Update to GSSAPI-V2

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6638 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/gssapi/generic/.Sanitize b/src/lib/gssapi/generic/.Sanitize
index dc4d5312f7d0d71da6fa926788f31954a419406b..c76c457d2a2fca0df2b40348788e802f0e299b35 100644 (file)
--- a/src/lib/gssapi/generic/.Sanitize
+++ b/src/lib/gssapi/generic/.Sanitize
@@ -36,6 +36,7 @@ gssapiP_generic.h
 gssapi_err_generic.et
 gssapi_generic.c
 gssapi_generic.h
+oid_ops.c
 rel_buffer.c
 rel_oid_set.c
 util_buffer.c

diff --git a/src/lib/gssapi/generic/ChangeLog b/src/lib/gssapi/generic/ChangeLog
index 3d8a7ea5cb3aad424a33b4f3a8e989d2daf70296..89f7986268a73c759da5d3682cfc1c7688c0b0b2 100644 (file)
--- a/src/lib/gssapi/generic/ChangeLog
+++ b/src/lib/gssapi/generic/ChangeLog
@@ -1,4 +1,18 @@
 
+Thu Aug 31 11:43:59 EDT 1995   Paul Park       (pjpark@mit.edu)
+       * gssapi.h - Update to V2 API.  Also use autoconf.h if USE_AUTOCONF_H
+               is defined, otherwise resort to brute force.  Remove const_
+               gss_OID, as it's not defined in the API.
+       * gssapiP_generic.h - Add new V2 dispatch prototypes.  Update
+               arguments to be compatible with V2 API.
+       * disp_major_status.c - Describe new failure codes.  Update argument.
+       * gssapi_generic.c - Replace const_gss_OID.
+       * rel_oid_set.c - Free individual OID data also.
+       * util_token.c - Replace const_gss_OID.
+       * oid_ops.c - New V2 OID set manipulation routines.
+       * Makefile.in, .Sanitize - Add oid_ops.c.
+
+
 Tue Aug 29 13:30:29 EDT 1995   Paul Park       (pjpark@mit.edu)
        * gssapi.h - Add prototypes for gss_{im,ex}port_sec_context.
 

diff --git a/src/lib/gssapi/generic/Makefile.in b/src/lib/gssapi/generic/Makefile.in
index 626512d9ba41d60c8eedc8f39eb17bf3da6d1399..2db4458d9220166c98de814a6e7c0cc50a9485da 100644 (file)
--- a/src/lib/gssapi/generic/Makefile.in
+++ b/src/lib/gssapi/generic/Makefile.in
@@ -1,4 +1,4 @@
-CFLAGS = $(CCOPTS) $(DEFS) -I. -I$(srcdir)
+CFLAGS = $(CCOPTS) $(DEFS) -I. -I$(srcdir) -DUSE_AUTOCONF_H
 
 ##DOSBUILDTOP = ..\..\..
 ##DOSLIBNAME=..\gssapi.$(LIBEXT)
@@ -29,6 +29,7 @@ CCSRCS = \
        $(srcdir)/disp_major_status.c \
        $(srcdir)/disp_com_err_status.c \
        $(srcdir)/gssapi_generic.c \
+       $(srcdir)/oid_ops.c \
        $(srcdir)/rel_buffer.c \
        $(srcdir)/rel_oid_set.c \
        $(srcdir)/util_buffer.c \
@@ -42,6 +43,7 @@ CCOBJS = \
        disp_major_status.$(OBJEXT) \
        disp_com_err_status.$(OBJEXT) \
        gssapi_generic.$(OBJEXT) \
+       oid_ops.$(OBJEXT) \
        rel_buffer.$(OBJEXT) \
        rel_oid_set.$(OBJEXT) \
        util_buffer.$(OBJEXT) \

diff --git a/src/lib/gssapi/generic/disp_major_status.c b/src/lib/gssapi/generic/disp_major_status.c
index c6f82789dc73de34a4d81f3ced13b1bde2cbaaca..ad0b17f203a7affe439c1b11f3dcf2472527d87a 100644 (file)
--- a/src/lib/gssapi/generic/disp_major_status.c
+++ b/src/lib/gssapi/generic/disp_major_status.c
@@ -62,7 +62,10 @@ static const char * const routine_error_string[] = {
    "A credential was invalid",
    "The referenced credentials have expired",
    "The context has expired",
-   "Miscellaneous failure",   
+   "Miscellaneous failure",
+   "The quality-of-protection requested could not be provided",
+   "The operation is forbidden by the local security policy",
+   "The operation or option is not available",
 };   
 
 static const char * const routine_error = "routine error";
@@ -206,7 +209,7 @@ OM_uint32 g_display_major_status(minor_status, status_value,
                                 message_context, status_string)
      OM_uint32 *minor_status;
      OM_uint32 status_value;
-     int *message_context;
+     OM_uint32 *message_context;
      gss_buffer_t status_string;
 {
    OM_uint32 ret, tmp;

diff --git a/src/lib/gssapi/generic/gssapi.h b/src/lib/gssapi/generic/gssapi.h
index 7d41744448417ef3434f0cfa9a1743f343087f60..7f79ca1bb4e41c71f1a59ecec5985c7faf7edb6b 100644 (file)
--- a/src/lib/gssapi/generic/gssapi.h
+++ b/src/lib/gssapi/generic/gssapi.h
@@ -23,21 +23,40 @@
 #ifndef _GSSAPI_H_
 #define _GSSAPI_H_
 
-/* for general config: */
-#ifndef NO_STDLIB_H
-#include <stdlib.h>
-#endif
-#include <stdio.h>
-
 /*
- * First, define the platform-dependent types.
+ * Determine platform-dependent configuration.
+ */
+#ifdef USE_AUTOCONF_H
+/*
+ * Use autoconf generated header.
+ */
+#include "autoconf.h"
+#define        GSS_SIZEOF_INT          SIZEOF_INT
+#define        GSS_SIZEOF_LONG         SIZEOF_LONG
+#define        GSS_SIZEOF_SHORT        SIZEOF_SHORT
+#else  /* USE_AUTOCONF_H */
+/*
+ * Do it brute force.
  */
-
 #ifdef _MSDOS
 #define GSS_SIZEOF_INT      2
 #define GSS_SIZEOF_SHORT    2
 #define GSS_SIZEOF_LONG     4
+/* #define     HAVE_STDDEF_H   1 */
+/* #define     HAVE_XOM_H      1 */
+#else  /* _MSDOS */
+#define GSS_SIZEOF_INT 4
+#define GSS_SIZEOF_LONG 4
+#define GSS_SIZEOF_SHORT 2
+/* #define     HAVE_STDDEF_H   1 */
+/* #define     HAVE_XOM_H      1 */
+#endif /* _MSDOS */
+#endif /* USE_AUTOCONF_H */
 
+/*
+ * Define INTERFACE, INTERFACE_C and FAR.
+ */
+#ifdef _MSDOS
 #ifndef INTERFACE
 #define INTERFACE   __far __export __pascal
 #define INTERFACE_C __far __export __cdecl
@@ -47,53 +66,80 @@
 #define FAR     _far
 #endif /* FAR */
 #else /* _MSDOS */
-/*
- * XXX we need to fix this to be modified by autoconf...
- */
-#define GSS_SIZEOF_INT 4
-#define GSS_SIZEOF_LONG 4
-#define GSS_SIZEOF_SHORT 2
 #ifndef FAR
 #define FAR
 #define INTERFACE
 #endif /* FAR */
 #endif
 
-#if (GSS_SIZEOF_INT == 4)
-typedef unsigned int OM_uint32;
-#elif (GSS_SIZEOF_LONG == 4)
-typedef unsigned long OM_uint32;
-#elif (GSS_SIZEOF_SHORT == 4)
-typedef unsigned short OM_uint32;
+/*
+ * Make sure we have a definition for PROTOTYPE.
+ */
+#if !defined(PROTOTYPE)
+#if defined(__STDC__) || defined(_WINDOWS)
+#define PROTOTYPE(x) x
+#else
+#define PROTOTYPE(x) ()
 #endif
+#endif
+
+/*
+ * First, include stddef.h to get size_t defined.
+ */
+#if    HAVE_STDDEF_H
+#include <stddef.h>
+#endif /* HAVE_STDDEF_H */
+
+/*
+ * If the platform supports the xom.h header file, it should be included here.
+ */
+#if    HAVE_XOM_H
+#include <xom.h>
+#endif /* HAVE_XOM_H */
 
+/*
+ * First, define the three platform-dependent pointer types.
+ */
 typedef void FAR * gss_name_t;
 typedef void FAR * gss_cred_id_t;
 typedef void FAR * gss_ctx_id_t;
 
-#if !defined(PROTOTYPE)
-#if defined(__STDC__) || defined(_WINDOWS)
-#define PROTOTYPE(x) x
-#else
-#define PROTOTYPE(x) ()
+/*
+ * The following type must be defined as the smallest natural unsigned integer
+ * supported by the platform that has at least 32 bits of precision.
+ */
+#if (GSS_SIZEOF_SHORT == 4)
+typedef unsigned short gss_uint32;
+#elif (GSS_SIZEOF_INT == 4)
+typedef unsigned int gss_uint32;
+#elif (GSS_SIZEOF_LONG == 4)
+typedef unsigned long gss_uint32;
 #endif
+
+#ifdef OM_STRING
+/*
+ * We have included the xom.h header file.  Verify that OM_uint32 is defined
+ * correctly.
+ */
+#if sizeof(gss_uint32) != sizeof(OM_uint32)
+#error Incompatible definition of OM_uint32 from xom.h
 #endif
 
+typedef OM_object_identifier   gss_OID_desc, *gss_OID;
+#else  /* OM_STRING */
 /*
- * Note that a platform supporting the xom.h X/Open header file
- * may make use of that header for the definitions of OM_uint32
- * and the structure to which gss_OID_desc equates.
+ * We can't use X/Open definitions, so roll our own.
  */
+typedef gss_uint32     OM_uint32;
 
 typedef struct gss_OID_desc_struct {
       OM_uint32 length;
       void      FAR *elements;
 } gss_OID_desc, FAR *gss_OID;
-
-typedef const gss_OID_desc FAR * const const_gss_OID;
+#endif /* OM_STRING */
 
 typedef struct gss_OID_set_desc_struct  {
-      int     count;
+      size_t  count;
       gss_OID elements;
 } gss_OID_set_desc, FAR *gss_OID_set;
 
@@ -110,10 +156,15 @@ typedef struct gss_channel_bindings_struct {
       gss_buffer_desc application_data;
 } FAR *gss_channel_bindings_t;
 
+/*
+ * For now, define a QOP-type as an OM_uint32 (pending resolution of ongoing
+ * discussions).
+ */
+typedef        OM_uint32       gss_qop_t;
+typedef        int             gss_cred_usage_t;
 
 /*
- * Six independent flags each of which indicates that a context
- * supports a specific service option.
+ * Flag bits for context-level services.
  */
 #define GSS_C_DELEG_FLAG 1
 #define GSS_C_MUTUAL_FLAG 2
@@ -121,7 +172,7 @@ typedef struct gss_channel_bindings_struct {
 #define GSS_C_SEQUENCE_FLAG 8
 #define GSS_C_CONF_FLAG 16
 #define GSS_C_INTEG_FLAG 32
-
+#define        GSS_C_ANON_FLAG 64
 
 /*
  * Credential usage options
@@ -163,22 +214,31 @@ typedef struct gss_channel_bindings_struct {
 
 #define GSS_C_AF_NULLADDR   255
 
+/*
+ * Various Null values.
+ */
 #define GSS_C_NO_BUFFER ((gss_buffer_t) 0)
-#define GSS_C_NULL_OID ((gss_OID) 0)
-#define GSS_C_NULL_OID_SET ((gss_OID_set) 0)
-#define GSS_C_NO_NAME ((gss_name_t) 0)
+#define GSS_C_NO_OID ((gss_OID) 0)
+#define GSS_C_NO_OID_SET ((gss_OID_set) 0)
 #define GSS_C_NO_CONTEXT ((gss_ctx_id_t) 0)
 #define GSS_C_NO_CREDENTIAL ((gss_cred_id_t) 0)
 #define GSS_C_NO_CHANNEL_BINDINGS ((gss_channel_bindings_t) 0)
 #define GSS_C_EMPTY_BUFFER {0, NULL}
 
 /*
- * Define the default Quality of Protection for per-message
- * services.  Note that an implementation that offers multiple
- * levels of QOP may either reserve a value (for example zero,
- * as assumed here) to mean "default protection", or alternatively
- * may simply equate GSS_C_QOP_DEFAULT to a specific explicit QOP
- * value.
+ * Some alternate names for a couple of the above values.  These are defined
+ * for V1 compatibility.
+ */
+#define        GSS_C_NULL_OID          GSS_C_NO_OID
+#define        GSS_C_NULL_OID_SET      GSS_C_NO_OID_SET
+
+/*
+ * Define the default Quality of Protection for per-message services.  Note
+ * that an implementation that offers multiple levels of QOP may either reserve
+ * a value (for example zero, as assumed here) to mean "default protection", or
+ * alternatively may simply equate GSS_C_QOP_DEFAULT to a specific explicit
+ * QOP value.  However a value of 0 should always be interpreted by a GSSAPI
+ * implementation as a request for the default protection level.
  */
 #define GSS_C_QOP_DEFAULT 0
 
@@ -186,7 +246,7 @@ typedef struct gss_channel_bindings_struct {
  * Expiration time of 2^32-1 seconds means infinite lifetime for a
  * credential or security context
  */
-#define GSS_C_INDEFINITE 0xffffffff
+#define GSS_C_INDEFINITE 0xfffffffful
 
 
 /* Major status codes */
@@ -199,12 +259,14 @@ typedef struct gss_channel_bindings_struct {
 #define GSS_C_CALLING_ERROR_OFFSET 24
 #define GSS_C_ROUTINE_ERROR_OFFSET 16
 #define GSS_C_SUPPLEMENTARY_OFFSET 0
-#define GSS_C_CALLING_ERROR_MASK 0377
-#define GSS_C_ROUTINE_ERROR_MASK 0377
-#define GSS_C_SUPPLEMENTARY_MASK 0177777
+#define GSS_C_CALLING_ERROR_MASK 0377ul
+#define GSS_C_ROUTINE_ERROR_MASK 0377ul
+#define GSS_C_SUPPLEMENTARY_MASK 0177777ul
 
 /*
- * The macros that test status codes for error conditions
+ * The macros that test status codes for error conditions.  Note that the
+ * GSS_ERROR() macro has changed slightly from the V1 GSSAPI so that it now
+ * evaluates its argument only once.
  */
 #define GSS_CALLING_ERROR(x) \
   ((x) & (GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET))
@@ -213,16 +275,8 @@ typedef struct gss_channel_bindings_struct {
 #define GSS_SUPPLEMENTARY_INFO(x) \
   ((x) & (GSS_C_SUPPLEMENTARY_MASK << GSS_C_SUPPLEMENTARY_OFFSET))
 #define GSS_ERROR(x) \
-  ((GSS_CALLING_ERROR(x) != 0) || (GSS_ROUTINE_ERROR(x) != 0))
-
-/* XXXX these are not part of the GSSAPI C bindings!  (but should be) */
-
-#define GSS_CALLING_ERROR_FIELD(x) \
-   (((x) >> GSS_C_CALLING_ERROR_OFFSET) & GSS_C_CALLING_ERROR_MASK)
-#define GSS_ROUTINE_ERROR_FIELD(x) \
-   (((x) >> GSS_C_ROUTINE_ERROR_OFFSET) & GSS_C_ROUTINE_ERROR_MASK)
-#define GSS_SUPPLEMENTARY_INFO_FIELD(x) \
-   (((x) >> GSS_C_SUPPLEMENTARY_OFFSET) & GSS_C_SUPPLEMENTARY_MASK)
+  ((x) & ((GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET) | \
+         (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET)))
 
