From: Greg Hudson Date: Fri, 1 Apr 2011 19:34:57 +0000 (+0000) Subject: Implement draft-josefsson-gss-capsulate X-Git-Tag: krb5-1.10-alpha1~507 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=339ed212941b7f11bf03d13fafacf2d8df1c4cdc;p=krb5.git Implement draft-josefsson-gss-capsulate Add gss_encapsulate_token(), gss_decapsulate_token(), and gss_oid_equal() APIs, which are already present in Heimdal and Shishi. From r24737, r24738, and r24740 in users/lhoward/moonshot-mechglue-fixes. ticket: 6890 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24780 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/lib/gssapi/generic/gssapi_ext.h b/src/lib/gssapi/generic/gssapi_ext.h index d92bbcff4..4ad0a54f6 100644 --- a/src/lib/gssapi/generic/gssapi_ext.h +++ b/src/lib/gssapi/generic/gssapi_ext.h @@ -383,6 +383,27 @@ OM_uint32 KRB5_CALLCONV gss_release_any_name_mapping gss_any_t * /* input */ ); +/* draft-josefsson-gss-capsulate */ +OM_uint32 KRB5_CALLCONV gss_encapsulate_token +( + const gss_buffer_t, /* input_token */ + const gss_OID, /* token_oid */ + const gss_buffer_t /* output_token */ +); + +OM_uint32 KRB5_CALLCONV gss_decapsulate_token +( + const gss_buffer_t, /* input_token */ + const gss_OID, /* token_oid */ + gss_buffer_t /* output_token */ +); + +int KRB5_CALLCONV gss_oid_equal +( + const gss_OID, /* first_oid */ + const gss_OID /* second_oid */ +); + #ifdef __cplusplus } #endif diff --git a/src/lib/gssapi/libgssapi_krb5.exports b/src/lib/gssapi/libgssapi_krb5.exports index fee99c994..ed509c2ab 100644 --- a/src/lib/gssapi/libgssapi_krb5.exports +++ b/src/lib/gssapi/libgssapi_krb5.exports @@ -48,6 +48,7 @@ gss_complete_auth_token gss_context_time gss_create_empty_buffer_set gss_create_empty_oid_set +gss_decapsulate_token gss_delete_name_attribute gss_delete_sec_context gss_display_mech_attr @@ -55,6 +56,7 @@ gss_display_name gss_display_name_ext gss_display_status gss_duplicate_name +gss_encapsulate_token gss_export_name gss_export_name_composite gss_export_sec_context @@ -102,6 +104,7 @@ gss_nt_service_name gss_nt_service_name_v2 gss_nt_string_uid_name gss_nt_user_name +gss_oid_equal gss_oid_to_str gss_pseudo_random gss_process_context_token diff --git a/src/lib/gssapi/mechglue/Makefile.in b/src/lib/gssapi/mechglue/Makefile.in index 7bb2069da..9eaf9af14 100644 --- a/src/lib/gssapi/mechglue/Makefile.in +++ b/src/lib/gssapi/mechglue/Makefile.in @@ -19,12 +19,14 @@ SRCS = \ $(srcdir)/g_compare_name.c \ $(srcdir)/g_complete_auth_token.c \ $(srcdir)/g_context_time.c \ + $(srcdir)/g_decapsulate_token.c \ $(srcdir)/g_delete_sec_context.c \ $(srcdir)/g_del_name_attr.c \ $(srcdir)/g_dsp_name.c \ $(srcdir)/g_dsp_name_ext.c \ $(srcdir)/g_dsp_status.c \ $(srcdir)/g_dup_name.c \ + $(srcdir)/g_encapsulate_token.c \ $(srcdir)/g_exp_sec_context.c \ $(srcdir)/g_export_name.c \ $(srcdir)/g_export_name_comp.c \ @@ -77,12 +79,14 @@ OBJS = \ $(OUTPRE)g_compare_name.$(OBJEXT) \ $(OUTPRE)g_complete_auth_token.$(OBJEXT) \ $(OUTPRE)g_context_time.$(OBJEXT) \ + $(OUTPRE)g_decapsulate_token.$(OBJEXT) \ $(OUTPRE)g_delete_sec_context.$(OBJEXT) \ $(OUTPRE)g_del_name_attr.$(OBJEXT) \ $(OUTPRE)g_dsp_name.$(OBJEXT) \ $(OUTPRE)g_dsp_name_ext.$(OBJEXT) \ $(OUTPRE)g_dsp_status.$(OBJEXT) \ $(OUTPRE)g_dup_name.$(OBJEXT) \ + $(OUTPRE)g_encapsulate_token.$(OBJEXT) \ $(OUTPRE)g_exp_sec_context.