||
OM_uint32 gss_inquire_mechs_for_name (
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION gss_inquire_mechs_for_name (
|
||||
OM_uint32 * /*minor_status*/,
|
||||
const gss_name_t /*input_name*/,
|
||||
gss_OID_set * /*mech_types*/
|
||||
);
|
||||
|
||||
OM_uint32 gss_canonicalize_name (
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION gss_canonicalize_name (
|
||||
OM_uint32 * /*minor_status*/,
|
||||
const gss_name_t /*input_name*/,
|
||||
const gss_OID /*mech_type*/,
|
||||
gss_name_t * /*output_name*/
|
||||
);
|
||||
|
||||
OM_uint32 gss_duplicate_name (
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION gss_duplicate_name (
|
||||
OM_uint32 * /*minor_status*/,
|
||||
const gss_name_t /*src_name*/,
|
||||
gss_name_t * /*dest_name*/
|
||||
);
|
||||
|
||||
OM_uint32 gss_duplicate_oid (
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION gss_duplicate_oid (
|
||||
OM_uint32 * /* minor_status */,
|
||||
gss_OID /* src_oid */,
|
||||
gss_OID * /* dest_oid */
|
||||
);
|
||||
OM_uint32
|
||||
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_release_oid
|
||||
(OM_uint32 * /*minor_status*/,
|
||||
gss_OID * /* oid */
|
||||
);
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_oid_to_str(
|
||||
OM_uint32 * /*minor_status*/,
|
||||
gss_OID /* oid */,
|
||||
gss_buffer_t /* str */
|
||||
);
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_inquire_sec_context_by_oid(
|
||||
OM_uint32 * minor_status,
|
||||
const gss_ctx_id_t context_handle,
|
||||
@ -677,38 +688,38 @@ gss_inquire_sec_context_by_oid(
|
||||
gss_buffer_set_t *data_set
|
||||
);
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_set_sec_context_option (OM_uint32 *minor_status,
|
||||
gss_ctx_id_t *context_handle,
|
||||
const gss_OID desired_object,
|
||||
const gss_buffer_t value);
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_set_cred_option (OM_uint32 *minor_status,
|
||||
gss_cred_id_t *cred_handle,
|
||||
const gss_OID object,
|
||||
const gss_buffer_t value);
|
||||
|
||||
int
|
||||
int GSSAPI_LIB_FUNCTION
|
||||
gss_oid_equal(const gss_OID a, const gss_OID b);
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_create_empty_buffer_set
|
||||
(OM_uint32 * minor_status,
|
||||
gss_buffer_set_t *buffer_set);
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_add_buffer_set_member
|
||||
(OM_uint32 * minor_status,
|
||||
const gss_buffer_t member_buffer,
|
||||
gss_buffer_set_t *buffer_set);
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_release_buffer_set
|
||||
(OM_uint32 * minor_status,
|
||||
gss_buffer_set_t *buffer_set);
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_inquire_cred_by_oid(OM_uint32 *minor_status,
|
||||
const gss_cred_id_t cred_handle,
|
||||
const gss_OID desired_object,
|
||||
@ -721,7 +732,7 @@ gss_inquire_cred_by_oid(OM_uint32 *minor_status,
|
||||
#define GSS_C_PRF_KEY_FULL 0
|
||||
#define GSS_C_PRF_KEY_PARTIAL 1
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_pseudo_random
|
||||
(OM_uint32 *minor_status,
|
||||
gss_ctx_id_t context,
|
||||
@ -742,7 +753,7 @@ gss_pseudo_random
|
||||
* obsolete versions of these routines and their current forms.
|
||||
*/
|
||||
|
||||
OM_uint32 gss_sign
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION gss_sign
|
||||
(OM_uint32 * /*minor_status*/,
|
||||
gss_ctx_id_t /*context_handle*/,
|
||||
int /*qop_req*/,
|
||||
@ -750,7 +761,7 @@ OM_uint32 gss_sign
|
||||
gss_buffer_t /*message_token*/
|
||||
);
|
||||
|
||||
OM_uint32 gss_verify
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION gss_verify
|
||||
(OM_uint32 * /*minor_status*/,
|
||||
gss_ctx_id_t /*context_handle*/,
|
||||
gss_buffer_t /*message_buffer*/,
|
||||
@ -758,7 +769,7 @@ OM_uint32 gss_verify
|
||||
int * /*qop_state*/
|
||||
);
|
||||
|
||||
OM_uint32 gss_seal
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION gss_seal
|
||||
(OM_uint32 * /*minor_status*/,
|
||||
gss_ctx_id_t /*context_handle*/,
|
||||
int /*conf_req_flag*/,
|
||||
@ -768,7 +779,7 @@ OM_uint32 gss_seal
|
||||
gss_buffer_t /*output_message_buffer*/
|
||||
);
|
||||
|
||||
OM_uint32 gss_unseal
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION gss_unseal
|
||||
(OM_uint32 * /*minor_status*/,
|
||||
gss_ctx_id_t /*context_handle*/,
|
||||
gss_buffer_t /*input_message_buffer*/,
|
||||
@ -781,18 +792,18 @@ OM_uint32 gss_unseal
|
||||
*
|
||||
*/
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_inquire_sec_context_by_oid (OM_uint32 *minor_status,
|
||||
const gss_ctx_id_t context_handle,
|
||||
const gss_OID desired_object,
|
||||
gss_buffer_set_t *data_set);
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_encapsulate_token(gss_buffer_t /* input_token */,
|
||||
gss_OID /* oid */,
|
||||
gss_buffer_t /* output_token */);
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_decapsulate_token(gss_buffer_t /* input_token */,
|
||||
gss_OID /* oid */,
|
||||
gss_buffer_t /* output_token */);
|
||||
|
@ -31,7 +31,7 @@
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
/* $Id: gssapi_krb5.h 22655 2008-02-26 12:40:35Z lha $ */
|
||||
/* $Id: gssapi_krb5.h 23420 2008-07-26 18:37:48Z lha $ */
|
||||
|
||||
#ifndef GSSAPI_KRB5_H_
|
||||
#define GSSAPI_KRB5_H_
|
||||
@ -46,12 +46,12 @@ extern "C" {
|
||||
* This is for kerberos5 names.
|
||||
*/
|
||||
|
||||
extern gss_OID GSS_KRB5_NT_PRINCIPAL_NAME;
|
||||
extern gss_OID GSS_KRB5_NT_USER_NAME;
|
||||
extern gss_OID GSS_KRB5_NT_MACHINE_UID_NAME;
|
||||
extern gss_OID GSS_KRB5_NT_STRING_UID_NAME;
|
||||
extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_NT_PRINCIPAL_NAME;
|
||||
extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_NT_USER_NAME;
|
||||
extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_NT_MACHINE_UID_NAME;
|
||||
extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_NT_STRING_UID_NAME;
|
||||
|
||||
extern gss_OID GSS_KRB5_MECHANISM;
|
||||
extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_MECHANISM;
|
||||
|
||||
/* for compatibility with MIT api */
|
||||
|
||||
@ -59,28 +59,30 @@ extern gss_OID GSS_KRB5_MECHANISM;
|
||||
#define gss_krb5_nt_general_name GSS_KRB5_NT_PRINCIPAL_NAME
|
||||
|
||||
/* Extensions set contexts options */
|
||||
extern gss_OID GSS_KRB5_COPY_CCACHE_X;
|
||||
extern gss_OID GSS_KRB5_COMPAT_DES3_MIC_X;
|
||||
extern gss_OID GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X;
|
||||
extern gss_OID GSS_KRB5_SET_DNS_CANONICALIZE_X;
|
||||
extern gss_OID GSS_KRB5_SEND_TO_KDC_X;
|
||||
extern gss_OID GSS_KRB5_SET_DEFAULT_REALM_X;
|
||||
extern gss_OID GSS_KRB5_CCACHE_NAME_X;
|
||||
extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_COPY_CCACHE_X;
|
||||
extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_COMPAT_DES3_MIC_X;
|
||||
extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X;
|
||||
extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_SET_DNS_CANONICALIZE_X;
|
||||
extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_SEND_TO_KDC_X;
|
||||
extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_SET_DEFAULT_REALM_X;
|
||||
extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_CCACHE_NAME_X;
|
||||
extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_SET_TIME_OFFSET_X;
|
||||
extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_GET_TIME_OFFSET_X;
|
||||
/* Extensions inquire context */
|
||||
extern gss_OID GSS_KRB5_GET_TKT_FLAGS_X;
|
||||
extern gss_OID GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X;
|
||||
extern gss_OID GSS_C_PEER_HAS_UPDATED_SPNEGO;
|
||||
extern gss_OID GSS_KRB5_EXPORT_LUCID_CONTEXT_X;
|
||||
extern gss_OID GSS_KRB5_EXPORT_LUCID_CONTEXT_V1_X;
|
||||
extern gss_OID GSS_KRB5_GET_SUBKEY_X;
|
||||
extern gss_OID GSS_KRB5_GET_INITIATOR_SUBKEY_X;
|
||||
extern gss_OID GSS_KRB5_GET_ACCEPTOR_SUBKEY_X;
|
||||
extern gss_OID GSS_KRB5_GET_AUTHTIME_X;
|
||||
extern gss_OID GSS_KRB5_GET_SERVICE_KEYBLOCK_X;
|
||||
extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_GET_TKT_FLAGS_X;
|
||||
extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X;
|
||||
extern GSSAPI_LIB_VARIABLE gss_OID GSS_C_PEER_HAS_UPDATED_SPNEGO;
|
||||
extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_EXPORT_LUCID_CONTEXT_X;
|
||||
extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_EXPORT_LUCID_CONTEXT_V1_X;
|
||||
extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_GET_SUBKEY_X;
|
||||
extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_GET_INITIATOR_SUBKEY_X;
|
||||
extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_GET_ACCEPTOR_SUBKEY_X;
|
||||
extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_GET_AUTHTIME_X;
|
||||
extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_GET_SERVICE_KEYBLOCK_X;
|
||||
/* Extensions creds */
|
||||
extern gss_OID GSS_KRB5_IMPORT_CRED_X;
|
||||
extern gss_OID GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X;
|
||||
extern gss_OID GSS_KRB5_CRED_NO_CI_FLAGS_X;
|
||||
extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_IMPORT_CRED_X;
|
||||
extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X;
|
||||
extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_CRED_NO_CI_FLAGS_X;
|
||||
|
||||
/*
|
||||
* kerberos mechanism specific functions
|
||||
@ -90,39 +92,42 @@ struct krb5_keytab_data;
|
||||
struct krb5_ccache_data;
|
||||
struct Principal;
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_krb5_ccache_name(OM_uint32 * /*minor_status*/,
|
||||
const char * /*name */,
|
||||
const char ** /*out_name */);
|
||||
|
||||
OM_uint32 gsskrb5_register_acceptor_identity
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION gsskrb5_register_acceptor_identity
|
||||
(const char */*identity*/);
|
||||
|
||||
OM_uint32 gss_krb5_copy_ccache
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION krb5_gss_register_acceptor_identity
|
||||
(const char */*identity*/);
|
||||
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION gss_krb5_copy_ccache
|
||||
(OM_uint32 */*minor*/,
|
||||
gss_cred_id_t /*cred*/,
|
||||
struct krb5_ccache_data */*out*/);
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_krb5_import_cred(OM_uint32 */*minor*/,
|
||||
struct krb5_ccache_data * /*in*/,
|
||||
struct Principal * /*keytab_principal*/,
|
||||
struct krb5_keytab_data * /*keytab*/,
|
||||
gss_cred_id_t */*out*/);
|
||||
|
||||
OM_uint32 gss_krb5_get_tkt_flags
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION gss_krb5_get_tkt_flags
|
||||
(OM_uint32 */*minor*/,
|
||||
gss_ctx_id_t /*context_handle*/,
|
||||
OM_uint32 */*tkt_flags*/);
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gsskrb5_extract_authz_data_from_sec_context
|
||||
(OM_uint32 * /*minor_status*/,
|
||||
gss_ctx_id_t /*context_handle*/,
|
||||
int /*ad_type*/,
|
||||
gss_buffer_t /*ad_data*/);
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gsskrb5_set_dns_canonicalize(int);
|
||||
|
||||
struct gsskrb5_send_to_kdc {
|
||||
@ -130,30 +135,36 @@ struct gsskrb5_send_to_kdc {
|
||||
void *ptr;
|
||||
};
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gsskrb5_set_send_to_kdc(struct gsskrb5_send_to_kdc *);
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gsskrb5_set_default_realm(const char *);
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gsskrb5_extract_authtime_from_sec_context(OM_uint32 *, gss_ctx_id_t, time_t *);
|
||||
|
||||
struct EncryptionKey;
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gsskrb5_extract_service_keyblock(OM_uint32 *minor_status,
|
||||
gss_ctx_id_t context_handle,
|
||||
struct EncryptionKey **out);
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gsskrb5_get_initiator_subkey(OM_uint32 *minor_status,
|
||||
gss_ctx_id_t context_handle,
|
||||
struct EncryptionKey **out);
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gsskrb5_get_subkey(OM_uint32 *minor_status,
|
||||
gss_ctx_id_t context_handle,
|
||||
struct EncryptionKey **out);
|
||||
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gsskrb5_set_time_offset(int);
|
||||
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gsskrb5_get_time_offset(int *);
|
||||
|
||||
/*
|
||||
* Lucid - NFSv4 interface to GSS-API KRB5 to expose key material to
|
||||
* do GSS content token handling in-kernel.
|
||||
@ -196,19 +207,19 @@ typedef struct gss_krb5_lucid_context_version {
|
||||
* Function declarations
|
||||
*/
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_krb5_export_lucid_sec_context(OM_uint32 *minor_status,
|
||||
gss_ctx_id_t *context_handle,
|
||||
OM_uint32 version,
|
||||
void **kctx);
|
||||
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_krb5_free_lucid_sec_context(OM_uint32 *minor_status,
|
||||
void *kctx);
|
||||
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_krb5_set_allowable_enctypes(OM_uint32 *minor_status,
|
||||
gss_cred_id_t cred,
|
||||
OM_uint32 num_enctypes,
|
||||
|
@ -31,7 +31,7 @@
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
/* $Id: gssapi_spnego.h 18335 2006-10-07 22:26:21Z lha $ */
|
||||
/* $Id: gssapi_spnego.h 23025 2008-04-17 10:01:57Z lha $ */
|
||||
|
||||
#ifndef GSSAPI_SPNEGO_H_
|
||||
#define GSSAPI_SPNEGO_H_
|
||||
@ -48,7 +48,7 @@ extern "C" {
|
||||
* negotiation token is identified by the Object Identifier
|
||||
* iso.org.dod.internet.security.mechanism.snego (1.3.6.1.5.5.2).