 /*
  * Now the actual status code definitions
@@ -232,38 +286,39 @@ typedef struct gss_channel_bindings_struct {
  * Calling errors:
  */
 #define GSS_S_CALL_INACCESSIBLE_READ \
-                             (1 << GSS_C_CALLING_ERROR_OFFSET)
+                             (1ul << GSS_C_CALLING_ERROR_OFFSET)
 #define GSS_S_CALL_INACCESSIBLE_WRITE \
-                             (2 << GSS_C_CALLING_ERROR_OFFSET)
+                             (2ul << GSS_C_CALLING_ERROR_OFFSET)
 #define GSS_S_CALL_BAD_STRUCTURE \
-                             (3 << GSS_C_CALLING_ERROR_OFFSET)
+                             (3ul << GSS_C_CALLING_ERROR_OFFSET)
 
 /*
  * Routine errors:
  */
-#define GSS_S_BAD_MECH (1 << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_BAD_NAME (2 << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_BAD_NAMETYPE (3 << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_BAD_BINDINGS (4 << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_BAD_STATUS (5 << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_BAD_SIG (6 << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_NO_CRED (7 << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_NO_CONTEXT (8 << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_DEFECTIVE_TOKEN (9 << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_DEFECTIVE_CREDENTIAL (10 << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_CREDENTIALS_EXPIRED (11 << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_CONTEXT_EXPIRED (12 << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_FAILURE (13 << GSS_C_ROUTINE_ERROR_OFFSET)
-/* XXXX This is a necessary evil until the spec is fixed */
-#define GSS_S_CRED_UNAVAIL GSS_S_FAILURE
+#define GSS_S_BAD_MECH (1ul << GSS_C_ROUTINE_ERROR_OFFSET)
+#define GSS_S_BAD_NAME (2ul << GSS_C_ROUTINE_ERROR_OFFSET)
+#define GSS_S_BAD_NAMETYPE (3ul << GSS_C_ROUTINE_ERROR_OFFSET)
+#define GSS_S_BAD_BINDINGS (4ul << GSS_C_ROUTINE_ERROR_OFFSET)
+#define GSS_S_BAD_STATUS (5ul << GSS_C_ROUTINE_ERROR_OFFSET)
+#define GSS_S_BAD_SIG (6ul << GSS_C_ROUTINE_ERROR_OFFSET)
+#define GSS_S_NO_CRED (7ul << GSS_C_ROUTINE_ERROR_OFFSET)
+#define GSS_S_NO_CONTEXT (8ul << GSS_C_ROUTINE_ERROR_OFFSET)
+#define GSS_S_DEFECTIVE_TOKEN (9ul << GSS_C_ROUTINE_ERROR_OFFSET)
+#define GSS_S_DEFECTIVE_CREDENTIAL (10ul << GSS_C_ROUTINE_ERROR_OFFSET)
+#define GSS_S_CREDENTIALS_EXPIRED (11ul << GSS_C_ROUTINE_ERROR_OFFSET)
+#define GSS_S_CONTEXT_EXPIRED (12ul << GSS_C_ROUTINE_ERROR_OFFSET)
+#define GSS_S_FAILURE (13ul << GSS_C_ROUTINE_ERROR_OFFSET)
+#define GSS_S_BAD_QOP (14ul << GSS_C_ROUTINE_ERROR_OFFSET)
+#define GSS_S_UNAUTHORIZED (15ul << GSS_C_ROUTINE_ERROR_OFFSET)
+#define GSS_S_UNAVAILABLE (16ul << GSS_C_ROUTINE_ERROR_OFFSET)
 
 /*
  * Supplementary info bits:
  */
-#define GSS_S_CONTINUE_NEEDED (1 << (GSS_C_SUPPLEMENTARY_OFFSET + 0))
-#define GSS_S_DUPLICATE_TOKEN (1 << (GSS_C_SUPPLEMENTARY_OFFSET + 1))
-#define GSS_S_OLD_TOKEN (1 << (GSS_C_SUPPLEMENTARY_OFFSET + 2))
-#define GSS_S_UNSEQ_TOKEN (1 << (GSS_C_SUPPLEMENTARY_OFFSET + 3))
+#define GSS_S_CONTINUE_NEEDED (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 0))
+#define GSS_S_DUPLICATE_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 1))
+#define GSS_S_OLD_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 2))
+#define GSS_S_UNSEQ_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 3))
 
 
 /*
@@ -271,185 +326,346 @@ typedef struct gss_channel_bindings_struct {
  */
 
 OM_uint32 INTERFACE gss_acquire_cred
-PROTOTYPE( (OM_uint32 FAR *,    /* minor_status */
-            gss_name_t,         /* desired_name */
-            OM_uint32,         /* time_req */
-            gss_OID_set,       /* desired_mechs */
-            int,               /* cred_usage */
-            gss_cred_id_t FAR *,/* output_cred_handle */
-            gss_OID_set FAR *,  /* actual_mechs */
-            OM_uint32 FAR *     /* time_rec */
+PROTOTYPE( (OM_uint32 FAR *,           /* minor_status */
+            gss_name_t,                        /* desired_name */
+            OM_uint32,                 /* time_req */
+            gss_OID_set,               /* desired_mechs */
+            gss_cred_usage_t,          /* cred_usage */
+            gss_cred_id_t FAR *,       /* output_cred_handle */
+            gss_OID_set FAR *,         /* actual_mechs */
+            OM_uint32 FAR *            /* time_rec */
            ));
 
 OM_uint32 INTERFACE gss_release_cred
-PROTOTYPE( (OM_uint32 FAR *,    /* minor_status */
-            gss_cred_id_t FAR * /* cred_handle */
+PROTOTYPE( (OM_uint32 FAR *,           /* minor_status */
+            gss_cred_id_t FAR *                /* cred_handle */
            ));
 
 OM_uint32 INTERFACE gss_init_sec_context
-PROTOTYPE( (OM_uint32 FAR *,    /* minor_status */
-            gss_cred_id_t,     /* claimant_cred_handle */
-            gss_ctx_id_t FAR *, /* context_handle */
-            gss_name_t,        /* target_name */
-            const_gss_OID,     /* mech_type */
-            int,               /* req_flags */
-            OM_uint32,         /* time_req */
-            gss_channel_bindings_t,
-                               /* input_chan_bindings */
-            gss_buffer_t,      /* input_token */
-            gss_OID FAR *,      /* actual_mech_type */
-            gss_buffer_t,      /* output_token */
-            int FAR *,          /* ret_flags */
-            OM_uint32 FAR *     /* time_rec */
+PROTOTYPE( (OM_uint32 FAR *,           /* minor_status */
+            gss_cred_id_t,             /* claimant_cred_handle */
+            gss_ctx_id_t FAR *,                /* context_handle */
+            gss_name_t,                        /* target_name */
+            gss_OID,                   /* mech_type (used to be const) */
+            OM_uint32,                 /* req_flags */
+            OM_uint32,                 /* time_req */
+            gss_channel_bindings_t,    /* input_chan_bindings */
+            gss_buffer_t,              /* input_token */
+            gss_OID FAR *,             /* actual_mech_type */
+            gss_buffer_t,              /* output_token */
+            OM_uint32 FAR *,           /* ret_flags */
+            OM_uint32 FAR *            /* time_rec */
            ));
 
 OM_uint32 INTERFACE gss_accept_sec_context
-PROTOTYPE( (OM_uint32 FAR *,    /* minor_status */
-            gss_ctx_id_t FAR *, /* context_handle */
-            gss_cred_id_t,     /* verifier_cred_handle */
-            gss_buffer_t,      /* input_token_buffer */
-            gss_channel_bindings_t,
-                               /* input_chan_bindings */
-            gss_name_t FAR *,   /* src_name */
-            gss_OID FAR *,      /* mech_type */
-            gss_buffer_t,      /* output_token */
-            int FAR *,          /* ret_flags */
-            OM_uint32 FAR *,    /* time_rec */
-            gss_cred_id_t FAR * /* delegated_cred_handle */
+PROTOTYPE( (OM_uint32 FAR *,           /* minor_status */
+            gss_ctx_id_t FAR *,                /* context_handle */
+            gss_cred_id_t,             /* acceptor_cred_handle */
+            gss_buffer_t,              /* input_token_buffer */
+            gss_channel_bindings_t,    /* input_chan_bindings */
+            gss_name_t FAR *,          /* src_name */
+            gss_OID FAR *,             /* mech_type */
+            gss_buffer_t,              /* output_token */
+            OM_uint32 FAR *,           /* ret_flags */
+            OM_uint32 FAR *,           /* time_rec */
+            gss_cred_id_t FAR *                /* delegated_cred_handle */
            ));
 
 OM_uint32 INTERFACE gss_process_context_token
-PROTOTYPE( (OM_uint32 FAR *,    /* minor_status */
-            gss_ctx_id_t,      /* context_handle */
-            gss_buffer_t       /* token_buffer */
+PROTOTYPE( (OM_uint32 FAR *,           /* minor_status */
+            gss_ctx_id_t,              /* context_handle */
+            gss_buffer_t               /* token_buffer */
            ));
 
 OM_uint32 INTERFACE gss_delete_sec_context
-PROTOTYPE( (OM_uint32 FAR *,    /* minor_status */
-            gss_ctx_id_t FAR *, /* context_handle */
-            gss_buffer_t       /* output_token */
+PROTOTYPE( (OM_uint32 FAR *,           /* minor_status */
+            gss_ctx_id_t FAR *,                /* context_handle */
+            gss_buffer_t               /* output_token */
            ));
 
 OM_uint32 INTERFACE gss_context_time
-PROTOTYPE( (OM_uint32 FAR *,    /* minor_status */
-            gss_ctx_id_t,      /* context_handle */
-            OM_uint32 FAR *     /* time_rec */
+PROTOTYPE( (OM_uint32 FAR *,           /* minor_status */
+            gss_ctx_id_t,              /* context_handle */
+            OM_uint32 FAR *            /* time_rec */
            ));
 
-OM_uint32 INTERFACE gss_sign
-PROTOTYPE( (OM_uint32 FAR *,    /* minor_status */
-            gss_ctx_id_t,      /* context_handle */
-            int,               /* qop_req */
-            gss_buffer_t,      /* message_buffer */
-            gss_buffer_t       /* message_token */
-           ));
+/* New for V2 */
+OM_uint32 INTERFACE gss_get_mic
+PROTOTYPE( (OM_uint32 FAR *,           /* minor_status */
+           gss_ctx_id_t,               /* context_handle */
+           gss_qop_t,                  /* qop_req */
+           gss_buffer_t,               /* message_buffer */
+           gss_buffer_t                /* message_token */
+          ));
 
-OM_uint32 INTERFACE gss_verify
-PROTOTYPE( (OM_uint32 FAR *,    /* minor_status */
-            gss_ctx_id_t,      /* context_handle */
-            gss_buffer_t,      /* message_buffer */
-            gss_buffer_t,      /* token_buffer */
-            int FAR *           /* qop_state */
-           ));
+/* New for V2 */
+OM_uint32 INTERFACE gss_verify_mic
+PROTOTYPE( (OM_uint32 FAR *,           /* minor_status */
+           gss_ctx_id_t,               /* context_handle */
+           gss_buffer_t,               /* message_buffer */
+           gss_buffer_t,               /* message_token */
+           gss_qop_t *                 /* qop_state */
+          ));
 
-OM_uint32 INTERFACE gss_seal
-PROTOTYPE( (OM_uint32 FAR *,    /* minor_status */
-            gss_ctx_id_t,      /* context_handle */
-            int,               /* conf_req_flag */
-            int,               /* qop_req */
-            gss_buffer_t,      /* input_message_buffer */
-            int FAR *,          /* conf_state */
-            gss_buffer_t       /* output_message_buffer */
-           ));
+/* New for V2 */
+OM_uint32 INTERFACE gss_wrap
+PROTOTYPE( (OM_uint32 FAR *,           /* minor_status */
+           gss_ctx_id_t,               /* context_handle */
+           int,                        /* conf_req_flag */
+           gss_qop_t,                  /* qop_req */
+           gss_buffer_t,               /* input_message_buffer */
+           int FAR *,                  /* conf_state */
+           gss_buffer_t                /* output_message_buffer */
+          ));
 
-OM_uint32 INTERFACE gss_unseal
-PROTOTYPE( (OM_uint32 FAR *,    /* minor_status */
-            gss_ctx_id_t,      /* context_handle */
-            gss_buffer_t,      /* input_message_buffer */
-            gss_buffer_t,      /* output_message_buffer */
-            int FAR *,          /* conf_state */
-            int FAR *           /* qop_state */
-           ));
+/* New for V2 */
+OM_uint32 INTERFACE gss_unwrap
+PROTOTYPE( (OM_uint32 FAR *,           /* minor_status */
+           gss_ctx_id_t,               /* context_handle */
+           gss_buffer_t,               /* input_message_buffer */
+           gss_buffer_t,               /* output_message_buffer */
+           int FAR *,                  /* conf_state */
+           gss_qop_t FAR *             /* qop_state */
+          ));
 
 OM_uint32 INTERFACE gss_display_status
-PROTOTYPE( (OM_uint32 FAR *,    /* minor_status */
-            OM_uint32,         /* status_value */
-            int,               /* status_type */
-            const_gss_OID,     /* mech_type */
-            int FAR *,          /* message_context */
-            gss_buffer_t       /* status_string */
+PROTOTYPE( (OM_uint32 FAR *,           /* minor_status */
+            OM_uint32,                 /* status_value */
+            int,                       /* status_type */
+            gss_OID,                   /* mech_type (used to be const) */
+            OM_uint32 FAR *,           /* message_context */
+            gss_buffer_t               /* status_string */
            ));
 
 OM_uint32 INTERFACE gss_indicate_mechs
-PROTOTYPE( (OM_uint32 FAR *,    /* minor_status */
-            gss_OID_set FAR *   /* mech_set */
+PROTOTYPE( (OM_uint32 FAR *,           /* minor_status */
+            gss_OID_set FAR *          /* mech_set */
            ));
 
 OM_uint32 INTERFACE gss_compare_name
-PROTOTYPE( (OM_uint32 FAR *,    /* minor_status */
-            gss_name_t,        /* name1 */
-            gss_name_t,        /* name2 */
-            int FAR *           /* name_equal */
+PROTOTYPE( (OM_uint32 FAR *,           /* minor_status */
+            gss_name_t,                        /* name1 */
+            gss_name_t,                        /* name2 */
+            int FAR *                  /* name_equal */
            ));
 
 OM_uint32 INTERFACE gss_display_name
-PROTOTYPE( (OM_uint32 FAR *,    /* minor_status */
-            gss_name_t,        /* input_name */
-            gss_buffer_t,      /* output_name_buffer */
-            gss_OID FAR *       /* output_name_type */
+PROTOTYPE( (OM_uint32 FAR *,           /* minor_status */
+            gss_name_t,                        /* input_name */
+            gss_buffer_t,              /* output_name_buffer */
+            gss_OID FAR *              /* output_name_type */
            ));
 
 OM_uint32 INTERFACE gss_import_name
-PROTOTYPE( (OM_uint32 FAR *,    /* minor_status */
-            gss_buffer_t,      /* input_name_buffer */
-            const_gss_OID,     /* input_name_type */
-            gss_name_t FAR *    /* output_name */
+PROTOTYPE( (OM_uint32 FAR *,           /* minor_status */
+            gss_buffer_t,              /* input_name_buffer */
+            gss_OID,                   /* input_name_type(used to be const) */
+            gss_name_t FAR *           /* output_name */
            ));
 
 OM_uint32 INTERFACE gss_release_name
-PROTOTYPE( (OM_uint32 FAR *,    /* minor_status */
-            gss_name_t FAR *    /* input_name */
+PROTOTYPE( (OM_uint32 FAR *,           /* minor_status */
+            gss_name_t FAR *           /* input_name */
            ));
 
