2 * Copyright (c) 2004, PADL Software Pty Ltd.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of PADL Software nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 #include "spnego/spnego_locl.h"
35 RCSID("$Id: context_stubs.c 22688 2008-03-16 11:33:58Z lha $");
38 spnego_supported_mechs(OM_uint32 *minor_status, gss_OID_set *mechs)
44 ret = gss_indicate_mechs(minor_status, &m);
45 if (ret != GSS_S_COMPLETE)
48 ret = gss_create_empty_oid_set(minor_status, mechs);
49 if (ret != GSS_S_COMPLETE) {
50 gss_release_oid_set(&junk, &m);
54 for (i = 0; i < m->count; i++) {
55 if (gss_oid_equal(&m->elements[i], GSS_SPNEGO_MECHANISM))
58 ret = gss_add_oid_set_member(minor_status, &m->elements[i], mechs);
60 gss_release_oid_set(&junk, &m);
61 gss_release_oid_set(&junk, mechs);
70 OM_uint32 _gss_spnego_process_context_token
71 (OM_uint32 *minor_status,
72 const gss_ctx_id_t context_handle,
73 const gss_buffer_t token_buffer
76 gss_ctx_id_t context ;
80 if (context_handle == GSS_C_NO_CONTEXT)
81 return GSS_S_NO_CONTEXT;
83 context = context_handle;
84 ctx = (gssspnego_ctx)context_handle;
86 HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
88 ret = gss_process_context_token(minor_status,
89 ctx->negotiated_ctx_id,
91 if (ret != GSS_S_COMPLETE) {
92 HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
96 ctx->negotiated_ctx_id = GSS_C_NO_CONTEXT;
98 return _gss_spnego_internal_delete_sec_context(minor_status,
103 OM_uint32 _gss_spnego_delete_sec_context
104 (OM_uint32 *minor_status,
105 gss_ctx_id_t *context_handle,
106 gss_buffer_t output_token
111 if (context_handle == NULL || *context_handle == GSS_C_NO_CONTEXT)
112 return GSS_S_NO_CONTEXT;
114 ctx = (gssspnego_ctx)*context_handle;
116 HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
118 return _gss_spnego_internal_delete_sec_context(minor_status,
123 OM_uint32 _gss_spnego_context_time
124 (OM_uint32 *minor_status,
125 const gss_ctx_id_t context_handle,
132 if (context_handle == GSS_C_NO_CONTEXT) {
133 return GSS_S_NO_CONTEXT;
136 ctx = (gssspnego_ctx)context_handle;
138 if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
139 return GSS_S_NO_CONTEXT;
142 return gss_context_time(minor_status,
143 ctx->negotiated_ctx_id,
147 OM_uint32 _gss_spnego_get_mic
148 (OM_uint32 *minor_status,
149 const gss_ctx_id_t context_handle,
151 const gss_buffer_t message_buffer,
152 gss_buffer_t message_token
159 if (context_handle == GSS_C_NO_CONTEXT) {
160 return GSS_S_NO_CONTEXT;
163 ctx = (gssspnego_ctx)context_handle;
165 if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
166 return GSS_S_NO_CONTEXT;
169 return gss_get_mic(minor_status, ctx->negotiated_ctx_id,
170 qop_req, message_buffer, message_token);
173 OM_uint32 _gss_spnego_verify_mic
174 (OM_uint32 * minor_status,
175 const gss_ctx_id_t context_handle,
176 const gss_buffer_t message_buffer,
177 const gss_buffer_t token_buffer,
178 gss_qop_t * qop_state
185 if (context_handle == GSS_C_NO_CONTEXT) {
186 return GSS_S_NO_CONTEXT;
189 ctx = (gssspnego_ctx)context_handle;
191 if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
192 return GSS_S_NO_CONTEXT;
195 return gss_verify_mic(minor_status,
196 ctx->negotiated_ctx_id,
202 OM_uint32 _gss_spnego_wrap
203 (OM_uint32 * minor_status,
