diff options
Diffstat (limited to 'src/lib/gssapi/mechglue')
46 files changed, 3202 insertions, 884 deletions
diff --git a/src/lib/gssapi/mechglue/Makefile.in b/src/lib/gssapi/mechglue/Makefile.in index 53852f0cd..bbaab80af 100644 --- a/src/lib/gssapi/mechglue/Makefile.in +++ b/src/lib/gssapi/mechglue/Makefile.in @@ -2,8 +2,8 @@ thisconfigdir=../../.. myfulldir=lib/gssapi/mechglue mydir=lib/gssapi/mechglue BUILDTOP=$(REL)..$(S)..$(S).. -LOCALINCLUDES = -I. -I$(srcdir) -I$(srcdir)/.. -I../generic -I$(srcdir)/../generic -DEFS= +LOCALINCLUDES = -I. -I$(srcdir) -I$(srcdir)/.. -I../generic -I$(srcdir)/../generic -I../krb5 -I$(srcdir)/../krb5 -I../spnego -I$(srcdir)/../spnego +DEFS=-D_GSS_STATIC_LINK=1 ##DOSBUILDTOP = ..\..\.. ##DOS##PREFIXDIR=mechglue @@ -14,8 +14,10 @@ DEFS= SRCS = \ $(srcdir)/g_accept_sec_context.c \ $(srcdir)/g_acquire_cred.c \ + $(srcdir)/g_buffer_set.c \ $(srcdir)/g_canon_name.c \ $(srcdir)/g_compare_name.c \ + $(srcdir)/g_complete_auth_token.c \ $(srcdir)/g_context_time.c \ $(srcdir)/g_delete_sec_context.c \ $(srcdir)/g_dsp_name.c \ @@ -23,14 +25,19 @@ SRCS = \ $(srcdir)/g_dup_name.c \ $(srcdir)/g_exp_sec_context.c \ $(srcdir)/g_export_name.c \ + $(srcdir)/g_export_name_object.c \ $(srcdir)/g_glue.c \ $(srcdir)/g_imp_name.c \ + $(srcdir)/g_imp_name_object.c \ $(srcdir)/g_imp_sec_context.c \ $(srcdir)/g_init_sec_context.c \ $(srcdir)/g_initialize.c \ $(srcdir)/g_inq_context.c \ + $(srcdir)/g_inq_context_oid.c \ $(srcdir)/g_inq_cred.c \ + $(srcdir)/g_inq_cred_oid.c \ $(srcdir)/g_inq_names.c \ + $(srcdir)/g_mech_invoke.c \ $(srcdir)/g_mechname.c \ $(srcdir)/g_oid_ops.c \ $(srcdir)/g_process_context.c \ @@ -39,17 +46,24 @@ SRCS = \ $(srcdir)/g_rel_name.c \ $(srcdir)/g_rel_oid_set.c \ $(srcdir)/g_seal.c \ + $(srcdir)/g_set_context_option.c \ + $(srcdir)/g_set_cred_option.c \ $(srcdir)/g_sign.c \ $(srcdir)/g_store_cred.c \ $(srcdir)/g_unseal.c \ + $(srcdir)/g_unwrap_aead.c \ + $(srcdir)/g_unwrap_iov.c \ $(srcdir)/g_verify.c \ - $(srcdir)/oid_ops.c + $(srcdir)/g_wrap_aead.c \ + $(srcdir)/g_wrap_iov.c OBJS = \ $(OUTPRE)g_accept_sec_context.$(OBJEXT) \ $(OUTPRE)g_acquire_cred.$(OBJEXT) \ + $(OUTPRE)g_buffer_set.$(OBJEXT) \ $(OUTPRE)g_canon_name.$(OBJEXT) \ $(OUTPRE)g_compare_name.$(OBJEXT) \ + $(OUTPRE)g_complete_auth_token.$(OBJEXT) \ $(OUTPRE)g_context_time.$(OBJEXT) \ $(OUTPRE)g_delete_sec_context.$(OBJEXT) \ $(OUTPRE)g_dsp_name.$(OBJEXT) \ @@ -57,14 +71,19 @@ OBJS = \ $(OUTPRE)g_dup_name.$(OBJEXT) \ $(OUTPRE)g_exp_sec_context.$(OBJEXT) \ $(OUTPRE)g_export_name.$(OBJEXT) \ + $(OUTPRE)g_export_name_object.$(OBJEXT) \ $(OUTPRE)g_glue.$(OBJEXT) \ $(OUTPRE)g_imp_name.$(OBJEXT) \ + $(OUTPRE)g_imp_name_object.$(OBJEXT) \ $(OUTPRE)g_imp_sec_context.$(OBJEXT) \ $(OUTPRE)g_init_sec_context.$(OBJEXT) \ $(OUTPRE)g_initialize.$(OBJEXT) \ $(OUTPRE)g_inq_context.$(OBJEXT) \ + $(OUTPRE)g_inq_context_oid.$(OBJEXT) \ $(OUTPRE)g_inq_cred.$(OBJEXT) \ + $(OUTPRE)g_inq_cred_oid.$(OBJEXT) \ $(OUTPRE)g_inq_names.$(OBJEXT) \ + $(OUTPRE)g_mech_invoke.$(OBJEXT) \ $(OUTPRE)g_mechname.$(OBJEXT) \ $(OUTPRE)g_oid_ops.$(OBJEXT) \ $(OUTPRE)g_process_context.$(OBJEXT) \ @@ -73,17 +92,24 @@ OBJS = \ $(OUTPRE)g_rel_name.$(OBJEXT) \ $(OUTPRE)g_rel_oid_set.$(OBJEXT) \ $(OUTPRE)g_seal.$(OBJEXT) \ + $(OUTPRE)g_set_context_option.$(OBJEXT) \ + $(OUTPRE)g_set_cred_option.$(OBJEXT) \ $(OUTPRE)g_sign.$(OBJEXT) \ $(OUTPRE)g_store_cred.$(OBJEXT) \ $(OUTPRE)g_unseal.$(OBJEXT) \ + $(OUTPRE)g_unwrap_aead.$(OBJEXT) \ + $(OUTPRE)g_unwrap_iov.$(OBJEXT) \ $(OUTPRE)g_verify.$(OBJEXT) \ - $(OUTPRE)oid_ops.$(OBJEXT) + $(OUTPRE)g_wrap_aead.$(OBJEXT) \ + $(OUTPRE)g_wrap_iov.$(OBJEXT) STLIBOBJS = \ g_accept_sec_context.o \ g_acquire_cred.o \ + g_buffer_set.o \ g_canon_name.o \ g_compare_name.o \ + g_complete_auth_token.o \ g_context_time.o \ g_delete_sec_context.o \ g_dsp_name.o \ @@ -91,14 +117,19 @@ STLIBOBJS = \ g_dup_name.o \ g_exp_sec_context.o \ g_export_name.o \ + g_export_name_object.o \ g_glue.o \ g_imp_name.o \ + g_imp_name_object.o \ g_imp_sec_context.o \ g_init_sec_context.o \ g_initialize.o \ g_inq_context.o \ + g_inq_context_oid.o \ g_inq_cred.o \ + g_inq_cred_oid.o \ g_inq_names.o \ + g_mech_invoke.o \ g_mechname.o \ g_oid_ops.o \ g_process_context.o \ @@ -107,11 +138,16 @@ STLIBOBJS = \ g_rel_name.o \ g_rel_oid_set.o \ g_seal.o \ + g_set_context_option.o \ + g_set_cred_option.o \ g_sign.o \ g_store_cred.o \ g_unseal.o \ + g_unwrap_aead.o \ + g_unwrap_iov.o \ g_verify.o \ - oid_ops.o + g_wrap_aead.o \ + g_wrap_iov.o EHDRDIR= $(BUILDTOP)$(S)include$(S)gssapi EXPORTED_HEADERS = mechglue.h @@ -141,195 +177,357 @@ includes:: # g_accept_sec_context.so g_accept_sec_context.po $(OUTPRE)g_accept_sec_context.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - g_accept_sec_context.c mechglue.h mglueP.h + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_accept_sec_context.c \ + mechglue.h mglueP.h g_acquire_cred.so g_acquire_cred.po $(OUTPRE)g_acquire_cred.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_acquire_cred.c mechglue.h \ + mglueP.h +g_buffer_set.so g_buffer_set.po $(OUTPRE)g_buffer_set.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - g_acquire_cred.c mechglue.h mglueP.h + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_buffer_set.c mechglue.h \ + mglueP.h g_canon_name.so g_canon_name.po $(OUTPRE)g_canon_name.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - g_canon_name.c mechglue.h mglueP.h + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_canon_name.c mechglue.h \ + mglueP.h g_compare_name.so g_compare_name.po $(OUTPRE)g_compare_name.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_compare_name.c mechglue.h \ + mglueP.h +g_complete_auth_token.so g_complete_auth_token.po $(OUTPRE)g_complete_auth_token.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - g_compare_name.c mechglue.h mglueP.h + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_complete_auth_token.c \ + mechglue.h mglueP.h g_context_time.so g_context_time.po $(OUTPRE)g_context_time.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - g_context_time.c mechglue.h mglueP.h + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_context_time.c mechglue.h \ + mglueP.h g_delete_sec_context.so g_delete_sec_context.po $(OUTPRE)g_delete_sec_context.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - g_delete_sec_context.c mechglue.h mglueP.h + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_delete_sec_context.c \ + mechglue.h mglueP.h g_dsp_name.so g_dsp_name.po $(OUTPRE)g_dsp_name.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - g_dsp_name.c mechglue.h mglueP.h + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_dsp_name.c mechglue.h \ + mglueP.h g_dsp_status.so g_dsp_status.po $(OUTPRE)g_dsp_status.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - g_dsp_status.c mechglue.h mglueP.h + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_dsp_status.c mechglue.h \ + mglueP.h g_dup_name.so g_dup_name.po $(OUTPRE)g_dup_name.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - g_dup_name.c mechglue.h mglueP.h + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_dup_name.c mechglue.h \ + mglueP.h g_exp_sec_context.so g_exp_sec_context.po $(OUTPRE)g_exp_sec_context.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - g_exp_sec_context.c mechglue.h mglueP.h + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_exp_sec_context.c \ + mechglue.h mglueP.h g_export_name.so g_export_name.po $(OUTPRE)g_export_name.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - g_export_name.c mechglue.h mglueP.h -g_glue.so g_glue.po $(OUTPRE)g_glue.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(COM_ERR_DEPS) \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_export_name.c mechglue.h \ + mglueP.h +g_export_name_object.so g_export_name_object.po $(OUTPRE)g_export_name_object.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h $(srcdir)/../spnego/gssapiP_spnego.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_export_name_object.c \ + mechglue.h mglueP.h +g_glue.so g_glue.po $(OUTPRE)g_glue.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ ../generic/gssapi_err_generic.h g_glue.c mechglue.h \ mglueP.h g_imp_name.so g_imp_name.po $(OUTPRE)g_imp_name.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_imp_name.c mechglue.h \ + mglueP.h +g_imp_name_object.so g_imp_name_object.po $(OUTPRE)g_imp_name_object.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - g_imp_name.c mechglue.h mglueP.h + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_imp_name_object.c \ + mechglue.h mglueP.h g_imp_sec_context.so g_imp_sec_context.po $(OUTPRE)g_imp_sec_context.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - g_imp_sec_context.c mechglue.h mglueP.h + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_imp_sec_context.c \ + mechglue.h mglueP.h g_init_sec_context.so g_init_sec_context.po $(OUTPRE)g_init_sec_context.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - g_init_sec_context.c mechglue.h mglueP.h + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_init_sec_context.c \ + mechglue.h mglueP.h g_initialize.so g_initialize.po $(OUTPRE)g_initialize.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/gssapi.h $(SRCTOP)/include/k5-buf.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ - $(srcdir)/../gss_libinit.h ../generic/gssapi_err_generic.h \ - g_initialize.c mechglue.h mglueP.h + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + $(srcdir)/../krb5/gssapiP_krb5.h $(srcdir)/../spnego/gssapiP_spnego.h \ + ../generic/gssapi_err_generic.h ../krb5/gssapi_err_krb5.h \ + ../krb5/gssapi_krb5.h g_initialize.c mechglue.h mglueP.h g_inq_context.so g_inq_context.po $(OUTPRE)g_inq_context.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_inq_context.c mechglue.h \ + mglueP.h +g_inq_context_oid.so g_inq_context_oid.po $(OUTPRE)g_inq_context_oid.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - g_inq_context.c mechglue.h mglueP.h + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_inq_context_oid.c \ + mechglue.h mglueP.h g_inq_cred.so g_inq_cred.po $(OUTPRE)g_inq_cred.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_inq_cred.c mechglue.h \ + mglueP.h +g_inq_cred_oid.so g_inq_cred_oid.po $(OUTPRE)g_inq_cred_oid.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - g_inq_cred.c mechglue.h mglueP.h + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_inq_cred_oid.c mechglue.h \ + mglueP.h g_inq_names.so g_inq_names.po $(OUTPRE)g_inq_names.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_inq_names.c mechglue.h \ + mglueP.h +g_mech_invoke.so g_mech_invoke.po $(OUTPRE)g_mech_invoke.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - g_inq_names.c mechglue.h mglueP.h + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_mech_invoke.c mechglue.h \ + mglueP.h g_mechname.so g_mechname.po $(OUTPRE)g_mechname.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - g_mechname.c mechglue.h mglueP.h + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_mechname.c mechglue.h \ + mglueP.h g_oid_ops.so g_oid_ops.po $(OUTPRE)g_oid_ops.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - g_oid_ops.c mechglue.h mglueP.h + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_oid_ops.c mechglue.h \ + mglueP.h g_process_context.so g_process_context.po $(OUTPRE)g_process_context.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - g_process_context.c mechglue.h mglueP.h + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_process_context.c \ + mechglue.h mglueP.h g_rel_buffer.so g_rel_buffer.po $(OUTPRE)g_rel_buffer.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - g_rel_buffer.c mechglue.h mglueP.h + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_rel_buffer.c mechglue.h \ + mglueP.h g_rel_cred.so g_rel_cred.po $(OUTPRE)g_rel_cred.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - g_rel_cred.c mechglue.h mglueP.h + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_rel_cred.c mechglue.h \ + mglueP.h g_rel_name.so g_rel_name.po $(OUTPRE)g_rel_name.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - g_rel_name.c mechglue.h mglueP.h + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_rel_name.c mechglue.h \ + mglueP.h g_rel_oid_set.so g_rel_oid_set.po $(OUTPRE)g_rel_oid_set.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - g_rel_oid_set.c mechglue.h mglueP.h + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_rel_oid_set.c mechglue.h \ + mglueP.h g_seal.so g_seal.po $(OUTPRE)g_seal.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(COM_ERR_DEPS) \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_seal.c mechglue.h \ + mglueP.h +g_set_context_option.so g_set_context_option.po $(OUTPRE)g_set_context_option.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - g_seal.c mechglue.h mglueP.h -g_sign.so g_sign.po $(OUTPRE)g_sign.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(COM_ERR_DEPS) \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_set_context_option.c \ + mechglue.h mglueP.h +g_set_cred_option.so g_set_cred_option.po $(OUTPRE)g_set_cred_option.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - g_sign.c mechglue.h mglueP.h + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_set_cred_option.c \ + mechglue.h mglueP.h +g_sign.so g_sign.po $(OUTPRE)g_sign.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_sign.c mechglue.h \ + mglueP.h g_store_cred.so g_store_cred.po $(OUTPRE)g_store_cred.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - g_store_cred.c mechglue.h mglueP.h + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_store_cred.c mechglue.h \ + mglueP.h g_unseal.so g_unseal.po $(OUTPRE)g_unseal.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_unseal.c mechglue.h \ + mglueP.h +g_unwrap_aead.so g_unwrap_aead.po $(OUTPRE)g_unwrap_aead.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - g_unseal.c mechglue.h mglueP.h + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_unwrap_aead.c mechglue.h \ + mglueP.h +g_unwrap_iov.so g_unwrap_iov.po $(OUTPRE)g_unwrap_iov.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_unwrap_iov.c mechglue.h \ + mglueP.h g_verify.so g_verify.po $(OUTPRE)g_verify.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - g_verify.c mechglue.h mglueP.h -oid_ops.so oid_ops.po $(OUTPRE)oid_ops.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_generic.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_verify.c mechglue.h \ + mglueP.h +g_wrap_aead.so g_wrap_aead.po $(OUTPRE)g_wrap_aead.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - mechglue.h mglueP.h oid_ops.c + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_wrap_aead.c mechglue.h \ + mglueP.h +g_wrap_iov.so g_wrap_iov.po $(OUTPRE)g_wrap_iov.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_wrap_iov.c mechglue.h \ + mglueP.h diff --git a/src/lib/gssapi/mechglue/g_accept_sec_context.c b/src/lib/gssapi/mechglue/g_accept_sec_context.c index 9527895ee..fa703d34d 100644 --- a/src/lib/gssapi/mechglue/g_accept_sec_context.c +++ b/src/lib/gssapi/mechglue/g_accept_sec_context.c @@ -146,7 +146,7 @@ gss_cred_id_t * d_cred; if(*context_handle == GSS_C_NO_CONTEXT) { - if (GSS_EMPTY_BUFFER(input_token_buffer)) + if (input_token_buffer == GSS_C_NO_BUFFER) return (GSS_S_CALL_INACCESSIBLE_READ); /* Get the token mech type */ @@ -193,9 +193,7 @@ gss_cred_id_t * d_cred; mech = gssint_get_mechanism (token_mech_type); if (mech && mech->gss_accept_sec_context) { - status = mech->gss_accept_sec_context( - mech->context, - minor_status, + status = mech->gss_accept_sec_context(minor_status, &union_ctx_id->internal_ctx_id, input_cred_handle, input_token_buffer, @@ -236,7 +234,6 @@ gss_cred_id_t * d_cred; output_token); if (internal_name != GSS_C_NO_NAME) mech->gss_release_name( - mech->context, &temp_minor_status, &internal_name); return (temp_status); @@ -288,8 +285,7 @@ gss_cred_id_t * d_cred; d_u_cred->loopback = d_u_cred; if (mech->gss_inquire_cred) { - status = mech->gss_inquire_cred(mech->context, - minor_status, + status = mech->gss_inquire_cred(minor_status, tmp_d_cred, &internal_name, &d_u_cred->auxinfo.time_rec, diff --git a/src/lib/gssapi/mechglue/g_acquire_cred.c b/src/lib/gssapi/mechglue/g_acquire_cred.c index f2e8cd1b7..fada9e887 100644 --- a/src/lib/gssapi/mechglue/g_acquire_cred.c +++ b/src/lib/gssapi/mechglue/g_acquire_cred.c @@ -381,8 +381,8 @@ gss_add_cred(minor_status, input_cred_handle, internal_name = union_name->mech_name; else { if (gssint_import_internal_name(minor_status, - &mech->mech_type, union_name, - &allocated_name) != GSS_S_COMPLETE) + &mech->mech_type, union_name, + &allocated_name) != GSS_S_COMPLETE) return (GSS_S_BAD_NAME); internal_name = allocated_name; } @@ -397,8 +397,10 @@ gss_add_cred(minor_status, input_cred_handle, else if (cred_usage == GSS_C_BOTH) time_req = (acceptor_time_req > initiator_time_req) ? acceptor_time_req : initiator_time_req; + else + time_req = 0; - status = mech->gss_acquire_cred(mech->context, minor_status, + status = mech->gss_acquire_cred(minor_status, internal_name, time_req, GSS_C_NULL_OID_SET, cred_usage, &cred, NULL, &time_rec); @@ -421,7 +423,6 @@ gss_add_cred(minor_status, input_cred_handle, if (internal_name == NULL) { if (mech->gss_inquire_cred == NULL || ((status = mech->gss_inquire_cred( - mech->context, &temp_minor_status, cred, &allocated_name, NULL, NULL, NULL)) != GSS_S_COMPLETE)) @@ -430,8 +431,7 @@ gss_add_cred(minor_status, input_cred_handle, } if (internal_name != GSS_C_NO_NAME) { - status = mech->gss_display_name(mech->context, - &temp_minor_status, internal_name, + status = mech->gss_display_name(&temp_minor_status, internal_name, &union_cred->auxinfo.name, &union_cred->auxinfo.name_type); @@ -519,8 +519,7 @@ errout: free(new_cred_array); if (cred != NULL && mech->gss_release_cred) - mech->gss_release_cred(mech->context, - &temp_minor_status, &cred); + mech->gss_release_cred(&temp_minor_status, &cred); if (allocated_name) (void) gssint_release_internal_name(&temp_minor_status, diff --git a/src/lib/gssapi/mechglue/g_buffer_set.c b/src/lib/gssapi/mechglue/g_buffer_set.c new file mode 100644 index 000000000..1b2621c6b --- /dev/null +++ b/src/lib/gssapi/mechglue/g_buffer_set.c @@ -0,0 +1,57 @@ +/* + * Copyright 2008 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + */ + +#include "mglueP.h" +#include <stdio.h> +#ifdef HAVE_STDLIB_H +#include <stdlib.h> +#endif +#include <string.h> +#include <errno.h> + +OM_uint32 KRB5_CALLCONV gss_create_empty_buffer_set + (OM_uint32 * minor_status, + gss_buffer_set_t *buffer_set) +{ + return generic_gss_create_empty_buffer_set(minor_status, buffer_set); +} + +OM_uint32 KRB5_CALLCONV gss_add_buffer_set_member + (OM_uint32 * minor_status, + const gss_buffer_t member_buffer, + gss_buffer_set_t *buffer_set) +{ + return generic_gss_add_buffer_set_member(minor_status, + member_buffer, + buffer_set); +} + +OM_uint32 KRB5_CALLCONV gss_release_buffer_set + (OM_uint32 * minor_status, + gss_buffer_set_t *buffer_set) +{ + return generic_gss_release_buffer_set(minor_status, buffer_set); +} + diff --git a/src/lib/gssapi/mechglue/g_compare_name.c b/src/lib/gssapi/mechglue/g_compare_name.c index 40f4648ef..153e9b615 100644 --- a/src/lib/gssapi/mechglue/g_compare_name.c +++ b/src/lib/gssapi/mechglue/g_compare_name.c @@ -72,7 +72,7 @@ int * name_equal; { OM_uint32 major_status, temp_minor; gss_union_name_t union_name1, union_name2; - gss_mechanism mech; + gss_mechanism mech = NULL; gss_name_t internal_name; major_status = val_comp_name_args(minor_status, @@ -114,7 +114,11 @@ int * name_equal; if ((union_name1->mech_name == 0) || (union_name2->mech_name == 0)) /* should never happen */ return (GSS_S_BAD_NAME); - major_status = mech->gss_compare_name(mech->context, minor_status, + if (!mech) + return (GSS_S_BAD_MECH); + if (!mech->gss_compare_name) + return (GSS_S_UNAVAILABLE); + major_status = mech->gss_compare_name(minor_status, union_name1->mech_name, union_name2->mech_name, name_equal); @@ -190,7 +194,11 @@ int * name_equal; if (major_status != GSS_S_COMPLETE) return (GSS_S_COMPLETE); /* return complete, but not equal */ - major_status = mech->gss_compare_name(mech->context, minor_status, + if (!mech) + return (GSS_S_BAD_MECH); + if (!mech->gss_compare_name) + return (GSS_S_UNAVAILABLE); + major_status = mech->gss_compare_name(minor_status, union_name1->mech_name, internal_name, name_equal); if (major_status != GSS_S_COMPLETE) diff --git a/src/lib/gssapi/mechglue/g_complete_auth_token.c b/src/lib/gssapi/mechglue/g_complete_auth_token.c new file mode 100644 index 000000000..918155130 --- /dev/null +++ b/src/lib/gssapi/mechglue/g_complete_auth_token.c @@ -0,0 +1,70 @@ +/* #ident "@(#)gss_seal.c 1.10 95/08/07 SMI" */ + +/* + * Copyright 1996 by Sun Microsystems, Inc. + * + * Permission to use, copy, modify, distribute, and sell this software + * and its documentation for any purpose is hereby granted without fee, + * provided that the above copyright notice appears in all copies and + * that both that copyright notice and this permission notice appear in + * supporting documentation, and that the name of Sun Microsystems not be used + * in advertising or publicity pertaining to distribution of the software + * without specific, written prior permission. Sun Microsystems makes no + * representations about the suitability of this software for any + * purpose. It is provided "as is" without express or implied warranty. + * + * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, + * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO + * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR + * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF + * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR + * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * glue routine for gss_complete_auth_token + */ + +#include "mglueP.h" +#include <stdio.h> +#ifdef HAVE_STDLIB_H +#include <stdlib.h> +#endif +#include <string.h> +#include <errno.h> + +OM_uint32 KRB5_CALLCONV +gss_complete_auth_token (OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + gss_buffer_t input_message_buffer) +{ + OM_uint32 status; + gss_union_ctx_id_t ctx; + gss_mechanism mech; + + if (context_handle == GSS_C_NO_CONTEXT) + return GSS_S_NO_CONTEXT; + + /* + * select the approprate underlying mechanism routine and + * call it. + */ + + ctx = (gss_union_ctx_id_t) context_handle; + mech = gssint_get_mechanism (ctx->mech_type); + + if (mech != NULL) { + if (mech->gss_complete_auth_token != NULL) { + status = mech->gss_complete_auth_token(minor_status, + ctx->internal_ctx_id, + input_message_buffer); + if (status != GSS_S_COMPLETE) + map_error(minor_status, mech); + } else + status = GSS_S_COMPLETE; + } else + status = GSS_S_BAD_MECH; + + return status; +} diff --git a/src/lib/gssapi/mechglue/g_context_time.c b/src/lib/gssapi/mechglue/g_context_time.c index 866405729..4293b078e 100644 --- a/src/lib/gssapi/mechglue/g_context_time.c +++ b/src/lib/gssapi/mechglue/g_context_time.c @@ -64,7 +64,6 @@ OM_uint32 * time_rec; if (mech->gss_context_time) { status = mech->gss_context_time( - mech->context, minor_status, ctx->internal_ctx_id, time_rec); diff --git a/src/lib/gssapi/mechglue/g_delete_sec_context.c b/src/lib/gssapi/mechglue/g_delete_sec_context.c index fdaf2c310..2fcd3c2d1 100644 --- a/src/lib/gssapi/mechglue/g_delete_sec_context.c +++ b/src/lib/gssapi/mechglue/g_delete_sec_context.c @@ -73,7 +73,6 @@ gss_buffer_t output_token; { OM_uint32 status; gss_union_ctx_id_t ctx; - gss_mechanism mech; status = val_del_sec_ctx_args(minor_status, context_handle, output_token); if (status != GSS_S_COMPLETE) @@ -87,29 +86,19 @@ gss_buffer_t output_token; ctx = (gss_union_ctx_id_t) *context_handle; if (GSSINT_CHK_LOOP(ctx)) return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT); - mech = gssint_get_mechanism (ctx->mech_type); - - if (mech) { - - if (mech->gss_delete_sec_context) { - status = mech->gss_delete_sec_context( - mech->context, - minor_status, - &ctx->internal_ctx_id, - output_token); - if (status != GSS_S_COMPLETE) - map_error(minor_status, mech); - } else - status = GSS_S_UNAVAILABLE; - - /* now free up the space for the union context structure */ - free(ctx->mech_type->elements); - free(ctx->mech_type); - free(*context_handle); - *context_handle = NULL; - - return(status); - } + + status = gssint_delete_internal_sec_context(minor_status, + ctx->mech_type, + &ctx->internal_ctx_id, + output_token); + if (status) + return status; + + /* now free up the space for the union context structure */ + free(ctx->mech_type->elements); + free(ctx->mech_type); + free(*context_handle); + *context_handle = GSS_C_NO_CONTEXT; - return (GSS_S_BAD_MECH); + return (GSS_S_COMPLETE); } diff --git a/src/lib/gssapi/mechglue/g_dsp_status.c b/src/lib/gssapi/mechglue/g_dsp_status.c index cb779aa90..49b79e15d 100644 --- a/src/lib/gssapi/mechglue/g_dsp_status.c +++ b/src/lib/gssapi/mechglue/g_dsp_status.c @@ -121,7 +121,7 @@ gss_buffer_t status_string; if (mech && mech->gss_display_status) { OM_uint32 r; - r = mech->gss_display_status(mech->context, minor_status, + r = mech->gss_display_status(minor_status, status_value, status_type, mech_type, message_context, status_string); /* How's this for weird? If we get an error returning the diff --git a/src/lib/gssapi/mechglue/g_exp_sec_context.c b/src/lib/gssapi/mechglue/g_exp_sec_context.c index cf9905f83..f2ee5a5b7 100644 --- a/src/lib/gssapi/mechglue/g_exp_sec_context.c +++ b/src/lib/gssapi/mechglue/g_exp_sec_context.c @@ -101,7 +101,7 @@ gss_buffer_t interprocess_token; if (!mech->gss_export_sec_context) return (GSS_S_UNAVAILABLE); - status = mech->gss_export_sec_context(mech->context, minor_status, + status = mech->gss_export_sec_context(minor_status, &ctx->internal_ctx_id, &token); if (status != GSS_S_COMPLETE) { map_error(minor_status, mech); diff --git a/src/lib/gssapi/mechglue/g_export_name.c b/src/lib/gssapi/mechglue/g_export_name.c index c845f8caf..d9545b798 100644 --- a/src/lib/gssapi/mechglue/g_export_name.c +++ b/src/lib/gssapi/mechglue/g_export_name.c @@ -56,3 +56,4 @@ gss_buffer_t exported_name; return gssint_export_internal_name(minor_status, union_name->mech_type, union_name->mech_name, exported_name); } + diff --git a/src/lib/gssapi/mechglue/g_export_name_object.c b/src/lib/gssapi/mechglue/g_export_name_object.c new file mode 100644 index 000000000..400507043 --- /dev/null +++ b/src/lib/gssapi/mechglue/g_export_name_object.c @@ -0,0 +1,74 @@ +/* + * Copyright (c) 1996,1997, by Sun Microsystems, Inc. + * All rights reserved. + */ + +/* #pragma ident "@(#)g_export_name.c 1.11 00/07/17 SMI" */ + +/* + * glue routine gss_export_name_object_object_object_object + * + * Will either call the mechanism defined gss_export_name, or if one is + * not defined will call a generic_gss_export_name routine. + */ + +#include <mglueP.h> +#ifdef HAVE_STDLIB_H +#include <stdlib.h> +#endif +#include <string.h> +#include <errno.h> + +OM_uint32 KRB5_CALLCONV +gss_export_name_object(minor_status, + input_name, + desired_name_type, + output_name) +OM_uint32 * minor_status; +const gss_name_t input_name; +gss_OID desired_name_type; +void ** output_name; +{ + gss_union_name_t union_name; + gss_mechanism mech; + OM_uint32 major_status; + + if (minor_status != NULL) + *minor_status = 0; + + if (output_name != NULL) + *output_name = NULL; + + if (minor_status == NULL) + return GSS_S_CALL_INACCESSIBLE_WRITE; + + if (input_name == NULL) + return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME; + + if (desired_name_type == GSS_C_NO_OID) + return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAMETYPE; + + if (output_name == NULL) + return GSS_S_CALL_INACCESSIBLE_WRITE; + + union_name = (gss_union_name_t)input_name; + + if (union_name->mech_type == GSS_C_NO_OID) + return GSS_S_NAME_NOT_MN; + + mech = gssint_get_mechanism(union_name->mech_type); + if (mech == NULL) + return GSS_S_BAD_MECH; + + if (mech->gss_export_name_object == NULL) + return GSS_S_UNAVAILABLE; + + major_status = mech->gss_export_name_object(minor_status, + input_name, + desired_name_type, + output_name); + if (major_status != GSS_S_COMPLETE) + map_error(minor_status, mech); + + return major_status; +} diff --git a/src/lib/gssapi/mechglue/g_glue.c b/src/lib/gssapi/mechglue/g_glue.c index a34790656..8b4070eb4 100644 --- a/src/lib/gssapi/mechglue/g_glue.c +++ b/src/lib/gssapi/mechglue/g_glue.c @@ -29,7 +29,6 @@ #endif #include <string.h> #include <errno.h> -#include "../spnego/gssapiP_spnego.h" #define MSO_BIT (8*(sizeof (int) - 1)) /* Most significant octet bit */ @@ -52,7 +51,7 @@ gssint_get_der_length(unsigned char **buf, unsigned int buf_len, unsigned int *b /* p points to the beginning of the buffer */ unsigned char *p = *buf; int length, new_length; - int octets; + unsigned int octets; if (buf_len < 1) return (-1); @@ -185,7 +184,7 @@ gssint_put_der_length(unsigned int length, unsigned char **buf, unsigned int max * */ -OM_uint32 gssint_get_mech_type(OID, token) +OM_uint32 gssint_get_mech_type_oid(OID, token) gss_OID OID; gss_buffer_t token; { @@ -247,6 +246,43 @@ OM_uint32 gssint_get_mech_type(OID, token) return (GSS_S_COMPLETE); } +/* + * The following mechanisms do not always identify themselves + * per the GSS-API specification, when interoperating with MS + * peers. We include the OIDs here so we do not have to ilnk + * with the mechanism. + */ +static gss_OID_desc gss_ntlm_mechanism_oid_desc = + {10, (void *)"\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a"}; +static gss_OID_desc gss_spnego_mechanism_oid_desc = + {6, (void *)"\x2b\x06\x01\x05\x05\x02"}; +static gss_OID_desc gss_krb5_mechanism_oid_desc = + {9, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02"}; + +#define NTLMSSP_SIGNATURE "NTLMSSP" + +OM_uint32 gssint_get_mech_type(OID, token) + gss_OID OID; + gss_buffer_t token; +{ + /* Check for interoperability exceptions */ + if (token->length >= sizeof(NTLMSSP_SIGNATURE) && + memcmp(token->value, NTLMSSP_SIGNATURE, + sizeof(NTLMSSP_SIGNATURE)) == 0) { + *OID = gss_ntlm_mechanism_oid_desc; + } else if (token->length != 0 && + ((char *)token->value)[0] == 0x6E) { + /* Could be a raw AP-REQ (check for APPLICATION tag) */ + *OID = gss_krb5_mechanism_oid_desc; + } else if (token->length == 0) { + *OID = gss_spnego_mechanism_oid_desc; + } else { + return gssint_get_mech_type_oid(OID, token); + } + + return (GSS_S_COMPLETE); +} + /* * Internal routines to get and release an internal mechanism name @@ -268,7 +304,6 @@ gss_name_t *internal_name; if (mech) { if (mech->gss_import_name) { status = mech->gss_import_name ( - mech->context, minor_status, union_name->external_name, union_name->name_type, @@ -307,8 +342,7 @@ OM_uint32 gssint_export_internal_name(minor_status, mech_type, return (GSS_S_BAD_MECH); if (mech->gss_export_name) { - status = mech->gss_export_name(mech->context, - minor_status, + status = mech->gss_export_name(minor_status, internal_name, name_buf); if (status != GSS_S_COMPLETE) @@ -343,8 +377,7 @@ OM_uint32 gssint_export_internal_name(minor_status, mech_type, * mechanisms also, so that factoring name export/import out of * the mech and into libgss pays off. */ - if ((status = mech->gss_display_name(mech->context, - minor_status, + if ((status = mech->gss_display_name(minor_status, internal_name, &dispName, &nameOid)) @@ -422,7 +455,6 @@ gss_OID *name_type; if (mech) { if (mech->gss_display_name) { status = mech->gss_display_name ( - mech->context, minor_status, internal_name, external_name, @@ -450,7 +482,6 @@ gss_name_t *internal_name; if (mech) { if (mech->gss_release_name) { status = mech->gss_release_name ( - mech->context, minor_status, internal_name); if (status != GSS_S_COMPLETE) @@ -464,6 +495,32 @@ gss_name_t *internal_name; return (GSS_S_BAD_MECH); } +OM_uint32 gssint_delete_internal_sec_context (minor_status, + mech_type, + internal_ctx, + output_token) +OM_uint32 *minor_status; +gss_OID mech_type; +gss_ctx_id_t *internal_ctx; +gss_buffer_t output_token; +{ + OM_uint32 status; + gss_mechanism mech; + + mech = gssint_get_mechanism (mech_type); + if (mech) { + if (mech->gss_delete_sec_context) + status = mech->gss_delete_sec_context (minor_status, + internal_ctx, + output_token); + else + status = GSS_S_UNAVAILABLE; + + return (status); + } + + return (GSS_S_BAD_MECH); +} /* * This function converts an internal gssapi name to a union gssapi @@ -502,10 +559,11 @@ OM_uint32 gssint_convert_name_to_union_name(minor_status, mech, union_name->external_name = (gss_buffer_t) malloc(sizeof(gss_buffer_desc)); if (!union_name->external_name) { + major_status = GSS_S_FAILURE; goto allocation_failure; } - major_status = mech->gss_display_name(mech->context, minor_status, + major_status = mech->gss_display_name(minor_status, internal_name, union_name->external_name, &union_name->name_type); @@ -551,16 +609,20 @@ gssint_get_mechanism_cred(union_cred, mech_type) gss_OID mech_type; { int i; - + if (union_cred == GSS_C_NO_CREDENTIAL) return GSS_C_NO_CREDENTIAL; - + + /* SPNEGO mechanism will again call into GSSAPI */ + if (g_OID_equal(&gss_spnego_mechanism_oid_desc, mech_type)) + return (gss_cred_id_t)union_cred; + for (i=0; i < union_cred->count; i++) { if (g_OID_equal(mech_type, &union_cred->mechs_array[i])) return union_cred->cred_array[i]; /* for SPNEGO, check the next-lower set of creds */ - if (g_OID_equal(gss_mech_spnego, &union_cred->mechs_array[i])) { + if (g_OID_equal(&gss_spnego_mechanism_oid_desc, &union_cred->mechs_array[i])) { gss_union_cred_t candidate_cred; gss_cred_id_t sub_cred; @@ -617,3 +679,4 @@ gssint_create_copy_buffer(srcBuf, destBuf, addNullChar) return (GSS_S_COMPLETE); } /* ****** gssint_create_copy_buffer ****** */ + diff --git a/src/lib/gssapi/mechglue/g_imp_name.c b/src/lib/gssapi/mechglue/g_imp_name.c index bb7db3195..c4767bf3e 100644 --- a/src/lib/gssapi/mechglue/g_imp_name.c +++ b/src/lib/gssapi/mechglue/g_imp_name.c @@ -252,7 +252,7 @@ importExportName(minor, unionName) * have created it. */ if (mech->gss_export_name) { - major = mech->gss_import_name(mech->context, minor, + major = mech->gss_import_name(minor, &expName, (gss_OID)GSS_C_NT_EXPORT_NAME, &unionName->mech_name); if (major != GSS_S_COMPLETE) @@ -350,7 +350,7 @@ importExportName(minor, unionName) */ expName.length = nameLen; expName.value = nameLen ? (void *)buf : NULL; - major = mech->gss_import_name(mech->context, minor, &expName, + major = mech->gss_import_name(minor, &expName, GSS_C_NULL_OID, &unionName->mech_name); if (major != GSS_S_COMPLETE) { map_error(minor, mech); @@ -363,3 +363,4 @@ importExportName(minor, unionName) } return major; } /* importExportName */ + diff --git a/src/lib/gssapi/mechglue/g_imp_name_object.c b/src/lib/gssapi/mechglue/g_imp_name_object.c new file mode 100644 index 000000000..83f327bd7 --- /dev/null +++ b/src/lib/gssapi/mechglue/g_imp_name_object.c @@ -0,0 +1,124 @@ +/* #pragma ident "@(#)g_imp_name.c 1.26 04/02/23 SMI" */ + +/* + * Copyright 1996 by Sun Microsystems, Inc. + * + * Permission to use, copy, modify, distribute, and sell this software + * and its documentation