 OM_uint32 INTERFACE gss_release_buffer
-PROTOTYPE( (OM_uint32 FAR *,    /* minor_status */
-            gss_buffer_t       /* buffer */
+PROTOTYPE( (OM_uint32 FAR *,           /* minor_status */
+            gss_buffer_t               /* buffer */
            ));
 
 OM_uint32 INTERFACE gss_release_oid_set
-PROTOTYPE( (OM_uint32 FAR *,    /* minor_status */
-            gss_OID_set FAR *   /* set */
+PROTOTYPE( (OM_uint32 FAR *,           /* minor_status */
+            gss_OID_set FAR *          /* set */
            ));
 
 OM_uint32 INTERFACE gss_inquire_cred
-PROTOTYPE( (OM_uint32 FAR *,    /* minor_status */
-            gss_cred_id_t,     /* cred_handle */
-            gss_name_t FAR *,   /* name */
-            OM_uint32 FAR *,    /* lifetime */
-            int FAR *,          /* cred_usage */
-            gss_OID_set FAR *   /* mechanisms */
+PROTOTYPE( (OM_uint32 FAR *,           /* minor_status */
+            gss_cred_id_t,             /* cred_handle */
+            gss_name_t FAR *,          /* name */
+            OM_uint32 FAR *,           /* lifetime */
+            gss_cred_usage_t FAR *,    /* cred_usage */
+            gss_OID_set FAR *          /* mechanisms */
            ));
 
+/* Last argument new for V2 */
 OM_uint32 INTERFACE gss_inquire_context
-PROTOTYPE( (OM_uint32 FAR *,    /* minor_status */
-           gss_ctx_id_t,       /* context_handle */
-           gss_name_t FAR *,   /* initiator_name */
-           gss_name_t FAR *,   /* acceptor_name */
-           OM_uint32 FAR *,    /* lifetime_rec */
-           gss_OID FAR *,      /* mech_type */
-           int FAR *,          /* ret_flags */
-           int FAR *           /* locally_initiated */
+PROTOTYPE( (OM_uint32 FAR *,           /* minor_status */
+           gss_ctx_id_t,               /* context_handle */
+           gss_name_t FAR *,           /* src_name */
+           gss_name_t FAR *,           /* targ_name */
+           OM_uint32 FAR *,            /* lifetime_rec */
+           gss_OID FAR *,              /* mech_type */
+           OM_uint32 FAR *,            /* ctx_flags */
+           int FAR *,                  /* locally_initiated */
+           int FAR *                   /* open */
+          ));
+
+/* New for V2 */
+OM_uint32 INTERFACE gss_wrap_size_limit
+PROTOTYPE( (OM_uint32 FAR *,           /* minor_status */
+           gss_ctx_id_t,               /* context_handle */
+           int,                        /* conf_req_flag */
+           gss_qop_t,                  /* qop_req */
+           OM_uint32,                  /* req_output_size */
+           OM_uint32 *                 /* max_input_size */
           ));
 
+/* New for V2 */
+OM_uint32 INTERFACE gss_import_name_object
+PROTOTYPE( (OM_uint32 FAR *,           /* minor_status */
+           void FAR *,                 /* input_name */
+           gss_OID,                    /* input_name_type */
+           gss_name_t FAR *            /* output_name */
+          ));
+
+/* New for V2 */
+OM_uint32 INTERFACE gss_export_name_object
+PROTOTYPE( (OM_uint32 FAR *,           /* minor_status */
+           gss_name_t,                 /* input_name */
+           gss_OID,                    /* desired_name_type */
+           void FAR * FAR *            /* output_name */
+          ));
+
+/* New for V2 */
+OM_uint32 INTERFACE gss_add_cred
+PROTOTYPE( (OM_uint32 FAR *,           /* minor_status */
+           gss_cred_id_t,              /* input_cred_handle */
+           gss_name_t,                 /* desired_name */
+           gss_OID,                    /* desired_mech */
+           gss_cred_usage_t,           /* cred_usage */
+           OM_uint32,                  /* initiator_time_req */
+           OM_uint32,                  /* acceptor_time_req */
+           gss_cred_id_t FAR *,        /* output_cred_handle */
+           gss_OID_set FAR *,          /* actual_mechs */
+           OM_uint32 FAR *,            /* initiator_time_rec */
+           OM_uint32 FAR *             /* acceptor_time_rec */
+          ));
+
+/* New for V2 */
+OM_uint32 INTERFACE gss_inquire_cred_by_mech
+PROTOTYPE( (OM_uint32  FAR *,          /* minor_status */
+           gss_cred_id_t,              /* cred_handle */
+           gss_OID,                    /* mech_type */
+           gss_name_t FAR *,           /* name */
+           OM_uint32 FAR *,            /* initiator_lifetime */
+           OM_uint32 FAR *,            /* acceptor_lifetime */
+           gss_cred_usage_t FAR *      /* cred_usage */
+          ));
+
+/* New for V2 */
 OM_uint32 INTERFACE gss_export_sec_context
-PROTOTYPE( (OM_uint32 FAR *,   /* minor_status */
-           gss_ctx_id_t FAR *, /* context_handle */
-           gss_buffer_t        /* interprocess_token */
+PROTOTYPE( (OM_uint32 FAR *,           /* minor_status */
+           gss_ctx_id_t FAR *,         /* context_handle */
+           gss_buffer_t                /* interprocess_token */
            ));
 
+/* New for V2 */
 OM_uint32 INTERFACE gss_import_sec_context
-PROTOTYPE( (OM_uint32 FAR *,   /* minor_status */
-           gss_buffer_t,       /* interprocess_token */
-           gss_ctx_id_t FAR *  /* context_handle */
+PROTOTYPE( (OM_uint32 FAR *,           /* minor_status */
+           gss_buffer_t,               /* interprocess_token */
+           gss_ctx_id_t FAR *          /* context_handle */
            ));
+
+/* New for V2 */
+OM_uint32 INTERFACE gss_release_oid
+PROTOTYPE( (OM_uint32 FAR *,           /* minor_status */
+           gss_OID FAR *               /* oid */
+          ));
+
+/* New for V2 */
+OM_uint32 INTERFACE gss_create_empty_oid_set
+PROTOTYPE( (OM_uint32 FAR *,           /* minor_status */
+           gss_OID_set FAR *           /* oid_set */
+          ));
+
+/* New for V2 */
+OM_uint32 INTERFACE gss_add_oid_set_member
+PROTOTYPE( (OM_uint32 FAR *,           /* minor_status */
+           gss_OID,                    /* member_oid */
+           gss_OID_set FAR *           /* oid_set */
+          ));
+
+/* New for V2 */
+OM_uint32 INTERFACE gss_test_oid_set_member
+PROTOTYPE( (OM_uint32 FAR *,           /* minor_status */
+           gss_OID,                    /* member */
+           gss_OID_set,                /* set */
+           int FAR *                   /* present */
+          ));
+
+/* New for V2 */
+OM_uint32 INTERFACE gss_str_to_oid
+PROTOTYPE( (OM_uint32 FAR *,           /* minor_status */
+           gss_buffer_t,               /* oid_str */
+           gss_OID FAR *               /* oid */
+          ));
+
+/* New for V2 */
+OM_uint32 INTERFACE gss_oid_to_str
+PROTOTYPE( (OM_uint32 FAR *,           /* minor_status */
+           gss_OID,                    /* oid */
+           gss_buffer_t                /* oid_str */
+          ));
+
+/* New for V2 */
+OM_uint32 INTERFACE gss_inquire_names_for_mech
+PROTOTYPE( (OM_uint32 FAR *,           /* minor_status */
+           gss_OID,                    /* mechanism */
+           gss_OID_set FAR *           /* name_types */
+          ));
+
+/*
+ * The following routines are obsolete variants of gss_get_mic, gss_wrap,
+ * gss_verify_mic and gss_unwrap.  They should be provided by GSSAPI V2
+ * implementations for backwards compatibility with V1 applications.  Distinct
+ * entrypoints (as opposed to #defines) should be provided, to allow GSSAPI
+ * V1 applications to link against GSSAPI V2 implementations.
+ */
+OM_uint32 INTERFACE gss_sign
+PROTOTYPE( (OM_uint32 FAR *,    /* minor_status */
+            gss_ctx_id_t,      /* context_handle */
+            int,               /* qop_req */
+            gss_buffer_t,      /* message_buffer */
+            gss_buffer_t       /* message_token */
+           ));
+
+OM_uint32 INTERFACE gss_verify
+PROTOTYPE( (OM_uint32 FAR *,    /* minor_status */
+            gss_ctx_id_t,      /* context_handle */
+            gss_buffer_t,      /* message_buffer */
+            gss_buffer_t,      /* token_buffer */
+            int FAR *           /* qop_state */
+           ));
+
+OM_uint32 INTERFACE gss_seal
+PROTOTYPE( (OM_uint32 FAR *,    /* minor_status */
+            gss_ctx_id_t,      /* context_handle */
+            int,               /* conf_req_flag */
+            int,               /* qop_req */
+            gss_buffer_t,      /* input_message_buffer */
+            int FAR *,          /* conf_state */
+            gss_buffer_t       /* output_message_buffer */
+           ));
+
+OM_uint32 INTERFACE gss_unseal
+PROTOTYPE( (OM_uint32 FAR *,    /* minor_status */
+            gss_ctx_id_t,      /* context_handle */
+            gss_buffer_t,      /* input_message_buffer */
+            gss_buffer_t,      /* output_message_buffer */
+            int FAR *,          /* conf_state */
+            int FAR *           /* qop_state */
+           ));
+
+/* XXXX these are not part of the GSSAPI C bindings!  (but should be) */
+
+#define GSS_CALLING_ERROR_FIELD(x) \
+   (((x) >> GSS_C_CALLING_ERROR_OFFSET) & GSS_C_CALLING_ERROR_MASK)
+#define GSS_ROUTINE_ERROR_FIELD(x) \
+   (((x) >> GSS_C_ROUTINE_ERROR_OFFSET) & GSS_C_ROUTINE_ERROR_MASK)
+#define GSS_SUPPLEMENTARY_INFO_FIELD(x) \
+   (((x) >> GSS_C_SUPPLEMENTARY_OFFSET) & GSS_C_SUPPLEMENTARY_MASK)
+
+/* XXXX This is a necessary evil until the spec is fixed */
+#define GSS_S_CRED_UNAVAIL GSS_S_FAILURE
+
 #endif /* _GSSAPI_H_ */

diff --git a/src/lib/gssapi/generic/gssapiP_generic.h b/src/lib/gssapi/generic/gssapiP_generic.h
index 21ac01c890aadf9b529efddcc1ce41ecbc3677ac..ab7eddf97d2e013355597b2796a06fd6c6a936d6 100644 (file)
--- a/src/lib/gssapi/generic/gssapiP_generic.h
+++ b/src/lib/gssapi/generic/gssapiP_generic.h
@@ -93,17 +93,17 @@ int g_make_string_buffer PROTOTYPE((const char *str, gss_buffer_t buffer));
 
 int g_copy_OID_set PROTOTYPE((const gss_OID_set_desc * const in, gss_OID_set *out));
 
-int g_token_size PROTOTYPE((const_gss_OID mech, unsigned int body_size));
+int g_token_size PROTOTYPE((gss_OID mech, unsigned int body_size));
 
-void g_make_token_header PROTOTYPE((const_gss_OID mech, int body_size,
+void g_make_token_header PROTOTYPE((gss_OID mech, int body_size,
                          unsigned char **buf, int tok_type));
 
-int g_verify_token_header PROTOTYPE((const_gss_OID mech, int *body_size,
+int g_verify_token_header PROTOTYPE((gss_OID mech, int *body_size,
                          unsigned char **buf, int tok_type, int toksize));
 
 OM_uint32 g_display_major_status PROTOTYPE((OM_uint32 *minor_status,
                                 OM_uint32 status_value,
-                                int *message_context,
+                                OM_uint32 *message_context,
                                 gss_buffer_t status_string));
 
 OM_uint32 g_display_com_err_status PROTOTYPE((OM_uint32 *minor_status,
@@ -126,4 +126,39 @@ PROTOTYPE( (OM_uint32*,       /* minor_status */
             gss_OID_set*      /* set */
            ));
 
+OM_uint32 generic_gss_release_oid
+PROTOTYPE( (OM_uint32 *,       /* minor_status */
+           gss_OID *           /* oid */
+          ));
+
+OM_uint32 generic_gss_create_empty_oid_set
+PROTOTYPE( (OM_uint32 *,       /* minor_status */
+           gss_OID_set *       /* oid_set */
+          ));
+
+OM_uint32 generic_gss_add_oid_set_member
+PROTOTYPE( (OM_uint32 *,       /* minor_status */
+           gss_OID,            /* member_oid */
+           gss_OID_set *       /* oid_set */
+          ));
+
+OM_uint32 generic_gss_test_oid_set_member
+PROTOTYPE( (OM_uint32 *,       /* minor_status */
+           gss_OID,            /* member */
+           gss_OID_set,        /* set */
+           int *               /* present */
+          ));
+
+OM_uint32 generic_gss_oid_to_str
+PROTOTYPE( (OM_uint32 *,       /* minor_status */
+           gss_OID,            /* oid */
+           gss_buffer_t        /* oid_str */
+          ));
+
+OM_uint32 generic_gss_str_to_oid
+PROTOTYPE( (OM_uint32 *,       /* minor_status */
+           gss_buffer_t,       /* oid_str */
+           gss_OID *           /* oid */
+          ));
+
 #endif /* _GSSAPIP_GENERIC_H_ */

diff --git a/src/lib/gssapi/generic/gssapi_generic.c b/src/lib/gssapi/generic/gssapi_generic.c
index 8f88a8c219bf972caf7f6a5219cb108eae4c82c2..f94e424cf43dd70a6430e2419e653b018c558057 100644 (file)
--- a/src/lib/gssapi/generic/gssapi_generic.c
+++ b/src/lib/gssapi/generic/gssapi_generic.c
@@ -49,7 +49,7 @@ static const gss_OID_desc oids[] = {
    {10, "\052\206\110\206\367\022\001\002\001\004"},
 };
 