|
||||
*/
|
||||
extern gss_OID GSS_SPNEGO_MECHANISM;
|
||||
extern GSSAPI_LIB_VARIABLE gss_OID GSS_SPNEGO_MECHANISM;
|
||||
#define gss_mech_spnego GSS_SPNEGO_MECHANISM
|
||||
|
||||
#ifdef __cplusplus
|
||||
|
@ -33,7 +33,7 @@
|
||||
|
||||
#include "krb5/gsskrb5_locl.h"
|
||||
|
||||
RCSID("$Id: accept_sec_context.c 20199 2007-02-07 22:36:39Z lha $");
|
||||
RCSID("$Id: accept_sec_context.c 23433 2008-07-26 18:44:26Z lha $");
|
||||
|
||||
HEIMDAL_MUTEX gssapi_keytab_mutex = HEIMDAL_MUTEX_INITIALIZER;
|
||||
krb5_keytab _gsskrb5_keytab;
|
||||
@ -250,6 +250,62 @@ gsskrb5_acceptor_ready(OM_uint32 * minor_status,
|
||||
return GSS_S_COMPLETE;
|
||||
}
|
||||
|
||||
static OM_uint32
|
||||
send_error_token(OM_uint32 *minor_status,
|
||||
krb5_context context,
|
||||
krb5_error_code kret,
|
||||
krb5_principal server,
|
||||
krb5_data *indata,
|
||||
gss_buffer_t output_token)
|
||||
{
|
||||
krb5_principal ap_req_server = NULL;
|
||||
krb5_error_code ret;
|
||||
krb5_data outbuf;
|
||||
|
||||
/* build server from request if the acceptor had not selected one */
|
||||
if (server == NULL) {
|
||||
AP_REQ ap_req;
|
||||
|
||||
ret = krb5_decode_ap_req(context, indata, &ap_req);
|
||||
if (ret) {
|
||||
*minor_status = ret;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
ret = _krb5_principalname2krb5_principal(context,
|
||||
&ap_req_server,
|
||||
ap_req.ticket.sname,
|
||||
ap_req.ticket.realm);
|
||||
free_AP_REQ(&ap_req);
|
||||
if (ret) {
|
||||
*minor_status = ret;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
server = ap_req_server;
|
||||
}
|
||||
|
||||
ret = krb5_mk_error(context, kret, NULL, NULL, NULL,
|
||||
server, NULL, NULL, &outbuf);
|
||||
if (ap_req_server)
|
||||
krb5_free_principal(context, ap_req_server);
|
||||
if (ret) {
|
||||
*minor_status = ret;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
|
||||
ret = _gsskrb5_encapsulate(minor_status,
|
||||
&outbuf,
|
||||
output_token,
|
||||
"\x03\x00",
|
||||
GSS_KRB5_MECHANISM);
|
||||
krb5_data_free (&outbuf);
|
||||
if (ret)
|
||||
return ret;
|
||||
|
||||
*minor_status = 0;
|
||||
return GSS_S_CONTINUE_NEEDED;
|
||||
}
|
||||
|
||||
|
||||
static OM_uint32
|
||||
gsskrb5_acceptor_start(OM_uint32 * minor_status,
|
||||
gsskrb5_ctx ctx,
|
||||
@ -304,6 +360,10 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status,
|
||||
{
|
||||
krb5_rd_req_in_ctx in = NULL;
|
||||
krb5_rd_req_out_ctx out = NULL;
|
||||
krb5_principal server = NULL;
|
||||
|
||||
if (acceptor_cred)
|
||||
server = acceptor_cred->principal;
|
||||
|
||||
kret = krb5_rd_req_in_ctx_alloc(context, &in);
|
||||
if (kret == 0)
|
||||
@ -319,17 +379,20 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status,
|
||||
kret = krb5_rd_req_ctx(context,
|
||||
&ctx->auth_context,
|
||||
&indata,
|
||||
(acceptor_cred_handle == GSS_C_NO_CREDENTIAL) ? NULL : acceptor_cred->principal,
|
||||
server,
|
||||
in, &out);
|
||||
krb5_rd_req_in_ctx_free(context, in);
|
||||
if (kret) {
|
||||
ret = GSS_S_FAILURE;
|
||||
*minor_status = kret;
|
||||
return ret;
|
||||
/*
|
||||
* No reply in non-MUTUAL mode, but we don't know that its
|
||||
* non-MUTUAL mode yet, thats inside the 8003 checksum.
|
||||
*/
|
||||
return send_error_token(minor_status, context, kret,
|
||||
server, &indata, output_token);
|
||||
}
|
||||
|
||||
/*
|
||||
* We need to remember some data on the context_handle.
|
||||
* we need to remember some data on the context_handle.
|
||||
*/
|
||||
kret = krb5_rd_req_out_get_ap_req_options(context, out,
|
||||
&ap_options);
|
||||
|
@ -33,7 +33,7 @@
|
||||
|
||||
#include "krb5/gsskrb5_locl.h"
|
||||
|
||||
RCSID("$Id: delete_sec_context.c 19031 2006-11-13 18:02:57Z lha $");
|
||||
RCSID("$Id: delete_sec_context.c 23420 2008-07-26 18:37:48Z lha $");
|
||||
|
||||
OM_uint32
|
||||
_gsskrb5_delete_sec_context(OM_uint32 * minor_status,
|
||||
@ -61,6 +61,8 @@ _gsskrb5_delete_sec_context(OM_uint32 * minor_status,
|
||||
HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
|
||||
|
||||
krb5_auth_con_free (context, ctx->auth_context);
|
||||
if (ctx->kcred)
|
||||
krb5_free_creds(context, ctx->kcred);
|
||||
if(ctx->source)
|
||||
krb5_free_principal (context, ctx->source);
|
||||
if(ctx->target)
|
||||
|
@ -33,7 +33,7 @@
|
||||
|
||||
#include "krb5/gsskrb5_locl.h"
|
||||
|
||||
RCSID("$Id: display_status.c 19031 2006-11-13 18:02:57Z lha $");
|
||||
RCSID("$Id: display_status.c 23316 2008-06-23 04:32:32Z lha $");
|
||||
|
||||
static const char *
|
||||
calling_error(OM_uint32 v)
|
||||
@ -135,7 +135,7 @@ _gsskrb5_set_status (const char *fmt, ...)
|
||||
vasprintf(&str, fmt, args);
|
||||
va_end(args);
|
||||
if (str) {
|
||||
krb5_set_error_string(context, str);
|
||||
krb5_set_error_message(context, 0, str);
|
||||
free(str);
|
||||
}
|
||||
}
|
||||
|
@ -34,7 +34,7 @@
|
||||
#include "krb5/gsskrb5_locl.h"
|
||||
#include <gssapi_mech.h>
|
||||
|
||||
RCSID("$Id: external.c 22128 2007-12-04 00:56:55Z lha $");
|
||||
RCSID("$Id: external.c 23420 2008-07-26 18:37:48Z lha $");
|
||||
|
||||
/*
|
||||
* The implementation must reserve static storage for a
|
||||
@ -49,9 +49,10 @@ RCSID("$Id: external.c 22128 2007-12-04 00:56:55Z lha $");
|
||||
*/
|
||||
|
||||
static gss_OID_desc gss_c_nt_user_name_oid_desc =
|
||||
{10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x01")};
|
||||
{10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x01")};
|
||||
|
||||
gss_OID GSS_C_NT_USER_NAME = &gss_c_nt_user_name_oid_desc;
|
||||
gss_OID GSSAPI_LIB_VARIABLE GSS_C_NT_USER_NAME =
|
||||
&gss_c_nt_user_name_oid_desc;
|
||||
|
||||
/*
|
||||
* The implementation must reserve static storage for a
|
||||
@ -66,9 +67,10 @@ gss_OID GSS_C_NT_USER_NAME = &gss_c_nt_user_name_oid_desc;
|
||||
*/
|
||||
|
||||
static gss_OID_desc gss_c_nt_machine_uid_name_oid_desc =
|
||||
{10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x02")};
|
||||
{10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x02")};
|
||||
|
||||
gss_OID GSS_C_NT_MACHINE_UID_NAME = &gss_c_nt_machine_uid_name_oid_desc;
|
||||
gss_OID GSSAPI_LIB_VARIABLE GSS_C_NT_MACHINE_UID_NAME =
|
||||
&gss_c_nt_machine_uid_name_oid_desc;
|
||||
|
||||
/*
|
||||
* The implementation must reserve static storage for a
|
||||
@ -83,9 +85,10 @@ gss_OID GSS_C_NT_MACHINE_UID_NAME = &gss_c_nt_machine_uid_name_oid_desc;
|
||||
*/
|
||||
|
||||
static gss_OID_desc gss_c_nt_string_uid_name_oid_desc =
|
||||
{10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x03")};
|
||||
{10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x03")};
|
||||
|
||||
gss_OID GSS_C_NT_STRING_UID_NAME = &gss_c_nt_string_uid_name_oid_desc;
|
||||
gss_OID GSSAPI_LIB_VARIABLE GSS_C_NT_STRING_UID_NAME =
|
||||
&gss_c_nt_string_uid_name_oid_desc;
|
||||
|
||||
/*
|
||||
* The implementation must reserve static storage for a
|
||||
@ -106,9 +109,10 @@ gss_OID GSS_C_NT_STRING_UID_NAME = &gss_c_nt_string_uid_name_oid_desc;
|
||||
*/
|
||||
|
||||
static gss_OID_desc gss_c_nt_hostbased_service_x_oid_desc =
|
||||
{6, rk_UNCONST("\x2b\x06\x01\x05\x06\x02")};
|
||||
{6, rk_UNCONST("\x2b\x06\x01\x05\x06\x02")};
|
||||
|
||||
gss_OID GSS_C_NT_HOSTBASED_SERVICE_X = &gss_c_nt_hostbased_service_x_oid_desc;
|
||||
gss_OID GSSAPI_LIB_VARIABLE GSS_C_NT_HOSTBASED_SERVICE_X =
|
||||
&gss_c_nt_hostbased_service_x_oid_desc;
|
||||
|
||||
/*
|
||||
* The implementation must reserve static storage for a
|
||||
@ -122,9 +126,10 @@ gss_OID GSS_C_NT_HOSTBASED_SERVICE_X = &gss_c_nt_hostbased_service_x_oid_desc;
|
||||
* to point to that gss_OID_desc.
|
||||
*/
|
||||
static gss_OID_desc gss_c_nt_hostbased_service_oid_desc =
|
||||
{10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x04")};
|
||||
{10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x04")};
|
||||
|
||||
gss_OID GSS_C_NT_HOSTBASED_SERVICE = &gss_c_nt_hostbased_service_oid_desc;
|
||||
gss_OID GSSAPI_LIB_VARIABLE GSS_C_NT_HOSTBASED_SERVICE =
|
||||
&gss_c_nt_hostbased_service_oid_desc;
|
||||
|
||||
/*
|
||||
* The implementation must reserve static storage for a
|
||||
@ -138,9 +143,10 @@ gss_OID GSS_C_NT_HOSTBASED_SERVICE = &gss_c_nt_hostbased_service_oid_desc;
|
||||
*/
|
||||
|
||||
static gss_OID_desc gss_c_nt_anonymous_oid_desc =
|
||||
{6, rk_UNCONST("\x2b\x06\01\x05\x06\x03")};
|
||||
{6, rk_UNCONST("\x2b\x06\01\x05\x06\x03")};
|
||||
|
||||
gss_OID GSS_C_NT_ANONYMOUS = &gss_c_nt_anonymous_oid_desc;
|
||||
gss_OID GSSAPI_LIB_VARIABLE GSS_C_NT_ANONYMOUS =
|
||||
&gss_c_nt_anonymous_oid_desc;
|
||||
|
||||
/*
|
||||
* The implementation must reserve static storage for a
|
||||
@ -154,9 +160,10 @@ gss_OID GSS_C_NT_ANONYMOUS = &gss_c_nt_anonymous_oid_desc;
|
||||
*/
|
||||
|
||||
static gss_OID_desc gss_c_nt_export_name_oid_desc =
|
||||
{6, rk_UNCONST("\x2b\x06\x01\x05\x06\x04") };
|
||||
{6, rk_UNCONST("\x2b\x06\x01\x05\x06\x04") };
|
||||
|
||||
gss_OID GSS_C_NT_EXPORT_NAME = &gss_c_nt_export_name_oid_desc;
|
||||
gss_OID GSSAPI_LIB_VARIABLE GSS_C_NT_EXPORT_NAME =
|
||||
&gss_c_nt_export_name_oid_desc;
|
||||
|
||||
/*
|
||||
* This name form shall be represented by the Object Identifier {iso(1)
|
||||
@ -166,9 +173,10 @@ gss_OID GSS_C_NT_EXPORT_NAME = &gss_c_nt_export_name_oid_desc;
|
||||
*/
|
||||
|
||||
static gss_OID_desc gss_krb5_nt_principal_name_oid_desc =
|
||||
{10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x01") };
|
||||
{10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x01") };
|
||||
|
||||
gss_OID GSS_KRB5_NT_PRINCIPAL_NAME = &gss_krb5_nt_principal_name_oid_desc;
|
||||
gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_NT_PRINCIPAL_NAME =
|
||||
&gss_krb5_nt_principal_name_oid_desc;
|
||||
|
||||
/*
|
||||
* This name form shall be represented by the Object Identifier {iso(1)
|
||||
@ -177,7 +185,8 @@ gss_OID GSS_KRB5_NT_PRINCIPAL_NAME = &gss_krb5_nt_principal_name_oid_desc;
|
||||
* type is "GSS_KRB5_NT_USER_NAME".
|
||||
*/
|
||||
|
||||
gss_OID GSS_KRB5_NT_USER_NAME = &gss_c_nt_user_name_oid_desc;
|
||||
gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_NT_USER_NAME =
|
||||
&gss_c_nt_user_name_oid_desc;
|
||||
|
||||
/*
|
||||
* This name form shall be represented by the Object Identifier {iso(1)
|
||||
@ -186,7 +195,8 @@ gss_OID GSS_KRB5_NT_USER_NAME = &gss_c_nt_user_name_oid_desc;
|
||||
* this type is "GSS_KRB5_NT_MACHINE_UID_NAME".
|
||||
*/
|
||||
|
||||
gss_OID GSS_KRB5_NT_MACHINE_UID_NAME = &gss_c_nt_machine_uid_name_oid_desc;
|
||||
gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_NT_MACHINE_UID_NAME =
|
||||
&gss_c_nt_machine_uid_name_oid_desc;
|
||||
|
||||
/*
|
||||
* This name form shall be represented by the Object Identifier {iso(1)
|
||||
@ -195,7 +205,8 @@ gss_OID GSS_KRB5_NT_MACHINE_UID_NAME = &gss_c_nt_machine_uid_name_oid_desc;
|
||||
* this type is "GSS_KRB5_NT_STRING_UID_NAME".
