diff options
| -rw-r--r-- | README.txt | 4 | ||||
| -rw-r--r-- | src/gss_ntlmssp.h | 5 | ||||
| -rw-r--r-- | src/gss_sec_ctx.c | 48 | ||||
| -rw-r--r-- | src/gss_spi.c | 11 | ||||
| -rw-r--r-- | src/gssapi_ntlmssp.h | 13 |
5 files changed, 81 insertions, 0 deletions
@@ -8,6 +8,10 @@ authentication. So far it has been built and tested only with the libgssapi implementation that comes with MIT Kerberos 1.11 +OID Space +========= + +The Samba Project kindly donated this OID space: 1.3.6.1.4.1.7165.655.1.x BUILDING ======== diff --git a/src/gss_ntlmssp.h b/src/gss_ntlmssp.h index 2b93d09..bba85f9 100644 --- a/src/gss_ntlmssp.h +++ b/src/gss_ntlmssp.h @@ -257,6 +257,11 @@ uint32_t gssntlm_accept_sec_context(uint32_t *minor_status, uint32_t *time_rec, gss_cred_id_t *delegated_cred_handle); +uint32_t gssntlm_set_sec_context_option(uint32_t *minor_status, + gss_ctx_id_t *context_handle, + const gss_OID desired_object, + const gss_buffer_t value); + uint32_t gssntlm_get_mic(uint32_t *minor_status, gss_ctx_id_t context_handle, gss_qop_t qop_req, diff --git a/src/gss_sec_ctx.c b/src/gss_sec_ctx.c index 855aa9f..2290cb9 100644 --- a/src/gss_sec_ctx.c +++ b/src/gss_sec_ctx.c @@ -1235,3 +1235,51 @@ uint32_t gssntlm_inquire_context(uint32_t *minor_status, return GSS_S_COMPLETE; } + +gss_OID_desc set_seq_num_oid = { + GSS_NTLMSSP_SET_SEQ_NUM_OID_LENGTH, + GSS_NTLMSSP_SET_SEQ_NUM_OID_STRING +}; + +uint32_t gssntlm_set_sec_context_option(uint32_t *minor_status, + gss_ctx_id_t *context_handle, + const gss_OID desired_object, + const gss_buffer_t value) +{ + struct gssntlm_ctx *ctx; + + if (minor_status == NULL) { + return GSS_S_CALL_INACCESSIBLE_WRITE; + } + if (context_handle == NULL || *context_handle == NULL) { + return GSS_S_CALL_INACCESSIBLE_READ; + } + if (desired_object == GSS_C_NO_OID) { + return GSS_S_CALL_INACCESSIBLE_READ; + } + + ctx = (struct gssntlm_ctx *)*context_handle; + + *minor_status = 0; + + /* set seq num */ + if (gss_oid_equal(desired_object, &set_seq_num_oid)) { + if (ctx->gss_flags & GSS_C_DATAGRAM_FLAG) { + + if (value->length != 4) { + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + memcpy(&ctx->recv.seq_num, value->value, value->length); + ctx->send.seq_num = ctx->recv.seq_num; + return GSS_S_COMPLETE; + } else { + *minor_status = EACCES; + return GSS_S_UNAUTHORIZED; + } + } + + *minor_status = EINVAL; + return GSS_S_UNAVAILABLE; +} diff --git a/src/gss_spi.c b/src/gss_spi.c index 3c17e95..5818824 100644 --- a/src/gss_spi.c +++ b/src/gss_spi.c @@ -285,3 +285,14 @@ OM_uint32 gss_display_name(OM_uint32 *minor_status, output_name_buffer, output_name_type); } + +OM_uint32 gss_set_sec_context_option(OM_uint32 *minor_status, + gss_ctx_id_t *context_handle, + const gss_OID desired_object, + const gss_buffer_t value) +{ + return gssntlm_set_sec_context_option(minor_status, + context_handle, + desired_object, + value); +} diff --git a/src/gssapi_ntlmssp.h b/src/gssapi_ntlmssp.h index 17cbed8..42edafd 100644 --- a/src/gssapi_ntlmssp.h +++ b/src/gssapi_ntlmssp.h @@ -34,6 +34,19 @@ extern "C" { * oriented connections and has a ISC_REQ_DATAGRAM flag for that */ #define GSS_C_DATAGRAM_FLAG 0x10000 + +/* OID space kindly donated by Samba Project: 1.3.6.1.4.1.7165.655.1 */ +#define GSS_NTLMSSP_BASE_OID_STRING "\x2b\x06\x01\x04\x01\xb7\x7d\x85\x0f\x01" +#define GSS_NTLMSSP_BASE_OID_LENGTH 10 + +/* Set Seq Num OID + * OID to be used to be used with gss_set_sec_context_option() + * the value buffer is a uint32_t in host order and is used + * to force a specific sequence number. This operation is allowed + * only if GSS_C_DATAGRAM_FLAG was used. */ +#define GSS_NTLMSSP_SET_SEQ_NUM_OID_STRING GSS_NTLMSSP_BASE_OID_STRING "\x01" +#define GSS_NTLMSSP_SET_SEQ_NUM_OID_LENGTH GSS_NTLMSSP_BASE_OID_LENGTH + 1 + #ifdef __cplusplus } #endif /* __cplusplus */ |