-const_gss_OID gss_nt_user_name = oids+0;
-const_gss_OID gss_nt_machine_uid_name = oids+1;
-const_gss_OID gss_nt_string_uid_name = oids+2;
-const_gss_OID gss_nt_service_name = oids+3;
+const gss_OID_desc * const gss_nt_user_name = oids+0;
+const gss_OID_desc * const gss_nt_machine_uid_name = oids+1;
+const gss_OID_desc * const gss_nt_string_uid_name = oids+2;
+const gss_OID_desc * const gss_nt_service_name = oids+3;

diff --git a/src/lib/gssapi/generic/oid_ops.c b/src/lib/gssapi/generic/oid_ops.c
new file mode 100644 (file)
index 0000000..d7af94d
--- /dev/null
+++ b/src/lib/gssapi/generic/oid_ops.c
@@ -0,0 +1,351 @@
+/*
+ * lib/gssapi/generic/oid_ops.c
+ *
+ * Copyright 1995 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ */
+
+/*
+ * oid_ops.c - GSS-API V2 interfaces to manipulate OIDs
+ */
+
+#include "gssapiP_generic.h"
+#include "gssapi_generic.h"
+
+OM_uint32
+generic_gss_release_oid(minor_status, oid)
+    OM_uint32  *minor_status;
+    gss_OID    *oid;
+{
+    *minor_status = 0;
+
+    if (*oid == GSS_C_NO_OID)
+       return(GSS_S_COMPLETE);
+
+    /*
+     * The V2 API says the following!
+     *
+     * gss_release_oid[()] will recognize any of the GSSAPI's own OID values,
+     * and will silently ignore attempts to free these OIDs; for other OIDs
+     * it will call the C free() routine for both the OID data and the
+     * descriptor.  This allows applications to freely mix their own heap-
+     * allocated OID values with OIDs returned by GSS-API.
+     */
+    if ((*oid != gss_nt_user_name) &&
+       (*oid != gss_nt_machine_uid_name) &&
+       (*oid != gss_nt_string_uid_name) &&
+       (*oid != gss_nt_service_name)) {
+       xfree((*oid)->elements);
+       xfree(*oid);
+    }
+    *oid = GSS_C_NO_OID;
+    return(GSS_S_COMPLETE);
+}
+
+OM_uint32
+generic_gss_create_empty_oid_set(minor_status, oid_set)
+    OM_uint32  *minor_status;
+    gss_OID_set        *oid_set;
+{
+    if ((*oid_set = (gss_OID_set) xmalloc(sizeof(gss_OID_set_desc)))) {
+       memset(*oid_set, 0, sizeof(gss_OID_set_desc));
+       *minor_status = 0;
+       return(GSS_S_COMPLETE);
+    }
+    else {
+       *minor_status = ENOMEM;
+       return(GSS_S_FAILURE);
+    }
+}
+
+OM_uint32
+generic_gss_add_oid_set_member(minor_status, member_oid, oid_set)
+    OM_uint32  *minor_status;
+    gss_OID    member_oid;
+    gss_OID_set        *oid_set;
+{
+    gss_OID    elist;
+    gss_OID    lastel;
+
+    elist = (*oid_set)->elements;
+    /* Get an enlarged copy of the array */
+    if (((*oid_set)->elements = (gss_OID) xmalloc(((*oid_set)->count+1) *
+                                                 sizeof(gss_OID_desc)))) {
+       /* Copy in the old junk */
+       if (elist)
+           memcpy((*oid_set)->elements,
+                  elist,
+                  ((*oid_set)->count * sizeof(gss_OID_desc)));
+
+       /* Duplicate the input element */
+       lastel = &(*oid_set)->elements[(*oid_set)->count];
+       if ((lastel->elements =
+            (void *) xmalloc((size_t) member_oid->length))) {
+           /* Success - copy elements */
+           memcpy(lastel->elements, member_oid->elements,
+                  (size_t) member_oid->length);
+           /* Set length */
+           lastel->length = member_oid->length;
+
+           /* Update count */
+           (*oid_set)->count++;
+           if (elist)
+               xfree(elist);
+           *minor_status = 0;
+           return(GSS_S_COMPLETE);
+       }
+       else
+           xfree((*oid_set)->elements);
+    }
+    /* Failure - restore old contents of list */
+    (*oid_set)->elements = elist;
+    *minor_status = ENOMEM;
+    return(GSS_S_FAILURE);
+}
+
+OM_uint32
+generic_gss_test_oid_set_member(minor_status, member, set, present)
+    OM_uint32  *minor_status;
+    gss_OID    member;
+    gss_OID_set        set;
+    int                *present;
+{
+    size_t     i;
+    int                result;
+
+    result = 0;
+    for (i=0; i<set->count; i++) {
+       if ((set->elements[i].length == member->length) &&
+           !memcmp(set->elements[i].elements,
+                   member->elements,
+                   member->length)) {
+           result = 1;
+           break;
+       }
+    }
+    *present = result;
+    *minor_status = 0;
+    return(GSS_S_COMPLETE);
+}
+
+/*
+ * OID<->string routines.  These are uuuuugly.
+ */
+OM_uint32
+generic_gss_oid_to_str(minor_status, oid, oid_str)
+    OM_uint32          *minor_status;
+    gss_OID            oid;
+    gss_buffer_t       oid_str;
+{
+    char               numstr[128];
+    unsigned long      number;
+    int                        numshift;
+    size_t             string_length;
+    size_t             i;
+    unsigned char      *cp;
+    char               *bp;
+
+    /* Decoded according to krb5/gssapi_krb5.c */
+
+    /* First determine the size of the string */
+    string_length = 0;
+    number = 0;
+    numshift = 0;
+    cp = (unsigned char *) oid->elements;
+    number = (unsigned long) cp[0];
+    sprintf(numstr, "%d ", number/40);
+    string_length += strlen(numstr);
+    sprintf(numstr, "%d ", number%40);
+    string_length += strlen(numstr);
+    for (i=1; i<oid->length; i++) {
+       if ((numshift+7) < (sizeof(unsigned long)*8)) {
+           number = (number << 7) | (cp[i] & 0x7f);
+           numshift += 7;
+       }
+       else {
+           *minor_status = EINVAL;
+           return(GSS_S_FAILURE);
+       }
+       if ((cp[i] & 0x80) == 0) {
+           sprintf(numstr, "%d ", number);
+           string_length += strlen(numstr);
+           number = 0;
+           numshift = 0;
+       }
+    }
+    /*
+     * If we get here, we've calculated the length of "n n n ... n ".  Add 4
+     * here for "{ " and "}\0".
+     */
+    string_length += 4;
+    if ((bp = (char *) xmalloc(string_length))) {
+       strcpy(bp, "{ ");
+       number = (unsigned long) cp[0];
+       sprintf(numstr, "%d ", number/40);
+       strcat(bp, numstr);
+       sprintf(numstr, "%d ", number%40);
+       strcat(bp, numstr);
+       number = 0;
+       cp = (unsigned char *) oid->elements;
+       for (i=1; i<oid->length; i++) {
+           number = (number << 7) | (cp[i] & 0x7f);
+           if ((cp[i] & 0x80) == 0) {
+               sprintf(numstr, "%d ", number);
+               strcat(bp, numstr);
+               number = 0;
+           }
+       }
+       strcat(bp, "}");
+       oid_str->length = strlen(bp)+1;
+       oid_str->value = (void *) bp;
+       *minor_status = 0;
+       return(GSS_S_COMPLETE);
+    }
+    *minor_status = ENOMEM;
+    return(GSS_S_FAILURE);
+}
+
+OM_uint32
+generic_gss_str_to_oid(minor_status, oid_str, oid)
+    OM_uint32          *minor_status;
+    gss_buffer_t       oid_str;
+    gss_OID            *oid;
+{
+    size_t     i;
+    char       *cp, *bp, *startp;
+    int                brace;
+    long       numbuf;
+    long       onumbuf;
+    OM_uint32  nbytes;
+    int                index;
+    unsigned char *op;
+
+    brace = 0;
+    bp = (char *) oid_str->value;
+    cp = bp;
+    /* Skip over leading space */
+    while ((bp < &cp[oid_str->length]) && isspace(*bp))
+       bp++;
+    if (*bp == '{') {
+       brace = 1;
+       bp++;
+    }
+    while ((bp < &cp[oid_str->length]) && isspace(*bp))
+       bp++;
+    startp = bp;
+    nbytes = 0;
+
+    /*
+     * The first two numbers are chewed up by the first octet.
+     */
+    if (sscanf(bp, "%ld", &numbuf) != 1) {
+       *minor_status = EINVAL;
+       return(GSS_S_FAILURE);
+    }
+    while ((bp < &cp[oid_str->length]) && isdigit(*bp))
+       bp++;
+    while ((bp < &cp[oid_str->length]) && isspace(*bp))
+       bp++;
+    if (sscanf(bp, "%ld", &numbuf) != 1) {
+       *minor_status = EINVAL;
+       return(GSS_S_FAILURE);
+    }
+    while ((bp < &cp[oid_str->length]) && isdigit(*bp))
+       bp++;
+    while ((bp < &cp[oid_str->length]) && isspace(*bp))
+       bp++;
+    nbytes++;
+    while (isdigit(*bp)) {
+       if (sscanf(bp, "%ld", &numbuf) != 1) {
+           *minor_status = EINVAL;
+           return(GSS_S_FAILURE);
+       }
+       while (numbuf) {
+           nbytes++;
+           numbuf >>= 7;
+       }
+       while ((bp < &cp[oid_str->length]) && isdigit(*bp))
+           bp++;
+       while ((bp < &cp[oid_str->length]) && isspace(*bp))
+           bp++;
+    }
+    if (brace && (*bp != '}')) {
+       *minor_status = EINVAL;
+       return(GSS_S_FAILURE);
+    }
+
+    /*
+     * Phew!  We've come this far, so the syntax is good.
+     */
+    if ((*oid = (gss_OID) malloc(sizeof(gss_OID_desc)))) {
+       if ((*oid)->elements = (void *) malloc(nbytes)) {
+           (*oid)->length = nbytes;
+           op = (unsigned char *) (*oid)->elements;
+           bp = startp;
+           sscanf(bp, "%ld", &numbuf);
+           while (isdigit(*bp))
+               bp++;
+           while (isspace(*bp))
+               bp++;
+           onumbuf = 40*numbuf;
+           sscanf(bp, "%ld", &numbuf);
+           onumbuf += numbuf;
+           *op = (unsigned char) onumbuf;
+           op++;
+           while (isdigit(*bp))
+               bp++;
+           while (isspace(*bp))
+               bp++;
+           while (isdigit(*bp)) {
+               sscanf(bp, "%ld", &numbuf);
+               nbytes = 0;
+               /* Have to fill in the bytes msb-first */
+               onumbuf = numbuf;
+               while (numbuf) {
+                   nbytes++;
+                   numbuf >>= 7;
+               }
+               numbuf = onumbuf;
+               op += nbytes;
+               index = -1;
+               while (numbuf) {
+                   op[index] = numbuf & 0x7f;
+                   if (index != -1)
+                       op[index] |= 0x80;
+                   index--;
+                   numbuf >>= 7;
+               }
+               while (isdigit(*bp))
+                   bp++;
+               while (isspace(*bp))
+                   bp++;
+           }
+           *minor_status = 0;
+           return(GSS_S_COMPLETE);
+       }
+       else {
+           xfree(*oid);
+           *oid = GSS_C_NO_OID;
+       }
+    }
+    *minor_status = ENOMEM;
+    return(GSS_S_FAILURE);
+}
+

diff --git a/src/lib/gssapi/generic/rel_oid_set.c b/src/lib/gssapi/generic/rel_oid_set.c
index 2edfe9a39a4734855265d63bfb1cfd143999e4d2..96f6f8d1546bc809797dfc8678e1c31f79e97a72 100644 (file)
--- a/src/lib/gssapi/generic/rel_oid_set.c
+++ b/src/lib/gssapi/generic/rel_oid_set.c
@@ -26,11 +26,15 @@ OM_uint32 generic_gss_release_oid_set(minor_status, set)
      OM_uint32 *minor_status;
      gss_OID_set *set;
 {
+   size_t index;
+
    *minor_status = 0;
 
    if (*set == GSS_C_NULL_OID_SET)
       return(GSS_S_COMPLETE);
 
+   for (index=0; index<(*set)->count; index++)
+     xfree((*set)->elements[index].elements);
    xfree((*set)->elements);
    xfree(*set);
 

diff --git a/src/lib/gssapi/generic/util_token.c b/src/lib/gssapi/generic/util_token.c
index eadfad82abb99f2779417937f22915095f2999bb..d8e5e91aebe5795ed6ebb5035998daa76c780f5c 100644 (file)
--- a/src/lib/gssapi/generic/util_token.c
+++ b/src/lib/gssapi/generic/util_token.c
@@ -118,7 +118,7 @@ static int der_read_length(buf, bufsize)
 /* returns the length of a token, given the mech oid and the body size */
 
 int g_token_size(mech, body_size)
-     const_gss_OID mech;
+     gss_OID mech;
      unsigned int body_size;
 {
    /* set body_size to sequence contents size */
@@ -130,7 +130,7 @@ int g_token_size(mech, body_size)
    be the right size.  buf is advanced past the token header */
 
 void g_make_token_header(mech, body_size, buf, tok_type)
-     const_gss_OID mech;
+     gss_OID mech;
      int body_size;
      unsigned char **buf;
      int tok_type;
@@ -149,7 +149,7 @@ void g_make_token_header(mech, body_size, buf, tok_type)
    to the number of remaining bytes */
 
 int g_verify_token_header(mech, body_size, buf, tok_type, toksize)
-     const_gss_OID mech;
+     gss_OID mech;
      int *body_size;
      unsigned char **buf;
      int tok_type;

diff --git a/src/lib/gssapi/krb5/.Sanitize b/src/lib/gssapi/krb5/.Sanitize
index 9fe1b32f85f891a4d4c4cb9b2f115d2bacfa73d9..bd133d7782ded6a6d048de5b516357af659f271f 100644 (file)
--- a/src/lib/gssapi/krb5/.Sanitize
+++ b/src/lib/gssapi/krb5/.Sanitize
@@ -48,12 +48,14 @@ indicate_mechs.c
 init_sec_context.c
 inq_context.c
 inq_cred.c
+inq_names.c
 k5seal.c
 k5unseal.c
 krb5_gss_glue.c
 process_context_token.c
 rel_cred.c
 rel_name.c
+rel_oid.c
 seal.c
 ser_sctx.c
 sign.c

diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog
index 4074450e74eca03bfec2951385b78677749306a9..6f5c30ddbb5e5054201adc949e8db3b3c899a56e 100644 (file)
--- a/src/lib/gssapi/krb5/ChangeLog
+++ b/src/lib/gssapi/krb5/ChangeLog
@@ -1,3 +1,18 @@
+
+Thu Aug 31 11:50:34 EDT 1995   Paul Park       (pjpark@mit.edu)
+       * gssapiP_krb5.h - Add new V2 dispatch prototypes.  Update arguments
+               to be compatible with V2 API.  Add tokens for V2 integrity
+               and confidentiality services.
+       * k5seal.c - Add support for V2 tokens and add kg_seal_size() to
+               support gss_wrap_size_limit().
+       * k5unseal.c - Add support for V2 tokens.
+       * accept_sec_context,disp_status,gssapi_krb5,init_sec_context,
+               inq_context,rel_name.c - Update arguments to V2.
+       * acquire_cred,import_name,inq_cred,krb5_gss_glue,seal,sign,unseal,
+               verify.c - Update arguments to V2 and add new V2 functions.
+       * rel_oid.c, inq_names.c - New V2 modules.
+       * Makefile.in, .Sanitize - Add rel_oid.c and inq_names.c
+
 Tue Aug 29 22:38:54 1995  Ezra Peisach  <epeisach@kangaroo.mit.edu>
 
        * init_sec_context.c (krb5_gss_init_sec_context):  Remove

diff --git a/src/lib/gssapi/krb5/Makefile.in b/src/lib/gssapi/krb5/Makefile.in
index 0c9fbe1678a01e577dd04f128ca350b03f7e04df..cc5e1f10163625dee06e3d88f61107352347043b 100644 (file)
--- a/src/lib/gssapi/krb5/Makefile.in
+++ b/src/lib/gssapi/krb5/Makefile.in
@@ -1,4 +1,4 @@
-CFLAGS = $(CCOPTS) $(DEFS) -I. -I$(srcdir) -I../generic -I$(srcdir)/../generic -I$(srcdir)/../../crypto/md5
+CFLAGS = $(CCOPTS) $(DEFS) -I. -I$(srcdir) -I../generic -I$(srcdir)/../generic -I$(srcdir)/../../crypto/md5 -DUSE_AUTOCONF_H
 