|
||||
*/
|
||||
|
||||
gss_OID GSS_KRB5_NT_STRING_UID_NAME = &gss_c_nt_string_uid_name_oid_desc;
|
||||
gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_NT_STRING_UID_NAME =
|
||||
&gss_c_nt_string_uid_name_oid_desc;
|
||||
|
||||
/*
|
||||
* To support ongoing experimentation, testing, and evolution of the
|
||||
@ -217,14 +228,15 @@ gss_OID GSS_KRB5_NT_STRING_UID_NAME = &gss_c_nt_string_uid_name_oid_desc;
|
||||
#if 0 /* This is the old OID */
|
||||
|
||||
static gss_OID_desc gss_krb5_mechanism_oid_desc =
|
||||
{5, rk_UNCONST("\x2b\x05\x01\x05\x02")};
|
||||
{5, rk_UNCONST("\x2b\x05\x01\x05\x02")};
|
||||
|
||||
#endif
|
||||
|
||||
static gss_OID_desc gss_krb5_mechanism_oid_desc =
|
||||
{9, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02") };
|
||||
{9, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02") };
|
||||
|
||||
gss_OID GSS_KRB5_MECHANISM = &gss_krb5_mechanism_oid_desc;
|
||||
gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_MECHANISM =
|
||||
&gss_krb5_mechanism_oid_desc;
|
||||
|
||||
/*
|
||||
* draft-ietf-cat-iakerb-09, IAKERB:
|
||||
@ -240,23 +252,26 @@ gss_OID GSS_KRB5_MECHANISM = &gss_krb5_mechanism_oid_desc;
|
||||
*/
|
||||
|
||||
static gss_OID_desc gss_iakerb_proxy_mechanism_oid_desc =
|
||||
{7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0a\x01")};
|
||||
{7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0a\x01")};
|
||||
|
||||
gss_OID GSS_IAKERB_PROXY_MECHANISM = &gss_iakerb_proxy_mechanism_oid_desc;
|
||||
gss_OID GSSAPI_LIB_VARIABLE GSS_IAKERB_PROXY_MECHANISM =
|
||||
&gss_iakerb_proxy_mechanism_oid_desc;
|
||||
|
||||
static gss_OID_desc gss_iakerb_min_msg_mechanism_oid_desc =
|
||||
{7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0a\x02") };
|
||||
{7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0a\x02") };
|
||||
|
||||
gss_OID GSS_IAKERB_MIN_MSG_MECHANISM = &gss_iakerb_min_msg_mechanism_oid_desc;
|
||||
gss_OID GSSAPI_LIB_VARIABLE GSS_IAKERB_MIN_MSG_MECHANISM =
|
||||
&gss_iakerb_min_msg_mechanism_oid_desc;
|
||||
|
||||
/*
|
||||
*
|
||||
*/
|
||||
|
||||
static gss_OID_desc gss_c_peer_has_updated_spnego_oid_desc =
|
||||
{9, (void *)"\x2b\x06\x01\x04\x01\xa9\x4a\x13\x05"};
|
||||
{9, (void *)"\x2b\x06\x01\x04\x01\xa9\x4a\x13\x05"};
|
||||
|
||||
gss_OID GSS_C_PEER_HAS_UPDATED_SPNEGO = &gss_c_peer_has_updated_spnego_oid_desc;
|
||||
gss_OID GSSAPI_LIB_VARIABLE GSS_C_PEER_HAS_UPDATED_SPNEGO =
|
||||
&gss_c_peer_has_updated_spnego_oid_desc;
|
||||
|
||||
/*
|
||||
* 1.2.752.43.13 Heimdal GSS-API Extentions
|
||||
@ -264,111 +279,143 @@ gss_OID GSS_C_PEER_HAS_UPDATED_SPNEGO = &gss_c_peer_has_updated_spnego_oid_desc;
|
||||
|
||||
/* 1.2.752.43.13.1 */
|
||||
static gss_OID_desc gss_krb5_copy_ccache_x_oid_desc =
|
||||
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x01")};
|
||||
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x01")};
|
||||
|
||||
gss_OID GSS_KRB5_COPY_CCACHE_X = &gss_krb5_copy_ccache_x_oid_desc;
|
||||
gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_COPY_CCACHE_X =
|
||||
&gss_krb5_copy_ccache_x_oid_desc;
|
||||
|
||||
/* 1.2.752.43.13.2 */
|
||||
static gss_OID_desc gss_krb5_get_tkt_flags_x_oid_desc =
|
||||
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x02")};
|
||||
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x02")};
|
||||
|
||||
gss_OID GSS_KRB5_GET_TKT_FLAGS_X = &gss_krb5_get_tkt_flags_x_oid_desc;
|
||||
gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_GET_TKT_FLAGS_X =
|
||||
&gss_krb5_get_tkt_flags_x_oid_desc;
|
||||
|
||||
/* 1.2.752.43.13.3 */
|
||||
static gss_OID_desc gss_krb5_extract_authz_data_from_sec_context_x_oid_desc =
|
||||
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x03")};
|
||||
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x03")};
|
||||
|
||||
gss_OID GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X = &gss_krb5_extract_authz_data_from_sec_context_x_oid_desc;
|
||||
gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X =
|
||||
&gss_krb5_extract_authz_data_from_sec_context_x_oid_desc;
|
||||
|
||||
/* 1.2.752.43.13.4 */
|
||||
static gss_OID_desc gss_krb5_compat_des3_mic_x_oid_desc =
|
||||
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x04")};
|
||||
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x04")};
|
||||
|
||||
gss_OID GSS_KRB5_COMPAT_DES3_MIC_X = &gss_krb5_compat_des3_mic_x_oid_desc;
|
||||
gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_COMPAT_DES3_MIC_X =
|
||||
&gss_krb5_compat_des3_mic_x_oid_desc;
|
||||
|
||||
/* 1.2.752.43.13.5 */
|
||||
static gss_OID_desc gss_krb5_register_acceptor_identity_x_desc =
|
||||
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x05")};
|
||||
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x05")};
|
||||
|
||||
gss_OID GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X = &gss_krb5_register_acceptor_identity_x_desc;
|
||||
gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X =
|
||||
&gss_krb5_register_acceptor_identity_x_desc;
|
||||
|
||||
/* 1.2.752.43.13.6 */
|
||||
static gss_OID_desc gss_krb5_export_lucid_context_x_desc =
|
||||
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x06")};
|
||||
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x06")};
|
||||
|
||||
gss_OID GSS_KRB5_EXPORT_LUCID_CONTEXT_X = &gss_krb5_export_lucid_context_x_desc;
|
||||
gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_EXPORT_LUCID_CONTEXT_X =
|
||||
&gss_krb5_export_lucid_context_x_desc;
|
||||
|
||||
/* 1.2.752.43.13.6.1 */
|
||||
static gss_OID_desc gss_krb5_export_lucid_context_v1_x_desc =
|
||||
{7, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x06\x01")};
|
||||
{7, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x06\x01")};
|
||||
|
||||
gss_OID GSS_KRB5_EXPORT_LUCID_CONTEXT_V1_X = &gss_krb5_export_lucid_context_v1_x_desc;
|
||||
gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_EXPORT_LUCID_CONTEXT_V1_X =
|
||||
&gss_krb5_export_lucid_context_v1_x_desc;
|
||||
|
||||
/* 1.2.752.43.13.7 */
|
||||
static gss_OID_desc gss_krb5_set_dns_canonicalize_x_desc =
|
||||
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x07")};
|
||||
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x07")};
|
||||
|
||||
gss_OID GSS_KRB5_SET_DNS_CANONICALIZE_X = &gss_krb5_set_dns_canonicalize_x_desc;
|
||||
gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_SET_DNS_CANONICALIZE_X =
|
||||
&gss_krb5_set_dns_canonicalize_x_desc;
|
||||
|
||||
/* 1.2.752.43.13.8 */
|
||||
static gss_OID_desc gss_krb5_get_subkey_x_desc =
|
||||
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x08")};
|
||||
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x08")};
|
||||
|
||||
gss_OID GSS_KRB5_GET_SUBKEY_X = &gss_krb5_get_subkey_x_desc;
|
||||
gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_GET_SUBKEY_X =
|
||||
&gss_krb5_get_subkey_x_desc;
|
||||
|
||||
/* 1.2.752.43.13.9 */
|
||||
static gss_OID_desc gss_krb5_get_initiator_subkey_x_desc =
|
||||
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x09")};
|
||||
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x09")};
|
||||
|
||||
gss_OID GSS_KRB5_GET_INITIATOR_SUBKEY_X = &gss_krb5_get_initiator_subkey_x_desc;
|
||||
gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_GET_INITIATOR_SUBKEY_X =
|
||||
&gss_krb5_get_initiator_subkey_x_desc;
|
||||
|
||||
/* 1.2.752.43.13.10 */
|
||||
static gss_OID_desc gss_krb5_get_acceptor_subkey_x_desc =
|
||||
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0a")};
|
||||
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0a")};
|
||||
|
||||
gss_OID GSS_KRB5_GET_ACCEPTOR_SUBKEY_X = &gss_krb5_get_acceptor_subkey_x_desc;
|
||||
gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_GET_ACCEPTOR_SUBKEY_X =
|
||||
&gss_krb5_get_acceptor_subkey_x_desc;
|
||||
|
||||
/* 1.2.752.43.13.11 */
|
||||
static gss_OID_desc gss_krb5_send_to_kdc_x_desc =
|
||||
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0b")};
|
||||
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0b")};
|
||||
|
||||
gss_OID GSS_KRB5_SEND_TO_KDC_X = &gss_krb5_send_to_kdc_x_desc;
|
||||
gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_SEND_TO_KDC_X =
|
||||
&gss_krb5_send_to_kdc_x_desc;
|
||||
|
||||
/* 1.2.752.43.13.12 */
|
||||
static gss_OID_desc gss_krb5_get_authtime_x_desc =
|
||||
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0c")};
|
||||
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0c")};
|
||||
|
||||
gss_OID GSS_KRB5_GET_AUTHTIME_X = &gss_krb5_get_authtime_x_desc;
|
||||
gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_GET_AUTHTIME_X =
|
||||
&gss_krb5_get_authtime_x_desc;
|
||||
|
||||
/* 1.2.752.43.13.13 */
|
||||
static gss_OID_desc gss_krb5_get_service_keyblock_x_desc =
|
||||
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0d")};
|
||||
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0d")};
|
||||
|
||||
gss_OID GSS_KRB5_GET_SERVICE_KEYBLOCK_X = &gss_krb5_get_service_keyblock_x_desc;
|
||||
gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_GET_SERVICE_KEYBLOCK_X =
|
||||
&gss_krb5_get_service_keyblock_x_desc;
|
||||
|
||||
/* 1.2.752.43.13.14 */
|
||||
static gss_OID_desc gss_krb5_set_allowable_enctypes_x_desc =
|
||||
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0e")};
|
||||
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0e")};
|
||||
|
||||
gss_OID GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X = &gss_krb5_set_allowable_enctypes_x_desc;
|
||||
gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X =
|
||||
&gss_krb5_set_allowable_enctypes_x_desc;
|
||||
|
||||
/* 1.2.752.43.13.15 */
|
||||
static gss_OID_desc gss_krb5_set_default_realm_x_desc =
|
||||
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0f")};
|
||||
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0f")};
|
||||
|
||||
gss_OID GSS_KRB5_SET_DEFAULT_REALM_X = &gss_krb5_set_default_realm_x_desc;
|
||||
gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_SET_DEFAULT_REALM_X =
|
||||
&gss_krb5_set_default_realm_x_desc;
|
||||
|
||||
/* 1.2.752.43.13.16 */
|
||||
static gss_OID_desc gss_krb5_ccache_name_x_desc =
|
||||
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x10")};
|
||||
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x10")};
|
||||
|
||||
gss_OID GSS_KRB5_CCACHE_NAME_X = &gss_krb5_ccache_name_x_desc;
|
||||
gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_CCACHE_NAME_X =
|
||||
&gss_krb5_ccache_name_x_desc;
|
||||
|
||||
/* 1.2.752.43.13.17 */
|
||||
static gss_OID_desc gss_krb5_set_time_offset_x_desc =
|
||||
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x11")};
|
||||
|
||||
gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_SET_TIME_OFFSET_X =
|
||||
&gss_krb5_set_time_offset_x_desc;
|
||||
|
||||
/* 1.2.752.43.13.18 */
|
||||
static gss_OID_desc gss_krb5_get_time_offset_x_desc =
|
||||
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x12")};
|
||||
|
||||
gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_GET_TIME_OFFSET_X =
|
||||
&gss_krb5_get_time_offset_x_desc;
|
||||
|
||||
/* 1.2.752.43.14.1 */
|
||||
static gss_OID_desc gss_sasl_digest_md5_mechanism_desc =
|
||||
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0e\x01") };
|
||||
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0e\x01") };
|
||||
|
||||
gss_OID GSS_SASL_DIGEST_MD5_MECHANISM = &gss_sasl_digest_md5_mechanism_desc;
|
||||
gss_OID GSSAPI_LIB_VARIABLE GSS_SASL_DIGEST_MD5_MECHANISM =
|
||||
&gss_sasl_digest_md5_mechanism_desc;
|
||||
|
||||
/*
|
||||
* Context for krb5 calls.
|
||||
|
@ -33,7 +33,7 @@
|
||||
|
||||
#include "krb5/gsskrb5_locl.h"
|
||||
|
||||
RCSID("$Id: get_mic.c 19031 2006-11-13 18:02:57Z lha $");
|
||||
RCSID("$Id: get_mic.c 23112 2008-04-27 18:51:26Z lha $");
|
||||
|
||||
static OM_uint32
|
||||
mic_des
|
||||
@ -88,7 +88,7 @@ mic_des
|
||||
|
||||
memset (&zero, 0, sizeof(zero));
|
||||
memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
|
||||
DES_set_key (&deskey, &schedule);
|
||||
DES_set_key_unchecked (&deskey, &schedule);
|
||||
DES_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash),
|
||||
&schedule, &zero);
|
||||
memcpy (p - 8, hash, 8); /* SGN_CKSUM */
|
||||
@ -108,7 +108,7 @@ mic_des
|
||||
(ctx->more_flags & LOCAL) ? 0 : 0xFF,
|
||||
4);
|
||||
|
||||
DES_set_key (&deskey, &schedule);
|
||||
DES_set_key_unchecked (&deskey, &schedule);
|
||||
DES_cbc_encrypt ((void *)p, (void *)p, 8,
|
||||
&schedule, (DES_cblock *)(p + 8), DES_ENCRYPT);
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan
|
||||
* Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