204 const gss_ctx_id_t context_handle,
207 const gss_buffer_t input_message_buffer,
209 gss_buffer_t output_message_buffer
216 if (context_handle == GSS_C_NO_CONTEXT) {
217 return GSS_S_NO_CONTEXT;
220 ctx = (gssspnego_ctx)context_handle;
222 if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
223 return GSS_S_NO_CONTEXT;
226 return gss_wrap(minor_status,
227 ctx->negotiated_ctx_id,
230 input_message_buffer,
232 output_message_buffer);
235 OM_uint32 _gss_spnego_unwrap
236 (OM_uint32 * minor_status,
237 const gss_ctx_id_t context_handle,
238 const gss_buffer_t input_message_buffer,
239 gss_buffer_t output_message_buffer,
241 gss_qop_t * qop_state
248 if (context_handle == GSS_C_NO_CONTEXT) {
249 return GSS_S_NO_CONTEXT;
252 ctx = (gssspnego_ctx)context_handle;
254 if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
255 return GSS_S_NO_CONTEXT;
258 return gss_unwrap(minor_status,
259 ctx->negotiated_ctx_id,
260 input_message_buffer,
261 output_message_buffer,
266 OM_uint32 _gss_spnego_compare_name
267 (OM_uint32 *minor_status,
268 const gss_name_t name1,
269 const gss_name_t name2,
273 spnego_name n1 = (spnego_name)name1;
274 spnego_name n2 = (spnego_name)name2;
278 if (!gss_oid_equal(&n1->type, &n2->type))
279 return GSS_S_COMPLETE;
280 if (n1->value.length != n2->value.length)
281 return GSS_S_COMPLETE;
282 if (memcmp(n1->value.value, n2->value.value, n2->value.length) != 0)
283 return GSS_S_COMPLETE;
287 return GSS_S_COMPLETE;
290 OM_uint32 _gss_spnego_display_name
291 (OM_uint32 * minor_status,
292 const gss_name_t input_name,
293 gss_buffer_t output_name_buffer,
294 gss_OID * output_name_type
297 spnego_name name = (spnego_name)input_name;
301 if (name == NULL || name->mech == GSS_C_NO_NAME)
302 return GSS_S_FAILURE;
304 return gss_display_name(minor_status, name->mech,
305 output_name_buffer, output_name_type);
308 OM_uint32 _gss_spnego_import_name
309 (OM_uint32 * minor_status,
310 const gss_buffer_t name_buffer,
311 const gss_OID name_type,
312 gss_name_t * output_name
320 name = calloc(1, sizeof(*name));
322 *minor_status = ENOMEM;
323 return GSS_S_FAILURE;
326 maj_stat = _gss_copy_oid(minor_status, name_type, &name->type);
329 return GSS_S_FAILURE;
332 maj_stat = _gss_copy_buffer(minor_status, name_buffer, &name->value);
334 gss_name_t rname = (gss_name_t)name;
335 _gss_spnego_release_name(minor_status, &rname);
336 return GSS_S_FAILURE;
338 name->mech = GSS_C_NO_NAME;
339 *output_name = (gss_name_t)name;
341 return GSS_S_COMPLETE;
344 OM_uint32 _gss_spnego_export_name
345 (OM_uint32 * minor_status,
346 const gss_name_t input_name,
347 gss_buffer_t exported_name
353 if (input_name == GSS_C_NO_NAME)
354 return GSS_S_BAD_NAME;
356 name = (spnego_name)input_name;
357 if (name->mech == GSS_C_NO_NAME)
358 return GSS_S_BAD_NAME;
360 return gss_export_name(minor_status, name->mech, exported_name);
363 OM_uint32 _gss_spnego_release_name
364 (OM_uint32 * minor_status,
365 gss_name_t * input_name
370 if (*input_name != GSS_C_NO_NAME) {
372 spnego_name name = (spnego_name)*input_name;
373 _gss_free_oid(&junk, &name->type);
374 gss_release_buffer(&junk, &name->value);
375 if (name->mech != GSS_C_NO_NAME)
376 gss_release_name(&junk, &name->mech);
379 *input_name = GSS_C_NO_NAME;
381 return GSS_S_COMPLETE;
