g_inquire_cred.c (gss_inquire_cred_by_mech): New GSSAPI V2 function.
g_init_sec_context.c (gss_init_sec_context): Make sure we convert the
union credential into a mechanism specific credential.
g_glue.c (__gss_get_mechanism_cred): New function for returning the
mechanism-specific credential from a union credential.
g_inquire_names.c (gss_inquire_names_for_mech):
g_oid_ops.c (gss_str_to_oid, gss_oid_to_str, ss_test_oid_set_member,
gss_add_oid_set_member, gss_create_empty_oid_set, gss_release_oid):
g_imp_sec_context.c (gss_import_sec_context):
g_exp_sec_context.c (gss_export_sec_context):
g_inquire_cred.c (gss_inquire_cred):
g_rel_oid_set.c (gss_release_oid_set):
g_rel_buffer.c (gss_release_buffer):
g_rel_name.c (gss_release_name):
g_imp_name.c (gss_import_name):
g_dsp_name.c (gss_display_name):
g_compare_name.c (gss_compare_name):
g_indicate_mechs.c (gss_indicate_mechs):
g_dsp_status.c (gss_display_status):
g_unseal.c (gss_unseal, gss_unwrap):
g_seal.c (gss_seal, gss_wrap):
g_verify.c (gss_verify, gss_verify_mic):
g_sign.c (gss_sign, gss_get_mic):
g_context_time.c (gss_context_time):
g_delete_sec_context.c (gss_delete_sec_context):
g_process_context.c (gss_process_context):
g_accept_sec_context.c (gss_accept_sec_context):
g_init_sec_context.c (gss_init_sec_context):
g_rel_cred.c (gss_release_cred):
g_acquire_cred.c (gss_acquire_cred): Added INTERFACE keyword for Windows.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7536
dc483132-0cff-0310-8789-
dd5450dbe970
Sat Feb 24 16:19:30 1996 Theodore Y. Ts'o <tytso@dcl>
+ * g_acquire_cred.c (gss_add_cred): New GSSAPI V2 function.
+
+ * g_inquire_cred.c (gss_inquire_cred_by_mech): New GSSAPI V2
+ function.
+
+ * g_init_sec_context.c (gss_init_sec_context): Make sure we
+ convert the union credential into a mechanism specific
+ credential.
+
+ * g_glue.c (__gss_get_mechanism_cred): New function for returning
+ the mechanism-specific credential from a union credential.
+
+ * g_inquire_names.c (gss_inquire_names_for_mech):
+ * g_oid_ops.c (gss_str_to_oid, gss_oid_to_str,
+ gss_test_oid_set_member, gss_add_oid_set_member,
+ gss_create_empty_oid_set, gss_release_oid):
+ * g_imp_sec_context.c (gss_import_sec_context):
+ * g_exp_sec_context.c (gss_export_sec_context):
+ * g_inquire_cred.c (gss_inquire_cred):
+ * g_rel_oid_set.c (gss_release_oid_set):
+ * g_rel_buffer.c (gss_release_buffer):
+ * g_rel_name.c (gss_release_name):
+ * g_imp_name.c (gss_import_name):
+ * g_dsp_name.c (gss_display_name):
+ * g_compare_name.c (gss_compare_name):
+ * g_indicate_mechs.c (gss_indicate_mechs):
+ * g_dsp_status.c (gss_display_status):
+ * g_unseal.c (gss_unseal, gss_unwrap):
+ * g_seal.c (gss_seal, gss_wrap):
+ * g_verify.c (gss_verify, gss_verify_mic):
+ * g_sign.c (gss_sign, gss_get_mic):
+ * g_context_time.c (gss_context_time):
+ * g_delete_sec_context.c (gss_delete_sec_context):
+ * g_process_context.c (gss_process_context):
+ * g_accept_sec_context.c (gss_accept_sec_context):
+ * g_init_sec_context.c (gss_init_sec_context):
+ * g_rel_cred.c (gss_release_cred):
+ * g_acquire_cred.c (gss_acquire_cred): Added INTERFACE keyword for
+ Windows.
+
* mglueP.h:
* g_seal.c: Add support for new V2 call gss_wrap_size_limit()
#endif
#include <string.h>
-OM_uint32
+OM_uint32 INTERFACE
gss_accept_sec_context (minor_status,
context_handle,
verifier_cred_handle,
* defaults to GSS_C_NO_CREDENTIAL if there is no cred, which will
* use the default credential.
