diff options
| author | Günther Deschner <gdeschner@redhat.com> | 2012-08-24 17:44:05 +0200 |
|---|---|---|
| committer | Günther Deschner <gdeschner@redhat.com> | 2012-08-29 18:51:57 +0200 |
| commit | 04eabd49ad5fe2938672ce216d1117c9928df4b5 (patch) | |
| tree | ba867bcb00a027b167d98dece031a30ad5506ac5 | |
| parent | 765ca9ec01320584a54005f6e6809bc1498be70b (diff) | |
| download | gss-proxy-04eabd49ad5fe2938672ce216d1117c9928df4b5.tar.gz gss-proxy-04eabd49ad5fe2938672ce216d1117c9928df4b5.tar.xz gss-proxy-04eabd49ad5fe2938672ce216d1117c9928df4b5.zip | |
Implement gpm_unwrap().
| -rw-r--r-- | proxy/Makefile.am | 1 | ||||
| -rw-r--r-- | proxy/src/client/gpm_unwrap.c | 120 | ||||
| -rw-r--r-- | proxy/src/client/gssapi_gpm.h | 6 |
3 files changed, 127 insertions, 0 deletions
diff --git a/proxy/Makefile.am b/proxy/Makefile.am index 7adf529..e071c0c 100644 --- a/proxy/Makefile.am +++ b/proxy/Makefile.am @@ -97,6 +97,7 @@ GP_RPCCLI_OBJ = \ src/client/gpm_get_mic.c \ src/client/gpm_verify_mic.c \ src/client/gpm_wrap.c \ + src/client/gpm_unwrap.c \ src/client/gpm_common.c GP_MECHGLUE_OBJ = \ src/mechglue/gpp_accept_sec_context.c \ diff --git a/proxy/src/client/gpm_unwrap.c b/proxy/src/client/gpm_unwrap.c new file mode 100644 index 0000000..81f529b --- /dev/null +++ b/proxy/src/client/gpm_unwrap.c @@ -0,0 +1,120 @@ +/* + GSS-PROXY + + Copyright (C) 2011 Red Hat, Inc. + Copyright (C) 2011 Simo Sorce <simo.sorce@redhat.com> + Copyright (C) 2012 Guenther Deschner <guenther.deschner@redhat.com> + + Permission is hereby granted, free of charge, to any person obtaining a + copy of this software and associated documentation files (the "Software"), + to deal in the Software without restriction, including without limitation + the rights to use, copy, modify, merge, publish, distribute, sublicense, + and/or sell copies of the Software, and to permit persons to whom the + Software is furnished to do so, subject to the following conditions: + + The above copyright notice and this permission notice shall be included in + all copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER + DEALINGS IN THE SOFTWARE. +*/ + +#include "gssapi_gpm.h" +#include "src/gp_conv.h" + +OM_uint32 gpm_unwrap(OM_uint32 *minor_status, + gssx_ctx *context_handle, + const gss_buffer_t input_message_buffer, + gss_buffer_t output_message_buffer, + int *conf_state, + gss_qop_t *qop_state) +{ + union gp_rpc_arg uarg; + union gp_rpc_res ures; + gssx_arg_unwrap *arg = &uarg.unwrap; + gssx_res_unwrap *res = &ures.unwrap; + uint32_t ret_min = 0; + uint32_t ret_maj = 0; + int ret = 0; + gssx_buffer message_buffer; + + memset(&uarg, 0, sizeof(union gp_rpc_arg)); + memset(&ures, 0, sizeof(union gp_rpc_res)); + + if (!context_handle) { + return GSS_S_CALL_INACCESSIBLE_READ; + } + + /* format request */ + /* NOTE: the final free will also release the old context */ + arg->context_handle = *context_handle; + arg->qop_state = *qop_state; + + ret = gp_conv_buffer_to_gssx(input_message_buffer, &message_buffer); + if (ret) { + ret_maj = GSS_S_FAILURE; + ret_min = ret; + goto done; + } + arg->token_buffer.token_buffer_val = calloc(1, sizeof(gssx_buffer)); + if (!arg->token_buffer.token_buffer_val) { + ret_maj = GSS_S_FAILURE; + ret_min = ENOMEM; + goto done; + } + + arg->token_buffer.token_buffer_val[0] = message_buffer; + arg->token_buffer.token_buffer_len = 1; + + /* execute proxy request */ + ret = gpm_make_call(GSSX_UNWRAP, &uarg, &ures); + if (ret) { + ret_maj = GSS_S_FAILURE; + ret_min = ret; + goto done; + } + + /* format reply */ + if (res->status.major_status) { + gpm_save_status(&res->status); + ret_min = res->status.minor_status; + ret_maj = res->status.major_status; + goto done; + } + + if (conf_state) { + *conf_state = *res->conf_state; + } + if (qop_state) { + *qop_state = *res->qop_state; + } + + if (res->message_buffer.message_buffer_len > 0) { + ret = gp_copy_gssx_to_buffer(&res->message_buffer.message_buffer_val[0], + output_message_buffer); + if (ret) { + ret_maj = GSS_S_FAILURE; + ret_min = ret; + goto done; + } + } + + /* Immediately steal the new context on success. + * NOTE: We do not want it to be freed by xdr_free, so copy the contents + * and cear up the structure to be freed so contents are not freed. */ + if (res->context_handle) { + *context_handle = *res->context_handle; + memset(res->context_handle, 0, sizeof(gssx_ctx)); + } + +done: + gpm_free_xdrs(GSSX_UNWRAP, &uarg, &ures); + *minor_status = ret_min; + return ret_maj; +} + diff --git a/proxy/src/client/gssapi_gpm.h b/proxy/src/client/gssapi_gpm.h index 8098802..70da581 100644 --- a/proxy/src/client/gssapi_gpm.h +++ b/proxy/src/client/gssapi_gpm.h @@ -203,4 +203,10 @@ OM_uint32 gpm_wrap(OM_uint32 *minor_status, const gss_buffer_t input_message_buffer, int *conf_state, gss_buffer_t output_message_buffer); +OM_uint32 gpm_unwrap(OM_uint32 *minor_status, + gssx_ctx *context_handle, + const gss_buffer_t input_message_buffer, + gss_buffer_t output_message_buffer, + int *conf_state, + gss_qop_t *qop_state); #endif /* _GSSAPI_GPM_H_ */ |