From 0a7c676f385226089aaf239ab8f6851c089e4d22 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Tue, 7 Feb 2012 18:43:00 -0500
Subject: Implement init_sec_context mechglue function

---
 proxy/Makefile.am                         |   1 +
 proxy/src/mechglue/gpm_init_sec_context.c | 172 ++++++++++++++++++++++++++++++
 proxy/src/mechglue/gssapi_gpm.h           |  13 +++
 3 files changed, 186 insertions(+)
 create mode 100644 proxy/src/mechglue/gpm_init_sec_context.c

diff --git a/proxy/Makefile.am b/proxy/Makefile.am
index 82f4568..6c2d212 100644
--- a/proxy/Makefile.am
+++ b/proxy/Makefile.am
@@ -88,6 +88,7 @@ GP_MECHGLUE_OBJ = \
     src/mechglue/gpm_acquire_cred.c \
     src/mechglue/gpm_indicate_mechs.c \
     src/mechglue/gpm_import_and_canon_name.c \
+    src/mechglue/gpm_init_sec_context.c \
     src/mechglue/gpm_common.c
 
 dist_noinst_HEADERS =
diff --git a/proxy/src/mechglue/gpm_init_sec_context.c b/proxy/src/mechglue/gpm_init_sec_context.c
new file mode 100644
index 0000000..2e4c171
--- /dev/null
+++ b/proxy/src/mechglue/gpm_init_sec_context.c
@@ -0,0 +1,172 @@
+/*
+   GSS-PROXY
+
+   Copyright (C) 2011 Red Hat, Inc.
+   Copyright (C) 2011 Simo Sorce <simo.sorce@redhat.com>
+
+   Permission is hereby granted, free of charge, to any person obtaining a
+   copy of this software and associated documentation files (the "Software"),
+   to deal in the Software without restriction, including without limitation
+   the rights to use, copy, modify, merge, publish, distribute, sublicense,
+   and/or sell copies of the Software, and to permit persons to whom the
+   Software is furnished to do so, subject to the following conditions:
+
+   The above copyright notice and this permission notice shall be included in
+   all copies or substantial portions of the Software.
+
+   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+   THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+   LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+   FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+   DEALINGS IN THE SOFTWARE.
+*/
+
+#include "gssapi_gpm.h"
+#include "src/gp_conv.h"
+
+OM_uint32 gpm_init_sec_context(OM_uint32 *minor_status,
+                               gss_cred_id_t claimant_cred_handle,
+                               gss_ctx_id_t *context_handle,
+                               gss_name_t target_name,
+                               gss_OID mech_type,
+                               OM_uint32 req_flags,
+                               OM_uint32 time_req,
+                               gss_channel_bindings_t input_cb,
+                               gss_buffer_t input_token,
+                               gss_OID *actual_mech_type,
+                               gss_buffer_t output_token,
+                               OM_uint32 *ret_flags,
+                               OM_uint32 *time_rec)
+{
+    union gp_rpc_arg uarg;
+    union gp_rpc_res ures;
+    gssx_arg_init_sec_context *arg = &uarg.init_sec_context;
+    gssx_res_init_sec_context *res = &ures.init_sec_context;
+    gssx_ctx *ctx = NULL;
+    gss_OID_desc *mech = NULL;
+    gss_buffer_t outbuf = NULL;
+    uint32_t ret_maj = GSS_S_COMPLETE;
+    uint32_t ret_min = 0;
+    int ret;
+
+    memset(&uarg, 0, sizeof(union gp_rpc_arg));
+    memset(&ures, 0, sizeof(union gp_rpc_res));
+
+    /* prepare proxy request */
+    if (claimant_cred_handle != GSS_C_NO_CREDENTIAL) {
+        arg->cred_handle = (gssx_cred *)claimant_cred_handle;
+    }
+
+    if (*context_handle) {
+        arg->context_handle = (gssx_ctx *)*context_handle;
+    }
+
+    if (target_name != GSS_C_NO_NAME) {
+        arg->target_name = (gssx_name *)target_name;
+    }
+
+    ret = gp_conv_oid_to_gssx(mech_type, &arg->mech_type);
+    if (ret) {
+        goto done;