@ -31,7 +31,7 @@
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
/* $Id: gsskrb5_locl.h 22655 2008-02-26 12:40:35Z lha $ */
|
||||
/* $Id: gsskrb5_locl.h 23435 2008-07-26 20:49:35Z lha $ */
|
||||
|
||||
#ifndef GSSKRB5_LOCL_H
|
||||
#define GSSKRB5_LOCL_H
|
||||
@ -62,11 +62,14 @@ typedef struct {
|
||||
enum { LOCAL = 1, OPEN = 2,
|
||||
COMPAT_OLD_DES3 = 4,
|
||||
COMPAT_OLD_DES3_SELECTED = 8,
|
||||
ACCEPTOR_SUBKEY = 16
|
||||
ACCEPTOR_SUBKEY = 16,
|
||||
RETRIED = 32,
|
||||
CLOSE_CCACHE = 64
|
||||
} more_flags;
|
||||
enum gss_ctx_id_t_state {
|
||||
/* initiator states */
|
||||
INITIATOR_START,
|
||||
INITIATOR_RESTART,
|
||||
INITIATOR_WAIT_FOR_MUTAL,
|
||||
INITIATOR_READY,
|
||||
/* acceptor states */
|
||||
@ -74,6 +77,8 @@ typedef struct {
|
||||
ACCEPTOR_WAIT_FOR_DCESTYLE,
|
||||
ACCEPTOR_READY
|
||||
} state;
|
||||
krb5_creds *kcred;
|
||||
krb5_ccache ccache;
|
||||
struct krb5_ticket *ticket;
|
||||
OM_uint32 lifetime;
|
||||
HEIMDAL_MUTEX ctx_id_mutex;
|
||||
|
@ -33,7 +33,7 @@
|
||||
|
||||
#include "krb5/gsskrb5_locl.h"
|
||||
|
||||
RCSID("$Id: import_sec_context.c 19031 2006-11-13 18:02:57Z lha $");
|
||||
RCSID("$Id: import_sec_context.c 22997 2008-04-15 19:36:25Z lha $");
|
||||
|
||||
OM_uint32
|
||||
_gsskrb5_import_sec_context (
|
||||
@ -52,8 +52,7 @@ _gsskrb5_import_sec_context (
|
||||
krb5_data data;
|
||||
gss_buffer_desc buffer;
|
||||
krb5_keyblock keyblock;
|
||||
int32_t tmp;
|
||||
int32_t flags;
|
||||
int32_t flags, tmp;
|
||||
gsskrb5_ctx ctx;
|
||||
gss_name_t name;
|
||||
|
||||
@ -96,8 +95,9 @@ _gsskrb5_import_sec_context (
|
||||
/* retrieve the auth context */
|
||||
|
||||
ac = ctx->auth_context;
|
||||
if (krb5_ret_uint32 (sp, &ac->flags) != 0)
|
||||
if (krb5_ret_int32 (sp, &tmp) != 0)
|
||||
goto failure;
|
||||
ac->flags = tmp;
|
||||
if (flags & SC_LOCAL_ADDRESS) {
|
||||
if (krb5_ret_address (sp, localp = &local) != 0)
|
||||
goto failure;
|
||||
|
@ -33,7 +33,7 @@
|
||||
|
||||
#include "krb5/gsskrb5_locl.h"
|
||||
|
||||
RCSID("$Id: init_sec_context.c 22671 2008-03-09 23:57:54Z lha $");
|
||||
RCSID("$Id: init_sec_context.c 23422 2008-07-26 18:38:29Z lha $");
|
||||
|
||||
/*
|
||||
* copy the addresses from `input_chan_bindings' (if any) to
|
||||
@ -121,6 +121,8 @@ _gsskrb5_create_ctx(
|
||||
ctx->auth_context = NULL;
|
||||
ctx->source = NULL;
|
||||
ctx->target = NULL;
|
||||
ctx->kcred = NULL;
|
||||
ctx->ccache = NULL;
|
||||
ctx->state = state;
|
||||
ctx->flags = 0;
|
||||
ctx->more_flags = 0;
|
||||
@ -134,9 +136,7 @@ _gsskrb5_create_ctx(
|
||||
kret = krb5_auth_con_init (context, &ctx->auth_context);
|
||||
if (kret) {
|
||||
*minor_status = kret;
|
||||
|
||||
HEIMDAL_MUTEX_destroy(&ctx->ctx_id_mutex);
|
||||
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
|
||||
@ -237,9 +237,14 @@ gsskrb5_initiator_ready(
|
||||
int is_cfx = 0;
|
||||
OM_uint32 flags = ctx->flags;
|
||||
|
||||
krb5_auth_getremoteseqnumber (context,
|
||||
ctx->auth_context,
|
||||
&seq_number);
|
||||
krb5_free_creds(context, ctx->kcred);
|
||||
ctx->kcred = NULL;
|
||||
|
||||
if (ctx->more_flags & CLOSE_CCACHE)
|
||||
krb5_cc_close(context, ctx->ccache);
|
||||
ctx->ccache = NULL;
|
||||
|
||||
krb5_auth_getremoteseqnumber (context, ctx->auth_context, &seq_number);
|
||||
|
||||
_gsskrb5i_is_cfx(ctx, &is_cfx);
|
||||
|
||||
@ -333,7 +338,6 @@ init_auth
|
||||
const gss_OID mech_type,
|
||||
OM_uint32 req_flags,
|
||||
OM_uint32 time_req,
|
||||
const gss_channel_bindings_t input_chan_bindings,
|
||||
const gss_buffer_t input_token,
|
||||
gss_OID * actual_mech_type,
|
||||
gss_buffer_t output_token,
|
||||
@ -343,14 +347,7 @@ init_auth
|
||||
{
|
||||
OM_uint32 ret = GSS_S_FAILURE;
|
||||
krb5_error_code kret;
|
||||
krb5_flags ap_options;
|
||||
krb5_creds *kcred = NULL;
|
||||
krb5_data outbuf;
|
||||
krb5_ccache ccache = NULL;
|
||||
uint32_t flags;
|
||||
krb5_data authenticator;
|
||||
Checksum cksum;
|
||||
krb5_enctype enctype;
|
||||
krb5_data fwd_data;
|
||||
OM_uint32 lifetime_rec;
|
||||
|
||||
@ -363,16 +360,17 @@ init_auth
|
||||
*actual_mech_type = GSS_KRB5_MECHANISM;
|
||||
|
||||
if (cred == NULL) {
|
||||
kret = krb5_cc_default (context, &ccache);
|
||||
kret = krb5_cc_default (context, &ctx->ccache);
|
||||
if (kret) {
|
||||
*minor_status = kret;
|
||||
ret = GSS_S_FAILURE;
|
||||
goto failure;
|
||||
}
|
||||
ctx->more_flags |= CLOSE_CCACHE;
|
||||
} else
|
||||
ccache = cred->ccache;
|
||||
ctx->ccache = cred->ccache;
|
||||
|
||||
kret = krb5_cc_get_principal (context, ccache, &ctx->source);
|
||||
kret = krb5_cc_get_principal (context, ctx->ccache, &ctx->source);
|
||||
if (kret) {
|
||||
*minor_status = kret;
|
||||
ret = GSS_S_FAILURE;
|
||||
@ -407,16 +405,16 @@ init_auth
|
||||
|
||||
ret = gsskrb5_get_creds(minor_status,
|
||||
context,
|
||||
ccache,
|
||||
ctx->ccache,
|
||||
ctx,
|
||||
ctx->target,
|
||||
time_req,
|
||||
time_rec,
|
||||
&kcred);
|
||||
&ctx->kcred);
|
||||
if (ret)
|
||||
goto failure;
|
||||
|
||||
ctx->lifetime = kcred->times.endtime;
|
||||
ctx->lifetime = ctx->kcred->times.endtime;
|
||||
|
||||
ret = _gsskrb5_lifetime_left(minor_status,
|
||||
context,
|
||||
@ -434,17 +432,59 @@ init_auth
|
||||
|
||||
krb5_auth_con_setkey(context,
|
||||
ctx->auth_context,
|
||||
&kcred->session);
|
||||
&ctx->kcred->session);
|
||||
|
||||
kret = krb5_auth_con_generatelocalsubkey(context,
|
||||
ctx->auth_context,
|
||||
&kcred->session);
|
||||
&ctx->kcred->session);
|
||||
if(kret) {
|
||||
*minor_status = kret;
|
||||
ret = GSS_S_FAILURE;
|
||||
goto failure;
|
||||
}
|
||||
|
||||
return GSS_S_COMPLETE;
|
||||
|
||||
failure:
|
||||
if (ctx->ccache && (ctx->more_flags & CLOSE_CCACHE))
|
||||
krb5_cc_close(context, ctx->ccache);
|
||||
ctx->ccache = NULL;
|
||||
|
||||
return ret;
|
||||
|
||||
}
|
||||
|
||||
static OM_uint32
|
||||
init_auth_restart
|
||||
(OM_uint32 * minor_status,
|
||||
gsskrb5_cred cred,
|
||||
gsskrb5_ctx ctx,
|
||||
krb5_context context,
|
||||
OM_uint32 req_flags,
|
||||
const gss_channel_bindings_t input_chan_bindings,
|
||||
const gss_buffer_t input_token,
|
||||
gss_OID * actual_mech_type,
|
||||
gss_buffer_t output_token,
|
||||
OM_uint32 * ret_flags,
|
||||
OM_uint32 * time_rec
|
||||
)
|
||||
{
|
||||
OM_uint32 ret = GSS_S_FAILURE;
|
||||
krb5_error_code kret;
|
||||
krb5_flags ap_options;
|
||||
krb5_data outbuf;
|
||||
uint32_t flags;
|
||||
krb5_data authenticator;
|
||||
Checksum cksum;
|
||||
krb5_enctype enctype;
|
||||
krb5_data fwd_data, timedata;
|
||||
int32_t offset = 0, oldoffset;
|
||||
|
||||
krb5_data_zero(&outbuf);
|
||||
krb5_data_zero(&fwd_data);
|
||||
|
||||
*minor_status = 0;
|
||||
|
||||
/*
|
||||
* If the credential doesn't have ok-as-delegate, check what local
|
||||
* policy say about ok-as-delegate, default is FALSE that makes
|
||||
@ -452,12 +492,24 @@ init_auth
|
||||
* requested. If it is TRUE, strip of the GSS_C_DELEG_FLAG if the
|
||||
* KDC doesn't set ok-as-delegate.
|
||||
*/
|
||||
if (!kcred->flags.b.ok_as_delegate) {
|
||||
krb5_boolean delegate;
|
||||
if (!ctx->kcred->flags.b.ok_as_delegate) {
|
||||
krb5_boolean delegate, realm_setting;
|
||||
krb5_data data;
|
||||
|
||||
krb5_appdefault_boolean(context,
|
||||
"gssapi", name->realm,
|
||||
"ok-as-delegate", FALSE, &delegate);
|
||||
realm_setting = FALSE;
|
||||
|
||||
ret = krb5_cc_get_config(context, ctx->ccache, NULL,
|
||||
"realm-config", &data);
|
||||
if (ret == 0) {
|
||||
/* XXX 1 is use ok-as-delegate */
|
||||
if (data.length > 0 && (((unsigned char *)data.data)[0]) & 1)
|
||||
realm_setting = TRUE;
|
||||
krb5_data_free(&data);
|
||||
}
|
||||
|
||||
krb5_appdefault_boolean(context, "gssapi", ctx->target->realm,
|
||||
"ok-as-delegate", realm_setting,
|
||||
&delegate);
|
||||
if (delegate)
|
||||
req_flags &= ~GSS_C_DELEG_FLAG;
|
||||
}
|
||||
@ -467,7 +519,8 @@ init_auth
|
||||
if (req_flags & GSS_C_DELEG_FLAG)
|
||||
do_delegation (context,
|
||||
ctx->auth_context,
|
||||
ccache, kcred, name, &fwd_data, &flags);
|
||||
ctx->ccache, ctx->kcred, ctx->target,
|
||||
&fwd_data, &flags);
|
||||
|
||||
if (req_flags & GSS_C_MUTUAL_FLAG) {
|
||||
flags |= GSS_C_MUTUAL_FLAG;
|
||||
@ -518,16 +571,33 @@ init_auth
|
||||
|
||||
enctype = ctx->auth_context->keyblock->keytype;
|
||||
|
||||
ret = krb5_cc_get_config(context, ctx->ccache, ctx->target,
|
||||
"time-offset", &timedata);
|
||||
if (ret == 0) {
|
||||
if (timedata.length == 4) {
|
||||
const u_char *p = timedata.data;
|
||||
offset = (p[0] <<24) | (p[1] << 16) | (p[2] << 8) | (p[3] << 0);
|
||||
}
|
||||
krb5_data_free(&timedata);
|
||||
}
|
||||
|
||||
if (offset) {
|
||||
krb5_get_kdc_sec_offset (context, &oldoffset, NULL);
|
||||
krb5_set_kdc_sec_offset (context, offset, -1);
|
||||
}
|
||||
|
||||
kret = krb5_build_authenticator (context,
|
||||
ctx->auth_context,
|
||||
enctype,
|
||||
kcred,
|
||||
ctx->kcred,
|
||||
&cksum,
|
||||
NULL,
|
||||
&authenticator,
|
||||
KRB5_KU_AP_REQ_AUTH);
|
||||
|
||||
if (kret) {
|
||||
if (offset)
|
||||
krb5_set_kdc_sec_offset (context, oldoffset, -1);
|
||||
*minor_status = kret;
|
||||
ret = GSS_S_FAILURE;
|
||||
goto failure;
|
||||
@ -535,11 +605,12 @@ init_auth
|
||||
|
||||
kret = krb5_build_ap_req (context,
|
||||
enctype,
|
||||
kcred,
|
||||
ctx->kcred,
|
||||
ap_options,
|
||||
authenticator,
|
||||
&outbuf);
|
||||
|
||||
if (offset)
|
||||
krb5_set_kdc_sec_offset (context, oldoffset, -1);
|
||||
if (kret) {
|
||||
*minor_status = kret;
|
||||
ret = GSS_S_FAILURE;
|
||||
@ -552,16 +623,12 @@ init_auth
|
||||
} else {
|
||||
ret = _gsskrb5_encapsulate (minor_status, &outbuf, output_token,
|
||||
(u_char *)"\x01\x00", GSS_KRB5_MECHANISM);
|
||||
krb5_data_free (&outbuf);
|
||||
if (ret)
|
||||
goto failure;
|
||||
|
||||
krb5_data_free (&outbuf);
|
||||
}
|
||||
|
||||
krb5_free_creds(context, kcred);
|
||||
free_Checksum(&cksum);
|
||||
if (cred == NULL)
|
||||
krb5_cc_close(context, ccache);
|
||||
|
||||
if (flags & GSS_C_MUTUAL_FLAG) {
|
||||
ctx->state = INITIATOR_WAIT_FOR_MUTAL;
|
||||
@ -570,15 +637,14 @@ init_auth
|
||||
|
||||
return gsskrb5_initiator_ready(minor_status, ctx, context);
|
||||
failure:
|
||||
if(kcred)
|
||||
krb5_free_creds(context, kcred);
|
||||
if (ccache && cred == NULL)
|
||||
krb5_cc_close(context, ccache);
|
||||
if (ctx->ccache && (ctx->more_flags & CLOSE_CCACHE))
|
||||
krb5_cc_close(context, ctx->ccache);
|
||||
ctx->ccache = NULL;
|
||||
|
||||
return ret;
|
||||
|
||||
}
|
||||
|
||||
|
||||
static OM_uint32
|
||||
repl_mutual
|
||||
(OM_uint32 * minor_status,
|
||||
@ -617,8 +683,46 @@ repl_mutual
|
||||
&indata,
|
||||
"\x02\x00",
|
||||
GSS_KRB5_MECHANISM);
|
||||
if (ret) {
|
||||
/* XXX - Handle AP_ERROR */
|
||||
if (ret == GSS_S_DEFECTIVE_TOKEN) {
|
||||
/* check if there is an error token sent instead */
|
||||
ret = _gsskrb5_decapsulate (minor_status,
|
||||
input_token,
|
||||
&indata,
|
||||
"\x03\x00",
|
||||
GSS_KRB5_MECHANISM);
|
||||
if (ret == GSS_S_COMPLETE) {
|
||||
KRB_ERROR error;
|
||||
|
||||
kret = krb5_rd_error(context, &indata, &error);
|
||||
if (kret == 0) {
|
||||
kret = krb5_error_from_rd_error(context, &error, NULL);
|
||||
|
||||
/* save the time skrew for this host */
|
||||
if (kret == KRB5KRB_AP_ERR_SKEW) {
|
||||
krb5_data timedata;
|
||||
unsigned char p[4];
|
||||
int32_t t = error.stime - time(NULL);
|
||||
|
||||
p[0] = (t >> 24) & 0xFF;
|
||||
p[1] = (t >> 16) & 0xFF;
|
||||
p[2] = (t >> 8) & 0xFF;
|
||||
p[3] = (t >> 0) & 0xFF;
|
||||
|
||||
timedata.data = p;
|
||||
timedata.length = sizeof(p);
|
||||
|
||||
krb5_cc_set_config(context, ctx->ccache, ctx->target,
|
||||
"time-offset", &timedata);
|
||||
|
||||
if ((ctx->more_flags & RETRIED) == 0)
|
||||
ctx->state = INITIATOR_RESTART;
|
||||
ctx->more_flags |= RETRIED;
|
||||
}
|
||||
free_KRB_ERROR (&error);
|
||||
}
|
||||
*minor_status = kret;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
}
|
||||
@ -661,30 +765,31 @@ repl_mutual
|
||||
*ret_flags = ctx->flags;
|
||||
|
||||
if (req_flags & GSS_C_DCE_STYLE) {
|
||||
int32_t con_flags;
|
||||
int32_t local_seq, remote_seq;
|
||||
krb5_data outbuf;
|
||||
|
||||
/* Do don't do sequence number for the mk-rep */
|
||||
krb5_auth_con_removeflags(context,
|
||||
ctx->auth_context,
|
||||
KRB5_AUTH_CONTEXT_DO_SEQUENCE,
|
||||
&con_flags);
|
||||
/*
|
||||
* So DCE_STYLE is strange. The client echos the seq number
|
||||
* that the server used in the server's mk_rep in its own
|
||||
* mk_rep(). After when done, it resets to it's own seq number
|
||||
* for the gss_wrap calls.