384 OM_uint32 _gss_spnego_inquire_context (
385 OM_uint32 * minor_status,
386 const gss_ctx_id_t context_handle,
387 gss_name_t * src_name,
388 gss_name_t * targ_name,
389 OM_uint32 * lifetime_rec,
391 OM_uint32 * ctx_flags,
392 int * locally_initiated,
397 OM_uint32 maj_stat, junk;
398 gss_name_t src_mn, targ_mn;
402 if (context_handle == GSS_C_NO_CONTEXT)
403 return GSS_S_NO_CONTEXT;
405 ctx = (gssspnego_ctx)context_handle;
407 if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT)
408 return GSS_S_NO_CONTEXT;
410 maj_stat = gss_inquire_context(minor_status,
411 ctx->negotiated_ctx_id,
419 if (maj_stat != GSS_S_COMPLETE)
423 spnego_name name = calloc(1, sizeof(*name));
427 *src_name = (gss_name_t)name;
429 gss_release_name(&junk, &src_mn);
432 spnego_name name = calloc(1, sizeof(*name));
434 gss_release_name(minor_status, src_name);
437 name->mech = targ_mn;
438 *targ_name = (gss_name_t)name;
440 gss_release_name(&junk, &targ_mn);
442 return GSS_S_COMPLETE;
445 gss_release_name(&junk, &targ_mn);
446 gss_release_name(&junk, &src_mn);
447 *minor_status = ENOMEM;
448 return GSS_S_FAILURE;
451 OM_uint32 _gss_spnego_wrap_size_limit (
452 OM_uint32 * minor_status,
453 const gss_ctx_id_t context_handle,
456 OM_uint32 req_output_size,
457 OM_uint32 * max_input_size
464 if (context_handle == GSS_C_NO_CONTEXT) {
465 return GSS_S_NO_CONTEXT;
468 ctx = (gssspnego_ctx)context_handle;
470 if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
471 return GSS_S_NO_CONTEXT;
474 return gss_wrap_size_limit(minor_status,
475 ctx->negotiated_ctx_id,
482 OM_uint32 _gss_spnego_export_sec_context (
483 OM_uint32 * minor_status,
484 gss_ctx_id_t * context_handle,
485 gss_buffer_t interprocess_token
493 if (context_handle == NULL) {
494 return GSS_S_NO_CONTEXT;
497 ctx = (gssspnego_ctx)*context_handle;
500 return GSS_S_NO_CONTEXT;
502 HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
504 if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
505 HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
506 return GSS_S_NO_CONTEXT;
509 ret = gss_export_sec_context(minor_status,
510 &ctx->negotiated_ctx_id,
512 if (ret == GSS_S_COMPLETE) {
513 ret = _gss_spnego_internal_delete_sec_context(minor_status,
516 if (ret == GSS_S_COMPLETE)
517 return GSS_S_COMPLETE;
520 HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
525 OM_uint32 _gss_spnego_import_sec_context (
526 OM_uint32 * minor_status,
527 const gss_buffer_t interprocess_token,
528 gss_ctx_id_t *context_handle
531 OM_uint32 ret, minor;
532 gss_ctx_id_t context;
535 ret = _gss_spnego_alloc_sec_context(minor_status, &context);
536 if (ret != GSS_S_COMPLETE) {
539 ctx = (gssspnego_ctx)context;
541 HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
543 ret = gss_import_sec_context(minor_status,
545 &ctx->negotiated_ctx_id);
546 if (ret != GSS_S_COMPLETE) {
547 _gss_spnego_internal_delete_sec_context(&minor, context_handle, GSS_C_NO_BUFFER);
552 /* don't bother filling in the rest of the fields */
554 HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
556 *context_handle = (gss_ctx_id_t)ctx;
558 return GSS_S_COMPLETE;
561 OM_uint32 _gss_spnego_inquire_names_for_mech (
562 OM_uint32 * minor_status,
563 const gss_OID mechanism,
564 gss_OID_set * name_types
