Merge users/lhoward/sasl-gs2 to trunk

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24436 dc483132-0cff-0310-8789-dd5450dbe970
author: Greg Hudson <ghudson@mit.edu> 2010-10-06 18:25:04 +0000
committer: Greg Hudson <ghudson@mit.edu> 2010-10-06 18:25:04 +0000
commit: 014f8057c5328b3e39b5d8660a1ea1a98409006f (patch)
tree: da9796d82a6d65d055f4762c411fbf395bb52f37 /src/lib/gssapi/spnego
parent: 5f2826f6d598a4dd45a55e111a07c0086fe1e38a (diff)
download: krb5-014f8057c5328b3e39b5d8660a1ea1a98409006f.tar.gz
krb5-014f8057c5328b3e39b5d8660a1ea1a98409006f.tar.xz
krb5-014f8057c5328b3e39b5d8660a1ea1a98409006f.zip
2 files changed, 126 insertions, 1 deletions
diff --git a/src/lib/gssapi/spnego/gssapiP_spnego.h b/src/lib/gssapi/spnego/gssapiP_spnego.h
index e146508c5d..50f05678d6 100644
--- a/src/lib/gssapi/spnego/gssapiP_spnego.h
+++ b/src/lib/gssapi/spnego/gssapiP_spnego.h
@@ -565,6 +565,33 @@ spnego_gss_set_neg_mechs
 	const gss_OID_set mech_list
 );
 
+OM_uint32
+spnego_gss_inquire_mech_for_saslname
+(
+	OM_uint32 *minor_status,
+	const gss_buffer_t sasl_mech_name,
+	gss_OID *mech_type
+);
+
+OM_uint32
+spnego_gss_inquire_saslname_for_mech
+(
+	OM_uint32 *minor_status,
+	const gss_OID desired_mech,
+	gss_buffer_t sasl_mech_name,
+	gss_buffer_t mech_name,
+	gss_buffer_t mech_description
+);
+
+OM_uint32
+spnego_gss_inquire_attrs_for_mech
+(
+	OM_uint32 *minor_status,
+	gss_const_OID mech,
+	gss_OID_set *mech_attrs,
+	gss_OID_set *known_mech_attrs
+);
+
 #ifdef	__cplusplus
 }
 #endif
diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c
index 9c5a6140dd..d8706af927 100644
--- a/src/lib/gssapi/spnego/spnego_mech.c
+++ b/src/lib/gssapi/spnego/spnego_mech.c
@@ -272,6 +272,9 @@ static struct gss_config spnego_mechanism =
 	spnego_gss_release_any_name_mapping,
 	spnego_gss_pseudo_random,
 	spnego_gss_set_neg_mechs,
+	spnego_gss_inquire_saslname_for_mech,
+	spnego_gss_inquire_mech_for_saslname,
+	spnego_gss_inquire_attrs_for_mech,
 };
 
 static struct gss_config_ext spnego_mechanism_ext =
@@ -2257,7 +2260,6 @@ spnego_gss_set_cred_option(
 	gss_cred_id_t mcred;
 
 	mcred = (spcred == NULL) ? GSS_C_NO_CREDENTIAL : spcred->mcred;
-
 	ret = gss_set_cred_option(minor_status,
 				  &mcred,
 				  desired_object,
@@ -2279,6 +2281,23 @@ spnego_gss_set_cred_option(
 		*cred_handle = (gss_cred_id_t)spcred;
 	}
 
+	if (ret == GSS_S_COMPLETE && spcred == NULL) {
+		/*
+		 * If the mechanism allocated a new credential handle, then
+		 * we need to wrap it up in an SPNEGO credential handle.
+		 */
+
+		spcred = malloc(sizeof(spnego_gss_cred_id_rec));
+		if (spcred == NULL) {
+			gss_release_cred(&tmp_minor_status, &mcred);
+			*minor_status = ENOMEM;
+			return (GSS_S_FAILURE);
+		}
+		spcred->mcred = mcred;
+		spcred->neg_mechs = GSS_C_NULL_OID_SET;
+		*cred_handle = (gss_cred_id_t)spcred;
+	}
+
 	return (ret);
 }
 