*/
-
union_cred = (gss_union_cred_t) verifier_cred_handle;
-
- if (verifier_cred_handle != GSS_C_NO_CREDENTIAL)
- for (i=0; i < union_cred->count; i++) {
- if((union_cred->mechs_array[i].length == token_mech_type->length)
- &&
- (memcmp(union_cred->mechs_array[i].elements,
- token_mech_type->elements,
- token_mech_type->length) == 0)) {
-
- input_cred_handle = union_cred->cred_array[i];
- break;
- }
- }
+ input_cred_handle = __gss_get_mechanism_cred(union_cred, token_mech_type);
/*
* now select the approprate underlying mechanism routine and
#include <stdlib.h>
#endif
#include <string.h>
+#include <errno.h>
#define g_OID_equal(o1,o2) \
(((o1)->length == (o2)->length) && \
(memcmp((o1)->elements,(o2)->elements,(int) (o1)->length) == 0))
-OM_uint32
+static gss_OID_set
+create_actual_mechs(creds)
+ gss_union_cred_t creds;
+{
+ gss_OID_set actual_mechs;
+ int i;
+
+ actual_mechs = (gss_OID_set) malloc(sizeof(gss_OID_set_desc));
+ if (!actual_mechs)
+ return NULL;
+
+ actual_mechs->elements = (gss_OID)
+ malloc(sizeof(gss_OID_desc) * creds->count);
+ if (!actual_mechs->elements) {
+ free(actual_mechs);
+ return NULL;
+ }
+
+ actual_mechs->count = creds->count;
+
+ for (i=0; i < creds->count; i++) {
+ actual_mechs->elements[i].length = creds->mechs_array[i].length;
+ actual_mechs->elements[i].elements = (void *)
+ malloc(creds->mechs_array[i].length);
+ memcpy(actual_mechs->elements[i].elements,
+ creds->mechs_array[i].elements, creds->mechs_array[i].length);
+ }
+
+ return actual_mechs;
+}
+
+
+OM_uint32 INTERFACE
gss_acquire_cred(minor_status,
desired_name,
time_req,
*output_cred_handle = (gss_cred_id_t) creds;
return(GSS_S_COMPLETE);
}
+
+/* V2 interface */
+OM_uint32 INTERFACE
+gss_add_cred(minor_status, input_cred_handle,
+ desired_name, desired_mech, cred_usage,
+ initiator_time_req, acceptor_time_req,
+ output_cred_handle, actual_mechs,
+ initiator_time_rec, acceptor_time_rec)
+ OM_uint32 *minor_status;
+ gss_cred_id_t input_cred_handle;
+ gss_name_t desired_name;
+ gss_OID desired_mech;
+ gss_cred_usage_t cred_usage;
+ OM_uint32 initiator_time_req;
+ OM_uint32 acceptor_time_req;
+ gss_cred_id_t *output_cred_handle;
+ gss_OID_set *actual_mechs;
+ OM_uint32 *initiator_time_rec;
+ OM_uint32 *acceptor_time_rec;
+{
+ OM_uint32 status, temp_minor_status;
+ OM_uint32 time_req, time_rec;
+ gss_union_name_t union_name;
+ gss_union_cred_t new_union_cred, union_cred;
+ gss_name_t internal_name;
+ gss_mechanism mech;
+ gss_cred_id_t cred;
+ gss_OID new_mechs_array;
+ gss_cred_id_t * new_cred_array;
+
+ if (input_cred_handle == GSS_C_NO_CREDENTIAL)
+ return GSS_S_NO_CRED;
+
+ union_cred = (gss_union_cred_t) input_cred_handle;
+
+ mech = __gss_get_mechanism(desired_mech);
+ if (!mech)
+ return GSS_S_BAD_MECH;
+
+ if (__gss_get_mechanism_cred(union_cred, desired_mech) !=
+ GSS_C_NO_CREDENTIAL)
+ return GSS_S_DUPLICATE_ELEMENT;
+
+ union_name = (gss_union_name_t) desired_name;
+ if (union_name->mech_type) {
+ if (!g_OID_equal(desired_mech, union_name->mech_type))
+ return GSS_S_BAD_NAMETYPE;
+ internal_name = union_name->mech_name;
+ } else {
+ if (__gss_import_internal_name(minor_status, desired_mech,
+ union_name, &internal_name))
+ return (GSS_S_BAD_NAME);
+ }
+
+ if (cred_usage == GSS_C_ACCEPT)
+ time_req = acceptor_time_req;
+ else if (cred_usage == GSS_C_INITIATE)
+ time_req = initiator_time_req;
+ else if (cred_usage == GSS_C_BOTH)
+ time_req = (acceptor_time_req > initiator_time_req) ?