567 gss_OID_set mechs, names, n;
573 ret = spnego_supported_mechs(minor_status, &mechs);
574 if (ret != GSS_S_COMPLETE)
577 ret = gss_create_empty_oid_set(minor_status, &names);
578 if (ret != GSS_S_COMPLETE)
581 for (i = 0; i < mechs->count; i++) {
582 ret = gss_inquire_names_for_mech(minor_status,
588 for (j = 0; j < n->count; j++)
589 gss_add_oid_set_member(minor_status,
592 gss_release_oid_set(&junk, &n);
595 ret = GSS_S_COMPLETE;
599 gss_release_oid_set(&junk, &mechs);
601 return GSS_S_COMPLETE;
604 OM_uint32 _gss_spnego_inquire_mechs_for_name (
605 OM_uint32 * minor_status,
606 const gss_name_t input_name,
607 gss_OID_set * mech_types
612 ret = gss_create_empty_oid_set(minor_status, mech_types);
616 ret = gss_add_oid_set_member(minor_status,
617 GSS_SPNEGO_MECHANISM,
620 gss_release_oid_set(&junk, mech_types);
625 OM_uint32 _gss_spnego_canonicalize_name (
626 OM_uint32 * minor_status,
627 const gss_name_t input_name,
628 const gss_OID mech_type,
629 gss_name_t * output_name
633 return gss_duplicate_name(minor_status, input_name, output_name);
636 OM_uint32 _gss_spnego_duplicate_name (
637 OM_uint32 * minor_status,
638 const gss_name_t src_name,
639 gss_name_t * dest_name
642 return gss_duplicate_name(minor_status, src_name, dest_name);
645 OM_uint32 _gss_spnego_sign
646 (OM_uint32 * minor_status,
647 gss_ctx_id_t context_handle,
649 gss_buffer_t message_buffer,
650 gss_buffer_t message_token
657 if (context_handle == GSS_C_NO_CONTEXT) {
658 return GSS_S_NO_CONTEXT;
661 ctx = (gssspnego_ctx)context_handle;
663 if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
664 return GSS_S_NO_CONTEXT;
667 return gss_sign(minor_status,
668 ctx->negotiated_ctx_id,
674 OM_uint32 _gss_spnego_verify
675 (OM_uint32 * minor_status,
676 gss_ctx_id_t context_handle,
677 gss_buffer_t message_buffer,
678 gss_buffer_t token_buffer,
686 if (context_handle == GSS_C_NO_CONTEXT) {
687 return GSS_S_NO_CONTEXT;
690 ctx = (gssspnego_ctx)context_handle;
692 if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
693 return GSS_S_NO_CONTEXT;
696 return gss_verify(minor_status,
697 ctx->negotiated_ctx_id,
703 OM_uint32 _gss_spnego_seal
704 (OM_uint32 * minor_status,
705 gss_ctx_id_t context_handle,
708 gss_buffer_t input_message_buffer,
710 gss_buffer_t output_message_buffer
717 if (context_handle == GSS_C_NO_CONTEXT) {
718 return GSS_S_NO_CONTEXT;
721 ctx = (gssspnego_ctx)context_handle;
723 if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
724 return GSS_S_NO_CONTEXT;
727 return gss_seal(minor_status,
728 ctx->negotiated_ctx_id,
731 input_message_buffer,
733 output_message_buffer);
736 OM_uint32 _gss_spnego_unseal
737 (OM_uint32 * minor_status,
738 gss_ctx_id_t context_handle,
739 gss_buffer_t input_message_buffer,
740 gss_buffer_t output_message_buffer,
749 if (context_handle == GSS_C_NO_CONTEXT) {
750 return GSS_S_NO_CONTEXT;
753 ctx = (gssspnego_ctx)context_handle;
755 if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
756 return GSS_S_NO_CONTEXT;
759 return gss_unseal(minor_status,
760 ctx->negotiated_ctx_id,
761 input_message_buffer,
762 output_message_buffer,
768 OM_uint32 _gss_spnego_unwrap_ex
769 (OM_uint32 * minor_status,
770 const gss_ctx_id_t context_handle,
771 const gss_buffer_t token_header_buffer,