for any purpose is hereby granted without fee, + * provided that the above copyright notice appears in all copies and + * that both that copyright notice and this permission notice appear in + * supporting documentation, and that the name of Sun Microsystems not be used + * in advertising or publicity pertaining to distribution of the software + * without specific, written prior permission. Sun Microsystems makes no + * representations about the suitability of this software for any + * purpose. It is provided "as is" without express or implied warranty. + * + * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, + * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO + * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR + * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF + * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR + * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * glue routine gss_import_name_object + * + */ + +#include "mglueP.h" +#include <stdio.h> +#ifdef HAVE_STDLIB_H +#include <stdlib.h> +#endif +#include <string.h> +#include <errno.h> + +static OM_uint32 +val_imp_name_object_args( + OM_uint32 *minor_status, + void *input_name, + gss_OID input_name_type, + gss_name_t *output_name) +{ + if (minor_status == NULL) + return GSS_S_CALL_INACCESSIBLE_WRITE; + + *minor_status = 0; + + if (output_name == NULL) + return GSS_S_CALL_INACCESSIBLE_WRITE; + + if (input_name_type == GSS_C_NO_OID) + return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAMETYPE; + + if (input_name == NULL) + return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME; + + return GSS_S_COMPLETE; +} + +OM_uint32 KRB5_CALLCONV +gss_import_name_object(minor_status, + input_name, + input_name_type, + output_name) +OM_uint32 * minor_status; +void * input_name; +gss_OID input_name_type; +gss_name_t * output_name; +{ + gss_union_name_t union_name = NULL; + gss_mechanism mech = NULL; + gss_name_t internal_name = GSS_C_NO_NAME; + OM_uint32 tmp, major_status = GSS_S_FAILURE; + gss_OID_set mechlist = GSS_C_NO_OID_SET; + size_t i; + + major_status = val_imp_name_object_args(minor_status, + input_name, + input_name_type, + output_name); + if (major_status != GSS_S_COMPLETE) + return major_status; + + major_status = gss_indicate_mechs(minor_status, &mechlist); + if (major_status != GSS_S_COMPLETE) + return major_status; + + major_status = GSS_S_BAD_NAMETYPE; + + for (i = 0; i < mechlist->count; i++) { + mech = gssint_get_mechanism(&mechlist->elements[i]); + if (mech == NULL || mech->gss_import_name_object == NULL) + continue; + + major_status = mech->gss_import_name_object(minor_status, + input_name, + input_name_type, + &internal_name); + if (major_status != GSS_S_BAD_NAMETYPE) + break; + } + + if (major_status == GSS_S_COMPLETE) { + assert(internal_name != GSS_C_NO_NAME); + + major_status = gssint_convert_name_to_union_name(minor_status, + mech, + internal_name, + &union_name); + if (major_status != GSS_S_COMPLETE) { + if (mech->gss_release_name != NULL) + mech->gss_release_name(&tmp, &internal_name); + } else + *output_name = (gss_name_t)union_name; + } else + map_error(minor_status, mech); + + generic_gss_release_oid_set(&tmp, &mechlist); + + return major_status; +} + diff --git a/src/lib/gssapi/mechglue/g_imp_sec_context.c b/src/lib/gssapi/mechglue/g_imp_sec_context.c index 2b7aacf10..7aa1165b0 100644 --- a/src/lib/gssapi/mechglue/g_imp_sec_context.c +++ b/src/lib/gssapi/mechglue/g_imp_sec_context.c @@ -143,7 +143,7 @@ gss_ctx_id_t * context_handle; goto error_out; } - status = mech->gss_import_sec_context(mech->context, minor_status, + status = mech->gss_import_sec_context(minor_status, &token, &ctx->internal_ctx_id); if (status == GSS_S_COMPLETE) { diff --git a/src/lib/gssapi/mechglue/g_init_sec_context.c b/src/lib/gssapi/mechglue/g_init_sec_context.c index b51fb8951..10c8bf971 100644 --- a/src/lib/gssapi/mechglue/g_init_sec_context.c +++ b/src/lib/gssapi/mechglue/g_init_sec_context.c @@ -209,7 +209,6 @@ OM_uint32 * time_rec; */ status = mech->gss_init_sec_context( - mech->context, minor_status, input_cred_handle, &union_ctx_id->internal_ctx_id, diff --git a/src/lib/gssapi/mechglue/g_initialize.c b/src/lib/gssapi/mechglue/g_initialize.c index f2f12266b..e762341c5 100644 --- a/src/lib/gssapi/mechglue/g_initialize.c +++ b/src/lib/gssapi/mechglue/g_initialize.c @@ -27,10 +27,15 @@ */ #include "mglueP.h" -#include "gss_libinit.h" #ifdef HAVE_STDLIB_H #include <stdlib.h> #endif +#ifdef HAVE_SYS_STAT_H +#include <sys/stat.h> +#endif +#ifdef HAVE_SYS_PARAM_H +#include <sys/param.h> +#endif #include <stdio.h> #include <string.h> @@ -40,16 +45,27 @@ #define M_DEFAULT "default" #include "k5-thread.h" +#include "k5-plugin.h" +#include "osconf.h" +#ifdef _GSS_STATIC_LINK +#include "gssapiP_krb5.h" +#include "gssapiP_spnego.h" +#endif + +#define MECH_SYM "gss_mech_initialize" + +#ifndef MECH_CONF +#define MECH_CONF "/etc/gss/mech" +#endif /* Local functions */ static gss_mech_info searchMechList(const gss_OID); +static void loadConfigFile(const char *); static void updateMechList(void); static void freeMechList(void); -static void register_mech(gss_mechanism, const char *, void *); static OM_uint32 build_mechSet(void); static void free_mechSet(void); -static void init_hardcoded(void); /* * list of mechanism libraries and their entry points. @@ -58,28 +74,67 @@ static void init_hardcoded(void); static gss_mech_info g_mechList = NULL; static gss_mech_info g_mechListTail = NULL; static k5_mutex_t g_mechListLock = K5_MUTEX_PARTIAL_INITIALIZER; +static time_t g_confFileModTime = (time_t)0; +static time_t g_mechSetTime = (time_t)0; static gss_OID_set_desc g_mechSet = { 0, NULL }; static k5_mutex_t g_mechSetLock = K5_MUTEX_PARTIAL_INITIALIZER; +MAKE_INIT_FUNCTION(gssint_mechglue_init); +MAKE_FINI_FUNCTION(gssint_mechglue_fini); + int gssint_mechglue_init(void) { int err; +#ifdef SHOW_INITFINI_FUNCS + printf("gssint_mechglue_init\n"); +#endif + + add_error_table(&et_ggss_error_table); + err = k5_mutex_finish_init(&g_mechSetLock); - return k5_mutex_finish_init(&g_mechListLock); + err = k5_mutex_finish_init(&g_mechListLock); + +#ifdef _GSS_STATIC_LINK + err = gss_krb5int_lib_init(); + err = gss_spnegoint_lib_init(); +#endif + + return err; } void gssint_mechglue_fini(void) { + if (!INITIALIZER_RAN(gssint_mechglue_init) || PROGRAM_EXITING()) { +#ifdef SHOW_INITFINI_FUNCS + printf("gssint_mechglue_fini: skipping\n"); +#endif + return; + } + +#ifdef SHOW_INITFINI_FUNCS + printf("gssint_mechglue_fini\n"); +#endif +#ifdef _GSS_STATIC_LINK + gss_spnegoint_lib_fini(); + gss_krb5int_lib_fini(); +#endif k5_mutex_destroy(&g_mechSetLock); k5_mutex_destroy(&g_mechListLock); free_mechSet(); freeMechList(); + remove_error_table(&et_ggss_error_table); + gssint_mecherrmap_destroy(); } +int +gssint_mechglue_initialize_library(void) +{ + return CALL_INIT_FUNCTION(gssint_mechglue_init); +} /* * function used to reclaim the memory used by a gss_OID structure. @@ -93,13 +148,12 @@ gss_OID *oid; OM_uint32 major; gss_mech_info aMech; - if (gssint_initialize_library()) - return GSS_S_FAILURE; - if (minor_status == NULL) return (GSS_S_CALL_INACCESSIBLE_WRITE); - *minor_status = 0; + *minor_status = gssint_mechglue_initialize_library(); + if (*minor_status != 0) + return (GSS_S_FAILURE); *minor_status = k5_mutex_lock(&g_mechListLock); if (*minor_status) @@ -116,7 +170,6 @@ gss_OID *oid; */ if (aMech->mech && aMech->mech->gss_internal_release_oid) { major = aMech->mech->gss_internal_release_oid( - aMech->mech->context, minor_status, oid); if (major == GSS_S_COMPLETE) { k5_mutex_unlock(&g_mechListLock); @@ -146,6 +199,8 @@ gss_indicate_mechs(minorStatus, mechSet) OM_uint32 *minorStatus; gss_OID_set *mechSet; { + char *fileName; + struct stat fileInfo; unsigned int i, j; gss_OID curItem; @@ -161,9 +216,20 @@ gss_OID_set *mechSet; if (minorStatus == NULL || mechSet == NULL) return (GSS_S_CALL_INACCESSIBLE_WRITE); - if (gssint_initialize_library()) - return GSS_S_FAILURE; + *minorStatus = gssint_mechglue_initialize_library(); + if (*minorStatus != 0) + return (GSS_S_FAILURE); + + fileName = MECH_CONF; + /* + * If we have already computed the mechanisms supported and if it + * is still valid; make a copy and return to caller, + * otherwise build it first. + */ + if ((stat(fileName, &fileInfo) == 0 && + fileInfo.st_mtime > g_mechSetTime)) { + } /* if g_mechSet is out of date or not initialized */ if (build_mechSet()) return GSS_S_FAILURE; @@ -247,7 +313,8 @@ static OM_uint32 build_mechSet(void) { gss_mech_info mList; - int i, count; + size_t i; + size_t count; gss_OID curItem; /* @@ -260,6 +327,20 @@ build_mechSet(void) if (k5_mutex_lock(&g_mechListLock) != 0) return GSS_S_FAILURE; +#if 0 + /* + * this checks for the case when we need to re-construct the + * g_mechSet structure, but the mechanism list is upto date + * (because it has been read by someone calling + * gssint_get_mechanism) + */ + if (fileInfo.st_mtime > g_confFileModTime) + { + g_confFileModTime = fileInfo.st_mtime; + loadConfigFile(fileName); + } +#endif + updateMechList(); /* @@ -323,6 +404,9 @@ build_mechSet(void) } } +#if 0 + g_mechSetTime = fileInfo.st_mtime; +#endif (void) k5_mutex_unlock(&g_mechSetLock); (void) k5_mutex_unlock(&g_mechListLock); @@ -344,6 +428,9 @@ const gss_OID oid; gss_mech_info aMech; char *modOptions = NULL; + if (gssint_mechglue_initialize_library() != 0) + return (NULL); + /* make sure we have fresh data */ if (k5_mutex_lock(&g_mechListLock) != 0) return NULL; @@ -375,6 +462,9 @@ gssint_mech_to_oid(const char *mechStr, gss_OID* oid) *oid = GSS_C_NULL_OID; + if (gssint_mechglue_initialize_library() != 0) + return (GSS_S_FAILURE); + if ((mechStr == NULL) || (strlen(mechStr) == 0) || (strcasecmp(mechStr, M_DEFAULT) == 0)) return (GSS_S_COMPLETE); @@ -413,6 +503,9 @@ gssint_oid_to_mech(const gss_OID oid) if (oid == GSS_C_NULL_OID) return (M_DEFAULT); + if (gssint_mechglue_initialize_library() != 0) + return (NULL); + /* ensure we have fresh data */ if (k5_mutex_lock(&g_mechListLock) != 0) return NULL; @@ -437,11 +530,12 @@ gssint_get_mechanisms(char *mechArray[], int arrayLen) gss_mech_info aMech; int i; - if (gssint_initialize_library()) - return GSS_S_FAILURE; if (mechArray == NULL || arrayLen < 1) return (GSS_S_CALL_INACCESSIBLE_WRITE); + if (gssint_mechglue_initialize_library() != 0) + return (GSS_S_FAILURE); + /* ensure we have fresh data */ if (k5_mutex_lock(&g_mechListLock) != 0) return GSS_S_FAILURE; @@ -463,7 +557,6 @@ gssint_get_mechanisms(char *mechArray[], int arrayLen) return (GSS_S_COMPLETE); } /* gss_get_mechanisms */ - /* * determines if the mechList needs to be updated from file * and performs the update. @@ -472,56 +565,128 @@ gssint_get_mechanisms(char *mechArray[], int arrayLen) static void updateMechList(void) { - + char *fileName; + struct stat fileInfo; + + fileName = MECH_CONF; + + /* check if mechList needs updating */ + if (stat(fileName, &fileInfo) == 0 && + (fileInfo.st_mtime > g_confFileModTime)) { + loadConfigFile(fileName); + g_confFileModTime = fileInfo.st_mtime; + } +#if 0 init_hardcoded(); - +#endif } /* updateMechList */ +#ifdef _GSS_STATIC_LINK static void -freeMechList(void) +releaseMechInfo(gss_mech_info *pCf) { - gss_mech_info cf, next_cf; + gss_mech_info cf; + OM_uint32 minor_status; - for (cf = g_mechList; cf != NULL; cf = next_cf) { - next_cf = cf->next; + if (*pCf == NULL) { + return; + } + + cf = *pCf; + + if (cf->kmodName != NULL) + free(cf->kmodName); + if (cf->uLibName != NULL) free(cf->uLibName); + if (cf->mechNameStr != NULL) free(cf->mechNameStr); - free(cf); + if (cf->optionStr != NULL) + free(cf->optionStr); + if (cf->mech_type != GSS_C_NO_OID && + cf->mech_type != &cf->mech->mech_type) + generic_gss_release_oid(&minor_status, &cf->mech_type); + if (cf->mech != NULL) { + memset(cf->mech, 0, sizeof(*cf->mech)); + free(cf->mech); } + if (cf->dl_handle != NULL) + krb5int_close_plugin(cf->dl_handle); + + memset(cf, 0, sizeof(*cf)); + free(cf); + + *pCf = NULL; } /* * Register a mechanism. Called with g_mechListLock held. */ -static void -register_mech(gss_mechanism mech, const char *namestr, void *dl_handle) +int +gssint_register_mechinfo(gss_mech_info template) { gss_mech_info cf, new_cf; - new_cf = malloc(sizeof(*new_cf)); - if (new_cf == NULL) - return; + new_cf = calloc(1, sizeof(*new_cf)); + if (new_cf == NULL) { + return ENOMEM; + } - memset(new_cf, 0, sizeof(*new_cf)); - new_cf->kmodName = NULL; - new_cf->uLibName = strdup(namestr); - new_cf->mechNameStr = strdup(mech->mechNameStr); - new_cf->mech_type = &mech->mech_type; - new_cf->mech = mech; + new_cf->dl_handle = template->dl_handle; + /* copy mech so we can rewrite canonical mechanism OID */ + new_cf->mech = (gss_mechanism)calloc(1, sizeof(struct gss_config)); + if (new_cf->mech == NULL) { + releaseMechInfo(&new_cf); + return ENOMEM; + } + memcpy(new_cf->mech, template->mech, sizeof(struct gss_config)); + if (template->mech_type != NULL) + new_cf->mech->mech_type = *(template->mech_type); + new_cf->mech_type = &new_cf->mech->mech_type; + new_cf->priority = template->priority; + new_cf->freeMech = 1; new_cf->next = NULL; + if (template->kmodName != NULL) { + new_cf->kmodName = strdup(template->kmodName); + if (new_cf->kmodName == NULL) { + releaseMechInfo(&new_cf); + return ENOMEM; + } + } + if (template->uLibName != NULL) { + new_cf->uLibName = strdup(template->uLibName); + if (new_cf->uLibName == NULL) { + releaseMechInfo(&new_cf); + return ENOMEM; + } + } + if (template->mechNameStr != NULL) { + new_cf->mechNameStr = strdup(template->mechNameStr); + if (new_cf->mechNameStr == NULL) { + releaseMechInfo(&new_cf); + return ENOMEM; + } + } + if (template->optionStr != NULL) { + new_cf->optionStr = strdup(template->optionStr); + if (new_cf->optionStr == NULL) { + releaseMechInfo(&new_cf); + return ENOMEM; + } + } if (g_mechList == NULL) { g_mechList = new_cf; g_mechListTail = new_cf; - return; - } else if (mech->priority < g_mechList->mech->priority) { + return 0; + } else if (new_cf->priority < g_mechList->priority) { new_cf->next = g_mechList; g_mechList = new_cf; - return; + return 0; } + for (cf = g_mechList; cf != NULL; cf = cf->next) { if (cf->next == NULL || - mech->priority < cf->next->mech->priority) { + new_cf->priority < cf->next->priority) { new_cf->next = cf->next; cf->next = new_cf; if (g_mechListTail == cf) { @@ -530,36 +695,113 @@ register_mech(gss_mechanism mech, const char *namestr, void *dl_handle) break; } } + + return 0; +} +#endif /* _GSS_STATIC_LINK */ + +#define GSS_ADD_DYNAMIC_METHOD(_dl, _mech, _symbol) \ + do { \ + struct errinfo errinfo; \ + \ + memset(&errinfo, 0, sizeof(errinfo)); \ + if (krb5int_get_plugin_func(_dl, \ + #_symbol, \ + (void (**)())&(_mech)->_symbol, \ + &errinfo) || errinfo.code) \ + (_mech)->_symbol = NULL; \ + } while (0) + +static gss_mechanism +build_dynamicMech(void *dl, const gss_OID mech_type) +{ + gss_mechanism mech; + + mech = (gss_mechanism)calloc(1, sizeof(*mech)); + if (mech == NULL) { + return NULL; + } + + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_acquire_cred); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_release_cred); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_init_sec_context); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_accept_sec_context); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_process_context_token); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_delete_sec_context); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_context_time); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_get_mic); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_verify_mic); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_wrap); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_unwrap); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_display_status); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_indicate_mechs); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_compare_name); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_display_name); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_import_name); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_release_name); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_inquire_cred); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_add_cred); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_export_sec_context); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_import_sec_context); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_inquire_cred_by_mech); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_inquire_names_for_mech); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_inquire_context); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_internal_release_oid); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_wrap_size_limit); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_export_name); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_store_cred); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_import_name_object); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_export_name_object); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_inquire_sec_context_by_oid); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_inquire_cred_by_oid); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_set_sec_context_option); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gssspi_set_cred_option); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gssspi_mech_invoke); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_wrap_aead); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_unwrap_aead); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_wrap_iov); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_unwrap_iov); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_wrap_iov_length); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_complete_auth_token); + + assert(mech_type != GSS_C_NO_OID); + + mech->mech_type = *(mech_type); + + return mech; } -/* - * Initialize the hardcoded mechanisms. This function is called with - * g_mechListLock held. - */ static void -init_hardcoded(void) +freeMechList(void) { - gss_mechanism *cflist; - static int inited; - - if (inited) - return; + gss_mech_info cf, next_cf; + OM_uint32 minor; - cflist = krb5_gss_get_mech_configs(); - if (cflist == NULL) - return; - for ( ; *cflist != NULL; cflist++) { - register_mech(*cflist, "<builtin krb5>", NULL); - } - cflist = spnego_gss_get_mech_configs(); - if (cflist == NULL) - return; - for ( ; *cflist != NULL; cflist++) { - register_mech(*cflist, "<builtin spnego>", NULL); + for (cf = g_mechList; cf != NULL; cf = next_cf) { + next_cf = cf->next; + if (cf->kmodName != NULL) + free(cf->kmodName); + if (cf->uLibName != NULL) + free(cf->uLibName); + if (cf->mechNameStr != NULL) + free(cf->mechNameStr); + if (cf->optionStr != NULL) + free(cf->optionStr); + if (cf->mech_type != &cf->mech->mech_type) + generic_gss_release_oid(&minor, &cf->mech_type); + if (cf->mech != NULL && cf->freeMech) + free(cf->mech); + if (cf->mech_ext != NULL && cf->freeMech) + free(cf->mech_ext); + if (cf->dl_handle != NULL) + (void) krb5int_close_plugin(cf->dl_handle); + free(cf); } - inited = 1; } +/* + * Register a mechanism. Called with g_mechListLock held. + */ /* * given the mechanism type, return the mechanism structure @@ -569,12 +811,16 @@ init_hardcoded(void) * module if it has not been already loaded. */ gss_mechanism -gssint_get_mechanism(gss_OID oid) +gssint_get_mechanism(oid) +const gss_OID oid; { gss_mech_info aMech; + gss_mechanism (*sym)(const gss_OID); + struct plugin_file_handle *dl; + struct errinfo errinfo; - if (gssint_initialize_library()) - return NULL; + if (gssint_mechglue_initialize_library() != 0) + return (NULL); if (k5_mutex_lock(&g_mechListLock) != 0) return NULL; @@ -602,11 +848,102 @@ gssint_get_mechanism(gss_OID oid) if (aMech->mech) { (void) k5_mutex_unlock(&g_mechListLock); return (aMech->mech); + } + + memset(&errinfo, 0, sizeof(errinfo)); + + if (krb5int_open_plugin(aMech->uLibName, &dl, &errinfo) != 0 || + errinfo.code != 0) { +#if 0 + (void) syslog(LOG_INFO, "libgss dlopen(%s): %s\n", + aMech->uLibName, dlerror()); +#endif + (void) k5_mutex_unlock(&g_mechListLock); + return ((gss_mechanism)NULL); + } + + if (krb5int_get_plugin_func(dl, MECH_SYM, (void (**)())&sym, + &errinfo) == 0) { + /* Call the symbol to get the mechanism table */ + aMech->mech = (*sym)(aMech->mech_type); } else { - return NULL; + /* Try dynamic dispatch table */ + aMech->mech = build_dynamicMech(dl, aMech->mech_type); + aMech->freeMech = 1; } + if (aMech->mech == NULL) { + (void) krb5int_close_plugin(dl); +#if 0 + (void) syslog(LOG_INFO, "unable to initialize mechanism" + " library [%s]\n", aMech->uLibName); +#endif + (void) k5_mutex_unlock(&g_mechListLock); + return ((gss_mechanism)NULL); + } + + aMech->dl_handle = dl; + + (void) k5_mutex_unlock(&g_mechListLock); + return (aMech->mech); } /* gssint_get_mechanism */ +gss_mechanism_ext +gssint_get_mechanism_ext(oid) +const gss_OID oid; +{ + gss_mech_info aMech; + gss_mechanism_ext mech_ext; + + if (gssint_mechglue_initialize_library() != 0) + return (NULL); + + /* check if the mechanism is already loaded */ + if ((aMech = searchMechList(oid)) != NULL && aMech->mech_ext != NULL) + return (aMech->mech_ext); + + if (gssint_get_mechanism(oid) == NULL) + return (NULL); + + if (aMech->dl_handle == NULL) + return (NULL); + + /* Load the gss_config_ext struct for this mech */ + + mech_ext = (gss_mechanism_ext)malloc(sizeof (struct gss_config_ext)); + + if (mech_ext == NULL) + return (NULL); + +#if 0 + /* + * dlsym() the mech's 'method' functions for the extended APIs + * + * NOTE: Until the void *context argument is removed from the + * SPI method functions' signatures it will be necessary to have + * different function pointer typedefs and function names for + * the SPI methods than for the API. When this argument is + * removed it will be possible to rename gss_*_sfct to gss_*_fct + * and and gssspi_* to gss_*. + */ + mech_ext->gss_acquire_cred_with_password = + (gss_acquire_cred_with_password_sfct)dlsym(aMech->dl_handle, + "gssspi_acquire_cred_with_password"); +#endif + + /* Set aMech->mech_ext */ + (void) k5_mutex_lock(&g_mechListLock); + + if (aMech->mech_ext == NULL) + aMech->mech_ext = mech_ext; + else + free(mech_ext); /* we raced and lost; don't leak */ + + (void) k5_mutex_unlock(&g_mechListLock); + + return (aMech->mech_ext); + +} /* gssint_get_mechanism_ext */ + /* * this routine is used for searching the list of mechanism data. @@ -631,3 +968,235 @@ const gss_OID oid; /* none found */ return ((gss_mech_info) NULL); } /* searchMechList */ + + +/* + * loads the configuration file + * this is called while having a mutex lock on the mechanism list + * entries for libraries that have been loaded can't be modified + * mechNameStr and mech_type fields are not updated during updates + */ +static void loadConfigFile(fileName) +const char *fileName; +{ + char buffer[BUFSIZ], *oidStr, *oid, *sharedLib, *kernMod, *endp; + char *modOptions; + char sharedPath[sizeof (MECH_LIB_PREFIX) + BUFSIZ]; + char *tmpStr; + FILE *confFile; + gss_OID mechOid; + gss_mech_info aMech, tmp; + OM_uint32 minor; + gss_buffer_desc oidBuf; + + if ((confFile = fopen(fileName, "r")) == NULL) { + return; + } + + (void) memset(buffer, 0, sizeof (buffer)); + while (fgets(buffer, BUFSIZ, confFile) != NULL) { + + /* ignore lines beginning with # */ + if (*buffer == '#') + continue; + + /* + * find the first white-space character after + * the mechanism name + */ + oidStr = buffer; + for (oid = buffer; *oid && !isspace(*oid); oid++); + + /* Now find the first non-white-space character */ + if (*oid) { + *oid = '\0'; + oid++; + while (*oid && isspace(*oid)) + oid++; + } + + /* + * If that's all, then this is a corrupt entry. Skip it. + */ + if (! *oid) + continue; + + /* Find the end of the oid and make sure it is NULL-ended */ + for (endp = oid; *endp && !isspace(*endp); endp++) + ; + + if (*endp) { + *endp = '\0'; + } + + /* + * check if an entry for this oid already exists + * if it does, and the library is already loaded then + * we can't modify it, so skip it + */ + oidBuf.value = (void *)oid; + oidBuf.length = strlen(oid); + if (generic_gss_str_to_oid(&minor, &oidBuf, &mechOid) + != GSS_S_COMPLETE) { +#if 0 + (void) syslog(LOG_INFO, "invalid mechanism oid" + " [%s] in configuration file", oid); +#endif + continue; + } + + aMech = searchMechList(mechOid); + if (aMech && aMech->mech) { + generic_gss_release_oid(&minor, &mechOid); + continue; + } + + /* Find the start of the shared lib name */ + for (sharedLib = endp+1; *sharedLib && isspace(*sharedLib); + sharedLib++) + ; + + /* + * If that's all, then this is a corrupt entry. Skip it. + */ + if (! *sharedLib) { + generic_gss_release_oid(&minor, &mechOid); + continue; + } + + /* + * Find the end of the shared lib name and make sure it is + * NULL-terminated. + */ + for (endp = sharedLib; *endp && !isspace(*endp); endp++) + ; + + if (*endp) { + *endp = '\0'; + } + + /* Find the start of the optional kernel module lib name */ + for (kernMod = endp+1; *kernMod && isspace(*kernMod); + kernMod++) + ; + + /* + * If this item starts with a bracket "[", then + * it is not a kernel module, but is a list of + * options for the user module to parse later. + */ + if (*kernMod && *kernMod != '[') { + /* + * Find the end of the shared lib name and make sure + * it is NULL-terminated. + */ + for (endp = kernMod; *endp && !isspace(*endp); endp++) + ; + + if (*endp) { + *endp = '\0'; + } + } else + kernMod = NULL; + + /* Find the start of the optional module options list */ + for (modOptions = endp+1; *modOptions && isspace(*modOptions); + modOptions++); + + if (*modOptions == '[') { + /* move past the opening bracket */ + for (modOptions = modOptions+1; + *modOptions && isspace(*modOptions); + modOptions++); + + /* Find the closing bracket */ + for (endp = modOptions; + *endp && *endp != ']'; endp++); + + if (endp) + *endp = '\0'; + + } else { + modOptions = NULL; + } + + snprintf(sharedPath, sizeof(sharedPath), "%s%s", MECH_LIB_PREFIX, sharedLib); + + /* + * are we creating a new mechanism entry or + * just modifying existing (non loaded) mechanism entry + */ + if (aMech) { + /* + * delete any old values and set new + * mechNameStr and mech_type are not modified + */ + if (aMech->kmodName) { + free(aMech->kmodName); + aMech->kmodName = NULL; + } + + if (aMech->optionStr) { + free(aMech->optionStr); + aMech->optionStr = NULL; + } + + if ((tmpStr = strdup(sharedPath)) != NULL) { + if (aMech->uLibName) + free(aMech->uLibName); + aMech->uLibName = tmpStr; + } + + if (kernMod) /* this is an optional parameter */ + aMech->kmodName = strdup(kernMod); + + if (modOptions) /* optional module options */ + aMech->optionStr = strdup(modOptions); + + /* the oid is already set */ + generic_gss_release_oid(&minor, &mechOid); + continue; + } + + /* adding a new entry */ + aMech = calloc(1, sizeof (struct gss_mech_config)); + if (aMech == NULL) { + generic_gss_release_oid(&minor, &mechOid); + continue; + } + aMech->mech_type = mechOid; + aMech->uLibName = strdup(sharedPath); + aMech->mechNameStr = strdup(oidStr); + aMech->freeMech = 0; + + /* check if any memory allocations failed - bad news */ + if (aMech->uLibName == NULL || aMech->mechNameStr == NULL) { + if (aMech->uLibName) + free(aMech->uLibName); + if (aMech->mechNameStr) + free(aMech->mechNameStr); + generic_gss_release_oid(&minor, &mechOid); + free(aMech); + continue; + } + if (kernMod) /* this is an optional parameter */ + aMech->kmodName = strdup(kernMod); + + if (modOptions) + aMech->optionStr = strdup(modOptions); + /* + * add the new entry to the end of the list - make sure + * that only complete entries are added because other + * threads might currently be searching the list. + */ + tmp = g_mechListTail; + g_mechListTail = aMech; + + if (tmp != NULL) + tmp->next = aMech; + + if (g_mechList == NULL) + g_mechList = aMech; + } /* while */ + (void) fclose(confFile); +} /* loadConfigFile */ diff --git a/src/lib/gssapi/mechglue/g_inq_context.c b/src/lib/gssapi/mechglue/g_inq_context.c index 201c8bb4a..013b1768b 100644 --- a/src/lib/gssapi/mechglue/g_inq_context.c +++ b/src/lib/gssapi/mechglue/g_inq_context.c @@ -111,7 +111,6 @@ gss_inquire_context( } status = mech->gss_inquire_context( - mech->context, minor_status, ctx->internal_ctx_id, (src_name ? &localSourceName : NULL), @@ -135,8 +134,7 @@ gss_inquire_context( if (status != GSS_S_COMPLETE) { if (localTargName) - mech->gss_release_name(mech->context, - &temp_minor, &localTargName); + mech->gss_release_name(&temp_minor, &localTargName); return (status); } diff --git a/src/lib/gssapi/mechglue/g_inq_context_oid.c b/src/lib/gssapi/mechglue/g_inq_context_oid.c new file mode 100644 index 000000000..50bfcb561 --- /dev/null +++ b/src/lib/gssapi/mechglue/g_inq_context_oid.c @@ -0,0 +1,72 @@ +/* + * Copyright 2008 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + */ + +/* + * glue routine for gss_inquire_sec_context_by_oid + */ + +#include "mglueP.h" + +OM_uint32 KRB5_CALLCONV +gss_inquire_sec_context_by_oid (OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + const gss_OID desired_object, + gss_buffer_set_t *data_set) +{ + OM_uint32 status; + gss_union_ctx_id_t ctx; + gss_mechanism mech; + + if (minor_status == NULL) + return GSS_S_CALL_INACCESSIBLE_WRITE; + + if (context_handle == GSS_C_NO_CONTEXT) + return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT; + + /* + * select the approprate underlying mechanism routine and + * call it. + */ + + ctx = (gss_union_ctx_id_t) context_handle; + mech = gssint_get_mechanism (ctx->mech_type); + + if (mech != NULL) { + if (mech->gss_inquire_sec_context_by_oid != NULL) { + status = mech->gss_inquire_sec_context_by_oid(minor_status, + ctx->internal_ctx_id, + desired_object, + data_set); + if (status != GSS_S_COMPLETE) + map_error(minor_status, mech); + } else + status = GSS_S_BAD_MECH; + + return status; + } + + return GSS_S_NO_CONTEXT; +} + diff --git a/src/lib/gssapi/mechglue/g_inq_cred.c b/src/lib/gssapi/mechglue/g_inq_cred.c index 2413abca2..a14424399 100644 --- a/src/lib/gssapi/mechglue/g_inq_cred.c +++ b/src/lib/gssapi/mechglue/g_inq_cred.c @@ -86,7 +86,7 @@ gss_OID_set * mechanisms; if (!mech->gss_inquire_cred) return (GSS_S_UNAVAILABLE); - status = mech->gss_inquire_cred(mech->context, minor_status, + status = mech->gss_inquire_cred(minor_status, GSS_C_NO_CREDENTIAL, name ? &internal_name : NULL, lifetime, cred_usage, mechanisms); @@ -143,7 +143,9 @@ gss_OID_set * mechanisms; */ if(name != NULL) { - if ((gss_import_name(&temp_minor_status, + if (union_cred->auxinfo.name.length == 0) { + *name = GSS_C_NO_NAME; + } else if ((gss_import_name(&temp_minor_status, &union_cred->auxinfo.name, union_cred->auxinfo.name_type, name) != GSS_S_COMPLETE) || @@ -246,7 +248,7 @@ gss_inquire_cred_by_mech(minor_status, cred_handle, mech_type, name, return (GSS_S_DEFECTIVE_CREDENTIAL); #endif - status = mech->gss_inquire_cred_by_mech(mech->context, minor_status, + status = mech->gss_inquire_cred_by_mech(minor_status, mech_cred, mech_type, name ? &internal_name : NULL, initiator_lifetime, diff --git a/src/lib/gssapi/mechglue/g_inq_cred_oid.c b/src/lib/gssapi/mechglue/g_inq_cred_oid.c new file mode 100644 index 000000000..34056f6bd --- /dev/null +++ b/src/lib/gssapi/mechglue/g_inq_cred_oid.c @@ -0,0 +1,133 @@ +/* + * Copyright 2008 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + */ + +/* + * glue routine for gss_inquire_cred_by_oid + */ + +#include "mglueP.h" +#include <stdio.h> +#ifdef HAVE_STDLIB_H +#include <stdlib.h> +#endif +#include <string.h> +#include <time.h> + +static OM_uint32 append_to_buffer_set(OM_uint32 *minor_status, + gss_buffer_set_t *dst, + const gss_buffer_set_t src) +{ + size_t i; + OM_uint32 status; + + if (src == GSS_C_NO_BUFFER_SET) + return GSS_S_COMPLETE; + + if (*dst == GSS_C_NO_BUFFER_SET) { + status = gss_create_empty_buffer_set(minor_status, dst); + if (status != GSS_S_COMPLETE) + return status; + } + + status = GSS_S_COMPLETE; + + for (i = 0; i < src->count; i++) { + status = gss_add_buffer_set_member(minor_status, + &src->elements[i], + dst); + if (status != GSS_S_COMPLETE) + break; + } + + return status; +} + +OM_uint32 KRB5_CALLCONV +gss_inquire_cred_by_oid(OM_uint32 *minor_status, + const gss_cred_id_t cred_handle, + const gss_OID desired_object, + gss_buffer_set_t *data_set) +{ + gss_union_cred_t union_cred; + gss_mechanism mech; + int i; + gss_buffer_set_t union_set = GSS_C_NO_BUFFER_SET; + gss_buffer_set_t ret_set = GSS_C_NO_BUFFER_SET; + OM_uint32 status, minor; + + if (minor_status == NULL) + return GSS_S_CALL_INACCESSIBLE_WRITE; + + if (cred_handle == GSS_C_NO_CREDENTIAL) + return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CRED; + + *minor_status = 0; + *data_set = GSS_C_NO_BUFFER_SET; + + union_cred = (gss_union_cred_t) cred_handle; + + status = gss_create_empty_buffer_set(minor_status, &ret_set); + if (status != GSS_S_COMPLETE) { + return status; + } + + status = GSS_S_BAD_MECH; + + for (i = 0; i < union_cred->count; i++) { + mech = gssint_get_mechanism(&union_cred->mechs_array[i]); + if (mech == NULL) + continue; + + if (mech->gss_inquire_cred_by_oid == NULL) + continue; + + status = (mech->gss_inquire_cred_by_oid)(minor_status, + union_cred->cred_array[i], + desired_object, + &ret_set); + if (status != GSS_S_COMPLETE) { + map_error(minor_status, mech); + continue; + } + + if (union_cred->count == 1) { + union_set = ret_set; + break; + } + + status = append_to_buffer_set(minor_status, &union_set, ret_set); + gss_release_buffer_set(&minor, &ret_set); + if (status != GSS_S_COMPLETE) + break; + } + + if (status != GSS_S_COMPLETE) + gss_release_buffer_set(&minor, &union_set); + + *data_set = union_set; + + return status; +} + diff --git a/src/lib/gssapi/mechglue/g_inq_names.c b/src/lib/gssapi/mechglue/g_inq_names.c index 6142d86ba..597ab9919 100644 --- a/src/lib/gssapi/mechglue/g_inq_names.c +++ b/src/lib/gssapi/mechglue/g_inq_names.c @@ -69,7 +69,6 @@ gss_OID_set * name_types; if (mech->gss_inquire_names_for_mech) { status = mech->gss_inquire_names_for_mech( - mech->context, minor_status, mechanism, name_types); diff --git a/src/lib/gssapi/mechglue/g_mech_invoke.c b/src/lib/gssapi/mechglue/g_mech_invoke.c new file mode 100644 index 000000000..d753347d1 --- /dev/null +++ b/src/lib/gssapi/mechglue/g_mech_invoke.c @@ -0,0 +1,70 @@ +/* + * Copyright 2008 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + */ + +/* + * glue routine for gssspi_mech_invoke + */ + +#include "mglueP.h" +#ifdef HAVE_STDLIB_H +#include <stdlib.h> +#endif +#include <string.h> +#include <errno.h> + +OM_uint32 KRB5_CALLCONV +gssspi_mech_invoke (OM_uint32 *minor_status, + const gss_OID desired_mech, + const gss_OID desired_object, + gss_buffer_t value) +{ + OM_uint32 status; + gss_mechanism mech; + + if (minor_status == NULL) + return GSS_S_CALL_INACCESSIBLE_WRITE; + + *minor_status = 0; + + /* + * select the approprate underlying mechanism routine and + * call it. + */ + + mech = gssint_get_mechanism (desired_mech); + if (mech == NULL || mech->gssspi_mech_invoke == NULL) { + return GSS_S_BAD_MECH; + } + + status = mech->gssspi_mech_invoke(minor_status, + desired_mech, + desired_object, + value); + if (status != GSS_S_COMPLETE) + map_error(minor_status, mech); + + return status; +} + diff --git a/src/lib/gssapi/mechglue/g_oid_ops.c b/src/lib/gssapi/mechglue/g_oid_ops.c index 261d699f8..bd195239c 100644 --- a/src/lib/gssapi/mechglue/g_oid_ops.c +++ b/src/lib/gssapi/mechglue/g_oid_ops.c @@ -100,3 +100,12 @@ gss_str_to_oid(minor_status, oid_str, oid) return status; } +OM_uint32 KRB5_CALLCONV +gssint_copy_oid_set( + OM_uint32 *minor_status, + const gss_OID_set_desc * const oidset, + gss_OID_set *new_oidset) +{ + return generic_gss_copy_oid_set(minor_status, oidset, new_oidset); +} + diff --git a/src/lib/gssapi/mechglue/g_process_context.c b/src/lib/gssapi/mechglue/g_process_context.c index 5172c4cb5..9ed350c02 100644 --- a/src/lib/gssapi/mechglue/g_process_context.c +++ b/src/lib/gssapi/mechglue/g_process_context.c @@ -67,7 +67,6 @@ gss_buffer_t token_buffer; if (mech->gss_process_context_token) { status = mech->gss_process_context_token( - mech->context, minor_status, ctx->internal_ctx_id, token_buffer); diff --git a/src/lib/gssapi/mechglue/g_rel_cred.c b/src/lib/gssapi/mechglue/g_rel_cred.c index 02e915262..df208a0df 100644 --- a/src/lib/gssapi/mechglue/g_rel_cred.c +++ b/src/lib/gssapi/mechglue/g_rel_cred.c @@ -78,7 +78,7 @@ gss_cred_id_t * cred_handle; if (mech) { if (mech->gss_release_cred) { temp_status = mech->gss_release_cred - (mech->context, + ( minor_status, &union_cred->cred_array[j]); diff --git a/src/lib/gssapi/mechglue/g_rel_name.c b/src/lib/gssapi/mechglue/g_rel_name.c index a6615b707..84d1af839 100644 --- a/src/lib/gssapi/mechglue/g_rel_name.c +++ b/src/lib/gssapi/mechglue/g_rel_name.c @@ -48,7 +48,7 @@ gss_name_t * input_name; *minor_status = 0; /* if input_name is NULL, return error */ - if (input_name == 0) + if (input_name == NULL) return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME); if (*input_name == GSS_C_NO_NAME) @@ -65,16 +65,19 @@ gss_name_t * input_name; *input_name = 0; *minor_status = 0; - if (union_name->name_type) - gss_release_oid(minor_status, &union_name->name_type); - - free(union_name->external_name->value); - free(union_name->external_name); + if (union_name->name_type != GSS_C_NO_OID) + gss_release_oid(minor_status, &union_name->name_type); + + if (union_name->external_name != GSS_C_NO_BUFFER) { + if (union_name->external_name->value != NULL) + free(union_name->external_name->value); + free(union_name->external_name); + } if (union_name->mech_type) { - gssint_release_internal_name(minor_status, union_name->mech_type, - &union_name->mech_name); - gss_release_oid(minor_status, &union_name->mech_type); + gssint_release_internal_name(minor_status, union_name->mech_type, + &union_name->mech_name); + gss_release_oid(minor_status, &union_name->mech_type); } free(union_name); diff --git a/src/lib/gssapi/mechglue/g_rel_oid_set.c b/src/lib/gssapi/mechglue/g_rel_oid_set.c index f55c907ec..84c6ce6c9 100644 --- a/src/lib/gssapi/mechglue/g_rel_oid_set.c +++ b/src/lib/gssapi/mechglue/g_rel_oid_set.c @@ -39,25 +39,5 @@ gss_release_oid_set (minor_status, OM_uint32 * minor_status; gss_OID_set * set; { - OM_uint32 i; - gss_OID oid; - if (minor_status) - *minor_status = 0; - - if (set == NULL) - return GSS_S_COMPLETE; - - if (*set == GSS_C_NULL_OID_SET) - return(GSS_S_COMPLETE); - - for (i=0; i<(*set)->count; i++) { - oid = &(*set)->elements[i]; - free(oid->elements); - } - free((*set)->elements); - free(*set); - - *set = GSS_C_NULL_OID_SET; - - return(GSS_S_COMPLETE); + return generic_gss_release_oid_set(minor_status, set); } diff --git a/src/lib/gssapi/mechglue/g_seal.c b/src/lib/gssapi/mechglue/g_seal.c index 95c9b45a0..9faa5ddb0 100644 --- a/src/lib/gssapi/mechglue/g_seal.c +++ b/src/lib/gssapi/mechglue/g_seal.c @@ -23,17 +23,17 @@ */ /* - * glue routine for gss_seal + * glue routine for gss_wrap */ #include "mglueP.h" static OM_uint32 -val_seal_args( +val_wrap_args( OM_uint32 *minor_status, gss_ctx_id_t context_handle, int conf_req_flag, - int qop_req, + gss_qop_t qop_req, gss_buffer_t input_message_buffer, int *conf_state, gss_buffer_t output_message_buffer) @@ -66,9 +66,8 @@ val_seal_args( return (GSS_S_COMPLETE); } - OM_uint32 KRB5_CALLCONV -gss_seal (minor_status, +gss_wrap (minor_status, context_handle, conf_req_flag, qop_req, @@ -79,7 +78,7 @@ gss_seal (minor_status, OM_uint32 * minor_status; gss_ctx_id_t context_handle; int conf_req_flag; -int qop_req; +gss_qop_t qop_req; gss_buffer_t input_message_buffer; int * conf_state; gss_buffer_t output_message_buffer; @@ -90,7 +89,7 @@ gss_buffer_t output_message_buffer; gss_union_ctx_id_t ctx; gss_mechanism mech; - status = val_seal_args(minor_status, context_handle, + status = val_wrap_args(minor_status, context_handle, conf_req_flag, qop_req, input_message_buffer, conf_state, output_message_buffer); @@ -106,9 +105,8 @@ gss_buffer_t output_message_buffer; mech = gssint_get_mechanism (ctx->mech_type); if (mech) { - if (mech->gss_seal) { - status = mech->gss_seal( - mech->context, + if (mech->gss_wrap) { + status = mech->gss_wrap( minor_status, ctx->internal_ctx_id, conf_req_flag, @@ -118,9 +116,20 @@ gss_buffer_t output_message_buffer; output_message_buffer); if (status != GSS_S_COMPLETE) map_error(minor_status, mech); + } else if (mech->gss_wrap_aead || + (mech->gss_wrap_iov && mech->gss_wrap_iov_length)) { + status = gssint_wrap_aead(mech, + minor_status, + ctx, + conf_req_flag, + (gss_qop_t)qop_req, + GSS_C_NO_BUFFER, + input_message_buffer, + conf_state, + output_message_buffer); } else status = GSS_S_UNAVAILABLE; - + return(status); } /* EXPORT DELETE END */ @@ -129,7 +138,7 @@ gss_buffer_t output_message_buffer; } OM_uint32 KRB5_CALLCONV -gss_wrap (minor_status, +gss_seal (minor_status, context_handle, conf_req_flag, qop_req, @@ -140,19 +149,74 @@ gss_wrap (minor_status, OM_uint32 * minor_status; gss_ctx_id_t context_handle; int conf_req_flag; -gss_qop_t qop_req; +int qop_req; gss_buffer_t input_message_buffer; int * conf_state; gss_buffer_t output_message_buffer; { - return gss_seal(minor_status, (gss_ctx_id_t)context_handle, - conf_req_flag, (int) qop_req, - (gss_buffer_t)input_message_buffer, conf_state, + return gss_wrap(minor_status, context_handle, + conf_req_flag, (gss_qop_t) qop_req, + input_message_buffer, conf_state, output_message_buffer); } /* + * It is only possible to implement gss_wrap_size_limit() on top + * of gss_wrap_iov_length() for mechanisms that do not use any + * padding and have fixed length headers/trailers. + */ +static OM_uint32 +gssint_wrap_size_limit_iov_shim(gss_mechanism mech, + OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + OM_uint32 req_output_size, + OM_uint32 *max_input_size) +{ + gss_iov_buffer_desc iov[4]; + OM_uint32 status; + OM_uint32 ohlen; + + iov[0].type = GSS_IOV_BUFFER_TYPE_HEADER; + iov[0].buffer.value = NULL; + iov[0].buffer.length = 0; + + iov[1].type = GSS_IOV_BUFFER_TYPE_DATA; + iov[1].buffer.length = req_output_size; + iov[1].buffer.value = NULL; + + iov[2].type = GSS_IOV_BUFFER_TYPE_PADDING; + iov[2].buffer.value = NULL; + iov[2].buffer.length = 0; + + iov[3].type = GSS_IOV_BUFFER_TYPE_TRAILER; + iov[3].buffer.value = NULL; + iov[3].buffer.length = 0; + + assert(mech->gss_wrap_iov_length); + + status = mech->gss_wrap_iov_length(minor_status, context_handle, + conf_req_flag, qop_req, + NULL, iov, + sizeof(iov)/sizeof(iov[0])); + if (status != GSS_S_COMPLETE) { + map_error(minor_status, mech); + return status; + } + + ohlen = iov[0].buffer.length + iov[3].buffer.length; + + if (iov[2].buffer.length == 0 && ohlen < req_output_size) + *max_input_size = req_output_size - ohlen; + else + *max_input_size = 0; + + return GSS_S_COMPLETE; +} + +/* * New for V2 */ OM_uint32 KRB5_CALLCONV @@ -190,13 +254,18 @@ gss_wrap_size_limit(minor_status, context_handle, conf_req_flag, if (!mech) return (GSS_S_BAD_MECH); - if (!mech->gss_wrap_size_limit) - return (GSS_S_UNAVAILABLE); - - major_status = mech->gss_wrap_size_limit(mech->context, minor_status, - ctx->internal_ctx_id, - conf_req_flag, qop_req, - req_output_size, max_input_size); + if (mech->gss_wrap_size_limit) + major_status = mech->gss_wrap_size_limit(minor_status, + ctx->internal_ctx_id, + conf_req_flag, qop_req, + req_output_size, max_input_size); + else if (mech->gss_wrap_iov_length) + major_status = gssint_wrap_size_limit_iov_shim(mech, minor_status, + ctx->internal_ctx_id, + conf_req_flag, qop_req, + req_output_size, max_input_size); + else + major_status = GSS_S_UNAVAILABLE; if (major_status != GSS_S_COMPLETE) map_error(minor_status, mech); return major_status; diff --git a/src/lib/gssapi/mechglue/g_set_context_option.c b/src/lib/gssapi/mechglue/g_set_context_option.c new file mode 100644 index 000000000..17d9e3bac --- /dev/null +++ b/src/lib/gssapi/mechglue/g_set_context_option.c @@ -0,0 +1,110 @@ +/* + * Copyright 2008 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + */ + +/* + * glue routine for gss_set_sec_context_option + */ + +#include "mglueP.h" +#ifdef HAVE_STDLIB_H +#include <stdlib.h> +#endif +#include <string.h> +#include <errno.h> + +OM_uint32 KRB5_CALLCONV +gss_set_sec_context_option (OM_uint32 *minor_status, + gss_ctx_id_t *context_handle, + const gss_OID desired_object, + const gss_buffer_t value) +{ + OM_uint32 status, minor; + gss_union_ctx_id_t ctx; + gss_mechanism mech; + gss_ctx_id_t internal_ctx = GSS_C_NO_CONTEXT; + + if (minor_status == NULL) + return GSS_S_CALL_INACCESSIBLE_WRITE; + + if (context_handle == NULL) + return GSS_S_CALL_INACCESSIBLE_WRITE; + + *minor_status = 0; + + /* + * select the approprate underlying mechanism routine and + * call it. + */ + + ctx = (gss_union_ctx_id_t) *context_handle; + if (ctx == NULL) { + mech = gssint_get_mechanism (GSS_C_NO_OID); + } else { + mech = gssint_get_mechanism (ctx->mech_type); + } + + if (mech == NULL || mech->gss_set_sec_context_option == NULL) { + return GSS_S_BAD_MECH; + } + + status = mech->gss_set_sec_context_option(minor_status, + ctx ? &internal_ctx : + &ctx->internal_ctx_id, + desired_object, + value); + if (status == GSS_S_COMPLETE) { + if (ctx == NULL && internal_ctx != GSS_C_NO_CONTEXT) { + /* Allocate a union context handle to wrap new context */ + ctx = (gss_union_ctx_id_t)malloc(sizeof(*ctx)); + if (ctx == NULL) { + *minor_status = ENOMEM; + gssint_delete_internal_sec_context(&minor, + ctx->mech_type, + &internal_ctx, + GSS_C_NO_BUFFER); + return GSS_S_FAILURE; + } + + status = generic_gss_copy_oid(minor_status, + &mech->mech_type, + &ctx->mech_type); + if (status != GSS_S_COMPLETE) { + gssint_delete_internal_sec_context(&minor, + ctx->mech_type, + &internal_ctx, + GSS_C_NO_BUFFER); + free(ctx); + return status; + } + + ctx->internal_ctx_id = internal_ctx; + *context_handle = (gss_ctx_id_t)ctx; + } + } else + map_error(minor_status, mech); + + return status; +} + diff --git a/src/lib/gssapi/mechglue/g_set_cred_option.c b/src/lib/gssapi/mechglue/g_set_cred_option.c new file mode 100644 index 000000000..84d18cdf8 --- /dev/null +++ b/src/lib/gssapi/mechglue/g_set_cred_option.c @@ -0,0 +1,81 @@ +/* + * Copyright 2008 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + */ + +/* + * glue routine for gssspi_set_cred_option + */ + +#include "mglueP.h" +#include <stdio.h> +#ifdef HAVE_STDLIB_H +#include <stdlib.h> +#endif +#include <string.h> +#include <time.h> + +OM_uint32 KRB5_CALLCONV +gssspi_set_cred_option(OM_uint32 *minor_status, + gss_cred_id_t cred_handle, + const gss_OID desired_object, + const gss_buffer_t value) +{ + gss_union_cred_t union_cred; + gss_mechanism mech; + int i; + OM_uint32 status; + + if (minor_status == NULL) + return GSS_S_CALL_INACCESSIBLE_WRITE; + + if (cred_handle == GSS_C_NO_CREDENTIAL) + return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CRED; + + *minor_status = 0; + + union_cred = (gss_union_cred_t) cred_handle; + + status = GSS_S_BAD_MECH; + + for (i = 0; i < union_cred->count; i++) { + mech = gssint_get_mechanism(&union_cred->mechs_array[i]); + if (mech == NULL) + continue; + + if (mech->gssspi_set_cred_option == NULL) + continue; + + status = (mech->gssspi_set_cred_option)(minor_status, + union_cred->cred_array[i], + desired_object, + value); + if (status != GSS_S_COMPLETE) { + map_error(minor_status, mech); + break; + } + } + + return status; +} + diff --git a/src/lib/gssapi/mechglue/g_sign.c b/src/lib/gssapi/mechglue/g_sign.c index d297ee1ca..eec0f49b4 100644 --- a/src/lib/gssapi/mechglue/g_sign.c +++ b/src/lib/gssapi/mechglue/g_sign.c @@ -23,16 +23,16 @@ */ /* - * glue routine gss_sign + * glue routine gss_get_mic */ #include "mglueP.h" static OM_uint32 -val_sign_args( +val_get_mic_args( OM_uint32 *minor_status, gss_ctx_id_t context_handle, - int qop_req, + gss_qop_t qop_req, gss_buffer_t message_buffer, gss_buffer_t msg_token) { @@ -66,15 +66,15 @@ val_sign_args( OM_uint32 KRB5_CALLCONV -gss_sign (minor_status, - context_handle, - qop_req, - message_buffer, - msg_token) +gss_get_mic (minor_status, + context_handle, + qop_req, + message_buffer, + msg_token) OM_uint32 * minor_status; gss_ctx_id_t context_handle; -int qop_req; +gss_qop_t qop_req; gss_buffer_t message_buffer; gss_buffer_t msg_token; @@ -83,8 +83,8 @@ gss_buffer_t msg_token; gss_union_ctx_id_t ctx; gss_mechanism mech; - status = val_sign_args(minor_status, context_handle, - qop_req, message_buffer, msg_token); + status = val_get_mic_args(minor_status, context_handle, + qop_req, message_buffer, msg_token); if (status != GSS_S_COMPLETE) return (status); @@ -97,9 +97,8 @@ gss_buffer_t msg_token; mech = gssint_get_mechanism (ctx->mech_type); if (mech) { - if (mech->gss_sign) { - status = mech->gss_sign( - mech->context, + if (mech->gss_get_mic) { + status = mech->gss_get_mic( minor_status, ctx->internal_ctx_id, qop_req, @@ -117,7 +116,7 @@ gss_buffer_t msg_token; } OM_uint32 KRB5_CALLCONV -gss_get_mic (minor_status, +gss_sign (minor_status, context_handle, qop_req, message_buffer, @@ -125,12 +124,12 @@ gss_get_mic (minor_status, OM_uint32 * minor_status; gss_ctx_id_t context_handle; -gss_qop_t qop_req; +int qop_req; gss_buffer_t message_buffer; gss_buffer_t msg_token; { - return (gss_sign(minor_status, context_handle, (int) qop_req, - message_buffer, msg_token)); + return (gss_get_mic(minor_status, context_handle, (gss_qop_t) qop_req, + message_buffer, msg_token)); } diff --git a/src/lib/gssapi/mechglue/g_store_cred.c b/src/lib/gssapi/mechglue/g_store_cred.c index d9a7d9adc..1d438c4b9 100644 --- a/src/lib/gssapi/mechglue/g_store_cred.c +++ b/src/lib/gssapi/mechglue/g_store_cred.c @@ -111,7 +111,7 @@ gss_cred_usage_t *cred_usage_stored; if (mech_cred == GSS_C_NO_CREDENTIAL) return (GSS_S_NO_CRED); - major_status = mech->gss_store_cred(mech->context, + major_status = mech->gss_store_cred( minor_status, (gss_cred_id_t)mech_cred, cred_usage, @@ -143,7 +143,7 @@ gss_cred_usage_t *cred_usage_stored; if (mech_cred == GSS_C_NO_CREDENTIAL) continue; /* can't happen, but safe to ignore */ - major_status = mech->gss_store_cred(mech->context, + major_status = mech->gss_store_cred( minor_status, (gss_cred_id_t)mech_cred, cred_usage, diff --git a/src/lib/gssapi/mechglue/g_unseal.c b/src/lib/gssapi/mechglue/g_unseal.c index be7a8de90..c6b33506b 100644 --- a/src/lib/gssapi/mechglue/g_unseal.c +++ b/src/lib/gssapi/mechglue/g_unseal.c @@ -23,13 +23,13 @@ */ /* - * glue routine gss_unseal + * glue routine gss_unwrap */ #include "mglueP.h" OM_uint32 KRB5_CALLCONV -gss_unseal (minor_status, +gss_unwrap (minor_status, context_handle, input_message_buffer, output_message_buffer, @@ -41,7 +41,7 @@ gss_ctx_id_t context_handle; gss_buffer_t input_message_buffer; gss_buffer_t output_message_buffer; int * conf_state; -int * qop_state; +gss_qop_t * qop_state; { /* EXPORT DELETE START */ @@ -75,15 +75,12 @@ int * qop_state; * select the approprate underlying mechanism routine and * call it. */ - ctx = (gss_union_ctx_id_t) context_handle; mech = gssint_get_mechanism (ctx->mech_type); if (mech) { - if (mech->gss_unseal) { - status = mech->gss_unseal( - mech->context, - minor_status, + if (mech->gss_unwrap) { + status = mech->gss_unwrap(minor_status, ctx->internal_ctx_id, input_message_buffer, output_message_buffer, @@ -91,6 +88,15 @@ int * qop_state; qop_state); if (status != GSS_S_COMPLETE) map_error(minor_status, mech); + } else if (mech->gss_unwrap_aead || mech->gss_unwrap_iov) { + status = gssint_unwrap_aead(mech, + minor_status, + ctx, + input_message_buffer, + GSS_C_NO_BUFFER, + output_message_buffer, + conf_state, + (gss_qop_t *)qop_state); } else status = GSS_S_UNAVAILABLE; @@ -103,7 +109,7 @@ int * qop_state; } OM_uint32 KRB5_CALLCONV -gss_unwrap (minor_status, +gss_unseal (minor_status, context_handle, input_message_buffer, output_message_buffer, @@ -115,10 +121,10 @@ gss_ctx_id_t context_handle; gss_buffer_t input_message_buffer; gss_buffer_t output_message_buffer; int * conf_state; -gss_qop_t * qop_state; +int * qop_state; { - return (gss_unseal(minor_status, (gss_ctx_id_t)context_handle, - (gss_buffer_t)input_message_buffer, - output_message_buffer, conf_state, (int *) qop_state)); + return (gss_unwrap(minor_status, context_handle, + input_message_buffer, + output_message_buffer, conf_state, (gss_qop_t *) qop_state)); } diff --git a/src/lib/gssapi/mechglue/g_unwrap_aead.c