+    }
+
+    if (input_cb) {
+        ret = gp_conv_cb_to_gssx_alloc(input_cb, &arg->input_cb);
+        if (ret) {
+            goto done;
+        }
+    }
+
+    ret = gp_conv_buffer_to_gssx_alloc(input_token, &arg->input_token);
+    if (ret) {
+        goto done;
+    }
+
+    /* execute proxy request */
+    ret = gpm_make_call(GSSX_INIT_SEC_CONTEXT, &uarg, &ures);
+    if (ret) {
+        goto done;
+    }
+
+    /* return values */
+    if (actual_mech_type) {
+        if (res->status.mech.octet_string_len) {
+            ret = gp_conv_gssx_to_oid_alloc(&res->status.mech, &mech);
+            if (ret) {
+                goto done;
+            }
+        }
+    }
+
+    if (res->status.major_status) {
+        gpm_save_status(&res->status);
+        ret_maj = res->status.major_status;
+        ret_min = res->status.minor_status;
+        goto done;
+    }
+
+    if (res->context_handle) {
+        ctx = res->context_handle;
+        /* we are stealing the delegated creds on success, so we do not want
+        * it to be freed by xdr_free */
+        res->context_handle = NULL;
+    }
+
+    ret = gp_conv_gssx_to_buffer_alloc(res->output_token, &outbuf);
+    if (ret) {
+        goto done;
+    }
+
+done:
+    if (ret != 0) {
+        ret_min = ret;
+        ret_maj = GSS_S_FAILURE;
+    }
+
+    /* we are putting our copy of these structures in here,
+     * and do not want it to be freed by xdr_free */
+    arg->context_handle = NULL;
+    arg->cred_handle = NULL;
+    arg->target_name = NULL;
+    gpm_free_xdrs(GSSX_INIT_SEC_CONTEXT, &uarg, &ures);
+
+    if (ret_maj == GSS_S_COMPLETE || ret_maj == GSS_S_CONTINUE_NEEDED) {
+        /* replace old ctx handle if any */
+        if (*context_handle) {
+            xdr_free((xdrproc_t)xdr_gssx_ctx, (char *)*context_handle);
+            free(*context_handle);
+        }
+        *context_handle = (gss_ctx_id_t)ctx;
+        if (actual_mech_type) {
+            *actual_mech_type = mech;
+        }
+        if (outbuf) {
+            *output_token = *outbuf;
+            free(outbuf);
+        }
+        if (ret_flags) {
+            *ret_flags = ctx->ctx_flags;
+        }
+        if (time_rec) {
+            *time_rec = ctx->lifetime;
+        }
+    } else {
+        if (ctx) {
+            xdr_free((xdrproc_t)xdr_gssx_ctx, (char *)ctx);
+            free(ctx);
+        }
+        if (mech) {
+            free(mech->elements);
+            free(mech);
+        }
+        if (outbuf) {
+            free(outbuf->value);
+            free(outbuf);
+        }
+    }
+
+    *minor_status = ret_min;
+    return ret_maj;
+}
diff --git a/proxy/src/mechglue/gssapi_gpm.h b/proxy/src/mechglue/gssapi_gpm.h
index 304c218..52d1acf 100644
--- a/proxy/src/mechglue/gssapi_gpm.h
+++ b/proxy/src/mechglue/gssapi_gpm.h
@@ -139,4 +139,17 @@ OM_uint32 gpm_canonicalize_name(OM_uint32 *minor_status,
                                 const gss_OID mech_type,
                                 gss_name_t *output_name);
 
+OM_uint32 gpm_init_sec_context(OM_uint32 *minor_status,
+                               gss_cred_id_t claimant_cred_handle,
+                               gss_ctx_id_t *context_handle,
+                               gss_name_t target_name,
+                               gss_OID mech_type,
+                               OM_uint32 req_flags,
+                               OM_uint32 time_req,
+                               gss_channel_bindings_t input_cb,
+                               gss_buffer_t input_token,
+                               gss_OID *actual_mech_type,
+                               gss_buffer_t output_token,
+                               OM_uint32 *ret_flags,
+                               OM_uint32 *time_rec);
 #endif /* _GSSAPI_GPM_H_ */
-- 
cgit