 ##DOSBUILDTOP = ..\..\..
 ##DOSLIBNAME=..\gssapi.$(LIBEXT)
@@ -34,12 +34,14 @@ CCSRCS = \
        $(srcdir)/init_sec_context.c \
        $(srcdir)/inq_context.c \
        $(srcdir)/inq_cred.c \
+       $(srcdir)/inq_names.c \
        $(srcdir)/k5seal.c \
        $(srcdir)/k5unseal.c \
        $(srcdir)/krb5_gss_glue.c \
        $(srcdir)/process_context_token.c \
        $(srcdir)/rel_cred.c \
        $(srcdir)/rel_name.c \
+       $(srcdir)/rel_oid.c \
        $(srcdir)/seal.c \
        $(srcdir)/ser_sctx.c \
        $(srcdir)/sign.c \
@@ -67,12 +69,14 @@ CCOBJS = \
        init_sec_context.$(OBJEXT) \
        inq_context.$(OBJEXT) \
        inq_cred.$(OBJEXT) \
+       inq_names.$(OBJEXT) \
        k5seal.$(OBJEXT) \
        k5unseal.$(OBJEXT) \
        krb5_gss_glue.$(OBJEXT) \
        process_context_token.$(OBJEXT) \
        rel_cred.$(OBJEXT) \
        rel_name.$(OBJEXT) \
+       rel_oid.$(OBJEXT) \
        seal.$(OBJEXT) \
        ser_sctx.$(OBJEXT) \
        sign.$(OBJEXT) \

diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c
index ba62cbb20ff8b9f694c31e7e1c7772832ea45f15..e4e089eaa3389d98c13aeb27be6a0b0cc9f609e9 100644 (file)
--- a/src/lib/gssapi/krb5/accept_sec_context.c
+++ b/src/lib/gssapi/krb5/accept_sec_context.c
@@ -39,7 +39,7 @@ krb5_gss_accept_sec_context(context, minor_status, context_handle,
      gss_name_t *src_name;
      gss_OID *mech_type;
      gss_buffer_t output_token;
-     int *ret_flags;
+     OM_uint32 *ret_flags;
      OM_uint32 *time_rec;
      gss_cred_id_t *delegated_cred_handle;
 {
@@ -65,7 +65,7 @@ krb5_gss_accept_sec_context(context, minor_status, context_handle,
    /* set up returns to be freeable */
 
    if (src_name)
-      *src_name = GSS_C_NO_NAME;
+      *src_name = (gss_name_t) NULL;
    output_token->length = 0;
    output_token->value = NULL;
    if (mech_type)
@@ -109,7 +109,7 @@ krb5_gss_accept_sec_context(context, minor_status, context_handle,
 
    ptr = (unsigned char *) input_token->value;
 
-   if (! g_verify_token_header(gss_mech_krb5, &(ap_req.length),
+   if (! g_verify_token_header((gss_OID) gss_mech_krb5, &(ap_req.length),
                               &ptr, KG_TOK_CTX_AP_REQ, input_token->length)) {
       *minor_status = 0;
       return(GSS_S_DEFECTIVE_TOKEN);
@@ -281,7 +281,7 @@ krb5_gss_accept_sec_context(context, minor_status, context_handle,
         return(GSS_S_FAILURE);
       }
       krb5_auth_con_getlocalseqnumber(context, auth_context, &ctx->seq_send);
-      token.length = g_token_size(gss_mech_krb5, ap_rep.length);
+      token.length = g_token_size((gss_OID) gss_mech_krb5, ap_rep.length);
 
       if ((token.value = (unsigned char *) xmalloc(token.length)) == NULL) {
         (void)krb5_gss_delete_sec_context(context, minor_status, 
@@ -290,7 +290,7 @@ krb5_gss_accept_sec_context(context, minor_status, context_handle,
         return(GSS_S_FAILURE);
       }
       ptr = token.value;
-      g_make_token_header(gss_mech_krb5, ap_rep.length,
+      g_make_token_header((gss_OID) gss_mech_krb5, ap_rep.length,
                        &ptr, KG_TOK_CTX_AP_REP);
 
       TWRITE_STR(ptr, ap_rep.data, ap_rep.length);

diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c
index 10563d69449629c948d0f8073337e88d56f25626..6ffbe49fa2ff2c5d09c9fed99e1e1629cbd23fc2 100644 (file)
--- a/src/lib/gssapi/krb5/acquire_cred.c
+++ b/src/lib/gssapi/krb5/acquire_cred.c
@@ -61,7 +61,7 @@ acquire_accept_cred(context, minor_status, desired_name, output_princ, cred)
    /* figure out what principal to use.  If the default name is
       requested, use the default sn2princ output */
 
-   if (desired_name == GSS_C_NO_NAME) {
+   if (desired_name == (gss_name_t) NULL) {
       if (code = krb5_sname_to_principal(context, NULL, NULL, KRB5_NT_SRV_HST,
                                         &princ)) {
         *minor_status = code;
@@ -160,7 +160,7 @@ acquire_init_cred(context, minor_status, desired_name, output_princ, cred)
       return(GSS_S_FAILURE);
    }
 
-   if (desired_name != GSS_C_NO_NAME) {
+   if (desired_name != (gss_name_t) NULL) {
       if (! krb5_principal_compare(context, princ, (krb5_principal) desired_name)) {
         (void)krb5_free_principal(context, princ);
         (void)krb5_cc_close(context, ccache);
@@ -246,7 +246,7 @@ krb5_gss_acquire_cred(context, minor_status, desired_name, time_req,
      gss_name_t desired_name;
      OM_uint32 time_req;
      gss_OID_set desired_mechs;
-     int cred_usage;
+     gss_cred_usage_t cred_usage;
      gss_cred_id_t *output_cred_handle;
      gss_OID_set *actual_mechs;
      OM_uint32 *time_rec;
@@ -268,7 +268,7 @@ krb5_gss_acquire_cred(context, minor_status, desired_name, time_req,
    /* validate the name */
 
    /*SUPPRESS 29*/
-   if ((desired_name != GSS_C_NO_NAME) &&
+   if ((desired_name != (gss_name_t) NULL) &&
        (! kg_validate_name(desired_name))) {
       *minor_status = (OM_uint32) G_VALIDATE_FAILED;
       return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME);
@@ -425,3 +425,32 @@ krb5_gss_acquire_cred(context, minor_status, desired_name, time_req,
 
    return(GSS_S_COMPLETE);
 }
+
+/* V2 interface */
+OM_uint32
+krb5_gss_add_cred(context, minor_status, input_cred_handle,
+                 desired_name, desired_mech, cred_usage,
+                 initiator_time_req, acceptor_time_req,
+                 output_cred_handle, actual_mechs, 
+                 initiator_time_rec, acceptor_time_rec)
+    krb5_context       context;
+    OM_uint32          *minor_status;
+    gss_cred_id_t      input_cred_handle;
+    gss_name_t         desired_name;
+    gss_OID            desired_mech;
+    gss_cred_usage_t   cred_usage;
+    OM_uint32          initiator_time_req;
+    OM_uint32          acceptor_time_req;
+    gss_cred_id_t      *output_cred_handle;
+    gss_OID_set                *actual_mechs;
+    OM_uint32          *initiator_time_rec;
+    OM_uint32          *acceptor_time_rec;
+{
+    /*
+     * This does not apply to our single-mechanism implementation.  Until we
+     * come up with a better error code, return failure.
+     */
+    *minor_status = 0;
+    return(GSS_S_FAILURE);
+}
+

diff --git a/src/lib/gssapi/krb5/disp_status.c b/src/lib/gssapi/krb5/disp_status.c
index 4e04d9b6b877294d1a0387a4b2e2e4243582ca49..97775147ce81e02c44673e91e4c5021c603a2d6a 100644 (file)
--- a/src/lib/gssapi/krb5/disp_status.c
+++ b/src/lib/gssapi/krb5/disp_status.c
@@ -38,8 +38,8 @@ krb5_gss_display_status(context, minor_status, status_value, status_type,
      OM_uint32 *minor_status;
      OM_uint32 status_value;
      int status_type;
-     const_gss_OID mech_type;
-     int *message_context;
+     gss_OID mech_type;
+     OM_uint32 *message_context;
      gss_buffer_t status_string;
 {
    status_string->length = 0;

diff --git a/src/lib/gssapi/krb5/gssapiP_krb5.h b/src/lib/gssapi/krb5/gssapiP_krb5.h
index f0f42fbd4fd914c7c21f6c99b7088827bd57c088..dc109f15814057eac580a75f85722ca04f101485 100644 (file)
--- a/src/lib/gssapi/krb5/gssapiP_krb5.h
+++ b/src/lib/gssapi/krb5/gssapiP_krb5.h
@@ -48,7 +48,9 @@
 #define KG_TOK_CTX_ERROR       0x0300
 #define KG_TOK_SIGN_MSG                0x0101
 #define KG_TOK_SEAL_MSG                0x0201
-#define KG_TOK_DEL_CTX         0x0102
+#define        KG_TOK_MIC_MSG          0x0102
+#define        KG_TOK_WRAP_MSG         0x0202
+#define KG_TOK_DEL_CTX         0x0103
 
 /** internal types **/
 
@@ -56,7 +58,7 @@ typedef krb5_principal krb5_gss_name_t;
 
 typedef struct _krb5_gss_cred_id_rec {
    /* name/type of credential */
-   int usage;
+   gss_cred_usage_t usage;
    krb5_principal princ;       /* this is not interned as a gss_name_t */
 
    /* keytab (accept) data */
@@ -75,7 +77,7 @@ typedef struct _krb5_gss_enc_desc {
 
 typedef struct _krb5_gss_ctx_id_rec {
    int initiate;       /* nonzero if initiating, zero if accepting */
-   int mutual;
+   OM_uint32 mutual;
    int seed_init;
    unsigned char seed[16];
    krb5_gss_cred_id_t cred;
@@ -173,7 +175,7 @@ PROTOTYPE( (krb5_context,
             gss_name_t,       /* desired_name */
             OM_uint32,        /* time_req */
             gss_OID_set,      /* desired_mechs */
-            int,              /* cred_usage */
+            gss_cred_usage_t, /* cred_usage */
             gss_cred_id_t*,   /* output_cred_handle */
             gss_OID_set*,     /* actual_mechs */
             OM_uint32*        /* time_rec */
@@ -191,15 +193,15 @@ PROTOTYPE( (krb5_context,
             gss_cred_id_t,    /* claimant_cred_handle */
             gss_ctx_id_t*,    /* context_handle */
             gss_name_t,       /* target_name */
-            const_gss_OID,    /* mech_type */
-            int,              /* req_flags */
+            gss_OID,          /* mech_type */
+            OM_uint32,        /* req_flags */
             OM_uint32,        /* time_req */
             gss_channel_bindings_t,
                               /* input_chan_bindings */
             gss_buffer_t,     /* input_token */
             gss_OID*,         /* actual_mech_type */
             gss_buffer_t,     /* output_token */
-            int*,             /* ret_flags */
+            OM_uint32*,       /* ret_flags */
             OM_uint32*        /* time_rec */
            ));
 
@@ -214,7 +216,7 @@ PROTOTYPE( (krb5_context,
             gss_name_t*,      /* src_name */
             gss_OID*,         /* mech_type */
             gss_buffer_t,     /* output_token */
-            int*,             /* ret_flags */
+            OM_uint32*,       /* ret_flags */
             OM_uint32*,       /* time_rec */
             gss_cred_id_t*    /* delegated_cred_handle */
            ));
@@ -284,8 +286,8 @@ PROTOTYPE( (krb5_context,
            OM_uint32*,       /* minor_status */
             OM_uint32,        /* status_value */
             int,              /* status_type */
-            const_gss_OID,    /* mech_type */
-            int*,             /* message_context */
+            gss_OID,          /* mech_type */
+            OM_uint32*,       /* message_context */
             gss_buffer_t      /* status_string */
            ));
 
@@ -307,7 +309,7 @@ OM_uint32 krb5_gss_display_name
 PROTOTYPE( (krb5_context,
            OM_uint32*,      /* minor_status */
             gss_name_t,      /* input_name */
-            gss_buffer_t,     /* output_name_buffer */
+            gss_buffer_t,    /* output_name_buffer */
             gss_OID*         /* output_name_type */
            ));
 
@@ -315,7 +317,7 @@ OM_uint32 krb5_gss_import_name
 PROTOTYPE( (krb5_context,
            OM_uint32*,       /* minor_status */
             gss_buffer_t,     /* input_name_buffer */
-            const_gss_OID,    /* input_name_type */
+            gss_OID,          /* input_name_type */
             gss_name_t*       /* output_name */
            ));
 
@@ -331,7 +333,7 @@ PROTOTYPE( (krb5_context,
             gss_cred_id_t,    /* cred_handle */
             gss_name_t *,     /* name */
             OM_uint32 *,      /* lifetime */
-            int *,            /* cred_usage */
+            gss_cred_usage_t*,/* cred_usage */
             gss_OID_set *     /* mechanisms */
            ));
 
@@ -343,24 +345,128 @@ PROTOTYPE( (krb5_context,
            gss_name_t*,      /* acceptor_name */
            OM_uint32*,       /* lifetime_rec */
            gss_OID*,         /* mech_type */
-           int*,             /* ret_flags */
-           int*              /* locally_initiated */
+           OM_uint32*,       /* ret_flags */
+           int*,             /* locally_initiated */
+           int*              /* open */
+          ));
+
+/* New V2 entry points */
+OM_uint32 krb5_gss_get_mic
+PROTOTYPE( (krb5_context,
+           OM_uint32 *,                /* minor_status */
+           gss_ctx_id_t,               /* context_handle */
+           gss_qop_t,                  /* qop_req */
+           gss_buffer_t,               /* message_buffer */
+           gss_buffer_t                /* message_token */
+          ));
+
+OM_uint32 krb5_gss_verify_mic
+PROTOTYPE( (krb5_context,
+           OM_uint32 *,                /* minor_status */
+           gss_ctx_id_t,               /* context_handle */
+           gss_buffer_t,               /* message_buffer */
+           gss_buffer_t,               /* message_token */
+           gss_qop_t *                 /* qop_state */
+          ));
+
+OM_uint32 krb5_gss_wrap
+PROTOTYPE( (krb5_context,
+           OM_uint32 *,                /* minor_status */
+           gss_ctx_id_t,               /* context_handle */
+           int,                        /* conf_req_flag */
+           gss_qop_t,                  /* qop_req */
+           gss_buffer_t,               /* input_message_buffer */
+           int *,                      /* conf_state */
+           gss_buffer_t                /* output_message_buffer */
+          ));
+
+OM_uint32 krb5_gss_unwrap
+PROTOTYPE( (krb5_context,
+           OM_uint32 *,                /* minor_status */
+           gss_ctx_id_t,               /* context_handle */
+           gss_buffer_t,               /* input_message_buffer */
+           gss_buffer_t,               /* output_message_buffer */
+           int *,                      /* conf_state */
+           gss_qop_t *                 /* qop_state */
+          ));
+
+OM_uint32 krb5_gss_wrap_size_limit
+PROTOTYPE( (krb5_context,
+           OM_uint32 *,                /* minor_status */
+           gss_ctx_id_t,               /* context_handle */
+           int,                        /* conf_req_flag */
+           gss_qop_t,                  /* qop_req */
+           OM_uint32,                  /* req_output_size */
+           OM_uint32 *                 /* max_input_size */
+          ));
+
+OM_uint32 krb5_gss_import_name_object
+PROTOTYPE( (krb5_context,
+           OM_uint32 *,                /* minor_status */
+           void *,                     /* input_name */
+           gss_OID,                    /* input_name_type */
+           gss_name_t *                /* output_name */
+          ));
+
+OM_uint32 krb5_gss_export_name_object
+PROTOTYPE( (krb5_context,
+           OM_uint32 *,                /* minor_status */
+           gss_name_t,                 /* input_name */
+           gss_OID,                    /* desired_name_type */
+           void * *                    /* output_name */
+          ));
+
+OM_uint32 krb5_gss_add_cred
+PROTOTYPE( (krb5_context,
+           OM_uint32 *,                /* minor_status */
+           gss_cred_id_t,              /* input_cred_handle */
+           gss_name_t,                 /* desired_name */
+           gss_OID,                    /* desired_mech */
+           gss_cred_usage_t,           /* cred_usage */
+           OM_uint32,                  /* initiator_time_req */
+           OM_uint32,                  /* acceptor_time_req */
+           gss_cred_id_t *,            /* output_cred_handle */
+           gss_OID_set *,              /* actual_mechs */
+           OM_uint32 *,                /* initiator_time_rec */
+           OM_uint32 *                 /* acceptor_time_rec */
+          ));
+
+OM_uint32 krb5_gss_inquire_cred_by_mech
+PROTOTYPE( (krb5_context,
+           OM_uint32  *,               /* minor_status */
+           gss_cred_id_t,              /* cred_handle */
+           gss_OID,                    /* mech_type */
+           gss_name_t *,               /* name */
+           OM_uint32 *,                /* initiator_lifetime */
+           OM_uint32 *,                /* acceptor_lifetime */
+           gss_cred_usage_t *          /* cred_usage */
           ));
 