772 const gss_buffer_t associated_data_buffer,
773 const gss_buffer_t input_message_buffer,
774 gss_buffer_t output_message_buffer,
776 gss_qop_t * qop_state)
782 if (context_handle == GSS_C_NO_CONTEXT) {
783 return GSS_S_NO_CONTEXT;
786 ctx = (gssspnego_ctx)context_handle;
788 if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
789 return GSS_S_NO_CONTEXT;
792 return gss_unwrap_ex(minor_status,
793 ctx->negotiated_ctx_id,
795 associated_data_buffer,
796 input_message_buffer,
797 output_message_buffer,
802 OM_uint32 _gss_spnego_wrap_ex
803 (OM_uint32 * minor_status,
804 const gss_ctx_id_t context_handle,
807 const gss_buffer_t associated_data_buffer,
808 const gss_buffer_t input_message_buffer,
810 gss_buffer_t output_token_buffer,
811 gss_buffer_t output_message_buffer
818 if (context_handle == GSS_C_NO_CONTEXT) {
819 return GSS_S_NO_CONTEXT;
822 ctx = (gssspnego_ctx)context_handle;
824 if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
825 return GSS_S_NO_CONTEXT;
828 if ((ctx->mech_flags & GSS_C_DCE_STYLE) == 0 &&
829 associated_data_buffer->length != input_message_buffer->length) {
830 *minor_status = EINVAL;
831 return GSS_S_BAD_QOP;
834 return gss_wrap_ex(minor_status,
835 ctx->negotiated_ctx_id,
838 associated_data_buffer,
839 input_message_buffer,
842 output_message_buffer);
845 OM_uint32 _gss_spnego_complete_auth_token
846 (OM_uint32 * minor_status,
847 const gss_ctx_id_t context_handle,
848 gss_buffer_t input_message_buffer)
854 if (context_handle == GSS_C_NO_CONTEXT) {
855 return GSS_S_NO_CONTEXT;
858 ctx = (gssspnego_ctx)context_handle;
860 if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
861 return GSS_S_NO_CONTEXT;
864 return gss_complete_auth_token(minor_status,
865 ctx->negotiated_ctx_id,
866 input_message_buffer);
870 OM_uint32 _gss_spnego_inquire_sec_context_by_oid
871 (OM_uint32 * minor_status,
872 const gss_ctx_id_t context_handle,
873 const gss_OID desired_object,
874 gss_buffer_set_t *data_set)
880 if (context_handle == GSS_C_NO_CONTEXT) {
881 return GSS_S_NO_CONTEXT;
884 ctx = (gssspnego_ctx)context_handle;
886 if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
887 return GSS_S_NO_CONTEXT;
890 return gss_inquire_sec_context_by_oid(minor_status,
891 ctx->negotiated_ctx_id,
896 OM_uint32 _gss_spnego_set_sec_context_option
897 (OM_uint32 * minor_status,
898 gss_ctx_id_t * context_handle,
899 const gss_OID desired_object,
900 const gss_buffer_t value)
906 if (context_handle == NULL || *context_handle == GSS_C_NO_CONTEXT) {
907 return GSS_S_NO_CONTEXT;
910 ctx = (gssspnego_ctx)*context_handle;
912 if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
913 return GSS_S_NO_CONTEXT;
916 return gss_set_sec_context_option(minor_status,
917 &ctx->negotiated_ctx_id,
924 _gss_spnego_pseudo_random(OM_uint32 *minor_status,
925 gss_ctx_id_t context_handle,
927 const gss_buffer_t prf_in,
928 ssize_t desired_output_len,
929 gss_buffer_t prf_out)
935 if (context_handle == GSS_C_NO_CONTEXT)
936 return GSS_S_NO_CONTEXT;
938 ctx = (gssspnego_ctx)context_handle;
940 if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT)
941 return GSS_S_NO_CONTEXT;
943 return gss_pseudo_random(minor_status,
944 ctx->negotiated_ctx_id,
git.samba.org / metze / samba / wip.git / blob