+ acceptor_time_req : initiator_time_req;
+
+ status = mech->gss_acquire_cred(mech->context, minor_status,
+ internal_name, time_req,
+ GSS_C_NULL_OID_SET, cred_usage,
+ &cred, NULL, &time_rec);
+ if (status != GSS_S_COMPLETE)
+ goto errout;
+
+ new_mechs_array = (gss_OID)
+ malloc(sizeof(gss_OID_desc) * (union_cred->count+1));
+
+ new_cred_array = (gss_cred_id_t *)
+ malloc(sizeof(gss_cred_id_t) * (union_cred->count+1));
+
+ if (!new_mechs_array || !new_cred_array) {
+ *minor_status = ENOMEM;
+ status = GSS_S_FAILURE;
+ goto errout;
+ }
+
+
+ if (acceptor_time_rec)
+ if (cred_usage == GSS_C_ACCEPT || cred_usage == GSS_C_BOTH)
+ *acceptor_time_rec = time_rec;
+ if (initiator_time_rec)
+ if (cred_usage == GSS_C_INITIATE || cred_usage == GSS_C_BOTH)
+ *initiator_time_rec = time_rec;
+
+ /*
+ * OK, expand the mechanism array in the union credentials
+ * (Look for the union label...)
+ */
+ memcpy(new_mechs_array, union_cred->mechs_array,
+ sizeof(gss_OID_desc) * union_cred->count);
+ memcpy(new_cred_array, union_cred->cred_array,
+ sizeof(gss_cred_id_t) * union_cred->count);
+
+ new_cred_array[union_cred->count] = cred;
+ new_mechs_array[union_cred->count].length = desired_mech->length;
+ new_mechs_array[union_cred->count].elements = malloc(desired_mech->length);
+ if (!new_mechs_array[union_cred->count].elements) {
+ *minor_status = ENOMEM;
+ goto errout;
+ }
+ memcpy(new_mechs_array[union_cred->count].elements, desired_mech->elements,
+ desired_mech->length);
+
+ if (output_cred_handle == NULL) {
+ free(union_cred->mechs_array);
+ free(union_cred->cred_array);
+ new_union_cred = union_cred;
+ } else {
+ new_union_cred = malloc(sizeof(gss_union_cred_desc));
+ if (new_union_cred == NULL) {
+ *minor_status = ENOMEM;
+ goto errout;
+ }
+ *new_union_cred = *union_cred;
+ *output_cred_handle = new_union_cred;
+ }
+ new_union_cred->mechs_array = new_mechs_array;
+ new_union_cred->cred_array = new_cred_array;
+ new_union_cred->count++;
+ new_mechs_array = 0;
+ new_cred_array = 0;
+
+ if (actual_mechs)
+ *actual_mechs = create_actual_mechs(new_union_cred);
+
+ status = GSS_S_COMPLETE;
+
+errout:
+ if (new_mechs_array)
+ free(new_mechs_array);
+ if (new_cred_array)
+ free(new_cred_array);
+ if (!union_name->mech_type) {
+ (void) __gss_release_internal_name(&temp_minor_status,
+ desired_mech, &internal_name);
+ }
+
+ return(status);
+}
(((o1)->length == (o2)->length) && \
(memcmp((o1)->elements,(o2)->elements,(int) (o1)->length) == 0))
-OM_uint32
+OM_uint32 INTERFACE
gss_compare_name (minor_status,
name1,
name2,
#include "mglueP.h"
-OM_uint32
+OM_uint32 INTERFACE
gss_context_time (minor_status,
context_handle,
time_rec)
#include <stdlib.h>
#endif
-OM_uint32
+OM_uint32 INTERFACE
gss_delete_sec_context (minor_status,
context_handle,
output_token)
#endif
#include <string.h>
-OM_uint32
+OM_uint32 INTERFACE
gss_display_name (minor_status,
input_name,
output_name_buffer,
#include <stdlib.h>
#endif
-OM_uint32
+OM_uint32 INTERFACE
gss_display_status (minor_status,
status_value,
status_type,
#include <stdlib.h>
#endif
-OM_uint32
+OM_uint32 INTERFACE
gss_export_sec_context(minor_status,
context_handle,
interprocess_token)
#endif
#include <errno.h>
+#define g_OID_equal(o1,o2) \
+ (((o1)->length == (o2)->length) && \
+ (memcmp((o1)->elements,(o2)->elements,(int) (o1)->length) == 0))
+
extern gss_mechanism *__gss_mechs_array;
/*
}
return (major_status);
}
+
+/*
+ * Glue routine for returning the mechanism-specific credential from a
+ * external union credential.
