From 7bf39f6be87c46f74f7c9da83c87aeffcd384721 Mon Sep 17 00:00:00 2001 From: Theodore Tso Date: Tue, 4 Jun 1991 13:23:22 +0000 Subject: *** empty log message *** git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@2148 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/gssapi/dsp_status.c | 133 ++++++++++++++++++++++++++++++++++++++++++++ src/lib/gssapi/sign.c | 72 ++++++++++++++++++++++++ src/lib/gssapi/verify.c | 69 +++++++++++++++++++++++ 3 files changed, 274 insertions(+) create mode 100644 src/lib/gssapi/dsp_status.c create mode 100644 src/lib/gssapi/sign.c create mode 100644 src/lib/gssapi/verify.c (limited to 'src/lib') diff --git a/src/lib/gssapi/dsp_status.c b/src/lib/gssapi/dsp_status.c new file mode 100644 index 0000000000..433d1c151d --- /dev/null +++ b/src/lib/gssapi/dsp_status.c @@ -0,0 +1,133 @@ +/* + * dsp_status.c --- display_status + * + * $Source$ + * $Author$ + * $Header$ + * + * Copyright 1991 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * For copying and distribution information, please see the file + * . + * + */ + +#include + +#define GSS_CE_MASK 0xFF000000 +#define GSS_RE_MASK 0x00FF0000 +#define GSS_SS_MASK 0x0000FFFF + +#define GSS_CONTEXT_THIS(i) ((i) & 0xFFFF) +#define GSS_CONTEXT_NEXT(i) ((i) >> 16) + +struct gss_error_table { + int code; + int mask; + char *string; +}; + +static struct gss_error_table table[] = { + { GSS_S_CALL_INACCESSIBLE_READ, GSS_CE_MASK, + "GSSAPI Calling Error: Inaccessible read" }, + { GSS_S_CALL_INACCESSIBLE_WRITE, GSS_CE_MASK, + "GSSAPI Calling Error: Inaccessible write" }, + { GSS_S_CALL_BAD_STRUCTURE, GSS_CE_MASK, + "GSSAPI Calling Error: Bad Structure" }, + { GSS_S_BAD_MECH, GSS_RE_MASK, + "GSSAPI Routine Error: Bad Mechanism" }, + { GSS_S_BAD_NAME, GSS_RE_MASK, + "GSSAPI Routine Error: Bad Name" }, + { GSS_S_BAD_NAMETYPE, GSS_RE_MASK, + "GSSAPI Routine Error: Bad Nametype" }, + { GSS_S_BAD_BINDINGS, GSS_RE_MASK, + "GSSAPI Routine Error: Bad Bindings" }, + { GSS_S_BAD_STATUS, GSS_RE_MASK, + "GSSAPI Routine Error: Bad Status" }, + { GSS_S_BAD_SIG, GSS_RE_MASK, + "GSSAPI Routine Error: Invalid Signature" }, + { GSS_S_NO_CRED, GSS_RE_MASK, + "GSSAPI Routine Error: Missing Credentials" }, + { GSS_S_NO_CONTEXT, GSS_RE_MASK, + "GSSAPI Routine Error: Missing Context" }, + { GSS_S_DEFECTIVE_TOKEN, GSS_RE_MASK, + "GSSAPI Routine Error: Defective Token" }, + { GSS_S_DEFECTIVE_CREDENTIAL, GSS_RE_MASK, + "GSSAPI Routine Error: Defective Credential" }, + { GSS_S_CREDENTIALS_EXPIRED, GSS_RE_MASK, + "GSSAPI Routine Error: Credentials Expired" }, + { GSS_S_CONTEXT_EXPIRED, GSS_RE_MASK, + "GSSAPI Routine Error: Context expired" }, + { GSS_S_FAILURE, GSS_RE_MASK, + "GSSAPI Routine Error: Mechanism-specific failure" }, +}; +static int nentries = sizeof (struct gss_error_table) / sizeof (*table); + +OM_uint32 gss_display_status(minor_status, status_value, status_type, + mech_type, message_context, status_string) + OM_uint32 *minor_status; + int status_value; + int status_type; + gss_OID mech_type; + int *message_context; + gss_buffer_t status_string; +{ + const char *str; + int next; + int retval; + + *minor_status = 0; + + if (status_type == GSS_C_MECH_CODE) { + /* + * We only handle Kerberos V5... + */ + if ((mech_type != GSS_C_NULL_OID) && + !gss_compare_OID(mech_type, &gss_OID_krb5)) { + return(GSS_S_BAD_MECH); + } + str = error_message(status_value); + retval = GSS_S_COMPLETE; + goto return_message_found; + } else { + next = *message_context; + + if (next < 0 || next >= nentries) { + return(GSS_S_FAILURE); + } + if (next == 0) { + while (next < nentries) { + if ((status_value & table[next].mask) == + table[next].code) + break; + next++; + } + if (next >= nentries) + return(GSS_S_BAD_STATUS); + } + str = table[next].string; + next++; + while (next < nentries) { + if ((status_value & table[next].mask) == + table[next].code) + break; + next++; + } + if (next >= nentries) + retval = GSS_S_COMPLETE; + else + retval = GSS_S_CONTINUE_NEEDED; + *message_context = next; + } + +return_message_found: + status_string->length = strlen(str); + if (!