b/src/lib/gssapi/mechglue/g_unwrap_aead.c new file mode 100644 index 000000000..7dcc27701 --- /dev/null +++ b/src/lib/gssapi/mechglue/g_unwrap_aead.c @@ -0,0 +1,198 @@ +/* #pragma ident "@(#)g_seal.c 1.19 98/04/21 SMI" */ + +/* + * Copyright 1996 by Sun Microsystems, Inc. + * + * Permission to use, copy, modify, distribute, and sell this software + * and its documentation for any purpose is hereby granted without fee, + * provided that the above copyright notice appears in all copies and + * that both that copyright notice and this permission notice appear in + * supporting documentation, and that the name of Sun Microsystems not be used + * in advertising or publicity pertaining to distribution of the software + * without specific, written prior permission. Sun Microsystems makes no + * representations about the suitability of this software for any + * purpose. It is provided "as is" without express or implied warranty. + * + * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, + * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO + * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR + * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF + * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR + * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * glue routine for gss_unwrap_aead + */ + +#include "mglueP.h" + +static OM_uint32 +val_unwrap_aead_args( + OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + gss_buffer_t input_message_buffer, + gss_buffer_t input_assoc_buffer, + gss_buffer_t output_payload_buffer, + int *conf_state, + gss_qop_t *qop_state) +{ + + /* Initialize outputs. */ + + if (minor_status != NULL) + *minor_status = 0; + + /* Validate arguments. */ + + if (minor_status == NULL) + return (GSS_S_CALL_INACCESSIBLE_WRITE); + + if (context_handle == GSS_C_NO_CONTEXT) + return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT); + + if (input_message_buffer == GSS_C_NO_BUFFER) + return (GSS_S_CALL_INACCESSIBLE_READ); + + if (output_payload_buffer == GSS_C_NO_BUFFER) + return (GSS_S_CALL_INACCESSIBLE_WRITE); + + return (GSS_S_COMPLETE); +} + +static OM_uint32 +gssint_unwrap_aead_iov_shim(gss_mechanism mech, + OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + gss_buffer_t input_message_buffer, + gss_buffer_t input_assoc_buffer, + gss_buffer_t output_payload_buffer, + int *conf_state, + gss_qop_t *qop_state) +{ + OM_uint32 status; + gss_iov_buffer_desc iov[3]; + int i = 0; + + iov[i].type = GSS_IOV_BUFFER_TYPE_STREAM; + iov[i].buffer = *input_message_buffer; + i++; + + if (input_assoc_buffer != NULL) { + iov[i].type = GSS_IOV_BUFFER_TYPE_SIGN_ONLY; + iov[i].buffer = *input_assoc_buffer; + i++; + } + + iov[i].type = GSS_IOV_BUFFER_TYPE_DATA | GSS_IOV_BUFFER_FLAG_ALLOCATE; + iov[i].buffer.value = NULL; + iov[i].buffer.length = 0; + i++; + + assert(mech->gss_unwrap_iov); + + status = mech->gss_unwrap_iov(minor_status, context_handle, conf_state, + qop_state, iov, i); + if (status == GSS_S_COMPLETE) { + *output_payload_buffer = iov[i - 1].buffer; + } else { + OM_uint32 minor; + + map_error(minor_status, mech); + + if (iov[i - 1].type & GSS_IOV_BUFFER_FLAG_ALLOCATED) { + gss_release_buffer(&minor, &iov[i - 1].buffer); + iov[i - 1].type &= ~(GSS_IOV_BUFFER_FLAG_ALLOCATED); + } + } + + return status; +} + +OM_uint32 +gssint_unwrap_aead (gss_mechanism mech, + OM_uint32 *minor_status, + gss_union_ctx_id_t ctx, + gss_buffer_t input_message_buffer, + gss_buffer_t input_assoc_buffer, + gss_buffer_t output_payload_buffer, + int *conf_state, + gss_qop_t *qop_state) +{ + OM_uint32 status; + + assert(mech != NULL); + assert(ctx != NULL); + + /* EXPORT DELETE START */ + + if (mech->gss_unwrap_aead) { + status = mech->gss_unwrap_aead(minor_status, + ctx->internal_ctx_id, + input_message_buffer, + input_assoc_buffer, + output_payload_buffer, + conf_state, + qop_state); + if (status != GSS_S_COMPLETE) + map_error(minor_status, mech); + } else if (mech->gss_unwrap_iov) { + status = gssint_unwrap_aead_iov_shim(mech, + minor_status, + ctx->internal_ctx_id, + input_message_buffer, + input_assoc_buffer, + output_payload_buffer, + conf_state, + qop_state); + } else + status = GSS_S_UNAVAILABLE; + /* EXPORT DELETE END */ + + return (status); +} + +OM_uint32 KRB5_CALLCONV +gss_unwrap_aead (minor_status, + context_handle, + input_message_buffer, + input_assoc_buffer, + output_payload_buffer, + conf_state, + qop_state) +OM_uint32 * minor_status; +gss_ctx_id_t context_handle; +gss_buffer_t input_message_buffer; +gss_buffer_t input_assoc_buffer; +gss_buffer_t output_payload_buffer; +int *conf_state; +gss_qop_t *qop_state; +{ + + OM_uint32 status; + gss_union_ctx_id_t ctx; + gss_mechanism mech; + + status = val_unwrap_aead_args(minor_status, context_handle, + input_message_buffer, input_assoc_buffer, + output_payload_buffer, + conf_state, qop_state); + if (status != GSS_S_COMPLETE) + return (status); + + /* + * select the approprate underlying mechanism routine and + * call it. + */ + ctx = (gss_union_ctx_id_t) context_handle; + mech = gssint_get_mechanism (ctx->mech_type); + + if (!mech) + return (GSS_S_BAD_MECH); + + return gssint_unwrap_aead(mech, minor_status, context_handle, + input_message_buffer, input_assoc_buffer, + output_payload_buffer, conf_state, qop_state); +} + diff --git a/src/lib/gssapi/mechglue/g_unwrap_iov.c b/src/lib/gssapi/mechglue/g_unwrap_iov.c new file mode 100644 index 000000000..ebef1a70a --- /dev/null +++ b/src/lib/gssapi/mechglue/g_unwrap_iov.c @@ -0,0 +1,114 @@ +/* #pragma ident "@(#)g_seal.c 1.19 98/04/21 SMI" */ + +/* + * Copyright 1996 by Sun Microsystems, Inc. + * + * Permission to use, copy, modify, distribute, and sell this software + * and its documentation for any purpose is hereby granted without fee, + * provided that the above copyright notice appears in all copies and + * that both that copyright notice and this permission notice appear in + * supporting documentation, and that the name of Sun Microsystems not be used + * in advertising or publicity pertaining to distribution of the software + * without specific, written prior permission. Sun Microsystems makes no + * representations about the suitability of this software for any + * purpose. It is provided "as is" without express or implied warranty. + * + * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, + * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO + * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR + * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF + * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR + * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * glue routine for gss_unwrap_iov + */ + +#include "mglueP.h" + +static OM_uint32 +val_unwrap_iov_args( + OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + int *conf_state, + gss_qop_t *qop_state, + gss_iov_buffer_desc *iov, + int iov_count) +{ + + /* Initialize outputs. */ + + if (minor_status != NULL) + *minor_status = 0; + + /* Validate arguments. */ + + if (minor_status == NULL) + return (GSS_S_CALL_INACCESSIBLE_WRITE); + + if (context_handle == GSS_C_NO_CONTEXT) + return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT); + + if (iov == GSS_C_NO_IOV_BUFFER) + return (GSS_S_CALL_INACCESSIBLE_READ); + + return (GSS_S_COMPLETE); +} + + +OM_uint32 KRB5_CALLCONV +gss_unwrap_iov (minor_status, + context_handle, + conf_state, + qop_state, + iov, + iov_count) +OM_uint32 * minor_status; +gss_ctx_id_t context_handle; +int * conf_state; +gss_qop_t *qop_state; +gss_iov_buffer_desc * iov; +int iov_count; +{ + /* EXPORT DELETE START */ + + OM_uint32 status; + gss_union_ctx_id_t ctx; + gss_mechanism mech; + + status = val_unwrap_iov_args(minor_status, context_handle, + conf_state, qop_state, iov, iov_count); + if (status != GSS_S_COMPLETE) + return (status); + + /* + * select the approprate underlying mechanism routine and + * call it. + */ + + ctx = (gss_union_ctx_id_t) context_handle; + mech = gssint_get_mechanism (ctx->mech_type); + + if (mech) { + if (mech->gss_unwrap_iov) { + status = mech->gss_unwrap_iov( + minor_status, + ctx->internal_ctx_id, + conf_state, + qop_state, + iov, + iov_count); + if (status != GSS_S_COMPLETE) + map_error(minor_status, mech); + } else + status = GSS_S_UNAVAILABLE; + + return(status); + } + /* EXPORT DELETE END */ + + return (GSS_S_BAD_MECH); +} + diff --git a/src/lib/gssapi/mechglue/g_userok.c b/src/lib/gssapi/mechglue/g_userok.c new file mode 100644 index 000000000..90fa90335 --- /dev/null +++ b/src/lib/gssapi/mechglue/g_userok.c @@ -0,0 +1,114 @@ +/* + * Copyright 2004 Sun Microsystems, Inc. All rights reserved. + * Use is subject to license terms. + */ + +/* #pragma ident "@(#)g_userok.c 1.1 04/03/25 SMI" */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> +#include <mglueP.h> +#include <gssapi/gssapi.h> + + +static OM_uint32 +compare_names(OM_uint32 *minor, + const gss_OID mech_type, + const gss_name_t name, + const char *user, + int *user_ok) +{ + + OM_uint32 status, tmpMinor; + gss_name_t imported_name; + gss_name_t canon_name; + gss_buffer_desc gss_user; + int match = 0; + + *user_ok = 0; + + gss_user.value = (void *)user; + if (!gss_user.value || !name || !mech_type) + return (GSS_S_BAD_NAME); + gss_user.length = strlen(gss_user.value); + + status = gss_import_name(minor, + &gss_user, + GSS_C_NT_USER_NAME, + &imported_name); + if (status != GSS_S_COMPLETE) { + goto out; + } + + status = gss_canonicalize_name(minor, + imported_name, + mech_type, + &canon_name); + if (status != GSS_S_COMPLETE) { + (void) gss_release_name(&tmpMinor, &imported_name); + goto out; + } + + status = gss_compare_name(minor, + canon_name, + name, + &match); + (void) gss_release_name(&tmpMinor, &canon_name); + (void) gss_release_name(&tmpMinor, &imported_name); + if (status == GSS_S_COMPLETE) { + if (match) + *user_ok = 1; /* remote user is a-ok */ + } + +out: + return (status); +} + + +OM_uint32 +gssint_userok(OM_uint32 *minor, + const gss_name_t name, + const char *user, + int *user_ok) + +{ + gss_mechanism mech; + gss_union_name_t intName; + gss_name_t mechName = NULL; + OM_uint32 major; + + if (minor == NULL || user_ok == NULL) + return (GSS_S_CALL_INACCESSIBLE_WRITE); + + if (name == NULL || user == NULL) + return (GSS_S_CALL_INACCESSIBLE_READ); + + *user_ok = 0; + *minor = GSS_S_COMPLETE; + + intName = (gss_union_name_t)name; + + mech = gssint_get_mechanism(intName->mech_type); + if (mech == NULL) + return (GSS_S_UNAVAILABLE); + + /* may need to import the name if this is not MN */ + if (intName->mech_type == NULL) { + return (GSS_S_FAILURE); + } else + mechName = intName->mech_name; + + if (mech->gssint_userok) { + major = mech->gssint_userok(minor, mechName, + user, user_ok); + if (major != GSS_S_COMPLETE) + map_error(minor_status, mech); + } else + major = compare_names(minor, intName->mech_type, + name, user, user_ok); + + return (major); +} /* gss_userok */ + diff --git a/src/lib/gssapi/mechglue/g_verify.c b/src/lib/gssapi/mechglue/g_verify.c index a6ca923a4..da3279cc7 100644 --- a/src/lib/gssapi/mechglue/g_verify.c +++ b/src/lib/gssapi/mechglue/g_verify.c @@ -23,23 +23,23 @@ */ /* - * glue routine for gss_verify + * glue routine for gss_verify_mic */ #include "mglueP.h" OM_uint32 KRB5_CALLCONV -gss_verify (minor_status, - context_handle, - message_buffer, - token_buffer, - qop_state) +gss_verify_mic (minor_status, + context_handle, + message_buffer, + token_buffer, + qop_state) OM_uint32 * minor_status; gss_ctx_id_t context_handle; gss_buffer_t message_buffer; gss_buffer_t token_buffer; -int * qop_state; +gss_qop_t * qop_state; { OM_uint32 status; @@ -68,14 +68,13 @@ int * qop_state; mech = gssint_get_mechanism (ctx->mech_type); if (mech) { - if (mech->gss_verify) { - status = mech->gss_verify( - mech->context, - minor_status, - ctx->internal_ctx_id, - message_buffer, - token_buffer, - qop_state); + if (mech->gss_verify_mic) { + status = mech->gss_verify_mic( + minor_status, + ctx->internal_ctx_id, + message_buffer, + token_buffer, + qop_state); if (status != GSS_S_COMPLETE) map_error(minor_status, mech); } else @@ -88,7 +87,7 @@ int * qop_state; } OM_uint32 KRB5_CALLCONV -gss_verify_mic (minor_status, +gss_verify (minor_status, context_handle, message_buffer, token_buffer, @@ -98,9 +97,10 @@ OM_uint32 * minor_status; gss_ctx_id_t context_handle; gss_buffer_t message_buffer; gss_buffer_t token_buffer; -gss_qop_t * qop_state; +int * qop_state; { - return (gss_verify(minor_status, context_handle, - message_buffer, token_buffer, (int *) qop_state)); + return (gss_verify_mic(minor_status, context_handle, + message_buffer, token_buffer, + (gss_qop_t *) qop_state)); } diff --git a/src/lib/gssapi/mechglue/g_wrap_aead.c b/src/lib/gssapi/mechglue/g_wrap_aead.c new file mode 100644 index 000000000..ff170e237 --- /dev/null +++ b/src/lib/gssapi/mechglue/g_wrap_aead.c @@ -0,0 +1,267 @@ +/* #pragma ident "@(#)g_seal.c 1.19 98/04/21 SMI" */ + +/* + * Copyright 1996 by Sun Microsystems, Inc. + * + * Permission to use, copy, modify, distribute, and sell this software + * and its documentation for any purpose is hereby granted without fee, + * provided that the above copyright notice appears in all copies and + * that both that copyright notice and this permission notice appear in + * supporting documentation, and that the name of Sun Microsystems not be used + * in advertising or publicity pertaining to distribution of the software + * without specific, written prior permission. Sun Microsystems makes no + * representations about the suitability of this software for any + * purpose. It is provided "as is" without express or implied warranty. + * + * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, + * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO + * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR + * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF + * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR + * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * glue routine for gss_wrap_aead + */ + +#include "mglueP.h" + +static OM_uint32 +val_wrap_aead_args( + OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + gss_buffer_t input_assoc_buffer, + gss_buffer_t input_payload_buffer, + int *conf_state, + gss_buffer_t output_message_buffer) +{ + + /* Initialize outputs. */ + + if (minor_status != NULL) + *minor_status = 0; + + /* Validate arguments. */ + + if (minor_status == NULL) + return (GSS_S_CALL_INACCESSIBLE_WRITE); + + if (context_handle == GSS_C_NO_CONTEXT) + return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT); + + if (input_payload_buffer == GSS_C_NO_BUFFER) + return (GSS_S_CALL_INACCESSIBLE_READ); + + if (output_message_buffer == GSS_C_NO_BUFFER) + return (GSS_S_CALL_INACCESSIBLE_WRITE); + + return (GSS_S_COMPLETE); +} + +static OM_uint32 +gssint_wrap_aead_iov_shim(gss_mechanism mech, + OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + gss_buffer_t input_assoc_buffer, + gss_buffer_t input_payload_buffer, + int *conf_state, + gss_buffer_t output_message_buffer) +{ + gss_iov_buffer_desc iov[5]; + OM_uint32 status; + size_t offset; + int i = 0, iov_count; + + /* HEADER | SIGN_ONLY_DATA | DATA | PADDING | TRAILER */ + + iov[i].type = GSS_IOV_BUFFER_TYPE_HEADER; + iov[i].buffer.value = NULL; + iov[i].buffer.length = 0; + i++; + + if (input_assoc_buffer != GSS_C_NO_BUFFER) { + iov[i].type = GSS_IOV_BUFFER_TYPE_SIGN_ONLY; + iov[i].buffer = *input_assoc_buffer; + i++; + } + + iov[i].type = GSS_IOV_BUFFER_TYPE_DATA; + iov[i].buffer = *input_payload_buffer; + i++; + + iov[i].type = GSS_IOV_BUFFER_TYPE_PADDING; + iov[i].buffer.value = NULL; + iov[i].buffer.length = 0; + i++; + + iov[i].type = GSS_IOV_BUFFER_TYPE_TRAILER; + iov[i].buffer.value = NULL; + iov[i].buffer.length = 0; + i++; + + iov_count = i; + + assert(mech->gss_wrap_iov_length); + + status = mech->gss_wrap_iov_length(minor_status, context_handle, + conf_req_flag, qop_req, + NULL, iov, iov_count); + if (status != GSS_S_COMPLETE) { + map_error(minor_status, mech); + return status; + } + + /* Format output token (does not include associated data) */ + for (i = 0, output_message_buffer->length = 0; i < iov_count; i++) { + if (GSS_IOV_BUFFER_TYPE(iov[i].type) == GSS_IOV_BUFFER_TYPE_SIGN_ONLY) + continue; + + output_message_buffer->length += iov[i].buffer.length; + } + + output_message_buffer->value = malloc(output_message_buffer->length); + if (output_message_buffer->value == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + i = 0, offset = 0; + + /* HEADER */ + iov[i].buffer.value = (unsigned char *)output_message_buffer->value + offset; + offset += iov[i].buffer.length; + i++; + + /* SIGN_ONLY_DATA */ + if (input_assoc_buffer != GSS_C_NO_BUFFER) + i++; + + /* DATA */ + iov[i].buffer.value = (unsigned char *)output_message_buffer->value + offset; + offset += iov[i].buffer.length; + + memcpy(iov[i].buffer.value, input_payload_buffer->value, iov[i].buffer.length); + i++; + + /* PADDING */ + iov[i].buffer.value = (unsigned char *)output_message_buffer->value + offset; + offset += iov[i].buffer.length; + i++; + + /* TRAILER */ + iov[i].buffer.value = (unsigned char *)output_message_buffer->value + offset; + offset += iov[i].buffer.length; + i++; + + assert(offset == output_message_buffer->length); + + assert(mech->gss_wrap_iov); + + status = mech->gss_wrap_iov(minor_status, context_handle, + conf_req_flag, qop_req, + conf_state, iov, iov_count); + if (status != GSS_S_COMPLETE) { + OM_uint32 minor; + + map_error(minor_status, mech); + gss_release_buffer(&minor, output_message_buffer); + } + + return