|
||||
*/
|
||||
|
||||
kret = krb5_mk_rep(context,
|
||||
ctx->auth_context,
|
||||
&outbuf);
|
||||
krb5_auth_getremoteseqnumber(context, ctx->auth_context, &remote_seq);
|
||||
krb5_auth_con_getlocalseqnumber(context, ctx->auth_context, &local_seq);
|
||||
krb5_auth_con_setlocalseqnumber(context, ctx->auth_context, remote_seq);
|
||||
|
||||
kret = krb5_mk_rep(context, ctx->auth_context, &outbuf);
|
||||
if (kret) {
|
||||
*minor_status = kret;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
|
||||
/* reset local seq number */
|
||||
krb5_auth_con_setlocalseqnumber(context, ctx->auth_context, local_seq);
|
||||
|
||||
output_token->length = outbuf.length;
|
||||
output_token->value = outbuf.data;
|
||||
|
||||
krb5_auth_con_removeflags(context,
|
||||
ctx->auth_context,
|
||||
KRB5_AUTH_CONTEXT_DO_SEQUENCE,
|
||||
NULL);
|
||||
}
|
||||
|
||||
return gsskrb5_initiator_ready(minor_status, ctx, context);
|
||||
@ -768,6 +873,7 @@ OM_uint32 _gsskrb5_init_sec_context
|
||||
|
||||
HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
|
||||
|
||||
again:
|
||||
switch (ctx->state) {
|
||||
case INITIATOR_START:
|
||||
ret = init_auth(minor_status,
|
||||
@ -778,6 +884,20 @@ OM_uint32 _gsskrb5_init_sec_context
|
||||
mech_type,
|
||||
req_flags,
|
||||
time_req,
|
||||
input_token,
|
||||
actual_mech_type,
|
||||
output_token,
|
||||
ret_flags,
|
||||
time_rec);
|
||||
if (ret != GSS_S_COMPLETE)
|
||||
break;
|
||||
/* FALL THOUGH */
|
||||
case INITIATOR_RESTART:
|
||||
ret = init_auth_restart(minor_status,
|
||||
cred,
|
||||
ctx,
|
||||
context,
|
||||
req_flags,
|
||||
input_chan_bindings,
|
||||
input_token,
|
||||
actual_mech_type,
|
||||
@ -798,6 +918,8 @@ OM_uint32 _gsskrb5_init_sec_context
|
||||
output_token,
|
||||
ret_flags,
|
||||
time_rec);
|
||||
if (ctx->state == INITIATOR_RESTART)
|
||||
goto again;
|
||||
break;
|
||||
case INITIATOR_READY:
|
||||
/*
|
||||
|
@ -32,7 +32,7 @@
|
||||
|
||||
#include "krb5/gsskrb5_locl.h"
|
||||
|
||||
RCSID("$Id: set_cred_option.c 22655 2008-02-26 12:40:35Z lha $");
|
||||
RCSID("$Id: set_cred_option.c 23331 2008-06-27 12:01:48Z lha $");
|
||||
|
||||
/* 1.2.752.43.13.17 */
|
||||
static gss_OID_desc gss_krb5_cred_no_ci_flags_x_oid_desc =
|
||||
|
@ -36,7 +36,7 @@
|
||||
|
||||
#include "krb5/gsskrb5_locl.h"
|
||||
|
||||
RCSID("$Id: set_sec_context_option.c 20384 2007-04-18 08:51:06Z lha $");
|
||||
RCSID("$Id: set_sec_context_option.c 23420 2008-07-26 18:37:48Z lha $");
|
||||
|
||||
static OM_uint32
|
||||
get_bool(OM_uint32 *minor_status,
|
||||
@ -70,6 +70,36 @@ get_string(OM_uint32 *minor_status,
|
||||
return GSS_S_COMPLETE;
|
||||
}
|
||||
|
||||
static OM_uint32
|
||||
get_int32(OM_uint32 *minor_status,
|
||||
const gss_buffer_t value,
|
||||
OM_uint32 *ret)
|
||||
{
|
||||
*minor_status = 0;
|
||||
if (value == NULL || value->length == 0)
|
||||
*ret = 0;
|
||||
else if (value->length == sizeof(*ret))
|
||||
memcpy(ret, value->value, sizeof(*ret));
|
||||
else
|
||||
return GSS_S_UNAVAILABLE;
|
||||
|
||||
return GSS_S_COMPLETE;
|
||||
}
|
||||
|
||||
static OM_uint32
|
||||
set_int32(OM_uint32 *minor_status,
|
||||
const gss_buffer_t value,
|
||||
OM_uint32 set)
|
||||
{
|
||||
*minor_status = 0;
|
||||
if (value->length == sizeof(set))
|
||||
memcpy(value->value, &set, sizeof(set));
|
||||
else
|
||||
return GSS_S_UNAVAILABLE;
|
||||
|
||||
return GSS_S_COMPLETE;
|
||||
}
|
||||
|
||||
OM_uint32
|
||||
_gsskrb5_set_sec_context_option
|
||||
(OM_uint32 *minor_status,
|
||||
@ -185,6 +215,35 @@ _gsskrb5_set_sec_context_option
|
||||
return GSS_S_FAILURE;
|
||||
|
||||
return GSS_S_COMPLETE;
|
||||
} else if (gss_oid_equal(desired_object, GSS_KRB5_SET_TIME_OFFSET_X)) {
|
||||
OM_uint32 offset;
|
||||
time_t t;
|
||||
|
||||
maj_stat = get_int32(minor_status, value, &offset);
|
||||
if (maj_stat != GSS_S_COMPLETE)
|
||||
return maj_stat;
|
||||
|
||||
t = time(NULL) + offset;
|
||||
|
||||
krb5_set_real_time(context, t, 0);
|
||||
|
||||
*minor_status = 0;
|
||||
return GSS_S_COMPLETE;
|
||||
} else if (gss_oid_equal(desired_object, GSS_KRB5_GET_TIME_OFFSET_X)) {
|
||||
krb5_timestamp sec;
|
||||
int32_t usec;
|
||||
time_t t;
|
||||
|
||||
t = time(NULL);
|
||||
|
||||
krb5_us_timeofday (context, &sec, &usec);
|
||||
|
||||
maj_stat = set_int32(minor_status, value, sec - t);
|
||||
if (maj_stat != GSS_S_COMPLETE)
|
||||
return maj_stat;
|
||||
|
||||
*minor_status = 0;
|
||||
return GSS_S_COMPLETE;
|
||||
}
|
||||
|
||||
*minor_status = EINVAL;
|
||||
|
@ -33,7 +33,7 @@
|
||||
|
||||
#include "krb5/gsskrb5_locl.h"
|
||||
|
||||
RCSID("$Id: unwrap.c 19031 2006-11-13 18:02:57Z lha $");
|
||||
RCSID("$Id: unwrap.c 23112 2008-04-27 18:51:26Z lha $");
|
||||
|
||||
static OM_uint32
|
||||
unwrap_des
|
||||
@ -93,7 +93,7 @@ unwrap_des
|
||||
|
||||
for (i = 0; i < sizeof(deskey); ++i)
|
||||
deskey[i] ^= 0xf0;
|
||||
DES_set_key (&deskey, &schedule);
|
||||
DES_set_key_unchecked (&deskey, &schedule);
|
||||
memset (&zero, 0, sizeof(zero));
|
||||
DES_cbc_encrypt ((void *)p,
|
||||
(void *)p,
|
||||
@ -119,7 +119,7 @@ unwrap_des
|
||||
|
||||
memset (&zero, 0, sizeof(zero));
|
||||
memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
|
||||
DES_set_key (&deskey, &schedule);
|
||||
DES_set_key_unchecked (&deskey, &schedule);
|
||||
DES_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash),
|
||||
&schedule, &zero);
|
||||
if (memcmp (p - 8, hash, 8) != 0)
|
||||
@ -130,7 +130,7 @@ unwrap_des
|
||||
HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
|
||||
|
||||
p -= 16;
|
||||
DES_set_key (&deskey, &schedule);
|
||||
DES_set_key_unchecked (&deskey, &schedule);
|
||||
DES_cbc_encrypt ((void *)p, (void *)p, 8,
|
||||
&schedule, (DES_cblock *)hash, DES_DECRYPT);
|
||||
|
||||
|
@ -33,7 +33,7 @@
|
||||
|
||||
#include "krb5/gsskrb5_locl.h"
|
||||
|
||||
RCSID("$Id: verify_mic.c 19031 2006-11-13 18:02:57Z lha $");
|
||||
RCSID("$Id: verify_mic.c 23112 2008-04-27 18:51:26Z lha $");
|
||||
|
||||
static OM_uint32
|
||||
verify_mic_des
|
||||
@ -83,7 +83,7 @@ verify_mic_des
|
||||
memset (&zero, 0, sizeof(zero));
|
||||
memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
|
||||
|
||||
DES_set_key (&deskey, &schedule);
|
||||
DES_set_key_unchecked (&deskey, &schedule);
|
||||
DES_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash),
|
||||
&schedule, &zero);
|
||||
if (memcmp (p - 8, hash, 8) != 0) {
|
||||
@ -97,7 +97,7 @@ verify_mic_des
|
||||
HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
|
||||
|
||||
p -= 16;
|
||||
DES_set_key (&deskey, &schedule);
|
||||
DES_set_key_unchecked (&deskey, &schedule);
|
||||
DES_cbc_encrypt ((void *)p, (void *)p, 8,
|
||||
&schedule, (DES_cblock *)hash, DES_DECRYPT);
|
||||
|
||||
|
@ -33,7 +33,7 @@
|
||||
|
||||
#include "krb5/gsskrb5_locl.h"
|
||||
|
||||
RCSID("$Id: wrap.c 19035 2006-11-14 09:49:56Z lha $");
|
||||
RCSID("$Id: wrap.c 23316 2008-06-23 04:32:32Z lha $");
|
||||
|
||||
/*
|
||||
* Return initiator subkey, or if that doesn't exists, the subkey.
|
||||
@ -61,7 +61,7 @@ _gsskrb5i_get_initiator_subkey(const gsskrb5_ctx ctx,
|
||||
ctx->auth_context,
|
||||
key);
|
||||
if (ret == 0 && *key == NULL) {
|
||||
krb5_set_error_string(context, "No initiator subkey available");
|
||||
krb5_set_error_message(context, 0, "No initiator subkey available");
|
||||
return GSS_KRB5_S_KG_NO_SUBKEY;
|
||||
}
|
||||
return ret;
|
||||
@ -85,7 +85,7 @@ _gsskrb5i_get_acceptor_subkey(const gsskrb5_ctx ctx,
|
||||
key);
|
||||
}
|
||||
if (ret == 0 && *key == NULL) {
|
||||
krb5_set_error_string(context, "No acceptor subkey available");
|
||||
krb5_set_error_message(context, 0, "No acceptor subkey available");
|
||||
return GSS_KRB5_S_KG_NO_SUBKEY;
|
||||
}
|
||||
return ret;
|
||||
@ -106,7 +106,7 @@ _gsskrb5i_get_token_key(const gsskrb5_ctx ctx,
|
||||
_gsskrb5i_get_initiator_subkey(ctx, context, key);
|
||||
}
|
||||
if (*key == NULL) {
|
||||
krb5_set_error_string(context, "No token key available");
|
||||
krb5_set_error_message(context, 0, "No token key available");
|
||||
return GSS_KRB5_S_KG_NO_SUBKEY;
|
||||
}
|
||||
return 0;
|
||||
@ -259,7 +259,7 @@ wrap_des
|
||||
|
||||
memset (&zero, 0, sizeof(zero));
|
||||
memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
|
||||
DES_set_key (&deskey, &schedule);
|
||||
DES_set_key_unchecked (&deskey, &schedule);
|
||||
DES_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash),
|
||||
&schedule, &zero);
|
||||
memcpy (p - 8, hash, 8);
|
||||
@ -279,7 +279,7 @@ wrap_des
|
||||
(ctx->more_flags & LOCAL) ? 0 : 0xFF,
|
||||
4);
|
||||
|
||||
DES_set_key (&deskey, &schedule);
|
||||
DES_set_key_unchecked (&deskey, &schedule);
|
||||
DES_cbc_encrypt ((void *)p, (void *)p, 8,
|
||||
&schedule, (DES_cblock *)(p + 8), DES_ENCRYPT);
|
||||
|
||||
@ -296,7 +296,7 @@ wrap_des
|
||||
|
||||
for (i = 0; i < sizeof(deskey); ++i)
|
||||
deskey[i] ^= 0xf0;
|
||||
DES_set_key (&deskey, &schedule);
|
||||
DES_set_key_unchecked (&deskey, &schedule);
|
||||
memset (&zero, 0, sizeof(zero));
|
||||
DES_cbc_encrypt ((void *)p,
|
||||
(void *)p,
|
||||
|
@ -27,9 +27,9 @@
|
||||
*/
|
||||
|
||||
#include "mech_locl.h"
|
||||
RCSID("$Id: gss_acquire_cred.c 21478 2007-07-10 16:32:01Z lha $");
|
||||
RCSID("$Id: gss_acquire_cred.c 23025 2008-04-17 10:01:57Z lha $");
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_acquire_cred(OM_uint32 *minor_status,
|
||||
const gss_name_t desired_name,
|
||||
OM_uint32 time_req,
|
||||
|
@ -27,7 +27,7 @@
|
||||
*/
|
||||
|
||||
#include "mech_locl.h"
|
||||
RCSID("$Id: gss_add_cred.c 21474 2007-07-10 16:30:23Z lha $");
|
||||
RCSID("$Id: gss_add_cred.c 23025 2008-04-17 10:01:57Z lha $");
|
||||
|
||||
static struct _gss_mechanism_cred *
|
||||
_gss_copy_cred(struct _gss_mechanism_cred *mc)
|
||||
@ -71,7 +71,7 @@ _gss_copy_cred(struct _gss_mechanism_cred *mc)
|
||||
return (new_mc);
|
||||
}
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_add_cred(OM_uint32 *minor_status,
|
||||
const gss_cred_id_t input_cred_handle,
|
||||
const gss_name_t desired_name,
|
||||
|
@ -32,9 +32,9 @@
|
||||
*/
|
||||
|
||||
#include "mech_locl.h"
|
||||
RCSID("$Id: gss_add_oid_set_member.c 18817 2006-10-22 09:36:13Z lha $");
|
||||
RCSID("$Id: gss_add_oid_set_member.c 23025 2008-04-17 10:01:57Z lha $");
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_add_oid_set_member (OM_uint32 * minor_status,
|
||||
const gss_OID member_oid,
|
||||
gss_OID_set * oid_set)
|
||||
|
@ -31,9 +31,9 @@
|
||||
*/
|
||||
|
||||
#include "mech_locl.h"
|
||||
RCSID("$Id: gss_buffer_set.c 18885 2006-10-24 21:53:02Z lha $");
|
||||
RCSID("$Id: gss_buffer_set.c 23025 2008-04-17 10:01:57Z lha $");
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_create_empty_buffer_set
|
||||
(OM_uint32 * minor_status,
|
||||
gss_buffer_set_t *buffer_set)
|
||||
@ -55,7 +55,7 @@ gss_create_empty_buffer_set
|
||||
return GSS_S_COMPLETE;
|
||||
}
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_add_buffer_set_member
|
||||
(OM_uint32 * minor_status,
|
||||
const gss_buffer_t member_buffer,
|
||||
@ -97,7 +97,7 @@ gss_add_buffer_set_member
|
||||
return GSS_S_COMPLETE;
|
||||
}
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_release_buffer_set(OM_uint32 * minor_status,
|
||||
gss_buffer_set_t *buffer_set)
|
||||
{
|
||||
|
@ -27,9 +27,9 @@
|
||||
*/
|
||||
|
||||
#include "mech_locl.h"
|
||||
RCSID("$Id: gss_canonicalize_name.c 21476 2007-07-10 16:31:27Z lha $");
|
||||
RCSID("$Id: gss_canonicalize_name.c 23025 2008-04-17 10:01:57Z lha $");
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_canonicalize_name(OM_uint32 *minor_status,
|
||||
const gss_name_t input_name,
|
||||
const gss_OID mech_type,
|
||||
|
@ -27,9 +27,9 @@
|
||||
*/
|
||||
|
||||
#include "mech_locl.h"
|
||||
RCSID("$Id: gss_compare_name.c 21475 2007-07-10 16:31:03Z lha $");
|
||||
RCSID("$Id: gss_compare_name.c 23025 2008-04-17 10:01:57Z lha $");
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_compare_name(OM_uint32 *minor_status,
|
||||
const gss_name_t name1_arg,
|
||||
const gss_name_t name2_arg,
|
||||
|
@ -27,9 +27,9 @@
|
||||
*/
|
||||
|
||||
#include "mech_locl.h"
|
||||
RCSID("$Id: gss_context_time.c 17700 2006-06-28 09:00:26Z lha $");
|
||||
RCSID("$Id: gss_context_time.c 23025 2008-04-17 10:01:57Z lha $");
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_context_time(OM_uint32 *minor_status,
|
||||
const gss_ctx_id_t context_handle,
|
||||
OM_uint32 *time_rec)
|
||||
|
@ -27,9 +27,9 @@
|
||||
*/
|
||||
|
||||
#include "mech_locl.h"
|
||||
RCSID("$Id: gss_create_empty_oid_set.c 19951 2007-01-17 10:14:58Z lha $");
|
||||
RCSID("$Id: gss_create_empty_oid_set.c 23025 2008-04-17 10:01:57Z lha $");
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_create_empty_oid_set(OM_uint32 *minor_status,
|
||||
gss_OID_set *oid_set)
|
||||
{
|
||||
|
@ -32,9 +32,9 @@
|
||||
*/
|
||||
|
||||
#include "mech_locl.h"
|
||||
RCSID("$Id: gss_decapsulate_token.c 19951 2007-01-17 10:14:58Z lha $");
|
||||
RCSID("$Id: gss_decapsulate_token.c 23025 2008-04-17 10:01:57Z lha $");
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_decapsulate_token(gss_buffer_t input_token,
|
||||
gss_OID oid,
|
||||
gss_buffer_t output_token)
|
||||
|
@ -27,9 +27,9 @@
|
||||
*/
|
||||
|
||||
#include "mech_locl.h"
|
||||
RCSID("$Id: gss_delete_sec_context.c 19951 2007-01-17 10:14:58Z lha $");
|
||||
RCSID("$Id: gss_delete_sec_context.c 23025 2008-04-17 10:01:57Z lha $");
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_delete_sec_context(OM_uint32 *minor_status,
|
||||
gss_ctx_id_t *context_handle,
|
||||
gss_buffer_t output_token)
|
||||
|
@ -27,9 +27,9 @@
|
||||
*/
|
||||
|
||||
#include "mech_locl.h"
|
||||
RCSID("$Id: gss_display_name.c 21246 2007-06-20 15:25:19Z lha $");
|
||||
RCSID("$Id: gss_display_name.c 23025 2008-04-17 10:01:57Z lha $");