 OM_uint32 krb5_gss_export_sec_context
 PROTOTYPE( (krb5_context,
-           OM_uint32 *,        /* minor_status */
-           gss_ctx_id_t *,     /* context_handle */
-           gss_buffer_t        /* interprocess_token */
+           OM_uint32 *,                /* minor_status */
+           gss_ctx_id_t *,             /* context_handle */
+           gss_buffer_t                /* interprocess_token */
            ));
 
 OM_uint32 krb5_gss_import_sec_context
 PROTOTYPE( (krb5_context,
-           OM_uint32 *,        /* minor_status */
-           gss_buffer_t,       /* interprocess_token */
-           gss_ctx_id_t *      /* context_handle */
+           OM_uint32 *,                /* minor_status */
+           gss_buffer_t,               /* interprocess_token */
+           gss_ctx_id_t *              /* context_handle */
            ));
 
+OM_uint32 krb5_gss_release_oid
+PROTOTYPE( (OM_uint32 *,               /* minor_status */
+           gss_OID *                   /* oid */
+          ));
+
+OM_uint32 krb5_gss_inquire_names_for_mech
+PROTOTYPE( (OM_uint32 *,               /* minor_status */
+           gss_OID,                    /* mechanism */
+           gss_OID_set *               /* name_types */
+          ));
+
 OM_uint32 kg_get_context();
        
 #endif /* _GSSAPIP_KRB5_H_ */

diff --git a/src/lib/gssapi/krb5/gssapi_krb5.c b/src/lib/gssapi/krb5/gssapi_krb5.c
index 4b23217fa575d8a733d9a53556835c21299f462b..6e86eb97a916244aeacdc91cbf8ab200c5f16a25 100644 (file)
--- a/src/lib/gssapi/krb5/gssapi_krb5.c
+++ b/src/lib/gssapi/krb5/gssapi_krb5.c
@@ -51,9 +51,9 @@ static const gss_OID_desc oids[] = {
    {10, "\052\206\110\206\367\022\001\002\002\002"},
 };
 
-const_gss_OID gss_mech_krb5 = oids+0;
-const_gss_OID gss_nt_krb5_name = oids+1;
-const_gss_OID gss_nt_krb5_principal = oids+2;
+const gss_OID_desc * const gss_mech_krb5 = oids+0;
+const gss_OID_desc * const gss_nt_krb5_name = oids+1;
+const gss_OID_desc * const gss_nt_krb5_principal = oids+2;
 
 static const gss_OID_set_desc oidsets[] = {
    {1, (gss_OID) oids},
@@ -85,7 +85,7 @@ kg_get_defcred(minor_status, cred)
              return GSS_S_FAILURE;
 
       if ((major = krb5_gss_acquire_cred(kg_context, minor_status, 
-                                        GSS_C_NO_NAME, GSS_C_INDEFINITE, 
+                                        (gss_name_t) NULL, GSS_C_INDEFINITE, 
                                         GSS_C_NULL_OID_SET, GSS_C_INITIATE, 
                                         &defcred, NULL, NULL)) &&
          GSS_ERROR(major)) {

diff --git a/src/lib/gssapi/krb5/import_name.c b/src/lib/gssapi/krb5/import_name.c
index d5dcd20f9d1bcc099a2388d5423fcad4946fec3a..c038392dccc2d6b7eda4857f12d9af4f8dd66ae8 100644 (file)
--- a/src/lib/gssapi/krb5/import_name.c
+++ b/src/lib/gssapi/krb5/import_name.c
@@ -44,7 +44,7 @@ krb5_gss_import_name(context, minor_status, input_name_buffer,
      krb5_context context;
      OM_uint32 *minor_status;
      gss_buffer_t input_name_buffer;
-     const_gss_OID input_name_type;
+     gss_OID input_name_type;
      gss_name_t *output_name;
 {
    krb5_principal princ;

diff --git a/src/lib/gssapi/krb5/init_sec_context.c b/src/lib/gssapi/krb5/init_sec_context.c
index 74ae2441200b974a73c7ea241112d960418de1e8..c258c4c7df6c1b04ba18a2475e85c215a5058735 100644 (file)
--- a/src/lib/gssapi/krb5/init_sec_context.c
+++ b/src/lib/gssapi/krb5/init_sec_context.c
@@ -120,7 +120,7 @@ make_ap_req(context, auth_context, cred, server, endtime, chan_bindings,
    /* build up the token */
 
    /* allocate space for the token */
-   tlen = g_token_size(gss_mech_krb5, ap_req.length);
+   tlen = g_token_size((gss_OID) gss_mech_krb5, ap_req.length);
 
    if ((t = (unsigned char *) xmalloc(tlen)) == NULL) {
       krb5_auth_con_free(context, *auth_context);
@@ -132,7 +132,7 @@ make_ap_req(context, auth_context, cred, server, endtime, chan_bindings,
 
    ptr = t;
 
-   g_make_token_header(gss_mech_krb5, ap_req.length,
+   g_make_token_header((gss_OID) gss_mech_krb5, ap_req.length,
                       &ptr, KG_TOK_CTX_AP_REQ);
 
    TWRITE_STR(ptr, (unsigned char *) ap_req.data, ap_req.length);
@@ -158,14 +158,14 @@ krb5_gss_init_sec_context(context, minor_status, claimant_cred_handle,
     gss_cred_id_t claimant_cred_handle;
     gss_ctx_id_t *context_handle;
     gss_name_t target_name;
-    const_gss_OID mech_type;
-    int req_flags;
+    gss_OID mech_type;
+    OM_uint32 req_flags;
     OM_uint32 time_req;
     gss_channel_bindings_t input_chan_bindings;
     gss_buffer_t input_token;
     gss_OID *actual_mech_type;
     gss_buffer_t output_token;
-    int *ret_flags;
+    OM_uint32 *ret_flags;
     OM_uint32 *time_rec;
 {
     krb5_gss_cred_id_t           cred;
@@ -402,7 +402,7 @@ krb5_gss_init_sec_context(context, minor_status, claimant_cred_handle,
 
       ptr = (unsigned char *) input_token->value;
 
-      if (! g_verify_token_header(gss_mech_krb5, &(ap_rep.length),
+      if (! g_verify_token_header((gss_OID) gss_mech_krb5, &(ap_rep.length),
                                  &ptr, KG_TOK_CTX_AP_REP,
                                  input_token->length)) {
         *minor_status = 0;

diff --git a/src/lib/gssapi/krb5/inq_context.c b/src/lib/gssapi/krb5/inq_context.c
index 371f3cbe7e34186306fc6fedf3c9dd6bc1262f09..ac54a423bd962aa59c0e91641c8aa2af84eee83c 100644 (file)
--- a/src/lib/gssapi/krb5/inq_context.c
+++ b/src/lib/gssapi/krb5/inq_context.c
@@ -25,7 +25,7 @@
 OM_uint32
 krb5_gss_inquire_context(context, minor_status, context_handle, initiator_name, 
                         acceptor_name, lifetime_rec, mech_type, ret_flags,
-                        locally_initiated)
+                        locally_initiated, open)
      krb5_context context;
      OM_uint32 *minor_status;
      gss_ctx_id_t context_handle;
@@ -33,8 +33,9 @@ krb5_gss_inquire_context(context, minor_status, context_handle, initiator_name,
      gss_name_t *acceptor_name;
      OM_uint32 *lifetime_rec;
      gss_OID *mech_type;
-     int *ret_flags;
+     OM_uint32 *ret_flags;
      int *locally_initiated;
+     int *open;
 {
    krb5_error_code code;
    krb5_gss_ctx_id_rec *ctx;
@@ -43,9 +44,9 @@ krb5_gss_inquire_context(context, minor_status, context_handle, initiator_name,
    krb5_deltat lifetime;
 
    if (initiator_name)
-      *initiator_name = GSS_C_NO_NAME;
+      *initiator_name = (gss_name_t) NULL;
    if (acceptor_name)
-      *acceptor_name = GSS_C_NO_NAME;
+      *acceptor_name = (gss_name_t) NULL;
 
    /* validate the context handle */
    if (! kg_validate_ctx_id(context_handle)) {
@@ -122,6 +123,9 @@ krb5_gss_inquire_context(context, minor_status, context_handle, initiator_name,
    if (locally_initiated)
       *locally_initiated = ctx->initiate;
 
+   if (open)
+      *open = ctx->established;
+
    *minor_status = 0;
    return((lifetime == 0)?GSS_S_CONTEXT_EXPIRED:GSS_S_COMPLETE);
 }

diff --git a/src/lib/gssapi/krb5/inq_cred.c b/src/lib/gssapi/krb5/inq_cred.c
index 9fa00b54aa4f1832299ab5054db20d08cc211700..e564675079b6ad13d8c3d74d4e05390771083839 100644 (file)
--- a/src/lib/gssapi/krb5/inq_cred.c
+++ b/src/lib/gssapi/krb5/inq_cred.c
@@ -30,7 +30,7 @@ krb5_gss_inquire_cred(context, minor_status, cred_handle, name, lifetime_ret,
      gss_cred_id_t cred_handle;
      gss_name_t *name;
      OM_uint32 *lifetime_ret;
-     int *cred_usage;
+     gss_cred_usage_t *cred_usage;
      gss_OID_set *mechanisms;
 {
    krb5_gss_cred_id_t cred;
@@ -109,3 +109,54 @@ krb5_gss_inquire_cred(context, minor_status, cred_handle, name, lifetime_ret,
    *minor_status = 0;
    return((lifetime == 0)?GSS_S_CREDENTIALS_EXPIRED:GSS_S_COMPLETE);
 }
+
+/* V2 interface */
+OM_uint32
+krb5_gss_inquire_cred_by_mech(context, minor_status, cred_handle,
+                             mech_type, name, initiator_lifetime,
+                             acceptor_lifetime, cred_usage)
+    krb5_context       context;
+    OM_uint32          *minor_status;
+    gss_cred_id_t      cred_handle;
+    gss_OID            mech_type;
+    gss_name_t         *name;
+    OM_uint32          *initiator_lifetime;
+    OM_uint32          *acceptor_lifetime;
+    gss_cred_usage_t *cred_usage;
+{
+    krb5_gss_cred_id_t cred;
+    OM_uint32          lifetime;
+    OM_uint32          mstat;
+
+    /*
+     * We only know how to handle our own creds.
+     */
+    if ((mech_type != GSS_C_NULL_OID) &&
+       !g_OID_equal(gss_mech_krb5, mech_type)) {
+       *minor_status = 0;
+       return(GSS_S_NO_CRED);
+    }
+
+    cred = (krb5_gss_cred_id_t) cred_handle;
+    mstat = krb5_gss_inquire_cred(context,
+                                 minor_status,
+                                 cred_handle,
+                                 name,
+                                 &lifetime,
+                                 cred_usage,
+                                 (gss_OID_set *) NULL);
+    if (mstat == GSS_S_COMPLETE) {
+       if (cred &&
+           ((cred->usage == GSS_C_INITIATE) ||
+            (cred->usage == GSS_C_BOTH)) &&
+           initiator_lifetime)
+           *initiator_lifetime = lifetime;
+       if (cred &&
+           ((cred->usage == GSS_C_ACCEPT) ||
+            (cred->usage == GSS_C_BOTH)) &&
+           acceptor_lifetime)
+           *acceptor_lifetime = lifetime;
+    }
+    return(mstat);
+}
+

diff --git a/src/lib/gssapi/krb5/inq_names.c b/src/lib/gssapi/krb5/inq_names.c
new file mode 100644 (file)
index 0000000..7c5ffd3
--- /dev/null
+++ b/src/lib/gssapi/krb5/inq_names.c
@@ -0,0 +1,87 @@
+/*
+ * lib/gssapi/krb5/inq_names.c
+ *
+ * Copyright 1995 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ */
+
+/*
+ * inq_names.c - Return set of nametypes supported by the KRB5 mechanism.
+ */
+#include "gssapiP_krb5.h"
+
+OM_uint32
+krb5_gss_inquire_names_for_mech(minor_status, mechanism, name_types)
+    OM_uint32  *minor_status;
+    gss_OID    mechanism;
+    gss_OID_set        *name_types;
+{
+    OM_uint32  major, minor;
+
+    /*
+     * We only know how to handle our own mechanism.
+     */
+    if ((mechanism != GSS_C_NULL_OID) &&
+       !g_OID_equal(gss_mech_krb5, mechanism)) {
+       *minor_status = 0;
+       return(GSS_S_FAILURE);
+    }
+
+    /* We're okay.  Create an empty OID set */
+    major = gss_create_empty_oid_set(minor_status, name_types);
+    if (major == GSS_S_COMPLETE) {
+       /* Now add our members. */
+       if (
+           ((major = gss_add_oid_set_member(minor_status,
+                                            (gss_OID) gss_nt_user_name,
+                                            name_types)
+             ) == GSS_S_COMPLETE) &&
+           ((major = gss_add_oid_set_member(minor_status,
+                                            (gss_OID) gss_nt_machine_uid_name,
+                                            name_types)
+             ) == GSS_S_COMPLETE) &&
+           ((major = gss_add_oid_set_member(minor_status,
+                                            (gss_OID) gss_nt_string_uid_name,
+                                            name_types)
+             ) == GSS_S_COMPLETE) &&
+           ((major = gss_add_oid_set_member(minor_status,
+                                            (gss_OID) gss_nt_service_name,
+                                            name_types)
+             ) == GSS_S_COMPLETE) &&
+           ((major = gss_add_oid_set_member(minor_status,
+                                            (gss_OID) gss_nt_krb5_name,
+                                            name_types)
+             ) == GSS_S_COMPLETE)
+           ) {
+           major = gss_add_oid_set_member(minor_status,
+                                          (gss_OID) gss_nt_krb5_principal,
+                                          name_types);
+       }
+
+       /*
+        * If we choked, then release the set, but don't overwrite the minor
+        * status with the release call.
+        */
+       if (major != GSS_S_COMPLETE)
+           (void) gss_release_oid_set(&minor,
+                                      name_types);
+    }
+    return(major);
+}

diff --git a/src/lib/gssapi/krb5/k5seal.c b/src/lib/gssapi/krb5/k5seal.c
index 17d93b2513689ead8d6388341bc7f767e1e47310..38770173e261e28b2c962f43717f143663e8b3e5 100644 (file)
--- a/src/lib/gssapi/krb5/k5seal.c
+++ b/src/lib/gssapi/krb5/k5seal.c
@@ -45,7 +45,7 @@ make_seal_token(context, enc_ed, seq_ed, seqnum, direction, text, token,
 
    /* create the token buffer */
 
-   if (toktype == KG_TOK_SEAL_MSG) {
+   if ((toktype == KG_TOK_SEAL_MSG) || (toktype == KG_TOK_WRAP_MSG)) {
       if (bigend && !encrypt)
         tmsglen = text->length;
       else
@@ -54,7 +54,7 @@ make_seal_token(context, enc_ed, seq_ed, seqnum, direction, text, token,
       tmsglen = 0;
    }
 
-   tlen = g_token_size(gss_mech_krb5, 22+tmsglen);
+   tlen = g_token_size((gss_OID) gss_mech_krb5, 22+tmsglen);
 
    if ((t = (unsigned char *) xmalloc(tlen)) == NULL)
       return(ENOMEM);
@@ -63,7 +63,7 @@ make_seal_token(context, enc_ed, seq_ed, seqnum, direction, text, token,
 
    ptr = t;
 