status; +} + +OM_uint32 +gssint_wrap_aead (gss_mechanism mech, + OM_uint32 *minor_status, + gss_union_ctx_id_t ctx, + int conf_req_flag, + gss_qop_t qop_req, + gss_buffer_t input_assoc_buffer, + gss_buffer_t input_payload_buffer, + int *conf_state, + gss_buffer_t output_message_buffer) +{ + /* EXPORT DELETE START */ + OM_uint32 status; + + assert(ctx != NULL); + assert(mech != NULL); + + if (mech->gss_wrap_aead) { + status = mech->gss_wrap_aead(minor_status, + ctx->internal_ctx_id, + conf_req_flag, + qop_req, + input_assoc_buffer, + input_payload_buffer, + conf_state, + output_message_buffer); + if (status != GSS_S_COMPLETE) + map_error(minor_status, mech); + } else if (mech->gss_wrap_iov && mech->gss_wrap_iov_length) { + status = gssint_wrap_aead_iov_shim(mech, + minor_status, + ctx->internal_ctx_id, + conf_req_flag, + qop_req, + input_assoc_buffer, + input_payload_buffer, + conf_state, + output_message_buffer); + } else + status = GSS_S_UNAVAILABLE; + + /* EXPORT DELETE END */ + + return status; +} + +OM_uint32 KRB5_CALLCONV +gss_wrap_aead (minor_status, + context_handle, + conf_req_flag, + qop_req, + input_assoc_buffer, + input_payload_buffer, + conf_state, + output_message_buffer) +OM_uint32 * minor_status; +gss_ctx_id_t context_handle; +int conf_req_flag; +gss_qop_t qop_req; +gss_buffer_t input_assoc_buffer; +gss_buffer_t input_payload_buffer; +int * conf_state; +gss_buffer_t output_message_buffer; +{ + OM_uint32 status; + gss_mechanism mech; + gss_union_ctx_id_t ctx; + + status = val_wrap_aead_args(minor_status, context_handle, + conf_req_flag, qop_req, + input_assoc_buffer, input_payload_buffer, + conf_state, output_message_buffer); + if (status != GSS_S_COMPLETE) + return (status); + + /* + * select the approprate underlying mechanism routine and + * call it. + */ + ctx = (gss_union_ctx_id_t)context_handle; + mech = gssint_get_mechanism (ctx->mech_type); + if (!mech) + return (GSS_S_BAD_MECH); + + return gssint_wrap_aead(mech, minor_status, context_handle, + conf_req_flag, qop_req, + input_assoc_buffer, input_payload_buffer, + conf_state, output_message_buffer); +} diff --git a/src/lib/gssapi/mechglue/g_wrap_iov.c b/src/lib/gssapi/mechglue/g_wrap_iov.c new file mode 100644 index 000000000..8d054b259 --- /dev/null +++ b/src/lib/gssapi/mechglue/g_wrap_iov.c @@ -0,0 +1,207 @@ +/* #pragma ident "@(#)g_seal.c 1.19 98/04/21 SMI" */ + +/* + * Copyright 1996 by Sun Microsystems, Inc. + * + * Permission to use, copy, modify, distribute, and sell this software + * and its documentation for any purpose is hereby granted without fee, + * provided that the above copyright notice appears in all copies and + * that both that copyright notice and this permission notice appear in + * supporting documentation, and that the name of Sun Microsystems not be used + * in advertising or publicity pertaining to distribution of the software + * without specific, written prior permission. Sun Microsystems makes no + * representations about the suitability of this software for any + * purpose. It is provided "as is" without express or implied warranty. + * + * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, + * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO + * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR + * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF + * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR + * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * glue routine for gss_wrap_iov + */ + +#include "mglueP.h" + +static OM_uint32 +val_wrap_iov_args( + OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + int *conf_state, + gss_iov_buffer_desc *iov, + int iov_count) +{ + + /* Initialize outputs. */ + + if (minor_status != NULL) + *minor_status = 0; + + /* Validate arguments. */ + + if (minor_status == NULL) + return (GSS_S_CALL_INACCESSIBLE_WRITE); + + if (context_handle == GSS_C_NO_CONTEXT) + return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT); + + if (iov == GSS_C_NO_IOV_BUFFER) + return (GSS_S_CALL_INACCESSIBLE_READ); + + return (GSS_S_COMPLETE); +} + + +OM_uint32 KRB5_CALLCONV +gss_wrap_iov (minor_status, + context_handle, + conf_req_flag, + qop_req, + conf_state, + iov, + iov_count) +OM_uint32 * minor_status; +gss_ctx_id_t context_handle; +int conf_req_flag; +gss_qop_t qop_req; +int * conf_state; +gss_iov_buffer_desc * iov; +int iov_count; +{ + /* EXPORT DELETE START */ + + OM_uint32 status; + gss_union_ctx_id_t ctx; + gss_mechanism mech; + + status = val_wrap_iov_args(minor_status, context_handle, + conf_req_flag, qop_req, + conf_state, iov, iov_count); + if (status != GSS_S_COMPLETE) + return (status); + + /* + * select the approprate underlying mechanism routine and + * call it. + */ + + ctx = (gss_union_ctx_id_t) context_handle; + mech = gssint_get_mechanism (ctx->mech_type); + + if (mech) { + if (mech->gss_wrap_iov) { + status = mech->gss_wrap_iov( + minor_status, + ctx->internal_ctx_id, + conf_req_flag, + qop_req, + conf_state, + iov, + iov_count); + if (status != GSS_S_COMPLETE) + map_error(minor_status, mech); + } else + status = GSS_S_UNAVAILABLE; + + return(status); + } + /* EXPORT DELETE END */ + + return (GSS_S_BAD_MECH); +} + +OM_uint32 KRB5_CALLCONV +gss_wrap_iov_length (minor_status, + context_handle, + conf_req_flag, + qop_req, + conf_state, + iov, + iov_count) +OM_uint32 * minor_status; +gss_ctx_id_t context_handle; +int conf_req_flag; +gss_qop_t qop_req; +int * conf_state; +gss_iov_buffer_desc * iov; +int iov_count; +{ + /* EXPORT DELETE START */ + + OM_uint32 status; + gss_union_ctx_id_t ctx; + gss_mechanism mech; + + status = val_wrap_iov_args(minor_status, context_handle, + conf_req_flag, qop_req, + conf_state, iov, iov_count); + if (status != GSS_S_COMPLETE) + return (status); + + /* + * select the approprate underlying mechanism routine and + * call it. + */ + + ctx = (gss_union_ctx_id_t) context_handle; + mech = gssint_get_mechanism (ctx->mech_type); + + if (mech) { + if (mech->gss_wrap_iov_length) { + status = mech->gss_wrap_iov_length( + minor_status, + ctx->internal_ctx_id, + conf_req_flag, + qop_req, + conf_state, + iov, + iov_count); + if (status != GSS_S_COMPLETE) + map_error(minor_status, mech); + } else + status = GSS_S_UNAVAILABLE; + + return(status); + } + /* EXPORT DELETE END */ + + return (GSS_S_BAD_MECH); +} + +OM_uint32 KRB5_CALLCONV +gss_release_iov_buffer (minor_status, + iov, + iov_count) +OM_uint32 * minor_status; +gss_iov_buffer_desc * iov; +int iov_count; +{ + OM_uint32 status = GSS_S_COMPLETE; + int i; + + if (minor_status) + *minor_status = 0; + + if (iov == GSS_C_NO_IOV_BUFFER) + return GSS_S_COMPLETE; + + for (i = 0; i < iov_count; i++) { + if (iov[i].type & GSS_IOV_BUFFER_FLAG_ALLOCATED) { + status = gss_release_buffer(minor_status, &iov[i].buffer); + if (status != GSS_S_COMPLETE) + break; + + iov[i].type &= ~(GSS_IOV_BUFFER_FLAG_ALLOCATED); + } + } + + return status; +} + diff --git a/src/lib/gssapi/mechglue/gssd_pname_to_uid.c b/src/lib/gssapi/mechglue/gssd_pname_to_uid.c new file mode 100644 index 000000000..c310f1630 --- /dev/null +++ b/src/lib/gssapi/mechglue/gssd_pname_to_uid.c @@ -0,0 +1,67 @@ +/* #pragma ident "@(#)gssd_pname_to_uid.c 1.18 04/02/23 SMI" */ + +/* + * Copyright 1996 by Sun Microsystems, Inc. + * + * Permission to use, copy, modify, distribute, and sell this software + * and its documentation for any purpose is hereby granted without fee, + * provided that the above copyright notice appears in all copies and + * that both that copyright notice and this permission notice appear in + * supporting documentation, and that the name of Sun Microsystems not be used + * in advertising or publicity pertaining to distribution of the software + * without specific, written prior permission. Sun Microsystems makes no + * representations about the suitability of this software for any + * purpose. It is provided "as is" without express or implied warranty. + * + * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, + * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO + * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR + * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF + * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR + * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * glue routines that test the mech id either passed in to + * gss_init_sec_contex() or gss_accept_sec_context() or within the glue + * routine supported version of the security context and then call + * the appropriate underlying mechanism library procedure. + * + */ + +#include "mglueP.h" + +int gssd_pname_to_uid(pname, name_type, mech_type, uid) + +char * pname; +gss_OID name_type; +gss_OID mech_type; +uid_t * uid; +{ + int status; + gss_mechanism mech; + + /* + * find the appropriate mechanism specific pname_to_uid procedure and + * call it. + */ + + mech = gssint_get_mechanism (mech_type); + + if (mech) { + if (mech_type == GSS_C_NULL_OID) + mech_type = &mech->mech_type; + + if (mech->pname_to_uid) { + status = mech->pname_to_uid(pname, name_type, mech_type, uid); + if (status != GSS_S_COMPLETE) + map_error(minor_status, mech); + } else + status = GSS_S_BAD_MECH; + } else + status = GSS_S_BAD_MECH; + + return(status); +} + diff --git a/src/lib/gssapi/mechglue/mech.conf b/src/lib/gssapi/mechglue/mech.conf deleted file mode 100644 index 5257a01a2..000000000 --- a/src/lib/gssapi/mechglue/mech.conf +++ /dev/null @@ -1,7 +0,0 @@ -# -# -# GSSAPI Mechanism Definitions -# -# library function -/opt/SUNWgss/lib/mech_krb5.so krb5_gss_initialize -#mech_krb5.so krb5_gss_initialize diff --git a/src/lib/gssapi/mechglue/mechglue.h b/src/lib/gssapi/mechglue/mechglue.h index 4f4cd481c..7f3334aec 100644 --- a/src/lib/gssapi/mechglue/mechglue.h +++ b/src/lib/gssapi/mechglue/mechglue.h @@ -35,4 +35,8 @@ /* GSSAPI Extension functions -- these functions aren't */ /* in the GSSAPI, but they are provided in this library */ +#include <gssapi/gssapi_ext.h> + +void KRB5_CALLCONV gss_initialize(void); + #endif /* _GSS_MECHGLUE_H */ diff --git a/src/lib/gssapi/mechglue/mglueP.h b/src/lib/gssapi/mechglue/mglueP.h index 1f14ee217..52195f293 100644 --- a/src/lib/gssapi/mechglue/mglueP.h +++ b/src/lib/gssapi/mechglue/mglueP.h @@ -20,9 +20,6 @@ do { \ (o1)->length = (o2)->length; \ } while (0) -#define GSS_EMPTY_BUFFER(buf) ((buf) == NULL ||\ - (buf)->value == NULL || (buf)->length == 0) - /* * Array of context IDs typed by mechanism OID */ @@ -78,7 +75,20 @@ typedef struct gss_cred_id_struct { gss_cred_id_t *cred_array; gss_union_cred_auxinfo auxinfo; } gss_union_cred_desc, *gss_union_cred_t; - + +typedef OM_uint32 (*gss_acquire_cred_with_password_sfct)( + void *, /* context */ + OM_uint32 *, /* minor_status */ + const gss_name_t, /* desired_name */ + const gss_buffer_t, /* password */ + OM_uint32, /* time_req */ + const gss_OID_set, /* desired_mechs */ + int, /* cred_usage */ + gss_cred_id_t *, /* output_cred_handle */ + gss_OID_set *, /* actual_mechs */ + OM_uint32 * /* time_rec */ + /* */); + /* * Rudimentary pointer validation macro to check whether the * "loopback" field of an opaque struct points back to itself. This @@ -91,7 +101,10 @@ typedef struct gss_cred_id_struct { /********************************************************/ /* The Mechanism Dispatch Table -- a mechanism needs to */ /* define one of these and provide a function to return */ -/* it to initialize the GSSAPI library */ +/* it to initialize the GSSAPI library */ +int gssint_mechglue_initialize_library(void); + +OM_uint32 gssint_get_mech_type_oid(gss_OID OID, gss_buffer_t token); /* * This is the definition of the mechs_array struct, which is used to @@ -105,13 +118,10 @@ typedef struct gss_cred_id_struct { */ typedef struct gss_config { - OM_uint32 priority; - char * mechNameStr; gss_OID_desc mech_type; void * context; OM_uint32 (*gss_acquire_cred) ( - void*, /* context */ OM_uint32*, /* minor_status */ gss_name_t, /* desired_name */ OM_uint32, /* time_req */ @@ -123,13 +133,11 @@ typedef struct gss_config { ); OM_uint32 (*gss_release_cred) ( - void*, /* context */ OM_uint32*, /* minor_status */ gss_cred_id_t* /* cred_handle */ ); OM_uint32 (*gss_init_sec_context) ( - void*, /* context */ OM_uint32*, /* minor_status */ gss_cred_id_t, /* claimant_cred_handle */ gss_ctx_id_t*, /* context_handle */ @@ -146,7 +154,6 @@ typedef struct gss_config { ); OM_uint32 (*gss_accept_sec_context) ( - void*, /* context */ OM_uint32*, /* minor_status */ gss_ctx_id_t*, /* context_handle */ gss_cred_id_t, /* verifier_cred_handle */ @@ -161,67 +168,59 @@ typedef struct gss_config { ); OM_uint32 (*gss_process_context_token) ( - void*, /* context */ OM_uint32*, /* minor_status */ gss_ctx_id_t, /* context_handle */ gss_buffer_t /* token_buffer */ ); OM_uint32 (*gss_delete_sec_context) ( - void*, /* context */ OM_uint32*, /* minor_status */ gss_ctx_id_t*, /* context_handle */ gss_buffer_t /* output_token */ ); OM_uint32 (*gss_context_time) ( - void*, /* context */ OM_uint32*, /* minor_status */ gss_ctx_id_t, /* context_handle */ OM_uint32* /* time_rec */ ); - OM_uint32 (*gss_sign) + OM_uint32 (*gss_get_mic) ( - void*, /* context */ OM_uint32*, /* minor_status */ gss_ctx_id_t, /* context_handle */ - int, /* qop_req */ + gss_qop_t, /* qop_req */ gss_buffer_t, /* message_buffer */ gss_buffer_t /* message_token */ ); - OM_uint32 (*gss_verify) + OM_uint32 (*gss_verify_mic) ( - void*, /* context */ OM_uint32*, /* minor_status */ gss_ctx_id_t, /* context_handle */ gss_buffer_t, /* message_buffer */ gss_buffer_t, /* token_buffer */ - int* /* qop_state */ + gss_qop_t* /* qop_state */ ); - OM_uint32 (*gss_seal) + OM_uint32 (*gss_wrap) ( - void*, /* context */ OM_uint32*, /* minor_status */ gss_ctx_id_t, /* context_handle */ int, /* conf_req_flag */ - int, /* qop_req */ + gss_qop_t, /* qop_req */ gss_buffer_t, /* input_message_buffer */ int*, /* conf_state */ gss_buffer_t /* output_message_buffer */ ); - OM_uint32 (*gss_unseal) + OM_uint32 (*gss_unwrap) ( - void*, /* context */ OM_uint32*, /* minor_status */ gss_ctx_id_t, /* context_handle */ gss_buffer_t, /* input_message_buffer */ gss_buffer_t, /* output_message_buffer */ int*, /* conf_state */ - int* /* qop_state */ + gss_qop_t* /* qop_state */ ); OM_uint32 (*gss_display_status) ( - void*, /* context */ OM_uint32*, /* minor_status */ OM_uint32, /* status_value */ int, /* status_type */ @@ -231,13 +230,11 @@ typedef struct gss_config { ); OM_uint32 (*gss_indicate_mechs) ( - void*, /* context */ OM_uint32*, /* minor_status */ gss_OID_set* /* mech_set */ ); OM_uint32 (*gss_compare_name) ( - void*, /* context */ OM_uint32*, /* minor_status */ gss_name_t, /* name1 */ gss_name_t, /* name2 */ @@ -245,7 +242,6 @@ typedef struct gss_config { ); OM_uint32 (*gss_display_name) ( - void*, /* context */ OM_uint32*, /* minor_status */ gss_name_t, /* input_name */ gss_buffer_t, /* output_name_buffer */ @@ -253,7 +249,6 @@ typedef struct gss_config { ); OM_uint32 (*gss_import_name) ( - void*, /* context */ OM_uint32*, /* minor_status */ gss_buffer_t, /* input_name_buffer */ gss_OID, /* input_name_type */ @@ -261,13 +256,11 @@ typedef struct gss_config { ); OM_uint32 (*gss_release_name) ( - void*, /* context */ OM_uint32*, /* minor_status */ gss_name_t* /* input_name */ ); OM_uint32 (*gss_inquire_cred) ( - void*, /* context */ OM_uint32 *, /* minor_status */ gss_cred_id_t, /* cred_handle */ gss_name_t *, /* name */ @@ -277,7 +270,6 @@ typedef struct gss_config { ); OM_uint32 (*gss_add_cred) ( - void*, /* context */ OM_uint32 *, /* minor_status */ gss_cred_id_t, /* input_cred_handle */ gss_name_t, /* desired_name */ @@ -292,21 +284,18 @@ typedef struct gss_config { ); OM_uint32 (*gss_export_sec_context) ( - void*, /* context */ OM_uint32 *, /* minor_status */ gss_ctx_id_t *, /* context_handle */ gss_buffer_t /* interprocess_token */ ); OM_uint32 (*gss_import_sec_context) ( - void *, /* context */ OM_uint32 *, /* minor_status */ gss_buffer_t, /* interprocess_token */ gss_ctx_id_t * /* context_handle */ ); OM_uint32 (*gss_inquire_cred_by_mech) ( - void *, /* context */ OM_uint32 *, /* minor_status */ gss_cred_id_t, /* cred_handle */ gss_OID, /* mech_type */ @@ -317,14 +306,12 @@ typedef struct gss_config { ); OM_uint32 (*gss_inquire_names_for_mech) ( - void *, /* context */ OM_uint32 *, /* minor_status */ gss_OID, /* mechanism */ gss_OID_set * /* name_types */ ); OM_uint32 (*gss_inquire_context) ( - void *, /* context */ OM_uint32 *, /* minor_status */ gss_ctx_id_t, /* context_handle */ gss_name_t *, /* src_name */ @@ -332,18 +319,16 @@ typedef struct gss_config { OM_uint32 *, /* lifetime_rec */ gss_OID *, /* mech_type */ OM_uint32 *, /* ctx_flags */ - int *, /* locally_initiated */ + int *, /* locally_initiated */ int * /* open */ ); OM_uint32 (*gss_internal_release_oid) ( - void *, /* context */ OM_uint32 *, /* minor_status */ gss_OID * /* OID */ ); OM_uint32 (*gss_wrap_size_limit) ( - void *, /* context */ OM_uint32 *, /* minor_status */ gss_ctx_id_t, /* context_handle */ int, /* conf_req_flag */ @@ -351,16 +336,30 @@ typedef struct gss_config { OM_uint32, /* req_output_size */ OM_uint32 * /* max_input_size */ ); +#if 0 + int (*pname_to_uid) + ( + char *, /* pname */ + gss_OID, /* name type */ + gss_OID, /* mech type */ + uid_t * /* uid */ + ); + OM_uint32 (*gssint_userok) + ( + OM_uint32 *, /* minor_status */ + const gss_name_t, /* pname */ + const char *, /* local user */ + int * /* user ok? */ + /* */); +#endif OM_uint32 (*gss_export_name) ( - void *, /* context */ OM_uint32 *, /* minor_status */ const gss_name_t, /* input_name */ gss_buffer_t /* exported_name */ /* */); OM_uint32 (*gss_store_cred) ( - void *, /* context */ OM_uint32 *, /* minor_status */ const gss_cred_id_t, /* input_cred */ gss_cred_usage_t, /* cred_usage */ @@ -370,8 +369,132 @@ typedef struct gss_config { gss_OID_set *, /* elements_stored */ gss_cred_usage_t * /* cred_usage_stored */ /* */); + + OM_uint32 (*gss_import_name_object) + ( + OM_uint32 *, /* minor_status */ + void *, /* input_name */ + gss_OID, /* input_name_type */ + gss_name_t * /* output_name */ + /* */); + + OM_uint32 (*gss_export_name_object) + ( + OM_uint32 *, /* minor_status */ + gss_name_t, /* input_name */ + gss_OID, /* desired_name_type */ + void ** /* output_name */ + /* */); + + /* GGF extensions */ + + OM_uint32 (*gss_inquire_sec_context_by_oid) + ( + OM_uint32 *, /* minor_status */ + const gss_ctx_id_t, /* context_handle */ + const gss_OID, /* OID */ + gss_buffer_set_t * /* data_set */ + ); + OM_uint32 (*gss_inquire_cred_by_oid) + ( + OM_uint32 *, /* minor_status */ + const gss_cred_id_t, /* cred_handle */ + const gss_OID, /* OID */ + gss_buffer_set_t * /* data_set */ + ); + OM_uint32 (*gss_set_sec_context_option) + ( + OM_uint32 *, /* minor_status */ + gss_ctx_id_t *, /* context_handle */ + const gss_OID, /* OID */ + const gss_buffer_t /* value */ + ); + OM_uint32 (*gssspi_set_cred_option) + ( + OM_uint32 *, /* minor_status */ + gss_cred_id_t, /* cred_handle */ + const gss_OID, /* OID */ + const gss_buffer_t /* value */ + ); + OM_uint32 (*gssspi_mech_invoke) + ( + OM_uint32*, /* minor_status */ + const gss_OID, /* mech OID */ + const gss_OID, /* OID */ + gss_buffer_t /* value */ + ); + + /* AEAD extensions */ + OM_uint32 (*gss_wrap_aead) + ( + OM_uint32 *, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + int, /* conf_req_flag */ + gss_qop_t, /* qop_req */ + gss_buffer_t, /* input_assoc_buffer */ + gss_buffer_t, /* input_payload_buffer */ + int *, /* conf_state */ + gss_buffer_t /* output_message_buffer */ + /* */); + + OM_uint32 (*gss_unwrap_aead) + ( + OM_uint32 *, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + gss_buffer_t, /* input_message_buffer */ + gss_buffer_t, /* input_assoc_buffer */ + gss_buffer_t, /* output_payload_buffer */ + int *, /* conf_state */ + gss_qop_t * /* qop_state */ + /* */); + + /* SSPI extensions */ + OM_uint32 (*gss_wrap_iov) + ( + OM_uint32 *, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + int, /* conf_req_flag */ + gss_qop_t, /* qop_req */ + int *, /* conf_state */ + gss_iov_buffer_desc *, /* iov */ + int /* iov_count */ + /* */); + + OM_uint32 (*gss_unwrap_iov) + ( + OM_uint32 *, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + int *, /* conf_state */ + gss_qop_t *, /* qop_state */ + gss_iov_buffer_desc *, /* iov */ + int /* iov_count */ + /* */); + + OM_uint32 (*gss_wrap_iov_length) + ( + OM_uint32 *, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + int, /* conf_req_flag*/ + gss_qop_t, /* qop_req */ + int *, /* conf_state */ + gss_iov_buffer_desc *, /* iov */ + int /* iov_count */ + /* */); + + OM_uint32 (*gss_complete_auth_token) + ( + OM_uint32*, /* minor_status */ + const gss_ctx_id_t, /* context_handle */ + gss_buffer_t /* input_message_buffer */ + ); + } *gss_mechanism; +/* This structure MUST NOT be used by any code outside libgss */ +typedef struct gss_config_ext { + gss_acquire_cred_with_password_sfct gss_acquire_cred_with_password; +} *gss_mechanism_ext; + /* * In the user space we use a wrapper structure to encompass the * mechanism entry points. The wrapper contain the mechanism @@ -387,21 +510,22 @@ typedef struct gss_mech_config { void *dl_handle; /* RTLD object handle for the mech */ gss_OID mech_type; /* mechanism oid */ gss_mechanism mech; /* mechanism initialization struct */ + gss_mechanism_ext mech_ext; /* extensions */ + int priority; /* mechanism preference order */ + int freeMech; /* free mech table */ struct gss_mech_config *next; /* next element in the list */ } *gss_mech_info; -/* Mechanisms defined within our library */ - -extern gss_mechanism *krb5_gss_get_mech_configs(void); -extern gss_mechanism *spnego_gss_get_mech_configs(void); - /********************************************************/ /* Internal mechglue routines */ +#if 0 int gssint_mechglue_init(void); void gssint_mechglue_fini(void); +#endif gss_mechanism gssint_get_mechanism (gss_OID); +gss_mechanism_ext gssint_get_mechanism_ext(const gss_OID); OM_uint32 gssint_get_mech_type (gss_OID, gss_buffer_t); char *gssint_get_kmodName(const gss_OID); char *gssint_get_modOptions(const gss_OID); @@ -412,6 +536,11 @@ OM_uint32 gssint_export_internal_name(OM_uint32 *, const gss_OID, OM_uint32 gssint_display_internal_name (OM_uint32 *, gss_OID, gss_name_t, gss_buffer_t, gss_OID *); OM_uint32 gssint_release_internal_name (OM_uint32 *, gss_OID, gss_name_t *); +OM_uint32 gssint_delete_internal_sec_context (OM_uint32 *, gss_OID, + gss_ctx_id_t *, gss_buffer_t); +#ifdef _GSS_STATIC_LINK +int gssint_register_mechinfo(gss_mech_info template); +#endif OM_uint32 gssint_convert_name_to_union_name (OM_uint32 *, /* minor_status */ @@ -466,6 +595,14 @@ gssint_get_mechanisms( ); OM_uint32 +gssint_userok( + OM_uint32 *, /* minor */ + const gss_name_t, /* name */ + const char *, /* user */ + int * /* user_ok */ +); + +OM_uint32 gss_store_cred( OM_uint32 *, /* minor_status */ const gss_cred_id_t, /* input_cred_handle */ @@ -494,6 +631,27 @@ gssint_put_der_length( unsigned int /* max_len */ ); +OM_uint32 +gssint_wrap_aead (gss_mechanism, /* mech */ + OM_uint32 *, /* minor_status */ + gss_union_ctx_id_t, /* ctx */ + int, /* conf_req_flag */ + gss_qop_t, /* qop_req_flag */ + gss_buffer_t, /* input_assoc_buffer */ + gss_buffer_t, /* input_payload_buffer */ + int *, /* conf_state */ + gss_buffer_t); /* output_message_buffer */ +OM_uint32 +gssint_unwrap_aead (gss_mechanism, /* mech */ + OM_uint32 *, /* minor_status */ + gss_union_ctx_id_t, /* ctx */ + gss_buffer_t, /* input_message_buffer */ + gss_buffer_t, /* input_assoc_buffer */ + gss_buffer_t, /* output_payload_buffer */ + int *, /* conf_state */ + gss_qop_t *); /* qop_state */ + + /* Use this to map an error code that was returned from a mech operation; the mech will be asked to produce the associated error messages. diff --git a/src/lib/gssapi/mechglue/oid_ops.c b/src/lib/gssapi/mechglue/oid_ops.c deleted file mode 100644 index 9e77ef1be..000000000 --- a/src/lib/gssapi/mechglue/oid_ops.c +++ /dev/null @@ -1,481 +0,0 @@ -/* #pragma ident "@(#)oid_ops.c 1.19 04/02/23 SMI" */ -/* - * lib/gssapi/generic/oid_ops.c - * - * Copyright 1995 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - */ - -/* - * oid_ops.c - GSS-API V2 interfaces to manipulate OIDs - */ - -#include "mglueP.h" -#ifdef HAVE_UNISTD_H -#include <unistd.h> -#endif -#include <stdlib.h> -#include <string.h> -#include <stdio.h> -#include <gssapi/gssapi_generic.h> -#include <errno.h> -#include <ctype.h> - -OM_uint32 -generic_gss_release_oid(minor_status, oid) - OM_uint32 *minor_status; - gss_OID *oid; -{ - if (minor_status) - *minor_status = 0; - - if (oid == NULL || *oid == GSS_C_NO_OID) - return(GSS_S_COMPLETE); - - /* - * The V2 API says the following! - * - * gss_release_oid[()] will recognize any of the GSSAPI's own OID values, - * and will silently ignore attempts to free these OIDs; for other OIDs - * it will call the C free() routine for both the OID data and the - * descriptor. This allows applications to freely mix their own heap- - * allocated OID values with OIDs returned by GSS-API. - */ - - /* - * We use the official OID definitions instead of the unofficial OID - * defintions. But we continue to support the unofficial OID - * gss_nt_service_name just in case if some gss applications use - * the old OID. - */ - - if ((*oid != GSS_C_NT_USER_NAME) && - (*oid != GSS_C_NT_MACHINE_UID_NAME) && - (*oid != GSS_C_NT_STRING_UID_NAME) && - (*oid != GSS_C_NT_HOSTBASED_SERVICE) && - (*oid != GSS_C_NT_ANONYMOUS) && - (*oid != GSS_C_NT_EXPORT_NAME) && - (*oid != gss_nt_service_name)) { - free((*oid)->elements); - free(*oid); - } - *oid = GSS_C_NO_OID; - return(GSS_S_COMPLETE); -} - -OM_uint32 -generic_gss_copy_oid(minor_status, oid, new_oid) - OM_uint32 *minor_status; - const gss_OID_desc * const oid; - gss_OID *new_oid; -{ - gss_OID p; - - *minor_status = 0; - - p = (gss_OID) malloc(sizeof(gss_OID_desc)); - if (!p) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - p->length = oid->length; - p->elements = malloc(p->length); - if (!p->elements) { - free(p); - return GSS_S_FAILURE; - } - memcpy(p->elements, oid->elements, p->length); - *new_oid = p; - return(GSS_S_COMPLETE); -} - - -OM_uint32 -generic_gss_create_empty_oid_set(minor_status, oid_set) - OM_uint32 *minor_status; - gss_OID_set *oid_set; -{ - *minor_status = 0; - - if ((*oid_set = (gss_OID_set) malloc(sizeof(gss_OID_set_desc)))) { - memset(*oid_set, 0, sizeof(gss_OID_set_desc)); - return(GSS_S_COMPLETE); - } - else { - *minor_status = ENOMEM; - return(GSS_S_FAILURE); - } -} - -OM_uint32 -generic_gss_add_oid_set_member(minor_status, member_oid, oid_set) - OM_uint32 *minor_status; - const gss_OID_desc * const member_oid; - gss_OID_set *oid_set; -{ - gss_OID elist; - gss_OID lastel; - - *minor_status = 0; - - if (member_oid == NULL || member_oid->length == 0 || - member_oid->elements == NULL) - return (GSS_S_CALL_INACCESSIBLE_READ); - - elist = (*oid_set)->elements; - /* Get an enlarged copy of the array */ - if (((*oid_set)->elements = (gss_OID) malloc(((*oid_set)->count+1) * - sizeof(gss_OID_desc)))) { - /* Copy in the old junk */ - if (elist) - memcpy((*oid_set)->elements, - elist, - ((*oid_set)->count * sizeof(gss_OID_desc))); - - /* Duplicate the input element */ - lastel = &(*oid_set)->elements[(*oid_set)->count]; - if ((lastel->elements = - (void *) malloc((size_t) member_oid->length))) { - /* Success - copy elements */ - memcpy(lastel->elements, member_oid->elements, - (size_t) member_oid->length); - /* Set length */ - lastel->length = member_oid->length; - - /* Update count */ - (*oid_set)->count++; - if (elist) - free(elist); - *minor_status = 0; - return(GSS_S_COMPLETE); - } - else - free((*oid_set)->elements); - } - /* Failure - restore old contents of list */ - (*oid_set)->elements = elist; - *minor_status = ENOMEM; - return(GSS_S_FAILURE); -} - -OM_uint32 -generic_gss_test_oid_set_member(minor_status, member, set, present) - OM_uint32 *minor_status; - const gss_OID_desc * const member; - gss_OID_set set; - int *present; -{ - OM_uint32 i; - int result; - - *minor_status = 0; - - if (member == NULL || set == NULL) - return (GSS_S_CALL_INACCESSIBLE_READ); - - if (present == NULL) - return (GSS_S_CALL_INACCESSIBLE_WRITE); - - result = 0; - for (i=0; i<set->count; i++) { - if ((set->elements[i].length == member->length) && - !memcmp(set->elements[i].elements, - member->elements, - (size_t) member->length)) { - result = 1; - break; - } - } - *present = result; - return(GSS_S_COMPLETE); -} - -/* - * OID<->string routines. These are uuuuugly. - */ -OM_uint32 -generic_gss_oid_to_str(minor_status, oid, oid_str) - OM_uint32 *minor_status; - const gss_OID_desc * const oid; - gss_buffer_t oid_str; -{ - OM_uint32 number; - OM_uint32 i; - unsigned char *cp; - char *bp; - struct k5buf buf; - - if (minor_status != NULL) - *minor_status = 0; - - if (oid_str != GSS_C_NO_BUFFER) { - oid_str->length = 0; - oid_str->value = NULL; - } - - if (oid == NULL || oid->length == 0 || oid->elements == NULL) - return (GSS_S_CALL_INACCESSIBLE_READ); - - if (oid_str == GSS_C_NO_BUFFER) - return (GSS_S_CALL_INACCESSIBLE_WRITE); - - /* Decoded according to krb5/gssapi_krb5.c */ - - cp = (unsigned char *) oid->elements; - number = (unsigned long) cp[0]; - krb5int_buf_init_dynamic(&buf); - krb5int_buf_add_fmt(&buf, "{ %lu %lu ", (unsigned long)number/40, - (unsigned long)number%40); - number = 0; - cp = (unsigned char *) oid->elements; - for (i=1; i<oid->length; i++) { - number = (number << 7) | (cp[i] & 0x7f); - if ((cp[i] & 0x80) == 0) { - krb5int_buf_add_fmt(&buf, "%lu ", (unsigned long)number); - number = 0; - } - } - krb5int_buf_add(&buf, "}"); - bp = krb5int_buf_data(&buf); - if (bp == NULL) { - *minor_status = ENOMEM; - return(GSS_S_FAILURE); - } - oid_str->length = krb5int_buf_len(&buf)+1; - oid_str->value = (void *) bp; - return(GSS_S_COMPLETE); -} - -OM_uint32 -generic_gss_str_to_oid(minor_status, oid_str, oid) - OM_uint32 *minor_status; - gss_buffer_t oid_str; - gss_OID *oid; -{ - unsigned char *cp, *bp, *startp; - int brace; - long numbuf; - long onumbuf; - OM_uint32 nbytes; - int i; - unsigned char *op; - - if (minor_status != NULL) - *minor_status = 0; - - if (oid != NULL) - *oid = GSS_C_NO_OID; - - if (GSS_EMPTY_BUFFER(oid_str)) - return (GSS_S_CALL_INACCESSIBLE_READ); - - if (oid == NULL) - return (GSS_S_CALL_INACCESSIBLE_WRITE); - - brace = 0; - bp = oid_str->value; - cp = bp; - /* Skip over leading space */ - while ((bp < &cp[oid_str->length]) && isspace(*bp)) - bp++; - if (*bp == '{') { - brace = 1; - bp++; - } - while ((bp < &cp[oid_str->length]) && isspace(*bp)) - bp++; - startp = bp; - nbytes = 0; - - /* - * The first two numbers are chewed up by the first octet. - */ - if (sscanf((char *)bp, "%ld", &numbuf) != 1) { - *minor_status = EINVAL; - return(GSS_S_FAILURE); - } - while ((bp < &cp[oid_str->length]) && isdigit(*bp)) - bp++; - while ((bp < &cp[oid_str->length]) && isspace(*bp)) - bp++; - if (sscanf((char *)bp, "%ld", &numbuf) != 1) { - *minor_status = EINVAL; - return(GSS_S_FAILURE); - } - while ((bp < &cp[oid_str->length]) && isdigit(*bp)) - bp++; - while ((bp < &cp[oid_str->length]) && - (isspace(*bp) || *bp == '.')) - bp++; - nbytes++; - while (isdigit(*bp)) { - if (sscanf((char *)bp, "%ld", &numbuf) != 1) { - return(GSS_S_FAILURE); - } - while (numbuf) { - nbytes++; - numbuf >>= 7; - } - while ((bp < &cp[oid_str->length]) && isdigit(*bp)) - bp++; - while ((bp < &cp[oid_str->length]) && - (isspace(*bp) || *bp == '.')) - bp++; - } - if (brace && (*bp != '}')) { - return(GSS_S_FAILURE); - } - - /* - * Phew! We've come this far, so the syntax is good. - */ - if ((*oid = (gss_OID) malloc(sizeof(gss_OID_desc)))) { - if (((*oid)->elements = (void *) malloc(nbytes))) { - (*oid)->length = nbytes; - op = (unsigned char *) (*oid)->elements; - bp = startp; - (void) sscanf((char *)bp, "%ld", &numbuf); - while (isdigit(*bp)) - bp++; - while (isspace(*bp) || *bp == '.') - bp++; - onumbuf = 40*numbuf; - (void) sscanf((char *)bp, "%ld", &numbuf); - onumbuf += numbuf; - *op = (unsigned char) onumbuf; - op++; - while (isdigit(*bp)) - bp++; - while (isspace(*bp) || *bp == '.') - bp++; - while (isdigit(*bp)) { - (void) sscanf((char *)bp, "%ld", &numbuf); - nbytes = 0; - /* Have to fill in the bytes msb-first */ - onumbuf = numbuf; - while (numbuf) { - nbytes++; - numbuf >>= 7; - } - numbuf = onumbuf; - op += nbytes; - i = -1; - while (numbuf) { - op[i] = (unsigned char) numbuf & 0x7f; - if (i != -1) - op[i] |= 0x80; - i--; - numbuf >>= 7; - } - while (isdigit(*bp)) - bp++; - while (isspace(*bp) || *bp == '.') - bp++; - } - return(GSS_S_COMPLETE); - } - else { - free(*oid); - *oid = GSS_C_NO_OID; - } - } - return(GSS_S_FAILURE); -} - -/* - * Copyright 1993 by OpenVision Technologies, Inc. - * - * Permission to use, copy, modify, distribute, and sell this software - * and its documentation for any purpose is hereby granted without fee, - * provided that the above copyright notice appears in all copies and - * that both that copyright notice and this permission notice appear in - * supporting documentation, and that the name of OpenVision not be used - * in advertising or publicity pertaining to distribution of the software - * without specific, written prior permission. OpenVision makes no - * representations about the suitability of this software for any - * purpose. It is provided "as is" without express or implied warranty. - * - * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, - * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO - * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR - * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF - * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR - * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - * PERFORMANCE OF THIS SOFTWARE. - */ -OM_uint32 -gssint_copy_oid_set( - OM_uint32 *minor_status, - const gss_OID_set_desc * const oidset, - gss_OID_set *new_oidset - ) -{ - gss_OID_set_desc *copy; - OM_uint32 minor = 0; - OM_uint32 major = GSS_S_COMPLETE; - OM_uint32 i; - - if (minor_status != NULL) - *minor_status = 0; - - if (new_oidset != NULL) - *new_oidset = GSS_C_NO_OID_SET; - - if (oidset == GSS_C_NO_OID_SET) - return (GSS_S_CALL_INACCESSIBLE_READ); - - if (new_oidset == NULL) - return (GSS_S_CALL_INACCESSIBLE_WRITE); - - if ((copy = (gss_OID_set_desc *) calloc(1, sizeof (*copy))) == NULL) { - major = GSS_S_FAILURE; - goto done; - } - - if ((copy->elements = (gss_OID_desc *) - calloc(oidset->count, sizeof (*copy->elements))) == NULL) { - major = GSS_S_FAILURE; - goto done; - } - copy->count = oidset->count; - - for (i = 0; i < copy->count; i++) { - gss_OID_desc *out = ©->elements[i]; - gss_OID_desc *in = &oidset->elements[i]; - - if ((out->elements = (void *) malloc(in->length)) == NULL) { - major = GSS_S_FAILURE; - goto done; - } - (void) memcpy(out->elements, in->elements, in->length); - out->length = in->length; - } - - *new_oidset = copy; -done: - if (major != GSS_S_COMPLETE) { - (void) gss_release_oid_set(&minor, ©); - } - - return (major); -} |