+ */
+gss_cred_id_t
+__gss_get_mechanism_cred(union_cred, mech_type)
+ gss_union_cred_t union_cred;
+ gss_OID mech_type;
+{
+ int i;
+
+ if (union_cred == GSS_C_NO_CREDENTIAL)
+ return GSS_C_NO_CREDENTIAL;
+
+ for (i=0; i < union_cred->count; i++) {
+ if (g_OID_equal(mech_type, &union_cred->mechs_array[i]))
+ return union_cred->cred_array[i];
+ }
+ return GSS_C_NO_CREDENTIAL;
+}
+
+
#include <string.h>
#include <errno.h>
-OM_uint32
+OM_uint32 INTERFACE
gss_import_name(minor_status,
input_name_buffer,
input_name_type,
#include <stdlib.h>
#endif
-OM_uint32
+OM_uint32 INTERFACE
gss_import_sec_context(minor_status,
interprocess_token,
context_handle)
static gss_OID_set_desc supported_mechs_desc;
static gss_OID_set supported_mechs = NULL;
-OM_uint32
+OM_uint32 INTERFACE
gss_indicate_mechs (minor_status,
mech_set)
(((o1)->length == (o2)->length) && \
(memcmp((o1)->elements,(o2)->elements,(int) (o1)->length) == 0))
-OM_uint32
+OM_uint32 INTERFACE
gss_init_sec_context (minor_status,
claimant_cred_handle,
context_handle,
{
OM_uint32 status, temp_status, temp_minor_status;
gss_union_name_t union_name;
+ gss_union_cred_t union_cred;
gss_name_t internal_name;
gss_union_ctx_id_t union_ctx_id;
gss_OID mech_type = (gss_OID) req_mech_type;
gss_mechanism mech;
+ gss_cred_id_t input_cred_handle;
gss_initialize();
} else
union_ctx_id = *context_handle;
+ /*
+ * get the appropriate cred handle from the union cred struct.
+ * defaults to GSS_C_NO_CREDENTIAL if there is no cred, which will
+ * use the default credential.
+ */
+ union_cred = (gss_union_cred_t) claimant_cred_handle;
+ input_cred_handle = __gss_get_mechanism_cred(union_cred, mech_type);
+
/*
* now call the approprate underlying mechanism routine
*/
status = mech->gss_init_sec_context(
mech->context,
minor_status,
- claimant_cred_handle,
+ input_cred_handle,
&union_ctx_id->internal_ctx_id,
internal_name,
mech_type,
#endif
#include <string.h>
-OM_uint32
+OM_uint32 INTERFACE
gss_inquire_cred(minor_status,
cred_handle,
name,
gss_OID_set * mechanisms;
{
- OM_uint32 status, elapsed_time, temp_minor_status;
+ OM_uint32 elapsed_time, temp_minor_status;
gss_union_cred_t union_cred;
int i;
return(GSS_S_COMPLETE);
}
+
+OM_uint32 INTERFACE
+gss_inquire_cred_by_mech(minor_status, cred_handle, mech_type, name,
+ initiator_lifetime, acceptor_lifetime, cred_usage)
+ OM_uint32 *minor_status;
+ gss_cred_id_t cred_handle;
+ gss_OID mech_type;
+ gss_name_t *name;
+ OM_uint32 *initiator_lifetime;
+ OM_uint32 *acceptor_lifetime;
+ gss_cred_usage_t *cred_usage;
+{
+ gss_union_cred_t union_cred;
+ gss_cred_id_t mech_cred;
+ gss_mechanism mech;
+
+ mech = __gss_get_mechanism (mech_type);
+ if (!mech)
+ return (GSS_S_BAD_MECH);
+ if (!mech->gss_inquire_cred_by_mech)
+ return (GSS_S_BAD_BINDINGS);
+
+ union_cred = (gss_union_cred_t) cred_handle;
+ mech_cred = __gss_get_mechanism_cred(union_cred, mech_type);
+
+ return (mech->gss_inquire_cred_by_mech(mech->context, minor_status,