@@ -2686,6 +2705,85 @@ spnego_gss_set_neg_mechs(OM_uint32 *minor_status,
 	return (ret);
 }
 
+#define SPNEGO_SASL_NAME	"SPNEGO"
+#define SPNEGO_SASL_NAME_LEN	(sizeof(SPNEGO_SASL_NAME) - 1)
+
+OM_uint32
+spnego_gss_inquire_mech_for_saslname(OM_uint32 *minor_status,
+                                     const gss_buffer_t sasl_mech_name,
+                                     gss_OID *mech_type)
+{
+	if (sasl_mech_name->length == SPNEGO_SASL_NAME_LEN &&
+	    memcmp(sasl_mech_name->value, SPNEGO_SASL_NAME,
+		   SPNEGO_SASL_NAME_LEN) == 0) {
+		if (mech_type != NULL)
+			*mech_type = (gss_OID)gss_mech_spnego;
+		return (GSS_S_COMPLETE);
+	}
+
+	return (GSS_S_BAD_MECH);
+}
+
+OM_uint32
+spnego_gss_inquire_saslname_for_mech(OM_uint32 *minor_status,
+                                     const gss_OID desired_mech,
+                                     gss_buffer_t sasl_mech_name,
+                                     gss_buffer_t mech_name,
+                                     gss_buffer_t mech_description)
+{
+	*minor_status = 0;
+
+	if (!g_OID_equal(desired_mech, gss_mech_spnego))
+		return (GSS_S_BAD_MECH);
+
+	if (!g_make_string_buffer(SPNEGO_SASL_NAME, sasl_mech_name) ||
+	    !g_make_string_buffer("spnego", mech_name) ||
+	    !g_make_string_buffer("Simple and Protected GSS-API "
+				  "Negotiation Mechanism", mech_description))
+		goto fail;
+
+	return (GSS_S_COMPLETE);
+
+fail:
+	*minor_status = ENOMEM;
+	return (GSS_S_FAILURE);
+}
+
+OM_uint32
+spnego_gss_inquire_attrs_for_mech(OM_uint32 *minor_status,
+				  gss_const_OID mech,
+				  gss_OID_set *mech_attrs,
+				  gss_OID_set *known_mech_attrs)
+{
+	OM_uint32 major, tmpMinor;
+
+	/* known_mech_attrs is handled by mechglue */
+	*minor_status = 0;
+
+	if (mech_attrs == NULL)
+	    return (GSS_S_COMPLETE);
+
+	major = gss_create_empty_oid_set(minor_status, mech_attrs);
+	if (GSS_ERROR(major))
+		goto cleanup;
+
+#define MA_SUPPORTED(ma)    do {					\
+		major = gss_add_oid_set_member(minor_status,		\
+					       (gss_OID)ma, mech_attrs); \
+		if (GSS_ERROR(major))					\
+			goto cleanup;					\
+	} while (0)
+
+	MA_SUPPORTED(GSS_C_MA_MECH_NEGO);
+	MA_SUPPORTED(GSS_C_MA_ITOK_FRAMED);
+
+cleanup:
+	if (GSS_ERROR(major))
+		gss_release_oid_set(&tmpMinor, mech_attrs);
+
+	return (major);
+}
+
 /*
  * We will release everything but the ctx_handle so that it
  * can be passed back to init/accept context. This routine should
author	Greg Hudson <ghudson@mit.edu>	2010-10-06 18:25:04 +0000
committer	Greg Hudson <ghudson@mit.edu>	2010-10-06 18:25:04 +0000
commit	014f8057c5328b3e39b5d8660a1ea1a98409006f (patch)
tree	da9796d82a6d65d055f4762c411fbf395bb52f37 /src/lib/gssapi/spnego
parent	5f2826f6d598a4dd45a55e111a07c0086fe1e38a (diff)
download	krb5-014f8057c5328b3e39b5d8660a1ea1a98409006f.tar.gz krb5-014f8057c5328b3e39b5d8660a1ea1a98409006f.tar.xz krb5-014f8057c5328b3e39b5d8660a1ea1a98409006f.zip