--- /dev/null
+/*
+ * dsp_status.c --- display_status
+ *
+ * $Source$
+ * $Author$
+ * $Header$
+ *
+ * Copyright 1991 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * For copying and distribution information, please see the file
+ * <krb5/copyright.h>.
+ *
+ */
+
+#include <gssapi.h>
+
+#define GSS_CE_MASK 0xFF000000
+#define GSS_RE_MASK 0x00FF0000
+#define GSS_SS_MASK 0x0000FFFF
+
+#define GSS_CONTEXT_THIS(i) ((i) & 0xFFFF)
+#define GSS_CONTEXT_NEXT(i) ((i) >> 16)
+
+struct gss_error_table {
+ int code;
+ int mask;
+ char *string;
+};
+
+static struct gss_error_table table[] = {
+ { GSS_S_CALL_INACCESSIBLE_READ, GSS_CE_MASK,
+ "GSSAPI Calling Error: Inaccessible read" },
+ { GSS_S_CALL_INACCESSIBLE_WRITE, GSS_CE_MASK,
+ "GSSAPI Calling Error: Inaccessible write" },
+ { GSS_S_CALL_BAD_STRUCTURE, GSS_CE_MASK,
+ "GSSAPI Calling Error: Bad Structure" },
+ { GSS_S_BAD_MECH, GSS_RE_MASK,
+ "GSSAPI Routine Error: Bad Mechanism" },
+ { GSS_S_BAD_NAME, GSS_RE_MASK,
+ "GSSAPI Routine Error: Bad Name" },
+ { GSS_S_BAD_NAMETYPE, GSS_RE_MASK,
+ "GSSAPI Routine Error: Bad Nametype" },
+ { GSS_S_BAD_BINDINGS, GSS_RE_MASK,
+ "GSSAPI Routine Error: Bad Bindings" },
+ { GSS_S_BAD_STATUS, GSS_RE_MASK,
+ "GSSAPI Routine Error: Bad Status" },
+ { GSS_S_BAD_SIG, GSS_RE_MASK,
+ "GSSAPI Routine Error: Invalid Signature" },
+ { GSS_S_NO_CRED, GSS_RE_MASK,
+ "GSSAPI Routine Error: Missing Credentials" },
+ { GSS_S_NO_CONTEXT, GSS_RE_MASK,
+ "GSSAPI Routine Error: Missing Context" },
+ { GSS_S_DEFECTIVE_TOKEN, GSS_RE_MASK,
+ "GSSAPI Routine Error: Defective Token" },
+ { GSS_S_DEFECTIVE_CREDENTIAL, GSS_RE_MASK,
+ "GSSAPI Routine Error: Defective Credential" },
+ { GSS_S_CREDENTIALS_EXPIRED, GSS_RE_MASK,
+ "GSSAPI Routine Error: Credentials Expired" },
+ { GSS_S_CONTEXT_EXPIRED, GSS_RE_MASK,
+ "GSSAPI Routine Error: Context expired" },
+ { GSS_S_FAILURE, GSS_RE_MASK,
+ "GSSAPI Routine Error: Mechanism-specific failure" },
+};
+static int nentries = sizeof (struct gss_error_table) / sizeof (*table);
+
+OM_uint32 gss_display_status(minor_status, status_value, status_type,
+ mech_type, message_context, status_string)
+ OM_uint32 *minor_status;
+ int status_value;
+ int status_type;
+ gss_OID mech_type;
+ int *message_context;
+ gss_buffer_t status_string;
+{
+ const char *str;
+ int next;
+ int retval;
+
+ *minor_status = 0;
+
+ if (status_type == GSS_C_MECH_CODE) {
+ /*
+ * We only handle Kerberos V5...
+ */
+ if ((mech_type != GSS_C_NULL_OID) &&
+ !gss_compare_OID(mech_type, &gss_OID_krb5)) {
+ return(GSS_S_BAD_MECH);
+ }
+ str = error_message(status_value);
+ retval = GSS_S_COMPLETE;
+ goto return_message_found;
+ } else {
+ next = *message_context;
+
+ if (next < 0 || next >= nentries) {
+ return(GSS_S_FAILURE);
+ }
+ if (next == 0) {
+ while (next < nentries) {
+ if ((status_value & table[next].mask) ==
+ table[next].code)
+ break;
+ next++;
+ }
+ if (next >= nentries)
+ return(GSS_S_BAD_STATUS);
+ }
+ str = table[next].string;
+ next++;
+ while (next < nentries) {
+ if ((status_value & table[next].mask) ==
+ table[next].code)
+ break;
+ next++;
+ }
+ if (next >= nentries)
+ retval = GSS_S_COMPLETE;
+ else
+ retval = GSS_S_CONTINUE_NEEDED;
+ *message_context = next;
+ }
+
+return_message_found:
+ status_string->length = strlen(str);
+ if (!(status_string->value = malloc(status_string->length))) {
+ *minor_status = ENOMEM;
+ return(GSS_S_FAILURE);
+ }
+ strcpy(status_string->value, str);
+ return(GSS_S_COMPLETE);
+}
+
--- /dev/null
+/*
+ * sign.c --- sign message
+ *
+ * $Source$
+ * $Author$
+ * $Header$
+ *
+ * Copyright 1991 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * For copying and distribution information, please see the file
+ * <krb5/copyright.h>.