(status_string->value = malloc(status_string->length))) { + *minor_status = ENOMEM; + return(GSS_S_FAILURE); + } + strcpy(status_string->value, str); + return(GSS_S_COMPLETE); +} + diff --git a/src/lib/gssapi/sign.c b/src/lib/gssapi/sign.c new file mode 100644 index 0000000000..c6b579076f --- /dev/null +++ b/src/lib/gssapi/sign.c @@ -0,0 +1,72 @@ +/* + * sign.c --- sign message + * + * $Source$ + * $Author$ + * $Header$ + * + * Copyright 1991 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * For copying and distribution information, please see the file + * . + * + */ + +#include +#include + +OM_uint32 gss_sign(minor_status, context, qop_req, + input_message_buffer, output_message_buffer) + OM_uint32 *minor_status; + gss_ctx_id_t context; + int qop_req; + gss_buffer_t input_message_buffer; + gss_buffer_t output_message_buffer; +{ + krb5_data inbuf, outbuf, *scratch; + int safe_flags = 0; + krb5_safe *message; + + *minor_status = 0; + + inbuf.length = input_message_buffer->length; + inbuf.data = input_message_buffer->value; + + + if (context->flags & GSS_C_SEQUENCE_FLAG) + safe_flags = KRB5_SAFE_DOSEQUENCE|KRB5_SAFE_NOTIME; + if (*minor_status = krb5_mk_safe(&inbuf, + CKSUMTYPE_RSA_MD4_DES, + context->session_key, + &context->my_address, + &context->his_address, + context->my_seq_num, + safe_flags, + 0, /* no rcache */ + &outbuf)) + return(GSS_S_FAILURE); + if (*minor_status = decode_krb5_safe(&outbuf, &message)) + return(GSS_S_FAILURE); + message->user_data.length = 1; + xfree(outbuf.data); + if (*minor_status = encode_krb5_safe(&message, &scratch)) { + krb5_free_safe(message); + return(GSS_S_FAILURE); + } + krb5_free_safe(message); + if (*minor_status = gss_make_token(minor_status, + GSS_API_KRB5_TYPE, + GSS_API_KRB5_SIGN, + scratch->length, + scratch->data, + output_message_buffer)) { + krb5_free_data(scratch); + return(GSS_S_FAILURE); + } + krb5_free_data(scratch); + if (context->flags & GSS_C_SEQUENCE_FLAG) + context->my_seq_num++; + return(GSS_S_COMPLETE); +} + diff --git a/src/lib/gssapi/verify.c b/src/lib/gssapi/verify.c new file mode 100644 index 0000000000..d212655c4e --- /dev/null +++ b/src/lib/gssapi/verify.c @@ -0,0 +1,69 @@ +/* + * verify.c --- verify message + * + * $Source$ + * $Author$ + * $Header$ + * + * Copyright 1991 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * For copying and distribution information, please see the file + * . + * + */ + +#include +#include + +OM_uint32 gss_verify(minor_status, context, message_buffer, + token_buffer, qop_state) + OM_uint32 *minor_status; + gss_ctx_id_t context; + gss_buffer_t message_buffer; + gss_buffer_t token_buffer; + int *qop_state; +{ + OM_uint32 retval; + krb5_data inbuf, outbuf, *scratch; + krb5_safe *message; + int safe_flags = 0; + + *minor_status = 0; + + if (retval = gss_check_token(minor_status, message_buffer, + GSS_API_KRB5_TYPE, GSS_API_KRB5_SIGN)) + return(retval); + inbuf.length = token_buffer->length-4; + inbuf.data = ( (char *) token_buffer->value)+4; + if (*minor_status = decode_krb5_safe(&inbuf, &message)) + return(GSS_S_FAILURE); + if (message->user_data.data) + xfree(message->user_data.data); + message->user_data.length = message_buffer->length; + message->user_data.data = message_buffer->value; + if (*minor_status = encode_krb5_safe(&message, &scratch)) { + message->user_data.data = NULL; + krb5_free_safe(message); + return(GSS_S_FAILURE); + } + message->user_data.data = NULL; + krb5_free_safe(message); + if (context->flags & GSS_C_SEQUENCE_FLAG) + safe_flags = KRB5_SAFE_DOSEQUENCE|KRB5_SAFE_NOTIME; + if (*minor_status = krb5_rd_safe(scratch, + context->session_key, + &context->his_address, + &context->my_address, + context->his_seq_num, + safe_flags, + 0, /* no rcache */ + &outbuf)) { + krb5_free_data(scratch); + return(GSS_S_FAILURE); + } + krb5_free_data(scratch); + if (qop_state) + *qop_state = 0; + return(GSS_S_COMPLETE); +} -- cgit