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_display_name(OM_uint32 *minor_status,
|
||||
const gss_name_t input_name,
|
||||
gss_buffer_t output_name_buffer,
|
||||
|
@ -59,7 +59,7 @@
|
||||
*/
|
||||
|
||||
#include "mech_locl.h"
|
||||
RCSID("$Id: gss_display_status.c 21247 2007-06-21 00:37:27Z lha $");
|
||||
RCSID("$Id: gss_display_status.c 23025 2008-04-17 10:01:57Z lha $");
|
||||
|
||||
static const char *
|
||||
calling_error(OM_uint32 v)
|
||||
@ -136,7 +136,7 @@ supplementary_error(OM_uint32 v)
|
||||
}
|
||||
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_display_status(OM_uint32 *minor_status,
|
||||
OM_uint32 status_value,
|
||||
int status_type,
|
||||
|
@ -32,9 +32,9 @@
|
||||
*/
|
||||
|
||||
#include "mech_locl.h"
|
||||
RCSID("$Id: gss_encapsulate_token.c 19954 2007-01-17 11:50:23Z lha $");
|
||||
RCSID("$Id: gss_encapsulate_token.c 23025 2008-04-17 10:01:57Z lha $");
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_encapsulate_token(gss_buffer_t input_token,
|
||||
gss_OID oid,
|
||||
gss_buffer_t output_token)
|
||||
|
@ -27,9 +27,9 @@
|
||||
*/
|
||||
|
||||
#include "mech_locl.h"
|
||||
RCSID("$Id: gss_export_name.c 19954 2007-01-17 11:50:23Z lha $");
|
||||
RCSID("$Id: gss_export_name.c 23025 2008-04-17 10:01:57Z lha $");
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_export_name(OM_uint32 *minor_status,
|
||||
const gss_name_t input_name,
|
||||
gss_buffer_t exported_name)
|
||||
|
@ -27,9 +27,9 @@
|
||||
*/
|
||||
|
||||
#include "mech_locl.h"
|
||||
RCSID("$Id: gss_export_sec_context.c 19954 2007-01-17 11:50:23Z lha $");
|
||||
RCSID("$Id: gss_export_sec_context.c 23025 2008-04-17 10:01:57Z lha $");
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_export_sec_context(OM_uint32 *minor_status,
|
||||
gss_ctx_id_t *context_handle,
|
||||
gss_buffer_t interprocess_token)
|
||||
|
@ -27,9 +27,9 @@
|
||||
*/
|
||||
|
||||
#include "mech_locl.h"
|
||||
RCSID("$Id: gss_get_mic.c 19954 2007-01-17 11:50:23Z lha $");
|
||||
RCSID("$Id: gss_get_mic.c 23025 2008-04-17 10:01:57Z lha $");
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_get_mic(OM_uint32 *minor_status,
|
||||
const gss_ctx_id_t context_handle,
|
||||
gss_qop_t qop_req,
|
||||
|
@ -27,7 +27,7 @@
|
||||
*/
|
||||
|
||||
#include "mech_locl.h"
|
||||
RCSID("$Id: gss_import_name.c 19954 2007-01-17 11:50:23Z lha $");
|
||||
RCSID("$Id: gss_import_name.c 23025 2008-04-17 10:01:57Z lha $");
|
||||
|
||||
static OM_uint32
|
||||
_gss_import_export_name(OM_uint32 *minor_status,
|
||||
@ -139,7 +139,7 @@ _gss_import_export_name(OM_uint32 *minor_status,
|
||||
return (GSS_S_COMPLETE);
|
||||
}
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_import_name(OM_uint32 *minor_status,
|
||||
const gss_buffer_t input_name_buffer,
|
||||
const gss_OID input_name_type,
|
||||
|
@ -27,9 +27,9 @@
|
||||
*/
|
||||
|
||||
#include "mech_locl.h"
|
||||
RCSID("$Id: gss_import_sec_context.c 19956 2007-01-17 12:04:16Z lha $");
|
||||
RCSID("$Id: gss_import_sec_context.c 23025 2008-04-17 10:01:57Z lha $");
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_import_sec_context(OM_uint32 *minor_status,
|
||||
const gss_buffer_t interprocess_token,
|
||||
gss_ctx_id_t *context_handle)
|
||||
|
@ -27,9 +27,9 @@
|
||||
*/
|
||||
|
||||
#include "mech_locl.h"
|
||||
RCSID("$Id: gss_indicate_mechs.c 17803 2006-07-05 22:36:49Z lha $");
|
||||
RCSID("$Id: gss_indicate_mechs.c 23025 2008-04-17 10:01:57Z lha $");
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_indicate_mechs(OM_uint32 *minor_status,
|
||||
gss_OID_set *mech_set)
|
||||
{
|
||||
|
@ -27,7 +27,7 @@
|
||||
*/
|
||||
|
||||
#include "mech_locl.h"
|
||||
RCSID("$Id: gss_init_sec_context.c 21479 2007-07-10 16:32:19Z lha $");
|
||||
RCSID("$Id: gss_init_sec_context.c 23025 2008-04-17 10:01:57Z lha $");
|
||||
|
||||
static gss_cred_id_t
|
||||
_gss_mech_cred_find(gss_cred_id_t cred_handle, gss_OID mech_type)
|
||||
@ -45,7 +45,7 @@ _gss_mech_cred_find(gss_cred_id_t cred_handle, gss_OID mech_type)
|
||||
return GSS_C_NO_CREDENTIAL;
|
||||
}
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_init_sec_context(OM_uint32 * minor_status,
|
||||
const gss_cred_id_t initiator_cred_handle,
|
||||
gss_ctx_id_t * context_handle,
|
||||
|
@ -27,9 +27,9 @@
|
||||
*/
|
||||
|
||||
#include "mech_locl.h"
|
||||
RCSID("$Id: gss_inquire_context.c 21125 2007-06-18 20:11:07Z lha $");
|
||||
RCSID("$Id: gss_inquire_context.c 23025 2008-04-17 10:01:57Z lha $");
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_inquire_context(OM_uint32 *minor_status,
|
||||
const gss_ctx_id_t context_handle,
|
||||
gss_name_t *src_name,
|
||||
|
@ -27,7 +27,7 @@
|
||||
*/
|
||||
|
||||
#include "mech_locl.h"
|
||||
RCSID("$Id: gss_inquire_cred.c 20626 2007-05-08 13:56:49Z lha $");
|
||||
RCSID("$Id: gss_inquire_cred.c 23025 2008-04-17 10:01:57Z lha $");
|
||||
|
||||
#define AUSAGE 1
|
||||
#define IUSAGE 2
|
||||
@ -43,7 +43,7 @@ updateusage(gss_cred_usage_t usage, int *usagemask)
|
||||
*usagemask |= IUSAGE;
|
||||
}
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_inquire_cred(OM_uint32 *minor_status,
|
||||
const gss_cred_id_t cred_handle,
|
||||
gss_name_t *name_ret,
|
||||
|
@ -27,9 +27,9 @@
|
||||
*/
|
||||
|
||||
#include "mech_locl.h"
|
||||
RCSID("$Id: gss_inquire_cred_by_mech.c 21124 2007-06-18 20:08:24Z lha $");
|
||||
RCSID("$Id: gss_inquire_cred_by_mech.c 23025 2008-04-17 10:01:57Z lha $");
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_inquire_cred_by_mech(OM_uint32 *minor_status,
|
||||
const gss_cred_id_t cred_handle,
|
||||
const gss_OID mech_type,
|
||||
|
@ -31,9 +31,9 @@
|
||||
*/
|
||||
|
||||
#include "mech_locl.h"
|
||||
RCSID("$Id: gss_inquire_cred_by_oid.c 19960 2007-01-17 15:09:24Z lha $");
|
||||
RCSID("$Id: gss_inquire_cred_by_oid.c 23025 2008-04-17 10:01:57Z lha $");
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_inquire_cred_by_oid (OM_uint32 *minor_status,
|
||||
const gss_cred_id_t cred_handle,
|
||||
const gss_OID desired_object,
|
||||
|
@ -27,9 +27,9 @@
|
||||
*/
|
||||
|
||||
#include "mech_locl.h"
|
||||
RCSID("$Id: gss_inquire_mechs_for_name.c 17844 2006-07-20 02:04:00Z lha $");
|
||||
RCSID("$Id: gss_inquire_mechs_for_name.c 23025 2008-04-17 10:01:57Z lha $");
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_inquire_mechs_for_name(OM_uint32 *minor_status,
|
||||
const gss_name_t input_name,
|
||||
gss_OID_set *mech_types)
|
||||
|
@ -27,9 +27,9 @@
|
||||
*/
|
||||
|
||||
#include "mech_locl.h"
|
||||
RCSID("$Id: gss_inquire_names_for_mech.c 19960 2007-01-17 15:09:24Z lha $");
|
||||
RCSID("$Id: gss_inquire_names_for_mech.c 23025 2008-04-17 10:01:57Z lha $");
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_inquire_names_for_mech(OM_uint32 *minor_status,
|
||||
const gss_OID mechanism,
|
||||
gss_OID_set *name_types)
|
||||
|
@ -31,9 +31,9 @@
|
||||
*/
|
||||
|
||||
#include "mech_locl.h"
|
||||
RCSID("$Id: gss_inquire_sec_context_by_oid.c 19961 2007-01-17 15:57:51Z lha $");
|
||||
RCSID("$Id: gss_inquire_sec_context_by_oid.c 23025 2008-04-17 10:01:57Z lha $");
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_inquire_sec_context_by_oid (OM_uint32 *minor_status,
|
||||
const gss_ctx_id_t context_handle,
|
||||
const gss_OID desired_object,
|
||||
|
@ -27,13 +27,13 @@
|
||||
*/
|
||||
|
||||
#include "mech_locl.h"
|
||||
RCSID("$Id: gss_krb5.c 21889 2007-08-09 07:43:24Z lha $");
|
||||
RCSID("$Id: gss_krb5.c 23420 2008-07-26 18:37:48Z lha $");
|
||||
|
||||
#include <krb5.h>
|
||||
#include <roken.h>
|
||||
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_krb5_copy_ccache(OM_uint32 *minor_status,
|
||||
gss_cred_id_t cred,
|
||||
krb5_ccache out)
|
||||
@ -91,7 +91,7 @@ gss_krb5_copy_ccache(OM_uint32 *minor_status,
|
||||
return ret;
|
||||
}
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_krb5_import_cred(OM_uint32 *minor_status,
|
||||
krb5_ccache id,
|
||||
krb5_principal keytab_principal,
|
||||
@ -186,7 +186,7 @@ out:
|
||||
return major_status;
|
||||
}
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gsskrb5_register_acceptor_identity(const char *identity)
|
||||
{
|
||||
struct _gss_mech_switch *m;
|
||||
@ -208,7 +208,14 @@ gsskrb5_register_acceptor_identity(const char *identity)
|
||||
return (GSS_S_COMPLETE);
|
||||
}
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
krb5_gss_register_acceptor_identity(const char *identity)
|
||||
{
|
||||
return gsskrb5_register_acceptor_identity(identity);
|
||||
}
|
||||
|
||||
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gsskrb5_set_dns_canonicalize(int flag)
|
||||
{
|
||||
struct _gss_mech_switch *m;
|
||||
@ -253,7 +260,7 @@ free_key(gss_krb5_lucid_key_t *key)
|
||||
memset(key, 0, sizeof(*key));
|
||||
}
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_krb5_export_lucid_sec_context(OM_uint32 *minor_status,
|
||||
gss_ctx_id_t *context_handle,
|
||||
OM_uint32 version,
|
||||
@ -396,7 +403,7 @@ out:
|
||||
return GSS_S_COMPLETE;
|
||||
}
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_krb5_free_lucid_sec_context(OM_uint32 *minor_status, void *c)
|
||||
{
|
||||
gss_krb5_lucid_context_v1_t *ctx = c;
|
||||
@ -424,7 +431,7 @@ gss_krb5_free_lucid_sec_context(OM_uint32 *minor_status, void *c)
|
||||
*
|
||||
*/
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_krb5_set_allowable_enctypes(OM_uint32 *minor_status,
|
||||
gss_cred_id_t cred,
|
||||
OM_uint32 num_enctypes,
|
||||
@ -478,7 +485,7 @@ out:
|
||||
*
|
||||
*/
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gsskrb5_set_send_to_kdc(struct gsskrb5_send_to_kdc *c)
|
||||
{
|
||||
struct _gss_mech_switch *m;
|
||||
@ -509,7 +516,7 @@ gsskrb5_set_send_to_kdc(struct gsskrb5_send_to_kdc *c)
|
||||
*
|
||||
*/
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_krb5_ccache_name(OM_uint32 *minor_status,
|
||||
const char *name,
|
||||
const char **out_name)
|
||||
@ -541,7 +548,7 @@ gss_krb5_ccache_name(OM_uint32 *minor_status,
|
||||
*
|
||||
*/
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gsskrb5_extract_authtime_from_sec_context(OM_uint32 *minor_status,
|
||||
gss_ctx_id_t context_handle,
|
||||
time_t *authtime)
|
||||
@ -596,7 +603,7 @@ gsskrb5_extract_authtime_from_sec_context(OM_uint32 *minor_status,
|
||||
*
|
||||
*/
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gsskrb5_extract_authz_data_from_sec_context(OM_uint32 *minor_status,
|
||||
gss_ctx_id_t context_handle,
|
||||
int ad_type,
|
||||
@ -769,7 +776,7 @@ out:
|
||||
*
|
||||
*/
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gsskrb5_extract_service_keyblock(OM_uint32 *minor_status,
|
||||
gss_ctx_id_t context_handle,
|
||||
krb5_keyblock **keyblock)
|
||||
@ -780,7 +787,7 @@ gsskrb5_extract_service_keyblock(OM_uint32 *minor_status,
|
||||
keyblock);
|
||||
}
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gsskrb5_get_initiator_subkey(OM_uint32 *minor_status,
|
||||
gss_ctx_id_t context_handle,
|
||||
krb5_keyblock **keyblock)
|
||||
@ -791,7 +798,7 @@ gsskrb5_get_initiator_subkey(OM_uint32 *minor_status,
|
||||
keyblock);
|
||||
}
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gsskrb5_get_subkey(OM_uint32 *minor_status,
|
||||
gss_ctx_id_t context_handle,
|
||||
krb5_keyblock **keyblock)
|
||||
@ -802,7 +809,7 @@ gsskrb5_get_subkey(OM_uint32 *minor_status,
|
||||
keyblock);
|
||||
}
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gsskrb5_set_default_realm(const char *realm)
|
||||
{
|
||||
struct _gss_mech_switch *m;
|
||||
@ -824,7 +831,7 @@ gsskrb5_set_default_realm(const char *realm)
|
||||
return (GSS_S_COMPLETE);
|
||||
}
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_krb5_get_tkt_flags(OM_uint32 *minor_status,
|
||||
gss_ctx_id_t context_handle,
|
||||
OM_uint32 *tkt_flags)
|
||||
@ -863,3 +870,53 @@ gss_krb5_get_tkt_flags(OM_uint32 *minor_status,
|
||||
return GSS_S_COMPLETE;
|
||||
}
|
||||
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gsskrb5_set_time_offset(int offset)
|
||||
{
|
||||
struct _gss_mech_switch *m;
|
||||
gss_buffer_desc buffer;
|
||||
OM_uint32 junk;
|
||||
int32_t o = offset;
|
||||
|
||||
_gss_load_mech();
|
||||
|
||||
buffer.value = &o;
|
||||
buffer.length = sizeof(o);
|
||||
|
||||
SLIST_FOREACH(m, &_gss_mechs, gm_link) {
|
||||
if (m->gm_mech.gm_set_sec_context_option == NULL)
|
||||
continue;
|
||||
m->gm_mech.gm_set_sec_context_option(&junk, NULL,
|
||||
GSS_KRB5_SET_TIME_OFFSET_X, &buffer);
|
||||
}
|
||||
|
||||
return (GSS_S_COMPLETE);
|
||||
}
|
||||
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gsskrb5_get_time_offset(int *offset)
|
||||
{
|
||||
struct _gss_mech_switch *m;
|
||||
gss_buffer_desc buffer;
|
||||
OM_uint32 maj_stat, junk;
|
||||
int32_t o;
|
||||
|
||||
_gss_load_mech();
|
||||
|
||||
buffer.value = &o;
|
||||
buffer.length = sizeof(o);
|
||||
|
||||
SLIST_FOREACH(m, &_gss_mechs, gm_link) {
|
||||
if (m->gm_mech.gm_set_sec_context_option == NULL)
|
||||
continue;
|
||||
maj_stat = m->gm_mech.gm_set_sec_context_option(&junk, NULL,
|
||||
GSS_KRB5_GET_TIME_OFFSET_X, &buffer);
|
||||
|
||||
if (maj_stat == GSS_S_COMPLETE) {
|
||||
*offset = o;
|
||||
return maj_stat;
|
||||
}
|
||||
}
|
||||
|
||||
return (GSS_S_UNAVAILABLE);
|
||||
}
|
||||
|
@ -28,7 +28,7 @@
|
||||
|
||||
#include "mech_locl.h"
|
||||
#include <heim_threads.h>
|
||||
RCSID("$Id: gss_mech_switch.c 21698 2007-07-26 19:07:11Z lha $");
|
||||
RCSID("$Id: gss_mech_switch.c 23471 2008-07-27 12:17:49Z lha $");
|
||||
|
||||
#ifndef _PATH_GSS_MECH
|
||||
#define _PATH_GSS_MECH "/etc/gss/mech"
|
||||
@ -46,7 +46,7 @@ static int
|
||||
_gss_string_to_oid(const char* s, gss_OID oid)
|
||||
{
|
||||
int number_count, i, j;
|
||||
int byte_count;
|
||||
size_t byte_count;
|
||||
const char *p, *q;
|
||||
char *res;
|
||||
|
||||
@ -118,7 +118,7 @@ _gss_string_to_oid(const char* s, gss_OID oid)
|
||||
* The number is encoded in seven bit chunks.
