*** empty log message ***
authorTheodore Tso <tytso@mit.edu>
Tue, 4 Jun 1991 13:23:22 +0000 (13:23 +0000)
committerTheodore Tso <tytso@mit.edu>
Tue, 4 Jun 1991 13:23:22 +0000 (13:23 +0000)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@2148 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/gssapi/dsp_status.c [new file with mode: 0644]
src/lib/gssapi/sign.c [new file with mode: 0644]
src/lib/gssapi/verify.c [new file with mode: 0644]

diff --git a/src/lib/gssapi/dsp_status.c b/src/lib/gssapi/dsp_status.c
new file mode 100644 (file)
index 0000000..433d1c1
--- /dev/null
@@ -0,0 +1,133 @@
+/*
+ * dsp_status.c --- display_status
+ * 
+ * $Source$
+ * $Author$
+ * $Header$
+ * 
+ * Copyright 1991 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * For copying and distribution information, please see the file
+ * <krb5/copyright.h>.
+ *
+ */
+
+#include <gssapi.h>
+
+#define GSS_CE_MASK 0xFF000000
+#define GSS_RE_MASK 0x00FF0000
+#define GSS_SS_MASK 0x0000FFFF
+
+#define GSS_CONTEXT_THIS(i) ((i) & 0xFFFF)
+#define GSS_CONTEXT_NEXT(i) ((i) >> 16)
+
+struct gss_error_table {
+       int     code;
+       int     mask;
+       char    *string;
+};
+
+static struct gss_error_table table[] = {
+       { GSS_S_CALL_INACCESSIBLE_READ, GSS_CE_MASK,
+        "GSSAPI Calling Error: Inaccessible read" },
+       { GSS_S_CALL_INACCESSIBLE_WRITE, GSS_CE_MASK,
+        "GSSAPI Calling Error: Inaccessible write" },
+       { GSS_S_CALL_BAD_STRUCTURE, GSS_CE_MASK,
+        "GSSAPI Calling Error: Bad Structure" },
+       { GSS_S_BAD_MECH, GSS_RE_MASK,
+        "GSSAPI Routine Error: Bad Mechanism" },
+       { GSS_S_BAD_NAME, GSS_RE_MASK,
+        "GSSAPI Routine Error: Bad Name" },
+       { GSS_S_BAD_NAMETYPE, GSS_RE_MASK,
+        "GSSAPI Routine Error: Bad Nametype" },
+       { GSS_S_BAD_BINDINGS, GSS_RE_MASK,
+        "GSSAPI Routine Error: Bad Bindings" },
+       { GSS_S_BAD_STATUS, GSS_RE_MASK,
+        "GSSAPI Routine Error: Bad Status" },
+       { GSS_S_BAD_SIG, GSS_RE_MASK,
+        "GSSAPI Routine Error: Invalid Signature" },
+       { GSS_S_NO_CRED, GSS_RE_MASK,
+        "GSSAPI Routine Error: Missing Credentials" },
+       { GSS_S_NO_CONTEXT, GSS_RE_MASK,
+        "GSSAPI Routine Error: Missing Context" },
+       { GSS_S_DEFECTIVE_TOKEN, GSS_RE_MASK,
+        "GSSAPI Routine Error: Defective Token" },
+       { GSS_S_DEFECTIVE_CREDENTIAL, GSS_RE_MASK,
+        "GSSAPI Routine Error: Defective Credential" },
+       { GSS_S_CREDENTIALS_EXPIRED, GSS_RE_MASK,
+        "GSSAPI Routine Error: Credentials Expired" },
+       { GSS_S_CONTEXT_EXPIRED, GSS_RE_MASK,
+        "GSSAPI Routine Error: Context expired" },
+       { GSS_S_FAILURE, GSS_RE_MASK,
+        "GSSAPI Routine Error: Mechanism-specific failure" },
+};
+static int nentries = sizeof (struct gss_error_table) / sizeof (*table);
+
+OM_uint32 gss_display_status(minor_status, status_value, status_type,
+                            mech_type, message_context, status_string)
+       OM_uint32       *minor_status;
+       int             status_value;
+       int             status_type;
+       gss_OID         mech_type;
+       int             *message_context;
+       gss_buffer_t    status_string;
+{
+       const char      *str;
+       int     next;
+       int     retval;
+       
+       *minor_status = 0;
+       
+       if (status_type == GSS_C_MECH_CODE) {
+               /*
+                * We only handle Kerberos V5...
+                */
+               if ((mech_type != GSS_C_NULL_OID) &&
+                   !gss_compare_OID(mech_type, &gss_OID_krb5)) {
+                       return(GSS_S_BAD_MECH);
+               }
+               str = error_message(status_value);
+               retval = GSS_S_COMPLETE;
+               goto return_message_found;
+       } else {
+               next = *message_context;
+
+               if (next < 0 || next >= nentries) {
+                       return(GSS_S_FAILURE);
+               }
+               if (next == 0) {
+                       while (next < nentries) {
+                               if ((status_value & table[next].mask) ==
+                                   table[next].code)
+                                       break;
+                               next++;
+                       }
+                       if (next >= nentries)
+                               return(GSS_S_BAD_STATUS);
+               }
+               str = table[next].string;
+               next++;
+               while (next < nentries) {
+                       if ((status_value & table[next].mask) ==
+                           table[next].code)
+                               break;
+                       next++;
+               }
+               if (next >= nentries)
+                       retval = GSS_S_COMPLETE;
+               else
+                       retval = GSS_S_CONTINUE_NEEDED;
+               *message_context = next;
+       }
+
+return_message_found:
+       status_string->length = strlen(str);
+       if (!(status_string->value = malloc(status_string->length))) {
+               *minor_status = ENOMEM;
+               return(GSS_S_FAILURE);
+       }
+       strcpy(status_string->value, str);
+       return(GSS_S_COMPLETE);
+}
+
diff --git a/src/lib/gssapi/sign.c b/src/lib/gssapi/sign.c
new file mode 100644 (file)
index 0000000..c6b5790
--- /dev/null
@@ -0,0 +1,72 @@
+/*
+ * sign.c --- sign message
+ * 
+ * $Source$
+ * $Author$
+ * $Header$
+ * 
+ * Copyright 1991 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * For copying and distribution information, please see the file
+ * <krb5/copyright.h>.