+ mech_cred, mech_type,
+ name, initiator_lifetime,
+ acceptor_lifetime, cred_usage));
+}
+
#include "mglueP.h"
/* Last argument new for V2 */
-OM_uint32 gss_inquire_names_for_mech(
- minor_status,
- mechanism,
- name_types)
+OM_uint32 INTERFACE
+gss_inquire_names_for_mech(minor_status, mechanism, name_types)
OM_uint32 * minor_status;
gss_OID mechanism;
extern gss_mechanism *__gss_mechs_array;
-OM_uint32
+OM_uint32 INTERFACE
gss_release_oid(minor_status, oid)
OM_uint32 *minor_status;
gss_OID *oid;
return generic_gss_release_oid(minor_status, oid);
}
-OM_uint32
+OM_uint32 INTERFACE
gss_create_empty_oid_set(minor_status, oid_set)
OM_uint32 *minor_status;
gss_OID_set *oid_set;
return generic_gss_create_empty_oid_set(minor_status, oid_set);
}
-OM_uint32
+OM_uint32 INTERFACE
gss_add_oid_set_member(minor_status, member_oid, oid_set)
OM_uint32 *minor_status;
gss_OID member_oid;
return generic_gss_add_oid_set_member(minor_status, member_oid, oid_set);
}
-OM_uint32
+OM_uint32 INTERFACE
gss_test_oid_set_member(minor_status, member, set, present)
OM_uint32 *minor_status;
gss_OID member;
return generic_gss_test_oid_set_member(minor_status, member, set, present);
}
-OM_uint32
+OM_uint32 INTERFACE
gss_oid_to_str(minor_status, oid, oid_str)
OM_uint32 *minor_status;
gss_OID oid;
return generic_gss_oid_to_str(minor_status, oid, oid_str);
}
-OM_uint32
+OM_uint32 INTERFACE
gss_str_to_oid(minor_status, oid_str, oid)
OM_uint32 *minor_status;
gss_buffer_t oid_str;
#include "mglueP.h"
-OM_uint32
+OM_uint32 INTERFACE
gss_process_context_token (minor_status,
context_handle,
token_buffer)
#include <stdlib.h>
#endif
-OM_uint32
+OM_uint32 INTERFACE
gss_release_buffer (minor_status,
buffer)
#include <stdlib.h>
#endif
-OM_uint32
+OM_uint32 INTERFACE
gss_release_cred(minor_status,
cred_handle)
#endif
#include <string.h>
-OM_uint32
+OM_uint32 INTERFACE
gss_release_name (minor_status,
input_name)
#include <stdlib.h>
#endif
-OM_uint32
+OM_uint32 INTERFACE
gss_release_oid_set (minor_status,
set)
#include "mglueP.h"
-OM_uint32
+OM_uint32 INTERFACE
gss_sign (minor_status,
context_handle,
qop_req,
return(GSS_S_NO_CONTEXT);
}
-OM_uint32
+OM_uint32 INTERFACE
gss_get_mic (minor_status,
context_handle,
qop_req,
#include "mglueP.h"
-OM_uint32
+OM_uint32 INTERFACE
gss_unseal (minor_status,
context_handle,
input_message_buffer,
return(GSS_S_NO_CONTEXT);
}
-OM_uint32
+OM_uint32 INTERFACE
gss_unwrap (minor_status,
context_handle,
input_message_buffer,
#include "mglueP.h"
-OM_uint32
+OM_uint32 INTERFACE
gss_verify (minor_status,
context_handle,
message_buffer,
return(GSS_S_NO_CONTEXT);
}
-OM_uint32
+OM_uint32 INTERFACE
gss_verify_mic (minor_status,
context_handle,
message_buffer,
gss_name_t, /* internal_name */
gss_name_t * /* external_name */
));
+gss_cred_id_t __gss_get_mechanism_cred
+PROTOTYPE((gss_union_cred_t, /* union_cred */
+ gss_OID /* mech_type */
+ ));
OM_uint32 generic_gss_release_oid
PROTOTYPE( (OM_uint32 *, /* minor_status */