-   g_make_token_header(gss_mech_krb5, 22+tmsglen, &ptr, toktype);
+   g_make_token_header((gss_OID) gss_mech_krb5, 22+tmsglen, &ptr, toktype);
 
    /* for now, only generate DES integrity */
 
@@ -72,7 +72,8 @@ make_seal_token(context, enc_ed, seq_ed, seqnum, direction, text, token,
 
    /* SEAL_ALG, or filler */
 
-   if ((toktype == KG_TOK_SEAL_MSG) && encrypt) {
+   if (((toktype == KG_TOK_SEAL_MSG) ||
+       (toktype == KG_TOK_WRAP_MSG)) && encrypt) {
       ptr[2] = 0;
       ptr[3] = 0;
    } else {
@@ -87,7 +88,7 @@ make_seal_token(context, enc_ed, seq_ed, seqnum, direction, text, token,
 
    /* pad the plaintext, encrypt if needed, and stick it in the token */
 
-   if (toktype == KG_TOK_SEAL_MSG) {
+   if ((toktype == KG_TOK_SEAL_MSG) || (toktype == KG_TOK_WRAP_MSG)) {
       unsigned char *plain;
       unsigned char pad;
 
@@ -230,9 +231,55 @@ kg_seal(minor_status, context_handle, conf_req_flag, qop_req,
       return(GSS_S_FAILURE);
    }
 
-   if ((toktype == KG_TOK_SEAL_MSG) && conf_state)
+   if (((toktype == KG_TOK_SEAL_MSG) ||
+       (toktype == KG_TOK_WRAP_MSG)) && conf_state) {
       *conf_state = conf_req_flag;
+   }
 
    *minor_status = 0;
    return((ctx->endtime < now)?GSS_S_CONTEXT_EXPIRED:GSS_S_COMPLETE);
 }
+
+OM_uint32
+kg_seal_size(minor_status, context_handle, conf_req_flag, qop_req, 
+            output_size, input_size)
+    OM_uint32          *minor_status;
+    gss_ctx_id_t       context_handle;
+    int                        conf_req_flag;
+    gss_qop_t          qop_req;
+    OM_uint32          output_size;
+    OM_uint32          *input_size;
+{
+    krb5_gss_ctx_id_rec        *ctx;
+    krb5_error_code    code;
+    OM_uint32          cfsize;
+    OM_uint32          ohlen;
+
+    /* only default qop is allowed */
+    if (qop_req != GSS_C_QOP_DEFAULT) {
+       *minor_status = (OM_uint32) G_UNKNOWN_QOP;
+       return(GSS_S_FAILURE);
+    }
+    
+    /* validate the context handle */
+    if (! kg_validate_ctx_id(context_handle)) {
+       *minor_status = (OM_uint32) G_VALIDATE_FAILED;
+       return(GSS_S_NO_CONTEXT);
+    }
+    
+    ctx = (krb5_gss_ctx_id_rec *) context_handle;
+    if (! ctx->established) {
+       *minor_status = KG_CTX_INCOMPLETE;
+       return(GSS_S_NO_CONTEXT);
+    }
+
+    /* Calculate the token size and subtract that from the output size */
+    cfsize = (conf_req_flag) ? kg_confounder_size(&ctx->enc) : 0;
+    ohlen = g_token_size((gss_OID) gss_mech_krb5, cfsize + 22);
+
+    /* Cannot have trailer length that will cause us to pad over our length */
+    *input_size = (output_size - ohlen) & (~7);
+    *minor_status = 0;
+    return(GSS_S_COMPLETE);
+}
+

diff --git a/src/lib/gssapi/krb5/k5unseal.c b/src/lib/gssapi/krb5/k5unseal.c
index 40fe9eed10747dedce06202acddc0a517ca62931..a50c4cb21ef10fdaf141ae71da51bdd164857f14 100644 (file)
--- a/src/lib/gssapi/krb5/k5unseal.c
+++ b/src/lib/gssapi/krb5/k5unseal.c
@@ -54,7 +54,7 @@ kg_unseal(minor_status, context_handle, input_token_buffer, message_buffer,
    unsigned char *plain;
    int plainlen;
 
-   if (toktype == KG_TOK_SEAL_MSG) {
+   if ((toktype == KG_TOK_SEAL_MSG) || (toktype == KG_TOK_WRAP_MSG)) {
       message_buffer->length = 0;
       message_buffer->value = NULL;
    }
@@ -78,13 +78,13 @@ kg_unseal(minor_status, context_handle, input_token_buffer, message_buffer,
 
    ptr = (unsigned char *) input_token_buffer->value;
 
-   if (! g_verify_token_header(gss_mech_krb5, &bodysize,
+   if (! g_verify_token_header((gss_OID) gss_mech_krb5, &bodysize,
                               &ptr, toktype, input_token_buffer->length)) {
       *minor_status = 0;
       return(GSS_S_DEFECTIVE_TOKEN);
    }
 
-   if (toktype == KG_TOK_SEAL_MSG)
+   if ((toktype == KG_TOK_SEAL_MSG) || (toktype == KG_TOK_WRAP_MSG))
       tmsglen = bodysize-22;
 
    /* get the sign and seal algorithms */
@@ -93,8 +93,10 @@ kg_unseal(minor_status, context_handle, input_token_buffer, message_buffer,
    sealalg = ptr[2] + (ptr[3]<<8);
 
    if (((signalg != 0) && (signalg != 1)) ||
-       ((toktype != KG_TOK_SEAL_MSG) && (sealalg != 0xffff)) ||
-       ((toktype == KG_TOK_SEAL_MSG) && 
+       (((toktype != KG_TOK_SEAL_MSG) &&
+        (toktype != KG_TOK_WRAP_MSG)) && (sealalg != 0xffff)) ||
+       (((toktype == KG_TOK_SEAL_MSG) ||
+        (toktype == KG_TOK_WRAP_MSG)) && 
        ((sealalg != 0xffff) && (sealalg != 0))) ||
        (ptr[4] != 0xff) ||
        (ptr[5] != 0xff)) {
@@ -106,7 +108,7 @@ kg_unseal(minor_status, context_handle, input_token_buffer, message_buffer,
 
    /* decode the message, if SEAL */
 
-   if (toktype == KG_TOK_SEAL_MSG) {
+   if ((toktype == KG_TOK_SEAL_MSG) || (toktype == KG_TOK_WRAP_MSG)) {
       if (sealalg == 0) {
         if ((plain = (unsigned char *) xmalloc(tmsglen)) == NULL) {
            *minor_status = ENOMEM;
@@ -142,7 +144,7 @@ kg_unseal(minor_status, context_handle, input_token_buffer, message_buffer,
         else
            memcpy(token.value, plain+8, token.length);
       }
-   } else if (toktype == KG_TOK_SIGN_MSG) {
+   } else if ((toktype == KG_TOK_SIGN_MSG) || (toktype == KG_TOK_MIC_MSG)) {
       token = *message_buffer;
       plain = token.value;
       plainlen = token.length;
@@ -176,7 +178,7 @@ kg_unseal(minor_status, context_handle, input_token_buffer, message_buffer,
                                         16, ctx->seq.key->contents, 
                                         ctx->seq.key->length,
                                         &desmac)) {
-        if (toktype == KG_TOK_SEAL_MSG)
+        if ((toktype == KG_TOK_SEAL_MSG) || (toktype == KG_TOK_WRAP_MSG))
            xfree(token.value);
         *minor_status = code;
         return(GSS_S_FAILURE);
@@ -188,7 +190,7 @@ kg_unseal(minor_status, context_handle, input_token_buffer, message_buffer,
         if (code = kg_make_seed(ctx->subkey, ctx->seed)) {
            if (sealalg == 0)
               xfree(plain);
-           if (toktype == KG_TOK_SEAL_MSG)
+           if ((toktype == KG_TOK_SEAL_MSG) || (toktype == KG_TOK_WRAP_MSG))
               xfree(token.value);
            *minor_status = code;
            return(GSS_S_FAILURE);
@@ -216,7 +218,7 @@ kg_unseal(minor_status, context_handle, input_token_buffer, message_buffer,
    if (memcmp(cksum, ptr+14, 8) != 0) {
       if (signalg == 0)
         xfree(desmac.contents);
-      if (toktype == KG_TOK_SEAL_MSG)
+      if ((toktype == KG_TOK_SEAL_MSG) || (toktype == KG_TOK_WRAP_MSG))
         xfree(token.value);
       *minor_status = 0;
       return(GSS_S_BAD_SIG);
@@ -229,7 +231,7 @@ kg_unseal(minor_status, context_handle, input_token_buffer, message_buffer,
    
    /* it got through unscathed.  Make sure the context is unexpired */
 
-   if (toktype == KG_TOK_SEAL_MSG)
+   if ((toktype == KG_TOK_SEAL_MSG) || (toktype = KG_TOK_WRAP_MSG))
       *message_buffer = token;
 
    if (conf_state)

diff --git a/src/lib/gssapi/krb5/krb5_gss_glue.c b/src/lib/gssapi/krb5/krb5_gss_glue.c
index abb57131f7ec066880585e9b791a6a50dfd35974..f6271afa759a405d3f7cf3eae882c41493bd0a56 100644 (file)
--- a/src/lib/gssapi/krb5/krb5_gss_glue.c
+++ b/src/lib/gssapi/krb5/krb5_gss_glue.c
@@ -34,7 +34,7 @@ gss_accept_sec_context(minor_status, context_handle, verifier_cred_handle,
      gss_name_t *src_name;
      gss_OID *mech_type;
      gss_buffer_t output_token;
-     int *ret_flags;
+     OM_uint32 *ret_flags;
      OM_uint32 *time_rec;
      gss_cred_id_t *delegated_cred_handle;
 {
@@ -71,7 +71,7 @@ gss_acquire_cred(minor_status, desired_name, time_req, desired_mechs,
      gss_name_t desired_name;
      OM_uint32 time_req;
      gss_OID_set desired_mechs;
-     int cred_usage;
+     gss_cred_usage_t cred_usage;
      gss_cred_id_t *output_cred_handle;
      gss_OID_set *actual_mechs;
      OM_uint32 *time_rec;
@@ -89,6 +89,45 @@ gss_acquire_cred(minor_status, desired_name, time_req, desired_mechs,
                                time_rec));
 }
 
+/* V2 */
+OM_uint32 INTERFACE
+gss_add_cred(minor_status, input_cred_handle, desired_name, desired_mech,
+            cred_usage, initiator_time_req, acceptor_time_req,
+            output_cred_handle, actual_mechs, initiator_time_rec,
+            acceptor_time_rec)
+    OM_uint32          *minor_status;
+    gss_cred_id_t      input_cred_handle;
+    gss_name_t         desired_name;
+    gss_OID            desired_mech;
+    gss_cred_usage_t   cred_usage;
+    OM_uint32          initiator_time_req;
+    OM_uint32          acceptor_time_req;
+    gss_cred_id_t      *output_cred_handle;
+    gss_OID_set                *actual_mechs;
+    OM_uint32          *initiator_time_rec;
+    OM_uint32          *acceptor_time_rec;
+{
+   if (!kg_context && kg_get_context())
+       return GSS_S_FAILURE;
+
+    return(krb5_gss_add_cred(kg_context,
+                            minor_status, input_cred_handle, desired_name,
+                            desired_mech, cred_usage, initiator_time_req,
+                            acceptor_time_req, output_cred_handle,
+                            actual_mechs, initiator_time_rec,
+                            acceptor_time_rec));
+}
+
+/* V2 */
+OM_uint32 INTERFACE
+gss_add_oid_set_member(minor_status, member_oid, oid_set)
+    OM_uint32  *minor_status;
+    gss_OID    member_oid;
+    gss_OID_set        *oid_set;
+{
+    return(generic_gss_add_oid_set_member(minor_status, member_oid, oid_set));
+}
+
 OM_uint32 INTERFACE
 gss_compare_name(minor_status, name1, name2, name_equal)
      OM_uint32 *minor_status;
@@ -123,6 +162,15 @@ gss_context_time(minor_status, context_handle, time_rec)
                                time_rec));
 }
 
+/* V2 */
+OM_uint32 INTERFACE
+gss_create_empty_oid_set(minor_status, oid_set)
+    OM_uint32  *minor_status;
+    gss_OID_set        *oid_set;
+{
+    return(generic_gss_create_empty_oid_set(minor_status, oid_set));
+}
+
 OM_uint32 INTERFACE
 gss_delete_sec_context(minor_status, context_handle, output_token)
      OM_uint32 *minor_status;
@@ -163,8 +211,8 @@ gss_display_status(minor_status, status_value, status_type,
      OM_uint32 *minor_status;
      OM_uint32 status_value;
      int status_type;
-     const_gss_OID mech_type;
-     int *message_context;
+     gss_OID mech_type;
+     OM_uint32 *message_context;
      gss_buffer_t status_string;
 {
    if (!kg_context && kg_get_context())
@@ -175,6 +223,7 @@ gss_display_status(minor_status, status_value, status_type,
                                  status_string));
 }
 
+/* V2 */
 OM_uint32 INTERFACE
 gss_export_sec_context(minor_status, context_handle, interprocess_token)
      OM_uint32         *minor_status;
@@ -190,11 +239,27 @@ gss_export_sec_context(minor_status, context_handle, interprocess_token)
                                      interprocess_token));
 }
 
+/* V2 */
+OM_uint32 INTERFACE
+gss_get_mic(minor_status, context_handle, qop_req,
+           message_buffer, message_token)
+     OM_uint32         *minor_status;
+     gss_ctx_id_t      context_handle;
+     gss_qop_t         qop_req;
+     gss_buffer_t      message_buffer;
+     gss_buffer_t      message_token;
+{
+    if (!kg_context && kg_get_context())
+       return GSS_S_FAILURE;
+    return(krb5_gss_get_mic(kg_context, minor_status, context_handle,
+                           qop_req, message_buffer, message_token));
+}
+
 OM_uint32 INTERFACE
 gss_import_name(minor_status, input_name_buffer, input_name_type, output_name)
      OM_uint32 *minor_status;
      gss_buffer_t input_name_buffer;
-     const_gss_OID input_name_type;
+     gss_OID input_name_type;
      gss_name_t *output_name;
 {
    if (!kg_context && kg_get_context())
@@ -204,6 +269,7 @@ gss_import_name(minor_status, input_name_buffer, input_name_type, output_name)
                               input_name_type, output_name));
 }
 
+/* V2 */
 OM_uint32 INTERFACE
 gss_import_sec_context(minor_status, interprocess_token, context_handle)
      OM_uint32         *minor_status;
@@ -239,14 +305,14 @@ gss_init_sec_context(minor_status, claimant_cred_handle, context_handle,
      gss_cred_id_t claimant_cred_handle;
      gss_ctx_id_t *context_handle;
      gss_name_t target_name;
-     const_gss_OID mech_type;
-     int req_flags;
+     gss_OID mech_type;
+     OM_uint32 req_flags;
      OM_uint32 time_req;
      gss_channel_bindings_t input_chan_bindings;
      gss_buffer_t input_token;
      gss_OID *actual_mech_type;
      gss_buffer_t output_token;
-     int *ret_flags;
+     OM_uint32 *ret_flags;
      OM_uint32 *time_rec;
 {
    if (!kg_context && kg_get_context())
@@ -263,15 +329,16 @@ gss_init_sec_context(minor_status, claimant_cred_handle, context_handle,
 OM_uint32 INTERFACE
 gss_inquire_context(minor_status, context_handle, initiator_name, acceptor_name,
                    lifetime_rec, mech_type, ret_flags,
-                   locally_initiated)
+                   locally_initiated, open)
      OM_uint32 *minor_status;
      gss_ctx_id_t context_handle;
      gss_name_t *initiator_name;
      gss_name_t *acceptor_name;
      OM_uint32 *lifetime_rec;
      gss_OID *mech_type;
-     int *ret_flags;
+     OM_uint32 *ret_flags;
      int *locally_initiated;
+     int *open;
 {
    krb5_gss_ctx_id_t * ctx;
 