|
||||
*/
|
||||
unsigned int t;
|
||||
int bytes;
|
||||
unsigned int bytes;
|
||||
|
||||
bytes = 0;
|
||||
for (t = number; t; t >>= 7)
|
||||
@ -229,6 +229,7 @@ _gss_load_mech(void)
|
||||
HEIMDAL_MUTEX_unlock(&_gss_mech_mutex);
|
||||
return;
|
||||
}
|
||||
rk_cloexec_file(fp);
|
||||
|
||||
while (fgets(buf, sizeof(buf), fp)) {
|
||||
if (*buf == '#')
|
||||
|
@ -32,9 +32,9 @@
|
||||
*/
|
||||
|
||||
#include "mech_locl.h"
|
||||
RCSID("$Id: gss_oid_equal.c 17702 2006-06-28 09:07:08Z lha $");
|
||||
RCSID("$Id: gss_oid_equal.c 23025 2008-04-17 10:01:57Z lha $");
|
||||
|
||||
int
|
||||
int GSSAPI_LIB_FUNCTION
|
||||
gss_oid_equal(const gss_OID a, const gss_OID b)
|
||||
{
|
||||
if (a == b)
|
||||
|
@ -32,9 +32,9 @@
|
||||
*/
|
||||
|
||||
#include "mech_locl.h"
|
||||
RCSID("$Id: gss_oid_to_str.c 21409 2007-07-04 14:19:11Z lha $");
|
||||
RCSID("$Id: gss_oid_to_str.c 23025 2008-04-17 10:01:57Z lha $");
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_oid_to_str(OM_uint32 *minor_status, gss_OID oid, gss_buffer_t oid_str)
|
||||
{
|
||||
int ret;
|
||||
|
@ -27,9 +27,9 @@
|
||||
*/
|
||||
|
||||
#include "mech_locl.h"
|
||||
RCSID("$Id: gss_process_context_token.c 17700 2006-06-28 09:00:26Z lha $");
|
||||
RCSID("$Id: gss_process_context_token.c 23025 2008-04-17 10:01:57Z lha $");
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_process_context_token(OM_uint32 *minor_status,
|
||||
const gss_ctx_id_t context_handle,
|
||||
const gss_buffer_t token_buffer)
|
||||
|
@ -27,9 +27,9 @@
|
||||
*/
|
||||
|
||||
#include "mech_locl.h"
|
||||
RCSID("$Id: gss_release_buffer.c 19962 2007-01-17 15:59:04Z lha $");
|
||||
RCSID("$Id: gss_release_buffer.c 23025 2008-04-17 10:01:57Z lha $");
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_release_buffer(OM_uint32 *minor_status,
|
||||
gss_buffer_t buffer)
|
||||
{
|
||||
|
@ -27,9 +27,9 @@
|
||||
*/
|
||||
|
||||
#include "mech_locl.h"
|
||||
RCSID("$Id: gss_release_cred.c 19963 2007-01-17 16:01:22Z lha $");
|
||||
RCSID("$Id: gss_release_cred.c 23025 2008-04-17 10:01:57Z lha $");
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_release_cred(OM_uint32 *minor_status, gss_cred_id_t *cred_handle)
|
||||
{
|
||||
struct _gss_cred *cred = (struct _gss_cred *) *cred_handle;
|
||||
|
@ -27,9 +27,9 @@
|
||||
*/
|
||||
|
||||
#include "mech_locl.h"
|
||||
RCSID("$Id: gss_release_name.c 18812 2006-10-22 07:59:06Z lha $");
|
||||
RCSID("$Id: gss_release_name.c 23025 2008-04-17 10:01:57Z lha $");
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_release_name(OM_uint32 *minor_status,
|
||||
gss_name_t *input_name)
|
||||
{
|
||||
|
@ -33,9 +33,9 @@
|
||||
|
||||
#include "mech_locl.h"
|
||||
|
||||
RCSID("$Id: gss_release_oid.c 17747 2006-06-30 09:34:54Z lha $");
|
||||
RCSID("$Id: gss_release_oid.c 23025 2008-04-17 10:01:57Z lha $");
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_release_oid(OM_uint32 *minor_status, gss_OID *oid)
|
||||
{
|
||||
gss_OID o = *oid;
|
||||
|
@ -27,9 +27,9 @@
|
||||
*/
|
||||
|
||||
#include "mech_locl.h"
|
||||
RCSID("$Id: gss_release_oid_set.c 22144 2007-12-04 17:31:55Z lha $");
|
||||
RCSID("$Id: gss_release_oid_set.c 23025 2008-04-17 10:01:57Z lha $");
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_release_oid_set(OM_uint32 *minor_status,
|
||||
gss_OID_set *set)
|
||||
{
|
||||
|
@ -27,9 +27,9 @@
|
||||
*/
|
||||
|
||||
#include "mech_locl.h"
|
||||
RCSID("$Id: gss_seal.c 17700 2006-06-28 09:00:26Z lha $");
|
||||
RCSID("$Id: gss_seal.c 23025 2008-04-17 10:01:57Z lha $");
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_seal(OM_uint32 *minor_status,
|
||||
gss_ctx_id_t context_handle,
|
||||
int conf_req_flag,
|
||||
|
@ -31,9 +31,9 @@
|
||||
*/
|
||||
|
||||
#include "mech_locl.h"
|
||||
RCSID("$Id: gss_set_cred_option.c 21126 2007-06-18 20:19:59Z lha $");
|
||||
RCSID("$Id: gss_set_cred_option.c 23025 2008-04-17 10:01:57Z lha $");
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_set_cred_option (OM_uint32 *minor_status,
|
||||
gss_cred_id_t *cred_handle,
|
||||
const gss_OID object,
|
||||
|
@ -31,9 +31,9 @@
|
||||
*/
|
||||
|
||||
#include "mech_locl.h"
|
||||
RCSID("$Id: gss_set_sec_context_option.c 19928 2007-01-16 10:37:54Z lha $");
|
||||
RCSID("$Id: gss_set_sec_context_option.c 23025 2008-04-17 10:01:57Z lha $");
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_set_sec_context_option (OM_uint32 *minor_status,
|
||||
gss_ctx_id_t *context_handle,
|
||||
const gss_OID object,
|
||||
|
@ -27,9 +27,9 @@
|
||||
*/
|
||||
|
||||
#include "mech_locl.h"
|
||||
RCSID("$Id: gss_sign.c 17700 2006-06-28 09:00:26Z lha $");
|
||||
RCSID("$Id: gss_sign.c 23025 2008-04-17 10:01:57Z lha $");
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_sign(OM_uint32 *minor_status,
|
||||
gss_ctx_id_t context_handle,
|
||||
int qop_req,
|
||||
|
@ -27,9 +27,9 @@
|
||||
*/
|
||||
|
||||
#include "mech_locl.h"
|
||||
RCSID("$Id: gss_test_oid_set_member.c 17700 2006-06-28 09:00:26Z lha $");
|
||||
RCSID("$Id: gss_test_oid_set_member.c 23025 2008-04-17 10:01:57Z lha $");
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_test_oid_set_member(OM_uint32 *minor_status,
|
||||
const gss_OID member,
|
||||
const gss_OID_set set,
|
||||
|
@ -27,9 +27,9 @@
|
||||
*/
|
||||
|
||||
#include "mech_locl.h"
|
||||
RCSID("$Id: gss_unseal.c 17700 2006-06-28 09:00:26Z lha $");
|
||||
RCSID("$Id: gss_unseal.c 23025 2008-04-17 10:01:57Z lha $");
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_unseal(OM_uint32 *minor_status,
|
||||
gss_ctx_id_t context_handle,
|
||||
gss_buffer_t input_message_buffer,
|
||||
|
@ -27,9 +27,9 @@
|
||||
*/
|
||||
|
||||
#include "mech_locl.h"
|
||||
RCSID("$Id: gss_unwrap.c 17700 2006-06-28 09:00:26Z lha $");
|
||||
RCSID("$Id: gss_unwrap.c 23025 2008-04-17 10:01:57Z lha $");
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_unwrap(OM_uint32 *minor_status,
|
||||
const gss_ctx_id_t context_handle,
|
||||
const gss_buffer_t input_message_buffer,
|
||||
|
@ -27,9 +27,9 @@
|
||||
*/
|
||||
|
||||
#include "mech_locl.h"
|
||||
RCSID("$Id: gss_verify.c 17700 2006-06-28 09:00:26Z lha $");
|
||||
RCSID("$Id: gss_verify.c 23025 2008-04-17 10:01:57Z lha $");
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_verify(OM_uint32 *minor_status,
|
||||
gss_ctx_id_t context_handle,
|
||||
gss_buffer_t message_buffer,
|
||||
|
@ -27,9 +27,9 @@
|
||||
*/
|
||||
|
||||
#include "mech_locl.h"
|
||||
RCSID("$Id: gss_verify_mic.c 19965 2007-01-17 16:23:47Z lha $");
|
||||
RCSID("$Id: gss_verify_mic.c 23025 2008-04-17 10:01:57Z lha $");
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_verify_mic(OM_uint32 *minor_status,
|
||||
const gss_ctx_id_t context_handle,
|
||||
const gss_buffer_t message_buffer,
|
||||
|
@ -27,9 +27,9 @@
|
||||
*/
|
||||
|
||||
#include "mech_locl.h"
|
||||
RCSID("$Id: gss_wrap.c 19965 2007-01-17 16:23:47Z lha $");
|
||||
RCSID("$Id: gss_wrap.c 23025 2008-04-17 10:01:57Z lha $");
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_wrap(OM_uint32 *minor_status,
|
||||
const gss_ctx_id_t context_handle,
|
||||
int conf_req_flag,
|
||||
|
@ -27,9 +27,9 @@
|
||||
*/
|
||||
|
||||
#include "mech_locl.h"
|
||||
RCSID("$Id: gss_wrap_size_limit.c 19965 2007-01-17 16:23:47Z lha $");
|
||||
RCSID("$Id: gss_wrap_size_limit.c 23025 2008-04-17 10:01:57Z lha $");
|
||||
|
||||
OM_uint32
|
||||
OM_uint32 GSSAPI_LIB_FUNCTION
|
||||
gss_wrap_size_limit(OM_uint32 *minor_status,
|
||||
const gss_ctx_id_t context_handle,
|
||||
int conf_req_flag,
|
||||
|
@ -33,7 +33,7 @@
|
||||
|
||||
#include "spnego/spnego_locl.h"
|
||||
|
||||
RCSID("$Id: accept_sec_context.c 22600 2008-02-21 12:46:24Z lha $");
|
||||
RCSID("$Id: accept_sec_context.c 23158 2008-05-02 09:45:28Z lha $");
|
||||
|
||||
static OM_uint32
|
||||
send_reject (OM_uint32 *minor_status,
|
||||
@ -376,6 +376,9 @@ select_mech(OM_uint32 *minor_status, MechType *mechType, int verify_p,
|
||||
char mechbuf[64];
|
||||
size_t mech_len;
|
||||
gss_OID_desc oid;
|
||||
gss_OID oidp;
|
||||
gss_OID_set mechs;
|
||||
int i;
|
||||
OM_uint32 ret, junk;
|
||||
|
||||
ret = der_put_oid ((unsigned char *)mechbuf + sizeof(mechbuf) - 1,
|
||||
@ -396,27 +399,29 @@ select_mech(OM_uint32 *minor_status, MechType *mechType, int verify_p,
|
||||
*minor_status = 0;
|
||||
|
||||
/* Translate broken MS Kebreros OID */
|
||||
if (gss_oid_equal(&oid, &_gss_spnego_mskrb_mechanism_oid_desc)) {
|
||||
gssapi_mech_interface mech;
|
||||
if (gss_oid_equal(&oid, &_gss_spnego_mskrb_mechanism_oid_desc))
|
||||
oidp = &_gss_spnego_krb5_mechanism_oid_desc;
|
||||
else
|
||||
oidp = &oid;
|
||||
|
||||
mech = __gss_get_mechanism(&_gss_spnego_krb5_mechanism_oid_desc);
|
||||
if (mech == NULL)
|
||||
|
||||
ret = gss_indicate_mechs(&junk, &mechs);
|
||||
if (ret)
|
||||
return (ret);
|
||||
|
||||
for (i = 0; i < mechs->count; i++)
|
||||
if (gss_oid_equal(&mechs->elements[i], oidp))
|
||||
break;
|
||||
|
||||
if (i == mechs->count) {
|
||||
gss_release_oid_set(&junk, &mechs);
|
||||
return GSS_S_BAD_MECH;
|
||||
|
||||
ret = gss_duplicate_oid(minor_status,
|
||||
&_gss_spnego_mskrb_mechanism_oid_desc,
|
||||
mech_p);
|
||||
} else {
|
||||
gssapi_mech_interface mech;
|
||||
|
||||
mech = __gss_get_mechanism(&oid);
|
||||
if (mech == NULL)
|
||||
return GSS_S_BAD_MECH;
|
||||
|
||||
ret = gss_duplicate_oid(minor_status,
|
||||
&mech->gm_mech_oid,
|
||||
mech_p);
|
||||
}
|
||||
gss_release_oid_set(&junk, &mechs);
|
||||
|
||||
ret = gss_duplicate_oid(minor_status,
|
||||
&oid, /* possibly this should be oidp */
|
||||
mech_p);
|
||||
|
||||
if (verify_p) {
|
||||
gss_name_t name = GSS_C_NO_NAME;
|
||||
@ -635,9 +640,6 @@ acceptor_start
|
||||
if (ctx->mech_src_name != GSS_C_NO_NAME)
|
||||
gss_release_name(&junk, &ctx->mech_src_name);
|
||||
|
||||
if (ctx->delegated_cred_id != GSS_C_NO_CREDENTIAL)
|
||||
_gss_spnego_release_cred(&junk, &ctx->delegated_cred_id);
|
||||
|
||||
ret = gss_accept_sec_context(minor_status,
|
||||
&ctx->negotiated_ctx_id,
|