$(OBJEXT) \ $(OUTPRE)g_export_name.$(OBJEXT) \ $(OUTPRE)g_export_name_comp.$(OBJEXT) \ @@ -135,12 +139,14 @@ STLIBOBJS = \ g_compare_name.o \ g_complete_auth_token.o \ g_context_time.o \ + g_decapsulate_token.o \ g_delete_sec_context.o \ g_del_name_attr.o \ g_dsp_name.o \ g_dsp_name_ext.o \ g_dsp_status.o \ g_dup_name.o \ + g_encapsulate_token.o \ g_exp_sec_context.o \ g_export_name.o \ g_export_name_comp.o \ diff --git a/src/lib/gssapi/mechglue/g_decapsulate_token.c b/src/lib/gssapi/mechglue/g_decapsulate_token.c new file mode 100644 index 000000000..a12d8f7ec --- /dev/null +++ b/src/lib/gssapi/mechglue/g_decapsulate_token.c @@ -0,0 +1,66 @@ +/* + * Copyright (c) 2011, PADL Software Pty Ltd. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of PADL Software nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "mglueP.h" + +OM_uint32 +gss_decapsulate_token(const gss_buffer_t input_token, + const gss_OID token_oid, + gss_buffer_t output_token) +{ + OM_uint32 minor; + unsigned int body_size = 0; + unsigned char *buf_in; + + if (input_token == GSS_C_NO_BUFFER || token_oid == GSS_C_NO_OID) + return GSS_S_CALL_INACCESSIBLE_READ; + + if (output_token == GSS_C_NO_BUFFER) + return GSS_S_CALL_INACCESSIBLE_WRITE; + + buf_in = input_token->value; + + minor = g_verify_token_header(token_oid, &body_size, &buf_in, + -1, input_token->length, + G_VFY_TOKEN_HDR_WRAPPER_REQUIRED); + if (minor != 0) + return GSS_S_DEFECTIVE_TOKEN; + + output_token->value = malloc(body_size); + if (output_token->value == NULL) + return GSS_S_FAILURE; + + memcpy(output_token->value, buf_in, body_size); + output_token->length = body_size; + + return GSS_S_COMPLETE; +} diff --git a/src/lib/gssapi/mechglue/g_encapsulate_token.c b/src/lib/gssapi/mechglue/g_encapsulate_token.c new file mode 100644 index 000000000..a60c796e1 --- /dev/null +++ b/src/lib/gssapi/mechglue/g_encapsulate_token.c @@ -0,0 +1,65 @@ +/* + * Copyright (c) 2011, PADL Software Pty Ltd. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of PADL Software nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "mglueP.h" + +OM_uint32 +gss_encapsulate_token(const gss_buffer_t input_token, + const gss_OID token_oid, + gss_buffer_t output_token) +{ + unsigned int tokenSize; + unsigned char *buf; + + if (input_token == GSS_C_NO_BUFFER || token_oid == GSS_C_NO_OID) + return GSS_S_CALL_INACCESSIBLE_READ; + + if (output_token == GSS_C_NO_BUFFER) + return GSS_S_CALL_INACCESSIBLE_WRITE; + + tokenSize = g_token_size(token_oid, input_token->length); + + assert(tokenSize > 2); + tokenSize -= 2; /* TOK_ID */ + + output_token->value = malloc(tokenSize); + if (output_token->value == NULL) + return GSS_S_FAILURE; + + buf = output_token->value; + + g_make_token_header(token_oid, input_token->length, &buf, -1); + memcpy(buf, input_token->value, input_token->length); + output_token->length = tokenSize; + + return GSS_S_COMPLETE; +} diff --git a/src/lib/gssapi/mechglue/g_oid_ops.c b/src/lib/gssapi/mechglue/g_oid_ops.c index 9521d9ade..e7251672b 100644 --- a/src/lib/gssapi/mechglue/g_oid_ops.c +++ b/src/lib/gssapi/mechglue/g_oid_ops.c @@ -102,3 +102,11 @@ gssint_copy_oid_set( { return generic_gss_copy_oid_set(minor_status, oidset, new_oidset); } + +int +gss_oid_equal( + const gss_OID first_oid, + const gss_OID second_oid) +{ + return g_OID_equal(first_oid, second_oid); +}