+ *
+ */
+
+#include <gssapi.h>
+#include <krb5/asn1.h>
+
+OM_uint32 gss_sign(minor_status, context, qop_req,
+ input_message_buffer, output_message_buffer)
+ OM_uint32 *minor_status;
+ gss_ctx_id_t context;
+ int qop_req;
+ gss_buffer_t input_message_buffer;
+ gss_buffer_t output_message_buffer;
+{
+ krb5_data inbuf, outbuf, *scratch;
+ int safe_flags = 0;
+ krb5_safe *message;
+
+ *minor_status = 0;
+
+ inbuf.length = input_message_buffer->length;
+ inbuf.data = input_message_buffer->value;
+
+
+ if (context->flags & GSS_C_SEQUENCE_FLAG)
+ safe_flags = KRB5_SAFE_DOSEQUENCE|KRB5_SAFE_NOTIME;
+ if (*minor_status = krb5_mk_safe(&inbuf,
+ CKSUMTYPE_RSA_MD4_DES,
+ context->session_key,
+ &context->my_address,
+ &context->his_address,
+ context->my_seq_num,
+ safe_flags,
+ 0, /* no rcache */
+ &outbuf))
+ return(GSS_S_FAILURE);
+ if (*minor_status = decode_krb5_safe(&outbuf, &message))
+ return(GSS_S_FAILURE);
+ message->user_data.length = 1;
+ xfree(outbuf.data);
+ if (*minor_status = encode_krb5_safe(&message, &scratch)) {
+ krb5_free_safe(message);
+ return(GSS_S_FAILURE);
+ }
+ krb5_free_safe(message);
+ if (*minor_status = gss_make_token(minor_status,
+ GSS_API_KRB5_TYPE,
+ GSS_API_KRB5_SIGN,
+ scratch->length,
+ scratch->data,
+ output_message_buffer)) {
+ krb5_free_data(scratch);
+ return(GSS_S_FAILURE);
+ }
+ krb5_free_data(scratch);
+ if (context->flags & GSS_C_SEQUENCE_FLAG)
+ context->my_seq_num++;
+ return(GSS_S_COMPLETE);
+}
+
--- /dev/null
+/*
+ * verify.c --- verify message
+ *
+ * $Source$
+ * $Author$
+ * $Header$
+ *
+ * Copyright 1991 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * For copying and distribution information, please see the file
+ * <krb5/copyright.h>.
+ *
+ */
+
+#include <gssapi.h>
+#include <krb5/asn1.h>
+
+OM_uint32 gss_verify(minor_status, context, message_buffer,
+ token_buffer, qop_state)
+ OM_uint32 *minor_status;
+ gss_ctx_id_t context;
+ gss_buffer_t message_buffer;
+ gss_buffer_t token_buffer;
+ int *qop_state;
+{
+ OM_uint32 retval;
+ krb5_data inbuf, outbuf, *scratch;
+ krb5_safe *message;
+ int safe_flags = 0;
+
+ *minor_status = 0;
+
+ if (retval = gss_check_token(minor_status, message_buffer,
+ GSS_API_KRB5_TYPE, GSS_API_KRB5_SIGN))
+ return(retval);
+ inbuf.length = token_buffer->length-4;
+ inbuf.data = ( (char *) token_buffer->value)+4;
+ if (*minor_status = decode_krb5_safe(&inbuf, &message))
+ return(GSS_S_FAILURE);
+ if (message->user_data.data)
+ xfree(message->user_data.data);
+ message->user_data.length = message_buffer->length;
+ message->user_data.data = message_buffer->value;
+ if (*minor_status = encode_krb5_safe(&message, &scratch)) {
+ message->user_data.data = NULL;
+ krb5_free_safe(message);
+ return(GSS_S_FAILURE);
+ }
+ message->user_data.data = NULL;
+ krb5_free_safe(message);
+ if (context->flags & GSS_C_SEQUENCE_FLAG)
+ safe_flags = KRB5_SAFE_DOSEQUENCE|KRB5_SAFE_NOTIME;
+ if (*minor_status = krb5_rd_safe(scratch,
+ context->session_key,
+ &context->his_address,
+ &context->my_address,
+ context->his_seq_num,
+ safe_flags,
+ 0, /* no rcache */
+ &outbuf)) {
+ krb5_free_data(scratch);
+ return(GSS_S_FAILURE);
+ }
+ krb5_free_data(scratch);
+ if (qop_state)
+ *qop_state = 0;
+ return(GSS_S_COMPLETE);
+}