@@ -285,7 +352,8 @@ gss_inquire_context(minor_status, context_handle, initiator_name, acceptor_name,
 
    return(krb5_gss_inquire_context(ctx->context, minor_status, context_handle,
                                   initiator_name, acceptor_name, lifetime_rec,
-                                  mech_type, ret_flags, locally_initiated));
+                                  mech_type, ret_flags, locally_initiated,
+                                  open));
 }
 
 OM_uint32 INTERFACE
@@ -295,7 +363,7 @@ gss_inquire_cred(minor_status, cred_handle, name, lifetime_ret,
      gss_cred_id_t cred_handle;
      gss_name_t *name;
      OM_uint32 *lifetime_ret;
-     int *cred_usage;
+     gss_cred_usage_t *cred_usage;
      gss_OID_set *mechanisms;
 {
    if (!kg_context && kg_get_context())
@@ -305,6 +373,48 @@ gss_inquire_cred(minor_status, cred_handle, name, lifetime_ret,
                                name, lifetime_ret, cred_usage, mechanisms));
 }
 
+/* V2 */
+OM_uint32 INTERFACE
+gss_inquire_cred_by_mech(minor_status, cred_handle, mech_type, name,
+                        initiator_lifetime, acceptor_lifetime, cred_usage)
+     OM_uint32         *minor_status;
+     gss_cred_id_t     cred_handle;
+     gss_OID           mech_type;
+     gss_name_t                *name;
+     OM_uint32         *initiator_lifetime;
+     OM_uint32         *acceptor_lifetime;
+     gss_cred_usage_t  *cred_usage;
+{
+   if (!kg_context && kg_get_context())
+          return GSS_S_FAILURE;
+   
+   return(krb5_gss_inquire_cred_by_mech(kg_context, minor_status, cred_handle,
+                                       mech_type, name, initiator_lifetime,
+                                       acceptor_lifetime, cred_usage));
+}
+
+/* V2 */
+OM_uint32 INTERFACE
+gss_inquire_names_for_mech(minor_status, mechanism, name_types)
+    OM_uint32  *minor_status;
+    gss_OID    mechanism;
+    gss_OID_set        *name_types;
+{
+    return(krb5_gss_inquire_names_for_mech(minor_status,
+                                          mechanism,
+                                          name_types));
+}
+
+/* V2 */
+OM_uint32 INTERFACE
+gss_oid_to_str(minor_status, oid, oid_str)
+    OM_uint32          *minor_status;
+    gss_OID            oid;
+    gss_buffer_t       oid_str;
+{
+    return(generic_gss_oid_to_str(minor_status, oid, oid_str));
+}
+
 OM_uint32 INTERFACE
 gss_process_context_token(minor_status, context_handle, token_buffer)
      OM_uint32 *minor_status;
@@ -356,6 +466,15 @@ gss_release_buffer(minor_status, buffer)
                                     buffer));
 }
 
+/* V2 */
+OM_uint32 INTERFACE
+gss_release_oid(minor_status, oid)
+     OM_uint32 *minor_status;
+     gss_OID   *oid;
+{
+    return(krb5_gss_release_oid(minor_status, oid));
+}
+
 OM_uint32 INTERFACE
 gss_release_oid_set(minor_status, set)
      OM_uint32* minor_status;
@@ -364,6 +483,7 @@ gss_release_oid_set(minor_status, set)
    return(generic_gss_release_oid_set(minor_status, set));
 }
 
+/* V1 only */
 OM_uint32 INTERFACE
 gss_seal(minor_status, context_handle, conf_req_flag, qop_req,
         input_message_buffer, conf_state, output_message_buffer)
@@ -390,6 +510,7 @@ gss_seal(minor_status, context_handle, conf_req_flag, qop_req,
                        conf_state, output_message_buffer));
 }
 
+/* V1 only */
 OM_uint32 INTERFACE
 gss_sign(minor_status, context_handle, qop_req, message_buffer, message_token)
      OM_uint32 *minor_status;
@@ -412,6 +533,29 @@ gss_sign(minor_status, context_handle, qop_req, message_buffer, message_token)
                        qop_req, message_buffer, message_token));
 }
 
+/* V2 */
+OM_uint32 INTERFACE
+gss_str_to_oid(minor_status, oid_str, oid)
+    OM_uint32          *minor_status;
+    gss_buffer_t       oid_str;
+    gss_OID            *oid;
+{
+    return(generic_gss_str_to_oid(minor_status, oid_str, oid));
+}
+
+/* V2 */
+OM_uint32 INTERFACE
+gss_test_oid_set_member(minor_status, member, set, present)
+    OM_uint32  *minor_status;
+    gss_OID    member;
+    gss_OID_set        set;
+    int                *present;
+{
+    return(generic_gss_test_oid_set_member(minor_status, member, set,
+                                          present));
+}
+
+/* V1 only */
 OM_uint32 INTERFACE
 gss_unseal(minor_status, context_handle, input_message_buffer,
           output_message_buffer, conf_state, qop_state)
@@ -437,6 +581,25 @@ gss_unseal(minor_status, context_handle, input_message_buffer,
                          conf_state, qop_state));
 }
 
+/* V2 */
+OM_uint32 INTERFACE
+gss_unwrap(minor_status, context_handle, input_message_buffer, 
+          output_message_buffer, conf_state, qop_state)
+    OM_uint32          *minor_status;
+    gss_ctx_id_t       context_handle;
+    gss_buffer_t       input_message_buffer;
+    gss_buffer_t       output_message_buffer;
+    int                        *conf_state;
+    gss_qop_t          *qop_state;
+{
+    if (!kg_context && kg_get_context())
+       return GSS_S_FAILURE;
+    return(krb5_gss_unwrap(kg_context,
+                          minor_status, context_handle, input_message_buffer,
+                          output_message_buffer, conf_state, qop_state));
+}
+
+/* V1 only */
 OM_uint32 INTERFACE
 gss_verify(minor_status, context_handle, message_buffer,
           token_buffer, qop_state)
@@ -459,3 +622,40 @@ gss_verify(minor_status, context_handle, message_buffer,
    return(krb5_gss_verify(ctx->context, minor_status, context_handle,
                          message_buffer, token_buffer, qop_state));
 }
+
+/* V2 */
+OM_uint32 INTERFACE
+gss_verify_mic(minor_status, context_handle,
+              message_buffer, token_buffer, qop_state)
+     OM_uint32         *minor_status;
+     gss_ctx_id_t      context_handle;
+     gss_buffer_t      message_buffer;
+     gss_buffer_t      token_buffer;
+     gss_qop_t         *qop_state;
+{
+    if (!kg_context && kg_get_context())
+       return GSS_S_FAILURE;
+    return(krb5_gss_verify_mic(kg_context, minor_status, context_handle,
+                              message_buffer, token_buffer, qop_state));
+}
+
+/* V2 */
+OM_uint32 INTERFACE
+gss_wrap(minor_status, context_handle, conf_req_flag, qop_req,
+        input_message_buffer, conf_state, output_message_buffer)
+    OM_uint32          *minor_status;
+    gss_ctx_id_t       context_handle;
+    int                        conf_req_flag;
+    gss_qop_t          qop_req;
+    gss_buffer_t       input_message_buffer;
+    int                        *conf_state;
+    gss_buffer_t       output_message_buffer;
+{
+    if (!kg_context && kg_get_context())
+       return GSS_S_FAILURE;
+    return(krb5_gss_wrap(kg_context,
+                        minor_status, context_handle, conf_req_flag, qop_req,
+                        input_message_buffer, conf_state,
+                        output_message_buffer));
+}
+

diff --git a/src/lib/gssapi/krb5/rel_name.c b/src/lib/gssapi/krb5/rel_name.c
index 3e41bf43ec8566c32ab3603cd182a66760b49015..11e62355f9ce96d7c36ecf819e6915797c7d3c37 100644 (file)
--- a/src/lib/gssapi/krb5/rel_name.c
+++ b/src/lib/gssapi/krb5/rel_name.c
@@ -37,7 +37,7 @@ krb5_gss_release_name(context, minor_status, input_name)
 
    krb5_free_principal(context, (krb5_principal) *input_name);
 
-   *input_name = GSS_C_NO_NAME;
+   *input_name = (gss_name_t) NULL;
 
    *minor_status = 0;
    return(GSS_S_COMPLETE);

diff --git a/src/lib/gssapi/krb5/rel_oid.c b/src/lib/gssapi/krb5/rel_oid.c
new file mode 100644 (file)
index 0000000..c311d2f
--- /dev/null
+++ b/src/lib/gssapi/krb5/rel_oid.c
@@ -0,0 +1,55 @@
+/*
+ * lib/gssapi/krb5/rel_oid.c
+ *
+ * Copyright 1995 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ */
+
+/*
+ * rel_oid.c - Release an OID.
+ */
+#include "gssapiP_krb5.h"
+
+OM_uint32
+krb5_gss_release_oid(minor_status, oid)
+    OM_uint32  *minor_status;
+    gss_OID    *oid;
+{
+    /*
+     * The V2 API says the following!
+     *
+     * gss_release_oid[()] will recognize any of the GSSAPI's own OID values,
+     * and will silently ignore attempts to free these OIDs; for other OIDs
+     * it will call the C free() routine for both the OID data and the
+     * descriptor.  This allows applications to freely mix their own heap-
+     * allocated OID values with OIDs returned by GSS-API.
+     */
+    if ((*oid != gss_mech_krb5) &&
+       (*oid != gss_nt_krb5_name) &&
+       (*oid != gss_nt_krb5_principal)) {
+       /* Pawn it off on the generic routine */
+       return(generic_gss_release_oid(minor_status, oid));
+    }
+    else {
+       *oid = GSS_C_NO_OID;
+       *minor_status = 0;
+       return(GSS_S_COMPLETE);
+    }
+}

diff --git a/src/lib/gssapi/krb5/seal.c b/src/lib/gssapi/krb5/seal.c
index a0e06ebdee179976820351c1f31957b7124fa19b..15e7a8bb1ca2ba3f937f491769c329920969fcec 100644 (file)
--- a/src/lib/gssapi/krb5/seal.c
+++ b/src/lib/gssapi/krb5/seal.c
@@ -39,3 +39,39 @@ krb5_gss_seal(context, minor_status, context_handle, conf_req_flag,
                  qop_req, input_message_buffer, conf_state,
                  output_message_buffer, KG_TOK_SEAL_MSG));
 }
+
+/* V2 interface */
+OM_uint32
+krb5_gss_wrap(context, minor_status, context_handle, conf_req_flag,
+             qop_req, input_message_buffer, conf_state,
+             output_message_buffer)
+    krb5_context       context;
+    OM_uint32          *minor_status;
+    gss_ctx_id_t       context_handle;
+    int                        conf_req_flag;
+    gss_qop_t          qop_req;
+    gss_buffer_t       input_message_buffer;
+    int                        *conf_state;
+    gss_buffer_t       output_message_buffer;
+{
+    return(kg_seal(minor_status, context_handle, conf_req_flag,
+                  qop_req, input_message_buffer, conf_state,
+                  output_message_buffer, KG_TOK_WRAP_MSG));
+}
+
+/* V2 interface */
+OM_uint32
+krb5_gss_wrap_size_limit(context, minor_status, context_handle, conf_req_flag,
+                        qop_req, req_output_size, max_input_size)
+    krb5_context       context;
+    OM_uint32          *minor_status;
+    gss_ctx_id_t       context_handle;
+    int                        conf_req_flag;
+    gss_qop_t          qop_req;
+    OM_uint32          req_output_size;
+    OM_uint32          *max_input_size;
+{
+    /* XXX - should just put this in k5seal.c */
+    return(kg_seal_size(minor_status, context_handle, conf_req_flag,
+                       qop_req, req_output_size, max_input_size));
+}

diff --git a/src/lib/gssapi/krb5/sign.c b/src/lib/gssapi/krb5/sign.c
index bafc0837d2f0e4c2f3a6f37c91220a4c8fa07f86..3f8b436192f815cfac2e5291bb0f5c249f86f7b5 100644 (file)
--- a/src/lib/gssapi/krb5/sign.c
+++ b/src/lib/gssapi/krb5/sign.c
@@ -37,3 +37,19 @@ krb5_gss_sign(context, minor_status, context_handle,
                  qop_req, message_buffer, NULL,
                  message_token, KG_TOK_SIGN_MSG));
 }
+
+/* V2 interface */
+OM_uint32
+krb5_gss_get_mic(context, minor_status, context_handle, qop_req,
+                message_buffer, message_token)
+    krb5_context       context;
+    OM_uint32          *minor_status;
+    gss_ctx_id_t       context_handle;
+    gss_qop_t          qop_req;
+    gss_buffer_t       message_buffer;
+    gss_buffer_t       message_token;
+{
+    return(kg_seal(minor_status, context_handle, 0,
+                  qop_req, message_buffer, NULL,
+                  message_token, KG_TOK_MIC_MSG));
+}

diff --git a/src/lib/gssapi/krb5/unseal.c b/src/lib/gssapi/krb5/unseal.c
index 3449951af32a8ca1a702808e17bb4a18ab040483..7871352d127d7ba7af92bb8242c6ec5e6f004974 100644 (file)
--- a/src/lib/gssapi/krb5/unseal.c
+++ b/src/lib/gssapi/krb5/unseal.c
@@ -38,3 +38,27 @@ krb5_gss_unseal(context, minor_status, context_handle,
                    input_message_buffer, output_message_buffer,
                    conf_state, qop_state, KG_TOK_SEAL_MSG));
 }
+
+/* V2 interface */
+OM_uint32
+krb5_gss_unwrap(context, minor_status, context_handle,
+               input_message_buffer, output_message_buffer,
+               conf_state, qop_state)
+    krb5_context       context;
+    OM_uint32          *minor_status;
+    gss_ctx_id_t       context_handle;
+    gss_buffer_t       input_message_buffer;
+    gss_buffer_t       output_message_buffer;
+    int                        *conf_state;
+    gss_qop_t          *qop_state;
+{
+    OM_uint32          rstat;
+    int                        qstate;
+
+    rstat = kg_unseal(minor_status, context_handle,
+                     input_message_buffer, output_message_buffer,
+                     conf_state, &qstate, KG_TOK_WRAP_MSG);
+    if (!rstat && qop_state)
+       *qop_state = (gss_qop_t) qstate;
+    return(rstat);
+}

diff --git a/src/lib/gssapi/krb5/verify.c b/src/lib/gssapi/krb5/verify.c
index 398b1d771728297968aae169fcf7cda00c3d8834..69fa967b75e3133bb472dc575b0a2f6cb29e76f8 100644 (file)
--- a/src/lib/gssapi/krb5/verify.c
+++ b/src/lib/gssapi/krb5/verify.c
@@ -37,3 +37,26 @@ krb5_gss_verify(context, minor_status, context_handle,
                    token_buffer, message_buffer,
                    NULL, qop_state, KG_TOK_SIGN_MSG));
 }
+
+/* V2 interface */
+OM_uint32
+krb5_gss_verify_mic(context, minor_status, context_handle,
+                   message_buffer, token_buffer,
+                   qop_state)
+    krb5_context       context;
+    OM_uint32          *minor_status;
+    gss_ctx_id_t       context_handle;
+    gss_buffer_t       message_buffer;
+    gss_buffer_t       token_buffer;
+    gss_qop_t          *qop_state;
+{
+    OM_uint32          rstat;
+    int                        qstate;
+
+    rstat = kg_unseal(minor_status, context_handle,
+                     token_buffer, message_buffer,
+                     NULL, &qstate, KG_TOK_MIC_MSG);
+    if (!rstat && qop_state)
+       *qop_state = (gss_qop_t) qstate;
+    return(rstat);
+}