||||
mech_cred,
|
||||
@ -649,19 +651,20 @@ acceptor_start
|
||||
&ctx->mech_flags,
|
||||
&ctx->mech_time_rec,
|
||||
&mech_delegated_cred);
|
||||
|
||||
if (mech_delegated_cred && delegated_cred_handle) {
|
||||
_gss_spnego_alloc_cred(&junk,
|
||||
mech_delegated_cred,
|
||||
delegated_cred_handle);
|
||||
} else if (mech_delegated_cred != GSS_C_NO_CREDENTIAL)
|
||||
gss_release_cred(&junk, &mech_delegated_cred);
|
||||
|
||||
if (ret == GSS_S_COMPLETE || ret == GSS_S_CONTINUE_NEEDED) {
|
||||
ctx->preferred_mech_type = preferred_mech_type;
|
||||
ctx->negotiated_mech_type = preferred_mech_type;
|
||||
if (ret == GSS_S_COMPLETE)
|
||||
ctx->open = 1;
|
||||
|
||||
if (mech_delegated_cred && delegated_cred_handle)
|
||||
ret = _gss_spnego_alloc_cred(&junk,
|
||||
mech_delegated_cred,
|
||||
delegated_cred_handle);
|
||||
else
|
||||
gss_release_cred(&junk, &mech_delegated_cred);
|
||||
|
||||
ret = acceptor_complete(minor_status,
|
||||
ctx,
|
||||
&get_mic,
|
||||
@ -740,10 +743,6 @@ out:
|
||||
*src_name = (gss_name_t)name;
|
||||
}
|
||||
}
|
||||
if (delegated_cred_handle != NULL) {
|
||||
*delegated_cred_handle = ctx->delegated_cred_id;
|
||||
ctx->delegated_cred_id = GSS_C_NO_CREDENTIAL;
|
||||
}
|
||||
}
|
||||
|
||||
if (mech_type != NULL)
|
||||
@ -780,7 +779,7 @@ acceptor_continue
|
||||
gss_cred_id_t *delegated_cred_handle
|
||||
)
|
||||
{
|
||||
OM_uint32 ret, ret2, minor;
|
||||
OM_uint32 ret, ret2, minor, junk;
|
||||
NegotiationToken nt;
|
||||
size_t nt_len;
|
||||
NegTokenResp *na;
|
||||
@ -836,27 +835,16 @@ acceptor_continue
|
||||
|
||||
if (mech_input_token != GSS_C_NO_BUFFER) {
|
||||
gss_cred_id_t mech_cred;
|
||||
gss_cred_id_t mech_delegated_cred;
|
||||
gss_cred_id_t *mech_delegated_cred_p;
|
||||
gss_cred_id_t mech_delegated_cred = GSS_C_NO_CREDENTIAL;
|
||||
|
||||
if (acceptor_cred != NULL)
|
||||
mech_cred = acceptor_cred->negotiated_cred_id;
|
||||
else
|
||||
mech_cred = GSS_C_NO_CREDENTIAL;
|
||||
|
||||
if (delegated_cred_handle != NULL) {
|
||||
mech_delegated_cred = GSS_C_NO_CREDENTIAL;
|
||||
mech_delegated_cred_p = &mech_delegated_cred;
|
||||
} else {
|
||||
mech_delegated_cred_p = NULL;
|
||||
}
|
||||
|
||||
if (ctx->mech_src_name != GSS_C_NO_NAME)
|
||||
gss_release_name(&minor, &ctx->mech_src_name);
|
||||
|
||||
if (ctx->delegated_cred_id != GSS_C_NO_CREDENTIAL)
|
||||
_gss_spnego_release_cred(&minor, &ctx->delegated_cred_id);
|
||||
|
||||
ret = gss_accept_sec_context(&minor,
|
||||
&ctx->negotiated_ctx_id,
|
||||
mech_cred,
|
||||
@ -867,16 +855,16 @@ acceptor_continue
|
||||
&obuf,
|
||||
&ctx->mech_flags,
|
||||
&ctx->mech_time_rec,
|
||||
mech_delegated_cred_p);
|
||||
if (ret == GSS_S_COMPLETE || ret == GSS_S_CONTINUE_NEEDED) {
|
||||
if (mech_delegated_cred_p != NULL &&
|
||||
mech_delegated_cred != GSS_C_NO_CREDENTIAL) {
|
||||
ret2 = _gss_spnego_alloc_cred(minor_status,
|
||||
&mech_delegated_cred);
|
||||
|
||||
if (mech_delegated_cred && delegated_cred_handle) {
|
||||
_gss_spnego_alloc_cred(&junk,
|
||||
mech_delegated_cred,
|
||||
&ctx->delegated_cred_id);
|
||||
if (ret2 != GSS_S_COMPLETE)
|
||||
ret = ret2;
|
||||
}
|
||||
delegated_cred_handle);
|
||||
} else if (mech_delegated_cred != GSS_C_NO_CREDENTIAL)
|
||||
gss_release_cred(&junk, &mech_delegated_cred);
|
||||
|
||||
if (ret == GSS_S_COMPLETE || ret == GSS_S_CONTINUE_NEEDED) {
|
||||
mech_output_token = &obuf;
|
||||
}
|
||||
if (ret != GSS_S_COMPLETE && ret != GSS_S_CONTINUE_NEEDED) {
|
||||
@ -958,10 +946,6 @@ acceptor_continue
|
||||
*src_name = (gss_name_t)name;
|
||||
}
|
||||
}
|
||||
if (delegated_cred_handle != NULL) {
|
||||
*delegated_cred_handle = ctx->delegated_cred_id;
|
||||
ctx->delegated_cred_id = GSS_C_NO_CREDENTIAL;
|
||||
}
|
||||
}
|
||||
|
||||
if (mech_type != NULL)
|
||||
|
@ -32,7 +32,7 @@
|
||||
|
||||
#include "spnego/spnego_locl.h"
|
||||
|
||||
RCSID("$Id: compat.c 21866 2007-08-08 11:31:29Z lha $");
|
||||
RCSID("$Id: compat.c 22688 2008-03-16 11:33:58Z lha $");
|
||||
|
||||
/*
|
||||
* Apparently Microsoft got the OID wrong, and used
|
||||
@ -76,7 +76,6 @@ OM_uint32 _gss_spnego_alloc_sec_context (OM_uint32 * minor_status,
|
||||
ctx->mech_flags = 0;
|
||||
ctx->mech_time_rec = 0;
|
||||
ctx->mech_src_name = GSS_C_NO_NAME;
|
||||
ctx->delegated_cred_id = GSS_C_NO_CREDENTIAL;
|
||||
|
||||
ctx->open = 0;
|
||||
ctx->local = 0;
|
||||
@ -124,8 +123,6 @@ OM_uint32 _gss_spnego_internal_delete_sec_context
|
||||
if (ctx->initiator_mech_types.val != NULL)
|
||||
free_MechTypeList(&ctx->initiator_mech_types);
|
||||
|
||||
_gss_spnego_release_cred(&minor, &ctx->delegated_cred_id);
|
||||
|
||||
gss_release_oid(&minor, &ctx->preferred_mech_type);
|
||||
ctx->negotiated_mech_type = GSS_C_NO_OID;
|
||||
|
||||
|
@ -32,7 +32,7 @@
|
||||
|
||||
#include "spnego/spnego_locl.h"
|
||||
|
||||
RCSID("$Id: context_stubs.c 22604 2008-02-21 21:12:48Z lha $");
|
||||
RCSID("$Id: context_stubs.c 22688 2008-03-16 11:33:58Z lha $");
|
||||
|
||||
static OM_uint32
|
||||
spnego_supported_mechs(OM_uint32 *minor_status, gss_OID_set *mechs)
|
||||
@ -907,7 +907,7 @@ OM_uint32 _gss_spnego_set_sec_context_option
|
||||
return GSS_S_NO_CONTEXT;
|
||||
}
|
||||
|
||||
ctx = (gssspnego_ctx)context_handle;
|
||||
ctx = (gssspnego_ctx)*context_handle;
|
||||
|
||||
if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
|
||||
return GSS_S_NO_CONTEXT;
|
||||
@ -919,3 +919,31 @@ OM_uint32 _gss_spnego_set_sec_context_option
|
||||
value);
|
||||
}
|
||||
|
||||
|
||||
OM_uint32
|
||||
_gss_spnego_pseudo_random(OM_uint32 *minor_status,
|
||||
gss_ctx_id_t context_handle,
|
||||
int prf_key,
|
||||
const gss_buffer_t prf_in,
|
||||
ssize_t desired_output_len,
|
||||
gss_buffer_t prf_out)
|
||||
{
|
||||
gssspnego_ctx ctx;
|
||||
|
||||
*minor_status = 0;
|
||||
|
||||
if (context_handle == GSS_C_NO_CONTEXT)
|
||||
return GSS_S_NO_CONTEXT;
|
||||
|
||||
ctx = (gssspnego_ctx)context_handle;
|
||||
|
||||
if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT)
|
||||
return GSS_S_NO_CONTEXT;
|
||||
|
||||
return gss_pseudo_random(minor_status,
|
||||
ctx->negotiated_ctx_id,
|
||||
prf_key,
|
||||
prf_in,
|
||||
desired_output_len,
|
||||
prf_out);
|
||||
}
|
||||
|
@ -32,7 +32,7 @@
|
||||
|
||||
#include "spnego/spnego_locl.h"
|
||||
|
||||
RCSID("$Id: cred_stubs.c 20619 2007-05-08 13:43:45Z lha $");
|
||||
RCSID("$Id: cred_stubs.c 22688 2008-03-16 11:33:58Z lha $");
|
||||
|
||||
OM_uint32
|
||||
_gss_spnego_release_cred(OM_uint32 *minor_status, gss_cred_id_t *cred_handle)
|
||||
@ -334,3 +334,23 @@ OM_uint32 _gss_spnego_inquire_cred_by_oid
|
||||
return ret;
|
||||
}
|
||||
|
||||
OM_uint32
|
||||
_gss_spnego_set_cred_option (OM_uint32 *minor_status,
|
||||
gss_cred_id_t *cred_handle,
|
||||
const gss_OID object,
|
||||
const gss_buffer_t value)
|
||||
{
|
||||
gssspnego_cred cred;
|
||||
|
||||
if (cred_handle == NULL || *cred_handle == GSS_C_NO_CREDENTIAL) {
|
||||
*minor_status = 0;
|
||||
return GSS_S_NO_CRED;
|
||||
}
|
||||
|
||||
cred = (gssspnego_cred)*cred_handle;
|
||||
return gss_set_cred_option(minor_status,
|
||||
&cred->negotiated_cred_id,
|
||||
object,
|
||||
value);
|
||||
}
|
||||
|
||||
|
@ -33,7 +33,7 @@
|
||||
#include "spnego/spnego_locl.h"
|
||||
#include <gssapi_mech.h>
|
||||
|
||||
RCSID("$Id: external.c 22600 2008-02-21 12:46:24Z lha $");
|
||||
RCSID("$Id: external.c 22688 2008-03-16 11:33:58Z lha $");
|
||||
|
||||
/*
|
||||
* RFC2478, SPNEGO:
|
||||
@ -57,8 +57,8 @@ static gssapi_mech_interface_desc spnego_mech = {
|
||||
_gss_spnego_verify_mic,
|
||||
_gss_spnego_wrap,
|
||||
_gss_spnego_unwrap,
|
||||
NULL,
|
||||
NULL,
|
||||
NULL, /* gm_display_status */
|
||||
NULL, /* gm_indicate_mechs */
|
||||
_gss_spnego_compare_name,
|
||||
_gss_spnego_display_name,
|
||||
_gss_spnego_import_name,
|
||||
@ -74,7 +74,12 @@ static gssapi_mech_interface_desc spnego_mech = {
|
||||
_gss_spnego_inquire_names_for_mech,
|
||||
_gss_spnego_inquire_mechs_for_name,
|
||||
_gss_spnego_canonicalize_name,
|
||||
_gss_spnego_duplicate_name
|
||||
_gss_spnego_duplicate_name,
|
||||
_gss_spnego_inquire_sec_context_by_oid,
|
||||
_gss_spnego_inquire_cred_by_oid,
|
||||
_gss_spnego_set_sec_context_option,
|
||||
_gss_spnego_set_cred_option,
|
||||
_gss_spnego_pseudo_random
|
||||
};
|
||||
|
||||
gssapi_mech_interface
|
||||
|
@ -224,6 +224,15 @@ _gss_spnego_process_context_token (
|
||||
const gss_ctx_id_t /*context_handle*/,
|
||||
const gss_buffer_t token_buffer );
|
||||
|
||||
OM_uint32
|
||||
_gss_spnego_pseudo_random (
|
||||
OM_uint32 */*minor_status*/,
|
||||
gss_ctx_id_t /*context_handle*/,
|
||||
int /*prf_key*/,
|
||||
const gss_buffer_t /*prf_in*/,
|
||||
ssize_t /*desired_output_len*/,
|
||||
gss_buffer_t /*prf_out*/);
|
||||
|
||||
OM_uint32
|
||||
_gss_spnego_release_cred (
|
||||
OM_uint32 */*minor_status*/,
|
||||
@ -250,6 +259,13 @@ _gss_spnego_seal (
|
||||
int * /*conf_state*/,
|
||||
gss_buffer_t output_message_buffer );
|
||||
|
||||
OM_uint32
|
||||
_gss_spnego_set_cred_option (
|
||||
OM_uint32 */*minor_status*/,
|
||||
gss_cred_id_t */*cred_handle*/,
|
||||
const gss_OID /*object*/,
|
||||
const gss_buffer_t /*value*/);
|
||||
|
||||
OM_uint32
|
||||
_gss_spnego_set_sec_context_option (
|
||||
OM_uint32 * /*minor_status*/,
|
||||
|
@ -30,7 +30,7 @@
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
/* $Id: spnego_locl.h 19411 2006-12-18 15:42:03Z lha $ */
|
||||
/* $Id: spnego_locl.h 23161 2008-05-05 09:56:20Z lha $ */
|
||||
|
||||
#ifndef SPNEGO_LOCL_H
|
||||
#define SPNEGO_LOCL_H
|
||||
@ -86,7 +86,6 @@ typedef struct {
|
||||
OM_uint32 mech_flags;
|
||||
OM_uint32 mech_time_rec;
|
||||
gss_name_t mech_src_name;
|
||||
gss_cred_id_t delegated_cred_id;
|
||||
unsigned int open : 1;
|
||||
unsigned int local : 1;
|
||||
unsigned int require_mic : 1;
|
||||
|
0
source/heimdal/lib/hcrypto/aes.c
Executable file → Normal file
0
source/heimdal/lib/hcrypto/aes.c
Executable file → Normal file
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user