+ *
+ */
+
+#include <gssapi.h>
+#include <krb5/asn1.h>
+
+OM_uint32 gss_sign(minor_status, context, qop_req, 
+                  input_message_buffer, output_message_buffer)
+       OM_uint32       *minor_status;
+       gss_ctx_id_t    context;
+       int             qop_req;
+       gss_buffer_t    input_message_buffer;
+       gss_buffer_t    output_message_buffer;
+{
+       krb5_data       inbuf, outbuf, *scratch;
+       int     safe_flags = 0;
+       krb5_safe *message;
+       
+       *minor_status = 0;
+
+       inbuf.length = input_message_buffer->length;
+       inbuf.data = input_message_buffer->value;
+
+
+       if (context->flags & GSS_C_SEQUENCE_FLAG)
+               safe_flags = KRB5_SAFE_DOSEQUENCE|KRB5_SAFE_NOTIME;
+       if (*minor_status = krb5_mk_safe(&inbuf,
+                                        CKSUMTYPE_RSA_MD4_DES,
+                                        context->session_key,
+                                        &context->my_address,
+                                        &context->his_address,
+                                        context->my_seq_num,
+                                        safe_flags,
+                                        0, /* no rcache */
+                                        &outbuf))
+               return(GSS_S_FAILURE);
+       if (*minor_status = decode_krb5_safe(&outbuf, &message))
+               return(GSS_S_FAILURE);
+       message->user_data.length = 1;
+       xfree(outbuf.data);
+       if (*minor_status = encode_krb5_safe(&message, &scratch)) {
+               krb5_free_safe(message);
+               return(GSS_S_FAILURE);
+       }
+       krb5_free_safe(message);
+       if (*minor_status = gss_make_token(minor_status,
+                                          GSS_API_KRB5_TYPE,
+                                          GSS_API_KRB5_SIGN,
+                                          scratch->length,
+                                          scratch->data,
+                                          output_message_buffer)) {
+               krb5_free_data(scratch);
+               return(GSS_S_FAILURE);
+       }
+       krb5_free_data(scratch);
+       if (context->flags & GSS_C_SEQUENCE_FLAG)
+               context->my_seq_num++;
+       return(GSS_S_COMPLETE);
+}
+       
diff --git a/src/lib/gssapi/verify.c b/src/lib/gssapi/verify.c
new file mode 100644 (file)
index 0000000..d212655
--- /dev/null
@@ -0,0 +1,69 @@
+/*
+ * verify.c --- verify  message
+ * 
+ * $Source$
+ * $Author$
+ * $Header$
+ * 
+ * Copyright 1991 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * For copying and distribution information, please see the file
+ * <krb5/copyright.h>.
+ *
+ */
+
+#include <gssapi.h>
+#include <krb5/asn1.h>
+
+OM_uint32 gss_verify(minor_status, context, message_buffer,  
+                  token_buffer, qop_state)
+       OM_uint32       *minor_status;
+       gss_ctx_id_t    context;
+       gss_buffer_t    message_buffer;
+       gss_buffer_t    token_buffer;
+       int             *qop_state;
+{
+       OM_uint32       retval;
+       krb5_data       inbuf, outbuf, *scratch;
+       krb5_safe       *message;
+       int     safe_flags = 0;
+
+       *minor_status = 0;
+
+       if (retval = gss_check_token(minor_status, message_buffer,
+                                    GSS_API_KRB5_TYPE, GSS_API_KRB5_SIGN))
+               return(retval);
+       inbuf.length = token_buffer->length-4;
+       inbuf.data = ( (char *) token_buffer->value)+4;
+       if (*minor_status = decode_krb5_safe(&inbuf, &message))
+               return(GSS_S_FAILURE);
+       if (message->user_data.data)
+               xfree(message->user_data.data);
+       message->user_data.length = message_buffer->length;
+       message->user_data.data = message_buffer->value;
+       if (*minor_status = encode_krb5_safe(&message,  &scratch)) {
+               message->user_data.data = NULL;
+               krb5_free_safe(message);
+               return(GSS_S_FAILURE);
+       }
+       message->user_data.data = NULL;
+       krb5_free_safe(message);
+       if (context->flags & GSS_C_SEQUENCE_FLAG)
+               safe_flags = KRB5_SAFE_DOSEQUENCE|KRB5_SAFE_NOTIME;
+       if (*minor_status = krb5_rd_safe(scratch,
+                                        context->session_key,
+                                        &context->his_address,
+                                        &context->my_address,
+                                        context->his_seq_num,
+                                        safe_flags,
+                                        0, /* no rcache */
+                                        &outbuf)) {
+               krb5_free_data(scratch);
+               return(GSS_S_FAILURE);
+       }
+       krb5_free_data(scratch);
+       if (qop_state)
+               *qop_state = 0;
+       return(GSS_S_COMPLETE);
+}